wolf SSL / wolfSSL

wolfSSL SSL/TLS library, support up to TLS1.3

Dependents:   CyaSSL-Twitter-OAuth4Tw Example-client-tls-cert TwitterReader TweetTest ... more

src/ssl.c@17:a5f916481144, 2020-06-05 (annotated)

Committer:
wolfSSL
Date:
Fri Jun 05 00:11:07 2020 +0000
Revision:
17:a5f916481144
Parent:
16:8e0d178b1d1e 
wolfSSL 4.4.0

Who changed what in which revision?

UserRevisionLine numberNew contents of line
wolfSSL 15:117db924cf7c 1 /* ssl.c
wolfSSL 15:117db924cf7c 2 *
wolfSSL 16:8e0d178b1d1e 3 * Copyright (C) 2006-2020 wolfSSL Inc.
wolfSSL 15:117db924cf7c 4 *
wolfSSL 15:117db924cf7c 5 * This file is part of wolfSSL.
wolfSSL 15:117db924cf7c 6 *
wolfSSL 15:117db924cf7c 7 * wolfSSL is free software; you can redistribute it and/or modify
wolfSSL 15:117db924cf7c 8 * it under the terms of the GNU General Public License as published by
wolfSSL 15:117db924cf7c 9 * the Free Software Foundation; either version 2 of the License, or
wolfSSL 15:117db924cf7c 10 * (at your option) any later version.
wolfSSL 15:117db924cf7c 11 *
wolfSSL 15:117db924cf7c 12 * wolfSSL is distributed in the hope that it will be useful,
wolfSSL 15:117db924cf7c 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
wolfSSL 15:117db924cf7c 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
wolfSSL 15:117db924cf7c 15 * GNU General Public License for more details.
wolfSSL 15:117db924cf7c 16 *
wolfSSL 15:117db924cf7c 17 * You should have received a copy of the GNU General Public License
wolfSSL 15:117db924cf7c 18 * along with this program; if not, write to the Free Software
wolfSSL 15:117db924cf7c 19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
wolfSSL 15:117db924cf7c 20 */
wolfSSL 15:117db924cf7c 21
wolfSSL 15:117db924cf7c 22
wolfSSL 15:117db924cf7c 23 #ifdef HAVE_CONFIG_H
wolfSSL 15:117db924cf7c 24 #include <config.h>
wolfSSL 15:117db924cf7c 25 #endif
wolfSSL 15:117db924cf7c 26
wolfSSL 15:117db924cf7c 27 #include <wolfssl/wolfcrypt/settings.h>
wolfSSL 16:8e0d178b1d1e 28 #if defined(OPENSSL_EXTRA) && !defined(_WIN32)
wolfSSL 16:8e0d178b1d1e 29 /* turn on GNU extensions for XVASPRINTF with wolfSSL_BIO_printf */
wolfSSL 16:8e0d178b1d1e 30 #undef _GNU_SOURCE
wolfSSL 16:8e0d178b1d1e 31 #define _GNU_SOURCE
wolfSSL 16:8e0d178b1d1e 32 #endif
wolfSSL 16:8e0d178b1d1e 33
wolfSSL 16:8e0d178b1d1e 34 #if !defined(WOLFCRYPT_ONLY) || defined(OPENSSL_EXTRA) || \
wolfSSL 16:8e0d178b1d1e 35 defined(OPENSSL_EXTRA_X509_SMALL)
wolfSSL 15:117db924cf7c 36
wolfSSL 15:117db924cf7c 37 #ifdef HAVE_ERRNO_H
wolfSSL 15:117db924cf7c 38 #include <errno.h>
wolfSSL 15:117db924cf7c 39 #endif
wolfSSL 15:117db924cf7c 40
wolfSSL 15:117db924cf7c 41 #include <wolfssl/internal.h>
wolfSSL 15:117db924cf7c 42 #include <wolfssl/error-ssl.h>
wolfSSL 15:117db924cf7c 43 #include <wolfssl/wolfcrypt/coding.h>
wolfSSL 15:117db924cf7c 44 #ifdef NO_INLINE
wolfSSL 15:117db924cf7c 45 #include <wolfssl/wolfcrypt/misc.h>
wolfSSL 15:117db924cf7c 46 #else
wolfSSL 15:117db924cf7c 47 #define WOLFSSL_MISC_INCLUDED
wolfSSL 15:117db924cf7c 48 #include <wolfcrypt/src/misc.c>
wolfSSL 15:117db924cf7c 49 #endif
wolfSSL 15:117db924cf7c 50
wolfSSL 15:117db924cf7c 51
wolfSSL 16:8e0d178b1d1e 52 #if !defined(WOLFSSL_ALLOW_NO_SUITES) && !defined(WOLFCRYPT_ONLY)
wolfSSL 15:117db924cf7c 53 #if defined(NO_DH) && !defined(HAVE_ECC) && !defined(WOLFSSL_STATIC_RSA) \
wolfSSL 15:117db924cf7c 54 && !defined(WOLFSSL_STATIC_DH) && !defined(WOLFSSL_STATIC_PSK) \
wolfSSL 16:8e0d178b1d1e 55 && !defined(HAVE_ED25519) && !defined(HAVE_ED448)
wolfSSL 15:117db924cf7c 56 #error "No cipher suites defined because DH disabled, ECC disabled, and no static suites defined. Please see top of README"
wolfSSL 15:117db924cf7c 57 #endif
wolfSSL 16:8e0d178b1d1e 58 #ifdef WOLFSSL_CERT_GEN
wolfSSL 16:8e0d178b1d1e 59 /* need access to Cert struct for creating certificate */
wolfSSL 16:8e0d178b1d1e 60 #include <wolfssl/wolfcrypt/asn_public.h>
wolfSSL 16:8e0d178b1d1e 61 #endif
wolfSSL 15:117db924cf7c 62 #endif
wolfSSL 15:117db924cf7c 63
wolfSSL 15:117db924cf7c 64 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \
wolfSSL 15:117db924cf7c 65 defined(HAVE_WEBSERVER) || defined(WOLFSSL_KEY_GEN)
wolfSSL 15:117db924cf7c 66 #include <wolfssl/openssl/evp.h>
wolfSSL 15:117db924cf7c 67 /* openssl headers end, wolfssl internal headers next */
wolfSSL 15:117db924cf7c 68 #endif
wolfSSL 15:117db924cf7c 69
wolfSSL 15:117db924cf7c 70 #include <wolfssl/wolfcrypt/wc_encrypt.h>
wolfSSL 15:117db924cf7c 71
wolfSSL 16:8e0d178b1d1e 72 #ifndef NO_RSA
wolfSSL 16:8e0d178b1d1e 73 #include <wolfssl/wolfcrypt/rsa.h>
wolfSSL 16:8e0d178b1d1e 74 #endif
wolfSSL 16:8e0d178b1d1e 75
wolfSSL 15:117db924cf7c 76 #ifdef OPENSSL_EXTRA
wolfSSL 15:117db924cf7c 77 /* openssl headers begin */
wolfSSL 15:117db924cf7c 78 #include <wolfssl/openssl/aes.h>
wolfSSL 15:117db924cf7c 79 #include <wolfssl/openssl/hmac.h>
wolfSSL 15:117db924cf7c 80 #include <wolfssl/openssl/crypto.h>
wolfSSL 15:117db924cf7c 81 #include <wolfssl/openssl/des.h>
wolfSSL 15:117db924cf7c 82 #include <wolfssl/openssl/bn.h>
wolfSSL 15:117db924cf7c 83 #include <wolfssl/openssl/buffer.h>
wolfSSL 15:117db924cf7c 84 #include <wolfssl/openssl/dh.h>
wolfSSL 15:117db924cf7c 85 #include <wolfssl/openssl/rsa.h>
wolfSSL 15:117db924cf7c 86 #include <wolfssl/openssl/pem.h>
wolfSSL 15:117db924cf7c 87 #include <wolfssl/openssl/ec.h>
wolfSSL 15:117db924cf7c 88 #include <wolfssl/openssl/ec25519.h>
wolfSSL 15:117db924cf7c 89 #include <wolfssl/openssl/ed25519.h>
wolfSSL 16:8e0d178b1d1e 90 #include <wolfssl/openssl/ec448.h>
wolfSSL 16:8e0d178b1d1e 91 #include <wolfssl/openssl/ed448.h>
wolfSSL 15:117db924cf7c 92 #include <wolfssl/openssl/ecdsa.h>
wolfSSL 15:117db924cf7c 93 #include <wolfssl/openssl/ecdh.h>
wolfSSL 16:8e0d178b1d1e 94 #include <wolfssl/openssl/err.h>
wolfSSL 16:8e0d178b1d1e 95 #include <wolfssl/openssl/opensslv.h>
wolfSSL 15:117db924cf7c 96 #include <wolfssl/openssl/rc4.h>
wolfSSL 16:8e0d178b1d1e 97 #include <wolfssl/openssl/stack.h>
wolfSSL 16:8e0d178b1d1e 98 #include <wolfssl/openssl/x509v3.h>
wolfSSL 16:8e0d178b1d1e 99 #include <wolfssl/openssl/x509_vfy.h>
wolfSSL 15:117db924cf7c 100 /* openssl headers end, wolfssl internal headers next */
wolfSSL 15:117db924cf7c 101 #include <wolfssl/wolfcrypt/hmac.h>
wolfSSL 15:117db924cf7c 102 #include <wolfssl/wolfcrypt/random.h>
wolfSSL 15:117db924cf7c 103 #include <wolfssl/wolfcrypt/des3.h>
wolfSSL 15:117db924cf7c 104 #include <wolfssl/wolfcrypt/md4.h>
wolfSSL 15:117db924cf7c 105 #include <wolfssl/wolfcrypt/md5.h>
wolfSSL 15:117db924cf7c 106 #include <wolfssl/wolfcrypt/arc4.h>
wolfSSL 15:117db924cf7c 107 #include <wolfssl/wolfcrypt/idea.h>
wolfSSL 15:117db924cf7c 108 #include <wolfssl/wolfcrypt/curve25519.h>
wolfSSL 15:117db924cf7c 109 #include <wolfssl/wolfcrypt/ed25519.h>
wolfSSL 16:8e0d178b1d1e 110 #include <wolfssl/wolfcrypt/curve448.h>
wolfSSL 15:117db924cf7c 111 #if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL)
wolfSSL 15:117db924cf7c 112 #include <wolfssl/openssl/ocsp.h>
wolfSSL 15:117db924cf7c 113 #endif /* WITH_STUNNEL */
wolfSSL 15:117db924cf7c 114 #if defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384)
wolfSSL 15:117db924cf7c 115 #include <wolfssl/wolfcrypt/sha512.h>
wolfSSL 15:117db924cf7c 116 #endif
wolfSSL 15:117db924cf7c 117 #if defined(WOLFCRYPT_HAVE_SRP) && !defined(NO_SHA256) \
wolfSSL 15:117db924cf7c 118 && !defined(WC_NO_RNG)
wolfSSL 15:117db924cf7c 119 #include <wolfssl/wolfcrypt/srp.h>
wolfSSL 16:8e0d178b1d1e 120 #endif
wolfSSL 16:8e0d178b1d1e 121 #if defined(HAVE_FIPS) || defined(HAVE_SELFTEST)
wolfSSL 16:8e0d178b1d1e 122 #include <wolfssl/wolfcrypt/pkcs7.h>
wolfSSL 16:8e0d178b1d1e 123 #endif
wolfSSL 16:8e0d178b1d1e 124 #if defined(OPENSSL_ALL) && defined(HAVE_PKCS7)
wolfSSL 16:8e0d178b1d1e 125 #include <wolfssl/openssl/pkcs7.h>
wolfSSL 16:8e0d178b1d1e 126 #endif /* OPENSSL_ALL && HAVE_PKCS7 */
wolfSSL 16:8e0d178b1d1e 127 #endif
wolfSSL 16:8e0d178b1d1e 128 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
wolfSSL 16:8e0d178b1d1e 129 int SetIndividualInternal(WOLFSSL_BIGNUM* bn, mp_int* mpi);
wolfSSL 16:8e0d178b1d1e 130 int SetIndividualExternal(WOLFSSL_BIGNUM** bn, mp_int* mpi);
wolfSSL 16:8e0d178b1d1e 131 int oid2nid(word32 oid, int grp);
wolfSSL 16:8e0d178b1d1e 132 #endif
wolfSSL 16:8e0d178b1d1e 133
wolfSSL 16:8e0d178b1d1e 134 #if defined(WOLFSSL_QT)
wolfSSL 16:8e0d178b1d1e 135 #include <wolfssl/wolfcrypt/sha.h>
wolfSSL 15:117db924cf7c 136 #endif
wolfSSL 15:117db924cf7c 137
wolfSSL 15:117db924cf7c 138 #ifdef NO_ASN
wolfSSL 15:117db924cf7c 139 #include <wolfssl/wolfcrypt/dh.h>
wolfSSL 15:117db924cf7c 140 #endif
wolfSSL 16:8e0d178b1d1e 141 #endif /* !WOLFCRYPT_ONLY || OPENSSL_EXTRA */
wolfSSL 16:8e0d178b1d1e 142
wolfSSL 16:8e0d178b1d1e 143 #define WOLFSSL_EVP_INCLUDED
wolfSSL 16:8e0d178b1d1e 144 #include "wolfcrypt/src/evp.c"
wolfSSL 16:8e0d178b1d1e 145
wolfSSL 16:8e0d178b1d1e 146 #ifdef OPENSSL_EXTRA
wolfSSL 16:8e0d178b1d1e 147 /* Global pointer to constant BN on */
wolfSSL 16:8e0d178b1d1e 148 static WOLFSSL_BIGNUM* bn_one = NULL;
wolfSSL 16:8e0d178b1d1e 149 #endif
wolfSSL 16:8e0d178b1d1e 150
wolfSSL 16:8e0d178b1d1e 151 #ifndef WOLFCRYPT_ONLY
wolfSSL 16:8e0d178b1d1e 152
wolfSSL 16:8e0d178b1d1e 153 #if defined(OPENSSL_EXTRA) && defined(HAVE_ECC)
wolfSSL 16:8e0d178b1d1e 154 const WOLF_EC_NIST_NAME kNistCurves[] = {
wolfSSL 16:8e0d178b1d1e 155 {XSTR_SIZEOF("P-192"), "P-192", NID_X9_62_prime192v1},
wolfSSL 16:8e0d178b1d1e 156 {XSTR_SIZEOF("P-256"), "P-256", NID_X9_62_prime256v1},
wolfSSL 16:8e0d178b1d1e 157 {XSTR_SIZEOF("P-112"), "P-112", NID_secp112r1},
wolfSSL 16:8e0d178b1d1e 158 {XSTR_SIZEOF("P-112-2"), "P-112-2", NID_secp112r2},
wolfSSL 16:8e0d178b1d1e 159 {XSTR_SIZEOF("P-128"), "P-128", NID_secp128r1},
wolfSSL 16:8e0d178b1d1e 160 {XSTR_SIZEOF("P-128-2"), "P-128-2", NID_secp128r2},
wolfSSL 16:8e0d178b1d1e 161 {XSTR_SIZEOF("P-160"), "P-160", NID_secp160r1},
wolfSSL 16:8e0d178b1d1e 162 {XSTR_SIZEOF("P-160-2"), "P-160-2", NID_secp160r2},
wolfSSL 16:8e0d178b1d1e 163 {XSTR_SIZEOF("P-224"), "P-224", NID_secp224r1},
wolfSSL 16:8e0d178b1d1e 164 {XSTR_SIZEOF("P-384"), "P-384", NID_secp384r1},
wolfSSL 16:8e0d178b1d1e 165 {XSTR_SIZEOF("P-521"), "P-521", NID_secp521r1},
wolfSSL 16:8e0d178b1d1e 166 {XSTR_SIZEOF("K-160"), "K-160", NID_secp160k1},
wolfSSL 16:8e0d178b1d1e 167 {XSTR_SIZEOF("K-192"), "K-192", NID_secp192k1},
wolfSSL 16:8e0d178b1d1e 168 {XSTR_SIZEOF("K-224"), "K-224", NID_secp224k1},
wolfSSL 16:8e0d178b1d1e 169 {XSTR_SIZEOF("K-256"), "K-256", NID_secp256k1},
wolfSSL 16:8e0d178b1d1e 170 {XSTR_SIZEOF("B-160"), "B-160", NID_brainpoolP160r1},
wolfSSL 16:8e0d178b1d1e 171 {XSTR_SIZEOF("B-192"), "B-192", NID_brainpoolP192r1},
wolfSSL 16:8e0d178b1d1e 172 {XSTR_SIZEOF("B-224"), "B-224", NID_brainpoolP224r1},
wolfSSL 16:8e0d178b1d1e 173 {XSTR_SIZEOF("B-256"), "B-256", NID_brainpoolP256r1},
wolfSSL 16:8e0d178b1d1e 174 {XSTR_SIZEOF("B-320"), "B-320", NID_brainpoolP320r1},
wolfSSL 16:8e0d178b1d1e 175 {XSTR_SIZEOF("B-384"), "B-384", NID_brainpoolP384r1},
wolfSSL 16:8e0d178b1d1e 176 {XSTR_SIZEOF("B-512"), "B-512", NID_brainpoolP512r1},
wolfSSL 16:8e0d178b1d1e 177 {0, NULL, 0},
wolfSSL 16:8e0d178b1d1e 178 };
wolfSSL 16:8e0d178b1d1e 179 #endif
wolfSSL 16:8e0d178b1d1e 180
wolfSSL 16:8e0d178b1d1e 181 #if defined(WOLFSSL_RENESAS_TSIP_TLS)
wolfSSL 16:8e0d178b1d1e 182 /* for root ca verification */
wolfSSL 16:8e0d178b1d1e 183 int tsip_tls_RootCertVerify(const byte *cert, word32 cert_len,
wolfSSL 16:8e0d178b1d1e 184 word32 key_n_start, word32 key_n_len,
wolfSSL 16:8e0d178b1d1e 185 word32 key_e_start, word32 key_e_len,
wolfSSL 16:8e0d178b1d1e 186 word32 cm_row);
wolfSSL 16:8e0d178b1d1e 187 byte tsip_rootCAverified( );
wolfSSL 16:8e0d178b1d1e 188 #endif
wolfSSL 15:117db924cf7c 189
wolfSSL 15:117db924cf7c 190 #ifdef WOLFSSL_SESSION_EXPORT
wolfSSL 15:117db924cf7c 191 #ifdef WOLFSSL_DTLS
wolfSSL 15:117db924cf7c 192 int wolfSSL_dtls_import(WOLFSSL* ssl, unsigned char* buf, unsigned int sz)
wolfSSL 15:117db924cf7c 193 {
wolfSSL 15:117db924cf7c 194 WOLFSSL_ENTER("wolfSSL_session_import");
wolfSSL 15:117db924cf7c 195
wolfSSL 15:117db924cf7c 196 if (ssl == NULL || buf == NULL) {
wolfSSL 15:117db924cf7c 197 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 198 }
wolfSSL 15:117db924cf7c 199
wolfSSL 15:117db924cf7c 200 /* sanity checks on buffer and protocol are done in internal function */
wolfSSL 15:117db924cf7c 201 return wolfSSL_dtls_import_internal(ssl, buf, sz);
wolfSSL 15:117db924cf7c 202 }
wolfSSL 15:117db924cf7c 203
wolfSSL 15:117db924cf7c 204
wolfSSL 15:117db924cf7c 205 /* Sets the function to call for serializing the session. This function is
wolfSSL 15:117db924cf7c 206 * called right after the handshake is completed. */
wolfSSL 15:117db924cf7c 207 int wolfSSL_CTX_dtls_set_export(WOLFSSL_CTX* ctx, wc_dtls_export func)
wolfSSL 15:117db924cf7c 208 {
wolfSSL 15:117db924cf7c 209
wolfSSL 15:117db924cf7c 210 WOLFSSL_ENTER("wolfSSL_CTX_dtls_set_export");
wolfSSL 15:117db924cf7c 211
wolfSSL 15:117db924cf7c 212 /* purposefully allow func to be NULL */
wolfSSL 15:117db924cf7c 213 if (ctx == NULL) {
wolfSSL 15:117db924cf7c 214 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 215 }
wolfSSL 15:117db924cf7c 216
wolfSSL 15:117db924cf7c 217 ctx->dtls_export = func;
wolfSSL 15:117db924cf7c 218
wolfSSL 15:117db924cf7c 219 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 220 }
wolfSSL 15:117db924cf7c 221
wolfSSL 15:117db924cf7c 222
wolfSSL 15:117db924cf7c 223 /* Sets the function in WOLFSSL struct to call for serializing the session. This
wolfSSL 15:117db924cf7c 224 * function is called right after the handshake is completed. */
wolfSSL 15:117db924cf7c 225 int wolfSSL_dtls_set_export(WOLFSSL* ssl, wc_dtls_export func)
wolfSSL 15:117db924cf7c 226 {
wolfSSL 15:117db924cf7c 227
wolfSSL 15:117db924cf7c 228 WOLFSSL_ENTER("wolfSSL_dtls_set_export");
wolfSSL 15:117db924cf7c 229
wolfSSL 15:117db924cf7c 230 /* purposefully allow func to be NULL */
wolfSSL 15:117db924cf7c 231 if (ssl == NULL) {
wolfSSL 15:117db924cf7c 232 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 233 }
wolfSSL 15:117db924cf7c 234
wolfSSL 15:117db924cf7c 235 ssl->dtls_export = func;
wolfSSL 15:117db924cf7c 236
wolfSSL 15:117db924cf7c 237 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 238 }
wolfSSL 15:117db924cf7c 239
wolfSSL 15:117db924cf7c 240
wolfSSL 15:117db924cf7c 241 /* This function allows for directly serializing a session rather than using
wolfSSL 15:117db924cf7c 242 * callbacks. It has less overhead by removing a temporary buffer and gives
wolfSSL 15:117db924cf7c 243 * control over when the session gets serialized. When using callbacks the
wolfSSL 16:8e0d178b1d1e 244 * session is always serialized immediately after the handshake is finished.
wolfSSL 15:117db924cf7c 245 *
wolfSSL 15:117db924cf7c 246 * buf is the argument to contain the serialized session
wolfSSL 15:117db924cf7c 247 * sz is the size of the buffer passed in
wolfSSL 15:117db924cf7c 248 * ssl is the WOLFSSL struct to serialize
wolfSSL 15:117db924cf7c 249 * returns the size of serialized session on success, 0 on no action, and
wolfSSL 15:117db924cf7c 250 * negative value on error */
wolfSSL 15:117db924cf7c 251 int wolfSSL_dtls_export(WOLFSSL* ssl, unsigned char* buf, unsigned int* sz)
wolfSSL 15:117db924cf7c 252 {
wolfSSL 15:117db924cf7c 253 WOLFSSL_ENTER("wolfSSL_dtls_export");
wolfSSL 15:117db924cf7c 254
wolfSSL 15:117db924cf7c 255 if (ssl == NULL || sz == NULL) {
wolfSSL 15:117db924cf7c 256 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 257 }
wolfSSL 15:117db924cf7c 258
wolfSSL 15:117db924cf7c 259 if (buf == NULL) {
wolfSSL 15:117db924cf7c 260 *sz = MAX_EXPORT_BUFFER;
wolfSSL 15:117db924cf7c 261 return 0;
wolfSSL 15:117db924cf7c 262 }
wolfSSL 15:117db924cf7c 263
wolfSSL 15:117db924cf7c 264 /* if not DTLS do nothing */
wolfSSL 15:117db924cf7c 265 if (!ssl->options.dtls) {
wolfSSL 15:117db924cf7c 266 WOLFSSL_MSG("Currently only DTLS export is supported");
wolfSSL 15:117db924cf7c 267 return 0;
wolfSSL 15:117db924cf7c 268 }
wolfSSL 15:117db924cf7c 269
wolfSSL 15:117db924cf7c 270 /* copy over keys, options, and dtls state struct */
wolfSSL 15:117db924cf7c 271 return wolfSSL_dtls_export_internal(ssl, buf, *sz);
wolfSSL 15:117db924cf7c 272 }
wolfSSL 15:117db924cf7c 273
wolfSSL 15:117db924cf7c 274
wolfSSL 16:8e0d178b1d1e 275 /* This function is similar to wolfSSL_dtls_export but only exports the portion
wolfSSL 16:8e0d178b1d1e 276 * of the WOLFSSL structure related to the state of the connection, i.e. peer
wolfSSL 16:8e0d178b1d1e 277 * sequence number, epoch, AEAD state etc.
wolfSSL 16:8e0d178b1d1e 278 *
wolfSSL 16:8e0d178b1d1e 279 * buf is the argument to contain the serialized state, if null then set "sz" to
wolfSSL 16:8e0d178b1d1e 280 * buffer size required
wolfSSL 16:8e0d178b1d1e 281 * sz is the size of the buffer passed in
wolfSSL 16:8e0d178b1d1e 282 * ssl is the WOLFSSL struct to serialize
wolfSSL 16:8e0d178b1d1e 283 * returns the size of serialized session on success, 0 on no action, and
wolfSSL 16:8e0d178b1d1e 284 * negative value on error */
wolfSSL 16:8e0d178b1d1e 285 int wolfSSL_dtls_export_state_only(WOLFSSL* ssl, unsigned char* buf,
wolfSSL 16:8e0d178b1d1e 286 unsigned int* sz)
wolfSSL 16:8e0d178b1d1e 287 {
wolfSSL 16:8e0d178b1d1e 288 WOLFSSL_ENTER("wolfSSL_dtls_export_state_only");
wolfSSL 16:8e0d178b1d1e 289
wolfSSL 16:8e0d178b1d1e 290 if (ssl == NULL || sz == NULL) {
wolfSSL 16:8e0d178b1d1e 291 return BAD_FUNC_ARG;
wolfSSL 16:8e0d178b1d1e 292 }
wolfSSL 16:8e0d178b1d1e 293
wolfSSL 16:8e0d178b1d1e 294 if (buf == NULL) {
wolfSSL 16:8e0d178b1d1e 295 *sz = MAX_EXPORT_STATE_BUFFER;
wolfSSL 16:8e0d178b1d1e 296 return 0;
wolfSSL 16:8e0d178b1d1e 297 }
wolfSSL 16:8e0d178b1d1e 298
wolfSSL 16:8e0d178b1d1e 299 /* if not DTLS do nothing */
wolfSSL 16:8e0d178b1d1e 300 if (!ssl->options.dtls) {
wolfSSL 16:8e0d178b1d1e 301 WOLFSSL_MSG("Currently only DTLS export state is supported");
wolfSSL 16:8e0d178b1d1e 302 return 0;
wolfSSL 16:8e0d178b1d1e 303 }
wolfSSL 16:8e0d178b1d1e 304
wolfSSL 16:8e0d178b1d1e 305 /* copy over keys, options, and dtls state struct */
wolfSSL 16:8e0d178b1d1e 306 return wolfSSL_dtls_export_state_internal(ssl, buf, *sz);
wolfSSL 16:8e0d178b1d1e 307 }
wolfSSL 16:8e0d178b1d1e 308
wolfSSL 16:8e0d178b1d1e 309
wolfSSL 15:117db924cf7c 310 /* returns 0 on success */
wolfSSL 15:117db924cf7c 311 int wolfSSL_send_session(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 312 {
wolfSSL 15:117db924cf7c 313 int ret;
wolfSSL 15:117db924cf7c 314 byte* buf;
wolfSSL 15:117db924cf7c 315 word16 bufSz = MAX_EXPORT_BUFFER;
wolfSSL 15:117db924cf7c 316
wolfSSL 15:117db924cf7c 317 WOLFSSL_ENTER("wolfSSL_send_session");
wolfSSL 15:117db924cf7c 318
wolfSSL 15:117db924cf7c 319 if (ssl == NULL) {
wolfSSL 15:117db924cf7c 320 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 321 }
wolfSSL 15:117db924cf7c 322
wolfSSL 15:117db924cf7c 323 buf = (byte*)XMALLOC(bufSz, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 324 if (buf == NULL) {
wolfSSL 15:117db924cf7c 325 return MEMORY_E;
wolfSSL 15:117db924cf7c 326 }
wolfSSL 15:117db924cf7c 327
wolfSSL 15:117db924cf7c 328 /* if not DTLS do nothing */
wolfSSL 15:117db924cf7c 329 if (!ssl->options.dtls) {
wolfSSL 15:117db924cf7c 330 XFREE(buf, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 331 WOLFSSL_MSG("Currently only DTLS export is supported");
wolfSSL 15:117db924cf7c 332 return 0;
wolfSSL 15:117db924cf7c 333 }
wolfSSL 15:117db924cf7c 334
wolfSSL 15:117db924cf7c 335 /* copy over keys, options, and dtls state struct */
wolfSSL 15:117db924cf7c 336 ret = wolfSSL_dtls_export_internal(ssl, buf, bufSz);
wolfSSL 15:117db924cf7c 337 if (ret < 0) {
wolfSSL 15:117db924cf7c 338 XFREE(buf, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 339 return ret;
wolfSSL 15:117db924cf7c 340 }
wolfSSL 15:117db924cf7c 341
wolfSSL 15:117db924cf7c 342 /* if no error ret has size of buffer */
wolfSSL 15:117db924cf7c 343 ret = ssl->dtls_export(ssl, buf, ret, NULL);
wolfSSL 15:117db924cf7c 344 if (ret != WOLFSSL_SUCCESS) {
wolfSSL 15:117db924cf7c 345 XFREE(buf, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 346 return ret;
wolfSSL 15:117db924cf7c 347 }
wolfSSL 15:117db924cf7c 348
wolfSSL 15:117db924cf7c 349 XFREE(buf, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 350 return 0;
wolfSSL 15:117db924cf7c 351 }
wolfSSL 15:117db924cf7c 352 #endif /* WOLFSSL_DTLS */
wolfSSL 15:117db924cf7c 353 #endif /* WOLFSSL_SESSION_EXPORT */
wolfSSL 15:117db924cf7c 354
wolfSSL 15:117db924cf7c 355 /* prevent multiple mutex initializations */
wolfSSL 16:8e0d178b1d1e 356 static volatile WOLFSSL_GLOBAL int initRefCount = 0;
wolfSSL 16:8e0d178b1d1e 357 static WOLFSSL_GLOBAL wolfSSL_Mutex count_mutex; /* init ref count mutex */
wolfSSL 15:117db924cf7c 358
wolfSSL 15:117db924cf7c 359 /* Create a new WOLFSSL_CTX struct and return the pointer to created struct.
wolfSSL 15:117db924cf7c 360 WOLFSSL_METHOD pointer passed in is given to ctx to manage.
wolfSSL 15:117db924cf7c 361 This function frees the passed in WOLFSSL_METHOD struct on failure and on
wolfSSL 15:117db924cf7c 362 success is freed when ctx is freed.
wolfSSL 15:117db924cf7c 363 */
wolfSSL 15:117db924cf7c 364 WOLFSSL_CTX* wolfSSL_CTX_new_ex(WOLFSSL_METHOD* method, void* heap)
wolfSSL 15:117db924cf7c 365 {
wolfSSL 15:117db924cf7c 366 WOLFSSL_CTX* ctx = NULL;
wolfSSL 15:117db924cf7c 367
wolfSSL 16:8e0d178b1d1e 368 WOLFSSL_ENTER("wolfSSL_CTX_new_ex");
wolfSSL 15:117db924cf7c 369
wolfSSL 15:117db924cf7c 370 if (initRefCount == 0) {
wolfSSL 15:117db924cf7c 371 /* user no longer forced to call Init themselves */
wolfSSL 15:117db924cf7c 372 int ret = wolfSSL_Init();
wolfSSL 15:117db924cf7c 373 if (ret != WOLFSSL_SUCCESS) {
wolfSSL 15:117db924cf7c 374 WOLFSSL_MSG("wolfSSL_Init failed");
wolfSSL 15:117db924cf7c 375 WOLFSSL_LEAVE("WOLFSSL_CTX_new", 0);
wolfSSL 15:117db924cf7c 376 if (method != NULL) {
wolfSSL 15:117db924cf7c 377 XFREE(method, heap, DYNAMIC_TYPE_METHOD);
wolfSSL 15:117db924cf7c 378 }
wolfSSL 15:117db924cf7c 379 return NULL;
wolfSSL 15:117db924cf7c 380 }
wolfSSL 15:117db924cf7c 381 }
wolfSSL 15:117db924cf7c 382
wolfSSL 15:117db924cf7c 383 if (method == NULL)
wolfSSL 15:117db924cf7c 384 return ctx;
wolfSSL 15:117db924cf7c 385
wolfSSL 15:117db924cf7c 386 ctx = (WOLFSSL_CTX*) XMALLOC(sizeof(WOLFSSL_CTX), heap, DYNAMIC_TYPE_CTX);
wolfSSL 15:117db924cf7c 387 if (ctx) {
wolfSSL 16:8e0d178b1d1e 388 int ret;
wolfSSL 16:8e0d178b1d1e 389
wolfSSL 16:8e0d178b1d1e 390 ret = InitSSL_Ctx(ctx, method, heap);
wolfSSL 16:8e0d178b1d1e 391 #ifdef WOLFSSL_STATIC_MEMORY
wolfSSL 16:8e0d178b1d1e 392 if (heap != NULL) {
wolfSSL 16:8e0d178b1d1e 393 ctx->onHeap = 1; /* free the memory back to heap when done */
wolfSSL 16:8e0d178b1d1e 394 }
wolfSSL 16:8e0d178b1d1e 395 #endif
wolfSSL 16:8e0d178b1d1e 396 if (ret < 0) {
wolfSSL 15:117db924cf7c 397 WOLFSSL_MSG("Init CTX failed");
wolfSSL 15:117db924cf7c 398 wolfSSL_CTX_free(ctx);
wolfSSL 15:117db924cf7c 399 ctx = NULL;
wolfSSL 15:117db924cf7c 400 }
wolfSSL 15:117db924cf7c 401 #if defined(OPENSSL_EXTRA) && defined(WOLFCRYPT_HAVE_SRP) \
wolfSSL 15:117db924cf7c 402 && !defined(NO_SHA256) && !defined(WC_NO_RNG)
wolfSSL 15:117db924cf7c 403 else {
wolfSSL 15:117db924cf7c 404 ctx->srp = (Srp*) XMALLOC(sizeof(Srp), heap, DYNAMIC_TYPE_SRP);
wolfSSL 15:117db924cf7c 405 if (ctx->srp == NULL){
wolfSSL 15:117db924cf7c 406 WOLFSSL_MSG("Init CTX failed");
wolfSSL 15:117db924cf7c 407 wolfSSL_CTX_free(ctx);
wolfSSL 15:117db924cf7c 408 return NULL;
wolfSSL 15:117db924cf7c 409 }
wolfSSL 15:117db924cf7c 410 XMEMSET(ctx->srp, 0, sizeof(Srp));
wolfSSL 15:117db924cf7c 411 }
wolfSSL 15:117db924cf7c 412 #endif
wolfSSL 15:117db924cf7c 413 }
wolfSSL 15:117db924cf7c 414 else {
wolfSSL 15:117db924cf7c 415 WOLFSSL_MSG("Alloc CTX failed, method freed");
wolfSSL 15:117db924cf7c 416 XFREE(method, heap, DYNAMIC_TYPE_METHOD);
wolfSSL 15:117db924cf7c 417 }
wolfSSL 15:117db924cf7c 418
wolfSSL 15:117db924cf7c 419
wolfSSL 15:117db924cf7c 420 WOLFSSL_LEAVE("WOLFSSL_CTX_new", 0);
wolfSSL 15:117db924cf7c 421 return ctx;
wolfSSL 15:117db924cf7c 422 }
wolfSSL 15:117db924cf7c 423
wolfSSL 15:117db924cf7c 424
wolfSSL 16:8e0d178b1d1e 425 WOLFSSL_ABI
wolfSSL 15:117db924cf7c 426 WOLFSSL_CTX* wolfSSL_CTX_new(WOLFSSL_METHOD* method)
wolfSSL 15:117db924cf7c 427 {
wolfSSL 15:117db924cf7c 428 #ifdef WOLFSSL_HEAP_TEST
wolfSSL 15:117db924cf7c 429 /* if testing the heap hint then set top level CTX to have test value */
wolfSSL 15:117db924cf7c 430 return wolfSSL_CTX_new_ex(method, (void*)WOLFSSL_HEAP_TEST);
wolfSSL 15:117db924cf7c 431 #else
wolfSSL 15:117db924cf7c 432 return wolfSSL_CTX_new_ex(method, NULL);
wolfSSL 15:117db924cf7c 433 #endif
wolfSSL 15:117db924cf7c 434 }
wolfSSL 15:117db924cf7c 435
wolfSSL 16:8e0d178b1d1e 436 #ifdef OPENSSL_EXTRA
wolfSSL 16:8e0d178b1d1e 437 /* increases CTX reference count to track proper time to "free" */
wolfSSL 16:8e0d178b1d1e 438 int wolfSSL_CTX_up_ref(WOLFSSL_CTX* ctx)
wolfSSL 16:8e0d178b1d1e 439 {
wolfSSL 16:8e0d178b1d1e 440 int refCount = SSL_CTX_RefCount(ctx, 1);
wolfSSL 16:8e0d178b1d1e 441 return ((refCount > 1) ? 1 : 0);
wolfSSL 16:8e0d178b1d1e 442 }
wolfSSL 16:8e0d178b1d1e 443 #endif
wolfSSL 16:8e0d178b1d1e 444
wolfSSL 16:8e0d178b1d1e 445 WOLFSSL_ABI
wolfSSL 15:117db924cf7c 446 void wolfSSL_CTX_free(WOLFSSL_CTX* ctx)
wolfSSL 15:117db924cf7c 447 {
wolfSSL 15:117db924cf7c 448 WOLFSSL_ENTER("SSL_CTX_free");
wolfSSL 15:117db924cf7c 449 if (ctx) {
wolfSSL 15:117db924cf7c 450 #if defined(OPENSSL_EXTRA) && defined(WOLFCRYPT_HAVE_SRP) \
wolfSSL 15:117db924cf7c 451 && !defined(NO_SHA256) && !defined(WC_NO_RNG)
wolfSSL 15:117db924cf7c 452 if (ctx->srp != NULL){
wolfSSL 15:117db924cf7c 453 if (ctx->srp_password != NULL){
wolfSSL 15:117db924cf7c 454 XFREE(ctx->srp_password, ctx->heap, DYNAMIC_TYPE_SRP);
wolfSSL 16:8e0d178b1d1e 455 ctx->srp_password = NULL;
wolfSSL 15:117db924cf7c 456 }
wolfSSL 15:117db924cf7c 457 wc_SrpTerm(ctx->srp);
wolfSSL 15:117db924cf7c 458 XFREE(ctx->srp, ctx->heap, DYNAMIC_TYPE_SRP);
wolfSSL 16:8e0d178b1d1e 459 ctx->srp = NULL;
wolfSSL 15:117db924cf7c 460 }
wolfSSL 15:117db924cf7c 461 #endif
wolfSSL 15:117db924cf7c 462 FreeSSL_Ctx(ctx);
wolfSSL 15:117db924cf7c 463 }
wolfSSL 15:117db924cf7c 464
wolfSSL 15:117db924cf7c 465 WOLFSSL_LEAVE("SSL_CTX_free", 0);
wolfSSL 15:117db924cf7c 466 }
wolfSSL 15:117db924cf7c 467
wolfSSL 15:117db924cf7c 468
wolfSSL 16:8e0d178b1d1e 469 #ifdef HAVE_ENCRYPT_THEN_MAC
wolfSSL 16:8e0d178b1d1e 470 /**
wolfSSL 16:8e0d178b1d1e 471 * Sets whether Encrypt-Then-MAC extension can be negotiated against context.
wolfSSL 16:8e0d178b1d1e 472 * The default value: enabled.
wolfSSL 16:8e0d178b1d1e 473 *
wolfSSL 16:8e0d178b1d1e 474 * ctx SSL/TLS context.
wolfSSL 16:8e0d178b1d1e 475 * set Whether to allow or not: 1 is allow and 0 is disallow.
wolfSSL 16:8e0d178b1d1e 476 * returns WOLFSSL_SUCCESS
wolfSSL 16:8e0d178b1d1e 477 */
wolfSSL 16:8e0d178b1d1e 478 int wolfSSL_CTX_AllowEncryptThenMac(WOLFSSL_CTX *ctx, int set)
wolfSSL 16:8e0d178b1d1e 479 {
wolfSSL 16:8e0d178b1d1e 480 ctx->disallowEncThenMac = !set;
wolfSSL 16:8e0d178b1d1e 481 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 482 }
wolfSSL 16:8e0d178b1d1e 483
wolfSSL 16:8e0d178b1d1e 484 /**
wolfSSL 16:8e0d178b1d1e 485 * Sets whether Encrypt-Then-MAC extension can be negotiated against context.
wolfSSL 16:8e0d178b1d1e 486 * The default value comes from context.
wolfSSL 16:8e0d178b1d1e 487 *
wolfSSL 16:8e0d178b1d1e 488 * ctx SSL/TLS context.
wolfSSL 16:8e0d178b1d1e 489 * set Whether to allow or not: 1 is allow and 0 is disallow.
wolfSSL 16:8e0d178b1d1e 490 * returns WOLFSSL_SUCCESS
wolfSSL 16:8e0d178b1d1e 491 */
wolfSSL 16:8e0d178b1d1e 492 int wolfSSL_AllowEncryptThenMac(WOLFSSL *ssl, int set)
wolfSSL 16:8e0d178b1d1e 493 {
wolfSSL 16:8e0d178b1d1e 494 ssl->options.disallowEncThenMac = !set;
wolfSSL 16:8e0d178b1d1e 495 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 496 }
wolfSSL 16:8e0d178b1d1e 497 #endif
wolfSSL 16:8e0d178b1d1e 498
wolfSSL 15:117db924cf7c 499 #ifdef SINGLE_THREADED
wolfSSL 15:117db924cf7c 500 /* no locking in single threaded mode, allow a CTX level rng to be shared with
wolfSSL 15:117db924cf7c 501 * WOLFSSL objects, WOLFSSL_SUCCESS on ok */
wolfSSL 15:117db924cf7c 502 int wolfSSL_CTX_new_rng(WOLFSSL_CTX* ctx)
wolfSSL 15:117db924cf7c 503 {
wolfSSL 15:117db924cf7c 504 WC_RNG* rng;
wolfSSL 15:117db924cf7c 505 int ret;
wolfSSL 15:117db924cf7c 506
wolfSSL 15:117db924cf7c 507 if (ctx == NULL) {
wolfSSL 15:117db924cf7c 508 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 509 }
wolfSSL 15:117db924cf7c 510
wolfSSL 16:8e0d178b1d1e 511 rng = (WC_RNG*)XMALLOC(sizeof(WC_RNG), ctx->heap, DYNAMIC_TYPE_RNG);
wolfSSL 15:117db924cf7c 512 if (rng == NULL) {
wolfSSL 15:117db924cf7c 513 return MEMORY_E;
wolfSSL 15:117db924cf7c 514 }
wolfSSL 15:117db924cf7c 515
wolfSSL 15:117db924cf7c 516 #ifndef HAVE_FIPS
wolfSSL 15:117db924cf7c 517 ret = wc_InitRng_ex(rng, ctx->heap, ctx->devId);
wolfSSL 15:117db924cf7c 518 #else
wolfSSL 15:117db924cf7c 519 ret = wc_InitRng(rng);
wolfSSL 15:117db924cf7c 520 #endif
wolfSSL 15:117db924cf7c 521 if (ret != 0) {
wolfSSL 15:117db924cf7c 522 XFREE(rng, ctx->heap, DYNAMIC_TYPE_RNG);
wolfSSL 15:117db924cf7c 523 return ret;
wolfSSL 15:117db924cf7c 524 }
wolfSSL 15:117db924cf7c 525
wolfSSL 15:117db924cf7c 526 ctx->rng = rng;
wolfSSL 15:117db924cf7c 527 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 528 }
wolfSSL 15:117db924cf7c 529 #endif
wolfSSL 15:117db924cf7c 530
wolfSSL 15:117db924cf7c 531
wolfSSL 16:8e0d178b1d1e 532 WOLFSSL_ABI
wolfSSL 15:117db924cf7c 533 WOLFSSL* wolfSSL_new(WOLFSSL_CTX* ctx)
wolfSSL 15:117db924cf7c 534 {
wolfSSL 15:117db924cf7c 535 WOLFSSL* ssl = NULL;
wolfSSL 15:117db924cf7c 536 int ret = 0;
wolfSSL 15:117db924cf7c 537
wolfSSL 15:117db924cf7c 538 (void)ret;
wolfSSL 15:117db924cf7c 539 WOLFSSL_ENTER("SSL_new");
wolfSSL 15:117db924cf7c 540
wolfSSL 15:117db924cf7c 541 if (ctx == NULL)
wolfSSL 15:117db924cf7c 542 return ssl;
wolfSSL 15:117db924cf7c 543
wolfSSL 15:117db924cf7c 544 ssl = (WOLFSSL*) XMALLOC(sizeof(WOLFSSL), ctx->heap, DYNAMIC_TYPE_SSL);
wolfSSL 15:117db924cf7c 545 if (ssl)
wolfSSL 15:117db924cf7c 546 if ( (ret = InitSSL(ssl, ctx, 0)) < 0) {
wolfSSL 15:117db924cf7c 547 FreeSSL(ssl, ctx->heap);
wolfSSL 15:117db924cf7c 548 ssl = 0;
wolfSSL 15:117db924cf7c 549 }
wolfSSL 15:117db924cf7c 550
wolfSSL 15:117db924cf7c 551 WOLFSSL_LEAVE("SSL_new", ret);
wolfSSL 15:117db924cf7c 552 return ssl;
wolfSSL 15:117db924cf7c 553 }
wolfSSL 15:117db924cf7c 554
wolfSSL 15:117db924cf7c 555
wolfSSL 16:8e0d178b1d1e 556 WOLFSSL_ABI
wolfSSL 15:117db924cf7c 557 void wolfSSL_free(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 558 {
wolfSSL 15:117db924cf7c 559 WOLFSSL_ENTER("SSL_free");
wolfSSL 15:117db924cf7c 560 if (ssl)
wolfSSL 15:117db924cf7c 561 FreeSSL(ssl, ssl->ctx->heap);
wolfSSL 15:117db924cf7c 562 WOLFSSL_LEAVE("SSL_free", 0);
wolfSSL 15:117db924cf7c 563 }
wolfSSL 15:117db924cf7c 564
wolfSSL 15:117db924cf7c 565
wolfSSL 15:117db924cf7c 566 int wolfSSL_is_server(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 567 {
wolfSSL 15:117db924cf7c 568 if (ssl == NULL)
wolfSSL 15:117db924cf7c 569 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 570 return ssl->options.side == WOLFSSL_SERVER_END;
wolfSSL 15:117db924cf7c 571 }
wolfSSL 15:117db924cf7c 572
wolfSSL 15:117db924cf7c 573 #ifdef HAVE_WRITE_DUP
wolfSSL 15:117db924cf7c 574
wolfSSL 15:117db924cf7c 575 /*
wolfSSL 15:117db924cf7c 576 * Release resources around WriteDup object
wolfSSL 15:117db924cf7c 577 *
wolfSSL 15:117db924cf7c 578 * ssl WOLFSSL object
wolfSSL 15:117db924cf7c 579 *
wolfSSL 15:117db924cf7c 580 * no return, destruction so make best attempt
wolfSSL 15:117db924cf7c 581 */
wolfSSL 15:117db924cf7c 582 void FreeWriteDup(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 583 {
wolfSSL 15:117db924cf7c 584 int doFree = 0;
wolfSSL 15:117db924cf7c 585
wolfSSL 15:117db924cf7c 586 WOLFSSL_ENTER("FreeWriteDup");
wolfSSL 15:117db924cf7c 587
wolfSSL 15:117db924cf7c 588 if (ssl->dupWrite) {
wolfSSL 15:117db924cf7c 589 if (wc_LockMutex(&ssl->dupWrite->dupMutex) == 0) {
wolfSSL 15:117db924cf7c 590 ssl->dupWrite->dupCount--;
wolfSSL 15:117db924cf7c 591 if (ssl->dupWrite->dupCount == 0) {
wolfSSL 15:117db924cf7c 592 doFree = 1;
wolfSSL 15:117db924cf7c 593 } else {
wolfSSL 15:117db924cf7c 594 WOLFSSL_MSG("WriteDup count not zero, no full free");
wolfSSL 15:117db924cf7c 595 }
wolfSSL 15:117db924cf7c 596 wc_UnLockMutex(&ssl->dupWrite->dupMutex);
wolfSSL 15:117db924cf7c 597 }
wolfSSL 15:117db924cf7c 598 }
wolfSSL 15:117db924cf7c 599
wolfSSL 15:117db924cf7c 600 if (doFree) {
wolfSSL 15:117db924cf7c 601 WOLFSSL_MSG("Doing WriteDup full free, count to zero");
wolfSSL 15:117db924cf7c 602 wc_FreeMutex(&ssl->dupWrite->dupMutex);
wolfSSL 15:117db924cf7c 603 XFREE(ssl->dupWrite, ssl->heap, DYNAMIC_TYPE_WRITEDUP);
wolfSSL 15:117db924cf7c 604 }
wolfSSL 15:117db924cf7c 605 }
wolfSSL 15:117db924cf7c 606
wolfSSL 15:117db924cf7c 607
wolfSSL 15:117db924cf7c 608 /*
wolfSSL 15:117db924cf7c 609 * duplicate existing ssl members into dup needed for writing
wolfSSL 15:117db924cf7c 610 *
wolfSSL 15:117db924cf7c 611 * dup write only WOLFSSL
wolfSSL 16:8e0d178b1d1e 612 * ssl existing WOLFSSL
wolfSSL 15:117db924cf7c 613 *
wolfSSL 15:117db924cf7c 614 * 0 on success
wolfSSL 15:117db924cf7c 615 */
wolfSSL 15:117db924cf7c 616 static int DupSSL(WOLFSSL* dup, WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 617 {
wolfSSL 15:117db924cf7c 618 /* shared dupWrite setup */
wolfSSL 15:117db924cf7c 619 ssl->dupWrite = (WriteDup*)XMALLOC(sizeof(WriteDup), ssl->heap,
wolfSSL 15:117db924cf7c 620 DYNAMIC_TYPE_WRITEDUP);
wolfSSL 15:117db924cf7c 621 if (ssl->dupWrite == NULL) {
wolfSSL 15:117db924cf7c 622 return MEMORY_E;
wolfSSL 15:117db924cf7c 623 }
wolfSSL 15:117db924cf7c 624 XMEMSET(ssl->dupWrite, 0, sizeof(WriteDup));
wolfSSL 15:117db924cf7c 625
wolfSSL 15:117db924cf7c 626 if (wc_InitMutex(&ssl->dupWrite->dupMutex) != 0) {
wolfSSL 15:117db924cf7c 627 XFREE(ssl->dupWrite, ssl->heap, DYNAMIC_TYPE_WRITEDUP);
wolfSSL 15:117db924cf7c 628 ssl->dupWrite = NULL;
wolfSSL 15:117db924cf7c 629 return BAD_MUTEX_E;
wolfSSL 15:117db924cf7c 630 }
wolfSSL 15:117db924cf7c 631 ssl->dupWrite->dupCount = 2; /* both sides have a count to start */
wolfSSL 15:117db924cf7c 632 dup->dupWrite = ssl->dupWrite; /* each side uses */
wolfSSL 15:117db924cf7c 633
wolfSSL 15:117db924cf7c 634 /* copy write parts over to dup writer */
wolfSSL 15:117db924cf7c 635 XMEMCPY(&dup->specs, &ssl->specs, sizeof(CipherSpecs));
wolfSSL 15:117db924cf7c 636 XMEMCPY(&dup->options, &ssl->options, sizeof(Options));
wolfSSL 15:117db924cf7c 637 XMEMCPY(&dup->keys, &ssl->keys, sizeof(Keys));
wolfSSL 15:117db924cf7c 638 XMEMCPY(&dup->encrypt, &ssl->encrypt, sizeof(Ciphers));
wolfSSL 15:117db924cf7c 639 /* dup side now owns encrypt/write ciphers */
wolfSSL 15:117db924cf7c 640 XMEMSET(&ssl->encrypt, 0, sizeof(Ciphers));
wolfSSL 15:117db924cf7c 641
wolfSSL 15:117db924cf7c 642 dup->IOCB_WriteCtx = ssl->IOCB_WriteCtx;
wolfSSL 15:117db924cf7c 643 dup->wfd = ssl->wfd;
wolfSSL 15:117db924cf7c 644 dup->wflags = ssl->wflags;
wolfSSL 15:117db924cf7c 645 dup->hmac = ssl->hmac;
wolfSSL 15:117db924cf7c 646 #ifdef HAVE_TRUNCATED_HMAC
wolfSSL 15:117db924cf7c 647 dup->truncated_hmac = ssl->truncated_hmac;
wolfSSL 15:117db924cf7c 648 #endif
wolfSSL 15:117db924cf7c 649
wolfSSL 15:117db924cf7c 650 /* unique side dup setup */
wolfSSL 15:117db924cf7c 651 dup->dupSide = WRITE_DUP_SIDE;
wolfSSL 15:117db924cf7c 652 ssl->dupSide = READ_DUP_SIDE;
wolfSSL 15:117db924cf7c 653
wolfSSL 15:117db924cf7c 654 return 0;
wolfSSL 15:117db924cf7c 655 }
wolfSSL 15:117db924cf7c 656
wolfSSL 15:117db924cf7c 657
wolfSSL 15:117db924cf7c 658 /*
wolfSSL 15:117db924cf7c 659 * duplicate a WOLFSSL object post handshake for writing only
wolfSSL 16:8e0d178b1d1e 660 * turn existing object into read only. Allows concurrent access from two
wolfSSL 15:117db924cf7c 661 * different threads.
wolfSSL 15:117db924cf7c 662 *
wolfSSL 16:8e0d178b1d1e 663 * ssl existing WOLFSSL object
wolfSSL 15:117db924cf7c 664 *
wolfSSL 15:117db924cf7c 665 * return dup'd WOLFSSL object on success
wolfSSL 15:117db924cf7c 666 */
wolfSSL 15:117db924cf7c 667 WOLFSSL* wolfSSL_write_dup(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 668 {
wolfSSL 15:117db924cf7c 669 WOLFSSL* dup = NULL;
wolfSSL 15:117db924cf7c 670 int ret = 0;
wolfSSL 15:117db924cf7c 671
wolfSSL 15:117db924cf7c 672 (void)ret;
wolfSSL 15:117db924cf7c 673 WOLFSSL_ENTER("wolfSSL_write_dup");
wolfSSL 15:117db924cf7c 674
wolfSSL 15:117db924cf7c 675 if (ssl == NULL) {
wolfSSL 15:117db924cf7c 676 return ssl;
wolfSSL 15:117db924cf7c 677 }
wolfSSL 15:117db924cf7c 678
wolfSSL 15:117db924cf7c 679 if (ssl->options.handShakeDone == 0) {
wolfSSL 15:117db924cf7c 680 WOLFSSL_MSG("wolfSSL_write_dup called before handshake complete");
wolfSSL 15:117db924cf7c 681 return NULL;
wolfSSL 15:117db924cf7c 682 }
wolfSSL 15:117db924cf7c 683
wolfSSL 15:117db924cf7c 684 if (ssl->dupWrite) {
wolfSSL 15:117db924cf7c 685 WOLFSSL_MSG("wolfSSL_write_dup already called once");
wolfSSL 15:117db924cf7c 686 return NULL;
wolfSSL 15:117db924cf7c 687 }
wolfSSL 15:117db924cf7c 688
wolfSSL 15:117db924cf7c 689 dup = (WOLFSSL*) XMALLOC(sizeof(WOLFSSL), ssl->ctx->heap, DYNAMIC_TYPE_SSL);
wolfSSL 15:117db924cf7c 690 if (dup) {
wolfSSL 15:117db924cf7c 691 if ( (ret = InitSSL(dup, ssl->ctx, 1)) < 0) {
wolfSSL 15:117db924cf7c 692 FreeSSL(dup, ssl->ctx->heap);
wolfSSL 15:117db924cf7c 693 dup = NULL;
wolfSSL 16:8e0d178b1d1e 694 } else if ( (ret = DupSSL(dup, ssl)) < 0) {
wolfSSL 15:117db924cf7c 695 FreeSSL(dup, ssl->ctx->heap);
wolfSSL 15:117db924cf7c 696 dup = NULL;
wolfSSL 15:117db924cf7c 697 }
wolfSSL 15:117db924cf7c 698 }
wolfSSL 15:117db924cf7c 699
wolfSSL 15:117db924cf7c 700 WOLFSSL_LEAVE("wolfSSL_write_dup", ret);
wolfSSL 15:117db924cf7c 701
wolfSSL 15:117db924cf7c 702 return dup;
wolfSSL 15:117db924cf7c 703 }
wolfSSL 15:117db924cf7c 704
wolfSSL 15:117db924cf7c 705
wolfSSL 15:117db924cf7c 706 /*
wolfSSL 15:117db924cf7c 707 * Notify write dup side of fatal error or close notify
wolfSSL 15:117db924cf7c 708 *
wolfSSL 15:117db924cf7c 709 * ssl WOLFSSL object
wolfSSL 15:117db924cf7c 710 * err Notify err
wolfSSL 15:117db924cf7c 711 *
wolfSSL 15:117db924cf7c 712 * 0 on success
wolfSSL 15:117db924cf7c 713 */
wolfSSL 15:117db924cf7c 714 int NotifyWriteSide(WOLFSSL* ssl, int err)
wolfSSL 15:117db924cf7c 715 {
wolfSSL 15:117db924cf7c 716 int ret;
wolfSSL 15:117db924cf7c 717
wolfSSL 15:117db924cf7c 718 WOLFSSL_ENTER("NotifyWriteSide");
wolfSSL 15:117db924cf7c 719
wolfSSL 15:117db924cf7c 720 ret = wc_LockMutex(&ssl->dupWrite->dupMutex);
wolfSSL 15:117db924cf7c 721 if (ret == 0) {
wolfSSL 15:117db924cf7c 722 ssl->dupWrite->dupErr = err;
wolfSSL 15:117db924cf7c 723 ret = wc_UnLockMutex(&ssl->dupWrite->dupMutex);
wolfSSL 15:117db924cf7c 724 }
wolfSSL 15:117db924cf7c 725
wolfSSL 15:117db924cf7c 726 return ret;
wolfSSL 15:117db924cf7c 727 }
wolfSSL 15:117db924cf7c 728
wolfSSL 15:117db924cf7c 729
wolfSSL 15:117db924cf7c 730 #endif /* HAVE_WRITE_DUP */
wolfSSL 15:117db924cf7c 731
wolfSSL 15:117db924cf7c 732
wolfSSL 15:117db924cf7c 733 #ifdef HAVE_POLY1305
wolfSSL 15:117db924cf7c 734 /* set if to use old poly 1 for yes 0 to use new poly */
wolfSSL 15:117db924cf7c 735 int wolfSSL_use_old_poly(WOLFSSL* ssl, int value)
wolfSSL 15:117db924cf7c 736 {
wolfSSL 15:117db924cf7c 737 (void)ssl;
wolfSSL 15:117db924cf7c 738 (void)value;
wolfSSL 15:117db924cf7c 739
wolfSSL 15:117db924cf7c 740 #ifndef WOLFSSL_NO_TLS12
wolfSSL 15:117db924cf7c 741 WOLFSSL_ENTER("SSL_use_old_poly");
wolfSSL 15:117db924cf7c 742 WOLFSSL_MSG("Warning SSL connection auto detects old/new and this function"
wolfSSL 16:8e0d178b1d1e 743 "is depreciated");
wolfSSL 15:117db924cf7c 744 ssl->options.oldPoly = (word16)value;
wolfSSL 15:117db924cf7c 745 WOLFSSL_LEAVE("SSL_use_old_poly", 0);
wolfSSL 15:117db924cf7c 746 #endif
wolfSSL 15:117db924cf7c 747 return 0;
wolfSSL 15:117db924cf7c 748 }
wolfSSL 15:117db924cf7c 749 #endif
wolfSSL 15:117db924cf7c 750
wolfSSL 15:117db924cf7c 751
wolfSSL 16:8e0d178b1d1e 752 WOLFSSL_ABI
wolfSSL 15:117db924cf7c 753 int wolfSSL_set_fd(WOLFSSL* ssl, int fd)
wolfSSL 15:117db924cf7c 754 {
wolfSSL 15:117db924cf7c 755 int ret;
wolfSSL 15:117db924cf7c 756
wolfSSL 15:117db924cf7c 757 WOLFSSL_ENTER("SSL_set_fd");
wolfSSL 15:117db924cf7c 758
wolfSSL 15:117db924cf7c 759 if (ssl == NULL) {
wolfSSL 15:117db924cf7c 760 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 761 }
wolfSSL 15:117db924cf7c 762
wolfSSL 15:117db924cf7c 763 ret = wolfSSL_set_read_fd(ssl, fd);
wolfSSL 15:117db924cf7c 764 if (ret == WOLFSSL_SUCCESS) {
wolfSSL 15:117db924cf7c 765 ret = wolfSSL_set_write_fd(ssl, fd);
wolfSSL 15:117db924cf7c 766 }
wolfSSL 15:117db924cf7c 767
wolfSSL 15:117db924cf7c 768 return ret;
wolfSSL 15:117db924cf7c 769 }
wolfSSL 15:117db924cf7c 770
wolfSSL 15:117db924cf7c 771
wolfSSL 15:117db924cf7c 772 int wolfSSL_set_read_fd(WOLFSSL* ssl, int fd)
wolfSSL 15:117db924cf7c 773 {
wolfSSL 15:117db924cf7c 774 WOLFSSL_ENTER("SSL_set_read_fd");
wolfSSL 15:117db924cf7c 775
wolfSSL 15:117db924cf7c 776 if (ssl == NULL) {
wolfSSL 15:117db924cf7c 777 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 778 }
wolfSSL 15:117db924cf7c 779
wolfSSL 15:117db924cf7c 780 ssl->rfd = fd; /* not used directly to allow IO callbacks */
wolfSSL 15:117db924cf7c 781 ssl->IOCB_ReadCtx = &ssl->rfd;
wolfSSL 15:117db924cf7c 782
wolfSSL 15:117db924cf7c 783 #ifdef WOLFSSL_DTLS
wolfSSL 15:117db924cf7c 784 if (ssl->options.dtls) {
wolfSSL 15:117db924cf7c 785 ssl->IOCB_ReadCtx = &ssl->buffers.dtlsCtx;
wolfSSL 15:117db924cf7c 786 ssl->buffers.dtlsCtx.rfd = fd;
wolfSSL 15:117db924cf7c 787 }
wolfSSL 15:117db924cf7c 788 #endif
wolfSSL 15:117db924cf7c 789
wolfSSL 15:117db924cf7c 790 WOLFSSL_LEAVE("SSL_set_read_fd", WOLFSSL_SUCCESS);
wolfSSL 15:117db924cf7c 791 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 792 }
wolfSSL 15:117db924cf7c 793
wolfSSL 15:117db924cf7c 794
wolfSSL 15:117db924cf7c 795 int wolfSSL_set_write_fd(WOLFSSL* ssl, int fd)
wolfSSL 15:117db924cf7c 796 {
wolfSSL 15:117db924cf7c 797 WOLFSSL_ENTER("SSL_set_write_fd");
wolfSSL 15:117db924cf7c 798
wolfSSL 15:117db924cf7c 799 if (ssl == NULL) {
wolfSSL 15:117db924cf7c 800 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 801 }
wolfSSL 15:117db924cf7c 802
wolfSSL 15:117db924cf7c 803 ssl->wfd = fd; /* not used directly to allow IO callbacks */
wolfSSL 15:117db924cf7c 804 ssl->IOCB_WriteCtx = &ssl->wfd;
wolfSSL 15:117db924cf7c 805
wolfSSL 15:117db924cf7c 806 #ifdef WOLFSSL_DTLS
wolfSSL 15:117db924cf7c 807 if (ssl->options.dtls) {
wolfSSL 15:117db924cf7c 808 ssl->IOCB_WriteCtx = &ssl->buffers.dtlsCtx;
wolfSSL 15:117db924cf7c 809 ssl->buffers.dtlsCtx.wfd = fd;
wolfSSL 15:117db924cf7c 810 }
wolfSSL 15:117db924cf7c 811 #endif
wolfSSL 15:117db924cf7c 812
wolfSSL 15:117db924cf7c 813 WOLFSSL_LEAVE("SSL_set_write_fd", WOLFSSL_SUCCESS);
wolfSSL 15:117db924cf7c 814 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 815 }
wolfSSL 15:117db924cf7c 816
wolfSSL 15:117db924cf7c 817
wolfSSL 15:117db924cf7c 818 /**
wolfSSL 15:117db924cf7c 819 * Get the name of cipher at priority level passed in.
wolfSSL 15:117db924cf7c 820 */
wolfSSL 15:117db924cf7c 821 char* wolfSSL_get_cipher_list(int priority)
wolfSSL 15:117db924cf7c 822 {
wolfSSL 15:117db924cf7c 823 const CipherSuiteInfo* ciphers = GetCipherNames();
wolfSSL 15:117db924cf7c 824
wolfSSL 15:117db924cf7c 825 if (priority >= GetCipherNamesSize() || priority < 0) {
wolfSSL 15:117db924cf7c 826 return 0;
wolfSSL 15:117db924cf7c 827 }
wolfSSL 15:117db924cf7c 828
wolfSSL 15:117db924cf7c 829 return (char*)ciphers[priority].name;
wolfSSL 15:117db924cf7c 830 }
wolfSSL 15:117db924cf7c 831
wolfSSL 15:117db924cf7c 832
wolfSSL 15:117db924cf7c 833 /**
wolfSSL 15:117db924cf7c 834 * Get the name of cipher at priority level passed in.
wolfSSL 15:117db924cf7c 835 */
wolfSSL 15:117db924cf7c 836 char* wolfSSL_get_cipher_list_ex(WOLFSSL* ssl, int priority)
wolfSSL 15:117db924cf7c 837 {
wolfSSL 15:117db924cf7c 838
wolfSSL 15:117db924cf7c 839 if (ssl == NULL) {
wolfSSL 15:117db924cf7c 840 return NULL;
wolfSSL 15:117db924cf7c 841 }
wolfSSL 15:117db924cf7c 842 else {
wolfSSL 15:117db924cf7c 843 const char* cipher;
wolfSSL 15:117db924cf7c 844
wolfSSL 15:117db924cf7c 845 if ((cipher = wolfSSL_get_cipher_name_internal(ssl)) != NULL) {
wolfSSL 15:117db924cf7c 846 if (priority == 0) {
wolfSSL 15:117db924cf7c 847 return (char*)cipher;
wolfSSL 15:117db924cf7c 848 }
wolfSSL 15:117db924cf7c 849 else {
wolfSSL 15:117db924cf7c 850 return NULL;
wolfSSL 15:117db924cf7c 851 }
wolfSSL 15:117db924cf7c 852 }
wolfSSL 15:117db924cf7c 853 else {
wolfSSL 15:117db924cf7c 854 return wolfSSL_get_cipher_list(priority);
wolfSSL 15:117db924cf7c 855 }
wolfSSL 15:117db924cf7c 856 }
wolfSSL 15:117db924cf7c 857 }
wolfSSL 15:117db924cf7c 858
wolfSSL 15:117db924cf7c 859
wolfSSL 15:117db924cf7c 860 int wolfSSL_get_ciphers(char* buf, int len)
wolfSSL 15:117db924cf7c 861 {
wolfSSL 15:117db924cf7c 862 const CipherSuiteInfo* ciphers = GetCipherNames();
wolfSSL 16:8e0d178b1d1e 863 int ciphersSz = GetCipherNamesSize();
wolfSSL 16:8e0d178b1d1e 864 int i;
wolfSSL 16:8e0d178b1d1e 865 int cipherNameSz;
wolfSSL 15:117db924cf7c 866
wolfSSL 15:117db924cf7c 867 if (buf == NULL || len <= 0)
wolfSSL 15:117db924cf7c 868 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 869
wolfSSL 15:117db924cf7c 870 /* Add each member to the buffer delimited by a : */
wolfSSL 16:8e0d178b1d1e 871 for (i = 0; i < ciphersSz; i++) {
wolfSSL 16:8e0d178b1d1e 872 cipherNameSz = (int)XSTRLEN(ciphers[i].name);
wolfSSL 16:8e0d178b1d1e 873 if (cipherNameSz + 1 < len) {
wolfSSL 16:8e0d178b1d1e 874 XSTRNCPY(buf, ciphers[i].name, len);
wolfSSL 16:8e0d178b1d1e 875 buf += cipherNameSz;
wolfSSL 16:8e0d178b1d1e 876
wolfSSL 16:8e0d178b1d1e 877 if (i < ciphersSz - 1)
wolfSSL 16:8e0d178b1d1e 878 *buf++ = ':';
wolfSSL 16:8e0d178b1d1e 879 *buf = 0;
wolfSSL 16:8e0d178b1d1e 880
wolfSSL 16:8e0d178b1d1e 881 len -= cipherNameSz + 1;
wolfSSL 15:117db924cf7c 882 }
wolfSSL 15:117db924cf7c 883 else
wolfSSL 15:117db924cf7c 884 return BUFFER_E;
wolfSSL 15:117db924cf7c 885 }
wolfSSL 15:117db924cf7c 886 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 887 }
wolfSSL 15:117db924cf7c 888
wolfSSL 16:8e0d178b1d1e 889
wolfSSL 16:8e0d178b1d1e 890 #ifndef NO_ERROR_STRINGS
wolfSSL 16:8e0d178b1d1e 891 /* places a list of all supported cipher suites in TLS_* format into "buf"
wolfSSL 16:8e0d178b1d1e 892 * return WOLFSSL_SUCCESS on success */
wolfSSL 16:8e0d178b1d1e 893 int wolfSSL_get_ciphers_iana(char* buf, int len)
wolfSSL 16:8e0d178b1d1e 894 {
wolfSSL 16:8e0d178b1d1e 895 const CipherSuiteInfo* ciphers = GetCipherNames();
wolfSSL 16:8e0d178b1d1e 896 int ciphersSz = GetCipherNamesSize();
wolfSSL 16:8e0d178b1d1e 897 int i;
wolfSSL 16:8e0d178b1d1e 898 int cipherNameSz;
wolfSSL 16:8e0d178b1d1e 899
wolfSSL 16:8e0d178b1d1e 900 if (buf == NULL || len <= 0)
wolfSSL 16:8e0d178b1d1e 901 return BAD_FUNC_ARG;
wolfSSL 16:8e0d178b1d1e 902
wolfSSL 16:8e0d178b1d1e 903 /* Add each member to the buffer delimited by a : */
wolfSSL 16:8e0d178b1d1e 904 for (i = 0; i < ciphersSz; i++) {
wolfSSL 16:8e0d178b1d1e 905 cipherNameSz = (int)XSTRLEN(ciphers[i].name_iana);
wolfSSL 16:8e0d178b1d1e 906 if (cipherNameSz + 1 < len) {
wolfSSL 16:8e0d178b1d1e 907 XSTRNCPY(buf, ciphers[i].name_iana, len);
wolfSSL 16:8e0d178b1d1e 908 buf += cipherNameSz;
wolfSSL 16:8e0d178b1d1e 909
wolfSSL 16:8e0d178b1d1e 910 if (i < ciphersSz - 1)
wolfSSL 16:8e0d178b1d1e 911 *buf++ = ':';
wolfSSL 16:8e0d178b1d1e 912 *buf = 0;
wolfSSL 16:8e0d178b1d1e 913
wolfSSL 16:8e0d178b1d1e 914 len -= cipherNameSz + 1;
wolfSSL 16:8e0d178b1d1e 915 }
wolfSSL 16:8e0d178b1d1e 916 else
wolfSSL 16:8e0d178b1d1e 917 return BUFFER_E;
wolfSSL 16:8e0d178b1d1e 918 }
wolfSSL 16:8e0d178b1d1e 919 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 920 }
wolfSSL 16:8e0d178b1d1e 921 #endif /* NO_ERROR_STRINGS */
wolfSSL 16:8e0d178b1d1e 922
wolfSSL 16:8e0d178b1d1e 923
wolfSSL 15:117db924cf7c 924 const char* wolfSSL_get_shared_ciphers(WOLFSSL* ssl, char* buf, int len)
wolfSSL 15:117db924cf7c 925 {
wolfSSL 15:117db924cf7c 926 const char* cipher;
wolfSSL 15:117db924cf7c 927
wolfSSL 15:117db924cf7c 928 if (ssl == NULL)
wolfSSL 15:117db924cf7c 929 return NULL;
wolfSSL 15:117db924cf7c 930
wolfSSL 15:117db924cf7c 931 cipher = wolfSSL_get_cipher_name_iana(ssl);
wolfSSL 15:117db924cf7c 932 len = min(len, (int)(XSTRLEN(cipher) + 1));
wolfSSL 15:117db924cf7c 933 XMEMCPY(buf, cipher, len);
wolfSSL 15:117db924cf7c 934 return buf;
wolfSSL 15:117db924cf7c 935 }
wolfSSL 15:117db924cf7c 936
wolfSSL 15:117db924cf7c 937 int wolfSSL_get_fd(const WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 938 {
wolfSSL 16:8e0d178b1d1e 939 int fd = -1;
wolfSSL 15:117db924cf7c 940 WOLFSSL_ENTER("SSL_get_fd");
wolfSSL 16:8e0d178b1d1e 941 if (ssl) {
wolfSSL 16:8e0d178b1d1e 942 fd = ssl->rfd;
wolfSSL 16:8e0d178b1d1e 943 }
wolfSSL 16:8e0d178b1d1e 944 WOLFSSL_LEAVE("SSL_get_fd", fd);
wolfSSL 16:8e0d178b1d1e 945 return fd;
wolfSSL 15:117db924cf7c 946 }
wolfSSL 15:117db924cf7c 947
wolfSSL 15:117db924cf7c 948
wolfSSL 15:117db924cf7c 949 int wolfSSL_dtls(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 950 {
wolfSSL 16:8e0d178b1d1e 951 int dtlsOpt = 0;
wolfSSL 16:8e0d178b1d1e 952 if (ssl)
wolfSSL 16:8e0d178b1d1e 953 dtlsOpt = ssl->options.dtls;
wolfSSL 16:8e0d178b1d1e 954 return dtlsOpt;
wolfSSL 16:8e0d178b1d1e 955 }
wolfSSL 16:8e0d178b1d1e 956
wolfSSL 16:8e0d178b1d1e 957 #if !defined(NO_CERTS)
wolfSSL 16:8e0d178b1d1e 958 /* Set whether mutual authentication is required for connections.
wolfSSL 16:8e0d178b1d1e 959 * Server side only.
wolfSSL 16:8e0d178b1d1e 960 *
wolfSSL 16:8e0d178b1d1e 961 * ctx The SSL/TLS CTX object.
wolfSSL 16:8e0d178b1d1e 962 * req 1 to indicate required and 0 when not.
wolfSSL 16:8e0d178b1d1e 963 * returns BAD_FUNC_ARG when ctx is NULL, SIDE_ERROR when not a server and
wolfSSL 16:8e0d178b1d1e 964 * 0 on success.
wolfSSL 16:8e0d178b1d1e 965 */
wolfSSL 16:8e0d178b1d1e 966 int wolfSSL_CTX_mutual_auth(WOLFSSL_CTX* ctx, int req)
wolfSSL 16:8e0d178b1d1e 967 {
wolfSSL 16:8e0d178b1d1e 968 if (ctx == NULL)
wolfSSL 16:8e0d178b1d1e 969 return BAD_FUNC_ARG;
wolfSSL 16:8e0d178b1d1e 970 if (ctx->method->side == WOLFSSL_CLIENT_END)
wolfSSL 16:8e0d178b1d1e 971 return SIDE_ERROR;
wolfSSL 16:8e0d178b1d1e 972
wolfSSL 16:8e0d178b1d1e 973 ctx->mutualAuth = (byte)req;
wolfSSL 16:8e0d178b1d1e 974
wolfSSL 16:8e0d178b1d1e 975 return 0;
wolfSSL 16:8e0d178b1d1e 976 }
wolfSSL 16:8e0d178b1d1e 977
wolfSSL 16:8e0d178b1d1e 978 /* Set whether mutual authentication is required for the connection.
wolfSSL 16:8e0d178b1d1e 979 * Server side only.
wolfSSL 16:8e0d178b1d1e 980 *
wolfSSL 16:8e0d178b1d1e 981 * ssl The SSL/TLS object.
wolfSSL 16:8e0d178b1d1e 982 * req 1 to indicate required and 0 when not.
wolfSSL 16:8e0d178b1d1e 983 * returns BAD_FUNC_ARG when ssl is NULL, or not using TLS v1.3,
wolfSSL 16:8e0d178b1d1e 984 * SIDE_ERROR when not a client and 0 on success.
wolfSSL 16:8e0d178b1d1e 985 */
wolfSSL 16:8e0d178b1d1e 986 int wolfSSL_mutual_auth(WOLFSSL* ssl, int req)
wolfSSL 16:8e0d178b1d1e 987 {
wolfSSL 16:8e0d178b1d1e 988 if (ssl == NULL)
wolfSSL 16:8e0d178b1d1e 989 return BAD_FUNC_ARG;
wolfSSL 16:8e0d178b1d1e 990 if (ssl->options.side == WOLFSSL_SERVER_END)
wolfSSL 16:8e0d178b1d1e 991 return SIDE_ERROR;
wolfSSL 16:8e0d178b1d1e 992
wolfSSL 16:8e0d178b1d1e 993 ssl->options.mutualAuth = (word16)req;
wolfSSL 16:8e0d178b1d1e 994
wolfSSL 16:8e0d178b1d1e 995 return 0;
wolfSSL 16:8e0d178b1d1e 996 }
wolfSSL 16:8e0d178b1d1e 997 #endif /* NO_CERTS */
wolfSSL 15:117db924cf7c 998
wolfSSL 15:117db924cf7c 999 #ifndef WOLFSSL_LEANPSK
wolfSSL 15:117db924cf7c 1000 int wolfSSL_dtls_set_peer(WOLFSSL* ssl, void* peer, unsigned int peerSz)
wolfSSL 15:117db924cf7c 1001 {
wolfSSL 15:117db924cf7c 1002 #ifdef WOLFSSL_DTLS
wolfSSL 16:8e0d178b1d1e 1003 void* sa;
wolfSSL 16:8e0d178b1d1e 1004
wolfSSL 16:8e0d178b1d1e 1005 if (ssl == NULL)
wolfSSL 16:8e0d178b1d1e 1006 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 1007
wolfSSL 16:8e0d178b1d1e 1008 sa = (void*)XMALLOC(peerSz, ssl->heap, DYNAMIC_TYPE_SOCKADDR);
wolfSSL 15:117db924cf7c 1009 if (sa != NULL) {
wolfSSL 16:8e0d178b1d1e 1010 if (ssl->buffers.dtlsCtx.peer.sa != NULL) {
wolfSSL 15:117db924cf7c 1011 XFREE(ssl->buffers.dtlsCtx.peer.sa,ssl->heap,DYNAMIC_TYPE_SOCKADDR);
wolfSSL 16:8e0d178b1d1e 1012 ssl->buffers.dtlsCtx.peer.sa = NULL;
wolfSSL 16:8e0d178b1d1e 1013 }
wolfSSL 15:117db924cf7c 1014 XMEMCPY(sa, peer, peerSz);
wolfSSL 15:117db924cf7c 1015 ssl->buffers.dtlsCtx.peer.sa = sa;
wolfSSL 15:117db924cf7c 1016 ssl->buffers.dtlsCtx.peer.sz = peerSz;
wolfSSL 15:117db924cf7c 1017 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 1018 }
wolfSSL 15:117db924cf7c 1019 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 1020 #else
wolfSSL 15:117db924cf7c 1021 (void)ssl;
wolfSSL 15:117db924cf7c 1022 (void)peer;
wolfSSL 15:117db924cf7c 1023 (void)peerSz;
wolfSSL 15:117db924cf7c 1024 return WOLFSSL_NOT_IMPLEMENTED;
wolfSSL 15:117db924cf7c 1025 #endif
wolfSSL 15:117db924cf7c 1026 }
wolfSSL 15:117db924cf7c 1027
wolfSSL 15:117db924cf7c 1028 int wolfSSL_dtls_get_peer(WOLFSSL* ssl, void* peer, unsigned int* peerSz)
wolfSSL 15:117db924cf7c 1029 {
wolfSSL 15:117db924cf7c 1030 #ifdef WOLFSSL_DTLS
wolfSSL 15:117db924cf7c 1031 if (ssl == NULL) {
wolfSSL 15:117db924cf7c 1032 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 1033 }
wolfSSL 15:117db924cf7c 1034
wolfSSL 15:117db924cf7c 1035 if (peer != NULL && peerSz != NULL
wolfSSL 15:117db924cf7c 1036 && *peerSz >= ssl->buffers.dtlsCtx.peer.sz
wolfSSL 15:117db924cf7c 1037 && ssl->buffers.dtlsCtx.peer.sa != NULL) {
wolfSSL 15:117db924cf7c 1038 *peerSz = ssl->buffers.dtlsCtx.peer.sz;
wolfSSL 15:117db924cf7c 1039 XMEMCPY(peer, ssl->buffers.dtlsCtx.peer.sa, *peerSz);
wolfSSL 15:117db924cf7c 1040 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 1041 }
wolfSSL 15:117db924cf7c 1042 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 1043 #else
wolfSSL 15:117db924cf7c 1044 (void)ssl;
wolfSSL 15:117db924cf7c 1045 (void)peer;
wolfSSL 15:117db924cf7c 1046 (void)peerSz;
wolfSSL 15:117db924cf7c 1047 return WOLFSSL_NOT_IMPLEMENTED;
wolfSSL 15:117db924cf7c 1048 #endif
wolfSSL 15:117db924cf7c 1049 }
wolfSSL 15:117db924cf7c 1050
wolfSSL 15:117db924cf7c 1051
wolfSSL 15:117db924cf7c 1052 #if defined(WOLFSSL_SCTP) && defined(WOLFSSL_DTLS)
wolfSSL 15:117db924cf7c 1053
wolfSSL 15:117db924cf7c 1054 int wolfSSL_CTX_dtls_set_sctp(WOLFSSL_CTX* ctx)
wolfSSL 15:117db924cf7c 1055 {
wolfSSL 15:117db924cf7c 1056 WOLFSSL_ENTER("wolfSSL_CTX_dtls_set_sctp()");
wolfSSL 15:117db924cf7c 1057
wolfSSL 15:117db924cf7c 1058 if (ctx == NULL)
wolfSSL 15:117db924cf7c 1059 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 1060
wolfSSL 15:117db924cf7c 1061 ctx->dtlsSctp = 1;
wolfSSL 15:117db924cf7c 1062 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 1063 }
wolfSSL 15:117db924cf7c 1064
wolfSSL 15:117db924cf7c 1065
wolfSSL 15:117db924cf7c 1066 int wolfSSL_dtls_set_sctp(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 1067 {
wolfSSL 15:117db924cf7c 1068 WOLFSSL_ENTER("wolfSSL_dtls_set_sctp()");
wolfSSL 15:117db924cf7c 1069
wolfSSL 15:117db924cf7c 1070 if (ssl == NULL)
wolfSSL 15:117db924cf7c 1071 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 1072
wolfSSL 15:117db924cf7c 1073 ssl->options.dtlsSctp = 1;
wolfSSL 15:117db924cf7c 1074 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 1075 }
wolfSSL 15:117db924cf7c 1076
wolfSSL 16:8e0d178b1d1e 1077 #endif /* WOLFSSL_DTLS && WOLFSSL_SCTP */
wolfSSL 16:8e0d178b1d1e 1078
wolfSSL 16:8e0d178b1d1e 1079 #if (defined(WOLFSSL_SCTP) || defined(WOLFSSL_DTLS_MTU)) && \
wolfSSL 16:8e0d178b1d1e 1080 defined(WOLFSSL_DTLS)
wolfSSL 15:117db924cf7c 1081
wolfSSL 15:117db924cf7c 1082 int wolfSSL_CTX_dtls_set_mtu(WOLFSSL_CTX* ctx, word16 newMtu)
wolfSSL 15:117db924cf7c 1083 {
wolfSSL 15:117db924cf7c 1084 if (ctx == NULL || newMtu > MAX_RECORD_SIZE)
wolfSSL 15:117db924cf7c 1085 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 1086
wolfSSL 15:117db924cf7c 1087 ctx->dtlsMtuSz = newMtu;
wolfSSL 15:117db924cf7c 1088 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 1089 }
wolfSSL 15:117db924cf7c 1090
wolfSSL 15:117db924cf7c 1091
wolfSSL 15:117db924cf7c 1092 int wolfSSL_dtls_set_mtu(WOLFSSL* ssl, word16 newMtu)
wolfSSL 15:117db924cf7c 1093 {
wolfSSL 15:117db924cf7c 1094 if (ssl == NULL)
wolfSSL 15:117db924cf7c 1095 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 1096
wolfSSL 15:117db924cf7c 1097 if (newMtu > MAX_RECORD_SIZE) {
wolfSSL 15:117db924cf7c 1098 ssl->error = BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 1099 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 1100 }
wolfSSL 15:117db924cf7c 1101
wolfSSL 15:117db924cf7c 1102 ssl->dtlsMtuSz = newMtu;
wolfSSL 15:117db924cf7c 1103 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 1104 }
wolfSSL 15:117db924cf7c 1105
wolfSSL 16:8e0d178b1d1e 1106 #endif /* WOLFSSL_DTLS && (WOLFSSL_SCTP || WOLFSSL_DTLS_MTU) */
wolfSSL 15:117db924cf7c 1107
wolfSSL 15:117db924cf7c 1108
wolfSSL 15:117db924cf7c 1109 #ifdef WOLFSSL_DTLS_DROP_STATS
wolfSSL 15:117db924cf7c 1110
wolfSSL 15:117db924cf7c 1111 int wolfSSL_dtls_get_drop_stats(WOLFSSL* ssl,
wolfSSL 15:117db924cf7c 1112 word32* macDropCount, word32* replayDropCount)
wolfSSL 15:117db924cf7c 1113 {
wolfSSL 15:117db924cf7c 1114 int ret;
wolfSSL 15:117db924cf7c 1115
wolfSSL 15:117db924cf7c 1116 WOLFSSL_ENTER("wolfSSL_dtls_get_drop_stats()");
wolfSSL 15:117db924cf7c 1117
wolfSSL 15:117db924cf7c 1118 if (ssl == NULL)
wolfSSL 15:117db924cf7c 1119 ret = BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 1120 else {
wolfSSL 15:117db924cf7c 1121 ret = WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 1122 if (macDropCount != NULL)
wolfSSL 15:117db924cf7c 1123 *macDropCount = ssl->macDropCount;
wolfSSL 15:117db924cf7c 1124 if (replayDropCount != NULL)
wolfSSL 15:117db924cf7c 1125 *replayDropCount = ssl->replayDropCount;
wolfSSL 15:117db924cf7c 1126 }
wolfSSL 15:117db924cf7c 1127
wolfSSL 15:117db924cf7c 1128 WOLFSSL_LEAVE("wolfSSL_dtls_get_drop_stats()", ret);
wolfSSL 15:117db924cf7c 1129 return ret;
wolfSSL 15:117db924cf7c 1130 }
wolfSSL 15:117db924cf7c 1131
wolfSSL 15:117db924cf7c 1132 #endif /* WOLFSSL_DTLS_DROP_STATS */
wolfSSL 15:117db924cf7c 1133
wolfSSL 15:117db924cf7c 1134
wolfSSL 15:117db924cf7c 1135 #if defined(WOLFSSL_MULTICAST)
wolfSSL 15:117db924cf7c 1136
wolfSSL 15:117db924cf7c 1137 int wolfSSL_CTX_mcast_set_member_id(WOLFSSL_CTX* ctx, word16 id)
wolfSSL 15:117db924cf7c 1138 {
wolfSSL 15:117db924cf7c 1139 int ret = 0;
wolfSSL 15:117db924cf7c 1140
wolfSSL 15:117db924cf7c 1141 WOLFSSL_ENTER("wolfSSL_CTX_mcast_set_member_id()");
wolfSSL 15:117db924cf7c 1142
wolfSSL 15:117db924cf7c 1143 if (ctx == NULL || id > 255)
wolfSSL 15:117db924cf7c 1144 ret = BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 1145
wolfSSL 15:117db924cf7c 1146 if (ret == 0) {
wolfSSL 15:117db924cf7c 1147 ctx->haveEMS = 0;
wolfSSL 15:117db924cf7c 1148 ctx->haveMcast = 1;
wolfSSL 16:8e0d178b1d1e 1149 ctx->mcastID = (byte)id;
wolfSSL 15:117db924cf7c 1150 #ifndef WOLFSSL_USER_IO
wolfSSL 15:117db924cf7c 1151 ctx->CBIORecv = EmbedReceiveFromMcast;
wolfSSL 15:117db924cf7c 1152 #endif /* WOLFSSL_USER_IO */
wolfSSL 16:8e0d178b1d1e 1153
wolfSSL 15:117db924cf7c 1154 ret = WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 1155 }
wolfSSL 15:117db924cf7c 1156 WOLFSSL_LEAVE("wolfSSL_CTX_mcast_set_member_id()", ret);
wolfSSL 15:117db924cf7c 1157 return ret;
wolfSSL 15:117db924cf7c 1158 }
wolfSSL 15:117db924cf7c 1159
wolfSSL 15:117db924cf7c 1160 int wolfSSL_mcast_get_max_peers(void)
wolfSSL 15:117db924cf7c 1161 {
wolfSSL 15:117db924cf7c 1162 return WOLFSSL_MULTICAST_PEERS;
wolfSSL 15:117db924cf7c 1163 }
wolfSSL 15:117db924cf7c 1164
wolfSSL 15:117db924cf7c 1165 #ifdef WOLFSSL_DTLS
wolfSSL 15:117db924cf7c 1166 static WC_INLINE word32 UpdateHighwaterMark(word32 cur, word32 first,
wolfSSL 15:117db924cf7c 1167 word32 second, word32 max)
wolfSSL 15:117db924cf7c 1168 {
wolfSSL 15:117db924cf7c 1169 word32 newCur = 0;
wolfSSL 15:117db924cf7c 1170
wolfSSL 15:117db924cf7c 1171 if (cur < first)
wolfSSL 15:117db924cf7c 1172 newCur = first;
wolfSSL 15:117db924cf7c 1173 else if (cur < second)
wolfSSL 15:117db924cf7c 1174 newCur = second;
wolfSSL 15:117db924cf7c 1175 else if (cur < max)
wolfSSL 15:117db924cf7c 1176 newCur = max;
wolfSSL 15:117db924cf7c 1177
wolfSSL 15:117db924cf7c 1178 return newCur;
wolfSSL 15:117db924cf7c 1179 }
wolfSSL 15:117db924cf7c 1180 #endif /* WOLFSSL_DTLS */
wolfSSL 15:117db924cf7c 1181
wolfSSL 15:117db924cf7c 1182
wolfSSL 15:117db924cf7c 1183 int wolfSSL_set_secret(WOLFSSL* ssl, word16 epoch,
wolfSSL 15:117db924cf7c 1184 const byte* preMasterSecret, word32 preMasterSz,
wolfSSL 15:117db924cf7c 1185 const byte* clientRandom, const byte* serverRandom,
wolfSSL 15:117db924cf7c 1186 const byte* suite)
wolfSSL 15:117db924cf7c 1187 {
wolfSSL 15:117db924cf7c 1188 int ret = 0;
wolfSSL 15:117db924cf7c 1189
wolfSSL 15:117db924cf7c 1190 WOLFSSL_ENTER("wolfSSL_set_secret()");
wolfSSL 15:117db924cf7c 1191
wolfSSL 15:117db924cf7c 1192 if (ssl == NULL || preMasterSecret == NULL ||
wolfSSL 15:117db924cf7c 1193 preMasterSz == 0 || preMasterSz > ENCRYPT_LEN ||
wolfSSL 15:117db924cf7c 1194 clientRandom == NULL || serverRandom == NULL || suite == NULL) {
wolfSSL 15:117db924cf7c 1195
wolfSSL 15:117db924cf7c 1196 ret = BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 1197 }
wolfSSL 15:117db924cf7c 1198
wolfSSL 15:117db924cf7c 1199 if (ret == 0) {
wolfSSL 15:117db924cf7c 1200 XMEMCPY(ssl->arrays->preMasterSecret, preMasterSecret, preMasterSz);
wolfSSL 15:117db924cf7c 1201 ssl->arrays->preMasterSz = preMasterSz;
wolfSSL 15:117db924cf7c 1202 XMEMCPY(ssl->arrays->clientRandom, clientRandom, RAN_LEN);
wolfSSL 15:117db924cf7c 1203 XMEMCPY(ssl->arrays->serverRandom, serverRandom, RAN_LEN);
wolfSSL 15:117db924cf7c 1204 ssl->options.cipherSuite0 = suite[0];
wolfSSL 15:117db924cf7c 1205 ssl->options.cipherSuite = suite[1];
wolfSSL 15:117db924cf7c 1206
wolfSSL 15:117db924cf7c 1207 ret = SetCipherSpecs(ssl);
wolfSSL 15:117db924cf7c 1208 }
wolfSSL 15:117db924cf7c 1209
wolfSSL 15:117db924cf7c 1210 if (ret == 0)
wolfSSL 15:117db924cf7c 1211 ret = MakeTlsMasterSecret(ssl);
wolfSSL 15:117db924cf7c 1212
wolfSSL 15:117db924cf7c 1213 if (ret == 0) {
wolfSSL 15:117db924cf7c 1214 ssl->keys.encryptionOn = 1;
wolfSSL 15:117db924cf7c 1215 ret = SetKeysSide(ssl, ENCRYPT_AND_DECRYPT_SIDE);
wolfSSL 15:117db924cf7c 1216 }
wolfSSL 15:117db924cf7c 1217
wolfSSL 15:117db924cf7c 1218 if (ret == 0) {
wolfSSL 15:117db924cf7c 1219 if (ssl->options.dtls) {
wolfSSL 15:117db924cf7c 1220 #ifdef WOLFSSL_DTLS
wolfSSL 15:117db924cf7c 1221 WOLFSSL_DTLS_PEERSEQ* peerSeq;
wolfSSL 15:117db924cf7c 1222 int i;
wolfSSL 15:117db924cf7c 1223
wolfSSL 15:117db924cf7c 1224 ssl->keys.dtls_epoch = epoch;
wolfSSL 15:117db924cf7c 1225 for (i = 0, peerSeq = ssl->keys.peerSeq;
wolfSSL 15:117db924cf7c 1226 i < WOLFSSL_DTLS_PEERSEQ_SZ;
wolfSSL 15:117db924cf7c 1227 i++, peerSeq++) {
wolfSSL 15:117db924cf7c 1228
wolfSSL 15:117db924cf7c 1229 peerSeq->nextEpoch = epoch;
wolfSSL 15:117db924cf7c 1230 peerSeq->prevSeq_lo = peerSeq->nextSeq_lo;
wolfSSL 15:117db924cf7c 1231 peerSeq->prevSeq_hi = peerSeq->nextSeq_hi;
wolfSSL 15:117db924cf7c 1232 peerSeq->nextSeq_lo = 0;
wolfSSL 15:117db924cf7c 1233 peerSeq->nextSeq_hi = 0;
wolfSSL 15:117db924cf7c 1234 XMEMCPY(peerSeq->prevWindow, peerSeq->window, DTLS_SEQ_SZ);
wolfSSL 15:117db924cf7c 1235 XMEMSET(peerSeq->window, 0, DTLS_SEQ_SZ);
wolfSSL 15:117db924cf7c 1236 peerSeq->highwaterMark = UpdateHighwaterMark(0,
wolfSSL 15:117db924cf7c 1237 ssl->ctx->mcastFirstSeq,
wolfSSL 15:117db924cf7c 1238 ssl->ctx->mcastSecondSeq,
wolfSSL 15:117db924cf7c 1239 ssl->ctx->mcastMaxSeq);
wolfSSL 15:117db924cf7c 1240 }
wolfSSL 15:117db924cf7c 1241 #else
wolfSSL 15:117db924cf7c 1242 (void)epoch;
wolfSSL 15:117db924cf7c 1243 #endif
wolfSSL 15:117db924cf7c 1244 }
wolfSSL 15:117db924cf7c 1245 FreeHandshakeResources(ssl);
wolfSSL 15:117db924cf7c 1246 ret = WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 1247 }
wolfSSL 15:117db924cf7c 1248 else {
wolfSSL 15:117db924cf7c 1249 if (ssl)
wolfSSL 15:117db924cf7c 1250 ssl->error = ret;
wolfSSL 15:117db924cf7c 1251 ret = WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 1252 }
wolfSSL 15:117db924cf7c 1253 WOLFSSL_LEAVE("wolfSSL_set_secret()", ret);
wolfSSL 15:117db924cf7c 1254 return ret;
wolfSSL 15:117db924cf7c 1255 }
wolfSSL 15:117db924cf7c 1256
wolfSSL 15:117db924cf7c 1257
wolfSSL 15:117db924cf7c 1258 #ifdef WOLFSSL_DTLS
wolfSSL 15:117db924cf7c 1259
wolfSSL 15:117db924cf7c 1260 int wolfSSL_mcast_peer_add(WOLFSSL* ssl, word16 peerId, int remove)
wolfSSL 15:117db924cf7c 1261 {
wolfSSL 15:117db924cf7c 1262 WOLFSSL_DTLS_PEERSEQ* p = NULL;
wolfSSL 15:117db924cf7c 1263 int ret = WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 1264 int i;
wolfSSL 15:117db924cf7c 1265
wolfSSL 15:117db924cf7c 1266 WOLFSSL_ENTER("wolfSSL_mcast_peer_add()");
wolfSSL 15:117db924cf7c 1267 if (ssl == NULL || peerId > 255)
wolfSSL 15:117db924cf7c 1268 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 1269
wolfSSL 15:117db924cf7c 1270 if (!remove) {
wolfSSL 15:117db924cf7c 1271 /* Make sure it isn't already present, while keeping the first
wolfSSL 15:117db924cf7c 1272 * open spot. */
wolfSSL 15:117db924cf7c 1273 for (i = 0; i < WOLFSSL_DTLS_PEERSEQ_SZ; i++) {
wolfSSL 15:117db924cf7c 1274 if (ssl->keys.peerSeq[i].peerId == INVALID_PEER_ID)
wolfSSL 15:117db924cf7c 1275 p = &ssl->keys.peerSeq[i];
wolfSSL 15:117db924cf7c 1276 if (ssl->keys.peerSeq[i].peerId == peerId) {
wolfSSL 15:117db924cf7c 1277 WOLFSSL_MSG("Peer ID already in multicast peer list.");
wolfSSL 15:117db924cf7c 1278 p = NULL;
wolfSSL 15:117db924cf7c 1279 }
wolfSSL 15:117db924cf7c 1280 }
wolfSSL 15:117db924cf7c 1281
wolfSSL 15:117db924cf7c 1282 if (p != NULL) {
wolfSSL 15:117db924cf7c 1283 XMEMSET(p, 0, sizeof(WOLFSSL_DTLS_PEERSEQ));
wolfSSL 15:117db924cf7c 1284 p->peerId = peerId;
wolfSSL 15:117db924cf7c 1285 p->highwaterMark = UpdateHighwaterMark(0,
wolfSSL 15:117db924cf7c 1286 ssl->ctx->mcastFirstSeq,
wolfSSL 15:117db924cf7c 1287 ssl->ctx->mcastSecondSeq,
wolfSSL 15:117db924cf7c 1288 ssl->ctx->mcastMaxSeq);
wolfSSL 15:117db924cf7c 1289 }
wolfSSL 15:117db924cf7c 1290 else {
wolfSSL 15:117db924cf7c 1291 WOLFSSL_MSG("No room in peer list.");
wolfSSL 15:117db924cf7c 1292 ret = -1;
wolfSSL 15:117db924cf7c 1293 }
wolfSSL 15:117db924cf7c 1294 }
wolfSSL 15:117db924cf7c 1295 else {
wolfSSL 15:117db924cf7c 1296 for (i = 0; i < WOLFSSL_DTLS_PEERSEQ_SZ; i++) {
wolfSSL 15:117db924cf7c 1297 if (ssl->keys.peerSeq[i].peerId == peerId)
wolfSSL 15:117db924cf7c 1298 p = &ssl->keys.peerSeq[i];
wolfSSL 15:117db924cf7c 1299 }
wolfSSL 15:117db924cf7c 1300
wolfSSL 15:117db924cf7c 1301 if (p != NULL) {
wolfSSL 15:117db924cf7c 1302 p->peerId = INVALID_PEER_ID;
wolfSSL 15:117db924cf7c 1303 }
wolfSSL 15:117db924cf7c 1304 else {
wolfSSL 15:117db924cf7c 1305 WOLFSSL_MSG("Peer not found in list.");
wolfSSL 15:117db924cf7c 1306 }
wolfSSL 15:117db924cf7c 1307 }
wolfSSL 15:117db924cf7c 1308
wolfSSL 15:117db924cf7c 1309 WOLFSSL_LEAVE("wolfSSL_mcast_peer_add()", ret);
wolfSSL 15:117db924cf7c 1310 return ret;
wolfSSL 15:117db924cf7c 1311 }
wolfSSL 15:117db924cf7c 1312
wolfSSL 15:117db924cf7c 1313
wolfSSL 15:117db924cf7c 1314 /* If peerId is in the list of peers and its last sequence number is non-zero,
wolfSSL 15:117db924cf7c 1315 * return 1, otherwise return 0. */
wolfSSL 15:117db924cf7c 1316 int wolfSSL_mcast_peer_known(WOLFSSL* ssl, unsigned short peerId)
wolfSSL 15:117db924cf7c 1317 {
wolfSSL 15:117db924cf7c 1318 int known = 0;
wolfSSL 15:117db924cf7c 1319 int i;
wolfSSL 15:117db924cf7c 1320
wolfSSL 15:117db924cf7c 1321 WOLFSSL_ENTER("wolfSSL_mcast_peer_known()");
wolfSSL 15:117db924cf7c 1322
wolfSSL 15:117db924cf7c 1323 if (ssl == NULL || peerId > 255) {
wolfSSL 15:117db924cf7c 1324 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 1325 }
wolfSSL 15:117db924cf7c 1326
wolfSSL 15:117db924cf7c 1327 for (i = 0; i < WOLFSSL_DTLS_PEERSEQ_SZ; i++) {
wolfSSL 15:117db924cf7c 1328 if (ssl->keys.peerSeq[i].peerId == peerId) {
wolfSSL 15:117db924cf7c 1329 if (ssl->keys.peerSeq[i].nextSeq_hi ||
wolfSSL 15:117db924cf7c 1330 ssl->keys.peerSeq[i].nextSeq_lo) {
wolfSSL 15:117db924cf7c 1331
wolfSSL 15:117db924cf7c 1332 known = 1;
wolfSSL 15:117db924cf7c 1333 }
wolfSSL 15:117db924cf7c 1334 break;
wolfSSL 15:117db924cf7c 1335 }
wolfSSL 15:117db924cf7c 1336 }
wolfSSL 15:117db924cf7c 1337
wolfSSL 15:117db924cf7c 1338 WOLFSSL_LEAVE("wolfSSL_mcast_peer_known()", known);
wolfSSL 15:117db924cf7c 1339 return known;
wolfSSL 15:117db924cf7c 1340 }
wolfSSL 15:117db924cf7c 1341
wolfSSL 15:117db924cf7c 1342
wolfSSL 15:117db924cf7c 1343 int wolfSSL_CTX_mcast_set_highwater_cb(WOLFSSL_CTX* ctx, word32 maxSeq,
wolfSSL 15:117db924cf7c 1344 word32 first, word32 second,
wolfSSL 15:117db924cf7c 1345 CallbackMcastHighwater cb)
wolfSSL 15:117db924cf7c 1346 {
wolfSSL 15:117db924cf7c 1347 if (ctx == NULL || (second && first > second) ||
wolfSSL 15:117db924cf7c 1348 first > maxSeq || second > maxSeq || cb == NULL) {
wolfSSL 15:117db924cf7c 1349
wolfSSL 15:117db924cf7c 1350 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 1351 }
wolfSSL 15:117db924cf7c 1352
wolfSSL 15:117db924cf7c 1353 ctx->mcastHwCb = cb;
wolfSSL 15:117db924cf7c 1354 ctx->mcastFirstSeq = first;
wolfSSL 15:117db924cf7c 1355 ctx->mcastSecondSeq = second;
wolfSSL 15:117db924cf7c 1356 ctx->mcastMaxSeq = maxSeq;
wolfSSL 15:117db924cf7c 1357
wolfSSL 15:117db924cf7c 1358 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 1359 }
wolfSSL 15:117db924cf7c 1360
wolfSSL 15:117db924cf7c 1361
wolfSSL 15:117db924cf7c 1362 int wolfSSL_mcast_set_highwater_ctx(WOLFSSL* ssl, void* ctx)
wolfSSL 15:117db924cf7c 1363 {
wolfSSL 15:117db924cf7c 1364 if (ssl == NULL || ctx == NULL)
wolfSSL 15:117db924cf7c 1365 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 1366
wolfSSL 15:117db924cf7c 1367 ssl->mcastHwCbCtx = ctx;
wolfSSL 15:117db924cf7c 1368
wolfSSL 15:117db924cf7c 1369 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 1370 }
wolfSSL 15:117db924cf7c 1371
wolfSSL 15:117db924cf7c 1372 #endif /* WOLFSSL_DTLS */
wolfSSL 15:117db924cf7c 1373
wolfSSL 15:117db924cf7c 1374 #endif /* WOLFSSL_MULTICAST */
wolfSSL 15:117db924cf7c 1375
wolfSSL 15:117db924cf7c 1376
wolfSSL 15:117db924cf7c 1377 #endif /* WOLFSSL_LEANPSK */
wolfSSL 15:117db924cf7c 1378
wolfSSL 15:117db924cf7c 1379
wolfSSL 15:117db924cf7c 1380 /* return underlying connect or accept, WOLFSSL_SUCCESS on ok */
wolfSSL 15:117db924cf7c 1381 int wolfSSL_negotiate(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 1382 {
wolfSSL 15:117db924cf7c 1383 int err = WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 1384
wolfSSL 15:117db924cf7c 1385 WOLFSSL_ENTER("wolfSSL_negotiate");
wolfSSL 15:117db924cf7c 1386 #ifndef NO_WOLFSSL_SERVER
wolfSSL 15:117db924cf7c 1387 if (ssl->options.side == WOLFSSL_SERVER_END) {
wolfSSL 15:117db924cf7c 1388 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 1389 if (IsAtLeastTLSv1_3(ssl->version))
wolfSSL 15:117db924cf7c 1390 err = wolfSSL_accept_TLSv13(ssl);
wolfSSL 15:117db924cf7c 1391 else
wolfSSL 15:117db924cf7c 1392 #endif
wolfSSL 15:117db924cf7c 1393 err = wolfSSL_accept(ssl);
wolfSSL 15:117db924cf7c 1394 }
wolfSSL 15:117db924cf7c 1395 #endif
wolfSSL 15:117db924cf7c 1396
wolfSSL 15:117db924cf7c 1397 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 15:117db924cf7c 1398 if (ssl->options.side == WOLFSSL_CLIENT_END) {
wolfSSL 15:117db924cf7c 1399 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 1400 if (IsAtLeastTLSv1_3(ssl->version))
wolfSSL 15:117db924cf7c 1401 err = wolfSSL_connect_TLSv13(ssl);
wolfSSL 15:117db924cf7c 1402 else
wolfSSL 15:117db924cf7c 1403 #endif
wolfSSL 15:117db924cf7c 1404 err = wolfSSL_connect(ssl);
wolfSSL 15:117db924cf7c 1405 }
wolfSSL 15:117db924cf7c 1406 #endif
wolfSSL 15:117db924cf7c 1407
wolfSSL 15:117db924cf7c 1408 (void)ssl;
wolfSSL 15:117db924cf7c 1409
wolfSSL 15:117db924cf7c 1410 WOLFSSL_LEAVE("wolfSSL_negotiate", err);
wolfSSL 15:117db924cf7c 1411
wolfSSL 15:117db924cf7c 1412 return err;
wolfSSL 15:117db924cf7c 1413 }
wolfSSL 15:117db924cf7c 1414
wolfSSL 15:117db924cf7c 1415
wolfSSL 16:8e0d178b1d1e 1416 WOLFSSL_ABI
wolfSSL 15:117db924cf7c 1417 WC_RNG* wolfSSL_GetRNG(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 1418 {
wolfSSL 15:117db924cf7c 1419 if (ssl) {
wolfSSL 15:117db924cf7c 1420 return ssl->rng;
wolfSSL 15:117db924cf7c 1421 }
wolfSSL 15:117db924cf7c 1422
wolfSSL 15:117db924cf7c 1423 return NULL;
wolfSSL 15:117db924cf7c 1424 }
wolfSSL 15:117db924cf7c 1425
wolfSSL 15:117db924cf7c 1426
wolfSSL 15:117db924cf7c 1427 #ifndef WOLFSSL_LEANPSK
wolfSSL 15:117db924cf7c 1428 /* object size based on build */
wolfSSL 15:117db924cf7c 1429 int wolfSSL_GetObjectSize(void)
wolfSSL 15:117db924cf7c 1430 {
wolfSSL 15:117db924cf7c 1431 #ifdef SHOW_SIZES
wolfSSL 16:8e0d178b1d1e 1432 printf("sizeof suites = %lu\n", (unsigned long)sizeof(Suites));
wolfSSL 16:8e0d178b1d1e 1433 printf("sizeof ciphers(2) = %lu\n", (unsigned long)sizeof(Ciphers));
wolfSSL 15:117db924cf7c 1434 #ifndef NO_RC4
wolfSSL 16:8e0d178b1d1e 1435 printf("\tsizeof arc4 = %lu\n", (unsigned long)sizeof(Arc4));
wolfSSL 16:8e0d178b1d1e 1436 #endif
wolfSSL 16:8e0d178b1d1e 1437 printf("\tsizeof aes = %lu\n", (unsigned long)sizeof(Aes));
wolfSSL 15:117db924cf7c 1438 #ifndef NO_DES3
wolfSSL 16:8e0d178b1d1e 1439 printf("\tsizeof des3 = %lu\n", (unsigned long)sizeof(Des3));
wolfSSL 15:117db924cf7c 1440 #endif
wolfSSL 15:117db924cf7c 1441 #ifndef NO_RABBIT
wolfSSL 16:8e0d178b1d1e 1442 printf("\tsizeof rabbit = %lu\n", (unsigned long)sizeof(Rabbit));
wolfSSL 15:117db924cf7c 1443 #endif
wolfSSL 15:117db924cf7c 1444 #ifdef HAVE_CHACHA
wolfSSL 16:8e0d178b1d1e 1445 printf("\tsizeof chacha = %lu\n", (unsigned long)sizeof(ChaCha));
wolfSSL 16:8e0d178b1d1e 1446 #endif
wolfSSL 16:8e0d178b1d1e 1447 printf("sizeof cipher specs = %lu\n", (unsigned long)sizeof(CipherSpecs));
wolfSSL 16:8e0d178b1d1e 1448 printf("sizeof keys = %lu\n", (unsigned long)sizeof(Keys));
wolfSSL 16:8e0d178b1d1e 1449 printf("sizeof Hashes(2) = %lu\n", (unsigned long)sizeof(Hashes));
wolfSSL 15:117db924cf7c 1450 #ifndef NO_MD5
wolfSSL 16:8e0d178b1d1e 1451 printf("\tsizeof MD5 = %lu\n", (unsigned long)sizeof(wc_Md5));
wolfSSL 15:117db924cf7c 1452 #endif
wolfSSL 15:117db924cf7c 1453 #ifndef NO_SHA
wolfSSL 16:8e0d178b1d1e 1454 printf("\tsizeof SHA = %lu\n", (unsigned long)sizeof(wc_Sha));
wolfSSL 15:117db924cf7c 1455 #endif
wolfSSL 15:117db924cf7c 1456 #ifdef WOLFSSL_SHA224
wolfSSL 16:8e0d178b1d1e 1457 printf("\tsizeof SHA224 = %lu\n", (unsigned long)sizeof(wc_Sha224));
wolfSSL 15:117db924cf7c 1458 #endif
wolfSSL 15:117db924cf7c 1459 #ifndef NO_SHA256
wolfSSL 16:8e0d178b1d1e 1460 printf("\tsizeof SHA256 = %lu\n", (unsigned long)sizeof(wc_Sha256));
wolfSSL 15:117db924cf7c 1461 #endif
wolfSSL 15:117db924cf7c 1462 #ifdef WOLFSSL_SHA384
wolfSSL 16:8e0d178b1d1e 1463 printf("\tsizeof SHA384 = %lu\n", (unsigned long)sizeof(wc_Sha384));
wolfSSL 15:117db924cf7c 1464 #endif
wolfSSL 15:117db924cf7c 1465 #ifdef WOLFSSL_SHA384
wolfSSL 16:8e0d178b1d1e 1466 printf("\tsizeof SHA512 = %lu\n", (unsigned long)sizeof(wc_Sha512));
wolfSSL 16:8e0d178b1d1e 1467 #endif
wolfSSL 16:8e0d178b1d1e 1468 printf("sizeof Buffers = %lu\n", (unsigned long)sizeof(Buffers));
wolfSSL 16:8e0d178b1d1e 1469 printf("sizeof Options = %lu\n", (unsigned long)sizeof(Options));
wolfSSL 16:8e0d178b1d1e 1470 printf("sizeof Arrays = %lu\n", (unsigned long)sizeof(Arrays));
wolfSSL 15:117db924cf7c 1471 #ifndef NO_RSA
wolfSSL 16:8e0d178b1d1e 1472 printf("sizeof RsaKey = %lu\n", (unsigned long)sizeof(RsaKey));
wolfSSL 15:117db924cf7c 1473 #endif
wolfSSL 15:117db924cf7c 1474 #ifdef HAVE_ECC
wolfSSL 16:8e0d178b1d1e 1475 printf("sizeof ecc_key = %lu\n", (unsigned long)sizeof(ecc_key));
wolfSSL 16:8e0d178b1d1e 1476 #endif
wolfSSL 16:8e0d178b1d1e 1477 printf("sizeof WOLFSSL_CIPHER = %lu\n", (unsigned long)sizeof(WOLFSSL_CIPHER));
wolfSSL 16:8e0d178b1d1e 1478 printf("sizeof WOLFSSL_SESSION = %lu\n", (unsigned long)sizeof(WOLFSSL_SESSION));
wolfSSL 16:8e0d178b1d1e 1479 printf("sizeof WOLFSSL = %lu\n", (unsigned long)sizeof(WOLFSSL));
wolfSSL 16:8e0d178b1d1e 1480 printf("sizeof WOLFSSL_CTX = %lu\n", (unsigned long)sizeof(WOLFSSL_CTX));
wolfSSL 15:117db924cf7c 1481 #endif
wolfSSL 15:117db924cf7c 1482
wolfSSL 15:117db924cf7c 1483 return sizeof(WOLFSSL);
wolfSSL 15:117db924cf7c 1484 }
wolfSSL 15:117db924cf7c 1485
wolfSSL 15:117db924cf7c 1486 int wolfSSL_CTX_GetObjectSize(void)
wolfSSL 15:117db924cf7c 1487 {
wolfSSL 15:117db924cf7c 1488 return sizeof(WOLFSSL_CTX);
wolfSSL 15:117db924cf7c 1489 }
wolfSSL 15:117db924cf7c 1490
wolfSSL 15:117db924cf7c 1491 int wolfSSL_METHOD_GetObjectSize(void)
wolfSSL 15:117db924cf7c 1492 {
wolfSSL 15:117db924cf7c 1493 return sizeof(WOLFSSL_METHOD);
wolfSSL 15:117db924cf7c 1494 }
wolfSSL 15:117db924cf7c 1495 #endif
wolfSSL 15:117db924cf7c 1496
wolfSSL 15:117db924cf7c 1497
wolfSSL 15:117db924cf7c 1498 #ifdef WOLFSSL_STATIC_MEMORY
wolfSSL 15:117db924cf7c 1499
wolfSSL 15:117db924cf7c 1500 int wolfSSL_CTX_load_static_memory(WOLFSSL_CTX** ctx, wolfSSL_method_func method,
wolfSSL 15:117db924cf7c 1501 unsigned char* buf, unsigned int sz,
wolfSSL 15:117db924cf7c 1502 int flag, int max)
wolfSSL 15:117db924cf7c 1503 {
wolfSSL 15:117db924cf7c 1504 WOLFSSL_HEAP* heap;
wolfSSL 15:117db924cf7c 1505 WOLFSSL_HEAP_HINT* hint;
wolfSSL 15:117db924cf7c 1506 word32 idx = 0;
wolfSSL 15:117db924cf7c 1507
wolfSSL 15:117db924cf7c 1508 if (ctx == NULL || buf == NULL) {
wolfSSL 15:117db924cf7c 1509 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 1510 }
wolfSSL 15:117db924cf7c 1511
wolfSSL 15:117db924cf7c 1512 if (*ctx == NULL && method == NULL) {
wolfSSL 15:117db924cf7c 1513 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 1514 }
wolfSSL 15:117db924cf7c 1515
wolfSSL 15:117db924cf7c 1516 if (*ctx == NULL || (*ctx)->heap == NULL) {
wolfSSL 15:117db924cf7c 1517 if (sizeof(WOLFSSL_HEAP) + sizeof(WOLFSSL_HEAP_HINT) > sz - idx) {
wolfSSL 15:117db924cf7c 1518 return BUFFER_E; /* not enough memory for structures */
wolfSSL 15:117db924cf7c 1519 }
wolfSSL 15:117db924cf7c 1520 heap = (WOLFSSL_HEAP*)buf;
wolfSSL 15:117db924cf7c 1521 idx += sizeof(WOLFSSL_HEAP);
wolfSSL 15:117db924cf7c 1522 if (wolfSSL_init_memory_heap(heap) != 0) {
wolfSSL 15:117db924cf7c 1523 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 1524 }
wolfSSL 15:117db924cf7c 1525 hint = (WOLFSSL_HEAP_HINT*)(buf + idx);
wolfSSL 15:117db924cf7c 1526 idx += sizeof(WOLFSSL_HEAP_HINT);
wolfSSL 15:117db924cf7c 1527 XMEMSET(hint, 0, sizeof(WOLFSSL_HEAP_HINT));
wolfSSL 15:117db924cf7c 1528 hint->memory = heap;
wolfSSL 15:117db924cf7c 1529
wolfSSL 15:117db924cf7c 1530 if (*ctx && (*ctx)->heap == NULL) {
wolfSSL 15:117db924cf7c 1531 (*ctx)->heap = (void*)hint;
wolfSSL 15:117db924cf7c 1532 }
wolfSSL 15:117db924cf7c 1533 }
wolfSSL 15:117db924cf7c 1534 else {
wolfSSL 15:117db924cf7c 1535 #ifdef WOLFSSL_HEAP_TEST
wolfSSL 15:117db924cf7c 1536 /* do not load in memory if test has been set */
wolfSSL 15:117db924cf7c 1537 if ((*ctx)->heap == (void*)WOLFSSL_HEAP_TEST) {
wolfSSL 15:117db924cf7c 1538 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 1539 }
wolfSSL 15:117db924cf7c 1540 #endif
wolfSSL 15:117db924cf7c 1541 hint = (WOLFSSL_HEAP_HINT*)((*ctx)->heap);
wolfSSL 15:117db924cf7c 1542 heap = hint->memory;
wolfSSL 15:117db924cf7c 1543 }
wolfSSL 15:117db924cf7c 1544
wolfSSL 15:117db924cf7c 1545 if (wolfSSL_load_static_memory(buf + idx, sz - idx, flag, heap) != 1) {
wolfSSL 15:117db924cf7c 1546 WOLFSSL_MSG("Error partitioning memory");
wolfSSL 15:117db924cf7c 1547 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 1548 }
wolfSSL 15:117db924cf7c 1549
wolfSSL 15:117db924cf7c 1550 /* create ctx if needed */
wolfSSL 15:117db924cf7c 1551 if (*ctx == NULL) {
wolfSSL 15:117db924cf7c 1552 *ctx = wolfSSL_CTX_new_ex(method(hint), hint);
wolfSSL 15:117db924cf7c 1553 if (*ctx == NULL) {
wolfSSL 15:117db924cf7c 1554 WOLFSSL_MSG("Error creating ctx");
wolfSSL 15:117db924cf7c 1555 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 1556 }
wolfSSL 15:117db924cf7c 1557 }
wolfSSL 15:117db924cf7c 1558
wolfSSL 15:117db924cf7c 1559 /* determine what max applies too */
wolfSSL 15:117db924cf7c 1560 if (flag & WOLFMEM_IO_POOL || flag & WOLFMEM_IO_POOL_FIXED) {
wolfSSL 15:117db924cf7c 1561 heap->maxIO = max;
wolfSSL 15:117db924cf7c 1562 }
wolfSSL 15:117db924cf7c 1563 else { /* general memory used in handshakes */
wolfSSL 15:117db924cf7c 1564 heap->maxHa = max;
wolfSSL 15:117db924cf7c 1565 }
wolfSSL 15:117db924cf7c 1566
wolfSSL 15:117db924cf7c 1567 heap->flag |= flag;
wolfSSL 15:117db924cf7c 1568
wolfSSL 15:117db924cf7c 1569 (void)max;
wolfSSL 15:117db924cf7c 1570 (void)method;
wolfSSL 15:117db924cf7c 1571
wolfSSL 15:117db924cf7c 1572 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 1573 }
wolfSSL 15:117db924cf7c 1574
wolfSSL 15:117db924cf7c 1575
wolfSSL 15:117db924cf7c 1576 int wolfSSL_is_static_memory(WOLFSSL* ssl, WOLFSSL_MEM_CONN_STATS* mem_stats)
wolfSSL 15:117db924cf7c 1577 {
wolfSSL 15:117db924cf7c 1578 if (ssl == NULL) {
wolfSSL 15:117db924cf7c 1579 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 1580 }
wolfSSL 15:117db924cf7c 1581 WOLFSSL_ENTER("wolfSSL_is_static_memory");
wolfSSL 15:117db924cf7c 1582
wolfSSL 15:117db924cf7c 1583 /* fill out statistics if wanted and WOLFMEM_TRACK_STATS flag */
wolfSSL 15:117db924cf7c 1584 if (mem_stats != NULL && ssl->heap != NULL) {
wolfSSL 15:117db924cf7c 1585 WOLFSSL_HEAP_HINT* hint = ((WOLFSSL_HEAP_HINT*)(ssl->heap));
wolfSSL 15:117db924cf7c 1586 WOLFSSL_HEAP* heap = hint->memory;
wolfSSL 15:117db924cf7c 1587 if (heap->flag & WOLFMEM_TRACK_STATS && hint->stats != NULL) {
wolfSSL 15:117db924cf7c 1588 XMEMCPY(mem_stats, hint->stats, sizeof(WOLFSSL_MEM_CONN_STATS));
wolfSSL 15:117db924cf7c 1589 }
wolfSSL 15:117db924cf7c 1590 }
wolfSSL 15:117db924cf7c 1591
wolfSSL 15:117db924cf7c 1592 return (ssl->heap) ? 1 : 0;
wolfSSL 15:117db924cf7c 1593 }
wolfSSL 15:117db924cf7c 1594
wolfSSL 15:117db924cf7c 1595
wolfSSL 15:117db924cf7c 1596 int wolfSSL_CTX_is_static_memory(WOLFSSL_CTX* ctx, WOLFSSL_MEM_STATS* mem_stats)
wolfSSL 15:117db924cf7c 1597 {
wolfSSL 15:117db924cf7c 1598 if (ctx == NULL) {
wolfSSL 15:117db924cf7c 1599 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 1600 }
wolfSSL 15:117db924cf7c 1601 WOLFSSL_ENTER("wolfSSL_CTX_is_static_memory");
wolfSSL 15:117db924cf7c 1602
wolfSSL 15:117db924cf7c 1603 /* fill out statistics if wanted */
wolfSSL 15:117db924cf7c 1604 if (mem_stats != NULL && ctx->heap != NULL) {
wolfSSL 15:117db924cf7c 1605 WOLFSSL_HEAP* heap = ((WOLFSSL_HEAP_HINT*)(ctx->heap))->memory;
wolfSSL 15:117db924cf7c 1606 if (wolfSSL_GetMemStats(heap, mem_stats) != 1) {
wolfSSL 15:117db924cf7c 1607 return MEMORY_E;
wolfSSL 15:117db924cf7c 1608 }
wolfSSL 15:117db924cf7c 1609 }
wolfSSL 15:117db924cf7c 1610
wolfSSL 15:117db924cf7c 1611 return (ctx->heap) ? 1 : 0;
wolfSSL 15:117db924cf7c 1612 }
wolfSSL 15:117db924cf7c 1613
wolfSSL 15:117db924cf7c 1614 #endif /* WOLFSSL_STATIC_MEMORY */
wolfSSL 15:117db924cf7c 1615
wolfSSL 15:117db924cf7c 1616
wolfSSL 15:117db924cf7c 1617 /* return max record layer size plaintext input size */
wolfSSL 15:117db924cf7c 1618 int wolfSSL_GetMaxOutputSize(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 1619 {
wolfSSL 15:117db924cf7c 1620 WOLFSSL_ENTER("wolfSSL_GetMaxOutputSize");
wolfSSL 15:117db924cf7c 1621
wolfSSL 15:117db924cf7c 1622 if (ssl == NULL)
wolfSSL 15:117db924cf7c 1623 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 1624
wolfSSL 15:117db924cf7c 1625 if (ssl->options.handShakeState != HANDSHAKE_DONE) {
wolfSSL 15:117db924cf7c 1626 WOLFSSL_MSG("Handshake not complete yet");
wolfSSL 15:117db924cf7c 1627 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 1628 }
wolfSSL 15:117db924cf7c 1629
wolfSSL 15:117db924cf7c 1630 return wolfSSL_GetMaxRecordSize(ssl, OUTPUT_RECORD_SIZE);
wolfSSL 15:117db924cf7c 1631 }
wolfSSL 15:117db924cf7c 1632
wolfSSL 15:117db924cf7c 1633
wolfSSL 15:117db924cf7c 1634 /* return record layer size of plaintext input size */
wolfSSL 15:117db924cf7c 1635 int wolfSSL_GetOutputSize(WOLFSSL* ssl, int inSz)
wolfSSL 15:117db924cf7c 1636 {
wolfSSL 15:117db924cf7c 1637 int maxSize;
wolfSSL 15:117db924cf7c 1638
wolfSSL 15:117db924cf7c 1639 WOLFSSL_ENTER("wolfSSL_GetOutputSize");
wolfSSL 15:117db924cf7c 1640
wolfSSL 15:117db924cf7c 1641 if (inSz < 0)
wolfSSL 15:117db924cf7c 1642 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 1643
wolfSSL 15:117db924cf7c 1644 maxSize = wolfSSL_GetMaxOutputSize(ssl);
wolfSSL 15:117db924cf7c 1645 if (maxSize < 0)
wolfSSL 15:117db924cf7c 1646 return maxSize; /* error */
wolfSSL 15:117db924cf7c 1647 if (inSz > maxSize)
wolfSSL 15:117db924cf7c 1648 return INPUT_SIZE_E;
wolfSSL 15:117db924cf7c 1649
wolfSSL 15:117db924cf7c 1650 return BuildMessage(ssl, NULL, 0, NULL, inSz, application_data, 0, 1, 0);
wolfSSL 15:117db924cf7c 1651 }
wolfSSL 15:117db924cf7c 1652
wolfSSL 15:117db924cf7c 1653
wolfSSL 15:117db924cf7c 1654 #ifdef HAVE_ECC
wolfSSL 15:117db924cf7c 1655 int wolfSSL_CTX_SetMinEccKey_Sz(WOLFSSL_CTX* ctx, short keySz)
wolfSSL 15:117db924cf7c 1656 {
wolfSSL 15:117db924cf7c 1657 if (ctx == NULL || keySz < 0 || keySz % 8 != 0) {
wolfSSL 16:8e0d178b1d1e 1658 WOLFSSL_MSG("Key size must be divisible by 8 or ctx was null");
wolfSSL 15:117db924cf7c 1659 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 1660 }
wolfSSL 15:117db924cf7c 1661
wolfSSL 15:117db924cf7c 1662 ctx->minEccKeySz = keySz / 8;
wolfSSL 15:117db924cf7c 1663 #ifndef NO_CERTS
wolfSSL 15:117db924cf7c 1664 ctx->cm->minEccKeySz = keySz / 8;
wolfSSL 15:117db924cf7c 1665 #endif
wolfSSL 15:117db924cf7c 1666 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 1667 }
wolfSSL 15:117db924cf7c 1668
wolfSSL 15:117db924cf7c 1669
wolfSSL 15:117db924cf7c 1670 int wolfSSL_SetMinEccKey_Sz(WOLFSSL* ssl, short keySz)
wolfSSL 15:117db924cf7c 1671 {
wolfSSL 15:117db924cf7c 1672 if (ssl == NULL || keySz < 0 || keySz % 8 != 0) {
wolfSSL 16:8e0d178b1d1e 1673 WOLFSSL_MSG("Key size must be divisible by 8 or ssl was null");
wolfSSL 15:117db924cf7c 1674 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 1675 }
wolfSSL 15:117db924cf7c 1676
wolfSSL 15:117db924cf7c 1677 ssl->options.minEccKeySz = keySz / 8;
wolfSSL 15:117db924cf7c 1678 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 1679 }
wolfSSL 15:117db924cf7c 1680
wolfSSL 15:117db924cf7c 1681 #endif /* !NO_RSA */
wolfSSL 15:117db924cf7c 1682
wolfSSL 15:117db924cf7c 1683 #ifndef NO_RSA
wolfSSL 15:117db924cf7c 1684 int wolfSSL_CTX_SetMinRsaKey_Sz(WOLFSSL_CTX* ctx, short keySz)
wolfSSL 15:117db924cf7c 1685 {
wolfSSL 15:117db924cf7c 1686 if (ctx == NULL || keySz < 0 || keySz % 8 != 0) {
wolfSSL 16:8e0d178b1d1e 1687 WOLFSSL_MSG("Key size must be divisible by 8 or ctx was null");
wolfSSL 15:117db924cf7c 1688 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 1689 }
wolfSSL 15:117db924cf7c 1690
wolfSSL 15:117db924cf7c 1691 ctx->minRsaKeySz = keySz / 8;
wolfSSL 15:117db924cf7c 1692 ctx->cm->minRsaKeySz = keySz / 8;
wolfSSL 15:117db924cf7c 1693 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 1694 }
wolfSSL 15:117db924cf7c 1695
wolfSSL 15:117db924cf7c 1696
wolfSSL 15:117db924cf7c 1697 int wolfSSL_SetMinRsaKey_Sz(WOLFSSL* ssl, short keySz)
wolfSSL 15:117db924cf7c 1698 {
wolfSSL 15:117db924cf7c 1699 if (ssl == NULL || keySz < 0 || keySz % 8 != 0) {
wolfSSL 16:8e0d178b1d1e 1700 WOLFSSL_MSG("Key size must be divisible by 8 or ssl was null");
wolfSSL 15:117db924cf7c 1701 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 1702 }
wolfSSL 15:117db924cf7c 1703
wolfSSL 15:117db924cf7c 1704 ssl->options.minRsaKeySz = keySz / 8;
wolfSSL 15:117db924cf7c 1705 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 1706 }
wolfSSL 15:117db924cf7c 1707 #endif /* !NO_RSA */
wolfSSL 15:117db924cf7c 1708
wolfSSL 15:117db924cf7c 1709 #ifndef NO_DH
wolfSSL 15:117db924cf7c 1710 /* server Diffie-Hellman parameters, WOLFSSL_SUCCESS on ok */
wolfSSL 15:117db924cf7c 1711 int wolfSSL_SetTmpDH(WOLFSSL* ssl, const unsigned char* p, int pSz,
wolfSSL 15:117db924cf7c 1712 const unsigned char* g, int gSz)
wolfSSL 15:117db924cf7c 1713 {
wolfSSL 15:117db924cf7c 1714 WOLFSSL_ENTER("wolfSSL_SetTmpDH");
wolfSSL 16:8e0d178b1d1e 1715
wolfSSL 16:8e0d178b1d1e 1716 if (ssl == NULL || p == NULL || g == NULL)
wolfSSL 16:8e0d178b1d1e 1717 return BAD_FUNC_ARG;
wolfSSL 16:8e0d178b1d1e 1718
wolfSSL 16:8e0d178b1d1e 1719 if ((word16)pSz < ssl->options.minDhKeySz)
wolfSSL 16:8e0d178b1d1e 1720 return DH_KEY_SIZE_E;
wolfSSL 16:8e0d178b1d1e 1721 if ((word16)pSz > ssl->options.maxDhKeySz)
wolfSSL 15:117db924cf7c 1722 return DH_KEY_SIZE_E;
wolfSSL 16:8e0d178b1d1e 1723
wolfSSL 16:8e0d178b1d1e 1724 /* this function is for server only */
wolfSSL 16:8e0d178b1d1e 1725 if (ssl->options.side == WOLFSSL_CLIENT_END)
wolfSSL 15:117db924cf7c 1726 return SIDE_ERROR;
wolfSSL 15:117db924cf7c 1727
wolfSSL 16:8e0d178b1d1e 1728 #if !defined(WOLFSSL_OLD_PRIME_CHECK) && !defined(HAVE_FIPS) && \
wolfSSL 16:8e0d178b1d1e 1729 !defined(HAVE_SELFTEST)
wolfSSL 16:8e0d178b1d1e 1730 ssl->options.dhKeyTested = 0;
wolfSSL 16:8e0d178b1d1e 1731 ssl->options.dhDoKeyTest = 1;
wolfSSL 16:8e0d178b1d1e 1732 #endif
wolfSSL 16:8e0d178b1d1e 1733
wolfSSL 15:117db924cf7c 1734 if (ssl->buffers.serverDH_P.buffer && ssl->buffers.weOwnDH) {
wolfSSL 15:117db924cf7c 1735 XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 15:117db924cf7c 1736 ssl->buffers.serverDH_P.buffer = NULL;
wolfSSL 15:117db924cf7c 1737 }
wolfSSL 15:117db924cf7c 1738 if (ssl->buffers.serverDH_G.buffer && ssl->buffers.weOwnDH) {
wolfSSL 15:117db924cf7c 1739 XFREE(ssl->buffers.serverDH_G.buffer, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 15:117db924cf7c 1740 ssl->buffers.serverDH_G.buffer = NULL;
wolfSSL 15:117db924cf7c 1741 }
wolfSSL 15:117db924cf7c 1742
wolfSSL 15:117db924cf7c 1743 ssl->buffers.weOwnDH = 1; /* SSL owns now */
wolfSSL 15:117db924cf7c 1744 ssl->buffers.serverDH_P.buffer = (byte*)XMALLOC(pSz, ssl->heap,
wolfSSL 15:117db924cf7c 1745 DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 15:117db924cf7c 1746 if (ssl->buffers.serverDH_P.buffer == NULL)
wolfSSL 15:117db924cf7c 1747 return MEMORY_E;
wolfSSL 15:117db924cf7c 1748
wolfSSL 15:117db924cf7c 1749 ssl->buffers.serverDH_G.buffer = (byte*)XMALLOC(gSz, ssl->heap,
wolfSSL 15:117db924cf7c 1750 DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 15:117db924cf7c 1751 if (ssl->buffers.serverDH_G.buffer == NULL) {
wolfSSL 15:117db924cf7c 1752 XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 15:117db924cf7c 1753 ssl->buffers.serverDH_P.buffer = NULL;
wolfSSL 15:117db924cf7c 1754 return MEMORY_E;
wolfSSL 15:117db924cf7c 1755 }
wolfSSL 15:117db924cf7c 1756
wolfSSL 15:117db924cf7c 1757 ssl->buffers.serverDH_P.length = pSz;
wolfSSL 15:117db924cf7c 1758 ssl->buffers.serverDH_G.length = gSz;
wolfSSL 15:117db924cf7c 1759
wolfSSL 15:117db924cf7c 1760 XMEMCPY(ssl->buffers.serverDH_P.buffer, p, pSz);
wolfSSL 15:117db924cf7c 1761 XMEMCPY(ssl->buffers.serverDH_G.buffer, g, gSz);
wolfSSL 15:117db924cf7c 1762
wolfSSL 15:117db924cf7c 1763 ssl->options.haveDH = 1;
wolfSSL 16:8e0d178b1d1e 1764
wolfSSL 16:8e0d178b1d1e 1765 if (ssl->options.side != WOLFSSL_NEITHER_END) {
wolfSSL 16:8e0d178b1d1e 1766 word16 havePSK;
wolfSSL 16:8e0d178b1d1e 1767 word16 haveRSA;
wolfSSL 16:8e0d178b1d1e 1768 int keySz = 0;
wolfSSL 16:8e0d178b1d1e 1769
wolfSSL 15:117db924cf7c 1770 #ifndef NO_PSK
wolfSSL 15:117db924cf7c 1771 havePSK = ssl->options.havePSK;
wolfSSL 16:8e0d178b1d1e 1772 #else
wolfSSL 16:8e0d178b1d1e 1773 havePSK = 0;
wolfSSL 15:117db924cf7c 1774 #endif
wolfSSL 15:117db924cf7c 1775 #ifdef NO_RSA
wolfSSL 15:117db924cf7c 1776 haveRSA = 0;
wolfSSL 16:8e0d178b1d1e 1777 #else
wolfSSL 16:8e0d178b1d1e 1778 haveRSA = 1;
wolfSSL 15:117db924cf7c 1779 #endif
wolfSSL 15:117db924cf7c 1780 #ifndef NO_CERTS
wolfSSL 15:117db924cf7c 1781 keySz = ssl->buffers.keySz;
wolfSSL 15:117db924cf7c 1782 #endif
wolfSSL 16:8e0d178b1d1e 1783 InitSuites(ssl->suites, ssl->version, keySz, haveRSA, havePSK,
wolfSSL 16:8e0d178b1d1e 1784 ssl->options.haveDH, ssl->options.haveNTRU,
wolfSSL 16:8e0d178b1d1e 1785 ssl->options.haveECDSAsig, ssl->options.haveECC,
wolfSSL 16:8e0d178b1d1e 1786 ssl->options.haveStaticECC, ssl->options.side);
wolfSSL 16:8e0d178b1d1e 1787 }
wolfSSL 15:117db924cf7c 1788
wolfSSL 15:117db924cf7c 1789 WOLFSSL_LEAVE("wolfSSL_SetTmpDH", 0);
wolfSSL 16:8e0d178b1d1e 1790
wolfSSL 16:8e0d178b1d1e 1791 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 1792 }
wolfSSL 16:8e0d178b1d1e 1793
wolfSSL 16:8e0d178b1d1e 1794
wolfSSL 16:8e0d178b1d1e 1795 #if !defined(WOLFSSL_OLD_PRIME_CHECK) && !defined(HAVE_FIPS) && \
wolfSSL 16:8e0d178b1d1e 1796 !defined(HAVE_SELFTEST)
wolfSSL 16:8e0d178b1d1e 1797 /* Enables or disables the session's DH key prime test. */
wolfSSL 16:8e0d178b1d1e 1798 int wolfSSL_SetEnableDhKeyTest(WOLFSSL* ssl, int enable)
wolfSSL 16:8e0d178b1d1e 1799 {
wolfSSL 16:8e0d178b1d1e 1800 WOLFSSL_ENTER("wolfSSL_SetEnableDhKeyTest");
wolfSSL 16:8e0d178b1d1e 1801
wolfSSL 16:8e0d178b1d1e 1802 if (ssl == NULL)
wolfSSL 16:8e0d178b1d1e 1803 return BAD_FUNC_ARG;
wolfSSL 16:8e0d178b1d1e 1804
wolfSSL 16:8e0d178b1d1e 1805 if (!enable)
wolfSSL 16:8e0d178b1d1e 1806 ssl->options.dhDoKeyTest = 0;
wolfSSL 16:8e0d178b1d1e 1807 else
wolfSSL 16:8e0d178b1d1e 1808 ssl->options.dhDoKeyTest = 1;
wolfSSL 16:8e0d178b1d1e 1809
wolfSSL 16:8e0d178b1d1e 1810 WOLFSSL_LEAVE("wolfSSL_SetEnableDhKeyTest", WOLFSSL_SUCCESS);
wolfSSL 16:8e0d178b1d1e 1811 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 1812 }
wolfSSL 16:8e0d178b1d1e 1813 #endif
wolfSSL 16:8e0d178b1d1e 1814
wolfSSL 15:117db924cf7c 1815
wolfSSL 15:117db924cf7c 1816 /* server ctx Diffie-Hellman parameters, WOLFSSL_SUCCESS on ok */
wolfSSL 15:117db924cf7c 1817 int wolfSSL_CTX_SetTmpDH(WOLFSSL_CTX* ctx, const unsigned char* p, int pSz,
wolfSSL 15:117db924cf7c 1818 const unsigned char* g, int gSz)
wolfSSL 15:117db924cf7c 1819 {
wolfSSL 15:117db924cf7c 1820 WOLFSSL_ENTER("wolfSSL_CTX_SetTmpDH");
wolfSSL 15:117db924cf7c 1821 if (ctx == NULL || p == NULL || g == NULL) return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 1822
wolfSSL 16:8e0d178b1d1e 1823 if ((word16)pSz < ctx->minDhKeySz)
wolfSSL 16:8e0d178b1d1e 1824 return DH_KEY_SIZE_E;
wolfSSL 16:8e0d178b1d1e 1825 if ((word16)pSz > ctx->maxDhKeySz)
wolfSSL 15:117db924cf7c 1826 return DH_KEY_SIZE_E;
wolfSSL 16:8e0d178b1d1e 1827
wolfSSL 16:8e0d178b1d1e 1828 #if !defined(WOLFSSL_OLD_PRIME_CHECK) && !defined(HAVE_FIPS) && \
wolfSSL 16:8e0d178b1d1e 1829 !defined(HAVE_SELFTEST)
wolfSSL 16:8e0d178b1d1e 1830 {
wolfSSL 16:8e0d178b1d1e 1831 DhKey checkKey;
wolfSSL 16:8e0d178b1d1e 1832 WC_RNG rng;
wolfSSL 16:8e0d178b1d1e 1833 int error, freeKey = 0;
wolfSSL 16:8e0d178b1d1e 1834
wolfSSL 16:8e0d178b1d1e 1835 error = wc_InitRng(&rng);
wolfSSL 16:8e0d178b1d1e 1836 if (!error)
wolfSSL 16:8e0d178b1d1e 1837 error = wc_InitDhKey(&checkKey);
wolfSSL 16:8e0d178b1d1e 1838 if (!error) {
wolfSSL 16:8e0d178b1d1e 1839 freeKey = 1;
wolfSSL 16:8e0d178b1d1e 1840 error = wc_DhSetCheckKey(&checkKey,
wolfSSL 16:8e0d178b1d1e 1841 p, pSz, g, gSz, NULL, 0, 0, &rng);
wolfSSL 16:8e0d178b1d1e 1842 }
wolfSSL 16:8e0d178b1d1e 1843 if (freeKey)
wolfSSL 16:8e0d178b1d1e 1844 wc_FreeDhKey(&checkKey);
wolfSSL 16:8e0d178b1d1e 1845 wc_FreeRng(&rng);
wolfSSL 16:8e0d178b1d1e 1846 if (error)
wolfSSL 16:8e0d178b1d1e 1847 return error;
wolfSSL 16:8e0d178b1d1e 1848
wolfSSL 16:8e0d178b1d1e 1849 ctx->dhKeyTested = 1;
wolfSSL 16:8e0d178b1d1e 1850 }
wolfSSL 16:8e0d178b1d1e 1851 #endif
wolfSSL 15:117db924cf7c 1852
wolfSSL 15:117db924cf7c 1853 XFREE(ctx->serverDH_P.buffer, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 16:8e0d178b1d1e 1854 ctx->serverDH_P.buffer = NULL;
wolfSSL 15:117db924cf7c 1855 XFREE(ctx->serverDH_G.buffer, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 16:8e0d178b1d1e 1856 ctx->serverDH_G.buffer = NULL;
wolfSSL 15:117db924cf7c 1857
wolfSSL 15:117db924cf7c 1858 ctx->serverDH_P.buffer = (byte*)XMALLOC(pSz, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 15:117db924cf7c 1859 if (ctx->serverDH_P.buffer == NULL)
wolfSSL 15:117db924cf7c 1860 return MEMORY_E;
wolfSSL 15:117db924cf7c 1861
wolfSSL 15:117db924cf7c 1862 ctx->serverDH_G.buffer = (byte*)XMALLOC(gSz, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 15:117db924cf7c 1863 if (ctx->serverDH_G.buffer == NULL) {
wolfSSL 15:117db924cf7c 1864 XFREE(ctx->serverDH_P.buffer, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 16:8e0d178b1d1e 1865 ctx->serverDH_P.buffer = NULL;
wolfSSL 15:117db924cf7c 1866 return MEMORY_E;
wolfSSL 15:117db924cf7c 1867 }
wolfSSL 15:117db924cf7c 1868
wolfSSL 15:117db924cf7c 1869 ctx->serverDH_P.length = pSz;
wolfSSL 15:117db924cf7c 1870 ctx->serverDH_G.length = gSz;
wolfSSL 15:117db924cf7c 1871
wolfSSL 15:117db924cf7c 1872 XMEMCPY(ctx->serverDH_P.buffer, p, pSz);
wolfSSL 15:117db924cf7c 1873 XMEMCPY(ctx->serverDH_G.buffer, g, gSz);
wolfSSL 15:117db924cf7c 1874
wolfSSL 15:117db924cf7c 1875 ctx->haveDH = 1;
wolfSSL 15:117db924cf7c 1876
wolfSSL 15:117db924cf7c 1877 WOLFSSL_LEAVE("wolfSSL_CTX_SetTmpDH", 0);
wolfSSL 15:117db924cf7c 1878 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 1879 }
wolfSSL 15:117db924cf7c 1880
wolfSSL 15:117db924cf7c 1881
wolfSSL 15:117db924cf7c 1882 int wolfSSL_CTX_SetMinDhKey_Sz(WOLFSSL_CTX* ctx, word16 keySz)
wolfSSL 15:117db924cf7c 1883 {
wolfSSL 15:117db924cf7c 1884 if (ctx == NULL || keySz > 16000 || keySz % 8 != 0)
wolfSSL 15:117db924cf7c 1885 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 1886
wolfSSL 15:117db924cf7c 1887 ctx->minDhKeySz = keySz / 8;
wolfSSL 15:117db924cf7c 1888 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 1889 }
wolfSSL 15:117db924cf7c 1890
wolfSSL 15:117db924cf7c 1891
wolfSSL 15:117db924cf7c 1892 int wolfSSL_SetMinDhKey_Sz(WOLFSSL* ssl, word16 keySz)
wolfSSL 15:117db924cf7c 1893 {
wolfSSL 15:117db924cf7c 1894 if (ssl == NULL || keySz > 16000 || keySz % 8 != 0)
wolfSSL 15:117db924cf7c 1895 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 1896
wolfSSL 15:117db924cf7c 1897 ssl->options.minDhKeySz = keySz / 8;
wolfSSL 15:117db924cf7c 1898 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 1899 }
wolfSSL 15:117db924cf7c 1900
wolfSSL 15:117db924cf7c 1901
wolfSSL 15:117db924cf7c 1902 int wolfSSL_CTX_SetMaxDhKey_Sz(WOLFSSL_CTX* ctx, word16 keySz)
wolfSSL 15:117db924cf7c 1903 {
wolfSSL 15:117db924cf7c 1904 if (ctx == NULL || keySz > 16000 || keySz % 8 != 0)
wolfSSL 15:117db924cf7c 1905 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 1906
wolfSSL 15:117db924cf7c 1907 ctx->maxDhKeySz = keySz / 8;
wolfSSL 15:117db924cf7c 1908 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 1909 }
wolfSSL 15:117db924cf7c 1910
wolfSSL 15:117db924cf7c 1911
wolfSSL 15:117db924cf7c 1912 int wolfSSL_SetMaxDhKey_Sz(WOLFSSL* ssl, word16 keySz)
wolfSSL 15:117db924cf7c 1913 {
wolfSSL 15:117db924cf7c 1914 if (ssl == NULL || keySz > 16000 || keySz % 8 != 0)
wolfSSL 15:117db924cf7c 1915 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 1916
wolfSSL 15:117db924cf7c 1917 ssl->options.maxDhKeySz = keySz / 8;
wolfSSL 15:117db924cf7c 1918 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 1919 }
wolfSSL 15:117db924cf7c 1920
wolfSSL 15:117db924cf7c 1921
wolfSSL 15:117db924cf7c 1922 int wolfSSL_GetDhKey_Sz(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 1923 {
wolfSSL 15:117db924cf7c 1924 if (ssl == NULL)
wolfSSL 15:117db924cf7c 1925 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 1926
wolfSSL 15:117db924cf7c 1927 return (ssl->options.dhKeySz * 8);
wolfSSL 15:117db924cf7c 1928 }
wolfSSL 15:117db924cf7c 1929
wolfSSL 15:117db924cf7c 1930 #endif /* !NO_DH */
wolfSSL 15:117db924cf7c 1931
wolfSSL 15:117db924cf7c 1932
wolfSSL 16:8e0d178b1d1e 1933 WOLFSSL_ABI
wolfSSL 15:117db924cf7c 1934 int wolfSSL_write(WOLFSSL* ssl, const void* data, int sz)
wolfSSL 15:117db924cf7c 1935 {
wolfSSL 15:117db924cf7c 1936 int ret;
wolfSSL 15:117db924cf7c 1937
wolfSSL 15:117db924cf7c 1938 WOLFSSL_ENTER("SSL_write()");
wolfSSL 15:117db924cf7c 1939
wolfSSL 15:117db924cf7c 1940 if (ssl == NULL || data == NULL || sz < 0)
wolfSSL 15:117db924cf7c 1941 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 1942
wolfSSL 15:117db924cf7c 1943 #ifdef WOLFSSL_EARLY_DATA
wolfSSL 15:117db924cf7c 1944 if (ssl->earlyData != no_early_data && (ret = wolfSSL_negotiate(ssl)) < 0) {
wolfSSL 15:117db924cf7c 1945 ssl->error = ret;
wolfSSL 15:117db924cf7c 1946 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 1947 }
wolfSSL 15:117db924cf7c 1948 ssl->earlyData = no_early_data;
wolfSSL 15:117db924cf7c 1949 #endif
wolfSSL 15:117db924cf7c 1950
wolfSSL 15:117db924cf7c 1951 #ifdef HAVE_WRITE_DUP
wolfSSL 15:117db924cf7c 1952 { /* local variable scope */
wolfSSL 15:117db924cf7c 1953 int dupErr = 0; /* local copy */
wolfSSL 15:117db924cf7c 1954
wolfSSL 15:117db924cf7c 1955 ret = 0;
wolfSSL 15:117db924cf7c 1956
wolfSSL 15:117db924cf7c 1957 if (ssl->dupWrite && ssl->dupSide == READ_DUP_SIDE) {
wolfSSL 15:117db924cf7c 1958 WOLFSSL_MSG("Read dup side cannot write");
wolfSSL 15:117db924cf7c 1959 return WRITE_DUP_WRITE_E;
wolfSSL 15:117db924cf7c 1960 }
wolfSSL 15:117db924cf7c 1961 if (ssl->dupWrite) {
wolfSSL 15:117db924cf7c 1962 if (wc_LockMutex(&ssl->dupWrite->dupMutex) != 0) {
wolfSSL 15:117db924cf7c 1963 return BAD_MUTEX_E;
wolfSSL 15:117db924cf7c 1964 }
wolfSSL 15:117db924cf7c 1965 dupErr = ssl->dupWrite->dupErr;
wolfSSL 15:117db924cf7c 1966 ret = wc_UnLockMutex(&ssl->dupWrite->dupMutex);
wolfSSL 15:117db924cf7c 1967 }
wolfSSL 15:117db924cf7c 1968
wolfSSL 15:117db924cf7c 1969 if (ret != 0) {
wolfSSL 15:117db924cf7c 1970 ssl->error = ret; /* high priority fatal error */
wolfSSL 15:117db924cf7c 1971 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 1972 }
wolfSSL 15:117db924cf7c 1973 if (dupErr != 0) {
wolfSSL 15:117db924cf7c 1974 WOLFSSL_MSG("Write dup error from other side");
wolfSSL 15:117db924cf7c 1975 ssl->error = dupErr;
wolfSSL 15:117db924cf7c 1976 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 1977 }
wolfSSL 15:117db924cf7c 1978 }
wolfSSL 15:117db924cf7c 1979 #endif
wolfSSL 15:117db924cf7c 1980
wolfSSL 15:117db924cf7c 1981 #ifdef HAVE_ERRNO_H
wolfSSL 15:117db924cf7c 1982 errno = 0;
wolfSSL 15:117db924cf7c 1983 #endif
wolfSSL 15:117db924cf7c 1984
wolfSSL 15:117db924cf7c 1985 #ifdef OPENSSL_EXTRA
wolfSSL 15:117db924cf7c 1986 if (ssl->CBIS != NULL) {
wolfSSL 15:117db924cf7c 1987 ssl->CBIS(ssl, SSL_CB_WRITE, SSL_SUCCESS);
wolfSSL 15:117db924cf7c 1988 ssl->cbmode = SSL_CB_WRITE;
wolfSSL 15:117db924cf7c 1989 }
wolfSSL 15:117db924cf7c 1990 #endif
wolfSSL 15:117db924cf7c 1991 ret = SendData(ssl, data, sz);
wolfSSL 15:117db924cf7c 1992
wolfSSL 15:117db924cf7c 1993 WOLFSSL_LEAVE("SSL_write()", ret);
wolfSSL 15:117db924cf7c 1994
wolfSSL 15:117db924cf7c 1995 if (ret < 0)
wolfSSL 15:117db924cf7c 1996 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 1997 else
wolfSSL 15:117db924cf7c 1998 return ret;
wolfSSL 15:117db924cf7c 1999 }
wolfSSL 15:117db924cf7c 2000
wolfSSL 15:117db924cf7c 2001 static int wolfSSL_read_internal(WOLFSSL* ssl, void* data, int sz, int peek)
wolfSSL 15:117db924cf7c 2002 {
wolfSSL 15:117db924cf7c 2003 int ret;
wolfSSL 15:117db924cf7c 2004
wolfSSL 15:117db924cf7c 2005 WOLFSSL_ENTER("wolfSSL_read_internal()");
wolfSSL 15:117db924cf7c 2006
wolfSSL 15:117db924cf7c 2007 if (ssl == NULL || data == NULL || sz < 0)
wolfSSL 15:117db924cf7c 2008 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 2009
wolfSSL 15:117db924cf7c 2010 #ifdef HAVE_WRITE_DUP
wolfSSL 15:117db924cf7c 2011 if (ssl->dupWrite && ssl->dupSide == WRITE_DUP_SIDE) {
wolfSSL 15:117db924cf7c 2012 WOLFSSL_MSG("Write dup side cannot read");
wolfSSL 15:117db924cf7c 2013 return WRITE_DUP_READ_E;
wolfSSL 15:117db924cf7c 2014 }
wolfSSL 15:117db924cf7c 2015 #endif
wolfSSL 15:117db924cf7c 2016
wolfSSL 15:117db924cf7c 2017 #ifdef HAVE_ERRNO_H
wolfSSL 15:117db924cf7c 2018 errno = 0;
wolfSSL 15:117db924cf7c 2019 #endif
wolfSSL 15:117db924cf7c 2020
wolfSSL 15:117db924cf7c 2021 #ifdef WOLFSSL_DTLS
wolfSSL 15:117db924cf7c 2022 if (ssl->options.dtls) {
wolfSSL 15:117db924cf7c 2023 ssl->dtls_expected_rx = max(sz + 100, MAX_MTU);
wolfSSL 15:117db924cf7c 2024 #ifdef WOLFSSL_SCTP
wolfSSL 15:117db924cf7c 2025 if (ssl->options.dtlsSctp)
wolfSSL 16:8e0d178b1d1e 2026 #endif
wolfSSL 16:8e0d178b1d1e 2027 #if defined(WOLLSSL_SCTP) || defined(WOLFSSL_DTLS_MTU)
wolfSSL 15:117db924cf7c 2028 ssl->dtls_expected_rx = max(ssl->dtls_expected_rx, ssl->dtlsMtuSz);
wolfSSL 15:117db924cf7c 2029 #endif
wolfSSL 15:117db924cf7c 2030 }
wolfSSL 15:117db924cf7c 2031 #endif
wolfSSL 15:117db924cf7c 2032
wolfSSL 15:117db924cf7c 2033 sz = wolfSSL_GetMaxRecordSize(ssl, sz);
wolfSSL 15:117db924cf7c 2034
wolfSSL 15:117db924cf7c 2035 ret = ReceiveData(ssl, (byte*)data, sz, peek);
wolfSSL 15:117db924cf7c 2036
wolfSSL 15:117db924cf7c 2037 #ifdef HAVE_WRITE_DUP
wolfSSL 15:117db924cf7c 2038 if (ssl->dupWrite) {
wolfSSL 15:117db924cf7c 2039 if (ssl->error != 0 && ssl->error != WANT_READ
wolfSSL 15:117db924cf7c 2040 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 15:117db924cf7c 2041 && ssl->error != WC_PENDING_E
wolfSSL 15:117db924cf7c 2042 #endif
wolfSSL 15:117db924cf7c 2043 ) {
wolfSSL 15:117db924cf7c 2044 int notifyErr;
wolfSSL 15:117db924cf7c 2045
wolfSSL 15:117db924cf7c 2046 WOLFSSL_MSG("Notifying write side of fatal read error");
wolfSSL 15:117db924cf7c 2047 notifyErr = NotifyWriteSide(ssl, ssl->error);
wolfSSL 15:117db924cf7c 2048 if (notifyErr < 0) {
wolfSSL 15:117db924cf7c 2049 ret = ssl->error = notifyErr;
wolfSSL 15:117db924cf7c 2050 }
wolfSSL 15:117db924cf7c 2051 }
wolfSSL 15:117db924cf7c 2052 }
wolfSSL 15:117db924cf7c 2053 #endif
wolfSSL 15:117db924cf7c 2054
wolfSSL 15:117db924cf7c 2055 WOLFSSL_LEAVE("wolfSSL_read_internal()", ret);
wolfSSL 15:117db924cf7c 2056
wolfSSL 15:117db924cf7c 2057 if (ret < 0)
wolfSSL 15:117db924cf7c 2058 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 2059 else
wolfSSL 15:117db924cf7c 2060 return ret;
wolfSSL 15:117db924cf7c 2061 }
wolfSSL 15:117db924cf7c 2062
wolfSSL 15:117db924cf7c 2063
wolfSSL 15:117db924cf7c 2064 int wolfSSL_peek(WOLFSSL* ssl, void* data, int sz)
wolfSSL 15:117db924cf7c 2065 {
wolfSSL 15:117db924cf7c 2066 WOLFSSL_ENTER("wolfSSL_peek()");
wolfSSL 15:117db924cf7c 2067
wolfSSL 15:117db924cf7c 2068 return wolfSSL_read_internal(ssl, data, sz, TRUE);
wolfSSL 15:117db924cf7c 2069 }
wolfSSL 15:117db924cf7c 2070
wolfSSL 15:117db924cf7c 2071
wolfSSL 16:8e0d178b1d1e 2072 WOLFSSL_ABI
wolfSSL 15:117db924cf7c 2073 int wolfSSL_read(WOLFSSL* ssl, void* data, int sz)
wolfSSL 15:117db924cf7c 2074 {
wolfSSL 15:117db924cf7c 2075 WOLFSSL_ENTER("wolfSSL_read()");
wolfSSL 15:117db924cf7c 2076
wolfSSL 15:117db924cf7c 2077 #ifdef OPENSSL_EXTRA
wolfSSL 15:117db924cf7c 2078 if (ssl->CBIS != NULL) {
wolfSSL 15:117db924cf7c 2079 ssl->CBIS(ssl, SSL_CB_READ, SSL_SUCCESS);
wolfSSL 15:117db924cf7c 2080 ssl->cbmode = SSL_CB_READ;
wolfSSL 15:117db924cf7c 2081 }
wolfSSL 15:117db924cf7c 2082 #endif
wolfSSL 15:117db924cf7c 2083 return wolfSSL_read_internal(ssl, data, sz, FALSE);
wolfSSL 15:117db924cf7c 2084 }
wolfSSL 15:117db924cf7c 2085
wolfSSL 15:117db924cf7c 2086
wolfSSL 15:117db924cf7c 2087 #ifdef WOLFSSL_MULTICAST
wolfSSL 15:117db924cf7c 2088
wolfSSL 15:117db924cf7c 2089 int wolfSSL_mcast_read(WOLFSSL* ssl, word16* id, void* data, int sz)
wolfSSL 15:117db924cf7c 2090 {
wolfSSL 15:117db924cf7c 2091 int ret = 0;
wolfSSL 15:117db924cf7c 2092
wolfSSL 15:117db924cf7c 2093 WOLFSSL_ENTER("wolfSSL_mcast_read()");
wolfSSL 15:117db924cf7c 2094
wolfSSL 15:117db924cf7c 2095 if (ssl == NULL)
wolfSSL 15:117db924cf7c 2096 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 2097
wolfSSL 15:117db924cf7c 2098 ret = wolfSSL_read_internal(ssl, data, sz, FALSE);
wolfSSL 15:117db924cf7c 2099 if (ssl->options.dtls && ssl->options.haveMcast && id != NULL)
wolfSSL 15:117db924cf7c 2100 *id = ssl->keys.curPeerId;
wolfSSL 15:117db924cf7c 2101 return ret;
wolfSSL 15:117db924cf7c 2102 }
wolfSSL 15:117db924cf7c 2103
wolfSSL 15:117db924cf7c 2104 #endif /* WOLFSSL_MULTICAST */
wolfSSL 15:117db924cf7c 2105
wolfSSL 15:117db924cf7c 2106
wolfSSL 15:117db924cf7c 2107 /* helpers to set the device id, WOLFSSL_SUCCESS on ok */
wolfSSL 16:8e0d178b1d1e 2108 WOLFSSL_ABI
wolfSSL 15:117db924cf7c 2109 int wolfSSL_SetDevId(WOLFSSL* ssl, int devId)
wolfSSL 15:117db924cf7c 2110 {
wolfSSL 15:117db924cf7c 2111 if (ssl == NULL)
wolfSSL 15:117db924cf7c 2112 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 2113
wolfSSL 15:117db924cf7c 2114 ssl->devId = devId;
wolfSSL 15:117db924cf7c 2115
wolfSSL 15:117db924cf7c 2116 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 2117 }
wolfSSL 16:8e0d178b1d1e 2118
wolfSSL 16:8e0d178b1d1e 2119 WOLFSSL_ABI
wolfSSL 15:117db924cf7c 2120 int wolfSSL_CTX_SetDevId(WOLFSSL_CTX* ctx, int devId)
wolfSSL 15:117db924cf7c 2121 {
wolfSSL 15:117db924cf7c 2122 if (ctx == NULL)
wolfSSL 15:117db924cf7c 2123 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 2124
wolfSSL 15:117db924cf7c 2125 ctx->devId = devId;
wolfSSL 15:117db924cf7c 2126
wolfSSL 15:117db924cf7c 2127 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 2128 }
wolfSSL 15:117db924cf7c 2129
wolfSSL 15:117db924cf7c 2130 /* helpers to get device id and heap */
wolfSSL 16:8e0d178b1d1e 2131 WOLFSSL_ABI
wolfSSL 15:117db924cf7c 2132 int wolfSSL_CTX_GetDevId(WOLFSSL_CTX* ctx, WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 2133 {
wolfSSL 15:117db924cf7c 2134 int devId = INVALID_DEVID;
wolfSSL 15:117db924cf7c 2135 if (ctx != NULL)
wolfSSL 15:117db924cf7c 2136 devId = ctx->devId;
wolfSSL 15:117db924cf7c 2137 else if (ssl != NULL)
wolfSSL 15:117db924cf7c 2138 devId = ssl->devId;
wolfSSL 15:117db924cf7c 2139 return devId;
wolfSSL 15:117db924cf7c 2140 }
wolfSSL 15:117db924cf7c 2141 void* wolfSSL_CTX_GetHeap(WOLFSSL_CTX* ctx, WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 2142 {
wolfSSL 15:117db924cf7c 2143 void* heap = NULL;
wolfSSL 15:117db924cf7c 2144 if (ctx != NULL)
wolfSSL 15:117db924cf7c 2145 heap = ctx->heap;
wolfSSL 15:117db924cf7c 2146 else if (ssl != NULL)
wolfSSL 15:117db924cf7c 2147 heap = ssl->heap;
wolfSSL 15:117db924cf7c 2148 return heap;
wolfSSL 15:117db924cf7c 2149 }
wolfSSL 15:117db924cf7c 2150
wolfSSL 15:117db924cf7c 2151
wolfSSL 15:117db924cf7c 2152 #ifdef HAVE_SNI
wolfSSL 15:117db924cf7c 2153
wolfSSL 16:8e0d178b1d1e 2154 WOLFSSL_ABI
wolfSSL 15:117db924cf7c 2155 int wolfSSL_UseSNI(WOLFSSL* ssl, byte type, const void* data, word16 size)
wolfSSL 15:117db924cf7c 2156 {
wolfSSL 15:117db924cf7c 2157 if (ssl == NULL)
wolfSSL 15:117db924cf7c 2158 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 2159
wolfSSL 15:117db924cf7c 2160 return TLSX_UseSNI(&ssl->extensions, type, data, size, ssl->heap);
wolfSSL 15:117db924cf7c 2161 }
wolfSSL 15:117db924cf7c 2162
wolfSSL 15:117db924cf7c 2163
wolfSSL 16:8e0d178b1d1e 2164 WOLFSSL_ABI
wolfSSL 15:117db924cf7c 2165 int wolfSSL_CTX_UseSNI(WOLFSSL_CTX* ctx, byte type, const void* data,
wolfSSL 15:117db924cf7c 2166 word16 size)
wolfSSL 15:117db924cf7c 2167 {
wolfSSL 15:117db924cf7c 2168 if (ctx == NULL)
wolfSSL 15:117db924cf7c 2169 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 2170
wolfSSL 15:117db924cf7c 2171 return TLSX_UseSNI(&ctx->extensions, type, data, size, ctx->heap);
wolfSSL 15:117db924cf7c 2172 }
wolfSSL 15:117db924cf7c 2173
wolfSSL 15:117db924cf7c 2174 #ifndef NO_WOLFSSL_SERVER
wolfSSL 15:117db924cf7c 2175
wolfSSL 15:117db924cf7c 2176 void wolfSSL_SNI_SetOptions(WOLFSSL* ssl, byte type, byte options)
wolfSSL 15:117db924cf7c 2177 {
wolfSSL 15:117db924cf7c 2178 if (ssl && ssl->extensions)
wolfSSL 15:117db924cf7c 2179 TLSX_SNI_SetOptions(ssl->extensions, type, options);
wolfSSL 15:117db924cf7c 2180 }
wolfSSL 15:117db924cf7c 2181
wolfSSL 15:117db924cf7c 2182
wolfSSL 15:117db924cf7c 2183 void wolfSSL_CTX_SNI_SetOptions(WOLFSSL_CTX* ctx, byte type, byte options)
wolfSSL 15:117db924cf7c 2184 {
wolfSSL 15:117db924cf7c 2185 if (ctx && ctx->extensions)
wolfSSL 15:117db924cf7c 2186 TLSX_SNI_SetOptions(ctx->extensions, type, options);
wolfSSL 15:117db924cf7c 2187 }
wolfSSL 15:117db924cf7c 2188
wolfSSL 15:117db924cf7c 2189
wolfSSL 15:117db924cf7c 2190 byte wolfSSL_SNI_Status(WOLFSSL* ssl, byte type)
wolfSSL 15:117db924cf7c 2191 {
wolfSSL 15:117db924cf7c 2192 return TLSX_SNI_Status(ssl ? ssl->extensions : NULL, type);
wolfSSL 15:117db924cf7c 2193 }
wolfSSL 15:117db924cf7c 2194
wolfSSL 15:117db924cf7c 2195
wolfSSL 15:117db924cf7c 2196 word16 wolfSSL_SNI_GetRequest(WOLFSSL* ssl, byte type, void** data)
wolfSSL 15:117db924cf7c 2197 {
wolfSSL 15:117db924cf7c 2198 if (data)
wolfSSL 15:117db924cf7c 2199 *data = NULL;
wolfSSL 15:117db924cf7c 2200
wolfSSL 15:117db924cf7c 2201 if (ssl && ssl->extensions)
wolfSSL 15:117db924cf7c 2202 return TLSX_SNI_GetRequest(ssl->extensions, type, data);
wolfSSL 15:117db924cf7c 2203
wolfSSL 15:117db924cf7c 2204 return 0;
wolfSSL 15:117db924cf7c 2205 }
wolfSSL 15:117db924cf7c 2206
wolfSSL 15:117db924cf7c 2207
wolfSSL 15:117db924cf7c 2208 int wolfSSL_SNI_GetFromBuffer(const byte* clientHello, word32 helloSz,
wolfSSL 15:117db924cf7c 2209 byte type, byte* sni, word32* inOutSz)
wolfSSL 15:117db924cf7c 2210 {
wolfSSL 15:117db924cf7c 2211 if (clientHello && helloSz > 0 && sni && inOutSz && *inOutSz > 0)
wolfSSL 15:117db924cf7c 2212 return TLSX_SNI_GetFromBuffer(clientHello, helloSz, type, sni, inOutSz);
wolfSSL 15:117db924cf7c 2213
wolfSSL 15:117db924cf7c 2214 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 2215 }
wolfSSL 15:117db924cf7c 2216
wolfSSL 15:117db924cf7c 2217 #endif /* NO_WOLFSSL_SERVER */
wolfSSL 15:117db924cf7c 2218
wolfSSL 15:117db924cf7c 2219 #endif /* HAVE_SNI */
wolfSSL 15:117db924cf7c 2220
wolfSSL 15:117db924cf7c 2221
wolfSSL 16:8e0d178b1d1e 2222 #ifdef HAVE_TRUSTED_CA
wolfSSL 16:8e0d178b1d1e 2223
wolfSSL 16:8e0d178b1d1e 2224 WOLFSSL_API int wolfSSL_UseTrustedCA(WOLFSSL* ssl, byte type,
wolfSSL 16:8e0d178b1d1e 2225 const byte* certId, word32 certIdSz)
wolfSSL 16:8e0d178b1d1e 2226 {
wolfSSL 16:8e0d178b1d1e 2227 if (ssl == NULL)
wolfSSL 16:8e0d178b1d1e 2228 return BAD_FUNC_ARG;
wolfSSL 16:8e0d178b1d1e 2229
wolfSSL 16:8e0d178b1d1e 2230 if (type == WOLFSSL_TRUSTED_CA_PRE_AGREED) {
wolfSSL 16:8e0d178b1d1e 2231 if (certId != NULL || certIdSz != 0)
wolfSSL 16:8e0d178b1d1e 2232 return BAD_FUNC_ARG;
wolfSSL 16:8e0d178b1d1e 2233 }
wolfSSL 16:8e0d178b1d1e 2234 else if (type == WOLFSSL_TRUSTED_CA_X509_NAME) {
wolfSSL 16:8e0d178b1d1e 2235 if (certId == NULL || certIdSz == 0)
wolfSSL 16:8e0d178b1d1e 2236 return BAD_FUNC_ARG;
wolfSSL 16:8e0d178b1d1e 2237 }
wolfSSL 16:8e0d178b1d1e 2238 #ifndef NO_SHA
wolfSSL 16:8e0d178b1d1e 2239 else if (type == WOLFSSL_TRUSTED_CA_KEY_SHA1 ||
wolfSSL 16:8e0d178b1d1e 2240 type == WOLFSSL_TRUSTED_CA_CERT_SHA1) {
wolfSSL 16:8e0d178b1d1e 2241 if (certId == NULL || certIdSz != WC_SHA_DIGEST_SIZE)
wolfSSL 16:8e0d178b1d1e 2242 return BAD_FUNC_ARG;
wolfSSL 16:8e0d178b1d1e 2243 }
wolfSSL 16:8e0d178b1d1e 2244 #endif
wolfSSL 16:8e0d178b1d1e 2245 else
wolfSSL 16:8e0d178b1d1e 2246 return BAD_FUNC_ARG;
wolfSSL 16:8e0d178b1d1e 2247
wolfSSL 16:8e0d178b1d1e 2248 return TLSX_UseTrustedCA(&ssl->extensions,
wolfSSL 16:8e0d178b1d1e 2249 type, certId, certIdSz, ssl->heap);
wolfSSL 16:8e0d178b1d1e 2250 }
wolfSSL 16:8e0d178b1d1e 2251
wolfSSL 16:8e0d178b1d1e 2252 #endif /* HAVE_TRUSTED_CA */
wolfSSL 16:8e0d178b1d1e 2253
wolfSSL 16:8e0d178b1d1e 2254
wolfSSL 15:117db924cf7c 2255 #ifdef HAVE_MAX_FRAGMENT
wolfSSL 15:117db924cf7c 2256 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 15:117db924cf7c 2257
wolfSSL 15:117db924cf7c 2258 int wolfSSL_UseMaxFragment(WOLFSSL* ssl, byte mfl)
wolfSSL 15:117db924cf7c 2259 {
wolfSSL 15:117db924cf7c 2260 if (ssl == NULL)
wolfSSL 15:117db924cf7c 2261 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 2262
wolfSSL 16:8e0d178b1d1e 2263 #ifdef WOLFSSL_ALLOW_MAX_FRAGMENT_ADJUST
wolfSSL 16:8e0d178b1d1e 2264 /* The following is a non-standard way to reconfigure the max packet size
wolfSSL 16:8e0d178b1d1e 2265 post-handshake for wolfSSL_write/woflSSL_read */
wolfSSL 16:8e0d178b1d1e 2266 if (ssl->options.handShakeState == HANDSHAKE_DONE) {
wolfSSL 16:8e0d178b1d1e 2267 switch (mfl) {
wolfSSL 16:8e0d178b1d1e 2268 case WOLFSSL_MFL_2_8 : ssl->max_fragment = 256; break;
wolfSSL 16:8e0d178b1d1e 2269 case WOLFSSL_MFL_2_9 : ssl->max_fragment = 512; break;
wolfSSL 16:8e0d178b1d1e 2270 case WOLFSSL_MFL_2_10: ssl->max_fragment = 1024; break;
wolfSSL 16:8e0d178b1d1e 2271 case WOLFSSL_MFL_2_11: ssl->max_fragment = 2048; break;
wolfSSL 16:8e0d178b1d1e 2272 case WOLFSSL_MFL_2_12: ssl->max_fragment = 4096; break;
wolfSSL 16:8e0d178b1d1e 2273 case WOLFSSL_MFL_2_13: ssl->max_fragment = 8192; break;
wolfSSL 16:8e0d178b1d1e 2274 default: ssl->max_fragment = MAX_RECORD_SIZE; break;
wolfSSL 16:8e0d178b1d1e 2275 }
wolfSSL 16:8e0d178b1d1e 2276 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 2277 }
wolfSSL 16:8e0d178b1d1e 2278 #endif /* WOLFSSL_MAX_FRAGMENT_ADJUST */
wolfSSL 16:8e0d178b1d1e 2279
wolfSSL 16:8e0d178b1d1e 2280 /* This call sets the max fragment TLS extension, which gets sent to server.
wolfSSL 16:8e0d178b1d1e 2281 The server_hello response is what sets the `ssl->max_fragment` in
wolfSSL 16:8e0d178b1d1e 2282 TLSX_MFL_Parse */
wolfSSL 15:117db924cf7c 2283 return TLSX_UseMaxFragment(&ssl->extensions, mfl, ssl->heap);
wolfSSL 15:117db924cf7c 2284 }
wolfSSL 15:117db924cf7c 2285
wolfSSL 15:117db924cf7c 2286
wolfSSL 15:117db924cf7c 2287 int wolfSSL_CTX_UseMaxFragment(WOLFSSL_CTX* ctx, byte mfl)
wolfSSL 15:117db924cf7c 2288 {
wolfSSL 15:117db924cf7c 2289 if (ctx == NULL)
wolfSSL 15:117db924cf7c 2290 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 2291
wolfSSL 15:117db924cf7c 2292 return TLSX_UseMaxFragment(&ctx->extensions, mfl, ctx->heap);
wolfSSL 15:117db924cf7c 2293 }
wolfSSL 15:117db924cf7c 2294
wolfSSL 15:117db924cf7c 2295 #endif /* NO_WOLFSSL_CLIENT */
wolfSSL 15:117db924cf7c 2296 #endif /* HAVE_MAX_FRAGMENT */
wolfSSL 15:117db924cf7c 2297
wolfSSL 15:117db924cf7c 2298 #ifdef HAVE_TRUNCATED_HMAC
wolfSSL 15:117db924cf7c 2299 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 15:117db924cf7c 2300
wolfSSL 15:117db924cf7c 2301 int wolfSSL_UseTruncatedHMAC(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 2302 {
wolfSSL 15:117db924cf7c 2303 if (ssl == NULL)
wolfSSL 15:117db924cf7c 2304 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 2305
wolfSSL 15:117db924cf7c 2306 return TLSX_UseTruncatedHMAC(&ssl->extensions, ssl->heap);
wolfSSL 15:117db924cf7c 2307 }
wolfSSL 15:117db924cf7c 2308
wolfSSL 15:117db924cf7c 2309
wolfSSL 15:117db924cf7c 2310 int wolfSSL_CTX_UseTruncatedHMAC(WOLFSSL_CTX* ctx)
wolfSSL 15:117db924cf7c 2311 {
wolfSSL 15:117db924cf7c 2312 if (ctx == NULL)
wolfSSL 15:117db924cf7c 2313 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 2314
wolfSSL 15:117db924cf7c 2315 return TLSX_UseTruncatedHMAC(&ctx->extensions, ctx->heap);
wolfSSL 15:117db924cf7c 2316 }
wolfSSL 15:117db924cf7c 2317
wolfSSL 15:117db924cf7c 2318 #endif /* NO_WOLFSSL_CLIENT */
wolfSSL 15:117db924cf7c 2319 #endif /* HAVE_TRUNCATED_HMAC */
wolfSSL 15:117db924cf7c 2320
wolfSSL 15:117db924cf7c 2321 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST
wolfSSL 15:117db924cf7c 2322
wolfSSL 15:117db924cf7c 2323 int wolfSSL_UseOCSPStapling(WOLFSSL* ssl, byte status_type, byte options)
wolfSSL 15:117db924cf7c 2324 {
wolfSSL 15:117db924cf7c 2325 if (ssl == NULL || ssl->options.side != WOLFSSL_CLIENT_END)
wolfSSL 15:117db924cf7c 2326 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 2327
wolfSSL 15:117db924cf7c 2328 return TLSX_UseCertificateStatusRequest(&ssl->extensions, status_type,
wolfSSL 15:117db924cf7c 2329 options, NULL, ssl->heap, ssl->devId);
wolfSSL 15:117db924cf7c 2330 }
wolfSSL 15:117db924cf7c 2331
wolfSSL 15:117db924cf7c 2332
wolfSSL 15:117db924cf7c 2333 int wolfSSL_CTX_UseOCSPStapling(WOLFSSL_CTX* ctx, byte status_type,
wolfSSL 15:117db924cf7c 2334 byte options)
wolfSSL 15:117db924cf7c 2335 {
wolfSSL 15:117db924cf7c 2336 if (ctx == NULL || ctx->method->side != WOLFSSL_CLIENT_END)
wolfSSL 15:117db924cf7c 2337 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 2338
wolfSSL 15:117db924cf7c 2339 return TLSX_UseCertificateStatusRequest(&ctx->extensions, status_type,
wolfSSL 15:117db924cf7c 2340 options, NULL, ctx->heap, ctx->devId);
wolfSSL 15:117db924cf7c 2341 }
wolfSSL 15:117db924cf7c 2342
wolfSSL 15:117db924cf7c 2343 #endif /* HAVE_CERTIFICATE_STATUS_REQUEST */
wolfSSL 15:117db924cf7c 2344
wolfSSL 15:117db924cf7c 2345 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
wolfSSL 15:117db924cf7c 2346
wolfSSL 15:117db924cf7c 2347 int wolfSSL_UseOCSPStaplingV2(WOLFSSL* ssl, byte status_type, byte options)
wolfSSL 15:117db924cf7c 2348 {
wolfSSL 15:117db924cf7c 2349 if (ssl == NULL || ssl->options.side != WOLFSSL_CLIENT_END)
wolfSSL 15:117db924cf7c 2350 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 2351
wolfSSL 15:117db924cf7c 2352 return TLSX_UseCertificateStatusRequestV2(&ssl->extensions, status_type,
wolfSSL 15:117db924cf7c 2353 options, ssl->heap, ssl->devId);
wolfSSL 15:117db924cf7c 2354 }
wolfSSL 15:117db924cf7c 2355
wolfSSL 15:117db924cf7c 2356
wolfSSL 15:117db924cf7c 2357 int wolfSSL_CTX_UseOCSPStaplingV2(WOLFSSL_CTX* ctx, byte status_type,
wolfSSL 15:117db924cf7c 2358 byte options)
wolfSSL 15:117db924cf7c 2359 {
wolfSSL 15:117db924cf7c 2360 if (ctx == NULL || ctx->method->side != WOLFSSL_CLIENT_END)
wolfSSL 15:117db924cf7c 2361 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 2362
wolfSSL 15:117db924cf7c 2363 return TLSX_UseCertificateStatusRequestV2(&ctx->extensions, status_type,
wolfSSL 15:117db924cf7c 2364 options, ctx->heap, ctx->devId);
wolfSSL 15:117db924cf7c 2365 }
wolfSSL 15:117db924cf7c 2366
wolfSSL 15:117db924cf7c 2367 #endif /* HAVE_CERTIFICATE_STATUS_REQUEST_V2 */
wolfSSL 15:117db924cf7c 2368
wolfSSL 15:117db924cf7c 2369 /* Elliptic Curves */
wolfSSL 16:8e0d178b1d1e 2370 #if defined(HAVE_SUPPORTED_CURVES) && !defined(NO_WOLFSSL_CLIENT)
wolfSSL 15:117db924cf7c 2371
wolfSSL 15:117db924cf7c 2372 int wolfSSL_UseSupportedCurve(WOLFSSL* ssl, word16 name)
wolfSSL 15:117db924cf7c 2373 {
wolfSSL 15:117db924cf7c 2374 if (ssl == NULL)
wolfSSL 15:117db924cf7c 2375 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 2376
wolfSSL 15:117db924cf7c 2377 switch (name) {
wolfSSL 15:117db924cf7c 2378 case WOLFSSL_ECC_SECP160K1:
wolfSSL 15:117db924cf7c 2379 case WOLFSSL_ECC_SECP160R1:
wolfSSL 15:117db924cf7c 2380 case WOLFSSL_ECC_SECP160R2:
wolfSSL 15:117db924cf7c 2381 case WOLFSSL_ECC_SECP192K1:
wolfSSL 15:117db924cf7c 2382 case WOLFSSL_ECC_SECP192R1:
wolfSSL 15:117db924cf7c 2383 case WOLFSSL_ECC_SECP224K1:
wolfSSL 15:117db924cf7c 2384 case WOLFSSL_ECC_SECP224R1:
wolfSSL 15:117db924cf7c 2385 case WOLFSSL_ECC_SECP256K1:
wolfSSL 15:117db924cf7c 2386 case WOLFSSL_ECC_SECP256R1:
wolfSSL 15:117db924cf7c 2387 case WOLFSSL_ECC_SECP384R1:
wolfSSL 15:117db924cf7c 2388 case WOLFSSL_ECC_SECP521R1:
wolfSSL 15:117db924cf7c 2389 case WOLFSSL_ECC_BRAINPOOLP256R1:
wolfSSL 15:117db924cf7c 2390 case WOLFSSL_ECC_BRAINPOOLP384R1:
wolfSSL 15:117db924cf7c 2391 case WOLFSSL_ECC_BRAINPOOLP512R1:
wolfSSL 15:117db924cf7c 2392 case WOLFSSL_ECC_X25519:
wolfSSL 16:8e0d178b1d1e 2393 case WOLFSSL_ECC_X448:
wolfSSL 16:8e0d178b1d1e 2394
wolfSSL 15:117db924cf7c 2395 case WOLFSSL_FFDHE_2048:
wolfSSL 15:117db924cf7c 2396 case WOLFSSL_FFDHE_3072:
wolfSSL 15:117db924cf7c 2397 case WOLFSSL_FFDHE_4096:
wolfSSL 15:117db924cf7c 2398 case WOLFSSL_FFDHE_6144:
wolfSSL 15:117db924cf7c 2399 case WOLFSSL_FFDHE_8192:
wolfSSL 16:8e0d178b1d1e 2400 break;
wolfSSL 15:117db924cf7c 2401
wolfSSL 15:117db924cf7c 2402 default:
wolfSSL 15:117db924cf7c 2403 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 2404 }
wolfSSL 15:117db924cf7c 2405
wolfSSL 15:117db924cf7c 2406 ssl->options.userCurves = 1;
wolfSSL 15:117db924cf7c 2407
wolfSSL 15:117db924cf7c 2408 return TLSX_UseSupportedCurve(&ssl->extensions, name, ssl->heap);
wolfSSL 15:117db924cf7c 2409 }
wolfSSL 15:117db924cf7c 2410
wolfSSL 15:117db924cf7c 2411
wolfSSL 15:117db924cf7c 2412 int wolfSSL_CTX_UseSupportedCurve(WOLFSSL_CTX* ctx, word16 name)
wolfSSL 15:117db924cf7c 2413 {
wolfSSL 15:117db924cf7c 2414 if (ctx == NULL)
wolfSSL 15:117db924cf7c 2415 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 2416
wolfSSL 15:117db924cf7c 2417 switch (name) {
wolfSSL 15:117db924cf7c 2418 case WOLFSSL_ECC_SECP160K1:
wolfSSL 15:117db924cf7c 2419 case WOLFSSL_ECC_SECP160R1:
wolfSSL 15:117db924cf7c 2420 case WOLFSSL_ECC_SECP160R2:
wolfSSL 15:117db924cf7c 2421 case WOLFSSL_ECC_SECP192K1:
wolfSSL 15:117db924cf7c 2422 case WOLFSSL_ECC_SECP192R1:
wolfSSL 15:117db924cf7c 2423 case WOLFSSL_ECC_SECP224K1:
wolfSSL 15:117db924cf7c 2424 case WOLFSSL_ECC_SECP224R1:
wolfSSL 15:117db924cf7c 2425 case WOLFSSL_ECC_SECP256K1:
wolfSSL 15:117db924cf7c 2426 case WOLFSSL_ECC_SECP256R1:
wolfSSL 15:117db924cf7c 2427 case WOLFSSL_ECC_SECP384R1:
wolfSSL 15:117db924cf7c 2428 case WOLFSSL_ECC_SECP521R1:
wolfSSL 15:117db924cf7c 2429 case WOLFSSL_ECC_BRAINPOOLP256R1:
wolfSSL 15:117db924cf7c 2430 case WOLFSSL_ECC_BRAINPOOLP384R1:
wolfSSL 15:117db924cf7c 2431 case WOLFSSL_ECC_BRAINPOOLP512R1:
wolfSSL 15:117db924cf7c 2432 case WOLFSSL_ECC_X25519:
wolfSSL 16:8e0d178b1d1e 2433 case WOLFSSL_ECC_X448:
wolfSSL 15:117db924cf7c 2434 case WOLFSSL_FFDHE_2048:
wolfSSL 15:117db924cf7c 2435 case WOLFSSL_FFDHE_3072:
wolfSSL 15:117db924cf7c 2436 case WOLFSSL_FFDHE_4096:
wolfSSL 15:117db924cf7c 2437 case WOLFSSL_FFDHE_6144:
wolfSSL 15:117db924cf7c 2438 case WOLFSSL_FFDHE_8192:
wolfSSL 15:117db924cf7c 2439 break;
wolfSSL 15:117db924cf7c 2440
wolfSSL 15:117db924cf7c 2441 default:
wolfSSL 15:117db924cf7c 2442 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 2443 }
wolfSSL 15:117db924cf7c 2444
wolfSSL 15:117db924cf7c 2445 ctx->userCurves = 1;
wolfSSL 15:117db924cf7c 2446
wolfSSL 15:117db924cf7c 2447 return TLSX_UseSupportedCurve(&ctx->extensions, name, ctx->heap);
wolfSSL 15:117db924cf7c 2448 }
wolfSSL 15:117db924cf7c 2449
wolfSSL 16:8e0d178b1d1e 2450 #endif /* HAVE_SUPPORTED_CURVES && !NO_WOLFSSL_CLIENT */
wolfSSL 15:117db924cf7c 2451
wolfSSL 15:117db924cf7c 2452 /* QSH quantum safe handshake */
wolfSSL 15:117db924cf7c 2453 #ifdef HAVE_QSH
wolfSSL 15:117db924cf7c 2454 /* returns 1 if QSH has been used 0 otherwise */
wolfSSL 15:117db924cf7c 2455 int wolfSSL_isQSH(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 2456 {
wolfSSL 15:117db924cf7c 2457 /* if no ssl struct than QSH was not used */
wolfSSL 15:117db924cf7c 2458 if (ssl == NULL)
wolfSSL 15:117db924cf7c 2459 return 0;
wolfSSL 15:117db924cf7c 2460
wolfSSL 15:117db924cf7c 2461 return ssl->isQSH;
wolfSSL 15:117db924cf7c 2462 }
wolfSSL 15:117db924cf7c 2463
wolfSSL 15:117db924cf7c 2464
wolfSSL 15:117db924cf7c 2465 int wolfSSL_UseSupportedQSH(WOLFSSL* ssl, word16 name)
wolfSSL 15:117db924cf7c 2466 {
wolfSSL 15:117db924cf7c 2467 if (ssl == NULL)
wolfSSL 15:117db924cf7c 2468 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 2469
wolfSSL 15:117db924cf7c 2470 switch (name) {
wolfSSL 15:117db924cf7c 2471 #ifdef HAVE_NTRU
wolfSSL 15:117db924cf7c 2472 case WOLFSSL_NTRU_EESS439:
wolfSSL 15:117db924cf7c 2473 case WOLFSSL_NTRU_EESS593:
wolfSSL 15:117db924cf7c 2474 case WOLFSSL_NTRU_EESS743:
wolfSSL 15:117db924cf7c 2475 break;
wolfSSL 15:117db924cf7c 2476 #endif
wolfSSL 15:117db924cf7c 2477 default:
wolfSSL 15:117db924cf7c 2478 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 2479 }
wolfSSL 15:117db924cf7c 2480
wolfSSL 15:117db924cf7c 2481 ssl->user_set_QSHSchemes = 1;
wolfSSL 15:117db924cf7c 2482
wolfSSL 15:117db924cf7c 2483 return TLSX_UseQSHScheme(&ssl->extensions, name, NULL, 0, ssl->heap);
wolfSSL 15:117db924cf7c 2484 }
wolfSSL 15:117db924cf7c 2485
wolfSSL 15:117db924cf7c 2486 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 15:117db924cf7c 2487 /* user control over sending client public key in hello
wolfSSL 15:117db924cf7c 2488 when flag = 1 will send keys if flag is 0 or function is not called
wolfSSL 15:117db924cf7c 2489 then will not send keys in the hello extension
wolfSSL 15:117db924cf7c 2490 return 0 on success
wolfSSL 15:117db924cf7c 2491 */
wolfSSL 15:117db924cf7c 2492 int wolfSSL_UseClientQSHKeys(WOLFSSL* ssl, unsigned char flag)
wolfSSL 15:117db924cf7c 2493 {
wolfSSL 15:117db924cf7c 2494 if (ssl == NULL)
wolfSSL 15:117db924cf7c 2495 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 2496
wolfSSL 15:117db924cf7c 2497 ssl->sendQSHKeys = flag;
wolfSSL 15:117db924cf7c 2498
wolfSSL 15:117db924cf7c 2499 return 0;
wolfSSL 15:117db924cf7c 2500 }
wolfSSL 15:117db924cf7c 2501 #endif /* NO_WOLFSSL_CLIENT */
wolfSSL 15:117db924cf7c 2502 #endif /* HAVE_QSH */
wolfSSL 15:117db924cf7c 2503
wolfSSL 15:117db924cf7c 2504 /* Application-Layer Protocol Negotiation */
wolfSSL 15:117db924cf7c 2505 #ifdef HAVE_ALPN
wolfSSL 15:117db924cf7c 2506
wolfSSL 16:8e0d178b1d1e 2507 WOLFSSL_ABI
wolfSSL 15:117db924cf7c 2508 int wolfSSL_UseALPN(WOLFSSL* ssl, char *protocol_name_list,
wolfSSL 15:117db924cf7c 2509 word32 protocol_name_listSz, byte options)
wolfSSL 15:117db924cf7c 2510 {
wolfSSL 16:8e0d178b1d1e 2511 char *list, *ptr, *token[WOLFSSL_MAX_ALPN_NUMBER]={NULL};
wolfSSL 15:117db924cf7c 2512 word16 len;
wolfSSL 15:117db924cf7c 2513 int idx = 0;
wolfSSL 15:117db924cf7c 2514 int ret = WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 2515
wolfSSL 15:117db924cf7c 2516 WOLFSSL_ENTER("wolfSSL_UseALPN");
wolfSSL 15:117db924cf7c 2517
wolfSSL 15:117db924cf7c 2518 if (ssl == NULL || protocol_name_list == NULL)
wolfSSL 15:117db924cf7c 2519 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 2520
wolfSSL 15:117db924cf7c 2521 if (protocol_name_listSz > (WOLFSSL_MAX_ALPN_NUMBER *
wolfSSL 15:117db924cf7c 2522 WOLFSSL_MAX_ALPN_PROTO_NAME_LEN +
wolfSSL 15:117db924cf7c 2523 WOLFSSL_MAX_ALPN_NUMBER)) {
wolfSSL 15:117db924cf7c 2524 WOLFSSL_MSG("Invalid arguments, protocol name list too long");
wolfSSL 15:117db924cf7c 2525 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 2526 }
wolfSSL 15:117db924cf7c 2527
wolfSSL 15:117db924cf7c 2528 if (!(options & WOLFSSL_ALPN_CONTINUE_ON_MISMATCH) &&
wolfSSL 15:117db924cf7c 2529 !(options & WOLFSSL_ALPN_FAILED_ON_MISMATCH)) {
wolfSSL 15:117db924cf7c 2530 WOLFSSL_MSG("Invalid arguments, options not supported");
wolfSSL 15:117db924cf7c 2531 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 2532 }
wolfSSL 15:117db924cf7c 2533
wolfSSL 15:117db924cf7c 2534
wolfSSL 15:117db924cf7c 2535 list = (char *)XMALLOC(protocol_name_listSz+1, ssl->heap,
wolfSSL 15:117db924cf7c 2536 DYNAMIC_TYPE_ALPN);
wolfSSL 15:117db924cf7c 2537 if (list == NULL) {
wolfSSL 15:117db924cf7c 2538 WOLFSSL_MSG("Memory failure");
wolfSSL 15:117db924cf7c 2539 return MEMORY_ERROR;
wolfSSL 15:117db924cf7c 2540 }
wolfSSL 15:117db924cf7c 2541
wolfSSL 15:117db924cf7c 2542 XSTRNCPY(list, protocol_name_list, protocol_name_listSz);
wolfSSL 15:117db924cf7c 2543 list[protocol_name_listSz] = '\0';
wolfSSL 15:117db924cf7c 2544
wolfSSL 15:117db924cf7c 2545 /* read all protocol name from the list */
wolfSSL 15:117db924cf7c 2546 token[idx] = XSTRTOK(list, ",", &ptr);
wolfSSL 16:8e0d178b1d1e 2547 while (idx < WOLFSSL_MAX_ALPN_NUMBER && token[idx] != NULL)
wolfSSL 15:117db924cf7c 2548 token[++idx] = XSTRTOK(NULL, ",", &ptr);
wolfSSL 15:117db924cf7c 2549
wolfSSL 15:117db924cf7c 2550 /* add protocol name list in the TLS extension in reverse order */
wolfSSL 15:117db924cf7c 2551 while ((idx--) > 0) {
wolfSSL 15:117db924cf7c 2552 len = (word16)XSTRLEN(token[idx]);
wolfSSL 15:117db924cf7c 2553
wolfSSL 15:117db924cf7c 2554 ret = TLSX_UseALPN(&ssl->extensions, token[idx], len, options,
wolfSSL 15:117db924cf7c 2555 ssl->heap);
wolfSSL 15:117db924cf7c 2556 if (ret != WOLFSSL_SUCCESS) {
wolfSSL 15:117db924cf7c 2557 WOLFSSL_MSG("TLSX_UseALPN failure");
wolfSSL 15:117db924cf7c 2558 break;
wolfSSL 15:117db924cf7c 2559 }
wolfSSL 15:117db924cf7c 2560 }
wolfSSL 15:117db924cf7c 2561
wolfSSL 15:117db924cf7c 2562 XFREE(list, ssl->heap, DYNAMIC_TYPE_ALPN);
wolfSSL 15:117db924cf7c 2563
wolfSSL 15:117db924cf7c 2564 return ret;
wolfSSL 15:117db924cf7c 2565 }
wolfSSL 15:117db924cf7c 2566
wolfSSL 15:117db924cf7c 2567 int wolfSSL_ALPN_GetProtocol(WOLFSSL* ssl, char **protocol_name, word16 *size)
wolfSSL 15:117db924cf7c 2568 {
wolfSSL 15:117db924cf7c 2569 return TLSX_ALPN_GetRequest(ssl ? ssl->extensions : NULL,
wolfSSL 15:117db924cf7c 2570 (void **)protocol_name, size);
wolfSSL 15:117db924cf7c 2571 }
wolfSSL 15:117db924cf7c 2572
wolfSSL 15:117db924cf7c 2573 int wolfSSL_ALPN_GetPeerProtocol(WOLFSSL* ssl, char **list, word16 *listSz)
wolfSSL 15:117db924cf7c 2574 {
wolfSSL 15:117db924cf7c 2575 if (list == NULL || listSz == NULL)
wolfSSL 15:117db924cf7c 2576 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 2577
wolfSSL 15:117db924cf7c 2578 if (ssl->alpn_client_list == NULL)
wolfSSL 15:117db924cf7c 2579 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 2580
wolfSSL 15:117db924cf7c 2581 *listSz = (word16)XSTRLEN(ssl->alpn_client_list);
wolfSSL 15:117db924cf7c 2582 if (*listSz == 0)
wolfSSL 15:117db924cf7c 2583 return BUFFER_ERROR;
wolfSSL 15:117db924cf7c 2584
wolfSSL 15:117db924cf7c 2585 *list = (char *)XMALLOC((*listSz)+1, ssl->heap, DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 2586 if (*list == NULL)
wolfSSL 15:117db924cf7c 2587 return MEMORY_ERROR;
wolfSSL 15:117db924cf7c 2588
wolfSSL 15:117db924cf7c 2589 XSTRNCPY(*list, ssl->alpn_client_list, (*listSz)+1);
wolfSSL 15:117db924cf7c 2590 (*list)[*listSz] = 0;
wolfSSL 15:117db924cf7c 2591
wolfSSL 15:117db924cf7c 2592 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 2593 }
wolfSSL 15:117db924cf7c 2594
wolfSSL 15:117db924cf7c 2595
wolfSSL 15:117db924cf7c 2596 /* used to free memory allocated by wolfSSL_ALPN_GetPeerProtocol */
wolfSSL 15:117db924cf7c 2597 int wolfSSL_ALPN_FreePeerProtocol(WOLFSSL* ssl, char **list)
wolfSSL 15:117db924cf7c 2598 {
wolfSSL 15:117db924cf7c 2599 if (ssl == NULL) {
wolfSSL 15:117db924cf7c 2600 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 2601 }
wolfSSL 15:117db924cf7c 2602
wolfSSL 15:117db924cf7c 2603 XFREE(*list, ssl->heap, DYNAMIC_TYPE_TLSX);
wolfSSL 15:117db924cf7c 2604 *list = NULL;
wolfSSL 15:117db924cf7c 2605
wolfSSL 15:117db924cf7c 2606 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 2607 }
wolfSSL 15:117db924cf7c 2608
wolfSSL 15:117db924cf7c 2609 #endif /* HAVE_ALPN */
wolfSSL 15:117db924cf7c 2610
wolfSSL 15:117db924cf7c 2611 /* Secure Renegotiation */
wolfSSL 15:117db924cf7c 2612 #ifdef HAVE_SECURE_RENEGOTIATION
wolfSSL 15:117db924cf7c 2613
wolfSSL 15:117db924cf7c 2614 /* user is forcing ability to use secure renegotiation, we discourage it */
wolfSSL 15:117db924cf7c 2615 int wolfSSL_UseSecureRenegotiation(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 2616 {
wolfSSL 15:117db924cf7c 2617 int ret = BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 2618
wolfSSL 15:117db924cf7c 2619 if (ssl)
wolfSSL 15:117db924cf7c 2620 ret = TLSX_UseSecureRenegotiation(&ssl->extensions, ssl->heap);
wolfSSL 15:117db924cf7c 2621
wolfSSL 15:117db924cf7c 2622 if (ret == WOLFSSL_SUCCESS) {
wolfSSL 15:117db924cf7c 2623 TLSX* extension = TLSX_Find(ssl->extensions, TLSX_RENEGOTIATION_INFO);
wolfSSL 15:117db924cf7c 2624
wolfSSL 15:117db924cf7c 2625 if (extension)
wolfSSL 15:117db924cf7c 2626 ssl->secure_renegotiation = (SecureRenegotiation*)extension->data;
wolfSSL 15:117db924cf7c 2627 }
wolfSSL 15:117db924cf7c 2628
wolfSSL 15:117db924cf7c 2629 return ret;
wolfSSL 15:117db924cf7c 2630 }
wolfSSL 15:117db924cf7c 2631
wolfSSL 16:8e0d178b1d1e 2632 int wolfSSL_CTX_UseSecureRenegotiation(WOLFSSL_CTX* ctx)
wolfSSL 16:8e0d178b1d1e 2633 {
wolfSSL 16:8e0d178b1d1e 2634 if (ctx == NULL)
wolfSSL 16:8e0d178b1d1e 2635 return BAD_FUNC_ARG;
wolfSSL 16:8e0d178b1d1e 2636
wolfSSL 16:8e0d178b1d1e 2637 ctx->useSecureReneg = 1;
wolfSSL 16:8e0d178b1d1e 2638 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 2639 }
wolfSSL 16:8e0d178b1d1e 2640
wolfSSL 15:117db924cf7c 2641
wolfSSL 15:117db924cf7c 2642 /* do a secure renegotiation handshake, user forced, we discourage */
wolfSSL 16:8e0d178b1d1e 2643 static int _Rehandshake(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 2644 {
wolfSSL 15:117db924cf7c 2645 int ret;
wolfSSL 15:117db924cf7c 2646
wolfSSL 15:117db924cf7c 2647 if (ssl == NULL)
wolfSSL 15:117db924cf7c 2648 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 2649
wolfSSL 15:117db924cf7c 2650 if (ssl->secure_renegotiation == NULL) {
wolfSSL 15:117db924cf7c 2651 WOLFSSL_MSG("Secure Renegotiation not forced on by user");
wolfSSL 15:117db924cf7c 2652 return SECURE_RENEGOTIATION_E;
wolfSSL 15:117db924cf7c 2653 }
wolfSSL 15:117db924cf7c 2654
wolfSSL 15:117db924cf7c 2655 if (ssl->secure_renegotiation->enabled == 0) {
wolfSSL 15:117db924cf7c 2656 WOLFSSL_MSG("Secure Renegotiation not enabled at extension level");
wolfSSL 15:117db924cf7c 2657 return SECURE_RENEGOTIATION_E;
wolfSSL 15:117db924cf7c 2658 }
wolfSSL 15:117db924cf7c 2659
wolfSSL 16:8e0d178b1d1e 2660 /* If the client started the renegotiation, the server will already
wolfSSL 16:8e0d178b1d1e 2661 * have processed the client's hello. */
wolfSSL 16:8e0d178b1d1e 2662 if (ssl->options.side != WOLFSSL_SERVER_END ||
wolfSSL 16:8e0d178b1d1e 2663 ssl->options.acceptState != ACCEPT_FIRST_REPLY_DONE) {
wolfSSL 16:8e0d178b1d1e 2664
wolfSSL 16:8e0d178b1d1e 2665 if (ssl->options.handShakeState != HANDSHAKE_DONE) {
wolfSSL 16:8e0d178b1d1e 2666 WOLFSSL_MSG("Can't renegotiate until previous handshake complete");
wolfSSL 16:8e0d178b1d1e 2667 return SECURE_RENEGOTIATION_E;
wolfSSL 16:8e0d178b1d1e 2668 }
wolfSSL 15:117db924cf7c 2669
wolfSSL 15:117db924cf7c 2670 #ifndef NO_FORCE_SCR_SAME_SUITE
wolfSSL 16:8e0d178b1d1e 2671 /* force same suite */
wolfSSL 16:8e0d178b1d1e 2672 if (ssl->suites) {
wolfSSL 16:8e0d178b1d1e 2673 ssl->suites->suiteSz = SUITE_LEN;
wolfSSL 16:8e0d178b1d1e 2674 ssl->suites->suites[0] = ssl->options.cipherSuite0;
wolfSSL 16:8e0d178b1d1e 2675 ssl->suites->suites[1] = ssl->options.cipherSuite;
wolfSSL 16:8e0d178b1d1e 2676 }
wolfSSL 16:8e0d178b1d1e 2677 #endif
wolfSSL 16:8e0d178b1d1e 2678
wolfSSL 16:8e0d178b1d1e 2679 /* reset handshake states */
wolfSSL 16:8e0d178b1d1e 2680 ssl->options.sendVerify = 0;
wolfSSL 16:8e0d178b1d1e 2681 ssl->options.serverState = NULL_STATE;
wolfSSL 16:8e0d178b1d1e 2682 ssl->options.clientState = NULL_STATE;
wolfSSL 16:8e0d178b1d1e 2683 ssl->options.connectState = CONNECT_BEGIN;
wolfSSL 16:8e0d178b1d1e 2684 ssl->options.acceptState = ACCEPT_BEGIN_RENEG;
wolfSSL 16:8e0d178b1d1e 2685 ssl->options.handShakeState = NULL_STATE;
wolfSSL 16:8e0d178b1d1e 2686 ssl->options.processReply = 0; /* TODO, move states in internal.h */
wolfSSL 16:8e0d178b1d1e 2687
wolfSSL 16:8e0d178b1d1e 2688 XMEMSET(&ssl->msgsReceived, 0, sizeof(ssl->msgsReceived));
wolfSSL 16:8e0d178b1d1e 2689
wolfSSL 16:8e0d178b1d1e 2690 ssl->secure_renegotiation->cache_status = SCR_CACHE_NEEDED;
wolfSSL 16:8e0d178b1d1e 2691
wolfSSL 16:8e0d178b1d1e 2692 #if !defined(NO_WOLFSSL_SERVER) && defined(HAVE_SERVER_RENEGOTIATION_INFO)
wolfSSL 16:8e0d178b1d1e 2693 if (ssl->options.side == WOLFSSL_SERVER_END) {
wolfSSL 16:8e0d178b1d1e 2694 ret = SendHelloRequest(ssl);
wolfSSL 16:8e0d178b1d1e 2695 if (ret != 0) {
wolfSSL 16:8e0d178b1d1e 2696 ssl->error = ret;
wolfSSL 16:8e0d178b1d1e 2697 return WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 2698 }
wolfSSL 16:8e0d178b1d1e 2699 }
wolfSSL 16:8e0d178b1d1e 2700 #endif /* NO_WOLFSSL_SERVER && HAVE_SERVER_RENEGOTIATION_INFO */
wolfSSL 16:8e0d178b1d1e 2701
wolfSSL 16:8e0d178b1d1e 2702 ret = InitHandshakeHashes(ssl);
wolfSSL 16:8e0d178b1d1e 2703 if (ret != 0) {
wolfSSL 16:8e0d178b1d1e 2704 ssl->error = ret;
wolfSSL 16:8e0d178b1d1e 2705 return WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 2706 }
wolfSSL 16:8e0d178b1d1e 2707 }
wolfSSL 15:117db924cf7c 2708 ret = wolfSSL_negotiate(ssl);
wolfSSL 16:8e0d178b1d1e 2709 ssl->secure_rene_count++;
wolfSSL 16:8e0d178b1d1e 2710 return ret;
wolfSSL 16:8e0d178b1d1e 2711 }
wolfSSL 16:8e0d178b1d1e 2712
wolfSSL 16:8e0d178b1d1e 2713
wolfSSL 16:8e0d178b1d1e 2714 /* do a secure renegotiation handshake, user forced, we discourage */
wolfSSL 16:8e0d178b1d1e 2715 int wolfSSL_Rehandshake(WOLFSSL* ssl)
wolfSSL 16:8e0d178b1d1e 2716 {
wolfSSL 16:8e0d178b1d1e 2717 int ret = WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 2718 WOLFSSL_ENTER("wolfSSL_Rehandshake");
wolfSSL 16:8e0d178b1d1e 2719
wolfSSL 16:8e0d178b1d1e 2720 if (ssl->options.side == WOLFSSL_SERVER_END) {
wolfSSL 16:8e0d178b1d1e 2721 /* Reset option to send certificate verify. */
wolfSSL 16:8e0d178b1d1e 2722 ssl->options.sendVerify = 0;
wolfSSL 16:8e0d178b1d1e 2723 }
wolfSSL 16:8e0d178b1d1e 2724 else {
wolfSSL 16:8e0d178b1d1e 2725 /* Reset resuming flag to do full secure handshake. */
wolfSSL 16:8e0d178b1d1e 2726 ssl->options.resuming = 0;
wolfSSL 16:8e0d178b1d1e 2727 #ifdef HAVE_SESSION_TICKET
wolfSSL 16:8e0d178b1d1e 2728 /* Clearing the ticket. */
wolfSSL 16:8e0d178b1d1e 2729 ret = wolfSSL_UseSessionTicket(ssl);
wolfSSL 16:8e0d178b1d1e 2730 #endif
wolfSSL 16:8e0d178b1d1e 2731 }
wolfSSL 16:8e0d178b1d1e 2732
wolfSSL 16:8e0d178b1d1e 2733 if (ret == WOLFSSL_SUCCESS)
wolfSSL 16:8e0d178b1d1e 2734 ret = _Rehandshake(ssl);
wolfSSL 16:8e0d178b1d1e 2735
wolfSSL 16:8e0d178b1d1e 2736 return ret;
wolfSSL 16:8e0d178b1d1e 2737 }
wolfSSL 16:8e0d178b1d1e 2738
wolfSSL 16:8e0d178b1d1e 2739
wolfSSL 16:8e0d178b1d1e 2740 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 16:8e0d178b1d1e 2741
wolfSSL 16:8e0d178b1d1e 2742 /* do a secure resumption handshake, user forced, we discourage */
wolfSSL 16:8e0d178b1d1e 2743 int wolfSSL_SecureResume(WOLFSSL* ssl)
wolfSSL 16:8e0d178b1d1e 2744 {
wolfSSL 16:8e0d178b1d1e 2745 WOLFSSL_ENTER("wolfSSL_SecureResume");
wolfSSL 16:8e0d178b1d1e 2746
wolfSSL 16:8e0d178b1d1e 2747 if (ssl == NULL)
wolfSSL 16:8e0d178b1d1e 2748 return BAD_FUNC_ARG;
wolfSSL 16:8e0d178b1d1e 2749
wolfSSL 16:8e0d178b1d1e 2750 if (ssl->options.side == WOLFSSL_SERVER_END) {
wolfSSL 16:8e0d178b1d1e 2751 ssl->error = SIDE_ERROR;
wolfSSL 16:8e0d178b1d1e 2752 return SSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 2753 }
wolfSSL 16:8e0d178b1d1e 2754
wolfSSL 16:8e0d178b1d1e 2755 return _Rehandshake(ssl);
wolfSSL 16:8e0d178b1d1e 2756 }
wolfSSL 16:8e0d178b1d1e 2757
wolfSSL 16:8e0d178b1d1e 2758 #endif /* NO_WOLFSSL_CLIENT */
wolfSSL 16:8e0d178b1d1e 2759
wolfSSL 16:8e0d178b1d1e 2760 long wolfSSL_SSL_get_secure_renegotiation_support(WOLFSSL* ssl)
wolfSSL 16:8e0d178b1d1e 2761 {
wolfSSL 16:8e0d178b1d1e 2762 WOLFSSL_ENTER("wolfSSL_SSL_get_secure_renegotiation_support");
wolfSSL 16:8e0d178b1d1e 2763
wolfSSL 16:8e0d178b1d1e 2764 if (!ssl || !ssl->secure_renegotiation)
wolfSSL 16:8e0d178b1d1e 2765 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 2766 return ssl->secure_renegotiation->enabled;
wolfSSL 15:117db924cf7c 2767 }
wolfSSL 15:117db924cf7c 2768
wolfSSL 15:117db924cf7c 2769 #endif /* HAVE_SECURE_RENEGOTIATION */
wolfSSL 15:117db924cf7c 2770
wolfSSL 15:117db924cf7c 2771 /* Session Ticket */
wolfSSL 15:117db924cf7c 2772 #if !defined(NO_WOLFSSL_SERVER) && defined(HAVE_SESSION_TICKET)
wolfSSL 15:117db924cf7c 2773 /* WOLFSSL_SUCCESS on ok */
wolfSSL 15:117db924cf7c 2774 int wolfSSL_CTX_set_TicketEncCb(WOLFSSL_CTX* ctx, SessionTicketEncCb cb)
wolfSSL 15:117db924cf7c 2775 {
wolfSSL 15:117db924cf7c 2776 if (ctx == NULL)
wolfSSL 15:117db924cf7c 2777 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 2778
wolfSSL 15:117db924cf7c 2779 ctx->ticketEncCb = cb;
wolfSSL 15:117db924cf7c 2780
wolfSSL 15:117db924cf7c 2781 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 2782 }
wolfSSL 15:117db924cf7c 2783
wolfSSL 15:117db924cf7c 2784 /* set hint interval, WOLFSSL_SUCCESS on ok */
wolfSSL 15:117db924cf7c 2785 int wolfSSL_CTX_set_TicketHint(WOLFSSL_CTX* ctx, int hint)
wolfSSL 15:117db924cf7c 2786 {
wolfSSL 15:117db924cf7c 2787 if (ctx == NULL)
wolfSSL 15:117db924cf7c 2788 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 2789
wolfSSL 15:117db924cf7c 2790 ctx->ticketHint = hint;
wolfSSL 15:117db924cf7c 2791
wolfSSL 15:117db924cf7c 2792 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 2793 }
wolfSSL 15:117db924cf7c 2794
wolfSSL 15:117db924cf7c 2795 /* set user context, WOLFSSL_SUCCESS on ok */
wolfSSL 15:117db924cf7c 2796 int wolfSSL_CTX_set_TicketEncCtx(WOLFSSL_CTX* ctx, void* userCtx)
wolfSSL 15:117db924cf7c 2797 {
wolfSSL 15:117db924cf7c 2798 if (ctx == NULL)
wolfSSL 15:117db924cf7c 2799 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 2800
wolfSSL 15:117db924cf7c 2801 ctx->ticketEncCtx = userCtx;
wolfSSL 15:117db924cf7c 2802
wolfSSL 15:117db924cf7c 2803 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 2804 }
wolfSSL 15:117db924cf7c 2805
wolfSSL 15:117db924cf7c 2806 #endif /* !defined(NO_WOLFSSL_CLIENT) && defined(HAVE_SESSION_TICKET) */
wolfSSL 15:117db924cf7c 2807
wolfSSL 15:117db924cf7c 2808 /* Session Ticket */
wolfSSL 15:117db924cf7c 2809 #if !defined(NO_WOLFSSL_CLIENT) && defined(HAVE_SESSION_TICKET)
wolfSSL 15:117db924cf7c 2810 int wolfSSL_UseSessionTicket(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 2811 {
wolfSSL 15:117db924cf7c 2812 if (ssl == NULL)
wolfSSL 15:117db924cf7c 2813 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 2814
wolfSSL 15:117db924cf7c 2815 return TLSX_UseSessionTicket(&ssl->extensions, NULL, ssl->heap);
wolfSSL 15:117db924cf7c 2816 }
wolfSSL 15:117db924cf7c 2817
wolfSSL 15:117db924cf7c 2818 int wolfSSL_CTX_UseSessionTicket(WOLFSSL_CTX* ctx)
wolfSSL 15:117db924cf7c 2819 {
wolfSSL 15:117db924cf7c 2820 if (ctx == NULL)
wolfSSL 15:117db924cf7c 2821 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 2822
wolfSSL 15:117db924cf7c 2823 return TLSX_UseSessionTicket(&ctx->extensions, NULL, ctx->heap);
wolfSSL 15:117db924cf7c 2824 }
wolfSSL 15:117db924cf7c 2825
wolfSSL 15:117db924cf7c 2826 WOLFSSL_API int wolfSSL_get_SessionTicket(WOLFSSL* ssl,
wolfSSL 15:117db924cf7c 2827 byte* buf, word32* bufSz)
wolfSSL 15:117db924cf7c 2828 {
wolfSSL 15:117db924cf7c 2829 if (ssl == NULL || buf == NULL || bufSz == NULL || *bufSz == 0)
wolfSSL 15:117db924cf7c 2830 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 2831
wolfSSL 15:117db924cf7c 2832 if (ssl->session.ticketLen <= *bufSz) {
wolfSSL 15:117db924cf7c 2833 XMEMCPY(buf, ssl->session.ticket, ssl->session.ticketLen);
wolfSSL 15:117db924cf7c 2834 *bufSz = ssl->session.ticketLen;
wolfSSL 15:117db924cf7c 2835 }
wolfSSL 15:117db924cf7c 2836 else
wolfSSL 15:117db924cf7c 2837 *bufSz = 0;
wolfSSL 15:117db924cf7c 2838
wolfSSL 15:117db924cf7c 2839 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 2840 }
wolfSSL 15:117db924cf7c 2841
wolfSSL 15:117db924cf7c 2842 WOLFSSL_API int wolfSSL_set_SessionTicket(WOLFSSL* ssl, const byte* buf,
wolfSSL 15:117db924cf7c 2843 word32 bufSz)
wolfSSL 15:117db924cf7c 2844 {
wolfSSL 15:117db924cf7c 2845 if (ssl == NULL || (buf == NULL && bufSz > 0))
wolfSSL 15:117db924cf7c 2846 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 2847
wolfSSL 15:117db924cf7c 2848 if (bufSz > 0) {
wolfSSL 15:117db924cf7c 2849 /* Ticket will fit into static ticket */
wolfSSL 15:117db924cf7c 2850 if(bufSz <= SESSION_TICKET_LEN) {
wolfSSL 15:117db924cf7c 2851 if (ssl->session.isDynamic) {
wolfSSL 15:117db924cf7c 2852 XFREE(ssl->session.ticket, ssl->heap, DYNAMIC_TYPE_SESSION_TICK);
wolfSSL 15:117db924cf7c 2853 ssl->session.isDynamic = 0;
wolfSSL 15:117db924cf7c 2854 ssl->session.ticket = ssl->session.staticTicket;
wolfSSL 15:117db924cf7c 2855 }
wolfSSL 15:117db924cf7c 2856 } else { /* Ticket requires dynamic ticket storage */
wolfSSL 15:117db924cf7c 2857 if (ssl->session.ticketLen < bufSz) { /* is dyn buffer big enough */
wolfSSL 15:117db924cf7c 2858 if(ssl->session.isDynamic)
wolfSSL 15:117db924cf7c 2859 XFREE(ssl->session.ticket, ssl->heap,
wolfSSL 15:117db924cf7c 2860 DYNAMIC_TYPE_SESSION_TICK);
wolfSSL 15:117db924cf7c 2861 ssl->session.ticket = (byte*)XMALLOC(bufSz, ssl->heap,
wolfSSL 15:117db924cf7c 2862 DYNAMIC_TYPE_SESSION_TICK);
wolfSSL 15:117db924cf7c 2863 if(!ssl->session.ticket) {
wolfSSL 15:117db924cf7c 2864 ssl->session.ticket = ssl->session.staticTicket;
wolfSSL 15:117db924cf7c 2865 ssl->session.isDynamic = 0;
wolfSSL 15:117db924cf7c 2866 return MEMORY_ERROR;
wolfSSL 15:117db924cf7c 2867 }
wolfSSL 15:117db924cf7c 2868 ssl->session.isDynamic = 1;
wolfSSL 15:117db924cf7c 2869 }
wolfSSL 15:117db924cf7c 2870 }
wolfSSL 15:117db924cf7c 2871 XMEMCPY(ssl->session.ticket, buf, bufSz);
wolfSSL 15:117db924cf7c 2872 }
wolfSSL 15:117db924cf7c 2873 ssl->session.ticketLen = (word16)bufSz;
wolfSSL 15:117db924cf7c 2874
wolfSSL 15:117db924cf7c 2875 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 2876 }
wolfSSL 15:117db924cf7c 2877
wolfSSL 15:117db924cf7c 2878
wolfSSL 15:117db924cf7c 2879 WOLFSSL_API int wolfSSL_set_SessionTicket_cb(WOLFSSL* ssl,
wolfSSL 15:117db924cf7c 2880 CallbackSessionTicket cb, void* ctx)
wolfSSL 15:117db924cf7c 2881 {
wolfSSL 15:117db924cf7c 2882 if (ssl == NULL)
wolfSSL 15:117db924cf7c 2883 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 2884
wolfSSL 15:117db924cf7c 2885 ssl->session_ticket_cb = cb;
wolfSSL 15:117db924cf7c 2886 ssl->session_ticket_ctx = ctx;
wolfSSL 15:117db924cf7c 2887
wolfSSL 15:117db924cf7c 2888 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 2889 }
wolfSSL 15:117db924cf7c 2890 #endif
wolfSSL 15:117db924cf7c 2891
wolfSSL 15:117db924cf7c 2892
wolfSSL 15:117db924cf7c 2893 #ifdef HAVE_EXTENDED_MASTER
wolfSSL 15:117db924cf7c 2894 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 15:117db924cf7c 2895
wolfSSL 15:117db924cf7c 2896 int wolfSSL_CTX_DisableExtendedMasterSecret(WOLFSSL_CTX* ctx)
wolfSSL 15:117db924cf7c 2897 {
wolfSSL 15:117db924cf7c 2898 if (ctx == NULL)
wolfSSL 15:117db924cf7c 2899 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 2900
wolfSSL 15:117db924cf7c 2901 ctx->haveEMS = 0;
wolfSSL 15:117db924cf7c 2902
wolfSSL 15:117db924cf7c 2903 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 2904 }
wolfSSL 15:117db924cf7c 2905
wolfSSL 15:117db924cf7c 2906
wolfSSL 15:117db924cf7c 2907 int wolfSSL_DisableExtendedMasterSecret(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 2908 {
wolfSSL 15:117db924cf7c 2909 if (ssl == NULL)
wolfSSL 15:117db924cf7c 2910 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 2911
wolfSSL 15:117db924cf7c 2912 ssl->options.haveEMS = 0;
wolfSSL 15:117db924cf7c 2913
wolfSSL 15:117db924cf7c 2914 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 2915 }
wolfSSL 15:117db924cf7c 2916
wolfSSL 15:117db924cf7c 2917 #endif
wolfSSL 15:117db924cf7c 2918 #endif
wolfSSL 15:117db924cf7c 2919
wolfSSL 15:117db924cf7c 2920
wolfSSL 15:117db924cf7c 2921 #ifndef WOLFSSL_LEANPSK
wolfSSL 15:117db924cf7c 2922
wolfSSL 15:117db924cf7c 2923 int wolfSSL_send(WOLFSSL* ssl, const void* data, int sz, int flags)
wolfSSL 15:117db924cf7c 2924 {
wolfSSL 15:117db924cf7c 2925 int ret;
wolfSSL 15:117db924cf7c 2926 int oldFlags;
wolfSSL 15:117db924cf7c 2927
wolfSSL 15:117db924cf7c 2928 WOLFSSL_ENTER("wolfSSL_send()");
wolfSSL 15:117db924cf7c 2929
wolfSSL 15:117db924cf7c 2930 if (ssl == NULL || data == NULL || sz < 0)
wolfSSL 15:117db924cf7c 2931 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 2932
wolfSSL 15:117db924cf7c 2933 oldFlags = ssl->wflags;
wolfSSL 15:117db924cf7c 2934
wolfSSL 15:117db924cf7c 2935 ssl->wflags = flags;
wolfSSL 15:117db924cf7c 2936 ret = wolfSSL_write(ssl, data, sz);
wolfSSL 15:117db924cf7c 2937 ssl->wflags = oldFlags;
wolfSSL 15:117db924cf7c 2938
wolfSSL 15:117db924cf7c 2939 WOLFSSL_LEAVE("wolfSSL_send()", ret);
wolfSSL 15:117db924cf7c 2940
wolfSSL 15:117db924cf7c 2941 return ret;
wolfSSL 15:117db924cf7c 2942 }
wolfSSL 15:117db924cf7c 2943
wolfSSL 15:117db924cf7c 2944
wolfSSL 15:117db924cf7c 2945 int wolfSSL_recv(WOLFSSL* ssl, void* data, int sz, int flags)
wolfSSL 15:117db924cf7c 2946 {
wolfSSL 15:117db924cf7c 2947 int ret;
wolfSSL 15:117db924cf7c 2948 int oldFlags;
wolfSSL 15:117db924cf7c 2949
wolfSSL 15:117db924cf7c 2950 WOLFSSL_ENTER("wolfSSL_recv()");
wolfSSL 15:117db924cf7c 2951
wolfSSL 15:117db924cf7c 2952 if (ssl == NULL || data == NULL || sz < 0)
wolfSSL 15:117db924cf7c 2953 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 2954
wolfSSL 15:117db924cf7c 2955 oldFlags = ssl->rflags;
wolfSSL 15:117db924cf7c 2956
wolfSSL 15:117db924cf7c 2957 ssl->rflags = flags;
wolfSSL 15:117db924cf7c 2958 ret = wolfSSL_read(ssl, data, sz);
wolfSSL 15:117db924cf7c 2959 ssl->rflags = oldFlags;
wolfSSL 15:117db924cf7c 2960
wolfSSL 15:117db924cf7c 2961 WOLFSSL_LEAVE("wolfSSL_recv()", ret);
wolfSSL 15:117db924cf7c 2962
wolfSSL 15:117db924cf7c 2963 return ret;
wolfSSL 15:117db924cf7c 2964 }
wolfSSL 15:117db924cf7c 2965 #endif
wolfSSL 15:117db924cf7c 2966
wolfSSL 15:117db924cf7c 2967
wolfSSL 15:117db924cf7c 2968 /* WOLFSSL_SUCCESS on ok */
wolfSSL 16:8e0d178b1d1e 2969 WOLFSSL_ABI
wolfSSL 15:117db924cf7c 2970 int wolfSSL_shutdown(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 2971 {
wolfSSL 15:117db924cf7c 2972 int ret = WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 2973 WOLFSSL_ENTER("SSL_shutdown()");
wolfSSL 15:117db924cf7c 2974
wolfSSL 15:117db924cf7c 2975 if (ssl == NULL)
wolfSSL 15:117db924cf7c 2976 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 2977
wolfSSL 15:117db924cf7c 2978 if (ssl->options.quietShutdown) {
wolfSSL 15:117db924cf7c 2979 WOLFSSL_MSG("quiet shutdown, no close notify sent");
wolfSSL 15:117db924cf7c 2980 ret = WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 2981 }
wolfSSL 15:117db924cf7c 2982 else {
wolfSSL 15:117db924cf7c 2983 /* try to send close notify, not an error if can't */
wolfSSL 15:117db924cf7c 2984 if (!ssl->options.isClosed && !ssl->options.connReset &&
wolfSSL 15:117db924cf7c 2985 !ssl->options.sentNotify) {
wolfSSL 15:117db924cf7c 2986 ssl->error = SendAlert(ssl, alert_warning, close_notify);
wolfSSL 15:117db924cf7c 2987 if (ssl->error < 0) {
wolfSSL 15:117db924cf7c 2988 WOLFSSL_ERROR(ssl->error);
wolfSSL 15:117db924cf7c 2989 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 2990 }
wolfSSL 15:117db924cf7c 2991 ssl->options.sentNotify = 1; /* don't send close_notify twice */
wolfSSL 15:117db924cf7c 2992 if (ssl->options.closeNotify)
wolfSSL 15:117db924cf7c 2993 ret = WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 2994 else {
wolfSSL 15:117db924cf7c 2995 ret = WOLFSSL_SHUTDOWN_NOT_DONE;
wolfSSL 15:117db924cf7c 2996 WOLFSSL_LEAVE("SSL_shutdown()", ret);
wolfSSL 15:117db924cf7c 2997 return ret;
wolfSSL 15:117db924cf7c 2998 }
wolfSSL 15:117db924cf7c 2999 }
wolfSSL 15:117db924cf7c 3000
wolfSSL 16:8e0d178b1d1e 3001 #ifdef WOLFSSL_SHUTDOWNONCE
wolfSSL 16:8e0d178b1d1e 3002 if (ssl->options.isClosed || ssl->options.connReset) {
wolfSSL 16:8e0d178b1d1e 3003 /* Shutdown has already occurred.
wolfSSL 16:8e0d178b1d1e 3004 * Caller is free to ignore this error. */
wolfSSL 16:8e0d178b1d1e 3005 return SSL_SHUTDOWN_ALREADY_DONE_E;
wolfSSL 16:8e0d178b1d1e 3006 }
wolfSSL 16:8e0d178b1d1e 3007 #endif
wolfSSL 16:8e0d178b1d1e 3008
wolfSSL 15:117db924cf7c 3009 /* call wolfSSL_shutdown again for bidirectional shutdown */
wolfSSL 15:117db924cf7c 3010 if (ssl->options.sentNotify && !ssl->options.closeNotify) {
wolfSSL 16:8e0d178b1d1e 3011 ret = ProcessReply(ssl);
wolfSSL 16:8e0d178b1d1e 3012 if (ret == ZERO_RETURN) {
wolfSSL 16:8e0d178b1d1e 3013 /* simulate OpenSSL behavior */
wolfSSL 16:8e0d178b1d1e 3014 ssl->error = WOLFSSL_ERROR_SYSCALL;
wolfSSL 16:8e0d178b1d1e 3015 ret = WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 3016 } else if (ssl->error == WOLFSSL_ERROR_NONE) {
wolfSSL 16:8e0d178b1d1e 3017 ret = WOLFSSL_SHUTDOWN_NOT_DONE;
wolfSSL 16:8e0d178b1d1e 3018 } else {
wolfSSL 15:117db924cf7c 3019 WOLFSSL_ERROR(ssl->error);
wolfSSL 15:117db924cf7c 3020 ret = WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 3021 }
wolfSSL 15:117db924cf7c 3022 }
wolfSSL 15:117db924cf7c 3023 }
wolfSSL 15:117db924cf7c 3024
wolfSSL 15:117db924cf7c 3025 #ifdef OPENSSL_EXTRA
wolfSSL 15:117db924cf7c 3026 /* reset WOLFSSL structure state for possible re-use */
wolfSSL 15:117db924cf7c 3027 if (ret == WOLFSSL_SUCCESS) {
wolfSSL 15:117db924cf7c 3028 if (wolfSSL_clear(ssl) != WOLFSSL_SUCCESS) {
wolfSSL 15:117db924cf7c 3029 WOLFSSL_MSG("could not clear WOLFSSL");
wolfSSL 15:117db924cf7c 3030 ret = WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 3031 }
wolfSSL 15:117db924cf7c 3032 }
wolfSSL 15:117db924cf7c 3033 #endif
wolfSSL 15:117db924cf7c 3034
wolfSSL 15:117db924cf7c 3035 WOLFSSL_LEAVE("SSL_shutdown()", ret);
wolfSSL 15:117db924cf7c 3036
wolfSSL 15:117db924cf7c 3037 return ret;
wolfSSL 15:117db924cf7c 3038 }
wolfSSL 15:117db924cf7c 3039
wolfSSL 15:117db924cf7c 3040
wolfSSL 15:117db924cf7c 3041 /* get current error state value */
wolfSSL 15:117db924cf7c 3042 int wolfSSL_state(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 3043 {
wolfSSL 15:117db924cf7c 3044 if (ssl == NULL) {
wolfSSL 15:117db924cf7c 3045 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 3046 }
wolfSSL 15:117db924cf7c 3047
wolfSSL 15:117db924cf7c 3048 return ssl->error;
wolfSSL 15:117db924cf7c 3049 }
wolfSSL 15:117db924cf7c 3050
wolfSSL 15:117db924cf7c 3051
wolfSSL 16:8e0d178b1d1e 3052 WOLFSSL_ABI
wolfSSL 15:117db924cf7c 3053 int wolfSSL_get_error(WOLFSSL* ssl, int ret)
wolfSSL 15:117db924cf7c 3054 {
wolfSSL 15:117db924cf7c 3055 WOLFSSL_ENTER("SSL_get_error");
wolfSSL 15:117db924cf7c 3056
wolfSSL 15:117db924cf7c 3057 if (ret > 0)
wolfSSL 15:117db924cf7c 3058 return WOLFSSL_ERROR_NONE;
wolfSSL 15:117db924cf7c 3059 if (ssl == NULL)
wolfSSL 15:117db924cf7c 3060 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 3061
wolfSSL 15:117db924cf7c 3062 WOLFSSL_LEAVE("SSL_get_error", ssl->error);
wolfSSL 15:117db924cf7c 3063
wolfSSL 15:117db924cf7c 3064 /* make sure converted types are handled in SetErrorString() too */
wolfSSL 15:117db924cf7c 3065 if (ssl->error == WANT_READ)
wolfSSL 15:117db924cf7c 3066 return WOLFSSL_ERROR_WANT_READ; /* convert to OpenSSL type */
wolfSSL 15:117db924cf7c 3067 else if (ssl->error == WANT_WRITE)
wolfSSL 15:117db924cf7c 3068 return WOLFSSL_ERROR_WANT_WRITE; /* convert to OpenSSL type */
wolfSSL 15:117db924cf7c 3069 else if (ssl->error == ZERO_RETURN)
wolfSSL 15:117db924cf7c 3070 return WOLFSSL_ERROR_ZERO_RETURN; /* convert to OpenSSL type */
wolfSSL 15:117db924cf7c 3071 return ssl->error;
wolfSSL 15:117db924cf7c 3072 }
wolfSSL 15:117db924cf7c 3073
wolfSSL 15:117db924cf7c 3074
wolfSSL 16:8e0d178b1d1e 3075 /* retrieve alert history, WOLFSSL_SUCCESS on ok */
wolfSSL 15:117db924cf7c 3076 int wolfSSL_get_alert_history(WOLFSSL* ssl, WOLFSSL_ALERT_HISTORY *h)
wolfSSL 15:117db924cf7c 3077 {
wolfSSL 15:117db924cf7c 3078 if (ssl && h) {
wolfSSL 15:117db924cf7c 3079 *h = ssl->alert_history;
wolfSSL 15:117db924cf7c 3080 }
wolfSSL 15:117db924cf7c 3081 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 3082 }
wolfSSL 15:117db924cf7c 3083
wolfSSL 16:8e0d178b1d1e 3084 #ifdef OPENSSL_EXTRA
wolfSSL 16:8e0d178b1d1e 3085 /* returns SSL_WRITING, SSL_READING or SSL_NOTHING */
wolfSSL 16:8e0d178b1d1e 3086 int wolfSSL_want(WOLFSSL* ssl)
wolfSSL 16:8e0d178b1d1e 3087 {
wolfSSL 16:8e0d178b1d1e 3088 int rw_state = SSL_NOTHING;
wolfSSL 16:8e0d178b1d1e 3089 if (ssl) {
wolfSSL 16:8e0d178b1d1e 3090 if (ssl->error == WANT_READ)
wolfSSL 16:8e0d178b1d1e 3091 rw_state = SSL_READING;
wolfSSL 16:8e0d178b1d1e 3092 else if (ssl->error == WANT_WRITE)
wolfSSL 16:8e0d178b1d1e 3093 rw_state = SSL_WRITING;
wolfSSL 16:8e0d178b1d1e 3094 }
wolfSSL 16:8e0d178b1d1e 3095 return rw_state;
wolfSSL 16:8e0d178b1d1e 3096 }
wolfSSL 16:8e0d178b1d1e 3097 #endif
wolfSSL 15:117db924cf7c 3098
wolfSSL 15:117db924cf7c 3099 /* return TRUE if current error is want read */
wolfSSL 15:117db924cf7c 3100 int wolfSSL_want_read(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 3101 {
wolfSSL 15:117db924cf7c 3102 WOLFSSL_ENTER("SSL_want_read");
wolfSSL 15:117db924cf7c 3103 if (ssl->error == WANT_READ)
wolfSSL 15:117db924cf7c 3104 return 1;
wolfSSL 15:117db924cf7c 3105
wolfSSL 15:117db924cf7c 3106 return 0;
wolfSSL 15:117db924cf7c 3107 }
wolfSSL 15:117db924cf7c 3108
wolfSSL 15:117db924cf7c 3109
wolfSSL 15:117db924cf7c 3110 /* return TRUE if current error is want write */
wolfSSL 15:117db924cf7c 3111 int wolfSSL_want_write(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 3112 {
wolfSSL 15:117db924cf7c 3113 WOLFSSL_ENTER("SSL_want_write");
wolfSSL 15:117db924cf7c 3114 if (ssl->error == WANT_WRITE)
wolfSSL 15:117db924cf7c 3115 return 1;
wolfSSL 15:117db924cf7c 3116
wolfSSL 15:117db924cf7c 3117 return 0;
wolfSSL 15:117db924cf7c 3118 }
wolfSSL 15:117db924cf7c 3119
wolfSSL 15:117db924cf7c 3120
wolfSSL 15:117db924cf7c 3121 char* wolfSSL_ERR_error_string(unsigned long errNumber, char* data)
wolfSSL 15:117db924cf7c 3122 {
wolfSSL 16:8e0d178b1d1e 3123 static wcchar msg = "Please supply a buffer for error string";
wolfSSL 15:117db924cf7c 3124
wolfSSL 15:117db924cf7c 3125 WOLFSSL_ENTER("ERR_error_string");
wolfSSL 15:117db924cf7c 3126 if (data) {
wolfSSL 15:117db924cf7c 3127 SetErrorString((int)errNumber, data);
wolfSSL 15:117db924cf7c 3128 return data;
wolfSSL 15:117db924cf7c 3129 }
wolfSSL 15:117db924cf7c 3130
wolfSSL 15:117db924cf7c 3131 return (char*)msg;
wolfSSL 15:117db924cf7c 3132 }
wolfSSL 15:117db924cf7c 3133
wolfSSL 15:117db924cf7c 3134
wolfSSL 15:117db924cf7c 3135 void wolfSSL_ERR_error_string_n(unsigned long e, char* buf, unsigned long len)
wolfSSL 15:117db924cf7c 3136 {
wolfSSL 15:117db924cf7c 3137 WOLFSSL_ENTER("wolfSSL_ERR_error_string_n");
wolfSSL 15:117db924cf7c 3138 if (len >= WOLFSSL_MAX_ERROR_SZ)
wolfSSL 15:117db924cf7c 3139 wolfSSL_ERR_error_string(e, buf);
wolfSSL 15:117db924cf7c 3140 else {
wolfSSL 15:117db924cf7c 3141 char tmp[WOLFSSL_MAX_ERROR_SZ];
wolfSSL 15:117db924cf7c 3142
wolfSSL 15:117db924cf7c 3143 WOLFSSL_MSG("Error buffer too short, truncating");
wolfSSL 15:117db924cf7c 3144 if (len) {
wolfSSL 15:117db924cf7c 3145 wolfSSL_ERR_error_string(e, tmp);
wolfSSL 15:117db924cf7c 3146 XMEMCPY(buf, tmp, len-1);
wolfSSL 15:117db924cf7c 3147 buf[len-1] = '\0';
wolfSSL 15:117db924cf7c 3148 }
wolfSSL 15:117db924cf7c 3149 }
wolfSSL 15:117db924cf7c 3150 }
wolfSSL 15:117db924cf7c 3151
wolfSSL 15:117db924cf7c 3152
wolfSSL 15:117db924cf7c 3153 /* don't free temporary arrays at end of handshake */
wolfSSL 15:117db924cf7c 3154 void wolfSSL_KeepArrays(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 3155 {
wolfSSL 15:117db924cf7c 3156 if (ssl)
wolfSSL 15:117db924cf7c 3157 ssl->options.saveArrays = 1;
wolfSSL 15:117db924cf7c 3158 }
wolfSSL 15:117db924cf7c 3159
wolfSSL 15:117db924cf7c 3160
wolfSSL 15:117db924cf7c 3161 /* user doesn't need temporary arrays anymore, Free */
wolfSSL 15:117db924cf7c 3162 void wolfSSL_FreeArrays(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 3163 {
wolfSSL 15:117db924cf7c 3164 if (ssl && ssl->options.handShakeState == HANDSHAKE_DONE) {
wolfSSL 15:117db924cf7c 3165 ssl->options.saveArrays = 0;
wolfSSL 15:117db924cf7c 3166 FreeArrays(ssl, 1);
wolfSSL 15:117db924cf7c 3167 }
wolfSSL 15:117db924cf7c 3168 }
wolfSSL 15:117db924cf7c 3169
wolfSSL 15:117db924cf7c 3170 /* Set option to indicate that the resources are not to be freed after
wolfSSL 15:117db924cf7c 3171 * handshake.
wolfSSL 15:117db924cf7c 3172 *
wolfSSL 15:117db924cf7c 3173 * ssl The SSL/TLS object.
wolfSSL 15:117db924cf7c 3174 * returns BAD_FUNC_ARG when ssl is NULL and 0 on success.
wolfSSL 15:117db924cf7c 3175 */
wolfSSL 15:117db924cf7c 3176 int wolfSSL_KeepHandshakeResources(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 3177 {
wolfSSL 15:117db924cf7c 3178 if (ssl == NULL)
wolfSSL 15:117db924cf7c 3179 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 3180
wolfSSL 15:117db924cf7c 3181 ssl->options.keepResources = 1;
wolfSSL 15:117db924cf7c 3182
wolfSSL 15:117db924cf7c 3183 return 0;
wolfSSL 15:117db924cf7c 3184 }
wolfSSL 15:117db924cf7c 3185
wolfSSL 15:117db924cf7c 3186 /* Free the handshake resources after handshake.
wolfSSL 15:117db924cf7c 3187 *
wolfSSL 15:117db924cf7c 3188 * ssl The SSL/TLS object.
wolfSSL 15:117db924cf7c 3189 * returns BAD_FUNC_ARG when ssl is NULL and 0 on success.
wolfSSL 15:117db924cf7c 3190 */
wolfSSL 15:117db924cf7c 3191 int wolfSSL_FreeHandshakeResources(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 3192 {
wolfSSL 15:117db924cf7c 3193 if (ssl == NULL)
wolfSSL 15:117db924cf7c 3194 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 3195
wolfSSL 15:117db924cf7c 3196 FreeHandshakeResources(ssl);
wolfSSL 15:117db924cf7c 3197
wolfSSL 15:117db924cf7c 3198 return 0;
wolfSSL 15:117db924cf7c 3199 }
wolfSSL 15:117db924cf7c 3200
wolfSSL 15:117db924cf7c 3201 /* Use the client's order of preference when matching cipher suites.
wolfSSL 15:117db924cf7c 3202 *
wolfSSL 15:117db924cf7c 3203 * ssl The SSL/TLS context object.
wolfSSL 15:117db924cf7c 3204 * returns BAD_FUNC_ARG when ssl is NULL and 0 on success.
wolfSSL 15:117db924cf7c 3205 */
wolfSSL 15:117db924cf7c 3206 int wolfSSL_CTX_UseClientSuites(WOLFSSL_CTX* ctx)
wolfSSL 15:117db924cf7c 3207 {
wolfSSL 15:117db924cf7c 3208 if (ctx == NULL)
wolfSSL 15:117db924cf7c 3209 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 3210
wolfSSL 15:117db924cf7c 3211 ctx->useClientOrder = 1;
wolfSSL 15:117db924cf7c 3212
wolfSSL 15:117db924cf7c 3213 return 0;
wolfSSL 15:117db924cf7c 3214 }
wolfSSL 15:117db924cf7c 3215
wolfSSL 15:117db924cf7c 3216 /* Use the client's order of preference when matching cipher suites.
wolfSSL 15:117db924cf7c 3217 *
wolfSSL 15:117db924cf7c 3218 * ssl The SSL/TLS object.
wolfSSL 15:117db924cf7c 3219 * returns BAD_FUNC_ARG when ssl is NULL and 0 on success.
wolfSSL 15:117db924cf7c 3220 */
wolfSSL 15:117db924cf7c 3221 int wolfSSL_UseClientSuites(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 3222 {
wolfSSL 15:117db924cf7c 3223 if (ssl == NULL)
wolfSSL 15:117db924cf7c 3224 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 3225
wolfSSL 15:117db924cf7c 3226 ssl->options.useClientOrder = 1;
wolfSSL 15:117db924cf7c 3227
wolfSSL 15:117db924cf7c 3228 return 0;
wolfSSL 15:117db924cf7c 3229 }
wolfSSL 15:117db924cf7c 3230
wolfSSL 15:117db924cf7c 3231 const byte* wolfSSL_GetMacSecret(WOLFSSL* ssl, int verify)
wolfSSL 15:117db924cf7c 3232 {
wolfSSL 16:8e0d178b1d1e 3233 #ifndef WOLFSSL_AEAD_ONLY
wolfSSL 15:117db924cf7c 3234 if (ssl == NULL)
wolfSSL 15:117db924cf7c 3235 return NULL;
wolfSSL 15:117db924cf7c 3236
wolfSSL 15:117db924cf7c 3237 if ( (ssl->options.side == WOLFSSL_CLIENT_END && !verify) ||
wolfSSL 15:117db924cf7c 3238 (ssl->options.side == WOLFSSL_SERVER_END && verify) )
wolfSSL 15:117db924cf7c 3239 return ssl->keys.client_write_MAC_secret;
wolfSSL 15:117db924cf7c 3240 else
wolfSSL 15:117db924cf7c 3241 return ssl->keys.server_write_MAC_secret;
wolfSSL 16:8e0d178b1d1e 3242 #else
wolfSSL 16:8e0d178b1d1e 3243 (void)ssl;
wolfSSL 16:8e0d178b1d1e 3244 (void)verify;
wolfSSL 16:8e0d178b1d1e 3245
wolfSSL 16:8e0d178b1d1e 3246 return NULL;
wolfSSL 16:8e0d178b1d1e 3247 #endif
wolfSSL 15:117db924cf7c 3248 }
wolfSSL 15:117db924cf7c 3249
wolfSSL 15:117db924cf7c 3250
wolfSSL 15:117db924cf7c 3251 #ifdef ATOMIC_USER
wolfSSL 15:117db924cf7c 3252
wolfSSL 15:117db924cf7c 3253 void wolfSSL_CTX_SetMacEncryptCb(WOLFSSL_CTX* ctx, CallbackMacEncrypt cb)
wolfSSL 15:117db924cf7c 3254 {
wolfSSL 15:117db924cf7c 3255 if (ctx)
wolfSSL 15:117db924cf7c 3256 ctx->MacEncryptCb = cb;
wolfSSL 15:117db924cf7c 3257 }
wolfSSL 15:117db924cf7c 3258
wolfSSL 15:117db924cf7c 3259
wolfSSL 15:117db924cf7c 3260 void wolfSSL_SetMacEncryptCtx(WOLFSSL* ssl, void *ctx)
wolfSSL 15:117db924cf7c 3261 {
wolfSSL 15:117db924cf7c 3262 if (ssl)
wolfSSL 15:117db924cf7c 3263 ssl->MacEncryptCtx = ctx;
wolfSSL 15:117db924cf7c 3264 }
wolfSSL 15:117db924cf7c 3265
wolfSSL 15:117db924cf7c 3266
wolfSSL 15:117db924cf7c 3267 void* wolfSSL_GetMacEncryptCtx(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 3268 {
wolfSSL 15:117db924cf7c 3269 if (ssl)
wolfSSL 15:117db924cf7c 3270 return ssl->MacEncryptCtx;
wolfSSL 15:117db924cf7c 3271
wolfSSL 15:117db924cf7c 3272 return NULL;
wolfSSL 15:117db924cf7c 3273 }
wolfSSL 15:117db924cf7c 3274
wolfSSL 15:117db924cf7c 3275
wolfSSL 15:117db924cf7c 3276 void wolfSSL_CTX_SetDecryptVerifyCb(WOLFSSL_CTX* ctx, CallbackDecryptVerify cb)
wolfSSL 15:117db924cf7c 3277 {
wolfSSL 15:117db924cf7c 3278 if (ctx)
wolfSSL 15:117db924cf7c 3279 ctx->DecryptVerifyCb = cb;
wolfSSL 15:117db924cf7c 3280 }
wolfSSL 15:117db924cf7c 3281
wolfSSL 15:117db924cf7c 3282
wolfSSL 15:117db924cf7c 3283 void wolfSSL_SetDecryptVerifyCtx(WOLFSSL* ssl, void *ctx)
wolfSSL 15:117db924cf7c 3284 {
wolfSSL 15:117db924cf7c 3285 if (ssl)
wolfSSL 15:117db924cf7c 3286 ssl->DecryptVerifyCtx = ctx;
wolfSSL 15:117db924cf7c 3287 }
wolfSSL 15:117db924cf7c 3288
wolfSSL 15:117db924cf7c 3289
wolfSSL 15:117db924cf7c 3290 void* wolfSSL_GetDecryptVerifyCtx(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 3291 {
wolfSSL 15:117db924cf7c 3292 if (ssl)
wolfSSL 15:117db924cf7c 3293 return ssl->DecryptVerifyCtx;
wolfSSL 15:117db924cf7c 3294
wolfSSL 15:117db924cf7c 3295 return NULL;
wolfSSL 15:117db924cf7c 3296 }
wolfSSL 15:117db924cf7c 3297
wolfSSL 16:8e0d178b1d1e 3298 #if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
wolfSSL 16:8e0d178b1d1e 3299 /**
wolfSSL 16:8e0d178b1d1e 3300 * Set the callback, against the context, that encrypts then MACs.
wolfSSL 16:8e0d178b1d1e 3301 *
wolfSSL 16:8e0d178b1d1e 3302 * ctx SSL/TLS context.
wolfSSL 16:8e0d178b1d1e 3303 * cb Callback function to use with Encrypt-Then-MAC.
wolfSSL 16:8e0d178b1d1e 3304 */
wolfSSL 16:8e0d178b1d1e 3305 void wolfSSL_CTX_SetEncryptMacCb(WOLFSSL_CTX* ctx, CallbackEncryptMac cb)
wolfSSL 16:8e0d178b1d1e 3306 {
wolfSSL 16:8e0d178b1d1e 3307 if (ctx)
wolfSSL 16:8e0d178b1d1e 3308 ctx->EncryptMacCb = cb;
wolfSSL 16:8e0d178b1d1e 3309 }
wolfSSL 16:8e0d178b1d1e 3310
wolfSSL 16:8e0d178b1d1e 3311 /**
wolfSSL 16:8e0d178b1d1e 3312 * Set the context to use with callback that encrypts then MACs.
wolfSSL 16:8e0d178b1d1e 3313 *
wolfSSL 16:8e0d178b1d1e 3314 * ssl SSL/TLS object.
wolfSSL 16:8e0d178b1d1e 3315 * ctx Callback function's context.
wolfSSL 16:8e0d178b1d1e 3316 */
wolfSSL 16:8e0d178b1d1e 3317 void wolfSSL_SetEncryptMacCtx(WOLFSSL* ssl, void *ctx)
wolfSSL 16:8e0d178b1d1e 3318 {
wolfSSL 16:8e0d178b1d1e 3319 if (ssl)
wolfSSL 16:8e0d178b1d1e 3320 ssl->EncryptMacCtx = ctx;
wolfSSL 16:8e0d178b1d1e 3321 }
wolfSSL 16:8e0d178b1d1e 3322
wolfSSL 16:8e0d178b1d1e 3323 /**
wolfSSL 16:8e0d178b1d1e 3324 * Get the context being used with callback that encrypts then MACs.
wolfSSL 16:8e0d178b1d1e 3325 *
wolfSSL 16:8e0d178b1d1e 3326 * ssl SSL/TLS object.
wolfSSL 16:8e0d178b1d1e 3327 * returns callback function's context or NULL if SSL/TLS object is NULL.
wolfSSL 16:8e0d178b1d1e 3328 */
wolfSSL 16:8e0d178b1d1e 3329 void* wolfSSL_GetEncryptMacCtx(WOLFSSL* ssl)
wolfSSL 16:8e0d178b1d1e 3330 {
wolfSSL 16:8e0d178b1d1e 3331 if (ssl)
wolfSSL 16:8e0d178b1d1e 3332 return ssl->EncryptMacCtx;
wolfSSL 16:8e0d178b1d1e 3333
wolfSSL 16:8e0d178b1d1e 3334 return NULL;
wolfSSL 16:8e0d178b1d1e 3335 }
wolfSSL 16:8e0d178b1d1e 3336
wolfSSL 16:8e0d178b1d1e 3337
wolfSSL 16:8e0d178b1d1e 3338 /**
wolfSSL 16:8e0d178b1d1e 3339 * Set the callback, against the context, that MAC verifies then decrypts.
wolfSSL 16:8e0d178b1d1e 3340 *
wolfSSL 16:8e0d178b1d1e 3341 * ctx SSL/TLS context.
wolfSSL 16:8e0d178b1d1e 3342 * cb Callback function to use with Encrypt-Then-MAC.
wolfSSL 16:8e0d178b1d1e 3343 */
wolfSSL 16:8e0d178b1d1e 3344 void wolfSSL_CTX_SetVerifyDecryptCb(WOLFSSL_CTX* ctx, CallbackVerifyDecrypt cb)
wolfSSL 16:8e0d178b1d1e 3345 {
wolfSSL 16:8e0d178b1d1e 3346 if (ctx)
wolfSSL 16:8e0d178b1d1e 3347 ctx->VerifyDecryptCb = cb;
wolfSSL 16:8e0d178b1d1e 3348 }
wolfSSL 16:8e0d178b1d1e 3349
wolfSSL 16:8e0d178b1d1e 3350 /**
wolfSSL 16:8e0d178b1d1e 3351 * Set the context to use with callback that MAC verifies then decrypts.
wolfSSL 16:8e0d178b1d1e 3352 *
wolfSSL 16:8e0d178b1d1e 3353 * ssl SSL/TLS object.
wolfSSL 16:8e0d178b1d1e 3354 * ctx Callback function's context.
wolfSSL 16:8e0d178b1d1e 3355 */
wolfSSL 16:8e0d178b1d1e 3356 void wolfSSL_SetVerifyDecryptCtx(WOLFSSL* ssl, void *ctx)
wolfSSL 16:8e0d178b1d1e 3357 {
wolfSSL 16:8e0d178b1d1e 3358 if (ssl)
wolfSSL 16:8e0d178b1d1e 3359 ssl->VerifyDecryptCtx = ctx;
wolfSSL 16:8e0d178b1d1e 3360 }
wolfSSL 16:8e0d178b1d1e 3361
wolfSSL 16:8e0d178b1d1e 3362 /**
wolfSSL 16:8e0d178b1d1e 3363 * Get the context being used with callback that MAC verifies then decrypts.
wolfSSL 16:8e0d178b1d1e 3364 *
wolfSSL 16:8e0d178b1d1e 3365 * ssl SSL/TLS object.
wolfSSL 16:8e0d178b1d1e 3366 * returns callback function's context or NULL if SSL/TLS object is NULL.
wolfSSL 16:8e0d178b1d1e 3367 */
wolfSSL 16:8e0d178b1d1e 3368 void* wolfSSL_GetVerifyDecryptCtx(WOLFSSL* ssl)
wolfSSL 16:8e0d178b1d1e 3369 {
wolfSSL 16:8e0d178b1d1e 3370 if (ssl)
wolfSSL 16:8e0d178b1d1e 3371 return ssl->VerifyDecryptCtx;
wolfSSL 16:8e0d178b1d1e 3372
wolfSSL 16:8e0d178b1d1e 3373 return NULL;
wolfSSL 16:8e0d178b1d1e 3374 }
wolfSSL 16:8e0d178b1d1e 3375 #endif /* HAVE_ENCRYPT_THEN_MAC !WOLFSSL_AEAD_ONLY */
wolfSSL 16:8e0d178b1d1e 3376
wolfSSL 16:8e0d178b1d1e 3377
wolfSSL 15:117db924cf7c 3378
wolfSSL 15:117db924cf7c 3379 const byte* wolfSSL_GetClientWriteKey(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 3380 {
wolfSSL 15:117db924cf7c 3381 if (ssl)
wolfSSL 15:117db924cf7c 3382 return ssl->keys.client_write_key;
wolfSSL 15:117db924cf7c 3383
wolfSSL 15:117db924cf7c 3384 return NULL;
wolfSSL 15:117db924cf7c 3385 }
wolfSSL 15:117db924cf7c 3386
wolfSSL 15:117db924cf7c 3387
wolfSSL 15:117db924cf7c 3388 const byte* wolfSSL_GetClientWriteIV(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 3389 {
wolfSSL 15:117db924cf7c 3390 if (ssl)
wolfSSL 15:117db924cf7c 3391 return ssl->keys.client_write_IV;
wolfSSL 15:117db924cf7c 3392
wolfSSL 15:117db924cf7c 3393 return NULL;
wolfSSL 15:117db924cf7c 3394 }
wolfSSL 15:117db924cf7c 3395
wolfSSL 15:117db924cf7c 3396
wolfSSL 15:117db924cf7c 3397 const byte* wolfSSL_GetServerWriteKey(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 3398 {
wolfSSL 15:117db924cf7c 3399 if (ssl)
wolfSSL 15:117db924cf7c 3400 return ssl->keys.server_write_key;
wolfSSL 15:117db924cf7c 3401
wolfSSL 15:117db924cf7c 3402 return NULL;
wolfSSL 15:117db924cf7c 3403 }
wolfSSL 15:117db924cf7c 3404
wolfSSL 15:117db924cf7c 3405
wolfSSL 15:117db924cf7c 3406 const byte* wolfSSL_GetServerWriteIV(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 3407 {
wolfSSL 15:117db924cf7c 3408 if (ssl)
wolfSSL 15:117db924cf7c 3409 return ssl->keys.server_write_IV;
wolfSSL 15:117db924cf7c 3410
wolfSSL 15:117db924cf7c 3411 return NULL;
wolfSSL 15:117db924cf7c 3412 }
wolfSSL 15:117db924cf7c 3413
wolfSSL 15:117db924cf7c 3414 int wolfSSL_GetKeySize(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 3415 {
wolfSSL 15:117db924cf7c 3416 if (ssl)
wolfSSL 15:117db924cf7c 3417 return ssl->specs.key_size;
wolfSSL 15:117db924cf7c 3418
wolfSSL 15:117db924cf7c 3419 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 3420 }
wolfSSL 15:117db924cf7c 3421
wolfSSL 15:117db924cf7c 3422
wolfSSL 15:117db924cf7c 3423 int wolfSSL_GetIVSize(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 3424 {
wolfSSL 15:117db924cf7c 3425 if (ssl)
wolfSSL 15:117db924cf7c 3426 return ssl->specs.iv_size;
wolfSSL 15:117db924cf7c 3427
wolfSSL 15:117db924cf7c 3428 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 3429 }
wolfSSL 15:117db924cf7c 3430
wolfSSL 15:117db924cf7c 3431
wolfSSL 15:117db924cf7c 3432 int wolfSSL_GetBulkCipher(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 3433 {
wolfSSL 15:117db924cf7c 3434 if (ssl)
wolfSSL 15:117db924cf7c 3435 return ssl->specs.bulk_cipher_algorithm;
wolfSSL 15:117db924cf7c 3436
wolfSSL 15:117db924cf7c 3437 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 3438 }
wolfSSL 15:117db924cf7c 3439
wolfSSL 15:117db924cf7c 3440
wolfSSL 15:117db924cf7c 3441 int wolfSSL_GetCipherType(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 3442 {
wolfSSL 15:117db924cf7c 3443 if (ssl == NULL)
wolfSSL 15:117db924cf7c 3444 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 3445
wolfSSL 16:8e0d178b1d1e 3446 #ifndef WOLFSSL_AEAD_ONLY
wolfSSL 15:117db924cf7c 3447 if (ssl->specs.cipher_type == block)
wolfSSL 15:117db924cf7c 3448 return WOLFSSL_BLOCK_TYPE;
wolfSSL 15:117db924cf7c 3449 if (ssl->specs.cipher_type == stream)
wolfSSL 15:117db924cf7c 3450 return WOLFSSL_STREAM_TYPE;
wolfSSL 16:8e0d178b1d1e 3451 #endif
wolfSSL 15:117db924cf7c 3452 if (ssl->specs.cipher_type == aead)
wolfSSL 15:117db924cf7c 3453 return WOLFSSL_AEAD_TYPE;
wolfSSL 15:117db924cf7c 3454
wolfSSL 15:117db924cf7c 3455 return -1;
wolfSSL 15:117db924cf7c 3456 }
wolfSSL 15:117db924cf7c 3457
wolfSSL 15:117db924cf7c 3458
wolfSSL 15:117db924cf7c 3459 int wolfSSL_GetCipherBlockSize(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 3460 {
wolfSSL 15:117db924cf7c 3461 if (ssl == NULL)
wolfSSL 15:117db924cf7c 3462 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 3463
wolfSSL 15:117db924cf7c 3464 return ssl->specs.block_size;
wolfSSL 15:117db924cf7c 3465 }
wolfSSL 15:117db924cf7c 3466
wolfSSL 15:117db924cf7c 3467
wolfSSL 15:117db924cf7c 3468 int wolfSSL_GetAeadMacSize(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 3469 {
wolfSSL 15:117db924cf7c 3470 if (ssl == NULL)
wolfSSL 15:117db924cf7c 3471 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 3472
wolfSSL 15:117db924cf7c 3473 return ssl->specs.aead_mac_size;
wolfSSL 15:117db924cf7c 3474 }
wolfSSL 15:117db924cf7c 3475
wolfSSL 15:117db924cf7c 3476
wolfSSL 15:117db924cf7c 3477 int wolfSSL_IsTLSv1_1(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 3478 {
wolfSSL 15:117db924cf7c 3479 if (ssl == NULL)
wolfSSL 15:117db924cf7c 3480 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 3481
wolfSSL 15:117db924cf7c 3482 if (ssl->options.tls1_1)
wolfSSL 15:117db924cf7c 3483 return 1;
wolfSSL 15:117db924cf7c 3484
wolfSSL 15:117db924cf7c 3485 return 0;
wolfSSL 15:117db924cf7c 3486 }
wolfSSL 15:117db924cf7c 3487
wolfSSL 15:117db924cf7c 3488
wolfSSL 15:117db924cf7c 3489 int wolfSSL_GetSide(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 3490 {
wolfSSL 15:117db924cf7c 3491 if (ssl)
wolfSSL 15:117db924cf7c 3492 return ssl->options.side;
wolfSSL 15:117db924cf7c 3493
wolfSSL 15:117db924cf7c 3494 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 3495 }
wolfSSL 15:117db924cf7c 3496
wolfSSL 15:117db924cf7c 3497
wolfSSL 15:117db924cf7c 3498 int wolfSSL_GetHmacSize(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 3499 {
wolfSSL 15:117db924cf7c 3500 /* AEAD ciphers don't have HMAC keys */
wolfSSL 15:117db924cf7c 3501 if (ssl)
wolfSSL 15:117db924cf7c 3502 return (ssl->specs.cipher_type != aead) ? ssl->specs.hash_size : 0;
wolfSSL 15:117db924cf7c 3503
wolfSSL 15:117db924cf7c 3504 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 3505 }
wolfSSL 15:117db924cf7c 3506
wolfSSL 15:117db924cf7c 3507 #endif /* ATOMIC_USER */
wolfSSL 15:117db924cf7c 3508
wolfSSL 15:117db924cf7c 3509 #ifndef NO_CERTS
wolfSSL 15:117db924cf7c 3510
wolfSSL 15:117db924cf7c 3511 WOLFSSL_CERT_MANAGER* wolfSSL_CTX_GetCertManager(WOLFSSL_CTX* ctx)
wolfSSL 15:117db924cf7c 3512 {
wolfSSL 15:117db924cf7c 3513 WOLFSSL_CERT_MANAGER* cm = NULL;
wolfSSL 15:117db924cf7c 3514 if (ctx)
wolfSSL 15:117db924cf7c 3515 cm = ctx->cm;
wolfSSL 15:117db924cf7c 3516 return cm;
wolfSSL 15:117db924cf7c 3517 }
wolfSSL 15:117db924cf7c 3518
wolfSSL 15:117db924cf7c 3519 WOLFSSL_CERT_MANAGER* wolfSSL_CertManagerNew_ex(void* heap)
wolfSSL 15:117db924cf7c 3520 {
wolfSSL 16:8e0d178b1d1e 3521 WOLFSSL_CERT_MANAGER* cm;
wolfSSL 15:117db924cf7c 3522
wolfSSL 15:117db924cf7c 3523 WOLFSSL_ENTER("wolfSSL_CertManagerNew");
wolfSSL 15:117db924cf7c 3524
wolfSSL 15:117db924cf7c 3525 cm = (WOLFSSL_CERT_MANAGER*) XMALLOC(sizeof(WOLFSSL_CERT_MANAGER), heap,
wolfSSL 15:117db924cf7c 3526 DYNAMIC_TYPE_CERT_MANAGER);
wolfSSL 15:117db924cf7c 3527 if (cm) {
wolfSSL 15:117db924cf7c 3528 XMEMSET(cm, 0, sizeof(WOLFSSL_CERT_MANAGER));
wolfSSL 15:117db924cf7c 3529
wolfSSL 15:117db924cf7c 3530 if (wc_InitMutex(&cm->caLock) != 0) {
wolfSSL 15:117db924cf7c 3531 WOLFSSL_MSG("Bad mutex init");
wolfSSL 15:117db924cf7c 3532 wolfSSL_CertManagerFree(cm);
wolfSSL 15:117db924cf7c 3533 return NULL;
wolfSSL 15:117db924cf7c 3534 }
wolfSSL 15:117db924cf7c 3535
wolfSSL 15:117db924cf7c 3536 #ifdef WOLFSSL_TRUST_PEER_CERT
wolfSSL 15:117db924cf7c 3537 if (wc_InitMutex(&cm->tpLock) != 0) {
wolfSSL 15:117db924cf7c 3538 WOLFSSL_MSG("Bad mutex init");
wolfSSL 15:117db924cf7c 3539 wolfSSL_CertManagerFree(cm);
wolfSSL 15:117db924cf7c 3540 return NULL;
wolfSSL 15:117db924cf7c 3541 }
wolfSSL 15:117db924cf7c 3542 #endif
wolfSSL 15:117db924cf7c 3543
wolfSSL 15:117db924cf7c 3544 /* set default minimum key size allowed */
wolfSSL 15:117db924cf7c 3545 #ifndef NO_RSA
wolfSSL 15:117db924cf7c 3546 cm->minRsaKeySz = MIN_RSAKEY_SZ;
wolfSSL 15:117db924cf7c 3547 #endif
wolfSSL 15:117db924cf7c 3548 #ifdef HAVE_ECC
wolfSSL 15:117db924cf7c 3549 cm->minEccKeySz = MIN_ECCKEY_SZ;
wolfSSL 15:117db924cf7c 3550 #endif
wolfSSL 15:117db924cf7c 3551 cm->heap = heap;
wolfSSL 15:117db924cf7c 3552 }
wolfSSL 15:117db924cf7c 3553
wolfSSL 15:117db924cf7c 3554 return cm;
wolfSSL 15:117db924cf7c 3555 }
wolfSSL 15:117db924cf7c 3556
wolfSSL 15:117db924cf7c 3557
wolfSSL 15:117db924cf7c 3558 WOLFSSL_CERT_MANAGER* wolfSSL_CertManagerNew(void)
wolfSSL 15:117db924cf7c 3559 {
wolfSSL 15:117db924cf7c 3560 return wolfSSL_CertManagerNew_ex(NULL);
wolfSSL 15:117db924cf7c 3561 }
wolfSSL 15:117db924cf7c 3562
wolfSSL 15:117db924cf7c 3563
wolfSSL 15:117db924cf7c 3564 void wolfSSL_CertManagerFree(WOLFSSL_CERT_MANAGER* cm)
wolfSSL 15:117db924cf7c 3565 {
wolfSSL 15:117db924cf7c 3566 WOLFSSL_ENTER("wolfSSL_CertManagerFree");
wolfSSL 15:117db924cf7c 3567
wolfSSL 15:117db924cf7c 3568 if (cm) {
wolfSSL 15:117db924cf7c 3569 #ifdef HAVE_CRL
wolfSSL 15:117db924cf7c 3570 if (cm->crl)
wolfSSL 15:117db924cf7c 3571 FreeCRL(cm->crl, 1);
wolfSSL 15:117db924cf7c 3572 #endif
wolfSSL 15:117db924cf7c 3573 #ifdef HAVE_OCSP
wolfSSL 15:117db924cf7c 3574 if (cm->ocsp)
wolfSSL 15:117db924cf7c 3575 FreeOCSP(cm->ocsp, 1);
wolfSSL 15:117db924cf7c 3576 XFREE(cm->ocspOverrideURL, cm->heap, DYNAMIC_TYPE_URL);
wolfSSL 16:8e0d178b1d1e 3577 #if !defined(NO_WOLFSSL_SERVER) && \
wolfSSL 16:8e0d178b1d1e 3578 (defined(HAVE_CERTIFICATE_STATUS_REQUEST) || \
wolfSSL 16:8e0d178b1d1e 3579 defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2))
wolfSSL 15:117db924cf7c 3580 if (cm->ocsp_stapling)
wolfSSL 15:117db924cf7c 3581 FreeOCSP(cm->ocsp_stapling, 1);
wolfSSL 15:117db924cf7c 3582 #endif
wolfSSL 15:117db924cf7c 3583 #endif
wolfSSL 15:117db924cf7c 3584 FreeSignerTable(cm->caTable, CA_TABLE_SIZE, cm->heap);
wolfSSL 15:117db924cf7c 3585 wc_FreeMutex(&cm->caLock);
wolfSSL 15:117db924cf7c 3586
wolfSSL 15:117db924cf7c 3587 #ifdef WOLFSSL_TRUST_PEER_CERT
wolfSSL 15:117db924cf7c 3588 FreeTrustedPeerTable(cm->tpTable, TP_TABLE_SIZE, cm->heap);
wolfSSL 15:117db924cf7c 3589 wc_FreeMutex(&cm->tpLock);
wolfSSL 15:117db924cf7c 3590 #endif
wolfSSL 15:117db924cf7c 3591
wolfSSL 15:117db924cf7c 3592 XFREE(cm, cm->heap, DYNAMIC_TYPE_CERT_MANAGER);
wolfSSL 15:117db924cf7c 3593 }
wolfSSL 15:117db924cf7c 3594
wolfSSL 15:117db924cf7c 3595 }
wolfSSL 15:117db924cf7c 3596
wolfSSL 16:8e0d178b1d1e 3597 #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM)
wolfSSL 16:8e0d178b1d1e 3598 #if defined(WOLFSSL_SIGNER_DER_CERT)
wolfSSL 16:8e0d178b1d1e 3599 /******************************************************************************
wolfSSL 16:8e0d178b1d1e 3600 * wolfSSL_CertManagerGetCerts - retrieve stack of X509 certificates in a
wolfSSL 16:8e0d178b1d1e 3601 * certificate manager (CM).
wolfSSL 16:8e0d178b1d1e 3602 *
wolfSSL 16:8e0d178b1d1e 3603 * RETURNS:
wolfSSL 16:8e0d178b1d1e 3604 * returns stack of X509 certs on success, otherwise returns a NULL.
wolfSSL 16:8e0d178b1d1e 3605 */
wolfSSL 16:8e0d178b1d1e 3606 WOLFSSL_STACK* wolfSSL_CertManagerGetCerts(WOLFSSL_CERT_MANAGER* cm)
wolfSSL 16:8e0d178b1d1e 3607 {
wolfSSL 16:8e0d178b1d1e 3608 WOLFSSL_STACK* sk = NULL;
wolfSSL 16:8e0d178b1d1e 3609 Signer* signers = NULL;
wolfSSL 16:8e0d178b1d1e 3610 word32 row = 0;
wolfSSL 16:8e0d178b1d1e 3611 DecodedCert* dCert = NULL;
wolfSSL 16:8e0d178b1d1e 3612 WOLFSSL_X509* x509 = NULL;
wolfSSL 16:8e0d178b1d1e 3613 int found = 0;
wolfSSL 16:8e0d178b1d1e 3614
wolfSSL 16:8e0d178b1d1e 3615 if (cm == NULL)
wolfSSL 16:8e0d178b1d1e 3616 return NULL;
wolfSSL 16:8e0d178b1d1e 3617
wolfSSL 16:8e0d178b1d1e 3618 sk = wolfSSL_sk_X509_new();
wolfSSL 16:8e0d178b1d1e 3619
wolfSSL 16:8e0d178b1d1e 3620 if (sk == NULL) {
wolfSSL 16:8e0d178b1d1e 3621 return NULL;
wolfSSL 16:8e0d178b1d1e 3622 }
wolfSSL 16:8e0d178b1d1e 3623
wolfSSL 16:8e0d178b1d1e 3624 if (wc_LockMutex(&cm->caLock) != 0) {
wolfSSL 16:8e0d178b1d1e 3625 goto error_init;
wolfSSL 16:8e0d178b1d1e 3626 }
wolfSSL 16:8e0d178b1d1e 3627
wolfSSL 16:8e0d178b1d1e 3628 for (row = 0; row < CA_TABLE_SIZE; row++) {
wolfSSL 16:8e0d178b1d1e 3629 signers = cm->caTable[row];
wolfSSL 16:8e0d178b1d1e 3630 while (signers && signers->derCert && signers->derCert->buffer) {
wolfSSL 16:8e0d178b1d1e 3631
wolfSSL 16:8e0d178b1d1e 3632 dCert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), cm->heap,
wolfSSL 16:8e0d178b1d1e 3633 DYNAMIC_TYPE_DCERT);
wolfSSL 16:8e0d178b1d1e 3634 if (dCert == NULL) {
wolfSSL 16:8e0d178b1d1e 3635 goto error;
wolfSSL 16:8e0d178b1d1e 3636 }
wolfSSL 16:8e0d178b1d1e 3637
wolfSSL 16:8e0d178b1d1e 3638 XMEMSET(dCert, 0, sizeof(DecodedCert));
wolfSSL 16:8e0d178b1d1e 3639
wolfSSL 16:8e0d178b1d1e 3640 InitDecodedCert(dCert, signers->derCert->buffer,
wolfSSL 16:8e0d178b1d1e 3641 signers->derCert->length, cm->heap);
wolfSSL 16:8e0d178b1d1e 3642
wolfSSL 16:8e0d178b1d1e 3643 /* Parse Certificate */
wolfSSL 16:8e0d178b1d1e 3644 if (ParseCert(dCert, CERT_TYPE, NO_VERIFY, cm)) {
wolfSSL 16:8e0d178b1d1e 3645 goto error;
wolfSSL 16:8e0d178b1d1e 3646 }
wolfSSL 16:8e0d178b1d1e 3647
wolfSSL 16:8e0d178b1d1e 3648 x509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), cm->heap,
wolfSSL 16:8e0d178b1d1e 3649 DYNAMIC_TYPE_X509);
wolfSSL 16:8e0d178b1d1e 3650
wolfSSL 16:8e0d178b1d1e 3651 if (x509 == NULL) {
wolfSSL 16:8e0d178b1d1e 3652 goto error;
wolfSSL 16:8e0d178b1d1e 3653 }
wolfSSL 16:8e0d178b1d1e 3654
wolfSSL 16:8e0d178b1d1e 3655 InitX509(x509, 1, NULL);
wolfSSL 16:8e0d178b1d1e 3656
wolfSSL 16:8e0d178b1d1e 3657 if (CopyDecodedToX509(x509, dCert) == 0) {
wolfSSL 16:8e0d178b1d1e 3658
wolfSSL 16:8e0d178b1d1e 3659 if (wolfSSL_sk_X509_push(sk, x509) != SSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 3660 WOLFSSL_MSG("Unable to load x509 into stack");
wolfSSL 16:8e0d178b1d1e 3661 FreeX509(x509);
wolfSSL 16:8e0d178b1d1e 3662 XFREE(x509, cm->heap, DYNAMIC_TYPE_X509);
wolfSSL 16:8e0d178b1d1e 3663 goto error;
wolfSSL 16:8e0d178b1d1e 3664 }
wolfSSL 16:8e0d178b1d1e 3665 }
wolfSSL 16:8e0d178b1d1e 3666 else {
wolfSSL 16:8e0d178b1d1e 3667 goto error;
wolfSSL 16:8e0d178b1d1e 3668 }
wolfSSL 16:8e0d178b1d1e 3669
wolfSSL 16:8e0d178b1d1e 3670 found = 1;
wolfSSL 16:8e0d178b1d1e 3671
wolfSSL 16:8e0d178b1d1e 3672 signers = signers->next;
wolfSSL 16:8e0d178b1d1e 3673
wolfSSL 16:8e0d178b1d1e 3674 FreeDecodedCert(dCert);
wolfSSL 16:8e0d178b1d1e 3675 XFREE(dCert, cm->heap, DYNAMIC_TYPE_DCERT);
wolfSSL 16:8e0d178b1d1e 3676 dCert = NULL;
wolfSSL 16:8e0d178b1d1e 3677 }
wolfSSL 16:8e0d178b1d1e 3678 }
wolfSSL 16:8e0d178b1d1e 3679 wc_UnLockMutex(&cm->caLock);
wolfSSL 16:8e0d178b1d1e 3680
wolfSSL 16:8e0d178b1d1e 3681 if (!found) {
wolfSSL 16:8e0d178b1d1e 3682 goto error_init;
wolfSSL 16:8e0d178b1d1e 3683 }
wolfSSL 16:8e0d178b1d1e 3684
wolfSSL 16:8e0d178b1d1e 3685 return sk;
wolfSSL 16:8e0d178b1d1e 3686
wolfSSL 16:8e0d178b1d1e 3687 error:
wolfSSL 16:8e0d178b1d1e 3688 wc_UnLockMutex(&cm->caLock);
wolfSSL 16:8e0d178b1d1e 3689
wolfSSL 16:8e0d178b1d1e 3690 error_init:
wolfSSL 16:8e0d178b1d1e 3691
wolfSSL 16:8e0d178b1d1e 3692 if (dCert) {
wolfSSL 16:8e0d178b1d1e 3693 FreeDecodedCert(dCert);
wolfSSL 16:8e0d178b1d1e 3694 XFREE(dCert, cm->heap, DYNAMIC_TYPE_DCERT);
wolfSSL 16:8e0d178b1d1e 3695 }
wolfSSL 16:8e0d178b1d1e 3696
wolfSSL 16:8e0d178b1d1e 3697 if (sk)
wolfSSL 16:8e0d178b1d1e 3698 wolfSSL_sk_X509_free(sk);
wolfSSL 16:8e0d178b1d1e 3699
wolfSSL 16:8e0d178b1d1e 3700 return NULL;
wolfSSL 16:8e0d178b1d1e 3701 }
wolfSSL 16:8e0d178b1d1e 3702 #endif /* WOLFSSL_SIGNER_DER_CERT */
wolfSSL 16:8e0d178b1d1e 3703
wolfSSL 16:8e0d178b1d1e 3704 /******************************************************************************
wolfSSL 16:8e0d178b1d1e 3705 * wolfSSL_X509_STORE_GetCerts - retrieve stack of X509 in a certificate store ctx
wolfSSL 16:8e0d178b1d1e 3706 *
wolfSSL 16:8e0d178b1d1e 3707 * This API can be used in SSL verify callback function to view cert chain
wolfSSL 16:8e0d178b1d1e 3708 * See examples/client/client.c and myVerify() function in test.h
wolfSSL 16:8e0d178b1d1e 3709 *
wolfSSL 16:8e0d178b1d1e 3710 * RETURNS:
wolfSSL 16:8e0d178b1d1e 3711 * returns stack of X509 certs on success, otherwise returns a NULL.
wolfSSL 16:8e0d178b1d1e 3712 */
wolfSSL 16:8e0d178b1d1e 3713 WOLFSSL_STACK* wolfSSL_X509_STORE_GetCerts(WOLFSSL_X509_STORE_CTX* s)
wolfSSL 16:8e0d178b1d1e 3714 {
wolfSSL 16:8e0d178b1d1e 3715 int certIdx = 0;
wolfSSL 16:8e0d178b1d1e 3716 WOLFSSL_BUFFER_INFO* cert = NULL;
wolfSSL 16:8e0d178b1d1e 3717 DecodedCert* dCert = NULL;
wolfSSL 16:8e0d178b1d1e 3718 WOLFSSL_X509* x509 = NULL;
wolfSSL 16:8e0d178b1d1e 3719 WOLFSSL_STACK* sk = NULL;
wolfSSL 16:8e0d178b1d1e 3720 int found = 0;
wolfSSL 16:8e0d178b1d1e 3721
wolfSSL 16:8e0d178b1d1e 3722 if (s == NULL) {
wolfSSL 16:8e0d178b1d1e 3723 return NULL;
wolfSSL 16:8e0d178b1d1e 3724 }
wolfSSL 16:8e0d178b1d1e 3725
wolfSSL 16:8e0d178b1d1e 3726 sk = wolfSSL_sk_X509_new();
wolfSSL 16:8e0d178b1d1e 3727
wolfSSL 16:8e0d178b1d1e 3728 if (sk == NULL) {
wolfSSL 16:8e0d178b1d1e 3729 return NULL;
wolfSSL 16:8e0d178b1d1e 3730 }
wolfSSL 16:8e0d178b1d1e 3731
wolfSSL 16:8e0d178b1d1e 3732 for (certIdx = s->totalCerts - 1; certIdx >= 0; certIdx--) {
wolfSSL 16:8e0d178b1d1e 3733 /* get certificate buffer */
wolfSSL 16:8e0d178b1d1e 3734 cert = &s->certs[certIdx];
wolfSSL 16:8e0d178b1d1e 3735
wolfSSL 16:8e0d178b1d1e 3736 dCert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, DYNAMIC_TYPE_DCERT);
wolfSSL 16:8e0d178b1d1e 3737
wolfSSL 16:8e0d178b1d1e 3738 if (dCert == NULL) {
wolfSSL 16:8e0d178b1d1e 3739 goto error;
wolfSSL 16:8e0d178b1d1e 3740 }
wolfSSL 16:8e0d178b1d1e 3741 XMEMSET(dCert, 0, sizeof(DecodedCert));
wolfSSL 16:8e0d178b1d1e 3742
wolfSSL 16:8e0d178b1d1e 3743 InitDecodedCert(dCert, cert->buffer, cert->length, NULL);
wolfSSL 16:8e0d178b1d1e 3744
wolfSSL 16:8e0d178b1d1e 3745 /* Parse Certificate */
wolfSSL 16:8e0d178b1d1e 3746 if (ParseCert(dCert, CERT_TYPE, NO_VERIFY, NULL)){
wolfSSL 16:8e0d178b1d1e 3747 goto error;
wolfSSL 16:8e0d178b1d1e 3748 }
wolfSSL 16:8e0d178b1d1e 3749 x509 = wolfSSL_X509_new();
wolfSSL 16:8e0d178b1d1e 3750
wolfSSL 16:8e0d178b1d1e 3751 if (x509 == NULL) {
wolfSSL 16:8e0d178b1d1e 3752 goto error;
wolfSSL 16:8e0d178b1d1e 3753 }
wolfSSL 16:8e0d178b1d1e 3754 InitX509(x509, 1, NULL);
wolfSSL 16:8e0d178b1d1e 3755
wolfSSL 16:8e0d178b1d1e 3756 if (CopyDecodedToX509(x509, dCert) == 0) {
wolfSSL 16:8e0d178b1d1e 3757
wolfSSL 16:8e0d178b1d1e 3758 if (wolfSSL_sk_X509_push(sk, x509) != SSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 3759 WOLFSSL_MSG("Unable to load x509 into stack");
wolfSSL 16:8e0d178b1d1e 3760 wolfSSL_X509_free(x509);
wolfSSL 16:8e0d178b1d1e 3761 goto error;
wolfSSL 16:8e0d178b1d1e 3762 }
wolfSSL 16:8e0d178b1d1e 3763 }
wolfSSL 16:8e0d178b1d1e 3764 else {
wolfSSL 16:8e0d178b1d1e 3765 goto error;
wolfSSL 16:8e0d178b1d1e 3766 }
wolfSSL 16:8e0d178b1d1e 3767 found = 1;
wolfSSL 16:8e0d178b1d1e 3768
wolfSSL 16:8e0d178b1d1e 3769 FreeDecodedCert(dCert);
wolfSSL 16:8e0d178b1d1e 3770 XFREE(dCert, NULL, DYNAMIC_TYPE_DCERT);
wolfSSL 16:8e0d178b1d1e 3771 dCert = NULL;
wolfSSL 16:8e0d178b1d1e 3772 }
wolfSSL 16:8e0d178b1d1e 3773
wolfSSL 16:8e0d178b1d1e 3774 if (!found) {
wolfSSL 16:8e0d178b1d1e 3775 wolfSSL_sk_X509_free(sk);
wolfSSL 16:8e0d178b1d1e 3776 sk = NULL;
wolfSSL 16:8e0d178b1d1e 3777 }
wolfSSL 16:8e0d178b1d1e 3778 return sk;
wolfSSL 16:8e0d178b1d1e 3779
wolfSSL 16:8e0d178b1d1e 3780 error:
wolfSSL 16:8e0d178b1d1e 3781 if (dCert) {
wolfSSL 16:8e0d178b1d1e 3782 FreeDecodedCert(dCert);
wolfSSL 16:8e0d178b1d1e 3783 XFREE(dCert, NULL, DYNAMIC_TYPE_DCERT);
wolfSSL 16:8e0d178b1d1e 3784 }
wolfSSL 16:8e0d178b1d1e 3785
wolfSSL 16:8e0d178b1d1e 3786 if (sk)
wolfSSL 16:8e0d178b1d1e 3787 wolfSSL_sk_X509_free(sk);
wolfSSL 16:8e0d178b1d1e 3788
wolfSSL 16:8e0d178b1d1e 3789 return NULL;
wolfSSL 16:8e0d178b1d1e 3790 }
wolfSSL 16:8e0d178b1d1e 3791 #endif /* OPENSSL_EXTRA && !NO_FILESYSTEM */
wolfSSL 15:117db924cf7c 3792
wolfSSL 15:117db924cf7c 3793 /* Unload the CA signer list */
wolfSSL 15:117db924cf7c 3794 int wolfSSL_CertManagerUnloadCAs(WOLFSSL_CERT_MANAGER* cm)
wolfSSL 15:117db924cf7c 3795 {
wolfSSL 15:117db924cf7c 3796 WOLFSSL_ENTER("wolfSSL_CertManagerUnloadCAs");
wolfSSL 15:117db924cf7c 3797
wolfSSL 15:117db924cf7c 3798 if (cm == NULL)
wolfSSL 15:117db924cf7c 3799 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 3800
wolfSSL 15:117db924cf7c 3801 if (wc_LockMutex(&cm->caLock) != 0)
wolfSSL 15:117db924cf7c 3802 return BAD_MUTEX_E;
wolfSSL 15:117db924cf7c 3803
wolfSSL 16:8e0d178b1d1e 3804 FreeSignerTable(cm->caTable, CA_TABLE_SIZE, cm->heap);
wolfSSL 15:117db924cf7c 3805
wolfSSL 15:117db924cf7c 3806 wc_UnLockMutex(&cm->caLock);
wolfSSL 15:117db924cf7c 3807
wolfSSL 15:117db924cf7c 3808
wolfSSL 15:117db924cf7c 3809 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 3810 }
wolfSSL 15:117db924cf7c 3811
wolfSSL 15:117db924cf7c 3812
wolfSSL 15:117db924cf7c 3813 #ifdef WOLFSSL_TRUST_PEER_CERT
wolfSSL 15:117db924cf7c 3814 int wolfSSL_CertManagerUnload_trust_peers(WOLFSSL_CERT_MANAGER* cm)
wolfSSL 15:117db924cf7c 3815 {
wolfSSL 15:117db924cf7c 3816 WOLFSSL_ENTER("wolfSSL_CertManagerUnload_trust_peers");
wolfSSL 15:117db924cf7c 3817
wolfSSL 15:117db924cf7c 3818 if (cm == NULL)
wolfSSL 15:117db924cf7c 3819 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 3820
wolfSSL 15:117db924cf7c 3821 if (wc_LockMutex(&cm->tpLock) != 0)
wolfSSL 15:117db924cf7c 3822 return BAD_MUTEX_E;
wolfSSL 15:117db924cf7c 3823
wolfSSL 16:8e0d178b1d1e 3824 FreeTrustedPeerTable(cm->tpTable, TP_TABLE_SIZE, cm->heap);
wolfSSL 15:117db924cf7c 3825
wolfSSL 15:117db924cf7c 3826 wc_UnLockMutex(&cm->tpLock);
wolfSSL 15:117db924cf7c 3827
wolfSSL 15:117db924cf7c 3828
wolfSSL 15:117db924cf7c 3829 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 3830 }
wolfSSL 15:117db924cf7c 3831 #endif /* WOLFSSL_TRUST_PEER_CERT */
wolfSSL 15:117db924cf7c 3832
wolfSSL 15:117db924cf7c 3833 #endif /* NO_CERTS */
wolfSSL 15:117db924cf7c 3834
wolfSSL 15:117db924cf7c 3835 #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
wolfSSL 15:117db924cf7c 3836
wolfSSL 15:117db924cf7c 3837 void wolfSSL_ERR_print_errors_fp(XFILE fp, int err)
wolfSSL 15:117db924cf7c 3838 {
wolfSSL 15:117db924cf7c 3839 char data[WOLFSSL_MAX_ERROR_SZ + 1];
wolfSSL 15:117db924cf7c 3840
wolfSSL 15:117db924cf7c 3841 WOLFSSL_ENTER("wolfSSL_ERR_print_errors_fp");
wolfSSL 15:117db924cf7c 3842 SetErrorString(err, data);
wolfSSL 15:117db924cf7c 3843 fprintf(fp, "%s", data);
wolfSSL 15:117db924cf7c 3844 }
wolfSSL 15:117db924cf7c 3845
wolfSSL 15:117db924cf7c 3846 #if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)
wolfSSL 15:117db924cf7c 3847 void wolfSSL_ERR_dump_errors_fp(XFILE fp)
wolfSSL 15:117db924cf7c 3848 {
wolfSSL 15:117db924cf7c 3849 wc_ERR_print_errors_fp(fp);
wolfSSL 15:117db924cf7c 3850 }
wolfSSL 16:8e0d178b1d1e 3851
wolfSSL 16:8e0d178b1d1e 3852 void wolfSSL_ERR_print_errors_cb (int (*cb)(const char *str, size_t len,
wolfSSL 16:8e0d178b1d1e 3853 void *u), void *u)
wolfSSL 16:8e0d178b1d1e 3854 {
wolfSSL 16:8e0d178b1d1e 3855 wc_ERR_print_errors_cb(cb, u);
wolfSSL 16:8e0d178b1d1e 3856 }
wolfSSL 16:8e0d178b1d1e 3857 #endif
wolfSSL 16:8e0d178b1d1e 3858 #endif
wolfSSL 16:8e0d178b1d1e 3859
wolfSSL 16:8e0d178b1d1e 3860 WOLFSSL_ABI
wolfSSL 15:117db924cf7c 3861 int wolfSSL_pending(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 3862 {
wolfSSL 15:117db924cf7c 3863 WOLFSSL_ENTER("SSL_pending");
wolfSSL 15:117db924cf7c 3864 return ssl->buffers.clearOutputBuffer.length;
wolfSSL 15:117db924cf7c 3865 }
wolfSSL 15:117db924cf7c 3866
wolfSSL 15:117db924cf7c 3867
wolfSSL 15:117db924cf7c 3868 #ifndef WOLFSSL_LEANPSK
wolfSSL 15:117db924cf7c 3869 /* turn on handshake group messages for context */
wolfSSL 15:117db924cf7c 3870 int wolfSSL_CTX_set_group_messages(WOLFSSL_CTX* ctx)
wolfSSL 15:117db924cf7c 3871 {
wolfSSL 15:117db924cf7c 3872 if (ctx == NULL)
wolfSSL 15:117db924cf7c 3873 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 3874
wolfSSL 15:117db924cf7c 3875 ctx->groupMessages = 1;
wolfSSL 15:117db924cf7c 3876
wolfSSL 15:117db924cf7c 3877 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 3878 }
wolfSSL 15:117db924cf7c 3879 #endif
wolfSSL 15:117db924cf7c 3880
wolfSSL 15:117db924cf7c 3881
wolfSSL 15:117db924cf7c 3882 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 15:117db924cf7c 3883 /* connect enough to get peer cert chain */
wolfSSL 15:117db924cf7c 3884 int wolfSSL_connect_cert(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 3885 {
wolfSSL 15:117db924cf7c 3886 int ret;
wolfSSL 15:117db924cf7c 3887
wolfSSL 15:117db924cf7c 3888 if (ssl == NULL)
wolfSSL 15:117db924cf7c 3889 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 3890
wolfSSL 15:117db924cf7c 3891 ssl->options.certOnly = 1;
wolfSSL 15:117db924cf7c 3892 ret = wolfSSL_connect(ssl);
wolfSSL 15:117db924cf7c 3893 ssl->options.certOnly = 0;
wolfSSL 15:117db924cf7c 3894
wolfSSL 15:117db924cf7c 3895 return ret;
wolfSSL 15:117db924cf7c 3896 }
wolfSSL 15:117db924cf7c 3897 #endif
wolfSSL 15:117db924cf7c 3898
wolfSSL 15:117db924cf7c 3899
wolfSSL 15:117db924cf7c 3900 #ifndef WOLFSSL_LEANPSK
wolfSSL 15:117db924cf7c 3901 /* turn on handshake group messages for ssl object */
wolfSSL 15:117db924cf7c 3902 int wolfSSL_set_group_messages(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 3903 {
wolfSSL 15:117db924cf7c 3904 if (ssl == NULL)
wolfSSL 15:117db924cf7c 3905 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 3906
wolfSSL 15:117db924cf7c 3907 ssl->options.groupMessages = 1;
wolfSSL 15:117db924cf7c 3908
wolfSSL 15:117db924cf7c 3909 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 3910 }
wolfSSL 15:117db924cf7c 3911
wolfSSL 15:117db924cf7c 3912
wolfSSL 15:117db924cf7c 3913 /* make minVersion the internal equivalent SSL version */
wolfSSL 15:117db924cf7c 3914 static int SetMinVersionHelper(byte* minVersion, int version)
wolfSSL 15:117db924cf7c 3915 {
wolfSSL 15:117db924cf7c 3916 #ifdef NO_TLS
wolfSSL 15:117db924cf7c 3917 (void)minVersion;
wolfSSL 15:117db924cf7c 3918 #endif
wolfSSL 15:117db924cf7c 3919
wolfSSL 15:117db924cf7c 3920 switch (version) {
wolfSSL 15:117db924cf7c 3921 #if defined(WOLFSSL_ALLOW_SSLV3) && !defined(NO_OLD_TLS)
wolfSSL 15:117db924cf7c 3922 case WOLFSSL_SSLV3:
wolfSSL 15:117db924cf7c 3923 *minVersion = SSLv3_MINOR;
wolfSSL 15:117db924cf7c 3924 break;
wolfSSL 15:117db924cf7c 3925 #endif
wolfSSL 15:117db924cf7c 3926
wolfSSL 15:117db924cf7c 3927 #ifndef NO_TLS
wolfSSL 15:117db924cf7c 3928 #ifndef NO_OLD_TLS
wolfSSL 16:8e0d178b1d1e 3929 #ifdef WOLFSSL_ALLOW_TLSV10
wolfSSL 15:117db924cf7c 3930 case WOLFSSL_TLSV1:
wolfSSL 15:117db924cf7c 3931 *minVersion = TLSv1_MINOR;
wolfSSL 15:117db924cf7c 3932 break;
wolfSSL 16:8e0d178b1d1e 3933 #endif
wolfSSL 15:117db924cf7c 3934
wolfSSL 15:117db924cf7c 3935 case WOLFSSL_TLSV1_1:
wolfSSL 15:117db924cf7c 3936 *minVersion = TLSv1_1_MINOR;
wolfSSL 15:117db924cf7c 3937 break;
wolfSSL 15:117db924cf7c 3938 #endif
wolfSSL 15:117db924cf7c 3939 #ifndef WOLFSSL_NO_TLS12
wolfSSL 15:117db924cf7c 3940 case WOLFSSL_TLSV1_2:
wolfSSL 15:117db924cf7c 3941 *minVersion = TLSv1_2_MINOR;
wolfSSL 15:117db924cf7c 3942 break;
wolfSSL 15:117db924cf7c 3943 #endif
wolfSSL 15:117db924cf7c 3944 #endif
wolfSSL 15:117db924cf7c 3945 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 3946 case WOLFSSL_TLSV1_3:
wolfSSL 15:117db924cf7c 3947 *minVersion = TLSv1_3_MINOR;
wolfSSL 15:117db924cf7c 3948 break;
wolfSSL 15:117db924cf7c 3949 #endif
wolfSSL 15:117db924cf7c 3950
wolfSSL 15:117db924cf7c 3951 default:
wolfSSL 15:117db924cf7c 3952 WOLFSSL_MSG("Bad function argument");
wolfSSL 15:117db924cf7c 3953 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 3954 }
wolfSSL 15:117db924cf7c 3955
wolfSSL 15:117db924cf7c 3956 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 3957 }
wolfSSL 15:117db924cf7c 3958
wolfSSL 15:117db924cf7c 3959
wolfSSL 15:117db924cf7c 3960 /* Set minimum downgrade version allowed, WOLFSSL_SUCCESS on ok */
wolfSSL 16:8e0d178b1d1e 3961 WOLFSSL_ABI
wolfSSL 15:117db924cf7c 3962 int wolfSSL_CTX_SetMinVersion(WOLFSSL_CTX* ctx, int version)
wolfSSL 15:117db924cf7c 3963 {
wolfSSL 15:117db924cf7c 3964 WOLFSSL_ENTER("wolfSSL_CTX_SetMinVersion");
wolfSSL 15:117db924cf7c 3965
wolfSSL 15:117db924cf7c 3966 if (ctx == NULL) {
wolfSSL 15:117db924cf7c 3967 WOLFSSL_MSG("Bad function argument");
wolfSSL 15:117db924cf7c 3968 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 3969 }
wolfSSL 15:117db924cf7c 3970
wolfSSL 15:117db924cf7c 3971 return SetMinVersionHelper(&ctx->minDowngrade, version);
wolfSSL 15:117db924cf7c 3972 }
wolfSSL 15:117db924cf7c 3973
wolfSSL 15:117db924cf7c 3974
wolfSSL 15:117db924cf7c 3975 /* Set minimum downgrade version allowed, WOLFSSL_SUCCESS on ok */
wolfSSL 15:117db924cf7c 3976 int wolfSSL_SetMinVersion(WOLFSSL* ssl, int version)
wolfSSL 15:117db924cf7c 3977 {
wolfSSL 15:117db924cf7c 3978 WOLFSSL_ENTER("wolfSSL_SetMinVersion");
wolfSSL 15:117db924cf7c 3979
wolfSSL 15:117db924cf7c 3980 if (ssl == NULL) {
wolfSSL 15:117db924cf7c 3981 WOLFSSL_MSG("Bad function argument");
wolfSSL 15:117db924cf7c 3982 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 3983 }
wolfSSL 15:117db924cf7c 3984
wolfSSL 15:117db924cf7c 3985 return SetMinVersionHelper(&ssl->options.minDowngrade, version);
wolfSSL 15:117db924cf7c 3986 }
wolfSSL 15:117db924cf7c 3987
wolfSSL 15:117db924cf7c 3988
wolfSSL 15:117db924cf7c 3989 /* Function to get version as WOLFSSL_ enum value for wolfSSL_SetVersion */
wolfSSL 15:117db924cf7c 3990 int wolfSSL_GetVersion(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 3991 {
wolfSSL 15:117db924cf7c 3992 if (ssl == NULL)
wolfSSL 15:117db924cf7c 3993 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 3994
wolfSSL 15:117db924cf7c 3995 if (ssl->version.major == SSLv3_MAJOR) {
wolfSSL 15:117db924cf7c 3996 switch (ssl->version.minor) {
wolfSSL 15:117db924cf7c 3997 case SSLv3_MINOR :
wolfSSL 15:117db924cf7c 3998 return WOLFSSL_SSLV3;
wolfSSL 15:117db924cf7c 3999 case TLSv1_MINOR :
wolfSSL 15:117db924cf7c 4000 return WOLFSSL_TLSV1;
wolfSSL 15:117db924cf7c 4001 case TLSv1_1_MINOR :
wolfSSL 15:117db924cf7c 4002 return WOLFSSL_TLSV1_1;
wolfSSL 15:117db924cf7c 4003 case TLSv1_2_MINOR :
wolfSSL 15:117db924cf7c 4004 return WOLFSSL_TLSV1_2;
wolfSSL 15:117db924cf7c 4005 case TLSv1_3_MINOR :
wolfSSL 15:117db924cf7c 4006 return WOLFSSL_TLSV1_3;
wolfSSL 15:117db924cf7c 4007 default:
wolfSSL 15:117db924cf7c 4008 break;
wolfSSL 15:117db924cf7c 4009 }
wolfSSL 15:117db924cf7c 4010 }
wolfSSL 15:117db924cf7c 4011
wolfSSL 15:117db924cf7c 4012 return VERSION_ERROR;
wolfSSL 15:117db924cf7c 4013 }
wolfSSL 15:117db924cf7c 4014
wolfSSL 15:117db924cf7c 4015 int wolfSSL_SetVersion(WOLFSSL* ssl, int version)
wolfSSL 15:117db924cf7c 4016 {
wolfSSL 15:117db924cf7c 4017 word16 haveRSA = 1;
wolfSSL 15:117db924cf7c 4018 word16 havePSK = 0;
wolfSSL 15:117db924cf7c 4019 int keySz = 0;
wolfSSL 15:117db924cf7c 4020
wolfSSL 15:117db924cf7c 4021 WOLFSSL_ENTER("wolfSSL_SetVersion");
wolfSSL 15:117db924cf7c 4022
wolfSSL 15:117db924cf7c 4023 if (ssl == NULL) {
wolfSSL 15:117db924cf7c 4024 WOLFSSL_MSG("Bad function argument");
wolfSSL 15:117db924cf7c 4025 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 4026 }
wolfSSL 15:117db924cf7c 4027
wolfSSL 15:117db924cf7c 4028 switch (version) {
wolfSSL 15:117db924cf7c 4029 #if defined(WOLFSSL_ALLOW_SSLV3) && !defined(NO_OLD_TLS)
wolfSSL 15:117db924cf7c 4030 case WOLFSSL_SSLV3:
wolfSSL 15:117db924cf7c 4031 ssl->version = MakeSSLv3();
wolfSSL 15:117db924cf7c 4032 break;
wolfSSL 15:117db924cf7c 4033 #endif
wolfSSL 15:117db924cf7c 4034
wolfSSL 15:117db924cf7c 4035 #ifndef NO_TLS
wolfSSL 15:117db924cf7c 4036 #ifndef NO_OLD_TLS
wolfSSL 15:117db924cf7c 4037 #ifdef WOLFSSL_ALLOW_TLSV10
wolfSSL 15:117db924cf7c 4038 case WOLFSSL_TLSV1:
wolfSSL 15:117db924cf7c 4039 ssl->version = MakeTLSv1();
wolfSSL 15:117db924cf7c 4040 break;
wolfSSL 15:117db924cf7c 4041 #endif
wolfSSL 15:117db924cf7c 4042
wolfSSL 15:117db924cf7c 4043 case WOLFSSL_TLSV1_1:
wolfSSL 15:117db924cf7c 4044 ssl->version = MakeTLSv1_1();
wolfSSL 15:117db924cf7c 4045 break;
wolfSSL 15:117db924cf7c 4046 #endif
wolfSSL 15:117db924cf7c 4047 #ifndef WOLFSSL_NO_TLS12
wolfSSL 15:117db924cf7c 4048 case WOLFSSL_TLSV1_2:
wolfSSL 15:117db924cf7c 4049 ssl->version = MakeTLSv1_2();
wolfSSL 15:117db924cf7c 4050 break;
wolfSSL 15:117db924cf7c 4051 #endif
wolfSSL 15:117db924cf7c 4052 #endif
wolfSSL 15:117db924cf7c 4053 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 4054 case WOLFSSL_TLSV1_3:
wolfSSL 15:117db924cf7c 4055 ssl->version = MakeTLSv1_3();
wolfSSL 15:117db924cf7c 4056 break;
wolfSSL 15:117db924cf7c 4057
wolfSSL 15:117db924cf7c 4058 #endif
wolfSSL 15:117db924cf7c 4059
wolfSSL 15:117db924cf7c 4060 default:
wolfSSL 15:117db924cf7c 4061 WOLFSSL_MSG("Bad function argument");
wolfSSL 15:117db924cf7c 4062 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 4063 }
wolfSSL 15:117db924cf7c 4064
wolfSSL 15:117db924cf7c 4065 #ifdef NO_RSA
wolfSSL 15:117db924cf7c 4066 haveRSA = 0;
wolfSSL 15:117db924cf7c 4067 #endif
wolfSSL 15:117db924cf7c 4068 #ifndef NO_PSK
wolfSSL 15:117db924cf7c 4069 havePSK = ssl->options.havePSK;
wolfSSL 15:117db924cf7c 4070 #endif
wolfSSL 15:117db924cf7c 4071 #ifndef NO_CERTS
wolfSSL 15:117db924cf7c 4072 keySz = ssl->buffers.keySz;
wolfSSL 15:117db924cf7c 4073 #endif
wolfSSL 15:117db924cf7c 4074
wolfSSL 15:117db924cf7c 4075 InitSuites(ssl->suites, ssl->version, keySz, haveRSA, havePSK,
wolfSSL 15:117db924cf7c 4076 ssl->options.haveDH, ssl->options.haveNTRU,
wolfSSL 15:117db924cf7c 4077 ssl->options.haveECDSAsig, ssl->options.haveECC,
wolfSSL 15:117db924cf7c 4078 ssl->options.haveStaticECC, ssl->options.side);
wolfSSL 15:117db924cf7c 4079
wolfSSL 15:117db924cf7c 4080 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 4081 }
wolfSSL 15:117db924cf7c 4082 #endif /* !leanpsk */
wolfSSL 15:117db924cf7c 4083
wolfSSL 15:117db924cf7c 4084
wolfSSL 15:117db924cf7c 4085 #if !defined(NO_CERTS) || !defined(NO_SESSION_CACHE)
wolfSSL 15:117db924cf7c 4086
wolfSSL 15:117db924cf7c 4087 /* Make a work from the front of random hash */
wolfSSL 15:117db924cf7c 4088 static WC_INLINE word32 MakeWordFromHash(const byte* hashID)
wolfSSL 15:117db924cf7c 4089 {
wolfSSL 16:8e0d178b1d1e 4090 return ((word32)hashID[0] << 24) | ((word32)hashID[1] << 16) |
wolfSSL 15:117db924cf7c 4091 (hashID[2] << 8) | hashID[3];
wolfSSL 15:117db924cf7c 4092 }
wolfSSL 15:117db924cf7c 4093
wolfSSL 15:117db924cf7c 4094 #endif /* !NO_CERTS || !NO_SESSION_CACHE */
wolfSSL 15:117db924cf7c 4095
wolfSSL 15:117db924cf7c 4096
wolfSSL 15:117db924cf7c 4097 #ifndef NO_CERTS
wolfSSL 15:117db924cf7c 4098
wolfSSL 15:117db924cf7c 4099 /* hash is the SHA digest of name, just use first 32 bits as hash */
wolfSSL 15:117db924cf7c 4100 static WC_INLINE word32 HashSigner(const byte* hash)
wolfSSL 15:117db924cf7c 4101 {
wolfSSL 15:117db924cf7c 4102 return MakeWordFromHash(hash) % CA_TABLE_SIZE;
wolfSSL 15:117db924cf7c 4103 }
wolfSSL 15:117db924cf7c 4104
wolfSSL 15:117db924cf7c 4105
wolfSSL 15:117db924cf7c 4106 /* does CA already exist on signer list */
wolfSSL 15:117db924cf7c 4107 int AlreadySigner(WOLFSSL_CERT_MANAGER* cm, byte* hash)
wolfSSL 15:117db924cf7c 4108 {
wolfSSL 15:117db924cf7c 4109 Signer* signers;
wolfSSL 15:117db924cf7c 4110 int ret = 0;
wolfSSL 15:117db924cf7c 4111 word32 row;
wolfSSL 15:117db924cf7c 4112
wolfSSL 15:117db924cf7c 4113 if (cm == NULL || hash == NULL) {
wolfSSL 15:117db924cf7c 4114 return ret;
wolfSSL 15:117db924cf7c 4115 }
wolfSSL 15:117db924cf7c 4116
wolfSSL 15:117db924cf7c 4117 row = HashSigner(hash);
wolfSSL 15:117db924cf7c 4118
wolfSSL 15:117db924cf7c 4119 if (wc_LockMutex(&cm->caLock) != 0) {
wolfSSL 15:117db924cf7c 4120 return ret;
wolfSSL 15:117db924cf7c 4121 }
wolfSSL 15:117db924cf7c 4122 signers = cm->caTable[row];
wolfSSL 15:117db924cf7c 4123 while (signers) {
wolfSSL 15:117db924cf7c 4124 byte* subjectHash;
wolfSSL 15:117db924cf7c 4125
wolfSSL 15:117db924cf7c 4126 #ifndef NO_SKID
wolfSSL 15:117db924cf7c 4127 subjectHash = signers->subjectKeyIdHash;
wolfSSL 15:117db924cf7c 4128 #else
wolfSSL 15:117db924cf7c 4129 subjectHash = signers->subjectNameHash;
wolfSSL 15:117db924cf7c 4130 #endif
wolfSSL 15:117db924cf7c 4131
wolfSSL 15:117db924cf7c 4132 if (XMEMCMP(hash, subjectHash, SIGNER_DIGEST_SIZE) == 0) {
wolfSSL 15:117db924cf7c 4133 ret = 1; /* success */
wolfSSL 15:117db924cf7c 4134 break;
wolfSSL 15:117db924cf7c 4135 }
wolfSSL 15:117db924cf7c 4136 signers = signers->next;
wolfSSL 15:117db924cf7c 4137 }
wolfSSL 15:117db924cf7c 4138 wc_UnLockMutex(&cm->caLock);
wolfSSL 15:117db924cf7c 4139
wolfSSL 15:117db924cf7c 4140 return ret;
wolfSSL 15:117db924cf7c 4141 }
wolfSSL 15:117db924cf7c 4142
wolfSSL 15:117db924cf7c 4143
wolfSSL 15:117db924cf7c 4144 #ifdef WOLFSSL_TRUST_PEER_CERT
wolfSSL 15:117db924cf7c 4145 /* hash is the SHA digest of name, just use first 32 bits as hash */
wolfSSL 15:117db924cf7c 4146 static WC_INLINE word32 TrustedPeerHashSigner(const byte* hash)
wolfSSL 15:117db924cf7c 4147 {
wolfSSL 15:117db924cf7c 4148 return MakeWordFromHash(hash) % TP_TABLE_SIZE;
wolfSSL 15:117db924cf7c 4149 }
wolfSSL 15:117db924cf7c 4150
wolfSSL 15:117db924cf7c 4151 /* does trusted peer already exist on signer list */
wolfSSL 15:117db924cf7c 4152 int AlreadyTrustedPeer(WOLFSSL_CERT_MANAGER* cm, byte* hash)
wolfSSL 15:117db924cf7c 4153 {
wolfSSL 15:117db924cf7c 4154 TrustedPeerCert* tp;
wolfSSL 15:117db924cf7c 4155 int ret = 0;
wolfSSL 15:117db924cf7c 4156 word32 row = TrustedPeerHashSigner(hash);
wolfSSL 15:117db924cf7c 4157
wolfSSL 15:117db924cf7c 4158 if (wc_LockMutex(&cm->tpLock) != 0)
wolfSSL 15:117db924cf7c 4159 return ret;
wolfSSL 15:117db924cf7c 4160 tp = cm->tpTable[row];
wolfSSL 15:117db924cf7c 4161 while (tp) {
wolfSSL 15:117db924cf7c 4162 byte* subjectHash;
wolfSSL 15:117db924cf7c 4163 #ifndef NO_SKID
wolfSSL 15:117db924cf7c 4164 subjectHash = tp->subjectKeyIdHash;
wolfSSL 15:117db924cf7c 4165 #else
wolfSSL 15:117db924cf7c 4166 subjectHash = tp->subjectNameHash;
wolfSSL 15:117db924cf7c 4167 #endif
wolfSSL 15:117db924cf7c 4168 if (XMEMCMP(hash, subjectHash, SIGNER_DIGEST_SIZE) == 0) {
wolfSSL 15:117db924cf7c 4169 ret = 1;
wolfSSL 15:117db924cf7c 4170 break;
wolfSSL 15:117db924cf7c 4171 }
wolfSSL 15:117db924cf7c 4172 tp = tp->next;
wolfSSL 15:117db924cf7c 4173 }
wolfSSL 15:117db924cf7c 4174 wc_UnLockMutex(&cm->tpLock);
wolfSSL 15:117db924cf7c 4175
wolfSSL 15:117db924cf7c 4176 return ret;
wolfSSL 15:117db924cf7c 4177 }
wolfSSL 15:117db924cf7c 4178
wolfSSL 15:117db924cf7c 4179
wolfSSL 15:117db924cf7c 4180 /* return Trusted Peer if found, otherwise NULL
wolfSSL 15:117db924cf7c 4181 type is what to match on
wolfSSL 15:117db924cf7c 4182 */
wolfSSL 15:117db924cf7c 4183 TrustedPeerCert* GetTrustedPeer(void* vp, byte* hash, int type)
wolfSSL 15:117db924cf7c 4184 {
wolfSSL 15:117db924cf7c 4185 WOLFSSL_CERT_MANAGER* cm = (WOLFSSL_CERT_MANAGER*)vp;
wolfSSL 15:117db924cf7c 4186 TrustedPeerCert* ret = NULL;
wolfSSL 15:117db924cf7c 4187 TrustedPeerCert* tp = NULL;
wolfSSL 15:117db924cf7c 4188 word32 row;
wolfSSL 15:117db924cf7c 4189
wolfSSL 15:117db924cf7c 4190 if (cm == NULL || hash == NULL)
wolfSSL 15:117db924cf7c 4191 return NULL;
wolfSSL 15:117db924cf7c 4192
wolfSSL 15:117db924cf7c 4193 row = TrustedPeerHashSigner(hash);
wolfSSL 15:117db924cf7c 4194
wolfSSL 15:117db924cf7c 4195 if (wc_LockMutex(&cm->tpLock) != 0)
wolfSSL 15:117db924cf7c 4196 return ret;
wolfSSL 15:117db924cf7c 4197
wolfSSL 15:117db924cf7c 4198 tp = cm->tpTable[row];
wolfSSL 15:117db924cf7c 4199 while (tp) {
wolfSSL 15:117db924cf7c 4200 byte* subjectHash;
wolfSSL 15:117db924cf7c 4201 switch (type) {
wolfSSL 15:117db924cf7c 4202 #ifndef NO_SKID
wolfSSL 15:117db924cf7c 4203 case WC_MATCH_SKID:
wolfSSL 15:117db924cf7c 4204 subjectHash = tp->subjectKeyIdHash;
wolfSSL 15:117db924cf7c 4205 break;
wolfSSL 15:117db924cf7c 4206 #endif
wolfSSL 15:117db924cf7c 4207 case WC_MATCH_NAME:
wolfSSL 15:117db924cf7c 4208 subjectHash = tp->subjectNameHash;
wolfSSL 15:117db924cf7c 4209 break;
wolfSSL 15:117db924cf7c 4210 default:
wolfSSL 15:117db924cf7c 4211 WOLFSSL_MSG("Unknown search type");
wolfSSL 15:117db924cf7c 4212 wc_UnLockMutex(&cm->tpLock);
wolfSSL 15:117db924cf7c 4213 return NULL;
wolfSSL 15:117db924cf7c 4214 }
wolfSSL 15:117db924cf7c 4215 if (XMEMCMP(hash, subjectHash, SIGNER_DIGEST_SIZE) == 0) {
wolfSSL 15:117db924cf7c 4216 ret = tp;
wolfSSL 15:117db924cf7c 4217 break;
wolfSSL 15:117db924cf7c 4218 }
wolfSSL 15:117db924cf7c 4219 tp = tp->next;
wolfSSL 15:117db924cf7c 4220 }
wolfSSL 15:117db924cf7c 4221 wc_UnLockMutex(&cm->tpLock);
wolfSSL 15:117db924cf7c 4222
wolfSSL 15:117db924cf7c 4223 return ret;
wolfSSL 15:117db924cf7c 4224 }
wolfSSL 15:117db924cf7c 4225
wolfSSL 15:117db924cf7c 4226
wolfSSL 15:117db924cf7c 4227 int MatchTrustedPeer(TrustedPeerCert* tp, DecodedCert* cert)
wolfSSL 15:117db924cf7c 4228 {
wolfSSL 15:117db924cf7c 4229 if (tp == NULL || cert == NULL)
wolfSSL 15:117db924cf7c 4230 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 4231
wolfSSL 15:117db924cf7c 4232 /* subject key id or subject hash has been compared when searching
wolfSSL 15:117db924cf7c 4233 tpTable for the cert from function GetTrustedPeer */
wolfSSL 15:117db924cf7c 4234
wolfSSL 15:117db924cf7c 4235 /* compare signatures */
wolfSSL 15:117db924cf7c 4236 if (tp->sigLen == cert->sigLength) {
wolfSSL 15:117db924cf7c 4237 if (XMEMCMP(tp->sig, cert->signature, cert->sigLength)) {
wolfSSL 15:117db924cf7c 4238 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 4239 }
wolfSSL 15:117db924cf7c 4240 }
wolfSSL 15:117db924cf7c 4241 else {
wolfSSL 15:117db924cf7c 4242 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 4243 }
wolfSSL 15:117db924cf7c 4244
wolfSSL 15:117db924cf7c 4245 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 4246 }
wolfSSL 15:117db924cf7c 4247 #endif /* WOLFSSL_TRUST_PEER_CERT */
wolfSSL 15:117db924cf7c 4248
wolfSSL 15:117db924cf7c 4249
wolfSSL 15:117db924cf7c 4250 /* return CA if found, otherwise NULL */
wolfSSL 15:117db924cf7c 4251 Signer* GetCA(void* vp, byte* hash)
wolfSSL 15:117db924cf7c 4252 {
wolfSSL 15:117db924cf7c 4253 WOLFSSL_CERT_MANAGER* cm = (WOLFSSL_CERT_MANAGER*)vp;
wolfSSL 15:117db924cf7c 4254 Signer* ret = NULL;
wolfSSL 15:117db924cf7c 4255 Signer* signers;
wolfSSL 15:117db924cf7c 4256 word32 row = HashSigner(hash);
wolfSSL 15:117db924cf7c 4257
wolfSSL 15:117db924cf7c 4258 if (cm == NULL)
wolfSSL 15:117db924cf7c 4259 return NULL;
wolfSSL 15:117db924cf7c 4260
wolfSSL 15:117db924cf7c 4261 if (wc_LockMutex(&cm->caLock) != 0)
wolfSSL 15:117db924cf7c 4262 return ret;
wolfSSL 15:117db924cf7c 4263
wolfSSL 15:117db924cf7c 4264 signers = cm->caTable[row];
wolfSSL 15:117db924cf7c 4265 while (signers) {
wolfSSL 15:117db924cf7c 4266 byte* subjectHash;
wolfSSL 15:117db924cf7c 4267 #ifndef NO_SKID
wolfSSL 15:117db924cf7c 4268 subjectHash = signers->subjectKeyIdHash;
wolfSSL 15:117db924cf7c 4269 #else
wolfSSL 15:117db924cf7c 4270 subjectHash = signers->subjectNameHash;
wolfSSL 15:117db924cf7c 4271 #endif
wolfSSL 15:117db924cf7c 4272 if (XMEMCMP(hash, subjectHash, SIGNER_DIGEST_SIZE) == 0) {
wolfSSL 15:117db924cf7c 4273 ret = signers;
wolfSSL 15:117db924cf7c 4274 break;
wolfSSL 15:117db924cf7c 4275 }
wolfSSL 15:117db924cf7c 4276 signers = signers->next;
wolfSSL 15:117db924cf7c 4277 }
wolfSSL 15:117db924cf7c 4278 wc_UnLockMutex(&cm->caLock);
wolfSSL 15:117db924cf7c 4279
wolfSSL 15:117db924cf7c 4280 return ret;
wolfSSL 15:117db924cf7c 4281 }
wolfSSL 15:117db924cf7c 4282
wolfSSL 15:117db924cf7c 4283
wolfSSL 15:117db924cf7c 4284 #ifndef NO_SKID
wolfSSL 15:117db924cf7c 4285 /* return CA if found, otherwise NULL. Walk through hash table. */
wolfSSL 15:117db924cf7c 4286 Signer* GetCAByName(void* vp, byte* hash)
wolfSSL 15:117db924cf7c 4287 {
wolfSSL 15:117db924cf7c 4288 WOLFSSL_CERT_MANAGER* cm = (WOLFSSL_CERT_MANAGER*)vp;
wolfSSL 15:117db924cf7c 4289 Signer* ret = NULL;
wolfSSL 15:117db924cf7c 4290 Signer* signers;
wolfSSL 15:117db924cf7c 4291 word32 row;
wolfSSL 15:117db924cf7c 4292
wolfSSL 15:117db924cf7c 4293 if (cm == NULL)
wolfSSL 15:117db924cf7c 4294 return NULL;
wolfSSL 15:117db924cf7c 4295
wolfSSL 15:117db924cf7c 4296 if (wc_LockMutex(&cm->caLock) != 0)
wolfSSL 15:117db924cf7c 4297 return ret;
wolfSSL 15:117db924cf7c 4298
wolfSSL 15:117db924cf7c 4299 for (row = 0; row < CA_TABLE_SIZE && ret == NULL; row++) {
wolfSSL 15:117db924cf7c 4300 signers = cm->caTable[row];
wolfSSL 15:117db924cf7c 4301 while (signers && ret == NULL) {
wolfSSL 15:117db924cf7c 4302 if (XMEMCMP(hash, signers->subjectNameHash,
wolfSSL 15:117db924cf7c 4303 SIGNER_DIGEST_SIZE) == 0) {
wolfSSL 15:117db924cf7c 4304 ret = signers;
wolfSSL 15:117db924cf7c 4305 }
wolfSSL 15:117db924cf7c 4306 signers = signers->next;
wolfSSL 15:117db924cf7c 4307 }
wolfSSL 15:117db924cf7c 4308 }
wolfSSL 15:117db924cf7c 4309 wc_UnLockMutex(&cm->caLock);
wolfSSL 15:117db924cf7c 4310
wolfSSL 15:117db924cf7c 4311 return ret;
wolfSSL 15:117db924cf7c 4312 }
wolfSSL 15:117db924cf7c 4313 #endif
wolfSSL 15:117db924cf7c 4314
wolfSSL 15:117db924cf7c 4315
wolfSSL 15:117db924cf7c 4316 #ifdef WOLFSSL_TRUST_PEER_CERT
wolfSSL 15:117db924cf7c 4317 /* add a trusted peer cert to linked list */
wolfSSL 15:117db924cf7c 4318 int AddTrustedPeer(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int verify)
wolfSSL 15:117db924cf7c 4319 {
wolfSSL 15:117db924cf7c 4320 int ret, row;
wolfSSL 15:117db924cf7c 4321 TrustedPeerCert* peerCert;
wolfSSL 16:8e0d178b1d1e 4322 DecodedCert* cert;
wolfSSL 15:117db924cf7c 4323 DerBuffer* der = *pDer;
wolfSSL 15:117db924cf7c 4324 byte* subjectHash = NULL;
wolfSSL 15:117db924cf7c 4325
wolfSSL 15:117db924cf7c 4326 WOLFSSL_MSG("Adding a Trusted Peer Cert");
wolfSSL 15:117db924cf7c 4327
wolfSSL 15:117db924cf7c 4328 cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), cm->heap,
wolfSSL 15:117db924cf7c 4329 DYNAMIC_TYPE_DCERT);
wolfSSL 15:117db924cf7c 4330 if (cert == NULL)
wolfSSL 15:117db924cf7c 4331 return MEMORY_E;
wolfSSL 15:117db924cf7c 4332
wolfSSL 15:117db924cf7c 4333 InitDecodedCert(cert, der->buffer, der->length, cm->heap);
wolfSSL 15:117db924cf7c 4334 if ((ret = ParseCert(cert, TRUSTED_PEER_TYPE, verify, cm)) != 0) {
wolfSSL 16:8e0d178b1d1e 4335 FreeDecodedCert(cert);
wolfSSL 15:117db924cf7c 4336 XFREE(cert, NULL, DYNAMIC_TYPE_DCERT);
wolfSSL 15:117db924cf7c 4337 return ret;
wolfSSL 15:117db924cf7c 4338 }
wolfSSL 15:117db924cf7c 4339 WOLFSSL_MSG("\tParsed new trusted peer cert");
wolfSSL 15:117db924cf7c 4340
wolfSSL 15:117db924cf7c 4341 peerCert = (TrustedPeerCert*)XMALLOC(sizeof(TrustedPeerCert), cm->heap,
wolfSSL 15:117db924cf7c 4342 DYNAMIC_TYPE_CERT);
wolfSSL 15:117db924cf7c 4343 if (peerCert == NULL) {
wolfSSL 15:117db924cf7c 4344 FreeDecodedCert(cert);
wolfSSL 15:117db924cf7c 4345 XFREE(cert, cm->heap, DYNAMIC_TYPE_DCERT);
wolfSSL 15:117db924cf7c 4346 return MEMORY_E;
wolfSSL 15:117db924cf7c 4347 }
wolfSSL 15:117db924cf7c 4348 XMEMSET(peerCert, 0, sizeof(TrustedPeerCert));
wolfSSL 15:117db924cf7c 4349
wolfSSL 15:117db924cf7c 4350 #ifndef NO_SKID
wolfSSL 15:117db924cf7c 4351 if (cert->extAuthKeyIdSet) {
wolfSSL 15:117db924cf7c 4352 subjectHash = cert->extSubjKeyId;
wolfSSL 15:117db924cf7c 4353 }
wolfSSL 15:117db924cf7c 4354 else {
wolfSSL 15:117db924cf7c 4355 subjectHash = cert->subjectHash;
wolfSSL 15:117db924cf7c 4356 }
wolfSSL 15:117db924cf7c 4357 #else
wolfSSL 15:117db924cf7c 4358 subjectHash = cert->subjectHash;
wolfSSL 15:117db924cf7c 4359 #endif
wolfSSL 15:117db924cf7c 4360
wolfSSL 15:117db924cf7c 4361 #ifndef IGNORE_NAME_CONSTRAINTS
wolfSSL 15:117db924cf7c 4362 if (peerCert->permittedNames)
wolfSSL 15:117db924cf7c 4363 FreeNameSubtrees(peerCert->permittedNames, cm->heap);
wolfSSL 15:117db924cf7c 4364 if (peerCert->excludedNames)
wolfSSL 15:117db924cf7c 4365 FreeNameSubtrees(peerCert->excludedNames, cm->heap);
wolfSSL 15:117db924cf7c 4366 #endif
wolfSSL 15:117db924cf7c 4367
wolfSSL 15:117db924cf7c 4368 if (AlreadyTrustedPeer(cm, subjectHash)) {
wolfSSL 15:117db924cf7c 4369 WOLFSSL_MSG("\tAlready have this CA, not adding again");
wolfSSL 16:8e0d178b1d1e 4370 FreeTrustedPeer(peerCert, cm->heap);
wolfSSL 15:117db924cf7c 4371 (void)ret;
wolfSSL 15:117db924cf7c 4372 }
wolfSSL 15:117db924cf7c 4373 else {
wolfSSL 15:117db924cf7c 4374 /* add trusted peer signature */
wolfSSL 15:117db924cf7c 4375 peerCert->sigLen = cert->sigLength;
wolfSSL 15:117db924cf7c 4376 peerCert->sig = XMALLOC(cert->sigLength, cm->heap,
wolfSSL 15:117db924cf7c 4377 DYNAMIC_TYPE_SIGNATURE);
wolfSSL 15:117db924cf7c 4378 if (peerCert->sig == NULL) {
wolfSSL 15:117db924cf7c 4379 FreeDecodedCert(cert);
wolfSSL 15:117db924cf7c 4380 XFREE(cert, cm->heap, DYNAMIC_TYPE_DCERT);
wolfSSL 15:117db924cf7c 4381 FreeTrustedPeer(peerCert, cm->heap);
wolfSSL 15:117db924cf7c 4382 return MEMORY_E;
wolfSSL 15:117db924cf7c 4383 }
wolfSSL 15:117db924cf7c 4384 XMEMCPY(peerCert->sig, cert->signature, cert->sigLength);
wolfSSL 15:117db924cf7c 4385
wolfSSL 15:117db924cf7c 4386 /* add trusted peer name */
wolfSSL 15:117db924cf7c 4387 peerCert->nameLen = cert->subjectCNLen;
wolfSSL 15:117db924cf7c 4388 peerCert->name = cert->subjectCN;
wolfSSL 15:117db924cf7c 4389 #ifndef IGNORE_NAME_CONSTRAINTS
wolfSSL 15:117db924cf7c 4390 peerCert->permittedNames = cert->permittedNames;
wolfSSL 15:117db924cf7c 4391 peerCert->excludedNames = cert->excludedNames;
wolfSSL 15:117db924cf7c 4392 #endif
wolfSSL 15:117db924cf7c 4393
wolfSSL 15:117db924cf7c 4394 /* add SKID when available and hash of name */
wolfSSL 15:117db924cf7c 4395 #ifndef NO_SKID
wolfSSL 15:117db924cf7c 4396 XMEMCPY(peerCert->subjectKeyIdHash, cert->extSubjKeyId,
wolfSSL 15:117db924cf7c 4397 SIGNER_DIGEST_SIZE);
wolfSSL 15:117db924cf7c 4398 #endif
wolfSSL 15:117db924cf7c 4399 XMEMCPY(peerCert->subjectNameHash, cert->subjectHash,
wolfSSL 15:117db924cf7c 4400 SIGNER_DIGEST_SIZE);
wolfSSL 15:117db924cf7c 4401 peerCert->next = NULL; /* If Key Usage not set, all uses valid. */
wolfSSL 15:117db924cf7c 4402 cert->subjectCN = 0;
wolfSSL 15:117db924cf7c 4403 #ifndef IGNORE_NAME_CONSTRAINTS
wolfSSL 15:117db924cf7c 4404 cert->permittedNames = NULL;
wolfSSL 15:117db924cf7c 4405 cert->excludedNames = NULL;
wolfSSL 15:117db924cf7c 4406 #endif
wolfSSL 15:117db924cf7c 4407
wolfSSL 15:117db924cf7c 4408 #ifndef NO_SKID
wolfSSL 15:117db924cf7c 4409 if (cert->extAuthKeyIdSet) {
wolfSSL 15:117db924cf7c 4410 row = TrustedPeerHashSigner(peerCert->subjectKeyIdHash);
wolfSSL 15:117db924cf7c 4411 }
wolfSSL 15:117db924cf7c 4412 else {
wolfSSL 15:117db924cf7c 4413 row = TrustedPeerHashSigner(peerCert->subjectNameHash);
wolfSSL 15:117db924cf7c 4414 }
wolfSSL 15:117db924cf7c 4415 #else
wolfSSL 15:117db924cf7c 4416 row = TrustedPeerHashSigner(peerCert->subjectNameHash);
wolfSSL 15:117db924cf7c 4417 #endif
wolfSSL 15:117db924cf7c 4418
wolfSSL 15:117db924cf7c 4419 if (wc_LockMutex(&cm->tpLock) == 0) {
wolfSSL 15:117db924cf7c 4420 peerCert->next = cm->tpTable[row];
wolfSSL 15:117db924cf7c 4421 cm->tpTable[row] = peerCert; /* takes ownership */
wolfSSL 15:117db924cf7c 4422 wc_UnLockMutex(&cm->tpLock);
wolfSSL 15:117db924cf7c 4423 }
wolfSSL 15:117db924cf7c 4424 else {
wolfSSL 15:117db924cf7c 4425 WOLFSSL_MSG("\tTrusted Peer Cert Mutex Lock failed");
wolfSSL 15:117db924cf7c 4426 FreeDecodedCert(cert);
wolfSSL 15:117db924cf7c 4427 XFREE(cert, cm->heap, DYNAMIC_TYPE_DCERT);
wolfSSL 15:117db924cf7c 4428 FreeTrustedPeer(peerCert, cm->heap);
wolfSSL 15:117db924cf7c 4429 return BAD_MUTEX_E;
wolfSSL 15:117db924cf7c 4430 }
wolfSSL 15:117db924cf7c 4431 }
wolfSSL 15:117db924cf7c 4432
wolfSSL 15:117db924cf7c 4433 WOLFSSL_MSG("\tFreeing parsed trusted peer cert");
wolfSSL 15:117db924cf7c 4434 FreeDecodedCert(cert);
wolfSSL 15:117db924cf7c 4435 XFREE(cert, cm->heap, DYNAMIC_TYPE_DCERT);
wolfSSL 15:117db924cf7c 4436 WOLFSSL_MSG("\tFreeing der trusted peer cert");
wolfSSL 15:117db924cf7c 4437 FreeDer(&der);
wolfSSL 15:117db924cf7c 4438 WOLFSSL_MSG("\t\tOK Freeing der trusted peer cert");
wolfSSL 15:117db924cf7c 4439 WOLFSSL_LEAVE("AddTrustedPeer", ret);
wolfSSL 15:117db924cf7c 4440
wolfSSL 15:117db924cf7c 4441 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 4442 }
wolfSSL 15:117db924cf7c 4443 #endif /* WOLFSSL_TRUST_PEER_CERT */
wolfSSL 15:117db924cf7c 4444
wolfSSL 15:117db924cf7c 4445
wolfSSL 15:117db924cf7c 4446 /* owns der, internal now uses too */
wolfSSL 15:117db924cf7c 4447 /* type flag ids from user or from chain received during verify
wolfSSL 15:117db924cf7c 4448 don't allow chain ones to be added w/o isCA extension */
wolfSSL 15:117db924cf7c 4449 int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
wolfSSL 15:117db924cf7c 4450 {
wolfSSL 15:117db924cf7c 4451 int ret;
wolfSSL 15:117db924cf7c 4452 Signer* signer = NULL;
wolfSSL 15:117db924cf7c 4453 word32 row;
wolfSSL 15:117db924cf7c 4454 byte* subjectHash;
wolfSSL 15:117db924cf7c 4455 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 4456 DecodedCert* cert = NULL;
wolfSSL 15:117db924cf7c 4457 #else
wolfSSL 15:117db924cf7c 4458 DecodedCert cert[1];
wolfSSL 15:117db924cf7c 4459 #endif
wolfSSL 15:117db924cf7c 4460 DerBuffer* der = *pDer;
wolfSSL 15:117db924cf7c 4461
wolfSSL 15:117db924cf7c 4462 WOLFSSL_MSG("Adding a CA");
wolfSSL 15:117db924cf7c 4463
wolfSSL 16:8e0d178b1d1e 4464 if (cm == NULL) {
wolfSSL 16:8e0d178b1d1e 4465 FreeDer(pDer);
wolfSSL 16:8e0d178b1d1e 4466 return BAD_FUNC_ARG;
wolfSSL 16:8e0d178b1d1e 4467 }
wolfSSL 16:8e0d178b1d1e 4468
wolfSSL 15:117db924cf7c 4469 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 4470 cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL,
wolfSSL 15:117db924cf7c 4471 DYNAMIC_TYPE_DCERT);
wolfSSL 16:8e0d178b1d1e 4472 if (cert == NULL) {
wolfSSL 16:8e0d178b1d1e 4473 FreeDer(pDer);
wolfSSL 15:117db924cf7c 4474 return MEMORY_E;
wolfSSL 16:8e0d178b1d1e 4475 }
wolfSSL 15:117db924cf7c 4476 #endif
wolfSSL 15:117db924cf7c 4477
wolfSSL 15:117db924cf7c 4478 InitDecodedCert(cert, der->buffer, der->length, cm->heap);
wolfSSL 15:117db924cf7c 4479 ret = ParseCert(cert, CA_TYPE, verify, cm);
wolfSSL 15:117db924cf7c 4480 WOLFSSL_MSG("\tParsed new CA");
wolfSSL 15:117db924cf7c 4481
wolfSSL 15:117db924cf7c 4482 #ifndef NO_SKID
wolfSSL 15:117db924cf7c 4483 subjectHash = cert->extSubjKeyId;
wolfSSL 15:117db924cf7c 4484 #else
wolfSSL 15:117db924cf7c 4485 subjectHash = cert->subjectHash;
wolfSSL 15:117db924cf7c 4486 #endif
wolfSSL 15:117db924cf7c 4487
wolfSSL 15:117db924cf7c 4488 /* check CA key size */
wolfSSL 15:117db924cf7c 4489 if (verify) {
wolfSSL 15:117db924cf7c 4490 switch (cert->keyOID) {
wolfSSL 15:117db924cf7c 4491 #ifndef NO_RSA
wolfSSL 15:117db924cf7c 4492 case RSAk:
wolfSSL 15:117db924cf7c 4493 if (cm->minRsaKeySz < 0 ||
wolfSSL 15:117db924cf7c 4494 cert->pubKeySize < (word16)cm->minRsaKeySz) {
wolfSSL 15:117db924cf7c 4495 ret = RSA_KEY_SIZE_E;
wolfSSL 15:117db924cf7c 4496 WOLFSSL_MSG("\tCA RSA key size error");
wolfSSL 15:117db924cf7c 4497 }
wolfSSL 15:117db924cf7c 4498 break;
wolfSSL 15:117db924cf7c 4499 #endif /* !NO_RSA */
wolfSSL 15:117db924cf7c 4500 #ifdef HAVE_ECC
wolfSSL 15:117db924cf7c 4501 case ECDSAk:
wolfSSL 15:117db924cf7c 4502 if (cm->minEccKeySz < 0 ||
wolfSSL 15:117db924cf7c 4503 cert->pubKeySize < (word16)cm->minEccKeySz) {
wolfSSL 15:117db924cf7c 4504 ret = ECC_KEY_SIZE_E;
wolfSSL 15:117db924cf7c 4505 WOLFSSL_MSG("\tCA ECC key size error");
wolfSSL 15:117db924cf7c 4506 }
wolfSSL 15:117db924cf7c 4507 break;
wolfSSL 15:117db924cf7c 4508 #endif /* HAVE_ECC */
wolfSSL 15:117db924cf7c 4509 #ifdef HAVE_ED25519
wolfSSL 15:117db924cf7c 4510 case ED25519k:
wolfSSL 15:117db924cf7c 4511 if (cm->minEccKeySz < 0 ||
wolfSSL 15:117db924cf7c 4512 ED25519_KEY_SIZE < (word16)cm->minEccKeySz) {
wolfSSL 15:117db924cf7c 4513 ret = ECC_KEY_SIZE_E;
wolfSSL 15:117db924cf7c 4514 WOLFSSL_MSG("\tCA ECC key size error");
wolfSSL 15:117db924cf7c 4515 }
wolfSSL 15:117db924cf7c 4516 break;
wolfSSL 15:117db924cf7c 4517 #endif /* HAVE_ED25519 */
wolfSSL 16:8e0d178b1d1e 4518 #ifdef HAVE_ED448
wolfSSL 16:8e0d178b1d1e 4519 case ED448k:
wolfSSL 16:8e0d178b1d1e 4520 if (cm->minEccKeySz < 0 ||
wolfSSL 16:8e0d178b1d1e 4521 ED448_KEY_SIZE < (word16)cm->minEccKeySz) {
wolfSSL 16:8e0d178b1d1e 4522 ret = ECC_KEY_SIZE_E;
wolfSSL 16:8e0d178b1d1e 4523 WOLFSSL_MSG("\tCA ECC key size error");
wolfSSL 16:8e0d178b1d1e 4524 }
wolfSSL 16:8e0d178b1d1e 4525 break;
wolfSSL 16:8e0d178b1d1e 4526 #endif /* HAVE_ED448 */
wolfSSL 15:117db924cf7c 4527
wolfSSL 15:117db924cf7c 4528 default:
wolfSSL 15:117db924cf7c 4529 WOLFSSL_MSG("\tNo key size check done on CA");
wolfSSL 15:117db924cf7c 4530 break; /* no size check if key type is not in switch */
wolfSSL 15:117db924cf7c 4531 }
wolfSSL 15:117db924cf7c 4532 }
wolfSSL 15:117db924cf7c 4533
wolfSSL 15:117db924cf7c 4534 if (ret == 0 && cert->isCA == 0 && type != WOLFSSL_USER_CA) {
wolfSSL 15:117db924cf7c 4535 WOLFSSL_MSG("\tCan't add as CA if not actually one");
wolfSSL 15:117db924cf7c 4536 ret = NOT_CA_ERROR;
wolfSSL 15:117db924cf7c 4537 }
wolfSSL 15:117db924cf7c 4538 #ifndef ALLOW_INVALID_CERTSIGN
wolfSSL 15:117db924cf7c 4539 else if (ret == 0 && cert->isCA == 1 && type != WOLFSSL_USER_CA &&
wolfSSL 16:8e0d178b1d1e 4540 !cert->selfSigned && (cert->extKeyUsage & KEYUSE_KEY_CERT_SIGN) == 0) {
wolfSSL 15:117db924cf7c 4541 /* Intermediate CA certs are required to have the keyCertSign
wolfSSL 15:117db924cf7c 4542 * extension set. User loaded root certs are not. */
wolfSSL 15:117db924cf7c 4543 WOLFSSL_MSG("\tDoesn't have key usage certificate signing");
wolfSSL 15:117db924cf7c 4544 ret = NOT_CA_ERROR;
wolfSSL 15:117db924cf7c 4545 }
wolfSSL 15:117db924cf7c 4546 #endif
wolfSSL 15:117db924cf7c 4547 else if (ret == 0 && AlreadySigner(cm, subjectHash)) {
wolfSSL 15:117db924cf7c 4548 WOLFSSL_MSG("\tAlready have this CA, not adding again");
wolfSSL 15:117db924cf7c 4549 (void)ret;
wolfSSL 15:117db924cf7c 4550 }
wolfSSL 15:117db924cf7c 4551 else if (ret == 0) {
wolfSSL 15:117db924cf7c 4552 /* take over signer parts */
wolfSSL 15:117db924cf7c 4553 signer = MakeSigner(cm->heap);
wolfSSL 15:117db924cf7c 4554 if (!signer)
wolfSSL 15:117db924cf7c 4555 ret = MEMORY_ERROR;
wolfSSL 15:117db924cf7c 4556 }
wolfSSL 15:117db924cf7c 4557 if (ret == 0 && signer != NULL) {
wolfSSL 15:117db924cf7c 4558 #ifdef WOLFSSL_SIGNER_DER_CERT
wolfSSL 15:117db924cf7c 4559 ret = AllocDer(&signer->derCert, der->length, der->type, NULL);
wolfSSL 15:117db924cf7c 4560 }
wolfSSL 15:117db924cf7c 4561 if (ret == 0 && signer != NULL) {
wolfSSL 15:117db924cf7c 4562 XMEMCPY(signer->derCert->buffer, der->buffer, der->length);
wolfSSL 15:117db924cf7c 4563 #endif
wolfSSL 15:117db924cf7c 4564 signer->keyOID = cert->keyOID;
wolfSSL 15:117db924cf7c 4565 if (cert->pubKeyStored) {
wolfSSL 15:117db924cf7c 4566 signer->publicKey = cert->publicKey;
wolfSSL 15:117db924cf7c 4567 signer->pubKeySize = cert->pubKeySize;
wolfSSL 15:117db924cf7c 4568 }
wolfSSL 15:117db924cf7c 4569 if (cert->subjectCNStored) {
wolfSSL 15:117db924cf7c 4570 signer->nameLen = cert->subjectCNLen;
wolfSSL 15:117db924cf7c 4571 signer->name = cert->subjectCN;
wolfSSL 15:117db924cf7c 4572 }
wolfSSL 15:117db924cf7c 4573 signer->pathLength = cert->pathLength;
wolfSSL 16:8e0d178b1d1e 4574 signer->maxPathLen = cert->maxPathLen;
wolfSSL 15:117db924cf7c 4575 signer->pathLengthSet = cert->pathLengthSet;
wolfSSL 16:8e0d178b1d1e 4576 signer->selfSigned = cert->selfSigned;
wolfSSL 15:117db924cf7c 4577 #ifndef IGNORE_NAME_CONSTRAINTS
wolfSSL 15:117db924cf7c 4578 signer->permittedNames = cert->permittedNames;
wolfSSL 15:117db924cf7c 4579 signer->excludedNames = cert->excludedNames;
wolfSSL 15:117db924cf7c 4580 #endif
wolfSSL 15:117db924cf7c 4581 #ifndef NO_SKID
wolfSSL 15:117db924cf7c 4582 XMEMCPY(signer->subjectKeyIdHash, cert->extSubjKeyId,
wolfSSL 15:117db924cf7c 4583 SIGNER_DIGEST_SIZE);
wolfSSL 15:117db924cf7c 4584 #endif
wolfSSL 15:117db924cf7c 4585 XMEMCPY(signer->subjectNameHash, cert->subjectHash,
wolfSSL 15:117db924cf7c 4586 SIGNER_DIGEST_SIZE);
wolfSSL 16:8e0d178b1d1e 4587 #ifdef HAVE_OCSP
wolfSSL 16:8e0d178b1d1e 4588 XMEMCPY(signer->subjectKeyHash, cert->subjectKeyHash,
wolfSSL 16:8e0d178b1d1e 4589 KEYID_SIZE);
wolfSSL 16:8e0d178b1d1e 4590 #endif
wolfSSL 15:117db924cf7c 4591 signer->keyUsage = cert->extKeyUsageSet ? cert->extKeyUsage
wolfSSL 15:117db924cf7c 4592 : 0xFFFF;
wolfSSL 15:117db924cf7c 4593 signer->next = NULL; /* If Key Usage not set, all uses valid. */
wolfSSL 15:117db924cf7c 4594 cert->publicKey = 0; /* in case lock fails don't free here. */
wolfSSL 15:117db924cf7c 4595 cert->subjectCN = 0;
wolfSSL 15:117db924cf7c 4596 #ifndef IGNORE_NAME_CONSTRAINTS
wolfSSL 15:117db924cf7c 4597 cert->permittedNames = NULL;
wolfSSL 15:117db924cf7c 4598 cert->excludedNames = NULL;
wolfSSL 15:117db924cf7c 4599 #endif
wolfSSL 15:117db924cf7c 4600
wolfSSL 15:117db924cf7c 4601 #ifndef NO_SKID
wolfSSL 15:117db924cf7c 4602 row = HashSigner(signer->subjectKeyIdHash);
wolfSSL 15:117db924cf7c 4603 #else
wolfSSL 15:117db924cf7c 4604 row = HashSigner(signer->subjectNameHash);
wolfSSL 15:117db924cf7c 4605 #endif
wolfSSL 15:117db924cf7c 4606
wolfSSL 15:117db924cf7c 4607 if (wc_LockMutex(&cm->caLock) == 0) {
wolfSSL 15:117db924cf7c 4608 signer->next = cm->caTable[row];
wolfSSL 15:117db924cf7c 4609 cm->caTable[row] = signer; /* takes ownership */
wolfSSL 15:117db924cf7c 4610 wc_UnLockMutex(&cm->caLock);
wolfSSL 15:117db924cf7c 4611 if (cm->caCacheCallback)
wolfSSL 15:117db924cf7c 4612 cm->caCacheCallback(der->buffer, (int)der->length, type);
wolfSSL 15:117db924cf7c 4613 }
wolfSSL 15:117db924cf7c 4614 else {
wolfSSL 15:117db924cf7c 4615 WOLFSSL_MSG("\tCA Mutex Lock failed");
wolfSSL 15:117db924cf7c 4616 ret = BAD_MUTEX_E;
wolfSSL 15:117db924cf7c 4617 FreeSigner(signer, cm->heap);
wolfSSL 15:117db924cf7c 4618 }
wolfSSL 15:117db924cf7c 4619 }
wolfSSL 16:8e0d178b1d1e 4620 #if defined(WOLFSSL_RENESAS_TSIP_TLS)
wolfSSL 16:8e0d178b1d1e 4621 /* Verify CA by TSIP so that generated tsip key is going to be able to */
wolfSSL 16:8e0d178b1d1e 4622 /* be used for peer's cert verification */
wolfSSL 16:8e0d178b1d1e 4623 /* TSIP is only able to handle USER CA, and only one CA. */
wolfSSL 16:8e0d178b1d1e 4624 /* Therefore, it doesn't need to call TSIP again if there is already */
wolfSSL 16:8e0d178b1d1e 4625 /* verified CA. */
wolfSSL 16:8e0d178b1d1e 4626 if ( ret == 0 && signer != NULL ) {
wolfSSL 16:8e0d178b1d1e 4627 signer->cm_idx = row;
wolfSSL 16:8e0d178b1d1e 4628 if (type == WOLFSSL_USER_CA && tsip_rootCAverified() == 0 ) {
wolfSSL 16:8e0d178b1d1e 4629 if ((ret = tsip_tls_RootCertVerify(cert->source, cert->maxIdx,
wolfSSL 16:8e0d178b1d1e 4630 cert->sigCtx.pubkey_n_start, cert->sigCtx.pubkey_n_len - 1,
wolfSSL 16:8e0d178b1d1e 4631 cert->sigCtx.pubkey_e_start, cert->sigCtx.pubkey_e_len - 1,
wolfSSL 16:8e0d178b1d1e 4632 row/* cm index */))
wolfSSL 16:8e0d178b1d1e 4633 != 0)
wolfSSL 16:8e0d178b1d1e 4634 WOLFSSL_MSG("tsip_tls_RootCertVerify() failed");
wolfSSL 16:8e0d178b1d1e 4635 else
wolfSSL 16:8e0d178b1d1e 4636 WOLFSSL_MSG("tsip_tls_RootCertVerify() succeed");
wolfSSL 16:8e0d178b1d1e 4637 }
wolfSSL 16:8e0d178b1d1e 4638 }
wolfSSL 16:8e0d178b1d1e 4639 #endif
wolfSSL 15:117db924cf7c 4640 WOLFSSL_MSG("\tFreeing Parsed CA");
wolfSSL 15:117db924cf7c 4641 FreeDecodedCert(cert);
wolfSSL 15:117db924cf7c 4642 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 4643 XFREE(cert, NULL, DYNAMIC_TYPE_DCERT);
wolfSSL 15:117db924cf7c 4644 #endif
wolfSSL 15:117db924cf7c 4645 WOLFSSL_MSG("\tFreeing der CA");
wolfSSL 15:117db924cf7c 4646 FreeDer(pDer);
wolfSSL 15:117db924cf7c 4647 WOLFSSL_MSG("\t\tOK Freeing der CA");
wolfSSL 15:117db924cf7c 4648
wolfSSL 15:117db924cf7c 4649 WOLFSSL_LEAVE("AddCA", ret);
wolfSSL 15:117db924cf7c 4650
wolfSSL 15:117db924cf7c 4651 return ret == 0 ? WOLFSSL_SUCCESS : ret;
wolfSSL 15:117db924cf7c 4652 }
wolfSSL 15:117db924cf7c 4653
wolfSSL 15:117db924cf7c 4654 #endif /* !NO_CERTS */
wolfSSL 15:117db924cf7c 4655
wolfSSL 15:117db924cf7c 4656
wolfSSL 15:117db924cf7c 4657 #ifndef NO_SESSION_CACHE
wolfSSL 15:117db924cf7c 4658
wolfSSL 15:117db924cf7c 4659 /* basic config gives a cache with 33 sessions, adequate for clients and
wolfSSL 15:117db924cf7c 4660 embedded servers
wolfSSL 15:117db924cf7c 4661
wolfSSL 16:8e0d178b1d1e 4662 TITAN_SESSION_CACHE allows just over 2 million sessions, for servers
wolfSSL 16:8e0d178b1d1e 4663 with titanic amounts of memory with long session ID timeouts and high
wolfSSL 16:8e0d178b1d1e 4664 levels of traffic.
wolfSSL 15:117db924cf7c 4665
wolfSSL 15:117db924cf7c 4666 HUGE_SESSION_CACHE yields 65,791 sessions, for servers under heavy load,
wolfSSL 15:117db924cf7c 4667 allows over 13,000 new sessions per minute or over 200 new sessions per
wolfSSL 15:117db924cf7c 4668 second
wolfSSL 15:117db924cf7c 4669
wolfSSL 16:8e0d178b1d1e 4670 BIG_SESSION_CACHE yields 20,027 sessions
wolfSSL 16:8e0d178b1d1e 4671
wolfSSL 16:8e0d178b1d1e 4672 MEDIUM_SESSION_CACHE allows 1055 sessions, adequate for servers that
wolfSSL 16:8e0d178b1d1e 4673 aren't under heavy load, basically allows 200 new sessions per minute
wolfSSL 16:8e0d178b1d1e 4674
wolfSSL 15:117db924cf7c 4675 SMALL_SESSION_CACHE only stores 6 sessions, good for embedded clients
wolfSSL 15:117db924cf7c 4676 or systems where the default of nearly 3kB is too much RAM, this define
wolfSSL 15:117db924cf7c 4677 uses less than 500 bytes RAM
wolfSSL 15:117db924cf7c 4678
wolfSSL 15:117db924cf7c 4679 default SESSION_CACHE stores 33 sessions (no XXX_SESSION_CACHE defined)
wolfSSL 15:117db924cf7c 4680 */
wolfSSL 16:8e0d178b1d1e 4681 #if defined(TITAN_SESSION_CACHE)
wolfSSL 16:8e0d178b1d1e 4682 #define SESSIONS_PER_ROW 31
wolfSSL 16:8e0d178b1d1e 4683 #define SESSION_ROWS 64937
wolfSSL 16:8e0d178b1d1e 4684 #elif defined(HUGE_SESSION_CACHE)
wolfSSL 15:117db924cf7c 4685 #define SESSIONS_PER_ROW 11
wolfSSL 15:117db924cf7c 4686 #define SESSION_ROWS 5981
wolfSSL 15:117db924cf7c 4687 #elif defined(BIG_SESSION_CACHE)
wolfSSL 15:117db924cf7c 4688 #define SESSIONS_PER_ROW 7
wolfSSL 15:117db924cf7c 4689 #define SESSION_ROWS 2861
wolfSSL 15:117db924cf7c 4690 #elif defined(MEDIUM_SESSION_CACHE)
wolfSSL 15:117db924cf7c 4691 #define SESSIONS_PER_ROW 5
wolfSSL 15:117db924cf7c 4692 #define SESSION_ROWS 211
wolfSSL 15:117db924cf7c 4693 #elif defined(SMALL_SESSION_CACHE)
wolfSSL 15:117db924cf7c 4694 #define SESSIONS_PER_ROW 2
wolfSSL 15:117db924cf7c 4695 #define SESSION_ROWS 3
wolfSSL 15:117db924cf7c 4696 #else
wolfSSL 15:117db924cf7c 4697 #define SESSIONS_PER_ROW 3
wolfSSL 15:117db924cf7c 4698 #define SESSION_ROWS 11
wolfSSL 15:117db924cf7c 4699 #endif
wolfSSL 15:117db924cf7c 4700
wolfSSL 15:117db924cf7c 4701 typedef struct SessionRow {
wolfSSL 15:117db924cf7c 4702 int nextIdx; /* where to place next one */
wolfSSL 15:117db924cf7c 4703 int totalCount; /* sessions ever on this row */
wolfSSL 15:117db924cf7c 4704 WOLFSSL_SESSION Sessions[SESSIONS_PER_ROW];
wolfSSL 15:117db924cf7c 4705 } SessionRow;
wolfSSL 15:117db924cf7c 4706
wolfSSL 16:8e0d178b1d1e 4707 static WOLFSSL_GLOBAL SessionRow SessionCache[SESSION_ROWS];
wolfSSL 15:117db924cf7c 4708
wolfSSL 15:117db924cf7c 4709 #if defined(WOLFSSL_SESSION_STATS) && defined(WOLFSSL_PEAK_SESSIONS)
wolfSSL 16:8e0d178b1d1e 4710 static WOLFSSL_GLOBAL word32 PeakSessions;
wolfSSL 16:8e0d178b1d1e 4711 #endif
wolfSSL 16:8e0d178b1d1e 4712
wolfSSL 16:8e0d178b1d1e 4713 static WOLFSSL_GLOBAL wolfSSL_Mutex session_mutex; /* SessionCache mutex */
wolfSSL 15:117db924cf7c 4714
wolfSSL 15:117db924cf7c 4715 #ifndef NO_CLIENT_CACHE
wolfSSL 15:117db924cf7c 4716
wolfSSL 15:117db924cf7c 4717 typedef struct ClientSession {
wolfSSL 15:117db924cf7c 4718 word16 serverRow; /* SessionCache Row id */
wolfSSL 15:117db924cf7c 4719 word16 serverIdx; /* SessionCache Idx (column) */
wolfSSL 15:117db924cf7c 4720 } ClientSession;
wolfSSL 15:117db924cf7c 4721
wolfSSL 15:117db924cf7c 4722 typedef struct ClientRow {
wolfSSL 15:117db924cf7c 4723 int nextIdx; /* where to place next one */
wolfSSL 15:117db924cf7c 4724 int totalCount; /* sessions ever on this row */
wolfSSL 15:117db924cf7c 4725 ClientSession Clients[SESSIONS_PER_ROW];
wolfSSL 15:117db924cf7c 4726 } ClientRow;
wolfSSL 15:117db924cf7c 4727
wolfSSL 16:8e0d178b1d1e 4728 static WOLFSSL_GLOBAL ClientRow ClientCache[SESSION_ROWS];
wolfSSL 16:8e0d178b1d1e 4729 /* Client Cache */
wolfSSL 15:117db924cf7c 4730 /* uses session mutex */
wolfSSL 15:117db924cf7c 4731 #endif /* NO_CLIENT_CACHE */
wolfSSL 15:117db924cf7c 4732
wolfSSL 15:117db924cf7c 4733 #endif /* NO_SESSION_CACHE */
wolfSSL 15:117db924cf7c 4734
wolfSSL 16:8e0d178b1d1e 4735 WOLFSSL_ABI
wolfSSL 15:117db924cf7c 4736 int wolfSSL_Init(void)
wolfSSL 15:117db924cf7c 4737 {
wolfSSL 15:117db924cf7c 4738 WOLFSSL_ENTER("wolfSSL_Init");
wolfSSL 15:117db924cf7c 4739
wolfSSL 15:117db924cf7c 4740 if (initRefCount == 0) {
wolfSSL 15:117db924cf7c 4741 /* Initialize crypto for use with TLS connection */
wolfSSL 15:117db924cf7c 4742 if (wolfCrypt_Init() != 0) {
wolfSSL 15:117db924cf7c 4743 WOLFSSL_MSG("Bad wolfCrypt Init");
wolfSSL 15:117db924cf7c 4744 return WC_INIT_E;
wolfSSL 15:117db924cf7c 4745 }
wolfSSL 16:8e0d178b1d1e 4746
wolfSSL 16:8e0d178b1d1e 4747 #ifdef OPENSSL_EXTRA
wolfSSL 16:8e0d178b1d1e 4748 if (wolfSSL_RAND_seed(NULL, 0) != WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 4749 WOLFSSL_MSG("wolfSSL_RAND_Seed failed");
wolfSSL 16:8e0d178b1d1e 4750 return WC_INIT_E;
wolfSSL 16:8e0d178b1d1e 4751 }
wolfSSL 16:8e0d178b1d1e 4752 #endif
wolfSSL 16:8e0d178b1d1e 4753
wolfSSL 15:117db924cf7c 4754 #ifndef NO_SESSION_CACHE
wolfSSL 15:117db924cf7c 4755 if (wc_InitMutex(&session_mutex) != 0) {
wolfSSL 15:117db924cf7c 4756 WOLFSSL_MSG("Bad Init Mutex session");
wolfSSL 15:117db924cf7c 4757 return BAD_MUTEX_E;
wolfSSL 15:117db924cf7c 4758 }
wolfSSL 15:117db924cf7c 4759 #endif
wolfSSL 15:117db924cf7c 4760 if (wc_InitMutex(&count_mutex) != 0) {
wolfSSL 15:117db924cf7c 4761 WOLFSSL_MSG("Bad Init Mutex count");
wolfSSL 15:117db924cf7c 4762 return BAD_MUTEX_E;
wolfSSL 15:117db924cf7c 4763 }
wolfSSL 15:117db924cf7c 4764 }
wolfSSL 15:117db924cf7c 4765
wolfSSL 15:117db924cf7c 4766 if (wc_LockMutex(&count_mutex) != 0) {
wolfSSL 15:117db924cf7c 4767 WOLFSSL_MSG("Bad Lock Mutex count");
wolfSSL 15:117db924cf7c 4768 return BAD_MUTEX_E;
wolfSSL 15:117db924cf7c 4769 }
wolfSSL 15:117db924cf7c 4770
wolfSSL 15:117db924cf7c 4771 initRefCount++;
wolfSSL 15:117db924cf7c 4772 wc_UnLockMutex(&count_mutex);
wolfSSL 15:117db924cf7c 4773
wolfSSL 15:117db924cf7c 4774 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 4775 }
wolfSSL 15:117db924cf7c 4776
wolfSSL 15:117db924cf7c 4777
wolfSSL 15:117db924cf7c 4778
wolfSSL 15:117db924cf7c 4779 #ifndef NO_CERTS
wolfSSL 15:117db924cf7c 4780
wolfSSL 15:117db924cf7c 4781 /* process user cert chain to pass during the handshake */
wolfSSL 15:117db924cf7c 4782 static int ProcessUserChain(WOLFSSL_CTX* ctx, const unsigned char* buff,
wolfSSL 15:117db924cf7c 4783 long sz, int format, int type, WOLFSSL* ssl,
wolfSSL 16:8e0d178b1d1e 4784 long* used, EncryptedInfo* info, int verify)
wolfSSL 15:117db924cf7c 4785 {
wolfSSL 15:117db924cf7c 4786 int ret = 0;
wolfSSL 15:117db924cf7c 4787 void* heap = wolfSSL_CTX_GetHeap(ctx, ssl);
wolfSSL 15:117db924cf7c 4788 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 4789 int cnt = 0;
wolfSSL 15:117db924cf7c 4790 #endif
wolfSSL 15:117db924cf7c 4791
wolfSSL 16:8e0d178b1d1e 4792 if ((type == CA_TYPE) && (ctx == NULL)) {
wolfSSL 16:8e0d178b1d1e 4793 WOLFSSL_MSG("Need context for CA load");
wolfSSL 16:8e0d178b1d1e 4794 return BAD_FUNC_ARG;
wolfSSL 16:8e0d178b1d1e 4795 }
wolfSSL 16:8e0d178b1d1e 4796
wolfSSL 15:117db924cf7c 4797 /* we may have a user cert chain, try to consume */
wolfSSL 16:8e0d178b1d1e 4798 if ((type == CERT_TYPE || type == CA_TYPE) && (info->consumed < sz)) {
wolfSSL 15:117db924cf7c 4799 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 4800 byte staticBuffer[1]; /* force heap usage */
wolfSSL 15:117db924cf7c 4801 #else
wolfSSL 15:117db924cf7c 4802 byte staticBuffer[FILE_BUFFER_SIZE]; /* tmp chain buffer */
wolfSSL 15:117db924cf7c 4803 #endif
wolfSSL 15:117db924cf7c 4804 byte* chainBuffer = staticBuffer;
wolfSSL 15:117db924cf7c 4805 int dynamicBuffer = 0;
wolfSSL 15:117db924cf7c 4806 word32 bufferSz;
wolfSSL 15:117db924cf7c 4807 long consumed = info->consumed;
wolfSSL 15:117db924cf7c 4808 word32 idx = 0;
wolfSSL 15:117db924cf7c 4809 int gotOne = 0;
wolfSSL 15:117db924cf7c 4810
wolfSSL 15:117db924cf7c 4811 /* Calculate max possible size, including max headers */
wolfSSL 15:117db924cf7c 4812 bufferSz = (word32)(sz - consumed) + (CERT_HEADER_SZ * MAX_CHAIN_DEPTH);
wolfSSL 15:117db924cf7c 4813 if (bufferSz > sizeof(staticBuffer)) {
wolfSSL 15:117db924cf7c 4814 WOLFSSL_MSG("Growing Tmp Chain Buffer");
wolfSSL 15:117db924cf7c 4815 /* will shrink to actual size */
wolfSSL 15:117db924cf7c 4816 chainBuffer = (byte*)XMALLOC(bufferSz, heap, DYNAMIC_TYPE_FILE);
wolfSSL 15:117db924cf7c 4817 if (chainBuffer == NULL) {
wolfSSL 15:117db924cf7c 4818 return MEMORY_E;
wolfSSL 15:117db924cf7c 4819 }
wolfSSL 15:117db924cf7c 4820 dynamicBuffer = 1;
wolfSSL 15:117db924cf7c 4821 }
wolfSSL 15:117db924cf7c 4822
wolfSSL 15:117db924cf7c 4823 WOLFSSL_MSG("Processing Cert Chain");
wolfSSL 15:117db924cf7c 4824 while (consumed < sz) {
wolfSSL 15:117db924cf7c 4825 DerBuffer* part = NULL;
wolfSSL 15:117db924cf7c 4826 word32 remain = (word32)(sz - consumed);
wolfSSL 15:117db924cf7c 4827 info->consumed = 0;
wolfSSL 15:117db924cf7c 4828
wolfSSL 15:117db924cf7c 4829 if (format == WOLFSSL_FILETYPE_PEM) {
wolfSSL 15:117db924cf7c 4830 #ifdef WOLFSSL_PEM_TO_DER
wolfSSL 15:117db924cf7c 4831 ret = PemToDer(buff + consumed, remain, type, &part,
wolfSSL 15:117db924cf7c 4832 heap, info, NULL);
wolfSSL 15:117db924cf7c 4833 #else
wolfSSL 15:117db924cf7c 4834 ret = NOT_COMPILED_IN;
wolfSSL 15:117db924cf7c 4835 #endif
wolfSSL 15:117db924cf7c 4836 }
wolfSSL 15:117db924cf7c 4837 else {
wolfSSL 15:117db924cf7c 4838 int length = remain;
wolfSSL 15:117db924cf7c 4839 if (format == WOLFSSL_FILETYPE_ASN1) {
wolfSSL 15:117db924cf7c 4840 /* get length of der (read sequence) */
wolfSSL 15:117db924cf7c 4841 word32 inOutIdx = 0;
wolfSSL 16:8e0d178b1d1e 4842 if (GetSequence(buff + consumed, &inOutIdx, &length,
wolfSSL 16:8e0d178b1d1e 4843 remain) < 0) {
wolfSSL 15:117db924cf7c 4844 ret = ASN_NO_PEM_HEADER;
wolfSSL 15:117db924cf7c 4845 }
wolfSSL 15:117db924cf7c 4846 length += inOutIdx; /* include leading sequence */
wolfSSL 15:117db924cf7c 4847 }
wolfSSL 15:117db924cf7c 4848 info->consumed = length;
wolfSSL 15:117db924cf7c 4849 if (ret == 0) {
wolfSSL 15:117db924cf7c 4850 ret = AllocDer(&part, length, type, heap);
wolfSSL 15:117db924cf7c 4851 if (ret == 0) {
wolfSSL 15:117db924cf7c 4852 XMEMCPY(part->buffer, buff + consumed, length);
wolfSSL 15:117db924cf7c 4853 }
wolfSSL 15:117db924cf7c 4854 }
wolfSSL 15:117db924cf7c 4855 }
wolfSSL 15:117db924cf7c 4856 if (ret == 0) {
wolfSSL 15:117db924cf7c 4857 gotOne = 1;
wolfSSL 15:117db924cf7c 4858 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 4859 cnt++;
wolfSSL 15:117db924cf7c 4860 #endif
wolfSSL 15:117db924cf7c 4861 if ((idx + part->length + CERT_HEADER_SZ) > bufferSz) {
wolfSSL 15:117db924cf7c 4862 WOLFSSL_MSG(" Cert Chain bigger than buffer");
wolfSSL 15:117db924cf7c 4863 ret = BUFFER_E;
wolfSSL 15:117db924cf7c 4864 }
wolfSSL 15:117db924cf7c 4865 else {
wolfSSL 15:117db924cf7c 4866 c32to24(part->length, &chainBuffer[idx]);
wolfSSL 15:117db924cf7c 4867 idx += CERT_HEADER_SZ;
wolfSSL 15:117db924cf7c 4868 XMEMCPY(&chainBuffer[idx], part->buffer, part->length);
wolfSSL 15:117db924cf7c 4869 idx += part->length;
wolfSSL 15:117db924cf7c 4870 consumed += info->consumed;
wolfSSL 15:117db924cf7c 4871 if (used)
wolfSSL 15:117db924cf7c 4872 *used += info->consumed;
wolfSSL 15:117db924cf7c 4873 }
wolfSSL 16:8e0d178b1d1e 4874
wolfSSL 16:8e0d178b1d1e 4875 /* add CA's to certificate manager */
wolfSSL 16:8e0d178b1d1e 4876 if (type == CA_TYPE) {
wolfSSL 16:8e0d178b1d1e 4877 /* verify CA unless user set to no verify */
wolfSSL 16:8e0d178b1d1e 4878 ret = AddCA(ctx->cm, &part, WOLFSSL_USER_CA, verify);
wolfSSL 16:8e0d178b1d1e 4879 gotOne = 0; /* don't exit loop for CA type */
wolfSSL 16:8e0d178b1d1e 4880 }
wolfSSL 16:8e0d178b1d1e 4881 }
wolfSSL 16:8e0d178b1d1e 4882
wolfSSL 15:117db924cf7c 4883 FreeDer(&part);
wolfSSL 15:117db924cf7c 4884
wolfSSL 15:117db924cf7c 4885 if (ret == ASN_NO_PEM_HEADER && gotOne) {
wolfSSL 15:117db924cf7c 4886 WOLFSSL_MSG("We got one good cert, so stuff at end ok");
wolfSSL 15:117db924cf7c 4887 break;
wolfSSL 15:117db924cf7c 4888 }
wolfSSL 15:117db924cf7c 4889
wolfSSL 15:117db924cf7c 4890 if (ret < 0) {
wolfSSL 15:117db924cf7c 4891 WOLFSSL_MSG(" Error in Cert in Chain");
wolfSSL 15:117db924cf7c 4892 if (dynamicBuffer)
wolfSSL 15:117db924cf7c 4893 XFREE(chainBuffer, heap, DYNAMIC_TYPE_FILE);
wolfSSL 15:117db924cf7c 4894 return ret;
wolfSSL 15:117db924cf7c 4895 }
wolfSSL 15:117db924cf7c 4896 WOLFSSL_MSG(" Consumed another Cert in Chain");
wolfSSL 15:117db924cf7c 4897 }
wolfSSL 15:117db924cf7c 4898 WOLFSSL_MSG("Finished Processing Cert Chain");
wolfSSL 15:117db924cf7c 4899
wolfSSL 15:117db924cf7c 4900 /* only retain actual size used */
wolfSSL 15:117db924cf7c 4901 ret = 0;
wolfSSL 15:117db924cf7c 4902 if (idx > 0) {
wolfSSL 15:117db924cf7c 4903 if (ssl) {
wolfSSL 15:117db924cf7c 4904 if (ssl->buffers.weOwnCertChain) {
wolfSSL 15:117db924cf7c 4905 FreeDer(&ssl->buffers.certChain);
wolfSSL 15:117db924cf7c 4906 }
wolfSSL 15:117db924cf7c 4907 ret = AllocDer(&ssl->buffers.certChain, idx, type, heap);
wolfSSL 15:117db924cf7c 4908 if (ret == 0) {
wolfSSL 16:8e0d178b1d1e 4909 XMEMCPY(ssl->buffers.certChain->buffer, chainBuffer,
wolfSSL 16:8e0d178b1d1e 4910 idx);
wolfSSL 15:117db924cf7c 4911 ssl->buffers.weOwnCertChain = 1;
wolfSSL 15:117db924cf7c 4912 }
wolfSSL 16:8e0d178b1d1e 4913 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 4914 ssl->buffers.certChainCnt = cnt;
wolfSSL 16:8e0d178b1d1e 4915 #endif
wolfSSL 15:117db924cf7c 4916 } else if (ctx) {
wolfSSL 15:117db924cf7c 4917 FreeDer(&ctx->certChain);
wolfSSL 15:117db924cf7c 4918 ret = AllocDer(&ctx->certChain, idx, type, heap);
wolfSSL 15:117db924cf7c 4919 if (ret == 0) {
wolfSSL 15:117db924cf7c 4920 XMEMCPY(ctx->certChain->buffer, chainBuffer, idx);
wolfSSL 15:117db924cf7c 4921 }
wolfSSL 16:8e0d178b1d1e 4922 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 4923 ctx->certChainCnt = cnt;
wolfSSL 16:8e0d178b1d1e 4924 #endif
wolfSSL 15:117db924cf7c 4925 }
wolfSSL 15:117db924cf7c 4926 }
wolfSSL 15:117db924cf7c 4927
wolfSSL 15:117db924cf7c 4928 if (dynamicBuffer)
wolfSSL 15:117db924cf7c 4929 XFREE(chainBuffer, heap, DYNAMIC_TYPE_FILE);
wolfSSL 15:117db924cf7c 4930 }
wolfSSL 15:117db924cf7c 4931
wolfSSL 15:117db924cf7c 4932 return ret;
wolfSSL 15:117db924cf7c 4933 }
wolfSSL 16:8e0d178b1d1e 4934
wolfSSL 16:8e0d178b1d1e 4935 static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl, DerBuffer* der,
wolfSSL 16:8e0d178b1d1e 4936 int* keySz, word32* idx, int* resetSuites, int* keyFormat, void* heap, int devId)
wolfSSL 16:8e0d178b1d1e 4937 {
wolfSSL 16:8e0d178b1d1e 4938 int ret = 0;
wolfSSL 16:8e0d178b1d1e 4939
wolfSSL 16:8e0d178b1d1e 4940 (void)heap;
wolfSSL 16:8e0d178b1d1e 4941 (void)devId;
wolfSSL 16:8e0d178b1d1e 4942
wolfSSL 16:8e0d178b1d1e 4943 if (ctx == NULL && ssl == NULL)
wolfSSL 16:8e0d178b1d1e 4944 ret = BAD_FUNC_ARG;
wolfSSL 16:8e0d178b1d1e 4945 if (!der || !keySz || !idx || !resetSuites || !keyFormat)
wolfSSL 16:8e0d178b1d1e 4946 ret = BAD_FUNC_ARG;
wolfSSL 16:8e0d178b1d1e 4947
wolfSSL 16:8e0d178b1d1e 4948 #ifndef NO_RSA
wolfSSL 16:8e0d178b1d1e 4949 if (ret == 0 && (*keyFormat == 0 || *keyFormat == RSAk)) {
wolfSSL 16:8e0d178b1d1e 4950 /* make sure RSA key can be used */
wolfSSL 16:8e0d178b1d1e 4951 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 16:8e0d178b1d1e 4952 RsaKey* key;
wolfSSL 16:8e0d178b1d1e 4953 #else
wolfSSL 16:8e0d178b1d1e 4954 RsaKey key[1];
wolfSSL 16:8e0d178b1d1e 4955 #endif
wolfSSL 16:8e0d178b1d1e 4956
wolfSSL 16:8e0d178b1d1e 4957 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 16:8e0d178b1d1e 4958 key = (RsaKey*)XMALLOC(sizeof(RsaKey), heap, DYNAMIC_TYPE_RSA);
wolfSSL 16:8e0d178b1d1e 4959 if (key == NULL)
wolfSSL 16:8e0d178b1d1e 4960 return MEMORY_E;
wolfSSL 16:8e0d178b1d1e 4961 #endif
wolfSSL 16:8e0d178b1d1e 4962
wolfSSL 16:8e0d178b1d1e 4963 ret = wc_InitRsaKey_ex(key, heap, devId);
wolfSSL 16:8e0d178b1d1e 4964 if (ret == 0) {
wolfSSL 16:8e0d178b1d1e 4965 *idx = 0;
wolfSSL 16:8e0d178b1d1e 4966 if (wc_RsaPrivateKeyDecode(der->buffer, idx, key, der->length)
wolfSSL 16:8e0d178b1d1e 4967 != 0) {
wolfSSL 16:8e0d178b1d1e 4968 #if !defined(HAVE_ECC) && !defined(HAVE_ED25519) && \
wolfSSL 16:8e0d178b1d1e 4969 !defined(HAVE_ED448)
wolfSSL 16:8e0d178b1d1e 4970 WOLFSSL_MSG("RSA decode failed and ECC/ED25519/ED448 not "
wolfSSL 16:8e0d178b1d1e 4971 "enabled to try");
wolfSSL 16:8e0d178b1d1e 4972 ret = WOLFSSL_BAD_FILE;
wolfSSL 16:8e0d178b1d1e 4973 #endif
wolfSSL 16:8e0d178b1d1e 4974 }
wolfSSL 16:8e0d178b1d1e 4975 else {
wolfSSL 16:8e0d178b1d1e 4976 /* check that the size of the RSA key is enough */
wolfSSL 16:8e0d178b1d1e 4977 int minRsaSz = ssl ? ssl->options.minRsaKeySz :
wolfSSL 16:8e0d178b1d1e 4978 ctx->minRsaKeySz;
wolfSSL 16:8e0d178b1d1e 4979 *keySz = wc_RsaEncryptSize((RsaKey*)key);
wolfSSL 16:8e0d178b1d1e 4980 if (*keySz < minRsaSz) {
wolfSSL 16:8e0d178b1d1e 4981 ret = RSA_KEY_SIZE_E;
wolfSSL 16:8e0d178b1d1e 4982 WOLFSSL_MSG("Private Key size too small");
wolfSSL 16:8e0d178b1d1e 4983 }
wolfSSL 16:8e0d178b1d1e 4984
wolfSSL 16:8e0d178b1d1e 4985 if (ssl) {
wolfSSL 16:8e0d178b1d1e 4986 ssl->buffers.keyType = rsa_sa_algo;
wolfSSL 16:8e0d178b1d1e 4987 ssl->buffers.keySz = *keySz;
wolfSSL 16:8e0d178b1d1e 4988 }
wolfSSL 16:8e0d178b1d1e 4989 else {
wolfSSL 16:8e0d178b1d1e 4990 ctx->privateKeyType = rsa_sa_algo;
wolfSSL 16:8e0d178b1d1e 4991 ctx->privateKeySz = *keySz;
wolfSSL 16:8e0d178b1d1e 4992 }
wolfSSL 16:8e0d178b1d1e 4993
wolfSSL 16:8e0d178b1d1e 4994 *keyFormat = RSAk;
wolfSSL 16:8e0d178b1d1e 4995
wolfSSL 16:8e0d178b1d1e 4996 if (ssl && ssl->options.side == WOLFSSL_SERVER_END) {
wolfSSL 16:8e0d178b1d1e 4997 ssl->options.haveStaticECC = 0;
wolfSSL 16:8e0d178b1d1e 4998 *resetSuites = 1;
wolfSSL 16:8e0d178b1d1e 4999 }
wolfSSL 16:8e0d178b1d1e 5000 }
wolfSSL 16:8e0d178b1d1e 5001
wolfSSL 16:8e0d178b1d1e 5002 wc_FreeRsaKey(key);
wolfSSL 16:8e0d178b1d1e 5003 }
wolfSSL 16:8e0d178b1d1e 5004
wolfSSL 16:8e0d178b1d1e 5005 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 16:8e0d178b1d1e 5006 XFREE(key, heap, DYNAMIC_TYPE_RSA);
wolfSSL 16:8e0d178b1d1e 5007 #endif
wolfSSL 16:8e0d178b1d1e 5008 }
wolfSSL 16:8e0d178b1d1e 5009 #endif
wolfSSL 16:8e0d178b1d1e 5010 #ifdef HAVE_ECC
wolfSSL 16:8e0d178b1d1e 5011 if (ret == 0 && (*keyFormat == 0 || *keyFormat == ECDSAk)) {
wolfSSL 16:8e0d178b1d1e 5012 /* make sure ECC key can be used */
wolfSSL 16:8e0d178b1d1e 5013 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 16:8e0d178b1d1e 5014 ecc_key* key;
wolfSSL 16:8e0d178b1d1e 5015 #else
wolfSSL 16:8e0d178b1d1e 5016 ecc_key key[1];
wolfSSL 16:8e0d178b1d1e 5017 #endif
wolfSSL 16:8e0d178b1d1e 5018
wolfSSL 16:8e0d178b1d1e 5019 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 16:8e0d178b1d1e 5020 key = (ecc_key*)XMALLOC(sizeof(ecc_key), heap, DYNAMIC_TYPE_ECC);
wolfSSL 16:8e0d178b1d1e 5021 if (key == NULL)
wolfSSL 16:8e0d178b1d1e 5022 return MEMORY_E;
wolfSSL 16:8e0d178b1d1e 5023 #endif
wolfSSL 16:8e0d178b1d1e 5024
wolfSSL 16:8e0d178b1d1e 5025 if (wc_ecc_init_ex(key, heap, devId) == 0) {
wolfSSL 16:8e0d178b1d1e 5026 *idx = 0;
wolfSSL 16:8e0d178b1d1e 5027 if (wc_EccPrivateKeyDecode(der->buffer, idx, key,
wolfSSL 16:8e0d178b1d1e 5028 der->length) == 0) {
wolfSSL 16:8e0d178b1d1e 5029 /* check for minimum ECC key size and then free */
wolfSSL 16:8e0d178b1d1e 5030 int minKeySz = ssl ? ssl->options.minEccKeySz :
wolfSSL 16:8e0d178b1d1e 5031 ctx->minEccKeySz;
wolfSSL 16:8e0d178b1d1e 5032 *keySz = wc_ecc_size(key);
wolfSSL 16:8e0d178b1d1e 5033 if (*keySz < minKeySz) {
wolfSSL 16:8e0d178b1d1e 5034 WOLFSSL_MSG("ECC private key too small");
wolfSSL 16:8e0d178b1d1e 5035 ret = ECC_KEY_SIZE_E;
wolfSSL 16:8e0d178b1d1e 5036 }
wolfSSL 16:8e0d178b1d1e 5037
wolfSSL 16:8e0d178b1d1e 5038 *keyFormat = ECDSAk;
wolfSSL 16:8e0d178b1d1e 5039 if (ssl) {
wolfSSL 16:8e0d178b1d1e 5040 ssl->options.haveStaticECC = 1;
wolfSSL 16:8e0d178b1d1e 5041 ssl->buffers.keyType = ecc_dsa_sa_algo;
wolfSSL 16:8e0d178b1d1e 5042 ssl->buffers.keySz = *keySz;
wolfSSL 16:8e0d178b1d1e 5043 }
wolfSSL 16:8e0d178b1d1e 5044 else {
wolfSSL 16:8e0d178b1d1e 5045 ctx->haveStaticECC = 1;
wolfSSL 16:8e0d178b1d1e 5046 ctx->privateKeyType = ecc_dsa_sa_algo;
wolfSSL 16:8e0d178b1d1e 5047 ctx->privateKeySz = *keySz;
wolfSSL 16:8e0d178b1d1e 5048 }
wolfSSL 16:8e0d178b1d1e 5049
wolfSSL 16:8e0d178b1d1e 5050 if (ssl && ssl->options.side == WOLFSSL_SERVER_END) {
wolfSSL 16:8e0d178b1d1e 5051 *resetSuites = 1;
wolfSSL 16:8e0d178b1d1e 5052 }
wolfSSL 16:8e0d178b1d1e 5053 }
wolfSSL 16:8e0d178b1d1e 5054
wolfSSL 16:8e0d178b1d1e 5055 wc_ecc_free(key);
wolfSSL 16:8e0d178b1d1e 5056 }
wolfSSL 16:8e0d178b1d1e 5057
wolfSSL 16:8e0d178b1d1e 5058 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 16:8e0d178b1d1e 5059 XFREE(key, heap, DYNAMIC_TYPE_ECC);
wolfSSL 16:8e0d178b1d1e 5060 #endif
wolfSSL 16:8e0d178b1d1e 5061 }
wolfSSL 16:8e0d178b1d1e 5062 #endif /* HAVE_ECC */
wolfSSL 16:8e0d178b1d1e 5063 #ifdef HAVE_ED25519
wolfSSL 16:8e0d178b1d1e 5064 if (ret == 0 && (*keyFormat == 0 || *keyFormat == ED25519k)) {
wolfSSL 16:8e0d178b1d1e 5065 /* make sure Ed25519 key can be used */
wolfSSL 16:8e0d178b1d1e 5066 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 16:8e0d178b1d1e 5067 ed25519_key* key;
wolfSSL 16:8e0d178b1d1e 5068 #else
wolfSSL 16:8e0d178b1d1e 5069 ed25519_key key[1];
wolfSSL 16:8e0d178b1d1e 5070 #endif
wolfSSL 16:8e0d178b1d1e 5071
wolfSSL 16:8e0d178b1d1e 5072 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 16:8e0d178b1d1e 5073 key = (ed25519_key*)XMALLOC(sizeof(ed25519_key), heap,
wolfSSL 16:8e0d178b1d1e 5074 DYNAMIC_TYPE_ED25519);
wolfSSL 16:8e0d178b1d1e 5075 if (key == NULL)
wolfSSL 16:8e0d178b1d1e 5076 return MEMORY_E;
wolfSSL 16:8e0d178b1d1e 5077 #endif
wolfSSL 16:8e0d178b1d1e 5078
wolfSSL 16:8e0d178b1d1e 5079 ret = wc_ed25519_init(key);
wolfSSL 16:8e0d178b1d1e 5080 if (ret == 0) {
wolfSSL 16:8e0d178b1d1e 5081 *idx = 0;
wolfSSL 16:8e0d178b1d1e 5082 if (wc_Ed25519PrivateKeyDecode(der->buffer, idx, key,
wolfSSL 16:8e0d178b1d1e 5083 der->length) == 0) {
wolfSSL 16:8e0d178b1d1e 5084 /* check for minimum key size and then free */
wolfSSL 16:8e0d178b1d1e 5085 int minKeySz = ssl ? ssl->options.minEccKeySz :
wolfSSL 16:8e0d178b1d1e 5086 ctx->minEccKeySz;
wolfSSL 16:8e0d178b1d1e 5087 *keySz = ED25519_KEY_SIZE;
wolfSSL 16:8e0d178b1d1e 5088 if (*keySz < minKeySz) {
wolfSSL 16:8e0d178b1d1e 5089 WOLFSSL_MSG("ED25519 private key too small");
wolfSSL 16:8e0d178b1d1e 5090 ret = ECC_KEY_SIZE_E;
wolfSSL 16:8e0d178b1d1e 5091 }
wolfSSL 16:8e0d178b1d1e 5092 if (ret == 0) {
wolfSSL 16:8e0d178b1d1e 5093 if (ssl) {
wolfSSL 16:8e0d178b1d1e 5094 ssl->buffers.keyType = ed25519_sa_algo;
wolfSSL 16:8e0d178b1d1e 5095 ssl->buffers.keySz = *keySz;
wolfSSL 16:8e0d178b1d1e 5096 }
wolfSSL 16:8e0d178b1d1e 5097 else if (ctx) {
wolfSSL 16:8e0d178b1d1e 5098 ctx->privateKeyType = ed25519_sa_algo;
wolfSSL 16:8e0d178b1d1e 5099 ctx->privateKeySz = *keySz;
wolfSSL 16:8e0d178b1d1e 5100 }
wolfSSL 16:8e0d178b1d1e 5101
wolfSSL 16:8e0d178b1d1e 5102 *keyFormat = ED25519k;
wolfSSL 16:8e0d178b1d1e 5103 if (ssl && ssl->options.side == WOLFSSL_SERVER_END) {
wolfSSL 16:8e0d178b1d1e 5104 *resetSuites = 1;
wolfSSL 16:8e0d178b1d1e 5105 }
wolfSSL 16:8e0d178b1d1e 5106 }
wolfSSL 16:8e0d178b1d1e 5107 }
wolfSSL 16:8e0d178b1d1e 5108
wolfSSL 16:8e0d178b1d1e 5109 wc_ed25519_free(key);
wolfSSL 16:8e0d178b1d1e 5110 }
wolfSSL 16:8e0d178b1d1e 5111
wolfSSL 16:8e0d178b1d1e 5112 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 16:8e0d178b1d1e 5113 XFREE(key, heap, DYNAMIC_TYPE_ED25519);
wolfSSL 16:8e0d178b1d1e 5114 #endif
wolfSSL 16:8e0d178b1d1e 5115 }
wolfSSL 16:8e0d178b1d1e 5116 #endif /* HAVE_ED25519 */
wolfSSL 16:8e0d178b1d1e 5117 #ifdef HAVE_ED448
wolfSSL 16:8e0d178b1d1e 5118 if (ret == 0 && (*keyFormat == 0 || *keyFormat == ED448k)) {
wolfSSL 16:8e0d178b1d1e 5119 /* make sure Ed448 key can be used */
wolfSSL 16:8e0d178b1d1e 5120 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 16:8e0d178b1d1e 5121 ed448_key* key = NULL;
wolfSSL 16:8e0d178b1d1e 5122 #else
wolfSSL 16:8e0d178b1d1e 5123 ed448_key key[1];
wolfSSL 16:8e0d178b1d1e 5124 #endif
wolfSSL 16:8e0d178b1d1e 5125
wolfSSL 16:8e0d178b1d1e 5126 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 16:8e0d178b1d1e 5127 key = (ed448_key*)XMALLOC(sizeof(ed448_key), heap, DYNAMIC_TYPE_ED448);
wolfSSL 16:8e0d178b1d1e 5128 if (key == NULL)
wolfSSL 16:8e0d178b1d1e 5129 return MEMORY_E;
wolfSSL 16:8e0d178b1d1e 5130 #endif
wolfSSL 16:8e0d178b1d1e 5131
wolfSSL 16:8e0d178b1d1e 5132 ret = wc_ed448_init(key);
wolfSSL 16:8e0d178b1d1e 5133 if (ret == 0) {
wolfSSL 16:8e0d178b1d1e 5134 *idx = 0;
wolfSSL 16:8e0d178b1d1e 5135 if (wc_Ed448PrivateKeyDecode(der->buffer, idx, key,
wolfSSL 16:8e0d178b1d1e 5136 der->length) != 0) {
wolfSSL 16:8e0d178b1d1e 5137 ret = WOLFSSL_BAD_FILE;
wolfSSL 16:8e0d178b1d1e 5138 }
wolfSSL 16:8e0d178b1d1e 5139
wolfSSL 16:8e0d178b1d1e 5140 if (ret == 0) {
wolfSSL 16:8e0d178b1d1e 5141 /* check for minimum key size and then free */
wolfSSL 16:8e0d178b1d1e 5142 int minKeySz = ssl ? ssl->options.minEccKeySz :
wolfSSL 16:8e0d178b1d1e 5143 ctx->minEccKeySz;
wolfSSL 16:8e0d178b1d1e 5144 *keySz = ED448_KEY_SIZE;
wolfSSL 16:8e0d178b1d1e 5145 if (*keySz < minKeySz) {
wolfSSL 16:8e0d178b1d1e 5146 WOLFSSL_MSG("ED448 private key too small");
wolfSSL 16:8e0d178b1d1e 5147 ret = ECC_KEY_SIZE_E;
wolfSSL 16:8e0d178b1d1e 5148 }
wolfSSL 16:8e0d178b1d1e 5149 }
wolfSSL 16:8e0d178b1d1e 5150 if (ret == 0) {
wolfSSL 16:8e0d178b1d1e 5151 if (ssl) {
wolfSSL 16:8e0d178b1d1e 5152 ssl->buffers.keyType = ed448_sa_algo;
wolfSSL 16:8e0d178b1d1e 5153 ssl->buffers.keySz = *keySz;
wolfSSL 16:8e0d178b1d1e 5154 }
wolfSSL 16:8e0d178b1d1e 5155 else if (ctx) {
wolfSSL 16:8e0d178b1d1e 5156 ctx->privateKeyType = ed448_sa_algo;
wolfSSL 16:8e0d178b1d1e 5157 ctx->privateKeySz = *keySz;
wolfSSL 16:8e0d178b1d1e 5158 }
wolfSSL 16:8e0d178b1d1e 5159
wolfSSL 16:8e0d178b1d1e 5160 *keyFormat = ED448k;
wolfSSL 16:8e0d178b1d1e 5161 if (ssl && ssl->options.side == WOLFSSL_SERVER_END) {
wolfSSL 16:8e0d178b1d1e 5162 *resetSuites = 1;
wolfSSL 16:8e0d178b1d1e 5163 }
wolfSSL 16:8e0d178b1d1e 5164 }
wolfSSL 16:8e0d178b1d1e 5165
wolfSSL 16:8e0d178b1d1e 5166 wc_ed448_free(key);
wolfSSL 16:8e0d178b1d1e 5167 }
wolfSSL 16:8e0d178b1d1e 5168
wolfSSL 16:8e0d178b1d1e 5169 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 16:8e0d178b1d1e 5170 XFREE(key, heap, DYNAMIC_TYPE_ED448);
wolfSSL 16:8e0d178b1d1e 5171 #endif
wolfSSL 16:8e0d178b1d1e 5172 }
wolfSSL 16:8e0d178b1d1e 5173 #endif /* HAVE_ED448 */
wolfSSL 16:8e0d178b1d1e 5174 return ret;
wolfSSL 16:8e0d178b1d1e 5175 }
wolfSSL 16:8e0d178b1d1e 5176
wolfSSL 15:117db924cf7c 5177 /* process the buffer buff, length sz, into ctx of format and type
wolfSSL 15:117db924cf7c 5178 used tracks bytes consumed, userChain specifies a user cert chain
wolfSSL 15:117db924cf7c 5179 to pass during the handshake */
wolfSSL 15:117db924cf7c 5180 int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
wolfSSL 15:117db924cf7c 5181 long sz, int format, int type, WOLFSSL* ssl,
wolfSSL 16:8e0d178b1d1e 5182 long* used, int userChain, int verify)
wolfSSL 15:117db924cf7c 5183 {
wolfSSL 15:117db924cf7c 5184 DerBuffer* der = NULL; /* holds DER or RAW (for NTRU) */
wolfSSL 15:117db924cf7c 5185 int ret = 0;
wolfSSL 16:8e0d178b1d1e 5186 int done = 0;
wolfSSL 16:8e0d178b1d1e 5187 int keyFormat = 0;
wolfSSL 15:117db924cf7c 5188 int resetSuites = 0;
wolfSSL 15:117db924cf7c 5189 void* heap = wolfSSL_CTX_GetHeap(ctx, ssl);
wolfSSL 15:117db924cf7c 5190 int devId = wolfSSL_CTX_GetDevId(ctx, ssl);
wolfSSL 16:8e0d178b1d1e 5191 word32 idx = 0;
wolfSSL 16:8e0d178b1d1e 5192 int keySz = 0;
wolfSSL 16:8e0d178b1d1e 5193 #if (defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_PWDBASED)) || \
wolfSSL 16:8e0d178b1d1e 5194 defined(HAVE_PKCS8)
wolfSSL 16:8e0d178b1d1e 5195 word32 algId = 0;
wolfSSL 16:8e0d178b1d1e 5196 #endif
wolfSSL 15:117db924cf7c 5197 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 5198 EncryptedInfo* info = NULL;
wolfSSL 15:117db924cf7c 5199 #else
wolfSSL 15:117db924cf7c 5200 EncryptedInfo info[1];
wolfSSL 15:117db924cf7c 5201 #endif
wolfSSL 15:117db924cf7c 5202
wolfSSL 15:117db924cf7c 5203 (void)devId;
wolfSSL 16:8e0d178b1d1e 5204 (void)idx;
wolfSSL 16:8e0d178b1d1e 5205 (void)keySz;
wolfSSL 15:117db924cf7c 5206
wolfSSL 15:117db924cf7c 5207 if (used)
wolfSSL 15:117db924cf7c 5208 *used = sz; /* used bytes default to sz, PEM chain may shorten*/
wolfSSL 15:117db924cf7c 5209
wolfSSL 15:117db924cf7c 5210 /* check args */
wolfSSL 15:117db924cf7c 5211 if (format != WOLFSSL_FILETYPE_ASN1 && format != WOLFSSL_FILETYPE_PEM
wolfSSL 15:117db924cf7c 5212 && format != WOLFSSL_FILETYPE_RAW)
wolfSSL 15:117db924cf7c 5213 return WOLFSSL_BAD_FILETYPE;
wolfSSL 15:117db924cf7c 5214
wolfSSL 15:117db924cf7c 5215 if (ctx == NULL && ssl == NULL)
wolfSSL 15:117db924cf7c 5216 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 5217
wolfSSL 15:117db924cf7c 5218 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 5219 info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), heap,
wolfSSL 15:117db924cf7c 5220 DYNAMIC_TYPE_ENCRYPTEDINFO);
wolfSSL 15:117db924cf7c 5221 if (info == NULL)
wolfSSL 15:117db924cf7c 5222 return MEMORY_E;
wolfSSL 15:117db924cf7c 5223 #endif
wolfSSL 15:117db924cf7c 5224
wolfSSL 15:117db924cf7c 5225 XMEMSET(info, 0, sizeof(EncryptedInfo));
wolfSSL 16:8e0d178b1d1e 5226 #if defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_PWDBASED)
wolfSSL 15:117db924cf7c 5227 if (ctx) {
wolfSSL 15:117db924cf7c 5228 info->passwd_cb = ctx->passwd_cb;
wolfSSL 15:117db924cf7c 5229 info->passwd_userdata = ctx->passwd_userdata;
wolfSSL 15:117db924cf7c 5230 }
wolfSSL 15:117db924cf7c 5231 #endif
wolfSSL 15:117db924cf7c 5232
wolfSSL 15:117db924cf7c 5233 if (format == WOLFSSL_FILETYPE_PEM) {
wolfSSL 15:117db924cf7c 5234 #ifdef WOLFSSL_PEM_TO_DER
wolfSSL 16:8e0d178b1d1e 5235 ret = PemToDer(buff, sz, type, &der, heap, info, &keyFormat);
wolfSSL 15:117db924cf7c 5236 #else
wolfSSL 15:117db924cf7c 5237 ret = NOT_COMPILED_IN;
wolfSSL 15:117db924cf7c 5238 #endif
wolfSSL 15:117db924cf7c 5239 }
wolfSSL 15:117db924cf7c 5240 else {
wolfSSL 15:117db924cf7c 5241 /* ASN1 (DER) or RAW (NTRU) */
wolfSSL 15:117db924cf7c 5242 int length = (int)sz;
wolfSSL 15:117db924cf7c 5243 if (format == WOLFSSL_FILETYPE_ASN1) {
wolfSSL 16:8e0d178b1d1e 5244 /* get length of der (read sequence or octet string) */
wolfSSL 15:117db924cf7c 5245 word32 inOutIdx = 0;
wolfSSL 16:8e0d178b1d1e 5246 if (GetSequence(buff, &inOutIdx, &length, (word32)sz) >= 0) {
wolfSSL 16:8e0d178b1d1e 5247 length += inOutIdx; /* include leading sequence */
wolfSSL 16:8e0d178b1d1e 5248 }
wolfSSL 16:8e0d178b1d1e 5249 /* get length using octect string (allowed for private key types) */
wolfSSL 16:8e0d178b1d1e 5250 else if (type == PRIVATEKEY_TYPE &&
wolfSSL 16:8e0d178b1d1e 5251 GetOctetString(buff, &inOutIdx, &length, (word32)sz) >= 0) {
wolfSSL 16:8e0d178b1d1e 5252 length += inOutIdx; /* include leading oct string */
wolfSSL 16:8e0d178b1d1e 5253 }
wolfSSL 16:8e0d178b1d1e 5254 else {
wolfSSL 15:117db924cf7c 5255 ret = ASN_PARSE_E;
wolfSSL 15:117db924cf7c 5256 }
wolfSSL 15:117db924cf7c 5257 }
wolfSSL 15:117db924cf7c 5258
wolfSSL 15:117db924cf7c 5259 info->consumed = length;
wolfSSL 15:117db924cf7c 5260
wolfSSL 15:117db924cf7c 5261 if (ret == 0) {
wolfSSL 15:117db924cf7c 5262 ret = AllocDer(&der, (word32)length, type, heap);
wolfSSL 15:117db924cf7c 5263 if (ret == 0) {
wolfSSL 15:117db924cf7c 5264 XMEMCPY(der->buffer, buff, length);
wolfSSL 15:117db924cf7c 5265 }
wolfSSL 16:8e0d178b1d1e 5266
wolfSSL 16:8e0d178b1d1e 5267 #ifdef HAVE_PKCS8
wolfSSL 16:8e0d178b1d1e 5268 /* if private key try and remove PKCS8 header */
wolfSSL 16:8e0d178b1d1e 5269 if (type == PRIVATEKEY_TYPE) {
wolfSSL 16:8e0d178b1d1e 5270 if ((ret = ToTraditional_ex(der->buffer, der->length, &algId)) > 0) {
wolfSSL 16:8e0d178b1d1e 5271 /* Found PKCS8 header */
wolfSSL 16:8e0d178b1d1e 5272 /* ToTraditional_ex moves buff and returns adjusted length */
wolfSSL 16:8e0d178b1d1e 5273 der->length = ret;
wolfSSL 16:8e0d178b1d1e 5274 }
wolfSSL 16:8e0d178b1d1e 5275 ret = 0; /* failures should be ignored */
wolfSSL 16:8e0d178b1d1e 5276 }
wolfSSL 16:8e0d178b1d1e 5277 #endif
wolfSSL 15:117db924cf7c 5278 }
wolfSSL 15:117db924cf7c 5279 }
wolfSSL 15:117db924cf7c 5280
wolfSSL 15:117db924cf7c 5281 if (used) {
wolfSSL 15:117db924cf7c 5282 *used = info->consumed;
wolfSSL 15:117db924cf7c 5283 }
wolfSSL 15:117db924cf7c 5284
wolfSSL 15:117db924cf7c 5285 /* process user chain */
wolfSSL 15:117db924cf7c 5286 if (ret >= 0) {
wolfSSL 16:8e0d178b1d1e 5287 /* Chain should have server cert first, then intermediates, then root.
wolfSSL 16:8e0d178b1d1e 5288 * First certificate in chain is processed below after ProcessUserChain
wolfSSL 16:8e0d178b1d1e 5289 * and is loaded into ssl->buffers.certificate.
wolfSSL 16:8e0d178b1d1e 5290 * Remainder are processed using ProcessUserChain and are loaded into
wolfSSL 16:8e0d178b1d1e 5291 * ssl->buffers.certChain. */
wolfSSL 15:117db924cf7c 5292 if (userChain) {
wolfSSL 16:8e0d178b1d1e 5293 ret = ProcessUserChain(ctx, buff, sz, format, type, ssl, used, info,
wolfSSL 16:8e0d178b1d1e 5294 verify);
wolfSSL 16:8e0d178b1d1e 5295 }
wolfSSL 16:8e0d178b1d1e 5296 }
wolfSSL 16:8e0d178b1d1e 5297
wolfSSL 16:8e0d178b1d1e 5298 /* info is only used for private key with DER or PEM, so free now */
wolfSSL 16:8e0d178b1d1e 5299 if (ret < 0 || type != PRIVATEKEY_TYPE || format == WOLFSSL_FILETYPE_RAW) {
wolfSSL 16:8e0d178b1d1e 5300 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 16:8e0d178b1d1e 5301 XFREE(info, heap, DYNAMIC_TYPE_ENCRYPTEDINFO);
wolfSSL 16:8e0d178b1d1e 5302 #endif
wolfSSL 16:8e0d178b1d1e 5303 }
wolfSSL 15:117db924cf7c 5304
wolfSSL 15:117db924cf7c 5305 /* check for error */
wolfSSL 15:117db924cf7c 5306 if (ret < 0) {
wolfSSL 15:117db924cf7c 5307 FreeDer(&der);
wolfSSL 16:8e0d178b1d1e 5308 done = 1;
wolfSSL 16:8e0d178b1d1e 5309 }
wolfSSL 16:8e0d178b1d1e 5310
wolfSSL 16:8e0d178b1d1e 5311 if (done == 1) {
wolfSSL 16:8e0d178b1d1e 5312 /* No operation, just skip the next section */
wolfSSL 16:8e0d178b1d1e 5313 }
wolfSSL 15:117db924cf7c 5314 /* Handle DER owner */
wolfSSL 16:8e0d178b1d1e 5315 else if (type == CA_TYPE) {
wolfSSL 15:117db924cf7c 5316 if (ctx == NULL) {
wolfSSL 15:117db924cf7c 5317 WOLFSSL_MSG("Need context for CA load");
wolfSSL 15:117db924cf7c 5318 FreeDer(&der);
wolfSSL 15:117db924cf7c 5319 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 5320 }
wolfSSL 15:117db924cf7c 5321 /* verify CA unless user set to no verify */
wolfSSL 16:8e0d178b1d1e 5322 ret = AddCA(ctx->cm, &der, WOLFSSL_USER_CA, verify);
wolfSSL 16:8e0d178b1d1e 5323 done = 1;
wolfSSL 15:117db924cf7c 5324 }
wolfSSL 15:117db924cf7c 5325 #ifdef WOLFSSL_TRUST_PEER_CERT
wolfSSL 15:117db924cf7c 5326 else if (type == TRUSTED_PEER_TYPE) {
wolfSSL 15:117db924cf7c 5327 if (ctx == NULL) {
wolfSSL 15:117db924cf7c 5328 WOLFSSL_MSG("Need context for trusted peer cert load");
wolfSSL 15:117db924cf7c 5329 FreeDer(&der);
wolfSSL 15:117db924cf7c 5330 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 5331 }
wolfSSL 15:117db924cf7c 5332 /* add trusted peer cert */
wolfSSL 16:8e0d178b1d1e 5333 ret = AddTrustedPeer(ctx->cm, &der, !ctx->verifyNone);
wolfSSL 16:8e0d178b1d1e 5334 done = 1;
wolfSSL 15:117db924cf7c 5335 }
wolfSSL 15:117db924cf7c 5336 #endif /* WOLFSSL_TRUST_PEER_CERT */
wolfSSL 15:117db924cf7c 5337 else if (type == CERT_TYPE) {
wolfSSL 15:117db924cf7c 5338 if (ssl) {
wolfSSL 15:117db924cf7c 5339 /* Make sure previous is free'd */
wolfSSL 15:117db924cf7c 5340 if (ssl->buffers.weOwnCert) {
wolfSSL 15:117db924cf7c 5341 FreeDer(&ssl->buffers.certificate);
wolfSSL 15:117db924cf7c 5342 #ifdef KEEP_OUR_CERT
wolfSSL 15:117db924cf7c 5343 FreeX509(ssl->ourCert);
wolfSSL 15:117db924cf7c 5344 if (ssl->ourCert) {
wolfSSL 15:117db924cf7c 5345 XFREE(ssl->ourCert, ssl->heap, DYNAMIC_TYPE_X509);
wolfSSL 15:117db924cf7c 5346 ssl->ourCert = NULL;
wolfSSL 15:117db924cf7c 5347 }
wolfSSL 15:117db924cf7c 5348 #endif
wolfSSL 15:117db924cf7c 5349 }
wolfSSL 15:117db924cf7c 5350 ssl->buffers.certificate = der;
wolfSSL 15:117db924cf7c 5351 #ifdef KEEP_OUR_CERT
wolfSSL 15:117db924cf7c 5352 ssl->keepCert = 1; /* hold cert for ssl lifetime */
wolfSSL 15:117db924cf7c 5353 #endif
wolfSSL 15:117db924cf7c 5354 ssl->buffers.weOwnCert = 1;
wolfSSL 15:117db924cf7c 5355 }
wolfSSL 15:117db924cf7c 5356 else if (ctx) {
wolfSSL 15:117db924cf7c 5357 FreeDer(&ctx->certificate); /* Make sure previous is free'd */
wolfSSL 15:117db924cf7c 5358 #ifdef KEEP_OUR_CERT
wolfSSL 15:117db924cf7c 5359 if (ctx->ourCert) {
wolfSSL 15:117db924cf7c 5360 if (ctx->ownOurCert) {
wolfSSL 15:117db924cf7c 5361 FreeX509(ctx->ourCert);
wolfSSL 15:117db924cf7c 5362 XFREE(ctx->ourCert, ctx->heap, DYNAMIC_TYPE_X509);
wolfSSL 15:117db924cf7c 5363 }
wolfSSL 15:117db924cf7c 5364 ctx->ourCert = NULL;
wolfSSL 15:117db924cf7c 5365 }
wolfSSL 15:117db924cf7c 5366 #endif
wolfSSL 15:117db924cf7c 5367 ctx->certificate = der;
wolfSSL 15:117db924cf7c 5368 }
wolfSSL 15:117db924cf7c 5369 }
wolfSSL 15:117db924cf7c 5370 else if (type == PRIVATEKEY_TYPE) {
wolfSSL 15:117db924cf7c 5371 if (ssl) {
wolfSSL 15:117db924cf7c 5372 /* Make sure previous is free'd */
wolfSSL 15:117db924cf7c 5373 if (ssl->buffers.weOwnKey) {
wolfSSL 15:117db924cf7c 5374 FreeDer(&ssl->buffers.key);
wolfSSL 15:117db924cf7c 5375 }
wolfSSL 15:117db924cf7c 5376 ssl->buffers.key = der;
wolfSSL 15:117db924cf7c 5377 ssl->buffers.weOwnKey = 1;
wolfSSL 15:117db924cf7c 5378 }
wolfSSL 15:117db924cf7c 5379 else if (ctx) {
wolfSSL 15:117db924cf7c 5380 FreeDer(&ctx->privateKey);
wolfSSL 15:117db924cf7c 5381 ctx->privateKey = der;
wolfSSL 15:117db924cf7c 5382 }
wolfSSL 15:117db924cf7c 5383 }
wolfSSL 15:117db924cf7c 5384 else {
wolfSSL 15:117db924cf7c 5385 FreeDer(&der);
wolfSSL 15:117db924cf7c 5386 return WOLFSSL_BAD_CERTTYPE;
wolfSSL 15:117db924cf7c 5387 }
wolfSSL 15:117db924cf7c 5388
wolfSSL 16:8e0d178b1d1e 5389 if (done == 1) {
wolfSSL 16:8e0d178b1d1e 5390 /* No operation, just skip the next section */
wolfSSL 16:8e0d178b1d1e 5391 }
wolfSSL 16:8e0d178b1d1e 5392 else if (type == PRIVATEKEY_TYPE && format != WOLFSSL_FILETYPE_RAW) {
wolfSSL 16:8e0d178b1d1e 5393 #if defined(WOLFSSL_ENCRYPTED_KEYS) || defined(HAVE_PKCS8)
wolfSSL 16:8e0d178b1d1e 5394 keyFormat = algId;
wolfSSL 16:8e0d178b1d1e 5395 #endif
wolfSSL 16:8e0d178b1d1e 5396
wolfSSL 16:8e0d178b1d1e 5397 ret = ProcessBufferTryDecode(ctx, ssl, der, &keySz, &idx, &resetSuites,
wolfSSL 16:8e0d178b1d1e 5398 &keyFormat, heap, devId);
wolfSSL 16:8e0d178b1d1e 5399
wolfSSL 16:8e0d178b1d1e 5400 #if defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_PWDBASED)
wolfSSL 16:8e0d178b1d1e 5401 /* for WOLFSSL_FILETYPE_PEM, PemToDer manages the decryption */
wolfSSL 16:8e0d178b1d1e 5402 /* If private key type PKCS8 header wasn't already removed (algoId == 0) */
wolfSSL 16:8e0d178b1d1e 5403 if ((ret != 0 || keyFormat == 0)
wolfSSL 16:8e0d178b1d1e 5404 && format != WOLFSSL_FILETYPE_PEM && info->passwd_cb && algId == 0)
wolfSSL 16:8e0d178b1d1e 5405 {
wolfSSL 16:8e0d178b1d1e 5406 int passwordSz = NAME_SZ;
wolfSSL 16:8e0d178b1d1e 5407 #ifndef WOLFSSL_SMALL_STACK
wolfSSL 16:8e0d178b1d1e 5408 char password[NAME_SZ];
wolfSSL 15:117db924cf7c 5409 #else
wolfSSL 16:8e0d178b1d1e 5410 char* password = (char*)XMALLOC(passwordSz, heap, DYNAMIC_TYPE_STRING);
wolfSSL 16:8e0d178b1d1e 5411 if (password == NULL) {
wolfSSL 16:8e0d178b1d1e 5412 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 16:8e0d178b1d1e 5413 XFREE(info, heap, DYNAMIC_TYPE_ENCRYPTEDINFO);
wolfSSL 16:8e0d178b1d1e 5414 #endif
wolfSSL 16:8e0d178b1d1e 5415 FreeDer(&der);
wolfSSL 15:117db924cf7c 5416 return MEMORY_E;
wolfSSL 16:8e0d178b1d1e 5417 }
wolfSSL 16:8e0d178b1d1e 5418 #endif
wolfSSL 16:8e0d178b1d1e 5419 /* get password */
wolfSSL 16:8e0d178b1d1e 5420 ret = info->passwd_cb(password, passwordSz, PEM_PASS_READ,
wolfSSL 16:8e0d178b1d1e 5421 info->passwd_userdata);
wolfSSL 16:8e0d178b1d1e 5422 if (ret >= 0) {
wolfSSL 16:8e0d178b1d1e 5423 passwordSz = ret;
wolfSSL 16:8e0d178b1d1e 5424
wolfSSL 16:8e0d178b1d1e 5425 /* PKCS8 decrypt */
wolfSSL 16:8e0d178b1d1e 5426 ret = ToTraditionalEnc(der->buffer, der->length,
wolfSSL 16:8e0d178b1d1e 5427 password, passwordSz, &algId);
wolfSSL 16:8e0d178b1d1e 5428 if (ret >= 0) {
wolfSSL 16:8e0d178b1d1e 5429 der->length = ret;
wolfSSL 16:8e0d178b1d1e 5430 }
wolfSSL 16:8e0d178b1d1e 5431 /* ignore failures and try parsing as unencrypted */
wolfSSL 16:8e0d178b1d1e 5432
wolfSSL 16:8e0d178b1d1e 5433 ForceZero(password, passwordSz);
wolfSSL 15:117db924cf7c 5434 }
wolfSSL 15:117db924cf7c 5435
wolfSSL 15:117db924cf7c 5436 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 16:8e0d178b1d1e 5437 XFREE(password, heap, DYNAMIC_TYPE_STRING);
wolfSSL 16:8e0d178b1d1e 5438 #endif
wolfSSL 16:8e0d178b1d1e 5439 ret = ProcessBufferTryDecode(ctx, ssl, der, &keySz, &idx,
wolfSSL 16:8e0d178b1d1e 5440 &resetSuites, &keyFormat, heap, devId);
wolfSSL 16:8e0d178b1d1e 5441 }
wolfSSL 16:8e0d178b1d1e 5442 #endif /* WOLFSSL_ENCRYPTED_KEYS && !NO_PWDBASED */
wolfSSL 16:8e0d178b1d1e 5443
wolfSSL 16:8e0d178b1d1e 5444 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 16:8e0d178b1d1e 5445 XFREE(info, heap, DYNAMIC_TYPE_ENCRYPTEDINFO);
wolfSSL 16:8e0d178b1d1e 5446 #endif
wolfSSL 16:8e0d178b1d1e 5447
wolfSSL 16:8e0d178b1d1e 5448 if (ret != 0)
wolfSSL 16:8e0d178b1d1e 5449 return ret;
wolfSSL 16:8e0d178b1d1e 5450 if (keyFormat == 0)
wolfSSL 15:117db924cf7c 5451 return WOLFSSL_BAD_FILE;
wolfSSL 16:8e0d178b1d1e 5452
wolfSSL 15:117db924cf7c 5453 (void)devId;
wolfSSL 15:117db924cf7c 5454 }
wolfSSL 15:117db924cf7c 5455 else if (type == CERT_TYPE) {
wolfSSL 15:117db924cf7c 5456 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 16:8e0d178b1d1e 5457 DecodedCert* cert;
wolfSSL 15:117db924cf7c 5458 #else
wolfSSL 15:117db924cf7c 5459 DecodedCert cert[1];
wolfSSL 15:117db924cf7c 5460 #endif
wolfSSL 15:117db924cf7c 5461 #ifdef HAVE_PK_CALLBACKS
wolfSSL 16:8e0d178b1d1e 5462 int keyType = 0;
wolfSSL 15:117db924cf7c 5463 #endif
wolfSSL 15:117db924cf7c 5464
wolfSSL 15:117db924cf7c 5465 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 5466 cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), heap,
wolfSSL 15:117db924cf7c 5467 DYNAMIC_TYPE_DCERT);
wolfSSL 15:117db924cf7c 5468 if (cert == NULL)
wolfSSL 15:117db924cf7c 5469 return MEMORY_E;
wolfSSL 15:117db924cf7c 5470 #endif
wolfSSL 15:117db924cf7c 5471
wolfSSL 15:117db924cf7c 5472 WOLFSSL_MSG("Checking cert signature type");
wolfSSL 15:117db924cf7c 5473 InitDecodedCert(cert, der->buffer, der->length, heap);
wolfSSL 15:117db924cf7c 5474
wolfSSL 15:117db924cf7c 5475 if (DecodeToKey(cert, 0) < 0) {
wolfSSL 15:117db924cf7c 5476 WOLFSSL_MSG("Decode to key failed");
wolfSSL 15:117db924cf7c 5477 FreeDecodedCert(cert);
wolfSSL 15:117db924cf7c 5478 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 5479 XFREE(cert, heap, DYNAMIC_TYPE_DCERT);
wolfSSL 15:117db924cf7c 5480 #endif
wolfSSL 15:117db924cf7c 5481 return WOLFSSL_BAD_FILE;
wolfSSL 15:117db924cf7c 5482 }
wolfSSL 15:117db924cf7c 5483
wolfSSL 15:117db924cf7c 5484 if (ssl && ssl->options.side == WOLFSSL_SERVER_END) {
wolfSSL 15:117db924cf7c 5485 resetSuites = 1;
wolfSSL 15:117db924cf7c 5486 }
wolfSSL 15:117db924cf7c 5487 if (ssl && ssl->ctx->haveECDSAsig) {
wolfSSL 15:117db924cf7c 5488 WOLFSSL_MSG("SSL layer setting cert, CTX had ECDSA, turning off");
wolfSSL 15:117db924cf7c 5489 ssl->options.haveECDSAsig = 0; /* may turn back on next */
wolfSSL 15:117db924cf7c 5490 }
wolfSSL 15:117db924cf7c 5491
wolfSSL 15:117db924cf7c 5492 switch (cert->signatureOID) {
wolfSSL 15:117db924cf7c 5493 case CTC_SHAwECDSA:
wolfSSL 15:117db924cf7c 5494 case CTC_SHA256wECDSA:
wolfSSL 15:117db924cf7c 5495 case CTC_SHA384wECDSA:
wolfSSL 15:117db924cf7c 5496 case CTC_SHA512wECDSA:
wolfSSL 15:117db924cf7c 5497 WOLFSSL_MSG("ECDSA cert signature");
wolfSSL 15:117db924cf7c 5498 if (ssl)
wolfSSL 15:117db924cf7c 5499 ssl->options.haveECDSAsig = 1;
wolfSSL 15:117db924cf7c 5500 else if (ctx)
wolfSSL 15:117db924cf7c 5501 ctx->haveECDSAsig = 1;
wolfSSL 15:117db924cf7c 5502 break;
wolfSSL 15:117db924cf7c 5503 case CTC_ED25519:
wolfSSL 15:117db924cf7c 5504 WOLFSSL_MSG("ED25519 cert signature");
wolfSSL 15:117db924cf7c 5505 if (ssl)
wolfSSL 15:117db924cf7c 5506 ssl->options.haveECDSAsig = 1;
wolfSSL 15:117db924cf7c 5507 else if (ctx)
wolfSSL 15:117db924cf7c 5508 ctx->haveECDSAsig = 1;
wolfSSL 15:117db924cf7c 5509 break;
wolfSSL 16:8e0d178b1d1e 5510 case CTC_ED448:
wolfSSL 16:8e0d178b1d1e 5511 WOLFSSL_MSG("ED448 cert signature");
wolfSSL 16:8e0d178b1d1e 5512 if (ssl)
wolfSSL 16:8e0d178b1d1e 5513 ssl->options.haveECDSAsig = 1;
wolfSSL 16:8e0d178b1d1e 5514 else if (ctx)
wolfSSL 16:8e0d178b1d1e 5515 ctx->haveECDSAsig = 1;
wolfSSL 16:8e0d178b1d1e 5516 break;
wolfSSL 15:117db924cf7c 5517 default:
wolfSSL 15:117db924cf7c 5518 WOLFSSL_MSG("Not ECDSA cert signature");
wolfSSL 15:117db924cf7c 5519 break;
wolfSSL 15:117db924cf7c 5520 }
wolfSSL 15:117db924cf7c 5521
wolfSSL 16:8e0d178b1d1e 5522 #if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448)
wolfSSL 15:117db924cf7c 5523 if (ssl) {
wolfSSL 15:117db924cf7c 5524 ssl->pkCurveOID = cert->pkCurveOID;
wolfSSL 15:117db924cf7c 5525 #ifndef WC_STRICT_SIG
wolfSSL 15:117db924cf7c 5526 if (cert->keyOID == ECDSAk) {
wolfSSL 15:117db924cf7c 5527 ssl->options.haveECC = 1;
wolfSSL 15:117db924cf7c 5528 }
wolfSSL 15:117db924cf7c 5529 #ifdef HAVE_ED25519
wolfSSL 15:117db924cf7c 5530 else if (cert->keyOID == ED25519k) {
wolfSSL 15:117db924cf7c 5531 ssl->options.haveECC = 1;
wolfSSL 15:117db924cf7c 5532 }
wolfSSL 15:117db924cf7c 5533 #endif
wolfSSL 16:8e0d178b1d1e 5534 #ifdef HAVE_ED448
wolfSSL 16:8e0d178b1d1e 5535 else if (cert->keyOID == ED448k) {
wolfSSL 16:8e0d178b1d1e 5536 ssl->options.haveECC = 1;
wolfSSL 16:8e0d178b1d1e 5537 }
wolfSSL 16:8e0d178b1d1e 5538 #endif
wolfSSL 15:117db924cf7c 5539 #else
wolfSSL 15:117db924cf7c 5540 ssl->options.haveECC = ssl->options.haveECDSAsig;
wolfSSL 15:117db924cf7c 5541 #endif
wolfSSL 15:117db924cf7c 5542 }
wolfSSL 15:117db924cf7c 5543 else if (ctx) {
wolfSSL 15:117db924cf7c 5544 ctx->pkCurveOID = cert->pkCurveOID;
wolfSSL 15:117db924cf7c 5545 #ifndef WC_STRICT_SIG
wolfSSL 15:117db924cf7c 5546 if (cert->keyOID == ECDSAk) {
wolfSSL 15:117db924cf7c 5547 ctx->haveECC = 1;
wolfSSL 15:117db924cf7c 5548 }
wolfSSL 15:117db924cf7c 5549 #ifdef HAVE_ED25519
wolfSSL 15:117db924cf7c 5550 else if (cert->keyOID == ED25519k) {
wolfSSL 15:117db924cf7c 5551 ctx->haveECC = 1;
wolfSSL 15:117db924cf7c 5552 }
wolfSSL 15:117db924cf7c 5553 #endif
wolfSSL 16:8e0d178b1d1e 5554 #ifdef HAVE_ED448
wolfSSL 16:8e0d178b1d1e 5555 else if (cert->keyOID == ED448k) {
wolfSSL 16:8e0d178b1d1e 5556 ctx->haveECC = 1;
wolfSSL 16:8e0d178b1d1e 5557 }
wolfSSL 16:8e0d178b1d1e 5558 #endif
wolfSSL 15:117db924cf7c 5559 #else
wolfSSL 15:117db924cf7c 5560 ctx->haveECC = ctx->haveECDSAsig;
wolfSSL 15:117db924cf7c 5561 #endif
wolfSSL 15:117db924cf7c 5562 }
wolfSSL 15:117db924cf7c 5563 #endif
wolfSSL 15:117db924cf7c 5564
wolfSSL 15:117db924cf7c 5565 /* check key size of cert unless specified not to */
wolfSSL 15:117db924cf7c 5566 switch (cert->keyOID) {
wolfSSL 15:117db924cf7c 5567 #ifndef NO_RSA
wolfSSL 15:117db924cf7c 5568 case RSAk:
wolfSSL 16:8e0d178b1d1e 5569 #ifdef HAVE_PK_CALLBACKS
wolfSSL 16:8e0d178b1d1e 5570 keyType = rsa_sa_algo;
wolfSSL 16:8e0d178b1d1e 5571 #endif
wolfSSL 16:8e0d178b1d1e 5572 #ifdef HAVE_PKCS11
wolfSSL 16:8e0d178b1d1e 5573 if (ctx) {
wolfSSL 16:8e0d178b1d1e 5574 ctx->privateKeyType = rsa_sa_algo;
wolfSSL 16:8e0d178b1d1e 5575 }
wolfSSL 16:8e0d178b1d1e 5576 else {
wolfSSL 16:8e0d178b1d1e 5577 ssl->buffers.keyType = rsa_sa_algo;
wolfSSL 16:8e0d178b1d1e 5578 }
wolfSSL 16:8e0d178b1d1e 5579 #endif
wolfSSL 16:8e0d178b1d1e 5580 /* Determine RSA key size by parsing public key */
wolfSSL 16:8e0d178b1d1e 5581 idx = 0;
wolfSSL 16:8e0d178b1d1e 5582 ret = wc_RsaPublicKeyDecode_ex(cert->publicKey, &idx,
wolfSSL 16:8e0d178b1d1e 5583 cert->pubKeySize, NULL, (word32*)&keySz, NULL, NULL);
wolfSSL 16:8e0d178b1d1e 5584 if (ret < 0)
wolfSSL 16:8e0d178b1d1e 5585 break;
wolfSSL 16:8e0d178b1d1e 5586
wolfSSL 15:117db924cf7c 5587 if (ssl && !ssl->options.verifyNone) {
wolfSSL 15:117db924cf7c 5588 if (ssl->options.minRsaKeySz < 0 ||
wolfSSL 16:8e0d178b1d1e 5589 keySz < (int)ssl->options.minRsaKeySz) {
wolfSSL 15:117db924cf7c 5590 ret = RSA_KEY_SIZE_E;
wolfSSL 15:117db924cf7c 5591 WOLFSSL_MSG("Certificate RSA key size too small");
wolfSSL 15:117db924cf7c 5592 }
wolfSSL 15:117db924cf7c 5593 }
wolfSSL 15:117db924cf7c 5594 else if (ctx && !ctx->verifyNone) {
wolfSSL 15:117db924cf7c 5595 if (ctx->minRsaKeySz < 0 ||
wolfSSL 16:8e0d178b1d1e 5596 keySz < (int)ctx->minRsaKeySz) {
wolfSSL 15:117db924cf7c 5597 ret = RSA_KEY_SIZE_E;
wolfSSL 15:117db924cf7c 5598 WOLFSSL_MSG("Certificate RSA key size too small");
wolfSSL 15:117db924cf7c 5599 }
wolfSSL 15:117db924cf7c 5600 }
wolfSSL 15:117db924cf7c 5601 break;
wolfSSL 15:117db924cf7c 5602 #endif /* !NO_RSA */
wolfSSL 15:117db924cf7c 5603 #ifdef HAVE_ECC
wolfSSL 15:117db924cf7c 5604 case ECDSAk:
wolfSSL 16:8e0d178b1d1e 5605 #ifdef HAVE_PK_CALLBACKS
wolfSSL 16:8e0d178b1d1e 5606 keyType = ecc_dsa_sa_algo;
wolfSSL 16:8e0d178b1d1e 5607 #endif
wolfSSL 16:8e0d178b1d1e 5608 #ifdef HAVE_PKCS11
wolfSSL 16:8e0d178b1d1e 5609 if (ctx) {
wolfSSL 16:8e0d178b1d1e 5610 ctx->privateKeyType = ecc_dsa_sa_algo;
wolfSSL 16:8e0d178b1d1e 5611 }
wolfSSL 16:8e0d178b1d1e 5612 else {
wolfSSL 16:8e0d178b1d1e 5613 ssl->buffers.keyType = ecc_dsa_sa_algo;
wolfSSL 16:8e0d178b1d1e 5614 }
wolfSSL 16:8e0d178b1d1e 5615 #endif
wolfSSL 16:8e0d178b1d1e 5616 /* Determine ECC key size based on curve */
wolfSSL 16:8e0d178b1d1e 5617 keySz = wc_ecc_get_curve_size_from_id(
wolfSSL 16:8e0d178b1d1e 5618 wc_ecc_get_oid(cert->pkCurveOID, NULL, NULL));
wolfSSL 16:8e0d178b1d1e 5619
wolfSSL 15:117db924cf7c 5620 if (ssl && !ssl->options.verifyNone) {
wolfSSL 15:117db924cf7c 5621 if (ssl->options.minEccKeySz < 0 ||
wolfSSL 16:8e0d178b1d1e 5622 keySz < (int)ssl->options.minEccKeySz) {
wolfSSL 15:117db924cf7c 5623 ret = ECC_KEY_SIZE_E;
wolfSSL 15:117db924cf7c 5624 WOLFSSL_MSG("Certificate ECC key size error");
wolfSSL 15:117db924cf7c 5625 }
wolfSSL 15:117db924cf7c 5626 }
wolfSSL 15:117db924cf7c 5627 else if (ctx && !ctx->verifyNone) {
wolfSSL 15:117db924cf7c 5628 if (ctx->minEccKeySz < 0 ||
wolfSSL 16:8e0d178b1d1e 5629 keySz < (int)ctx->minEccKeySz) {
wolfSSL 15:117db924cf7c 5630 ret = ECC_KEY_SIZE_E;
wolfSSL 15:117db924cf7c 5631 WOLFSSL_MSG("Certificate ECC key size error");
wolfSSL 15:117db924cf7c 5632 }
wolfSSL 15:117db924cf7c 5633 }
wolfSSL 15:117db924cf7c 5634 break;
wolfSSL 15:117db924cf7c 5635 #endif /* HAVE_ECC */
wolfSSL 15:117db924cf7c 5636 #ifdef HAVE_ED25519
wolfSSL 15:117db924cf7c 5637 case ED25519k:
wolfSSL 16:8e0d178b1d1e 5638 #ifdef HAVE_PK_CALLBACKS
wolfSSL 16:8e0d178b1d1e 5639 keyType = ed25519_sa_algo;
wolfSSL 16:8e0d178b1d1e 5640 #endif
wolfSSL 16:8e0d178b1d1e 5641 #ifdef HAVE_PKCS11
wolfSSL 16:8e0d178b1d1e 5642 if (ctx) {
wolfSSL 16:8e0d178b1d1e 5643 ctx->privateKeyType = ed25519_sa_algo;
wolfSSL 16:8e0d178b1d1e 5644 }
wolfSSL 16:8e0d178b1d1e 5645 else {
wolfSSL 16:8e0d178b1d1e 5646 ssl->buffers.keyType = ed25519_sa_algo;
wolfSSL 16:8e0d178b1d1e 5647 }
wolfSSL 16:8e0d178b1d1e 5648 #endif
wolfSSL 16:8e0d178b1d1e 5649 /* ED25519 is fixed key size */
wolfSSL 16:8e0d178b1d1e 5650 keySz = ED25519_KEY_SIZE;
wolfSSL 15:117db924cf7c 5651 if (ssl && !ssl->options.verifyNone) {
wolfSSL 15:117db924cf7c 5652 if (ssl->options.minEccKeySz < 0 ||
wolfSSL 16:8e0d178b1d1e 5653 keySz < (int)ssl->options.minEccKeySz) {
wolfSSL 15:117db924cf7c 5654 ret = ECC_KEY_SIZE_E;
wolfSSL 15:117db924cf7c 5655 WOLFSSL_MSG("Certificate Ed key size error");
wolfSSL 15:117db924cf7c 5656 }
wolfSSL 15:117db924cf7c 5657 }
wolfSSL 15:117db924cf7c 5658 else if (ctx && !ctx->verifyNone) {
wolfSSL 15:117db924cf7c 5659 if (ctx->minEccKeySz < 0 ||
wolfSSL 16:8e0d178b1d1e 5660 keySz < (int)ctx->minEccKeySz) {
wolfSSL 15:117db924cf7c 5661 ret = ECC_KEY_SIZE_E;
wolfSSL 15:117db924cf7c 5662 WOLFSSL_MSG("Certificate ECC key size error");
wolfSSL 15:117db924cf7c 5663 }
wolfSSL 15:117db924cf7c 5664 }
wolfSSL 15:117db924cf7c 5665 break;
wolfSSL 15:117db924cf7c 5666 #endif /* HAVE_ED25519 */
wolfSSL 16:8e0d178b1d1e 5667 #ifdef HAVE_ED448
wolfSSL 16:8e0d178b1d1e 5668 case ED448k:
wolfSSL 16:8e0d178b1d1e 5669 #ifdef HAVE_PK_CALLBACKS
wolfSSL 16:8e0d178b1d1e 5670 keyType = ed448_sa_algo;
wolfSSL 16:8e0d178b1d1e 5671 #endif
wolfSSL 16:8e0d178b1d1e 5672 #ifdef HAVE_PKCS11
wolfSSL 16:8e0d178b1d1e 5673 if (ctx) {
wolfSSL 16:8e0d178b1d1e 5674 ctx->privateKeyType = ed448_sa_algo;
wolfSSL 16:8e0d178b1d1e 5675 }
wolfSSL 16:8e0d178b1d1e 5676 else {
wolfSSL 16:8e0d178b1d1e 5677 ssl->buffers.keyType = ed448_sa_algo;
wolfSSL 16:8e0d178b1d1e 5678 }
wolfSSL 16:8e0d178b1d1e 5679 #endif
wolfSSL 16:8e0d178b1d1e 5680 /* ED448 is fixed key size */
wolfSSL 16:8e0d178b1d1e 5681 keySz = ED448_KEY_SIZE;
wolfSSL 16:8e0d178b1d1e 5682 if (ssl && !ssl->options.verifyNone) {
wolfSSL 16:8e0d178b1d1e 5683 if (ssl->options.minEccKeySz < 0 ||
wolfSSL 16:8e0d178b1d1e 5684 keySz < (int)ssl->options.minEccKeySz) {
wolfSSL 16:8e0d178b1d1e 5685 ret = ECC_KEY_SIZE_E;
wolfSSL 16:8e0d178b1d1e 5686 WOLFSSL_MSG("Certificate Ed key size error");
wolfSSL 16:8e0d178b1d1e 5687 }
wolfSSL 16:8e0d178b1d1e 5688 }
wolfSSL 16:8e0d178b1d1e 5689 else if (ctx && !ctx->verifyNone) {
wolfSSL 16:8e0d178b1d1e 5690 if (ctx->minEccKeySz < 0 ||
wolfSSL 16:8e0d178b1d1e 5691 keySz < (int)ctx->minEccKeySz) {
wolfSSL 16:8e0d178b1d1e 5692 ret = ECC_KEY_SIZE_E;
wolfSSL 16:8e0d178b1d1e 5693 WOLFSSL_MSG("Certificate ECC key size error");
wolfSSL 16:8e0d178b1d1e 5694 }
wolfSSL 16:8e0d178b1d1e 5695 }
wolfSSL 16:8e0d178b1d1e 5696 break;
wolfSSL 16:8e0d178b1d1e 5697 #endif /* HAVE_ED448 */
wolfSSL 15:117db924cf7c 5698
wolfSSL 15:117db924cf7c 5699 default:
wolfSSL 15:117db924cf7c 5700 WOLFSSL_MSG("No key size check done on certificate");
wolfSSL 15:117db924cf7c 5701 break; /* do no check if not a case for the key */
wolfSSL 15:117db924cf7c 5702 }
wolfSSL 15:117db924cf7c 5703
wolfSSL 15:117db924cf7c 5704 #ifdef HAVE_PK_CALLBACKS
wolfSSL 15:117db924cf7c 5705 if (ssl && ssl->buffers.keyType == 0) {
wolfSSL 15:117db924cf7c 5706 ssl->buffers.keyType = keyType;
wolfSSL 15:117db924cf7c 5707 ssl->buffers.keySz = keySz;
wolfSSL 15:117db924cf7c 5708 }
wolfSSL 15:117db924cf7c 5709 else if (ctx && ctx->privateKeyType == 0) {
wolfSSL 15:117db924cf7c 5710 ctx->privateKeyType = keyType;
wolfSSL 15:117db924cf7c 5711 ctx->privateKeySz = keySz;
wolfSSL 15:117db924cf7c 5712 }
wolfSSL 15:117db924cf7c 5713 #endif
wolfSSL 15:117db924cf7c 5714
wolfSSL 15:117db924cf7c 5715 FreeDecodedCert(cert);
wolfSSL 15:117db924cf7c 5716 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 5717 XFREE(cert, heap, DYNAMIC_TYPE_DCERT);
wolfSSL 15:117db924cf7c 5718 #endif
wolfSSL 15:117db924cf7c 5719
wolfSSL 15:117db924cf7c 5720 if (ret != 0) {
wolfSSL 16:8e0d178b1d1e 5721 done = 1;
wolfSSL 16:8e0d178b1d1e 5722 }
wolfSSL 16:8e0d178b1d1e 5723 }
wolfSSL 16:8e0d178b1d1e 5724
wolfSSL 16:8e0d178b1d1e 5725 if (done == 1) {
wolfSSL 16:8e0d178b1d1e 5726 #ifndef NO_WOLFSSL_CM_VERIFY
wolfSSL 16:8e0d178b1d1e 5727 if ((type == CA_TYPE) || (type == CERT_TYPE)) {
wolfSSL 16:8e0d178b1d1e 5728 /* Call to over-ride status */
wolfSSL 16:8e0d178b1d1e 5729 if ((ctx != NULL) && (ctx->cm != NULL) &&
wolfSSL 16:8e0d178b1d1e 5730 (ctx->cm->verifyCallback != NULL)) {
wolfSSL 16:8e0d178b1d1e 5731 ret = CM_VerifyBuffer_ex(ctx->cm, buff,
wolfSSL 16:8e0d178b1d1e 5732 sz, format, (ret == WOLFSSL_SUCCESS ? 0 : ret));
wolfSSL 16:8e0d178b1d1e 5733 }
wolfSSL 16:8e0d178b1d1e 5734 }
wolfSSL 16:8e0d178b1d1e 5735 #endif /* NO_WOLFSSL_CM_VERIFY */
wolfSSL 16:8e0d178b1d1e 5736
wolfSSL 16:8e0d178b1d1e 5737 return ret;
wolfSSL 16:8e0d178b1d1e 5738 }
wolfSSL 16:8e0d178b1d1e 5739
wolfSSL 15:117db924cf7c 5740
wolfSSL 15:117db924cf7c 5741 if (ssl && resetSuites) {
wolfSSL 15:117db924cf7c 5742 word16 havePSK = 0;
wolfSSL 15:117db924cf7c 5743 word16 haveRSA = 0;
wolfSSL 15:117db924cf7c 5744
wolfSSL 15:117db924cf7c 5745 #ifndef NO_PSK
wolfSSL 15:117db924cf7c 5746 if (ssl->options.havePSK) {
wolfSSL 15:117db924cf7c 5747 havePSK = 1;
wolfSSL 15:117db924cf7c 5748 }
wolfSSL 15:117db924cf7c 5749 #endif
wolfSSL 15:117db924cf7c 5750 #ifndef NO_RSA
wolfSSL 15:117db924cf7c 5751 haveRSA = 1;
wolfSSL 15:117db924cf7c 5752 #endif
wolfSSL 15:117db924cf7c 5753 #ifndef NO_CERTS
wolfSSL 15:117db924cf7c 5754 keySz = ssl->buffers.keySz;
wolfSSL 15:117db924cf7c 5755 #endif
wolfSSL 15:117db924cf7c 5756
wolfSSL 15:117db924cf7c 5757 /* let's reset suites */
wolfSSL 15:117db924cf7c 5758 InitSuites(ssl->suites, ssl->version, keySz, haveRSA,
wolfSSL 15:117db924cf7c 5759 havePSK, ssl->options.haveDH, ssl->options.haveNTRU,
wolfSSL 15:117db924cf7c 5760 ssl->options.haveECDSAsig, ssl->options.haveECC,
wolfSSL 15:117db924cf7c 5761 ssl->options.haveStaticECC, ssl->options.side);
wolfSSL 15:117db924cf7c 5762 }
wolfSSL 15:117db924cf7c 5763
wolfSSL 15:117db924cf7c 5764 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 5765 }
wolfSSL 15:117db924cf7c 5766
wolfSSL 15:117db924cf7c 5767
wolfSSL 15:117db924cf7c 5768 /* CA PEM file for verification, may have multiple/chain certs to process */
wolfSSL 15:117db924cf7c 5769 static int ProcessChainBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
wolfSSL 16:8e0d178b1d1e 5770 long sz, int format, int type, WOLFSSL* ssl, int verify)
wolfSSL 15:117db924cf7c 5771 {
wolfSSL 15:117db924cf7c 5772 long used = 0;
wolfSSL 15:117db924cf7c 5773 int ret = 0;
wolfSSL 15:117db924cf7c 5774 int gotOne = 0;
wolfSSL 15:117db924cf7c 5775
wolfSSL 15:117db924cf7c 5776 WOLFSSL_MSG("Processing CA PEM file");
wolfSSL 15:117db924cf7c 5777 while (used < sz) {
wolfSSL 15:117db924cf7c 5778 long consumed = 0;
wolfSSL 15:117db924cf7c 5779
wolfSSL 15:117db924cf7c 5780 ret = ProcessBuffer(ctx, buff + used, sz - used, format, type, ssl,
wolfSSL 16:8e0d178b1d1e 5781 &consumed, 0, verify);
wolfSSL 16:8e0d178b1d1e 5782
wolfSSL 15:117db924cf7c 5783 if (ret < 0) {
wolfSSL 16:8e0d178b1d1e 5784 #if defined(WOLFSSL_WPAS) && defined(HAVE_CRL)
wolfSSL 15:117db924cf7c 5785 DerBuffer* der = NULL;
wolfSSL 15:117db924cf7c 5786 EncryptedInfo info;
wolfSSL 15:117db924cf7c 5787
wolfSSL 15:117db924cf7c 5788 WOLFSSL_MSG("Trying a CRL");
wolfSSL 15:117db924cf7c 5789 if (PemToDer(buff + used, sz - used, CRL_TYPE, &der, NULL, &info,
wolfSSL 15:117db924cf7c 5790 NULL) == 0) {
wolfSSL 16:8e0d178b1d1e 5791 WOLFSSL_MSG(" Processed a CRL");
wolfSSL 15:117db924cf7c 5792 wolfSSL_CertManagerLoadCRLBuffer(ctx->cm, der->buffer,
wolfSSL 16:8e0d178b1d1e 5793 der->length, WOLFSSL_FILETYPE_ASN1);
wolfSSL 15:117db924cf7c 5794 FreeDer(&der);
wolfSSL 15:117db924cf7c 5795 used += info.consumed;
wolfSSL 15:117db924cf7c 5796 continue;
wolfSSL 15:117db924cf7c 5797 }
wolfSSL 16:8e0d178b1d1e 5798 #endif
wolfSSL 16:8e0d178b1d1e 5799
wolfSSL 16:8e0d178b1d1e 5800 if (consumed > 0) { /* Made progress in file */
wolfSSL 15:117db924cf7c 5801 WOLFSSL_ERROR(ret);
wolfSSL 15:117db924cf7c 5802 WOLFSSL_MSG("CA Parse failed, with progress in file.");
wolfSSL 15:117db924cf7c 5803 WOLFSSL_MSG("Search for other certs in file");
wolfSSL 16:8e0d178b1d1e 5804 }
wolfSSL 16:8e0d178b1d1e 5805 else {
wolfSSL 15:117db924cf7c 5806 WOLFSSL_MSG("CA Parse failed, no progress in file.");
wolfSSL 15:117db924cf7c 5807 WOLFSSL_MSG("Do not continue search for other certs in file");
wolfSSL 15:117db924cf7c 5808 break;
wolfSSL 15:117db924cf7c 5809 }
wolfSSL 16:8e0d178b1d1e 5810 }
wolfSSL 16:8e0d178b1d1e 5811 else {
wolfSSL 15:117db924cf7c 5812 WOLFSSL_MSG(" Processed a CA");
wolfSSL 15:117db924cf7c 5813 gotOne = 1;
wolfSSL 15:117db924cf7c 5814 }
wolfSSL 15:117db924cf7c 5815 used += consumed;
wolfSSL 15:117db924cf7c 5816 }
wolfSSL 15:117db924cf7c 5817
wolfSSL 16:8e0d178b1d1e 5818 if (gotOne) {
wolfSSL 15:117db924cf7c 5819 WOLFSSL_MSG("Processed at least one valid CA. Other stuff OK");
wolfSSL 15:117db924cf7c 5820 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 5821 }
wolfSSL 15:117db924cf7c 5822 return ret;
wolfSSL 15:117db924cf7c 5823 }
wolfSSL 15:117db924cf7c 5824
wolfSSL 15:117db924cf7c 5825
wolfSSL 15:117db924cf7c 5826 static WC_INLINE WOLFSSL_METHOD* cm_pick_method(void)
wolfSSL 15:117db924cf7c 5827 {
wolfSSL 15:117db924cf7c 5828 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 16:8e0d178b1d1e 5829 #if !defined(NO_OLD_TLS) && defined(WOLFSSL_ALLOW_SSLV3)
wolfSSL 15:117db924cf7c 5830 return wolfSSLv3_client_method();
wolfSSL 16:8e0d178b1d1e 5831 #elif !defined(NO_OLD_TLS) && defined(WOLFSSL_ALLOW_TLSV10)
wolfSSL 16:8e0d178b1d1e 5832 return wolfTLSv1_client_method();
wolfSSL 16:8e0d178b1d1e 5833 #elif !defined(NO_OLD_TLS)
wolfSSL 16:8e0d178b1d1e 5834 return wolfTLSv1_1_client_method();
wolfSSL 15:117db924cf7c 5835 #elif !defined(WOLFSSL_NO_TLS12)
wolfSSL 15:117db924cf7c 5836 return wolfTLSv1_2_client_method();
wolfSSL 15:117db924cf7c 5837 #elif defined(WOLFSSL_TLS13)
wolfSSL 15:117db924cf7c 5838 return wolfTLSv1_3_client_method();
wolfSSL 16:8e0d178b1d1e 5839 #else
wolfSSL 16:8e0d178b1d1e 5840 return NULL;
wolfSSL 15:117db924cf7c 5841 #endif
wolfSSL 15:117db924cf7c 5842 #elif !defined(NO_WOLFSSL_SERVER)
wolfSSL 16:8e0d178b1d1e 5843 #if !defined(NO_OLD_TLS) && defined(WOLFSSL_ALLOW_SSLV3)
wolfSSL 15:117db924cf7c 5844 return wolfSSLv3_server_method();
wolfSSL 16:8e0d178b1d1e 5845 #elif !defined(NO_OLD_TLS) && defined(WOLFSSL_ALLOW_TLSV10)
wolfSSL 16:8e0d178b1d1e 5846 return wolfTLSv1_server_method();
wolfSSL 16:8e0d178b1d1e 5847 #elif !defined(NO_OLD_TLS)
wolfSSL 16:8e0d178b1d1e 5848 return wolfTLSv1_1_server_method();
wolfSSL 15:117db924cf7c 5849 #elif !defined(WOLFSSL_NO_TLS12)
wolfSSL 15:117db924cf7c 5850 return wolfTLSv1_2_server_method();
wolfSSL 15:117db924cf7c 5851 #elif defined(WOLFSSL_TLS13)
wolfSSL 15:117db924cf7c 5852 return wolfTLSv1_3_server_method();
wolfSSL 16:8e0d178b1d1e 5853 #else
wolfSSL 16:8e0d178b1d1e 5854 return NULL;
wolfSSL 15:117db924cf7c 5855 #endif
wolfSSL 15:117db924cf7c 5856 #else
wolfSSL 15:117db924cf7c 5857 return NULL;
wolfSSL 15:117db924cf7c 5858 #endif
wolfSSL 15:117db924cf7c 5859 }
wolfSSL 15:117db924cf7c 5860
wolfSSL 15:117db924cf7c 5861
wolfSSL 15:117db924cf7c 5862 /* like load verify locations, 1 for success, < 0 for error */
wolfSSL 15:117db924cf7c 5863 int wolfSSL_CertManagerLoadCABuffer(WOLFSSL_CERT_MANAGER* cm,
wolfSSL 15:117db924cf7c 5864 const unsigned char* in, long sz, int format)
wolfSSL 15:117db924cf7c 5865 {
wolfSSL 15:117db924cf7c 5866 int ret = WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 5867 WOLFSSL_CTX* tmp;
wolfSSL 15:117db924cf7c 5868
wolfSSL 15:117db924cf7c 5869 WOLFSSL_ENTER("wolfSSL_CertManagerLoadCABuffer");
wolfSSL 15:117db924cf7c 5870
wolfSSL 15:117db924cf7c 5871 if (cm == NULL) {
wolfSSL 15:117db924cf7c 5872 WOLFSSL_MSG("No CertManager error");
wolfSSL 15:117db924cf7c 5873 return ret;
wolfSSL 15:117db924cf7c 5874 }
wolfSSL 15:117db924cf7c 5875 tmp = wolfSSL_CTX_new(cm_pick_method());
wolfSSL 15:117db924cf7c 5876
wolfSSL 15:117db924cf7c 5877 if (tmp == NULL) {
wolfSSL 15:117db924cf7c 5878 WOLFSSL_MSG("CTX new failed");
wolfSSL 15:117db924cf7c 5879 return ret;
wolfSSL 15:117db924cf7c 5880 }
wolfSSL 15:117db924cf7c 5881
wolfSSL 15:117db924cf7c 5882 /* for tmp use */
wolfSSL 15:117db924cf7c 5883 wolfSSL_CertManagerFree(tmp->cm);
wolfSSL 15:117db924cf7c 5884 tmp->cm = cm;
wolfSSL 15:117db924cf7c 5885
wolfSSL 15:117db924cf7c 5886 ret = wolfSSL_CTX_load_verify_buffer(tmp, in, sz, format);
wolfSSL 15:117db924cf7c 5887
wolfSSL 15:117db924cf7c 5888 /* don't loose our good one */
wolfSSL 15:117db924cf7c 5889 tmp->cm = NULL;
wolfSSL 15:117db924cf7c 5890 wolfSSL_CTX_free(tmp);
wolfSSL 15:117db924cf7c 5891
wolfSSL 15:117db924cf7c 5892 return ret;
wolfSSL 15:117db924cf7c 5893 }
wolfSSL 15:117db924cf7c 5894
wolfSSL 15:117db924cf7c 5895 #ifdef HAVE_CRL
wolfSSL 15:117db924cf7c 5896
wolfSSL 15:117db924cf7c 5897 int wolfSSL_CertManagerLoadCRLBuffer(WOLFSSL_CERT_MANAGER* cm,
wolfSSL 15:117db924cf7c 5898 const unsigned char* buff, long sz, int type)
wolfSSL 15:117db924cf7c 5899 {
wolfSSL 15:117db924cf7c 5900 WOLFSSL_ENTER("wolfSSL_CertManagerLoadCRLBuffer");
wolfSSL 15:117db924cf7c 5901 if (cm == NULL)
wolfSSL 15:117db924cf7c 5902 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 5903
wolfSSL 15:117db924cf7c 5904 if (cm->crl == NULL) {
wolfSSL 15:117db924cf7c 5905 if (wolfSSL_CertManagerEnableCRL(cm, 0) != WOLFSSL_SUCCESS) {
wolfSSL 15:117db924cf7c 5906 WOLFSSL_MSG("Enable CRL failed");
wolfSSL 15:117db924cf7c 5907 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 5908 }
wolfSSL 15:117db924cf7c 5909 }
wolfSSL 15:117db924cf7c 5910
wolfSSL 16:8e0d178b1d1e 5911 return BufferLoadCRL(cm->crl, buff, sz, type, VERIFY);
wolfSSL 16:8e0d178b1d1e 5912 }
wolfSSL 16:8e0d178b1d1e 5913
wolfSSL 16:8e0d178b1d1e 5914 int wolfSSL_CertManagerFreeCRL(WOLFSSL_CERT_MANAGER* cm)
wolfSSL 16:8e0d178b1d1e 5915 {
wolfSSL 16:8e0d178b1d1e 5916 WOLFSSL_ENTER("wolfSSL_CertManagerFreeCRL");
wolfSSL 16:8e0d178b1d1e 5917 if (cm == NULL)
wolfSSL 16:8e0d178b1d1e 5918 return BAD_FUNC_ARG;
wolfSSL 16:8e0d178b1d1e 5919 if (cm->crl != NULL){
wolfSSL 16:8e0d178b1d1e 5920 FreeCRL(cm->crl, 1);
wolfSSL 16:8e0d178b1d1e 5921 cm->crl = NULL;
wolfSSL 16:8e0d178b1d1e 5922 }
wolfSSL 16:8e0d178b1d1e 5923 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 5924 }
wolfSSL 15:117db924cf7c 5925
wolfSSL 15:117db924cf7c 5926 int wolfSSL_CTX_LoadCRLBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
wolfSSL 15:117db924cf7c 5927 long sz, int type)
wolfSSL 15:117db924cf7c 5928 {
wolfSSL 15:117db924cf7c 5929 WOLFSSL_ENTER("wolfSSL_CTX_LoadCRLBuffer");
wolfSSL 15:117db924cf7c 5930
wolfSSL 15:117db924cf7c 5931 if (ctx == NULL)
wolfSSL 15:117db924cf7c 5932 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 5933
wolfSSL 15:117db924cf7c 5934 return wolfSSL_CertManagerLoadCRLBuffer(ctx->cm, buff, sz, type);
wolfSSL 15:117db924cf7c 5935 }
wolfSSL 15:117db924cf7c 5936
wolfSSL 15:117db924cf7c 5937
wolfSSL 15:117db924cf7c 5938 int wolfSSL_LoadCRLBuffer(WOLFSSL* ssl, const unsigned char* buff,
wolfSSL 15:117db924cf7c 5939 long sz, int type)
wolfSSL 15:117db924cf7c 5940 {
wolfSSL 15:117db924cf7c 5941 WOLFSSL_ENTER("wolfSSL_LoadCRLBuffer");
wolfSSL 15:117db924cf7c 5942
wolfSSL 15:117db924cf7c 5943 if (ssl == NULL || ssl->ctx == NULL)
wolfSSL 15:117db924cf7c 5944 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 5945
wolfSSL 15:117db924cf7c 5946 return wolfSSL_CertManagerLoadCRLBuffer(ssl->ctx->cm, buff, sz, type);
wolfSSL 15:117db924cf7c 5947 }
wolfSSL 15:117db924cf7c 5948
wolfSSL 15:117db924cf7c 5949
wolfSSL 15:117db924cf7c 5950 #endif /* HAVE_CRL */
wolfSSL 15:117db924cf7c 5951
wolfSSL 15:117db924cf7c 5952 /* turn on CRL if off and compiled in, set options */
wolfSSL 15:117db924cf7c 5953 int wolfSSL_CertManagerEnableCRL(WOLFSSL_CERT_MANAGER* cm, int options)
wolfSSL 15:117db924cf7c 5954 {
wolfSSL 15:117db924cf7c 5955 int ret = WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 5956
wolfSSL 15:117db924cf7c 5957 (void)options;
wolfSSL 15:117db924cf7c 5958
wolfSSL 15:117db924cf7c 5959 WOLFSSL_ENTER("wolfSSL_CertManagerEnableCRL");
wolfSSL 15:117db924cf7c 5960 if (cm == NULL)
wolfSSL 15:117db924cf7c 5961 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 5962
wolfSSL 15:117db924cf7c 5963 #ifdef HAVE_CRL
wolfSSL 15:117db924cf7c 5964 if (cm->crl == NULL) {
wolfSSL 15:117db924cf7c 5965 cm->crl = (WOLFSSL_CRL*)XMALLOC(sizeof(WOLFSSL_CRL), cm->heap,
wolfSSL 15:117db924cf7c 5966 DYNAMIC_TYPE_CRL);
wolfSSL 15:117db924cf7c 5967 if (cm->crl == NULL)
wolfSSL 15:117db924cf7c 5968 return MEMORY_E;
wolfSSL 15:117db924cf7c 5969
wolfSSL 15:117db924cf7c 5970 if (InitCRL(cm->crl, cm) != 0) {
wolfSSL 15:117db924cf7c 5971 WOLFSSL_MSG("Init CRL failed");
wolfSSL 15:117db924cf7c 5972 FreeCRL(cm->crl, 1);
wolfSSL 15:117db924cf7c 5973 cm->crl = NULL;
wolfSSL 15:117db924cf7c 5974 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 5975 }
wolfSSL 15:117db924cf7c 5976
wolfSSL 15:117db924cf7c 5977 #ifdef HAVE_CRL_IO
wolfSSL 15:117db924cf7c 5978 cm->crl->crlIOCb = EmbedCrlLookup;
wolfSSL 15:117db924cf7c 5979 #endif
wolfSSL 15:117db924cf7c 5980 }
wolfSSL 15:117db924cf7c 5981
wolfSSL 15:117db924cf7c 5982 cm->crlEnabled = 1;
wolfSSL 15:117db924cf7c 5983 if (options & WOLFSSL_CRL_CHECKALL)
wolfSSL 15:117db924cf7c 5984 cm->crlCheckAll = 1;
wolfSSL 15:117db924cf7c 5985 #else
wolfSSL 15:117db924cf7c 5986 ret = NOT_COMPILED_IN;
wolfSSL 15:117db924cf7c 5987 #endif
wolfSSL 15:117db924cf7c 5988
wolfSSL 15:117db924cf7c 5989 return ret;
wolfSSL 15:117db924cf7c 5990 }
wolfSSL 15:117db924cf7c 5991
wolfSSL 15:117db924cf7c 5992
wolfSSL 15:117db924cf7c 5993 int wolfSSL_CertManagerDisableCRL(WOLFSSL_CERT_MANAGER* cm)
wolfSSL 15:117db924cf7c 5994 {
wolfSSL 15:117db924cf7c 5995 WOLFSSL_ENTER("wolfSSL_CertManagerDisableCRL");
wolfSSL 15:117db924cf7c 5996 if (cm == NULL)
wolfSSL 15:117db924cf7c 5997 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 5998
wolfSSL 15:117db924cf7c 5999 cm->crlEnabled = 0;
wolfSSL 15:117db924cf7c 6000
wolfSSL 15:117db924cf7c 6001 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 6002 }
wolfSSL 16:8e0d178b1d1e 6003
wolfSSL 16:8e0d178b1d1e 6004 #ifndef NO_WOLFSSL_CM_VERIFY
wolfSSL 16:8e0d178b1d1e 6005 void wolfSSL_CertManagerSetVerify(WOLFSSL_CERT_MANAGER* cm, VerifyCallback vc)
wolfSSL 16:8e0d178b1d1e 6006 {
wolfSSL 16:8e0d178b1d1e 6007 WOLFSSL_ENTER("wolfSSL_CertManagerSetVerify");
wolfSSL 16:8e0d178b1d1e 6008 if (cm == NULL)
wolfSSL 16:8e0d178b1d1e 6009 return;
wolfSSL 16:8e0d178b1d1e 6010
wolfSSL 16:8e0d178b1d1e 6011 cm->verifyCallback = vc;
wolfSSL 16:8e0d178b1d1e 6012 }
wolfSSL 16:8e0d178b1d1e 6013 #endif /* NO_WOLFSSL_CM_VERIFY */
wolfSSL 16:8e0d178b1d1e 6014
wolfSSL 15:117db924cf7c 6015 /* Verify the certificate, WOLFSSL_SUCCESS for ok, < 0 for error */
wolfSSL 16:8e0d178b1d1e 6016 int CM_VerifyBuffer_ex(WOLFSSL_CERT_MANAGER* cm, const byte* buff,
wolfSSL 16:8e0d178b1d1e 6017 long sz, int format, int err_val)
wolfSSL 15:117db924cf7c 6018 {
wolfSSL 15:117db924cf7c 6019 int ret = 0;
wolfSSL 15:117db924cf7c 6020 DerBuffer* der = NULL;
wolfSSL 15:117db924cf7c 6021 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 16:8e0d178b1d1e 6022 DecodedCert* cert;
wolfSSL 15:117db924cf7c 6023 #else
wolfSSL 15:117db924cf7c 6024 DecodedCert cert[1];
wolfSSL 15:117db924cf7c 6025 #endif
wolfSSL 15:117db924cf7c 6026
wolfSSL 15:117db924cf7c 6027 WOLFSSL_ENTER("wolfSSL_CertManagerVerifyBuffer");
wolfSSL 15:117db924cf7c 6028
wolfSSL 15:117db924cf7c 6029 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 6030 cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), cm->heap,
wolfSSL 15:117db924cf7c 6031 DYNAMIC_TYPE_DCERT);
wolfSSL 15:117db924cf7c 6032 if (cert == NULL)
wolfSSL 15:117db924cf7c 6033 return MEMORY_E;
wolfSSL 15:117db924cf7c 6034 #endif
wolfSSL 15:117db924cf7c 6035
wolfSSL 15:117db924cf7c 6036 if (format == WOLFSSL_FILETYPE_PEM) {
wolfSSL 15:117db924cf7c 6037 #ifdef WOLFSSL_PEM_TO_DER
wolfSSL 15:117db924cf7c 6038 ret = PemToDer(buff, sz, CERT_TYPE, &der, cm->heap, NULL, NULL);
wolfSSL 15:117db924cf7c 6039 if (ret != 0) {
wolfSSL 15:117db924cf7c 6040 FreeDer(&der);
wolfSSL 15:117db924cf7c 6041 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 6042 XFREE(cert, cm->heap, DYNAMIC_TYPE_DCERT);
wolfSSL 15:117db924cf7c 6043 #endif
wolfSSL 15:117db924cf7c 6044 return ret;
wolfSSL 15:117db924cf7c 6045 }
wolfSSL 15:117db924cf7c 6046 InitDecodedCert(cert, der->buffer, der->length, cm->heap);
wolfSSL 15:117db924cf7c 6047 #else
wolfSSL 15:117db924cf7c 6048 ret = NOT_COMPILED_IN;
wolfSSL 15:117db924cf7c 6049 #endif
wolfSSL 15:117db924cf7c 6050 }
wolfSSL 15:117db924cf7c 6051 else {
wolfSSL 15:117db924cf7c 6052 InitDecodedCert(cert, (byte*)buff, (word32)sz, cm->heap);
wolfSSL 15:117db924cf7c 6053 }
wolfSSL 15:117db924cf7c 6054
wolfSSL 15:117db924cf7c 6055 if (ret == 0)
wolfSSL 15:117db924cf7c 6056 ret = ParseCertRelative(cert, CERT_TYPE, 1, cm);
wolfSSL 15:117db924cf7c 6057
wolfSSL 16:8e0d178b1d1e 6058 #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
wolfSSL 16:8e0d178b1d1e 6059 /* ret needs to be self-singer error for Qt compat */
wolfSSL 16:8e0d178b1d1e 6060 if (ret == ASN_NO_SIGNER_E && cert->selfSigned)
wolfSSL 16:8e0d178b1d1e 6061 ret = ASN_SELF_SIGNED_E;
wolfSSL 16:8e0d178b1d1e 6062 #endif
wolfSSL 16:8e0d178b1d1e 6063
wolfSSL 15:117db924cf7c 6064 #ifdef HAVE_CRL
wolfSSL 15:117db924cf7c 6065 if (ret == 0 && cm->crlEnabled)
wolfSSL 15:117db924cf7c 6066 ret = CheckCertCRL(cm->crl, cert);
wolfSSL 15:117db924cf7c 6067 #endif
wolfSSL 15:117db924cf7c 6068
wolfSSL 16:8e0d178b1d1e 6069 #ifndef NO_WOLFSSL_CM_VERIFY
wolfSSL 16:8e0d178b1d1e 6070 /* if verify callback has been set */
wolfSSL 16:8e0d178b1d1e 6071 if (cm->verifyCallback) {
wolfSSL 16:8e0d178b1d1e 6072 buffer certBuf;
wolfSSL 16:8e0d178b1d1e 6073 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 16:8e0d178b1d1e 6074 ProcPeerCertArgs* args;
wolfSSL 16:8e0d178b1d1e 6075 args = (ProcPeerCertArgs*)XMALLOC(
wolfSSL 16:8e0d178b1d1e 6076 sizeof(ProcPeerCertArgs), cm->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 6077 if (args == NULL) {
wolfSSL 16:8e0d178b1d1e 6078 XFREE(cert, cm->heap, DYNAMIC_TYPE_DCERT);
wolfSSL 16:8e0d178b1d1e 6079 return MEMORY_E;
wolfSSL 16:8e0d178b1d1e 6080 }
wolfSSL 16:8e0d178b1d1e 6081 #else
wolfSSL 16:8e0d178b1d1e 6082 ProcPeerCertArgs args[1];
wolfSSL 16:8e0d178b1d1e 6083 #endif
wolfSSL 16:8e0d178b1d1e 6084
wolfSSL 16:8e0d178b1d1e 6085 certBuf.buffer = (byte*)buff;
wolfSSL 16:8e0d178b1d1e 6086 certBuf.length = (unsigned int)sz;
wolfSSL 16:8e0d178b1d1e 6087 XMEMSET(args, 0, sizeof(ProcPeerCertArgs));
wolfSSL 16:8e0d178b1d1e 6088
wolfSSL 16:8e0d178b1d1e 6089 args->totalCerts = 1;
wolfSSL 16:8e0d178b1d1e 6090 args->certs = &certBuf;
wolfSSL 16:8e0d178b1d1e 6091 args->dCert = cert;
wolfSSL 16:8e0d178b1d1e 6092 args->dCertInit = 1;
wolfSSL 16:8e0d178b1d1e 6093
wolfSSL 16:8e0d178b1d1e 6094 if (err_val != 0) {
wolfSSL 16:8e0d178b1d1e 6095 ret = err_val;
wolfSSL 16:8e0d178b1d1e 6096 }
wolfSSL 16:8e0d178b1d1e 6097 ret = DoVerifyCallback(cm, NULL, ret, args);
wolfSSL 16:8e0d178b1d1e 6098 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 16:8e0d178b1d1e 6099 XFREE(args, cm->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 6100 #endif
wolfSSL 16:8e0d178b1d1e 6101 }
wolfSSL 16:8e0d178b1d1e 6102 #else
wolfSSL 16:8e0d178b1d1e 6103 (void)err_val;
wolfSSL 16:8e0d178b1d1e 6104 #endif
wolfSSL 16:8e0d178b1d1e 6105
wolfSSL 15:117db924cf7c 6106 FreeDecodedCert(cert);
wolfSSL 15:117db924cf7c 6107 FreeDer(&der);
wolfSSL 15:117db924cf7c 6108 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 6109 XFREE(cert, cm->heap, DYNAMIC_TYPE_DCERT);
wolfSSL 15:117db924cf7c 6110 #endif
wolfSSL 15:117db924cf7c 6111
wolfSSL 15:117db924cf7c 6112 return ret == 0 ? WOLFSSL_SUCCESS : ret;
wolfSSL 15:117db924cf7c 6113 }
wolfSSL 15:117db924cf7c 6114
wolfSSL 16:8e0d178b1d1e 6115 /* Verify the certificate, WOLFSSL_SUCCESS for ok, < 0 for error */
wolfSSL 16:8e0d178b1d1e 6116 int wolfSSL_CertManagerVerifyBuffer(WOLFSSL_CERT_MANAGER* cm, const byte* buff,
wolfSSL 16:8e0d178b1d1e 6117 long sz, int format)
wolfSSL 16:8e0d178b1d1e 6118 {
wolfSSL 16:8e0d178b1d1e 6119 return CM_VerifyBuffer_ex(cm, buff, sz, format, 0);
wolfSSL 16:8e0d178b1d1e 6120 }
wolfSSL 15:117db924cf7c 6121 /* turn on OCSP if off and compiled in, set options */
wolfSSL 15:117db924cf7c 6122 int wolfSSL_CertManagerEnableOCSP(WOLFSSL_CERT_MANAGER* cm, int options)
wolfSSL 15:117db924cf7c 6123 {
wolfSSL 15:117db924cf7c 6124 int ret = WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 6125
wolfSSL 15:117db924cf7c 6126 (void)options;
wolfSSL 15:117db924cf7c 6127
wolfSSL 15:117db924cf7c 6128 WOLFSSL_ENTER("wolfSSL_CertManagerEnableOCSP");
wolfSSL 15:117db924cf7c 6129 if (cm == NULL)
wolfSSL 15:117db924cf7c 6130 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 6131
wolfSSL 15:117db924cf7c 6132 #ifdef HAVE_OCSP
wolfSSL 15:117db924cf7c 6133 if (cm->ocsp == NULL) {
wolfSSL 15:117db924cf7c 6134 cm->ocsp = (WOLFSSL_OCSP*)XMALLOC(sizeof(WOLFSSL_OCSP), cm->heap,
wolfSSL 15:117db924cf7c 6135 DYNAMIC_TYPE_OCSP);
wolfSSL 15:117db924cf7c 6136 if (cm->ocsp == NULL)
wolfSSL 15:117db924cf7c 6137 return MEMORY_E;
wolfSSL 15:117db924cf7c 6138
wolfSSL 15:117db924cf7c 6139 if (InitOCSP(cm->ocsp, cm) != 0) {
wolfSSL 15:117db924cf7c 6140 WOLFSSL_MSG("Init OCSP failed");
wolfSSL 15:117db924cf7c 6141 FreeOCSP(cm->ocsp, 1);
wolfSSL 15:117db924cf7c 6142 cm->ocsp = NULL;
wolfSSL 15:117db924cf7c 6143 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 6144 }
wolfSSL 15:117db924cf7c 6145 }
wolfSSL 15:117db924cf7c 6146 cm->ocspEnabled = 1;
wolfSSL 15:117db924cf7c 6147 if (options & WOLFSSL_OCSP_URL_OVERRIDE)
wolfSSL 15:117db924cf7c 6148 cm->ocspUseOverrideURL = 1;
wolfSSL 15:117db924cf7c 6149 if (options & WOLFSSL_OCSP_NO_NONCE)
wolfSSL 15:117db924cf7c 6150 cm->ocspSendNonce = 0;
wolfSSL 15:117db924cf7c 6151 else
wolfSSL 15:117db924cf7c 6152 cm->ocspSendNonce = 1;
wolfSSL 15:117db924cf7c 6153 if (options & WOLFSSL_OCSP_CHECKALL)
wolfSSL 15:117db924cf7c 6154 cm->ocspCheckAll = 1;
wolfSSL 15:117db924cf7c 6155 #ifndef WOLFSSL_USER_IO
wolfSSL 15:117db924cf7c 6156 cm->ocspIOCb = EmbedOcspLookup;
wolfSSL 15:117db924cf7c 6157 cm->ocspRespFreeCb = EmbedOcspRespFree;
wolfSSL 15:117db924cf7c 6158 cm->ocspIOCtx = cm->heap;
wolfSSL 15:117db924cf7c 6159 #endif /* WOLFSSL_USER_IO */
wolfSSL 15:117db924cf7c 6160 #else
wolfSSL 15:117db924cf7c 6161 ret = NOT_COMPILED_IN;
wolfSSL 15:117db924cf7c 6162 #endif
wolfSSL 15:117db924cf7c 6163
wolfSSL 15:117db924cf7c 6164 return ret;
wolfSSL 15:117db924cf7c 6165 }
wolfSSL 15:117db924cf7c 6166
wolfSSL 15:117db924cf7c 6167
wolfSSL 15:117db924cf7c 6168 int wolfSSL_CertManagerDisableOCSP(WOLFSSL_CERT_MANAGER* cm)
wolfSSL 15:117db924cf7c 6169 {
wolfSSL 15:117db924cf7c 6170 WOLFSSL_ENTER("wolfSSL_CertManagerDisableOCSP");
wolfSSL 15:117db924cf7c 6171 if (cm == NULL)
wolfSSL 15:117db924cf7c 6172 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 6173
wolfSSL 15:117db924cf7c 6174 cm->ocspEnabled = 0;
wolfSSL 15:117db924cf7c 6175
wolfSSL 15:117db924cf7c 6176 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 6177 }
wolfSSL 15:117db924cf7c 6178
wolfSSL 15:117db924cf7c 6179 /* turn on OCSP Stapling if off and compiled in, set options */
wolfSSL 15:117db924cf7c 6180 int wolfSSL_CertManagerEnableOCSPStapling(WOLFSSL_CERT_MANAGER* cm)
wolfSSL 15:117db924cf7c 6181 {
wolfSSL 15:117db924cf7c 6182 int ret = WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 6183
wolfSSL 15:117db924cf7c 6184 WOLFSSL_ENTER("wolfSSL_CertManagerEnableOCSPStapling");
wolfSSL 15:117db924cf7c 6185
wolfSSL 15:117db924cf7c 6186 if (cm == NULL)
wolfSSL 15:117db924cf7c 6187 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 6188
wolfSSL 15:117db924cf7c 6189 #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
wolfSSL 15:117db924cf7c 6190 || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
wolfSSL 16:8e0d178b1d1e 6191 #ifndef NO_WOLFSSL_SERVER
wolfSSL 15:117db924cf7c 6192 if (cm->ocsp_stapling == NULL) {
wolfSSL 15:117db924cf7c 6193 cm->ocsp_stapling = (WOLFSSL_OCSP*)XMALLOC(sizeof(WOLFSSL_OCSP),
wolfSSL 15:117db924cf7c 6194 cm->heap, DYNAMIC_TYPE_OCSP);
wolfSSL 15:117db924cf7c 6195 if (cm->ocsp_stapling == NULL)
wolfSSL 15:117db924cf7c 6196 return MEMORY_E;
wolfSSL 15:117db924cf7c 6197
wolfSSL 15:117db924cf7c 6198 if (InitOCSP(cm->ocsp_stapling, cm) != 0) {
wolfSSL 15:117db924cf7c 6199 WOLFSSL_MSG("Init OCSP failed");
wolfSSL 15:117db924cf7c 6200 FreeOCSP(cm->ocsp_stapling, 1);
wolfSSL 15:117db924cf7c 6201 cm->ocsp_stapling = NULL;
wolfSSL 15:117db924cf7c 6202 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 6203 }
wolfSSL 15:117db924cf7c 6204 }
wolfSSL 15:117db924cf7c 6205
wolfSSL 15:117db924cf7c 6206 #ifndef WOLFSSL_USER_IO
wolfSSL 15:117db924cf7c 6207 cm->ocspIOCb = EmbedOcspLookup;
wolfSSL 15:117db924cf7c 6208 cm->ocspRespFreeCb = EmbedOcspRespFree;
wolfSSL 15:117db924cf7c 6209 cm->ocspIOCtx = cm->heap;
wolfSSL 15:117db924cf7c 6210 #endif /* WOLFSSL_USER_IO */
wolfSSL 16:8e0d178b1d1e 6211 #endif /* NO_WOLFSSL_SERVER */
wolfSSL 16:8e0d178b1d1e 6212 cm->ocspStaplingEnabled = 1;
wolfSSL 15:117db924cf7c 6213 #else
wolfSSL 15:117db924cf7c 6214 ret = NOT_COMPILED_IN;
wolfSSL 15:117db924cf7c 6215 #endif
wolfSSL 15:117db924cf7c 6216
wolfSSL 15:117db924cf7c 6217 return ret;
wolfSSL 15:117db924cf7c 6218 }
wolfSSL 15:117db924cf7c 6219
wolfSSL 15:117db924cf7c 6220 int wolfSSL_CertManagerDisableOCSPStapling(WOLFSSL_CERT_MANAGER* cm)
wolfSSL 15:117db924cf7c 6221 {
wolfSSL 15:117db924cf7c 6222 int ret = WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 6223
wolfSSL 15:117db924cf7c 6224 WOLFSSL_ENTER("wolfSSL_CertManagerDisableOCSPStapling");
wolfSSL 15:117db924cf7c 6225
wolfSSL 15:117db924cf7c 6226 if (cm == NULL)
wolfSSL 15:117db924cf7c 6227 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 6228
wolfSSL 15:117db924cf7c 6229 #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
wolfSSL 15:117db924cf7c 6230 || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
wolfSSL 15:117db924cf7c 6231 cm->ocspStaplingEnabled = 0;
wolfSSL 15:117db924cf7c 6232 #else
wolfSSL 15:117db924cf7c 6233 ret = NOT_COMPILED_IN;
wolfSSL 15:117db924cf7c 6234 #endif
wolfSSL 15:117db924cf7c 6235 return ret;
wolfSSL 15:117db924cf7c 6236 }
wolfSSL 16:8e0d178b1d1e 6237
wolfSSL 15:117db924cf7c 6238 #ifdef HAVE_OCSP
wolfSSL 15:117db924cf7c 6239 /* check CRL if enabled, WOLFSSL_SUCCESS */
wolfSSL 15:117db924cf7c 6240 int wolfSSL_CertManagerCheckOCSP(WOLFSSL_CERT_MANAGER* cm, byte* der, int sz)
wolfSSL 15:117db924cf7c 6241 {
wolfSSL 15:117db924cf7c 6242 int ret;
wolfSSL 15:117db924cf7c 6243 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 6244 DecodedCert* cert = NULL;
wolfSSL 15:117db924cf7c 6245 #else
wolfSSL 15:117db924cf7c 6246 DecodedCert cert[1];
wolfSSL 15:117db924cf7c 6247 #endif
wolfSSL 15:117db924cf7c 6248
wolfSSL 15:117db924cf7c 6249 WOLFSSL_ENTER("wolfSSL_CertManagerCheckOCSP");
wolfSSL 15:117db924cf7c 6250
wolfSSL 15:117db924cf7c 6251 if (cm == NULL)
wolfSSL 15:117db924cf7c 6252 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 6253
wolfSSL 15:117db924cf7c 6254 if (cm->ocspEnabled == 0)
wolfSSL 15:117db924cf7c 6255 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 6256
wolfSSL 15:117db924cf7c 6257 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 6258 cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, DYNAMIC_TYPE_DCERT);
wolfSSL 15:117db924cf7c 6259 if (cert == NULL)
wolfSSL 15:117db924cf7c 6260 return MEMORY_E;
wolfSSL 15:117db924cf7c 6261 #endif
wolfSSL 15:117db924cf7c 6262
wolfSSL 15:117db924cf7c 6263 InitDecodedCert(cert, der, sz, NULL);
wolfSSL 15:117db924cf7c 6264
wolfSSL 15:117db924cf7c 6265 if ((ret = ParseCertRelative(cert, CERT_TYPE, VERIFY_OCSP, cm)) != 0) {
wolfSSL 15:117db924cf7c 6266 WOLFSSL_MSG("ParseCert failed");
wolfSSL 15:117db924cf7c 6267 }
wolfSSL 15:117db924cf7c 6268 else if ((ret = CheckCertOCSP(cm->ocsp, cert, NULL)) != 0) {
wolfSSL 15:117db924cf7c 6269 WOLFSSL_MSG("CheckCertOCSP failed");
wolfSSL 15:117db924cf7c 6270 }
wolfSSL 15:117db924cf7c 6271
wolfSSL 15:117db924cf7c 6272 FreeDecodedCert(cert);
wolfSSL 15:117db924cf7c 6273 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 6274 XFREE(cert, NULL, DYNAMIC_TYPE_DCERT);
wolfSSL 15:117db924cf7c 6275 #endif
wolfSSL 15:117db924cf7c 6276
wolfSSL 15:117db924cf7c 6277 return ret == 0 ? WOLFSSL_SUCCESS : ret;
wolfSSL 15:117db924cf7c 6278 }
wolfSSL 15:117db924cf7c 6279
wolfSSL 16:8e0d178b1d1e 6280 WOLFSSL_API int wolfSSL_CertManagerCheckOCSPResponse(WOLFSSL_CERT_MANAGER *cm,
wolfSSL 16:8e0d178b1d1e 6281 byte *response, int responseSz, buffer *responseBuffer,
wolfSSL 16:8e0d178b1d1e 6282 CertStatus *status, OcspEntry *entry, OcspRequest *ocspRequest)
wolfSSL 16:8e0d178b1d1e 6283 {
wolfSSL 16:8e0d178b1d1e 6284 int ret;
wolfSSL 16:8e0d178b1d1e 6285
wolfSSL 16:8e0d178b1d1e 6286 WOLFSSL_ENTER("wolfSSL_CertManagerCheckOCSP_Staple");
wolfSSL 16:8e0d178b1d1e 6287 if (cm == NULL || response == NULL)
wolfSSL 16:8e0d178b1d1e 6288 return BAD_FUNC_ARG;
wolfSSL 16:8e0d178b1d1e 6289 if (cm->ocspEnabled == 0)
wolfSSL 16:8e0d178b1d1e 6290 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 6291
wolfSSL 16:8e0d178b1d1e 6292 ret = CheckOcspResponse(cm->ocsp, response, responseSz, responseBuffer, status,
wolfSSL 16:8e0d178b1d1e 6293 entry, ocspRequest);
wolfSSL 16:8e0d178b1d1e 6294
wolfSSL 16:8e0d178b1d1e 6295 return ret == 0 ? WOLFSSL_SUCCESS : ret;
wolfSSL 16:8e0d178b1d1e 6296 }
wolfSSL 15:117db924cf7c 6297
wolfSSL 15:117db924cf7c 6298 int wolfSSL_CertManagerSetOCSPOverrideURL(WOLFSSL_CERT_MANAGER* cm,
wolfSSL 15:117db924cf7c 6299 const char* url)
wolfSSL 15:117db924cf7c 6300 {
wolfSSL 15:117db924cf7c 6301 WOLFSSL_ENTER("wolfSSL_CertManagerSetOCSPOverrideURL");
wolfSSL 15:117db924cf7c 6302 if (cm == NULL)
wolfSSL 15:117db924cf7c 6303 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 6304
wolfSSL 15:117db924cf7c 6305 XFREE(cm->ocspOverrideURL, cm->heap, DYNAMIC_TYPE_URL);
wolfSSL 15:117db924cf7c 6306 if (url != NULL) {
wolfSSL 15:117db924cf7c 6307 int urlSz = (int)XSTRLEN(url) + 1;
wolfSSL 15:117db924cf7c 6308 cm->ocspOverrideURL = (char*)XMALLOC(urlSz, cm->heap, DYNAMIC_TYPE_URL);
wolfSSL 15:117db924cf7c 6309 if (cm->ocspOverrideURL != NULL) {
wolfSSL 15:117db924cf7c 6310 XMEMCPY(cm->ocspOverrideURL, url, urlSz);
wolfSSL 15:117db924cf7c 6311 }
wolfSSL 15:117db924cf7c 6312 else
wolfSSL 15:117db924cf7c 6313 return MEMORY_E;
wolfSSL 15:117db924cf7c 6314 }
wolfSSL 15:117db924cf7c 6315 else
wolfSSL 15:117db924cf7c 6316 cm->ocspOverrideURL = NULL;
wolfSSL 15:117db924cf7c 6317
wolfSSL 15:117db924cf7c 6318 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 6319 }
wolfSSL 15:117db924cf7c 6320
wolfSSL 15:117db924cf7c 6321
wolfSSL 15:117db924cf7c 6322 int wolfSSL_CertManagerSetOCSP_Cb(WOLFSSL_CERT_MANAGER* cm,
wolfSSL 15:117db924cf7c 6323 CbOCSPIO ioCb, CbOCSPRespFree respFreeCb, void* ioCbCtx)
wolfSSL 15:117db924cf7c 6324 {
wolfSSL 15:117db924cf7c 6325 WOLFSSL_ENTER("wolfSSL_CertManagerSetOCSP_Cb");
wolfSSL 15:117db924cf7c 6326 if (cm == NULL)
wolfSSL 15:117db924cf7c 6327 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 6328
wolfSSL 15:117db924cf7c 6329 cm->ocspIOCb = ioCb;
wolfSSL 15:117db924cf7c 6330 cm->ocspRespFreeCb = respFreeCb;
wolfSSL 15:117db924cf7c 6331 cm->ocspIOCtx = ioCbCtx;
wolfSSL 15:117db924cf7c 6332
wolfSSL 15:117db924cf7c 6333 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 6334 }
wolfSSL 15:117db924cf7c 6335
wolfSSL 15:117db924cf7c 6336
wolfSSL 15:117db924cf7c 6337 int wolfSSL_EnableOCSP(WOLFSSL* ssl, int options)
wolfSSL 15:117db924cf7c 6338 {
wolfSSL 15:117db924cf7c 6339 WOLFSSL_ENTER("wolfSSL_EnableOCSP");
wolfSSL 15:117db924cf7c 6340 if (ssl)
wolfSSL 15:117db924cf7c 6341 return wolfSSL_CertManagerEnableOCSP(ssl->ctx->cm, options);
wolfSSL 15:117db924cf7c 6342 else
wolfSSL 15:117db924cf7c 6343 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 6344 }
wolfSSL 15:117db924cf7c 6345
wolfSSL 15:117db924cf7c 6346 int wolfSSL_DisableOCSP(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 6347 {
wolfSSL 15:117db924cf7c 6348 WOLFSSL_ENTER("wolfSSL_DisableOCSP");
wolfSSL 15:117db924cf7c 6349 if (ssl)
wolfSSL 15:117db924cf7c 6350 return wolfSSL_CertManagerDisableOCSP(ssl->ctx->cm);
wolfSSL 15:117db924cf7c 6351 else
wolfSSL 15:117db924cf7c 6352 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 6353 }
wolfSSL 15:117db924cf7c 6354
wolfSSL 15:117db924cf7c 6355
wolfSSL 15:117db924cf7c 6356 int wolfSSL_EnableOCSPStapling(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 6357 {
wolfSSL 15:117db924cf7c 6358 WOLFSSL_ENTER("wolfSSL_EnableOCSPStapling");
wolfSSL 15:117db924cf7c 6359 if (ssl)
wolfSSL 15:117db924cf7c 6360 return wolfSSL_CertManagerEnableOCSPStapling(ssl->ctx->cm);
wolfSSL 15:117db924cf7c 6361 else
wolfSSL 15:117db924cf7c 6362 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 6363 }
wolfSSL 15:117db924cf7c 6364
wolfSSL 15:117db924cf7c 6365 int wolfSSL_DisableOCSPStapling(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 6366 {
wolfSSL 15:117db924cf7c 6367 WOLFSSL_ENTER("wolfSSL_DisableOCSPStapling");
wolfSSL 15:117db924cf7c 6368 if (ssl)
wolfSSL 15:117db924cf7c 6369 return wolfSSL_CertManagerDisableOCSPStapling(ssl->ctx->cm);
wolfSSL 15:117db924cf7c 6370 else
wolfSSL 15:117db924cf7c 6371 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 6372 }
wolfSSL 15:117db924cf7c 6373
wolfSSL 15:117db924cf7c 6374 int wolfSSL_SetOCSP_OverrideURL(WOLFSSL* ssl, const char* url)
wolfSSL 15:117db924cf7c 6375 {
wolfSSL 15:117db924cf7c 6376 WOLFSSL_ENTER("wolfSSL_SetOCSP_OverrideURL");
wolfSSL 15:117db924cf7c 6377 if (ssl)
wolfSSL 15:117db924cf7c 6378 return wolfSSL_CertManagerSetOCSPOverrideURL(ssl->ctx->cm, url);
wolfSSL 15:117db924cf7c 6379 else
wolfSSL 15:117db924cf7c 6380 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 6381 }
wolfSSL 15:117db924cf7c 6382
wolfSSL 15:117db924cf7c 6383
wolfSSL 15:117db924cf7c 6384 int wolfSSL_SetOCSP_Cb(WOLFSSL* ssl,
wolfSSL 15:117db924cf7c 6385 CbOCSPIO ioCb, CbOCSPRespFree respFreeCb, void* ioCbCtx)
wolfSSL 15:117db924cf7c 6386 {
wolfSSL 15:117db924cf7c 6387 WOLFSSL_ENTER("wolfSSL_SetOCSP_Cb");
wolfSSL 15:117db924cf7c 6388 if (ssl) {
wolfSSL 15:117db924cf7c 6389 ssl->ocspIOCtx = ioCbCtx; /* use SSL specific ioCbCtx */
wolfSSL 15:117db924cf7c 6390 return wolfSSL_CertManagerSetOCSP_Cb(ssl->ctx->cm,
wolfSSL 15:117db924cf7c 6391 ioCb, respFreeCb, NULL);
wolfSSL 15:117db924cf7c 6392 }
wolfSSL 15:117db924cf7c 6393 else
wolfSSL 15:117db924cf7c 6394 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 6395 }
wolfSSL 15:117db924cf7c 6396
wolfSSL 15:117db924cf7c 6397
wolfSSL 15:117db924cf7c 6398 int wolfSSL_CTX_EnableOCSP(WOLFSSL_CTX* ctx, int options)
wolfSSL 15:117db924cf7c 6399 {
wolfSSL 15:117db924cf7c 6400 WOLFSSL_ENTER("wolfSSL_CTX_EnableOCSP");
wolfSSL 15:117db924cf7c 6401 if (ctx)
wolfSSL 15:117db924cf7c 6402 return wolfSSL_CertManagerEnableOCSP(ctx->cm, options);
wolfSSL 15:117db924cf7c 6403 else
wolfSSL 15:117db924cf7c 6404 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 6405 }
wolfSSL 15:117db924cf7c 6406
wolfSSL 15:117db924cf7c 6407
wolfSSL 15:117db924cf7c 6408 int wolfSSL_CTX_DisableOCSP(WOLFSSL_CTX* ctx)
wolfSSL 15:117db924cf7c 6409 {
wolfSSL 15:117db924cf7c 6410 WOLFSSL_ENTER("wolfSSL_CTX_DisableOCSP");
wolfSSL 15:117db924cf7c 6411 if (ctx)
wolfSSL 15:117db924cf7c 6412 return wolfSSL_CertManagerDisableOCSP(ctx->cm);
wolfSSL 15:117db924cf7c 6413 else
wolfSSL 15:117db924cf7c 6414 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 6415 }
wolfSSL 15:117db924cf7c 6416
wolfSSL 15:117db924cf7c 6417
wolfSSL 15:117db924cf7c 6418 int wolfSSL_CTX_SetOCSP_OverrideURL(WOLFSSL_CTX* ctx, const char* url)
wolfSSL 15:117db924cf7c 6419 {
wolfSSL 15:117db924cf7c 6420 WOLFSSL_ENTER("wolfSSL_SetOCSP_OverrideURL");
wolfSSL 15:117db924cf7c 6421 if (ctx)
wolfSSL 15:117db924cf7c 6422 return wolfSSL_CertManagerSetOCSPOverrideURL(ctx->cm, url);
wolfSSL 15:117db924cf7c 6423 else
wolfSSL 15:117db924cf7c 6424 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 6425 }
wolfSSL 15:117db924cf7c 6426
wolfSSL 15:117db924cf7c 6427
wolfSSL 15:117db924cf7c 6428 int wolfSSL_CTX_SetOCSP_Cb(WOLFSSL_CTX* ctx, CbOCSPIO ioCb,
wolfSSL 15:117db924cf7c 6429 CbOCSPRespFree respFreeCb, void* ioCbCtx)
wolfSSL 15:117db924cf7c 6430 {
wolfSSL 15:117db924cf7c 6431 WOLFSSL_ENTER("wolfSSL_CTX_SetOCSP_Cb");
wolfSSL 15:117db924cf7c 6432 if (ctx)
wolfSSL 15:117db924cf7c 6433 return wolfSSL_CertManagerSetOCSP_Cb(ctx->cm, ioCb,
wolfSSL 15:117db924cf7c 6434 respFreeCb, ioCbCtx);
wolfSSL 15:117db924cf7c 6435 else
wolfSSL 15:117db924cf7c 6436 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 6437 }
wolfSSL 15:117db924cf7c 6438
wolfSSL 15:117db924cf7c 6439 #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
wolfSSL 15:117db924cf7c 6440 || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
wolfSSL 15:117db924cf7c 6441 int wolfSSL_CTX_EnableOCSPStapling(WOLFSSL_CTX* ctx)
wolfSSL 15:117db924cf7c 6442 {
wolfSSL 15:117db924cf7c 6443 WOLFSSL_ENTER("wolfSSL_CTX_EnableOCSPStapling");
wolfSSL 15:117db924cf7c 6444 if (ctx)
wolfSSL 15:117db924cf7c 6445 return wolfSSL_CertManagerEnableOCSPStapling(ctx->cm);
wolfSSL 15:117db924cf7c 6446 else
wolfSSL 15:117db924cf7c 6447 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 6448 }
wolfSSL 15:117db924cf7c 6449
wolfSSL 15:117db924cf7c 6450 int wolfSSL_CTX_DisableOCSPStapling(WOLFSSL_CTX* ctx)
wolfSSL 15:117db924cf7c 6451 {
wolfSSL 15:117db924cf7c 6452 WOLFSSL_ENTER("wolfSSL_CTX_DisableOCSPStapling");
wolfSSL 15:117db924cf7c 6453 if (ctx)
wolfSSL 15:117db924cf7c 6454 return wolfSSL_CertManagerDisableOCSPStapling(ctx->cm);
wolfSSL 15:117db924cf7c 6455 else
wolfSSL 15:117db924cf7c 6456 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 6457 }
wolfSSL 15:117db924cf7c 6458 #endif /* HAVE_CERTIFICATE_STATUS_REQUEST || HAVE_CERTIFICATE_STATUS_REQUEST_V2 */
wolfSSL 15:117db924cf7c 6459
wolfSSL 15:117db924cf7c 6460 #endif /* HAVE_OCSP */
wolfSSL 15:117db924cf7c 6461
wolfSSL 16:8e0d178b1d1e 6462 /* macro to get verify settings for AddCA */
wolfSSL 16:8e0d178b1d1e 6463 #define GET_VERIFY_SETTING_CTX(ctx) \
wolfSSL 16:8e0d178b1d1e 6464 (ctx && ctx->verifyNone ? NO_VERIFY : VERIFY)
wolfSSL 16:8e0d178b1d1e 6465 #define GET_VERIFY_SETTING_SSL(ssl) \
wolfSSL 16:8e0d178b1d1e 6466 (ssl && ssl->options.verifyNone ? NO_VERIFY : VERIFY)
wolfSSL 15:117db924cf7c 6467
wolfSSL 15:117db924cf7c 6468 #ifndef NO_FILESYSTEM
wolfSSL 15:117db924cf7c 6469
wolfSSL 15:117db924cf7c 6470 /* process a file with name fname into ctx of format and type
wolfSSL 15:117db924cf7c 6471 userChain specifies a user certificate chain to pass during handshake */
wolfSSL 15:117db924cf7c 6472 int ProcessFile(WOLFSSL_CTX* ctx, const char* fname, int format, int type,
wolfSSL 16:8e0d178b1d1e 6473 WOLFSSL* ssl, int userChain, WOLFSSL_CRL* crl, int verify)
wolfSSL 15:117db924cf7c 6474 {
wolfSSL 15:117db924cf7c 6475 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 6476 byte staticBuffer[1]; /* force heap usage */
wolfSSL 15:117db924cf7c 6477 #else
wolfSSL 15:117db924cf7c 6478 byte staticBuffer[FILE_BUFFER_SIZE];
wolfSSL 15:117db924cf7c 6479 #endif
wolfSSL 15:117db924cf7c 6480 byte* myBuffer = staticBuffer;
wolfSSL 15:117db924cf7c 6481 int dynamic = 0;
wolfSSL 15:117db924cf7c 6482 int ret;
wolfSSL 15:117db924cf7c 6483 long sz = 0;
wolfSSL 15:117db924cf7c 6484 XFILE file;
wolfSSL 15:117db924cf7c 6485 void* heapHint = wolfSSL_CTX_GetHeap(ctx, ssl);
wolfSSL 16:8e0d178b1d1e 6486 const char* header = NULL;
wolfSSL 16:8e0d178b1d1e 6487 const char* footer = NULL;
wolfSSL 15:117db924cf7c 6488
wolfSSL 15:117db924cf7c 6489 (void)crl;
wolfSSL 15:117db924cf7c 6490 (void)heapHint;
wolfSSL 15:117db924cf7c 6491
wolfSSL 15:117db924cf7c 6492 if (fname == NULL) return WOLFSSL_BAD_FILE;
wolfSSL 15:117db924cf7c 6493
wolfSSL 15:117db924cf7c 6494 file = XFOPEN(fname, "rb");
wolfSSL 15:117db924cf7c 6495 if (file == XBADFILE) return WOLFSSL_BAD_FILE;
wolfSSL 16:8e0d178b1d1e 6496 if (XFSEEK(file, 0, XSEEK_END) != 0) {
wolfSSL 16:8e0d178b1d1e 6497 XFCLOSE(file);
wolfSSL 16:8e0d178b1d1e 6498 return WOLFSSL_BAD_FILE;
wolfSSL 16:8e0d178b1d1e 6499 }
wolfSSL 15:117db924cf7c 6500 sz = XFTELL(file);
wolfSSL 15:117db924cf7c 6501 XREWIND(file);
wolfSSL 15:117db924cf7c 6502
wolfSSL 16:8e0d178b1d1e 6503 if (sz > MAX_WOLFSSL_FILE_SIZE || sz <= 0) {
wolfSSL 16:8e0d178b1d1e 6504 WOLFSSL_MSG("ProcessFile file size error");
wolfSSL 16:8e0d178b1d1e 6505 XFCLOSE(file);
wolfSSL 16:8e0d178b1d1e 6506 return WOLFSSL_BAD_FILE;
wolfSSL 16:8e0d178b1d1e 6507 }
wolfSSL 16:8e0d178b1d1e 6508
wolfSSL 15:117db924cf7c 6509 if (sz > (long)sizeof(staticBuffer)) {
wolfSSL 15:117db924cf7c 6510 WOLFSSL_MSG("Getting dynamic buffer");
wolfSSL 15:117db924cf7c 6511 myBuffer = (byte*)XMALLOC(sz, heapHint, DYNAMIC_TYPE_FILE);
wolfSSL 15:117db924cf7c 6512 if (myBuffer == NULL) {
wolfSSL 15:117db924cf7c 6513 XFCLOSE(file);
wolfSSL 15:117db924cf7c 6514 return WOLFSSL_BAD_FILE;
wolfSSL 15:117db924cf7c 6515 }
wolfSSL 15:117db924cf7c 6516 dynamic = 1;
wolfSSL 15:117db924cf7c 6517 }
wolfSSL 15:117db924cf7c 6518
wolfSSL 15:117db924cf7c 6519 if ( (ret = (int)XFREAD(myBuffer, 1, sz, file)) != sz)
wolfSSL 15:117db924cf7c 6520 ret = WOLFSSL_BAD_FILE;
wolfSSL 15:117db924cf7c 6521 else {
wolfSSL 16:8e0d178b1d1e 6522 /* Try to detect type by parsing cert header and footer */
wolfSSL 16:8e0d178b1d1e 6523 if (type == DETECT_CERT_TYPE) {
wolfSSL 16:8e0d178b1d1e 6524 if (wc_PemGetHeaderFooter(CA_TYPE, &header, &footer) == 0 &&
wolfSSL 16:8e0d178b1d1e 6525 (XSTRNSTR((char*)myBuffer, header, (int)sz) != NULL)) {
wolfSSL 16:8e0d178b1d1e 6526 type = CA_TYPE;
wolfSSL 16:8e0d178b1d1e 6527 }
wolfSSL 16:8e0d178b1d1e 6528 #ifdef HAVE_CRL
wolfSSL 16:8e0d178b1d1e 6529 else if (wc_PemGetHeaderFooter(CRL_TYPE, &header, &footer) == 0 &&
wolfSSL 16:8e0d178b1d1e 6530 (XSTRNSTR((char*)myBuffer, header, (int)sz) != NULL)) {
wolfSSL 16:8e0d178b1d1e 6531 type = CRL_TYPE;
wolfSSL 16:8e0d178b1d1e 6532 }
wolfSSL 16:8e0d178b1d1e 6533 #endif
wolfSSL 16:8e0d178b1d1e 6534 else if (wc_PemGetHeaderFooter(CERT_TYPE, &header, &footer) == 0 &&
wolfSSL 16:8e0d178b1d1e 6535 (XSTRNSTR((char*)myBuffer, header, (int)sz) != NULL)) {
wolfSSL 16:8e0d178b1d1e 6536 type = CERT_TYPE;
wolfSSL 16:8e0d178b1d1e 6537 }
wolfSSL 16:8e0d178b1d1e 6538 else {
wolfSSL 16:8e0d178b1d1e 6539 WOLFSSL_MSG("Failed to detect certificate type");
wolfSSL 16:8e0d178b1d1e 6540 if (dynamic)
wolfSSL 16:8e0d178b1d1e 6541 XFREE(myBuffer, heapHint, DYNAMIC_TYPE_FILE);
wolfSSL 16:8e0d178b1d1e 6542 XFCLOSE(file);
wolfSSL 16:8e0d178b1d1e 6543 return WOLFSSL_BAD_CERTTYPE;
wolfSSL 16:8e0d178b1d1e 6544 }
wolfSSL 16:8e0d178b1d1e 6545 }
wolfSSL 15:117db924cf7c 6546 if ((type == CA_TYPE || type == TRUSTED_PEER_TYPE)
wolfSSL 16:8e0d178b1d1e 6547 && format == WOLFSSL_FILETYPE_PEM) {
wolfSSL 16:8e0d178b1d1e 6548 ret = ProcessChainBuffer(ctx, myBuffer, sz, format, type, ssl,
wolfSSL 16:8e0d178b1d1e 6549 verify);
wolfSSL 16:8e0d178b1d1e 6550 }
wolfSSL 15:117db924cf7c 6551 #ifdef HAVE_CRL
wolfSSL 15:117db924cf7c 6552 else if (type == CRL_TYPE)
wolfSSL 16:8e0d178b1d1e 6553 ret = BufferLoadCRL(crl, myBuffer, sz, format, verify);
wolfSSL 15:117db924cf7c 6554 #endif
wolfSSL 15:117db924cf7c 6555 else
wolfSSL 15:117db924cf7c 6556 ret = ProcessBuffer(ctx, myBuffer, sz, format, type, ssl, NULL,
wolfSSL 16:8e0d178b1d1e 6557 userChain, verify);
wolfSSL 15:117db924cf7c 6558 }
wolfSSL 15:117db924cf7c 6559
wolfSSL 15:117db924cf7c 6560 XFCLOSE(file);
wolfSSL 15:117db924cf7c 6561 if (dynamic)
wolfSSL 15:117db924cf7c 6562 XFREE(myBuffer, heapHint, DYNAMIC_TYPE_FILE);
wolfSSL 15:117db924cf7c 6563
wolfSSL 15:117db924cf7c 6564 return ret;
wolfSSL 15:117db924cf7c 6565 }
wolfSSL 15:117db924cf7c 6566
wolfSSL 15:117db924cf7c 6567 /* loads file then loads each file in path, no c_rehash */
wolfSSL 16:8e0d178b1d1e 6568 int wolfSSL_CTX_load_verify_locations_ex(WOLFSSL_CTX* ctx, const char* file,
wolfSSL 16:8e0d178b1d1e 6569 const char* path, word32 flags)
wolfSSL 15:117db924cf7c 6570 {
wolfSSL 15:117db924cf7c 6571 int ret = WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 6572 #ifndef NO_WOLFSSL_DIR
wolfSSL 15:117db924cf7c 6573 int fileRet;
wolfSSL 16:8e0d178b1d1e 6574 int successCount = 0;
wolfSSL 16:8e0d178b1d1e 6575 int failCount = 0;
wolfSSL 16:8e0d178b1d1e 6576 #endif
wolfSSL 16:8e0d178b1d1e 6577 int verify;
wolfSSL 16:8e0d178b1d1e 6578
wolfSSL 16:8e0d178b1d1e 6579 WOLFSSL_MSG("wolfSSL_CTX_load_verify_locations_ex");
wolfSSL 16:8e0d178b1d1e 6580
wolfSSL 16:8e0d178b1d1e 6581 if (ctx == NULL || (file == NULL && path == NULL)) {
wolfSSL 16:8e0d178b1d1e 6582 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 6583 }
wolfSSL 16:8e0d178b1d1e 6584
wolfSSL 16:8e0d178b1d1e 6585 verify = GET_VERIFY_SETTING_CTX(ctx);
wolfSSL 16:8e0d178b1d1e 6586 if (flags & WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY)
wolfSSL 16:8e0d178b1d1e 6587 verify = VERIFY_SKIP_DATE;
wolfSSL 16:8e0d178b1d1e 6588
wolfSSL 16:8e0d178b1d1e 6589 if (file) {
wolfSSL 16:8e0d178b1d1e 6590 ret = ProcessFile(ctx, file, WOLFSSL_FILETYPE_PEM, CA_TYPE, NULL, 0,
wolfSSL 16:8e0d178b1d1e 6591 NULL, verify);
wolfSSL 16:8e0d178b1d1e 6592 #ifndef NO_WOLFSSL_DIR
wolfSSL 16:8e0d178b1d1e 6593 if (ret == WOLFSSL_SUCCESS)
wolfSSL 16:8e0d178b1d1e 6594 successCount++;
wolfSSL 16:8e0d178b1d1e 6595 #endif
wolfSSL 16:8e0d178b1d1e 6596 }
wolfSSL 15:117db924cf7c 6597
wolfSSL 15:117db924cf7c 6598 if (ret == WOLFSSL_SUCCESS && path) {
wolfSSL 15:117db924cf7c 6599 #ifndef NO_WOLFSSL_DIR
wolfSSL 15:117db924cf7c 6600 char* name = NULL;
wolfSSL 15:117db924cf7c 6601 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 16:8e0d178b1d1e 6602 ReadDirCtx* readCtx;
wolfSSL 15:117db924cf7c 6603 readCtx = (ReadDirCtx*)XMALLOC(sizeof(ReadDirCtx), ctx->heap,
wolfSSL 15:117db924cf7c 6604 DYNAMIC_TYPE_DIRCTX);
wolfSSL 15:117db924cf7c 6605 if (readCtx == NULL)
wolfSSL 15:117db924cf7c 6606 return MEMORY_E;
wolfSSL 15:117db924cf7c 6607 #else
wolfSSL 15:117db924cf7c 6608 ReadDirCtx readCtx[1];
wolfSSL 15:117db924cf7c 6609 #endif
wolfSSL 15:117db924cf7c 6610
wolfSSL 15:117db924cf7c 6611 /* try to load each regular file in path */
wolfSSL 15:117db924cf7c 6612 fileRet = wc_ReadDirFirst(readCtx, path, &name);
wolfSSL 15:117db924cf7c 6613 while (fileRet == 0 && name) {
wolfSSL 16:8e0d178b1d1e 6614 WOLFSSL_MSG(name); /* log file name */
wolfSSL 15:117db924cf7c 6615 ret = ProcessFile(ctx, name, WOLFSSL_FILETYPE_PEM, CA_TYPE,
wolfSSL 16:8e0d178b1d1e 6616 NULL, 0, NULL, verify);
wolfSSL 16:8e0d178b1d1e 6617 if (ret != WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 6618 /* handle flags for ignoring errors, skipping expired certs or
wolfSSL 16:8e0d178b1d1e 6619 by PEM certificate header error */
wolfSSL 16:8e0d178b1d1e 6620 if ( (flags & WOLFSSL_LOAD_FLAG_IGNORE_ERR) ||
wolfSSL 16:8e0d178b1d1e 6621 ((flags & WOLFSSL_LOAD_FLAG_PEM_CA_ONLY) &&
wolfSSL 16:8e0d178b1d1e 6622 (ret == ASN_NO_PEM_HEADER))) {
wolfSSL 16:8e0d178b1d1e 6623 /* Do not fail here if a certificate fails to load,
wolfSSL 16:8e0d178b1d1e 6624 continue to next file */
wolfSSL 16:8e0d178b1d1e 6625 ret = WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 6626 }
wolfSSL 16:8e0d178b1d1e 6627 else {
wolfSSL 16:8e0d178b1d1e 6628 WOLFSSL_ERROR(ret);
wolfSSL 16:8e0d178b1d1e 6629 WOLFSSL_MSG("Load CA file failed, continuing");
wolfSSL 16:8e0d178b1d1e 6630 failCount++;
wolfSSL 16:8e0d178b1d1e 6631 }
wolfSSL 16:8e0d178b1d1e 6632 }
wolfSSL 16:8e0d178b1d1e 6633 else {
wolfSSL 16:8e0d178b1d1e 6634 successCount++;
wolfSSL 16:8e0d178b1d1e 6635 }
wolfSSL 15:117db924cf7c 6636 fileRet = wc_ReadDirNext(readCtx, path, &name);
wolfSSL 15:117db924cf7c 6637 }
wolfSSL 15:117db924cf7c 6638 wc_ReadDirClose(readCtx);
wolfSSL 15:117db924cf7c 6639
wolfSSL 15:117db924cf7c 6640 /* pass directory read failure to response code */
wolfSSL 16:8e0d178b1d1e 6641 if (fileRet != WC_READDIR_NOFILE) {
wolfSSL 15:117db924cf7c 6642 ret = fileRet;
wolfSSL 15:117db924cf7c 6643 }
wolfSSL 16:8e0d178b1d1e 6644 /* report failure if no files were loaded or there were failures */
wolfSSL 16:8e0d178b1d1e 6645 else if (successCount == 0 || failCount > 0) {
wolfSSL 16:8e0d178b1d1e 6646 /* use existing error code if exists */
wolfSSL 16:8e0d178b1d1e 6647 if (ret == WOLFSSL_SUCCESS)
wolfSSL 16:8e0d178b1d1e 6648 ret = WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 6649 }
wolfSSL 16:8e0d178b1d1e 6650 else {
wolfSSL 16:8e0d178b1d1e 6651 ret = WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 6652 }
wolfSSL 15:117db924cf7c 6653
wolfSSL 15:117db924cf7c 6654 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 6655 XFREE(readCtx, ctx->heap, DYNAMIC_TYPE_DIRCTX);
wolfSSL 15:117db924cf7c 6656 #endif
wolfSSL 15:117db924cf7c 6657 #else
wolfSSL 15:117db924cf7c 6658 ret = NOT_COMPILED_IN;
wolfSSL 16:8e0d178b1d1e 6659 (void)flags;
wolfSSL 16:8e0d178b1d1e 6660 #endif
wolfSSL 16:8e0d178b1d1e 6661 }
wolfSSL 16:8e0d178b1d1e 6662
wolfSSL 16:8e0d178b1d1e 6663 return ret;
wolfSSL 16:8e0d178b1d1e 6664 }
wolfSSL 16:8e0d178b1d1e 6665
wolfSSL 16:8e0d178b1d1e 6666 WOLFSSL_ABI
wolfSSL 16:8e0d178b1d1e 6667 int wolfSSL_CTX_load_verify_locations(WOLFSSL_CTX* ctx, const char* file,
wolfSSL 16:8e0d178b1d1e 6668 const char* path)
wolfSSL 16:8e0d178b1d1e 6669 {
wolfSSL 16:8e0d178b1d1e 6670 return wolfSSL_CTX_load_verify_locations_ex(ctx, file, path,
wolfSSL 16:8e0d178b1d1e 6671 WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS);
wolfSSL 15:117db924cf7c 6672 }
wolfSSL 15:117db924cf7c 6673
wolfSSL 15:117db924cf7c 6674
wolfSSL 15:117db924cf7c 6675 #ifdef WOLFSSL_TRUST_PEER_CERT
wolfSSL 15:117db924cf7c 6676 /* Used to specify a peer cert to match when connecting
wolfSSL 15:117db924cf7c 6677 ctx : the ctx structure to load in peer cert
wolfSSL 15:117db924cf7c 6678 file: the string name of cert file
wolfSSL 15:117db924cf7c 6679 type: type of format such as PEM/DER
wolfSSL 15:117db924cf7c 6680 */
wolfSSL 15:117db924cf7c 6681 int wolfSSL_CTX_trust_peer_cert(WOLFSSL_CTX* ctx, const char* file, int type)
wolfSSL 15:117db924cf7c 6682 {
wolfSSL 15:117db924cf7c 6683 WOLFSSL_ENTER("wolfSSL_CTX_trust_peer_cert");
wolfSSL 15:117db924cf7c 6684
wolfSSL 15:117db924cf7c 6685 if (ctx == NULL || file == NULL) {
wolfSSL 15:117db924cf7c 6686 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 6687 }
wolfSSL 15:117db924cf7c 6688
wolfSSL 16:8e0d178b1d1e 6689 return ProcessFile(ctx, file, type, TRUSTED_PEER_TYPE, NULL, 0, NULL,
wolfSSL 16:8e0d178b1d1e 6690 GET_VERIFY_SETTING_CTX(ctx));
wolfSSL 15:117db924cf7c 6691 }
wolfSSL 15:117db924cf7c 6692 #endif /* WOLFSSL_TRUST_PEER_CERT */
wolfSSL 15:117db924cf7c 6693
wolfSSL 15:117db924cf7c 6694
wolfSSL 15:117db924cf7c 6695 /* Verify the certificate, WOLFSSL_SUCCESS for ok, < 0 for error */
wolfSSL 15:117db924cf7c 6696 int wolfSSL_CertManagerVerify(WOLFSSL_CERT_MANAGER* cm, const char* fname,
wolfSSL 15:117db924cf7c 6697 int format)
wolfSSL 15:117db924cf7c 6698 {
wolfSSL 15:117db924cf7c 6699 int ret = WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 6700 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 6701 byte staticBuffer[1]; /* force heap usage */
wolfSSL 15:117db924cf7c 6702 #else
wolfSSL 15:117db924cf7c 6703 byte staticBuffer[FILE_BUFFER_SIZE];
wolfSSL 15:117db924cf7c 6704 #endif
wolfSSL 15:117db924cf7c 6705 byte* myBuffer = staticBuffer;
wolfSSL 15:117db924cf7c 6706 int dynamic = 0;
wolfSSL 15:117db924cf7c 6707 long sz = 0;
wolfSSL 15:117db924cf7c 6708 XFILE file = XFOPEN(fname, "rb");
wolfSSL 15:117db924cf7c 6709
wolfSSL 15:117db924cf7c 6710 WOLFSSL_ENTER("wolfSSL_CertManagerVerify");
wolfSSL 15:117db924cf7c 6711
wolfSSL 15:117db924cf7c 6712 if (file == XBADFILE) return WOLFSSL_BAD_FILE;
wolfSSL 16:8e0d178b1d1e 6713 if(XFSEEK(file, 0, XSEEK_END) != 0) {
wolfSSL 16:8e0d178b1d1e 6714 XFCLOSE(file);
wolfSSL 16:8e0d178b1d1e 6715 return WOLFSSL_BAD_FILE;
wolfSSL 16:8e0d178b1d1e 6716 }
wolfSSL 15:117db924cf7c 6717 sz = XFTELL(file);
wolfSSL 15:117db924cf7c 6718 XREWIND(file);
wolfSSL 15:117db924cf7c 6719
wolfSSL 15:117db924cf7c 6720 if (sz > MAX_WOLFSSL_FILE_SIZE || sz <= 0) {
wolfSSL 16:8e0d178b1d1e 6721 WOLFSSL_MSG("CertManagerVerify file size error");
wolfSSL 15:117db924cf7c 6722 XFCLOSE(file);
wolfSSL 15:117db924cf7c 6723 return WOLFSSL_BAD_FILE;
wolfSSL 15:117db924cf7c 6724 }
wolfSSL 15:117db924cf7c 6725
wolfSSL 15:117db924cf7c 6726 if (sz > (long)sizeof(staticBuffer)) {
wolfSSL 15:117db924cf7c 6727 WOLFSSL_MSG("Getting dynamic buffer");
wolfSSL 15:117db924cf7c 6728 myBuffer = (byte*) XMALLOC(sz, cm->heap, DYNAMIC_TYPE_FILE);
wolfSSL 15:117db924cf7c 6729 if (myBuffer == NULL) {
wolfSSL 15:117db924cf7c 6730 XFCLOSE(file);
wolfSSL 15:117db924cf7c 6731 return WOLFSSL_BAD_FILE;
wolfSSL 15:117db924cf7c 6732 }
wolfSSL 15:117db924cf7c 6733 dynamic = 1;
wolfSSL 15:117db924cf7c 6734 }
wolfSSL 15:117db924cf7c 6735
wolfSSL 15:117db924cf7c 6736 if ( (ret = (int)XFREAD(myBuffer, 1, sz, file)) != sz)
wolfSSL 15:117db924cf7c 6737 ret = WOLFSSL_BAD_FILE;
wolfSSL 15:117db924cf7c 6738 else
wolfSSL 15:117db924cf7c 6739 ret = wolfSSL_CertManagerVerifyBuffer(cm, myBuffer, sz, format);
wolfSSL 15:117db924cf7c 6740
wolfSSL 15:117db924cf7c 6741 XFCLOSE(file);
wolfSSL 15:117db924cf7c 6742 if (dynamic)
wolfSSL 15:117db924cf7c 6743 XFREE(myBuffer, cm->heap, DYNAMIC_TYPE_FILE);
wolfSSL 15:117db924cf7c 6744
wolfSSL 15:117db924cf7c 6745 return ret;
wolfSSL 15:117db924cf7c 6746 }
wolfSSL 15:117db924cf7c 6747
wolfSSL 15:117db924cf7c 6748
wolfSSL 15:117db924cf7c 6749 /* like load verify locations, 1 for success, < 0 for error */
wolfSSL 15:117db924cf7c 6750 int wolfSSL_CertManagerLoadCA(WOLFSSL_CERT_MANAGER* cm, const char* file,
wolfSSL 15:117db924cf7c 6751 const char* path)
wolfSSL 15:117db924cf7c 6752 {
wolfSSL 15:117db924cf7c 6753 int ret = WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 6754 WOLFSSL_CTX* tmp;
wolfSSL 15:117db924cf7c 6755
wolfSSL 15:117db924cf7c 6756 WOLFSSL_ENTER("wolfSSL_CertManagerLoadCA");
wolfSSL 15:117db924cf7c 6757
wolfSSL 15:117db924cf7c 6758 if (cm == NULL) {
wolfSSL 15:117db924cf7c 6759 WOLFSSL_MSG("No CertManager error");
wolfSSL 15:117db924cf7c 6760 return ret;
wolfSSL 15:117db924cf7c 6761 }
wolfSSL 15:117db924cf7c 6762 tmp = wolfSSL_CTX_new(cm_pick_method());
wolfSSL 15:117db924cf7c 6763
wolfSSL 15:117db924cf7c 6764 if (tmp == NULL) {
wolfSSL 15:117db924cf7c 6765 WOLFSSL_MSG("CTX new failed");
wolfSSL 15:117db924cf7c 6766 return ret;
wolfSSL 15:117db924cf7c 6767 }
wolfSSL 15:117db924cf7c 6768
wolfSSL 15:117db924cf7c 6769 /* for tmp use */
wolfSSL 15:117db924cf7c 6770 wolfSSL_CertManagerFree(tmp->cm);
wolfSSL 15:117db924cf7c 6771 tmp->cm = cm;
wolfSSL 15:117db924cf7c 6772
wolfSSL 15:117db924cf7c 6773 ret = wolfSSL_CTX_load_verify_locations(tmp, file, path);
wolfSSL 15:117db924cf7c 6774
wolfSSL 16:8e0d178b1d1e 6775 /* don't lose our good one */
wolfSSL 15:117db924cf7c 6776 tmp->cm = NULL;
wolfSSL 15:117db924cf7c 6777 wolfSSL_CTX_free(tmp);
wolfSSL 15:117db924cf7c 6778
wolfSSL 15:117db924cf7c 6779 return ret;
wolfSSL 15:117db924cf7c 6780 }
wolfSSL 15:117db924cf7c 6781
wolfSSL 16:8e0d178b1d1e 6782 #ifndef NO_CHECK_PRIVATE_KEY
wolfSSL 15:117db924cf7c 6783 /* Check private against public in certificate for match
wolfSSL 15:117db924cf7c 6784 *
wolfSSL 15:117db924cf7c 6785 * ctx WOLFSSL_CTX structure to check private key in
wolfSSL 15:117db924cf7c 6786 *
wolfSSL 15:117db924cf7c 6787 * Returns SSL_SUCCESS on good private key and SSL_FAILURE if miss matched. */
wolfSSL 15:117db924cf7c 6788 int wolfSSL_CTX_check_private_key(const WOLFSSL_CTX* ctx)
wolfSSL 15:117db924cf7c 6789 {
wolfSSL 15:117db924cf7c 6790 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 6791 DecodedCert* der = NULL;
wolfSSL 15:117db924cf7c 6792 #else
wolfSSL 15:117db924cf7c 6793 DecodedCert der[1];
wolfSSL 15:117db924cf7c 6794 #endif
wolfSSL 15:117db924cf7c 6795 word32 size;
wolfSSL 15:117db924cf7c 6796 byte* buff;
wolfSSL 15:117db924cf7c 6797 int ret;
wolfSSL 15:117db924cf7c 6798
wolfSSL 15:117db924cf7c 6799 WOLFSSL_ENTER("wolfSSL_CTX_check_private_key");
wolfSSL 15:117db924cf7c 6800
wolfSSL 15:117db924cf7c 6801 if (ctx == NULL) {
wolfSSL 15:117db924cf7c 6802 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 6803 }
wolfSSL 15:117db924cf7c 6804
wolfSSL 15:117db924cf7c 6805 #ifndef NO_CERTS
wolfSSL 15:117db924cf7c 6806 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 6807 der = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, DYNAMIC_TYPE_DCERT);
wolfSSL 15:117db924cf7c 6808 if (der == NULL)
wolfSSL 15:117db924cf7c 6809 return MEMORY_E;
wolfSSL 15:117db924cf7c 6810 #endif
wolfSSL 15:117db924cf7c 6811
wolfSSL 15:117db924cf7c 6812 size = ctx->certificate->length;
wolfSSL 15:117db924cf7c 6813 buff = ctx->certificate->buffer;
wolfSSL 15:117db924cf7c 6814 InitDecodedCert(der, buff, size, ctx->heap);
wolfSSL 15:117db924cf7c 6815 if (ParseCertRelative(der, CERT_TYPE, NO_VERIFY, NULL) != 0) {
wolfSSL 15:117db924cf7c 6816 FreeDecodedCert(der);
wolfSSL 15:117db924cf7c 6817 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 6818 XFREE(der, NULL, DYNAMIC_TYPE_DCERT);
wolfSSL 15:117db924cf7c 6819 #endif
wolfSSL 15:117db924cf7c 6820 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 6821 }
wolfSSL 15:117db924cf7c 6822
wolfSSL 15:117db924cf7c 6823 size = ctx->privateKey->length;
wolfSSL 15:117db924cf7c 6824 buff = ctx->privateKey->buffer;
wolfSSL 15:117db924cf7c 6825 ret = wc_CheckPrivateKey(buff, size, der);
wolfSSL 15:117db924cf7c 6826 FreeDecodedCert(der);
wolfSSL 15:117db924cf7c 6827 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 6828 XFREE(der, NULL, DYNAMIC_TYPE_DCERT);
wolfSSL 15:117db924cf7c 6829 #endif
wolfSSL 15:117db924cf7c 6830
wolfSSL 15:117db924cf7c 6831 if (ret == 1) {
wolfSSL 15:117db924cf7c 6832 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 6833 }
wolfSSL 15:117db924cf7c 6834 else {
wolfSSL 15:117db924cf7c 6835 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 6836 }
wolfSSL 15:117db924cf7c 6837 #else
wolfSSL 15:117db924cf7c 6838 WOLFSSL_MSG("NO_CERTS is defined, can not check private key");
wolfSSL 15:117db924cf7c 6839 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 6840 #endif
wolfSSL 15:117db924cf7c 6841 }
wolfSSL 16:8e0d178b1d1e 6842 #endif /* !NO_CHECK_PRIVATE_KEY */
wolfSSL 16:8e0d178b1d1e 6843
wolfSSL 15:117db924cf7c 6844
wolfSSL 15:117db924cf7c 6845 #ifdef HAVE_CRL
wolfSSL 15:117db924cf7c 6846
wolfSSL 15:117db924cf7c 6847 /* check CRL if enabled, WOLFSSL_SUCCESS */
wolfSSL 15:117db924cf7c 6848 int wolfSSL_CertManagerCheckCRL(WOLFSSL_CERT_MANAGER* cm, byte* der, int sz)
wolfSSL 15:117db924cf7c 6849 {
wolfSSL 15:117db924cf7c 6850 int ret = 0;
wolfSSL 15:117db924cf7c 6851 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 6852 DecodedCert* cert = NULL;
wolfSSL 15:117db924cf7c 6853 #else
wolfSSL 15:117db924cf7c 6854 DecodedCert cert[1];
wolfSSL 15:117db924cf7c 6855 #endif
wolfSSL 15:117db924cf7c 6856
wolfSSL 15:117db924cf7c 6857 WOLFSSL_ENTER("wolfSSL_CertManagerCheckCRL");
wolfSSL 15:117db924cf7c 6858
wolfSSL 15:117db924cf7c 6859 if (cm == NULL)
wolfSSL 15:117db924cf7c 6860 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 6861
wolfSSL 15:117db924cf7c 6862 if (cm->crlEnabled == 0)
wolfSSL 15:117db924cf7c 6863 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 6864
wolfSSL 15:117db924cf7c 6865 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 6866 cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, DYNAMIC_TYPE_DCERT);
wolfSSL 15:117db924cf7c 6867 if (cert == NULL)
wolfSSL 15:117db924cf7c 6868 return MEMORY_E;
wolfSSL 15:117db924cf7c 6869 #endif
wolfSSL 15:117db924cf7c 6870
wolfSSL 15:117db924cf7c 6871 InitDecodedCert(cert, der, sz, NULL);
wolfSSL 15:117db924cf7c 6872
wolfSSL 15:117db924cf7c 6873 if ((ret = ParseCertRelative(cert, CERT_TYPE, VERIFY_CRL, cm)) != 0) {
wolfSSL 15:117db924cf7c 6874 WOLFSSL_MSG("ParseCert failed");
wolfSSL 15:117db924cf7c 6875 }
wolfSSL 15:117db924cf7c 6876 else if ((ret = CheckCertCRL(cm->crl, cert)) != 0) {
wolfSSL 15:117db924cf7c 6877 WOLFSSL_MSG("CheckCertCRL failed");
wolfSSL 15:117db924cf7c 6878 }
wolfSSL 15:117db924cf7c 6879
wolfSSL 15:117db924cf7c 6880 FreeDecodedCert(cert);
wolfSSL 15:117db924cf7c 6881 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 6882 XFREE(cert, NULL, DYNAMIC_TYPE_DCERT);
wolfSSL 15:117db924cf7c 6883 #endif
wolfSSL 15:117db924cf7c 6884
wolfSSL 15:117db924cf7c 6885 return ret == 0 ? WOLFSSL_SUCCESS : ret;
wolfSSL 15:117db924cf7c 6886 }
wolfSSL 15:117db924cf7c 6887
wolfSSL 15:117db924cf7c 6888
wolfSSL 15:117db924cf7c 6889 int wolfSSL_CertManagerSetCRL_Cb(WOLFSSL_CERT_MANAGER* cm, CbMissingCRL cb)
wolfSSL 15:117db924cf7c 6890 {
wolfSSL 15:117db924cf7c 6891 WOLFSSL_ENTER("wolfSSL_CertManagerSetCRL_Cb");
wolfSSL 15:117db924cf7c 6892 if (cm == NULL)
wolfSSL 15:117db924cf7c 6893 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 6894
wolfSSL 15:117db924cf7c 6895 cm->cbMissingCRL = cb;
wolfSSL 15:117db924cf7c 6896
wolfSSL 15:117db924cf7c 6897 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 6898 }
wolfSSL 15:117db924cf7c 6899
wolfSSL 15:117db924cf7c 6900 #ifdef HAVE_CRL_IO
wolfSSL 15:117db924cf7c 6901 int wolfSSL_CertManagerSetCRL_IOCb(WOLFSSL_CERT_MANAGER* cm, CbCrlIO cb)
wolfSSL 15:117db924cf7c 6902 {
wolfSSL 15:117db924cf7c 6903 if (cm == NULL)
wolfSSL 15:117db924cf7c 6904 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 6905
wolfSSL 15:117db924cf7c 6906 cm->crl->crlIOCb = cb;
wolfSSL 15:117db924cf7c 6907
wolfSSL 15:117db924cf7c 6908 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 6909 }
wolfSSL 15:117db924cf7c 6910 #endif
wolfSSL 15:117db924cf7c 6911
wolfSSL 15:117db924cf7c 6912 int wolfSSL_CertManagerLoadCRL(WOLFSSL_CERT_MANAGER* cm, const char* path,
wolfSSL 15:117db924cf7c 6913 int type, int monitor)
wolfSSL 15:117db924cf7c 6914 {
wolfSSL 15:117db924cf7c 6915 WOLFSSL_ENTER("wolfSSL_CertManagerLoadCRL");
wolfSSL 15:117db924cf7c 6916 if (cm == NULL)
wolfSSL 15:117db924cf7c 6917 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 6918
wolfSSL 15:117db924cf7c 6919 if (cm->crl == NULL) {
wolfSSL 15:117db924cf7c 6920 if (wolfSSL_CertManagerEnableCRL(cm, 0) != WOLFSSL_SUCCESS) {
wolfSSL 15:117db924cf7c 6921 WOLFSSL_MSG("Enable CRL failed");
wolfSSL 15:117db924cf7c 6922 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 6923 }
wolfSSL 15:117db924cf7c 6924 }
wolfSSL 15:117db924cf7c 6925
wolfSSL 15:117db924cf7c 6926 return LoadCRL(cm->crl, path, type, monitor);
wolfSSL 15:117db924cf7c 6927 }
wolfSSL 15:117db924cf7c 6928
wolfSSL 15:117db924cf7c 6929 int wolfSSL_EnableCRL(WOLFSSL* ssl, int options)
wolfSSL 15:117db924cf7c 6930 {
wolfSSL 15:117db924cf7c 6931 WOLFSSL_ENTER("wolfSSL_EnableCRL");
wolfSSL 15:117db924cf7c 6932 if (ssl)
wolfSSL 15:117db924cf7c 6933 return wolfSSL_CertManagerEnableCRL(ssl->ctx->cm, options);
wolfSSL 15:117db924cf7c 6934 else
wolfSSL 15:117db924cf7c 6935 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 6936 }
wolfSSL 15:117db924cf7c 6937
wolfSSL 15:117db924cf7c 6938
wolfSSL 15:117db924cf7c 6939 int wolfSSL_DisableCRL(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 6940 {
wolfSSL 15:117db924cf7c 6941 WOLFSSL_ENTER("wolfSSL_DisableCRL");
wolfSSL 15:117db924cf7c 6942 if (ssl)
wolfSSL 15:117db924cf7c 6943 return wolfSSL_CertManagerDisableCRL(ssl->ctx->cm);
wolfSSL 15:117db924cf7c 6944 else
wolfSSL 15:117db924cf7c 6945 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 6946 }
wolfSSL 15:117db924cf7c 6947
wolfSSL 15:117db924cf7c 6948 int wolfSSL_LoadCRL(WOLFSSL* ssl, const char* path, int type, int monitor)
wolfSSL 15:117db924cf7c 6949 {
wolfSSL 15:117db924cf7c 6950 WOLFSSL_ENTER("wolfSSL_LoadCRL");
wolfSSL 15:117db924cf7c 6951 if (ssl)
wolfSSL 15:117db924cf7c 6952 return wolfSSL_CertManagerLoadCRL(ssl->ctx->cm, path, type, monitor);
wolfSSL 15:117db924cf7c 6953 else
wolfSSL 15:117db924cf7c 6954 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 6955 }
wolfSSL 15:117db924cf7c 6956
wolfSSL 15:117db924cf7c 6957
wolfSSL 15:117db924cf7c 6958 int wolfSSL_SetCRL_Cb(WOLFSSL* ssl, CbMissingCRL cb)
wolfSSL 15:117db924cf7c 6959 {
wolfSSL 15:117db924cf7c 6960 WOLFSSL_ENTER("wolfSSL_SetCRL_Cb");
wolfSSL 15:117db924cf7c 6961 if (ssl)
wolfSSL 15:117db924cf7c 6962 return wolfSSL_CertManagerSetCRL_Cb(ssl->ctx->cm, cb);
wolfSSL 15:117db924cf7c 6963 else
wolfSSL 15:117db924cf7c 6964 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 6965 }
wolfSSL 15:117db924cf7c 6966
wolfSSL 15:117db924cf7c 6967 #ifdef HAVE_CRL_IO
wolfSSL 15:117db924cf7c 6968 int wolfSSL_SetCRL_IOCb(WOLFSSL* ssl, CbCrlIO cb)
wolfSSL 15:117db924cf7c 6969 {
wolfSSL 15:117db924cf7c 6970 WOLFSSL_ENTER("wolfSSL_SetCRL_Cb");
wolfSSL 15:117db924cf7c 6971 if (ssl)
wolfSSL 15:117db924cf7c 6972 return wolfSSL_CertManagerSetCRL_IOCb(ssl->ctx->cm, cb);
wolfSSL 15:117db924cf7c 6973 else
wolfSSL 15:117db924cf7c 6974 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 6975 }
wolfSSL 15:117db924cf7c 6976 #endif
wolfSSL 15:117db924cf7c 6977
wolfSSL 15:117db924cf7c 6978 int wolfSSL_CTX_EnableCRL(WOLFSSL_CTX* ctx, int options)
wolfSSL 15:117db924cf7c 6979 {
wolfSSL 15:117db924cf7c 6980 WOLFSSL_ENTER("wolfSSL_CTX_EnableCRL");
wolfSSL 15:117db924cf7c 6981 if (ctx)
wolfSSL 15:117db924cf7c 6982 return wolfSSL_CertManagerEnableCRL(ctx->cm, options);
wolfSSL 15:117db924cf7c 6983 else
wolfSSL 15:117db924cf7c 6984 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 6985 }
wolfSSL 15:117db924cf7c 6986
wolfSSL 15:117db924cf7c 6987
wolfSSL 15:117db924cf7c 6988 int wolfSSL_CTX_DisableCRL(WOLFSSL_CTX* ctx)
wolfSSL 15:117db924cf7c 6989 {
wolfSSL 15:117db924cf7c 6990 WOLFSSL_ENTER("wolfSSL_CTX_DisableCRL");
wolfSSL 15:117db924cf7c 6991 if (ctx)
wolfSSL 15:117db924cf7c 6992 return wolfSSL_CertManagerDisableCRL(ctx->cm);
wolfSSL 15:117db924cf7c 6993 else
wolfSSL 15:117db924cf7c 6994 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 6995 }
wolfSSL 15:117db924cf7c 6996
wolfSSL 15:117db924cf7c 6997
wolfSSL 15:117db924cf7c 6998 int wolfSSL_CTX_LoadCRL(WOLFSSL_CTX* ctx, const char* path,
wolfSSL 15:117db924cf7c 6999 int type, int monitor)
wolfSSL 15:117db924cf7c 7000 {
wolfSSL 15:117db924cf7c 7001 WOLFSSL_ENTER("wolfSSL_CTX_LoadCRL");
wolfSSL 15:117db924cf7c 7002 if (ctx)
wolfSSL 15:117db924cf7c 7003 return wolfSSL_CertManagerLoadCRL(ctx->cm, path, type, monitor);
wolfSSL 15:117db924cf7c 7004 else
wolfSSL 15:117db924cf7c 7005 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 7006 }
wolfSSL 15:117db924cf7c 7007
wolfSSL 15:117db924cf7c 7008
wolfSSL 15:117db924cf7c 7009 int wolfSSL_CTX_SetCRL_Cb(WOLFSSL_CTX* ctx, CbMissingCRL cb)
wolfSSL 15:117db924cf7c 7010 {
wolfSSL 15:117db924cf7c 7011 WOLFSSL_ENTER("wolfSSL_CTX_SetCRL_Cb");
wolfSSL 15:117db924cf7c 7012 if (ctx)
wolfSSL 15:117db924cf7c 7013 return wolfSSL_CertManagerSetCRL_Cb(ctx->cm, cb);
wolfSSL 15:117db924cf7c 7014 else
wolfSSL 15:117db924cf7c 7015 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 7016 }
wolfSSL 15:117db924cf7c 7017
wolfSSL 15:117db924cf7c 7018 #ifdef HAVE_CRL_IO
wolfSSL 15:117db924cf7c 7019 int wolfSSL_CTX_SetCRL_IOCb(WOLFSSL_CTX* ctx, CbCrlIO cb)
wolfSSL 15:117db924cf7c 7020 {
wolfSSL 15:117db924cf7c 7021 WOLFSSL_ENTER("wolfSSL_CTX_SetCRL_IOCb");
wolfSSL 15:117db924cf7c 7022 if (ctx)
wolfSSL 15:117db924cf7c 7023 return wolfSSL_CertManagerSetCRL_IOCb(ctx->cm, cb);
wolfSSL 15:117db924cf7c 7024 else
wolfSSL 15:117db924cf7c 7025 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 7026 }
wolfSSL 15:117db924cf7c 7027 #endif
wolfSSL 15:117db924cf7c 7028
wolfSSL 15:117db924cf7c 7029
wolfSSL 15:117db924cf7c 7030 #endif /* HAVE_CRL */
wolfSSL 15:117db924cf7c 7031
wolfSSL 15:117db924cf7c 7032
wolfSSL 15:117db924cf7c 7033 #ifdef WOLFSSL_DER_LOAD
wolfSSL 15:117db924cf7c 7034
wolfSSL 15:117db924cf7c 7035 /* Add format parameter to allow DER load of CA files */
wolfSSL 15:117db924cf7c 7036 int wolfSSL_CTX_der_load_verify_locations(WOLFSSL_CTX* ctx, const char* file,
wolfSSL 15:117db924cf7c 7037 int format)
wolfSSL 15:117db924cf7c 7038 {
wolfSSL 15:117db924cf7c 7039 WOLFSSL_ENTER("wolfSSL_CTX_der_load_verify_locations");
wolfSSL 15:117db924cf7c 7040 if (ctx == NULL || file == NULL)
wolfSSL 15:117db924cf7c 7041 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 7042
wolfSSL 16:8e0d178b1d1e 7043 if (ProcessFile(ctx, file, format, CA_TYPE, NULL, 0, NULL,
wolfSSL 16:8e0d178b1d1e 7044 GET_VERIFY_SETTING_CTX(ctx)) == WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 7045 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 7046 }
wolfSSL 15:117db924cf7c 7047
wolfSSL 15:117db924cf7c 7048 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 7049 }
wolfSSL 15:117db924cf7c 7050
wolfSSL 15:117db924cf7c 7051 #endif /* WOLFSSL_DER_LOAD */
wolfSSL 15:117db924cf7c 7052
wolfSSL 15:117db924cf7c 7053
wolfSSL 15:117db924cf7c 7054
wolfSSL 16:8e0d178b1d1e 7055 WOLFSSL_ABI
wolfSSL 15:117db924cf7c 7056 int wolfSSL_CTX_use_certificate_file(WOLFSSL_CTX* ctx, const char* file,
wolfSSL 15:117db924cf7c 7057 int format)
wolfSSL 15:117db924cf7c 7058 {
wolfSSL 15:117db924cf7c 7059 WOLFSSL_ENTER("wolfSSL_CTX_use_certificate_file");
wolfSSL 16:8e0d178b1d1e 7060
wolfSSL 16:8e0d178b1d1e 7061 if (ProcessFile(ctx, file, format, CERT_TYPE, NULL, 0, NULL,
wolfSSL 16:8e0d178b1d1e 7062 GET_VERIFY_SETTING_CTX(ctx)) == WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 7063 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 7064 }
wolfSSL 16:8e0d178b1d1e 7065
wolfSSL 16:8e0d178b1d1e 7066 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 7067 }
wolfSSL 16:8e0d178b1d1e 7068
wolfSSL 16:8e0d178b1d1e 7069
wolfSSL 16:8e0d178b1d1e 7070 WOLFSSL_ABI
wolfSSL 15:117db924cf7c 7071 int wolfSSL_CTX_use_PrivateKey_file(WOLFSSL_CTX* ctx, const char* file,
wolfSSL 15:117db924cf7c 7072 int format)
wolfSSL 15:117db924cf7c 7073 {
wolfSSL 15:117db924cf7c 7074 WOLFSSL_ENTER("wolfSSL_CTX_use_PrivateKey_file");
wolfSSL 16:8e0d178b1d1e 7075
wolfSSL 16:8e0d178b1d1e 7076 if (ProcessFile(ctx, file, format, PRIVATEKEY_TYPE, NULL, 0, NULL,
wolfSSL 16:8e0d178b1d1e 7077 GET_VERIFY_SETTING_CTX(ctx)) == WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 7078 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 7079 }
wolfSSL 15:117db924cf7c 7080
wolfSSL 15:117db924cf7c 7081 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 7082 }
wolfSSL 15:117db924cf7c 7083
wolfSSL 15:117db924cf7c 7084
wolfSSL 15:117db924cf7c 7085 /* Sets the max chain depth when verifying a certificate chain. Default depth
wolfSSL 15:117db924cf7c 7086 * is set to MAX_CHAIN_DEPTH.
wolfSSL 15:117db924cf7c 7087 *
wolfSSL 15:117db924cf7c 7088 * ctx WOLFSSL_CTX structure to set depth in
wolfSSL 15:117db924cf7c 7089 * depth max depth
wolfSSL 15:117db924cf7c 7090 */
wolfSSL 15:117db924cf7c 7091 void wolfSSL_CTX_set_verify_depth(WOLFSSL_CTX *ctx, int depth) {
wolfSSL 15:117db924cf7c 7092 WOLFSSL_ENTER("wolfSSL_CTX_set_verify_depth");
wolfSSL 15:117db924cf7c 7093
wolfSSL 15:117db924cf7c 7094 if (ctx == NULL || depth < 0 || depth > MAX_CHAIN_DEPTH) {
wolfSSL 15:117db924cf7c 7095 WOLFSSL_MSG("Bad depth argument, too large or less than 0");
wolfSSL 15:117db924cf7c 7096 return;
wolfSSL 15:117db924cf7c 7097 }
wolfSSL 15:117db924cf7c 7098
wolfSSL 15:117db924cf7c 7099 ctx->verifyDepth = (byte)depth;
wolfSSL 15:117db924cf7c 7100 }
wolfSSL 15:117db924cf7c 7101
wolfSSL 15:117db924cf7c 7102
wolfSSL 15:117db924cf7c 7103 /* get cert chaining depth using ssl struct */
wolfSSL 15:117db924cf7c 7104 long wolfSSL_get_verify_depth(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 7105 {
wolfSSL 15:117db924cf7c 7106 if(ssl == NULL) {
wolfSSL 15:117db924cf7c 7107 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 7108 }
wolfSSL 15:117db924cf7c 7109 #ifndef OPENSSL_EXTRA
wolfSSL 15:117db924cf7c 7110 return MAX_CHAIN_DEPTH;
wolfSSL 15:117db924cf7c 7111 #else
wolfSSL 15:117db924cf7c 7112 return ssl->options.verifyDepth;
wolfSSL 15:117db924cf7c 7113 #endif
wolfSSL 15:117db924cf7c 7114 }
wolfSSL 15:117db924cf7c 7115
wolfSSL 15:117db924cf7c 7116
wolfSSL 15:117db924cf7c 7117 /* get cert chaining depth using ctx struct */
wolfSSL 15:117db924cf7c 7118 long wolfSSL_CTX_get_verify_depth(WOLFSSL_CTX* ctx)
wolfSSL 15:117db924cf7c 7119 {
wolfSSL 16:8e0d178b1d1e 7120 if (ctx == NULL) {
wolfSSL 15:117db924cf7c 7121 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 7122 }
wolfSSL 15:117db924cf7c 7123 #ifndef OPENSSL_EXTRA
wolfSSL 15:117db924cf7c 7124 return MAX_CHAIN_DEPTH;
wolfSSL 15:117db924cf7c 7125 #else
wolfSSL 15:117db924cf7c 7126 return ctx->verifyDepth;
wolfSSL 15:117db924cf7c 7127 #endif
wolfSSL 15:117db924cf7c 7128 }
wolfSSL 15:117db924cf7c 7129
wolfSSL 15:117db924cf7c 7130
wolfSSL 16:8e0d178b1d1e 7131 WOLFSSL_ABI
wolfSSL 15:117db924cf7c 7132 int wolfSSL_CTX_use_certificate_chain_file(WOLFSSL_CTX* ctx, const char* file)
wolfSSL 15:117db924cf7c 7133 {
wolfSSL 16:8e0d178b1d1e 7134 /* process up to MAX_CHAIN_DEPTH plus subject cert */
wolfSSL 16:8e0d178b1d1e 7135 WOLFSSL_ENTER("wolfSSL_CTX_use_certificate_chain_file");
wolfSSL 16:8e0d178b1d1e 7136
wolfSSL 16:8e0d178b1d1e 7137 if (ProcessFile(ctx, file, WOLFSSL_FILETYPE_PEM, CERT_TYPE, NULL, 1, NULL,
wolfSSL 16:8e0d178b1d1e 7138 GET_VERIFY_SETTING_CTX(ctx)) == WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 7139 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 7140 }
wolfSSL 15:117db924cf7c 7141
wolfSSL 15:117db924cf7c 7142 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 7143 }
wolfSSL 15:117db924cf7c 7144
wolfSSL 15:117db924cf7c 7145
wolfSSL 15:117db924cf7c 7146 int wolfSSL_CTX_use_certificate_chain_file_format(WOLFSSL_CTX* ctx,
wolfSSL 15:117db924cf7c 7147 const char* file, int format)
wolfSSL 15:117db924cf7c 7148 {
wolfSSL 16:8e0d178b1d1e 7149 /* process up to MAX_CHAIN_DEPTH plus subject cert */
wolfSSL 16:8e0d178b1d1e 7150 WOLFSSL_ENTER("wolfSSL_CTX_use_certificate_chain_file_format");
wolfSSL 16:8e0d178b1d1e 7151
wolfSSL 16:8e0d178b1d1e 7152 if (ProcessFile(ctx, file, format, CERT_TYPE, NULL, 1, NULL,
wolfSSL 16:8e0d178b1d1e 7153 GET_VERIFY_SETTING_CTX(ctx)) == WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 7154 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 7155 }
wolfSSL 15:117db924cf7c 7156
wolfSSL 15:117db924cf7c 7157 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 7158 }
wolfSSL 15:117db924cf7c 7159
wolfSSL 15:117db924cf7c 7160
wolfSSL 15:117db924cf7c 7161 #ifndef NO_DH
wolfSSL 15:117db924cf7c 7162
wolfSSL 15:117db924cf7c 7163 /* server Diffie-Hellman parameters */
wolfSSL 15:117db924cf7c 7164 static int wolfSSL_SetTmpDH_file_wrapper(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
wolfSSL 15:117db924cf7c 7165 const char* fname, int format)
wolfSSL 15:117db924cf7c 7166 {
wolfSSL 15:117db924cf7c 7167 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 7168 byte staticBuffer[1]; /* force heap usage */
wolfSSL 15:117db924cf7c 7169 #else
wolfSSL 15:117db924cf7c 7170 byte staticBuffer[FILE_BUFFER_SIZE];
wolfSSL 15:117db924cf7c 7171 #endif
wolfSSL 15:117db924cf7c 7172 byte* myBuffer = staticBuffer;
wolfSSL 15:117db924cf7c 7173 int dynamic = 0;
wolfSSL 15:117db924cf7c 7174 int ret;
wolfSSL 15:117db924cf7c 7175 long sz = 0;
wolfSSL 15:117db924cf7c 7176 XFILE file;
wolfSSL 15:117db924cf7c 7177
wolfSSL 15:117db924cf7c 7178 if (ctx == NULL || fname == NULL)
wolfSSL 15:117db924cf7c 7179 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 7180
wolfSSL 15:117db924cf7c 7181 file = XFOPEN(fname, "rb");
wolfSSL 15:117db924cf7c 7182 if (file == XBADFILE) return WOLFSSL_BAD_FILE;
wolfSSL 16:8e0d178b1d1e 7183 if(XFSEEK(file, 0, XSEEK_END) != 0) {
wolfSSL 16:8e0d178b1d1e 7184 XFCLOSE(file);
wolfSSL 16:8e0d178b1d1e 7185 return WOLFSSL_BAD_FILE;
wolfSSL 16:8e0d178b1d1e 7186 }
wolfSSL 15:117db924cf7c 7187 sz = XFTELL(file);
wolfSSL 15:117db924cf7c 7188 XREWIND(file);
wolfSSL 15:117db924cf7c 7189
wolfSSL 16:8e0d178b1d1e 7190 if (sz > MAX_WOLFSSL_FILE_SIZE || sz <= 0) {
wolfSSL 16:8e0d178b1d1e 7191 WOLFSSL_MSG("SetTmpDH file size error");
wolfSSL 16:8e0d178b1d1e 7192 XFCLOSE(file);
wolfSSL 16:8e0d178b1d1e 7193 return WOLFSSL_BAD_FILE;
wolfSSL 16:8e0d178b1d1e 7194 }
wolfSSL 16:8e0d178b1d1e 7195
wolfSSL 15:117db924cf7c 7196 if (sz > (long)sizeof(staticBuffer)) {
wolfSSL 15:117db924cf7c 7197 WOLFSSL_MSG("Getting dynamic buffer");
wolfSSL 15:117db924cf7c 7198 myBuffer = (byte*) XMALLOC(sz, ctx->heap, DYNAMIC_TYPE_FILE);
wolfSSL 15:117db924cf7c 7199 if (myBuffer == NULL) {
wolfSSL 15:117db924cf7c 7200 XFCLOSE(file);
wolfSSL 15:117db924cf7c 7201 return WOLFSSL_BAD_FILE;
wolfSSL 15:117db924cf7c 7202 }
wolfSSL 15:117db924cf7c 7203 dynamic = 1;
wolfSSL 15:117db924cf7c 7204 }
wolfSSL 15:117db924cf7c 7205
wolfSSL 15:117db924cf7c 7206 if ( (ret = (int)XFREAD(myBuffer, 1, sz, file)) != sz)
wolfSSL 15:117db924cf7c 7207 ret = WOLFSSL_BAD_FILE;
wolfSSL 15:117db924cf7c 7208 else {
wolfSSL 15:117db924cf7c 7209 if (ssl)
wolfSSL 15:117db924cf7c 7210 ret = wolfSSL_SetTmpDH_buffer(ssl, myBuffer, sz, format);
wolfSSL 15:117db924cf7c 7211 else
wolfSSL 15:117db924cf7c 7212 ret = wolfSSL_CTX_SetTmpDH_buffer(ctx, myBuffer, sz, format);
wolfSSL 15:117db924cf7c 7213 }
wolfSSL 15:117db924cf7c 7214
wolfSSL 15:117db924cf7c 7215 XFCLOSE(file);
wolfSSL 15:117db924cf7c 7216 if (dynamic)
wolfSSL 15:117db924cf7c 7217 XFREE(myBuffer, ctx->heap, DYNAMIC_TYPE_FILE);
wolfSSL 15:117db924cf7c 7218
wolfSSL 15:117db924cf7c 7219 return ret;
wolfSSL 15:117db924cf7c 7220 }
wolfSSL 15:117db924cf7c 7221
wolfSSL 15:117db924cf7c 7222 /* server Diffie-Hellman parameters */
wolfSSL 15:117db924cf7c 7223 int wolfSSL_SetTmpDH_file(WOLFSSL* ssl, const char* fname, int format)
wolfSSL 15:117db924cf7c 7224 {
wolfSSL 15:117db924cf7c 7225 if (ssl == NULL)
wolfSSL 15:117db924cf7c 7226 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 7227
wolfSSL 15:117db924cf7c 7228 return wolfSSL_SetTmpDH_file_wrapper(ssl->ctx, ssl, fname, format);
wolfSSL 15:117db924cf7c 7229 }
wolfSSL 15:117db924cf7c 7230
wolfSSL 15:117db924cf7c 7231
wolfSSL 15:117db924cf7c 7232 /* server Diffie-Hellman parameters */
wolfSSL 15:117db924cf7c 7233 int wolfSSL_CTX_SetTmpDH_file(WOLFSSL_CTX* ctx, const char* fname, int format)
wolfSSL 15:117db924cf7c 7234 {
wolfSSL 15:117db924cf7c 7235 return wolfSSL_SetTmpDH_file_wrapper(ctx, NULL, fname, format);
wolfSSL 15:117db924cf7c 7236 }
wolfSSL 15:117db924cf7c 7237
wolfSSL 15:117db924cf7c 7238 #endif /* NO_DH */
wolfSSL 15:117db924cf7c 7239
wolfSSL 15:117db924cf7c 7240 #endif /* NO_FILESYSTEM */
wolfSSL 15:117db924cf7c 7241
wolfSSL 15:117db924cf7c 7242 #ifdef OPENSSL_EXTRA
wolfSSL 15:117db924cf7c 7243 /* put SSL type in extra for now, not very common */
wolfSSL 15:117db924cf7c 7244
wolfSSL 15:117db924cf7c 7245 /* Converts a DER format key read from "bio" to a PKCS8 structure.
wolfSSL 15:117db924cf7c 7246 *
wolfSSL 15:117db924cf7c 7247 * bio input bio to read DER from
wolfSSL 15:117db924cf7c 7248 * pkey If not NULL then this pointer will be overwritten with a new PKCS8
wolfSSL 15:117db924cf7c 7249 * structure.
wolfSSL 15:117db924cf7c 7250 *
wolfSSL 15:117db924cf7c 7251 * returns a WOLFSSL_PKCS8_PRIV_KEY_INFO pointer on success and NULL in fail
wolfSSL 15:117db924cf7c 7252 * case.
wolfSSL 15:117db924cf7c 7253 */
wolfSSL 15:117db924cf7c 7254 WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_d2i_PKCS8_PKEY_bio(WOLFSSL_BIO* bio,
wolfSSL 15:117db924cf7c 7255 WOLFSSL_PKCS8_PRIV_KEY_INFO** pkey)
wolfSSL 15:117db924cf7c 7256 {
wolfSSL 15:117db924cf7c 7257 WOLFSSL_PKCS8_PRIV_KEY_INFO* pkcs8 = NULL;
wolfSSL 15:117db924cf7c 7258 #ifdef WOLFSSL_PEM_TO_DER
wolfSSL 16:8e0d178b1d1e 7259 unsigned char* mem = NULL;
wolfSSL 15:117db924cf7c 7260 int memSz;
wolfSSL 15:117db924cf7c 7261 int keySz;
wolfSSL 16:8e0d178b1d1e 7262 word32 algId;
wolfSSL 15:117db924cf7c 7263
wolfSSL 15:117db924cf7c 7264 WOLFSSL_MSG("wolfSSL_d2i_PKCS8_PKEY_bio()");
wolfSSL 15:117db924cf7c 7265
wolfSSL 15:117db924cf7c 7266 if (bio == NULL) {
wolfSSL 15:117db924cf7c 7267 return NULL;
wolfSSL 15:117db924cf7c 7268 }
wolfSSL 15:117db924cf7c 7269
wolfSSL 15:117db924cf7c 7270 if ((memSz = wolfSSL_BIO_get_mem_data(bio, &mem)) < 0) {
wolfSSL 15:117db924cf7c 7271 return NULL;
wolfSSL 15:117db924cf7c 7272 }
wolfSSL 15:117db924cf7c 7273
wolfSSL 15:117db924cf7c 7274 if ((keySz = wc_KeyPemToDer(mem, memSz, mem, memSz, NULL)) < 0) {
wolfSSL 15:117db924cf7c 7275 WOLFSSL_MSG("Not PEM format");
wolfSSL 15:117db924cf7c 7276 keySz = memSz;
wolfSSL 16:8e0d178b1d1e 7277 if ((keySz = ToTraditional_ex((byte*)mem, (word32)keySz, &algId)) < 0) {
wolfSSL 16:8e0d178b1d1e 7278 return NULL;
wolfSSL 16:8e0d178b1d1e 7279 }
wolfSSL 16:8e0d178b1d1e 7280 }
wolfSSL 16:8e0d178b1d1e 7281
wolfSSL 16:8e0d178b1d1e 7282 pkcs8 = wolfSSL_EVP_PKEY_new();
wolfSSL 15:117db924cf7c 7283 if (pkcs8 == NULL) {
wolfSSL 15:117db924cf7c 7284 return NULL;
wolfSSL 15:117db924cf7c 7285 }
wolfSSL 15:117db924cf7c 7286
wolfSSL 15:117db924cf7c 7287 pkcs8->pkey.ptr = (char*)XMALLOC(keySz, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 15:117db924cf7c 7288 if (pkcs8->pkey.ptr == NULL) {
wolfSSL 15:117db924cf7c 7289 wolfSSL_EVP_PKEY_free(pkcs8);
wolfSSL 15:117db924cf7c 7290 return NULL;
wolfSSL 15:117db924cf7c 7291 }
wolfSSL 15:117db924cf7c 7292 XMEMCPY(pkcs8->pkey.ptr, mem, keySz);
wolfSSL 15:117db924cf7c 7293 pkcs8->pkey_sz = keySz;
wolfSSL 15:117db924cf7c 7294
wolfSSL 15:117db924cf7c 7295 if (pkey != NULL) {
wolfSSL 15:117db924cf7c 7296 *pkey = pkcs8;
wolfSSL 15:117db924cf7c 7297 }
wolfSSL 15:117db924cf7c 7298 #else
wolfSSL 15:117db924cf7c 7299 (void)bio;
wolfSSL 15:117db924cf7c 7300 (void)pkey;
wolfSSL 15:117db924cf7c 7301 #endif /* WOLFSSL_PEM_TO_DER */
wolfSSL 15:117db924cf7c 7302
wolfSSL 15:117db924cf7c 7303 return pkcs8;
wolfSSL 15:117db924cf7c 7304 }
wolfSSL 15:117db924cf7c 7305
wolfSSL 15:117db924cf7c 7306
wolfSSL 15:117db924cf7c 7307 /* expecting DER format public key
wolfSSL 15:117db924cf7c 7308 *
wolfSSL 15:117db924cf7c 7309 * bio input bio to read DER from
wolfSSL 15:117db924cf7c 7310 * out If not NULL then this pointer will be overwritten with a new
wolfSSL 15:117db924cf7c 7311 * WOLFSSL_EVP_PKEY pointer
wolfSSL 15:117db924cf7c 7312 *
wolfSSL 15:117db924cf7c 7313 * returns a WOLFSSL_EVP_PKEY pointer on success and NULL in fail case.
wolfSSL 15:117db924cf7c 7314 */
wolfSSL 15:117db924cf7c 7315 WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY_bio(WOLFSSL_BIO* bio,
wolfSSL 15:117db924cf7c 7316 WOLFSSL_EVP_PKEY** out)
wolfSSL 15:117db924cf7c 7317 {
wolfSSL 15:117db924cf7c 7318 unsigned char* mem;
wolfSSL 15:117db924cf7c 7319 long memSz;
wolfSSL 15:117db924cf7c 7320 WOLFSSL_EVP_PKEY* pkey = NULL;
wolfSSL 15:117db924cf7c 7321
wolfSSL 15:117db924cf7c 7322 WOLFSSL_ENTER("wolfSSL_d2i_PUBKEY_bio()");
wolfSSL 15:117db924cf7c 7323
wolfSSL 15:117db924cf7c 7324 if (bio == NULL) {
wolfSSL 15:117db924cf7c 7325 return NULL;
wolfSSL 15:117db924cf7c 7326 }
wolfSSL 15:117db924cf7c 7327 (void)out;
wolfSSL 15:117db924cf7c 7328
wolfSSL 15:117db924cf7c 7329 memSz = wolfSSL_BIO_pending(bio);
wolfSSL 15:117db924cf7c 7330 if (memSz <= 0) {
wolfSSL 15:117db924cf7c 7331 return NULL;
wolfSSL 15:117db924cf7c 7332 }
wolfSSL 15:117db924cf7c 7333
wolfSSL 15:117db924cf7c 7334 mem = (unsigned char*)XMALLOC(memSz, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 7335 if (mem == NULL) {
wolfSSL 15:117db924cf7c 7336 return NULL;
wolfSSL 15:117db924cf7c 7337 }
wolfSSL 15:117db924cf7c 7338
wolfSSL 15:117db924cf7c 7339 if (wolfSSL_BIO_read(bio, mem, (int)memSz) == memSz) {
wolfSSL 16:8e0d178b1d1e 7340 pkey = wolfSSL_d2i_PUBKEY(NULL, (const unsigned char**)&mem, memSz);
wolfSSL 15:117db924cf7c 7341 if (out != NULL && pkey != NULL) {
wolfSSL 15:117db924cf7c 7342 *out = pkey;
wolfSSL 15:117db924cf7c 7343 }
wolfSSL 15:117db924cf7c 7344 }
wolfSSL 15:117db924cf7c 7345
wolfSSL 15:117db924cf7c 7346 XFREE(mem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 7347 return pkey;
wolfSSL 15:117db924cf7c 7348 }
wolfSSL 15:117db924cf7c 7349
wolfSSL 15:117db924cf7c 7350
wolfSSL 15:117db924cf7c 7351
wolfSSL 15:117db924cf7c 7352 /* Converts a DER encoded public key to a WOLFSSL_EVP_PKEY structure.
wolfSSL 15:117db924cf7c 7353 *
wolfSSL 15:117db924cf7c 7354 * out pointer to new WOLFSSL_EVP_PKEY structure. Can be NULL
wolfSSL 15:117db924cf7c 7355 * in DER buffer to convert
wolfSSL 15:117db924cf7c 7356 * inSz size of in buffer
wolfSSL 15:117db924cf7c 7357 *
wolfSSL 15:117db924cf7c 7358 * returns a pointer to a new WOLFSSL_EVP_PKEY structure on success and NULL
wolfSSL 15:117db924cf7c 7359 * on fail
wolfSSL 15:117db924cf7c 7360 */
wolfSSL 16:8e0d178b1d1e 7361 WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY(WOLFSSL_EVP_PKEY** out,
wolfSSL 16:8e0d178b1d1e 7362 const unsigned char** in, long inSz)
wolfSSL 15:117db924cf7c 7363 {
wolfSSL 15:117db924cf7c 7364 WOLFSSL_EVP_PKEY* pkey = NULL;
wolfSSL 15:117db924cf7c 7365 const unsigned char* mem;
wolfSSL 15:117db924cf7c 7366 long memSz = inSz;
wolfSSL 15:117db924cf7c 7367
wolfSSL 15:117db924cf7c 7368 WOLFSSL_ENTER("wolfSSL_d2i_PUBKEY");
wolfSSL 15:117db924cf7c 7369
wolfSSL 15:117db924cf7c 7370 if (in == NULL || inSz < 0) {
wolfSSL 15:117db924cf7c 7371 WOLFSSL_MSG("Bad argument");
wolfSSL 15:117db924cf7c 7372 return NULL;
wolfSSL 15:117db924cf7c 7373 }
wolfSSL 15:117db924cf7c 7374 mem = *in;
wolfSSL 15:117db924cf7c 7375
wolfSSL 15:117db924cf7c 7376 #if !defined(NO_RSA)
wolfSSL 15:117db924cf7c 7377 {
wolfSSL 15:117db924cf7c 7378 RsaKey rsa;
wolfSSL 15:117db924cf7c 7379 word32 keyIdx = 0;
wolfSSL 15:117db924cf7c 7380
wolfSSL 15:117db924cf7c 7381 /* test if RSA key */
wolfSSL 15:117db924cf7c 7382 if (wc_InitRsaKey(&rsa, NULL) == 0 &&
wolfSSL 15:117db924cf7c 7383 wc_RsaPublicKeyDecode(mem, &keyIdx, &rsa, (word32)memSz) == 0) {
wolfSSL 15:117db924cf7c 7384 wc_FreeRsaKey(&rsa);
wolfSSL 16:8e0d178b1d1e 7385 pkey = wolfSSL_EVP_PKEY_new();
wolfSSL 15:117db924cf7c 7386 if (pkey != NULL) {
wolfSSL 15:117db924cf7c 7387 pkey->pkey_sz = keyIdx;
wolfSSL 15:117db924cf7c 7388 pkey->pkey.ptr = (char*)XMALLOC(memSz, NULL,
wolfSSL 15:117db924cf7c 7389 DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 15:117db924cf7c 7390 if (pkey->pkey.ptr == NULL) {
wolfSSL 15:117db924cf7c 7391 wolfSSL_EVP_PKEY_free(pkey);
wolfSSL 15:117db924cf7c 7392 return NULL;
wolfSSL 15:117db924cf7c 7393 }
wolfSSL 15:117db924cf7c 7394 XMEMCPY(pkey->pkey.ptr, mem, keyIdx);
wolfSSL 15:117db924cf7c 7395 pkey->type = EVP_PKEY_RSA;
wolfSSL 15:117db924cf7c 7396 if (out != NULL) {
wolfSSL 15:117db924cf7c 7397 *out = pkey;
wolfSSL 15:117db924cf7c 7398 }
wolfSSL 15:117db924cf7c 7399
wolfSSL 15:117db924cf7c 7400 pkey->ownRsa = 1;
wolfSSL 15:117db924cf7c 7401 pkey->rsa = wolfSSL_RSA_new();
wolfSSL 15:117db924cf7c 7402 if (pkey->rsa == NULL) {
wolfSSL 15:117db924cf7c 7403 wolfSSL_EVP_PKEY_free(pkey);
wolfSSL 15:117db924cf7c 7404 return NULL;
wolfSSL 15:117db924cf7c 7405 }
wolfSSL 15:117db924cf7c 7406
wolfSSL 15:117db924cf7c 7407 if (wolfSSL_RSA_LoadDer_ex(pkey->rsa,
wolfSSL 15:117db924cf7c 7408 (const unsigned char*)pkey->pkey.ptr,
wolfSSL 15:117db924cf7c 7409 pkey->pkey_sz, WOLFSSL_RSA_LOAD_PUBLIC) != 1) {
wolfSSL 15:117db924cf7c 7410 wolfSSL_EVP_PKEY_free(pkey);
wolfSSL 15:117db924cf7c 7411 return NULL;
wolfSSL 15:117db924cf7c 7412 }
wolfSSL 15:117db924cf7c 7413
wolfSSL 15:117db924cf7c 7414 return pkey;
wolfSSL 15:117db924cf7c 7415 }
wolfSSL 15:117db924cf7c 7416 }
wolfSSL 15:117db924cf7c 7417 wc_FreeRsaKey(&rsa);
wolfSSL 15:117db924cf7c 7418 }
wolfSSL 15:117db924cf7c 7419 #endif /* NO_RSA */
wolfSSL 15:117db924cf7c 7420
wolfSSL 15:117db924cf7c 7421 #ifdef HAVE_ECC
wolfSSL 15:117db924cf7c 7422 {
wolfSSL 15:117db924cf7c 7423 word32 keyIdx = 0;
wolfSSL 15:117db924cf7c 7424 ecc_key ecc;
wolfSSL 15:117db924cf7c 7425
wolfSSL 15:117db924cf7c 7426 if (wc_ecc_init(&ecc) == 0 &&
wolfSSL 15:117db924cf7c 7427 wc_EccPublicKeyDecode(mem, &keyIdx, &ecc, (word32)memSz) == 0) {
wolfSSL 15:117db924cf7c 7428 wc_ecc_free(&ecc);
wolfSSL 16:8e0d178b1d1e 7429 pkey = wolfSSL_EVP_PKEY_new();
wolfSSL 15:117db924cf7c 7430 if (pkey != NULL) {
wolfSSL 15:117db924cf7c 7431 pkey->pkey_sz = keyIdx;
wolfSSL 15:117db924cf7c 7432 pkey->pkey.ptr = (char*)XMALLOC(keyIdx, NULL,
wolfSSL 15:117db924cf7c 7433 DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 15:117db924cf7c 7434 if (pkey->pkey.ptr == NULL) {
wolfSSL 15:117db924cf7c 7435 wolfSSL_EVP_PKEY_free(pkey);
wolfSSL 15:117db924cf7c 7436 return NULL;
wolfSSL 15:117db924cf7c 7437 }
wolfSSL 15:117db924cf7c 7438 XMEMCPY(pkey->pkey.ptr, mem, keyIdx);
wolfSSL 15:117db924cf7c 7439 pkey->type = EVP_PKEY_EC;
wolfSSL 15:117db924cf7c 7440 if (out != NULL) {
wolfSSL 15:117db924cf7c 7441 *out = pkey;
wolfSSL 15:117db924cf7c 7442 }
wolfSSL 16:8e0d178b1d1e 7443
wolfSSL 16:8e0d178b1d1e 7444 pkey->ownEcc = 1;
wolfSSL 16:8e0d178b1d1e 7445 pkey->ecc = wolfSSL_EC_KEY_new();
wolfSSL 16:8e0d178b1d1e 7446 if (pkey->ecc == NULL) {
wolfSSL 16:8e0d178b1d1e 7447 wolfSSL_EVP_PKEY_free(pkey);
wolfSSL 16:8e0d178b1d1e 7448 return NULL;
wolfSSL 16:8e0d178b1d1e 7449 }
wolfSSL 16:8e0d178b1d1e 7450
wolfSSL 16:8e0d178b1d1e 7451 if (wolfSSL_EC_KEY_LoadDer_ex(pkey->ecc,
wolfSSL 16:8e0d178b1d1e 7452 (const unsigned char*)pkey->pkey.ptr,
wolfSSL 16:8e0d178b1d1e 7453 pkey->pkey_sz, WOLFSSL_EC_KEY_LOAD_PUBLIC) != 1) {
wolfSSL 16:8e0d178b1d1e 7454 wolfSSL_EVP_PKEY_free(pkey);
wolfSSL 16:8e0d178b1d1e 7455 return NULL;
wolfSSL 16:8e0d178b1d1e 7456 }
wolfSSL 16:8e0d178b1d1e 7457
wolfSSL 15:117db924cf7c 7458 return pkey;
wolfSSL 15:117db924cf7c 7459 }
wolfSSL 15:117db924cf7c 7460 }
wolfSSL 15:117db924cf7c 7461 wc_ecc_free(&ecc);
wolfSSL 15:117db924cf7c 7462 }
wolfSSL 15:117db924cf7c 7463 #endif /* HAVE_ECC */
wolfSSL 15:117db924cf7c 7464
wolfSSL 16:8e0d178b1d1e 7465 #if !defined(NO_DSA)
wolfSSL 16:8e0d178b1d1e 7466 {
wolfSSL 16:8e0d178b1d1e 7467 DsaKey dsa;
wolfSSL 16:8e0d178b1d1e 7468 word32 keyIdx = 0;
wolfSSL 16:8e0d178b1d1e 7469
wolfSSL 16:8e0d178b1d1e 7470 /* test if DSA key */
wolfSSL 16:8e0d178b1d1e 7471 if (wc_InitDsaKey(&dsa) == 0 &&
wolfSSL 16:8e0d178b1d1e 7472 wc_DsaPublicKeyDecode(mem, &keyIdx, &dsa, (word32)memSz) == 0) {
wolfSSL 16:8e0d178b1d1e 7473 wc_FreeDsaKey(&dsa);
wolfSSL 16:8e0d178b1d1e 7474 pkey = wolfSSL_EVP_PKEY_new();
wolfSSL 16:8e0d178b1d1e 7475
wolfSSL 16:8e0d178b1d1e 7476 if (pkey != NULL) {
wolfSSL 16:8e0d178b1d1e 7477 pkey->pkey_sz = keyIdx;
wolfSSL 16:8e0d178b1d1e 7478 pkey->pkey.ptr = (char*)XMALLOC(memSz, NULL,
wolfSSL 16:8e0d178b1d1e 7479 DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 16:8e0d178b1d1e 7480 if (pkey->pkey.ptr == NULL) {
wolfSSL 16:8e0d178b1d1e 7481 wolfSSL_EVP_PKEY_free(pkey);
wolfSSL 16:8e0d178b1d1e 7482 return NULL;
wolfSSL 16:8e0d178b1d1e 7483 }
wolfSSL 16:8e0d178b1d1e 7484 XMEMCPY(pkey->pkey.ptr, mem, keyIdx);
wolfSSL 16:8e0d178b1d1e 7485 pkey->type = EVP_PKEY_DSA;
wolfSSL 16:8e0d178b1d1e 7486 if (out != NULL) {
wolfSSL 16:8e0d178b1d1e 7487 *out = pkey;
wolfSSL 16:8e0d178b1d1e 7488 }
wolfSSL 16:8e0d178b1d1e 7489
wolfSSL 16:8e0d178b1d1e 7490 pkey->ownDsa = 1;
wolfSSL 16:8e0d178b1d1e 7491 pkey->dsa = wolfSSL_DSA_new();
wolfSSL 16:8e0d178b1d1e 7492 if (pkey->dsa == NULL) {
wolfSSL 16:8e0d178b1d1e 7493 wolfSSL_EVP_PKEY_free(pkey);
wolfSSL 16:8e0d178b1d1e 7494 return NULL;
wolfSSL 16:8e0d178b1d1e 7495 }
wolfSSL 16:8e0d178b1d1e 7496
wolfSSL 16:8e0d178b1d1e 7497
wolfSSL 16:8e0d178b1d1e 7498 if (wolfSSL_DSA_LoadDer_ex(pkey->dsa,
wolfSSL 16:8e0d178b1d1e 7499 (const unsigned char*)pkey->pkey.ptr,
wolfSSL 16:8e0d178b1d1e 7500 pkey->pkey_sz, WOLFSSL_DSA_LOAD_PUBLIC) != 1) {
wolfSSL 16:8e0d178b1d1e 7501 wolfSSL_EVP_PKEY_free(pkey);
wolfSSL 16:8e0d178b1d1e 7502 return NULL;
wolfSSL 16:8e0d178b1d1e 7503 }
wolfSSL 16:8e0d178b1d1e 7504
wolfSSL 16:8e0d178b1d1e 7505 return pkey;
wolfSSL 16:8e0d178b1d1e 7506 }
wolfSSL 16:8e0d178b1d1e 7507 }
wolfSSL 16:8e0d178b1d1e 7508 wc_FreeDsaKey(&dsa);
wolfSSL 16:8e0d178b1d1e 7509 }
wolfSSL 16:8e0d178b1d1e 7510 #endif /* NO_DSA */
wolfSSL 16:8e0d178b1d1e 7511
wolfSSL 16:8e0d178b1d1e 7512 #if !defined(NO_DH) && (defined(WOLFSSL_QT) || defined(OPENSSL_ALL))
wolfSSL 16:8e0d178b1d1e 7513 {
wolfSSL 16:8e0d178b1d1e 7514 DhKey dh;
wolfSSL 16:8e0d178b1d1e 7515 word32 keyIdx = 0;
wolfSSL 16:8e0d178b1d1e 7516
wolfSSL 16:8e0d178b1d1e 7517 /* test if DH key */
wolfSSL 16:8e0d178b1d1e 7518 if (wc_InitDhKey(&dh) == 0 &&
wolfSSL 16:8e0d178b1d1e 7519 wc_DhKeyDecode(mem, &keyIdx, &dh, (word32)memSz) == 0) {
wolfSSL 16:8e0d178b1d1e 7520 wc_FreeDhKey(&dh);
wolfSSL 16:8e0d178b1d1e 7521 pkey = wolfSSL_EVP_PKEY_new();
wolfSSL 16:8e0d178b1d1e 7522
wolfSSL 16:8e0d178b1d1e 7523 if (pkey != NULL) {
wolfSSL 16:8e0d178b1d1e 7524 pkey->pkey_sz = (int)memSz;
wolfSSL 16:8e0d178b1d1e 7525 pkey->pkey.ptr = (char*)XMALLOC(memSz, NULL,
wolfSSL 16:8e0d178b1d1e 7526 DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 16:8e0d178b1d1e 7527 if (pkey->pkey.ptr == NULL) {
wolfSSL 16:8e0d178b1d1e 7528 wolfSSL_EVP_PKEY_free(pkey);
wolfSSL 16:8e0d178b1d1e 7529 return NULL;
wolfSSL 16:8e0d178b1d1e 7530 }
wolfSSL 16:8e0d178b1d1e 7531 XMEMCPY(pkey->pkey.ptr, mem, memSz);
wolfSSL 16:8e0d178b1d1e 7532 pkey->type = EVP_PKEY_DH;
wolfSSL 16:8e0d178b1d1e 7533 if (out != NULL) {
wolfSSL 16:8e0d178b1d1e 7534 *out = pkey;
wolfSSL 16:8e0d178b1d1e 7535 }
wolfSSL 16:8e0d178b1d1e 7536
wolfSSL 16:8e0d178b1d1e 7537 pkey->ownDh = 1;
wolfSSL 16:8e0d178b1d1e 7538 pkey->dh = wolfSSL_DH_new();
wolfSSL 16:8e0d178b1d1e 7539 if (pkey->dh == NULL) {
wolfSSL 16:8e0d178b1d1e 7540 wolfSSL_EVP_PKEY_free(pkey);
wolfSSL 16:8e0d178b1d1e 7541 return NULL;
wolfSSL 16:8e0d178b1d1e 7542 }
wolfSSL 16:8e0d178b1d1e 7543
wolfSSL 16:8e0d178b1d1e 7544 if (wolfSSL_DH_LoadDer(pkey->dh,
wolfSSL 16:8e0d178b1d1e 7545 (const unsigned char*)pkey->pkey.ptr,
wolfSSL 16:8e0d178b1d1e 7546 pkey->pkey_sz) != WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 7547 wolfSSL_EVP_PKEY_free(pkey);
wolfSSL 16:8e0d178b1d1e 7548 return NULL;
wolfSSL 16:8e0d178b1d1e 7549 }
wolfSSL 16:8e0d178b1d1e 7550
wolfSSL 16:8e0d178b1d1e 7551 return pkey;
wolfSSL 16:8e0d178b1d1e 7552 }
wolfSSL 16:8e0d178b1d1e 7553 }
wolfSSL 16:8e0d178b1d1e 7554 wc_FreeDhKey(&dh);
wolfSSL 16:8e0d178b1d1e 7555 }
wolfSSL 16:8e0d178b1d1e 7556 #endif /* !NO_DH && (WOLFSSL_QT || OPENSSL_ALL) */
wolfSSL 16:8e0d178b1d1e 7557
wolfSSL 15:117db924cf7c 7558 return pkey;
wolfSSL 15:117db924cf7c 7559 }
wolfSSL 15:117db924cf7c 7560
wolfSSL 15:117db924cf7c 7561
wolfSSL 15:117db924cf7c 7562 /* Reads in a DER format key. If PKCS8 headers are found they are stripped off.
wolfSSL 15:117db924cf7c 7563 *
wolfSSL 15:117db924cf7c 7564 * type type of key
wolfSSL 15:117db924cf7c 7565 * out newly created WOLFSSL_EVP_PKEY structure
wolfSSL 15:117db924cf7c 7566 * in pointer to input key DER
wolfSSL 15:117db924cf7c 7567 * inSz size of in buffer
wolfSSL 15:117db924cf7c 7568 *
wolfSSL 15:117db924cf7c 7569 * On success a non null pointer is returned and the pointer in is advanced the
wolfSSL 15:117db924cf7c 7570 * same number of bytes read.
wolfSSL 15:117db924cf7c 7571 */
wolfSSL 15:117db924cf7c 7572 WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey(int type, WOLFSSL_EVP_PKEY** out,
wolfSSL 15:117db924cf7c 7573 const unsigned char **in, long inSz)
wolfSSL 15:117db924cf7c 7574 {
wolfSSL 15:117db924cf7c 7575 WOLFSSL_EVP_PKEY* local;
wolfSSL 15:117db924cf7c 7576 word32 idx = 0;
wolfSSL 15:117db924cf7c 7577 int ret;
wolfSSL 16:8e0d178b1d1e 7578 word32 algId;
wolfSSL 15:117db924cf7c 7579
wolfSSL 15:117db924cf7c 7580 WOLFSSL_ENTER("wolfSSL_d2i_PrivateKey");
wolfSSL 15:117db924cf7c 7581
wolfSSL 15:117db924cf7c 7582 if (in == NULL || inSz < 0) {
wolfSSL 15:117db924cf7c 7583 WOLFSSL_MSG("Bad argument");
wolfSSL 15:117db924cf7c 7584 return NULL;
wolfSSL 15:117db924cf7c 7585 }
wolfSSL 15:117db924cf7c 7586
wolfSSL 15:117db924cf7c 7587 /* Check if input buffer has PKCS8 header. In the case that it does not
wolfSSL 15:117db924cf7c 7588 * have a PKCS8 header then do not error out. */
wolfSSL 16:8e0d178b1d1e 7589 if ((ret = ToTraditionalInline_ex((const byte*)(*in), &idx, (word32)inSz,
wolfSSL 16:8e0d178b1d1e 7590 &algId)) > 0) {
wolfSSL 15:117db924cf7c 7591 WOLFSSL_MSG("Found and removed PKCS8 header");
wolfSSL 15:117db924cf7c 7592 }
wolfSSL 15:117db924cf7c 7593 else {
wolfSSL 15:117db924cf7c 7594 if (ret != ASN_PARSE_E) {
wolfSSL 15:117db924cf7c 7595 WOLFSSL_MSG("Unexpected error with trying to remove PKCS8 header");
wolfSSL 15:117db924cf7c 7596 return NULL;
wolfSSL 15:117db924cf7c 7597 }
wolfSSL 15:117db924cf7c 7598 }
wolfSSL 15:117db924cf7c 7599
wolfSSL 15:117db924cf7c 7600 if (out != NULL && *out != NULL) {
wolfSSL 15:117db924cf7c 7601 wolfSSL_EVP_PKEY_free(*out);
wolfSSL 16:8e0d178b1d1e 7602 *out = NULL;
wolfSSL 16:8e0d178b1d1e 7603 }
wolfSSL 16:8e0d178b1d1e 7604 local = wolfSSL_EVP_PKEY_new();
wolfSSL 15:117db924cf7c 7605 if (local == NULL) {
wolfSSL 15:117db924cf7c 7606 return NULL;
wolfSSL 15:117db924cf7c 7607 }
wolfSSL 15:117db924cf7c 7608
wolfSSL 15:117db924cf7c 7609 /* sanity check on idx before use */
wolfSSL 15:117db924cf7c 7610 if ((int)idx > inSz) {
wolfSSL 15:117db924cf7c 7611 WOLFSSL_MSG("Issue with index pointer");
wolfSSL 15:117db924cf7c 7612 wolfSSL_EVP_PKEY_free(local);
wolfSSL 15:117db924cf7c 7613 local = NULL;
wolfSSL 15:117db924cf7c 7614 return NULL;
wolfSSL 15:117db924cf7c 7615 }
wolfSSL 15:117db924cf7c 7616
wolfSSL 15:117db924cf7c 7617 local->type = type;
wolfSSL 15:117db924cf7c 7618 local->pkey_sz = (int)inSz - idx;
wolfSSL 15:117db924cf7c 7619 local->pkey.ptr = (char*)XMALLOC(inSz - idx, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 15:117db924cf7c 7620 if (local->pkey.ptr == NULL) {
wolfSSL 15:117db924cf7c 7621 wolfSSL_EVP_PKEY_free(local);
wolfSSL 15:117db924cf7c 7622 local = NULL;
wolfSSL 15:117db924cf7c 7623 return NULL;
wolfSSL 15:117db924cf7c 7624 }
wolfSSL 15:117db924cf7c 7625 else {
wolfSSL 15:117db924cf7c 7626 XMEMCPY(local->pkey.ptr, *in + idx, inSz - idx);
wolfSSL 15:117db924cf7c 7627 }
wolfSSL 15:117db924cf7c 7628
wolfSSL 15:117db924cf7c 7629 switch (type) {
wolfSSL 15:117db924cf7c 7630 #ifndef NO_RSA
wolfSSL 15:117db924cf7c 7631 case EVP_PKEY_RSA:
wolfSSL 15:117db924cf7c 7632 local->ownRsa = 1;
wolfSSL 15:117db924cf7c 7633 local->rsa = wolfSSL_RSA_new();
wolfSSL 15:117db924cf7c 7634 if (local->rsa == NULL) {
wolfSSL 15:117db924cf7c 7635 wolfSSL_EVP_PKEY_free(local);
wolfSSL 15:117db924cf7c 7636 return NULL;
wolfSSL 15:117db924cf7c 7637 }
wolfSSL 15:117db924cf7c 7638 if (wolfSSL_RSA_LoadDer_ex(local->rsa,
wolfSSL 15:117db924cf7c 7639 (const unsigned char*)local->pkey.ptr, local->pkey_sz,
wolfSSL 15:117db924cf7c 7640 WOLFSSL_RSA_LOAD_PRIVATE) != SSL_SUCCESS) {
wolfSSL 15:117db924cf7c 7641 wolfSSL_EVP_PKEY_free(local);
wolfSSL 15:117db924cf7c 7642 return NULL;
wolfSSL 15:117db924cf7c 7643 }
wolfSSL 15:117db924cf7c 7644 break;
wolfSSL 15:117db924cf7c 7645 #endif /* NO_RSA */
wolfSSL 15:117db924cf7c 7646 #ifdef HAVE_ECC
wolfSSL 15:117db924cf7c 7647 case EVP_PKEY_EC:
wolfSSL 15:117db924cf7c 7648 local->ownEcc = 1;
wolfSSL 15:117db924cf7c 7649 local->ecc = wolfSSL_EC_KEY_new();
wolfSSL 15:117db924cf7c 7650 if (local->ecc == NULL) {
wolfSSL 15:117db924cf7c 7651 wolfSSL_EVP_PKEY_free(local);
wolfSSL 15:117db924cf7c 7652 return NULL;
wolfSSL 15:117db924cf7c 7653 }
wolfSSL 15:117db924cf7c 7654 if (wolfSSL_EC_KEY_LoadDer(local->ecc,
wolfSSL 15:117db924cf7c 7655 (const unsigned char*)local->pkey.ptr, local->pkey_sz)
wolfSSL 15:117db924cf7c 7656 != SSL_SUCCESS) {
wolfSSL 15:117db924cf7c 7657 wolfSSL_EVP_PKEY_free(local);
wolfSSL 15:117db924cf7c 7658 return NULL;
wolfSSL 15:117db924cf7c 7659 }
wolfSSL 15:117db924cf7c 7660 break;
wolfSSL 15:117db924cf7c 7661 #endif /* HAVE_ECC */
wolfSSL 16:8e0d178b1d1e 7662 #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL)
wolfSSL 16:8e0d178b1d1e 7663 #ifndef NO_DSA
wolfSSL 16:8e0d178b1d1e 7664 case EVP_PKEY_DSA:
wolfSSL 16:8e0d178b1d1e 7665 local->ownDsa = 1;
wolfSSL 16:8e0d178b1d1e 7666 local->dsa = wolfSSL_DSA_new();
wolfSSL 16:8e0d178b1d1e 7667 if (local->dsa == NULL) {
wolfSSL 16:8e0d178b1d1e 7668 wolfSSL_EVP_PKEY_free(local);
wolfSSL 16:8e0d178b1d1e 7669 return NULL;
wolfSSL 16:8e0d178b1d1e 7670 }
wolfSSL 16:8e0d178b1d1e 7671 if (wolfSSL_DSA_LoadDer(local->dsa,
wolfSSL 16:8e0d178b1d1e 7672 (const unsigned char*)local->pkey.ptr, local->pkey_sz)
wolfSSL 16:8e0d178b1d1e 7673 != SSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 7674 wolfSSL_EVP_PKEY_free(local);
wolfSSL 16:8e0d178b1d1e 7675 return NULL;
wolfSSL 16:8e0d178b1d1e 7676 }
wolfSSL 16:8e0d178b1d1e 7677 break;
wolfSSL 16:8e0d178b1d1e 7678 #endif /* NO_DSA */
wolfSSL 16:8e0d178b1d1e 7679 #ifndef NO_DH
wolfSSL 16:8e0d178b1d1e 7680 case EVP_PKEY_DH:
wolfSSL 16:8e0d178b1d1e 7681 local->ownDh = 1;
wolfSSL 16:8e0d178b1d1e 7682 local->dh = wolfSSL_DH_new();
wolfSSL 16:8e0d178b1d1e 7683 if (local->dh == NULL) {
wolfSSL 16:8e0d178b1d1e 7684 wolfSSL_EVP_PKEY_free(local);
wolfSSL 16:8e0d178b1d1e 7685 return NULL;
wolfSSL 16:8e0d178b1d1e 7686 }
wolfSSL 16:8e0d178b1d1e 7687 if (wolfSSL_DH_LoadDer(local->dh,
wolfSSL 16:8e0d178b1d1e 7688 (const unsigned char*)local->pkey.ptr, local->pkey_sz)
wolfSSL 16:8e0d178b1d1e 7689 != SSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 7690 wolfSSL_EVP_PKEY_free(local);
wolfSSL 16:8e0d178b1d1e 7691 return NULL;
wolfSSL 16:8e0d178b1d1e 7692 }
wolfSSL 16:8e0d178b1d1e 7693 break;
wolfSSL 16:8e0d178b1d1e 7694 #endif /* HAVE_DH */
wolfSSL 16:8e0d178b1d1e 7695 #endif /* WOLFSSL_QT || OPENSSL_ALL */
wolfSSL 15:117db924cf7c 7696 default:
wolfSSL 15:117db924cf7c 7697 WOLFSSL_MSG("Unsupported key type");
wolfSSL 15:117db924cf7c 7698 wolfSSL_EVP_PKEY_free(local);
wolfSSL 15:117db924cf7c 7699 return NULL;
wolfSSL 15:117db924cf7c 7700 }
wolfSSL 15:117db924cf7c 7701
wolfSSL 15:117db924cf7c 7702 /* advance pointer with success */
wolfSSL 15:117db924cf7c 7703 if (local != NULL) {
wolfSSL 15:117db924cf7c 7704 if ((idx + local->pkey_sz) <= (word32)inSz) {
wolfSSL 15:117db924cf7c 7705 *in = *in + idx + local->pkey_sz;
wolfSSL 15:117db924cf7c 7706 }
wolfSSL 15:117db924cf7c 7707
wolfSSL 15:117db924cf7c 7708 if (out != NULL) {
wolfSSL 15:117db924cf7c 7709 *out = local;
wolfSSL 15:117db924cf7c 7710 }
wolfSSL 15:117db924cf7c 7711 }
wolfSSL 15:117db924cf7c 7712
wolfSSL 15:117db924cf7c 7713 return local;
wolfSSL 15:117db924cf7c 7714 }
wolfSSL 15:117db924cf7c 7715
wolfSSL 15:117db924cf7c 7716 #ifndef NO_CERTS
wolfSSL 15:117db924cf7c 7717
wolfSSL 15:117db924cf7c 7718 int wolfSSL_check_private_key(const WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 7719 {
wolfSSL 15:117db924cf7c 7720 DecodedCert der;
wolfSSL 15:117db924cf7c 7721 word32 size;
wolfSSL 15:117db924cf7c 7722 byte* buff;
wolfSSL 15:117db924cf7c 7723 int ret;
wolfSSL 15:117db924cf7c 7724
wolfSSL 15:117db924cf7c 7725 if (ssl == NULL) {
wolfSSL 15:117db924cf7c 7726 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 7727 }
wolfSSL 15:117db924cf7c 7728
wolfSSL 15:117db924cf7c 7729 size = ssl->buffers.certificate->length;
wolfSSL 15:117db924cf7c 7730 buff = ssl->buffers.certificate->buffer;
wolfSSL 15:117db924cf7c 7731 InitDecodedCert(&der, buff, size, ssl->heap);
wolfSSL 15:117db924cf7c 7732 #ifdef HAVE_PK_CALLBACKS
wolfSSL 15:117db924cf7c 7733 ret = InitSigPkCb((WOLFSSL*)ssl, &der.sigCtx);
wolfSSL 15:117db924cf7c 7734 if (ret != 0) {
wolfSSL 15:117db924cf7c 7735 FreeDecodedCert(&der);
wolfSSL 15:117db924cf7c 7736 return ret;
wolfSSL 15:117db924cf7c 7737 }
wolfSSL 15:117db924cf7c 7738 #endif
wolfSSL 15:117db924cf7c 7739
wolfSSL 15:117db924cf7c 7740 if (ParseCertRelative(&der, CERT_TYPE, NO_VERIFY, NULL) != 0) {
wolfSSL 15:117db924cf7c 7741 FreeDecodedCert(&der);
wolfSSL 15:117db924cf7c 7742 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 7743 }
wolfSSL 15:117db924cf7c 7744
wolfSSL 15:117db924cf7c 7745 size = ssl->buffers.key->length;
wolfSSL 15:117db924cf7c 7746 buff = ssl->buffers.key->buffer;
wolfSSL 15:117db924cf7c 7747 ret = wc_CheckPrivateKey(buff, size, &der);
wolfSSL 15:117db924cf7c 7748 FreeDecodedCert(&der);
wolfSSL 15:117db924cf7c 7749 return ret;
wolfSSL 15:117db924cf7c 7750 }
wolfSSL 15:117db924cf7c 7751
wolfSSL 16:8e0d178b1d1e 7752 #if defined(OPENSSL_ALL)
wolfSSL 16:8e0d178b1d1e 7753 /* Returns the number of X509V3 extensions in X509 object, or 0 on failure */
wolfSSL 16:8e0d178b1d1e 7754 int wolfSSL_X509_get_ext_count(const WOLFSSL_X509* passedCert)
wolfSSL 16:8e0d178b1d1e 7755 {
wolfSSL 16:8e0d178b1d1e 7756 int extCount = 0;
wolfSSL 16:8e0d178b1d1e 7757 int length = 0;
wolfSSL 16:8e0d178b1d1e 7758 int outSz = 0;
wolfSSL 16:8e0d178b1d1e 7759 const byte* rawCert;
wolfSSL 16:8e0d178b1d1e 7760 int sz = 0;
wolfSSL 16:8e0d178b1d1e 7761 word32 idx = 0;
wolfSSL 16:8e0d178b1d1e 7762 DecodedCert cert;
wolfSSL 16:8e0d178b1d1e 7763 const byte* input;
wolfSSL 16:8e0d178b1d1e 7764
wolfSSL 16:8e0d178b1d1e 7765 WOLFSSL_ENTER("wolfSSL_X509_get_ext_count()");
wolfSSL 16:8e0d178b1d1e 7766 if (passedCert == NULL) {
wolfSSL 16:8e0d178b1d1e 7767 WOLFSSL_MSG("\tNot passed a certificate");
wolfSSL 16:8e0d178b1d1e 7768 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 7769 }
wolfSSL 16:8e0d178b1d1e 7770
wolfSSL 16:8e0d178b1d1e 7771 rawCert = wolfSSL_X509_get_der((WOLFSSL_X509*)passedCert, &outSz);
wolfSSL 16:8e0d178b1d1e 7772 if (rawCert == NULL) {
wolfSSL 16:8e0d178b1d1e 7773 WOLFSSL_MSG("\tpassedCert has no internal DerBuffer set.");
wolfSSL 16:8e0d178b1d1e 7774 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 7775 }
wolfSSL 16:8e0d178b1d1e 7776 InitDecodedCert(&cert, rawCert, (word32)outSz, 0);
wolfSSL 16:8e0d178b1d1e 7777
wolfSSL 16:8e0d178b1d1e 7778 if (ParseCert(&cert, CA_TYPE, NO_VERIFY, NULL) < 0) {
wolfSSL 16:8e0d178b1d1e 7779 WOLFSSL_MSG("\tCertificate parsing failed");
wolfSSL 16:8e0d178b1d1e 7780 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 7781 }
wolfSSL 16:8e0d178b1d1e 7782
wolfSSL 16:8e0d178b1d1e 7783 input = cert.extensions;
wolfSSL 16:8e0d178b1d1e 7784 sz = cert.extensionsSz;
wolfSSL 16:8e0d178b1d1e 7785
wolfSSL 16:8e0d178b1d1e 7786 if (input == NULL || sz == 0) {
wolfSSL 16:8e0d178b1d1e 7787 WOLFSSL_MSG("\tsz or input NULL error");
wolfSSL 16:8e0d178b1d1e 7788 FreeDecodedCert(&cert);
wolfSSL 16:8e0d178b1d1e 7789 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 7790 }
wolfSSL 16:8e0d178b1d1e 7791
wolfSSL 16:8e0d178b1d1e 7792 if (input[idx++] != ASN_EXTENSIONS) {
wolfSSL 16:8e0d178b1d1e 7793 WOLFSSL_MSG("\tfail: should be an EXTENSIONS");
wolfSSL 16:8e0d178b1d1e 7794 FreeDecodedCert(&cert);
wolfSSL 16:8e0d178b1d1e 7795 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 7796 }
wolfSSL 16:8e0d178b1d1e 7797
wolfSSL 16:8e0d178b1d1e 7798 if (GetLength(input, &idx, &length, sz) < 0) {
wolfSSL 16:8e0d178b1d1e 7799 WOLFSSL_MSG("\tfail: invalid length");
wolfSSL 16:8e0d178b1d1e 7800 FreeDecodedCert(&cert);
wolfSSL 16:8e0d178b1d1e 7801 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 7802 }
wolfSSL 16:8e0d178b1d1e 7803
wolfSSL 16:8e0d178b1d1e 7804 if (GetSequence(input, &idx, &length, sz) < 0) {
wolfSSL 16:8e0d178b1d1e 7805 WOLFSSL_MSG("\tfail: should be a SEQUENCE (1)");
wolfSSL 16:8e0d178b1d1e 7806 FreeDecodedCert(&cert);
wolfSSL 16:8e0d178b1d1e 7807 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 7808 }
wolfSSL 16:8e0d178b1d1e 7809
wolfSSL 16:8e0d178b1d1e 7810 while (idx < (word32)sz) {
wolfSSL 16:8e0d178b1d1e 7811 if (GetSequence(input, &idx, &length, sz) < 0) {
wolfSSL 16:8e0d178b1d1e 7812 WOLFSSL_MSG("\tfail: should be a SEQUENCE");
wolfSSL 16:8e0d178b1d1e 7813 FreeDecodedCert(&cert);
wolfSSL 16:8e0d178b1d1e 7814 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 7815 }
wolfSSL 16:8e0d178b1d1e 7816 idx += length;
wolfSSL 16:8e0d178b1d1e 7817 extCount++;
wolfSSL 16:8e0d178b1d1e 7818 }
wolfSSL 16:8e0d178b1d1e 7819 FreeDecodedCert(&cert);
wolfSSL 16:8e0d178b1d1e 7820 return extCount;
wolfSSL 16:8e0d178b1d1e 7821 }
wolfSSL 16:8e0d178b1d1e 7822
wolfSSL 16:8e0d178b1d1e 7823 /* Creates and returns pointer to a new X509_EXTENSION object in memory */
wolfSSL 16:8e0d178b1d1e 7824 WOLFSSL_X509_EXTENSION* wolfSSL_X509_EXTENSION_new(void)
wolfSSL 16:8e0d178b1d1e 7825 {
wolfSSL 16:8e0d178b1d1e 7826 WOLFSSL_ENTER("wolfSSL_X509_EXTENSION_new");
wolfSSL 16:8e0d178b1d1e 7827
wolfSSL 16:8e0d178b1d1e 7828 WOLFSSL_X509_EXTENSION* newExt;
wolfSSL 16:8e0d178b1d1e 7829 newExt = (WOLFSSL_X509_EXTENSION*)XMALLOC(sizeof(WOLFSSL_X509_EXTENSION),
wolfSSL 16:8e0d178b1d1e 7830 NULL, DYNAMIC_TYPE_X509_EXT);
wolfSSL 16:8e0d178b1d1e 7831 if (newExt == NULL)
wolfSSL 16:8e0d178b1d1e 7832 return NULL;
wolfSSL 16:8e0d178b1d1e 7833 XMEMSET(newExt, 0, sizeof(WOLFSSL_X509_EXTENSION));
wolfSSL 16:8e0d178b1d1e 7834
wolfSSL 16:8e0d178b1d1e 7835 return newExt;
wolfSSL 16:8e0d178b1d1e 7836 }
wolfSSL 16:8e0d178b1d1e 7837
wolfSSL 16:8e0d178b1d1e 7838 void wolfSSL_X509_EXTENSION_free(WOLFSSL_X509_EXTENSION* x)
wolfSSL 16:8e0d178b1d1e 7839 {
wolfSSL 16:8e0d178b1d1e 7840 WOLFSSL_ASN1_STRING asn1;
wolfSSL 16:8e0d178b1d1e 7841 WOLFSSL_ENTER("wolfSSL_X509_EXTENSION_free");
wolfSSL 16:8e0d178b1d1e 7842 if (x == NULL)
wolfSSL 16:8e0d178b1d1e 7843 return;
wolfSSL 16:8e0d178b1d1e 7844
wolfSSL 16:8e0d178b1d1e 7845 if (x->obj != NULL)
wolfSSL 16:8e0d178b1d1e 7846 wolfSSL_ASN1_OBJECT_free(x->obj);
wolfSSL 16:8e0d178b1d1e 7847
wolfSSL 16:8e0d178b1d1e 7848 asn1 = x->value;
wolfSSL 16:8e0d178b1d1e 7849 if (asn1.length > 0 && asn1.data != NULL && asn1.isDynamic)
wolfSSL 16:8e0d178b1d1e 7850 XFREE(asn1.data, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL 16:8e0d178b1d1e 7851
wolfSSL 16:8e0d178b1d1e 7852 wolfSSL_sk_free(x->ext_sk);
wolfSSL 16:8e0d178b1d1e 7853
wolfSSL 16:8e0d178b1d1e 7854 XFREE(x, NULL, DYNAMIC_TYPE_X509_EXT);
wolfSSL 16:8e0d178b1d1e 7855 }
wolfSSL 16:8e0d178b1d1e 7856
wolfSSL 16:8e0d178b1d1e 7857 /* Creates and returns a new WOLFSSL_X509_EXTENSION stack. */
wolfSSL 16:8e0d178b1d1e 7858 WOLFSSL_STACK* wolfSSL_sk_new_x509_ext(void)
wolfSSL 16:8e0d178b1d1e 7859 {
wolfSSL 16:8e0d178b1d1e 7860 WOLFSSL_STACK* sk;
wolfSSL 16:8e0d178b1d1e 7861 WOLFSSL_ENTER("wolfSSL_sk_new_x509_ext");
wolfSSL 16:8e0d178b1d1e 7862
wolfSSL 16:8e0d178b1d1e 7863 sk = wolfSSL_sk_new_null();
wolfSSL 16:8e0d178b1d1e 7864 if (sk) {
wolfSSL 16:8e0d178b1d1e 7865 sk->type = STACK_TYPE_X509_EXT;
wolfSSL 16:8e0d178b1d1e 7866 }
wolfSSL 16:8e0d178b1d1e 7867 return sk;
wolfSSL 16:8e0d178b1d1e 7868 }
wolfSSL 16:8e0d178b1d1e 7869
wolfSSL 16:8e0d178b1d1e 7870 /* return 1 on success 0 on fail */
wolfSSL 16:8e0d178b1d1e 7871 int wolfSSL_sk_X509_EXTENSION_push(WOLFSSL_STACK* sk,WOLFSSL_X509_EXTENSION* ext)
wolfSSL 16:8e0d178b1d1e 7872 {
wolfSSL 16:8e0d178b1d1e 7873 WOLFSSL_STACK* node;
wolfSSL 16:8e0d178b1d1e 7874
wolfSSL 16:8e0d178b1d1e 7875 WOLFSSL_ENTER("wolfSSL_sk_X509_EXTENSION_push");
wolfSSL 16:8e0d178b1d1e 7876
wolfSSL 16:8e0d178b1d1e 7877 if (sk == NULL || ext == NULL) {
wolfSSL 16:8e0d178b1d1e 7878 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 7879 }
wolfSSL 16:8e0d178b1d1e 7880
wolfSSL 16:8e0d178b1d1e 7881 /* no previous values in stack */
wolfSSL 16:8e0d178b1d1e 7882 if (sk->data.ext == NULL) {
wolfSSL 16:8e0d178b1d1e 7883 sk->data.ext = ext;
wolfSSL 16:8e0d178b1d1e 7884 sk->num += 1;
wolfSSL 16:8e0d178b1d1e 7885 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 7886 }
wolfSSL 16:8e0d178b1d1e 7887
wolfSSL 16:8e0d178b1d1e 7888 /* stack already has value(s) create a new node and add more */
wolfSSL 16:8e0d178b1d1e 7889 node = (WOLFSSL_STACK*)XMALLOC(sizeof(WOLFSSL_STACK), NULL,
wolfSSL 16:8e0d178b1d1e 7890 DYNAMIC_TYPE_X509);
wolfSSL 16:8e0d178b1d1e 7891 if (node == NULL) {
wolfSSL 16:8e0d178b1d1e 7892 WOLFSSL_MSG("Memory error");
wolfSSL 16:8e0d178b1d1e 7893 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 7894 }
wolfSSL 16:8e0d178b1d1e 7895 XMEMSET(node, 0, sizeof(WOLFSSL_STACK));
wolfSSL 16:8e0d178b1d1e 7896
wolfSSL 16:8e0d178b1d1e 7897 /* push new obj onto head of stack */
wolfSSL 16:8e0d178b1d1e 7898 node->data.ext = sk->data.ext;
wolfSSL 16:8e0d178b1d1e 7899 node->next = sk->next;
wolfSSL 16:8e0d178b1d1e 7900 node->type = sk->type;
wolfSSL 16:8e0d178b1d1e 7901 sk->next = node;
wolfSSL 16:8e0d178b1d1e 7902 sk->data.ext = ext;
wolfSSL 16:8e0d178b1d1e 7903 sk->num += 1;
wolfSSL 16:8e0d178b1d1e 7904
wolfSSL 16:8e0d178b1d1e 7905 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 7906 }
wolfSSL 16:8e0d178b1d1e 7907
wolfSSL 16:8e0d178b1d1e 7908 /* Free the structure for X509_EXTENSION stack
wolfSSL 16:8e0d178b1d1e 7909 *
wolfSSL 16:8e0d178b1d1e 7910 * sk stack to free nodes in
wolfSSL 16:8e0d178b1d1e 7911 */
wolfSSL 16:8e0d178b1d1e 7912 void wolfSSL_sk_X509_EXTENSION_free(WOLFSSL_STACK* sk)
wolfSSL 16:8e0d178b1d1e 7913 {
wolfSSL 16:8e0d178b1d1e 7914 WOLFSSL_STACK* node;
wolfSSL 16:8e0d178b1d1e 7915
wolfSSL 16:8e0d178b1d1e 7916 WOLFSSL_ENTER("wolfSSL_sk_X509_EXTENSION_free");
wolfSSL 16:8e0d178b1d1e 7917
wolfSSL 16:8e0d178b1d1e 7918 if (sk == NULL) {
wolfSSL 16:8e0d178b1d1e 7919 return;
wolfSSL 16:8e0d178b1d1e 7920 }
wolfSSL 16:8e0d178b1d1e 7921
wolfSSL 16:8e0d178b1d1e 7922 /* parse through stack freeing each node */
wolfSSL 16:8e0d178b1d1e 7923 node = sk->next;
wolfSSL 16:8e0d178b1d1e 7924 while ((node != NULL) && (sk->num > 1)) {
wolfSSL 16:8e0d178b1d1e 7925 WOLFSSL_STACK* tmp = node;
wolfSSL 16:8e0d178b1d1e 7926 node = node->next;
wolfSSL 16:8e0d178b1d1e 7927
wolfSSL 16:8e0d178b1d1e 7928 wolfSSL_X509_EXTENSION_free(tmp->data.ext);
wolfSSL 16:8e0d178b1d1e 7929 XFREE(tmp, NULL, DYNAMIC_TYPE_X509);
wolfSSL 16:8e0d178b1d1e 7930 sk->num -= 1;
wolfSSL 16:8e0d178b1d1e 7931 }
wolfSSL 16:8e0d178b1d1e 7932
wolfSSL 16:8e0d178b1d1e 7933 /* free head of stack */
wolfSSL 16:8e0d178b1d1e 7934 if (sk->num == 1) {
wolfSSL 16:8e0d178b1d1e 7935 wolfSSL_X509_EXTENSION_free(sk->data.ext);
wolfSSL 16:8e0d178b1d1e 7936 }
wolfSSL 16:8e0d178b1d1e 7937 XFREE(sk, NULL, DYNAMIC_TYPE_X509);
wolfSSL 16:8e0d178b1d1e 7938 }
wolfSSL 16:8e0d178b1d1e 7939
wolfSSL 16:8e0d178b1d1e 7940 int wolfSSL_ASN1_BIT_STRING_set_bit(WOLFSSL_ASN1_BIT_STRING* str, int pos,
wolfSSL 16:8e0d178b1d1e 7941 int val)
wolfSSL 16:8e0d178b1d1e 7942 {
wolfSSL 16:8e0d178b1d1e 7943 int bytes_cnt, bit;
wolfSSL 16:8e0d178b1d1e 7944 byte* temp;
wolfSSL 16:8e0d178b1d1e 7945
wolfSSL 16:8e0d178b1d1e 7946 if (!str || (val != 0 && val != 1) || pos < 0) {
wolfSSL 16:8e0d178b1d1e 7947 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 7948 }
wolfSSL 16:8e0d178b1d1e 7949
wolfSSL 16:8e0d178b1d1e 7950 bytes_cnt = pos/8;
wolfSSL 16:8e0d178b1d1e 7951 bit = 1<<(7-(pos%8));
wolfSSL 16:8e0d178b1d1e 7952
wolfSSL 16:8e0d178b1d1e 7953 if (bytes_cnt+1 > str->length) {
wolfSSL 16:8e0d178b1d1e 7954 if (!(temp = (byte*)XREALLOC(str->data, bytes_cnt+1, NULL,
wolfSSL 16:8e0d178b1d1e 7955 DYNAMIC_TYPE_OPENSSL))) {
wolfSSL 16:8e0d178b1d1e 7956 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 7957 }
wolfSSL 16:8e0d178b1d1e 7958 XMEMSET(temp+str->length, 0, bytes_cnt+1 - str->length);
wolfSSL 16:8e0d178b1d1e 7959 str->data = temp;
wolfSSL 16:8e0d178b1d1e 7960 str->length = bytes_cnt+1;
wolfSSL 16:8e0d178b1d1e 7961 }
wolfSSL 16:8e0d178b1d1e 7962
wolfSSL 16:8e0d178b1d1e 7963 str->data[bytes_cnt] &= ~bit;
wolfSSL 16:8e0d178b1d1e 7964 str->data[bytes_cnt] |= val ? bit : 0;
wolfSSL 16:8e0d178b1d1e 7965
wolfSSL 16:8e0d178b1d1e 7966 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 7967 }
wolfSSL 16:8e0d178b1d1e 7968
wolfSSL 16:8e0d178b1d1e 7969 /* Gets the X509_EXTENSION* ext based on it's location in WOLFSSL_X509* x509.
wolfSSL 16:8e0d178b1d1e 7970 *
wolfSSL 16:8e0d178b1d1e 7971 * x509 : The X509 structure to look for the extension.
wolfSSL 16:8e0d178b1d1e 7972 * loc : Location of the extension. If the extension is found at the given
wolfSSL 16:8e0d178b1d1e 7973 * location, a new X509_EXTENSION structure is populated with extension-specific
wolfSSL 16:8e0d178b1d1e 7974 * data based on the extension type.
wolfSSL 16:8e0d178b1d1e 7975
wolfSSL 16:8e0d178b1d1e 7976 * Returns NULL on error or pointer to X509_EXTENSION structure containing the
wolfSSL 16:8e0d178b1d1e 7977 * extension. The returned X509_EXTENSION should not be free'd by caller.
wolfSSL 16:8e0d178b1d1e 7978 * The returned X509_EXTENSION is pushed onto a stack inside the x509 argument.
wolfSSL 16:8e0d178b1d1e 7979 * This is later free'd when x509 is free'd.
wolfSSL 16:8e0d178b1d1e 7980 *
wolfSSL 16:8e0d178b1d1e 7981 * NOTE: for unknown extension NIDs, a X509_EXTENSION is populated with the
wolfSSL 16:8e0d178b1d1e 7982 * extension oid as the ASN1_OBJECT (QT compatibility)
wolfSSL 16:8e0d178b1d1e 7983 */
wolfSSL 16:8e0d178b1d1e 7984 WOLFSSL_X509_EXTENSION* wolfSSL_X509_get_ext(const WOLFSSL_X509* x509, int loc)
wolfSSL 16:8e0d178b1d1e 7985 {
wolfSSL 16:8e0d178b1d1e 7986 WOLFSSL_X509_EXTENSION* ext = NULL;
wolfSSL 16:8e0d178b1d1e 7987 WOLFSSL_ENTER("wolfSSL_X509_get_ext");
wolfSSL 16:8e0d178b1d1e 7988 if (x509 == NULL)
wolfSSL 16:8e0d178b1d1e 7989 return NULL;
wolfSSL 16:8e0d178b1d1e 7990
wolfSSL 16:8e0d178b1d1e 7991 ext = wolfSSL_X509_set_ext((WOLFSSL_X509*) x509, loc);
wolfSSL 16:8e0d178b1d1e 7992 return ext;
wolfSSL 16:8e0d178b1d1e 7993 }
wolfSSL 16:8e0d178b1d1e 7994
wolfSSL 16:8e0d178b1d1e 7995 /* Pushes a new X509_EXTENSION* ext onto the stack inside WOLFSSL_X509* x509.
wolfSSL 16:8e0d178b1d1e 7996 * This is currently a helper function for wolfSSL_X509_get_ext
wolfSSL 16:8e0d178b1d1e 7997 * Caller does not free the returned WOLFSSL_X509_EXTENSION*
wolfSSL 16:8e0d178b1d1e 7998 */
wolfSSL 16:8e0d178b1d1e 7999 WOLFSSL_X509_EXTENSION* wolfSSL_X509_set_ext(WOLFSSL_X509* x509, int loc)
wolfSSL 16:8e0d178b1d1e 8000 {
wolfSSL 16:8e0d178b1d1e 8001 int extCount = 0, length = 0, outSz = 0, sz = 0, ret = 0;
wolfSSL 16:8e0d178b1d1e 8002 int objSz = 0, isSet = 0;
wolfSSL 16:8e0d178b1d1e 8003 const byte* rawCert;
wolfSSL 16:8e0d178b1d1e 8004 const byte* input;
wolfSSL 16:8e0d178b1d1e 8005 byte* oidBuf;
wolfSSL 16:8e0d178b1d1e 8006 word32 oid, idx = 0, tmpIdx = 0;
wolfSSL 16:8e0d178b1d1e 8007 WOLFSSL_X509_EXTENSION* ext = NULL;
wolfSSL 16:8e0d178b1d1e 8008 WOLFSSL_ASN1_INTEGER* a;
wolfSSL 16:8e0d178b1d1e 8009 WOLFSSL_STACK* sk;
wolfSSL 16:8e0d178b1d1e 8010 DecodedCert cert;
wolfSSL 16:8e0d178b1d1e 8011
wolfSSL 16:8e0d178b1d1e 8012 WOLFSSL_ENTER("wolfSSL_X509_set_ext");
wolfSSL 16:8e0d178b1d1e 8013
wolfSSL 16:8e0d178b1d1e 8014 if(x509 == NULL){
wolfSSL 16:8e0d178b1d1e 8015 WOLFSSL_MSG("\tNot passed a certificate");
wolfSSL 16:8e0d178b1d1e 8016 return NULL;
wolfSSL 16:8e0d178b1d1e 8017 }
wolfSSL 16:8e0d178b1d1e 8018
wolfSSL 16:8e0d178b1d1e 8019 if(loc <0 || (loc > wolfSSL_X509_get_ext_count(x509))){
wolfSSL 16:8e0d178b1d1e 8020 WOLFSSL_MSG("\tBad location argument");
wolfSSL 16:8e0d178b1d1e 8021 return NULL;
wolfSSL 16:8e0d178b1d1e 8022 }
wolfSSL 16:8e0d178b1d1e 8023
wolfSSL 16:8e0d178b1d1e 8024 ext = wolfSSL_X509_EXTENSION_new();
wolfSSL 16:8e0d178b1d1e 8025 if (ext == NULL) {
wolfSSL 16:8e0d178b1d1e 8026 WOLFSSL_MSG("\tX509_EXTENSION_new() failed");
wolfSSL 16:8e0d178b1d1e 8027 return NULL;
wolfSSL 16:8e0d178b1d1e 8028 }
wolfSSL 16:8e0d178b1d1e 8029
wolfSSL 16:8e0d178b1d1e 8030 rawCert = wolfSSL_X509_get_der((WOLFSSL_X509*)x509, &outSz);
wolfSSL 16:8e0d178b1d1e 8031 if (rawCert == NULL) {
wolfSSL 16:8e0d178b1d1e 8032 WOLFSSL_MSG("\tX509_get_der() failed");
wolfSSL 16:8e0d178b1d1e 8033 wolfSSL_X509_EXTENSION_free(ext);
wolfSSL 16:8e0d178b1d1e 8034 return NULL;
wolfSSL 16:8e0d178b1d1e 8035 }
wolfSSL 16:8e0d178b1d1e 8036
wolfSSL 16:8e0d178b1d1e 8037 InitDecodedCert( &cert, rawCert, (word32)outSz, 0);
wolfSSL 16:8e0d178b1d1e 8038
wolfSSL 16:8e0d178b1d1e 8039 if (ParseCert(&cert, CA_TYPE, NO_VERIFY, NULL) < 0) {
wolfSSL 16:8e0d178b1d1e 8040 WOLFSSL_MSG("\tCertificate parsing failed");
wolfSSL 16:8e0d178b1d1e 8041 wolfSSL_X509_EXTENSION_free(ext);
wolfSSL 16:8e0d178b1d1e 8042 return NULL;
wolfSSL 16:8e0d178b1d1e 8043 }
wolfSSL 16:8e0d178b1d1e 8044
wolfSSL 16:8e0d178b1d1e 8045 input = cert.extensions;
wolfSSL 16:8e0d178b1d1e 8046 sz = cert.extensionsSz;
wolfSSL 16:8e0d178b1d1e 8047
wolfSSL 16:8e0d178b1d1e 8048 if (input == NULL || sz == 0) {
wolfSSL 16:8e0d178b1d1e 8049 WOLFSSL_MSG("\tfail: should be an EXTENSIONS");
wolfSSL 16:8e0d178b1d1e 8050 wolfSSL_X509_EXTENSION_free(ext);
wolfSSL 16:8e0d178b1d1e 8051 FreeDecodedCert(&cert);
wolfSSL 16:8e0d178b1d1e 8052 return NULL;
wolfSSL 16:8e0d178b1d1e 8053 }
wolfSSL 16:8e0d178b1d1e 8054
wolfSSL 16:8e0d178b1d1e 8055 if (input[idx++] != ASN_EXTENSIONS) {
wolfSSL 16:8e0d178b1d1e 8056 WOLFSSL_MSG("\tfail: should be an EXTENSIONS");
wolfSSL 16:8e0d178b1d1e 8057 wolfSSL_X509_EXTENSION_free(ext);
wolfSSL 16:8e0d178b1d1e 8058 FreeDecodedCert(&cert);
wolfSSL 16:8e0d178b1d1e 8059 return NULL;
wolfSSL 16:8e0d178b1d1e 8060 }
wolfSSL 16:8e0d178b1d1e 8061
wolfSSL 16:8e0d178b1d1e 8062 if (GetLength(input, &idx, &length, sz) < 0) {
wolfSSL 16:8e0d178b1d1e 8063 WOLFSSL_MSG("\tfail: invalid length");
wolfSSL 16:8e0d178b1d1e 8064 wolfSSL_X509_EXTENSION_free(ext);
wolfSSL 16:8e0d178b1d1e 8065 FreeDecodedCert(&cert);
wolfSSL 16:8e0d178b1d1e 8066 return NULL;
wolfSSL 16:8e0d178b1d1e 8067 }
wolfSSL 16:8e0d178b1d1e 8068
wolfSSL 16:8e0d178b1d1e 8069 if (GetSequence(input, &idx, &length, sz) < 0) {
wolfSSL 16:8e0d178b1d1e 8070 WOLFSSL_MSG("\tfail: should be a SEQUENCE (1)");
wolfSSL 16:8e0d178b1d1e 8071 wolfSSL_X509_EXTENSION_free(ext);
wolfSSL 16:8e0d178b1d1e 8072 FreeDecodedCert(&cert);
wolfSSL 16:8e0d178b1d1e 8073 return NULL;
wolfSSL 16:8e0d178b1d1e 8074 }
wolfSSL 16:8e0d178b1d1e 8075
wolfSSL 16:8e0d178b1d1e 8076 while (idx < (word32)sz) {
wolfSSL 16:8e0d178b1d1e 8077 oid = 0;
wolfSSL 16:8e0d178b1d1e 8078
wolfSSL 16:8e0d178b1d1e 8079 if (GetSequence(input, &idx, &length, sz) < 0) {
wolfSSL 16:8e0d178b1d1e 8080 WOLFSSL_MSG("\tfail: should be a SEQUENCE");
wolfSSL 16:8e0d178b1d1e 8081 wolfSSL_X509_EXTENSION_free(ext);
wolfSSL 16:8e0d178b1d1e 8082 FreeDecodedCert(&cert);
wolfSSL 16:8e0d178b1d1e 8083 return NULL;
wolfSSL 16:8e0d178b1d1e 8084 }
wolfSSL 16:8e0d178b1d1e 8085
wolfSSL 16:8e0d178b1d1e 8086 tmpIdx = idx;
wolfSSL 16:8e0d178b1d1e 8087 ret = GetObjectId(input, &idx, &oid, oidCertExtType, sz);
wolfSSL 16:8e0d178b1d1e 8088 if (ret < 0) {
wolfSSL 16:8e0d178b1d1e 8089 WOLFSSL_MSG("\tfail: OBJECT ID");
wolfSSL 16:8e0d178b1d1e 8090 wolfSSL_X509_EXTENSION_free(ext);
wolfSSL 16:8e0d178b1d1e 8091 FreeDecodedCert(&cert);
wolfSSL 16:8e0d178b1d1e 8092 return NULL;
wolfSSL 16:8e0d178b1d1e 8093 }
wolfSSL 16:8e0d178b1d1e 8094 idx = tmpIdx;
wolfSSL 16:8e0d178b1d1e 8095
wolfSSL 16:8e0d178b1d1e 8096 /* Continue while loop until extCount == loc or idx > sz */
wolfSSL 16:8e0d178b1d1e 8097 if (extCount != loc) {
wolfSSL 16:8e0d178b1d1e 8098 idx += length;
wolfSSL 16:8e0d178b1d1e 8099 extCount++;
wolfSSL 16:8e0d178b1d1e 8100 continue;
wolfSSL 16:8e0d178b1d1e 8101 }
wolfSSL 16:8e0d178b1d1e 8102 /* extCount == loc. Now get the extension. */
wolfSSL 16:8e0d178b1d1e 8103 /* Check if extension has been set */
wolfSSL 16:8e0d178b1d1e 8104 isSet = wolfSSL_X509_ext_isSet_by_NID((WOLFSSL_X509*)x509, oid);
wolfSSL 16:8e0d178b1d1e 8105 ext->obj = wolfSSL_OBJ_nid2obj(oid);
wolfSSL 16:8e0d178b1d1e 8106 if (ext->obj == NULL) {
wolfSSL 16:8e0d178b1d1e 8107 WOLFSSL_MSG("\tfail: Invalid OBJECT");
wolfSSL 16:8e0d178b1d1e 8108 wolfSSL_X509_EXTENSION_free(ext);
wolfSSL 16:8e0d178b1d1e 8109 FreeDecodedCert(&cert);
wolfSSL 16:8e0d178b1d1e 8110 return NULL;
wolfSSL 16:8e0d178b1d1e 8111 }
wolfSSL 16:8e0d178b1d1e 8112 ext->obj->nid = oid;
wolfSSL 16:8e0d178b1d1e 8113
wolfSSL 16:8e0d178b1d1e 8114 switch (oid) {
wolfSSL 16:8e0d178b1d1e 8115 case BASIC_CA_OID:
wolfSSL 16:8e0d178b1d1e 8116 if (!isSet)
wolfSSL 16:8e0d178b1d1e 8117 break;
wolfSSL 16:8e0d178b1d1e 8118 /* Set pathlength */
wolfSSL 16:8e0d178b1d1e 8119 a = wolfSSL_ASN1_INTEGER_new();
wolfSSL 16:8e0d178b1d1e 8120 if (a == NULL) {
wolfSSL 16:8e0d178b1d1e 8121 wolfSSL_X509_EXTENSION_free(ext);
wolfSSL 16:8e0d178b1d1e 8122 FreeDecodedCert(&cert);
wolfSSL 16:8e0d178b1d1e 8123 return NULL;
wolfSSL 16:8e0d178b1d1e 8124 }
wolfSSL 16:8e0d178b1d1e 8125 a->length = x509->pathLength;
wolfSSL 16:8e0d178b1d1e 8126
wolfSSL 16:8e0d178b1d1e 8127 /* Save ASN1_INTEGER in x509 extension */
wolfSSL 16:8e0d178b1d1e 8128 ext->obj->pathlen = a;
wolfSSL 16:8e0d178b1d1e 8129
wolfSSL 16:8e0d178b1d1e 8130 ext->obj->ca = x509->isCa;
wolfSSL 16:8e0d178b1d1e 8131 ext->crit = x509->basicConstCrit;
wolfSSL 16:8e0d178b1d1e 8132 break;
wolfSSL 16:8e0d178b1d1e 8133
wolfSSL 16:8e0d178b1d1e 8134 case AUTH_INFO_OID:
wolfSSL 16:8e0d178b1d1e 8135 if (!isSet)
wolfSSL 16:8e0d178b1d1e 8136 break;
wolfSSL 16:8e0d178b1d1e 8137
wolfSSL 16:8e0d178b1d1e 8138 /* Create a stack to hold both the caIssuer and ocsp objects
wolfSSL 16:8e0d178b1d1e 8139 in X509_EXTENSION structure */
wolfSSL 16:8e0d178b1d1e 8140 sk = (WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)*)XMALLOC(
wolfSSL 16:8e0d178b1d1e 8141 sizeof(WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)),
wolfSSL 16:8e0d178b1d1e 8142 NULL, DYNAMIC_TYPE_ASN1);
wolfSSL 16:8e0d178b1d1e 8143 if (sk == NULL) {
wolfSSL 16:8e0d178b1d1e 8144 WOLFSSL_MSG("Failed to malloc stack");
wolfSSL 16:8e0d178b1d1e 8145 wolfSSL_X509_EXTENSION_free(ext);
wolfSSL 16:8e0d178b1d1e 8146 FreeDecodedCert(&cert);
wolfSSL 16:8e0d178b1d1e 8147 return NULL;
wolfSSL 16:8e0d178b1d1e 8148 }
wolfSSL 16:8e0d178b1d1e 8149 XMEMSET(sk, 0, sizeof(WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)));
wolfSSL 16:8e0d178b1d1e 8150 sk->type = STACK_TYPE_OBJ;
wolfSSL 16:8e0d178b1d1e 8151
wolfSSL 16:8e0d178b1d1e 8152 /* Add CaIssuers object to stack */
wolfSSL 16:8e0d178b1d1e 8153 if (x509->authInfoCaIssuer != NULL &&
wolfSSL 16:8e0d178b1d1e 8154 x509->authInfoCaIssuerSz > 0)
wolfSSL 16:8e0d178b1d1e 8155 {
wolfSSL 16:8e0d178b1d1e 8156 WOLFSSL_ASN1_OBJECT* obj;
wolfSSL 16:8e0d178b1d1e 8157 obj = wolfSSL_ASN1_OBJECT_new();
wolfSSL 16:8e0d178b1d1e 8158 if (obj == NULL) {
wolfSSL 16:8e0d178b1d1e 8159 WOLFSSL_MSG("Error creating ASN1 object");
wolfSSL 16:8e0d178b1d1e 8160 wolfSSL_sk_ASN1_OBJECT_free(sk);
wolfSSL 16:8e0d178b1d1e 8161 wolfSSL_X509_EXTENSION_free(ext);
wolfSSL 16:8e0d178b1d1e 8162 FreeDecodedCert(&cert);
wolfSSL 16:8e0d178b1d1e 8163 return NULL;
wolfSSL 16:8e0d178b1d1e 8164 }
wolfSSL 16:8e0d178b1d1e 8165 obj->obj = (byte*)x509->authInfoCaIssuer;
wolfSSL 16:8e0d178b1d1e 8166 obj->objSz = x509->authInfoCaIssuerSz;
wolfSSL 16:8e0d178b1d1e 8167 obj->grp = oidCertAuthInfoType;
wolfSSL 16:8e0d178b1d1e 8168 obj->nid = AIA_CA_ISSUER_OID;
wolfSSL 16:8e0d178b1d1e 8169
wolfSSL 16:8e0d178b1d1e 8170 ret = wolfSSL_sk_ASN1_OBJECT_push(sk, obj);
wolfSSL 16:8e0d178b1d1e 8171 if (ret != WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 8172 WOLFSSL_MSG("Error pushing ASN1 object onto stack");
wolfSSL 16:8e0d178b1d1e 8173 wolfSSL_ASN1_OBJECT_free(obj);
wolfSSL 16:8e0d178b1d1e 8174 wolfSSL_sk_ASN1_OBJECT_free(sk);
wolfSSL 16:8e0d178b1d1e 8175 wolfSSL_X509_EXTENSION_free(ext);
wolfSSL 16:8e0d178b1d1e 8176 FreeDecodedCert(&cert);
wolfSSL 16:8e0d178b1d1e 8177 return NULL;
wolfSSL 16:8e0d178b1d1e 8178 }
wolfSSL 16:8e0d178b1d1e 8179 }
wolfSSL 16:8e0d178b1d1e 8180
wolfSSL 16:8e0d178b1d1e 8181 /* Add OCSP object to stack */
wolfSSL 16:8e0d178b1d1e 8182 if (x509->authInfo != NULL &&
wolfSSL 16:8e0d178b1d1e 8183 x509->authInfoSz > 0)
wolfSSL 16:8e0d178b1d1e 8184 {
wolfSSL 16:8e0d178b1d1e 8185 WOLFSSL_ASN1_OBJECT* obj;
wolfSSL 16:8e0d178b1d1e 8186 obj = wolfSSL_ASN1_OBJECT_new();
wolfSSL 16:8e0d178b1d1e 8187 if (obj == NULL) {
wolfSSL 16:8e0d178b1d1e 8188 WOLFSSL_MSG("Error creating ASN1 object");
wolfSSL 16:8e0d178b1d1e 8189 wolfSSL_sk_ASN1_OBJECT_free(sk);
wolfSSL 16:8e0d178b1d1e 8190 wolfSSL_X509_EXTENSION_free(ext);
wolfSSL 16:8e0d178b1d1e 8191 FreeDecodedCert(&cert);
wolfSSL 16:8e0d178b1d1e 8192 return NULL;
wolfSSL 16:8e0d178b1d1e 8193 }
wolfSSL 16:8e0d178b1d1e 8194 obj->obj = x509->authInfo;
wolfSSL 16:8e0d178b1d1e 8195 obj->objSz = x509->authInfoSz;
wolfSSL 16:8e0d178b1d1e 8196 obj->grp = oidCertAuthInfoType;
wolfSSL 16:8e0d178b1d1e 8197 obj->nid = AIA_OCSP_OID;
wolfSSL 16:8e0d178b1d1e 8198
wolfSSL 16:8e0d178b1d1e 8199 ret = wolfSSL_sk_ASN1_OBJECT_push(sk, obj);
wolfSSL 16:8e0d178b1d1e 8200 if (ret != WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 8201 WOLFSSL_MSG("Error pushing ASN1 object onto stack");
wolfSSL 16:8e0d178b1d1e 8202 wolfSSL_ASN1_OBJECT_free(obj);
wolfSSL 16:8e0d178b1d1e 8203 wolfSSL_sk_ASN1_OBJECT_free(sk);
wolfSSL 16:8e0d178b1d1e 8204 wolfSSL_X509_EXTENSION_free(ext);
wolfSSL 16:8e0d178b1d1e 8205 FreeDecodedCert(&cert);
wolfSSL 16:8e0d178b1d1e 8206 return NULL;
wolfSSL 16:8e0d178b1d1e 8207 }
wolfSSL 16:8e0d178b1d1e 8208 }
wolfSSL 16:8e0d178b1d1e 8209 ext->ext_sk = sk;
wolfSSL 16:8e0d178b1d1e 8210 ext->crit = x509->authInfoCrit;
wolfSSL 16:8e0d178b1d1e 8211 break;
wolfSSL 16:8e0d178b1d1e 8212
wolfSSL 16:8e0d178b1d1e 8213 case AUTH_KEY_OID:
wolfSSL 16:8e0d178b1d1e 8214 if (!isSet)
wolfSSL 16:8e0d178b1d1e 8215 break;
wolfSSL 16:8e0d178b1d1e 8216
wolfSSL 16:8e0d178b1d1e 8217 ret = wolfSSL_ASN1_STRING_set(&ext->value, x509->authKeyId,
wolfSSL 16:8e0d178b1d1e 8218 x509->authKeyIdSz);
wolfSSL 16:8e0d178b1d1e 8219 if (ret != WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 8220 WOLFSSL_MSG("ASN1_STRING_set() failed");
wolfSSL 16:8e0d178b1d1e 8221 wolfSSL_X509_EXTENSION_free(ext);
wolfSSL 16:8e0d178b1d1e 8222 FreeDecodedCert(&cert);
wolfSSL 16:8e0d178b1d1e 8223 return NULL;
wolfSSL 16:8e0d178b1d1e 8224 }
wolfSSL 16:8e0d178b1d1e 8225 ext->crit = x509->authKeyIdCrit;
wolfSSL 16:8e0d178b1d1e 8226 break;
wolfSSL 16:8e0d178b1d1e 8227
wolfSSL 16:8e0d178b1d1e 8228 case SUBJ_KEY_OID:
wolfSSL 16:8e0d178b1d1e 8229 if (!isSet)
wolfSSL 16:8e0d178b1d1e 8230 break;
wolfSSL 16:8e0d178b1d1e 8231
wolfSSL 16:8e0d178b1d1e 8232 ret = wolfSSL_ASN1_STRING_set(&ext->value, x509->subjKeyId,
wolfSSL 16:8e0d178b1d1e 8233 x509->subjKeyIdSz);
wolfSSL 16:8e0d178b1d1e 8234 if (ret != WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 8235 WOLFSSL_MSG("ASN1_STRING_set() failed");
wolfSSL 16:8e0d178b1d1e 8236 wolfSSL_X509_EXTENSION_free(ext);
wolfSSL 16:8e0d178b1d1e 8237 FreeDecodedCert(&cert);
wolfSSL 16:8e0d178b1d1e 8238 return NULL;
wolfSSL 16:8e0d178b1d1e 8239 }
wolfSSL 16:8e0d178b1d1e 8240 ext->crit = x509->subjKeyIdCrit;
wolfSSL 16:8e0d178b1d1e 8241 break;
wolfSSL 16:8e0d178b1d1e 8242
wolfSSL 16:8e0d178b1d1e 8243 case CERT_POLICY_OID:
wolfSSL 16:8e0d178b1d1e 8244 if (!isSet)
wolfSSL 16:8e0d178b1d1e 8245 break;
wolfSSL 16:8e0d178b1d1e 8246 ext->crit = x509->certPolicyCrit;
wolfSSL 16:8e0d178b1d1e 8247 break;
wolfSSL 16:8e0d178b1d1e 8248
wolfSSL 16:8e0d178b1d1e 8249 case KEY_USAGE_OID:
wolfSSL 16:8e0d178b1d1e 8250 if (!isSet)
wolfSSL 16:8e0d178b1d1e 8251 break;
wolfSSL 16:8e0d178b1d1e 8252
wolfSSL 16:8e0d178b1d1e 8253 ret = wolfSSL_ASN1_STRING_set(&ext->value,
wolfSSL 16:8e0d178b1d1e 8254 (byte*)&(x509->keyUsage), sizeof(word16));
wolfSSL 16:8e0d178b1d1e 8255 if (ret != WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 8256 WOLFSSL_MSG("ASN1_STRING_set() failed");
wolfSSL 16:8e0d178b1d1e 8257 wolfSSL_X509_EXTENSION_free(ext);
wolfSSL 16:8e0d178b1d1e 8258 FreeDecodedCert(&cert);
wolfSSL 16:8e0d178b1d1e 8259 return NULL;
wolfSSL 16:8e0d178b1d1e 8260 }
wolfSSL 16:8e0d178b1d1e 8261 ext->crit = x509->keyUsageCrit;
wolfSSL 16:8e0d178b1d1e 8262 break;
wolfSSL 16:8e0d178b1d1e 8263
wolfSSL 16:8e0d178b1d1e 8264 case EXT_KEY_USAGE_OID:
wolfSSL 16:8e0d178b1d1e 8265 if (!isSet)
wolfSSL 16:8e0d178b1d1e 8266 break;
wolfSSL 16:8e0d178b1d1e 8267 ext->crit = x509->keyUsageCrit;
wolfSSL 16:8e0d178b1d1e 8268 break;
wolfSSL 16:8e0d178b1d1e 8269
wolfSSL 16:8e0d178b1d1e 8270 case CRL_DIST_OID:
wolfSSL 16:8e0d178b1d1e 8271 if (!isSet)
wolfSSL 16:8e0d178b1d1e 8272 break;
wolfSSL 16:8e0d178b1d1e 8273 ext->crit = x509->CRLdistCrit;
wolfSSL 16:8e0d178b1d1e 8274 break;
wolfSSL 16:8e0d178b1d1e 8275
wolfSSL 16:8e0d178b1d1e 8276 case ALT_NAMES_OID:
wolfSSL 16:8e0d178b1d1e 8277 {
wolfSSL 16:8e0d178b1d1e 8278 WOLFSSL_GENERAL_NAME* gn = NULL;
wolfSSL 16:8e0d178b1d1e 8279 DNS_entry* dns = NULL;
wolfSSL 16:8e0d178b1d1e 8280 if (!isSet)
wolfSSL 16:8e0d178b1d1e 8281 break;
wolfSSL 16:8e0d178b1d1e 8282
wolfSSL 16:8e0d178b1d1e 8283 sk = (WOLF_STACK_OF(WOLFSSL_GENERAL_NAME)*)XMALLOC(
wolfSSL 16:8e0d178b1d1e 8284 sizeof(WOLF_STACK_OF(WOLFSSL_GENERAL_NAME)), NULL,
wolfSSL 16:8e0d178b1d1e 8285 DYNAMIC_TYPE_ASN1);
wolfSSL 16:8e0d178b1d1e 8286 if (sk == NULL) {
wolfSSL 16:8e0d178b1d1e 8287 return NULL;
wolfSSL 16:8e0d178b1d1e 8288 }
wolfSSL 16:8e0d178b1d1e 8289 XMEMSET(sk, 0, sizeof(WOLF_STACK_OF(WOLFSSL_GENERAL_NAME)));
wolfSSL 16:8e0d178b1d1e 8290 sk->type = STACK_TYPE_GEN_NAME;
wolfSSL 16:8e0d178b1d1e 8291
wolfSSL 16:8e0d178b1d1e 8292 if (x509->subjAltNameSet && x509->altNames != NULL) {
wolfSSL 16:8e0d178b1d1e 8293 /* alt names are DNS_entry structs */
wolfSSL 16:8e0d178b1d1e 8294 dns = x509->altNames;
wolfSSL 16:8e0d178b1d1e 8295 /* Currently only support GEN_DNS type */
wolfSSL 16:8e0d178b1d1e 8296 while (dns != NULL) {
wolfSSL 16:8e0d178b1d1e 8297 gn = wolfSSL_GENERAL_NAME_new();
wolfSSL 16:8e0d178b1d1e 8298 if (gn == NULL) {
wolfSSL 16:8e0d178b1d1e 8299 WOLFSSL_MSG("Error creating GENERAL_NAME");
wolfSSL 16:8e0d178b1d1e 8300 wolfSSL_sk_free(sk);
wolfSSL 16:8e0d178b1d1e 8301 return NULL;
wolfSSL 16:8e0d178b1d1e 8302 }
wolfSSL 16:8e0d178b1d1e 8303
wolfSSL 16:8e0d178b1d1e 8304 gn->type = dns->type;
wolfSSL 16:8e0d178b1d1e 8305 gn->d.ia5->length = dns->len;
wolfSSL 16:8e0d178b1d1e 8306 if (wolfSSL_ASN1_STRING_set(gn->d.ia5, dns->name,
wolfSSL 16:8e0d178b1d1e 8307 gn->d.ia5->length) != WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 8308 WOLFSSL_MSG("ASN1_STRING_set failed");
wolfSSL 16:8e0d178b1d1e 8309 wolfSSL_GENERAL_NAME_free(gn);
wolfSSL 16:8e0d178b1d1e 8310 wolfSSL_sk_free(sk);
wolfSSL 16:8e0d178b1d1e 8311 return NULL;
wolfSSL 16:8e0d178b1d1e 8312 }
wolfSSL 16:8e0d178b1d1e 8313
wolfSSL 16:8e0d178b1d1e 8314 dns = dns->next;
wolfSSL 16:8e0d178b1d1e 8315 /* last dns in list add at end of function */
wolfSSL 16:8e0d178b1d1e 8316 if (dns != NULL) {
wolfSSL 16:8e0d178b1d1e 8317 if (wolfSSL_sk_GENERAL_NAME_push(sk, gn) !=
wolfSSL 16:8e0d178b1d1e 8318 WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 8319 WOLFSSL_MSG("Error pushing onto stack");
wolfSSL 16:8e0d178b1d1e 8320 wolfSSL_GENERAL_NAME_free(gn);
wolfSSL 16:8e0d178b1d1e 8321 wolfSSL_sk_free(sk);
wolfSSL 16:8e0d178b1d1e 8322 sk = NULL;
wolfSSL 16:8e0d178b1d1e 8323 }
wolfSSL 16:8e0d178b1d1e 8324 }
wolfSSL 16:8e0d178b1d1e 8325 }
wolfSSL 16:8e0d178b1d1e 8326 if (wolfSSL_sk_GENERAL_NAME_push(sk,gn) !=
wolfSSL 16:8e0d178b1d1e 8327 WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 8328 WOLFSSL_MSG("Error pushing onto stack");
wolfSSL 16:8e0d178b1d1e 8329 wolfSSL_GENERAL_NAME_free(gn);
wolfSSL 16:8e0d178b1d1e 8330 wolfSSL_sk_free(sk);
wolfSSL 16:8e0d178b1d1e 8331 sk = NULL;
wolfSSL 16:8e0d178b1d1e 8332 }
wolfSSL 16:8e0d178b1d1e 8333 }
wolfSSL 16:8e0d178b1d1e 8334 ext->ext_sk = sk;
wolfSSL 16:8e0d178b1d1e 8335 ext->crit = x509->subjAltNameCrit;
wolfSSL 16:8e0d178b1d1e 8336 break;
wolfSSL 16:8e0d178b1d1e 8337 }
wolfSSL 16:8e0d178b1d1e 8338
wolfSSL 16:8e0d178b1d1e 8339 default:
wolfSSL 16:8e0d178b1d1e 8340 WOLFSSL_MSG("Unknown extension type found, parsing OID");
wolfSSL 16:8e0d178b1d1e 8341 /* If the extension type is not recognized/supported,
wolfSSL 16:8e0d178b1d1e 8342 set the ASN1_OBJECT in the extension with the
wolfSSL 16:8e0d178b1d1e 8343 parsed oid for access in later function calls */
wolfSSL 16:8e0d178b1d1e 8344
wolfSSL 16:8e0d178b1d1e 8345 /* Get OID from input */
wolfSSL 16:8e0d178b1d1e 8346 if (GetASNObjectId(input, &idx, &length, sz) != 0) {
wolfSSL 16:8e0d178b1d1e 8347 WOLFSSL_MSG("Failed to Get ASN Object Id");
wolfSSL 16:8e0d178b1d1e 8348 wolfSSL_X509_EXTENSION_free(ext);
wolfSSL 16:8e0d178b1d1e 8349 FreeDecodedCert(&cert);
wolfSSL 16:8e0d178b1d1e 8350 return NULL;
wolfSSL 16:8e0d178b1d1e 8351 }
wolfSSL 16:8e0d178b1d1e 8352 oidBuf = (byte*)XMALLOC(length+1+MAX_LENGTH_SZ, NULL,
wolfSSL 16:8e0d178b1d1e 8353 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 8354 if (oidBuf == NULL) {
wolfSSL 16:8e0d178b1d1e 8355 WOLFSSL_MSG("Failed to malloc tmp buffer");
wolfSSL 16:8e0d178b1d1e 8356 wolfSSL_X509_EXTENSION_free(ext);
wolfSSL 16:8e0d178b1d1e 8357 FreeDecodedCert(&cert);
wolfSSL 16:8e0d178b1d1e 8358 return NULL;
wolfSSL 16:8e0d178b1d1e 8359 }
wolfSSL 16:8e0d178b1d1e 8360 oidBuf[0] = ASN_OBJECT_ID;
wolfSSL 16:8e0d178b1d1e 8361 objSz++;
wolfSSL 16:8e0d178b1d1e 8362 objSz += SetLength(length, oidBuf + 1);
wolfSSL 16:8e0d178b1d1e 8363 objSz += length;
wolfSSL 16:8e0d178b1d1e 8364
wolfSSL 16:8e0d178b1d1e 8365 /* Set object size and reallocate space in object buffer */
wolfSSL 16:8e0d178b1d1e 8366 ext->obj->objSz = objSz;
wolfSSL 16:8e0d178b1d1e 8367 if(((ext->obj->dynamic & WOLFSSL_ASN1_DYNAMIC_DATA) != 0) ||
wolfSSL 16:8e0d178b1d1e 8368 (ext->obj->obj == NULL)) {
wolfSSL 16:8e0d178b1d1e 8369 ext->obj->obj =(byte*)XREALLOC((byte*)ext->obj->obj,
wolfSSL 16:8e0d178b1d1e 8370 ext->obj->objSz,
wolfSSL 16:8e0d178b1d1e 8371 NULL,DYNAMIC_TYPE_ASN1);
wolfSSL 16:8e0d178b1d1e 8372 if (ext->obj->obj == NULL) {
wolfSSL 16:8e0d178b1d1e 8373 wolfSSL_ASN1_OBJECT_free(ext->obj);
wolfSSL 16:8e0d178b1d1e 8374 wolfSSL_X509_EXTENSION_free(ext);
wolfSSL 16:8e0d178b1d1e 8375 FreeDecodedCert(&cert);
wolfSSL 16:8e0d178b1d1e 8376 return NULL;
wolfSSL 16:8e0d178b1d1e 8377 }
wolfSSL 16:8e0d178b1d1e 8378 ext->obj->dynamic |= WOLFSSL_ASN1_DYNAMIC_DATA;
wolfSSL 16:8e0d178b1d1e 8379 } else {
wolfSSL 16:8e0d178b1d1e 8380 ext->obj->dynamic &= ~WOLFSSL_ASN1_DYNAMIC_DATA;
wolfSSL 16:8e0d178b1d1e 8381 }
wolfSSL 16:8e0d178b1d1e 8382 /* Get OID from input and copy to ASN1_OBJECT buffer */
wolfSSL 16:8e0d178b1d1e 8383 XMEMCPY(oidBuf+2, input+idx, length);
wolfSSL 16:8e0d178b1d1e 8384 XMEMCPY((byte*)ext->obj->obj, oidBuf, ext->obj->objSz);
wolfSSL 16:8e0d178b1d1e 8385 XFREE(oidBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 8386 oidBuf = NULL;
wolfSSL 16:8e0d178b1d1e 8387 ext->obj->grp = oidCertExtType;
wolfSSL 16:8e0d178b1d1e 8388 ext->crit = 0;
wolfSSL 16:8e0d178b1d1e 8389
wolfSSL 16:8e0d178b1d1e 8390 /* Get extension data and copy as ASN1_STRING */
wolfSSL 16:8e0d178b1d1e 8391 tmpIdx = idx + length;
wolfSSL 16:8e0d178b1d1e 8392 if ((tmpIdx >= (word32)sz) || (input[tmpIdx++] != ASN_OCTET_STRING)) {
wolfSSL 16:8e0d178b1d1e 8393 WOLFSSL_MSG("Error decoding unknown extension data");
wolfSSL 16:8e0d178b1d1e 8394 wolfSSL_ASN1_OBJECT_free(ext->obj);
wolfSSL 16:8e0d178b1d1e 8395 wolfSSL_X509_EXTENSION_free(ext);
wolfSSL 16:8e0d178b1d1e 8396 FreeDecodedCert(&cert);
wolfSSL 16:8e0d178b1d1e 8397 return NULL;
wolfSSL 16:8e0d178b1d1e 8398 }
wolfSSL 16:8e0d178b1d1e 8399
wolfSSL 16:8e0d178b1d1e 8400 if (GetLength(input, &tmpIdx, &length, sz) <= 0) {
wolfSSL 16:8e0d178b1d1e 8401 WOLFSSL_MSG("Error: Invalid Input Length.");
wolfSSL 16:8e0d178b1d1e 8402 wolfSSL_ASN1_OBJECT_free(ext->obj);
wolfSSL 16:8e0d178b1d1e 8403 wolfSSL_X509_EXTENSION_free(ext);
wolfSSL 16:8e0d178b1d1e 8404 FreeDecodedCert(&cert);
wolfSSL 16:8e0d178b1d1e 8405 return NULL;
wolfSSL 16:8e0d178b1d1e 8406 }
wolfSSL 16:8e0d178b1d1e 8407 ext->value.data = (char*)XMALLOC(length, NULL, DYNAMIC_TYPE_ASN1);
wolfSSL 16:8e0d178b1d1e 8408 ext->value.isDynamic = 1;
wolfSSL 16:8e0d178b1d1e 8409 if (ext->value.data == NULL) {
wolfSSL 16:8e0d178b1d1e 8410 WOLFSSL_MSG("Failed to malloc ASN1_STRING data");
wolfSSL 16:8e0d178b1d1e 8411 wolfSSL_X509_EXTENSION_free(ext);
wolfSSL 16:8e0d178b1d1e 8412 FreeDecodedCert(&cert);
wolfSSL 16:8e0d178b1d1e 8413 return NULL;
wolfSSL 16:8e0d178b1d1e 8414 }
wolfSSL 16:8e0d178b1d1e 8415 XMEMCPY(ext->value.data,input+tmpIdx,length);
wolfSSL 16:8e0d178b1d1e 8416 ext->value.length = length;
wolfSSL 16:8e0d178b1d1e 8417 } /* switch(oid) */
wolfSSL 16:8e0d178b1d1e 8418
wolfSSL 16:8e0d178b1d1e 8419 break; /* Got the Extension. Now exit while loop. */
wolfSSL 16:8e0d178b1d1e 8420
wolfSSL 16:8e0d178b1d1e 8421 } /* while(idx < sz) */
wolfSSL 16:8e0d178b1d1e 8422
wolfSSL 16:8e0d178b1d1e 8423 /* Store the new extension in a stack inside x509
wolfSSL 16:8e0d178b1d1e 8424 * The extensions on the stack are free'd internally when FreeX509 is called
wolfSSL 16:8e0d178b1d1e 8425 */
wolfSSL 16:8e0d178b1d1e 8426 if (x509->ext_sk == NULL)
wolfSSL 16:8e0d178b1d1e 8427 x509->ext_sk = wolfSSL_sk_new_x509_ext();
wolfSSL 16:8e0d178b1d1e 8428 if (x509->ext_sk != NULL)
wolfSSL 16:8e0d178b1d1e 8429 wolfSSL_sk_X509_EXTENSION_push(x509->ext_sk, ext);
wolfSSL 16:8e0d178b1d1e 8430
wolfSSL 16:8e0d178b1d1e 8431 FreeDecodedCert(&cert);
wolfSSL 16:8e0d178b1d1e 8432 return ext;
wolfSSL 16:8e0d178b1d1e 8433 }
wolfSSL 16:8e0d178b1d1e 8434
wolfSSL 16:8e0d178b1d1e 8435 /* Return 0 on success and 1 on failure. Copies ext data to bio, using indent
wolfSSL 16:8e0d178b1d1e 8436 * to pad the output. flag is ignored. */
wolfSSL 16:8e0d178b1d1e 8437 int wolfSSL_X509V3_EXT_print(WOLFSSL_BIO *out, WOLFSSL_X509_EXTENSION *ext,
wolfSSL 16:8e0d178b1d1e 8438 unsigned long flag, int indent)
wolfSSL 16:8e0d178b1d1e 8439 {
wolfSSL 16:8e0d178b1d1e 8440 ASN1_OBJECT* obj;
wolfSSL 16:8e0d178b1d1e 8441 ASN1_STRING* str;
wolfSSL 16:8e0d178b1d1e 8442 int nid;
wolfSSL 16:8e0d178b1d1e 8443 const int sz = CTC_NAME_SIZE*2;
wolfSSL 16:8e0d178b1d1e 8444 int rc = WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 8445 char tmp[CTC_NAME_SIZE*2];
wolfSSL 16:8e0d178b1d1e 8446 WOLFSSL_ENTER("wolfSSL_X509V3_EXT_print");
wolfSSL 16:8e0d178b1d1e 8447
wolfSSL 16:8e0d178b1d1e 8448 if ((out == NULL) || (ext == NULL)) {
wolfSSL 16:8e0d178b1d1e 8449 WOLFSSL_MSG("NULL parameter error");
wolfSSL 16:8e0d178b1d1e 8450 return rc;
wolfSSL 16:8e0d178b1d1e 8451 }
wolfSSL 16:8e0d178b1d1e 8452
wolfSSL 16:8e0d178b1d1e 8453 obj = wolfSSL_X509_EXTENSION_get_object(ext);
wolfSSL 16:8e0d178b1d1e 8454 if (obj == NULL) {
wolfSSL 16:8e0d178b1d1e 8455 WOLFSSL_MSG("Error getting ASN1_OBJECT from X509_EXTENSION");
wolfSSL 16:8e0d178b1d1e 8456 return rc;
wolfSSL 16:8e0d178b1d1e 8457 }
wolfSSL 16:8e0d178b1d1e 8458
wolfSSL 16:8e0d178b1d1e 8459 str = wolfSSL_X509_EXTENSION_get_data(ext);
wolfSSL 16:8e0d178b1d1e 8460 if (obj == NULL) {
wolfSSL 16:8e0d178b1d1e 8461 WOLFSSL_MSG("Error getting ASN1_STRING from X509_EXTENSION");
wolfSSL 16:8e0d178b1d1e 8462 return rc;
wolfSSL 16:8e0d178b1d1e 8463 }
wolfSSL 16:8e0d178b1d1e 8464
wolfSSL 16:8e0d178b1d1e 8465 /* Print extension based on the type */
wolfSSL 16:8e0d178b1d1e 8466 nid = wolfSSL_OBJ_obj2nid(obj);
wolfSSL 16:8e0d178b1d1e 8467 switch (nid) {
wolfSSL 16:8e0d178b1d1e 8468 case BASIC_CA_OID:
wolfSSL 16:8e0d178b1d1e 8469 {
wolfSSL 16:8e0d178b1d1e 8470 char isCa[] = "TRUE";
wolfSSL 16:8e0d178b1d1e 8471 char notCa[] = "FALSE";
wolfSSL 16:8e0d178b1d1e 8472 XSNPRINTF(tmp, sz, "%*sCA:%s", indent, "",
wolfSSL 16:8e0d178b1d1e 8473 obj->ca ? isCa : notCa);
wolfSSL 16:8e0d178b1d1e 8474 break;
wolfSSL 16:8e0d178b1d1e 8475 }
wolfSSL 16:8e0d178b1d1e 8476 case ALT_NAMES_OID:
wolfSSL 16:8e0d178b1d1e 8477 {
wolfSSL 16:8e0d178b1d1e 8478 WOLFSSL_STACK* sk;
wolfSSL 16:8e0d178b1d1e 8479 char* val;
wolfSSL 16:8e0d178b1d1e 8480 int len;
wolfSSL 16:8e0d178b1d1e 8481 tmp[0] = '\0'; /* Make sure tmp is null-terminated */
wolfSSL 16:8e0d178b1d1e 8482
wolfSSL 16:8e0d178b1d1e 8483 sk = ext->ext_sk;
wolfSSL 16:8e0d178b1d1e 8484 while (sk != NULL) {
wolfSSL 16:8e0d178b1d1e 8485 if (sk->type == STACK_TYPE_GEN_NAME && sk->data.gn) {
wolfSSL 16:8e0d178b1d1e 8486 /* str is GENERAL_NAME for subject alternative name ext */
wolfSSL 16:8e0d178b1d1e 8487 str = sk->data.gn->d.ia5;
wolfSSL 16:8e0d178b1d1e 8488 len = str->length + 2; /* + 2 for NULL char and "," */
wolfSSL 16:8e0d178b1d1e 8489 if (len > sz) {
wolfSSL 16:8e0d178b1d1e 8490 WOLFSSL_MSG("len greater than buffer size");
wolfSSL 16:8e0d178b1d1e 8491 return rc;
wolfSSL 16:8e0d178b1d1e 8492 }
wolfSSL 16:8e0d178b1d1e 8493
wolfSSL 16:8e0d178b1d1e 8494 val = (char*)XMALLOC(len + indent, NULL,
wolfSSL 16:8e0d178b1d1e 8495 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 8496 if (val == NULL) {
wolfSSL 16:8e0d178b1d1e 8497 WOLFSSL_MSG("Memory error");
wolfSSL 16:8e0d178b1d1e 8498 return rc;
wolfSSL 16:8e0d178b1d1e 8499 }
wolfSSL 16:8e0d178b1d1e 8500 if (sk->next)
wolfSSL 16:8e0d178b1d1e 8501 XSNPRINTF(val, len, "%*s%s, ", indent, "", str->strData);
wolfSSL 16:8e0d178b1d1e 8502 else
wolfSSL 16:8e0d178b1d1e 8503 XSNPRINTF(val, len, "%*s%s", indent, "", str->strData);
wolfSSL 16:8e0d178b1d1e 8504
wolfSSL 16:8e0d178b1d1e 8505 XSTRNCAT(tmp, val, len);
wolfSSL 16:8e0d178b1d1e 8506 XFREE(val, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 8507 }
wolfSSL 16:8e0d178b1d1e 8508 sk = sk->next;
wolfSSL 16:8e0d178b1d1e 8509 }
wolfSSL 16:8e0d178b1d1e 8510 break;
wolfSSL 16:8e0d178b1d1e 8511 }
wolfSSL 16:8e0d178b1d1e 8512 case AUTH_KEY_OID:
wolfSSL 16:8e0d178b1d1e 8513 case SUBJ_KEY_OID:
wolfSSL 16:8e0d178b1d1e 8514 {
wolfSSL 16:8e0d178b1d1e 8515 char* asn1str;
wolfSSL 16:8e0d178b1d1e 8516 asn1str = wolfSSL_i2s_ASN1_STRING(NULL, str);
wolfSSL 16:8e0d178b1d1e 8517 XSNPRINTF(tmp, sz, "%*s%s", indent, "", asn1str);
wolfSSL 16:8e0d178b1d1e 8518 XFREE(asn1str, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 8519 break;
wolfSSL 16:8e0d178b1d1e 8520 }
wolfSSL 16:8e0d178b1d1e 8521 case AUTH_INFO_OID:
wolfSSL 16:8e0d178b1d1e 8522 case CERT_POLICY_OID:
wolfSSL 16:8e0d178b1d1e 8523 case CRL_DIST_OID:
wolfSSL 16:8e0d178b1d1e 8524 case KEY_USAGE_OID:
wolfSSL 16:8e0d178b1d1e 8525 WOLFSSL_MSG("X509V3_EXT_print not yet implemented for ext type");
wolfSSL 16:8e0d178b1d1e 8526 break;
wolfSSL 16:8e0d178b1d1e 8527
wolfSSL 16:8e0d178b1d1e 8528 default:
wolfSSL 16:8e0d178b1d1e 8529 XSNPRINTF(tmp, sz, "%*s%s", indent, "", str->strData);
wolfSSL 16:8e0d178b1d1e 8530 }
wolfSSL 16:8e0d178b1d1e 8531
wolfSSL 16:8e0d178b1d1e 8532 if (wolfSSL_BIO_write(out, tmp, (int)XSTRLEN(tmp)) == (int)XSTRLEN(tmp)) {
wolfSSL 16:8e0d178b1d1e 8533 rc = WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 8534 }
wolfSSL 16:8e0d178b1d1e 8535 (void) flag;
wolfSSL 16:8e0d178b1d1e 8536
wolfSSL 16:8e0d178b1d1e 8537 return rc;
wolfSSL 16:8e0d178b1d1e 8538 }
wolfSSL 16:8e0d178b1d1e 8539
wolfSSL 16:8e0d178b1d1e 8540 /* Returns crit flag in X509_EXTENSION object */
wolfSSL 16:8e0d178b1d1e 8541 int wolfSSL_X509_EXTENSION_get_critical(const WOLFSSL_X509_EXTENSION* ex)
wolfSSL 16:8e0d178b1d1e 8542 {
wolfSSL 16:8e0d178b1d1e 8543 WOLFSSL_ENTER("wolfSSL_X509_EXTENSION_get_critical");
wolfSSL 16:8e0d178b1d1e 8544 if (ex == NULL)
wolfSSL 16:8e0d178b1d1e 8545 return BAD_FUNC_ARG;
wolfSSL 16:8e0d178b1d1e 8546 return ex->crit;
wolfSSL 16:8e0d178b1d1e 8547 }
wolfSSL 16:8e0d178b1d1e 8548
wolfSSL 16:8e0d178b1d1e 8549 /* Creates v3_ext_method for a given X509v3 extension
wolfSSL 16:8e0d178b1d1e 8550 *
wolfSSL 16:8e0d178b1d1e 8551 * ex : The X509_EXTENSION used to create v3_ext_method. If the extension is
wolfSSL 16:8e0d178b1d1e 8552 * not NULL, get the NID of the extension object and populate the
wolfSSL 16:8e0d178b1d1e 8553 * extension type-specific X509V3_EXT_* function(s) in v3_ext_method.
wolfSSL 16:8e0d178b1d1e 8554 *
wolfSSL 16:8e0d178b1d1e 8555 * Returns NULL on error or pointer to the v3_ext_method populated with extension
wolfSSL 16:8e0d178b1d1e 8556 * type-specific X509V3_EXT_* function(s).
wolfSSL 16:8e0d178b1d1e 8557 *
wolfSSL 16:8e0d178b1d1e 8558 * NOTE: NID_subject_key_identifier is currently the only extension implementing
wolfSSL 16:8e0d178b1d1e 8559 * the X509V3_EXT_* functions, as it is the only type called directly by QT. The
wolfSSL 16:8e0d178b1d1e 8560 * other extension types return a pointer to a v3_ext_method struct that contains
wolfSSL 16:8e0d178b1d1e 8561 * only the NID.
wolfSSL 16:8e0d178b1d1e 8562 */
wolfSSL 16:8e0d178b1d1e 8563 const WOLFSSL_v3_ext_method* wolfSSL_X509V3_EXT_get(WOLFSSL_X509_EXTENSION* ex)
wolfSSL 16:8e0d178b1d1e 8564 {
wolfSSL 16:8e0d178b1d1e 8565 int nid;
wolfSSL 16:8e0d178b1d1e 8566 WOLFSSL_v3_ext_method method;
wolfSSL 16:8e0d178b1d1e 8567
wolfSSL 16:8e0d178b1d1e 8568 WOLFSSL_ENTER("wolfSSL_X509V3_EXT_get");
wolfSSL 16:8e0d178b1d1e 8569 if ((ex == NULL) || (ex->obj == NULL)) {
wolfSSL 16:8e0d178b1d1e 8570 WOLFSSL_MSG("Passed an invalid X509_EXTENSION*");
wolfSSL 16:8e0d178b1d1e 8571 return NULL;
wolfSSL 16:8e0d178b1d1e 8572 }
wolfSSL 16:8e0d178b1d1e 8573 /* Initialize all methods to NULL */
wolfSSL 16:8e0d178b1d1e 8574 method.d2i = NULL;
wolfSSL 16:8e0d178b1d1e 8575 method.i2v = NULL;
wolfSSL 16:8e0d178b1d1e 8576 method.i2s = NULL;
wolfSSL 16:8e0d178b1d1e 8577 method.i2r = NULL;
wolfSSL 16:8e0d178b1d1e 8578
wolfSSL 16:8e0d178b1d1e 8579 nid = ex->obj->nid;
wolfSSL 16:8e0d178b1d1e 8580 if (nid <= 0) {
wolfSSL 16:8e0d178b1d1e 8581 WOLFSSL_MSG("Failed to get nid from passed extension object");
wolfSSL 16:8e0d178b1d1e 8582 return NULL;
wolfSSL 16:8e0d178b1d1e 8583 }
wolfSSL 16:8e0d178b1d1e 8584
wolfSSL 16:8e0d178b1d1e 8585 switch (nid) {
wolfSSL 16:8e0d178b1d1e 8586 case NID_basic_constraints:
wolfSSL 16:8e0d178b1d1e 8587 break;
wolfSSL 16:8e0d178b1d1e 8588 case NID_subject_key_identifier:
wolfSSL 16:8e0d178b1d1e 8589 method.i2s = (X509V3_EXT_I2S)wolfSSL_i2s_ASN1_STRING;
wolfSSL 16:8e0d178b1d1e 8590 break;
wolfSSL 16:8e0d178b1d1e 8591 case NID_key_usage:
wolfSSL 16:8e0d178b1d1e 8592 WOLFSSL_MSG("i2v function not yet implemented for Key Usage");
wolfSSL 16:8e0d178b1d1e 8593 break;
wolfSSL 16:8e0d178b1d1e 8594 case NID_authority_key_identifier:
wolfSSL 16:8e0d178b1d1e 8595 WOLFSSL_MSG("i2v function not yet implemented for Auth Key Id");
wolfSSL 16:8e0d178b1d1e 8596 break;
wolfSSL 16:8e0d178b1d1e 8597 case NID_info_access:
wolfSSL 16:8e0d178b1d1e 8598 WOLFSSL_MSG("i2v function not yet implemented for Info Access");
wolfSSL 16:8e0d178b1d1e 8599 break;
wolfSSL 16:8e0d178b1d1e 8600 case NID_ext_key_usage:
wolfSSL 16:8e0d178b1d1e 8601 WOLFSSL_MSG("i2v function not yet implemented for Ext Key Usage");
wolfSSL 16:8e0d178b1d1e 8602 break;
wolfSSL 16:8e0d178b1d1e 8603 case NID_certificate_policies:
wolfSSL 16:8e0d178b1d1e 8604 WOLFSSL_MSG("r2i function not yet implemented for Cert Policies");
wolfSSL 16:8e0d178b1d1e 8605 break;
wolfSSL 16:8e0d178b1d1e 8606 case NID_crl_distribution_points:
wolfSSL 16:8e0d178b1d1e 8607 WOLFSSL_MSG("r2i function not yet implemented for CRL Dist Points");
wolfSSL 16:8e0d178b1d1e 8608 break;
wolfSSL 16:8e0d178b1d1e 8609 default:
wolfSSL 16:8e0d178b1d1e 8610 /* If extension type is unknown, return NULL -- QT makes call to
wolfSSL 16:8e0d178b1d1e 8611 X509_EXTENSION_get_data() if there is no v3_ext_method */
wolfSSL 16:8e0d178b1d1e 8612 WOLFSSL_MSG("X509V3_EXT_get(): Unknown extension type found");
wolfSSL 16:8e0d178b1d1e 8613 return NULL;
wolfSSL 16:8e0d178b1d1e 8614 }
wolfSSL 16:8e0d178b1d1e 8615
wolfSSL 16:8e0d178b1d1e 8616 method.ext_nid = nid;
wolfSSL 16:8e0d178b1d1e 8617 ex->ext_method = method;
wolfSSL 16:8e0d178b1d1e 8618
wolfSSL 16:8e0d178b1d1e 8619 return (const WOLFSSL_v3_ext_method*)&ex->ext_method;
wolfSSL 16:8e0d178b1d1e 8620 }
wolfSSL 16:8e0d178b1d1e 8621
wolfSSL 16:8e0d178b1d1e 8622 /* Parses and returns an x509v3 extension internal structure.
wolfSSL 16:8e0d178b1d1e 8623 *
wolfSSL 16:8e0d178b1d1e 8624 * ext : The X509_EXTENSION for parsing internal structure. If extension is
wolfSSL 16:8e0d178b1d1e 8625 * not NULL, get the NID of the extension object and create a new
wolfSSL 16:8e0d178b1d1e 8626 * extension-specific internal structure based on the extension type.
wolfSSL 16:8e0d178b1d1e 8627 *
wolfSSL 16:8e0d178b1d1e 8628 * Returns NULL on error or if NID is not found, otherwise returns a pointer to
wolfSSL 16:8e0d178b1d1e 8629 * the extension type-specific X509_EXTENSION internal structure.
wolfSSL 16:8e0d178b1d1e 8630 * Return is expected to be free'd by caller.
wolfSSL 16:8e0d178b1d1e 8631 */
wolfSSL 16:8e0d178b1d1e 8632 void* wolfSSL_X509V3_EXT_d2i(WOLFSSL_X509_EXTENSION* ext)
wolfSSL 16:8e0d178b1d1e 8633 {
wolfSSL 16:8e0d178b1d1e 8634 const WOLFSSL_v3_ext_method* method;
wolfSSL 16:8e0d178b1d1e 8635 int ret;
wolfSSL 16:8e0d178b1d1e 8636 WOLFSSL_ASN1_OBJECT* object;
wolfSSL 16:8e0d178b1d1e 8637 WOLFSSL_BASIC_CONSTRAINTS* bc;
wolfSSL 16:8e0d178b1d1e 8638 WOLFSSL_AUTHORITY_KEYID* akey;
wolfSSL 16:8e0d178b1d1e 8639 WOLFSSL_ASN1_STRING* asn1String, *newString;
wolfSSL 16:8e0d178b1d1e 8640 WOLFSSL_AUTHORITY_INFO_ACCESS* aia;
wolfSSL 16:8e0d178b1d1e 8641 WOLFSSL_STACK* sk;
wolfSSL 16:8e0d178b1d1e 8642
wolfSSL 16:8e0d178b1d1e 8643 WOLFSSL_ENTER("wolfSSL_X509V3_EXT_d2i");
wolfSSL 16:8e0d178b1d1e 8644
wolfSSL 16:8e0d178b1d1e 8645 if(ext == NULL) {
wolfSSL 16:8e0d178b1d1e 8646 WOLFSSL_MSG("Bad function Argument");
wolfSSL 16:8e0d178b1d1e 8647 return NULL;
wolfSSL 16:8e0d178b1d1e 8648 }
wolfSSL 16:8e0d178b1d1e 8649
wolfSSL 16:8e0d178b1d1e 8650 /* extract extension info */
wolfSSL 16:8e0d178b1d1e 8651 method = wolfSSL_X509V3_EXT_get(ext);
wolfSSL 16:8e0d178b1d1e 8652 if (method == NULL) {
wolfSSL 16:8e0d178b1d1e 8653 WOLFSSL_MSG("wolfSSL_X509V3_EXT_get error");
wolfSSL 16:8e0d178b1d1e 8654 return NULL;
wolfSSL 16:8e0d178b1d1e 8655 }
wolfSSL 16:8e0d178b1d1e 8656 object = wolfSSL_X509_EXTENSION_get_object(ext);
wolfSSL 16:8e0d178b1d1e 8657 if (object == NULL) {
wolfSSL 16:8e0d178b1d1e 8658 WOLFSSL_MSG("X509_EXTENSION_get_object failed");
wolfSSL 16:8e0d178b1d1e 8659 return NULL;
wolfSSL 16:8e0d178b1d1e 8660 }
wolfSSL 16:8e0d178b1d1e 8661
wolfSSL 16:8e0d178b1d1e 8662 /* Return pointer to proper internal structure based on NID */
wolfSSL 16:8e0d178b1d1e 8663 switch (object->type) {
wolfSSL 16:8e0d178b1d1e 8664 /* basicConstraints */
wolfSSL 16:8e0d178b1d1e 8665 case (NID_basic_constraints):
wolfSSL 16:8e0d178b1d1e 8666 WOLFSSL_MSG("basicConstraints");
wolfSSL 16:8e0d178b1d1e 8667 /* Allocate new BASIC_CONSTRAINTS structure */
wolfSSL 16:8e0d178b1d1e 8668 bc = (WOLFSSL_BASIC_CONSTRAINTS*)
wolfSSL 16:8e0d178b1d1e 8669 XMALLOC(sizeof(WOLFSSL_BASIC_CONSTRAINTS), NULL,
wolfSSL 16:8e0d178b1d1e 8670 DYNAMIC_TYPE_X509_EXT);
wolfSSL 16:8e0d178b1d1e 8671 if (bc == NULL) {
wolfSSL 16:8e0d178b1d1e 8672 WOLFSSL_MSG("Failed to malloc basic constraints");
wolfSSL 16:8e0d178b1d1e 8673 return NULL;
wolfSSL 16:8e0d178b1d1e 8674 }
wolfSSL 16:8e0d178b1d1e 8675 /* Copy pathlen and CA into BASIC_CONSTRAINTS from object */
wolfSSL 16:8e0d178b1d1e 8676 bc->ca = object->ca;
wolfSSL 16:8e0d178b1d1e 8677 if (object->pathlen->length > 0) {
wolfSSL 16:8e0d178b1d1e 8678 bc->pathlen = wolfSSL_ASN1_INTEGER_dup(object->pathlen);
wolfSSL 16:8e0d178b1d1e 8679 if (bc->pathlen == NULL) {
wolfSSL 16:8e0d178b1d1e 8680 WOLFSSL_MSG("Failed to duplicate ASN1_INTEGER");
wolfSSL 16:8e0d178b1d1e 8681 XFREE(bc, NULL, DYNAMIC_TYPE_X509_EXT);
wolfSSL 16:8e0d178b1d1e 8682 return NULL;
wolfSSL 16:8e0d178b1d1e 8683 }
wolfSSL 16:8e0d178b1d1e 8684 }
wolfSSL 16:8e0d178b1d1e 8685 else
wolfSSL 16:8e0d178b1d1e 8686 bc->pathlen = NULL;
wolfSSL 16:8e0d178b1d1e 8687 return bc;
wolfSSL 16:8e0d178b1d1e 8688
wolfSSL 16:8e0d178b1d1e 8689 /* subjectKeyIdentifier */
wolfSSL 16:8e0d178b1d1e 8690 case (NID_subject_key_identifier):
wolfSSL 16:8e0d178b1d1e 8691 WOLFSSL_MSG("subjectKeyIdentifier");
wolfSSL 16:8e0d178b1d1e 8692 asn1String = wolfSSL_X509_EXTENSION_get_data(ext);
wolfSSL 16:8e0d178b1d1e 8693 if (asn1String == NULL) {
wolfSSL 16:8e0d178b1d1e 8694 WOLFSSL_MSG("X509_EXTENSION_get_data() failed");
wolfSSL 16:8e0d178b1d1e 8695 return NULL;
wolfSSL 16:8e0d178b1d1e 8696 }
wolfSSL 16:8e0d178b1d1e 8697 newString = wolfSSL_ASN1_STRING_new();
wolfSSL 16:8e0d178b1d1e 8698 if (newString == NULL) {
wolfSSL 16:8e0d178b1d1e 8699 WOLFSSL_MSG("Failed to malloc ASN1_STRING");
wolfSSL 16:8e0d178b1d1e 8700 return NULL;
wolfSSL 16:8e0d178b1d1e 8701 }
wolfSSL 16:8e0d178b1d1e 8702 ret = wolfSSL_ASN1_STRING_set(newString, asn1String->data,
wolfSSL 16:8e0d178b1d1e 8703 asn1String->length);
wolfSSL 16:8e0d178b1d1e 8704 if (ret != WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 8705 WOLFSSL_MSG("ASN1_STRING_set() failed");
wolfSSL 16:8e0d178b1d1e 8706 wolfSSL_ASN1_STRING_free(newString);
wolfSSL 16:8e0d178b1d1e 8707 return NULL;
wolfSSL 16:8e0d178b1d1e 8708 };
wolfSSL 16:8e0d178b1d1e 8709 newString->type = asn1String->type;
wolfSSL 16:8e0d178b1d1e 8710 return newString;
wolfSSL 16:8e0d178b1d1e 8711
wolfSSL 16:8e0d178b1d1e 8712 /* authorityKeyIdentifier */
wolfSSL 16:8e0d178b1d1e 8713 case (NID_authority_key_identifier):
wolfSSL 16:8e0d178b1d1e 8714 WOLFSSL_MSG("AuthorityKeyIdentifier");
wolfSSL 16:8e0d178b1d1e 8715
wolfSSL 16:8e0d178b1d1e 8716 akey = (WOLFSSL_AUTHORITY_KEYID*)
wolfSSL 16:8e0d178b1d1e 8717 XMALLOC(sizeof(WOLFSSL_AUTHORITY_KEYID), NULL,
wolfSSL 16:8e0d178b1d1e 8718 DYNAMIC_TYPE_X509_EXT);
wolfSSL 16:8e0d178b1d1e 8719 if (akey == NULL) {
wolfSSL 16:8e0d178b1d1e 8720 WOLFSSL_MSG("Failed to malloc authority key id");
wolfSSL 16:8e0d178b1d1e 8721 return NULL;
wolfSSL 16:8e0d178b1d1e 8722 }
wolfSSL 16:8e0d178b1d1e 8723
wolfSSL 16:8e0d178b1d1e 8724 akey->keyid = wolfSSL_ASN1_STRING_new();
wolfSSL 16:8e0d178b1d1e 8725 if (akey->keyid == NULL) {
wolfSSL 16:8e0d178b1d1e 8726 WOLFSSL_MSG("ASN1_STRING_new() failed");
wolfSSL 16:8e0d178b1d1e 8727 wolfSSL_AUTHORITY_KEYID_free(akey);
wolfSSL 16:8e0d178b1d1e 8728 return NULL;
wolfSSL 16:8e0d178b1d1e 8729 }
wolfSSL 16:8e0d178b1d1e 8730
wolfSSL 16:8e0d178b1d1e 8731 asn1String = wolfSSL_X509_EXTENSION_get_data(ext);
wolfSSL 16:8e0d178b1d1e 8732 if (asn1String == NULL) {
wolfSSL 16:8e0d178b1d1e 8733 WOLFSSL_MSG("X509_EXTENSION_get_data() failed");
wolfSSL 16:8e0d178b1d1e 8734 wolfSSL_AUTHORITY_KEYID_free(akey);
wolfSSL 16:8e0d178b1d1e 8735 return NULL;
wolfSSL 16:8e0d178b1d1e 8736 }
wolfSSL 16:8e0d178b1d1e 8737
wolfSSL 16:8e0d178b1d1e 8738 ret = wolfSSL_ASN1_STRING_set(akey->keyid, asn1String->data,
wolfSSL 16:8e0d178b1d1e 8739 asn1String->length);
wolfSSL 16:8e0d178b1d1e 8740 if (ret != WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 8741 WOLFSSL_MSG("ASN1_STRING_set() failed");
wolfSSL 16:8e0d178b1d1e 8742 wolfSSL_AUTHORITY_KEYID_free(akey);
wolfSSL 16:8e0d178b1d1e 8743 return NULL;
wolfSSL 16:8e0d178b1d1e 8744 };
wolfSSL 16:8e0d178b1d1e 8745 akey->keyid->type = asn1String->type;
wolfSSL 16:8e0d178b1d1e 8746
wolfSSL 16:8e0d178b1d1e 8747 /* For now, set issuer and serial to NULL. This may need to be
wolfSSL 16:8e0d178b1d1e 8748 updated for future use */
wolfSSL 16:8e0d178b1d1e 8749 akey->issuer = NULL;
wolfSSL 16:8e0d178b1d1e 8750 akey->serial = NULL;
wolfSSL 16:8e0d178b1d1e 8751 return akey;
wolfSSL 16:8e0d178b1d1e 8752
wolfSSL 16:8e0d178b1d1e 8753 /* keyUsage */
wolfSSL 16:8e0d178b1d1e 8754 case (NID_key_usage):
wolfSSL 16:8e0d178b1d1e 8755 WOLFSSL_MSG("keyUsage");
wolfSSL 16:8e0d178b1d1e 8756 /* This may need to be updated for future use. The i2v method for
wolfSSL 16:8e0d178b1d1e 8757 keyUsage is not currently set. For now, return the ASN1_STRING
wolfSSL 16:8e0d178b1d1e 8758 representation of KeyUsage bit string */
wolfSSL 16:8e0d178b1d1e 8759 asn1String = wolfSSL_X509_EXTENSION_get_data(ext);
wolfSSL 16:8e0d178b1d1e 8760 if (asn1String == NULL) {
wolfSSL 16:8e0d178b1d1e 8761 WOLFSSL_MSG("X509_EXTENSION_get_data() failed");
wolfSSL 16:8e0d178b1d1e 8762 return NULL;
wolfSSL 16:8e0d178b1d1e 8763 }
wolfSSL 16:8e0d178b1d1e 8764 newString = wolfSSL_ASN1_STRING_new();
wolfSSL 16:8e0d178b1d1e 8765 if (newString == NULL) {
wolfSSL 16:8e0d178b1d1e 8766 WOLFSSL_MSG("Failed to malloc ASN1_STRING");
wolfSSL 16:8e0d178b1d1e 8767 return NULL;
wolfSSL 16:8e0d178b1d1e 8768 }
wolfSSL 16:8e0d178b1d1e 8769 ret = wolfSSL_ASN1_STRING_set(newString, asn1String->data,
wolfSSL 16:8e0d178b1d1e 8770 asn1String->length);
wolfSSL 16:8e0d178b1d1e 8771 if (ret != WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 8772 WOLFSSL_MSG("ASN1_STRING_set() failed");
wolfSSL 16:8e0d178b1d1e 8773 wolfSSL_ASN1_STRING_free(newString);
wolfSSL 16:8e0d178b1d1e 8774 return NULL;
wolfSSL 16:8e0d178b1d1e 8775 };
wolfSSL 16:8e0d178b1d1e 8776 newString->type = asn1String->type;
wolfSSL 16:8e0d178b1d1e 8777 return newString;
wolfSSL 16:8e0d178b1d1e 8778
wolfSSL 16:8e0d178b1d1e 8779 /* extKeyUsage */
wolfSSL 16:8e0d178b1d1e 8780 case (NID_ext_key_usage):
wolfSSL 16:8e0d178b1d1e 8781 WOLFSSL_MSG("extKeyUsage not supported yet");
wolfSSL 16:8e0d178b1d1e 8782 return NULL;
wolfSSL 16:8e0d178b1d1e 8783
wolfSSL 16:8e0d178b1d1e 8784 /* certificatePolicies */
wolfSSL 16:8e0d178b1d1e 8785 case (NID_certificate_policies):
wolfSSL 16:8e0d178b1d1e 8786 WOLFSSL_MSG("certificatePolicies not supported yet");
wolfSSL 16:8e0d178b1d1e 8787 return NULL;
wolfSSL 16:8e0d178b1d1e 8788
wolfSSL 16:8e0d178b1d1e 8789 /* cRLDistributionPoints */
wolfSSL 16:8e0d178b1d1e 8790 case (NID_crl_distribution_points):
wolfSSL 16:8e0d178b1d1e 8791 WOLFSSL_MSG("cRLDistributionPoints not supported yet");
wolfSSL 16:8e0d178b1d1e 8792 return NULL;
wolfSSL 16:8e0d178b1d1e 8793
wolfSSL 16:8e0d178b1d1e 8794 /* authorityInfoAccess */
wolfSSL 16:8e0d178b1d1e 8795 case (NID_info_access):
wolfSSL 16:8e0d178b1d1e 8796 WOLFSSL_MSG("AuthorityInfoAccess");
wolfSSL 16:8e0d178b1d1e 8797
wolfSSL 16:8e0d178b1d1e 8798 sk = ext->ext_sk;
wolfSSL 16:8e0d178b1d1e 8799 if (sk == NULL) {
wolfSSL 16:8e0d178b1d1e 8800 WOLFSSL_MSG("ACCESS_DESCRIPTION stack NULL");
wolfSSL 16:8e0d178b1d1e 8801 return NULL;
wolfSSL 16:8e0d178b1d1e 8802 }
wolfSSL 16:8e0d178b1d1e 8803
wolfSSL 16:8e0d178b1d1e 8804 /* AUTHORITY_INFO_ACCESS is a stack of ACCESS_DESCRIPTION entries */
wolfSSL 16:8e0d178b1d1e 8805 aia = wolfSSL_sk_new_null();
wolfSSL 16:8e0d178b1d1e 8806 if (aia == NULL) {
wolfSSL 16:8e0d178b1d1e 8807 WOLFSSL_MSG("Failed to malloc AUTHORITY_INFO_ACCESS");
wolfSSL 16:8e0d178b1d1e 8808 return NULL;
wolfSSL 16:8e0d178b1d1e 8809 }
wolfSSL 16:8e0d178b1d1e 8810 aia->type = STACK_TYPE_ACCESS_DESCRIPTION;
wolfSSL 16:8e0d178b1d1e 8811
wolfSSL 16:8e0d178b1d1e 8812 while (sk) {
wolfSSL 16:8e0d178b1d1e 8813 WOLFSSL_ACCESS_DESCRIPTION* ad;
wolfSSL 16:8e0d178b1d1e 8814 WOLFSSL_ASN1_OBJECT* aiaEntry;
wolfSSL 16:8e0d178b1d1e 8815
wolfSSL 16:8e0d178b1d1e 8816 if (sk->type != STACK_TYPE_OBJ) {
wolfSSL 16:8e0d178b1d1e 8817 sk = sk->next;
wolfSSL 16:8e0d178b1d1e 8818 continue;
wolfSSL 16:8e0d178b1d1e 8819 }
wolfSSL 16:8e0d178b1d1e 8820
wolfSSL 16:8e0d178b1d1e 8821 aiaEntry = sk->data.obj;
wolfSSL 16:8e0d178b1d1e 8822
wolfSSL 16:8e0d178b1d1e 8823 /* ACCESS_DESCRIPTION has two members, method and location.
wolfSSL 16:8e0d178b1d1e 8824 Method: ASN1_OBJECT as either AIA_OCSP_OID or AIA_CA_ISSUER_OID
wolfSSL 16:8e0d178b1d1e 8825 Location: GENERAL_NAME structure containing the URI. */
wolfSSL 16:8e0d178b1d1e 8826
wolfSSL 16:8e0d178b1d1e 8827 ad = (WOLFSSL_ACCESS_DESCRIPTION*)
wolfSSL 16:8e0d178b1d1e 8828 XMALLOC(sizeof(WOLFSSL_ACCESS_DESCRIPTION), NULL,
wolfSSL 16:8e0d178b1d1e 8829 DYNAMIC_TYPE_X509_EXT);
wolfSSL 16:8e0d178b1d1e 8830 if (ad == NULL) {
wolfSSL 16:8e0d178b1d1e 8831 WOLFSSL_MSG("Failed to malloc ACCESS_DESCRIPTION");
wolfSSL 16:8e0d178b1d1e 8832 XFREE(aia, NULL, DYNAMIC_TYPE_X509_EXT);
wolfSSL 16:8e0d178b1d1e 8833 return NULL;
wolfSSL 16:8e0d178b1d1e 8834 }
wolfSSL 16:8e0d178b1d1e 8835 XMEMSET(ad, 0, sizeof(WOLFSSL_ACCESS_DESCRIPTION));
wolfSSL 16:8e0d178b1d1e 8836
wolfSSL 16:8e0d178b1d1e 8837 /* Create new ASN1_OBJECT from oid */
wolfSSL 16:8e0d178b1d1e 8838 ad->method = wolfSSL_OBJ_nid2obj(aiaEntry->nid);
wolfSSL 16:8e0d178b1d1e 8839 if (ad->method == NULL) {
wolfSSL 16:8e0d178b1d1e 8840 WOLFSSL_MSG("OBJ_nid2obj() failed");
wolfSSL 16:8e0d178b1d1e 8841 XFREE(aia, NULL, DYNAMIC_TYPE_X509_EXT);
wolfSSL 16:8e0d178b1d1e 8842 XFREE(ad, NULL, DYNAMIC_TYPE_X509_EXT);
wolfSSL 16:8e0d178b1d1e 8843 return NULL;
wolfSSL 16:8e0d178b1d1e 8844 }
wolfSSL 16:8e0d178b1d1e 8845
wolfSSL 16:8e0d178b1d1e 8846 /* Allocate memory for GENERAL NAME */
wolfSSL 16:8e0d178b1d1e 8847 ad->location = (WOLFSSL_GENERAL_NAME*)
wolfSSL 16:8e0d178b1d1e 8848 XMALLOC(sizeof(WOLFSSL_GENERAL_NAME), NULL,
wolfSSL 16:8e0d178b1d1e 8849 DYNAMIC_TYPE_OPENSSL);
wolfSSL 16:8e0d178b1d1e 8850 if (ad->location == NULL) {
wolfSSL 16:8e0d178b1d1e 8851 WOLFSSL_MSG("Failed to malloc GENERAL_NAME");
wolfSSL 16:8e0d178b1d1e 8852 wolfSSL_ASN1_OBJECT_free(ad->method);
wolfSSL 16:8e0d178b1d1e 8853 XFREE(aia, NULL, DYNAMIC_TYPE_X509_EXT);
wolfSSL 16:8e0d178b1d1e 8854 XFREE(ad, NULL, DYNAMIC_TYPE_X509_EXT);
wolfSSL 16:8e0d178b1d1e 8855 return NULL;
wolfSSL 16:8e0d178b1d1e 8856 }
wolfSSL 16:8e0d178b1d1e 8857 XMEMSET(ad->location, 0, sizeof(WOLFSSL_GENERAL_NAME));
wolfSSL 16:8e0d178b1d1e 8858 ad->location->type = GEN_URI;
wolfSSL 16:8e0d178b1d1e 8859 ad->location->d.uniformResourceIdentifier =
wolfSSL 16:8e0d178b1d1e 8860 wolfSSL_ASN1_STRING_new();
wolfSSL 16:8e0d178b1d1e 8861 /* Set the URI in GENERAL_NAME */
wolfSSL 16:8e0d178b1d1e 8862 ret = wolfSSL_ASN1_STRING_set(
wolfSSL 16:8e0d178b1d1e 8863 ad->location->d.uniformResourceIdentifier,
wolfSSL 16:8e0d178b1d1e 8864 aiaEntry->obj, aiaEntry->objSz);
wolfSSL 16:8e0d178b1d1e 8865 if (ret != WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 8866 WOLFSSL_MSG("ASN1_STRING_set() failed");
wolfSSL 16:8e0d178b1d1e 8867 wolfSSL_ASN1_OBJECT_free(ad->method);
wolfSSL 16:8e0d178b1d1e 8868 XFREE(aia, NULL, DYNAMIC_TYPE_X509_EXT);
wolfSSL 16:8e0d178b1d1e 8869 XFREE(ad, NULL, DYNAMIC_TYPE_X509_EXT);
wolfSSL 16:8e0d178b1d1e 8870 return NULL;
wolfSSL 16:8e0d178b1d1e 8871 }
wolfSSL 16:8e0d178b1d1e 8872 /* Push to AUTHORITY_INFO_ACCESS stack */
wolfSSL 16:8e0d178b1d1e 8873 ret = wolfSSL_sk_ACCESS_DESCRIPTION_push(aia, ad);
wolfSSL 16:8e0d178b1d1e 8874 if (ret != WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 8875 WOLFSSL_MSG("Error pushing ASN1 AD onto stack");
wolfSSL 16:8e0d178b1d1e 8876 wolfSSL_sk_ACCESS_DESCRIPTION_pop_free(aia, NULL);
wolfSSL 16:8e0d178b1d1e 8877 wolfSSL_ASN1_OBJECT_free(ad->method);
wolfSSL 16:8e0d178b1d1e 8878 XFREE(aia, NULL, DYNAMIC_TYPE_X509_EXT);
wolfSSL 16:8e0d178b1d1e 8879 XFREE(ad, NULL, DYNAMIC_TYPE_X509_EXT);
wolfSSL 16:8e0d178b1d1e 8880 return NULL;
wolfSSL 16:8e0d178b1d1e 8881 }
wolfSSL 16:8e0d178b1d1e 8882
wolfSSL 16:8e0d178b1d1e 8883 sk = sk->next;
wolfSSL 16:8e0d178b1d1e 8884 }
wolfSSL 16:8e0d178b1d1e 8885 return aia;
wolfSSL 16:8e0d178b1d1e 8886
wolfSSL 16:8e0d178b1d1e 8887 default:
wolfSSL 16:8e0d178b1d1e 8888 WOLFSSL_MSG("Extension NID not in table, returning NULL");
wolfSSL 16:8e0d178b1d1e 8889 break;
wolfSSL 16:8e0d178b1d1e 8890 }
wolfSSL 16:8e0d178b1d1e 8891 return NULL;
wolfSSL 16:8e0d178b1d1e 8892 }
wolfSSL 15:117db924cf7c 8893
wolfSSL 15:117db924cf7c 8894 /* Looks for the extension matching the passed in nid
wolfSSL 15:117db924cf7c 8895 *
wolfSSL 16:8e0d178b1d1e 8896 * x509 : certificate to get parse through for extension.
wolfSSL 16:8e0d178b1d1e 8897 * nid : Extension OID to be found.
wolfSSL 16:8e0d178b1d1e 8898 * lastPos : Start search from extension after lastPos.
wolfSSL 16:8e0d178b1d1e 8899 * Set to -1 to search from index 0.
wolfSSL 16:8e0d178b1d1e 8900 * return >= 0 If successful the extension index is returned.
wolfSSL 16:8e0d178b1d1e 8901 * return -1 If extension is not found or error is encountered.
wolfSSL 16:8e0d178b1d1e 8902 */
wolfSSL 16:8e0d178b1d1e 8903 int wolfSSL_X509_get_ext_by_NID(const WOLFSSL_X509* x509, int nid, int lastPos)
wolfSSL 16:8e0d178b1d1e 8904 {
wolfSSL 16:8e0d178b1d1e 8905 int extCount = 0, length = 0, outSz = 0, sz = 0, ret = 0;
wolfSSL 16:8e0d178b1d1e 8906 int isSet = 0, found = 0, loc;
wolfSSL 16:8e0d178b1d1e 8907 const byte* rawCert;
wolfSSL 16:8e0d178b1d1e 8908 const byte* input;
wolfSSL 16:8e0d178b1d1e 8909 word32 oid, idx = 0, tmpIdx = 0;
wolfSSL 16:8e0d178b1d1e 8910 DecodedCert cert;
wolfSSL 16:8e0d178b1d1e 8911
wolfSSL 16:8e0d178b1d1e 8912 WOLFSSL_ENTER("wolfSSL_X509_get_ext_by_NID");
wolfSSL 16:8e0d178b1d1e 8913
wolfSSL 16:8e0d178b1d1e 8914 if(x509 == NULL){
wolfSSL 16:8e0d178b1d1e 8915 WOLFSSL_MSG("\tNot passed a certificate");
wolfSSL 16:8e0d178b1d1e 8916 return WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 8917 }
wolfSSL 16:8e0d178b1d1e 8918
wolfSSL 16:8e0d178b1d1e 8919 if(lastPos < -1 || (lastPos > (wolfSSL_X509_get_ext_count(x509) - 1))){
wolfSSL 16:8e0d178b1d1e 8920 WOLFSSL_MSG("\tBad location argument");
wolfSSL 16:8e0d178b1d1e 8921 return WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 8922 }
wolfSSL 16:8e0d178b1d1e 8923
wolfSSL 16:8e0d178b1d1e 8924 loc = lastPos + 1;
wolfSSL 16:8e0d178b1d1e 8925
wolfSSL 16:8e0d178b1d1e 8926 rawCert = wolfSSL_X509_get_der((WOLFSSL_X509*)x509, &outSz);
wolfSSL 16:8e0d178b1d1e 8927 if (rawCert == NULL) {
wolfSSL 16:8e0d178b1d1e 8928 WOLFSSL_MSG("\tX509_get_der() failed");
wolfSSL 16:8e0d178b1d1e 8929 return WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 8930 }
wolfSSL 16:8e0d178b1d1e 8931
wolfSSL 16:8e0d178b1d1e 8932 InitDecodedCert( &cert, rawCert, (word32)outSz, 0);
wolfSSL 16:8e0d178b1d1e 8933
wolfSSL 16:8e0d178b1d1e 8934 if (ParseCert(&cert, CA_TYPE, NO_VERIFY, NULL) < 0) {
wolfSSL 16:8e0d178b1d1e 8935 WOLFSSL_MSG("\tCertificate parsing failed");
wolfSSL 16:8e0d178b1d1e 8936 return WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 8937 }
wolfSSL 16:8e0d178b1d1e 8938
wolfSSL 16:8e0d178b1d1e 8939 input = cert.extensions;
wolfSSL 16:8e0d178b1d1e 8940 sz = cert.extensionsSz;
wolfSSL 16:8e0d178b1d1e 8941
wolfSSL 16:8e0d178b1d1e 8942 if (input == NULL || sz == 0) {
wolfSSL 16:8e0d178b1d1e 8943 WOLFSSL_MSG("\tfail: should be an EXTENSIONS");
wolfSSL 16:8e0d178b1d1e 8944 FreeDecodedCert(&cert);
wolfSSL 16:8e0d178b1d1e 8945 return WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 8946 }
wolfSSL 16:8e0d178b1d1e 8947
wolfSSL 16:8e0d178b1d1e 8948 if (input[idx++] != ASN_EXTENSIONS) {
wolfSSL 16:8e0d178b1d1e 8949 WOLFSSL_MSG("\tfail: should be an EXTENSIONS");
wolfSSL 16:8e0d178b1d1e 8950 FreeDecodedCert(&cert);
wolfSSL 16:8e0d178b1d1e 8951 return WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 8952 }
wolfSSL 16:8e0d178b1d1e 8953
wolfSSL 16:8e0d178b1d1e 8954 if (GetLength(input, &idx, &length, sz) < 0) {
wolfSSL 16:8e0d178b1d1e 8955 WOLFSSL_MSG("\tfail: invalid length");
wolfSSL 16:8e0d178b1d1e 8956 FreeDecodedCert(&cert);
wolfSSL 16:8e0d178b1d1e 8957 return WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 8958 }
wolfSSL 16:8e0d178b1d1e 8959
wolfSSL 16:8e0d178b1d1e 8960 if (GetSequence(input, &idx, &length, sz) < 0) {
wolfSSL 16:8e0d178b1d1e 8961 WOLFSSL_MSG("\tfail: should be a SEQUENCE (1)");
wolfSSL 16:8e0d178b1d1e 8962 FreeDecodedCert(&cert);
wolfSSL 16:8e0d178b1d1e 8963 return WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 8964 }
wolfSSL 16:8e0d178b1d1e 8965
wolfSSL 16:8e0d178b1d1e 8966 while (idx < (word32)sz) {
wolfSSL 16:8e0d178b1d1e 8967 oid = 0;
wolfSSL 16:8e0d178b1d1e 8968
wolfSSL 16:8e0d178b1d1e 8969 if (GetSequence(input, &idx, &length, sz) < 0) {
wolfSSL 16:8e0d178b1d1e 8970 WOLFSSL_MSG("\tfail: should be a SEQUENCE");
wolfSSL 16:8e0d178b1d1e 8971 FreeDecodedCert(&cert);
wolfSSL 16:8e0d178b1d1e 8972 return WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 8973 }
wolfSSL 16:8e0d178b1d1e 8974
wolfSSL 16:8e0d178b1d1e 8975 tmpIdx = idx;
wolfSSL 16:8e0d178b1d1e 8976 ret = GetObjectId(input, &idx, &oid, oidCertExtType, sz);
wolfSSL 16:8e0d178b1d1e 8977 if (ret < 0) {
wolfSSL 16:8e0d178b1d1e 8978 WOLFSSL_MSG("\tfail: OBJECT ID");
wolfSSL 16:8e0d178b1d1e 8979 FreeDecodedCert(&cert);
wolfSSL 16:8e0d178b1d1e 8980 return WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 8981 }
wolfSSL 16:8e0d178b1d1e 8982 idx = tmpIdx;
wolfSSL 16:8e0d178b1d1e 8983
wolfSSL 16:8e0d178b1d1e 8984 if (extCount >= loc) {
wolfSSL 16:8e0d178b1d1e 8985 /* extCount >= loc. Now check if extension has been set */
wolfSSL 16:8e0d178b1d1e 8986 isSet = wolfSSL_X509_ext_isSet_by_NID((WOLFSSL_X509*)x509, oid);
wolfSSL 16:8e0d178b1d1e 8987
wolfSSL 16:8e0d178b1d1e 8988 if (isSet && ((word32)nid == oid)) {
wolfSSL 16:8e0d178b1d1e 8989 found = 1;
wolfSSL 16:8e0d178b1d1e 8990 break;
wolfSSL 16:8e0d178b1d1e 8991 }
wolfSSL 16:8e0d178b1d1e 8992 }
wolfSSL 16:8e0d178b1d1e 8993
wolfSSL 16:8e0d178b1d1e 8994 idx += length;
wolfSSL 16:8e0d178b1d1e 8995 extCount++;
wolfSSL 16:8e0d178b1d1e 8996 } /* while(idx < sz) */
wolfSSL 16:8e0d178b1d1e 8997
wolfSSL 16:8e0d178b1d1e 8998 FreeDecodedCert(&cert);
wolfSSL 16:8e0d178b1d1e 8999
wolfSSL 16:8e0d178b1d1e 9000 return found ? extCount : WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 9001 }
wolfSSL 16:8e0d178b1d1e 9002
wolfSSL 16:8e0d178b1d1e 9003
wolfSSL 16:8e0d178b1d1e 9004 #endif /* OPENSSL_ALL */
wolfSSL 16:8e0d178b1d1e 9005
wolfSSL 16:8e0d178b1d1e 9006 WOLFSSL_ASN1_BIT_STRING* wolfSSL_ASN1_BIT_STRING_new(void)
wolfSSL 16:8e0d178b1d1e 9007 {
wolfSSL 16:8e0d178b1d1e 9008 WOLFSSL_ASN1_BIT_STRING* str;
wolfSSL 16:8e0d178b1d1e 9009
wolfSSL 16:8e0d178b1d1e 9010 str = (WOLFSSL_ASN1_BIT_STRING*)XMALLOC(sizeof(WOLFSSL_ASN1_BIT_STRING),
wolfSSL 16:8e0d178b1d1e 9011 NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL 16:8e0d178b1d1e 9012 if (str) {
wolfSSL 16:8e0d178b1d1e 9013 XMEMSET(str, 0, sizeof(WOLFSSL_ASN1_BIT_STRING));
wolfSSL 16:8e0d178b1d1e 9014 }
wolfSSL 16:8e0d178b1d1e 9015 return str;
wolfSSL 16:8e0d178b1d1e 9016 }
wolfSSL 16:8e0d178b1d1e 9017
wolfSSL 16:8e0d178b1d1e 9018 void wolfSSL_ASN1_BIT_STRING_free(WOLFSSL_ASN1_BIT_STRING* str)
wolfSSL 16:8e0d178b1d1e 9019 {
wolfSSL 16:8e0d178b1d1e 9020 if (str) {
wolfSSL 16:8e0d178b1d1e 9021 if (str->data) {
wolfSSL 16:8e0d178b1d1e 9022 XFREE(str->data, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL 16:8e0d178b1d1e 9023 str->data = NULL;
wolfSSL 16:8e0d178b1d1e 9024 }
wolfSSL 16:8e0d178b1d1e 9025 XFREE(str, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL 16:8e0d178b1d1e 9026 }
wolfSSL 16:8e0d178b1d1e 9027 }
wolfSSL 16:8e0d178b1d1e 9028
wolfSSL 16:8e0d178b1d1e 9029 int wolfSSL_ASN1_BIT_STRING_get_bit(const WOLFSSL_ASN1_BIT_STRING* str, int i)
wolfSSL 16:8e0d178b1d1e 9030 {
wolfSSL 16:8e0d178b1d1e 9031 if (!str || !str->data || str->length <= (i/8) || i < 0) {
wolfSSL 16:8e0d178b1d1e 9032 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 9033 }
wolfSSL 16:8e0d178b1d1e 9034
wolfSSL 16:8e0d178b1d1e 9035 return (str->data[i/8] & (1<<(7-(i%8)))) ? 1 : 0;
wolfSSL 16:8e0d178b1d1e 9036 }
wolfSSL 16:8e0d178b1d1e 9037
wolfSSL 16:8e0d178b1d1e 9038 /* Looks for the extension matching the passed in nid
wolfSSL 16:8e0d178b1d1e 9039 *
wolfSSL 16:8e0d178b1d1e 9040 * c : if not null then is set to status value -2 if multiple occurrences
wolfSSL 15:117db924cf7c 9041 * of the extension are found, -1 if not found, 0 if found and not
wolfSSL 15:117db924cf7c 9042 * critical, and 1 if found and critical.
wolfSSL 15:117db924cf7c 9043 * nid : Extension OID to be found.
wolfSSL 15:117db924cf7c 9044 * idx : if NULL return first extension found match, otherwise start search at
wolfSSL 15:117db924cf7c 9045 * idx location and set idx to the location of extension returned.
wolfSSL 16:8e0d178b1d1e 9046 * returns NULL or a pointer to an WOLFSSL_ASN1_BIT_STRING (for KEY_USAGE_OID)
wolfSSL 16:8e0d178b1d1e 9047 * or WOLFSSL_STACK (for other)
wolfSSL 16:8e0d178b1d1e 9048 * holding extension structure
wolfSSL 15:117db924cf7c 9049 *
wolfSSL 15:117db924cf7c 9050 * NOTE code for decoding extensions is in asn.c DecodeCertExtensions --
wolfSSL 15:117db924cf7c 9051 * use already decoded extension in this function to avoid decoding twice.
wolfSSL 15:117db924cf7c 9052 * Currently we do not make use of idx since getting pre decoded extensions.
wolfSSL 15:117db924cf7c 9053 */
wolfSSL 16:8e0d178b1d1e 9054 void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509, int nid, int* c,
wolfSSL 16:8e0d178b1d1e 9055 int* idx)
wolfSSL 16:8e0d178b1d1e 9056 {
wolfSSL 16:8e0d178b1d1e 9057 void* ret = NULL;
wolfSSL 15:117db924cf7c 9058 WOLFSSL_STACK* sk = NULL;
wolfSSL 15:117db924cf7c 9059 WOLFSSL_ASN1_OBJECT* obj = NULL;
wolfSSL 16:8e0d178b1d1e 9060 WOLFSSL_GENERAL_NAME* gn = NULL;
wolfSSL 15:117db924cf7c 9061
wolfSSL 15:117db924cf7c 9062 WOLFSSL_ENTER("wolfSSL_X509_get_ext_d2i");
wolfSSL 15:117db924cf7c 9063
wolfSSL 15:117db924cf7c 9064 if (x509 == NULL) {
wolfSSL 15:117db924cf7c 9065 return NULL;
wolfSSL 15:117db924cf7c 9066 }
wolfSSL 15:117db924cf7c 9067
wolfSSL 15:117db924cf7c 9068 if (c != NULL) {
wolfSSL 15:117db924cf7c 9069 *c = -1; /* default to not found */
wolfSSL 15:117db924cf7c 9070 }
wolfSSL 15:117db924cf7c 9071
wolfSSL 15:117db924cf7c 9072 switch (nid) {
wolfSSL 15:117db924cf7c 9073 case BASIC_CA_OID:
wolfSSL 15:117db924cf7c 9074 if (x509->basicConstSet) {
wolfSSL 15:117db924cf7c 9075 obj = wolfSSL_ASN1_OBJECT_new();
wolfSSL 15:117db924cf7c 9076 if (obj == NULL) {
wolfSSL 15:117db924cf7c 9077 WOLFSSL_MSG("Issue creating WOLFSSL_ASN1_OBJECT struct");
wolfSSL 15:117db924cf7c 9078 return NULL;
wolfSSL 15:117db924cf7c 9079 }
wolfSSL 15:117db924cf7c 9080 if (c != NULL) {
wolfSSL 15:117db924cf7c 9081 *c = x509->basicConstCrit;
wolfSSL 15:117db924cf7c 9082 }
wolfSSL 15:117db924cf7c 9083 obj->type = BASIC_CA_OID;
wolfSSL 15:117db924cf7c 9084 obj->grp = oidCertExtType;
wolfSSL 16:8e0d178b1d1e 9085 obj->nid = nid;
wolfSSL 16:8e0d178b1d1e 9086 obj->dynamic |= WOLFSSL_ASN1_DYNAMIC;
wolfSSL 16:8e0d178b1d1e 9087 #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) || \
wolfSSL 16:8e0d178b1d1e 9088 defined(WOLFSSL_APACHE_HTTPD)
wolfSSL 16:8e0d178b1d1e 9089 obj->ca = x509->isCa;
wolfSSL 16:8e0d178b1d1e 9090 #endif
wolfSSL 15:117db924cf7c 9091 }
wolfSSL 15:117db924cf7c 9092 else {
wolfSSL 15:117db924cf7c 9093 WOLFSSL_MSG("No Basic Constraint set");
wolfSSL 15:117db924cf7c 9094 }
wolfSSL 16:8e0d178b1d1e 9095 return obj;
wolfSSL 15:117db924cf7c 9096
wolfSSL 15:117db924cf7c 9097 case ALT_NAMES_OID:
wolfSSL 16:8e0d178b1d1e 9098 {
wolfSSL 16:8e0d178b1d1e 9099 DNS_entry* dns = NULL;
wolfSSL 16:8e0d178b1d1e 9100 /* Malloc GENERAL_NAME stack */
wolfSSL 16:8e0d178b1d1e 9101 sk = (WOLF_STACK_OF(WOLFSSL_GENERAL_NAME)*)XMALLOC(
wolfSSL 16:8e0d178b1d1e 9102 sizeof(WOLF_STACK_OF(WOLFSSL_GENERAL_NAME)), NULL,
wolfSSL 16:8e0d178b1d1e 9103 DYNAMIC_TYPE_ASN1);
wolfSSL 16:8e0d178b1d1e 9104 if (sk == NULL) {
wolfSSL 16:8e0d178b1d1e 9105 return NULL;
wolfSSL 16:8e0d178b1d1e 9106 }
wolfSSL 16:8e0d178b1d1e 9107 XMEMSET(sk, 0, sizeof(WOLF_STACK_OF(WOLFSSL_GENERAL_NAME)));
wolfSSL 16:8e0d178b1d1e 9108 sk->type = STACK_TYPE_GEN_NAME;
wolfSSL 16:8e0d178b1d1e 9109
wolfSSL 16:8e0d178b1d1e 9110 if (x509->subjAltNameSet && x509->altNames != NULL) {
wolfSSL 16:8e0d178b1d1e 9111 /* alt names are DNS_entry structs */
wolfSSL 16:8e0d178b1d1e 9112 if (c != NULL) {
wolfSSL 16:8e0d178b1d1e 9113 if (x509->altNames->next != NULL) {
wolfSSL 16:8e0d178b1d1e 9114 *c = -2; /* more then one found */
wolfSSL 16:8e0d178b1d1e 9115 }
wolfSSL 16:8e0d178b1d1e 9116 else {
wolfSSL 16:8e0d178b1d1e 9117 *c = x509->subjAltNameCrit;
wolfSSL 16:8e0d178b1d1e 9118 }
wolfSSL 16:8e0d178b1d1e 9119 }
wolfSSL 16:8e0d178b1d1e 9120
wolfSSL 16:8e0d178b1d1e 9121 dns = x509->altNames;
wolfSSL 16:8e0d178b1d1e 9122 /* Currently only support GEN_DNS type */
wolfSSL 16:8e0d178b1d1e 9123 while (dns != NULL) {
wolfSSL 16:8e0d178b1d1e 9124 gn = wolfSSL_GENERAL_NAME_new();
wolfSSL 16:8e0d178b1d1e 9125 if (gn == NULL) {
wolfSSL 16:8e0d178b1d1e 9126 WOLFSSL_MSG("Error creating GENERAL_NAME");
wolfSSL 16:8e0d178b1d1e 9127 wolfSSL_sk_free(sk);
wolfSSL 16:8e0d178b1d1e 9128 return NULL;
wolfSSL 16:8e0d178b1d1e 9129 }
wolfSSL 16:8e0d178b1d1e 9130
wolfSSL 16:8e0d178b1d1e 9131 gn->type = dns->type;
wolfSSL 16:8e0d178b1d1e 9132 gn->d.ia5->length = dns->len;
wolfSSL 16:8e0d178b1d1e 9133 if (wolfSSL_ASN1_STRING_set(gn->d.ia5, dns->name,
wolfSSL 16:8e0d178b1d1e 9134 gn->d.ia5->length) != WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 9135 WOLFSSL_MSG("ASN1_STRING_set failed");
wolfSSL 16:8e0d178b1d1e 9136 wolfSSL_GENERAL_NAME_free(gn);
wolfSSL 16:8e0d178b1d1e 9137 wolfSSL_sk_free(sk);
wolfSSL 16:8e0d178b1d1e 9138 return NULL;
wolfSSL 16:8e0d178b1d1e 9139 }
wolfSSL 16:8e0d178b1d1e 9140
wolfSSL 16:8e0d178b1d1e 9141 dns = dns->next;
wolfSSL 16:8e0d178b1d1e 9142 /* last dns in list add at end of function */
wolfSSL 16:8e0d178b1d1e 9143 if (dns != NULL) {
wolfSSL 16:8e0d178b1d1e 9144 if (wolfSSL_sk_GENERAL_NAME_push(sk, gn) !=
wolfSSL 16:8e0d178b1d1e 9145 WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 9146 WOLFSSL_MSG("Error pushing ASN1 object onto stack");
wolfSSL 16:8e0d178b1d1e 9147 wolfSSL_GENERAL_NAME_free(gn);
wolfSSL 16:8e0d178b1d1e 9148 wolfSSL_sk_free(sk);
wolfSSL 16:8e0d178b1d1e 9149 sk = NULL;
wolfSSL 15:117db924cf7c 9150 }
wolfSSL 16:8e0d178b1d1e 9151 }
wolfSSL 16:8e0d178b1d1e 9152 }
wolfSSL 16:8e0d178b1d1e 9153 }
wolfSSL 16:8e0d178b1d1e 9154 else {
wolfSSL 16:8e0d178b1d1e 9155 WOLFSSL_MSG("No Alt Names set");
wolfSSL 16:8e0d178b1d1e 9156 }
wolfSSL 16:8e0d178b1d1e 9157
wolfSSL 16:8e0d178b1d1e 9158 break;
wolfSSL 16:8e0d178b1d1e 9159 }
wolfSSL 15:117db924cf7c 9160
wolfSSL 15:117db924cf7c 9161 case CRL_DIST_OID:
wolfSSL 15:117db924cf7c 9162 if (x509->CRLdistSet && x509->CRLInfo != NULL) {
wolfSSL 15:117db924cf7c 9163 if (c != NULL) {
wolfSSL 15:117db924cf7c 9164 *c = x509->CRLdistCrit;
wolfSSL 15:117db924cf7c 9165 }
wolfSSL 15:117db924cf7c 9166 obj = wolfSSL_ASN1_OBJECT_new();
wolfSSL 15:117db924cf7c 9167 if (obj == NULL) {
wolfSSL 15:117db924cf7c 9168 WOLFSSL_MSG("Issue creating WOLFSSL_ASN1_OBJECT struct");
wolfSSL 15:117db924cf7c 9169 return NULL;
wolfSSL 15:117db924cf7c 9170 }
wolfSSL 15:117db924cf7c 9171 obj->type = CRL_DIST_OID;
wolfSSL 15:117db924cf7c 9172 obj->grp = oidCertExtType;
wolfSSL 15:117db924cf7c 9173 obj->obj = x509->CRLInfo;
wolfSSL 15:117db924cf7c 9174 obj->objSz = x509->CRLInfoSz;
wolfSSL 16:8e0d178b1d1e 9175 obj->dynamic |= WOLFSSL_ASN1_DYNAMIC;
wolfSSL 16:8e0d178b1d1e 9176 obj->dynamic &= ~WOLFSSL_ASN1_DYNAMIC_DATA ;
wolfSSL 15:117db924cf7c 9177 }
wolfSSL 15:117db924cf7c 9178 else {
wolfSSL 15:117db924cf7c 9179 WOLFSSL_MSG("No CRL dist set");
wolfSSL 15:117db924cf7c 9180 }
wolfSSL 15:117db924cf7c 9181 break;
wolfSSL 15:117db924cf7c 9182
wolfSSL 15:117db924cf7c 9183 case AUTH_INFO_OID:
wolfSSL 15:117db924cf7c 9184 if (x509->authInfoSet && x509->authInfo != NULL) {
wolfSSL 15:117db924cf7c 9185 if (c != NULL) {
wolfSSL 15:117db924cf7c 9186 *c = x509->authInfoCrit;
wolfSSL 15:117db924cf7c 9187 }
wolfSSL 15:117db924cf7c 9188 obj = wolfSSL_ASN1_OBJECT_new();
wolfSSL 15:117db924cf7c 9189 if (obj == NULL) {
wolfSSL 15:117db924cf7c 9190 WOLFSSL_MSG("Issue creating WOLFSSL_ASN1_OBJECT struct");
wolfSSL 15:117db924cf7c 9191 return NULL;
wolfSSL 15:117db924cf7c 9192 }
wolfSSL 15:117db924cf7c 9193 obj->type = AUTH_INFO_OID;
wolfSSL 15:117db924cf7c 9194 obj->grp = oidCertExtType;
wolfSSL 15:117db924cf7c 9195 obj->obj = x509->authInfo;
wolfSSL 15:117db924cf7c 9196 obj->objSz = x509->authInfoSz;
wolfSSL 16:8e0d178b1d1e 9197 obj->dynamic |= WOLFSSL_ASN1_DYNAMIC;
wolfSSL 16:8e0d178b1d1e 9198 obj->dynamic &= ~WOLFSSL_ASN1_DYNAMIC_DATA;
wolfSSL 15:117db924cf7c 9199 }
wolfSSL 15:117db924cf7c 9200 else {
wolfSSL 15:117db924cf7c 9201 WOLFSSL_MSG("No Auth Info set");
wolfSSL 15:117db924cf7c 9202 }
wolfSSL 15:117db924cf7c 9203 break;
wolfSSL 15:117db924cf7c 9204
wolfSSL 15:117db924cf7c 9205 case AUTH_KEY_OID:
wolfSSL 15:117db924cf7c 9206 if (x509->authKeyIdSet) {
wolfSSL 15:117db924cf7c 9207 if (c != NULL) {
wolfSSL 15:117db924cf7c 9208 *c = x509->authKeyIdCrit;
wolfSSL 15:117db924cf7c 9209 }
wolfSSL 15:117db924cf7c 9210 obj = wolfSSL_ASN1_OBJECT_new();
wolfSSL 15:117db924cf7c 9211 if (obj == NULL) {
wolfSSL 15:117db924cf7c 9212 WOLFSSL_MSG("Issue creating WOLFSSL_ASN1_OBJECT struct");
wolfSSL 15:117db924cf7c 9213 return NULL;
wolfSSL 15:117db924cf7c 9214 }
wolfSSL 15:117db924cf7c 9215 obj->type = AUTH_KEY_OID;
wolfSSL 15:117db924cf7c 9216 obj->grp = oidCertExtType;
wolfSSL 15:117db924cf7c 9217 obj->obj = x509->authKeyId;
wolfSSL 15:117db924cf7c 9218 obj->objSz = x509->authKeyIdSz;
wolfSSL 16:8e0d178b1d1e 9219 obj->dynamic |= WOLFSSL_ASN1_DYNAMIC;
wolfSSL 16:8e0d178b1d1e 9220 obj->dynamic &= ~WOLFSSL_ASN1_DYNAMIC_DATA;
wolfSSL 15:117db924cf7c 9221 }
wolfSSL 15:117db924cf7c 9222 else {
wolfSSL 15:117db924cf7c 9223 WOLFSSL_MSG("No Auth Key set");
wolfSSL 15:117db924cf7c 9224 }
wolfSSL 15:117db924cf7c 9225 break;
wolfSSL 15:117db924cf7c 9226
wolfSSL 15:117db924cf7c 9227 case SUBJ_KEY_OID:
wolfSSL 15:117db924cf7c 9228 if (x509->subjKeyIdSet) {
wolfSSL 15:117db924cf7c 9229 if (c != NULL) {
wolfSSL 15:117db924cf7c 9230 *c = x509->subjKeyIdCrit;
wolfSSL 15:117db924cf7c 9231 }
wolfSSL 15:117db924cf7c 9232 obj = wolfSSL_ASN1_OBJECT_new();
wolfSSL 15:117db924cf7c 9233 if (obj == NULL) {
wolfSSL 15:117db924cf7c 9234 WOLFSSL_MSG("Issue creating WOLFSSL_ASN1_OBJECT struct");
wolfSSL 15:117db924cf7c 9235 return NULL;
wolfSSL 15:117db924cf7c 9236 }
wolfSSL 15:117db924cf7c 9237 obj->type = SUBJ_KEY_OID;
wolfSSL 15:117db924cf7c 9238 obj->grp = oidCertExtType;
wolfSSL 15:117db924cf7c 9239 obj->obj = x509->subjKeyId;
wolfSSL 15:117db924cf7c 9240 obj->objSz = x509->subjKeyIdSz;
wolfSSL 16:8e0d178b1d1e 9241 obj->dynamic |= WOLFSSL_ASN1_DYNAMIC;
wolfSSL 16:8e0d178b1d1e 9242 obj->dynamic &= ~WOLFSSL_ASN1_DYNAMIC_DATA;
wolfSSL 15:117db924cf7c 9243 }
wolfSSL 15:117db924cf7c 9244 else {
wolfSSL 15:117db924cf7c 9245 WOLFSSL_MSG("No Subject Key set");
wolfSSL 15:117db924cf7c 9246 }
wolfSSL 15:117db924cf7c 9247 break;
wolfSSL 15:117db924cf7c 9248
wolfSSL 15:117db924cf7c 9249 case CERT_POLICY_OID:
wolfSSL 16:8e0d178b1d1e 9250 {
wolfSSL 16:8e0d178b1d1e 9251 #ifdef WOLFSSL_CERT_EXT
wolfSSL 16:8e0d178b1d1e 9252 int i;
wolfSSL 16:8e0d178b1d1e 9253
wolfSSL 16:8e0d178b1d1e 9254 if (x509->certPoliciesNb > 0) {
wolfSSL 16:8e0d178b1d1e 9255 if (c != NULL) {
wolfSSL 16:8e0d178b1d1e 9256 if (x509->certPoliciesNb > 1) {
wolfSSL 16:8e0d178b1d1e 9257 *c = -2;
wolfSSL 16:8e0d178b1d1e 9258 }
wolfSSL 16:8e0d178b1d1e 9259 else {
wolfSSL 16:8e0d178b1d1e 9260 *c = 0;
wolfSSL 16:8e0d178b1d1e 9261 }
wolfSSL 16:8e0d178b1d1e 9262 }
wolfSSL 16:8e0d178b1d1e 9263
wolfSSL 16:8e0d178b1d1e 9264 sk = wolfSSL_sk_new_asn1_obj();
wolfSSL 16:8e0d178b1d1e 9265 if (sk == NULL) {
wolfSSL 16:8e0d178b1d1e 9266 return NULL;
wolfSSL 16:8e0d178b1d1e 9267 }
wolfSSL 16:8e0d178b1d1e 9268
wolfSSL 16:8e0d178b1d1e 9269 for (i = 0; i < x509->certPoliciesNb - 1; i++) {
wolfSSL 15:117db924cf7c 9270 obj = wolfSSL_ASN1_OBJECT_new();
wolfSSL 15:117db924cf7c 9271 if (obj == NULL) {
wolfSSL 15:117db924cf7c 9272 WOLFSSL_MSG("Issue creating WOLFSSL_ASN1_OBJECT struct");
wolfSSL 15:117db924cf7c 9273 wolfSSL_sk_ASN1_OBJECT_free(sk);
wolfSSL 15:117db924cf7c 9274 return NULL;
wolfSSL 15:117db924cf7c 9275 }
wolfSSL 15:117db924cf7c 9276 obj->type = CERT_POLICY_OID;
wolfSSL 15:117db924cf7c 9277 obj->grp = oidCertExtType;
wolfSSL 15:117db924cf7c 9278 obj->obj = (byte*)(x509->certPolicies[i]);
wolfSSL 15:117db924cf7c 9279 obj->objSz = MAX_CERTPOL_SZ;
wolfSSL 16:8e0d178b1d1e 9280 obj->dynamic |= WOLFSSL_ASN1_DYNAMIC;
wolfSSL 16:8e0d178b1d1e 9281 obj->dynamic &= ~WOLFSSL_ASN1_DYNAMIC_DATA;
wolfSSL 16:8e0d178b1d1e 9282 if (wolfSSL_sk_ASN1_OBJECT_push(sk, obj)
wolfSSL 16:8e0d178b1d1e 9283 != WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 9284 WOLFSSL_MSG("Error pushing ASN1 object onto stack");
wolfSSL 16:8e0d178b1d1e 9285 wolfSSL_ASN1_OBJECT_free(obj);
wolfSSL 15:117db924cf7c 9286 wolfSSL_sk_ASN1_OBJECT_free(sk);
wolfSSL 16:8e0d178b1d1e 9287 sk = NULL;
wolfSSL 16:8e0d178b1d1e 9288 }
wolfSSL 15:117db924cf7c 9289 }
wolfSSL 15:117db924cf7c 9290 obj = wolfSSL_ASN1_OBJECT_new();
wolfSSL 15:117db924cf7c 9291 if (obj == NULL) {
wolfSSL 15:117db924cf7c 9292 WOLFSSL_MSG("Issue creating WOLFSSL_ASN1_OBJECT struct");
wolfSSL 15:117db924cf7c 9293 wolfSSL_sk_ASN1_OBJECT_free(sk);
wolfSSL 15:117db924cf7c 9294 return NULL;
wolfSSL 15:117db924cf7c 9295 }
wolfSSL 16:8e0d178b1d1e 9296 obj->type = CERT_POLICY_OID;
wolfSSL 16:8e0d178b1d1e 9297 obj->grp = oidCertExtType;
wolfSSL 16:8e0d178b1d1e 9298 obj->obj = (byte*)(x509->certPolicies[i]);
wolfSSL 16:8e0d178b1d1e 9299 obj->objSz = MAX_CERTPOL_SZ;
wolfSSL 16:8e0d178b1d1e 9300 obj->dynamic |= WOLFSSL_ASN1_DYNAMIC;
wolfSSL 16:8e0d178b1d1e 9301 obj->dynamic &= ~WOLFSSL_ASN1_DYNAMIC_DATA;
wolfSSL 16:8e0d178b1d1e 9302 }
wolfSSL 16:8e0d178b1d1e 9303 else {
wolfSSL 16:8e0d178b1d1e 9304 WOLFSSL_MSG("No Cert Policy set");
wolfSSL 16:8e0d178b1d1e 9305 }
wolfSSL 16:8e0d178b1d1e 9306 #elif defined(WOLFSSL_SEP)
wolfSSL 16:8e0d178b1d1e 9307 if (x509->certPolicySet) {
wolfSSL 16:8e0d178b1d1e 9308 if (c != NULL) {
wolfSSL 16:8e0d178b1d1e 9309 *c = x509->certPolicyCrit;
wolfSSL 16:8e0d178b1d1e 9310 }
wolfSSL 16:8e0d178b1d1e 9311 obj = wolfSSL_ASN1_OBJECT_new();
wolfSSL 16:8e0d178b1d1e 9312 if (obj == NULL) {
wolfSSL 16:8e0d178b1d1e 9313 WOLFSSL_MSG("Issue creating WOLFSSL_ASN1_OBJECT struct");
wolfSSL 16:8e0d178b1d1e 9314 return NULL;
wolfSSL 16:8e0d178b1d1e 9315 }
wolfSSL 16:8e0d178b1d1e 9316 obj->type = CERT_POLICY_OID;
wolfSSL 15:117db924cf7c 9317 obj->grp = oidCertExtType;
wolfSSL 16:8e0d178b1d1e 9318 obj->dynamic |= WOLFSSL_ASN1_DYNAMIC;
wolfSSL 16:8e0d178b1d1e 9319 }
wolfSSL 16:8e0d178b1d1e 9320 else {
wolfSSL 16:8e0d178b1d1e 9321 WOLFSSL_MSG("No Cert Policy set");
wolfSSL 16:8e0d178b1d1e 9322 }
wolfSSL 16:8e0d178b1d1e 9323 #else
wolfSSL 16:8e0d178b1d1e 9324 WOLFSSL_MSG("wolfSSL not built with WOLFSSL_SEP or WOLFSSL_CERT_EXT");
wolfSSL 16:8e0d178b1d1e 9325 #endif
wolfSSL 16:8e0d178b1d1e 9326 break;
wolfSSL 16:8e0d178b1d1e 9327 }
wolfSSL 16:8e0d178b1d1e 9328 case KEY_USAGE_OID:
wolfSSL 16:8e0d178b1d1e 9329 {
wolfSSL 16:8e0d178b1d1e 9330 WOLFSSL_ASN1_BIT_STRING* bit_str = NULL;
wolfSSL 16:8e0d178b1d1e 9331 if (x509->keyUsageSet) {
wolfSSL 16:8e0d178b1d1e 9332 if (c != NULL) {
wolfSSL 16:8e0d178b1d1e 9333 *c = x509->keyUsageCrit;
wolfSSL 16:8e0d178b1d1e 9334 }
wolfSSL 16:8e0d178b1d1e 9335
wolfSSL 16:8e0d178b1d1e 9336 bit_str = wolfSSL_ASN1_BIT_STRING_new();
wolfSSL 16:8e0d178b1d1e 9337 if (bit_str == NULL) {
wolfSSL 16:8e0d178b1d1e 9338 WOLFSSL_MSG("Issue creating WOLFSSL_ASN1_BIT_STRING struct");
wolfSSL 16:8e0d178b1d1e 9339 return NULL;
wolfSSL 16:8e0d178b1d1e 9340 }
wolfSSL 16:8e0d178b1d1e 9341
wolfSSL 16:8e0d178b1d1e 9342 bit_str->type = KEY_USAGE_OID;
wolfSSL 16:8e0d178b1d1e 9343 bit_str->flags = 0;
wolfSSL 16:8e0d178b1d1e 9344 bit_str->length = sizeof(word16);
wolfSSL 16:8e0d178b1d1e 9345 bit_str->data = (byte*)XMALLOC(bit_str->length, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL 16:8e0d178b1d1e 9346 if (bit_str->data == NULL) {
wolfSSL 16:8e0d178b1d1e 9347 wolfSSL_ASN1_BIT_STRING_free(bit_str);
wolfSSL 16:8e0d178b1d1e 9348 return NULL;
wolfSSL 16:8e0d178b1d1e 9349 }
wolfSSL 16:8e0d178b1d1e 9350 XMEMCPY(bit_str->data, &x509->keyUsage, bit_str->length);
wolfSSL 15:117db924cf7c 9351 }
wolfSSL 15:117db924cf7c 9352 else {
wolfSSL 15:117db924cf7c 9353 WOLFSSL_MSG("No Key Usage set");
wolfSSL 15:117db924cf7c 9354 }
wolfSSL 16:8e0d178b1d1e 9355 /* don't add stack of and return bit string directly */
wolfSSL 16:8e0d178b1d1e 9356 return bit_str;
wolfSSL 16:8e0d178b1d1e 9357 }
wolfSSL 15:117db924cf7c 9358 case INHIBIT_ANY_OID:
wolfSSL 15:117db924cf7c 9359 WOLFSSL_MSG("INHIBIT ANY extension not supported");
wolfSSL 15:117db924cf7c 9360 break;
wolfSSL 15:117db924cf7c 9361
wolfSSL 15:117db924cf7c 9362 case EXT_KEY_USAGE_OID:
wolfSSL 15:117db924cf7c 9363 if (x509->extKeyUsageSrc != NULL) {
wolfSSL 15:117db924cf7c 9364 if (c != NULL) {
wolfSSL 15:117db924cf7c 9365 if (x509->extKeyUsageCount > 1) {
wolfSSL 15:117db924cf7c 9366 *c = -2;
wolfSSL 15:117db924cf7c 9367 }
wolfSSL 15:117db924cf7c 9368 else {
wolfSSL 15:117db924cf7c 9369 *c = x509->extKeyUsageCrit;
wolfSSL 15:117db924cf7c 9370 }
wolfSSL 15:117db924cf7c 9371 }
wolfSSL 15:117db924cf7c 9372 obj = wolfSSL_ASN1_OBJECT_new();
wolfSSL 15:117db924cf7c 9373 if (obj == NULL) {
wolfSSL 15:117db924cf7c 9374 WOLFSSL_MSG("Issue creating WOLFSSL_ASN1_OBJECT struct");
wolfSSL 15:117db924cf7c 9375 return NULL;
wolfSSL 15:117db924cf7c 9376 }
wolfSSL 15:117db924cf7c 9377 obj->type = EXT_KEY_USAGE_OID;
wolfSSL 15:117db924cf7c 9378 obj->grp = oidCertExtType;
wolfSSL 15:117db924cf7c 9379 obj->obj = x509->extKeyUsageSrc;
wolfSSL 15:117db924cf7c 9380 obj->objSz = x509->extKeyUsageSz;
wolfSSL 16:8e0d178b1d1e 9381 obj->dynamic |= WOLFSSL_ASN1_DYNAMIC;
wolfSSL 16:8e0d178b1d1e 9382 obj->dynamic &= ~WOLFSSL_ASN1_DYNAMIC_DATA;
wolfSSL 15:117db924cf7c 9383 }
wolfSSL 15:117db924cf7c 9384 else {
wolfSSL 15:117db924cf7c 9385 WOLFSSL_MSG("No Extended Key Usage set");
wolfSSL 15:117db924cf7c 9386 }
wolfSSL 15:117db924cf7c 9387 break;
wolfSSL 15:117db924cf7c 9388
wolfSSL 15:117db924cf7c 9389 case NAME_CONS_OID:
wolfSSL 15:117db924cf7c 9390 WOLFSSL_MSG("Name Constraint OID extension not supported");
wolfSSL 15:117db924cf7c 9391 break;
wolfSSL 15:117db924cf7c 9392
wolfSSL 15:117db924cf7c 9393 case PRIV_KEY_USAGE_PERIOD_OID:
wolfSSL 15:117db924cf7c 9394 WOLFSSL_MSG("Private Key Usage Period extension not supported");
wolfSSL 15:117db924cf7c 9395 break;
wolfSSL 15:117db924cf7c 9396
wolfSSL 15:117db924cf7c 9397 case SUBJECT_INFO_ACCESS:
wolfSSL 15:117db924cf7c 9398 WOLFSSL_MSG("Subject Info Access extension not supported");
wolfSSL 15:117db924cf7c 9399 break;
wolfSSL 15:117db924cf7c 9400
wolfSSL 15:117db924cf7c 9401 case POLICY_MAP_OID:
wolfSSL 15:117db924cf7c 9402 WOLFSSL_MSG("Policy Map extension not supported");
wolfSSL 15:117db924cf7c 9403 break;
wolfSSL 15:117db924cf7c 9404
wolfSSL 15:117db924cf7c 9405 case POLICY_CONST_OID:
wolfSSL 15:117db924cf7c 9406 WOLFSSL_MSG("Policy Constraint extension not supported");
wolfSSL 15:117db924cf7c 9407 break;
wolfSSL 15:117db924cf7c 9408
wolfSSL 15:117db924cf7c 9409 case ISSUE_ALT_NAMES_OID:
wolfSSL 15:117db924cf7c 9410 WOLFSSL_MSG("Issue Alt Names extension not supported");
wolfSSL 15:117db924cf7c 9411 break;
wolfSSL 15:117db924cf7c 9412
wolfSSL 15:117db924cf7c 9413 case TLS_FEATURE_OID:
wolfSSL 15:117db924cf7c 9414 WOLFSSL_MSG("TLS Feature extension not supported");
wolfSSL 15:117db924cf7c 9415 break;
wolfSSL 15:117db924cf7c 9416
wolfSSL 15:117db924cf7c 9417 default:
wolfSSL 15:117db924cf7c 9418 WOLFSSL_MSG("Unsupported/Unknown extension OID");
wolfSSL 15:117db924cf7c 9419 }
wolfSSL 15:117db924cf7c 9420
wolfSSL 16:8e0d178b1d1e 9421 /* make sure stack of is allocated */
wolfSSL 16:8e0d178b1d1e 9422 if ((obj || gn) && sk == NULL) {
wolfSSL 16:8e0d178b1d1e 9423 sk = wolfSSL_sk_new_asn1_obj();
wolfSSL 16:8e0d178b1d1e 9424 if (sk == NULL) {
wolfSSL 16:8e0d178b1d1e 9425 goto err;
wolfSSL 16:8e0d178b1d1e 9426 }
wolfSSL 16:8e0d178b1d1e 9427 }
wolfSSL 16:8e0d178b1d1e 9428 if (obj && wolfSSL_sk_ASN1_OBJECT_push(sk, obj) == WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 9429 /* obj pushed successfully on stack */
wolfSSL 16:8e0d178b1d1e 9430 }
wolfSSL 16:8e0d178b1d1e 9431 else if (gn && wolfSSL_sk_GENERAL_NAME_push(sk, gn) == WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 9432 /* gn pushed successfully on stack */
wolfSSL 16:8e0d178b1d1e 9433 }
wolfSSL 16:8e0d178b1d1e 9434 else {
wolfSSL 16:8e0d178b1d1e 9435 /* Nothing to push or push failed */
wolfSSL 16:8e0d178b1d1e 9436 WOLFSSL_MSG("Error pushing ASN1_OBJECT or GENERAL_NAME object onto stack "
wolfSSL 16:8e0d178b1d1e 9437 "or nothing to push.");
wolfSSL 16:8e0d178b1d1e 9438 goto err;
wolfSSL 16:8e0d178b1d1e 9439 }
wolfSSL 16:8e0d178b1d1e 9440 ret = sk;
wolfSSL 15:117db924cf7c 9441
wolfSSL 15:117db924cf7c 9442 (void)idx;
wolfSSL 15:117db924cf7c 9443
wolfSSL 16:8e0d178b1d1e 9444 return ret;
wolfSSL 16:8e0d178b1d1e 9445
wolfSSL 16:8e0d178b1d1e 9446 err:
wolfSSL 16:8e0d178b1d1e 9447 if (obj) {
wolfSSL 16:8e0d178b1d1e 9448 wolfSSL_ASN1_OBJECT_free(obj);
wolfSSL 16:8e0d178b1d1e 9449 }
wolfSSL 16:8e0d178b1d1e 9450 if (gn) {
wolfSSL 16:8e0d178b1d1e 9451 wolfSSL_GENERAL_NAME_free(gn);
wolfSSL 16:8e0d178b1d1e 9452 }
wolfSSL 16:8e0d178b1d1e 9453 if (sk) {
wolfSSL 16:8e0d178b1d1e 9454 wolfSSL_sk_ASN1_OBJECT_free(sk);
wolfSSL 16:8e0d178b1d1e 9455 }
wolfSSL 16:8e0d178b1d1e 9456 return NULL;
wolfSSL 16:8e0d178b1d1e 9457 }
wolfSSL 16:8e0d178b1d1e 9458
wolfSSL 16:8e0d178b1d1e 9459
wolfSSL 16:8e0d178b1d1e 9460 int wolfSSL_X509_add_altname(WOLFSSL_X509* x509, const char* name, int type)
wolfSSL 16:8e0d178b1d1e 9461 {
wolfSSL 16:8e0d178b1d1e 9462 DNS_entry* newAltName = NULL;
wolfSSL 16:8e0d178b1d1e 9463 char* nameCopy = NULL;
wolfSSL 16:8e0d178b1d1e 9464 word32 nameSz;
wolfSSL 16:8e0d178b1d1e 9465
wolfSSL 16:8e0d178b1d1e 9466 if (x509 == NULL)
wolfSSL 16:8e0d178b1d1e 9467 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 9468
wolfSSL 16:8e0d178b1d1e 9469 if (name == NULL)
wolfSSL 16:8e0d178b1d1e 9470 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 9471
wolfSSL 16:8e0d178b1d1e 9472 nameSz = (word32)XSTRLEN(name);
wolfSSL 16:8e0d178b1d1e 9473 if (nameSz == 0)
wolfSSL 16:8e0d178b1d1e 9474 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 9475
wolfSSL 16:8e0d178b1d1e 9476 newAltName = (DNS_entry*)XMALLOC(sizeof(DNS_entry),
wolfSSL 16:8e0d178b1d1e 9477 x509->heap, DYNAMIC_TYPE_ALTNAME);
wolfSSL 16:8e0d178b1d1e 9478 if (newAltName == NULL)
wolfSSL 16:8e0d178b1d1e 9479 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 9480
wolfSSL 16:8e0d178b1d1e 9481 nameCopy = (char*)XMALLOC(nameSz + 1, x509->heap, DYNAMIC_TYPE_ALTNAME);
wolfSSL 16:8e0d178b1d1e 9482 if (nameCopy == NULL) {
wolfSSL 16:8e0d178b1d1e 9483 XFREE(newAltName, x509->heap, DYNAMIC_TYPE_ALTNAME);
wolfSSL 16:8e0d178b1d1e 9484 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 9485 }
wolfSSL 16:8e0d178b1d1e 9486
wolfSSL 16:8e0d178b1d1e 9487 XMEMCPY(nameCopy, name, nameSz + 1);
wolfSSL 16:8e0d178b1d1e 9488
wolfSSL 16:8e0d178b1d1e 9489 newAltName->next = x509->altNames;
wolfSSL 16:8e0d178b1d1e 9490 newAltName->type = type;
wolfSSL 16:8e0d178b1d1e 9491 newAltName->len = nameSz;
wolfSSL 16:8e0d178b1d1e 9492 newAltName->name = nameCopy;
wolfSSL 16:8e0d178b1d1e 9493 x509->altNames = newAltName;
wolfSSL 16:8e0d178b1d1e 9494
wolfSSL 16:8e0d178b1d1e 9495 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 9496 }
wolfSSL 16:8e0d178b1d1e 9497
wolfSSL 16:8e0d178b1d1e 9498
wolfSSL 16:8e0d178b1d1e 9499 #ifndef NO_WOLFSSL_STUB
wolfSSL 16:8e0d178b1d1e 9500 int wolfSSL_X509_add_ext(WOLFSSL_X509 *x509, WOLFSSL_X509_EXTENSION *ext, int loc)
wolfSSL 16:8e0d178b1d1e 9501 {
wolfSSL 16:8e0d178b1d1e 9502 WOLFSSL_STUB("wolfSSL_X509_add_ext");
wolfSSL 16:8e0d178b1d1e 9503 (void)x509;
wolfSSL 16:8e0d178b1d1e 9504 (void)ext;
wolfSSL 16:8e0d178b1d1e 9505 (void)loc;
wolfSSL 16:8e0d178b1d1e 9506 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 9507 }
wolfSSL 16:8e0d178b1d1e 9508
wolfSSL 16:8e0d178b1d1e 9509 /* currently LHASH is not implemented (and not needed for Apache port) */
wolfSSL 16:8e0d178b1d1e 9510 WOLFSSL_X509_EXTENSION* wolfSSL_X509V3_EXT_conf_nid(
wolfSSL 16:8e0d178b1d1e 9511 WOLF_LHASH_OF(CONF_VALUE)* conf, WOLFSSL_X509V3_CTX* ctx, int nid,
wolfSSL 16:8e0d178b1d1e 9512 char* value)
wolfSSL 16:8e0d178b1d1e 9513 {
wolfSSL 16:8e0d178b1d1e 9514 WOLFSSL_STUB("wolfSSL_X509V3_EXT_conf_nid");
wolfSSL 16:8e0d178b1d1e 9515
wolfSSL 16:8e0d178b1d1e 9516 if (conf != NULL) {
wolfSSL 16:8e0d178b1d1e 9517 WOLFSSL_MSG("Handling LHASH not implemented yet");
wolfSSL 16:8e0d178b1d1e 9518 return NULL;
wolfSSL 16:8e0d178b1d1e 9519 }
wolfSSL 16:8e0d178b1d1e 9520
wolfSSL 16:8e0d178b1d1e 9521 (void)conf;
wolfSSL 16:8e0d178b1d1e 9522 (void)ctx;
wolfSSL 16:8e0d178b1d1e 9523 (void)nid;
wolfSSL 16:8e0d178b1d1e 9524 (void)value;
wolfSSL 16:8e0d178b1d1e 9525 return NULL;
wolfSSL 16:8e0d178b1d1e 9526 }
wolfSSL 16:8e0d178b1d1e 9527
wolfSSL 16:8e0d178b1d1e 9528 void wolfSSL_X509V3_set_ctx_nodb(WOLFSSL_X509V3_CTX* ctx)
wolfSSL 16:8e0d178b1d1e 9529 {
wolfSSL 16:8e0d178b1d1e 9530 WOLFSSL_STUB("wolfSSL_X509V3_set_ctx_nodb");
wolfSSL 16:8e0d178b1d1e 9531 (void)ctx;
wolfSSL 16:8e0d178b1d1e 9532 }
wolfSSL 16:8e0d178b1d1e 9533 #endif /* !NO_WOLFSSL_STUB */
wolfSSL 16:8e0d178b1d1e 9534
wolfSSL 16:8e0d178b1d1e 9535 /* Returns pointer to ASN1_OBJECT from an X509_EXTENSION object */
wolfSSL 16:8e0d178b1d1e 9536 WOLFSSL_ASN1_OBJECT* wolfSSL_X509_EXTENSION_get_object \
wolfSSL 16:8e0d178b1d1e 9537 (WOLFSSL_X509_EXTENSION* ext)
wolfSSL 16:8e0d178b1d1e 9538 {
wolfSSL 16:8e0d178b1d1e 9539 WOLFSSL_ENTER("wolfSSL_X509_EXTENSION_get_object");
wolfSSL 16:8e0d178b1d1e 9540 if(ext == NULL)
wolfSSL 16:8e0d178b1d1e 9541 return NULL;
wolfSSL 16:8e0d178b1d1e 9542 return ext->obj;
wolfSSL 16:8e0d178b1d1e 9543 }
wolfSSL 16:8e0d178b1d1e 9544
wolfSSL 16:8e0d178b1d1e 9545 /* Returns pointer to ASN1_STRING in X509_EXTENSION object */
wolfSSL 16:8e0d178b1d1e 9546 WOLFSSL_ASN1_STRING* wolfSSL_X509_EXTENSION_get_data(WOLFSSL_X509_EXTENSION* ext)
wolfSSL 16:8e0d178b1d1e 9547 {
wolfSSL 16:8e0d178b1d1e 9548 WOLFSSL_ENTER("wolfSSL_X509_EXTENSION_get_data");
wolfSSL 16:8e0d178b1d1e 9549 if (ext == NULL)
wolfSSL 16:8e0d178b1d1e 9550 return NULL;
wolfSSL 16:8e0d178b1d1e 9551 return &ext->value;
wolfSSL 16:8e0d178b1d1e 9552 }
wolfSSL 16:8e0d178b1d1e 9553
wolfSSL 16:8e0d178b1d1e 9554 #if !defined(NO_PWDBASED)
wolfSSL 15:117db924cf7c 9555 int wolfSSL_X509_digest(const WOLFSSL_X509* x509, const WOLFSSL_EVP_MD* digest,
wolfSSL 15:117db924cf7c 9556 unsigned char* buf, unsigned int* len)
wolfSSL 15:117db924cf7c 9557 {
wolfSSL 16:8e0d178b1d1e 9558 int ret;
wolfSSL 16:8e0d178b1d1e 9559
wolfSSL 15:117db924cf7c 9560 WOLFSSL_ENTER("wolfSSL_X509_digest");
wolfSSL 15:117db924cf7c 9561
wolfSSL 15:117db924cf7c 9562 if (x509 == NULL || digest == NULL) {
wolfSSL 16:8e0d178b1d1e 9563 WOLFSSL_MSG("Null argument found");
wolfSSL 16:8e0d178b1d1e 9564 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 9565 }
wolfSSL 16:8e0d178b1d1e 9566
wolfSSL 16:8e0d178b1d1e 9567 if (x509->derCert == NULL) {
wolfSSL 16:8e0d178b1d1e 9568 WOLFSSL_MSG("No DER certificate stored in X509");
wolfSSL 16:8e0d178b1d1e 9569 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 9570 }
wolfSSL 16:8e0d178b1d1e 9571
wolfSSL 16:8e0d178b1d1e 9572 ret = wolfSSL_EVP_Digest(x509->derCert->buffer, x509->derCert->length, buf,
wolfSSL 15:117db924cf7c 9573 len, digest, NULL);
wolfSSL 16:8e0d178b1d1e 9574 WOLFSSL_LEAVE("wolfSSL_X509_digest", ret);
wolfSSL 16:8e0d178b1d1e 9575 return ret;
wolfSSL 16:8e0d178b1d1e 9576 }
wolfSSL 16:8e0d178b1d1e 9577 #endif
wolfSSL 15:117db924cf7c 9578
wolfSSL 15:117db924cf7c 9579 int wolfSSL_use_PrivateKey(WOLFSSL* ssl, WOLFSSL_EVP_PKEY* pkey)
wolfSSL 15:117db924cf7c 9580 {
wolfSSL 15:117db924cf7c 9581 WOLFSSL_ENTER("wolfSSL_use_PrivateKey");
wolfSSL 15:117db924cf7c 9582 if (ssl == NULL || pkey == NULL ) {
wolfSSL 15:117db924cf7c 9583 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 9584 }
wolfSSL 15:117db924cf7c 9585
wolfSSL 15:117db924cf7c 9586 return wolfSSL_use_PrivateKey_buffer(ssl, (unsigned char*)pkey->pkey.ptr,
wolfSSL 15:117db924cf7c 9587 pkey->pkey_sz, WOLFSSL_FILETYPE_ASN1);
wolfSSL 15:117db924cf7c 9588 }
wolfSSL 15:117db924cf7c 9589
wolfSSL 15:117db924cf7c 9590
wolfSSL 16:8e0d178b1d1e 9591 int wolfSSL_use_PrivateKey_ASN1(int pri, WOLFSSL* ssl, const unsigned char* der,
wolfSSL 15:117db924cf7c 9592 long derSz)
wolfSSL 15:117db924cf7c 9593 {
wolfSSL 15:117db924cf7c 9594 WOLFSSL_ENTER("wolfSSL_use_PrivateKey_ASN1");
wolfSSL 15:117db924cf7c 9595 if (ssl == NULL || der == NULL ) {
wolfSSL 15:117db924cf7c 9596 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 9597 }
wolfSSL 15:117db924cf7c 9598
wolfSSL 15:117db924cf7c 9599 (void)pri; /* type of private key */
wolfSSL 15:117db924cf7c 9600 return wolfSSL_use_PrivateKey_buffer(ssl, der, derSz, WOLFSSL_FILETYPE_ASN1);
wolfSSL 15:117db924cf7c 9601 }
wolfSSL 16:8e0d178b1d1e 9602 /******************************************************************************
wolfSSL 16:8e0d178b1d1e 9603 * wolfSSL_CTX_use_PrivateKey_ASN1 - loads a private key buffer into the SSL ctx
wolfSSL 16:8e0d178b1d1e 9604 *
wolfSSL 16:8e0d178b1d1e 9605 * RETURNS:
wolfSSL 16:8e0d178b1d1e 9606 * returns WOLFSSL_SUCCESS on success, otherwise returns WOLFSSL_FAILURE
wolfSSL 16:8e0d178b1d1e 9607 */
wolfSSL 16:8e0d178b1d1e 9608
wolfSSL 16:8e0d178b1d1e 9609 int wolfSSL_CTX_use_PrivateKey_ASN1(int pri, WOLFSSL_CTX* ctx,
wolfSSL 16:8e0d178b1d1e 9610 unsigned char* der, long derSz)
wolfSSL 16:8e0d178b1d1e 9611 {
wolfSSL 16:8e0d178b1d1e 9612 WOLFSSL_ENTER("wolfSSL_CTX_use_PrivateKey_ASN1");
wolfSSL 16:8e0d178b1d1e 9613 if (ctx == NULL || der == NULL ) {
wolfSSL 16:8e0d178b1d1e 9614 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 9615 }
wolfSSL 16:8e0d178b1d1e 9616
wolfSSL 16:8e0d178b1d1e 9617 (void)pri; /* type of private key */
wolfSSL 16:8e0d178b1d1e 9618 return wolfSSL_CTX_use_PrivateKey_buffer(ctx, der, derSz, WOLFSSL_FILETYPE_ASN1);
wolfSSL 16:8e0d178b1d1e 9619 }
wolfSSL 15:117db924cf7c 9620
wolfSSL 15:117db924cf7c 9621
wolfSSL 15:117db924cf7c 9622 #ifndef NO_RSA
wolfSSL 15:117db924cf7c 9623 int wolfSSL_use_RSAPrivateKey_ASN1(WOLFSSL* ssl, unsigned char* der, long derSz)
wolfSSL 15:117db924cf7c 9624 {
wolfSSL 15:117db924cf7c 9625 WOLFSSL_ENTER("wolfSSL_use_RSAPrivateKey_ASN1");
wolfSSL 15:117db924cf7c 9626 if (ssl == NULL || der == NULL ) {
wolfSSL 15:117db924cf7c 9627 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 9628 }
wolfSSL 15:117db924cf7c 9629
wolfSSL 15:117db924cf7c 9630 return wolfSSL_use_PrivateKey_buffer(ssl, der, derSz, WOLFSSL_FILETYPE_ASN1);
wolfSSL 15:117db924cf7c 9631 }
wolfSSL 15:117db924cf7c 9632 #endif
wolfSSL 15:117db924cf7c 9633
wolfSSL 15:117db924cf7c 9634 int wolfSSL_use_certificate(WOLFSSL* ssl, WOLFSSL_X509* x509)
wolfSSL 15:117db924cf7c 9635 {
wolfSSL 15:117db924cf7c 9636 long idx;
wolfSSL 15:117db924cf7c 9637
wolfSSL 15:117db924cf7c 9638 WOLFSSL_ENTER("wolfSSL_use_certificate");
wolfSSL 15:117db924cf7c 9639 if (x509 != NULL && ssl != NULL && x509->derCert != NULL) {
wolfSSL 15:117db924cf7c 9640 if (ProcessBuffer(NULL, x509->derCert->buffer, x509->derCert->length,
wolfSSL 16:8e0d178b1d1e 9641 WOLFSSL_FILETYPE_ASN1, CERT_TYPE, ssl, &idx, 0,
wolfSSL 16:8e0d178b1d1e 9642 GET_VERIFY_SETTING_SSL(ssl)) == WOLFSSL_SUCCESS) {
wolfSSL 15:117db924cf7c 9643 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 9644 }
wolfSSL 15:117db924cf7c 9645 }
wolfSSL 15:117db924cf7c 9646
wolfSSL 15:117db924cf7c 9647 (void)idx;
wolfSSL 15:117db924cf7c 9648 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 9649 }
wolfSSL 16:8e0d178b1d1e 9650
wolfSSL 15:117db924cf7c 9651 #endif /* NO_CERTS */
wolfSSL 15:117db924cf7c 9652
wolfSSL 16:8e0d178b1d1e 9653 #endif /* OPENSSL_EXTRA */
wolfSSL 16:8e0d178b1d1e 9654
wolfSSL 16:8e0d178b1d1e 9655 #ifndef NO_CERTS
wolfSSL 16:8e0d178b1d1e 9656 int wolfSSL_use_certificate_ASN1(WOLFSSL* ssl, const unsigned char* der,
wolfSSL 16:8e0d178b1d1e 9657 int derSz)
wolfSSL 16:8e0d178b1d1e 9658 {
wolfSSL 16:8e0d178b1d1e 9659 long idx;
wolfSSL 16:8e0d178b1d1e 9660
wolfSSL 16:8e0d178b1d1e 9661 WOLFSSL_ENTER("wolfSSL_use_certificate_ASN1");
wolfSSL 16:8e0d178b1d1e 9662 if (der != NULL && ssl != NULL) {
wolfSSL 16:8e0d178b1d1e 9663 if (ProcessBuffer(NULL, der, derSz, WOLFSSL_FILETYPE_ASN1, CERT_TYPE,
wolfSSL 16:8e0d178b1d1e 9664 ssl, &idx, 0, GET_VERIFY_SETTING_SSL(ssl)) == WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 9665 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 9666 }
wolfSSL 16:8e0d178b1d1e 9667 }
wolfSSL 16:8e0d178b1d1e 9668
wolfSSL 16:8e0d178b1d1e 9669 (void)idx;
wolfSSL 16:8e0d178b1d1e 9670 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 9671 }
wolfSSL 16:8e0d178b1d1e 9672
wolfSSL 15:117db924cf7c 9673 #ifndef NO_FILESYSTEM
wolfSSL 15:117db924cf7c 9674
wolfSSL 16:8e0d178b1d1e 9675 WOLFSSL_ABI
wolfSSL 15:117db924cf7c 9676 int wolfSSL_use_certificate_file(WOLFSSL* ssl, const char* file, int format)
wolfSSL 15:117db924cf7c 9677 {
wolfSSL 15:117db924cf7c 9678 WOLFSSL_ENTER("wolfSSL_use_certificate_file");
wolfSSL 16:8e0d178b1d1e 9679
wolfSSL 16:8e0d178b1d1e 9680 if (ssl == NULL) {
wolfSSL 16:8e0d178b1d1e 9681 return BAD_FUNC_ARG;
wolfSSL 16:8e0d178b1d1e 9682 }
wolfSSL 16:8e0d178b1d1e 9683
wolfSSL 15:117db924cf7c 9684 if (ProcessFile(ssl->ctx, file, format, CERT_TYPE,
wolfSSL 16:8e0d178b1d1e 9685 ssl, 0, NULL, GET_VERIFY_SETTING_SSL(ssl)) == WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 9686 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 9687 }
wolfSSL 16:8e0d178b1d1e 9688
wolfSSL 16:8e0d178b1d1e 9689 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 9690 }
wolfSSL 16:8e0d178b1d1e 9691
wolfSSL 16:8e0d178b1d1e 9692
wolfSSL 16:8e0d178b1d1e 9693 WOLFSSL_ABI
wolfSSL 15:117db924cf7c 9694 int wolfSSL_use_PrivateKey_file(WOLFSSL* ssl, const char* file, int format)
wolfSSL 15:117db924cf7c 9695 {
wolfSSL 15:117db924cf7c 9696 WOLFSSL_ENTER("wolfSSL_use_PrivateKey_file");
wolfSSL 16:8e0d178b1d1e 9697
wolfSSL 16:8e0d178b1d1e 9698 if (ssl == NULL) {
wolfSSL 16:8e0d178b1d1e 9699 return BAD_FUNC_ARG;
wolfSSL 16:8e0d178b1d1e 9700 }
wolfSSL 16:8e0d178b1d1e 9701
wolfSSL 15:117db924cf7c 9702 if (ProcessFile(ssl->ctx, file, format, PRIVATEKEY_TYPE,
wolfSSL 16:8e0d178b1d1e 9703 ssl, 0, NULL, GET_VERIFY_SETTING_SSL(ssl)) == WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 9704 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 9705 }
wolfSSL 16:8e0d178b1d1e 9706
wolfSSL 16:8e0d178b1d1e 9707 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 9708 }
wolfSSL 16:8e0d178b1d1e 9709
wolfSSL 16:8e0d178b1d1e 9710
wolfSSL 16:8e0d178b1d1e 9711 WOLFSSL_ABI
wolfSSL 15:117db924cf7c 9712 int wolfSSL_use_certificate_chain_file(WOLFSSL* ssl, const char* file)
wolfSSL 15:117db924cf7c 9713 {
wolfSSL 16:8e0d178b1d1e 9714 /* process up to MAX_CHAIN_DEPTH plus subject cert */
wolfSSL 16:8e0d178b1d1e 9715 WOLFSSL_ENTER("wolfSSL_use_certificate_chain_file");
wolfSSL 16:8e0d178b1d1e 9716
wolfSSL 16:8e0d178b1d1e 9717 if (ssl == NULL) {
wolfSSL 16:8e0d178b1d1e 9718 return BAD_FUNC_ARG;
wolfSSL 16:8e0d178b1d1e 9719 }
wolfSSL 16:8e0d178b1d1e 9720
wolfSSL 16:8e0d178b1d1e 9721 if (ProcessFile(ssl->ctx, file, WOLFSSL_FILETYPE_PEM, CERT_TYPE,
wolfSSL 16:8e0d178b1d1e 9722 ssl, 1, NULL, GET_VERIFY_SETTING_SSL(ssl)) == WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 9723 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 9724 }
wolfSSL 15:117db924cf7c 9725
wolfSSL 15:117db924cf7c 9726 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 9727 }
wolfSSL 15:117db924cf7c 9728
wolfSSL 15:117db924cf7c 9729 int wolfSSL_use_certificate_chain_file_format(WOLFSSL* ssl, const char* file,
wolfSSL 15:117db924cf7c 9730 int format)
wolfSSL 15:117db924cf7c 9731 {
wolfSSL 16:8e0d178b1d1e 9732 /* process up to MAX_CHAIN_DEPTH plus subject cert */
wolfSSL 16:8e0d178b1d1e 9733 WOLFSSL_ENTER("wolfSSL_use_certificate_chain_file_format");
wolfSSL 16:8e0d178b1d1e 9734
wolfSSL 16:8e0d178b1d1e 9735 if (ssl == NULL) {
wolfSSL 16:8e0d178b1d1e 9736 return BAD_FUNC_ARG;
wolfSSL 16:8e0d178b1d1e 9737 }
wolfSSL 16:8e0d178b1d1e 9738
wolfSSL 16:8e0d178b1d1e 9739 if (ProcessFile(ssl->ctx, file, format, CERT_TYPE, ssl, 1,
wolfSSL 16:8e0d178b1d1e 9740 NULL, GET_VERIFY_SETTING_SSL(ssl)) == WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 9741 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 9742 }
wolfSSL 16:8e0d178b1d1e 9743 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 9744 }
wolfSSL 16:8e0d178b1d1e 9745
wolfSSL 16:8e0d178b1d1e 9746 #endif /* !NO_FILESYSTEM */
wolfSSL 16:8e0d178b1d1e 9747 #endif /* !NO_CERTS */
wolfSSL 15:117db924cf7c 9748
wolfSSL 15:117db924cf7c 9749 #ifdef HAVE_ECC
wolfSSL 15:117db924cf7c 9750
wolfSSL 15:117db924cf7c 9751 /* Set Temp CTX EC-DHE size in octets, should be 20 - 66 for 160 - 521 bit */
wolfSSL 15:117db924cf7c 9752 int wolfSSL_CTX_SetTmpEC_DHE_Sz(WOLFSSL_CTX* ctx, word16 sz)
wolfSSL 15:117db924cf7c 9753 {
wolfSSL 16:8e0d178b1d1e 9754 if (ctx == NULL)
wolfSSL 16:8e0d178b1d1e 9755 return BAD_FUNC_ARG;
wolfSSL 16:8e0d178b1d1e 9756
wolfSSL 16:8e0d178b1d1e 9757 if (sz == 0) {
wolfSSL 16:8e0d178b1d1e 9758 /* applies only to ECDSA */
wolfSSL 16:8e0d178b1d1e 9759 if (ctx->privateKeyType != ecc_dsa_sa_algo)
wolfSSL 16:8e0d178b1d1e 9760 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 9761
wolfSSL 16:8e0d178b1d1e 9762 if (ctx->privateKeySz == 0) {
wolfSSL 16:8e0d178b1d1e 9763 WOLFSSL_MSG("Must set private key/cert first");
wolfSSL 16:8e0d178b1d1e 9764 return BAD_FUNC_ARG;
wolfSSL 16:8e0d178b1d1e 9765 }
wolfSSL 16:8e0d178b1d1e 9766
wolfSSL 16:8e0d178b1d1e 9767 sz = (word16)ctx->privateKeySz;
wolfSSL 16:8e0d178b1d1e 9768 }
wolfSSL 16:8e0d178b1d1e 9769
wolfSSL 16:8e0d178b1d1e 9770 /* check size */
wolfSSL 16:8e0d178b1d1e 9771 if (sz < ECC_MINSIZE || sz > ECC_MAXSIZE)
wolfSSL 15:117db924cf7c 9772 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 9773
wolfSSL 15:117db924cf7c 9774 ctx->eccTempKeySz = sz;
wolfSSL 15:117db924cf7c 9775
wolfSSL 15:117db924cf7c 9776 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 9777 }
wolfSSL 15:117db924cf7c 9778
wolfSSL 15:117db924cf7c 9779
wolfSSL 15:117db924cf7c 9780 /* Set Temp SSL EC-DHE size in octets, should be 20 - 66 for 160 - 521 bit */
wolfSSL 15:117db924cf7c 9781 int wolfSSL_SetTmpEC_DHE_Sz(WOLFSSL* ssl, word16 sz)
wolfSSL 15:117db924cf7c 9782 {
wolfSSL 15:117db924cf7c 9783 if (ssl == NULL || sz < ECC_MINSIZE || sz > ECC_MAXSIZE)
wolfSSL 15:117db924cf7c 9784 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 9785
wolfSSL 15:117db924cf7c 9786 ssl->eccTempKeySz = sz;
wolfSSL 15:117db924cf7c 9787
wolfSSL 15:117db924cf7c 9788 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 9789 }
wolfSSL 15:117db924cf7c 9790
wolfSSL 15:117db924cf7c 9791 #endif /* HAVE_ECC */
wolfSSL 15:117db924cf7c 9792
wolfSSL 15:117db924cf7c 9793
wolfSSL 16:8e0d178b1d1e 9794 #ifdef OPENSSL_EXTRA
wolfSSL 16:8e0d178b1d1e 9795
wolfSSL 16:8e0d178b1d1e 9796 #ifndef NO_FILESYSTEM
wolfSSL 15:117db924cf7c 9797 int wolfSSL_CTX_use_RSAPrivateKey_file(WOLFSSL_CTX* ctx,const char* file,
wolfSSL 15:117db924cf7c 9798 int format)
wolfSSL 15:117db924cf7c 9799 {
wolfSSL 15:117db924cf7c 9800 WOLFSSL_ENTER("SSL_CTX_use_RSAPrivateKey_file");
wolfSSL 15:117db924cf7c 9801
wolfSSL 15:117db924cf7c 9802 return wolfSSL_CTX_use_PrivateKey_file(ctx, file, format);
wolfSSL 15:117db924cf7c 9803 }
wolfSSL 15:117db924cf7c 9804
wolfSSL 15:117db924cf7c 9805
wolfSSL 15:117db924cf7c 9806 int wolfSSL_use_RSAPrivateKey_file(WOLFSSL* ssl, const char* file, int format)
wolfSSL 15:117db924cf7c 9807 {
wolfSSL 15:117db924cf7c 9808 WOLFSSL_ENTER("wolfSSL_use_RSAPrivateKey_file");
wolfSSL 15:117db924cf7c 9809
wolfSSL 15:117db924cf7c 9810 return wolfSSL_use_PrivateKey_file(ssl, file, format);
wolfSSL 15:117db924cf7c 9811 }
wolfSSL 15:117db924cf7c 9812 #endif /* NO_FILESYSTEM */
wolfSSL 15:117db924cf7c 9813
wolfSSL 16:8e0d178b1d1e 9814
wolfSSL 15:117db924cf7c 9815 /* Copies the master secret over to out buffer. If outSz is 0 returns the size
wolfSSL 15:117db924cf7c 9816 * of master secret.
wolfSSL 15:117db924cf7c 9817 *
wolfSSL 15:117db924cf7c 9818 * ses : a session from completed TLS/SSL handshake
wolfSSL 15:117db924cf7c 9819 * out : buffer to hold copy of master secret
wolfSSL 15:117db924cf7c 9820 * outSz : size of out buffer
wolfSSL 15:117db924cf7c 9821 * returns : number of bytes copied into out buffer on success
wolfSSL 15:117db924cf7c 9822 * less then or equal to 0 is considered a failure case
wolfSSL 15:117db924cf7c 9823 */
wolfSSL 15:117db924cf7c 9824 int wolfSSL_SESSION_get_master_key(const WOLFSSL_SESSION* ses,
wolfSSL 15:117db924cf7c 9825 unsigned char* out, int outSz)
wolfSSL 15:117db924cf7c 9826 {
wolfSSL 15:117db924cf7c 9827 int size;
wolfSSL 15:117db924cf7c 9828
wolfSSL 15:117db924cf7c 9829 if (outSz == 0) {
wolfSSL 15:117db924cf7c 9830 return SECRET_LEN;
wolfSSL 15:117db924cf7c 9831 }
wolfSSL 15:117db924cf7c 9832
wolfSSL 15:117db924cf7c 9833 if (ses == NULL || out == NULL || outSz < 0) {
wolfSSL 15:117db924cf7c 9834 return 0;
wolfSSL 15:117db924cf7c 9835 }
wolfSSL 15:117db924cf7c 9836
wolfSSL 15:117db924cf7c 9837 if (outSz > SECRET_LEN) {
wolfSSL 15:117db924cf7c 9838 size = SECRET_LEN;
wolfSSL 15:117db924cf7c 9839 }
wolfSSL 15:117db924cf7c 9840 else {
wolfSSL 15:117db924cf7c 9841 size = outSz;
wolfSSL 15:117db924cf7c 9842 }
wolfSSL 15:117db924cf7c 9843
wolfSSL 15:117db924cf7c 9844 XMEMCPY(out, ses->masterSecret, size);
wolfSSL 15:117db924cf7c 9845 return size;
wolfSSL 15:117db924cf7c 9846 }
wolfSSL 15:117db924cf7c 9847
wolfSSL 15:117db924cf7c 9848
wolfSSL 15:117db924cf7c 9849 int wolfSSL_SESSION_get_master_key_length(const WOLFSSL_SESSION* ses)
wolfSSL 15:117db924cf7c 9850 {
wolfSSL 15:117db924cf7c 9851 (void)ses;
wolfSSL 15:117db924cf7c 9852 return SECRET_LEN;
wolfSSL 15:117db924cf7c 9853 }
wolfSSL 15:117db924cf7c 9854
wolfSSL 15:117db924cf7c 9855 #endif /* OPENSSL_EXTRA */
wolfSSL 15:117db924cf7c 9856
wolfSSL 15:117db924cf7c 9857 #ifndef NO_FILESYSTEM
wolfSSL 15:117db924cf7c 9858 #ifdef HAVE_NTRU
wolfSSL 15:117db924cf7c 9859
wolfSSL 15:117db924cf7c 9860 int wolfSSL_CTX_use_NTRUPrivateKey_file(WOLFSSL_CTX* ctx, const char* file)
wolfSSL 15:117db924cf7c 9861 {
wolfSSL 15:117db924cf7c 9862 WOLFSSL_ENTER("wolfSSL_CTX_use_NTRUPrivateKey_file");
wolfSSL 16:8e0d178b1d1e 9863
wolfSSL 15:117db924cf7c 9864 if (ctx == NULL)
wolfSSL 15:117db924cf7c 9865 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 9866
wolfSSL 16:8e0d178b1d1e 9867 if (ProcessFile(ctx, file, WOLFSSL_FILETYPE_RAW, PRIVATEKEY_TYPE, NULL, 0,
wolfSSL 16:8e0d178b1d1e 9868 NULL, GET_VERIFY_SETTING_CTX(ctx)) == WOLFSSL_SUCCESS) {
wolfSSL 15:117db924cf7c 9869 ctx->haveNTRU = 1;
wolfSSL 15:117db924cf7c 9870 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 9871 }
wolfSSL 15:117db924cf7c 9872
wolfSSL 15:117db924cf7c 9873 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 9874 }
wolfSSL 15:117db924cf7c 9875
wolfSSL 15:117db924cf7c 9876 #endif /* HAVE_NTRU */
wolfSSL 15:117db924cf7c 9877
wolfSSL 15:117db924cf7c 9878
wolfSSL 15:117db924cf7c 9879 #endif /* NO_FILESYSTEM */
wolfSSL 15:117db924cf7c 9880
wolfSSL 15:117db924cf7c 9881
wolfSSL 15:117db924cf7c 9882 void wolfSSL_CTX_set_verify(WOLFSSL_CTX* ctx, int mode, VerifyCallback vc)
wolfSSL 15:117db924cf7c 9883 {
wolfSSL 15:117db924cf7c 9884 WOLFSSL_ENTER("wolfSSL_CTX_set_verify");
wolfSSL 16:8e0d178b1d1e 9885 if (ctx == NULL)
wolfSSL 16:8e0d178b1d1e 9886 return;
wolfSSL 16:8e0d178b1d1e 9887
wolfSSL 15:117db924cf7c 9888 if (mode & WOLFSSL_VERIFY_PEER) {
wolfSSL 15:117db924cf7c 9889 ctx->verifyPeer = 1;
wolfSSL 15:117db924cf7c 9890 ctx->verifyNone = 0; /* in case previously set */
wolfSSL 15:117db924cf7c 9891 }
wolfSSL 15:117db924cf7c 9892
wolfSSL 15:117db924cf7c 9893 if (mode == WOLFSSL_VERIFY_NONE) {
wolfSSL 15:117db924cf7c 9894 ctx->verifyNone = 1;
wolfSSL 15:117db924cf7c 9895 ctx->verifyPeer = 0; /* in case previously set */
wolfSSL 15:117db924cf7c 9896 }
wolfSSL 15:117db924cf7c 9897
wolfSSL 16:8e0d178b1d1e 9898 if (mode & WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT) {
wolfSSL 15:117db924cf7c 9899 ctx->failNoCert = 1;
wolfSSL 16:8e0d178b1d1e 9900 }
wolfSSL 15:117db924cf7c 9901
wolfSSL 15:117db924cf7c 9902 if (mode & WOLFSSL_VERIFY_FAIL_EXCEPT_PSK) {
wolfSSL 15:117db924cf7c 9903 ctx->failNoCert = 0; /* fail on all is set to fail on PSK */
wolfSSL 15:117db924cf7c 9904 ctx->failNoCertxPSK = 1;
wolfSSL 15:117db924cf7c 9905 }
wolfSSL 15:117db924cf7c 9906
wolfSSL 15:117db924cf7c 9907 ctx->verifyCallback = vc;
wolfSSL 15:117db924cf7c 9908 }
wolfSSL 15:117db924cf7c 9909
wolfSSL 16:8e0d178b1d1e 9910 #ifdef OPENSSL_ALL
wolfSSL 16:8e0d178b1d1e 9911 void wolfSSL_CTX_set_cert_verify_callback(WOLFSSL_CTX* ctx,
wolfSSL 16:8e0d178b1d1e 9912 CertVerifyCallback cb, void* arg)
wolfSSL 16:8e0d178b1d1e 9913 {
wolfSSL 16:8e0d178b1d1e 9914 WOLFSSL_ENTER("SSL_CTX_set_cert_verify_callback");
wolfSSL 16:8e0d178b1d1e 9915 if (ctx == NULL)
wolfSSL 16:8e0d178b1d1e 9916 return;
wolfSSL 16:8e0d178b1d1e 9917
wolfSSL 16:8e0d178b1d1e 9918 ctx->verifyCertCb = cb;
wolfSSL 16:8e0d178b1d1e 9919 ctx->verifyCertCbArg = arg;
wolfSSL 16:8e0d178b1d1e 9920 }
wolfSSL 16:8e0d178b1d1e 9921 #endif
wolfSSL 16:8e0d178b1d1e 9922
wolfSSL 15:117db924cf7c 9923
wolfSSL 15:117db924cf7c 9924 void wolfSSL_set_verify(WOLFSSL* ssl, int mode, VerifyCallback vc)
wolfSSL 15:117db924cf7c 9925 {
wolfSSL 15:117db924cf7c 9926 WOLFSSL_ENTER("wolfSSL_set_verify");
wolfSSL 16:8e0d178b1d1e 9927 if (ssl == NULL)
wolfSSL 16:8e0d178b1d1e 9928 return;
wolfSSL 16:8e0d178b1d1e 9929
wolfSSL 15:117db924cf7c 9930 if (mode & WOLFSSL_VERIFY_PEER) {
wolfSSL 15:117db924cf7c 9931 ssl->options.verifyPeer = 1;
wolfSSL 15:117db924cf7c 9932 ssl->options.verifyNone = 0; /* in case previously set */
wolfSSL 15:117db924cf7c 9933 }
wolfSSL 15:117db924cf7c 9934
wolfSSL 15:117db924cf7c 9935 if (mode == WOLFSSL_VERIFY_NONE) {
wolfSSL 15:117db924cf7c 9936 ssl->options.verifyNone = 1;
wolfSSL 15:117db924cf7c 9937 ssl->options.verifyPeer = 0; /* in case previously set */
wolfSSL 15:117db924cf7c 9938 }
wolfSSL 15:117db924cf7c 9939
wolfSSL 15:117db924cf7c 9940 if (mode & WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT)
wolfSSL 15:117db924cf7c 9941 ssl->options.failNoCert = 1;
wolfSSL 15:117db924cf7c 9942
wolfSSL 15:117db924cf7c 9943 if (mode & WOLFSSL_VERIFY_FAIL_EXCEPT_PSK) {
wolfSSL 15:117db924cf7c 9944 ssl->options.failNoCert = 0; /* fail on all is set to fail on PSK */
wolfSSL 15:117db924cf7c 9945 ssl->options.failNoCertxPSK = 1;
wolfSSL 15:117db924cf7c 9946 }
wolfSSL 15:117db924cf7c 9947
wolfSSL 15:117db924cf7c 9948 ssl->verifyCallback = vc;
wolfSSL 15:117db924cf7c 9949 }
wolfSSL 15:117db924cf7c 9950
wolfSSL 16:8e0d178b1d1e 9951 void wolfSSL_set_verify_result(WOLFSSL *ssl, long v)
wolfSSL 16:8e0d178b1d1e 9952 {
wolfSSL 16:8e0d178b1d1e 9953 WOLFSSL_ENTER("wolfSSL_set_verify_result");
wolfSSL 16:8e0d178b1d1e 9954
wolfSSL 16:8e0d178b1d1e 9955 if (ssl == NULL)
wolfSSL 16:8e0d178b1d1e 9956 return;
wolfSSL 16:8e0d178b1d1e 9957
wolfSSL 16:8e0d178b1d1e 9958 #ifdef OPENSSL_ALL
wolfSSL 16:8e0d178b1d1e 9959 ssl->verifyCallbackResult = v;
wolfSSL 16:8e0d178b1d1e 9960 #else
wolfSSL 16:8e0d178b1d1e 9961 (void)v;
wolfSSL 16:8e0d178b1d1e 9962 WOLFSSL_STUB("wolfSSL_set_verify_result");
wolfSSL 16:8e0d178b1d1e 9963 #endif
wolfSSL 16:8e0d178b1d1e 9964 }
wolfSSL 15:117db924cf7c 9965
wolfSSL 15:117db924cf7c 9966 /* store user ctx for verify callback */
wolfSSL 15:117db924cf7c 9967 void wolfSSL_SetCertCbCtx(WOLFSSL* ssl, void* ctx)
wolfSSL 15:117db924cf7c 9968 {
wolfSSL 15:117db924cf7c 9969 WOLFSSL_ENTER("wolfSSL_SetCertCbCtx");
wolfSSL 15:117db924cf7c 9970 if (ssl)
wolfSSL 15:117db924cf7c 9971 ssl->verifyCbCtx = ctx;
wolfSSL 15:117db924cf7c 9972 }
wolfSSL 15:117db924cf7c 9973
wolfSSL 15:117db924cf7c 9974
wolfSSL 15:117db924cf7c 9975 /* store context CA Cache addition callback */
wolfSSL 15:117db924cf7c 9976 void wolfSSL_CTX_SetCACb(WOLFSSL_CTX* ctx, CallbackCACache cb)
wolfSSL 15:117db924cf7c 9977 {
wolfSSL 15:117db924cf7c 9978 if (ctx && ctx->cm)
wolfSSL 15:117db924cf7c 9979 ctx->cm->caCacheCallback = cb;
wolfSSL 15:117db924cf7c 9980 }
wolfSSL 15:117db924cf7c 9981
wolfSSL 15:117db924cf7c 9982
wolfSSL 15:117db924cf7c 9983 #if defined(PERSIST_CERT_CACHE)
wolfSSL 15:117db924cf7c 9984
wolfSSL 15:117db924cf7c 9985 #if !defined(NO_FILESYSTEM)
wolfSSL 15:117db924cf7c 9986
wolfSSL 15:117db924cf7c 9987 /* Persist cert cache to file */
wolfSSL 15:117db924cf7c 9988 int wolfSSL_CTX_save_cert_cache(WOLFSSL_CTX* ctx, const char* fname)
wolfSSL 15:117db924cf7c 9989 {
wolfSSL 15:117db924cf7c 9990 WOLFSSL_ENTER("wolfSSL_CTX_save_cert_cache");
wolfSSL 15:117db924cf7c 9991
wolfSSL 15:117db924cf7c 9992 if (ctx == NULL || fname == NULL)
wolfSSL 15:117db924cf7c 9993 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 9994
wolfSSL 15:117db924cf7c 9995 return CM_SaveCertCache(ctx->cm, fname);
wolfSSL 15:117db924cf7c 9996 }
wolfSSL 15:117db924cf7c 9997
wolfSSL 15:117db924cf7c 9998
wolfSSL 15:117db924cf7c 9999 /* Persist cert cache from file */
wolfSSL 15:117db924cf7c 10000 int wolfSSL_CTX_restore_cert_cache(WOLFSSL_CTX* ctx, const char* fname)
wolfSSL 15:117db924cf7c 10001 {
wolfSSL 15:117db924cf7c 10002 WOLFSSL_ENTER("wolfSSL_CTX_restore_cert_cache");
wolfSSL 15:117db924cf7c 10003
wolfSSL 15:117db924cf7c 10004 if (ctx == NULL || fname == NULL)
wolfSSL 15:117db924cf7c 10005 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 10006
wolfSSL 15:117db924cf7c 10007 return CM_RestoreCertCache(ctx->cm, fname);
wolfSSL 15:117db924cf7c 10008 }
wolfSSL 15:117db924cf7c 10009
wolfSSL 15:117db924cf7c 10010 #endif /* NO_FILESYSTEM */
wolfSSL 15:117db924cf7c 10011
wolfSSL 15:117db924cf7c 10012 /* Persist cert cache to memory */
wolfSSL 15:117db924cf7c 10013 int wolfSSL_CTX_memsave_cert_cache(WOLFSSL_CTX* ctx, void* mem,
wolfSSL 15:117db924cf7c 10014 int sz, int* used)
wolfSSL 15:117db924cf7c 10015 {
wolfSSL 15:117db924cf7c 10016 WOLFSSL_ENTER("wolfSSL_CTX_memsave_cert_cache");
wolfSSL 15:117db924cf7c 10017
wolfSSL 15:117db924cf7c 10018 if (ctx == NULL || mem == NULL || used == NULL || sz <= 0)
wolfSSL 15:117db924cf7c 10019 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 10020
wolfSSL 15:117db924cf7c 10021 return CM_MemSaveCertCache(ctx->cm, mem, sz, used);
wolfSSL 15:117db924cf7c 10022 }
wolfSSL 15:117db924cf7c 10023
wolfSSL 15:117db924cf7c 10024
wolfSSL 15:117db924cf7c 10025 /* Restore cert cache from memory */
wolfSSL 15:117db924cf7c 10026 int wolfSSL_CTX_memrestore_cert_cache(WOLFSSL_CTX* ctx, const void* mem, int sz)
wolfSSL 15:117db924cf7c 10027 {
wolfSSL 15:117db924cf7c 10028 WOLFSSL_ENTER("wolfSSL_CTX_memrestore_cert_cache");
wolfSSL 15:117db924cf7c 10029
wolfSSL 15:117db924cf7c 10030 if (ctx == NULL || mem == NULL || sz <= 0)
wolfSSL 15:117db924cf7c 10031 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 10032
wolfSSL 15:117db924cf7c 10033 return CM_MemRestoreCertCache(ctx->cm, mem, sz);
wolfSSL 15:117db924cf7c 10034 }
wolfSSL 15:117db924cf7c 10035
wolfSSL 15:117db924cf7c 10036
wolfSSL 15:117db924cf7c 10037 /* get how big the the cert cache save buffer needs to be */
wolfSSL 15:117db924cf7c 10038 int wolfSSL_CTX_get_cert_cache_memsize(WOLFSSL_CTX* ctx)
wolfSSL 15:117db924cf7c 10039 {
wolfSSL 15:117db924cf7c 10040 WOLFSSL_ENTER("wolfSSL_CTX_get_cert_cache_memsize");
wolfSSL 15:117db924cf7c 10041
wolfSSL 15:117db924cf7c 10042 if (ctx == NULL)
wolfSSL 15:117db924cf7c 10043 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 10044
wolfSSL 15:117db924cf7c 10045 return CM_GetCertCacheMemSize(ctx->cm);
wolfSSL 15:117db924cf7c 10046 }
wolfSSL 15:117db924cf7c 10047
wolfSSL 15:117db924cf7c 10048 #endif /* PERSIST_CERT_CACHE */
wolfSSL 15:117db924cf7c 10049 #endif /* !NO_CERTS */
wolfSSL 15:117db924cf7c 10050
wolfSSL 15:117db924cf7c 10051
wolfSSL 15:117db924cf7c 10052 #ifndef NO_SESSION_CACHE
wolfSSL 15:117db924cf7c 10053
wolfSSL 16:8e0d178b1d1e 10054 WOLFSSL_ABI
wolfSSL 15:117db924cf7c 10055 WOLFSSL_SESSION* wolfSSL_get_session(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 10056 {
wolfSSL 15:117db924cf7c 10057 WOLFSSL_ENTER("SSL_get_session");
wolfSSL 15:117db924cf7c 10058 if (ssl)
wolfSSL 16:8e0d178b1d1e 10059 return GetSession(ssl, 0, 1);
wolfSSL 16:8e0d178b1d1e 10060
wolfSSL 16:8e0d178b1d1e 10061 return NULL;
wolfSSL 16:8e0d178b1d1e 10062 }
wolfSSL 16:8e0d178b1d1e 10063
wolfSSL 16:8e0d178b1d1e 10064
wolfSSL 16:8e0d178b1d1e 10065 WOLFSSL_ABI
wolfSSL 15:117db924cf7c 10066 int wolfSSL_set_session(WOLFSSL* ssl, WOLFSSL_SESSION* session)
wolfSSL 15:117db924cf7c 10067 {
wolfSSL 15:117db924cf7c 10068 WOLFSSL_ENTER("SSL_set_session");
wolfSSL 15:117db924cf7c 10069 if (session)
wolfSSL 15:117db924cf7c 10070 return SetSession(ssl, session);
wolfSSL 15:117db924cf7c 10071
wolfSSL 15:117db924cf7c 10072 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 10073 }
wolfSSL 15:117db924cf7c 10074
wolfSSL 15:117db924cf7c 10075
wolfSSL 15:117db924cf7c 10076 #ifndef NO_CLIENT_CACHE
wolfSSL 15:117db924cf7c 10077
wolfSSL 15:117db924cf7c 10078 /* Associate client session with serverID, find existing or store for saving
wolfSSL 15:117db924cf7c 10079 if newSession flag on, don't reuse existing session
wolfSSL 15:117db924cf7c 10080 WOLFSSL_SUCCESS on ok */
wolfSSL 15:117db924cf7c 10081 int wolfSSL_SetServerID(WOLFSSL* ssl, const byte* id, int len, int newSession)
wolfSSL 15:117db924cf7c 10082 {
wolfSSL 15:117db924cf7c 10083 WOLFSSL_SESSION* session = NULL;
wolfSSL 15:117db924cf7c 10084
wolfSSL 15:117db924cf7c 10085 WOLFSSL_ENTER("wolfSSL_SetServerID");
wolfSSL 15:117db924cf7c 10086
wolfSSL 15:117db924cf7c 10087 if (ssl == NULL || id == NULL || len <= 0)
wolfSSL 15:117db924cf7c 10088 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 10089
wolfSSL 15:117db924cf7c 10090 if (newSession == 0) {
wolfSSL 15:117db924cf7c 10091 session = GetSessionClient(ssl, id, len);
wolfSSL 15:117db924cf7c 10092 if (session) {
wolfSSL 15:117db924cf7c 10093 if (SetSession(ssl, session) != WOLFSSL_SUCCESS) {
wolfSSL 15:117db924cf7c 10094 #ifdef HAVE_EXT_CACHE
wolfSSL 15:117db924cf7c 10095 wolfSSL_SESSION_free(session);
wolfSSL 15:117db924cf7c 10096 #endif
wolfSSL 15:117db924cf7c 10097 WOLFSSL_MSG("SetSession failed");
wolfSSL 15:117db924cf7c 10098 session = NULL;
wolfSSL 15:117db924cf7c 10099 }
wolfSSL 15:117db924cf7c 10100 }
wolfSSL 15:117db924cf7c 10101 }
wolfSSL 15:117db924cf7c 10102
wolfSSL 15:117db924cf7c 10103 if (session == NULL) {
wolfSSL 15:117db924cf7c 10104 WOLFSSL_MSG("Valid ServerID not cached already");
wolfSSL 15:117db924cf7c 10105
wolfSSL 15:117db924cf7c 10106 ssl->session.idLen = (word16)min(SERVER_ID_LEN, (word32)len);
wolfSSL 15:117db924cf7c 10107 XMEMCPY(ssl->session.serverID, id, ssl->session.idLen);
wolfSSL 15:117db924cf7c 10108 }
wolfSSL 15:117db924cf7c 10109 #ifdef HAVE_EXT_CACHE
wolfSSL 15:117db924cf7c 10110 else
wolfSSL 15:117db924cf7c 10111 wolfSSL_SESSION_free(session);
wolfSSL 15:117db924cf7c 10112 #endif
wolfSSL 15:117db924cf7c 10113
wolfSSL 15:117db924cf7c 10114 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 10115 }
wolfSSL 15:117db924cf7c 10116
wolfSSL 15:117db924cf7c 10117 #endif /* NO_CLIENT_CACHE */
wolfSSL 15:117db924cf7c 10118
wolfSSL 15:117db924cf7c 10119 #if defined(PERSIST_SESSION_CACHE)
wolfSSL 15:117db924cf7c 10120
wolfSSL 15:117db924cf7c 10121 /* for persistence, if changes to layout need to increment and modify
wolfSSL 15:117db924cf7c 10122 save_session_cache() and restore_session_cache and memory versions too */
wolfSSL 15:117db924cf7c 10123 #define WOLFSSL_CACHE_VERSION 2
wolfSSL 15:117db924cf7c 10124
wolfSSL 15:117db924cf7c 10125 /* Session Cache Header information */
wolfSSL 15:117db924cf7c 10126 typedef struct {
wolfSSL 15:117db924cf7c 10127 int version; /* cache layout version id */
wolfSSL 15:117db924cf7c 10128 int rows; /* session rows */
wolfSSL 15:117db924cf7c 10129 int columns; /* session columns */
wolfSSL 15:117db924cf7c 10130 int sessionSz; /* sizeof WOLFSSL_SESSION */
wolfSSL 15:117db924cf7c 10131 } cache_header_t;
wolfSSL 15:117db924cf7c 10132
wolfSSL 15:117db924cf7c 10133 /* current persistence layout is:
wolfSSL 15:117db924cf7c 10134
wolfSSL 15:117db924cf7c 10135 1) cache_header_t
wolfSSL 15:117db924cf7c 10136 2) SessionCache
wolfSSL 15:117db924cf7c 10137 3) ClientCache
wolfSSL 15:117db924cf7c 10138
wolfSSL 15:117db924cf7c 10139 update WOLFSSL_CACHE_VERSION if change layout for the following
wolfSSL 15:117db924cf7c 10140 PERSISTENT_SESSION_CACHE functions
wolfSSL 15:117db924cf7c 10141 */
wolfSSL 15:117db924cf7c 10142
wolfSSL 15:117db924cf7c 10143
wolfSSL 15:117db924cf7c 10144 /* get how big the the session cache save buffer needs to be */
wolfSSL 15:117db924cf7c 10145 int wolfSSL_get_session_cache_memsize(void)
wolfSSL 15:117db924cf7c 10146 {
wolfSSL 15:117db924cf7c 10147 int sz = (int)(sizeof(SessionCache) + sizeof(cache_header_t));
wolfSSL 15:117db924cf7c 10148
wolfSSL 15:117db924cf7c 10149 #ifndef NO_CLIENT_CACHE
wolfSSL 15:117db924cf7c 10150 sz += (int)(sizeof(ClientCache));
wolfSSL 15:117db924cf7c 10151 #endif
wolfSSL 15:117db924cf7c 10152
wolfSSL 15:117db924cf7c 10153 return sz;
wolfSSL 15:117db924cf7c 10154 }
wolfSSL 15:117db924cf7c 10155
wolfSSL 15:117db924cf7c 10156
wolfSSL 15:117db924cf7c 10157 /* Persist session cache to memory */
wolfSSL 15:117db924cf7c 10158 int wolfSSL_memsave_session_cache(void* mem, int sz)
wolfSSL 15:117db924cf7c 10159 {
wolfSSL 15:117db924cf7c 10160 int i;
wolfSSL 15:117db924cf7c 10161 cache_header_t cache_header;
wolfSSL 15:117db924cf7c 10162 SessionRow* row = (SessionRow*)((byte*)mem + sizeof(cache_header));
wolfSSL 15:117db924cf7c 10163 #ifndef NO_CLIENT_CACHE
wolfSSL 15:117db924cf7c 10164 ClientRow* clRow;
wolfSSL 15:117db924cf7c 10165 #endif
wolfSSL 15:117db924cf7c 10166
wolfSSL 15:117db924cf7c 10167 WOLFSSL_ENTER("wolfSSL_memsave_session_cache");
wolfSSL 15:117db924cf7c 10168
wolfSSL 15:117db924cf7c 10169 if (sz < wolfSSL_get_session_cache_memsize()) {
wolfSSL 15:117db924cf7c 10170 WOLFSSL_MSG("Memory buffer too small");
wolfSSL 15:117db924cf7c 10171 return BUFFER_E;
wolfSSL 15:117db924cf7c 10172 }
wolfSSL 15:117db924cf7c 10173
wolfSSL 15:117db924cf7c 10174 cache_header.version = WOLFSSL_CACHE_VERSION;
wolfSSL 15:117db924cf7c 10175 cache_header.rows = SESSION_ROWS;
wolfSSL 15:117db924cf7c 10176 cache_header.columns = SESSIONS_PER_ROW;
wolfSSL 15:117db924cf7c 10177 cache_header.sessionSz = (int)sizeof(WOLFSSL_SESSION);
wolfSSL 15:117db924cf7c 10178 XMEMCPY(mem, &cache_header, sizeof(cache_header));
wolfSSL 15:117db924cf7c 10179
wolfSSL 15:117db924cf7c 10180 if (wc_LockMutex(&session_mutex) != 0) {
wolfSSL 15:117db924cf7c 10181 WOLFSSL_MSG("Session cache mutex lock failed");
wolfSSL 15:117db924cf7c 10182 return BAD_MUTEX_E;
wolfSSL 15:117db924cf7c 10183 }
wolfSSL 15:117db924cf7c 10184
wolfSSL 15:117db924cf7c 10185 for (i = 0; i < cache_header.rows; ++i)
wolfSSL 15:117db924cf7c 10186 XMEMCPY(row++, SessionCache + i, sizeof(SessionRow));
wolfSSL 15:117db924cf7c 10187
wolfSSL 15:117db924cf7c 10188 #ifndef NO_CLIENT_CACHE
wolfSSL 15:117db924cf7c 10189 clRow = (ClientRow*)row;
wolfSSL 15:117db924cf7c 10190 for (i = 0; i < cache_header.rows; ++i)
wolfSSL 15:117db924cf7c 10191 XMEMCPY(clRow++, ClientCache + i, sizeof(ClientRow));
wolfSSL 15:117db924cf7c 10192 #endif
wolfSSL 15:117db924cf7c 10193
wolfSSL 15:117db924cf7c 10194 wc_UnLockMutex(&session_mutex);
wolfSSL 15:117db924cf7c 10195
wolfSSL 15:117db924cf7c 10196 WOLFSSL_LEAVE("wolfSSL_memsave_session_cache", WOLFSSL_SUCCESS);
wolfSSL 15:117db924cf7c 10197
wolfSSL 15:117db924cf7c 10198 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 10199 }
wolfSSL 15:117db924cf7c 10200
wolfSSL 15:117db924cf7c 10201
wolfSSL 15:117db924cf7c 10202 /* Restore the persistent session cache from memory */
wolfSSL 15:117db924cf7c 10203 int wolfSSL_memrestore_session_cache(const void* mem, int sz)
wolfSSL 15:117db924cf7c 10204 {
wolfSSL 15:117db924cf7c 10205 int i;
wolfSSL 15:117db924cf7c 10206 cache_header_t cache_header;
wolfSSL 15:117db924cf7c 10207 SessionRow* row = (SessionRow*)((byte*)mem + sizeof(cache_header));
wolfSSL 15:117db924cf7c 10208 #ifndef NO_CLIENT_CACHE
wolfSSL 15:117db924cf7c 10209 ClientRow* clRow;
wolfSSL 15:117db924cf7c 10210 #endif
wolfSSL 15:117db924cf7c 10211
wolfSSL 15:117db924cf7c 10212 WOLFSSL_ENTER("wolfSSL_memrestore_session_cache");
wolfSSL 15:117db924cf7c 10213
wolfSSL 15:117db924cf7c 10214 if (sz < wolfSSL_get_session_cache_memsize()) {
wolfSSL 15:117db924cf7c 10215 WOLFSSL_MSG("Memory buffer too small");
wolfSSL 15:117db924cf7c 10216 return BUFFER_E;
wolfSSL 15:117db924cf7c 10217 }
wolfSSL 15:117db924cf7c 10218
wolfSSL 15:117db924cf7c 10219 XMEMCPY(&cache_header, mem, sizeof(cache_header));
wolfSSL 15:117db924cf7c 10220 if (cache_header.version != WOLFSSL_CACHE_VERSION ||
wolfSSL 15:117db924cf7c 10221 cache_header.rows != SESSION_ROWS ||
wolfSSL 15:117db924cf7c 10222 cache_header.columns != SESSIONS_PER_ROW ||
wolfSSL 15:117db924cf7c 10223 cache_header.sessionSz != (int)sizeof(WOLFSSL_SESSION)) {
wolfSSL 15:117db924cf7c 10224
wolfSSL 15:117db924cf7c 10225 WOLFSSL_MSG("Session cache header match failed");
wolfSSL 15:117db924cf7c 10226 return CACHE_MATCH_ERROR;
wolfSSL 15:117db924cf7c 10227 }
wolfSSL 15:117db924cf7c 10228
wolfSSL 15:117db924cf7c 10229 if (wc_LockMutex(&session_mutex) != 0) {
wolfSSL 15:117db924cf7c 10230 WOLFSSL_MSG("Session cache mutex lock failed");
wolfSSL 15:117db924cf7c 10231 return BAD_MUTEX_E;
wolfSSL 15:117db924cf7c 10232 }
wolfSSL 15:117db924cf7c 10233
wolfSSL 15:117db924cf7c 10234 for (i = 0; i < cache_header.rows; ++i)
wolfSSL 15:117db924cf7c 10235 XMEMCPY(SessionCache + i, row++, sizeof(SessionRow));
wolfSSL 15:117db924cf7c 10236
wolfSSL 15:117db924cf7c 10237 #ifndef NO_CLIENT_CACHE
wolfSSL 15:117db924cf7c 10238 clRow = (ClientRow*)row;
wolfSSL 15:117db924cf7c 10239 for (i = 0; i < cache_header.rows; ++i)
wolfSSL 15:117db924cf7c 10240 XMEMCPY(ClientCache + i, clRow++, sizeof(ClientRow));
wolfSSL 15:117db924cf7c 10241 #endif
wolfSSL 15:117db924cf7c 10242
wolfSSL 15:117db924cf7c 10243 wc_UnLockMutex(&session_mutex);
wolfSSL 15:117db924cf7c 10244
wolfSSL 15:117db924cf7c 10245 WOLFSSL_LEAVE("wolfSSL_memrestore_session_cache", WOLFSSL_SUCCESS);
wolfSSL 15:117db924cf7c 10246
wolfSSL 15:117db924cf7c 10247 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 10248 }
wolfSSL 15:117db924cf7c 10249
wolfSSL 15:117db924cf7c 10250 #if !defined(NO_FILESYSTEM)
wolfSSL 15:117db924cf7c 10251
wolfSSL 15:117db924cf7c 10252 /* Persist session cache to file */
wolfSSL 15:117db924cf7c 10253 /* doesn't use memsave because of additional memory use */
wolfSSL 15:117db924cf7c 10254 int wolfSSL_save_session_cache(const char *fname)
wolfSSL 15:117db924cf7c 10255 {
wolfSSL 15:117db924cf7c 10256 XFILE file;
wolfSSL 15:117db924cf7c 10257 int ret;
wolfSSL 15:117db924cf7c 10258 int rc = WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 10259 int i;
wolfSSL 15:117db924cf7c 10260 cache_header_t cache_header;
wolfSSL 15:117db924cf7c 10261
wolfSSL 15:117db924cf7c 10262 WOLFSSL_ENTER("wolfSSL_save_session_cache");
wolfSSL 15:117db924cf7c 10263
wolfSSL 15:117db924cf7c 10264 file = XFOPEN(fname, "w+b");
wolfSSL 15:117db924cf7c 10265 if (file == XBADFILE) {
wolfSSL 15:117db924cf7c 10266 WOLFSSL_MSG("Couldn't open session cache save file");
wolfSSL 15:117db924cf7c 10267 return WOLFSSL_BAD_FILE;
wolfSSL 15:117db924cf7c 10268 }
wolfSSL 15:117db924cf7c 10269 cache_header.version = WOLFSSL_CACHE_VERSION;
wolfSSL 15:117db924cf7c 10270 cache_header.rows = SESSION_ROWS;
wolfSSL 15:117db924cf7c 10271 cache_header.columns = SESSIONS_PER_ROW;
wolfSSL 15:117db924cf7c 10272 cache_header.sessionSz = (int)sizeof(WOLFSSL_SESSION);
wolfSSL 15:117db924cf7c 10273
wolfSSL 15:117db924cf7c 10274 /* cache header */
wolfSSL 15:117db924cf7c 10275 ret = (int)XFWRITE(&cache_header, sizeof cache_header, 1, file);
wolfSSL 15:117db924cf7c 10276 if (ret != 1) {
wolfSSL 15:117db924cf7c 10277 WOLFSSL_MSG("Session cache header file write failed");
wolfSSL 15:117db924cf7c 10278 XFCLOSE(file);
wolfSSL 15:117db924cf7c 10279 return FWRITE_ERROR;
wolfSSL 15:117db924cf7c 10280 }
wolfSSL 15:117db924cf7c 10281
wolfSSL 15:117db924cf7c 10282 if (wc_LockMutex(&session_mutex) != 0) {
wolfSSL 15:117db924cf7c 10283 WOLFSSL_MSG("Session cache mutex lock failed");
wolfSSL 15:117db924cf7c 10284 XFCLOSE(file);
wolfSSL 15:117db924cf7c 10285 return BAD_MUTEX_E;
wolfSSL 15:117db924cf7c 10286 }
wolfSSL 15:117db924cf7c 10287
wolfSSL 15:117db924cf7c 10288 /* session cache */
wolfSSL 15:117db924cf7c 10289 for (i = 0; i < cache_header.rows; ++i) {
wolfSSL 15:117db924cf7c 10290 ret = (int)XFWRITE(SessionCache + i, sizeof(SessionRow), 1, file);
wolfSSL 15:117db924cf7c 10291 if (ret != 1) {
wolfSSL 15:117db924cf7c 10292 WOLFSSL_MSG("Session cache member file write failed");
wolfSSL 15:117db924cf7c 10293 rc = FWRITE_ERROR;
wolfSSL 15:117db924cf7c 10294 break;
wolfSSL 15:117db924cf7c 10295 }
wolfSSL 15:117db924cf7c 10296 }
wolfSSL 15:117db924cf7c 10297
wolfSSL 15:117db924cf7c 10298 #ifndef NO_CLIENT_CACHE
wolfSSL 15:117db924cf7c 10299 /* client cache */
wolfSSL 15:117db924cf7c 10300 for (i = 0; i < cache_header.rows; ++i) {
wolfSSL 15:117db924cf7c 10301 ret = (int)XFWRITE(ClientCache + i, sizeof(ClientRow), 1, file);
wolfSSL 15:117db924cf7c 10302 if (ret != 1) {
wolfSSL 15:117db924cf7c 10303 WOLFSSL_MSG("Client cache member file write failed");
wolfSSL 15:117db924cf7c 10304 rc = FWRITE_ERROR;
wolfSSL 15:117db924cf7c 10305 break;
wolfSSL 15:117db924cf7c 10306 }
wolfSSL 15:117db924cf7c 10307 }
wolfSSL 15:117db924cf7c 10308 #endif /* NO_CLIENT_CACHE */
wolfSSL 15:117db924cf7c 10309
wolfSSL 15:117db924cf7c 10310 wc_UnLockMutex(&session_mutex);
wolfSSL 15:117db924cf7c 10311
wolfSSL 15:117db924cf7c 10312 XFCLOSE(file);
wolfSSL 15:117db924cf7c 10313 WOLFSSL_LEAVE("wolfSSL_save_session_cache", rc);
wolfSSL 15:117db924cf7c 10314
wolfSSL 15:117db924cf7c 10315 return rc;
wolfSSL 15:117db924cf7c 10316 }
wolfSSL 15:117db924cf7c 10317
wolfSSL 15:117db924cf7c 10318
wolfSSL 15:117db924cf7c 10319 /* Restore the persistent session cache from file */
wolfSSL 15:117db924cf7c 10320 /* doesn't use memstore because of additional memory use */
wolfSSL 15:117db924cf7c 10321 int wolfSSL_restore_session_cache(const char *fname)
wolfSSL 15:117db924cf7c 10322 {
wolfSSL 15:117db924cf7c 10323 XFILE file;
wolfSSL 15:117db924cf7c 10324 int rc = WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 10325 int ret;
wolfSSL 15:117db924cf7c 10326 int i;
wolfSSL 15:117db924cf7c 10327 cache_header_t cache_header;
wolfSSL 15:117db924cf7c 10328
wolfSSL 15:117db924cf7c 10329 WOLFSSL_ENTER("wolfSSL_restore_session_cache");
wolfSSL 15:117db924cf7c 10330
wolfSSL 15:117db924cf7c 10331 file = XFOPEN(fname, "rb");
wolfSSL 15:117db924cf7c 10332 if (file == XBADFILE) {
wolfSSL 15:117db924cf7c 10333 WOLFSSL_MSG("Couldn't open session cache save file");
wolfSSL 15:117db924cf7c 10334 return WOLFSSL_BAD_FILE;
wolfSSL 15:117db924cf7c 10335 }
wolfSSL 15:117db924cf7c 10336 /* cache header */
wolfSSL 15:117db924cf7c 10337 ret = (int)XFREAD(&cache_header, sizeof cache_header, 1, file);
wolfSSL 15:117db924cf7c 10338 if (ret != 1) {
wolfSSL 15:117db924cf7c 10339 WOLFSSL_MSG("Session cache header file read failed");
wolfSSL 15:117db924cf7c 10340 XFCLOSE(file);
wolfSSL 15:117db924cf7c 10341 return FREAD_ERROR;
wolfSSL 15:117db924cf7c 10342 }
wolfSSL 15:117db924cf7c 10343 if (cache_header.version != WOLFSSL_CACHE_VERSION ||
wolfSSL 15:117db924cf7c 10344 cache_header.rows != SESSION_ROWS ||
wolfSSL 15:117db924cf7c 10345 cache_header.columns != SESSIONS_PER_ROW ||
wolfSSL 15:117db924cf7c 10346 cache_header.sessionSz != (int)sizeof(WOLFSSL_SESSION)) {
wolfSSL 15:117db924cf7c 10347
wolfSSL 15:117db924cf7c 10348 WOLFSSL_MSG("Session cache header match failed");
wolfSSL 15:117db924cf7c 10349 XFCLOSE(file);
wolfSSL 15:117db924cf7c 10350 return CACHE_MATCH_ERROR;
wolfSSL 15:117db924cf7c 10351 }
wolfSSL 15:117db924cf7c 10352
wolfSSL 15:117db924cf7c 10353 if (wc_LockMutex(&session_mutex) != 0) {
wolfSSL 15:117db924cf7c 10354 WOLFSSL_MSG("Session cache mutex lock failed");
wolfSSL 15:117db924cf7c 10355 XFCLOSE(file);
wolfSSL 15:117db924cf7c 10356 return BAD_MUTEX_E;
wolfSSL 15:117db924cf7c 10357 }
wolfSSL 15:117db924cf7c 10358
wolfSSL 15:117db924cf7c 10359 /* session cache */
wolfSSL 15:117db924cf7c 10360 for (i = 0; i < cache_header.rows; ++i) {
wolfSSL 15:117db924cf7c 10361 ret = (int)XFREAD(SessionCache + i, sizeof(SessionRow), 1, file);
wolfSSL 15:117db924cf7c 10362 if (ret != 1) {
wolfSSL 15:117db924cf7c 10363 WOLFSSL_MSG("Session cache member file read failed");
wolfSSL 15:117db924cf7c 10364 XMEMSET(SessionCache, 0, sizeof SessionCache);
wolfSSL 15:117db924cf7c 10365 rc = FREAD_ERROR;
wolfSSL 15:117db924cf7c 10366 break;
wolfSSL 15:117db924cf7c 10367 }
wolfSSL 15:117db924cf7c 10368 }
wolfSSL 15:117db924cf7c 10369
wolfSSL 15:117db924cf7c 10370 #ifndef NO_CLIENT_CACHE
wolfSSL 15:117db924cf7c 10371 /* client cache */
wolfSSL 15:117db924cf7c 10372 for (i = 0; i < cache_header.rows; ++i) {
wolfSSL 15:117db924cf7c 10373 ret = (int)XFREAD(ClientCache + i, sizeof(ClientRow), 1, file);
wolfSSL 15:117db924cf7c 10374 if (ret != 1) {
wolfSSL 15:117db924cf7c 10375 WOLFSSL_MSG("Client cache member file read failed");
wolfSSL 15:117db924cf7c 10376 XMEMSET(ClientCache, 0, sizeof ClientCache);
wolfSSL 15:117db924cf7c 10377 rc = FREAD_ERROR;
wolfSSL 15:117db924cf7c 10378 break;
wolfSSL 15:117db924cf7c 10379 }
wolfSSL 15:117db924cf7c 10380 }
wolfSSL 15:117db924cf7c 10381
wolfSSL 15:117db924cf7c 10382 #endif /* NO_CLIENT_CACHE */
wolfSSL 15:117db924cf7c 10383
wolfSSL 15:117db924cf7c 10384 wc_UnLockMutex(&session_mutex);
wolfSSL 15:117db924cf7c 10385
wolfSSL 15:117db924cf7c 10386 XFCLOSE(file);
wolfSSL 15:117db924cf7c 10387 WOLFSSL_LEAVE("wolfSSL_restore_session_cache", rc);
wolfSSL 15:117db924cf7c 10388
wolfSSL 15:117db924cf7c 10389 return rc;
wolfSSL 15:117db924cf7c 10390 }
wolfSSL 15:117db924cf7c 10391
wolfSSL 15:117db924cf7c 10392 #endif /* !NO_FILESYSTEM */
wolfSSL 15:117db924cf7c 10393 #endif /* PERSIST_SESSION_CACHE */
wolfSSL 15:117db924cf7c 10394 #endif /* NO_SESSION_CACHE */
wolfSSL 15:117db924cf7c 10395
wolfSSL 15:117db924cf7c 10396
wolfSSL 15:117db924cf7c 10397 void wolfSSL_load_error_strings(void) /* compatibility only */
wolfSSL 15:117db924cf7c 10398 {}
wolfSSL 15:117db924cf7c 10399
wolfSSL 15:117db924cf7c 10400
wolfSSL 15:117db924cf7c 10401 int wolfSSL_library_init(void)
wolfSSL 15:117db924cf7c 10402 {
wolfSSL 15:117db924cf7c 10403 WOLFSSL_ENTER("SSL_library_init");
wolfSSL 15:117db924cf7c 10404 if (wolfSSL_Init() == WOLFSSL_SUCCESS)
wolfSSL 15:117db924cf7c 10405 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 10406 else
wolfSSL 15:117db924cf7c 10407 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 10408 }
wolfSSL 15:117db924cf7c 10409
wolfSSL 15:117db924cf7c 10410
wolfSSL 15:117db924cf7c 10411 #ifdef HAVE_SECRET_CALLBACK
wolfSSL 15:117db924cf7c 10412
wolfSSL 15:117db924cf7c 10413 int wolfSSL_set_session_secret_cb(WOLFSSL* ssl, SessionSecretCb cb, void* ctx)
wolfSSL 15:117db924cf7c 10414 {
wolfSSL 15:117db924cf7c 10415 WOLFSSL_ENTER("wolfSSL_set_session_secret_cb");
wolfSSL 15:117db924cf7c 10416 if (ssl == NULL)
wolfSSL 15:117db924cf7c 10417 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 10418
wolfSSL 15:117db924cf7c 10419 ssl->sessionSecretCb = cb;
wolfSSL 15:117db924cf7c 10420 ssl->sessionSecretCtx = ctx;
wolfSSL 15:117db924cf7c 10421 /* If using a pre-set key, assume session resumption. */
wolfSSL 15:117db924cf7c 10422 ssl->session.sessionIDSz = 0;
wolfSSL 15:117db924cf7c 10423 ssl->options.resuming = 1;
wolfSSL 15:117db924cf7c 10424
wolfSSL 15:117db924cf7c 10425 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 10426 }
wolfSSL 15:117db924cf7c 10427
wolfSSL 15:117db924cf7c 10428 #endif
wolfSSL 15:117db924cf7c 10429
wolfSSL 15:117db924cf7c 10430
wolfSSL 15:117db924cf7c 10431 #ifndef NO_SESSION_CACHE
wolfSSL 15:117db924cf7c 10432
wolfSSL 15:117db924cf7c 10433 /* on by default if built in but allow user to turn off */
wolfSSL 16:8e0d178b1d1e 10434 WOLFSSL_ABI
wolfSSL 15:117db924cf7c 10435 long wolfSSL_CTX_set_session_cache_mode(WOLFSSL_CTX* ctx, long mode)
wolfSSL 15:117db924cf7c 10436 {
wolfSSL 15:117db924cf7c 10437 WOLFSSL_ENTER("SSL_CTX_set_session_cache_mode");
wolfSSL 15:117db924cf7c 10438 if (mode == WOLFSSL_SESS_CACHE_OFF)
wolfSSL 15:117db924cf7c 10439 ctx->sessionCacheOff = 1;
wolfSSL 15:117db924cf7c 10440
wolfSSL 15:117db924cf7c 10441 if ((mode & WOLFSSL_SESS_CACHE_NO_AUTO_CLEAR) != 0)
wolfSSL 15:117db924cf7c 10442 ctx->sessionCacheFlushOff = 1;
wolfSSL 15:117db924cf7c 10443
wolfSSL 15:117db924cf7c 10444 #ifdef HAVE_EXT_CACHE
wolfSSL 15:117db924cf7c 10445 if ((mode & WOLFSSL_SESS_CACHE_NO_INTERNAL_STORE) != 0)
wolfSSL 15:117db924cf7c 10446 ctx->internalCacheOff = 1;
wolfSSL 15:117db924cf7c 10447 #endif
wolfSSL 15:117db924cf7c 10448
wolfSSL 15:117db924cf7c 10449 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 10450 }
wolfSSL 15:117db924cf7c 10451
wolfSSL 15:117db924cf7c 10452 #endif /* NO_SESSION_CACHE */
wolfSSL 15:117db924cf7c 10453
wolfSSL 15:117db924cf7c 10454
wolfSSL 15:117db924cf7c 10455 #if !defined(NO_CERTS)
wolfSSL 15:117db924cf7c 10456 #if defined(PERSIST_CERT_CACHE)
wolfSSL 15:117db924cf7c 10457
wolfSSL 15:117db924cf7c 10458
wolfSSL 15:117db924cf7c 10459 #define WOLFSSL_CACHE_CERT_VERSION 1
wolfSSL 15:117db924cf7c 10460
wolfSSL 15:117db924cf7c 10461 typedef struct {
wolfSSL 15:117db924cf7c 10462 int version; /* cache cert layout version id */
wolfSSL 15:117db924cf7c 10463 int rows; /* hash table rows, CA_TABLE_SIZE */
wolfSSL 15:117db924cf7c 10464 int columns[CA_TABLE_SIZE]; /* columns per row on list */
wolfSSL 15:117db924cf7c 10465 int signerSz; /* sizeof Signer object */
wolfSSL 15:117db924cf7c 10466 } CertCacheHeader;
wolfSSL 15:117db924cf7c 10467
wolfSSL 15:117db924cf7c 10468 /* current cert persistence layout is:
wolfSSL 15:117db924cf7c 10469
wolfSSL 15:117db924cf7c 10470 1) CertCacheHeader
wolfSSL 15:117db924cf7c 10471 2) caTable
wolfSSL 15:117db924cf7c 10472
wolfSSL 15:117db924cf7c 10473 update WOLFSSL_CERT_CACHE_VERSION if change layout for the following
wolfSSL 15:117db924cf7c 10474 PERSIST_CERT_CACHE functions
wolfSSL 15:117db924cf7c 10475 */
wolfSSL 15:117db924cf7c 10476
wolfSSL 15:117db924cf7c 10477
wolfSSL 15:117db924cf7c 10478 /* Return memory needed to persist this signer, have lock */
wolfSSL 15:117db924cf7c 10479 static WC_INLINE int GetSignerMemory(Signer* signer)
wolfSSL 15:117db924cf7c 10480 {
wolfSSL 15:117db924cf7c 10481 int sz = sizeof(signer->pubKeySize) + sizeof(signer->keyOID)
wolfSSL 15:117db924cf7c 10482 + sizeof(signer->nameLen) + sizeof(signer->subjectNameHash);
wolfSSL 15:117db924cf7c 10483
wolfSSL 15:117db924cf7c 10484 #if !defined(NO_SKID)
wolfSSL 15:117db924cf7c 10485 sz += (int)sizeof(signer->subjectKeyIdHash);
wolfSSL 15:117db924cf7c 10486 #endif
wolfSSL 15:117db924cf7c 10487
wolfSSL 15:117db924cf7c 10488 /* add dynamic bytes needed */
wolfSSL 15:117db924cf7c 10489 sz += signer->pubKeySize;
wolfSSL 15:117db924cf7c 10490 sz += signer->nameLen;
wolfSSL 15:117db924cf7c 10491
wolfSSL 15:117db924cf7c 10492 return sz;
wolfSSL 15:117db924cf7c 10493 }
wolfSSL 15:117db924cf7c 10494
wolfSSL 15:117db924cf7c 10495
wolfSSL 15:117db924cf7c 10496 /* Return memory needed to persist this row, have lock */
wolfSSL 15:117db924cf7c 10497 static WC_INLINE int GetCertCacheRowMemory(Signer* row)
wolfSSL 15:117db924cf7c 10498 {
wolfSSL 15:117db924cf7c 10499 int sz = 0;
wolfSSL 15:117db924cf7c 10500
wolfSSL 15:117db924cf7c 10501 while (row) {
wolfSSL 15:117db924cf7c 10502 sz += GetSignerMemory(row);
wolfSSL 15:117db924cf7c 10503 row = row->next;
wolfSSL 15:117db924cf7c 10504 }
wolfSSL 15:117db924cf7c 10505
wolfSSL 15:117db924cf7c 10506 return sz;
wolfSSL 15:117db924cf7c 10507 }
wolfSSL 15:117db924cf7c 10508
wolfSSL 15:117db924cf7c 10509
wolfSSL 15:117db924cf7c 10510 /* get the size of persist cert cache, have lock */
wolfSSL 15:117db924cf7c 10511 static WC_INLINE int GetCertCacheMemSize(WOLFSSL_CERT_MANAGER* cm)
wolfSSL 15:117db924cf7c 10512 {
wolfSSL 15:117db924cf7c 10513 int sz;
wolfSSL 15:117db924cf7c 10514 int i;
wolfSSL 15:117db924cf7c 10515
wolfSSL 15:117db924cf7c 10516 sz = sizeof(CertCacheHeader);
wolfSSL 15:117db924cf7c 10517
wolfSSL 15:117db924cf7c 10518 for (i = 0; i < CA_TABLE_SIZE; i++)
wolfSSL 15:117db924cf7c 10519 sz += GetCertCacheRowMemory(cm->caTable[i]);
wolfSSL 15:117db924cf7c 10520
wolfSSL 15:117db924cf7c 10521 return sz;
wolfSSL 15:117db924cf7c 10522 }
wolfSSL 15:117db924cf7c 10523
wolfSSL 15:117db924cf7c 10524
wolfSSL 15:117db924cf7c 10525 /* Store cert cache header columns with number of items per list, have lock */
wolfSSL 15:117db924cf7c 10526 static WC_INLINE void SetCertHeaderColumns(WOLFSSL_CERT_MANAGER* cm, int* columns)
wolfSSL 15:117db924cf7c 10527 {
wolfSSL 15:117db924cf7c 10528 int i;
wolfSSL 15:117db924cf7c 10529 Signer* row;
wolfSSL 15:117db924cf7c 10530
wolfSSL 15:117db924cf7c 10531 for (i = 0; i < CA_TABLE_SIZE; i++) {
wolfSSL 15:117db924cf7c 10532 int count = 0;
wolfSSL 15:117db924cf7c 10533 row = cm->caTable[i];
wolfSSL 15:117db924cf7c 10534
wolfSSL 15:117db924cf7c 10535 while (row) {
wolfSSL 15:117db924cf7c 10536 ++count;
wolfSSL 15:117db924cf7c 10537 row = row->next;
wolfSSL 15:117db924cf7c 10538 }
wolfSSL 15:117db924cf7c 10539 columns[i] = count;
wolfSSL 15:117db924cf7c 10540 }
wolfSSL 15:117db924cf7c 10541 }
wolfSSL 15:117db924cf7c 10542
wolfSSL 15:117db924cf7c 10543
wolfSSL 15:117db924cf7c 10544 /* Restore whole cert row from memory, have lock, return bytes consumed,
wolfSSL 15:117db924cf7c 10545 < 0 on error, have lock */
wolfSSL 15:117db924cf7c 10546 static WC_INLINE int RestoreCertRow(WOLFSSL_CERT_MANAGER* cm, byte* current,
wolfSSL 15:117db924cf7c 10547 int row, int listSz, const byte* end)
wolfSSL 15:117db924cf7c 10548 {
wolfSSL 15:117db924cf7c 10549 int idx = 0;
wolfSSL 15:117db924cf7c 10550
wolfSSL 15:117db924cf7c 10551 if (listSz < 0) {
wolfSSL 15:117db924cf7c 10552 WOLFSSL_MSG("Row header corrupted, negative value");
wolfSSL 15:117db924cf7c 10553 return PARSE_ERROR;
wolfSSL 15:117db924cf7c 10554 }
wolfSSL 15:117db924cf7c 10555
wolfSSL 15:117db924cf7c 10556 while (listSz) {
wolfSSL 15:117db924cf7c 10557 Signer* signer;
wolfSSL 16:8e0d178b1d1e 10558 byte* publicKey;
wolfSSL 15:117db924cf7c 10559 byte* start = current + idx; /* for end checks on this signer */
wolfSSL 15:117db924cf7c 10560 int minSz = sizeof(signer->pubKeySize) + sizeof(signer->keyOID) +
wolfSSL 15:117db924cf7c 10561 sizeof(signer->nameLen) + sizeof(signer->subjectNameHash);
wolfSSL 15:117db924cf7c 10562 #ifndef NO_SKID
wolfSSL 15:117db924cf7c 10563 minSz += (int)sizeof(signer->subjectKeyIdHash);
wolfSSL 15:117db924cf7c 10564 #endif
wolfSSL 15:117db924cf7c 10565
wolfSSL 15:117db924cf7c 10566 if (start + minSz > end) {
wolfSSL 15:117db924cf7c 10567 WOLFSSL_MSG("Would overread restore buffer");
wolfSSL 15:117db924cf7c 10568 return BUFFER_E;
wolfSSL 15:117db924cf7c 10569 }
wolfSSL 15:117db924cf7c 10570 signer = MakeSigner(cm->heap);
wolfSSL 15:117db924cf7c 10571 if (signer == NULL)
wolfSSL 15:117db924cf7c 10572 return MEMORY_E;
wolfSSL 15:117db924cf7c 10573
wolfSSL 15:117db924cf7c 10574 /* pubKeySize */
wolfSSL 15:117db924cf7c 10575 XMEMCPY(&signer->pubKeySize, current + idx, sizeof(signer->pubKeySize));
wolfSSL 15:117db924cf7c 10576 idx += (int)sizeof(signer->pubKeySize);
wolfSSL 15:117db924cf7c 10577
wolfSSL 15:117db924cf7c 10578 /* keyOID */
wolfSSL 15:117db924cf7c 10579 XMEMCPY(&signer->keyOID, current + idx, sizeof(signer->keyOID));
wolfSSL 15:117db924cf7c 10580 idx += (int)sizeof(signer->keyOID);
wolfSSL 15:117db924cf7c 10581
wolfSSL 15:117db924cf7c 10582 /* pulicKey */
wolfSSL 15:117db924cf7c 10583 if (start + minSz + signer->pubKeySize > end) {
wolfSSL 15:117db924cf7c 10584 WOLFSSL_MSG("Would overread restore buffer");
wolfSSL 15:117db924cf7c 10585 FreeSigner(signer, cm->heap);
wolfSSL 15:117db924cf7c 10586 return BUFFER_E;
wolfSSL 15:117db924cf7c 10587 }
wolfSSL 16:8e0d178b1d1e 10588 publicKey = (byte*)XMALLOC(signer->pubKeySize, cm->heap,
wolfSSL 16:8e0d178b1d1e 10589 DYNAMIC_TYPE_KEY);
wolfSSL 16:8e0d178b1d1e 10590 if (publicKey == NULL) {
wolfSSL 15:117db924cf7c 10591 FreeSigner(signer, cm->heap);
wolfSSL 15:117db924cf7c 10592 return MEMORY_E;
wolfSSL 15:117db924cf7c 10593 }
wolfSSL 15:117db924cf7c 10594
wolfSSL 16:8e0d178b1d1e 10595 XMEMCPY(publicKey, current + idx, signer->pubKeySize);
wolfSSL 16:8e0d178b1d1e 10596 signer->publicKey = publicKey;
wolfSSL 15:117db924cf7c 10597 idx += signer->pubKeySize;
wolfSSL 15:117db924cf7c 10598
wolfSSL 15:117db924cf7c 10599 /* nameLen */
wolfSSL 15:117db924cf7c 10600 XMEMCPY(&signer->nameLen, current + idx, sizeof(signer->nameLen));
wolfSSL 15:117db924cf7c 10601 idx += (int)sizeof(signer->nameLen);
wolfSSL 15:117db924cf7c 10602
wolfSSL 15:117db924cf7c 10603 /* name */
wolfSSL 15:117db924cf7c 10604 if (start + minSz + signer->pubKeySize + signer->nameLen > end) {
wolfSSL 15:117db924cf7c 10605 WOLFSSL_MSG("Would overread restore buffer");
wolfSSL 15:117db924cf7c 10606 FreeSigner(signer, cm->heap);
wolfSSL 15:117db924cf7c 10607 return BUFFER_E;
wolfSSL 15:117db924cf7c 10608 }
wolfSSL 15:117db924cf7c 10609 signer->name = (char*)XMALLOC(signer->nameLen, cm->heap,
wolfSSL 15:117db924cf7c 10610 DYNAMIC_TYPE_SUBJECT_CN);
wolfSSL 15:117db924cf7c 10611 if (signer->name == NULL) {
wolfSSL 15:117db924cf7c 10612 FreeSigner(signer, cm->heap);
wolfSSL 15:117db924cf7c 10613 return MEMORY_E;
wolfSSL 15:117db924cf7c 10614 }
wolfSSL 15:117db924cf7c 10615
wolfSSL 15:117db924cf7c 10616 XMEMCPY(signer->name, current + idx, signer->nameLen);
wolfSSL 15:117db924cf7c 10617 idx += signer->nameLen;
wolfSSL 15:117db924cf7c 10618
wolfSSL 15:117db924cf7c 10619 /* subjectNameHash */
wolfSSL 15:117db924cf7c 10620 XMEMCPY(signer->subjectNameHash, current + idx, SIGNER_DIGEST_SIZE);
wolfSSL 15:117db924cf7c 10621 idx += SIGNER_DIGEST_SIZE;
wolfSSL 15:117db924cf7c 10622
wolfSSL 15:117db924cf7c 10623 #ifndef NO_SKID
wolfSSL 15:117db924cf7c 10624 /* subjectKeyIdHash */
wolfSSL 15:117db924cf7c 10625 XMEMCPY(signer->subjectKeyIdHash, current + idx,SIGNER_DIGEST_SIZE);
wolfSSL 15:117db924cf7c 10626 idx += SIGNER_DIGEST_SIZE;
wolfSSL 15:117db924cf7c 10627 #endif
wolfSSL 15:117db924cf7c 10628
wolfSSL 15:117db924cf7c 10629 signer->next = cm->caTable[row];
wolfSSL 15:117db924cf7c 10630 cm->caTable[row] = signer;
wolfSSL 15:117db924cf7c 10631
wolfSSL 15:117db924cf7c 10632 --listSz;
wolfSSL 15:117db924cf7c 10633 }
wolfSSL 15:117db924cf7c 10634
wolfSSL 15:117db924cf7c 10635 return idx;
wolfSSL 15:117db924cf7c 10636 }
wolfSSL 15:117db924cf7c 10637
wolfSSL 15:117db924cf7c 10638
wolfSSL 15:117db924cf7c 10639 /* Store whole cert row into memory, have lock, return bytes added */
wolfSSL 15:117db924cf7c 10640 static WC_INLINE int StoreCertRow(WOLFSSL_CERT_MANAGER* cm, byte* current, int row)
wolfSSL 15:117db924cf7c 10641 {
wolfSSL 15:117db924cf7c 10642 int added = 0;
wolfSSL 15:117db924cf7c 10643 Signer* list = cm->caTable[row];
wolfSSL 15:117db924cf7c 10644
wolfSSL 15:117db924cf7c 10645 while (list) {
wolfSSL 15:117db924cf7c 10646 XMEMCPY(current + added, &list->pubKeySize, sizeof(list->pubKeySize));
wolfSSL 15:117db924cf7c 10647 added += (int)sizeof(list->pubKeySize);
wolfSSL 15:117db924cf7c 10648
wolfSSL 15:117db924cf7c 10649 XMEMCPY(current + added, &list->keyOID, sizeof(list->keyOID));
wolfSSL 15:117db924cf7c 10650 added += (int)sizeof(list->keyOID);
wolfSSL 15:117db924cf7c 10651
wolfSSL 15:117db924cf7c 10652 XMEMCPY(current + added, list->publicKey, list->pubKeySize);
wolfSSL 15:117db924cf7c 10653 added += list->pubKeySize;
wolfSSL 15:117db924cf7c 10654
wolfSSL 15:117db924cf7c 10655 XMEMCPY(current + added, &list->nameLen, sizeof(list->nameLen));
wolfSSL 15:117db924cf7c 10656 added += (int)sizeof(list->nameLen);
wolfSSL 15:117db924cf7c 10657
wolfSSL 15:117db924cf7c 10658 XMEMCPY(current + added, list->name, list->nameLen);
wolfSSL 15:117db924cf7c 10659 added += list->nameLen;
wolfSSL 15:117db924cf7c 10660
wolfSSL 15:117db924cf7c 10661 XMEMCPY(current + added, list->subjectNameHash, SIGNER_DIGEST_SIZE);
wolfSSL 15:117db924cf7c 10662 added += SIGNER_DIGEST_SIZE;
wolfSSL 15:117db924cf7c 10663
wolfSSL 15:117db924cf7c 10664 #ifndef NO_SKID
wolfSSL 15:117db924cf7c 10665 XMEMCPY(current + added, list->subjectKeyIdHash,SIGNER_DIGEST_SIZE);
wolfSSL 15:117db924cf7c 10666 added += SIGNER_DIGEST_SIZE;
wolfSSL 15:117db924cf7c 10667 #endif
wolfSSL 15:117db924cf7c 10668
wolfSSL 15:117db924cf7c 10669 list = list->next;
wolfSSL 15:117db924cf7c 10670 }
wolfSSL 15:117db924cf7c 10671
wolfSSL 15:117db924cf7c 10672 return added;
wolfSSL 15:117db924cf7c 10673 }
wolfSSL 15:117db924cf7c 10674
wolfSSL 15:117db924cf7c 10675
wolfSSL 15:117db924cf7c 10676 /* Persist cert cache to memory, have lock */
wolfSSL 15:117db924cf7c 10677 static WC_INLINE int DoMemSaveCertCache(WOLFSSL_CERT_MANAGER* cm,
wolfSSL 15:117db924cf7c 10678 void* mem, int sz)
wolfSSL 15:117db924cf7c 10679 {
wolfSSL 15:117db924cf7c 10680 int realSz;
wolfSSL 15:117db924cf7c 10681 int ret = WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 10682 int i;
wolfSSL 15:117db924cf7c 10683
wolfSSL 15:117db924cf7c 10684 WOLFSSL_ENTER("DoMemSaveCertCache");
wolfSSL 15:117db924cf7c 10685
wolfSSL 15:117db924cf7c 10686 realSz = GetCertCacheMemSize(cm);
wolfSSL 15:117db924cf7c 10687 if (realSz > sz) {
wolfSSL 15:117db924cf7c 10688 WOLFSSL_MSG("Mem output buffer too small");
wolfSSL 15:117db924cf7c 10689 ret = BUFFER_E;
wolfSSL 15:117db924cf7c 10690 }
wolfSSL 15:117db924cf7c 10691 else {
wolfSSL 15:117db924cf7c 10692 byte* current;
wolfSSL 15:117db924cf7c 10693 CertCacheHeader hdr;
wolfSSL 15:117db924cf7c 10694
wolfSSL 15:117db924cf7c 10695 hdr.version = WOLFSSL_CACHE_CERT_VERSION;
wolfSSL 15:117db924cf7c 10696 hdr.rows = CA_TABLE_SIZE;
wolfSSL 15:117db924cf7c 10697 SetCertHeaderColumns(cm, hdr.columns);
wolfSSL 15:117db924cf7c 10698 hdr.signerSz = (int)sizeof(Signer);
wolfSSL 15:117db924cf7c 10699
wolfSSL 15:117db924cf7c 10700 XMEMCPY(mem, &hdr, sizeof(CertCacheHeader));
wolfSSL 15:117db924cf7c 10701 current = (byte*)mem + sizeof(CertCacheHeader);
wolfSSL 15:117db924cf7c 10702
wolfSSL 15:117db924cf7c 10703 for (i = 0; i < CA_TABLE_SIZE; ++i)
wolfSSL 15:117db924cf7c 10704 current += StoreCertRow(cm, current, i);
wolfSSL 15:117db924cf7c 10705 }
wolfSSL 15:117db924cf7c 10706
wolfSSL 15:117db924cf7c 10707 return ret;
wolfSSL 15:117db924cf7c 10708 }
wolfSSL 15:117db924cf7c 10709
wolfSSL 15:117db924cf7c 10710
wolfSSL 15:117db924cf7c 10711 #if !defined(NO_FILESYSTEM)
wolfSSL 15:117db924cf7c 10712
wolfSSL 15:117db924cf7c 10713 /* Persist cert cache to file */
wolfSSL 15:117db924cf7c 10714 int CM_SaveCertCache(WOLFSSL_CERT_MANAGER* cm, const char* fname)
wolfSSL 15:117db924cf7c 10715 {
wolfSSL 15:117db924cf7c 10716 XFILE file;
wolfSSL 15:117db924cf7c 10717 int rc = WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 10718 int memSz;
wolfSSL 15:117db924cf7c 10719 byte* mem;
wolfSSL 15:117db924cf7c 10720
wolfSSL 15:117db924cf7c 10721 WOLFSSL_ENTER("CM_SaveCertCache");
wolfSSL 15:117db924cf7c 10722
wolfSSL 15:117db924cf7c 10723 file = XFOPEN(fname, "w+b");
wolfSSL 15:117db924cf7c 10724 if (file == XBADFILE) {
wolfSSL 15:117db924cf7c 10725 WOLFSSL_MSG("Couldn't open cert cache save file");
wolfSSL 15:117db924cf7c 10726 return WOLFSSL_BAD_FILE;
wolfSSL 15:117db924cf7c 10727 }
wolfSSL 15:117db924cf7c 10728
wolfSSL 15:117db924cf7c 10729 if (wc_LockMutex(&cm->caLock) != 0) {
wolfSSL 15:117db924cf7c 10730 WOLFSSL_MSG("wc_LockMutex on caLock failed");
wolfSSL 15:117db924cf7c 10731 XFCLOSE(file);
wolfSSL 15:117db924cf7c 10732 return BAD_MUTEX_E;
wolfSSL 15:117db924cf7c 10733 }
wolfSSL 15:117db924cf7c 10734
wolfSSL 15:117db924cf7c 10735 memSz = GetCertCacheMemSize(cm);
wolfSSL 15:117db924cf7c 10736 mem = (byte*)XMALLOC(memSz, cm->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 10737 if (mem == NULL) {
wolfSSL 15:117db924cf7c 10738 WOLFSSL_MSG("Alloc for tmp buffer failed");
wolfSSL 15:117db924cf7c 10739 rc = MEMORY_E;
wolfSSL 15:117db924cf7c 10740 } else {
wolfSSL 15:117db924cf7c 10741 rc = DoMemSaveCertCache(cm, mem, memSz);
wolfSSL 15:117db924cf7c 10742 if (rc == WOLFSSL_SUCCESS) {
wolfSSL 15:117db924cf7c 10743 int ret = (int)XFWRITE(mem, memSz, 1, file);
wolfSSL 15:117db924cf7c 10744 if (ret != 1) {
wolfSSL 15:117db924cf7c 10745 WOLFSSL_MSG("Cert cache file write failed");
wolfSSL 15:117db924cf7c 10746 rc = FWRITE_ERROR;
wolfSSL 15:117db924cf7c 10747 }
wolfSSL 15:117db924cf7c 10748 }
wolfSSL 15:117db924cf7c 10749 XFREE(mem, cm->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 10750 }
wolfSSL 15:117db924cf7c 10751
wolfSSL 15:117db924cf7c 10752 wc_UnLockMutex(&cm->caLock);
wolfSSL 15:117db924cf7c 10753 XFCLOSE(file);
wolfSSL 15:117db924cf7c 10754
wolfSSL 15:117db924cf7c 10755 return rc;
wolfSSL 15:117db924cf7c 10756 }
wolfSSL 15:117db924cf7c 10757
wolfSSL 15:117db924cf7c 10758
wolfSSL 15:117db924cf7c 10759 /* Restore cert cache from file */
wolfSSL 15:117db924cf7c 10760 int CM_RestoreCertCache(WOLFSSL_CERT_MANAGER* cm, const char* fname)
wolfSSL 15:117db924cf7c 10761 {
wolfSSL 15:117db924cf7c 10762 XFILE file;
wolfSSL 15:117db924cf7c 10763 int rc = WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 10764 int ret;
wolfSSL 15:117db924cf7c 10765 int memSz;
wolfSSL 15:117db924cf7c 10766 byte* mem;
wolfSSL 15:117db924cf7c 10767
wolfSSL 15:117db924cf7c 10768 WOLFSSL_ENTER("CM_RestoreCertCache");
wolfSSL 15:117db924cf7c 10769
wolfSSL 15:117db924cf7c 10770 file = XFOPEN(fname, "rb");
wolfSSL 15:117db924cf7c 10771 if (file == XBADFILE) {
wolfSSL 15:117db924cf7c 10772 WOLFSSL_MSG("Couldn't open cert cache save file");
wolfSSL 15:117db924cf7c 10773 return WOLFSSL_BAD_FILE;
wolfSSL 15:117db924cf7c 10774 }
wolfSSL 15:117db924cf7c 10775
wolfSSL 16:8e0d178b1d1e 10776 if(XFSEEK(file, 0, XSEEK_END) != 0) {
wolfSSL 16:8e0d178b1d1e 10777 XFCLOSE(file);
wolfSSL 16:8e0d178b1d1e 10778 return WOLFSSL_BAD_FILE;
wolfSSL 16:8e0d178b1d1e 10779 }
wolfSSL 15:117db924cf7c 10780 memSz = (int)XFTELL(file);
wolfSSL 15:117db924cf7c 10781 XREWIND(file);
wolfSSL 15:117db924cf7c 10782
wolfSSL 16:8e0d178b1d1e 10783 if (memSz > MAX_WOLFSSL_FILE_SIZE || memSz <= 0) {
wolfSSL 16:8e0d178b1d1e 10784 WOLFSSL_MSG("CM_RestoreCertCache file size error");
wolfSSL 15:117db924cf7c 10785 XFCLOSE(file);
wolfSSL 15:117db924cf7c 10786 return WOLFSSL_BAD_FILE;
wolfSSL 15:117db924cf7c 10787 }
wolfSSL 15:117db924cf7c 10788
wolfSSL 15:117db924cf7c 10789 mem = (byte*)XMALLOC(memSz, cm->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 10790 if (mem == NULL) {
wolfSSL 15:117db924cf7c 10791 WOLFSSL_MSG("Alloc for tmp buffer failed");
wolfSSL 15:117db924cf7c 10792 XFCLOSE(file);
wolfSSL 15:117db924cf7c 10793 return MEMORY_E;
wolfSSL 15:117db924cf7c 10794 }
wolfSSL 15:117db924cf7c 10795
wolfSSL 15:117db924cf7c 10796 ret = (int)XFREAD(mem, memSz, 1, file);
wolfSSL 15:117db924cf7c 10797 if (ret != 1) {
wolfSSL 15:117db924cf7c 10798 WOLFSSL_MSG("Cert file read error");
wolfSSL 15:117db924cf7c 10799 rc = FREAD_ERROR;
wolfSSL 15:117db924cf7c 10800 } else {
wolfSSL 15:117db924cf7c 10801 rc = CM_MemRestoreCertCache(cm, mem, memSz);
wolfSSL 15:117db924cf7c 10802 if (rc != WOLFSSL_SUCCESS) {
wolfSSL 15:117db924cf7c 10803 WOLFSSL_MSG("Mem restore cert cache failed");
wolfSSL 15:117db924cf7c 10804 }
wolfSSL 15:117db924cf7c 10805 }
wolfSSL 15:117db924cf7c 10806
wolfSSL 15:117db924cf7c 10807 XFREE(mem, cm->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 10808 XFCLOSE(file);
wolfSSL 15:117db924cf7c 10809
wolfSSL 15:117db924cf7c 10810 return rc;
wolfSSL 15:117db924cf7c 10811 }
wolfSSL 15:117db924cf7c 10812
wolfSSL 15:117db924cf7c 10813 #endif /* NO_FILESYSTEM */
wolfSSL 15:117db924cf7c 10814
wolfSSL 15:117db924cf7c 10815
wolfSSL 15:117db924cf7c 10816 /* Persist cert cache to memory */
wolfSSL 15:117db924cf7c 10817 int CM_MemSaveCertCache(WOLFSSL_CERT_MANAGER* cm, void* mem, int sz, int* used)
wolfSSL 15:117db924cf7c 10818 {
wolfSSL 15:117db924cf7c 10819 int ret = WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 10820
wolfSSL 15:117db924cf7c 10821 WOLFSSL_ENTER("CM_MemSaveCertCache");
wolfSSL 15:117db924cf7c 10822
wolfSSL 15:117db924cf7c 10823 if (wc_LockMutex(&cm->caLock) != 0) {
wolfSSL 15:117db924cf7c 10824 WOLFSSL_MSG("wc_LockMutex on caLock failed");
wolfSSL 15:117db924cf7c 10825 return BAD_MUTEX_E;
wolfSSL 15:117db924cf7c 10826 }
wolfSSL 15:117db924cf7c 10827
wolfSSL 15:117db924cf7c 10828 ret = DoMemSaveCertCache(cm, mem, sz);
wolfSSL 15:117db924cf7c 10829 if (ret == WOLFSSL_SUCCESS)
wolfSSL 15:117db924cf7c 10830 *used = GetCertCacheMemSize(cm);
wolfSSL 15:117db924cf7c 10831
wolfSSL 15:117db924cf7c 10832 wc_UnLockMutex(&cm->caLock);
wolfSSL 15:117db924cf7c 10833
wolfSSL 15:117db924cf7c 10834 return ret;
wolfSSL 15:117db924cf7c 10835 }
wolfSSL 15:117db924cf7c 10836
wolfSSL 15:117db924cf7c 10837
wolfSSL 15:117db924cf7c 10838 /* Restore cert cache from memory */
wolfSSL 15:117db924cf7c 10839 int CM_MemRestoreCertCache(WOLFSSL_CERT_MANAGER* cm, const void* mem, int sz)
wolfSSL 15:117db924cf7c 10840 {
wolfSSL 15:117db924cf7c 10841 int ret = WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 10842 int i;
wolfSSL 15:117db924cf7c 10843 CertCacheHeader* hdr = (CertCacheHeader*)mem;
wolfSSL 15:117db924cf7c 10844 byte* current = (byte*)mem + sizeof(CertCacheHeader);
wolfSSL 15:117db924cf7c 10845 byte* end = (byte*)mem + sz; /* don't go over */
wolfSSL 15:117db924cf7c 10846
wolfSSL 15:117db924cf7c 10847 WOLFSSL_ENTER("CM_MemRestoreCertCache");
wolfSSL 15:117db924cf7c 10848
wolfSSL 15:117db924cf7c 10849 if (current > end) {
wolfSSL 15:117db924cf7c 10850 WOLFSSL_MSG("Cert Cache Memory buffer too small");
wolfSSL 15:117db924cf7c 10851 return BUFFER_E;
wolfSSL 15:117db924cf7c 10852 }
wolfSSL 15:117db924cf7c 10853
wolfSSL 15:117db924cf7c 10854 if (hdr->version != WOLFSSL_CACHE_CERT_VERSION ||
wolfSSL 15:117db924cf7c 10855 hdr->rows != CA_TABLE_SIZE ||
wolfSSL 15:117db924cf7c 10856 hdr->signerSz != (int)sizeof(Signer)) {
wolfSSL 15:117db924cf7c 10857
wolfSSL 15:117db924cf7c 10858 WOLFSSL_MSG("Cert Cache Memory header mismatch");
wolfSSL 15:117db924cf7c 10859 return CACHE_MATCH_ERROR;
wolfSSL 15:117db924cf7c 10860 }
wolfSSL 15:117db924cf7c 10861
wolfSSL 15:117db924cf7c 10862 if (wc_LockMutex(&cm->caLock) != 0) {
wolfSSL 15:117db924cf7c 10863 WOLFSSL_MSG("wc_LockMutex on caLock failed");
wolfSSL 15:117db924cf7c 10864 return BAD_MUTEX_E;
wolfSSL 15:117db924cf7c 10865 }
wolfSSL 15:117db924cf7c 10866
wolfSSL 15:117db924cf7c 10867 FreeSignerTable(cm->caTable, CA_TABLE_SIZE, cm->heap);
wolfSSL 15:117db924cf7c 10868
wolfSSL 15:117db924cf7c 10869 for (i = 0; i < CA_TABLE_SIZE; ++i) {
wolfSSL 15:117db924cf7c 10870 int added = RestoreCertRow(cm, current, i, hdr->columns[i], end);
wolfSSL 15:117db924cf7c 10871 if (added < 0) {
wolfSSL 15:117db924cf7c 10872 WOLFSSL_MSG("RestoreCertRow error");
wolfSSL 15:117db924cf7c 10873 ret = added;
wolfSSL 15:117db924cf7c 10874 break;
wolfSSL 15:117db924cf7c 10875 }
wolfSSL 15:117db924cf7c 10876 current += added;
wolfSSL 15:117db924cf7c 10877 }
wolfSSL 15:117db924cf7c 10878
wolfSSL 15:117db924cf7c 10879 wc_UnLockMutex(&cm->caLock);
wolfSSL 15:117db924cf7c 10880
wolfSSL 15:117db924cf7c 10881 return ret;
wolfSSL 15:117db924cf7c 10882 }
wolfSSL 15:117db924cf7c 10883
wolfSSL 15:117db924cf7c 10884
wolfSSL 15:117db924cf7c 10885 /* get how big the the cert cache save buffer needs to be */
wolfSSL 15:117db924cf7c 10886 int CM_GetCertCacheMemSize(WOLFSSL_CERT_MANAGER* cm)
wolfSSL 15:117db924cf7c 10887 {
wolfSSL 15:117db924cf7c 10888 int sz;
wolfSSL 15:117db924cf7c 10889
wolfSSL 15:117db924cf7c 10890 WOLFSSL_ENTER("CM_GetCertCacheMemSize");
wolfSSL 15:117db924cf7c 10891
wolfSSL 15:117db924cf7c 10892 if (wc_LockMutex(&cm->caLock) != 0) {
wolfSSL 15:117db924cf7c 10893 WOLFSSL_MSG("wc_LockMutex on caLock failed");
wolfSSL 15:117db924cf7c 10894 return BAD_MUTEX_E;
wolfSSL 15:117db924cf7c 10895 }
wolfSSL 15:117db924cf7c 10896
wolfSSL 15:117db924cf7c 10897 sz = GetCertCacheMemSize(cm);
wolfSSL 15:117db924cf7c 10898
wolfSSL 15:117db924cf7c 10899 wc_UnLockMutex(&cm->caLock);
wolfSSL 15:117db924cf7c 10900
wolfSSL 15:117db924cf7c 10901 return sz;
wolfSSL 15:117db924cf7c 10902 }
wolfSSL 15:117db924cf7c 10903
wolfSSL 15:117db924cf7c 10904 #endif /* PERSIST_CERT_CACHE */
wolfSSL 15:117db924cf7c 10905 #endif /* NO_CERTS */
wolfSSL 15:117db924cf7c 10906
wolfSSL 16:8e0d178b1d1e 10907 #ifdef OPENSSL_EXTRA
wolfSSL 16:8e0d178b1d1e 10908
wolfSSL 16:8e0d178b1d1e 10909
wolfSSL 16:8e0d178b1d1e 10910 /* removes all cipher suites from the list that contain "toRemove"
wolfSSL 16:8e0d178b1d1e 10911 * returns the new list size on success
wolfSSL 16:8e0d178b1d1e 10912 */
wolfSSL 16:8e0d178b1d1e 10913 static int wolfSSL_remove_ciphers(char* list, int sz, const char* toRemove)
wolfSSL 16:8e0d178b1d1e 10914 {
wolfSSL 16:8e0d178b1d1e 10915 int idx = 0;
wolfSSL 16:8e0d178b1d1e 10916 char* next = (char*)list;
wolfSSL 16:8e0d178b1d1e 10917 int totalSz = sz;
wolfSSL 16:8e0d178b1d1e 10918
wolfSSL 16:8e0d178b1d1e 10919 if (list == NULL) {
wolfSSL 16:8e0d178b1d1e 10920 return 0;
wolfSSL 16:8e0d178b1d1e 10921 }
wolfSSL 16:8e0d178b1d1e 10922
wolfSSL 16:8e0d178b1d1e 10923 do {
wolfSSL 16:8e0d178b1d1e 10924 char* current = next;
wolfSSL 16:8e0d178b1d1e 10925 char name[MAX_SUITE_NAME + 1];
wolfSSL 16:8e0d178b1d1e 10926 word32 length;
wolfSSL 16:8e0d178b1d1e 10927
wolfSSL 16:8e0d178b1d1e 10928 next = XSTRSTR(next, ":");
wolfSSL 16:8e0d178b1d1e 10929 length = min(sizeof(name), !next ? (word32)XSTRLEN(current) /* last */
wolfSSL 16:8e0d178b1d1e 10930 : (word32)(next - current));
wolfSSL 16:8e0d178b1d1e 10931
wolfSSL 16:8e0d178b1d1e 10932 XSTRNCPY(name, current, length);
wolfSSL 16:8e0d178b1d1e 10933 name[(length == sizeof(name)) ? length - 1 : length] = 0;
wolfSSL 16:8e0d178b1d1e 10934
wolfSSL 16:8e0d178b1d1e 10935 if (XSTRSTR(name, toRemove)) {
wolfSSL 16:8e0d178b1d1e 10936 XMEMMOVE(list + idx, list + idx + length, totalSz - (idx + length));
wolfSSL 16:8e0d178b1d1e 10937 totalSz -= length;
wolfSSL 16:8e0d178b1d1e 10938 list[totalSz] = '\0';
wolfSSL 16:8e0d178b1d1e 10939 next = current;
wolfSSL 16:8e0d178b1d1e 10940 }
wolfSSL 16:8e0d178b1d1e 10941 else {
wolfSSL 16:8e0d178b1d1e 10942 idx += length;
wolfSSL 16:8e0d178b1d1e 10943 }
wolfSSL 16:8e0d178b1d1e 10944 } while (next++); /* ++ needed to skip ':' */
wolfSSL 16:8e0d178b1d1e 10945
wolfSSL 16:8e0d178b1d1e 10946 return totalSz;
wolfSSL 16:8e0d178b1d1e 10947 }
wolfSSL 16:8e0d178b1d1e 10948
wolfSSL 16:8e0d178b1d1e 10949 /* parse some bulk lists like !eNULL / !aNULL
wolfSSL 16:8e0d178b1d1e 10950 *
wolfSSL 16:8e0d178b1d1e 10951 * returns WOLFSSL_SUCCESS on success and sets the cipher suite list
wolfSSL 16:8e0d178b1d1e 10952 */
wolfSSL 16:8e0d178b1d1e 10953 static int wolfSSL_parse_cipher_list(WOLFSSL_CTX* ctx, Suites* suites,
wolfSSL 16:8e0d178b1d1e 10954 const char* list)
wolfSSL 16:8e0d178b1d1e 10955 {
wolfSSL 16:8e0d178b1d1e 10956 int ret = 0;
wolfSSL 16:8e0d178b1d1e 10957 const int suiteSz = GetCipherNamesSize();
wolfSSL 16:8e0d178b1d1e 10958 char* next = (char*)list;
wolfSSL 16:8e0d178b1d1e 10959 const CipherSuiteInfo* names = GetCipherNames();
wolfSSL 16:8e0d178b1d1e 10960 char* localList = NULL;
wolfSSL 16:8e0d178b1d1e 10961 int sz = 0;
wolfSSL 16:8e0d178b1d1e 10962
wolfSSL 16:8e0d178b1d1e 10963 if (suites == NULL || list == NULL) {
wolfSSL 16:8e0d178b1d1e 10964 WOLFSSL_MSG("NULL argument");
wolfSSL 16:8e0d178b1d1e 10965 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 10966 }
wolfSSL 16:8e0d178b1d1e 10967
wolfSSL 16:8e0d178b1d1e 10968 /* does list contain eNULL or aNULL? */
wolfSSL 16:8e0d178b1d1e 10969 if (XSTRSTR(list, "aNULL") || XSTRSTR(list, "eNULL")) {
wolfSSL 16:8e0d178b1d1e 10970 do {
wolfSSL 16:8e0d178b1d1e 10971 char* current = next;
wolfSSL 16:8e0d178b1d1e 10972 char name[MAX_SUITE_NAME + 1];
wolfSSL 16:8e0d178b1d1e 10973 int i;
wolfSSL 16:8e0d178b1d1e 10974 word32 length;
wolfSSL 16:8e0d178b1d1e 10975
wolfSSL 16:8e0d178b1d1e 10976 next = XSTRSTR(next, ":");
wolfSSL 16:8e0d178b1d1e 10977 length = min(sizeof(name), !next ? (word32)XSTRLEN(current) /*last*/
wolfSSL 16:8e0d178b1d1e 10978 : (word32)(next - current));
wolfSSL 16:8e0d178b1d1e 10979
wolfSSL 16:8e0d178b1d1e 10980 XSTRNCPY(name, current, length);
wolfSSL 16:8e0d178b1d1e 10981 name[(length == sizeof(name)) ? length - 1 : length] = 0;
wolfSSL 16:8e0d178b1d1e 10982
wolfSSL 16:8e0d178b1d1e 10983 /* check for "not" case */
wolfSSL 16:8e0d178b1d1e 10984 if (name[0] == '!' && suiteSz > 0) {
wolfSSL 16:8e0d178b1d1e 10985 /* populate list with all suites if not already created */
wolfSSL 16:8e0d178b1d1e 10986 if (localList == NULL) {
wolfSSL 16:8e0d178b1d1e 10987 for (i = 0; i < suiteSz; i++) {
wolfSSL 16:8e0d178b1d1e 10988 sz += (int)XSTRLEN(names[i].name) + 2;
wolfSSL 16:8e0d178b1d1e 10989 }
wolfSSL 16:8e0d178b1d1e 10990 localList = (char*)XMALLOC(sz, ctx->heap,
wolfSSL 16:8e0d178b1d1e 10991 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 10992 if (localList == NULL) {
wolfSSL 16:8e0d178b1d1e 10993 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 10994 }
wolfSSL 16:8e0d178b1d1e 10995 wolfSSL_get_ciphers(localList, sz);
wolfSSL 16:8e0d178b1d1e 10996 sz = (int)XSTRLEN(localList);
wolfSSL 16:8e0d178b1d1e 10997 }
wolfSSL 16:8e0d178b1d1e 10998
wolfSSL 16:8e0d178b1d1e 10999 if (XSTRSTR(name, "eNULL")) {
wolfSSL 16:8e0d178b1d1e 11000 wolfSSL_remove_ciphers(localList, sz, "-NULL");
wolfSSL 16:8e0d178b1d1e 11001 }
wolfSSL 16:8e0d178b1d1e 11002 }
wolfSSL 16:8e0d178b1d1e 11003 }
wolfSSL 16:8e0d178b1d1e 11004 while (next++); /* ++ needed to skip ':' */
wolfSSL 16:8e0d178b1d1e 11005
wolfSSL 16:8e0d178b1d1e 11006 ret = SetCipherList(ctx, suites, localList);
wolfSSL 16:8e0d178b1d1e 11007 XFREE(localList, ctx->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 11008 return (ret)? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 11009 }
wolfSSL 16:8e0d178b1d1e 11010 else {
wolfSSL 16:8e0d178b1d1e 11011 return (SetCipherList(ctx, suites, list)) ? WOLFSSL_SUCCESS :
wolfSSL 16:8e0d178b1d1e 11012 WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 11013 }
wolfSSL 16:8e0d178b1d1e 11014 }
wolfSSL 16:8e0d178b1d1e 11015
wolfSSL 16:8e0d178b1d1e 11016 #endif
wolfSSL 16:8e0d178b1d1e 11017
wolfSSL 15:117db924cf7c 11018
wolfSSL 15:117db924cf7c 11019 int wolfSSL_CTX_set_cipher_list(WOLFSSL_CTX* ctx, const char* list)
wolfSSL 15:117db924cf7c 11020 {
wolfSSL 15:117db924cf7c 11021 WOLFSSL_ENTER("wolfSSL_CTX_set_cipher_list");
wolfSSL 15:117db924cf7c 11022
wolfSSL 16:8e0d178b1d1e 11023 if (ctx == NULL)
wolfSSL 16:8e0d178b1d1e 11024 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 11025
wolfSSL 15:117db924cf7c 11026 /* alloc/init on demand only */
wolfSSL 15:117db924cf7c 11027 if (ctx->suites == NULL) {
wolfSSL 15:117db924cf7c 11028 ctx->suites = (Suites*)XMALLOC(sizeof(Suites), ctx->heap,
wolfSSL 15:117db924cf7c 11029 DYNAMIC_TYPE_SUITES);
wolfSSL 15:117db924cf7c 11030 if (ctx->suites == NULL) {
wolfSSL 15:117db924cf7c 11031 WOLFSSL_MSG("Memory alloc for Suites failed");
wolfSSL 15:117db924cf7c 11032 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 11033 }
wolfSSL 15:117db924cf7c 11034 XMEMSET(ctx->suites, 0, sizeof(Suites));
wolfSSL 15:117db924cf7c 11035 }
wolfSSL 15:117db924cf7c 11036
wolfSSL 16:8e0d178b1d1e 11037 #ifdef OPENSSL_EXTRA
wolfSSL 16:8e0d178b1d1e 11038 return wolfSSL_parse_cipher_list(ctx, ctx->suites, list);
wolfSSL 16:8e0d178b1d1e 11039 #else
wolfSSL 15:117db924cf7c 11040 return (SetCipherList(ctx, ctx->suites, list)) ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 11041 #endif
wolfSSL 15:117db924cf7c 11042 }
wolfSSL 15:117db924cf7c 11043
wolfSSL 15:117db924cf7c 11044
wolfSSL 15:117db924cf7c 11045 int wolfSSL_set_cipher_list(WOLFSSL* ssl, const char* list)
wolfSSL 15:117db924cf7c 11046 {
wolfSSL 15:117db924cf7c 11047 WOLFSSL_ENTER("wolfSSL_set_cipher_list");
wolfSSL 16:8e0d178b1d1e 11048 #ifdef SINGLE_THREADED
wolfSSL 16:8e0d178b1d1e 11049 if (ssl->ctx->suites == ssl->suites) {
wolfSSL 16:8e0d178b1d1e 11050 ssl->suites = (Suites*)XMALLOC(sizeof(Suites), ssl->heap,
wolfSSL 16:8e0d178b1d1e 11051 DYNAMIC_TYPE_SUITES);
wolfSSL 16:8e0d178b1d1e 11052 if (ssl->suites == NULL) {
wolfSSL 16:8e0d178b1d1e 11053 WOLFSSL_MSG("Suites Memory error");
wolfSSL 16:8e0d178b1d1e 11054 return MEMORY_E;
wolfSSL 16:8e0d178b1d1e 11055 }
wolfSSL 16:8e0d178b1d1e 11056 ssl->options.ownSuites = 1;
wolfSSL 16:8e0d178b1d1e 11057 }
wolfSSL 16:8e0d178b1d1e 11058 #endif
wolfSSL 16:8e0d178b1d1e 11059
wolfSSL 16:8e0d178b1d1e 11060 #ifdef OPENSSL_EXTRA
wolfSSL 16:8e0d178b1d1e 11061 return wolfSSL_parse_cipher_list(ssl->ctx, ssl->suites, list);
wolfSSL 16:8e0d178b1d1e 11062 #else
wolfSSL 15:117db924cf7c 11063 return (SetCipherList(ssl->ctx, ssl->suites, list)) ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 11064 #endif
wolfSSL 15:117db924cf7c 11065 }
wolfSSL 15:117db924cf7c 11066
wolfSSL 15:117db924cf7c 11067
wolfSSL 15:117db924cf7c 11068 int wolfSSL_dtls_get_using_nonblock(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 11069 {
wolfSSL 15:117db924cf7c 11070 int useNb = 0;
wolfSSL 15:117db924cf7c 11071
wolfSSL 16:8e0d178b1d1e 11072 if (ssl == NULL)
wolfSSL 16:8e0d178b1d1e 11073 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 11074
wolfSSL 15:117db924cf7c 11075 WOLFSSL_ENTER("wolfSSL_dtls_get_using_nonblock");
wolfSSL 15:117db924cf7c 11076 if (ssl->options.dtls) {
wolfSSL 15:117db924cf7c 11077 #ifdef WOLFSSL_DTLS
wolfSSL 15:117db924cf7c 11078 useNb = ssl->options.dtlsUseNonblock;
wolfSSL 15:117db924cf7c 11079 #endif
wolfSSL 15:117db924cf7c 11080 }
wolfSSL 15:117db924cf7c 11081 else {
wolfSSL 15:117db924cf7c 11082 WOLFSSL_MSG("wolfSSL_dtls_get_using_nonblock() is "
wolfSSL 15:117db924cf7c 11083 "DEPRECATED for non-DTLS use.");
wolfSSL 15:117db924cf7c 11084 }
wolfSSL 15:117db924cf7c 11085 return useNb;
wolfSSL 15:117db924cf7c 11086 }
wolfSSL 15:117db924cf7c 11087
wolfSSL 15:117db924cf7c 11088
wolfSSL 15:117db924cf7c 11089 #ifndef WOLFSSL_LEANPSK
wolfSSL 15:117db924cf7c 11090
wolfSSL 15:117db924cf7c 11091 void wolfSSL_dtls_set_using_nonblock(WOLFSSL* ssl, int nonblock)
wolfSSL 15:117db924cf7c 11092 {
wolfSSL 15:117db924cf7c 11093 (void)nonblock;
wolfSSL 15:117db924cf7c 11094
wolfSSL 15:117db924cf7c 11095 WOLFSSL_ENTER("wolfSSL_dtls_set_using_nonblock");
wolfSSL 16:8e0d178b1d1e 11096
wolfSSL 16:8e0d178b1d1e 11097 if (ssl == NULL)
wolfSSL 16:8e0d178b1d1e 11098 return;
wolfSSL 16:8e0d178b1d1e 11099
wolfSSL 15:117db924cf7c 11100 if (ssl->options.dtls) {
wolfSSL 15:117db924cf7c 11101 #ifdef WOLFSSL_DTLS
wolfSSL 15:117db924cf7c 11102 ssl->options.dtlsUseNonblock = (nonblock != 0);
wolfSSL 15:117db924cf7c 11103 #endif
wolfSSL 15:117db924cf7c 11104 }
wolfSSL 15:117db924cf7c 11105 else {
wolfSSL 15:117db924cf7c 11106 WOLFSSL_MSG("wolfSSL_dtls_set_using_nonblock() is "
wolfSSL 15:117db924cf7c 11107 "DEPRECATED for non-DTLS use.");
wolfSSL 15:117db924cf7c 11108 }
wolfSSL 15:117db924cf7c 11109 }
wolfSSL 15:117db924cf7c 11110
wolfSSL 15:117db924cf7c 11111
wolfSSL 15:117db924cf7c 11112 #ifdef WOLFSSL_DTLS
wolfSSL 15:117db924cf7c 11113
wolfSSL 15:117db924cf7c 11114 int wolfSSL_dtls_get_current_timeout(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 11115 {
wolfSSL 16:8e0d178b1d1e 11116 int timeout = 0;
wolfSSL 16:8e0d178b1d1e 11117 if (ssl)
wolfSSL 16:8e0d178b1d1e 11118 timeout = ssl->dtls_timeout;
wolfSSL 16:8e0d178b1d1e 11119
wolfSSL 16:8e0d178b1d1e 11120 WOLFSSL_LEAVE("wolfSSL_dtls_get_current_timeout()", timeout);
wolfSSL 16:8e0d178b1d1e 11121 return timeout;
wolfSSL 16:8e0d178b1d1e 11122 }
wolfSSL 16:8e0d178b1d1e 11123
wolfSSL 16:8e0d178b1d1e 11124 int wolfSSL_DTLSv1_get_timeout(WOLFSSL* ssl, WOLFSSL_TIMEVAL* timeleft)
wolfSSL 16:8e0d178b1d1e 11125 {
wolfSSL 16:8e0d178b1d1e 11126 if (ssl && timeleft) {
wolfSSL 16:8e0d178b1d1e 11127 XMEMSET(timeleft, 0, sizeof(WOLFSSL_TIMEVAL));
wolfSSL 16:8e0d178b1d1e 11128 timeleft->tv_sec = ssl->dtls_timeout;
wolfSSL 16:8e0d178b1d1e 11129 }
wolfSSL 16:8e0d178b1d1e 11130 return 0;
wolfSSL 16:8e0d178b1d1e 11131 }
wolfSSL 16:8e0d178b1d1e 11132
wolfSSL 16:8e0d178b1d1e 11133 #ifndef NO_WOLFSSL_STUB
wolfSSL 16:8e0d178b1d1e 11134 int wolfSSL_DTLSv1_handle_timeout(WOLFSSL* ssl)
wolfSSL 16:8e0d178b1d1e 11135 {
wolfSSL 16:8e0d178b1d1e 11136 WOLFSSL_STUB("SSL_DTLSv1_handle_timeout");
wolfSSL 16:8e0d178b1d1e 11137 (void)ssl;
wolfSSL 16:8e0d178b1d1e 11138 return 0;
wolfSSL 16:8e0d178b1d1e 11139 }
wolfSSL 16:8e0d178b1d1e 11140 #endif
wolfSSL 16:8e0d178b1d1e 11141
wolfSSL 16:8e0d178b1d1e 11142 #ifndef NO_WOLFSSL_STUB
wolfSSL 16:8e0d178b1d1e 11143 void wolfSSL_DTLSv1_set_initial_timeout_duration(WOLFSSL* ssl, word32 duration_ms)
wolfSSL 16:8e0d178b1d1e 11144 {
wolfSSL 16:8e0d178b1d1e 11145 WOLFSSL_STUB("SSL_DTLSv1_set_initial_timeout_duration");
wolfSSL 16:8e0d178b1d1e 11146 (void)ssl;
wolfSSL 16:8e0d178b1d1e 11147 (void)duration_ms;
wolfSSL 16:8e0d178b1d1e 11148 }
wolfSSL 16:8e0d178b1d1e 11149 #endif
wolfSSL 15:117db924cf7c 11150
wolfSSL 15:117db924cf7c 11151 /* user may need to alter init dtls recv timeout, WOLFSSL_SUCCESS on ok */
wolfSSL 15:117db924cf7c 11152 int wolfSSL_dtls_set_timeout_init(WOLFSSL* ssl, int timeout)
wolfSSL 15:117db924cf7c 11153 {
wolfSSL 15:117db924cf7c 11154 if (ssl == NULL || timeout < 0)
wolfSSL 15:117db924cf7c 11155 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 11156
wolfSSL 15:117db924cf7c 11157 if (timeout > ssl->dtls_timeout_max) {
wolfSSL 15:117db924cf7c 11158 WOLFSSL_MSG("Can't set dtls timeout init greater than dtls timeout max");
wolfSSL 15:117db924cf7c 11159 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 11160 }
wolfSSL 15:117db924cf7c 11161
wolfSSL 15:117db924cf7c 11162 ssl->dtls_timeout_init = timeout;
wolfSSL 15:117db924cf7c 11163 ssl->dtls_timeout = timeout;
wolfSSL 15:117db924cf7c 11164
wolfSSL 15:117db924cf7c 11165 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 11166 }
wolfSSL 15:117db924cf7c 11167
wolfSSL 15:117db924cf7c 11168
wolfSSL 15:117db924cf7c 11169 /* user may need to alter max dtls recv timeout, WOLFSSL_SUCCESS on ok */
wolfSSL 15:117db924cf7c 11170 int wolfSSL_dtls_set_timeout_max(WOLFSSL* ssl, int timeout)
wolfSSL 15:117db924cf7c 11171 {
wolfSSL 15:117db924cf7c 11172 if (ssl == NULL || timeout < 0)
wolfSSL 15:117db924cf7c 11173 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 11174
wolfSSL 15:117db924cf7c 11175 if (timeout < ssl->dtls_timeout_init) {
wolfSSL 15:117db924cf7c 11176 WOLFSSL_MSG("Can't set dtls timeout max less than dtls timeout init");
wolfSSL 15:117db924cf7c 11177 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 11178 }
wolfSSL 15:117db924cf7c 11179
wolfSSL 15:117db924cf7c 11180 ssl->dtls_timeout_max = timeout;
wolfSSL 15:117db924cf7c 11181
wolfSSL 15:117db924cf7c 11182 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 11183 }
wolfSSL 15:117db924cf7c 11184
wolfSSL 15:117db924cf7c 11185
wolfSSL 15:117db924cf7c 11186 int wolfSSL_dtls_got_timeout(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 11187 {
wolfSSL 15:117db924cf7c 11188 int result = WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 11189 WOLFSSL_ENTER("wolfSSL_dtls_got_timeout()");
wolfSSL 16:8e0d178b1d1e 11190
wolfSSL 16:8e0d178b1d1e 11191 if (ssl == NULL)
wolfSSL 16:8e0d178b1d1e 11192 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 11193
wolfSSL 15:117db924cf7c 11194 if (!ssl->options.handShakeDone &&
wolfSSL 15:117db924cf7c 11195 (DtlsMsgPoolTimeout(ssl) < 0 || DtlsMsgPoolSend(ssl, 0) < 0)) {
wolfSSL 15:117db924cf7c 11196
wolfSSL 15:117db924cf7c 11197 result = WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 11198 }
wolfSSL 16:8e0d178b1d1e 11199
wolfSSL 16:8e0d178b1d1e 11200 WOLFSSL_LEAVE("wolfSSL_dtls_got_timeout()", result);
wolfSSL 15:117db924cf7c 11201 return result;
wolfSSL 15:117db924cf7c 11202 }
wolfSSL 15:117db924cf7c 11203
wolfSSL 16:8e0d178b1d1e 11204
wolfSSL 16:8e0d178b1d1e 11205 /* retransmit all the saves messages, WOLFSSL_SUCCESS on ok */
wolfSSL 16:8e0d178b1d1e 11206 int wolfSSL_dtls_retransmit(WOLFSSL* ssl)
wolfSSL 16:8e0d178b1d1e 11207 {
wolfSSL 16:8e0d178b1d1e 11208 WOLFSSL_ENTER("wolfSSL_dtls_retransmit()");
wolfSSL 16:8e0d178b1d1e 11209
wolfSSL 16:8e0d178b1d1e 11210 if (ssl == NULL)
wolfSSL 16:8e0d178b1d1e 11211 return WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 11212
wolfSSL 16:8e0d178b1d1e 11213 if (!ssl->options.handShakeDone) {
wolfSSL 16:8e0d178b1d1e 11214 int result = DtlsMsgPoolSend(ssl, 0);
wolfSSL 16:8e0d178b1d1e 11215 if (result < 0) {
wolfSSL 16:8e0d178b1d1e 11216 ssl->error = result;
wolfSSL 16:8e0d178b1d1e 11217 WOLFSSL_ERROR(result);
wolfSSL 16:8e0d178b1d1e 11218 return WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 11219 }
wolfSSL 16:8e0d178b1d1e 11220 }
wolfSSL 16:8e0d178b1d1e 11221
wolfSSL 16:8e0d178b1d1e 11222 return 0;
wolfSSL 16:8e0d178b1d1e 11223 }
wolfSSL 16:8e0d178b1d1e 11224
wolfSSL 15:117db924cf7c 11225 #endif /* DTLS */
wolfSSL 15:117db924cf7c 11226 #endif /* LEANPSK */
wolfSSL 15:117db924cf7c 11227
wolfSSL 15:117db924cf7c 11228
wolfSSL 15:117db924cf7c 11229 #if defined(WOLFSSL_DTLS) && !defined(NO_WOLFSSL_SERVER)
wolfSSL 15:117db924cf7c 11230
wolfSSL 15:117db924cf7c 11231 /* Not an SSL function, return 0 for success, error code otherwise */
wolfSSL 15:117db924cf7c 11232 /* Prereq: ssl's RNG needs to be initialized. */
wolfSSL 15:117db924cf7c 11233 int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
wolfSSL 15:117db924cf7c 11234 const byte* secret, word32 secretSz)
wolfSSL 15:117db924cf7c 11235 {
wolfSSL 15:117db924cf7c 11236 int ret = 0;
wolfSSL 15:117db924cf7c 11237
wolfSSL 15:117db924cf7c 11238 WOLFSSL_ENTER("wolfSSL_DTLS_SetCookieSecret");
wolfSSL 15:117db924cf7c 11239
wolfSSL 15:117db924cf7c 11240 if (ssl == NULL) {
wolfSSL 15:117db924cf7c 11241 WOLFSSL_MSG("need a SSL object");
wolfSSL 15:117db924cf7c 11242 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 11243 }
wolfSSL 15:117db924cf7c 11244
wolfSSL 15:117db924cf7c 11245 if (secret != NULL && secretSz == 0) {
wolfSSL 15:117db924cf7c 11246 WOLFSSL_MSG("can't have a new secret without a size");
wolfSSL 15:117db924cf7c 11247 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 11248 }
wolfSSL 15:117db924cf7c 11249
wolfSSL 15:117db924cf7c 11250 /* If secretSz is 0, use the default size. */
wolfSSL 15:117db924cf7c 11251 if (secretSz == 0)
wolfSSL 15:117db924cf7c 11252 secretSz = COOKIE_SECRET_SZ;
wolfSSL 15:117db924cf7c 11253
wolfSSL 15:117db924cf7c 11254 if (secretSz != ssl->buffers.dtlsCookieSecret.length) {
wolfSSL 15:117db924cf7c 11255 byte* newSecret;
wolfSSL 15:117db924cf7c 11256
wolfSSL 15:117db924cf7c 11257 if (ssl->buffers.dtlsCookieSecret.buffer != NULL) {
wolfSSL 15:117db924cf7c 11258 ForceZero(ssl->buffers.dtlsCookieSecret.buffer,
wolfSSL 15:117db924cf7c 11259 ssl->buffers.dtlsCookieSecret.length);
wolfSSL 15:117db924cf7c 11260 XFREE(ssl->buffers.dtlsCookieSecret.buffer,
wolfSSL 15:117db924cf7c 11261 ssl->heap, DYNAMIC_TYPE_NONE);
wolfSSL 15:117db924cf7c 11262 }
wolfSSL 15:117db924cf7c 11263
wolfSSL 15:117db924cf7c 11264 newSecret = (byte*)XMALLOC(secretSz, ssl->heap,DYNAMIC_TYPE_COOKIE_PWD);
wolfSSL 15:117db924cf7c 11265 if (newSecret == NULL) {
wolfSSL 15:117db924cf7c 11266 ssl->buffers.dtlsCookieSecret.buffer = NULL;
wolfSSL 15:117db924cf7c 11267 ssl->buffers.dtlsCookieSecret.length = 0;
wolfSSL 15:117db924cf7c 11268 WOLFSSL_MSG("couldn't allocate new cookie secret");
wolfSSL 15:117db924cf7c 11269 return MEMORY_ERROR;
wolfSSL 15:117db924cf7c 11270 }
wolfSSL 15:117db924cf7c 11271 ssl->buffers.dtlsCookieSecret.buffer = newSecret;
wolfSSL 15:117db924cf7c 11272 ssl->buffers.dtlsCookieSecret.length = secretSz;
wolfSSL 15:117db924cf7c 11273 }
wolfSSL 15:117db924cf7c 11274
wolfSSL 15:117db924cf7c 11275 /* If the supplied secret is NULL, randomly generate a new secret. */
wolfSSL 15:117db924cf7c 11276 if (secret == NULL) {
wolfSSL 15:117db924cf7c 11277 ret = wc_RNG_GenerateBlock(ssl->rng,
wolfSSL 15:117db924cf7c 11278 ssl->buffers.dtlsCookieSecret.buffer, secretSz);
wolfSSL 15:117db924cf7c 11279 }
wolfSSL 15:117db924cf7c 11280 else
wolfSSL 15:117db924cf7c 11281 XMEMCPY(ssl->buffers.dtlsCookieSecret.buffer, secret, secretSz);
wolfSSL 15:117db924cf7c 11282
wolfSSL 15:117db924cf7c 11283 WOLFSSL_LEAVE("wolfSSL_DTLS_SetCookieSecret", 0);
wolfSSL 15:117db924cf7c 11284 return ret;
wolfSSL 15:117db924cf7c 11285 }
wolfSSL 15:117db924cf7c 11286
wolfSSL 15:117db924cf7c 11287 #endif /* WOLFSSL_DTLS && !NO_WOLFSSL_SERVER */
wolfSSL 15:117db924cf7c 11288
wolfSSL 16:8e0d178b1d1e 11289
wolfSSL 16:8e0d178b1d1e 11290 /* EITHER SIDE METHODS */
wolfSSL 16:8e0d178b1d1e 11291 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
wolfSSL 16:8e0d178b1d1e 11292 WOLFSSL_METHOD* wolfSSLv23_method(void)
wolfSSL 16:8e0d178b1d1e 11293 {
wolfSSL 16:8e0d178b1d1e 11294 return wolfSSLv23_method_ex(NULL);
wolfSSL 16:8e0d178b1d1e 11295 }
wolfSSL 16:8e0d178b1d1e 11296 WOLFSSL_METHOD* wolfSSLv23_method_ex(void* heap)
wolfSSL 16:8e0d178b1d1e 11297 {
wolfSSL 15:117db924cf7c 11298 WOLFSSL_METHOD* m = NULL;
wolfSSL 16:8e0d178b1d1e 11299 WOLFSSL_ENTER("SSLv23_method");
wolfSSL 16:8e0d178b1d1e 11300 #if !defined(NO_WOLFSSL_CLIENT)
wolfSSL 16:8e0d178b1d1e 11301 m = wolfSSLv23_client_method_ex(heap);
wolfSSL 16:8e0d178b1d1e 11302 #elif !defined(NO_WOLFSSL_SERVER)
wolfSSL 16:8e0d178b1d1e 11303 m = wolfSSLv23_server_method_ex(heap);
wolfSSL 16:8e0d178b1d1e 11304 #endif
wolfSSL 16:8e0d178b1d1e 11305 if (m != NULL) {
wolfSSL 16:8e0d178b1d1e 11306 m->side = WOLFSSL_NEITHER_END;
wolfSSL 16:8e0d178b1d1e 11307 }
wolfSSL 16:8e0d178b1d1e 11308
wolfSSL 16:8e0d178b1d1e 11309 return m;
wolfSSL 16:8e0d178b1d1e 11310 }
wolfSSL 16:8e0d178b1d1e 11311
wolfSSL 16:8e0d178b1d1e 11312 #ifdef WOLFSSL_ALLOW_SSLV3
wolfSSL 16:8e0d178b1d1e 11313 WOLFSSL_METHOD* wolfSSLv3_method(void)
wolfSSL 16:8e0d178b1d1e 11314 {
wolfSSL 16:8e0d178b1d1e 11315 return wolfSSLv3_method_ex(NULL);
wolfSSL 16:8e0d178b1d1e 11316 }
wolfSSL 16:8e0d178b1d1e 11317 WOLFSSL_METHOD* wolfSSLv3_method_ex(void* heap)
wolfSSL 16:8e0d178b1d1e 11318 {
wolfSSL 16:8e0d178b1d1e 11319 WOLFSSL_METHOD* m = NULL;
wolfSSL 16:8e0d178b1d1e 11320 WOLFSSL_ENTER("SSLv3_method");
wolfSSL 16:8e0d178b1d1e 11321 #if !defined(NO_WOLFSSL_CLIENT)
wolfSSL 16:8e0d178b1d1e 11322 m = wolfSSLv3_client_method_ex(heap);
wolfSSL 16:8e0d178b1d1e 11323 #elif !defined(NO_WOLFSSL_SERVER)
wolfSSL 16:8e0d178b1d1e 11324 m = wolfSSLv3_server_method_ex(heap);
wolfSSL 16:8e0d178b1d1e 11325 #endif
wolfSSL 15:117db924cf7c 11326 if (m != NULL) {
wolfSSL 15:117db924cf7c 11327 m->side = WOLFSSL_NEITHER_END;
wolfSSL 15:117db924cf7c 11328 }
wolfSSL 15:117db924cf7c 11329
wolfSSL 15:117db924cf7c 11330 return m;
wolfSSL 15:117db924cf7c 11331 }
wolfSSL 16:8e0d178b1d1e 11332 #endif
wolfSSL 16:8e0d178b1d1e 11333 #endif /* OPENSSL_EXTRA || WOLFSSL_EITHER_SIDE */
wolfSSL 15:117db924cf7c 11334
wolfSSL 15:117db924cf7c 11335 /* client only parts */
wolfSSL 15:117db924cf7c 11336 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 15:117db924cf7c 11337
wolfSSL 16:8e0d178b1d1e 11338 #ifdef OPENSSL_EXTRA
wolfSSL 16:8e0d178b1d1e 11339 WOLFSSL_METHOD* wolfSSLv2_client_method(void)
wolfSSL 16:8e0d178b1d1e 11340 {
wolfSSL 16:8e0d178b1d1e 11341 WOLFSSL_STUB("wolfSSLv2_client_method");
wolfSSL 16:8e0d178b1d1e 11342 return NULL;
wolfSSL 16:8e0d178b1d1e 11343 }
wolfSSL 16:8e0d178b1d1e 11344 #endif
wolfSSL 16:8e0d178b1d1e 11345
wolfSSL 16:8e0d178b1d1e 11346 #ifdef WOLFSSL_ALLOW_SSLV3
wolfSSL 15:117db924cf7c 11347 WOLFSSL_METHOD* wolfSSLv3_client_method(void)
wolfSSL 15:117db924cf7c 11348 {
wolfSSL 15:117db924cf7c 11349 return wolfSSLv3_client_method_ex(NULL);
wolfSSL 15:117db924cf7c 11350 }
wolfSSL 15:117db924cf7c 11351 WOLFSSL_METHOD* wolfSSLv3_client_method_ex(void* heap)
wolfSSL 15:117db924cf7c 11352 {
wolfSSL 15:117db924cf7c 11353 WOLFSSL_METHOD* method =
wolfSSL 15:117db924cf7c 11354 (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD),
wolfSSL 15:117db924cf7c 11355 heap, DYNAMIC_TYPE_METHOD);
wolfSSL 16:8e0d178b1d1e 11356 (void)heap;
wolfSSL 15:117db924cf7c 11357 WOLFSSL_ENTER("SSLv3_client_method_ex");
wolfSSL 15:117db924cf7c 11358 if (method)
wolfSSL 15:117db924cf7c 11359 InitSSL_Method(method, MakeSSLv3());
wolfSSL 15:117db924cf7c 11360 return method;
wolfSSL 15:117db924cf7c 11361 }
wolfSSL 16:8e0d178b1d1e 11362 #endif /* WOLFSSL_ALLOW_SSLV3 */
wolfSSL 16:8e0d178b1d1e 11363
wolfSSL 16:8e0d178b1d1e 11364
wolfSSL 16:8e0d178b1d1e 11365 WOLFSSL_METHOD* wolfSSLv23_client_method(void)
wolfSSL 16:8e0d178b1d1e 11366 {
wolfSSL 16:8e0d178b1d1e 11367 return wolfSSLv23_client_method_ex(NULL);
wolfSSL 16:8e0d178b1d1e 11368 }
wolfSSL 16:8e0d178b1d1e 11369 WOLFSSL_METHOD* wolfSSLv23_client_method_ex(void* heap)
wolfSSL 16:8e0d178b1d1e 11370 {
wolfSSL 16:8e0d178b1d1e 11371 WOLFSSL_METHOD* method =
wolfSSL 15:117db924cf7c 11372 (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD),
wolfSSL 15:117db924cf7c 11373 heap, DYNAMIC_TYPE_METHOD);
wolfSSL 16:8e0d178b1d1e 11374 (void)heap;
wolfSSL 16:8e0d178b1d1e 11375 WOLFSSL_ENTER("SSLv23_client_method_ex");
wolfSSL 16:8e0d178b1d1e 11376 if (method) {
wolfSSL 16:8e0d178b1d1e 11377 #if !defined(NO_SHA256) || defined(WOLFSSL_SHA384) || defined(WOLFSSL_SHA512)
wolfSSL 16:8e0d178b1d1e 11378 #if defined(WOLFSSL_TLS13)
wolfSSL 16:8e0d178b1d1e 11379 InitSSL_Method(method, MakeTLSv1_3());
wolfSSL 16:8e0d178b1d1e 11380 #elif !defined(WOLFSSL_NO_TLS12)
wolfSSL 16:8e0d178b1d1e 11381 InitSSL_Method(method, MakeTLSv1_2());
wolfSSL 16:8e0d178b1d1e 11382 #elif !defined(NO_OLD_TLS)
wolfSSL 16:8e0d178b1d1e 11383 InitSSL_Method(method, MakeTLSv1_1());
wolfSSL 16:8e0d178b1d1e 11384 #endif
wolfSSL 16:8e0d178b1d1e 11385 #else
wolfSSL 16:8e0d178b1d1e 11386 #ifndef NO_OLD_TLS
wolfSSL 16:8e0d178b1d1e 11387 InitSSL_Method(method, MakeTLSv1_1());
wolfSSL 16:8e0d178b1d1e 11388 #endif
wolfSSL 16:8e0d178b1d1e 11389 #endif
wolfSSL 16:8e0d178b1d1e 11390 #if !defined(NO_OLD_TLS) || defined(WOLFSSL_TLS13)
wolfSSL 16:8e0d178b1d1e 11391 method->downgrade = 1;
wolfSSL 16:8e0d178b1d1e 11392 #endif
wolfSSL 16:8e0d178b1d1e 11393 }
wolfSSL 16:8e0d178b1d1e 11394 return method;
wolfSSL 16:8e0d178b1d1e 11395 }
wolfSSL 16:8e0d178b1d1e 11396
wolfSSL 16:8e0d178b1d1e 11397
wolfSSL 16:8e0d178b1d1e 11398 #if defined(WOLFSSL_DTLS) || !defined(WOLFSSL_NO_TLS12) || !defined(NO_OLD_TLS) || \
wolfSSL 16:8e0d178b1d1e 11399 defined(WOLFSSL_ALLOW_SSLV3)
wolfSSL 15:117db924cf7c 11400 /* If SCTP is not enabled returns the state of the dtls option.
wolfSSL 15:117db924cf7c 11401 * If SCTP is enabled returns dtls && !sctp. */
wolfSSL 15:117db924cf7c 11402 static WC_INLINE int IsDtlsNotSctpMode(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 11403 {
wolfSSL 15:117db924cf7c 11404 int result = ssl->options.dtls;
wolfSSL 15:117db924cf7c 11405
wolfSSL 15:117db924cf7c 11406 if (result) {
wolfSSL 15:117db924cf7c 11407 #ifdef WOLFSSL_SCTP
wolfSSL 15:117db924cf7c 11408 result = !ssl->options.dtlsSctp;
wolfSSL 15:117db924cf7c 11409 #endif
wolfSSL 15:117db924cf7c 11410 }
wolfSSL 15:117db924cf7c 11411
wolfSSL 15:117db924cf7c 11412 return result;
wolfSSL 15:117db924cf7c 11413 }
wolfSSL 16:8e0d178b1d1e 11414 #endif /* WOLFSSL_DTLS || !WOLFSSL_NO_TLS12 || !NO_OLD_TLS */
wolfSSL 15:117db924cf7c 11415
wolfSSL 15:117db924cf7c 11416
wolfSSL 15:117db924cf7c 11417 /* please see note at top of README if you get an error from connect */
wolfSSL 16:8e0d178b1d1e 11418 WOLFSSL_ABI
wolfSSL 15:117db924cf7c 11419 int wolfSSL_connect(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 11420 {
wolfSSL 16:8e0d178b1d1e 11421 #if !(defined(WOLFSSL_NO_TLS12) && defined(NO_OLD_TLS) && defined(WOLFSSL_TLS13))
wolfSSL 15:117db924cf7c 11422 int neededState;
wolfSSL 15:117db924cf7c 11423 #endif
wolfSSL 15:117db924cf7c 11424
wolfSSL 15:117db924cf7c 11425 WOLFSSL_ENTER("SSL_connect()");
wolfSSL 15:117db924cf7c 11426
wolfSSL 15:117db924cf7c 11427 #ifdef HAVE_ERRNO_H
wolfSSL 15:117db924cf7c 11428 errno = 0;
wolfSSL 15:117db924cf7c 11429 #endif
wolfSSL 15:117db924cf7c 11430
wolfSSL 15:117db924cf7c 11431 if (ssl == NULL)
wolfSSL 15:117db924cf7c 11432 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 11433
wolfSSL 16:8e0d178b1d1e 11434 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
wolfSSL 16:8e0d178b1d1e 11435 if (ssl->options.side == WOLFSSL_NEITHER_END) {
wolfSSL 16:8e0d178b1d1e 11436 ssl->error = InitSSL_Side(ssl, WOLFSSL_CLIENT_END);
wolfSSL 16:8e0d178b1d1e 11437 if (ssl->error != WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 11438 WOLFSSL_ERROR(ssl->error);
wolfSSL 16:8e0d178b1d1e 11439 return WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 11440 }
wolfSSL 16:8e0d178b1d1e 11441 ssl->error = 0; /* expected to be zero here */
wolfSSL 16:8e0d178b1d1e 11442 }
wolfSSL 16:8e0d178b1d1e 11443
wolfSSL 16:8e0d178b1d1e 11444 #ifdef OPENSSL_EXTRA
wolfSSL 16:8e0d178b1d1e 11445 if (ssl->CBIS != NULL) {
wolfSSL 16:8e0d178b1d1e 11446 ssl->CBIS(ssl, SSL_ST_CONNECT, SSL_SUCCESS);
wolfSSL 16:8e0d178b1d1e 11447 ssl->cbmode = SSL_CB_WRITE;
wolfSSL 16:8e0d178b1d1e 11448 }
wolfSSL 16:8e0d178b1d1e 11449 #endif
wolfSSL 16:8e0d178b1d1e 11450 #endif /* OPENSSL_EXTRA || WOLFSSL_EITHER_SIDE */
wolfSSL 16:8e0d178b1d1e 11451
wolfSSL 16:8e0d178b1d1e 11452 #if defined(WOLFSSL_NO_TLS12) && defined(NO_OLD_TLS) && defined(WOLFSSL_TLS13)
wolfSSL 15:117db924cf7c 11453 return wolfSSL_connect_TLSv13(ssl);
wolfSSL 15:117db924cf7c 11454 #else
wolfSSL 15:117db924cf7c 11455 #ifdef WOLFSSL_TLS13
wolfSSL 16:8e0d178b1d1e 11456 if (ssl->options.tls1_3)
wolfSSL 16:8e0d178b1d1e 11457 return wolfSSL_connect_TLSv13(ssl);
wolfSSL 16:8e0d178b1d1e 11458 #endif
wolfSSL 16:8e0d178b1d1e 11459
wolfSSL 16:8e0d178b1d1e 11460 if (ssl->options.side != WOLFSSL_CLIENT_END) {
wolfSSL 16:8e0d178b1d1e 11461 WOLFSSL_ERROR(ssl->error = SIDE_ERROR);
wolfSSL 16:8e0d178b1d1e 11462 return WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 11463 }
wolfSSL 15:117db924cf7c 11464
wolfSSL 15:117db924cf7c 11465 #ifdef WOLFSSL_DTLS
wolfSSL 16:8e0d178b1d1e 11466 if (ssl->version.major == DTLS_MAJOR) {
wolfSSL 16:8e0d178b1d1e 11467 ssl->options.dtls = 1;
wolfSSL 16:8e0d178b1d1e 11468 ssl->options.tls = 1;
wolfSSL 16:8e0d178b1d1e 11469 ssl->options.tls1_1 = 1;
wolfSSL 16:8e0d178b1d1e 11470 }
wolfSSL 16:8e0d178b1d1e 11471 #endif
wolfSSL 16:8e0d178b1d1e 11472
wolfSSL 16:8e0d178b1d1e 11473 if (ssl->buffers.outputBuffer.length > 0
wolfSSL 16:8e0d178b1d1e 11474 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 16:8e0d178b1d1e 11475 /* do not send buffered or advance state if last error was an
wolfSSL 16:8e0d178b1d1e 11476 async pending operation */
wolfSSL 16:8e0d178b1d1e 11477 && ssl->error != WC_PENDING_E
wolfSSL 16:8e0d178b1d1e 11478 #endif
wolfSSL 16:8e0d178b1d1e 11479 ) {
wolfSSL 15:117db924cf7c 11480 if ( (ssl->error = SendBuffered(ssl)) == 0) {
wolfSSL 15:117db924cf7c 11481 /* fragOffset is non-zero when sending fragments. On the last
wolfSSL 15:117db924cf7c 11482 * fragment, fragOffset is zero again, and the state can be
wolfSSL 15:117db924cf7c 11483 * advanced. */
wolfSSL 15:117db924cf7c 11484 if (ssl->fragOffset == 0) {
wolfSSL 15:117db924cf7c 11485 ssl->options.connectState++;
wolfSSL 15:117db924cf7c 11486 WOLFSSL_MSG("connect state: "
wolfSSL 15:117db924cf7c 11487 "Advanced from last buffered fragment send");
wolfSSL 15:117db924cf7c 11488 }
wolfSSL 15:117db924cf7c 11489 else {
wolfSSL 15:117db924cf7c 11490 WOLFSSL_MSG("connect state: "
wolfSSL 15:117db924cf7c 11491 "Not advanced, more fragments to send");
wolfSSL 15:117db924cf7c 11492 }
wolfSSL 15:117db924cf7c 11493 }
wolfSSL 15:117db924cf7c 11494 else {
wolfSSL 15:117db924cf7c 11495 WOLFSSL_ERROR(ssl->error);
wolfSSL 15:117db924cf7c 11496 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 11497 }
wolfSSL 15:117db924cf7c 11498 }
wolfSSL 15:117db924cf7c 11499
wolfSSL 15:117db924cf7c 11500 switch (ssl->options.connectState) {
wolfSSL 15:117db924cf7c 11501
wolfSSL 15:117db924cf7c 11502 case CONNECT_BEGIN :
wolfSSL 15:117db924cf7c 11503 /* always send client hello first */
wolfSSL 15:117db924cf7c 11504 if ( (ssl->error = SendClientHello(ssl)) != 0) {
wolfSSL 15:117db924cf7c 11505 WOLFSSL_ERROR(ssl->error);
wolfSSL 15:117db924cf7c 11506 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 11507 }
wolfSSL 15:117db924cf7c 11508 ssl->options.connectState = CLIENT_HELLO_SENT;
wolfSSL 15:117db924cf7c 11509 WOLFSSL_MSG("connect state: CLIENT_HELLO_SENT");
wolfSSL 15:117db924cf7c 11510 FALL_THROUGH;
wolfSSL 15:117db924cf7c 11511
wolfSSL 15:117db924cf7c 11512 case CLIENT_HELLO_SENT :
wolfSSL 15:117db924cf7c 11513 neededState = ssl->options.resuming ? SERVER_FINISHED_COMPLETE :
wolfSSL 15:117db924cf7c 11514 SERVER_HELLODONE_COMPLETE;
wolfSSL 15:117db924cf7c 11515 #ifdef WOLFSSL_DTLS
wolfSSL 15:117db924cf7c 11516 /* In DTLS, when resuming, we can go straight to FINISHED,
wolfSSL 15:117db924cf7c 11517 * or do a cookie exchange and then skip to FINISHED, assume
wolfSSL 15:117db924cf7c 11518 * we need the cookie exchange first. */
wolfSSL 15:117db924cf7c 11519 if (IsDtlsNotSctpMode(ssl))
wolfSSL 15:117db924cf7c 11520 neededState = SERVER_HELLOVERIFYREQUEST_COMPLETE;
wolfSSL 15:117db924cf7c 11521 #endif
wolfSSL 15:117db924cf7c 11522 /* get response */
wolfSSL 15:117db924cf7c 11523 while (ssl->options.serverState < neededState) {
wolfSSL 15:117db924cf7c 11524 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 11525 if (ssl->options.tls1_3)
wolfSSL 15:117db924cf7c 11526 return wolfSSL_connect_TLSv13(ssl);
wolfSSL 15:117db924cf7c 11527 #endif
wolfSSL 15:117db924cf7c 11528 if ( (ssl->error = ProcessReply(ssl)) < 0) {
wolfSSL 15:117db924cf7c 11529 WOLFSSL_ERROR(ssl->error);
wolfSSL 15:117db924cf7c 11530 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 11531 }
wolfSSL 15:117db924cf7c 11532 /* if resumption failed, reset needed state */
wolfSSL 15:117db924cf7c 11533 else if (neededState == SERVER_FINISHED_COMPLETE)
wolfSSL 15:117db924cf7c 11534 if (!ssl->options.resuming) {
wolfSSL 15:117db924cf7c 11535 if (!IsDtlsNotSctpMode(ssl))
wolfSSL 15:117db924cf7c 11536 neededState = SERVER_HELLODONE_COMPLETE;
wolfSSL 15:117db924cf7c 11537 else
wolfSSL 15:117db924cf7c 11538 neededState = SERVER_HELLOVERIFYREQUEST_COMPLETE;
wolfSSL 15:117db924cf7c 11539 }
wolfSSL 15:117db924cf7c 11540 }
wolfSSL 15:117db924cf7c 11541
wolfSSL 15:117db924cf7c 11542 ssl->options.connectState = HELLO_AGAIN;
wolfSSL 15:117db924cf7c 11543 WOLFSSL_MSG("connect state: HELLO_AGAIN");
wolfSSL 15:117db924cf7c 11544 FALL_THROUGH;
wolfSSL 15:117db924cf7c 11545
wolfSSL 15:117db924cf7c 11546 case HELLO_AGAIN :
wolfSSL 15:117db924cf7c 11547 if (ssl->options.certOnly)
wolfSSL 15:117db924cf7c 11548 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 11549
wolfSSL 15:117db924cf7c 11550 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 11551 if (ssl->options.tls1_3)
wolfSSL 15:117db924cf7c 11552 return wolfSSL_connect_TLSv13(ssl);
wolfSSL 15:117db924cf7c 11553 #endif
wolfSSL 15:117db924cf7c 11554
wolfSSL 15:117db924cf7c 11555 #ifdef WOLFSSL_DTLS
wolfSSL 16:8e0d178b1d1e 11556 if (ssl->options.serverState ==
wolfSSL 16:8e0d178b1d1e 11557 SERVER_HELLOVERIFYREQUEST_COMPLETE) {
wolfSSL 15:117db924cf7c 11558 if (IsDtlsNotSctpMode(ssl)) {
wolfSSL 15:117db924cf7c 11559 /* re-init hashes, exclude first hello and verify request */
wolfSSL 15:117db924cf7c 11560 if ((ssl->error = InitHandshakeHashes(ssl)) != 0) {
wolfSSL 15:117db924cf7c 11561 WOLFSSL_ERROR(ssl->error);
wolfSSL 15:117db924cf7c 11562 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 11563 }
wolfSSL 15:117db924cf7c 11564 if ( (ssl->error = SendClientHello(ssl)) != 0) {
wolfSSL 15:117db924cf7c 11565 WOLFSSL_ERROR(ssl->error);
wolfSSL 15:117db924cf7c 11566 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 11567 }
wolfSSL 15:117db924cf7c 11568 }
wolfSSL 16:8e0d178b1d1e 11569 }
wolfSSL 15:117db924cf7c 11570 #endif
wolfSSL 15:117db924cf7c 11571
wolfSSL 15:117db924cf7c 11572 ssl->options.connectState = HELLO_AGAIN_REPLY;
wolfSSL 15:117db924cf7c 11573 WOLFSSL_MSG("connect state: HELLO_AGAIN_REPLY");
wolfSSL 15:117db924cf7c 11574 FALL_THROUGH;
wolfSSL 15:117db924cf7c 11575
wolfSSL 15:117db924cf7c 11576 case HELLO_AGAIN_REPLY :
wolfSSL 15:117db924cf7c 11577 #ifdef WOLFSSL_DTLS
wolfSSL 15:117db924cf7c 11578 if (IsDtlsNotSctpMode(ssl)) {
wolfSSL 15:117db924cf7c 11579 neededState = ssl->options.resuming ?
wolfSSL 15:117db924cf7c 11580 SERVER_FINISHED_COMPLETE : SERVER_HELLODONE_COMPLETE;
wolfSSL 15:117db924cf7c 11581
wolfSSL 15:117db924cf7c 11582 /* get response */
wolfSSL 15:117db924cf7c 11583 while (ssl->options.serverState < neededState) {
wolfSSL 15:117db924cf7c 11584 if ( (ssl->error = ProcessReply(ssl)) < 0) {
wolfSSL 15:117db924cf7c 11585 WOLFSSL_ERROR(ssl->error);
wolfSSL 15:117db924cf7c 11586 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 11587 }
wolfSSL 15:117db924cf7c 11588 /* if resumption failed, reset needed state */
wolfSSL 15:117db924cf7c 11589 if (neededState == SERVER_FINISHED_COMPLETE) {
wolfSSL 15:117db924cf7c 11590 if (!ssl->options.resuming)
wolfSSL 15:117db924cf7c 11591 neededState = SERVER_HELLODONE_COMPLETE;
wolfSSL 15:117db924cf7c 11592 }
wolfSSL 15:117db924cf7c 11593 }
wolfSSL 15:117db924cf7c 11594 }
wolfSSL 15:117db924cf7c 11595 #endif
wolfSSL 15:117db924cf7c 11596
wolfSSL 15:117db924cf7c 11597 ssl->options.connectState = FIRST_REPLY_DONE;
wolfSSL 15:117db924cf7c 11598 WOLFSSL_MSG("connect state: FIRST_REPLY_DONE");
wolfSSL 15:117db924cf7c 11599 FALL_THROUGH;
wolfSSL 15:117db924cf7c 11600
wolfSSL 15:117db924cf7c 11601 case FIRST_REPLY_DONE :
wolfSSL 15:117db924cf7c 11602 #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_CLIENT_AUTH)
wolfSSL 15:117db924cf7c 11603 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 11604 if (ssl->options.tls1_3)
wolfSSL 15:117db924cf7c 11605 return wolfSSL_connect_TLSv13(ssl);
wolfSSL 15:117db924cf7c 11606 #endif
wolfSSL 15:117db924cf7c 11607 if (ssl->options.sendVerify) {
wolfSSL 15:117db924cf7c 11608 if ( (ssl->error = SendCertificate(ssl)) != 0) {
wolfSSL 15:117db924cf7c 11609 WOLFSSL_ERROR(ssl->error);
wolfSSL 15:117db924cf7c 11610 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 11611 }
wolfSSL 15:117db924cf7c 11612 WOLFSSL_MSG("sent: certificate");
wolfSSL 15:117db924cf7c 11613 }
wolfSSL 15:117db924cf7c 11614
wolfSSL 15:117db924cf7c 11615 #endif
wolfSSL 15:117db924cf7c 11616 ssl->options.connectState = FIRST_REPLY_FIRST;
wolfSSL 15:117db924cf7c 11617 WOLFSSL_MSG("connect state: FIRST_REPLY_FIRST");
wolfSSL 15:117db924cf7c 11618 FALL_THROUGH;
wolfSSL 15:117db924cf7c 11619
wolfSSL 15:117db924cf7c 11620 case FIRST_REPLY_FIRST :
wolfSSL 15:117db924cf7c 11621 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 11622 if (ssl->options.tls1_3)
wolfSSL 15:117db924cf7c 11623 return wolfSSL_connect_TLSv13(ssl);
wolfSSL 15:117db924cf7c 11624 #endif
wolfSSL 15:117db924cf7c 11625 if (!ssl->options.resuming) {
wolfSSL 15:117db924cf7c 11626 if ( (ssl->error = SendClientKeyExchange(ssl)) != 0) {
wolfSSL 15:117db924cf7c 11627 WOLFSSL_ERROR(ssl->error);
wolfSSL 15:117db924cf7c 11628 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 11629 }
wolfSSL 15:117db924cf7c 11630 WOLFSSL_MSG("sent: client key exchange");
wolfSSL 15:117db924cf7c 11631 }
wolfSSL 15:117db924cf7c 11632
wolfSSL 15:117db924cf7c 11633 ssl->options.connectState = FIRST_REPLY_SECOND;
wolfSSL 15:117db924cf7c 11634 WOLFSSL_MSG("connect state: FIRST_REPLY_SECOND");
wolfSSL 15:117db924cf7c 11635 FALL_THROUGH;
wolfSSL 15:117db924cf7c 11636
wolfSSL 15:117db924cf7c 11637 case FIRST_REPLY_SECOND :
wolfSSL 15:117db924cf7c 11638 #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_CLIENT_AUTH)
wolfSSL 15:117db924cf7c 11639 if (ssl->options.sendVerify) {
wolfSSL 15:117db924cf7c 11640 if ( (ssl->error = SendCertificateVerify(ssl)) != 0) {
wolfSSL 15:117db924cf7c 11641 WOLFSSL_ERROR(ssl->error);
wolfSSL 15:117db924cf7c 11642 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 11643 }
wolfSSL 15:117db924cf7c 11644 WOLFSSL_MSG("sent: certificate verify");
wolfSSL 15:117db924cf7c 11645 }
wolfSSL 15:117db924cf7c 11646 #endif /* !NO_CERTS && !WOLFSSL_NO_CLIENT_AUTH */
wolfSSL 15:117db924cf7c 11647 ssl->options.connectState = FIRST_REPLY_THIRD;
wolfSSL 15:117db924cf7c 11648 WOLFSSL_MSG("connect state: FIRST_REPLY_THIRD");
wolfSSL 15:117db924cf7c 11649 FALL_THROUGH;
wolfSSL 15:117db924cf7c 11650
wolfSSL 15:117db924cf7c 11651 case FIRST_REPLY_THIRD :
wolfSSL 15:117db924cf7c 11652 if ( (ssl->error = SendChangeCipher(ssl)) != 0) {
wolfSSL 15:117db924cf7c 11653 WOLFSSL_ERROR(ssl->error);
wolfSSL 15:117db924cf7c 11654 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 11655 }
wolfSSL 15:117db924cf7c 11656 WOLFSSL_MSG("sent: change cipher spec");
wolfSSL 15:117db924cf7c 11657 ssl->options.connectState = FIRST_REPLY_FOURTH;
wolfSSL 15:117db924cf7c 11658 WOLFSSL_MSG("connect state: FIRST_REPLY_FOURTH");
wolfSSL 15:117db924cf7c 11659 FALL_THROUGH;
wolfSSL 15:117db924cf7c 11660
wolfSSL 15:117db924cf7c 11661 case FIRST_REPLY_FOURTH :
wolfSSL 15:117db924cf7c 11662 if ( (ssl->error = SendFinished(ssl)) != 0) {
wolfSSL 15:117db924cf7c 11663 WOLFSSL_ERROR(ssl->error);
wolfSSL 15:117db924cf7c 11664 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 11665 }
wolfSSL 15:117db924cf7c 11666 WOLFSSL_MSG("sent: finished");
wolfSSL 15:117db924cf7c 11667 ssl->options.connectState = FINISHED_DONE;
wolfSSL 15:117db924cf7c 11668 WOLFSSL_MSG("connect state: FINISHED_DONE");
wolfSSL 15:117db924cf7c 11669 FALL_THROUGH;
wolfSSL 15:117db924cf7c 11670
wolfSSL 15:117db924cf7c 11671 case FINISHED_DONE :
wolfSSL 15:117db924cf7c 11672 /* get response */
wolfSSL 15:117db924cf7c 11673 while (ssl->options.serverState < SERVER_FINISHED_COMPLETE)
wolfSSL 15:117db924cf7c 11674 if ( (ssl->error = ProcessReply(ssl)) < 0) {
wolfSSL 15:117db924cf7c 11675 WOLFSSL_ERROR(ssl->error);
wolfSSL 15:117db924cf7c 11676 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 11677 }
wolfSSL 15:117db924cf7c 11678
wolfSSL 15:117db924cf7c 11679 ssl->options.connectState = SECOND_REPLY_DONE;
wolfSSL 15:117db924cf7c 11680 WOLFSSL_MSG("connect state: SECOND_REPLY_DONE");
wolfSSL 15:117db924cf7c 11681 FALL_THROUGH;
wolfSSL 15:117db924cf7c 11682
wolfSSL 15:117db924cf7c 11683 case SECOND_REPLY_DONE:
wolfSSL 15:117db924cf7c 11684 #ifndef NO_HANDSHAKE_DONE_CB
wolfSSL 15:117db924cf7c 11685 if (ssl->hsDoneCb) {
wolfSSL 15:117db924cf7c 11686 int cbret = ssl->hsDoneCb(ssl, ssl->hsDoneCtx);
wolfSSL 15:117db924cf7c 11687 if (cbret < 0) {
wolfSSL 15:117db924cf7c 11688 ssl->error = cbret;
wolfSSL 15:117db924cf7c 11689 WOLFSSL_MSG("HandShake Done Cb don't continue error");
wolfSSL 15:117db924cf7c 11690 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 11691 }
wolfSSL 15:117db924cf7c 11692 }
wolfSSL 15:117db924cf7c 11693 #endif /* NO_HANDSHAKE_DONE_CB */
wolfSSL 15:117db924cf7c 11694
wolfSSL 15:117db924cf7c 11695 if (!ssl->options.dtls) {
wolfSSL 15:117db924cf7c 11696 if (!ssl->options.keepResources) {
wolfSSL 15:117db924cf7c 11697 FreeHandshakeResources(ssl);
wolfSSL 15:117db924cf7c 11698 }
wolfSSL 15:117db924cf7c 11699 }
wolfSSL 15:117db924cf7c 11700 #ifdef WOLFSSL_DTLS
wolfSSL 15:117db924cf7c 11701 else {
wolfSSL 15:117db924cf7c 11702 ssl->options.dtlsHsRetain = 1;
wolfSSL 15:117db924cf7c 11703 }
wolfSSL 15:117db924cf7c 11704 #endif /* WOLFSSL_DTLS */
wolfSSL 15:117db924cf7c 11705
wolfSSL 15:117db924cf7c 11706 WOLFSSL_LEAVE("SSL_connect()", WOLFSSL_SUCCESS);
wolfSSL 15:117db924cf7c 11707 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 11708
wolfSSL 15:117db924cf7c 11709 default:
wolfSSL 15:117db924cf7c 11710 WOLFSSL_MSG("Unknown connect state ERROR");
wolfSSL 15:117db924cf7c 11711 return WOLFSSL_FATAL_ERROR; /* unknown connect state */
wolfSSL 15:117db924cf7c 11712 }
wolfSSL 15:117db924cf7c 11713 #endif /* !WOLFSSL_NO_TLS12 */
wolfSSL 15:117db924cf7c 11714 }
wolfSSL 15:117db924cf7c 11715
wolfSSL 15:117db924cf7c 11716 #endif /* NO_WOLFSSL_CLIENT */
wolfSSL 15:117db924cf7c 11717
wolfSSL 15:117db924cf7c 11718
wolfSSL 15:117db924cf7c 11719 /* server only parts */
wolfSSL 15:117db924cf7c 11720 #ifndef NO_WOLFSSL_SERVER
wolfSSL 15:117db924cf7c 11721
wolfSSL 16:8e0d178b1d1e 11722 #ifdef OPENSSL_EXTRA
wolfSSL 16:8e0d178b1d1e 11723 WOLFSSL_METHOD* wolfSSLv2_server_method(void)
wolfSSL 16:8e0d178b1d1e 11724 {
wolfSSL 16:8e0d178b1d1e 11725 WOLFSSL_STUB("wolfSSLv2_server_method");
wolfSSL 16:8e0d178b1d1e 11726 return 0;
wolfSSL 16:8e0d178b1d1e 11727 }
wolfSSL 16:8e0d178b1d1e 11728 #endif
wolfSSL 16:8e0d178b1d1e 11729
wolfSSL 16:8e0d178b1d1e 11730 #ifdef WOLFSSL_ALLOW_SSLV3
wolfSSL 15:117db924cf7c 11731 WOLFSSL_METHOD* wolfSSLv3_server_method(void)
wolfSSL 15:117db924cf7c 11732 {
wolfSSL 15:117db924cf7c 11733 return wolfSSLv3_server_method_ex(NULL);
wolfSSL 15:117db924cf7c 11734 }
wolfSSL 15:117db924cf7c 11735 WOLFSSL_METHOD* wolfSSLv3_server_method_ex(void* heap)
wolfSSL 15:117db924cf7c 11736 {
wolfSSL 15:117db924cf7c 11737 WOLFSSL_METHOD* method =
wolfSSL 15:117db924cf7c 11738 (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD),
wolfSSL 15:117db924cf7c 11739 heap, DYNAMIC_TYPE_METHOD);
wolfSSL 16:8e0d178b1d1e 11740 (void)heap;
wolfSSL 15:117db924cf7c 11741 WOLFSSL_ENTER("SSLv3_server_method_ex");
wolfSSL 15:117db924cf7c 11742 if (method) {
wolfSSL 15:117db924cf7c 11743 InitSSL_Method(method, MakeSSLv3());
wolfSSL 15:117db924cf7c 11744 method->side = WOLFSSL_SERVER_END;
wolfSSL 15:117db924cf7c 11745 }
wolfSSL 15:117db924cf7c 11746 return method;
wolfSSL 15:117db924cf7c 11747 }
wolfSSL 16:8e0d178b1d1e 11748 #endif /* WOLFSSL_ALLOW_SSLV3 */
wolfSSL 16:8e0d178b1d1e 11749
wolfSSL 16:8e0d178b1d1e 11750 WOLFSSL_METHOD* wolfSSLv23_server_method(void)
wolfSSL 16:8e0d178b1d1e 11751 {
wolfSSL 16:8e0d178b1d1e 11752 return wolfSSLv23_server_method_ex(NULL);
wolfSSL 16:8e0d178b1d1e 11753 }
wolfSSL 16:8e0d178b1d1e 11754
wolfSSL 16:8e0d178b1d1e 11755 WOLFSSL_METHOD* wolfSSLv23_server_method_ex(void* heap)
wolfSSL 16:8e0d178b1d1e 11756 {
wolfSSL 16:8e0d178b1d1e 11757 WOLFSSL_METHOD* method =
wolfSSL 15:117db924cf7c 11758 (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD),
wolfSSL 15:117db924cf7c 11759 heap, DYNAMIC_TYPE_METHOD);
wolfSSL 16:8e0d178b1d1e 11760 (void)heap;
wolfSSL 16:8e0d178b1d1e 11761 WOLFSSL_ENTER("SSLv23_server_method_ex");
wolfSSL 16:8e0d178b1d1e 11762 if (method) {
wolfSSL 16:8e0d178b1d1e 11763 #if !defined(NO_SHA256) || defined(WOLFSSL_SHA384) || defined(WOLFSSL_SHA512)
wolfSSL 16:8e0d178b1d1e 11764 #ifdef WOLFSSL_TLS13
wolfSSL 16:8e0d178b1d1e 11765 InitSSL_Method(method, MakeTLSv1_3());
wolfSSL 16:8e0d178b1d1e 11766 #elif !defined(WOLFSSL_NO_TLS12)
wolfSSL 16:8e0d178b1d1e 11767 InitSSL_Method(method, MakeTLSv1_2());
wolfSSL 16:8e0d178b1d1e 11768 #elif !defined(NO_OLD_TLS)
wolfSSL 16:8e0d178b1d1e 11769 InitSSL_Method(method, MakeTLSv1_1());
wolfSSL 16:8e0d178b1d1e 11770 #endif
wolfSSL 16:8e0d178b1d1e 11771 #else
wolfSSL 16:8e0d178b1d1e 11772 #ifndef NO_OLD_TLS
wolfSSL 16:8e0d178b1d1e 11773 InitSSL_Method(method, MakeTLSv1_1());
wolfSSL 16:8e0d178b1d1e 11774 #else
wolfSSL 16:8e0d178b1d1e 11775 #error Must have SHA256, SHA384 or SHA512 enabled for TLS 1.2
wolfSSL 16:8e0d178b1d1e 11776 #endif
wolfSSL 16:8e0d178b1d1e 11777 #endif
wolfSSL 16:8e0d178b1d1e 11778 #if !defined(NO_OLD_TLS) || defined(WOLFSSL_TLS13)
wolfSSL 16:8e0d178b1d1e 11779 method->downgrade = 1;
wolfSSL 16:8e0d178b1d1e 11780 #endif
wolfSSL 16:8e0d178b1d1e 11781 method->side = WOLFSSL_SERVER_END;
wolfSSL 16:8e0d178b1d1e 11782 }
wolfSSL 16:8e0d178b1d1e 11783 return method;
wolfSSL 16:8e0d178b1d1e 11784 }
wolfSSL 15:117db924cf7c 11785
wolfSSL 15:117db924cf7c 11786
wolfSSL 15:117db924cf7c 11787 int wolfSSL_accept(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 11788 {
wolfSSL 16:8e0d178b1d1e 11789 #if !(defined(WOLFSSL_NO_TLS12) && defined(NO_OLD_TLS) && defined(WOLFSSL_TLS13))
wolfSSL 15:117db924cf7c 11790 word16 havePSK = 0;
wolfSSL 15:117db924cf7c 11791 word16 haveAnon = 0;
wolfSSL 15:117db924cf7c 11792 word16 haveMcast = 0;
wolfSSL 15:117db924cf7c 11793 #endif
wolfSSL 15:117db924cf7c 11794
wolfSSL 16:8e0d178b1d1e 11795 if (ssl == NULL)
wolfSSL 16:8e0d178b1d1e 11796 return WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 11797
wolfSSL 16:8e0d178b1d1e 11798 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)
wolfSSL 16:8e0d178b1d1e 11799 if (ssl->options.side == WOLFSSL_NEITHER_END) {
wolfSSL 16:8e0d178b1d1e 11800 WOLFSSL_MSG("Setting WOLFSSL_SSL to be server side");
wolfSSL 16:8e0d178b1d1e 11801 ssl->error = InitSSL_Side(ssl, WOLFSSL_SERVER_END);
wolfSSL 16:8e0d178b1d1e 11802 if (ssl->error != WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 11803 WOLFSSL_ERROR(ssl->error);
wolfSSL 16:8e0d178b1d1e 11804 return WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 11805 }
wolfSSL 16:8e0d178b1d1e 11806 ssl->error = 0; /* expected to be zero here */
wolfSSL 16:8e0d178b1d1e 11807 }
wolfSSL 16:8e0d178b1d1e 11808 #endif /* OPENSSL_EXTRA || WOLFSSL_EITHER_SIDE */
wolfSSL 16:8e0d178b1d1e 11809
wolfSSL 16:8e0d178b1d1e 11810 #if defined(WOLFSSL_NO_TLS12) && defined(NO_OLD_TLS) && defined(WOLFSSL_TLS13)
wolfSSL 15:117db924cf7c 11811 return wolfSSL_accept_TLSv13(ssl);
wolfSSL 15:117db924cf7c 11812 #else
wolfSSL 15:117db924cf7c 11813 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 11814 if (ssl->options.tls1_3)
wolfSSL 15:117db924cf7c 11815 return wolfSSL_accept_TLSv13(ssl);
wolfSSL 15:117db924cf7c 11816 #endif
wolfSSL 15:117db924cf7c 11817 WOLFSSL_ENTER("SSL_accept()");
wolfSSL 15:117db924cf7c 11818
wolfSSL 15:117db924cf7c 11819 #ifdef HAVE_ERRNO_H
wolfSSL 15:117db924cf7c 11820 errno = 0;
wolfSSL 15:117db924cf7c 11821 #endif
wolfSSL 15:117db924cf7c 11822
wolfSSL 15:117db924cf7c 11823 #ifndef NO_PSK
wolfSSL 15:117db924cf7c 11824 havePSK = ssl->options.havePSK;
wolfSSL 15:117db924cf7c 11825 #endif
wolfSSL 15:117db924cf7c 11826 (void)havePSK;
wolfSSL 15:117db924cf7c 11827
wolfSSL 15:117db924cf7c 11828 #ifdef HAVE_ANON
wolfSSL 15:117db924cf7c 11829 haveAnon = ssl->options.haveAnon;
wolfSSL 15:117db924cf7c 11830 #endif
wolfSSL 15:117db924cf7c 11831 (void)haveAnon;
wolfSSL 15:117db924cf7c 11832
wolfSSL 15:117db924cf7c 11833 #ifdef WOLFSSL_MULTICAST
wolfSSL 15:117db924cf7c 11834 haveMcast = ssl->options.haveMcast;
wolfSSL 15:117db924cf7c 11835 #endif
wolfSSL 15:117db924cf7c 11836 (void)haveMcast;
wolfSSL 15:117db924cf7c 11837
wolfSSL 15:117db924cf7c 11838 if (ssl->options.side != WOLFSSL_SERVER_END) {
wolfSSL 15:117db924cf7c 11839 WOLFSSL_ERROR(ssl->error = SIDE_ERROR);
wolfSSL 15:117db924cf7c 11840 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 11841 }
wolfSSL 15:117db924cf7c 11842
wolfSSL 15:117db924cf7c 11843 #ifndef NO_CERTS
wolfSSL 15:117db924cf7c 11844 /* in case used set_accept_state after init */
wolfSSL 15:117db924cf7c 11845 /* allow no private key if using PK callbacks and CB is set */
wolfSSL 15:117db924cf7c 11846 if (!havePSK && !haveAnon && !haveMcast) {
wolfSSL 15:117db924cf7c 11847 if (!ssl->buffers.certificate ||
wolfSSL 15:117db924cf7c 11848 !ssl->buffers.certificate->buffer) {
wolfSSL 15:117db924cf7c 11849
wolfSSL 15:117db924cf7c 11850 WOLFSSL_MSG("accept error: server cert required");
wolfSSL 15:117db924cf7c 11851 WOLFSSL_ERROR(ssl->error = NO_PRIVATE_KEY);
wolfSSL 15:117db924cf7c 11852 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 11853 }
wolfSSL 15:117db924cf7c 11854
wolfSSL 15:117db924cf7c 11855 #ifdef HAVE_PK_CALLBACKS
wolfSSL 15:117db924cf7c 11856 if (wolfSSL_CTX_IsPrivatePkSet(ssl->ctx)) {
wolfSSL 15:117db924cf7c 11857 WOLFSSL_MSG("Using PK for server private key");
wolfSSL 15:117db924cf7c 11858 }
wolfSSL 15:117db924cf7c 11859 else
wolfSSL 15:117db924cf7c 11860 #endif
wolfSSL 15:117db924cf7c 11861 if (!ssl->buffers.key || !ssl->buffers.key->buffer) {
wolfSSL 15:117db924cf7c 11862 WOLFSSL_MSG("accept error: server key required");
wolfSSL 15:117db924cf7c 11863 WOLFSSL_ERROR(ssl->error = NO_PRIVATE_KEY);
wolfSSL 15:117db924cf7c 11864 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 11865 }
wolfSSL 15:117db924cf7c 11866 }
wolfSSL 15:117db924cf7c 11867 #endif
wolfSSL 15:117db924cf7c 11868
wolfSSL 15:117db924cf7c 11869 #ifdef WOLFSSL_DTLS
wolfSSL 15:117db924cf7c 11870 if (ssl->version.major == DTLS_MAJOR) {
wolfSSL 15:117db924cf7c 11871 ssl->options.dtls = 1;
wolfSSL 15:117db924cf7c 11872 ssl->options.tls = 1;
wolfSSL 15:117db924cf7c 11873 ssl->options.tls1_1 = 1;
wolfSSL 15:117db924cf7c 11874 }
wolfSSL 15:117db924cf7c 11875 #endif
wolfSSL 15:117db924cf7c 11876
wolfSSL 16:8e0d178b1d1e 11877 if (ssl->buffers.outputBuffer.length > 0
wolfSSL 16:8e0d178b1d1e 11878 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 16:8e0d178b1d1e 11879 /* do not send buffered or advance state if last error was an
wolfSSL 16:8e0d178b1d1e 11880 async pending operation */
wolfSSL 16:8e0d178b1d1e 11881 && ssl->error != WC_PENDING_E
wolfSSL 16:8e0d178b1d1e 11882 #endif
wolfSSL 16:8e0d178b1d1e 11883 ) {
wolfSSL 15:117db924cf7c 11884 if ( (ssl->error = SendBuffered(ssl)) == 0) {
wolfSSL 15:117db924cf7c 11885 /* fragOffset is non-zero when sending fragments. On the last
wolfSSL 15:117db924cf7c 11886 * fragment, fragOffset is zero again, and the state can be
wolfSSL 15:117db924cf7c 11887 * advanced. */
wolfSSL 15:117db924cf7c 11888 if (ssl->fragOffset == 0) {
wolfSSL 15:117db924cf7c 11889 ssl->options.acceptState++;
wolfSSL 15:117db924cf7c 11890 WOLFSSL_MSG("accept state: "
wolfSSL 15:117db924cf7c 11891 "Advanced from last buffered fragment send");
wolfSSL 15:117db924cf7c 11892 }
wolfSSL 15:117db924cf7c 11893 else {
wolfSSL 15:117db924cf7c 11894 WOLFSSL_MSG("accept state: "
wolfSSL 15:117db924cf7c 11895 "Not advanced, more fragments to send");
wolfSSL 15:117db924cf7c 11896 }
wolfSSL 15:117db924cf7c 11897 }
wolfSSL 15:117db924cf7c 11898 else {
wolfSSL 15:117db924cf7c 11899 WOLFSSL_ERROR(ssl->error);
wolfSSL 15:117db924cf7c 11900 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 11901 }
wolfSSL 15:117db924cf7c 11902 }
wolfSSL 15:117db924cf7c 11903
wolfSSL 15:117db924cf7c 11904 switch (ssl->options.acceptState) {
wolfSSL 15:117db924cf7c 11905
wolfSSL 15:117db924cf7c 11906 case ACCEPT_BEGIN :
wolfSSL 16:8e0d178b1d1e 11907 #ifdef HAVE_SECURE_RENEGOTIATION
wolfSSL 16:8e0d178b1d1e 11908 case ACCEPT_BEGIN_RENEG:
wolfSSL 16:8e0d178b1d1e 11909 #endif
wolfSSL 15:117db924cf7c 11910 /* get response */
wolfSSL 15:117db924cf7c 11911 while (ssl->options.clientState < CLIENT_HELLO_COMPLETE)
wolfSSL 15:117db924cf7c 11912 if ( (ssl->error = ProcessReply(ssl)) < 0) {
wolfSSL 15:117db924cf7c 11913 WOLFSSL_ERROR(ssl->error);
wolfSSL 15:117db924cf7c 11914 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 11915 }
wolfSSL 15:117db924cf7c 11916 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 11917 ssl->options.acceptState = ACCEPT_CLIENT_HELLO_DONE;
wolfSSL 15:117db924cf7c 11918 WOLFSSL_MSG("accept state ACCEPT_CLIENT_HELLO_DONE");
wolfSSL 15:117db924cf7c 11919 FALL_THROUGH;
wolfSSL 15:117db924cf7c 11920
wolfSSL 15:117db924cf7c 11921 case ACCEPT_CLIENT_HELLO_DONE :
wolfSSL 15:117db924cf7c 11922 if (ssl->options.tls1_3) {
wolfSSL 15:117db924cf7c 11923 return wolfSSL_accept_TLSv13(ssl);
wolfSSL 15:117db924cf7c 11924 }
wolfSSL 15:117db924cf7c 11925 #endif
wolfSSL 15:117db924cf7c 11926 ssl->options.acceptState = ACCEPT_FIRST_REPLY_DONE;
wolfSSL 15:117db924cf7c 11927 WOLFSSL_MSG("accept state ACCEPT_FIRST_REPLY_DONE");
wolfSSL 15:117db924cf7c 11928 FALL_THROUGH;
wolfSSL 15:117db924cf7c 11929
wolfSSL 15:117db924cf7c 11930 case ACCEPT_FIRST_REPLY_DONE :
wolfSSL 15:117db924cf7c 11931 if ( (ssl->error = SendServerHello(ssl)) != 0) {
wolfSSL 15:117db924cf7c 11932 WOLFSSL_ERROR(ssl->error);
wolfSSL 15:117db924cf7c 11933 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 11934 }
wolfSSL 15:117db924cf7c 11935 ssl->options.acceptState = SERVER_HELLO_SENT;
wolfSSL 15:117db924cf7c 11936 WOLFSSL_MSG("accept state SERVER_HELLO_SENT");
wolfSSL 15:117db924cf7c 11937 FALL_THROUGH;
wolfSSL 15:117db924cf7c 11938
wolfSSL 15:117db924cf7c 11939 case SERVER_HELLO_SENT :
wolfSSL 15:117db924cf7c 11940 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 11941 if (ssl->options.tls1_3) {
wolfSSL 15:117db924cf7c 11942 return wolfSSL_accept_TLSv13(ssl);
wolfSSL 15:117db924cf7c 11943 }
wolfSSL 15:117db924cf7c 11944 #endif
wolfSSL 15:117db924cf7c 11945 #ifndef NO_CERTS
wolfSSL 15:117db924cf7c 11946 if (!ssl->options.resuming)
wolfSSL 15:117db924cf7c 11947 if ( (ssl->error = SendCertificate(ssl)) != 0) {
wolfSSL 15:117db924cf7c 11948 WOLFSSL_ERROR(ssl->error);
wolfSSL 15:117db924cf7c 11949 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 11950 }
wolfSSL 15:117db924cf7c 11951 #endif
wolfSSL 15:117db924cf7c 11952 ssl->options.acceptState = CERT_SENT;
wolfSSL 15:117db924cf7c 11953 WOLFSSL_MSG("accept state CERT_SENT");
wolfSSL 15:117db924cf7c 11954 FALL_THROUGH;
wolfSSL 15:117db924cf7c 11955
wolfSSL 15:117db924cf7c 11956 case CERT_SENT :
wolfSSL 15:117db924cf7c 11957 #ifndef NO_CERTS
wolfSSL 15:117db924cf7c 11958 if (!ssl->options.resuming)
wolfSSL 15:117db924cf7c 11959 if ( (ssl->error = SendCertificateStatus(ssl)) != 0) {
wolfSSL 15:117db924cf7c 11960 WOLFSSL_ERROR(ssl->error);
wolfSSL 15:117db924cf7c 11961 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 11962 }
wolfSSL 15:117db924cf7c 11963 #endif
wolfSSL 15:117db924cf7c 11964 ssl->options.acceptState = CERT_STATUS_SENT;
wolfSSL 15:117db924cf7c 11965 WOLFSSL_MSG("accept state CERT_STATUS_SENT");
wolfSSL 15:117db924cf7c 11966 FALL_THROUGH;
wolfSSL 15:117db924cf7c 11967
wolfSSL 15:117db924cf7c 11968 case CERT_STATUS_SENT :
wolfSSL 15:117db924cf7c 11969 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 11970 if (ssl->options.tls1_3) {
wolfSSL 15:117db924cf7c 11971 return wolfSSL_accept_TLSv13(ssl);
wolfSSL 15:117db924cf7c 11972 }
wolfSSL 15:117db924cf7c 11973 #endif
wolfSSL 15:117db924cf7c 11974 if (!ssl->options.resuming)
wolfSSL 15:117db924cf7c 11975 if ( (ssl->error = SendServerKeyExchange(ssl)) != 0) {
wolfSSL 15:117db924cf7c 11976 WOLFSSL_ERROR(ssl->error);
wolfSSL 15:117db924cf7c 11977 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 11978 }
wolfSSL 15:117db924cf7c 11979 ssl->options.acceptState = KEY_EXCHANGE_SENT;
wolfSSL 15:117db924cf7c 11980 WOLFSSL_MSG("accept state KEY_EXCHANGE_SENT");
wolfSSL 15:117db924cf7c 11981 FALL_THROUGH;
wolfSSL 15:117db924cf7c 11982
wolfSSL 15:117db924cf7c 11983 case KEY_EXCHANGE_SENT :
wolfSSL 15:117db924cf7c 11984 #ifndef NO_CERTS
wolfSSL 15:117db924cf7c 11985 if (!ssl->options.resuming) {
wolfSSL 15:117db924cf7c 11986 if (ssl->options.verifyPeer) {
wolfSSL 15:117db924cf7c 11987 if ( (ssl->error = SendCertificateRequest(ssl)) != 0) {
wolfSSL 15:117db924cf7c 11988 WOLFSSL_ERROR(ssl->error);
wolfSSL 15:117db924cf7c 11989 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 11990 }
wolfSSL 15:117db924cf7c 11991 }
wolfSSL 15:117db924cf7c 11992 }
wolfSSL 15:117db924cf7c 11993 #endif
wolfSSL 15:117db924cf7c 11994 ssl->options.acceptState = CERT_REQ_SENT;
wolfSSL 15:117db924cf7c 11995 WOLFSSL_MSG("accept state CERT_REQ_SENT");
wolfSSL 15:117db924cf7c 11996 FALL_THROUGH;
wolfSSL 15:117db924cf7c 11997
wolfSSL 15:117db924cf7c 11998 case CERT_REQ_SENT :
wolfSSL 15:117db924cf7c 11999 if (!ssl->options.resuming)
wolfSSL 15:117db924cf7c 12000 if ( (ssl->error = SendServerHelloDone(ssl)) != 0) {
wolfSSL 15:117db924cf7c 12001 WOLFSSL_ERROR(ssl->error);
wolfSSL 15:117db924cf7c 12002 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 12003 }
wolfSSL 15:117db924cf7c 12004 ssl->options.acceptState = SERVER_HELLO_DONE;
wolfSSL 15:117db924cf7c 12005 WOLFSSL_MSG("accept state SERVER_HELLO_DONE");
wolfSSL 15:117db924cf7c 12006 FALL_THROUGH;
wolfSSL 15:117db924cf7c 12007
wolfSSL 15:117db924cf7c 12008 case SERVER_HELLO_DONE :
wolfSSL 15:117db924cf7c 12009 if (!ssl->options.resuming) {
wolfSSL 15:117db924cf7c 12010 while (ssl->options.clientState < CLIENT_FINISHED_COMPLETE)
wolfSSL 15:117db924cf7c 12011 if ( (ssl->error = ProcessReply(ssl)) < 0) {
wolfSSL 15:117db924cf7c 12012 WOLFSSL_ERROR(ssl->error);
wolfSSL 15:117db924cf7c 12013 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 12014 }
wolfSSL 15:117db924cf7c 12015 }
wolfSSL 15:117db924cf7c 12016 ssl->options.acceptState = ACCEPT_SECOND_REPLY_DONE;
wolfSSL 15:117db924cf7c 12017 WOLFSSL_MSG("accept state ACCEPT_SECOND_REPLY_DONE");
wolfSSL 15:117db924cf7c 12018 FALL_THROUGH;
wolfSSL 15:117db924cf7c 12019
wolfSSL 15:117db924cf7c 12020 case ACCEPT_SECOND_REPLY_DONE :
wolfSSL 15:117db924cf7c 12021 #ifdef HAVE_SESSION_TICKET
wolfSSL 15:117db924cf7c 12022 if (ssl->options.createTicket) {
wolfSSL 15:117db924cf7c 12023 if ( (ssl->error = SendTicket(ssl)) != 0) {
wolfSSL 15:117db924cf7c 12024 WOLFSSL_ERROR(ssl->error);
wolfSSL 15:117db924cf7c 12025 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 12026 }
wolfSSL 15:117db924cf7c 12027 }
wolfSSL 15:117db924cf7c 12028 #endif /* HAVE_SESSION_TICKET */
wolfSSL 15:117db924cf7c 12029 ssl->options.acceptState = TICKET_SENT;
wolfSSL 15:117db924cf7c 12030 WOLFSSL_MSG("accept state TICKET_SENT");
wolfSSL 15:117db924cf7c 12031 FALL_THROUGH;
wolfSSL 15:117db924cf7c 12032
wolfSSL 15:117db924cf7c 12033 case TICKET_SENT:
wolfSSL 15:117db924cf7c 12034 if ( (ssl->error = SendChangeCipher(ssl)) != 0) {
wolfSSL 15:117db924cf7c 12035 WOLFSSL_ERROR(ssl->error);
wolfSSL 15:117db924cf7c 12036 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 12037 }
wolfSSL 15:117db924cf7c 12038 ssl->options.acceptState = CHANGE_CIPHER_SENT;
wolfSSL 15:117db924cf7c 12039 WOLFSSL_MSG("accept state CHANGE_CIPHER_SENT");
wolfSSL 15:117db924cf7c 12040 FALL_THROUGH;
wolfSSL 15:117db924cf7c 12041
wolfSSL 15:117db924cf7c 12042 case CHANGE_CIPHER_SENT :
wolfSSL 15:117db924cf7c 12043 if ( (ssl->error = SendFinished(ssl)) != 0) {
wolfSSL 15:117db924cf7c 12044 WOLFSSL_ERROR(ssl->error);
wolfSSL 15:117db924cf7c 12045 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 12046 }
wolfSSL 15:117db924cf7c 12047
wolfSSL 15:117db924cf7c 12048 ssl->options.acceptState = ACCEPT_FINISHED_DONE;
wolfSSL 15:117db924cf7c 12049 WOLFSSL_MSG("accept state ACCEPT_FINISHED_DONE");
wolfSSL 15:117db924cf7c 12050 FALL_THROUGH;
wolfSSL 15:117db924cf7c 12051
wolfSSL 15:117db924cf7c 12052 case ACCEPT_FINISHED_DONE :
wolfSSL 15:117db924cf7c 12053 if (ssl->options.resuming)
wolfSSL 15:117db924cf7c 12054 while (ssl->options.clientState < CLIENT_FINISHED_COMPLETE)
wolfSSL 15:117db924cf7c 12055 if ( (ssl->error = ProcessReply(ssl)) < 0) {
wolfSSL 15:117db924cf7c 12056 WOLFSSL_ERROR(ssl->error);
wolfSSL 15:117db924cf7c 12057 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 12058 }
wolfSSL 15:117db924cf7c 12059
wolfSSL 15:117db924cf7c 12060 ssl->options.acceptState = ACCEPT_THIRD_REPLY_DONE;
wolfSSL 15:117db924cf7c 12061 WOLFSSL_MSG("accept state ACCEPT_THIRD_REPLY_DONE");
wolfSSL 15:117db924cf7c 12062 FALL_THROUGH;
wolfSSL 15:117db924cf7c 12063
wolfSSL 15:117db924cf7c 12064 case ACCEPT_THIRD_REPLY_DONE :
wolfSSL 15:117db924cf7c 12065 #ifndef NO_HANDSHAKE_DONE_CB
wolfSSL 15:117db924cf7c 12066 if (ssl->hsDoneCb) {
wolfSSL 15:117db924cf7c 12067 int cbret = ssl->hsDoneCb(ssl, ssl->hsDoneCtx);
wolfSSL 15:117db924cf7c 12068 if (cbret < 0) {
wolfSSL 15:117db924cf7c 12069 ssl->error = cbret;
wolfSSL 15:117db924cf7c 12070 WOLFSSL_MSG("HandShake Done Cb don't continue error");
wolfSSL 15:117db924cf7c 12071 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 12072 }
wolfSSL 15:117db924cf7c 12073 }
wolfSSL 15:117db924cf7c 12074 #endif /* NO_HANDSHAKE_DONE_CB */
wolfSSL 15:117db924cf7c 12075
wolfSSL 15:117db924cf7c 12076 if (!ssl->options.dtls) {
wolfSSL 15:117db924cf7c 12077 if (!ssl->options.keepResources) {
wolfSSL 15:117db924cf7c 12078 FreeHandshakeResources(ssl);
wolfSSL 15:117db924cf7c 12079 }
wolfSSL 15:117db924cf7c 12080 }
wolfSSL 15:117db924cf7c 12081 #ifdef WOLFSSL_DTLS
wolfSSL 15:117db924cf7c 12082 else {
wolfSSL 15:117db924cf7c 12083 ssl->options.dtlsHsRetain = 1;
wolfSSL 15:117db924cf7c 12084 }
wolfSSL 15:117db924cf7c 12085 #endif /* WOLFSSL_DTLS */
wolfSSL 15:117db924cf7c 12086
wolfSSL 15:117db924cf7c 12087 #ifdef WOLFSSL_SESSION_EXPORT
wolfSSL 15:117db924cf7c 12088 if (ssl->dtls_export) {
wolfSSL 15:117db924cf7c 12089 if ((ssl->error = wolfSSL_send_session(ssl)) != 0) {
wolfSSL 15:117db924cf7c 12090 WOLFSSL_MSG("Export DTLS session error");
wolfSSL 15:117db924cf7c 12091 WOLFSSL_ERROR(ssl->error);
wolfSSL 15:117db924cf7c 12092 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 12093 }
wolfSSL 15:117db924cf7c 12094 }
wolfSSL 15:117db924cf7c 12095 #endif
wolfSSL 15:117db924cf7c 12096
wolfSSL 15:117db924cf7c 12097 WOLFSSL_LEAVE("SSL_accept()", WOLFSSL_SUCCESS);
wolfSSL 15:117db924cf7c 12098 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 12099
wolfSSL 15:117db924cf7c 12100 default :
wolfSSL 15:117db924cf7c 12101 WOLFSSL_MSG("Unknown accept state ERROR");
wolfSSL 15:117db924cf7c 12102 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 12103 }
wolfSSL 15:117db924cf7c 12104 #endif /* !WOLFSSL_NO_TLS12 */
wolfSSL 15:117db924cf7c 12105 }
wolfSSL 15:117db924cf7c 12106
wolfSSL 15:117db924cf7c 12107 #endif /* NO_WOLFSSL_SERVER */
wolfSSL 15:117db924cf7c 12108
wolfSSL 15:117db924cf7c 12109
wolfSSL 15:117db924cf7c 12110 #ifndef NO_HANDSHAKE_DONE_CB
wolfSSL 15:117db924cf7c 12111
wolfSSL 15:117db924cf7c 12112 int wolfSSL_SetHsDoneCb(WOLFSSL* ssl, HandShakeDoneCb cb, void* user_ctx)
wolfSSL 15:117db924cf7c 12113 {
wolfSSL 15:117db924cf7c 12114 WOLFSSL_ENTER("wolfSSL_SetHsDoneCb");
wolfSSL 15:117db924cf7c 12115
wolfSSL 15:117db924cf7c 12116 if (ssl == NULL)
wolfSSL 15:117db924cf7c 12117 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 12118
wolfSSL 15:117db924cf7c 12119 ssl->hsDoneCb = cb;
wolfSSL 15:117db924cf7c 12120 ssl->hsDoneCtx = user_ctx;
wolfSSL 15:117db924cf7c 12121
wolfSSL 15:117db924cf7c 12122
wolfSSL 15:117db924cf7c 12123 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 12124 }
wolfSSL 15:117db924cf7c 12125
wolfSSL 15:117db924cf7c 12126 #endif /* NO_HANDSHAKE_DONE_CB */
wolfSSL 15:117db924cf7c 12127
wolfSSL 16:8e0d178b1d1e 12128 WOLFSSL_ABI
wolfSSL 15:117db924cf7c 12129 int wolfSSL_Cleanup(void)
wolfSSL 15:117db924cf7c 12130 {
wolfSSL 15:117db924cf7c 12131 int ret = WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 12132 int release = 0;
wolfSSL 15:117db924cf7c 12133
wolfSSL 15:117db924cf7c 12134 WOLFSSL_ENTER("wolfSSL_Cleanup");
wolfSSL 15:117db924cf7c 12135
wolfSSL 15:117db924cf7c 12136 if (initRefCount == 0)
wolfSSL 15:117db924cf7c 12137 return ret; /* possibly no init yet, but not failure either way */
wolfSSL 15:117db924cf7c 12138
wolfSSL 15:117db924cf7c 12139 if (wc_LockMutex(&count_mutex) != 0) {
wolfSSL 15:117db924cf7c 12140 WOLFSSL_MSG("Bad Lock Mutex count");
wolfSSL 15:117db924cf7c 12141 return BAD_MUTEX_E;
wolfSSL 15:117db924cf7c 12142 }
wolfSSL 15:117db924cf7c 12143
wolfSSL 15:117db924cf7c 12144 release = initRefCount-- == 1;
wolfSSL 15:117db924cf7c 12145 if (initRefCount < 0)
wolfSSL 15:117db924cf7c 12146 initRefCount = 0;
wolfSSL 15:117db924cf7c 12147
wolfSSL 15:117db924cf7c 12148 wc_UnLockMutex(&count_mutex);
wolfSSL 15:117db924cf7c 12149
wolfSSL 15:117db924cf7c 12150 if (!release)
wolfSSL 15:117db924cf7c 12151 return ret;
wolfSSL 15:117db924cf7c 12152
wolfSSL 16:8e0d178b1d1e 12153 #ifdef OPENSSL_EXTRA
wolfSSL 16:8e0d178b1d1e 12154 if (bn_one) {
wolfSSL 16:8e0d178b1d1e 12155 wolfSSL_BN_free(bn_one);
wolfSSL 16:8e0d178b1d1e 12156 bn_one = NULL;
wolfSSL 16:8e0d178b1d1e 12157 }
wolfSSL 16:8e0d178b1d1e 12158 #endif
wolfSSL 16:8e0d178b1d1e 12159
wolfSSL 15:117db924cf7c 12160 #ifndef NO_SESSION_CACHE
wolfSSL 15:117db924cf7c 12161 if (wc_FreeMutex(&session_mutex) != 0)
wolfSSL 15:117db924cf7c 12162 ret = BAD_MUTEX_E;
wolfSSL 15:117db924cf7c 12163 #endif
wolfSSL 15:117db924cf7c 12164 if (wc_FreeMutex(&count_mutex) != 0)
wolfSSL 15:117db924cf7c 12165 ret = BAD_MUTEX_E;
wolfSSL 15:117db924cf7c 12166
wolfSSL 16:8e0d178b1d1e 12167 #ifdef OPENSSL_EXTRA
wolfSSL 16:8e0d178b1d1e 12168 wolfSSL_RAND_Cleanup();
wolfSSL 16:8e0d178b1d1e 12169 #endif
wolfSSL 16:8e0d178b1d1e 12170
wolfSSL 15:117db924cf7c 12171 if (wolfCrypt_Cleanup() != 0) {
wolfSSL 15:117db924cf7c 12172 WOLFSSL_MSG("Error with wolfCrypt_Cleanup call");
wolfSSL 15:117db924cf7c 12173 ret = WC_CLEANUP_E;
wolfSSL 15:117db924cf7c 12174 }
wolfSSL 15:117db924cf7c 12175
wolfSSL 15:117db924cf7c 12176 return ret;
wolfSSL 15:117db924cf7c 12177 }
wolfSSL 15:117db924cf7c 12178
wolfSSL 15:117db924cf7c 12179
wolfSSL 15:117db924cf7c 12180 #ifndef NO_SESSION_CACHE
wolfSSL 15:117db924cf7c 12181
wolfSSL 15:117db924cf7c 12182
wolfSSL 15:117db924cf7c 12183 /* some session IDs aren't random after all, let's make them random */
wolfSSL 15:117db924cf7c 12184 static WC_INLINE word32 HashSession(const byte* sessionID, word32 len, int* error)
wolfSSL 15:117db924cf7c 12185 {
wolfSSL 15:117db924cf7c 12186 byte digest[WC_MAX_DIGEST_SIZE];
wolfSSL 15:117db924cf7c 12187
wolfSSL 15:117db924cf7c 12188 #ifndef NO_MD5
wolfSSL 15:117db924cf7c 12189 *error = wc_Md5Hash(sessionID, len, digest);
wolfSSL 15:117db924cf7c 12190 #elif !defined(NO_SHA)
wolfSSL 15:117db924cf7c 12191 *error = wc_ShaHash(sessionID, len, digest);
wolfSSL 15:117db924cf7c 12192 #elif !defined(NO_SHA256)
wolfSSL 15:117db924cf7c 12193 *error = wc_Sha256Hash(sessionID, len, digest);
wolfSSL 15:117db924cf7c 12194 #else
wolfSSL 15:117db924cf7c 12195 #error "We need a digest to hash the session IDs"
wolfSSL 15:117db924cf7c 12196 #endif
wolfSSL 15:117db924cf7c 12197
wolfSSL 15:117db924cf7c 12198 return *error == 0 ? MakeWordFromHash(digest) : 0; /* 0 on failure */
wolfSSL 15:117db924cf7c 12199 }
wolfSSL 15:117db924cf7c 12200
wolfSSL 15:117db924cf7c 12201
wolfSSL 16:8e0d178b1d1e 12202 WOLFSSL_ABI
wolfSSL 15:117db924cf7c 12203 void wolfSSL_flush_sessions(WOLFSSL_CTX* ctx, long tm)
wolfSSL 15:117db924cf7c 12204 {
wolfSSL 15:117db924cf7c 12205 /* static table now, no flushing needed */
wolfSSL 15:117db924cf7c 12206 (void)ctx;
wolfSSL 15:117db924cf7c 12207 (void)tm;
wolfSSL 15:117db924cf7c 12208 }
wolfSSL 15:117db924cf7c 12209
wolfSSL 15:117db924cf7c 12210
wolfSSL 15:117db924cf7c 12211 /* set ssl session timeout in seconds */
wolfSSL 16:8e0d178b1d1e 12212 WOLFSSL_ABI
wolfSSL 15:117db924cf7c 12213 int wolfSSL_set_timeout(WOLFSSL* ssl, unsigned int to)
wolfSSL 15:117db924cf7c 12214 {
wolfSSL 15:117db924cf7c 12215 if (ssl == NULL)
wolfSSL 15:117db924cf7c 12216 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 12217
wolfSSL 15:117db924cf7c 12218 if (to == 0)
wolfSSL 15:117db924cf7c 12219 to = WOLFSSL_SESSION_TIMEOUT;
wolfSSL 15:117db924cf7c 12220 ssl->timeout = to;
wolfSSL 15:117db924cf7c 12221
wolfSSL 15:117db924cf7c 12222 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 12223 }
wolfSSL 15:117db924cf7c 12224
wolfSSL 15:117db924cf7c 12225
wolfSSL 15:117db924cf7c 12226 /* set ctx session timeout in seconds */
wolfSSL 16:8e0d178b1d1e 12227 WOLFSSL_ABI
wolfSSL 15:117db924cf7c 12228 int wolfSSL_CTX_set_timeout(WOLFSSL_CTX* ctx, unsigned int to)
wolfSSL 15:117db924cf7c 12229 {
wolfSSL 15:117db924cf7c 12230 if (ctx == NULL)
wolfSSL 15:117db924cf7c 12231 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 12232
wolfSSL 15:117db924cf7c 12233 if (to == 0)
wolfSSL 15:117db924cf7c 12234 to = WOLFSSL_SESSION_TIMEOUT;
wolfSSL 15:117db924cf7c 12235 ctx->timeout = to;
wolfSSL 15:117db924cf7c 12236
wolfSSL 15:117db924cf7c 12237 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 12238 }
wolfSSL 15:117db924cf7c 12239
wolfSSL 15:117db924cf7c 12240
wolfSSL 15:117db924cf7c 12241 #ifndef NO_CLIENT_CACHE
wolfSSL 15:117db924cf7c 12242
wolfSSL 15:117db924cf7c 12243 /* Get Session from Client cache based on id/len, return NULL on failure */
wolfSSL 15:117db924cf7c 12244 WOLFSSL_SESSION* GetSessionClient(WOLFSSL* ssl, const byte* id, int len)
wolfSSL 15:117db924cf7c 12245 {
wolfSSL 15:117db924cf7c 12246 WOLFSSL_SESSION* ret = NULL;
wolfSSL 15:117db924cf7c 12247 word32 row;
wolfSSL 15:117db924cf7c 12248 int idx;
wolfSSL 15:117db924cf7c 12249 int count;
wolfSSL 15:117db924cf7c 12250 int error = 0;
wolfSSL 15:117db924cf7c 12251
wolfSSL 15:117db924cf7c 12252 WOLFSSL_ENTER("GetSessionClient");
wolfSSL 15:117db924cf7c 12253
wolfSSL 15:117db924cf7c 12254 if (ssl->ctx->sessionCacheOff)
wolfSSL 15:117db924cf7c 12255 return NULL;
wolfSSL 15:117db924cf7c 12256
wolfSSL 15:117db924cf7c 12257 if (ssl->options.side == WOLFSSL_SERVER_END)
wolfSSL 15:117db924cf7c 12258 return NULL;
wolfSSL 15:117db924cf7c 12259
wolfSSL 15:117db924cf7c 12260 len = min(SERVER_ID_LEN, (word32)len);
wolfSSL 15:117db924cf7c 12261
wolfSSL 15:117db924cf7c 12262 #ifdef HAVE_EXT_CACHE
wolfSSL 15:117db924cf7c 12263 if (ssl->ctx->get_sess_cb != NULL) {
wolfSSL 15:117db924cf7c 12264 int copy = 0;
wolfSSL 15:117db924cf7c 12265 ret = ssl->ctx->get_sess_cb(ssl, (byte*)id, len, &copy);
wolfSSL 15:117db924cf7c 12266 if (ret != NULL)
wolfSSL 15:117db924cf7c 12267 return ret;
wolfSSL 15:117db924cf7c 12268 }
wolfSSL 15:117db924cf7c 12269
wolfSSL 15:117db924cf7c 12270 if (ssl->ctx->internalCacheOff)
wolfSSL 15:117db924cf7c 12271 return NULL;
wolfSSL 15:117db924cf7c 12272 #endif
wolfSSL 15:117db924cf7c 12273
wolfSSL 15:117db924cf7c 12274 row = HashSession(id, len, &error) % SESSION_ROWS;
wolfSSL 15:117db924cf7c 12275 if (error != 0) {
wolfSSL 15:117db924cf7c 12276 WOLFSSL_MSG("Hash session failed");
wolfSSL 15:117db924cf7c 12277 return NULL;
wolfSSL 15:117db924cf7c 12278 }
wolfSSL 15:117db924cf7c 12279
wolfSSL 15:117db924cf7c 12280 if (wc_LockMutex(&session_mutex) != 0) {
wolfSSL 15:117db924cf7c 12281 WOLFSSL_MSG("Lock session mutex failed");
wolfSSL 15:117db924cf7c 12282 return NULL;
wolfSSL 15:117db924cf7c 12283 }
wolfSSL 15:117db924cf7c 12284
wolfSSL 15:117db924cf7c 12285 /* start from most recently used */
wolfSSL 15:117db924cf7c 12286 count = min((word32)ClientCache[row].totalCount, SESSIONS_PER_ROW);
wolfSSL 15:117db924cf7c 12287 idx = ClientCache[row].nextIdx - 1;
wolfSSL 15:117db924cf7c 12288 if (idx < 0)
wolfSSL 15:117db924cf7c 12289 idx = SESSIONS_PER_ROW - 1; /* if back to front, the previous was end */
wolfSSL 15:117db924cf7c 12290
wolfSSL 15:117db924cf7c 12291 for (; count > 0; --count, idx = idx ? idx - 1 : SESSIONS_PER_ROW - 1) {
wolfSSL 15:117db924cf7c 12292 WOLFSSL_SESSION* current;
wolfSSL 15:117db924cf7c 12293 ClientSession clSess;
wolfSSL 15:117db924cf7c 12294
wolfSSL 15:117db924cf7c 12295 if (idx >= SESSIONS_PER_ROW || idx < 0) { /* sanity check */
wolfSSL 15:117db924cf7c 12296 WOLFSSL_MSG("Bad idx");
wolfSSL 15:117db924cf7c 12297 break;
wolfSSL 15:117db924cf7c 12298 }
wolfSSL 15:117db924cf7c 12299
wolfSSL 15:117db924cf7c 12300 clSess = ClientCache[row].Clients[idx];
wolfSSL 15:117db924cf7c 12301
wolfSSL 15:117db924cf7c 12302 current = &SessionCache[clSess.serverRow].Sessions[clSess.serverIdx];
wolfSSL 15:117db924cf7c 12303 if (XMEMCMP(current->serverID, id, len) == 0) {
wolfSSL 15:117db924cf7c 12304 WOLFSSL_MSG("Found a serverid match for client");
wolfSSL 15:117db924cf7c 12305 if (LowResTimer() < (current->bornOn + current->timeout)) {
wolfSSL 15:117db924cf7c 12306 WOLFSSL_MSG("Session valid");
wolfSSL 15:117db924cf7c 12307 ret = current;
wolfSSL 15:117db924cf7c 12308 break;
wolfSSL 15:117db924cf7c 12309 } else {
wolfSSL 15:117db924cf7c 12310 WOLFSSL_MSG("Session timed out"); /* could have more for id */
wolfSSL 15:117db924cf7c 12311 }
wolfSSL 15:117db924cf7c 12312 } else {
wolfSSL 15:117db924cf7c 12313 WOLFSSL_MSG("ServerID not a match from client table");
wolfSSL 15:117db924cf7c 12314 }
wolfSSL 15:117db924cf7c 12315 }
wolfSSL 15:117db924cf7c 12316
wolfSSL 15:117db924cf7c 12317 wc_UnLockMutex(&session_mutex);
wolfSSL 15:117db924cf7c 12318
wolfSSL 15:117db924cf7c 12319 return ret;
wolfSSL 15:117db924cf7c 12320 }
wolfSSL 15:117db924cf7c 12321
wolfSSL 15:117db924cf7c 12322 #endif /* NO_CLIENT_CACHE */
wolfSSL 15:117db924cf7c 12323
wolfSSL 15:117db924cf7c 12324 /* Restore the master secret and session information for certificates.
wolfSSL 15:117db924cf7c 12325 *
wolfSSL 15:117db924cf7c 12326 * ssl The SSL/TLS object.
wolfSSL 15:117db924cf7c 12327 * session The cached session to restore.
wolfSSL 15:117db924cf7c 12328 * masterSecret The master secret from the cached session.
wolfSSL 15:117db924cf7c 12329 * restoreSessionCerts Restoring session certificates is required.
wolfSSL 15:117db924cf7c 12330 */
wolfSSL 15:117db924cf7c 12331 static WC_INLINE void RestoreSession(WOLFSSL* ssl, WOLFSSL_SESSION* session,
wolfSSL 15:117db924cf7c 12332 byte* masterSecret, byte restoreSessionCerts)
wolfSSL 15:117db924cf7c 12333 {
wolfSSL 15:117db924cf7c 12334 (void)ssl;
wolfSSL 15:117db924cf7c 12335 (void)restoreSessionCerts;
wolfSSL 15:117db924cf7c 12336
wolfSSL 15:117db924cf7c 12337 if (masterSecret)
wolfSSL 15:117db924cf7c 12338 XMEMCPY(masterSecret, session->masterSecret, SECRET_LEN);
wolfSSL 15:117db924cf7c 12339 #ifdef SESSION_CERTS
wolfSSL 15:117db924cf7c 12340 /* If set, we should copy the session certs into the ssl object
wolfSSL 15:117db924cf7c 12341 * from the session we are returning so we can resume */
wolfSSL 15:117db924cf7c 12342 if (restoreSessionCerts) {
wolfSSL 15:117db924cf7c 12343 ssl->session.chain = session->chain;
wolfSSL 15:117db924cf7c 12344 ssl->session.version = session->version;
wolfSSL 16:8e0d178b1d1e 12345 #ifdef NO_RESUME_SUITE_CHECK
wolfSSL 15:117db924cf7c 12346 ssl->session.cipherSuite0 = session->cipherSuite0;
wolfSSL 15:117db924cf7c 12347 ssl->session.cipherSuite = session->cipherSuite;
wolfSSL 16:8e0d178b1d1e 12348 #endif
wolfSSL 15:117db924cf7c 12349 }
wolfSSL 15:117db924cf7c 12350 #endif /* SESSION_CERTS */
wolfSSL 16:8e0d178b1d1e 12351 #if !defined(NO_RESUME_SUITE_CHECK) || \
wolfSSL 16:8e0d178b1d1e 12352 (defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET))
wolfSSL 16:8e0d178b1d1e 12353 ssl->session.cipherSuite0 = session->cipherSuite0;
wolfSSL 16:8e0d178b1d1e 12354 ssl->session.cipherSuite = session->cipherSuite;
wolfSSL 16:8e0d178b1d1e 12355 #endif
wolfSSL 15:117db924cf7c 12356 }
wolfSSL 15:117db924cf7c 12357
wolfSSL 15:117db924cf7c 12358 WOLFSSL_SESSION* GetSession(WOLFSSL* ssl, byte* masterSecret,
wolfSSL 15:117db924cf7c 12359 byte restoreSessionCerts)
wolfSSL 15:117db924cf7c 12360 {
wolfSSL 15:117db924cf7c 12361 WOLFSSL_SESSION* ret = 0;
wolfSSL 15:117db924cf7c 12362 const byte* id = NULL;
wolfSSL 15:117db924cf7c 12363 word32 row;
wolfSSL 15:117db924cf7c 12364 int idx;
wolfSSL 15:117db924cf7c 12365 int count;
wolfSSL 15:117db924cf7c 12366 int error = 0;
wolfSSL 15:117db924cf7c 12367
wolfSSL 15:117db924cf7c 12368 (void) restoreSessionCerts;
wolfSSL 15:117db924cf7c 12369
wolfSSL 15:117db924cf7c 12370 if (ssl->options.sessionCacheOff)
wolfSSL 15:117db924cf7c 12371 return NULL;
wolfSSL 15:117db924cf7c 12372
wolfSSL 15:117db924cf7c 12373 if (ssl->options.haveSessionId == 0)
wolfSSL 15:117db924cf7c 12374 return NULL;
wolfSSL 15:117db924cf7c 12375
wolfSSL 15:117db924cf7c 12376 #ifdef HAVE_SESSION_TICKET
wolfSSL 15:117db924cf7c 12377 if (ssl->options.side == WOLFSSL_SERVER_END && ssl->options.useTicket == 1)
wolfSSL 15:117db924cf7c 12378 return NULL;
wolfSSL 15:117db924cf7c 12379 #endif
wolfSSL 15:117db924cf7c 12380
wolfSSL 16:8e0d178b1d1e 12381 if (!ssl->options.tls1_3 && ssl->arrays != NULL)
wolfSSL 15:117db924cf7c 12382 id = ssl->arrays->sessionID;
wolfSSL 15:117db924cf7c 12383 else
wolfSSL 15:117db924cf7c 12384 id = ssl->session.sessionID;
wolfSSL 15:117db924cf7c 12385
wolfSSL 15:117db924cf7c 12386 #ifdef HAVE_EXT_CACHE
wolfSSL 15:117db924cf7c 12387 if (ssl->ctx->get_sess_cb != NULL) {
wolfSSL 15:117db924cf7c 12388 int copy = 0;
wolfSSL 15:117db924cf7c 12389 /* Attempt to retrieve the session from the external cache. */
wolfSSL 15:117db924cf7c 12390 ret = ssl->ctx->get_sess_cb(ssl, (byte*)id, ID_LEN, &copy);
wolfSSL 15:117db924cf7c 12391 if (ret != NULL) {
wolfSSL 15:117db924cf7c 12392 RestoreSession(ssl, ret, masterSecret, restoreSessionCerts);
wolfSSL 15:117db924cf7c 12393 return ret;
wolfSSL 15:117db924cf7c 12394 }
wolfSSL 15:117db924cf7c 12395 }
wolfSSL 15:117db924cf7c 12396
wolfSSL 15:117db924cf7c 12397 if (ssl->ctx->internalCacheOff)
wolfSSL 15:117db924cf7c 12398 return NULL;
wolfSSL 15:117db924cf7c 12399 #endif
wolfSSL 15:117db924cf7c 12400
wolfSSL 15:117db924cf7c 12401 row = HashSession(id, ID_LEN, &error) % SESSION_ROWS;
wolfSSL 15:117db924cf7c 12402 if (error != 0) {
wolfSSL 15:117db924cf7c 12403 WOLFSSL_MSG("Hash session failed");
wolfSSL 15:117db924cf7c 12404 return NULL;
wolfSSL 15:117db924cf7c 12405 }
wolfSSL 15:117db924cf7c 12406
wolfSSL 15:117db924cf7c 12407 if (wc_LockMutex(&session_mutex) != 0)
wolfSSL 15:117db924cf7c 12408 return 0;
wolfSSL 15:117db924cf7c 12409
wolfSSL 15:117db924cf7c 12410 /* start from most recently used */
wolfSSL 15:117db924cf7c 12411 count = min((word32)SessionCache[row].totalCount, SESSIONS_PER_ROW);
wolfSSL 15:117db924cf7c 12412 idx = SessionCache[row].nextIdx - 1;
wolfSSL 15:117db924cf7c 12413 if (idx < 0)
wolfSSL 15:117db924cf7c 12414 idx = SESSIONS_PER_ROW - 1; /* if back to front, the previous was end */
wolfSSL 15:117db924cf7c 12415
wolfSSL 15:117db924cf7c 12416 for (; count > 0; --count, idx = idx ? idx - 1 : SESSIONS_PER_ROW - 1) {
wolfSSL 15:117db924cf7c 12417 WOLFSSL_SESSION* current;
wolfSSL 15:117db924cf7c 12418
wolfSSL 15:117db924cf7c 12419 if (idx >= SESSIONS_PER_ROW || idx < 0) { /* sanity check */
wolfSSL 15:117db924cf7c 12420 WOLFSSL_MSG("Bad idx");
wolfSSL 15:117db924cf7c 12421 break;
wolfSSL 15:117db924cf7c 12422 }
wolfSSL 15:117db924cf7c 12423
wolfSSL 15:117db924cf7c 12424 current = &SessionCache[row].Sessions[idx];
wolfSSL 15:117db924cf7c 12425 if (XMEMCMP(current->sessionID, id, ID_LEN) == 0) {
wolfSSL 15:117db924cf7c 12426 WOLFSSL_MSG("Found a session match");
wolfSSL 15:117db924cf7c 12427 if (LowResTimer() < (current->bornOn + current->timeout)) {
wolfSSL 15:117db924cf7c 12428 WOLFSSL_MSG("Session valid");
wolfSSL 15:117db924cf7c 12429 ret = current;
wolfSSL 15:117db924cf7c 12430 RestoreSession(ssl, ret, masterSecret, restoreSessionCerts);
wolfSSL 15:117db924cf7c 12431 } else {
wolfSSL 15:117db924cf7c 12432 WOLFSSL_MSG("Session timed out");
wolfSSL 15:117db924cf7c 12433 }
wolfSSL 15:117db924cf7c 12434 break; /* no more sessionIDs whether valid or not that match */
wolfSSL 15:117db924cf7c 12435 } else {
wolfSSL 15:117db924cf7c 12436 WOLFSSL_MSG("SessionID not a match at this idx");
wolfSSL 15:117db924cf7c 12437 }
wolfSSL 15:117db924cf7c 12438 }
wolfSSL 15:117db924cf7c 12439
wolfSSL 15:117db924cf7c 12440 wc_UnLockMutex(&session_mutex);
wolfSSL 15:117db924cf7c 12441
wolfSSL 15:117db924cf7c 12442 return ret;
wolfSSL 15:117db924cf7c 12443 }
wolfSSL 15:117db924cf7c 12444
wolfSSL 15:117db924cf7c 12445
wolfSSL 15:117db924cf7c 12446 static int GetDeepCopySession(WOLFSSL* ssl, WOLFSSL_SESSION* copyFrom)
wolfSSL 15:117db924cf7c 12447 {
wolfSSL 15:117db924cf7c 12448 WOLFSSL_SESSION* copyInto = &ssl->session;
wolfSSL 15:117db924cf7c 12449 void* tmpBuff = NULL;
wolfSSL 15:117db924cf7c 12450 int ticketLen = 0;
wolfSSL 15:117db924cf7c 12451 int doDynamicCopy = 0;
wolfSSL 15:117db924cf7c 12452 int ret = WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 12453
wolfSSL 15:117db924cf7c 12454 (void)ticketLen;
wolfSSL 15:117db924cf7c 12455 (void)doDynamicCopy;
wolfSSL 15:117db924cf7c 12456 (void)tmpBuff;
wolfSSL 15:117db924cf7c 12457
wolfSSL 15:117db924cf7c 12458 if (!ssl || !copyFrom)
wolfSSL 15:117db924cf7c 12459 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 12460
wolfSSL 15:117db924cf7c 12461 #ifdef HAVE_SESSION_TICKET
wolfSSL 15:117db924cf7c 12462 /* Free old dynamic ticket if we had one to avoid leak */
wolfSSL 15:117db924cf7c 12463 if (copyInto->isDynamic) {
wolfSSL 15:117db924cf7c 12464 XFREE(copyInto->ticket, ssl->heap, DYNAMIC_TYPE_SESSION_TICK);
wolfSSL 15:117db924cf7c 12465 copyInto->ticket = copyInto->staticTicket;
wolfSSL 15:117db924cf7c 12466 copyInto->isDynamic = 0;
wolfSSL 15:117db924cf7c 12467 }
wolfSSL 15:117db924cf7c 12468 #endif
wolfSSL 15:117db924cf7c 12469
wolfSSL 15:117db924cf7c 12470 if (wc_LockMutex(&session_mutex) != 0)
wolfSSL 15:117db924cf7c 12471 return BAD_MUTEX_E;
wolfSSL 15:117db924cf7c 12472
wolfSSL 15:117db924cf7c 12473 #ifdef HAVE_SESSION_TICKET
wolfSSL 15:117db924cf7c 12474 /* Size of ticket to alloc if needed; Use later for alloc outside lock */
wolfSSL 15:117db924cf7c 12475 doDynamicCopy = copyFrom->isDynamic;
wolfSSL 15:117db924cf7c 12476 ticketLen = copyFrom->ticketLen;
wolfSSL 15:117db924cf7c 12477 #endif
wolfSSL 15:117db924cf7c 12478
wolfSSL 15:117db924cf7c 12479 *copyInto = *copyFrom;
wolfSSL 15:117db924cf7c 12480
wolfSSL 15:117db924cf7c 12481 /* Default ticket to non dynamic. This will avoid crash if we fail below */
wolfSSL 15:117db924cf7c 12482 #ifdef HAVE_SESSION_TICKET
wolfSSL 15:117db924cf7c 12483 copyInto->ticket = copyInto->staticTicket;
wolfSSL 15:117db924cf7c 12484 copyInto->isDynamic = 0;
wolfSSL 15:117db924cf7c 12485 #endif
wolfSSL 15:117db924cf7c 12486
wolfSSL 16:8e0d178b1d1e 12487 #ifndef NO_RESUME_SUITE_CHECK
wolfSSL 16:8e0d178b1d1e 12488 copyInto->cipherSuite0 = copyFrom->cipherSuite0;
wolfSSL 16:8e0d178b1d1e 12489 copyInto->cipherSuite = copyFrom->cipherSuite;
wolfSSL 16:8e0d178b1d1e 12490 #endif
wolfSSL 16:8e0d178b1d1e 12491
wolfSSL 15:117db924cf7c 12492 if (wc_UnLockMutex(&session_mutex) != 0) {
wolfSSL 15:117db924cf7c 12493 return BAD_MUTEX_E;
wolfSSL 15:117db924cf7c 12494 }
wolfSSL 15:117db924cf7c 12495
wolfSSL 15:117db924cf7c 12496 #ifdef HAVE_SESSION_TICKET
wolfSSL 15:117db924cf7c 12497 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 12498 if (wc_LockMutex(&session_mutex) != 0) {
wolfSSL 15:117db924cf7c 12499 XFREE(tmpBuff, ssl->heap, DYNAMIC_TYPE_SESSION_TICK);
wolfSSL 15:117db924cf7c 12500 return BAD_MUTEX_E;
wolfSSL 15:117db924cf7c 12501 }
wolfSSL 15:117db924cf7c 12502
wolfSSL 16:8e0d178b1d1e 12503 #ifdef NO_RESUME_SUITE_CHECK
wolfSSL 15:117db924cf7c 12504 copyInto->cipherSuite0 = copyFrom->cipherSuite0;
wolfSSL 15:117db924cf7c 12505 copyInto->cipherSuite = copyFrom->cipherSuite;
wolfSSL 16:8e0d178b1d1e 12506 #endif
wolfSSL 15:117db924cf7c 12507 copyInto->namedGroup = copyFrom->namedGroup;
wolfSSL 15:117db924cf7c 12508 copyInto->ticketSeen = copyFrom->ticketSeen;
wolfSSL 15:117db924cf7c 12509 copyInto->ticketAdd = copyFrom->ticketAdd;
wolfSSL 15:117db924cf7c 12510 #ifndef WOLFSSL_TLS13_DRAFT_18
wolfSSL 15:117db924cf7c 12511 XMEMCPY(&copyInto->ticketNonce, &copyFrom->ticketNonce,
wolfSSL 15:117db924cf7c 12512 sizeof(TicketNonce));
wolfSSL 15:117db924cf7c 12513 #endif
wolfSSL 15:117db924cf7c 12514 #ifdef WOLFSSL_EARLY_DATA
wolfSSL 15:117db924cf7c 12515 copyInto->maxEarlyDataSz = copyFrom->maxEarlyDataSz;
wolfSSL 15:117db924cf7c 12516 #endif
wolfSSL 15:117db924cf7c 12517 XMEMCPY(copyInto->masterSecret, copyFrom->masterSecret, SECRET_LEN);
wolfSSL 15:117db924cf7c 12518
wolfSSL 15:117db924cf7c 12519 if (wc_UnLockMutex(&session_mutex) != 0) {
wolfSSL 15:117db924cf7c 12520 if (ret == WOLFSSL_SUCCESS)
wolfSSL 15:117db924cf7c 12521 ret = BAD_MUTEX_E;
wolfSSL 15:117db924cf7c 12522 }
wolfSSL 15:117db924cf7c 12523 #endif
wolfSSL 15:117db924cf7c 12524 /* If doing dynamic copy, need to alloc outside lock, then inside a lock
wolfSSL 15:117db924cf7c 12525 * confirm the size still matches and memcpy */
wolfSSL 15:117db924cf7c 12526 if (doDynamicCopy) {
wolfSSL 15:117db924cf7c 12527 tmpBuff = (byte*)XMALLOC(ticketLen, ssl->heap,
wolfSSL 15:117db924cf7c 12528 DYNAMIC_TYPE_SESSION_TICK);
wolfSSL 15:117db924cf7c 12529 if (!tmpBuff)
wolfSSL 15:117db924cf7c 12530 return MEMORY_ERROR;
wolfSSL 15:117db924cf7c 12531
wolfSSL 15:117db924cf7c 12532 if (wc_LockMutex(&session_mutex) != 0) {
wolfSSL 15:117db924cf7c 12533 XFREE(tmpBuff, ssl->heap, DYNAMIC_TYPE_SESSION_TICK);
wolfSSL 15:117db924cf7c 12534 return BAD_MUTEX_E;
wolfSSL 15:117db924cf7c 12535 }
wolfSSL 15:117db924cf7c 12536
wolfSSL 16:8e0d178b1d1e 12537 if ((word16)ticketLen != copyFrom->ticketLen) {
wolfSSL 15:117db924cf7c 12538 /* Another thread modified the ssl-> session ticket during alloc.
wolfSSL 15:117db924cf7c 12539 * Treat as error, since ticket different than when copy requested */
wolfSSL 15:117db924cf7c 12540 ret = VAR_STATE_CHANGE_E;
wolfSSL 15:117db924cf7c 12541 }
wolfSSL 15:117db924cf7c 12542
wolfSSL 15:117db924cf7c 12543 if (ret == WOLFSSL_SUCCESS) {
wolfSSL 15:117db924cf7c 12544 copyInto->ticket = (byte*)tmpBuff;
wolfSSL 15:117db924cf7c 12545 copyInto->isDynamic = 1;
wolfSSL 15:117db924cf7c 12546 XMEMCPY(copyInto->ticket, copyFrom->ticket, ticketLen);
wolfSSL 15:117db924cf7c 12547 }
wolfSSL 15:117db924cf7c 12548 } else {
wolfSSL 15:117db924cf7c 12549 /* Need to ensure ticket pointer gets updated to own buffer
wolfSSL 15:117db924cf7c 12550 * and is not pointing to buff of session copied from */
wolfSSL 15:117db924cf7c 12551 copyInto->ticket = copyInto->staticTicket;
wolfSSL 15:117db924cf7c 12552 }
wolfSSL 15:117db924cf7c 12553
wolfSSL 15:117db924cf7c 12554 if (doDynamicCopy) {
wolfSSL 15:117db924cf7c 12555 if (wc_UnLockMutex(&session_mutex) != 0) {
wolfSSL 15:117db924cf7c 12556 if (ret == WOLFSSL_SUCCESS)
wolfSSL 15:117db924cf7c 12557 ret = BAD_MUTEX_E;
wolfSSL 15:117db924cf7c 12558 }
wolfSSL 15:117db924cf7c 12559 }
wolfSSL 15:117db924cf7c 12560
wolfSSL 15:117db924cf7c 12561 if (ret != WOLFSSL_SUCCESS) {
wolfSSL 15:117db924cf7c 12562 /* cleanup */
wolfSSL 15:117db924cf7c 12563 if (tmpBuff)
wolfSSL 15:117db924cf7c 12564 XFREE(tmpBuff, ssl->heap, DYNAMIC_TYPE_SESSION_TICK);
wolfSSL 15:117db924cf7c 12565 copyInto->ticket = copyInto->staticTicket;
wolfSSL 15:117db924cf7c 12566 copyInto->isDynamic = 0;
wolfSSL 15:117db924cf7c 12567 }
wolfSSL 15:117db924cf7c 12568 #endif /* HAVE_SESSION_TICKET */
wolfSSL 15:117db924cf7c 12569 return ret;
wolfSSL 15:117db924cf7c 12570 }
wolfSSL 15:117db924cf7c 12571
wolfSSL 15:117db924cf7c 12572
wolfSSL 15:117db924cf7c 12573 int SetSession(WOLFSSL* ssl, WOLFSSL_SESSION* session)
wolfSSL 15:117db924cf7c 12574 {
wolfSSL 15:117db924cf7c 12575 if (ssl->options.sessionCacheOff)
wolfSSL 15:117db924cf7c 12576 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 12577
wolfSSL 15:117db924cf7c 12578 #ifdef OPENSSL_EXTRA
wolfSSL 15:117db924cf7c 12579 /* check for application context id */
wolfSSL 15:117db924cf7c 12580 if (ssl->sessionCtxSz > 0) {
wolfSSL 15:117db924cf7c 12581 if (XMEMCMP(ssl->sessionCtx, session->sessionCtx, ssl->sessionCtxSz)) {
wolfSSL 15:117db924cf7c 12582 /* context id did not match! */
wolfSSL 15:117db924cf7c 12583 WOLFSSL_MSG("Session context did not match");
wolfSSL 15:117db924cf7c 12584 return SSL_FAILURE;
wolfSSL 15:117db924cf7c 12585 }
wolfSSL 15:117db924cf7c 12586 }
wolfSSL 15:117db924cf7c 12587 #endif /* OPENSSL_EXTRA */
wolfSSL 15:117db924cf7c 12588
wolfSSL 15:117db924cf7c 12589 if (LowResTimer() < (session->bornOn + session->timeout)) {
wolfSSL 15:117db924cf7c 12590 int ret = GetDeepCopySession(ssl, session);
wolfSSL 15:117db924cf7c 12591 if (ret == WOLFSSL_SUCCESS) {
wolfSSL 15:117db924cf7c 12592 ssl->options.resuming = 1;
wolfSSL 15:117db924cf7c 12593
wolfSSL 15:117db924cf7c 12594 #if defined(SESSION_CERTS) || (defined(WOLFSSL_TLS13) && \
wolfSSL 15:117db924cf7c 12595 defined(HAVE_SESSION_TICKET))
wolfSSL 15:117db924cf7c 12596 ssl->version = session->version;
wolfSSL 16:8e0d178b1d1e 12597 #endif
wolfSSL 16:8e0d178b1d1e 12598 #if defined(SESSION_CERTS) || !defined(NO_RESUME_SUITE_CHECK) || \
wolfSSL 16:8e0d178b1d1e 12599 (defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET))
wolfSSL 15:117db924cf7c 12600 ssl->options.cipherSuite0 = session->cipherSuite0;
wolfSSL 15:117db924cf7c 12601 ssl->options.cipherSuite = session->cipherSuite;
wolfSSL 15:117db924cf7c 12602 #endif
wolfSSL 15:117db924cf7c 12603 }
wolfSSL 15:117db924cf7c 12604
wolfSSL 15:117db924cf7c 12605 return ret;
wolfSSL 15:117db924cf7c 12606 }
wolfSSL 15:117db924cf7c 12607 return WOLFSSL_FAILURE; /* session timed out */
wolfSSL 15:117db924cf7c 12608 }
wolfSSL 15:117db924cf7c 12609
wolfSSL 15:117db924cf7c 12610
wolfSSL 15:117db924cf7c 12611 #ifdef WOLFSSL_SESSION_STATS
wolfSSL 15:117db924cf7c 12612 static int get_locked_session_stats(word32* active, word32* total,
wolfSSL 15:117db924cf7c 12613 word32* peak);
wolfSSL 15:117db924cf7c 12614 #endif
wolfSSL 15:117db924cf7c 12615
wolfSSL 15:117db924cf7c 12616 int AddSession(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 12617 {
wolfSSL 15:117db924cf7c 12618 word32 row = 0;
wolfSSL 15:117db924cf7c 12619 word32 idx = 0;
wolfSSL 15:117db924cf7c 12620 int error = 0;
wolfSSL 15:117db924cf7c 12621 #ifdef HAVE_SESSION_TICKET
wolfSSL 15:117db924cf7c 12622 byte* tmpBuff = NULL;
wolfSSL 15:117db924cf7c 12623 int ticLen = 0;
wolfSSL 15:117db924cf7c 12624 #endif
wolfSSL 15:117db924cf7c 12625 WOLFSSL_SESSION* session;
wolfSSL 16:8e0d178b1d1e 12626 int i;
wolfSSL 16:8e0d178b1d1e 12627 int overwrite = 0;
wolfSSL 15:117db924cf7c 12628
wolfSSL 15:117db924cf7c 12629 if (ssl->options.sessionCacheOff)
wolfSSL 15:117db924cf7c 12630 return 0;
wolfSSL 15:117db924cf7c 12631
wolfSSL 15:117db924cf7c 12632 if (ssl->options.haveSessionId == 0)
wolfSSL 15:117db924cf7c 12633 return 0;
wolfSSL 15:117db924cf7c 12634
wolfSSL 15:117db924cf7c 12635 #ifdef HAVE_SESSION_TICKET
wolfSSL 15:117db924cf7c 12636 if (ssl->options.side == WOLFSSL_SERVER_END && ssl->options.useTicket == 1)
wolfSSL 15:117db924cf7c 12637 return 0;
wolfSSL 15:117db924cf7c 12638 #endif
wolfSSL 15:117db924cf7c 12639
wolfSSL 15:117db924cf7c 12640 #ifdef HAVE_SESSION_TICKET
wolfSSL 15:117db924cf7c 12641 ticLen = ssl->session.ticketLen;
wolfSSL 15:117db924cf7c 12642 /* Alloc Memory here so if Malloc fails can exit outside of lock */
wolfSSL 15:117db924cf7c 12643 if(ticLen > SESSION_TICKET_LEN) {
wolfSSL 15:117db924cf7c 12644 tmpBuff = (byte*)XMALLOC(ticLen, ssl->heap,
wolfSSL 15:117db924cf7c 12645 DYNAMIC_TYPE_SESSION_TICK);
wolfSSL 15:117db924cf7c 12646 if(!tmpBuff)
wolfSSL 15:117db924cf7c 12647 return MEMORY_E;
wolfSSL 15:117db924cf7c 12648 }
wolfSSL 15:117db924cf7c 12649 #endif
wolfSSL 15:117db924cf7c 12650
wolfSSL 15:117db924cf7c 12651 #ifdef HAVE_EXT_CACHE
wolfSSL 15:117db924cf7c 12652 if (ssl->options.internalCacheOff) {
wolfSSL 15:117db924cf7c 12653 /* Create a new session object to be stored. */
wolfSSL 15:117db924cf7c 12654 session = (WOLFSSL_SESSION*)XMALLOC(sizeof(WOLFSSL_SESSION), NULL,
wolfSSL 15:117db924cf7c 12655 DYNAMIC_TYPE_OPENSSL);
wolfSSL 15:117db924cf7c 12656 if (session == NULL) {
wolfSSL 15:117db924cf7c 12657 #ifdef HAVE_SESSION_TICKET
wolfSSL 15:117db924cf7c 12658 XFREE(tmpBuff, ssl->heap, DYNAMIC_TYPE_SESSION_TICK);
wolfSSL 15:117db924cf7c 12659 #endif
wolfSSL 15:117db924cf7c 12660 return MEMORY_E;
wolfSSL 15:117db924cf7c 12661 }
wolfSSL 15:117db924cf7c 12662 XMEMSET(session, 0, sizeof(WOLFSSL_SESSION));
wolfSSL 15:117db924cf7c 12663 session->isAlloced = 1;
wolfSSL 15:117db924cf7c 12664 }
wolfSSL 15:117db924cf7c 12665 else
wolfSSL 15:117db924cf7c 12666 #endif
wolfSSL 15:117db924cf7c 12667 {
wolfSSL 15:117db924cf7c 12668 /* Use the session object in the cache for external cache if required.
wolfSSL 15:117db924cf7c 12669 */
wolfSSL 16:8e0d178b1d1e 12670 #if defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)
wolfSSL 16:8e0d178b1d1e 12671 if (ssl->options.tls1_3) {
wolfSSL 16:8e0d178b1d1e 12672 row = HashSession(ssl->session.sessionID, ID_LEN, &error) %
wolfSSL 16:8e0d178b1d1e 12673 SESSION_ROWS;
wolfSSL 16:8e0d178b1d1e 12674 }
wolfSSL 16:8e0d178b1d1e 12675 else
wolfSSL 16:8e0d178b1d1e 12676 #endif
wolfSSL 16:8e0d178b1d1e 12677 {
wolfSSL 16:8e0d178b1d1e 12678 row = HashSession(ssl->arrays->sessionID, ID_LEN, &error) %
wolfSSL 16:8e0d178b1d1e 12679 SESSION_ROWS;
wolfSSL 16:8e0d178b1d1e 12680 }
wolfSSL 15:117db924cf7c 12681 if (error != 0) {
wolfSSL 15:117db924cf7c 12682 WOLFSSL_MSG("Hash session failed");
wolfSSL 15:117db924cf7c 12683 #ifdef HAVE_SESSION_TICKET
wolfSSL 15:117db924cf7c 12684 XFREE(tmpBuff, ssl->heap, DYNAMIC_TYPE_SESSION_TICK);
wolfSSL 15:117db924cf7c 12685 #endif
wolfSSL 15:117db924cf7c 12686 return error;
wolfSSL 15:117db924cf7c 12687 }
wolfSSL 15:117db924cf7c 12688
wolfSSL 15:117db924cf7c 12689 if (wc_LockMutex(&session_mutex) != 0) {
wolfSSL 15:117db924cf7c 12690 #ifdef HAVE_SESSION_TICKET
wolfSSL 15:117db924cf7c 12691 XFREE(tmpBuff, ssl->heap, DYNAMIC_TYPE_SESSION_TICK);
wolfSSL 15:117db924cf7c 12692 #endif
wolfSSL 15:117db924cf7c 12693 return BAD_MUTEX_E;
wolfSSL 15:117db924cf7c 12694 }
wolfSSL 15:117db924cf7c 12695
wolfSSL 16:8e0d178b1d1e 12696 for (i=0; i<SESSIONS_PER_ROW; i++) {
wolfSSL 16:8e0d178b1d1e 12697 if (ssl->options.tls1_3) {
wolfSSL 16:8e0d178b1d1e 12698 if (XMEMCMP(ssl->session.sessionID, SessionCache[row].Sessions[i].sessionID, ID_LEN) == 0) {
wolfSSL 16:8e0d178b1d1e 12699 WOLFSSL_MSG("Session already exists. Overwriting.");
wolfSSL 16:8e0d178b1d1e 12700 overwrite = 1;
wolfSSL 16:8e0d178b1d1e 12701 idx = i;
wolfSSL 16:8e0d178b1d1e 12702 break;
wolfSSL 16:8e0d178b1d1e 12703 }
wolfSSL 16:8e0d178b1d1e 12704 }
wolfSSL 16:8e0d178b1d1e 12705 else {
wolfSSL 16:8e0d178b1d1e 12706 if (XMEMCMP(ssl->arrays->sessionID, SessionCache[row].Sessions[i].sessionID, ID_LEN) == 0) {
wolfSSL 16:8e0d178b1d1e 12707 WOLFSSL_MSG("Session already exists. Overwriting.");
wolfSSL 16:8e0d178b1d1e 12708 overwrite = 1;
wolfSSL 16:8e0d178b1d1e 12709 idx = i;
wolfSSL 16:8e0d178b1d1e 12710 break;
wolfSSL 16:8e0d178b1d1e 12711 }
wolfSSL 16:8e0d178b1d1e 12712 }
wolfSSL 16:8e0d178b1d1e 12713 }
wolfSSL 16:8e0d178b1d1e 12714
wolfSSL 16:8e0d178b1d1e 12715 if (!overwrite) {
wolfSSL 16:8e0d178b1d1e 12716 idx = SessionCache[row].nextIdx++;
wolfSSL 16:8e0d178b1d1e 12717 }
wolfSSL 15:117db924cf7c 12718 #ifdef SESSION_INDEX
wolfSSL 15:117db924cf7c 12719 ssl->sessionIndex = (row << SESSIDX_ROW_SHIFT) | idx;
wolfSSL 15:117db924cf7c 12720 #endif
wolfSSL 15:117db924cf7c 12721 session = &SessionCache[row].Sessions[idx];
wolfSSL 15:117db924cf7c 12722 }
wolfSSL 15:117db924cf7c 12723
wolfSSL 15:117db924cf7c 12724 if (!ssl->options.tls1_3)
wolfSSL 15:117db924cf7c 12725 XMEMCPY(session->masterSecret, ssl->arrays->masterSecret, SECRET_LEN);
wolfSSL 15:117db924cf7c 12726 else
wolfSSL 15:117db924cf7c 12727 XMEMCPY(session->masterSecret, ssl->session.masterSecret, SECRET_LEN);
wolfSSL 15:117db924cf7c 12728 session->haveEMS = ssl->options.haveEMS;
wolfSSL 16:8e0d178b1d1e 12729 #if defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)
wolfSSL 16:8e0d178b1d1e 12730 if (ssl->options.tls1_3) {
wolfSSL 16:8e0d178b1d1e 12731 XMEMCPY(session->sessionID, ssl->session.sessionID, ID_LEN);
wolfSSL 16:8e0d178b1d1e 12732 session->sessionIDSz = ID_LEN;
wolfSSL 16:8e0d178b1d1e 12733 }
wolfSSL 16:8e0d178b1d1e 12734 else
wolfSSL 16:8e0d178b1d1e 12735 #endif
wolfSSL 16:8e0d178b1d1e 12736 {
wolfSSL 16:8e0d178b1d1e 12737 XMEMCPY(session->sessionID, ssl->arrays->sessionID, ID_LEN);
wolfSSL 16:8e0d178b1d1e 12738 session->sessionIDSz = ssl->arrays->sessionIDSz;
wolfSSL 16:8e0d178b1d1e 12739 }
wolfSSL 16:8e0d178b1d1e 12740
wolfSSL 16:8e0d178b1d1e 12741 #ifdef OPENSSL_EXTRA
wolfSSL 16:8e0d178b1d1e 12742 /* If using compatibility layer then check for and copy over session context
wolfSSL 15:117db924cf7c 12743 * id. */
wolfSSL 15:117db924cf7c 12744 if (ssl->sessionCtxSz > 0 && ssl->sessionCtxSz < ID_LEN) {
wolfSSL 15:117db924cf7c 12745 XMEMCPY(session->sessionCtx, ssl->sessionCtx, ssl->sessionCtxSz);
wolfSSL 15:117db924cf7c 12746 }
wolfSSL 15:117db924cf7c 12747 #endif
wolfSSL 15:117db924cf7c 12748
wolfSSL 15:117db924cf7c 12749 session->timeout = ssl->timeout;
wolfSSL 15:117db924cf7c 12750 session->bornOn = LowResTimer();
wolfSSL 15:117db924cf7c 12751
wolfSSL 15:117db924cf7c 12752 #ifdef HAVE_SESSION_TICKET
wolfSSL 15:117db924cf7c 12753 /* Check if another thread modified ticket since alloc */
wolfSSL 16:8e0d178b1d1e 12754 if ((word16)ticLen != ssl->session.ticketLen) {
wolfSSL 15:117db924cf7c 12755 error = VAR_STATE_CHANGE_E;
wolfSSL 15:117db924cf7c 12756 }
wolfSSL 15:117db924cf7c 12757
wolfSSL 15:117db924cf7c 12758 if (error == 0) {
wolfSSL 15:117db924cf7c 12759 /* Cleanup cache row's old Dynamic buff if exists */
wolfSSL 15:117db924cf7c 12760 if(session->isDynamic) {
wolfSSL 15:117db924cf7c 12761 XFREE(session->ticket, ssl->heap, DYNAMIC_TYPE_SESSION_TICK);
wolfSSL 15:117db924cf7c 12762 session->ticket = NULL;
wolfSSL 15:117db924cf7c 12763 }
wolfSSL 15:117db924cf7c 12764
wolfSSL 15:117db924cf7c 12765 /* If too large to store in static buffer, use dyn buffer */
wolfSSL 15:117db924cf7c 12766 if (ticLen > SESSION_TICKET_LEN) {
wolfSSL 15:117db924cf7c 12767 session->ticket = tmpBuff;
wolfSSL 15:117db924cf7c 12768 session->isDynamic = 1;
wolfSSL 15:117db924cf7c 12769 } else {
wolfSSL 15:117db924cf7c 12770 session->ticket = session->staticTicket;
wolfSSL 15:117db924cf7c 12771 session->isDynamic = 0;
wolfSSL 15:117db924cf7c 12772 }
wolfSSL 16:8e0d178b1d1e 12773
wolfSSL 15:117db924cf7c 12774 session->ticketLen = (word16)ticLen;
wolfSSL 15:117db924cf7c 12775 XMEMCPY(session->ticket, ssl->session.ticket, ticLen);
wolfSSL 15:117db924cf7c 12776 } else { /* cleanup, reset state */
wolfSSL 15:117db924cf7c 12777 session->ticket = session->staticTicket;
wolfSSL 15:117db924cf7c 12778 session->isDynamic = 0;
wolfSSL 15:117db924cf7c 12779 session->ticketLen = 0;
wolfSSL 15:117db924cf7c 12780 if (tmpBuff) {
wolfSSL 15:117db924cf7c 12781 XFREE(tmpBuff, ssl->heap, DYNAMIC_TYPE_SESSION_TICK);
wolfSSL 15:117db924cf7c 12782 tmpBuff = NULL;
wolfSSL 15:117db924cf7c 12783 }
wolfSSL 15:117db924cf7c 12784 }
wolfSSL 15:117db924cf7c 12785 #endif
wolfSSL 15:117db924cf7c 12786
wolfSSL 15:117db924cf7c 12787 #ifdef SESSION_CERTS
wolfSSL 15:117db924cf7c 12788 if (error == 0) {
wolfSSL 16:8e0d178b1d1e 12789 if (!overwrite || ssl->session.chain.count > 0) {
wolfSSL 16:8e0d178b1d1e 12790 /*
wolfSSL 16:8e0d178b1d1e 12791 * If we are overwriting and no certs present in ssl->session.chain
wolfSSL 16:8e0d178b1d1e 12792 * then keep the old chain.
wolfSSL 16:8e0d178b1d1e 12793 */
wolfSSL 16:8e0d178b1d1e 12794 session->chain.count = ssl->session.chain.count;
wolfSSL 16:8e0d178b1d1e 12795 XMEMCPY(session->chain.certs, ssl->session.chain.certs,
wolfSSL 16:8e0d178b1d1e 12796 sizeof(x509_buffer) * session->chain.count);
wolfSSL 16:8e0d178b1d1e 12797 }
wolfSSL 15:117db924cf7c 12798 }
wolfSSL 15:117db924cf7c 12799 #endif /* SESSION_CERTS */
wolfSSL 15:117db924cf7c 12800 #if defined(SESSION_CERTS) || (defined(WOLFSSL_TLS13) && \
wolfSSL 15:117db924cf7c 12801 defined(HAVE_SESSION_TICKET))
wolfSSL 15:117db924cf7c 12802 if (error == 0) {
wolfSSL 15:117db924cf7c 12803 session->version = ssl->version;
wolfSSL 16:8e0d178b1d1e 12804 }
wolfSSL 16:8e0d178b1d1e 12805 #endif /* SESSION_CERTS || (WOLFSSL_TLS13 & HAVE_SESSION_TICKET) */
wolfSSL 16:8e0d178b1d1e 12806 #if defined(SESSION_CERTS) || !defined(NO_RESUME_SUITE_CHECK) || \
wolfSSL 16:8e0d178b1d1e 12807 (defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET))
wolfSSL 16:8e0d178b1d1e 12808 if (error == 0) {
wolfSSL 15:117db924cf7c 12809 session->cipherSuite0 = ssl->options.cipherSuite0;
wolfSSL 15:117db924cf7c 12810 session->cipherSuite = ssl->options.cipherSuite;
wolfSSL 15:117db924cf7c 12811 }
wolfSSL 16:8e0d178b1d1e 12812 #endif
wolfSSL 15:117db924cf7c 12813 #if defined(WOLFSSL_TLS13)
wolfSSL 15:117db924cf7c 12814 if (error == 0) {
wolfSSL 15:117db924cf7c 12815 session->namedGroup = ssl->session.namedGroup;
wolfSSL 15:117db924cf7c 12816 }
wolfSSL 15:117db924cf7c 12817 #endif
wolfSSL 15:117db924cf7c 12818 #if defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)
wolfSSL 15:117db924cf7c 12819 if (error == 0) {
wolfSSL 15:117db924cf7c 12820 session->ticketSeen = ssl->session.ticketSeen;
wolfSSL 15:117db924cf7c 12821 session->ticketAdd = ssl->session.ticketAdd;
wolfSSL 15:117db924cf7c 12822 #ifndef WOLFSSL_TLS13_DRAFT_18
wolfSSL 15:117db924cf7c 12823 XMEMCPY(&session->ticketNonce, &ssl->session.ticketNonce,
wolfSSL 15:117db924cf7c 12824 sizeof(TicketNonce));
wolfSSL 15:117db924cf7c 12825 #endif
wolfSSL 15:117db924cf7c 12826 #ifdef WOLFSSL_EARLY_DATA
wolfSSL 15:117db924cf7c 12827 session->maxEarlyDataSz = ssl->session.maxEarlyDataSz;
wolfSSL 15:117db924cf7c 12828 #endif
wolfSSL 15:117db924cf7c 12829 }
wolfSSL 15:117db924cf7c 12830 #endif /* WOLFSSL_TLS13 && HAVE_SESSION_TICKET */
wolfSSL 15:117db924cf7c 12831 #ifdef HAVE_EXT_CACHE
wolfSSL 15:117db924cf7c 12832 if (!ssl->options.internalCacheOff)
wolfSSL 15:117db924cf7c 12833 #endif
wolfSSL 15:117db924cf7c 12834 {
wolfSSL 15:117db924cf7c 12835 if (error == 0) {
wolfSSL 15:117db924cf7c 12836 SessionCache[row].totalCount++;
wolfSSL 15:117db924cf7c 12837 if (SessionCache[row].nextIdx == SESSIONS_PER_ROW)
wolfSSL 15:117db924cf7c 12838 SessionCache[row].nextIdx = 0;
wolfSSL 15:117db924cf7c 12839 }
wolfSSL 15:117db924cf7c 12840 }
wolfSSL 15:117db924cf7c 12841 #ifndef NO_CLIENT_CACHE
wolfSSL 15:117db924cf7c 12842 if (error == 0) {
wolfSSL 15:117db924cf7c 12843 if (ssl->options.side == WOLFSSL_CLIENT_END && ssl->session.idLen) {
wolfSSL 15:117db924cf7c 12844 word32 clientRow, clientIdx;
wolfSSL 15:117db924cf7c 12845
wolfSSL 15:117db924cf7c 12846 WOLFSSL_MSG("Adding client cache entry");
wolfSSL 15:117db924cf7c 12847
wolfSSL 15:117db924cf7c 12848 session->idLen = ssl->session.idLen;
wolfSSL 15:117db924cf7c 12849 XMEMCPY(session->serverID, ssl->session.serverID,
wolfSSL 15:117db924cf7c 12850 ssl->session.idLen);
wolfSSL 15:117db924cf7c 12851
wolfSSL 15:117db924cf7c 12852 #ifdef HAVE_EXT_CACHE
wolfSSL 15:117db924cf7c 12853 if (!ssl->options.internalCacheOff)
wolfSSL 15:117db924cf7c 12854 #endif
wolfSSL 15:117db924cf7c 12855 {
wolfSSL 15:117db924cf7c 12856 clientRow = HashSession(ssl->session.serverID,
wolfSSL 15:117db924cf7c 12857 ssl->session.idLen, &error) % SESSION_ROWS;
wolfSSL 15:117db924cf7c 12858 if (error != 0) {
wolfSSL 15:117db924cf7c 12859 WOLFSSL_MSG("Hash session failed");
wolfSSL 15:117db924cf7c 12860 } else {
wolfSSL 15:117db924cf7c 12861 clientIdx = ClientCache[clientRow].nextIdx++;
wolfSSL 15:117db924cf7c 12862
wolfSSL 15:117db924cf7c 12863 ClientCache[clientRow].Clients[clientIdx].serverRow =
wolfSSL 15:117db924cf7c 12864 (word16)row;
wolfSSL 15:117db924cf7c 12865 ClientCache[clientRow].Clients[clientIdx].serverIdx =
wolfSSL 15:117db924cf7c 12866 (word16)idx;
wolfSSL 15:117db924cf7c 12867
wolfSSL 15:117db924cf7c 12868 ClientCache[clientRow].totalCount++;
wolfSSL 15:117db924cf7c 12869 if (ClientCache[clientRow].nextIdx == SESSIONS_PER_ROW)
wolfSSL 15:117db924cf7c 12870 ClientCache[clientRow].nextIdx = 0;
wolfSSL 15:117db924cf7c 12871 }
wolfSSL 15:117db924cf7c 12872 }
wolfSSL 15:117db924cf7c 12873 }
wolfSSL 15:117db924cf7c 12874 else
wolfSSL 15:117db924cf7c 12875 session->idLen = 0;
wolfSSL 15:117db924cf7c 12876 }
wolfSSL 15:117db924cf7c 12877 #endif /* NO_CLIENT_CACHE */
wolfSSL 15:117db924cf7c 12878
wolfSSL 15:117db924cf7c 12879 #if defined(WOLFSSL_SESSION_STATS) && defined(WOLFSSL_PEAK_SESSIONS)
wolfSSL 15:117db924cf7c 12880 #ifdef HAVE_EXT_CACHE
wolfSSL 15:117db924cf7c 12881 if (!ssl->options.internalCacheOff)
wolfSSL 15:117db924cf7c 12882 #endif
wolfSSL 15:117db924cf7c 12883 {
wolfSSL 15:117db924cf7c 12884 if (error == 0) {
wolfSSL 15:117db924cf7c 12885 word32 active = 0;
wolfSSL 15:117db924cf7c 12886
wolfSSL 15:117db924cf7c 12887 error = get_locked_session_stats(&active, NULL, NULL);
wolfSSL 15:117db924cf7c 12888 if (error == WOLFSSL_SUCCESS) {
wolfSSL 15:117db924cf7c 12889 error = 0; /* back to this function ok */
wolfSSL 15:117db924cf7c 12890
wolfSSL 15:117db924cf7c 12891 if (active > PeakSessions)
wolfSSL 15:117db924cf7c 12892 PeakSessions = active;
wolfSSL 15:117db924cf7c 12893 }
wolfSSL 15:117db924cf7c 12894 }
wolfSSL 15:117db924cf7c 12895 }
wolfSSL 15:117db924cf7c 12896 #endif /* defined(WOLFSSL_SESSION_STATS) && defined(WOLFSSL_PEAK_SESSIONS) */
wolfSSL 15:117db924cf7c 12897
wolfSSL 15:117db924cf7c 12898 #ifdef HAVE_EXT_CACHE
wolfSSL 15:117db924cf7c 12899 if (!ssl->options.internalCacheOff)
wolfSSL 15:117db924cf7c 12900 #endif
wolfSSL 15:117db924cf7c 12901 {
wolfSSL 15:117db924cf7c 12902 if (wc_UnLockMutex(&session_mutex) != 0)
wolfSSL 15:117db924cf7c 12903 return BAD_MUTEX_E;
wolfSSL 15:117db924cf7c 12904 }
wolfSSL 15:117db924cf7c 12905
wolfSSL 15:117db924cf7c 12906 #ifdef HAVE_EXT_CACHE
wolfSSL 15:117db924cf7c 12907 if (error == 0 && ssl->ctx->new_sess_cb != NULL)
wolfSSL 15:117db924cf7c 12908 ssl->ctx->new_sess_cb(ssl, session);
wolfSSL 15:117db924cf7c 12909 if (ssl->options.internalCacheOff)
wolfSSL 15:117db924cf7c 12910 wolfSSL_SESSION_free(session);
wolfSSL 15:117db924cf7c 12911 #endif
wolfSSL 15:117db924cf7c 12912
wolfSSL 15:117db924cf7c 12913 return error;
wolfSSL 15:117db924cf7c 12914 }
wolfSSL 15:117db924cf7c 12915
wolfSSL 15:117db924cf7c 12916
wolfSSL 15:117db924cf7c 12917 #ifdef SESSION_INDEX
wolfSSL 15:117db924cf7c 12918
wolfSSL 15:117db924cf7c 12919 int wolfSSL_GetSessionIndex(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 12920 {
wolfSSL 15:117db924cf7c 12921 WOLFSSL_ENTER("wolfSSL_GetSessionIndex");
wolfSSL 15:117db924cf7c 12922 WOLFSSL_LEAVE("wolfSSL_GetSessionIndex", ssl->sessionIndex);
wolfSSL 15:117db924cf7c 12923 return ssl->sessionIndex;
wolfSSL 15:117db924cf7c 12924 }
wolfSSL 15:117db924cf7c 12925
wolfSSL 15:117db924cf7c 12926
wolfSSL 15:117db924cf7c 12927 int wolfSSL_GetSessionAtIndex(int idx, WOLFSSL_SESSION* session)
wolfSSL 15:117db924cf7c 12928 {
wolfSSL 15:117db924cf7c 12929 int row, col, result = WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 12930
wolfSSL 15:117db924cf7c 12931 WOLFSSL_ENTER("wolfSSL_GetSessionAtIndex");
wolfSSL 15:117db924cf7c 12932
wolfSSL 15:117db924cf7c 12933 row = idx >> SESSIDX_ROW_SHIFT;
wolfSSL 15:117db924cf7c 12934 col = idx & SESSIDX_IDX_MASK;
wolfSSL 15:117db924cf7c 12935
wolfSSL 15:117db924cf7c 12936 if (wc_LockMutex(&session_mutex) != 0) {
wolfSSL 15:117db924cf7c 12937 return BAD_MUTEX_E;
wolfSSL 15:117db924cf7c 12938 }
wolfSSL 15:117db924cf7c 12939
wolfSSL 15:117db924cf7c 12940 if (row < SESSION_ROWS &&
wolfSSL 15:117db924cf7c 12941 col < (int)min(SessionCache[row].totalCount, SESSIONS_PER_ROW)) {
wolfSSL 15:117db924cf7c 12942 XMEMCPY(session,
wolfSSL 15:117db924cf7c 12943 &SessionCache[row].Sessions[col], sizeof(WOLFSSL_SESSION));
wolfSSL 15:117db924cf7c 12944 result = WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 12945 }
wolfSSL 15:117db924cf7c 12946
wolfSSL 15:117db924cf7c 12947 if (wc_UnLockMutex(&session_mutex) != 0)
wolfSSL 15:117db924cf7c 12948 result = BAD_MUTEX_E;
wolfSSL 15:117db924cf7c 12949
wolfSSL 15:117db924cf7c 12950 WOLFSSL_LEAVE("wolfSSL_GetSessionAtIndex", result);
wolfSSL 15:117db924cf7c 12951 return result;
wolfSSL 15:117db924cf7c 12952 }
wolfSSL 15:117db924cf7c 12953
wolfSSL 15:117db924cf7c 12954 #endif /* SESSION_INDEX */
wolfSSL 15:117db924cf7c 12955
wolfSSL 16:8e0d178b1d1e 12956 #if defined(SESSION_CERTS)
wolfSSL 15:117db924cf7c 12957
wolfSSL 15:117db924cf7c 12958 WOLFSSL_X509_CHAIN* wolfSSL_SESSION_get_peer_chain(WOLFSSL_SESSION* session)
wolfSSL 15:117db924cf7c 12959 {
wolfSSL 15:117db924cf7c 12960 WOLFSSL_X509_CHAIN* chain = NULL;
wolfSSL 15:117db924cf7c 12961
wolfSSL 15:117db924cf7c 12962 WOLFSSL_ENTER("wolfSSL_SESSION_get_peer_chain");
wolfSSL 15:117db924cf7c 12963 if (session)
wolfSSL 15:117db924cf7c 12964 chain = &session->chain;
wolfSSL 15:117db924cf7c 12965
wolfSSL 15:117db924cf7c 12966 WOLFSSL_LEAVE("wolfSSL_SESSION_get_peer_chain", chain ? 1 : 0);
wolfSSL 15:117db924cf7c 12967 return chain;
wolfSSL 15:117db924cf7c 12968 }
wolfSSL 15:117db924cf7c 12969
wolfSSL 16:8e0d178b1d1e 12970
wolfSSL 16:8e0d178b1d1e 12971 #ifdef OPENSSL_EXTRA
wolfSSL 16:8e0d178b1d1e 12972 /* gets the peer certificate associated with the session passed in
wolfSSL 16:8e0d178b1d1e 12973 * returns null on failure, the caller should not free the returned pointer */
wolfSSL 16:8e0d178b1d1e 12974 WOLFSSL_X509* wolfSSL_SESSION_get0_peer(WOLFSSL_SESSION* session)
wolfSSL 16:8e0d178b1d1e 12975 {
wolfSSL 16:8e0d178b1d1e 12976 WOLFSSL_ENTER("wolfSSL_SESSION_get_peer_chain");
wolfSSL 16:8e0d178b1d1e 12977 if (session) {
wolfSSL 16:8e0d178b1d1e 12978 int count;
wolfSSL 16:8e0d178b1d1e 12979
wolfSSL 16:8e0d178b1d1e 12980 count = wolfSSL_get_chain_count(&session->chain);
wolfSSL 16:8e0d178b1d1e 12981 if (count < 1 || count >= MAX_CHAIN_DEPTH) {
wolfSSL 16:8e0d178b1d1e 12982 WOLFSSL_MSG("bad count found");
wolfSSL 16:8e0d178b1d1e 12983 return NULL;
wolfSSL 16:8e0d178b1d1e 12984 }
wolfSSL 16:8e0d178b1d1e 12985
wolfSSL 16:8e0d178b1d1e 12986 if (session->peer == NULL) {
wolfSSL 16:8e0d178b1d1e 12987 session->peer = wolfSSL_get_chain_X509(&session->chain, 0);
wolfSSL 16:8e0d178b1d1e 12988 }
wolfSSL 16:8e0d178b1d1e 12989 return session->peer;
wolfSSL 16:8e0d178b1d1e 12990 }
wolfSSL 16:8e0d178b1d1e 12991 WOLFSSL_MSG("No session passed in");
wolfSSL 16:8e0d178b1d1e 12992
wolfSSL 16:8e0d178b1d1e 12993 return NULL;
wolfSSL 16:8e0d178b1d1e 12994 }
wolfSSL 16:8e0d178b1d1e 12995 #endif /* OPENSSL_EXTRA */
wolfSSL 15:117db924cf7c 12996 #endif /* SESSION_INDEX && SESSION_CERTS */
wolfSSL 15:117db924cf7c 12997
wolfSSL 15:117db924cf7c 12998
wolfSSL 15:117db924cf7c 12999 #ifdef WOLFSSL_SESSION_STATS
wolfSSL 15:117db924cf7c 13000
wolfSSL 15:117db924cf7c 13001 /* requires session_mutex lock held, WOLFSSL_SUCCESS on ok */
wolfSSL 15:117db924cf7c 13002 static int get_locked_session_stats(word32* active, word32* total, word32* peak)
wolfSSL 15:117db924cf7c 13003 {
wolfSSL 15:117db924cf7c 13004 int result = WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 13005 int i;
wolfSSL 15:117db924cf7c 13006 int count;
wolfSSL 15:117db924cf7c 13007 int idx;
wolfSSL 15:117db924cf7c 13008 word32 now = 0;
wolfSSL 15:117db924cf7c 13009 word32 seen = 0;
wolfSSL 15:117db924cf7c 13010 word32 ticks = LowResTimer();
wolfSSL 15:117db924cf7c 13011
wolfSSL 15:117db924cf7c 13012 (void)peak;
wolfSSL 15:117db924cf7c 13013
wolfSSL 15:117db924cf7c 13014 WOLFSSL_ENTER("get_locked_session_stats");
wolfSSL 15:117db924cf7c 13015
wolfSSL 15:117db924cf7c 13016 for (i = 0; i < SESSION_ROWS; i++) {
wolfSSL 15:117db924cf7c 13017 seen += SessionCache[i].totalCount;
wolfSSL 15:117db924cf7c 13018
wolfSSL 15:117db924cf7c 13019 if (active == NULL)
wolfSSL 15:117db924cf7c 13020 continue; /* no need to calculate what we can't set */
wolfSSL 15:117db924cf7c 13021
wolfSSL 15:117db924cf7c 13022 count = min((word32)SessionCache[i].totalCount, SESSIONS_PER_ROW);
wolfSSL 15:117db924cf7c 13023 idx = SessionCache[i].nextIdx - 1;
wolfSSL 15:117db924cf7c 13024 if (idx < 0)
wolfSSL 15:117db924cf7c 13025 idx = SESSIONS_PER_ROW - 1; /* if back to front previous was end */
wolfSSL 15:117db924cf7c 13026
wolfSSL 15:117db924cf7c 13027 for (; count > 0; --count, idx = idx ? idx - 1 : SESSIONS_PER_ROW - 1) {
wolfSSL 15:117db924cf7c 13028 if (idx >= SESSIONS_PER_ROW || idx < 0) { /* sanity check */
wolfSSL 15:117db924cf7c 13029 WOLFSSL_MSG("Bad idx");
wolfSSL 15:117db924cf7c 13030 break;
wolfSSL 15:117db924cf7c 13031 }
wolfSSL 15:117db924cf7c 13032
wolfSSL 16:8e0d178b1d1e 13033 /* if not expired then good */
wolfSSL 15:117db924cf7c 13034 if (ticks < (SessionCache[i].Sessions[idx].bornOn +
wolfSSL 15:117db924cf7c 13035 SessionCache[i].Sessions[idx].timeout) ) {
wolfSSL 15:117db924cf7c 13036 now++;
wolfSSL 15:117db924cf7c 13037 }
wolfSSL 15:117db924cf7c 13038 }
wolfSSL 15:117db924cf7c 13039 }
wolfSSL 15:117db924cf7c 13040
wolfSSL 15:117db924cf7c 13041 if (active)
wolfSSL 15:117db924cf7c 13042 *active = now;
wolfSSL 15:117db924cf7c 13043
wolfSSL 15:117db924cf7c 13044 if (total)
wolfSSL 15:117db924cf7c 13045 *total = seen;
wolfSSL 15:117db924cf7c 13046
wolfSSL 15:117db924cf7c 13047 #ifdef WOLFSSL_PEAK_SESSIONS
wolfSSL 15:117db924cf7c 13048 if (peak)
wolfSSL 15:117db924cf7c 13049 *peak = PeakSessions;
wolfSSL 15:117db924cf7c 13050 #endif
wolfSSL 15:117db924cf7c 13051
wolfSSL 15:117db924cf7c 13052 WOLFSSL_LEAVE("get_locked_session_stats", result);
wolfSSL 15:117db924cf7c 13053
wolfSSL 15:117db924cf7c 13054 return result;
wolfSSL 15:117db924cf7c 13055 }
wolfSSL 15:117db924cf7c 13056
wolfSSL 15:117db924cf7c 13057
wolfSSL 15:117db924cf7c 13058 /* return WOLFSSL_SUCCESS on ok */
wolfSSL 15:117db924cf7c 13059 int wolfSSL_get_session_stats(word32* active, word32* total, word32* peak,
wolfSSL 15:117db924cf7c 13060 word32* maxSessions)
wolfSSL 15:117db924cf7c 13061 {
wolfSSL 15:117db924cf7c 13062 int result = WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 13063
wolfSSL 15:117db924cf7c 13064 WOLFSSL_ENTER("wolfSSL_get_session_stats");
wolfSSL 15:117db924cf7c 13065
wolfSSL 15:117db924cf7c 13066 if (maxSessions) {
wolfSSL 15:117db924cf7c 13067 *maxSessions = SESSIONS_PER_ROW * SESSION_ROWS;
wolfSSL 15:117db924cf7c 13068
wolfSSL 15:117db924cf7c 13069 if (active == NULL && total == NULL && peak == NULL)
wolfSSL 15:117db924cf7c 13070 return result; /* we're done */
wolfSSL 15:117db924cf7c 13071 }
wolfSSL 15:117db924cf7c 13072
wolfSSL 15:117db924cf7c 13073 /* user must provide at least one query value */
wolfSSL 15:117db924cf7c 13074 if (active == NULL && total == NULL && peak == NULL)
wolfSSL 15:117db924cf7c 13075 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 13076
wolfSSL 15:117db924cf7c 13077 if (wc_LockMutex(&session_mutex) != 0) {
wolfSSL 15:117db924cf7c 13078 return BAD_MUTEX_E;
wolfSSL 15:117db924cf7c 13079 }
wolfSSL 15:117db924cf7c 13080
wolfSSL 15:117db924cf7c 13081 result = get_locked_session_stats(active, total, peak);
wolfSSL 15:117db924cf7c 13082
wolfSSL 15:117db924cf7c 13083 if (wc_UnLockMutex(&session_mutex) != 0)
wolfSSL 15:117db924cf7c 13084 result = BAD_MUTEX_E;
wolfSSL 15:117db924cf7c 13085
wolfSSL 15:117db924cf7c 13086 WOLFSSL_LEAVE("wolfSSL_get_session_stats", result);
wolfSSL 15:117db924cf7c 13087
wolfSSL 15:117db924cf7c 13088 return result;
wolfSSL 15:117db924cf7c 13089 }
wolfSSL 15:117db924cf7c 13090
wolfSSL 15:117db924cf7c 13091 #endif /* WOLFSSL_SESSION_STATS */
wolfSSL 15:117db924cf7c 13092
wolfSSL 15:117db924cf7c 13093
wolfSSL 15:117db924cf7c 13094 #ifdef PRINT_SESSION_STATS
wolfSSL 15:117db924cf7c 13095
wolfSSL 15:117db924cf7c 13096 /* WOLFSSL_SUCCESS on ok */
wolfSSL 15:117db924cf7c 13097 int wolfSSL_PrintSessionStats(void)
wolfSSL 15:117db924cf7c 13098 {
wolfSSL 15:117db924cf7c 13099 word32 totalSessionsSeen = 0;
wolfSSL 15:117db924cf7c 13100 word32 totalSessionsNow = 0;
wolfSSL 15:117db924cf7c 13101 word32 peak = 0;
wolfSSL 15:117db924cf7c 13102 word32 maxSessions = 0;
wolfSSL 15:117db924cf7c 13103 int i;
wolfSSL 15:117db924cf7c 13104 int ret;
wolfSSL 15:117db924cf7c 13105 double E; /* expected freq */
wolfSSL 15:117db924cf7c 13106 double chiSquare = 0;
wolfSSL 15:117db924cf7c 13107
wolfSSL 15:117db924cf7c 13108 ret = wolfSSL_get_session_stats(&totalSessionsNow, &totalSessionsSeen,
wolfSSL 15:117db924cf7c 13109 &peak, &maxSessions);
wolfSSL 15:117db924cf7c 13110 if (ret != WOLFSSL_SUCCESS)
wolfSSL 15:117db924cf7c 13111 return ret;
wolfSSL 15:117db924cf7c 13112 printf("Total Sessions Seen = %d\n", totalSessionsSeen);
wolfSSL 15:117db924cf7c 13113 printf("Total Sessions Now = %d\n", totalSessionsNow);
wolfSSL 15:117db924cf7c 13114 #ifdef WOLFSSL_PEAK_SESSIONS
wolfSSL 15:117db924cf7c 13115 printf("Peak Sessions = %d\n", peak);
wolfSSL 15:117db924cf7c 13116 #endif
wolfSSL 15:117db924cf7c 13117 printf("Max Sessions = %d\n", maxSessions);
wolfSSL 15:117db924cf7c 13118
wolfSSL 15:117db924cf7c 13119 E = (double)totalSessionsSeen / SESSION_ROWS;
wolfSSL 15:117db924cf7c 13120
wolfSSL 15:117db924cf7c 13121 for (i = 0; i < SESSION_ROWS; i++) {
wolfSSL 15:117db924cf7c 13122 double diff = SessionCache[i].totalCount - E;
wolfSSL 15:117db924cf7c 13123 diff *= diff; /* square */
wolfSSL 15:117db924cf7c 13124 diff /= E; /* normalize */
wolfSSL 15:117db924cf7c 13125
wolfSSL 15:117db924cf7c 13126 chiSquare += diff;
wolfSSL 15:117db924cf7c 13127 }
wolfSSL 15:117db924cf7c 13128 printf(" chi-square = %5.1f, d.f. = %d\n", chiSquare,
wolfSSL 15:117db924cf7c 13129 SESSION_ROWS - 1);
wolfSSL 15:117db924cf7c 13130 #if (SESSION_ROWS == 11)
wolfSSL 15:117db924cf7c 13131 printf(" .05 p value = 18.3, chi-square should be less\n");
wolfSSL 15:117db924cf7c 13132 #elif (SESSION_ROWS == 211)
wolfSSL 15:117db924cf7c 13133 printf(".05 p value = 244.8, chi-square should be less\n");
wolfSSL 15:117db924cf7c 13134 #elif (SESSION_ROWS == 5981)
wolfSSL 15:117db924cf7c 13135 printf(".05 p value = 6161.0, chi-square should be less\n");
wolfSSL 15:117db924cf7c 13136 #elif (SESSION_ROWS == 3)
wolfSSL 15:117db924cf7c 13137 printf(".05 p value = 6.0, chi-square should be less\n");
wolfSSL 15:117db924cf7c 13138 #elif (SESSION_ROWS == 2861)
wolfSSL 15:117db924cf7c 13139 printf(".05 p value = 2985.5, chi-square should be less\n");
wolfSSL 15:117db924cf7c 13140 #endif
wolfSSL 15:117db924cf7c 13141 printf("\n");
wolfSSL 15:117db924cf7c 13142
wolfSSL 15:117db924cf7c 13143 return ret;
wolfSSL 15:117db924cf7c 13144 }
wolfSSL 15:117db924cf7c 13145
wolfSSL 15:117db924cf7c 13146 #endif /* SESSION_STATS */
wolfSSL 15:117db924cf7c 13147
wolfSSL 15:117db924cf7c 13148 #else /* NO_SESSION_CACHE */
wolfSSL 15:117db924cf7c 13149
wolfSSL 15:117db924cf7c 13150 /* No session cache version */
wolfSSL 15:117db924cf7c 13151 WOLFSSL_SESSION* GetSession(WOLFSSL* ssl, byte* masterSecret,
wolfSSL 15:117db924cf7c 13152 byte restoreSessionCerts)
wolfSSL 15:117db924cf7c 13153 {
wolfSSL 15:117db924cf7c 13154 (void)ssl;
wolfSSL 15:117db924cf7c 13155 (void)masterSecret;
wolfSSL 15:117db924cf7c 13156 (void)restoreSessionCerts;
wolfSSL 15:117db924cf7c 13157
wolfSSL 15:117db924cf7c 13158 return NULL;
wolfSSL 15:117db924cf7c 13159 }
wolfSSL 15:117db924cf7c 13160
wolfSSL 15:117db924cf7c 13161 #endif /* NO_SESSION_CACHE */
wolfSSL 15:117db924cf7c 13162
wolfSSL 15:117db924cf7c 13163
wolfSSL 15:117db924cf7c 13164 /* call before SSL_connect, if verifying will add name check to
wolfSSL 15:117db924cf7c 13165 date check and signature check */
wolfSSL 16:8e0d178b1d1e 13166 WOLFSSL_ABI
wolfSSL 15:117db924cf7c 13167 int wolfSSL_check_domain_name(WOLFSSL* ssl, const char* dn)
wolfSSL 15:117db924cf7c 13168 {
wolfSSL 15:117db924cf7c 13169 WOLFSSL_ENTER("wolfSSL_check_domain_name");
wolfSSL 15:117db924cf7c 13170
wolfSSL 15:117db924cf7c 13171 if (ssl == NULL || dn == NULL) {
wolfSSL 15:117db924cf7c 13172 WOLFSSL_MSG("Bad function argument: NULL");
wolfSSL 15:117db924cf7c 13173 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 13174 }
wolfSSL 15:117db924cf7c 13175
wolfSSL 15:117db924cf7c 13176 if (ssl->buffers.domainName.buffer)
wolfSSL 15:117db924cf7c 13177 XFREE(ssl->buffers.domainName.buffer, ssl->heap, DYNAMIC_TYPE_DOMAIN);
wolfSSL 15:117db924cf7c 13178
wolfSSL 15:117db924cf7c 13179 ssl->buffers.domainName.length = (word32)XSTRLEN(dn);
wolfSSL 15:117db924cf7c 13180 ssl->buffers.domainName.buffer = (byte*)XMALLOC(
wolfSSL 15:117db924cf7c 13181 ssl->buffers.domainName.length + 1, ssl->heap, DYNAMIC_TYPE_DOMAIN);
wolfSSL 15:117db924cf7c 13182
wolfSSL 15:117db924cf7c 13183 if (ssl->buffers.domainName.buffer) {
wolfSSL 16:8e0d178b1d1e 13184 unsigned char* domainName = ssl->buffers.domainName.buffer;
wolfSSL 16:8e0d178b1d1e 13185 XMEMCPY(domainName, dn, ssl->buffers.domainName.length);
wolfSSL 15:117db924cf7c 13186 domainName[ssl->buffers.domainName.length] = '\0';
wolfSSL 15:117db924cf7c 13187 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 13188 }
wolfSSL 15:117db924cf7c 13189 else {
wolfSSL 15:117db924cf7c 13190 ssl->error = MEMORY_ERROR;
wolfSSL 15:117db924cf7c 13191 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 13192 }
wolfSSL 15:117db924cf7c 13193 }
wolfSSL 15:117db924cf7c 13194
wolfSSL 15:117db924cf7c 13195
wolfSSL 15:117db924cf7c 13196 /* turn on wolfSSL zlib compression
wolfSSL 15:117db924cf7c 13197 returns WOLFSSL_SUCCESS for success, else error (not built in)
wolfSSL 15:117db924cf7c 13198 */
wolfSSL 15:117db924cf7c 13199 int wolfSSL_set_compression(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 13200 {
wolfSSL 15:117db924cf7c 13201 WOLFSSL_ENTER("wolfSSL_set_compression");
wolfSSL 15:117db924cf7c 13202 (void)ssl;
wolfSSL 15:117db924cf7c 13203 #ifdef HAVE_LIBZ
wolfSSL 15:117db924cf7c 13204 ssl->options.usingCompression = 1;
wolfSSL 15:117db924cf7c 13205 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 13206 #else
wolfSSL 15:117db924cf7c 13207 return NOT_COMPILED_IN;
wolfSSL 15:117db924cf7c 13208 #endif
wolfSSL 15:117db924cf7c 13209 }
wolfSSL 15:117db924cf7c 13210
wolfSSL 15:117db924cf7c 13211
wolfSSL 15:117db924cf7c 13212 #ifndef USE_WINDOWS_API
wolfSSL 15:117db924cf7c 13213 #ifndef NO_WRITEV
wolfSSL 15:117db924cf7c 13214
wolfSSL 15:117db924cf7c 13215 /* simulate writev semantics, doesn't actually do block at a time though
wolfSSL 15:117db924cf7c 13216 because of SSL_write behavior and because front adds may be small */
wolfSSL 15:117db924cf7c 13217 int wolfSSL_writev(WOLFSSL* ssl, const struct iovec* iov, int iovcnt)
wolfSSL 15:117db924cf7c 13218 {
wolfSSL 15:117db924cf7c 13219 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 13220 byte staticBuffer[1]; /* force heap usage */
wolfSSL 15:117db924cf7c 13221 #else
wolfSSL 15:117db924cf7c 13222 byte staticBuffer[FILE_BUFFER_SIZE];
wolfSSL 15:117db924cf7c 13223 #endif
wolfSSL 15:117db924cf7c 13224 byte* myBuffer = staticBuffer;
wolfSSL 15:117db924cf7c 13225 int dynamic = 0;
wolfSSL 15:117db924cf7c 13226 int sending = 0;
wolfSSL 15:117db924cf7c 13227 int idx = 0;
wolfSSL 15:117db924cf7c 13228 int i;
wolfSSL 15:117db924cf7c 13229 int ret;
wolfSSL 15:117db924cf7c 13230
wolfSSL 15:117db924cf7c 13231 WOLFSSL_ENTER("wolfSSL_writev");
wolfSSL 15:117db924cf7c 13232
wolfSSL 15:117db924cf7c 13233 for (i = 0; i < iovcnt; i++)
wolfSSL 15:117db924cf7c 13234 sending += (int)iov[i].iov_len;
wolfSSL 15:117db924cf7c 13235
wolfSSL 15:117db924cf7c 13236 if (sending > (int)sizeof(staticBuffer)) {
wolfSSL 15:117db924cf7c 13237 myBuffer = (byte*)XMALLOC(sending, ssl->heap,
wolfSSL 15:117db924cf7c 13238 DYNAMIC_TYPE_WRITEV);
wolfSSL 15:117db924cf7c 13239 if (!myBuffer)
wolfSSL 15:117db924cf7c 13240 return MEMORY_ERROR;
wolfSSL 15:117db924cf7c 13241
wolfSSL 15:117db924cf7c 13242 dynamic = 1;
wolfSSL 15:117db924cf7c 13243 }
wolfSSL 15:117db924cf7c 13244
wolfSSL 15:117db924cf7c 13245 for (i = 0; i < iovcnt; i++) {
wolfSSL 15:117db924cf7c 13246 XMEMCPY(&myBuffer[idx], iov[i].iov_base, iov[i].iov_len);
wolfSSL 15:117db924cf7c 13247 idx += (int)iov[i].iov_len;
wolfSSL 15:117db924cf7c 13248 }
wolfSSL 15:117db924cf7c 13249
wolfSSL 15:117db924cf7c 13250 ret = wolfSSL_write(ssl, myBuffer, sending);
wolfSSL 15:117db924cf7c 13251
wolfSSL 15:117db924cf7c 13252 if (dynamic)
wolfSSL 15:117db924cf7c 13253 XFREE(myBuffer, ssl->heap, DYNAMIC_TYPE_WRITEV);
wolfSSL 15:117db924cf7c 13254
wolfSSL 15:117db924cf7c 13255 return ret;
wolfSSL 15:117db924cf7c 13256 }
wolfSSL 15:117db924cf7c 13257 #endif
wolfSSL 15:117db924cf7c 13258 #endif
wolfSSL 15:117db924cf7c 13259
wolfSSL 15:117db924cf7c 13260
wolfSSL 15:117db924cf7c 13261 #ifdef WOLFSSL_CALLBACKS
wolfSSL 15:117db924cf7c 13262
wolfSSL 15:117db924cf7c 13263 typedef struct itimerval Itimerval;
wolfSSL 15:117db924cf7c 13264
wolfSSL 15:117db924cf7c 13265 /* don't keep calling simple functions while setting up timer and signals
wolfSSL 15:117db924cf7c 13266 if no inlining these are the next best */
wolfSSL 15:117db924cf7c 13267
wolfSSL 15:117db924cf7c 13268 #define AddTimes(a, b, c) \
wolfSSL 15:117db924cf7c 13269 do { \
wolfSSL 15:117db924cf7c 13270 c.tv_sec = a.tv_sec + b.tv_sec; \
wolfSSL 15:117db924cf7c 13271 c.tv_usec = a.tv_usec + b.tv_usec; \
wolfSSL 15:117db924cf7c 13272 if (c.tv_usec >= 1000000) { \
wolfSSL 15:117db924cf7c 13273 c.tv_sec++; \
wolfSSL 15:117db924cf7c 13274 c.tv_usec -= 1000000; \
wolfSSL 15:117db924cf7c 13275 } \
wolfSSL 15:117db924cf7c 13276 } while (0)
wolfSSL 15:117db924cf7c 13277
wolfSSL 15:117db924cf7c 13278
wolfSSL 15:117db924cf7c 13279 #define SubtractTimes(a, b, c) \
wolfSSL 15:117db924cf7c 13280 do { \
wolfSSL 15:117db924cf7c 13281 c.tv_sec = a.tv_sec - b.tv_sec; \
wolfSSL 15:117db924cf7c 13282 c.tv_usec = a.tv_usec - b.tv_usec; \
wolfSSL 15:117db924cf7c 13283 if (c.tv_usec < 0) { \
wolfSSL 15:117db924cf7c 13284 c.tv_sec--; \
wolfSSL 15:117db924cf7c 13285 c.tv_usec += 1000000; \
wolfSSL 15:117db924cf7c 13286 } \
wolfSSL 15:117db924cf7c 13287 } while (0)
wolfSSL 15:117db924cf7c 13288
wolfSSL 15:117db924cf7c 13289 #define CmpTimes(a, b, cmp) \
wolfSSL 15:117db924cf7c 13290 ((a.tv_sec == b.tv_sec) ? \
wolfSSL 15:117db924cf7c 13291 (a.tv_usec cmp b.tv_usec) : \
wolfSSL 15:117db924cf7c 13292 (a.tv_sec cmp b.tv_sec)) \
wolfSSL 15:117db924cf7c 13293
wolfSSL 15:117db924cf7c 13294
wolfSSL 15:117db924cf7c 13295 /* do nothing handler */
wolfSSL 15:117db924cf7c 13296 static void myHandler(int signo)
wolfSSL 15:117db924cf7c 13297 {
wolfSSL 15:117db924cf7c 13298 (void)signo;
wolfSSL 15:117db924cf7c 13299 return;
wolfSSL 15:117db924cf7c 13300 }
wolfSSL 15:117db924cf7c 13301
wolfSSL 15:117db924cf7c 13302
wolfSSL 15:117db924cf7c 13303 static int wolfSSL_ex_wrapper(WOLFSSL* ssl, HandShakeCallBack hsCb,
wolfSSL 16:8e0d178b1d1e 13304 TimeoutCallBack toCb, WOLFSSL_TIMEVAL timeout)
wolfSSL 15:117db924cf7c 13305 {
wolfSSL 15:117db924cf7c 13306 int ret = WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 13307 int oldTimerOn = 0; /* was timer already on */
wolfSSL 16:8e0d178b1d1e 13308 WOLFSSL_TIMEVAL startTime;
wolfSSL 16:8e0d178b1d1e 13309 WOLFSSL_TIMEVAL endTime;
wolfSSL 16:8e0d178b1d1e 13310 WOLFSSL_TIMEVAL totalTime;
wolfSSL 15:117db924cf7c 13311 Itimerval myTimeout;
wolfSSL 15:117db924cf7c 13312 Itimerval oldTimeout; /* if old timer adjust from total time to reset */
wolfSSL 15:117db924cf7c 13313 struct sigaction act, oact;
wolfSSL 15:117db924cf7c 13314
wolfSSL 15:117db924cf7c 13315 #define ERR_OUT(x) { ssl->hsInfoOn = 0; ssl->toInfoOn = 0; return x; }
wolfSSL 15:117db924cf7c 13316
wolfSSL 15:117db924cf7c 13317 if (hsCb) {
wolfSSL 15:117db924cf7c 13318 ssl->hsInfoOn = 1;
wolfSSL 15:117db924cf7c 13319 InitHandShakeInfo(&ssl->handShakeInfo, ssl);
wolfSSL 15:117db924cf7c 13320 }
wolfSSL 15:117db924cf7c 13321 if (toCb) {
wolfSSL 15:117db924cf7c 13322 ssl->toInfoOn = 1;
wolfSSL 15:117db924cf7c 13323 InitTimeoutInfo(&ssl->timeoutInfo);
wolfSSL 15:117db924cf7c 13324
wolfSSL 15:117db924cf7c 13325 if (gettimeofday(&startTime, 0) < 0)
wolfSSL 15:117db924cf7c 13326 ERR_OUT(GETTIME_ERROR);
wolfSSL 15:117db924cf7c 13327
wolfSSL 15:117db924cf7c 13328 /* use setitimer to simulate getitimer, init 0 myTimeout */
wolfSSL 15:117db924cf7c 13329 myTimeout.it_interval.tv_sec = 0;
wolfSSL 15:117db924cf7c 13330 myTimeout.it_interval.tv_usec = 0;
wolfSSL 15:117db924cf7c 13331 myTimeout.it_value.tv_sec = 0;
wolfSSL 15:117db924cf7c 13332 myTimeout.it_value.tv_usec = 0;
wolfSSL 15:117db924cf7c 13333 if (setitimer(ITIMER_REAL, &myTimeout, &oldTimeout) < 0)
wolfSSL 15:117db924cf7c 13334 ERR_OUT(SETITIMER_ERROR);
wolfSSL 15:117db924cf7c 13335
wolfSSL 15:117db924cf7c 13336 if (oldTimeout.it_value.tv_sec || oldTimeout.it_value.tv_usec) {
wolfSSL 15:117db924cf7c 13337 oldTimerOn = 1;
wolfSSL 15:117db924cf7c 13338
wolfSSL 15:117db924cf7c 13339 /* is old timer going to expire before ours */
wolfSSL 15:117db924cf7c 13340 if (CmpTimes(oldTimeout.it_value, timeout, <)) {
wolfSSL 15:117db924cf7c 13341 timeout.tv_sec = oldTimeout.it_value.tv_sec;
wolfSSL 15:117db924cf7c 13342 timeout.tv_usec = oldTimeout.it_value.tv_usec;
wolfSSL 15:117db924cf7c 13343 }
wolfSSL 15:117db924cf7c 13344 }
wolfSSL 15:117db924cf7c 13345 myTimeout.it_value.tv_sec = timeout.tv_sec;
wolfSSL 15:117db924cf7c 13346 myTimeout.it_value.tv_usec = timeout.tv_usec;
wolfSSL 15:117db924cf7c 13347
wolfSSL 15:117db924cf7c 13348 /* set up signal handler, don't restart socket send/recv */
wolfSSL 15:117db924cf7c 13349 act.sa_handler = myHandler;
wolfSSL 15:117db924cf7c 13350 sigemptyset(&act.sa_mask);
wolfSSL 15:117db924cf7c 13351 act.sa_flags = 0;
wolfSSL 15:117db924cf7c 13352 #ifdef SA_INTERRUPT
wolfSSL 15:117db924cf7c 13353 act.sa_flags |= SA_INTERRUPT;
wolfSSL 15:117db924cf7c 13354 #endif
wolfSSL 15:117db924cf7c 13355 if (sigaction(SIGALRM, &act, &oact) < 0)
wolfSSL 15:117db924cf7c 13356 ERR_OUT(SIGACT_ERROR);
wolfSSL 15:117db924cf7c 13357
wolfSSL 15:117db924cf7c 13358 if (setitimer(ITIMER_REAL, &myTimeout, 0) < 0)
wolfSSL 15:117db924cf7c 13359 ERR_OUT(SETITIMER_ERROR);
wolfSSL 15:117db924cf7c 13360 }
wolfSSL 15:117db924cf7c 13361
wolfSSL 15:117db924cf7c 13362 /* do main work */
wolfSSL 15:117db924cf7c 13363 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 15:117db924cf7c 13364 if (ssl->options.side == WOLFSSL_CLIENT_END)
wolfSSL 15:117db924cf7c 13365 ret = wolfSSL_connect(ssl);
wolfSSL 15:117db924cf7c 13366 #endif
wolfSSL 15:117db924cf7c 13367 #ifndef NO_WOLFSSL_SERVER
wolfSSL 15:117db924cf7c 13368 if (ssl->options.side == WOLFSSL_SERVER_END)
wolfSSL 15:117db924cf7c 13369 ret = wolfSSL_accept(ssl);
wolfSSL 15:117db924cf7c 13370 #endif
wolfSSL 15:117db924cf7c 13371
wolfSSL 15:117db924cf7c 13372 /* do callbacks */
wolfSSL 15:117db924cf7c 13373 if (toCb) {
wolfSSL 15:117db924cf7c 13374 if (oldTimerOn) {
wolfSSL 15:117db924cf7c 13375 gettimeofday(&endTime, 0);
wolfSSL 15:117db924cf7c 13376 SubtractTimes(endTime, startTime, totalTime);
wolfSSL 15:117db924cf7c 13377 /* adjust old timer for elapsed time */
wolfSSL 15:117db924cf7c 13378 if (CmpTimes(totalTime, oldTimeout.it_value, <))
wolfSSL 15:117db924cf7c 13379 SubtractTimes(oldTimeout.it_value, totalTime,
wolfSSL 15:117db924cf7c 13380 oldTimeout.it_value);
wolfSSL 15:117db924cf7c 13381 else {
wolfSSL 15:117db924cf7c 13382 /* reset value to interval, may be off */
wolfSSL 15:117db924cf7c 13383 oldTimeout.it_value.tv_sec = oldTimeout.it_interval.tv_sec;
wolfSSL 15:117db924cf7c 13384 oldTimeout.it_value.tv_usec =oldTimeout.it_interval.tv_usec;
wolfSSL 15:117db924cf7c 13385 }
wolfSSL 15:117db924cf7c 13386 /* keep iter the same whether there or not */
wolfSSL 15:117db924cf7c 13387 }
wolfSSL 15:117db924cf7c 13388 /* restore old handler */
wolfSSL 15:117db924cf7c 13389 if (sigaction(SIGALRM, &oact, 0) < 0)
wolfSSL 15:117db924cf7c 13390 ret = SIGACT_ERROR; /* more pressing error, stomp */
wolfSSL 15:117db924cf7c 13391 else
wolfSSL 15:117db924cf7c 13392 /* use old settings which may turn off (expired or not there) */
wolfSSL 15:117db924cf7c 13393 if (setitimer(ITIMER_REAL, &oldTimeout, 0) < 0)
wolfSSL 15:117db924cf7c 13394 ret = SETITIMER_ERROR;
wolfSSL 15:117db924cf7c 13395
wolfSSL 15:117db924cf7c 13396 /* if we had a timeout call callback */
wolfSSL 15:117db924cf7c 13397 if (ssl->timeoutInfo.timeoutName[0]) {
wolfSSL 15:117db924cf7c 13398 ssl->timeoutInfo.timeoutValue.tv_sec = timeout.tv_sec;
wolfSSL 15:117db924cf7c 13399 ssl->timeoutInfo.timeoutValue.tv_usec = timeout.tv_usec;
wolfSSL 15:117db924cf7c 13400 (toCb)(&ssl->timeoutInfo);
wolfSSL 15:117db924cf7c 13401 }
wolfSSL 15:117db924cf7c 13402 /* clean up */
wolfSSL 15:117db924cf7c 13403 FreeTimeoutInfo(&ssl->timeoutInfo, ssl->heap);
wolfSSL 15:117db924cf7c 13404 ssl->toInfoOn = 0;
wolfSSL 15:117db924cf7c 13405 }
wolfSSL 15:117db924cf7c 13406 if (hsCb) {
wolfSSL 15:117db924cf7c 13407 FinishHandShakeInfo(&ssl->handShakeInfo);
wolfSSL 15:117db924cf7c 13408 (hsCb)(&ssl->handShakeInfo);
wolfSSL 15:117db924cf7c 13409 ssl->hsInfoOn = 0;
wolfSSL 15:117db924cf7c 13410 }
wolfSSL 15:117db924cf7c 13411 return ret;
wolfSSL 15:117db924cf7c 13412 }
wolfSSL 15:117db924cf7c 13413
wolfSSL 15:117db924cf7c 13414
wolfSSL 15:117db924cf7c 13415 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 15:117db924cf7c 13416
wolfSSL 15:117db924cf7c 13417 int wolfSSL_connect_ex(WOLFSSL* ssl, HandShakeCallBack hsCb,
wolfSSL 16:8e0d178b1d1e 13418 TimeoutCallBack toCb, WOLFSSL_TIMEVAL timeout)
wolfSSL 15:117db924cf7c 13419 {
wolfSSL 15:117db924cf7c 13420 WOLFSSL_ENTER("wolfSSL_connect_ex");
wolfSSL 15:117db924cf7c 13421 return wolfSSL_ex_wrapper(ssl, hsCb, toCb, timeout);
wolfSSL 15:117db924cf7c 13422 }
wolfSSL 15:117db924cf7c 13423
wolfSSL 15:117db924cf7c 13424 #endif
wolfSSL 15:117db924cf7c 13425
wolfSSL 15:117db924cf7c 13426
wolfSSL 15:117db924cf7c 13427 #ifndef NO_WOLFSSL_SERVER
wolfSSL 15:117db924cf7c 13428
wolfSSL 15:117db924cf7c 13429 int wolfSSL_accept_ex(WOLFSSL* ssl, HandShakeCallBack hsCb,
wolfSSL 16:8e0d178b1d1e 13430 TimeoutCallBack toCb, WOLFSSL_TIMEVAL timeout)
wolfSSL 15:117db924cf7c 13431 {
wolfSSL 15:117db924cf7c 13432 WOLFSSL_ENTER("wolfSSL_accept_ex");
wolfSSL 15:117db924cf7c 13433 return wolfSSL_ex_wrapper(ssl, hsCb, toCb, timeout);
wolfSSL 15:117db924cf7c 13434 }
wolfSSL 15:117db924cf7c 13435
wolfSSL 15:117db924cf7c 13436 #endif
wolfSSL 15:117db924cf7c 13437
wolfSSL 15:117db924cf7c 13438 #endif /* WOLFSSL_CALLBACKS */
wolfSSL 15:117db924cf7c 13439
wolfSSL 15:117db924cf7c 13440
wolfSSL 15:117db924cf7c 13441 #ifndef NO_PSK
wolfSSL 15:117db924cf7c 13442
wolfSSL 15:117db924cf7c 13443 void wolfSSL_CTX_set_psk_client_callback(WOLFSSL_CTX* ctx,
wolfSSL 15:117db924cf7c 13444 wc_psk_client_callback cb)
wolfSSL 15:117db924cf7c 13445 {
wolfSSL 15:117db924cf7c 13446 WOLFSSL_ENTER("SSL_CTX_set_psk_client_callback");
wolfSSL 16:8e0d178b1d1e 13447
wolfSSL 16:8e0d178b1d1e 13448 if (ctx == NULL)
wolfSSL 16:8e0d178b1d1e 13449 return;
wolfSSL 16:8e0d178b1d1e 13450
wolfSSL 15:117db924cf7c 13451 ctx->havePSK = 1;
wolfSSL 15:117db924cf7c 13452 ctx->client_psk_cb = cb;
wolfSSL 15:117db924cf7c 13453 }
wolfSSL 15:117db924cf7c 13454
wolfSSL 15:117db924cf7c 13455
wolfSSL 15:117db924cf7c 13456 void wolfSSL_set_psk_client_callback(WOLFSSL* ssl,wc_psk_client_callback cb)
wolfSSL 15:117db924cf7c 13457 {
wolfSSL 15:117db924cf7c 13458 byte haveRSA = 1;
wolfSSL 15:117db924cf7c 13459 int keySz = 0;
wolfSSL 15:117db924cf7c 13460
wolfSSL 15:117db924cf7c 13461 WOLFSSL_ENTER("SSL_set_psk_client_callback");
wolfSSL 16:8e0d178b1d1e 13462
wolfSSL 16:8e0d178b1d1e 13463 if (ssl == NULL)
wolfSSL 16:8e0d178b1d1e 13464 return;
wolfSSL 16:8e0d178b1d1e 13465
wolfSSL 15:117db924cf7c 13466 ssl->options.havePSK = 1;
wolfSSL 15:117db924cf7c 13467 ssl->options.client_psk_cb = cb;
wolfSSL 15:117db924cf7c 13468
wolfSSL 15:117db924cf7c 13469 #ifdef NO_RSA
wolfSSL 15:117db924cf7c 13470 haveRSA = 0;
wolfSSL 15:117db924cf7c 13471 #endif
wolfSSL 15:117db924cf7c 13472 #ifndef NO_CERTS
wolfSSL 15:117db924cf7c 13473 keySz = ssl->buffers.keySz;
wolfSSL 15:117db924cf7c 13474 #endif
wolfSSL 15:117db924cf7c 13475 InitSuites(ssl->suites, ssl->version, keySz, haveRSA, TRUE,
wolfSSL 15:117db924cf7c 13476 ssl->options.haveDH, ssl->options.haveNTRU,
wolfSSL 15:117db924cf7c 13477 ssl->options.haveECDSAsig, ssl->options.haveECC,
wolfSSL 15:117db924cf7c 13478 ssl->options.haveStaticECC, ssl->options.side);
wolfSSL 15:117db924cf7c 13479 }
wolfSSL 15:117db924cf7c 13480
wolfSSL 15:117db924cf7c 13481
wolfSSL 15:117db924cf7c 13482 void wolfSSL_CTX_set_psk_server_callback(WOLFSSL_CTX* ctx,
wolfSSL 15:117db924cf7c 13483 wc_psk_server_callback cb)
wolfSSL 15:117db924cf7c 13484 {
wolfSSL 15:117db924cf7c 13485 WOLFSSL_ENTER("SSL_CTX_set_psk_server_callback");
wolfSSL 16:8e0d178b1d1e 13486 if (ctx == NULL)
wolfSSL 16:8e0d178b1d1e 13487 return;
wolfSSL 15:117db924cf7c 13488 ctx->havePSK = 1;
wolfSSL 15:117db924cf7c 13489 ctx->server_psk_cb = cb;
wolfSSL 15:117db924cf7c 13490 }
wolfSSL 15:117db924cf7c 13491
wolfSSL 15:117db924cf7c 13492
wolfSSL 15:117db924cf7c 13493 void wolfSSL_set_psk_server_callback(WOLFSSL* ssl,wc_psk_server_callback cb)
wolfSSL 15:117db924cf7c 13494 {
wolfSSL 15:117db924cf7c 13495 byte haveRSA = 1;
wolfSSL 15:117db924cf7c 13496 int keySz = 0;
wolfSSL 15:117db924cf7c 13497
wolfSSL 15:117db924cf7c 13498 WOLFSSL_ENTER("SSL_set_psk_server_callback");
wolfSSL 16:8e0d178b1d1e 13499 if (ssl == NULL)
wolfSSL 16:8e0d178b1d1e 13500 return;
wolfSSL 16:8e0d178b1d1e 13501
wolfSSL 15:117db924cf7c 13502 ssl->options.havePSK = 1;
wolfSSL 15:117db924cf7c 13503 ssl->options.server_psk_cb = cb;
wolfSSL 15:117db924cf7c 13504
wolfSSL 15:117db924cf7c 13505 #ifdef NO_RSA
wolfSSL 15:117db924cf7c 13506 haveRSA = 0;
wolfSSL 15:117db924cf7c 13507 #endif
wolfSSL 15:117db924cf7c 13508 #ifndef NO_CERTS
wolfSSL 15:117db924cf7c 13509 keySz = ssl->buffers.keySz;
wolfSSL 15:117db924cf7c 13510 #endif
wolfSSL 15:117db924cf7c 13511 InitSuites(ssl->suites, ssl->version, keySz, haveRSA, TRUE,
wolfSSL 15:117db924cf7c 13512 ssl->options.haveDH, ssl->options.haveNTRU,
wolfSSL 15:117db924cf7c 13513 ssl->options.haveECDSAsig, ssl->options.haveECC,
wolfSSL 15:117db924cf7c 13514 ssl->options.haveStaticECC, ssl->options.side);
wolfSSL 15:117db924cf7c 13515 }
wolfSSL 15:117db924cf7c 13516
wolfSSL 15:117db924cf7c 13517
wolfSSL 15:117db924cf7c 13518 const char* wolfSSL_get_psk_identity_hint(const WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 13519 {
wolfSSL 15:117db924cf7c 13520 WOLFSSL_ENTER("SSL_get_psk_identity_hint");
wolfSSL 15:117db924cf7c 13521
wolfSSL 15:117db924cf7c 13522 if (ssl == NULL || ssl->arrays == NULL)
wolfSSL 15:117db924cf7c 13523 return NULL;
wolfSSL 15:117db924cf7c 13524
wolfSSL 15:117db924cf7c 13525 return ssl->arrays->server_hint;
wolfSSL 15:117db924cf7c 13526 }
wolfSSL 15:117db924cf7c 13527
wolfSSL 15:117db924cf7c 13528
wolfSSL 15:117db924cf7c 13529 const char* wolfSSL_get_psk_identity(const WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 13530 {
wolfSSL 15:117db924cf7c 13531 WOLFSSL_ENTER("SSL_get_psk_identity");
wolfSSL 15:117db924cf7c 13532
wolfSSL 15:117db924cf7c 13533 if (ssl == NULL || ssl->arrays == NULL)
wolfSSL 15:117db924cf7c 13534 return NULL;
wolfSSL 15:117db924cf7c 13535
wolfSSL 15:117db924cf7c 13536 return ssl->arrays->client_identity;
wolfSSL 15:117db924cf7c 13537 }
wolfSSL 15:117db924cf7c 13538
wolfSSL 15:117db924cf7c 13539
wolfSSL 15:117db924cf7c 13540 int wolfSSL_CTX_use_psk_identity_hint(WOLFSSL_CTX* ctx, const char* hint)
wolfSSL 15:117db924cf7c 13541 {
wolfSSL 15:117db924cf7c 13542 WOLFSSL_ENTER("SSL_CTX_use_psk_identity_hint");
wolfSSL 15:117db924cf7c 13543 if (hint == 0)
wolfSSL 15:117db924cf7c 13544 ctx->server_hint[0] = '\0';
wolfSSL 15:117db924cf7c 13545 else {
wolfSSL 16:8e0d178b1d1e 13546 /* Qt does not call CTX_set_*_psk_callbacks where havePSK is set */
wolfSSL 16:8e0d178b1d1e 13547 #ifdef WOLFSSL_QT
wolfSSL 16:8e0d178b1d1e 13548 ctx->havePSK=1;
wolfSSL 16:8e0d178b1d1e 13549 #endif
wolfSSL 16:8e0d178b1d1e 13550 XSTRNCPY(ctx->server_hint, hint, MAX_PSK_ID_LEN);
wolfSSL 15:117db924cf7c 13551 ctx->server_hint[MAX_PSK_ID_LEN] = '\0'; /* null term */
wolfSSL 15:117db924cf7c 13552 }
wolfSSL 15:117db924cf7c 13553 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 13554 }
wolfSSL 15:117db924cf7c 13555
wolfSSL 15:117db924cf7c 13556
wolfSSL 15:117db924cf7c 13557 int wolfSSL_use_psk_identity_hint(WOLFSSL* ssl, const char* hint)
wolfSSL 15:117db924cf7c 13558 {
wolfSSL 15:117db924cf7c 13559 WOLFSSL_ENTER("SSL_use_psk_identity_hint");
wolfSSL 15:117db924cf7c 13560
wolfSSL 15:117db924cf7c 13561 if (ssl == NULL || ssl->arrays == NULL)
wolfSSL 15:117db924cf7c 13562 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 13563
wolfSSL 15:117db924cf7c 13564 if (hint == 0)
wolfSSL 15:117db924cf7c 13565 ssl->arrays->server_hint[0] = 0;
wolfSSL 15:117db924cf7c 13566 else {
wolfSSL 15:117db924cf7c 13567 XSTRNCPY(ssl->arrays->server_hint, hint,
wolfSSL 16:8e0d178b1d1e 13568 sizeof(ssl->arrays->server_hint)-1);
wolfSSL 16:8e0d178b1d1e 13569 ssl->arrays->server_hint[sizeof(ssl->arrays->server_hint)-1] = '\0';
wolfSSL 15:117db924cf7c 13570 }
wolfSSL 15:117db924cf7c 13571 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 13572 }
wolfSSL 15:117db924cf7c 13573
wolfSSL 15:117db924cf7c 13574 #endif /* NO_PSK */
wolfSSL 15:117db924cf7c 13575
wolfSSL 15:117db924cf7c 13576
wolfSSL 15:117db924cf7c 13577 #ifdef HAVE_ANON
wolfSSL 15:117db924cf7c 13578
wolfSSL 15:117db924cf7c 13579 int wolfSSL_CTX_allow_anon_cipher(WOLFSSL_CTX* ctx)
wolfSSL 15:117db924cf7c 13580 {
wolfSSL 15:117db924cf7c 13581 WOLFSSL_ENTER("wolfSSL_CTX_allow_anon_cipher");
wolfSSL 15:117db924cf7c 13582
wolfSSL 15:117db924cf7c 13583 if (ctx == NULL)
wolfSSL 15:117db924cf7c 13584 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 13585
wolfSSL 15:117db924cf7c 13586 ctx->haveAnon = 1;
wolfSSL 15:117db924cf7c 13587
wolfSSL 15:117db924cf7c 13588 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 13589 }
wolfSSL 15:117db924cf7c 13590
wolfSSL 15:117db924cf7c 13591 #endif /* HAVE_ANON */
wolfSSL 15:117db924cf7c 13592
wolfSSL 15:117db924cf7c 13593
wolfSSL 15:117db924cf7c 13594 #ifndef NO_CERTS
wolfSSL 15:117db924cf7c 13595 /* used to be defined on NO_FILESYSTEM only, but are generally useful */
wolfSSL 15:117db924cf7c 13596
wolfSSL 16:8e0d178b1d1e 13597 int wolfSSL_CTX_load_verify_buffer_ex(WOLFSSL_CTX* ctx,
wolfSSL 16:8e0d178b1d1e 13598 const unsigned char* in,
wolfSSL 16:8e0d178b1d1e 13599 long sz, int format, int userChain,
wolfSSL 16:8e0d178b1d1e 13600 word32 flags)
wolfSSL 16:8e0d178b1d1e 13601 {
wolfSSL 16:8e0d178b1d1e 13602 int verify;
wolfSSL 16:8e0d178b1d1e 13603
wolfSSL 16:8e0d178b1d1e 13604 WOLFSSL_ENTER("wolfSSL_CTX_load_verify_buffer_ex");
wolfSSL 16:8e0d178b1d1e 13605
wolfSSL 16:8e0d178b1d1e 13606 verify = GET_VERIFY_SETTING_CTX(ctx);
wolfSSL 16:8e0d178b1d1e 13607 if (flags & WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY)
wolfSSL 16:8e0d178b1d1e 13608 verify = VERIFY_SKIP_DATE;
wolfSSL 16:8e0d178b1d1e 13609
wolfSSL 16:8e0d178b1d1e 13610 if (format == WOLFSSL_FILETYPE_PEM)
wolfSSL 16:8e0d178b1d1e 13611 return ProcessChainBuffer(ctx, in, sz, format, CA_TYPE, NULL,
wolfSSL 16:8e0d178b1d1e 13612 verify);
wolfSSL 16:8e0d178b1d1e 13613 else
wolfSSL 16:8e0d178b1d1e 13614 return ProcessBuffer(ctx, in, sz, format, CA_TYPE, NULL, NULL,
wolfSSL 16:8e0d178b1d1e 13615 userChain, verify);
wolfSSL 16:8e0d178b1d1e 13616 }
wolfSSL 16:8e0d178b1d1e 13617
wolfSSL 15:117db924cf7c 13618 /* wolfSSL extension allows DER files to be loaded from buffers as well */
wolfSSL 15:117db924cf7c 13619 int wolfSSL_CTX_load_verify_buffer(WOLFSSL_CTX* ctx,
wolfSSL 15:117db924cf7c 13620 const unsigned char* in,
wolfSSL 15:117db924cf7c 13621 long sz, int format)
wolfSSL 15:117db924cf7c 13622 {
wolfSSL 16:8e0d178b1d1e 13623 return wolfSSL_CTX_load_verify_buffer_ex(ctx, in, sz, format, 0,
wolfSSL 16:8e0d178b1d1e 13624 WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS);
wolfSSL 16:8e0d178b1d1e 13625 }
wolfSSL 16:8e0d178b1d1e 13626
wolfSSL 16:8e0d178b1d1e 13627 int wolfSSL_CTX_load_verify_chain_buffer_format(WOLFSSL_CTX* ctx,
wolfSSL 16:8e0d178b1d1e 13628 const unsigned char* in,
wolfSSL 16:8e0d178b1d1e 13629 long sz, int format)
wolfSSL 16:8e0d178b1d1e 13630 {
wolfSSL 16:8e0d178b1d1e 13631 return wolfSSL_CTX_load_verify_buffer_ex(ctx, in, sz, format, 1,
wolfSSL 16:8e0d178b1d1e 13632 WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS);
wolfSSL 15:117db924cf7c 13633 }
wolfSSL 15:117db924cf7c 13634
wolfSSL 15:117db924cf7c 13635
wolfSSL 15:117db924cf7c 13636 #ifdef WOLFSSL_TRUST_PEER_CERT
wolfSSL 15:117db924cf7c 13637 int wolfSSL_CTX_trust_peer_buffer(WOLFSSL_CTX* ctx,
wolfSSL 15:117db924cf7c 13638 const unsigned char* in,
wolfSSL 15:117db924cf7c 13639 long sz, int format)
wolfSSL 15:117db924cf7c 13640 {
wolfSSL 15:117db924cf7c 13641 WOLFSSL_ENTER("wolfSSL_CTX_trust_peer_buffer");
wolfSSL 15:117db924cf7c 13642
wolfSSL 15:117db924cf7c 13643 /* sanity check on arguments */
wolfSSL 15:117db924cf7c 13644 if (sz < 0 || in == NULL || ctx == NULL) {
wolfSSL 15:117db924cf7c 13645 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 13646 }
wolfSSL 15:117db924cf7c 13647
wolfSSL 15:117db924cf7c 13648 if (format == WOLFSSL_FILETYPE_PEM)
wolfSSL 16:8e0d178b1d1e 13649 return ProcessChainBuffer(ctx, in, sz, format, TRUSTED_PEER_TYPE,
wolfSSL 16:8e0d178b1d1e 13650 NULL, GET_VERIFY_SETTING_CTX(ctx));
wolfSSL 16:8e0d178b1d1e 13651 else
wolfSSL 16:8e0d178b1d1e 13652 return ProcessBuffer(ctx, in, sz, format, TRUSTED_PEER_TYPE, NULL,
wolfSSL 16:8e0d178b1d1e 13653 NULL, 0, GET_VERIFY_SETTING_CTX(ctx));
wolfSSL 15:117db924cf7c 13654 }
wolfSSL 15:117db924cf7c 13655 #endif /* WOLFSSL_TRUST_PEER_CERT */
wolfSSL 15:117db924cf7c 13656
wolfSSL 15:117db924cf7c 13657
wolfSSL 15:117db924cf7c 13658 int wolfSSL_CTX_use_certificate_buffer(WOLFSSL_CTX* ctx,
wolfSSL 15:117db924cf7c 13659 const unsigned char* in, long sz, int format)
wolfSSL 15:117db924cf7c 13660 {
wolfSSL 15:117db924cf7c 13661 WOLFSSL_ENTER("wolfSSL_CTX_use_certificate_buffer");
wolfSSL 16:8e0d178b1d1e 13662 return ProcessBuffer(ctx, in, sz, format, CERT_TYPE, NULL, NULL, 0,
wolfSSL 16:8e0d178b1d1e 13663 GET_VERIFY_SETTING_CTX(ctx));
wolfSSL 15:117db924cf7c 13664 }
wolfSSL 15:117db924cf7c 13665
wolfSSL 15:117db924cf7c 13666
wolfSSL 15:117db924cf7c 13667 int wolfSSL_CTX_use_PrivateKey_buffer(WOLFSSL_CTX* ctx,
wolfSSL 15:117db924cf7c 13668 const unsigned char* in, long sz, int format)
wolfSSL 15:117db924cf7c 13669 {
wolfSSL 15:117db924cf7c 13670 WOLFSSL_ENTER("wolfSSL_CTX_use_PrivateKey_buffer");
wolfSSL 16:8e0d178b1d1e 13671 return ProcessBuffer(ctx, in, sz, format, PRIVATEKEY_TYPE, NULL, NULL,
wolfSSL 16:8e0d178b1d1e 13672 0, GET_VERIFY_SETTING_CTX(ctx));
wolfSSL 16:8e0d178b1d1e 13673 }
wolfSSL 16:8e0d178b1d1e 13674
wolfSSL 16:8e0d178b1d1e 13675 #ifdef HAVE_PKCS11
wolfSSL 16:8e0d178b1d1e 13676 int wolfSSL_CTX_use_PrivateKey_id(WOLFSSL_CTX* ctx, const unsigned char* id,
wolfSSL 16:8e0d178b1d1e 13677 long sz, int devId, long keySz)
wolfSSL 16:8e0d178b1d1e 13678 {
wolfSSL 16:8e0d178b1d1e 13679 int ret = WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 13680
wolfSSL 16:8e0d178b1d1e 13681 FreeDer(&ctx->privateKey);
wolfSSL 16:8e0d178b1d1e 13682 if (AllocDer(&ctx->privateKey, (word32)sz, PRIVATEKEY_TYPE,
wolfSSL 16:8e0d178b1d1e 13683 ctx->heap) == 0) {
wolfSSL 16:8e0d178b1d1e 13684 XMEMCPY(ctx->privateKey->buffer, id, sz);
wolfSSL 16:8e0d178b1d1e 13685 ctx->privateKeyId = 1;
wolfSSL 16:8e0d178b1d1e 13686 ctx->privateKeySz = (word32)keySz;
wolfSSL 16:8e0d178b1d1e 13687 if (devId != INVALID_DEVID)
wolfSSL 16:8e0d178b1d1e 13688 ctx->privateKeyDevId = devId;
wolfSSL 16:8e0d178b1d1e 13689 else
wolfSSL 16:8e0d178b1d1e 13690 ctx->privateKeyDevId = ctx->devId;
wolfSSL 16:8e0d178b1d1e 13691
wolfSSL 16:8e0d178b1d1e 13692 ret = WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 13693 }
wolfSSL 16:8e0d178b1d1e 13694
wolfSSL 16:8e0d178b1d1e 13695 return ret;
wolfSSL 16:8e0d178b1d1e 13696 }
wolfSSL 16:8e0d178b1d1e 13697 #endif
wolfSSL 15:117db924cf7c 13698
wolfSSL 15:117db924cf7c 13699 int wolfSSL_CTX_use_certificate_chain_buffer_format(WOLFSSL_CTX* ctx,
wolfSSL 15:117db924cf7c 13700 const unsigned char* in, long sz, int format)
wolfSSL 15:117db924cf7c 13701 {
wolfSSL 15:117db924cf7c 13702 WOLFSSL_ENTER("wolfSSL_CTX_use_certificate_chain_buffer_format");
wolfSSL 16:8e0d178b1d1e 13703 return ProcessBuffer(ctx, in, sz, format, CERT_TYPE, NULL, NULL, 1,
wolfSSL 16:8e0d178b1d1e 13704 GET_VERIFY_SETTING_CTX(ctx));
wolfSSL 15:117db924cf7c 13705 }
wolfSSL 15:117db924cf7c 13706
wolfSSL 15:117db924cf7c 13707 int wolfSSL_CTX_use_certificate_chain_buffer(WOLFSSL_CTX* ctx,
wolfSSL 15:117db924cf7c 13708 const unsigned char* in, long sz)
wolfSSL 15:117db924cf7c 13709 {
wolfSSL 15:117db924cf7c 13710 return wolfSSL_CTX_use_certificate_chain_buffer_format(ctx, in, sz,
wolfSSL 15:117db924cf7c 13711 WOLFSSL_FILETYPE_PEM);
wolfSSL 15:117db924cf7c 13712 }
wolfSSL 15:117db924cf7c 13713
wolfSSL 15:117db924cf7c 13714
wolfSSL 15:117db924cf7c 13715 #ifndef NO_DH
wolfSSL 15:117db924cf7c 13716
wolfSSL 15:117db924cf7c 13717 /* server wrapper for ctx or ssl Diffie-Hellman parameters */
wolfSSL 15:117db924cf7c 13718 static int wolfSSL_SetTmpDH_buffer_wrapper(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
wolfSSL 15:117db924cf7c 13719 const unsigned char* buf,
wolfSSL 15:117db924cf7c 13720 long sz, int format)
wolfSSL 15:117db924cf7c 13721 {
wolfSSL 15:117db924cf7c 13722 DerBuffer* der = NULL;
wolfSSL 15:117db924cf7c 13723 int ret = 0;
wolfSSL 15:117db924cf7c 13724 word32 pSz = MAX_DH_SIZE;
wolfSSL 15:117db924cf7c 13725 word32 gSz = MAX_DH_SIZE;
wolfSSL 15:117db924cf7c 13726 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 13727 byte* p = NULL;
wolfSSL 15:117db924cf7c 13728 byte* g = NULL;
wolfSSL 15:117db924cf7c 13729 #else
wolfSSL 15:117db924cf7c 13730 byte p[MAX_DH_SIZE];
wolfSSL 15:117db924cf7c 13731 byte g[MAX_DH_SIZE];
wolfSSL 15:117db924cf7c 13732 #endif
wolfSSL 15:117db924cf7c 13733
wolfSSL 15:117db924cf7c 13734 if (ctx == NULL || buf == NULL)
wolfSSL 15:117db924cf7c 13735 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 13736
wolfSSL 15:117db924cf7c 13737 ret = AllocDer(&der, 0, DH_PARAM_TYPE, ctx->heap);
wolfSSL 15:117db924cf7c 13738 if (ret != 0) {
wolfSSL 15:117db924cf7c 13739 return ret;
wolfSSL 15:117db924cf7c 13740 }
wolfSSL 15:117db924cf7c 13741 der->buffer = (byte*)buf;
wolfSSL 15:117db924cf7c 13742 der->length = (word32)sz;
wolfSSL 15:117db924cf7c 13743
wolfSSL 15:117db924cf7c 13744 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 13745 p = (byte*)XMALLOC(pSz, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 15:117db924cf7c 13746 g = (byte*)XMALLOC(gSz, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 15:117db924cf7c 13747
wolfSSL 15:117db924cf7c 13748 if (p == NULL || g == NULL) {
wolfSSL 15:117db924cf7c 13749 XFREE(p, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 15:117db924cf7c 13750 XFREE(g, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 15:117db924cf7c 13751 return MEMORY_E;
wolfSSL 15:117db924cf7c 13752 }
wolfSSL 15:117db924cf7c 13753 #endif
wolfSSL 15:117db924cf7c 13754
wolfSSL 15:117db924cf7c 13755 if (format != WOLFSSL_FILETYPE_ASN1 && format != WOLFSSL_FILETYPE_PEM)
wolfSSL 15:117db924cf7c 13756 ret = WOLFSSL_BAD_FILETYPE;
wolfSSL 15:117db924cf7c 13757 else {
wolfSSL 15:117db924cf7c 13758 if (format == WOLFSSL_FILETYPE_PEM) {
wolfSSL 15:117db924cf7c 13759 #ifdef WOLFSSL_PEM_TO_DER
wolfSSL 15:117db924cf7c 13760 FreeDer(&der);
wolfSSL 15:117db924cf7c 13761 ret = PemToDer(buf, sz, DH_PARAM_TYPE, &der, ctx->heap,
wolfSSL 15:117db924cf7c 13762 NULL, NULL);
wolfSSL 15:117db924cf7c 13763 #ifdef WOLFSSL_WPAS
wolfSSL 15:117db924cf7c 13764 #ifndef NO_DSA
wolfSSL 15:117db924cf7c 13765 if (ret < 0) {
wolfSSL 15:117db924cf7c 13766 ret = PemToDer(buf, sz, DSA_PARAM_TYPE, &der, ctx->heap,
wolfSSL 15:117db924cf7c 13767 NULL, NULL);
wolfSSL 15:117db924cf7c 13768 }
wolfSSL 15:117db924cf7c 13769 #endif
wolfSSL 15:117db924cf7c 13770 #endif /* WOLFSSL_WPAS */
wolfSSL 15:117db924cf7c 13771 #else
wolfSSL 15:117db924cf7c 13772 ret = NOT_COMPILED_IN;
wolfSSL 15:117db924cf7c 13773 #endif /* WOLFSSL_PEM_TO_DER */
wolfSSL 15:117db924cf7c 13774 }
wolfSSL 15:117db924cf7c 13775
wolfSSL 15:117db924cf7c 13776 if (ret == 0) {
wolfSSL 15:117db924cf7c 13777 if (wc_DhParamsLoad(der->buffer, der->length, p, &pSz, g, &gSz) < 0)
wolfSSL 15:117db924cf7c 13778 ret = WOLFSSL_BAD_FILETYPE;
wolfSSL 15:117db924cf7c 13779 else if (ssl)
wolfSSL 15:117db924cf7c 13780 ret = wolfSSL_SetTmpDH(ssl, p, pSz, g, gSz);
wolfSSL 15:117db924cf7c 13781 else
wolfSSL 15:117db924cf7c 13782 ret = wolfSSL_CTX_SetTmpDH(ctx, p, pSz, g, gSz);
wolfSSL 15:117db924cf7c 13783 }
wolfSSL 15:117db924cf7c 13784 }
wolfSSL 15:117db924cf7c 13785
wolfSSL 15:117db924cf7c 13786 FreeDer(&der);
wolfSSL 15:117db924cf7c 13787
wolfSSL 15:117db924cf7c 13788 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 13789 XFREE(p, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 15:117db924cf7c 13790 XFREE(g, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 15:117db924cf7c 13791 #endif
wolfSSL 15:117db924cf7c 13792
wolfSSL 15:117db924cf7c 13793 return ret;
wolfSSL 15:117db924cf7c 13794 }
wolfSSL 15:117db924cf7c 13795
wolfSSL 15:117db924cf7c 13796
wolfSSL 15:117db924cf7c 13797 /* server Diffie-Hellman parameters, WOLFSSL_SUCCESS on ok */
wolfSSL 15:117db924cf7c 13798 int wolfSSL_SetTmpDH_buffer(WOLFSSL* ssl, const unsigned char* buf, long sz,
wolfSSL 15:117db924cf7c 13799 int format)
wolfSSL 15:117db924cf7c 13800 {
wolfSSL 15:117db924cf7c 13801 if (ssl == NULL)
wolfSSL 15:117db924cf7c 13802 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 13803
wolfSSL 15:117db924cf7c 13804 return wolfSSL_SetTmpDH_buffer_wrapper(ssl->ctx, ssl, buf, sz, format);
wolfSSL 15:117db924cf7c 13805 }
wolfSSL 15:117db924cf7c 13806
wolfSSL 15:117db924cf7c 13807
wolfSSL 15:117db924cf7c 13808 /* server ctx Diffie-Hellman parameters, WOLFSSL_SUCCESS on ok */
wolfSSL 15:117db924cf7c 13809 int wolfSSL_CTX_SetTmpDH_buffer(WOLFSSL_CTX* ctx, const unsigned char* buf,
wolfSSL 15:117db924cf7c 13810 long sz, int format)
wolfSSL 15:117db924cf7c 13811 {
wolfSSL 15:117db924cf7c 13812 return wolfSSL_SetTmpDH_buffer_wrapper(ctx, NULL, buf, sz, format);
wolfSSL 15:117db924cf7c 13813 }
wolfSSL 15:117db924cf7c 13814
wolfSSL 15:117db924cf7c 13815 #endif /* NO_DH */
wolfSSL 15:117db924cf7c 13816
wolfSSL 15:117db924cf7c 13817
wolfSSL 15:117db924cf7c 13818 int wolfSSL_use_certificate_buffer(WOLFSSL* ssl,
wolfSSL 15:117db924cf7c 13819 const unsigned char* in, long sz, int format)
wolfSSL 15:117db924cf7c 13820 {
wolfSSL 15:117db924cf7c 13821 WOLFSSL_ENTER("wolfSSL_use_certificate_buffer");
wolfSSL 16:8e0d178b1d1e 13822 if (ssl == NULL)
wolfSSL 16:8e0d178b1d1e 13823 return BAD_FUNC_ARG;
wolfSSL 16:8e0d178b1d1e 13824
wolfSSL 16:8e0d178b1d1e 13825 return ProcessBuffer(ssl->ctx, in, sz, format, CERT_TYPE, ssl, NULL, 0,
wolfSSL 16:8e0d178b1d1e 13826 GET_VERIFY_SETTING_SSL(ssl));
wolfSSL 15:117db924cf7c 13827 }
wolfSSL 15:117db924cf7c 13828
wolfSSL 15:117db924cf7c 13829
wolfSSL 15:117db924cf7c 13830 int wolfSSL_use_PrivateKey_buffer(WOLFSSL* ssl,
wolfSSL 15:117db924cf7c 13831 const unsigned char* in, long sz, int format)
wolfSSL 15:117db924cf7c 13832 {
wolfSSL 15:117db924cf7c 13833 WOLFSSL_ENTER("wolfSSL_use_PrivateKey_buffer");
wolfSSL 16:8e0d178b1d1e 13834 if (ssl == NULL)
wolfSSL 16:8e0d178b1d1e 13835 return BAD_FUNC_ARG;
wolfSSL 16:8e0d178b1d1e 13836
wolfSSL 15:117db924cf7c 13837 return ProcessBuffer(ssl->ctx, in, sz, format, PRIVATEKEY_TYPE,
wolfSSL 16:8e0d178b1d1e 13838 ssl, NULL, 0, GET_VERIFY_SETTING_SSL(ssl));
wolfSSL 16:8e0d178b1d1e 13839 }
wolfSSL 16:8e0d178b1d1e 13840
wolfSSL 16:8e0d178b1d1e 13841 #ifdef HAVE_PKCS11
wolfSSL 16:8e0d178b1d1e 13842 int wolfSSL_use_PrivateKey_id(WOLFSSL* ssl, const unsigned char* id,
wolfSSL 16:8e0d178b1d1e 13843 long sz, int devId, long keySz)
wolfSSL 16:8e0d178b1d1e 13844 {
wolfSSL 16:8e0d178b1d1e 13845 int ret = WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 13846
wolfSSL 16:8e0d178b1d1e 13847 if (ssl->buffers.weOwnKey)
wolfSSL 16:8e0d178b1d1e 13848 FreeDer(&ssl->buffers.key);
wolfSSL 16:8e0d178b1d1e 13849 if (AllocDer(&ssl->buffers.key, (word32)sz, PRIVATEKEY_TYPE,
wolfSSL 16:8e0d178b1d1e 13850 ssl->heap) == 0) {
wolfSSL 16:8e0d178b1d1e 13851 XMEMCPY(ssl->buffers.key->buffer, id, sz);
wolfSSL 16:8e0d178b1d1e 13852 ssl->buffers.weOwnKey = 1;
wolfSSL 16:8e0d178b1d1e 13853 ssl->buffers.keyId = 1;
wolfSSL 16:8e0d178b1d1e 13854 ssl->buffers.keySz = (word32)keySz;
wolfSSL 16:8e0d178b1d1e 13855 if (devId != INVALID_DEVID)
wolfSSL 16:8e0d178b1d1e 13856 ssl->buffers.keyDevId = devId;
wolfSSL 16:8e0d178b1d1e 13857 else
wolfSSL 16:8e0d178b1d1e 13858 ssl->buffers.keyDevId = ssl->devId;
wolfSSL 16:8e0d178b1d1e 13859
wolfSSL 16:8e0d178b1d1e 13860 ret = WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 13861 }
wolfSSL 16:8e0d178b1d1e 13862
wolfSSL 16:8e0d178b1d1e 13863 return ret;
wolfSSL 16:8e0d178b1d1e 13864 }
wolfSSL 16:8e0d178b1d1e 13865 #endif
wolfSSL 15:117db924cf7c 13866
wolfSSL 15:117db924cf7c 13867 int wolfSSL_use_certificate_chain_buffer_format(WOLFSSL* ssl,
wolfSSL 15:117db924cf7c 13868 const unsigned char* in, long sz, int format)
wolfSSL 15:117db924cf7c 13869 {
wolfSSL 15:117db924cf7c 13870 WOLFSSL_ENTER("wolfSSL_use_certificate_chain_buffer_format");
wolfSSL 16:8e0d178b1d1e 13871 if (ssl == NULL)
wolfSSL 16:8e0d178b1d1e 13872 return BAD_FUNC_ARG;
wolfSSL 16:8e0d178b1d1e 13873
wolfSSL 15:117db924cf7c 13874 return ProcessBuffer(ssl->ctx, in, sz, format, CERT_TYPE,
wolfSSL 16:8e0d178b1d1e 13875 ssl, NULL, 1, GET_VERIFY_SETTING_SSL(ssl));
wolfSSL 15:117db924cf7c 13876 }
wolfSSL 15:117db924cf7c 13877
wolfSSL 15:117db924cf7c 13878 int wolfSSL_use_certificate_chain_buffer(WOLFSSL* ssl,
wolfSSL 15:117db924cf7c 13879 const unsigned char* in, long sz)
wolfSSL 15:117db924cf7c 13880 {
wolfSSL 15:117db924cf7c 13881 return wolfSSL_use_certificate_chain_buffer_format(ssl, in, sz,
wolfSSL 15:117db924cf7c 13882 WOLFSSL_FILETYPE_PEM);
wolfSSL 15:117db924cf7c 13883 }
wolfSSL 15:117db924cf7c 13884
wolfSSL 15:117db924cf7c 13885
wolfSSL 15:117db924cf7c 13886 /* unload any certs or keys that SSL owns, leave CTX as is
wolfSSL 15:117db924cf7c 13887 WOLFSSL_SUCCESS on ok */
wolfSSL 15:117db924cf7c 13888 int wolfSSL_UnloadCertsKeys(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 13889 {
wolfSSL 15:117db924cf7c 13890 if (ssl == NULL) {
wolfSSL 15:117db924cf7c 13891 WOLFSSL_MSG("Null function arg");
wolfSSL 15:117db924cf7c 13892 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 13893 }
wolfSSL 15:117db924cf7c 13894
wolfSSL 15:117db924cf7c 13895 if (ssl->buffers.weOwnCert && !ssl->keepCert) {
wolfSSL 15:117db924cf7c 13896 WOLFSSL_MSG("Unloading cert");
wolfSSL 15:117db924cf7c 13897 FreeDer(&ssl->buffers.certificate);
wolfSSL 15:117db924cf7c 13898 #ifdef KEEP_OUR_CERT
wolfSSL 15:117db924cf7c 13899 FreeX509(ssl->ourCert);
wolfSSL 15:117db924cf7c 13900 if (ssl->ourCert) {
wolfSSL 15:117db924cf7c 13901 XFREE(ssl->ourCert, ssl->heap, DYNAMIC_TYPE_X509);
wolfSSL 15:117db924cf7c 13902 ssl->ourCert = NULL;
wolfSSL 15:117db924cf7c 13903 }
wolfSSL 15:117db924cf7c 13904 #endif
wolfSSL 15:117db924cf7c 13905 ssl->buffers.weOwnCert = 0;
wolfSSL 15:117db924cf7c 13906 }
wolfSSL 15:117db924cf7c 13907
wolfSSL 15:117db924cf7c 13908 if (ssl->buffers.weOwnCertChain) {
wolfSSL 15:117db924cf7c 13909 WOLFSSL_MSG("Unloading cert chain");
wolfSSL 15:117db924cf7c 13910 FreeDer(&ssl->buffers.certChain);
wolfSSL 15:117db924cf7c 13911 ssl->buffers.weOwnCertChain = 0;
wolfSSL 15:117db924cf7c 13912 }
wolfSSL 15:117db924cf7c 13913
wolfSSL 15:117db924cf7c 13914 if (ssl->buffers.weOwnKey) {
wolfSSL 15:117db924cf7c 13915 WOLFSSL_MSG("Unloading key");
wolfSSL 15:117db924cf7c 13916 FreeDer(&ssl->buffers.key);
wolfSSL 15:117db924cf7c 13917 ssl->buffers.weOwnKey = 0;
wolfSSL 15:117db924cf7c 13918 }
wolfSSL 15:117db924cf7c 13919
wolfSSL 15:117db924cf7c 13920 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 13921 }
wolfSSL 15:117db924cf7c 13922
wolfSSL 15:117db924cf7c 13923
wolfSSL 15:117db924cf7c 13924 int wolfSSL_CTX_UnloadCAs(WOLFSSL_CTX* ctx)
wolfSSL 15:117db924cf7c 13925 {
wolfSSL 15:117db924cf7c 13926 WOLFSSL_ENTER("wolfSSL_CTX_UnloadCAs");
wolfSSL 15:117db924cf7c 13927
wolfSSL 15:117db924cf7c 13928 if (ctx == NULL)
wolfSSL 15:117db924cf7c 13929 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 13930
wolfSSL 15:117db924cf7c 13931 return wolfSSL_CertManagerUnloadCAs(ctx->cm);
wolfSSL 15:117db924cf7c 13932 }
wolfSSL 15:117db924cf7c 13933
wolfSSL 15:117db924cf7c 13934
wolfSSL 15:117db924cf7c 13935 #ifdef WOLFSSL_TRUST_PEER_CERT
wolfSSL 15:117db924cf7c 13936 int wolfSSL_CTX_Unload_trust_peers(WOLFSSL_CTX* ctx)
wolfSSL 15:117db924cf7c 13937 {
wolfSSL 15:117db924cf7c 13938 WOLFSSL_ENTER("wolfSSL_CTX_Unload_trust_peers");
wolfSSL 15:117db924cf7c 13939
wolfSSL 15:117db924cf7c 13940 if (ctx == NULL)
wolfSSL 15:117db924cf7c 13941 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 13942
wolfSSL 15:117db924cf7c 13943 return wolfSSL_CertManagerUnload_trust_peers(ctx->cm);
wolfSSL 15:117db924cf7c 13944 }
wolfSSL 15:117db924cf7c 13945 #endif /* WOLFSSL_TRUST_PEER_CERT */
wolfSSL 15:117db924cf7c 13946 /* old NO_FILESYSTEM end */
wolfSSL 15:117db924cf7c 13947 #endif /* !NO_CERTS */
wolfSSL 15:117db924cf7c 13948
wolfSSL 15:117db924cf7c 13949
wolfSSL 15:117db924cf7c 13950 #ifdef OPENSSL_EXTRA
wolfSSL 15:117db924cf7c 13951
wolfSSL 15:117db924cf7c 13952 int wolfSSL_add_all_algorithms(void)
wolfSSL 15:117db924cf7c 13953 {
wolfSSL 15:117db924cf7c 13954 WOLFSSL_ENTER("wolfSSL_add_all_algorithms");
wolfSSL 15:117db924cf7c 13955 if (wolfSSL_Init() == WOLFSSL_SUCCESS)
wolfSSL 15:117db924cf7c 13956 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 13957 else
wolfSSL 15:117db924cf7c 13958 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 13959 }
wolfSSL 15:117db924cf7c 13960
wolfSSL 16:8e0d178b1d1e 13961 int wolfSSL_OpenSSL_add_all_algorithms_noconf(void)
wolfSSL 16:8e0d178b1d1e 13962 {
wolfSSL 16:8e0d178b1d1e 13963 WOLFSSL_ENTER("wolfSSL_OpenSSL_add_all_algorithms_noconf");
wolfSSL 15:117db924cf7c 13964
wolfSSL 15:117db924cf7c 13965 if (wolfSSL_add_all_algorithms() == WOLFSSL_FATAL_ERROR)
wolfSSL 15:117db924cf7c 13966 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 13967
wolfSSL 15:117db924cf7c 13968 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 13969 }
wolfSSL 15:117db924cf7c 13970
wolfSSL 16:8e0d178b1d1e 13971 int wolfSSL_OpenSSL_add_all_algorithms_conf(void)
wolfSSL 16:8e0d178b1d1e 13972 {
wolfSSL 16:8e0d178b1d1e 13973 WOLFSSL_ENTER("wolfSSL_OpenSSL_add_all_algorithms_conf");
wolfSSL 16:8e0d178b1d1e 13974 /* This function is currently the same as
wolfSSL 16:8e0d178b1d1e 13975 wolfSSL_OpenSSL_add_all_algorithms_noconf since we do not employ
wolfSSL 16:8e0d178b1d1e 13976 the use of a wolfssl.cnf type configuration file and is only used for
wolfSSL 16:8e0d178b1d1e 13977 OpenSSL compatability. */
wolfSSL 16:8e0d178b1d1e 13978
wolfSSL 16:8e0d178b1d1e 13979 if (wolfSSL_add_all_algorithms() == WOLFSSL_FATAL_ERROR) {
wolfSSL 16:8e0d178b1d1e 13980 return WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 13981 }
wolfSSL 16:8e0d178b1d1e 13982 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 13983 }
wolfSSL 16:8e0d178b1d1e 13984
wolfSSL 15:117db924cf7c 13985 /* returns previous set cache size which stays constant */
wolfSSL 15:117db924cf7c 13986 long wolfSSL_CTX_sess_set_cache_size(WOLFSSL_CTX* ctx, long sz)
wolfSSL 15:117db924cf7c 13987 {
wolfSSL 15:117db924cf7c 13988 /* cache size fixed at compile time in wolfSSL */
wolfSSL 15:117db924cf7c 13989 (void)ctx;
wolfSSL 15:117db924cf7c 13990 (void)sz;
wolfSSL 15:117db924cf7c 13991 WOLFSSL_MSG("session cache is set at compile time");
wolfSSL 15:117db924cf7c 13992 #ifndef NO_SESSION_CACHE
wolfSSL 16:8e0d178b1d1e 13993 return (long)(SESSIONS_PER_ROW * SESSION_ROWS);
wolfSSL 15:117db924cf7c 13994 #else
wolfSSL 15:117db924cf7c 13995 return 0;
wolfSSL 15:117db924cf7c 13996 #endif
wolfSSL 15:117db924cf7c 13997 }
wolfSSL 15:117db924cf7c 13998
wolfSSL 15:117db924cf7c 13999 #endif
wolfSSL 15:117db924cf7c 14000
wolfSSL 15:117db924cf7c 14001 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EXTRA)
wolfSSL 15:117db924cf7c 14002 void wolfSSL_CTX_set_quiet_shutdown(WOLFSSL_CTX* ctx, int mode)
wolfSSL 15:117db924cf7c 14003 {
wolfSSL 15:117db924cf7c 14004 WOLFSSL_ENTER("wolfSSL_CTX_set_quiet_shutdown");
wolfSSL 15:117db924cf7c 14005 if (mode)
wolfSSL 15:117db924cf7c 14006 ctx->quietShutdown = 1;
wolfSSL 15:117db924cf7c 14007 }
wolfSSL 15:117db924cf7c 14008
wolfSSL 15:117db924cf7c 14009
wolfSSL 15:117db924cf7c 14010 void wolfSSL_set_quiet_shutdown(WOLFSSL* ssl, int mode)
wolfSSL 15:117db924cf7c 14011 {
wolfSSL 15:117db924cf7c 14012 WOLFSSL_ENTER("wolfSSL_CTX_set_quiet_shutdown");
wolfSSL 15:117db924cf7c 14013 if (mode)
wolfSSL 15:117db924cf7c 14014 ssl->options.quietShutdown = 1;
wolfSSL 15:117db924cf7c 14015 }
wolfSSL 15:117db924cf7c 14016 #endif
wolfSSL 15:117db924cf7c 14017
wolfSSL 15:117db924cf7c 14018 #ifdef OPENSSL_EXTRA
wolfSSL 15:117db924cf7c 14019 void wolfSSL_set_bio(WOLFSSL* ssl, WOLFSSL_BIO* rd, WOLFSSL_BIO* wr)
wolfSSL 15:117db924cf7c 14020 {
wolfSSL 15:117db924cf7c 14021 WOLFSSL_ENTER("wolfSSL_set_bio");
wolfSSL 15:117db924cf7c 14022
wolfSSL 15:117db924cf7c 14023 if (ssl == NULL) {
wolfSSL 15:117db924cf7c 14024 WOLFSSL_MSG("Bad argument, ssl was NULL");
wolfSSL 15:117db924cf7c 14025 return;
wolfSSL 15:117db924cf7c 14026 }
wolfSSL 15:117db924cf7c 14027
wolfSSL 15:117db924cf7c 14028 /* if WOLFSSL_BIO is socket type then set WOLFSSL socket to use */
wolfSSL 15:117db924cf7c 14029 if (rd != NULL && rd->type == WOLFSSL_BIO_SOCKET) {
wolfSSL 16:8e0d178b1d1e 14030 wolfSSL_set_rfd(ssl, rd->num);
wolfSSL 15:117db924cf7c 14031 }
wolfSSL 15:117db924cf7c 14032 if (wr != NULL && wr->type == WOLFSSL_BIO_SOCKET) {
wolfSSL 16:8e0d178b1d1e 14033 wolfSSL_set_wfd(ssl, wr->num);
wolfSSL 15:117db924cf7c 14034 }
wolfSSL 15:117db924cf7c 14035
wolfSSL 15:117db924cf7c 14036 /* free any existing WOLFSSL_BIOs in use */
wolfSSL 15:117db924cf7c 14037 if (ssl->biord != NULL) {
wolfSSL 15:117db924cf7c 14038 if (ssl->biord != ssl->biowr) {
wolfSSL 15:117db924cf7c 14039 if (ssl->biowr != NULL) {
wolfSSL 15:117db924cf7c 14040 wolfSSL_BIO_free(ssl->biowr);
wolfSSL 15:117db924cf7c 14041 ssl->biowr = NULL;
wolfSSL 15:117db924cf7c 14042 }
wolfSSL 15:117db924cf7c 14043 }
wolfSSL 15:117db924cf7c 14044 wolfSSL_BIO_free(ssl->biord);
wolfSSL 15:117db924cf7c 14045 ssl->biord = NULL;
wolfSSL 15:117db924cf7c 14046 }
wolfSSL 15:117db924cf7c 14047
wolfSSL 15:117db924cf7c 14048
wolfSSL 15:117db924cf7c 14049 ssl->biord = rd;
wolfSSL 15:117db924cf7c 14050 ssl->biowr = wr;
wolfSSL 15:117db924cf7c 14051
wolfSSL 15:117db924cf7c 14052 /* set SSL to use BIO callbacks instead */
wolfSSL 15:117db924cf7c 14053 if (((ssl->cbioFlag & WOLFSSL_CBIO_RECV) == 0) &&
wolfSSL 15:117db924cf7c 14054 (rd != NULL && rd->type != WOLFSSL_BIO_SOCKET)) {
wolfSSL 15:117db924cf7c 14055 ssl->CBIORecv = BioReceive;
wolfSSL 15:117db924cf7c 14056 }
wolfSSL 15:117db924cf7c 14057 if (((ssl->cbioFlag & WOLFSSL_CBIO_SEND) == 0) &&
wolfSSL 15:117db924cf7c 14058 (wr != NULL && wr->type != WOLFSSL_BIO_SOCKET)) {
wolfSSL 15:117db924cf7c 14059 ssl->CBIOSend = BioSend;
wolfSSL 15:117db924cf7c 14060 }
wolfSSL 16:8e0d178b1d1e 14061
wolfSSL 16:8e0d178b1d1e 14062 /* User programs should always retry reading from these BIOs */
wolfSSL 16:8e0d178b1d1e 14063 if (rd) {
wolfSSL 16:8e0d178b1d1e 14064 /* User writes to rd */
wolfSSL 16:8e0d178b1d1e 14065 BIO_set_retry_write(rd);
wolfSSL 16:8e0d178b1d1e 14066 }
wolfSSL 16:8e0d178b1d1e 14067 if (wr) {
wolfSSL 16:8e0d178b1d1e 14068 /* User reads from wr */
wolfSSL 16:8e0d178b1d1e 14069 BIO_set_retry_read(wr);
wolfSSL 16:8e0d178b1d1e 14070 }
wolfSSL 16:8e0d178b1d1e 14071 }
wolfSSL 16:8e0d178b1d1e 14072 #endif
wolfSSL 16:8e0d178b1d1e 14073
wolfSSL 16:8e0d178b1d1e 14074 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EXTRA) || defined(HAVE_WEBSERVER)
wolfSSL 15:117db924cf7c 14075 void wolfSSL_CTX_set_client_CA_list(WOLFSSL_CTX* ctx,
wolfSSL 15:117db924cf7c 14076 WOLF_STACK_OF(WOLFSSL_X509_NAME)* names)
wolfSSL 15:117db924cf7c 14077 {
wolfSSL 16:8e0d178b1d1e 14078 WOLFSSL_ENTER("wolfSSL_CTX_set_client_CA_list");
wolfSSL 16:8e0d178b1d1e 14079 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EXTRA)
wolfSSL 15:117db924cf7c 14080 if (ctx != NULL)
wolfSSL 15:117db924cf7c 14081 ctx->ca_names = names;
wolfSSL 16:8e0d178b1d1e 14082 #else
wolfSSL 16:8e0d178b1d1e 14083 (void)ctx;
wolfSSL 16:8e0d178b1d1e 14084 (void)names;
wolfSSL 16:8e0d178b1d1e 14085 #endif
wolfSSL 16:8e0d178b1d1e 14086 }
wolfSSL 16:8e0d178b1d1e 14087
wolfSSL 16:8e0d178b1d1e 14088
wolfSSL 16:8e0d178b1d1e 14089 /* returns the CA's set on server side or the CA's sent from server when
wolfSSL 16:8e0d178b1d1e 14090 * on client side */
wolfSSL 16:8e0d178b1d1e 14091 #if defined(SESSION_CERTS) && defined(OPENSSL_ALL)
wolfSSL 16:8e0d178b1d1e 14092 WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_get_client_CA_list(
wolfSSL 16:8e0d178b1d1e 14093 const WOLFSSL* ssl)
wolfSSL 16:8e0d178b1d1e 14094 {
wolfSSL 16:8e0d178b1d1e 14095 WOLFSSL_ENTER("wolfSSL_get_client_CA_list");
wolfSSL 16:8e0d178b1d1e 14096
wolfSSL 16:8e0d178b1d1e 14097 if (ssl == NULL) {
wolfSSL 16:8e0d178b1d1e 14098 WOLFSSL_MSG("Bad argument passed to wolfSSL_get_client_CA_list");
wolfSSL 16:8e0d178b1d1e 14099 return NULL;
wolfSSL 16:8e0d178b1d1e 14100 }
wolfSSL 16:8e0d178b1d1e 14101
wolfSSL 16:8e0d178b1d1e 14102 /* return list of CAs sent from the server */
wolfSSL 16:8e0d178b1d1e 14103 if (ssl->options.side == WOLFSSL_CLIENT_END) {
wolfSSL 16:8e0d178b1d1e 14104 WOLF_STACK_OF(WOLFSSL_X509)* sk;
wolfSSL 16:8e0d178b1d1e 14105
wolfSSL 16:8e0d178b1d1e 14106 sk = wolfSSL_get_peer_cert_chain(ssl);
wolfSSL 16:8e0d178b1d1e 14107 if (sk != NULL) {
wolfSSL 16:8e0d178b1d1e 14108 WOLF_STACK_OF(WOLFSSL_X509_NAME)* ret;
wolfSSL 16:8e0d178b1d1e 14109 WOLFSSL_X509* x509;
wolfSSL 16:8e0d178b1d1e 14110
wolfSSL 16:8e0d178b1d1e 14111 ret = wolfSSL_sk_X509_NAME_new(NULL);
wolfSSL 16:8e0d178b1d1e 14112 do {
wolfSSL 16:8e0d178b1d1e 14113 x509 = wolfSSL_sk_X509_pop(sk);
wolfSSL 16:8e0d178b1d1e 14114 if (x509 != NULL) {
wolfSSL 16:8e0d178b1d1e 14115 if (wolfSSL_X509_get_isCA(x509)) {
wolfSSL 16:8e0d178b1d1e 14116 if (wolfSSL_sk_X509_NAME_push(ret,
wolfSSL 16:8e0d178b1d1e 14117 wolfSSL_X509_get_subject_name(x509)) != 0) {
wolfSSL 16:8e0d178b1d1e 14118 WOLFSSL_MSG("Error pushing X509 name to stack");
wolfSSL 16:8e0d178b1d1e 14119 /* continue on to try other certificates and
wolfSSL 16:8e0d178b1d1e 14120 * do not fail out here */
wolfSSL 16:8e0d178b1d1e 14121 }
wolfSSL 16:8e0d178b1d1e 14122 }
wolfSSL 16:8e0d178b1d1e 14123 wolfSSL_X509_free(x509);
wolfSSL 16:8e0d178b1d1e 14124 }
wolfSSL 16:8e0d178b1d1e 14125 } while (x509 != NULL);
wolfSSL 16:8e0d178b1d1e 14126 wolfSSL_sk_X509_free(sk);
wolfSSL 16:8e0d178b1d1e 14127 return ret;
wolfSSL 16:8e0d178b1d1e 14128 }
wolfSSL 16:8e0d178b1d1e 14129 return NULL;
wolfSSL 16:8e0d178b1d1e 14130 }
wolfSSL 16:8e0d178b1d1e 14131 else {
wolfSSL 16:8e0d178b1d1e 14132 /* currently only can be set in the CTX */
wolfSSL 16:8e0d178b1d1e 14133 return ssl->ctx->ca_names;
wolfSSL 16:8e0d178b1d1e 14134 }
wolfSSL 16:8e0d178b1d1e 14135 }
wolfSSL 16:8e0d178b1d1e 14136 #endif /* SESSION_CERTS */
wolfSSL 16:8e0d178b1d1e 14137
wolfSSL 16:8e0d178b1d1e 14138
wolfSSL 16:8e0d178b1d1e 14139 #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || \
wolfSSL 16:8e0d178b1d1e 14140 defined(WOLFSSL_NGINX) || defined (WOLFSSL_HAPROXY)
wolfSSL 16:8e0d178b1d1e 14141 /* registers client cert callback, called during handshake if server
wolfSSL 16:8e0d178b1d1e 14142 requests client auth but user has not loaded client cert/key */
wolfSSL 16:8e0d178b1d1e 14143 void wolfSSL_CTX_set_client_cert_cb(WOLFSSL_CTX *ctx, client_cert_cb cb)
wolfSSL 16:8e0d178b1d1e 14144 {
wolfSSL 16:8e0d178b1d1e 14145 WOLFSSL_ENTER("wolfSSL_CTX_set_client_cert_cb");
wolfSSL 16:8e0d178b1d1e 14146
wolfSSL 16:8e0d178b1d1e 14147 if (ctx != NULL) {
wolfSSL 16:8e0d178b1d1e 14148 ctx->CBClientCert = cb;
wolfSSL 16:8e0d178b1d1e 14149 }
wolfSSL 16:8e0d178b1d1e 14150 }
wolfSSL 16:8e0d178b1d1e 14151 #endif /* OPENSSL_ALL || OPENSSL_EXTRA || WOLFSSL_NGINX || WOLFSSL_HAPROXY */
wolfSSL 16:8e0d178b1d1e 14152
wolfSSL 16:8e0d178b1d1e 14153 #endif /* OPENSSL_EXTRA || WOLFSSL_EXTRA || HAVE_WEBSERVER */
wolfSSL 16:8e0d178b1d1e 14154
wolfSSL 16:8e0d178b1d1e 14155 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EXTRA)
wolfSSL 16:8e0d178b1d1e 14156 WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_CTX_get_client_CA_list(
wolfSSL 15:117db924cf7c 14157 const WOLFSSL_CTX *s)
wolfSSL 15:117db924cf7c 14158 {
wolfSSL 16:8e0d178b1d1e 14159 WOLFSSL_ENTER("wolfSSL_CTX_get_client_CA_list");
wolfSSL 15:117db924cf7c 14160
wolfSSL 15:117db924cf7c 14161 if (s == NULL)
wolfSSL 15:117db924cf7c 14162 return NULL;
wolfSSL 15:117db924cf7c 14163
wolfSSL 15:117db924cf7c 14164 return s->ca_names;
wolfSSL 15:117db924cf7c 14165 }
wolfSSL 15:117db924cf7c 14166 #endif
wolfSSL 15:117db924cf7c 14167
wolfSSL 16:8e0d178b1d1e 14168 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
wolfSSL 15:117db924cf7c 14169 #if !defined(NO_RSA) && !defined(NO_CERTS)
wolfSSL 15:117db924cf7c 14170 WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_load_client_CA_file(const char* fname)
wolfSSL 15:117db924cf7c 14171 {
wolfSSL 16:8e0d178b1d1e 14172 /* The webserver build is using this to load a CA into the server
wolfSSL 16:8e0d178b1d1e 14173 * for client authentication as an option. Have this return NULL in
wolfSSL 16:8e0d178b1d1e 14174 * that case. If OPENSSL_EXTRA is enabled, go ahead and include
wolfSSL 16:8e0d178b1d1e 14175 * the function. */
wolfSSL 16:8e0d178b1d1e 14176 #ifdef OPENSSL_EXTRA
wolfSSL 15:117db924cf7c 14177 WOLFSSL_STACK *list = NULL;
wolfSSL 15:117db924cf7c 14178 WOLFSSL_STACK *node;
wolfSSL 15:117db924cf7c 14179 WOLFSSL_BIO* bio;
wolfSSL 15:117db924cf7c 14180 WOLFSSL_X509 *cert = NULL;
wolfSSL 15:117db924cf7c 14181 WOLFSSL_X509_NAME *subjectName = NULL;
wolfSSL 16:8e0d178b1d1e 14182 unsigned long err;
wolfSSL 15:117db924cf7c 14183
wolfSSL 15:117db924cf7c 14184 WOLFSSL_ENTER("wolfSSL_load_client_CA_file");
wolfSSL 15:117db924cf7c 14185
wolfSSL 15:117db924cf7c 14186 bio = wolfSSL_BIO_new_file(fname, "r");
wolfSSL 15:117db924cf7c 14187 if (bio == NULL)
wolfSSL 15:117db924cf7c 14188 return NULL;
wolfSSL 15:117db924cf7c 14189
wolfSSL 15:117db924cf7c 14190 /* Read each certificate in the chain out of the file. */
wolfSSL 15:117db924cf7c 14191 while (wolfSSL_PEM_read_bio_X509(bio, &cert, NULL, NULL) != NULL) {
wolfSSL 15:117db924cf7c 14192 subjectName = wolfSSL_X509_get_subject_name(cert);
wolfSSL 15:117db924cf7c 14193 if (subjectName == NULL)
wolfSSL 15:117db924cf7c 14194 break;
wolfSSL 15:117db924cf7c 14195
wolfSSL 16:8e0d178b1d1e 14196 node = wolfSSL_sk_new_node(NULL);
wolfSSL 15:117db924cf7c 14197 if (node == NULL)
wolfSSL 15:117db924cf7c 14198 break;
wolfSSL 16:8e0d178b1d1e 14199 node->type = STACK_TYPE_X509_NAME;
wolfSSL 15:117db924cf7c 14200
wolfSSL 15:117db924cf7c 14201 /* Need a persistent copy of the subject name. */
wolfSSL 16:8e0d178b1d1e 14202 node->data.name = wolfSSL_X509_NAME_dup(subjectName);
wolfSSL 16:8e0d178b1d1e 14203 /*
wolfSSL 16:8e0d178b1d1e 14204 * Original cert will be freed so make sure not to try to access
wolfSSL 16:8e0d178b1d1e 14205 * it in the future.
wolfSSL 16:8e0d178b1d1e 14206 */
wolfSSL 16:8e0d178b1d1e 14207 node->data.name->x509 = NULL;
wolfSSL 15:117db924cf7c 14208
wolfSSL 15:117db924cf7c 14209 /* Put node on the front of the list. */
wolfSSL 15:117db924cf7c 14210 node->num = (list == NULL) ? 1 : list->num + 1;
wolfSSL 15:117db924cf7c 14211 node->next = list;
wolfSSL 15:117db924cf7c 14212 list = node;
wolfSSL 15:117db924cf7c 14213
wolfSSL 15:117db924cf7c 14214 wolfSSL_X509_free(cert);
wolfSSL 15:117db924cf7c 14215 cert = NULL;
wolfSSL 15:117db924cf7c 14216 }
wolfSSL 15:117db924cf7c 14217
wolfSSL 16:8e0d178b1d1e 14218 err = wolfSSL_ERR_peek_last_error();
wolfSSL 16:8e0d178b1d1e 14219
wolfSSL 16:8e0d178b1d1e 14220 if (ERR_GET_LIB(err) == ERR_LIB_PEM &&
wolfSSL 16:8e0d178b1d1e 14221 ERR_GET_REASON(err) == PEM_R_NO_START_LINE) {
wolfSSL 16:8e0d178b1d1e 14222 /*
wolfSSL 16:8e0d178b1d1e 14223 * wolfSSL_PEM_read_bio_X509 pushes an ASN_NO_PEM_HEADER error
wolfSSL 16:8e0d178b1d1e 14224 * to the error queue on file end. This should not be left
wolfSSL 16:8e0d178b1d1e 14225 * for the caller to find so we clear the last error.
wolfSSL 16:8e0d178b1d1e 14226 */
wolfSSL 16:8e0d178b1d1e 14227 wc_RemoveErrorNode(-1);
wolfSSL 16:8e0d178b1d1e 14228 }
wolfSSL 16:8e0d178b1d1e 14229
wolfSSL 15:117db924cf7c 14230 wolfSSL_X509_free(cert);
wolfSSL 15:117db924cf7c 14231 wolfSSL_BIO_free(bio);
wolfSSL 15:117db924cf7c 14232 return list;
wolfSSL 16:8e0d178b1d1e 14233 #else
wolfSSL 16:8e0d178b1d1e 14234 (void)fname;
wolfSSL 16:8e0d178b1d1e 14235 return NULL;
wolfSSL 16:8e0d178b1d1e 14236 #endif
wolfSSL 16:8e0d178b1d1e 14237 }
wolfSSL 16:8e0d178b1d1e 14238 #endif
wolfSSL 16:8e0d178b1d1e 14239 #endif
wolfSSL 16:8e0d178b1d1e 14240
wolfSSL 16:8e0d178b1d1e 14241 #ifdef OPENSSL_EXTRA
wolfSSL 16:8e0d178b1d1e 14242 #if !defined(NO_RSA) && !defined(NO_CERTS)
wolfSSL 15:117db924cf7c 14243 int wolfSSL_CTX_add_client_CA(WOLFSSL_CTX* ctx, WOLFSSL_X509* x509)
wolfSSL 15:117db924cf7c 14244 {
wolfSSL 15:117db924cf7c 14245 WOLFSSL_STACK *node = NULL;
wolfSSL 15:117db924cf7c 14246 WOLFSSL_X509_NAME *subjectName = NULL;
wolfSSL 15:117db924cf7c 14247
wolfSSL 15:117db924cf7c 14248 WOLFSSL_ENTER("wolfSSL_CTX_add_client_CA");
wolfSSL 15:117db924cf7c 14249
wolfSSL 15:117db924cf7c 14250 if (ctx == NULL || x509 == NULL){
wolfSSL 15:117db924cf7c 14251 WOLFSSL_MSG("Bad argument");
wolfSSL 15:117db924cf7c 14252 return SSL_FAILURE;
wolfSSL 15:117db924cf7c 14253 }
wolfSSL 15:117db924cf7c 14254
wolfSSL 15:117db924cf7c 14255 subjectName = wolfSSL_X509_get_subject_name(x509);
wolfSSL 15:117db924cf7c 14256 if (subjectName == NULL){
wolfSSL 15:117db924cf7c 14257 WOLFSSL_MSG("invalid x509 data");
wolfSSL 15:117db924cf7c 14258 return SSL_FAILURE;
wolfSSL 15:117db924cf7c 14259 }
wolfSSL 15:117db924cf7c 14260
wolfSSL 15:117db924cf7c 14261 /* Alloc stack struct */
wolfSSL 15:117db924cf7c 14262 node = (WOLF_STACK_OF(WOLFSSL_X509_NAME)*)XMALLOC(
wolfSSL 15:117db924cf7c 14263 sizeof(WOLF_STACK_OF(WOLFSSL_X509_NAME)),
wolfSSL 15:117db924cf7c 14264 NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL 15:117db924cf7c 14265 if (node == NULL){
wolfSSL 15:117db924cf7c 14266 WOLFSSL_MSG("memory allocation error");
wolfSSL 15:117db924cf7c 14267 return SSL_FAILURE;
wolfSSL 15:117db924cf7c 14268 }
wolfSSL 15:117db924cf7c 14269 XMEMSET(node, 0, sizeof(WOLF_STACK_OF(WOLFSSL_X509_NAME)));
wolfSSL 15:117db924cf7c 14270
wolfSSL 15:117db924cf7c 14271 /* Alloc and copy WOLFSSL_X509_NAME */
wolfSSL 15:117db924cf7c 14272 node->data.name = (WOLFSSL_X509_NAME*)XMALLOC(
wolfSSL 15:117db924cf7c 14273 sizeof(WOLFSSL_X509_NAME),
wolfSSL 15:117db924cf7c 14274 NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL 15:117db924cf7c 14275 if (node->data.name == NULL) {
wolfSSL 15:117db924cf7c 14276 XFREE(node, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL 15:117db924cf7c 14277 WOLFSSL_MSG("memory allocation error");
wolfSSL 15:117db924cf7c 14278 return SSL_FAILURE;
wolfSSL 15:117db924cf7c 14279 }
wolfSSL 15:117db924cf7c 14280 XMEMCPY(node->data.name, subjectName, sizeof(WOLFSSL_X509_NAME));
wolfSSL 15:117db924cf7c 14281 XMEMSET(subjectName, 0, sizeof(WOLFSSL_X509_NAME));
wolfSSL 15:117db924cf7c 14282
wolfSSL 15:117db924cf7c 14283 /* push new node onto head of stack */
wolfSSL 15:117db924cf7c 14284 node->num = (ctx->ca_names == NULL) ? 1 : ctx->ca_names->num + 1;
wolfSSL 15:117db924cf7c 14285 node->next = ctx->ca_names;
wolfSSL 15:117db924cf7c 14286 ctx->ca_names = node;
wolfSSL 15:117db924cf7c 14287 return SSL_SUCCESS;
wolfSSL 15:117db924cf7c 14288 }
wolfSSL 15:117db924cf7c 14289 #endif
wolfSSL 15:117db924cf7c 14290
wolfSSL 15:117db924cf7c 14291 #ifndef NO_WOLFSSL_STUB
wolfSSL 15:117db924cf7c 14292 int wolfSSL_CTX_set_default_verify_paths(WOLFSSL_CTX* ctx)
wolfSSL 15:117db924cf7c 14293 {
wolfSSL 15:117db924cf7c 14294 /* TODO:, not needed in goahead */
wolfSSL 15:117db924cf7c 14295 (void)ctx;
wolfSSL 15:117db924cf7c 14296 WOLFSSL_STUB("SSL_CTX_set_default_verify_paths");
wolfSSL 15:117db924cf7c 14297 return SSL_NOT_IMPLEMENTED;
wolfSSL 15:117db924cf7c 14298 }
wolfSSL 15:117db924cf7c 14299 #endif
wolfSSL 15:117db924cf7c 14300
wolfSSL 15:117db924cf7c 14301 #if defined(WOLFCRYPT_HAVE_SRP) && !defined(NO_SHA256) \
wolfSSL 15:117db924cf7c 14302 && !defined(WC_NO_RNG)
wolfSSL 15:117db924cf7c 14303 static const byte srp_N[] = {
wolfSSL 15:117db924cf7c 14304 0xEE, 0xAF, 0x0A, 0xB9, 0xAD, 0xB3, 0x8D, 0xD6, 0x9C, 0x33, 0xF8,
wolfSSL 15:117db924cf7c 14305 0x0A, 0xFA, 0x8F, 0xC5, 0xE8, 0x60, 0x72, 0x61, 0x87, 0x75, 0xFF,
wolfSSL 15:117db924cf7c 14306 0x3C, 0x0B, 0x9E, 0xA2, 0x31, 0x4C, 0x9C, 0x25, 0x65, 0x76, 0xD6,
wolfSSL 15:117db924cf7c 14307 0x74, 0xDF, 0x74, 0x96, 0xEA, 0x81, 0xD3, 0x38, 0x3B, 0x48, 0x13,
wolfSSL 15:117db924cf7c 14308 0xD6, 0x92, 0xC6, 0xE0, 0xE0, 0xD5, 0xD8, 0xE2, 0x50, 0xB9, 0x8B,
wolfSSL 15:117db924cf7c 14309 0xE4, 0x8E, 0x49, 0x5C, 0x1D, 0x60, 0x89, 0xDA, 0xD1, 0x5D, 0xC7,
wolfSSL 15:117db924cf7c 14310 0xD7, 0xB4, 0x61, 0x54, 0xD6, 0xB6, 0xCE, 0x8E, 0xF4, 0xAD, 0x69,
wolfSSL 15:117db924cf7c 14311 0xB1, 0x5D, 0x49, 0x82, 0x55, 0x9B, 0x29, 0x7B, 0xCF, 0x18, 0x85,
wolfSSL 15:117db924cf7c 14312 0xC5, 0x29, 0xF5, 0x66, 0x66, 0x0E, 0x57, 0xEC, 0x68, 0xED, 0xBC,
wolfSSL 15:117db924cf7c 14313 0x3C, 0x05, 0x72, 0x6C, 0xC0, 0x2F, 0xD4, 0xCB, 0xF4, 0x97, 0x6E,
wolfSSL 15:117db924cf7c 14314 0xAA, 0x9A, 0xFD, 0x51, 0x38, 0xFE, 0x83, 0x76, 0x43, 0x5B, 0x9F,
wolfSSL 15:117db924cf7c 14315 0xC6, 0x1D, 0x2F, 0xC0, 0xEB, 0x06, 0xE3
wolfSSL 15:117db924cf7c 14316 };
wolfSSL 15:117db924cf7c 14317 static const byte srp_g[] = {
wolfSSL 15:117db924cf7c 14318 0x02
wolfSSL 15:117db924cf7c 14319 };
wolfSSL 15:117db924cf7c 14320
wolfSSL 15:117db924cf7c 14321 int wolfSSL_CTX_set_srp_username(WOLFSSL_CTX* ctx, char* username)
wolfSSL 15:117db924cf7c 14322 {
wolfSSL 15:117db924cf7c 14323 int r = 0;
wolfSSL 15:117db924cf7c 14324 SrpSide srp_side = SRP_CLIENT_SIDE;
wolfSSL 15:117db924cf7c 14325 WC_RNG rng;
wolfSSL 15:117db924cf7c 14326 byte salt[SRP_SALT_SIZE];
wolfSSL 15:117db924cf7c 14327
wolfSSL 15:117db924cf7c 14328 WOLFSSL_ENTER("wolfSSL_CTX_set_srp_username");
wolfSSL 15:117db924cf7c 14329 if (ctx == NULL || ctx->srp == NULL || username==NULL)
wolfSSL 15:117db924cf7c 14330 return SSL_FAILURE;
wolfSSL 15:117db924cf7c 14331
wolfSSL 15:117db924cf7c 14332 if (ctx->method->side == WOLFSSL_SERVER_END){
wolfSSL 15:117db924cf7c 14333 srp_side = SRP_SERVER_SIDE;
wolfSSL 15:117db924cf7c 14334 } else if (ctx->method->side == WOLFSSL_CLIENT_END){
wolfSSL 15:117db924cf7c 14335 srp_side = SRP_CLIENT_SIDE;
wolfSSL 15:117db924cf7c 14336 } else {
wolfSSL 15:117db924cf7c 14337 WOLFSSL_MSG("Init CTX failed");
wolfSSL 15:117db924cf7c 14338 return SSL_FAILURE;
wolfSSL 15:117db924cf7c 14339 }
wolfSSL 15:117db924cf7c 14340
wolfSSL 15:117db924cf7c 14341 if (wc_SrpInit(ctx->srp, SRP_TYPE_SHA256, srp_side) < 0){
wolfSSL 15:117db924cf7c 14342 WOLFSSL_MSG("Init CTX failed");
wolfSSL 15:117db924cf7c 14343 XFREE(ctx->srp, ctx->heap, DYNAMIC_TYPE_SRP);
wolfSSL 15:117db924cf7c 14344 wolfSSL_CTX_free(ctx);
wolfSSL 15:117db924cf7c 14345 return SSL_FAILURE;
wolfSSL 15:117db924cf7c 14346 }
wolfSSL 15:117db924cf7c 14347 r = wc_SrpSetUsername(ctx->srp, (const byte*)username,
wolfSSL 15:117db924cf7c 14348 (word32)XSTRLEN(username));
wolfSSL 15:117db924cf7c 14349 if (r < 0) {
wolfSSL 15:117db924cf7c 14350 WOLFSSL_MSG("fail to set srp username.");
wolfSSL 15:117db924cf7c 14351 return SSL_FAILURE;
wolfSSL 15:117db924cf7c 14352 }
wolfSSL 15:117db924cf7c 14353
wolfSSL 15:117db924cf7c 14354 /* if wolfSSL_CTX_set_srp_password has already been called, */
wolfSSL 15:117db924cf7c 14355 /* execute wc_SrpSetPassword here */
wolfSSL 15:117db924cf7c 14356 if (ctx->srp_password != NULL){
wolfSSL 15:117db924cf7c 14357 if (wc_InitRng(&rng) < 0){
wolfSSL 15:117db924cf7c 14358 WOLFSSL_MSG("wc_InitRng failed");
wolfSSL 15:117db924cf7c 14359 return SSL_FAILURE;
wolfSSL 15:117db924cf7c 14360 }
wolfSSL 15:117db924cf7c 14361 XMEMSET(salt, 0, sizeof(salt)/sizeof(salt[0]));
wolfSSL 15:117db924cf7c 14362 if (wc_RNG_GenerateBlock(&rng, salt,
wolfSSL 15:117db924cf7c 14363 sizeof(salt)/sizeof(salt[0])) < 0){
wolfSSL 15:117db924cf7c 14364 WOLFSSL_MSG("wc_RNG_GenerateBlock failed");
wolfSSL 15:117db924cf7c 14365 wc_FreeRng(&rng);
wolfSSL 15:117db924cf7c 14366 return SSL_FAILURE;
wolfSSL 15:117db924cf7c 14367 }
wolfSSL 15:117db924cf7c 14368 if (wc_SrpSetParams(ctx->srp, srp_N, sizeof(srp_N)/sizeof(srp_N[0]),
wolfSSL 15:117db924cf7c 14369 srp_g, sizeof(srp_g)/sizeof(srp_g[0]),
wolfSSL 15:117db924cf7c 14370 salt, sizeof(salt)/sizeof(salt[0])) < 0){
wolfSSL 15:117db924cf7c 14371 WOLFSSL_MSG("wc_SrpSetParam failed");
wolfSSL 15:117db924cf7c 14372 wc_FreeRng(&rng);
wolfSSL 15:117db924cf7c 14373 return SSL_FAILURE;
wolfSSL 15:117db924cf7c 14374 }
wolfSSL 15:117db924cf7c 14375 r = wc_SrpSetPassword(ctx->srp,
wolfSSL 15:117db924cf7c 14376 (const byte*)ctx->srp_password,
wolfSSL 15:117db924cf7c 14377 (word32)XSTRLEN((char *)ctx->srp_password));
wolfSSL 15:117db924cf7c 14378 if (r < 0) {
wolfSSL 15:117db924cf7c 14379 WOLFSSL_MSG("fail to set srp password.");
wolfSSL 15:117db924cf7c 14380 return SSL_FAILURE;
wolfSSL 15:117db924cf7c 14381 }
wolfSSL 15:117db924cf7c 14382 wc_FreeRng(&rng);
wolfSSL 15:117db924cf7c 14383 XFREE(ctx->srp_password, ctx->heap, DYNAMIC_TYPE_SRP);
wolfSSL 15:117db924cf7c 14384 ctx->srp_password = NULL;
wolfSSL 15:117db924cf7c 14385 }
wolfSSL 15:117db924cf7c 14386
wolfSSL 15:117db924cf7c 14387 return SSL_SUCCESS;
wolfSSL 15:117db924cf7c 14388 }
wolfSSL 15:117db924cf7c 14389
wolfSSL 15:117db924cf7c 14390 int wolfSSL_CTX_set_srp_password(WOLFSSL_CTX* ctx, char* password)
wolfSSL 15:117db924cf7c 14391 {
wolfSSL 15:117db924cf7c 14392 int r;
wolfSSL 15:117db924cf7c 14393 WC_RNG rng;
wolfSSL 15:117db924cf7c 14394 byte salt[SRP_SALT_SIZE];
wolfSSL 15:117db924cf7c 14395
wolfSSL 15:117db924cf7c 14396 WOLFSSL_ENTER("wolfSSL_CTX_set_srp_password");
wolfSSL 15:117db924cf7c 14397 if (ctx == NULL || ctx->srp == NULL || password == NULL)
wolfSSL 15:117db924cf7c 14398 return SSL_FAILURE;
wolfSSL 15:117db924cf7c 14399
wolfSSL 15:117db924cf7c 14400 if (ctx->srp->user != NULL){
wolfSSL 15:117db924cf7c 14401 if (wc_InitRng(&rng) < 0){
wolfSSL 15:117db924cf7c 14402 WOLFSSL_MSG("wc_InitRng failed");
wolfSSL 15:117db924cf7c 14403 return SSL_FAILURE;
wolfSSL 15:117db924cf7c 14404 }
wolfSSL 15:117db924cf7c 14405 XMEMSET(salt, 0, sizeof(salt)/sizeof(salt[0]));
wolfSSL 15:117db924cf7c 14406 if (wc_RNG_GenerateBlock(&rng, salt,
wolfSSL 15:117db924cf7c 14407 sizeof(salt)/sizeof(salt[0])) < 0){
wolfSSL 15:117db924cf7c 14408 WOLFSSL_MSG("wc_RNG_GenerateBlock failed");
wolfSSL 15:117db924cf7c 14409 wc_FreeRng(&rng);
wolfSSL 15:117db924cf7c 14410 return SSL_FAILURE;
wolfSSL 15:117db924cf7c 14411 }
wolfSSL 15:117db924cf7c 14412 if (wc_SrpSetParams(ctx->srp, srp_N, sizeof(srp_N)/sizeof(srp_N[0]),
wolfSSL 15:117db924cf7c 14413 srp_g, sizeof(srp_g)/sizeof(srp_g[0]),
wolfSSL 15:117db924cf7c 14414 salt, sizeof(salt)/sizeof(salt[0])) < 0){
wolfSSL 15:117db924cf7c 14415 WOLFSSL_MSG("wc_SrpSetParam failed");
wolfSSL 15:117db924cf7c 14416 wc_FreeRng(&rng);
wolfSSL 15:117db924cf7c 14417 return SSL_FAILURE;
wolfSSL 15:117db924cf7c 14418 }
wolfSSL 15:117db924cf7c 14419 r = wc_SrpSetPassword(ctx->srp, (const byte*)password,
wolfSSL 15:117db924cf7c 14420 (word32)XSTRLEN(password));
wolfSSL 15:117db924cf7c 14421 if (r < 0) {
wolfSSL 15:117db924cf7c 14422 WOLFSSL_MSG("wc_SrpSetPassword failed.");
wolfSSL 15:117db924cf7c 14423 wc_FreeRng(&rng);
wolfSSL 15:117db924cf7c 14424 return SSL_FAILURE;
wolfSSL 15:117db924cf7c 14425 }
wolfSSL 15:117db924cf7c 14426 if (ctx->srp_password != NULL){
wolfSSL 15:117db924cf7c 14427 XFREE(ctx->srp_password,NULL,
wolfSSL 15:117db924cf7c 14428 DYNAMIC_TYPE_SRP);
wolfSSL 15:117db924cf7c 14429 ctx->srp_password = NULL;
wolfSSL 15:117db924cf7c 14430 }
wolfSSL 15:117db924cf7c 14431 wc_FreeRng(&rng);
wolfSSL 15:117db924cf7c 14432 } else {
wolfSSL 15:117db924cf7c 14433 /* save password for wolfSSL_set_srp_username */
wolfSSL 15:117db924cf7c 14434 if (ctx->srp_password != NULL)
wolfSSL 15:117db924cf7c 14435 XFREE(ctx->srp_password,ctx->heap, DYNAMIC_TYPE_SRP);
wolfSSL 15:117db924cf7c 14436
wolfSSL 15:117db924cf7c 14437 ctx->srp_password = (byte*)XMALLOC(XSTRLEN(password) + 1, ctx->heap,
wolfSSL 15:117db924cf7c 14438 DYNAMIC_TYPE_SRP);
wolfSSL 15:117db924cf7c 14439 if (ctx->srp_password == NULL){
wolfSSL 15:117db924cf7c 14440 WOLFSSL_MSG("memory allocation error");
wolfSSL 15:117db924cf7c 14441 return SSL_FAILURE;
wolfSSL 15:117db924cf7c 14442 }
wolfSSL 15:117db924cf7c 14443 XMEMCPY(ctx->srp_password, password, XSTRLEN(password) + 1);
wolfSSL 15:117db924cf7c 14444 }
wolfSSL 15:117db924cf7c 14445 return SSL_SUCCESS;
wolfSSL 15:117db924cf7c 14446 }
wolfSSL 15:117db924cf7c 14447 #endif /* WOLFCRYPT_HAVE_SRP && !NO_SHA256 && !WC_NO_RNG */
wolfSSL 15:117db924cf7c 14448
wolfSSL 15:117db924cf7c 14449 /* keyblock size in bytes or -1 */
wolfSSL 15:117db924cf7c 14450 int wolfSSL_get_keyblock_size(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 14451 {
wolfSSL 15:117db924cf7c 14452 if (ssl == NULL)
wolfSSL 15:117db924cf7c 14453 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 14454
wolfSSL 15:117db924cf7c 14455 return 2 * (ssl->specs.key_size + ssl->specs.iv_size +
wolfSSL 15:117db924cf7c 14456 ssl->specs.hash_size);
wolfSSL 15:117db924cf7c 14457 }
wolfSSL 15:117db924cf7c 14458
wolfSSL 15:117db924cf7c 14459
wolfSSL 15:117db924cf7c 14460 /* store keys returns WOLFSSL_SUCCESS or -1 on error */
wolfSSL 15:117db924cf7c 14461 int wolfSSL_get_keys(WOLFSSL* ssl, unsigned char** ms, unsigned int* msLen,
wolfSSL 15:117db924cf7c 14462 unsigned char** sr, unsigned int* srLen,
wolfSSL 15:117db924cf7c 14463 unsigned char** cr, unsigned int* crLen)
wolfSSL 15:117db924cf7c 14464 {
wolfSSL 15:117db924cf7c 14465 if (ssl == NULL || ssl->arrays == NULL)
wolfSSL 15:117db924cf7c 14466 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 14467
wolfSSL 15:117db924cf7c 14468 *ms = ssl->arrays->masterSecret;
wolfSSL 15:117db924cf7c 14469 *sr = ssl->arrays->serverRandom;
wolfSSL 15:117db924cf7c 14470 *cr = ssl->arrays->clientRandom;
wolfSSL 15:117db924cf7c 14471
wolfSSL 15:117db924cf7c 14472 *msLen = SECRET_LEN;
wolfSSL 15:117db924cf7c 14473 *srLen = RAN_LEN;
wolfSSL 15:117db924cf7c 14474 *crLen = RAN_LEN;
wolfSSL 15:117db924cf7c 14475
wolfSSL 15:117db924cf7c 14476 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 14477 }
wolfSSL 15:117db924cf7c 14478
wolfSSL 15:117db924cf7c 14479 #endif /* OPENSSL_EXTRA */
wolfSSL 15:117db924cf7c 14480
wolfSSL 15:117db924cf7c 14481 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EXTRA)
wolfSSL 15:117db924cf7c 14482 void wolfSSL_set_accept_state(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 14483 {
wolfSSL 16:8e0d178b1d1e 14484 WOLFSSL_ENTER("wolfSSL_set_accept_state");
wolfSSL 15:117db924cf7c 14485 if (ssl->options.side == WOLFSSL_CLIENT_END) {
wolfSSL 15:117db924cf7c 14486 #ifdef HAVE_ECC
wolfSSL 15:117db924cf7c 14487 ecc_key key;
wolfSSL 15:117db924cf7c 14488 word32 idx = 0;
wolfSSL 15:117db924cf7c 14489
wolfSSL 15:117db924cf7c 14490 if (ssl->options.haveStaticECC && ssl->buffers.key != NULL) {
wolfSSL 16:8e0d178b1d1e 14491 if (wc_ecc_init(&key) >= 0) {
wolfSSL 16:8e0d178b1d1e 14492 if (wc_EccPrivateKeyDecode(ssl->buffers.key->buffer, &idx, &key,
wolfSSL 16:8e0d178b1d1e 14493 ssl->buffers.key->length) != 0) {
wolfSSL 16:8e0d178b1d1e 14494 ssl->options.haveECDSAsig = 0;
wolfSSL 16:8e0d178b1d1e 14495 ssl->options.haveECC = 0;
wolfSSL 16:8e0d178b1d1e 14496 ssl->options.haveStaticECC = 0;
wolfSSL 16:8e0d178b1d1e 14497 }
wolfSSL 16:8e0d178b1d1e 14498 wc_ecc_free(&key);
wolfSSL 16:8e0d178b1d1e 14499 }
wolfSSL 15:117db924cf7c 14500 }
wolfSSL 15:117db924cf7c 14501 #endif
wolfSSL 15:117db924cf7c 14502
wolfSSL 15:117db924cf7c 14503 #ifndef NO_DH
wolfSSL 15:117db924cf7c 14504 if (!ssl->options.haveDH && ssl->ctx->haveDH) {
wolfSSL 15:117db924cf7c 14505 ssl->buffers.serverDH_P = ssl->ctx->serverDH_P;
wolfSSL 15:117db924cf7c 14506 ssl->buffers.serverDH_G = ssl->ctx->serverDH_G;
wolfSSL 15:117db924cf7c 14507 ssl->options.haveDH = 1;
wolfSSL 15:117db924cf7c 14508 }
wolfSSL 15:117db924cf7c 14509 #endif
wolfSSL 15:117db924cf7c 14510 }
wolfSSL 16:8e0d178b1d1e 14511
wolfSSL 16:8e0d178b1d1e 14512 if (InitSSL_Side(ssl, WOLFSSL_SERVER_END) != WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 14513 WOLFSSL_MSG("Error initializing server side");
wolfSSL 16:8e0d178b1d1e 14514 }
wolfSSL 15:117db924cf7c 14515 }
wolfSSL 15:117db924cf7c 14516
wolfSSL 15:117db924cf7c 14517 #endif /* OPENSSL_EXTRA || WOLFSSL_EXTRA */
wolfSSL 15:117db924cf7c 14518
wolfSSL 15:117db924cf7c 14519 /* return true if connection established */
wolfSSL 15:117db924cf7c 14520 int wolfSSL_is_init_finished(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 14521 {
wolfSSL 15:117db924cf7c 14522 if (ssl == NULL)
wolfSSL 15:117db924cf7c 14523 return 0;
wolfSSL 15:117db924cf7c 14524
wolfSSL 15:117db924cf7c 14525 if (ssl->options.handShakeState == HANDSHAKE_DONE)
wolfSSL 15:117db924cf7c 14526 return 1;
wolfSSL 15:117db924cf7c 14527
wolfSSL 15:117db924cf7c 14528 return 0;
wolfSSL 15:117db924cf7c 14529 }
wolfSSL 15:117db924cf7c 14530
wolfSSL 15:117db924cf7c 14531 #ifdef OPENSSL_EXTRA
wolfSSL 15:117db924cf7c 14532
wolfSSL 15:117db924cf7c 14533 void wolfSSL_CTX_set_tmp_rsa_callback(WOLFSSL_CTX* ctx,
wolfSSL 15:117db924cf7c 14534 WOLFSSL_RSA*(*f)(WOLFSSL*, int, int))
wolfSSL 15:117db924cf7c 14535 {
wolfSSL 15:117db924cf7c 14536 /* wolfSSL verifies all these internally */
wolfSSL 15:117db924cf7c 14537 (void)ctx;
wolfSSL 15:117db924cf7c 14538 (void)f;
wolfSSL 15:117db924cf7c 14539 }
wolfSSL 15:117db924cf7c 14540
wolfSSL 15:117db924cf7c 14541
wolfSSL 15:117db924cf7c 14542 void wolfSSL_set_shutdown(WOLFSSL* ssl, int opt)
wolfSSL 15:117db924cf7c 14543 {
wolfSSL 15:117db924cf7c 14544 WOLFSSL_ENTER("wolfSSL_set_shutdown");
wolfSSL 15:117db924cf7c 14545 if(ssl==NULL) {
wolfSSL 15:117db924cf7c 14546 WOLFSSL_MSG("Shutdown not set. ssl is null");
wolfSSL 15:117db924cf7c 14547 return;
wolfSSL 15:117db924cf7c 14548 }
wolfSSL 15:117db924cf7c 14549
wolfSSL 15:117db924cf7c 14550 ssl->options.sentNotify = (opt&WOLFSSL_SENT_SHUTDOWN) > 0;
wolfSSL 15:117db924cf7c 14551 ssl->options.closeNotify = (opt&WOLFSSL_RECEIVED_SHUTDOWN) > 0;
wolfSSL 15:117db924cf7c 14552 }
wolfSSL 15:117db924cf7c 14553
wolfSSL 15:117db924cf7c 14554
wolfSSL 15:117db924cf7c 14555 long wolfSSL_CTX_get_options(WOLFSSL_CTX* ctx)
wolfSSL 15:117db924cf7c 14556 {
wolfSSL 15:117db924cf7c 14557 WOLFSSL_ENTER("wolfSSL_CTX_get_options");
wolfSSL 15:117db924cf7c 14558 WOLFSSL_MSG("wolfSSL options are set through API calls and macros");
wolfSSL 15:117db924cf7c 14559 if(ctx == NULL)
wolfSSL 15:117db924cf7c 14560 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 14561 return ctx->mask;
wolfSSL 15:117db924cf7c 14562 }
wolfSSL 15:117db924cf7c 14563
wolfSSL 16:8e0d178b1d1e 14564 #endif
wolfSSL 16:8e0d178b1d1e 14565
wolfSSL 16:8e0d178b1d1e 14566 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
wolfSSL 16:8e0d178b1d1e 14567
wolfSSL 15:117db924cf7c 14568 static long wolf_set_options(long old_op, long op);
wolfSSL 15:117db924cf7c 14569 long wolfSSL_CTX_set_options(WOLFSSL_CTX* ctx, long opt)
wolfSSL 15:117db924cf7c 14570 {
wolfSSL 15:117db924cf7c 14571 WOLFSSL_ENTER("SSL_CTX_set_options");
wolfSSL 15:117db924cf7c 14572
wolfSSL 15:117db924cf7c 14573 if (ctx == NULL)
wolfSSL 15:117db924cf7c 14574 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 14575
wolfSSL 15:117db924cf7c 14576 ctx->mask = wolf_set_options(ctx->mask, opt);
wolfSSL 15:117db924cf7c 14577
wolfSSL 15:117db924cf7c 14578 return ctx->mask;
wolfSSL 15:117db924cf7c 14579 }
wolfSSL 15:117db924cf7c 14580
wolfSSL 16:8e0d178b1d1e 14581 #endif
wolfSSL 16:8e0d178b1d1e 14582
wolfSSL 16:8e0d178b1d1e 14583 #ifdef OPENSSL_EXTRA
wolfSSL 16:8e0d178b1d1e 14584
wolfSSL 15:117db924cf7c 14585 long wolfSSL_CTX_clear_options(WOLFSSL_CTX* ctx, long opt)
wolfSSL 15:117db924cf7c 14586 {
wolfSSL 15:117db924cf7c 14587 WOLFSSL_ENTER("SSL_CTX_clear_options");
wolfSSL 15:117db924cf7c 14588 if(ctx == NULL)
wolfSSL 15:117db924cf7c 14589 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 14590 ctx->mask &= ~opt;
wolfSSL 15:117db924cf7c 14591 return ctx->mask;
wolfSSL 15:117db924cf7c 14592 }
wolfSSL 15:117db924cf7c 14593
wolfSSL 15:117db924cf7c 14594 int wolfSSL_set_rfd(WOLFSSL* ssl, int rfd)
wolfSSL 15:117db924cf7c 14595 {
wolfSSL 15:117db924cf7c 14596 WOLFSSL_ENTER("SSL_set_rfd");
wolfSSL 15:117db924cf7c 14597 ssl->rfd = rfd; /* not used directly to allow IO callbacks */
wolfSSL 15:117db924cf7c 14598
wolfSSL 15:117db924cf7c 14599 ssl->IOCB_ReadCtx = &ssl->rfd;
wolfSSL 15:117db924cf7c 14600
wolfSSL 15:117db924cf7c 14601 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 14602 }
wolfSSL 15:117db924cf7c 14603
wolfSSL 15:117db924cf7c 14604
wolfSSL 15:117db924cf7c 14605 int wolfSSL_set_wfd(WOLFSSL* ssl, int wfd)
wolfSSL 15:117db924cf7c 14606 {
wolfSSL 15:117db924cf7c 14607 WOLFSSL_ENTER("SSL_set_wfd");
wolfSSL 15:117db924cf7c 14608 ssl->wfd = wfd; /* not used directly to allow IO callbacks */
wolfSSL 15:117db924cf7c 14609
wolfSSL 15:117db924cf7c 14610 ssl->IOCB_WriteCtx = &ssl->wfd;
wolfSSL 15:117db924cf7c 14611
wolfSSL 15:117db924cf7c 14612 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 14613 }
wolfSSL 15:117db924cf7c 14614
wolfSSL 15:117db924cf7c 14615 #ifndef NO_CERTS
wolfSSL 16:8e0d178b1d1e 14616
wolfSSL 15:117db924cf7c 14617 WOLFSSL_X509_STORE* wolfSSL_CTX_get_cert_store(WOLFSSL_CTX* ctx)
wolfSSL 15:117db924cf7c 14618 {
wolfSSL 15:117db924cf7c 14619 if (ctx == NULL) {
wolfSSL 15:117db924cf7c 14620 return NULL;
wolfSSL 15:117db924cf7c 14621 }
wolfSSL 15:117db924cf7c 14622
wolfSSL 15:117db924cf7c 14623 return &ctx->x509_store;
wolfSSL 15:117db924cf7c 14624 }
wolfSSL 15:117db924cf7c 14625
wolfSSL 15:117db924cf7c 14626 void wolfSSL_CTX_set_cert_store(WOLFSSL_CTX* ctx, WOLFSSL_X509_STORE* str)
wolfSSL 15:117db924cf7c 14627 {
wolfSSL 15:117db924cf7c 14628 if (ctx == NULL || str == NULL) {
wolfSSL 15:117db924cf7c 14629 return;
wolfSSL 15:117db924cf7c 14630 }
wolfSSL 15:117db924cf7c 14631
wolfSSL 15:117db924cf7c 14632 /* free cert manager if have one */
wolfSSL 15:117db924cf7c 14633 if (ctx->cm != NULL) {
wolfSSL 15:117db924cf7c 14634 wolfSSL_CertManagerFree(ctx->cm);
wolfSSL 15:117db924cf7c 14635 }
wolfSSL 15:117db924cf7c 14636 ctx->cm = str->cm;
wolfSSL 16:8e0d178b1d1e 14637
wolfSSL 16:8e0d178b1d1e 14638 /* free existing store if it exists */
wolfSSL 16:8e0d178b1d1e 14639 if (ctx->x509_store_pt != NULL) {
wolfSSL 16:8e0d178b1d1e 14640 /* cert manager was free'd a little earlier in this function */
wolfSSL 16:8e0d178b1d1e 14641 ctx->x509_store_pt->cm = NULL;
wolfSSL 16:8e0d178b1d1e 14642 }
wolfSSL 16:8e0d178b1d1e 14643 wolfSSL_X509_STORE_free(ctx->x509_store_pt);
wolfSSL 15:117db924cf7c 14644 ctx->x509_store.cache = str->cache;
wolfSSL 15:117db924cf7c 14645 ctx->x509_store_pt = str; /* take ownership of store and free it
wolfSSL 15:117db924cf7c 14646 with CTX free */
wolfSSL 15:117db924cf7c 14647 }
wolfSSL 15:117db924cf7c 14648
wolfSSL 15:117db924cf7c 14649
wolfSSL 15:117db924cf7c 14650 WOLFSSL_X509* wolfSSL_X509_STORE_CTX_get_current_cert(
wolfSSL 15:117db924cf7c 14651 WOLFSSL_X509_STORE_CTX* ctx)
wolfSSL 15:117db924cf7c 14652 {
wolfSSL 15:117db924cf7c 14653 WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_get_current_cert");
wolfSSL 15:117db924cf7c 14654 if (ctx)
wolfSSL 15:117db924cf7c 14655 return ctx->current_cert;
wolfSSL 15:117db924cf7c 14656 return NULL;
wolfSSL 15:117db924cf7c 14657 }
wolfSSL 15:117db924cf7c 14658
wolfSSL 15:117db924cf7c 14659
wolfSSL 15:117db924cf7c 14660 int wolfSSL_X509_STORE_CTX_get_error(WOLFSSL_X509_STORE_CTX* ctx)
wolfSSL 15:117db924cf7c 14661 {
wolfSSL 15:117db924cf7c 14662 WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_get_error");
wolfSSL 15:117db924cf7c 14663 if (ctx != NULL)
wolfSSL 15:117db924cf7c 14664 return ctx->error;
wolfSSL 15:117db924cf7c 14665 return 0;
wolfSSL 15:117db924cf7c 14666 }
wolfSSL 15:117db924cf7c 14667
wolfSSL 15:117db924cf7c 14668
wolfSSL 15:117db924cf7c 14669 int wolfSSL_X509_STORE_CTX_get_error_depth(WOLFSSL_X509_STORE_CTX* ctx)
wolfSSL 15:117db924cf7c 14670 {
wolfSSL 15:117db924cf7c 14671 WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_get_error_depth");
wolfSSL 15:117db924cf7c 14672 if(ctx)
wolfSSL 15:117db924cf7c 14673 return ctx->error_depth;
wolfSSL 15:117db924cf7c 14674 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 14675 }
wolfSSL 15:117db924cf7c 14676
wolfSSL 15:117db924cf7c 14677 void wolfSSL_X509_STORE_CTX_set_verify_cb(WOLFSSL_X509_STORE_CTX *ctx,
wolfSSL 15:117db924cf7c 14678 WOLFSSL_X509_STORE_CTX_verify_cb verify_cb)
wolfSSL 15:117db924cf7c 14679 {
wolfSSL 15:117db924cf7c 14680 WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_set_verify_cb");
wolfSSL 15:117db924cf7c 14681 if(ctx == NULL)
wolfSSL 15:117db924cf7c 14682 return;
wolfSSL 15:117db924cf7c 14683 ctx->verify_cb = verify_cb;
wolfSSL 15:117db924cf7c 14684 }
wolfSSL 16:8e0d178b1d1e 14685
wolfSSL 16:8e0d178b1d1e 14686 #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL)
wolfSSL 16:8e0d178b1d1e 14687 void wolfSSL_X509_STORE_set_verify_cb(WOLFSSL_X509_STORE *st,
wolfSSL 16:8e0d178b1d1e 14688 WOLFSSL_X509_STORE_CTX_verify_cb verify_cb)
wolfSSL 16:8e0d178b1d1e 14689 {
wolfSSL 16:8e0d178b1d1e 14690 WOLFSSL_ENTER("WOLFSSL_X509_STORE_set_verify_cb");
wolfSSL 16:8e0d178b1d1e 14691 if (st != NULL) {
wolfSSL 16:8e0d178b1d1e 14692 st->verify_cb = verify_cb;
wolfSSL 16:8e0d178b1d1e 14693 }
wolfSSL 16:8e0d178b1d1e 14694 }
wolfSSL 16:8e0d178b1d1e 14695 #endif
wolfSSL 16:8e0d178b1d1e 14696
wolfSSL 16:8e0d178b1d1e 14697
wolfSSL 15:117db924cf7c 14698 #endif /* !NO_CERTS */
wolfSSL 15:117db924cf7c 14699
wolfSSL 16:8e0d178b1d1e 14700 WOLFSSL_BIO_METHOD* wolfSSL_BIO_f_md(void)
wolfSSL 16:8e0d178b1d1e 14701 {
wolfSSL 16:8e0d178b1d1e 14702 static WOLFSSL_BIO_METHOD meth;
wolfSSL 16:8e0d178b1d1e 14703
wolfSSL 16:8e0d178b1d1e 14704 WOLFSSL_ENTER("wolfSSL_BIO_f_md");
wolfSSL 16:8e0d178b1d1e 14705 meth.type = WOLFSSL_BIO_MD;
wolfSSL 16:8e0d178b1d1e 14706
wolfSSL 16:8e0d178b1d1e 14707 return &meth;
wolfSSL 16:8e0d178b1d1e 14708 }
wolfSSL 16:8e0d178b1d1e 14709
wolfSSL 16:8e0d178b1d1e 14710 /* return the context and initialize the BIO state */
wolfSSL 16:8e0d178b1d1e 14711 int wolfSSL_BIO_get_md_ctx(WOLFSSL_BIO *bio, WOLFSSL_EVP_MD_CTX **mdcp)
wolfSSL 16:8e0d178b1d1e 14712 {
wolfSSL 16:8e0d178b1d1e 14713 int ret = WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 14714
wolfSSL 16:8e0d178b1d1e 14715 if ((bio != NULL) && (mdcp != NULL)) {
wolfSSL 16:8e0d178b1d1e 14716 *mdcp = (WOLFSSL_EVP_MD_CTX*)bio->ptr;
wolfSSL 16:8e0d178b1d1e 14717 ret = WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 14718 }
wolfSSL 16:8e0d178b1d1e 14719
wolfSSL 16:8e0d178b1d1e 14720 return ret;
wolfSSL 16:8e0d178b1d1e 14721 }
wolfSSL 16:8e0d178b1d1e 14722
wolfSSL 15:117db924cf7c 14723 WOLFSSL_BIO_METHOD* wolfSSL_BIO_f_buffer(void)
wolfSSL 15:117db924cf7c 14724 {
wolfSSL 15:117db924cf7c 14725 static WOLFSSL_BIO_METHOD meth;
wolfSSL 15:117db924cf7c 14726
wolfSSL 15:117db924cf7c 14727 WOLFSSL_ENTER("BIO_f_buffer");
wolfSSL 15:117db924cf7c 14728 meth.type = WOLFSSL_BIO_BUFFER;
wolfSSL 15:117db924cf7c 14729
wolfSSL 15:117db924cf7c 14730 return &meth;
wolfSSL 15:117db924cf7c 14731 }
wolfSSL 15:117db924cf7c 14732
wolfSSL 15:117db924cf7c 14733 #ifndef NO_WOLFSSL_STUB
wolfSSL 15:117db924cf7c 14734 long wolfSSL_BIO_set_write_buffer_size(WOLFSSL_BIO* bio, long size)
wolfSSL 15:117db924cf7c 14735 {
wolfSSL 15:117db924cf7c 14736 /* wolfSSL has internal buffer, compatibility only */
wolfSSL 15:117db924cf7c 14737 WOLFSSL_ENTER("BIO_set_write_buffer_size");
wolfSSL 15:117db924cf7c 14738 WOLFSSL_STUB("BIO_set_write_buffer_size");
wolfSSL 15:117db924cf7c 14739 (void)bio;
wolfSSL 15:117db924cf7c 14740 return size;
wolfSSL 15:117db924cf7c 14741 }
wolfSSL 15:117db924cf7c 14742 #endif
wolfSSL 15:117db924cf7c 14743
wolfSSL 15:117db924cf7c 14744 WOLFSSL_BIO_METHOD* wolfSSL_BIO_s_bio(void)
wolfSSL 15:117db924cf7c 14745 {
wolfSSL 15:117db924cf7c 14746 static WOLFSSL_BIO_METHOD bio_meth;
wolfSSL 15:117db924cf7c 14747
wolfSSL 16:8e0d178b1d1e 14748 WOLFSSL_ENTER("wolfSSL_BIO_s_bio");
wolfSSL 15:117db924cf7c 14749 bio_meth.type = WOLFSSL_BIO_BIO;
wolfSSL 15:117db924cf7c 14750
wolfSSL 15:117db924cf7c 14751 return &bio_meth;
wolfSSL 15:117db924cf7c 14752 }
wolfSSL 15:117db924cf7c 14753
wolfSSL 15:117db924cf7c 14754
wolfSSL 15:117db924cf7c 14755 #ifndef NO_FILESYSTEM
wolfSSL 15:117db924cf7c 14756 WOLFSSL_BIO_METHOD* wolfSSL_BIO_s_file(void)
wolfSSL 15:117db924cf7c 14757 {
wolfSSL 15:117db924cf7c 14758 static WOLFSSL_BIO_METHOD file_meth;
wolfSSL 15:117db924cf7c 14759
wolfSSL 16:8e0d178b1d1e 14760 WOLFSSL_ENTER("wolfSSL_BIO_s_file");
wolfSSL 15:117db924cf7c 14761 file_meth.type = WOLFSSL_BIO_FILE;
wolfSSL 15:117db924cf7c 14762
wolfSSL 15:117db924cf7c 14763 return &file_meth;
wolfSSL 15:117db924cf7c 14764 }
wolfSSL 15:117db924cf7c 14765 #endif
wolfSSL 15:117db924cf7c 14766
wolfSSL 15:117db924cf7c 14767
wolfSSL 15:117db924cf7c 14768 WOLFSSL_BIO_METHOD* wolfSSL_BIO_f_ssl(void)
wolfSSL 15:117db924cf7c 14769 {
wolfSSL 15:117db924cf7c 14770 static WOLFSSL_BIO_METHOD meth;
wolfSSL 15:117db924cf7c 14771
wolfSSL 16:8e0d178b1d1e 14772 WOLFSSL_ENTER("wolfSSL_BIO_f_ssl");
wolfSSL 15:117db924cf7c 14773 meth.type = WOLFSSL_BIO_SSL;
wolfSSL 15:117db924cf7c 14774
wolfSSL 15:117db924cf7c 14775 return &meth;
wolfSSL 15:117db924cf7c 14776 }
wolfSSL 15:117db924cf7c 14777
wolfSSL 15:117db924cf7c 14778
wolfSSL 15:117db924cf7c 14779 WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_socket(void)
wolfSSL 15:117db924cf7c 14780 {
wolfSSL 15:117db924cf7c 14781 static WOLFSSL_BIO_METHOD meth;
wolfSSL 15:117db924cf7c 14782
wolfSSL 16:8e0d178b1d1e 14783 WOLFSSL_ENTER("wolfSSL_BIO_s_socket");
wolfSSL 15:117db924cf7c 14784 meth.type = WOLFSSL_BIO_SOCKET;
wolfSSL 15:117db924cf7c 14785
wolfSSL 15:117db924cf7c 14786 return &meth;
wolfSSL 15:117db924cf7c 14787 }
wolfSSL 15:117db924cf7c 14788
wolfSSL 15:117db924cf7c 14789
wolfSSL 15:117db924cf7c 14790 WOLFSSL_BIO* wolfSSL_BIO_new_socket(int sfd, int closeF)
wolfSSL 15:117db924cf7c 14791 {
wolfSSL 15:117db924cf7c 14792 WOLFSSL_BIO* bio = wolfSSL_BIO_new(wolfSSL_BIO_s_socket());
wolfSSL 15:117db924cf7c 14793
wolfSSL 15:117db924cf7c 14794 WOLFSSL_ENTER("BIO_new_socket");
wolfSSL 15:117db924cf7c 14795 if (bio) {
wolfSSL 15:117db924cf7c 14796 bio->type = WOLFSSL_BIO_SOCKET;
wolfSSL 16:8e0d178b1d1e 14797 bio->shutdown = (byte)closeF;
wolfSSL 16:8e0d178b1d1e 14798 bio->num = sfd;
wolfSSL 15:117db924cf7c 14799 }
wolfSSL 15:117db924cf7c 14800 return bio;
wolfSSL 15:117db924cf7c 14801 }
wolfSSL 15:117db924cf7c 14802
wolfSSL 15:117db924cf7c 14803
wolfSSL 15:117db924cf7c 14804 int wolfSSL_BIO_eof(WOLFSSL_BIO* b)
wolfSSL 15:117db924cf7c 14805 {
wolfSSL 15:117db924cf7c 14806 WOLFSSL_ENTER("BIO_eof");
wolfSSL 16:8e0d178b1d1e 14807 if ((b != NULL) && (b->eof))
wolfSSL 15:117db924cf7c 14808 return 1;
wolfSSL 15:117db924cf7c 14809
wolfSSL 15:117db924cf7c 14810 return 0;
wolfSSL 15:117db924cf7c 14811 }
wolfSSL 15:117db924cf7c 14812
wolfSSL 15:117db924cf7c 14813
wolfSSL 15:117db924cf7c 14814 long wolfSSL_BIO_set_ssl(WOLFSSL_BIO* b, WOLFSSL* ssl, int closeF)
wolfSSL 15:117db924cf7c 14815 {
wolfSSL 15:117db924cf7c 14816 WOLFSSL_ENTER("wolfSSL_BIO_set_ssl");
wolfSSL 15:117db924cf7c 14817
wolfSSL 15:117db924cf7c 14818 if (b != NULL) {
wolfSSL 16:8e0d178b1d1e 14819 b->ptr = ssl;
wolfSSL 16:8e0d178b1d1e 14820 b->shutdown = (byte)closeF;
wolfSSL 15:117db924cf7c 14821 /* add to ssl for bio free if SSL_free called before/instead of free_all? */
wolfSSL 15:117db924cf7c 14822 }
wolfSSL 15:117db924cf7c 14823
wolfSSL 15:117db924cf7c 14824 return 0;
wolfSSL 15:117db924cf7c 14825 }
wolfSSL 15:117db924cf7c 14826
wolfSSL 16:8e0d178b1d1e 14827 #ifndef NO_FILESYSTEM
wolfSSL 15:117db924cf7c 14828 long wolfSSL_BIO_set_fd(WOLFSSL_BIO* b, int fd, int closeF)
wolfSSL 15:117db924cf7c 14829 {
wolfSSL 15:117db924cf7c 14830 WOLFSSL_ENTER("wolfSSL_BIO_set_fd");
wolfSSL 15:117db924cf7c 14831
wolfSSL 15:117db924cf7c 14832 if (b != NULL) {
wolfSSL 16:8e0d178b1d1e 14833 b->num = fd;
wolfSSL 16:8e0d178b1d1e 14834 b->shutdown = (byte)closeF;
wolfSSL 16:8e0d178b1d1e 14835 }
wolfSSL 16:8e0d178b1d1e 14836
wolfSSL 16:8e0d178b1d1e 14837 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 14838 }
wolfSSL 16:8e0d178b1d1e 14839 #endif
wolfSSL 16:8e0d178b1d1e 14840
wolfSSL 16:8e0d178b1d1e 14841 /* Sets the close flag */
wolfSSL 16:8e0d178b1d1e 14842 int wolfSSL_BIO_set_close(WOLFSSL_BIO *b, long flag)
wolfSSL 16:8e0d178b1d1e 14843 {
wolfSSL 16:8e0d178b1d1e 14844 WOLFSSL_ENTER("wolfSSL_BIO_set_close");
wolfSSL 16:8e0d178b1d1e 14845 if (b != NULL) {
wolfSSL 16:8e0d178b1d1e 14846 b->shutdown = (byte)flag;
wolfSSL 15:117db924cf7c 14847 }
wolfSSL 15:117db924cf7c 14848
wolfSSL 15:117db924cf7c 14849 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 14850 }
wolfSSL 15:117db924cf7c 14851
wolfSSL 15:117db924cf7c 14852
wolfSSL 15:117db924cf7c 14853 WOLFSSL_BIO* wolfSSL_BIO_new(WOLFSSL_BIO_METHOD* method)
wolfSSL 15:117db924cf7c 14854 {
wolfSSL 16:8e0d178b1d1e 14855 WOLFSSL_BIO* bio;
wolfSSL 16:8e0d178b1d1e 14856
wolfSSL 15:117db924cf7c 14857 WOLFSSL_ENTER("wolfSSL_BIO_new");
wolfSSL 16:8e0d178b1d1e 14858 if (method == NULL) {
wolfSSL 16:8e0d178b1d1e 14859 WOLFSSL_MSG("Bad method pointer passed in");
wolfSSL 16:8e0d178b1d1e 14860 return NULL;
wolfSSL 16:8e0d178b1d1e 14861 }
wolfSSL 16:8e0d178b1d1e 14862
wolfSSL 16:8e0d178b1d1e 14863 bio = (WOLFSSL_BIO*) XMALLOC(sizeof(WOLFSSL_BIO), 0,
wolfSSL 16:8e0d178b1d1e 14864 DYNAMIC_TYPE_OPENSSL);
wolfSSL 15:117db924cf7c 14865 if (bio) {
wolfSSL 15:117db924cf7c 14866 XMEMSET(bio, 0, sizeof(WOLFSSL_BIO));
wolfSSL 16:8e0d178b1d1e 14867 bio->type = (byte)method->type;
wolfSSL 16:8e0d178b1d1e 14868 bio->method = method;
wolfSSL 16:8e0d178b1d1e 14869 bio->shutdown = BIO_CLOSE; /* default to close things */
wolfSSL 16:8e0d178b1d1e 14870 bio->init = 1;
wolfSSL 15:117db924cf7c 14871 if (method->type != WOLFSSL_BIO_FILE &&
wolfSSL 16:8e0d178b1d1e 14872 method->type != WOLFSSL_BIO_SOCKET &&
wolfSSL 16:8e0d178b1d1e 14873 method->type != WOLFSSL_BIO_MD) {
wolfSSL 15:117db924cf7c 14874 bio->mem_buf =(WOLFSSL_BUF_MEM*)XMALLOC(sizeof(WOLFSSL_BUF_MEM),
wolfSSL 15:117db924cf7c 14875 0, DYNAMIC_TYPE_OPENSSL);
wolfSSL 15:117db924cf7c 14876 if (bio->mem_buf == NULL) {
wolfSSL 15:117db924cf7c 14877 WOLFSSL_MSG("Memory error");
wolfSSL 15:117db924cf7c 14878 wolfSSL_BIO_free(bio);
wolfSSL 15:117db924cf7c 14879 return NULL;
wolfSSL 15:117db924cf7c 14880 }
wolfSSL 16:8e0d178b1d1e 14881 bio->mem_buf->data = (char*)bio->ptr;
wolfSSL 16:8e0d178b1d1e 14882 }
wolfSSL 16:8e0d178b1d1e 14883
wolfSSL 16:8e0d178b1d1e 14884 if (method->type == WOLFSSL_BIO_MD) {
wolfSSL 16:8e0d178b1d1e 14885 bio->ptr = wolfSSL_EVP_MD_CTX_new();
wolfSSL 16:8e0d178b1d1e 14886 if (bio->ptr == NULL) {
wolfSSL 16:8e0d178b1d1e 14887 WOLFSSL_MSG("Memory error");
wolfSSL 16:8e0d178b1d1e 14888 wolfSSL_BIO_free(bio);
wolfSSL 16:8e0d178b1d1e 14889 return NULL;
wolfSSL 16:8e0d178b1d1e 14890 }
wolfSSL 16:8e0d178b1d1e 14891 }
wolfSSL 16:8e0d178b1d1e 14892
wolfSSL 16:8e0d178b1d1e 14893 /* check if is custom method */
wolfSSL 16:8e0d178b1d1e 14894 if (method->createCb) {
wolfSSL 16:8e0d178b1d1e 14895 method->createCb(bio);
wolfSSL 15:117db924cf7c 14896 }
wolfSSL 15:117db924cf7c 14897 }
wolfSSL 15:117db924cf7c 14898 return bio;
wolfSSL 15:117db924cf7c 14899 }
wolfSSL 15:117db924cf7c 14900
wolfSSL 16:8e0d178b1d1e 14901 WOLFSSL_BIO* wolfSSL_BIO_new_mem_buf(const void* buf, int len)
wolfSSL 15:117db924cf7c 14902 {
wolfSSL 15:117db924cf7c 14903 WOLFSSL_BIO* bio = NULL;
wolfSSL 15:117db924cf7c 14904
wolfSSL 15:117db924cf7c 14905 if (buf == NULL || len < 0) {
wolfSSL 15:117db924cf7c 14906 return bio;
wolfSSL 15:117db924cf7c 14907 }
wolfSSL 15:117db924cf7c 14908
wolfSSL 15:117db924cf7c 14909 bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem());
wolfSSL 15:117db924cf7c 14910 if (bio == NULL) {
wolfSSL 15:117db924cf7c 14911 return bio;
wolfSSL 15:117db924cf7c 14912 }
wolfSSL 15:117db924cf7c 14913
wolfSSL 16:8e0d178b1d1e 14914 bio->num = bio->wrSz = len;
wolfSSL 16:8e0d178b1d1e 14915 bio->ptr = (byte*)XMALLOC(len, 0, DYNAMIC_TYPE_OPENSSL);
wolfSSL 16:8e0d178b1d1e 14916 if (bio->ptr == NULL) {
wolfSSL 15:117db924cf7c 14917 wolfSSL_BIO_free(bio);
wolfSSL 15:117db924cf7c 14918 return NULL;
wolfSSL 15:117db924cf7c 14919 }
wolfSSL 15:117db924cf7c 14920 if (bio->mem_buf != NULL) {
wolfSSL 16:8e0d178b1d1e 14921 bio->mem_buf->data = (char*)bio->ptr;
wolfSSL 16:8e0d178b1d1e 14922 bio->mem_buf->length = bio->num;
wolfSSL 16:8e0d178b1d1e 14923 }
wolfSSL 16:8e0d178b1d1e 14924
wolfSSL 16:8e0d178b1d1e 14925 XMEMCPY(bio->ptr, buf, len);
wolfSSL 15:117db924cf7c 14926
wolfSSL 15:117db924cf7c 14927 return bio;
wolfSSL 15:117db924cf7c 14928 }
wolfSSL 15:117db924cf7c 14929
wolfSSL 15:117db924cf7c 14930 /*
wolfSSL 15:117db924cf7c 14931 * Note : If the flag BIO_NOCLOSE is set then freeing memory buffers is up
wolfSSL 15:117db924cf7c 14932 * to the application.
wolfSSL 16:8e0d178b1d1e 14933 * Returns 1 on success, 0 on failure
wolfSSL 15:117db924cf7c 14934 */
wolfSSL 15:117db924cf7c 14935 int wolfSSL_BIO_free(WOLFSSL_BIO* bio)
wolfSSL 15:117db924cf7c 14936 {
wolfSSL 16:8e0d178b1d1e 14937 int ret;
wolfSSL 16:8e0d178b1d1e 14938
wolfSSL 15:117db924cf7c 14939 /* unchain?, doesn't matter in goahead since from free all */
wolfSSL 15:117db924cf7c 14940 WOLFSSL_ENTER("wolfSSL_BIO_free");
wolfSSL 15:117db924cf7c 14941 if (bio) {
wolfSSL 16:8e0d178b1d1e 14942
wolfSSL 16:8e0d178b1d1e 14943 if (bio->infoCb) {
wolfSSL 16:8e0d178b1d1e 14944 /* info callback is called before free */
wolfSSL 16:8e0d178b1d1e 14945 ret = (int)bio->infoCb(bio, WOLFSSL_BIO_CB_FREE, NULL, 0, 0, 1);
wolfSSL 16:8e0d178b1d1e 14946 if (ret <= 0) {
wolfSSL 16:8e0d178b1d1e 14947 return ret;
wolfSSL 16:8e0d178b1d1e 14948 }
wolfSSL 16:8e0d178b1d1e 14949 }
wolfSSL 16:8e0d178b1d1e 14950
wolfSSL 16:8e0d178b1d1e 14951 /* call custom set free callback */
wolfSSL 16:8e0d178b1d1e 14952 if (bio->method && bio->method->freeCb) {
wolfSSL 16:8e0d178b1d1e 14953 bio->method->freeCb(bio);
wolfSSL 16:8e0d178b1d1e 14954 }
wolfSSL 16:8e0d178b1d1e 14955
wolfSSL 15:117db924cf7c 14956 /* remove from pair by setting the paired bios pair to NULL */
wolfSSL 15:117db924cf7c 14957 if (bio->pair != NULL) {
wolfSSL 15:117db924cf7c 14958 bio->pair->pair = NULL;
wolfSSL 15:117db924cf7c 14959 }
wolfSSL 15:117db924cf7c 14960
wolfSSL 16:8e0d178b1d1e 14961 if (bio->shutdown) {
wolfSSL 16:8e0d178b1d1e 14962 if (bio->type == WOLFSSL_BIO_SSL && bio->ptr)
wolfSSL 16:8e0d178b1d1e 14963 wolfSSL_free((WOLFSSL*)bio->ptr);
wolfSSL 16:8e0d178b1d1e 14964 #ifdef CloseSocket
wolfSSL 16:8e0d178b1d1e 14965 if (bio->type == WOLFSSL_BIO_SOCKET && bio->num)
wolfSSL 16:8e0d178b1d1e 14966 CloseSocket(bio->num);
wolfSSL 16:8e0d178b1d1e 14967 #endif
wolfSSL 15:117db924cf7c 14968 }
wolfSSL 15:117db924cf7c 14969
wolfSSL 15:117db924cf7c 14970 #ifndef NO_FILESYSTEM
wolfSSL 16:8e0d178b1d1e 14971 if (bio->type == WOLFSSL_BIO_FILE && bio->shutdown == BIO_CLOSE) {
wolfSSL 16:8e0d178b1d1e 14972 if (bio->ptr) {
wolfSSL 16:8e0d178b1d1e 14973 XFCLOSE((XFILE)bio->ptr);
wolfSSL 16:8e0d178b1d1e 14974 }
wolfSSL 16:8e0d178b1d1e 14975 }
wolfSSL 16:8e0d178b1d1e 14976 #endif
wolfSSL 16:8e0d178b1d1e 14977
wolfSSL 16:8e0d178b1d1e 14978 if (bio->shutdown != BIO_NOCLOSE) {
wolfSSL 16:8e0d178b1d1e 14979 if (bio->type == WOLFSSL_BIO_MEMORY && bio->ptr != NULL) {
wolfSSL 15:117db924cf7c 14980 if (bio->mem_buf != NULL) {
wolfSSL 16:8e0d178b1d1e 14981 if (bio->mem_buf->data != (char*)bio->ptr) {
wolfSSL 16:8e0d178b1d1e 14982 XFREE(bio->ptr, bio->heap, DYNAMIC_TYPE_OPENSSL);
wolfSSL 16:8e0d178b1d1e 14983 bio->ptr = NULL;
wolfSSL 15:117db924cf7c 14984 }
wolfSSL 15:117db924cf7c 14985 }
wolfSSL 15:117db924cf7c 14986 else {
wolfSSL 16:8e0d178b1d1e 14987 XFREE(bio->ptr, bio->heap, DYNAMIC_TYPE_OPENSSL);
wolfSSL 16:8e0d178b1d1e 14988 bio->ptr = NULL;
wolfSSL 15:117db924cf7c 14989 }
wolfSSL 15:117db924cf7c 14990 }
wolfSSL 15:117db924cf7c 14991 if (bio->mem_buf != NULL) {
wolfSSL 15:117db924cf7c 14992 wolfSSL_BUF_MEM_free(bio->mem_buf);
wolfSSL 15:117db924cf7c 14993 bio->mem_buf = NULL;
wolfSSL 15:117db924cf7c 14994 }
wolfSSL 15:117db924cf7c 14995 }
wolfSSL 15:117db924cf7c 14996
wolfSSL 16:8e0d178b1d1e 14997 if (bio->type == WOLFSSL_BIO_MD) {
wolfSSL 16:8e0d178b1d1e 14998 wolfSSL_EVP_MD_CTX_free((WOLFSSL_EVP_MD_CTX*)bio->ptr);
wolfSSL 16:8e0d178b1d1e 14999 }
wolfSSL 16:8e0d178b1d1e 15000
wolfSSL 15:117db924cf7c 15001 XFREE(bio, 0, DYNAMIC_TYPE_OPENSSL);
wolfSSL 15:117db924cf7c 15002 }
wolfSSL 16:8e0d178b1d1e 15003 return 1;
wolfSSL 16:8e0d178b1d1e 15004 }
wolfSSL 16:8e0d178b1d1e 15005
wolfSSL 16:8e0d178b1d1e 15006 /* like BIO_free, but no return value */
wolfSSL 16:8e0d178b1d1e 15007 void wolfSSL_BIO_vfree(WOLFSSL_BIO* bio)
wolfSSL 16:8e0d178b1d1e 15008 {
wolfSSL 16:8e0d178b1d1e 15009 wolfSSL_BIO_free(bio);
wolfSSL 15:117db924cf7c 15010 }
wolfSSL 15:117db924cf7c 15011
wolfSSL 15:117db924cf7c 15012
wolfSSL 15:117db924cf7c 15013 int wolfSSL_BIO_free_all(WOLFSSL_BIO* bio)
wolfSSL 15:117db924cf7c 15014 {
wolfSSL 15:117db924cf7c 15015 WOLFSSL_ENTER("BIO_free_all");
wolfSSL 15:117db924cf7c 15016 while (bio) {
wolfSSL 15:117db924cf7c 15017 WOLFSSL_BIO* next = bio->next;
wolfSSL 15:117db924cf7c 15018 wolfSSL_BIO_free(bio);
wolfSSL 15:117db924cf7c 15019 bio = next;
wolfSSL 15:117db924cf7c 15020 }
wolfSSL 15:117db924cf7c 15021 return 0;
wolfSSL 15:117db924cf7c 15022 }
wolfSSL 15:117db924cf7c 15023
wolfSSL 15:117db924cf7c 15024
wolfSSL 15:117db924cf7c 15025 WOLFSSL_BIO* wolfSSL_BIO_push(WOLFSSL_BIO* top, WOLFSSL_BIO* append)
wolfSSL 15:117db924cf7c 15026 {
wolfSSL 15:117db924cf7c 15027 WOLFSSL_ENTER("BIO_push");
wolfSSL 15:117db924cf7c 15028 top->next = append;
wolfSSL 15:117db924cf7c 15029 append->prev = top;
wolfSSL 15:117db924cf7c 15030
wolfSSL 15:117db924cf7c 15031 return top;
wolfSSL 15:117db924cf7c 15032 }
wolfSSL 15:117db924cf7c 15033 #endif /* OPENSSL_EXTRA */
wolfSSL 15:117db924cf7c 15034
wolfSSL 15:117db924cf7c 15035 #ifdef WOLFSSL_ENCRYPTED_KEYS
wolfSSL 15:117db924cf7c 15036
wolfSSL 15:117db924cf7c 15037 void wolfSSL_CTX_set_default_passwd_cb_userdata(WOLFSSL_CTX* ctx,
wolfSSL 15:117db924cf7c 15038 void* userdata)
wolfSSL 15:117db924cf7c 15039 {
wolfSSL 15:117db924cf7c 15040 WOLFSSL_ENTER("SSL_CTX_set_default_passwd_cb_userdata");
wolfSSL 16:8e0d178b1d1e 15041 if (ctx)
wolfSSL 16:8e0d178b1d1e 15042 ctx->passwd_userdata = userdata;
wolfSSL 15:117db924cf7c 15043 }
wolfSSL 15:117db924cf7c 15044
wolfSSL 15:117db924cf7c 15045
wolfSSL 15:117db924cf7c 15046 void wolfSSL_CTX_set_default_passwd_cb(WOLFSSL_CTX* ctx,pem_password_cb* cb)
wolfSSL 15:117db924cf7c 15047 {
wolfSSL 15:117db924cf7c 15048 WOLFSSL_ENTER("SSL_CTX_set_default_passwd_cb");
wolfSSL 16:8e0d178b1d1e 15049 if (ctx)
wolfSSL 15:117db924cf7c 15050 ctx->passwd_cb = cb;
wolfSSL 15:117db924cf7c 15051 }
wolfSSL 15:117db924cf7c 15052
wolfSSL 15:117db924cf7c 15053 pem_password_cb* wolfSSL_CTX_get_default_passwd_cb(WOLFSSL_CTX *ctx)
wolfSSL 15:117db924cf7c 15054 {
wolfSSL 15:117db924cf7c 15055 if (ctx == NULL || ctx->passwd_cb == NULL) {
wolfSSL 15:117db924cf7c 15056 return NULL;
wolfSSL 15:117db924cf7c 15057 }
wolfSSL 15:117db924cf7c 15058
wolfSSL 15:117db924cf7c 15059 return ctx->passwd_cb;
wolfSSL 15:117db924cf7c 15060 }
wolfSSL 15:117db924cf7c 15061
wolfSSL 15:117db924cf7c 15062
wolfSSL 15:117db924cf7c 15063 void* wolfSSL_CTX_get_default_passwd_cb_userdata(WOLFSSL_CTX *ctx)
wolfSSL 15:117db924cf7c 15064 {
wolfSSL 15:117db924cf7c 15065 if (ctx == NULL) {
wolfSSL 15:117db924cf7c 15066 return NULL;
wolfSSL 15:117db924cf7c 15067 }
wolfSSL 15:117db924cf7c 15068
wolfSSL 15:117db924cf7c 15069 return ctx->passwd_userdata;
wolfSSL 15:117db924cf7c 15070 }
wolfSSL 15:117db924cf7c 15071
wolfSSL 15:117db924cf7c 15072 #endif /* WOLFSSL_ENCRYPTED_KEYS */
wolfSSL 15:117db924cf7c 15073
wolfSSL 15:117db924cf7c 15074
wolfSSL 15:117db924cf7c 15075 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
wolfSSL 15:117db924cf7c 15076 int wolfSSL_num_locks(void)
wolfSSL 15:117db924cf7c 15077 {
wolfSSL 15:117db924cf7c 15078 return 0;
wolfSSL 15:117db924cf7c 15079 }
wolfSSL 15:117db924cf7c 15080
wolfSSL 15:117db924cf7c 15081 void wolfSSL_set_locking_callback(void (*f)(int, int, const char*, int))
wolfSSL 15:117db924cf7c 15082 {
wolfSSL 15:117db924cf7c 15083 WOLFSSL_ENTER("wolfSSL_set_locking_callback");
wolfSSL 15:117db924cf7c 15084
wolfSSL 15:117db924cf7c 15085 if (wc_SetMutexCb(f) != 0) {
wolfSSL 15:117db924cf7c 15086 WOLFSSL_MSG("Error when setting mutex call back");
wolfSSL 15:117db924cf7c 15087 }
wolfSSL 15:117db924cf7c 15088 }
wolfSSL 15:117db924cf7c 15089
wolfSSL 15:117db924cf7c 15090
wolfSSL 15:117db924cf7c 15091 typedef unsigned long (idCb)(void);
wolfSSL 15:117db924cf7c 15092 static idCb* inner_idCb = NULL;
wolfSSL 15:117db924cf7c 15093
wolfSSL 15:117db924cf7c 15094 unsigned long wolfSSL_thread_id(void)
wolfSSL 15:117db924cf7c 15095 {
wolfSSL 15:117db924cf7c 15096 if (inner_idCb != NULL) {
wolfSSL 15:117db924cf7c 15097 return inner_idCb();
wolfSSL 15:117db924cf7c 15098 }
wolfSSL 15:117db924cf7c 15099 else {
wolfSSL 15:117db924cf7c 15100 return 0;
wolfSSL 15:117db924cf7c 15101 }
wolfSSL 15:117db924cf7c 15102 }
wolfSSL 15:117db924cf7c 15103
wolfSSL 15:117db924cf7c 15104
wolfSSL 15:117db924cf7c 15105 void wolfSSL_set_id_callback(unsigned long (*f)(void))
wolfSSL 15:117db924cf7c 15106 {
wolfSSL 15:117db924cf7c 15107 inner_idCb = f;
wolfSSL 15:117db924cf7c 15108 }
wolfSSL 15:117db924cf7c 15109
wolfSSL 15:117db924cf7c 15110 unsigned long wolfSSL_ERR_get_error(void)
wolfSSL 15:117db924cf7c 15111 {
wolfSSL 15:117db924cf7c 15112 WOLFSSL_ENTER("wolfSSL_ERR_get_error");
wolfSSL 15:117db924cf7c 15113
wolfSSL 15:117db924cf7c 15114 #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
wolfSSL 15:117db924cf7c 15115 {
wolfSSL 15:117db924cf7c 15116 unsigned long ret = wolfSSL_ERR_peek_error_line_data(NULL, NULL,
wolfSSL 15:117db924cf7c 15117 NULL, NULL);
wolfSSL 15:117db924cf7c 15118 wc_RemoveErrorNode(-1);
wolfSSL 15:117db924cf7c 15119 return ret;
wolfSSL 15:117db924cf7c 15120 }
wolfSSL 15:117db924cf7c 15121 #elif (defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE))
wolfSSL 15:117db924cf7c 15122 {
wolfSSL 15:117db924cf7c 15123 int ret = wc_PullErrorNode(NULL, NULL, NULL);
wolfSSL 15:117db924cf7c 15124
wolfSSL 15:117db924cf7c 15125 if (ret < 0) {
wolfSSL 15:117db924cf7c 15126 if (ret == BAD_STATE_E) return 0; /* no errors in queue */
wolfSSL 15:117db924cf7c 15127 WOLFSSL_MSG("Error with pulling error node!");
wolfSSL 15:117db924cf7c 15128 WOLFSSL_LEAVE("wolfSSL_ERR_get_error", ret);
wolfSSL 15:117db924cf7c 15129 ret = 0 - ret; /* return absolute value of error */
wolfSSL 15:117db924cf7c 15130
wolfSSL 15:117db924cf7c 15131 /* panic and try to clear out nodes */
wolfSSL 15:117db924cf7c 15132 wc_ClearErrorNodes();
wolfSSL 15:117db924cf7c 15133 }
wolfSSL 15:117db924cf7c 15134
wolfSSL 15:117db924cf7c 15135 return (unsigned long)ret;
wolfSSL 15:117db924cf7c 15136 }
wolfSSL 15:117db924cf7c 15137 #else
wolfSSL 15:117db924cf7c 15138 return (unsigned long)(0 - NOT_COMPILED_IN);
wolfSSL 15:117db924cf7c 15139 #endif
wolfSSL 15:117db924cf7c 15140 }
wolfSSL 15:117db924cf7c 15141
wolfSSL 16:8e0d178b1d1e 15142 #if (defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE))
wolfSSL 16:8e0d178b1d1e 15143 /* print out and clear all errors */
wolfSSL 16:8e0d178b1d1e 15144 void wolfSSL_ERR_print_errors(WOLFSSL_BIO* bio)
wolfSSL 16:8e0d178b1d1e 15145 {
wolfSSL 16:8e0d178b1d1e 15146 const char* file = NULL;
wolfSSL 16:8e0d178b1d1e 15147 const char* reason = NULL;
wolfSSL 16:8e0d178b1d1e 15148 int ret;
wolfSSL 16:8e0d178b1d1e 15149 int line = 0;
wolfSSL 16:8e0d178b1d1e 15150 char buf[WOLFSSL_MAX_ERROR_SZ * 2];
wolfSSL 16:8e0d178b1d1e 15151
wolfSSL 16:8e0d178b1d1e 15152 WOLFSSL_ENTER("wolfSSL_ERR_print_errors");
wolfSSL 16:8e0d178b1d1e 15153
wolfSSL 16:8e0d178b1d1e 15154 if (bio == NULL) {
wolfSSL 16:8e0d178b1d1e 15155 WOLFSSL_MSG("BIO passed in was null");
wolfSSL 16:8e0d178b1d1e 15156 return;
wolfSSL 16:8e0d178b1d1e 15157 }
wolfSSL 16:8e0d178b1d1e 15158
wolfSSL 16:8e0d178b1d1e 15159 do {
wolfSSL 16:8e0d178b1d1e 15160 ret = wc_PeekErrorNode(0, &file, &reason, &line);
wolfSSL 16:8e0d178b1d1e 15161 if (ret >= 0) {
wolfSSL 16:8e0d178b1d1e 15162 const char* r = wolfSSL_ERR_reason_error_string(0 - ret);
wolfSSL 16:8e0d178b1d1e 15163 XSNPRINTF(buf, sizeof(buf), "error:%d:wolfSSL library:%s:%s:%d\n",
wolfSSL 16:8e0d178b1d1e 15164 ret, r, file, line);
wolfSSL 16:8e0d178b1d1e 15165 wolfSSL_BIO_write(bio, buf, (int)XSTRLEN(buf));
wolfSSL 16:8e0d178b1d1e 15166 wc_RemoveErrorNode(0);
wolfSSL 16:8e0d178b1d1e 15167 }
wolfSSL 16:8e0d178b1d1e 15168 } while (ret >= 0);
wolfSSL 16:8e0d178b1d1e 15169 }
wolfSSL 16:8e0d178b1d1e 15170 #endif /* OPENSSL_EXTRA || DEBUG_WOLFSSL_VERBOSE */
wolfSSL 16:8e0d178b1d1e 15171
wolfSSL 15:117db924cf7c 15172 #endif /* OPENSSL_EXTRA || HAVE_WEBSERVER */
wolfSSL 15:117db924cf7c 15173
wolfSSL 15:117db924cf7c 15174 #ifdef OPENSSL_EXTRA
wolfSSL 15:117db924cf7c 15175
wolfSSL 15:117db924cf7c 15176 #if !defined(NO_WOLFSSL_SERVER)
wolfSSL 15:117db924cf7c 15177 size_t wolfSSL_get_server_random(const WOLFSSL *ssl, unsigned char *out,
wolfSSL 15:117db924cf7c 15178 size_t outSz)
wolfSSL 15:117db924cf7c 15179 {
wolfSSL 15:117db924cf7c 15180 size_t size;
wolfSSL 15:117db924cf7c 15181
wolfSSL 15:117db924cf7c 15182 /* return max size of buffer */
wolfSSL 15:117db924cf7c 15183 if (outSz == 0) {
wolfSSL 15:117db924cf7c 15184 return RAN_LEN;
wolfSSL 15:117db924cf7c 15185 }
wolfSSL 15:117db924cf7c 15186
wolfSSL 15:117db924cf7c 15187 if (ssl == NULL || out == NULL) {
wolfSSL 15:117db924cf7c 15188 return 0;
wolfSSL 15:117db924cf7c 15189 }
wolfSSL 15:117db924cf7c 15190
wolfSSL 15:117db924cf7c 15191 if (ssl->options.saveArrays == 0 || ssl->arrays == NULL) {
wolfSSL 15:117db924cf7c 15192 WOLFSSL_MSG("Arrays struct not saved after handshake");
wolfSSL 15:117db924cf7c 15193 return 0;
wolfSSL 15:117db924cf7c 15194 }
wolfSSL 15:117db924cf7c 15195
wolfSSL 15:117db924cf7c 15196 if (outSz > RAN_LEN) {
wolfSSL 15:117db924cf7c 15197 size = RAN_LEN;
wolfSSL 15:117db924cf7c 15198 }
wolfSSL 15:117db924cf7c 15199 else {
wolfSSL 15:117db924cf7c 15200 size = outSz;
wolfSSL 15:117db924cf7c 15201 }
wolfSSL 15:117db924cf7c 15202
wolfSSL 15:117db924cf7c 15203 XMEMCPY(out, ssl->arrays->serverRandom, size);
wolfSSL 15:117db924cf7c 15204 return size;
wolfSSL 15:117db924cf7c 15205 }
wolfSSL 16:8e0d178b1d1e 15206
wolfSSL 16:8e0d178b1d1e 15207
wolfSSL 16:8e0d178b1d1e 15208 /* Used to get the peer ephemeral public key sent during the connection
wolfSSL 16:8e0d178b1d1e 15209 * NOTE: currently wolfSSL_KeepHandshakeResources(WOLFSSL* ssl) must be called
wolfSSL 16:8e0d178b1d1e 15210 * before the ephemeral key is stored.
wolfSSL 16:8e0d178b1d1e 15211 * return WOLFSSL_SUCCESS on success */
wolfSSL 16:8e0d178b1d1e 15212 int wolfSSL_get_server_tmp_key(const WOLFSSL* ssl, WOLFSSL_EVP_PKEY** pkey)
wolfSSL 16:8e0d178b1d1e 15213 {
wolfSSL 16:8e0d178b1d1e 15214 WOLFSSL_EVP_PKEY* ret = NULL;
wolfSSL 16:8e0d178b1d1e 15215
wolfSSL 16:8e0d178b1d1e 15216 WOLFSSL_ENTER("wolfSSL_get_server_tmp_key");
wolfSSL 16:8e0d178b1d1e 15217
wolfSSL 16:8e0d178b1d1e 15218 if (ssl == NULL || pkey == NULL) {
wolfSSL 16:8e0d178b1d1e 15219 WOLFSSL_MSG("Bad argument passed in");
wolfSSL 16:8e0d178b1d1e 15220 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 15221 }
wolfSSL 16:8e0d178b1d1e 15222
wolfSSL 16:8e0d178b1d1e 15223 #ifdef HAVE_ECC
wolfSSL 16:8e0d178b1d1e 15224 if (ssl->peerEccKey != NULL) {
wolfSSL 16:8e0d178b1d1e 15225 unsigned char* der;
wolfSSL 16:8e0d178b1d1e 15226 const unsigned char* pt;
wolfSSL 16:8e0d178b1d1e 15227 unsigned int derSz = 0;
wolfSSL 16:8e0d178b1d1e 15228 int sz;
wolfSSL 16:8e0d178b1d1e 15229
wolfSSL 16:8e0d178b1d1e 15230 if (wc_ecc_export_x963(ssl->peerEccKey, NULL, &derSz) !=
wolfSSL 16:8e0d178b1d1e 15231 LENGTH_ONLY_E) {
wolfSSL 16:8e0d178b1d1e 15232 WOLFSSL_MSG("get ecc der size failed");
wolfSSL 16:8e0d178b1d1e 15233 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 15234 }
wolfSSL 16:8e0d178b1d1e 15235
wolfSSL 16:8e0d178b1d1e 15236 derSz += MAX_SEQ_SZ + (2 * MAX_ALGO_SZ) + MAX_SEQ_SZ + TRAILING_ZERO;
wolfSSL 16:8e0d178b1d1e 15237 der = (unsigned char*)XMALLOC(derSz, ssl->heap, DYNAMIC_TYPE_KEY);
wolfSSL 16:8e0d178b1d1e 15238 if (der == NULL) {
wolfSSL 16:8e0d178b1d1e 15239 WOLFSSL_MSG("Memory error");
wolfSSL 16:8e0d178b1d1e 15240 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 15241 }
wolfSSL 16:8e0d178b1d1e 15242
wolfSSL 16:8e0d178b1d1e 15243 if ((sz = wc_EccPublicKeyToDer(ssl->peerEccKey, der, derSz, 1)) <= 0) {
wolfSSL 16:8e0d178b1d1e 15244 WOLFSSL_MSG("get ecc der failed");
wolfSSL 16:8e0d178b1d1e 15245 XFREE(der, ssl->heap, DYNAMIC_TYPE_KEY);
wolfSSL 16:8e0d178b1d1e 15246 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 15247 }
wolfSSL 16:8e0d178b1d1e 15248 pt = der; /* in case pointer gets advanced */
wolfSSL 16:8e0d178b1d1e 15249 ret = wolfSSL_d2i_PUBKEY(NULL, &pt, sz);
wolfSSL 16:8e0d178b1d1e 15250 XFREE(der, ssl->heap, DYNAMIC_TYPE_KEY);
wolfSSL 16:8e0d178b1d1e 15251 }
wolfSSL 16:8e0d178b1d1e 15252 #endif
wolfSSL 16:8e0d178b1d1e 15253
wolfSSL 16:8e0d178b1d1e 15254 *pkey = ret;
wolfSSL 16:8e0d178b1d1e 15255 if (ret == NULL)
wolfSSL 16:8e0d178b1d1e 15256 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 15257 else
wolfSSL 16:8e0d178b1d1e 15258 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 15259 }
wolfSSL 16:8e0d178b1d1e 15260
wolfSSL 16:8e0d178b1d1e 15261 #endif /* !NO_WOLFSSL_SERVER */
wolfSSL 16:8e0d178b1d1e 15262
wolfSSL 16:8e0d178b1d1e 15263 int wolfSSL_CTX_set_min_proto_version(WOLFSSL_CTX* ctx, int version)
wolfSSL 16:8e0d178b1d1e 15264 {
wolfSSL 16:8e0d178b1d1e 15265 WOLFSSL_ENTER("wolfSSL_CTX_set_min_proto_version");
wolfSSL 16:8e0d178b1d1e 15266
wolfSSL 16:8e0d178b1d1e 15267 if (ctx == NULL) {
wolfSSL 16:8e0d178b1d1e 15268 return BAD_FUNC_ARG;
wolfSSL 16:8e0d178b1d1e 15269 }
wolfSSL 16:8e0d178b1d1e 15270
wolfSSL 16:8e0d178b1d1e 15271 switch (version) {
wolfSSL 16:8e0d178b1d1e 15272 #if defined(WOLFSSL_ALLOW_SSLV3) && !defined(NO_OLD_TLS)
wolfSSL 16:8e0d178b1d1e 15273 case SSL3_VERSION:
wolfSSL 16:8e0d178b1d1e 15274 ctx->minDowngrade = SSLv3_MINOR;
wolfSSL 16:8e0d178b1d1e 15275 break;
wolfSSL 16:8e0d178b1d1e 15276 #endif
wolfSSL 16:8e0d178b1d1e 15277 #ifndef NO_TLS
wolfSSL 16:8e0d178b1d1e 15278 #ifndef NO_OLD_TLS
wolfSSL 16:8e0d178b1d1e 15279 #ifdef WOLFSSL_ALLOW_TLSV10
wolfSSL 16:8e0d178b1d1e 15280 case TLS1_VERSION:
wolfSSL 16:8e0d178b1d1e 15281 ctx->minDowngrade = TLSv1_MINOR;
wolfSSL 16:8e0d178b1d1e 15282 break;
wolfSSL 16:8e0d178b1d1e 15283 #endif
wolfSSL 16:8e0d178b1d1e 15284 case TLS1_1_VERSION:
wolfSSL 16:8e0d178b1d1e 15285 ctx->minDowngrade = TLSv1_1_MINOR;
wolfSSL 16:8e0d178b1d1e 15286 break;
wolfSSL 16:8e0d178b1d1e 15287 #endif
wolfSSL 16:8e0d178b1d1e 15288 #ifndef WOLFSSL_NO_TLS12
wolfSSL 16:8e0d178b1d1e 15289 case TLS1_2_VERSION:
wolfSSL 16:8e0d178b1d1e 15290 ctx->minDowngrade = TLSv1_2_MINOR;
wolfSSL 16:8e0d178b1d1e 15291 break;
wolfSSL 16:8e0d178b1d1e 15292 #endif
wolfSSL 16:8e0d178b1d1e 15293 #ifdef WOLFSSL_TLS13
wolfSSL 16:8e0d178b1d1e 15294 case TLS1_3_VERSION:
wolfSSL 16:8e0d178b1d1e 15295 ctx->minDowngrade = TLSv1_3_MINOR;
wolfSSL 16:8e0d178b1d1e 15296 break;
wolfSSL 16:8e0d178b1d1e 15297 #endif
wolfSSL 16:8e0d178b1d1e 15298 #endif
wolfSSL 16:8e0d178b1d1e 15299 #ifdef WOLFSSL_DTLS
wolfSSL 16:8e0d178b1d1e 15300 #ifndef NO_OLD_TLS
wolfSSL 16:8e0d178b1d1e 15301 case DTLS1_VERSION:
wolfSSL 16:8e0d178b1d1e 15302 ctx->minDowngrade = DTLS_MINOR;
wolfSSL 16:8e0d178b1d1e 15303 break;
wolfSSL 16:8e0d178b1d1e 15304 #endif
wolfSSL 16:8e0d178b1d1e 15305 case DTLS1_2_VERSION:
wolfSSL 16:8e0d178b1d1e 15306 ctx->minDowngrade = DTLSv1_2_MINOR;
wolfSSL 16:8e0d178b1d1e 15307 break;
wolfSSL 16:8e0d178b1d1e 15308 #endif
wolfSSL 16:8e0d178b1d1e 15309 default:
wolfSSL 16:8e0d178b1d1e 15310 return BAD_FUNC_ARG;
wolfSSL 16:8e0d178b1d1e 15311 }
wolfSSL 16:8e0d178b1d1e 15312
wolfSSL 16:8e0d178b1d1e 15313 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 15314 }
wolfSSL 16:8e0d178b1d1e 15315
wolfSSL 16:8e0d178b1d1e 15316 int wolfSSL_CTX_set_max_proto_version(WOLFSSL_CTX* ctx, int ver)
wolfSSL 16:8e0d178b1d1e 15317 {
wolfSSL 16:8e0d178b1d1e 15318 WOLFSSL_ENTER("wolfSSL_CTX_set_max_proto_version");
wolfSSL 16:8e0d178b1d1e 15319
wolfSSL 16:8e0d178b1d1e 15320 /* supported only at compile-time only */
wolfSSL 16:8e0d178b1d1e 15321 (void)ctx;
wolfSSL 16:8e0d178b1d1e 15322 (void)ver;
wolfSSL 16:8e0d178b1d1e 15323 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 15324 }
wolfSSL 15:117db924cf7c 15325
wolfSSL 15:117db924cf7c 15326
wolfSSL 15:117db924cf7c 15327 #if !defined(NO_WOLFSSL_CLIENT)
wolfSSL 15:117db924cf7c 15328 /* Return the amount of random bytes copied over or error case.
wolfSSL 15:117db924cf7c 15329 * ssl : ssl struct after handshake
wolfSSL 15:117db924cf7c 15330 * out : buffer to hold random bytes
wolfSSL 15:117db924cf7c 15331 * outSz : either 0 (return max buffer sz) or size of out buffer
wolfSSL 15:117db924cf7c 15332 *
wolfSSL 15:117db924cf7c 15333 * NOTE: wolfSSL_KeepArrays(ssl) must be called to retain handshake information.
wolfSSL 15:117db924cf7c 15334 */
wolfSSL 15:117db924cf7c 15335 size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out,
wolfSSL 15:117db924cf7c 15336 size_t outSz)
wolfSSL 15:117db924cf7c 15337 {
wolfSSL 15:117db924cf7c 15338 size_t size;
wolfSSL 15:117db924cf7c 15339
wolfSSL 15:117db924cf7c 15340 /* return max size of buffer */
wolfSSL 15:117db924cf7c 15341 if (outSz == 0) {
wolfSSL 15:117db924cf7c 15342 return RAN_LEN;
wolfSSL 15:117db924cf7c 15343 }
wolfSSL 15:117db924cf7c 15344
wolfSSL 15:117db924cf7c 15345 if (ssl == NULL || out == NULL) {
wolfSSL 15:117db924cf7c 15346 return 0;
wolfSSL 15:117db924cf7c 15347 }
wolfSSL 15:117db924cf7c 15348
wolfSSL 15:117db924cf7c 15349 if (ssl->options.saveArrays == 0 || ssl->arrays == NULL) {
wolfSSL 15:117db924cf7c 15350 WOLFSSL_MSG("Arrays struct not saved after handshake");
wolfSSL 15:117db924cf7c 15351 return 0;
wolfSSL 15:117db924cf7c 15352 }
wolfSSL 15:117db924cf7c 15353
wolfSSL 15:117db924cf7c 15354 if (outSz > RAN_LEN) {
wolfSSL 15:117db924cf7c 15355 size = RAN_LEN;
wolfSSL 15:117db924cf7c 15356 }
wolfSSL 15:117db924cf7c 15357 else {
wolfSSL 15:117db924cf7c 15358 size = outSz;
wolfSSL 15:117db924cf7c 15359 }
wolfSSL 15:117db924cf7c 15360
wolfSSL 15:117db924cf7c 15361 XMEMCPY(out, ssl->arrays->clientRandom, size);
wolfSSL 15:117db924cf7c 15362 return size;
wolfSSL 15:117db924cf7c 15363 }
wolfSSL 15:117db924cf7c 15364 #endif /* !NO_WOLFSSL_CLIENT */
wolfSSL 15:117db924cf7c 15365
wolfSSL 15:117db924cf7c 15366
wolfSSL 15:117db924cf7c 15367 unsigned long wolfSSLeay(void)
wolfSSL 15:117db924cf7c 15368 {
wolfSSL 15:117db924cf7c 15369 return SSLEAY_VERSION_NUMBER;
wolfSSL 15:117db924cf7c 15370 }
wolfSSL 15:117db924cf7c 15371
wolfSSL 16:8e0d178b1d1e 15372 unsigned long wolfSSL_OpenSSL_version_num(void)
wolfSSL 16:8e0d178b1d1e 15373 {
wolfSSL 16:8e0d178b1d1e 15374 return OPENSSL_VERSION_NUMBER;
wolfSSL 16:8e0d178b1d1e 15375 }
wolfSSL 15:117db924cf7c 15376
wolfSSL 15:117db924cf7c 15377 const char* wolfSSLeay_version(int type)
wolfSSL 15:117db924cf7c 15378 {
wolfSSL 15:117db924cf7c 15379 static const char* version = "SSLeay wolfSSL compatibility";
wolfSSL 15:117db924cf7c 15380 (void)type;
wolfSSL 15:117db924cf7c 15381 return version;
wolfSSL 15:117db924cf7c 15382 }
wolfSSL 15:117db924cf7c 15383
wolfSSL 15:117db924cf7c 15384
wolfSSL 15:117db924cf7c 15385 #ifndef NO_MD5
wolfSSL 15:117db924cf7c 15386 int wolfSSL_MD5_Init(WOLFSSL_MD5_CTX* md5)
wolfSSL 15:117db924cf7c 15387 {
wolfSSL 15:117db924cf7c 15388 int ret;
wolfSSL 15:117db924cf7c 15389 typedef char md5_test[sizeof(MD5_CTX) >= sizeof(wc_Md5) ? 1 : -1];
wolfSSL 15:117db924cf7c 15390 (void)sizeof(md5_test);
wolfSSL 15:117db924cf7c 15391
wolfSSL 15:117db924cf7c 15392 WOLFSSL_ENTER("MD5_Init");
wolfSSL 15:117db924cf7c 15393 ret = wc_InitMd5((wc_Md5*)md5);
wolfSSL 15:117db924cf7c 15394
wolfSSL 15:117db924cf7c 15395 /* return 1 on success, 0 otherwise */
wolfSSL 15:117db924cf7c 15396 if (ret == 0)
wolfSSL 15:117db924cf7c 15397 return 1;
wolfSSL 15:117db924cf7c 15398
wolfSSL 15:117db924cf7c 15399 return 0;
wolfSSL 15:117db924cf7c 15400 }
wolfSSL 15:117db924cf7c 15401
wolfSSL 15:117db924cf7c 15402
wolfSSL 15:117db924cf7c 15403 int wolfSSL_MD5_Update(WOLFSSL_MD5_CTX* md5, const void* input,
wolfSSL 15:117db924cf7c 15404 unsigned long sz)
wolfSSL 15:117db924cf7c 15405 {
wolfSSL 15:117db924cf7c 15406 int ret;
wolfSSL 15:117db924cf7c 15407
wolfSSL 15:117db924cf7c 15408 WOLFSSL_ENTER("wolfSSL_MD5_Update");
wolfSSL 15:117db924cf7c 15409 ret = wc_Md5Update((wc_Md5*)md5, (const byte*)input, (word32)sz);
wolfSSL 15:117db924cf7c 15410
wolfSSL 15:117db924cf7c 15411 /* return 1 on success, 0 otherwise */
wolfSSL 15:117db924cf7c 15412 if (ret == 0)
wolfSSL 15:117db924cf7c 15413 return 1;
wolfSSL 15:117db924cf7c 15414
wolfSSL 15:117db924cf7c 15415 return 0;
wolfSSL 15:117db924cf7c 15416 }
wolfSSL 15:117db924cf7c 15417
wolfSSL 15:117db924cf7c 15418
wolfSSL 15:117db924cf7c 15419 int wolfSSL_MD5_Final(byte* input, WOLFSSL_MD5_CTX* md5)
wolfSSL 15:117db924cf7c 15420 {
wolfSSL 15:117db924cf7c 15421 int ret;
wolfSSL 15:117db924cf7c 15422
wolfSSL 15:117db924cf7c 15423 WOLFSSL_ENTER("MD5_Final");
wolfSSL 15:117db924cf7c 15424 ret = wc_Md5Final((wc_Md5*)md5, input);
wolfSSL 15:117db924cf7c 15425
wolfSSL 15:117db924cf7c 15426 /* return 1 on success, 0 otherwise */
wolfSSL 15:117db924cf7c 15427 if (ret == 0)
wolfSSL 15:117db924cf7c 15428 return 1;
wolfSSL 15:117db924cf7c 15429
wolfSSL 15:117db924cf7c 15430 return 0;
wolfSSL 15:117db924cf7c 15431 }
wolfSSL 15:117db924cf7c 15432 #endif /* !NO_MD5 */
wolfSSL 15:117db924cf7c 15433
wolfSSL 15:117db924cf7c 15434
wolfSSL 15:117db924cf7c 15435 #ifndef NO_SHA
wolfSSL 15:117db924cf7c 15436 int wolfSSL_SHA_Init(WOLFSSL_SHA_CTX* sha)
wolfSSL 15:117db924cf7c 15437 {
wolfSSL 15:117db924cf7c 15438 int ret;
wolfSSL 15:117db924cf7c 15439
wolfSSL 15:117db924cf7c 15440 typedef char sha_test[sizeof(SHA_CTX) >= sizeof(wc_Sha) ? 1 : -1];
wolfSSL 15:117db924cf7c 15441 (void)sizeof(sha_test);
wolfSSL 15:117db924cf7c 15442
wolfSSL 15:117db924cf7c 15443 WOLFSSL_ENTER("SHA_Init");
wolfSSL 15:117db924cf7c 15444 ret = wc_InitSha((wc_Sha*)sha);
wolfSSL 15:117db924cf7c 15445
wolfSSL 15:117db924cf7c 15446 /* return 1 on success, 0 otherwise */
wolfSSL 15:117db924cf7c 15447 if (ret == 0)
wolfSSL 15:117db924cf7c 15448 return 1;
wolfSSL 15:117db924cf7c 15449
wolfSSL 15:117db924cf7c 15450 return 0;
wolfSSL 15:117db924cf7c 15451 }
wolfSSL 15:117db924cf7c 15452
wolfSSL 15:117db924cf7c 15453
wolfSSL 15:117db924cf7c 15454 int wolfSSL_SHA_Update(WOLFSSL_SHA_CTX* sha, const void* input,
wolfSSL 15:117db924cf7c 15455 unsigned long sz)
wolfSSL 15:117db924cf7c 15456 {
wolfSSL 15:117db924cf7c 15457 int ret;
wolfSSL 15:117db924cf7c 15458
wolfSSL 15:117db924cf7c 15459 WOLFSSL_ENTER("SHA_Update");
wolfSSL 15:117db924cf7c 15460 ret = wc_ShaUpdate((wc_Sha*)sha, (const byte*)input, (word32)sz);
wolfSSL 15:117db924cf7c 15461
wolfSSL 15:117db924cf7c 15462 /* return 1 on success, 0 otherwise */
wolfSSL 15:117db924cf7c 15463 if (ret == 0)
wolfSSL 15:117db924cf7c 15464 return 1;
wolfSSL 15:117db924cf7c 15465
wolfSSL 15:117db924cf7c 15466 return 0;
wolfSSL 15:117db924cf7c 15467 }
wolfSSL 15:117db924cf7c 15468
wolfSSL 15:117db924cf7c 15469
wolfSSL 15:117db924cf7c 15470 int wolfSSL_SHA_Final(byte* input, WOLFSSL_SHA_CTX* sha)
wolfSSL 15:117db924cf7c 15471 {
wolfSSL 15:117db924cf7c 15472 int ret;
wolfSSL 15:117db924cf7c 15473
wolfSSL 15:117db924cf7c 15474 WOLFSSL_ENTER("SHA_Final");
wolfSSL 15:117db924cf7c 15475 ret = wc_ShaFinal((wc_Sha*)sha, input);
wolfSSL 15:117db924cf7c 15476
wolfSSL 15:117db924cf7c 15477 /* return 1 on success, 0 otherwise */
wolfSSL 15:117db924cf7c 15478 if (ret == 0)
wolfSSL 15:117db924cf7c 15479 return 1;
wolfSSL 15:117db924cf7c 15480
wolfSSL 15:117db924cf7c 15481 return 0;
wolfSSL 15:117db924cf7c 15482 }
wolfSSL 15:117db924cf7c 15483
wolfSSL 15:117db924cf7c 15484
wolfSSL 15:117db924cf7c 15485 int wolfSSL_SHA1_Init(WOLFSSL_SHA_CTX* sha)
wolfSSL 15:117db924cf7c 15486 {
wolfSSL 15:117db924cf7c 15487 WOLFSSL_ENTER("SHA1_Init");
wolfSSL 15:117db924cf7c 15488 return SHA_Init(sha);
wolfSSL 15:117db924cf7c 15489 }
wolfSSL 15:117db924cf7c 15490
wolfSSL 15:117db924cf7c 15491
wolfSSL 15:117db924cf7c 15492 int wolfSSL_SHA1_Update(WOLFSSL_SHA_CTX* sha, const void* input,
wolfSSL 15:117db924cf7c 15493 unsigned long sz)
wolfSSL 15:117db924cf7c 15494 {
wolfSSL 15:117db924cf7c 15495 WOLFSSL_ENTER("SHA1_Update");
wolfSSL 15:117db924cf7c 15496 return SHA_Update(sha, input, sz);
wolfSSL 15:117db924cf7c 15497 }
wolfSSL 15:117db924cf7c 15498
wolfSSL 15:117db924cf7c 15499
wolfSSL 15:117db924cf7c 15500 int wolfSSL_SHA1_Final(byte* input, WOLFSSL_SHA_CTX* sha)
wolfSSL 15:117db924cf7c 15501 {
wolfSSL 15:117db924cf7c 15502 WOLFSSL_ENTER("SHA1_Final");
wolfSSL 15:117db924cf7c 15503 return SHA_Final(input, sha);
wolfSSL 15:117db924cf7c 15504 }
wolfSSL 15:117db924cf7c 15505 #endif /* !NO_SHA */
wolfSSL 15:117db924cf7c 15506
wolfSSL 15:117db924cf7c 15507 #ifdef WOLFSSL_SHA224
wolfSSL 15:117db924cf7c 15508
wolfSSL 15:117db924cf7c 15509 int wolfSSL_SHA224_Init(WOLFSSL_SHA224_CTX* sha)
wolfSSL 15:117db924cf7c 15510 {
wolfSSL 15:117db924cf7c 15511 int ret;
wolfSSL 15:117db924cf7c 15512
wolfSSL 15:117db924cf7c 15513 typedef char sha_test[sizeof(SHA224_CTX) >= sizeof(wc_Sha224) ? 1 : -1];
wolfSSL 15:117db924cf7c 15514 (void)sizeof(sha_test);
wolfSSL 15:117db924cf7c 15515
wolfSSL 15:117db924cf7c 15516 WOLFSSL_ENTER("SHA224_Init");
wolfSSL 15:117db924cf7c 15517 ret = wc_InitSha224((wc_Sha224*)sha);
wolfSSL 15:117db924cf7c 15518
wolfSSL 15:117db924cf7c 15519 /* return 1 on success, 0 otherwise */
wolfSSL 15:117db924cf7c 15520 if (ret == 0)
wolfSSL 15:117db924cf7c 15521 return 1;
wolfSSL 15:117db924cf7c 15522
wolfSSL 15:117db924cf7c 15523 return 0;
wolfSSL 15:117db924cf7c 15524 }
wolfSSL 15:117db924cf7c 15525
wolfSSL 15:117db924cf7c 15526
wolfSSL 15:117db924cf7c 15527 int wolfSSL_SHA224_Update(WOLFSSL_SHA224_CTX* sha, const void* input,
wolfSSL 15:117db924cf7c 15528 unsigned long sz)
wolfSSL 15:117db924cf7c 15529 {
wolfSSL 15:117db924cf7c 15530 int ret;
wolfSSL 15:117db924cf7c 15531
wolfSSL 15:117db924cf7c 15532 WOLFSSL_ENTER("SHA224_Update");
wolfSSL 15:117db924cf7c 15533 ret = wc_Sha224Update((wc_Sha224*)sha, (const byte*)input, (word32)sz);
wolfSSL 15:117db924cf7c 15534
wolfSSL 15:117db924cf7c 15535 /* return 1 on success, 0 otherwise */
wolfSSL 15:117db924cf7c 15536 if (ret == 0)
wolfSSL 15:117db924cf7c 15537 return 1;
wolfSSL 15:117db924cf7c 15538
wolfSSL 15:117db924cf7c 15539 return 0;
wolfSSL 15:117db924cf7c 15540 }
wolfSSL 15:117db924cf7c 15541
wolfSSL 15:117db924cf7c 15542
wolfSSL 15:117db924cf7c 15543 int wolfSSL_SHA224_Final(byte* input, WOLFSSL_SHA224_CTX* sha)
wolfSSL 15:117db924cf7c 15544 {
wolfSSL 15:117db924cf7c 15545 int ret;
wolfSSL 15:117db924cf7c 15546
wolfSSL 15:117db924cf7c 15547 WOLFSSL_ENTER("SHA224_Final");
wolfSSL 15:117db924cf7c 15548 ret = wc_Sha224Final((wc_Sha224*)sha, input);
wolfSSL 15:117db924cf7c 15549
wolfSSL 15:117db924cf7c 15550 /* return 1 on success, 0 otherwise */
wolfSSL 15:117db924cf7c 15551 if (ret == 0)
wolfSSL 15:117db924cf7c 15552 return 1;
wolfSSL 15:117db924cf7c 15553
wolfSSL 15:117db924cf7c 15554 return 0;
wolfSSL 15:117db924cf7c 15555 }
wolfSSL 15:117db924cf7c 15556
wolfSSL 15:117db924cf7c 15557 #endif /* WOLFSSL_SHA224 */
wolfSSL 15:117db924cf7c 15558
wolfSSL 15:117db924cf7c 15559
wolfSSL 15:117db924cf7c 15560 int wolfSSL_SHA256_Init(WOLFSSL_SHA256_CTX* sha256)
wolfSSL 15:117db924cf7c 15561 {
wolfSSL 15:117db924cf7c 15562 int ret;
wolfSSL 15:117db924cf7c 15563
wolfSSL 15:117db924cf7c 15564 typedef char sha_test[sizeof(SHA256_CTX) >= sizeof(wc_Sha256) ? 1 : -1];
wolfSSL 15:117db924cf7c 15565 (void)sizeof(sha_test);
wolfSSL 15:117db924cf7c 15566
wolfSSL 15:117db924cf7c 15567 WOLFSSL_ENTER("SHA256_Init");
wolfSSL 15:117db924cf7c 15568 ret = wc_InitSha256((wc_Sha256*)sha256);
wolfSSL 15:117db924cf7c 15569
wolfSSL 15:117db924cf7c 15570 /* return 1 on success, 0 otherwise */
wolfSSL 15:117db924cf7c 15571 if (ret == 0)
wolfSSL 15:117db924cf7c 15572 return 1;
wolfSSL 15:117db924cf7c 15573
wolfSSL 15:117db924cf7c 15574 return 0;
wolfSSL 15:117db924cf7c 15575 }
wolfSSL 15:117db924cf7c 15576
wolfSSL 15:117db924cf7c 15577
wolfSSL 15:117db924cf7c 15578 int wolfSSL_SHA256_Update(WOLFSSL_SHA256_CTX* sha, const void* input,
wolfSSL 15:117db924cf7c 15579 unsigned long sz)
wolfSSL 15:117db924cf7c 15580 {
wolfSSL 15:117db924cf7c 15581 int ret;
wolfSSL 15:117db924cf7c 15582
wolfSSL 15:117db924cf7c 15583 WOLFSSL_ENTER("SHA256_Update");
wolfSSL 15:117db924cf7c 15584 ret = wc_Sha256Update((wc_Sha256*)sha, (const byte*)input, (word32)sz);
wolfSSL 15:117db924cf7c 15585
wolfSSL 15:117db924cf7c 15586 /* return 1 on success, 0 otherwise */
wolfSSL 15:117db924cf7c 15587 if (ret == 0)
wolfSSL 15:117db924cf7c 15588 return 1;
wolfSSL 15:117db924cf7c 15589
wolfSSL 15:117db924cf7c 15590 return 0;
wolfSSL 15:117db924cf7c 15591 }
wolfSSL 15:117db924cf7c 15592
wolfSSL 15:117db924cf7c 15593
wolfSSL 15:117db924cf7c 15594 int wolfSSL_SHA256_Final(byte* input, WOLFSSL_SHA256_CTX* sha)
wolfSSL 15:117db924cf7c 15595 {
wolfSSL 15:117db924cf7c 15596 int ret;
wolfSSL 15:117db924cf7c 15597
wolfSSL 15:117db924cf7c 15598 WOLFSSL_ENTER("SHA256_Final");
wolfSSL 15:117db924cf7c 15599 ret = wc_Sha256Final((wc_Sha256*)sha, input);
wolfSSL 15:117db924cf7c 15600
wolfSSL 15:117db924cf7c 15601 /* return 1 on success, 0 otherwise */
wolfSSL 15:117db924cf7c 15602 if (ret == 0)
wolfSSL 15:117db924cf7c 15603 return 1;
wolfSSL 15:117db924cf7c 15604
wolfSSL 15:117db924cf7c 15605 return 0;
wolfSSL 15:117db924cf7c 15606 }
wolfSSL 15:117db924cf7c 15607
wolfSSL 15:117db924cf7c 15608
wolfSSL 15:117db924cf7c 15609 #ifdef WOLFSSL_SHA384
wolfSSL 15:117db924cf7c 15610
wolfSSL 15:117db924cf7c 15611 int wolfSSL_SHA384_Init(WOLFSSL_SHA384_CTX* sha)
wolfSSL 15:117db924cf7c 15612 {
wolfSSL 15:117db924cf7c 15613 int ret;
wolfSSL 15:117db924cf7c 15614
wolfSSL 15:117db924cf7c 15615 typedef char sha_test[sizeof(SHA384_CTX) >= sizeof(wc_Sha384) ? 1 : -1];
wolfSSL 15:117db924cf7c 15616 (void)sizeof(sha_test);
wolfSSL 15:117db924cf7c 15617
wolfSSL 15:117db924cf7c 15618 WOLFSSL_ENTER("SHA384_Init");
wolfSSL 15:117db924cf7c 15619 ret = wc_InitSha384((wc_Sha384*)sha);
wolfSSL 15:117db924cf7c 15620
wolfSSL 15:117db924cf7c 15621 /* return 1 on success, 0 otherwise */
wolfSSL 15:117db924cf7c 15622 if (ret == 0)
wolfSSL 15:117db924cf7c 15623 return 1;
wolfSSL 15:117db924cf7c 15624
wolfSSL 15:117db924cf7c 15625 return 0;
wolfSSL 15:117db924cf7c 15626 }
wolfSSL 15:117db924cf7c 15627
wolfSSL 15:117db924cf7c 15628
wolfSSL 15:117db924cf7c 15629 int wolfSSL_SHA384_Update(WOLFSSL_SHA384_CTX* sha, const void* input,
wolfSSL 15:117db924cf7c 15630 unsigned long sz)
wolfSSL 15:117db924cf7c 15631 {
wolfSSL 15:117db924cf7c 15632 int ret;
wolfSSL 15:117db924cf7c 15633
wolfSSL 15:117db924cf7c 15634 WOLFSSL_ENTER("SHA384_Update");
wolfSSL 15:117db924cf7c 15635 ret = wc_Sha384Update((wc_Sha384*)sha, (const byte*)input, (word32)sz);
wolfSSL 15:117db924cf7c 15636
wolfSSL 15:117db924cf7c 15637 /* return 1 on success, 0 otherwise */
wolfSSL 15:117db924cf7c 15638 if (ret == 0)
wolfSSL 15:117db924cf7c 15639 return 1;
wolfSSL 15:117db924cf7c 15640
wolfSSL 15:117db924cf7c 15641 return 0;
wolfSSL 15:117db924cf7c 15642 }
wolfSSL 15:117db924cf7c 15643
wolfSSL 15:117db924cf7c 15644
wolfSSL 15:117db924cf7c 15645 int wolfSSL_SHA384_Final(byte* input, WOLFSSL_SHA384_CTX* sha)
wolfSSL 15:117db924cf7c 15646 {
wolfSSL 15:117db924cf7c 15647 int ret;
wolfSSL 15:117db924cf7c 15648
wolfSSL 15:117db924cf7c 15649 WOLFSSL_ENTER("SHA384_Final");
wolfSSL 15:117db924cf7c 15650 ret = wc_Sha384Final((wc_Sha384*)sha, input);
wolfSSL 15:117db924cf7c 15651
wolfSSL 15:117db924cf7c 15652 /* return 1 on success, 0 otherwise */
wolfSSL 15:117db924cf7c 15653 if (ret == 0)
wolfSSL 15:117db924cf7c 15654 return 1;
wolfSSL 15:117db924cf7c 15655
wolfSSL 15:117db924cf7c 15656 return 0;
wolfSSL 15:117db924cf7c 15657 }
wolfSSL 15:117db924cf7c 15658
wolfSSL 15:117db924cf7c 15659 #endif /* WOLFSSL_SHA384 */
wolfSSL 15:117db924cf7c 15660
wolfSSL 15:117db924cf7c 15661
wolfSSL 15:117db924cf7c 15662 #ifdef WOLFSSL_SHA512
wolfSSL 15:117db924cf7c 15663
wolfSSL 15:117db924cf7c 15664 int wolfSSL_SHA512_Init(WOLFSSL_SHA512_CTX* sha)
wolfSSL 15:117db924cf7c 15665 {
wolfSSL 15:117db924cf7c 15666 int ret;
wolfSSL 15:117db924cf7c 15667
wolfSSL 15:117db924cf7c 15668 typedef char sha_test[sizeof(SHA512_CTX) >= sizeof(wc_Sha512) ? 1 : -1];
wolfSSL 15:117db924cf7c 15669 (void)sizeof(sha_test);
wolfSSL 15:117db924cf7c 15670
wolfSSL 15:117db924cf7c 15671 WOLFSSL_ENTER("SHA512_Init");
wolfSSL 15:117db924cf7c 15672 ret = wc_InitSha512((wc_Sha512*)sha);
wolfSSL 15:117db924cf7c 15673
wolfSSL 15:117db924cf7c 15674 /* return 1 on success, 0 otherwise */
wolfSSL 15:117db924cf7c 15675 if (ret == 0)
wolfSSL 15:117db924cf7c 15676 return 1;
wolfSSL 15:117db924cf7c 15677
wolfSSL 15:117db924cf7c 15678 return 0;
wolfSSL 15:117db924cf7c 15679 }
wolfSSL 15:117db924cf7c 15680
wolfSSL 15:117db924cf7c 15681
wolfSSL 15:117db924cf7c 15682 int wolfSSL_SHA512_Update(WOLFSSL_SHA512_CTX* sha, const void* input,
wolfSSL 15:117db924cf7c 15683 unsigned long sz)
wolfSSL 15:117db924cf7c 15684 {
wolfSSL 15:117db924cf7c 15685 int ret;
wolfSSL 15:117db924cf7c 15686
wolfSSL 15:117db924cf7c 15687 WOLFSSL_ENTER("SHA512_Update");
wolfSSL 15:117db924cf7c 15688 ret = wc_Sha512Update((wc_Sha512*)sha, (const byte*)input, (word32)sz);
wolfSSL 15:117db924cf7c 15689
wolfSSL 15:117db924cf7c 15690 /* return 1 on success, 0 otherwise */
wolfSSL 15:117db924cf7c 15691 if (ret == 0)
wolfSSL 15:117db924cf7c 15692 return 1;
wolfSSL 15:117db924cf7c 15693
wolfSSL 15:117db924cf7c 15694 return 0;
wolfSSL 15:117db924cf7c 15695 }
wolfSSL 15:117db924cf7c 15696
wolfSSL 15:117db924cf7c 15697
wolfSSL 15:117db924cf7c 15698 int wolfSSL_SHA512_Final(byte* input, WOLFSSL_SHA512_CTX* sha)
wolfSSL 15:117db924cf7c 15699 {
wolfSSL 15:117db924cf7c 15700 int ret;
wolfSSL 15:117db924cf7c 15701
wolfSSL 15:117db924cf7c 15702 WOLFSSL_ENTER("SHA512_Final");
wolfSSL 15:117db924cf7c 15703 ret = wc_Sha512Final((wc_Sha512*)sha, input);
wolfSSL 15:117db924cf7c 15704
wolfSSL 15:117db924cf7c 15705 /* return 1 on success, 0 otherwise */
wolfSSL 15:117db924cf7c 15706 if (ret == 0)
wolfSSL 15:117db924cf7c 15707 return 1;
wolfSSL 15:117db924cf7c 15708
wolfSSL 15:117db924cf7c 15709 return 0;
wolfSSL 15:117db924cf7c 15710 }
wolfSSL 15:117db924cf7c 15711
wolfSSL 15:117db924cf7c 15712 #endif /* WOLFSSL_SHA512 */
wolfSSL 15:117db924cf7c 15713
wolfSSL 16:8e0d178b1d1e 15714 #ifdef WOLFSSL_SHA3
wolfSSL 16:8e0d178b1d1e 15715 #ifndef WOLFSSL_NOSHA3_224
wolfSSL 16:8e0d178b1d1e 15716
wolfSSL 16:8e0d178b1d1e 15717 int wolfSSL_SHA3_224_Init(WOLFSSL_SHA3_224_CTX* sha)
wolfSSL 16:8e0d178b1d1e 15718 {
wolfSSL 16:8e0d178b1d1e 15719 int ret;
wolfSSL 16:8e0d178b1d1e 15720
wolfSSL 16:8e0d178b1d1e 15721 typedef char sha_test[sizeof(SHA3_224_CTX) >= sizeof(wc_Sha3) ? 1 : -1];
wolfSSL 16:8e0d178b1d1e 15722 (void)sizeof(sha_test);
wolfSSL 16:8e0d178b1d1e 15723
wolfSSL 16:8e0d178b1d1e 15724 WOLFSSL_ENTER("SHA3_224_Init");
wolfSSL 16:8e0d178b1d1e 15725 ret = wc_InitSha3_224((wc_Sha3*)sha, NULL, 0);
wolfSSL 16:8e0d178b1d1e 15726
wolfSSL 16:8e0d178b1d1e 15727 /* return 1 on success, 0 otherwise */
wolfSSL 16:8e0d178b1d1e 15728 if (ret == 0)
wolfSSL 16:8e0d178b1d1e 15729 return 1;
wolfSSL 16:8e0d178b1d1e 15730
wolfSSL 16:8e0d178b1d1e 15731 return 0;
wolfSSL 16:8e0d178b1d1e 15732 }
wolfSSL 16:8e0d178b1d1e 15733
wolfSSL 16:8e0d178b1d1e 15734
wolfSSL 16:8e0d178b1d1e 15735 int wolfSSL_SHA3_224_Update(WOLFSSL_SHA3_224_CTX* sha, const void* input,
wolfSSL 16:8e0d178b1d1e 15736 unsigned long sz)
wolfSSL 16:8e0d178b1d1e 15737 {
wolfSSL 16:8e0d178b1d1e 15738 int ret;
wolfSSL 16:8e0d178b1d1e 15739
wolfSSL 16:8e0d178b1d1e 15740 WOLFSSL_ENTER("SHA3_224_Update");
wolfSSL 16:8e0d178b1d1e 15741 ret = wc_Sha3_224_Update((wc_Sha3*)sha, (const byte*)input, (word32)sz);
wolfSSL 16:8e0d178b1d1e 15742
wolfSSL 16:8e0d178b1d1e 15743 /* return 1 on success, 0 otherwise */
wolfSSL 16:8e0d178b1d1e 15744 if (ret == 0)
wolfSSL 16:8e0d178b1d1e 15745 return 1;
wolfSSL 16:8e0d178b1d1e 15746
wolfSSL 16:8e0d178b1d1e 15747 return 0;
wolfSSL 16:8e0d178b1d1e 15748 }
wolfSSL 16:8e0d178b1d1e 15749
wolfSSL 16:8e0d178b1d1e 15750
wolfSSL 16:8e0d178b1d1e 15751 int wolfSSL_SHA3_224_Final(byte* input, WOLFSSL_SHA3_224_CTX* sha)
wolfSSL 16:8e0d178b1d1e 15752 {
wolfSSL 16:8e0d178b1d1e 15753 int ret;
wolfSSL 16:8e0d178b1d1e 15754
wolfSSL 16:8e0d178b1d1e 15755 WOLFSSL_ENTER("SHA3_224_Final");
wolfSSL 16:8e0d178b1d1e 15756 ret = wc_Sha3_224_Final((wc_Sha3*)sha, input);
wolfSSL 16:8e0d178b1d1e 15757
wolfSSL 16:8e0d178b1d1e 15758 /* return 1 on success, 0 otherwise */
wolfSSL 16:8e0d178b1d1e 15759 if (ret == 0)
wolfSSL 16:8e0d178b1d1e 15760 return 1;
wolfSSL 16:8e0d178b1d1e 15761
wolfSSL 16:8e0d178b1d1e 15762 return 0;
wolfSSL 16:8e0d178b1d1e 15763 }
wolfSSL 16:8e0d178b1d1e 15764
wolfSSL 16:8e0d178b1d1e 15765 #endif /* WOLFSSL_NOSHA3_224 */
wolfSSL 16:8e0d178b1d1e 15766
wolfSSL 16:8e0d178b1d1e 15767
wolfSSL 16:8e0d178b1d1e 15768 #ifndef WOLFSSL_NOSHA3_256
wolfSSL 16:8e0d178b1d1e 15769 int wolfSSL_SHA3_256_Init(WOLFSSL_SHA3_256_CTX* sha3_256)
wolfSSL 16:8e0d178b1d1e 15770 {
wolfSSL 16:8e0d178b1d1e 15771 int ret;
wolfSSL 16:8e0d178b1d1e 15772
wolfSSL 16:8e0d178b1d1e 15773 typedef char sha_test[sizeof(SHA3_256_CTX) >= sizeof(wc_Sha3) ? 1 : -1];
wolfSSL 16:8e0d178b1d1e 15774 (void)sizeof(sha_test);
wolfSSL 16:8e0d178b1d1e 15775
wolfSSL 16:8e0d178b1d1e 15776 WOLFSSL_ENTER("SHA3_256_Init");
wolfSSL 16:8e0d178b1d1e 15777 ret = wc_InitSha3_256((wc_Sha3*)sha3_256, NULL, 0);
wolfSSL 16:8e0d178b1d1e 15778
wolfSSL 16:8e0d178b1d1e 15779 /* return 1 on success, 0 otherwise */
wolfSSL 16:8e0d178b1d1e 15780 if (ret == 0)
wolfSSL 16:8e0d178b1d1e 15781 return 1;
wolfSSL 16:8e0d178b1d1e 15782
wolfSSL 16:8e0d178b1d1e 15783 return 0;
wolfSSL 16:8e0d178b1d1e 15784 }
wolfSSL 16:8e0d178b1d1e 15785
wolfSSL 16:8e0d178b1d1e 15786
wolfSSL 16:8e0d178b1d1e 15787 int wolfSSL_SHA3_256_Update(WOLFSSL_SHA3_256_CTX* sha, const void* input,
wolfSSL 16:8e0d178b1d1e 15788 unsigned long sz)
wolfSSL 16:8e0d178b1d1e 15789 {
wolfSSL 16:8e0d178b1d1e 15790 int ret;
wolfSSL 16:8e0d178b1d1e 15791
wolfSSL 16:8e0d178b1d1e 15792 WOLFSSL_ENTER("SHA3_256_Update");
wolfSSL 16:8e0d178b1d1e 15793 ret = wc_Sha3_256_Update((wc_Sha3*)sha, (const byte*)input, (word32)sz);
wolfSSL 16:8e0d178b1d1e 15794
wolfSSL 16:8e0d178b1d1e 15795 /* return 1 on success, 0 otherwise */
wolfSSL 16:8e0d178b1d1e 15796 if (ret == 0)
wolfSSL 16:8e0d178b1d1e 15797 return 1;
wolfSSL 16:8e0d178b1d1e 15798
wolfSSL 16:8e0d178b1d1e 15799 return 0;
wolfSSL 16:8e0d178b1d1e 15800 }
wolfSSL 16:8e0d178b1d1e 15801
wolfSSL 16:8e0d178b1d1e 15802
wolfSSL 16:8e0d178b1d1e 15803 int wolfSSL_SHA3_256_Final(byte* input, WOLFSSL_SHA3_256_CTX* sha)
wolfSSL 16:8e0d178b1d1e 15804 {
wolfSSL 16:8e0d178b1d1e 15805 int ret;
wolfSSL 16:8e0d178b1d1e 15806
wolfSSL 16:8e0d178b1d1e 15807 WOLFSSL_ENTER("SHA3_256_Final");
wolfSSL 16:8e0d178b1d1e 15808 ret = wc_Sha3_256_Final((wc_Sha3*)sha, input);
wolfSSL 16:8e0d178b1d1e 15809
wolfSSL 16:8e0d178b1d1e 15810 /* return 1 on success, 0 otherwise */
wolfSSL 16:8e0d178b1d1e 15811 if (ret == 0)
wolfSSL 16:8e0d178b1d1e 15812 return 1;
wolfSSL 16:8e0d178b1d1e 15813
wolfSSL 16:8e0d178b1d1e 15814 return 0;
wolfSSL 16:8e0d178b1d1e 15815 }
wolfSSL 16:8e0d178b1d1e 15816 #endif /* WOLFSSL_NOSHA3_256 */
wolfSSL 16:8e0d178b1d1e 15817
wolfSSL 16:8e0d178b1d1e 15818
wolfSSL 16:8e0d178b1d1e 15819 int wolfSSL_SHA3_384_Init(WOLFSSL_SHA3_384_CTX* sha)
wolfSSL 16:8e0d178b1d1e 15820 {
wolfSSL 16:8e0d178b1d1e 15821 int ret;
wolfSSL 16:8e0d178b1d1e 15822
wolfSSL 16:8e0d178b1d1e 15823 typedef char sha_test[sizeof(SHA3_384_CTX) >= sizeof(wc_Sha3) ? 1 : -1];
wolfSSL 16:8e0d178b1d1e 15824 (void)sizeof(sha_test);
wolfSSL 16:8e0d178b1d1e 15825
wolfSSL 16:8e0d178b1d1e 15826 WOLFSSL_ENTER("SHA3_384_Init");
wolfSSL 16:8e0d178b1d1e 15827 ret = wc_InitSha3_384((wc_Sha3*)sha, NULL, 0);
wolfSSL 16:8e0d178b1d1e 15828
wolfSSL 16:8e0d178b1d1e 15829 /* return 1 on success, 0 otherwise */
wolfSSL 16:8e0d178b1d1e 15830 if (ret == 0)
wolfSSL 16:8e0d178b1d1e 15831 return 1;
wolfSSL 16:8e0d178b1d1e 15832
wolfSSL 16:8e0d178b1d1e 15833 return 0;
wolfSSL 16:8e0d178b1d1e 15834 }
wolfSSL 16:8e0d178b1d1e 15835
wolfSSL 16:8e0d178b1d1e 15836
wolfSSL 16:8e0d178b1d1e 15837 int wolfSSL_SHA3_384_Update(WOLFSSL_SHA3_384_CTX* sha, const void* input,
wolfSSL 16:8e0d178b1d1e 15838 unsigned long sz)
wolfSSL 16:8e0d178b1d1e 15839 {
wolfSSL 16:8e0d178b1d1e 15840 int ret;
wolfSSL 16:8e0d178b1d1e 15841
wolfSSL 16:8e0d178b1d1e 15842 WOLFSSL_ENTER("SHA3_384_Update");
wolfSSL 16:8e0d178b1d1e 15843 ret = wc_Sha3_384_Update((wc_Sha3*)sha, (const byte*)input, (word32)sz);
wolfSSL 16:8e0d178b1d1e 15844
wolfSSL 16:8e0d178b1d1e 15845 /* return 1 on success, 0 otherwise */
wolfSSL 16:8e0d178b1d1e 15846 if (ret == 0)
wolfSSL 16:8e0d178b1d1e 15847 return 1;
wolfSSL 16:8e0d178b1d1e 15848
wolfSSL 16:8e0d178b1d1e 15849 return 0;
wolfSSL 16:8e0d178b1d1e 15850 }
wolfSSL 16:8e0d178b1d1e 15851
wolfSSL 16:8e0d178b1d1e 15852
wolfSSL 16:8e0d178b1d1e 15853 int wolfSSL_SHA3_384_Final(byte* input, WOLFSSL_SHA3_384_CTX* sha)
wolfSSL 16:8e0d178b1d1e 15854 {
wolfSSL 16:8e0d178b1d1e 15855 int ret;
wolfSSL 16:8e0d178b1d1e 15856
wolfSSL 16:8e0d178b1d1e 15857 WOLFSSL_ENTER("SHA3_384_Final");
wolfSSL 16:8e0d178b1d1e 15858 ret = wc_Sha3_384_Final((wc_Sha3*)sha, input);
wolfSSL 16:8e0d178b1d1e 15859
wolfSSL 16:8e0d178b1d1e 15860 /* return 1 on success, 0 otherwise */
wolfSSL 16:8e0d178b1d1e 15861 if (ret == 0)
wolfSSL 16:8e0d178b1d1e 15862 return 1;
wolfSSL 16:8e0d178b1d1e 15863
wolfSSL 16:8e0d178b1d1e 15864 return 0;
wolfSSL 16:8e0d178b1d1e 15865 }
wolfSSL 16:8e0d178b1d1e 15866
wolfSSL 16:8e0d178b1d1e 15867
wolfSSL 16:8e0d178b1d1e 15868
wolfSSL 16:8e0d178b1d1e 15869 #ifndef WOLFSSL_NOSHA3_512
wolfSSL 16:8e0d178b1d1e 15870
wolfSSL 16:8e0d178b1d1e 15871 int wolfSSL_SHA3_512_Init(WOLFSSL_SHA3_512_CTX* sha)
wolfSSL 16:8e0d178b1d1e 15872 {
wolfSSL 16:8e0d178b1d1e 15873 int ret;
wolfSSL 16:8e0d178b1d1e 15874
wolfSSL 16:8e0d178b1d1e 15875 typedef char sha_test[sizeof(SHA3_512_CTX) >= sizeof(wc_Sha3) ? 1 : -1];
wolfSSL 16:8e0d178b1d1e 15876 (void)sizeof(sha_test);
wolfSSL 16:8e0d178b1d1e 15877
wolfSSL 16:8e0d178b1d1e 15878 WOLFSSL_ENTER("SHA3_512_Init");
wolfSSL 16:8e0d178b1d1e 15879 ret = wc_InitSha3_512((wc_Sha3*)sha, NULL, 0);
wolfSSL 16:8e0d178b1d1e 15880
wolfSSL 16:8e0d178b1d1e 15881 /* return 1 on success, 0 otherwise */
wolfSSL 16:8e0d178b1d1e 15882 if (ret == 0)
wolfSSL 16:8e0d178b1d1e 15883 return 1;
wolfSSL 16:8e0d178b1d1e 15884
wolfSSL 16:8e0d178b1d1e 15885 return 0;
wolfSSL 16:8e0d178b1d1e 15886 }
wolfSSL 16:8e0d178b1d1e 15887
wolfSSL 16:8e0d178b1d1e 15888
wolfSSL 16:8e0d178b1d1e 15889 int wolfSSL_SHA3_512_Update(WOLFSSL_SHA3_512_CTX* sha, const void* input,
wolfSSL 16:8e0d178b1d1e 15890 unsigned long sz)
wolfSSL 16:8e0d178b1d1e 15891 {
wolfSSL 16:8e0d178b1d1e 15892 int ret;
wolfSSL 16:8e0d178b1d1e 15893
wolfSSL 16:8e0d178b1d1e 15894 WOLFSSL_ENTER("SHA3_512_Update");
wolfSSL 16:8e0d178b1d1e 15895 ret = wc_Sha3_512_Update((wc_Sha3*)sha, (const byte*)input, (word32)sz);
wolfSSL 16:8e0d178b1d1e 15896
wolfSSL 16:8e0d178b1d1e 15897 /* return 1 on success, 0 otherwise */
wolfSSL 16:8e0d178b1d1e 15898 if (ret == 0)
wolfSSL 16:8e0d178b1d1e 15899 return 1;
wolfSSL 16:8e0d178b1d1e 15900
wolfSSL 16:8e0d178b1d1e 15901 return 0;
wolfSSL 16:8e0d178b1d1e 15902 }
wolfSSL 16:8e0d178b1d1e 15903
wolfSSL 16:8e0d178b1d1e 15904
wolfSSL 16:8e0d178b1d1e 15905 int wolfSSL_SHA3_512_Final(byte* input, WOLFSSL_SHA3_512_CTX* sha)
wolfSSL 16:8e0d178b1d1e 15906 {
wolfSSL 16:8e0d178b1d1e 15907 int ret;
wolfSSL 16:8e0d178b1d1e 15908
wolfSSL 16:8e0d178b1d1e 15909 WOLFSSL_ENTER("SHA3_512_Final");
wolfSSL 16:8e0d178b1d1e 15910 ret = wc_Sha3_512_Final((wc_Sha3*)sha, input);
wolfSSL 16:8e0d178b1d1e 15911
wolfSSL 16:8e0d178b1d1e 15912 /* return 1 on success, 0 otherwise */
wolfSSL 16:8e0d178b1d1e 15913 if (ret == 0)
wolfSSL 16:8e0d178b1d1e 15914 return 1;
wolfSSL 16:8e0d178b1d1e 15915
wolfSSL 16:8e0d178b1d1e 15916 return 0;
wolfSSL 16:8e0d178b1d1e 15917 }
wolfSSL 16:8e0d178b1d1e 15918
wolfSSL 16:8e0d178b1d1e 15919 #endif /* WOLFSSL_NOSHA3_512 */
wolfSSL 16:8e0d178b1d1e 15920 #endif /* WOLFSSL_SHA3 */
wolfSSL 15:117db924cf7c 15921
wolfSSL 15:117db924cf7c 15922 /* store for external read of iv, WOLFSSL_SUCCESS on success */
wolfSSL 15:117db924cf7c 15923 int wolfSSL_StoreExternalIV(WOLFSSL_EVP_CIPHER_CTX* ctx)
wolfSSL 15:117db924cf7c 15924 {
wolfSSL 15:117db924cf7c 15925 WOLFSSL_ENTER("wolfSSL_StoreExternalIV");
wolfSSL 15:117db924cf7c 15926
wolfSSL 15:117db924cf7c 15927 if (ctx == NULL) {
wolfSSL 15:117db924cf7c 15928 WOLFSSL_MSG("Bad function argument");
wolfSSL 15:117db924cf7c 15929 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 15930 }
wolfSSL 15:117db924cf7c 15931
wolfSSL 15:117db924cf7c 15932 switch (ctx->cipherType) {
wolfSSL 15:117db924cf7c 15933
wolfSSL 15:117db924cf7c 15934 #ifndef NO_AES
wolfSSL 16:8e0d178b1d1e 15935 #ifdef HAVE_AES_CBC
wolfSSL 15:117db924cf7c 15936 case AES_128_CBC_TYPE :
wolfSSL 15:117db924cf7c 15937 case AES_192_CBC_TYPE :
wolfSSL 15:117db924cf7c 15938 case AES_256_CBC_TYPE :
wolfSSL 15:117db924cf7c 15939 WOLFSSL_MSG("AES CBC");
wolfSSL 15:117db924cf7c 15940 XMEMCPY(ctx->iv, &ctx->cipher.aes.reg, AES_BLOCK_SIZE);
wolfSSL 15:117db924cf7c 15941 break;
wolfSSL 16:8e0d178b1d1e 15942 #endif
wolfSSL 16:8e0d178b1d1e 15943 #ifdef HAVE_AESGCM
wolfSSL 16:8e0d178b1d1e 15944 case AES_128_GCM_TYPE :
wolfSSL 16:8e0d178b1d1e 15945 case AES_192_GCM_TYPE :
wolfSSL 16:8e0d178b1d1e 15946 case AES_256_GCM_TYPE :
wolfSSL 16:8e0d178b1d1e 15947 WOLFSSL_MSG("AES GCM");
wolfSSL 16:8e0d178b1d1e 15948 XMEMCPY(ctx->iv, &ctx->cipher.aes.reg, AES_BLOCK_SIZE);
wolfSSL 16:8e0d178b1d1e 15949 break;
wolfSSL 16:8e0d178b1d1e 15950 #endif /* HAVE_AESGCM */
wolfSSL 16:8e0d178b1d1e 15951 #ifdef HAVE_AES_ECB
wolfSSL 16:8e0d178b1d1e 15952 case AES_128_ECB_TYPE :
wolfSSL 16:8e0d178b1d1e 15953 case AES_192_ECB_TYPE :
wolfSSL 16:8e0d178b1d1e 15954 case AES_256_ECB_TYPE :
wolfSSL 16:8e0d178b1d1e 15955 WOLFSSL_MSG("AES ECB");
wolfSSL 16:8e0d178b1d1e 15956 break;
wolfSSL 16:8e0d178b1d1e 15957 #endif
wolfSSL 15:117db924cf7c 15958 #ifdef WOLFSSL_AES_COUNTER
wolfSSL 15:117db924cf7c 15959 case AES_128_CTR_TYPE :
wolfSSL 15:117db924cf7c 15960 case AES_192_CTR_TYPE :
wolfSSL 15:117db924cf7c 15961 case AES_256_CTR_TYPE :
wolfSSL 15:117db924cf7c 15962 WOLFSSL_MSG("AES CTR");
wolfSSL 15:117db924cf7c 15963 XMEMCPY(ctx->iv, &ctx->cipher.aes.reg, AES_BLOCK_SIZE);
wolfSSL 15:117db924cf7c 15964 break;
wolfSSL 15:117db924cf7c 15965 #endif /* WOLFSSL_AES_COUNTER */
wolfSSL 16:8e0d178b1d1e 15966 #ifdef WOLFSSL_AES_CFB
wolfSSL 16:8e0d178b1d1e 15967 #if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
wolfSSL 16:8e0d178b1d1e 15968 case AES_128_CFB1_TYPE:
wolfSSL 16:8e0d178b1d1e 15969 case AES_192_CFB1_TYPE:
wolfSSL 16:8e0d178b1d1e 15970 case AES_256_CFB1_TYPE:
wolfSSL 16:8e0d178b1d1e 15971 WOLFSSL_MSG("AES CFB1");
wolfSSL 16:8e0d178b1d1e 15972 break;
wolfSSL 16:8e0d178b1d1e 15973 case AES_128_CFB8_TYPE:
wolfSSL 16:8e0d178b1d1e 15974 case AES_192_CFB8_TYPE:
wolfSSL 16:8e0d178b1d1e 15975 case AES_256_CFB8_TYPE:
wolfSSL 16:8e0d178b1d1e 15976 WOLFSSL_MSG("AES CFB8");
wolfSSL 16:8e0d178b1d1e 15977 break;
wolfSSL 16:8e0d178b1d1e 15978 #endif /* !HAVE_SELFTEST && !HAVE_FIPS */
wolfSSL 16:8e0d178b1d1e 15979 case AES_128_CFB128_TYPE:
wolfSSL 16:8e0d178b1d1e 15980 case AES_192_CFB128_TYPE:
wolfSSL 16:8e0d178b1d1e 15981 case AES_256_CFB128_TYPE:
wolfSSL 16:8e0d178b1d1e 15982 WOLFSSL_MSG("AES CFB128");
wolfSSL 16:8e0d178b1d1e 15983 break;
wolfSSL 16:8e0d178b1d1e 15984 #endif /* WOLFSSL_AES_CFB */
wolfSSL 16:8e0d178b1d1e 15985 #if defined(WOLFSSL_AES_OFB)
wolfSSL 16:8e0d178b1d1e 15986 case AES_128_OFB_TYPE:
wolfSSL 16:8e0d178b1d1e 15987 case AES_192_OFB_TYPE:
wolfSSL 16:8e0d178b1d1e 15988 case AES_256_OFB_TYPE:
wolfSSL 16:8e0d178b1d1e 15989 WOLFSSL_MSG("AES OFB");
wolfSSL 16:8e0d178b1d1e 15990 break;
wolfSSL 16:8e0d178b1d1e 15991 #endif /* WOLFSSL_AES_OFB */
wolfSSL 16:8e0d178b1d1e 15992 #ifdef WOLFSSL_AES_XTS
wolfSSL 16:8e0d178b1d1e 15993 case AES_128_XTS_TYPE:
wolfSSL 16:8e0d178b1d1e 15994 case AES_256_XTS_TYPE:
wolfSSL 16:8e0d178b1d1e 15995 WOLFSSL_MSG("AES XTS");
wolfSSL 16:8e0d178b1d1e 15996 break;
wolfSSL 16:8e0d178b1d1e 15997 #endif /* WOLFSSL_AES_XTS */
wolfSSL 15:117db924cf7c 15998 #endif /* NO_AES */
wolfSSL 15:117db924cf7c 15999
wolfSSL 15:117db924cf7c 16000 #ifndef NO_DES3
wolfSSL 15:117db924cf7c 16001 case DES_CBC_TYPE :
wolfSSL 15:117db924cf7c 16002 WOLFSSL_MSG("DES CBC");
wolfSSL 15:117db924cf7c 16003 XMEMCPY(ctx->iv, &ctx->cipher.des.reg, DES_BLOCK_SIZE);
wolfSSL 15:117db924cf7c 16004 break;
wolfSSL 15:117db924cf7c 16005
wolfSSL 15:117db924cf7c 16006 case DES_EDE3_CBC_TYPE :
wolfSSL 15:117db924cf7c 16007 WOLFSSL_MSG("DES EDE3 CBC");
wolfSSL 15:117db924cf7c 16008 XMEMCPY(ctx->iv, &ctx->cipher.des3.reg, DES_BLOCK_SIZE);
wolfSSL 15:117db924cf7c 16009 break;
wolfSSL 15:117db924cf7c 16010 #endif
wolfSSL 16:8e0d178b1d1e 16011 #ifdef WOLFSSL_DES_ECB
wolfSSL 16:8e0d178b1d1e 16012 case DES_ECB_TYPE :
wolfSSL 16:8e0d178b1d1e 16013 WOLFSSL_MSG("DES ECB");
wolfSSL 16:8e0d178b1d1e 16014 break;
wolfSSL 16:8e0d178b1d1e 16015 case DES_EDE3_ECB_TYPE :
wolfSSL 16:8e0d178b1d1e 16016 WOLFSSL_MSG("DES3 ECB");
wolfSSL 16:8e0d178b1d1e 16017 break;
wolfSSL 16:8e0d178b1d1e 16018 #endif
wolfSSL 15:117db924cf7c 16019
wolfSSL 15:117db924cf7c 16020 #ifdef HAVE_IDEA
wolfSSL 15:117db924cf7c 16021 case IDEA_CBC_TYPE :
wolfSSL 15:117db924cf7c 16022 WOLFSSL_MSG("IDEA CBC");
wolfSSL 15:117db924cf7c 16023 XMEMCPY(ctx->iv, &ctx->cipher.idea.reg, IDEA_BLOCK_SIZE);
wolfSSL 15:117db924cf7c 16024 break;
wolfSSL 15:117db924cf7c 16025 #endif
wolfSSL 15:117db924cf7c 16026 case ARC4_TYPE :
wolfSSL 15:117db924cf7c 16027 WOLFSSL_MSG("ARC4");
wolfSSL 15:117db924cf7c 16028 break;
wolfSSL 15:117db924cf7c 16029
wolfSSL 15:117db924cf7c 16030 case NULL_CIPHER_TYPE :
wolfSSL 15:117db924cf7c 16031 WOLFSSL_MSG("NULL");
wolfSSL 15:117db924cf7c 16032 break;
wolfSSL 15:117db924cf7c 16033
wolfSSL 15:117db924cf7c 16034 default: {
wolfSSL 15:117db924cf7c 16035 WOLFSSL_MSG("bad type");
wolfSSL 15:117db924cf7c 16036 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 16037 }
wolfSSL 15:117db924cf7c 16038 }
wolfSSL 15:117db924cf7c 16039 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 16040 }
wolfSSL 15:117db924cf7c 16041
wolfSSL 15:117db924cf7c 16042 /* set internal IV from external, WOLFSSL_SUCCESS on success */
wolfSSL 15:117db924cf7c 16043 int wolfSSL_SetInternalIV(WOLFSSL_EVP_CIPHER_CTX* ctx)
wolfSSL 15:117db924cf7c 16044 {
wolfSSL 15:117db924cf7c 16045
wolfSSL 15:117db924cf7c 16046 WOLFSSL_ENTER("wolfSSL_SetInternalIV");
wolfSSL 15:117db924cf7c 16047
wolfSSL 15:117db924cf7c 16048 if (ctx == NULL) {
wolfSSL 15:117db924cf7c 16049 WOLFSSL_MSG("Bad function argument");
wolfSSL 15:117db924cf7c 16050 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 16051 }
wolfSSL 15:117db924cf7c 16052
wolfSSL 15:117db924cf7c 16053 switch (ctx->cipherType) {
wolfSSL 15:117db924cf7c 16054
wolfSSL 15:117db924cf7c 16055 #ifndef NO_AES
wolfSSL 16:8e0d178b1d1e 16056 #ifdef HAVE_AES_CBC
wolfSSL 15:117db924cf7c 16057 case AES_128_CBC_TYPE :
wolfSSL 15:117db924cf7c 16058 case AES_192_CBC_TYPE :
wolfSSL 15:117db924cf7c 16059 case AES_256_CBC_TYPE :
wolfSSL 15:117db924cf7c 16060 WOLFSSL_MSG("AES CBC");
wolfSSL 15:117db924cf7c 16061 XMEMCPY(&ctx->cipher.aes.reg, ctx->iv, AES_BLOCK_SIZE);
wolfSSL 15:117db924cf7c 16062 break;
wolfSSL 16:8e0d178b1d1e 16063 #endif
wolfSSL 16:8e0d178b1d1e 16064 #ifdef HAVE_AESGCM
wolfSSL 16:8e0d178b1d1e 16065 case AES_128_GCM_TYPE :
wolfSSL 16:8e0d178b1d1e 16066 case AES_192_GCM_TYPE :
wolfSSL 16:8e0d178b1d1e 16067 case AES_256_GCM_TYPE :
wolfSSL 16:8e0d178b1d1e 16068 WOLFSSL_MSG("AES GCM");
wolfSSL 16:8e0d178b1d1e 16069 XMEMCPY(&ctx->cipher.aes.reg, ctx->iv, AES_BLOCK_SIZE);
wolfSSL 16:8e0d178b1d1e 16070 break;
wolfSSL 16:8e0d178b1d1e 16071 #endif
wolfSSL 16:8e0d178b1d1e 16072 #ifdef HAVE_AES_ECB
wolfSSL 16:8e0d178b1d1e 16073 case AES_128_ECB_TYPE :
wolfSSL 16:8e0d178b1d1e 16074 case AES_192_ECB_TYPE :
wolfSSL 16:8e0d178b1d1e 16075 case AES_256_ECB_TYPE :
wolfSSL 16:8e0d178b1d1e 16076 WOLFSSL_MSG("AES ECB");
wolfSSL 16:8e0d178b1d1e 16077 break;
wolfSSL 16:8e0d178b1d1e 16078 #endif
wolfSSL 15:117db924cf7c 16079 #ifdef WOLFSSL_AES_COUNTER
wolfSSL 15:117db924cf7c 16080 case AES_128_CTR_TYPE :
wolfSSL 15:117db924cf7c 16081 case AES_192_CTR_TYPE :
wolfSSL 15:117db924cf7c 16082 case AES_256_CTR_TYPE :
wolfSSL 15:117db924cf7c 16083 WOLFSSL_MSG("AES CTR");
wolfSSL 15:117db924cf7c 16084 XMEMCPY(&ctx->cipher.aes.reg, ctx->iv, AES_BLOCK_SIZE);
wolfSSL 15:117db924cf7c 16085 break;
wolfSSL 15:117db924cf7c 16086 #endif
wolfSSL 15:117db924cf7c 16087
wolfSSL 15:117db924cf7c 16088 #endif /* NO_AES */
wolfSSL 15:117db924cf7c 16089
wolfSSL 15:117db924cf7c 16090 #ifndef NO_DES3
wolfSSL 15:117db924cf7c 16091 case DES_CBC_TYPE :
wolfSSL 15:117db924cf7c 16092 WOLFSSL_MSG("DES CBC");
wolfSSL 15:117db924cf7c 16093 XMEMCPY(&ctx->cipher.des.reg, ctx->iv, DES_BLOCK_SIZE);
wolfSSL 15:117db924cf7c 16094 break;
wolfSSL 15:117db924cf7c 16095
wolfSSL 15:117db924cf7c 16096 case DES_EDE3_CBC_TYPE :
wolfSSL 15:117db924cf7c 16097 WOLFSSL_MSG("DES EDE3 CBC");
wolfSSL 15:117db924cf7c 16098 XMEMCPY(&ctx->cipher.des3.reg, ctx->iv, DES_BLOCK_SIZE);
wolfSSL 15:117db924cf7c 16099 break;
wolfSSL 15:117db924cf7c 16100 #endif
wolfSSL 16:8e0d178b1d1e 16101 #ifdef WOLFSSL_DES_ECB
wolfSSL 16:8e0d178b1d1e 16102 case DES_ECB_TYPE :
wolfSSL 16:8e0d178b1d1e 16103 WOLFSSL_MSG("DES ECB");
wolfSSL 16:8e0d178b1d1e 16104 break;
wolfSSL 16:8e0d178b1d1e 16105 case DES_EDE3_ECB_TYPE :
wolfSSL 16:8e0d178b1d1e 16106 WOLFSSL_MSG("DES3 ECB");
wolfSSL 16:8e0d178b1d1e 16107 break;
wolfSSL 16:8e0d178b1d1e 16108 #endif
wolfSSL 15:117db924cf7c 16109
wolfSSL 15:117db924cf7c 16110 #ifdef HAVE_IDEA
wolfSSL 15:117db924cf7c 16111 case IDEA_CBC_TYPE :
wolfSSL 15:117db924cf7c 16112 WOLFSSL_MSG("IDEA CBC");
wolfSSL 15:117db924cf7c 16113 XMEMCPY(&ctx->cipher.idea.reg, ctx->iv, IDEA_BLOCK_SIZE);
wolfSSL 15:117db924cf7c 16114 break;
wolfSSL 15:117db924cf7c 16115 #endif
wolfSSL 15:117db924cf7c 16116 case ARC4_TYPE :
wolfSSL 15:117db924cf7c 16117 WOLFSSL_MSG("ARC4");
wolfSSL 15:117db924cf7c 16118 break;
wolfSSL 15:117db924cf7c 16119
wolfSSL 15:117db924cf7c 16120 case NULL_CIPHER_TYPE :
wolfSSL 15:117db924cf7c 16121 WOLFSSL_MSG("NULL");
wolfSSL 15:117db924cf7c 16122 break;
wolfSSL 15:117db924cf7c 16123
wolfSSL 15:117db924cf7c 16124 default: {
wolfSSL 15:117db924cf7c 16125 WOLFSSL_MSG("bad type");
wolfSSL 15:117db924cf7c 16126 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 16127 }
wolfSSL 15:117db924cf7c 16128 }
wolfSSL 15:117db924cf7c 16129 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 16130 }
wolfSSL 15:117db924cf7c 16131
wolfSSL 15:117db924cf7c 16132 unsigned char* wolfSSL_HMAC(const WOLFSSL_EVP_MD* evp_md, const void* key,
wolfSSL 15:117db924cf7c 16133 int key_len, const unsigned char* d, int n,
wolfSSL 15:117db924cf7c 16134 unsigned char* md, unsigned int* md_len)
wolfSSL 15:117db924cf7c 16135 {
wolfSSL 15:117db924cf7c 16136 int type;
wolfSSL 15:117db924cf7c 16137 int mdlen;
wolfSSL 15:117db924cf7c 16138 unsigned char* ret = NULL;
wolfSSL 15:117db924cf7c 16139 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 16140 Hmac* hmac = NULL;
wolfSSL 15:117db924cf7c 16141 #else
wolfSSL 15:117db924cf7c 16142 Hmac hmac[1];
wolfSSL 15:117db924cf7c 16143 #endif
wolfSSL 15:117db924cf7c 16144 void* heap = NULL;
wolfSSL 15:117db924cf7c 16145
wolfSSL 15:117db924cf7c 16146 WOLFSSL_ENTER("wolfSSL_HMAC");
wolfSSL 15:117db924cf7c 16147 if (!md) {
wolfSSL 15:117db924cf7c 16148 WOLFSSL_MSG("Static buffer not supported, pass in md buffer");
wolfSSL 15:117db924cf7c 16149 return NULL; /* no static buffer support */
wolfSSL 15:117db924cf7c 16150 }
wolfSSL 15:117db924cf7c 16151
wolfSSL 15:117db924cf7c 16152 #ifndef NO_MD5
wolfSSL 15:117db924cf7c 16153 if (XSTRNCMP(evp_md, "MD5", 3) == 0) {
wolfSSL 15:117db924cf7c 16154 type = WC_MD5;
wolfSSL 15:117db924cf7c 16155 mdlen = WC_MD5_DIGEST_SIZE;
wolfSSL 15:117db924cf7c 16156 } else
wolfSSL 15:117db924cf7c 16157 #endif
wolfSSL 15:117db924cf7c 16158 #ifdef WOLFSSL_SHA224
wolfSSL 15:117db924cf7c 16159 if (XSTRNCMP(evp_md, "SHA224", 6) == 0) {
wolfSSL 15:117db924cf7c 16160 type = WC_SHA224;
wolfSSL 15:117db924cf7c 16161 mdlen = WC_SHA224_DIGEST_SIZE;
wolfSSL 15:117db924cf7c 16162 } else
wolfSSL 15:117db924cf7c 16163 #endif
wolfSSL 15:117db924cf7c 16164 #ifndef NO_SHA256
wolfSSL 15:117db924cf7c 16165 if (XSTRNCMP(evp_md, "SHA256", 6) == 0) {
wolfSSL 15:117db924cf7c 16166 type = WC_SHA256;
wolfSSL 15:117db924cf7c 16167 mdlen = WC_SHA256_DIGEST_SIZE;
wolfSSL 15:117db924cf7c 16168 } else
wolfSSL 15:117db924cf7c 16169 #endif
wolfSSL 15:117db924cf7c 16170 #ifdef WOLFSSL_SHA384
wolfSSL 15:117db924cf7c 16171 if (XSTRNCMP(evp_md, "SHA384", 6) == 0) {
wolfSSL 15:117db924cf7c 16172 type = WC_SHA384;
wolfSSL 15:117db924cf7c 16173 mdlen = WC_SHA384_DIGEST_SIZE;
wolfSSL 15:117db924cf7c 16174 } else
wolfSSL 15:117db924cf7c 16175 #endif
wolfSSL 15:117db924cf7c 16176 #ifdef WOLFSSL_SHA512
wolfSSL 15:117db924cf7c 16177 if (XSTRNCMP(evp_md, "SHA512", 6) == 0) {
wolfSSL 15:117db924cf7c 16178 type = WC_SHA512;
wolfSSL 15:117db924cf7c 16179 mdlen = WC_SHA512_DIGEST_SIZE;
wolfSSL 15:117db924cf7c 16180 } else
wolfSSL 15:117db924cf7c 16181 #endif
wolfSSL 16:8e0d178b1d1e 16182 #ifdef WOLFSSL_SHA3
wolfSSL 16:8e0d178b1d1e 16183 #ifndef WOLFSSL_NOSHA3_224
wolfSSL 16:8e0d178b1d1e 16184 if (XSTRNCMP(evp_md, "SHA3_224", 8) == 0) {
wolfSSL 16:8e0d178b1d1e 16185 type = WC_SHA3_224;
wolfSSL 16:8e0d178b1d1e 16186 mdlen = WC_SHA3_224_DIGEST_SIZE;
wolfSSL 16:8e0d178b1d1e 16187 } else
wolfSSL 16:8e0d178b1d1e 16188 #endif
wolfSSL 16:8e0d178b1d1e 16189 #ifndef WOLFSSL_NOSHA3_256
wolfSSL 16:8e0d178b1d1e 16190 if (XSTRNCMP(evp_md, "SHA3_256", 8) == 0) {
wolfSSL 16:8e0d178b1d1e 16191 type = WC_SHA3_256;
wolfSSL 16:8e0d178b1d1e 16192 mdlen = WC_SHA3_256_DIGEST_SIZE;
wolfSSL 16:8e0d178b1d1e 16193 } else
wolfSSL 16:8e0d178b1d1e 16194 #endif
wolfSSL 16:8e0d178b1d1e 16195 if (XSTRNCMP(evp_md, "SHA3_384", 8) == 0) {
wolfSSL 16:8e0d178b1d1e 16196 type = WC_SHA3_384;
wolfSSL 16:8e0d178b1d1e 16197 mdlen = WC_SHA3_384_DIGEST_SIZE;
wolfSSL 16:8e0d178b1d1e 16198 } else
wolfSSL 16:8e0d178b1d1e 16199 #ifndef WOLFSSL_NOSHA3_512
wolfSSL 16:8e0d178b1d1e 16200 if (XSTRNCMP(evp_md, "SHA3_512", 8) == 0) {
wolfSSL 16:8e0d178b1d1e 16201 type = WC_SHA3_512;
wolfSSL 16:8e0d178b1d1e 16202 mdlen = WC_SHA3_512_DIGEST_SIZE;
wolfSSL 16:8e0d178b1d1e 16203 } else
wolfSSL 16:8e0d178b1d1e 16204 #endif
wolfSSL 16:8e0d178b1d1e 16205 #endif
wolfSSL 15:117db924cf7c 16206 #ifndef NO_SHA
wolfSSL 15:117db924cf7c 16207 if (XSTRNCMP(evp_md, "SHA", 3) == 0) {
wolfSSL 15:117db924cf7c 16208 type = WC_SHA;
wolfSSL 15:117db924cf7c 16209 mdlen = WC_SHA_DIGEST_SIZE;
wolfSSL 15:117db924cf7c 16210 } else
wolfSSL 15:117db924cf7c 16211 #endif
wolfSSL 15:117db924cf7c 16212 {
wolfSSL 15:117db924cf7c 16213 return NULL;
wolfSSL 15:117db924cf7c 16214 }
wolfSSL 15:117db924cf7c 16215
wolfSSL 15:117db924cf7c 16216 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 16217 hmac = (Hmac*)XMALLOC(sizeof(Hmac), heap, DYNAMIC_TYPE_HMAC);
wolfSSL 15:117db924cf7c 16218 if (hmac == NULL)
wolfSSL 15:117db924cf7c 16219 return NULL;
wolfSSL 15:117db924cf7c 16220 #endif
wolfSSL 15:117db924cf7c 16221
wolfSSL 15:117db924cf7c 16222 if (wc_HmacInit(hmac, heap, INVALID_DEVID) == 0) {
wolfSSL 15:117db924cf7c 16223 if (wc_HmacSetKey(hmac, type, (const byte*)key, key_len) == 0) {
wolfSSL 15:117db924cf7c 16224 if (wc_HmacUpdate(hmac, d, n) == 0) {
wolfSSL 15:117db924cf7c 16225 if (wc_HmacFinal(hmac, md) == 0) {
wolfSSL 15:117db924cf7c 16226 if (md_len)
wolfSSL 15:117db924cf7c 16227 *md_len = mdlen;
wolfSSL 15:117db924cf7c 16228 ret = md;
wolfSSL 15:117db924cf7c 16229 }
wolfSSL 15:117db924cf7c 16230 }
wolfSSL 15:117db924cf7c 16231 }
wolfSSL 15:117db924cf7c 16232 wc_HmacFree(hmac);
wolfSSL 15:117db924cf7c 16233 }
wolfSSL 15:117db924cf7c 16234
wolfSSL 15:117db924cf7c 16235 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 16236 XFREE(hmac, heap, DYNAMIC_TYPE_HMAC);
wolfSSL 15:117db924cf7c 16237 #endif
wolfSSL 15:117db924cf7c 16238
wolfSSL 15:117db924cf7c 16239 (void)evp_md;
wolfSSL 15:117db924cf7c 16240 return ret;
wolfSSL 15:117db924cf7c 16241 }
wolfSSL 15:117db924cf7c 16242
wolfSSL 15:117db924cf7c 16243 void wolfSSL_ERR_clear_error(void)
wolfSSL 15:117db924cf7c 16244 {
wolfSSL 15:117db924cf7c 16245 WOLFSSL_ENTER("wolfSSL_ERR_clear_error");
wolfSSL 15:117db924cf7c 16246
wolfSSL 16:8e0d178b1d1e 16247 #if defined(DEBUG_WOLFSSL) || defined(WOLFSSL_NGINX) || \
wolfSSL 16:8e0d178b1d1e 16248 defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)
wolfSSL 15:117db924cf7c 16249 wc_ClearErrorNodes();
wolfSSL 15:117db924cf7c 16250 #endif
wolfSSL 15:117db924cf7c 16251 }
wolfSSL 15:117db924cf7c 16252
wolfSSL 15:117db924cf7c 16253
wolfSSL 15:117db924cf7c 16254 int wolfSSL_RAND_status(void)
wolfSSL 15:117db924cf7c 16255 {
wolfSSL 15:117db924cf7c 16256 return WOLFSSL_SUCCESS; /* wolfCrypt provides enough seed internally */
wolfSSL 15:117db924cf7c 16257 }
wolfSSL 15:117db924cf7c 16258
wolfSSL 15:117db924cf7c 16259
wolfSSL 15:117db924cf7c 16260 #ifndef NO_WOLFSSL_STUB
wolfSSL 15:117db924cf7c 16261 void wolfSSL_RAND_add(const void* add, int len, double entropy)
wolfSSL 15:117db924cf7c 16262 {
wolfSSL 15:117db924cf7c 16263 (void)add;
wolfSSL 15:117db924cf7c 16264 (void)len;
wolfSSL 15:117db924cf7c 16265 (void)entropy;
wolfSSL 15:117db924cf7c 16266 WOLFSSL_STUB("RAND_add");
wolfSSL 15:117db924cf7c 16267 /* wolfSSL seeds/adds internally, use explicit RNG if you want
wolfSSL 15:117db924cf7c 16268 to take control */
wolfSSL 15:117db924cf7c 16269 }
wolfSSL 15:117db924cf7c 16270 #endif
wolfSSL 15:117db924cf7c 16271
wolfSSL 15:117db924cf7c 16272 #ifndef NO_DES3
wolfSSL 15:117db924cf7c 16273 /* 0 on ok */
wolfSSL 15:117db924cf7c 16274 int wolfSSL_DES_key_sched(WOLFSSL_const_DES_cblock* key,
wolfSSL 15:117db924cf7c 16275 WOLFSSL_DES_key_schedule* schedule)
wolfSSL 15:117db924cf7c 16276 {
wolfSSL 15:117db924cf7c 16277 WOLFSSL_ENTER("wolfSSL_DES_key_sched");
wolfSSL 15:117db924cf7c 16278
wolfSSL 15:117db924cf7c 16279 if (key == NULL || schedule == NULL) {
wolfSSL 15:117db924cf7c 16280 WOLFSSL_MSG("Null argument passed in");
wolfSSL 15:117db924cf7c 16281 }
wolfSSL 15:117db924cf7c 16282 else {
wolfSSL 15:117db924cf7c 16283 XMEMCPY(schedule, key, sizeof(WOLFSSL_const_DES_cblock));
wolfSSL 15:117db924cf7c 16284 }
wolfSSL 15:117db924cf7c 16285
wolfSSL 15:117db924cf7c 16286 return 0;
wolfSSL 15:117db924cf7c 16287 }
wolfSSL 15:117db924cf7c 16288
wolfSSL 15:117db924cf7c 16289
wolfSSL 15:117db924cf7c 16290 /* intended to behave similar to Kerberos mit_des_cbc_cksum
wolfSSL 15:117db924cf7c 16291 * return the last 4 bytes of cipher text */
wolfSSL 15:117db924cf7c 16292 WOLFSSL_DES_LONG wolfSSL_DES_cbc_cksum(const unsigned char* in,
wolfSSL 15:117db924cf7c 16293 WOLFSSL_DES_cblock* out, long length, WOLFSSL_DES_key_schedule* sc,
wolfSSL 15:117db924cf7c 16294 WOLFSSL_const_DES_cblock* iv)
wolfSSL 15:117db924cf7c 16295 {
wolfSSL 15:117db924cf7c 16296 WOLFSSL_DES_LONG ret;
wolfSSL 15:117db924cf7c 16297 unsigned char* tmp;
wolfSSL 15:117db924cf7c 16298 unsigned char* data = (unsigned char*)in;
wolfSSL 15:117db924cf7c 16299 long dataSz = length;
wolfSSL 15:117db924cf7c 16300 byte dynamicFlag = 0; /* when padding the buffer created needs free'd */
wolfSSL 15:117db924cf7c 16301
wolfSSL 15:117db924cf7c 16302 WOLFSSL_ENTER("wolfSSL_DES_cbc_cksum");
wolfSSL 15:117db924cf7c 16303
wolfSSL 15:117db924cf7c 16304 if (in == NULL || out == NULL || sc == NULL || iv == NULL) {
wolfSSL 15:117db924cf7c 16305 WOLFSSL_MSG("Bad argument passed in");
wolfSSL 15:117db924cf7c 16306 return 0;
wolfSSL 15:117db924cf7c 16307 }
wolfSSL 15:117db924cf7c 16308
wolfSSL 15:117db924cf7c 16309 /* if input length is not a multiple of DES_BLOCK_SIZE pad with 0s */
wolfSSL 15:117db924cf7c 16310 if (dataSz % DES_BLOCK_SIZE) {
wolfSSL 15:117db924cf7c 16311 dataSz += DES_BLOCK_SIZE - (dataSz % DES_BLOCK_SIZE);
wolfSSL 15:117db924cf7c 16312 data = (unsigned char*)XMALLOC(dataSz, NULL,
wolfSSL 15:117db924cf7c 16313 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 16314 if (data == NULL) {
wolfSSL 15:117db924cf7c 16315 WOLFSSL_MSG("Issue creating temporary buffer");
wolfSSL 15:117db924cf7c 16316 return 0;
wolfSSL 15:117db924cf7c 16317 }
wolfSSL 15:117db924cf7c 16318 dynamicFlag = 1; /* set to free buffer at end */
wolfSSL 15:117db924cf7c 16319 XMEMCPY(data, in, length);
wolfSSL 15:117db924cf7c 16320 XMEMSET(data + length, 0, dataSz - length); /* padding */
wolfSSL 15:117db924cf7c 16321 }
wolfSSL 15:117db924cf7c 16322
wolfSSL 15:117db924cf7c 16323 tmp = (unsigned char*)XMALLOC(dataSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 16324 if (tmp == NULL) {
wolfSSL 15:117db924cf7c 16325 WOLFSSL_MSG("Issue creating temporary buffer");
wolfSSL 15:117db924cf7c 16326 if (dynamicFlag == 1) {
wolfSSL 15:117db924cf7c 16327 XFREE(data, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 16328 }
wolfSSL 15:117db924cf7c 16329 return 0;
wolfSSL 15:117db924cf7c 16330 }
wolfSSL 15:117db924cf7c 16331
wolfSSL 15:117db924cf7c 16332 wolfSSL_DES_cbc_encrypt(data, tmp, dataSz, sc,
wolfSSL 15:117db924cf7c 16333 (WOLFSSL_DES_cblock*)iv, 1);
wolfSSL 15:117db924cf7c 16334 XMEMCPY((unsigned char*)out, tmp + (dataSz - DES_BLOCK_SIZE),
wolfSSL 15:117db924cf7c 16335 DES_BLOCK_SIZE);
wolfSSL 15:117db924cf7c 16336
wolfSSL 15:117db924cf7c 16337 ret = (((*((unsigned char*)out + 4) & 0xFF) << 24)|
wolfSSL 15:117db924cf7c 16338 ((*((unsigned char*)out + 5) & 0xFF) << 16)|
wolfSSL 15:117db924cf7c 16339 ((*((unsigned char*)out + 6) & 0xFF) << 8) |
wolfSSL 15:117db924cf7c 16340 (*((unsigned char*)out + 7) & 0xFF));
wolfSSL 15:117db924cf7c 16341
wolfSSL 15:117db924cf7c 16342 XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 16343 if (dynamicFlag == 1) {
wolfSSL 15:117db924cf7c 16344 XFREE(data, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 16345 }
wolfSSL 15:117db924cf7c 16346
wolfSSL 15:117db924cf7c 16347 return ret;
wolfSSL 15:117db924cf7c 16348 }
wolfSSL 15:117db924cf7c 16349
wolfSSL 15:117db924cf7c 16350
wolfSSL 15:117db924cf7c 16351 void wolfSSL_DES_cbc_encrypt(const unsigned char* input,
wolfSSL 15:117db924cf7c 16352 unsigned char* output, long length,
wolfSSL 15:117db924cf7c 16353 WOLFSSL_DES_key_schedule* schedule,
wolfSSL 15:117db924cf7c 16354 WOLFSSL_DES_cblock* ivec, int enc)
wolfSSL 15:117db924cf7c 16355 {
wolfSSL 15:117db924cf7c 16356 Des myDes;
wolfSSL 15:117db924cf7c 16357 byte lastblock[DES_BLOCK_SIZE];
wolfSSL 15:117db924cf7c 16358 int lb_sz;
wolfSSL 15:117db924cf7c 16359 long blk;
wolfSSL 15:117db924cf7c 16360
wolfSSL 15:117db924cf7c 16361 WOLFSSL_ENTER("DES_cbc_encrypt");
wolfSSL 15:117db924cf7c 16362
wolfSSL 15:117db924cf7c 16363 /* OpenSSL compat, no ret */
wolfSSL 15:117db924cf7c 16364 wc_Des_SetKey(&myDes, (const byte*)schedule, (const byte*)ivec, !enc);
wolfSSL 15:117db924cf7c 16365 lb_sz = length%DES_BLOCK_SIZE;
wolfSSL 15:117db924cf7c 16366 blk = length/DES_BLOCK_SIZE;
wolfSSL 15:117db924cf7c 16367
wolfSSL 15:117db924cf7c 16368 if (enc){
wolfSSL 15:117db924cf7c 16369 wc_Des_CbcEncrypt(&myDes, output, input, (word32)blk*DES_BLOCK_SIZE);
wolfSSL 15:117db924cf7c 16370 if(lb_sz){
wolfSSL 15:117db924cf7c 16371 XMEMSET(lastblock, 0, DES_BLOCK_SIZE);
wolfSSL 15:117db924cf7c 16372 XMEMCPY(lastblock, input+length-lb_sz, lb_sz);
wolfSSL 15:117db924cf7c 16373 wc_Des_CbcEncrypt(&myDes, output+blk*DES_BLOCK_SIZE,
wolfSSL 15:117db924cf7c 16374 lastblock, (word32)DES_BLOCK_SIZE);
wolfSSL 15:117db924cf7c 16375 }
wolfSSL 15:117db924cf7c 16376 }
wolfSSL 15:117db924cf7c 16377 else {
wolfSSL 15:117db924cf7c 16378 wc_Des_CbcDecrypt(&myDes, output, input, (word32)blk*DES_BLOCK_SIZE);
wolfSSL 15:117db924cf7c 16379 if(lb_sz){
wolfSSL 15:117db924cf7c 16380 wc_Des_CbcDecrypt(&myDes, lastblock, input+length-lb_sz, (word32)DES_BLOCK_SIZE);
wolfSSL 15:117db924cf7c 16381 XMEMCPY(output+length-lb_sz, lastblock, lb_sz);
wolfSSL 15:117db924cf7c 16382 }
wolfSSL 15:117db924cf7c 16383 }
wolfSSL 15:117db924cf7c 16384 }
wolfSSL 15:117db924cf7c 16385
wolfSSL 15:117db924cf7c 16386
wolfSSL 15:117db924cf7c 16387 /* WOLFSSL_DES_key_schedule is a unsigned char array of size 8 */
wolfSSL 15:117db924cf7c 16388 void wolfSSL_DES_ede3_cbc_encrypt(const unsigned char* input,
wolfSSL 15:117db924cf7c 16389 unsigned char* output, long sz,
wolfSSL 15:117db924cf7c 16390 WOLFSSL_DES_key_schedule* ks1,
wolfSSL 15:117db924cf7c 16391 WOLFSSL_DES_key_schedule* ks2,
wolfSSL 15:117db924cf7c 16392 WOLFSSL_DES_key_schedule* ks3,
wolfSSL 15:117db924cf7c 16393 WOLFSSL_DES_cblock* ivec, int enc)
wolfSSL 15:117db924cf7c 16394 {
wolfSSL 16:8e0d178b1d1e 16395 int ret;
wolfSSL 15:117db924cf7c 16396 Des3 des;
wolfSSL 15:117db924cf7c 16397 byte key[24];/* EDE uses 24 size key */
wolfSSL 15:117db924cf7c 16398 byte lastblock[DES_BLOCK_SIZE];
wolfSSL 15:117db924cf7c 16399 int lb_sz;
wolfSSL 15:117db924cf7c 16400 long blk;
wolfSSL 15:117db924cf7c 16401
wolfSSL 15:117db924cf7c 16402 WOLFSSL_ENTER("wolfSSL_DES_ede3_cbc_encrypt");
wolfSSL 15:117db924cf7c 16403
wolfSSL 15:117db924cf7c 16404 XMEMSET(key, 0, sizeof(key));
wolfSSL 15:117db924cf7c 16405 XMEMCPY(key, *ks1, DES_BLOCK_SIZE);
wolfSSL 15:117db924cf7c 16406 XMEMCPY(&key[DES_BLOCK_SIZE], *ks2, DES_BLOCK_SIZE);
wolfSSL 15:117db924cf7c 16407 XMEMCPY(&key[DES_BLOCK_SIZE * 2], *ks3, DES_BLOCK_SIZE);
wolfSSL 15:117db924cf7c 16408 lb_sz = sz%DES_BLOCK_SIZE;
wolfSSL 15:117db924cf7c 16409 blk = sz/DES_BLOCK_SIZE;
wolfSSL 16:8e0d178b1d1e 16410
wolfSSL 16:8e0d178b1d1e 16411 /* OpenSSL compat, no ret */
wolfSSL 16:8e0d178b1d1e 16412 (void)wc_Des3Init(&des, NULL, INVALID_DEVID);
wolfSSL 16:8e0d178b1d1e 16413
wolfSSL 15:117db924cf7c 16414 if (enc) {
wolfSSL 15:117db924cf7c 16415 wc_Des3_SetKey(&des, key, (const byte*)ivec, DES_ENCRYPTION);
wolfSSL 16:8e0d178b1d1e 16416 ret = wc_Des3_CbcEncrypt(&des, output, input, (word32)blk*DES_BLOCK_SIZE);
wolfSSL 16:8e0d178b1d1e 16417 #if defined(WOLFSSL_ASYNC_CRYPT)
wolfSSL 16:8e0d178b1d1e 16418 ret = wc_AsyncWait(ret, &des.asyncDev, WC_ASYNC_FLAG_NONE);
wolfSSL 16:8e0d178b1d1e 16419 #endif
wolfSSL 16:8e0d178b1d1e 16420 (void)ret; /* ignore return codes for processing */
wolfSSL 15:117db924cf7c 16421 if(lb_sz){
wolfSSL 15:117db924cf7c 16422 XMEMSET(lastblock, 0, DES_BLOCK_SIZE);
wolfSSL 15:117db924cf7c 16423 XMEMCPY(lastblock, input+sz-lb_sz, lb_sz);
wolfSSL 16:8e0d178b1d1e 16424 ret = wc_Des3_CbcEncrypt(&des, output+blk*DES_BLOCK_SIZE,
wolfSSL 15:117db924cf7c 16425 lastblock, (word32)DES_BLOCK_SIZE);
wolfSSL 16:8e0d178b1d1e 16426 #if defined(WOLFSSL_ASYNC_CRYPT)
wolfSSL 16:8e0d178b1d1e 16427 ret = wc_AsyncWait(ret, &des.asyncDev, WC_ASYNC_FLAG_NONE);
wolfSSL 16:8e0d178b1d1e 16428 #endif
wolfSSL 16:8e0d178b1d1e 16429 (void)ret; /* ignore return codes for processing */
wolfSSL 15:117db924cf7c 16430 }
wolfSSL 15:117db924cf7c 16431 }
wolfSSL 15:117db924cf7c 16432 else {
wolfSSL 15:117db924cf7c 16433 wc_Des3_SetKey(&des, key, (const byte*)ivec, DES_DECRYPTION);
wolfSSL 16:8e0d178b1d1e 16434 ret = wc_Des3_CbcDecrypt(&des, output, input, (word32)blk*DES_BLOCK_SIZE);
wolfSSL 16:8e0d178b1d1e 16435 #if defined(WOLFSSL_ASYNC_CRYPT)
wolfSSL 16:8e0d178b1d1e 16436 ret = wc_AsyncWait(ret, &des.asyncDev, WC_ASYNC_FLAG_NONE);
wolfSSL 16:8e0d178b1d1e 16437 #endif
wolfSSL 16:8e0d178b1d1e 16438 (void)ret; /* ignore return codes for processing */
wolfSSL 15:117db924cf7c 16439 if(lb_sz){
wolfSSL 16:8e0d178b1d1e 16440 ret = wc_Des3_CbcDecrypt(&des, lastblock, input+sz-lb_sz, (word32)DES_BLOCK_SIZE);
wolfSSL 16:8e0d178b1d1e 16441 #if defined(WOLFSSL_ASYNC_CRYPT)
wolfSSL 16:8e0d178b1d1e 16442 ret = wc_AsyncWait(ret, &des.asyncDev, WC_ASYNC_FLAG_NONE);
wolfSSL 16:8e0d178b1d1e 16443 #endif
wolfSSL 16:8e0d178b1d1e 16444 (void)ret; /* ignore return codes for processing */
wolfSSL 15:117db924cf7c 16445 XMEMCPY(output+sz-lb_sz, lastblock, lb_sz);
wolfSSL 15:117db924cf7c 16446 }
wolfSSL 15:117db924cf7c 16447 }
wolfSSL 16:8e0d178b1d1e 16448 wc_Des3Free(&des);
wolfSSL 15:117db924cf7c 16449 }
wolfSSL 15:117db924cf7c 16450
wolfSSL 15:117db924cf7c 16451
wolfSSL 15:117db924cf7c 16452 /* correctly sets ivec for next call */
wolfSSL 15:117db924cf7c 16453 void wolfSSL_DES_ncbc_encrypt(const unsigned char* input,
wolfSSL 15:117db924cf7c 16454 unsigned char* output, long length,
wolfSSL 15:117db924cf7c 16455 WOLFSSL_DES_key_schedule* schedule, WOLFSSL_DES_cblock* ivec,
wolfSSL 15:117db924cf7c 16456 int enc)
wolfSSL 15:117db924cf7c 16457 {
wolfSSL 15:117db924cf7c 16458 Des myDes;
wolfSSL 15:117db924cf7c 16459 byte lastblock[DES_BLOCK_SIZE];
wolfSSL 15:117db924cf7c 16460 int lb_sz;
wolfSSL 16:8e0d178b1d1e 16461 long idx = length;
wolfSSL 16:8e0d178b1d1e 16462 long blk;
wolfSSL 15:117db924cf7c 16463
wolfSSL 15:117db924cf7c 16464 WOLFSSL_ENTER("DES_ncbc_encrypt");
wolfSSL 15:117db924cf7c 16465
wolfSSL 15:117db924cf7c 16466 /* OpenSSL compat, no ret */
wolfSSL 15:117db924cf7c 16467 wc_Des_SetKey(&myDes, (const byte*)schedule, (const byte*)ivec, !enc);
wolfSSL 15:117db924cf7c 16468 lb_sz = length%DES_BLOCK_SIZE;
wolfSSL 15:117db924cf7c 16469 blk = length/DES_BLOCK_SIZE;
wolfSSL 16:8e0d178b1d1e 16470 idx -= sizeof(DES_cblock);
wolfSSL 16:8e0d178b1d1e 16471 if (lb_sz) {
wolfSSL 16:8e0d178b1d1e 16472 idx += DES_BLOCK_SIZE - lb_sz;
wolfSSL 16:8e0d178b1d1e 16473 }
wolfSSL 15:117db924cf7c 16474 if (enc){
wolfSSL 16:8e0d178b1d1e 16475 wc_Des_CbcEncrypt(&myDes, output, input,
wolfSSL 16:8e0d178b1d1e 16476 (word32)blk * DES_BLOCK_SIZE);
wolfSSL 16:8e0d178b1d1e 16477 if (lb_sz){
wolfSSL 15:117db924cf7c 16478 XMEMSET(lastblock, 0, DES_BLOCK_SIZE);
wolfSSL 15:117db924cf7c 16479 XMEMCPY(lastblock, input+length-lb_sz, lb_sz);
wolfSSL 16:8e0d178b1d1e 16480 wc_Des_CbcEncrypt(&myDes, output + blk * DES_BLOCK_SIZE,
wolfSSL 15:117db924cf7c 16481 lastblock, (word32)DES_BLOCK_SIZE);
wolfSSL 15:117db924cf7c 16482 }
wolfSSL 16:8e0d178b1d1e 16483 XMEMCPY(ivec, output + idx, sizeof(DES_cblock));
wolfSSL 15:117db924cf7c 16484 } else {
wolfSSL 16:8e0d178b1d1e 16485 WOLFSSL_DES_cblock tmp;
wolfSSL 16:8e0d178b1d1e 16486 XMEMCPY(tmp, input + idx, sizeof(DES_cblock));
wolfSSL 16:8e0d178b1d1e 16487 wc_Des_CbcDecrypt(&myDes, output, input,
wolfSSL 16:8e0d178b1d1e 16488 (word32)blk * DES_BLOCK_SIZE);
wolfSSL 16:8e0d178b1d1e 16489 if (lb_sz){
wolfSSL 16:8e0d178b1d1e 16490 wc_Des_CbcDecrypt(&myDes, lastblock, input + length - lb_sz,
wolfSSL 16:8e0d178b1d1e 16491 (word32)DES_BLOCK_SIZE);
wolfSSL 15:117db924cf7c 16492 XMEMCPY(output+length-lb_sz, lastblock, lb_sz);
wolfSSL 15:117db924cf7c 16493 }
wolfSSL 16:8e0d178b1d1e 16494 XMEMCPY(ivec, tmp, sizeof(WOLFSSL_DES_cblock));
wolfSSL 16:8e0d178b1d1e 16495 }
wolfSSL 16:8e0d178b1d1e 16496
wolfSSL 15:117db924cf7c 16497 }
wolfSSL 15:117db924cf7c 16498
wolfSSL 15:117db924cf7c 16499 #endif /* NO_DES3 */
wolfSSL 15:117db924cf7c 16500
wolfSSL 15:117db924cf7c 16501 void wolfSSL_ERR_free_strings(void)
wolfSSL 15:117db924cf7c 16502 {
wolfSSL 15:117db924cf7c 16503 /* handled internally */
wolfSSL 15:117db924cf7c 16504 }
wolfSSL 15:117db924cf7c 16505
wolfSSL 15:117db924cf7c 16506 void wolfSSL_cleanup_all_ex_data(void)
wolfSSL 15:117db924cf7c 16507 {
wolfSSL 15:117db924cf7c 16508 /* nothing to do here */
wolfSSL 15:117db924cf7c 16509 }
wolfSSL 15:117db924cf7c 16510
wolfSSL 15:117db924cf7c 16511 int wolfSSL_clear(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 16512 {
wolfSSL 15:117db924cf7c 16513 if (ssl == NULL) {
wolfSSL 15:117db924cf7c 16514 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 16515 }
wolfSSL 15:117db924cf7c 16516
wolfSSL 15:117db924cf7c 16517 ssl->options.isClosed = 0;
wolfSSL 15:117db924cf7c 16518 ssl->options.connReset = 0;
wolfSSL 15:117db924cf7c 16519 ssl->options.sentNotify = 0;
wolfSSL 16:8e0d178b1d1e 16520 ssl->options.sendVerify = 0;
wolfSSL 15:117db924cf7c 16521 ssl->options.serverState = NULL_STATE;
wolfSSL 15:117db924cf7c 16522 ssl->options.clientState = NULL_STATE;
wolfSSL 15:117db924cf7c 16523 ssl->options.connectState = CONNECT_BEGIN;
wolfSSL 15:117db924cf7c 16524 ssl->options.acceptState = ACCEPT_BEGIN;
wolfSSL 15:117db924cf7c 16525 ssl->options.handShakeState = NULL_STATE;
wolfSSL 15:117db924cf7c 16526 ssl->options.handShakeDone = 0;
wolfSSL 15:117db924cf7c 16527 /* ssl->options.processReply = doProcessInit; */
wolfSSL 15:117db924cf7c 16528
wolfSSL 15:117db924cf7c 16529 ssl->keys.encryptionOn = 0;
wolfSSL 15:117db924cf7c 16530 XMEMSET(&ssl->msgsReceived, 0, sizeof(ssl->msgsReceived));
wolfSSL 15:117db924cf7c 16531
wolfSSL 15:117db924cf7c 16532 if (ssl->hsHashes != NULL) {
wolfSSL 15:117db924cf7c 16533 #ifndef NO_OLD_TLS
wolfSSL 15:117db924cf7c 16534 #ifndef NO_MD5
wolfSSL 16:8e0d178b1d1e 16535 if (wc_InitMd5_ex(&ssl->hsHashes->hashMd5, ssl->heap,
wolfSSL 16:8e0d178b1d1e 16536 ssl->devId) != 0) {
wolfSSL 16:8e0d178b1d1e 16537 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 16538 }
wolfSSL 16:8e0d178b1d1e 16539 #if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
wolfSSL 16:8e0d178b1d1e 16540 wc_Md5SetFlags(&ssl->hsHashes->hashMd5, WC_HASH_FLAG_WILLCOPY);
wolfSSL 16:8e0d178b1d1e 16541 #endif
wolfSSL 15:117db924cf7c 16542 #endif
wolfSSL 15:117db924cf7c 16543 #ifndef NO_SHA
wolfSSL 16:8e0d178b1d1e 16544 if (wc_InitSha_ex(&ssl->hsHashes->hashSha, ssl->heap,
wolfSSL 16:8e0d178b1d1e 16545 ssl->devId) != 0) {
wolfSSL 16:8e0d178b1d1e 16546 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 16547 }
wolfSSL 16:8e0d178b1d1e 16548 #if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
wolfSSL 16:8e0d178b1d1e 16549 wc_ShaSetFlags(&ssl->hsHashes->hashSha, WC_HASH_FLAG_WILLCOPY);
wolfSSL 16:8e0d178b1d1e 16550 #endif
wolfSSL 15:117db924cf7c 16551 #endif
wolfSSL 15:117db924cf7c 16552 #endif
wolfSSL 15:117db924cf7c 16553 #ifndef NO_SHA256
wolfSSL 16:8e0d178b1d1e 16554 if (wc_InitSha256_ex(&ssl->hsHashes->hashSha256, ssl->heap,
wolfSSL 16:8e0d178b1d1e 16555 ssl->devId) != 0) {
wolfSSL 16:8e0d178b1d1e 16556 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 16557 }
wolfSSL 16:8e0d178b1d1e 16558 #if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
wolfSSL 16:8e0d178b1d1e 16559 wc_Sha256SetFlags(&ssl->hsHashes->hashSha256, WC_HASH_FLAG_WILLCOPY);
wolfSSL 16:8e0d178b1d1e 16560 #endif
wolfSSL 15:117db924cf7c 16561 #endif
wolfSSL 15:117db924cf7c 16562 #ifdef WOLFSSL_SHA384
wolfSSL 16:8e0d178b1d1e 16563 if (wc_InitSha384_ex(&ssl->hsHashes->hashSha384, ssl->heap,
wolfSSL 16:8e0d178b1d1e 16564 ssl->devId) != 0) {
wolfSSL 16:8e0d178b1d1e 16565 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 16566 }
wolfSSL 16:8e0d178b1d1e 16567 #if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
wolfSSL 16:8e0d178b1d1e 16568 wc_Sha384SetFlags(&ssl->hsHashes->hashSha384, WC_HASH_FLAG_WILLCOPY);
wolfSSL 16:8e0d178b1d1e 16569 #endif
wolfSSL 15:117db924cf7c 16570 #endif
wolfSSL 15:117db924cf7c 16571 #ifdef WOLFSSL_SHA512
wolfSSL 16:8e0d178b1d1e 16572 if (wc_InitSha512_ex(&ssl->hsHashes->hashSha512, ssl->heap,
wolfSSL 16:8e0d178b1d1e 16573 ssl->devId) != 0) {
wolfSSL 16:8e0d178b1d1e 16574 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 16575 }
wolfSSL 16:8e0d178b1d1e 16576 #if defined(WOLFSSL_HASH_FLAGS) || defined(WOLF_CRYPTO_CB)
wolfSSL 16:8e0d178b1d1e 16577 wc_Sha512SetFlags(&ssl->hsHashes->hashSha512, WC_HASH_FLAG_WILLCOPY);
wolfSSL 16:8e0d178b1d1e 16578 #endif
wolfSSL 15:117db924cf7c 16579 #endif
wolfSSL 15:117db924cf7c 16580 }
wolfSSL 15:117db924cf7c 16581 #ifdef SESSION_CERTS
wolfSSL 15:117db924cf7c 16582 ssl->session.chain.count = 0;
wolfSSL 15:117db924cf7c 16583 #endif
wolfSSL 15:117db924cf7c 16584 #ifdef KEEP_PEER_CERT
wolfSSL 15:117db924cf7c 16585 FreeX509(&ssl->peerCert);
wolfSSL 15:117db924cf7c 16586 InitX509(&ssl->peerCert, 0, ssl->heap);
wolfSSL 15:117db924cf7c 16587 #endif
wolfSSL 15:117db924cf7c 16588
wolfSSL 15:117db924cf7c 16589 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 16590 }
wolfSSL 15:117db924cf7c 16591
wolfSSL 15:117db924cf7c 16592 long wolfSSL_SSL_SESSION_set_timeout(WOLFSSL_SESSION* ses, long t)
wolfSSL 15:117db924cf7c 16593 {
wolfSSL 15:117db924cf7c 16594 word32 tmptime;
wolfSSL 15:117db924cf7c 16595 if (!ses || t < 0)
wolfSSL 15:117db924cf7c 16596 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 16597
wolfSSL 15:117db924cf7c 16598 tmptime = t & 0xFFFFFFFF;
wolfSSL 15:117db924cf7c 16599
wolfSSL 15:117db924cf7c 16600 ses->timeout = tmptime;
wolfSSL 15:117db924cf7c 16601
wolfSSL 15:117db924cf7c 16602 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 16603 }
wolfSSL 15:117db924cf7c 16604
wolfSSL 16:8e0d178b1d1e 16605 #endif
wolfSSL 16:8e0d178b1d1e 16606
wolfSSL 16:8e0d178b1d1e 16607 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
wolfSSL 15:117db924cf7c 16608 long wolfSSL_CTX_set_mode(WOLFSSL_CTX* ctx, long mode)
wolfSSL 15:117db924cf7c 16609 {
wolfSSL 15:117db924cf7c 16610 /* WOLFSSL_MODE_ACCEPT_MOVING_WRITE_BUFFER is wolfSSL default mode */
wolfSSL 15:117db924cf7c 16611
wolfSSL 15:117db924cf7c 16612 WOLFSSL_ENTER("SSL_CTX_set_mode");
wolfSSL 16:8e0d178b1d1e 16613 switch(mode) {
wolfSSL 16:8e0d178b1d1e 16614 case SSL_MODE_ENABLE_PARTIAL_WRITE:
wolfSSL 16:8e0d178b1d1e 16615 ctx->partialWrite = 1;
wolfSSL 16:8e0d178b1d1e 16616 break;
wolfSSL 16:8e0d178b1d1e 16617 #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
wolfSSL 16:8e0d178b1d1e 16618 case SSL_MODE_RELEASE_BUFFERS:
wolfSSL 16:8e0d178b1d1e 16619 WOLFSSL_MSG("SSL_MODE_RELEASE_BUFFERS not implemented.");
wolfSSL 16:8e0d178b1d1e 16620 break;
wolfSSL 16:8e0d178b1d1e 16621 #endif
wolfSSL 16:8e0d178b1d1e 16622 default:
wolfSSL 16:8e0d178b1d1e 16623 WOLFSSL_MSG("Mode Not Implemented");
wolfSSL 16:8e0d178b1d1e 16624 }
wolfSSL 16:8e0d178b1d1e 16625
wolfSSL 16:8e0d178b1d1e 16626 /* SSL_MODE_AUTO_RETRY
wolfSSL 16:8e0d178b1d1e 16627 * Should not return -1 with renegotiation on read/write */
wolfSSL 15:117db924cf7c 16628
wolfSSL 15:117db924cf7c 16629 return mode;
wolfSSL 15:117db924cf7c 16630 }
wolfSSL 16:8e0d178b1d1e 16631 #endif
wolfSSL 16:8e0d178b1d1e 16632
wolfSSL 16:8e0d178b1d1e 16633 #ifdef OPENSSL_EXTRA
wolfSSL 15:117db924cf7c 16634
wolfSSL 15:117db924cf7c 16635 #ifndef NO_WOLFSSL_STUB
wolfSSL 15:117db924cf7c 16636 long wolfSSL_SSL_get_mode(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 16637 {
wolfSSL 15:117db924cf7c 16638 /* TODO: */
wolfSSL 15:117db924cf7c 16639 (void)ssl;
wolfSSL 15:117db924cf7c 16640 WOLFSSL_STUB("SSL_get_mode");
wolfSSL 15:117db924cf7c 16641 return 0;
wolfSSL 15:117db924cf7c 16642 }
wolfSSL 15:117db924cf7c 16643 #endif
wolfSSL 15:117db924cf7c 16644
wolfSSL 15:117db924cf7c 16645 #ifndef NO_WOLFSSL_STUB
wolfSSL 15:117db924cf7c 16646 long wolfSSL_CTX_get_mode(WOLFSSL_CTX* ctx)
wolfSSL 15:117db924cf7c 16647 {
wolfSSL 15:117db924cf7c 16648 /* TODO: */
wolfSSL 15:117db924cf7c 16649 (void)ctx;
wolfSSL 15:117db924cf7c 16650 WOLFSSL_STUB("SSL_CTX_get_mode");
wolfSSL 15:117db924cf7c 16651 return 0;
wolfSSL 15:117db924cf7c 16652 }
wolfSSL 15:117db924cf7c 16653 #endif
wolfSSL 15:117db924cf7c 16654
wolfSSL 15:117db924cf7c 16655 #ifndef NO_WOLFSSL_STUB
wolfSSL 15:117db924cf7c 16656 void wolfSSL_CTX_set_default_read_ahead(WOLFSSL_CTX* ctx, int m)
wolfSSL 15:117db924cf7c 16657 {
wolfSSL 15:117db924cf7c 16658 /* TODO: maybe? */
wolfSSL 15:117db924cf7c 16659 (void)ctx;
wolfSSL 15:117db924cf7c 16660 (void)m;
wolfSSL 15:117db924cf7c 16661 WOLFSSL_STUB("SSL_CTX_set_default_read_ahead");
wolfSSL 15:117db924cf7c 16662 }
wolfSSL 15:117db924cf7c 16663 #endif
wolfSSL 15:117db924cf7c 16664
wolfSSL 15:117db924cf7c 16665
wolfSSL 15:117db924cf7c 16666 /* Storing app session context id, this value is inherited by WOLFSSL
wolfSSL 15:117db924cf7c 16667 * objects created from WOLFSSL_CTX. Any session that is imported with a
wolfSSL 15:117db924cf7c 16668 * different session context id will be rejected.
wolfSSL 15:117db924cf7c 16669 *
wolfSSL 15:117db924cf7c 16670 * ctx structure to set context in
wolfSSL 15:117db924cf7c 16671 * sid_ctx value of context to set
wolfSSL 15:117db924cf7c 16672 * sid_ctx_len length of sid_ctx buffer
wolfSSL 15:117db924cf7c 16673 *
wolfSSL 15:117db924cf7c 16674 * Returns SSL_SUCCESS in success case and SSL_FAILURE when failing
wolfSSL 15:117db924cf7c 16675 */
wolfSSL 15:117db924cf7c 16676 int wolfSSL_CTX_set_session_id_context(WOLFSSL_CTX* ctx,
wolfSSL 15:117db924cf7c 16677 const unsigned char* sid_ctx,
wolfSSL 15:117db924cf7c 16678 unsigned int sid_ctx_len)
wolfSSL 15:117db924cf7c 16679 {
wolfSSL 15:117db924cf7c 16680 WOLFSSL_ENTER("SSL_CTX_set_session_id_context");
wolfSSL 15:117db924cf7c 16681
wolfSSL 15:117db924cf7c 16682 /* No application specific context needed for wolfSSL */
wolfSSL 15:117db924cf7c 16683 if (sid_ctx_len > ID_LEN || ctx == NULL || sid_ctx == NULL) {
wolfSSL 15:117db924cf7c 16684 return SSL_FAILURE;
wolfSSL 15:117db924cf7c 16685 }
wolfSSL 15:117db924cf7c 16686 XMEMCPY(ctx->sessionCtx, sid_ctx, sid_ctx_len);
wolfSSL 15:117db924cf7c 16687 ctx->sessionCtxSz = (byte)sid_ctx_len;
wolfSSL 15:117db924cf7c 16688
wolfSSL 15:117db924cf7c 16689 return SSL_SUCCESS;
wolfSSL 15:117db924cf7c 16690 }
wolfSSL 15:117db924cf7c 16691
wolfSSL 15:117db924cf7c 16692
wolfSSL 15:117db924cf7c 16693
wolfSSL 15:117db924cf7c 16694 /* Storing app session context id. Any session that is imported with a
wolfSSL 15:117db924cf7c 16695 * different session context id will be rejected.
wolfSSL 15:117db924cf7c 16696 *
wolfSSL 15:117db924cf7c 16697 * ssl structure to set context in
wolfSSL 15:117db924cf7c 16698 * id value of context to set
wolfSSL 15:117db924cf7c 16699 * len length of sid_ctx buffer
wolfSSL 15:117db924cf7c 16700 *
wolfSSL 15:117db924cf7c 16701 * Returns SSL_SUCCESS in success case and SSL_FAILURE when failing
wolfSSL 15:117db924cf7c 16702 */
wolfSSL 15:117db924cf7c 16703 int wolfSSL_set_session_id_context(WOLFSSL* ssl, const unsigned char* id,
wolfSSL 15:117db924cf7c 16704 unsigned int len)
wolfSSL 15:117db924cf7c 16705 {
wolfSSL 16:8e0d178b1d1e 16706 WOLFSSL_ENTER("wolfSSL_set_session_id_context");
wolfSSL 15:117db924cf7c 16707
wolfSSL 15:117db924cf7c 16708 if (len > ID_LEN || ssl == NULL || id == NULL) {
wolfSSL 15:117db924cf7c 16709 return SSL_FAILURE;
wolfSSL 15:117db924cf7c 16710 }
wolfSSL 15:117db924cf7c 16711 XMEMCPY(ssl->sessionCtx, id, len);
wolfSSL 15:117db924cf7c 16712 ssl->sessionCtxSz = (byte)len;
wolfSSL 15:117db924cf7c 16713
wolfSSL 15:117db924cf7c 16714 return SSL_SUCCESS;
wolfSSL 15:117db924cf7c 16715 }
wolfSSL 15:117db924cf7c 16716
wolfSSL 15:117db924cf7c 16717
wolfSSL 15:117db924cf7c 16718 long wolfSSL_CTX_sess_get_cache_size(WOLFSSL_CTX* ctx)
wolfSSL 15:117db924cf7c 16719 {
wolfSSL 15:117db924cf7c 16720 (void)ctx;
wolfSSL 15:117db924cf7c 16721 #ifndef NO_SESSION_CACHE
wolfSSL 16:8e0d178b1d1e 16722 return (long)(SESSIONS_PER_ROW * SESSION_ROWS);
wolfSSL 15:117db924cf7c 16723 #else
wolfSSL 15:117db924cf7c 16724 return 0;
wolfSSL 15:117db924cf7c 16725 #endif
wolfSSL 15:117db924cf7c 16726 }
wolfSSL 15:117db924cf7c 16727
wolfSSL 15:117db924cf7c 16728
wolfSSL 15:117db924cf7c 16729 /* returns the unsigned error value and increments the pointer into the
wolfSSL 15:117db924cf7c 16730 * error queue.
wolfSSL 15:117db924cf7c 16731 *
wolfSSL 15:117db924cf7c 16732 * file pointer to file name
wolfSSL 15:117db924cf7c 16733 * line gets set to line number of error when not NULL
wolfSSL 15:117db924cf7c 16734 */
wolfSSL 15:117db924cf7c 16735 unsigned long wolfSSL_ERR_get_error_line(const char** file, int* line)
wolfSSL 15:117db924cf7c 16736 {
wolfSSL 15:117db924cf7c 16737 #ifdef DEBUG_WOLFSSL
wolfSSL 15:117db924cf7c 16738 int ret = wc_PullErrorNode(file, NULL, line);
wolfSSL 15:117db924cf7c 16739 if (ret < 0) {
wolfSSL 15:117db924cf7c 16740 if (ret == BAD_STATE_E) return 0; /* no errors in queue */
wolfSSL 15:117db924cf7c 16741 WOLFSSL_MSG("Issue getting error node");
wolfSSL 15:117db924cf7c 16742 WOLFSSL_LEAVE("wolfSSL_ERR_get_error_line", ret);
wolfSSL 15:117db924cf7c 16743 ret = 0 - ret; /* return absolute value of error */
wolfSSL 15:117db924cf7c 16744
wolfSSL 15:117db924cf7c 16745 /* panic and try to clear out nodes */
wolfSSL 15:117db924cf7c 16746 wc_ClearErrorNodes();
wolfSSL 15:117db924cf7c 16747 }
wolfSSL 15:117db924cf7c 16748 return (unsigned long)ret;
wolfSSL 15:117db924cf7c 16749 #else
wolfSSL 15:117db924cf7c 16750 (void)file;
wolfSSL 15:117db924cf7c 16751 (void)line;
wolfSSL 15:117db924cf7c 16752
wolfSSL 15:117db924cf7c 16753 return 0;
wolfSSL 15:117db924cf7c 16754 #endif
wolfSSL 15:117db924cf7c 16755 }
wolfSSL 15:117db924cf7c 16756
wolfSSL 15:117db924cf7c 16757
wolfSSL 16:8e0d178b1d1e 16758 #if (defined(DEBUG_WOLFSSL) || defined(OPENSSL_EXTRA)) && \
wolfSSL 16:8e0d178b1d1e 16759 (!defined(_WIN32) && !defined(NO_ERROR_QUEUE))
wolfSSL 15:117db924cf7c 16760 static const char WOLFSSL_SYS_ACCEPT_T[] = "accept";
wolfSSL 15:117db924cf7c 16761 static const char WOLFSSL_SYS_BIND_T[] = "bind";
wolfSSL 15:117db924cf7c 16762 static const char WOLFSSL_SYS_CONNECT_T[] = "connect";
wolfSSL 15:117db924cf7c 16763 static const char WOLFSSL_SYS_FOPEN_T[] = "fopen";
wolfSSL 15:117db924cf7c 16764 static const char WOLFSSL_SYS_FREAD_T[] = "fread";
wolfSSL 15:117db924cf7c 16765 static const char WOLFSSL_SYS_GETADDRINFO_T[] = "getaddrinfo";
wolfSSL 15:117db924cf7c 16766 static const char WOLFSSL_SYS_GETSOCKOPT_T[] = "getsockopt";
wolfSSL 15:117db924cf7c 16767 static const char WOLFSSL_SYS_GETSOCKNAME_T[] = "getsockname";
wolfSSL 15:117db924cf7c 16768 static const char WOLFSSL_SYS_GETHOSTBYNAME_T[] = "gethostbyname";
wolfSSL 15:117db924cf7c 16769 static const char WOLFSSL_SYS_GETNAMEINFO_T[] = "getnameinfo";
wolfSSL 15:117db924cf7c 16770 static const char WOLFSSL_SYS_GETSERVBYNAME_T[] = "getservbyname";
wolfSSL 15:117db924cf7c 16771 static const char WOLFSSL_SYS_IOCTLSOCKET_T[] = "ioctlsocket";
wolfSSL 15:117db924cf7c 16772 static const char WOLFSSL_SYS_LISTEN_T[] = "listen";
wolfSSL 15:117db924cf7c 16773 static const char WOLFSSL_SYS_OPENDIR_T[] = "opendir";
wolfSSL 15:117db924cf7c 16774 static const char WOLFSSL_SYS_SETSOCKOPT_T[] = "setsockopt";
wolfSSL 15:117db924cf7c 16775 static const char WOLFSSL_SYS_SOCKET_T[] = "socket";
wolfSSL 15:117db924cf7c 16776
wolfSSL 15:117db924cf7c 16777 /* switch with int mapped to function name for compatibility */
wolfSSL 15:117db924cf7c 16778 static const char* wolfSSL_ERR_sys_func(int fun)
wolfSSL 15:117db924cf7c 16779 {
wolfSSL 15:117db924cf7c 16780 switch (fun) {
wolfSSL 15:117db924cf7c 16781 case WOLFSSL_SYS_ACCEPT: return WOLFSSL_SYS_ACCEPT_T;
wolfSSL 15:117db924cf7c 16782 case WOLFSSL_SYS_BIND: return WOLFSSL_SYS_BIND_T;
wolfSSL 15:117db924cf7c 16783 case WOLFSSL_SYS_CONNECT: return WOLFSSL_SYS_CONNECT_T;
wolfSSL 15:117db924cf7c 16784 case WOLFSSL_SYS_FOPEN: return WOLFSSL_SYS_FOPEN_T;
wolfSSL 15:117db924cf7c 16785 case WOLFSSL_SYS_FREAD: return WOLFSSL_SYS_FREAD_T;
wolfSSL 15:117db924cf7c 16786 case WOLFSSL_SYS_GETADDRINFO: return WOLFSSL_SYS_GETADDRINFO_T;
wolfSSL 15:117db924cf7c 16787 case WOLFSSL_SYS_GETSOCKOPT: return WOLFSSL_SYS_GETSOCKOPT_T;
wolfSSL 15:117db924cf7c 16788 case WOLFSSL_SYS_GETSOCKNAME: return WOLFSSL_SYS_GETSOCKNAME_T;
wolfSSL 15:117db924cf7c 16789 case WOLFSSL_SYS_GETHOSTBYNAME: return WOLFSSL_SYS_GETHOSTBYNAME_T;
wolfSSL 15:117db924cf7c 16790 case WOLFSSL_SYS_GETNAMEINFO: return WOLFSSL_SYS_GETNAMEINFO_T;
wolfSSL 15:117db924cf7c 16791 case WOLFSSL_SYS_GETSERVBYNAME: return WOLFSSL_SYS_GETSERVBYNAME_T;
wolfSSL 15:117db924cf7c 16792 case WOLFSSL_SYS_IOCTLSOCKET: return WOLFSSL_SYS_IOCTLSOCKET_T;
wolfSSL 15:117db924cf7c 16793 case WOLFSSL_SYS_LISTEN: return WOLFSSL_SYS_LISTEN_T;
wolfSSL 15:117db924cf7c 16794 case WOLFSSL_SYS_OPENDIR: return WOLFSSL_SYS_OPENDIR_T;
wolfSSL 15:117db924cf7c 16795 case WOLFSSL_SYS_SETSOCKOPT: return WOLFSSL_SYS_SETSOCKOPT_T;
wolfSSL 15:117db924cf7c 16796 case WOLFSSL_SYS_SOCKET: return WOLFSSL_SYS_SOCKET_T;
wolfSSL 15:117db924cf7c 16797 default:
wolfSSL 15:117db924cf7c 16798 return "NULL";
wolfSSL 15:117db924cf7c 16799 }
wolfSSL 15:117db924cf7c 16800 }
wolfSSL 15:117db924cf7c 16801 #endif /* DEBUG_WOLFSSL */
wolfSSL 15:117db924cf7c 16802
wolfSSL 15:117db924cf7c 16803
wolfSSL 15:117db924cf7c 16804 /* @TODO when having an error queue this needs to push to the queue */
wolfSSL 15:117db924cf7c 16805 void wolfSSL_ERR_put_error(int lib, int fun, int err, const char* file,
wolfSSL 15:117db924cf7c 16806 int line)
wolfSSL 15:117db924cf7c 16807 {
wolfSSL 15:117db924cf7c 16808 WOLFSSL_ENTER("wolfSSL_ERR_put_error");
wolfSSL 15:117db924cf7c 16809
wolfSSL 16:8e0d178b1d1e 16810 #if !defined(DEBUG_WOLFSSL) && !defined(OPENSSL_EXTRA)
wolfSSL 15:117db924cf7c 16811 (void)fun;
wolfSSL 15:117db924cf7c 16812 (void)err;
wolfSSL 15:117db924cf7c 16813 (void)file;
wolfSSL 15:117db924cf7c 16814 (void)line;
wolfSSL 15:117db924cf7c 16815 WOLFSSL_MSG("Not compiled in debug mode");
wolfSSL 16:8e0d178b1d1e 16816 #elif defined(OPENSSL_EXTRA) && \
wolfSSL 16:8e0d178b1d1e 16817 (defined(_WIN32) || defined(NO_ERROR_QUEUE))
wolfSSL 16:8e0d178b1d1e 16818 (void)fun;
wolfSSL 16:8e0d178b1d1e 16819 (void)file;
wolfSSL 16:8e0d178b1d1e 16820 (void)line;
wolfSSL 16:8e0d178b1d1e 16821 WOLFSSL_ERROR(err);
wolfSSL 15:117db924cf7c 16822 #else
wolfSSL 15:117db924cf7c 16823 WOLFSSL_ERROR_LINE(err, wolfSSL_ERR_sys_func(fun), (unsigned int)line,
wolfSSL 15:117db924cf7c 16824 file, NULL);
wolfSSL 15:117db924cf7c 16825 #endif
wolfSSL 15:117db924cf7c 16826 (void)lib;
wolfSSL 15:117db924cf7c 16827 }
wolfSSL 15:117db924cf7c 16828
wolfSSL 15:117db924cf7c 16829
wolfSSL 15:117db924cf7c 16830 /* Similar to wolfSSL_ERR_get_error_line but takes in a flags argument for
wolfSSL 16:8e0d178b1d1e 16831 * more flexibility.
wolfSSL 15:117db924cf7c 16832 *
wolfSSL 15:117db924cf7c 16833 * file output pointer to file where error happened
wolfSSL 15:117db924cf7c 16834 * line output to line number of error
wolfSSL 15:117db924cf7c 16835 * data output data. Is a string if ERR_TXT_STRING flag is used
wolfSSL 15:117db924cf7c 16836 * flags bit flag to adjust data output
wolfSSL 15:117db924cf7c 16837 *
wolfSSL 15:117db924cf7c 16838 * Returns the error value or 0 if no errors are in the queue
wolfSSL 15:117db924cf7c 16839 */
wolfSSL 15:117db924cf7c 16840 unsigned long wolfSSL_ERR_get_error_line_data(const char** file, int* line,
wolfSSL 15:117db924cf7c 16841 const char** data, int *flags)
wolfSSL 15:117db924cf7c 16842 {
wolfSSL 15:117db924cf7c 16843 int ret;
wolfSSL 15:117db924cf7c 16844
wolfSSL 15:117db924cf7c 16845 WOLFSSL_STUB("wolfSSL_ERR_get_error_line_data");
wolfSSL 15:117db924cf7c 16846
wolfSSL 15:117db924cf7c 16847 if (flags != NULL) {
wolfSSL 15:117db924cf7c 16848 if ((*flags & ERR_TXT_STRING) == ERR_TXT_STRING) {
wolfSSL 15:117db924cf7c 16849 ret = wc_PullErrorNode(file, data, line);
wolfSSL 15:117db924cf7c 16850 if (ret < 0) {
wolfSSL 15:117db924cf7c 16851 if (ret == BAD_STATE_E) return 0; /* no errors in queue */
wolfSSL 15:117db924cf7c 16852 WOLFSSL_MSG("Error with pulling error node!");
wolfSSL 15:117db924cf7c 16853 WOLFSSL_LEAVE("wolfSSL_ERR_get_error_line_data", ret);
wolfSSL 15:117db924cf7c 16854 ret = 0 - ret; /* return absolute value of error */
wolfSSL 15:117db924cf7c 16855
wolfSSL 15:117db924cf7c 16856 /* panic and try to clear out nodes */
wolfSSL 15:117db924cf7c 16857 wc_ClearErrorNodes();
wolfSSL 15:117db924cf7c 16858 }
wolfSSL 15:117db924cf7c 16859
wolfSSL 15:117db924cf7c 16860 return (unsigned long)ret;
wolfSSL 15:117db924cf7c 16861 }
wolfSSL 15:117db924cf7c 16862 }
wolfSSL 15:117db924cf7c 16863
wolfSSL 15:117db924cf7c 16864 ret = wc_PullErrorNode(file, NULL, line);
wolfSSL 15:117db924cf7c 16865 if (ret < 0) {
wolfSSL 15:117db924cf7c 16866 if (ret == BAD_STATE_E) return 0; /* no errors in queue */
wolfSSL 15:117db924cf7c 16867 WOLFSSL_MSG("Error with pulling error node!");
wolfSSL 15:117db924cf7c 16868 WOLFSSL_LEAVE("wolfSSL_ERR_get_error_line_data", ret);
wolfSSL 15:117db924cf7c 16869 ret = 0 - ret; /* return absolute value of error */
wolfSSL 15:117db924cf7c 16870
wolfSSL 15:117db924cf7c 16871 /* panic and try to clear out nodes */
wolfSSL 15:117db924cf7c 16872 wc_ClearErrorNodes();
wolfSSL 15:117db924cf7c 16873 }
wolfSSL 15:117db924cf7c 16874
wolfSSL 15:117db924cf7c 16875 return (unsigned long)ret;
wolfSSL 15:117db924cf7c 16876 }
wolfSSL 15:117db924cf7c 16877
wolfSSL 15:117db924cf7c 16878 #endif /* OPENSSL_EXTRA */
wolfSSL 15:117db924cf7c 16879
wolfSSL 15:117db924cf7c 16880
wolfSSL 16:8e0d178b1d1e 16881 #if (defined(KEEP_PEER_CERT) && defined(SESSION_CERTS)) || \
wolfSSL 16:8e0d178b1d1e 16882 (defined(OPENSSL_ALL) && defined(HAVE_PKCS7))
wolfSSL 15:117db924cf7c 16883 /* Decode the X509 DER encoded certificate into a WOLFSSL_X509 object.
wolfSSL 15:117db924cf7c 16884 *
wolfSSL 15:117db924cf7c 16885 * x509 WOLFSSL_X509 object to decode into.
wolfSSL 15:117db924cf7c 16886 * in X509 DER data.
wolfSSL 15:117db924cf7c 16887 * len Length of the X509 DER data.
wolfSSL 15:117db924cf7c 16888 * returns the new certificate on success, otherwise NULL.
wolfSSL 15:117db924cf7c 16889 */
wolfSSL 15:117db924cf7c 16890 static int DecodeToX509(WOLFSSL_X509* x509, const byte* in, int len)
wolfSSL 15:117db924cf7c 16891 {
wolfSSL 15:117db924cf7c 16892 int ret;
wolfSSL 15:117db924cf7c 16893 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 16:8e0d178b1d1e 16894 DecodedCert* cert;
wolfSSL 15:117db924cf7c 16895 #else
wolfSSL 15:117db924cf7c 16896 DecodedCert cert[1];
wolfSSL 15:117db924cf7c 16897 #endif
wolfSSL 16:8e0d178b1d1e 16898 if (x509 == NULL || in == NULL || len <= 0)
wolfSSL 16:8e0d178b1d1e 16899 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 16900
wolfSSL 15:117db924cf7c 16901 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 16902 cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL,
wolfSSL 15:117db924cf7c 16903 DYNAMIC_TYPE_DCERT);
wolfSSL 15:117db924cf7c 16904 if (cert == NULL)
wolfSSL 15:117db924cf7c 16905 return MEMORY_E;
wolfSSL 15:117db924cf7c 16906 #endif
wolfSSL 15:117db924cf7c 16907
wolfSSL 15:117db924cf7c 16908 /* Create a DecodedCert object and copy fields into WOLFSSL_X509 object.
wolfSSL 15:117db924cf7c 16909 */
wolfSSL 15:117db924cf7c 16910 InitDecodedCert(cert, (byte*)in, len, NULL);
wolfSSL 15:117db924cf7c 16911 if ((ret = ParseCertRelative(cert, CERT_TYPE, 0, NULL)) == 0) {
wolfSSL 16:8e0d178b1d1e 16912 /* Check if x509 was not previously initialized by wolfSSL_X509_new() */
wolfSSL 16:8e0d178b1d1e 16913 if (x509->dynamicMemory != TRUE)
wolfSSL 16:8e0d178b1d1e 16914 InitX509(x509, 0, NULL);
wolfSSL 15:117db924cf7c 16915 ret = CopyDecodedToX509(x509, cert);
wolfSSL 15:117db924cf7c 16916 FreeDecodedCert(cert);
wolfSSL 15:117db924cf7c 16917 }
wolfSSL 15:117db924cf7c 16918 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 16919 XFREE(cert, NULL, DYNAMIC_TYPE_DCERT);
wolfSSL 15:117db924cf7c 16920 #endif
wolfSSL 15:117db924cf7c 16921
wolfSSL 15:117db924cf7c 16922 return ret;
wolfSSL 15:117db924cf7c 16923 }
wolfSSL 16:8e0d178b1d1e 16924 #endif /* (KEEP_PEER_CERT && SESSION_CERTS) || (OPENSSL_ALL && HAVE_PKCS7) */
wolfSSL 16:8e0d178b1d1e 16925
wolfSSL 16:8e0d178b1d1e 16926
wolfSSL 16:8e0d178b1d1e 16927 #ifdef KEEP_PEER_CERT
wolfSSL 16:8e0d178b1d1e 16928 WOLFSSL_ABI
wolfSSL 15:117db924cf7c 16929 WOLFSSL_X509* wolfSSL_get_peer_certificate(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 16930 {
wolfSSL 15:117db924cf7c 16931 WOLFSSL_ENTER("SSL_get_peer_certificate");
wolfSSL 16:8e0d178b1d1e 16932 if (ssl == NULL)
wolfSSL 16:8e0d178b1d1e 16933 return NULL;
wolfSSL 16:8e0d178b1d1e 16934
wolfSSL 15:117db924cf7c 16935 if (ssl->peerCert.issuer.sz)
wolfSSL 15:117db924cf7c 16936 return &ssl->peerCert;
wolfSSL 15:117db924cf7c 16937 #ifdef SESSION_CERTS
wolfSSL 15:117db924cf7c 16938 else if (ssl->session.chain.count > 0) {
wolfSSL 15:117db924cf7c 16939 if (DecodeToX509(&ssl->peerCert, ssl->session.chain.certs[0].buffer,
wolfSSL 15:117db924cf7c 16940 ssl->session.chain.certs[0].length) == 0) {
wolfSSL 15:117db924cf7c 16941 return &ssl->peerCert;
wolfSSL 15:117db924cf7c 16942 }
wolfSSL 15:117db924cf7c 16943 }
wolfSSL 15:117db924cf7c 16944 #endif
wolfSSL 15:117db924cf7c 16945 return 0;
wolfSSL 15:117db924cf7c 16946 }
wolfSSL 15:117db924cf7c 16947
wolfSSL 15:117db924cf7c 16948 #endif /* KEEP_PEER_CERT */
wolfSSL 15:117db924cf7c 16949
wolfSSL 16:8e0d178b1d1e 16950 #if defined(SESSION_CERTS)
wolfSSL 16:8e0d178b1d1e 16951 /* Return stack of peer certs.
wolfSSL 16:8e0d178b1d1e 16952 * If Qt or OPENSSL_ALL is defined then return ssl->peerCertChain.
wolfSSL 16:8e0d178b1d1e 16953 * All other cases return &ssl->session.chain
wolfSSL 16:8e0d178b1d1e 16954 * ssl->peerCertChain is type WOLFSSL_STACK*
wolfSSL 16:8e0d178b1d1e 16955 * ssl->session.chain is type WOLFSSL_X509_CHAIN
wolfSSL 16:8e0d178b1d1e 16956 * Caller does not need to free return. The stack is Free'd when WOLFSSL* ssl is.
wolfSSL 16:8e0d178b1d1e 16957 */
wolfSSL 16:8e0d178b1d1e 16958 WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_get_peer_cert_chain(const WOLFSSL* ssl)
wolfSSL 16:8e0d178b1d1e 16959 {
wolfSSL 16:8e0d178b1d1e 16960 WOLFSSL_STACK* sk;
wolfSSL 16:8e0d178b1d1e 16961 WOLFSSL_ENTER("wolfSSL_get_peer_cert_chain");
wolfSSL 16:8e0d178b1d1e 16962
wolfSSL 16:8e0d178b1d1e 16963 if (ssl == NULL)
wolfSSL 16:8e0d178b1d1e 16964 return NULL;
wolfSSL 16:8e0d178b1d1e 16965
wolfSSL 16:8e0d178b1d1e 16966 #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL)
wolfSSL 16:8e0d178b1d1e 16967 if (ssl->peerCertChain == NULL)
wolfSSL 16:8e0d178b1d1e 16968 wolfSSL_set_peer_cert_chain((WOLFSSL*) ssl);
wolfSSL 16:8e0d178b1d1e 16969 sk = ssl->peerCertChain;
wolfSSL 16:8e0d178b1d1e 16970 #else
wolfSSL 16:8e0d178b1d1e 16971 sk = (WOLF_STACK_OF(WOLFSSL_X509)* )&ssl->session.chain;
wolfSSL 16:8e0d178b1d1e 16972 #endif
wolfSSL 16:8e0d178b1d1e 16973
wolfSSL 16:8e0d178b1d1e 16974 if (sk == NULL) {
wolfSSL 16:8e0d178b1d1e 16975 WOLFSSL_MSG("Error: Null Peer Cert Chain");
wolfSSL 16:8e0d178b1d1e 16976 }
wolfSSL 16:8e0d178b1d1e 16977 return sk;
wolfSSL 16:8e0d178b1d1e 16978 }
wolfSSL 16:8e0d178b1d1e 16979
wolfSSL 16:8e0d178b1d1e 16980 #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL)
wolfSSL 16:8e0d178b1d1e 16981 /* Builds up and creates a stack of peer certificates for ssl->peerCertChain
wolfSSL 16:8e0d178b1d1e 16982 based off of the ssl session chain. Returns stack of WOLFSSL_X509 certs or
wolfSSL 16:8e0d178b1d1e 16983 NULL on failure */
wolfSSL 16:8e0d178b1d1e 16984 WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_set_peer_cert_chain(WOLFSSL* ssl)
wolfSSL 16:8e0d178b1d1e 16985 {
wolfSSL 16:8e0d178b1d1e 16986 WOLFSSL_STACK* sk;
wolfSSL 16:8e0d178b1d1e 16987 WOLFSSL_X509* x509;
wolfSSL 16:8e0d178b1d1e 16988 int i = 0;
wolfSSL 16:8e0d178b1d1e 16989 int ret;
wolfSSL 16:8e0d178b1d1e 16990
wolfSSL 16:8e0d178b1d1e 16991 WOLFSSL_ENTER("wolfSSL_set_peer_cert_chain");
wolfSSL 16:8e0d178b1d1e 16992 if ((ssl == NULL) || (ssl->session.chain.count == 0))
wolfSSL 16:8e0d178b1d1e 16993 return NULL;
wolfSSL 16:8e0d178b1d1e 16994
wolfSSL 16:8e0d178b1d1e 16995 sk = wolfSSL_sk_X509_new();
wolfSSL 16:8e0d178b1d1e 16996 i = ssl->session.chain.count-1;
wolfSSL 16:8e0d178b1d1e 16997 for (; i >= 0; i--) {
wolfSSL 16:8e0d178b1d1e 16998 /* For servers, the peer certificate chain does not include the peer
wolfSSL 16:8e0d178b1d1e 16999 certificate, so do not add it to the stack */
wolfSSL 16:8e0d178b1d1e 17000 if (ssl->options.side == WOLFSSL_SERVER_END && i == 0)
wolfSSL 16:8e0d178b1d1e 17001 continue;
wolfSSL 16:8e0d178b1d1e 17002 x509 = wolfSSL_X509_new();
wolfSSL 16:8e0d178b1d1e 17003 if (x509 == NULL) {
wolfSSL 16:8e0d178b1d1e 17004 WOLFSSL_MSG("Error Creating X509");
wolfSSL 16:8e0d178b1d1e 17005 return NULL;
wolfSSL 16:8e0d178b1d1e 17006 }
wolfSSL 16:8e0d178b1d1e 17007 ret = DecodeToX509(x509, ssl->session.chain.certs[i].buffer,
wolfSSL 16:8e0d178b1d1e 17008 ssl->session.chain.certs[i].length);
wolfSSL 16:8e0d178b1d1e 17009
wolfSSL 16:8e0d178b1d1e 17010 if (ret != 0 || wolfSSL_sk_X509_push(sk, x509) != WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 17011 WOLFSSL_MSG("Error decoding cert");
wolfSSL 16:8e0d178b1d1e 17012 wolfSSL_X509_free(x509);
wolfSSL 16:8e0d178b1d1e 17013 wolfSSL_sk_X509_free(sk);
wolfSSL 16:8e0d178b1d1e 17014 return NULL;
wolfSSL 16:8e0d178b1d1e 17015 }
wolfSSL 16:8e0d178b1d1e 17016 }
wolfSSL 16:8e0d178b1d1e 17017
wolfSSL 16:8e0d178b1d1e 17018 if (sk == NULL) {
wolfSSL 16:8e0d178b1d1e 17019 WOLFSSL_MSG("Null session chain");
wolfSSL 16:8e0d178b1d1e 17020 }
wolfSSL 16:8e0d178b1d1e 17021 /* This is Free'd when ssl is Free'd */
wolfSSL 16:8e0d178b1d1e 17022 ssl->peerCertChain = sk;
wolfSSL 16:8e0d178b1d1e 17023 return sk;
wolfSSL 16:8e0d178b1d1e 17024 }
wolfSSL 16:8e0d178b1d1e 17025 #endif /* OPENSSL_ALL || WOLFSSL_QT */
wolfSSL 16:8e0d178b1d1e 17026 #endif /* SESSION_CERTS */
wolfSSL 15:117db924cf7c 17027
wolfSSL 15:117db924cf7c 17028 #ifndef NO_CERTS
wolfSSL 15:117db924cf7c 17029 #if defined(KEEP_PEER_CERT) || defined(SESSION_CERTS) || \
wolfSSL 15:117db924cf7c 17030 defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
wolfSSL 15:117db924cf7c 17031
wolfSSL 15:117db924cf7c 17032 /* user externally called free X509, if dynamic go ahead with free, otherwise
wolfSSL 15:117db924cf7c 17033 * don't */
wolfSSL 15:117db924cf7c 17034 static void ExternalFreeX509(WOLFSSL_X509* x509)
wolfSSL 15:117db924cf7c 17035 {
wolfSSL 16:8e0d178b1d1e 17036 int doFree = 0;
wolfSSL 16:8e0d178b1d1e 17037
wolfSSL 15:117db924cf7c 17038 WOLFSSL_ENTER("ExternalFreeX509");
wolfSSL 15:117db924cf7c 17039 if (x509) {
wolfSSL 15:117db924cf7c 17040 if (x509->dynamicMemory) {
wolfSSL 16:8e0d178b1d1e 17041 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
wolfSSL 16:8e0d178b1d1e 17042 if (wc_LockMutex(&x509->refMutex) != 0) {
wolfSSL 16:8e0d178b1d1e 17043 WOLFSSL_MSG("Couldn't lock x509 mutex");
wolfSSL 16:8e0d178b1d1e 17044 }
wolfSSL 16:8e0d178b1d1e 17045 /* only free if all references to it are done */
wolfSSL 16:8e0d178b1d1e 17046 x509->refCount--;
wolfSSL 16:8e0d178b1d1e 17047 if (x509->refCount == 0)
wolfSSL 16:8e0d178b1d1e 17048 doFree = 1;
wolfSSL 16:8e0d178b1d1e 17049 wc_UnLockMutex(&x509->refMutex);
wolfSSL 16:8e0d178b1d1e 17050 #else
wolfSSL 16:8e0d178b1d1e 17051 doFree = 1;
wolfSSL 16:8e0d178b1d1e 17052 #endif /* OPENSSL_EXTRA */
wolfSSL 16:8e0d178b1d1e 17053
wolfSSL 16:8e0d178b1d1e 17054 if (doFree) {
wolfSSL 16:8e0d178b1d1e 17055 FreeX509(x509);
wolfSSL 16:8e0d178b1d1e 17056 XFREE(x509, x509->heap, DYNAMIC_TYPE_X509);
wolfSSL 16:8e0d178b1d1e 17057 }
wolfSSL 15:117db924cf7c 17058 } else {
wolfSSL 15:117db924cf7c 17059 WOLFSSL_MSG("free called on non dynamic object, not freeing");
wolfSSL 15:117db924cf7c 17060 }
wolfSSL 15:117db924cf7c 17061 }
wolfSSL 15:117db924cf7c 17062 }
wolfSSL 15:117db924cf7c 17063
wolfSSL 15:117db924cf7c 17064 /* Frees an external WOLFSSL_X509 structure */
wolfSSL 16:8e0d178b1d1e 17065 WOLFSSL_ABI
wolfSSL 15:117db924cf7c 17066 void wolfSSL_X509_free(WOLFSSL_X509* x509)
wolfSSL 15:117db924cf7c 17067 {
wolfSSL 15:117db924cf7c 17068 WOLFSSL_ENTER("wolfSSL_FreeX509");
wolfSSL 15:117db924cf7c 17069 ExternalFreeX509(x509);
wolfSSL 15:117db924cf7c 17070 }
wolfSSL 15:117db924cf7c 17071
wolfSSL 15:117db924cf7c 17072
wolfSSL 15:117db924cf7c 17073 /* copy name into in buffer, at most sz bytes, if buffer is null will
wolfSSL 15:117db924cf7c 17074 malloc buffer, call responsible for freeing */
wolfSSL 16:8e0d178b1d1e 17075 WOLFSSL_ABI
wolfSSL 15:117db924cf7c 17076 char* wolfSSL_X509_NAME_oneline(WOLFSSL_X509_NAME* name, char* in, int sz)
wolfSSL 15:117db924cf7c 17077 {
wolfSSL 15:117db924cf7c 17078 int copySz;
wolfSSL 15:117db924cf7c 17079
wolfSSL 15:117db924cf7c 17080 if (name == NULL) {
wolfSSL 15:117db924cf7c 17081 WOLFSSL_MSG("WOLFSSL_X509_NAME pointer was NULL");
wolfSSL 15:117db924cf7c 17082 return NULL;
wolfSSL 15:117db924cf7c 17083 }
wolfSSL 15:117db924cf7c 17084
wolfSSL 15:117db924cf7c 17085 copySz = min(sz, name->sz);
wolfSSL 15:117db924cf7c 17086
wolfSSL 15:117db924cf7c 17087 WOLFSSL_ENTER("wolfSSL_X509_NAME_oneline");
wolfSSL 15:117db924cf7c 17088 if (!name->sz) return in;
wolfSSL 15:117db924cf7c 17089
wolfSSL 15:117db924cf7c 17090 if (!in) {
wolfSSL 15:117db924cf7c 17091 #ifdef WOLFSSL_STATIC_MEMORY
wolfSSL 15:117db924cf7c 17092 WOLFSSL_MSG("Using static memory -- please pass in a buffer");
wolfSSL 15:117db924cf7c 17093 return NULL;
wolfSSL 15:117db924cf7c 17094 #else
wolfSSL 15:117db924cf7c 17095 in = (char*)XMALLOC(name->sz, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL 15:117db924cf7c 17096 if (!in ) return in;
wolfSSL 15:117db924cf7c 17097 copySz = name->sz;
wolfSSL 15:117db924cf7c 17098 #endif
wolfSSL 15:117db924cf7c 17099 }
wolfSSL 15:117db924cf7c 17100
wolfSSL 15:117db924cf7c 17101 if (copySz <= 0)
wolfSSL 15:117db924cf7c 17102 return in;
wolfSSL 15:117db924cf7c 17103
wolfSSL 15:117db924cf7c 17104 XMEMCPY(in, name->name, copySz - 1);
wolfSSL 15:117db924cf7c 17105 in[copySz - 1] = 0;
wolfSSL 15:117db924cf7c 17106
wolfSSL 15:117db924cf7c 17107 return in;
wolfSSL 15:117db924cf7c 17108 }
wolfSSL 15:117db924cf7c 17109
wolfSSL 16:8e0d178b1d1e 17110 #if defined(OPENSSL_EXTRA) && defined(XSNPRINTF)
wolfSSL 16:8e0d178b1d1e 17111 /* Copies X509 subject name into a buffer, with comma-separated name entries
wolfSSL 16:8e0d178b1d1e 17112 * (matching OpenSSL v1.0.0 format)
wolfSSL 16:8e0d178b1d1e 17113 * Example Output for Issuer:
wolfSSL 16:8e0d178b1d1e 17114 *
wolfSSL 16:8e0d178b1d1e 17115 * C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting,
wolfSSL 16:8e0d178b1d1e 17116 * CN=www.wolfssl.com, emailAddress=info@wolfssl.com
wolfSSL 16:8e0d178b1d1e 17117 */
wolfSSL 16:8e0d178b1d1e 17118 char* wolfSSL_X509_get_name_oneline(WOLFSSL_X509_NAME* name, char* in, int sz)
wolfSSL 16:8e0d178b1d1e 17119 {
wolfSSL 16:8e0d178b1d1e 17120 WOLFSSL_X509_NAME_ENTRY* entry;
wolfSSL 16:8e0d178b1d1e 17121 int nameSz, strSz, count, i, idx = 0;
wolfSSL 16:8e0d178b1d1e 17122 int totalSz = 0;
wolfSSL 16:8e0d178b1d1e 17123 char *str;
wolfSSL 16:8e0d178b1d1e 17124 char tmpBuf[256];
wolfSSL 16:8e0d178b1d1e 17125 char buf[80];
wolfSSL 16:8e0d178b1d1e 17126 const char* sn;
wolfSSL 16:8e0d178b1d1e 17127 WOLFSSL_ENTER("wolfSSL_X509_get_name_oneline");
wolfSSL 16:8e0d178b1d1e 17128
wolfSSL 16:8e0d178b1d1e 17129 if (name == NULL) {
wolfSSL 16:8e0d178b1d1e 17130 WOLFSSL_MSG("wolfSSL_X509_get_subject_name failed");
wolfSSL 16:8e0d178b1d1e 17131 return NULL;
wolfSSL 16:8e0d178b1d1e 17132 }
wolfSSL 16:8e0d178b1d1e 17133 #ifdef WOLFSSL_STATIC_MEMORY
wolfSSL 16:8e0d178b1d1e 17134 if (!in) {
wolfSSL 16:8e0d178b1d1e 17135 WOLFSSL_MSG("Using static memory -- please pass in a buffer");
wolfSSL 16:8e0d178b1d1e 17136 return NULL;
wolfSSL 16:8e0d178b1d1e 17137 }
wolfSSL 16:8e0d178b1d1e 17138 #endif
wolfSSL 16:8e0d178b1d1e 17139
wolfSSL 16:8e0d178b1d1e 17140 tmpBuf[0] = '\0'; /* Make sure tmpBuf is NULL terminated */
wolfSSL 16:8e0d178b1d1e 17141 /* Loop through X509 name entries and copy new format to buffer */
wolfSSL 16:8e0d178b1d1e 17142 count = wolfSSL_X509_NAME_entry_count(name);
wolfSSL 16:8e0d178b1d1e 17143 for (i = 0; i < count; i++) {
wolfSSL 16:8e0d178b1d1e 17144
wolfSSL 16:8e0d178b1d1e 17145 /* Get name entry and size */
wolfSSL 16:8e0d178b1d1e 17146 entry = wolfSSL_X509_NAME_get_entry(name, i);
wolfSSL 16:8e0d178b1d1e 17147 if (entry == NULL) {
wolfSSL 16:8e0d178b1d1e 17148 WOLFSSL_MSG("X509_NAME_get_entry failed");
wolfSSL 16:8e0d178b1d1e 17149 return NULL;
wolfSSL 16:8e0d178b1d1e 17150 }
wolfSSL 16:8e0d178b1d1e 17151 nameSz = wolfSSL_X509_NAME_get_text_by_NID(name, entry->nid, buf,
wolfSSL 16:8e0d178b1d1e 17152 sizeof(buf));
wolfSSL 16:8e0d178b1d1e 17153 if (nameSz < 0) {
wolfSSL 16:8e0d178b1d1e 17154 WOLFSSL_MSG("X509_NAME_get_text_by_NID failed");
wolfSSL 16:8e0d178b1d1e 17155 return NULL;
wolfSSL 16:8e0d178b1d1e 17156 }
wolfSSL 16:8e0d178b1d1e 17157
wolfSSL 16:8e0d178b1d1e 17158 /* Get short name */
wolfSSL 16:8e0d178b1d1e 17159 sn = wolfSSL_OBJ_nid2sn(entry->nid);
wolfSSL 16:8e0d178b1d1e 17160 if (sn == NULL) {
wolfSSL 16:8e0d178b1d1e 17161 WOLFSSL_MSG("OBJ_nid2sn failed");
wolfSSL 16:8e0d178b1d1e 17162 return NULL;
wolfSSL 16:8e0d178b1d1e 17163 }
wolfSSL 16:8e0d178b1d1e 17164
wolfSSL 16:8e0d178b1d1e 17165 /* Copy sn and name text to buffer
wolfSSL 16:8e0d178b1d1e 17166 * Add extra strSz for '=', ',', ' ' and '\0' characters in XSNPRINTF.
wolfSSL 16:8e0d178b1d1e 17167 */
wolfSSL 16:8e0d178b1d1e 17168 if (i != count - 1) {
wolfSSL 16:8e0d178b1d1e 17169 strSz = (int)XSTRLEN(sn) + nameSz + 4;
wolfSSL 16:8e0d178b1d1e 17170 totalSz+= strSz;
wolfSSL 16:8e0d178b1d1e 17171 str = (char*)XMALLOC(strSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 17172 if (str == NULL) {
wolfSSL 16:8e0d178b1d1e 17173 WOLFSSL_MSG("Memory error");
wolfSSL 16:8e0d178b1d1e 17174 return NULL;
wolfSSL 16:8e0d178b1d1e 17175 }
wolfSSL 16:8e0d178b1d1e 17176 XSNPRINTF(str, strSz, "%s=%s, ", sn, buf);
wolfSSL 16:8e0d178b1d1e 17177 }
wolfSSL 16:8e0d178b1d1e 17178 else {
wolfSSL 16:8e0d178b1d1e 17179 /* Copy last name entry
wolfSSL 16:8e0d178b1d1e 17180 * Add extra strSz for '=' and '\0' characters in XSNPRINTF.
wolfSSL 16:8e0d178b1d1e 17181 */
wolfSSL 16:8e0d178b1d1e 17182 strSz = (int)XSTRLEN(sn) + nameSz + 2;
wolfSSL 16:8e0d178b1d1e 17183 totalSz+= strSz;
wolfSSL 16:8e0d178b1d1e 17184 str = (char*)XMALLOC(strSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 17185 if (str == NULL) {
wolfSSL 16:8e0d178b1d1e 17186 WOLFSSL_MSG("Memory error");
wolfSSL 16:8e0d178b1d1e 17187 return NULL;
wolfSSL 16:8e0d178b1d1e 17188 }
wolfSSL 16:8e0d178b1d1e 17189 XSNPRINTF(str, strSz, "%s=%s", sn, buf);
wolfSSL 16:8e0d178b1d1e 17190 }
wolfSSL 16:8e0d178b1d1e 17191 /* Copy string to tmpBuf */
wolfSSL 16:8e0d178b1d1e 17192 XSTRNCAT(tmpBuf, str, strSz);
wolfSSL 16:8e0d178b1d1e 17193 idx += strSz;
wolfSSL 16:8e0d178b1d1e 17194 XFREE(str, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 17195 }
wolfSSL 16:8e0d178b1d1e 17196
wolfSSL 16:8e0d178b1d1e 17197 /* Allocate space based on total string size if no buffer was provided */
wolfSSL 16:8e0d178b1d1e 17198 if (!in) {
wolfSSL 16:8e0d178b1d1e 17199 in = (char*)XMALLOC(totalSz+1, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL 16:8e0d178b1d1e 17200 if (in == NULL) {
wolfSSL 16:8e0d178b1d1e 17201 WOLFSSL_MSG("Memory error");
wolfSSL 16:8e0d178b1d1e 17202 return in;
wolfSSL 16:8e0d178b1d1e 17203 }
wolfSSL 16:8e0d178b1d1e 17204 }
wolfSSL 16:8e0d178b1d1e 17205 else {
wolfSSL 16:8e0d178b1d1e 17206 if (totalSz > sz) {
wolfSSL 16:8e0d178b1d1e 17207 WOLFSSL_MSG("Memory error");
wolfSSL 16:8e0d178b1d1e 17208 return NULL;
wolfSSL 16:8e0d178b1d1e 17209 }
wolfSSL 16:8e0d178b1d1e 17210 }
wolfSSL 16:8e0d178b1d1e 17211
wolfSSL 16:8e0d178b1d1e 17212 XMEMCPY(in, tmpBuf, totalSz);
wolfSSL 16:8e0d178b1d1e 17213 in[totalSz] = '\0';
wolfSSL 16:8e0d178b1d1e 17214
wolfSSL 16:8e0d178b1d1e 17215 return in;
wolfSSL 16:8e0d178b1d1e 17216 }
wolfSSL 16:8e0d178b1d1e 17217 #endif
wolfSSL 16:8e0d178b1d1e 17218
wolfSSL 15:117db924cf7c 17219
wolfSSL 15:117db924cf7c 17220 /* Wraps wolfSSL_X509_d2i
wolfSSL 15:117db924cf7c 17221 *
wolfSSL 15:117db924cf7c 17222 * returns a WOLFSSL_X509 structure pointer on success and NULL on fail
wolfSSL 15:117db924cf7c 17223 */
wolfSSL 15:117db924cf7c 17224 WOLFSSL_X509* wolfSSL_d2i_X509(WOLFSSL_X509** x509, const unsigned char** in,
wolfSSL 15:117db924cf7c 17225 int len)
wolfSSL 15:117db924cf7c 17226 {
wolfSSL 16:8e0d178b1d1e 17227 WOLFSSL_X509* newX509 = NULL;
wolfSSL 16:8e0d178b1d1e 17228
wolfSSL 16:8e0d178b1d1e 17229 newX509 = wolfSSL_X509_d2i(x509, *in, len);
wolfSSL 16:8e0d178b1d1e 17230 if (newX509 != NULL) {
wolfSSL 16:8e0d178b1d1e 17231 *in += newX509->derCert->length;
wolfSSL 16:8e0d178b1d1e 17232 }
wolfSSL 16:8e0d178b1d1e 17233 return newX509;
wolfSSL 15:117db924cf7c 17234 }
wolfSSL 15:117db924cf7c 17235
wolfSSL 15:117db924cf7c 17236
wolfSSL 15:117db924cf7c 17237 WOLFSSL_X509* wolfSSL_X509_d2i(WOLFSSL_X509** x509, const byte* in, int len)
wolfSSL 15:117db924cf7c 17238 {
wolfSSL 15:117db924cf7c 17239 WOLFSSL_X509 *newX509 = NULL;
wolfSSL 15:117db924cf7c 17240
wolfSSL 15:117db924cf7c 17241 WOLFSSL_ENTER("wolfSSL_X509_d2i");
wolfSSL 15:117db924cf7c 17242
wolfSSL 15:117db924cf7c 17243 if (in != NULL && len != 0) {
wolfSSL 15:117db924cf7c 17244 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 16:8e0d178b1d1e 17245 DecodedCert* cert;
wolfSSL 15:117db924cf7c 17246 #else
wolfSSL 15:117db924cf7c 17247 DecodedCert cert[1];
wolfSSL 15:117db924cf7c 17248 #endif
wolfSSL 15:117db924cf7c 17249
wolfSSL 15:117db924cf7c 17250 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 17251 cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL,
wolfSSL 15:117db924cf7c 17252 DYNAMIC_TYPE_DCERT);
wolfSSL 15:117db924cf7c 17253 if (cert == NULL)
wolfSSL 15:117db924cf7c 17254 return NULL;
wolfSSL 15:117db924cf7c 17255 #endif
wolfSSL 15:117db924cf7c 17256
wolfSSL 15:117db924cf7c 17257 InitDecodedCert(cert, (byte*)in, len, NULL);
wolfSSL 15:117db924cf7c 17258 if (ParseCertRelative(cert, CERT_TYPE, 0, NULL) == 0) {
wolfSSL 16:8e0d178b1d1e 17259 newX509 = wolfSSL_X509_new();
wolfSSL 15:117db924cf7c 17260 if (newX509 != NULL) {
wolfSSL 15:117db924cf7c 17261 if (CopyDecodedToX509(newX509, cert) != 0) {
wolfSSL 16:8e0d178b1d1e 17262 wolfSSL_X509_free(newX509);
wolfSSL 15:117db924cf7c 17263 newX509 = NULL;
wolfSSL 15:117db924cf7c 17264 }
wolfSSL 15:117db924cf7c 17265 }
wolfSSL 15:117db924cf7c 17266 }
wolfSSL 15:117db924cf7c 17267 FreeDecodedCert(cert);
wolfSSL 15:117db924cf7c 17268 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 17269 XFREE(cert, NULL, DYNAMIC_TYPE_DCERT);
wolfSSL 15:117db924cf7c 17270 #endif
wolfSSL 15:117db924cf7c 17271 }
wolfSSL 15:117db924cf7c 17272
wolfSSL 15:117db924cf7c 17273 if (x509 != NULL)
wolfSSL 15:117db924cf7c 17274 *x509 = newX509;
wolfSSL 15:117db924cf7c 17275
wolfSSL 15:117db924cf7c 17276 return newX509;
wolfSSL 15:117db924cf7c 17277 }
wolfSSL 15:117db924cf7c 17278 #endif /* KEEP_PEER_CERT || SESSION_CERTS || OPENSSL_EXTRA ||
wolfSSL 15:117db924cf7c 17279 OPENSSL_EXTRA_X509_SMALL */
wolfSSL 15:117db924cf7c 17280
wolfSSL 16:8e0d178b1d1e 17281
wolfSSL 16:8e0d178b1d1e 17282
wolfSSL 16:8e0d178b1d1e 17283 #if defined(OPENSSL_ALL) || defined(KEEP_OUR_CERT) || defined(KEEP_PEER_CERT) || \
wolfSSL 16:8e0d178b1d1e 17284 defined(SESSION_CERTS)
wolfSSL 15:117db924cf7c 17285 /* return the next, if any, altname from the peer cert */
wolfSSL 16:8e0d178b1d1e 17286 WOLFSSL_ABI
wolfSSL 15:117db924cf7c 17287 char* wolfSSL_X509_get_next_altname(WOLFSSL_X509* cert)
wolfSSL 15:117db924cf7c 17288 {
wolfSSL 15:117db924cf7c 17289 char* ret = NULL;
wolfSSL 15:117db924cf7c 17290 WOLFSSL_ENTER("wolfSSL_X509_get_next_altname");
wolfSSL 15:117db924cf7c 17291
wolfSSL 15:117db924cf7c 17292 /* don't have any to work with */
wolfSSL 15:117db924cf7c 17293 if (cert == NULL || cert->altNames == NULL)
wolfSSL 15:117db924cf7c 17294 return NULL;
wolfSSL 15:117db924cf7c 17295
wolfSSL 15:117db924cf7c 17296 /* already went through them */
wolfSSL 15:117db924cf7c 17297 if (cert->altNamesNext == NULL)
wolfSSL 15:117db924cf7c 17298 return NULL;
wolfSSL 15:117db924cf7c 17299
wolfSSL 15:117db924cf7c 17300 ret = cert->altNamesNext->name;
wolfSSL 15:117db924cf7c 17301 cert->altNamesNext = cert->altNamesNext->next;
wolfSSL 15:117db924cf7c 17302
wolfSSL 15:117db924cf7c 17303 return ret;
wolfSSL 15:117db924cf7c 17304 }
wolfSSL 15:117db924cf7c 17305
wolfSSL 15:117db924cf7c 17306 int wolfSSL_X509_get_isCA(WOLFSSL_X509* x509)
wolfSSL 15:117db924cf7c 17307 {
wolfSSL 15:117db924cf7c 17308 int isCA = 0;
wolfSSL 15:117db924cf7c 17309
wolfSSL 15:117db924cf7c 17310 WOLFSSL_ENTER("wolfSSL_X509_get_isCA");
wolfSSL 15:117db924cf7c 17311
wolfSSL 15:117db924cf7c 17312 if (x509 != NULL)
wolfSSL 15:117db924cf7c 17313 isCA = x509->isCa;
wolfSSL 15:117db924cf7c 17314
wolfSSL 15:117db924cf7c 17315 WOLFSSL_LEAVE("wolfSSL_X509_get_isCA", isCA);
wolfSSL 15:117db924cf7c 17316
wolfSSL 15:117db924cf7c 17317 return isCA;
wolfSSL 15:117db924cf7c 17318 }
wolfSSL 15:117db924cf7c 17319
wolfSSL 15:117db924cf7c 17320 int wolfSSL_X509_get_signature(WOLFSSL_X509* x509,
wolfSSL 15:117db924cf7c 17321 unsigned char* buf, int* bufSz)
wolfSSL 15:117db924cf7c 17322 {
wolfSSL 15:117db924cf7c 17323 WOLFSSL_ENTER("wolfSSL_X509_get_signature");
wolfSSL 16:8e0d178b1d1e 17324 if (x509 == NULL || bufSz == NULL || (*bufSz < (int)x509->sig.length &&
wolfSSL 16:8e0d178b1d1e 17325 buf != NULL))
wolfSSL 15:117db924cf7c 17326 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 17327
wolfSSL 15:117db924cf7c 17328 if (buf != NULL)
wolfSSL 15:117db924cf7c 17329 XMEMCPY(buf, x509->sig.buffer, x509->sig.length);
wolfSSL 15:117db924cf7c 17330 *bufSz = x509->sig.length;
wolfSSL 15:117db924cf7c 17331
wolfSSL 15:117db924cf7c 17332 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 17333 }
wolfSSL 15:117db924cf7c 17334
wolfSSL 15:117db924cf7c 17335
wolfSSL 16:8e0d178b1d1e 17336 /* Getter function that copies over the DER public key buffer to "buf" and
wolfSSL 16:8e0d178b1d1e 17337 * sets the size in bufSz. If "buf" is NULL then just bufSz is set to needed
wolfSSL 16:8e0d178b1d1e 17338 * buffer size. "bufSz" passed in should initially be set by the user to be
wolfSSL 16:8e0d178b1d1e 17339 * the size of "buf". This gets checked to make sure the buffer is large
wolfSSL 16:8e0d178b1d1e 17340 * enough to hold the public key.
wolfSSL 16:8e0d178b1d1e 17341 *
wolfSSL 16:8e0d178b1d1e 17342 * Note: this is the X.509 form of key with "header" info.
wolfSSL 16:8e0d178b1d1e 17343 * return WOLFSSL_SUCCESS on success
wolfSSL 16:8e0d178b1d1e 17344 */
wolfSSL 16:8e0d178b1d1e 17345 int wolfSSL_X509_get_pubkey_buffer(WOLFSSL_X509* x509,
wolfSSL 16:8e0d178b1d1e 17346 unsigned char* buf, int* bufSz)
wolfSSL 16:8e0d178b1d1e 17347 {
wolfSSL 16:8e0d178b1d1e 17348 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 16:8e0d178b1d1e 17349 DecodedCert* cert;
wolfSSL 16:8e0d178b1d1e 17350 #else
wolfSSL 16:8e0d178b1d1e 17351 DecodedCert cert[1];
wolfSSL 16:8e0d178b1d1e 17352 #endif
wolfSSL 16:8e0d178b1d1e 17353 word32 idx;
wolfSSL 16:8e0d178b1d1e 17354 const byte* der;
wolfSSL 16:8e0d178b1d1e 17355 int length = 0;
wolfSSL 16:8e0d178b1d1e 17356 int ret, derSz = 0;
wolfSSL 16:8e0d178b1d1e 17357 int badDate = 0;
wolfSSL 16:8e0d178b1d1e 17358 const byte* pubKeyX509 = NULL;
wolfSSL 16:8e0d178b1d1e 17359 int pubKeyX509Sz = 0;
wolfSSL 16:8e0d178b1d1e 17360
wolfSSL 16:8e0d178b1d1e 17361 WOLFSSL_ENTER("wolfSSL_X509_get_pubkey_buffer");
wolfSSL 16:8e0d178b1d1e 17362 if (x509 == NULL || bufSz == NULL) {
wolfSSL 16:8e0d178b1d1e 17363 WOLFSSL_LEAVE("wolfSSL_X509_get_pubkey_buffer", BAD_FUNC_ARG);
wolfSSL 16:8e0d178b1d1e 17364 return WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 17365 }
wolfSSL 16:8e0d178b1d1e 17366
wolfSSL 16:8e0d178b1d1e 17367
wolfSSL 16:8e0d178b1d1e 17368 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 16:8e0d178b1d1e 17369 cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert),
wolfSSL 16:8e0d178b1d1e 17370 x509->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 17371 if (cert == NULL) {
wolfSSL 16:8e0d178b1d1e 17372 WOLFSSL_LEAVE("wolfSSL_X509_get_pubkey_buffer", MEMORY_E);
wolfSSL 16:8e0d178b1d1e 17373 return WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 17374 }
wolfSSL 16:8e0d178b1d1e 17375 #endif
wolfSSL 16:8e0d178b1d1e 17376
wolfSSL 16:8e0d178b1d1e 17377 der = wolfSSL_X509_get_der(x509, &derSz);
wolfSSL 16:8e0d178b1d1e 17378 InitDecodedCert(cert, der, derSz, NULL);
wolfSSL 16:8e0d178b1d1e 17379 ret = wc_GetPubX509(cert, 0, &badDate);
wolfSSL 16:8e0d178b1d1e 17380 if (ret >= 0) {
wolfSSL 16:8e0d178b1d1e 17381 idx = cert->srcIdx;
wolfSSL 16:8e0d178b1d1e 17382 pubKeyX509 = cert->source + cert->srcIdx;
wolfSSL 16:8e0d178b1d1e 17383 ret = GetSequence(cert->source, &cert->srcIdx, &length,
wolfSSL 16:8e0d178b1d1e 17384 cert->maxIdx);
wolfSSL 16:8e0d178b1d1e 17385 pubKeyX509Sz = length + (cert->srcIdx - idx);
wolfSSL 16:8e0d178b1d1e 17386 }
wolfSSL 16:8e0d178b1d1e 17387
wolfSSL 16:8e0d178b1d1e 17388 FreeDecodedCert(cert);
wolfSSL 16:8e0d178b1d1e 17389 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 16:8e0d178b1d1e 17390 XFREE(cert, x509->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 17391 #endif
wolfSSL 16:8e0d178b1d1e 17392
wolfSSL 16:8e0d178b1d1e 17393 if (ret < 0) {
wolfSSL 16:8e0d178b1d1e 17394 WOLFSSL_LEAVE("wolfSSL_X509_get_pubkey_buffer", ret);
wolfSSL 16:8e0d178b1d1e 17395 return WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 17396 }
wolfSSL 16:8e0d178b1d1e 17397
wolfSSL 16:8e0d178b1d1e 17398 if (buf != NULL) {
wolfSSL 16:8e0d178b1d1e 17399 if (pubKeyX509Sz > *bufSz) {
wolfSSL 16:8e0d178b1d1e 17400 WOLFSSL_LEAVE("wolfSSL_X509_get_pubkey_buffer", BUFFER_E);
wolfSSL 16:8e0d178b1d1e 17401 return WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 17402 }
wolfSSL 16:8e0d178b1d1e 17403 XMEMCPY(buf, pubKeyX509, pubKeyX509Sz);
wolfSSL 16:8e0d178b1d1e 17404 }
wolfSSL 16:8e0d178b1d1e 17405 *bufSz = pubKeyX509Sz;
wolfSSL 16:8e0d178b1d1e 17406
wolfSSL 16:8e0d178b1d1e 17407 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 17408 }
wolfSSL 16:8e0d178b1d1e 17409
wolfSSL 16:8e0d178b1d1e 17410
wolfSSL 16:8e0d178b1d1e 17411 /* Getter function for the public key OID value
wolfSSL 16:8e0d178b1d1e 17412 * return public key OID stored in WOLFSSL_X509 structure */
wolfSSL 16:8e0d178b1d1e 17413 int wolfSSL_X509_get_pubkey_type(WOLFSSL_X509* x509)
wolfSSL 16:8e0d178b1d1e 17414 {
wolfSSL 16:8e0d178b1d1e 17415 if (x509 == NULL)
wolfSSL 16:8e0d178b1d1e 17416 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 17417 return x509->pubKeyOID;
wolfSSL 16:8e0d178b1d1e 17418 }
wolfSSL 16:8e0d178b1d1e 17419
wolfSSL 15:117db924cf7c 17420 /* write X509 serial number in unsigned binary to buffer
wolfSSL 15:117db924cf7c 17421 buffer needs to be at least EXTERNAL_SERIAL_SIZE (32) for all cases
wolfSSL 15:117db924cf7c 17422 return WOLFSSL_SUCCESS on success */
wolfSSL 15:117db924cf7c 17423 int wolfSSL_X509_get_serial_number(WOLFSSL_X509* x509,
wolfSSL 15:117db924cf7c 17424 byte* in, int* inOutSz)
wolfSSL 15:117db924cf7c 17425 {
wolfSSL 15:117db924cf7c 17426 WOLFSSL_ENTER("wolfSSL_X509_get_serial_number");
wolfSSL 15:117db924cf7c 17427 if (x509 == NULL || in == NULL ||
wolfSSL 15:117db924cf7c 17428 inOutSz == NULL || *inOutSz < x509->serialSz)
wolfSSL 15:117db924cf7c 17429 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 17430
wolfSSL 15:117db924cf7c 17431 XMEMCPY(in, x509->serial, x509->serialSz);
wolfSSL 15:117db924cf7c 17432 *inOutSz = x509->serialSz;
wolfSSL 15:117db924cf7c 17433
wolfSSL 15:117db924cf7c 17434 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 17435 }
wolfSSL 15:117db924cf7c 17436
wolfSSL 16:8e0d178b1d1e 17437 /* not an openssl compatibility function - getting for derCert */
wolfSSL 15:117db924cf7c 17438 const byte* wolfSSL_X509_get_der(WOLFSSL_X509* x509, int* outSz)
wolfSSL 15:117db924cf7c 17439 {
wolfSSL 15:117db924cf7c 17440 WOLFSSL_ENTER("wolfSSL_X509_get_der");
wolfSSL 15:117db924cf7c 17441
wolfSSL 15:117db924cf7c 17442 if (x509 == NULL || x509->derCert == NULL || outSz == NULL)
wolfSSL 15:117db924cf7c 17443 return NULL;
wolfSSL 15:117db924cf7c 17444
wolfSSL 15:117db924cf7c 17445 *outSz = (int)x509->derCert->length;
wolfSSL 15:117db924cf7c 17446 return x509->derCert->buffer;
wolfSSL 15:117db924cf7c 17447 }
wolfSSL 15:117db924cf7c 17448
wolfSSL 16:8e0d178b1d1e 17449 /* used by JSSE (not a standard compatibility function) */
wolfSSL 16:8e0d178b1d1e 17450 /* this is not thread safe */
wolfSSL 16:8e0d178b1d1e 17451 WOLFSSL_ABI
wolfSSL 16:8e0d178b1d1e 17452 const byte* wolfSSL_X509_notBefore(WOLFSSL_X509* x509)
wolfSSL 16:8e0d178b1d1e 17453 {
wolfSSL 16:8e0d178b1d1e 17454 static byte notBeforeData[CTC_DATE_SIZE]; /* temp buffer for date */
wolfSSL 16:8e0d178b1d1e 17455 WOLFSSL_ENTER("wolfSSL_X509_notBefore");
wolfSSL 16:8e0d178b1d1e 17456
wolfSSL 16:8e0d178b1d1e 17457 if (x509 == NULL)
wolfSSL 16:8e0d178b1d1e 17458 return NULL;
wolfSSL 16:8e0d178b1d1e 17459
wolfSSL 16:8e0d178b1d1e 17460 XMEMSET(notBeforeData, 0, sizeof(notBeforeData));
wolfSSL 16:8e0d178b1d1e 17461 notBeforeData[0] = (byte)x509->notBefore.type;
wolfSSL 16:8e0d178b1d1e 17462 notBeforeData[1] = (byte)x509->notBefore.length;
wolfSSL 16:8e0d178b1d1e 17463 XMEMCPY(&notBeforeData[2], x509->notBefore.data, x509->notBefore.length);
wolfSSL 16:8e0d178b1d1e 17464
wolfSSL 16:8e0d178b1d1e 17465 return notBeforeData;
wolfSSL 16:8e0d178b1d1e 17466 }
wolfSSL 16:8e0d178b1d1e 17467 /* used by JSSE (not a standard compatibility function) */
wolfSSL 16:8e0d178b1d1e 17468 /* this is not thread safe */
wolfSSL 16:8e0d178b1d1e 17469 WOLFSSL_ABI
wolfSSL 16:8e0d178b1d1e 17470 const byte* wolfSSL_X509_notAfter(WOLFSSL_X509* x509)
wolfSSL 16:8e0d178b1d1e 17471 {
wolfSSL 16:8e0d178b1d1e 17472 static byte notAfterData[CTC_DATE_SIZE]; /* temp buffer for date */
wolfSSL 16:8e0d178b1d1e 17473 WOLFSSL_ENTER("wolfSSL_X509_notAfter");
wolfSSL 16:8e0d178b1d1e 17474
wolfSSL 16:8e0d178b1d1e 17475 if (x509 == NULL)
wolfSSL 16:8e0d178b1d1e 17476 return NULL;
wolfSSL 16:8e0d178b1d1e 17477
wolfSSL 16:8e0d178b1d1e 17478 XMEMSET(notAfterData, 0, sizeof(notAfterData));
wolfSSL 16:8e0d178b1d1e 17479 notAfterData[0] = (byte)x509->notAfter.type;
wolfSSL 16:8e0d178b1d1e 17480 notAfterData[1] = (byte)x509->notAfter.length;
wolfSSL 16:8e0d178b1d1e 17481 XMEMCPY(&notAfterData[2], x509->notAfter.data, x509->notAfter.length);
wolfSSL 16:8e0d178b1d1e 17482
wolfSSL 16:8e0d178b1d1e 17483 return notAfterData;
wolfSSL 16:8e0d178b1d1e 17484 }
wolfSSL 16:8e0d178b1d1e 17485
wolfSSL 16:8e0d178b1d1e 17486 #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) && !defined(NO_WOLFSSL_STUB)
wolfSSL 16:8e0d178b1d1e 17487 WOLFSSL_ASN1_TIME* wolfSSL_X509_gmtime_adj(WOLFSSL_ASN1_TIME *s, long adj)
wolfSSL 16:8e0d178b1d1e 17488 {
wolfSSL 16:8e0d178b1d1e 17489 (void) s;
wolfSSL 16:8e0d178b1d1e 17490 (void) adj;
wolfSSL 16:8e0d178b1d1e 17491 WOLFSSL_STUB("wolfSSL_X509_gmtime_adj");
wolfSSL 16:8e0d178b1d1e 17492 return NULL;
wolfSSL 16:8e0d178b1d1e 17493 }
wolfSSL 16:8e0d178b1d1e 17494 #endif
wolfSSL 16:8e0d178b1d1e 17495
wolfSSL 16:8e0d178b1d1e 17496 /* get the buffer to be signed (tbs) from the WOLFSSL_X509 certificate
wolfSSL 16:8e0d178b1d1e 17497 *
wolfSSL 16:8e0d178b1d1e 17498 * outSz : gets set to the size of the buffer
wolfSSL 16:8e0d178b1d1e 17499 * returns a pointer to the internal buffer at the location of TBS on
wolfSSL 16:8e0d178b1d1e 17500 * on success and NULL on failure.
wolfSSL 16:8e0d178b1d1e 17501 */
wolfSSL 16:8e0d178b1d1e 17502 const unsigned char* wolfSSL_X509_get_tbs(WOLFSSL_X509* x509, int* outSz)
wolfSSL 16:8e0d178b1d1e 17503 {
wolfSSL 16:8e0d178b1d1e 17504 int sz = 0, len;
wolfSSL 16:8e0d178b1d1e 17505 unsigned int idx = 0, tmpIdx;
wolfSSL 16:8e0d178b1d1e 17506 const unsigned char* der = NULL;
wolfSSL 16:8e0d178b1d1e 17507 const unsigned char* tbs = NULL;
wolfSSL 16:8e0d178b1d1e 17508
wolfSSL 16:8e0d178b1d1e 17509 if (x509 == NULL || outSz == NULL) {
wolfSSL 16:8e0d178b1d1e 17510 return NULL;
wolfSSL 16:8e0d178b1d1e 17511 }
wolfSSL 16:8e0d178b1d1e 17512
wolfSSL 16:8e0d178b1d1e 17513 der = wolfSSL_X509_get_der(x509, &sz);
wolfSSL 16:8e0d178b1d1e 17514 if (der == NULL) {
wolfSSL 16:8e0d178b1d1e 17515 return NULL;
wolfSSL 16:8e0d178b1d1e 17516 }
wolfSSL 16:8e0d178b1d1e 17517
wolfSSL 16:8e0d178b1d1e 17518 if (GetSequence(der, &idx, &len, sz) < 0) {
wolfSSL 16:8e0d178b1d1e 17519 return NULL;
wolfSSL 16:8e0d178b1d1e 17520 }
wolfSSL 16:8e0d178b1d1e 17521 tbs = der + idx;
wolfSSL 16:8e0d178b1d1e 17522 tmpIdx = idx;
wolfSSL 16:8e0d178b1d1e 17523 if (GetSequence(der, &idx, &len, sz) < 0) {
wolfSSL 16:8e0d178b1d1e 17524 return NULL;
wolfSSL 16:8e0d178b1d1e 17525 }
wolfSSL 16:8e0d178b1d1e 17526 *outSz = len + (idx - tmpIdx);
wolfSSL 16:8e0d178b1d1e 17527 return tbs;
wolfSSL 16:8e0d178b1d1e 17528 }
wolfSSL 15:117db924cf7c 17529
wolfSSL 15:117db924cf7c 17530 int wolfSSL_X509_version(WOLFSSL_X509* x509)
wolfSSL 15:117db924cf7c 17531 {
wolfSSL 15:117db924cf7c 17532 WOLFSSL_ENTER("wolfSSL_X509_version");
wolfSSL 15:117db924cf7c 17533
wolfSSL 15:117db924cf7c 17534 if (x509 == NULL)
wolfSSL 15:117db924cf7c 17535 return 0;
wolfSSL 15:117db924cf7c 17536
wolfSSL 15:117db924cf7c 17537 return x509->version;
wolfSSL 15:117db924cf7c 17538 }
wolfSSL 15:117db924cf7c 17539
wolfSSL 15:117db924cf7c 17540 #ifdef WOLFSSL_SEP
wolfSSL 15:117db924cf7c 17541
wolfSSL 15:117db924cf7c 17542 /* copy oid into in buffer, at most *inOutSz bytes, if buffer is null will
wolfSSL 15:117db924cf7c 17543 malloc buffer, call responsible for freeing. Actual size returned in
wolfSSL 15:117db924cf7c 17544 *inOutSz. Requires inOutSz be non-null */
wolfSSL 15:117db924cf7c 17545 byte* wolfSSL_X509_get_device_type(WOLFSSL_X509* x509, byte* in, int *inOutSz)
wolfSSL 15:117db924cf7c 17546 {
wolfSSL 15:117db924cf7c 17547 int copySz;
wolfSSL 15:117db924cf7c 17548
wolfSSL 15:117db924cf7c 17549 WOLFSSL_ENTER("wolfSSL_X509_get_dev_type");
wolfSSL 15:117db924cf7c 17550 if (inOutSz == NULL) return NULL;
wolfSSL 15:117db924cf7c 17551 if (!x509->deviceTypeSz) return in;
wolfSSL 15:117db924cf7c 17552
wolfSSL 15:117db924cf7c 17553 copySz = min(*inOutSz, x509->deviceTypeSz);
wolfSSL 15:117db924cf7c 17554
wolfSSL 15:117db924cf7c 17555 if (!in) {
wolfSSL 15:117db924cf7c 17556 #ifdef WOLFSSL_STATIC_MEMORY
wolfSSL 15:117db924cf7c 17557 WOLFSSL_MSG("Using static memory -- please pass in a buffer");
wolfSSL 15:117db924cf7c 17558 return NULL;
wolfSSL 15:117db924cf7c 17559 #else
wolfSSL 15:117db924cf7c 17560 in = (byte*)XMALLOC(x509->deviceTypeSz, 0, DYNAMIC_TYPE_OPENSSL);
wolfSSL 15:117db924cf7c 17561 if (!in) return in;
wolfSSL 15:117db924cf7c 17562 copySz = x509->deviceTypeSz;
wolfSSL 15:117db924cf7c 17563 #endif
wolfSSL 15:117db924cf7c 17564 }
wolfSSL 15:117db924cf7c 17565
wolfSSL 15:117db924cf7c 17566 XMEMCPY(in, x509->deviceType, copySz);
wolfSSL 15:117db924cf7c 17567 *inOutSz = copySz;
wolfSSL 15:117db924cf7c 17568
wolfSSL 15:117db924cf7c 17569 return in;
wolfSSL 15:117db924cf7c 17570 }
wolfSSL 15:117db924cf7c 17571
wolfSSL 15:117db924cf7c 17572
wolfSSL 15:117db924cf7c 17573 byte* wolfSSL_X509_get_hw_type(WOLFSSL_X509* x509, byte* in, int* inOutSz)
wolfSSL 15:117db924cf7c 17574 {
wolfSSL 15:117db924cf7c 17575 int copySz;
wolfSSL 15:117db924cf7c 17576
wolfSSL 15:117db924cf7c 17577 WOLFSSL_ENTER("wolfSSL_X509_get_hw_type");
wolfSSL 15:117db924cf7c 17578 if (inOutSz == NULL) return NULL;
wolfSSL 15:117db924cf7c 17579 if (!x509->hwTypeSz) return in;
wolfSSL 15:117db924cf7c 17580
wolfSSL 15:117db924cf7c 17581 copySz = min(*inOutSz, x509->hwTypeSz);
wolfSSL 15:117db924cf7c 17582
wolfSSL 15:117db924cf7c 17583 if (!in) {
wolfSSL 15:117db924cf7c 17584 #ifdef WOLFSSL_STATIC_MEMORY
wolfSSL 15:117db924cf7c 17585 WOLFSSL_MSG("Using static memory -- please pass in a buffer");
wolfSSL 15:117db924cf7c 17586 return NULL;
wolfSSL 15:117db924cf7c 17587 #else
wolfSSL 15:117db924cf7c 17588 in = (byte*)XMALLOC(x509->hwTypeSz, 0, DYNAMIC_TYPE_OPENSSL);
wolfSSL 15:117db924cf7c 17589 if (!in) return in;
wolfSSL 15:117db924cf7c 17590 copySz = x509->hwTypeSz;
wolfSSL 15:117db924cf7c 17591 #endif
wolfSSL 15:117db924cf7c 17592 }
wolfSSL 15:117db924cf7c 17593
wolfSSL 15:117db924cf7c 17594 XMEMCPY(in, x509->hwType, copySz);
wolfSSL 15:117db924cf7c 17595 *inOutSz = copySz;
wolfSSL 15:117db924cf7c 17596
wolfSSL 15:117db924cf7c 17597 return in;
wolfSSL 15:117db924cf7c 17598 }
wolfSSL 15:117db924cf7c 17599
wolfSSL 15:117db924cf7c 17600
wolfSSL 15:117db924cf7c 17601 byte* wolfSSL_X509_get_hw_serial_number(WOLFSSL_X509* x509,byte* in,
wolfSSL 15:117db924cf7c 17602 int* inOutSz)
wolfSSL 15:117db924cf7c 17603 {
wolfSSL 15:117db924cf7c 17604 int copySz;
wolfSSL 15:117db924cf7c 17605
wolfSSL 15:117db924cf7c 17606 WOLFSSL_ENTER("wolfSSL_X509_get_hw_serial_number");
wolfSSL 15:117db924cf7c 17607 if (inOutSz == NULL) return NULL;
wolfSSL 15:117db924cf7c 17608 if (!x509->hwTypeSz) return in;
wolfSSL 15:117db924cf7c 17609
wolfSSL 15:117db924cf7c 17610 copySz = min(*inOutSz, x509->hwSerialNumSz);
wolfSSL 15:117db924cf7c 17611
wolfSSL 15:117db924cf7c 17612 if (!in) {
wolfSSL 15:117db924cf7c 17613 #ifdef WOLFSSL_STATIC_MEMORY
wolfSSL 15:117db924cf7c 17614 WOLFSSL_MSG("Using static memory -- please pass in a buffer");
wolfSSL 15:117db924cf7c 17615 return NULL;
wolfSSL 15:117db924cf7c 17616 #else
wolfSSL 15:117db924cf7c 17617 in = (byte*)XMALLOC(x509->hwSerialNumSz, 0, DYNAMIC_TYPE_OPENSSL);
wolfSSL 15:117db924cf7c 17618 if (!in) return in;
wolfSSL 15:117db924cf7c 17619 copySz = x509->hwSerialNumSz;
wolfSSL 15:117db924cf7c 17620 #endif
wolfSSL 15:117db924cf7c 17621 }
wolfSSL 15:117db924cf7c 17622
wolfSSL 15:117db924cf7c 17623 XMEMCPY(in, x509->hwSerialNum, copySz);
wolfSSL 15:117db924cf7c 17624 *inOutSz = copySz;
wolfSSL 15:117db924cf7c 17625
wolfSSL 15:117db924cf7c 17626 return in;
wolfSSL 15:117db924cf7c 17627 }
wolfSSL 15:117db924cf7c 17628
wolfSSL 15:117db924cf7c 17629 #endif /* WOLFSSL_SEP */
wolfSSL 15:117db924cf7c 17630
wolfSSL 15:117db924cf7c 17631 /* require OPENSSL_EXTRA since wolfSSL_X509_free is wrapped by OPENSSL_EXTRA */
wolfSSL 15:117db924cf7c 17632 #if !defined(NO_CERTS) && defined(OPENSSL_EXTRA)
wolfSSL 16:8e0d178b1d1e 17633
wolfSSL 16:8e0d178b1d1e 17634 WOLFSSL_ASN1_TIME* wolfSSL_X509_get_notBefore(const WOLFSSL_X509* x509)
wolfSSL 16:8e0d178b1d1e 17635 {
wolfSSL 16:8e0d178b1d1e 17636 WOLFSSL_ENTER("wolfSSL_X509_get_notBefore");
wolfSSL 16:8e0d178b1d1e 17637
wolfSSL 16:8e0d178b1d1e 17638 if (x509 == NULL)
wolfSSL 16:8e0d178b1d1e 17639 return NULL;
wolfSSL 16:8e0d178b1d1e 17640
wolfSSL 16:8e0d178b1d1e 17641 return (WOLFSSL_ASN1_TIME*)&x509->notBefore;
wolfSSL 16:8e0d178b1d1e 17642 }
wolfSSL 16:8e0d178b1d1e 17643
wolfSSL 16:8e0d178b1d1e 17644
wolfSSL 16:8e0d178b1d1e 17645 WOLFSSL_ASN1_TIME* wolfSSL_X509_get_notAfter(const WOLFSSL_X509* x509)
wolfSSL 16:8e0d178b1d1e 17646 {
wolfSSL 16:8e0d178b1d1e 17647 WOLFSSL_ENTER("wolfSSL_X509_get_notAfter");
wolfSSL 16:8e0d178b1d1e 17648
wolfSSL 16:8e0d178b1d1e 17649 if (x509 == NULL)
wolfSSL 16:8e0d178b1d1e 17650 return NULL;
wolfSSL 16:8e0d178b1d1e 17651
wolfSSL 16:8e0d178b1d1e 17652 return (WOLFSSL_ASN1_TIME*)&x509->notAfter;
wolfSSL 16:8e0d178b1d1e 17653 }
wolfSSL 16:8e0d178b1d1e 17654
wolfSSL 16:8e0d178b1d1e 17655
wolfSSL 15:117db924cf7c 17656 /* return 1 on success 0 on fail */
wolfSSL 15:117db924cf7c 17657 int wolfSSL_sk_X509_push(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk, WOLFSSL_X509* x509)
wolfSSL 15:117db924cf7c 17658 {
wolfSSL 15:117db924cf7c 17659 WOLFSSL_STACK* node;
wolfSSL 16:8e0d178b1d1e 17660 WOLFSSL_ENTER("wolfSSL_sk_X509_push");
wolfSSL 15:117db924cf7c 17661
wolfSSL 15:117db924cf7c 17662 if (sk == NULL || x509 == NULL) {
wolfSSL 15:117db924cf7c 17663 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 17664 }
wolfSSL 15:117db924cf7c 17665
wolfSSL 15:117db924cf7c 17666 /* no previous values in stack */
wolfSSL 15:117db924cf7c 17667 if (sk->data.x509 == NULL) {
wolfSSL 15:117db924cf7c 17668 sk->data.x509 = x509;
wolfSSL 15:117db924cf7c 17669 sk->num += 1;
wolfSSL 15:117db924cf7c 17670 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 17671 }
wolfSSL 15:117db924cf7c 17672
wolfSSL 15:117db924cf7c 17673 /* stack already has value(s) create a new node and add more */
wolfSSL 15:117db924cf7c 17674 node = (WOLFSSL_STACK*)XMALLOC(sizeof(WOLFSSL_STACK), NULL,
wolfSSL 15:117db924cf7c 17675 DYNAMIC_TYPE_X509);
wolfSSL 15:117db924cf7c 17676 if (node == NULL) {
wolfSSL 15:117db924cf7c 17677 WOLFSSL_MSG("Memory error");
wolfSSL 15:117db924cf7c 17678 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 17679 }
wolfSSL 15:117db924cf7c 17680 XMEMSET(node, 0, sizeof(WOLFSSL_STACK));
wolfSSL 15:117db924cf7c 17681
wolfSSL 15:117db924cf7c 17682 /* push new x509 onto head of stack */
wolfSSL 15:117db924cf7c 17683 node->data.x509 = sk->data.x509;
wolfSSL 15:117db924cf7c 17684 node->next = sk->next;
wolfSSL 16:8e0d178b1d1e 17685 node->type = sk->type;
wolfSSL 15:117db924cf7c 17686 sk->next = node;
wolfSSL 15:117db924cf7c 17687 sk->data.x509 = x509;
wolfSSL 15:117db924cf7c 17688 sk->num += 1;
wolfSSL 15:117db924cf7c 17689
wolfSSL 15:117db924cf7c 17690 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 17691 }
wolfSSL 15:117db924cf7c 17692
wolfSSL 15:117db924cf7c 17693
wolfSSL 15:117db924cf7c 17694 WOLFSSL_X509* wolfSSL_sk_X509_pop(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk) {
wolfSSL 15:117db924cf7c 17695 WOLFSSL_STACK* node;
wolfSSL 15:117db924cf7c 17696 WOLFSSL_X509* x509;
wolfSSL 15:117db924cf7c 17697
wolfSSL 15:117db924cf7c 17698 if (sk == NULL) {
wolfSSL 15:117db924cf7c 17699 return NULL;
wolfSSL 15:117db924cf7c 17700 }
wolfSSL 15:117db924cf7c 17701
wolfSSL 15:117db924cf7c 17702 node = sk->next;
wolfSSL 15:117db924cf7c 17703 x509 = sk->data.x509;
wolfSSL 15:117db924cf7c 17704
wolfSSL 15:117db924cf7c 17705 if (node != NULL) { /* update sk and remove node from stack */
wolfSSL 15:117db924cf7c 17706 sk->data.x509 = node->data.x509;
wolfSSL 15:117db924cf7c 17707 sk->next = node->next;
wolfSSL 15:117db924cf7c 17708 XFREE(node, NULL, DYNAMIC_TYPE_X509);
wolfSSL 15:117db924cf7c 17709 }
wolfSSL 15:117db924cf7c 17710 else { /* last x509 in stack */
wolfSSL 15:117db924cf7c 17711 sk->data.x509 = NULL;
wolfSSL 15:117db924cf7c 17712 }
wolfSSL 15:117db924cf7c 17713
wolfSSL 15:117db924cf7c 17714 if (sk->num > 0) {
wolfSSL 15:117db924cf7c 17715 sk->num -= 1;
wolfSSL 15:117db924cf7c 17716 }
wolfSSL 15:117db924cf7c 17717
wolfSSL 15:117db924cf7c 17718 return x509;
wolfSSL 15:117db924cf7c 17719 }
wolfSSL 15:117db924cf7c 17720
wolfSSL 15:117db924cf7c 17721 /* Getter function for WOLFSSL_X509 pointer
wolfSSL 15:117db924cf7c 17722 *
wolfSSL 15:117db924cf7c 17723 * sk is the stack to retrieve pointer from
wolfSSL 15:117db924cf7c 17724 * i is the index value in stack
wolfSSL 15:117db924cf7c 17725 *
wolfSSL 15:117db924cf7c 17726 * returns a pointer to a WOLFSSL_X509 structure on success and NULL on
wolfSSL 15:117db924cf7c 17727 * fail
wolfSSL 15:117db924cf7c 17728 */
wolfSSL 16:8e0d178b1d1e 17729 WOLFSSL_X509* wolfSSL_sk_X509_value(STACK_OF(WOLFSSL_X509)* sk, int i)
wolfSSL 15:117db924cf7c 17730 {
wolfSSL 15:117db924cf7c 17731 WOLFSSL_ENTER("wolfSSL_sk_X509_value");
wolfSSL 15:117db924cf7c 17732
wolfSSL 15:117db924cf7c 17733 for (; sk != NULL && i > 0; i--)
wolfSSL 15:117db924cf7c 17734 sk = sk->next;
wolfSSL 15:117db924cf7c 17735
wolfSSL 15:117db924cf7c 17736 if (i != 0 || sk == NULL)
wolfSSL 15:117db924cf7c 17737 return NULL;
wolfSSL 15:117db924cf7c 17738 return sk->data.x509;
wolfSSL 15:117db924cf7c 17739 }
wolfSSL 15:117db924cf7c 17740
wolfSSL 16:8e0d178b1d1e 17741 WOLFSSL_X509* wolfSSL_sk_X509_shift(WOLF_STACK_OF(WOLFSSL_X509)* sk)
wolfSSL 16:8e0d178b1d1e 17742 {
wolfSSL 16:8e0d178b1d1e 17743 return wolfSSL_sk_X509_pop(sk);
wolfSSL 16:8e0d178b1d1e 17744 }
wolfSSL 16:8e0d178b1d1e 17745
wolfSSL 16:8e0d178b1d1e 17746 #ifndef NO_WOLFSSL_STUB
wolfSSL 16:8e0d178b1d1e 17747 void* wolfSSL_sk_X509_OBJECT_value(WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* sk, int x)
wolfSSL 16:8e0d178b1d1e 17748 {
wolfSSL 16:8e0d178b1d1e 17749 (void) sk;
wolfSSL 16:8e0d178b1d1e 17750 (void) x;
wolfSSL 16:8e0d178b1d1e 17751 return NULL;
wolfSSL 16:8e0d178b1d1e 17752 }
wolfSSL 16:8e0d178b1d1e 17753 #endif
wolfSSL 16:8e0d178b1d1e 17754
wolfSSL 15:117db924cf7c 17755
wolfSSL 15:117db924cf7c 17756 /* Free's all nodes in X509 stack. This is different then wolfSSL_sk_X509_free
wolfSSL 15:117db924cf7c 17757 * in that it allows for choosing the function to use when freeing an X509s.
wolfSSL 15:117db924cf7c 17758 *
wolfSSL 15:117db924cf7c 17759 * sk stack to free nodes in
wolfSSL 15:117db924cf7c 17760 * f X509 free function
wolfSSL 15:117db924cf7c 17761 */
wolfSSL 16:8e0d178b1d1e 17762 void wolfSSL_sk_X509_pop_free(STACK_OF(WOLFSSL_X509)* sk,
wolfSSL 16:8e0d178b1d1e 17763 void (*f) (WOLFSSL_X509*))
wolfSSL 16:8e0d178b1d1e 17764 {
wolfSSL 15:117db924cf7c 17765 WOLFSSL_STACK* node;
wolfSSL 15:117db924cf7c 17766
wolfSSL 15:117db924cf7c 17767 WOLFSSL_ENTER("wolfSSL_sk_X509_pop_free");
wolfSSL 15:117db924cf7c 17768
wolfSSL 15:117db924cf7c 17769 if (sk == NULL) {
wolfSSL 15:117db924cf7c 17770 return;
wolfSSL 15:117db924cf7c 17771 }
wolfSSL 15:117db924cf7c 17772
wolfSSL 15:117db924cf7c 17773 /* parse through stack freeing each node */
wolfSSL 15:117db924cf7c 17774 node = sk->next;
wolfSSL 16:8e0d178b1d1e 17775 while (node && sk->num > 1) {
wolfSSL 15:117db924cf7c 17776 WOLFSSL_STACK* tmp = node;
wolfSSL 15:117db924cf7c 17777 node = node->next;
wolfSSL 15:117db924cf7c 17778
wolfSSL 16:8e0d178b1d1e 17779 if (f)
wolfSSL 16:8e0d178b1d1e 17780 f(tmp->data.x509);
wolfSSL 16:8e0d178b1d1e 17781 else
wolfSSL 16:8e0d178b1d1e 17782 wolfSSL_X509_free(tmp->data.x509);
wolfSSL 16:8e0d178b1d1e 17783 tmp->data.x509 = NULL;
wolfSSL 15:117db924cf7c 17784 XFREE(tmp, NULL, DYNAMIC_TYPE_X509);
wolfSSL 15:117db924cf7c 17785 sk->num -= 1;
wolfSSL 15:117db924cf7c 17786 }
wolfSSL 15:117db924cf7c 17787
wolfSSL 15:117db924cf7c 17788 /* free head of stack */
wolfSSL 15:117db924cf7c 17789 if (sk->num == 1) {
wolfSSL 16:8e0d178b1d1e 17790 if (f)
wolfSSL 16:8e0d178b1d1e 17791 f(sk->data.x509);
wolfSSL 16:8e0d178b1d1e 17792 else
wolfSSL 16:8e0d178b1d1e 17793 wolfSSL_X509_free(sk->data.x509);
wolfSSL 16:8e0d178b1d1e 17794 sk->data.x509 = NULL;
wolfSSL 15:117db924cf7c 17795 }
wolfSSL 15:117db924cf7c 17796 XFREE(sk, NULL, DYNAMIC_TYPE_X509);
wolfSSL 15:117db924cf7c 17797 }
wolfSSL 15:117db924cf7c 17798
wolfSSL 16:8e0d178b1d1e 17799
wolfSSL 16:8e0d178b1d1e 17800 /* free structure for x509 stack */
wolfSSL 16:8e0d178b1d1e 17801 void wolfSSL_sk_X509_free(WOLF_STACK_OF(WOLFSSL_X509)* sk)
wolfSSL 16:8e0d178b1d1e 17802 {
wolfSSL 16:8e0d178b1d1e 17803 wolfSSL_sk_X509_pop_free(sk, NULL);
wolfSSL 16:8e0d178b1d1e 17804 }
wolfSSL 16:8e0d178b1d1e 17805
wolfSSL 15:117db924cf7c 17806 #endif /* NO_CERTS && OPENSSL_EXTRA */
wolfSSL 15:117db924cf7c 17807
wolfSSL 16:8e0d178b1d1e 17808 #if defined(OPENSSL_ALL) || defined (WOLFSSL_QT)
wolfSSL 16:8e0d178b1d1e 17809 /* return 1 on success 0 on fail */
wolfSSL 16:8e0d178b1d1e 17810 int wolfSSL_sk_ACCESS_DESCRIPTION_push(WOLF_STACK_OF(ACCESS_DESCRIPTION)* sk,
wolfSSL 16:8e0d178b1d1e 17811 WOLFSSL_ACCESS_DESCRIPTION* access)
wolfSSL 16:8e0d178b1d1e 17812 {
wolfSSL 16:8e0d178b1d1e 17813 WOLFSSL_STACK* node;
wolfSSL 16:8e0d178b1d1e 17814
wolfSSL 16:8e0d178b1d1e 17815 WOLFSSL_ENTER("wolfSSL_sk_ACCESS_DESCRIPTION_push");
wolfSSL 16:8e0d178b1d1e 17816
wolfSSL 16:8e0d178b1d1e 17817 if (sk == NULL || access == NULL) {
wolfSSL 16:8e0d178b1d1e 17818 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 17819 }
wolfSSL 16:8e0d178b1d1e 17820
wolfSSL 16:8e0d178b1d1e 17821 /* no previous values in stack */
wolfSSL 16:8e0d178b1d1e 17822 if (sk->data.access == NULL) {
wolfSSL 16:8e0d178b1d1e 17823 sk->data.access = access;
wolfSSL 16:8e0d178b1d1e 17824 sk->num += 1;
wolfSSL 16:8e0d178b1d1e 17825 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 17826 }
wolfSSL 16:8e0d178b1d1e 17827
wolfSSL 16:8e0d178b1d1e 17828 /* stack already has value(s) create a new node and add more */
wolfSSL 16:8e0d178b1d1e 17829 node = (WOLFSSL_STACK*)XMALLOC(sizeof(WOLFSSL_STACK), NULL,
wolfSSL 16:8e0d178b1d1e 17830 DYNAMIC_TYPE_ASN1);
wolfSSL 16:8e0d178b1d1e 17831 if (node == NULL) {
wolfSSL 16:8e0d178b1d1e 17832 WOLFSSL_MSG("Memory error");
wolfSSL 16:8e0d178b1d1e 17833 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 17834 }
wolfSSL 16:8e0d178b1d1e 17835 XMEMSET(node, 0, sizeof(WOLFSSL_STACK));
wolfSSL 16:8e0d178b1d1e 17836
wolfSSL 16:8e0d178b1d1e 17837 /* push new obj onto head of stack */
wolfSSL 16:8e0d178b1d1e 17838 node->data.access = sk->data.access;
wolfSSL 16:8e0d178b1d1e 17839 node->next = sk->next;
wolfSSL 16:8e0d178b1d1e 17840 node->type = sk->type;
wolfSSL 16:8e0d178b1d1e 17841 sk->next = node;
wolfSSL 16:8e0d178b1d1e 17842 sk->data.access = access;
wolfSSL 16:8e0d178b1d1e 17843 sk->num += 1;
wolfSSL 16:8e0d178b1d1e 17844
wolfSSL 16:8e0d178b1d1e 17845 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 17846 }
wolfSSL 16:8e0d178b1d1e 17847
wolfSSL 16:8e0d178b1d1e 17848 /* Frees all nodes in ACCESS_DESCRIPTION stack
wolfSSL 16:8e0d178b1d1e 17849 *
wolfSSL 16:8e0d178b1d1e 17850 * sk stack of nodes to free
wolfSSL 16:8e0d178b1d1e 17851 * f free function to use, not called with wolfSSL
wolfSSL 16:8e0d178b1d1e 17852 */
wolfSSL 16:8e0d178b1d1e 17853 void wolfSSL_sk_ACCESS_DESCRIPTION_pop_free(WOLFSSL_STACK* sk,
wolfSSL 16:8e0d178b1d1e 17854 void (*f) (WOLFSSL_ACCESS_DESCRIPTION*))
wolfSSL 16:8e0d178b1d1e 17855 {
wolfSSL 16:8e0d178b1d1e 17856 WOLFSSL_STACK* node;
wolfSSL 16:8e0d178b1d1e 17857
wolfSSL 16:8e0d178b1d1e 17858 WOLFSSL_ENTER("wolfSSL_sk_ACCESS_DESCRIPTION_pop_free");
wolfSSL 16:8e0d178b1d1e 17859
wolfSSL 16:8e0d178b1d1e 17860 if (sk == NULL) {
wolfSSL 16:8e0d178b1d1e 17861 return;
wolfSSL 16:8e0d178b1d1e 17862 }
wolfSSL 16:8e0d178b1d1e 17863
wolfSSL 16:8e0d178b1d1e 17864 /* parse through stack freeing each node */
wolfSSL 16:8e0d178b1d1e 17865 node = sk->next;
wolfSSL 16:8e0d178b1d1e 17866 while (node && sk->num > 1) {
wolfSSL 16:8e0d178b1d1e 17867 WOLFSSL_STACK* tmp = node;
wolfSSL 16:8e0d178b1d1e 17868 node = node->next;
wolfSSL 16:8e0d178b1d1e 17869
wolfSSL 16:8e0d178b1d1e 17870 if (f)
wolfSSL 16:8e0d178b1d1e 17871 f(tmp->data.access);
wolfSSL 16:8e0d178b1d1e 17872 else
wolfSSL 16:8e0d178b1d1e 17873 wolfSSL_ACCESS_DESCRIPTION_free(tmp->data.access);
wolfSSL 16:8e0d178b1d1e 17874 tmp->data.access = NULL;
wolfSSL 16:8e0d178b1d1e 17875 XFREE(tmp, NULL, DYNAMIC_TYPE_ASN1);
wolfSSL 16:8e0d178b1d1e 17876 sk->num -= 1;
wolfSSL 16:8e0d178b1d1e 17877 }
wolfSSL 16:8e0d178b1d1e 17878
wolfSSL 16:8e0d178b1d1e 17879 /* free head of stack */
wolfSSL 16:8e0d178b1d1e 17880 if (sk->num == 1) {
wolfSSL 16:8e0d178b1d1e 17881 if (f)
wolfSSL 16:8e0d178b1d1e 17882 f(sk->data.access);
wolfSSL 16:8e0d178b1d1e 17883 else {
wolfSSL 16:8e0d178b1d1e 17884 if(sk->data.access->method) {
wolfSSL 16:8e0d178b1d1e 17885
wolfSSL 16:8e0d178b1d1e 17886 wolfSSL_ASN1_OBJECT_free(sk->data.access->method);
wolfSSL 16:8e0d178b1d1e 17887 }
wolfSSL 16:8e0d178b1d1e 17888 if(sk->data.access->location) {
wolfSSL 16:8e0d178b1d1e 17889 wolfSSL_GENERAL_NAME_free(sk->data.access->location);
wolfSSL 16:8e0d178b1d1e 17890 }
wolfSSL 16:8e0d178b1d1e 17891 }
wolfSSL 16:8e0d178b1d1e 17892 sk->data.access = NULL;
wolfSSL 16:8e0d178b1d1e 17893 }
wolfSSL 16:8e0d178b1d1e 17894 XFREE(sk, NULL, DYNAMIC_TYPE_ASN1);
wolfSSL 16:8e0d178b1d1e 17895 }
wolfSSL 16:8e0d178b1d1e 17896
wolfSSL 16:8e0d178b1d1e 17897 void wolfSSL_sk_ACCESS_DESCRIPTION_free(WOLFSSL_STACK* sk)
wolfSSL 16:8e0d178b1d1e 17898 {
wolfSSL 16:8e0d178b1d1e 17899 wolfSSL_sk_ACCESS_DESCRIPTION_pop_free(sk, NULL);
wolfSSL 16:8e0d178b1d1e 17900 }
wolfSSL 16:8e0d178b1d1e 17901
wolfSSL 16:8e0d178b1d1e 17902 void wolfSSL_ACCESS_DESCRIPTION_free(WOLFSSL_ACCESS_DESCRIPTION* access)
wolfSSL 16:8e0d178b1d1e 17903 {
wolfSSL 16:8e0d178b1d1e 17904 WOLFSSL_ENTER("wolfSSL_ACCESS_DESCRIPTION_free");
wolfSSL 16:8e0d178b1d1e 17905 if (access == NULL)
wolfSSL 16:8e0d178b1d1e 17906 return;
wolfSSL 16:8e0d178b1d1e 17907
wolfSSL 16:8e0d178b1d1e 17908 if (access->method)
wolfSSL 16:8e0d178b1d1e 17909 wolfSSL_ASN1_OBJECT_free(access->method);
wolfSSL 16:8e0d178b1d1e 17910 if (access->location)
wolfSSL 16:8e0d178b1d1e 17911 wolfSSL_GENERAL_NAME_free(access->location);
wolfSSL 16:8e0d178b1d1e 17912
wolfSSL 16:8e0d178b1d1e 17913 /* access = NULL, don't try to access or double free it */
wolfSSL 16:8e0d178b1d1e 17914 }
wolfSSL 16:8e0d178b1d1e 17915 #endif
wolfSSL 16:8e0d178b1d1e 17916
wolfSSL 16:8e0d178b1d1e 17917 #ifdef OPENSSL_EXTRA
wolfSSL 16:8e0d178b1d1e 17918
wolfSSL 16:8e0d178b1d1e 17919 /* create a generic wolfSSL stack node
wolfSSL 16:8e0d178b1d1e 17920 * returns a new WOLFSSL_STACK structure on success */
wolfSSL 16:8e0d178b1d1e 17921 WOLFSSL_STACK* wolfSSL_sk_new_node(void* heap)
wolfSSL 16:8e0d178b1d1e 17922 {
wolfSSL 16:8e0d178b1d1e 17923 WOLFSSL_STACK* sk;
wolfSSL 16:8e0d178b1d1e 17924 WOLFSSL_ENTER("wolfSSL_sk_new_node");
wolfSSL 16:8e0d178b1d1e 17925
wolfSSL 16:8e0d178b1d1e 17926 sk = (WOLFSSL_STACK*)XMALLOC(sizeof(WOLFSSL_STACK), heap,
wolfSSL 16:8e0d178b1d1e 17927 DYNAMIC_TYPE_OPENSSL);
wolfSSL 16:8e0d178b1d1e 17928 if (sk != NULL) {
wolfSSL 16:8e0d178b1d1e 17929 XMEMSET(sk, 0, sizeof(*sk));
wolfSSL 16:8e0d178b1d1e 17930 sk->heap = heap;
wolfSSL 16:8e0d178b1d1e 17931 }
wolfSSL 16:8e0d178b1d1e 17932
wolfSSL 16:8e0d178b1d1e 17933 return sk;
wolfSSL 16:8e0d178b1d1e 17934 }
wolfSSL 16:8e0d178b1d1e 17935
wolfSSL 16:8e0d178b1d1e 17936 /* free's node but does not free internal data such as in->data.x509 */
wolfSSL 16:8e0d178b1d1e 17937 void wolfSSL_sk_free_node(WOLFSSL_STACK* in)
wolfSSL 16:8e0d178b1d1e 17938 {
wolfSSL 16:8e0d178b1d1e 17939 if (in != NULL) {
wolfSSL 16:8e0d178b1d1e 17940 XFREE(in, in->heap, DYNAMIC_TYPE_OPENSSL);
wolfSSL 16:8e0d178b1d1e 17941 }
wolfSSL 16:8e0d178b1d1e 17942 }
wolfSSL 16:8e0d178b1d1e 17943
wolfSSL 16:8e0d178b1d1e 17944 /* pushes node "in" onto "stack" and returns pointer to the new stack on success
wolfSSL 16:8e0d178b1d1e 17945 * also handles internal "num" for number of nodes on stack
wolfSSL 16:8e0d178b1d1e 17946 * return WOLFSSL_SUCCESS on success
wolfSSL 16:8e0d178b1d1e 17947 */
wolfSSL 16:8e0d178b1d1e 17948 int wolfSSL_sk_push_node(WOLFSSL_STACK** stack, WOLFSSL_STACK* in)
wolfSSL 16:8e0d178b1d1e 17949 {
wolfSSL 16:8e0d178b1d1e 17950 if (stack == NULL || in == NULL) {
wolfSSL 16:8e0d178b1d1e 17951 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 17952 }
wolfSSL 16:8e0d178b1d1e 17953
wolfSSL 16:8e0d178b1d1e 17954 if (*stack == NULL) {
wolfSSL 16:8e0d178b1d1e 17955 in->num = 1;
wolfSSL 16:8e0d178b1d1e 17956 *stack = in;
wolfSSL 16:8e0d178b1d1e 17957 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 17958 }
wolfSSL 16:8e0d178b1d1e 17959
wolfSSL 16:8e0d178b1d1e 17960 in->num = (*stack)->num + 1;
wolfSSL 16:8e0d178b1d1e 17961 in->next = *stack;
wolfSSL 16:8e0d178b1d1e 17962 *stack = in;
wolfSSL 16:8e0d178b1d1e 17963 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 17964 }
wolfSSL 16:8e0d178b1d1e 17965
wolfSSL 16:8e0d178b1d1e 17966 /* return 1 on success 0 on fail */
wolfSSL 16:8e0d178b1d1e 17967 int wolfSSL_sk_push(WOLFSSL_STACK* sk, const void *data)
wolfSSL 16:8e0d178b1d1e 17968 {
wolfSSL 16:8e0d178b1d1e 17969 int ret = WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 17970 WOLFSSL_ENTER("wolfSSL_sk_push");
wolfSSL 16:8e0d178b1d1e 17971
wolfSSL 16:8e0d178b1d1e 17972 switch (sk->type) {
wolfSSL 16:8e0d178b1d1e 17973 #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
wolfSSL 16:8e0d178b1d1e 17974 case STACK_TYPE_X509:
wolfSSL 16:8e0d178b1d1e 17975 ret = wolfSSL_sk_X509_push(sk, (WOLFSSL_X509*) data);
wolfSSL 16:8e0d178b1d1e 17976 break;
wolfSSL 16:8e0d178b1d1e 17977 #ifndef NO_WOLFSSL_STUB
wolfSSL 16:8e0d178b1d1e 17978 case STACK_TYPE_CIPHER:
wolfSSL 16:8e0d178b1d1e 17979 ret = wolfSSL_sk_CIPHER_push(sk, (WOLFSSL_CIPHER*) data);
wolfSSL 16:8e0d178b1d1e 17980 break;
wolfSSL 16:8e0d178b1d1e 17981 #endif
wolfSSL 16:8e0d178b1d1e 17982 case STACK_TYPE_GEN_NAME:
wolfSSL 16:8e0d178b1d1e 17983 ret = wolfSSL_sk_ASN1_OBJECT_push(sk, (WOLFSSL_ASN1_OBJECT*) data);
wolfSSL 16:8e0d178b1d1e 17984 break;
wolfSSL 16:8e0d178b1d1e 17985 case STACK_TYPE_ACCESS_DESCRIPTION:
wolfSSL 16:8e0d178b1d1e 17986 ret = wolfSSL_sk_ACCESS_DESCRIPTION_push(sk,
wolfSSL 16:8e0d178b1d1e 17987 (WOLFSSL_ACCESS_DESCRIPTION*) data);
wolfSSL 16:8e0d178b1d1e 17988 break;
wolfSSL 16:8e0d178b1d1e 17989 case STACK_TYPE_NULL:
wolfSSL 16:8e0d178b1d1e 17990 ret = wolfSSL_sk_GENERIC_push(sk, (void*) data);
wolfSSL 16:8e0d178b1d1e 17991 break;
wolfSSL 16:8e0d178b1d1e 17992 case STACK_TYPE_OBJ:
wolfSSL 16:8e0d178b1d1e 17993 ret = wolfSSL_sk_ASN1_OBJECT_push(sk, (WOLFSSL_ASN1_OBJECT*) data);
wolfSSL 16:8e0d178b1d1e 17994 break;
wolfSSL 16:8e0d178b1d1e 17995 #endif
wolfSSL 16:8e0d178b1d1e 17996 default:
wolfSSL 16:8e0d178b1d1e 17997 ret = wolfSSL_sk_ASN1_OBJECT_push(sk, (WOLFSSL_ASN1_OBJECT*) data);
wolfSSL 16:8e0d178b1d1e 17998 break;
wolfSSL 16:8e0d178b1d1e 17999 }
wolfSSL 16:8e0d178b1d1e 18000
wolfSSL 16:8e0d178b1d1e 18001 return ret;
wolfSSL 16:8e0d178b1d1e 18002 }
wolfSSL 16:8e0d178b1d1e 18003
wolfSSL 16:8e0d178b1d1e 18004 /* Creates and returns new GENERAL_NAME structure */
wolfSSL 16:8e0d178b1d1e 18005 WOLFSSL_GENERAL_NAME* wolfSSL_GENERAL_NAME_new(void)
wolfSSL 16:8e0d178b1d1e 18006 {
wolfSSL 16:8e0d178b1d1e 18007 WOLFSSL_GENERAL_NAME* gn;
wolfSSL 16:8e0d178b1d1e 18008 WOLFSSL_ENTER("GENERAL_NAME_new");
wolfSSL 16:8e0d178b1d1e 18009
wolfSSL 16:8e0d178b1d1e 18010 gn = (WOLFSSL_GENERAL_NAME*)XMALLOC(sizeof(WOLFSSL_GENERAL_NAME), NULL,
wolfSSL 16:8e0d178b1d1e 18011 DYNAMIC_TYPE_ASN1);
wolfSSL 16:8e0d178b1d1e 18012 if (gn == NULL) {
wolfSSL 16:8e0d178b1d1e 18013 return NULL;
wolfSSL 16:8e0d178b1d1e 18014 }
wolfSSL 16:8e0d178b1d1e 18015 XMEMSET(gn, 0, sizeof(WOLFSSL_GENERAL_NAME));
wolfSSL 16:8e0d178b1d1e 18016
wolfSSL 16:8e0d178b1d1e 18017 gn->d.ia5 = wolfSSL_ASN1_STRING_new();
wolfSSL 16:8e0d178b1d1e 18018 if (gn->d.ia5 == NULL) {
wolfSSL 16:8e0d178b1d1e 18019 WOLFSSL_MSG("Issue creating ASN1_STRING struct");
wolfSSL 16:8e0d178b1d1e 18020 wolfSSL_GENERAL_NAME_free(gn);
wolfSSL 16:8e0d178b1d1e 18021 return NULL;
wolfSSL 16:8e0d178b1d1e 18022 }
wolfSSL 16:8e0d178b1d1e 18023 return gn;
wolfSSL 16:8e0d178b1d1e 18024 }
wolfSSL 16:8e0d178b1d1e 18025
wolfSSL 16:8e0d178b1d1e 18026 /* return 1 on success 0 on fail */
wolfSSL 16:8e0d178b1d1e 18027 int wolfSSL_sk_GENERAL_NAME_push(WOLF_STACK_OF(WOLFSSL_GENERAL_NAME)* sk,
wolfSSL 16:8e0d178b1d1e 18028 WOLFSSL_GENERAL_NAME* gn)
wolfSSL 16:8e0d178b1d1e 18029 {
wolfSSL 16:8e0d178b1d1e 18030 WOLFSSL_STACK* node;
wolfSSL 16:8e0d178b1d1e 18031 WOLFSSL_ENTER("wolfSSL_sk_GENERAL_NAME_push");
wolfSSL 16:8e0d178b1d1e 18032
wolfSSL 16:8e0d178b1d1e 18033 if (sk == NULL || gn == NULL) {
wolfSSL 16:8e0d178b1d1e 18034 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 18035 }
wolfSSL 16:8e0d178b1d1e 18036
wolfSSL 16:8e0d178b1d1e 18037 /* no previous values in stack */
wolfSSL 16:8e0d178b1d1e 18038 if (sk->data.gn == NULL) {
wolfSSL 16:8e0d178b1d1e 18039 sk->data.gn = gn;
wolfSSL 16:8e0d178b1d1e 18040 sk->num += 1;
wolfSSL 16:8e0d178b1d1e 18041
wolfSSL 16:8e0d178b1d1e 18042 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 18043 }
wolfSSL 16:8e0d178b1d1e 18044
wolfSSL 16:8e0d178b1d1e 18045 /* stack already has value(s) create a new node and add more */
wolfSSL 16:8e0d178b1d1e 18046 node = (WOLFSSL_STACK*)XMALLOC(sizeof(WOLFSSL_STACK), NULL,
wolfSSL 16:8e0d178b1d1e 18047 DYNAMIC_TYPE_ASN1);
wolfSSL 16:8e0d178b1d1e 18048 if (node == NULL) {
wolfSSL 16:8e0d178b1d1e 18049 WOLFSSL_MSG("Memory error");
wolfSSL 16:8e0d178b1d1e 18050 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 18051 }
wolfSSL 16:8e0d178b1d1e 18052 XMEMSET(node, 0, sizeof(WOLFSSL_STACK));
wolfSSL 16:8e0d178b1d1e 18053
wolfSSL 16:8e0d178b1d1e 18054 /* push new obj onto head of stack */
wolfSSL 16:8e0d178b1d1e 18055 node->data.gn = sk->data.gn;
wolfSSL 16:8e0d178b1d1e 18056 node->next = sk->next;
wolfSSL 16:8e0d178b1d1e 18057 sk->next = node;
wolfSSL 16:8e0d178b1d1e 18058 sk->data.gn = gn;
wolfSSL 16:8e0d178b1d1e 18059 sk->num += 1;
wolfSSL 16:8e0d178b1d1e 18060
wolfSSL 16:8e0d178b1d1e 18061 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 18062 }
wolfSSL 15:117db924cf7c 18063
wolfSSL 15:117db924cf7c 18064 /* Returns the general name at index i from the stack
wolfSSL 15:117db924cf7c 18065 *
wolfSSL 16:8e0d178b1d1e 18066 * sk stack to get general name from
wolfSSL 16:8e0d178b1d1e 18067 * idx index to get
wolfSSL 15:117db924cf7c 18068 *
wolfSSL 15:117db924cf7c 18069 * return a pointer to the internal node of the stack
wolfSSL 15:117db924cf7c 18070 */
wolfSSL 16:8e0d178b1d1e 18071 WOLFSSL_GENERAL_NAME* wolfSSL_sk_GENERAL_NAME_value(WOLFSSL_STACK* sk, int idx)
wolfSSL 16:8e0d178b1d1e 18072 {
wolfSSL 16:8e0d178b1d1e 18073 WOLFSSL_STACK* ret;
wolfSSL 16:8e0d178b1d1e 18074
wolfSSL 16:8e0d178b1d1e 18075 if (sk == NULL) {
wolfSSL 16:8e0d178b1d1e 18076 return NULL;
wolfSSL 16:8e0d178b1d1e 18077 }
wolfSSL 16:8e0d178b1d1e 18078
wolfSSL 16:8e0d178b1d1e 18079 ret = wolfSSL_sk_get_node(sk, idx);
wolfSSL 16:8e0d178b1d1e 18080 if (ret != NULL) {
wolfSSL 16:8e0d178b1d1e 18081 return ret->data.gn;
wolfSSL 16:8e0d178b1d1e 18082 }
wolfSSL 16:8e0d178b1d1e 18083 return NULL;
wolfSSL 16:8e0d178b1d1e 18084 }
wolfSSL 15:117db924cf7c 18085
wolfSSL 15:117db924cf7c 18086 /* Gets the number of nodes in the stack
wolfSSL 15:117db924cf7c 18087 *
wolfSSL 15:117db924cf7c 18088 * sk stack to get the number of nodes from
wolfSSL 15:117db924cf7c 18089 *
wolfSSL 15:117db924cf7c 18090 * returns the number of nodes, -1 if no nodes
wolfSSL 15:117db924cf7c 18091 */
wolfSSL 15:117db924cf7c 18092 int wolfSSL_sk_GENERAL_NAME_num(WOLFSSL_STACK* sk)
wolfSSL 15:117db924cf7c 18093 {
wolfSSL 15:117db924cf7c 18094 WOLFSSL_ENTER("wolfSSL_sk_GENERAL_NAME_num");
wolfSSL 15:117db924cf7c 18095
wolfSSL 15:117db924cf7c 18096 if (sk == NULL) {
wolfSSL 15:117db924cf7c 18097 return -1;
wolfSSL 15:117db924cf7c 18098 }
wolfSSL 15:117db924cf7c 18099
wolfSSL 15:117db924cf7c 18100 return (int)sk->num;
wolfSSL 15:117db924cf7c 18101 }
wolfSSL 15:117db924cf7c 18102
wolfSSL 15:117db924cf7c 18103 /* Frees all nodes in a GENERAL NAME stack
wolfSSL 15:117db924cf7c 18104 *
wolfSSL 15:117db924cf7c 18105 * sk stack of nodes to free
wolfSSL 15:117db924cf7c 18106 * f free function to use, not called with wolfSSL
wolfSSL 15:117db924cf7c 18107 */
wolfSSL 15:117db924cf7c 18108 void wolfSSL_sk_GENERAL_NAME_pop_free(WOLFSSL_STACK* sk,
wolfSSL 16:8e0d178b1d1e 18109 void (*f) (WOLFSSL_GENERAL_NAME*))
wolfSSL 15:117db924cf7c 18110 {
wolfSSL 15:117db924cf7c 18111 WOLFSSL_STACK* node;
wolfSSL 15:117db924cf7c 18112
wolfSSL 15:117db924cf7c 18113 WOLFSSL_ENTER("wolfSSL_sk_GENERAL_NAME_pop_free");
wolfSSL 15:117db924cf7c 18114
wolfSSL 15:117db924cf7c 18115 if (sk == NULL) {
wolfSSL 15:117db924cf7c 18116 return;
wolfSSL 15:117db924cf7c 18117 }
wolfSSL 15:117db924cf7c 18118
wolfSSL 15:117db924cf7c 18119 /* parse through stack freeing each node */
wolfSSL 15:117db924cf7c 18120 node = sk->next;
wolfSSL 16:8e0d178b1d1e 18121 while (node && sk->num > 1) {
wolfSSL 15:117db924cf7c 18122 WOLFSSL_STACK* tmp = node;
wolfSSL 15:117db924cf7c 18123 node = node->next;
wolfSSL 15:117db924cf7c 18124
wolfSSL 16:8e0d178b1d1e 18125 if (f)
wolfSSL 16:8e0d178b1d1e 18126 f(tmp->data.gn);
wolfSSL 16:8e0d178b1d1e 18127 else
wolfSSL 16:8e0d178b1d1e 18128 wolfSSL_GENERAL_NAME_free(tmp->data.gn);
wolfSSL 15:117db924cf7c 18129 XFREE(tmp, NULL, DYNAMIC_TYPE_ASN1);
wolfSSL 15:117db924cf7c 18130 sk->num -= 1;
wolfSSL 15:117db924cf7c 18131 }
wolfSSL 15:117db924cf7c 18132
wolfSSL 15:117db924cf7c 18133 /* free head of stack */
wolfSSL 15:117db924cf7c 18134 if (sk->num == 1) {
wolfSSL 16:8e0d178b1d1e 18135 if (f)
wolfSSL 16:8e0d178b1d1e 18136 f(sk->data.gn);
wolfSSL 16:8e0d178b1d1e 18137 else
wolfSSL 16:8e0d178b1d1e 18138 wolfSSL_GENERAL_NAME_free(sk->data.gn);
wolfSSL 15:117db924cf7c 18139 }
wolfSSL 15:117db924cf7c 18140 XFREE(sk, NULL, DYNAMIC_TYPE_ASN1);
wolfSSL 16:8e0d178b1d1e 18141 }
wolfSSL 16:8e0d178b1d1e 18142
wolfSSL 16:8e0d178b1d1e 18143 void wolfSSL_sk_GENERAL_NAME_free(WOLFSSL_STACK* sk)
wolfSSL 16:8e0d178b1d1e 18144 {
wolfSSL 16:8e0d178b1d1e 18145 WOLFSSL_ENTER("sk_GENERAL_NAME_free");
wolfSSL 16:8e0d178b1d1e 18146 wolfSSL_sk_GENERAL_NAME_pop_free(sk, NULL);
wolfSSL 16:8e0d178b1d1e 18147 }
wolfSSL 16:8e0d178b1d1e 18148
wolfSSL 16:8e0d178b1d1e 18149
wolfSSL 16:8e0d178b1d1e 18150 /* returns the number of nodes in stack on success and WOLFSSL_FATAL_ERROR
wolfSSL 16:8e0d178b1d1e 18151 * on fail */
wolfSSL 16:8e0d178b1d1e 18152 int wolfSSL_sk_ACCESS_DESCRIPTION_num(WOLFSSL_STACK* sk)
wolfSSL 16:8e0d178b1d1e 18153 {
wolfSSL 16:8e0d178b1d1e 18154 if (sk == NULL) {
wolfSSL 16:8e0d178b1d1e 18155 return WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 18156 }
wolfSSL 16:8e0d178b1d1e 18157
wolfSSL 16:8e0d178b1d1e 18158 return (int)sk->num;
wolfSSL 16:8e0d178b1d1e 18159 }
wolfSSL 16:8e0d178b1d1e 18160
wolfSSL 16:8e0d178b1d1e 18161 #ifndef NO_WOLFSSL_STUB
wolfSSL 16:8e0d178b1d1e 18162 /* similar to call to sk_ACCESS_DESCRIPTION_pop_free */
wolfSSL 16:8e0d178b1d1e 18163 void wolfSSL_AUTHORITY_INFO_ACCESS_free(
wolfSSL 16:8e0d178b1d1e 18164 WOLF_STACK_OF(WOLFSSL_ACCESS_DESCRIPTION)* sk)
wolfSSL 16:8e0d178b1d1e 18165 {
wolfSSL 16:8e0d178b1d1e 18166 WOLFSSL_STUB("wolfSSL_AUTHORITY_INFO_ACCESS_free");
wolfSSL 16:8e0d178b1d1e 18167 (void)sk;
wolfSSL 16:8e0d178b1d1e 18168 }
wolfSSL 16:8e0d178b1d1e 18169 #endif
wolfSSL 16:8e0d178b1d1e 18170
wolfSSL 16:8e0d178b1d1e 18171 /* returns the node at index "idx", NULL if not found */
wolfSSL 16:8e0d178b1d1e 18172 WOLFSSL_STACK* wolfSSL_sk_get_node(WOLFSSL_STACK* sk, int idx)
wolfSSL 16:8e0d178b1d1e 18173 {
wolfSSL 16:8e0d178b1d1e 18174 int i;
wolfSSL 16:8e0d178b1d1e 18175 WOLFSSL_STACK* ret = NULL;
wolfSSL 16:8e0d178b1d1e 18176 WOLFSSL_STACK* current;
wolfSSL 16:8e0d178b1d1e 18177
wolfSSL 16:8e0d178b1d1e 18178 current = sk;
wolfSSL 16:8e0d178b1d1e 18179 for (i = 0; i <= idx && current != NULL; i++) {
wolfSSL 16:8e0d178b1d1e 18180 if (i == idx) {
wolfSSL 16:8e0d178b1d1e 18181 ret = current;
wolfSSL 16:8e0d178b1d1e 18182 break;
wolfSSL 16:8e0d178b1d1e 18183 }
wolfSSL 16:8e0d178b1d1e 18184 current = current->next;
wolfSSL 16:8e0d178b1d1e 18185 }
wolfSSL 16:8e0d178b1d1e 18186 return ret;
wolfSSL 16:8e0d178b1d1e 18187 }
wolfSSL 16:8e0d178b1d1e 18188
wolfSSL 16:8e0d178b1d1e 18189 /* returns NULL on fail and pointer to internal data on success */
wolfSSL 16:8e0d178b1d1e 18190 WOLFSSL_ACCESS_DESCRIPTION* wolfSSL_sk_ACCESS_DESCRIPTION_value(
wolfSSL 16:8e0d178b1d1e 18191 WOLFSSL_STACK* sk, int idx)
wolfSSL 16:8e0d178b1d1e 18192 {
wolfSSL 16:8e0d178b1d1e 18193 WOLFSSL_STACK* ret;
wolfSSL 16:8e0d178b1d1e 18194
wolfSSL 16:8e0d178b1d1e 18195 if (sk == NULL) {
wolfSSL 16:8e0d178b1d1e 18196 return NULL;
wolfSSL 16:8e0d178b1d1e 18197 }
wolfSSL 16:8e0d178b1d1e 18198
wolfSSL 16:8e0d178b1d1e 18199 ret = wolfSSL_sk_get_node(sk, idx);
wolfSSL 16:8e0d178b1d1e 18200 if (ret != NULL) {
wolfSSL 16:8e0d178b1d1e 18201 return ret->data.access;
wolfSSL 16:8e0d178b1d1e 18202 }
wolfSSL 16:8e0d178b1d1e 18203 return NULL;
wolfSSL 16:8e0d178b1d1e 18204 }
wolfSSL 16:8e0d178b1d1e 18205
wolfSSL 16:8e0d178b1d1e 18206 /* Frees GENERAL_NAME objects.
wolfSSL 16:8e0d178b1d1e 18207 */
wolfSSL 16:8e0d178b1d1e 18208 void wolfSSL_GENERAL_NAME_free(WOLFSSL_GENERAL_NAME* name)
wolfSSL 16:8e0d178b1d1e 18209 {
wolfSSL 16:8e0d178b1d1e 18210 WOLFSSL_ENTER("wolfSSL_GENERAL_NAME_Free");
wolfSSL 16:8e0d178b1d1e 18211 if(name != NULL) {
wolfSSL 16:8e0d178b1d1e 18212 if (name->d.dNSName != NULL) {
wolfSSL 16:8e0d178b1d1e 18213 wolfSSL_ASN1_STRING_free(name->d.dNSName);
wolfSSL 16:8e0d178b1d1e 18214 name->d.dNSName = NULL;
wolfSSL 16:8e0d178b1d1e 18215 }
wolfSSL 16:8e0d178b1d1e 18216 if (name->d.uniformResourceIdentifier != NULL) {
wolfSSL 16:8e0d178b1d1e 18217 wolfSSL_ASN1_STRING_free(name->d.uniformResourceIdentifier);
wolfSSL 16:8e0d178b1d1e 18218 name->d.uniformResourceIdentifier = NULL;
wolfSSL 16:8e0d178b1d1e 18219 }
wolfSSL 16:8e0d178b1d1e 18220 if (name->d.iPAddress != NULL) {
wolfSSL 16:8e0d178b1d1e 18221 wolfSSL_ASN1_STRING_free(name->d.iPAddress);
wolfSSL 16:8e0d178b1d1e 18222 name->d.iPAddress = NULL;
wolfSSL 16:8e0d178b1d1e 18223 }
wolfSSL 16:8e0d178b1d1e 18224 if (name->d.registeredID != NULL) {
wolfSSL 16:8e0d178b1d1e 18225 wolfSSL_ASN1_OBJECT_free(name->d.registeredID);
wolfSSL 16:8e0d178b1d1e 18226 name->d.registeredID = NULL;
wolfSSL 16:8e0d178b1d1e 18227 }
wolfSSL 16:8e0d178b1d1e 18228 if (name->d.ia5 != NULL) {
wolfSSL 16:8e0d178b1d1e 18229 wolfSSL_ASN1_STRING_free(name->d.ia5);
wolfSSL 16:8e0d178b1d1e 18230 name->d.ia5 = NULL;
wolfSSL 16:8e0d178b1d1e 18231 }
wolfSSL 16:8e0d178b1d1e 18232 XFREE(name, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL 16:8e0d178b1d1e 18233 }
wolfSSL 16:8e0d178b1d1e 18234 }
wolfSSL 16:8e0d178b1d1e 18235
wolfSSL 16:8e0d178b1d1e 18236 void wolfSSL_GENERAL_NAMES_free(WOLFSSL_GENERAL_NAMES *gens)
wolfSSL 16:8e0d178b1d1e 18237 {
wolfSSL 16:8e0d178b1d1e 18238 WOLFSSL_STACK* node;
wolfSSL 16:8e0d178b1d1e 18239
wolfSSL 16:8e0d178b1d1e 18240 WOLFSSL_ENTER("wolfSSL_GENERAL_NAMES_free");
wolfSSL 16:8e0d178b1d1e 18241
wolfSSL 16:8e0d178b1d1e 18242 if (gens == NULL) {
wolfSSL 16:8e0d178b1d1e 18243 return;
wolfSSL 16:8e0d178b1d1e 18244 }
wolfSSL 16:8e0d178b1d1e 18245
wolfSSL 16:8e0d178b1d1e 18246 /* parse through stack freeing each node */
wolfSSL 16:8e0d178b1d1e 18247 node = gens->next;
wolfSSL 16:8e0d178b1d1e 18248 while (gens->num > 1) {
wolfSSL 16:8e0d178b1d1e 18249 WOLFSSL_STACK* tmp = node;
wolfSSL 16:8e0d178b1d1e 18250 node = node->next;
wolfSSL 16:8e0d178b1d1e 18251
wolfSSL 16:8e0d178b1d1e 18252 wolfSSL_ASN1_OBJECT_free(tmp->data.obj);
wolfSSL 16:8e0d178b1d1e 18253 XFREE(tmp, NULL, DYNAMIC_TYPE_ASN1);
wolfSSL 16:8e0d178b1d1e 18254 gens->num -= 1;
wolfSSL 16:8e0d178b1d1e 18255 }
wolfSSL 16:8e0d178b1d1e 18256
wolfSSL 16:8e0d178b1d1e 18257 /* free head of stack */
wolfSSL 16:8e0d178b1d1e 18258 if (gens->num == 1) {
wolfSSL 16:8e0d178b1d1e 18259 wolfSSL_ASN1_OBJECT_free(gens->data.obj);
wolfSSL 16:8e0d178b1d1e 18260 }
wolfSSL 16:8e0d178b1d1e 18261 XFREE(gens, NULL, DYNAMIC_TYPE_ASN1);
wolfSSL 16:8e0d178b1d1e 18262 }
wolfSSL 16:8e0d178b1d1e 18263
wolfSSL 16:8e0d178b1d1e 18264 #if defined(OPENSSL_ALL)
wolfSSL 16:8e0d178b1d1e 18265 WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* wolfSSL_sk_X509_EXTENSION_new_null(void)
wolfSSL 16:8e0d178b1d1e 18266 {
wolfSSL 16:8e0d178b1d1e 18267 WOLFSSL_STACK* sk = wolfSSL_sk_new_node(NULL);
wolfSSL 16:8e0d178b1d1e 18268 if (sk) {
wolfSSL 16:8e0d178b1d1e 18269 sk->type = STACK_TYPE_X509_EXT;
wolfSSL 16:8e0d178b1d1e 18270 }
wolfSSL 16:8e0d178b1d1e 18271
wolfSSL 16:8e0d178b1d1e 18272 return (WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)*)sk;;
wolfSSL 16:8e0d178b1d1e 18273 }
wolfSSL 16:8e0d178b1d1e 18274
wolfSSL 16:8e0d178b1d1e 18275 /* returns the number of nodes on the stack */
wolfSSL 16:8e0d178b1d1e 18276 int wolfSSL_sk_X509_EXTENSION_num(WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* sk)
wolfSSL 16:8e0d178b1d1e 18277 {
wolfSSL 16:8e0d178b1d1e 18278 if (sk != NULL) {
wolfSSL 16:8e0d178b1d1e 18279 return (int)sk->num;
wolfSSL 16:8e0d178b1d1e 18280 }
wolfSSL 16:8e0d178b1d1e 18281 return WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 18282 }
wolfSSL 16:8e0d178b1d1e 18283
wolfSSL 16:8e0d178b1d1e 18284
wolfSSL 16:8e0d178b1d1e 18285 /* returns null on failure and pointer to internal value on success */
wolfSSL 16:8e0d178b1d1e 18286 WOLFSSL_X509_EXTENSION* wolfSSL_sk_X509_EXTENSION_value(
wolfSSL 16:8e0d178b1d1e 18287 WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* sk, int idx)
wolfSSL 16:8e0d178b1d1e 18288 {
wolfSSL 16:8e0d178b1d1e 18289 WOLFSSL_STACK* ret;
wolfSSL 16:8e0d178b1d1e 18290
wolfSSL 16:8e0d178b1d1e 18291 if (sk == NULL) {
wolfSSL 16:8e0d178b1d1e 18292 return NULL;
wolfSSL 16:8e0d178b1d1e 18293 }
wolfSSL 16:8e0d178b1d1e 18294
wolfSSL 16:8e0d178b1d1e 18295 ret = wolfSSL_sk_get_node(sk, idx);
wolfSSL 16:8e0d178b1d1e 18296 if (ret != NULL) {
wolfSSL 16:8e0d178b1d1e 18297 return ret->data.ext;
wolfSSL 16:8e0d178b1d1e 18298 }
wolfSSL 16:8e0d178b1d1e 18299 return NULL;
wolfSSL 16:8e0d178b1d1e 18300 }
wolfSSL 16:8e0d178b1d1e 18301
wolfSSL 16:8e0d178b1d1e 18302 /* frees all of the nodes and the values in stack */
wolfSSL 16:8e0d178b1d1e 18303 void wolfSSL_sk_X509_EXTENSION_pop_free(
wolfSSL 16:8e0d178b1d1e 18304 WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* sk,
wolfSSL 16:8e0d178b1d1e 18305 void (*f) (WOLFSSL_X509_EXTENSION*))
wolfSSL 16:8e0d178b1d1e 18306 {
wolfSSL 16:8e0d178b1d1e 18307 WOLFSSL_STACK* current;
wolfSSL 16:8e0d178b1d1e 18308
wolfSSL 16:8e0d178b1d1e 18309 if (sk == NULL) {
wolfSSL 16:8e0d178b1d1e 18310 return;
wolfSSL 16:8e0d178b1d1e 18311 }
wolfSSL 16:8e0d178b1d1e 18312
wolfSSL 16:8e0d178b1d1e 18313 current = sk;
wolfSSL 16:8e0d178b1d1e 18314 while (current != NULL) {
wolfSSL 16:8e0d178b1d1e 18315 WOLFSSL_STACK* toFree = current;
wolfSSL 16:8e0d178b1d1e 18316 current = current->next;
wolfSSL 16:8e0d178b1d1e 18317
wolfSSL 16:8e0d178b1d1e 18318 if (f)
wolfSSL 16:8e0d178b1d1e 18319 f(toFree->data.ext);
wolfSSL 16:8e0d178b1d1e 18320 wolfSSL_sk_free_node(toFree);
wolfSSL 16:8e0d178b1d1e 18321 }
wolfSSL 16:8e0d178b1d1e 18322 }
wolfSSL 16:8e0d178b1d1e 18323
wolfSSL 16:8e0d178b1d1e 18324 #if defined(HAVE_ECC)
wolfSSL 16:8e0d178b1d1e 18325 /* Copies ecc_key into new WOLFSSL_EC_KEY object
wolfSSL 16:8e0d178b1d1e 18326 *
wolfSSL 16:8e0d178b1d1e 18327 * src : EC_KEY to duplicate. If EC_KEY is not null, create new EC_KEY and copy
wolfSSL 16:8e0d178b1d1e 18328 * internal ecc_key from src to dup.
wolfSSL 16:8e0d178b1d1e 18329 *
wolfSSL 16:8e0d178b1d1e 18330 * Returns pointer to duplicate EC_KEY.
wolfSSL 16:8e0d178b1d1e 18331 */
wolfSSL 16:8e0d178b1d1e 18332 WOLFSSL_EC_KEY *wolfSSL_EC_KEY_dup(const WOLFSSL_EC_KEY *src)
wolfSSL 16:8e0d178b1d1e 18333 {
wolfSSL 16:8e0d178b1d1e 18334 WOLFSSL_EC_KEY *dup;
wolfSSL 16:8e0d178b1d1e 18335 ecc_key *key, *srcKey;
wolfSSL 16:8e0d178b1d1e 18336 int ret;
wolfSSL 16:8e0d178b1d1e 18337
wolfSSL 16:8e0d178b1d1e 18338 WOLFSSL_ENTER("wolfSSL_EC_KEY_dup");
wolfSSL 16:8e0d178b1d1e 18339
wolfSSL 16:8e0d178b1d1e 18340 if (src == NULL || src->internal == NULL || src->group == NULL || \
wolfSSL 16:8e0d178b1d1e 18341 src->pub_key == NULL || src->priv_key == NULL) {
wolfSSL 16:8e0d178b1d1e 18342
wolfSSL 16:8e0d178b1d1e 18343 WOLFSSL_MSG("src NULL error");
wolfSSL 16:8e0d178b1d1e 18344 return NULL;
wolfSSL 16:8e0d178b1d1e 18345 }
wolfSSL 16:8e0d178b1d1e 18346
wolfSSL 16:8e0d178b1d1e 18347 dup = wolfSSL_EC_KEY_new();
wolfSSL 16:8e0d178b1d1e 18348 if (dup == NULL) {
wolfSSL 16:8e0d178b1d1e 18349 WOLFSSL_MSG("wolfSSL_EC_KEY_new error");
wolfSSL 16:8e0d178b1d1e 18350 return NULL;
wolfSSL 16:8e0d178b1d1e 18351 }
wolfSSL 16:8e0d178b1d1e 18352
wolfSSL 16:8e0d178b1d1e 18353 key = (ecc_key*)dup->internal;
wolfSSL 16:8e0d178b1d1e 18354 if (key == NULL) {
wolfSSL 16:8e0d178b1d1e 18355 WOLFSSL_MSG("ecc_key NULL error");
wolfSSL 16:8e0d178b1d1e 18356 wolfSSL_EC_KEY_free(dup);
wolfSSL 16:8e0d178b1d1e 18357 return NULL;
wolfSSL 16:8e0d178b1d1e 18358 }
wolfSSL 16:8e0d178b1d1e 18359 srcKey = (ecc_key*)src->internal;
wolfSSL 16:8e0d178b1d1e 18360
wolfSSL 16:8e0d178b1d1e 18361 /* ecc_key */
wolfSSL 16:8e0d178b1d1e 18362 /* copy pubkey */
wolfSSL 16:8e0d178b1d1e 18363 ret = wc_ecc_copy_point(&srcKey->pubkey, &key->pubkey);
wolfSSL 16:8e0d178b1d1e 18364 if (ret != MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 18365 WOLFSSL_MSG("wc_ecc_copy_point error");
wolfSSL 16:8e0d178b1d1e 18366 wolfSSL_EC_KEY_free(dup);
wolfSSL 16:8e0d178b1d1e 18367 return NULL;
wolfSSL 16:8e0d178b1d1e 18368 }
wolfSSL 16:8e0d178b1d1e 18369
wolfSSL 16:8e0d178b1d1e 18370 /* copy private key k */
wolfSSL 16:8e0d178b1d1e 18371 ret = mp_copy(&srcKey->k, &key->k);
wolfSSL 16:8e0d178b1d1e 18372 if (ret != MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 18373 WOLFSSL_MSG("mp_copy error");
wolfSSL 16:8e0d178b1d1e 18374 wolfSSL_EC_KEY_free(dup);
wolfSSL 16:8e0d178b1d1e 18375 return NULL;
wolfSSL 16:8e0d178b1d1e 18376 }
wolfSSL 16:8e0d178b1d1e 18377
wolfSSL 16:8e0d178b1d1e 18378 /* copy domain parameters */
wolfSSL 16:8e0d178b1d1e 18379 if (srcKey->dp) {
wolfSSL 16:8e0d178b1d1e 18380 ret = wc_ecc_set_curve(key, 0, srcKey->dp->id);
wolfSSL 16:8e0d178b1d1e 18381 if (ret != 0) {
wolfSSL 16:8e0d178b1d1e 18382 WOLFSSL_MSG("wc_ecc_set_curve error");
wolfSSL 16:8e0d178b1d1e 18383 return NULL;
wolfSSL 16:8e0d178b1d1e 18384 }
wolfSSL 16:8e0d178b1d1e 18385 }
wolfSSL 16:8e0d178b1d1e 18386
wolfSSL 16:8e0d178b1d1e 18387 key->type = srcKey->type;
wolfSSL 16:8e0d178b1d1e 18388 key->idx = srcKey->idx;
wolfSSL 16:8e0d178b1d1e 18389 key->state = srcKey->state;
wolfSSL 16:8e0d178b1d1e 18390 key->flags = srcKey->flags;
wolfSSL 16:8e0d178b1d1e 18391
wolfSSL 16:8e0d178b1d1e 18392 /* Copy group */
wolfSSL 16:8e0d178b1d1e 18393 if (dup->group == NULL) {
wolfSSL 16:8e0d178b1d1e 18394 WOLFSSL_MSG("EC_GROUP_new_by_curve_name error");
wolfSSL 16:8e0d178b1d1e 18395 wolfSSL_EC_KEY_free(dup);
wolfSSL 16:8e0d178b1d1e 18396 return NULL;
wolfSSL 16:8e0d178b1d1e 18397 }
wolfSSL 16:8e0d178b1d1e 18398
wolfSSL 16:8e0d178b1d1e 18399 dup->group->curve_idx = src->group->curve_idx;
wolfSSL 16:8e0d178b1d1e 18400 dup->group->curve_nid = src->group->curve_nid;
wolfSSL 16:8e0d178b1d1e 18401 dup->group->curve_oid = src->group->curve_oid;
wolfSSL 16:8e0d178b1d1e 18402
wolfSSL 16:8e0d178b1d1e 18403 /* Copy public key */
wolfSSL 16:8e0d178b1d1e 18404 if (src->pub_key->internal == NULL || dup->pub_key->internal == NULL) {
wolfSSL 16:8e0d178b1d1e 18405 WOLFSSL_MSG("NULL pub_key error");
wolfSSL 16:8e0d178b1d1e 18406 wolfSSL_EC_KEY_free(dup);
wolfSSL 16:8e0d178b1d1e 18407 return NULL;
wolfSSL 16:8e0d178b1d1e 18408 }
wolfSSL 16:8e0d178b1d1e 18409
wolfSSL 16:8e0d178b1d1e 18410 /* Copy public key internal */
wolfSSL 16:8e0d178b1d1e 18411 ret = wc_ecc_copy_point((ecc_point*)src->pub_key->internal, \
wolfSSL 16:8e0d178b1d1e 18412 (ecc_point*)dup->pub_key->internal);
wolfSSL 16:8e0d178b1d1e 18413 if (ret != MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 18414 WOLFSSL_MSG("ecc_copy_point error");
wolfSSL 16:8e0d178b1d1e 18415 wolfSSL_EC_KEY_free(dup);
wolfSSL 16:8e0d178b1d1e 18416 return NULL;
wolfSSL 16:8e0d178b1d1e 18417 }
wolfSSL 16:8e0d178b1d1e 18418
wolfSSL 16:8e0d178b1d1e 18419 /* Copy X, Y, Z */
wolfSSL 16:8e0d178b1d1e 18420 dup->pub_key->X = wolfSSL_BN_dup(src->pub_key->X);
wolfSSL 16:8e0d178b1d1e 18421 if (!dup->pub_key->X && src->pub_key->X) {
wolfSSL 16:8e0d178b1d1e 18422 WOLFSSL_MSG("Error copying EC_POINT");
wolfSSL 16:8e0d178b1d1e 18423 wolfSSL_EC_KEY_free(dup);
wolfSSL 16:8e0d178b1d1e 18424 return NULL;
wolfSSL 16:8e0d178b1d1e 18425 }
wolfSSL 16:8e0d178b1d1e 18426 dup->pub_key->Y = wolfSSL_BN_dup(src->pub_key->Y);
wolfSSL 16:8e0d178b1d1e 18427 if (!dup->pub_key->Y && src->pub_key->Y) {
wolfSSL 16:8e0d178b1d1e 18428 WOLFSSL_MSG("Error copying EC_POINT");
wolfSSL 16:8e0d178b1d1e 18429 wolfSSL_EC_KEY_free(dup);
wolfSSL 16:8e0d178b1d1e 18430 return NULL;
wolfSSL 16:8e0d178b1d1e 18431 }
wolfSSL 16:8e0d178b1d1e 18432 dup->pub_key->Z = wolfSSL_BN_dup(src->pub_key->Z);
wolfSSL 16:8e0d178b1d1e 18433 if (!dup->pub_key->Z && src->pub_key->Z) {
wolfSSL 16:8e0d178b1d1e 18434 WOLFSSL_MSG("Error copying EC_POINT");
wolfSSL 16:8e0d178b1d1e 18435 wolfSSL_EC_KEY_free(dup);
wolfSSL 16:8e0d178b1d1e 18436 return NULL;
wolfSSL 16:8e0d178b1d1e 18437 }
wolfSSL 16:8e0d178b1d1e 18438
wolfSSL 16:8e0d178b1d1e 18439 dup->pub_key->inSet = src->pub_key->inSet;
wolfSSL 16:8e0d178b1d1e 18440 dup->pub_key->exSet = src->pub_key->exSet;
wolfSSL 16:8e0d178b1d1e 18441
wolfSSL 16:8e0d178b1d1e 18442 /* Copy private key */
wolfSSL 16:8e0d178b1d1e 18443 if (src->priv_key->internal == NULL || dup->priv_key->internal == NULL) {
wolfSSL 16:8e0d178b1d1e 18444 WOLFSSL_MSG("NULL priv_key error");
wolfSSL 16:8e0d178b1d1e 18445 wolfSSL_EC_KEY_free(dup);
wolfSSL 16:8e0d178b1d1e 18446 return NULL;
wolfSSL 16:8e0d178b1d1e 18447 }
wolfSSL 16:8e0d178b1d1e 18448
wolfSSL 16:8e0d178b1d1e 18449 /* Free priv_key before call to dup function */
wolfSSL 16:8e0d178b1d1e 18450 wolfSSL_BN_free(dup->priv_key);
wolfSSL 16:8e0d178b1d1e 18451 dup->priv_key = wolfSSL_BN_dup(src->priv_key);
wolfSSL 16:8e0d178b1d1e 18452 if (dup->priv_key == NULL) {
wolfSSL 16:8e0d178b1d1e 18453 WOLFSSL_MSG("BN_dup error");
wolfSSL 16:8e0d178b1d1e 18454 wolfSSL_EC_KEY_free(dup);
wolfSSL 16:8e0d178b1d1e 18455 return NULL;
wolfSSL 16:8e0d178b1d1e 18456 }
wolfSSL 16:8e0d178b1d1e 18457
wolfSSL 16:8e0d178b1d1e 18458 return dup;
wolfSSL 16:8e0d178b1d1e 18459
wolfSSL 16:8e0d178b1d1e 18460 }
wolfSSL 16:8e0d178b1d1e 18461 #endif /* HAVE_ECC */
wolfSSL 16:8e0d178b1d1e 18462
wolfSSL 16:8e0d178b1d1e 18463 #if !defined(NO_DH)
wolfSSL 16:8e0d178b1d1e 18464 int wolfSSL_DH_check(const WOLFSSL_DH *dh, int *codes)
wolfSSL 16:8e0d178b1d1e 18465 {
wolfSSL 16:8e0d178b1d1e 18466 int isPrime = MP_NO, codeTmp = 0;
wolfSSL 16:8e0d178b1d1e 18467 WC_RNG rng;
wolfSSL 16:8e0d178b1d1e 18468
wolfSSL 16:8e0d178b1d1e 18469 WOLFSSL_ENTER("wolfSSL_DH_check");
wolfSSL 16:8e0d178b1d1e 18470 if (dh == NULL){
wolfSSL 16:8e0d178b1d1e 18471 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 18472 }
wolfSSL 16:8e0d178b1d1e 18473
wolfSSL 16:8e0d178b1d1e 18474 if (dh->g == NULL || dh->g->internal == NULL){
wolfSSL 16:8e0d178b1d1e 18475 codeTmp = DH_NOT_SUITABLE_GENERATOR;
wolfSSL 16:8e0d178b1d1e 18476 }
wolfSSL 16:8e0d178b1d1e 18477
wolfSSL 16:8e0d178b1d1e 18478 if (dh->p == NULL || dh->p->internal == NULL){
wolfSSL 16:8e0d178b1d1e 18479 codeTmp = DH_CHECK_P_NOT_PRIME;
wolfSSL 16:8e0d178b1d1e 18480 }
wolfSSL 16:8e0d178b1d1e 18481 else
wolfSSL 16:8e0d178b1d1e 18482 {
wolfSSL 16:8e0d178b1d1e 18483 /* test if dh->p has prime */
wolfSSL 16:8e0d178b1d1e 18484 if (wc_InitRng(&rng) == 0){
wolfSSL 16:8e0d178b1d1e 18485 mp_prime_is_prime_ex((mp_int*)dh->p->internal,8,&isPrime,&rng);
wolfSSL 16:8e0d178b1d1e 18486 }
wolfSSL 16:8e0d178b1d1e 18487 else {
wolfSSL 16:8e0d178b1d1e 18488 WOLFSSL_MSG("Error initializing rng\n");
wolfSSL 16:8e0d178b1d1e 18489 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 18490 }
wolfSSL 16:8e0d178b1d1e 18491 wc_FreeRng(&rng);
wolfSSL 16:8e0d178b1d1e 18492 if (isPrime != MP_YES){
wolfSSL 16:8e0d178b1d1e 18493 codeTmp = DH_CHECK_P_NOT_PRIME;
wolfSSL 16:8e0d178b1d1e 18494 }
wolfSSL 16:8e0d178b1d1e 18495 }
wolfSSL 16:8e0d178b1d1e 18496 /* User may choose to enter NULL for codes if they don't want to check it*/
wolfSSL 16:8e0d178b1d1e 18497 if (codes != NULL){
wolfSSL 16:8e0d178b1d1e 18498 *codes = codeTmp;
wolfSSL 16:8e0d178b1d1e 18499 }
wolfSSL 16:8e0d178b1d1e 18500
wolfSSL 16:8e0d178b1d1e 18501 /* if codeTmp was set,some check was flagged invalid */
wolfSSL 16:8e0d178b1d1e 18502 if (codeTmp){
wolfSSL 16:8e0d178b1d1e 18503 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 18504 }
wolfSSL 16:8e0d178b1d1e 18505
wolfSSL 16:8e0d178b1d1e 18506 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 18507 }
wolfSSL 16:8e0d178b1d1e 18508
wolfSSL 16:8e0d178b1d1e 18509 /* Converts DER encoded DH parameters to a WOLFSSL_DH structure.
wolfSSL 16:8e0d178b1d1e 18510 *
wolfSSL 16:8e0d178b1d1e 18511 * dh : structure to copy DH parameters into.
wolfSSL 16:8e0d178b1d1e 18512 * pp : DER encoded DH parameters
wolfSSL 16:8e0d178b1d1e 18513 * length : length to copy
wolfSSL 16:8e0d178b1d1e 18514 *
wolfSSL 16:8e0d178b1d1e 18515 * Returns pointer to WOLFSSL_DH structure on success, or NULL on failure
wolfSSL 16:8e0d178b1d1e 18516 */
wolfSSL 16:8e0d178b1d1e 18517 WOLFSSL_DH *wolfSSL_d2i_DHparams(WOLFSSL_DH **dh, const unsigned char **pp,
wolfSSL 16:8e0d178b1d1e 18518 long length)
wolfSSL 16:8e0d178b1d1e 18519 {
wolfSSL 16:8e0d178b1d1e 18520 WOLFSSL_DH *newDH = NULL;
wolfSSL 16:8e0d178b1d1e 18521 int ret;
wolfSSL 16:8e0d178b1d1e 18522 word32 idx = 0;
wolfSSL 16:8e0d178b1d1e 18523
wolfSSL 16:8e0d178b1d1e 18524 WOLFSSL_ENTER("wolfSSL_d2i_DHparams");
wolfSSL 16:8e0d178b1d1e 18525
wolfSSL 16:8e0d178b1d1e 18526 if (pp == NULL || length <= 0) {
wolfSSL 16:8e0d178b1d1e 18527 WOLFSSL_MSG("bad argument");
wolfSSL 16:8e0d178b1d1e 18528 return NULL;
wolfSSL 16:8e0d178b1d1e 18529 }
wolfSSL 16:8e0d178b1d1e 18530
wolfSSL 16:8e0d178b1d1e 18531 if ((newDH = wolfSSL_DH_new()) == NULL) {
wolfSSL 16:8e0d178b1d1e 18532 WOLFSSL_MSG("wolfSSL_DH_new() failed");
wolfSSL 16:8e0d178b1d1e 18533 return NULL;
wolfSSL 16:8e0d178b1d1e 18534 }
wolfSSL 16:8e0d178b1d1e 18535
wolfSSL 16:8e0d178b1d1e 18536 ret = wc_DhKeyDecode(*pp, &idx, (DhKey*)newDH->internal, (word32)length);
wolfSSL 16:8e0d178b1d1e 18537 if (ret != 0) {
wolfSSL 16:8e0d178b1d1e 18538 WOLFSSL_MSG("DhKeyDecode() failed");
wolfSSL 16:8e0d178b1d1e 18539 wolfSSL_DH_free(newDH);
wolfSSL 16:8e0d178b1d1e 18540 return NULL;
wolfSSL 16:8e0d178b1d1e 18541 }
wolfSSL 16:8e0d178b1d1e 18542 newDH->inSet = 1;
wolfSSL 16:8e0d178b1d1e 18543
wolfSSL 16:8e0d178b1d1e 18544 if (SetDhExternal(newDH) != WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 18545 WOLFSSL_MSG("SetDhExternal failed");
wolfSSL 16:8e0d178b1d1e 18546 wolfSSL_DH_free(newDH);
wolfSSL 16:8e0d178b1d1e 18547 return NULL;
wolfSSL 16:8e0d178b1d1e 18548 }
wolfSSL 16:8e0d178b1d1e 18549
wolfSSL 16:8e0d178b1d1e 18550 *pp += length;
wolfSSL 16:8e0d178b1d1e 18551 if (dh != NULL){
wolfSSL 16:8e0d178b1d1e 18552 *dh = newDH;
wolfSSL 16:8e0d178b1d1e 18553 }
wolfSSL 16:8e0d178b1d1e 18554
wolfSSL 16:8e0d178b1d1e 18555 return newDH;
wolfSSL 16:8e0d178b1d1e 18556 }
wolfSSL 16:8e0d178b1d1e 18557
wolfSSL 16:8e0d178b1d1e 18558 /* Converts internal WOLFSSL_DH structure to DER encoded DH.
wolfSSL 16:8e0d178b1d1e 18559 *
wolfSSL 16:8e0d178b1d1e 18560 * dh : structure to copy DH parameters from.
wolfSSL 16:8e0d178b1d1e 18561 * out : DER buffer for DH parameters
wolfSSL 16:8e0d178b1d1e 18562 *
wolfSSL 16:8e0d178b1d1e 18563 * Returns size of DER on success and WOLFSSL_FAILURE if error
wolfSSL 16:8e0d178b1d1e 18564 */
wolfSSL 16:8e0d178b1d1e 18565 int wolfSSL_i2d_DHparams(const WOLFSSL_DH *dh, unsigned char **out)
wolfSSL 16:8e0d178b1d1e 18566 {
wolfSSL 16:8e0d178b1d1e 18567 word32 len;
wolfSSL 16:8e0d178b1d1e 18568 int ret = 0;
wolfSSL 16:8e0d178b1d1e 18569
wolfSSL 16:8e0d178b1d1e 18570 WOLFSSL_ENTER("wolfSSL_i2d_DHparams");
wolfSSL 16:8e0d178b1d1e 18571
wolfSSL 16:8e0d178b1d1e 18572 if (dh == NULL) {
wolfSSL 16:8e0d178b1d1e 18573 WOLFSSL_MSG("Bad parameters");
wolfSSL 16:8e0d178b1d1e 18574 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 18575 }
wolfSSL 16:8e0d178b1d1e 18576
wolfSSL 16:8e0d178b1d1e 18577 /* Get total length */
wolfSSL 16:8e0d178b1d1e 18578 len = 2 + mp_leading_bit((mp_int*)dh->p->internal) +
wolfSSL 16:8e0d178b1d1e 18579 mp_unsigned_bin_size((mp_int*)dh->p->internal) +
wolfSSL 16:8e0d178b1d1e 18580 2 + mp_leading_bit((mp_int*)dh->g->internal) +
wolfSSL 16:8e0d178b1d1e 18581 mp_unsigned_bin_size((mp_int*)dh->g->internal);
wolfSSL 16:8e0d178b1d1e 18582
wolfSSL 16:8e0d178b1d1e 18583 /* Two bytes required for length if ASN.1 SEQ data greater than 127 bytes
wolfSSL 16:8e0d178b1d1e 18584 * and less than 256 bytes.
wolfSSL 16:8e0d178b1d1e 18585 */
wolfSSL 16:8e0d178b1d1e 18586 len = ((len > 127) ? 2 : 1) + len;
wolfSSL 16:8e0d178b1d1e 18587
wolfSSL 16:8e0d178b1d1e 18588 if (out != NULL && *out != NULL) {
wolfSSL 16:8e0d178b1d1e 18589 ret = StoreDHparams(*out, &len, (mp_int*)dh->p->internal,
wolfSSL 16:8e0d178b1d1e 18590 (mp_int*)dh->g->internal);
wolfSSL 16:8e0d178b1d1e 18591 if (ret != MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 18592 WOLFSSL_MSG("StoreDHparams error");
wolfSSL 16:8e0d178b1d1e 18593 len = 0;
wolfSSL 16:8e0d178b1d1e 18594 }
wolfSSL 16:8e0d178b1d1e 18595 else{
wolfSSL 16:8e0d178b1d1e 18596 *out += len;
wolfSSL 16:8e0d178b1d1e 18597 }
wolfSSL 16:8e0d178b1d1e 18598 }
wolfSSL 16:8e0d178b1d1e 18599 return (int)len;
wolfSSL 16:8e0d178b1d1e 18600 }
wolfSSL 16:8e0d178b1d1e 18601 #endif /* !NO_DH */
wolfSSL 16:8e0d178b1d1e 18602
wolfSSL 16:8e0d178b1d1e 18603 #endif /* OPENSSL_ALL */
wolfSSL 16:8e0d178b1d1e 18604
wolfSSL 15:117db924cf7c 18605 #endif /* OPENSSL_EXTRA */
wolfSSL 15:117db924cf7c 18606
wolfSSL 15:117db924cf7c 18607 #ifndef NO_FILESYSTEM
wolfSSL 15:117db924cf7c 18608
wolfSSL 15:117db924cf7c 18609 #ifndef NO_STDIO_FILESYSTEM
wolfSSL 15:117db924cf7c 18610
wolfSSL 15:117db924cf7c 18611 WOLFSSL_X509* wolfSSL_X509_d2i_fp(WOLFSSL_X509** x509, XFILE file)
wolfSSL 15:117db924cf7c 18612 {
wolfSSL 15:117db924cf7c 18613 WOLFSSL_X509* newX509 = NULL;
wolfSSL 15:117db924cf7c 18614
wolfSSL 15:117db924cf7c 18615 WOLFSSL_ENTER("wolfSSL_X509_d2i_fp");
wolfSSL 15:117db924cf7c 18616
wolfSSL 15:117db924cf7c 18617 if (file != XBADFILE) {
wolfSSL 15:117db924cf7c 18618 byte* fileBuffer = NULL;
wolfSSL 15:117db924cf7c 18619 long sz = 0;
wolfSSL 15:117db924cf7c 18620
wolfSSL 16:8e0d178b1d1e 18621 if (XFSEEK(file, 0, XSEEK_END) != 0)
wolfSSL 16:8e0d178b1d1e 18622 return NULL;
wolfSSL 15:117db924cf7c 18623 sz = XFTELL(file);
wolfSSL 15:117db924cf7c 18624 XREWIND(file);
wolfSSL 15:117db924cf7c 18625
wolfSSL 16:8e0d178b1d1e 18626 if (sz > MAX_WOLFSSL_FILE_SIZE || sz < 0) {
wolfSSL 16:8e0d178b1d1e 18627 WOLFSSL_MSG("X509_d2i file size error");
wolfSSL 15:117db924cf7c 18628 return NULL;
wolfSSL 15:117db924cf7c 18629 }
wolfSSL 15:117db924cf7c 18630
wolfSSL 15:117db924cf7c 18631 fileBuffer = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE);
wolfSSL 15:117db924cf7c 18632 if (fileBuffer != NULL) {
wolfSSL 15:117db924cf7c 18633 int ret = (int)XFREAD(fileBuffer, 1, sz, file);
wolfSSL 15:117db924cf7c 18634 if (ret == sz) {
wolfSSL 15:117db924cf7c 18635 newX509 = wolfSSL_X509_d2i(NULL, fileBuffer, (int)sz);
wolfSSL 15:117db924cf7c 18636 }
wolfSSL 15:117db924cf7c 18637 XFREE(fileBuffer, NULL, DYNAMIC_TYPE_FILE);
wolfSSL 15:117db924cf7c 18638 }
wolfSSL 15:117db924cf7c 18639 }
wolfSSL 15:117db924cf7c 18640
wolfSSL 15:117db924cf7c 18641 if (x509 != NULL)
wolfSSL 15:117db924cf7c 18642 *x509 = newX509;
wolfSSL 15:117db924cf7c 18643
wolfSSL 15:117db924cf7c 18644 return newX509;
wolfSSL 15:117db924cf7c 18645 }
wolfSSL 15:117db924cf7c 18646
wolfSSL 15:117db924cf7c 18647 #endif /* NO_STDIO_FILESYSTEM */
wolfSSL 15:117db924cf7c 18648
wolfSSL 16:8e0d178b1d1e 18649 WOLFSSL_ABI
wolfSSL 15:117db924cf7c 18650 WOLFSSL_X509* wolfSSL_X509_load_certificate_file(const char* fname, int format)
wolfSSL 15:117db924cf7c 18651 {
wolfSSL 15:117db924cf7c 18652 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 18653 byte staticBuffer[1]; /* force heap usage */
wolfSSL 15:117db924cf7c 18654 #else
wolfSSL 15:117db924cf7c 18655 byte staticBuffer[FILE_BUFFER_SIZE];
wolfSSL 15:117db924cf7c 18656 #endif
wolfSSL 15:117db924cf7c 18657 byte* fileBuffer = staticBuffer;
wolfSSL 15:117db924cf7c 18658 int dynamic = 0;
wolfSSL 15:117db924cf7c 18659 int ret;
wolfSSL 15:117db924cf7c 18660 long sz = 0;
wolfSSL 15:117db924cf7c 18661 XFILE file;
wolfSSL 15:117db924cf7c 18662
wolfSSL 15:117db924cf7c 18663 WOLFSSL_X509* x509 = NULL;
wolfSSL 15:117db924cf7c 18664
wolfSSL 15:117db924cf7c 18665 /* Check the inputs */
wolfSSL 15:117db924cf7c 18666 if ((fname == NULL) ||
wolfSSL 15:117db924cf7c 18667 (format != WOLFSSL_FILETYPE_ASN1 && format != WOLFSSL_FILETYPE_PEM))
wolfSSL 15:117db924cf7c 18668 return NULL;
wolfSSL 15:117db924cf7c 18669
wolfSSL 15:117db924cf7c 18670 file = XFOPEN(fname, "rb");
wolfSSL 15:117db924cf7c 18671 if (file == XBADFILE)
wolfSSL 15:117db924cf7c 18672 return NULL;
wolfSSL 15:117db924cf7c 18673
wolfSSL 16:8e0d178b1d1e 18674 if (XFSEEK(file, 0, XSEEK_END) != 0){
wolfSSL 16:8e0d178b1d1e 18675 XFCLOSE(file);
wolfSSL 16:8e0d178b1d1e 18676 return NULL;
wolfSSL 16:8e0d178b1d1e 18677 }
wolfSSL 15:117db924cf7c 18678 sz = XFTELL(file);
wolfSSL 15:117db924cf7c 18679 XREWIND(file);
wolfSSL 15:117db924cf7c 18680
wolfSSL 16:8e0d178b1d1e 18681 if (sz > MAX_WOLFSSL_FILE_SIZE || sz < 0) {
wolfSSL 16:8e0d178b1d1e 18682 WOLFSSL_MSG("X509_load_certificate_file size error");
wolfSSL 16:8e0d178b1d1e 18683 XFCLOSE(file);
wolfSSL 16:8e0d178b1d1e 18684 return NULL;
wolfSSL 16:8e0d178b1d1e 18685 }
wolfSSL 16:8e0d178b1d1e 18686
wolfSSL 15:117db924cf7c 18687 if (sz > (long)sizeof(staticBuffer)) {
wolfSSL 15:117db924cf7c 18688 fileBuffer = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE);
wolfSSL 15:117db924cf7c 18689 if (fileBuffer == NULL) {
wolfSSL 15:117db924cf7c 18690 XFCLOSE(file);
wolfSSL 15:117db924cf7c 18691 return NULL;
wolfSSL 15:117db924cf7c 18692 }
wolfSSL 15:117db924cf7c 18693 dynamic = 1;
wolfSSL 15:117db924cf7c 18694 }
wolfSSL 15:117db924cf7c 18695
wolfSSL 15:117db924cf7c 18696 ret = (int)XFREAD(fileBuffer, 1, sz, file);
wolfSSL 15:117db924cf7c 18697 if (ret != sz) {
wolfSSL 15:117db924cf7c 18698 XFCLOSE(file);
wolfSSL 15:117db924cf7c 18699 if (dynamic)
wolfSSL 15:117db924cf7c 18700 XFREE(fileBuffer, NULL, DYNAMIC_TYPE_FILE);
wolfSSL 15:117db924cf7c 18701 return NULL;
wolfSSL 15:117db924cf7c 18702 }
wolfSSL 15:117db924cf7c 18703
wolfSSL 15:117db924cf7c 18704 XFCLOSE(file);
wolfSSL 15:117db924cf7c 18705
wolfSSL 15:117db924cf7c 18706 x509 = wolfSSL_X509_load_certificate_buffer(fileBuffer, (int)sz, format);
wolfSSL 15:117db924cf7c 18707
wolfSSL 15:117db924cf7c 18708 if (dynamic)
wolfSSL 15:117db924cf7c 18709 XFREE(fileBuffer, NULL, DYNAMIC_TYPE_FILE);
wolfSSL 15:117db924cf7c 18710
wolfSSL 15:117db924cf7c 18711 return x509;
wolfSSL 15:117db924cf7c 18712 }
wolfSSL 15:117db924cf7c 18713
wolfSSL 15:117db924cf7c 18714 #endif /* NO_FILESYSTEM */
wolfSSL 15:117db924cf7c 18715
wolfSSL 15:117db924cf7c 18716
wolfSSL 15:117db924cf7c 18717 WOLFSSL_X509* wolfSSL_X509_load_certificate_buffer(
wolfSSL 15:117db924cf7c 18718 const unsigned char* buf, int sz, int format)
wolfSSL 15:117db924cf7c 18719 {
wolfSSL 15:117db924cf7c 18720 int ret;
wolfSSL 15:117db924cf7c 18721 WOLFSSL_X509* x509 = NULL;
wolfSSL 15:117db924cf7c 18722 DerBuffer* der = NULL;
wolfSSL 15:117db924cf7c 18723
wolfSSL 15:117db924cf7c 18724 WOLFSSL_ENTER("wolfSSL_X509_load_certificate_ex");
wolfSSL 15:117db924cf7c 18725
wolfSSL 15:117db924cf7c 18726 if (format == WOLFSSL_FILETYPE_PEM) {
wolfSSL 15:117db924cf7c 18727 #ifdef WOLFSSL_PEM_TO_DER
wolfSSL 15:117db924cf7c 18728 if (PemToDer(buf, sz, CERT_TYPE, &der, NULL, NULL, NULL) != 0) {
wolfSSL 15:117db924cf7c 18729 FreeDer(&der);
wolfSSL 15:117db924cf7c 18730 }
wolfSSL 15:117db924cf7c 18731 #else
wolfSSL 15:117db924cf7c 18732 ret = NOT_COMPILED_IN;
wolfSSL 15:117db924cf7c 18733 #endif
wolfSSL 15:117db924cf7c 18734 }
wolfSSL 15:117db924cf7c 18735 else {
wolfSSL 15:117db924cf7c 18736 ret = AllocDer(&der, (word32)sz, CERT_TYPE, NULL);
wolfSSL 15:117db924cf7c 18737 if (ret == 0) {
wolfSSL 15:117db924cf7c 18738 XMEMCPY(der->buffer, buf, sz);
wolfSSL 15:117db924cf7c 18739 }
wolfSSL 15:117db924cf7c 18740 }
wolfSSL 15:117db924cf7c 18741
wolfSSL 15:117db924cf7c 18742 /* At this point we want `der` to have the certificate in DER format */
wolfSSL 15:117db924cf7c 18743 /* ready to be decoded. */
wolfSSL 15:117db924cf7c 18744 if (der != NULL && der->buffer != NULL) {
wolfSSL 15:117db924cf7c 18745 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 16:8e0d178b1d1e 18746 DecodedCert* cert;
wolfSSL 15:117db924cf7c 18747 #else
wolfSSL 15:117db924cf7c 18748 DecodedCert cert[1];
wolfSSL 15:117db924cf7c 18749 #endif
wolfSSL 15:117db924cf7c 18750
wolfSSL 15:117db924cf7c 18751 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 18752 cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL,
wolfSSL 15:117db924cf7c 18753 DYNAMIC_TYPE_DCERT);
wolfSSL 15:117db924cf7c 18754 if (cert != NULL)
wolfSSL 15:117db924cf7c 18755 #endif
wolfSSL 15:117db924cf7c 18756 {
wolfSSL 15:117db924cf7c 18757 InitDecodedCert(cert, der->buffer, der->length, NULL);
wolfSSL 15:117db924cf7c 18758 if (ParseCertRelative(cert, CERT_TYPE, 0, NULL) == 0) {
wolfSSL 15:117db924cf7c 18759 x509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), NULL,
wolfSSL 15:117db924cf7c 18760 DYNAMIC_TYPE_X509);
wolfSSL 15:117db924cf7c 18761 if (x509 != NULL) {
wolfSSL 15:117db924cf7c 18762 InitX509(x509, 1, NULL);
wolfSSL 15:117db924cf7c 18763 if (CopyDecodedToX509(x509, cert) != 0) {
wolfSSL 16:8e0d178b1d1e 18764 wolfSSL_X509_free(x509);
wolfSSL 15:117db924cf7c 18765 x509 = NULL;
wolfSSL 15:117db924cf7c 18766 }
wolfSSL 15:117db924cf7c 18767 }
wolfSSL 15:117db924cf7c 18768 }
wolfSSL 15:117db924cf7c 18769
wolfSSL 15:117db924cf7c 18770 FreeDecodedCert(cert);
wolfSSL 15:117db924cf7c 18771 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 18772 XFREE(cert, NULL, DYNAMIC_TYPE_DCERT);
wolfSSL 15:117db924cf7c 18773 #endif
wolfSSL 15:117db924cf7c 18774 }
wolfSSL 15:117db924cf7c 18775
wolfSSL 15:117db924cf7c 18776 FreeDer(&der);
wolfSSL 15:117db924cf7c 18777 }
wolfSSL 15:117db924cf7c 18778
wolfSSL 15:117db924cf7c 18779 return x509;
wolfSSL 15:117db924cf7c 18780 }
wolfSSL 15:117db924cf7c 18781
wolfSSL 15:117db924cf7c 18782 #endif /* KEEP_PEER_CERT || SESSION_CERTS */
wolfSSL 15:117db924cf7c 18783
wolfSSL 15:117db924cf7c 18784 /* OPENSSL_EXTRA is needed for wolfSSL_X509_d21 function
wolfSSL 15:117db924cf7c 18785 KEEP_OUR_CERT is to insure ability for returning ssl certificate */
wolfSSL 16:8e0d178b1d1e 18786 #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
wolfSSL 16:8e0d178b1d1e 18787 defined(KEEP_OUR_CERT)
wolfSSL 15:117db924cf7c 18788 WOLFSSL_X509* wolfSSL_get_certificate(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 18789 {
wolfSSL 15:117db924cf7c 18790 if (ssl == NULL) {
wolfSSL 15:117db924cf7c 18791 return NULL;
wolfSSL 15:117db924cf7c 18792 }
wolfSSL 15:117db924cf7c 18793
wolfSSL 15:117db924cf7c 18794 if (ssl->buffers.weOwnCert) {
wolfSSL 15:117db924cf7c 18795 if (ssl->ourCert == NULL) {
wolfSSL 15:117db924cf7c 18796 if (ssl->buffers.certificate == NULL) {
wolfSSL 15:117db924cf7c 18797 WOLFSSL_MSG("Certificate buffer not set!");
wolfSSL 15:117db924cf7c 18798 return NULL;
wolfSSL 15:117db924cf7c 18799 }
wolfSSL 16:8e0d178b1d1e 18800 #ifndef WOLFSSL_X509_STORE_CERTS
wolfSSL 15:117db924cf7c 18801 ssl->ourCert = wolfSSL_X509_d2i(NULL,
wolfSSL 15:117db924cf7c 18802 ssl->buffers.certificate->buffer,
wolfSSL 15:117db924cf7c 18803 ssl->buffers.certificate->length);
wolfSSL 16:8e0d178b1d1e 18804 #endif
wolfSSL 15:117db924cf7c 18805 }
wolfSSL 15:117db924cf7c 18806 return ssl->ourCert;
wolfSSL 15:117db924cf7c 18807 }
wolfSSL 15:117db924cf7c 18808 else { /* if cert not owned get parent ctx cert or return null */
wolfSSL 15:117db924cf7c 18809 if (ssl->ctx) {
wolfSSL 15:117db924cf7c 18810 if (ssl->ctx->ourCert == NULL) {
wolfSSL 15:117db924cf7c 18811 if (ssl->ctx->certificate == NULL) {
wolfSSL 15:117db924cf7c 18812 WOLFSSL_MSG("Ctx Certificate buffer not set!");
wolfSSL 15:117db924cf7c 18813 return NULL;
wolfSSL 15:117db924cf7c 18814 }
wolfSSL 16:8e0d178b1d1e 18815 #ifndef WOLFSSL_X509_STORE_CERTS
wolfSSL 15:117db924cf7c 18816 ssl->ctx->ourCert = wolfSSL_X509_d2i(NULL,
wolfSSL 15:117db924cf7c 18817 ssl->ctx->certificate->buffer,
wolfSSL 15:117db924cf7c 18818 ssl->ctx->certificate->length);
wolfSSL 16:8e0d178b1d1e 18819 #endif
wolfSSL 15:117db924cf7c 18820 ssl->ctx->ownOurCert = 1;
wolfSSL 15:117db924cf7c 18821 }
wolfSSL 15:117db924cf7c 18822 return ssl->ctx->ourCert;
wolfSSL 15:117db924cf7c 18823 }
wolfSSL 15:117db924cf7c 18824 }
wolfSSL 15:117db924cf7c 18825
wolfSSL 15:117db924cf7c 18826 return NULL;
wolfSSL 15:117db924cf7c 18827 }
wolfSSL 15:117db924cf7c 18828 #endif /* OPENSSL_EXTRA && KEEP_OUR_CERT */
wolfSSL 15:117db924cf7c 18829 #endif /* NO_CERTS */
wolfSSL 15:117db924cf7c 18830
wolfSSL 15:117db924cf7c 18831
wolfSSL 16:8e0d178b1d1e 18832 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
wolfSSL 16:8e0d178b1d1e 18833 #ifndef NO_ASN
wolfSSL 16:8e0d178b1d1e 18834 void wolfSSL_ASN1_OBJECT_free(WOLFSSL_ASN1_OBJECT* obj)
wolfSSL 16:8e0d178b1d1e 18835 {
wolfSSL 16:8e0d178b1d1e 18836 if (obj == NULL) {
wolfSSL 16:8e0d178b1d1e 18837 return;
wolfSSL 16:8e0d178b1d1e 18838 }
wolfSSL 16:8e0d178b1d1e 18839 if ((obj->obj != NULL) && ((obj->dynamic & WOLFSSL_ASN1_DYNAMIC_DATA) != 0)) {
wolfSSL 16:8e0d178b1d1e 18840 WOLFSSL_MSG("Freeing ASN1 data");
wolfSSL 16:8e0d178b1d1e 18841 XFREE((void*)obj->obj, obj->heap, DYNAMIC_TYPE_ASN1);
wolfSSL 16:8e0d178b1d1e 18842 obj->obj = NULL;
wolfSSL 16:8e0d178b1d1e 18843 }
wolfSSL 16:8e0d178b1d1e 18844 #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL)
wolfSSL 16:8e0d178b1d1e 18845 if (obj->pathlen != NULL) {
wolfSSL 16:8e0d178b1d1e 18846 wolfSSL_ASN1_INTEGER_free(obj->pathlen);
wolfSSL 16:8e0d178b1d1e 18847 obj->pathlen = NULL;
wolfSSL 16:8e0d178b1d1e 18848 }
wolfSSL 16:8e0d178b1d1e 18849 #endif
wolfSSL 16:8e0d178b1d1e 18850 if ((obj->dynamic & WOLFSSL_ASN1_DYNAMIC) != 0) {
wolfSSL 16:8e0d178b1d1e 18851 WOLFSSL_MSG("Freeing ASN1 OBJECT");
wolfSSL 16:8e0d178b1d1e 18852 XFREE(obj, NULL, DYNAMIC_TYPE_ASN1);
wolfSSL 16:8e0d178b1d1e 18853 }
wolfSSL 16:8e0d178b1d1e 18854 }
wolfSSL 16:8e0d178b1d1e 18855 #endif /* NO_ASN */
wolfSSL 16:8e0d178b1d1e 18856 #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
wolfSSL 16:8e0d178b1d1e 18857
wolfSSL 16:8e0d178b1d1e 18858 #ifdef OPENSSL_EXTRA
wolfSSL 16:8e0d178b1d1e 18859 #ifndef NO_ASN
wolfSSL 16:8e0d178b1d1e 18860 WOLFSSL_ASN1_OBJECT* wolfSSL_ASN1_OBJECT_new(void)
wolfSSL 16:8e0d178b1d1e 18861 {
wolfSSL 16:8e0d178b1d1e 18862 WOLFSSL_ASN1_OBJECT* obj;
wolfSSL 16:8e0d178b1d1e 18863
wolfSSL 16:8e0d178b1d1e 18864 obj = (WOLFSSL_ASN1_OBJECT*)XMALLOC(sizeof(WOLFSSL_ASN1_OBJECT), NULL,
wolfSSL 16:8e0d178b1d1e 18865 DYNAMIC_TYPE_ASN1);
wolfSSL 16:8e0d178b1d1e 18866 if (obj == NULL) {
wolfSSL 16:8e0d178b1d1e 18867 return NULL;
wolfSSL 16:8e0d178b1d1e 18868 }
wolfSSL 16:8e0d178b1d1e 18869
wolfSSL 16:8e0d178b1d1e 18870 XMEMSET(obj, 0, sizeof(WOLFSSL_ASN1_OBJECT));
wolfSSL 16:8e0d178b1d1e 18871 obj->d.ia5 = &(obj->d.ia5_internal);
wolfSSL 16:8e0d178b1d1e 18872 #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL)
wolfSSL 16:8e0d178b1d1e 18873 obj->d.iPAddress = &(obj->d.iPAddress_internal);
wolfSSL 16:8e0d178b1d1e 18874 #endif
wolfSSL 16:8e0d178b1d1e 18875 obj->dynamic |= WOLFSSL_ASN1_DYNAMIC;
wolfSSL 16:8e0d178b1d1e 18876 return obj;
wolfSSL 16:8e0d178b1d1e 18877 }
wolfSSL 16:8e0d178b1d1e 18878
wolfSSL 16:8e0d178b1d1e 18879 /* Creates and returns a new WOLFSSL_CIPHER stack. */
wolfSSL 16:8e0d178b1d1e 18880 WOLFSSL_STACK* wolfSSL_sk_new_asn1_obj(void)
wolfSSL 16:8e0d178b1d1e 18881 {
wolfSSL 16:8e0d178b1d1e 18882 WOLFSSL_STACK* sk;
wolfSSL 16:8e0d178b1d1e 18883 WOLFSSL_ENTER("wolfSSL_sk_new_asn1_obj");
wolfSSL 16:8e0d178b1d1e 18884
wolfSSL 16:8e0d178b1d1e 18885 sk = wolfSSL_sk_new_null();
wolfSSL 16:8e0d178b1d1e 18886 if (sk == NULL)
wolfSSL 16:8e0d178b1d1e 18887 return NULL;
wolfSSL 16:8e0d178b1d1e 18888 sk->type = STACK_TYPE_OBJ;
wolfSSL 16:8e0d178b1d1e 18889
wolfSSL 16:8e0d178b1d1e 18890 return sk;
wolfSSL 16:8e0d178b1d1e 18891 }
wolfSSL 16:8e0d178b1d1e 18892
wolfSSL 15:117db924cf7c 18893 /* return 1 on success 0 on fail */
wolfSSL 16:8e0d178b1d1e 18894 int wolfSSL_sk_ASN1_OBJECT_push(WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)* sk,
wolfSSL 16:8e0d178b1d1e 18895 WOLFSSL_ASN1_OBJECT* obj)
wolfSSL 15:117db924cf7c 18896 {
wolfSSL 15:117db924cf7c 18897 WOLFSSL_STACK* node;
wolfSSL 15:117db924cf7c 18898
wolfSSL 16:8e0d178b1d1e 18899 WOLFSSL_ENTER("wolfSSL_sk_ASN1_OBJECT_push");
wolfSSL 16:8e0d178b1d1e 18900
wolfSSL 15:117db924cf7c 18901 if (sk == NULL || obj == NULL) {
wolfSSL 15:117db924cf7c 18902 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 18903 }
wolfSSL 15:117db924cf7c 18904
wolfSSL 15:117db924cf7c 18905 /* no previous values in stack */
wolfSSL 15:117db924cf7c 18906 if (sk->data.obj == NULL) {
wolfSSL 15:117db924cf7c 18907 sk->data.obj = obj;
wolfSSL 15:117db924cf7c 18908 sk->num += 1;
wolfSSL 15:117db924cf7c 18909 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 18910 }
wolfSSL 15:117db924cf7c 18911
wolfSSL 15:117db924cf7c 18912 /* stack already has value(s) create a new node and add more */
wolfSSL 15:117db924cf7c 18913 node = (WOLFSSL_STACK*)XMALLOC(sizeof(WOLFSSL_STACK), NULL,
wolfSSL 15:117db924cf7c 18914 DYNAMIC_TYPE_ASN1);
wolfSSL 15:117db924cf7c 18915 if (node == NULL) {
wolfSSL 15:117db924cf7c 18916 WOLFSSL_MSG("Memory error");
wolfSSL 15:117db924cf7c 18917 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 18918 }
wolfSSL 15:117db924cf7c 18919 XMEMSET(node, 0, sizeof(WOLFSSL_STACK));
wolfSSL 15:117db924cf7c 18920
wolfSSL 15:117db924cf7c 18921 /* push new obj onto head of stack */
wolfSSL 16:8e0d178b1d1e 18922 node->data.obj = sk->data.obj;
wolfSSL 15:117db924cf7c 18923 node->next = sk->next;
wolfSSL 16:8e0d178b1d1e 18924 node->type = sk->type;
wolfSSL 15:117db924cf7c 18925 sk->next = node;
wolfSSL 16:8e0d178b1d1e 18926 sk->data.obj = obj;
wolfSSL 15:117db924cf7c 18927 sk->num += 1;
wolfSSL 15:117db924cf7c 18928
wolfSSL 15:117db924cf7c 18929 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 18930 }
wolfSSL 15:117db924cf7c 18931
wolfSSL 15:117db924cf7c 18932
wolfSSL 16:8e0d178b1d1e 18933 WOLFSSL_ASN1_OBJECT* wolfSSL_sk_ASN1_OBJECT_pop(
wolfSSL 16:8e0d178b1d1e 18934 WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)* sk)
wolfSSL 15:117db924cf7c 18935 {
wolfSSL 15:117db924cf7c 18936 WOLFSSL_STACK* node;
wolfSSL 16:8e0d178b1d1e 18937 WOLFSSL_ASN1_OBJECT* obj;
wolfSSL 15:117db924cf7c 18938
wolfSSL 15:117db924cf7c 18939 if (sk == NULL) {
wolfSSL 15:117db924cf7c 18940 return NULL;
wolfSSL 15:117db924cf7c 18941 }
wolfSSL 15:117db924cf7c 18942
wolfSSL 15:117db924cf7c 18943 node = sk->next;
wolfSSL 15:117db924cf7c 18944 obj = sk->data.obj;
wolfSSL 15:117db924cf7c 18945
wolfSSL 15:117db924cf7c 18946 if (node != NULL) { /* update sk and remove node from stack */
wolfSSL 15:117db924cf7c 18947 sk->data.obj = node->data.obj;
wolfSSL 15:117db924cf7c 18948 sk->next = node->next;
wolfSSL 15:117db924cf7c 18949 XFREE(node, NULL, DYNAMIC_TYPE_ASN1);
wolfSSL 15:117db924cf7c 18950 }
wolfSSL 15:117db924cf7c 18951 else { /* last obj in stack */
wolfSSL 15:117db924cf7c 18952 sk->data.obj = NULL;
wolfSSL 15:117db924cf7c 18953 }
wolfSSL 15:117db924cf7c 18954
wolfSSL 15:117db924cf7c 18955 if (sk->num > 0) {
wolfSSL 15:117db924cf7c 18956 sk->num -= 1;
wolfSSL 15:117db924cf7c 18957 }
wolfSSL 15:117db924cf7c 18958
wolfSSL 15:117db924cf7c 18959 return obj;
wolfSSL 15:117db924cf7c 18960 }
wolfSSL 15:117db924cf7c 18961
wolfSSL 15:117db924cf7c 18962
wolfSSL 16:8e0d178b1d1e 18963 /* Free the structure for ASN1_OBJECT stack
wolfSSL 16:8e0d178b1d1e 18964 *
wolfSSL 16:8e0d178b1d1e 18965 * sk stack to free nodes in
wolfSSL 16:8e0d178b1d1e 18966 */
wolfSSL 15:117db924cf7c 18967 void wolfSSL_sk_ASN1_OBJECT_free(WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)* sk)
wolfSSL 15:117db924cf7c 18968 {
wolfSSL 16:8e0d178b1d1e 18969 wolfSSL_sk_ASN1_OBJECT_pop_free(sk, NULL);
wolfSSL 16:8e0d178b1d1e 18970 }
wolfSSL 16:8e0d178b1d1e 18971
wolfSSL 16:8e0d178b1d1e 18972 /* Free's all nodes in ASN1_OBJECT stack.
wolfSSL 16:8e0d178b1d1e 18973 * This is different then wolfSSL_ASN1_OBJECT_free in that it allows for
wolfSSL 16:8e0d178b1d1e 18974 * choosing the function to use when freeing an ASN1_OBJECT stack.
wolfSSL 16:8e0d178b1d1e 18975 *
wolfSSL 16:8e0d178b1d1e 18976 * sk stack to free nodes in
wolfSSL 16:8e0d178b1d1e 18977 * f X509 free function
wolfSSL 16:8e0d178b1d1e 18978 */
wolfSSL 16:8e0d178b1d1e 18979 void wolfSSL_sk_ASN1_OBJECT_pop_free(WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)* sk,
wolfSSL 16:8e0d178b1d1e 18980 void (*f) (WOLFSSL_ASN1_OBJECT*))
wolfSSL 16:8e0d178b1d1e 18981 {
wolfSSL 15:117db924cf7c 18982 WOLFSSL_STACK* node;
wolfSSL 15:117db924cf7c 18983
wolfSSL 16:8e0d178b1d1e 18984 WOLFSSL_ENTER("wolfSSL_sk_ASN1_OBJECT_pop_free");
wolfSSL 16:8e0d178b1d1e 18985
wolfSSL 15:117db924cf7c 18986 if (sk == NULL) {
wolfSSL 16:8e0d178b1d1e 18987 WOLFSSL_MSG("Parameter error");
wolfSSL 15:117db924cf7c 18988 return;
wolfSSL 15:117db924cf7c 18989 }
wolfSSL 15:117db924cf7c 18990
wolfSSL 15:117db924cf7c 18991 /* parse through stack freeing each node */
wolfSSL 15:117db924cf7c 18992 node = sk->next;
wolfSSL 16:8e0d178b1d1e 18993 while (node && sk->num > 1) {
wolfSSL 15:117db924cf7c 18994 WOLFSSL_STACK* tmp = node;
wolfSSL 15:117db924cf7c 18995 node = node->next;
wolfSSL 15:117db924cf7c 18996
wolfSSL 16:8e0d178b1d1e 18997 if (f)
wolfSSL 16:8e0d178b1d1e 18998 f(tmp->data.obj);
wolfSSL 16:8e0d178b1d1e 18999 else
wolfSSL 16:8e0d178b1d1e 19000 wolfSSL_ASN1_OBJECT_free(tmp->data.obj);
wolfSSL 16:8e0d178b1d1e 19001 tmp->data.obj = NULL;
wolfSSL 15:117db924cf7c 19002 XFREE(tmp, NULL, DYNAMIC_TYPE_ASN1);
wolfSSL 15:117db924cf7c 19003 sk->num -= 1;
wolfSSL 15:117db924cf7c 19004 }
wolfSSL 15:117db924cf7c 19005
wolfSSL 15:117db924cf7c 19006 /* free head of stack */
wolfSSL 15:117db924cf7c 19007 if (sk->num == 1) {
wolfSSL 16:8e0d178b1d1e 19008 if (f)
wolfSSL 16:8e0d178b1d1e 19009 f(sk->data.obj);
wolfSSL 16:8e0d178b1d1e 19010 else
wolfSSL 16:8e0d178b1d1e 19011 wolfSSL_ASN1_OBJECT_free(sk->data.obj);
wolfSSL 16:8e0d178b1d1e 19012 sk->data.obj = NULL;
wolfSSL 15:117db924cf7c 19013 }
wolfSSL 15:117db924cf7c 19014 XFREE(sk, NULL, DYNAMIC_TYPE_ASN1);
wolfSSL 15:117db924cf7c 19015 }
wolfSSL 15:117db924cf7c 19016
wolfSSL 15:117db924cf7c 19017 int wolfSSL_ASN1_STRING_to_UTF8(unsigned char **out, WOLFSSL_ASN1_STRING *in)
wolfSSL 15:117db924cf7c 19018 {
wolfSSL 15:117db924cf7c 19019 /*
wolfSSL 15:117db924cf7c 19020 ASN1_STRING_to_UTF8() converts the string in to UTF8 format,
wolfSSL 15:117db924cf7c 19021 the converted data is allocated in a buffer in *out.
wolfSSL 15:117db924cf7c 19022 The length of out is returned or a negative error code.
wolfSSL 15:117db924cf7c 19023 The buffer *out should be free using OPENSSL_free().
wolfSSL 15:117db924cf7c 19024 */
wolfSSL 16:8e0d178b1d1e 19025 unsigned char* buf;
wolfSSL 16:8e0d178b1d1e 19026 unsigned char* inPtr;
wolfSSL 16:8e0d178b1d1e 19027 int inLen;
wolfSSL 16:8e0d178b1d1e 19028
wolfSSL 16:8e0d178b1d1e 19029 if (!out || !in) {
wolfSSL 16:8e0d178b1d1e 19030 return -1;
wolfSSL 16:8e0d178b1d1e 19031 }
wolfSSL 16:8e0d178b1d1e 19032
wolfSSL 16:8e0d178b1d1e 19033 inPtr = wolfSSL_ASN1_STRING_data(in);
wolfSSL 16:8e0d178b1d1e 19034 inLen = wolfSSL_ASN1_STRING_length(in);
wolfSSL 16:8e0d178b1d1e 19035 if (!inPtr || inLen < 0) {
wolfSSL 16:8e0d178b1d1e 19036 return -1;
wolfSSL 16:8e0d178b1d1e 19037 }
wolfSSL 16:8e0d178b1d1e 19038 buf = (unsigned char*)XMALLOC(inLen + 1, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL 16:8e0d178b1d1e 19039 if (!buf) {
wolfSSL 16:8e0d178b1d1e 19040 return -1;
wolfSSL 16:8e0d178b1d1e 19041 }
wolfSSL 16:8e0d178b1d1e 19042 XMEMCPY(buf, inPtr, inLen + 1);
wolfSSL 16:8e0d178b1d1e 19043 *out = buf;
wolfSSL 16:8e0d178b1d1e 19044 return inLen;
wolfSSL 16:8e0d178b1d1e 19045 }
wolfSSL 16:8e0d178b1d1e 19046
wolfSSL 16:8e0d178b1d1e 19047 /* Returns string representation of ASN1_STRING */
wolfSSL 16:8e0d178b1d1e 19048 char* wolfSSL_i2s_ASN1_STRING(WOLFSSL_v3_ext_method *method,
wolfSSL 16:8e0d178b1d1e 19049 const WOLFSSL_ASN1_STRING *s)
wolfSSL 16:8e0d178b1d1e 19050 {
wolfSSL 16:8e0d178b1d1e 19051 int i;
wolfSSL 16:8e0d178b1d1e 19052 int tmpSz = 100;
wolfSSL 16:8e0d178b1d1e 19053 int valSz = 5;
wolfSSL 16:8e0d178b1d1e 19054 char* tmp;
wolfSSL 16:8e0d178b1d1e 19055 char val[5];
wolfSSL 16:8e0d178b1d1e 19056 unsigned char* str;
wolfSSL 16:8e0d178b1d1e 19057
wolfSSL 16:8e0d178b1d1e 19058 WOLFSSL_ENTER("wolfSSL_i2s_ASN1_STRING");
wolfSSL 16:8e0d178b1d1e 19059 (void)method;
wolfSSL 16:8e0d178b1d1e 19060
wolfSSL 16:8e0d178b1d1e 19061 if(s == NULL || s->data == NULL) {
wolfSSL 16:8e0d178b1d1e 19062 WOLFSSL_MSG("Bad Function Argument");
wolfSSL 16:8e0d178b1d1e 19063 return NULL;
wolfSSL 16:8e0d178b1d1e 19064 }
wolfSSL 16:8e0d178b1d1e 19065 str = (unsigned char*)XMALLOC(s->length, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 19066 if (str == NULL) {
wolfSSL 16:8e0d178b1d1e 19067 WOLFSSL_MSG("Memory Error");
wolfSSL 16:8e0d178b1d1e 19068 return NULL;
wolfSSL 16:8e0d178b1d1e 19069 }
wolfSSL 16:8e0d178b1d1e 19070 XMEMCPY(str, (unsigned char*)s->data, s->length);
wolfSSL 16:8e0d178b1d1e 19071
wolfSSL 16:8e0d178b1d1e 19072 tmp = (char*)XMALLOC(tmpSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 19073 if (tmp == NULL) {
wolfSSL 16:8e0d178b1d1e 19074 WOLFSSL_MSG("Memory Error");
wolfSSL 16:8e0d178b1d1e 19075 XFREE(str, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 19076 return NULL;
wolfSSL 16:8e0d178b1d1e 19077 }
wolfSSL 16:8e0d178b1d1e 19078 XMEMSET(tmp, 0, tmpSz);
wolfSSL 16:8e0d178b1d1e 19079
wolfSSL 16:8e0d178b1d1e 19080 for (i = 0; i < tmpSz && i < (s->length - 1); i++) {
wolfSSL 16:8e0d178b1d1e 19081 XSNPRINTF(val, valSz - 1, "%02X:", str[i]);
wolfSSL 16:8e0d178b1d1e 19082 XSTRNCAT(tmp, val, valSz);
wolfSSL 16:8e0d178b1d1e 19083 }
wolfSSL 16:8e0d178b1d1e 19084 XSNPRINTF(val, valSz - 1, "%02X", str[i]);
wolfSSL 16:8e0d178b1d1e 19085 XSTRNCAT(tmp, val, valSz);
wolfSSL 16:8e0d178b1d1e 19086 XFREE(str, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 19087
wolfSSL 16:8e0d178b1d1e 19088 return tmp;
wolfSSL 15:117db924cf7c 19089 }
wolfSSL 15:117db924cf7c 19090 #endif /* NO_ASN */
wolfSSL 15:117db924cf7c 19091
wolfSSL 15:117db924cf7c 19092 void wolfSSL_set_connect_state(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 19093 {
wolfSSL 16:8e0d178b1d1e 19094 WOLFSSL_ENTER("wolfSSL_set_connect_state");
wolfSSL 15:117db924cf7c 19095 if (ssl == NULL) {
wolfSSL 15:117db924cf7c 19096 WOLFSSL_MSG("WOLFSSL struct pointer passed in was null");
wolfSSL 15:117db924cf7c 19097 return;
wolfSSL 15:117db924cf7c 19098 }
wolfSSL 15:117db924cf7c 19099
wolfSSL 15:117db924cf7c 19100 #ifndef NO_DH
wolfSSL 15:117db924cf7c 19101 /* client creates its own DH parameters on handshake */
wolfSSL 15:117db924cf7c 19102 if (ssl->buffers.serverDH_P.buffer && ssl->buffers.weOwnDH) {
wolfSSL 15:117db924cf7c 19103 XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap,
wolfSSL 15:117db924cf7c 19104 DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 15:117db924cf7c 19105 }
wolfSSL 15:117db924cf7c 19106 ssl->buffers.serverDH_P.buffer = NULL;
wolfSSL 15:117db924cf7c 19107 if (ssl->buffers.serverDH_G.buffer && ssl->buffers.weOwnDH) {
wolfSSL 15:117db924cf7c 19108 XFREE(ssl->buffers.serverDH_G.buffer, ssl->heap,
wolfSSL 15:117db924cf7c 19109 DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 15:117db924cf7c 19110 }
wolfSSL 15:117db924cf7c 19111 ssl->buffers.serverDH_G.buffer = NULL;
wolfSSL 15:117db924cf7c 19112 #endif
wolfSSL 15:117db924cf7c 19113
wolfSSL 16:8e0d178b1d1e 19114 if (InitSSL_Side(ssl, WOLFSSL_CLIENT_END) != WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 19115 WOLFSSL_MSG("Error initializing client side");
wolfSSL 16:8e0d178b1d1e 19116 }
wolfSSL 16:8e0d178b1d1e 19117 }
wolfSSL 16:8e0d178b1d1e 19118 #endif /* OPENSSL_EXTRA */
wolfSSL 15:117db924cf7c 19119
wolfSSL 15:117db924cf7c 19120
wolfSSL 15:117db924cf7c 19121 int wolfSSL_get_shutdown(const WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 19122 {
wolfSSL 16:8e0d178b1d1e 19123 int isShutdown = 0;
wolfSSL 16:8e0d178b1d1e 19124
wolfSSL 15:117db924cf7c 19125 WOLFSSL_ENTER("wolfSSL_get_shutdown");
wolfSSL 16:8e0d178b1d1e 19126
wolfSSL 16:8e0d178b1d1e 19127 if (ssl) {
wolfSSL 16:8e0d178b1d1e 19128 /* in OpenSSL, WOLFSSL_SENT_SHUTDOWN = 1, when closeNotifySent *
wolfSSL 16:8e0d178b1d1e 19129 * WOLFSSL_RECEIVED_SHUTDOWN = 2, from close notify or fatal err */
wolfSSL 16:8e0d178b1d1e 19130 isShutdown = ((ssl->options.closeNotify||ssl->options.connReset) << 1)
wolfSSL 16:8e0d178b1d1e 19131 | (ssl->options.sentNotify);
wolfSSL 16:8e0d178b1d1e 19132 }
wolfSSL 16:8e0d178b1d1e 19133 return isShutdown;
wolfSSL 15:117db924cf7c 19134 }
wolfSSL 15:117db924cf7c 19135
wolfSSL 15:117db924cf7c 19136
wolfSSL 15:117db924cf7c 19137 int wolfSSL_session_reused(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 19138 {
wolfSSL 16:8e0d178b1d1e 19139 int resuming = 0;
wolfSSL 16:8e0d178b1d1e 19140 if (ssl)
wolfSSL 16:8e0d178b1d1e 19141 resuming = ssl->options.resuming;
wolfSSL 16:8e0d178b1d1e 19142 return resuming;
wolfSSL 15:117db924cf7c 19143 }
wolfSSL 15:117db924cf7c 19144
wolfSSL 15:117db924cf7c 19145 #if defined(OPENSSL_EXTRA) || defined(HAVE_EXT_CACHE)
wolfSSL 16:8e0d178b1d1e 19146 WOLFSSL_SESSION* wolfSSL_SESSION_dup(WOLFSSL_SESSION* session)
wolfSSL 16:8e0d178b1d1e 19147 {
wolfSSL 16:8e0d178b1d1e 19148 #ifdef HAVE_EXT_CACHE
wolfSSL 16:8e0d178b1d1e 19149 WOLFSSL_SESSION* copy;
wolfSSL 16:8e0d178b1d1e 19150
wolfSSL 16:8e0d178b1d1e 19151 WOLFSSL_ENTER("wolfSSL_SESSION_dup");
wolfSSL 16:8e0d178b1d1e 19152
wolfSSL 16:8e0d178b1d1e 19153 if (session == NULL)
wolfSSL 16:8e0d178b1d1e 19154 return NULL;
wolfSSL 16:8e0d178b1d1e 19155 #ifdef HAVE_SESSION_TICKET
wolfSSL 16:8e0d178b1d1e 19156 if (session->isDynamic && !session->ticket) {
wolfSSL 16:8e0d178b1d1e 19157 WOLFSSL_MSG("Session dynamic flag is set but ticket pointer is null");
wolfSSL 16:8e0d178b1d1e 19158 return NULL;
wolfSSL 16:8e0d178b1d1e 19159 }
wolfSSL 16:8e0d178b1d1e 19160 #endif
wolfSSL 16:8e0d178b1d1e 19161
wolfSSL 16:8e0d178b1d1e 19162 copy = (WOLFSSL_SESSION*)XMALLOC(sizeof(WOLFSSL_SESSION), NULL,
wolfSSL 16:8e0d178b1d1e 19163 DYNAMIC_TYPE_OPENSSL);
wolfSSL 16:8e0d178b1d1e 19164 if (copy != NULL) {
wolfSSL 16:8e0d178b1d1e 19165 XMEMCPY(copy, session, sizeof(WOLFSSL_SESSION));
wolfSSL 16:8e0d178b1d1e 19166 copy->isAlloced = 1;
wolfSSL 16:8e0d178b1d1e 19167 #ifdef HAVE_SESSION_TICKET
wolfSSL 16:8e0d178b1d1e 19168 if (session->isDynamic) {
wolfSSL 16:8e0d178b1d1e 19169 copy->ticket = (byte*)XMALLOC(session->ticketLen, NULL,
wolfSSL 16:8e0d178b1d1e 19170 DYNAMIC_TYPE_SESSION_TICK);
wolfSSL 16:8e0d178b1d1e 19171 XMEMCPY(copy->ticket, session->ticket, session->ticketLen);
wolfSSL 16:8e0d178b1d1e 19172 } else {
wolfSSL 16:8e0d178b1d1e 19173 copy->ticket = copy->staticTicket;
wolfSSL 16:8e0d178b1d1e 19174 }
wolfSSL 16:8e0d178b1d1e 19175 #endif
wolfSSL 16:8e0d178b1d1e 19176 #if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA)
wolfSSL 16:8e0d178b1d1e 19177 copy->peer = wolfSSL_X509_dup(session->peer);
wolfSSL 16:8e0d178b1d1e 19178 #endif
wolfSSL 16:8e0d178b1d1e 19179 }
wolfSSL 16:8e0d178b1d1e 19180 return copy;
wolfSSL 16:8e0d178b1d1e 19181 #else
wolfSSL 16:8e0d178b1d1e 19182 WOLFSSL_MSG("wolfSSL_SESSION_dup was called "
wolfSSL 16:8e0d178b1d1e 19183 "but HAVE_EXT_CACHE is not defined");
wolfSSL 16:8e0d178b1d1e 19184 (void)session;
wolfSSL 16:8e0d178b1d1e 19185 return NULL;
wolfSSL 16:8e0d178b1d1e 19186 #endif /* HAVE_EXT_CACHE */
wolfSSL 16:8e0d178b1d1e 19187 }
wolfSSL 16:8e0d178b1d1e 19188
wolfSSL 15:117db924cf7c 19189 void wolfSSL_SESSION_free(WOLFSSL_SESSION* session)
wolfSSL 15:117db924cf7c 19190 {
wolfSSL 15:117db924cf7c 19191 if (session == NULL)
wolfSSL 15:117db924cf7c 19192 return;
wolfSSL 15:117db924cf7c 19193
wolfSSL 16:8e0d178b1d1e 19194 #if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA)
wolfSSL 16:8e0d178b1d1e 19195 if (session->peer) {
wolfSSL 16:8e0d178b1d1e 19196 wolfSSL_X509_free(session->peer);
wolfSSL 16:8e0d178b1d1e 19197 }
wolfSSL 16:8e0d178b1d1e 19198 #endif
wolfSSL 16:8e0d178b1d1e 19199
wolfSSL 15:117db924cf7c 19200 #ifdef HAVE_EXT_CACHE
wolfSSL 15:117db924cf7c 19201 if (session->isAlloced) {
wolfSSL 15:117db924cf7c 19202 #ifdef HAVE_SESSION_TICKET
wolfSSL 15:117db924cf7c 19203 if (session->isDynamic)
wolfSSL 15:117db924cf7c 19204 XFREE(session->ticket, NULL, DYNAMIC_TYPE_SESSION_TICK);
wolfSSL 15:117db924cf7c 19205 #endif
wolfSSL 15:117db924cf7c 19206 XFREE(session, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL 15:117db924cf7c 19207 }
wolfSSL 15:117db924cf7c 19208 #else
wolfSSL 15:117db924cf7c 19209 /* No need to free since cache is static */
wolfSSL 15:117db924cf7c 19210 (void)session;
wolfSSL 15:117db924cf7c 19211 #endif
wolfSSL 15:117db924cf7c 19212 }
wolfSSL 15:117db924cf7c 19213 #endif
wolfSSL 15:117db924cf7c 19214
wolfSSL 16:8e0d178b1d1e 19215
wolfSSL 16:8e0d178b1d1e 19216 /* helper function that takes in a protocol version struct and returns string */
wolfSSL 16:8e0d178b1d1e 19217 static const char* wolfSSL_internal_get_version(ProtocolVersion* version)
wolfSSL 16:8e0d178b1d1e 19218 {
wolfSSL 16:8e0d178b1d1e 19219 WOLFSSL_ENTER("wolfSSL_get_version");
wolfSSL 16:8e0d178b1d1e 19220
wolfSSL 16:8e0d178b1d1e 19221 if (version == NULL) {
wolfSSL 16:8e0d178b1d1e 19222 return "Bad arg";
wolfSSL 16:8e0d178b1d1e 19223 }
wolfSSL 16:8e0d178b1d1e 19224
wolfSSL 16:8e0d178b1d1e 19225 if (version->major == SSLv3_MAJOR) {
wolfSSL 16:8e0d178b1d1e 19226 switch (version->minor) {
wolfSSL 15:117db924cf7c 19227 #ifndef NO_OLD_TLS
wolfSSL 15:117db924cf7c 19228 #ifdef WOLFSSL_ALLOW_SSLV3
wolfSSL 15:117db924cf7c 19229 case SSLv3_MINOR :
wolfSSL 15:117db924cf7c 19230 return "SSLv3";
wolfSSL 15:117db924cf7c 19231 #endif
wolfSSL 15:117db924cf7c 19232 #ifdef WOLFSSL_ALLOW_TLSV10
wolfSSL 15:117db924cf7c 19233 case TLSv1_MINOR :
wolfSSL 15:117db924cf7c 19234 return "TLSv1";
wolfSSL 15:117db924cf7c 19235 #endif
wolfSSL 15:117db924cf7c 19236 case TLSv1_1_MINOR :
wolfSSL 15:117db924cf7c 19237 return "TLSv1.1";
wolfSSL 15:117db924cf7c 19238 #endif
wolfSSL 15:117db924cf7c 19239 case TLSv1_2_MINOR :
wolfSSL 15:117db924cf7c 19240 return "TLSv1.2";
wolfSSL 15:117db924cf7c 19241 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 19242 case TLSv1_3_MINOR :
wolfSSL 16:8e0d178b1d1e 19243 #ifdef WOLFSSL_TLS13_DRAFT
wolfSSL 15:117db924cf7c 19244 #ifdef WOLFSSL_TLS13_DRAFT_18
wolfSSL 15:117db924cf7c 19245 return "TLSv1.3 (Draft 18)";
wolfSSL 15:117db924cf7c 19246 #elif defined(WOLFSSL_TLS13_DRAFT_22)
wolfSSL 15:117db924cf7c 19247 return "TLSv1.3 (Draft 22)";
wolfSSL 15:117db924cf7c 19248 #elif defined(WOLFSSL_TLS13_DRAFT_23)
wolfSSL 15:117db924cf7c 19249 return "TLSv1.3 (Draft 23)";
wolfSSL 15:117db924cf7c 19250 #elif defined(WOLFSSL_TLS13_DRAFT_26)
wolfSSL 15:117db924cf7c 19251 return "TLSv1.3 (Draft 26)";
wolfSSL 15:117db924cf7c 19252 #else
wolfSSL 15:117db924cf7c 19253 return "TLSv1.3 (Draft 28)";
wolfSSL 15:117db924cf7c 19254 #endif
wolfSSL 15:117db924cf7c 19255 #else
wolfSSL 15:117db924cf7c 19256 return "TLSv1.3";
wolfSSL 15:117db924cf7c 19257 #endif
wolfSSL 15:117db924cf7c 19258 #endif
wolfSSL 15:117db924cf7c 19259 default:
wolfSSL 15:117db924cf7c 19260 return "unknown";
wolfSSL 15:117db924cf7c 19261 }
wolfSSL 15:117db924cf7c 19262 }
wolfSSL 15:117db924cf7c 19263 #ifdef WOLFSSL_DTLS
wolfSSL 16:8e0d178b1d1e 19264 else if (version->major == DTLS_MAJOR) {
wolfSSL 16:8e0d178b1d1e 19265 switch (version->minor) {
wolfSSL 15:117db924cf7c 19266 case DTLS_MINOR :
wolfSSL 15:117db924cf7c 19267 return "DTLS";
wolfSSL 15:117db924cf7c 19268 case DTLSv1_2_MINOR :
wolfSSL 15:117db924cf7c 19269 return "DTLSv1.2";
wolfSSL 15:117db924cf7c 19270 default:
wolfSSL 15:117db924cf7c 19271 return "unknown";
wolfSSL 15:117db924cf7c 19272 }
wolfSSL 15:117db924cf7c 19273 }
wolfSSL 15:117db924cf7c 19274 #endif /* WOLFSSL_DTLS */
wolfSSL 15:117db924cf7c 19275 return "unknown";
wolfSSL 15:117db924cf7c 19276 }
wolfSSL 15:117db924cf7c 19277
wolfSSL 15:117db924cf7c 19278
wolfSSL 16:8e0d178b1d1e 19279 const char* wolfSSL_get_version(WOLFSSL* ssl)
wolfSSL 16:8e0d178b1d1e 19280 {
wolfSSL 16:8e0d178b1d1e 19281 if (ssl == NULL) {
wolfSSL 16:8e0d178b1d1e 19282 WOLFSSL_MSG("Bad argument");
wolfSSL 16:8e0d178b1d1e 19283 return "unknown";
wolfSSL 16:8e0d178b1d1e 19284 }
wolfSSL 16:8e0d178b1d1e 19285
wolfSSL 16:8e0d178b1d1e 19286 return wolfSSL_internal_get_version(&ssl->version);
wolfSSL 16:8e0d178b1d1e 19287 }
wolfSSL 16:8e0d178b1d1e 19288
wolfSSL 16:8e0d178b1d1e 19289
wolfSSL 15:117db924cf7c 19290 /* current library version */
wolfSSL 15:117db924cf7c 19291 const char* wolfSSL_lib_version(void)
wolfSSL 15:117db924cf7c 19292 {
wolfSSL 15:117db924cf7c 19293 return LIBWOLFSSL_VERSION_STRING;
wolfSSL 15:117db924cf7c 19294 }
wolfSSL 15:117db924cf7c 19295
wolfSSL 15:117db924cf7c 19296
wolfSSL 15:117db924cf7c 19297 /* current library version in hex */
wolfSSL 15:117db924cf7c 19298 word32 wolfSSL_lib_version_hex(void)
wolfSSL 15:117db924cf7c 19299 {
wolfSSL 15:117db924cf7c 19300 return LIBWOLFSSL_VERSION_HEX;
wolfSSL 15:117db924cf7c 19301 }
wolfSSL 15:117db924cf7c 19302
wolfSSL 15:117db924cf7c 19303
wolfSSL 15:117db924cf7c 19304 int wolfSSL_get_current_cipher_suite(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 19305 {
wolfSSL 15:117db924cf7c 19306 WOLFSSL_ENTER("SSL_get_current_cipher_suite");
wolfSSL 15:117db924cf7c 19307 if (ssl)
wolfSSL 15:117db924cf7c 19308 return (ssl->options.cipherSuite0 << 8) | ssl->options.cipherSuite;
wolfSSL 15:117db924cf7c 19309 return 0;
wolfSSL 15:117db924cf7c 19310 }
wolfSSL 15:117db924cf7c 19311
wolfSSL 15:117db924cf7c 19312 WOLFSSL_CIPHER* wolfSSL_get_current_cipher(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 19313 {
wolfSSL 15:117db924cf7c 19314 WOLFSSL_ENTER("SSL_get_current_cipher");
wolfSSL 16:8e0d178b1d1e 19315 if (ssl) {
wolfSSL 16:8e0d178b1d1e 19316 ssl->cipher.cipherSuite0 = ssl->options.cipherSuite0;
wolfSSL 16:8e0d178b1d1e 19317 ssl->cipher.cipherSuite = ssl->options.cipherSuite;
wolfSSL 15:117db924cf7c 19318 return &ssl->cipher;
wolfSSL 16:8e0d178b1d1e 19319 }
wolfSSL 15:117db924cf7c 19320 else
wolfSSL 15:117db924cf7c 19321 return NULL;
wolfSSL 15:117db924cf7c 19322 }
wolfSSL 15:117db924cf7c 19323
wolfSSL 15:117db924cf7c 19324
wolfSSL 15:117db924cf7c 19325 const char* wolfSSL_CIPHER_get_name(const WOLFSSL_CIPHER* cipher)
wolfSSL 15:117db924cf7c 19326 {
wolfSSL 16:8e0d178b1d1e 19327 WOLFSSL_ENTER("wolfSSL_CIPHER_get_name");
wolfSSL 16:8e0d178b1d1e 19328
wolfSSL 16:8e0d178b1d1e 19329 if (cipher == NULL) {
wolfSSL 16:8e0d178b1d1e 19330 return NULL;
wolfSSL 16:8e0d178b1d1e 19331 }
wolfSSL 16:8e0d178b1d1e 19332
wolfSSL 16:8e0d178b1d1e 19333 #if !defined(WOLFSSL_CIPHER_INTERNALNAME) && !defined(NO_ERROR_STRINGS) && \
wolfSSL 16:8e0d178b1d1e 19334 !defined(WOLFSSL_QT)
wolfSSL 16:8e0d178b1d1e 19335 return GetCipherNameIana(cipher->cipherSuite0, cipher->cipherSuite);
wolfSSL 16:8e0d178b1d1e 19336 #else
wolfSSL 16:8e0d178b1d1e 19337 return wolfSSL_get_cipher_name_from_suite(cipher->cipherSuite0,
wolfSSL 16:8e0d178b1d1e 19338 cipher->cipherSuite);
wolfSSL 16:8e0d178b1d1e 19339 #endif
wolfSSL 16:8e0d178b1d1e 19340 }
wolfSSL 16:8e0d178b1d1e 19341
wolfSSL 16:8e0d178b1d1e 19342 const char* wolfSSL_CIPHER_get_version(const WOLFSSL_CIPHER* cipher)
wolfSSL 16:8e0d178b1d1e 19343 {
wolfSSL 16:8e0d178b1d1e 19344 WOLFSSL_ENTER("SSL_CIPHER_get_version");
wolfSSL 15:117db924cf7c 19345
wolfSSL 15:117db924cf7c 19346 if (cipher == NULL || cipher->ssl == NULL) {
wolfSSL 15:117db924cf7c 19347 return NULL;
wolfSSL 15:117db924cf7c 19348 }
wolfSSL 15:117db924cf7c 19349
wolfSSL 16:8e0d178b1d1e 19350 return wolfSSL_get_version(cipher->ssl);
wolfSSL 15:117db924cf7c 19351 }
wolfSSL 15:117db924cf7c 19352
wolfSSL 15:117db924cf7c 19353 const char* wolfSSL_SESSION_CIPHER_get_name(WOLFSSL_SESSION* session)
wolfSSL 15:117db924cf7c 19354 {
wolfSSL 15:117db924cf7c 19355 if (session == NULL) {
wolfSSL 15:117db924cf7c 19356 return NULL;
wolfSSL 15:117db924cf7c 19357 }
wolfSSL 15:117db924cf7c 19358
wolfSSL 16:8e0d178b1d1e 19359 #if defined(SESSION_CERTS) || !defined(NO_RESUME_SUITE_CHECK) || \
wolfSSL 16:8e0d178b1d1e 19360 (defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET))
wolfSSL 16:8e0d178b1d1e 19361 #if !defined(WOLFSSL_CIPHER_INTERNALNAME) && !defined(NO_ERROR_STRINGS)
wolfSSL 16:8e0d178b1d1e 19362 return GetCipherNameIana(session->cipherSuite0, session->cipherSuite);
wolfSSL 16:8e0d178b1d1e 19363 #else
wolfSSL 16:8e0d178b1d1e 19364 return GetCipherNameInternal(session->cipherSuite0, session->cipherSuite);
wolfSSL 16:8e0d178b1d1e 19365 #endif
wolfSSL 15:117db924cf7c 19366 #else
wolfSSL 15:117db924cf7c 19367 return NULL;
wolfSSL 15:117db924cf7c 19368 #endif
wolfSSL 15:117db924cf7c 19369 }
wolfSSL 15:117db924cf7c 19370
wolfSSL 15:117db924cf7c 19371 const char* wolfSSL_get_cipher(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 19372 {
wolfSSL 15:117db924cf7c 19373 WOLFSSL_ENTER("wolfSSL_get_cipher");
wolfSSL 15:117db924cf7c 19374 return wolfSSL_CIPHER_get_name(wolfSSL_get_current_cipher(ssl));
wolfSSL 15:117db924cf7c 19375 }
wolfSSL 15:117db924cf7c 19376
wolfSSL 15:117db924cf7c 19377 /* gets cipher name in the format DHE-RSA-... rather then TLS_DHE... */
wolfSSL 15:117db924cf7c 19378 const char* wolfSSL_get_cipher_name(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 19379 {
wolfSSL 15:117db924cf7c 19380 /* get access to cipher_name_idx in internal.c */
wolfSSL 15:117db924cf7c 19381 return wolfSSL_get_cipher_name_internal(ssl);
wolfSSL 15:117db924cf7c 19382 }
wolfSSL 15:117db924cf7c 19383
wolfSSL 15:117db924cf7c 19384 const char* wolfSSL_get_cipher_name_from_suite(const byte cipherSuite0,
wolfSSL 15:117db924cf7c 19385 const byte cipherSuite)
wolfSSL 15:117db924cf7c 19386 {
wolfSSL 15:117db924cf7c 19387 return GetCipherNameInternal(cipherSuite0, cipherSuite);
wolfSSL 15:117db924cf7c 19388 }
wolfSSL 15:117db924cf7c 19389
wolfSSL 16:8e0d178b1d1e 19390 const char* wolfSSL_get_cipher_name_iana_from_suite(const byte cipherSuite0,
wolfSSL 16:8e0d178b1d1e 19391 const byte cipherSuite)
wolfSSL 16:8e0d178b1d1e 19392 {
wolfSSL 16:8e0d178b1d1e 19393 return GetCipherNameIana(cipherSuite0, cipherSuite);
wolfSSL 16:8e0d178b1d1e 19394 }
wolfSSL 16:8e0d178b1d1e 19395
wolfSSL 16:8e0d178b1d1e 19396
wolfSSL 16:8e0d178b1d1e 19397 #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL)
wolfSSL 16:8e0d178b1d1e 19398 /* Creates and returns a new WOLFSSL_CIPHER stack. */
wolfSSL 16:8e0d178b1d1e 19399 WOLFSSL_STACK* wolfSSL_sk_new_cipher(void)
wolfSSL 16:8e0d178b1d1e 19400 {
wolfSSL 16:8e0d178b1d1e 19401 WOLFSSL_STACK* sk;
wolfSSL 16:8e0d178b1d1e 19402 WOLFSSL_ENTER("wolfSSL_sk_new_cipher");
wolfSSL 16:8e0d178b1d1e 19403
wolfSSL 16:8e0d178b1d1e 19404 sk = wolfSSL_sk_new_null();
wolfSSL 16:8e0d178b1d1e 19405 if (sk == NULL)
wolfSSL 16:8e0d178b1d1e 19406 return NULL;
wolfSSL 16:8e0d178b1d1e 19407 sk->type = STACK_TYPE_CIPHER;
wolfSSL 16:8e0d178b1d1e 19408
wolfSSL 16:8e0d178b1d1e 19409 return sk;
wolfSSL 16:8e0d178b1d1e 19410 }
wolfSSL 16:8e0d178b1d1e 19411
wolfSSL 16:8e0d178b1d1e 19412 #ifndef NO_WOLFSSL_STUB
wolfSSL 16:8e0d178b1d1e 19413 /* Keep as stubs for now */
wolfSSL 16:8e0d178b1d1e 19414 /* return 1 on success 0 on fail */
wolfSSL 16:8e0d178b1d1e 19415 int wolfSSL_sk_CIPHER_push(WOLF_STACK_OF(WOLFSSL_CIPHER)* sk,
wolfSSL 16:8e0d178b1d1e 19416 WOLFSSL_CIPHER* cipher)
wolfSSL 16:8e0d178b1d1e 19417 {
wolfSSL 16:8e0d178b1d1e 19418 WOLFSSL_STUB("wolfSSL_sk_CIPHER_push");
wolfSSL 16:8e0d178b1d1e 19419 (void)sk;
wolfSSL 16:8e0d178b1d1e 19420 (void)cipher;
wolfSSL 16:8e0d178b1d1e 19421 return 0;
wolfSSL 16:8e0d178b1d1e 19422 }
wolfSSL 16:8e0d178b1d1e 19423
wolfSSL 16:8e0d178b1d1e 19424
wolfSSL 16:8e0d178b1d1e 19425 WOLFSSL_CIPHER* wolfSSL_sk_CIPHER_pop(WOLF_STACK_OF(WOLFSSL_CIPHER)* sk)
wolfSSL 16:8e0d178b1d1e 19426 {
wolfSSL 16:8e0d178b1d1e 19427 WOLFSSL_STUB("wolfSSL_sk_CIPHER_pop");
wolfSSL 16:8e0d178b1d1e 19428 (void)sk;
wolfSSL 16:8e0d178b1d1e 19429 return NULL;
wolfSSL 16:8e0d178b1d1e 19430 }
wolfSSL 16:8e0d178b1d1e 19431 #endif /* NO_WOLFSSL_STUB */
wolfSSL 16:8e0d178b1d1e 19432 #endif /* WOLFSSL_QT || OPENSSL_ALL */
wolfSSL 16:8e0d178b1d1e 19433
wolfSSL 16:8e0d178b1d1e 19434 word32 wolfSSL_CIPHER_get_id(const WOLFSSL_CIPHER* cipher)
wolfSSL 16:8e0d178b1d1e 19435 {
wolfSSL 16:8e0d178b1d1e 19436 word16 cipher_id = 0;
wolfSSL 16:8e0d178b1d1e 19437
wolfSSL 16:8e0d178b1d1e 19438 WOLFSSL_ENTER("SSL_CIPHER_get_id");
wolfSSL 16:8e0d178b1d1e 19439
wolfSSL 16:8e0d178b1d1e 19440 if (cipher && cipher->ssl) {
wolfSSL 16:8e0d178b1d1e 19441 cipher_id = (cipher->ssl->options.cipherSuite0 << 8) |
wolfSSL 16:8e0d178b1d1e 19442 cipher->ssl->options.cipherSuite;
wolfSSL 16:8e0d178b1d1e 19443 }
wolfSSL 16:8e0d178b1d1e 19444
wolfSSL 16:8e0d178b1d1e 19445 return cipher_id;
wolfSSL 16:8e0d178b1d1e 19446 }
wolfSSL 16:8e0d178b1d1e 19447
wolfSSL 16:8e0d178b1d1e 19448 const WOLFSSL_CIPHER* wolfSSL_get_cipher_by_value(word16 value)
wolfSSL 16:8e0d178b1d1e 19449 {
wolfSSL 16:8e0d178b1d1e 19450 const WOLFSSL_CIPHER* cipher = NULL;
wolfSSL 16:8e0d178b1d1e 19451 byte cipherSuite0, cipherSuite;
wolfSSL 16:8e0d178b1d1e 19452 WOLFSSL_ENTER("SSL_get_cipher_by_value");
wolfSSL 16:8e0d178b1d1e 19453
wolfSSL 16:8e0d178b1d1e 19454 /* extract cipher id information */
wolfSSL 16:8e0d178b1d1e 19455 cipherSuite = (value & 0xFF);
wolfSSL 16:8e0d178b1d1e 19456 cipherSuite0 = ((value >> 8) & 0xFF);
wolfSSL 16:8e0d178b1d1e 19457
wolfSSL 16:8e0d178b1d1e 19458 /* TODO: lookup by cipherSuite0 / cipherSuite */
wolfSSL 16:8e0d178b1d1e 19459 (void)cipherSuite0;
wolfSSL 16:8e0d178b1d1e 19460 (void)cipherSuite;
wolfSSL 16:8e0d178b1d1e 19461
wolfSSL 16:8e0d178b1d1e 19462 return cipher;
wolfSSL 16:8e0d178b1d1e 19463 }
wolfSSL 16:8e0d178b1d1e 19464
wolfSSL 16:8e0d178b1d1e 19465
wolfSSL 16:8e0d178b1d1e 19466 #if defined(OPENSSL_ALL)
wolfSSL 16:8e0d178b1d1e 19467 /* Free the structure for WOLFSSL_CIPHER stack
wolfSSL 16:8e0d178b1d1e 19468 *
wolfSSL 16:8e0d178b1d1e 19469 * sk stack to free nodes in
wolfSSL 16:8e0d178b1d1e 19470 */
wolfSSL 16:8e0d178b1d1e 19471 void wolfSSL_sk_CIPHER_free(WOLF_STACK_OF(WOLFSSL_CIPHER)* sk)
wolfSSL 16:8e0d178b1d1e 19472 {
wolfSSL 16:8e0d178b1d1e 19473 WOLFSSL_STACK* node;
wolfSSL 16:8e0d178b1d1e 19474 WOLFSSL_STACK* tmp;
wolfSSL 16:8e0d178b1d1e 19475 WOLFSSL_ENTER("wolfSSL_sk_CIPHER_free");
wolfSSL 16:8e0d178b1d1e 19476
wolfSSL 16:8e0d178b1d1e 19477 if (sk == NULL)
wolfSSL 16:8e0d178b1d1e 19478 return;
wolfSSL 16:8e0d178b1d1e 19479
wolfSSL 16:8e0d178b1d1e 19480 /* parse through stack freeing each node */
wolfSSL 16:8e0d178b1d1e 19481 node = sk->next;
wolfSSL 16:8e0d178b1d1e 19482 while (node) {
wolfSSL 16:8e0d178b1d1e 19483 tmp = node;
wolfSSL 16:8e0d178b1d1e 19484 node = node->next;
wolfSSL 16:8e0d178b1d1e 19485 XFREE(tmp, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL 16:8e0d178b1d1e 19486 }
wolfSSL 16:8e0d178b1d1e 19487
wolfSSL 16:8e0d178b1d1e 19488 /* free head of stack */
wolfSSL 16:8e0d178b1d1e 19489 XFREE(sk, NULL, DYNAMIC_TYPE_ASN1);
wolfSSL 16:8e0d178b1d1e 19490 }
wolfSSL 16:8e0d178b1d1e 19491 #endif
wolfSSL 16:8e0d178b1d1e 19492
wolfSSL 16:8e0d178b1d1e 19493 #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448) || \
wolfSSL 16:8e0d178b1d1e 19494 !defined(NO_DH)
wolfSSL 16:8e0d178b1d1e 19495 #ifdef HAVE_FFDHE
wolfSSL 16:8e0d178b1d1e 19496 static const char* wolfssl_ffdhe_name(word16 group)
wolfSSL 16:8e0d178b1d1e 19497 {
wolfSSL 16:8e0d178b1d1e 19498 const char* str = NULL;
wolfSSL 16:8e0d178b1d1e 19499 switch (group) {
wolfSSL 16:8e0d178b1d1e 19500 case WOLFSSL_FFDHE_2048:
wolfSSL 16:8e0d178b1d1e 19501 str = "FFDHE_2048";
wolfSSL 16:8e0d178b1d1e 19502 break;
wolfSSL 16:8e0d178b1d1e 19503 case WOLFSSL_FFDHE_3072:
wolfSSL 16:8e0d178b1d1e 19504 str = "FFDHE_3072";
wolfSSL 16:8e0d178b1d1e 19505 break;
wolfSSL 16:8e0d178b1d1e 19506 case WOLFSSL_FFDHE_4096:
wolfSSL 16:8e0d178b1d1e 19507 str = "FFDHE_4096";
wolfSSL 16:8e0d178b1d1e 19508 break;
wolfSSL 16:8e0d178b1d1e 19509 case WOLFSSL_FFDHE_6144:
wolfSSL 16:8e0d178b1d1e 19510 str = "FFDHE_6144";
wolfSSL 16:8e0d178b1d1e 19511 break;
wolfSSL 16:8e0d178b1d1e 19512 case WOLFSSL_FFDHE_8192:
wolfSSL 16:8e0d178b1d1e 19513 str = "FFDHE_8192";
wolfSSL 16:8e0d178b1d1e 19514 break;
wolfSSL 16:8e0d178b1d1e 19515 }
wolfSSL 16:8e0d178b1d1e 19516 return str;
wolfSSL 16:8e0d178b1d1e 19517 }
wolfSSL 16:8e0d178b1d1e 19518 #endif
wolfSSL 15:117db924cf7c 19519 /* Return the name of the curve used for key exchange as a printable string.
wolfSSL 15:117db924cf7c 19520 *
wolfSSL 15:117db924cf7c 19521 * ssl The SSL/TLS object.
wolfSSL 15:117db924cf7c 19522 * returns NULL if ECDH was not used, otherwise the name as a string.
wolfSSL 15:117db924cf7c 19523 */
wolfSSL 15:117db924cf7c 19524 const char* wolfSSL_get_curve_name(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 19525 {
wolfSSL 16:8e0d178b1d1e 19526 const char* cName = NULL;
wolfSSL 16:8e0d178b1d1e 19527
wolfSSL 16:8e0d178b1d1e 19528 if (ssl == NULL)
wolfSSL 16:8e0d178b1d1e 19529 return NULL;
wolfSSL 16:8e0d178b1d1e 19530
wolfSSL 16:8e0d178b1d1e 19531 #ifdef HAVE_FFDHE
wolfSSL 16:8e0d178b1d1e 19532 if (ssl->namedGroup != 0) {
wolfSSL 16:8e0d178b1d1e 19533 cName = wolfssl_ffdhe_name(ssl->namedGroup);
wolfSSL 16:8e0d178b1d1e 19534 }
wolfSSL 16:8e0d178b1d1e 19535 #endif
wolfSSL 16:8e0d178b1d1e 19536
wolfSSL 16:8e0d178b1d1e 19537 #ifdef HAVE_CURVE25519
wolfSSL 16:8e0d178b1d1e 19538 if (ssl->ecdhCurveOID == ECC_X25519_OID && cName == NULL) {
wolfSSL 16:8e0d178b1d1e 19539 cName = "X25519";
wolfSSL 16:8e0d178b1d1e 19540 }
wolfSSL 16:8e0d178b1d1e 19541 #endif
wolfSSL 16:8e0d178b1d1e 19542
wolfSSL 16:8e0d178b1d1e 19543 #ifdef HAVE_CURVE448
wolfSSL 16:8e0d178b1d1e 19544 if (ssl->ecdhCurveOID == ECC_X448_OID && cName == NULL) {
wolfSSL 16:8e0d178b1d1e 19545 cName = "X448";
wolfSSL 16:8e0d178b1d1e 19546 }
wolfSSL 16:8e0d178b1d1e 19547 #endif
wolfSSL 16:8e0d178b1d1e 19548
wolfSSL 16:8e0d178b1d1e 19549 #ifdef HAVE_ECC
wolfSSL 16:8e0d178b1d1e 19550 if (ssl->ecdhCurveOID != 0 && cName == NULL) {
wolfSSL 16:8e0d178b1d1e 19551 cName = wc_ecc_get_name(wc_ecc_get_oid(ssl->ecdhCurveOID, NULL,
wolfSSL 16:8e0d178b1d1e 19552 NULL));
wolfSSL 16:8e0d178b1d1e 19553 }
wolfSSL 16:8e0d178b1d1e 19554 #endif
wolfSSL 16:8e0d178b1d1e 19555
wolfSSL 16:8e0d178b1d1e 19556 return cName;
wolfSSL 15:117db924cf7c 19557 }
wolfSSL 15:117db924cf7c 19558 #endif
wolfSSL 15:117db924cf7c 19559
wolfSSL 15:117db924cf7c 19560
wolfSSL 15:117db924cf7c 19561 #if defined(OPENSSL_EXTRA_X509_SMALL) || defined(KEEP_PEER_CERT) || \
wolfSSL 15:117db924cf7c 19562 defined(SESSION_CERTS)
wolfSSL 15:117db924cf7c 19563 /* Smaller subset of X509 compatibility functions. Avoid increasing the size of
wolfSSL 15:117db924cf7c 19564 * this subset and its memory usage */
wolfSSL 15:117db924cf7c 19565
wolfSSL 15:117db924cf7c 19566 #if !defined(NO_CERTS)
wolfSSL 15:117db924cf7c 19567 /* returns a pointer to a new WOLFSSL_X509 structure on success and NULL on
wolfSSL 15:117db924cf7c 19568 * fail
wolfSSL 15:117db924cf7c 19569 */
wolfSSL 16:8e0d178b1d1e 19570 WOLFSSL_X509* wolfSSL_X509_new(void)
wolfSSL 15:117db924cf7c 19571 {
wolfSSL 15:117db924cf7c 19572 WOLFSSL_X509* x509;
wolfSSL 15:117db924cf7c 19573
wolfSSL 15:117db924cf7c 19574 x509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), NULL,
wolfSSL 15:117db924cf7c 19575 DYNAMIC_TYPE_X509);
wolfSSL 15:117db924cf7c 19576 if (x509 != NULL) {
wolfSSL 15:117db924cf7c 19577 InitX509(x509, 1, NULL);
wolfSSL 15:117db924cf7c 19578 }
wolfSSL 15:117db924cf7c 19579
wolfSSL 15:117db924cf7c 19580 return x509;
wolfSSL 15:117db924cf7c 19581 }
wolfSSL 15:117db924cf7c 19582
wolfSSL 16:8e0d178b1d1e 19583 WOLFSSL_ABI
wolfSSL 15:117db924cf7c 19584 WOLFSSL_X509_NAME* wolfSSL_X509_get_subject_name(WOLFSSL_X509* cert)
wolfSSL 15:117db924cf7c 19585 {
wolfSSL 15:117db924cf7c 19586 WOLFSSL_ENTER("wolfSSL_X509_get_subject_name");
wolfSSL 15:117db924cf7c 19587 if (cert && cert->subject.sz != 0)
wolfSSL 15:117db924cf7c 19588 return &cert->subject;
wolfSSL 15:117db924cf7c 19589 return NULL;
wolfSSL 15:117db924cf7c 19590 }
wolfSSL 15:117db924cf7c 19591
wolfSSL 16:8e0d178b1d1e 19592 #if defined(OPENSSL_EXTRA) && !defined(NO_SHA)
wolfSSL 16:8e0d178b1d1e 19593 /******************************************************************************
wolfSSL 16:8e0d178b1d1e 19594 * wolfSSL_X509_subject_name_hash - compute the hash digest of the raw subject name
wolfSSL 16:8e0d178b1d1e 19595 *
wolfSSL 16:8e0d178b1d1e 19596 * RETURNS:
wolfSSL 16:8e0d178b1d1e 19597 * The beginning of the hash digest. Otherwise, returns zero.
wolfSSL 16:8e0d178b1d1e 19598 * Note:
wolfSSL 16:8e0d178b1d1e 19599 * Returns a different hash value from OpenSSL's X509_subject_name_hash() API
wolfSSL 16:8e0d178b1d1e 19600 * depending on the subject name.
wolfSSL 16:8e0d178b1d1e 19601 */
wolfSSL 16:8e0d178b1d1e 19602 unsigned long wolfSSL_X509_subject_name_hash(const WOLFSSL_X509* x509)
wolfSSL 16:8e0d178b1d1e 19603 {
wolfSSL 16:8e0d178b1d1e 19604 word32 ret = 0;
wolfSSL 16:8e0d178b1d1e 19605 int retHash;
wolfSSL 16:8e0d178b1d1e 19606 WOLFSSL_X509_NAME *subjectName = NULL;
wolfSSL 16:8e0d178b1d1e 19607
wolfSSL 16:8e0d178b1d1e 19608 #ifdef WOLFSSL_PIC32MZ_HASH
wolfSSL 16:8e0d178b1d1e 19609 byte digest[PIC32_DIGEST_SIZE];
wolfSSL 16:8e0d178b1d1e 19610 #else
wolfSSL 16:8e0d178b1d1e 19611 byte digest[WC_SHA_DIGEST_SIZE];
wolfSSL 16:8e0d178b1d1e 19612 #endif
wolfSSL 16:8e0d178b1d1e 19613
wolfSSL 16:8e0d178b1d1e 19614 if (x509 == NULL){
wolfSSL 16:8e0d178b1d1e 19615 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 19616 }
wolfSSL 16:8e0d178b1d1e 19617
wolfSSL 16:8e0d178b1d1e 19618 subjectName = wolfSSL_X509_get_subject_name((WOLFSSL_X509*)x509);
wolfSSL 16:8e0d178b1d1e 19619
wolfSSL 16:8e0d178b1d1e 19620 if (subjectName != NULL){
wolfSSL 16:8e0d178b1d1e 19621 retHash = wc_ShaHash((const byte*)subjectName->name,
wolfSSL 16:8e0d178b1d1e 19622 (word32)subjectName->sz, digest);
wolfSSL 16:8e0d178b1d1e 19623
wolfSSL 16:8e0d178b1d1e 19624 if(retHash != 0){
wolfSSL 16:8e0d178b1d1e 19625 WOLFSSL_MSG("Hash of X509 subjectName has failed");
wolfSSL 16:8e0d178b1d1e 19626 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 19627 }
wolfSSL 16:8e0d178b1d1e 19628 ret = MakeWordFromHash(digest);
wolfSSL 16:8e0d178b1d1e 19629 }
wolfSSL 16:8e0d178b1d1e 19630
wolfSSL 16:8e0d178b1d1e 19631 return (unsigned long)ret;
wolfSSL 16:8e0d178b1d1e 19632 }
wolfSSL 16:8e0d178b1d1e 19633 #endif
wolfSSL 16:8e0d178b1d1e 19634
wolfSSL 16:8e0d178b1d1e 19635 WOLFSSL_ABI
wolfSSL 15:117db924cf7c 19636 WOLFSSL_X509_NAME* wolfSSL_X509_get_issuer_name(WOLFSSL_X509* cert)
wolfSSL 15:117db924cf7c 19637 {
wolfSSL 15:117db924cf7c 19638 WOLFSSL_ENTER("X509_get_issuer_name");
wolfSSL 15:117db924cf7c 19639 if (cert && cert->issuer.sz != 0)
wolfSSL 15:117db924cf7c 19640 return &cert->issuer;
wolfSSL 15:117db924cf7c 19641 return NULL;
wolfSSL 15:117db924cf7c 19642 }
wolfSSL 15:117db924cf7c 19643
wolfSSL 15:117db924cf7c 19644
wolfSSL 15:117db924cf7c 19645 int wolfSSL_X509_get_signature_type(WOLFSSL_X509* x509)
wolfSSL 15:117db924cf7c 19646 {
wolfSSL 15:117db924cf7c 19647 int type = 0;
wolfSSL 15:117db924cf7c 19648
wolfSSL 15:117db924cf7c 19649 WOLFSSL_ENTER("wolfSSL_X509_get_signature_type");
wolfSSL 15:117db924cf7c 19650
wolfSSL 15:117db924cf7c 19651 if (x509 != NULL)
wolfSSL 15:117db924cf7c 19652 type = x509->sigOID;
wolfSSL 15:117db924cf7c 19653
wolfSSL 15:117db924cf7c 19654 return type;
wolfSSL 15:117db924cf7c 19655 }
wolfSSL 15:117db924cf7c 19656
wolfSSL 15:117db924cf7c 19657 #if defined(OPENSSL_EXTRA_X509_SMALL)
wolfSSL 15:117db924cf7c 19658
wolfSSL 15:117db924cf7c 19659 /* Used to get a string from the WOLFSSL_X509_NAME structure that
wolfSSL 15:117db924cf7c 19660 * corresponds with the NID value passed in.
wolfSSL 15:117db924cf7c 19661 *
wolfSSL 15:117db924cf7c 19662 * name structure to get string from
wolfSSL 15:117db924cf7c 19663 * nid NID value to search for
wolfSSL 15:117db924cf7c 19664 * buf [out] buffer to hold results. If NULL then the buffer size minus the
wolfSSL 15:117db924cf7c 19665 * null char is returned.
wolfSSL 15:117db924cf7c 19666 * len size of "buf" passed in
wolfSSL 15:117db924cf7c 19667 *
wolfSSL 15:117db924cf7c 19668 * returns the length of string found, not including the NULL terminator.
wolfSSL 15:117db924cf7c 19669 * It's possible the function could return a negative value in the
wolfSSL 15:117db924cf7c 19670 * case that len is less than or equal to 0. A negative value is
wolfSSL 15:117db924cf7c 19671 * considered an error case.
wolfSSL 15:117db924cf7c 19672 */
wolfSSL 15:117db924cf7c 19673 int wolfSSL_X509_NAME_get_text_by_NID(WOLFSSL_X509_NAME* name,
wolfSSL 15:117db924cf7c 19674 int nid, char* buf, int len)
wolfSSL 15:117db924cf7c 19675 {
wolfSSL 15:117db924cf7c 19676 char *text = NULL;
wolfSSL 15:117db924cf7c 19677 int textSz = 0;
wolfSSL 15:117db924cf7c 19678
wolfSSL 15:117db924cf7c 19679 WOLFSSL_ENTER("wolfSSL_X509_NAME_get_text_by_NID");
wolfSSL 15:117db924cf7c 19680
wolfSSL 15:117db924cf7c 19681 switch (nid) {
wolfSSL 15:117db924cf7c 19682 case ASN_COMMON_NAME:
wolfSSL 15:117db924cf7c 19683 text = name->fullName.fullName + name->fullName.cnIdx;
wolfSSL 15:117db924cf7c 19684 textSz = name->fullName.cnLen;
wolfSSL 15:117db924cf7c 19685 break;
wolfSSL 15:117db924cf7c 19686 case ASN_SUR_NAME:
wolfSSL 15:117db924cf7c 19687 text = name->fullName.fullName + name->fullName.snIdx;
wolfSSL 15:117db924cf7c 19688 textSz = name->fullName.snLen;
wolfSSL 15:117db924cf7c 19689 break;
wolfSSL 15:117db924cf7c 19690 case ASN_SERIAL_NUMBER:
wolfSSL 15:117db924cf7c 19691 text = name->fullName.fullName + name->fullName.serialIdx;
wolfSSL 15:117db924cf7c 19692 textSz = name->fullName.serialLen;
wolfSSL 15:117db924cf7c 19693 break;
wolfSSL 15:117db924cf7c 19694 case ASN_COUNTRY_NAME:
wolfSSL 15:117db924cf7c 19695 text = name->fullName.fullName + name->fullName.cIdx;
wolfSSL 15:117db924cf7c 19696 textSz = name->fullName.cLen;
wolfSSL 15:117db924cf7c 19697 break;
wolfSSL 15:117db924cf7c 19698 case ASN_LOCALITY_NAME:
wolfSSL 15:117db924cf7c 19699 text = name->fullName.fullName + name->fullName.lIdx;
wolfSSL 15:117db924cf7c 19700 textSz = name->fullName.lLen;
wolfSSL 15:117db924cf7c 19701 break;
wolfSSL 15:117db924cf7c 19702 case ASN_STATE_NAME:
wolfSSL 15:117db924cf7c 19703 text = name->fullName.fullName + name->fullName.stIdx;
wolfSSL 15:117db924cf7c 19704 textSz = name->fullName.stLen;
wolfSSL 15:117db924cf7c 19705 break;
wolfSSL 15:117db924cf7c 19706 case ASN_ORG_NAME:
wolfSSL 15:117db924cf7c 19707 text = name->fullName.fullName + name->fullName.oIdx;
wolfSSL 15:117db924cf7c 19708 textSz = name->fullName.oLen;
wolfSSL 15:117db924cf7c 19709 break;
wolfSSL 15:117db924cf7c 19710 case ASN_ORGUNIT_NAME:
wolfSSL 15:117db924cf7c 19711 text = name->fullName.fullName + name->fullName.ouIdx;
wolfSSL 15:117db924cf7c 19712 textSz = name->fullName.ouLen;
wolfSSL 15:117db924cf7c 19713 break;
wolfSSL 15:117db924cf7c 19714 case ASN_DOMAIN_COMPONENT:
wolfSSL 15:117db924cf7c 19715 text = name->fullName.fullName + name->fullName.dcIdx[0];
wolfSSL 15:117db924cf7c 19716 textSz = name->fullName.dcLen[0];
wolfSSL 15:117db924cf7c 19717 break;
wolfSSL 16:8e0d178b1d1e 19718 case NID_emailAddress:
wolfSSL 16:8e0d178b1d1e 19719 text = name->fullName.fullName + name->fullName.emailIdx;
wolfSSL 16:8e0d178b1d1e 19720 textSz = name->fullName.emailLen;
wolfSSL 16:8e0d178b1d1e 19721 break;
wolfSSL 16:8e0d178b1d1e 19722 #ifdef WOLFSSL_CERT_EXT
wolfSSL 16:8e0d178b1d1e 19723 case ASN_BUS_CAT:
wolfSSL 16:8e0d178b1d1e 19724 text = name->fullName.fullName + name->fullName.bcIdx;
wolfSSL 16:8e0d178b1d1e 19725 textSz = name->fullName.bcLen;
wolfSSL 16:8e0d178b1d1e 19726 break;
wolfSSL 16:8e0d178b1d1e 19727 #endif
wolfSSL 15:117db924cf7c 19728 default:
wolfSSL 15:117db924cf7c 19729 WOLFSSL_MSG("Entry type not found");
wolfSSL 16:8e0d178b1d1e 19730 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 19731 }
wolfSSL 15:117db924cf7c 19732
wolfSSL 15:117db924cf7c 19733 /* if buf is NULL return size of buffer needed (minus null char) */
wolfSSL 15:117db924cf7c 19734 if (buf == NULL) {
wolfSSL 15:117db924cf7c 19735 return textSz;
wolfSSL 15:117db924cf7c 19736 }
wolfSSL 15:117db924cf7c 19737
wolfSSL 15:117db924cf7c 19738 if (buf != NULL && text != NULL) {
wolfSSL 15:117db924cf7c 19739 textSz = min(textSz + 1, len); /* + 1 to account for null char */
wolfSSL 15:117db924cf7c 19740 if (textSz > 0) {
wolfSSL 15:117db924cf7c 19741 XMEMCPY(buf, text, textSz - 1);
wolfSSL 15:117db924cf7c 19742 buf[textSz - 1] = '\0';
wolfSSL 15:117db924cf7c 19743 }
wolfSSL 15:117db924cf7c 19744 }
wolfSSL 15:117db924cf7c 19745
wolfSSL 15:117db924cf7c 19746 WOLFSSL_LEAVE("wolfSSL_X509_NAME_get_text_by_NID", textSz);
wolfSSL 15:117db924cf7c 19747 return (textSz - 1); /* do not include null character in size */
wolfSSL 15:117db924cf7c 19748 }
wolfSSL 15:117db924cf7c 19749
wolfSSL 15:117db924cf7c 19750 /* Creates a new WOLFSSL_EVP_PKEY structure that has the public key from x509
wolfSSL 15:117db924cf7c 19751 *
wolfSSL 15:117db924cf7c 19752 * returns a pointer to the created WOLFSSL_EVP_PKEY on success and NULL on fail
wolfSSL 15:117db924cf7c 19753 */
wolfSSL 15:117db924cf7c 19754 WOLFSSL_EVP_PKEY* wolfSSL_X509_get_pubkey(WOLFSSL_X509* x509)
wolfSSL 15:117db924cf7c 19755 {
wolfSSL 15:117db924cf7c 19756 WOLFSSL_EVP_PKEY* key = NULL;
wolfSSL 15:117db924cf7c 19757 WOLFSSL_ENTER("X509_get_pubkey");
wolfSSL 15:117db924cf7c 19758 if (x509 != NULL) {
wolfSSL 16:8e0d178b1d1e 19759 key = wolfSSL_EVP_PKEY_new_ex(x509->heap);
wolfSSL 15:117db924cf7c 19760 if (key != NULL) {
wolfSSL 15:117db924cf7c 19761 if (x509->pubKeyOID == RSAk) {
wolfSSL 15:117db924cf7c 19762 key->type = EVP_PKEY_RSA;
wolfSSL 15:117db924cf7c 19763 }
wolfSSL 16:8e0d178b1d1e 19764 else if (x509->pubKeyOID == DSAk) {
wolfSSL 16:8e0d178b1d1e 19765 key->type = EVP_PKEY_DSA;
wolfSSL 16:8e0d178b1d1e 19766 }
wolfSSL 15:117db924cf7c 19767 else {
wolfSSL 15:117db924cf7c 19768 key->type = EVP_PKEY_EC;
wolfSSL 15:117db924cf7c 19769 }
wolfSSL 15:117db924cf7c 19770 key->save_type = 0;
wolfSSL 15:117db924cf7c 19771 key->pkey.ptr = (char*)XMALLOC(
wolfSSL 15:117db924cf7c 19772 x509->pubKey.length, x509->heap,
wolfSSL 15:117db924cf7c 19773 DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 15:117db924cf7c 19774 if (key->pkey.ptr == NULL) {
wolfSSL 16:8e0d178b1d1e 19775 wolfSSL_EVP_PKEY_free(key);
wolfSSL 15:117db924cf7c 19776 return NULL;
wolfSSL 15:117db924cf7c 19777 }
wolfSSL 15:117db924cf7c 19778 XMEMCPY(key->pkey.ptr, x509->pubKey.buffer, x509->pubKey.length);
wolfSSL 15:117db924cf7c 19779 key->pkey_sz = x509->pubKey.length;
wolfSSL 15:117db924cf7c 19780
wolfSSL 15:117db924cf7c 19781 #ifdef HAVE_ECC
wolfSSL 15:117db924cf7c 19782 key->pkey_curve = (int)x509->pkCurveOID;
wolfSSL 15:117db924cf7c 19783 #endif /* HAVE_ECC */
wolfSSL 15:117db924cf7c 19784
wolfSSL 15:117db924cf7c 19785 /* decode RSA key */
wolfSSL 15:117db924cf7c 19786 #ifndef NO_RSA
wolfSSL 15:117db924cf7c 19787 if (key->type == EVP_PKEY_RSA) {
wolfSSL 15:117db924cf7c 19788 key->ownRsa = 1;
wolfSSL 15:117db924cf7c 19789 key->rsa = wolfSSL_RSA_new();
wolfSSL 15:117db924cf7c 19790 if (key->rsa == NULL) {
wolfSSL 16:8e0d178b1d1e 19791 wolfSSL_EVP_PKEY_free(key);
wolfSSL 15:117db924cf7c 19792 return NULL;
wolfSSL 15:117db924cf7c 19793 }
wolfSSL 15:117db924cf7c 19794
wolfSSL 15:117db924cf7c 19795 if (wolfSSL_RSA_LoadDer_ex(key->rsa,
wolfSSL 15:117db924cf7c 19796 (const unsigned char*)key->pkey.ptr, key->pkey_sz,
wolfSSL 15:117db924cf7c 19797 WOLFSSL_RSA_LOAD_PUBLIC) != SSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 19798 wolfSSL_EVP_PKEY_free(key);
wolfSSL 15:117db924cf7c 19799 return NULL;
wolfSSL 15:117db924cf7c 19800 }
wolfSSL 15:117db924cf7c 19801 }
wolfSSL 15:117db924cf7c 19802 #endif /* NO_RSA */
wolfSSL 15:117db924cf7c 19803
wolfSSL 15:117db924cf7c 19804 /* decode ECC key */
wolfSSL 16:8e0d178b1d1e 19805 #if defined(HAVE_ECC) && defined(OPENSSL_EXTRA)
wolfSSL 15:117db924cf7c 19806 if (key->type == EVP_PKEY_EC) {
wolfSSL 15:117db924cf7c 19807 word32 idx = 0;
wolfSSL 15:117db924cf7c 19808
wolfSSL 15:117db924cf7c 19809 key->ownEcc = 1;
wolfSSL 15:117db924cf7c 19810 key->ecc = wolfSSL_EC_KEY_new();
wolfSSL 15:117db924cf7c 19811 if (key->ecc == NULL || key->ecc->internal == NULL) {
wolfSSL 16:8e0d178b1d1e 19812 wolfSSL_EVP_PKEY_free(key);
wolfSSL 15:117db924cf7c 19813 return NULL;
wolfSSL 15:117db924cf7c 19814 }
wolfSSL 15:117db924cf7c 19815
wolfSSL 15:117db924cf7c 19816 /* not using wolfSSL_EC_KEY_LoadDer because public key in x509
wolfSSL 15:117db924cf7c 19817 * is in the format of x963 (no sequence at start of buffer) */
wolfSSL 15:117db924cf7c 19818 if (wc_EccPublicKeyDecode((const unsigned char*)key->pkey.ptr,
wolfSSL 15:117db924cf7c 19819 &idx, (ecc_key*)key->ecc->internal, key->pkey_sz) < 0) {
wolfSSL 15:117db924cf7c 19820 WOLFSSL_MSG("wc_EccPublicKeyDecode failed");
wolfSSL 16:8e0d178b1d1e 19821 wolfSSL_EVP_PKEY_free(key);
wolfSSL 15:117db924cf7c 19822 return NULL;
wolfSSL 15:117db924cf7c 19823 }
wolfSSL 15:117db924cf7c 19824
wolfSSL 15:117db924cf7c 19825 if (SetECKeyExternal(key->ecc) != SSL_SUCCESS) {
wolfSSL 15:117db924cf7c 19826 WOLFSSL_MSG("SetECKeyExternal failed");
wolfSSL 16:8e0d178b1d1e 19827 wolfSSL_EVP_PKEY_free(key);
wolfSSL 15:117db924cf7c 19828 return NULL;
wolfSSL 15:117db924cf7c 19829 }
wolfSSL 15:117db924cf7c 19830
wolfSSL 15:117db924cf7c 19831 key->ecc->inSet = 1;
wolfSSL 15:117db924cf7c 19832 }
wolfSSL 15:117db924cf7c 19833 #endif /* HAVE_ECC */
wolfSSL 16:8e0d178b1d1e 19834
wolfSSL 16:8e0d178b1d1e 19835 #ifndef NO_DSA
wolfSSL 16:8e0d178b1d1e 19836 if (key->type == EVP_PKEY_DSA) {
wolfSSL 16:8e0d178b1d1e 19837 key->ownDsa = 1;
wolfSSL 16:8e0d178b1d1e 19838 key->dsa = wolfSSL_DSA_new();
wolfSSL 16:8e0d178b1d1e 19839 if (key->dsa == NULL) {
wolfSSL 16:8e0d178b1d1e 19840 wolfSSL_EVP_PKEY_free(key);
wolfSSL 16:8e0d178b1d1e 19841 return NULL;
wolfSSL 16:8e0d178b1d1e 19842 }
wolfSSL 16:8e0d178b1d1e 19843
wolfSSL 16:8e0d178b1d1e 19844 if (wolfSSL_DSA_LoadDer_ex(key->dsa,
wolfSSL 16:8e0d178b1d1e 19845 (const unsigned char*)key->pkey.ptr, key->pkey_sz, \
wolfSSL 16:8e0d178b1d1e 19846 WOLFSSL_DSA_LOAD_PUBLIC) != SSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 19847 wolfSSL_DSA_free(key->dsa);
wolfSSL 16:8e0d178b1d1e 19848 key->dsa = NULL;
wolfSSL 16:8e0d178b1d1e 19849 wolfSSL_EVP_PKEY_free(key);
wolfSSL 16:8e0d178b1d1e 19850 return NULL;
wolfSSL 16:8e0d178b1d1e 19851 }
wolfSSL 16:8e0d178b1d1e 19852 }
wolfSSL 16:8e0d178b1d1e 19853 #endif /* NO_DSA */
wolfSSL 15:117db924cf7c 19854 }
wolfSSL 15:117db924cf7c 19855 }
wolfSSL 15:117db924cf7c 19856 return key;
wolfSSL 15:117db924cf7c 19857 }
wolfSSL 15:117db924cf7c 19858 #endif /* OPENSSL_EXTRA_X509_SMALL */
wolfSSL 15:117db924cf7c 19859 #endif /* !NO_CERTS */
wolfSSL 15:117db924cf7c 19860
wolfSSL 15:117db924cf7c 19861 /* End of smaller subset of X509 compatibility functions. Avoid increasing the
wolfSSL 15:117db924cf7c 19862 * size of this subset and its memory usage */
wolfSSL 15:117db924cf7c 19863 #endif /* OPENSSL_EXTRA_X509_SMALL */
wolfSSL 15:117db924cf7c 19864
wolfSSL 16:8e0d178b1d1e 19865 #if defined(OPENSSL_ALL)
wolfSSL 16:8e0d178b1d1e 19866 /* Takes two WOLFSSL_X509* certificates and performs a Sha hash of each, if the
wolfSSL 16:8e0d178b1d1e 19867 * has values are the same, then it will do an XMEMCMP to confirm they are
wolfSSL 16:8e0d178b1d1e 19868 * identical. Returns a 0 when certificates match, returns a negative number
wolfSSL 16:8e0d178b1d1e 19869 * when certificates are not a match.
wolfSSL 16:8e0d178b1d1e 19870 */
wolfSSL 16:8e0d178b1d1e 19871 int wolfSSL_X509_cmp(const WOLFSSL_X509 *a, const WOLFSSL_X509 *b)
wolfSSL 16:8e0d178b1d1e 19872 {
wolfSSL 16:8e0d178b1d1e 19873 const byte* derA;
wolfSSL 16:8e0d178b1d1e 19874 const byte* derB;
wolfSSL 16:8e0d178b1d1e 19875 int retHashA;
wolfSSL 16:8e0d178b1d1e 19876 int retHashB;
wolfSSL 16:8e0d178b1d1e 19877 int outSzA = 0;
wolfSSL 16:8e0d178b1d1e 19878 int outSzB = 0;
wolfSSL 16:8e0d178b1d1e 19879
wolfSSL 16:8e0d178b1d1e 19880 #ifdef WOLFSSL_PIC32MZ_HASH
wolfSSL 16:8e0d178b1d1e 19881 byte digestA[PIC32_DIGEST_SIZE];
wolfSSL 16:8e0d178b1d1e 19882 byte digestB[PIC32_DIGEST_SIZE];
wolfSSL 16:8e0d178b1d1e 19883 #else
wolfSSL 16:8e0d178b1d1e 19884 byte digestA[WC_SHA_DIGEST_SIZE];
wolfSSL 16:8e0d178b1d1e 19885 byte digestB[WC_SHA_DIGEST_SIZE];
wolfSSL 16:8e0d178b1d1e 19886 #endif
wolfSSL 16:8e0d178b1d1e 19887
wolfSSL 16:8e0d178b1d1e 19888 if (a == NULL || b == NULL){
wolfSSL 16:8e0d178b1d1e 19889 return BAD_FUNC_ARG;
wolfSSL 16:8e0d178b1d1e 19890 }
wolfSSL 16:8e0d178b1d1e 19891
wolfSSL 16:8e0d178b1d1e 19892 derA = wolfSSL_X509_get_der((WOLFSSL_X509*)a, &outSzA);
wolfSSL 16:8e0d178b1d1e 19893 if(derA == NULL){
wolfSSL 16:8e0d178b1d1e 19894 WOLFSSL_MSG("wolfSSL_X509_get_der - certificate A has failed");
wolfSSL 16:8e0d178b1d1e 19895 return WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 19896 }
wolfSSL 16:8e0d178b1d1e 19897 derB = wolfSSL_X509_get_der((WOLFSSL_X509*)b, &outSzB);
wolfSSL 16:8e0d178b1d1e 19898 if(derB == NULL){
wolfSSL 16:8e0d178b1d1e 19899 WOLFSSL_MSG("wolfSSL_X509_get_der - certificate B has failed");
wolfSSL 16:8e0d178b1d1e 19900 return WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 19901 }
wolfSSL 16:8e0d178b1d1e 19902
wolfSSL 16:8e0d178b1d1e 19903 retHashA = wc_ShaHash(derA, (word32)outSzA, digestA);
wolfSSL 16:8e0d178b1d1e 19904 if(retHashA != 0){
wolfSSL 16:8e0d178b1d1e 19905 WOLFSSL_MSG("Hash of certificate A has failed");
wolfSSL 16:8e0d178b1d1e 19906 return WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 19907 }
wolfSSL 16:8e0d178b1d1e 19908 retHashB = wc_ShaHash(derB, (word32)outSzB, digestB);
wolfSSL 16:8e0d178b1d1e 19909 if(retHashB != 0){
wolfSSL 16:8e0d178b1d1e 19910 WOLFSSL_MSG("Hash of certificate B has failed");
wolfSSL 16:8e0d178b1d1e 19911 return WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 19912 }
wolfSSL 16:8e0d178b1d1e 19913
wolfSSL 16:8e0d178b1d1e 19914 if (outSzA == outSzB){
wolfSSL 16:8e0d178b1d1e 19915 #ifdef WOLFSSL_PIC32MZ_HASH
wolfSSL 16:8e0d178b1d1e 19916 if(XMEMCMP(digestA, digestB, PIC32_DIGEST_SIZE) != 0){
wolfSSL 16:8e0d178b1d1e 19917 return WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 19918 }
wolfSSL 16:8e0d178b1d1e 19919 #else
wolfSSL 16:8e0d178b1d1e 19920 if(XMEMCMP(digestA, digestB, WC_SHA_DIGEST_SIZE) != 0){
wolfSSL 16:8e0d178b1d1e 19921 return WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 19922 }
wolfSSL 16:8e0d178b1d1e 19923 #endif
wolfSSL 16:8e0d178b1d1e 19924 else{
wolfSSL 16:8e0d178b1d1e 19925 WOLFSSL_LEAVE("wolfSSL_X509_cmp", 0);
wolfSSL 16:8e0d178b1d1e 19926 return 0;
wolfSSL 16:8e0d178b1d1e 19927 }
wolfSSL 16:8e0d178b1d1e 19928 }
wolfSSL 16:8e0d178b1d1e 19929 else{
wolfSSL 16:8e0d178b1d1e 19930 WOLFSSL_LEAVE("wolfSSL_X509_cmp", WOLFSSL_FATAL_ERROR);
wolfSSL 16:8e0d178b1d1e 19931 return WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 19932 }
wolfSSL 16:8e0d178b1d1e 19933 }
wolfSSL 16:8e0d178b1d1e 19934 #endif
wolfSSL 16:8e0d178b1d1e 19935
wolfSSL 15:117db924cf7c 19936 #if defined(OPENSSL_EXTRA)
wolfSSL 15:117db924cf7c 19937 #if !defined(NO_CERTS)
wolfSSL 15:117db924cf7c 19938 int wolfSSL_X509_ext_isSet_by_NID(WOLFSSL_X509* x509, int nid)
wolfSSL 15:117db924cf7c 19939 {
wolfSSL 15:117db924cf7c 19940 int isSet = 0;
wolfSSL 15:117db924cf7c 19941
wolfSSL 15:117db924cf7c 19942 WOLFSSL_ENTER("wolfSSL_X509_ext_isSet_by_NID");
wolfSSL 15:117db924cf7c 19943
wolfSSL 15:117db924cf7c 19944 if (x509 != NULL) {
wolfSSL 15:117db924cf7c 19945 switch (nid) {
wolfSSL 15:117db924cf7c 19946 case BASIC_CA_OID: isSet = x509->basicConstSet; break;
wolfSSL 15:117db924cf7c 19947 case ALT_NAMES_OID: isSet = x509->subjAltNameSet; break;
wolfSSL 15:117db924cf7c 19948 case AUTH_KEY_OID: isSet = x509->authKeyIdSet; break;
wolfSSL 15:117db924cf7c 19949 case SUBJ_KEY_OID: isSet = x509->subjKeyIdSet; break;
wolfSSL 15:117db924cf7c 19950 case KEY_USAGE_OID: isSet = x509->keyUsageSet; break;
wolfSSL 16:8e0d178b1d1e 19951 case CRL_DIST_OID: isSet = x509->CRLdistSet; break;
wolfSSL 16:8e0d178b1d1e 19952 case EXT_KEY_USAGE_OID: isSet = ((x509->extKeyUsageSrc) ? 1 : 0);
wolfSSL 16:8e0d178b1d1e 19953 break;
wolfSSL 16:8e0d178b1d1e 19954 case AUTH_INFO_OID: isSet = x509->authInfoSet; break;
wolfSSL 16:8e0d178b1d1e 19955 #if defined(WOLFSSL_SEP) || defined(WOLFSSL_QT)
wolfSSL 15:117db924cf7c 19956 case CERT_POLICY_OID: isSet = x509->certPolicySet; break;
wolfSSL 16:8e0d178b1d1e 19957 #endif /* WOLFSSL_SEP || WOLFSSL_QT */
wolfSSL 16:8e0d178b1d1e 19958 default:
wolfSSL 16:8e0d178b1d1e 19959 WOLFSSL_MSG("NID not in table");
wolfSSL 15:117db924cf7c 19960 }
wolfSSL 15:117db924cf7c 19961 }
wolfSSL 15:117db924cf7c 19962
wolfSSL 15:117db924cf7c 19963 WOLFSSL_LEAVE("wolfSSL_X509_ext_isSet_by_NID", isSet);
wolfSSL 15:117db924cf7c 19964
wolfSSL 15:117db924cf7c 19965 return isSet;
wolfSSL 15:117db924cf7c 19966 }
wolfSSL 15:117db924cf7c 19967
wolfSSL 15:117db924cf7c 19968
wolfSSL 15:117db924cf7c 19969 int wolfSSL_X509_ext_get_critical_by_NID(WOLFSSL_X509* x509, int nid)
wolfSSL 15:117db924cf7c 19970 {
wolfSSL 15:117db924cf7c 19971 int crit = 0;
wolfSSL 15:117db924cf7c 19972
wolfSSL 15:117db924cf7c 19973 WOLFSSL_ENTER("wolfSSL_X509_ext_get_critical_by_NID");
wolfSSL 15:117db924cf7c 19974
wolfSSL 15:117db924cf7c 19975 if (x509 != NULL) {
wolfSSL 15:117db924cf7c 19976 switch (nid) {
wolfSSL 15:117db924cf7c 19977 case BASIC_CA_OID: crit = x509->basicConstCrit; break;
wolfSSL 15:117db924cf7c 19978 case ALT_NAMES_OID: crit = x509->subjAltNameCrit; break;
wolfSSL 15:117db924cf7c 19979 case AUTH_KEY_OID: crit = x509->authKeyIdCrit; break;
wolfSSL 15:117db924cf7c 19980 case SUBJ_KEY_OID: crit = x509->subjKeyIdCrit; break;
wolfSSL 15:117db924cf7c 19981 case KEY_USAGE_OID: crit = x509->keyUsageCrit; break;
wolfSSL 16:8e0d178b1d1e 19982 case CRL_DIST_OID: crit= x509->CRLdistCrit; break;
wolfSSL 16:8e0d178b1d1e 19983 #if defined(WOLFSSL_SEP) || defined(WOLFSSL_QT)
wolfSSL 15:117db924cf7c 19984 case CERT_POLICY_OID: crit = x509->certPolicyCrit; break;
wolfSSL 16:8e0d178b1d1e 19985 #endif /* WOLFSSL_SEP || WOLFSSL_QT */
wolfSSL 15:117db924cf7c 19986 }
wolfSSL 15:117db924cf7c 19987 }
wolfSSL 15:117db924cf7c 19988
wolfSSL 15:117db924cf7c 19989 WOLFSSL_LEAVE("wolfSSL_X509_ext_get_critical_by_NID", crit);
wolfSSL 15:117db924cf7c 19990
wolfSSL 15:117db924cf7c 19991 return crit;
wolfSSL 15:117db924cf7c 19992 }
wolfSSL 15:117db924cf7c 19993
wolfSSL 15:117db924cf7c 19994
wolfSSL 15:117db924cf7c 19995 int wolfSSL_X509_get_isSet_pathLength(WOLFSSL_X509* x509)
wolfSSL 15:117db924cf7c 19996 {
wolfSSL 15:117db924cf7c 19997 int isSet = 0;
wolfSSL 15:117db924cf7c 19998
wolfSSL 15:117db924cf7c 19999 WOLFSSL_ENTER("wolfSSL_X509_get_isSet_pathLength");
wolfSSL 15:117db924cf7c 20000
wolfSSL 15:117db924cf7c 20001 if (x509 != NULL)
wolfSSL 15:117db924cf7c 20002 isSet = x509->basicConstPlSet;
wolfSSL 15:117db924cf7c 20003
wolfSSL 15:117db924cf7c 20004 WOLFSSL_LEAVE("wolfSSL_X509_get_isSet_pathLength", isSet);
wolfSSL 15:117db924cf7c 20005
wolfSSL 15:117db924cf7c 20006 return isSet;
wolfSSL 15:117db924cf7c 20007 }
wolfSSL 15:117db924cf7c 20008
wolfSSL 15:117db924cf7c 20009
wolfSSL 15:117db924cf7c 20010 word32 wolfSSL_X509_get_pathLength(WOLFSSL_X509* x509)
wolfSSL 15:117db924cf7c 20011 {
wolfSSL 15:117db924cf7c 20012 word32 pathLength = 0;
wolfSSL 15:117db924cf7c 20013
wolfSSL 15:117db924cf7c 20014 WOLFSSL_ENTER("wolfSSL_X509_get_pathLength");
wolfSSL 15:117db924cf7c 20015
wolfSSL 15:117db924cf7c 20016 if (x509 != NULL)
wolfSSL 15:117db924cf7c 20017 pathLength = x509->pathLength;
wolfSSL 15:117db924cf7c 20018
wolfSSL 15:117db924cf7c 20019 WOLFSSL_LEAVE("wolfSSL_X509_get_pathLength", pathLength);
wolfSSL 15:117db924cf7c 20020
wolfSSL 15:117db924cf7c 20021 return pathLength;
wolfSSL 15:117db924cf7c 20022 }
wolfSSL 15:117db924cf7c 20023
wolfSSL 15:117db924cf7c 20024
wolfSSL 15:117db924cf7c 20025 unsigned int wolfSSL_X509_get_keyUsage(WOLFSSL_X509* x509)
wolfSSL 15:117db924cf7c 20026 {
wolfSSL 15:117db924cf7c 20027 word16 usage = 0;
wolfSSL 15:117db924cf7c 20028
wolfSSL 15:117db924cf7c 20029 WOLFSSL_ENTER("wolfSSL_X509_get_keyUsage");
wolfSSL 15:117db924cf7c 20030
wolfSSL 15:117db924cf7c 20031 if (x509 != NULL)
wolfSSL 15:117db924cf7c 20032 usage = x509->keyUsage;
wolfSSL 15:117db924cf7c 20033
wolfSSL 15:117db924cf7c 20034 WOLFSSL_LEAVE("wolfSSL_X509_get_keyUsage", usage);
wolfSSL 15:117db924cf7c 20035
wolfSSL 15:117db924cf7c 20036 return usage;
wolfSSL 15:117db924cf7c 20037 }
wolfSSL 15:117db924cf7c 20038
wolfSSL 15:117db924cf7c 20039
wolfSSL 15:117db924cf7c 20040 byte* wolfSSL_X509_get_authorityKeyID(WOLFSSL_X509* x509,
wolfSSL 15:117db924cf7c 20041 byte* dst, int* dstLen)
wolfSSL 15:117db924cf7c 20042 {
wolfSSL 15:117db924cf7c 20043 byte *id = NULL;
wolfSSL 15:117db924cf7c 20044 int copySz = 0;
wolfSSL 15:117db924cf7c 20045
wolfSSL 15:117db924cf7c 20046 WOLFSSL_ENTER("wolfSSL_X509_get_authorityKeyID");
wolfSSL 15:117db924cf7c 20047
wolfSSL 15:117db924cf7c 20048 if (x509 != NULL) {
wolfSSL 15:117db924cf7c 20049 if (x509->authKeyIdSet) {
wolfSSL 15:117db924cf7c 20050 copySz = min(dstLen != NULL ? *dstLen : 0,
wolfSSL 15:117db924cf7c 20051 (int)x509->authKeyIdSz);
wolfSSL 15:117db924cf7c 20052 id = x509->authKeyId;
wolfSSL 15:117db924cf7c 20053 }
wolfSSL 15:117db924cf7c 20054
wolfSSL 15:117db924cf7c 20055 if (dst != NULL && dstLen != NULL && id != NULL && copySz > 0) {
wolfSSL 15:117db924cf7c 20056 XMEMCPY(dst, id, copySz);
wolfSSL 15:117db924cf7c 20057 id = dst;
wolfSSL 15:117db924cf7c 20058 *dstLen = copySz;
wolfSSL 15:117db924cf7c 20059 }
wolfSSL 15:117db924cf7c 20060 }
wolfSSL 15:117db924cf7c 20061
wolfSSL 15:117db924cf7c 20062 WOLFSSL_LEAVE("wolfSSL_X509_get_authorityKeyID", copySz);
wolfSSL 15:117db924cf7c 20063
wolfSSL 15:117db924cf7c 20064 return id;
wolfSSL 15:117db924cf7c 20065 }
wolfSSL 15:117db924cf7c 20066
wolfSSL 15:117db924cf7c 20067
wolfSSL 15:117db924cf7c 20068 byte* wolfSSL_X509_get_subjectKeyID(WOLFSSL_X509* x509,
wolfSSL 15:117db924cf7c 20069 byte* dst, int* dstLen)
wolfSSL 15:117db924cf7c 20070 {
wolfSSL 15:117db924cf7c 20071 byte *id = NULL;
wolfSSL 15:117db924cf7c 20072 int copySz = 0;
wolfSSL 15:117db924cf7c 20073
wolfSSL 15:117db924cf7c 20074 WOLFSSL_ENTER("wolfSSL_X509_get_subjectKeyID");
wolfSSL 15:117db924cf7c 20075
wolfSSL 15:117db924cf7c 20076 if (x509 != NULL) {
wolfSSL 15:117db924cf7c 20077 if (x509->subjKeyIdSet) {
wolfSSL 15:117db924cf7c 20078 copySz = min(dstLen != NULL ? *dstLen : 0,
wolfSSL 15:117db924cf7c 20079 (int)x509->subjKeyIdSz);
wolfSSL 15:117db924cf7c 20080 id = x509->subjKeyId;
wolfSSL 15:117db924cf7c 20081 }
wolfSSL 15:117db924cf7c 20082
wolfSSL 15:117db924cf7c 20083 if (dst != NULL && dstLen != NULL && id != NULL && copySz > 0) {
wolfSSL 15:117db924cf7c 20084 XMEMCPY(dst, id, copySz);
wolfSSL 15:117db924cf7c 20085 id = dst;
wolfSSL 15:117db924cf7c 20086 *dstLen = copySz;
wolfSSL 15:117db924cf7c 20087 }
wolfSSL 15:117db924cf7c 20088 }
wolfSSL 15:117db924cf7c 20089
wolfSSL 15:117db924cf7c 20090 WOLFSSL_LEAVE("wolfSSL_X509_get_subjectKeyID", copySz);
wolfSSL 15:117db924cf7c 20091
wolfSSL 15:117db924cf7c 20092 return id;
wolfSSL 15:117db924cf7c 20093 }
wolfSSL 15:117db924cf7c 20094
wolfSSL 15:117db924cf7c 20095
wolfSSL 15:117db924cf7c 20096 int wolfSSL_X509_NAME_entry_count(WOLFSSL_X509_NAME* name)
wolfSSL 15:117db924cf7c 20097 {
wolfSSL 15:117db924cf7c 20098 int count = 0;
wolfSSL 15:117db924cf7c 20099
wolfSSL 15:117db924cf7c 20100 WOLFSSL_ENTER("wolfSSL_X509_NAME_entry_count");
wolfSSL 15:117db924cf7c 20101
wolfSSL 15:117db924cf7c 20102 if (name != NULL)
wolfSSL 16:8e0d178b1d1e 20103 count = name->fullName.locSz;
wolfSSL 15:117db924cf7c 20104
wolfSSL 15:117db924cf7c 20105 WOLFSSL_LEAVE("wolfSSL_X509_NAME_entry_count", count);
wolfSSL 15:117db924cf7c 20106 return count;
wolfSSL 15:117db924cf7c 20107 }
wolfSSL 15:117db924cf7c 20108
wolfSSL 15:117db924cf7c 20109
wolfSSL 15:117db924cf7c 20110
wolfSSL 15:117db924cf7c 20111 int wolfSSL_X509_NAME_get_index_by_NID(WOLFSSL_X509_NAME* name,
wolfSSL 15:117db924cf7c 20112 int nid, int pos)
wolfSSL 15:117db924cf7c 20113 {
wolfSSL 16:8e0d178b1d1e 20114 int value = nid, i;
wolfSSL 15:117db924cf7c 20115
wolfSSL 15:117db924cf7c 20116 WOLFSSL_ENTER("wolfSSL_X509_NAME_get_index_by_NID");
wolfSSL 15:117db924cf7c 20117
wolfSSL 16:8e0d178b1d1e 20118 if (name == NULL || pos >= DN_NAMES_MAX + DOMAIN_COMPONENT_MAX) {
wolfSSL 15:117db924cf7c 20119 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 20120 }
wolfSSL 15:117db924cf7c 20121
wolfSSL 16:8e0d178b1d1e 20122 if (value == NID_emailAddress) {
wolfSSL 16:8e0d178b1d1e 20123 value = ASN_EMAIL_NAME;
wolfSSL 16:8e0d178b1d1e 20124 }
wolfSSL 16:8e0d178b1d1e 20125
wolfSSL 16:8e0d178b1d1e 20126 i = pos + 1; /* start search after index passed in */
wolfSSL 16:8e0d178b1d1e 20127 if (i < 0) {
wolfSSL 16:8e0d178b1d1e 20128 i = 0;
wolfSSL 16:8e0d178b1d1e 20129 }
wolfSSL 16:8e0d178b1d1e 20130
wolfSSL 16:8e0d178b1d1e 20131 for (;i < name->fullName.locSz &&
wolfSSL 16:8e0d178b1d1e 20132 i < DN_NAMES_MAX + DOMAIN_COMPONENT_MAX; i++) {
wolfSSL 16:8e0d178b1d1e 20133 if (name->fullName.loc[i] == value) {
wolfSSL 16:8e0d178b1d1e 20134 return i;
wolfSSL 16:8e0d178b1d1e 20135 }
wolfSSL 16:8e0d178b1d1e 20136 }
wolfSSL 16:8e0d178b1d1e 20137 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 20138 }
wolfSSL 15:117db924cf7c 20139
wolfSSL 15:117db924cf7c 20140
wolfSSL 15:117db924cf7c 20141 WOLFSSL_ASN1_STRING* wolfSSL_X509_NAME_ENTRY_get_data(
wolfSSL 15:117db924cf7c 20142 WOLFSSL_X509_NAME_ENTRY* in)
wolfSSL 15:117db924cf7c 20143 {
wolfSSL 15:117db924cf7c 20144 WOLFSSL_ENTER("wolfSSL_X509_NAME_ENTRY_get_data");
wolfSSL 16:8e0d178b1d1e 20145 if (in == NULL)
wolfSSL 16:8e0d178b1d1e 20146 return NULL;
wolfSSL 16:8e0d178b1d1e 20147
wolfSSL 15:117db924cf7c 20148 return in->value;
wolfSSL 15:117db924cf7c 20149 }
wolfSSL 15:117db924cf7c 20150
wolfSSL 15:117db924cf7c 20151
wolfSSL 15:117db924cf7c 20152 /* Creates a new WOLFSSL_ASN1_STRING structure.
wolfSSL 15:117db924cf7c 20153 *
wolfSSL 15:117db924cf7c 20154 * returns a pointer to the new structure created on success or NULL if fail
wolfSSL 15:117db924cf7c 20155 */
wolfSSL 16:8e0d178b1d1e 20156 WOLFSSL_ASN1_STRING* wolfSSL_ASN1_STRING_new(void)
wolfSSL 15:117db924cf7c 20157 {
wolfSSL 15:117db924cf7c 20158 WOLFSSL_ASN1_STRING* asn1;
wolfSSL 15:117db924cf7c 20159
wolfSSL 15:117db924cf7c 20160 WOLFSSL_ENTER("wolfSSL_ASN1_STRING_new");
wolfSSL 15:117db924cf7c 20161
wolfSSL 15:117db924cf7c 20162 asn1 = (WOLFSSL_ASN1_STRING*)XMALLOC(sizeof(WOLFSSL_ASN1_STRING), NULL,
wolfSSL 15:117db924cf7c 20163 DYNAMIC_TYPE_OPENSSL);
wolfSSL 15:117db924cf7c 20164 if (asn1 != NULL) {
wolfSSL 15:117db924cf7c 20165 XMEMSET(asn1, 0, sizeof(WOLFSSL_ASN1_STRING));
wolfSSL 15:117db924cf7c 20166 }
wolfSSL 15:117db924cf7c 20167
wolfSSL 15:117db924cf7c 20168 return asn1; /* no check for null because error case is returning null*/
wolfSSL 15:117db924cf7c 20169 }
wolfSSL 15:117db924cf7c 20170
wolfSSL 15:117db924cf7c 20171
wolfSSL 15:117db924cf7c 20172 /* used to free a WOLFSSL_ASN1_STRING structure */
wolfSSL 15:117db924cf7c 20173 void wolfSSL_ASN1_STRING_free(WOLFSSL_ASN1_STRING* asn1)
wolfSSL 15:117db924cf7c 20174 {
wolfSSL 15:117db924cf7c 20175 WOLFSSL_ENTER("wolfSSL_ASN1_STRING_free");
wolfSSL 15:117db924cf7c 20176
wolfSSL 15:117db924cf7c 20177 if (asn1 != NULL) {
wolfSSL 16:8e0d178b1d1e 20178 if (asn1->length > 0 && asn1->data != NULL && asn1->isDynamic) {
wolfSSL 15:117db924cf7c 20179 XFREE(asn1->data, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL 15:117db924cf7c 20180 }
wolfSSL 15:117db924cf7c 20181 XFREE(asn1, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL 15:117db924cf7c 20182 }
wolfSSL 15:117db924cf7c 20183 }
wolfSSL 15:117db924cf7c 20184
wolfSSL 15:117db924cf7c 20185
wolfSSL 15:117db924cf7c 20186 /* Creates a new WOLFSSL_ASN1_STRING structure given the input type.
wolfSSL 15:117db924cf7c 20187 *
wolfSSL 15:117db924cf7c 20188 * type is the type of set when WOLFSSL_ASN1_STRING is created
wolfSSL 15:117db924cf7c 20189 *
wolfSSL 15:117db924cf7c 20190 * returns a pointer to the new structure created on success or NULL if fail
wolfSSL 15:117db924cf7c 20191 */
wolfSSL 15:117db924cf7c 20192 WOLFSSL_ASN1_STRING* wolfSSL_ASN1_STRING_type_new(int type)
wolfSSL 15:117db924cf7c 20193 {
wolfSSL 15:117db924cf7c 20194 WOLFSSL_ASN1_STRING* asn1;
wolfSSL 15:117db924cf7c 20195
wolfSSL 15:117db924cf7c 20196 WOLFSSL_ENTER("wolfSSL_ASN1_STRING_type_new");
wolfSSL 15:117db924cf7c 20197
wolfSSL 15:117db924cf7c 20198 asn1 = wolfSSL_ASN1_STRING_new();
wolfSSL 15:117db924cf7c 20199 if (asn1 == NULL) {
wolfSSL 15:117db924cf7c 20200 return NULL;
wolfSSL 15:117db924cf7c 20201 }
wolfSSL 15:117db924cf7c 20202 asn1->type = type;
wolfSSL 15:117db924cf7c 20203
wolfSSL 15:117db924cf7c 20204 return asn1;
wolfSSL 15:117db924cf7c 20205 }
wolfSSL 15:117db924cf7c 20206
wolfSSL 15:117db924cf7c 20207
wolfSSL 16:8e0d178b1d1e 20208 /******************************************************************************
wolfSSL 16:8e0d178b1d1e 20209 * wolfSSL_ASN1_STRING_type - returns the type of <asn1>
wolfSSL 16:8e0d178b1d1e 20210 *
wolfSSL 16:8e0d178b1d1e 20211 * RETURNS:
wolfSSL 16:8e0d178b1d1e 20212 * returns the type set for <asn1>. Otherwise, returns WOLFSSL_FAILURE.
wolfSSL 16:8e0d178b1d1e 20213 */
wolfSSL 16:8e0d178b1d1e 20214 int wolfSSL_ASN1_STRING_type(const WOLFSSL_ASN1_STRING* asn1)
wolfSSL 16:8e0d178b1d1e 20215 {
wolfSSL 16:8e0d178b1d1e 20216
wolfSSL 16:8e0d178b1d1e 20217 WOLFSSL_ENTER("wolfSSL_ASN1_STRING_type");
wolfSSL 16:8e0d178b1d1e 20218
wolfSSL 16:8e0d178b1d1e 20219 if (asn1 == NULL) {
wolfSSL 16:8e0d178b1d1e 20220 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 20221 }
wolfSSL 16:8e0d178b1d1e 20222
wolfSSL 16:8e0d178b1d1e 20223 return asn1->type;
wolfSSL 16:8e0d178b1d1e 20224 }
wolfSSL 16:8e0d178b1d1e 20225
wolfSSL 15:117db924cf7c 20226 /* if dataSz is negative then use XSTRLEN to find length of data
wolfSSL 15:117db924cf7c 20227 * return WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on failure */
wolfSSL 16:8e0d178b1d1e 20228 /* `data` can be NULL and only buffer will be allocated */
wolfSSL 15:117db924cf7c 20229 int wolfSSL_ASN1_STRING_set(WOLFSSL_ASN1_STRING* asn1, const void* data,
wolfSSL 15:117db924cf7c 20230 int dataSz)
wolfSSL 15:117db924cf7c 20231 {
wolfSSL 15:117db924cf7c 20232 int sz;
wolfSSL 15:117db924cf7c 20233
wolfSSL 15:117db924cf7c 20234 WOLFSSL_ENTER("wolfSSL_ASN1_STRING_set");
wolfSSL 15:117db924cf7c 20235
wolfSSL 16:8e0d178b1d1e 20236 if (asn1 == NULL || (data == NULL && dataSz < 0)) {
wolfSSL 15:117db924cf7c 20237 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 20238 }
wolfSSL 15:117db924cf7c 20239
wolfSSL 15:117db924cf7c 20240 if (dataSz < 0) {
wolfSSL 15:117db924cf7c 20241 sz = (int)XSTRLEN((const char*)data) + 1; /* +1 for null */
wolfSSL 15:117db924cf7c 20242 }
wolfSSL 15:117db924cf7c 20243 else {
wolfSSL 15:117db924cf7c 20244 sz = dataSz;
wolfSSL 15:117db924cf7c 20245 }
wolfSSL 15:117db924cf7c 20246
wolfSSL 15:117db924cf7c 20247 if (sz < 0) {
wolfSSL 15:117db924cf7c 20248 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 20249 }
wolfSSL 15:117db924cf7c 20250
wolfSSL 15:117db924cf7c 20251 /* free any existing data before copying */
wolfSSL 16:8e0d178b1d1e 20252 if (asn1->data != NULL && asn1->isDynamic) {
wolfSSL 15:117db924cf7c 20253 XFREE(asn1->data, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL 16:8e0d178b1d1e 20254 asn1->data = NULL;
wolfSSL 16:8e0d178b1d1e 20255 }
wolfSSL 16:8e0d178b1d1e 20256
wolfSSL 16:8e0d178b1d1e 20257 if (sz > CTC_NAME_SIZE) {
wolfSSL 16:8e0d178b1d1e 20258 /* create new data buffer and copy over */
wolfSSL 16:8e0d178b1d1e 20259 asn1->data = (char*)XMALLOC(sz, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL 16:8e0d178b1d1e 20260 if (asn1->data == NULL) {
wolfSSL 16:8e0d178b1d1e 20261 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 20262 }
wolfSSL 16:8e0d178b1d1e 20263 asn1->isDynamic = 1;
wolfSSL 16:8e0d178b1d1e 20264 }
wolfSSL 16:8e0d178b1d1e 20265 else {
wolfSSL 16:8e0d178b1d1e 20266 XMEMSET(asn1->strData, 0, CTC_NAME_SIZE);
wolfSSL 16:8e0d178b1d1e 20267 asn1->data = asn1->strData;
wolfSSL 16:8e0d178b1d1e 20268 asn1->isDynamic = 0;
wolfSSL 16:8e0d178b1d1e 20269 }
wolfSSL 16:8e0d178b1d1e 20270 if (data != NULL) {
wolfSSL 16:8e0d178b1d1e 20271 XMEMCPY(asn1->data, data, sz);
wolfSSL 16:8e0d178b1d1e 20272 asn1->data[sz] = '\0';
wolfSSL 16:8e0d178b1d1e 20273 }
wolfSSL 15:117db924cf7c 20274 asn1->length = sz;
wolfSSL 15:117db924cf7c 20275
wolfSSL 15:117db924cf7c 20276 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 20277 }
wolfSSL 15:117db924cf7c 20278
wolfSSL 15:117db924cf7c 20279
wolfSSL 15:117db924cf7c 20280 unsigned char* wolfSSL_ASN1_STRING_data(WOLFSSL_ASN1_STRING* asn)
wolfSSL 15:117db924cf7c 20281 {
wolfSSL 15:117db924cf7c 20282 WOLFSSL_ENTER("wolfSSL_ASN1_STRING_data");
wolfSSL 15:117db924cf7c 20283
wolfSSL 15:117db924cf7c 20284 if (asn) {
wolfSSL 15:117db924cf7c 20285 return (unsigned char*)asn->data;
wolfSSL 15:117db924cf7c 20286 }
wolfSSL 15:117db924cf7c 20287 else {
wolfSSL 15:117db924cf7c 20288 return NULL;
wolfSSL 15:117db924cf7c 20289 }
wolfSSL 15:117db924cf7c 20290 }
wolfSSL 15:117db924cf7c 20291
wolfSSL 15:117db924cf7c 20292
wolfSSL 15:117db924cf7c 20293 int wolfSSL_ASN1_STRING_length(WOLFSSL_ASN1_STRING* asn)
wolfSSL 15:117db924cf7c 20294 {
wolfSSL 15:117db924cf7c 20295 WOLFSSL_ENTER("wolfSSL_ASN1_STRING_length");
wolfSSL 15:117db924cf7c 20296
wolfSSL 15:117db924cf7c 20297 if (asn) {
wolfSSL 15:117db924cf7c 20298 return asn->length;
wolfSSL 15:117db924cf7c 20299 }
wolfSSL 15:117db924cf7c 20300 else {
wolfSSL 15:117db924cf7c 20301 return 0;
wolfSSL 15:117db924cf7c 20302 }
wolfSSL 15:117db924cf7c 20303 }
wolfSSL 15:117db924cf7c 20304
wolfSSL 16:8e0d178b1d1e 20305 #ifndef NO_WOLFSSL_STUB
wolfSSL 16:8e0d178b1d1e 20306 WOLFSSL_ASN1_STRING* wolfSSL_d2i_DISPLAYTEXT(WOLFSSL_ASN1_STRING **asn,
wolfSSL 16:8e0d178b1d1e 20307 const unsigned char **in, long len)
wolfSSL 16:8e0d178b1d1e 20308 {
wolfSSL 16:8e0d178b1d1e 20309 WOLFSSL_STUB("d2i_DISPLAYTEXT");
wolfSSL 16:8e0d178b1d1e 20310 (void)asn;
wolfSSL 16:8e0d178b1d1e 20311 (void)in;
wolfSSL 16:8e0d178b1d1e 20312 (void)len;
wolfSSL 16:8e0d178b1d1e 20313 return NULL;
wolfSSL 16:8e0d178b1d1e 20314 }
wolfSSL 16:8e0d178b1d1e 20315 #endif
wolfSSL 15:117db924cf7c 20316
wolfSSL 15:117db924cf7c 20317 #ifdef XSNPRINTF /* a snprintf function needs to be available */
wolfSSL 15:117db924cf7c 20318 /* Writes the human readable form of x509 to bio.
wolfSSL 15:117db924cf7c 20319 *
wolfSSL 15:117db924cf7c 20320 * bio WOLFSSL_BIO to write to.
wolfSSL 15:117db924cf7c 20321 * x509 Certificate to write.
wolfSSL 15:117db924cf7c 20322 *
wolfSSL 15:117db924cf7c 20323 * returns WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on failure
wolfSSL 15:117db924cf7c 20324 */
wolfSSL 16:8e0d178b1d1e 20325 int wolfSSL_X509_print_ex(WOLFSSL_BIO* bio, WOLFSSL_X509* x509,
wolfSSL 16:8e0d178b1d1e 20326 unsigned long nmflags, unsigned long cflag)
wolfSSL 16:8e0d178b1d1e 20327 {
wolfSSL 16:8e0d178b1d1e 20328 WOLFSSL_ENTER("wolfSSL_X509_print_ex");
wolfSSL 16:8e0d178b1d1e 20329
wolfSSL 16:8e0d178b1d1e 20330 #ifndef NO_WOLFSSL_STUB
wolfSSL 16:8e0d178b1d1e 20331 /* flags currently not supported */
wolfSSL 16:8e0d178b1d1e 20332 (void)nmflags;
wolfSSL 16:8e0d178b1d1e 20333 (void)cflag;
wolfSSL 16:8e0d178b1d1e 20334 #endif
wolfSSL 15:117db924cf7c 20335
wolfSSL 15:117db924cf7c 20336 if (bio == NULL || x509 == NULL) {
wolfSSL 15:117db924cf7c 20337 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 20338 }
wolfSSL 15:117db924cf7c 20339
wolfSSL 16:8e0d178b1d1e 20340 if (wolfSSL_BIO_write(bio, "Certificate:\n",
wolfSSL 16:8e0d178b1d1e 20341 (int)XSTRLEN("Certificate:\n")) <= 0) {
wolfSSL 16:8e0d178b1d1e 20342 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 20343 }
wolfSSL 16:8e0d178b1d1e 20344
wolfSSL 16:8e0d178b1d1e 20345 if (wolfSSL_BIO_write(bio, " Data:\n",
wolfSSL 16:8e0d178b1d1e 20346 (int)XSTRLEN(" Data:\n")) <= 0) {
wolfSSL 15:117db924cf7c 20347 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 20348 }
wolfSSL 15:117db924cf7c 20349
wolfSSL 15:117db924cf7c 20350 /* print version of cert */
wolfSSL 15:117db924cf7c 20351 {
wolfSSL 15:117db924cf7c 20352 int version;
wolfSSL 16:8e0d178b1d1e 20353 char tmp[20];
wolfSSL 16:8e0d178b1d1e 20354
wolfSSL 16:8e0d178b1d1e 20355 if ((version = wolfSSL_X509_version(x509)) < 0) {
wolfSSL 15:117db924cf7c 20356 WOLFSSL_MSG("Error getting X509 version");
wolfSSL 15:117db924cf7c 20357 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 20358 }
wolfSSL 16:8e0d178b1d1e 20359 if (wolfSSL_BIO_write(bio, " Version:",
wolfSSL 16:8e0d178b1d1e 20360 (int)XSTRLEN(" Version:")) <= 0) {
wolfSSL 16:8e0d178b1d1e 20361 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 20362 }
wolfSSL 16:8e0d178b1d1e 20363 XSNPRINTF(tmp, sizeof(tmp), " %d (0x%x)\n", version, (byte)version-1);
wolfSSL 15:117db924cf7c 20364 if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) {
wolfSSL 15:117db924cf7c 20365 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 20366 }
wolfSSL 15:117db924cf7c 20367 }
wolfSSL 15:117db924cf7c 20368
wolfSSL 15:117db924cf7c 20369 /* print serial number out */
wolfSSL 15:117db924cf7c 20370 {
wolfSSL 15:117db924cf7c 20371 unsigned char serial[32];
wolfSSL 15:117db924cf7c 20372 int sz = sizeof(serial);
wolfSSL 15:117db924cf7c 20373
wolfSSL 15:117db924cf7c 20374 XMEMSET(serial, 0, sz);
wolfSSL 15:117db924cf7c 20375 if (wolfSSL_X509_get_serial_number(x509, serial, &sz)
wolfSSL 15:117db924cf7c 20376 != WOLFSSL_SUCCESS) {
wolfSSL 15:117db924cf7c 20377 WOLFSSL_MSG("Error getting x509 serial number");
wolfSSL 15:117db924cf7c 20378 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 20379 }
wolfSSL 16:8e0d178b1d1e 20380 if (wolfSSL_BIO_write(bio, " Serial Number:",
wolfSSL 16:8e0d178b1d1e 20381 (int)XSTRLEN(" Serial Number:")) <= 0) {
wolfSSL 15:117db924cf7c 20382 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 20383 }
wolfSSL 15:117db924cf7c 20384
wolfSSL 15:117db924cf7c 20385 /* if serial can fit into byte than print on the same line */
wolfSSL 15:117db924cf7c 20386 if (sz <= (int)sizeof(byte)) {
wolfSSL 15:117db924cf7c 20387 char tmp[17];
wolfSSL 16:8e0d178b1d1e 20388 XSNPRINTF(tmp, sizeof(tmp), " %d (0x%x)\n", serial[0],serial[0]);
wolfSSL 15:117db924cf7c 20389 if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) {
wolfSSL 15:117db924cf7c 20390 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 20391 }
wolfSSL 15:117db924cf7c 20392 }
wolfSSL 15:117db924cf7c 20393 else {
wolfSSL 15:117db924cf7c 20394 int i;
wolfSSL 15:117db924cf7c 20395 char tmp[100];
wolfSSL 15:117db924cf7c 20396 int tmpSz = 100;
wolfSSL 15:117db924cf7c 20397 char val[5];
wolfSSL 15:117db924cf7c 20398 int valSz = 5;
wolfSSL 15:117db924cf7c 20399
wolfSSL 15:117db924cf7c 20400 /* serial is larger than int size so print off hex values */
wolfSSL 15:117db924cf7c 20401 if (wolfSSL_BIO_write(bio, "\n ",
wolfSSL 16:8e0d178b1d1e 20402 (int)XSTRLEN("\n ")) <= 0) {
wolfSSL 15:117db924cf7c 20403 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 20404 }
wolfSSL 15:117db924cf7c 20405 tmp[0] = '\0';
wolfSSL 15:117db924cf7c 20406 for (i = 0; i < sz - 1 && (3 * i) < tmpSz - valSz; i++) {
wolfSSL 15:117db924cf7c 20407 XSNPRINTF(val, sizeof(val) - 1, "%02x:", serial[i]);
wolfSSL 15:117db924cf7c 20408 val[3] = '\0'; /* make sure is null terminated */
wolfSSL 15:117db924cf7c 20409 XSTRNCAT(tmp, val, valSz);
wolfSSL 15:117db924cf7c 20410 }
wolfSSL 15:117db924cf7c 20411 XSNPRINTF(val, sizeof(val) - 1, "%02x\n", serial[i]);
wolfSSL 15:117db924cf7c 20412 val[3] = '\0'; /* make sure is null terminated */
wolfSSL 15:117db924cf7c 20413 XSTRNCAT(tmp, val, valSz);
wolfSSL 15:117db924cf7c 20414 if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) {
wolfSSL 15:117db924cf7c 20415 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 20416 }
wolfSSL 15:117db924cf7c 20417 }
wolfSSL 15:117db924cf7c 20418 }
wolfSSL 15:117db924cf7c 20419
wolfSSL 15:117db924cf7c 20420 /* print signature algo */
wolfSSL 15:117db924cf7c 20421 {
wolfSSL 16:8e0d178b1d1e 20422 int oid;
wolfSSL 16:8e0d178b1d1e 20423 const char* sig;
wolfSSL 15:117db924cf7c 20424
wolfSSL 15:117db924cf7c 20425 if ((oid = wolfSSL_X509_get_signature_type(x509)) <= 0) {
wolfSSL 15:117db924cf7c 20426 WOLFSSL_MSG("Error getting x509 signature type");
wolfSSL 15:117db924cf7c 20427 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 20428 }
wolfSSL 16:8e0d178b1d1e 20429 if (wolfSSL_BIO_write(bio, " Signature Algorithm: ",
wolfSSL 16:8e0d178b1d1e 20430 (int)XSTRLEN(" Signature Algorithm: ")) <= 0) {
wolfSSL 15:117db924cf7c 20431 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 20432 }
wolfSSL 15:117db924cf7c 20433 sig = GetSigName(oid);
wolfSSL 15:117db924cf7c 20434 if (wolfSSL_BIO_write(bio, sig, (int)XSTRLEN(sig)) <= 0) {
wolfSSL 15:117db924cf7c 20435 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 20436 }
wolfSSL 16:8e0d178b1d1e 20437 if (wolfSSL_BIO_write(bio, "\n", (int)XSTRLEN("\n")) <= 0) {
wolfSSL 15:117db924cf7c 20438 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 20439 }
wolfSSL 15:117db924cf7c 20440 }
wolfSSL 15:117db924cf7c 20441
wolfSSL 15:117db924cf7c 20442 /* print issuer */
wolfSSL 15:117db924cf7c 20443 {
wolfSSL 15:117db924cf7c 20444 char* issuer;
wolfSSL 15:117db924cf7c 20445 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 20446 char* buff = NULL;
wolfSSL 15:117db924cf7c 20447 int issSz = 0;
wolfSSL 15:117db924cf7c 20448 #else
wolfSSL 15:117db924cf7c 20449 char buff[256];
wolfSSL 15:117db924cf7c 20450 int issSz = 256;
wolfSSL 15:117db924cf7c 20451 #endif
wolfSSL 15:117db924cf7c 20452
wolfSSL 16:8e0d178b1d1e 20453 #if defined(WOLFSSL_QT)
wolfSSL 16:8e0d178b1d1e 20454 issuer = wolfSSL_X509_get_name_oneline(
wolfSSL 16:8e0d178b1d1e 20455 wolfSSL_X509_get_issuer_name(x509), buff, issSz);
wolfSSL 16:8e0d178b1d1e 20456 #else
wolfSSL 16:8e0d178b1d1e 20457 issuer = wolfSSL_X509_NAME_oneline(
wolfSSL 16:8e0d178b1d1e 20458 wolfSSL_X509_get_issuer_name(x509), buff, issSz);
wolfSSL 16:8e0d178b1d1e 20459 #endif
wolfSSL 15:117db924cf7c 20460
wolfSSL 15:117db924cf7c 20461 if (wolfSSL_BIO_write(bio, " Issuer: ",
wolfSSL 16:8e0d178b1d1e 20462 (int)XSTRLEN(" Issuer: ")) <= 0) {
wolfSSL 15:117db924cf7c 20463 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 20464 XFREE(issuer, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL 15:117db924cf7c 20465 #endif
wolfSSL 15:117db924cf7c 20466 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 20467 }
wolfSSL 15:117db924cf7c 20468 if (issuer != NULL) {
wolfSSL 15:117db924cf7c 20469 if (wolfSSL_BIO_write(bio, issuer, (int)XSTRLEN(issuer)) <= 0) {
wolfSSL 15:117db924cf7c 20470 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 20471 XFREE(issuer, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL 15:117db924cf7c 20472 #endif
wolfSSL 15:117db924cf7c 20473 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 20474 }
wolfSSL 15:117db924cf7c 20475 }
wolfSSL 15:117db924cf7c 20476 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 20477 XFREE(issuer, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL 15:117db924cf7c 20478 #endif
wolfSSL 16:8e0d178b1d1e 20479 if (wolfSSL_BIO_write(bio, "\n", (int)XSTRLEN("\n")) <= 0) {
wolfSSL 16:8e0d178b1d1e 20480 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 20481 }
wolfSSL 16:8e0d178b1d1e 20482 }
wolfSSL 16:8e0d178b1d1e 20483
wolfSSL 16:8e0d178b1d1e 20484 #ifndef NO_ASN_TIME
wolfSSL 15:117db924cf7c 20485 /* print validity */
wolfSSL 15:117db924cf7c 20486 {
wolfSSL 15:117db924cf7c 20487 char tmp[80];
wolfSSL 15:117db924cf7c 20488
wolfSSL 15:117db924cf7c 20489 if (wolfSSL_BIO_write(bio, " Validity\n",
wolfSSL 16:8e0d178b1d1e 20490 (int)XSTRLEN(" Validity\n")) <= 0) {
wolfSSL 16:8e0d178b1d1e 20491 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 20492 }
wolfSSL 16:8e0d178b1d1e 20493
wolfSSL 15:117db924cf7c 20494 if (wolfSSL_BIO_write(bio, " Not Before: ",
wolfSSL 16:8e0d178b1d1e 20495 (int)XSTRLEN(" Not Before: ")) <= 0) {
wolfSSL 16:8e0d178b1d1e 20496 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 20497 }
wolfSSL 16:8e0d178b1d1e 20498 if (x509->notBefore.length > 0) {
wolfSSL 16:8e0d178b1d1e 20499 if (GetTimeString(x509->notBefore.data, ASN_UTC_TIME,
wolfSSL 16:8e0d178b1d1e 20500 tmp, sizeof(tmp)) != WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 20501 if (GetTimeString(x509->notBefore.data, ASN_GENERALIZED_TIME,
wolfSSL 16:8e0d178b1d1e 20502 tmp, sizeof(tmp)) != WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 20503 WOLFSSL_MSG("Error getting not before date");
wolfSSL 16:8e0d178b1d1e 20504 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 20505 }
wolfSSL 16:8e0d178b1d1e 20506 }
wolfSSL 16:8e0d178b1d1e 20507 }
wolfSSL 16:8e0d178b1d1e 20508 else {
wolfSSL 16:8e0d178b1d1e 20509 XSTRNCPY(tmp, "Not Set", sizeof(tmp)-1);
wolfSSL 15:117db924cf7c 20510 }
wolfSSL 15:117db924cf7c 20511 tmp[sizeof(tmp) - 1] = '\0'; /* make sure null terminated */
wolfSSL 15:117db924cf7c 20512 if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) {
wolfSSL 15:117db924cf7c 20513 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 20514 }
wolfSSL 16:8e0d178b1d1e 20515
wolfSSL 15:117db924cf7c 20516 if (wolfSSL_BIO_write(bio, "\n Not After : ",
wolfSSL 16:8e0d178b1d1e 20517 (int)XSTRLEN("\n Not After : ")) <= 0) {
wolfSSL 16:8e0d178b1d1e 20518 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 20519 }
wolfSSL 16:8e0d178b1d1e 20520 if (x509->notAfter.length > 0) {
wolfSSL 16:8e0d178b1d1e 20521 if (GetTimeString(x509->notAfter.data, ASN_UTC_TIME,
wolfSSL 15:117db924cf7c 20522 tmp, sizeof(tmp)) != WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 20523 if (GetTimeString(x509->notAfter.data, ASN_GENERALIZED_TIME,
wolfSSL 16:8e0d178b1d1e 20524 tmp, sizeof(tmp)) != WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 20525 WOLFSSL_MSG("Error getting not after date");
wolfSSL 16:8e0d178b1d1e 20526 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 20527 }
wolfSSL 16:8e0d178b1d1e 20528 }
wolfSSL 16:8e0d178b1d1e 20529 }
wolfSSL 16:8e0d178b1d1e 20530 else {
wolfSSL 16:8e0d178b1d1e 20531 XSTRNCPY(tmp, "Not Set", sizeof(tmp)-1);
wolfSSL 15:117db924cf7c 20532 }
wolfSSL 15:117db924cf7c 20533 tmp[sizeof(tmp) - 1] = '\0'; /* make sure null terminated */
wolfSSL 15:117db924cf7c 20534 if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) {
wolfSSL 15:117db924cf7c 20535 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 20536 }
wolfSSL 15:117db924cf7c 20537 }
wolfSSL 16:8e0d178b1d1e 20538 #endif
wolfSSL 15:117db924cf7c 20539
wolfSSL 15:117db924cf7c 20540 /* print subject */
wolfSSL 15:117db924cf7c 20541 {
wolfSSL 15:117db924cf7c 20542 char* subject;
wolfSSL 15:117db924cf7c 20543 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 20544 char* buff = NULL;
wolfSSL 15:117db924cf7c 20545 int subSz = 0;
wolfSSL 15:117db924cf7c 20546 #else
wolfSSL 15:117db924cf7c 20547 char buff[256];
wolfSSL 15:117db924cf7c 20548 int subSz = 256;
wolfSSL 15:117db924cf7c 20549 #endif
wolfSSL 15:117db924cf7c 20550
wolfSSL 16:8e0d178b1d1e 20551 #if defined(WOLFSSL_QT)
wolfSSL 16:8e0d178b1d1e 20552 subject = wolfSSL_X509_get_name_oneline(
wolfSSL 16:8e0d178b1d1e 20553 wolfSSL_X509_get_subject_name(x509), buff, subSz);
wolfSSL 16:8e0d178b1d1e 20554 #else
wolfSSL 16:8e0d178b1d1e 20555 subject = wolfSSL_X509_NAME_oneline(
wolfSSL 16:8e0d178b1d1e 20556 wolfSSL_X509_get_subject_name(x509), buff, subSz);
wolfSSL 16:8e0d178b1d1e 20557 #endif
wolfSSL 15:117db924cf7c 20558
wolfSSL 15:117db924cf7c 20559 if (wolfSSL_BIO_write(bio, "\n Subject: ",
wolfSSL 16:8e0d178b1d1e 20560 (int)XSTRLEN("\n Subject: ")) <= 0) {
wolfSSL 15:117db924cf7c 20561 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 20562 XFREE(subject, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL 15:117db924cf7c 20563 #endif
wolfSSL 15:117db924cf7c 20564 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 20565 }
wolfSSL 15:117db924cf7c 20566 if (subject != NULL) {
wolfSSL 15:117db924cf7c 20567 if (wolfSSL_BIO_write(bio, subject, (int)XSTRLEN(subject)) <= 0) {
wolfSSL 15:117db924cf7c 20568 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 20569 XFREE(subject, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL 15:117db924cf7c 20570 #endif
wolfSSL 15:117db924cf7c 20571 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 20572 }
wolfSSL 15:117db924cf7c 20573 }
wolfSSL 15:117db924cf7c 20574 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 20575 XFREE(subject, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL 15:117db924cf7c 20576 #endif
wolfSSL 15:117db924cf7c 20577 }
wolfSSL 15:117db924cf7c 20578
wolfSSL 15:117db924cf7c 20579 /* get and print public key */
wolfSSL 15:117db924cf7c 20580 if (wolfSSL_BIO_write(bio, "\n Subject Public Key Info:\n",
wolfSSL 16:8e0d178b1d1e 20581 (int)XSTRLEN("\n Subject Public Key Info:\n")) <= 0) {
wolfSSL 15:117db924cf7c 20582 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 20583 }
wolfSSL 15:117db924cf7c 20584 {
wolfSSL 16:8e0d178b1d1e 20585 #if (!defined(NO_RSA) && !defined(HAVE_USER_RSA)) || defined(HAVE_ECC)
wolfSSL 15:117db924cf7c 20586 char tmp[100];
wolfSSL 16:8e0d178b1d1e 20587 #endif
wolfSSL 15:117db924cf7c 20588
wolfSSL 15:117db924cf7c 20589 switch (x509->pubKeyOID) {
wolfSSL 16:8e0d178b1d1e 20590 #ifndef NO_RSA
wolfSSL 15:117db924cf7c 20591 case RSAk:
wolfSSL 15:117db924cf7c 20592 if (wolfSSL_BIO_write(bio,
wolfSSL 16:8e0d178b1d1e 20593 " Public Key Algorithm: rsaEncryption\n",
wolfSSL 16:8e0d178b1d1e 20594 (int)XSTRLEN(" Public Key Algorithm: rsaEncryption\n")) <= 0) {
wolfSSL 15:117db924cf7c 20595 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 20596 }
wolfSSL 15:117db924cf7c 20597 #ifdef HAVE_USER_RSA
wolfSSL 15:117db924cf7c 20598 if (wolfSSL_BIO_write(bio,
wolfSSL 15:117db924cf7c 20599 " Build without user RSA to print key\n",
wolfSSL 16:8e0d178b1d1e 20600 (int)XSTRLEN(" Build without user RSA to print key\n"))
wolfSSL 15:117db924cf7c 20601 <= 0) {
wolfSSL 15:117db924cf7c 20602 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 20603 }
wolfSSL 15:117db924cf7c 20604 #else
wolfSSL 15:117db924cf7c 20605 {
wolfSSL 15:117db924cf7c 20606 RsaKey rsa;
wolfSSL 15:117db924cf7c 20607 word32 idx = 0;
wolfSSL 15:117db924cf7c 20608 int sz;
wolfSSL 15:117db924cf7c 20609 byte lbit = 0;
wolfSSL 15:117db924cf7c 20610 int rawLen;
wolfSSL 15:117db924cf7c 20611 unsigned char* rawKey;
wolfSSL 15:117db924cf7c 20612
wolfSSL 15:117db924cf7c 20613 if (wc_InitRsaKey(&rsa, NULL) != 0) {
wolfSSL 15:117db924cf7c 20614 WOLFSSL_MSG("wc_InitRsaKey failure");
wolfSSL 15:117db924cf7c 20615 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 20616 }
wolfSSL 15:117db924cf7c 20617 if (wc_RsaPublicKeyDecode(x509->pubKey.buffer,
wolfSSL 15:117db924cf7c 20618 &idx, &rsa, x509->pubKey.length) != 0) {
wolfSSL 15:117db924cf7c 20619 WOLFSSL_MSG("Error decoding RSA key");
wolfSSL 16:8e0d178b1d1e 20620 wc_FreeRsaKey(&rsa);
wolfSSL 15:117db924cf7c 20621 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 20622 }
wolfSSL 15:117db924cf7c 20623 if ((sz = wc_RsaEncryptSize(&rsa)) < 0) {
wolfSSL 15:117db924cf7c 20624 WOLFSSL_MSG("Error getting RSA key size");
wolfSSL 16:8e0d178b1d1e 20625 wc_FreeRsaKey(&rsa);
wolfSSL 15:117db924cf7c 20626 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 20627 }
wolfSSL 15:117db924cf7c 20628 XSNPRINTF(tmp, sizeof(tmp) - 1, "%s%s: (%d bit)\n%s\n",
wolfSSL 16:8e0d178b1d1e 20629 " ", "Public-Key", 8 * sz,
wolfSSL 16:8e0d178b1d1e 20630 " Modulus:");
wolfSSL 15:117db924cf7c 20631 tmp[sizeof(tmp) - 1] = '\0';
wolfSSL 16:8e0d178b1d1e 20632 if (wolfSSL_BIO_write(bio, tmp,
wolfSSL 16:8e0d178b1d1e 20633 (int)XSTRLEN(tmp)) <= 0) {
wolfSSL 16:8e0d178b1d1e 20634 wc_FreeRsaKey(&rsa);
wolfSSL 15:117db924cf7c 20635 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 20636 }
wolfSSL 15:117db924cf7c 20637
wolfSSL 15:117db924cf7c 20638 /* print out modulus */
wolfSSL 16:8e0d178b1d1e 20639 XSNPRINTF(tmp, sizeof(tmp) - 1," ");
wolfSSL 15:117db924cf7c 20640 tmp[sizeof(tmp) - 1] = '\0';
wolfSSL 15:117db924cf7c 20641 if (mp_leading_bit(&rsa.n)) {
wolfSSL 15:117db924cf7c 20642 lbit = 1;
wolfSSL 16:8e0d178b1d1e 20643 XSTRNCAT(tmp, "00", 3);
wolfSSL 15:117db924cf7c 20644 }
wolfSSL 15:117db924cf7c 20645
wolfSSL 15:117db924cf7c 20646 rawLen = mp_unsigned_bin_size(&rsa.n);
wolfSSL 15:117db924cf7c 20647 rawKey = (unsigned char*)XMALLOC(rawLen, NULL,
wolfSSL 15:117db924cf7c 20648 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 20649 if (rawKey == NULL) {
wolfSSL 15:117db924cf7c 20650 WOLFSSL_MSG("Memory error");
wolfSSL 16:8e0d178b1d1e 20651 wc_FreeRsaKey(&rsa);
wolfSSL 15:117db924cf7c 20652 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 20653 }
wolfSSL 15:117db924cf7c 20654 mp_to_unsigned_bin(&rsa.n, rawKey);
wolfSSL 15:117db924cf7c 20655 for (idx = 0; idx < (word32)rawLen; idx++) {
wolfSSL 15:117db924cf7c 20656 char val[5];
wolfSSL 15:117db924cf7c 20657 int valSz = 5;
wolfSSL 15:117db924cf7c 20658
wolfSSL 15:117db924cf7c 20659 if ((idx == 0) && !lbit) {
wolfSSL 15:117db924cf7c 20660 XSNPRINTF(val, valSz - 1, "%02x", rawKey[idx]);
wolfSSL 15:117db924cf7c 20661 }
wolfSSL 15:117db924cf7c 20662 else if ((idx != 0) && (((idx + lbit) % 15) == 0)) {
wolfSSL 15:117db924cf7c 20663 tmp[sizeof(tmp) - 1] = '\0';
wolfSSL 16:8e0d178b1d1e 20664 if (wolfSSL_BIO_write(bio, tmp,
wolfSSL 16:8e0d178b1d1e 20665 (int)XSTRLEN(tmp)) <= 0) {
wolfSSL 16:8e0d178b1d1e 20666 XFREE(rawKey, NULL,
wolfSSL 16:8e0d178b1d1e 20667 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 20668 wc_FreeRsaKey(&rsa);
wolfSSL 15:117db924cf7c 20669 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 20670 }
wolfSSL 15:117db924cf7c 20671 XSNPRINTF(tmp, sizeof(tmp) - 1,
wolfSSL 16:8e0d178b1d1e 20672 ":\n ");
wolfSSL 15:117db924cf7c 20673 XSNPRINTF(val, valSz - 1, "%02x", rawKey[idx]);
wolfSSL 15:117db924cf7c 20674 }
wolfSSL 15:117db924cf7c 20675 else {
wolfSSL 15:117db924cf7c 20676 XSNPRINTF(val, valSz - 1, ":%02x", rawKey[idx]);
wolfSSL 15:117db924cf7c 20677 }
wolfSSL 15:117db924cf7c 20678 XSTRNCAT(tmp, val, valSz);
wolfSSL 15:117db924cf7c 20679 }
wolfSSL 15:117db924cf7c 20680 XFREE(rawKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 20681
wolfSSL 16:8e0d178b1d1e 20682 /* print out remaining modulus values */
wolfSSL 15:117db924cf7c 20683 if ((idx > 0) && (((idx - 1 + lbit) % 15) != 0)) {
wolfSSL 16:8e0d178b1d1e 20684 tmp[sizeof(tmp) - 1] = '\0';
wolfSSL 16:8e0d178b1d1e 20685 if (wolfSSL_BIO_write(bio, tmp,
wolfSSL 16:8e0d178b1d1e 20686 (int)XSTRLEN(tmp)) <= 0) {
wolfSSL 16:8e0d178b1d1e 20687 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 20688 }
wolfSSL 15:117db924cf7c 20689 }
wolfSSL 15:117db924cf7c 20690
wolfSSL 15:117db924cf7c 20691 /* print out exponent values */
wolfSSL 15:117db924cf7c 20692 rawLen = mp_unsigned_bin_size(&rsa.e);
wolfSSL 15:117db924cf7c 20693 if (rawLen < 0) {
wolfSSL 15:117db924cf7c 20694 WOLFSSL_MSG("Error getting exponent size");
wolfSSL 16:8e0d178b1d1e 20695 wc_FreeRsaKey(&rsa);
wolfSSL 15:117db924cf7c 20696 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 20697 }
wolfSSL 15:117db924cf7c 20698
wolfSSL 15:117db924cf7c 20699 if ((word32)rawLen < sizeof(word32)) {
wolfSSL 15:117db924cf7c 20700 rawLen = sizeof(word32);
wolfSSL 15:117db924cf7c 20701 }
wolfSSL 15:117db924cf7c 20702 rawKey = (unsigned char*)XMALLOC(rawLen, NULL,
wolfSSL 15:117db924cf7c 20703 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 20704 if (rawKey == NULL) {
wolfSSL 15:117db924cf7c 20705 WOLFSSL_MSG("Memory error");
wolfSSL 16:8e0d178b1d1e 20706 wc_FreeRsaKey(&rsa);
wolfSSL 15:117db924cf7c 20707 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 20708 }
wolfSSL 15:117db924cf7c 20709 XMEMSET(rawKey, 0, rawLen);
wolfSSL 15:117db924cf7c 20710 mp_to_unsigned_bin(&rsa.e, rawKey);
wolfSSL 15:117db924cf7c 20711 if ((word32)rawLen <= sizeof(word32)) {
wolfSSL 15:117db924cf7c 20712 idx = *(word32*)rawKey;
wolfSSL 16:8e0d178b1d1e 20713 #ifdef BIG_ENDIAN_ORDER
wolfSSL 16:8e0d178b1d1e 20714 idx = ByteReverseWord32(idx);
wolfSSL 16:8e0d178b1d1e 20715 #endif
wolfSSL 15:117db924cf7c 20716 }
wolfSSL 15:117db924cf7c 20717 XSNPRINTF(tmp, sizeof(tmp) - 1,
wolfSSL 16:8e0d178b1d1e 20718 "\n Exponent: %d (0x%x)\n",idx, idx);
wolfSSL 16:8e0d178b1d1e 20719 if (wolfSSL_BIO_write(bio, tmp,
wolfSSL 16:8e0d178b1d1e 20720 (int)XSTRLEN(tmp)) <= 0) {
wolfSSL 15:117db924cf7c 20721 XFREE(rawKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 20722 wc_FreeRsaKey(&rsa);
wolfSSL 15:117db924cf7c 20723 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 20724 }
wolfSSL 15:117db924cf7c 20725 XFREE(rawKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 20726 wc_FreeRsaKey(&rsa);
wolfSSL 15:117db924cf7c 20727 }
wolfSSL 15:117db924cf7c 20728 #endif /* HAVE_USER_RSA */
wolfSSL 15:117db924cf7c 20729 break;
wolfSSL 16:8e0d178b1d1e 20730 #endif /* NO_RSA */
wolfSSL 16:8e0d178b1d1e 20731
wolfSSL 16:8e0d178b1d1e 20732 #ifdef HAVE_ECC
wolfSSL 15:117db924cf7c 20733 case ECDSAk:
wolfSSL 15:117db924cf7c 20734 {
wolfSSL 15:117db924cf7c 20735 word32 i;
wolfSSL 15:117db924cf7c 20736 ecc_key ecc;
wolfSSL 15:117db924cf7c 20737
wolfSSL 15:117db924cf7c 20738 if (wolfSSL_BIO_write(bio,
wolfSSL 15:117db924cf7c 20739 " Public Key Algorithm: EC\n",
wolfSSL 16:8e0d178b1d1e 20740 (int)XSTRLEN(" Public Key Algorithm: EC\n")) <= 0) {
wolfSSL 15:117db924cf7c 20741 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 20742 }
wolfSSL 15:117db924cf7c 20743 if (wc_ecc_init_ex(&ecc, x509->heap, INVALID_DEVID)
wolfSSL 15:117db924cf7c 20744 != 0) {
wolfSSL 15:117db924cf7c 20745 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 20746 }
wolfSSL 15:117db924cf7c 20747
wolfSSL 15:117db924cf7c 20748 i = 0;
wolfSSL 15:117db924cf7c 20749 if (wc_EccPublicKeyDecode(x509->pubKey.buffer, &i,
wolfSSL 15:117db924cf7c 20750 &ecc, x509->pubKey.length) != 0) {
wolfSSL 15:117db924cf7c 20751 wc_ecc_free(&ecc);
wolfSSL 15:117db924cf7c 20752 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 20753 }
wolfSSL 15:117db924cf7c 20754 XSNPRINTF(tmp, sizeof(tmp) - 1, "%s%s: (%d bit)\n%s\n",
wolfSSL 15:117db924cf7c 20755 " ", "Public-Key",
wolfSSL 15:117db924cf7c 20756 8 * wc_ecc_size(&ecc),
wolfSSL 15:117db924cf7c 20757 " pub:");
wolfSSL 15:117db924cf7c 20758 tmp[sizeof(tmp) - 1] = '\0';
wolfSSL 16:8e0d178b1d1e 20759 if (wolfSSL_BIO_write(bio, tmp,
wolfSSL 16:8e0d178b1d1e 20760 (int)XSTRLEN(tmp)) <= 0) {
wolfSSL 15:117db924cf7c 20761 wc_ecc_free(&ecc);
wolfSSL 15:117db924cf7c 20762 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 20763 }
wolfSSL 15:117db924cf7c 20764 XSNPRINTF(tmp, sizeof(tmp) - 1," ");
wolfSSL 15:117db924cf7c 20765 {
wolfSSL 15:117db924cf7c 20766 word32 derSz;
wolfSSL 15:117db924cf7c 20767 byte* der;
wolfSSL 15:117db924cf7c 20768
wolfSSL 15:117db924cf7c 20769 derSz = wc_ecc_size(&ecc) * WOLFSSL_BIT_SIZE;
wolfSSL 15:117db924cf7c 20770 der = (byte*)XMALLOC(derSz, x509->heap,
wolfSSL 15:117db924cf7c 20771 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 20772 if (der == NULL) {
wolfSSL 15:117db924cf7c 20773 wc_ecc_free(&ecc);
wolfSSL 15:117db924cf7c 20774 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 20775 }
wolfSSL 15:117db924cf7c 20776
wolfSSL 15:117db924cf7c 20777 if (wc_ecc_export_x963(&ecc, der, &derSz) != 0) {
wolfSSL 15:117db924cf7c 20778 wc_ecc_free(&ecc);
wolfSSL 15:117db924cf7c 20779 XFREE(der, x509->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 20780 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 20781 }
wolfSSL 15:117db924cf7c 20782 for (i = 0; i < derSz; i++) {
wolfSSL 15:117db924cf7c 20783 char val[5];
wolfSSL 15:117db924cf7c 20784 int valSz = 5;
wolfSSL 15:117db924cf7c 20785
wolfSSL 15:117db924cf7c 20786 if (i == 0) {
wolfSSL 15:117db924cf7c 20787 XSNPRINTF(val, valSz - 1, "%02x", der[i]);
wolfSSL 15:117db924cf7c 20788 }
wolfSSL 15:117db924cf7c 20789 else if ((i % 15) == 0) {
wolfSSL 15:117db924cf7c 20790 tmp[sizeof(tmp) - 1] = '\0';
wolfSSL 15:117db924cf7c 20791 if (wolfSSL_BIO_write(bio, tmp,
wolfSSL 15:117db924cf7c 20792 (int)XSTRLEN(tmp)) <= 0) {
wolfSSL 15:117db924cf7c 20793 wc_ecc_free(&ecc);
wolfSSL 15:117db924cf7c 20794 XFREE(der, x509->heap,
wolfSSL 15:117db924cf7c 20795 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 20796 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 20797 }
wolfSSL 15:117db924cf7c 20798 XSNPRINTF(tmp, sizeof(tmp) - 1,
wolfSSL 15:117db924cf7c 20799 ":\n ");
wolfSSL 15:117db924cf7c 20800 XSNPRINTF(val, valSz - 1, "%02x", der[i]);
wolfSSL 15:117db924cf7c 20801 }
wolfSSL 15:117db924cf7c 20802 else {
wolfSSL 15:117db924cf7c 20803 XSNPRINTF(val, valSz - 1, ":%02x", der[i]);
wolfSSL 15:117db924cf7c 20804 }
wolfSSL 15:117db924cf7c 20805 XSTRNCAT(tmp, val, valSz);
wolfSSL 15:117db924cf7c 20806 }
wolfSSL 15:117db924cf7c 20807
wolfSSL 16:8e0d178b1d1e 20808 /* print out remaining modulus values */
wolfSSL 15:117db924cf7c 20809 if ((i > 0) && (((i - 1) % 15) != 0)) {
wolfSSL 15:117db924cf7c 20810 tmp[sizeof(tmp) - 1] = '\0';
wolfSSL 16:8e0d178b1d1e 20811 if (wolfSSL_BIO_write(bio, tmp,
wolfSSL 16:8e0d178b1d1e 20812 (int)XSTRLEN(tmp)) <= 0) {
wolfSSL 15:117db924cf7c 20813 wc_ecc_free(&ecc);
wolfSSL 15:117db924cf7c 20814 XFREE(der, x509->heap,
wolfSSL 15:117db924cf7c 20815 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 20816 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 20817 }
wolfSSL 15:117db924cf7c 20818 }
wolfSSL 15:117db924cf7c 20819
wolfSSL 15:117db924cf7c 20820 XFREE(der, x509->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 20821 }
wolfSSL 15:117db924cf7c 20822 XSNPRINTF(tmp, sizeof(tmp) - 1, "\n%s%s: %s\n",
wolfSSL 15:117db924cf7c 20823 " ", "ASN1 OID",
wolfSSL 15:117db924cf7c 20824 ecc.dp->name);
wolfSSL 16:8e0d178b1d1e 20825 if (wolfSSL_BIO_write(bio, tmp,
wolfSSL 16:8e0d178b1d1e 20826 (int)XSTRLEN(tmp)) <= 0) {
wolfSSL 15:117db924cf7c 20827 wc_ecc_free(&ecc);
wolfSSL 15:117db924cf7c 20828 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 20829 }
wolfSSL 15:117db924cf7c 20830 wc_ecc_free(&ecc);
wolfSSL 15:117db924cf7c 20831 }
wolfSSL 15:117db924cf7c 20832 break;
wolfSSL 16:8e0d178b1d1e 20833 #endif /* HAVE_ECC */
wolfSSL 15:117db924cf7c 20834 default:
wolfSSL 15:117db924cf7c 20835 WOLFSSL_MSG("Unknown key type");
wolfSSL 15:117db924cf7c 20836 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 20837 }
wolfSSL 15:117db924cf7c 20838 }
wolfSSL 15:117db924cf7c 20839
wolfSSL 15:117db924cf7c 20840 /* print out extensions */
wolfSSL 15:117db924cf7c 20841 if (wolfSSL_BIO_write(bio, " X509v3 extensions:\n",
wolfSSL 16:8e0d178b1d1e 20842 (int)XSTRLEN(" X509v3 extensions:\n")) <= 0) {
wolfSSL 15:117db924cf7c 20843 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 20844 }
wolfSSL 15:117db924cf7c 20845
wolfSSL 15:117db924cf7c 20846 /* print subject key id */
wolfSSL 15:117db924cf7c 20847 if (x509->subjKeyIdSet && x509->subjKeyId != NULL &&
wolfSSL 15:117db924cf7c 20848 x509->subjKeyIdSz > 0) {
wolfSSL 15:117db924cf7c 20849 char tmp[100];
wolfSSL 15:117db924cf7c 20850 word32 i;
wolfSSL 15:117db924cf7c 20851 char val[5];
wolfSSL 15:117db924cf7c 20852 int valSz = 5;
wolfSSL 15:117db924cf7c 20853
wolfSSL 15:117db924cf7c 20854
wolfSSL 15:117db924cf7c 20855 if (wolfSSL_BIO_write(bio,
wolfSSL 16:8e0d178b1d1e 20856 " X509v3 Subject Key Identifier: \n",
wolfSSL 16:8e0d178b1d1e 20857 (int)XSTRLEN(" X509v3 Subject Key Identifier: \n"))
wolfSSL 15:117db924cf7c 20858 <= 0) {
wolfSSL 15:117db924cf7c 20859 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 20860 }
wolfSSL 15:117db924cf7c 20861
wolfSSL 16:8e0d178b1d1e 20862 XSNPRINTF(tmp, sizeof(tmp) - 1, " ");
wolfSSL 15:117db924cf7c 20863 for (i = 0; i < sizeof(tmp) && i < (x509->subjKeyIdSz - 1); i++) {
wolfSSL 15:117db924cf7c 20864 XSNPRINTF(val, valSz - 1, "%02X:", x509->subjKeyId[i]);
wolfSSL 15:117db924cf7c 20865 XSTRNCAT(tmp, val, valSz);
wolfSSL 15:117db924cf7c 20866 }
wolfSSL 15:117db924cf7c 20867 XSNPRINTF(val, valSz - 1, "%02X\n", x509->subjKeyId[i]);
wolfSSL 15:117db924cf7c 20868 XSTRNCAT(tmp, val, valSz);
wolfSSL 15:117db924cf7c 20869 if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) {
wolfSSL 15:117db924cf7c 20870 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 20871 }
wolfSSL 15:117db924cf7c 20872 }
wolfSSL 15:117db924cf7c 20873
wolfSSL 15:117db924cf7c 20874 /* printf out authority key id */
wolfSSL 15:117db924cf7c 20875 if (x509->authKeyIdSet && x509->authKeyId != NULL &&
wolfSSL 15:117db924cf7c 20876 x509->authKeyIdSz > 0) {
wolfSSL 15:117db924cf7c 20877 char tmp[100];
wolfSSL 15:117db924cf7c 20878 word32 i;
wolfSSL 15:117db924cf7c 20879 char val[5];
wolfSSL 15:117db924cf7c 20880 int valSz = 5;
wolfSSL 16:8e0d178b1d1e 20881 int len = 0;
wolfSSL 15:117db924cf7c 20882
wolfSSL 15:117db924cf7c 20883 if (wolfSSL_BIO_write(bio,
wolfSSL 16:8e0d178b1d1e 20884 " X509v3 Authority Key Identifier: \n",
wolfSSL 16:8e0d178b1d1e 20885 (int)XSTRLEN(" X509v3 Authority Key Identifier: \n"))
wolfSSL 15:117db924cf7c 20886 <= 0) {
wolfSSL 15:117db924cf7c 20887 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 20888 }
wolfSSL 15:117db924cf7c 20889
wolfSSL 16:8e0d178b1d1e 20890 XSNPRINTF(tmp, sizeof(tmp) - 1, " keyid");
wolfSSL 15:117db924cf7c 20891 for (i = 0; i < x509->authKeyIdSz; i++) {
wolfSSL 15:117db924cf7c 20892 /* check if buffer is almost full */
wolfSSL 15:117db924cf7c 20893 if (XSTRLEN(tmp) >= sizeof(tmp) - valSz) {
wolfSSL 15:117db924cf7c 20894 if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) {
wolfSSL 15:117db924cf7c 20895 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 20896 }
wolfSSL 15:117db924cf7c 20897 tmp[0] = '\0';
wolfSSL 15:117db924cf7c 20898 }
wolfSSL 15:117db924cf7c 20899 XSNPRINTF(val, valSz - 1, ":%02X", x509->authKeyId[i]);
wolfSSL 15:117db924cf7c 20900 XSTRNCAT(tmp, val, valSz);
wolfSSL 15:117db924cf7c 20901 }
wolfSSL 16:8e0d178b1d1e 20902 len = (int)XSTRLEN("\n");
wolfSSL 16:8e0d178b1d1e 20903 XSTRNCAT(tmp, "\n", len + 1);
wolfSSL 15:117db924cf7c 20904 if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) {
wolfSSL 15:117db924cf7c 20905 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 20906 }
wolfSSL 15:117db924cf7c 20907 }
wolfSSL 15:117db924cf7c 20908
wolfSSL 15:117db924cf7c 20909 /* print basic constraint */
wolfSSL 15:117db924cf7c 20910 if (x509->basicConstSet) {
wolfSSL 15:117db924cf7c 20911 char tmp[100];
wolfSSL 15:117db924cf7c 20912
wolfSSL 15:117db924cf7c 20913 if (wolfSSL_BIO_write(bio,
wolfSSL 16:8e0d178b1d1e 20914 "\n X509v3 Basic Constraints: \n",
wolfSSL 16:8e0d178b1d1e 20915 (int)XSTRLEN("\n X509v3 Basic Constraints: \n"))
wolfSSL 15:117db924cf7c 20916 <= 0) {
wolfSSL 15:117db924cf7c 20917 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 20918 }
wolfSSL 15:117db924cf7c 20919 XSNPRINTF(tmp, sizeof(tmp),
wolfSSL 16:8e0d178b1d1e 20920 " CA:%s\n",
wolfSSL 15:117db924cf7c 20921 (x509->isCa)? "TRUE": "FALSE");
wolfSSL 15:117db924cf7c 20922 if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) {
wolfSSL 15:117db924cf7c 20923 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 20924 }
wolfSSL 15:117db924cf7c 20925 }
wolfSSL 15:117db924cf7c 20926
wolfSSL 15:117db924cf7c 20927 /* print out signature */
wolfSSL 16:8e0d178b1d1e 20928 if (x509->sig.length > 0) {
wolfSSL 15:117db924cf7c 20929 unsigned char* sig;
wolfSSL 15:117db924cf7c 20930 int sigSz;
wolfSSL 15:117db924cf7c 20931 int i;
wolfSSL 15:117db924cf7c 20932 char tmp[100];
wolfSSL 15:117db924cf7c 20933 int sigOid = wolfSSL_X509_get_signature_type(x509);
wolfSSL 15:117db924cf7c 20934
wolfSSL 15:117db924cf7c 20935 if (wolfSSL_BIO_write(bio,
wolfSSL 15:117db924cf7c 20936 " Signature Algorithm: ",
wolfSSL 16:8e0d178b1d1e 20937 (int)XSTRLEN(" Signature Algorithm: ")) <= 0) {
wolfSSL 15:117db924cf7c 20938 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 20939 }
wolfSSL 15:117db924cf7c 20940 XSNPRINTF(tmp, sizeof(tmp) - 1,"%s\n", GetSigName(sigOid));
wolfSSL 15:117db924cf7c 20941 tmp[sizeof(tmp) - 1] = '\0';
wolfSSL 15:117db924cf7c 20942 if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) {
wolfSSL 15:117db924cf7c 20943 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 20944 }
wolfSSL 15:117db924cf7c 20945
wolfSSL 15:117db924cf7c 20946 sigSz = (int)x509->sig.length;
wolfSSL 15:117db924cf7c 20947 sig = (unsigned char*)XMALLOC(sigSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 20948 if (sig == NULL) {
wolfSSL 16:8e0d178b1d1e 20949 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 20950 }
wolfSSL 16:8e0d178b1d1e 20951
wolfSSL 15:117db924cf7c 20952 if (wolfSSL_X509_get_signature(x509, sig, &sigSz) <= 0) {
wolfSSL 15:117db924cf7c 20953 XFREE(sig, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 20954 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 20955 }
wolfSSL 16:8e0d178b1d1e 20956 XSNPRINTF(tmp, sizeof(tmp) - 1," ");
wolfSSL 15:117db924cf7c 20957 tmp[sizeof(tmp) - 1] = '\0';
wolfSSL 15:117db924cf7c 20958 for (i = 0; i < sigSz; i++) {
wolfSSL 15:117db924cf7c 20959 char val[5];
wolfSSL 15:117db924cf7c 20960 int valSz = 5;
wolfSSL 15:117db924cf7c 20961
wolfSSL 15:117db924cf7c 20962 if (i == 0) {
wolfSSL 15:117db924cf7c 20963 XSNPRINTF(val, valSz - 1, "%02x", sig[i]);
wolfSSL 15:117db924cf7c 20964 }
wolfSSL 15:117db924cf7c 20965 else if (((i % 18) == 0)) {
wolfSSL 15:117db924cf7c 20966 tmp[sizeof(tmp) - 1] = '\0';
wolfSSL 15:117db924cf7c 20967 if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp))
wolfSSL 15:117db924cf7c 20968 <= 0) {
wolfSSL 15:117db924cf7c 20969 XFREE(sig, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 20970 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 20971 }
wolfSSL 15:117db924cf7c 20972 XSNPRINTF(tmp, sizeof(tmp) - 1,
wolfSSL 16:8e0d178b1d1e 20973 ":\n ");
wolfSSL 15:117db924cf7c 20974 XSNPRINTF(val, valSz - 1, "%02x", sig[i]);
wolfSSL 15:117db924cf7c 20975 }
wolfSSL 15:117db924cf7c 20976 else {
wolfSSL 15:117db924cf7c 20977 XSNPRINTF(val, valSz - 1, ":%02x", sig[i]);
wolfSSL 15:117db924cf7c 20978 }
wolfSSL 15:117db924cf7c 20979 XSTRNCAT(tmp, val, valSz);
wolfSSL 15:117db924cf7c 20980 }
wolfSSL 15:117db924cf7c 20981 XFREE(sig, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 20982
wolfSSL 16:8e0d178b1d1e 20983 /* print out remaining sig values */
wolfSSL 15:117db924cf7c 20984 if ((i > 0) && (((i - 1) % 18) != 0)) {
wolfSSL 15:117db924cf7c 20985 tmp[sizeof(tmp) - 1] = '\0';
wolfSSL 15:117db924cf7c 20986 if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp))
wolfSSL 15:117db924cf7c 20987 <= 0) {
wolfSSL 15:117db924cf7c 20988 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 20989 }
wolfSSL 15:117db924cf7c 20990 }
wolfSSL 15:117db924cf7c 20991 }
wolfSSL 15:117db924cf7c 20992
wolfSSL 15:117db924cf7c 20993 /* done with print out */
wolfSSL 16:8e0d178b1d1e 20994 if (wolfSSL_BIO_write(bio, "\n\0", (int)XSTRLEN("\n\0")) <= 0) {
wolfSSL 16:8e0d178b1d1e 20995 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 20996 }
wolfSSL 16:8e0d178b1d1e 20997
wolfSSL 16:8e0d178b1d1e 20998 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 20999 }
wolfSSL 16:8e0d178b1d1e 21000 int wolfSSL_X509_print(WOLFSSL_BIO* bio, WOLFSSL_X509* x509)
wolfSSL 16:8e0d178b1d1e 21001 {
wolfSSL 16:8e0d178b1d1e 21002 return wolfSSL_X509_print_ex(bio, x509, 0, 0);
wolfSSL 16:8e0d178b1d1e 21003 }
wolfSSL 16:8e0d178b1d1e 21004
wolfSSL 15:117db924cf7c 21005 #endif /* XSNPRINTF */
wolfSSL 15:117db924cf7c 21006
wolfSSL 15:117db924cf7c 21007 #endif /* NO_CERTS */
wolfSSL 15:117db924cf7c 21008
wolfSSL 16:8e0d178b1d1e 21009 #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
wolfSSL 16:8e0d178b1d1e 21010 /* Creates cipher->description based on cipher->offset
wolfSSL 16:8e0d178b1d1e 21011 * cipher->offset is set in wolfSSL_get_ciphers_compat when it is added
wolfSSL 16:8e0d178b1d1e 21012 * to a stack of ciphers.
wolfSSL 16:8e0d178b1d1e 21013 * @param [in] cipher: A cipher from a stack of ciphers.
wolfSSL 16:8e0d178b1d1e 21014 * return WOLFSSL_SUCCESS if cipher->description is set, else WOLFSSL_FAILURE
wolfSSL 16:8e0d178b1d1e 21015 */
wolfSSL 16:8e0d178b1d1e 21016 int wolfSSL_sk_CIPHER_description(WOLFSSL_CIPHER* cipher)
wolfSSL 16:8e0d178b1d1e 21017 {
wolfSSL 16:8e0d178b1d1e 21018 int ret = WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 21019 int i,j,k;
wolfSSL 16:8e0d178b1d1e 21020 int strLen;
wolfSSL 16:8e0d178b1d1e 21021 unsigned long offset;
wolfSSL 16:8e0d178b1d1e 21022 char* dp;
wolfSSL 16:8e0d178b1d1e 21023 const char* name;
wolfSSL 16:8e0d178b1d1e 21024 const char *keaStr, *authStr, *encStr, *macStr, *protocol;
wolfSSL 16:8e0d178b1d1e 21025 char n[MAX_SEGMENTS][MAX_SEGMENT_SZ] = {{0}};
wolfSSL 16:8e0d178b1d1e 21026 unsigned char len = MAX_DESCRIPTION_SZ-1;
wolfSSL 16:8e0d178b1d1e 21027 const CipherSuiteInfo* cipher_names;
wolfSSL 16:8e0d178b1d1e 21028 ProtocolVersion pv;
wolfSSL 16:8e0d178b1d1e 21029 WOLFSSL_ENTER("wolfSSL_sk_CIPHER_description");
wolfSSL 16:8e0d178b1d1e 21030
wolfSSL 16:8e0d178b1d1e 21031 if (cipher == NULL)
wolfSSL 16:8e0d178b1d1e 21032 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 21033
wolfSSL 16:8e0d178b1d1e 21034 dp = cipher->description;
wolfSSL 16:8e0d178b1d1e 21035 if (dp == NULL)
wolfSSL 16:8e0d178b1d1e 21036 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 21037
wolfSSL 16:8e0d178b1d1e 21038 cipher_names = GetCipherNames();
wolfSSL 16:8e0d178b1d1e 21039
wolfSSL 16:8e0d178b1d1e 21040 offset = cipher->offset;
wolfSSL 16:8e0d178b1d1e 21041 pv.major = cipher_names[offset].major;
wolfSSL 16:8e0d178b1d1e 21042 pv.minor = cipher_names[offset].minor;
wolfSSL 16:8e0d178b1d1e 21043 protocol = wolfSSL_internal_get_version(&pv);
wolfSSL 16:8e0d178b1d1e 21044
wolfSSL 16:8e0d178b1d1e 21045 name = cipher_names[offset].name;
wolfSSL 16:8e0d178b1d1e 21046
wolfSSL 16:8e0d178b1d1e 21047 if (name == NULL)
wolfSSL 16:8e0d178b1d1e 21048 return ret;
wolfSSL 16:8e0d178b1d1e 21049
wolfSSL 16:8e0d178b1d1e 21050 /* Segment cipher name into n[n0,n1,n2,n4]
wolfSSL 16:8e0d178b1d1e 21051 * These are used later for comparisons to create:
wolfSSL 16:8e0d178b1d1e 21052 * keaStr, authStr, encStr, macStr
wolfSSL 16:8e0d178b1d1e 21053 *
wolfSSL 16:8e0d178b1d1e 21054 * If cipher_name = ECDHE-ECDSA-AES256-SHA
wolfSSL 16:8e0d178b1d1e 21055 * then n0 = "ECDHE", n1 = "ECDSA", n2 = "AES256", n3 = "SHA"
wolfSSL 16:8e0d178b1d1e 21056 * and n = [n0,n1,n2,n3,0]
wolfSSL 16:8e0d178b1d1e 21057 */
wolfSSL 16:8e0d178b1d1e 21058 strLen = (int)XSTRLEN(name);
wolfSSL 16:8e0d178b1d1e 21059
wolfSSL 16:8e0d178b1d1e 21060 for (i = 0, j = 0, k = 0; i <= strLen; i++) {
wolfSSL 16:8e0d178b1d1e 21061 if (k > MAX_SEGMENTS || j > MAX_SEGMENT_SZ)
wolfSSL 16:8e0d178b1d1e 21062 break;
wolfSSL 16:8e0d178b1d1e 21063
wolfSSL 16:8e0d178b1d1e 21064 if (name[i] != '-' && name[i] != '\0') {
wolfSSL 16:8e0d178b1d1e 21065 n[k][j] = name[i]; /* Fill kth segment string until '-' */
wolfSSL 16:8e0d178b1d1e 21066 j++;
wolfSSL 16:8e0d178b1d1e 21067 }
wolfSSL 16:8e0d178b1d1e 21068 else {
wolfSSL 16:8e0d178b1d1e 21069 n[k][j] = '\0';
wolfSSL 16:8e0d178b1d1e 21070 j = 0;
wolfSSL 16:8e0d178b1d1e 21071 k++;
wolfSSL 16:8e0d178b1d1e 21072 }
wolfSSL 16:8e0d178b1d1e 21073 }
wolfSSL 16:8e0d178b1d1e 21074 /* keaStr */
wolfSSL 16:8e0d178b1d1e 21075 keaStr = GetCipherKeaStr(n);
wolfSSL 16:8e0d178b1d1e 21076 /* authStr */
wolfSSL 16:8e0d178b1d1e 21077 authStr = GetCipherAuthStr(n);
wolfSSL 16:8e0d178b1d1e 21078 /* encStr */
wolfSSL 16:8e0d178b1d1e 21079 encStr = GetCipherEncStr(n);
wolfSSL 16:8e0d178b1d1e 21080 if ((cipher->bits = SetCipherBits(encStr)) == WOLFSSL_FAILURE) {
wolfSSL 16:8e0d178b1d1e 21081 WOLFSSL_MSG("Cipher Bits Not Set.");
wolfSSL 16:8e0d178b1d1e 21082 }
wolfSSL 16:8e0d178b1d1e 21083 /* macStr */
wolfSSL 16:8e0d178b1d1e 21084 macStr = GetCipherMacStr(n);
wolfSSL 16:8e0d178b1d1e 21085
wolfSSL 16:8e0d178b1d1e 21086
wolfSSL 16:8e0d178b1d1e 21087 /* Build up the string by copying onto the end. */
wolfSSL 16:8e0d178b1d1e 21088 XSTRNCPY(dp, name, len);
wolfSSL 16:8e0d178b1d1e 21089 dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp);
wolfSSL 16:8e0d178b1d1e 21090 len -= (int)strLen; dp += strLen;
wolfSSL 16:8e0d178b1d1e 21091
wolfSSL 16:8e0d178b1d1e 21092 XSTRNCPY(dp, " ", len);
wolfSSL 16:8e0d178b1d1e 21093 dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp);
wolfSSL 16:8e0d178b1d1e 21094 len -= (int)strLen; dp += strLen;
wolfSSL 16:8e0d178b1d1e 21095 XSTRNCPY(dp, protocol, len);
wolfSSL 16:8e0d178b1d1e 21096 dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp);
wolfSSL 16:8e0d178b1d1e 21097 len -= (int)strLen; dp += strLen;
wolfSSL 16:8e0d178b1d1e 21098
wolfSSL 16:8e0d178b1d1e 21099 XSTRNCPY(dp, " Kx=", len);
wolfSSL 16:8e0d178b1d1e 21100 dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp);
wolfSSL 16:8e0d178b1d1e 21101 len -= (int)strLen; dp += strLen;
wolfSSL 16:8e0d178b1d1e 21102 XSTRNCPY(dp, keaStr, len);
wolfSSL 16:8e0d178b1d1e 21103 dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp);
wolfSSL 16:8e0d178b1d1e 21104 len -= (int)strLen; dp += strLen;
wolfSSL 16:8e0d178b1d1e 21105
wolfSSL 16:8e0d178b1d1e 21106 XSTRNCPY(dp, " Au=", len);
wolfSSL 16:8e0d178b1d1e 21107 dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp);
wolfSSL 16:8e0d178b1d1e 21108 len -= (int)strLen; dp += strLen;
wolfSSL 16:8e0d178b1d1e 21109 XSTRNCPY(dp, authStr, len);
wolfSSL 16:8e0d178b1d1e 21110 dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp);
wolfSSL 16:8e0d178b1d1e 21111 len -= (int)strLen; dp += strLen;
wolfSSL 16:8e0d178b1d1e 21112
wolfSSL 16:8e0d178b1d1e 21113 XSTRNCPY(dp, " Enc=", len);
wolfSSL 16:8e0d178b1d1e 21114 dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp);
wolfSSL 16:8e0d178b1d1e 21115 len -= (int)strLen; dp += strLen;
wolfSSL 16:8e0d178b1d1e 21116 XSTRNCPY(dp, encStr, len);
wolfSSL 16:8e0d178b1d1e 21117 dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp);
wolfSSL 16:8e0d178b1d1e 21118 len -= (int)strLen; dp += strLen;
wolfSSL 16:8e0d178b1d1e 21119
wolfSSL 16:8e0d178b1d1e 21120 XSTRNCPY(dp, " Mac=", len);
wolfSSL 16:8e0d178b1d1e 21121 dp[len-1] = '\0'; strLen = (int)XSTRLEN(dp);
wolfSSL 16:8e0d178b1d1e 21122 len -= (int)strLen; dp += strLen;
wolfSSL 16:8e0d178b1d1e 21123 XSTRNCPY(dp, macStr, len);
wolfSSL 16:8e0d178b1d1e 21124 dp[len-1] = '\0';
wolfSSL 16:8e0d178b1d1e 21125
wolfSSL 16:8e0d178b1d1e 21126 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 21127 }
wolfSSL 16:8e0d178b1d1e 21128 #endif
wolfSSL 16:8e0d178b1d1e 21129
wolfSSL 15:117db924cf7c 21130 char* wolfSSL_CIPHER_description(const WOLFSSL_CIPHER* cipher, char* in,
wolfSSL 15:117db924cf7c 21131 int len)
wolfSSL 15:117db924cf7c 21132 {
wolfSSL 15:117db924cf7c 21133 char *ret = in;
wolfSSL 15:117db924cf7c 21134 const char *keaStr, *authStr, *encStr, *macStr;
wolfSSL 15:117db924cf7c 21135 size_t strLen;
wolfSSL 16:8e0d178b1d1e 21136 WOLFSSL_ENTER("wolfSSL_CIPHER_description");
wolfSSL 15:117db924cf7c 21137
wolfSSL 15:117db924cf7c 21138 if (cipher == NULL || in == NULL)
wolfSSL 15:117db924cf7c 21139 return NULL;
wolfSSL 15:117db924cf7c 21140
wolfSSL 16:8e0d178b1d1e 21141 #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL)
wolfSSL 16:8e0d178b1d1e 21142 /* if cipher is in the stack from wolfSSL_get_ciphers_compat then
wolfSSL 16:8e0d178b1d1e 21143 * Return the description based on cipher_names[cipher->offset]
wolfSSL 16:8e0d178b1d1e 21144 */
wolfSSL 16:8e0d178b1d1e 21145 if (cipher->in_stack == TRUE) {
wolfSSL 16:8e0d178b1d1e 21146 wolfSSL_sk_CIPHER_description((WOLFSSL_CIPHER*)cipher);
wolfSSL 16:8e0d178b1d1e 21147 XSTRNCPY(in,cipher->description,len);
wolfSSL 16:8e0d178b1d1e 21148 return ret;
wolfSSL 16:8e0d178b1d1e 21149 }
wolfSSL 16:8e0d178b1d1e 21150 #endif
wolfSSL 16:8e0d178b1d1e 21151
wolfSSL 16:8e0d178b1d1e 21152 /* Get the cipher description based on the SSL session cipher */
wolfSSL 15:117db924cf7c 21153 switch (cipher->ssl->specs.kea) {
wolfSSL 15:117db924cf7c 21154 case no_kea:
wolfSSL 15:117db924cf7c 21155 keaStr = "None";
wolfSSL 15:117db924cf7c 21156 break;
wolfSSL 15:117db924cf7c 21157 #ifndef NO_RSA
wolfSSL 15:117db924cf7c 21158 case rsa_kea:
wolfSSL 15:117db924cf7c 21159 keaStr = "RSA";
wolfSSL 15:117db924cf7c 21160 break;
wolfSSL 15:117db924cf7c 21161 #endif
wolfSSL 15:117db924cf7c 21162 #ifndef NO_DH
wolfSSL 15:117db924cf7c 21163 case diffie_hellman_kea:
wolfSSL 15:117db924cf7c 21164 keaStr = "DHE";
wolfSSL 15:117db924cf7c 21165 break;
wolfSSL 15:117db924cf7c 21166 #endif
wolfSSL 15:117db924cf7c 21167 case fortezza_kea:
wolfSSL 15:117db924cf7c 21168 keaStr = "FZ";
wolfSSL 15:117db924cf7c 21169 break;
wolfSSL 15:117db924cf7c 21170 #ifndef NO_PSK
wolfSSL 15:117db924cf7c 21171 case psk_kea:
wolfSSL 15:117db924cf7c 21172 keaStr = "PSK";
wolfSSL 15:117db924cf7c 21173 break;
wolfSSL 15:117db924cf7c 21174 #ifndef NO_DH
wolfSSL 15:117db924cf7c 21175 case dhe_psk_kea:
wolfSSL 15:117db924cf7c 21176 keaStr = "DHEPSK";
wolfSSL 15:117db924cf7c 21177 break;
wolfSSL 15:117db924cf7c 21178 #endif
wolfSSL 15:117db924cf7c 21179 #ifdef HAVE_ECC
wolfSSL 15:117db924cf7c 21180 case ecdhe_psk_kea:
wolfSSL 15:117db924cf7c 21181 keaStr = "ECDHEPSK";
wolfSSL 15:117db924cf7c 21182 break;
wolfSSL 15:117db924cf7c 21183 #endif
wolfSSL 15:117db924cf7c 21184 #endif
wolfSSL 15:117db924cf7c 21185 #ifdef HAVE_NTRU
wolfSSL 15:117db924cf7c 21186 case ntru_kea:
wolfSSL 15:117db924cf7c 21187 keaStr = "NTRU";
wolfSSL 15:117db924cf7c 21188 break;
wolfSSL 15:117db924cf7c 21189 #endif
wolfSSL 15:117db924cf7c 21190 #ifdef HAVE_ECC
wolfSSL 15:117db924cf7c 21191 case ecc_diffie_hellman_kea:
wolfSSL 15:117db924cf7c 21192 keaStr = "ECDHE";
wolfSSL 15:117db924cf7c 21193 break;
wolfSSL 15:117db924cf7c 21194 case ecc_static_diffie_hellman_kea:
wolfSSL 15:117db924cf7c 21195 keaStr = "ECDH";
wolfSSL 15:117db924cf7c 21196 break;
wolfSSL 15:117db924cf7c 21197 #endif
wolfSSL 15:117db924cf7c 21198 default:
wolfSSL 15:117db924cf7c 21199 keaStr = "unknown";
wolfSSL 15:117db924cf7c 21200 break;
wolfSSL 15:117db924cf7c 21201 }
wolfSSL 15:117db924cf7c 21202
wolfSSL 15:117db924cf7c 21203 switch (cipher->ssl->specs.sig_algo) {
wolfSSL 15:117db924cf7c 21204 case anonymous_sa_algo:
wolfSSL 15:117db924cf7c 21205 authStr = "None";
wolfSSL 15:117db924cf7c 21206 break;
wolfSSL 15:117db924cf7c 21207 #ifndef NO_RSA
wolfSSL 15:117db924cf7c 21208 case rsa_sa_algo:
wolfSSL 15:117db924cf7c 21209 authStr = "RSA";
wolfSSL 15:117db924cf7c 21210 break;
wolfSSL 15:117db924cf7c 21211 #endif
wolfSSL 15:117db924cf7c 21212 #ifndef NO_DSA
wolfSSL 15:117db924cf7c 21213 case dsa_sa_algo:
wolfSSL 15:117db924cf7c 21214 authStr = "DSA";
wolfSSL 15:117db924cf7c 21215 break;
wolfSSL 15:117db924cf7c 21216 #endif
wolfSSL 15:117db924cf7c 21217 #ifdef HAVE_ECC
wolfSSL 15:117db924cf7c 21218 case ecc_dsa_sa_algo:
wolfSSL 15:117db924cf7c 21219 authStr = "ECDSA";
wolfSSL 15:117db924cf7c 21220 break;
wolfSSL 15:117db924cf7c 21221 #endif
wolfSSL 15:117db924cf7c 21222 default:
wolfSSL 15:117db924cf7c 21223 authStr = "unknown";
wolfSSL 15:117db924cf7c 21224 break;
wolfSSL 15:117db924cf7c 21225 }
wolfSSL 15:117db924cf7c 21226
wolfSSL 15:117db924cf7c 21227 switch (cipher->ssl->specs.bulk_cipher_algorithm) {
wolfSSL 15:117db924cf7c 21228 case wolfssl_cipher_null:
wolfSSL 15:117db924cf7c 21229 encStr = "None";
wolfSSL 15:117db924cf7c 21230 break;
wolfSSL 15:117db924cf7c 21231 #ifndef NO_RC4
wolfSSL 15:117db924cf7c 21232 case wolfssl_rc4:
wolfSSL 15:117db924cf7c 21233 encStr = "RC4(128)";
wolfSSL 15:117db924cf7c 21234 break;
wolfSSL 15:117db924cf7c 21235 #endif
wolfSSL 15:117db924cf7c 21236 #ifndef NO_DES3
wolfSSL 15:117db924cf7c 21237 case wolfssl_triple_des:
wolfSSL 15:117db924cf7c 21238 encStr = "3DES(168)";
wolfSSL 15:117db924cf7c 21239 break;
wolfSSL 15:117db924cf7c 21240 #endif
wolfSSL 15:117db924cf7c 21241 #ifdef HAVE_IDEA
wolfSSL 15:117db924cf7c 21242 case wolfssl_idea:
wolfSSL 15:117db924cf7c 21243 encStr = "IDEA(128)";
wolfSSL 15:117db924cf7c 21244 break;
wolfSSL 15:117db924cf7c 21245 #endif
wolfSSL 15:117db924cf7c 21246 #ifndef NO_AES
wolfSSL 15:117db924cf7c 21247 case wolfssl_aes:
wolfSSL 15:117db924cf7c 21248 if (cipher->ssl->specs.key_size == 128)
wolfSSL 15:117db924cf7c 21249 encStr = "AES(128)";
wolfSSL 15:117db924cf7c 21250 else if (cipher->ssl->specs.key_size == 256)
wolfSSL 15:117db924cf7c 21251 encStr = "AES(256)";
wolfSSL 15:117db924cf7c 21252 else
wolfSSL 15:117db924cf7c 21253 encStr = "AES(?)";
wolfSSL 15:117db924cf7c 21254 break;
wolfSSL 15:117db924cf7c 21255 #ifdef HAVE_AESGCM
wolfSSL 15:117db924cf7c 21256 case wolfssl_aes_gcm:
wolfSSL 15:117db924cf7c 21257 if (cipher->ssl->specs.key_size == 128)
wolfSSL 15:117db924cf7c 21258 encStr = "AESGCM(128)";
wolfSSL 15:117db924cf7c 21259 else if (cipher->ssl->specs.key_size == 256)
wolfSSL 15:117db924cf7c 21260 encStr = "AESGCM(256)";
wolfSSL 15:117db924cf7c 21261 else
wolfSSL 15:117db924cf7c 21262 encStr = "AESGCM(?)";
wolfSSL 15:117db924cf7c 21263 break;
wolfSSL 15:117db924cf7c 21264 #endif
wolfSSL 15:117db924cf7c 21265 #ifdef HAVE_AESCCM
wolfSSL 15:117db924cf7c 21266 case wolfssl_aes_ccm:
wolfSSL 15:117db924cf7c 21267 if (cipher->ssl->specs.key_size == 128)
wolfSSL 15:117db924cf7c 21268 encStr = "AESCCM(128)";
wolfSSL 15:117db924cf7c 21269 else if (cipher->ssl->specs.key_size == 256)
wolfSSL 15:117db924cf7c 21270 encStr = "AESCCM(256)";
wolfSSL 15:117db924cf7c 21271 else
wolfSSL 15:117db924cf7c 21272 encStr = "AESCCM(?)";
wolfSSL 15:117db924cf7c 21273 break;
wolfSSL 15:117db924cf7c 21274 #endif
wolfSSL 15:117db924cf7c 21275 #endif
wolfSSL 15:117db924cf7c 21276 #ifdef HAVE_CHACHA
wolfSSL 15:117db924cf7c 21277 case wolfssl_chacha:
wolfSSL 15:117db924cf7c 21278 encStr = "CHACHA20/POLY1305(256)";
wolfSSL 15:117db924cf7c 21279 break;
wolfSSL 15:117db924cf7c 21280 #endif
wolfSSL 15:117db924cf7c 21281 #ifdef HAVE_CAMELLIA
wolfSSL 15:117db924cf7c 21282 case wolfssl_camellia:
wolfSSL 15:117db924cf7c 21283 if (cipher->ssl->specs.key_size == 128)
wolfSSL 15:117db924cf7c 21284 encStr = "Camellia(128)";
wolfSSL 15:117db924cf7c 21285 else if (cipher->ssl->specs.key_size == 256)
wolfSSL 15:117db924cf7c 21286 encStr = "Camellia(256)";
wolfSSL 15:117db924cf7c 21287 else
wolfSSL 15:117db924cf7c 21288 encStr = "Camellia(?)";
wolfSSL 15:117db924cf7c 21289 break;
wolfSSL 15:117db924cf7c 21290 #endif
wolfSSL 15:117db924cf7c 21291 #if defined(HAVE_HC128) && !defined(NO_HC128)
wolfSSL 15:117db924cf7c 21292 case wolfssl_hc128:
wolfSSL 15:117db924cf7c 21293 encStr = "HC128(128)";
wolfSSL 15:117db924cf7c 21294 break;
wolfSSL 15:117db924cf7c 21295 #endif
wolfSSL 15:117db924cf7c 21296 #if defined(HAVE_RABBIT) && !defined(NO_RABBIT)
wolfSSL 15:117db924cf7c 21297 case wolfssl_rabbit:
wolfSSL 15:117db924cf7c 21298 encStr = "RABBIT(128)";
wolfSSL 15:117db924cf7c 21299 break;
wolfSSL 15:117db924cf7c 21300 #endif
wolfSSL 15:117db924cf7c 21301 default:
wolfSSL 15:117db924cf7c 21302 encStr = "unknown";
wolfSSL 15:117db924cf7c 21303 break;
wolfSSL 15:117db924cf7c 21304 }
wolfSSL 15:117db924cf7c 21305
wolfSSL 15:117db924cf7c 21306 switch (cipher->ssl->specs.mac_algorithm) {
wolfSSL 15:117db924cf7c 21307 case no_mac:
wolfSSL 15:117db924cf7c 21308 macStr = "None";
wolfSSL 15:117db924cf7c 21309 break;
wolfSSL 15:117db924cf7c 21310 #ifndef NO_MD5
wolfSSL 15:117db924cf7c 21311 case md5_mac:
wolfSSL 15:117db924cf7c 21312 macStr = "MD5";
wolfSSL 15:117db924cf7c 21313 break;
wolfSSL 15:117db924cf7c 21314 #endif
wolfSSL 15:117db924cf7c 21315 #ifndef NO_SHA
wolfSSL 15:117db924cf7c 21316 case sha_mac:
wolfSSL 15:117db924cf7c 21317 macStr = "SHA1";
wolfSSL 15:117db924cf7c 21318 break;
wolfSSL 15:117db924cf7c 21319 #endif
wolfSSL 15:117db924cf7c 21320 #ifdef HAVE_SHA224
wolfSSL 15:117db924cf7c 21321 case sha224_mac:
wolfSSL 15:117db924cf7c 21322 macStr = "SHA224";
wolfSSL 15:117db924cf7c 21323 break;
wolfSSL 15:117db924cf7c 21324 #endif
wolfSSL 15:117db924cf7c 21325 #ifndef NO_SHA256
wolfSSL 15:117db924cf7c 21326 case sha256_mac:
wolfSSL 15:117db924cf7c 21327 macStr = "SHA256";
wolfSSL 15:117db924cf7c 21328 break;
wolfSSL 15:117db924cf7c 21329 #endif
wolfSSL 15:117db924cf7c 21330 #ifdef HAVE_SHA384
wolfSSL 15:117db924cf7c 21331 case sha384_mac:
wolfSSL 15:117db924cf7c 21332 macStr = "SHA384";
wolfSSL 15:117db924cf7c 21333 break;
wolfSSL 15:117db924cf7c 21334 #endif
wolfSSL 15:117db924cf7c 21335 #ifdef HAVE_SHA512
wolfSSL 15:117db924cf7c 21336 case sha512_mac:
wolfSSL 15:117db924cf7c 21337 macStr = "SHA512";
wolfSSL 15:117db924cf7c 21338 break;
wolfSSL 15:117db924cf7c 21339 #endif
wolfSSL 15:117db924cf7c 21340 default:
wolfSSL 15:117db924cf7c 21341 macStr = "unknown";
wolfSSL 15:117db924cf7c 21342 break;
wolfSSL 15:117db924cf7c 21343 }
wolfSSL 15:117db924cf7c 21344
wolfSSL 15:117db924cf7c 21345 /* Build up the string by copying onto the end. */
wolfSSL 15:117db924cf7c 21346 XSTRNCPY(in, wolfSSL_CIPHER_get_name(cipher), len);
wolfSSL 15:117db924cf7c 21347 in[len-1] = '\0'; strLen = XSTRLEN(in); len -= (int)strLen; in += strLen;
wolfSSL 15:117db924cf7c 21348
wolfSSL 15:117db924cf7c 21349 XSTRNCPY(in, " ", len);
wolfSSL 15:117db924cf7c 21350 in[len-1] = '\0'; strLen = XSTRLEN(in); len -= (int)strLen; in += strLen;
wolfSSL 15:117db924cf7c 21351 XSTRNCPY(in, wolfSSL_get_version(cipher->ssl), len);
wolfSSL 15:117db924cf7c 21352 in[len-1] = '\0'; strLen = XSTRLEN(in); len -= (int)strLen; in += strLen;
wolfSSL 15:117db924cf7c 21353
wolfSSL 15:117db924cf7c 21354 XSTRNCPY(in, " Kx=", len);
wolfSSL 15:117db924cf7c 21355 in[len-1] = '\0'; strLen = XSTRLEN(in); len -= (int)strLen; in += strLen;
wolfSSL 15:117db924cf7c 21356 XSTRNCPY(in, keaStr, len);
wolfSSL 15:117db924cf7c 21357 in[len-1] = '\0'; strLen = XSTRLEN(in); len -= (int)strLen; in += strLen;
wolfSSL 15:117db924cf7c 21358
wolfSSL 15:117db924cf7c 21359 XSTRNCPY(in, " Au=", len);
wolfSSL 15:117db924cf7c 21360 in[len-1] = '\0'; strLen = XSTRLEN(in); len -= (int)strLen; in += strLen;
wolfSSL 15:117db924cf7c 21361 XSTRNCPY(in, authStr, len);
wolfSSL 15:117db924cf7c 21362 in[len-1] = '\0'; strLen = XSTRLEN(in); len -= (int)strLen; in += strLen;
wolfSSL 15:117db924cf7c 21363
wolfSSL 15:117db924cf7c 21364 XSTRNCPY(in, " Enc=", len);
wolfSSL 15:117db924cf7c 21365 in[len-1] = '\0'; strLen = XSTRLEN(in); len -= (int)strLen; in += strLen;
wolfSSL 15:117db924cf7c 21366 XSTRNCPY(in, encStr, len);
wolfSSL 15:117db924cf7c 21367 in[len-1] = '\0'; strLen = XSTRLEN(in); len -= (int)strLen; in += strLen;
wolfSSL 15:117db924cf7c 21368
wolfSSL 15:117db924cf7c 21369 XSTRNCPY(in, " Mac=", len);
wolfSSL 15:117db924cf7c 21370 in[len-1] = '\0'; strLen = XSTRLEN(in); len -= (int)strLen; in += strLen;
wolfSSL 15:117db924cf7c 21371 XSTRNCPY(in, macStr, len);
wolfSSL 15:117db924cf7c 21372 in[len-1] = '\0';
wolfSSL 15:117db924cf7c 21373
wolfSSL 15:117db924cf7c 21374 return ret;
wolfSSL 15:117db924cf7c 21375 }
wolfSSL 15:117db924cf7c 21376
wolfSSL 15:117db924cf7c 21377
wolfSSL 15:117db924cf7c 21378 #ifndef NO_SESSION_CACHE
wolfSSL 15:117db924cf7c 21379
wolfSSL 15:117db924cf7c 21380 WOLFSSL_SESSION* wolfSSL_get1_session(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 21381 {
wolfSSL 15:117db924cf7c 21382 if (ssl == NULL) {
wolfSSL 15:117db924cf7c 21383 return NULL;
wolfSSL 15:117db924cf7c 21384 }
wolfSSL 15:117db924cf7c 21385
wolfSSL 15:117db924cf7c 21386 /* sessions are stored statically, no need for reference count */
wolfSSL 15:117db924cf7c 21387 return wolfSSL_get_session(ssl);
wolfSSL 15:117db924cf7c 21388 }
wolfSSL 15:117db924cf7c 21389
wolfSSL 15:117db924cf7c 21390 #endif /* NO_SESSION_CACHE */
wolfSSL 15:117db924cf7c 21391
wolfSSL 15:117db924cf7c 21392
wolfSSL 15:117db924cf7c 21393
wolfSSL 15:117db924cf7c 21394 /* was do nothing */
wolfSSL 15:117db924cf7c 21395 /*
wolfSSL 15:117db924cf7c 21396 void OPENSSL_free(void* buf)
wolfSSL 15:117db924cf7c 21397 {
wolfSSL 15:117db924cf7c 21398 (void)buf;
wolfSSL 15:117db924cf7c 21399 }
wolfSSL 15:117db924cf7c 21400 */
wolfSSL 15:117db924cf7c 21401
wolfSSL 15:117db924cf7c 21402 #ifndef NO_WOLFSSL_STUB
wolfSSL 15:117db924cf7c 21403 int wolfSSL_OCSP_parse_url(char* url, char** host, char** port, char** path,
wolfSSL 15:117db924cf7c 21404 int* ssl)
wolfSSL 15:117db924cf7c 21405 {
wolfSSL 15:117db924cf7c 21406 (void)url;
wolfSSL 15:117db924cf7c 21407 (void)host;
wolfSSL 15:117db924cf7c 21408 (void)port;
wolfSSL 15:117db924cf7c 21409 (void)path;
wolfSSL 15:117db924cf7c 21410 (void)ssl;
wolfSSL 15:117db924cf7c 21411 WOLFSSL_STUB("OCSP_parse_url");
wolfSSL 15:117db924cf7c 21412 return 0;
wolfSSL 15:117db924cf7c 21413 }
wolfSSL 15:117db924cf7c 21414 #endif
wolfSSL 15:117db924cf7c 21415
wolfSSL 15:117db924cf7c 21416 #ifndef NO_MD4
wolfSSL 15:117db924cf7c 21417
wolfSSL 15:117db924cf7c 21418 void wolfSSL_MD4_Init(WOLFSSL_MD4_CTX* md4)
wolfSSL 15:117db924cf7c 21419 {
wolfSSL 15:117db924cf7c 21420 /* make sure we have a big enough buffer */
wolfSSL 15:117db924cf7c 21421 typedef char ok[sizeof(md4->buffer) >= sizeof(Md4) ? 1 : -1];
wolfSSL 15:117db924cf7c 21422 (void) sizeof(ok);
wolfSSL 15:117db924cf7c 21423
wolfSSL 15:117db924cf7c 21424 WOLFSSL_ENTER("MD4_Init");
wolfSSL 15:117db924cf7c 21425 wc_InitMd4((Md4*)md4);
wolfSSL 15:117db924cf7c 21426 }
wolfSSL 15:117db924cf7c 21427
wolfSSL 15:117db924cf7c 21428
wolfSSL 15:117db924cf7c 21429 void wolfSSL_MD4_Update(WOLFSSL_MD4_CTX* md4, const void* data,
wolfSSL 15:117db924cf7c 21430 unsigned long len)
wolfSSL 15:117db924cf7c 21431 {
wolfSSL 15:117db924cf7c 21432 WOLFSSL_ENTER("MD4_Update");
wolfSSL 15:117db924cf7c 21433 wc_Md4Update((Md4*)md4, (const byte*)data, (word32)len);
wolfSSL 15:117db924cf7c 21434 }
wolfSSL 15:117db924cf7c 21435
wolfSSL 15:117db924cf7c 21436
wolfSSL 15:117db924cf7c 21437 void wolfSSL_MD4_Final(unsigned char* digest, WOLFSSL_MD4_CTX* md4)
wolfSSL 15:117db924cf7c 21438 {
wolfSSL 15:117db924cf7c 21439 WOLFSSL_ENTER("MD4_Final");
wolfSSL 15:117db924cf7c 21440 wc_Md4Final((Md4*)md4, digest);
wolfSSL 15:117db924cf7c 21441 }
wolfSSL 15:117db924cf7c 21442
wolfSSL 15:117db924cf7c 21443 #endif /* NO_MD4 */
wolfSSL 15:117db924cf7c 21444
wolfSSL 15:117db924cf7c 21445
wolfSSL 15:117db924cf7c 21446 /* Removes a WOLFSSL_BIO struct from the WOLFSSL_BIO linked list.
wolfSSL 15:117db924cf7c 21447 *
wolfSSL 15:117db924cf7c 21448 * bio is the WOLFSSL_BIO struct in the list and removed.
wolfSSL 15:117db924cf7c 21449 *
wolfSSL 15:117db924cf7c 21450 * The return WOLFSSL_BIO struct is the next WOLFSSL_BIO in the list or NULL if
wolfSSL 15:117db924cf7c 21451 * there is none.
wolfSSL 15:117db924cf7c 21452 */
wolfSSL 15:117db924cf7c 21453 WOLFSSL_BIO* wolfSSL_BIO_pop(WOLFSSL_BIO* bio)
wolfSSL 15:117db924cf7c 21454 {
wolfSSL 15:117db924cf7c 21455 if (bio == NULL) {
wolfSSL 15:117db924cf7c 21456 WOLFSSL_MSG("Bad argument passed in");
wolfSSL 15:117db924cf7c 21457 return NULL;
wolfSSL 15:117db924cf7c 21458 }
wolfSSL 15:117db924cf7c 21459
wolfSSL 15:117db924cf7c 21460 if (bio->prev != NULL) {
wolfSSL 15:117db924cf7c 21461 bio->prev->next = bio->next;
wolfSSL 15:117db924cf7c 21462 }
wolfSSL 15:117db924cf7c 21463
wolfSSL 15:117db924cf7c 21464 if (bio->next != NULL) {
wolfSSL 15:117db924cf7c 21465 bio->next->prev = bio->prev;
wolfSSL 15:117db924cf7c 21466 }
wolfSSL 15:117db924cf7c 21467
wolfSSL 15:117db924cf7c 21468 return bio->next;
wolfSSL 15:117db924cf7c 21469 }
wolfSSL 15:117db924cf7c 21470
wolfSSL 15:117db924cf7c 21471
wolfSSL 15:117db924cf7c 21472
wolfSSL 15:117db924cf7c 21473 WOLFSSL_BIO_METHOD* wolfSSL_BIO_s_mem(void)
wolfSSL 15:117db924cf7c 21474 {
wolfSSL 15:117db924cf7c 21475 static WOLFSSL_BIO_METHOD meth;
wolfSSL 15:117db924cf7c 21476
wolfSSL 16:8e0d178b1d1e 21477 WOLFSSL_ENTER("wolfSSL_BIO_s_mem");
wolfSSL 15:117db924cf7c 21478 meth.type = WOLFSSL_BIO_MEMORY;
wolfSSL 15:117db924cf7c 21479
wolfSSL 15:117db924cf7c 21480 return &meth;
wolfSSL 15:117db924cf7c 21481 }
wolfSSL 15:117db924cf7c 21482
wolfSSL 15:117db924cf7c 21483
wolfSSL 15:117db924cf7c 21484 WOLFSSL_BIO_METHOD* wolfSSL_BIO_f_base64(void)
wolfSSL 15:117db924cf7c 21485 {
wolfSSL 15:117db924cf7c 21486 static WOLFSSL_BIO_METHOD meth;
wolfSSL 15:117db924cf7c 21487
wolfSSL 15:117db924cf7c 21488 WOLFSSL_ENTER("wolfSSL_BIO_f_base64");
wolfSSL 15:117db924cf7c 21489 meth.type = WOLFSSL_BIO_BASE64;
wolfSSL 15:117db924cf7c 21490
wolfSSL 15:117db924cf7c 21491 return &meth;
wolfSSL 15:117db924cf7c 21492 }
wolfSSL 15:117db924cf7c 21493
wolfSSL 15:117db924cf7c 21494
wolfSSL 15:117db924cf7c 21495 /* Set the flag for the bio.
wolfSSL 15:117db924cf7c 21496 *
wolfSSL 16:8e0d178b1d1e 21497 * bio the structure to set the flag in
wolfSSL 15:117db924cf7c 21498 * flags the flag to use
wolfSSL 15:117db924cf7c 21499 */
wolfSSL 15:117db924cf7c 21500 void wolfSSL_BIO_set_flags(WOLFSSL_BIO* bio, int flags)
wolfSSL 15:117db924cf7c 21501 {
wolfSSL 15:117db924cf7c 21502 WOLFSSL_ENTER("wolfSSL_BIO_set_flags");
wolfSSL 15:117db924cf7c 21503
wolfSSL 15:117db924cf7c 21504 if (bio != NULL) {
wolfSSL 15:117db924cf7c 21505 bio->flags |= flags;
wolfSSL 15:117db924cf7c 21506 }
wolfSSL 15:117db924cf7c 21507 }
wolfSSL 15:117db924cf7c 21508
wolfSSL 16:8e0d178b1d1e 21509 void wolfSSL_BIO_clear_flags(WOLFSSL_BIO *bio, int flags)
wolfSSL 16:8e0d178b1d1e 21510 {
wolfSSL 16:8e0d178b1d1e 21511 WOLFSSL_ENTER("wolfSSL_BIO_clear_flags");
wolfSSL 16:8e0d178b1d1e 21512 if (bio != NULL) {
wolfSSL 16:8e0d178b1d1e 21513 bio->flags &= ~flags;
wolfSSL 16:8e0d178b1d1e 21514 }
wolfSSL 16:8e0d178b1d1e 21515 }
wolfSSL 16:8e0d178b1d1e 21516
wolfSSL 16:8e0d178b1d1e 21517 /* Set ex_data for WOLFSSL_BIO
wolfSSL 16:8e0d178b1d1e 21518 *
wolfSSL 16:8e0d178b1d1e 21519 * bio : BIO structure to set ex_data in
wolfSSL 16:8e0d178b1d1e 21520 * idx : Index of ex_data to set
wolfSSL 16:8e0d178b1d1e 21521 * data : Data to set in ex_data
wolfSSL 16:8e0d178b1d1e 21522 *
wolfSSL 16:8e0d178b1d1e 21523 * Returns WOLFSSL_SUCCESS on success or WOLFSSL_FAILURE on failure
wolfSSL 16:8e0d178b1d1e 21524 */
wolfSSL 16:8e0d178b1d1e 21525 int wolfSSL_BIO_set_ex_data(WOLFSSL_BIO *bio, int idx, void *data)
wolfSSL 16:8e0d178b1d1e 21526 {
wolfSSL 16:8e0d178b1d1e 21527 WOLFSSL_ENTER("wolfSSL_BIO_set_ex_data");
wolfSSL 16:8e0d178b1d1e 21528 #ifdef HAVE_EX_DATA
wolfSSL 16:8e0d178b1d1e 21529 if (bio != NULL && idx < MAX_EX_DATA) {
wolfSSL 16:8e0d178b1d1e 21530 return wolfSSL_CRYPTO_set_ex_data(&bio->ex_data, idx, data);
wolfSSL 16:8e0d178b1d1e 21531 }
wolfSSL 16:8e0d178b1d1e 21532 #else
wolfSSL 16:8e0d178b1d1e 21533 (void)bio;
wolfSSL 16:8e0d178b1d1e 21534 (void)idx;
wolfSSL 16:8e0d178b1d1e 21535 (void)data;
wolfSSL 16:8e0d178b1d1e 21536 #endif
wolfSSL 16:8e0d178b1d1e 21537 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 21538 }
wolfSSL 16:8e0d178b1d1e 21539
wolfSSL 16:8e0d178b1d1e 21540 /* Get ex_data in WOLFSSL_BIO at given index
wolfSSL 16:8e0d178b1d1e 21541 *
wolfSSL 16:8e0d178b1d1e 21542 * bio : BIO structure to get ex_data from
wolfSSL 16:8e0d178b1d1e 21543 * idx : Index of ex_data to get data from
wolfSSL 16:8e0d178b1d1e 21544 *
wolfSSL 16:8e0d178b1d1e 21545 * Returns void pointer to ex_data on success or NULL on failure
wolfSSL 16:8e0d178b1d1e 21546 */
wolfSSL 16:8e0d178b1d1e 21547 void *wolfSSL_BIO_get_ex_data(WOLFSSL_BIO *bio, int idx)
wolfSSL 16:8e0d178b1d1e 21548 {
wolfSSL 16:8e0d178b1d1e 21549 WOLFSSL_ENTER("wolfSSL_BIO_get_ex_data");
wolfSSL 16:8e0d178b1d1e 21550 #ifdef HAVE_EX_DATA
wolfSSL 16:8e0d178b1d1e 21551 if (bio != NULL && idx < MAX_EX_DATA && idx >= 0) {
wolfSSL 16:8e0d178b1d1e 21552 return wolfSSL_CRYPTO_get_ex_data(&bio->ex_data, idx);
wolfSSL 16:8e0d178b1d1e 21553 }
wolfSSL 16:8e0d178b1d1e 21554 #else
wolfSSL 16:8e0d178b1d1e 21555 (void)bio;
wolfSSL 16:8e0d178b1d1e 21556 (void)idx;
wolfSSL 16:8e0d178b1d1e 21557 #endif
wolfSSL 16:8e0d178b1d1e 21558 return NULL;
wolfSSL 16:8e0d178b1d1e 21559 }
wolfSSL 15:117db924cf7c 21560
wolfSSL 15:117db924cf7c 21561 #ifndef NO_WOLFSSL_STUB
wolfSSL 15:117db924cf7c 21562 void wolfSSL_RAND_screen(void)
wolfSSL 15:117db924cf7c 21563 {
wolfSSL 15:117db924cf7c 21564 WOLFSSL_STUB("RAND_screen");
wolfSSL 15:117db924cf7c 21565 }
wolfSSL 15:117db924cf7c 21566 #endif
wolfSSL 15:117db924cf7c 21567
wolfSSL 15:117db924cf7c 21568
wolfSSL 15:117db924cf7c 21569
wolfSSL 15:117db924cf7c 21570 int wolfSSL_RAND_load_file(const char* fname, long len)
wolfSSL 15:117db924cf7c 21571 {
wolfSSL 15:117db924cf7c 21572 (void)fname;
wolfSSL 15:117db924cf7c 21573 /* wolfCrypt provides enough entropy internally or will report error */
wolfSSL 15:117db924cf7c 21574 if (len == -1)
wolfSSL 15:117db924cf7c 21575 return 1024;
wolfSSL 15:117db924cf7c 21576 else
wolfSSL 15:117db924cf7c 21577 return (int)len;
wolfSSL 15:117db924cf7c 21578 }
wolfSSL 15:117db924cf7c 21579
wolfSSL 15:117db924cf7c 21580
wolfSSL 15:117db924cf7c 21581 #ifndef NO_WOLFSSL_STUB
wolfSSL 15:117db924cf7c 21582 WOLFSSL_COMP_METHOD* wolfSSL_COMP_zlib(void)
wolfSSL 15:117db924cf7c 21583 {
wolfSSL 15:117db924cf7c 21584 WOLFSSL_STUB("COMP_zlib");
wolfSSL 15:117db924cf7c 21585 return 0;
wolfSSL 15:117db924cf7c 21586 }
wolfSSL 15:117db924cf7c 21587 #endif
wolfSSL 15:117db924cf7c 21588
wolfSSL 15:117db924cf7c 21589 #ifndef NO_WOLFSSL_STUB
wolfSSL 15:117db924cf7c 21590 WOLFSSL_COMP_METHOD* wolfSSL_COMP_rle(void)
wolfSSL 15:117db924cf7c 21591 {
wolfSSL 15:117db924cf7c 21592 WOLFSSL_STUB("COMP_rle");
wolfSSL 15:117db924cf7c 21593 return 0;
wolfSSL 15:117db924cf7c 21594 }
wolfSSL 15:117db924cf7c 21595 #endif
wolfSSL 15:117db924cf7c 21596
wolfSSL 15:117db924cf7c 21597 #ifndef NO_WOLFSSL_STUB
wolfSSL 15:117db924cf7c 21598 int wolfSSL_COMP_add_compression_method(int method, void* data)
wolfSSL 15:117db924cf7c 21599 {
wolfSSL 15:117db924cf7c 21600 (void)method;
wolfSSL 15:117db924cf7c 21601 (void)data;
wolfSSL 15:117db924cf7c 21602 WOLFSSL_STUB("COMP_add_compression_method");
wolfSSL 15:117db924cf7c 21603 return 0;
wolfSSL 15:117db924cf7c 21604 }
wolfSSL 15:117db924cf7c 21605 #endif
wolfSSL 15:117db924cf7c 21606
wolfSSL 15:117db924cf7c 21607 #ifndef NO_WOLFSSL_STUB
wolfSSL 15:117db924cf7c 21608 void wolfSSL_set_dynlock_create_callback(WOLFSSL_dynlock_value* (*f)(
wolfSSL 15:117db924cf7c 21609 const char*, int))
wolfSSL 15:117db924cf7c 21610 {
wolfSSL 15:117db924cf7c 21611 WOLFSSL_STUB("CRYPTO_set_dynlock_create_callback");
wolfSSL 15:117db924cf7c 21612 (void)f;
wolfSSL 15:117db924cf7c 21613 }
wolfSSL 15:117db924cf7c 21614 #endif
wolfSSL 15:117db924cf7c 21615
wolfSSL 15:117db924cf7c 21616 #ifndef NO_WOLFSSL_STUB
wolfSSL 15:117db924cf7c 21617 void wolfSSL_set_dynlock_lock_callback(
wolfSSL 15:117db924cf7c 21618 void (*f)(int, WOLFSSL_dynlock_value*, const char*, int))
wolfSSL 15:117db924cf7c 21619 {
wolfSSL 15:117db924cf7c 21620 WOLFSSL_STUB("CRYPTO_set_set_dynlock_lock_callback");
wolfSSL 15:117db924cf7c 21621 (void)f;
wolfSSL 15:117db924cf7c 21622 }
wolfSSL 15:117db924cf7c 21623 #endif
wolfSSL 15:117db924cf7c 21624
wolfSSL 15:117db924cf7c 21625 #ifndef NO_WOLFSSL_STUB
wolfSSL 15:117db924cf7c 21626 void wolfSSL_set_dynlock_destroy_callback(
wolfSSL 15:117db924cf7c 21627 void (*f)(WOLFSSL_dynlock_value*, const char*, int))
wolfSSL 15:117db924cf7c 21628 {
wolfSSL 15:117db924cf7c 21629 WOLFSSL_STUB("CRYPTO_set_set_dynlock_destroy_callback");
wolfSSL 15:117db924cf7c 21630 (void)f;
wolfSSL 15:117db924cf7c 21631 }
wolfSSL 15:117db924cf7c 21632 #endif
wolfSSL 15:117db924cf7c 21633
wolfSSL 15:117db924cf7c 21634
wolfSSL 15:117db924cf7c 21635 const char* wolfSSL_X509_verify_cert_error_string(long err)
wolfSSL 15:117db924cf7c 21636 {
wolfSSL 15:117db924cf7c 21637 return wolfSSL_ERR_reason_error_string(err);
wolfSSL 15:117db924cf7c 21638 }
wolfSSL 15:117db924cf7c 21639
wolfSSL 15:117db924cf7c 21640
wolfSSL 15:117db924cf7c 21641 #ifndef NO_WOLFSSL_STUB
wolfSSL 15:117db924cf7c 21642 int wolfSSL_X509_LOOKUP_add_dir(WOLFSSL_X509_LOOKUP* lookup, const char* dir,
wolfSSL 15:117db924cf7c 21643 long len)
wolfSSL 15:117db924cf7c 21644 {
wolfSSL 15:117db924cf7c 21645 (void)lookup;
wolfSSL 15:117db924cf7c 21646 (void)dir;
wolfSSL 15:117db924cf7c 21647 (void)len;
wolfSSL 15:117db924cf7c 21648 WOLFSSL_STUB("X509_LOOKUP_add_dir");
wolfSSL 15:117db924cf7c 21649 return 0;
wolfSSL 15:117db924cf7c 21650 }
wolfSSL 15:117db924cf7c 21651 #endif
wolfSSL 15:117db924cf7c 21652
wolfSSL 15:117db924cf7c 21653 int wolfSSL_X509_LOOKUP_load_file(WOLFSSL_X509_LOOKUP* lookup,
wolfSSL 15:117db924cf7c 21654 const char* file, long type)
wolfSSL 15:117db924cf7c 21655 {
wolfSSL 15:117db924cf7c 21656 #if !defined(NO_FILESYSTEM) && \
wolfSSL 15:117db924cf7c 21657 (defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM))
wolfSSL 15:117db924cf7c 21658 int ret = WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 21659 XFILE fp;
wolfSSL 15:117db924cf7c 21660 long sz;
wolfSSL 15:117db924cf7c 21661 byte* pem = NULL;
wolfSSL 15:117db924cf7c 21662 byte* curr = NULL;
wolfSSL 15:117db924cf7c 21663 byte* prev = NULL;
wolfSSL 15:117db924cf7c 21664 WOLFSSL_X509* x509;
wolfSSL 15:117db924cf7c 21665 const char* header = NULL;
wolfSSL 15:117db924cf7c 21666 const char* footer = NULL;
wolfSSL 15:117db924cf7c 21667
wolfSSL 15:117db924cf7c 21668 if (type != X509_FILETYPE_PEM)
wolfSSL 15:117db924cf7c 21669 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 21670
wolfSSL 15:117db924cf7c 21671 fp = XFOPEN(file, "r");
wolfSSL 16:8e0d178b1d1e 21672 if (fp == XBADFILE)
wolfSSL 16:8e0d178b1d1e 21673 return BAD_FUNC_ARG;
wolfSSL 16:8e0d178b1d1e 21674
wolfSSL 16:8e0d178b1d1e 21675 if(XFSEEK(fp, 0, XSEEK_END) != 0) {
wolfSSL 16:8e0d178b1d1e 21676 XFCLOSE(fp);
wolfSSL 16:8e0d178b1d1e 21677 return WOLFSSL_BAD_FILE;
wolfSSL 16:8e0d178b1d1e 21678 }
wolfSSL 15:117db924cf7c 21679 sz = XFTELL(fp);
wolfSSL 15:117db924cf7c 21680 XREWIND(fp);
wolfSSL 15:117db924cf7c 21681
wolfSSL 16:8e0d178b1d1e 21682 if (sz > MAX_WOLFSSL_FILE_SIZE || sz <= 0) {
wolfSSL 16:8e0d178b1d1e 21683 WOLFSSL_MSG("X509_LOOKUP_load_file size error");
wolfSSL 15:117db924cf7c 21684 goto end;
wolfSSL 16:8e0d178b1d1e 21685 }
wolfSSL 15:117db924cf7c 21686
wolfSSL 15:117db924cf7c 21687 pem = (byte*)XMALLOC(sz, 0, DYNAMIC_TYPE_PEM);
wolfSSL 15:117db924cf7c 21688 if (pem == NULL) {
wolfSSL 15:117db924cf7c 21689 ret = MEMORY_ERROR;
wolfSSL 15:117db924cf7c 21690 goto end;
wolfSSL 15:117db924cf7c 21691 }
wolfSSL 15:117db924cf7c 21692
wolfSSL 15:117db924cf7c 21693 /* Read in file which may be CRLs or certificates. */
wolfSSL 15:117db924cf7c 21694 if (XFREAD(pem, (size_t)sz, 1, fp) != 1)
wolfSSL 15:117db924cf7c 21695 goto end;
wolfSSL 15:117db924cf7c 21696
wolfSSL 15:117db924cf7c 21697 prev = curr = pem;
wolfSSL 15:117db924cf7c 21698 do {
wolfSSL 15:117db924cf7c 21699 /* get PEM header and footer based on type */
wolfSSL 15:117db924cf7c 21700 if (wc_PemGetHeaderFooter(CRL_TYPE, &header, &footer) == 0 &&
wolfSSL 15:117db924cf7c 21701 XSTRNSTR((char*)curr, header, (unsigned int)sz) != NULL) {
wolfSSL 15:117db924cf7c 21702 #ifdef HAVE_CRL
wolfSSL 15:117db924cf7c 21703 WOLFSSL_CERT_MANAGER* cm = lookup->store->cm;
wolfSSL 15:117db924cf7c 21704
wolfSSL 15:117db924cf7c 21705 if (cm->crl == NULL) {
wolfSSL 15:117db924cf7c 21706 if (wolfSSL_CertManagerEnableCRL(cm, 0) != WOLFSSL_SUCCESS) {
wolfSSL 15:117db924cf7c 21707 WOLFSSL_MSG("Enable CRL failed");
wolfSSL 15:117db924cf7c 21708 goto end;
wolfSSL 15:117db924cf7c 21709 }
wolfSSL 15:117db924cf7c 21710 }
wolfSSL 15:117db924cf7c 21711
wolfSSL 16:8e0d178b1d1e 21712 ret = BufferLoadCRL(cm->crl, curr, sz, WOLFSSL_FILETYPE_PEM,
wolfSSL 16:8e0d178b1d1e 21713 NO_VERIFY);
wolfSSL 15:117db924cf7c 21714 if (ret != WOLFSSL_SUCCESS)
wolfSSL 15:117db924cf7c 21715 goto end;
wolfSSL 15:117db924cf7c 21716 #endif
wolfSSL 15:117db924cf7c 21717 curr = (byte*)XSTRNSTR((char*)curr, footer, (unsigned int)sz);
wolfSSL 15:117db924cf7c 21718 }
wolfSSL 15:117db924cf7c 21719 else if (wc_PemGetHeaderFooter(CERT_TYPE, &header, &footer) == 0 &&
wolfSSL 15:117db924cf7c 21720 XSTRNSTR((char*)curr, header, (unsigned int)sz) != NULL) {
wolfSSL 15:117db924cf7c 21721 x509 = wolfSSL_X509_load_certificate_buffer(curr, (int)sz,
wolfSSL 15:117db924cf7c 21722 WOLFSSL_FILETYPE_PEM);
wolfSSL 15:117db924cf7c 21723 if (x509 == NULL)
wolfSSL 15:117db924cf7c 21724 goto end;
wolfSSL 15:117db924cf7c 21725 ret = wolfSSL_X509_STORE_add_cert(lookup->store, x509);
wolfSSL 15:117db924cf7c 21726 wolfSSL_X509_free(x509);
wolfSSL 15:117db924cf7c 21727 if (ret != WOLFSSL_SUCCESS)
wolfSSL 15:117db924cf7c 21728 goto end;
wolfSSL 15:117db924cf7c 21729 curr = (byte*)XSTRNSTR((char*)curr, footer, (unsigned int)sz);
wolfSSL 15:117db924cf7c 21730 }
wolfSSL 15:117db924cf7c 21731 else
wolfSSL 15:117db924cf7c 21732 goto end;
wolfSSL 15:117db924cf7c 21733
wolfSSL 15:117db924cf7c 21734 if (curr == NULL)
wolfSSL 15:117db924cf7c 21735 goto end;
wolfSSL 15:117db924cf7c 21736
wolfSSL 15:117db924cf7c 21737 curr++;
wolfSSL 15:117db924cf7c 21738 sz -= (long)(curr - prev);
wolfSSL 15:117db924cf7c 21739 prev = curr;
wolfSSL 15:117db924cf7c 21740 }
wolfSSL 15:117db924cf7c 21741 while (ret == WOLFSSL_SUCCESS);
wolfSSL 15:117db924cf7c 21742
wolfSSL 15:117db924cf7c 21743 end:
wolfSSL 15:117db924cf7c 21744 if (pem != NULL)
wolfSSL 15:117db924cf7c 21745 XFREE(pem, 0, DYNAMIC_TYPE_PEM);
wolfSSL 15:117db924cf7c 21746 XFCLOSE(fp);
wolfSSL 15:117db924cf7c 21747 return ret;
wolfSSL 15:117db924cf7c 21748 #else
wolfSSL 15:117db924cf7c 21749 (void)lookup;
wolfSSL 15:117db924cf7c 21750 (void)file;
wolfSSL 15:117db924cf7c 21751 (void)type;
wolfSSL 15:117db924cf7c 21752 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 21753 #endif
wolfSSL 15:117db924cf7c 21754 }
wolfSSL 15:117db924cf7c 21755
wolfSSL 15:117db924cf7c 21756 WOLFSSL_X509_LOOKUP_METHOD* wolfSSL_X509_LOOKUP_hash_dir(void)
wolfSSL 15:117db924cf7c 21757 {
wolfSSL 15:117db924cf7c 21758 /* Method implementation in functions. */
wolfSSL 15:117db924cf7c 21759 static WOLFSSL_X509_LOOKUP_METHOD meth = { 1 };
wolfSSL 15:117db924cf7c 21760 return &meth;
wolfSSL 15:117db924cf7c 21761 }
wolfSSL 15:117db924cf7c 21762
wolfSSL 15:117db924cf7c 21763 WOLFSSL_X509_LOOKUP_METHOD* wolfSSL_X509_LOOKUP_file(void)
wolfSSL 15:117db924cf7c 21764 {
wolfSSL 15:117db924cf7c 21765 /* Method implementation in functions. */
wolfSSL 15:117db924cf7c 21766 static WOLFSSL_X509_LOOKUP_METHOD meth = { 0 };
wolfSSL 15:117db924cf7c 21767 return &meth;
wolfSSL 15:117db924cf7c 21768 }
wolfSSL 15:117db924cf7c 21769
wolfSSL 15:117db924cf7c 21770
wolfSSL 15:117db924cf7c 21771 WOLFSSL_X509_LOOKUP* wolfSSL_X509_STORE_add_lookup(WOLFSSL_X509_STORE* store,
wolfSSL 15:117db924cf7c 21772 WOLFSSL_X509_LOOKUP_METHOD* m)
wolfSSL 15:117db924cf7c 21773 {
wolfSSL 16:8e0d178b1d1e 21774 WOLFSSL_ENTER("SSL_X509_STORE_add_lookup");
wolfSSL 16:8e0d178b1d1e 21775 if (store == NULL)
wolfSSL 16:8e0d178b1d1e 21776 return NULL;
wolfSSL 16:8e0d178b1d1e 21777
wolfSSL 15:117db924cf7c 21778 /* Method is a dummy value and is not needed. */
wolfSSL 15:117db924cf7c 21779 (void)m;
wolfSSL 15:117db924cf7c 21780 /* Make sure the lookup has a back reference to the store. */
wolfSSL 15:117db924cf7c 21781 store->lookup.store = store;
wolfSSL 15:117db924cf7c 21782 return &store->lookup;
wolfSSL 15:117db924cf7c 21783 }
wolfSSL 15:117db924cf7c 21784
wolfSSL 15:117db924cf7c 21785
wolfSSL 15:117db924cf7c 21786 #ifndef NO_CERTS
wolfSSL 15:117db924cf7c 21787 /* Converts the X509 to DER format and outputs it into bio.
wolfSSL 15:117db924cf7c 21788 *
wolfSSL 15:117db924cf7c 21789 * bio is the structure to hold output DER
wolfSSL 15:117db924cf7c 21790 * x509 certificate to create DER from
wolfSSL 15:117db924cf7c 21791 *
wolfSSL 15:117db924cf7c 21792 * returns WOLFSSL_SUCCESS on success
wolfSSL 15:117db924cf7c 21793 */
wolfSSL 15:117db924cf7c 21794 int wolfSSL_i2d_X509_bio(WOLFSSL_BIO* bio, WOLFSSL_X509* x509)
wolfSSL 15:117db924cf7c 21795 {
wolfSSL 15:117db924cf7c 21796 WOLFSSL_ENTER("wolfSSL_i2d_X509_bio");
wolfSSL 15:117db924cf7c 21797
wolfSSL 15:117db924cf7c 21798 if (bio == NULL || x509 == NULL) {
wolfSSL 15:117db924cf7c 21799 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 21800 }
wolfSSL 15:117db924cf7c 21801
wolfSSL 15:117db924cf7c 21802 if (x509->derCert != NULL) {
wolfSSL 15:117db924cf7c 21803 word32 len = x509->derCert->length;
wolfSSL 15:117db924cf7c 21804 byte* der = x509->derCert->buffer;
wolfSSL 15:117db924cf7c 21805
wolfSSL 15:117db924cf7c 21806 if (wolfSSL_BIO_write(bio, der, len) == (int)len) {
wolfSSL 15:117db924cf7c 21807 return SSL_SUCCESS;
wolfSSL 15:117db924cf7c 21808 }
wolfSSL 15:117db924cf7c 21809 }
wolfSSL 15:117db924cf7c 21810
wolfSSL 15:117db924cf7c 21811 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 21812 }
wolfSSL 15:117db924cf7c 21813
wolfSSL 15:117db924cf7c 21814
wolfSSL 15:117db924cf7c 21815 /* Converts an internal structure to a DER buffer
wolfSSL 15:117db924cf7c 21816 *
wolfSSL 15:117db924cf7c 21817 * x509 structure to get DER buffer from
wolfSSL 15:117db924cf7c 21818 * out buffer to hold result. If NULL then *out is NULL then a new buffer is
wolfSSL 15:117db924cf7c 21819 * created.
wolfSSL 15:117db924cf7c 21820 *
wolfSSL 15:117db924cf7c 21821 * returns the size of the DER result on success
wolfSSL 15:117db924cf7c 21822 */
wolfSSL 15:117db924cf7c 21823 int wolfSSL_i2d_X509(WOLFSSL_X509* x509, unsigned char** out)
wolfSSL 15:117db924cf7c 21824 {
wolfSSL 15:117db924cf7c 21825 const unsigned char* der;
wolfSSL 15:117db924cf7c 21826 int derSz = 0;
wolfSSL 15:117db924cf7c 21827
wolfSSL 16:8e0d178b1d1e 21828 WOLFSSL_ENTER("wolfSSL_i2d_X509");
wolfSSL 16:8e0d178b1d1e 21829
wolfSSL 16:8e0d178b1d1e 21830 if (x509 == NULL) {
wolfSSL 16:8e0d178b1d1e 21831 WOLFSSL_LEAVE("wolfSSL_i2d_X509", BAD_FUNC_ARG);
wolfSSL 15:117db924cf7c 21832 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 21833 }
wolfSSL 15:117db924cf7c 21834
wolfSSL 15:117db924cf7c 21835 der = wolfSSL_X509_get_der(x509, &derSz);
wolfSSL 15:117db924cf7c 21836 if (der == NULL) {
wolfSSL 16:8e0d178b1d1e 21837 WOLFSSL_LEAVE("wolfSSL_i2d_X509", MEMORY_E);
wolfSSL 15:117db924cf7c 21838 return MEMORY_E;
wolfSSL 15:117db924cf7c 21839 }
wolfSSL 15:117db924cf7c 21840
wolfSSL 16:8e0d178b1d1e 21841 if (out != NULL && *out == NULL) {
wolfSSL 15:117db924cf7c 21842 *out = (unsigned char*)XMALLOC(derSz, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL 15:117db924cf7c 21843 if (*out == NULL) {
wolfSSL 16:8e0d178b1d1e 21844 WOLFSSL_LEAVE("wolfSSL_i2d_X509", MEMORY_E);
wolfSSL 15:117db924cf7c 21845 return MEMORY_E;
wolfSSL 15:117db924cf7c 21846 }
wolfSSL 15:117db924cf7c 21847 }
wolfSSL 15:117db924cf7c 21848
wolfSSL 16:8e0d178b1d1e 21849 if (out != NULL)
wolfSSL 16:8e0d178b1d1e 21850 XMEMCPY(*out, der, derSz);
wolfSSL 16:8e0d178b1d1e 21851
wolfSSL 16:8e0d178b1d1e 21852 WOLFSSL_LEAVE("wolfSSL_i2d_X509", derSz);
wolfSSL 15:117db924cf7c 21853 return derSz;
wolfSSL 15:117db924cf7c 21854 }
wolfSSL 15:117db924cf7c 21855
wolfSSL 15:117db924cf7c 21856
wolfSSL 15:117db924cf7c 21857 /* Converts the DER from bio and creates a WOLFSSL_X509 structure from it.
wolfSSL 15:117db924cf7c 21858 *
wolfSSL 15:117db924cf7c 21859 * bio is the structure holding DER
wolfSSL 15:117db924cf7c 21860 * x509 certificate to create from DER. Can be NULL
wolfSSL 15:117db924cf7c 21861 *
wolfSSL 15:117db924cf7c 21862 * returns pointer to WOLFSSL_X509 structure on success and NULL on fail
wolfSSL 15:117db924cf7c 21863 */
wolfSSL 15:117db924cf7c 21864 WOLFSSL_X509* wolfSSL_d2i_X509_bio(WOLFSSL_BIO* bio, WOLFSSL_X509** x509)
wolfSSL 15:117db924cf7c 21865 {
wolfSSL 15:117db924cf7c 21866 WOLFSSL_X509* localX509 = NULL;
wolfSSL 15:117db924cf7c 21867 unsigned char* mem = NULL;
wolfSSL 15:117db924cf7c 21868 int ret;
wolfSSL 15:117db924cf7c 21869 word32 size;
wolfSSL 15:117db924cf7c 21870
wolfSSL 15:117db924cf7c 21871 WOLFSSL_ENTER("wolfSSL_d2i_X509_bio");
wolfSSL 15:117db924cf7c 21872
wolfSSL 15:117db924cf7c 21873 if (bio == NULL) {
wolfSSL 15:117db924cf7c 21874 WOLFSSL_MSG("Bad Function Argument bio is NULL");
wolfSSL 15:117db924cf7c 21875 return NULL;
wolfSSL 15:117db924cf7c 21876 }
wolfSSL 15:117db924cf7c 21877
wolfSSL 15:117db924cf7c 21878 ret = wolfSSL_BIO_get_mem_data(bio, &mem);
wolfSSL 15:117db924cf7c 21879 if (mem == NULL || ret <= 0) {
wolfSSL 15:117db924cf7c 21880 WOLFSSL_MSG("Failed to get data from bio struct");
wolfSSL 15:117db924cf7c 21881 return NULL;
wolfSSL 15:117db924cf7c 21882 }
wolfSSL 15:117db924cf7c 21883 size = ret;
wolfSSL 15:117db924cf7c 21884
wolfSSL 15:117db924cf7c 21885 localX509 = wolfSSL_X509_d2i(NULL, mem, size);
wolfSSL 15:117db924cf7c 21886 if (localX509 == NULL) {
wolfSSL 15:117db924cf7c 21887 return NULL;
wolfSSL 15:117db924cf7c 21888 }
wolfSSL 15:117db924cf7c 21889
wolfSSL 15:117db924cf7c 21890 if (x509 != NULL) {
wolfSSL 15:117db924cf7c 21891 *x509 = localX509;
wolfSSL 15:117db924cf7c 21892 }
wolfSSL 15:117db924cf7c 21893
wolfSSL 15:117db924cf7c 21894 return localX509;
wolfSSL 15:117db924cf7c 21895 }
wolfSSL 15:117db924cf7c 21896
wolfSSL 15:117db924cf7c 21897
wolfSSL 15:117db924cf7c 21898 #if !defined(NO_ASN) && !defined(NO_PWDBASED)
wolfSSL 15:117db924cf7c 21899 WC_PKCS12* wolfSSL_d2i_PKCS12_bio(WOLFSSL_BIO* bio, WC_PKCS12** pkcs12)
wolfSSL 15:117db924cf7c 21900 {
wolfSSL 15:117db924cf7c 21901 WC_PKCS12* localPkcs12 = NULL;
wolfSSL 15:117db924cf7c 21902 unsigned char* mem = NULL;
wolfSSL 15:117db924cf7c 21903 int ret;
wolfSSL 15:117db924cf7c 21904 word32 size;
wolfSSL 15:117db924cf7c 21905
wolfSSL 15:117db924cf7c 21906 WOLFSSL_ENTER("wolfSSL_d2i_PKCS12_bio");
wolfSSL 15:117db924cf7c 21907
wolfSSL 15:117db924cf7c 21908 if (bio == NULL) {
wolfSSL 15:117db924cf7c 21909 WOLFSSL_MSG("Bad Function Argument bio is NULL");
wolfSSL 15:117db924cf7c 21910 return NULL;
wolfSSL 15:117db924cf7c 21911 }
wolfSSL 15:117db924cf7c 21912
wolfSSL 15:117db924cf7c 21913 localPkcs12 = wc_PKCS12_new();
wolfSSL 15:117db924cf7c 21914 if (localPkcs12 == NULL) {
wolfSSL 15:117db924cf7c 21915 WOLFSSL_MSG("Memory error");
wolfSSL 15:117db924cf7c 21916 return NULL;
wolfSSL 15:117db924cf7c 21917 }
wolfSSL 15:117db924cf7c 21918
wolfSSL 15:117db924cf7c 21919 if (pkcs12 != NULL) {
wolfSSL 15:117db924cf7c 21920 *pkcs12 = localPkcs12;
wolfSSL 15:117db924cf7c 21921 }
wolfSSL 15:117db924cf7c 21922
wolfSSL 15:117db924cf7c 21923 ret = wolfSSL_BIO_get_mem_data(bio, &mem);
wolfSSL 15:117db924cf7c 21924 if (mem == NULL || ret <= 0) {
wolfSSL 15:117db924cf7c 21925 WOLFSSL_MSG("Failed to get data from bio struct");
wolfSSL 15:117db924cf7c 21926 wc_PKCS12_free(localPkcs12);
wolfSSL 15:117db924cf7c 21927 if (pkcs12 != NULL) {
wolfSSL 15:117db924cf7c 21928 *pkcs12 = NULL;
wolfSSL 15:117db924cf7c 21929 }
wolfSSL 15:117db924cf7c 21930 return NULL;
wolfSSL 15:117db924cf7c 21931 }
wolfSSL 15:117db924cf7c 21932 size = ret;
wolfSSL 15:117db924cf7c 21933
wolfSSL 15:117db924cf7c 21934 ret = wc_d2i_PKCS12(mem, size, localPkcs12);
wolfSSL 15:117db924cf7c 21935 if (ret < 0) {
wolfSSL 15:117db924cf7c 21936 WOLFSSL_MSG("Failed to get PKCS12 sequence");
wolfSSL 15:117db924cf7c 21937 wc_PKCS12_free(localPkcs12);
wolfSSL 15:117db924cf7c 21938 if (pkcs12 != NULL) {
wolfSSL 15:117db924cf7c 21939 *pkcs12 = NULL;
wolfSSL 15:117db924cf7c 21940 }
wolfSSL 15:117db924cf7c 21941 return NULL;
wolfSSL 15:117db924cf7c 21942 }
wolfSSL 15:117db924cf7c 21943
wolfSSL 15:117db924cf7c 21944 return localPkcs12;
wolfSSL 15:117db924cf7c 21945 }
wolfSSL 15:117db924cf7c 21946
wolfSSL 16:8e0d178b1d1e 21947 /* Converts the PKCS12 to DER format and outputs it into bio.
wolfSSL 16:8e0d178b1d1e 21948 *
wolfSSL 16:8e0d178b1d1e 21949 * bio is the structure to hold output DER
wolfSSL 16:8e0d178b1d1e 21950 * pkcs12 structure to create DER from
wolfSSL 16:8e0d178b1d1e 21951 *
wolfSSL 16:8e0d178b1d1e 21952 * return 1 for success or 0 if an error occurs
wolfSSL 16:8e0d178b1d1e 21953 */
wolfSSL 16:8e0d178b1d1e 21954 int wolfSSL_i2d_PKCS12_bio(WOLFSSL_BIO *bio, WC_PKCS12 *pkcs12)
wolfSSL 16:8e0d178b1d1e 21955 {
wolfSSL 16:8e0d178b1d1e 21956 int ret = WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 21957
wolfSSL 16:8e0d178b1d1e 21958 WOLFSSL_ENTER("wolfSSL_i2d_PKCS12_bio");
wolfSSL 16:8e0d178b1d1e 21959
wolfSSL 16:8e0d178b1d1e 21960 if ((bio != NULL) && (pkcs12 != NULL)) {
wolfSSL 16:8e0d178b1d1e 21961 word32 certSz = 0;
wolfSSL 16:8e0d178b1d1e 21962 byte *certDer = NULL;
wolfSSL 16:8e0d178b1d1e 21963
wolfSSL 16:8e0d178b1d1e 21964 certSz = wc_i2d_PKCS12(pkcs12, &certDer, NULL);
wolfSSL 16:8e0d178b1d1e 21965 if ((certSz > 0) && (certDer != NULL)) {
wolfSSL 16:8e0d178b1d1e 21966 if (wolfSSL_BIO_write(bio, certDer, certSz) == (int)certSz) {
wolfSSL 16:8e0d178b1d1e 21967 ret = SSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 21968 }
wolfSSL 16:8e0d178b1d1e 21969 }
wolfSSL 16:8e0d178b1d1e 21970
wolfSSL 16:8e0d178b1d1e 21971 if (certDer != NULL) {
wolfSSL 16:8e0d178b1d1e 21972 XFREE(certDer, NULL, DYNAMIC_TYPE_PKCS);
wolfSSL 16:8e0d178b1d1e 21973 }
wolfSSL 16:8e0d178b1d1e 21974 }
wolfSSL 16:8e0d178b1d1e 21975
wolfSSL 16:8e0d178b1d1e 21976 return ret;
wolfSSL 16:8e0d178b1d1e 21977 }
wolfSSL 16:8e0d178b1d1e 21978
wolfSSL 16:8e0d178b1d1e 21979 /* helper function to get raw pointer to DER buffer from WOLFSSL_EVP_PKEY */
wolfSSL 16:8e0d178b1d1e 21980 static int wolfSSL_EVP_PKEY_get_der(WOLFSSL_EVP_PKEY* key, unsigned char** der)
wolfSSL 16:8e0d178b1d1e 21981 {
wolfSSL 16:8e0d178b1d1e 21982 if (!key)
wolfSSL 16:8e0d178b1d1e 21983 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 21984 if (der)
wolfSSL 16:8e0d178b1d1e 21985 *der = (unsigned char*)key->pkey.ptr;
wolfSSL 15:117db924cf7c 21986 return key->pkey_sz;
wolfSSL 15:117db924cf7c 21987 }
wolfSSL 15:117db924cf7c 21988
wolfSSL 16:8e0d178b1d1e 21989 /* Copies unencrypted DER key buffer into "der". If "der" is null then the size
wolfSSL 16:8e0d178b1d1e 21990 * of buffer needed is returned
wolfSSL 16:8e0d178b1d1e 21991 * NOTE: This also advances the "der" pointer to be at the end of buffer.
wolfSSL 16:8e0d178b1d1e 21992 *
wolfSSL 16:8e0d178b1d1e 21993 * Returns size of key buffer on success
wolfSSL 16:8e0d178b1d1e 21994 */
wolfSSL 16:8e0d178b1d1e 21995 int wolfSSL_i2d_PrivateKey(WOLFSSL_EVP_PKEY* key, unsigned char** der)
wolfSSL 16:8e0d178b1d1e 21996 {
wolfSSL 16:8e0d178b1d1e 21997 if (key == NULL) {
wolfSSL 16:8e0d178b1d1e 21998 return WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 21999 }
wolfSSL 16:8e0d178b1d1e 22000
wolfSSL 16:8e0d178b1d1e 22001 if (key->pkey_sz <= 0 || !key->pkey.ptr) {
wolfSSL 16:8e0d178b1d1e 22002 return WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 22003 }
wolfSSL 16:8e0d178b1d1e 22004
wolfSSL 16:8e0d178b1d1e 22005 if (der != NULL) {
wolfSSL 16:8e0d178b1d1e 22006 /* since this function signature has no size value passed in it is
wolfSSL 16:8e0d178b1d1e 22007 * assumed that the user has allocated a large enough buffer */
wolfSSL 16:8e0d178b1d1e 22008 XMEMCPY(*der, key->pkey.ptr, key->pkey_sz);
wolfSSL 16:8e0d178b1d1e 22009 *der += key->pkey_sz;
wolfSSL 16:8e0d178b1d1e 22010 }
wolfSSL 16:8e0d178b1d1e 22011 return key->pkey_sz;
wolfSSL 16:8e0d178b1d1e 22012 }
wolfSSL 15:117db924cf7c 22013
wolfSSL 15:117db924cf7c 22014 /* Creates a new WC_PKCS12 structure
wolfSSL 15:117db924cf7c 22015 *
wolfSSL 15:117db924cf7c 22016 * pass password to use
wolfSSL 15:117db924cf7c 22017 * name friendlyName to use
wolfSSL 15:117db924cf7c 22018 * pkey private key to go into PKCS12 bundle
wolfSSL 15:117db924cf7c 22019 * cert certificate to go into PKCS12 bundle
wolfSSL 15:117db924cf7c 22020 * ca extra certificates that can be added to bundle. Can be NULL
wolfSSL 15:117db924cf7c 22021 * keyNID type of encryption to use on the key (-1 means no encryption)
wolfSSL 16:8e0d178b1d1e 22022 * certNID type of encryption to use on the certificate
wolfSSL 15:117db924cf7c 22023 * itt number of iterations with encryption
wolfSSL 15:117db924cf7c 22024 * macItt number of iterations with mac creation
wolfSSL 15:117db924cf7c 22025 * keyType flag for signature and/or encryption key
wolfSSL 15:117db924cf7c 22026 *
wolfSSL 15:117db924cf7c 22027 * returns a pointer to a new WC_PKCS12 structure on success and NULL on fail
wolfSSL 15:117db924cf7c 22028 */
wolfSSL 15:117db924cf7c 22029 WC_PKCS12* wolfSSL_PKCS12_create(char* pass, char* name,
wolfSSL 15:117db924cf7c 22030 WOLFSSL_EVP_PKEY* pkey, WOLFSSL_X509* cert,
wolfSSL 15:117db924cf7c 22031 WOLF_STACK_OF(WOLFSSL_X509)* ca,
wolfSSL 15:117db924cf7c 22032 int keyNID, int certNID, int itt, int macItt, int keyType)
wolfSSL 15:117db924cf7c 22033 {
wolfSSL 15:117db924cf7c 22034 WC_PKCS12* pkcs12;
wolfSSL 15:117db924cf7c 22035 WC_DerCertList* list = NULL;
wolfSSL 15:117db924cf7c 22036 word32 passSz;
wolfSSL 15:117db924cf7c 22037 byte* keyDer;
wolfSSL 15:117db924cf7c 22038 word32 keyDerSz;
wolfSSL 15:117db924cf7c 22039 byte* certDer;
wolfSSL 15:117db924cf7c 22040 int certDerSz;
wolfSSL 15:117db924cf7c 22041
wolfSSL 15:117db924cf7c 22042 int ret;
wolfSSL 15:117db924cf7c 22043
wolfSSL 15:117db924cf7c 22044 WOLFSSL_ENTER("wolfSSL_PKCS12_create()");
wolfSSL 15:117db924cf7c 22045
wolfSSL 15:117db924cf7c 22046 if (pass == NULL || pkey == NULL || cert == NULL) {
wolfSSL 15:117db924cf7c 22047 WOLFSSL_LEAVE("wolfSSL_PKCS12_create()", BAD_FUNC_ARG);
wolfSSL 15:117db924cf7c 22048 return NULL;
wolfSSL 15:117db924cf7c 22049 }
wolfSSL 15:117db924cf7c 22050 passSz = (word32)XSTRLEN(pass);
wolfSSL 15:117db924cf7c 22051
wolfSSL 16:8e0d178b1d1e 22052 if ((ret = wolfSSL_EVP_PKEY_get_der(pkey, &keyDer)) < 0) {
wolfSSL 15:117db924cf7c 22053 WOLFSSL_LEAVE("wolfSSL_PKCS12_create", ret);
wolfSSL 15:117db924cf7c 22054 return NULL;
wolfSSL 15:117db924cf7c 22055 }
wolfSSL 15:117db924cf7c 22056 keyDerSz = ret;
wolfSSL 15:117db924cf7c 22057
wolfSSL 15:117db924cf7c 22058 certDer = (byte*)wolfSSL_X509_get_der(cert, &certDerSz);
wolfSSL 15:117db924cf7c 22059 if (certDer == NULL) {
wolfSSL 15:117db924cf7c 22060 return NULL;
wolfSSL 15:117db924cf7c 22061 }
wolfSSL 15:117db924cf7c 22062
wolfSSL 15:117db924cf7c 22063 if (ca != NULL) {
wolfSSL 15:117db924cf7c 22064 WC_DerCertList* cur;
wolfSSL 15:117db924cf7c 22065 unsigned long numCerts = ca->num;
wolfSSL 15:117db924cf7c 22066 byte* curDer;
wolfSSL 15:117db924cf7c 22067 int curDerSz = 0;
wolfSSL 15:117db924cf7c 22068 WOLFSSL_STACK* sk = ca;
wolfSSL 15:117db924cf7c 22069
wolfSSL 15:117db924cf7c 22070 while (numCerts > 0 && sk != NULL) {
wolfSSL 15:117db924cf7c 22071 cur = (WC_DerCertList*)XMALLOC(sizeof(WC_DerCertList), NULL,
wolfSSL 15:117db924cf7c 22072 DYNAMIC_TYPE_PKCS);
wolfSSL 15:117db924cf7c 22073 if (cur == NULL) {
wolfSSL 15:117db924cf7c 22074 wc_FreeCertList(list, NULL);
wolfSSL 15:117db924cf7c 22075 return NULL;
wolfSSL 15:117db924cf7c 22076 }
wolfSSL 15:117db924cf7c 22077
wolfSSL 15:117db924cf7c 22078 curDer = (byte*)wolfSSL_X509_get_der(sk->data.x509, &curDerSz);
wolfSSL 15:117db924cf7c 22079 if (curDer == NULL || curDerSz < 0) {
wolfSSL 15:117db924cf7c 22080 XFREE(cur, NULL, DYNAMIC_TYPE_PKCS);
wolfSSL 15:117db924cf7c 22081 wc_FreeCertList(list, NULL);
wolfSSL 15:117db924cf7c 22082 return NULL;
wolfSSL 15:117db924cf7c 22083 }
wolfSSL 15:117db924cf7c 22084
wolfSSL 15:117db924cf7c 22085 cur->buffer = (byte*)XMALLOC(curDerSz, NULL, DYNAMIC_TYPE_PKCS);
wolfSSL 15:117db924cf7c 22086 if (cur->buffer == NULL) {
wolfSSL 15:117db924cf7c 22087 XFREE(cur, NULL, DYNAMIC_TYPE_PKCS);
wolfSSL 15:117db924cf7c 22088 wc_FreeCertList(list, NULL);
wolfSSL 15:117db924cf7c 22089 return NULL;
wolfSSL 15:117db924cf7c 22090 }
wolfSSL 15:117db924cf7c 22091 XMEMCPY(cur->buffer, curDer, curDerSz);
wolfSSL 15:117db924cf7c 22092 cur->bufferSz = curDerSz;
wolfSSL 15:117db924cf7c 22093 cur->next = list;
wolfSSL 15:117db924cf7c 22094 list = cur;
wolfSSL 15:117db924cf7c 22095
wolfSSL 15:117db924cf7c 22096 sk = sk->next;
wolfSSL 15:117db924cf7c 22097 numCerts--;
wolfSSL 15:117db924cf7c 22098 }
wolfSSL 15:117db924cf7c 22099 }
wolfSSL 15:117db924cf7c 22100
wolfSSL 15:117db924cf7c 22101 pkcs12 = wc_PKCS12_create(pass, passSz, name, keyDer, keyDerSz,
wolfSSL 15:117db924cf7c 22102 certDer, certDerSz, list, keyNID, certNID, itt, macItt,
wolfSSL 15:117db924cf7c 22103 keyType, NULL);
wolfSSL 15:117db924cf7c 22104
wolfSSL 15:117db924cf7c 22105 if (ca != NULL) {
wolfSSL 15:117db924cf7c 22106 wc_FreeCertList(list, NULL);
wolfSSL 15:117db924cf7c 22107 }
wolfSSL 15:117db924cf7c 22108
wolfSSL 15:117db924cf7c 22109 return pkcs12;
wolfSSL 15:117db924cf7c 22110 }
wolfSSL 15:117db924cf7c 22111
wolfSSL 15:117db924cf7c 22112
wolfSSL 15:117db924cf7c 22113 /* return WOLFSSL_SUCCESS on success, WOLFSSL_FAILURE on failure */
wolfSSL 15:117db924cf7c 22114 int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
wolfSSL 15:117db924cf7c 22115 WOLFSSL_EVP_PKEY** pkey, WOLFSSL_X509** cert, WOLF_STACK_OF(WOLFSSL_X509)** ca)
wolfSSL 15:117db924cf7c 22116 {
wolfSSL 15:117db924cf7c 22117 DecodedCert DeCert;
wolfSSL 15:117db924cf7c 22118 void* heap = NULL;
wolfSSL 15:117db924cf7c 22119 int ret;
wolfSSL 15:117db924cf7c 22120 byte* certData = NULL;
wolfSSL 15:117db924cf7c 22121 word32 certDataSz;
wolfSSL 15:117db924cf7c 22122 byte* pk = NULL;
wolfSSL 15:117db924cf7c 22123 word32 pkSz;
wolfSSL 15:117db924cf7c 22124 WC_DerCertList* certList = NULL;
wolfSSL 15:117db924cf7c 22125
wolfSSL 15:117db924cf7c 22126 WOLFSSL_ENTER("wolfSSL_PKCS12_parse");
wolfSSL 15:117db924cf7c 22127
wolfSSL 16:8e0d178b1d1e 22128 /* make sure we init return args */
wolfSSL 16:8e0d178b1d1e 22129 if (pkey) *pkey = NULL;
wolfSSL 16:8e0d178b1d1e 22130 if (cert) *cert = NULL;
wolfSSL 16:8e0d178b1d1e 22131 if (ca) *ca = NULL;
wolfSSL 16:8e0d178b1d1e 22132
wolfSSL 15:117db924cf7c 22133 if (pkcs12 == NULL || psw == NULL || pkey == NULL || cert == NULL) {
wolfSSL 15:117db924cf7c 22134 WOLFSSL_MSG("Bad argument value");
wolfSSL 15:117db924cf7c 22135 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 22136 }
wolfSSL 15:117db924cf7c 22137
wolfSSL 15:117db924cf7c 22138 heap = wc_PKCS12_GetHeap(pkcs12);
wolfSSL 15:117db924cf7c 22139
wolfSSL 15:117db924cf7c 22140 if (ca == NULL) {
wolfSSL 15:117db924cf7c 22141 ret = wc_PKCS12_parse(pkcs12, psw, &pk, &pkSz, &certData, &certDataSz,
wolfSSL 15:117db924cf7c 22142 NULL);
wolfSSL 15:117db924cf7c 22143 }
wolfSSL 15:117db924cf7c 22144 else {
wolfSSL 15:117db924cf7c 22145 ret = wc_PKCS12_parse(pkcs12, psw, &pk, &pkSz, &certData, &certDataSz,
wolfSSL 15:117db924cf7c 22146 &certList);
wolfSSL 15:117db924cf7c 22147 }
wolfSSL 15:117db924cf7c 22148 if (ret < 0) {
wolfSSL 15:117db924cf7c 22149 WOLFSSL_LEAVE("wolfSSL_PKCS12_parse", ret);
wolfSSL 15:117db924cf7c 22150 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 22151 }
wolfSSL 15:117db924cf7c 22152
wolfSSL 15:117db924cf7c 22153 /* Decode cert and place in X509 stack struct */
wolfSSL 15:117db924cf7c 22154 if (certList != NULL) {
wolfSSL 15:117db924cf7c 22155 WC_DerCertList* current = certList;
wolfSSL 15:117db924cf7c 22156
wolfSSL 15:117db924cf7c 22157 *ca = (WOLF_STACK_OF(WOLFSSL_X509)*)XMALLOC(sizeof(WOLF_STACK_OF(WOLFSSL_X509)),
wolfSSL 15:117db924cf7c 22158 heap, DYNAMIC_TYPE_X509);
wolfSSL 15:117db924cf7c 22159 if (*ca == NULL) {
wolfSSL 15:117db924cf7c 22160 if (pk != NULL) {
wolfSSL 15:117db924cf7c 22161 XFREE(pk, heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 15:117db924cf7c 22162 }
wolfSSL 15:117db924cf7c 22163 if (certData != NULL) {
wolfSSL 15:117db924cf7c 22164 XFREE(*cert, heap, DYNAMIC_TYPE_PKCS); *cert = NULL;
wolfSSL 15:117db924cf7c 22165 }
wolfSSL 15:117db924cf7c 22166 /* Free up WC_DerCertList and move on */
wolfSSL 15:117db924cf7c 22167 while (current != NULL) {
wolfSSL 15:117db924cf7c 22168 WC_DerCertList* next = current->next;
wolfSSL 15:117db924cf7c 22169
wolfSSL 15:117db924cf7c 22170 XFREE(current->buffer, heap, DYNAMIC_TYPE_PKCS);
wolfSSL 15:117db924cf7c 22171 XFREE(current, heap, DYNAMIC_TYPE_PKCS);
wolfSSL 15:117db924cf7c 22172 current = next;
wolfSSL 15:117db924cf7c 22173 }
wolfSSL 15:117db924cf7c 22174 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 22175 }
wolfSSL 15:117db924cf7c 22176 XMEMSET(*ca, 0, sizeof(WOLF_STACK_OF(WOLFSSL_X509)));
wolfSSL 15:117db924cf7c 22177
wolfSSL 15:117db924cf7c 22178 /* add list of DER certs as X509's to stack */
wolfSSL 15:117db924cf7c 22179 while (current != NULL) {
wolfSSL 15:117db924cf7c 22180 WC_DerCertList* toFree = current;
wolfSSL 15:117db924cf7c 22181 WOLFSSL_X509* x509;
wolfSSL 15:117db924cf7c 22182
wolfSSL 15:117db924cf7c 22183 x509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), heap,
wolfSSL 15:117db924cf7c 22184 DYNAMIC_TYPE_X509);
wolfSSL 15:117db924cf7c 22185 InitX509(x509, 1, heap);
wolfSSL 15:117db924cf7c 22186 InitDecodedCert(&DeCert, current->buffer, current->bufferSz, heap);
wolfSSL 15:117db924cf7c 22187 if (ParseCertRelative(&DeCert, CERT_TYPE, NO_VERIFY, NULL) != 0) {
wolfSSL 15:117db924cf7c 22188 WOLFSSL_MSG("Issue with parsing certificate");
wolfSSL 15:117db924cf7c 22189 FreeDecodedCert(&DeCert);
wolfSSL 15:117db924cf7c 22190 wolfSSL_X509_free(x509);
wolfSSL 15:117db924cf7c 22191 }
wolfSSL 15:117db924cf7c 22192 else {
wolfSSL 15:117db924cf7c 22193 if ((ret = CopyDecodedToX509(x509, &DeCert)) != 0) {
wolfSSL 15:117db924cf7c 22194 WOLFSSL_MSG("Failed to copy decoded cert");
wolfSSL 15:117db924cf7c 22195 FreeDecodedCert(&DeCert);
wolfSSL 15:117db924cf7c 22196 wolfSSL_X509_free(x509);
wolfSSL 15:117db924cf7c 22197 wolfSSL_sk_X509_free(*ca); *ca = NULL;
wolfSSL 15:117db924cf7c 22198 if (pk != NULL) {
wolfSSL 15:117db924cf7c 22199 XFREE(pk, heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 15:117db924cf7c 22200 }
wolfSSL 15:117db924cf7c 22201 if (certData != NULL) {
wolfSSL 15:117db924cf7c 22202 XFREE(certData, heap, DYNAMIC_TYPE_PKCS);
wolfSSL 15:117db924cf7c 22203 }
wolfSSL 15:117db924cf7c 22204 /* Free up WC_DerCertList */
wolfSSL 15:117db924cf7c 22205 while (current != NULL) {
wolfSSL 15:117db924cf7c 22206 WC_DerCertList* next = current->next;
wolfSSL 15:117db924cf7c 22207
wolfSSL 15:117db924cf7c 22208 XFREE(current->buffer, heap, DYNAMIC_TYPE_PKCS);
wolfSSL 15:117db924cf7c 22209 XFREE(current, heap, DYNAMIC_TYPE_PKCS);
wolfSSL 15:117db924cf7c 22210 current = next;
wolfSSL 15:117db924cf7c 22211 }
wolfSSL 15:117db924cf7c 22212 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 22213 }
wolfSSL 15:117db924cf7c 22214 FreeDecodedCert(&DeCert);
wolfSSL 15:117db924cf7c 22215
wolfSSL 15:117db924cf7c 22216 if (wolfSSL_sk_X509_push(*ca, x509) != 1) {
wolfSSL 15:117db924cf7c 22217 WOLFSSL_MSG("Failed to push x509 onto stack");
wolfSSL 15:117db924cf7c 22218 wolfSSL_X509_free(x509);
wolfSSL 15:117db924cf7c 22219 wolfSSL_sk_X509_free(*ca); *ca = NULL;
wolfSSL 15:117db924cf7c 22220 if (pk != NULL) {
wolfSSL 15:117db924cf7c 22221 XFREE(pk, heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 15:117db924cf7c 22222 }
wolfSSL 15:117db924cf7c 22223 if (certData != NULL) {
wolfSSL 15:117db924cf7c 22224 XFREE(certData, heap, DYNAMIC_TYPE_PKCS);
wolfSSL 15:117db924cf7c 22225 }
wolfSSL 15:117db924cf7c 22226
wolfSSL 15:117db924cf7c 22227 /* Free up WC_DerCertList */
wolfSSL 15:117db924cf7c 22228 while (current != NULL) {
wolfSSL 15:117db924cf7c 22229 WC_DerCertList* next = current->next;
wolfSSL 15:117db924cf7c 22230
wolfSSL 15:117db924cf7c 22231 XFREE(current->buffer, heap, DYNAMIC_TYPE_PKCS);
wolfSSL 15:117db924cf7c 22232 XFREE(current, heap, DYNAMIC_TYPE_PKCS);
wolfSSL 15:117db924cf7c 22233 current = next;
wolfSSL 15:117db924cf7c 22234 }
wolfSSL 15:117db924cf7c 22235 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 22236 }
wolfSSL 15:117db924cf7c 22237 }
wolfSSL 15:117db924cf7c 22238 current = current->next;
wolfSSL 15:117db924cf7c 22239 XFREE(toFree->buffer, heap, DYNAMIC_TYPE_PKCS);
wolfSSL 15:117db924cf7c 22240 XFREE(toFree, heap, DYNAMIC_TYPE_PKCS);
wolfSSL 15:117db924cf7c 22241 }
wolfSSL 15:117db924cf7c 22242 }
wolfSSL 15:117db924cf7c 22243
wolfSSL 15:117db924cf7c 22244
wolfSSL 15:117db924cf7c 22245 /* Decode cert and place in X509 struct */
wolfSSL 15:117db924cf7c 22246 if (certData != NULL) {
wolfSSL 15:117db924cf7c 22247 *cert = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), heap,
wolfSSL 15:117db924cf7c 22248 DYNAMIC_TYPE_X509);
wolfSSL 15:117db924cf7c 22249 if (*cert == NULL) {
wolfSSL 15:117db924cf7c 22250 if (pk != NULL) {
wolfSSL 15:117db924cf7c 22251 XFREE(pk, heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 15:117db924cf7c 22252 }
wolfSSL 15:117db924cf7c 22253 if (ca != NULL) {
wolfSSL 15:117db924cf7c 22254 wolfSSL_sk_X509_free(*ca); *ca = NULL;
wolfSSL 15:117db924cf7c 22255 }
wolfSSL 15:117db924cf7c 22256 XFREE(certData, heap, DYNAMIC_TYPE_PKCS);
wolfSSL 15:117db924cf7c 22257 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 22258 }
wolfSSL 15:117db924cf7c 22259 InitX509(*cert, 1, heap);
wolfSSL 15:117db924cf7c 22260 InitDecodedCert(&DeCert, certData, certDataSz, heap);
wolfSSL 15:117db924cf7c 22261 if (ParseCertRelative(&DeCert, CERT_TYPE, NO_VERIFY, NULL) != 0) {
wolfSSL 15:117db924cf7c 22262 WOLFSSL_MSG("Issue with parsing certificate");
wolfSSL 15:117db924cf7c 22263 }
wolfSSL 15:117db924cf7c 22264 if ((ret = CopyDecodedToX509(*cert, &DeCert)) != 0) {
wolfSSL 15:117db924cf7c 22265 WOLFSSL_MSG("Failed to copy decoded cert");
wolfSSL 15:117db924cf7c 22266 FreeDecodedCert(&DeCert);
wolfSSL 15:117db924cf7c 22267 if (pk != NULL) {
wolfSSL 15:117db924cf7c 22268 XFREE(pk, heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 15:117db924cf7c 22269 }
wolfSSL 15:117db924cf7c 22270 if (ca != NULL) {
wolfSSL 15:117db924cf7c 22271 wolfSSL_sk_X509_free(*ca); *ca = NULL;
wolfSSL 15:117db924cf7c 22272 }
wolfSSL 15:117db924cf7c 22273 wolfSSL_X509_free(*cert); *cert = NULL;
wolfSSL 15:117db924cf7c 22274 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 22275 }
wolfSSL 15:117db924cf7c 22276 FreeDecodedCert(&DeCert);
wolfSSL 15:117db924cf7c 22277 XFREE(certData, heap, DYNAMIC_TYPE_PKCS);
wolfSSL 15:117db924cf7c 22278 }
wolfSSL 15:117db924cf7c 22279
wolfSSL 15:117db924cf7c 22280
wolfSSL 15:117db924cf7c 22281 /* get key type */
wolfSSL 15:117db924cf7c 22282 ret = BAD_STATE_E;
wolfSSL 15:117db924cf7c 22283 if (pk != NULL) { /* decode key if present */
wolfSSL 16:8e0d178b1d1e 22284 *pkey = wolfSSL_EVP_PKEY_new_ex(heap);
wolfSSL 15:117db924cf7c 22285 if (*pkey == NULL) {
wolfSSL 15:117db924cf7c 22286 wolfSSL_X509_free(*cert); *cert = NULL;
wolfSSL 15:117db924cf7c 22287 if (ca != NULL) {
wolfSSL 15:117db924cf7c 22288 wolfSSL_sk_X509_free(*ca); *ca = NULL;
wolfSSL 15:117db924cf7c 22289 }
wolfSSL 15:117db924cf7c 22290 XFREE(pk, heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 15:117db924cf7c 22291 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 22292 }
wolfSSL 15:117db924cf7c 22293 #ifndef NO_RSA
wolfSSL 15:117db924cf7c 22294 {
wolfSSL 15:117db924cf7c 22295 word32 keyIdx = 0;
wolfSSL 15:117db924cf7c 22296 RsaKey key;
wolfSSL 15:117db924cf7c 22297
wolfSSL 15:117db924cf7c 22298 if (wc_InitRsaKey(&key, heap) != 0) {
wolfSSL 15:117db924cf7c 22299 ret = BAD_STATE_E;
wolfSSL 15:117db924cf7c 22300 }
wolfSSL 15:117db924cf7c 22301 else {
wolfSSL 15:117db924cf7c 22302 if ((ret = wc_RsaPrivateKeyDecode(pk, &keyIdx, &key, pkSz))
wolfSSL 15:117db924cf7c 22303 == 0) {
wolfSSL 15:117db924cf7c 22304 (*pkey)->type = EVP_PKEY_RSA;
wolfSSL 15:117db924cf7c 22305 (*pkey)->rsa = wolfSSL_RSA_new();
wolfSSL 15:117db924cf7c 22306 (*pkey)->ownRsa = 1; /* we own RSA */
wolfSSL 15:117db924cf7c 22307 if ((*pkey)->rsa == NULL) {
wolfSSL 15:117db924cf7c 22308 WOLFSSL_MSG("issue creating EVP RSA key");
wolfSSL 15:117db924cf7c 22309 wolfSSL_X509_free(*cert); *cert = NULL;
wolfSSL 15:117db924cf7c 22310 if (ca != NULL) {
wolfSSL 15:117db924cf7c 22311 wolfSSL_sk_X509_free(*ca); *ca = NULL;
wolfSSL 15:117db924cf7c 22312 }
wolfSSL 15:117db924cf7c 22313 wolfSSL_EVP_PKEY_free(*pkey); *pkey = NULL;
wolfSSL 15:117db924cf7c 22314 XFREE(pk, heap, DYNAMIC_TYPE_PKCS);
wolfSSL 15:117db924cf7c 22315 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 22316 }
wolfSSL 15:117db924cf7c 22317 if ((ret = wolfSSL_RSA_LoadDer_ex((*pkey)->rsa, pk, pkSz,
wolfSSL 15:117db924cf7c 22318 WOLFSSL_RSA_LOAD_PRIVATE)) != SSL_SUCCESS) {
wolfSSL 15:117db924cf7c 22319 WOLFSSL_MSG("issue loading RSA key");
wolfSSL 15:117db924cf7c 22320 wolfSSL_X509_free(*cert); *cert = NULL;
wolfSSL 15:117db924cf7c 22321 if (ca != NULL) {
wolfSSL 15:117db924cf7c 22322 wolfSSL_sk_X509_free(*ca); *ca = NULL;
wolfSSL 15:117db924cf7c 22323 }
wolfSSL 15:117db924cf7c 22324 wolfSSL_EVP_PKEY_free(*pkey); *pkey = NULL;
wolfSSL 15:117db924cf7c 22325 XFREE(pk, heap, DYNAMIC_TYPE_PKCS);
wolfSSL 15:117db924cf7c 22326 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 22327 }
wolfSSL 15:117db924cf7c 22328
wolfSSL 15:117db924cf7c 22329 WOLFSSL_MSG("Found PKCS12 RSA key");
wolfSSL 15:117db924cf7c 22330 ret = 0; /* set in success state for upcoming ECC check */
wolfSSL 15:117db924cf7c 22331 }
wolfSSL 15:117db924cf7c 22332 wc_FreeRsaKey(&key);
wolfSSL 15:117db924cf7c 22333 }
wolfSSL 15:117db924cf7c 22334 }
wolfSSL 15:117db924cf7c 22335 #endif /* NO_RSA */
wolfSSL 15:117db924cf7c 22336
wolfSSL 15:117db924cf7c 22337 #ifdef HAVE_ECC
wolfSSL 15:117db924cf7c 22338 {
wolfSSL 15:117db924cf7c 22339 word32 keyIdx = 0;
wolfSSL 15:117db924cf7c 22340 ecc_key key;
wolfSSL 15:117db924cf7c 22341
wolfSSL 15:117db924cf7c 22342 if (ret != 0) { /* if is in fail state check if ECC key */
wolfSSL 15:117db924cf7c 22343 if (wc_ecc_init(&key) != 0) {
wolfSSL 15:117db924cf7c 22344 wolfSSL_X509_free(*cert); *cert = NULL;
wolfSSL 15:117db924cf7c 22345 if (ca != NULL) {
wolfSSL 15:117db924cf7c 22346 wolfSSL_sk_X509_free(*ca); *ca = NULL;
wolfSSL 15:117db924cf7c 22347 }
wolfSSL 15:117db924cf7c 22348 wolfSSL_EVP_PKEY_free(*pkey); *pkey = NULL;
wolfSSL 15:117db924cf7c 22349 XFREE(pk, heap, DYNAMIC_TYPE_PKCS);
wolfSSL 15:117db924cf7c 22350 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 22351 }
wolfSSL 15:117db924cf7c 22352
wolfSSL 15:117db924cf7c 22353 if ((ret = wc_EccPrivateKeyDecode(pk, &keyIdx, &key, pkSz))
wolfSSL 15:117db924cf7c 22354 != 0) {
wolfSSL 15:117db924cf7c 22355 wolfSSL_X509_free(*cert); *cert = NULL;
wolfSSL 15:117db924cf7c 22356 if (ca != NULL) {
wolfSSL 15:117db924cf7c 22357 wolfSSL_sk_X509_free(*ca); *ca = NULL;
wolfSSL 15:117db924cf7c 22358 }
wolfSSL 15:117db924cf7c 22359 wolfSSL_EVP_PKEY_free(*pkey); *pkey = NULL;
wolfSSL 15:117db924cf7c 22360 XFREE(pk, heap, DYNAMIC_TYPE_PKCS);
wolfSSL 15:117db924cf7c 22361 WOLFSSL_MSG("Bad PKCS12 key format");
wolfSSL 15:117db924cf7c 22362 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 22363 }
wolfSSL 15:117db924cf7c 22364 (*pkey)->type = EVP_PKEY_EC;
wolfSSL 15:117db924cf7c 22365 (*pkey)->pkey_curve = key.dp->oidSum;
wolfSSL 15:117db924cf7c 22366 wc_ecc_free(&key);
wolfSSL 15:117db924cf7c 22367 WOLFSSL_MSG("Found PKCS12 ECC key");
wolfSSL 15:117db924cf7c 22368 }
wolfSSL 15:117db924cf7c 22369 }
wolfSSL 15:117db924cf7c 22370 #else
wolfSSL 15:117db924cf7c 22371 if (ret != 0) { /* if is in fail state and no ECC then fail */
wolfSSL 15:117db924cf7c 22372 wolfSSL_X509_free(*cert); *cert = NULL;
wolfSSL 15:117db924cf7c 22373 if (ca != NULL) {
wolfSSL 15:117db924cf7c 22374 wolfSSL_sk_X509_free(*ca); *ca = NULL;
wolfSSL 15:117db924cf7c 22375 }
wolfSSL 15:117db924cf7c 22376 wolfSSL_EVP_PKEY_free(*pkey); *pkey = NULL;
wolfSSL 15:117db924cf7c 22377 XFREE(pk, heap, DYNAMIC_TYPE_PKCS);
wolfSSL 15:117db924cf7c 22378 WOLFSSL_MSG("Bad PKCS12 key format");
wolfSSL 15:117db924cf7c 22379 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 22380 }
wolfSSL 15:117db924cf7c 22381 #endif /* HAVE_ECC */
wolfSSL 15:117db924cf7c 22382
wolfSSL 15:117db924cf7c 22383 (*pkey)->save_type = 0;
wolfSSL 15:117db924cf7c 22384 (*pkey)->pkey_sz = pkSz;
wolfSSL 15:117db924cf7c 22385 (*pkey)->pkey.ptr = (char*)pk;
wolfSSL 15:117db924cf7c 22386 }
wolfSSL 15:117db924cf7c 22387
wolfSSL 15:117db924cf7c 22388 (void)ret;
wolfSSL 15:117db924cf7c 22389 (void)ca;
wolfSSL 15:117db924cf7c 22390
wolfSSL 15:117db924cf7c 22391 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 22392 }
wolfSSL 15:117db924cf7c 22393 #endif /* !defined(NO_ASN) && !defined(NO_PWDBASED) */
wolfSSL 15:117db924cf7c 22394
wolfSSL 15:117db924cf7c 22395
wolfSSL 15:117db924cf7c 22396 /* no-op function. Was initially used for adding encryption algorithms available
wolfSSL 15:117db924cf7c 22397 * for PKCS12 */
wolfSSL 15:117db924cf7c 22398 void wolfSSL_PKCS12_PBE_add(void)
wolfSSL 15:117db924cf7c 22399 {
wolfSSL 15:117db924cf7c 22400 WOLFSSL_ENTER("wolfSSL_PKCS12_PBE_add");
wolfSSL 15:117db924cf7c 22401 }
wolfSSL 15:117db924cf7c 22402
wolfSSL 15:117db924cf7c 22403
wolfSSL 15:117db924cf7c 22404
wolfSSL 15:117db924cf7c 22405 WOLFSSL_STACK* wolfSSL_X509_STORE_CTX_get_chain(WOLFSSL_X509_STORE_CTX* ctx)
wolfSSL 15:117db924cf7c 22406 {
wolfSSL 15:117db924cf7c 22407 WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_get_chain");
wolfSSL 15:117db924cf7c 22408
wolfSSL 15:117db924cf7c 22409 if (ctx == NULL) {
wolfSSL 15:117db924cf7c 22410 return NULL;
wolfSSL 15:117db924cf7c 22411 }
wolfSSL 15:117db924cf7c 22412
wolfSSL 15:117db924cf7c 22413 #ifdef SESSION_CERTS
wolfSSL 15:117db924cf7c 22414 /* if chain is null but sesChain is available then populate stack */
wolfSSL 15:117db924cf7c 22415 if (ctx->chain == NULL && ctx->sesChain != NULL) {
wolfSSL 15:117db924cf7c 22416 int i;
wolfSSL 15:117db924cf7c 22417 WOLFSSL_X509_CHAIN* c = ctx->sesChain;
wolfSSL 15:117db924cf7c 22418 WOLFSSL_STACK* sk = (WOLFSSL_STACK*)XMALLOC(sizeof(WOLFSSL_STACK),
wolfSSL 15:117db924cf7c 22419 NULL, DYNAMIC_TYPE_X509);
wolfSSL 15:117db924cf7c 22420
wolfSSL 15:117db924cf7c 22421 if (sk == NULL) {
wolfSSL 15:117db924cf7c 22422 return NULL;
wolfSSL 15:117db924cf7c 22423 }
wolfSSL 15:117db924cf7c 22424
wolfSSL 15:117db924cf7c 22425 XMEMSET(sk, 0, sizeof(WOLFSSL_STACK));
wolfSSL 15:117db924cf7c 22426 ctx->chain = sk;
wolfSSL 15:117db924cf7c 22427
wolfSSL 15:117db924cf7c 22428 for (i = 0; i < c->count && i < MAX_CHAIN_DEPTH; i++) {
wolfSSL 15:117db924cf7c 22429 WOLFSSL_X509* x509 = wolfSSL_get_chain_X509(c, i);
wolfSSL 15:117db924cf7c 22430
wolfSSL 15:117db924cf7c 22431 if (x509 == NULL) {
wolfSSL 15:117db924cf7c 22432 WOLFSSL_MSG("Unable to get x509 from chain");
wolfSSL 15:117db924cf7c 22433 wolfSSL_sk_X509_free(sk);
wolfSSL 15:117db924cf7c 22434 return NULL;
wolfSSL 15:117db924cf7c 22435 }
wolfSSL 15:117db924cf7c 22436
wolfSSL 15:117db924cf7c 22437 if (wolfSSL_sk_X509_push(sk, x509) != SSL_SUCCESS) {
wolfSSL 15:117db924cf7c 22438 WOLFSSL_MSG("Unable to load x509 into stack");
wolfSSL 15:117db924cf7c 22439 wolfSSL_sk_X509_free(sk);
wolfSSL 15:117db924cf7c 22440 wolfSSL_X509_free(x509);
wolfSSL 15:117db924cf7c 22441 return NULL;
wolfSSL 15:117db924cf7c 22442 }
wolfSSL 15:117db924cf7c 22443 }
wolfSSL 15:117db924cf7c 22444
wolfSSL 15:117db924cf7c 22445 #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA)
wolfSSL 15:117db924cf7c 22446 /* add CA used to verify top of chain to the list */
wolfSSL 15:117db924cf7c 22447 if (c->count > 0) {
wolfSSL 15:117db924cf7c 22448 WOLFSSL_X509* x509 = wolfSSL_get_chain_X509(c, c->count - 1);
wolfSSL 15:117db924cf7c 22449 if (x509 != NULL) {
wolfSSL 15:117db924cf7c 22450 WOLFSSL_X509* issuer = NULL;
wolfSSL 15:117db924cf7c 22451 if (wolfSSL_X509_STORE_CTX_get1_issuer(&issuer, ctx, x509)
wolfSSL 15:117db924cf7c 22452 == WOLFSSL_SUCCESS) {
wolfSSL 15:117db924cf7c 22453 /* check that the certificate being looked up is not self
wolfSSL 15:117db924cf7c 22454 * signed and that a issuer was found */
wolfSSL 15:117db924cf7c 22455 if (issuer != NULL && wolfSSL_X509_NAME_cmp(&x509->issuer,
wolfSSL 15:117db924cf7c 22456 &x509->subject) != 0) {
wolfSSL 15:117db924cf7c 22457 if (wolfSSL_sk_X509_push(sk, issuer) != SSL_SUCCESS) {
wolfSSL 15:117db924cf7c 22458 WOLFSSL_MSG("Unable to load CA x509 into stack");
wolfSSL 15:117db924cf7c 22459 wolfSSL_sk_X509_free(sk);
wolfSSL 15:117db924cf7c 22460 wolfSSL_X509_free(issuer);
wolfSSL 15:117db924cf7c 22461 return NULL;
wolfSSL 15:117db924cf7c 22462 }
wolfSSL 15:117db924cf7c 22463 }
wolfSSL 15:117db924cf7c 22464 else {
wolfSSL 15:117db924cf7c 22465 WOLFSSL_MSG("Certificate is self signed");
wolfSSL 16:8e0d178b1d1e 22466 if (issuer != NULL)
wolfSSL 16:8e0d178b1d1e 22467 wolfSSL_X509_free(issuer);
wolfSSL 15:117db924cf7c 22468 }
wolfSSL 15:117db924cf7c 22469 }
wolfSSL 15:117db924cf7c 22470 else {
wolfSSL 15:117db924cf7c 22471 WOLFSSL_MSG("Could not find CA for certificate");
wolfSSL 15:117db924cf7c 22472 }
wolfSSL 15:117db924cf7c 22473 }
wolfSSL 15:117db924cf7c 22474 }
wolfSSL 15:117db924cf7c 22475 #endif
wolfSSL 15:117db924cf7c 22476
wolfSSL 15:117db924cf7c 22477 }
wolfSSL 15:117db924cf7c 22478 #endif /* SESSION_CERTS */
wolfSSL 15:117db924cf7c 22479
wolfSSL 15:117db924cf7c 22480 return ctx->chain;
wolfSSL 15:117db924cf7c 22481 }
wolfSSL 15:117db924cf7c 22482
wolfSSL 16:8e0d178b1d1e 22483 /* make shallow copy of the stack, data pointers are copied by reference */
wolfSSL 16:8e0d178b1d1e 22484 WOLFSSL_STACK* wolfSSL_sk_X509_dup(WOLFSSL_STACK* sk)
wolfSSL 16:8e0d178b1d1e 22485 {
wolfSSL 16:8e0d178b1d1e 22486 unsigned long i;
wolfSSL 16:8e0d178b1d1e 22487 WOLFSSL_STACK* dup = NULL;
wolfSSL 16:8e0d178b1d1e 22488 WOLFSSL_STACK* node = NULL;
wolfSSL 16:8e0d178b1d1e 22489 WOLFSSL_STACK *dIdx = NULL, *sIdx = sk;
wolfSSL 16:8e0d178b1d1e 22490
wolfSSL 16:8e0d178b1d1e 22491 if (sk == NULL) {
wolfSSL 16:8e0d178b1d1e 22492 return NULL;
wolfSSL 16:8e0d178b1d1e 22493 }
wolfSSL 16:8e0d178b1d1e 22494
wolfSSL 16:8e0d178b1d1e 22495 for (i = 0; i < sk->num; i++) {
wolfSSL 16:8e0d178b1d1e 22496
wolfSSL 16:8e0d178b1d1e 22497 node = (WOLFSSL_STACK*)XMALLOC(sizeof(WOLFSSL_STACK), NULL,
wolfSSL 16:8e0d178b1d1e 22498 DYNAMIC_TYPE_X509);
wolfSSL 16:8e0d178b1d1e 22499 if (node == NULL) {
wolfSSL 16:8e0d178b1d1e 22500 if (i != 0) {
wolfSSL 16:8e0d178b1d1e 22501 wolfSSL_sk_free(dup);
wolfSSL 16:8e0d178b1d1e 22502 }
wolfSSL 16:8e0d178b1d1e 22503 WOLFSSL_MSG("Memory error");
wolfSSL 16:8e0d178b1d1e 22504 return NULL;
wolfSSL 16:8e0d178b1d1e 22505 }
wolfSSL 16:8e0d178b1d1e 22506 XMEMSET(node, 0, sizeof(WOLFSSL_STACK));
wolfSSL 16:8e0d178b1d1e 22507
wolfSSL 16:8e0d178b1d1e 22508 /* copy sk node to new node, data by reference */
wolfSSL 16:8e0d178b1d1e 22509 node->data.x509 = sIdx->data.x509;
wolfSSL 16:8e0d178b1d1e 22510 node->num = sIdx->num;
wolfSSL 16:8e0d178b1d1e 22511
wolfSSL 16:8e0d178b1d1e 22512 /* insert node into list, progress idx */
wolfSSL 16:8e0d178b1d1e 22513 if (i == 0) {
wolfSSL 16:8e0d178b1d1e 22514 dup = node;
wolfSSL 16:8e0d178b1d1e 22515 } else {
wolfSSL 16:8e0d178b1d1e 22516 dIdx->next = node;
wolfSSL 16:8e0d178b1d1e 22517 }
wolfSSL 16:8e0d178b1d1e 22518
wolfSSL 16:8e0d178b1d1e 22519 dIdx = node;
wolfSSL 16:8e0d178b1d1e 22520 sIdx = sIdx->next;
wolfSSL 16:8e0d178b1d1e 22521 }
wolfSSL 16:8e0d178b1d1e 22522
wolfSSL 16:8e0d178b1d1e 22523 return dup;
wolfSSL 16:8e0d178b1d1e 22524 }
wolfSSL 16:8e0d178b1d1e 22525
wolfSSL 16:8e0d178b1d1e 22526
wolfSSL 16:8e0d178b1d1e 22527 /* like X509_STORE_CTX_get_chain(), but return a copy with data reference
wolfSSL 16:8e0d178b1d1e 22528 counts increased */
wolfSSL 16:8e0d178b1d1e 22529 WOLFSSL_STACK* wolfSSL_X509_STORE_CTX_get1_chain(WOLFSSL_X509_STORE_CTX* ctx)
wolfSSL 16:8e0d178b1d1e 22530 {
wolfSSL 16:8e0d178b1d1e 22531 unsigned long i;
wolfSSL 16:8e0d178b1d1e 22532 WOLFSSL_STACK* ref;
wolfSSL 16:8e0d178b1d1e 22533 WOLFSSL_STACK* dup;
wolfSSL 16:8e0d178b1d1e 22534
wolfSSL 16:8e0d178b1d1e 22535 if (ctx == NULL) {
wolfSSL 16:8e0d178b1d1e 22536 return NULL;
wolfSSL 16:8e0d178b1d1e 22537 }
wolfSSL 16:8e0d178b1d1e 22538
wolfSSL 16:8e0d178b1d1e 22539 /* get chain in ctx */
wolfSSL 16:8e0d178b1d1e 22540 ref = wolfSSL_X509_STORE_CTX_get_chain(ctx);
wolfSSL 16:8e0d178b1d1e 22541 if (ref == NULL) {
wolfSSL 16:8e0d178b1d1e 22542 return ref;
wolfSSL 16:8e0d178b1d1e 22543 }
wolfSSL 16:8e0d178b1d1e 22544
wolfSSL 16:8e0d178b1d1e 22545 /* create duplicate of ctx chain */
wolfSSL 16:8e0d178b1d1e 22546 dup = wolfSSL_sk_X509_dup(ref);
wolfSSL 16:8e0d178b1d1e 22547 if (dup == NULL) {
wolfSSL 16:8e0d178b1d1e 22548 return NULL;
wolfSSL 16:8e0d178b1d1e 22549 }
wolfSSL 16:8e0d178b1d1e 22550
wolfSSL 16:8e0d178b1d1e 22551 /* increase ref counts of inner data X509 */
wolfSSL 16:8e0d178b1d1e 22552 ref = dup;
wolfSSL 16:8e0d178b1d1e 22553 for (i = 0; i < dup->num && ref != NULL; i++) {
wolfSSL 16:8e0d178b1d1e 22554 if (wc_LockMutex(&ref->data.x509->refMutex) != 0) {
wolfSSL 16:8e0d178b1d1e 22555 WOLFSSL_MSG("Failed to lock x509 mutex");
wolfSSL 16:8e0d178b1d1e 22556 }
wolfSSL 16:8e0d178b1d1e 22557 ref->data.x509->refCount++;
wolfSSL 16:8e0d178b1d1e 22558 wc_UnLockMutex(&ref->data.x509->refMutex);
wolfSSL 16:8e0d178b1d1e 22559 ref = ref->next;
wolfSSL 16:8e0d178b1d1e 22560 }
wolfSSL 16:8e0d178b1d1e 22561
wolfSSL 16:8e0d178b1d1e 22562 return dup;
wolfSSL 16:8e0d178b1d1e 22563 }
wolfSSL 16:8e0d178b1d1e 22564
wolfSSL 15:117db924cf7c 22565
wolfSSL 15:117db924cf7c 22566 int wolfSSL_X509_STORE_add_cert(WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509)
wolfSSL 15:117db924cf7c 22567 {
wolfSSL 15:117db924cf7c 22568 int result = WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 22569
wolfSSL 15:117db924cf7c 22570 WOLFSSL_ENTER("wolfSSL_X509_STORE_add_cert");
wolfSSL 15:117db924cf7c 22571 if (store != NULL && store->cm != NULL && x509 != NULL
wolfSSL 15:117db924cf7c 22572 && x509->derCert != NULL) {
wolfSSL 15:117db924cf7c 22573 DerBuffer* derCert = NULL;
wolfSSL 15:117db924cf7c 22574
wolfSSL 15:117db924cf7c 22575 result = AllocDer(&derCert, x509->derCert->length,
wolfSSL 15:117db924cf7c 22576 x509->derCert->type, NULL);
wolfSSL 15:117db924cf7c 22577 if (result == 0) {
wolfSSL 15:117db924cf7c 22578 /* AddCA() frees the buffer. */
wolfSSL 15:117db924cf7c 22579 XMEMCPY(derCert->buffer,
wolfSSL 15:117db924cf7c 22580 x509->derCert->buffer, x509->derCert->length);
wolfSSL 16:8e0d178b1d1e 22581 result = AddCA(store->cm, &derCert, WOLFSSL_USER_CA, VERIFY);
wolfSSL 15:117db924cf7c 22582 }
wolfSSL 15:117db924cf7c 22583 }
wolfSSL 15:117db924cf7c 22584
wolfSSL 15:117db924cf7c 22585 WOLFSSL_LEAVE("wolfSSL_X509_STORE_add_cert", result);
wolfSSL 15:117db924cf7c 22586
wolfSSL 15:117db924cf7c 22587 if (result != WOLFSSL_SUCCESS) {
wolfSSL 15:117db924cf7c 22588 result = WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 22589 }
wolfSSL 15:117db924cf7c 22590
wolfSSL 15:117db924cf7c 22591 return result;
wolfSSL 15:117db924cf7c 22592 }
wolfSSL 15:117db924cf7c 22593
wolfSSL 15:117db924cf7c 22594 WOLFSSL_X509_STORE* wolfSSL_X509_STORE_new(void)
wolfSSL 15:117db924cf7c 22595 {
wolfSSL 15:117db924cf7c 22596 WOLFSSL_X509_STORE* store = NULL;
wolfSSL 16:8e0d178b1d1e 22597 WOLFSSL_ENTER("SSL_X509_STORE_new");
wolfSSL 16:8e0d178b1d1e 22598
wolfSSL 16:8e0d178b1d1e 22599 if ((store = (WOLFSSL_X509_STORE*)XMALLOC(sizeof(WOLFSSL_X509_STORE), NULL,
wolfSSL 16:8e0d178b1d1e 22600 DYNAMIC_TYPE_X509_STORE)) == NULL)
wolfSSL 15:117db924cf7c 22601 goto err_exit;
wolfSSL 15:117db924cf7c 22602
wolfSSL 16:8e0d178b1d1e 22603 XMEMSET(store, 0, sizeof(WOLFSSL_X509_STORE));
wolfSSL 16:8e0d178b1d1e 22604 store->isDynamic = 1;
wolfSSL 16:8e0d178b1d1e 22605
wolfSSL 16:8e0d178b1d1e 22606 if ((store->cm = wolfSSL_CertManagerNew()) == NULL)
wolfSSL 15:117db924cf7c 22607 goto err_exit;
wolfSSL 15:117db924cf7c 22608
wolfSSL 15:117db924cf7c 22609 #ifdef HAVE_CRL
wolfSSL 15:117db924cf7c 22610 store->crl = NULL;
wolfSSL 16:8e0d178b1d1e 22611 if ((store->crl = (WOLFSSL_X509_CRL *)XMALLOC(sizeof(WOLFSSL_X509_CRL),
wolfSSL 16:8e0d178b1d1e 22612 NULL, DYNAMIC_TYPE_TMP_BUFFER)) == NULL)
wolfSSL 16:8e0d178b1d1e 22613 goto err_exit;
wolfSSL 16:8e0d178b1d1e 22614 if (InitCRL(store->crl, NULL) < 0)
wolfSSL 15:117db924cf7c 22615 goto err_exit;
wolfSSL 16:8e0d178b1d1e 22616 #endif
wolfSSL 16:8e0d178b1d1e 22617
wolfSSL 16:8e0d178b1d1e 22618 #ifdef OPENSSL_EXTRA
wolfSSL 16:8e0d178b1d1e 22619 if ((store->param = (WOLFSSL_X509_VERIFY_PARAM*)XMALLOC(
wolfSSL 16:8e0d178b1d1e 22620 sizeof(WOLFSSL_X509_VERIFY_PARAM),
wolfSSL 16:8e0d178b1d1e 22621 NULL,DYNAMIC_TYPE_OPENSSL)) == NULL)
wolfSSL 15:117db924cf7c 22622 goto err_exit;
wolfSSL 16:8e0d178b1d1e 22623
wolfSSL 15:117db924cf7c 22624 #endif
wolfSSL 15:117db924cf7c 22625
wolfSSL 15:117db924cf7c 22626 return store;
wolfSSL 15:117db924cf7c 22627
wolfSSL 15:117db924cf7c 22628 err_exit:
wolfSSL 16:8e0d178b1d1e 22629 if (store == NULL)
wolfSSL 16:8e0d178b1d1e 22630 return NULL;
wolfSSL 16:8e0d178b1d1e 22631
wolfSSL 15:117db924cf7c 22632 wolfSSL_X509_STORE_free(store);
wolfSSL 15:117db924cf7c 22633
wolfSSL 15:117db924cf7c 22634 return NULL;
wolfSSL 15:117db924cf7c 22635 }
wolfSSL 15:117db924cf7c 22636
wolfSSL 15:117db924cf7c 22637
wolfSSL 15:117db924cf7c 22638 void wolfSSL_X509_STORE_free(WOLFSSL_X509_STORE* store)
wolfSSL 15:117db924cf7c 22639 {
wolfSSL 15:117db924cf7c 22640 if (store != NULL && store->isDynamic) {
wolfSSL 15:117db924cf7c 22641 if (store->cm != NULL)
wolfSSL 15:117db924cf7c 22642 wolfSSL_CertManagerFree(store->cm);
wolfSSL 15:117db924cf7c 22643 #ifdef HAVE_CRL
wolfSSL 15:117db924cf7c 22644 if (store->crl != NULL)
wolfSSL 15:117db924cf7c 22645 wolfSSL_X509_CRL_free(store->crl);
wolfSSL 15:117db924cf7c 22646 #endif
wolfSSL 16:8e0d178b1d1e 22647 #ifdef OPENSSL_EXTRA
wolfSSL 16:8e0d178b1d1e 22648 if (store->param != NULL)
wolfSSL 16:8e0d178b1d1e 22649 XFREE(store->param, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL 16:8e0d178b1d1e 22650 #endif
wolfSSL 15:117db924cf7c 22651 XFREE(store, NULL, DYNAMIC_TYPE_X509_STORE);
wolfSSL 15:117db924cf7c 22652 }
wolfSSL 15:117db924cf7c 22653 }
wolfSSL 15:117db924cf7c 22654
wolfSSL 15:117db924cf7c 22655
wolfSSL 15:117db924cf7c 22656 int wolfSSL_X509_STORE_set_flags(WOLFSSL_X509_STORE* store, unsigned long flag)
wolfSSL 15:117db924cf7c 22657 {
wolfSSL 15:117db924cf7c 22658 int ret = WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 22659
wolfSSL 15:117db924cf7c 22660 WOLFSSL_ENTER("wolfSSL_X509_STORE_set_flags");
wolfSSL 15:117db924cf7c 22661
wolfSSL 16:8e0d178b1d1e 22662 if (store == NULL)
wolfSSL 16:8e0d178b1d1e 22663 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 22664
wolfSSL 15:117db924cf7c 22665 if ((flag & WOLFSSL_CRL_CHECKALL) || (flag & WOLFSSL_CRL_CHECK)) {
wolfSSL 15:117db924cf7c 22666 ret = wolfSSL_CertManagerEnableCRL(store->cm, (int)flag);
wolfSSL 15:117db924cf7c 22667 }
wolfSSL 15:117db924cf7c 22668
wolfSSL 15:117db924cf7c 22669 (void)store;
wolfSSL 15:117db924cf7c 22670 (void)flag;
wolfSSL 15:117db924cf7c 22671
wolfSSL 15:117db924cf7c 22672 return ret;
wolfSSL 15:117db924cf7c 22673 }
wolfSSL 15:117db924cf7c 22674
wolfSSL 15:117db924cf7c 22675
wolfSSL 15:117db924cf7c 22676 int wolfSSL_X509_STORE_set_default_paths(WOLFSSL_X509_STORE* store)
wolfSSL 15:117db924cf7c 22677 {
wolfSSL 15:117db924cf7c 22678 (void)store;
wolfSSL 15:117db924cf7c 22679 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 22680 }
wolfSSL 15:117db924cf7c 22681
wolfSSL 15:117db924cf7c 22682 #ifndef NO_WOLFSSL_STUB
wolfSSL 15:117db924cf7c 22683 int wolfSSL_X509_STORE_get_by_subject(WOLFSSL_X509_STORE_CTX* ctx, int idx,
wolfSSL 15:117db924cf7c 22684 WOLFSSL_X509_NAME* name, WOLFSSL_X509_OBJECT* obj)
wolfSSL 15:117db924cf7c 22685 {
wolfSSL 15:117db924cf7c 22686 (void)ctx;
wolfSSL 15:117db924cf7c 22687 (void)idx;
wolfSSL 15:117db924cf7c 22688 (void)name;
wolfSSL 15:117db924cf7c 22689 (void)obj;
wolfSSL 15:117db924cf7c 22690 WOLFSSL_STUB("X509_STORE_get_by_subject");
wolfSSL 15:117db924cf7c 22691 return 0;
wolfSSL 15:117db924cf7c 22692 }
wolfSSL 15:117db924cf7c 22693 #endif
wolfSSL 15:117db924cf7c 22694
wolfSSL 15:117db924cf7c 22695 WOLFSSL_X509_STORE_CTX* wolfSSL_X509_STORE_CTX_new(void)
wolfSSL 15:117db924cf7c 22696 {
wolfSSL 16:8e0d178b1d1e 22697 WOLFSSL_X509_STORE_CTX* ctx;
wolfSSL 16:8e0d178b1d1e 22698 WOLFSSL_ENTER("X509_STORE_CTX_new");
wolfSSL 16:8e0d178b1d1e 22699
wolfSSL 16:8e0d178b1d1e 22700 ctx = (WOLFSSL_X509_STORE_CTX*)XMALLOC(sizeof(WOLFSSL_X509_STORE_CTX), NULL,
wolfSSL 15:117db924cf7c 22701 DYNAMIC_TYPE_X509_CTX);
wolfSSL 15:117db924cf7c 22702 if (ctx != NULL) {
wolfSSL 15:117db924cf7c 22703 ctx->param = NULL;
wolfSSL 15:117db924cf7c 22704 wolfSSL_X509_STORE_CTX_init(ctx, NULL, NULL, NULL);
wolfSSL 15:117db924cf7c 22705 }
wolfSSL 15:117db924cf7c 22706
wolfSSL 15:117db924cf7c 22707 return ctx;
wolfSSL 15:117db924cf7c 22708 }
wolfSSL 15:117db924cf7c 22709
wolfSSL 15:117db924cf7c 22710
wolfSSL 15:117db924cf7c 22711 int wolfSSL_X509_STORE_CTX_init(WOLFSSL_X509_STORE_CTX* ctx,
wolfSSL 15:117db924cf7c 22712 WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509, WOLF_STACK_OF(WOLFSSL_X509)* sk)
wolfSSL 15:117db924cf7c 22713 {
wolfSSL 16:8e0d178b1d1e 22714 WOLFSSL_X509* x509_cert;
wolfSSL 16:8e0d178b1d1e 22715 int ret = 0;
wolfSSL 15:117db924cf7c 22716 (void)sk;
wolfSSL 15:117db924cf7c 22717 WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_init");
wolfSSL 16:8e0d178b1d1e 22718
wolfSSL 15:117db924cf7c 22719 if (ctx != NULL) {
wolfSSL 15:117db924cf7c 22720 ctx->store = store;
wolfSSL 16:8e0d178b1d1e 22721 #ifndef WOLFSSL_X509_STORE_CERTS
wolfSSL 15:117db924cf7c 22722 ctx->current_cert = x509;
wolfSSL 16:8e0d178b1d1e 22723 #else
wolfSSL 16:8e0d178b1d1e 22724 if(x509 != NULL){
wolfSSL 16:8e0d178b1d1e 22725 ctx->current_cert = wolfSSL_X509_d2i(NULL, x509->derCert->buffer,x509->derCert->length);
wolfSSL 16:8e0d178b1d1e 22726 if(ctx->current_cert == NULL)
wolfSSL 16:8e0d178b1d1e 22727 return WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 22728 } else
wolfSSL 16:8e0d178b1d1e 22729 ctx->current_cert = NULL;
wolfSSL 16:8e0d178b1d1e 22730 #endif
wolfSSL 16:8e0d178b1d1e 22731
wolfSSL 15:117db924cf7c 22732 ctx->chain = sk;
wolfSSL 16:8e0d178b1d1e 22733 /* Add intermediate certificates from stack to store */
wolfSSL 16:8e0d178b1d1e 22734 while (sk != NULL) {
wolfSSL 16:8e0d178b1d1e 22735 x509_cert = sk->data.x509;
wolfSSL 16:8e0d178b1d1e 22736 if (x509_cert != NULL && x509_cert->isCa) {
wolfSSL 16:8e0d178b1d1e 22737 ret = wolfSSL_X509_STORE_add_cert(store, x509_cert);
wolfSSL 16:8e0d178b1d1e 22738 if (ret < 0) {
wolfSSL 16:8e0d178b1d1e 22739 return WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 22740 }
wolfSSL 16:8e0d178b1d1e 22741 }
wolfSSL 16:8e0d178b1d1e 22742 sk = sk->next;
wolfSSL 16:8e0d178b1d1e 22743 }
wolfSSL 16:8e0d178b1d1e 22744
wolfSSL 16:8e0d178b1d1e 22745 ctx->sesChain = NULL;
wolfSSL 15:117db924cf7c 22746 ctx->domain = NULL;
wolfSSL 16:8e0d178b1d1e 22747 #if defined(HAVE_EX_DATA) || defined(FORTRESS)
wolfSSL 16:8e0d178b1d1e 22748 XMEMSET(&ctx->ex_data, 0, sizeof(ctx->ex_data));
wolfSSL 15:117db924cf7c 22749 #endif
wolfSSL 15:117db924cf7c 22750 ctx->userCtx = NULL;
wolfSSL 15:117db924cf7c 22751 ctx->error = 0;
wolfSSL 15:117db924cf7c 22752 ctx->error_depth = 0;
wolfSSL 15:117db924cf7c 22753 ctx->discardSessionCerts = 0;
wolfSSL 15:117db924cf7c 22754 #ifdef OPENSSL_EXTRA
wolfSSL 15:117db924cf7c 22755 if (ctx->param == NULL) {
wolfSSL 15:117db924cf7c 22756 ctx->param = (WOLFSSL_X509_VERIFY_PARAM*)XMALLOC(
wolfSSL 15:117db924cf7c 22757 sizeof(WOLFSSL_X509_VERIFY_PARAM),
wolfSSL 15:117db924cf7c 22758 NULL,DYNAMIC_TYPE_OPENSSL);
wolfSSL 15:117db924cf7c 22759 if (ctx->param == NULL){
wolfSSL 15:117db924cf7c 22760 WOLFSSL_MSG("wolfSSL_X509_STORE_CTX_init failed");
wolfSSL 15:117db924cf7c 22761 return SSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 22762 }
wolfSSL 15:117db924cf7c 22763 }
wolfSSL 15:117db924cf7c 22764 #endif
wolfSSL 15:117db924cf7c 22765 return SSL_SUCCESS;
wolfSSL 15:117db924cf7c 22766 }
wolfSSL 15:117db924cf7c 22767 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 22768 }
wolfSSL 15:117db924cf7c 22769
wolfSSL 15:117db924cf7c 22770
wolfSSL 15:117db924cf7c 22771 void wolfSSL_X509_STORE_CTX_free(WOLFSSL_X509_STORE_CTX* ctx)
wolfSSL 15:117db924cf7c 22772 {
wolfSSL 16:8e0d178b1d1e 22773 WOLFSSL_ENTER("X509_STORE_CTX_free");
wolfSSL 15:117db924cf7c 22774 if (ctx != NULL) {
wolfSSL 16:8e0d178b1d1e 22775 #if !defined(OPENSSL_ALL) && !defined(WOLFSSL_QT)
wolfSSL 15:117db924cf7c 22776 if (ctx->store != NULL)
wolfSSL 15:117db924cf7c 22777 wolfSSL_X509_STORE_free(ctx->store);
wolfSSL 16:8e0d178b1d1e 22778 #ifndef WOLFSSL_KEEP_STORE_CERTS
wolfSSL 15:117db924cf7c 22779 if (ctx->current_cert != NULL)
wolfSSL 15:117db924cf7c 22780 wolfSSL_FreeX509(ctx->current_cert);
wolfSSL 16:8e0d178b1d1e 22781 #endif
wolfSSL 16:8e0d178b1d1e 22782 #endif /* !OPENSSL_ALL && !WOLFSSL_QT */
wolfSSL 15:117db924cf7c 22783 #ifdef OPENSSL_EXTRA
wolfSSL 15:117db924cf7c 22784 if (ctx->param != NULL){
wolfSSL 15:117db924cf7c 22785 XFREE(ctx->param,NULL,DYNAMIC_TYPE_OPENSSL);
wolfSSL 15:117db924cf7c 22786 }
wolfSSL 15:117db924cf7c 22787 #endif
wolfSSL 15:117db924cf7c 22788 XFREE(ctx, NULL, DYNAMIC_TYPE_X509_CTX);
wolfSSL 15:117db924cf7c 22789 }
wolfSSL 15:117db924cf7c 22790 }
wolfSSL 15:117db924cf7c 22791
wolfSSL 15:117db924cf7c 22792
wolfSSL 15:117db924cf7c 22793 void wolfSSL_X509_STORE_CTX_cleanup(WOLFSSL_X509_STORE_CTX* ctx)
wolfSSL 15:117db924cf7c 22794 {
wolfSSL 15:117db924cf7c 22795 (void)ctx;
wolfSSL 15:117db924cf7c 22796 /* Do nothing */
wolfSSL 15:117db924cf7c 22797 }
wolfSSL 15:117db924cf7c 22798
wolfSSL 16:8e0d178b1d1e 22799 #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
wolfSSL 16:8e0d178b1d1e 22800 /* Returns corresponding X509 error from internal ASN error <e> */
wolfSSL 16:8e0d178b1d1e 22801 static int GetX509Error(int e)
wolfSSL 16:8e0d178b1d1e 22802 {
wolfSSL 16:8e0d178b1d1e 22803 switch (e) {
wolfSSL 16:8e0d178b1d1e 22804 case ASN_BEFORE_DATE_E:
wolfSSL 16:8e0d178b1d1e 22805 return X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD;
wolfSSL 16:8e0d178b1d1e 22806 case ASN_AFTER_DATE_E:
wolfSSL 16:8e0d178b1d1e 22807 return X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD;
wolfSSL 16:8e0d178b1d1e 22808 case ASN_NO_SIGNER_E:
wolfSSL 16:8e0d178b1d1e 22809 return X509_V_ERR_INVALID_CA;
wolfSSL 16:8e0d178b1d1e 22810 case ASN_SELF_SIGNED_E:
wolfSSL 16:8e0d178b1d1e 22811 return X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT;
wolfSSL 16:8e0d178b1d1e 22812 case ASN_PATHLEN_INV_E:
wolfSSL 16:8e0d178b1d1e 22813 case ASN_PATHLEN_SIZE_E:
wolfSSL 16:8e0d178b1d1e 22814 return X509_V_ERR_PATH_LENGTH_EXCEEDED;
wolfSSL 16:8e0d178b1d1e 22815 case ASN_SIG_OID_E:
wolfSSL 16:8e0d178b1d1e 22816 case ASN_SIG_CONFIRM_E:
wolfSSL 16:8e0d178b1d1e 22817 case ASN_SIG_HASH_E:
wolfSSL 16:8e0d178b1d1e 22818 case ASN_SIG_KEY_E:
wolfSSL 16:8e0d178b1d1e 22819 return X509_V_ERR_CERT_SIGNATURE_FAILURE;
wolfSSL 16:8e0d178b1d1e 22820 default:
wolfSSL 16:8e0d178b1d1e 22821 WOLFSSL_MSG("Error not configured or implemented yet");
wolfSSL 16:8e0d178b1d1e 22822 return e;
wolfSSL 16:8e0d178b1d1e 22823 }
wolfSSL 16:8e0d178b1d1e 22824 }
wolfSSL 16:8e0d178b1d1e 22825 #endif
wolfSSL 16:8e0d178b1d1e 22826
wolfSSL 16:8e0d178b1d1e 22827 /* Verifies certificate chain using WOLFSSL_X509_STORE_CTX
wolfSSL 16:8e0d178b1d1e 22828 * returns 0 on success or < 0 on failure.
wolfSSL 16:8e0d178b1d1e 22829 */
wolfSSL 15:117db924cf7c 22830 int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX* ctx)
wolfSSL 15:117db924cf7c 22831 {
wolfSSL 16:8e0d178b1d1e 22832 int ret = 0;
wolfSSL 16:8e0d178b1d1e 22833 #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
wolfSSL 16:8e0d178b1d1e 22834 int depth = 0;
wolfSSL 16:8e0d178b1d1e 22835 int error;
wolfSSL 16:8e0d178b1d1e 22836 byte *afterDate, *beforeDate;
wolfSSL 16:8e0d178b1d1e 22837 #endif
wolfSSL 16:8e0d178b1d1e 22838 WOLFSSL_ENTER("wolfSSL_X509_verify_cert");
wolfSSL 16:8e0d178b1d1e 22839
wolfSSL 15:117db924cf7c 22840 if (ctx != NULL && ctx->store != NULL && ctx->store->cm != NULL
wolfSSL 15:117db924cf7c 22841 && ctx->current_cert != NULL && ctx->current_cert->derCert != NULL) {
wolfSSL 16:8e0d178b1d1e 22842 ret = wolfSSL_CertManagerVerifyBuffer(ctx->store->cm,
wolfSSL 15:117db924cf7c 22843 ctx->current_cert->derCert->buffer,
wolfSSL 15:117db924cf7c 22844 ctx->current_cert->derCert->length,
wolfSSL 15:117db924cf7c 22845 WOLFSSL_FILETYPE_ASN1);
wolfSSL 16:8e0d178b1d1e 22846
wolfSSL 16:8e0d178b1d1e 22847 #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
wolfSSL 16:8e0d178b1d1e 22848 /* If there was an error, process it and add it to CTX */
wolfSSL 16:8e0d178b1d1e 22849 if (ret < 0) {
wolfSSL 16:8e0d178b1d1e 22850 /* Get corresponding X509 error */
wolfSSL 16:8e0d178b1d1e 22851 error = GetX509Error(ret);
wolfSSL 16:8e0d178b1d1e 22852 /* Set error depth */
wolfSSL 16:8e0d178b1d1e 22853 if (ctx->chain)
wolfSSL 16:8e0d178b1d1e 22854 depth = (int)ctx->chain->num;
wolfSSL 16:8e0d178b1d1e 22855
wolfSSL 16:8e0d178b1d1e 22856 wolfSSL_X509_STORE_CTX_set_error(ctx, error);
wolfSSL 16:8e0d178b1d1e 22857 wolfSSL_X509_STORE_CTX_set_error_depth(ctx, depth);
wolfSSL 16:8e0d178b1d1e 22858 ctx->store->verify_cb(0, ctx);
wolfSSL 16:8e0d178b1d1e 22859 }
wolfSSL 16:8e0d178b1d1e 22860
wolfSSL 16:8e0d178b1d1e 22861 error = 0;
wolfSSL 16:8e0d178b1d1e 22862 /* wolfSSL_CertManagerVerifyBuffer only returns ASN_AFTER_DATE_E or
wolfSSL 16:8e0d178b1d1e 22863 ASN_BEFORE_DATE_E if there are no additional errors found in the
wolfSSL 16:8e0d178b1d1e 22864 cert. Therefore, check if the cert is expired or not yet valid
wolfSSL 16:8e0d178b1d1e 22865 in order to return the correct expected error. */
wolfSSL 16:8e0d178b1d1e 22866 afterDate = ctx->current_cert->notAfter.data;
wolfSSL 16:8e0d178b1d1e 22867 beforeDate = ctx->current_cert->notBefore.data;
wolfSSL 16:8e0d178b1d1e 22868
wolfSSL 16:8e0d178b1d1e 22869 if (ValidateDate(afterDate, ctx->current_cert->notAfter.type,
wolfSSL 16:8e0d178b1d1e 22870 AFTER) < 1) {
wolfSSL 16:8e0d178b1d1e 22871 error = X509_V_ERR_CERT_HAS_EXPIRED;
wolfSSL 16:8e0d178b1d1e 22872 }
wolfSSL 16:8e0d178b1d1e 22873 else if (ValidateDate(beforeDate, ctx->current_cert->notBefore.type,
wolfSSL 16:8e0d178b1d1e 22874 BEFORE) < 1) {
wolfSSL 16:8e0d178b1d1e 22875 error = X509_V_ERR_CERT_NOT_YET_VALID;
wolfSSL 16:8e0d178b1d1e 22876 }
wolfSSL 16:8e0d178b1d1e 22877
wolfSSL 16:8e0d178b1d1e 22878 if (error != 0 ) {
wolfSSL 16:8e0d178b1d1e 22879 wolfSSL_X509_STORE_CTX_set_error(ctx, error);
wolfSSL 16:8e0d178b1d1e 22880 wolfSSL_X509_STORE_CTX_set_error_depth(ctx, depth);
wolfSSL 16:8e0d178b1d1e 22881 if (ctx->store && ctx->store->verify_cb)
wolfSSL 16:8e0d178b1d1e 22882 ctx->store->verify_cb(0, ctx);
wolfSSL 16:8e0d178b1d1e 22883 }
wolfSSL 16:8e0d178b1d1e 22884 #endif /* OPENSSL_ALL || WOLFSSL_QT */
wolfSSL 16:8e0d178b1d1e 22885 return ret;
wolfSSL 15:117db924cf7c 22886 }
wolfSSL 15:117db924cf7c 22887 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 22888 }
wolfSSL 16:8e0d178b1d1e 22889
wolfSSL 16:8e0d178b1d1e 22890
wolfSSL 16:8e0d178b1d1e 22891 /* Use the public key to verify the signature. Note: this only verifies
wolfSSL 16:8e0d178b1d1e 22892 * the certificate signature.
wolfSSL 16:8e0d178b1d1e 22893 * returns WOLFSSL_SUCCESS on successful signature verification */
wolfSSL 16:8e0d178b1d1e 22894 int wolfSSL_X509_verify(WOLFSSL_X509* x509, WOLFSSL_EVP_PKEY* pkey)
wolfSSL 16:8e0d178b1d1e 22895 {
wolfSSL 16:8e0d178b1d1e 22896 int ret;
wolfSSL 16:8e0d178b1d1e 22897 const byte* der;
wolfSSL 16:8e0d178b1d1e 22898 int derSz = 0;
wolfSSL 16:8e0d178b1d1e 22899 int type;
wolfSSL 16:8e0d178b1d1e 22900
wolfSSL 16:8e0d178b1d1e 22901 if (x509 == NULL || pkey == NULL) {
wolfSSL 16:8e0d178b1d1e 22902 return WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 22903 }
wolfSSL 16:8e0d178b1d1e 22904
wolfSSL 16:8e0d178b1d1e 22905 der = wolfSSL_X509_get_der(x509, &derSz);
wolfSSL 16:8e0d178b1d1e 22906 if (der == NULL) {
wolfSSL 16:8e0d178b1d1e 22907 WOLFSSL_MSG("Error getting WOLFSSL_X509 DER");
wolfSSL 16:8e0d178b1d1e 22908 return WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 22909 }
wolfSSL 16:8e0d178b1d1e 22910
wolfSSL 16:8e0d178b1d1e 22911 switch (pkey->type) {
wolfSSL 16:8e0d178b1d1e 22912 case EVP_PKEY_RSA:
wolfSSL 16:8e0d178b1d1e 22913 type = RSAk;
wolfSSL 16:8e0d178b1d1e 22914 break;
wolfSSL 16:8e0d178b1d1e 22915
wolfSSL 16:8e0d178b1d1e 22916 case EVP_PKEY_EC:
wolfSSL 16:8e0d178b1d1e 22917 type = ECDSAk;
wolfSSL 16:8e0d178b1d1e 22918 break;
wolfSSL 16:8e0d178b1d1e 22919
wolfSSL 16:8e0d178b1d1e 22920 case EVP_PKEY_DSA:
wolfSSL 16:8e0d178b1d1e 22921 type = DSAk;
wolfSSL 16:8e0d178b1d1e 22922 break;
wolfSSL 16:8e0d178b1d1e 22923
wolfSSL 16:8e0d178b1d1e 22924 default:
wolfSSL 16:8e0d178b1d1e 22925 WOLFSSL_MSG("Unknown pkey key type");
wolfSSL 16:8e0d178b1d1e 22926 return WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 22927 }
wolfSSL 16:8e0d178b1d1e 22928
wolfSSL 16:8e0d178b1d1e 22929 ret = CheckCertSignaturePubKey(der, derSz, x509->heap,
wolfSSL 16:8e0d178b1d1e 22930 (unsigned char*)pkey->pkey.ptr, pkey->pkey_sz, type);
wolfSSL 16:8e0d178b1d1e 22931 if (ret == 0) {
wolfSSL 16:8e0d178b1d1e 22932 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 22933 }
wolfSSL 16:8e0d178b1d1e 22934 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 22935 }
wolfSSL 15:117db924cf7c 22936 #endif /* NO_CERTS */
wolfSSL 15:117db924cf7c 22937
wolfSSL 15:117db924cf7c 22938 #if !defined(NO_FILESYSTEM)
wolfSSL 15:117db924cf7c 22939 static void *wolfSSL_d2i_X509_fp_ex(XFILE file, void **x509, int type)
wolfSSL 15:117db924cf7c 22940 {
wolfSSL 15:117db924cf7c 22941 void *newx509 = NULL;
wolfSSL 15:117db924cf7c 22942 byte *fileBuffer = NULL;
wolfSSL 16:8e0d178b1d1e 22943 long sz = 0;
wolfSSL 16:8e0d178b1d1e 22944
wolfSSL 16:8e0d178b1d1e 22945 /* init variable */
wolfSSL 16:8e0d178b1d1e 22946 if (x509)
wolfSSL 16:8e0d178b1d1e 22947 *x509 = NULL;
wolfSSL 16:8e0d178b1d1e 22948
wolfSSL 16:8e0d178b1d1e 22949 /* argument check */
wolfSSL 16:8e0d178b1d1e 22950 if (file == XBADFILE) {
wolfSSL 16:8e0d178b1d1e 22951 return NULL;
wolfSSL 16:8e0d178b1d1e 22952 }
wolfSSL 16:8e0d178b1d1e 22953
wolfSSL 16:8e0d178b1d1e 22954 /* determine file size */
wolfSSL 16:8e0d178b1d1e 22955 if (XFSEEK(file, 0, XSEEK_END) != 0) {
wolfSSL 16:8e0d178b1d1e 22956 return NULL;
wolfSSL 16:8e0d178b1d1e 22957 }
wolfSSL 16:8e0d178b1d1e 22958 sz = XFTELL(file);
wolfSSL 16:8e0d178b1d1e 22959 XREWIND(file);
wolfSSL 16:8e0d178b1d1e 22960
wolfSSL 16:8e0d178b1d1e 22961 if (sz > MAX_WOLFSSL_FILE_SIZE || sz <= 0) {
wolfSSL 16:8e0d178b1d1e 22962 WOLFSSL_MSG("d2i_X509_fp_ex file size error");
wolfSSL 16:8e0d178b1d1e 22963 return NULL;
wolfSSL 16:8e0d178b1d1e 22964 }
wolfSSL 16:8e0d178b1d1e 22965
wolfSSL 16:8e0d178b1d1e 22966 fileBuffer = (byte *)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE);
wolfSSL 16:8e0d178b1d1e 22967 if (fileBuffer != NULL) {
wolfSSL 16:8e0d178b1d1e 22968 if ((long)XFREAD(fileBuffer, 1, sz, file) != sz) {
wolfSSL 16:8e0d178b1d1e 22969 WOLFSSL_MSG("File read failed");
wolfSSL 16:8e0d178b1d1e 22970 goto err_exit;
wolfSSL 16:8e0d178b1d1e 22971 }
wolfSSL 16:8e0d178b1d1e 22972 if (type == CERT_TYPE) {
wolfSSL 16:8e0d178b1d1e 22973 newx509 = (void *)wolfSSL_X509_d2i(NULL, fileBuffer, (int)sz);
wolfSSL 16:8e0d178b1d1e 22974 }
wolfSSL 16:8e0d178b1d1e 22975 #ifdef HAVE_CRL
wolfSSL 16:8e0d178b1d1e 22976 else if (type == CRL_TYPE) {
wolfSSL 16:8e0d178b1d1e 22977 newx509 = (void *)wolfSSL_d2i_X509_CRL(NULL, fileBuffer, (int)sz);
wolfSSL 16:8e0d178b1d1e 22978 }
wolfSSL 16:8e0d178b1d1e 22979 #endif
wolfSSL 16:8e0d178b1d1e 22980 #if !defined(NO_ASN) && !defined(NO_PWDBASED)
wolfSSL 16:8e0d178b1d1e 22981 else if (type == PKCS12_TYPE) {
wolfSSL 16:8e0d178b1d1e 22982 if ((newx509 = wc_PKCS12_new()) == NULL) {
wolfSSL 15:117db924cf7c 22983 goto err_exit;
wolfSSL 15:117db924cf7c 22984 }
wolfSSL 16:8e0d178b1d1e 22985 if (wc_d2i_PKCS12(fileBuffer, (int)sz, (WC_PKCS12*)newx509) < 0) {
wolfSSL 15:117db924cf7c 22986 goto err_exit;
wolfSSL 15:117db924cf7c 22987 }
wolfSSL 15:117db924cf7c 22988 }
wolfSSL 16:8e0d178b1d1e 22989 #endif
wolfSSL 16:8e0d178b1d1e 22990 else {
wolfSSL 16:8e0d178b1d1e 22991 goto err_exit;
wolfSSL 16:8e0d178b1d1e 22992 }
wolfSSL 16:8e0d178b1d1e 22993 if (newx509 == NULL) {
wolfSSL 16:8e0d178b1d1e 22994 WOLFSSL_MSG("X509 failed");
wolfSSL 16:8e0d178b1d1e 22995 goto err_exit;
wolfSSL 16:8e0d178b1d1e 22996 }
wolfSSL 16:8e0d178b1d1e 22997 }
wolfSSL 16:8e0d178b1d1e 22998
wolfSSL 16:8e0d178b1d1e 22999 if (x509)
wolfSSL 15:117db924cf7c 23000 *x509 = newx509;
wolfSSL 15:117db924cf7c 23001
wolfSSL 15:117db924cf7c 23002 goto _exit;
wolfSSL 15:117db924cf7c 23003
wolfSSL 15:117db924cf7c 23004 err_exit:
wolfSSL 16:8e0d178b1d1e 23005 #if !defined(NO_ASN) && !defined(NO_PWDBASED)
wolfSSL 16:8e0d178b1d1e 23006 if ((newx509 != NULL) && (type == PKCS12_TYPE)) {
wolfSSL 16:8e0d178b1d1e 23007 wc_PKCS12_free((WC_PKCS12*)newx509);
wolfSSL 16:8e0d178b1d1e 23008 newx509 = NULL;
wolfSSL 16:8e0d178b1d1e 23009 }
wolfSSL 16:8e0d178b1d1e 23010 #endif
wolfSSL 15:117db924cf7c 23011 _exit:
wolfSSL 16:8e0d178b1d1e 23012 if (fileBuffer != NULL)
wolfSSL 15:117db924cf7c 23013 XFREE(fileBuffer, NULL, DYNAMIC_TYPE_FILE);
wolfSSL 16:8e0d178b1d1e 23014
wolfSSL 15:117db924cf7c 23015 return newx509;
wolfSSL 15:117db924cf7c 23016 }
wolfSSL 15:117db924cf7c 23017
wolfSSL 15:117db924cf7c 23018 WOLFSSL_X509_PKCS12 *wolfSSL_d2i_PKCS12_fp(XFILE fp, WOLFSSL_X509_PKCS12 **pkcs12)
wolfSSL 15:117db924cf7c 23019 {
wolfSSL 15:117db924cf7c 23020 WOLFSSL_ENTER("wolfSSL_d2i_PKCS12_fp");
wolfSSL 15:117db924cf7c 23021 return (WOLFSSL_X509_PKCS12 *)wolfSSL_d2i_X509_fp_ex(fp, (void **)pkcs12, PKCS12_TYPE);
wolfSSL 15:117db924cf7c 23022 }
wolfSSL 15:117db924cf7c 23023
wolfSSL 15:117db924cf7c 23024 WOLFSSL_X509 *wolfSSL_d2i_X509_fp(XFILE fp, WOLFSSL_X509 **x509)
wolfSSL 15:117db924cf7c 23025 {
wolfSSL 15:117db924cf7c 23026 WOLFSSL_ENTER("wolfSSL_d2i_X509_fp");
wolfSSL 15:117db924cf7c 23027 return (WOLFSSL_X509 *)wolfSSL_d2i_X509_fp_ex(fp, (void **)x509, CERT_TYPE);
wolfSSL 15:117db924cf7c 23028 }
wolfSSL 15:117db924cf7c 23029 #endif /* !NO_FILESYSTEM */
wolfSSL 15:117db924cf7c 23030
wolfSSL 15:117db924cf7c 23031
wolfSSL 15:117db924cf7c 23032 #ifdef HAVE_CRL
wolfSSL 15:117db924cf7c 23033 #ifndef NO_FILESYSTEM
wolfSSL 15:117db924cf7c 23034 WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL_fp(XFILE fp, WOLFSSL_X509_CRL **crl)
wolfSSL 15:117db924cf7c 23035 {
wolfSSL 15:117db924cf7c 23036 WOLFSSL_ENTER("wolfSSL_d2i_X509_CRL_fp");
wolfSSL 15:117db924cf7c 23037 return (WOLFSSL_X509_CRL *)wolfSSL_d2i_X509_fp_ex(fp, (void **)crl, CRL_TYPE);
wolfSSL 15:117db924cf7c 23038 }
wolfSSL 15:117db924cf7c 23039 #endif /* !NO_FILESYSTEM */
wolfSSL 15:117db924cf7c 23040
wolfSSL 15:117db924cf7c 23041
wolfSSL 16:8e0d178b1d1e 23042 WOLFSSL_X509_CRL* wolfSSL_d2i_X509_CRL(WOLFSSL_X509_CRL** crl,
wolfSSL 16:8e0d178b1d1e 23043 const unsigned char* in, int len)
wolfSSL 15:117db924cf7c 23044 {
wolfSSL 15:117db924cf7c 23045 WOLFSSL_X509_CRL *newcrl = NULL;
wolfSSL 16:8e0d178b1d1e 23046 int ret = WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 23047
wolfSSL 15:117db924cf7c 23048 WOLFSSL_ENTER("wolfSSL_d2i_X509_CRL");
wolfSSL 15:117db924cf7c 23049
wolfSSL 16:8e0d178b1d1e 23050 if (in == NULL) {
wolfSSL 15:117db924cf7c 23051 WOLFSSL_MSG("Bad argument value");
wolfSSL 16:8e0d178b1d1e 23052 } else {
wolfSSL 16:8e0d178b1d1e 23053 newcrl = (WOLFSSL_X509_CRL*)XMALLOC(sizeof(WOLFSSL_X509_CRL), NULL,
wolfSSL 16:8e0d178b1d1e 23054 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 23055 if (newcrl == NULL){
wolfSSL 16:8e0d178b1d1e 23056 WOLFSSL_MSG("New CRL allocation failed");
wolfSSL 16:8e0d178b1d1e 23057 } else {
wolfSSL 16:8e0d178b1d1e 23058 ret = InitCRL(newcrl, NULL);
wolfSSL 16:8e0d178b1d1e 23059 if (ret < 0) {
wolfSSL 16:8e0d178b1d1e 23060 WOLFSSL_MSG("Init tmp CRL failed");
wolfSSL 16:8e0d178b1d1e 23061 } else {
wolfSSL 16:8e0d178b1d1e 23062 ret = BufferLoadCRL(newcrl, in, len, WOLFSSL_FILETYPE_ASN1,
wolfSSL 16:8e0d178b1d1e 23063 NO_VERIFY);
wolfSSL 16:8e0d178b1d1e 23064 if (ret != WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 23065 WOLFSSL_MSG("Buffer Load CRL failed");
wolfSSL 16:8e0d178b1d1e 23066 } else {
wolfSSL 16:8e0d178b1d1e 23067 if (crl) {
wolfSSL 16:8e0d178b1d1e 23068 *crl = newcrl;
wolfSSL 16:8e0d178b1d1e 23069 }
wolfSSL 16:8e0d178b1d1e 23070 }
wolfSSL 16:8e0d178b1d1e 23071 }
wolfSSL 16:8e0d178b1d1e 23072 }
wolfSSL 16:8e0d178b1d1e 23073 }
wolfSSL 16:8e0d178b1d1e 23074
wolfSSL 16:8e0d178b1d1e 23075 if((ret != WOLFSSL_SUCCESS) && (newcrl != NULL)) {
wolfSSL 15:117db924cf7c 23076 wolfSSL_X509_CRL_free(newcrl);
wolfSSL 16:8e0d178b1d1e 23077 newcrl = NULL;
wolfSSL 16:8e0d178b1d1e 23078 }
wolfSSL 16:8e0d178b1d1e 23079
wolfSSL 15:117db924cf7c 23080 return newcrl;
wolfSSL 15:117db924cf7c 23081 }
wolfSSL 15:117db924cf7c 23082
wolfSSL 15:117db924cf7c 23083 void wolfSSL_X509_CRL_free(WOLFSSL_X509_CRL *crl)
wolfSSL 15:117db924cf7c 23084 {
wolfSSL 15:117db924cf7c 23085 WOLFSSL_ENTER("wolfSSL_X509_CRL_free");
wolfSSL 15:117db924cf7c 23086
wolfSSL 15:117db924cf7c 23087 FreeCRL(crl, 1);
wolfSSL 15:117db924cf7c 23088 return;
wolfSSL 15:117db924cf7c 23089 }
wolfSSL 15:117db924cf7c 23090 #endif /* HAVE_CRL */
wolfSSL 15:117db924cf7c 23091
wolfSSL 15:117db924cf7c 23092 #ifndef NO_WOLFSSL_STUB
wolfSSL 15:117db924cf7c 23093 WOLFSSL_ASN1_TIME* wolfSSL_X509_CRL_get_lastUpdate(WOLFSSL_X509_CRL* crl)
wolfSSL 15:117db924cf7c 23094 {
wolfSSL 15:117db924cf7c 23095 (void)crl;
wolfSSL 15:117db924cf7c 23096 WOLFSSL_STUB("X509_CRL_get_lastUpdate");
wolfSSL 15:117db924cf7c 23097 return 0;
wolfSSL 15:117db924cf7c 23098 }
wolfSSL 15:117db924cf7c 23099 #endif
wolfSSL 15:117db924cf7c 23100 #ifndef NO_WOLFSSL_STUB
wolfSSL 15:117db924cf7c 23101 WOLFSSL_ASN1_TIME* wolfSSL_X509_CRL_get_nextUpdate(WOLFSSL_X509_CRL* crl)
wolfSSL 15:117db924cf7c 23102 {
wolfSSL 15:117db924cf7c 23103 (void)crl;
wolfSSL 15:117db924cf7c 23104 WOLFSSL_STUB("X509_CRL_get_nextUpdate");
wolfSSL 15:117db924cf7c 23105 return 0;
wolfSSL 15:117db924cf7c 23106 }
wolfSSL 15:117db924cf7c 23107 #endif
wolfSSL 15:117db924cf7c 23108
wolfSSL 15:117db924cf7c 23109
wolfSSL 15:117db924cf7c 23110 #ifndef NO_WOLFSSL_STUB
wolfSSL 15:117db924cf7c 23111 int wolfSSL_X509_CRL_verify(WOLFSSL_X509_CRL* crl, WOLFSSL_EVP_PKEY* key)
wolfSSL 15:117db924cf7c 23112 {
wolfSSL 15:117db924cf7c 23113 (void)crl;
wolfSSL 15:117db924cf7c 23114 (void)key;
wolfSSL 15:117db924cf7c 23115 WOLFSSL_STUB("X509_CRL_verify");
wolfSSL 15:117db924cf7c 23116 return 0;
wolfSSL 15:117db924cf7c 23117 }
wolfSSL 15:117db924cf7c 23118 #endif
wolfSSL 15:117db924cf7c 23119 #endif /* OPENSSL_EXTRA */
wolfSSL 15:117db924cf7c 23120
wolfSSL 16:8e0d178b1d1e 23121 #ifdef OPENSSL_EXTRA
wolfSSL 16:8e0d178b1d1e 23122
wolfSSL 16:8e0d178b1d1e 23123 /* Gets pointer to X509_STORE that was used to create context.
wolfSSL 16:8e0d178b1d1e 23124 *
wolfSSL 16:8e0d178b1d1e 23125 * Return valid pointer on success, NULL if ctx was NULL or not initialized
wolfSSL 16:8e0d178b1d1e 23126 */
wolfSSL 16:8e0d178b1d1e 23127 WOLFSSL_X509_STORE* wolfSSL_X509_STORE_CTX_get0_store(
wolfSSL 16:8e0d178b1d1e 23128 WOLFSSL_X509_STORE_CTX* ctx)
wolfSSL 16:8e0d178b1d1e 23129 {
wolfSSL 16:8e0d178b1d1e 23130 WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_get0_store");
wolfSSL 16:8e0d178b1d1e 23131
wolfSSL 16:8e0d178b1d1e 23132 if (ctx == NULL)
wolfSSL 16:8e0d178b1d1e 23133 return NULL;
wolfSSL 16:8e0d178b1d1e 23134
wolfSSL 16:8e0d178b1d1e 23135 return ctx->store;
wolfSSL 16:8e0d178b1d1e 23136 }
wolfSSL 16:8e0d178b1d1e 23137
wolfSSL 16:8e0d178b1d1e 23138 WOLFSSL_X509* wolfSSL_X509_STORE_CTX_get0_cert(WOLFSSL_X509_STORE_CTX* ctx)
wolfSSL 16:8e0d178b1d1e 23139 {
wolfSSL 16:8e0d178b1d1e 23140 if (ctx == NULL)
wolfSSL 16:8e0d178b1d1e 23141 return NULL;
wolfSSL 16:8e0d178b1d1e 23142
wolfSSL 16:8e0d178b1d1e 23143 return ctx->current_cert;
wolfSSL 16:8e0d178b1d1e 23144 }
wolfSSL 15:117db924cf7c 23145
wolfSSL 15:117db924cf7c 23146 void wolfSSL_X509_STORE_CTX_set_time(WOLFSSL_X509_STORE_CTX* ctx,
wolfSSL 15:117db924cf7c 23147 unsigned long flags,
wolfSSL 15:117db924cf7c 23148 time_t t)
wolfSSL 15:117db924cf7c 23149 {
wolfSSL 15:117db924cf7c 23150 (void)flags;
wolfSSL 15:117db924cf7c 23151
wolfSSL 15:117db924cf7c 23152 if (ctx == NULL || ctx->param == NULL)
wolfSSL 15:117db924cf7c 23153 return;
wolfSSL 15:117db924cf7c 23154
wolfSSL 15:117db924cf7c 23155 ctx->param->check_time = t;
wolfSSL 15:117db924cf7c 23156 ctx->param->flags |= WOLFSSL_USE_CHECK_TIME;
wolfSSL 15:117db924cf7c 23157 }
wolfSSL 15:117db924cf7c 23158
wolfSSL 16:8e0d178b1d1e 23159 #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL)
wolfSSL 16:8e0d178b1d1e 23160 #ifndef NO_WOLFSSL_STUB
wolfSSL 16:8e0d178b1d1e 23161 int wolfSSL_X509_STORE_CTX_set_purpose(WOLFSSL_X509_STORE_CTX *ctx,
wolfSSL 16:8e0d178b1d1e 23162 int purpose)
wolfSSL 16:8e0d178b1d1e 23163 {
wolfSSL 16:8e0d178b1d1e 23164 (void)ctx;
wolfSSL 16:8e0d178b1d1e 23165 (void)purpose;
wolfSSL 16:8e0d178b1d1e 23166 WOLFSSL_STUB("wolfSSL_X509_STORE_CTX_set_purpose");
wolfSSL 16:8e0d178b1d1e 23167 return 0;
wolfSSL 16:8e0d178b1d1e 23168 }
wolfSSL 16:8e0d178b1d1e 23169 #endif
wolfSSL 16:8e0d178b1d1e 23170 #endif /* WOLFSSL_QT || OPENSSL_ALL */
wolfSSL 16:8e0d178b1d1e 23171
wolfSSL 16:8e0d178b1d1e 23172 #ifndef NO_WOLFSSL_STUB
wolfSSL 16:8e0d178b1d1e 23173 /* Returns default file name and path of config file. However
wolfSSL 16:8e0d178b1d1e 23174 a wolfssl.cnf file is not currently supported */
wolfSSL 16:8e0d178b1d1e 23175 char* wolfSSL_CONF_get1_default_config_file(void)
wolfSSL 16:8e0d178b1d1e 23176 {
wolfSSL 16:8e0d178b1d1e 23177 WOLFSSL_ENTER("wolfSSL_CONF_get1_default_config_file");
wolfSSL 16:8e0d178b1d1e 23178 WOLFSSL_STUB("CONF_get1_default_config_file");
wolfSSL 16:8e0d178b1d1e 23179 return NULL;
wolfSSL 16:8e0d178b1d1e 23180 }
wolfSSL 16:8e0d178b1d1e 23181 #endif
wolfSSL 16:8e0d178b1d1e 23182 /******************************************************************************
wolfSSL 16:8e0d178b1d1e 23183 * wolfSSL_X509_VERIFY_PARAM_set1_host - sets the DNS hostname to name
wolfSSL 16:8e0d178b1d1e 23184 * hostnames is cleared if name is NULL or empty.
wolfSSL 16:8e0d178b1d1e 23185 *
wolfSSL 16:8e0d178b1d1e 23186 * RETURNS:
wolfSSL 16:8e0d178b1d1e 23187 *
wolfSSL 16:8e0d178b1d1e 23188 */
wolfSSL 16:8e0d178b1d1e 23189 int wolfSSL_X509_VERIFY_PARAM_set1_host(WOLFSSL_X509_VERIFY_PARAM* pParam,
wolfSSL 16:8e0d178b1d1e 23190 const char* name,
wolfSSL 16:8e0d178b1d1e 23191 unsigned int nameSz)
wolfSSL 16:8e0d178b1d1e 23192 {
wolfSSL 16:8e0d178b1d1e 23193 unsigned int sz = 0;
wolfSSL 16:8e0d178b1d1e 23194
wolfSSL 16:8e0d178b1d1e 23195 if (pParam == NULL)
wolfSSL 16:8e0d178b1d1e 23196 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 23197
wolfSSL 16:8e0d178b1d1e 23198 XMEMSET(pParam->hostName, 0, WOLFSSL_HOST_NAME_MAX);
wolfSSL 16:8e0d178b1d1e 23199
wolfSSL 16:8e0d178b1d1e 23200 if (name == NULL)
wolfSSL 16:8e0d178b1d1e 23201 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 23202
wolfSSL 16:8e0d178b1d1e 23203 sz = (unsigned int)XSTRLEN(name);
wolfSSL 16:8e0d178b1d1e 23204
wolfSSL 16:8e0d178b1d1e 23205 /* If name is NUL-terminated, namelen can be set to zero. */
wolfSSL 16:8e0d178b1d1e 23206 if(nameSz == 0 || nameSz > sz)
wolfSSL 16:8e0d178b1d1e 23207 nameSz = sz;
wolfSSL 16:8e0d178b1d1e 23208
wolfSSL 16:8e0d178b1d1e 23209 if (nameSz > 0 && name[nameSz - 1] == '\0')
wolfSSL 16:8e0d178b1d1e 23210 nameSz--;
wolfSSL 16:8e0d178b1d1e 23211
wolfSSL 16:8e0d178b1d1e 23212 if (nameSz > WOLFSSL_HOST_NAME_MAX-1)
wolfSSL 16:8e0d178b1d1e 23213 nameSz = WOLFSSL_HOST_NAME_MAX-1;
wolfSSL 16:8e0d178b1d1e 23214
wolfSSL 16:8e0d178b1d1e 23215 if (nameSz > 0)
wolfSSL 16:8e0d178b1d1e 23216 XMEMCPY(pParam->hostName, name, nameSz);
wolfSSL 16:8e0d178b1d1e 23217
wolfSSL 16:8e0d178b1d1e 23218 pParam->hostName[nameSz] = '\0';
wolfSSL 16:8e0d178b1d1e 23219
wolfSSL 16:8e0d178b1d1e 23220 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 23221 }
wolfSSL 16:8e0d178b1d1e 23222 /******************************************************************************
wolfSSL 16:8e0d178b1d1e 23223 * wolfSSL_get0_param - return a pointer to the SSL verification parameters
wolfSSL 16:8e0d178b1d1e 23224 *
wolfSSL 16:8e0d178b1d1e 23225 * RETURNS:
wolfSSL 16:8e0d178b1d1e 23226 * returns pointer to the SSL verification parameters on success,
wolfSSL 16:8e0d178b1d1e 23227 * otherwise returns NULL
wolfSSL 16:8e0d178b1d1e 23228 */
wolfSSL 16:8e0d178b1d1e 23229 WOLFSSL_X509_VERIFY_PARAM* wolfSSL_get0_param(WOLFSSL* ssl)
wolfSSL 16:8e0d178b1d1e 23230 {
wolfSSL 16:8e0d178b1d1e 23231 if (ssl == NULL) {
wolfSSL 16:8e0d178b1d1e 23232 return NULL;
wolfSSL 16:8e0d178b1d1e 23233 }
wolfSSL 16:8e0d178b1d1e 23234 return ssl->param;
wolfSSL 16:8e0d178b1d1e 23235 }
wolfSSL 16:8e0d178b1d1e 23236
wolfSSL 16:8e0d178b1d1e 23237 /* Set the host flag in the X509_VERIFY_PARAM structure */
wolfSSL 16:8e0d178b1d1e 23238 void wolfSSL_X509_VERIFY_PARAM_set_hostflags(WOLFSSL_X509_VERIFY_PARAM* param,
wolfSSL 16:8e0d178b1d1e 23239 unsigned int flags)
wolfSSL 16:8e0d178b1d1e 23240 {
wolfSSL 16:8e0d178b1d1e 23241 if (param != NULL) {
wolfSSL 16:8e0d178b1d1e 23242 param->hostFlags = flags;
wolfSSL 16:8e0d178b1d1e 23243 }
wolfSSL 16:8e0d178b1d1e 23244 }
wolfSSL 16:8e0d178b1d1e 23245
wolfSSL 16:8e0d178b1d1e 23246 /* Sets the expected IP address to ipasc.
wolfSSL 16:8e0d178b1d1e 23247 *
wolfSSL 16:8e0d178b1d1e 23248 * param is a pointer to the X509_VERIFY_PARAM structure
wolfSSL 16:8e0d178b1d1e 23249 * ipasc is a NULL-terminated string with N.N.N.N for IPv4 and
wolfSSL 16:8e0d178b1d1e 23250 * HH:HH ... HH:HH for IPv6. There is no validation performed on the
wolfSSL 16:8e0d178b1d1e 23251 * parameter, and it must be an exact match with the IP in the cert.
wolfSSL 16:8e0d178b1d1e 23252 *
wolfSSL 16:8e0d178b1d1e 23253 * return 1 for success and 0 for failure*/
wolfSSL 16:8e0d178b1d1e 23254 int wolfSSL_X509_VERIFY_PARAM_set1_ip_asc(WOLFSSL_X509_VERIFY_PARAM *param,
wolfSSL 16:8e0d178b1d1e 23255 const char *ipasc)
wolfSSL 16:8e0d178b1d1e 23256 {
wolfSSL 16:8e0d178b1d1e 23257 int ret = WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 23258
wolfSSL 16:8e0d178b1d1e 23259 if (param != NULL) {
wolfSSL 16:8e0d178b1d1e 23260 if (ipasc == NULL) {
wolfSSL 16:8e0d178b1d1e 23261 param->ipasc[0] = '\0';
wolfSSL 16:8e0d178b1d1e 23262 }
wolfSSL 16:8e0d178b1d1e 23263 else {
wolfSSL 16:8e0d178b1d1e 23264 XSTRNCPY(param->ipasc, ipasc, WOLFSSL_MAX_IPSTR-1);
wolfSSL 16:8e0d178b1d1e 23265 param->ipasc[WOLFSSL_MAX_IPSTR-1] = '\0';
wolfSSL 16:8e0d178b1d1e 23266 }
wolfSSL 16:8e0d178b1d1e 23267 ret = WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 23268 }
wolfSSL 16:8e0d178b1d1e 23269
wolfSSL 16:8e0d178b1d1e 23270 return ret;
wolfSSL 16:8e0d178b1d1e 23271 }
wolfSSL 16:8e0d178b1d1e 23272
wolfSSL 15:117db924cf7c 23273 #ifndef NO_WOLFSSL_STUB
wolfSSL 15:117db924cf7c 23274 void wolfSSL_X509_OBJECT_free_contents(WOLFSSL_X509_OBJECT* obj)
wolfSSL 15:117db924cf7c 23275 {
wolfSSL 15:117db924cf7c 23276 (void)obj;
wolfSSL 15:117db924cf7c 23277 WOLFSSL_STUB("X509_OBJECT_free_contents");
wolfSSL 15:117db924cf7c 23278 }
wolfSSL 15:117db924cf7c 23279 #endif
wolfSSL 15:117db924cf7c 23280
wolfSSL 16:8e0d178b1d1e 23281 #ifndef NO_ASN_TIME
wolfSSL 15:117db924cf7c 23282 int wolfSSL_X509_cmp_current_time(const WOLFSSL_ASN1_TIME* asnTime)
wolfSSL 15:117db924cf7c 23283 {
wolfSSL 16:8e0d178b1d1e 23284 return wolfSSL_X509_cmp_time(asnTime, NULL);
wolfSSL 16:8e0d178b1d1e 23285 }
wolfSSL 16:8e0d178b1d1e 23286
wolfSSL 16:8e0d178b1d1e 23287 /* return -1 if asnTime is earlier than or equal to cmpTime, and 1 otherwise
wolfSSL 16:8e0d178b1d1e 23288 * return 0 on error
wolfSSL 16:8e0d178b1d1e 23289 */
wolfSSL 16:8e0d178b1d1e 23290 int wolfSSL_X509_cmp_time(const WOLFSSL_ASN1_TIME* asnTime, time_t* cmpTime)
wolfSSL 16:8e0d178b1d1e 23291 {
wolfSSL 16:8e0d178b1d1e 23292 int ret = WOLFSSL_FAILURE, i = 0;
wolfSSL 16:8e0d178b1d1e 23293 time_t tmpTime, *pTime = &tmpTime;
wolfSSL 16:8e0d178b1d1e 23294 byte data_ptr[MAX_TIME_STRING_SZ], inv = 0;
wolfSSL 16:8e0d178b1d1e 23295 struct tm ts, *tmpTs, *ct;
wolfSSL 16:8e0d178b1d1e 23296 #if defined(NEED_TMP_TIME)
wolfSSL 16:8e0d178b1d1e 23297 /* for use with gmtime_r */
wolfSSL 16:8e0d178b1d1e 23298 struct tm tmpTimeStorage;
wolfSSL 16:8e0d178b1d1e 23299
wolfSSL 16:8e0d178b1d1e 23300 tmpTs = &tmpTimeStorage;
wolfSSL 16:8e0d178b1d1e 23301 #else
wolfSSL 16:8e0d178b1d1e 23302 tmpTs = NULL;
wolfSSL 16:8e0d178b1d1e 23303 #endif
wolfSSL 16:8e0d178b1d1e 23304 (void)tmpTs;
wolfSSL 16:8e0d178b1d1e 23305
wolfSSL 16:8e0d178b1d1e 23306 if (asnTime == NULL) {
wolfSSL 16:8e0d178b1d1e 23307 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 23308 }
wolfSSL 16:8e0d178b1d1e 23309
wolfSSL 16:8e0d178b1d1e 23310 if (cmpTime == NULL) {
wolfSSL 16:8e0d178b1d1e 23311 /* Use current time */
wolfSSL 16:8e0d178b1d1e 23312 *pTime = XTIME(0);
wolfSSL 16:8e0d178b1d1e 23313 }
wolfSSL 16:8e0d178b1d1e 23314 else {
wolfSSL 16:8e0d178b1d1e 23315 pTime = cmpTime;
wolfSSL 16:8e0d178b1d1e 23316 }
wolfSSL 16:8e0d178b1d1e 23317
wolfSSL 16:8e0d178b1d1e 23318 /* Convert ASN1_time to time_t */
wolfSSL 16:8e0d178b1d1e 23319 XMEMSET(&ts, 0, sizeof(struct tm));
wolfSSL 16:8e0d178b1d1e 23320
wolfSSL 16:8e0d178b1d1e 23321 /* Check type */
wolfSSL 16:8e0d178b1d1e 23322 if (asnTime->type == ASN_UTC_TIME) {
wolfSSL 16:8e0d178b1d1e 23323 /* 2-digit year */
wolfSSL 16:8e0d178b1d1e 23324 XMEMCPY(data_ptr, &asnTime->data[i], ASN_UTC_TIME_SIZE);
wolfSSL 16:8e0d178b1d1e 23325 ts.tm_year = (data_ptr[i] - '0') * 10; i++;
wolfSSL 16:8e0d178b1d1e 23326 ts.tm_year += data_ptr[i] - '0'; i++;
wolfSSL 16:8e0d178b1d1e 23327 if (ts.tm_year < 70) {
wolfSSL 16:8e0d178b1d1e 23328 ts.tm_year += 100;
wolfSSL 16:8e0d178b1d1e 23329 }
wolfSSL 16:8e0d178b1d1e 23330 }
wolfSSL 16:8e0d178b1d1e 23331 else if (asnTime->type == ASN_GENERALIZED_TIME) {
wolfSSL 16:8e0d178b1d1e 23332 /* 4-digit year */
wolfSSL 16:8e0d178b1d1e 23333 XMEMCPY(data_ptr, &asnTime->data[i], ASN_GENERALIZED_TIME_SIZE);
wolfSSL 16:8e0d178b1d1e 23334 ts.tm_year = (data_ptr[i] - '0') * 1000; i++;
wolfSSL 16:8e0d178b1d1e 23335 ts.tm_year += (data_ptr[i] - '0') * 100; i++;
wolfSSL 16:8e0d178b1d1e 23336 ts.tm_year += (data_ptr[i] - '0') * 10; i++;
wolfSSL 16:8e0d178b1d1e 23337 ts.tm_year += data_ptr[i] - '0'; i++;
wolfSSL 16:8e0d178b1d1e 23338 ts.tm_year -= 1900;
wolfSSL 16:8e0d178b1d1e 23339 }
wolfSSL 16:8e0d178b1d1e 23340 else {
wolfSSL 16:8e0d178b1d1e 23341 /* Invalid type */
wolfSSL 16:8e0d178b1d1e 23342 inv = 1;
wolfSSL 16:8e0d178b1d1e 23343 }
wolfSSL 16:8e0d178b1d1e 23344
wolfSSL 16:8e0d178b1d1e 23345 if (inv != 1) {
wolfSSL 16:8e0d178b1d1e 23346 ts.tm_mon = (data_ptr[i] - '0') * 10; i++;
wolfSSL 16:8e0d178b1d1e 23347 ts.tm_mon += (data_ptr[i] - '0') - 1; i++; /* January is 0 not 1 */
wolfSSL 16:8e0d178b1d1e 23348 ts.tm_mday = (data_ptr[i] - '0') * 10; i++;
wolfSSL 16:8e0d178b1d1e 23349 ts.tm_mday += (data_ptr[i] - '0'); i++;
wolfSSL 16:8e0d178b1d1e 23350 ts.tm_hour = (data_ptr[i] - '0') * 10; i++;
wolfSSL 16:8e0d178b1d1e 23351 ts.tm_hour += (data_ptr[i] - '0'); i++;
wolfSSL 16:8e0d178b1d1e 23352 ts.tm_min = (data_ptr[i] - '0') * 10; i++;
wolfSSL 16:8e0d178b1d1e 23353 ts.tm_min += (data_ptr[i] - '0'); i++;
wolfSSL 16:8e0d178b1d1e 23354 ts.tm_sec = (data_ptr[i] - '0') * 10; i++;
wolfSSL 16:8e0d178b1d1e 23355 ts.tm_sec += (data_ptr[i] - '0');
wolfSSL 16:8e0d178b1d1e 23356
wolfSSL 16:8e0d178b1d1e 23357 /* Convert to time struct*/
wolfSSL 16:8e0d178b1d1e 23358 ct = XGMTIME(pTime, tmpTs);
wolfSSL 16:8e0d178b1d1e 23359
wolfSSL 16:8e0d178b1d1e 23360 if (ct == NULL)
wolfSSL 16:8e0d178b1d1e 23361 return GETTIME_ERROR;
wolfSSL 16:8e0d178b1d1e 23362
wolfSSL 16:8e0d178b1d1e 23363 /* DateGreaterThan returns 1 for >; 0 for <= */
wolfSSL 16:8e0d178b1d1e 23364 ret = DateGreaterThan(&ts, ct) ? 1 : -1;
wolfSSL 16:8e0d178b1d1e 23365 }
wolfSSL 16:8e0d178b1d1e 23366
wolfSSL 16:8e0d178b1d1e 23367 return ret;
wolfSSL 16:8e0d178b1d1e 23368 }
wolfSSL 16:8e0d178b1d1e 23369 #endif /* !NO_ASN_TIME */
wolfSSL 16:8e0d178b1d1e 23370
wolfSSL 16:8e0d178b1d1e 23371 #if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME) && !defined(USER_TIME) && \
wolfSSL 16:8e0d178b1d1e 23372 !defined(TIME_OVERRIDES)
wolfSSL 16:8e0d178b1d1e 23373 WOLFSSL_ASN1_TIME *wolfSSL_X509_time_adj_ex(WOLFSSL_ASN1_TIME *asnTime,
wolfSSL 16:8e0d178b1d1e 23374 int offset_day, long offset_sec, time_t *in_tm)
wolfSSL 16:8e0d178b1d1e 23375 {
wolfSSL 16:8e0d178b1d1e 23376 /* get current time if in_tm is null */
wolfSSL 16:8e0d178b1d1e 23377 time_t t = in_tm ? *in_tm : XTIME(0);
wolfSSL 16:8e0d178b1d1e 23378 return wolfSSL_ASN1_TIME_adj(asnTime, t, offset_day, offset_sec);
wolfSSL 16:8e0d178b1d1e 23379 }
wolfSSL 16:8e0d178b1d1e 23380
wolfSSL 16:8e0d178b1d1e 23381 WOLFSSL_ASN1_TIME *wolfSSL_X509_time_adj(WOLFSSL_ASN1_TIME *asnTime,
wolfSSL 16:8e0d178b1d1e 23382 long offset_sec, time_t *in_tm)
wolfSSL 16:8e0d178b1d1e 23383 {
wolfSSL 16:8e0d178b1d1e 23384 return wolfSSL_X509_time_adj_ex(asnTime, 0, offset_sec, in_tm);
wolfSSL 15:117db924cf7c 23385 }
wolfSSL 15:117db924cf7c 23386 #endif
wolfSSL 15:117db924cf7c 23387
wolfSSL 15:117db924cf7c 23388 #ifndef NO_WOLFSSL_STUB
wolfSSL 15:117db924cf7c 23389 int wolfSSL_sk_X509_REVOKED_num(WOLFSSL_X509_REVOKED* revoked)
wolfSSL 15:117db924cf7c 23390 {
wolfSSL 15:117db924cf7c 23391 (void)revoked;
wolfSSL 15:117db924cf7c 23392 WOLFSSL_STUB("sk_X509_REVOKED_num");
wolfSSL 15:117db924cf7c 23393 return 0;
wolfSSL 15:117db924cf7c 23394 }
wolfSSL 15:117db924cf7c 23395 #endif
wolfSSL 15:117db924cf7c 23396
wolfSSL 15:117db924cf7c 23397 #ifndef NO_WOLFSSL_STUB
wolfSSL 15:117db924cf7c 23398 WOLFSSL_X509_REVOKED* wolfSSL_X509_CRL_get_REVOKED(WOLFSSL_X509_CRL* crl)
wolfSSL 15:117db924cf7c 23399 {
wolfSSL 15:117db924cf7c 23400 (void)crl;
wolfSSL 15:117db924cf7c 23401 WOLFSSL_STUB("X509_CRL_get_REVOKED");
wolfSSL 15:117db924cf7c 23402 return 0;
wolfSSL 15:117db924cf7c 23403 }
wolfSSL 15:117db924cf7c 23404 #endif
wolfSSL 15:117db924cf7c 23405
wolfSSL 15:117db924cf7c 23406 #ifndef NO_WOLFSSL_STUB
wolfSSL 15:117db924cf7c 23407 WOLFSSL_X509_REVOKED* wolfSSL_sk_X509_REVOKED_value(
wolfSSL 15:117db924cf7c 23408 WOLFSSL_X509_REVOKED* revoked, int value)
wolfSSL 15:117db924cf7c 23409 {
wolfSSL 15:117db924cf7c 23410 (void)revoked;
wolfSSL 15:117db924cf7c 23411 (void)value;
wolfSSL 15:117db924cf7c 23412 WOLFSSL_STUB("sk_X509_REVOKED_value");
wolfSSL 15:117db924cf7c 23413 return 0;
wolfSSL 15:117db924cf7c 23414 }
wolfSSL 15:117db924cf7c 23415 #endif
wolfSSL 15:117db924cf7c 23416
wolfSSL 15:117db924cf7c 23417 /* Used to create a new WOLFSSL_ASN1_INTEGER structure.
wolfSSL 15:117db924cf7c 23418 * returns a pointer to new structure on success and NULL on failure
wolfSSL 15:117db924cf7c 23419 */
wolfSSL 15:117db924cf7c 23420 WOLFSSL_ASN1_INTEGER* wolfSSL_ASN1_INTEGER_new(void)
wolfSSL 15:117db924cf7c 23421 {
wolfSSL 15:117db924cf7c 23422 WOLFSSL_ASN1_INTEGER* a;
wolfSSL 15:117db924cf7c 23423
wolfSSL 15:117db924cf7c 23424 a = (WOLFSSL_ASN1_INTEGER*)XMALLOC(sizeof(WOLFSSL_ASN1_INTEGER), NULL,
wolfSSL 15:117db924cf7c 23425 DYNAMIC_TYPE_OPENSSL);
wolfSSL 15:117db924cf7c 23426 if (a == NULL) {
wolfSSL 15:117db924cf7c 23427 return NULL;
wolfSSL 15:117db924cf7c 23428 }
wolfSSL 15:117db924cf7c 23429
wolfSSL 15:117db924cf7c 23430 XMEMSET(a, 0, sizeof(WOLFSSL_ASN1_INTEGER));
wolfSSL 15:117db924cf7c 23431 a->data = a->intData;
wolfSSL 15:117db924cf7c 23432 a->dataMax = WOLFSSL_ASN1_INTEGER_MAX;
wolfSSL 16:8e0d178b1d1e 23433 a->length = 0;
wolfSSL 15:117db924cf7c 23434 return a;
wolfSSL 15:117db924cf7c 23435 }
wolfSSL 15:117db924cf7c 23436
wolfSSL 15:117db924cf7c 23437
wolfSSL 15:117db924cf7c 23438 /* free's internal elements of WOLFSSL_ASN1_INTEGER and free's "in" itself */
wolfSSL 15:117db924cf7c 23439 void wolfSSL_ASN1_INTEGER_free(WOLFSSL_ASN1_INTEGER* in)
wolfSSL 15:117db924cf7c 23440 {
wolfSSL 15:117db924cf7c 23441 if (in != NULL) {
wolfSSL 15:117db924cf7c 23442 if (in->isDynamic) {
wolfSSL 15:117db924cf7c 23443 XFREE(in->data, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL 15:117db924cf7c 23444 }
wolfSSL 15:117db924cf7c 23445 XFREE(in, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL 15:117db924cf7c 23446 }
wolfSSL 15:117db924cf7c 23447 }
wolfSSL 15:117db924cf7c 23448
wolfSSL 15:117db924cf7c 23449
wolfSSL 16:8e0d178b1d1e 23450 /* Duplicate all WOLFSSL_ASN1_INTEGER members from src to dup
wolfSSL 16:8e0d178b1d1e 23451 * src : WOLFSSL_ASN1_INTEGER to duplicate
wolfSSL 16:8e0d178b1d1e 23452 * Returns pointer to duplicate WOLFSSL_ASN1_INTEGER
wolfSSL 16:8e0d178b1d1e 23453 */
wolfSSL 16:8e0d178b1d1e 23454 WOLFSSL_ASN1_INTEGER* wolfSSL_ASN1_INTEGER_dup(const WOLFSSL_ASN1_INTEGER* src)
wolfSSL 16:8e0d178b1d1e 23455 {
wolfSSL 16:8e0d178b1d1e 23456 WOLFSSL_ASN1_INTEGER* dup;
wolfSSL 16:8e0d178b1d1e 23457 WOLFSSL_ENTER("wolfSSL_ASN1_INTEGER_dup");
wolfSSL 16:8e0d178b1d1e 23458 if (!src)
wolfSSL 16:8e0d178b1d1e 23459 return NULL;
wolfSSL 16:8e0d178b1d1e 23460
wolfSSL 16:8e0d178b1d1e 23461 dup = wolfSSL_ASN1_INTEGER_new();
wolfSSL 16:8e0d178b1d1e 23462
wolfSSL 16:8e0d178b1d1e 23463 if (dup == NULL)
wolfSSL 16:8e0d178b1d1e 23464 return NULL;
wolfSSL 16:8e0d178b1d1e 23465
wolfSSL 16:8e0d178b1d1e 23466 dup->negative = src->negative;
wolfSSL 16:8e0d178b1d1e 23467 dup->dataMax = src->dataMax;
wolfSSL 16:8e0d178b1d1e 23468 dup->isDynamic = src->isDynamic;
wolfSSL 16:8e0d178b1d1e 23469 #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
wolfSSL 16:8e0d178b1d1e 23470 dup->length = src->length;
wolfSSL 16:8e0d178b1d1e 23471 #endif
wolfSSL 16:8e0d178b1d1e 23472 XSTRNCPY((char*)dup->intData,(const char*)src->intData,WOLFSSL_ASN1_INTEGER_MAX);
wolfSSL 16:8e0d178b1d1e 23473
wolfSSL 16:8e0d178b1d1e 23474 if (dup->isDynamic && src->data && dup->dataMax) {
wolfSSL 16:8e0d178b1d1e 23475 dup->data = (unsigned char*)
wolfSSL 16:8e0d178b1d1e 23476 XMALLOC(src->dataMax,NULL,DYNAMIC_TYPE_OPENSSL);
wolfSSL 16:8e0d178b1d1e 23477 if (dup->data == NULL) {
wolfSSL 16:8e0d178b1d1e 23478 wolfSSL_ASN1_INTEGER_free(dup);
wolfSSL 16:8e0d178b1d1e 23479 return NULL;
wolfSSL 16:8e0d178b1d1e 23480 }
wolfSSL 16:8e0d178b1d1e 23481 XMEMCPY(dup->data,src->data,dup->dataMax);
wolfSSL 16:8e0d178b1d1e 23482 }
wolfSSL 16:8e0d178b1d1e 23483 return dup;
wolfSSL 16:8e0d178b1d1e 23484 }
wolfSSL 16:8e0d178b1d1e 23485
wolfSSL 16:8e0d178b1d1e 23486
wolfSSL 16:8e0d178b1d1e 23487 /* sets the value of WOLFSSL_ASN1_INTEGER a to the long value v. */
wolfSSL 16:8e0d178b1d1e 23488 int wolfSSL_ASN1_INTEGER_set(WOLFSSL_ASN1_INTEGER *a, long v)
wolfSSL 16:8e0d178b1d1e 23489 {
wolfSSL 16:8e0d178b1d1e 23490 int ret = WOLFSSL_SUCCESS; /* return 1 for success and 0 for failure */
wolfSSL 16:8e0d178b1d1e 23491 int j;
wolfSSL 16:8e0d178b1d1e 23492 unsigned int i = 0;
wolfSSL 16:8e0d178b1d1e 23493 unsigned char tmp[sizeof(long)+1] = {0};
wolfSSL 16:8e0d178b1d1e 23494
wolfSSL 16:8e0d178b1d1e 23495 if (a != NULL) {
wolfSSL 16:8e0d178b1d1e 23496 /* dynamically create data buffer, +2 for type and length */
wolfSSL 16:8e0d178b1d1e 23497 a->data = (unsigned char*)XMALLOC((sizeof(long)+1) + 2, NULL,
wolfSSL 16:8e0d178b1d1e 23498 DYNAMIC_TYPE_OPENSSL);
wolfSSL 16:8e0d178b1d1e 23499 if (a->data == NULL) {
wolfSSL 16:8e0d178b1d1e 23500 wolfSSL_ASN1_INTEGER_free(a);
wolfSSL 16:8e0d178b1d1e 23501 ret = WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 23502 }
wolfSSL 16:8e0d178b1d1e 23503 else {
wolfSSL 16:8e0d178b1d1e 23504 a->dataMax = (int)(sizeof(long)+1) + 2;
wolfSSL 16:8e0d178b1d1e 23505 a->isDynamic = 1;
wolfSSL 16:8e0d178b1d1e 23506 }
wolfSSL 16:8e0d178b1d1e 23507 }
wolfSSL 16:8e0d178b1d1e 23508 else {
wolfSSL 16:8e0d178b1d1e 23509 /* Invalid parameter */
wolfSSL 16:8e0d178b1d1e 23510 ret = WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 23511 }
wolfSSL 16:8e0d178b1d1e 23512
wolfSSL 16:8e0d178b1d1e 23513
wolfSSL 16:8e0d178b1d1e 23514 if (ret != WOLFSSL_FAILURE) {
wolfSSL 16:8e0d178b1d1e 23515 /* Set type */
wolfSSL 16:8e0d178b1d1e 23516 a->data[i++] = ASN_INTEGER;
wolfSSL 16:8e0d178b1d1e 23517
wolfSSL 16:8e0d178b1d1e 23518 /* Check for negative */
wolfSSL 16:8e0d178b1d1e 23519 if (v < 0) {
wolfSSL 16:8e0d178b1d1e 23520 a->negative = 1;
wolfSSL 16:8e0d178b1d1e 23521 v *= -1;
wolfSSL 16:8e0d178b1d1e 23522 }
wolfSSL 16:8e0d178b1d1e 23523
wolfSSL 16:8e0d178b1d1e 23524 /* Create char buffer */
wolfSSL 16:8e0d178b1d1e 23525 for (j = 0; j < (int)sizeof(long); j++) {
wolfSSL 16:8e0d178b1d1e 23526 if (v == 0) {
wolfSSL 16:8e0d178b1d1e 23527 break;
wolfSSL 16:8e0d178b1d1e 23528 }
wolfSSL 16:8e0d178b1d1e 23529 tmp[j] = (unsigned char)(v & 0xff);
wolfSSL 16:8e0d178b1d1e 23530 v >>= 8;
wolfSSL 16:8e0d178b1d1e 23531 }
wolfSSL 16:8e0d178b1d1e 23532
wolfSSL 16:8e0d178b1d1e 23533 /* Set length */
wolfSSL 16:8e0d178b1d1e 23534 a->data[i++] = (unsigned char)((j == 0) ? ++j : j);
wolfSSL 16:8e0d178b1d1e 23535 /* +2 for type and length */
wolfSSL 16:8e0d178b1d1e 23536 a->length = j + 2;
wolfSSL 16:8e0d178b1d1e 23537
wolfSSL 16:8e0d178b1d1e 23538 /* Copy to data */
wolfSSL 16:8e0d178b1d1e 23539 for (; j > 0; j--) {
wolfSSL 16:8e0d178b1d1e 23540 a->data[i++] = tmp[j-1];
wolfSSL 16:8e0d178b1d1e 23541 }
wolfSSL 16:8e0d178b1d1e 23542 }
wolfSSL 16:8e0d178b1d1e 23543
wolfSSL 16:8e0d178b1d1e 23544 return ret;
wolfSSL 16:8e0d178b1d1e 23545 }
wolfSSL 16:8e0d178b1d1e 23546
wolfSSL 16:8e0d178b1d1e 23547
wolfSSL 15:117db924cf7c 23548 WOLFSSL_ASN1_INTEGER* wolfSSL_X509_get_serialNumber(WOLFSSL_X509* x509)
wolfSSL 15:117db924cf7c 23549 {
wolfSSL 15:117db924cf7c 23550 WOLFSSL_ASN1_INTEGER* a;
wolfSSL 15:117db924cf7c 23551 int i = 0;
wolfSSL 15:117db924cf7c 23552
wolfSSL 15:117db924cf7c 23553 WOLFSSL_ENTER("wolfSSL_X509_get_serialNumber");
wolfSSL 15:117db924cf7c 23554
wolfSSL 15:117db924cf7c 23555 a = wolfSSL_ASN1_INTEGER_new();
wolfSSL 15:117db924cf7c 23556 if (a == NULL)
wolfSSL 15:117db924cf7c 23557 return NULL;
wolfSSL 15:117db924cf7c 23558
wolfSSL 15:117db924cf7c 23559 /* Make sure there is space for the data, ASN.1 type and length. */
wolfSSL 15:117db924cf7c 23560 if (x509->serialSz > (WOLFSSL_ASN1_INTEGER_MAX - 2)) {
wolfSSL 16:8e0d178b1d1e 23561 /* dynamically create data buffer, +2 for type and length */
wolfSSL 15:117db924cf7c 23562 a->data = (unsigned char*)XMALLOC(x509->serialSz + 2, NULL,
wolfSSL 15:117db924cf7c 23563 DYNAMIC_TYPE_OPENSSL);
wolfSSL 15:117db924cf7c 23564 if (a->data == NULL) {
wolfSSL 15:117db924cf7c 23565 wolfSSL_ASN1_INTEGER_free(a);
wolfSSL 15:117db924cf7c 23566 return NULL;
wolfSSL 15:117db924cf7c 23567 }
wolfSSL 15:117db924cf7c 23568 a->dataMax = x509->serialSz + 2;
wolfSSL 15:117db924cf7c 23569 a->isDynamic = 1;
wolfSSL 16:8e0d178b1d1e 23570 } else {
wolfSSL 16:8e0d178b1d1e 23571 /* Use array instead of dynamic memory */
wolfSSL 16:8e0d178b1d1e 23572 a->data = a->intData;
wolfSSL 16:8e0d178b1d1e 23573 a->dataMax = WOLFSSL_ASN1_INTEGER_MAX;
wolfSSL 16:8e0d178b1d1e 23574 }
wolfSSL 16:8e0d178b1d1e 23575
wolfSSL 16:8e0d178b1d1e 23576 #ifdef WOLFSSL_QT
wolfSSL 16:8e0d178b1d1e 23577 XMEMCPY(&a->data[i], x509->serial, x509->serialSz);
wolfSSL 16:8e0d178b1d1e 23578 a->length = x509->serialSz;
wolfSSL 16:8e0d178b1d1e 23579 #else
wolfSSL 16:8e0d178b1d1e 23580 a->data[i++] = ASN_INTEGER;
wolfSSL 16:8e0d178b1d1e 23581 i += SetLength(x509->serialSz, a->data + i);
wolfSSL 16:8e0d178b1d1e 23582 XMEMCPY(&a->data[i], x509->serial, x509->serialSz);
wolfSSL 16:8e0d178b1d1e 23583 a->length = x509->serialSz + 2;
wolfSSL 16:8e0d178b1d1e 23584 #endif
wolfSSL 16:8e0d178b1d1e 23585
wolfSSL 16:8e0d178b1d1e 23586 x509->serialNumber = a;
wolfSSL 15:117db924cf7c 23587
wolfSSL 15:117db924cf7c 23588 return a;
wolfSSL 15:117db924cf7c 23589 }
wolfSSL 15:117db924cf7c 23590
wolfSSL 15:117db924cf7c 23591 #endif /* OPENSSL_EXTRA */
wolfSSL 15:117db924cf7c 23592
wolfSSL 15:117db924cf7c 23593 #if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || \
wolfSSL 15:117db924cf7c 23594 defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
wolfSSL 16:8e0d178b1d1e 23595 #ifndef NO_ASN_TIME
wolfSSL 15:117db924cf7c 23596 int wolfSSL_ASN1_TIME_print(WOLFSSL_BIO* bio, const WOLFSSL_ASN1_TIME* asnTime)
wolfSSL 15:117db924cf7c 23597 {
wolfSSL 15:117db924cf7c 23598 char buf[MAX_TIME_STRING_SZ];
wolfSSL 15:117db924cf7c 23599 int ret = WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 23600
wolfSSL 15:117db924cf7c 23601 WOLFSSL_ENTER("wolfSSL_ASN1_TIME_print");
wolfSSL 15:117db924cf7c 23602
wolfSSL 15:117db924cf7c 23603 if (bio == NULL || asnTime == NULL) {
wolfSSL 15:117db924cf7c 23604 WOLFSSL_MSG("NULL function argument");
wolfSSL 15:117db924cf7c 23605 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 23606 }
wolfSSL 15:117db924cf7c 23607
wolfSSL 15:117db924cf7c 23608 if (wolfSSL_ASN1_TIME_to_string((WOLFSSL_ASN1_TIME*)asnTime, buf,
wolfSSL 15:117db924cf7c 23609 sizeof(buf)) == NULL) {
wolfSSL 15:117db924cf7c 23610 XMEMSET(buf, 0, MAX_TIME_STRING_SZ);
wolfSSL 15:117db924cf7c 23611 XMEMCPY(buf, "Bad time value", 14);
wolfSSL 15:117db924cf7c 23612 ret = WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 23613 }
wolfSSL 15:117db924cf7c 23614
wolfSSL 15:117db924cf7c 23615 if (wolfSSL_BIO_write(bio, buf, (int)XSTRLEN(buf)) <= 0) {
wolfSSL 15:117db924cf7c 23616 WOLFSSL_MSG("Unable to write to bio");
wolfSSL 15:117db924cf7c 23617 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 23618 }
wolfSSL 15:117db924cf7c 23619
wolfSSL 15:117db924cf7c 23620 return ret;
wolfSSL 15:117db924cf7c 23621 }
wolfSSL 15:117db924cf7c 23622
wolfSSL 15:117db924cf7c 23623 char* wolfSSL_ASN1_TIME_to_string(WOLFSSL_ASN1_TIME* t, char* buf, int len)
wolfSSL 15:117db924cf7c 23624 {
wolfSSL 15:117db924cf7c 23625 WOLFSSL_ENTER("wolfSSL_ASN1_TIME_to_string");
wolfSSL 15:117db924cf7c 23626
wolfSSL 15:117db924cf7c 23627 if (t == NULL || buf == NULL || len < 5) {
wolfSSL 15:117db924cf7c 23628 WOLFSSL_MSG("Bad argument");
wolfSSL 15:117db924cf7c 23629 return NULL;
wolfSSL 15:117db924cf7c 23630 }
wolfSSL 15:117db924cf7c 23631
wolfSSL 16:8e0d178b1d1e 23632 if (t->length > len) {
wolfSSL 15:117db924cf7c 23633 WOLFSSL_MSG("Length of date is longer then buffer");
wolfSSL 15:117db924cf7c 23634 return NULL;
wolfSSL 15:117db924cf7c 23635 }
wolfSSL 15:117db924cf7c 23636
wolfSSL 16:8e0d178b1d1e 23637 if (!GetTimeString(t->data, t->type, buf, len)) {
wolfSSL 15:117db924cf7c 23638 return NULL;
wolfSSL 15:117db924cf7c 23639 }
wolfSSL 15:117db924cf7c 23640
wolfSSL 15:117db924cf7c 23641 return buf;
wolfSSL 15:117db924cf7c 23642 }
wolfSSL 16:8e0d178b1d1e 23643 #endif /* !NO_ASN_TIME */
wolfSSL 15:117db924cf7c 23644 #endif /* WOLFSSL_MYSQL_COMPATIBLE || WOLFSSL_NGINX || WOLFSSL_HAPROXY ||
wolfSSL 15:117db924cf7c 23645 OPENSSL_EXTRA*/
wolfSSL 15:117db924cf7c 23646
wolfSSL 15:117db924cf7c 23647
wolfSSL 15:117db924cf7c 23648 #ifdef OPENSSL_EXTRA
wolfSSL 15:117db924cf7c 23649
wolfSSL 15:117db924cf7c 23650 #ifndef NO_WOLFSSL_STUB
wolfSSL 15:117db924cf7c 23651 int wolfSSL_ASN1_INTEGER_cmp(const WOLFSSL_ASN1_INTEGER* a,
wolfSSL 15:117db924cf7c 23652 const WOLFSSL_ASN1_INTEGER* b)
wolfSSL 15:117db924cf7c 23653 {
wolfSSL 15:117db924cf7c 23654 (void)a;
wolfSSL 15:117db924cf7c 23655 (void)b;
wolfSSL 15:117db924cf7c 23656 WOLFSSL_STUB("ASN1_INTEGER_cmp");
wolfSSL 15:117db924cf7c 23657 return 0;
wolfSSL 15:117db924cf7c 23658 }
wolfSSL 15:117db924cf7c 23659 #endif
wolfSSL 15:117db924cf7c 23660
wolfSSL 15:117db924cf7c 23661 #ifndef NO_WOLFSSL_STUB
wolfSSL 15:117db924cf7c 23662 long wolfSSL_ASN1_INTEGER_get(const WOLFSSL_ASN1_INTEGER* i)
wolfSSL 15:117db924cf7c 23663 {
wolfSSL 15:117db924cf7c 23664 (void)i;
wolfSSL 15:117db924cf7c 23665 WOLFSSL_STUB("ASN1_INTEGER_get");
wolfSSL 15:117db924cf7c 23666 return 0;
wolfSSL 15:117db924cf7c 23667 }
wolfSSL 15:117db924cf7c 23668 #endif
wolfSSL 15:117db924cf7c 23669
wolfSSL 16:8e0d178b1d1e 23670 /* get X509_STORE_CTX ex_data, max idx is MAX_EX_DATA */
wolfSSL 15:117db924cf7c 23671 void* wolfSSL_X509_STORE_CTX_get_ex_data(WOLFSSL_X509_STORE_CTX* ctx, int idx)
wolfSSL 15:117db924cf7c 23672 {
wolfSSL 15:117db924cf7c 23673 WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_get_ex_data");
wolfSSL 16:8e0d178b1d1e 23674 #if defined(HAVE_EX_DATA) || defined(FORTRESS)
wolfSSL 16:8e0d178b1d1e 23675 if (ctx != NULL) {
wolfSSL 16:8e0d178b1d1e 23676 return wolfSSL_CRYPTO_get_ex_data(&ctx->ex_data, idx);
wolfSSL 16:8e0d178b1d1e 23677 }
wolfSSL 16:8e0d178b1d1e 23678 #else
wolfSSL 16:8e0d178b1d1e 23679 (void)ctx;
wolfSSL 16:8e0d178b1d1e 23680 (void)idx;
wolfSSL 16:8e0d178b1d1e 23681 #endif
wolfSSL 16:8e0d178b1d1e 23682 return NULL;
wolfSSL 16:8e0d178b1d1e 23683 }
wolfSSL 16:8e0d178b1d1e 23684
wolfSSL 16:8e0d178b1d1e 23685
wolfSSL 16:8e0d178b1d1e 23686 /* set X509_STORE_CTX ex_data, max idx is MAX_EX_DATA. Return WOLFSSL_SUCCESS
wolfSSL 16:8e0d178b1d1e 23687 * on success, WOLFSSL_FAILURE on error. */
wolfSSL 16:8e0d178b1d1e 23688 int wolfSSL_X509_STORE_CTX_set_ex_data(WOLFSSL_X509_STORE_CTX* ctx, int idx,
wolfSSL 16:8e0d178b1d1e 23689 void *data)
wolfSSL 16:8e0d178b1d1e 23690 {
wolfSSL 16:8e0d178b1d1e 23691 WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_set_ex_data");
wolfSSL 16:8e0d178b1d1e 23692 #if defined(HAVE_EX_DATA) || defined(FORTRESS)
wolfSSL 16:8e0d178b1d1e 23693 if (ctx != NULL)
wolfSSL 16:8e0d178b1d1e 23694 {
wolfSSL 16:8e0d178b1d1e 23695 return wolfSSL_CRYPTO_set_ex_data(&ctx->ex_data, idx, data);
wolfSSL 16:8e0d178b1d1e 23696 }
wolfSSL 16:8e0d178b1d1e 23697 #else
wolfSSL 15:117db924cf7c 23698 (void)ctx;
wolfSSL 15:117db924cf7c 23699 (void)idx;
wolfSSL 16:8e0d178b1d1e 23700 (void)data;
wolfSSL 16:8e0d178b1d1e 23701 #endif
wolfSSL 16:8e0d178b1d1e 23702 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 23703 }
wolfSSL 16:8e0d178b1d1e 23704
wolfSSL 16:8e0d178b1d1e 23705 #if defined(WOLFSSL_APACHE_HTTPD) || defined(OPENSSL_ALL)
wolfSSL 16:8e0d178b1d1e 23706 void wolfSSL_X509_STORE_CTX_set_depth(WOLFSSL_X509_STORE_CTX* ctx, int depth)
wolfSSL 16:8e0d178b1d1e 23707 {
wolfSSL 16:8e0d178b1d1e 23708 WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_set_depth");
wolfSSL 16:8e0d178b1d1e 23709 if (ctx)
wolfSSL 16:8e0d178b1d1e 23710 ctx->depth = depth;
wolfSSL 16:8e0d178b1d1e 23711 }
wolfSSL 16:8e0d178b1d1e 23712 #endif
wolfSSL 16:8e0d178b1d1e 23713
wolfSSL 16:8e0d178b1d1e 23714
wolfSSL 16:8e0d178b1d1e 23715 WOLFSSL_X509* wolfSSL_X509_STORE_CTX_get0_current_issuer(
wolfSSL 16:8e0d178b1d1e 23716 WOLFSSL_X509_STORE_CTX* ctx)
wolfSSL 16:8e0d178b1d1e 23717 {
wolfSSL 16:8e0d178b1d1e 23718 int ret;
wolfSSL 16:8e0d178b1d1e 23719 WOLFSSL_X509* issuer;
wolfSSL 16:8e0d178b1d1e 23720
wolfSSL 16:8e0d178b1d1e 23721 WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_get0_current_issuer");
wolfSSL 16:8e0d178b1d1e 23722
wolfSSL 16:8e0d178b1d1e 23723 if (ctx == NULL) {
wolfSSL 16:8e0d178b1d1e 23724 return NULL;
wolfSSL 16:8e0d178b1d1e 23725 }
wolfSSL 16:8e0d178b1d1e 23726
wolfSSL 16:8e0d178b1d1e 23727 ret = wolfSSL_X509_STORE_CTX_get1_issuer(&issuer, ctx, ctx->current_cert);
wolfSSL 16:8e0d178b1d1e 23728 if (ret == WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 23729 return issuer;
wolfSSL 16:8e0d178b1d1e 23730 }
wolfSSL 16:8e0d178b1d1e 23731
wolfSSL 16:8e0d178b1d1e 23732 return NULL;
wolfSSL 15:117db924cf7c 23733 }
wolfSSL 15:117db924cf7c 23734
wolfSSL 15:117db924cf7c 23735
wolfSSL 15:117db924cf7c 23736 /* Gets an index to store SSL structure at.
wolfSSL 15:117db924cf7c 23737 *
wolfSSL 15:117db924cf7c 23738 * Returns positive index on success and negative values on failure
wolfSSL 15:117db924cf7c 23739 */
wolfSSL 15:117db924cf7c 23740 int wolfSSL_get_ex_data_X509_STORE_CTX_idx(void)
wolfSSL 15:117db924cf7c 23741 {
wolfSSL 15:117db924cf7c 23742 WOLFSSL_ENTER("wolfSSL_get_ex_data_X509_STORE_CTX_idx");
wolfSSL 15:117db924cf7c 23743
wolfSSL 15:117db924cf7c 23744 /* store SSL at index 0 */
wolfSSL 15:117db924cf7c 23745 return 0;
wolfSSL 15:117db924cf7c 23746 }
wolfSSL 15:117db924cf7c 23747
wolfSSL 15:117db924cf7c 23748
wolfSSL 15:117db924cf7c 23749 /* Set an error stat in the X509 STORE CTX
wolfSSL 15:117db924cf7c 23750 *
wolfSSL 15:117db924cf7c 23751 */
wolfSSL 15:117db924cf7c 23752 void wolfSSL_X509_STORE_CTX_set_error(WOLFSSL_X509_STORE_CTX* ctx, int er)
wolfSSL 15:117db924cf7c 23753 {
wolfSSL 15:117db924cf7c 23754 WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_set_error");
wolfSSL 15:117db924cf7c 23755
wolfSSL 15:117db924cf7c 23756 if (ctx != NULL) {
wolfSSL 15:117db924cf7c 23757 ctx->error = er;
wolfSSL 15:117db924cf7c 23758 }
wolfSSL 15:117db924cf7c 23759 }
wolfSSL 15:117db924cf7c 23760
wolfSSL 16:8e0d178b1d1e 23761 /* Set the error depth in the X509 STORE CTX */
wolfSSL 16:8e0d178b1d1e 23762 void wolfSSL_X509_STORE_CTX_set_error_depth(WOLFSSL_X509_STORE_CTX* ctx,
wolfSSL 16:8e0d178b1d1e 23763 int depth)
wolfSSL 16:8e0d178b1d1e 23764 {
wolfSSL 16:8e0d178b1d1e 23765 WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_set_error_depth");
wolfSSL 16:8e0d178b1d1e 23766
wolfSSL 16:8e0d178b1d1e 23767 if (ctx != NULL) {
wolfSSL 16:8e0d178b1d1e 23768 ctx->error_depth = depth;
wolfSSL 16:8e0d178b1d1e 23769 }
wolfSSL 16:8e0d178b1d1e 23770 }
wolfSSL 15:117db924cf7c 23771
wolfSSL 15:117db924cf7c 23772 /* Sets a function callback that will send information about the state of all
wolfSSL 15:117db924cf7c 23773 * WOLFSSL objects that have been created by the WOLFSSL_CTX structure passed
wolfSSL 15:117db924cf7c 23774 * in.
wolfSSL 15:117db924cf7c 23775 *
wolfSSL 16:8e0d178b1d1e 23776 * ctx WOLFSSL_CTX structure to set callback function in
wolfSSL 15:117db924cf7c 23777 * f callback function to use
wolfSSL 15:117db924cf7c 23778 */
wolfSSL 15:117db924cf7c 23779 void wolfSSL_CTX_set_info_callback(WOLFSSL_CTX* ctx,
wolfSSL 15:117db924cf7c 23780 void (*f)(const WOLFSSL* ssl, int type, int val))
wolfSSL 15:117db924cf7c 23781 {
wolfSSL 15:117db924cf7c 23782 WOLFSSL_ENTER("wolfSSL_CTX_set_info_callback");
wolfSSL 15:117db924cf7c 23783 if (ctx == NULL) {
wolfSSL 15:117db924cf7c 23784 WOLFSSL_MSG("Bad function argument");
wolfSSL 15:117db924cf7c 23785 }
wolfSSL 15:117db924cf7c 23786 else {
wolfSSL 15:117db924cf7c 23787 ctx->CBIS = f;
wolfSSL 15:117db924cf7c 23788 }
wolfSSL 15:117db924cf7c 23789 }
wolfSSL 15:117db924cf7c 23790
wolfSSL 15:117db924cf7c 23791
wolfSSL 15:117db924cf7c 23792 unsigned long wolfSSL_ERR_peek_error(void)
wolfSSL 15:117db924cf7c 23793 {
wolfSSL 15:117db924cf7c 23794 WOLFSSL_ENTER("wolfSSL_ERR_peek_error");
wolfSSL 15:117db924cf7c 23795
wolfSSL 15:117db924cf7c 23796 return wolfSSL_ERR_peek_error_line_data(NULL, NULL, NULL, NULL);
wolfSSL 15:117db924cf7c 23797 }
wolfSSL 15:117db924cf7c 23798
wolfSSL 16:8e0d178b1d1e 23799 int wolfSSL_ERR_GET_LIB(unsigned long err)
wolfSSL 16:8e0d178b1d1e 23800 {
wolfSSL 16:8e0d178b1d1e 23801 switch (err) {
wolfSSL 16:8e0d178b1d1e 23802 case PEM_R_NO_START_LINE:
wolfSSL 16:8e0d178b1d1e 23803 case PEM_R_PROBLEMS_GETTING_PASSWORD:
wolfSSL 16:8e0d178b1d1e 23804 case PEM_R_BAD_PASSWORD_READ:
wolfSSL 16:8e0d178b1d1e 23805 case PEM_R_BAD_DECRYPT:
wolfSSL 16:8e0d178b1d1e 23806 return ERR_LIB_PEM;
wolfSSL 16:8e0d178b1d1e 23807 case EVP_R_BAD_DECRYPT:
wolfSSL 16:8e0d178b1d1e 23808 case EVP_R_BN_DECODE_ERROR:
wolfSSL 16:8e0d178b1d1e 23809 case EVP_R_DECODE_ERROR:
wolfSSL 16:8e0d178b1d1e 23810 case EVP_R_PRIVATE_KEY_DECODE_ERROR:
wolfSSL 16:8e0d178b1d1e 23811 return ERR_LIB_EVP;
wolfSSL 16:8e0d178b1d1e 23812 default:
wolfSSL 16:8e0d178b1d1e 23813 return 0;
wolfSSL 16:8e0d178b1d1e 23814 }
wolfSSL 16:8e0d178b1d1e 23815 }
wolfSSL 15:117db924cf7c 23816
wolfSSL 15:117db924cf7c 23817 /* This function is to find global error values that are the same through out
wolfSSL 15:117db924cf7c 23818 * all library version. With wolfSSL having only one set of error codes the
wolfSSL 15:117db924cf7c 23819 * return value is pretty straight forward. The only thing needed is all wolfSSL
wolfSSL 15:117db924cf7c 23820 * error values are typically negative.
wolfSSL 15:117db924cf7c 23821 *
wolfSSL 15:117db924cf7c 23822 * Returns the error reason
wolfSSL 15:117db924cf7c 23823 */
wolfSSL 15:117db924cf7c 23824 int wolfSSL_ERR_GET_REASON(unsigned long err)
wolfSSL 15:117db924cf7c 23825 {
wolfSSL 15:117db924cf7c 23826 int ret = (int)err;
wolfSSL 15:117db924cf7c 23827
wolfSSL 15:117db924cf7c 23828 WOLFSSL_ENTER("wolfSSL_ERR_GET_REASON");
wolfSSL 15:117db924cf7c 23829
wolfSSL 15:117db924cf7c 23830 #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
wolfSSL 15:117db924cf7c 23831 /* Nginx looks for this error to know to stop parsing certificates. */
wolfSSL 15:117db924cf7c 23832 if (err == ((ERR_LIB_PEM << 24) | PEM_R_NO_START_LINE))
wolfSSL 15:117db924cf7c 23833 return PEM_R_NO_START_LINE;
wolfSSL 15:117db924cf7c 23834 #endif
wolfSSL 15:117db924cf7c 23835
wolfSSL 15:117db924cf7c 23836 /* check if error value is in range of wolfSSL errors */
wolfSSL 15:117db924cf7c 23837 ret = 0 - ret; /* setting as negative value */
wolfSSL 15:117db924cf7c 23838 /* wolfCrypt range is less than MAX (-100)
wolfSSL 15:117db924cf7c 23839 wolfSSL range is MIN (-300) and lower */
wolfSSL 16:8e0d178b1d1e 23840 if (ret < MAX_CODE_E && ret > MIN_CODE_E) {
wolfSSL 15:117db924cf7c 23841 return ret;
wolfSSL 15:117db924cf7c 23842 }
wolfSSL 15:117db924cf7c 23843 else {
wolfSSL 15:117db924cf7c 23844 WOLFSSL_MSG("Not in range of typical error values");
wolfSSL 15:117db924cf7c 23845 ret = (int)err;
wolfSSL 15:117db924cf7c 23846 }
wolfSSL 15:117db924cf7c 23847
wolfSSL 15:117db924cf7c 23848 return ret;
wolfSSL 15:117db924cf7c 23849 }
wolfSSL 15:117db924cf7c 23850
wolfSSL 15:117db924cf7c 23851
wolfSSL 15:117db924cf7c 23852 /* returns a string that describes the alert
wolfSSL 15:117db924cf7c 23853 *
wolfSSL 15:117db924cf7c 23854 * alertID the alert value to look up
wolfSSL 15:117db924cf7c 23855 */
wolfSSL 15:117db924cf7c 23856 const char* wolfSSL_alert_type_string_long(int alertID)
wolfSSL 15:117db924cf7c 23857 {
wolfSSL 16:8e0d178b1d1e 23858 WOLFSSL_ENTER("wolfSSL_alert_type_string_long");
wolfSSL 15:117db924cf7c 23859
wolfSSL 15:117db924cf7c 23860 switch (alertID) {
wolfSSL 15:117db924cf7c 23861 case close_notify:
wolfSSL 15:117db924cf7c 23862 {
wolfSSL 15:117db924cf7c 23863 static const char close_notify_str[] =
wolfSSL 15:117db924cf7c 23864 "close_notify";
wolfSSL 15:117db924cf7c 23865 return close_notify_str;
wolfSSL 15:117db924cf7c 23866 }
wolfSSL 15:117db924cf7c 23867
wolfSSL 15:117db924cf7c 23868 case unexpected_message:
wolfSSL 15:117db924cf7c 23869 {
wolfSSL 15:117db924cf7c 23870 static const char unexpected_message_str[] =
wolfSSL 15:117db924cf7c 23871 "unexpected_message";
wolfSSL 15:117db924cf7c 23872 return unexpected_message_str;
wolfSSL 15:117db924cf7c 23873 }
wolfSSL 15:117db924cf7c 23874
wolfSSL 15:117db924cf7c 23875 case bad_record_mac:
wolfSSL 15:117db924cf7c 23876 {
wolfSSL 15:117db924cf7c 23877 static const char bad_record_mac_str[] =
wolfSSL 15:117db924cf7c 23878 "bad_record_mac";
wolfSSL 15:117db924cf7c 23879 return bad_record_mac_str;
wolfSSL 15:117db924cf7c 23880 }
wolfSSL 15:117db924cf7c 23881
wolfSSL 15:117db924cf7c 23882 case record_overflow:
wolfSSL 15:117db924cf7c 23883 {
wolfSSL 15:117db924cf7c 23884 static const char record_overflow_str[] =
wolfSSL 15:117db924cf7c 23885 "record_overflow";
wolfSSL 15:117db924cf7c 23886 return record_overflow_str;
wolfSSL 15:117db924cf7c 23887 }
wolfSSL 15:117db924cf7c 23888
wolfSSL 15:117db924cf7c 23889 case decompression_failure:
wolfSSL 15:117db924cf7c 23890 {
wolfSSL 15:117db924cf7c 23891 static const char decompression_failure_str[] =
wolfSSL 15:117db924cf7c 23892 "decompression_failure";
wolfSSL 15:117db924cf7c 23893 return decompression_failure_str;
wolfSSL 15:117db924cf7c 23894 }
wolfSSL 15:117db924cf7c 23895
wolfSSL 15:117db924cf7c 23896 case handshake_failure:
wolfSSL 15:117db924cf7c 23897 {
wolfSSL 15:117db924cf7c 23898 static const char handshake_failure_str[] =
wolfSSL 15:117db924cf7c 23899 "handshake_failure";
wolfSSL 15:117db924cf7c 23900 return handshake_failure_str;
wolfSSL 15:117db924cf7c 23901 }
wolfSSL 15:117db924cf7c 23902
wolfSSL 15:117db924cf7c 23903 case no_certificate:
wolfSSL 15:117db924cf7c 23904 {
wolfSSL 15:117db924cf7c 23905 static const char no_certificate_str[] =
wolfSSL 15:117db924cf7c 23906 "no_certificate";
wolfSSL 15:117db924cf7c 23907 return no_certificate_str;
wolfSSL 15:117db924cf7c 23908 }
wolfSSL 15:117db924cf7c 23909
wolfSSL 15:117db924cf7c 23910 case bad_certificate:
wolfSSL 15:117db924cf7c 23911 {
wolfSSL 15:117db924cf7c 23912 static const char bad_certificate_str[] =
wolfSSL 15:117db924cf7c 23913 "bad_certificate";
wolfSSL 15:117db924cf7c 23914 return bad_certificate_str;
wolfSSL 15:117db924cf7c 23915 }
wolfSSL 15:117db924cf7c 23916
wolfSSL 15:117db924cf7c 23917 case unsupported_certificate:
wolfSSL 15:117db924cf7c 23918 {
wolfSSL 15:117db924cf7c 23919 static const char unsupported_certificate_str[] =
wolfSSL 15:117db924cf7c 23920 "unsupported_certificate";
wolfSSL 15:117db924cf7c 23921 return unsupported_certificate_str;
wolfSSL 15:117db924cf7c 23922 }
wolfSSL 15:117db924cf7c 23923
wolfSSL 15:117db924cf7c 23924 case certificate_revoked:
wolfSSL 15:117db924cf7c 23925 {
wolfSSL 15:117db924cf7c 23926 static const char certificate_revoked_str[] =
wolfSSL 15:117db924cf7c 23927 "certificate_revoked";
wolfSSL 15:117db924cf7c 23928 return certificate_revoked_str;
wolfSSL 15:117db924cf7c 23929 }
wolfSSL 15:117db924cf7c 23930
wolfSSL 15:117db924cf7c 23931 case certificate_expired:
wolfSSL 15:117db924cf7c 23932 {
wolfSSL 15:117db924cf7c 23933 static const char certificate_expired_str[] =
wolfSSL 15:117db924cf7c 23934 "certificate_expired";
wolfSSL 15:117db924cf7c 23935 return certificate_expired_str;
wolfSSL 15:117db924cf7c 23936 }
wolfSSL 15:117db924cf7c 23937
wolfSSL 15:117db924cf7c 23938 case certificate_unknown:
wolfSSL 15:117db924cf7c 23939 {
wolfSSL 15:117db924cf7c 23940 static const char certificate_unknown_str[] =
wolfSSL 15:117db924cf7c 23941 "certificate_unknown";
wolfSSL 15:117db924cf7c 23942 return certificate_unknown_str;
wolfSSL 15:117db924cf7c 23943 }
wolfSSL 15:117db924cf7c 23944
wolfSSL 15:117db924cf7c 23945 case illegal_parameter:
wolfSSL 15:117db924cf7c 23946 {
wolfSSL 15:117db924cf7c 23947 static const char illegal_parameter_str[] =
wolfSSL 15:117db924cf7c 23948 "illegal_parameter";
wolfSSL 15:117db924cf7c 23949 return illegal_parameter_str;
wolfSSL 15:117db924cf7c 23950 }
wolfSSL 15:117db924cf7c 23951
wolfSSL 16:8e0d178b1d1e 23952 case unknown_ca:
wolfSSL 16:8e0d178b1d1e 23953 {
wolfSSL 16:8e0d178b1d1e 23954 static const char unknown_ca_str[] =
wolfSSL 16:8e0d178b1d1e 23955 "unknown_ca";
wolfSSL 16:8e0d178b1d1e 23956 return unknown_ca_str;
wolfSSL 16:8e0d178b1d1e 23957 }
wolfSSL 16:8e0d178b1d1e 23958
wolfSSL 15:117db924cf7c 23959 case decode_error:
wolfSSL 15:117db924cf7c 23960 {
wolfSSL 15:117db924cf7c 23961 static const char decode_error_str[] =
wolfSSL 15:117db924cf7c 23962 "decode_error";
wolfSSL 15:117db924cf7c 23963 return decode_error_str;
wolfSSL 15:117db924cf7c 23964 }
wolfSSL 15:117db924cf7c 23965
wolfSSL 15:117db924cf7c 23966 case decrypt_error:
wolfSSL 15:117db924cf7c 23967 {
wolfSSL 15:117db924cf7c 23968 static const char decrypt_error_str[] =
wolfSSL 15:117db924cf7c 23969 "decrypt_error";
wolfSSL 15:117db924cf7c 23970 return decrypt_error_str;
wolfSSL 15:117db924cf7c 23971 }
wolfSSL 15:117db924cf7c 23972
wolfSSL 15:117db924cf7c 23973 #ifdef WOLFSSL_MYSQL_COMPATIBLE
wolfSSL 15:117db924cf7c 23974 /* catch name conflict for enum protocol with MYSQL build */
wolfSSL 15:117db924cf7c 23975 case wc_protocol_version:
wolfSSL 15:117db924cf7c 23976 {
wolfSSL 15:117db924cf7c 23977 static const char wc_protocol_version_str[] =
wolfSSL 15:117db924cf7c 23978 "wc_protocol_version";
wolfSSL 15:117db924cf7c 23979 return wc_protocol_version_str;
wolfSSL 15:117db924cf7c 23980 }
wolfSSL 15:117db924cf7c 23981
wolfSSL 15:117db924cf7c 23982 #else
wolfSSL 15:117db924cf7c 23983 case protocol_version:
wolfSSL 15:117db924cf7c 23984 {
wolfSSL 15:117db924cf7c 23985 static const char protocol_version_str[] =
wolfSSL 15:117db924cf7c 23986 "protocol_version";
wolfSSL 15:117db924cf7c 23987 return protocol_version_str;
wolfSSL 15:117db924cf7c 23988 }
wolfSSL 15:117db924cf7c 23989
wolfSSL 15:117db924cf7c 23990 #endif
wolfSSL 15:117db924cf7c 23991 case no_renegotiation:
wolfSSL 15:117db924cf7c 23992 {
wolfSSL 15:117db924cf7c 23993 static const char no_renegotiation_str[] =
wolfSSL 15:117db924cf7c 23994 "no_renegotiation";
wolfSSL 15:117db924cf7c 23995 return no_renegotiation_str;
wolfSSL 15:117db924cf7c 23996 }
wolfSSL 15:117db924cf7c 23997
wolfSSL 15:117db924cf7c 23998 case unrecognized_name:
wolfSSL 15:117db924cf7c 23999 {
wolfSSL 15:117db924cf7c 24000 static const char unrecognized_name_str[] =
wolfSSL 15:117db924cf7c 24001 "unrecognized_name";
wolfSSL 15:117db924cf7c 24002 return unrecognized_name_str;
wolfSSL 15:117db924cf7c 24003 }
wolfSSL 15:117db924cf7c 24004
wolfSSL 15:117db924cf7c 24005 case bad_certificate_status_response:
wolfSSL 15:117db924cf7c 24006 {
wolfSSL 15:117db924cf7c 24007 static const char bad_certificate_status_response_str[] =
wolfSSL 15:117db924cf7c 24008 "bad_certificate_status_response";
wolfSSL 15:117db924cf7c 24009 return bad_certificate_status_response_str;
wolfSSL 15:117db924cf7c 24010 }
wolfSSL 15:117db924cf7c 24011
wolfSSL 15:117db924cf7c 24012 case no_application_protocol:
wolfSSL 15:117db924cf7c 24013 {
wolfSSL 15:117db924cf7c 24014 static const char no_application_protocol_str[] =
wolfSSL 15:117db924cf7c 24015 "no_application_protocol";
wolfSSL 15:117db924cf7c 24016 return no_application_protocol_str;
wolfSSL 15:117db924cf7c 24017 }
wolfSSL 15:117db924cf7c 24018
wolfSSL 15:117db924cf7c 24019 default:
wolfSSL 15:117db924cf7c 24020 WOLFSSL_MSG("Unknown Alert");
wolfSSL 15:117db924cf7c 24021 return NULL;
wolfSSL 15:117db924cf7c 24022 }
wolfSSL 15:117db924cf7c 24023 }
wolfSSL 15:117db924cf7c 24024
wolfSSL 15:117db924cf7c 24025
wolfSSL 15:117db924cf7c 24026 const char* wolfSSL_alert_desc_string_long(int alertID)
wolfSSL 15:117db924cf7c 24027 {
wolfSSL 15:117db924cf7c 24028 WOLFSSL_ENTER("wolfSSL_alert_desc_string_long");
wolfSSL 15:117db924cf7c 24029 return wolfSSL_alert_type_string_long(alertID);
wolfSSL 15:117db924cf7c 24030 }
wolfSSL 15:117db924cf7c 24031
wolfSSL 15:117db924cf7c 24032
wolfSSL 15:117db924cf7c 24033 /* Gets the current state of the WOLFSSL structure
wolfSSL 15:117db924cf7c 24034 *
wolfSSL 15:117db924cf7c 24035 * ssl WOLFSSL structure to get state of
wolfSSL 15:117db924cf7c 24036 *
wolfSSL 15:117db924cf7c 24037 * Returns a human readable string of the WOLFSSL structure state
wolfSSL 15:117db924cf7c 24038 */
wolfSSL 15:117db924cf7c 24039 const char* wolfSSL_state_string_long(const WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 24040 {
wolfSSL 15:117db924cf7c 24041
wolfSSL 15:117db924cf7c 24042 static const char* OUTPUT_STR[14][6][3] = {
wolfSSL 15:117db924cf7c 24043 {
wolfSSL 15:117db924cf7c 24044 {"SSLv3 Initialization","SSLv3 Initialization","SSLv3 Initialization"},
wolfSSL 15:117db924cf7c 24045 {"TLSv1 Initialization","TLSv2 Initialization","TLSv2 Initialization"},
wolfSSL 15:117db924cf7c 24046 {"TLSv1_1 Initialization","TLSv1_1 Initialization","TLSv1_1 Initialization"},
wolfSSL 15:117db924cf7c 24047 {"TLSv1_2 Initialization","TLSv1_2 Initialization","TLSv1_2 Initialization"},
wolfSSL 15:117db924cf7c 24048 {"DTLSv1 Initialization","DTLSv1 Initialization","DTLSv1 Initialization"},
wolfSSL 15:117db924cf7c 24049 {"DTLSv1_2 Initialization","DTLSv1_2 Initialization","DTLSv1_2 Initialization"},
wolfSSL 15:117db924cf7c 24050 },
wolfSSL 15:117db924cf7c 24051 {
wolfSSL 15:117db924cf7c 24052 {"SSLv3 read Server Hello Verify Request",
wolfSSL 15:117db924cf7c 24053 "SSLv3 write Server Hello Verify Request",
wolfSSL 15:117db924cf7c 24054 "SSLv3 Server Hello Verify Request"},
wolfSSL 15:117db924cf7c 24055 {"TLSv1 read Server Hello Verify Request",
wolfSSL 15:117db924cf7c 24056 "TLSv1 write Server Hello Verify Request",
wolfSSL 15:117db924cf7c 24057 "TLSv1 Server Hello Verify Request"},
wolfSSL 15:117db924cf7c 24058 {"TLSv1_1 read Server Hello Verify Request",
wolfSSL 15:117db924cf7c 24059 "TLSv1_1 write Server Hello Verify Request",
wolfSSL 15:117db924cf7c 24060 "TLSv1_1 Server Hello Verify Request"},
wolfSSL 15:117db924cf7c 24061 {"TLSv1_2 read Server Hello Verify Request",
wolfSSL 15:117db924cf7c 24062 "TLSv1_2 write Server Hello Verify Request",
wolfSSL 15:117db924cf7c 24063 "TLSv1_2 Server Hello Verify Request"},
wolfSSL 15:117db924cf7c 24064 {"DTLSv1 read Server Hello Verify Request",
wolfSSL 15:117db924cf7c 24065 "DTLSv1 write Server Hello Verify Request",
wolfSSL 15:117db924cf7c 24066 "DTLSv1 Server Hello Verify Request"},
wolfSSL 15:117db924cf7c 24067 {"DTLSv1_2 read Server Hello Verify Request",
wolfSSL 15:117db924cf7c 24068 "DTLSv1_2 write Server Hello Verify Request",
wolfSSL 15:117db924cf7c 24069 "DTLSv1_2 Server Hello Verify Request"},
wolfSSL 15:117db924cf7c 24070 },
wolfSSL 15:117db924cf7c 24071 {
wolfSSL 15:117db924cf7c 24072 {"SSLv3 read Server Hello",
wolfSSL 15:117db924cf7c 24073 "SSLv3 write Server Hello",
wolfSSL 15:117db924cf7c 24074 "SSLv3 Server Hello"},
wolfSSL 15:117db924cf7c 24075 {"TLSv1 read Server Hello",
wolfSSL 15:117db924cf7c 24076 "TLSv1 write Server Hello",
wolfSSL 15:117db924cf7c 24077 "TLSv1 Server Hello"},
wolfSSL 15:117db924cf7c 24078 {"TLSv1_1 read Server Hello",
wolfSSL 15:117db924cf7c 24079 "TLSv1_1 write Server Hello",
wolfSSL 15:117db924cf7c 24080 "TLSv1_1 Server Hello"},
wolfSSL 15:117db924cf7c 24081 {"TLSv1_2 read Server Hello",
wolfSSL 15:117db924cf7c 24082 "TLSv1_2 write Server Hello",
wolfSSL 15:117db924cf7c 24083 "TLSv1_2 Server Hello"},
wolfSSL 15:117db924cf7c 24084 {"DTLSv1 read Server Hello",
wolfSSL 15:117db924cf7c 24085 "DTLSv1 write Server Hello",
wolfSSL 15:117db924cf7c 24086 "DTLSv1 Server Hello"},
wolfSSL 15:117db924cf7c 24087 {"DTLSv1_2 read Server Hello"
wolfSSL 15:117db924cf7c 24088 "DTLSv1_2 write Server Hello",
wolfSSL 15:117db924cf7c 24089 "DTLSv1_2 Server Hello",
wolfSSL 15:117db924cf7c 24090 },
wolfSSL 15:117db924cf7c 24091 },
wolfSSL 15:117db924cf7c 24092 {
wolfSSL 15:117db924cf7c 24093 {"SSLv3 read Server Session Ticket",
wolfSSL 15:117db924cf7c 24094 "SSLv3 write Server Session Ticket",
wolfSSL 15:117db924cf7c 24095 "SSLv3 Server Session Ticket"},
wolfSSL 15:117db924cf7c 24096 {"TLSv1 read Server Session Ticket",
wolfSSL 15:117db924cf7c 24097 "TLSv1 write Server Session Ticket",
wolfSSL 15:117db924cf7c 24098 "TLSv1 Server Session Ticket"},
wolfSSL 15:117db924cf7c 24099 {"TLSv1_1 read Server Session Ticket",
wolfSSL 15:117db924cf7c 24100 "TLSv1_1 write Server Session Ticket",
wolfSSL 15:117db924cf7c 24101 "TLSv1_1 Server Session Ticket"},
wolfSSL 15:117db924cf7c 24102 {"TLSv1_2 read Server Session Ticket",
wolfSSL 15:117db924cf7c 24103 "TLSv1_2 write Server Session Ticket",
wolfSSL 15:117db924cf7c 24104 "TLSv1_2 Server Session Ticket"},
wolfSSL 15:117db924cf7c 24105 {"DTLSv1 read Server Session Ticket",
wolfSSL 15:117db924cf7c 24106 "DTLSv1 write Server Session Ticket",
wolfSSL 15:117db924cf7c 24107 "DTLSv1 Server Session Ticket"},
wolfSSL 15:117db924cf7c 24108 {"DTLSv1_2 read Server Session Ticket",
wolfSSL 15:117db924cf7c 24109 "DTLSv1_2 write Server Session Ticket",
wolfSSL 15:117db924cf7c 24110 "DTLSv1_2 Server Session Ticket"},
wolfSSL 15:117db924cf7c 24111 },
wolfSSL 15:117db924cf7c 24112 {
wolfSSL 15:117db924cf7c 24113 {"SSLv3 read Server Cert",
wolfSSL 15:117db924cf7c 24114 "SSLv3 write Server Cert",
wolfSSL 15:117db924cf7c 24115 "SSLv3 Server Cert"},
wolfSSL 15:117db924cf7c 24116 {"TLSv1 read Server Cert",
wolfSSL 15:117db924cf7c 24117 "TLSv1 write Server Cert",
wolfSSL 15:117db924cf7c 24118 "TLSv1 Server Cert"},
wolfSSL 15:117db924cf7c 24119 {"TLSv1_1 read Server Cert",
wolfSSL 15:117db924cf7c 24120 "TLSv1_1 write Server Cert",
wolfSSL 15:117db924cf7c 24121 "TLSv1_1 Server Cert"},
wolfSSL 15:117db924cf7c 24122 {"TLSv1_2 read Server Cert",
wolfSSL 15:117db924cf7c 24123 "TLSv1_2 write Server Cert",
wolfSSL 15:117db924cf7c 24124 "TLSv1_2 Server Cert"},
wolfSSL 15:117db924cf7c 24125 {"DTLSv1 read Server Cert",
wolfSSL 15:117db924cf7c 24126 "DTLSv1 write Server Cert",
wolfSSL 15:117db924cf7c 24127 "DTLSv1 Server Cert"},
wolfSSL 15:117db924cf7c 24128 {"DTLSv1_2 read Server Cert",
wolfSSL 15:117db924cf7c 24129 "DTLSv1_2 write Server Cert",
wolfSSL 15:117db924cf7c 24130 "DTLSv1_2 Server Cert"},
wolfSSL 15:117db924cf7c 24131 },
wolfSSL 15:117db924cf7c 24132 {
wolfSSL 15:117db924cf7c 24133 {"SSLv3 read Server Key Exchange",
wolfSSL 15:117db924cf7c 24134 "SSLv3 write Server Key Exchange",
wolfSSL 15:117db924cf7c 24135 "SSLv3 Server Key Exchange"},
wolfSSL 15:117db924cf7c 24136 {"TLSv1 read Server Key Exchange",
wolfSSL 15:117db924cf7c 24137 "TLSv1 write Server Key Exchange",
wolfSSL 15:117db924cf7c 24138 "TLSv1 Server Key Exchange"},
wolfSSL 15:117db924cf7c 24139 {"TLSv1_1 read Server Key Exchange",
wolfSSL 15:117db924cf7c 24140 "TLSv1_1 write Server Key Exchange",
wolfSSL 15:117db924cf7c 24141 "TLSv1_1 Server Key Exchange"},
wolfSSL 15:117db924cf7c 24142 {"TLSv1_2 read Server Key Exchange",
wolfSSL 15:117db924cf7c 24143 "TLSv1_2 write Server Key Exchange",
wolfSSL 15:117db924cf7c 24144 "TLSv1_2 Server Key Exchange"},
wolfSSL 15:117db924cf7c 24145 {"DTLSv1 read Server Key Exchange",
wolfSSL 15:117db924cf7c 24146 "DTLSv1 write Server Key Exchange",
wolfSSL 15:117db924cf7c 24147 "DTLSv1 Server Key Exchange"},
wolfSSL 15:117db924cf7c 24148 {"DTLSv1_2 read Server Key Exchange",
wolfSSL 15:117db924cf7c 24149 "DTLSv1_2 write Server Key Exchange",
wolfSSL 15:117db924cf7c 24150 "DTLSv1_2 Server Key Exchange"},
wolfSSL 15:117db924cf7c 24151 },
wolfSSL 15:117db924cf7c 24152 {
wolfSSL 15:117db924cf7c 24153 {"SSLv3 read Server Hello Done",
wolfSSL 15:117db924cf7c 24154 "SSLv3 write Server Hello Done",
wolfSSL 15:117db924cf7c 24155 "SSLv3 Server Hello Done"},
wolfSSL 15:117db924cf7c 24156 {"TLSv1 read Server Hello Done",
wolfSSL 15:117db924cf7c 24157 "TLSv1 write Server Hello Done",
wolfSSL 15:117db924cf7c 24158 "TLSv1 Server Hello Done"},
wolfSSL 15:117db924cf7c 24159 {"TLSv1_1 read Server Hello Done",
wolfSSL 15:117db924cf7c 24160 "TLSv1_1 write Server Hello Done",
wolfSSL 15:117db924cf7c 24161 "TLSv1_1 Server Hello Done"},
wolfSSL 15:117db924cf7c 24162 {"TLSv1_2 read Server Hello Done",
wolfSSL 15:117db924cf7c 24163 "TLSv1_2 write Server Hello Done",
wolfSSL 15:117db924cf7c 24164 "TLSv1_2 Server Hello Done"},
wolfSSL 15:117db924cf7c 24165 {"DTLSv1 read Server Hello Done",
wolfSSL 15:117db924cf7c 24166 "DTLSv1 write Server Hello Done",
wolfSSL 15:117db924cf7c 24167 "DTLSv1 Server Hello Done"},
wolfSSL 15:117db924cf7c 24168 {"DTLSv1_2 read Server Hello Done",
wolfSSL 15:117db924cf7c 24169 "DTLSv1_2 write Server Hello Done",
wolfSSL 15:117db924cf7c 24170 "DTLSv1_2 Server Hello Done"},
wolfSSL 15:117db924cf7c 24171 },
wolfSSL 15:117db924cf7c 24172 {
wolfSSL 15:117db924cf7c 24173 {"SSLv3 read Server Change CipherSpec",
wolfSSL 15:117db924cf7c 24174 "SSLv3 write Server Change CipherSpec",
wolfSSL 15:117db924cf7c 24175 "SSLv3 Server Change CipherSpec"},
wolfSSL 15:117db924cf7c 24176 {"TLSv1 read Server Change CipherSpec",
wolfSSL 15:117db924cf7c 24177 "TLSv1 write Server Change CipherSpec",
wolfSSL 15:117db924cf7c 24178 "TLSv1 Server Change CipherSpec"},
wolfSSL 15:117db924cf7c 24179 {"TLSv1_1 read Server Change CipherSpec",
wolfSSL 15:117db924cf7c 24180 "TLSv1_1 write Server Change CipherSpec",
wolfSSL 15:117db924cf7c 24181 "TLSv1_1 Server Change CipherSpec"},
wolfSSL 15:117db924cf7c 24182 {"TLSv1_2 read Server Change CipherSpec",
wolfSSL 15:117db924cf7c 24183 "TLSv1_2 write Server Change CipherSpec",
wolfSSL 15:117db924cf7c 24184 "TLSv1_2 Server Change CipherSpec"},
wolfSSL 15:117db924cf7c 24185 {"DTLSv1 read Server Change CipherSpec",
wolfSSL 15:117db924cf7c 24186 "DTLSv1 write Server Change CipherSpec",
wolfSSL 15:117db924cf7c 24187 "DTLSv1 Server Change CipherSpec"},
wolfSSL 15:117db924cf7c 24188 {"DTLSv1_2 read Server Change CipherSpec",
wolfSSL 15:117db924cf7c 24189 "DTLSv1_2 write Server Change CipherSpec",
wolfSSL 15:117db924cf7c 24190 "DTLSv1_2 Server Change CipherSpec"},
wolfSSL 15:117db924cf7c 24191 },
wolfSSL 15:117db924cf7c 24192 {
wolfSSL 15:117db924cf7c 24193 {"SSLv3 read Server Finished",
wolfSSL 15:117db924cf7c 24194 "SSLv3 write Server Finished",
wolfSSL 15:117db924cf7c 24195 "SSLv3 Server Finished"},
wolfSSL 15:117db924cf7c 24196 {"TLSv1 read Server Finished",
wolfSSL 15:117db924cf7c 24197 "TLSv1 write Server Finished",
wolfSSL 15:117db924cf7c 24198 "TLSv1 Server Finished"},
wolfSSL 15:117db924cf7c 24199 {"TLSv1_1 read Server Finished",
wolfSSL 15:117db924cf7c 24200 "TLSv1_1 write Server Finished",
wolfSSL 15:117db924cf7c 24201 "TLSv1_1 Server Finished"},
wolfSSL 15:117db924cf7c 24202 {"TLSv1_2 read Server Finished",
wolfSSL 15:117db924cf7c 24203 "TLSv1_2 write Server Finished",
wolfSSL 15:117db924cf7c 24204 "TLSv1_2 Server Finished"},
wolfSSL 15:117db924cf7c 24205 {"DTLSv1 read Server Finished",
wolfSSL 15:117db924cf7c 24206 "DTLSv1 write Server Finished",
wolfSSL 15:117db924cf7c 24207 "DTLSv1 Server Finished"},
wolfSSL 15:117db924cf7c 24208 {"DTLSv1_2 read Server Finished",
wolfSSL 15:117db924cf7c 24209 "DTLSv1_2 write Server Finished",
wolfSSL 15:117db924cf7c 24210 "DTLSv1_2 Server Finished"},
wolfSSL 15:117db924cf7c 24211 },
wolfSSL 15:117db924cf7c 24212 {
wolfSSL 15:117db924cf7c 24213 {"SSLv3 read Client Hello",
wolfSSL 15:117db924cf7c 24214 "SSLv3 write Client Hello",
wolfSSL 15:117db924cf7c 24215 "SSLv3 Client Hello"},
wolfSSL 15:117db924cf7c 24216 {"TLSv1 read Client Hello",
wolfSSL 15:117db924cf7c 24217 "TLSv1 write Client Hello",
wolfSSL 15:117db924cf7c 24218 "TLSv1 Client Hello"},
wolfSSL 15:117db924cf7c 24219 {"TLSv1_1 read Client Hello",
wolfSSL 15:117db924cf7c 24220 "TLSv1_1 write Client Hello",
wolfSSL 15:117db924cf7c 24221 "TLSv1_1 Client Hello"},
wolfSSL 15:117db924cf7c 24222 {"TLSv1_2 read Client Hello",
wolfSSL 15:117db924cf7c 24223 "TLSv1_2 write Client Hello",
wolfSSL 15:117db924cf7c 24224 "TLSv1_2 Client Hello"},
wolfSSL 15:117db924cf7c 24225 {"DTLSv1 read Client Hello",
wolfSSL 15:117db924cf7c 24226 "DTLSv1 write Client Hello",
wolfSSL 15:117db924cf7c 24227 "DTLSv1 Client Hello"},
wolfSSL 15:117db924cf7c 24228 {"DTLSv1_2 read Client Hello",
wolfSSL 15:117db924cf7c 24229 "DTLSv1_2 write Client Hello",
wolfSSL 15:117db924cf7c 24230 "DTLSv1_2 Client Hello"},
wolfSSL 15:117db924cf7c 24231 },
wolfSSL 15:117db924cf7c 24232 {
wolfSSL 15:117db924cf7c 24233 {"SSLv3 read Client Key Exchange",
wolfSSL 15:117db924cf7c 24234 "SSLv3 write Client Key Exchange",
wolfSSL 15:117db924cf7c 24235 "SSLv3 Client Key Exchange"},
wolfSSL 15:117db924cf7c 24236 {"TLSv1 read Client Key Exchange",
wolfSSL 15:117db924cf7c 24237 "TLSv1 write Client Key Exchange",
wolfSSL 15:117db924cf7c 24238 "TLSv1 Client Key Exchange"},
wolfSSL 15:117db924cf7c 24239 {"TLSv1_1 read Client Key Exchange",
wolfSSL 15:117db924cf7c 24240 "TLSv1_1 write Client Key Exchange",
wolfSSL 15:117db924cf7c 24241 "TLSv1_1 Client Key Exchange"},
wolfSSL 15:117db924cf7c 24242 {"TLSv1_2 read Client Key Exchange",
wolfSSL 15:117db924cf7c 24243 "TLSv1_2 write Client Key Exchange",
wolfSSL 15:117db924cf7c 24244 "TLSv1_2 Client Key Exchange"},
wolfSSL 15:117db924cf7c 24245 {"DTLSv1 read Client Key Exchange",
wolfSSL 15:117db924cf7c 24246 "DTLSv1 write Client Key Exchange",
wolfSSL 15:117db924cf7c 24247 "DTLSv1 Client Key Exchange"},
wolfSSL 15:117db924cf7c 24248 {"DTLSv1_2 read Client Key Exchange",
wolfSSL 15:117db924cf7c 24249 "DTLSv1_2 write Client Key Exchange",
wolfSSL 15:117db924cf7c 24250 "DTLSv1_2 Client Key Exchange"},
wolfSSL 15:117db924cf7c 24251 },
wolfSSL 15:117db924cf7c 24252 {
wolfSSL 15:117db924cf7c 24253 {"SSLv3 read Client Change CipherSpec",
wolfSSL 15:117db924cf7c 24254 "SSLv3 write Client Change CipherSpec",
wolfSSL 15:117db924cf7c 24255 "SSLv3 Client Change CipherSpec"},
wolfSSL 15:117db924cf7c 24256 {"TLSv1 read Client Change CipherSpec",
wolfSSL 15:117db924cf7c 24257 "TLSv1 write Client Change CipherSpec",
wolfSSL 15:117db924cf7c 24258 "TLSv1 Client Change CipherSpec"},
wolfSSL 15:117db924cf7c 24259 {"TLSv1_1 read Client Change CipherSpec",
wolfSSL 15:117db924cf7c 24260 "TLSv1_1 write Client Change CipherSpec",
wolfSSL 15:117db924cf7c 24261 "TLSv1_1 Client Change CipherSpec"},
wolfSSL 15:117db924cf7c 24262 {"TLSv1_2 read Client Change CipherSpec",
wolfSSL 15:117db924cf7c 24263 "TLSv1_2 write Client Change CipherSpec",
wolfSSL 15:117db924cf7c 24264 "TLSv1_2 Client Change CipherSpec"},
wolfSSL 15:117db924cf7c 24265 {"DTLSv1 read Client Change CipherSpec",
wolfSSL 15:117db924cf7c 24266 "DTLSv1 write Client Change CipherSpec",
wolfSSL 15:117db924cf7c 24267 "DTLSv1 Client Change CipherSpec"},
wolfSSL 15:117db924cf7c 24268 {"DTLSv1_2 read Client Change CipherSpec",
wolfSSL 15:117db924cf7c 24269 "DTLSv1_2 write Client Change CipherSpec",
wolfSSL 15:117db924cf7c 24270 "DTLSv1_2 Client Change CipherSpec"},
wolfSSL 15:117db924cf7c 24271 },
wolfSSL 15:117db924cf7c 24272 {
wolfSSL 15:117db924cf7c 24273 {"SSLv3 read Client Finished",
wolfSSL 15:117db924cf7c 24274 "SSLv3 write Client Finished",
wolfSSL 15:117db924cf7c 24275 "SSLv3 Client Finished"},
wolfSSL 15:117db924cf7c 24276 {"TLSv1 read Client Finished",
wolfSSL 15:117db924cf7c 24277 "TLSv1 write Client Finished",
wolfSSL 15:117db924cf7c 24278 "TLSv1 Client Finished"},
wolfSSL 15:117db924cf7c 24279 {"TLSv1_1 read Client Finished",
wolfSSL 15:117db924cf7c 24280 "TLSv1_1 write Client Finished",
wolfSSL 15:117db924cf7c 24281 "TLSv1_1 Client Finished"},
wolfSSL 15:117db924cf7c 24282 {"TLSv1_2 read Client Finished",
wolfSSL 15:117db924cf7c 24283 "TLSv1_2 write Client Finished",
wolfSSL 15:117db924cf7c 24284 "TLSv1_2 Client Finished"},
wolfSSL 15:117db924cf7c 24285 {"DTLSv1 read Client Finished",
wolfSSL 15:117db924cf7c 24286 "DTLSv1 write Client Finished",
wolfSSL 15:117db924cf7c 24287 "DTLSv1 Client Finished"},
wolfSSL 15:117db924cf7c 24288 {"DTLSv1_2 read Client Finished",
wolfSSL 15:117db924cf7c 24289 "DTLSv1_2 write Client Finished",
wolfSSL 15:117db924cf7c 24290 "DTLSv1_2 Client Finished"},
wolfSSL 15:117db924cf7c 24291 },
wolfSSL 15:117db924cf7c 24292 {
wolfSSL 15:117db924cf7c 24293 {"SSLv3 Handshake Done",
wolfSSL 15:117db924cf7c 24294 "SSLv3 Handshake Done",
wolfSSL 15:117db924cf7c 24295 "SSLv3 Handshake Done"},
wolfSSL 15:117db924cf7c 24296 {"TLSv1 Handshake Done",
wolfSSL 15:117db924cf7c 24297 "TLSv1 Handshake Done",
wolfSSL 15:117db924cf7c 24298 "TLSv1 Handshake Done"},
wolfSSL 15:117db924cf7c 24299 {"TLSv1_1 Handshake Done",
wolfSSL 15:117db924cf7c 24300 "TLSv1_1 Handshake Done",
wolfSSL 15:117db924cf7c 24301 "TLSv1_1 Handshake Done"},
wolfSSL 15:117db924cf7c 24302 {"TLSv1_2 Handshake Done",
wolfSSL 15:117db924cf7c 24303 "TLSv1_2 Handshake Done",
wolfSSL 15:117db924cf7c 24304 "TLSv1_2 Handshake Done"},
wolfSSL 15:117db924cf7c 24305 {"DTLSv1 Handshake Done",
wolfSSL 15:117db924cf7c 24306 "DTLSv1 Handshake Done",
wolfSSL 15:117db924cf7c 24307 "DTLSv1 Handshake Done"},
wolfSSL 15:117db924cf7c 24308 {"DTLSv1_2 Handshake Done"
wolfSSL 15:117db924cf7c 24309 "DTLSv1_2 Handshake Done"
wolfSSL 15:117db924cf7c 24310 "DTLSv1_2 Handshake Done"}
wolfSSL 15:117db924cf7c 24311 }
wolfSSL 15:117db924cf7c 24312 };
wolfSSL 15:117db924cf7c 24313 enum ProtocolVer {
wolfSSL 15:117db924cf7c 24314 SSL_V3 = 0,
wolfSSL 15:117db924cf7c 24315 TLS_V1,
wolfSSL 15:117db924cf7c 24316 TLS_V1_1,
wolfSSL 15:117db924cf7c 24317 TLS_V1_2,
wolfSSL 15:117db924cf7c 24318 DTLS_V1,
wolfSSL 15:117db924cf7c 24319 DTLS_V1_2,
wolfSSL 15:117db924cf7c 24320 UNKNOWN = 100
wolfSSL 15:117db924cf7c 24321 };
wolfSSL 15:117db924cf7c 24322
wolfSSL 15:117db924cf7c 24323 enum IOMode {
wolfSSL 15:117db924cf7c 24324 SS_READ = 0,
wolfSSL 15:117db924cf7c 24325 SS_WRITE,
wolfSSL 15:117db924cf7c 24326 SS_NEITHER
wolfSSL 15:117db924cf7c 24327 };
wolfSSL 15:117db924cf7c 24328
wolfSSL 15:117db924cf7c 24329 enum SslState {
wolfSSL 15:117db924cf7c 24330 ss_null_state = 0,
wolfSSL 15:117db924cf7c 24331 ss_server_helloverify,
wolfSSL 15:117db924cf7c 24332 ss_server_hello,
wolfSSL 15:117db924cf7c 24333 ss_sessionticket,
wolfSSL 15:117db924cf7c 24334 ss_server_cert,
wolfSSL 15:117db924cf7c 24335 ss_server_keyexchange,
wolfSSL 15:117db924cf7c 24336 ss_server_hellodone,
wolfSSL 15:117db924cf7c 24337 ss_server_changecipherspec,
wolfSSL 15:117db924cf7c 24338 ss_server_finished,
wolfSSL 15:117db924cf7c 24339 ss_client_hello,
wolfSSL 15:117db924cf7c 24340 ss_client_keyexchange,
wolfSSL 15:117db924cf7c 24341 ss_client_changecipherspec,
wolfSSL 15:117db924cf7c 24342 ss_client_finished,
wolfSSL 15:117db924cf7c 24343 ss_handshake_done
wolfSSL 15:117db924cf7c 24344 };
wolfSSL 15:117db924cf7c 24345
wolfSSL 15:117db924cf7c 24346 int protocol = 0;
wolfSSL 15:117db924cf7c 24347 int cbmode = 0;
wolfSSL 15:117db924cf7c 24348 int state = 0;
wolfSSL 15:117db924cf7c 24349
wolfSSL 15:117db924cf7c 24350 WOLFSSL_ENTER("wolfSSL_state_string_long");
wolfSSL 15:117db924cf7c 24351 if (ssl == NULL) {
wolfSSL 15:117db924cf7c 24352 WOLFSSL_MSG("Null argument passed in");
wolfSSL 15:117db924cf7c 24353 return NULL;
wolfSSL 15:117db924cf7c 24354 }
wolfSSL 15:117db924cf7c 24355
wolfSSL 15:117db924cf7c 24356 /* Get state of callback */
wolfSSL 15:117db924cf7c 24357 if (ssl->cbmode == SSL_CB_MODE_WRITE){
wolfSSL 15:117db924cf7c 24358 cbmode = SS_WRITE;
wolfSSL 15:117db924cf7c 24359 } else if (ssl->cbmode == SSL_CB_MODE_READ){
wolfSSL 15:117db924cf7c 24360 cbmode = SS_READ;
wolfSSL 15:117db924cf7c 24361 } else {
wolfSSL 15:117db924cf7c 24362 cbmode = SS_NEITHER;
wolfSSL 15:117db924cf7c 24363 }
wolfSSL 15:117db924cf7c 24364
wolfSSL 15:117db924cf7c 24365 /* Get protocol version */
wolfSSL 15:117db924cf7c 24366 switch (ssl->version.major){
wolfSSL 15:117db924cf7c 24367 case SSLv3_MAJOR:
wolfSSL 15:117db924cf7c 24368 switch (ssl->version.minor){
wolfSSL 15:117db924cf7c 24369 case TLSv1_MINOR:
wolfSSL 15:117db924cf7c 24370 protocol = TLS_V1;
wolfSSL 15:117db924cf7c 24371 break;
wolfSSL 15:117db924cf7c 24372 case TLSv1_1_MINOR:
wolfSSL 15:117db924cf7c 24373 protocol = TLS_V1_1;
wolfSSL 15:117db924cf7c 24374 break;
wolfSSL 15:117db924cf7c 24375 case TLSv1_2_MINOR:
wolfSSL 15:117db924cf7c 24376 protocol = TLS_V1_2;
wolfSSL 15:117db924cf7c 24377 break;
wolfSSL 15:117db924cf7c 24378 case SSLv3_MINOR:
wolfSSL 15:117db924cf7c 24379 protocol = SSL_V3;
wolfSSL 15:117db924cf7c 24380 break;
wolfSSL 15:117db924cf7c 24381 default:
wolfSSL 15:117db924cf7c 24382 protocol = UNKNOWN;
wolfSSL 15:117db924cf7c 24383 }
wolfSSL 15:117db924cf7c 24384 break;
wolfSSL 15:117db924cf7c 24385 case DTLS_MAJOR:
wolfSSL 15:117db924cf7c 24386 switch (ssl->version.minor){
wolfSSL 15:117db924cf7c 24387 case DTLS_MINOR:
wolfSSL 15:117db924cf7c 24388 protocol = DTLS_V1;
wolfSSL 15:117db924cf7c 24389 break;
wolfSSL 15:117db924cf7c 24390 case DTLSv1_2_MINOR:
wolfSSL 15:117db924cf7c 24391 protocol = DTLS_V1_2;
wolfSSL 15:117db924cf7c 24392 break;
wolfSSL 15:117db924cf7c 24393 default:
wolfSSL 15:117db924cf7c 24394 protocol = UNKNOWN;
wolfSSL 15:117db924cf7c 24395 }
wolfSSL 15:117db924cf7c 24396 break;
wolfSSL 15:117db924cf7c 24397 default:
wolfSSL 15:117db924cf7c 24398 protocol = UNKNOWN;
wolfSSL 15:117db924cf7c 24399 }
wolfSSL 15:117db924cf7c 24400
wolfSSL 15:117db924cf7c 24401 /* accept process */
wolfSSL 15:117db924cf7c 24402 if (ssl->cbmode == SSL_CB_MODE_READ){
wolfSSL 15:117db924cf7c 24403 state = ssl->cbtype;
wolfSSL 15:117db924cf7c 24404 switch (state) {
wolfSSL 15:117db924cf7c 24405 case hello_verify_request:
wolfSSL 15:117db924cf7c 24406 state = ss_server_helloverify;
wolfSSL 15:117db924cf7c 24407 break;
wolfSSL 15:117db924cf7c 24408 case session_ticket:
wolfSSL 15:117db924cf7c 24409 state = ss_sessionticket;
wolfSSL 15:117db924cf7c 24410 break;
wolfSSL 15:117db924cf7c 24411 case server_hello:
wolfSSL 15:117db924cf7c 24412 state = ss_server_hello;
wolfSSL 15:117db924cf7c 24413 break;
wolfSSL 15:117db924cf7c 24414 case server_hello_done:
wolfSSL 15:117db924cf7c 24415 state = ss_server_hellodone;
wolfSSL 15:117db924cf7c 24416 break;
wolfSSL 15:117db924cf7c 24417 case certificate:
wolfSSL 15:117db924cf7c 24418 state = ss_server_cert;
wolfSSL 15:117db924cf7c 24419 break;
wolfSSL 15:117db924cf7c 24420 case server_key_exchange:
wolfSSL 15:117db924cf7c 24421 state = ss_server_keyexchange;
wolfSSL 15:117db924cf7c 24422 break;
wolfSSL 15:117db924cf7c 24423 case client_hello:
wolfSSL 15:117db924cf7c 24424 state = ss_client_hello;
wolfSSL 15:117db924cf7c 24425 break;
wolfSSL 15:117db924cf7c 24426 case client_key_exchange:
wolfSSL 15:117db924cf7c 24427 state = ss_client_keyexchange;
wolfSSL 15:117db924cf7c 24428 break;
wolfSSL 15:117db924cf7c 24429 case finished:
wolfSSL 15:117db924cf7c 24430 if (ssl->options.side == WOLFSSL_SERVER_END)
wolfSSL 15:117db924cf7c 24431 state = ss_client_finished;
wolfSSL 15:117db924cf7c 24432 else if (ssl->options.side == WOLFSSL_CLIENT_END)
wolfSSL 15:117db924cf7c 24433 state = ss_server_finished;
wolfSSL 16:8e0d178b1d1e 24434 else {
wolfSSL 16:8e0d178b1d1e 24435 WOLFSSL_MSG("Unknown State");
wolfSSL 16:8e0d178b1d1e 24436 state = ss_null_state;
wolfSSL 16:8e0d178b1d1e 24437 }
wolfSSL 15:117db924cf7c 24438 break;
wolfSSL 15:117db924cf7c 24439 default:
wolfSSL 15:117db924cf7c 24440 WOLFSSL_MSG("Unknown State");
wolfSSL 15:117db924cf7c 24441 state = ss_null_state;
wolfSSL 15:117db924cf7c 24442 }
wolfSSL 15:117db924cf7c 24443 } else {
wolfSSL 15:117db924cf7c 24444 /* Send process */
wolfSSL 15:117db924cf7c 24445 if (ssl->options.side == WOLFSSL_SERVER_END)
wolfSSL 15:117db924cf7c 24446 state = ssl->options.serverState;
wolfSSL 15:117db924cf7c 24447 else
wolfSSL 15:117db924cf7c 24448 state = ssl->options.clientState;
wolfSSL 15:117db924cf7c 24449
wolfSSL 15:117db924cf7c 24450 switch(state){
wolfSSL 15:117db924cf7c 24451 case SERVER_HELLOVERIFYREQUEST_COMPLETE:
wolfSSL 15:117db924cf7c 24452 state = ss_server_helloverify;
wolfSSL 15:117db924cf7c 24453 break;
wolfSSL 15:117db924cf7c 24454 case SERVER_HELLO_COMPLETE:
wolfSSL 15:117db924cf7c 24455 state = ss_server_hello;
wolfSSL 15:117db924cf7c 24456 break;
wolfSSL 15:117db924cf7c 24457 case SERVER_CERT_COMPLETE:
wolfSSL 15:117db924cf7c 24458 state = ss_server_cert;
wolfSSL 15:117db924cf7c 24459 break;
wolfSSL 15:117db924cf7c 24460 case SERVER_KEYEXCHANGE_COMPLETE:
wolfSSL 15:117db924cf7c 24461 state = ss_server_keyexchange;
wolfSSL 15:117db924cf7c 24462 break;
wolfSSL 15:117db924cf7c 24463 case SERVER_HELLODONE_COMPLETE:
wolfSSL 15:117db924cf7c 24464 state = ss_server_hellodone;
wolfSSL 15:117db924cf7c 24465 break;
wolfSSL 15:117db924cf7c 24466 case SERVER_CHANGECIPHERSPEC_COMPLETE:
wolfSSL 15:117db924cf7c 24467 state = ss_server_changecipherspec;
wolfSSL 15:117db924cf7c 24468 break;
wolfSSL 15:117db924cf7c 24469 case SERVER_FINISHED_COMPLETE:
wolfSSL 15:117db924cf7c 24470 state = ss_server_finished;
wolfSSL 15:117db924cf7c 24471 break;
wolfSSL 15:117db924cf7c 24472 case CLIENT_HELLO_COMPLETE:
wolfSSL 15:117db924cf7c 24473 state = ss_client_hello;
wolfSSL 15:117db924cf7c 24474 break;
wolfSSL 15:117db924cf7c 24475 case CLIENT_KEYEXCHANGE_COMPLETE:
wolfSSL 15:117db924cf7c 24476 state = ss_client_keyexchange;
wolfSSL 15:117db924cf7c 24477 break;
wolfSSL 15:117db924cf7c 24478 case CLIENT_CHANGECIPHERSPEC_COMPLETE:
wolfSSL 15:117db924cf7c 24479 state = ss_client_changecipherspec;
wolfSSL 15:117db924cf7c 24480 break;
wolfSSL 15:117db924cf7c 24481 case CLIENT_FINISHED_COMPLETE:
wolfSSL 15:117db924cf7c 24482 state = ss_client_finished;
wolfSSL 15:117db924cf7c 24483 break;
wolfSSL 15:117db924cf7c 24484 case HANDSHAKE_DONE:
wolfSSL 15:117db924cf7c 24485 state = ss_handshake_done;
wolfSSL 15:117db924cf7c 24486 break;
wolfSSL 15:117db924cf7c 24487 default:
wolfSSL 15:117db924cf7c 24488 WOLFSSL_MSG("Unknown State");
wolfSSL 15:117db924cf7c 24489 state = ss_null_state;
wolfSSL 15:117db924cf7c 24490 }
wolfSSL 15:117db924cf7c 24491 }
wolfSSL 15:117db924cf7c 24492
wolfSSL 15:117db924cf7c 24493 if (protocol == UNKNOWN)
wolfSSL 15:117db924cf7c 24494 return NULL;
wolfSSL 15:117db924cf7c 24495 else
wolfSSL 15:117db924cf7c 24496 return OUTPUT_STR[state][protocol][cbmode];
wolfSSL 15:117db924cf7c 24497 }
wolfSSL 15:117db924cf7c 24498
wolfSSL 16:8e0d178b1d1e 24499 /*
wolfSSL 16:8e0d178b1d1e 24500 * Sets default PEM callback password if null is passed into
wolfSSL 16:8e0d178b1d1e 24501 * the callback parameter of a PEM_read_bio_* function.
wolfSSL 16:8e0d178b1d1e 24502 *
wolfSSL 16:8e0d178b1d1e 24503 * Returns callback phrase size on success or WOLFSSL_FAILURE otherwise.
wolfSSL 16:8e0d178b1d1e 24504 */
wolfSSL 15:117db924cf7c 24505 int wolfSSL_PEM_def_callback(char* name, int num, int w, void* key)
wolfSSL 15:117db924cf7c 24506 {
wolfSSL 16:8e0d178b1d1e 24507 int sz;
wolfSSL 15:117db924cf7c 24508 (void)w;
wolfSSL 16:8e0d178b1d1e 24509 WOLFSSL_ENTER("wolfSSL_PEM_def_callback");
wolfSSL 16:8e0d178b1d1e 24510
wolfSSL 16:8e0d178b1d1e 24511 /* We assume that the user passes a default password as userdata */
wolfSSL 16:8e0d178b1d1e 24512 if (key) {
wolfSSL 16:8e0d178b1d1e 24513 sz = (int)XSTRLEN((const char*)key);
wolfSSL 16:8e0d178b1d1e 24514 sz = (sz > num) ? num : sz;
wolfSSL 16:8e0d178b1d1e 24515 XMEMCPY(name, key, sz);
wolfSSL 16:8e0d178b1d1e 24516 return sz;
wolfSSL 16:8e0d178b1d1e 24517 } else {
wolfSSL 16:8e0d178b1d1e 24518 WOLFSSL_MSG("Error, default password cannot be created.");
wolfSSL 16:8e0d178b1d1e 24519 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 24520 }
wolfSSL 16:8e0d178b1d1e 24521 }
wolfSSL 16:8e0d178b1d1e 24522
wolfSSL 16:8e0d178b1d1e 24523 #endif /* OPENSSL_EXTRA */
wolfSSL 16:8e0d178b1d1e 24524
wolfSSL 16:8e0d178b1d1e 24525 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
wolfSSL 15:117db924cf7c 24526 static long wolf_set_options(long old_op, long op)
wolfSSL 15:117db924cf7c 24527 {
wolfSSL 15:117db924cf7c 24528 /* if SSL_OP_ALL then turn all bug workarounds on */
wolfSSL 15:117db924cf7c 24529 if ((op & SSL_OP_ALL) == SSL_OP_ALL) {
wolfSSL 15:117db924cf7c 24530 WOLFSSL_MSG("\tSSL_OP_ALL");
wolfSSL 15:117db924cf7c 24531 }
wolfSSL 15:117db924cf7c 24532
wolfSSL 15:117db924cf7c 24533 /* by default cookie exchange is on with DTLS */
wolfSSL 15:117db924cf7c 24534 if ((op & SSL_OP_COOKIE_EXCHANGE) == SSL_OP_COOKIE_EXCHANGE) {
wolfSSL 15:117db924cf7c 24535 WOLFSSL_MSG("\tSSL_OP_COOKIE_EXCHANGE : on by default");
wolfSSL 15:117db924cf7c 24536 }
wolfSSL 15:117db924cf7c 24537
wolfSSL 15:117db924cf7c 24538 if ((op & WOLFSSL_OP_NO_SSLv2) == WOLFSSL_OP_NO_SSLv2) {
wolfSSL 15:117db924cf7c 24539 WOLFSSL_MSG("\tWOLFSSL_OP_NO_SSLv2 : wolfSSL does not support SSLv2");
wolfSSL 15:117db924cf7c 24540 }
wolfSSL 15:117db924cf7c 24541
wolfSSL 16:8e0d178b1d1e 24542 #ifdef SSL_OP_NO_TLSv1_3
wolfSSL 15:117db924cf7c 24543 if ((op & SSL_OP_NO_TLSv1_3) == SSL_OP_NO_TLSv1_3) {
wolfSSL 15:117db924cf7c 24544 WOLFSSL_MSG("\tSSL_OP_NO_TLSv1_3");
wolfSSL 15:117db924cf7c 24545 }
wolfSSL 16:8e0d178b1d1e 24546 #endif
wolfSSL 15:117db924cf7c 24547
wolfSSL 15:117db924cf7c 24548 if ((op & SSL_OP_NO_TLSv1_2) == SSL_OP_NO_TLSv1_2) {
wolfSSL 15:117db924cf7c 24549 WOLFSSL_MSG("\tSSL_OP_NO_TLSv1_2");
wolfSSL 15:117db924cf7c 24550 }
wolfSSL 15:117db924cf7c 24551
wolfSSL 15:117db924cf7c 24552 if ((op & SSL_OP_NO_TLSv1_1) == SSL_OP_NO_TLSv1_1) {
wolfSSL 15:117db924cf7c 24553 WOLFSSL_MSG("\tSSL_OP_NO_TLSv1_1");
wolfSSL 15:117db924cf7c 24554 }
wolfSSL 15:117db924cf7c 24555
wolfSSL 15:117db924cf7c 24556 if ((op & SSL_OP_NO_TLSv1) == SSL_OP_NO_TLSv1) {
wolfSSL 15:117db924cf7c 24557 WOLFSSL_MSG("\tSSL_OP_NO_TLSv1");
wolfSSL 15:117db924cf7c 24558 }
wolfSSL 15:117db924cf7c 24559
wolfSSL 15:117db924cf7c 24560 if ((op & SSL_OP_NO_SSLv3) == SSL_OP_NO_SSLv3) {
wolfSSL 15:117db924cf7c 24561 WOLFSSL_MSG("\tSSL_OP_NO_SSLv3");
wolfSSL 15:117db924cf7c 24562 }
wolfSSL 15:117db924cf7c 24563
wolfSSL 16:8e0d178b1d1e 24564 if ((op & SSL_OP_CIPHER_SERVER_PREFERENCE) == SSL_OP_CIPHER_SERVER_PREFERENCE) {
wolfSSL 16:8e0d178b1d1e 24565 WOLFSSL_MSG("\tSSL_OP_CIPHER_SERVER_PREFERENCE");
wolfSSL 16:8e0d178b1d1e 24566 }
wolfSSL 16:8e0d178b1d1e 24567
wolfSSL 15:117db924cf7c 24568 if ((op & SSL_OP_NO_COMPRESSION) == SSL_OP_NO_COMPRESSION) {
wolfSSL 15:117db924cf7c 24569 #ifdef HAVE_LIBZ
wolfSSL 15:117db924cf7c 24570 WOLFSSL_MSG("SSL_OP_NO_COMPRESSION");
wolfSSL 15:117db924cf7c 24571 #else
wolfSSL 15:117db924cf7c 24572 WOLFSSL_MSG("SSL_OP_NO_COMPRESSION: compression not compiled in");
wolfSSL 15:117db924cf7c 24573 #endif
wolfSSL 15:117db924cf7c 24574 }
wolfSSL 15:117db924cf7c 24575
wolfSSL 15:117db924cf7c 24576 return old_op | op;
wolfSSL 15:117db924cf7c 24577 }
wolfSSL 16:8e0d178b1d1e 24578 #endif
wolfSSL 16:8e0d178b1d1e 24579
wolfSSL 16:8e0d178b1d1e 24580 #ifdef OPENSSL_EXTRA
wolfSSL 15:117db924cf7c 24581 long wolfSSL_set_options(WOLFSSL* ssl, long op)
wolfSSL 15:117db924cf7c 24582 {
wolfSSL 15:117db924cf7c 24583 word16 haveRSA = 1;
wolfSSL 15:117db924cf7c 24584 word16 havePSK = 0;
wolfSSL 15:117db924cf7c 24585 int keySz = 0;
wolfSSL 15:117db924cf7c 24586
wolfSSL 15:117db924cf7c 24587 WOLFSSL_ENTER("wolfSSL_set_options");
wolfSSL 15:117db924cf7c 24588
wolfSSL 15:117db924cf7c 24589 if (ssl == NULL) {
wolfSSL 15:117db924cf7c 24590 return 0;
wolfSSL 15:117db924cf7c 24591 }
wolfSSL 15:117db924cf7c 24592
wolfSSL 15:117db924cf7c 24593 ssl->options.mask = wolf_set_options(ssl->options.mask, op);
wolfSSL 15:117db924cf7c 24594
wolfSSL 16:8e0d178b1d1e 24595 #ifdef SSL_OP_NO_TLSv1_3
wolfSSL 15:117db924cf7c 24596 if ((ssl->options.mask & SSL_OP_NO_TLSv1_3) == SSL_OP_NO_TLSv1_3) {
wolfSSL 15:117db924cf7c 24597 if (ssl->version.minor == TLSv1_3_MINOR)
wolfSSL 15:117db924cf7c 24598 ssl->version.minor = TLSv1_2_MINOR;
wolfSSL 15:117db924cf7c 24599 }
wolfSSL 16:8e0d178b1d1e 24600 #endif
wolfSSL 15:117db924cf7c 24601
wolfSSL 15:117db924cf7c 24602 if ((ssl->options.mask & SSL_OP_NO_TLSv1_2) == SSL_OP_NO_TLSv1_2) {
wolfSSL 15:117db924cf7c 24603 if (ssl->version.minor == TLSv1_2_MINOR)
wolfSSL 15:117db924cf7c 24604 ssl->version.minor = TLSv1_1_MINOR;
wolfSSL 15:117db924cf7c 24605 }
wolfSSL 15:117db924cf7c 24606
wolfSSL 15:117db924cf7c 24607 if ((ssl->options.mask & SSL_OP_NO_TLSv1_1) == SSL_OP_NO_TLSv1_1) {
wolfSSL 15:117db924cf7c 24608 if (ssl->version.minor == TLSv1_1_MINOR)
wolfSSL 15:117db924cf7c 24609 ssl->version.minor = TLSv1_MINOR;
wolfSSL 15:117db924cf7c 24610 }
wolfSSL 15:117db924cf7c 24611
wolfSSL 15:117db924cf7c 24612 if ((ssl->options.mask & SSL_OP_NO_TLSv1) == SSL_OP_NO_TLSv1) {
wolfSSL 15:117db924cf7c 24613 if (ssl->version.minor == TLSv1_MINOR)
wolfSSL 15:117db924cf7c 24614 ssl->version.minor = SSLv3_MINOR;
wolfSSL 15:117db924cf7c 24615 }
wolfSSL 15:117db924cf7c 24616
wolfSSL 15:117db924cf7c 24617 if ((ssl->options.mask & SSL_OP_NO_COMPRESSION) == SSL_OP_NO_COMPRESSION) {
wolfSSL 15:117db924cf7c 24618 #ifdef HAVE_LIBZ
wolfSSL 15:117db924cf7c 24619 ssl->options.usingCompression = 0;
wolfSSL 15:117db924cf7c 24620 #endif
wolfSSL 15:117db924cf7c 24621 }
wolfSSL 15:117db924cf7c 24622
wolfSSL 15:117db924cf7c 24623 /* in the case of a version change the cipher suites should be reset */
wolfSSL 15:117db924cf7c 24624 #ifndef NO_PSK
wolfSSL 15:117db924cf7c 24625 havePSK = ssl->options.havePSK;
wolfSSL 15:117db924cf7c 24626 #endif
wolfSSL 15:117db924cf7c 24627 #ifdef NO_RSA
wolfSSL 15:117db924cf7c 24628 haveRSA = 0;
wolfSSL 15:117db924cf7c 24629 #endif
wolfSSL 15:117db924cf7c 24630 #ifndef NO_CERTS
wolfSSL 15:117db924cf7c 24631 keySz = ssl->buffers.keySz;
wolfSSL 15:117db924cf7c 24632 #endif
wolfSSL 15:117db924cf7c 24633
wolfSSL 15:117db924cf7c 24634 InitSuites(ssl->suites, ssl->version, keySz, haveRSA, havePSK,
wolfSSL 15:117db924cf7c 24635 ssl->options.haveDH, ssl->options.haveNTRU,
wolfSSL 15:117db924cf7c 24636 ssl->options.haveECDSAsig, ssl->options.haveECC,
wolfSSL 15:117db924cf7c 24637 ssl->options.haveStaticECC, ssl->options.side);
wolfSSL 15:117db924cf7c 24638
wolfSSL 15:117db924cf7c 24639 return ssl->options.mask;
wolfSSL 15:117db924cf7c 24640 }
wolfSSL 15:117db924cf7c 24641
wolfSSL 15:117db924cf7c 24642
wolfSSL 15:117db924cf7c 24643 long wolfSSL_get_options(const WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 24644 {
wolfSSL 15:117db924cf7c 24645 WOLFSSL_ENTER("wolfSSL_get_options");
wolfSSL 15:117db924cf7c 24646 if(ssl == NULL)
wolfSSL 15:117db924cf7c 24647 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 24648 return ssl->options.mask;
wolfSSL 15:117db924cf7c 24649 }
wolfSSL 15:117db924cf7c 24650
wolfSSL 15:117db924cf7c 24651 long wolfSSL_clear_options(WOLFSSL* ssl, long opt)
wolfSSL 15:117db924cf7c 24652 {
wolfSSL 15:117db924cf7c 24653 WOLFSSL_ENTER("SSL_clear_options");
wolfSSL 15:117db924cf7c 24654 if(ssl == NULL)
wolfSSL 15:117db924cf7c 24655 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 24656 ssl->options.mask &= ~opt;
wolfSSL 15:117db924cf7c 24657 return ssl->options.mask;
wolfSSL 15:117db924cf7c 24658 }
wolfSSL 15:117db924cf7c 24659
wolfSSL 16:8e0d178b1d1e 24660
wolfSSL 16:8e0d178b1d1e 24661 #if defined(HAVE_SECURE_RENEGOTIATION) \
wolfSSL 16:8e0d178b1d1e 24662 || defined(HAVE_SERVER_RENEGOTIATION_INFO)
wolfSSL 16:8e0d178b1d1e 24663 /* clears the counter for number of renegotiations done
wolfSSL 16:8e0d178b1d1e 24664 * returns the current count before it is cleared */
wolfSSL 16:8e0d178b1d1e 24665 long wolfSSL_clear_num_renegotiations(WOLFSSL *s)
wolfSSL 16:8e0d178b1d1e 24666 {
wolfSSL 16:8e0d178b1d1e 24667 long total;
wolfSSL 16:8e0d178b1d1e 24668
wolfSSL 16:8e0d178b1d1e 24669 WOLFSSL_ENTER("wolfSSL_clear_num_renegotiations");
wolfSSL 16:8e0d178b1d1e 24670 if (s == NULL)
wolfSSL 16:8e0d178b1d1e 24671 return 0;
wolfSSL 16:8e0d178b1d1e 24672
wolfSSL 16:8e0d178b1d1e 24673 total = s->secure_rene_count;
wolfSSL 16:8e0d178b1d1e 24674 s->secure_rene_count = 0;
wolfSSL 16:8e0d178b1d1e 24675 return total;
wolfSSL 16:8e0d178b1d1e 24676 }
wolfSSL 16:8e0d178b1d1e 24677
wolfSSL 16:8e0d178b1d1e 24678
wolfSSL 16:8e0d178b1d1e 24679 /* return the number of renegotiations since wolfSSL_new */
wolfSSL 16:8e0d178b1d1e 24680 long wolfSSL_total_renegotiations(WOLFSSL *s)
wolfSSL 16:8e0d178b1d1e 24681 {
wolfSSL 16:8e0d178b1d1e 24682 WOLFSSL_ENTER("wolfSSL_total_renegotiations");
wolfSSL 16:8e0d178b1d1e 24683 return wolfSSL_num_renegotiations(s);
wolfSSL 16:8e0d178b1d1e 24684 }
wolfSSL 16:8e0d178b1d1e 24685
wolfSSL 16:8e0d178b1d1e 24686
wolfSSL 16:8e0d178b1d1e 24687 /* return the number of renegotiations since wolfSSL_new */
wolfSSL 16:8e0d178b1d1e 24688 long wolfSSL_num_renegotiations(WOLFSSL* s)
wolfSSL 16:8e0d178b1d1e 24689 {
wolfSSL 16:8e0d178b1d1e 24690 if (s == NULL) {
wolfSSL 16:8e0d178b1d1e 24691 return 0;
wolfSSL 16:8e0d178b1d1e 24692 }
wolfSSL 16:8e0d178b1d1e 24693
wolfSSL 16:8e0d178b1d1e 24694 return s->secure_rene_count;
wolfSSL 16:8e0d178b1d1e 24695 }
wolfSSL 16:8e0d178b1d1e 24696 #endif /* HAVE_SECURE_RENEGOTIATION || HAVE_SERVER_RENEGOTIATION_INFO */
wolfSSL 15:117db924cf7c 24697
wolfSSL 15:117db924cf7c 24698 #ifndef NO_DH
wolfSSL 15:117db924cf7c 24699 long wolfSSL_set_tmp_dh(WOLFSSL *ssl, WOLFSSL_DH *dh)
wolfSSL 15:117db924cf7c 24700 {
wolfSSL 15:117db924cf7c 24701 int pSz, gSz;
wolfSSL 15:117db924cf7c 24702 byte *p, *g;
wolfSSL 15:117db924cf7c 24703 int ret = 0;
wolfSSL 15:117db924cf7c 24704
wolfSSL 15:117db924cf7c 24705 WOLFSSL_ENTER("wolfSSL_set_tmp_dh");
wolfSSL 15:117db924cf7c 24706
wolfSSL 15:117db924cf7c 24707 if (!ssl || !dh)
wolfSSL 15:117db924cf7c 24708 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 24709
wolfSSL 15:117db924cf7c 24710 /* Get needed size for p and g */
wolfSSL 15:117db924cf7c 24711 pSz = wolfSSL_BN_bn2bin(dh->p, NULL);
wolfSSL 15:117db924cf7c 24712 gSz = wolfSSL_BN_bn2bin(dh->g, NULL);
wolfSSL 15:117db924cf7c 24713
wolfSSL 15:117db924cf7c 24714 if (pSz <= 0 || gSz <= 0)
wolfSSL 15:117db924cf7c 24715 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 24716
wolfSSL 15:117db924cf7c 24717 p = (byte*)XMALLOC(pSz, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 15:117db924cf7c 24718 if (!p)
wolfSSL 15:117db924cf7c 24719 return MEMORY_E;
wolfSSL 15:117db924cf7c 24720
wolfSSL 15:117db924cf7c 24721 g = (byte*)XMALLOC(gSz, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 15:117db924cf7c 24722 if (!g) {
wolfSSL 15:117db924cf7c 24723 XFREE(p, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 15:117db924cf7c 24724 return MEMORY_E;
wolfSSL 15:117db924cf7c 24725 }
wolfSSL 15:117db924cf7c 24726
wolfSSL 15:117db924cf7c 24727 pSz = wolfSSL_BN_bn2bin(dh->p, p);
wolfSSL 15:117db924cf7c 24728 gSz = wolfSSL_BN_bn2bin(dh->g, g);
wolfSSL 15:117db924cf7c 24729
wolfSSL 15:117db924cf7c 24730 if (pSz >= 0 && gSz >= 0) /* Conversion successful */
wolfSSL 15:117db924cf7c 24731 ret = wolfSSL_SetTmpDH(ssl, p, pSz, g, gSz);
wolfSSL 15:117db924cf7c 24732
wolfSSL 15:117db924cf7c 24733 XFREE(p, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 15:117db924cf7c 24734 XFREE(g, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 15:117db924cf7c 24735
wolfSSL 15:117db924cf7c 24736 return pSz > 0 && gSz > 0 ? ret : WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 24737 }
wolfSSL 15:117db924cf7c 24738 #endif /* !NO_DH */
wolfSSL 15:117db924cf7c 24739
wolfSSL 15:117db924cf7c 24740
wolfSSL 15:117db924cf7c 24741 #ifdef HAVE_PK_CALLBACKS
wolfSSL 15:117db924cf7c 24742 long wolfSSL_set_tlsext_debug_arg(WOLFSSL* ssl, void *arg)
wolfSSL 15:117db924cf7c 24743 {
wolfSSL 15:117db924cf7c 24744 if (ssl == NULL) {
wolfSSL 15:117db924cf7c 24745 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 24746 }
wolfSSL 15:117db924cf7c 24747
wolfSSL 15:117db924cf7c 24748 ssl->loggingCtx = arg;
wolfSSL 15:117db924cf7c 24749 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 24750 }
wolfSSL 15:117db924cf7c 24751 #endif /* HAVE_PK_CALLBACKS */
wolfSSL 15:117db924cf7c 24752
wolfSSL 15:117db924cf7c 24753 #if defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY)
wolfSSL 15:117db924cf7c 24754 const unsigned char *SSL_SESSION_get0_id_context(const SSL_SESSION *sess, unsigned int *sid_ctx_length)
wolfSSL 15:117db924cf7c 24755 {
wolfSSL 15:117db924cf7c 24756 const byte *c = wolfSSL_SESSION_get_id((SSL_SESSION *)sess, sid_ctx_length);
wolfSSL 15:117db924cf7c 24757 return c;
wolfSSL 15:117db924cf7c 24758 }
wolfSSL 15:117db924cf7c 24759 #endif
wolfSSL 15:117db924cf7c 24760
wolfSSL 15:117db924cf7c 24761 /*** TBD ***/
wolfSSL 15:117db924cf7c 24762 #ifndef NO_WOLFSSL_STUB
wolfSSL 15:117db924cf7c 24763 WOLFSSL_API int wolfSSL_sk_SSL_COMP_zero(WOLFSSL_STACK* st)
wolfSSL 15:117db924cf7c 24764 {
wolfSSL 15:117db924cf7c 24765 (void)st;
wolfSSL 15:117db924cf7c 24766 WOLFSSL_STUB("wolfSSL_sk_SSL_COMP_zero");
wolfSSL 15:117db924cf7c 24767 /* wolfSSL_set_options(ssl, SSL_OP_NO_COMPRESSION); */
wolfSSL 15:117db924cf7c 24768 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 24769 }
wolfSSL 15:117db924cf7c 24770 #endif
wolfSSL 15:117db924cf7c 24771
wolfSSL 15:117db924cf7c 24772 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST
wolfSSL 15:117db924cf7c 24773 long wolfSSL_set_tlsext_status_type(WOLFSSL *s, int type)
wolfSSL 15:117db924cf7c 24774 {
wolfSSL 15:117db924cf7c 24775 WOLFSSL_ENTER("wolfSSL_set_tlsext_status_type");
wolfSSL 15:117db924cf7c 24776
wolfSSL 15:117db924cf7c 24777 if (s == NULL){
wolfSSL 15:117db924cf7c 24778 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 24779 }
wolfSSL 15:117db924cf7c 24780
wolfSSL 15:117db924cf7c 24781 if (type == TLSEXT_STATUSTYPE_ocsp){
wolfSSL 15:117db924cf7c 24782 int r = 0;
wolfSSL 15:117db924cf7c 24783 r = TLSX_UseCertificateStatusRequest(&s->extensions, type, 0, s,
wolfSSL 15:117db924cf7c 24784 s->heap, s->devId);
wolfSSL 15:117db924cf7c 24785 return (long)r;
wolfSSL 15:117db924cf7c 24786 } else {
wolfSSL 15:117db924cf7c 24787 WOLFSSL_MSG(
wolfSSL 15:117db924cf7c 24788 "SSL_set_tlsext_status_type only supports TLSEXT_STATUSTYPE_ocsp type.");
wolfSSL 15:117db924cf7c 24789 return SSL_FAILURE;
wolfSSL 15:117db924cf7c 24790 }
wolfSSL 15:117db924cf7c 24791
wolfSSL 15:117db924cf7c 24792 }
wolfSSL 15:117db924cf7c 24793 #endif /* HAVE_CERTIFICATE_STATUS_REQUEST */
wolfSSL 15:117db924cf7c 24794
wolfSSL 15:117db924cf7c 24795 #ifndef NO_WOLFSSL_STUB
wolfSSL 15:117db924cf7c 24796 WOLFSSL_API long wolfSSL_get_tlsext_status_exts(WOLFSSL *s, void *arg)
wolfSSL 15:117db924cf7c 24797 {
wolfSSL 15:117db924cf7c 24798 (void)s;
wolfSSL 15:117db924cf7c 24799 (void)arg;
wolfSSL 15:117db924cf7c 24800 WOLFSSL_STUB("wolfSSL_get_tlsext_status_exts");
wolfSSL 15:117db924cf7c 24801 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 24802 }
wolfSSL 15:117db924cf7c 24803 #endif
wolfSSL 15:117db924cf7c 24804
wolfSSL 15:117db924cf7c 24805 /*** TBD ***/
wolfSSL 15:117db924cf7c 24806 #ifndef NO_WOLFSSL_STUB
wolfSSL 15:117db924cf7c 24807 WOLFSSL_API long wolfSSL_set_tlsext_status_exts(WOLFSSL *s, void *arg)
wolfSSL 15:117db924cf7c 24808 {
wolfSSL 15:117db924cf7c 24809 (void)s;
wolfSSL 15:117db924cf7c 24810 (void)arg;
wolfSSL 15:117db924cf7c 24811 WOLFSSL_STUB("wolfSSL_set_tlsext_status_exts");
wolfSSL 15:117db924cf7c 24812 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 24813 }
wolfSSL 15:117db924cf7c 24814 #endif
wolfSSL 15:117db924cf7c 24815
wolfSSL 15:117db924cf7c 24816 /*** TBD ***/
wolfSSL 15:117db924cf7c 24817 #ifndef NO_WOLFSSL_STUB
wolfSSL 15:117db924cf7c 24818 WOLFSSL_API long wolfSSL_get_tlsext_status_ids(WOLFSSL *s, void *arg)
wolfSSL 15:117db924cf7c 24819 {
wolfSSL 15:117db924cf7c 24820 (void)s;
wolfSSL 15:117db924cf7c 24821 (void)arg;
wolfSSL 15:117db924cf7c 24822 WOLFSSL_STUB("wolfSSL_get_tlsext_status_ids");
wolfSSL 15:117db924cf7c 24823 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 24824 }
wolfSSL 15:117db924cf7c 24825 #endif
wolfSSL 15:117db924cf7c 24826
wolfSSL 15:117db924cf7c 24827 /*** TBD ***/
wolfSSL 15:117db924cf7c 24828 #ifndef NO_WOLFSSL_STUB
wolfSSL 15:117db924cf7c 24829 WOLFSSL_API long wolfSSL_set_tlsext_status_ids(WOLFSSL *s, void *arg)
wolfSSL 15:117db924cf7c 24830 {
wolfSSL 15:117db924cf7c 24831 (void)s;
wolfSSL 15:117db924cf7c 24832 (void)arg;
wolfSSL 15:117db924cf7c 24833 WOLFSSL_STUB("wolfSSL_set_tlsext_status_ids");
wolfSSL 15:117db924cf7c 24834 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 24835 }
wolfSSL 15:117db924cf7c 24836 #endif
wolfSSL 15:117db924cf7c 24837
wolfSSL 15:117db924cf7c 24838 /*** TBD ***/
wolfSSL 15:117db924cf7c 24839 #ifndef NO_WOLFSSL_STUB
wolfSSL 15:117db924cf7c 24840 WOLFSSL_API int SSL_SESSION_set1_id(WOLFSSL_SESSION *s, const unsigned char *sid, unsigned int sid_len)
wolfSSL 15:117db924cf7c 24841 {
wolfSSL 15:117db924cf7c 24842 (void)s;
wolfSSL 15:117db924cf7c 24843 (void)sid;
wolfSSL 15:117db924cf7c 24844 (void)sid_len;
wolfSSL 15:117db924cf7c 24845 WOLFSSL_STUB("SSL_SESSION_set1_id");
wolfSSL 15:117db924cf7c 24846 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 24847 }
wolfSSL 15:117db924cf7c 24848 #endif
wolfSSL 15:117db924cf7c 24849
wolfSSL 15:117db924cf7c 24850 #ifndef NO_WOLFSSL_STUB
wolfSSL 15:117db924cf7c 24851 /*** TBD ***/
wolfSSL 15:117db924cf7c 24852 WOLFSSL_API int SSL_SESSION_set1_id_context(WOLFSSL_SESSION *s, const unsigned char *sid_ctx, unsigned int sid_ctx_len)
wolfSSL 15:117db924cf7c 24853 {
wolfSSL 15:117db924cf7c 24854 (void)s;
wolfSSL 15:117db924cf7c 24855 (void)sid_ctx;
wolfSSL 15:117db924cf7c 24856 (void)sid_ctx_len;
wolfSSL 15:117db924cf7c 24857 WOLFSSL_STUB("SSL_SESSION_set1_id_context");
wolfSSL 15:117db924cf7c 24858 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 24859 }
wolfSSL 15:117db924cf7c 24860 #endif
wolfSSL 15:117db924cf7c 24861
wolfSSL 16:8e0d178b1d1e 24862 #if defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD) \
wolfSSL 16:8e0d178b1d1e 24863 || defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_WPAS)
wolfSSL 16:8e0d178b1d1e 24864 WOLFSSL_X509_ALGOR* wolfSSL_X509_ALGOR_new(void)
wolfSSL 16:8e0d178b1d1e 24865 {
wolfSSL 16:8e0d178b1d1e 24866 WOLFSSL_X509_ALGOR* ret;
wolfSSL 16:8e0d178b1d1e 24867 ret = (WOLFSSL_X509_ALGOR*)XMALLOC(sizeof(WOLFSSL_X509_ALGOR), NULL,
wolfSSL 16:8e0d178b1d1e 24868 DYNAMIC_TYPE_OPENSSL);
wolfSSL 16:8e0d178b1d1e 24869 if (ret) {
wolfSSL 16:8e0d178b1d1e 24870 XMEMSET(ret, 0, sizeof(WOLFSSL_X509_ALGOR));
wolfSSL 16:8e0d178b1d1e 24871 }
wolfSSL 16:8e0d178b1d1e 24872 return ret;
wolfSSL 16:8e0d178b1d1e 24873 }
wolfSSL 16:8e0d178b1d1e 24874
wolfSSL 16:8e0d178b1d1e 24875 void wolfSSL_X509_ALGOR_free(WOLFSSL_X509_ALGOR *alg)
wolfSSL 16:8e0d178b1d1e 24876 {
wolfSSL 16:8e0d178b1d1e 24877 if (alg) {
wolfSSL 16:8e0d178b1d1e 24878 wolfSSL_ASN1_OBJECT_free(alg->algorithm);
wolfSSL 16:8e0d178b1d1e 24879 wolfSSL_ASN1_TYPE_free(alg->parameter);
wolfSSL 16:8e0d178b1d1e 24880 XFREE(alg, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL 16:8e0d178b1d1e 24881 }
wolfSSL 16:8e0d178b1d1e 24882 }
wolfSSL 16:8e0d178b1d1e 24883
wolfSSL 16:8e0d178b1d1e 24884 /* Returns X509_ALGOR struct with signature algorithm */
wolfSSL 16:8e0d178b1d1e 24885 const WOLFSSL_X509_ALGOR* wolfSSL_X509_get0_tbs_sigalg(const WOLFSSL_X509 *x509)
wolfSSL 16:8e0d178b1d1e 24886 {
wolfSSL 16:8e0d178b1d1e 24887 WOLFSSL_ENTER("X509_get0_tbs_sigalg");
wolfSSL 16:8e0d178b1d1e 24888
wolfSSL 16:8e0d178b1d1e 24889 if (x509 == NULL) {
wolfSSL 16:8e0d178b1d1e 24890 WOLFSSL_MSG("x509 struct NULL error");
wolfSSL 16:8e0d178b1d1e 24891 return NULL;
wolfSSL 16:8e0d178b1d1e 24892 }
wolfSSL 16:8e0d178b1d1e 24893
wolfSSL 16:8e0d178b1d1e 24894 return &x509->algor;
wolfSSL 16:8e0d178b1d1e 24895 }
wolfSSL 16:8e0d178b1d1e 24896
wolfSSL 16:8e0d178b1d1e 24897 /* Sets paobj pointer to X509_ALGOR signature algorithm */
wolfSSL 16:8e0d178b1d1e 24898 void wolfSSL_X509_ALGOR_get0(const WOLFSSL_ASN1_OBJECT **paobj, int *pptype,
wolfSSL 16:8e0d178b1d1e 24899 const void **ppval, const WOLFSSL_X509_ALGOR *algor)
wolfSSL 16:8e0d178b1d1e 24900 {
wolfSSL 16:8e0d178b1d1e 24901 WOLFSSL_ENTER("X509_ALGOR_get0");
wolfSSL 16:8e0d178b1d1e 24902
wolfSSL 16:8e0d178b1d1e 24903 if (!algor) {
wolfSSL 16:8e0d178b1d1e 24904 WOLFSSL_MSG("algor object is NULL");
wolfSSL 16:8e0d178b1d1e 24905 return;
wolfSSL 16:8e0d178b1d1e 24906 }
wolfSSL 16:8e0d178b1d1e 24907
wolfSSL 16:8e0d178b1d1e 24908 if (paobj)
wolfSSL 16:8e0d178b1d1e 24909 *paobj = algor->algorithm;
wolfSSL 16:8e0d178b1d1e 24910 if (ppval)
wolfSSL 16:8e0d178b1d1e 24911 *ppval = algor->algorithm;
wolfSSL 16:8e0d178b1d1e 24912 if (pptype) {
wolfSSL 16:8e0d178b1d1e 24913 if (algor->parameter) {
wolfSSL 16:8e0d178b1d1e 24914 *pptype = algor->parameter->type;
wolfSSL 16:8e0d178b1d1e 24915 }
wolfSSL 16:8e0d178b1d1e 24916 else {
wolfSSL 16:8e0d178b1d1e 24917 /* Default to V_ASN1_OBJECT */
wolfSSL 16:8e0d178b1d1e 24918 *pptype = V_ASN1_OBJECT;
wolfSSL 16:8e0d178b1d1e 24919 }
wolfSSL 16:8e0d178b1d1e 24920 }
wolfSSL 16:8e0d178b1d1e 24921 }
wolfSSL 16:8e0d178b1d1e 24922
wolfSSL 16:8e0d178b1d1e 24923 /**
wolfSSL 16:8e0d178b1d1e 24924 * Populate algor members.
wolfSSL 16:8e0d178b1d1e 24925 *
wolfSSL 16:8e0d178b1d1e 24926 * @param algor The object to be set
wolfSSL 16:8e0d178b1d1e 24927 * @param aobj The value to be set in algor->algorithm
wolfSSL 16:8e0d178b1d1e 24928 * @param ptype The type of algor->parameter
wolfSSL 16:8e0d178b1d1e 24929 * @param pval The value of algor->parameter
wolfSSL 16:8e0d178b1d1e 24930 * @return WOLFSSL_SUCCESS on success
wolfSSL 16:8e0d178b1d1e 24931 * WOLFSSL_FAILURE on missing parameters or bad malloc
wolfSSL 16:8e0d178b1d1e 24932 */
wolfSSL 16:8e0d178b1d1e 24933 int wolfSSL_X509_ALGOR_set0(WOLFSSL_X509_ALGOR *algor, WOLFSSL_ASN1_OBJECT *aobj,
wolfSSL 16:8e0d178b1d1e 24934 int ptype, void *pval)
wolfSSL 16:8e0d178b1d1e 24935 {
wolfSSL 16:8e0d178b1d1e 24936 if (!algor) {
wolfSSL 16:8e0d178b1d1e 24937 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 24938 }
wolfSSL 16:8e0d178b1d1e 24939 if (aobj) {
wolfSSL 16:8e0d178b1d1e 24940 algor->algorithm = aobj;
wolfSSL 16:8e0d178b1d1e 24941 }
wolfSSL 16:8e0d178b1d1e 24942 if (pval) {
wolfSSL 16:8e0d178b1d1e 24943 if (!algor->parameter) {
wolfSSL 16:8e0d178b1d1e 24944 algor->parameter = wolfSSL_ASN1_TYPE_new();
wolfSSL 16:8e0d178b1d1e 24945 if (!algor->parameter) {
wolfSSL 16:8e0d178b1d1e 24946 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 24947 }
wolfSSL 16:8e0d178b1d1e 24948 }
wolfSSL 16:8e0d178b1d1e 24949 wolfSSL_ASN1_TYPE_set(algor->parameter, ptype, pval);
wolfSSL 16:8e0d178b1d1e 24950 }
wolfSSL 16:8e0d178b1d1e 24951 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 24952 }
wolfSSL 16:8e0d178b1d1e 24953
wolfSSL 16:8e0d178b1d1e 24954 /**
wolfSSL 16:8e0d178b1d1e 24955 * Set `a` in a smart way.
wolfSSL 16:8e0d178b1d1e 24956 *
wolfSSL 16:8e0d178b1d1e 24957 * @param a Object to set
wolfSSL 16:8e0d178b1d1e 24958 * @param type The type of object in value
wolfSSL 16:8e0d178b1d1e 24959 * @param value Object to set
wolfSSL 16:8e0d178b1d1e 24960 */
wolfSSL 16:8e0d178b1d1e 24961 void wolfSSL_ASN1_TYPE_set(WOLFSSL_ASN1_TYPE *a, int type, void *value)
wolfSSL 16:8e0d178b1d1e 24962 {
wolfSSL 16:8e0d178b1d1e 24963 if (!a || !value) {
wolfSSL 16:8e0d178b1d1e 24964 return;
wolfSSL 16:8e0d178b1d1e 24965 }
wolfSSL 16:8e0d178b1d1e 24966 switch (type) {
wolfSSL 16:8e0d178b1d1e 24967 case V_ASN1_OBJECT:
wolfSSL 16:8e0d178b1d1e 24968 a->value.object = value;
wolfSSL 16:8e0d178b1d1e 24969 break;
wolfSSL 16:8e0d178b1d1e 24970 case V_ASN1_UTCTIME:
wolfSSL 16:8e0d178b1d1e 24971 a->value.utctime = value;
wolfSSL 16:8e0d178b1d1e 24972 break;
wolfSSL 16:8e0d178b1d1e 24973 case V_ASN1_GENERALIZEDTIME:
wolfSSL 16:8e0d178b1d1e 24974 a->value.generalizedtime = value;
wolfSSL 16:8e0d178b1d1e 24975 break;
wolfSSL 16:8e0d178b1d1e 24976 default:
wolfSSL 16:8e0d178b1d1e 24977 WOLFSSL_MSG("Unknown or unsupported ASN1_TYPE");
wolfSSL 16:8e0d178b1d1e 24978 return;
wolfSSL 16:8e0d178b1d1e 24979 }
wolfSSL 16:8e0d178b1d1e 24980 a->type = type;
wolfSSL 16:8e0d178b1d1e 24981 }
wolfSSL 16:8e0d178b1d1e 24982
wolfSSL 16:8e0d178b1d1e 24983 /**
wolfSSL 16:8e0d178b1d1e 24984 * Allocate a new WOLFSSL_ASN1_TYPE object.
wolfSSL 16:8e0d178b1d1e 24985 *
wolfSSL 16:8e0d178b1d1e 24986 * @return New zero'ed WOLFSSL_ASN1_TYPE object
wolfSSL 16:8e0d178b1d1e 24987 */
wolfSSL 16:8e0d178b1d1e 24988 WOLFSSL_ASN1_TYPE* wolfSSL_ASN1_TYPE_new(void)
wolfSSL 16:8e0d178b1d1e 24989 {
wolfSSL 16:8e0d178b1d1e 24990 WOLFSSL_ASN1_TYPE* ret = (WOLFSSL_ASN1_TYPE*)XMALLOC(sizeof(WOLFSSL_ASN1_TYPE),
wolfSSL 16:8e0d178b1d1e 24991 NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL 16:8e0d178b1d1e 24992 if (!ret)
wolfSSL 16:8e0d178b1d1e 24993 return NULL;
wolfSSL 16:8e0d178b1d1e 24994 XMEMSET(ret, 0, sizeof(WOLFSSL_ASN1_TYPE));
wolfSSL 16:8e0d178b1d1e 24995 return ret;
wolfSSL 16:8e0d178b1d1e 24996 }
wolfSSL 16:8e0d178b1d1e 24997
wolfSSL 16:8e0d178b1d1e 24998 /**
wolfSSL 16:8e0d178b1d1e 24999 * Free WOLFSSL_ASN1_TYPE and all its members.
wolfSSL 16:8e0d178b1d1e 25000 *
wolfSSL 16:8e0d178b1d1e 25001 * @param at Object to free
wolfSSL 16:8e0d178b1d1e 25002 */
wolfSSL 16:8e0d178b1d1e 25003 void wolfSSL_ASN1_TYPE_free(WOLFSSL_ASN1_TYPE* at)
wolfSSL 16:8e0d178b1d1e 25004 {
wolfSSL 16:8e0d178b1d1e 25005 if (at) {
wolfSSL 16:8e0d178b1d1e 25006 switch (at->type) {
wolfSSL 16:8e0d178b1d1e 25007 case V_ASN1_OBJECT:
wolfSSL 16:8e0d178b1d1e 25008 wolfSSL_ASN1_OBJECT_free(at->value.object);
wolfSSL 16:8e0d178b1d1e 25009 break;
wolfSSL 16:8e0d178b1d1e 25010 case V_ASN1_UTCTIME:
wolfSSL 16:8e0d178b1d1e 25011 wolfSSL_ASN1_TIME_free(at->value.utctime);
wolfSSL 16:8e0d178b1d1e 25012 break;
wolfSSL 16:8e0d178b1d1e 25013 case V_ASN1_GENERALIZEDTIME:
wolfSSL 16:8e0d178b1d1e 25014 wolfSSL_ASN1_TIME_free(at->value.generalizedtime);
wolfSSL 16:8e0d178b1d1e 25015 break;
wolfSSL 16:8e0d178b1d1e 25016 default:
wolfSSL 16:8e0d178b1d1e 25017 WOLFSSL_MSG("Unknown or unsupported ASN1_TYPE");
wolfSSL 16:8e0d178b1d1e 25018 break;
wolfSSL 16:8e0d178b1d1e 25019 }
wolfSSL 16:8e0d178b1d1e 25020 XFREE(at, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL 16:8e0d178b1d1e 25021 }
wolfSSL 16:8e0d178b1d1e 25022 }
wolfSSL 16:8e0d178b1d1e 25023
wolfSSL 16:8e0d178b1d1e 25024 /**
wolfSSL 16:8e0d178b1d1e 25025 * Allocate a new WOLFSSL_X509_PUBKEY object.
wolfSSL 16:8e0d178b1d1e 25026 *
wolfSSL 16:8e0d178b1d1e 25027 * @return New zero'ed WOLFSSL_X509_PUBKEY object
wolfSSL 16:8e0d178b1d1e 25028 */
wolfSSL 16:8e0d178b1d1e 25029 WOLFSSL_X509_PUBKEY *wolfSSL_X509_PUBKEY_new(void)
wolfSSL 16:8e0d178b1d1e 25030 {
wolfSSL 16:8e0d178b1d1e 25031 WOLFSSL_X509_PUBKEY *ret;
wolfSSL 16:8e0d178b1d1e 25032 ret = (WOLFSSL_X509_PUBKEY*)XMALLOC(sizeof(WOLFSSL_X509_PUBKEY), NULL,
wolfSSL 16:8e0d178b1d1e 25033 DYNAMIC_TYPE_OPENSSL);
wolfSSL 16:8e0d178b1d1e 25034 if (!ret) {
wolfSSL 16:8e0d178b1d1e 25035 return NULL;
wolfSSL 16:8e0d178b1d1e 25036 }
wolfSSL 16:8e0d178b1d1e 25037 XMEMSET(ret, 0, sizeof(WOLFSSL_X509_PUBKEY));
wolfSSL 16:8e0d178b1d1e 25038 ret->algor = wolfSSL_X509_ALGOR_new();
wolfSSL 16:8e0d178b1d1e 25039 if (!ret->algor) {
wolfSSL 16:8e0d178b1d1e 25040 wolfSSL_X509_PUBKEY_free(ret);
wolfSSL 16:8e0d178b1d1e 25041 return NULL;
wolfSSL 16:8e0d178b1d1e 25042 }
wolfSSL 16:8e0d178b1d1e 25043 return ret;
wolfSSL 16:8e0d178b1d1e 25044 }
wolfSSL 16:8e0d178b1d1e 25045
wolfSSL 16:8e0d178b1d1e 25046 /**
wolfSSL 16:8e0d178b1d1e 25047 * Free WOLFSSL_X509_PUBKEY and all its members.
wolfSSL 16:8e0d178b1d1e 25048 *
wolfSSL 16:8e0d178b1d1e 25049 * @param at Object to free
wolfSSL 16:8e0d178b1d1e 25050 */
wolfSSL 16:8e0d178b1d1e 25051 void wolfSSL_X509_PUBKEY_free(WOLFSSL_X509_PUBKEY *x)
wolfSSL 16:8e0d178b1d1e 25052 {
wolfSSL 16:8e0d178b1d1e 25053 if (x) {
wolfSSL 16:8e0d178b1d1e 25054 if (x->algor) {
wolfSSL 16:8e0d178b1d1e 25055 wolfSSL_X509_ALGOR_free(x->algor);
wolfSSL 16:8e0d178b1d1e 25056 }
wolfSSL 16:8e0d178b1d1e 25057 if (x->pkey) {
wolfSSL 16:8e0d178b1d1e 25058 wolfSSL_EVP_PKEY_free(x->pkey);
wolfSSL 16:8e0d178b1d1e 25059 }
wolfSSL 16:8e0d178b1d1e 25060 XFREE(x, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL 16:8e0d178b1d1e 25061 }
wolfSSL 16:8e0d178b1d1e 25062 }
wolfSSL 16:8e0d178b1d1e 25063
wolfSSL 16:8e0d178b1d1e 25064 /* Returns X509_PUBKEY structure containing X509_ALGOR and EVP_PKEY */
wolfSSL 16:8e0d178b1d1e 25065 WOLFSSL_X509_PUBKEY* wolfSSL_X509_get_X509_PUBKEY(const WOLFSSL_X509* x509)
wolfSSL 16:8e0d178b1d1e 25066 {
wolfSSL 16:8e0d178b1d1e 25067 WOLFSSL_ENTER("X509_get_X509_PUBKEY");
wolfSSL 16:8e0d178b1d1e 25068
wolfSSL 16:8e0d178b1d1e 25069 if (x509 == NULL) {
wolfSSL 16:8e0d178b1d1e 25070 WOLFSSL_MSG("x509 struct NULL error");
wolfSSL 16:8e0d178b1d1e 25071 return NULL;
wolfSSL 16:8e0d178b1d1e 25072 }
wolfSSL 16:8e0d178b1d1e 25073
wolfSSL 16:8e0d178b1d1e 25074 return (WOLFSSL_X509_PUBKEY*)&x509->key;
wolfSSL 16:8e0d178b1d1e 25075 }
wolfSSL 16:8e0d178b1d1e 25076
wolfSSL 16:8e0d178b1d1e 25077 /* Sets ppkalg pointer to X509_PUBKEY algorithm. Returns WOLFSSL_SUCCESS on
wolfSSL 16:8e0d178b1d1e 25078 success or WOLFSSL_FAILURE on error. */
wolfSSL 16:8e0d178b1d1e 25079 int wolfSSL_X509_PUBKEY_get0_param(WOLFSSL_ASN1_OBJECT **ppkalg,
wolfSSL 16:8e0d178b1d1e 25080 const unsigned char **pk, int *ppklen, WOLFSSL_X509_ALGOR **pa,
wolfSSL 16:8e0d178b1d1e 25081 WOLFSSL_X509_PUBKEY *pub)
wolfSSL 16:8e0d178b1d1e 25082 {
wolfSSL 16:8e0d178b1d1e 25083 WOLFSSL_ENTER("X509_PUBKEY_get0_param");
wolfSSL 16:8e0d178b1d1e 25084
wolfSSL 16:8e0d178b1d1e 25085 if (!pub || !pub->pubKeyOID) {
wolfSSL 16:8e0d178b1d1e 25086 WOLFSSL_MSG("X509_PUBKEY struct not populated");
wolfSSL 16:8e0d178b1d1e 25087 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 25088 }
wolfSSL 16:8e0d178b1d1e 25089
wolfSSL 16:8e0d178b1d1e 25090 if (!pub->algor) {
wolfSSL 16:8e0d178b1d1e 25091 if (!(pub->algor = wolfSSL_X509_ALGOR_new())) {
wolfSSL 16:8e0d178b1d1e 25092 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 25093 }
wolfSSL 16:8e0d178b1d1e 25094 pub->algor->algorithm = wolfSSL_OBJ_nid2obj(pub->pubKeyOID);
wolfSSL 16:8e0d178b1d1e 25095 if (pub->algor->algorithm == NULL) {
wolfSSL 16:8e0d178b1d1e 25096 WOLFSSL_MSG("Failed to create object from NID");
wolfSSL 16:8e0d178b1d1e 25097 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 25098 }
wolfSSL 16:8e0d178b1d1e 25099 }
wolfSSL 16:8e0d178b1d1e 25100
wolfSSL 16:8e0d178b1d1e 25101 if (pa)
wolfSSL 16:8e0d178b1d1e 25102 *pa = pub->algor;
wolfSSL 16:8e0d178b1d1e 25103 if (ppkalg)
wolfSSL 16:8e0d178b1d1e 25104 *ppkalg = pub->algor->algorithm;
wolfSSL 16:8e0d178b1d1e 25105 if (pk)
wolfSSL 16:8e0d178b1d1e 25106 wolfSSL_EVP_PKEY_get_der(pub->pkey, (unsigned char **)pk);
wolfSSL 16:8e0d178b1d1e 25107 if (ppklen)
wolfSSL 16:8e0d178b1d1e 25108 *ppklen = wolfSSL_EVP_PKEY_get_der(pub->pkey, NULL);
wolfSSL 16:8e0d178b1d1e 25109
wolfSSL 16:8e0d178b1d1e 25110 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 25111 }
wolfSSL 16:8e0d178b1d1e 25112
wolfSSL 16:8e0d178b1d1e 25113 /* Returns a pointer to the pkey when passed a key */
wolfSSL 16:8e0d178b1d1e 25114 WOLFSSL_EVP_PKEY* wolfSSL_X509_PUBKEY_get(WOLFSSL_X509_PUBKEY* key)
wolfSSL 16:8e0d178b1d1e 25115 {
wolfSSL 16:8e0d178b1d1e 25116 WOLFSSL_ENTER("wolfSSL_X509_PUBKEY_get");
wolfSSL 16:8e0d178b1d1e 25117 if(key == NULL || key->pkey == NULL){
wolfSSL 16:8e0d178b1d1e 25118 WOLFSSL_LEAVE("wolfSSL_X509_PUBKEY_get", BAD_FUNC_ARG);
wolfSSL 16:8e0d178b1d1e 25119 return NULL;
wolfSSL 16:8e0d178b1d1e 25120 }
wolfSSL 16:8e0d178b1d1e 25121 WOLFSSL_LEAVE("wolfSSL_X509_PUBKEY_get", WOLFSSL_SUCCESS);
wolfSSL 16:8e0d178b1d1e 25122 return key->pkey;
wolfSSL 16:8e0d178b1d1e 25123 }
wolfSSL 16:8e0d178b1d1e 25124
wolfSSL 16:8e0d178b1d1e 25125 int wolfSSL_X509_PUBKEY_set(WOLFSSL_X509_PUBKEY **x, WOLFSSL_EVP_PKEY *key)
wolfSSL 16:8e0d178b1d1e 25126 {
wolfSSL 16:8e0d178b1d1e 25127 WOLFSSL_X509_PUBKEY *pk = NULL;
wolfSSL 16:8e0d178b1d1e 25128
wolfSSL 16:8e0d178b1d1e 25129 WOLFSSL_ENTER("wolfSSL_X509_PUBKEY_set");
wolfSSL 16:8e0d178b1d1e 25130
wolfSSL 16:8e0d178b1d1e 25131 if (!x || !key) {
wolfSSL 16:8e0d178b1d1e 25132 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 25133 }
wolfSSL 16:8e0d178b1d1e 25134
wolfSSL 16:8e0d178b1d1e 25135 if (!(pk = wolfSSL_X509_PUBKEY_new())) {
wolfSSL 16:8e0d178b1d1e 25136 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 25137 }
wolfSSL 16:8e0d178b1d1e 25138
wolfSSL 16:8e0d178b1d1e 25139 switch (key->type) {
wolfSSL 16:8e0d178b1d1e 25140 #ifndef NO_RSA
wolfSSL 16:8e0d178b1d1e 25141 case EVP_PKEY_RSA:
wolfSSL 16:8e0d178b1d1e 25142 pk->algor->algorithm= wolfSSL_OBJ_nid2obj(RSAk);
wolfSSL 16:8e0d178b1d1e 25143 break;
wolfSSL 16:8e0d178b1d1e 25144 #endif
wolfSSL 16:8e0d178b1d1e 25145 #ifndef NO_DSA
wolfSSL 16:8e0d178b1d1e 25146 case EVP_PKEY_DSA:
wolfSSL 16:8e0d178b1d1e 25147 pk->algor->algorithm = wolfSSL_OBJ_nid2obj(DSAk);
wolfSSL 16:8e0d178b1d1e 25148 break;
wolfSSL 16:8e0d178b1d1e 25149 #endif
wolfSSL 16:8e0d178b1d1e 25150 #ifdef HAVE_ECC
wolfSSL 16:8e0d178b1d1e 25151 case EVP_PKEY_EC:
wolfSSL 16:8e0d178b1d1e 25152 pk->algor->algorithm = wolfSSL_OBJ_nid2obj(ECDSAk);
wolfSSL 16:8e0d178b1d1e 25153 break;
wolfSSL 16:8e0d178b1d1e 25154 #endif
wolfSSL 16:8e0d178b1d1e 25155 default:
wolfSSL 16:8e0d178b1d1e 25156 WOLFSSL_MSG("Unknown key type");
wolfSSL 16:8e0d178b1d1e 25157 goto error;
wolfSSL 16:8e0d178b1d1e 25158 }
wolfSSL 16:8e0d178b1d1e 25159
wolfSSL 16:8e0d178b1d1e 25160 if (!pk->algor->algorithm) {
wolfSSL 16:8e0d178b1d1e 25161 WOLFSSL_MSG("Failed to create algorithm object");
wolfSSL 16:8e0d178b1d1e 25162 goto error;
wolfSSL 16:8e0d178b1d1e 25163 }
wolfSSL 16:8e0d178b1d1e 25164
wolfSSL 16:8e0d178b1d1e 25165 if (!wolfSSL_EVP_PKEY_up_ref(key)) {
wolfSSL 16:8e0d178b1d1e 25166 WOLFSSL_MSG("Failed to up key reference");
wolfSSL 16:8e0d178b1d1e 25167 goto error;
wolfSSL 16:8e0d178b1d1e 25168 }
wolfSSL 16:8e0d178b1d1e 25169 pk->pkey = key;
wolfSSL 16:8e0d178b1d1e 25170
wolfSSL 16:8e0d178b1d1e 25171 wolfSSL_X509_PUBKEY_free(*x);
wolfSSL 16:8e0d178b1d1e 25172 *x = pk;
wolfSSL 16:8e0d178b1d1e 25173 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 25174 error:
wolfSSL 16:8e0d178b1d1e 25175 if (pk) {
wolfSSL 16:8e0d178b1d1e 25176 wolfSSL_X509_PUBKEY_free(pk);
wolfSSL 16:8e0d178b1d1e 25177 }
wolfSSL 16:8e0d178b1d1e 25178 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 25179 }
wolfSSL 16:8e0d178b1d1e 25180
wolfSSL 16:8e0d178b1d1e 25181 #endif /* OPENSSL_ALL || WOLFSSL_APACHE_HTTPD || WOLFSSL_HAPROXY*/
wolfSSL 15:117db924cf7c 25182
wolfSSL 15:117db924cf7c 25183 #ifndef NO_WOLFSSL_STUB
wolfSSL 15:117db924cf7c 25184 /*** TBD ***/
wolfSSL 15:117db924cf7c 25185 WOLFSSL_API WOLFSSL_EVP_PKEY *wolfSSL_get_privatekey(const WOLFSSL *ssl)
wolfSSL 15:117db924cf7c 25186 {
wolfSSL 15:117db924cf7c 25187 (void)ssl;
wolfSSL 15:117db924cf7c 25188 WOLFSSL_STUB("SSL_get_privatekey");
wolfSSL 15:117db924cf7c 25189 return NULL;
wolfSSL 15:117db924cf7c 25190 }
wolfSSL 15:117db924cf7c 25191 #endif
wolfSSL 15:117db924cf7c 25192
wolfSSL 15:117db924cf7c 25193 #ifndef NO_WOLFSSL_STUB
wolfSSL 15:117db924cf7c 25194 /*** TBD ***/
wolfSSL 15:117db924cf7c 25195 WOLFSSL_API int i2t_ASN1_OBJECT(char *buf, int buf_len, WOLFSSL_ASN1_OBJECT *a)
wolfSSL 15:117db924cf7c 25196 {
wolfSSL 15:117db924cf7c 25197 (void)buf;
wolfSSL 15:117db924cf7c 25198 (void)buf_len;
wolfSSL 15:117db924cf7c 25199 (void)a;
wolfSSL 15:117db924cf7c 25200 WOLFSSL_STUB("i2t_ASN1_OBJECT");
wolfSSL 15:117db924cf7c 25201 return -1;
wolfSSL 15:117db924cf7c 25202 }
wolfSSL 15:117db924cf7c 25203 #endif
wolfSSL 15:117db924cf7c 25204
wolfSSL 16:8e0d178b1d1e 25205 /* Return number of bytes written to BIO on success. 0 on failure. */
wolfSSL 16:8e0d178b1d1e 25206 WOLFSSL_API int wolfSSL_i2a_ASN1_OBJECT(WOLFSSL_BIO *bp,
wolfSSL 16:8e0d178b1d1e 25207 WOLFSSL_ASN1_OBJECT *a)
wolfSSL 16:8e0d178b1d1e 25208 {
wolfSSL 16:8e0d178b1d1e 25209 int length = 0;
wolfSSL 16:8e0d178b1d1e 25210 word32 idx = 0;
wolfSSL 16:8e0d178b1d1e 25211 const char null_str[] = "NULL";
wolfSSL 16:8e0d178b1d1e 25212
wolfSSL 16:8e0d178b1d1e 25213 WOLFSSL_ENTER("wolfSSL_i2a_ASN1_OBJECT");
wolfSSL 16:8e0d178b1d1e 25214
wolfSSL 16:8e0d178b1d1e 25215 if (bp == NULL)
wolfSSL 16:8e0d178b1d1e 25216 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 25217
wolfSSL 16:8e0d178b1d1e 25218 if (a == NULL) {
wolfSSL 16:8e0d178b1d1e 25219 /* Write "NULL" */
wolfSSL 16:8e0d178b1d1e 25220 if (wolfSSL_BIO_write(bp, null_str, (int)XSTRLEN(null_str)) ==
wolfSSL 16:8e0d178b1d1e 25221 (int)XSTRLEN(null_str)) {
wolfSSL 16:8e0d178b1d1e 25222 return (int)XSTRLEN(null_str);
wolfSSL 16:8e0d178b1d1e 25223 }
wolfSSL 16:8e0d178b1d1e 25224 else {
wolfSSL 16:8e0d178b1d1e 25225 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 25226 }
wolfSSL 16:8e0d178b1d1e 25227 }
wolfSSL 16:8e0d178b1d1e 25228
wolfSSL 16:8e0d178b1d1e 25229
wolfSSL 16:8e0d178b1d1e 25230 if ((a->obj == NULL) || (a->obj[idx++] != ASN_OBJECT_ID)) {
wolfSSL 16:8e0d178b1d1e 25231 WOLFSSL_MSG("Bad ASN1 Object");
wolfSSL 16:8e0d178b1d1e 25232 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 25233 }
wolfSSL 16:8e0d178b1d1e 25234
wolfSSL 16:8e0d178b1d1e 25235 if (GetLength((const byte*)a->obj, &idx, &length,
wolfSSL 16:8e0d178b1d1e 25236 a->objSz) < 0 || length < 0) {
wolfSSL 16:8e0d178b1d1e 25237 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 25238 }
wolfSSL 16:8e0d178b1d1e 25239
wolfSSL 16:8e0d178b1d1e 25240 if (wolfSSL_BIO_write(bp, a->obj + idx, length) == (int)length) {
wolfSSL 16:8e0d178b1d1e 25241 return length;
wolfSSL 16:8e0d178b1d1e 25242 }
wolfSSL 16:8e0d178b1d1e 25243
wolfSSL 16:8e0d178b1d1e 25244 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 25245 }
wolfSSL 16:8e0d178b1d1e 25246
wolfSSL 15:117db924cf7c 25247 #if defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY)
wolfSSL 15:117db924cf7c 25248 #ifndef NO_WOLFSSL_STUB
wolfSSL 15:117db924cf7c 25249 /*** TBD ***/
wolfSSL 15:117db924cf7c 25250 WOLFSSL_API size_t SSL_get_finished(const WOLFSSL *s, void *buf, size_t count)
wolfSSL 15:117db924cf7c 25251 {
wolfSSL 15:117db924cf7c 25252 (void)s;
wolfSSL 15:117db924cf7c 25253 (void)buf;
wolfSSL 15:117db924cf7c 25254 (void)count;
wolfSSL 15:117db924cf7c 25255 WOLFSSL_STUB("SSL_get_finished");
wolfSSL 15:117db924cf7c 25256 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 25257 }
wolfSSL 15:117db924cf7c 25258 #endif
wolfSSL 15:117db924cf7c 25259
wolfSSL 15:117db924cf7c 25260 #ifndef NO_WOLFSSL_STUB
wolfSSL 15:117db924cf7c 25261 /*** TBD ***/
wolfSSL 15:117db924cf7c 25262 WOLFSSL_API size_t SSL_get_peer_finished(const WOLFSSL *s, void *buf, size_t count)
wolfSSL 15:117db924cf7c 25263 {
wolfSSL 15:117db924cf7c 25264 (void)s;
wolfSSL 15:117db924cf7c 25265 (void)buf;
wolfSSL 15:117db924cf7c 25266 (void)count;
wolfSSL 15:117db924cf7c 25267 WOLFSSL_STUB("SSL_get_peer_finished");
wolfSSL 15:117db924cf7c 25268 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 25269 }
wolfSSL 15:117db924cf7c 25270 #endif
wolfSSL 15:117db924cf7c 25271 #endif /* WOLFSSL_HAPROXY */
wolfSSL 15:117db924cf7c 25272
wolfSSL 15:117db924cf7c 25273 #ifndef NO_WOLFSSL_STUB
wolfSSL 15:117db924cf7c 25274 /*** TBD ***/
wolfSSL 15:117db924cf7c 25275 WOLFSSL_API void SSL_CTX_set_tmp_dh_callback(WOLFSSL_CTX *ctx, WOLFSSL_DH *(*dh) (WOLFSSL *ssl, int is_export, int keylength))
wolfSSL 15:117db924cf7c 25276 {
wolfSSL 15:117db924cf7c 25277 (void)ctx;
wolfSSL 15:117db924cf7c 25278 (void)dh;
wolfSSL 15:117db924cf7c 25279 WOLFSSL_STUB("SSL_CTX_set_tmp_dh_callback");
wolfSSL 15:117db924cf7c 25280 }
wolfSSL 15:117db924cf7c 25281 #endif
wolfSSL 15:117db924cf7c 25282
wolfSSL 15:117db924cf7c 25283 #ifndef NO_WOLFSSL_STUB
wolfSSL 15:117db924cf7c 25284 /*** TBD ***/
wolfSSL 15:117db924cf7c 25285 WOLFSSL_API WOLF_STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void)
wolfSSL 15:117db924cf7c 25286 {
wolfSSL 15:117db924cf7c 25287 WOLFSSL_STUB("SSL_COMP_get_compression_methods");
wolfSSL 15:117db924cf7c 25288 return NULL;
wolfSSL 15:117db924cf7c 25289 }
wolfSSL 15:117db924cf7c 25290 #endif
wolfSSL 15:117db924cf7c 25291
wolfSSL 16:8e0d178b1d1e 25292
wolfSSL 16:8e0d178b1d1e 25293 int wolfSSL_sk_SSL_CIPHER_num(const WOLF_STACK_OF(WOLFSSL_CIPHER)* p)
wolfSSL 16:8e0d178b1d1e 25294 {
wolfSSL 16:8e0d178b1d1e 25295 WOLFSSL_ENTER("wolfSSL_sk_SSL_CIPHER_num");
wolfSSL 16:8e0d178b1d1e 25296 if (p == NULL) {
wolfSSL 16:8e0d178b1d1e 25297 return WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 25298 }
wolfSSL 16:8e0d178b1d1e 25299 return (int)p->num;
wolfSSL 16:8e0d178b1d1e 25300 }
wolfSSL 15:117db924cf7c 25301
wolfSSL 15:117db924cf7c 25302 #if !defined(NO_FILESYSTEM)
wolfSSL 15:117db924cf7c 25303 #ifndef NO_WOLFSSL_STUB
wolfSSL 15:117db924cf7c 25304 /*** TBD ***/
wolfSSL 16:8e0d178b1d1e 25305 WOLFSSL_API WOLFSSL_EVP_PKEY *wolfSSL_PEM_read_PrivateKey(XFILE fp, WOLFSSL_EVP_PKEY **x, pem_password_cb *cb, void *u)
wolfSSL 15:117db924cf7c 25306 {
wolfSSL 15:117db924cf7c 25307 (void)fp;
wolfSSL 15:117db924cf7c 25308 (void)x;
wolfSSL 15:117db924cf7c 25309 (void)cb;
wolfSSL 15:117db924cf7c 25310 (void)u;
wolfSSL 15:117db924cf7c 25311 WOLFSSL_STUB("PEM_read_PrivateKey");
wolfSSL 15:117db924cf7c 25312 return NULL;
wolfSSL 15:117db924cf7c 25313 }
wolfSSL 15:117db924cf7c 25314 #endif
wolfSSL 15:117db924cf7c 25315 #endif
wolfSSL 15:117db924cf7c 25316
wolfSSL 16:8e0d178b1d1e 25317 #if !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR)
wolfSSL 16:8e0d178b1d1e 25318 /* Loads certificate(s) files in pem format into X509_STORE struct from either
wolfSSL 16:8e0d178b1d1e 25319 * a file or directory.
wolfSSL 16:8e0d178b1d1e 25320 * Returns WOLFSSL_SUCCESS on success or WOLFSSL_FAILURE if an error occurs.
wolfSSL 16:8e0d178b1d1e 25321 */
wolfSSL 16:8e0d178b1d1e 25322 WOLFSSL_API int wolfSSL_X509_STORE_load_locations(WOLFSSL_X509_STORE *str,
wolfSSL 16:8e0d178b1d1e 25323 const char *file, const char *dir)
wolfSSL 16:8e0d178b1d1e 25324 {
wolfSSL 16:8e0d178b1d1e 25325 WOLFSSL_CTX* ctx;
wolfSSL 16:8e0d178b1d1e 25326 char *name = NULL;
wolfSSL 16:8e0d178b1d1e 25327 int ret = WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 25328 int successes = 0;
wolfSSL 16:8e0d178b1d1e 25329 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 16:8e0d178b1d1e 25330 ReadDirCtx* readCtx = NULL;
wolfSSL 16:8e0d178b1d1e 25331 #else
wolfSSL 16:8e0d178b1d1e 25332 ReadDirCtx readCtx[1];
wolfSSL 16:8e0d178b1d1e 25333 #endif
wolfSSL 16:8e0d178b1d1e 25334
wolfSSL 16:8e0d178b1d1e 25335 WOLFSSL_ENTER("X509_STORE_load_locations");
wolfSSL 16:8e0d178b1d1e 25336
wolfSSL 16:8e0d178b1d1e 25337 if (str == NULL || str->cm == NULL || (file == NULL && dir == NULL))
wolfSSL 16:8e0d178b1d1e 25338 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 25339
wolfSSL 16:8e0d178b1d1e 25340 /* tmp ctx for setting our cert manager */
wolfSSL 16:8e0d178b1d1e 25341 ctx = wolfSSL_CTX_new(cm_pick_method());
wolfSSL 16:8e0d178b1d1e 25342 if (ctx == NULL)
wolfSSL 16:8e0d178b1d1e 25343 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 25344
wolfSSL 16:8e0d178b1d1e 25345 wolfSSL_CertManagerFree(ctx->cm);
wolfSSL 16:8e0d178b1d1e 25346 ctx->cm = str->cm;
wolfSSL 16:8e0d178b1d1e 25347
wolfSSL 16:8e0d178b1d1e 25348 #ifdef HAVE_CRL
wolfSSL 16:8e0d178b1d1e 25349 if (str->cm->crl == NULL) {
wolfSSL 16:8e0d178b1d1e 25350 if (wolfSSL_CertManagerEnableCRL(str->cm, 0) != WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 25351 WOLFSSL_MSG("Enable CRL failed");
wolfSSL 16:8e0d178b1d1e 25352 wolfSSL_CTX_free(ctx);
wolfSSL 16:8e0d178b1d1e 25353 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 25354 }
wolfSSL 16:8e0d178b1d1e 25355 }
wolfSSL 16:8e0d178b1d1e 25356 #endif
wolfSSL 16:8e0d178b1d1e 25357
wolfSSL 16:8e0d178b1d1e 25358 /* Load individual file */
wolfSSL 16:8e0d178b1d1e 25359 if (file) {
wolfSSL 16:8e0d178b1d1e 25360 /* Try to process file with type DETECT_CERT_TYPE to parse the
wolfSSL 16:8e0d178b1d1e 25361 correct certificate header and footer type */
wolfSSL 16:8e0d178b1d1e 25362 ret = ProcessFile(ctx, file, WOLFSSL_FILETYPE_PEM, DETECT_CERT_TYPE,
wolfSSL 16:8e0d178b1d1e 25363 NULL, 0, str->cm->crl, 0);
wolfSSL 16:8e0d178b1d1e 25364 if (ret != WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 25365 WOLFSSL_MSG("Failed to load file");
wolfSSL 16:8e0d178b1d1e 25366 ret = WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 25367 }
wolfSSL 16:8e0d178b1d1e 25368 }
wolfSSL 16:8e0d178b1d1e 25369
wolfSSL 16:8e0d178b1d1e 25370 /* Load files in dir */
wolfSSL 16:8e0d178b1d1e 25371 if (dir && ret == WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 25372 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 16:8e0d178b1d1e 25373 readCtx = (ReadDirCtx*)XMALLOC(sizeof(ReadDirCtx), ctx->heap,
wolfSSL 16:8e0d178b1d1e 25374 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 25375 if (readCtx == NULL) {
wolfSSL 16:8e0d178b1d1e 25376 WOLFSSL_MSG("Memory error");
wolfSSL 16:8e0d178b1d1e 25377 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 25378 }
wolfSSL 16:8e0d178b1d1e 25379 #endif
wolfSSL 16:8e0d178b1d1e 25380
wolfSSL 16:8e0d178b1d1e 25381 /* try to load each regular file in dir */
wolfSSL 16:8e0d178b1d1e 25382 ret = wc_ReadDirFirst(readCtx, dir, &name);
wolfSSL 16:8e0d178b1d1e 25383 while (ret == 0 && name) {
wolfSSL 16:8e0d178b1d1e 25384 WOLFSSL_MSG(name);
wolfSSL 16:8e0d178b1d1e 25385 /* Try to process file with type DETECT_CERT_TYPE to parse the
wolfSSL 16:8e0d178b1d1e 25386 correct certificate header and footer type */
wolfSSL 16:8e0d178b1d1e 25387 ret = ProcessFile(ctx, name, WOLFSSL_FILETYPE_PEM, DETECT_CERT_TYPE,
wolfSSL 16:8e0d178b1d1e 25388 NULL, 0, str->cm->crl, 0);
wolfSSL 16:8e0d178b1d1e 25389 /* Not failing on load errors */
wolfSSL 16:8e0d178b1d1e 25390 if (ret != WOLFSSL_SUCCESS)
wolfSSL 16:8e0d178b1d1e 25391 WOLFSSL_MSG("Failed to load file in path, continuing");
wolfSSL 16:8e0d178b1d1e 25392 else
wolfSSL 16:8e0d178b1d1e 25393 successes++;
wolfSSL 16:8e0d178b1d1e 25394
wolfSSL 16:8e0d178b1d1e 25395 ret = wc_ReadDirNext(readCtx, dir, &name);
wolfSSL 16:8e0d178b1d1e 25396 }
wolfSSL 16:8e0d178b1d1e 25397 wc_ReadDirClose(readCtx);
wolfSSL 16:8e0d178b1d1e 25398
wolfSSL 16:8e0d178b1d1e 25399 /* Success if at least one file in dir was loaded */
wolfSSL 16:8e0d178b1d1e 25400 if (successes > 0)
wolfSSL 16:8e0d178b1d1e 25401 ret = WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 25402 else {
wolfSSL 16:8e0d178b1d1e 25403 WOLFSSL_ERROR(ret);
wolfSSL 16:8e0d178b1d1e 25404 ret = WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 25405 }
wolfSSL 16:8e0d178b1d1e 25406
wolfSSL 16:8e0d178b1d1e 25407 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 16:8e0d178b1d1e 25408 XFREE(readCtx, ctx->heap, DYNAMIC_TYPE_DIRCTX);
wolfSSL 16:8e0d178b1d1e 25409 #endif
wolfSSL 16:8e0d178b1d1e 25410 }
wolfSSL 16:8e0d178b1d1e 25411
wolfSSL 16:8e0d178b1d1e 25412 ctx->cm = NULL;
wolfSSL 16:8e0d178b1d1e 25413 wolfSSL_CTX_free(ctx);
wolfSSL 16:8e0d178b1d1e 25414
wolfSSL 16:8e0d178b1d1e 25415 return ret;
wolfSSL 16:8e0d178b1d1e 25416 }
wolfSSL 16:8e0d178b1d1e 25417 #endif /* !NO_FILESYSTEM && !NO_WOLFSSL_DIR */
wolfSSL 15:117db924cf7c 25418
wolfSSL 15:117db924cf7c 25419 #ifndef NO_WOLFSSL_STUB
wolfSSL 15:117db924cf7c 25420 /*** TBD ***/
wolfSSL 15:117db924cf7c 25421 WOLFSSL_API WOLFSSL_CIPHER* wolfSSL_sk_SSL_CIPHER_value(void *ciphers, int idx)
wolfSSL 15:117db924cf7c 25422 {
wolfSSL 15:117db924cf7c 25423 (void)ciphers;
wolfSSL 15:117db924cf7c 25424 (void)idx;
wolfSSL 15:117db924cf7c 25425 WOLFSSL_STUB("wolfSSL_sk_SSL_CIPHER_value");
wolfSSL 15:117db924cf7c 25426 return NULL;
wolfSSL 15:117db924cf7c 25427 }
wolfSSL 15:117db924cf7c 25428 #endif
wolfSSL 15:117db924cf7c 25429
wolfSSL 15:117db924cf7c 25430 WOLFSSL_API void ERR_load_SSL_strings(void)
wolfSSL 15:117db924cf7c 25431 {
wolfSSL 15:117db924cf7c 25432
wolfSSL 15:117db924cf7c 25433 }
wolfSSL 15:117db924cf7c 25434
wolfSSL 15:117db924cf7c 25435 #ifdef HAVE_OCSP
wolfSSL 15:117db924cf7c 25436 WOLFSSL_API long wolfSSL_get_tlsext_status_ocsp_resp(WOLFSSL *s, unsigned char **resp)
wolfSSL 15:117db924cf7c 25437 {
wolfSSL 15:117db924cf7c 25438 if (s == NULL || resp == NULL)
wolfSSL 15:117db924cf7c 25439 return 0;
wolfSSL 15:117db924cf7c 25440
wolfSSL 15:117db924cf7c 25441 *resp = s->ocspResp;
wolfSSL 15:117db924cf7c 25442 return s->ocspRespSz;
wolfSSL 15:117db924cf7c 25443 }
wolfSSL 15:117db924cf7c 25444
wolfSSL 15:117db924cf7c 25445 WOLFSSL_API long wolfSSL_set_tlsext_status_ocsp_resp(WOLFSSL *s, unsigned char *resp, int len)
wolfSSL 15:117db924cf7c 25446 {
wolfSSL 15:117db924cf7c 25447 if (s == NULL)
wolfSSL 15:117db924cf7c 25448 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 25449
wolfSSL 15:117db924cf7c 25450 s->ocspResp = resp;
wolfSSL 15:117db924cf7c 25451 s->ocspRespSz = len;
wolfSSL 15:117db924cf7c 25452
wolfSSL 15:117db924cf7c 25453 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 25454 }
wolfSSL 15:117db924cf7c 25455 #endif /* HAVE_OCSP */
wolfSSL 15:117db924cf7c 25456
wolfSSL 16:8e0d178b1d1e 25457 #endif /* OPENSSL_EXTRA */
wolfSSL 16:8e0d178b1d1e 25458
wolfSSL 16:8e0d178b1d1e 25459 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
wolfSSL 15:117db924cf7c 25460 long wolfSSL_get_verify_result(const WOLFSSL *ssl)
wolfSSL 15:117db924cf7c 25461 {
wolfSSL 15:117db924cf7c 25462 if (ssl == NULL) {
wolfSSL 15:117db924cf7c 25463 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 25464 }
wolfSSL 15:117db924cf7c 25465
wolfSSL 15:117db924cf7c 25466 return ssl->peerVerifyRet;
wolfSSL 15:117db924cf7c 25467 }
wolfSSL 16:8e0d178b1d1e 25468 #endif
wolfSSL 16:8e0d178b1d1e 25469
wolfSSL 16:8e0d178b1d1e 25470 #ifdef OPENSSL_EXTRA
wolfSSL 15:117db924cf7c 25471
wolfSSL 15:117db924cf7c 25472 #ifndef NO_WOLFSSL_STUB
wolfSSL 15:117db924cf7c 25473 /* shows the number of accepts attempted by CTX in it's lifetime */
wolfSSL 15:117db924cf7c 25474 long wolfSSL_CTX_sess_accept(WOLFSSL_CTX* ctx)
wolfSSL 15:117db924cf7c 25475 {
wolfSSL 15:117db924cf7c 25476 WOLFSSL_STUB("wolfSSL_CTX_sess_accept");
wolfSSL 15:117db924cf7c 25477 (void)ctx;
wolfSSL 15:117db924cf7c 25478 return 0;
wolfSSL 15:117db924cf7c 25479 }
wolfSSL 15:117db924cf7c 25480 #endif
wolfSSL 15:117db924cf7c 25481
wolfSSL 15:117db924cf7c 25482 #ifndef NO_WOLFSSL_STUB
wolfSSL 15:117db924cf7c 25483 /* shows the number of connects attempted CTX in it's lifetime */
wolfSSL 15:117db924cf7c 25484 long wolfSSL_CTX_sess_connect(WOLFSSL_CTX* ctx)
wolfSSL 15:117db924cf7c 25485 {
wolfSSL 15:117db924cf7c 25486 WOLFSSL_STUB("wolfSSL_CTX_sess_connect");
wolfSSL 15:117db924cf7c 25487 (void)ctx;
wolfSSL 15:117db924cf7c 25488 return 0;
wolfSSL 15:117db924cf7c 25489 }
wolfSSL 15:117db924cf7c 25490 #endif
wolfSSL 15:117db924cf7c 25491
wolfSSL 15:117db924cf7c 25492
wolfSSL 15:117db924cf7c 25493 #ifndef NO_WOLFSSL_STUB
wolfSSL 15:117db924cf7c 25494 /* shows the number of accepts completed by CTX in it's lifetime */
wolfSSL 15:117db924cf7c 25495 long wolfSSL_CTX_sess_accept_good(WOLFSSL_CTX* ctx)
wolfSSL 15:117db924cf7c 25496 {
wolfSSL 15:117db924cf7c 25497 WOLFSSL_STUB("wolfSSL_CTX_sess_accept_good");
wolfSSL 15:117db924cf7c 25498 (void)ctx;
wolfSSL 15:117db924cf7c 25499 return 0;
wolfSSL 15:117db924cf7c 25500 }
wolfSSL 15:117db924cf7c 25501 #endif
wolfSSL 15:117db924cf7c 25502
wolfSSL 15:117db924cf7c 25503
wolfSSL 15:117db924cf7c 25504 #ifndef NO_WOLFSSL_STUB
wolfSSL 15:117db924cf7c 25505 /* shows the number of connects completed by CTX in it's lifetime */
wolfSSL 15:117db924cf7c 25506 long wolfSSL_CTX_sess_connect_good(WOLFSSL_CTX* ctx)
wolfSSL 15:117db924cf7c 25507 {
wolfSSL 15:117db924cf7c 25508 WOLFSSL_STUB("wolfSSL_CTX_sess_connect_good");
wolfSSL 15:117db924cf7c 25509 (void)ctx;
wolfSSL 15:117db924cf7c 25510 return 0;
wolfSSL 15:117db924cf7c 25511 }
wolfSSL 15:117db924cf7c 25512 #endif
wolfSSL 15:117db924cf7c 25513
wolfSSL 15:117db924cf7c 25514
wolfSSL 15:117db924cf7c 25515 #ifndef NO_WOLFSSL_STUB
wolfSSL 15:117db924cf7c 25516 /* shows the number of renegotiation accepts attempted by CTX */
wolfSSL 15:117db924cf7c 25517 long wolfSSL_CTX_sess_accept_renegotiate(WOLFSSL_CTX* ctx)
wolfSSL 15:117db924cf7c 25518 {
wolfSSL 15:117db924cf7c 25519 WOLFSSL_STUB("wolfSSL_CTX_sess_accept_renegotiate");
wolfSSL 15:117db924cf7c 25520 (void)ctx;
wolfSSL 15:117db924cf7c 25521 return 0;
wolfSSL 15:117db924cf7c 25522 }
wolfSSL 15:117db924cf7c 25523 #endif
wolfSSL 15:117db924cf7c 25524
wolfSSL 15:117db924cf7c 25525
wolfSSL 15:117db924cf7c 25526 #ifndef NO_WOLFSSL_STUB
wolfSSL 15:117db924cf7c 25527 /* shows the number of renegotiation accepts attempted by CTX */
wolfSSL 15:117db924cf7c 25528 long wolfSSL_CTX_sess_connect_renegotiate(WOLFSSL_CTX* ctx)
wolfSSL 15:117db924cf7c 25529 {
wolfSSL 15:117db924cf7c 25530 WOLFSSL_STUB("wolfSSL_CTX_sess_connect_renegotiate");
wolfSSL 15:117db924cf7c 25531 (void)ctx;
wolfSSL 15:117db924cf7c 25532 return 0;
wolfSSL 15:117db924cf7c 25533 }
wolfSSL 15:117db924cf7c 25534 #endif
wolfSSL 15:117db924cf7c 25535
wolfSSL 15:117db924cf7c 25536
wolfSSL 15:117db924cf7c 25537 #ifndef NO_WOLFSSL_STUB
wolfSSL 15:117db924cf7c 25538 long wolfSSL_CTX_sess_hits(WOLFSSL_CTX* ctx)
wolfSSL 15:117db924cf7c 25539 {
wolfSSL 15:117db924cf7c 25540 WOLFSSL_STUB("wolfSSL_CTX_sess_hits");
wolfSSL 15:117db924cf7c 25541 (void)ctx;
wolfSSL 15:117db924cf7c 25542 return 0;
wolfSSL 15:117db924cf7c 25543 }
wolfSSL 15:117db924cf7c 25544 #endif
wolfSSL 15:117db924cf7c 25545
wolfSSL 15:117db924cf7c 25546
wolfSSL 15:117db924cf7c 25547 #ifndef NO_WOLFSSL_STUB
wolfSSL 15:117db924cf7c 25548 long wolfSSL_CTX_sess_cb_hits(WOLFSSL_CTX* ctx)
wolfSSL 15:117db924cf7c 25549 {
wolfSSL 15:117db924cf7c 25550 WOLFSSL_STUB("wolfSSL_CTX_sess_cb_hits");
wolfSSL 15:117db924cf7c 25551 (void)ctx;
wolfSSL 15:117db924cf7c 25552 return 0;
wolfSSL 15:117db924cf7c 25553 }
wolfSSL 15:117db924cf7c 25554 #endif
wolfSSL 15:117db924cf7c 25555
wolfSSL 15:117db924cf7c 25556
wolfSSL 15:117db924cf7c 25557 #ifndef NO_WOLFSSL_STUB
wolfSSL 15:117db924cf7c 25558 long wolfSSL_CTX_sess_cache_full(WOLFSSL_CTX* ctx)
wolfSSL 15:117db924cf7c 25559 {
wolfSSL 15:117db924cf7c 25560 WOLFSSL_STUB("wolfSSL_CTX_sess_cache_full");
wolfSSL 15:117db924cf7c 25561 (void)ctx;
wolfSSL 15:117db924cf7c 25562 return 0;
wolfSSL 15:117db924cf7c 25563 }
wolfSSL 15:117db924cf7c 25564 #endif
wolfSSL 15:117db924cf7c 25565
wolfSSL 15:117db924cf7c 25566
wolfSSL 15:117db924cf7c 25567 #ifndef NO_WOLFSSL_STUB
wolfSSL 15:117db924cf7c 25568 long wolfSSL_CTX_sess_misses(WOLFSSL_CTX* ctx)
wolfSSL 15:117db924cf7c 25569 {
wolfSSL 15:117db924cf7c 25570 WOLFSSL_STUB("wolfSSL_CTX_sess_misses");
wolfSSL 15:117db924cf7c 25571 (void)ctx;
wolfSSL 15:117db924cf7c 25572 return 0;
wolfSSL 15:117db924cf7c 25573 }
wolfSSL 15:117db924cf7c 25574 #endif
wolfSSL 15:117db924cf7c 25575
wolfSSL 15:117db924cf7c 25576
wolfSSL 15:117db924cf7c 25577 #ifndef NO_WOLFSSL_STUB
wolfSSL 15:117db924cf7c 25578 long wolfSSL_CTX_sess_timeouts(WOLFSSL_CTX* ctx)
wolfSSL 15:117db924cf7c 25579 {
wolfSSL 15:117db924cf7c 25580 WOLFSSL_STUB("wolfSSL_CTX_sess_timeouts");
wolfSSL 15:117db924cf7c 25581 (void)ctx;
wolfSSL 15:117db924cf7c 25582 return 0;
wolfSSL 15:117db924cf7c 25583 }
wolfSSL 15:117db924cf7c 25584 #endif
wolfSSL 15:117db924cf7c 25585
wolfSSL 15:117db924cf7c 25586
wolfSSL 15:117db924cf7c 25587 /* Return the total number of sessions */
wolfSSL 15:117db924cf7c 25588 long wolfSSL_CTX_sess_number(WOLFSSL_CTX* ctx)
wolfSSL 15:117db924cf7c 25589 {
wolfSSL 15:117db924cf7c 25590 word32 total = 0;
wolfSSL 15:117db924cf7c 25591
wolfSSL 15:117db924cf7c 25592 WOLFSSL_ENTER("wolfSSL_CTX_sess_number");
wolfSSL 15:117db924cf7c 25593 (void)ctx;
wolfSSL 15:117db924cf7c 25594
wolfSSL 15:117db924cf7c 25595 #ifdef WOLFSSL_SESSION_STATS
wolfSSL 15:117db924cf7c 25596 if (wolfSSL_get_session_stats(NULL, &total, NULL, NULL) != SSL_SUCCESS) {
wolfSSL 15:117db924cf7c 25597 WOLFSSL_MSG("Error getting session stats");
wolfSSL 15:117db924cf7c 25598 }
wolfSSL 15:117db924cf7c 25599 #else
wolfSSL 15:117db924cf7c 25600 WOLFSSL_MSG("Please use macro WOLFSSL_SESSION_STATS for session stats");
wolfSSL 15:117db924cf7c 25601 #endif
wolfSSL 15:117db924cf7c 25602
wolfSSL 15:117db924cf7c 25603 return (long)total;
wolfSSL 15:117db924cf7c 25604 }
wolfSSL 15:117db924cf7c 25605
wolfSSL 15:117db924cf7c 25606
wolfSSL 15:117db924cf7c 25607 #ifndef NO_CERTS
wolfSSL 15:117db924cf7c 25608 long wolfSSL_CTX_add_extra_chain_cert(WOLFSSL_CTX* ctx, WOLFSSL_X509* x509)
wolfSSL 15:117db924cf7c 25609 {
wolfSSL 15:117db924cf7c 25610 byte* chain = NULL;
wolfSSL 15:117db924cf7c 25611 long chainSz = 0;
wolfSSL 15:117db924cf7c 25612 int derSz;
wolfSSL 15:117db924cf7c 25613 const byte* der;
wolfSSL 15:117db924cf7c 25614 int ret;
wolfSSL 15:117db924cf7c 25615 int idx = 0;
wolfSSL 15:117db924cf7c 25616 DerBuffer *derBuffer = NULL;
wolfSSL 15:117db924cf7c 25617
wolfSSL 15:117db924cf7c 25618 WOLFSSL_ENTER("wolfSSL_CTX_add_extra_chain_cert");
wolfSSL 15:117db924cf7c 25619
wolfSSL 15:117db924cf7c 25620 if (ctx == NULL || x509 == NULL) {
wolfSSL 15:117db924cf7c 25621 WOLFSSL_MSG("Bad Argument");
wolfSSL 15:117db924cf7c 25622 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 25623 }
wolfSSL 15:117db924cf7c 25624
wolfSSL 15:117db924cf7c 25625 der = wolfSSL_X509_get_der(x509, &derSz);
wolfSSL 15:117db924cf7c 25626 if (der == NULL || derSz <= 0) {
wolfSSL 15:117db924cf7c 25627 WOLFSSL_MSG("Error getting X509 DER");
wolfSSL 15:117db924cf7c 25628 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 25629 }
wolfSSL 15:117db924cf7c 25630
wolfSSL 15:117db924cf7c 25631 if (ctx->certificate == NULL) {
wolfSSL 16:8e0d178b1d1e 25632 WOLFSSL_ENTER("wolfSSL_use_certificate_chain_buffer_format");
wolfSSL 16:8e0d178b1d1e 25633
wolfSSL 15:117db924cf7c 25634 /* Process buffer makes first certificate the leaf. */
wolfSSL 15:117db924cf7c 25635 ret = ProcessBuffer(ctx, der, derSz, WOLFSSL_FILETYPE_ASN1, CERT_TYPE,
wolfSSL 16:8e0d178b1d1e 25636 NULL, NULL, 1, GET_VERIFY_SETTING_CTX(ctx));
wolfSSL 15:117db924cf7c 25637 if (ret != WOLFSSL_SUCCESS) {
wolfSSL 15:117db924cf7c 25638 WOLFSSL_LEAVE("wolfSSL_CTX_add_extra_chain_cert", ret);
wolfSSL 15:117db924cf7c 25639 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 25640 }
wolfSSL 15:117db924cf7c 25641 }
wolfSSL 15:117db924cf7c 25642 else {
wolfSSL 15:117db924cf7c 25643 /* TODO: Do this elsewhere. */
wolfSSL 15:117db924cf7c 25644 ret = AllocDer(&derBuffer, derSz, CERT_TYPE, ctx->heap);
wolfSSL 15:117db924cf7c 25645 if (ret != 0) {
wolfSSL 15:117db924cf7c 25646 WOLFSSL_MSG("Memory Error");
wolfSSL 15:117db924cf7c 25647 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 25648 }
wolfSSL 15:117db924cf7c 25649 XMEMCPY(derBuffer->buffer, der, derSz);
wolfSSL 16:8e0d178b1d1e 25650 ret = AddCA(ctx->cm, &derBuffer, WOLFSSL_USER_CA,
wolfSSL 16:8e0d178b1d1e 25651 GET_VERIFY_SETTING_CTX(ctx));
wolfSSL 15:117db924cf7c 25652 if (ret != WOLFSSL_SUCCESS) {
wolfSSL 15:117db924cf7c 25653 WOLFSSL_LEAVE("wolfSSL_CTX_add_extra_chain_cert", ret);
wolfSSL 15:117db924cf7c 25654 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 25655 }
wolfSSL 15:117db924cf7c 25656
wolfSSL 15:117db924cf7c 25657 /* adding cert to existing chain */
wolfSSL 15:117db924cf7c 25658 if (ctx->certChain != NULL && ctx->certChain->length > 0) {
wolfSSL 15:117db924cf7c 25659 chainSz += ctx->certChain->length;
wolfSSL 15:117db924cf7c 25660 }
wolfSSL 15:117db924cf7c 25661 chainSz += OPAQUE24_LEN + derSz;
wolfSSL 15:117db924cf7c 25662
wolfSSL 15:117db924cf7c 25663 chain = (byte*)XMALLOC(chainSz, ctx->heap, DYNAMIC_TYPE_DER);
wolfSSL 15:117db924cf7c 25664 if (chain == NULL) {
wolfSSL 15:117db924cf7c 25665 WOLFSSL_MSG("Memory Error");
wolfSSL 15:117db924cf7c 25666 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 25667 }
wolfSSL 15:117db924cf7c 25668
wolfSSL 15:117db924cf7c 25669 if (ctx->certChain != NULL && ctx->certChain->length > 0) {
wolfSSL 15:117db924cf7c 25670 XMEMCPY(chain, ctx->certChain->buffer, ctx->certChain->length);
wolfSSL 15:117db924cf7c 25671 idx = ctx->certChain->length;
wolfSSL 15:117db924cf7c 25672 }
wolfSSL 15:117db924cf7c 25673 c32to24(derSz, chain + idx);
wolfSSL 15:117db924cf7c 25674 idx += OPAQUE24_LEN,
wolfSSL 15:117db924cf7c 25675 XMEMCPY(chain + idx, der, derSz);
wolfSSL 15:117db924cf7c 25676 idx += derSz;
wolfSSL 15:117db924cf7c 25677 #ifdef WOLFSSL_TLS13
wolfSSL 15:117db924cf7c 25678 ctx->certChainCnt++;
wolfSSL 15:117db924cf7c 25679 #endif
wolfSSL 15:117db924cf7c 25680
wolfSSL 15:117db924cf7c 25681 FreeDer(&ctx->certChain);
wolfSSL 15:117db924cf7c 25682 ret = AllocDer(&ctx->certChain, idx, CERT_TYPE, ctx->heap);
wolfSSL 15:117db924cf7c 25683 if (ret == 0) {
wolfSSL 15:117db924cf7c 25684 XMEMCPY(ctx->certChain->buffer, chain, idx);
wolfSSL 15:117db924cf7c 25685 }
wolfSSL 15:117db924cf7c 25686 }
wolfSSL 15:117db924cf7c 25687
wolfSSL 15:117db924cf7c 25688 /* on success WOLFSSL_X509 memory is responsibility of ctx */
wolfSSL 15:117db924cf7c 25689 wolfSSL_X509_free(x509);
wolfSSL 15:117db924cf7c 25690 if (chain != NULL)
wolfSSL 15:117db924cf7c 25691 XFREE(chain, ctx->heap, DYNAMIC_TYPE_DER);
wolfSSL 15:117db924cf7c 25692
wolfSSL 15:117db924cf7c 25693 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 25694 }
wolfSSL 15:117db924cf7c 25695
wolfSSL 15:117db924cf7c 25696
wolfSSL 15:117db924cf7c 25697 long wolfSSL_CTX_set_tlsext_status_arg(WOLFSSL_CTX* ctx, void* arg)
wolfSSL 15:117db924cf7c 25698 {
wolfSSL 15:117db924cf7c 25699 if (ctx == NULL || ctx->cm == NULL) {
wolfSSL 15:117db924cf7c 25700 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 25701 }
wolfSSL 15:117db924cf7c 25702
wolfSSL 15:117db924cf7c 25703 ctx->cm->ocspIOCtx = arg;
wolfSSL 15:117db924cf7c 25704 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 25705 }
wolfSSL 15:117db924cf7c 25706
wolfSSL 15:117db924cf7c 25707 #endif /* NO_CERTS */
wolfSSL 15:117db924cf7c 25708
wolfSSL 15:117db924cf7c 25709
wolfSSL 15:117db924cf7c 25710 /* Get the session cache mode for CTX
wolfSSL 15:117db924cf7c 25711 *
wolfSSL 15:117db924cf7c 25712 * ctx WOLFSSL_CTX struct to get cache mode from
wolfSSL 15:117db924cf7c 25713 *
wolfSSL 15:117db924cf7c 25714 * Returns a bit mask that has the session cache mode */
wolfSSL 15:117db924cf7c 25715 WOLFSSL_API long wolfSSL_CTX_get_session_cache_mode(WOLFSSL_CTX* ctx)
wolfSSL 15:117db924cf7c 25716 {
wolfSSL 15:117db924cf7c 25717 long m = 0;
wolfSSL 15:117db924cf7c 25718
wolfSSL 15:117db924cf7c 25719 WOLFSSL_ENTER("SSL_CTX_set_session_cache_mode");
wolfSSL 15:117db924cf7c 25720
wolfSSL 15:117db924cf7c 25721 if (ctx == NULL) {
wolfSSL 15:117db924cf7c 25722 return m;
wolfSSL 15:117db924cf7c 25723 }
wolfSSL 15:117db924cf7c 25724
wolfSSL 15:117db924cf7c 25725 if (ctx->sessionCacheOff != 1) {
wolfSSL 15:117db924cf7c 25726 m |= SSL_SESS_CACHE_SERVER;
wolfSSL 15:117db924cf7c 25727 }
wolfSSL 15:117db924cf7c 25728
wolfSSL 15:117db924cf7c 25729 if (ctx->sessionCacheFlushOff == 1) {
wolfSSL 15:117db924cf7c 25730 m |= SSL_SESS_CACHE_NO_AUTO_CLEAR;
wolfSSL 15:117db924cf7c 25731 }
wolfSSL 15:117db924cf7c 25732
wolfSSL 15:117db924cf7c 25733 #ifdef HAVE_EXT_CACHE
wolfSSL 15:117db924cf7c 25734 if (ctx->internalCacheOff == 1) {
wolfSSL 15:117db924cf7c 25735 m |= SSL_SESS_CACHE_NO_INTERNAL_STORE;
wolfSSL 15:117db924cf7c 25736 }
wolfSSL 15:117db924cf7c 25737 #endif
wolfSSL 15:117db924cf7c 25738
wolfSSL 15:117db924cf7c 25739 return m;
wolfSSL 15:117db924cf7c 25740 }
wolfSSL 15:117db924cf7c 25741
wolfSSL 15:117db924cf7c 25742
wolfSSL 15:117db924cf7c 25743 int wolfSSL_CTX_get_read_ahead(WOLFSSL_CTX* ctx)
wolfSSL 15:117db924cf7c 25744 {
wolfSSL 15:117db924cf7c 25745 if (ctx == NULL) {
wolfSSL 15:117db924cf7c 25746 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 25747 }
wolfSSL 15:117db924cf7c 25748
wolfSSL 15:117db924cf7c 25749 return ctx->readAhead;
wolfSSL 15:117db924cf7c 25750 }
wolfSSL 15:117db924cf7c 25751
wolfSSL 15:117db924cf7c 25752
wolfSSL 15:117db924cf7c 25753 int wolfSSL_CTX_set_read_ahead(WOLFSSL_CTX* ctx, int v)
wolfSSL 15:117db924cf7c 25754 {
wolfSSL 15:117db924cf7c 25755 if (ctx == NULL) {
wolfSSL 15:117db924cf7c 25756 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 25757 }
wolfSSL 15:117db924cf7c 25758
wolfSSL 15:117db924cf7c 25759 ctx->readAhead = (byte)v;
wolfSSL 15:117db924cf7c 25760
wolfSSL 15:117db924cf7c 25761 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 25762 }
wolfSSL 15:117db924cf7c 25763
wolfSSL 15:117db924cf7c 25764
wolfSSL 15:117db924cf7c 25765 long wolfSSL_CTX_set_tlsext_opaque_prf_input_callback_arg(WOLFSSL_CTX* ctx,
wolfSSL 15:117db924cf7c 25766 void* arg)
wolfSSL 15:117db924cf7c 25767 {
wolfSSL 15:117db924cf7c 25768 if (ctx == NULL) {
wolfSSL 15:117db924cf7c 25769 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 25770 }
wolfSSL 15:117db924cf7c 25771
wolfSSL 15:117db924cf7c 25772 ctx->userPRFArg = arg;
wolfSSL 15:117db924cf7c 25773 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 25774 }
wolfSSL 15:117db924cf7c 25775
wolfSSL 15:117db924cf7c 25776
wolfSSL 15:117db924cf7c 25777 #ifndef NO_DES3
wolfSSL 15:117db924cf7c 25778 /* 0 on success */
wolfSSL 15:117db924cf7c 25779 int wolfSSL_DES_set_key(WOLFSSL_const_DES_cblock* myDes,
wolfSSL 15:117db924cf7c 25780 WOLFSSL_DES_key_schedule* key)
wolfSSL 15:117db924cf7c 25781 {
wolfSSL 15:117db924cf7c 25782 #ifdef WOLFSSL_CHECK_DESKEY
wolfSSL 15:117db924cf7c 25783 return wolfSSL_DES_set_key_checked(myDes, key);
wolfSSL 15:117db924cf7c 25784 #else
wolfSSL 15:117db924cf7c 25785 wolfSSL_DES_set_key_unchecked(myDes, key);
wolfSSL 15:117db924cf7c 25786 return 0;
wolfSSL 15:117db924cf7c 25787 #endif
wolfSSL 15:117db924cf7c 25788 }
wolfSSL 15:117db924cf7c 25789
wolfSSL 15:117db924cf7c 25790
wolfSSL 15:117db924cf7c 25791
wolfSSL 15:117db924cf7c 25792 /* return true in fail case (1) */
wolfSSL 15:117db924cf7c 25793 static int DES_check(word32 mask, word32 mask2, unsigned char* key)
wolfSSL 15:117db924cf7c 25794 {
wolfSSL 15:117db924cf7c 25795 word32 value[2];
wolfSSL 15:117db924cf7c 25796
wolfSSL 15:117db924cf7c 25797 /* sanity check on length made in wolfSSL_DES_set_key_checked */
wolfSSL 15:117db924cf7c 25798 value[0] = mask;
wolfSSL 15:117db924cf7c 25799 value[1] = mask2;
wolfSSL 15:117db924cf7c 25800 return (XMEMCMP(value, key, sizeof(value)) == 0)? 1: 0;
wolfSSL 15:117db924cf7c 25801 }
wolfSSL 15:117db924cf7c 25802
wolfSSL 15:117db924cf7c 25803
wolfSSL 15:117db924cf7c 25804 /* check that the key is odd parity and is not a weak key
wolfSSL 15:117db924cf7c 25805 * returns -1 if parity is wrong, -2 if weak/null key and 0 on success */
wolfSSL 15:117db924cf7c 25806 int wolfSSL_DES_set_key_checked(WOLFSSL_const_DES_cblock* myDes,
wolfSSL 15:117db924cf7c 25807 WOLFSSL_DES_key_schedule* key)
wolfSSL 15:117db924cf7c 25808 {
wolfSSL 15:117db924cf7c 25809 if (myDes == NULL || key == NULL) {
wolfSSL 15:117db924cf7c 25810 WOLFSSL_MSG("Bad argument passed to wolfSSL_DES_set_key_checked");
wolfSSL 15:117db924cf7c 25811 return -2;
wolfSSL 15:117db924cf7c 25812 }
wolfSSL 15:117db924cf7c 25813 else {
wolfSSL 15:117db924cf7c 25814 word32 sz = sizeof(WOLFSSL_DES_key_schedule);
wolfSSL 15:117db924cf7c 25815
wolfSSL 15:117db924cf7c 25816 /* sanity check before call to DES_check */
wolfSSL 15:117db924cf7c 25817 if (sz != (sizeof(word32) * 2)) {
wolfSSL 15:117db924cf7c 25818 WOLFSSL_MSG("Unexpected WOLFSSL_DES_key_schedule size");
wolfSSL 15:117db924cf7c 25819 return -2;
wolfSSL 15:117db924cf7c 25820 }
wolfSSL 15:117db924cf7c 25821
wolfSSL 15:117db924cf7c 25822 /* check odd parity */
wolfSSL 16:8e0d178b1d1e 25823 if (wolfSSL_DES_check_key_parity(myDes) != 1) {
wolfSSL 16:8e0d178b1d1e 25824 WOLFSSL_MSG("Odd parity test fail");
wolfSSL 16:8e0d178b1d1e 25825 return -1;
wolfSSL 15:117db924cf7c 25826 }
wolfSSL 15:117db924cf7c 25827
wolfSSL 15:117db924cf7c 25828 if (wolfSSL_DES_is_weak_key(myDes) == 1) {
wolfSSL 15:117db924cf7c 25829 WOLFSSL_MSG("Weak key found");
wolfSSL 15:117db924cf7c 25830 return -2;
wolfSSL 15:117db924cf7c 25831 }
wolfSSL 15:117db924cf7c 25832
wolfSSL 15:117db924cf7c 25833 /* passed tests, now copy over key */
wolfSSL 15:117db924cf7c 25834 XMEMCPY(key, myDes, sizeof(WOLFSSL_const_DES_cblock));
wolfSSL 15:117db924cf7c 25835
wolfSSL 15:117db924cf7c 25836 return 0;
wolfSSL 15:117db924cf7c 25837 }
wolfSSL 15:117db924cf7c 25838 }
wolfSSL 15:117db924cf7c 25839
wolfSSL 15:117db924cf7c 25840
wolfSSL 15:117db924cf7c 25841 /* check is not weak. Weak key list from Nist "Recommendation for the Triple
wolfSSL 15:117db924cf7c 25842 * Data Encryption Algorithm (TDEA) Block Cipher"
wolfSSL 15:117db924cf7c 25843 *
wolfSSL 15:117db924cf7c 25844 * returns 1 if is weak 0 if not
wolfSSL 15:117db924cf7c 25845 */
wolfSSL 15:117db924cf7c 25846 int wolfSSL_DES_is_weak_key(WOLFSSL_const_DES_cblock* key)
wolfSSL 15:117db924cf7c 25847 {
wolfSSL 15:117db924cf7c 25848 word32 mask, mask2;
wolfSSL 15:117db924cf7c 25849
wolfSSL 15:117db924cf7c 25850 WOLFSSL_ENTER("wolfSSL_DES_is_weak_key");
wolfSSL 15:117db924cf7c 25851
wolfSSL 15:117db924cf7c 25852 if (key == NULL) {
wolfSSL 15:117db924cf7c 25853 WOLFSSL_MSG("NULL key passed in");
wolfSSL 15:117db924cf7c 25854 return 1;
wolfSSL 15:117db924cf7c 25855 }
wolfSSL 15:117db924cf7c 25856
wolfSSL 15:117db924cf7c 25857 mask = 0x01010101; mask2 = 0x01010101;
wolfSSL 15:117db924cf7c 25858 if (DES_check(mask, mask2, *key)) {
wolfSSL 15:117db924cf7c 25859 WOLFSSL_MSG("Weak key found");
wolfSSL 15:117db924cf7c 25860 return 1;
wolfSSL 15:117db924cf7c 25861 }
wolfSSL 15:117db924cf7c 25862
wolfSSL 15:117db924cf7c 25863 mask = 0xFEFEFEFE; mask2 = 0xFEFEFEFE;
wolfSSL 15:117db924cf7c 25864 if (DES_check(mask, mask2, *key)) {
wolfSSL 15:117db924cf7c 25865 WOLFSSL_MSG("Weak key found");
wolfSSL 15:117db924cf7c 25866 return 1;
wolfSSL 15:117db924cf7c 25867 }
wolfSSL 15:117db924cf7c 25868
wolfSSL 15:117db924cf7c 25869 mask = 0xE0E0E0E0; mask2 = 0xF1F1F1F1;
wolfSSL 15:117db924cf7c 25870 if (DES_check(mask, mask2, *key)) {
wolfSSL 15:117db924cf7c 25871 WOLFSSL_MSG("Weak key found");
wolfSSL 15:117db924cf7c 25872 return 1;
wolfSSL 15:117db924cf7c 25873 }
wolfSSL 15:117db924cf7c 25874
wolfSSL 15:117db924cf7c 25875 mask = 0x1F1F1F1F; mask2 = 0x0E0E0E0E;
wolfSSL 15:117db924cf7c 25876 if (DES_check(mask, mask2, *key)) {
wolfSSL 15:117db924cf7c 25877 WOLFSSL_MSG("Weak key found");
wolfSSL 15:117db924cf7c 25878 return 1;
wolfSSL 15:117db924cf7c 25879 }
wolfSSL 15:117db924cf7c 25880
wolfSSL 15:117db924cf7c 25881 /* semi-weak *key check (list from same Nist paper) */
wolfSSL 15:117db924cf7c 25882 mask = 0x011F011F; mask2 = 0x010E010E;
wolfSSL 15:117db924cf7c 25883 if (DES_check(mask, mask2, *key) ||
wolfSSL 15:117db924cf7c 25884 DES_check(ByteReverseWord32(mask), ByteReverseWord32(mask2), *key)) {
wolfSSL 15:117db924cf7c 25885 WOLFSSL_MSG("Weak key found");
wolfSSL 15:117db924cf7c 25886 return 1;
wolfSSL 15:117db924cf7c 25887 }
wolfSSL 15:117db924cf7c 25888
wolfSSL 15:117db924cf7c 25889 mask = 0x01E001E0; mask2 = 0x01F101F1;
wolfSSL 15:117db924cf7c 25890 if (DES_check(mask, mask2, *key) ||
wolfSSL 15:117db924cf7c 25891 DES_check(ByteReverseWord32(mask), ByteReverseWord32(mask2), *key)) {
wolfSSL 15:117db924cf7c 25892 WOLFSSL_MSG("Weak key found");
wolfSSL 15:117db924cf7c 25893 return 1;
wolfSSL 15:117db924cf7c 25894 }
wolfSSL 15:117db924cf7c 25895
wolfSSL 15:117db924cf7c 25896 mask = 0x01FE01FE; mask2 = 0x01FE01FE;
wolfSSL 15:117db924cf7c 25897 if (DES_check(mask, mask2, *key) ||
wolfSSL 15:117db924cf7c 25898 DES_check(ByteReverseWord32(mask), ByteReverseWord32(mask2), *key)) {
wolfSSL 15:117db924cf7c 25899 WOLFSSL_MSG("Weak key found");
wolfSSL 15:117db924cf7c 25900 return 1;
wolfSSL 15:117db924cf7c 25901 }
wolfSSL 15:117db924cf7c 25902
wolfSSL 15:117db924cf7c 25903 mask = 0x1FE01FE0; mask2 = 0x0EF10EF1;
wolfSSL 15:117db924cf7c 25904 if (DES_check(mask, mask2, *key) ||
wolfSSL 15:117db924cf7c 25905 DES_check(ByteReverseWord32(mask), ByteReverseWord32(mask2), *key)) {
wolfSSL 15:117db924cf7c 25906 WOLFSSL_MSG("Weak key found");
wolfSSL 15:117db924cf7c 25907 return 1;
wolfSSL 15:117db924cf7c 25908 }
wolfSSL 15:117db924cf7c 25909
wolfSSL 15:117db924cf7c 25910 mask = 0x1FFE1FFE; mask2 = 0x0EFE0EFE;
wolfSSL 15:117db924cf7c 25911 if (DES_check(mask, mask2, *key) ||
wolfSSL 15:117db924cf7c 25912 DES_check(ByteReverseWord32(mask), ByteReverseWord32(mask2), *key)) {
wolfSSL 15:117db924cf7c 25913 WOLFSSL_MSG("Weak key found");
wolfSSL 15:117db924cf7c 25914 return 1;
wolfSSL 15:117db924cf7c 25915 }
wolfSSL 15:117db924cf7c 25916
wolfSSL 15:117db924cf7c 25917 return 0;
wolfSSL 15:117db924cf7c 25918 }
wolfSSL 15:117db924cf7c 25919
wolfSSL 15:117db924cf7c 25920
wolfSSL 15:117db924cf7c 25921 void wolfSSL_DES_set_key_unchecked(WOLFSSL_const_DES_cblock* myDes,
wolfSSL 15:117db924cf7c 25922 WOLFSSL_DES_key_schedule* key)
wolfSSL 15:117db924cf7c 25923 {
wolfSSL 15:117db924cf7c 25924 if (myDes != NULL && key != NULL) {
wolfSSL 15:117db924cf7c 25925 XMEMCPY(key, myDes, sizeof(WOLFSSL_const_DES_cblock));
wolfSSL 15:117db924cf7c 25926 }
wolfSSL 15:117db924cf7c 25927 }
wolfSSL 15:117db924cf7c 25928
wolfSSL 15:117db924cf7c 25929
wolfSSL 15:117db924cf7c 25930 /* Sets the parity of the DES key for use */
wolfSSL 15:117db924cf7c 25931 void wolfSSL_DES_set_odd_parity(WOLFSSL_DES_cblock* myDes)
wolfSSL 15:117db924cf7c 25932 {
wolfSSL 15:117db924cf7c 25933 word32 i;
wolfSSL 15:117db924cf7c 25934 word32 sz = sizeof(WOLFSSL_DES_cblock);
wolfSSL 15:117db924cf7c 25935
wolfSSL 15:117db924cf7c 25936 WOLFSSL_ENTER("wolfSSL_DES_set_odd_parity");
wolfSSL 15:117db924cf7c 25937
wolfSSL 15:117db924cf7c 25938 for (i = 0; i < sz; i++) {
wolfSSL 16:8e0d178b1d1e 25939 unsigned char c = (*myDes)[i];
wolfSSL 15:117db924cf7c 25940 if ((
wolfSSL 15:117db924cf7c 25941 ((c >> 1) & 0x01) ^
wolfSSL 15:117db924cf7c 25942 ((c >> 2) & 0x01) ^
wolfSSL 15:117db924cf7c 25943 ((c >> 3) & 0x01) ^
wolfSSL 15:117db924cf7c 25944 ((c >> 4) & 0x01) ^
wolfSSL 15:117db924cf7c 25945 ((c >> 5) & 0x01) ^
wolfSSL 15:117db924cf7c 25946 ((c >> 6) & 0x01) ^
wolfSSL 16:8e0d178b1d1e 25947 ((c >> 7) & 0x01)) == (c & 0x01)) {
wolfSSL 16:8e0d178b1d1e 25948 WOLFSSL_MSG("Flipping parity bit");
wolfSSL 16:8e0d178b1d1e 25949 (*myDes)[i] = c ^ 0x01;
wolfSSL 16:8e0d178b1d1e 25950 }
wolfSSL 16:8e0d178b1d1e 25951 }
wolfSSL 16:8e0d178b1d1e 25952 }
wolfSSL 16:8e0d178b1d1e 25953
wolfSSL 16:8e0d178b1d1e 25954 int wolfSSL_DES_check_key_parity(WOLFSSL_DES_cblock *myDes)
wolfSSL 16:8e0d178b1d1e 25955 {
wolfSSL 16:8e0d178b1d1e 25956 word32 i;
wolfSSL 16:8e0d178b1d1e 25957 word32 sz = sizeof(WOLFSSL_DES_cblock);
wolfSSL 16:8e0d178b1d1e 25958
wolfSSL 16:8e0d178b1d1e 25959 WOLFSSL_ENTER("wolfSSL_DES_check_key_parity");
wolfSSL 16:8e0d178b1d1e 25960
wolfSSL 16:8e0d178b1d1e 25961 for (i = 0; i < sz; i++) {
wolfSSL 16:8e0d178b1d1e 25962 unsigned char c = (*myDes)[i];
wolfSSL 16:8e0d178b1d1e 25963 if ((
wolfSSL 16:8e0d178b1d1e 25964 ((c >> 1) & 0x01) ^
wolfSSL 16:8e0d178b1d1e 25965 ((c >> 2) & 0x01) ^
wolfSSL 16:8e0d178b1d1e 25966 ((c >> 3) & 0x01) ^
wolfSSL 16:8e0d178b1d1e 25967 ((c >> 4) & 0x01) ^
wolfSSL 16:8e0d178b1d1e 25968 ((c >> 5) & 0x01) ^
wolfSSL 16:8e0d178b1d1e 25969 ((c >> 6) & 0x01) ^
wolfSSL 16:8e0d178b1d1e 25970 ((c >> 7) & 0x01)) == (c & 0x01)) {
wolfSSL 16:8e0d178b1d1e 25971 return 0;
wolfSSL 16:8e0d178b1d1e 25972 }
wolfSSL 16:8e0d178b1d1e 25973 }
wolfSSL 16:8e0d178b1d1e 25974 return 1;
wolfSSL 16:8e0d178b1d1e 25975 }
wolfSSL 15:117db924cf7c 25976
wolfSSL 15:117db924cf7c 25977 #ifdef WOLFSSL_DES_ECB
wolfSSL 16:8e0d178b1d1e 25978 /* Encrypt or decrypt input message desa with key and get output in desb.
wolfSSL 15:117db924cf7c 25979 * if enc is DES_ENCRYPT,input message is encrypted or
wolfSSL 15:117db924cf7c 25980 * if enc is DES_DECRYPT,input message is decrypted.
wolfSSL 15:117db924cf7c 25981 * */
wolfSSL 15:117db924cf7c 25982 void wolfSSL_DES_ecb_encrypt(WOLFSSL_DES_cblock* desa,
wolfSSL 15:117db924cf7c 25983 WOLFSSL_DES_cblock* desb, WOLFSSL_DES_key_schedule* key, int enc)
wolfSSL 15:117db924cf7c 25984 {
wolfSSL 15:117db924cf7c 25985 Des myDes;
wolfSSL 15:117db924cf7c 25986
wolfSSL 15:117db924cf7c 25987 WOLFSSL_ENTER("wolfSSL_DES_ecb_encrypt");
wolfSSL 15:117db924cf7c 25988
wolfSSL 15:117db924cf7c 25989 if (desa == NULL || key == NULL || desb == NULL ||
wolfSSL 15:117db924cf7c 25990 (enc != DES_ENCRYPT && enc != DES_DECRYPT)) {
wolfSSL 15:117db924cf7c 25991 WOLFSSL_MSG("Bad argument passed to wolfSSL_DES_ecb_encrypt");
wolfSSL 15:117db924cf7c 25992 } else {
wolfSSL 15:117db924cf7c 25993 if (wc_Des_SetKey(&myDes, (const byte*) key,
wolfSSL 15:117db924cf7c 25994 (const byte*) NULL, !enc) != 0) {
wolfSSL 15:117db924cf7c 25995 WOLFSSL_MSG("wc_Des_SetKey return error.");
wolfSSL 15:117db924cf7c 25996 return;
wolfSSL 15:117db924cf7c 25997 }
wolfSSL 15:117db924cf7c 25998 if (enc){
wolfSSL 15:117db924cf7c 25999 if (wc_Des_EcbEncrypt(&myDes, (byte*) desb, (const byte*) desa,
wolfSSL 15:117db924cf7c 26000 sizeof(WOLFSSL_DES_cblock)) != 0){
wolfSSL 16:8e0d178b1d1e 26001 WOLFSSL_MSG("wc_Des_EcbEncrypt return error.");
wolfSSL 15:117db924cf7c 26002 }
wolfSSL 15:117db924cf7c 26003 } else {
wolfSSL 15:117db924cf7c 26004 if (wc_Des_EcbDecrypt(&myDes, (byte*) desb, (const byte*) desa,
wolfSSL 15:117db924cf7c 26005 sizeof(WOLFSSL_DES_cblock)) != 0){
wolfSSL 15:117db924cf7c 26006 WOLFSSL_MSG("wc_Des_EcbDecrpyt return error.");
wolfSSL 15:117db924cf7c 26007 }
wolfSSL 15:117db924cf7c 26008 }
wolfSSL 15:117db924cf7c 26009 }
wolfSSL 15:117db924cf7c 26010 }
wolfSSL 15:117db924cf7c 26011 #endif
wolfSSL 15:117db924cf7c 26012 #endif /* NO_DES3 */
wolfSSL 15:117db924cf7c 26013
wolfSSL 15:117db924cf7c 26014 #ifndef NO_RC4
wolfSSL 15:117db924cf7c 26015 /* Set the key state for Arc4 structure.
wolfSSL 15:117db924cf7c 26016 *
wolfSSL 15:117db924cf7c 26017 * key Arc4 structure to use
wolfSSL 15:117db924cf7c 26018 * len length of data buffer
wolfSSL 15:117db924cf7c 26019 * data initial state to set Arc4 structure
wolfSSL 15:117db924cf7c 26020 */
wolfSSL 15:117db924cf7c 26021 void wolfSSL_RC4_set_key(WOLFSSL_RC4_KEY* key, int len,
wolfSSL 15:117db924cf7c 26022 const unsigned char* data)
wolfSSL 15:117db924cf7c 26023 {
wolfSSL 15:117db924cf7c 26024 typedef char rc4_test[sizeof(WOLFSSL_RC4_KEY) >= sizeof(Arc4) ? 1 : -1];
wolfSSL 15:117db924cf7c 26025 (void)sizeof(rc4_test);
wolfSSL 15:117db924cf7c 26026
wolfSSL 15:117db924cf7c 26027 WOLFSSL_ENTER("wolfSSL_RC4_set_key");
wolfSSL 15:117db924cf7c 26028
wolfSSL 15:117db924cf7c 26029 if (key == NULL || len < 0) {
wolfSSL 15:117db924cf7c 26030 WOLFSSL_MSG("bad argument passed in");
wolfSSL 15:117db924cf7c 26031 return;
wolfSSL 15:117db924cf7c 26032 }
wolfSSL 15:117db924cf7c 26033
wolfSSL 15:117db924cf7c 26034 XMEMSET(key, 0, sizeof(WOLFSSL_RC4_KEY));
wolfSSL 15:117db924cf7c 26035 wc_Arc4SetKey((Arc4*)key, data, (word32)len);
wolfSSL 15:117db924cf7c 26036 }
wolfSSL 15:117db924cf7c 26037
wolfSSL 15:117db924cf7c 26038
wolfSSL 15:117db924cf7c 26039 /* Encrypt/decrypt with Arc4 structure.
wolfSSL 15:117db924cf7c 26040 *
wolfSSL 15:117db924cf7c 26041 * len length of buffer to encrypt/decrypt (in/out)
wolfSSL 15:117db924cf7c 26042 * in buffer to encrypt/decrypt
wolfSSL 15:117db924cf7c 26043 * out results of encryption/decryption
wolfSSL 15:117db924cf7c 26044 */
wolfSSL 15:117db924cf7c 26045 void wolfSSL_RC4(WOLFSSL_RC4_KEY* key, size_t len,
wolfSSL 15:117db924cf7c 26046 const unsigned char* in, unsigned char* out)
wolfSSL 15:117db924cf7c 26047 {
wolfSSL 15:117db924cf7c 26048 WOLFSSL_ENTER("wolfSSL_RC4");
wolfSSL 15:117db924cf7c 26049
wolfSSL 15:117db924cf7c 26050 if (key == NULL || in == NULL || out == NULL) {
wolfSSL 15:117db924cf7c 26051 WOLFSSL_MSG("Bad argument passed in");
wolfSSL 15:117db924cf7c 26052 return;
wolfSSL 15:117db924cf7c 26053 }
wolfSSL 15:117db924cf7c 26054
wolfSSL 15:117db924cf7c 26055 wc_Arc4Process((Arc4*)key, out, in, (word32)len);
wolfSSL 15:117db924cf7c 26056 }
wolfSSL 15:117db924cf7c 26057 #endif /* NO_RC4 */
wolfSSL 15:117db924cf7c 26058
wolfSSL 15:117db924cf7c 26059 #ifndef NO_AES
wolfSSL 15:117db924cf7c 26060
wolfSSL 15:117db924cf7c 26061 #ifdef WOLFSSL_AES_DIRECT
wolfSSL 15:117db924cf7c 26062 /* AES encrypt direct, it is expected to be blocks of AES_BLOCK_SIZE for input.
wolfSSL 15:117db924cf7c 26063 *
wolfSSL 15:117db924cf7c 26064 * input Data to encrypt
wolfSSL 15:117db924cf7c 26065 * output Encrypted data after done
wolfSSL 15:117db924cf7c 26066 * key AES key to use for encryption
wolfSSL 15:117db924cf7c 26067 */
wolfSSL 15:117db924cf7c 26068 void wolfSSL_AES_encrypt(const unsigned char* input, unsigned char* output,
wolfSSL 15:117db924cf7c 26069 AES_KEY *key)
wolfSSL 15:117db924cf7c 26070 {
wolfSSL 15:117db924cf7c 26071 WOLFSSL_ENTER("wolfSSL_AES_encrypt");
wolfSSL 15:117db924cf7c 26072
wolfSSL 15:117db924cf7c 26073 if (input == NULL || output == NULL || key == NULL) {
wolfSSL 15:117db924cf7c 26074 WOLFSSL_MSG("Null argument passed in");
wolfSSL 15:117db924cf7c 26075 return;
wolfSSL 15:117db924cf7c 26076 }
wolfSSL 15:117db924cf7c 26077
wolfSSL 15:117db924cf7c 26078 wc_AesEncryptDirect((Aes*)key, output, input);
wolfSSL 15:117db924cf7c 26079 }
wolfSSL 15:117db924cf7c 26080
wolfSSL 15:117db924cf7c 26081
wolfSSL 15:117db924cf7c 26082 /* AES decrypt direct, it is expected to be blocks of AES_BLOCK_SIZE for input.
wolfSSL 15:117db924cf7c 26083 *
wolfSSL 15:117db924cf7c 26084 * input Data to decrypt
wolfSSL 15:117db924cf7c 26085 * output Decrypted data after done
wolfSSL 15:117db924cf7c 26086 * key AES key to use for encryption
wolfSSL 15:117db924cf7c 26087 */
wolfSSL 15:117db924cf7c 26088 void wolfSSL_AES_decrypt(const unsigned char* input, unsigned char* output,
wolfSSL 15:117db924cf7c 26089 AES_KEY *key)
wolfSSL 15:117db924cf7c 26090 {
wolfSSL 15:117db924cf7c 26091 WOLFSSL_ENTER("wolfSSL_AES_decrypt");
wolfSSL 15:117db924cf7c 26092
wolfSSL 15:117db924cf7c 26093 if (input == NULL || output == NULL || key == NULL) {
wolfSSL 15:117db924cf7c 26094 WOLFSSL_MSG("Null argument passed in");
wolfSSL 15:117db924cf7c 26095 return;
wolfSSL 15:117db924cf7c 26096 }
wolfSSL 15:117db924cf7c 26097
wolfSSL 15:117db924cf7c 26098 wc_AesDecryptDirect((Aes*)key, output, input);
wolfSSL 15:117db924cf7c 26099 }
wolfSSL 15:117db924cf7c 26100 #endif /* WOLFSSL_AES_DIRECT */
wolfSSL 15:117db924cf7c 26101
wolfSSL 15:117db924cf7c 26102 /* Setup of an AES key to use for encryption.
wolfSSL 15:117db924cf7c 26103 *
wolfSSL 15:117db924cf7c 26104 * key key in bytes to use for encryption
wolfSSL 15:117db924cf7c 26105 * bits size of key in bits
wolfSSL 15:117db924cf7c 26106 * aes AES structure to initialize
wolfSSL 15:117db924cf7c 26107 */
wolfSSL 15:117db924cf7c 26108 int wolfSSL_AES_set_encrypt_key(const unsigned char *key, const int bits,
wolfSSL 15:117db924cf7c 26109 AES_KEY *aes)
wolfSSL 15:117db924cf7c 26110 {
wolfSSL 15:117db924cf7c 26111 typedef char aes_test[sizeof(AES_KEY) >= sizeof(Aes) ? 1 : -1];
wolfSSL 15:117db924cf7c 26112 (void)sizeof(aes_test);
wolfSSL 15:117db924cf7c 26113
wolfSSL 15:117db924cf7c 26114 WOLFSSL_ENTER("wolfSSL_AES_set_encrypt_key");
wolfSSL 15:117db924cf7c 26115
wolfSSL 15:117db924cf7c 26116 if (key == NULL || aes == NULL) {
wolfSSL 15:117db924cf7c 26117 WOLFSSL_MSG("Null argument passed in");
wolfSSL 15:117db924cf7c 26118 return -1;
wolfSSL 15:117db924cf7c 26119 }
wolfSSL 15:117db924cf7c 26120
wolfSSL 15:117db924cf7c 26121 XMEMSET(aes, 0, sizeof(AES_KEY));
wolfSSL 15:117db924cf7c 26122 if (wc_AesSetKey((Aes*)aes, key, ((bits)/8), NULL, AES_ENCRYPTION) != 0) {
wolfSSL 15:117db924cf7c 26123 WOLFSSL_MSG("Error in setting AES key");
wolfSSL 15:117db924cf7c 26124 return -1;
wolfSSL 15:117db924cf7c 26125 }
wolfSSL 15:117db924cf7c 26126 return 0;
wolfSSL 15:117db924cf7c 26127 }
wolfSSL 15:117db924cf7c 26128
wolfSSL 15:117db924cf7c 26129
wolfSSL 15:117db924cf7c 26130 /* Setup of an AES key to use for decryption.
wolfSSL 15:117db924cf7c 26131 *
wolfSSL 15:117db924cf7c 26132 * key key in bytes to use for decryption
wolfSSL 15:117db924cf7c 26133 * bits size of key in bits
wolfSSL 15:117db924cf7c 26134 * aes AES structure to initialize
wolfSSL 15:117db924cf7c 26135 */
wolfSSL 15:117db924cf7c 26136 int wolfSSL_AES_set_decrypt_key(const unsigned char *key, const int bits,
wolfSSL 15:117db924cf7c 26137 AES_KEY *aes)
wolfSSL 15:117db924cf7c 26138 {
wolfSSL 15:117db924cf7c 26139 typedef char aes_test[sizeof(AES_KEY) >= sizeof(Aes) ? 1 : -1];
wolfSSL 15:117db924cf7c 26140 (void)sizeof(aes_test);
wolfSSL 15:117db924cf7c 26141
wolfSSL 15:117db924cf7c 26142 WOLFSSL_ENTER("wolfSSL_AES_set_decrypt_key");
wolfSSL 15:117db924cf7c 26143
wolfSSL 15:117db924cf7c 26144 if (key == NULL || aes == NULL) {
wolfSSL 15:117db924cf7c 26145 WOLFSSL_MSG("Null argument passed in");
wolfSSL 15:117db924cf7c 26146 return -1;
wolfSSL 15:117db924cf7c 26147 }
wolfSSL 15:117db924cf7c 26148
wolfSSL 15:117db924cf7c 26149 XMEMSET(aes, 0, sizeof(AES_KEY));
wolfSSL 15:117db924cf7c 26150 if (wc_AesSetKey((Aes*)aes, key, ((bits)/8), NULL, AES_DECRYPTION) != 0) {
wolfSSL 15:117db924cf7c 26151 WOLFSSL_MSG("Error in setting AES key");
wolfSSL 15:117db924cf7c 26152 return -1;
wolfSSL 15:117db924cf7c 26153 }
wolfSSL 15:117db924cf7c 26154 return 0;
wolfSSL 15:117db924cf7c 26155 }
wolfSSL 15:117db924cf7c 26156
wolfSSL 15:117db924cf7c 26157
wolfSSL 15:117db924cf7c 26158 #ifdef HAVE_AES_ECB
wolfSSL 15:117db924cf7c 26159 /* Encrypt/decrypt a 16 byte block of data using the key passed in.
wolfSSL 15:117db924cf7c 26160 *
wolfSSL 16:8e0d178b1d1e 26161 * in buffer to encrypt/decrypt
wolfSSL 15:117db924cf7c 26162 * out buffer to hold result of encryption/decryption
wolfSSL 15:117db924cf7c 26163 * key AES structure to use with encryption/decryption
wolfSSL 15:117db924cf7c 26164 * enc AES_ENCRPT for encryption and AES_DECRYPT for decryption
wolfSSL 15:117db924cf7c 26165 */
wolfSSL 15:117db924cf7c 26166 void wolfSSL_AES_ecb_encrypt(const unsigned char *in, unsigned char* out,
wolfSSL 15:117db924cf7c 26167 AES_KEY *key, const int enc)
wolfSSL 15:117db924cf7c 26168 {
wolfSSL 15:117db924cf7c 26169 Aes* aes;
wolfSSL 15:117db924cf7c 26170
wolfSSL 15:117db924cf7c 26171 WOLFSSL_ENTER("wolfSSL_AES_ecb_encrypt");
wolfSSL 15:117db924cf7c 26172
wolfSSL 15:117db924cf7c 26173 if (key == NULL || in == NULL || out == NULL) {
wolfSSL 15:117db924cf7c 26174 WOLFSSL_MSG("Error, Null argument passed in");
wolfSSL 15:117db924cf7c 26175 return;
wolfSSL 15:117db924cf7c 26176 }
wolfSSL 15:117db924cf7c 26177
wolfSSL 15:117db924cf7c 26178 aes = (Aes*)key;
wolfSSL 15:117db924cf7c 26179 if (enc == AES_ENCRYPT) {
wolfSSL 15:117db924cf7c 26180 if (wc_AesEcbEncrypt(aes, out, in, AES_BLOCK_SIZE) != 0) {
wolfSSL 15:117db924cf7c 26181 WOLFSSL_MSG("Error with AES CBC encrypt");
wolfSSL 15:117db924cf7c 26182 }
wolfSSL 15:117db924cf7c 26183 }
wolfSSL 15:117db924cf7c 26184 else {
wolfSSL 15:117db924cf7c 26185 #ifdef HAVE_AES_DECRYPT
wolfSSL 15:117db924cf7c 26186 if (wc_AesEcbDecrypt(aes, out, in, AES_BLOCK_SIZE) != 0) {
wolfSSL 15:117db924cf7c 26187 WOLFSSL_MSG("Error with AES CBC decrypt");
wolfSSL 15:117db924cf7c 26188 }
wolfSSL 15:117db924cf7c 26189 #else
wolfSSL 15:117db924cf7c 26190 WOLFSSL_MSG("AES decryption not compiled in");
wolfSSL 15:117db924cf7c 26191 #endif
wolfSSL 15:117db924cf7c 26192 }
wolfSSL 15:117db924cf7c 26193 }
wolfSSL 15:117db924cf7c 26194 #endif /* HAVE_AES_ECB */
wolfSSL 15:117db924cf7c 26195
wolfSSL 16:8e0d178b1d1e 26196 #ifdef HAVE_AES_CBC
wolfSSL 15:117db924cf7c 26197 /* Encrypt data using key and iv passed in. iv gets updated to most recent iv
wolfSSL 16:8e0d178b1d1e 26198 * state after encryption/decryption.
wolfSSL 16:8e0d178b1d1e 26199 *
wolfSSL 16:8e0d178b1d1e 26200 * in buffer to encrypt/decrypt
wolfSSL 15:117db924cf7c 26201 * out buffer to hold result of encryption/decryption
wolfSSL 15:117db924cf7c 26202 * len length of input buffer
wolfSSL 15:117db924cf7c 26203 * key AES structure to use with encryption/decryption
wolfSSL 15:117db924cf7c 26204 * iv iv to use with operation
wolfSSL 15:117db924cf7c 26205 * enc AES_ENCRPT for encryption and AES_DECRYPT for decryption
wolfSSL 15:117db924cf7c 26206 */
wolfSSL 15:117db924cf7c 26207 void wolfSSL_AES_cbc_encrypt(const unsigned char *in, unsigned char* out,
wolfSSL 15:117db924cf7c 26208 size_t len, AES_KEY *key, unsigned char* iv, const int enc)
wolfSSL 15:117db924cf7c 26209 {
wolfSSL 15:117db924cf7c 26210 Aes* aes;
wolfSSL 15:117db924cf7c 26211
wolfSSL 15:117db924cf7c 26212 WOLFSSL_ENTER("wolfSSL_AES_cbc_encrypt");
wolfSSL 15:117db924cf7c 26213
wolfSSL 16:8e0d178b1d1e 26214 if (key == NULL || in == NULL || out == NULL || iv == NULL || len == 0) {
wolfSSL 15:117db924cf7c 26215 WOLFSSL_MSG("Error, Null argument passed in");
wolfSSL 15:117db924cf7c 26216 return;
wolfSSL 15:117db924cf7c 26217 }
wolfSSL 15:117db924cf7c 26218
wolfSSL 15:117db924cf7c 26219 aes = (Aes*)key;
wolfSSL 15:117db924cf7c 26220 if (wc_AesSetIV(aes, (const byte*)iv) != 0) {
wolfSSL 15:117db924cf7c 26221 WOLFSSL_MSG("Error with setting iv");
wolfSSL 15:117db924cf7c 26222 return;
wolfSSL 15:117db924cf7c 26223 }
wolfSSL 15:117db924cf7c 26224
wolfSSL 15:117db924cf7c 26225 if (enc == AES_ENCRYPT) {
wolfSSL 15:117db924cf7c 26226 if (wc_AesCbcEncrypt(aes, out, in, (word32)len) != 0) {
wolfSSL 15:117db924cf7c 26227 WOLFSSL_MSG("Error with AES CBC encrypt");
wolfSSL 15:117db924cf7c 26228 }
wolfSSL 15:117db924cf7c 26229 }
wolfSSL 15:117db924cf7c 26230 else {
wolfSSL 15:117db924cf7c 26231 if (wc_AesCbcDecrypt(aes, out, in, (word32)len) != 0) {
wolfSSL 15:117db924cf7c 26232 WOLFSSL_MSG("Error with AES CBC decrypt");
wolfSSL 15:117db924cf7c 26233 }
wolfSSL 15:117db924cf7c 26234 }
wolfSSL 15:117db924cf7c 26235
wolfSSL 15:117db924cf7c 26236 /* to be compatible copy iv to iv buffer after completing operation */
wolfSSL 15:117db924cf7c 26237 XMEMCPY(iv, (byte*)(aes->reg), AES_BLOCK_SIZE);
wolfSSL 15:117db924cf7c 26238 }
wolfSSL 16:8e0d178b1d1e 26239 #endif /* HAVE_AES_CBC */
wolfSSL 15:117db924cf7c 26240
wolfSSL 15:117db924cf7c 26241
wolfSSL 15:117db924cf7c 26242 /* Encrypt data using CFB mode with key and iv passed in. iv gets updated to
wolfSSL 16:8e0d178b1d1e 26243 * most recent iv state after encryption/decryption.
wolfSSL 16:8e0d178b1d1e 26244 *
wolfSSL 16:8e0d178b1d1e 26245 * in buffer to encrypt/decrypt
wolfSSL 15:117db924cf7c 26246 * out buffer to hold result of encryption/decryption
wolfSSL 15:117db924cf7c 26247 * len length of input buffer
wolfSSL 15:117db924cf7c 26248 * key AES structure to use with encryption/decryption
wolfSSL 15:117db924cf7c 26249 * iv iv to use with operation
wolfSSL 15:117db924cf7c 26250 * num contains the amount of block used
wolfSSL 15:117db924cf7c 26251 * enc AES_ENCRPT for encryption and AES_DECRYPT for decryption
wolfSSL 15:117db924cf7c 26252 */
wolfSSL 15:117db924cf7c 26253 void wolfSSL_AES_cfb128_encrypt(const unsigned char *in, unsigned char* out,
wolfSSL 15:117db924cf7c 26254 size_t len, AES_KEY *key, unsigned char* iv, int* num,
wolfSSL 15:117db924cf7c 26255 const int enc)
wolfSSL 15:117db924cf7c 26256 {
wolfSSL 15:117db924cf7c 26257 #ifndef WOLFSSL_AES_CFB
wolfSSL 15:117db924cf7c 26258 WOLFSSL_MSG("CFB mode not enabled please use macro WOLFSSL_AES_CFB");
wolfSSL 15:117db924cf7c 26259 (void)in;
wolfSSL 15:117db924cf7c 26260 (void)out;
wolfSSL 15:117db924cf7c 26261 (void)len;
wolfSSL 15:117db924cf7c 26262 (void)key;
wolfSSL 15:117db924cf7c 26263 (void)iv;
wolfSSL 15:117db924cf7c 26264 (void)num;
wolfSSL 15:117db924cf7c 26265 (void)enc;
wolfSSL 15:117db924cf7c 26266
wolfSSL 15:117db924cf7c 26267 return;
wolfSSL 15:117db924cf7c 26268 #else
wolfSSL 15:117db924cf7c 26269 Aes* aes;
wolfSSL 15:117db924cf7c 26270
wolfSSL 15:117db924cf7c 26271 WOLFSSL_ENTER("wolfSSL_AES_cbc_encrypt");
wolfSSL 15:117db924cf7c 26272 if (key == NULL || in == NULL || out == NULL || iv == NULL) {
wolfSSL 15:117db924cf7c 26273 WOLFSSL_MSG("Error, Null argument passed in");
wolfSSL 15:117db924cf7c 26274 return;
wolfSSL 15:117db924cf7c 26275 }
wolfSSL 15:117db924cf7c 26276
wolfSSL 15:117db924cf7c 26277 aes = (Aes*)key;
wolfSSL 15:117db924cf7c 26278 if (wc_AesSetIV(aes, (const byte*)iv) != 0) {
wolfSSL 15:117db924cf7c 26279 WOLFSSL_MSG("Error with setting iv");
wolfSSL 15:117db924cf7c 26280 return;
wolfSSL 15:117db924cf7c 26281 }
wolfSSL 15:117db924cf7c 26282
wolfSSL 15:117db924cf7c 26283 if (enc == AES_ENCRYPT) {
wolfSSL 15:117db924cf7c 26284 if (wc_AesCfbEncrypt(aes, out, in, (word32)len) != 0) {
wolfSSL 15:117db924cf7c 26285 WOLFSSL_MSG("Error with AES CBC encrypt");
wolfSSL 15:117db924cf7c 26286 }
wolfSSL 15:117db924cf7c 26287 }
wolfSSL 15:117db924cf7c 26288 else {
wolfSSL 15:117db924cf7c 26289 if (wc_AesCfbDecrypt(aes, out, in, (word32)len) != 0) {
wolfSSL 15:117db924cf7c 26290 WOLFSSL_MSG("Error with AES CBC decrypt");
wolfSSL 15:117db924cf7c 26291 }
wolfSSL 15:117db924cf7c 26292 }
wolfSSL 15:117db924cf7c 26293
wolfSSL 15:117db924cf7c 26294 /* to be compatible copy iv to iv buffer after completing operation */
wolfSSL 15:117db924cf7c 26295 XMEMCPY(iv, (byte*)(aes->reg), AES_BLOCK_SIZE);
wolfSSL 15:117db924cf7c 26296
wolfSSL 15:117db924cf7c 26297 /* store number of left over bytes to num */
wolfSSL 15:117db924cf7c 26298 *num = (aes->left)? AES_BLOCK_SIZE - aes->left : 0;
wolfSSL 15:117db924cf7c 26299 #endif /* WOLFSSL_AES_CFB */
wolfSSL 15:117db924cf7c 26300 }
wolfSSL 15:117db924cf7c 26301 #endif /* NO_AES */
wolfSSL 15:117db924cf7c 26302
wolfSSL 16:8e0d178b1d1e 26303 #ifndef NO_FILESYSTEM
wolfSSL 16:8e0d178b1d1e 26304 #ifdef __clang__
wolfSSL 16:8e0d178b1d1e 26305 #pragma clang diagnostic push
wolfSSL 16:8e0d178b1d1e 26306 #pragma clang diagnostic ignored "-Wformat-nonliteral"
wolfSSL 16:8e0d178b1d1e 26307 #endif
wolfSSL 16:8e0d178b1d1e 26308 #endif
wolfSSL 16:8e0d178b1d1e 26309
wolfSSL 16:8e0d178b1d1e 26310 #if !defined(NO_FILESYSTEM) && defined (OPENSSL_EXTRA)
wolfSSL 16:8e0d178b1d1e 26311 /* returns amount printed on success, negative in fail case */
wolfSSL 16:8e0d178b1d1e 26312 int wolfSSL_BIO_vprintf(WOLFSSL_BIO* bio, const char* format, va_list args)
wolfSSL 16:8e0d178b1d1e 26313 {
wolfSSL 16:8e0d178b1d1e 26314 int ret = -1;
wolfSSL 16:8e0d178b1d1e 26315
wolfSSL 16:8e0d178b1d1e 26316 if (bio == NULL)
wolfSSL 16:8e0d178b1d1e 26317 return WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 26318
wolfSSL 16:8e0d178b1d1e 26319 switch (bio->type) {
wolfSSL 16:8e0d178b1d1e 26320 case WOLFSSL_BIO_FILE:
wolfSSL 16:8e0d178b1d1e 26321 if (bio->ptr == NULL) {
wolfSSL 16:8e0d178b1d1e 26322 va_end(args);
wolfSSL 16:8e0d178b1d1e 26323 return -1;
wolfSSL 16:8e0d178b1d1e 26324 }
wolfSSL 16:8e0d178b1d1e 26325 ret = vfprintf((XFILE)bio->ptr, format, args);
wolfSSL 16:8e0d178b1d1e 26326 break;
wolfSSL 16:8e0d178b1d1e 26327
wolfSSL 16:8e0d178b1d1e 26328 case WOLFSSL_BIO_MEMORY:
wolfSSL 16:8e0d178b1d1e 26329 #if defined(OPENSSL_EXTRA) && !defined(_WIN32)
wolfSSL 16:8e0d178b1d1e 26330 case WOLFSSL_BIO_SSL:
wolfSSL 16:8e0d178b1d1e 26331 {
wolfSSL 16:8e0d178b1d1e 26332 int count;
wolfSSL 16:8e0d178b1d1e 26333 char* pt = NULL;
wolfSSL 16:8e0d178b1d1e 26334 va_list copy;
wolfSSL 16:8e0d178b1d1e 26335
wolfSSL 16:8e0d178b1d1e 26336 va_copy(copy, args);
wolfSSL 16:8e0d178b1d1e 26337 count = vsnprintf(NULL, 0, format, args);
wolfSSL 16:8e0d178b1d1e 26338 if (count >= 0)
wolfSSL 16:8e0d178b1d1e 26339 {
wolfSSL 16:8e0d178b1d1e 26340 pt = (char*)XMALLOC(count + 1, bio->heap,
wolfSSL 16:8e0d178b1d1e 26341 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 26342 if (pt != NULL)
wolfSSL 16:8e0d178b1d1e 26343 {
wolfSSL 16:8e0d178b1d1e 26344 count = vsnprintf(pt, count + 1, format, copy);
wolfSSL 16:8e0d178b1d1e 26345 if (count >= 0)
wolfSSL 16:8e0d178b1d1e 26346 {
wolfSSL 16:8e0d178b1d1e 26347 ret = wolfSSL_BIO_write(bio, pt, count);
wolfSSL 16:8e0d178b1d1e 26348 }
wolfSSL 16:8e0d178b1d1e 26349 XFREE(pt, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 26350 }
wolfSSL 16:8e0d178b1d1e 26351 }
wolfSSL 16:8e0d178b1d1e 26352 va_end(copy);
wolfSSL 16:8e0d178b1d1e 26353 }
wolfSSL 16:8e0d178b1d1e 26354 break;
wolfSSL 16:8e0d178b1d1e 26355 #endif
wolfSSL 16:8e0d178b1d1e 26356
wolfSSL 16:8e0d178b1d1e 26357 default:
wolfSSL 16:8e0d178b1d1e 26358 WOLFSSL_MSG("Unsupported WOLFSSL_BIO type for wolfSSL_BIO_printf");
wolfSSL 16:8e0d178b1d1e 26359 break;
wolfSSL 16:8e0d178b1d1e 26360 }
wolfSSL 16:8e0d178b1d1e 26361
wolfSSL 16:8e0d178b1d1e 26362 return ret;
wolfSSL 16:8e0d178b1d1e 26363 }
wolfSSL 16:8e0d178b1d1e 26364
wolfSSL 16:8e0d178b1d1e 26365 /* returns amount printed on success, negative in fail case */
wolfSSL 15:117db924cf7c 26366 int wolfSSL_BIO_printf(WOLFSSL_BIO* bio, const char* format, ...)
wolfSSL 15:117db924cf7c 26367 {
wolfSSL 16:8e0d178b1d1e 26368 int ret;
wolfSSL 16:8e0d178b1d1e 26369 va_list args;
wolfSSL 16:8e0d178b1d1e 26370 va_start(args, format);
wolfSSL 16:8e0d178b1d1e 26371
wolfSSL 16:8e0d178b1d1e 26372 ret = wolfSSL_BIO_vprintf(bio, format, args);
wolfSSL 16:8e0d178b1d1e 26373
wolfSSL 16:8e0d178b1d1e 26374 va_end(args);
wolfSSL 16:8e0d178b1d1e 26375
wolfSSL 16:8e0d178b1d1e 26376 return ret;
wolfSSL 16:8e0d178b1d1e 26377 }
wolfSSL 16:8e0d178b1d1e 26378
wolfSSL 16:8e0d178b1d1e 26379 #endif /* !defined(NO_FILESYSTEM) && defined (OPENSSL_EXTRA) */
wolfSSL 16:8e0d178b1d1e 26380
wolfSSL 16:8e0d178b1d1e 26381 #if !defined(NO_FILESYSTEM) && defined(__clang__)
wolfSSL 16:8e0d178b1d1e 26382 #pragma clang diagnostic pop
wolfSSL 16:8e0d178b1d1e 26383 #endif
wolfSSL 16:8e0d178b1d1e 26384
wolfSSL 16:8e0d178b1d1e 26385 #undef LINE_LEN
wolfSSL 16:8e0d178b1d1e 26386 #define LINE_LEN 16
wolfSSL 16:8e0d178b1d1e 26387 int wolfSSL_BIO_dump(WOLFSSL_BIO *bio, const char *buf, int length)
wolfSSL 16:8e0d178b1d1e 26388 {
wolfSSL 16:8e0d178b1d1e 26389 int ret = 0;
wolfSSL 16:8e0d178b1d1e 26390
wolfSSL 16:8e0d178b1d1e 26391 if (bio == NULL)
wolfSSL 16:8e0d178b1d1e 26392 return 0;
wolfSSL 16:8e0d178b1d1e 26393
wolfSSL 16:8e0d178b1d1e 26394 #ifndef NO_FILESYSTEM
wolfSSL 16:8e0d178b1d1e 26395 if (bio->type == WOLFSSL_BIO_FILE) {
wolfSSL 16:8e0d178b1d1e 26396 int i;
wolfSSL 16:8e0d178b1d1e 26397 char line[80];
wolfSSL 16:8e0d178b1d1e 26398
wolfSSL 16:8e0d178b1d1e 26399 if (!buf) {
wolfSSL 16:8e0d178b1d1e 26400 return fputs("\tNULL", (XFILE)bio->ptr);
wolfSSL 16:8e0d178b1d1e 26401 }
wolfSSL 16:8e0d178b1d1e 26402
wolfSSL 16:8e0d178b1d1e 26403 sprintf(line, "\t");
wolfSSL 16:8e0d178b1d1e 26404 for (i = 0; i < LINE_LEN; i++) {
wolfSSL 16:8e0d178b1d1e 26405 if (i < length)
wolfSSL 16:8e0d178b1d1e 26406 sprintf(line + 1 + i * 3,"%02x ", buf[i]);
wolfSSL 16:8e0d178b1d1e 26407 else
wolfSSL 16:8e0d178b1d1e 26408 sprintf(line + 1 + i * 3, " ");
wolfSSL 16:8e0d178b1d1e 26409 }
wolfSSL 16:8e0d178b1d1e 26410 sprintf(line + 1 + LINE_LEN * 3, "| ");
wolfSSL 16:8e0d178b1d1e 26411 for (i = 0; i < LINE_LEN; i++) {
wolfSSL 16:8e0d178b1d1e 26412 if (i < length) {
wolfSSL 16:8e0d178b1d1e 26413 sprintf(line + 3 + LINE_LEN * 3 + i,
wolfSSL 16:8e0d178b1d1e 26414 "%c", 31 < buf[i] && buf[i] < 127 ? buf[i] : '.');
wolfSSL 16:8e0d178b1d1e 26415 }
wolfSSL 16:8e0d178b1d1e 26416 }
wolfSSL 16:8e0d178b1d1e 26417 ret += fputs(line, (XFILE)bio->ptr);
wolfSSL 16:8e0d178b1d1e 26418
wolfSSL 16:8e0d178b1d1e 26419 if (length > LINE_LEN)
wolfSSL 16:8e0d178b1d1e 26420 ret += wolfSSL_BIO_dump(bio, buf + LINE_LEN, length - LINE_LEN);
wolfSSL 16:8e0d178b1d1e 26421 }
wolfSSL 16:8e0d178b1d1e 26422 #else
wolfSSL 16:8e0d178b1d1e 26423 (void)buf;
wolfSSL 16:8e0d178b1d1e 26424 (void)length;
wolfSSL 16:8e0d178b1d1e 26425 #endif
wolfSSL 16:8e0d178b1d1e 26426
wolfSSL 16:8e0d178b1d1e 26427 return ret;
wolfSSL 16:8e0d178b1d1e 26428 }
wolfSSL 16:8e0d178b1d1e 26429
wolfSSL 16:8e0d178b1d1e 26430 #ifndef NO_ASN_TIME
wolfSSL 15:117db924cf7c 26431 int wolfSSL_ASN1_UTCTIME_print(WOLFSSL_BIO* bio, const WOLFSSL_ASN1_UTCTIME* a)
wolfSSL 15:117db924cf7c 26432 {
wolfSSL 16:8e0d178b1d1e 26433 WOLFSSL_ENTER("ASN1_UTCTIME_print");
wolfSSL 16:8e0d178b1d1e 26434 if (bio == NULL || a == NULL) {
wolfSSL 16:8e0d178b1d1e 26435 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 26436 }
wolfSSL 16:8e0d178b1d1e 26437 if (a->type != ASN_UTC_TIME) {
wolfSSL 16:8e0d178b1d1e 26438 WOLFSSL_MSG("Error, not UTC_TIME");
wolfSSL 16:8e0d178b1d1e 26439 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 26440 }
wolfSSL 16:8e0d178b1d1e 26441
wolfSSL 16:8e0d178b1d1e 26442 return wolfSSL_ASN1_TIME_print(bio, a);
wolfSSL 16:8e0d178b1d1e 26443 }
wolfSSL 16:8e0d178b1d1e 26444
wolfSSL 16:8e0d178b1d1e 26445 /* Checks the ASN1 syntax of "a"
wolfSSL 16:8e0d178b1d1e 26446 * returns WOLFSSL_SUCCESS (1) if correct otherwise WOLFSSL_FAILURE (0) */
wolfSSL 16:8e0d178b1d1e 26447 int wolfSSL_ASN1_TIME_check(const WOLFSSL_ASN1_TIME* a)
wolfSSL 16:8e0d178b1d1e 26448 {
wolfSSL 16:8e0d178b1d1e 26449 char buf[MAX_TIME_STRING_SZ];
wolfSSL 16:8e0d178b1d1e 26450
wolfSSL 16:8e0d178b1d1e 26451 WOLFSSL_ENTER("wolfSSL_ASN1_TIME_check");
wolfSSL 16:8e0d178b1d1e 26452
wolfSSL 16:8e0d178b1d1e 26453 /* if can parse the WOLFSSL_ASN1_TIME passed in then consider syntax good */
wolfSSL 16:8e0d178b1d1e 26454 if (wolfSSL_ASN1_TIME_to_string((WOLFSSL_ASN1_TIME*)a, buf,
wolfSSL 16:8e0d178b1d1e 26455 MAX_TIME_STRING_SZ) == NULL) {
wolfSSL 16:8e0d178b1d1e 26456 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 26457 }
wolfSSL 16:8e0d178b1d1e 26458 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 26459 }
wolfSSL 16:8e0d178b1d1e 26460 #endif /* !NO_ASN_TIME */
wolfSSL 16:8e0d178b1d1e 26461
wolfSSL 16:8e0d178b1d1e 26462 #ifndef NO_WOLFSSL_STUB
wolfSSL 16:8e0d178b1d1e 26463 int wolfSSL_ASN1_TIME_diff(int *pday, int *psec,
wolfSSL 16:8e0d178b1d1e 26464 const WOLFSSL_ASN1_TIME *from, const WOLFSSL_ASN1_TIME *to)
wolfSSL 16:8e0d178b1d1e 26465 {
wolfSSL 16:8e0d178b1d1e 26466 WOLFSSL_STUB("wolfSSL_ASN1_TIME_diff");
wolfSSL 16:8e0d178b1d1e 26467 (void)pday;
wolfSSL 16:8e0d178b1d1e 26468 (void)psec;
wolfSSL 16:8e0d178b1d1e 26469 (void)from;
wolfSSL 16:8e0d178b1d1e 26470 (void)to;
wolfSSL 16:8e0d178b1d1e 26471 return 0;
wolfSSL 16:8e0d178b1d1e 26472 }
wolfSSL 16:8e0d178b1d1e 26473
wolfSSL 16:8e0d178b1d1e 26474 WOLFSSL_API WOLFSSL_ASN1_TIME *wolfSSL_ASN1_TIME_set(WOLFSSL_ASN1_TIME *s, time_t t)
wolfSSL 16:8e0d178b1d1e 26475 {
wolfSSL 16:8e0d178b1d1e 26476 WOLFSSL_STUB("wolfSSL_ASN1_TIME_set");
wolfSSL 16:8e0d178b1d1e 26477 (void)s;
wolfSSL 16:8e0d178b1d1e 26478 (void)t;
wolfSSL 16:8e0d178b1d1e 26479 return s;
wolfSSL 16:8e0d178b1d1e 26480 }
wolfSSL 16:8e0d178b1d1e 26481 #endif /* !NO_WOLFSSL_STUB */
wolfSSL 15:117db924cf7c 26482
wolfSSL 15:117db924cf7c 26483 /* Return the month as a string.
wolfSSL 15:117db924cf7c 26484 *
wolfSSL 15:117db924cf7c 26485 * n The number of the month as a two characters (1 based).
wolfSSL 15:117db924cf7c 26486 * returns the month as a string.
wolfSSL 15:117db924cf7c 26487 */
wolfSSL 15:117db924cf7c 26488 static WC_INLINE const char* MonthStr(const char* n)
wolfSSL 15:117db924cf7c 26489 {
wolfSSL 15:117db924cf7c 26490 static const char monthStr[12][4] = {
wolfSSL 15:117db924cf7c 26491 "Jan", "Feb", "Mar", "Apr", "May", "Jun",
wolfSSL 15:117db924cf7c 26492 "Jul", "Aug", "Sep", "Oct", "Nov", "Dec" };
wolfSSL 15:117db924cf7c 26493 return monthStr[(n[0] - '0') * 10 + (n[1] - '0') - 1];
wolfSSL 15:117db924cf7c 26494 }
wolfSSL 15:117db924cf7c 26495
wolfSSL 15:117db924cf7c 26496 int wolfSSL_ASN1_GENERALIZEDTIME_print(WOLFSSL_BIO* bio,
wolfSSL 15:117db924cf7c 26497 const WOLFSSL_ASN1_GENERALIZEDTIME* asnTime)
wolfSSL 15:117db924cf7c 26498 {
wolfSSL 16:8e0d178b1d1e 26499 const char* p;
wolfSSL 15:117db924cf7c 26500 WOLFSSL_ENTER("wolfSSL_ASN1_GENERALIZEDTIME_print");
wolfSSL 15:117db924cf7c 26501
wolfSSL 15:117db924cf7c 26502 if (bio == NULL || asnTime == NULL)
wolfSSL 15:117db924cf7c 26503 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 26504
wolfSSL 16:8e0d178b1d1e 26505 if (asnTime->type != ASN_GENERALIZED_TIME) {
wolfSSL 16:8e0d178b1d1e 26506 WOLFSSL_MSG("Error, not GENERALIZED_TIME");
wolfSSL 16:8e0d178b1d1e 26507 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 26508 }
wolfSSL 16:8e0d178b1d1e 26509 p = (const char *)(asnTime->data);
wolfSSL 15:117db924cf7c 26510 /* GetTimeString not always available. */
wolfSSL 15:117db924cf7c 26511 wolfSSL_BIO_write(bio, MonthStr(p + 4), 3);
wolfSSL 15:117db924cf7c 26512 wolfSSL_BIO_write(bio, " ", 1);
wolfSSL 15:117db924cf7c 26513 /* Day */
wolfSSL 15:117db924cf7c 26514 wolfSSL_BIO_write(bio, p + 6, 2);
wolfSSL 15:117db924cf7c 26515 wolfSSL_BIO_write(bio, " ", 1);
wolfSSL 15:117db924cf7c 26516 /* Hour */
wolfSSL 15:117db924cf7c 26517 wolfSSL_BIO_write(bio, p + 8, 2);
wolfSSL 15:117db924cf7c 26518 wolfSSL_BIO_write(bio, ":", 1);
wolfSSL 15:117db924cf7c 26519 /* Min */
wolfSSL 15:117db924cf7c 26520 wolfSSL_BIO_write(bio, p + 10, 2);
wolfSSL 15:117db924cf7c 26521 wolfSSL_BIO_write(bio, ":", 1);
wolfSSL 15:117db924cf7c 26522 /* Secs */
wolfSSL 15:117db924cf7c 26523 wolfSSL_BIO_write(bio, p + 12, 2);
wolfSSL 15:117db924cf7c 26524 wolfSSL_BIO_write(bio, " ", 1);
wolfSSL 15:117db924cf7c 26525 wolfSSL_BIO_write(bio, p, 4);
wolfSSL 15:117db924cf7c 26526
wolfSSL 15:117db924cf7c 26527 return 0;
wolfSSL 15:117db924cf7c 26528 }
wolfSSL 15:117db924cf7c 26529
wolfSSL 15:117db924cf7c 26530 void wolfSSL_ASN1_GENERALIZEDTIME_free(WOLFSSL_ASN1_TIME* asn1Time)
wolfSSL 15:117db924cf7c 26531 {
wolfSSL 15:117db924cf7c 26532 WOLFSSL_ENTER("wolfSSL_ASN1_GENERALIZEDTIME_free");
wolfSSL 15:117db924cf7c 26533 if (asn1Time == NULL)
wolfSSL 15:117db924cf7c 26534 return;
wolfSSL 15:117db924cf7c 26535 XMEMSET(asn1Time->data, 0, sizeof(asn1Time->data));
wolfSSL 15:117db924cf7c 26536 }
wolfSSL 15:117db924cf7c 26537
wolfSSL 16:8e0d178b1d1e 26538 int wolfSSL_sk_num(WOLFSSL_STACK* sk)
wolfSSL 16:8e0d178b1d1e 26539 {
wolfSSL 16:8e0d178b1d1e 26540 WOLFSSL_ENTER("wolfSSL_sk_num");
wolfSSL 16:8e0d178b1d1e 26541 if (sk == NULL)
wolfSSL 16:8e0d178b1d1e 26542 return 0;
wolfSSL 16:8e0d178b1d1e 26543 return (int)sk->num;
wolfSSL 16:8e0d178b1d1e 26544 }
wolfSSL 16:8e0d178b1d1e 26545
wolfSSL 16:8e0d178b1d1e 26546 void* wolfSSL_sk_value(WOLFSSL_STACK* sk, int i)
wolfSSL 16:8e0d178b1d1e 26547 {
wolfSSL 16:8e0d178b1d1e 26548 #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
wolfSSL 16:8e0d178b1d1e 26549 int offset = i;
wolfSSL 16:8e0d178b1d1e 26550 #endif
wolfSSL 16:8e0d178b1d1e 26551 WOLFSSL_ENTER("wolfSSL_sk_value");
wolfSSL 16:8e0d178b1d1e 26552
wolfSSL 16:8e0d178b1d1e 26553 for (; sk != NULL && i > 0; i--)
wolfSSL 16:8e0d178b1d1e 26554 sk = sk->next;
wolfSSL 16:8e0d178b1d1e 26555 if (sk == NULL)
wolfSSL 16:8e0d178b1d1e 26556 return NULL;
wolfSSL 16:8e0d178b1d1e 26557
wolfSSL 16:8e0d178b1d1e 26558 switch (sk->type) {
wolfSSL 16:8e0d178b1d1e 26559 case STACK_TYPE_X509:
wolfSSL 16:8e0d178b1d1e 26560 return (void*)sk->data.x509;
wolfSSL 16:8e0d178b1d1e 26561 case STACK_TYPE_CIPHER:
wolfSSL 16:8e0d178b1d1e 26562 #if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
wolfSSL 16:8e0d178b1d1e 26563 sk->data.cipher.offset = offset;
wolfSSL 16:8e0d178b1d1e 26564 #endif
wolfSSL 16:8e0d178b1d1e 26565 return (void*)&sk->data.cipher;
wolfSSL 16:8e0d178b1d1e 26566 case STACK_TYPE_GEN_NAME:
wolfSSL 16:8e0d178b1d1e 26567 return (void*)sk->data.gn;
wolfSSL 16:8e0d178b1d1e 26568 case STACK_TYPE_ACCESS_DESCRIPTION:
wolfSSL 16:8e0d178b1d1e 26569 return (void*)sk->data.access;
wolfSSL 16:8e0d178b1d1e 26570 case STACK_TYPE_OBJ:
wolfSSL 16:8e0d178b1d1e 26571 return (void*)sk->data.obj;
wolfSSL 16:8e0d178b1d1e 26572 case STACK_TYPE_X509_EXT:
wolfSSL 16:8e0d178b1d1e 26573 return (void*)sk->data.ext;
wolfSSL 16:8e0d178b1d1e 26574 case STACK_TYPE_CONF_VALUE:
wolfSSL 16:8e0d178b1d1e 26575 return (void*)sk->data.conf->value;
wolfSSL 16:8e0d178b1d1e 26576 case STACK_TYPE_NULL:
wolfSSL 16:8e0d178b1d1e 26577 default:
wolfSSL 16:8e0d178b1d1e 26578 return (void*)sk->data.generic;
wolfSSL 16:8e0d178b1d1e 26579 }
wolfSSL 16:8e0d178b1d1e 26580 }
wolfSSL 16:8e0d178b1d1e 26581
wolfSSL 16:8e0d178b1d1e 26582 /* Free the structure for ASN1_OBJECT stack */
wolfSSL 16:8e0d178b1d1e 26583 void wolfSSL_sk_free(WOLFSSL_STACK* sk)
wolfSSL 16:8e0d178b1d1e 26584 {
wolfSSL 16:8e0d178b1d1e 26585 WOLFSSL_ENTER("wolfSSL_sk_free");
wolfSSL 16:8e0d178b1d1e 26586
wolfSSL 16:8e0d178b1d1e 26587 if (sk == NULL) {
wolfSSL 16:8e0d178b1d1e 26588 WOLFSSL_MSG("Error, BAD_FUNC_ARG");
wolfSSL 16:8e0d178b1d1e 26589 return;
wolfSSL 16:8e0d178b1d1e 26590 }
wolfSSL 16:8e0d178b1d1e 26591
wolfSSL 16:8e0d178b1d1e 26592 switch (sk->type) {
wolfSSL 16:8e0d178b1d1e 26593 case STACK_TYPE_X509:
wolfSSL 16:8e0d178b1d1e 26594 wolfSSL_sk_X509_free(sk);
wolfSSL 16:8e0d178b1d1e 26595 break;
wolfSSL 16:8e0d178b1d1e 26596 #if defined(OPENSSL_ALL)
wolfSSL 16:8e0d178b1d1e 26597 case STACK_TYPE_CIPHER:
wolfSSL 16:8e0d178b1d1e 26598 wolfSSL_sk_CIPHER_free(sk);
wolfSSL 16:8e0d178b1d1e 26599 break;
wolfSSL 16:8e0d178b1d1e 26600 #endif
wolfSSL 16:8e0d178b1d1e 26601 case STACK_TYPE_GEN_NAME:
wolfSSL 16:8e0d178b1d1e 26602 wolfSSL_sk_GENERAL_NAME_free(sk);
wolfSSL 16:8e0d178b1d1e 26603 break;
wolfSSL 16:8e0d178b1d1e 26604 #if defined(OPENSSL_ALL) || defined (WOLFSSL_QT)
wolfSSL 16:8e0d178b1d1e 26605 case STACK_TYPE_ACCESS_DESCRIPTION:
wolfSSL 16:8e0d178b1d1e 26606 wolfSSL_sk_ACCESS_DESCRIPTION_free(sk);
wolfSSL 16:8e0d178b1d1e 26607 break;
wolfSSL 16:8e0d178b1d1e 26608 #endif
wolfSSL 16:8e0d178b1d1e 26609 case STACK_TYPE_OBJ:
wolfSSL 16:8e0d178b1d1e 26610 wolfSSL_sk_ASN1_OBJECT_free(sk);
wolfSSL 16:8e0d178b1d1e 26611 break;
wolfSSL 16:8e0d178b1d1e 26612 #ifdef OPENSSL_ALL
wolfSSL 16:8e0d178b1d1e 26613 case STACK_TYPE_X509_INFO:
wolfSSL 16:8e0d178b1d1e 26614 wolfSSL_sk_X509_INFO_free(sk);
wolfSSL 16:8e0d178b1d1e 26615 break;
wolfSSL 16:8e0d178b1d1e 26616 case STACK_TYPE_X509_NAME:
wolfSSL 16:8e0d178b1d1e 26617 wolfSSL_sk_X509_NAME_free(sk);
wolfSSL 16:8e0d178b1d1e 26618 break;
wolfSSL 16:8e0d178b1d1e 26619 case STACK_TYPE_CONF_VALUE:
wolfSSL 16:8e0d178b1d1e 26620 wolfSSL_sk_CONF_VALUE_free(sk);
wolfSSL 16:8e0d178b1d1e 26621 break;
wolfSSL 16:8e0d178b1d1e 26622 #endif
wolfSSL 16:8e0d178b1d1e 26623 case STACK_TYPE_NULL:
wolfSSL 16:8e0d178b1d1e 26624 default:
wolfSSL 16:8e0d178b1d1e 26625 wolfSSL_sk_GENERIC_free(sk);
wolfSSL 16:8e0d178b1d1e 26626 }
wolfSSL 16:8e0d178b1d1e 26627 }
wolfSSL 16:8e0d178b1d1e 26628 /* Frees each node in the stack and frees the stack.
wolfSSL 16:8e0d178b1d1e 26629 * Does not free any internal members of the stack nodes.
wolfSSL 16:8e0d178b1d1e 26630 */
wolfSSL 16:8e0d178b1d1e 26631 void wolfSSL_sk_GENERIC_pop_free(WOLFSSL_STACK* sk,
wolfSSL 16:8e0d178b1d1e 26632 void (*f) (void*))
wolfSSL 16:8e0d178b1d1e 26633 {
wolfSSL 16:8e0d178b1d1e 26634 WOLFSSL_STACK* node;
wolfSSL 16:8e0d178b1d1e 26635 WOLFSSL_STACK* tmp;
wolfSSL 16:8e0d178b1d1e 26636 WOLFSSL_ENTER("wolfSSL_sk_GENERIC_pop_free");
wolfSSL 16:8e0d178b1d1e 26637
wolfSSL 16:8e0d178b1d1e 26638 if (sk == NULL)
wolfSSL 16:8e0d178b1d1e 26639 return;
wolfSSL 16:8e0d178b1d1e 26640
wolfSSL 16:8e0d178b1d1e 26641 /* parse through stack freeing each node */
wolfSSL 16:8e0d178b1d1e 26642 node = sk->next;
wolfSSL 16:8e0d178b1d1e 26643 while (node) {
wolfSSL 16:8e0d178b1d1e 26644 tmp = node;
wolfSSL 16:8e0d178b1d1e 26645 node = node->next;
wolfSSL 16:8e0d178b1d1e 26646 if (f)
wolfSSL 16:8e0d178b1d1e 26647 f(tmp->data.generic);
wolfSSL 16:8e0d178b1d1e 26648 tmp->data.generic = NULL;
wolfSSL 16:8e0d178b1d1e 26649 XFREE(tmp, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL 16:8e0d178b1d1e 26650 }
wolfSSL 16:8e0d178b1d1e 26651
wolfSSL 16:8e0d178b1d1e 26652 /* free head of stack */
wolfSSL 16:8e0d178b1d1e 26653 XFREE(sk, NULL, DYNAMIC_TYPE_ASN1);
wolfSSL 16:8e0d178b1d1e 26654 }
wolfSSL 16:8e0d178b1d1e 26655
wolfSSL 16:8e0d178b1d1e 26656 /* return 1 on success 0 on fail */
wolfSSL 16:8e0d178b1d1e 26657 int wolfSSL_sk_GENERIC_push(WOLFSSL_STACK* sk, void* generic)
wolfSSL 16:8e0d178b1d1e 26658 {
wolfSSL 16:8e0d178b1d1e 26659 WOLFSSL_STACK* node;
wolfSSL 16:8e0d178b1d1e 26660
wolfSSL 16:8e0d178b1d1e 26661 WOLFSSL_ENTER("wolfSSL_sk_GENERIC_push");
wolfSSL 16:8e0d178b1d1e 26662
wolfSSL 16:8e0d178b1d1e 26663 if (sk == NULL || generic == NULL) {
wolfSSL 16:8e0d178b1d1e 26664 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 26665 }
wolfSSL 16:8e0d178b1d1e 26666
wolfSSL 16:8e0d178b1d1e 26667 /* no previous values in stack */
wolfSSL 16:8e0d178b1d1e 26668 if (sk->data.generic == NULL) {
wolfSSL 16:8e0d178b1d1e 26669 sk->data.generic = generic;
wolfSSL 16:8e0d178b1d1e 26670 sk->num += 1;
wolfSSL 16:8e0d178b1d1e 26671 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 26672 }
wolfSSL 16:8e0d178b1d1e 26673
wolfSSL 16:8e0d178b1d1e 26674 /* stack already has value(s) create a new node and add more */
wolfSSL 16:8e0d178b1d1e 26675 node = (WOLFSSL_STACK*)XMALLOC(sizeof(WOLFSSL_STACK),NULL,DYNAMIC_TYPE_SSL);
wolfSSL 16:8e0d178b1d1e 26676 if (node == NULL) {
wolfSSL 16:8e0d178b1d1e 26677 WOLFSSL_MSG("Memory error");
wolfSSL 16:8e0d178b1d1e 26678 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 26679 }
wolfSSL 16:8e0d178b1d1e 26680 XMEMSET(node, 0, sizeof(WOLFSSL_STACK));
wolfSSL 16:8e0d178b1d1e 26681
wolfSSL 16:8e0d178b1d1e 26682 /* push new node onto head of stack */
wolfSSL 16:8e0d178b1d1e 26683 node->type = sk->type;
wolfSSL 16:8e0d178b1d1e 26684 node->data.generic = sk->data.generic;
wolfSSL 16:8e0d178b1d1e 26685 node->next = sk->next;
wolfSSL 16:8e0d178b1d1e 26686 sk->next = node;
wolfSSL 16:8e0d178b1d1e 26687 sk->data.generic = generic;
wolfSSL 16:8e0d178b1d1e 26688 sk->num += 1;
wolfSSL 16:8e0d178b1d1e 26689
wolfSSL 16:8e0d178b1d1e 26690 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 26691 }
wolfSSL 16:8e0d178b1d1e 26692 void wolfSSL_sk_GENERIC_free(WOLFSSL_STACK* sk)
wolfSSL 16:8e0d178b1d1e 26693 {
wolfSSL 16:8e0d178b1d1e 26694 wolfSSL_sk_GENERIC_pop_free(sk, NULL);
wolfSSL 16:8e0d178b1d1e 26695 }
wolfSSL 16:8e0d178b1d1e 26696
wolfSSL 16:8e0d178b1d1e 26697
wolfSSL 16:8e0d178b1d1e 26698 /* Free all nodes in a stack */
wolfSSL 16:8e0d178b1d1e 26699 void wolfSSL_sk_pop_free(WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)* sk,
wolfSSL 16:8e0d178b1d1e 26700 wolfSSL_sk_freefunc func)
wolfSSL 16:8e0d178b1d1e 26701 {
wolfSSL 16:8e0d178b1d1e 26702 WOLFSSL_ENTER("wolfSSL_sk_pop_free");
wolfSSL 16:8e0d178b1d1e 26703
wolfSSL 16:8e0d178b1d1e 26704 if (sk == NULL) {
wolfSSL 16:8e0d178b1d1e 26705 WOLFSSL_MSG("Error, BAD_FUNC_ARG");
wolfSSL 16:8e0d178b1d1e 26706 return;
wolfSSL 16:8e0d178b1d1e 26707 }
wolfSSL 16:8e0d178b1d1e 26708
wolfSSL 16:8e0d178b1d1e 26709 switch(sk->type) {
wolfSSL 16:8e0d178b1d1e 26710 #if defined(OPENSSL_ALL) || defined (WOLFSSL_QT)
wolfSSL 16:8e0d178b1d1e 26711 case STACK_TYPE_ACCESS_DESCRIPTION:
wolfSSL 16:8e0d178b1d1e 26712 wolfSSL_sk_ACCESS_DESCRIPTION_pop_free(sk,
wolfSSL 16:8e0d178b1d1e 26713 wolfSSL_ACCESS_DESCRIPTION_free);
wolfSSL 16:8e0d178b1d1e 26714 break;
wolfSSL 16:8e0d178b1d1e 26715 #endif
wolfSSL 16:8e0d178b1d1e 26716 case STACK_TYPE_X509:
wolfSSL 16:8e0d178b1d1e 26717 wolfSSL_sk_X509_pop_free(sk,(void (*)(WOLFSSL_X509*))func);
wolfSSL 16:8e0d178b1d1e 26718 break;
wolfSSL 16:8e0d178b1d1e 26719 case STACK_TYPE_OBJ:
wolfSSL 16:8e0d178b1d1e 26720 wolfSSL_sk_ASN1_OBJECT_pop_free(sk,
wolfSSL 16:8e0d178b1d1e 26721 (void (*)(WOLFSSL_ASN1_OBJECT*))func);
wolfSSL 16:8e0d178b1d1e 26722 break;
wolfSSL 16:8e0d178b1d1e 26723 case STACK_TYPE_GEN_NAME:
wolfSSL 16:8e0d178b1d1e 26724 wolfSSL_sk_GENERAL_NAME_pop_free(sk,
wolfSSL 16:8e0d178b1d1e 26725 (void (*)(WOLFSSL_GENERAL_NAME*))func);
wolfSSL 16:8e0d178b1d1e 26726 break;
wolfSSL 16:8e0d178b1d1e 26727 #ifdef OPENSSL_ALL
wolfSSL 16:8e0d178b1d1e 26728 case STACK_TYPE_X509_NAME:
wolfSSL 16:8e0d178b1d1e 26729 wolfSSL_sk_X509_NAME_pop_free(sk,
wolfSSL 16:8e0d178b1d1e 26730 (void (*)(WOLFSSL_X509_NAME*))func);
wolfSSL 16:8e0d178b1d1e 26731 break;
wolfSSL 16:8e0d178b1d1e 26732 case STACK_TYPE_X509_EXT:
wolfSSL 16:8e0d178b1d1e 26733 wolfSSL_sk_X509_EXTENSION_pop_free(sk,
wolfSSL 16:8e0d178b1d1e 26734 (void (*)(WOLFSSL_X509_EXTENSION*))func);
wolfSSL 16:8e0d178b1d1e 26735 break;
wolfSSL 16:8e0d178b1d1e 26736 #endif
wolfSSL 16:8e0d178b1d1e 26737 #if defined(OPENSSL_ALL)
wolfSSL 16:8e0d178b1d1e 26738 case STACK_TYPE_X509_INFO:
wolfSSL 16:8e0d178b1d1e 26739 wolfSSL_sk_X509_INFO_pop_free(sk,
wolfSSL 16:8e0d178b1d1e 26740 (void (*)(WOLFSSL_X509_INFO*))func);
wolfSSL 16:8e0d178b1d1e 26741 break;
wolfSSL 16:8e0d178b1d1e 26742 #endif
wolfSSL 16:8e0d178b1d1e 26743 default:
wolfSSL 16:8e0d178b1d1e 26744 wolfSSL_sk_GENERIC_pop_free(sk,
wolfSSL 16:8e0d178b1d1e 26745 (void (*)(void*))func);
wolfSSL 16:8e0d178b1d1e 26746 break;
wolfSSL 16:8e0d178b1d1e 26747 }
wolfSSL 16:8e0d178b1d1e 26748 }
wolfSSL 16:8e0d178b1d1e 26749
wolfSSL 16:8e0d178b1d1e 26750 #if defined(OPENSSL_ALL)
wolfSSL 16:8e0d178b1d1e 26751 /* Free the structure for WOLFSSL_CONF_VALUE stack
wolfSSL 16:8e0d178b1d1e 26752 *
wolfSSL 16:8e0d178b1d1e 26753 * sk stack to free nodes in
wolfSSL 16:8e0d178b1d1e 26754 */
wolfSSL 16:8e0d178b1d1e 26755 void wolfSSL_sk_CONF_VALUE_free(WOLF_STACK_OF(WOLFSSL_CONF_VALUE)* sk)
wolfSSL 16:8e0d178b1d1e 26756 {
wolfSSL 16:8e0d178b1d1e 26757 WOLFSSL_STACK* node;
wolfSSL 16:8e0d178b1d1e 26758 WOLFSSL_STACK* tmp;
wolfSSL 16:8e0d178b1d1e 26759 WOLFSSL_ENTER("wolfSSL_sk_CONF_VALUE_free");
wolfSSL 16:8e0d178b1d1e 26760
wolfSSL 16:8e0d178b1d1e 26761 if (sk == NULL)
wolfSSL 16:8e0d178b1d1e 26762 return;
wolfSSL 16:8e0d178b1d1e 26763
wolfSSL 16:8e0d178b1d1e 26764 /* parse through stack freeing each node */
wolfSSL 16:8e0d178b1d1e 26765 node = sk->next;
wolfSSL 16:8e0d178b1d1e 26766 while (node) {
wolfSSL 16:8e0d178b1d1e 26767 tmp = node;
wolfSSL 16:8e0d178b1d1e 26768 node = node->next;
wolfSSL 16:8e0d178b1d1e 26769 XFREE(tmp, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL 16:8e0d178b1d1e 26770 }
wolfSSL 16:8e0d178b1d1e 26771
wolfSSL 16:8e0d178b1d1e 26772 /* free head of stack */
wolfSSL 16:8e0d178b1d1e 26773 XFREE(sk, NULL, DYNAMIC_TYPE_ASN1);
wolfSSL 16:8e0d178b1d1e 26774 }
wolfSSL 16:8e0d178b1d1e 26775 #endif
wolfSSL 16:8e0d178b1d1e 26776
wolfSSL 16:8e0d178b1d1e 26777 /* Creates and returns a new null stack. */
wolfSSL 16:8e0d178b1d1e 26778 WOLFSSL_STACK* wolfSSL_sk_new_null(void)
wolfSSL 16:8e0d178b1d1e 26779 {
wolfSSL 16:8e0d178b1d1e 26780 WOLFSSL_STACK* sk;
wolfSSL 16:8e0d178b1d1e 26781 WOLFSSL_ENTER("wolfSSL_sk_new_null");
wolfSSL 16:8e0d178b1d1e 26782
wolfSSL 16:8e0d178b1d1e 26783 sk = (WOLFSSL_STACK*)XMALLOC(sizeof(WOLFSSL_STACK), NULL,
wolfSSL 16:8e0d178b1d1e 26784 DYNAMIC_TYPE_OPENSSL);
wolfSSL 16:8e0d178b1d1e 26785 if (sk == NULL) {
wolfSSL 16:8e0d178b1d1e 26786 WOLFSSL_MSG("WOLFSSL_STACK memory error");
wolfSSL 16:8e0d178b1d1e 26787 return NULL;
wolfSSL 16:8e0d178b1d1e 26788 }
wolfSSL 16:8e0d178b1d1e 26789
wolfSSL 16:8e0d178b1d1e 26790 XMEMSET(sk, 0, sizeof(WOLFSSL_STACK));
wolfSSL 16:8e0d178b1d1e 26791 sk->type = STACK_TYPE_NULL;
wolfSSL 16:8e0d178b1d1e 26792
wolfSSL 16:8e0d178b1d1e 26793 return sk;
wolfSSL 16:8e0d178b1d1e 26794 }
wolfSSL 16:8e0d178b1d1e 26795
wolfSSL 16:8e0d178b1d1e 26796 /* frees the wolfSSL_BASIC_CONSTRAINTS object */
wolfSSL 16:8e0d178b1d1e 26797 void wolfSSL_BASIC_CONSTRAINTS_free(WOLFSSL_BASIC_CONSTRAINTS *bc)
wolfSSL 16:8e0d178b1d1e 26798 {
wolfSSL 16:8e0d178b1d1e 26799 WOLFSSL_ENTER("wolfSSL_BASIC_CONSTRAINTS_free");
wolfSSL 16:8e0d178b1d1e 26800 if (bc == NULL) {
wolfSSL 16:8e0d178b1d1e 26801 WOLFSSL_MSG("Argument is NULL");
wolfSSL 16:8e0d178b1d1e 26802 return;
wolfSSL 16:8e0d178b1d1e 26803 }
wolfSSL 16:8e0d178b1d1e 26804 if (bc->pathlen) {
wolfSSL 16:8e0d178b1d1e 26805 wolfSSL_ASN1_INTEGER_free(bc->pathlen);
wolfSSL 16:8e0d178b1d1e 26806 }
wolfSSL 16:8e0d178b1d1e 26807 XFREE(bc, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL 16:8e0d178b1d1e 26808 }
wolfSSL 16:8e0d178b1d1e 26809
wolfSSL 16:8e0d178b1d1e 26810 /* frees the wolfSSL_AUTHORITY_KEYID object */
wolfSSL 16:8e0d178b1d1e 26811 void wolfSSL_AUTHORITY_KEYID_free(WOLFSSL_AUTHORITY_KEYID *id)
wolfSSL 16:8e0d178b1d1e 26812 {
wolfSSL 16:8e0d178b1d1e 26813 WOLFSSL_ENTER("wolfSSL_AUTHORITY_KEYID_free");
wolfSSL 16:8e0d178b1d1e 26814 if(id == NULL) {
wolfSSL 16:8e0d178b1d1e 26815 WOLFSSL_MSG("Argument is NULL");
wolfSSL 16:8e0d178b1d1e 26816 return;
wolfSSL 16:8e0d178b1d1e 26817 }
wolfSSL 16:8e0d178b1d1e 26818 if (id->keyid) {
wolfSSL 16:8e0d178b1d1e 26819 wolfSSL_ASN1_STRING_free(id->keyid);
wolfSSL 16:8e0d178b1d1e 26820 }
wolfSSL 16:8e0d178b1d1e 26821 if (id->issuer) {
wolfSSL 16:8e0d178b1d1e 26822 wolfSSL_ASN1_OBJECT_free(id->issuer);
wolfSSL 16:8e0d178b1d1e 26823 }
wolfSSL 16:8e0d178b1d1e 26824 if (id->serial) {
wolfSSL 16:8e0d178b1d1e 26825 wolfSSL_ASN1_INTEGER_free(id->serial);
wolfSSL 16:8e0d178b1d1e 26826 }
wolfSSL 16:8e0d178b1d1e 26827 XFREE(id, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL 16:8e0d178b1d1e 26828 }
wolfSSL 16:8e0d178b1d1e 26829
wolfSSL 16:8e0d178b1d1e 26830 int wolfSSL_sk_SSL_COMP_num(WOLF_STACK_OF(WOLFSSL_COMP)* sk)
wolfSSL 15:117db924cf7c 26831 {
wolfSSL 15:117db924cf7c 26832 if (sk == NULL)
wolfSSL 15:117db924cf7c 26833 return 0;
wolfSSL 15:117db924cf7c 26834 return (int)sk->num;
wolfSSL 15:117db924cf7c 26835 }
wolfSSL 15:117db924cf7c 26836
wolfSSL 15:117db924cf7c 26837 #endif /* OPENSSL_EXTRA */
wolfSSL 15:117db924cf7c 26838
wolfSSL 15:117db924cf7c 26839 #if defined(OPENSSL_EXTRA) || defined(HAVE_EXT_CACHE)
wolfSSL 16:8e0d178b1d1e 26840 /* stunnel 4.28 needs
wolfSSL 16:8e0d178b1d1e 26841 *
wolfSSL 16:8e0d178b1d1e 26842 * Callback that is called if a session tries to resume but could not find
wolfSSL 16:8e0d178b1d1e 26843 * the session to resume it.
wolfSSL 16:8e0d178b1d1e 26844 */
wolfSSL 15:117db924cf7c 26845 void wolfSSL_CTX_sess_set_get_cb(WOLFSSL_CTX* ctx,
wolfSSL 15:117db924cf7c 26846 WOLFSSL_SESSION*(*f)(WOLFSSL*, unsigned char*, int, int*))
wolfSSL 15:117db924cf7c 26847 {
wolfSSL 16:8e0d178b1d1e 26848 if (ctx == NULL)
wolfSSL 16:8e0d178b1d1e 26849 return;
wolfSSL 16:8e0d178b1d1e 26850
wolfSSL 15:117db924cf7c 26851 #ifdef HAVE_EXT_CACHE
wolfSSL 15:117db924cf7c 26852 ctx->get_sess_cb = f;
wolfSSL 15:117db924cf7c 26853 #else
wolfSSL 15:117db924cf7c 26854 (void)f;
wolfSSL 15:117db924cf7c 26855 #endif
wolfSSL 15:117db924cf7c 26856 }
wolfSSL 15:117db924cf7c 26857
wolfSSL 15:117db924cf7c 26858 void wolfSSL_CTX_sess_set_new_cb(WOLFSSL_CTX* ctx,
wolfSSL 15:117db924cf7c 26859 int (*f)(WOLFSSL*, WOLFSSL_SESSION*))
wolfSSL 15:117db924cf7c 26860 {
wolfSSL 16:8e0d178b1d1e 26861 if (ctx == NULL)
wolfSSL 16:8e0d178b1d1e 26862 return;
wolfSSL 16:8e0d178b1d1e 26863
wolfSSL 15:117db924cf7c 26864 #ifdef HAVE_EXT_CACHE
wolfSSL 15:117db924cf7c 26865 ctx->new_sess_cb = f;
wolfSSL 15:117db924cf7c 26866 #else
wolfSSL 15:117db924cf7c 26867 (void)f;
wolfSSL 15:117db924cf7c 26868 #endif
wolfSSL 15:117db924cf7c 26869 }
wolfSSL 15:117db924cf7c 26870
wolfSSL 15:117db924cf7c 26871 void wolfSSL_CTX_sess_set_remove_cb(WOLFSSL_CTX* ctx, void (*f)(WOLFSSL_CTX*,
wolfSSL 15:117db924cf7c 26872 WOLFSSL_SESSION*))
wolfSSL 15:117db924cf7c 26873 {
wolfSSL 16:8e0d178b1d1e 26874 if (ctx == NULL)
wolfSSL 16:8e0d178b1d1e 26875 return;
wolfSSL 16:8e0d178b1d1e 26876
wolfSSL 15:117db924cf7c 26877 #ifdef HAVE_EXT_CACHE
wolfSSL 15:117db924cf7c 26878 ctx->rem_sess_cb = f;
wolfSSL 15:117db924cf7c 26879 #else
wolfSSL 15:117db924cf7c 26880 (void)f;
wolfSSL 15:117db924cf7c 26881 #endif
wolfSSL 15:117db924cf7c 26882 }
wolfSSL 15:117db924cf7c 26883 #endif /* OPENSSL_EXTRA || HAVE_EXT_CACHE */
wolfSSL 15:117db924cf7c 26884
wolfSSL 15:117db924cf7c 26885 #ifdef OPENSSL_EXTRA
wolfSSL 15:117db924cf7c 26886
wolfSSL 15:117db924cf7c 26887 /*
wolfSSL 15:117db924cf7c 26888 *
wolfSSL 15:117db924cf7c 26889 * Note: It is expected that the importing and exporting function have been
wolfSSL 15:117db924cf7c 26890 * built with the same settings. For example if session tickets was
wolfSSL 15:117db924cf7c 26891 * enabled with the wolfSSL library exporting a session then it is
wolfSSL 15:117db924cf7c 26892 * expected to be turned on with the wolfSSL library importing the session.
wolfSSL 15:117db924cf7c 26893 */
wolfSSL 15:117db924cf7c 26894 int wolfSSL_i2d_SSL_SESSION(WOLFSSL_SESSION* sess, unsigned char** p)
wolfSSL 15:117db924cf7c 26895 {
wolfSSL 15:117db924cf7c 26896 int size = 0;
wolfSSL 15:117db924cf7c 26897 #ifdef HAVE_EXT_CACHE
wolfSSL 15:117db924cf7c 26898 int idx = 0;
wolfSSL 15:117db924cf7c 26899 #ifdef SESSION_CERTS
wolfSSL 15:117db924cf7c 26900 int i;
wolfSSL 15:117db924cf7c 26901 #endif
wolfSSL 15:117db924cf7c 26902 unsigned char *data;
wolfSSL 15:117db924cf7c 26903
wolfSSL 15:117db924cf7c 26904 if (sess == NULL) {
wolfSSL 15:117db924cf7c 26905 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 26906 }
wolfSSL 15:117db924cf7c 26907
wolfSSL 15:117db924cf7c 26908 /* bornOn | timeout | sessionID len | sessionID | masterSecret | haveEMS */
wolfSSL 15:117db924cf7c 26909 size += OPAQUE32_LEN + OPAQUE32_LEN + OPAQUE8_LEN + sess->sessionIDSz +
wolfSSL 15:117db924cf7c 26910 SECRET_LEN + OPAQUE8_LEN;
wolfSSL 15:117db924cf7c 26911 #ifdef SESSION_CERTS
wolfSSL 15:117db924cf7c 26912 /* Peer chain */
wolfSSL 15:117db924cf7c 26913 size += OPAQUE8_LEN;
wolfSSL 15:117db924cf7c 26914 for (i = 0; i < sess->chain.count; i++)
wolfSSL 15:117db924cf7c 26915 size += OPAQUE16_LEN + sess->chain.certs[i].length;
wolfSSL 16:8e0d178b1d1e 26916 #endif
wolfSSL 16:8e0d178b1d1e 26917 #if defined(SESSION_CERTS) || (defined(WOLFSSL_TLS13) && \
wolfSSL 16:8e0d178b1d1e 26918 defined(HAVE_SESSION_TICKET))
wolfSSL 16:8e0d178b1d1e 26919 /* Protocol version */
wolfSSL 16:8e0d178b1d1e 26920 size += OPAQUE16_LEN;
wolfSSL 16:8e0d178b1d1e 26921 #endif
wolfSSL 16:8e0d178b1d1e 26922 #if defined(SESSION_CERTS) || !defined(NO_RESUME_SUITE_CHECK) || \
wolfSSL 16:8e0d178b1d1e 26923 (defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET))
wolfSSL 16:8e0d178b1d1e 26924 /* cipher suite */
wolfSSL 16:8e0d178b1d1e 26925 size += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 26926 #endif
wolfSSL 15:117db924cf7c 26927 #ifndef NO_CLIENT_CACHE
wolfSSL 15:117db924cf7c 26928 /* ServerID len | ServerID */
wolfSSL 15:117db924cf7c 26929 size += OPAQUE16_LEN + sess->idLen;
wolfSSL 15:117db924cf7c 26930 #endif
wolfSSL 16:8e0d178b1d1e 26931 #ifdef OPENSSL_EXTRA
wolfSSL 16:8e0d178b1d1e 26932 /* session context ID len | session context ID */
wolfSSL 16:8e0d178b1d1e 26933 size += OPAQUE8_LEN + sess->sessionCtxSz;
wolfSSL 16:8e0d178b1d1e 26934 #endif
wolfSSL 16:8e0d178b1d1e 26935 #ifdef WOLFSSL_TLS13
wolfSSL 16:8e0d178b1d1e 26936 /* namedGroup */
wolfSSL 16:8e0d178b1d1e 26937 size += OPAQUE16_LEN;
wolfSSL 16:8e0d178b1d1e 26938 #endif
wolfSSL 16:8e0d178b1d1e 26939 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
wolfSSL 16:8e0d178b1d1e 26940 #ifdef WOLFSSL_TLS13
wolfSSL 16:8e0d178b1d1e 26941 /* ticketSeen | ticketAdd */
wolfSSL 16:8e0d178b1d1e 26942 size += OPAQUE32_LEN + OPAQUE32_LEN;
wolfSSL 16:8e0d178b1d1e 26943 #ifndef WOLFSSL_TLS13_DRAFT_18
wolfSSL 16:8e0d178b1d1e 26944 /* ticketNonce */
wolfSSL 16:8e0d178b1d1e 26945 size += OPAQUE8_LEN + sess->ticketNonce.len;
wolfSSL 16:8e0d178b1d1e 26946 #endif
wolfSSL 16:8e0d178b1d1e 26947 #endif
wolfSSL 16:8e0d178b1d1e 26948 #ifdef WOLFSSL_EARLY_DATA
wolfSSL 16:8e0d178b1d1e 26949 size += OPAQUE32_LEN;
wolfSSL 16:8e0d178b1d1e 26950 #endif
wolfSSL 16:8e0d178b1d1e 26951 #endif
wolfSSL 15:117db924cf7c 26952 #ifdef HAVE_SESSION_TICKET
wolfSSL 15:117db924cf7c 26953 /* ticket len | ticket */
wolfSSL 15:117db924cf7c 26954 size += OPAQUE16_LEN + sess->ticketLen;
wolfSSL 15:117db924cf7c 26955 #endif
wolfSSL 15:117db924cf7c 26956
wolfSSL 15:117db924cf7c 26957 if (p != NULL) {
wolfSSL 15:117db924cf7c 26958 if (*p == NULL)
wolfSSL 15:117db924cf7c 26959 *p = (unsigned char*)XMALLOC(size, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL 15:117db924cf7c 26960 if (*p == NULL)
wolfSSL 15:117db924cf7c 26961 return 0;
wolfSSL 15:117db924cf7c 26962 data = *p;
wolfSSL 15:117db924cf7c 26963
wolfSSL 15:117db924cf7c 26964 c32toa(sess->bornOn, data + idx); idx += OPAQUE32_LEN;
wolfSSL 15:117db924cf7c 26965 c32toa(sess->timeout, data + idx); idx += OPAQUE32_LEN;
wolfSSL 15:117db924cf7c 26966 data[idx++] = sess->sessionIDSz;
wolfSSL 15:117db924cf7c 26967 XMEMCPY(data + idx, sess->sessionID, sess->sessionIDSz);
wolfSSL 15:117db924cf7c 26968 idx += sess->sessionIDSz;
wolfSSL 15:117db924cf7c 26969 XMEMCPY(data + idx, sess->masterSecret, SECRET_LEN); idx += SECRET_LEN;
wolfSSL 15:117db924cf7c 26970 data[idx++] = (byte)sess->haveEMS;
wolfSSL 15:117db924cf7c 26971 #ifdef SESSION_CERTS
wolfSSL 15:117db924cf7c 26972 data[idx++] = (byte)sess->chain.count;
wolfSSL 15:117db924cf7c 26973 for (i = 0; i < sess->chain.count; i++) {
wolfSSL 15:117db924cf7c 26974 c16toa((word16)sess->chain.certs[i].length, data + idx);
wolfSSL 15:117db924cf7c 26975 idx += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 26976 XMEMCPY(data + idx, sess->chain.certs[i].buffer,
wolfSSL 15:117db924cf7c 26977 sess->chain.certs[i].length);
wolfSSL 15:117db924cf7c 26978 idx += sess->chain.certs[i].length;
wolfSSL 15:117db924cf7c 26979 }
wolfSSL 16:8e0d178b1d1e 26980 #endif
wolfSSL 16:8e0d178b1d1e 26981 #if defined(SESSION_CERTS) || (defined(WOLFSSL_TLS13) && \
wolfSSL 16:8e0d178b1d1e 26982 defined(HAVE_SESSION_TICKET))
wolfSSL 15:117db924cf7c 26983 data[idx++] = sess->version.major;
wolfSSL 15:117db924cf7c 26984 data[idx++] = sess->version.minor;
wolfSSL 16:8e0d178b1d1e 26985 #endif
wolfSSL 16:8e0d178b1d1e 26986 #if defined(SESSION_CERTS) || !defined(NO_RESUME_SUITE_CHECK) || \
wolfSSL 16:8e0d178b1d1e 26987 (defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET))
wolfSSL 15:117db924cf7c 26988 data[idx++] = sess->cipherSuite0;
wolfSSL 15:117db924cf7c 26989 data[idx++] = sess->cipherSuite;
wolfSSL 15:117db924cf7c 26990 #endif
wolfSSL 15:117db924cf7c 26991 #ifndef NO_CLIENT_CACHE
wolfSSL 15:117db924cf7c 26992 c16toa(sess->idLen, data + idx); idx += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 26993 XMEMCPY(data + idx, sess->serverID, sess->idLen);
wolfSSL 15:117db924cf7c 26994 idx += sess->idLen;
wolfSSL 15:117db924cf7c 26995 #endif
wolfSSL 16:8e0d178b1d1e 26996 #ifdef OPENSSL_EXTRA
wolfSSL 16:8e0d178b1d1e 26997 data[idx++] = sess->sessionCtxSz;
wolfSSL 16:8e0d178b1d1e 26998 XMEMCPY(data + idx, sess->sessionCtx, sess->sessionCtxSz);
wolfSSL 16:8e0d178b1d1e 26999 idx += sess->sessionCtxSz;
wolfSSL 16:8e0d178b1d1e 27000 #endif
wolfSSL 16:8e0d178b1d1e 27001 #ifdef WOLFSSL_TLS13
wolfSSL 16:8e0d178b1d1e 27002 c16toa(sess->namedGroup, data + idx);
wolfSSL 16:8e0d178b1d1e 27003 idx += OPAQUE16_LEN;
wolfSSL 16:8e0d178b1d1e 27004 #endif
wolfSSL 16:8e0d178b1d1e 27005 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
wolfSSL 16:8e0d178b1d1e 27006 #ifdef WOLFSSL_TLS13
wolfSSL 16:8e0d178b1d1e 27007 c32toa(sess->ticketSeen, data + idx);
wolfSSL 16:8e0d178b1d1e 27008 idx += OPAQUE32_LEN;
wolfSSL 16:8e0d178b1d1e 27009 c32toa(sess->ticketAdd, data + idx);
wolfSSL 16:8e0d178b1d1e 27010 idx += OPAQUE32_LEN;
wolfSSL 16:8e0d178b1d1e 27011 #ifndef WOLFSSL_TLS13_DRAFT_18
wolfSSL 16:8e0d178b1d1e 27012 data[idx++] = sess->ticketNonce.len;
wolfSSL 16:8e0d178b1d1e 27013 XMEMCPY(data + idx, sess->ticketNonce.data, sess->ticketNonce.len);
wolfSSL 16:8e0d178b1d1e 27014 idx += sess->ticketNonce.len;
wolfSSL 16:8e0d178b1d1e 27015 #endif
wolfSSL 16:8e0d178b1d1e 27016 #endif
wolfSSL 16:8e0d178b1d1e 27017 #ifdef WOLFSSL_EARLY_DATA
wolfSSL 16:8e0d178b1d1e 27018 c32toa(sess->maxEarlyDataSz, data + idx);
wolfSSL 16:8e0d178b1d1e 27019 idx += OPAQUE32_LEN;
wolfSSL 16:8e0d178b1d1e 27020 #endif
wolfSSL 16:8e0d178b1d1e 27021 #endif
wolfSSL 15:117db924cf7c 27022 #ifdef HAVE_SESSION_TICKET
wolfSSL 15:117db924cf7c 27023 c16toa(sess->ticketLen, data + idx); idx += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 27024 XMEMCPY(data + idx, sess->ticket, sess->ticketLen);
wolfSSL 15:117db924cf7c 27025 idx += sess->ticketLen;
wolfSSL 15:117db924cf7c 27026 #endif
wolfSSL 15:117db924cf7c 27027 }
wolfSSL 15:117db924cf7c 27028 #endif
wolfSSL 15:117db924cf7c 27029
wolfSSL 15:117db924cf7c 27030 (void)sess;
wolfSSL 15:117db924cf7c 27031 (void)p;
wolfSSL 15:117db924cf7c 27032 #ifdef HAVE_EXT_CACHE
wolfSSL 15:117db924cf7c 27033 (void)idx;
wolfSSL 15:117db924cf7c 27034 #endif
wolfSSL 15:117db924cf7c 27035
wolfSSL 15:117db924cf7c 27036 return size;
wolfSSL 15:117db924cf7c 27037 }
wolfSSL 15:117db924cf7c 27038
wolfSSL 15:117db924cf7c 27039
wolfSSL 15:117db924cf7c 27040 /* TODO: no function to free new session.
wolfSSL 15:117db924cf7c 27041 *
wolfSSL 15:117db924cf7c 27042 * Note: It is expected that the importing and exporting function have been
wolfSSL 15:117db924cf7c 27043 * built with the same settings. For example if session tickets was
wolfSSL 15:117db924cf7c 27044 * enabled with the wolfSSL library exporting a session then it is
wolfSSL 15:117db924cf7c 27045 * expected to be turned on with the wolfSSL library importing the session.
wolfSSL 15:117db924cf7c 27046 */
wolfSSL 15:117db924cf7c 27047 WOLFSSL_SESSION* wolfSSL_d2i_SSL_SESSION(WOLFSSL_SESSION** sess,
wolfSSL 15:117db924cf7c 27048 const unsigned char** p, long i)
wolfSSL 15:117db924cf7c 27049 {
wolfSSL 15:117db924cf7c 27050 WOLFSSL_SESSION* s = NULL;
wolfSSL 15:117db924cf7c 27051 int ret = 0;
wolfSSL 15:117db924cf7c 27052 #if defined(HAVE_EXT_CACHE)
wolfSSL 15:117db924cf7c 27053 int idx;
wolfSSL 15:117db924cf7c 27054 byte* data;
wolfSSL 15:117db924cf7c 27055 #ifdef SESSION_CERTS
wolfSSL 15:117db924cf7c 27056 int j;
wolfSSL 15:117db924cf7c 27057 word16 length;
wolfSSL 15:117db924cf7c 27058 #endif
wolfSSL 15:117db924cf7c 27059 #endif
wolfSSL 15:117db924cf7c 27060
wolfSSL 15:117db924cf7c 27061 (void)p;
wolfSSL 15:117db924cf7c 27062 (void)i;
wolfSSL 15:117db924cf7c 27063 (void)ret;
wolfSSL 15:117db924cf7c 27064
wolfSSL 15:117db924cf7c 27065 if (sess != NULL)
wolfSSL 15:117db924cf7c 27066 s = *sess;
wolfSSL 15:117db924cf7c 27067
wolfSSL 15:117db924cf7c 27068 #ifdef HAVE_EXT_CACHE
wolfSSL 15:117db924cf7c 27069 if (p == NULL || *p == NULL)
wolfSSL 15:117db924cf7c 27070 return NULL;
wolfSSL 15:117db924cf7c 27071
wolfSSL 15:117db924cf7c 27072 if (s == NULL) {
wolfSSL 15:117db924cf7c 27073 s = (WOLFSSL_SESSION*)XMALLOC(sizeof(WOLFSSL_SESSION), NULL,
wolfSSL 15:117db924cf7c 27074 DYNAMIC_TYPE_OPENSSL);
wolfSSL 15:117db924cf7c 27075 if (s == NULL)
wolfSSL 15:117db924cf7c 27076 return NULL;
wolfSSL 15:117db924cf7c 27077 XMEMSET(s, 0, sizeof(WOLFSSL_SESSION));
wolfSSL 15:117db924cf7c 27078 s->isAlloced = 1;
wolfSSL 15:117db924cf7c 27079 #ifdef HAVE_SESSION_TICKET
wolfSSL 15:117db924cf7c 27080 s->isDynamic = 0;
wolfSSL 15:117db924cf7c 27081 #endif
wolfSSL 15:117db924cf7c 27082 }
wolfSSL 15:117db924cf7c 27083
wolfSSL 15:117db924cf7c 27084 idx = 0;
wolfSSL 15:117db924cf7c 27085 data = (byte*)*p;
wolfSSL 15:117db924cf7c 27086
wolfSSL 15:117db924cf7c 27087 /* bornOn | timeout | sessionID len */
wolfSSL 15:117db924cf7c 27088 if (i < OPAQUE32_LEN + OPAQUE32_LEN + OPAQUE8_LEN) {
wolfSSL 15:117db924cf7c 27089 ret = BUFFER_ERROR;
wolfSSL 15:117db924cf7c 27090 goto end;
wolfSSL 15:117db924cf7c 27091 }
wolfSSL 15:117db924cf7c 27092 ato32(data + idx, &s->bornOn); idx += OPAQUE32_LEN;
wolfSSL 15:117db924cf7c 27093 ato32(data + idx, &s->timeout); idx += OPAQUE32_LEN;
wolfSSL 15:117db924cf7c 27094 s->sessionIDSz = data[idx++];
wolfSSL 15:117db924cf7c 27095
wolfSSL 15:117db924cf7c 27096 /* sessionID | secret | haveEMS */
wolfSSL 15:117db924cf7c 27097 if (i - idx < s->sessionIDSz + SECRET_LEN + OPAQUE8_LEN) {
wolfSSL 15:117db924cf7c 27098 ret = BUFFER_ERROR;
wolfSSL 15:117db924cf7c 27099 goto end;
wolfSSL 15:117db924cf7c 27100 }
wolfSSL 15:117db924cf7c 27101 XMEMCPY(s->sessionID, data + idx, s->sessionIDSz);
wolfSSL 15:117db924cf7c 27102 idx += s->sessionIDSz;
wolfSSL 15:117db924cf7c 27103 XMEMCPY(s->masterSecret, data + idx, SECRET_LEN); idx += SECRET_LEN;
wolfSSL 15:117db924cf7c 27104 s->haveEMS = data[idx++];
wolfSSL 15:117db924cf7c 27105
wolfSSL 15:117db924cf7c 27106 #ifdef SESSION_CERTS
wolfSSL 15:117db924cf7c 27107 /* Certificate chain */
wolfSSL 15:117db924cf7c 27108 if (i - idx == 0) {
wolfSSL 15:117db924cf7c 27109 ret = BUFFER_ERROR;
wolfSSL 15:117db924cf7c 27110 goto end;
wolfSSL 15:117db924cf7c 27111 }
wolfSSL 15:117db924cf7c 27112 s->chain.count = data[idx++];
wolfSSL 15:117db924cf7c 27113 for (j = 0; j < s->chain.count; j++) {
wolfSSL 15:117db924cf7c 27114 if (i - idx < OPAQUE16_LEN) {
wolfSSL 15:117db924cf7c 27115 ret = BUFFER_ERROR;
wolfSSL 15:117db924cf7c 27116 goto end;
wolfSSL 15:117db924cf7c 27117 }
wolfSSL 15:117db924cf7c 27118 ato16(data + idx, &length); idx += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 27119 s->chain.certs[j].length = length;
wolfSSL 15:117db924cf7c 27120 if (i - idx < length) {
wolfSSL 15:117db924cf7c 27121 ret = BUFFER_ERROR;
wolfSSL 15:117db924cf7c 27122 goto end;
wolfSSL 15:117db924cf7c 27123 }
wolfSSL 15:117db924cf7c 27124 XMEMCPY(s->chain.certs[j].buffer, data + idx, length);
wolfSSL 15:117db924cf7c 27125 idx += length;
wolfSSL 15:117db924cf7c 27126 }
wolfSSL 16:8e0d178b1d1e 27127 #endif
wolfSSL 16:8e0d178b1d1e 27128 #if defined(SESSION_CERTS) || (defined(WOLFSSL_TLS13) && \
wolfSSL 16:8e0d178b1d1e 27129 defined(HAVE_SESSION_TICKET))
wolfSSL 16:8e0d178b1d1e 27130 /* Protocol Version */
wolfSSL 16:8e0d178b1d1e 27131 if (i - idx < OPAQUE16_LEN) {
wolfSSL 15:117db924cf7c 27132 ret = BUFFER_ERROR;
wolfSSL 15:117db924cf7c 27133 goto end;
wolfSSL 15:117db924cf7c 27134 }
wolfSSL 15:117db924cf7c 27135 s->version.major = data[idx++];
wolfSSL 15:117db924cf7c 27136 s->version.minor = data[idx++];
wolfSSL 16:8e0d178b1d1e 27137 #endif
wolfSSL 16:8e0d178b1d1e 27138 #if defined(SESSION_CERTS) || !defined(NO_RESUME_SUITE_CHECK) || \
wolfSSL 16:8e0d178b1d1e 27139 (defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET))
wolfSSL 16:8e0d178b1d1e 27140 /* Cipher suite */
wolfSSL 16:8e0d178b1d1e 27141 if (i - idx < OPAQUE16_LEN) {
wolfSSL 16:8e0d178b1d1e 27142 ret = BUFFER_ERROR;
wolfSSL 16:8e0d178b1d1e 27143 goto end;
wolfSSL 16:8e0d178b1d1e 27144 }
wolfSSL 15:117db924cf7c 27145 s->cipherSuite0 = data[idx++];
wolfSSL 15:117db924cf7c 27146 s->cipherSuite = data[idx++];
wolfSSL 15:117db924cf7c 27147 #endif
wolfSSL 15:117db924cf7c 27148 #ifndef NO_CLIENT_CACHE
wolfSSL 15:117db924cf7c 27149 /* ServerID len */
wolfSSL 15:117db924cf7c 27150 if (i - idx < OPAQUE16_LEN) {
wolfSSL 15:117db924cf7c 27151 ret = BUFFER_ERROR;
wolfSSL 15:117db924cf7c 27152 goto end;
wolfSSL 15:117db924cf7c 27153 }
wolfSSL 15:117db924cf7c 27154 ato16(data + idx, &s->idLen); idx += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 27155
wolfSSL 15:117db924cf7c 27156 /* ServerID */
wolfSSL 15:117db924cf7c 27157 if (i - idx < s->idLen) {
wolfSSL 15:117db924cf7c 27158 ret = BUFFER_ERROR;
wolfSSL 15:117db924cf7c 27159 goto end;
wolfSSL 15:117db924cf7c 27160 }
wolfSSL 15:117db924cf7c 27161 XMEMCPY(s->serverID, data + idx, s->idLen); idx += s->idLen;
wolfSSL 15:117db924cf7c 27162 #endif
wolfSSL 16:8e0d178b1d1e 27163 #ifdef OPENSSL_EXTRA
wolfSSL 16:8e0d178b1d1e 27164 /* byte for length of session context ID */
wolfSSL 16:8e0d178b1d1e 27165 if (i - idx < OPAQUE8_LEN) {
wolfSSL 16:8e0d178b1d1e 27166 ret = BUFFER_ERROR;
wolfSSL 16:8e0d178b1d1e 27167 goto end;
wolfSSL 16:8e0d178b1d1e 27168 }
wolfSSL 16:8e0d178b1d1e 27169 s->sessionCtxSz = data[idx++];
wolfSSL 16:8e0d178b1d1e 27170
wolfSSL 16:8e0d178b1d1e 27171 /* app session context ID */
wolfSSL 16:8e0d178b1d1e 27172 if (i - idx < s->sessionCtxSz) {
wolfSSL 16:8e0d178b1d1e 27173 ret = BUFFER_ERROR;
wolfSSL 16:8e0d178b1d1e 27174 goto end;
wolfSSL 16:8e0d178b1d1e 27175 }
wolfSSL 16:8e0d178b1d1e 27176 XMEMCPY(s->sessionCtx, data + idx, s->sessionCtxSz); idx += s->sessionCtxSz;
wolfSSL 16:8e0d178b1d1e 27177 #endif
wolfSSL 16:8e0d178b1d1e 27178 #ifdef WOLFSSL_TLS13
wolfSSL 16:8e0d178b1d1e 27179 if (i - idx < OPAQUE16_LEN) {
wolfSSL 16:8e0d178b1d1e 27180 ret = BUFFER_ERROR;
wolfSSL 16:8e0d178b1d1e 27181 goto end;
wolfSSL 16:8e0d178b1d1e 27182 }
wolfSSL 16:8e0d178b1d1e 27183 ato16(data + idx, &s->namedGroup);
wolfSSL 16:8e0d178b1d1e 27184 idx += OPAQUE16_LEN;
wolfSSL 16:8e0d178b1d1e 27185 #endif
wolfSSL 16:8e0d178b1d1e 27186 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
wolfSSL 16:8e0d178b1d1e 27187 #ifdef WOLFSSL_TLS13
wolfSSL 16:8e0d178b1d1e 27188 if (i - idx < (OPAQUE32_LEN * 2)) {
wolfSSL 16:8e0d178b1d1e 27189 ret = BUFFER_ERROR;
wolfSSL 16:8e0d178b1d1e 27190 goto end;
wolfSSL 16:8e0d178b1d1e 27191 }
wolfSSL 16:8e0d178b1d1e 27192 ato32(data + idx, &s->ticketSeen);
wolfSSL 16:8e0d178b1d1e 27193 idx += OPAQUE32_LEN;
wolfSSL 16:8e0d178b1d1e 27194 ato32(data + idx, &s->ticketAdd);
wolfSSL 16:8e0d178b1d1e 27195 idx += OPAQUE32_LEN;
wolfSSL 16:8e0d178b1d1e 27196 #ifndef WOLFSSL_TLS13_DRAFT_18
wolfSSL 16:8e0d178b1d1e 27197 if (i - idx < OPAQUE8_LEN) {
wolfSSL 16:8e0d178b1d1e 27198 ret = BUFFER_ERROR;
wolfSSL 16:8e0d178b1d1e 27199 goto end;
wolfSSL 16:8e0d178b1d1e 27200 }
wolfSSL 16:8e0d178b1d1e 27201 s->ticketNonce.len = data[idx++];
wolfSSL 16:8e0d178b1d1e 27202
wolfSSL 16:8e0d178b1d1e 27203 if (i - idx < s->ticketNonce.len) {
wolfSSL 16:8e0d178b1d1e 27204 ret = BUFFER_ERROR;
wolfSSL 16:8e0d178b1d1e 27205 goto end;
wolfSSL 16:8e0d178b1d1e 27206 }
wolfSSL 16:8e0d178b1d1e 27207 XMEMCPY(s->ticketNonce.data, data + idx, s->ticketNonce.len);
wolfSSL 16:8e0d178b1d1e 27208 idx += s->ticketNonce.len;
wolfSSL 16:8e0d178b1d1e 27209 #endif
wolfSSL 16:8e0d178b1d1e 27210 #endif
wolfSSL 16:8e0d178b1d1e 27211 #ifdef WOLFSSL_EARLY_DATA
wolfSSL 16:8e0d178b1d1e 27212 if (i - idx < OPAQUE32_LEN) {
wolfSSL 16:8e0d178b1d1e 27213 ret = BUFFER_ERROR;
wolfSSL 16:8e0d178b1d1e 27214 goto end;
wolfSSL 16:8e0d178b1d1e 27215 }
wolfSSL 16:8e0d178b1d1e 27216 ato32(data + idx, &s->maxEarlyDataSz);
wolfSSL 16:8e0d178b1d1e 27217 idx += OPAQUE32_LEN;
wolfSSL 16:8e0d178b1d1e 27218 #endif
wolfSSL 16:8e0d178b1d1e 27219 #endif
wolfSSL 15:117db924cf7c 27220 #ifdef HAVE_SESSION_TICKET
wolfSSL 15:117db924cf7c 27221 /* ticket len */
wolfSSL 15:117db924cf7c 27222 if (i - idx < OPAQUE16_LEN) {
wolfSSL 15:117db924cf7c 27223 ret = BUFFER_ERROR;
wolfSSL 15:117db924cf7c 27224 goto end;
wolfSSL 15:117db924cf7c 27225 }
wolfSSL 15:117db924cf7c 27226 ato16(data + idx, &s->ticketLen); idx += OPAQUE16_LEN;
wolfSSL 15:117db924cf7c 27227
wolfSSL 15:117db924cf7c 27228 /* Dispose of ol dynamic ticket and ensure space for new ticket. */
wolfSSL 15:117db924cf7c 27229 if (s->isDynamic)
wolfSSL 15:117db924cf7c 27230 XFREE(s->ticket, NULL, DYNAMIC_TYPE_SESSION_TICK);
wolfSSL 15:117db924cf7c 27231 if (s->ticketLen <= SESSION_TICKET_LEN)
wolfSSL 15:117db924cf7c 27232 s->ticket = s->staticTicket;
wolfSSL 15:117db924cf7c 27233 else {
wolfSSL 15:117db924cf7c 27234 s->ticket = (byte*)XMALLOC(s->ticketLen, NULL,
wolfSSL 15:117db924cf7c 27235 DYNAMIC_TYPE_SESSION_TICK);
wolfSSL 15:117db924cf7c 27236 if (s->ticket == NULL) {
wolfSSL 15:117db924cf7c 27237 ret = MEMORY_ERROR;
wolfSSL 15:117db924cf7c 27238 goto end;
wolfSSL 15:117db924cf7c 27239 }
wolfSSL 15:117db924cf7c 27240 s->isDynamic = 1;
wolfSSL 15:117db924cf7c 27241 }
wolfSSL 15:117db924cf7c 27242
wolfSSL 15:117db924cf7c 27243 /* ticket */
wolfSSL 15:117db924cf7c 27244 if (i - idx < s->ticketLen) {
wolfSSL 15:117db924cf7c 27245 ret = BUFFER_ERROR;
wolfSSL 15:117db924cf7c 27246 goto end;
wolfSSL 15:117db924cf7c 27247 }
wolfSSL 15:117db924cf7c 27248 XMEMCPY(s->ticket, data + idx, s->ticketLen); idx += s->ticketLen;
wolfSSL 15:117db924cf7c 27249 #endif
wolfSSL 15:117db924cf7c 27250 (void)idx;
wolfSSL 15:117db924cf7c 27251
wolfSSL 15:117db924cf7c 27252 if (sess != NULL)
wolfSSL 15:117db924cf7c 27253 *sess = s;
wolfSSL 15:117db924cf7c 27254
wolfSSL 15:117db924cf7c 27255 *p += idx;
wolfSSL 15:117db924cf7c 27256
wolfSSL 15:117db924cf7c 27257 end:
wolfSSL 15:117db924cf7c 27258 if (ret != 0 && (sess == NULL || *sess != s))
wolfSSL 15:117db924cf7c 27259 wolfSSL_SESSION_free(s);
wolfSSL 15:117db924cf7c 27260 #endif
wolfSSL 15:117db924cf7c 27261 return s;
wolfSSL 15:117db924cf7c 27262 }
wolfSSL 15:117db924cf7c 27263
wolfSSL 15:117db924cf7c 27264
wolfSSL 15:117db924cf7c 27265 long wolfSSL_SESSION_get_timeout(const WOLFSSL_SESSION* sess)
wolfSSL 15:117db924cf7c 27266 {
wolfSSL 16:8e0d178b1d1e 27267 long timeout = 0;
wolfSSL 15:117db924cf7c 27268 WOLFSSL_ENTER("wolfSSL_SESSION_get_timeout");
wolfSSL 16:8e0d178b1d1e 27269 if (sess)
wolfSSL 16:8e0d178b1d1e 27270 timeout = sess->timeout;
wolfSSL 16:8e0d178b1d1e 27271 return timeout;
wolfSSL 15:117db924cf7c 27272 }
wolfSSL 15:117db924cf7c 27273
wolfSSL 15:117db924cf7c 27274
wolfSSL 15:117db924cf7c 27275 long wolfSSL_SESSION_get_time(const WOLFSSL_SESSION* sess)
wolfSSL 15:117db924cf7c 27276 {
wolfSSL 16:8e0d178b1d1e 27277 long bornOn = 0;
wolfSSL 15:117db924cf7c 27278 WOLFSSL_ENTER("wolfSSL_SESSION_get_time");
wolfSSL 16:8e0d178b1d1e 27279 if (sess)
wolfSSL 16:8e0d178b1d1e 27280 bornOn = sess->bornOn;
wolfSSL 16:8e0d178b1d1e 27281 return bornOn;
wolfSSL 15:117db924cf7c 27282 }
wolfSSL 15:117db924cf7c 27283
wolfSSL 15:117db924cf7c 27284
wolfSSL 15:117db924cf7c 27285 #endif /* OPENSSL_EXTRA */
wolfSSL 15:117db924cf7c 27286
wolfSSL 15:117db924cf7c 27287
wolfSSL 15:117db924cf7c 27288 #ifdef KEEP_PEER_CERT
wolfSSL 15:117db924cf7c 27289 char* wolfSSL_X509_get_subjectCN(WOLFSSL_X509* x509)
wolfSSL 15:117db924cf7c 27290 {
wolfSSL 15:117db924cf7c 27291 if (x509 == NULL)
wolfSSL 15:117db924cf7c 27292 return NULL;
wolfSSL 15:117db924cf7c 27293
wolfSSL 15:117db924cf7c 27294 return x509->subjectCN;
wolfSSL 15:117db924cf7c 27295 }
wolfSSL 15:117db924cf7c 27296 #endif /* KEEP_PEER_CERT */
wolfSSL 15:117db924cf7c 27297
wolfSSL 15:117db924cf7c 27298 #ifdef OPENSSL_EXTRA
wolfSSL 15:117db924cf7c 27299
wolfSSL 15:117db924cf7c 27300 #if defined(FORTRESS) && !defined(NO_FILESYSTEM)
wolfSSL 15:117db924cf7c 27301 int wolfSSL_cmp_peer_cert_to_file(WOLFSSL* ssl, const char *fname)
wolfSSL 15:117db924cf7c 27302 {
wolfSSL 15:117db924cf7c 27303 int ret = WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 27304
wolfSSL 15:117db924cf7c 27305 WOLFSSL_ENTER("wolfSSL_cmp_peer_cert_to_file");
wolfSSL 15:117db924cf7c 27306 if (ssl != NULL && fname != NULL)
wolfSSL 15:117db924cf7c 27307 {
wolfSSL 15:117db924cf7c 27308 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 27309 byte staticBuffer[1]; /* force heap usage */
wolfSSL 15:117db924cf7c 27310 #else
wolfSSL 15:117db924cf7c 27311 byte staticBuffer[FILE_BUFFER_SIZE];
wolfSSL 15:117db924cf7c 27312 #endif
wolfSSL 15:117db924cf7c 27313 byte* myBuffer = staticBuffer;
wolfSSL 15:117db924cf7c 27314 int dynamic = 0;
wolfSSL 16:8e0d178b1d1e 27315 XFILE file;
wolfSSL 16:8e0d178b1d1e 27316 long sz = 0;
wolfSSL 15:117db924cf7c 27317 WOLFSSL_CTX* ctx = ssl->ctx;
wolfSSL 15:117db924cf7c 27318 WOLFSSL_X509* peer_cert = &ssl->peerCert;
wolfSSL 15:117db924cf7c 27319 DerBuffer* fileDer = NULL;
wolfSSL 15:117db924cf7c 27320
wolfSSL 15:117db924cf7c 27321 file = XFOPEN(fname, "rb");
wolfSSL 15:117db924cf7c 27322 if (file == XBADFILE)
wolfSSL 15:117db924cf7c 27323 return WOLFSSL_BAD_FILE;
wolfSSL 15:117db924cf7c 27324
wolfSSL 16:8e0d178b1d1e 27325 if (XFSEEK(file, 0, XSEEK_END) != 0) {
wolfSSL 16:8e0d178b1d1e 27326 XFCLOSE(file);
wolfSSL 16:8e0d178b1d1e 27327 return WOLFSSL_BAD_FILE;
wolfSSL 16:8e0d178b1d1e 27328 }
wolfSSL 15:117db924cf7c 27329 sz = XFTELL(file);
wolfSSL 15:117db924cf7c 27330 XREWIND(file);
wolfSSL 15:117db924cf7c 27331
wolfSSL 16:8e0d178b1d1e 27332 if (sz > MAX_WOLFSSL_FILE_SIZE || sz < 0) {
wolfSSL 16:8e0d178b1d1e 27333 WOLFSSL_MSG("cmp_peer_cert_to_file size error");
wolfSSL 16:8e0d178b1d1e 27334 XFCLOSE(file);
wolfSSL 16:8e0d178b1d1e 27335 return WOLFSSL_BAD_FILE;
wolfSSL 16:8e0d178b1d1e 27336 }
wolfSSL 16:8e0d178b1d1e 27337
wolfSSL 15:117db924cf7c 27338 if (sz > (long)sizeof(staticBuffer)) {
wolfSSL 15:117db924cf7c 27339 WOLFSSL_MSG("Getting dynamic buffer");
wolfSSL 15:117db924cf7c 27340 myBuffer = (byte*)XMALLOC(sz, ctx->heap, DYNAMIC_TYPE_FILE);
wolfSSL 15:117db924cf7c 27341 dynamic = 1;
wolfSSL 15:117db924cf7c 27342 }
wolfSSL 15:117db924cf7c 27343
wolfSSL 15:117db924cf7c 27344 if ((myBuffer != NULL) &&
wolfSSL 15:117db924cf7c 27345 (sz > 0) &&
wolfSSL 16:8e0d178b1d1e 27346 (XFREAD(myBuffer, 1, sz, file) == (size_t)sz) &&
wolfSSL 15:117db924cf7c 27347 (PemToDer(myBuffer, (long)sz, CERT_TYPE,
wolfSSL 15:117db924cf7c 27348 &fileDer, ctx->heap, NULL, NULL) == 0) &&
wolfSSL 15:117db924cf7c 27349 (fileDer->length != 0) &&
wolfSSL 15:117db924cf7c 27350 (fileDer->length == peer_cert->derCert->length) &&
wolfSSL 15:117db924cf7c 27351 (XMEMCMP(peer_cert->derCert->buffer, fileDer->buffer,
wolfSSL 15:117db924cf7c 27352 fileDer->length) == 0))
wolfSSL 15:117db924cf7c 27353 {
wolfSSL 15:117db924cf7c 27354 ret = 0;
wolfSSL 15:117db924cf7c 27355 }
wolfSSL 15:117db924cf7c 27356
wolfSSL 15:117db924cf7c 27357 FreeDer(&fileDer);
wolfSSL 15:117db924cf7c 27358
wolfSSL 15:117db924cf7c 27359 if (dynamic)
wolfSSL 15:117db924cf7c 27360 XFREE(myBuffer, ctx->heap, DYNAMIC_TYPE_FILE);
wolfSSL 15:117db924cf7c 27361
wolfSSL 15:117db924cf7c 27362 XFCLOSE(file);
wolfSSL 15:117db924cf7c 27363 }
wolfSSL 15:117db924cf7c 27364
wolfSSL 15:117db924cf7c 27365 return ret;
wolfSSL 15:117db924cf7c 27366 }
wolfSSL 15:117db924cf7c 27367 #endif
wolfSSL 15:117db924cf7c 27368 #endif /* OPENSSL_EXTRA */
wolfSSL 16:8e0d178b1d1e 27369 #endif /* !WOLFCRYPT_ONLY */
wolfSSL 16:8e0d178b1d1e 27370 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
wolfSSL 16:8e0d178b1d1e 27371 const WOLFSSL_ObjectInfo wolfssl_object_info[] = {
wolfSSL 16:8e0d178b1d1e 27372 #ifndef NO_CERTS
wolfSSL 16:8e0d178b1d1e 27373 /* oidCertExtType */
wolfSSL 16:8e0d178b1d1e 27374 { NID_basic_constraints, BASIC_CA_OID, oidCertExtType, "basicConstraints",
wolfSSL 16:8e0d178b1d1e 27375 "X509v3 Basic Constraints"},
wolfSSL 16:8e0d178b1d1e 27376 { NID_subject_alt_name, ALT_NAMES_OID, oidCertExtType, "subjectAltName",
wolfSSL 16:8e0d178b1d1e 27377 "X509v3 Subject Alternative Name"},
wolfSSL 16:8e0d178b1d1e 27378 { CRL_DIST_OID, CRL_DIST_OID, oidCertExtType, "crlDistributionPoints",
wolfSSL 16:8e0d178b1d1e 27379 "X509v3 CRL Distribution Points"},
wolfSSL 16:8e0d178b1d1e 27380 { NID_info_access, AUTH_INFO_OID, oidCertExtType, "authorityInfoAccess",
wolfSSL 16:8e0d178b1d1e 27381 "Authority Information Access"},
wolfSSL 16:8e0d178b1d1e 27382 { NID_authority_key_identifier, AUTH_KEY_OID, oidCertExtType,
wolfSSL 16:8e0d178b1d1e 27383 "authorityKeyIdentifier", "X509v3 Authority Key Identifier"},
wolfSSL 16:8e0d178b1d1e 27384 { NID_subject_key_identifier, SUBJ_KEY_OID, oidCertExtType,
wolfSSL 16:8e0d178b1d1e 27385 "subjectKeyIdentifier", "X509v3 Subject Key Identifier"},
wolfSSL 16:8e0d178b1d1e 27386 { NID_key_usage, KEY_USAGE_OID, oidCertExtType, "keyUsage",
wolfSSL 16:8e0d178b1d1e 27387 "X509v3 Key Usage"},
wolfSSL 16:8e0d178b1d1e 27388 { NID_inhibit_any_policy, INHIBIT_ANY_OID, oidCertExtType,
wolfSSL 16:8e0d178b1d1e 27389 "inhibitAnyPolicy", "X509v3 Inhibit Any Policy"},
wolfSSL 16:8e0d178b1d1e 27390 { NID_ext_key_usage, KEY_USAGE_OID, oidCertExtType,
wolfSSL 16:8e0d178b1d1e 27391 "extendedKeyUsage", "X509v3 Extended Key Usage"},
wolfSSL 16:8e0d178b1d1e 27392 { NID_name_constraints, NAME_CONS_OID, oidCertExtType,
wolfSSL 16:8e0d178b1d1e 27393 "nameConstraints", "X509v3 Name Constraints"},
wolfSSL 16:8e0d178b1d1e 27394 { NID_certificate_policies, CERT_POLICY_OID, oidCertExtType,
wolfSSL 16:8e0d178b1d1e 27395 "certificatePolicies", "X509v3 Certificate Policies"},
wolfSSL 16:8e0d178b1d1e 27396
wolfSSL 16:8e0d178b1d1e 27397 /* oidCertAuthInfoType */
wolfSSL 16:8e0d178b1d1e 27398 { AIA_OCSP_OID, AIA_OCSP_OID, oidCertAuthInfoType, "authorityInfoAccess",
wolfSSL 16:8e0d178b1d1e 27399 "Authority Information Access"},
wolfSSL 16:8e0d178b1d1e 27400 { AIA_CA_ISSUER_OID, AIA_CA_ISSUER_OID, oidCertAuthInfoType,
wolfSSL 16:8e0d178b1d1e 27401 "caIssuers", "CA Issuers"},
wolfSSL 16:8e0d178b1d1e 27402
wolfSSL 16:8e0d178b1d1e 27403 /* oidCertPolicyType */
wolfSSL 16:8e0d178b1d1e 27404 { NID_any_policy, CP_ANY_OID, oidCertPolicyType, "anyPolicy",
wolfSSL 16:8e0d178b1d1e 27405 "X509v3 Any Policy"},
wolfSSL 16:8e0d178b1d1e 27406
wolfSSL 16:8e0d178b1d1e 27407 /* oidCertAltNameType */
wolfSSL 16:8e0d178b1d1e 27408 { NID_hw_name_oid, HW_NAME_OID, oidCertAltNameType, "Hardware name",""},
wolfSSL 16:8e0d178b1d1e 27409
wolfSSL 16:8e0d178b1d1e 27410 /* oidCertKeyUseType */
wolfSSL 16:8e0d178b1d1e 27411 { NID_anyExtendedKeyUsage, EKU_ANY_OID, oidCertKeyUseType,
wolfSSL 16:8e0d178b1d1e 27412 "anyExtendedKeyUsage", "Any Extended Key Usage"},
wolfSSL 16:8e0d178b1d1e 27413 { EKU_SERVER_AUTH_OID, EKU_SERVER_AUTH_OID, oidCertKeyUseType,
wolfSSL 16:8e0d178b1d1e 27414 "serverAuth", "TLS Web Server Authentication"},
wolfSSL 16:8e0d178b1d1e 27415 { EKU_CLIENT_AUTH_OID, EKU_CLIENT_AUTH_OID, oidCertKeyUseType,
wolfSSL 16:8e0d178b1d1e 27416 "clientAuth", "TLS Web Client Authentication"},
wolfSSL 16:8e0d178b1d1e 27417 { EKU_OCSP_SIGN_OID, EKU_OCSP_SIGN_OID, oidCertKeyUseType,
wolfSSL 16:8e0d178b1d1e 27418 "OCSPSigning", "OCSP Signing"},
wolfSSL 16:8e0d178b1d1e 27419
wolfSSL 16:8e0d178b1d1e 27420 /* oidCertNameType */
wolfSSL 16:8e0d178b1d1e 27421 { NID_commonName, NID_commonName, oidCertNameType, "CN", "commonName"},
wolfSSL 16:8e0d178b1d1e 27422 { NID_surname, NID_surname, oidCertNameType, "SN", "surname"},
wolfSSL 16:8e0d178b1d1e 27423 { NID_serialNumber, NID_serialNumber, oidCertNameType, "serialNumber",
wolfSSL 16:8e0d178b1d1e 27424 "serialNumber"},
wolfSSL 16:8e0d178b1d1e 27425 { NID_countryName, NID_countryName, oidCertNameType, "C", "countryName"},
wolfSSL 16:8e0d178b1d1e 27426 { NID_localityName, NID_localityName, oidCertNameType, "L", "localityName"},
wolfSSL 16:8e0d178b1d1e 27427 { NID_stateOrProvinceName, NID_stateOrProvinceName, oidCertNameType, "ST",
wolfSSL 16:8e0d178b1d1e 27428 "stateOrProvinceName"},
wolfSSL 16:8e0d178b1d1e 27429 { NID_organizationName, NID_organizationName, oidCertNameType, "O",
wolfSSL 16:8e0d178b1d1e 27430 "organizationName"},
wolfSSL 16:8e0d178b1d1e 27431 { NID_organizationalUnitName, NID_organizationalUnitName, oidCertNameType,
wolfSSL 16:8e0d178b1d1e 27432 "OU", "organizationalUnitName"},
wolfSSL 16:8e0d178b1d1e 27433 { NID_emailAddress, NID_emailAddress, oidCertNameType, "emailAddress",
wolfSSL 16:8e0d178b1d1e 27434 "emailAddress"},
wolfSSL 16:8e0d178b1d1e 27435 { NID_domainComponent, NID_domainComponent, oidCertNameType, "DC",
wolfSSL 16:8e0d178b1d1e 27436 "domainComponent"},
wolfSSL 16:8e0d178b1d1e 27437 { NID_businessCategory, NID_businessCategory, oidCertNameType, "businessCategory",
wolfSSL 16:8e0d178b1d1e 27438 "businessCategory"},
wolfSSL 16:8e0d178b1d1e 27439 { NID_jurisdictionCountryName, NID_jurisdictionCountryName, oidCertNameType, "jurisdictionC",
wolfSSL 16:8e0d178b1d1e 27440 "jurisdictionCountryName"},
wolfSSL 16:8e0d178b1d1e 27441 { NID_jurisdictionStateOrProvinceName, NID_jurisdictionStateOrProvinceName,
wolfSSL 16:8e0d178b1d1e 27442 oidCertNameType, "jurisdictionST", "jurisdictionStateOrProvinceName"},
wolfSSL 16:8e0d178b1d1e 27443 #endif
wolfSSL 16:8e0d178b1d1e 27444 #ifdef OPENSSL_EXTRA /* OPENSSL_EXTRA_X509_SMALL only needs the above */
wolfSSL 16:8e0d178b1d1e 27445 /* oidHashType */
wolfSSL 16:8e0d178b1d1e 27446 #ifdef WOLFSSL_MD2
wolfSSL 16:8e0d178b1d1e 27447 { NID_md2, MD2h, oidHashType, "MD2", "md2"},
wolfSSL 16:8e0d178b1d1e 27448 #endif
wolfSSL 16:8e0d178b1d1e 27449 #ifdef WOLFSSL_MD5
wolfSSL 16:8e0d178b1d1e 27450 { NID_md5, MD5h, oidHashType, "MD5", "md5"},
wolfSSL 16:8e0d178b1d1e 27451 #endif
wolfSSL 16:8e0d178b1d1e 27452 #ifndef NO_SHA
wolfSSL 16:8e0d178b1d1e 27453 { NID_sha1, SHAh, oidHashType, "SHA1", "sha1"},
wolfSSL 16:8e0d178b1d1e 27454 #endif
wolfSSL 16:8e0d178b1d1e 27455 #ifdef WOLFSSL_SHA224
wolfSSL 16:8e0d178b1d1e 27456 { NID_sha224, SHA224h, oidHashType, "SHA224", "sha224"},
wolfSSL 16:8e0d178b1d1e 27457 #endif
wolfSSL 16:8e0d178b1d1e 27458 #ifndef NO_SHA256
wolfSSL 16:8e0d178b1d1e 27459 { NID_sha256, SHA256h, oidHashType, "SHA256", "sha256"},
wolfSSL 16:8e0d178b1d1e 27460 #endif
wolfSSL 16:8e0d178b1d1e 27461 #ifdef WOLFSSL_SHA384
wolfSSL 16:8e0d178b1d1e 27462 { NID_sha384, SHA384h, oidHashType, "SHA384", "sha384"},
wolfSSL 16:8e0d178b1d1e 27463 #endif
wolfSSL 16:8e0d178b1d1e 27464 #ifdef WOLFSSL_SHA512
wolfSSL 16:8e0d178b1d1e 27465 { NID_sha512, SHA512h, oidHashType, "SHA512", "sha512"},
wolfSSL 16:8e0d178b1d1e 27466 #endif
wolfSSL 16:8e0d178b1d1e 27467
wolfSSL 16:8e0d178b1d1e 27468 /* oidSigType */
wolfSSL 16:8e0d178b1d1e 27469 #ifndef NO_DSA
wolfSSL 16:8e0d178b1d1e 27470 #ifndef NO_SHA
wolfSSL 16:8e0d178b1d1e 27471 { CTC_SHAwDSA, CTC_SHAwDSA, oidSigType, "DSA-SHA1", "dsaWithSHA1"},
wolfSSL 16:8e0d178b1d1e 27472 #endif
wolfSSL 16:8e0d178b1d1e 27473 #endif /* NO_DSA */
wolfSSL 16:8e0d178b1d1e 27474 #ifndef NO_RSA
wolfSSL 16:8e0d178b1d1e 27475 #ifdef WOLFSSL_MD2
wolfSSL 16:8e0d178b1d1e 27476 { CTC_MD2wRSA, CTC_MD2wRSA, oidSigType, "RSA-MD2",
wolfSSL 16:8e0d178b1d1e 27477 "md2WithRSAEncryption"},
wolfSSL 16:8e0d178b1d1e 27478 #endif
wolfSSL 16:8e0d178b1d1e 27479 #ifndef NO_MD5
wolfSSL 16:8e0d178b1d1e 27480 { CTC_MD5wRSA, CTC_MD5wRSA, oidSigType, "RSA-MD5",
wolfSSL 16:8e0d178b1d1e 27481 "md5WithRSAEncryption"},
wolfSSL 16:8e0d178b1d1e 27482 #endif
wolfSSL 16:8e0d178b1d1e 27483 #ifndef NO_SHA
wolfSSL 16:8e0d178b1d1e 27484 { CTC_SHAwRSA, CTC_SHAwRSA, oidSigType, "RSA-SHA1",
wolfSSL 16:8e0d178b1d1e 27485 "sha1WithRSAEncryption"},
wolfSSL 16:8e0d178b1d1e 27486 #endif
wolfSSL 16:8e0d178b1d1e 27487 #ifdef WOLFSSL_SHA224
wolfSSL 16:8e0d178b1d1e 27488 { CTC_SHA224wRSA, CTC_SHA224wRSA, oidSigType, "RSA-SHA224",
wolfSSL 16:8e0d178b1d1e 27489 "sha224WithRSAEncryption"},
wolfSSL 16:8e0d178b1d1e 27490 #endif
wolfSSL 16:8e0d178b1d1e 27491 #ifndef NO_SHA256
wolfSSL 16:8e0d178b1d1e 27492 { CTC_SHA256wRSA, CTC_SHA256wRSA, oidSigType, "RSA-SHA256",
wolfSSL 16:8e0d178b1d1e 27493 "sha256WithRSAEncryption"},
wolfSSL 16:8e0d178b1d1e 27494 #endif
wolfSSL 16:8e0d178b1d1e 27495 #ifdef WOLFSSL_SHA384
wolfSSL 16:8e0d178b1d1e 27496 { CTC_SHA384wRSA, CTC_SHA384wRSA, oidSigType, "RSA-SHA384",
wolfSSL 16:8e0d178b1d1e 27497 "sha384WithRSAEncryption"},
wolfSSL 16:8e0d178b1d1e 27498 #endif
wolfSSL 16:8e0d178b1d1e 27499 #ifdef WOLFSSL_SHA512
wolfSSL 16:8e0d178b1d1e 27500 { CTC_SHA512wRSA, CTC_SHA512wRSA, oidSigType, "RSA-SHA512",
wolfSSL 16:8e0d178b1d1e 27501 "sha512WithRSAEncryption"},
wolfSSL 16:8e0d178b1d1e 27502 #endif
wolfSSL 16:8e0d178b1d1e 27503 #endif /* NO_RSA */
wolfSSL 16:8e0d178b1d1e 27504 #ifdef HAVE_ECC
wolfSSL 16:8e0d178b1d1e 27505 #ifndef NO_SHA
wolfSSL 16:8e0d178b1d1e 27506 { CTC_SHAwECDSA, CTC_SHAwECDSA, oidSigType, "ecdsa-with-SHA1", "shaWithECDSA"},
wolfSSL 16:8e0d178b1d1e 27507 #endif
wolfSSL 16:8e0d178b1d1e 27508 #ifdef WOLFSSL_SHA224
wolfSSL 16:8e0d178b1d1e 27509 { CTC_SHA224wECDSA, CTC_SHA224wECDSA, oidSigType, "ecdsa-with-SHA224","sha224WithECDSA"},
wolfSSL 16:8e0d178b1d1e 27510 #endif
wolfSSL 16:8e0d178b1d1e 27511 #ifndef NO_SHA256
wolfSSL 16:8e0d178b1d1e 27512 { CTC_SHA256wECDSA, CTC_SHA256wECDSA, oidSigType, "ecdsa-with-SHA256","sha256WithECDSA"},
wolfSSL 16:8e0d178b1d1e 27513 #endif
wolfSSL 16:8e0d178b1d1e 27514 #ifdef WOLFSSL_SHA384
wolfSSL 16:8e0d178b1d1e 27515 { CTC_SHA384wECDSA, CTC_SHA384wECDSA, oidSigType, "ecdsa-with-SHA384","sha384WithECDSA"},
wolfSSL 16:8e0d178b1d1e 27516 #endif
wolfSSL 16:8e0d178b1d1e 27517 #ifdef WOLFSSL_SHA512
wolfSSL 16:8e0d178b1d1e 27518 { CTC_SHA512wECDSA, CTC_SHA512wECDSA, oidSigType, "ecdsa-with-SHA512","sha512WithECDSA"},
wolfSSL 16:8e0d178b1d1e 27519 #endif
wolfSSL 16:8e0d178b1d1e 27520 #endif /* HAVE_ECC */
wolfSSL 16:8e0d178b1d1e 27521
wolfSSL 16:8e0d178b1d1e 27522 /* oidKeyType */
wolfSSL 16:8e0d178b1d1e 27523 #ifndef NO_DSA
wolfSSL 16:8e0d178b1d1e 27524 { DSAk, DSAk, oidKeyType, "DSA", "dsaEncryption"},
wolfSSL 16:8e0d178b1d1e 27525 { NID_dsa, DSAk, oidKeyType, "DSA", "dsaEncryption"},
wolfSSL 16:8e0d178b1d1e 27526 #endif /* NO_DSA */
wolfSSL 16:8e0d178b1d1e 27527 #ifndef NO_RSA
wolfSSL 16:8e0d178b1d1e 27528 { RSAk, RSAk, oidKeyType, "RSA", "rsaEncryption"},
wolfSSL 16:8e0d178b1d1e 27529 { NID_rsaEncryption, RSAk, oidKeyType, "RSA", "rsaEncryption"},
wolfSSL 16:8e0d178b1d1e 27530 #endif /* NO_RSA */
wolfSSL 16:8e0d178b1d1e 27531 #ifdef HAVE_NTRU
wolfSSL 16:8e0d178b1d1e 27532 { NTRUk, NTRUk, oidKeyType, "NTRU", "ntruEncryption"},
wolfSSL 16:8e0d178b1d1e 27533 #endif /* HAVE_NTRU */
wolfSSL 16:8e0d178b1d1e 27534 #ifdef HAVE_ECC
wolfSSL 16:8e0d178b1d1e 27535 { ECDSAk, ECDSAk, oidKeyType, "ECDSA", "ecdsaEncryption"},
wolfSSL 16:8e0d178b1d1e 27536 { NID_X9_62_id_ecPublicKey, ECDSAk, oidKeyType, "id-ecPublicKey",
wolfSSL 16:8e0d178b1d1e 27537 "id-ecPublicKey"},
wolfSSL 16:8e0d178b1d1e 27538 #endif /* HAVE_ECC */
wolfSSL 16:8e0d178b1d1e 27539 #ifndef NO_DH
wolfSSL 16:8e0d178b1d1e 27540 { NID_dhKeyAgreement, DHk, oidKeyType, "dhKeyAgreement", "dhKeyAgreement"},
wolfSSL 16:8e0d178b1d1e 27541 #endif
wolfSSL 16:8e0d178b1d1e 27542
wolfSSL 16:8e0d178b1d1e 27543 /* oidCurveType */
wolfSSL 16:8e0d178b1d1e 27544 #ifdef HAVE_ECC
wolfSSL 16:8e0d178b1d1e 27545 { NID_X9_62_prime192v1, ECC_SECP192R1_OID, oidCurveType, "prime192v1", "prime192v1"},
wolfSSL 16:8e0d178b1d1e 27546 { NID_X9_62_prime192v2, ECC_PRIME192V2_OID, oidCurveType, "prime192v2", "prime192v2"},
wolfSSL 16:8e0d178b1d1e 27547 { NID_X9_62_prime192v3, ECC_PRIME192V3_OID, oidCurveType, "prime192v3", "prime192v3"},
wolfSSL 16:8e0d178b1d1e 27548
wolfSSL 16:8e0d178b1d1e 27549 { NID_X9_62_prime239v1, ECC_PRIME239V1_OID, oidCurveType, "prime239v1", "prime239v1"},
wolfSSL 16:8e0d178b1d1e 27550 { NID_X9_62_prime239v2, ECC_PRIME239V2_OID, oidCurveType, "prime239v2", "prime239v2"},
wolfSSL 16:8e0d178b1d1e 27551 { NID_X9_62_prime239v3, ECC_PRIME239V3_OID, oidCurveType, "prime239v3", "prime239v3"},
wolfSSL 16:8e0d178b1d1e 27552
wolfSSL 16:8e0d178b1d1e 27553 { NID_X9_62_prime256v1, ECC_SECP256R1_OID, oidCurveType, "prime256v1", "prime256v1"},
wolfSSL 16:8e0d178b1d1e 27554
wolfSSL 16:8e0d178b1d1e 27555 { NID_secp112r1, ECC_SECP112R1_OID, oidCurveType, "secp112r1", "secp112r1"},
wolfSSL 16:8e0d178b1d1e 27556 { NID_secp112r2, ECC_SECP112R2_OID, oidCurveType, "secp112r2", "secp112r2"},
wolfSSL 16:8e0d178b1d1e 27557
wolfSSL 16:8e0d178b1d1e 27558 { NID_secp128r1, ECC_SECP128R1_OID, oidCurveType, "secp128r1", "secp128r1"},
wolfSSL 16:8e0d178b1d1e 27559 { NID_secp128r2, ECC_SECP128R2_OID, oidCurveType, "secp128r2", "secp128r2"},
wolfSSL 16:8e0d178b1d1e 27560
wolfSSL 16:8e0d178b1d1e 27561 { NID_secp160r1, ECC_SECP160R1_OID, oidCurveType, "secp160r1", "secp160r1"},
wolfSSL 16:8e0d178b1d1e 27562 { NID_secp160r2, ECC_SECP160R2_OID, oidCurveType, "secp160r2", "secp160r2"},
wolfSSL 16:8e0d178b1d1e 27563
wolfSSL 16:8e0d178b1d1e 27564 { NID_secp224r1, ECC_SECP224R1_OID, oidCurveType, "secp224r1", "secp224r1"},
wolfSSL 16:8e0d178b1d1e 27565 { NID_secp384r1, ECC_SECP384R1_OID, oidCurveType, "secp384r1", "secp384r1"},
wolfSSL 16:8e0d178b1d1e 27566 { NID_secp521r1, ECC_SECP521R1_OID, oidCurveType, "secp521r1", "secp521r1"},
wolfSSL 16:8e0d178b1d1e 27567
wolfSSL 16:8e0d178b1d1e 27568 { NID_secp160k1, ECC_SECP160K1_OID, oidCurveType, "secp160k1", "secp160k1"},
wolfSSL 16:8e0d178b1d1e 27569 { NID_secp192k1, ECC_SECP192K1_OID, oidCurveType, "secp192k1", "secp192k1"},
wolfSSL 16:8e0d178b1d1e 27570 { NID_secp224k1, ECC_SECP224K1_OID, oidCurveType, "secp224k1", "secp224k1"},
wolfSSL 16:8e0d178b1d1e 27571 { NID_secp256k1, ECC_SECP256K1_OID, oidCurveType, "secp256k1", "secp256k1"},
wolfSSL 16:8e0d178b1d1e 27572
wolfSSL 16:8e0d178b1d1e 27573 { NID_brainpoolP160r1, ECC_BRAINPOOLP160R1_OID, oidCurveType, "brainpoolP160r1", "brainpoolP160r1"},
wolfSSL 16:8e0d178b1d1e 27574 { NID_brainpoolP192r1, ECC_BRAINPOOLP192R1_OID, oidCurveType, "brainpoolP192r1", "brainpoolP192r1"},
wolfSSL 16:8e0d178b1d1e 27575 { NID_brainpoolP224r1, ECC_BRAINPOOLP224R1_OID, oidCurveType, "brainpoolP224r1", "brainpoolP224r1"},
wolfSSL 16:8e0d178b1d1e 27576 { NID_brainpoolP256r1, ECC_BRAINPOOLP256R1_OID, oidCurveType, "brainpoolP256r1", "brainpoolP256r1"},
wolfSSL 16:8e0d178b1d1e 27577 { NID_brainpoolP320r1, ECC_BRAINPOOLP320R1_OID, oidCurveType, "brainpoolP320r1", "brainpoolP320r1"},
wolfSSL 16:8e0d178b1d1e 27578 { NID_brainpoolP384r1, ECC_BRAINPOOLP384R1_OID, oidCurveType, "brainpoolP384r1", "brainpoolP384r1"},
wolfSSL 16:8e0d178b1d1e 27579 { NID_brainpoolP512r1, ECC_BRAINPOOLP512R1_OID, oidCurveType, "brainpoolP512r1", "brainpoolP512r1"},
wolfSSL 16:8e0d178b1d1e 27580 #endif /* HAVE_ECC */
wolfSSL 16:8e0d178b1d1e 27581
wolfSSL 16:8e0d178b1d1e 27582 /* oidBlkType */
wolfSSL 16:8e0d178b1d1e 27583 #ifdef WOLFSSL_AES_128
wolfSSL 16:8e0d178b1d1e 27584 { AES128CBCb, AES128CBCb, oidBlkType, "AES-128-CBC", "aes-128-cbc"},
wolfSSL 16:8e0d178b1d1e 27585 #endif
wolfSSL 16:8e0d178b1d1e 27586 #ifdef WOLFSSL_AES_192
wolfSSL 16:8e0d178b1d1e 27587 { AES192CBCb, AES192CBCb, oidBlkType, "AES-192-CBC", "aes-192-cbc"},
wolfSSL 16:8e0d178b1d1e 27588 #endif
wolfSSL 16:8e0d178b1d1e 27589 #ifdef WOLFSSL_AES_256
wolfSSL 16:8e0d178b1d1e 27590 { AES256CBCb, AES256CBCb, oidBlkType, "AES-256-CBC", "aes-256-cbc"},
wolfSSL 16:8e0d178b1d1e 27591 #endif
wolfSSL 16:8e0d178b1d1e 27592 #ifndef NO_DES3
wolfSSL 16:8e0d178b1d1e 27593 { NID_des, DESb, oidBlkType, "DES-CBC", "des-cbc"},
wolfSSL 16:8e0d178b1d1e 27594 { NID_des3, DES3b, oidBlkType, "DES-EDE3-CBC", "des-ede3-cbc"},
wolfSSL 16:8e0d178b1d1e 27595 #endif /* !NO_DES3 */
wolfSSL 16:8e0d178b1d1e 27596
wolfSSL 16:8e0d178b1d1e 27597 /* oidOcspType */
wolfSSL 16:8e0d178b1d1e 27598 #ifdef HAVE_OCSP
wolfSSL 16:8e0d178b1d1e 27599 { NID_id_pkix_OCSP_basic, OCSP_BASIC_OID, oidOcspType, "basicOCSPResponse",
wolfSSL 16:8e0d178b1d1e 27600 "Basic OCSP Response"},
wolfSSL 16:8e0d178b1d1e 27601 { OCSP_NONCE_OID, OCSP_NONCE_OID, oidOcspType, "Nonce",
wolfSSL 16:8e0d178b1d1e 27602 "OCSP Nonce"},
wolfSSL 16:8e0d178b1d1e 27603 #endif /* HAVE_OCSP */
wolfSSL 16:8e0d178b1d1e 27604
wolfSSL 16:8e0d178b1d1e 27605 #ifndef NO_PWDBASED
wolfSSL 16:8e0d178b1d1e 27606 /* oidKdfType */
wolfSSL 16:8e0d178b1d1e 27607 { PBKDF2_OID, PBKDF2_OID, oidKdfType, "PBKDFv2", "PBKDF2"},
wolfSSL 16:8e0d178b1d1e 27608
wolfSSL 16:8e0d178b1d1e 27609 /* oidPBEType */
wolfSSL 16:8e0d178b1d1e 27610 { PBE_SHA1_RC4_128, PBE_SHA1_RC4_128, oidPBEType,
wolfSSL 16:8e0d178b1d1e 27611 "PBE-SHA1-RC4-128", "pbeWithSHA1And128BitRC4"},
wolfSSL 16:8e0d178b1d1e 27612 { PBE_SHA1_DES, PBE_SHA1_DES, oidPBEType, "PBE-SHA1-DES",
wolfSSL 16:8e0d178b1d1e 27613 "pbeWithSHA1AndDES-CBC"},
wolfSSL 16:8e0d178b1d1e 27614 { PBE_SHA1_DES3, PBE_SHA1_DES3, oidPBEType, "PBE-SHA1-3DES",
wolfSSL 16:8e0d178b1d1e 27615 "pbeWithSHA1And3-KeyTripleDES-CBC"},
wolfSSL 16:8e0d178b1d1e 27616 #endif
wolfSSL 16:8e0d178b1d1e 27617
wolfSSL 16:8e0d178b1d1e 27618 /* oidKeyWrapType */
wolfSSL 16:8e0d178b1d1e 27619 #ifdef WOLFSSL_AES_128
wolfSSL 16:8e0d178b1d1e 27620 { AES128_WRAP, AES128_WRAP, oidKeyWrapType, "AES-128 wrap", "aes128-wrap"},
wolfSSL 16:8e0d178b1d1e 27621 #endif
wolfSSL 16:8e0d178b1d1e 27622 #ifdef WOLFSSL_AES_192
wolfSSL 16:8e0d178b1d1e 27623 { AES192_WRAP, AES192_WRAP, oidKeyWrapType, "AES-192 wrap", "aes192-wrap"},
wolfSSL 16:8e0d178b1d1e 27624 #endif
wolfSSL 16:8e0d178b1d1e 27625 #ifdef WOLFSSL_AES_256
wolfSSL 16:8e0d178b1d1e 27626 { AES256_WRAP, AES256_WRAP, oidKeyWrapType, "AES-256 wrap", "aes256-wrap"},
wolfSSL 16:8e0d178b1d1e 27627 #endif
wolfSSL 16:8e0d178b1d1e 27628
wolfSSL 16:8e0d178b1d1e 27629 #ifndef NO_PKCS7
wolfSSL 16:8e0d178b1d1e 27630 #ifndef NO_DH
wolfSSL 16:8e0d178b1d1e 27631 /* oidCmsKeyAgreeType */
wolfSSL 16:8e0d178b1d1e 27632 #ifndef NO_SHA
wolfSSL 16:8e0d178b1d1e 27633 { dhSinglePass_stdDH_sha1kdf_scheme, dhSinglePass_stdDH_sha1kdf_scheme,
wolfSSL 16:8e0d178b1d1e 27634 oidCmsKeyAgreeType, "dhSinglePass-stdDH-sha1kdf-scheme", "dhSinglePass-stdDH-sha1kdf-scheme"},
wolfSSL 16:8e0d178b1d1e 27635 #endif
wolfSSL 16:8e0d178b1d1e 27636 #ifdef WOLFSSL_SHA224
wolfSSL 16:8e0d178b1d1e 27637 { dhSinglePass_stdDH_sha224kdf_scheme,
wolfSSL 16:8e0d178b1d1e 27638 dhSinglePass_stdDH_sha224kdf_scheme, oidCmsKeyAgreeType,
wolfSSL 16:8e0d178b1d1e 27639 "dhSinglePass-stdDH-sha224kdf-scheme", "dhSinglePass-stdDH-sha224kdf-scheme"},
wolfSSL 16:8e0d178b1d1e 27640 #endif
wolfSSL 16:8e0d178b1d1e 27641 #ifndef NO_SHA256
wolfSSL 16:8e0d178b1d1e 27642 { dhSinglePass_stdDH_sha256kdf_scheme,
wolfSSL 16:8e0d178b1d1e 27643 dhSinglePass_stdDH_sha256kdf_scheme, oidCmsKeyAgreeType,
wolfSSL 16:8e0d178b1d1e 27644 "dhSinglePass-stdDH-sha256kdf-scheme", "dhSinglePass-stdDH-sha256kdf-scheme"},
wolfSSL 16:8e0d178b1d1e 27645 #endif
wolfSSL 16:8e0d178b1d1e 27646 #ifdef WOLFSSL_SHA384
wolfSSL 16:8e0d178b1d1e 27647 { dhSinglePass_stdDH_sha384kdf_scheme,
wolfSSL 16:8e0d178b1d1e 27648 dhSinglePass_stdDH_sha384kdf_scheme, oidCmsKeyAgreeType,
wolfSSL 16:8e0d178b1d1e 27649 "dhSinglePass-stdDH-sha384kdf-scheme", "dhSinglePass-stdDH-sha384kdf-scheme"},
wolfSSL 16:8e0d178b1d1e 27650 #endif
wolfSSL 16:8e0d178b1d1e 27651 #ifdef WOLFSSL_SHA512
wolfSSL 16:8e0d178b1d1e 27652 { dhSinglePass_stdDH_sha512kdf_scheme,
wolfSSL 16:8e0d178b1d1e 27653 dhSinglePass_stdDH_sha512kdf_scheme, oidCmsKeyAgreeType,
wolfSSL 16:8e0d178b1d1e 27654 "dhSinglePass-stdDH-sha512kdf-scheme", "dhSinglePass-stdDH-sha512kdf-scheme"},
wolfSSL 16:8e0d178b1d1e 27655 #endif
wolfSSL 16:8e0d178b1d1e 27656 #endif
wolfSSL 16:8e0d178b1d1e 27657 #endif
wolfSSL 16:8e0d178b1d1e 27658 #if defined(WOLFSSL_APACHE_HTTPD)
wolfSSL 16:8e0d178b1d1e 27659 /* "1.3.6.1.5.5.7.8.7" */
wolfSSL 16:8e0d178b1d1e 27660 { NID_id_on_dnsSRV, NID_id_on_dnsSRV, oidCertNameType,
wolfSSL 16:8e0d178b1d1e 27661 WOLFSSL_SN_DNS_SRV, WOLFSSL_LN_DNS_SRV },
wolfSSL 16:8e0d178b1d1e 27662
wolfSSL 16:8e0d178b1d1e 27663 /* "1.3.6.1.4.1.311.20.2.3" */
wolfSSL 16:8e0d178b1d1e 27664 { NID_ms_upn, WOLFSSL_MS_UPN_SUM, oidCertExtType, WOLFSSL_SN_MS_UPN,
wolfSSL 16:8e0d178b1d1e 27665 WOLFSSL_LN_MS_UPN },
wolfSSL 16:8e0d178b1d1e 27666
wolfSSL 16:8e0d178b1d1e 27667 /* "1.3.6.1.5.5.7.1.24" */
wolfSSL 16:8e0d178b1d1e 27668 { NID_tlsfeature, WOLFSSL_TLS_FEATURE_SUM, oidTlsExtType,
wolfSSL 16:8e0d178b1d1e 27669 WOLFSSL_SN_TLS_FEATURE, WOLFSSL_LN_TLS_FEATURE },
wolfSSL 16:8e0d178b1d1e 27670 #endif
wolfSSL 16:8e0d178b1d1e 27671 #endif /* OPENSSL_EXTRA */
wolfSSL 16:8e0d178b1d1e 27672 };
wolfSSL 16:8e0d178b1d1e 27673
wolfSSL 16:8e0d178b1d1e 27674 #define WOLFSSL_OBJECT_INFO_SZ \
wolfSSL 16:8e0d178b1d1e 27675 (sizeof(wolfssl_object_info) / sizeof(*wolfssl_object_info))
wolfSSL 16:8e0d178b1d1e 27676 const size_t wolfssl_object_info_sz = WOLFSSL_OBJECT_INFO_SZ;
wolfSSL 16:8e0d178b1d1e 27677 #endif
wolfSSL 15:117db924cf7c 27678 #if defined(OPENSSL_EXTRA) || \
wolfSSL 15:117db924cf7c 27679 (defined(OPENSSL_EXTRA_X509_SMALL) && !defined(NO_RSA))
wolfSSL 15:117db924cf7c 27680 static WC_RNG globalRNG;
wolfSSL 15:117db924cf7c 27681 static int initGlobalRNG = 0;
wolfSSL 15:117db924cf7c 27682 #endif
wolfSSL 16:8e0d178b1d1e 27683 #if defined(OPENSSL_EXTRA) && \
wolfSSL 16:8e0d178b1d1e 27684 !defined(NO_RSA) && !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA)
wolfSSL 16:8e0d178b1d1e 27685 WC_RNG* WOLFSSL_RSA_GetRNG(WOLFSSL_RSA *rsa, WC_RNG **tmpRNG, int *initTmpRng)
wolfSSL 16:8e0d178b1d1e 27686 {
wolfSSL 16:8e0d178b1d1e 27687 WC_RNG* rng = NULL;
wolfSSL 16:8e0d178b1d1e 27688
wolfSSL 16:8e0d178b1d1e 27689 if (!rsa || !initTmpRng) {
wolfSSL 16:8e0d178b1d1e 27690 return NULL;
wolfSSL 16:8e0d178b1d1e 27691 }
wolfSSL 16:8e0d178b1d1e 27692 *initTmpRng = 0;
wolfSSL 16:8e0d178b1d1e 27693
wolfSSL 16:8e0d178b1d1e 27694 #if !defined(HAVE_FIPS) && !defined(HAVE_USER_RSA) && \
wolfSSL 16:8e0d178b1d1e 27695 !defined(HAVE_FAST_RSA) && defined(WC_RSA_BLINDING)
wolfSSL 16:8e0d178b1d1e 27696 rng = ((RsaKey*)rsa->internal)->rng;
wolfSSL 16:8e0d178b1d1e 27697 #endif
wolfSSL 16:8e0d178b1d1e 27698 if (rng == NULL && tmpRNG) {
wolfSSL 16:8e0d178b1d1e 27699 if (!*tmpRNG) {
wolfSSL 16:8e0d178b1d1e 27700 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 16:8e0d178b1d1e 27701 *tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 27702 if (*tmpRNG == NULL)
wolfSSL 16:8e0d178b1d1e 27703 return NULL;
wolfSSL 16:8e0d178b1d1e 27704 #else
wolfSSL 16:8e0d178b1d1e 27705 WOLFSSL_MSG("*tmpRNG is null");
wolfSSL 16:8e0d178b1d1e 27706 return NULL;
wolfSSL 16:8e0d178b1d1e 27707 #endif
wolfSSL 16:8e0d178b1d1e 27708 }
wolfSSL 16:8e0d178b1d1e 27709
wolfSSL 16:8e0d178b1d1e 27710 if (wc_InitRng(*tmpRNG) == 0) {
wolfSSL 16:8e0d178b1d1e 27711 rng = *tmpRNG;
wolfSSL 16:8e0d178b1d1e 27712 *initTmpRng = 1;
wolfSSL 16:8e0d178b1d1e 27713 }
wolfSSL 16:8e0d178b1d1e 27714 else {
wolfSSL 16:8e0d178b1d1e 27715 WOLFSSL_MSG("Bad RNG Init, trying global");
wolfSSL 16:8e0d178b1d1e 27716 if (initGlobalRNG == 0)
wolfSSL 16:8e0d178b1d1e 27717 WOLFSSL_MSG("Global RNG no Init");
wolfSSL 16:8e0d178b1d1e 27718 else
wolfSSL 16:8e0d178b1d1e 27719 rng = &globalRNG;
wolfSSL 16:8e0d178b1d1e 27720 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 16:8e0d178b1d1e 27721 if (*tmpRNG)
wolfSSL 16:8e0d178b1d1e 27722 XFREE(*tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 27723 *tmpRNG = NULL;
wolfSSL 16:8e0d178b1d1e 27724 #endif
wolfSSL 16:8e0d178b1d1e 27725 }
wolfSSL 16:8e0d178b1d1e 27726 }
wolfSSL 16:8e0d178b1d1e 27727 return rng;
wolfSSL 16:8e0d178b1d1e 27728 }
wolfSSL 16:8e0d178b1d1e 27729 #endif
wolfSSL 16:8e0d178b1d1e 27730 #ifndef WOLFCRYPT_ONLY
wolfSSL 15:117db924cf7c 27731
wolfSSL 15:117db924cf7c 27732 #ifdef OPENSSL_EXTRA
wolfSSL 15:117db924cf7c 27733
wolfSSL 15:117db924cf7c 27734 /* Not thread safe! Can be called multiple times.
wolfSSL 15:117db924cf7c 27735 * Checks if the global RNG has been created. If not then one is created.
wolfSSL 15:117db924cf7c 27736 *
wolfSSL 15:117db924cf7c 27737 * Returns SSL_SUCCESS when no error is encountered.
wolfSSL 15:117db924cf7c 27738 */
wolfSSL 15:117db924cf7c 27739 static int wolfSSL_RAND_Init(void)
wolfSSL 15:117db924cf7c 27740 {
wolfSSL 15:117db924cf7c 27741 if (initGlobalRNG == 0) {
wolfSSL 15:117db924cf7c 27742 if (wc_InitRng(&globalRNG) < 0) {
wolfSSL 15:117db924cf7c 27743 WOLFSSL_MSG("wolfSSL Init Global RNG failed");
wolfSSL 15:117db924cf7c 27744 return 0;
wolfSSL 15:117db924cf7c 27745 }
wolfSSL 15:117db924cf7c 27746 initGlobalRNG = 1;
wolfSSL 15:117db924cf7c 27747 }
wolfSSL 15:117db924cf7c 27748
wolfSSL 15:117db924cf7c 27749 return SSL_SUCCESS;
wolfSSL 15:117db924cf7c 27750 }
wolfSSL 15:117db924cf7c 27751
wolfSSL 15:117db924cf7c 27752
wolfSSL 15:117db924cf7c 27753 /* SSL_SUCCESS on ok */
wolfSSL 15:117db924cf7c 27754 int wolfSSL_RAND_seed(const void* seed, int len)
wolfSSL 15:117db924cf7c 27755 {
wolfSSL 15:117db924cf7c 27756
wolfSSL 15:117db924cf7c 27757 WOLFSSL_MSG("wolfSSL_RAND_seed");
wolfSSL 15:117db924cf7c 27758
wolfSSL 15:117db924cf7c 27759 (void)seed;
wolfSSL 15:117db924cf7c 27760 (void)len;
wolfSSL 15:117db924cf7c 27761
wolfSSL 15:117db924cf7c 27762 return wolfSSL_RAND_Init();
wolfSSL 15:117db924cf7c 27763 }
wolfSSL 15:117db924cf7c 27764
wolfSSL 15:117db924cf7c 27765
wolfSSL 15:117db924cf7c 27766 /* Returns the path for reading seed data from.
wolfSSL 15:117db924cf7c 27767 * Uses the env variable $RANDFILE first if set, if not then used $HOME/.rnd
wolfSSL 15:117db924cf7c 27768 *
wolfSSL 15:117db924cf7c 27769 * Note uses stdlib by default unless XGETENV macro is overwritten
wolfSSL 15:117db924cf7c 27770 *
wolfSSL 15:117db924cf7c 27771 * fname buffer to hold path
wolfSSL 15:117db924cf7c 27772 * len length of fname buffer
wolfSSL 15:117db924cf7c 27773 *
wolfSSL 15:117db924cf7c 27774 * Returns a pointer to fname on success and NULL on failure
wolfSSL 15:117db924cf7c 27775 */
wolfSSL 15:117db924cf7c 27776 const char* wolfSSL_RAND_file_name(char* fname, unsigned long len)
wolfSSL 15:117db924cf7c 27777 {
wolfSSL 15:117db924cf7c 27778 #ifndef NO_FILESYSTEM
wolfSSL 15:117db924cf7c 27779 char* rt;
wolfSSL 15:117db924cf7c 27780 char ap[] = "/.rnd";
wolfSSL 15:117db924cf7c 27781
wolfSSL 15:117db924cf7c 27782 WOLFSSL_ENTER("wolfSSL_RAND_file_name");
wolfSSL 15:117db924cf7c 27783
wolfSSL 15:117db924cf7c 27784 if (fname == NULL) {
wolfSSL 15:117db924cf7c 27785 return NULL;
wolfSSL 15:117db924cf7c 27786 }
wolfSSL 15:117db924cf7c 27787
wolfSSL 15:117db924cf7c 27788 XMEMSET(fname, 0, len);
wolfSSL 15:117db924cf7c 27789 /* if access to stdlib.h */
wolfSSL 15:117db924cf7c 27790 if ((rt = XGETENV("RANDFILE")) != NULL) {
wolfSSL 15:117db924cf7c 27791 if (len > XSTRLEN(rt)) {
wolfSSL 15:117db924cf7c 27792 XMEMCPY(fname, rt, XSTRLEN(rt));
wolfSSL 15:117db924cf7c 27793 }
wolfSSL 15:117db924cf7c 27794 else {
wolfSSL 15:117db924cf7c 27795 WOLFSSL_MSG("RANDFILE too large for buffer");
wolfSSL 15:117db924cf7c 27796 rt = NULL;
wolfSSL 15:117db924cf7c 27797 }
wolfSSL 15:117db924cf7c 27798 }
wolfSSL 15:117db924cf7c 27799
wolfSSL 15:117db924cf7c 27800 /* $RANDFILE was not set or is too large, check $HOME */
wolfSSL 15:117db924cf7c 27801 if (rt == NULL) {
wolfSSL 15:117db924cf7c 27802 WOLFSSL_MSG("Environment variable RANDFILE not set");
wolfSSL 15:117db924cf7c 27803 if ((rt = XGETENV("HOME")) == NULL) {
wolfSSL 15:117db924cf7c 27804 WOLFSSL_MSG("Environment variable HOME not set");
wolfSSL 15:117db924cf7c 27805 return NULL;
wolfSSL 15:117db924cf7c 27806 }
wolfSSL 15:117db924cf7c 27807
wolfSSL 15:117db924cf7c 27808 if (len > XSTRLEN(rt) + XSTRLEN(ap)) {
wolfSSL 15:117db924cf7c 27809 fname[0] = '\0';
wolfSSL 15:117db924cf7c 27810 XSTRNCAT(fname, rt, len);
wolfSSL 15:117db924cf7c 27811 XSTRNCAT(fname, ap, len - XSTRLEN(rt));
wolfSSL 15:117db924cf7c 27812 return fname;
wolfSSL 15:117db924cf7c 27813 }
wolfSSL 15:117db924cf7c 27814 else {
wolfSSL 15:117db924cf7c 27815 WOLFSSL_MSG("HOME too large for buffer");
wolfSSL 15:117db924cf7c 27816 return NULL;
wolfSSL 15:117db924cf7c 27817 }
wolfSSL 15:117db924cf7c 27818 }
wolfSSL 15:117db924cf7c 27819
wolfSSL 15:117db924cf7c 27820 return fname;
wolfSSL 15:117db924cf7c 27821 #else
wolfSSL 15:117db924cf7c 27822 /* no filesystem defined */
wolfSSL 15:117db924cf7c 27823 WOLFSSL_ENTER("wolfSSL_RAND_file_name");
wolfSSL 15:117db924cf7c 27824 WOLFSSL_MSG("No filesystem feature enabled, not compiled in");
wolfSSL 15:117db924cf7c 27825 (void)fname;
wolfSSL 15:117db924cf7c 27826 (void)len;
wolfSSL 15:117db924cf7c 27827 return NULL;
wolfSSL 15:117db924cf7c 27828 #endif
wolfSSL 15:117db924cf7c 27829 }
wolfSSL 15:117db924cf7c 27830
wolfSSL 15:117db924cf7c 27831
wolfSSL 15:117db924cf7c 27832 /* Writes 1024 bytes from the RNG to the given file name.
wolfSSL 15:117db924cf7c 27833 *
wolfSSL 15:117db924cf7c 27834 * fname name of file to write to
wolfSSL 15:117db924cf7c 27835 *
wolfSSL 16:8e0d178b1d1e 27836 * Returns the number of bytes written
wolfSSL 15:117db924cf7c 27837 */
wolfSSL 15:117db924cf7c 27838 int wolfSSL_RAND_write_file(const char* fname)
wolfSSL 15:117db924cf7c 27839 {
wolfSSL 15:117db924cf7c 27840 int bytes = 0;
wolfSSL 15:117db924cf7c 27841
wolfSSL 15:117db924cf7c 27842 WOLFSSL_ENTER("RAND_write_file");
wolfSSL 15:117db924cf7c 27843
wolfSSL 15:117db924cf7c 27844 if (fname == NULL) {
wolfSSL 15:117db924cf7c 27845 return SSL_FAILURE;
wolfSSL 15:117db924cf7c 27846 }
wolfSSL 15:117db924cf7c 27847
wolfSSL 15:117db924cf7c 27848 #ifndef NO_FILESYSTEM
wolfSSL 15:117db924cf7c 27849 {
wolfSSL 15:117db924cf7c 27850 #ifndef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 27851 unsigned char buf[1024];
wolfSSL 15:117db924cf7c 27852 #else
wolfSSL 15:117db924cf7c 27853 unsigned char* buf = (unsigned char *)XMALLOC(1024, NULL,
wolfSSL 15:117db924cf7c 27854 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 27855 if (buf == NULL) {
wolfSSL 15:117db924cf7c 27856 WOLFSSL_MSG("malloc failed");
wolfSSL 15:117db924cf7c 27857 return SSL_FAILURE;
wolfSSL 15:117db924cf7c 27858 }
wolfSSL 15:117db924cf7c 27859 #endif
wolfSSL 15:117db924cf7c 27860 bytes = 1024; /* default size of buf */
wolfSSL 15:117db924cf7c 27861
wolfSSL 15:117db924cf7c 27862 if (initGlobalRNG == 0 && wolfSSL_RAND_Init() != SSL_SUCCESS) {
wolfSSL 15:117db924cf7c 27863 WOLFSSL_MSG("No RNG to use");
wolfSSL 15:117db924cf7c 27864 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 27865 XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 27866 #endif
wolfSSL 15:117db924cf7c 27867 return 0;
wolfSSL 15:117db924cf7c 27868 }
wolfSSL 15:117db924cf7c 27869
wolfSSL 15:117db924cf7c 27870 if (wc_RNG_GenerateBlock(&globalRNG, buf, bytes) != 0) {
wolfSSL 15:117db924cf7c 27871 WOLFSSL_MSG("Error generating random buffer");
wolfSSL 15:117db924cf7c 27872 bytes = 0;
wolfSSL 15:117db924cf7c 27873 }
wolfSSL 15:117db924cf7c 27874 else {
wolfSSL 15:117db924cf7c 27875 XFILE f;
wolfSSL 15:117db924cf7c 27876
wolfSSL 15:117db924cf7c 27877 f = XFOPEN(fname, "wb");
wolfSSL 16:8e0d178b1d1e 27878 if (f == XBADFILE) {
wolfSSL 15:117db924cf7c 27879 WOLFSSL_MSG("Error opening the file");
wolfSSL 15:117db924cf7c 27880 bytes = 0;
wolfSSL 15:117db924cf7c 27881 }
wolfSSL 15:117db924cf7c 27882 else {
wolfSSL 15:117db924cf7c 27883 XFWRITE(buf, 1, bytes, f);
wolfSSL 15:117db924cf7c 27884 XFCLOSE(f);
wolfSSL 15:117db924cf7c 27885 }
wolfSSL 15:117db924cf7c 27886 }
wolfSSL 15:117db924cf7c 27887 ForceZero(buf, bytes);
wolfSSL 15:117db924cf7c 27888 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 27889 XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 27890 #endif
wolfSSL 15:117db924cf7c 27891 }
wolfSSL 15:117db924cf7c 27892 #endif
wolfSSL 15:117db924cf7c 27893
wolfSSL 15:117db924cf7c 27894 return bytes;
wolfSSL 15:117db924cf7c 27895 }
wolfSSL 15:117db924cf7c 27896
wolfSSL 15:117db924cf7c 27897 #ifndef FREERTOS_TCP
wolfSSL 15:117db924cf7c 27898
wolfSSL 15:117db924cf7c 27899 /* These constant values are protocol values made by egd */
wolfSSL 15:117db924cf7c 27900 #if defined(USE_WOLFSSL_IO) && !defined(USE_WINDOWS_API)
wolfSSL 15:117db924cf7c 27901 #define WOLFSSL_EGD_NBLOCK 0x01
wolfSSL 15:117db924cf7c 27902 #include <sys/un.h>
wolfSSL 15:117db924cf7c 27903 #endif
wolfSSL 15:117db924cf7c 27904
wolfSSL 15:117db924cf7c 27905 /* This collects entropy from the path nm and seeds the global PRNG with it.
wolfSSL 15:117db924cf7c 27906 * Makes a call to wolfSSL_RAND_Init which is not thread safe.
wolfSSL 15:117db924cf7c 27907 *
wolfSSL 15:117db924cf7c 27908 * nm is the file path to the egd server
wolfSSL 15:117db924cf7c 27909 *
wolfSSL 15:117db924cf7c 27910 * Returns the number of bytes read.
wolfSSL 15:117db924cf7c 27911 */
wolfSSL 15:117db924cf7c 27912 int wolfSSL_RAND_egd(const char* nm)
wolfSSL 15:117db924cf7c 27913 {
wolfSSL 16:8e0d178b1d1e 27914 #if defined(USE_WOLFSSL_IO) && !defined(USE_WINDOWS_API) && !defined(HAVE_FIPS) && \
wolfSSL 16:8e0d178b1d1e 27915 defined(HAVE_HASHDRBG)
wolfSSL 15:117db924cf7c 27916 struct sockaddr_un rem;
wolfSSL 15:117db924cf7c 27917 int fd;
wolfSSL 15:117db924cf7c 27918 int ret = WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 27919 word32 bytes = 0;
wolfSSL 15:117db924cf7c 27920 word32 idx = 0;
wolfSSL 15:117db924cf7c 27921 #ifndef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 27922 unsigned char buf[256];
wolfSSL 15:117db924cf7c 27923 #else
wolfSSL 15:117db924cf7c 27924 unsigned char* buf;
wolfSSL 15:117db924cf7c 27925 buf = (unsigned char*)XMALLOC(256, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 27926 if (buf == NULL) {
wolfSSL 15:117db924cf7c 27927 WOLFSSL_MSG("Not enough memory");
wolfSSL 15:117db924cf7c 27928 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 27929 }
wolfSSL 15:117db924cf7c 27930 #endif
wolfSSL 15:117db924cf7c 27931
wolfSSL 15:117db924cf7c 27932 if (nm == NULL) {
wolfSSL 15:117db924cf7c 27933 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 27934 XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 27935 #endif
wolfSSL 15:117db924cf7c 27936 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 27937 }
wolfSSL 15:117db924cf7c 27938
wolfSSL 15:117db924cf7c 27939 fd = socket(AF_UNIX, SOCK_STREAM, 0);
wolfSSL 15:117db924cf7c 27940 if (fd < 0) {
wolfSSL 15:117db924cf7c 27941 WOLFSSL_MSG("Error creating socket");
wolfSSL 15:117db924cf7c 27942 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 27943 XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 27944 #endif
wolfSSL 15:117db924cf7c 27945 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 27946 }
wolfSSL 15:117db924cf7c 27947 if (ret == WOLFSSL_SUCCESS) {
wolfSSL 15:117db924cf7c 27948 rem.sun_family = AF_UNIX;
wolfSSL 16:8e0d178b1d1e 27949 XSTRNCPY(rem.sun_path, nm, sizeof(rem.sun_path) - 1);
wolfSSL 15:117db924cf7c 27950 rem.sun_path[sizeof(rem.sun_path)-1] = '\0';
wolfSSL 15:117db924cf7c 27951 }
wolfSSL 15:117db924cf7c 27952
wolfSSL 15:117db924cf7c 27953 /* connect to egd server */
wolfSSL 15:117db924cf7c 27954 if (ret == WOLFSSL_SUCCESS) {
wolfSSL 15:117db924cf7c 27955 if (connect(fd, (struct sockaddr*)&rem, sizeof(struct sockaddr_un))
wolfSSL 15:117db924cf7c 27956 == -1) {
wolfSSL 15:117db924cf7c 27957 WOLFSSL_MSG("error connecting to egd server");
wolfSSL 15:117db924cf7c 27958 ret = WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 27959 }
wolfSSL 15:117db924cf7c 27960 }
wolfSSL 15:117db924cf7c 27961
wolfSSL 15:117db924cf7c 27962 while (ret == WOLFSSL_SUCCESS && bytes < 255 && idx + 2 < 256) {
wolfSSL 15:117db924cf7c 27963 if (ret == WOLFSSL_SUCCESS) {
wolfSSL 15:117db924cf7c 27964 buf[idx] = WOLFSSL_EGD_NBLOCK;
wolfSSL 15:117db924cf7c 27965 buf[idx + 1] = 255 - bytes; /* request 255 bytes from server */
wolfSSL 15:117db924cf7c 27966 ret = (int)write(fd, buf + idx, 2);
wolfSSL 15:117db924cf7c 27967 if (ret <= 0 || ret != 2) {
wolfSSL 15:117db924cf7c 27968 if (errno == EAGAIN) {
wolfSSL 15:117db924cf7c 27969 ret = WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 27970 continue;
wolfSSL 15:117db924cf7c 27971 }
wolfSSL 15:117db924cf7c 27972 WOLFSSL_MSG("error requesting entropy from egd server");
wolfSSL 15:117db924cf7c 27973 ret = WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 27974 break;
wolfSSL 15:117db924cf7c 27975 }
wolfSSL 15:117db924cf7c 27976 }
wolfSSL 15:117db924cf7c 27977
wolfSSL 15:117db924cf7c 27978 /* attempting to read */
wolfSSL 15:117db924cf7c 27979 buf[idx] = 0;
wolfSSL 15:117db924cf7c 27980 ret = (int)read(fd, buf + idx, 256 - bytes);
wolfSSL 15:117db924cf7c 27981 if (ret == 0) {
wolfSSL 15:117db924cf7c 27982 WOLFSSL_MSG("error reading entropy from egd server");
wolfSSL 15:117db924cf7c 27983 ret = WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 27984 break;
wolfSSL 15:117db924cf7c 27985 }
wolfSSL 15:117db924cf7c 27986 if (ret > 0 && buf[idx] > 0) {
wolfSSL 15:117db924cf7c 27987 bytes += buf[idx]; /* egd stores amount sent in first byte */
wolfSSL 15:117db924cf7c 27988 if (bytes + idx > 255 || buf[idx] > ret) {
wolfSSL 15:117db924cf7c 27989 WOLFSSL_MSG("Buffer error");
wolfSSL 15:117db924cf7c 27990 ret = WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 27991 break;
wolfSSL 15:117db924cf7c 27992 }
wolfSSL 15:117db924cf7c 27993 XMEMMOVE(buf + idx, buf + idx + 1, buf[idx]);
wolfSSL 15:117db924cf7c 27994 idx = bytes;
wolfSSL 15:117db924cf7c 27995 ret = WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 27996 if (bytes >= 255) {
wolfSSL 15:117db924cf7c 27997 break;
wolfSSL 15:117db924cf7c 27998 }
wolfSSL 15:117db924cf7c 27999 }
wolfSSL 15:117db924cf7c 28000 else {
wolfSSL 15:117db924cf7c 28001 if (errno == EAGAIN || errno == EINTR) {
wolfSSL 15:117db924cf7c 28002 WOLFSSL_MSG("EGD would read");
wolfSSL 15:117db924cf7c 28003 ret = WOLFSSL_SUCCESS; /* try again */
wolfSSL 15:117db924cf7c 28004 }
wolfSSL 15:117db924cf7c 28005 else if (buf[idx] == 0) {
wolfSSL 15:117db924cf7c 28006 /* if egd returned 0 then there is no more entropy to be had.
wolfSSL 15:117db924cf7c 28007 Do not try more reads. */
wolfSSL 15:117db924cf7c 28008 ret = WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 28009 break;
wolfSSL 15:117db924cf7c 28010 }
wolfSSL 15:117db924cf7c 28011 else {
wolfSSL 15:117db924cf7c 28012 WOLFSSL_MSG("Error with read");
wolfSSL 15:117db924cf7c 28013 ret = WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 28014 }
wolfSSL 15:117db924cf7c 28015 }
wolfSSL 15:117db924cf7c 28016 }
wolfSSL 15:117db924cf7c 28017
wolfSSL 15:117db924cf7c 28018 if (bytes > 0 && ret == WOLFSSL_SUCCESS) {
wolfSSL 15:117db924cf7c 28019 wolfSSL_RAND_Init(); /* call to check global RNG is created */
wolfSSL 15:117db924cf7c 28020 if (wc_RNG_DRBG_Reseed(&globalRNG, (const byte*) buf, bytes)
wolfSSL 15:117db924cf7c 28021 != 0) {
wolfSSL 15:117db924cf7c 28022 WOLFSSL_MSG("Error with reseeding DRBG structure");
wolfSSL 15:117db924cf7c 28023 ret = WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 28024 }
wolfSSL 15:117db924cf7c 28025 #ifdef SHOW_SECRETS
wolfSSL 15:117db924cf7c 28026 { /* print out entropy found */
wolfSSL 15:117db924cf7c 28027 word32 i;
wolfSSL 15:117db924cf7c 28028 printf("EGD Entropy = ");
wolfSSL 15:117db924cf7c 28029 for (i = 0; i < bytes; i++) {
wolfSSL 15:117db924cf7c 28030 printf("%02X", buf[i]);
wolfSSL 15:117db924cf7c 28031 }
wolfSSL 15:117db924cf7c 28032 printf("\n");
wolfSSL 15:117db924cf7c 28033 }
wolfSSL 15:117db924cf7c 28034 #endif
wolfSSL 15:117db924cf7c 28035 }
wolfSSL 15:117db924cf7c 28036
wolfSSL 15:117db924cf7c 28037 ForceZero(buf, bytes);
wolfSSL 15:117db924cf7c 28038 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 28039 XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 28040 #endif
wolfSSL 15:117db924cf7c 28041 close(fd);
wolfSSL 15:117db924cf7c 28042
wolfSSL 15:117db924cf7c 28043 if (ret == WOLFSSL_SUCCESS) {
wolfSSL 15:117db924cf7c 28044 return bytes;
wolfSSL 15:117db924cf7c 28045 }
wolfSSL 15:117db924cf7c 28046 else {
wolfSSL 15:117db924cf7c 28047 return ret;
wolfSSL 15:117db924cf7c 28048 }
wolfSSL 16:8e0d178b1d1e 28049 #else
wolfSSL 15:117db924cf7c 28050 WOLFSSL_MSG("Type of socket needed is not available");
wolfSSL 16:8e0d178b1d1e 28051 WOLFSSL_MSG("\tor using mode where DRBG API is not available");
wolfSSL 15:117db924cf7c 28052 (void)nm;
wolfSSL 15:117db924cf7c 28053
wolfSSL 15:117db924cf7c 28054 return WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 28055 #endif /* USE_WOLFSSL_IO && !USE_WINDOWS_API && !HAVE_FIPS && HAVE_HASHDRBG */
wolfSSL 15:117db924cf7c 28056 }
wolfSSL 15:117db924cf7c 28057
wolfSSL 15:117db924cf7c 28058 #endif /* !FREERTOS_TCP */
wolfSSL 15:117db924cf7c 28059
wolfSSL 15:117db924cf7c 28060 void wolfSSL_RAND_Cleanup(void)
wolfSSL 15:117db924cf7c 28061 {
wolfSSL 15:117db924cf7c 28062 WOLFSSL_ENTER("wolfSSL_RAND_Cleanup()");
wolfSSL 15:117db924cf7c 28063
wolfSSL 15:117db924cf7c 28064 if (initGlobalRNG != 0) {
wolfSSL 15:117db924cf7c 28065 wc_FreeRng(&globalRNG);
wolfSSL 15:117db924cf7c 28066 initGlobalRNG = 0;
wolfSSL 15:117db924cf7c 28067 }
wolfSSL 15:117db924cf7c 28068 }
wolfSSL 15:117db924cf7c 28069
wolfSSL 15:117db924cf7c 28070
wolfSSL 15:117db924cf7c 28071 int wolfSSL_RAND_pseudo_bytes(unsigned char* buf, int num)
wolfSSL 15:117db924cf7c 28072 {
wolfSSL 15:117db924cf7c 28073 return wolfSSL_RAND_bytes(buf, num);
wolfSSL 15:117db924cf7c 28074 }
wolfSSL 15:117db924cf7c 28075
wolfSSL 15:117db924cf7c 28076
wolfSSL 15:117db924cf7c 28077 /* SSL_SUCCESS on ok */
wolfSSL 15:117db924cf7c 28078 int wolfSSL_RAND_bytes(unsigned char* buf, int num)
wolfSSL 15:117db924cf7c 28079 {
wolfSSL 15:117db924cf7c 28080 int ret = 0;
wolfSSL 15:117db924cf7c 28081 int initTmpRng = 0;
wolfSSL 15:117db924cf7c 28082 WC_RNG* rng = NULL;
wolfSSL 15:117db924cf7c 28083 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 16:8e0d178b1d1e 28084 WC_RNG* tmpRNG;
wolfSSL 15:117db924cf7c 28085 #else
wolfSSL 15:117db924cf7c 28086 WC_RNG tmpRNG[1];
wolfSSL 15:117db924cf7c 28087 #endif
wolfSSL 15:117db924cf7c 28088
wolfSSL 15:117db924cf7c 28089 WOLFSSL_ENTER("wolfSSL_RAND_bytes");
wolfSSL 15:117db924cf7c 28090
wolfSSL 15:117db924cf7c 28091 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 28092 tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG);
wolfSSL 15:117db924cf7c 28093 if (tmpRNG == NULL)
wolfSSL 15:117db924cf7c 28094 return ret;
wolfSSL 15:117db924cf7c 28095 #endif
wolfSSL 15:117db924cf7c 28096
wolfSSL 16:8e0d178b1d1e 28097 if (initGlobalRNG)
wolfSSL 16:8e0d178b1d1e 28098 rng = &globalRNG;
wolfSSL 16:8e0d178b1d1e 28099 else if(wc_InitRng(tmpRNG) == 0) {
wolfSSL 15:117db924cf7c 28100 rng = tmpRNG;
wolfSSL 15:117db924cf7c 28101 initTmpRng = 1;
wolfSSL 15:117db924cf7c 28102 }
wolfSSL 15:117db924cf7c 28103 if (rng) {
wolfSSL 15:117db924cf7c 28104 if (wc_RNG_GenerateBlock(rng, buf, num) != 0)
wolfSSL 15:117db924cf7c 28105 WOLFSSL_MSG("Bad wc_RNG_GenerateBlock");
wolfSSL 15:117db924cf7c 28106 else
wolfSSL 15:117db924cf7c 28107 ret = WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 28108 }
wolfSSL 15:117db924cf7c 28109
wolfSSL 15:117db924cf7c 28110 if (initTmpRng)
wolfSSL 15:117db924cf7c 28111 wc_FreeRng(tmpRNG);
wolfSSL 15:117db924cf7c 28112
wolfSSL 15:117db924cf7c 28113 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 28114 XFREE(tmpRNG, NULL, DYNAMIC_TYPE_RNG);
wolfSSL 15:117db924cf7c 28115 #endif
wolfSSL 15:117db924cf7c 28116
wolfSSL 15:117db924cf7c 28117 return ret;
wolfSSL 15:117db924cf7c 28118 }
wolfSSL 15:117db924cf7c 28119
wolfSSL 15:117db924cf7c 28120
wolfSSL 16:8e0d178b1d1e 28121 int wolfSSL_RAND_poll(void)
wolfSSL 15:117db924cf7c 28122 {
wolfSSL 15:117db924cf7c 28123 byte entropy[16];
wolfSSL 15:117db924cf7c 28124 int ret = 0;
wolfSSL 15:117db924cf7c 28125 word32 entropy_sz = 16;
wolfSSL 15:117db924cf7c 28126
wolfSSL 15:117db924cf7c 28127 WOLFSSL_ENTER("wolfSSL_RAND_poll");
wolfSSL 15:117db924cf7c 28128 if (initGlobalRNG == 0){
wolfSSL 15:117db924cf7c 28129 WOLFSSL_MSG("Global RNG no Init");
wolfSSL 15:117db924cf7c 28130 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 28131 }
wolfSSL 15:117db924cf7c 28132 ret = wc_GenerateSeed(&globalRNG.seed, entropy, entropy_sz);
wolfSSL 15:117db924cf7c 28133 if (ret != 0){
wolfSSL 15:117db924cf7c 28134 WOLFSSL_MSG("Bad wc_RNG_GenerateBlock");
wolfSSL 15:117db924cf7c 28135 ret = WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 28136 }else
wolfSSL 15:117db924cf7c 28137 ret = WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 28138
wolfSSL 15:117db924cf7c 28139 return ret;
wolfSSL 15:117db924cf7c 28140 }
wolfSSL 15:117db924cf7c 28141 #endif /* OPENSSL_EXTRA */
wolfSSL 15:117db924cf7c 28142
wolfSSL 15:117db924cf7c 28143
wolfSSL 16:8e0d178b1d1e 28144
wolfSSL 16:8e0d178b1d1e 28145 #ifdef OPENSSL_EXTRA
wolfSSL 16:8e0d178b1d1e 28146
wolfSSL 16:8e0d178b1d1e 28147 WOLFSSL_ASN1_INTEGER* wolfSSL_BN_to_ASN1_INTEGER(const WOLFSSL_BIGNUM *bn, WOLFSSL_ASN1_INTEGER *ai)
wolfSSL 16:8e0d178b1d1e 28148 {
wolfSSL 16:8e0d178b1d1e 28149 WOLFSSL_ASN1_INTEGER* a;
wolfSSL 16:8e0d178b1d1e 28150 int len;
wolfSSL 16:8e0d178b1d1e 28151 WOLFSSL_ENTER("wolfSSL_BN_to_ASN1_INTEGER");
wolfSSL 16:8e0d178b1d1e 28152
wolfSSL 16:8e0d178b1d1e 28153 if (ai == NULL) {
wolfSSL 16:8e0d178b1d1e 28154 a = wolfSSL_ASN1_INTEGER_new();
wolfSSL 16:8e0d178b1d1e 28155
wolfSSL 16:8e0d178b1d1e 28156 if (a == NULL)
wolfSSL 16:8e0d178b1d1e 28157 return NULL;
wolfSSL 16:8e0d178b1d1e 28158
wolfSSL 16:8e0d178b1d1e 28159 a->type = V_ASN1_INTEGER;
wolfSSL 16:8e0d178b1d1e 28160 }
wolfSSL 16:8e0d178b1d1e 28161 else {
wolfSSL 16:8e0d178b1d1e 28162 a = ai;
wolfSSL 16:8e0d178b1d1e 28163 }
wolfSSL 16:8e0d178b1d1e 28164 if (a) {
wolfSSL 16:8e0d178b1d1e 28165 if (wolfSSL_BN_is_negative(bn) && !wolfSSL_BN_is_zero(bn)) {
wolfSSL 16:8e0d178b1d1e 28166 a->type |= V_ASN1_NEG_INTEGER;
wolfSSL 16:8e0d178b1d1e 28167 a->negative = 1;
wolfSSL 16:8e0d178b1d1e 28168 }
wolfSSL 16:8e0d178b1d1e 28169
wolfSSL 16:8e0d178b1d1e 28170 len = wolfSSL_BN_num_bytes(bn);
wolfSSL 16:8e0d178b1d1e 28171 if (len == 0)
wolfSSL 16:8e0d178b1d1e 28172 len = 1;
wolfSSL 16:8e0d178b1d1e 28173
wolfSSL 16:8e0d178b1d1e 28174 /* allocate buffer */
wolfSSL 16:8e0d178b1d1e 28175 if (len > (int)sizeof(a->intData)) {
wolfSSL 16:8e0d178b1d1e 28176 /* create new data buffer and copy over */
wolfSSL 16:8e0d178b1d1e 28177 a->data = (byte*)XMALLOC(len, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL 16:8e0d178b1d1e 28178 if (a->data == NULL) {
wolfSSL 16:8e0d178b1d1e 28179 if (a != ai)
wolfSSL 16:8e0d178b1d1e 28180 wolfSSL_ASN1_INTEGER_free(a);
wolfSSL 16:8e0d178b1d1e 28181 return NULL;
wolfSSL 16:8e0d178b1d1e 28182 }
wolfSSL 16:8e0d178b1d1e 28183 a->isDynamic = 1;
wolfSSL 16:8e0d178b1d1e 28184 }
wolfSSL 16:8e0d178b1d1e 28185 else {
wolfSSL 16:8e0d178b1d1e 28186 XMEMSET(a->intData, 0, sizeof(a->intData));
wolfSSL 16:8e0d178b1d1e 28187 a->data = a->intData;
wolfSSL 16:8e0d178b1d1e 28188 }
wolfSSL 16:8e0d178b1d1e 28189 a->length = len;
wolfSSL 16:8e0d178b1d1e 28190
wolfSSL 16:8e0d178b1d1e 28191 /* populate data */
wolfSSL 16:8e0d178b1d1e 28192 if (wolfSSL_BN_is_zero(bn)) {
wolfSSL 16:8e0d178b1d1e 28193 a->data[0] = 0;
wolfSSL 16:8e0d178b1d1e 28194 }
wolfSSL 16:8e0d178b1d1e 28195 else {
wolfSSL 16:8e0d178b1d1e 28196 len = wolfSSL_BN_bn2bin(bn, a->data);
wolfSSL 16:8e0d178b1d1e 28197 }
wolfSSL 16:8e0d178b1d1e 28198 a->length = len;
wolfSSL 16:8e0d178b1d1e 28199 }
wolfSSL 16:8e0d178b1d1e 28200
wolfSSL 16:8e0d178b1d1e 28201 return a;
wolfSSL 16:8e0d178b1d1e 28202 }
wolfSSL 16:8e0d178b1d1e 28203
wolfSSL 16:8e0d178b1d1e 28204 #ifdef OPENSSL_ALL
wolfSSL 16:8e0d178b1d1e 28205 void *wolfSSL_ASN1_item_new(const WOLFSSL_ASN1_ITEM *template)
wolfSSL 16:8e0d178b1d1e 28206 {
wolfSSL 16:8e0d178b1d1e 28207 void *ret = NULL;
wolfSSL 16:8e0d178b1d1e 28208 const WOLFSSL_ASN1_TEMPLATE *member = NULL;
wolfSSL 16:8e0d178b1d1e 28209 size_t i;
wolfSSL 16:8e0d178b1d1e 28210 WOLFSSL_ENTER("wolfSSL_ASN1_item_new");
wolfSSL 16:8e0d178b1d1e 28211 if (!template) {
wolfSSL 16:8e0d178b1d1e 28212 return NULL;
wolfSSL 16:8e0d178b1d1e 28213 }
wolfSSL 16:8e0d178b1d1e 28214 if (!(ret = XMALLOC(template->size, NULL, DYNAMIC_TYPE_OPENSSL))) {
wolfSSL 16:8e0d178b1d1e 28215 return NULL;
wolfSSL 16:8e0d178b1d1e 28216 }
wolfSSL 16:8e0d178b1d1e 28217 XMEMSET(ret, 0, template->size);
wolfSSL 16:8e0d178b1d1e 28218 for (member = template->members, i = 0; i < template->mcount;
wolfSSL 16:8e0d178b1d1e 28219 member++, i++) {
wolfSSL 16:8e0d178b1d1e 28220 switch (member->type) {
wolfSSL 16:8e0d178b1d1e 28221 case WOLFSSL_X509_ALGOR_ASN1:
wolfSSL 16:8e0d178b1d1e 28222 {
wolfSSL 16:8e0d178b1d1e 28223 WOLFSSL_X509_ALGOR* algor = wolfSSL_X509_ALGOR_new();
wolfSSL 16:8e0d178b1d1e 28224 if (!algor) {
wolfSSL 16:8e0d178b1d1e 28225 goto error;
wolfSSL 16:8e0d178b1d1e 28226 }
wolfSSL 16:8e0d178b1d1e 28227 *(WOLFSSL_X509_ALGOR**)(((byte*)ret) + member->offset) = algor;
wolfSSL 16:8e0d178b1d1e 28228 break;
wolfSSL 16:8e0d178b1d1e 28229 }
wolfSSL 16:8e0d178b1d1e 28230 case WOLFSSL_ASN1_BIT_STRING_ASN1:
wolfSSL 16:8e0d178b1d1e 28231 {
wolfSSL 16:8e0d178b1d1e 28232 WOLFSSL_ASN1_BIT_STRING* bit_str = wolfSSL_ASN1_BIT_STRING_new();
wolfSSL 16:8e0d178b1d1e 28233 if (!bit_str) {
wolfSSL 16:8e0d178b1d1e 28234 goto error;
wolfSSL 16:8e0d178b1d1e 28235 }
wolfSSL 16:8e0d178b1d1e 28236 *(WOLFSSL_ASN1_BIT_STRING**)(((byte*)ret) + member->offset) = bit_str;
wolfSSL 16:8e0d178b1d1e 28237 break;
wolfSSL 16:8e0d178b1d1e 28238 }
wolfSSL 16:8e0d178b1d1e 28239 default:
wolfSSL 16:8e0d178b1d1e 28240 WOLFSSL_MSG("Type not supported in wolfSSL_ASN1_item_new");
wolfSSL 16:8e0d178b1d1e 28241 goto error;
wolfSSL 16:8e0d178b1d1e 28242 }
wolfSSL 16:8e0d178b1d1e 28243 }
wolfSSL 16:8e0d178b1d1e 28244 return ret;
wolfSSL 16:8e0d178b1d1e 28245 error:
wolfSSL 16:8e0d178b1d1e 28246 wolfSSL_ASN1_item_free(ret, template);
wolfSSL 16:8e0d178b1d1e 28247 return NULL;
wolfSSL 16:8e0d178b1d1e 28248 }
wolfSSL 16:8e0d178b1d1e 28249
wolfSSL 16:8e0d178b1d1e 28250 void wolfSSL_ASN1_item_free(void *val, const WOLFSSL_ASN1_ITEM *template)
wolfSSL 16:8e0d178b1d1e 28251 {
wolfSSL 16:8e0d178b1d1e 28252 const WOLFSSL_ASN1_TEMPLATE *member = NULL;
wolfSSL 16:8e0d178b1d1e 28253 size_t i;
wolfSSL 16:8e0d178b1d1e 28254 WOLFSSL_ENTER("wolfSSL_ASN1_item_free");
wolfSSL 16:8e0d178b1d1e 28255 if (val) {
wolfSSL 16:8e0d178b1d1e 28256 for (member = template->members, i = 0; i < template->mcount;
wolfSSL 16:8e0d178b1d1e 28257 member++, i++) {
wolfSSL 16:8e0d178b1d1e 28258 switch (member->type) {
wolfSSL 16:8e0d178b1d1e 28259 case WOLFSSL_X509_ALGOR_ASN1:
wolfSSL 16:8e0d178b1d1e 28260 {
wolfSSL 16:8e0d178b1d1e 28261 WOLFSSL_X509_ALGOR* algor = *(WOLFSSL_X509_ALGOR**)
wolfSSL 16:8e0d178b1d1e 28262 (((byte*)val) + member->offset);
wolfSSL 16:8e0d178b1d1e 28263 if (algor) {
wolfSSL 16:8e0d178b1d1e 28264 wolfSSL_X509_ALGOR_free(algor);
wolfSSL 16:8e0d178b1d1e 28265 }
wolfSSL 15:117db924cf7c 28266 break;
wolfSSL 16:8e0d178b1d1e 28267 }
wolfSSL 16:8e0d178b1d1e 28268 case WOLFSSL_ASN1_BIT_STRING_ASN1:
wolfSSL 16:8e0d178b1d1e 28269 {
wolfSSL 16:8e0d178b1d1e 28270 WOLFSSL_ASN1_BIT_STRING* bit_str = *(WOLFSSL_ASN1_BIT_STRING**)
wolfSSL 16:8e0d178b1d1e 28271 (((byte*)val) + member->offset);
wolfSSL 16:8e0d178b1d1e 28272 if (bit_str) {
wolfSSL 16:8e0d178b1d1e 28273 wolfSSL_ASN1_BIT_STRING_free(bit_str);
wolfSSL 16:8e0d178b1d1e 28274 }
wolfSSL 15:117db924cf7c 28275 break;
wolfSSL 16:8e0d178b1d1e 28276 }
wolfSSL 16:8e0d178b1d1e 28277 default:
wolfSSL 16:8e0d178b1d1e 28278 WOLFSSL_MSG("Type not supported in wolfSSL_ASN1_item_free");
wolfSSL 16:8e0d178b1d1e 28279 }
wolfSSL 16:8e0d178b1d1e 28280 }
wolfSSL 16:8e0d178b1d1e 28281 XFREE(val, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL 16:8e0d178b1d1e 28282 }
wolfSSL 16:8e0d178b1d1e 28283 }
wolfSSL 16:8e0d178b1d1e 28284
wolfSSL 16:8e0d178b1d1e 28285 #define bufLenOrNull(buf, len) (buf ? buf + len : NULL)
wolfSSL 16:8e0d178b1d1e 28286
wolfSSL 16:8e0d178b1d1e 28287 static int i2dProcessMembers(const void *src, byte *buf,
wolfSSL 16:8e0d178b1d1e 28288 const WOLFSSL_ASN1_TEMPLATE *members, size_t mcount)
wolfSSL 16:8e0d178b1d1e 28289 {
wolfSSL 16:8e0d178b1d1e 28290 const WOLFSSL_ASN1_TEMPLATE *member = NULL;
wolfSSL 16:8e0d178b1d1e 28291 int len = 0, ret;
wolfSSL 16:8e0d178b1d1e 28292 size_t i;
wolfSSL 16:8e0d178b1d1e 28293 WOLFSSL_ENTER("processMembers");
wolfSSL 16:8e0d178b1d1e 28294 for (member = members, i = 0; i < mcount; member++, i++) {
wolfSSL 16:8e0d178b1d1e 28295 switch (member->type) {
wolfSSL 16:8e0d178b1d1e 28296 case WOLFSSL_X509_ALGOR_ASN1:
wolfSSL 16:8e0d178b1d1e 28297 {
wolfSSL 16:8e0d178b1d1e 28298 word32 oid = 0;
wolfSSL 16:8e0d178b1d1e 28299 word32 idx = 0;
wolfSSL 16:8e0d178b1d1e 28300 const WOLFSSL_X509_ALGOR* algor = *(const WOLFSSL_X509_ALGOR**)
wolfSSL 16:8e0d178b1d1e 28301 (((byte*)src) + member->offset);
wolfSSL 16:8e0d178b1d1e 28302 if (!algor->algorithm) {
wolfSSL 16:8e0d178b1d1e 28303 WOLFSSL_LEAVE("processMembers", WOLFSSL_FAILURE);
wolfSSL 16:8e0d178b1d1e 28304 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 28305 }
wolfSSL 16:8e0d178b1d1e 28306
wolfSSL 16:8e0d178b1d1e 28307 if (GetObjectId(algor->algorithm->obj, &idx, &oid,
wolfSSL 16:8e0d178b1d1e 28308 algor->algorithm->grp, algor->algorithm->objSz) < 0) {
wolfSSL 16:8e0d178b1d1e 28309 WOLFSSL_MSG("Issue getting OID of object");
wolfSSL 16:8e0d178b1d1e 28310 return -1;
wolfSSL 16:8e0d178b1d1e 28311 }
wolfSSL 16:8e0d178b1d1e 28312
wolfSSL 16:8e0d178b1d1e 28313 ret = SetAlgoID(oid, bufLenOrNull(buf, len),
wolfSSL 16:8e0d178b1d1e 28314 algor->algorithm->grp, 0);
wolfSSL 16:8e0d178b1d1e 28315 if (!ret) {
wolfSSL 16:8e0d178b1d1e 28316 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 28317 }
wolfSSL 16:8e0d178b1d1e 28318 len += ret;
wolfSSL 16:8e0d178b1d1e 28319 break;
wolfSSL 16:8e0d178b1d1e 28320 }
wolfSSL 16:8e0d178b1d1e 28321 case WOLFSSL_ASN1_BIT_STRING_ASN1:
wolfSSL 16:8e0d178b1d1e 28322 {
wolfSSL 16:8e0d178b1d1e 28323 const WOLFSSL_ASN1_BIT_STRING* bit_str;
wolfSSL 16:8e0d178b1d1e 28324 bit_str = *(const WOLFSSL_ASN1_BIT_STRING**)
wolfSSL 16:8e0d178b1d1e 28325 (((byte*)src) + member->offset);
wolfSSL 16:8e0d178b1d1e 28326 len += SetBitString(bit_str->length, 0, bufLenOrNull(buf, len));
wolfSSL 16:8e0d178b1d1e 28327 if (buf && bit_str->data) {
wolfSSL 16:8e0d178b1d1e 28328 XMEMCPY(buf + len, bit_str->data, bit_str->length);
wolfSSL 16:8e0d178b1d1e 28329 }
wolfSSL 16:8e0d178b1d1e 28330 len += bit_str->length;
wolfSSL 16:8e0d178b1d1e 28331 break;
wolfSSL 16:8e0d178b1d1e 28332 }
wolfSSL 16:8e0d178b1d1e 28333 default:
wolfSSL 16:8e0d178b1d1e 28334 WOLFSSL_MSG("Type not support in processMembers");
wolfSSL 16:8e0d178b1d1e 28335 WOLFSSL_LEAVE("processMembers", WOLFSSL_FAILURE);
wolfSSL 16:8e0d178b1d1e 28336 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 28337 }
wolfSSL 16:8e0d178b1d1e 28338 }
wolfSSL 16:8e0d178b1d1e 28339 WOLFSSL_LEAVE("processMembers", len);
wolfSSL 16:8e0d178b1d1e 28340 return len;
wolfSSL 16:8e0d178b1d1e 28341 }
wolfSSL 16:8e0d178b1d1e 28342
wolfSSL 16:8e0d178b1d1e 28343 int wolfSSL_ASN1_item_i2d(const void *src, byte **dest,
wolfSSL 16:8e0d178b1d1e 28344 const WOLFSSL_ASN1_ITEM *template)
wolfSSL 15:117db924cf7c 28345 {
wolfSSL 15:117db924cf7c 28346 int len = 0;
wolfSSL 16:8e0d178b1d1e 28347 byte *buf = NULL;
wolfSSL 16:8e0d178b1d1e 28348
wolfSSL 16:8e0d178b1d1e 28349 WOLFSSL_ENTER("wolfSSL_ASN1_item_i2d");
wolfSSL 16:8e0d178b1d1e 28350
wolfSSL 16:8e0d178b1d1e 28351 if (!src || !template) {
wolfSSL 16:8e0d178b1d1e 28352 WOLFSSL_LEAVE("wolfSSL_ASN1_item_i2d", WOLFSSL_FAILURE);
wolfSSL 16:8e0d178b1d1e 28353 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 28354 }
wolfSSL 16:8e0d178b1d1e 28355
wolfSSL 16:8e0d178b1d1e 28356 if (dest && !*dest) {
wolfSSL 16:8e0d178b1d1e 28357 len = wolfSSL_ASN1_item_i2d(src, NULL, template);
wolfSSL 16:8e0d178b1d1e 28358 if (!len) {
wolfSSL 16:8e0d178b1d1e 28359 goto error;
wolfSSL 16:8e0d178b1d1e 28360 }
wolfSSL 16:8e0d178b1d1e 28361 buf = (byte*)XMALLOC(len, NULL, DYNAMIC_TYPE_ASN1);
wolfSSL 16:8e0d178b1d1e 28362 if (!buf) {
wolfSSL 16:8e0d178b1d1e 28363 goto error;
wolfSSL 16:8e0d178b1d1e 28364 }
wolfSSL 16:8e0d178b1d1e 28365 len = 0;
wolfSSL 16:8e0d178b1d1e 28366 }
wolfSSL 16:8e0d178b1d1e 28367
wolfSSL 16:8e0d178b1d1e 28368 switch (template->type) {
wolfSSL 16:8e0d178b1d1e 28369 case ASN_SEQUENCE:
wolfSSL 16:8e0d178b1d1e 28370 {
wolfSSL 16:8e0d178b1d1e 28371 int seq_len = i2dProcessMembers(src, NULL, template->members,
wolfSSL 16:8e0d178b1d1e 28372 template->mcount);
wolfSSL 16:8e0d178b1d1e 28373 if (!seq_len) {
wolfSSL 16:8e0d178b1d1e 28374 goto error;
wolfSSL 16:8e0d178b1d1e 28375 }
wolfSSL 16:8e0d178b1d1e 28376 len += SetSequence(seq_len, bufLenOrNull(buf, len));
wolfSSL 16:8e0d178b1d1e 28377 if (buf &&
wolfSSL 16:8e0d178b1d1e 28378 i2dProcessMembers(src, bufLenOrNull(buf, len), template->members,
wolfSSL 16:8e0d178b1d1e 28379 template->mcount) != seq_len) {
wolfSSL 16:8e0d178b1d1e 28380 WOLFSSL_MSG("Inconsistent sequence length");
wolfSSL 16:8e0d178b1d1e 28381 goto error;
wolfSSL 16:8e0d178b1d1e 28382 }
wolfSSL 16:8e0d178b1d1e 28383 len += seq_len;
wolfSSL 16:8e0d178b1d1e 28384 break;
wolfSSL 16:8e0d178b1d1e 28385 }
wolfSSL 16:8e0d178b1d1e 28386 default:
wolfSSL 16:8e0d178b1d1e 28387 WOLFSSL_MSG("Type not supported in wolfSSL_ASN1_item_i2d");
wolfSSL 16:8e0d178b1d1e 28388 goto error;
wolfSSL 16:8e0d178b1d1e 28389 }
wolfSSL 16:8e0d178b1d1e 28390
wolfSSL 16:8e0d178b1d1e 28391 if (dest && !*dest) {
wolfSSL 16:8e0d178b1d1e 28392 *dest = buf;
wolfSSL 16:8e0d178b1d1e 28393 }
wolfSSL 16:8e0d178b1d1e 28394 else if (dest && *dest && buf) {
wolfSSL 16:8e0d178b1d1e 28395 /* *dest length is not checked because the user is responsible
wolfSSL 16:8e0d178b1d1e 28396 * for providing a long enough buffer */
wolfSSL 16:8e0d178b1d1e 28397 XMEMCPY(*dest, buf, len);
wolfSSL 16:8e0d178b1d1e 28398 }
wolfSSL 16:8e0d178b1d1e 28399
wolfSSL 16:8e0d178b1d1e 28400 WOLFSSL_LEAVE("wolfSSL_ASN1_item_i2d", len);
wolfSSL 16:8e0d178b1d1e 28401 return len;
wolfSSL 16:8e0d178b1d1e 28402 error:
wolfSSL 16:8e0d178b1d1e 28403 if (buf) {
wolfSSL 16:8e0d178b1d1e 28404 XFREE(buf, NULL, DYNAMIC_TYPE_ASN1);
wolfSSL 16:8e0d178b1d1e 28405 }
wolfSSL 16:8e0d178b1d1e 28406 WOLFSSL_LEAVE("wolfSSL_ASN1_item_i2d", WOLFSSL_FAILURE);
wolfSSL 16:8e0d178b1d1e 28407 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 28408 }
wolfSSL 16:8e0d178b1d1e 28409 #endif /* OPENSSL_ALL */
wolfSSL 15:117db924cf7c 28410
wolfSSL 15:117db924cf7c 28411 #ifndef NO_DH
wolfSSL 15:117db924cf7c 28412
wolfSSL 15:117db924cf7c 28413 static void InitwolfSSL_DH(WOLFSSL_DH* dh)
wolfSSL 15:117db924cf7c 28414 {
wolfSSL 15:117db924cf7c 28415 if (dh) {
wolfSSL 16:8e0d178b1d1e 28416 XMEMSET(dh, 0, sizeof(WOLFSSL_DH));
wolfSSL 15:117db924cf7c 28417 }
wolfSSL 15:117db924cf7c 28418 }
wolfSSL 15:117db924cf7c 28419
wolfSSL 15:117db924cf7c 28420
wolfSSL 15:117db924cf7c 28421 WOLFSSL_DH* wolfSSL_DH_new(void)
wolfSSL 15:117db924cf7c 28422 {
wolfSSL 15:117db924cf7c 28423 WOLFSSL_DH* external;
wolfSSL 15:117db924cf7c 28424 DhKey* key;
wolfSSL 15:117db924cf7c 28425
wolfSSL 15:117db924cf7c 28426 WOLFSSL_MSG("wolfSSL_DH_new");
wolfSSL 15:117db924cf7c 28427
wolfSSL 15:117db924cf7c 28428 key = (DhKey*) XMALLOC(sizeof(DhKey), NULL, DYNAMIC_TYPE_DH);
wolfSSL 15:117db924cf7c 28429 if (key == NULL) {
wolfSSL 15:117db924cf7c 28430 WOLFSSL_MSG("wolfSSL_DH_new malloc DhKey failure");
wolfSSL 15:117db924cf7c 28431 return NULL;
wolfSSL 15:117db924cf7c 28432 }
wolfSSL 15:117db924cf7c 28433
wolfSSL 15:117db924cf7c 28434 external = (WOLFSSL_DH*) XMALLOC(sizeof(WOLFSSL_DH), NULL,
wolfSSL 15:117db924cf7c 28435 DYNAMIC_TYPE_DH);
wolfSSL 15:117db924cf7c 28436 if (external == NULL) {
wolfSSL 15:117db924cf7c 28437 WOLFSSL_MSG("wolfSSL_DH_new malloc WOLFSSL_DH failure");
wolfSSL 15:117db924cf7c 28438 XFREE(key, NULL, DYNAMIC_TYPE_DH);
wolfSSL 15:117db924cf7c 28439 return NULL;
wolfSSL 15:117db924cf7c 28440 }
wolfSSL 15:117db924cf7c 28441
wolfSSL 15:117db924cf7c 28442 InitwolfSSL_DH(external);
wolfSSL 15:117db924cf7c 28443 if (wc_InitDhKey(key) != 0) {
wolfSSL 15:117db924cf7c 28444 WOLFSSL_MSG("wolfSSL_DH_new InitDhKey failure");
wolfSSL 15:117db924cf7c 28445 XFREE(key, NULL, DYNAMIC_TYPE_DH);
wolfSSL 15:117db924cf7c 28446 XFREE(external, NULL, DYNAMIC_TYPE_DH);
wolfSSL 15:117db924cf7c 28447 return NULL;
wolfSSL 15:117db924cf7c 28448 }
wolfSSL 15:117db924cf7c 28449 external->internal = key;
wolfSSL 15:117db924cf7c 28450
wolfSSL 15:117db924cf7c 28451 return external;
wolfSSL 15:117db924cf7c 28452 }
wolfSSL 15:117db924cf7c 28453
wolfSSL 15:117db924cf7c 28454
wolfSSL 15:117db924cf7c 28455 void wolfSSL_DH_free(WOLFSSL_DH* dh)
wolfSSL 15:117db924cf7c 28456 {
wolfSSL 15:117db924cf7c 28457 WOLFSSL_MSG("wolfSSL_DH_free");
wolfSSL 15:117db924cf7c 28458
wolfSSL 15:117db924cf7c 28459 if (dh) {
wolfSSL 15:117db924cf7c 28460 if (dh->internal) {
wolfSSL 15:117db924cf7c 28461 wc_FreeDhKey((DhKey*)dh->internal);
wolfSSL 15:117db924cf7c 28462 XFREE(dh->internal, NULL, DYNAMIC_TYPE_DH);
wolfSSL 15:117db924cf7c 28463 dh->internal = NULL;
wolfSSL 15:117db924cf7c 28464 }
wolfSSL 15:117db924cf7c 28465 wolfSSL_BN_free(dh->priv_key);
wolfSSL 15:117db924cf7c 28466 wolfSSL_BN_free(dh->pub_key);
wolfSSL 15:117db924cf7c 28467 wolfSSL_BN_free(dh->g);
wolfSSL 15:117db924cf7c 28468 wolfSSL_BN_free(dh->p);
wolfSSL 15:117db924cf7c 28469 wolfSSL_BN_free(dh->q);
wolfSSL 15:117db924cf7c 28470 InitwolfSSL_DH(dh); /* set back to NULLs for safety */
wolfSSL 15:117db924cf7c 28471
wolfSSL 15:117db924cf7c 28472 XFREE(dh, NULL, DYNAMIC_TYPE_DH);
wolfSSL 15:117db924cf7c 28473 }
wolfSSL 15:117db924cf7c 28474 }
wolfSSL 15:117db924cf7c 28475
wolfSSL 16:8e0d178b1d1e 28476 int SetDhInternal(WOLFSSL_DH* dh)
wolfSSL 15:117db924cf7c 28477 {
wolfSSL 15:117db924cf7c 28478 int ret = WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 28479 int pSz = 1024;
wolfSSL 15:117db924cf7c 28480 int gSz = 1024;
wolfSSL 16:8e0d178b1d1e 28481 #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL)
wolfSSL 16:8e0d178b1d1e 28482 int privSz = 256; /* Up to 2048-bit */
wolfSSL 16:8e0d178b1d1e 28483 int pubSz = 256;
wolfSSL 16:8e0d178b1d1e 28484 #endif
wolfSSL 15:117db924cf7c 28485 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 28486 unsigned char* p = NULL;
wolfSSL 15:117db924cf7c 28487 unsigned char* g = NULL;
wolfSSL 16:8e0d178b1d1e 28488 #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL)
wolfSSL 16:8e0d178b1d1e 28489 unsigned char* priv_key = NULL;
wolfSSL 16:8e0d178b1d1e 28490 unsigned char* pub_key = NULL;
wolfSSL 16:8e0d178b1d1e 28491 #endif
wolfSSL 15:117db924cf7c 28492 #else
wolfSSL 15:117db924cf7c 28493 unsigned char p[1024];
wolfSSL 15:117db924cf7c 28494 unsigned char g[1024];
wolfSSL 16:8e0d178b1d1e 28495 #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL)
wolfSSL 16:8e0d178b1d1e 28496 unsigned char priv_key[256];
wolfSSL 16:8e0d178b1d1e 28497 unsigned char pub_key[256];
wolfSSL 16:8e0d178b1d1e 28498 #endif
wolfSSL 15:117db924cf7c 28499 #endif
wolfSSL 15:117db924cf7c 28500
wolfSSL 15:117db924cf7c 28501 WOLFSSL_ENTER("SetDhInternal");
wolfSSL 15:117db924cf7c 28502
wolfSSL 15:117db924cf7c 28503 if (dh == NULL || dh->p == NULL || dh->g == NULL)
wolfSSL 15:117db924cf7c 28504 WOLFSSL_MSG("Bad function arguments");
wolfSSL 15:117db924cf7c 28505 else if (wolfSSL_BN_bn2bin(dh->p, NULL) > pSz)
wolfSSL 15:117db924cf7c 28506 WOLFSSL_MSG("Bad p internal size");
wolfSSL 15:117db924cf7c 28507 else if (wolfSSL_BN_bn2bin(dh->g, NULL) > gSz)
wolfSSL 15:117db924cf7c 28508 WOLFSSL_MSG("Bad g internal size");
wolfSSL 16:8e0d178b1d1e 28509 #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL)
wolfSSL 16:8e0d178b1d1e 28510 else if (wolfSSL_BN_bn2bin(dh->priv_key, NULL) > privSz)
wolfSSL 16:8e0d178b1d1e 28511 WOLFSSL_MSG("Bad private key internal size");
wolfSSL 16:8e0d178b1d1e 28512 else if (wolfSSL_BN_bn2bin(dh->pub_key, NULL) > privSz)
wolfSSL 16:8e0d178b1d1e 28513 WOLFSSL_MSG("Bad public key internal size");
wolfSSL 16:8e0d178b1d1e 28514 #endif
wolfSSL 15:117db924cf7c 28515 else {
wolfSSL 15:117db924cf7c 28516 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 28517 p = (unsigned char*)XMALLOC(pSz, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 15:117db924cf7c 28518 g = (unsigned char*)XMALLOC(gSz, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 15:117db924cf7c 28519
wolfSSL 16:8e0d178b1d1e 28520 #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL)
wolfSSL 16:8e0d178b1d1e 28521 priv_key = (unsigned char*)XMALLOC(privSz,NULL,DYNAMIC_TYPE_PRIVATE_KEY);
wolfSSL 16:8e0d178b1d1e 28522 pub_key = (unsigned char*)XMALLOC(pubSz,NULL,DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 16:8e0d178b1d1e 28523 #endif
wolfSSL 16:8e0d178b1d1e 28524
wolfSSL 15:117db924cf7c 28525 if (p == NULL || g == NULL) {
wolfSSL 15:117db924cf7c 28526 XFREE(p, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 15:117db924cf7c 28527 XFREE(g, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 15:117db924cf7c 28528 return ret;
wolfSSL 15:117db924cf7c 28529 }
wolfSSL 16:8e0d178b1d1e 28530 #endif /* WOLFSSL_SMALL_STACK */
wolfSSL 16:8e0d178b1d1e 28531
wolfSSL 16:8e0d178b1d1e 28532 #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL)
wolfSSL 16:8e0d178b1d1e 28533 privSz = wolfSSL_BN_bn2bin(dh->priv_key, priv_key);
wolfSSL 16:8e0d178b1d1e 28534 pubSz = wolfSSL_BN_bn2bin(dh->pub_key, pub_key);
wolfSSL 16:8e0d178b1d1e 28535 if (privSz <= 0) {
wolfSSL 16:8e0d178b1d1e 28536 WOLFSSL_MSG("No private key size.");
wolfSSL 16:8e0d178b1d1e 28537 }
wolfSSL 16:8e0d178b1d1e 28538 if (pubSz <= 0) {
wolfSSL 16:8e0d178b1d1e 28539 WOLFSSL_MSG("No public key size.");
wolfSSL 16:8e0d178b1d1e 28540 }
wolfSSL 16:8e0d178b1d1e 28541 if (privSz > 0 || pubSz > 0) {
wolfSSL 16:8e0d178b1d1e 28542 ret = wc_DhSetFullKeys((DhKey*)dh->internal,priv_key,privSz,
wolfSSL 16:8e0d178b1d1e 28543 pub_key,pubSz);
wolfSSL 16:8e0d178b1d1e 28544 if (ret == WOLFSSL_FAILURE) {
wolfSSL 16:8e0d178b1d1e 28545 WOLFSSL_MSG("Failed setting private or public key.");
wolfSSL 16:8e0d178b1d1e 28546 }
wolfSSL 16:8e0d178b1d1e 28547 }
wolfSSL 16:8e0d178b1d1e 28548 #endif /* WOLFSSL_QT || OPENSSL_ALL */
wolfSSL 15:117db924cf7c 28549
wolfSSL 15:117db924cf7c 28550 pSz = wolfSSL_BN_bn2bin(dh->p, p);
wolfSSL 15:117db924cf7c 28551 gSz = wolfSSL_BN_bn2bin(dh->g, g);
wolfSSL 15:117db924cf7c 28552
wolfSSL 15:117db924cf7c 28553 if (pSz <= 0 || gSz <= 0)
wolfSSL 15:117db924cf7c 28554 WOLFSSL_MSG("Bad BN2bin set");
wolfSSL 15:117db924cf7c 28555 else if (wc_DhSetKey((DhKey*)dh->internal, p, pSz, g, gSz) < 0)
wolfSSL 15:117db924cf7c 28556 WOLFSSL_MSG("Bad DH SetKey");
wolfSSL 15:117db924cf7c 28557 else {
wolfSSL 15:117db924cf7c 28558 dh->inSet = 1;
wolfSSL 15:117db924cf7c 28559 ret = WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 28560 }
wolfSSL 15:117db924cf7c 28561
wolfSSL 15:117db924cf7c 28562 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 28563 XFREE(p, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 15:117db924cf7c 28564 XFREE(g, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 16:8e0d178b1d1e 28565 #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL)
wolfSSL 16:8e0d178b1d1e 28566 XFREE(priv_key, NULL, DYNAMIC_TYPE_PRIVATE_KEY);
wolfSSL 16:8e0d178b1d1e 28567 XFREE(pub_key, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 16:8e0d178b1d1e 28568 #endif
wolfSSL 16:8e0d178b1d1e 28569 #endif
wolfSSL 16:8e0d178b1d1e 28570 }
wolfSSL 16:8e0d178b1d1e 28571
wolfSSL 16:8e0d178b1d1e 28572
wolfSSL 16:8e0d178b1d1e 28573 return ret;
wolfSSL 16:8e0d178b1d1e 28574 }
wolfSSL 16:8e0d178b1d1e 28575
wolfSSL 16:8e0d178b1d1e 28576 #if !defined(NO_DH) && (defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH))
wolfSSL 16:8e0d178b1d1e 28577 /* Set the members of DhKey into WOLFSSL_DH
wolfSSL 16:8e0d178b1d1e 28578 * DhKey was populated from wc_DhKeyDecode
wolfSSL 16:8e0d178b1d1e 28579 */
wolfSSL 16:8e0d178b1d1e 28580 int SetDhExternal(WOLFSSL_DH *dh)
wolfSSL 16:8e0d178b1d1e 28581 {
wolfSSL 16:8e0d178b1d1e 28582 DhKey *key;
wolfSSL 16:8e0d178b1d1e 28583 WOLFSSL_MSG("Entering SetDhExternal");
wolfSSL 16:8e0d178b1d1e 28584
wolfSSL 16:8e0d178b1d1e 28585 if (dh == NULL || dh->internal == NULL) {
wolfSSL 16:8e0d178b1d1e 28586 WOLFSSL_MSG("dh key NULL error");
wolfSSL 16:8e0d178b1d1e 28587 }
wolfSSL 16:8e0d178b1d1e 28588
wolfSSL 16:8e0d178b1d1e 28589 key = (DhKey*)dh->internal;
wolfSSL 16:8e0d178b1d1e 28590
wolfSSL 16:8e0d178b1d1e 28591 if (SetIndividualExternal(&dh->p, &key->p) != WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 28592 WOLFSSL_MSG("dh param p error");
wolfSSL 16:8e0d178b1d1e 28593 return WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 28594 }
wolfSSL 16:8e0d178b1d1e 28595
wolfSSL 16:8e0d178b1d1e 28596 if (SetIndividualExternal(&dh->g, &key->g) != WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 28597 WOLFSSL_MSG("dh param g error");
wolfSSL 16:8e0d178b1d1e 28598 return WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 28599 }
wolfSSL 16:8e0d178b1d1e 28600
wolfSSL 16:8e0d178b1d1e 28601 if (SetIndividualExternal(&dh->priv_key, &key->priv) != WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 28602 WOLFSSL_MSG("No DH Private Key");
wolfSSL 16:8e0d178b1d1e 28603 return WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 28604 }
wolfSSL 16:8e0d178b1d1e 28605
wolfSSL 16:8e0d178b1d1e 28606 if (SetIndividualExternal(&dh->pub_key, &key->pub) != WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 28607 WOLFSSL_MSG("No DH Public Key");
wolfSSL 16:8e0d178b1d1e 28608 return WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 28609 }
wolfSSL 16:8e0d178b1d1e 28610
wolfSSL 16:8e0d178b1d1e 28611 dh->exSet = 1;
wolfSSL 16:8e0d178b1d1e 28612
wolfSSL 16:8e0d178b1d1e 28613 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 28614 }
wolfSSL 16:8e0d178b1d1e 28615 #endif /* !NO_DH && (WOLFSSL_QT || OPENSSL_ALL) */
wolfSSL 15:117db924cf7c 28616
wolfSSL 15:117db924cf7c 28617 /* return code compliant with OpenSSL :
wolfSSL 15:117db924cf7c 28618 * DH prime size in bytes if success, 0 if error
wolfSSL 15:117db924cf7c 28619 */
wolfSSL 15:117db924cf7c 28620 int wolfSSL_DH_size(WOLFSSL_DH* dh)
wolfSSL 15:117db924cf7c 28621 {
wolfSSL 15:117db924cf7c 28622 WOLFSSL_MSG("wolfSSL_DH_size");
wolfSSL 15:117db924cf7c 28623
wolfSSL 15:117db924cf7c 28624 if (dh == NULL)
wolfSSL 15:117db924cf7c 28625 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 28626
wolfSSL 15:117db924cf7c 28627 return wolfSSL_BN_num_bytes(dh->p);
wolfSSL 15:117db924cf7c 28628 }
wolfSSL 15:117db924cf7c 28629
wolfSSL 16:8e0d178b1d1e 28630 /* This sets a big number with the 768-bit prime from RFC 2409.
wolfSSL 16:8e0d178b1d1e 28631 *
wolfSSL 16:8e0d178b1d1e 28632 * bn if not NULL then the big number structure is used. If NULL then a new
wolfSSL 16:8e0d178b1d1e 28633 * big number structure is created.
wolfSSL 16:8e0d178b1d1e 28634 *
wolfSSL 16:8e0d178b1d1e 28635 * Returns a WOLFSSL_BIGNUM structure on success and NULL with failure.
wolfSSL 16:8e0d178b1d1e 28636 */
wolfSSL 16:8e0d178b1d1e 28637 WOLFSSL_BIGNUM* wolfSSL_DH_768_prime(WOLFSSL_BIGNUM* bn)
wolfSSL 16:8e0d178b1d1e 28638 {
wolfSSL 16:8e0d178b1d1e 28639 const char prm[] = {
wolfSSL 16:8e0d178b1d1e 28640 "FFFFFFFFFFFFFFFFC90FDAA22168C234"
wolfSSL 16:8e0d178b1d1e 28641 "C4C6628B80DC1CD129024E088A67CC74"
wolfSSL 16:8e0d178b1d1e 28642 "020BBEA63B139B22514A08798E3404DD"
wolfSSL 16:8e0d178b1d1e 28643 "EF9519B3CD3A431B302B0A6DF25F1437"
wolfSSL 16:8e0d178b1d1e 28644 "4FE1356D6D51C245E485B576625E7EC6"
wolfSSL 16:8e0d178b1d1e 28645 "F44C42E9A63A3620FFFFFFFFFFFFFFFF"
wolfSSL 16:8e0d178b1d1e 28646 };
wolfSSL 16:8e0d178b1d1e 28647
wolfSSL 16:8e0d178b1d1e 28648 WOLFSSL_ENTER("wolfSSL_DH_768_prime");
wolfSSL 16:8e0d178b1d1e 28649
wolfSSL 16:8e0d178b1d1e 28650 if (wolfSSL_BN_hex2bn(&bn, prm) != SSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 28651 WOLFSSL_MSG("Error converting DH 768 prime to big number");
wolfSSL 16:8e0d178b1d1e 28652 return NULL;
wolfSSL 16:8e0d178b1d1e 28653 }
wolfSSL 16:8e0d178b1d1e 28654
wolfSSL 16:8e0d178b1d1e 28655 return bn;
wolfSSL 16:8e0d178b1d1e 28656 }
wolfSSL 16:8e0d178b1d1e 28657
wolfSSL 16:8e0d178b1d1e 28658 /* This sets a big number with the 1024-bit prime from RFC 2409.
wolfSSL 16:8e0d178b1d1e 28659 *
wolfSSL 16:8e0d178b1d1e 28660 * bn if not NULL then the big number structure is used. If NULL then a new
wolfSSL 16:8e0d178b1d1e 28661 * big number structure is created.
wolfSSL 16:8e0d178b1d1e 28662 *
wolfSSL 16:8e0d178b1d1e 28663 * Returns a WOLFSSL_BIGNUM structure on success and NULL with failure.
wolfSSL 16:8e0d178b1d1e 28664 */
wolfSSL 16:8e0d178b1d1e 28665 WOLFSSL_BIGNUM* wolfSSL_DH_1024_prime(WOLFSSL_BIGNUM* bn)
wolfSSL 16:8e0d178b1d1e 28666 {
wolfSSL 16:8e0d178b1d1e 28667 const char prm[] = {
wolfSSL 16:8e0d178b1d1e 28668 "FFFFFFFFFFFFFFFFC90FDAA22168C234"
wolfSSL 16:8e0d178b1d1e 28669 "C4C6628B80DC1CD129024E088A67CC74"
wolfSSL 16:8e0d178b1d1e 28670 "020BBEA63B139B22514A08798E3404DD"
wolfSSL 16:8e0d178b1d1e 28671 "EF9519B3CD3A431B302B0A6DF25F1437"
wolfSSL 16:8e0d178b1d1e 28672 "4FE1356D6D51C245E485B576625E7EC6"
wolfSSL 16:8e0d178b1d1e 28673 "F44C42E9A637ED6B0BFF5CB6F406B7ED"
wolfSSL 16:8e0d178b1d1e 28674 "EE386BFB5A899FA5AE9F24117C4B1FE6"
wolfSSL 16:8e0d178b1d1e 28675 "49286651ECE65381FFFFFFFFFFFFFFFF"
wolfSSL 16:8e0d178b1d1e 28676 };
wolfSSL 16:8e0d178b1d1e 28677
wolfSSL 16:8e0d178b1d1e 28678 WOLFSSL_ENTER("wolfSSL_DH_1024_prime");
wolfSSL 16:8e0d178b1d1e 28679
wolfSSL 16:8e0d178b1d1e 28680 if (wolfSSL_BN_hex2bn(&bn, prm) != SSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 28681 WOLFSSL_MSG("Error converting DH 1024 prime to big number");
wolfSSL 16:8e0d178b1d1e 28682 return NULL;
wolfSSL 16:8e0d178b1d1e 28683 }
wolfSSL 16:8e0d178b1d1e 28684
wolfSSL 16:8e0d178b1d1e 28685 return bn;
wolfSSL 16:8e0d178b1d1e 28686 }
wolfSSL 15:117db924cf7c 28687
wolfSSL 15:117db924cf7c 28688 /* This sets a big number with the 1536-bit prime from RFC 3526.
wolfSSL 15:117db924cf7c 28689 *
wolfSSL 15:117db924cf7c 28690 * bn if not NULL then the big number structure is used. If NULL then a new
wolfSSL 15:117db924cf7c 28691 * big number structure is created.
wolfSSL 15:117db924cf7c 28692 *
wolfSSL 15:117db924cf7c 28693 * Returns a WOLFSSL_BIGNUM structure on success and NULL with failure.
wolfSSL 15:117db924cf7c 28694 */
wolfSSL 15:117db924cf7c 28695 WOLFSSL_BIGNUM* wolfSSL_DH_1536_prime(WOLFSSL_BIGNUM* bn)
wolfSSL 15:117db924cf7c 28696 {
wolfSSL 15:117db924cf7c 28697 const char prm[] = {
wolfSSL 15:117db924cf7c 28698 "FFFFFFFFFFFFFFFFC90FDAA22168C234"
wolfSSL 15:117db924cf7c 28699 "C4C6628B80DC1CD129024E088A67CC74"
wolfSSL 15:117db924cf7c 28700 "020BBEA63B139B22514A08798E3404DD"
wolfSSL 15:117db924cf7c 28701 "EF9519B3CD3A431B302B0A6DF25F1437"
wolfSSL 15:117db924cf7c 28702 "4FE1356D6D51C245E485B576625E7EC6"
wolfSSL 15:117db924cf7c 28703 "F44C42E9A637ED6B0BFF5CB6F406B7ED"
wolfSSL 15:117db924cf7c 28704 "EE386BFB5A899FA5AE9F24117C4B1FE6"
wolfSSL 15:117db924cf7c 28705 "49286651ECE45B3DC2007CB8A163BF05"
wolfSSL 15:117db924cf7c 28706 "98DA48361C55D39A69163FA8FD24CF5F"
wolfSSL 15:117db924cf7c 28707 "83655D23DCA3AD961C62F356208552BB"
wolfSSL 15:117db924cf7c 28708 "9ED529077096966D670C354E4ABC9804"
wolfSSL 15:117db924cf7c 28709 "F1746C08CA237327FFFFFFFFFFFFFFFF"
wolfSSL 15:117db924cf7c 28710 };
wolfSSL 15:117db924cf7c 28711
wolfSSL 15:117db924cf7c 28712 WOLFSSL_ENTER("wolfSSL_DH_1536_prime");
wolfSSL 15:117db924cf7c 28713
wolfSSL 15:117db924cf7c 28714 if (wolfSSL_BN_hex2bn(&bn, prm) != SSL_SUCCESS) {
wolfSSL 15:117db924cf7c 28715 WOLFSSL_MSG("Error converting DH 1536 prime to big number");
wolfSSL 15:117db924cf7c 28716 return NULL;
wolfSSL 15:117db924cf7c 28717 }
wolfSSL 15:117db924cf7c 28718
wolfSSL 15:117db924cf7c 28719 return bn;
wolfSSL 15:117db924cf7c 28720 }
wolfSSL 15:117db924cf7c 28721
wolfSSL 16:8e0d178b1d1e 28722 /* This sets a big number with the 2048-bit prime from RFC 3526.
wolfSSL 16:8e0d178b1d1e 28723 *
wolfSSL 16:8e0d178b1d1e 28724 * bn if not NULL then the big number structure is used. If NULL then a new
wolfSSL 16:8e0d178b1d1e 28725 * big number structure is created.
wolfSSL 16:8e0d178b1d1e 28726 *
wolfSSL 16:8e0d178b1d1e 28727 * Returns a WOLFSSL_BIGNUM structure on success and NULL with failure.
wolfSSL 16:8e0d178b1d1e 28728 */
wolfSSL 16:8e0d178b1d1e 28729 WOLFSSL_BIGNUM* wolfSSL_DH_2048_prime(WOLFSSL_BIGNUM* bn)
wolfSSL 16:8e0d178b1d1e 28730 {
wolfSSL 16:8e0d178b1d1e 28731 const char prm[] = {
wolfSSL 16:8e0d178b1d1e 28732 "FFFFFFFFFFFFFFFFC90FDAA22168C234"
wolfSSL 16:8e0d178b1d1e 28733 "C4C6628B80DC1CD129024E088A67CC74"
wolfSSL 16:8e0d178b1d1e 28734 "020BBEA63B139B22514A08798E3404DD"
wolfSSL 16:8e0d178b1d1e 28735 "EF9519B3CD3A431B302B0A6DF25F1437"
wolfSSL 16:8e0d178b1d1e 28736 "4FE1356D6D51C245E485B576625E7EC6"
wolfSSL 16:8e0d178b1d1e 28737 "F44C42E9A637ED6B0BFF5CB6F406B7ED"
wolfSSL 16:8e0d178b1d1e 28738 "EE386BFB5A899FA5AE9F24117C4B1FE6"
wolfSSL 16:8e0d178b1d1e 28739 "49286651ECE45B3DC2007CB8A163BF05"
wolfSSL 16:8e0d178b1d1e 28740 "98DA48361C55D39A69163FA8FD24CF5F"
wolfSSL 16:8e0d178b1d1e 28741 "83655D23DCA3AD961C62F356208552BB"
wolfSSL 16:8e0d178b1d1e 28742 "9ED529077096966D670C354E4ABC9804"
wolfSSL 16:8e0d178b1d1e 28743 "F1746C08CA18217C32905E462E36CE3B"
wolfSSL 16:8e0d178b1d1e 28744 "E39E772C180E86039B2783A2EC07A28F"
wolfSSL 16:8e0d178b1d1e 28745 "B5C55DF06F4C52C9DE2BCBF695581718"
wolfSSL 16:8e0d178b1d1e 28746 "3995497CEA956AE515D2261898FA0510"
wolfSSL 16:8e0d178b1d1e 28747 "15728E5A8AACAA68FFFFFFFFFFFFFFFF"
wolfSSL 16:8e0d178b1d1e 28748 };
wolfSSL 16:8e0d178b1d1e 28749
wolfSSL 16:8e0d178b1d1e 28750 WOLFSSL_ENTER("wolfSSL_DH_2048_prime");
wolfSSL 16:8e0d178b1d1e 28751
wolfSSL 16:8e0d178b1d1e 28752 if (wolfSSL_BN_hex2bn(&bn, prm) != SSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 28753 WOLFSSL_MSG("Error converting DH 2048 prime to big number");
wolfSSL 16:8e0d178b1d1e 28754 return NULL;
wolfSSL 16:8e0d178b1d1e 28755 }
wolfSSL 16:8e0d178b1d1e 28756
wolfSSL 16:8e0d178b1d1e 28757 return bn;
wolfSSL 16:8e0d178b1d1e 28758 }
wolfSSL 16:8e0d178b1d1e 28759
wolfSSL 16:8e0d178b1d1e 28760 /* This sets a big number with the 3072-bit prime from RFC 3526.
wolfSSL 16:8e0d178b1d1e 28761 *
wolfSSL 16:8e0d178b1d1e 28762 * bn if not NULL then the big number structure is used. If NULL then a new
wolfSSL 16:8e0d178b1d1e 28763 * big number structure is created.
wolfSSL 16:8e0d178b1d1e 28764 *
wolfSSL 16:8e0d178b1d1e 28765 * Returns a WOLFSSL_BIGNUM structure on success and NULL with failure.
wolfSSL 16:8e0d178b1d1e 28766 */
wolfSSL 16:8e0d178b1d1e 28767 WOLFSSL_BIGNUM* wolfSSL_DH_3072_prime(WOLFSSL_BIGNUM* bn)
wolfSSL 16:8e0d178b1d1e 28768 {
wolfSSL 16:8e0d178b1d1e 28769 const char prm[] = {
wolfSSL 16:8e0d178b1d1e 28770 "FFFFFFFFFFFFFFFFC90FDAA22168C234"
wolfSSL 16:8e0d178b1d1e 28771 "C4C6628B80DC1CD129024E088A67CC74"
wolfSSL 16:8e0d178b1d1e 28772 "020BBEA63B139B22514A08798E3404DD"
wolfSSL 16:8e0d178b1d1e 28773 "EF9519B3CD3A431B302B0A6DF25F1437"
wolfSSL 16:8e0d178b1d1e 28774 "4FE1356D6D51C245E485B576625E7EC6"
wolfSSL 16:8e0d178b1d1e 28775 "F44C42E9A637ED6B0BFF5CB6F406B7ED"
wolfSSL 16:8e0d178b1d1e 28776 "EE386BFB5A899FA5AE9F24117C4B1FE6"
wolfSSL 16:8e0d178b1d1e 28777 "49286651ECE45B3DC2007CB8A163BF05"
wolfSSL 16:8e0d178b1d1e 28778 "98DA48361C55D39A69163FA8FD24CF5F"
wolfSSL 16:8e0d178b1d1e 28779 "83655D23DCA3AD961C62F356208552BB"
wolfSSL 16:8e0d178b1d1e 28780 "9ED529077096966D670C354E4ABC9804"
wolfSSL 16:8e0d178b1d1e 28781 "F1746C08CA18217C32905E462E36CE3B"
wolfSSL 16:8e0d178b1d1e 28782 "E39E772C180E86039B2783A2EC07A28F"
wolfSSL 16:8e0d178b1d1e 28783 "B5C55DF06F4C52C9DE2BCBF695581718"
wolfSSL 16:8e0d178b1d1e 28784 "3995497CEA956AE515D2261898FA0510"
wolfSSL 16:8e0d178b1d1e 28785 "15728E5A8AAAC42DAD33170D04507A33"
wolfSSL 16:8e0d178b1d1e 28786 "A85521ABDF1CBA64ECFB850458DBEF0A"
wolfSSL 16:8e0d178b1d1e 28787 "8AEA71575D060C7DB3970F85A6E1E4C7"
wolfSSL 16:8e0d178b1d1e 28788 "ABF5AE8CDB0933D71E8C94E04A25619D"
wolfSSL 16:8e0d178b1d1e 28789 "CEE3D2261AD2EE6BF12FFA06D98A0864"
wolfSSL 16:8e0d178b1d1e 28790 "D87602733EC86A64521F2B18177B200C"
wolfSSL 16:8e0d178b1d1e 28791 "BBE117577A615D6C770988C0BAD946E2"
wolfSSL 16:8e0d178b1d1e 28792 "08E24FA074E5AB3143DB5BFCE0FD108E"
wolfSSL 16:8e0d178b1d1e 28793 "4B82D120A93AD2CAFFFFFFFFFFFFFFFF"
wolfSSL 16:8e0d178b1d1e 28794 };
wolfSSL 16:8e0d178b1d1e 28795
wolfSSL 16:8e0d178b1d1e 28796 WOLFSSL_ENTER("wolfSSL_DH_3072_prime");
wolfSSL 16:8e0d178b1d1e 28797
wolfSSL 16:8e0d178b1d1e 28798 if (wolfSSL_BN_hex2bn(&bn, prm) != SSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 28799 WOLFSSL_MSG("Error converting DH 3072 prime to big number");
wolfSSL 16:8e0d178b1d1e 28800 return NULL;
wolfSSL 16:8e0d178b1d1e 28801 }
wolfSSL 16:8e0d178b1d1e 28802
wolfSSL 16:8e0d178b1d1e 28803 return bn;
wolfSSL 16:8e0d178b1d1e 28804 }
wolfSSL 16:8e0d178b1d1e 28805
wolfSSL 16:8e0d178b1d1e 28806 /* This sets a big number with the 4096-bit prime from RFC 3526.
wolfSSL 16:8e0d178b1d1e 28807 *
wolfSSL 16:8e0d178b1d1e 28808 * bn if not NULL then the big number structure is used. If NULL then a new
wolfSSL 16:8e0d178b1d1e 28809 * big number structure is created.
wolfSSL 16:8e0d178b1d1e 28810 *
wolfSSL 16:8e0d178b1d1e 28811 * Returns a WOLFSSL_BIGNUM structure on success and NULL with failure.
wolfSSL 16:8e0d178b1d1e 28812 */
wolfSSL 16:8e0d178b1d1e 28813 WOLFSSL_BIGNUM* wolfSSL_DH_4096_prime(WOLFSSL_BIGNUM* bn)
wolfSSL 16:8e0d178b1d1e 28814 {
wolfSSL 16:8e0d178b1d1e 28815 const char prm[] = {
wolfSSL 16:8e0d178b1d1e 28816 "FFFFFFFFFFFFFFFFC90FDAA22168C234"
wolfSSL 16:8e0d178b1d1e 28817 "C4C6628B80DC1CD129024E088A67CC74"
wolfSSL 16:8e0d178b1d1e 28818 "020BBEA63B139B22514A08798E3404DD"
wolfSSL 16:8e0d178b1d1e 28819 "EF9519B3CD3A431B302B0A6DF25F1437"
wolfSSL 16:8e0d178b1d1e 28820 "4FE1356D6D51C245E485B576625E7EC6"
wolfSSL 16:8e0d178b1d1e 28821 "F44C42E9A637ED6B0BFF5CB6F406B7ED"
wolfSSL 16:8e0d178b1d1e 28822 "EE386BFB5A899FA5AE9F24117C4B1FE6"
wolfSSL 16:8e0d178b1d1e 28823 "49286651ECE45B3DC2007CB8A163BF05"
wolfSSL 16:8e0d178b1d1e 28824 "98DA48361C55D39A69163FA8FD24CF5F"
wolfSSL 16:8e0d178b1d1e 28825 "83655D23DCA3AD961C62F356208552BB"
wolfSSL 16:8e0d178b1d1e 28826 "9ED529077096966D670C354E4ABC9804"
wolfSSL 16:8e0d178b1d1e 28827 "F1746C08CA18217C32905E462E36CE3B"
wolfSSL 16:8e0d178b1d1e 28828 "E39E772C180E86039B2783A2EC07A28F"
wolfSSL 16:8e0d178b1d1e 28829 "B5C55DF06F4C52C9DE2BCBF695581718"
wolfSSL 16:8e0d178b1d1e 28830 "3995497CEA956AE515D2261898FA0510"
wolfSSL 16:8e0d178b1d1e 28831 "15728E5A8AAAC42DAD33170D04507A33"
wolfSSL 16:8e0d178b1d1e 28832 "A85521ABDF1CBA64ECFB850458DBEF0A"
wolfSSL 16:8e0d178b1d1e 28833 "8AEA71575D060C7DB3970F85A6E1E4C7"
wolfSSL 16:8e0d178b1d1e 28834 "ABF5AE8CDB0933D71E8C94E04A25619D"
wolfSSL 16:8e0d178b1d1e 28835 "CEE3D2261AD2EE6BF12FFA06D98A0864"
wolfSSL 16:8e0d178b1d1e 28836 "D87602733EC86A64521F2B18177B200C"
wolfSSL 16:8e0d178b1d1e 28837 "BBE117577A615D6C770988C0BAD946E2"
wolfSSL 16:8e0d178b1d1e 28838 "08E24FA074E5AB3143DB5BFCE0FD108E"
wolfSSL 16:8e0d178b1d1e 28839 "4B82D120A92108011A723C12A787E6D7"
wolfSSL 16:8e0d178b1d1e 28840 "88719A10BDBA5B2699C327186AF4E23C"
wolfSSL 16:8e0d178b1d1e 28841 "1A946834B6150BDA2583E9CA2AD44CE8"
wolfSSL 16:8e0d178b1d1e 28842 "DBBBC2DB04DE8EF92E8EFC141FBECAA6"
wolfSSL 16:8e0d178b1d1e 28843 "287C59474E6BC05D99B2964FA090C3A2"
wolfSSL 16:8e0d178b1d1e 28844 "233BA186515BE7ED1F612970CEE2D7AF"
wolfSSL 16:8e0d178b1d1e 28845 "B81BDD762170481CD0069127D5B05AA9"
wolfSSL 16:8e0d178b1d1e 28846 "93B4EA988D8FDDC186FFB7DC90A6C08F"
wolfSSL 16:8e0d178b1d1e 28847 "4DF435C934063199FFFFFFFFFFFFFFFF"
wolfSSL 16:8e0d178b1d1e 28848 };
wolfSSL 16:8e0d178b1d1e 28849
wolfSSL 16:8e0d178b1d1e 28850 WOLFSSL_ENTER("wolfSSL_DH_4096_prime");
wolfSSL 16:8e0d178b1d1e 28851
wolfSSL 16:8e0d178b1d1e 28852 if (wolfSSL_BN_hex2bn(&bn, prm) != SSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 28853 WOLFSSL_MSG("Error converting DH 4096 prime to big number");
wolfSSL 16:8e0d178b1d1e 28854 return NULL;
wolfSSL 16:8e0d178b1d1e 28855 }
wolfSSL 16:8e0d178b1d1e 28856
wolfSSL 16:8e0d178b1d1e 28857 return bn;
wolfSSL 16:8e0d178b1d1e 28858 }
wolfSSL 16:8e0d178b1d1e 28859
wolfSSL 16:8e0d178b1d1e 28860 /* This sets a big number with the 6144-bit prime from RFC 3526.
wolfSSL 16:8e0d178b1d1e 28861 *
wolfSSL 16:8e0d178b1d1e 28862 * bn if not NULL then the big number structure is used. If NULL then a new
wolfSSL 16:8e0d178b1d1e 28863 * big number structure is created.
wolfSSL 16:8e0d178b1d1e 28864 *
wolfSSL 16:8e0d178b1d1e 28865 * Returns a WOLFSSL_BIGNUM structure on success and NULL with failure.
wolfSSL 16:8e0d178b1d1e 28866 */
wolfSSL 16:8e0d178b1d1e 28867 WOLFSSL_BIGNUM* wolfSSL_DH_6144_prime(WOLFSSL_BIGNUM* bn)
wolfSSL 16:8e0d178b1d1e 28868 {
wolfSSL 16:8e0d178b1d1e 28869 const char prm[] = {
wolfSSL 16:8e0d178b1d1e 28870 "FFFFFFFFFFFFFFFFC90FDAA22168C234"
wolfSSL 16:8e0d178b1d1e 28871 "C4C6628B80DC1CD129024E088A67CC74"
wolfSSL 16:8e0d178b1d1e 28872 "020BBEA63B139B22514A08798E3404DD"
wolfSSL 16:8e0d178b1d1e 28873 "EF9519B3CD3A431B302B0A6DF25F1437"
wolfSSL 16:8e0d178b1d1e 28874 "4FE1356D6D51C245E485B576625E7EC6"
wolfSSL 16:8e0d178b1d1e 28875 "F44C42E9A637ED6B0BFF5CB6F406B7ED"
wolfSSL 16:8e0d178b1d1e 28876 "EE386BFB5A899FA5AE9F24117C4B1FE6"
wolfSSL 16:8e0d178b1d1e 28877 "49286651ECE45B3DC2007CB8A163BF05"
wolfSSL 16:8e0d178b1d1e 28878 "98DA48361C55D39A69163FA8FD24CF5F"
wolfSSL 16:8e0d178b1d1e 28879 "83655D23DCA3AD961C62F356208552BB"
wolfSSL 16:8e0d178b1d1e 28880 "9ED529077096966D670C354E4ABC9804"
wolfSSL 16:8e0d178b1d1e 28881 "F1746C08CA18217C32905E462E36CE3B"
wolfSSL 16:8e0d178b1d1e 28882 "E39E772C180E86039B2783A2EC07A28F"
wolfSSL 16:8e0d178b1d1e 28883 "B5C55DF06F4C52C9DE2BCBF695581718"
wolfSSL 16:8e0d178b1d1e 28884 "3995497CEA956AE515D2261898FA0510"
wolfSSL 16:8e0d178b1d1e 28885 "15728E5A8AAAC42DAD33170D04507A33"
wolfSSL 16:8e0d178b1d1e 28886 "A85521ABDF1CBA64ECFB850458DBEF0A"
wolfSSL 16:8e0d178b1d1e 28887 "8AEA71575D060C7DB3970F85A6E1E4C7"
wolfSSL 16:8e0d178b1d1e 28888 "ABF5AE8CDB0933D71E8C94E04A25619D"
wolfSSL 16:8e0d178b1d1e 28889 "CEE3D2261AD2EE6BF12FFA06D98A0864"
wolfSSL 16:8e0d178b1d1e 28890 "D87602733EC86A64521F2B18177B200C"
wolfSSL 16:8e0d178b1d1e 28891 "BBE117577A615D6C770988C0BAD946E2"
wolfSSL 16:8e0d178b1d1e 28892 "08E24FA074E5AB3143DB5BFCE0FD108E"
wolfSSL 16:8e0d178b1d1e 28893 "4B82D120A92108011A723C12A787E6D7"
wolfSSL 16:8e0d178b1d1e 28894 "88719A10BDBA5B2699C327186AF4E23C"
wolfSSL 16:8e0d178b1d1e 28895 "1A946834B6150BDA2583E9CA2AD44CE8"
wolfSSL 16:8e0d178b1d1e 28896 "DBBBC2DB04DE8EF92E8EFC141FBECAA6"
wolfSSL 16:8e0d178b1d1e 28897 "287C59474E6BC05D99B2964FA090C3A2"
wolfSSL 16:8e0d178b1d1e 28898 "233BA186515BE7ED1F612970CEE2D7AF"
wolfSSL 16:8e0d178b1d1e 28899 "B81BDD762170481CD0069127D5B05AA9"
wolfSSL 16:8e0d178b1d1e 28900 "93B4EA988D8FDDC186FFB7DC90A6C08F"
wolfSSL 16:8e0d178b1d1e 28901 "4DF435C93402849236C3FAB4D27C7026"
wolfSSL 16:8e0d178b1d1e 28902 "C1D4DCB2602646DEC9751E763DBA37BD"
wolfSSL 16:8e0d178b1d1e 28903 "F8FF9406AD9E530EE5DB382F413001AE"
wolfSSL 16:8e0d178b1d1e 28904 "B06A53ED9027D831179727B0865A8918"
wolfSSL 16:8e0d178b1d1e 28905 "DA3EDBEBCF9B14ED44CE6CBACED4BB1B"
wolfSSL 16:8e0d178b1d1e 28906 "DB7F1447E6CC254B332051512BD7AF42"
wolfSSL 16:8e0d178b1d1e 28907 "6FB8F401378CD2BF5983CA01C64B92EC"
wolfSSL 16:8e0d178b1d1e 28908 "F032EA15D1721D03F482D7CE6E74FEF6"
wolfSSL 16:8e0d178b1d1e 28909 "D55E702F46980C82B5A84031900B1C9E"
wolfSSL 16:8e0d178b1d1e 28910 "59E7C97FBEC7E8F323A97A7E36CC88BE"
wolfSSL 16:8e0d178b1d1e 28911 "0F1D45B7FF585AC54BD407B22B4154AA"
wolfSSL 16:8e0d178b1d1e 28912 "CC8F6D7EBF48E1D814CC5ED20F8037E0"
wolfSSL 16:8e0d178b1d1e 28913 "A79715EEF29BE32806A1D58BB7C5DA76"
wolfSSL 16:8e0d178b1d1e 28914 "F550AA3D8A1FBFF0EB19CCB1A313D55C"
wolfSSL 16:8e0d178b1d1e 28915 "DA56C9EC2EF29632387FE8D76E3C0468"
wolfSSL 16:8e0d178b1d1e 28916 "043E8F663F4860EE12BF2D5B0B7474D6"
wolfSSL 16:8e0d178b1d1e 28917 "E694F91E6DCC4024FFFFFFFFFFFFFFFF"
wolfSSL 16:8e0d178b1d1e 28918 };
wolfSSL 16:8e0d178b1d1e 28919
wolfSSL 16:8e0d178b1d1e 28920 WOLFSSL_ENTER("wolfSSL_DH_6144_prime");
wolfSSL 16:8e0d178b1d1e 28921
wolfSSL 16:8e0d178b1d1e 28922 if (wolfSSL_BN_hex2bn(&bn, prm) != SSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 28923 WOLFSSL_MSG("Error converting DH 6144 prime to big number");
wolfSSL 16:8e0d178b1d1e 28924 return NULL;
wolfSSL 16:8e0d178b1d1e 28925 }
wolfSSL 16:8e0d178b1d1e 28926
wolfSSL 16:8e0d178b1d1e 28927 return bn;
wolfSSL 16:8e0d178b1d1e 28928 }
wolfSSL 16:8e0d178b1d1e 28929
wolfSSL 16:8e0d178b1d1e 28930
wolfSSL 16:8e0d178b1d1e 28931 /* This sets a big number with the 8192-bit prime from RFC 3526.
wolfSSL 16:8e0d178b1d1e 28932 *
wolfSSL 16:8e0d178b1d1e 28933 * bn if not NULL then the big number structure is used. If NULL then a new
wolfSSL 16:8e0d178b1d1e 28934 * big number structure is created.
wolfSSL 16:8e0d178b1d1e 28935 *
wolfSSL 16:8e0d178b1d1e 28936 * Returns a WOLFSSL_BIGNUM structure on success and NULL with failure.
wolfSSL 16:8e0d178b1d1e 28937 */
wolfSSL 16:8e0d178b1d1e 28938 WOLFSSL_BIGNUM* wolfSSL_DH_8192_prime(WOLFSSL_BIGNUM* bn)
wolfSSL 16:8e0d178b1d1e 28939 {
wolfSSL 16:8e0d178b1d1e 28940 const char prm[] = {
wolfSSL 16:8e0d178b1d1e 28941 "FFFFFFFFFFFFFFFFC90FDAA22168C234"
wolfSSL 16:8e0d178b1d1e 28942 "C4C6628B80DC1CD129024E088A67CC74"
wolfSSL 16:8e0d178b1d1e 28943 "020BBEA63B139B22514A08798E3404DD"
wolfSSL 16:8e0d178b1d1e 28944 "EF9519B3CD3A431B302B0A6DF25F1437"
wolfSSL 16:8e0d178b1d1e 28945 "4FE1356D6D51C245E485B576625E7EC6"
wolfSSL 16:8e0d178b1d1e 28946 "F44C42E9A637ED6B0BFF5CB6F406B7ED"
wolfSSL 16:8e0d178b1d1e 28947 "EE386BFB5A899FA5AE9F24117C4B1FE6"
wolfSSL 16:8e0d178b1d1e 28948 "49286651ECE45B3DC2007CB8A163BF05"
wolfSSL 16:8e0d178b1d1e 28949 "98DA48361C55D39A69163FA8FD24CF5F"
wolfSSL 16:8e0d178b1d1e 28950 "83655D23DCA3AD961C62F356208552BB"
wolfSSL 16:8e0d178b1d1e 28951 "9ED529077096966D670C354E4ABC9804"
wolfSSL 16:8e0d178b1d1e 28952 "F1746C08CA18217C32905E462E36CE3B"
wolfSSL 16:8e0d178b1d1e 28953 "E39E772C180E86039B2783A2EC07A28F"
wolfSSL 16:8e0d178b1d1e 28954 "B5C55DF06F4C52C9DE2BCBF695581718"
wolfSSL 16:8e0d178b1d1e 28955 "3995497CEA956AE515D2261898FA0510"
wolfSSL 16:8e0d178b1d1e 28956 "15728E5A8AAAC42DAD33170D04507A33"
wolfSSL 16:8e0d178b1d1e 28957 "A85521ABDF1CBA64ECFB850458DBEF0A"
wolfSSL 16:8e0d178b1d1e 28958 "8AEA71575D060C7DB3970F85A6E1E4C7"
wolfSSL 16:8e0d178b1d1e 28959 "ABF5AE8CDB0933D71E8C94E04A25619D"
wolfSSL 16:8e0d178b1d1e 28960 "CEE3D2261AD2EE6BF12FFA06D98A0864"
wolfSSL 16:8e0d178b1d1e 28961 "D87602733EC86A64521F2B18177B200C"
wolfSSL 16:8e0d178b1d1e 28962 "BBE117577A615D6C770988C0BAD946E2"
wolfSSL 16:8e0d178b1d1e 28963 "08E24FA074E5AB3143DB5BFCE0FD108E"
wolfSSL 16:8e0d178b1d1e 28964 "4B82D120A92108011A723C12A787E6D7"
wolfSSL 16:8e0d178b1d1e 28965 "88719A10BDBA5B2699C327186AF4E23C"
wolfSSL 16:8e0d178b1d1e 28966 "1A946834B6150BDA2583E9CA2AD44CE8"
wolfSSL 16:8e0d178b1d1e 28967 "DBBBC2DB04DE8EF92E8EFC141FBECAA6"
wolfSSL 16:8e0d178b1d1e 28968 "287C59474E6BC05D99B2964FA090C3A2"
wolfSSL 16:8e0d178b1d1e 28969 "233BA186515BE7ED1F612970CEE2D7AF"
wolfSSL 16:8e0d178b1d1e 28970 "B81BDD762170481CD0069127D5B05AA9"
wolfSSL 16:8e0d178b1d1e 28971 "93B4EA988D8FDDC186FFB7DC90A6C08F"
wolfSSL 16:8e0d178b1d1e 28972 "4DF435C93402849236C3FAB4D27C7026"
wolfSSL 16:8e0d178b1d1e 28973 "C1D4DCB2602646DEC9751E763DBA37BD"
wolfSSL 16:8e0d178b1d1e 28974 "F8FF9406AD9E530EE5DB382F413001AE"
wolfSSL 16:8e0d178b1d1e 28975 "B06A53ED9027D831179727B0865A8918"
wolfSSL 16:8e0d178b1d1e 28976 "DA3EDBEBCF9B14ED44CE6CBACED4BB1B"
wolfSSL 16:8e0d178b1d1e 28977 "DB7F1447E6CC254B332051512BD7AF42"
wolfSSL 16:8e0d178b1d1e 28978 "6FB8F401378CD2BF5983CA01C64B92EC"
wolfSSL 16:8e0d178b1d1e 28979 "F032EA15D1721D03F482D7CE6E74FEF6"
wolfSSL 16:8e0d178b1d1e 28980 "D55E702F46980C82B5A84031900B1C9E"
wolfSSL 16:8e0d178b1d1e 28981 "59E7C97FBEC7E8F323A97A7E36CC88BE"
wolfSSL 16:8e0d178b1d1e 28982 "0F1D45B7FF585AC54BD407B22B4154AA"
wolfSSL 16:8e0d178b1d1e 28983 "CC8F6D7EBF48E1D814CC5ED20F8037E0"
wolfSSL 16:8e0d178b1d1e 28984 "A79715EEF29BE32806A1D58BB7C5DA76"
wolfSSL 16:8e0d178b1d1e 28985 "F550AA3D8A1FBFF0EB19CCB1A313D55C"
wolfSSL 16:8e0d178b1d1e 28986 "DA56C9EC2EF29632387FE8D76E3C0468"
wolfSSL 16:8e0d178b1d1e 28987 "043E8F663F4860EE12BF2D5B0B7474D6"
wolfSSL 16:8e0d178b1d1e 28988 "E694F91E6DBE115974A3926F12FEE5E4"
wolfSSL 16:8e0d178b1d1e 28989 "38777CB6A932DF8CD8BEC4D073B931BA"
wolfSSL 16:8e0d178b1d1e 28990 "3BC832B68D9DD300741FA7BF8AFC47ED"
wolfSSL 16:8e0d178b1d1e 28991 "2576F6936BA424663AAB639C5AE4F568"
wolfSSL 16:8e0d178b1d1e 28992 "3423B4742BF1C978238F16CBE39D652D"
wolfSSL 16:8e0d178b1d1e 28993 "E3FDB8BEFC848AD922222E04A4037C07"
wolfSSL 16:8e0d178b1d1e 28994 "13EB57A81A23F0C73473FC646CEA306B"
wolfSSL 16:8e0d178b1d1e 28995 "4BCBC8862F8385DDFA9D4B7FA2C087E8"
wolfSSL 16:8e0d178b1d1e 28996 "79683303ED5BDD3A062B3CF5B3A278A6"
wolfSSL 16:8e0d178b1d1e 28997 "6D2A13F83F44F82DDF310EE074AB6A36"
wolfSSL 16:8e0d178b1d1e 28998 "4597E899A0255DC164F31CC50846851D"
wolfSSL 16:8e0d178b1d1e 28999 "F9AB48195DED7EA1B1D510BD7EE74D73"
wolfSSL 16:8e0d178b1d1e 29000 "FAF36BC31ECFA268359046F4EB879F92"
wolfSSL 16:8e0d178b1d1e 29001 "4009438B481C6CD7889A002ED5EE382B"
wolfSSL 16:8e0d178b1d1e 29002 "C9190DA6FC026E479558E4475677E9AA"
wolfSSL 16:8e0d178b1d1e 29003 "9E3050E2765694DFC81F56E880B96E71"
wolfSSL 16:8e0d178b1d1e 29004 "60C980DD98EDD3DFFFFFFFFFFFFFFFFF"
wolfSSL 16:8e0d178b1d1e 29005 };
wolfSSL 16:8e0d178b1d1e 29006
wolfSSL 16:8e0d178b1d1e 29007 WOLFSSL_ENTER("wolfSSL_DH_8192_prime");
wolfSSL 16:8e0d178b1d1e 29008
wolfSSL 16:8e0d178b1d1e 29009 if (wolfSSL_BN_hex2bn(&bn, prm) != SSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 29010 WOLFSSL_MSG("Error converting DH 8192 prime to big number");
wolfSSL 16:8e0d178b1d1e 29011 return NULL;
wolfSSL 16:8e0d178b1d1e 29012 }
wolfSSL 16:8e0d178b1d1e 29013
wolfSSL 16:8e0d178b1d1e 29014 return bn;
wolfSSL 16:8e0d178b1d1e 29015 }
wolfSSL 15:117db924cf7c 29016
wolfSSL 15:117db924cf7c 29017 /* return code compliant with OpenSSL :
wolfSSL 15:117db924cf7c 29018 * 1 if success, 0 if error
wolfSSL 15:117db924cf7c 29019 */
wolfSSL 15:117db924cf7c 29020 int wolfSSL_DH_generate_key(WOLFSSL_DH* dh)
wolfSSL 15:117db924cf7c 29021 {
wolfSSL 15:117db924cf7c 29022 int ret = WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 29023 word32 pubSz = 0;
wolfSSL 16:8e0d178b1d1e 29024 word32 privSz = 0;
wolfSSL 15:117db924cf7c 29025 int initTmpRng = 0;
wolfSSL 15:117db924cf7c 29026 WC_RNG* rng = NULL;
wolfSSL 15:117db924cf7c 29027 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 16:8e0d178b1d1e 29028 WC_RNG* tmpRNG;
wolfSSL 16:8e0d178b1d1e 29029 #else
wolfSSL 16:8e0d178b1d1e 29030 WC_RNG tmpRNG[1];
wolfSSL 16:8e0d178b1d1e 29031 #endif
wolfSSL 15:117db924cf7c 29032 unsigned char* pub = NULL;
wolfSSL 15:117db924cf7c 29033 unsigned char* priv = NULL;
wolfSSL 15:117db924cf7c 29034
wolfSSL 15:117db924cf7c 29035 WOLFSSL_MSG("wolfSSL_DH_generate_key");
wolfSSL 15:117db924cf7c 29036
wolfSSL 15:117db924cf7c 29037 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 29038 tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG);
wolfSSL 16:8e0d178b1d1e 29039 if (tmpRNG == NULL) {
wolfSSL 15:117db924cf7c 29040 XFREE(tmpRNG, NULL, DYNAMIC_TYPE_RNG);
wolfSSL 15:117db924cf7c 29041 return ret;
wolfSSL 15:117db924cf7c 29042 }
wolfSSL 15:117db924cf7c 29043 #endif
wolfSSL 15:117db924cf7c 29044
wolfSSL 15:117db924cf7c 29045 if (dh == NULL || dh->p == NULL || dh->g == NULL)
wolfSSL 15:117db924cf7c 29046 WOLFSSL_MSG("Bad function arguments");
wolfSSL 15:117db924cf7c 29047 else if (dh->inSet == 0 && SetDhInternal(dh) != WOLFSSL_SUCCESS)
wolfSSL 15:117db924cf7c 29048 WOLFSSL_MSG("Bad DH set internal");
wolfSSL 15:117db924cf7c 29049 else if (wc_InitRng(tmpRNG) == 0) {
wolfSSL 15:117db924cf7c 29050 rng = tmpRNG;
wolfSSL 15:117db924cf7c 29051 initTmpRng = 1;
wolfSSL 15:117db924cf7c 29052 }
wolfSSL 15:117db924cf7c 29053 else {
wolfSSL 15:117db924cf7c 29054 WOLFSSL_MSG("Bad RNG Init, trying global");
wolfSSL 15:117db924cf7c 29055 if (initGlobalRNG == 0)
wolfSSL 15:117db924cf7c 29056 WOLFSSL_MSG("Global RNG no Init");
wolfSSL 15:117db924cf7c 29057 else
wolfSSL 15:117db924cf7c 29058 rng = &globalRNG;
wolfSSL 15:117db924cf7c 29059 }
wolfSSL 15:117db924cf7c 29060
wolfSSL 15:117db924cf7c 29061 if (rng) {
wolfSSL 16:8e0d178b1d1e 29062 pubSz = wolfSSL_BN_num_bytes(dh->p);
wolfSSL 16:8e0d178b1d1e 29063 if (dh->length) {
wolfSSL 16:8e0d178b1d1e 29064 privSz = dh->length/8; /* to bytes */
wolfSSL 16:8e0d178b1d1e 29065 } else {
wolfSSL 16:8e0d178b1d1e 29066 privSz = pubSz;
wolfSSL 16:8e0d178b1d1e 29067 }
wolfSSL 16:8e0d178b1d1e 29068 pub = (unsigned char*)XMALLOC(pubSz, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 16:8e0d178b1d1e 29069 priv = (unsigned char*)XMALLOC(privSz, NULL, DYNAMIC_TYPE_PRIVATE_KEY);
wolfSSL 16:8e0d178b1d1e 29070 if (pub == NULL || priv == NULL) {
wolfSSL 16:8e0d178b1d1e 29071 WOLFSSL_MSG("Unable to malloc memory");
wolfSSL 16:8e0d178b1d1e 29072 }
wolfSSL 16:8e0d178b1d1e 29073 else if (wc_DhGenerateKeyPair((DhKey*)dh->internal, rng, priv, &privSz,
wolfSSL 15:117db924cf7c 29074 pub, &pubSz) < 0)
wolfSSL 15:117db924cf7c 29075 WOLFSSL_MSG("Bad wc_DhGenerateKeyPair");
wolfSSL 16:8e0d178b1d1e 29076 else {
wolfSSL 15:117db924cf7c 29077 if (dh->pub_key)
wolfSSL 15:117db924cf7c 29078 wolfSSL_BN_free(dh->pub_key);
wolfSSL 15:117db924cf7c 29079
wolfSSL 15:117db924cf7c 29080 dh->pub_key = wolfSSL_BN_new();
wolfSSL 15:117db924cf7c 29081 if (dh->pub_key == NULL) {
wolfSSL 15:117db924cf7c 29082 WOLFSSL_MSG("Bad DH new pub");
wolfSSL 15:117db924cf7c 29083 }
wolfSSL 15:117db924cf7c 29084 if (dh->priv_key)
wolfSSL 15:117db924cf7c 29085 wolfSSL_BN_free(dh->priv_key);
wolfSSL 15:117db924cf7c 29086
wolfSSL 15:117db924cf7c 29087 dh->priv_key = wolfSSL_BN_new();
wolfSSL 15:117db924cf7c 29088
wolfSSL 15:117db924cf7c 29089 if (dh->priv_key == NULL) {
wolfSSL 15:117db924cf7c 29090 WOLFSSL_MSG("Bad DH new priv");
wolfSSL 15:117db924cf7c 29091 }
wolfSSL 15:117db924cf7c 29092
wolfSSL 15:117db924cf7c 29093 if (dh->pub_key && dh->priv_key) {
wolfSSL 15:117db924cf7c 29094 if (wolfSSL_BN_bin2bn(pub, pubSz, dh->pub_key) == NULL)
wolfSSL 15:117db924cf7c 29095 WOLFSSL_MSG("Bad DH bn2bin error pub");
wolfSSL 15:117db924cf7c 29096 else if (wolfSSL_BN_bin2bn(priv, privSz, dh->priv_key) == NULL)
wolfSSL 15:117db924cf7c 29097 WOLFSSL_MSG("Bad DH bn2bin error priv");
wolfSSL 15:117db924cf7c 29098 else
wolfSSL 15:117db924cf7c 29099 ret = WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 29100 }
wolfSSL 15:117db924cf7c 29101 }
wolfSSL 15:117db924cf7c 29102 }
wolfSSL 15:117db924cf7c 29103
wolfSSL 15:117db924cf7c 29104 if (initTmpRng)
wolfSSL 15:117db924cf7c 29105 wc_FreeRng(tmpRNG);
wolfSSL 15:117db924cf7c 29106
wolfSSL 15:117db924cf7c 29107 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 29108 XFREE(tmpRNG, NULL, DYNAMIC_TYPE_RNG);
wolfSSL 16:8e0d178b1d1e 29109 #endif
wolfSSL 15:117db924cf7c 29110 XFREE(pub, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 15:117db924cf7c 29111 XFREE(priv, NULL, DYNAMIC_TYPE_PRIVATE_KEY);
wolfSSL 15:117db924cf7c 29112
wolfSSL 15:117db924cf7c 29113 return ret;
wolfSSL 15:117db924cf7c 29114 }
wolfSSL 15:117db924cf7c 29115
wolfSSL 15:117db924cf7c 29116
wolfSSL 15:117db924cf7c 29117 /* return code compliant with OpenSSL :
wolfSSL 15:117db924cf7c 29118 * size of shared secret if success, -1 if error
wolfSSL 15:117db924cf7c 29119 */
wolfSSL 15:117db924cf7c 29120 int wolfSSL_DH_compute_key(unsigned char* key, WOLFSSL_BIGNUM* otherPub,
wolfSSL 15:117db924cf7c 29121 WOLFSSL_DH* dh)
wolfSSL 15:117db924cf7c 29122 {
wolfSSL 15:117db924cf7c 29123 int ret = WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 29124 word32 keySz = 0;
wolfSSL 16:8e0d178b1d1e 29125 int pubSz = 1024;
wolfSSL 16:8e0d178b1d1e 29126 int privSz = 1024;
wolfSSL 16:8e0d178b1d1e 29127 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 16:8e0d178b1d1e 29128 unsigned char* pub;
wolfSSL 15:117db924cf7c 29129 unsigned char* priv = NULL;
wolfSSL 15:117db924cf7c 29130 #else
wolfSSL 15:117db924cf7c 29131 unsigned char pub [1024];
wolfSSL 15:117db924cf7c 29132 unsigned char priv[1024];
wolfSSL 15:117db924cf7c 29133 #endif
wolfSSL 15:117db924cf7c 29134
wolfSSL 15:117db924cf7c 29135 WOLFSSL_MSG("wolfSSL_DH_compute_key");
wolfSSL 15:117db924cf7c 29136
wolfSSL 15:117db924cf7c 29137 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 29138 pub = (unsigned char*)XMALLOC(pubSz, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 15:117db924cf7c 29139 if (pub == NULL)
wolfSSL 15:117db924cf7c 29140 return ret;
wolfSSL 15:117db924cf7c 29141
wolfSSL 15:117db924cf7c 29142 priv = (unsigned char*)XMALLOC(privSz, NULL, DYNAMIC_TYPE_PRIVATE_KEY);
wolfSSL 15:117db924cf7c 29143 if (priv == NULL) {
wolfSSL 15:117db924cf7c 29144 XFREE(pub, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 15:117db924cf7c 29145 return ret;
wolfSSL 15:117db924cf7c 29146 }
wolfSSL 15:117db924cf7c 29147 #endif
wolfSSL 15:117db924cf7c 29148
wolfSSL 15:117db924cf7c 29149 if (dh == NULL || dh->priv_key == NULL || otherPub == NULL)
wolfSSL 15:117db924cf7c 29150 WOLFSSL_MSG("Bad function arguments");
wolfSSL 15:117db924cf7c 29151 else if ((keySz = (word32)DH_size(dh)) == 0)
wolfSSL 15:117db924cf7c 29152 WOLFSSL_MSG("Bad DH_size");
wolfSSL 15:117db924cf7c 29153 else if (wolfSSL_BN_bn2bin(dh->priv_key, NULL) > (int)privSz)
wolfSSL 15:117db924cf7c 29154 WOLFSSL_MSG("Bad priv internal size");
wolfSSL 15:117db924cf7c 29155 else if (wolfSSL_BN_bn2bin(otherPub, NULL) > (int)pubSz)
wolfSSL 15:117db924cf7c 29156 WOLFSSL_MSG("Bad otherPub size");
wolfSSL 15:117db924cf7c 29157 else {
wolfSSL 15:117db924cf7c 29158 privSz = wolfSSL_BN_bn2bin(dh->priv_key, priv);
wolfSSL 15:117db924cf7c 29159 pubSz = wolfSSL_BN_bn2bin(otherPub, pub);
wolfSSL 15:117db924cf7c 29160 if (dh->inSet == 0 && SetDhInternal(dh) != SSL_SUCCESS){
wolfSSL 15:117db924cf7c 29161 WOLFSSL_MSG("Bad DH set internal");
wolfSSL 15:117db924cf7c 29162 }
wolfSSL 15:117db924cf7c 29163 if (privSz <= 0 || pubSz <= 0)
wolfSSL 15:117db924cf7c 29164 WOLFSSL_MSG("Bad BN2bin set");
wolfSSL 15:117db924cf7c 29165 else if (wc_DhAgree((DhKey*)dh->internal, key, &keySz,
wolfSSL 15:117db924cf7c 29166 priv, privSz, pub, pubSz) < 0)
wolfSSL 15:117db924cf7c 29167 WOLFSSL_MSG("wc_DhAgree failed");
wolfSSL 15:117db924cf7c 29168 else
wolfSSL 15:117db924cf7c 29169 ret = (int)keySz;
wolfSSL 15:117db924cf7c 29170 }
wolfSSL 15:117db924cf7c 29171
wolfSSL 15:117db924cf7c 29172 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 29173 XFREE(pub, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 15:117db924cf7c 29174 XFREE(priv, NULL, DYNAMIC_TYPE_PRIVATE_KEY);
wolfSSL 15:117db924cf7c 29175 #endif
wolfSSL 15:117db924cf7c 29176
wolfSSL 15:117db924cf7c 29177 return ret;
wolfSSL 15:117db924cf7c 29178 }
wolfSSL 16:8e0d178b1d1e 29179
wolfSSL 16:8e0d178b1d1e 29180
wolfSSL 16:8e0d178b1d1e 29181 #if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L
wolfSSL 16:8e0d178b1d1e 29182 /* ownership of p,q,and g get taken over by "dh" on success and should be free'd
wolfSSL 16:8e0d178b1d1e 29183 * with a call to wolfSSL_DH_free -- not individually.
wolfSSL 16:8e0d178b1d1e 29184 *
wolfSSL 16:8e0d178b1d1e 29185 * returns WOLFSSL_SUCCESS on success
wolfSSL 16:8e0d178b1d1e 29186 */
wolfSSL 16:8e0d178b1d1e 29187 int wolfSSL_DH_set0_pqg(WOLFSSL_DH *dh, WOLFSSL_BIGNUM *p,
wolfSSL 16:8e0d178b1d1e 29188 WOLFSSL_BIGNUM *q, WOLFSSL_BIGNUM *g)
wolfSSL 16:8e0d178b1d1e 29189 {
wolfSSL 16:8e0d178b1d1e 29190 int ret;
wolfSSL 16:8e0d178b1d1e 29191 WOLFSSL_ENTER("wolfSSL_DH_set0_pqg");
wolfSSL 16:8e0d178b1d1e 29192
wolfSSL 16:8e0d178b1d1e 29193 /* q can be NULL */
wolfSSL 16:8e0d178b1d1e 29194 if (dh == NULL || p == NULL || g == NULL) {
wolfSSL 16:8e0d178b1d1e 29195 WOLFSSL_MSG("Bad function arguments");
wolfSSL 16:8e0d178b1d1e 29196 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 29197 }
wolfSSL 16:8e0d178b1d1e 29198
wolfSSL 16:8e0d178b1d1e 29199 /* free existing internal DH structure and recreate with new p / g */
wolfSSL 16:8e0d178b1d1e 29200 if (dh->inSet) {
wolfSSL 16:8e0d178b1d1e 29201 ret = wc_FreeDhKey((DhKey*)dh->internal);
wolfSSL 16:8e0d178b1d1e 29202 if (ret != 0) {
wolfSSL 16:8e0d178b1d1e 29203 WOLFSSL_MSG("Unable to free internal DH key");
wolfSSL 16:8e0d178b1d1e 29204 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 29205 }
wolfSSL 16:8e0d178b1d1e 29206 }
wolfSSL 16:8e0d178b1d1e 29207
wolfSSL 16:8e0d178b1d1e 29208 wolfSSL_BN_free(dh->p);
wolfSSL 16:8e0d178b1d1e 29209 wolfSSL_BN_free(dh->q);
wolfSSL 16:8e0d178b1d1e 29210 wolfSSL_BN_free(dh->g);
wolfSSL 16:8e0d178b1d1e 29211 wolfSSL_BN_free(dh->pub_key);
wolfSSL 16:8e0d178b1d1e 29212 wolfSSL_BN_free(dh->priv_key);
wolfSSL 16:8e0d178b1d1e 29213
wolfSSL 16:8e0d178b1d1e 29214 dh->p = p;
wolfSSL 16:8e0d178b1d1e 29215 dh->q = q;
wolfSSL 16:8e0d178b1d1e 29216 dh->g = g;
wolfSSL 16:8e0d178b1d1e 29217
wolfSSL 16:8e0d178b1d1e 29218 ret = SetDhInternal(dh);
wolfSSL 16:8e0d178b1d1e 29219 if (ret != WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 29220 WOLFSSL_MSG("Unable to set internal DH key");
wolfSSL 16:8e0d178b1d1e 29221 dh->p = NULL;
wolfSSL 16:8e0d178b1d1e 29222 dh->q = NULL;
wolfSSL 16:8e0d178b1d1e 29223 dh->g = NULL;
wolfSSL 16:8e0d178b1d1e 29224 dh->inSet = 0;
wolfSSL 16:8e0d178b1d1e 29225 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 29226 }
wolfSSL 16:8e0d178b1d1e 29227
wolfSSL 16:8e0d178b1d1e 29228 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 29229 }
wolfSSL 16:8e0d178b1d1e 29230 #endif /* v1.1.0 or later */
wolfSSL 16:8e0d178b1d1e 29231
wolfSSL 15:117db924cf7c 29232 #endif /* NO_DH */
wolfSSL 15:117db924cf7c 29233
wolfSSL 15:117db924cf7c 29234
wolfSSL 15:117db924cf7c 29235 #ifndef NO_DSA
wolfSSL 15:117db924cf7c 29236 static void InitwolfSSL_DSA(WOLFSSL_DSA* dsa)
wolfSSL 15:117db924cf7c 29237 {
wolfSSL 15:117db924cf7c 29238 if (dsa) {
wolfSSL 15:117db924cf7c 29239 dsa->p = NULL;
wolfSSL 15:117db924cf7c 29240 dsa->q = NULL;
wolfSSL 15:117db924cf7c 29241 dsa->g = NULL;
wolfSSL 15:117db924cf7c 29242 dsa->pub_key = NULL;
wolfSSL 15:117db924cf7c 29243 dsa->priv_key = NULL;
wolfSSL 15:117db924cf7c 29244 dsa->internal = NULL;
wolfSSL 15:117db924cf7c 29245 dsa->inSet = 0;
wolfSSL 15:117db924cf7c 29246 dsa->exSet = 0;
wolfSSL 15:117db924cf7c 29247 }
wolfSSL 15:117db924cf7c 29248 }
wolfSSL 15:117db924cf7c 29249
wolfSSL 15:117db924cf7c 29250
wolfSSL 15:117db924cf7c 29251 WOLFSSL_DSA* wolfSSL_DSA_new(void)
wolfSSL 15:117db924cf7c 29252 {
wolfSSL 15:117db924cf7c 29253 WOLFSSL_DSA* external;
wolfSSL 15:117db924cf7c 29254 DsaKey* key;
wolfSSL 15:117db924cf7c 29255
wolfSSL 15:117db924cf7c 29256 WOLFSSL_MSG("wolfSSL_DSA_new");
wolfSSL 15:117db924cf7c 29257
wolfSSL 15:117db924cf7c 29258 key = (DsaKey*) XMALLOC(sizeof(DsaKey), NULL, DYNAMIC_TYPE_DSA);
wolfSSL 15:117db924cf7c 29259 if (key == NULL) {
wolfSSL 15:117db924cf7c 29260 WOLFSSL_MSG("wolfSSL_DSA_new malloc DsaKey failure");
wolfSSL 15:117db924cf7c 29261 return NULL;
wolfSSL 15:117db924cf7c 29262 }
wolfSSL 15:117db924cf7c 29263
wolfSSL 15:117db924cf7c 29264 external = (WOLFSSL_DSA*) XMALLOC(sizeof(WOLFSSL_DSA), NULL,
wolfSSL 15:117db924cf7c 29265 DYNAMIC_TYPE_DSA);
wolfSSL 15:117db924cf7c 29266 if (external == NULL) {
wolfSSL 15:117db924cf7c 29267 WOLFSSL_MSG("wolfSSL_DSA_new malloc WOLFSSL_DSA failure");
wolfSSL 15:117db924cf7c 29268 XFREE(key, NULL, DYNAMIC_TYPE_DSA);
wolfSSL 15:117db924cf7c 29269 return NULL;
wolfSSL 15:117db924cf7c 29270 }
wolfSSL 15:117db924cf7c 29271
wolfSSL 15:117db924cf7c 29272 InitwolfSSL_DSA(external);
wolfSSL 15:117db924cf7c 29273 if (wc_InitDsaKey(key) != 0) {
wolfSSL 15:117db924cf7c 29274 WOLFSSL_MSG("wolfSSL_DSA_new InitDsaKey failure");
wolfSSL 15:117db924cf7c 29275 XFREE(key, NULL, DYNAMIC_TYPE_DSA);
wolfSSL 15:117db924cf7c 29276 wolfSSL_DSA_free(external);
wolfSSL 15:117db924cf7c 29277 return NULL;
wolfSSL 15:117db924cf7c 29278 }
wolfSSL 15:117db924cf7c 29279 external->internal = key;
wolfSSL 15:117db924cf7c 29280
wolfSSL 15:117db924cf7c 29281 return external;
wolfSSL 15:117db924cf7c 29282 }
wolfSSL 15:117db924cf7c 29283
wolfSSL 15:117db924cf7c 29284
wolfSSL 15:117db924cf7c 29285 void wolfSSL_DSA_free(WOLFSSL_DSA* dsa)
wolfSSL 15:117db924cf7c 29286 {
wolfSSL 15:117db924cf7c 29287 WOLFSSL_MSG("wolfSSL_DSA_free");
wolfSSL 15:117db924cf7c 29288
wolfSSL 15:117db924cf7c 29289 if (dsa) {
wolfSSL 15:117db924cf7c 29290 if (dsa->internal) {
wolfSSL 15:117db924cf7c 29291 FreeDsaKey((DsaKey*)dsa->internal);
wolfSSL 15:117db924cf7c 29292 XFREE(dsa->internal, NULL, DYNAMIC_TYPE_DSA);
wolfSSL 15:117db924cf7c 29293 dsa->internal = NULL;
wolfSSL 15:117db924cf7c 29294 }
wolfSSL 15:117db924cf7c 29295 wolfSSL_BN_free(dsa->priv_key);
wolfSSL 15:117db924cf7c 29296 wolfSSL_BN_free(dsa->pub_key);
wolfSSL 15:117db924cf7c 29297 wolfSSL_BN_free(dsa->g);
wolfSSL 15:117db924cf7c 29298 wolfSSL_BN_free(dsa->q);
wolfSSL 15:117db924cf7c 29299 wolfSSL_BN_free(dsa->p);
wolfSSL 15:117db924cf7c 29300 InitwolfSSL_DSA(dsa); /* set back to NULLs for safety */
wolfSSL 15:117db924cf7c 29301
wolfSSL 15:117db924cf7c 29302 XFREE(dsa, NULL, DYNAMIC_TYPE_DSA);
wolfSSL 16:8e0d178b1d1e 29303
wolfSSL 16:8e0d178b1d1e 29304 /* dsa = NULL, don't try to access or double free it */
wolfSSL 15:117db924cf7c 29305 }
wolfSSL 15:117db924cf7c 29306 }
wolfSSL 15:117db924cf7c 29307
wolfSSL 15:117db924cf7c 29308 #endif /* NO_DSA */
wolfSSL 15:117db924cf7c 29309 #endif /* OPENSSL_EXTRA */
wolfSSL 15:117db924cf7c 29310
wolfSSL 15:117db924cf7c 29311 #ifdef OPENSSL_EXTRA
wolfSSL 15:117db924cf7c 29312
wolfSSL 15:117db924cf7c 29313 #ifndef NO_DSA
wolfSSL 15:117db924cf7c 29314 /* wolfSSL -> OpenSSL */
wolfSSL 16:8e0d178b1d1e 29315 int SetDsaExternal(WOLFSSL_DSA* dsa)
wolfSSL 15:117db924cf7c 29316 {
wolfSSL 15:117db924cf7c 29317 DsaKey* key;
wolfSSL 15:117db924cf7c 29318 WOLFSSL_MSG("Entering SetDsaExternal");
wolfSSL 15:117db924cf7c 29319
wolfSSL 15:117db924cf7c 29320 if (dsa == NULL || dsa->internal == NULL) {
wolfSSL 15:117db924cf7c 29321 WOLFSSL_MSG("dsa key NULL error");
wolfSSL 15:117db924cf7c 29322 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 29323 }
wolfSSL 15:117db924cf7c 29324
wolfSSL 15:117db924cf7c 29325 key = (DsaKey*)dsa->internal;
wolfSSL 15:117db924cf7c 29326
wolfSSL 15:117db924cf7c 29327 if (SetIndividualExternal(&dsa->p, &key->p) != WOLFSSL_SUCCESS) {
wolfSSL 15:117db924cf7c 29328 WOLFSSL_MSG("dsa p key error");
wolfSSL 15:117db924cf7c 29329 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 29330 }
wolfSSL 15:117db924cf7c 29331
wolfSSL 15:117db924cf7c 29332 if (SetIndividualExternal(&dsa->q, &key->q) != WOLFSSL_SUCCESS) {
wolfSSL 15:117db924cf7c 29333 WOLFSSL_MSG("dsa q key error");
wolfSSL 15:117db924cf7c 29334 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 29335 }
wolfSSL 15:117db924cf7c 29336
wolfSSL 15:117db924cf7c 29337 if (SetIndividualExternal(&dsa->g, &key->g) != WOLFSSL_SUCCESS) {
wolfSSL 15:117db924cf7c 29338 WOLFSSL_MSG("dsa g key error");
wolfSSL 15:117db924cf7c 29339 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 29340 }
wolfSSL 15:117db924cf7c 29341
wolfSSL 15:117db924cf7c 29342 if (SetIndividualExternal(&dsa->pub_key, &key->y) != WOLFSSL_SUCCESS) {
wolfSSL 15:117db924cf7c 29343 WOLFSSL_MSG("dsa y key error");
wolfSSL 15:117db924cf7c 29344 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 29345 }
wolfSSL 15:117db924cf7c 29346
wolfSSL 15:117db924cf7c 29347 if (SetIndividualExternal(&dsa->priv_key, &key->x) != WOLFSSL_SUCCESS) {
wolfSSL 15:117db924cf7c 29348 WOLFSSL_MSG("dsa x key error");
wolfSSL 15:117db924cf7c 29349 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 29350 }
wolfSSL 15:117db924cf7c 29351
wolfSSL 15:117db924cf7c 29352 dsa->exSet = 1;
wolfSSL 15:117db924cf7c 29353
wolfSSL 15:117db924cf7c 29354 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 29355 }
wolfSSL 15:117db924cf7c 29356
wolfSSL 15:117db924cf7c 29357 /* Openssl -> WolfSSL */
wolfSSL 16:8e0d178b1d1e 29358 int SetDsaInternal(WOLFSSL_DSA* dsa)
wolfSSL 15:117db924cf7c 29359 {
wolfSSL 15:117db924cf7c 29360 DsaKey* key;
wolfSSL 15:117db924cf7c 29361 WOLFSSL_MSG("Entering SetDsaInternal");
wolfSSL 15:117db924cf7c 29362
wolfSSL 15:117db924cf7c 29363 if (dsa == NULL || dsa->internal == NULL) {
wolfSSL 15:117db924cf7c 29364 WOLFSSL_MSG("dsa key NULL error");
wolfSSL 15:117db924cf7c 29365 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 29366 }
wolfSSL 15:117db924cf7c 29367
wolfSSL 15:117db924cf7c 29368 key = (DsaKey*)dsa->internal;
wolfSSL 15:117db924cf7c 29369
wolfSSL 15:117db924cf7c 29370 if (dsa->p != NULL &&
wolfSSL 15:117db924cf7c 29371 SetIndividualInternal(dsa->p, &key->p) != WOLFSSL_SUCCESS) {
wolfSSL 15:117db924cf7c 29372 WOLFSSL_MSG("rsa p key error");
wolfSSL 15:117db924cf7c 29373 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 29374 }
wolfSSL 15:117db924cf7c 29375
wolfSSL 15:117db924cf7c 29376 if (dsa->q != NULL &&
wolfSSL 15:117db924cf7c 29377 SetIndividualInternal(dsa->q, &key->q) != WOLFSSL_SUCCESS) {
wolfSSL 15:117db924cf7c 29378 WOLFSSL_MSG("rsa q key error");
wolfSSL 15:117db924cf7c 29379 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 29380 }
wolfSSL 15:117db924cf7c 29381
wolfSSL 15:117db924cf7c 29382 if (dsa->g != NULL &&
wolfSSL 15:117db924cf7c 29383 SetIndividualInternal(dsa->g, &key->g) != WOLFSSL_SUCCESS) {
wolfSSL 15:117db924cf7c 29384 WOLFSSL_MSG("rsa g key error");
wolfSSL 15:117db924cf7c 29385 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 29386 }
wolfSSL 15:117db924cf7c 29387
wolfSSL 15:117db924cf7c 29388 if (dsa->pub_key != NULL) {
wolfSSL 15:117db924cf7c 29389 if (SetIndividualInternal(dsa->pub_key, &key->y) != WOLFSSL_SUCCESS) {
wolfSSL 15:117db924cf7c 29390 WOLFSSL_MSG("rsa pub_key error");
wolfSSL 15:117db924cf7c 29391 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 29392 }
wolfSSL 15:117db924cf7c 29393
wolfSSL 15:117db924cf7c 29394 /* public key */
wolfSSL 15:117db924cf7c 29395 key->type = DSA_PUBLIC;
wolfSSL 15:117db924cf7c 29396 }
wolfSSL 15:117db924cf7c 29397
wolfSSL 15:117db924cf7c 29398 if (dsa->priv_key != NULL) {
wolfSSL 15:117db924cf7c 29399 if (SetIndividualInternal(dsa->priv_key, &key->x) != WOLFSSL_SUCCESS) {
wolfSSL 15:117db924cf7c 29400 WOLFSSL_MSG("rsa priv_key error");
wolfSSL 15:117db924cf7c 29401 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 29402 }
wolfSSL 15:117db924cf7c 29403
wolfSSL 15:117db924cf7c 29404 /* private key */
wolfSSL 15:117db924cf7c 29405 key->type = DSA_PRIVATE;
wolfSSL 15:117db924cf7c 29406 }
wolfSSL 15:117db924cf7c 29407
wolfSSL 15:117db924cf7c 29408 dsa->inSet = 1;
wolfSSL 15:117db924cf7c 29409
wolfSSL 15:117db924cf7c 29410 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 29411 }
wolfSSL 15:117db924cf7c 29412 #endif /* NO_DSA */
wolfSSL 15:117db924cf7c 29413 #endif /* OPENSSL_EXTRA */
wolfSSL 15:117db924cf7c 29414
wolfSSL 15:117db924cf7c 29415
wolfSSL 15:117db924cf7c 29416 #ifdef OPENSSL_EXTRA
wolfSSL 15:117db924cf7c 29417 #if !defined(NO_RSA)
wolfSSL 15:117db924cf7c 29418 /* Generates a RSA key of length len
wolfSSL 15:117db924cf7c 29419 *
wolfSSL 15:117db924cf7c 29420 * len length of RSA key i.e. 2048
wolfSSL 15:117db924cf7c 29421 * e e to use when generating RSA key
wolfSSL 15:117db924cf7c 29422 * f callback function for generation details
wolfSSL 15:117db924cf7c 29423 * data user callback argument
wolfSSL 15:117db924cf7c 29424 *
wolfSSL 15:117db924cf7c 29425 * Note: Because of wc_MakeRsaKey an RSA key size generated can be slightly
wolfSSL 15:117db924cf7c 29426 * rounded down. For example generating a key of size 2999 with e =
wolfSSL 15:117db924cf7c 29427 * 65537 will make a key of size 374 instead of 375.
wolfSSL 15:117db924cf7c 29428 * Returns a new RSA key on success and NULL on failure
wolfSSL 15:117db924cf7c 29429 */
wolfSSL 15:117db924cf7c 29430 WOLFSSL_RSA* wolfSSL_RSA_generate_key(int len, unsigned long e,
wolfSSL 15:117db924cf7c 29431 void(*f)(int, int, void*), void* data)
wolfSSL 15:117db924cf7c 29432 {
wolfSSL 15:117db924cf7c 29433 WOLFSSL_RSA* rsa = NULL;
wolfSSL 15:117db924cf7c 29434 WOLFSSL_BIGNUM* bn = NULL;
wolfSSL 15:117db924cf7c 29435
wolfSSL 15:117db924cf7c 29436 WOLFSSL_ENTER("wolfSSL_RSA_generate_key");
wolfSSL 15:117db924cf7c 29437
wolfSSL 15:117db924cf7c 29438 (void)f;
wolfSSL 15:117db924cf7c 29439 (void)data;
wolfSSL 15:117db924cf7c 29440
wolfSSL 15:117db924cf7c 29441 if (len < 0) {
wolfSSL 15:117db924cf7c 29442 WOLFSSL_MSG("Bad argument: length was less than 0");
wolfSSL 15:117db924cf7c 29443 return NULL;
wolfSSL 15:117db924cf7c 29444 }
wolfSSL 15:117db924cf7c 29445
wolfSSL 15:117db924cf7c 29446 bn = wolfSSL_BN_new();
wolfSSL 15:117db924cf7c 29447 if (bn == NULL) {
wolfSSL 15:117db924cf7c 29448 WOLFSSL_MSG("Error creating big number");
wolfSSL 15:117db924cf7c 29449 return NULL;
wolfSSL 15:117db924cf7c 29450 }
wolfSSL 15:117db924cf7c 29451
wolfSSL 15:117db924cf7c 29452 if (wolfSSL_BN_set_word(bn, (WOLFSSL_BN_ULONG)e) != SSL_SUCCESS) {
wolfSSL 15:117db924cf7c 29453 WOLFSSL_MSG("Error using e value");
wolfSSL 15:117db924cf7c 29454 wolfSSL_BN_free(bn);
wolfSSL 15:117db924cf7c 29455 return NULL;
wolfSSL 15:117db924cf7c 29456 }
wolfSSL 15:117db924cf7c 29457
wolfSSL 15:117db924cf7c 29458 rsa = wolfSSL_RSA_new();
wolfSSL 15:117db924cf7c 29459 if (rsa == NULL) {
wolfSSL 15:117db924cf7c 29460 WOLFSSL_MSG("memory error");
wolfSSL 15:117db924cf7c 29461 }
wolfSSL 15:117db924cf7c 29462 else {
wolfSSL 15:117db924cf7c 29463 if (wolfSSL_RSA_generate_key_ex(rsa, len, bn, NULL) != SSL_SUCCESS){
wolfSSL 15:117db924cf7c 29464 wolfSSL_RSA_free(rsa);
wolfSSL 15:117db924cf7c 29465 rsa = NULL;
wolfSSL 15:117db924cf7c 29466 }
wolfSSL 15:117db924cf7c 29467 }
wolfSSL 15:117db924cf7c 29468 wolfSSL_BN_free(bn);
wolfSSL 15:117db924cf7c 29469
wolfSSL 15:117db924cf7c 29470 return rsa;
wolfSSL 15:117db924cf7c 29471 }
wolfSSL 15:117db924cf7c 29472
wolfSSL 15:117db924cf7c 29473
wolfSSL 15:117db924cf7c 29474 /* return compliant with OpenSSL
wolfSSL 15:117db924cf7c 29475 * 1 if success, 0 if error
wolfSSL 15:117db924cf7c 29476 */
wolfSSL 15:117db924cf7c 29477 int wolfSSL_RSA_generate_key_ex(WOLFSSL_RSA* rsa, int bits, WOLFSSL_BIGNUM* bn,
wolfSSL 15:117db924cf7c 29478 void* cb)
wolfSSL 15:117db924cf7c 29479 {
wolfSSL 15:117db924cf7c 29480 int ret = WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 29481
wolfSSL 15:117db924cf7c 29482 (void)cb;
wolfSSL 15:117db924cf7c 29483 (void)bn;
wolfSSL 15:117db924cf7c 29484 (void)bits;
wolfSSL 15:117db924cf7c 29485
wolfSSL 15:117db924cf7c 29486 WOLFSSL_ENTER("wolfSSL_RSA_generate_key_ex");
wolfSSL 15:117db924cf7c 29487
wolfSSL 15:117db924cf7c 29488 if (rsa == NULL || rsa->internal == NULL) {
wolfSSL 15:117db924cf7c 29489 /* bit size checked during make key call */
wolfSSL 15:117db924cf7c 29490 WOLFSSL_MSG("bad arguments");
wolfSSL 15:117db924cf7c 29491 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 29492 }
wolfSSL 15:117db924cf7c 29493
wolfSSL 15:117db924cf7c 29494 #ifdef WOLFSSL_KEY_GEN
wolfSSL 15:117db924cf7c 29495 {
wolfSSL 15:117db924cf7c 29496 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 16:8e0d178b1d1e 29497 WC_RNG* rng;
wolfSSL 15:117db924cf7c 29498 #else
wolfSSL 15:117db924cf7c 29499 WC_RNG rng[1];
wolfSSL 15:117db924cf7c 29500 #endif
wolfSSL 15:117db924cf7c 29501
wolfSSL 15:117db924cf7c 29502 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 29503 rng = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG);
wolfSSL 15:117db924cf7c 29504 if (rng == NULL)
wolfSSL 15:117db924cf7c 29505 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 29506 #endif
wolfSSL 15:117db924cf7c 29507
wolfSSL 15:117db924cf7c 29508 if (wc_InitRng(rng) < 0)
wolfSSL 15:117db924cf7c 29509 WOLFSSL_MSG("RNG init failed");
wolfSSL 15:117db924cf7c 29510 else if (wc_MakeRsaKey((RsaKey*)rsa->internal, bits,
wolfSSL 15:117db924cf7c 29511 wolfSSL_BN_get_word(bn), rng) != MP_OKAY)
wolfSSL 15:117db924cf7c 29512 WOLFSSL_MSG("wc_MakeRsaKey failed");
wolfSSL 15:117db924cf7c 29513 else if (SetRsaExternal(rsa) != WOLFSSL_SUCCESS)
wolfSSL 15:117db924cf7c 29514 WOLFSSL_MSG("SetRsaExternal failed");
wolfSSL 15:117db924cf7c 29515 else {
wolfSSL 15:117db924cf7c 29516 rsa->inSet = 1;
wolfSSL 15:117db924cf7c 29517 ret = WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 29518 }
wolfSSL 15:117db924cf7c 29519
wolfSSL 15:117db924cf7c 29520 wc_FreeRng(rng);
wolfSSL 15:117db924cf7c 29521 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 29522 XFREE(rng, NULL, DYNAMIC_TYPE_RNG);
wolfSSL 15:117db924cf7c 29523 #endif
wolfSSL 15:117db924cf7c 29524 }
wolfSSL 15:117db924cf7c 29525 #else
wolfSSL 15:117db924cf7c 29526 WOLFSSL_MSG("No Key Gen built in");
wolfSSL 15:117db924cf7c 29527 #endif
wolfSSL 15:117db924cf7c 29528 return ret;
wolfSSL 15:117db924cf7c 29529 }
wolfSSL 15:117db924cf7c 29530 #endif /* NO_RSA */
wolfSSL 15:117db924cf7c 29531
wolfSSL 15:117db924cf7c 29532 #ifndef NO_DSA
wolfSSL 15:117db924cf7c 29533 /* return code compliant with OpenSSL :
wolfSSL 15:117db924cf7c 29534 * 1 if success, 0 if error
wolfSSL 15:117db924cf7c 29535 */
wolfSSL 15:117db924cf7c 29536 int wolfSSL_DSA_generate_key(WOLFSSL_DSA* dsa)
wolfSSL 15:117db924cf7c 29537 {
wolfSSL 15:117db924cf7c 29538 int ret = WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 29539
wolfSSL 15:117db924cf7c 29540 WOLFSSL_ENTER("wolfSSL_DSA_generate_key");
wolfSSL 15:117db924cf7c 29541
wolfSSL 15:117db924cf7c 29542 if (dsa == NULL || dsa->internal == NULL) {
wolfSSL 15:117db924cf7c 29543 WOLFSSL_MSG("Bad arguments");
wolfSSL 15:117db924cf7c 29544 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 29545 }
wolfSSL 15:117db924cf7c 29546
wolfSSL 15:117db924cf7c 29547 if (dsa->inSet == 0) {
wolfSSL 15:117db924cf7c 29548 WOLFSSL_MSG("No DSA internal set, do it");
wolfSSL 15:117db924cf7c 29549
wolfSSL 15:117db924cf7c 29550 if (SetDsaInternal(dsa) != WOLFSSL_SUCCESS) {
wolfSSL 15:117db924cf7c 29551 WOLFSSL_MSG("SetDsaInternal failed");
wolfSSL 15:117db924cf7c 29552 return ret;
wolfSSL 15:117db924cf7c 29553 }
wolfSSL 15:117db924cf7c 29554 }
wolfSSL 15:117db924cf7c 29555
wolfSSL 15:117db924cf7c 29556 #ifdef WOLFSSL_KEY_GEN
wolfSSL 15:117db924cf7c 29557 {
wolfSSL 15:117db924cf7c 29558 int initTmpRng = 0;
wolfSSL 15:117db924cf7c 29559 WC_RNG *rng = NULL;
wolfSSL 15:117db924cf7c 29560 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 16:8e0d178b1d1e 29561 WC_RNG *tmpRNG;
wolfSSL 15:117db924cf7c 29562 #else
wolfSSL 15:117db924cf7c 29563 WC_RNG tmpRNG[1];
wolfSSL 15:117db924cf7c 29564 #endif
wolfSSL 15:117db924cf7c 29565
wolfSSL 15:117db924cf7c 29566 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 29567 tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG);
wolfSSL 15:117db924cf7c 29568 if (tmpRNG == NULL)
wolfSSL 15:117db924cf7c 29569 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 29570 #endif
wolfSSL 15:117db924cf7c 29571 if (wc_InitRng(tmpRNG) == 0) {
wolfSSL 15:117db924cf7c 29572 rng = tmpRNG;
wolfSSL 15:117db924cf7c 29573 initTmpRng = 1;
wolfSSL 15:117db924cf7c 29574 }
wolfSSL 15:117db924cf7c 29575 else {
wolfSSL 15:117db924cf7c 29576 WOLFSSL_MSG("Bad RNG Init, trying global");
wolfSSL 15:117db924cf7c 29577 if (initGlobalRNG == 0)
wolfSSL 15:117db924cf7c 29578 WOLFSSL_MSG("Global RNG no Init");
wolfSSL 15:117db924cf7c 29579 else
wolfSSL 15:117db924cf7c 29580 rng = &globalRNG;
wolfSSL 15:117db924cf7c 29581 }
wolfSSL 15:117db924cf7c 29582
wolfSSL 15:117db924cf7c 29583 if (rng) {
wolfSSL 15:117db924cf7c 29584 if (wc_MakeDsaKey(rng, (DsaKey*)dsa->internal) != MP_OKAY)
wolfSSL 15:117db924cf7c 29585 WOLFSSL_MSG("wc_MakeDsaKey failed");
wolfSSL 15:117db924cf7c 29586 else if (SetDsaExternal(dsa) != WOLFSSL_SUCCESS)
wolfSSL 15:117db924cf7c 29587 WOLFSSL_MSG("SetDsaExternal failed");
wolfSSL 15:117db924cf7c 29588 else
wolfSSL 15:117db924cf7c 29589 ret = WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 29590 }
wolfSSL 15:117db924cf7c 29591
wolfSSL 15:117db924cf7c 29592 if (initTmpRng)
wolfSSL 15:117db924cf7c 29593 wc_FreeRng(tmpRNG);
wolfSSL 15:117db924cf7c 29594
wolfSSL 15:117db924cf7c 29595 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 29596 XFREE(tmpRNG, NULL, DYNAMIC_TYPE_RNG);
wolfSSL 15:117db924cf7c 29597 #endif
wolfSSL 15:117db924cf7c 29598 }
wolfSSL 15:117db924cf7c 29599 #else /* WOLFSSL_KEY_GEN */
wolfSSL 15:117db924cf7c 29600 WOLFSSL_MSG("No Key Gen built in");
wolfSSL 15:117db924cf7c 29601 #endif
wolfSSL 15:117db924cf7c 29602 return ret;
wolfSSL 15:117db924cf7c 29603 }
wolfSSL 15:117db924cf7c 29604
wolfSSL 15:117db924cf7c 29605
wolfSSL 15:117db924cf7c 29606 /* Returns a pointer to a new WOLFSSL_DSA structure on success and NULL on fail
wolfSSL 15:117db924cf7c 29607 */
wolfSSL 15:117db924cf7c 29608 WOLFSSL_DSA* wolfSSL_DSA_generate_parameters(int bits, unsigned char* seed,
wolfSSL 15:117db924cf7c 29609 int seedLen, int* counterRet, unsigned long* hRet,
wolfSSL 15:117db924cf7c 29610 WOLFSSL_BN_CB cb, void* CBArg)
wolfSSL 15:117db924cf7c 29611 {
wolfSSL 15:117db924cf7c 29612 WOLFSSL_DSA* dsa;
wolfSSL 15:117db924cf7c 29613
wolfSSL 15:117db924cf7c 29614 WOLFSSL_ENTER("wolfSSL_DSA_generate_parameters()");
wolfSSL 15:117db924cf7c 29615
wolfSSL 15:117db924cf7c 29616 (void)cb;
wolfSSL 15:117db924cf7c 29617 (void)CBArg;
wolfSSL 15:117db924cf7c 29618 dsa = wolfSSL_DSA_new();
wolfSSL 15:117db924cf7c 29619 if (dsa == NULL) {
wolfSSL 15:117db924cf7c 29620 return NULL;
wolfSSL 15:117db924cf7c 29621 }
wolfSSL 15:117db924cf7c 29622
wolfSSL 15:117db924cf7c 29623 if (wolfSSL_DSA_generate_parameters_ex(dsa, bits, seed, seedLen,
wolfSSL 15:117db924cf7c 29624 counterRet, hRet, NULL) != SSL_SUCCESS) {
wolfSSL 15:117db924cf7c 29625 wolfSSL_DSA_free(dsa);
wolfSSL 15:117db924cf7c 29626 return NULL;
wolfSSL 15:117db924cf7c 29627 }
wolfSSL 15:117db924cf7c 29628
wolfSSL 15:117db924cf7c 29629 return dsa;
wolfSSL 15:117db924cf7c 29630 }
wolfSSL 15:117db924cf7c 29631
wolfSSL 15:117db924cf7c 29632
wolfSSL 15:117db924cf7c 29633 /* return code compliant with OpenSSL :
wolfSSL 15:117db924cf7c 29634 * 1 if success, 0 if error
wolfSSL 15:117db924cf7c 29635 */
wolfSSL 15:117db924cf7c 29636 int wolfSSL_DSA_generate_parameters_ex(WOLFSSL_DSA* dsa, int bits,
wolfSSL 15:117db924cf7c 29637 unsigned char* seed, int seedLen,
wolfSSL 15:117db924cf7c 29638 int* counterRet,
wolfSSL 15:117db924cf7c 29639 unsigned long* hRet, void* cb)
wolfSSL 15:117db924cf7c 29640 {
wolfSSL 15:117db924cf7c 29641 int ret = WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 29642
wolfSSL 15:117db924cf7c 29643 (void)bits;
wolfSSL 15:117db924cf7c 29644 (void)seed;
wolfSSL 15:117db924cf7c 29645 (void)seedLen;
wolfSSL 15:117db924cf7c 29646 (void)counterRet;
wolfSSL 15:117db924cf7c 29647 (void)hRet;
wolfSSL 15:117db924cf7c 29648 (void)cb;
wolfSSL 15:117db924cf7c 29649
wolfSSL 15:117db924cf7c 29650 WOLFSSL_ENTER("wolfSSL_DSA_generate_parameters_ex");
wolfSSL 15:117db924cf7c 29651
wolfSSL 15:117db924cf7c 29652 if (dsa == NULL || dsa->internal == NULL) {
wolfSSL 15:117db924cf7c 29653 WOLFSSL_MSG("Bad arguments");
wolfSSL 15:117db924cf7c 29654 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 29655 }
wolfSSL 15:117db924cf7c 29656
wolfSSL 15:117db924cf7c 29657 #ifdef WOLFSSL_KEY_GEN
wolfSSL 15:117db924cf7c 29658 {
wolfSSL 15:117db924cf7c 29659 int initTmpRng = 0;
wolfSSL 15:117db924cf7c 29660 WC_RNG *rng = NULL;
wolfSSL 15:117db924cf7c 29661 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 16:8e0d178b1d1e 29662 WC_RNG *tmpRNG;
wolfSSL 15:117db924cf7c 29663 #else
wolfSSL 15:117db924cf7c 29664 WC_RNG tmpRNG[1];
wolfSSL 15:117db924cf7c 29665 #endif
wolfSSL 15:117db924cf7c 29666
wolfSSL 15:117db924cf7c 29667 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 29668 tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG);
wolfSSL 15:117db924cf7c 29669 if (tmpRNG == NULL)
wolfSSL 15:117db924cf7c 29670 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 29671 #endif
wolfSSL 15:117db924cf7c 29672 if (wc_InitRng(tmpRNG) == 0) {
wolfSSL 15:117db924cf7c 29673 rng = tmpRNG;
wolfSSL 15:117db924cf7c 29674 initTmpRng = 1;
wolfSSL 15:117db924cf7c 29675 }
wolfSSL 15:117db924cf7c 29676 else {
wolfSSL 15:117db924cf7c 29677 WOLFSSL_MSG("Bad RNG Init, trying global");
wolfSSL 15:117db924cf7c 29678 if (initGlobalRNG == 0)
wolfSSL 15:117db924cf7c 29679 WOLFSSL_MSG("Global RNG no Init");
wolfSSL 15:117db924cf7c 29680 else
wolfSSL 15:117db924cf7c 29681 rng = &globalRNG;
wolfSSL 15:117db924cf7c 29682 }
wolfSSL 15:117db924cf7c 29683
wolfSSL 15:117db924cf7c 29684 if (rng) {
wolfSSL 15:117db924cf7c 29685 if (wc_MakeDsaParameters(rng, bits,
wolfSSL 15:117db924cf7c 29686 (DsaKey*)dsa->internal) != MP_OKAY)
wolfSSL 15:117db924cf7c 29687 WOLFSSL_MSG("wc_MakeDsaParameters failed");
wolfSSL 15:117db924cf7c 29688 else if (SetDsaExternal(dsa) != WOLFSSL_SUCCESS)
wolfSSL 15:117db924cf7c 29689 WOLFSSL_MSG("SetDsaExternal failed");
wolfSSL 15:117db924cf7c 29690 else
wolfSSL 15:117db924cf7c 29691 ret = WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 29692 }
wolfSSL 15:117db924cf7c 29693
wolfSSL 15:117db924cf7c 29694 if (initTmpRng)
wolfSSL 15:117db924cf7c 29695 wc_FreeRng(tmpRNG);
wolfSSL 15:117db924cf7c 29696
wolfSSL 15:117db924cf7c 29697 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 29698 XFREE(tmpRNG, NULL, DYNAMIC_TYPE_RNG);
wolfSSL 15:117db924cf7c 29699 #endif
wolfSSL 15:117db924cf7c 29700 }
wolfSSL 15:117db924cf7c 29701 #else /* WOLFSSL_KEY_GEN */
wolfSSL 15:117db924cf7c 29702 WOLFSSL_MSG("No Key Gen built in");
wolfSSL 15:117db924cf7c 29703 #endif
wolfSSL 15:117db924cf7c 29704
wolfSSL 15:117db924cf7c 29705 return ret;
wolfSSL 15:117db924cf7c 29706 }
wolfSSL 15:117db924cf7c 29707
wolfSSL 16:8e0d178b1d1e 29708 WOLFSSL_DSA_SIG* wolfSSL_DSA_SIG_new(void)
wolfSSL 16:8e0d178b1d1e 29709 {
wolfSSL 16:8e0d178b1d1e 29710 WOLFSSL_DSA_SIG* sig;
wolfSSL 16:8e0d178b1d1e 29711 WOLFSSL_ENTER("wolfSSL_DSA_SIG_new");
wolfSSL 16:8e0d178b1d1e 29712 sig = (WOLFSSL_DSA_SIG*)XMALLOC(sizeof(WOLFSSL_DSA_SIG), NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL 16:8e0d178b1d1e 29713 if (sig)
wolfSSL 16:8e0d178b1d1e 29714 XMEMSET(sig, 0, sizeof(WOLFSSL_DSA_SIG));
wolfSSL 16:8e0d178b1d1e 29715 return sig;
wolfSSL 16:8e0d178b1d1e 29716 }
wolfSSL 16:8e0d178b1d1e 29717
wolfSSL 16:8e0d178b1d1e 29718 void wolfSSL_DSA_SIG_free(WOLFSSL_DSA_SIG *sig)
wolfSSL 16:8e0d178b1d1e 29719 {
wolfSSL 16:8e0d178b1d1e 29720 WOLFSSL_ENTER("wolfSSL_DSA_SIG_free");
wolfSSL 16:8e0d178b1d1e 29721 if (sig) {
wolfSSL 16:8e0d178b1d1e 29722 if (sig->r) {
wolfSSL 16:8e0d178b1d1e 29723 wolfSSL_BN_free(sig->r);
wolfSSL 16:8e0d178b1d1e 29724 }
wolfSSL 16:8e0d178b1d1e 29725 if (sig->s) {
wolfSSL 16:8e0d178b1d1e 29726 wolfSSL_BN_free(sig->s);
wolfSSL 16:8e0d178b1d1e 29727 }
wolfSSL 16:8e0d178b1d1e 29728 XFREE(sig, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL 16:8e0d178b1d1e 29729 }
wolfSSL 16:8e0d178b1d1e 29730 }
wolfSSL 16:8e0d178b1d1e 29731
wolfSSL 15:117db924cf7c 29732 /* return WOLFSSL_SUCCESS on success, < 0 otherwise */
wolfSSL 15:117db924cf7c 29733 int wolfSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet,
wolfSSL 15:117db924cf7c 29734 WOLFSSL_DSA* dsa)
wolfSSL 15:117db924cf7c 29735 {
wolfSSL 15:117db924cf7c 29736 int ret = WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 29737 int initTmpRng = 0;
wolfSSL 15:117db924cf7c 29738 WC_RNG* rng = NULL;
wolfSSL 15:117db924cf7c 29739 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 29740 WC_RNG* tmpRNG = NULL;
wolfSSL 15:117db924cf7c 29741 #else
wolfSSL 15:117db924cf7c 29742 WC_RNG tmpRNG[1];
wolfSSL 15:117db924cf7c 29743 #endif
wolfSSL 15:117db924cf7c 29744
wolfSSL 15:117db924cf7c 29745 WOLFSSL_ENTER("wolfSSL_DSA_do_sign");
wolfSSL 15:117db924cf7c 29746
wolfSSL 15:117db924cf7c 29747 if (d == NULL || sigRet == NULL || dsa == NULL) {
wolfSSL 15:117db924cf7c 29748 WOLFSSL_MSG("Bad function arguments");
wolfSSL 15:117db924cf7c 29749 return ret;
wolfSSL 15:117db924cf7c 29750 }
wolfSSL 15:117db924cf7c 29751
wolfSSL 15:117db924cf7c 29752 if (dsa->inSet == 0)
wolfSSL 15:117db924cf7c 29753 {
wolfSSL 15:117db924cf7c 29754 WOLFSSL_MSG("No DSA internal set, do it");
wolfSSL 15:117db924cf7c 29755
wolfSSL 15:117db924cf7c 29756 if (SetDsaInternal(dsa) != WOLFSSL_SUCCESS) {
wolfSSL 15:117db924cf7c 29757 WOLFSSL_MSG("SetDsaInternal failed");
wolfSSL 15:117db924cf7c 29758 return ret;
wolfSSL 15:117db924cf7c 29759 }
wolfSSL 15:117db924cf7c 29760 }
wolfSSL 15:117db924cf7c 29761
wolfSSL 15:117db924cf7c 29762 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 29763 tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG);
wolfSSL 15:117db924cf7c 29764 if (tmpRNG == NULL)
wolfSSL 15:117db924cf7c 29765 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 29766 #endif
wolfSSL 15:117db924cf7c 29767
wolfSSL 15:117db924cf7c 29768 if (wc_InitRng(tmpRNG) == 0) {
wolfSSL 15:117db924cf7c 29769 rng = tmpRNG;
wolfSSL 15:117db924cf7c 29770 initTmpRng = 1;
wolfSSL 15:117db924cf7c 29771 }
wolfSSL 15:117db924cf7c 29772 else {
wolfSSL 15:117db924cf7c 29773 WOLFSSL_MSG("Bad RNG Init, trying global");
wolfSSL 15:117db924cf7c 29774 if (initGlobalRNG == 0)
wolfSSL 15:117db924cf7c 29775 WOLFSSL_MSG("Global RNG no Init");
wolfSSL 15:117db924cf7c 29776 else
wolfSSL 15:117db924cf7c 29777 rng = &globalRNG;
wolfSSL 15:117db924cf7c 29778 }
wolfSSL 15:117db924cf7c 29779
wolfSSL 15:117db924cf7c 29780 if (rng) {
wolfSSL 15:117db924cf7c 29781 if (DsaSign(d, sigRet, (DsaKey*)dsa->internal, rng) < 0)
wolfSSL 15:117db924cf7c 29782 WOLFSSL_MSG("DsaSign failed");
wolfSSL 15:117db924cf7c 29783 else
wolfSSL 15:117db924cf7c 29784 ret = WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 29785 }
wolfSSL 15:117db924cf7c 29786
wolfSSL 15:117db924cf7c 29787 if (initTmpRng)
wolfSSL 15:117db924cf7c 29788 wc_FreeRng(tmpRNG);
wolfSSL 15:117db924cf7c 29789 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 29790 XFREE(tmpRNG, NULL, DYNAMIC_TYPE_RNG);
wolfSSL 15:117db924cf7c 29791 #endif
wolfSSL 15:117db924cf7c 29792
wolfSSL 15:117db924cf7c 29793 return ret;
wolfSSL 15:117db924cf7c 29794 }
wolfSSL 15:117db924cf7c 29795
wolfSSL 16:8e0d178b1d1e 29796 #if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
wolfSSL 16:8e0d178b1d1e 29797 WOLFSSL_DSA_SIG* wolfSSL_DSA_do_sign_ex(const unsigned char* digest,
wolfSSL 16:8e0d178b1d1e 29798 int outLen, WOLFSSL_DSA* dsa)
wolfSSL 16:8e0d178b1d1e 29799 {
wolfSSL 16:8e0d178b1d1e 29800 WOLFSSL_DSA_SIG* sig = NULL;
wolfSSL 16:8e0d178b1d1e 29801 byte sigBin[DSA_SIG_SIZE];
wolfSSL 16:8e0d178b1d1e 29802
wolfSSL 16:8e0d178b1d1e 29803 WOLFSSL_ENTER("wolfSSL_DSA_do_sign_ex");
wolfSSL 16:8e0d178b1d1e 29804
wolfSSL 16:8e0d178b1d1e 29805 if (!digest || !dsa || outLen != WC_SHA_DIGEST_SIZE) {
wolfSSL 16:8e0d178b1d1e 29806 WOLFSSL_MSG("Bad function arguments");
wolfSSL 16:8e0d178b1d1e 29807 return NULL;
wolfSSL 16:8e0d178b1d1e 29808 }
wolfSSL 16:8e0d178b1d1e 29809
wolfSSL 16:8e0d178b1d1e 29810 if (wolfSSL_DSA_do_sign(digest, sigBin, dsa) != WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 29811 return NULL;
wolfSSL 16:8e0d178b1d1e 29812 }
wolfSSL 16:8e0d178b1d1e 29813
wolfSSL 16:8e0d178b1d1e 29814 if (!(sig = wolfSSL_DSA_SIG_new())) {
wolfSSL 16:8e0d178b1d1e 29815 goto error;
wolfSSL 16:8e0d178b1d1e 29816 }
wolfSSL 16:8e0d178b1d1e 29817
wolfSSL 16:8e0d178b1d1e 29818 if (!(sig->r = wolfSSL_BN_bin2bn(sigBin, DSA_HALF_SIZE, NULL))) {
wolfSSL 16:8e0d178b1d1e 29819 goto error;
wolfSSL 16:8e0d178b1d1e 29820 }
wolfSSL 16:8e0d178b1d1e 29821
wolfSSL 16:8e0d178b1d1e 29822 if (!(sig->s = wolfSSL_BN_bin2bn(sigBin + DSA_HALF_SIZE, DSA_HALF_SIZE, NULL))) {
wolfSSL 16:8e0d178b1d1e 29823 goto error;
wolfSSL 16:8e0d178b1d1e 29824 }
wolfSSL 16:8e0d178b1d1e 29825
wolfSSL 16:8e0d178b1d1e 29826 return sig;
wolfSSL 16:8e0d178b1d1e 29827 error:
wolfSSL 16:8e0d178b1d1e 29828 if (sig) {
wolfSSL 16:8e0d178b1d1e 29829 wolfSSL_DSA_SIG_free(sig);
wolfSSL 16:8e0d178b1d1e 29830 }
wolfSSL 16:8e0d178b1d1e 29831 return NULL;
wolfSSL 16:8e0d178b1d1e 29832 }
wolfSSL 16:8e0d178b1d1e 29833 #endif /* !HAVE_SELFTEST && !HAVE_FIPS */
wolfSSL 15:117db924cf7c 29834
wolfSSL 15:117db924cf7c 29835 int wolfSSL_DSA_do_verify(const unsigned char* d, unsigned char* sig,
wolfSSL 15:117db924cf7c 29836 WOLFSSL_DSA* dsa, int *dsacheck)
wolfSSL 15:117db924cf7c 29837 {
wolfSSL 15:117db924cf7c 29838 int ret = WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 29839
wolfSSL 15:117db924cf7c 29840 WOLFSSL_ENTER("wolfSSL_DSA_do_verify");
wolfSSL 15:117db924cf7c 29841
wolfSSL 15:117db924cf7c 29842 if (d == NULL || sig == NULL || dsa == NULL) {
wolfSSL 15:117db924cf7c 29843 WOLFSSL_MSG("Bad function arguments");
wolfSSL 15:117db924cf7c 29844 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 29845 }
wolfSSL 15:117db924cf7c 29846 if (dsa->inSet == 0)
wolfSSL 15:117db924cf7c 29847 {
wolfSSL 15:117db924cf7c 29848 WOLFSSL_MSG("No DSA internal set, do it");
wolfSSL 15:117db924cf7c 29849
wolfSSL 15:117db924cf7c 29850 if (SetDsaInternal(dsa) != WOLFSSL_SUCCESS) {
wolfSSL 15:117db924cf7c 29851 WOLFSSL_MSG("SetDsaInternal failed");
wolfSSL 15:117db924cf7c 29852 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 29853 }
wolfSSL 15:117db924cf7c 29854 }
wolfSSL 15:117db924cf7c 29855
wolfSSL 15:117db924cf7c 29856 ret = DsaVerify(d, sig, (DsaKey*)dsa->internal, dsacheck);
wolfSSL 15:117db924cf7c 29857 if (ret != 0 || *dsacheck != 1) {
wolfSSL 15:117db924cf7c 29858 WOLFSSL_MSG("DsaVerify failed");
wolfSSL 15:117db924cf7c 29859 return ret;
wolfSSL 15:117db924cf7c 29860 }
wolfSSL 15:117db924cf7c 29861
wolfSSL 15:117db924cf7c 29862 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 29863 }
wolfSSL 16:8e0d178b1d1e 29864
wolfSSL 16:8e0d178b1d1e 29865 #if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS)
wolfSSL 16:8e0d178b1d1e 29866 int wolfSSL_DSA_do_verify_ex(const unsigned char* digest, int digest_len,
wolfSSL 16:8e0d178b1d1e 29867 WOLFSSL_DSA_SIG* sig, WOLFSSL_DSA* dsa)
wolfSSL 16:8e0d178b1d1e 29868 {
wolfSSL 16:8e0d178b1d1e 29869 int dsacheck, sz;
wolfSSL 16:8e0d178b1d1e 29870 byte sigBin[DSA_SIG_SIZE];
wolfSSL 16:8e0d178b1d1e 29871 byte* sigBinPtr = sigBin;
wolfSSL 16:8e0d178b1d1e 29872
wolfSSL 16:8e0d178b1d1e 29873 WOLFSSL_ENTER("wolfSSL_DSA_do_verify_ex");
wolfSSL 16:8e0d178b1d1e 29874
wolfSSL 16:8e0d178b1d1e 29875 if (!digest || !sig || !dsa || digest_len != WC_SHA_DIGEST_SIZE) {
wolfSSL 16:8e0d178b1d1e 29876 WOLFSSL_MSG("Bad function arguments");
wolfSSL 16:8e0d178b1d1e 29877 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 29878 }
wolfSSL 16:8e0d178b1d1e 29879
wolfSSL 16:8e0d178b1d1e 29880 if (!sig->r || !sig->s) {
wolfSSL 16:8e0d178b1d1e 29881 WOLFSSL_MSG("No signature found in DSA_SIG");
wolfSSL 16:8e0d178b1d1e 29882 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 29883 }
wolfSSL 16:8e0d178b1d1e 29884
wolfSSL 16:8e0d178b1d1e 29885 /* front pad with zeros */
wolfSSL 16:8e0d178b1d1e 29886 if (!(sz = wolfSSL_BN_num_bytes(sig->r))) {
wolfSSL 16:8e0d178b1d1e 29887 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 29888 }
wolfSSL 16:8e0d178b1d1e 29889 while (sz++ < DSA_HALF_SIZE) {
wolfSSL 16:8e0d178b1d1e 29890 *sigBinPtr++ = 0;
wolfSSL 16:8e0d178b1d1e 29891 }
wolfSSL 16:8e0d178b1d1e 29892
wolfSSL 16:8e0d178b1d1e 29893 if (wolfSSL_BN_bn2bin(sig->r, sigBinPtr) == WOLFSSL_FATAL_ERROR) {
wolfSSL 16:8e0d178b1d1e 29894 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 29895 }
wolfSSL 16:8e0d178b1d1e 29896
wolfSSL 16:8e0d178b1d1e 29897 /* Move to s */
wolfSSL 16:8e0d178b1d1e 29898 sigBinPtr = sigBin + DSA_HALF_SIZE;
wolfSSL 16:8e0d178b1d1e 29899
wolfSSL 16:8e0d178b1d1e 29900 /* front pad with zeros */
wolfSSL 16:8e0d178b1d1e 29901 if (!(sz = wolfSSL_BN_num_bytes(sig->s))) {
wolfSSL 16:8e0d178b1d1e 29902 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 29903 }
wolfSSL 16:8e0d178b1d1e 29904 while (sz++ < DSA_HALF_SIZE) {
wolfSSL 16:8e0d178b1d1e 29905 *sigBinPtr++ = 0;
wolfSSL 16:8e0d178b1d1e 29906 }
wolfSSL 16:8e0d178b1d1e 29907
wolfSSL 16:8e0d178b1d1e 29908 if (wolfSSL_BN_bn2bin(sig->s, sigBinPtr) == WOLFSSL_FATAL_ERROR) {
wolfSSL 16:8e0d178b1d1e 29909 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 29910 }
wolfSSL 16:8e0d178b1d1e 29911
wolfSSL 16:8e0d178b1d1e 29912 if (wolfSSL_DSA_do_verify(digest, sigBin, dsa, &dsacheck) != WOLFSSL_SUCCESS ||
wolfSSL 16:8e0d178b1d1e 29913 dsacheck != 1) {
wolfSSL 16:8e0d178b1d1e 29914 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 29915 }
wolfSSL 16:8e0d178b1d1e 29916
wolfSSL 16:8e0d178b1d1e 29917 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 29918 }
wolfSSL 16:8e0d178b1d1e 29919 #endif /* !HAVE_SELFTEST && !HAVE_FIPS */
wolfSSL 15:117db924cf7c 29920 #endif /* NO_DSA */
wolfSSL 15:117db924cf7c 29921
wolfSSL 15:117db924cf7c 29922
wolfSSL 15:117db924cf7c 29923 #if !defined(NO_RSA) && !defined(HAVE_USER_RSA)
wolfSSL 15:117db924cf7c 29924
wolfSSL 15:117db924cf7c 29925 #ifdef DEBUG_SIGN
wolfSSL 15:117db924cf7c 29926 static void show(const char *title, const unsigned char *out, unsigned int outlen)
wolfSSL 15:117db924cf7c 29927 {
wolfSSL 15:117db924cf7c 29928 const unsigned char *pt;
wolfSSL 15:117db924cf7c 29929 printf("%s[%d] = \n", title, (int)outlen);
wolfSSL 15:117db924cf7c 29930 outlen = outlen>100?100:outlen;
wolfSSL 15:117db924cf7c 29931 for (pt = out; pt < out + outlen;
wolfSSL 15:117db924cf7c 29932 printf("%c", ((*pt)&0x6f)>='A'?((*pt)&0x6f):'.'), pt++);
wolfSSL 15:117db924cf7c 29933 printf("\n");
wolfSSL 15:117db924cf7c 29934 }
wolfSSL 15:117db924cf7c 29935 #else
wolfSSL 15:117db924cf7c 29936 #define show(a,b,c)
wolfSSL 15:117db924cf7c 29937 #endif
wolfSSL 15:117db924cf7c 29938
wolfSSL 16:8e0d178b1d1e 29939 /* return SSL_SUCCESS on ok, 0 otherwise */
wolfSSL 15:117db924cf7c 29940 int wolfSSL_RSA_sign(int type, const unsigned char* m,
wolfSSL 15:117db924cf7c 29941 unsigned int mLen, unsigned char* sigRet,
wolfSSL 15:117db924cf7c 29942 unsigned int* sigLen, WOLFSSL_RSA* rsa)
wolfSSL 15:117db924cf7c 29943 {
wolfSSL 15:117db924cf7c 29944 return wolfSSL_RSA_sign_ex(type, m, mLen, sigRet, sigLen, rsa, 1);
wolfSSL 15:117db924cf7c 29945 }
wolfSSL 15:117db924cf7c 29946
wolfSSL 15:117db924cf7c 29947 int wolfSSL_RSA_sign_ex(int type, const unsigned char* m,
wolfSSL 15:117db924cf7c 29948 unsigned int mLen, unsigned char* sigRet,
wolfSSL 15:117db924cf7c 29949 unsigned int* sigLen, WOLFSSL_RSA* rsa, int flag)
wolfSSL 15:117db924cf7c 29950 {
wolfSSL 15:117db924cf7c 29951 word32 outLen;
wolfSSL 15:117db924cf7c 29952 word32 signSz;
wolfSSL 15:117db924cf7c 29953 int initTmpRng = 0;
wolfSSL 15:117db924cf7c 29954 WC_RNG* rng = NULL;
wolfSSL 15:117db924cf7c 29955 int ret = 0;
wolfSSL 15:117db924cf7c 29956 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 29957 WC_RNG* tmpRNG = NULL;
wolfSSL 15:117db924cf7c 29958 byte* encodedSig = NULL;
wolfSSL 15:117db924cf7c 29959 #else
wolfSSL 15:117db924cf7c 29960 WC_RNG tmpRNG[1];
wolfSSL 15:117db924cf7c 29961 byte encodedSig[MAX_ENCODED_SIG_SZ];
wolfSSL 15:117db924cf7c 29962 #endif
wolfSSL 15:117db924cf7c 29963
wolfSSL 15:117db924cf7c 29964 WOLFSSL_ENTER("wolfSSL_RSA_sign");
wolfSSL 15:117db924cf7c 29965
wolfSSL 15:117db924cf7c 29966 if (m == NULL || sigRet == NULL || sigLen == NULL || rsa == NULL) {
wolfSSL 15:117db924cf7c 29967 WOLFSSL_MSG("Bad function arguments");
wolfSSL 15:117db924cf7c 29968 return 0;
wolfSSL 15:117db924cf7c 29969 }
wolfSSL 15:117db924cf7c 29970 show("Message to Sign", m, mLen);
wolfSSL 15:117db924cf7c 29971
wolfSSL 15:117db924cf7c 29972 switch (type) {
wolfSSL 15:117db924cf7c 29973 #ifdef WOLFSSL_MD2
wolfSSL 15:117db924cf7c 29974 case NID_md2: type = MD2h; break;
wolfSSL 15:117db924cf7c 29975 #endif
wolfSSL 15:117db924cf7c 29976 #ifndef NO_MD5
wolfSSL 15:117db924cf7c 29977 case NID_md5: type = MD5h; break;
wolfSSL 15:117db924cf7c 29978 #endif
wolfSSL 15:117db924cf7c 29979 #ifndef NO_SHA
wolfSSL 15:117db924cf7c 29980 case NID_sha1: type = SHAh; break;
wolfSSL 15:117db924cf7c 29981 #endif
wolfSSL 15:117db924cf7c 29982 #ifndef NO_SHA256
wolfSSL 15:117db924cf7c 29983 case NID_sha256: type = SHA256h; break;
wolfSSL 15:117db924cf7c 29984 #endif
wolfSSL 15:117db924cf7c 29985 #ifdef WOLFSSL_SHA384
wolfSSL 15:117db924cf7c 29986 case NID_sha384: type = SHA384h; break;
wolfSSL 15:117db924cf7c 29987 #endif
wolfSSL 15:117db924cf7c 29988 #ifdef WOLFSSL_SHA512
wolfSSL 15:117db924cf7c 29989 case NID_sha512: type = SHA512h; break;
wolfSSL 15:117db924cf7c 29990 #endif
wolfSSL 16:8e0d178b1d1e 29991 #ifndef WOLFSSL_NOSHA3_224
wolfSSL 16:8e0d178b1d1e 29992 case NID_sha3_224: type = SHA3_224h; break;
wolfSSL 16:8e0d178b1d1e 29993 #endif
wolfSSL 16:8e0d178b1d1e 29994 #ifndef WOLFSSL_NOSHA3_256
wolfSSL 16:8e0d178b1d1e 29995 case NID_sha3_256: type = SHA3_256h; break;
wolfSSL 16:8e0d178b1d1e 29996 #endif
wolfSSL 16:8e0d178b1d1e 29997 #ifndef WOLFSSL_NOSHA3_384
wolfSSL 16:8e0d178b1d1e 29998 case NID_sha3_384: type = SHA3_384h; break;
wolfSSL 16:8e0d178b1d1e 29999 #endif
wolfSSL 16:8e0d178b1d1e 30000 #ifndef WOLFSSL_NOSHA3_512
wolfSSL 16:8e0d178b1d1e 30001 case NID_sha3_512: type = SHA3_512h; break;
wolfSSL 16:8e0d178b1d1e 30002 #endif
wolfSSL 15:117db924cf7c 30003 default:
wolfSSL 15:117db924cf7c 30004 WOLFSSL_MSG("This NID (md type) not configured or not implemented");
wolfSSL 15:117db924cf7c 30005 return 0;
wolfSSL 15:117db924cf7c 30006 }
wolfSSL 15:117db924cf7c 30007
wolfSSL 15:117db924cf7c 30008 if (rsa->inSet == 0)
wolfSSL 15:117db924cf7c 30009 {
wolfSSL 15:117db924cf7c 30010 WOLFSSL_MSG("No RSA internal set, do it");
wolfSSL 15:117db924cf7c 30011
wolfSSL 15:117db924cf7c 30012 if (SetRsaInternal(rsa) != WOLFSSL_SUCCESS) {
wolfSSL 15:117db924cf7c 30013 WOLFSSL_MSG("SetRsaInternal failed");
wolfSSL 15:117db924cf7c 30014 return 0;
wolfSSL 15:117db924cf7c 30015 }
wolfSSL 15:117db924cf7c 30016 }
wolfSSL 15:117db924cf7c 30017
wolfSSL 15:117db924cf7c 30018 outLen = (word32)wolfSSL_BN_num_bytes(rsa->n);
wolfSSL 15:117db924cf7c 30019
wolfSSL 15:117db924cf7c 30020 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 30021 tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG);
wolfSSL 15:117db924cf7c 30022 if (tmpRNG == NULL)
wolfSSL 15:117db924cf7c 30023 return 0;
wolfSSL 15:117db924cf7c 30024
wolfSSL 15:117db924cf7c 30025 encodedSig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ, NULL,
wolfSSL 15:117db924cf7c 30026 DYNAMIC_TYPE_SIGNATURE);
wolfSSL 15:117db924cf7c 30027 if (encodedSig == NULL) {
wolfSSL 15:117db924cf7c 30028 XFREE(tmpRNG, NULL, DYNAMIC_TYPE_RNG);
wolfSSL 15:117db924cf7c 30029 return 0;
wolfSSL 15:117db924cf7c 30030 }
wolfSSL 15:117db924cf7c 30031 #endif
wolfSSL 15:117db924cf7c 30032
wolfSSL 15:117db924cf7c 30033 if (outLen == 0)
wolfSSL 15:117db924cf7c 30034 WOLFSSL_MSG("Bad RSA size");
wolfSSL 15:117db924cf7c 30035 else if (wc_InitRng(tmpRNG) == 0) {
wolfSSL 15:117db924cf7c 30036 rng = tmpRNG;
wolfSSL 15:117db924cf7c 30037 initTmpRng = 1;
wolfSSL 15:117db924cf7c 30038 }
wolfSSL 15:117db924cf7c 30039 else {
wolfSSL 15:117db924cf7c 30040 WOLFSSL_MSG("Bad RNG Init, trying global");
wolfSSL 15:117db924cf7c 30041
wolfSSL 15:117db924cf7c 30042 if (initGlobalRNG == 0)
wolfSSL 15:117db924cf7c 30043 WOLFSSL_MSG("Global RNG no Init");
wolfSSL 15:117db924cf7c 30044 else
wolfSSL 15:117db924cf7c 30045 rng = &globalRNG;
wolfSSL 15:117db924cf7c 30046 }
wolfSSL 15:117db924cf7c 30047
wolfSSL 15:117db924cf7c 30048 if (rng) {
wolfSSL 15:117db924cf7c 30049
wolfSSL 15:117db924cf7c 30050 signSz = wc_EncodeSignature(encodedSig, m, mLen, type);
wolfSSL 15:117db924cf7c 30051 if (signSz == 0) {
wolfSSL 15:117db924cf7c 30052 WOLFSSL_MSG("Bad Encode Signature");
wolfSSL 15:117db924cf7c 30053 }
wolfSSL 15:117db924cf7c 30054 else {
wolfSSL 15:117db924cf7c 30055 show("Encoded Message", encodedSig, signSz);
wolfSSL 15:117db924cf7c 30056 if (flag != 0) {
wolfSSL 15:117db924cf7c 30057 ret = wc_RsaSSL_Sign(encodedSig, signSz, sigRet, outLen,
wolfSSL 15:117db924cf7c 30058 (RsaKey*)rsa->internal, rng);
wolfSSL 15:117db924cf7c 30059 if (ret <= 0) {
wolfSSL 15:117db924cf7c 30060 WOLFSSL_MSG("Bad Rsa Sign");
wolfSSL 15:117db924cf7c 30061 ret = 0;
wolfSSL 15:117db924cf7c 30062 }
wolfSSL 15:117db924cf7c 30063 else {
wolfSSL 15:117db924cf7c 30064 *sigLen = (unsigned int)ret;
wolfSSL 15:117db924cf7c 30065 ret = SSL_SUCCESS;
wolfSSL 15:117db924cf7c 30066 show("Signature", sigRet, *sigLen);
wolfSSL 15:117db924cf7c 30067 }
wolfSSL 15:117db924cf7c 30068 } else {
wolfSSL 15:117db924cf7c 30069 ret = SSL_SUCCESS;
wolfSSL 15:117db924cf7c 30070 XMEMCPY(sigRet, encodedSig, signSz);
wolfSSL 15:117db924cf7c 30071 *sigLen = signSz;
wolfSSL 15:117db924cf7c 30072 }
wolfSSL 15:117db924cf7c 30073 }
wolfSSL 15:117db924cf7c 30074
wolfSSL 15:117db924cf7c 30075 }
wolfSSL 15:117db924cf7c 30076
wolfSSL 15:117db924cf7c 30077 if (initTmpRng)
wolfSSL 15:117db924cf7c 30078 wc_FreeRng(tmpRNG);
wolfSSL 15:117db924cf7c 30079
wolfSSL 15:117db924cf7c 30080 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 30081 XFREE(tmpRNG, NULL, DYNAMIC_TYPE_RNG);
wolfSSL 15:117db924cf7c 30082 XFREE(encodedSig, NULL, DYNAMIC_TYPE_SIGNATURE);
wolfSSL 15:117db924cf7c 30083 #endif
wolfSSL 15:117db924cf7c 30084
wolfSSL 15:117db924cf7c 30085 if (ret == WOLFSSL_SUCCESS)
wolfSSL 15:117db924cf7c 30086 WOLFSSL_MSG("wolfSSL_RSA_sign success");
wolfSSL 15:117db924cf7c 30087 else {
wolfSSL 15:117db924cf7c 30088 WOLFSSL_MSG("wolfSSL_RSA_sign failed");
wolfSSL 15:117db924cf7c 30089 }
wolfSSL 15:117db924cf7c 30090 return ret;
wolfSSL 15:117db924cf7c 30091 }
wolfSSL 15:117db924cf7c 30092
wolfSSL 15:117db924cf7c 30093
wolfSSL 15:117db924cf7c 30094 /* returns WOLFSSL_SUCCESS on successful verify and WOLFSSL_FAILURE on fail */
wolfSSL 15:117db924cf7c 30095 int wolfSSL_RSA_verify(int type, const unsigned char* m,
wolfSSL 15:117db924cf7c 30096 unsigned int mLen, const unsigned char* sig,
wolfSSL 15:117db924cf7c 30097 unsigned int sigLen, WOLFSSL_RSA* rsa)
wolfSSL 15:117db924cf7c 30098 {
wolfSSL 15:117db924cf7c 30099 int ret;
wolfSSL 15:117db924cf7c 30100 unsigned char *sigRet ;
wolfSSL 15:117db924cf7c 30101 unsigned char *sigDec ;
wolfSSL 15:117db924cf7c 30102 unsigned int len;
wolfSSL 15:117db924cf7c 30103
wolfSSL 15:117db924cf7c 30104 WOLFSSL_ENTER("wolfSSL_RSA_verify");
wolfSSL 15:117db924cf7c 30105 if ((m == NULL) || (sig == NULL)) {
wolfSSL 15:117db924cf7c 30106 WOLFSSL_MSG("Bad function arguments");
wolfSSL 15:117db924cf7c 30107 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 30108 }
wolfSSL 15:117db924cf7c 30109
wolfSSL 15:117db924cf7c 30110 sigRet = (unsigned char *)XMALLOC(sigLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 30111 if (sigRet == NULL) {
wolfSSL 15:117db924cf7c 30112 WOLFSSL_MSG("Memory failure");
wolfSSL 15:117db924cf7c 30113 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 30114 }
wolfSSL 15:117db924cf7c 30115 sigDec = (unsigned char *)XMALLOC(sigLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 30116 if (sigDec == NULL) {
wolfSSL 15:117db924cf7c 30117 WOLFSSL_MSG("Memory failure");
wolfSSL 15:117db924cf7c 30118 XFREE(sigRet, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 30119 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 30120 }
wolfSSL 16:8e0d178b1d1e 30121 /* get non-encrypted signature to be compared with decrypted signature */
wolfSSL 15:117db924cf7c 30122 ret = wolfSSL_RSA_sign_ex(type, m, mLen, sigRet, &len, rsa, 0);
wolfSSL 15:117db924cf7c 30123 if (ret <= 0) {
wolfSSL 15:117db924cf7c 30124 WOLFSSL_MSG("Message Digest Error");
wolfSSL 15:117db924cf7c 30125 XFREE(sigRet, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 30126 XFREE(sigDec, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 30127 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 30128 }
wolfSSL 15:117db924cf7c 30129 show("Encoded Message", sigRet, len);
wolfSSL 15:117db924cf7c 30130 /* decrypt signature */
wolfSSL 15:117db924cf7c 30131 ret = wc_RsaSSL_Verify(sig, sigLen, (unsigned char *)sigDec, sigLen,
wolfSSL 15:117db924cf7c 30132 (RsaKey*)rsa->internal);
wolfSSL 15:117db924cf7c 30133 if (ret <= 0) {
wolfSSL 15:117db924cf7c 30134 WOLFSSL_MSG("RSA Decrypt error");
wolfSSL 15:117db924cf7c 30135 XFREE(sigRet, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 30136 XFREE(sigDec, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 30137 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 30138 }
wolfSSL 15:117db924cf7c 30139 show("Decrypted Signature", sigDec, ret);
wolfSSL 15:117db924cf7c 30140
wolfSSL 15:117db924cf7c 30141 if ((int)len == ret && XMEMCMP(sigRet, sigDec, ret) == 0) {
wolfSSL 15:117db924cf7c 30142 WOLFSSL_MSG("wolfSSL_RSA_verify success");
wolfSSL 15:117db924cf7c 30143 XFREE(sigRet, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 30144 XFREE(sigDec, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 30145 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 30146 }
wolfSSL 15:117db924cf7c 30147 else {
wolfSSL 15:117db924cf7c 30148 WOLFSSL_MSG("wolfSSL_RSA_verify failed");
wolfSSL 15:117db924cf7c 30149 XFREE(sigRet, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 30150 XFREE(sigDec, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 30151 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 30152 }
wolfSSL 15:117db924cf7c 30153 }
wolfSSL 15:117db924cf7c 30154
wolfSSL 16:8e0d178b1d1e 30155 void wolfSSL_RSA_get0_key(const WOLFSSL_RSA *r, const WOLFSSL_BIGNUM **n,
wolfSSL 16:8e0d178b1d1e 30156 const WOLFSSL_BIGNUM **e, const WOLFSSL_BIGNUM **d)
wolfSSL 16:8e0d178b1d1e 30157 {
wolfSSL 16:8e0d178b1d1e 30158 WOLFSSL_ENTER("wolfSSL_RSA_get0_key");
wolfSSL 16:8e0d178b1d1e 30159
wolfSSL 16:8e0d178b1d1e 30160 if (r != NULL) {
wolfSSL 16:8e0d178b1d1e 30161 if (n != NULL)
wolfSSL 16:8e0d178b1d1e 30162 *n = r->n;
wolfSSL 16:8e0d178b1d1e 30163 if (e != NULL)
wolfSSL 16:8e0d178b1d1e 30164 *e = r->e;
wolfSSL 16:8e0d178b1d1e 30165 if (d != NULL)
wolfSSL 16:8e0d178b1d1e 30166 *d = r->d;
wolfSSL 16:8e0d178b1d1e 30167 } else {
wolfSSL 16:8e0d178b1d1e 30168 if (n != NULL)
wolfSSL 16:8e0d178b1d1e 30169 *n = NULL;
wolfSSL 16:8e0d178b1d1e 30170 if (e != NULL)
wolfSSL 16:8e0d178b1d1e 30171 *e = NULL;
wolfSSL 16:8e0d178b1d1e 30172 if (d != NULL)
wolfSSL 16:8e0d178b1d1e 30173 *d = NULL;
wolfSSL 16:8e0d178b1d1e 30174 }
wolfSSL 16:8e0d178b1d1e 30175 }
wolfSSL 15:117db924cf7c 30176
wolfSSL 15:117db924cf7c 30177 /* generate p-1 and q-1, WOLFSSL_SUCCESS on ok */
wolfSSL 15:117db924cf7c 30178 int wolfSSL_RSA_GenAdd(WOLFSSL_RSA* rsa)
wolfSSL 15:117db924cf7c 30179 {
wolfSSL 15:117db924cf7c 30180 int err;
wolfSSL 15:117db924cf7c 30181 mp_int tmp;
wolfSSL 15:117db924cf7c 30182
wolfSSL 15:117db924cf7c 30183 WOLFSSL_MSG("wolfSSL_RsaGenAdd");
wolfSSL 15:117db924cf7c 30184
wolfSSL 15:117db924cf7c 30185 if (rsa == NULL || rsa->p == NULL || rsa->q == NULL || rsa->d == NULL ||
wolfSSL 15:117db924cf7c 30186 rsa->dmp1 == NULL || rsa->dmq1 == NULL) {
wolfSSL 15:117db924cf7c 30187 WOLFSSL_MSG("rsa no init error");
wolfSSL 15:117db924cf7c 30188 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 30189 }
wolfSSL 15:117db924cf7c 30190
wolfSSL 15:117db924cf7c 30191 if (mp_init(&tmp) != MP_OKAY) {
wolfSSL 15:117db924cf7c 30192 WOLFSSL_MSG("mp_init error");
wolfSSL 15:117db924cf7c 30193 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 30194 }
wolfSSL 15:117db924cf7c 30195
wolfSSL 15:117db924cf7c 30196 err = mp_sub_d((mp_int*)rsa->p->internal, 1, &tmp);
wolfSSL 15:117db924cf7c 30197 if (err != MP_OKAY) {
wolfSSL 15:117db924cf7c 30198 WOLFSSL_MSG("mp_sub_d error");
wolfSSL 15:117db924cf7c 30199 }
wolfSSL 15:117db924cf7c 30200 else
wolfSSL 15:117db924cf7c 30201 err = mp_mod((mp_int*)rsa->d->internal, &tmp,
wolfSSL 15:117db924cf7c 30202 (mp_int*)rsa->dmp1->internal);
wolfSSL 15:117db924cf7c 30203
wolfSSL 15:117db924cf7c 30204 if (err != MP_OKAY) {
wolfSSL 15:117db924cf7c 30205 WOLFSSL_MSG("mp_mod error");
wolfSSL 15:117db924cf7c 30206 }
wolfSSL 15:117db924cf7c 30207 else
wolfSSL 15:117db924cf7c 30208 err = mp_sub_d((mp_int*)rsa->q->internal, 1, &tmp);
wolfSSL 15:117db924cf7c 30209 if (err != MP_OKAY) {
wolfSSL 15:117db924cf7c 30210 WOLFSSL_MSG("mp_sub_d error");
wolfSSL 15:117db924cf7c 30211 }
wolfSSL 15:117db924cf7c 30212 else
wolfSSL 15:117db924cf7c 30213 err = mp_mod((mp_int*)rsa->d->internal, &tmp,
wolfSSL 15:117db924cf7c 30214 (mp_int*)rsa->dmq1->internal);
wolfSSL 15:117db924cf7c 30215
wolfSSL 15:117db924cf7c 30216 mp_clear(&tmp);
wolfSSL 15:117db924cf7c 30217
wolfSSL 15:117db924cf7c 30218 if (err == MP_OKAY)
wolfSSL 15:117db924cf7c 30219 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 30220 else
wolfSSL 15:117db924cf7c 30221 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 30222 }
wolfSSL 16:8e0d178b1d1e 30223 #endif /* !NO_RSA && !HAVE_USER_RSA */
wolfSSL 16:8e0d178b1d1e 30224
wolfSSL 16:8e0d178b1d1e 30225 WOLFSSL_HMAC_CTX* wolfSSL_HMAC_CTX_new(void)
wolfSSL 16:8e0d178b1d1e 30226 {
wolfSSL 16:8e0d178b1d1e 30227 return (WOLFSSL_HMAC_CTX*)XMALLOC(sizeof(WOLFSSL_HMAC_CTX), NULL,
wolfSSL 16:8e0d178b1d1e 30228 DYNAMIC_TYPE_OPENSSL);
wolfSSL 16:8e0d178b1d1e 30229 }
wolfSSL 15:117db924cf7c 30230
wolfSSL 15:117db924cf7c 30231 int wolfSSL_HMAC_CTX_Init(WOLFSSL_HMAC_CTX* ctx)
wolfSSL 15:117db924cf7c 30232 {
wolfSSL 15:117db924cf7c 30233 WOLFSSL_MSG("wolfSSL_HMAC_CTX_Init");
wolfSSL 15:117db924cf7c 30234
wolfSSL 15:117db924cf7c 30235 if (ctx != NULL) {
wolfSSL 15:117db924cf7c 30236 /* wc_HmacSetKey sets up ctx->hmac */
wolfSSL 15:117db924cf7c 30237 XMEMSET(ctx, 0, sizeof(WOLFSSL_HMAC_CTX));
wolfSSL 15:117db924cf7c 30238 }
wolfSSL 15:117db924cf7c 30239
wolfSSL 15:117db924cf7c 30240 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 30241 }
wolfSSL 15:117db924cf7c 30242
wolfSSL 15:117db924cf7c 30243
wolfSSL 15:117db924cf7c 30244 int wolfSSL_HMAC_Init_ex(WOLFSSL_HMAC_CTX* ctx, const void* key,
wolfSSL 15:117db924cf7c 30245 int keylen, const EVP_MD* type, WOLFSSL_ENGINE* e)
wolfSSL 15:117db924cf7c 30246 {
wolfSSL 15:117db924cf7c 30247 WOLFSSL_ENTER("wolfSSL_HMAC_Init_ex");
wolfSSL 15:117db924cf7c 30248
wolfSSL 15:117db924cf7c 30249 /* WOLFSSL_ENGINE not used, call wolfSSL_HMAC_Init */
wolfSSL 15:117db924cf7c 30250 (void)e;
wolfSSL 15:117db924cf7c 30251 return wolfSSL_HMAC_Init(ctx, key, keylen, type);
wolfSSL 15:117db924cf7c 30252 }
wolfSSL 15:117db924cf7c 30253
wolfSSL 15:117db924cf7c 30254
wolfSSL 16:8e0d178b1d1e 30255 /* helper function for Deep copy of internal wolfSSL hmac structure
wolfSSL 16:8e0d178b1d1e 30256 * returns WOLFSSL_SUCCESS on success */
wolfSSL 16:8e0d178b1d1e 30257 int wolfSSL_HmacCopy(Hmac* des, Hmac* src)
wolfSSL 16:8e0d178b1d1e 30258 {
wolfSSL 16:8e0d178b1d1e 30259 void* heap;
wolfSSL 15:117db924cf7c 30260
wolfSSL 15:117db924cf7c 30261 #ifndef HAVE_FIPS
wolfSSL 16:8e0d178b1d1e 30262 heap = src->heap;
wolfSSL 16:8e0d178b1d1e 30263 #else
wolfSSL 16:8e0d178b1d1e 30264 heap = NULL;
wolfSSL 16:8e0d178b1d1e 30265 #endif
wolfSSL 16:8e0d178b1d1e 30266 if (wc_HmacInit(des, heap, 0) != 0) {
wolfSSL 16:8e0d178b1d1e 30267 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 30268 }
wolfSSL 15:117db924cf7c 30269
wolfSSL 15:117db924cf7c 30270 /* requires that hash structures have no dynamic parts to them */
wolfSSL 16:8e0d178b1d1e 30271 switch (src->macType) {
wolfSSL 15:117db924cf7c 30272 #ifndef NO_MD5
wolfSSL 15:117db924cf7c 30273 case WC_MD5:
wolfSSL 16:8e0d178b1d1e 30274 wc_Md5Copy(&src->hash.md5, &des->hash.md5);
wolfSSL 15:117db924cf7c 30275 break;
wolfSSL 15:117db924cf7c 30276 #endif /* !NO_MD5 */
wolfSSL 15:117db924cf7c 30277
wolfSSL 15:117db924cf7c 30278 #ifndef NO_SHA
wolfSSL 15:117db924cf7c 30279 case WC_SHA:
wolfSSL 16:8e0d178b1d1e 30280 wc_ShaCopy(&src->hash.sha, &des->hash.sha);
wolfSSL 15:117db924cf7c 30281 break;
wolfSSL 15:117db924cf7c 30282 #endif /* !NO_SHA */
wolfSSL 15:117db924cf7c 30283
wolfSSL 15:117db924cf7c 30284 #ifdef WOLFSSL_SHA224
wolfSSL 15:117db924cf7c 30285 case WC_SHA224:
wolfSSL 16:8e0d178b1d1e 30286 wc_Sha224Copy(&src->hash.sha224, &des->hash.sha224);
wolfSSL 15:117db924cf7c 30287 break;
wolfSSL 15:117db924cf7c 30288 #endif /* WOLFSSL_SHA224 */
wolfSSL 15:117db924cf7c 30289
wolfSSL 15:117db924cf7c 30290 #ifndef NO_SHA256
wolfSSL 15:117db924cf7c 30291 case WC_SHA256:
wolfSSL 16:8e0d178b1d1e 30292 wc_Sha256Copy(&src->hash.sha256, &des->hash.sha256);
wolfSSL 15:117db924cf7c 30293 break;
wolfSSL 15:117db924cf7c 30294 #endif /* !NO_SHA256 */
wolfSSL 15:117db924cf7c 30295
wolfSSL 15:117db924cf7c 30296 #ifdef WOLFSSL_SHA384
wolfSSL 15:117db924cf7c 30297 case WC_SHA384:
wolfSSL 16:8e0d178b1d1e 30298 wc_Sha384Copy(&src->hash.sha384, &des->hash.sha384);
wolfSSL 15:117db924cf7c 30299 break;
wolfSSL 15:117db924cf7c 30300 #endif /* WOLFSSL_SHA384 */
wolfSSL 15:117db924cf7c 30301 #ifdef WOLFSSL_SHA512
wolfSSL 15:117db924cf7c 30302 case WC_SHA512:
wolfSSL 16:8e0d178b1d1e 30303 wc_Sha512Copy(&src->hash.sha512, &des->hash.sha512);
wolfSSL 15:117db924cf7c 30304 break;
wolfSSL 15:117db924cf7c 30305 #endif /* WOLFSSL_SHA512 */
wolfSSL 15:117db924cf7c 30306
wolfSSL 15:117db924cf7c 30307 default:
wolfSSL 16:8e0d178b1d1e 30308 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 30309 }
wolfSSL 16:8e0d178b1d1e 30310
wolfSSL 16:8e0d178b1d1e 30311 XMEMCPY((byte*)des->ipad, (byte*)src->ipad, WC_HMAC_BLOCK_SIZE);
wolfSSL 16:8e0d178b1d1e 30312 XMEMCPY((byte*)des->opad, (byte*)src->opad, WC_HMAC_BLOCK_SIZE);
wolfSSL 16:8e0d178b1d1e 30313 XMEMCPY((byte*)des->innerHash, (byte*)src->innerHash, WC_MAX_DIGEST_SIZE);
wolfSSL 15:117db924cf7c 30314 #ifndef HAVE_FIPS
wolfSSL 16:8e0d178b1d1e 30315 des->heap = heap;
wolfSSL 16:8e0d178b1d1e 30316 #endif
wolfSSL 16:8e0d178b1d1e 30317 des->macType = src->macType;
wolfSSL 16:8e0d178b1d1e 30318 des->innerHashKeyed = src->innerHashKeyed;
wolfSSL 16:8e0d178b1d1e 30319
wolfSSL 16:8e0d178b1d1e 30320 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 16:8e0d178b1d1e 30321 XMEMCPY(&des->asyncDev, &src->asyncDev, sizeof(WC_ASYNC_DEV));
wolfSSL 16:8e0d178b1d1e 30322 des->keyLen = src->keyLen;
wolfSSL 16:8e0d178b1d1e 30323 #ifdef HAVE_CAVIUM
wolfSSL 16:8e0d178b1d1e 30324 des->data = (byte*)XMALLOC(src->dataLen, des->heap,
wolfSSL 16:8e0d178b1d1e 30325 DYNAMIC_TYPE_HMAC);
wolfSSL 16:8e0d178b1d1e 30326 if (des->data == NULL) {
wolfSSL 16:8e0d178b1d1e 30327 return BUFFER_E;
wolfSSL 16:8e0d178b1d1e 30328 }
wolfSSL 16:8e0d178b1d1e 30329 XMEMCPY(des->data, src->data, src->dataLen);
wolfSSL 16:8e0d178b1d1e 30330 des->dataLen = src->dataLen;
wolfSSL 16:8e0d178b1d1e 30331 #endif /* HAVE_CAVIUM */
wolfSSL 16:8e0d178b1d1e 30332 #endif /* WOLFSSL_ASYNC_CRYPT */
wolfSSL 16:8e0d178b1d1e 30333 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 30334 }
wolfSSL 16:8e0d178b1d1e 30335
wolfSSL 16:8e0d178b1d1e 30336
wolfSSL 16:8e0d178b1d1e 30337 /* Deep copy of information from src to des structure
wolfSSL 16:8e0d178b1d1e 30338 *
wolfSSL 16:8e0d178b1d1e 30339 * des destination to copy information to
wolfSSL 16:8e0d178b1d1e 30340 * src structure to get information from
wolfSSL 16:8e0d178b1d1e 30341 *
wolfSSL 16:8e0d178b1d1e 30342 * Returns WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on error
wolfSSL 16:8e0d178b1d1e 30343 */
wolfSSL 16:8e0d178b1d1e 30344 int wolfSSL_HMAC_CTX_copy(WOLFSSL_HMAC_CTX* des, WOLFSSL_HMAC_CTX* src)
wolfSSL 16:8e0d178b1d1e 30345 {
wolfSSL 16:8e0d178b1d1e 30346 WOLFSSL_ENTER("wolfSSL_HMAC_CTX_copy");
wolfSSL 16:8e0d178b1d1e 30347
wolfSSL 16:8e0d178b1d1e 30348 if (des == NULL || src == NULL) {
wolfSSL 16:8e0d178b1d1e 30349 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 30350 }
wolfSSL 16:8e0d178b1d1e 30351
wolfSSL 16:8e0d178b1d1e 30352 des->type = src->type;
wolfSSL 15:117db924cf7c 30353 XMEMCPY((byte *)&des->save_ipad, (byte *)&src->hmac.ipad,
wolfSSL 15:117db924cf7c 30354 WC_HMAC_BLOCK_SIZE);
wolfSSL 15:117db924cf7c 30355 XMEMCPY((byte *)&des->save_opad, (byte *)&src->hmac.opad,
wolfSSL 15:117db924cf7c 30356 WC_HMAC_BLOCK_SIZE);
wolfSSL 15:117db924cf7c 30357
wolfSSL 16:8e0d178b1d1e 30358 return wolfSSL_HmacCopy(&des->hmac, &src->hmac);
wolfSSL 16:8e0d178b1d1e 30359 }
wolfSSL 16:8e0d178b1d1e 30360
wolfSSL 15:117db924cf7c 30361
wolfSSL 15:117db924cf7c 30362 #if defined(HAVE_FIPS) && \
wolfSSL 15:117db924cf7c 30363 (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))
wolfSSL 15:117db924cf7c 30364
wolfSSL 15:117db924cf7c 30365 static int _HMAC_Init(Hmac* hmac, int type, void* heap)
wolfSSL 15:117db924cf7c 30366 {
wolfSSL 15:117db924cf7c 30367 int ret = 0;
wolfSSL 15:117db924cf7c 30368
wolfSSL 15:117db924cf7c 30369 switch (type) {
wolfSSL 15:117db924cf7c 30370 #ifndef NO_MD5
wolfSSL 15:117db924cf7c 30371 case WC_MD5:
wolfSSL 15:117db924cf7c 30372 ret = wc_InitMd5(&hmac->hash.md5);
wolfSSL 15:117db924cf7c 30373 break;
wolfSSL 15:117db924cf7c 30374 #endif /* !NO_MD5 */
wolfSSL 15:117db924cf7c 30375
wolfSSL 15:117db924cf7c 30376 #ifndef NO_SHA
wolfSSL 15:117db924cf7c 30377 case WC_SHA:
wolfSSL 15:117db924cf7c 30378 ret = wc_InitSha(&hmac->hash.sha);
wolfSSL 15:117db924cf7c 30379 break;
wolfSSL 15:117db924cf7c 30380 #endif /* !NO_SHA */
wolfSSL 15:117db924cf7c 30381
wolfSSL 15:117db924cf7c 30382 #ifdef WOLFSSL_SHA224
wolfSSL 15:117db924cf7c 30383 case WC_SHA224:
wolfSSL 15:117db924cf7c 30384 ret = wc_InitSha224(&hmac->hash.sha224);
wolfSSL 15:117db924cf7c 30385 break;
wolfSSL 15:117db924cf7c 30386 #endif /* WOLFSSL_SHA224 */
wolfSSL 15:117db924cf7c 30387
wolfSSL 15:117db924cf7c 30388 #ifndef NO_SHA256
wolfSSL 15:117db924cf7c 30389 case WC_SHA256:
wolfSSL 15:117db924cf7c 30390 ret = wc_InitSha256(&hmac->hash.sha256);
wolfSSL 15:117db924cf7c 30391 break;
wolfSSL 15:117db924cf7c 30392 #endif /* !NO_SHA256 */
wolfSSL 15:117db924cf7c 30393
wolfSSL 15:117db924cf7c 30394 #ifdef WOLFSSL_SHA384
wolfSSL 15:117db924cf7c 30395 case WC_SHA384:
wolfSSL 15:117db924cf7c 30396 ret = wc_InitSha384(&hmac->hash.sha384);
wolfSSL 15:117db924cf7c 30397 break;
wolfSSL 15:117db924cf7c 30398 #endif /* WOLFSSL_SHA384 */
wolfSSL 15:117db924cf7c 30399 #ifdef WOLFSSL_SHA512
wolfSSL 15:117db924cf7c 30400 case WC_SHA512:
wolfSSL 15:117db924cf7c 30401 ret = wc_InitSha512(&hmac->hash.sha512);
wolfSSL 15:117db924cf7c 30402 break;
wolfSSL 15:117db924cf7c 30403 #endif /* WOLFSSL_SHA512 */
wolfSSL 15:117db924cf7c 30404
wolfSSL 15:117db924cf7c 30405 #ifdef WOLFSSL_SHA3
wolfSSL 15:117db924cf7c 30406 case WC_SHA3_224:
wolfSSL 15:117db924cf7c 30407 ret = wc_InitSha3_224(&hmac->hash.sha3, heap, INVALID_DEVID);
wolfSSL 15:117db924cf7c 30408 break;
wolfSSL 15:117db924cf7c 30409 case WC_SHA3_256:
wolfSSL 15:117db924cf7c 30410 ret = wc_InitSha3_256(&hmac->hash.sha3, heap, INVALID_DEVID);
wolfSSL 15:117db924cf7c 30411 break;
wolfSSL 15:117db924cf7c 30412 case WC_SHA3_384:
wolfSSL 15:117db924cf7c 30413 ret = wc_InitSha3_384(&hmac->hash.sha3, heap, INVALID_DEVID);
wolfSSL 15:117db924cf7c 30414 break;
wolfSSL 15:117db924cf7c 30415 case WC_SHA3_512:
wolfSSL 15:117db924cf7c 30416 ret = wc_InitSha3_512(&hmac->hash.sha3, heap, INVALID_DEVID);
wolfSSL 15:117db924cf7c 30417 break;
wolfSSL 15:117db924cf7c 30418 #endif
wolfSSL 15:117db924cf7c 30419
wolfSSL 15:117db924cf7c 30420 default:
wolfSSL 15:117db924cf7c 30421 ret = BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 30422 break;
wolfSSL 15:117db924cf7c 30423 }
wolfSSL 15:117db924cf7c 30424
wolfSSL 15:117db924cf7c 30425 (void)heap;
wolfSSL 15:117db924cf7c 30426
wolfSSL 15:117db924cf7c 30427 return ret;
wolfSSL 15:117db924cf7c 30428 }
wolfSSL 15:117db924cf7c 30429
wolfSSL 15:117db924cf7c 30430 #else
wolfSSL 15:117db924cf7c 30431 #define _HMAC_Init _InitHmac
wolfSSL 15:117db924cf7c 30432 #endif
wolfSSL 15:117db924cf7c 30433
wolfSSL 15:117db924cf7c 30434
wolfSSL 15:117db924cf7c 30435 int wolfSSL_HMAC_Init(WOLFSSL_HMAC_CTX* ctx, const void* key, int keylen,
wolfSSL 15:117db924cf7c 30436 const EVP_MD* type)
wolfSSL 15:117db924cf7c 30437 {
wolfSSL 15:117db924cf7c 30438 int hmac_error = 0;
wolfSSL 15:117db924cf7c 30439 void* heap = NULL;
wolfSSL 15:117db924cf7c 30440
wolfSSL 15:117db924cf7c 30441 WOLFSSL_MSG("wolfSSL_HMAC_Init");
wolfSSL 15:117db924cf7c 30442
wolfSSL 15:117db924cf7c 30443 if (ctx == NULL) {
wolfSSL 15:117db924cf7c 30444 WOLFSSL_MSG("no ctx on init");
wolfSSL 15:117db924cf7c 30445 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 30446 }
wolfSSL 15:117db924cf7c 30447
wolfSSL 15:117db924cf7c 30448 #ifndef HAVE_FIPS
wolfSSL 15:117db924cf7c 30449 heap = ctx->hmac.heap;
wolfSSL 15:117db924cf7c 30450 #endif
wolfSSL 15:117db924cf7c 30451
wolfSSL 15:117db924cf7c 30452 if (type) {
wolfSSL 15:117db924cf7c 30453 WOLFSSL_MSG("init has type");
wolfSSL 15:117db924cf7c 30454
wolfSSL 15:117db924cf7c 30455 #ifndef NO_MD5
wolfSSL 15:117db924cf7c 30456 if (XSTRNCMP(type, "MD5", 3) == 0) {
wolfSSL 15:117db924cf7c 30457 WOLFSSL_MSG("md5 hmac");
wolfSSL 15:117db924cf7c 30458 ctx->type = WC_MD5;
wolfSSL 15:117db924cf7c 30459 }
wolfSSL 15:117db924cf7c 30460 else
wolfSSL 15:117db924cf7c 30461 #endif
wolfSSL 15:117db924cf7c 30462 #ifdef WOLFSSL_SHA224
wolfSSL 15:117db924cf7c 30463 if (XSTRNCMP(type, "SHA224", 6) == 0) {
wolfSSL 15:117db924cf7c 30464 WOLFSSL_MSG("sha224 hmac");
wolfSSL 15:117db924cf7c 30465 ctx->type = WC_SHA224;
wolfSSL 15:117db924cf7c 30466 }
wolfSSL 15:117db924cf7c 30467 else
wolfSSL 15:117db924cf7c 30468 #endif
wolfSSL 15:117db924cf7c 30469 #ifndef NO_SHA256
wolfSSL 15:117db924cf7c 30470 if (XSTRNCMP(type, "SHA256", 6) == 0) {
wolfSSL 15:117db924cf7c 30471 WOLFSSL_MSG("sha256 hmac");
wolfSSL 15:117db924cf7c 30472 ctx->type = WC_SHA256;
wolfSSL 15:117db924cf7c 30473 }
wolfSSL 15:117db924cf7c 30474 else
wolfSSL 15:117db924cf7c 30475 #endif
wolfSSL 15:117db924cf7c 30476 #ifdef WOLFSSL_SHA384
wolfSSL 15:117db924cf7c 30477 if (XSTRNCMP(type, "SHA384", 6) == 0) {
wolfSSL 15:117db924cf7c 30478 WOLFSSL_MSG("sha384 hmac");
wolfSSL 15:117db924cf7c 30479 ctx->type = WC_SHA384;
wolfSSL 15:117db924cf7c 30480 }
wolfSSL 15:117db924cf7c 30481 else
wolfSSL 15:117db924cf7c 30482 #endif
wolfSSL 15:117db924cf7c 30483 #ifdef WOLFSSL_SHA512
wolfSSL 15:117db924cf7c 30484 if (XSTRNCMP(type, "SHA512", 6) == 0) {
wolfSSL 15:117db924cf7c 30485 WOLFSSL_MSG("sha512 hmac");
wolfSSL 15:117db924cf7c 30486 ctx->type = WC_SHA512;
wolfSSL 15:117db924cf7c 30487 }
wolfSSL 15:117db924cf7c 30488 else
wolfSSL 15:117db924cf7c 30489 #endif
wolfSSL 15:117db924cf7c 30490
wolfSSL 15:117db924cf7c 30491 #ifndef NO_SHA
wolfSSL 15:117db924cf7c 30492 /* has to be last since would pick or 256, 384, or 512 too */
wolfSSL 15:117db924cf7c 30493 if (XSTRNCMP(type, "SHA", 3) == 0) {
wolfSSL 15:117db924cf7c 30494 WOLFSSL_MSG("sha hmac");
wolfSSL 15:117db924cf7c 30495 ctx->type = WC_SHA;
wolfSSL 15:117db924cf7c 30496 }
wolfSSL 15:117db924cf7c 30497 else
wolfSSL 15:117db924cf7c 30498 #endif
wolfSSL 15:117db924cf7c 30499 {
wolfSSL 15:117db924cf7c 30500 WOLFSSL_MSG("bad init type");
wolfSSL 15:117db924cf7c 30501 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 30502 }
wolfSSL 15:117db924cf7c 30503 }
wolfSSL 15:117db924cf7c 30504
wolfSSL 15:117db924cf7c 30505 if (key && keylen) {
wolfSSL 15:117db924cf7c 30506 WOLFSSL_MSG("keying hmac");
wolfSSL 15:117db924cf7c 30507
wolfSSL 15:117db924cf7c 30508 if (wc_HmacInit(&ctx->hmac, NULL, INVALID_DEVID) == 0) {
wolfSSL 15:117db924cf7c 30509 hmac_error = wc_HmacSetKey(&ctx->hmac, ctx->type, (const byte*)key,
wolfSSL 15:117db924cf7c 30510 (word32)keylen);
wolfSSL 15:117db924cf7c 30511 if (hmac_error < 0){
wolfSSL 15:117db924cf7c 30512 wc_HmacFree(&ctx->hmac);
wolfSSL 15:117db924cf7c 30513 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 30514 }
wolfSSL 15:117db924cf7c 30515 XMEMCPY((byte *)&ctx->save_ipad, (byte *)&ctx->hmac.ipad,
wolfSSL 15:117db924cf7c 30516 WC_HMAC_BLOCK_SIZE);
wolfSSL 15:117db924cf7c 30517 XMEMCPY((byte *)&ctx->save_opad, (byte *)&ctx->hmac.opad,
wolfSSL 15:117db924cf7c 30518 WC_HMAC_BLOCK_SIZE);
wolfSSL 15:117db924cf7c 30519 }
wolfSSL 15:117db924cf7c 30520 /* OpenSSL compat, no error */
wolfSSL 15:117db924cf7c 30521 } else if(ctx->type >= 0) { /* MD5 == 0 */
wolfSSL 15:117db924cf7c 30522 WOLFSSL_MSG("recover hmac");
wolfSSL 16:8e0d178b1d1e 30523 wc_HmacFree(&ctx->hmac);
wolfSSL 15:117db924cf7c 30524 if (wc_HmacInit(&ctx->hmac, NULL, INVALID_DEVID) == 0) {
wolfSSL 15:117db924cf7c 30525 ctx->hmac.macType = (byte)ctx->type;
wolfSSL 15:117db924cf7c 30526 ctx->hmac.innerHashKeyed = 0;
wolfSSL 15:117db924cf7c 30527 XMEMCPY((byte *)&ctx->hmac.ipad, (byte *)&ctx->save_ipad,
wolfSSL 15:117db924cf7c 30528 WC_HMAC_BLOCK_SIZE);
wolfSSL 15:117db924cf7c 30529 XMEMCPY((byte *)&ctx->hmac.opad, (byte *)&ctx->save_opad,
wolfSSL 15:117db924cf7c 30530 WC_HMAC_BLOCK_SIZE);
wolfSSL 15:117db924cf7c 30531 if ((hmac_error = _HMAC_Init(&ctx->hmac, ctx->hmac.macType, heap))
wolfSSL 15:117db924cf7c 30532 !=0) {
wolfSSL 15:117db924cf7c 30533 return hmac_error;
wolfSSL 15:117db924cf7c 30534 }
wolfSSL 15:117db924cf7c 30535 }
wolfSSL 15:117db924cf7c 30536 }
wolfSSL 15:117db924cf7c 30537
wolfSSL 15:117db924cf7c 30538 (void)hmac_error;
wolfSSL 15:117db924cf7c 30539
wolfSSL 15:117db924cf7c 30540 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 30541 }
wolfSSL 15:117db924cf7c 30542
wolfSSL 15:117db924cf7c 30543
wolfSSL 15:117db924cf7c 30544 int wolfSSL_HMAC_Update(WOLFSSL_HMAC_CTX* ctx, const unsigned char* data,
wolfSSL 15:117db924cf7c 30545 int len)
wolfSSL 15:117db924cf7c 30546 {
wolfSSL 15:117db924cf7c 30547 int hmac_error = 0;
wolfSSL 15:117db924cf7c 30548
wolfSSL 15:117db924cf7c 30549 WOLFSSL_MSG("wolfSSL_HMAC_Update");
wolfSSL 15:117db924cf7c 30550
wolfSSL 15:117db924cf7c 30551 if (ctx == NULL) {
wolfSSL 15:117db924cf7c 30552 WOLFSSL_MSG("no ctx");
wolfSSL 15:117db924cf7c 30553 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 30554 }
wolfSSL 15:117db924cf7c 30555
wolfSSL 15:117db924cf7c 30556 if (data) {
wolfSSL 15:117db924cf7c 30557 WOLFSSL_MSG("updating hmac");
wolfSSL 15:117db924cf7c 30558 hmac_error = wc_HmacUpdate(&ctx->hmac, data, (word32)len);
wolfSSL 15:117db924cf7c 30559 if (hmac_error < 0){
wolfSSL 15:117db924cf7c 30560 WOLFSSL_MSG("hmac update error");
wolfSSL 15:117db924cf7c 30561 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 30562 }
wolfSSL 15:117db924cf7c 30563 }
wolfSSL 15:117db924cf7c 30564
wolfSSL 15:117db924cf7c 30565 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 30566 }
wolfSSL 15:117db924cf7c 30567
wolfSSL 15:117db924cf7c 30568
wolfSSL 15:117db924cf7c 30569 int wolfSSL_HMAC_Final(WOLFSSL_HMAC_CTX* ctx, unsigned char* hash,
wolfSSL 15:117db924cf7c 30570 unsigned int* len)
wolfSSL 15:117db924cf7c 30571 {
wolfSSL 15:117db924cf7c 30572 int hmac_error;
wolfSSL 15:117db924cf7c 30573
wolfSSL 15:117db924cf7c 30574 WOLFSSL_MSG("wolfSSL_HMAC_Final");
wolfSSL 15:117db924cf7c 30575
wolfSSL 16:8e0d178b1d1e 30576 /* "len" parameter is optional. */
wolfSSL 15:117db924cf7c 30577 if (ctx == NULL || hash == NULL) {
wolfSSL 15:117db924cf7c 30578 WOLFSSL_MSG("invalid parameter");
wolfSSL 15:117db924cf7c 30579 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 30580 }
wolfSSL 15:117db924cf7c 30581
wolfSSL 15:117db924cf7c 30582 WOLFSSL_MSG("final hmac");
wolfSSL 15:117db924cf7c 30583 hmac_error = wc_HmacFinal(&ctx->hmac, hash);
wolfSSL 15:117db924cf7c 30584 if (hmac_error < 0){
wolfSSL 15:117db924cf7c 30585 WOLFSSL_MSG("final hmac error");
wolfSSL 15:117db924cf7c 30586 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 30587 }
wolfSSL 15:117db924cf7c 30588
wolfSSL 15:117db924cf7c 30589 if (len) {
wolfSSL 15:117db924cf7c 30590 WOLFSSL_MSG("setting output len");
wolfSSL 15:117db924cf7c 30591 switch (ctx->type) {
wolfSSL 15:117db924cf7c 30592 #ifndef NO_MD5
wolfSSL 15:117db924cf7c 30593 case WC_MD5:
wolfSSL 15:117db924cf7c 30594 *len = WC_MD5_DIGEST_SIZE;
wolfSSL 15:117db924cf7c 30595 break;
wolfSSL 15:117db924cf7c 30596 #endif
wolfSSL 15:117db924cf7c 30597
wolfSSL 15:117db924cf7c 30598 #ifndef NO_SHA
wolfSSL 15:117db924cf7c 30599 case WC_SHA:
wolfSSL 15:117db924cf7c 30600 *len = WC_SHA_DIGEST_SIZE;
wolfSSL 15:117db924cf7c 30601 break;
wolfSSL 15:117db924cf7c 30602 #endif
wolfSSL 15:117db924cf7c 30603
wolfSSL 15:117db924cf7c 30604 #ifdef WOLFSSL_SHA224
wolfSSL 15:117db924cf7c 30605 case WC_SHA224:
wolfSSL 15:117db924cf7c 30606 *len = WC_SHA224_DIGEST_SIZE;
wolfSSL 15:117db924cf7c 30607 break;
wolfSSL 15:117db924cf7c 30608 #endif
wolfSSL 15:117db924cf7c 30609
wolfSSL 15:117db924cf7c 30610 #ifndef NO_SHA256
wolfSSL 15:117db924cf7c 30611 case WC_SHA256:
wolfSSL 15:117db924cf7c 30612 *len = WC_SHA256_DIGEST_SIZE;
wolfSSL 15:117db924cf7c 30613 break;
wolfSSL 15:117db924cf7c 30614 #endif
wolfSSL 15:117db924cf7c 30615
wolfSSL 15:117db924cf7c 30616 #ifdef WOLFSSL_SHA384
wolfSSL 15:117db924cf7c 30617 case WC_SHA384:
wolfSSL 15:117db924cf7c 30618 *len = WC_SHA384_DIGEST_SIZE;
wolfSSL 15:117db924cf7c 30619 break;
wolfSSL 15:117db924cf7c 30620 #endif
wolfSSL 15:117db924cf7c 30621
wolfSSL 15:117db924cf7c 30622 #ifdef WOLFSSL_SHA512
wolfSSL 15:117db924cf7c 30623 case WC_SHA512:
wolfSSL 15:117db924cf7c 30624 *len = WC_SHA512_DIGEST_SIZE;
wolfSSL 15:117db924cf7c 30625 break;
wolfSSL 15:117db924cf7c 30626 #endif
wolfSSL 15:117db924cf7c 30627
wolfSSL 15:117db924cf7c 30628 default:
wolfSSL 15:117db924cf7c 30629 WOLFSSL_MSG("bad hmac type");
wolfSSL 15:117db924cf7c 30630 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 30631 }
wolfSSL 15:117db924cf7c 30632 }
wolfSSL 15:117db924cf7c 30633
wolfSSL 15:117db924cf7c 30634 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 30635 }
wolfSSL 15:117db924cf7c 30636
wolfSSL 15:117db924cf7c 30637
wolfSSL 15:117db924cf7c 30638 int wolfSSL_HMAC_cleanup(WOLFSSL_HMAC_CTX* ctx)
wolfSSL 15:117db924cf7c 30639 {
wolfSSL 15:117db924cf7c 30640 WOLFSSL_MSG("wolfSSL_HMAC_cleanup");
wolfSSL 15:117db924cf7c 30641
wolfSSL 15:117db924cf7c 30642 if (ctx)
wolfSSL 15:117db924cf7c 30643 wc_HmacFree(&ctx->hmac);
wolfSSL 15:117db924cf7c 30644
wolfSSL 15:117db924cf7c 30645 return SSL_SUCCESS;
wolfSSL 15:117db924cf7c 30646 }
wolfSSL 15:117db924cf7c 30647
wolfSSL 15:117db924cf7c 30648
wolfSSL 16:8e0d178b1d1e 30649 void wolfSSL_HMAC_CTX_free(WOLFSSL_HMAC_CTX* ctx)
wolfSSL 16:8e0d178b1d1e 30650 {
wolfSSL 16:8e0d178b1d1e 30651 if (!ctx) {
wolfSSL 16:8e0d178b1d1e 30652 return;
wolfSSL 16:8e0d178b1d1e 30653 }
wolfSSL 16:8e0d178b1d1e 30654 wolfSSL_HMAC_cleanup(ctx);
wolfSSL 16:8e0d178b1d1e 30655 XFREE(ctx, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL 16:8e0d178b1d1e 30656 }
wolfSSL 16:8e0d178b1d1e 30657
wolfSSL 16:8e0d178b1d1e 30658 size_t wolfSSL_HMAC_size(const WOLFSSL_HMAC_CTX *ctx)
wolfSSL 16:8e0d178b1d1e 30659 {
wolfSSL 16:8e0d178b1d1e 30660 if (!ctx) {
wolfSSL 16:8e0d178b1d1e 30661 return 0;
wolfSSL 16:8e0d178b1d1e 30662 }
wolfSSL 16:8e0d178b1d1e 30663
wolfSSL 16:8e0d178b1d1e 30664 return (size_t)wc_HashGetDigestSize((enum wc_HashType)ctx->hmac.macType);
wolfSSL 16:8e0d178b1d1e 30665 }
wolfSSL 15:117db924cf7c 30666
wolfSSL 15:117db924cf7c 30667 #ifndef NO_DES3
wolfSSL 15:117db924cf7c 30668
wolfSSL 15:117db924cf7c 30669 void wolfSSL_3des_iv(WOLFSSL_EVP_CIPHER_CTX* ctx, int doset,
wolfSSL 15:117db924cf7c 30670 unsigned char* iv, int len)
wolfSSL 15:117db924cf7c 30671 {
wolfSSL 15:117db924cf7c 30672 (void)len;
wolfSSL 15:117db924cf7c 30673
wolfSSL 15:117db924cf7c 30674 WOLFSSL_MSG("wolfSSL_3des_iv");
wolfSSL 15:117db924cf7c 30675
wolfSSL 15:117db924cf7c 30676 if (ctx == NULL || iv == NULL) {
wolfSSL 15:117db924cf7c 30677 WOLFSSL_MSG("Bad function argument");
wolfSSL 15:117db924cf7c 30678 return;
wolfSSL 15:117db924cf7c 30679 }
wolfSSL 15:117db924cf7c 30680
wolfSSL 15:117db924cf7c 30681 if (doset)
wolfSSL 15:117db924cf7c 30682 wc_Des3_SetIV(&ctx->cipher.des3, iv); /* OpenSSL compat, no ret */
wolfSSL 15:117db924cf7c 30683 else
wolfSSL 15:117db924cf7c 30684 XMEMCPY(iv, &ctx->cipher.des3.reg, DES_BLOCK_SIZE);
wolfSSL 15:117db924cf7c 30685 }
wolfSSL 15:117db924cf7c 30686
wolfSSL 15:117db924cf7c 30687 #endif /* NO_DES3 */
wolfSSL 15:117db924cf7c 30688
wolfSSL 15:117db924cf7c 30689
wolfSSL 15:117db924cf7c 30690 #ifndef NO_AES
wolfSSL 15:117db924cf7c 30691
wolfSSL 15:117db924cf7c 30692 void wolfSSL_aes_ctr_iv(WOLFSSL_EVP_CIPHER_CTX* ctx, int doset,
wolfSSL 15:117db924cf7c 30693 unsigned char* iv, int len)
wolfSSL 15:117db924cf7c 30694 {
wolfSSL 15:117db924cf7c 30695 (void)len;
wolfSSL 15:117db924cf7c 30696
wolfSSL 15:117db924cf7c 30697 WOLFSSL_MSG("wolfSSL_aes_ctr_iv");
wolfSSL 15:117db924cf7c 30698
wolfSSL 15:117db924cf7c 30699 if (ctx == NULL || iv == NULL) {
wolfSSL 15:117db924cf7c 30700 WOLFSSL_MSG("Bad function argument");
wolfSSL 15:117db924cf7c 30701 return;
wolfSSL 15:117db924cf7c 30702 }
wolfSSL 15:117db924cf7c 30703
wolfSSL 15:117db924cf7c 30704 if (doset)
wolfSSL 15:117db924cf7c 30705 (void)wc_AesSetIV(&ctx->cipher.aes, iv); /* OpenSSL compat, no ret */
wolfSSL 15:117db924cf7c 30706 else
wolfSSL 15:117db924cf7c 30707 XMEMCPY(iv, &ctx->cipher.aes.reg, AES_BLOCK_SIZE);
wolfSSL 15:117db924cf7c 30708 }
wolfSSL 15:117db924cf7c 30709
wolfSSL 15:117db924cf7c 30710 #endif /* NO_AES */
wolfSSL 15:117db924cf7c 30711
wolfSSL 15:117db924cf7c 30712
wolfSSL 15:117db924cf7c 30713 /* Free the dynamically allocated data.
wolfSSL 15:117db924cf7c 30714 *
wolfSSL 15:117db924cf7c 30715 * p Pointer to dynamically allocated memory.
wolfSSL 15:117db924cf7c 30716 */
wolfSSL 15:117db924cf7c 30717 void wolfSSL_OPENSSL_free(void* p)
wolfSSL 15:117db924cf7c 30718 {
wolfSSL 15:117db924cf7c 30719 WOLFSSL_MSG("wolfSSL_OPENSSL_free");
wolfSSL 15:117db924cf7c 30720
wolfSSL 15:117db924cf7c 30721 XFREE(p, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL 15:117db924cf7c 30722 }
wolfSSL 15:117db924cf7c 30723
wolfSSL 15:117db924cf7c 30724 void *wolfSSL_OPENSSL_malloc(size_t a)
wolfSSL 15:117db924cf7c 30725 {
wolfSSL 15:117db924cf7c 30726 return XMALLOC(a, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL 15:117db924cf7c 30727 }
wolfSSL 15:117db924cf7c 30728
wolfSSL 15:117db924cf7c 30729 #if defined(WOLFSSL_KEY_GEN) && defined(WOLFSSL_PEM_TO_DER)
wolfSSL 15:117db924cf7c 30730
wolfSSL 15:117db924cf7c 30731 static int EncryptDerKey(byte *der, int *derSz, const EVP_CIPHER* cipher,
wolfSSL 15:117db924cf7c 30732 unsigned char* passwd, int passwdSz, byte **cipherInfo)
wolfSSL 15:117db924cf7c 30733 {
wolfSSL 15:117db924cf7c 30734 int ret, paddingSz;
wolfSSL 15:117db924cf7c 30735 word32 idx, cipherInfoSz;
wolfSSL 15:117db924cf7c 30736 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 30737 EncryptedInfo* info = NULL;
wolfSSL 15:117db924cf7c 30738 #else
wolfSSL 15:117db924cf7c 30739 EncryptedInfo info[1];
wolfSSL 15:117db924cf7c 30740 #endif
wolfSSL 15:117db924cf7c 30741
wolfSSL 15:117db924cf7c 30742 WOLFSSL_ENTER("EncryptDerKey");
wolfSSL 15:117db924cf7c 30743
wolfSSL 15:117db924cf7c 30744 if (der == NULL || derSz == NULL || cipher == NULL ||
wolfSSL 15:117db924cf7c 30745 passwd == NULL || cipherInfo == NULL)
wolfSSL 15:117db924cf7c 30746 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 30747
wolfSSL 15:117db924cf7c 30748 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 30749 info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), NULL,
wolfSSL 15:117db924cf7c 30750 DYNAMIC_TYPE_ENCRYPTEDINFO);
wolfSSL 15:117db924cf7c 30751 if (info == NULL) {
wolfSSL 15:117db924cf7c 30752 WOLFSSL_MSG("malloc failed");
wolfSSL 15:117db924cf7c 30753 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 30754 }
wolfSSL 15:117db924cf7c 30755 #endif
wolfSSL 15:117db924cf7c 30756
wolfSSL 15:117db924cf7c 30757 XMEMSET(info, 0, sizeof(EncryptedInfo));
wolfSSL 15:117db924cf7c 30758
wolfSSL 15:117db924cf7c 30759 /* set the cipher name on info */
wolfSSL 15:117db924cf7c 30760 XSTRNCPY(info->name, cipher, NAME_SZ-1);
wolfSSL 15:117db924cf7c 30761 info->name[NAME_SZ-1] = '\0'; /* null term */
wolfSSL 15:117db924cf7c 30762
wolfSSL 15:117db924cf7c 30763 ret = wc_EncryptedInfoGet(info, info->name);
wolfSSL 15:117db924cf7c 30764 if (ret != 0) {
wolfSSL 15:117db924cf7c 30765 WOLFSSL_MSG("unsupported cipher");
wolfSSL 15:117db924cf7c 30766 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 30767 XFREE(info, NULL, DYNAMIC_TYPE_ENCRYPTEDINFO);
wolfSSL 15:117db924cf7c 30768 #endif
wolfSSL 15:117db924cf7c 30769 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 30770 }
wolfSSL 15:117db924cf7c 30771
wolfSSL 15:117db924cf7c 30772 /* Generate a random salt */
wolfSSL 15:117db924cf7c 30773 if (wolfSSL_RAND_bytes(info->iv, info->ivSz) != WOLFSSL_SUCCESS) {
wolfSSL 15:117db924cf7c 30774 WOLFSSL_MSG("generate iv failed");
wolfSSL 15:117db924cf7c 30775 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 30776 XFREE(info, NULL, DYNAMIC_TYPE_ENCRYPTEDINFO);
wolfSSL 15:117db924cf7c 30777 #endif
wolfSSL 15:117db924cf7c 30778 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 30779 }
wolfSSL 15:117db924cf7c 30780
wolfSSL 15:117db924cf7c 30781 /* add the padding before encryption */
wolfSSL 15:117db924cf7c 30782 paddingSz = ((*derSz)/info->ivSz + 1) * info->ivSz - (*derSz);
wolfSSL 15:117db924cf7c 30783 if (paddingSz == 0)
wolfSSL 15:117db924cf7c 30784 paddingSz = info->ivSz;
wolfSSL 15:117db924cf7c 30785 XMEMSET(der+(*derSz), (byte)paddingSz, paddingSz);
wolfSSL 15:117db924cf7c 30786 (*derSz) += paddingSz;
wolfSSL 15:117db924cf7c 30787
wolfSSL 15:117db924cf7c 30788 /* encrypt buffer */
wolfSSL 15:117db924cf7c 30789 if (wc_BufferKeyEncrypt(info, der, *derSz, passwd, passwdSz, WC_MD5) != 0) {
wolfSSL 15:117db924cf7c 30790 WOLFSSL_MSG("encrypt key failed");
wolfSSL 15:117db924cf7c 30791 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 30792 XFREE(info, NULL, DYNAMIC_TYPE_ENCRYPTEDINFO);
wolfSSL 15:117db924cf7c 30793 #endif
wolfSSL 15:117db924cf7c 30794 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 30795 }
wolfSSL 15:117db924cf7c 30796
wolfSSL 15:117db924cf7c 30797 /* create cipher info : 'cipher_name,Salt(hex)' */
wolfSSL 15:117db924cf7c 30798 cipherInfoSz = (word32)(2*info->ivSz + XSTRLEN(info->name) + 2);
wolfSSL 15:117db924cf7c 30799 *cipherInfo = (byte*)XMALLOC(cipherInfoSz, NULL,
wolfSSL 15:117db924cf7c 30800 DYNAMIC_TYPE_STRING);
wolfSSL 15:117db924cf7c 30801 if (*cipherInfo == NULL) {
wolfSSL 15:117db924cf7c 30802 WOLFSSL_MSG("malloc failed");
wolfSSL 15:117db924cf7c 30803 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 30804 XFREE(info, NULL, DYNAMIC_TYPE_ENCRYPTEDINFO);
wolfSSL 15:117db924cf7c 30805 #endif
wolfSSL 15:117db924cf7c 30806 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 30807 }
wolfSSL 15:117db924cf7c 30808 XSTRNCPY((char*)*cipherInfo, info->name, cipherInfoSz);
wolfSSL 16:8e0d178b1d1e 30809 XSTRNCAT((char*)*cipherInfo, ",", 2);
wolfSSL 15:117db924cf7c 30810
wolfSSL 15:117db924cf7c 30811 idx = (word32)XSTRLEN((char*)*cipherInfo);
wolfSSL 15:117db924cf7c 30812 cipherInfoSz -= idx;
wolfSSL 15:117db924cf7c 30813 ret = Base16_Encode(info->iv, info->ivSz, *cipherInfo+idx, &cipherInfoSz);
wolfSSL 15:117db924cf7c 30814
wolfSSL 15:117db924cf7c 30815 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 30816 XFREE(info, NULL, DYNAMIC_TYPE_ENCRYPTEDINFO);
wolfSSL 15:117db924cf7c 30817 #endif
wolfSSL 15:117db924cf7c 30818 if (ret != 0) {
wolfSSL 15:117db924cf7c 30819 WOLFSSL_MSG("Base16_Encode failed");
wolfSSL 15:117db924cf7c 30820 XFREE(*cipherInfo, NULL, DYNAMIC_TYPE_STRING);
wolfSSL 15:117db924cf7c 30821 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 30822 }
wolfSSL 15:117db924cf7c 30823
wolfSSL 15:117db924cf7c 30824 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 30825 }
wolfSSL 15:117db924cf7c 30826 #endif /* WOLFSSL_KEY_GEN || WOLFSSL_PEM_TO_DER */
wolfSSL 15:117db924cf7c 30827
wolfSSL 16:8e0d178b1d1e 30828 #if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) && !defined(HAVE_USER_RSA)
wolfSSL 16:8e0d178b1d1e 30829 static int wolfSSL_RSA_To_Der(WOLFSSL_RSA* rsa, byte** outBuf, int publicKey)
wolfSSL 16:8e0d178b1d1e 30830 {
wolfSSL 16:8e0d178b1d1e 30831 int derSz = 0;
wolfSSL 16:8e0d178b1d1e 30832 int ret;
wolfSSL 16:8e0d178b1d1e 30833 byte* derBuf;
wolfSSL 16:8e0d178b1d1e 30834
wolfSSL 16:8e0d178b1d1e 30835 WOLFSSL_ENTER("wolfSSL_RSA_To_Der");
wolfSSL 16:8e0d178b1d1e 30836
wolfSSL 16:8e0d178b1d1e 30837 if (!rsa || (publicKey != 0 && publicKey != 1)) {
wolfSSL 16:8e0d178b1d1e 30838 WOLFSSL_LEAVE("wolfSSL_RSA_To_Der", BAD_FUNC_ARG);
wolfSSL 16:8e0d178b1d1e 30839 return BAD_FUNC_ARG;
wolfSSL 16:8e0d178b1d1e 30840 }
wolfSSL 16:8e0d178b1d1e 30841
wolfSSL 16:8e0d178b1d1e 30842 if (rsa->inSet == 0) {
wolfSSL 16:8e0d178b1d1e 30843 if ((ret = SetRsaInternal(rsa)) != WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 30844 WOLFSSL_MSG("SetRsaInternal() Failed");
wolfSSL 16:8e0d178b1d1e 30845 WOLFSSL_LEAVE("wolfSSL_RSA_To_Der", ret);
wolfSSL 16:8e0d178b1d1e 30846 return ret;
wolfSSL 16:8e0d178b1d1e 30847 }
wolfSSL 16:8e0d178b1d1e 30848 }
wolfSSL 16:8e0d178b1d1e 30849
wolfSSL 16:8e0d178b1d1e 30850 if (publicKey) {
wolfSSL 16:8e0d178b1d1e 30851 if ((derSz = wc_RsaPublicKeyDerSize((RsaKey *)rsa->internal, 1)) < 0) {
wolfSSL 16:8e0d178b1d1e 30852 WOLFSSL_MSG("wc_RsaPublicKeyDerSize failed");
wolfSSL 16:8e0d178b1d1e 30853 WOLFSSL_LEAVE("wolfSSL_RSA_To_Der", derSz);
wolfSSL 16:8e0d178b1d1e 30854 return derSz;
wolfSSL 16:8e0d178b1d1e 30855 }
wolfSSL 16:8e0d178b1d1e 30856 }
wolfSSL 16:8e0d178b1d1e 30857 else {
wolfSSL 16:8e0d178b1d1e 30858 if ((derSz = wc_RsaKeyToDer((RsaKey*)rsa->internal, NULL, 0)) < 0) {
wolfSSL 16:8e0d178b1d1e 30859 WOLFSSL_MSG("wc_RsaKeyToDer failed");
wolfSSL 16:8e0d178b1d1e 30860 WOLFSSL_LEAVE("wolfSSL_RSA_To_Der", derSz);
wolfSSL 16:8e0d178b1d1e 30861 return derSz;
wolfSSL 16:8e0d178b1d1e 30862 }
wolfSSL 16:8e0d178b1d1e 30863 }
wolfSSL 16:8e0d178b1d1e 30864
wolfSSL 16:8e0d178b1d1e 30865 if (outBuf) {
wolfSSL 16:8e0d178b1d1e 30866 if (!(derBuf = (byte*)XMALLOC(derSz, NULL, DYNAMIC_TYPE_TMP_BUFFER))) {
wolfSSL 16:8e0d178b1d1e 30867 WOLFSSL_MSG("malloc failed");
wolfSSL 16:8e0d178b1d1e 30868 WOLFSSL_LEAVE("wolfSSL_RSA_To_Der", MEMORY_ERROR);
wolfSSL 16:8e0d178b1d1e 30869 return MEMORY_ERROR;
wolfSSL 16:8e0d178b1d1e 30870 }
wolfSSL 16:8e0d178b1d1e 30871
wolfSSL 16:8e0d178b1d1e 30872 /* Key to DER */
wolfSSL 16:8e0d178b1d1e 30873 if (publicKey) {
wolfSSL 16:8e0d178b1d1e 30874 derSz = wc_RsaKeyToPublicDer((RsaKey*)rsa->internal, derBuf, derSz);
wolfSSL 16:8e0d178b1d1e 30875 }
wolfSSL 16:8e0d178b1d1e 30876 else {
wolfSSL 16:8e0d178b1d1e 30877 derSz = wc_RsaKeyToDer((RsaKey*)rsa->internal, derBuf, derSz);
wolfSSL 16:8e0d178b1d1e 30878 }
wolfSSL 16:8e0d178b1d1e 30879
wolfSSL 16:8e0d178b1d1e 30880 if (derSz < 0) {
wolfSSL 16:8e0d178b1d1e 30881 WOLFSSL_MSG("wc_RsaKeyToPublicDer failed");
wolfSSL 16:8e0d178b1d1e 30882 XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 30883 }
wolfSSL 16:8e0d178b1d1e 30884 else {
wolfSSL 16:8e0d178b1d1e 30885 if (*outBuf) {
wolfSSL 16:8e0d178b1d1e 30886 XMEMCPY(*outBuf, derBuf, derSz);
wolfSSL 16:8e0d178b1d1e 30887 XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 30888 }
wolfSSL 16:8e0d178b1d1e 30889 else {
wolfSSL 16:8e0d178b1d1e 30890 *outBuf = derBuf;
wolfSSL 16:8e0d178b1d1e 30891 }
wolfSSL 16:8e0d178b1d1e 30892 }
wolfSSL 16:8e0d178b1d1e 30893 }
wolfSSL 16:8e0d178b1d1e 30894
wolfSSL 16:8e0d178b1d1e 30895 WOLFSSL_LEAVE("wolfSSL_RSA_To_Der", derSz);
wolfSSL 16:8e0d178b1d1e 30896 return derSz;
wolfSSL 16:8e0d178b1d1e 30897 }
wolfSSL 16:8e0d178b1d1e 30898 #endif
wolfSSL 16:8e0d178b1d1e 30899
wolfSSL 15:117db924cf7c 30900 #if defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN)
wolfSSL 16:8e0d178b1d1e 30901 #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) && !defined(NO_RSA)
wolfSSL 16:8e0d178b1d1e 30902
wolfSSL 15:117db924cf7c 30903 /* Takes a WOLFSSL_RSA key and writes it out to a WOLFSSL_BIO
wolfSSL 15:117db924cf7c 30904 *
wolfSSL 15:117db924cf7c 30905 * bio the WOLFSSL_BIO to write to
wolfSSL 15:117db924cf7c 30906 * key the WOLFSSL_RSA key to write out
wolfSSL 15:117db924cf7c 30907 * cipher cipher used
wolfSSL 15:117db924cf7c 30908 * passwd password string if used
wolfSSL 15:117db924cf7c 30909 * len length of password string
wolfSSL 15:117db924cf7c 30910 * cb password callback to use
wolfSSL 15:117db924cf7c 30911 * arg null terminated string for passphrase
wolfSSL 15:117db924cf7c 30912 */
wolfSSL 15:117db924cf7c 30913 int wolfSSL_PEM_write_bio_RSAPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_RSA* key,
wolfSSL 15:117db924cf7c 30914 const WOLFSSL_EVP_CIPHER* cipher,
wolfSSL 15:117db924cf7c 30915 unsigned char* passwd, int len,
wolfSSL 15:117db924cf7c 30916 pem_password_cb* cb, void* arg)
wolfSSL 15:117db924cf7c 30917 {
wolfSSL 15:117db924cf7c 30918 int ret;
wolfSSL 15:117db924cf7c 30919 WOLFSSL_EVP_PKEY* pkey;
wolfSSL 15:117db924cf7c 30920
wolfSSL 15:117db924cf7c 30921 WOLFSSL_ENTER("wolfSSL_PEM_write_bio_RSAPrivateKey");
wolfSSL 15:117db924cf7c 30922
wolfSSL 16:8e0d178b1d1e 30923 if (bio == NULL || key == NULL) {
wolfSSL 16:8e0d178b1d1e 30924 WOLFSSL_MSG("Bad Function Arguments");
wolfSSL 16:8e0d178b1d1e 30925 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 30926 }
wolfSSL 16:8e0d178b1d1e 30927
wolfSSL 16:8e0d178b1d1e 30928 pkey = wolfSSL_EVP_PKEY_new_ex(bio->heap);
wolfSSL 15:117db924cf7c 30929 if (pkey == NULL) {
wolfSSL 16:8e0d178b1d1e 30930 WOLFSSL_MSG("wolfSSL_EVP_PKEY_new_ex failed");
wolfSSL 16:8e0d178b1d1e 30931 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 30932 }
wolfSSL 15:117db924cf7c 30933
wolfSSL 15:117db924cf7c 30934 pkey->type = EVP_PKEY_RSA;
wolfSSL 15:117db924cf7c 30935 pkey->rsa = key;
wolfSSL 15:117db924cf7c 30936 pkey->ownRsa = 0;
wolfSSL 16:8e0d178b1d1e 30937 #if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) && !defined(HAVE_USER_RSA)
wolfSSL 15:117db924cf7c 30938 /* similar to how wolfSSL_PEM_write_mem_RSAPrivateKey finds DER of key */
wolfSSL 15:117db924cf7c 30939 {
wolfSSL 15:117db924cf7c 30940 int derSz;
wolfSSL 16:8e0d178b1d1e 30941 byte* derBuf = NULL;
wolfSSL 16:8e0d178b1d1e 30942
wolfSSL 16:8e0d178b1d1e 30943 if ((derSz = wolfSSL_RSA_To_Der(key, &derBuf, 0)) < 0) {
wolfSSL 16:8e0d178b1d1e 30944 WOLFSSL_MSG("wolfSSL_RSA_To_Der failed");
wolfSSL 16:8e0d178b1d1e 30945 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 30946 }
wolfSSL 15:117db924cf7c 30947
wolfSSL 15:117db924cf7c 30948 pkey->pkey.ptr = (char*)XMALLOC(derSz, bio->heap,
wolfSSL 15:117db924cf7c 30949 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 30950 if (pkey->pkey.ptr == NULL) {
wolfSSL 15:117db924cf7c 30951 WOLFSSL_MSG("key malloc failed");
wolfSSL 15:117db924cf7c 30952 XFREE(derBuf, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 30953 wolfSSL_EVP_PKEY_free(pkey);
wolfSSL 16:8e0d178b1d1e 30954 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 30955 }
wolfSSL 15:117db924cf7c 30956 pkey->pkey_sz = derSz;
wolfSSL 15:117db924cf7c 30957 XMEMCPY(pkey->pkey.ptr, derBuf, derSz);
wolfSSL 15:117db924cf7c 30958 XFREE(derBuf, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 30959 }
wolfSSL 15:117db924cf7c 30960 #endif
wolfSSL 15:117db924cf7c 30961
wolfSSL 15:117db924cf7c 30962 ret = wolfSSL_PEM_write_bio_PrivateKey(bio, pkey, cipher, passwd, len,
wolfSSL 15:117db924cf7c 30963 cb, arg);
wolfSSL 15:117db924cf7c 30964
wolfSSL 15:117db924cf7c 30965 wolfSSL_EVP_PKEY_free(pkey);
wolfSSL 15:117db924cf7c 30966
wolfSSL 15:117db924cf7c 30967 return ret;
wolfSSL 15:117db924cf7c 30968 }
wolfSSL 15:117db924cf7c 30969
wolfSSL 16:8e0d178b1d1e 30970 #if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) && !defined(HAVE_USER_RSA)
wolfSSL 16:8e0d178b1d1e 30971 /* Takes an RSA public key and writes it out to a WOLFSSL_BIO
wolfSSL 16:8e0d178b1d1e 30972 * Returns WOLFSSL_SUCCESS or WOLFSSL_FAILURE
wolfSSL 16:8e0d178b1d1e 30973 */
wolfSSL 16:8e0d178b1d1e 30974 int wolfSSL_PEM_write_bio_RSA_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_RSA* rsa)
wolfSSL 16:8e0d178b1d1e 30975 {
wolfSSL 16:8e0d178b1d1e 30976 int ret = 0, derSz = 0;
wolfSSL 16:8e0d178b1d1e 30977 byte *derBuf = NULL;
wolfSSL 16:8e0d178b1d1e 30978 WOLFSSL_EVP_PKEY* pkey = NULL;
wolfSSL 16:8e0d178b1d1e 30979
wolfSSL 16:8e0d178b1d1e 30980 WOLFSSL_ENTER("wolfSSL_PEM_write_bio_RSA_PUBKEY");
wolfSSL 16:8e0d178b1d1e 30981
wolfSSL 16:8e0d178b1d1e 30982 if (bio == NULL || rsa == NULL) {
wolfSSL 16:8e0d178b1d1e 30983 WOLFSSL_MSG("Bad Function Arguments");
wolfSSL 16:8e0d178b1d1e 30984 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 30985 }
wolfSSL 16:8e0d178b1d1e 30986
wolfSSL 16:8e0d178b1d1e 30987 /* Initialize pkey structure */
wolfSSL 16:8e0d178b1d1e 30988 pkey = wolfSSL_EVP_PKEY_new_ex(bio->heap);
wolfSSL 16:8e0d178b1d1e 30989 if (pkey == NULL) {
wolfSSL 16:8e0d178b1d1e 30990 WOLFSSL_MSG("wolfSSL_EVP_PKEY_new_ex failed");
wolfSSL 16:8e0d178b1d1e 30991 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 30992 }
wolfSSL 16:8e0d178b1d1e 30993
wolfSSL 16:8e0d178b1d1e 30994 pkey->type = EVP_PKEY_RSA;
wolfSSL 16:8e0d178b1d1e 30995 pkey->rsa = rsa;
wolfSSL 16:8e0d178b1d1e 30996 pkey->ownRsa = 0;
wolfSSL 16:8e0d178b1d1e 30997
wolfSSL 16:8e0d178b1d1e 30998 if ((derSz = wolfSSL_RSA_To_Der(rsa, &derBuf, 1)) < 0) {
wolfSSL 16:8e0d178b1d1e 30999 WOLFSSL_MSG("wolfSSL_RSA_To_Der failed");
wolfSSL 16:8e0d178b1d1e 31000 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 31001 }
wolfSSL 16:8e0d178b1d1e 31002
wolfSSL 16:8e0d178b1d1e 31003 pkey->pkey.ptr = (char*)XMALLOC(derSz, bio->heap,
wolfSSL 16:8e0d178b1d1e 31004 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 31005 if (pkey->pkey.ptr == NULL) {
wolfSSL 16:8e0d178b1d1e 31006 WOLFSSL_MSG("key malloc failed");
wolfSSL 16:8e0d178b1d1e 31007 XFREE(derBuf, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 31008 wolfSSL_EVP_PKEY_free(pkey);
wolfSSL 16:8e0d178b1d1e 31009 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 31010 }
wolfSSL 16:8e0d178b1d1e 31011 pkey->pkey_sz = derSz;
wolfSSL 16:8e0d178b1d1e 31012 XMEMCPY(pkey->pkey.ptr, derBuf, derSz);
wolfSSL 16:8e0d178b1d1e 31013 XFREE(derBuf, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 31014 ret = wolfSSL_PEM_write_bio_PUBKEY(bio, pkey);
wolfSSL 16:8e0d178b1d1e 31015 wolfSSL_EVP_PKEY_free(pkey);
wolfSSL 16:8e0d178b1d1e 31016
wolfSSL 16:8e0d178b1d1e 31017 return ret;
wolfSSL 16:8e0d178b1d1e 31018 }
wolfSSL 16:8e0d178b1d1e 31019 #endif
wolfSSL 16:8e0d178b1d1e 31020
wolfSSL 16:8e0d178b1d1e 31021
wolfSSL 16:8e0d178b1d1e 31022 /* Reads an RSA public key from a WOLFSSL_BIO into a WOLFSSL_RSA
wolfSSL 16:8e0d178b1d1e 31023 * Returns WOLFSSL_SUCCESS or WOLFSSL_FAILURE
wolfSSL 16:8e0d178b1d1e 31024 */
wolfSSL 16:8e0d178b1d1e 31025 WOLFSSL_RSA *wolfSSL_PEM_read_bio_RSA_PUBKEY(WOLFSSL_BIO* bio,WOLFSSL_RSA** rsa,
wolfSSL 16:8e0d178b1d1e 31026 pem_password_cb* cb, void *pass)
wolfSSL 16:8e0d178b1d1e 31027 {
wolfSSL 16:8e0d178b1d1e 31028 WOLFSSL_EVP_PKEY* pkey;
wolfSSL 16:8e0d178b1d1e 31029 WOLFSSL_RSA* local;
wolfSSL 16:8e0d178b1d1e 31030
wolfSSL 16:8e0d178b1d1e 31031 WOLFSSL_ENTER("wolfSSL_PEM_read_bio_RSA_PUBKEY");
wolfSSL 16:8e0d178b1d1e 31032
wolfSSL 16:8e0d178b1d1e 31033 pkey = wolfSSL_PEM_read_bio_PUBKEY(bio, NULL, cb, pass);
wolfSSL 16:8e0d178b1d1e 31034 if (pkey == NULL) {
wolfSSL 16:8e0d178b1d1e 31035 return NULL;
wolfSSL 16:8e0d178b1d1e 31036 }
wolfSSL 16:8e0d178b1d1e 31037
wolfSSL 16:8e0d178b1d1e 31038 /* Since the WOLFSSL_RSA structure is being taken from WOLFSSL_EVP_PKEY the
wolfSSL 16:8e0d178b1d1e 31039 * flag indicating that the WOLFSSL_RSA structure is owned should be FALSE
wolfSSL 16:8e0d178b1d1e 31040 * to avoid having it free'd */
wolfSSL 16:8e0d178b1d1e 31041 pkey->ownRsa = 0;
wolfSSL 16:8e0d178b1d1e 31042 local = pkey->rsa;
wolfSSL 16:8e0d178b1d1e 31043 if (rsa != NULL){
wolfSSL 16:8e0d178b1d1e 31044 *rsa = local;
wolfSSL 16:8e0d178b1d1e 31045 }
wolfSSL 16:8e0d178b1d1e 31046
wolfSSL 16:8e0d178b1d1e 31047 wolfSSL_EVP_PKEY_free(pkey);
wolfSSL 16:8e0d178b1d1e 31048 return local;
wolfSSL 16:8e0d178b1d1e 31049 }
wolfSSL 16:8e0d178b1d1e 31050
wolfSSL 16:8e0d178b1d1e 31051 #endif /* defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) && !defined(NO_RSA) */
wolfSSL 16:8e0d178b1d1e 31052
wolfSSL 16:8e0d178b1d1e 31053 /* Takes a public key and writes it out to a WOLFSSL_BIO
wolfSSL 16:8e0d178b1d1e 31054 * Returns WOLFSSL_SUCCESS or WOLFSSL_FAILURE
wolfSSL 16:8e0d178b1d1e 31055 */
wolfSSL 16:8e0d178b1d1e 31056 int wolfSSL_PEM_write_bio_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key)
wolfSSL 16:8e0d178b1d1e 31057 {
wolfSSL 16:8e0d178b1d1e 31058 byte* keyDer;
wolfSSL 16:8e0d178b1d1e 31059 int pemSz;
wolfSSL 16:8e0d178b1d1e 31060 int ret;
wolfSSL 16:8e0d178b1d1e 31061 byte* tmp;
wolfSSL 16:8e0d178b1d1e 31062
wolfSSL 16:8e0d178b1d1e 31063 WOLFSSL_ENTER("wolfSSL_PEM_write_bio_PUBKEY");
wolfSSL 16:8e0d178b1d1e 31064
wolfSSL 16:8e0d178b1d1e 31065 if (bio == NULL || key == NULL) {
wolfSSL 16:8e0d178b1d1e 31066 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 31067 }
wolfSSL 16:8e0d178b1d1e 31068
wolfSSL 16:8e0d178b1d1e 31069 keyDer = (byte*)key->pkey.ptr;
wolfSSL 16:8e0d178b1d1e 31070
wolfSSL 16:8e0d178b1d1e 31071 pemSz = wc_DerToPem(keyDer, key->pkey_sz, NULL, 0, PUBLICKEY_TYPE);
wolfSSL 16:8e0d178b1d1e 31072 if (pemSz < 0) {
wolfSSL 16:8e0d178b1d1e 31073 WOLFSSL_LEAVE("wolfSSL_PEM_write_bio_PUBKEY", pemSz);
wolfSSL 16:8e0d178b1d1e 31074 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 31075 }
wolfSSL 16:8e0d178b1d1e 31076 tmp = (byte*)XMALLOC(pemSz, bio->heap, DYNAMIC_TYPE_OPENSSL);
wolfSSL 16:8e0d178b1d1e 31077 if (tmp == NULL) {
wolfSSL 16:8e0d178b1d1e 31078 return MEMORY_E;
wolfSSL 16:8e0d178b1d1e 31079 }
wolfSSL 16:8e0d178b1d1e 31080
wolfSSL 16:8e0d178b1d1e 31081 ret = wc_DerToPemEx(keyDer, key->pkey_sz, tmp, pemSz,
wolfSSL 16:8e0d178b1d1e 31082 NULL, PUBLICKEY_TYPE);
wolfSSL 16:8e0d178b1d1e 31083 if (ret < 0) {
wolfSSL 16:8e0d178b1d1e 31084 WOLFSSL_LEAVE("wolfSSL_PEM_write_bio_PUBKEY", ret);
wolfSSL 16:8e0d178b1d1e 31085 XFREE(tmp, bio->heap, DYNAMIC_TYPE_OPENSSL);
wolfSSL 16:8e0d178b1d1e 31086 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 31087 }
wolfSSL 16:8e0d178b1d1e 31088
wolfSSL 16:8e0d178b1d1e 31089 ret = wolfSSL_BIO_write(bio, tmp, pemSz);
wolfSSL 16:8e0d178b1d1e 31090 XFREE(tmp, bio->heap, DYNAMIC_TYPE_OPENSSL);
wolfSSL 16:8e0d178b1d1e 31091 if (ret != pemSz) {
wolfSSL 16:8e0d178b1d1e 31092 WOLFSSL_MSG("Unable to write full PEM to BIO");
wolfSSL 16:8e0d178b1d1e 31093 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 31094 }
wolfSSL 16:8e0d178b1d1e 31095
wolfSSL 16:8e0d178b1d1e 31096 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 31097 }
wolfSSL 16:8e0d178b1d1e 31098
wolfSSL 16:8e0d178b1d1e 31099 /* Takes a private key and writes it out to a WOLFSSL_BIO
wolfSSL 16:8e0d178b1d1e 31100 * Returns WOLFSSL_SUCCESS or WOLFSSL_FAILURE
wolfSSL 16:8e0d178b1d1e 31101 */
wolfSSL 15:117db924cf7c 31102 int wolfSSL_PEM_write_bio_PrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key,
wolfSSL 15:117db924cf7c 31103 const WOLFSSL_EVP_CIPHER* cipher,
wolfSSL 15:117db924cf7c 31104 unsigned char* passwd, int len,
wolfSSL 15:117db924cf7c 31105 pem_password_cb* cb, void* arg)
wolfSSL 15:117db924cf7c 31106 {
wolfSSL 15:117db924cf7c 31107 byte* keyDer;
wolfSSL 15:117db924cf7c 31108 int pemSz;
wolfSSL 15:117db924cf7c 31109 int type;
wolfSSL 15:117db924cf7c 31110 int ret;
wolfSSL 15:117db924cf7c 31111 byte* tmp;
wolfSSL 15:117db924cf7c 31112
wolfSSL 15:117db924cf7c 31113 (void)cipher;
wolfSSL 15:117db924cf7c 31114 (void)passwd;
wolfSSL 15:117db924cf7c 31115 (void)len;
wolfSSL 15:117db924cf7c 31116 (void)cb;
wolfSSL 15:117db924cf7c 31117 (void)arg;
wolfSSL 15:117db924cf7c 31118
wolfSSL 15:117db924cf7c 31119 WOLFSSL_ENTER("wolfSSL_PEM_write_bio_PrivateKey");
wolfSSL 15:117db924cf7c 31120
wolfSSL 15:117db924cf7c 31121 if (bio == NULL || key == NULL) {
wolfSSL 16:8e0d178b1d1e 31122 WOLFSSL_MSG("Bad Function Arguments");
wolfSSL 15:117db924cf7c 31123 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 31124 }
wolfSSL 15:117db924cf7c 31125
wolfSSL 15:117db924cf7c 31126 keyDer = (byte*)key->pkey.ptr;
wolfSSL 15:117db924cf7c 31127
wolfSSL 15:117db924cf7c 31128 switch (key->type) {
wolfSSL 16:8e0d178b1d1e 31129 #ifndef NO_RSA
wolfSSL 15:117db924cf7c 31130 case EVP_PKEY_RSA:
wolfSSL 15:117db924cf7c 31131 type = PRIVATEKEY_TYPE;
wolfSSL 15:117db924cf7c 31132 break;
wolfSSL 16:8e0d178b1d1e 31133 #endif
wolfSSL 15:117db924cf7c 31134
wolfSSL 15:117db924cf7c 31135 #ifndef NO_DSA
wolfSSL 15:117db924cf7c 31136 case EVP_PKEY_DSA:
wolfSSL 15:117db924cf7c 31137 type = DSA_PRIVATEKEY_TYPE;
wolfSSL 15:117db924cf7c 31138 break;
wolfSSL 15:117db924cf7c 31139 #endif
wolfSSL 15:117db924cf7c 31140
wolfSSL 16:8e0d178b1d1e 31141 #ifdef HAVE_ECC
wolfSSL 15:117db924cf7c 31142 case EVP_PKEY_EC:
wolfSSL 15:117db924cf7c 31143 type = ECC_PRIVATEKEY_TYPE;
wolfSSL 15:117db924cf7c 31144 break;
wolfSSL 16:8e0d178b1d1e 31145 #endif
wolfSSL 16:8e0d178b1d1e 31146
wolfSSL 16:8e0d178b1d1e 31147 #if !defined(NO_DH) && (defined(WOLFSSL_QT) || defined(OPENSSL_ALL))
wolfSSL 16:8e0d178b1d1e 31148 case EVP_PKEY_DH:
wolfSSL 16:8e0d178b1d1e 31149 type = DH_PRIVATEKEY_TYPE;
wolfSSL 16:8e0d178b1d1e 31150 break;
wolfSSL 16:8e0d178b1d1e 31151 #endif
wolfSSL 15:117db924cf7c 31152
wolfSSL 15:117db924cf7c 31153 default:
wolfSSL 15:117db924cf7c 31154 WOLFSSL_MSG("Unknown Key type!");
wolfSSL 15:117db924cf7c 31155 type = PRIVATEKEY_TYPE;
wolfSSL 15:117db924cf7c 31156 }
wolfSSL 15:117db924cf7c 31157
wolfSSL 15:117db924cf7c 31158 pemSz = wc_DerToPem(keyDer, key->pkey_sz, NULL, 0, type);
wolfSSL 15:117db924cf7c 31159 if (pemSz < 0) {
wolfSSL 15:117db924cf7c 31160 WOLFSSL_LEAVE("wolfSSL_PEM_write_bio_PrivateKey", pemSz);
wolfSSL 15:117db924cf7c 31161 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 31162 }
wolfSSL 15:117db924cf7c 31163 tmp = (byte*)XMALLOC(pemSz, bio->heap, DYNAMIC_TYPE_OPENSSL);
wolfSSL 15:117db924cf7c 31164 if (tmp == NULL) {
wolfSSL 15:117db924cf7c 31165 return MEMORY_E;
wolfSSL 15:117db924cf7c 31166 }
wolfSSL 15:117db924cf7c 31167
wolfSSL 15:117db924cf7c 31168 ret = wc_DerToPemEx(keyDer, key->pkey_sz, tmp, pemSz,
wolfSSL 15:117db924cf7c 31169 NULL, type);
wolfSSL 15:117db924cf7c 31170 if (ret < 0) {
wolfSSL 15:117db924cf7c 31171 WOLFSSL_LEAVE("wolfSSL_PEM_write_bio_PrivateKey", ret);
wolfSSL 15:117db924cf7c 31172 XFREE(tmp, bio->heap, DYNAMIC_TYPE_OPENSSL);
wolfSSL 16:8e0d178b1d1e 31173 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 31174 }
wolfSSL 15:117db924cf7c 31175
wolfSSL 15:117db924cf7c 31176 ret = wolfSSL_BIO_write(bio, tmp, pemSz);
wolfSSL 15:117db924cf7c 31177 XFREE(tmp, bio->heap, DYNAMIC_TYPE_OPENSSL);
wolfSSL 15:117db924cf7c 31178 if (ret != pemSz) {
wolfSSL 15:117db924cf7c 31179 WOLFSSL_MSG("Unable to write full PEM to BIO");
wolfSSL 16:8e0d178b1d1e 31180 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 31181 }
wolfSSL 16:8e0d178b1d1e 31182
wolfSSL 16:8e0d178b1d1e 31183 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 31184 }
wolfSSL 15:117db924cf7c 31185 #endif /* defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN) */
wolfSSL 15:117db924cf7c 31186
wolfSSL 16:8e0d178b1d1e 31187 #if (defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) && !defined(HAVE_USER_RSA)) && \
wolfSSL 15:117db924cf7c 31188 (defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM))
wolfSSL 15:117db924cf7c 31189
wolfSSL 15:117db924cf7c 31190 /* return code compliant with OpenSSL :
wolfSSL 15:117db924cf7c 31191 * 1 if success, 0 if error
wolfSSL 15:117db924cf7c 31192 */
wolfSSL 15:117db924cf7c 31193 int wolfSSL_PEM_write_mem_RSAPrivateKey(RSA* rsa, const EVP_CIPHER* cipher,
wolfSSL 15:117db924cf7c 31194 unsigned char* passwd, int passwdSz,
wolfSSL 15:117db924cf7c 31195 unsigned char **pem, int *plen)
wolfSSL 15:117db924cf7c 31196 {
wolfSSL 16:8e0d178b1d1e 31197 byte *derBuf = NULL, *tmp, *cipherInfo = NULL;
wolfSSL 16:8e0d178b1d1e 31198 int derSz = 0;
wolfSSL 15:117db924cf7c 31199 const int type = PRIVATEKEY_TYPE;
wolfSSL 15:117db924cf7c 31200 const char* header = NULL;
wolfSSL 15:117db924cf7c 31201 const char* footer = NULL;
wolfSSL 15:117db924cf7c 31202
wolfSSL 15:117db924cf7c 31203 WOLFSSL_ENTER("wolfSSL_PEM_write_mem_RSAPrivateKey");
wolfSSL 15:117db924cf7c 31204
wolfSSL 15:117db924cf7c 31205 if (pem == NULL || plen == NULL || rsa == NULL || rsa->internal == NULL) {
wolfSSL 15:117db924cf7c 31206 WOLFSSL_MSG("Bad function arguments");
wolfSSL 15:117db924cf7c 31207 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 31208 }
wolfSSL 15:117db924cf7c 31209
wolfSSL 15:117db924cf7c 31210 if (wc_PemGetHeaderFooter(type, &header, &footer) != 0)
wolfSSL 15:117db924cf7c 31211 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 31212
wolfSSL 15:117db924cf7c 31213 if (rsa->inSet == 0) {
wolfSSL 15:117db924cf7c 31214 WOLFSSL_MSG("No RSA internal set, do it");
wolfSSL 15:117db924cf7c 31215
wolfSSL 15:117db924cf7c 31216 if (SetRsaInternal(rsa) != WOLFSSL_SUCCESS) {
wolfSSL 15:117db924cf7c 31217 WOLFSSL_MSG("SetRsaInternal failed");
wolfSSL 15:117db924cf7c 31218 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 31219 }
wolfSSL 15:117db924cf7c 31220 }
wolfSSL 15:117db924cf7c 31221
wolfSSL 16:8e0d178b1d1e 31222 if ((derSz = wolfSSL_RSA_To_Der(rsa, &derBuf, 0)) < 0) {
wolfSSL 16:8e0d178b1d1e 31223 WOLFSSL_MSG("wolfSSL_RSA_To_Der failed");
wolfSSL 15:117db924cf7c 31224 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 31225 }
wolfSSL 15:117db924cf7c 31226
wolfSSL 15:117db924cf7c 31227 /* encrypt DER buffer if required */
wolfSSL 15:117db924cf7c 31228 if (passwd != NULL && passwdSz > 0 && cipher != NULL) {
wolfSSL 15:117db924cf7c 31229 int ret;
wolfSSL 15:117db924cf7c 31230
wolfSSL 15:117db924cf7c 31231 ret = EncryptDerKey(derBuf, &derSz, cipher,
wolfSSL 15:117db924cf7c 31232 passwd, passwdSz, &cipherInfo);
wolfSSL 15:117db924cf7c 31233 if (ret != WOLFSSL_SUCCESS) {
wolfSSL 15:117db924cf7c 31234 WOLFSSL_MSG("EncryptDerKey failed");
wolfSSL 15:117db924cf7c 31235 XFREE(derBuf, NULL, DYNAMIC_TYPE_DER);
wolfSSL 15:117db924cf7c 31236 return ret;
wolfSSL 15:117db924cf7c 31237 }
wolfSSL 15:117db924cf7c 31238
wolfSSL 15:117db924cf7c 31239 /* tmp buffer with a max size */
wolfSSL 15:117db924cf7c 31240 *plen = (derSz * 2) + (int)XSTRLEN(header) + 1 +
wolfSSL 15:117db924cf7c 31241 (int)XSTRLEN(footer) + 1 + HEADER_ENCRYPTED_KEY_SIZE;
wolfSSL 15:117db924cf7c 31242 }
wolfSSL 15:117db924cf7c 31243 else {
wolfSSL 15:117db924cf7c 31244 /* tmp buffer with a max size */
wolfSSL 15:117db924cf7c 31245 *plen = (derSz * 2) + (int)XSTRLEN(header) + 1 +
wolfSSL 15:117db924cf7c 31246 (int)XSTRLEN(footer) + 1;
wolfSSL 15:117db924cf7c 31247 }
wolfSSL 15:117db924cf7c 31248
wolfSSL 15:117db924cf7c 31249 tmp = (byte*)XMALLOC(*plen, NULL, DYNAMIC_TYPE_PEM);
wolfSSL 15:117db924cf7c 31250 if (tmp == NULL) {
wolfSSL 15:117db924cf7c 31251 WOLFSSL_MSG("malloc failed");
wolfSSL 15:117db924cf7c 31252 XFREE(derBuf, NULL, DYNAMIC_TYPE_DER);
wolfSSL 15:117db924cf7c 31253 if (cipherInfo != NULL)
wolfSSL 15:117db924cf7c 31254 XFREE(cipherInfo, NULL, DYNAMIC_TYPE_STRING);
wolfSSL 15:117db924cf7c 31255 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 31256 }
wolfSSL 15:117db924cf7c 31257
wolfSSL 15:117db924cf7c 31258 /* DER to PEM */
wolfSSL 15:117db924cf7c 31259 *plen = wc_DerToPemEx(derBuf, derSz, tmp, *plen, cipherInfo, type);
wolfSSL 15:117db924cf7c 31260 if (*plen <= 0) {
wolfSSL 15:117db924cf7c 31261 WOLFSSL_MSG("wc_DerToPemEx failed");
wolfSSL 15:117db924cf7c 31262 XFREE(derBuf, NULL, DYNAMIC_TYPE_DER);
wolfSSL 15:117db924cf7c 31263 XFREE(tmp, NULL, DYNAMIC_TYPE_PEM);
wolfSSL 15:117db924cf7c 31264 if (cipherInfo != NULL)
wolfSSL 15:117db924cf7c 31265 XFREE(cipherInfo, NULL, DYNAMIC_TYPE_STRING);
wolfSSL 15:117db924cf7c 31266 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 31267 }
wolfSSL 15:117db924cf7c 31268 XFREE(derBuf, NULL, DYNAMIC_TYPE_DER);
wolfSSL 15:117db924cf7c 31269 if (cipherInfo != NULL)
wolfSSL 15:117db924cf7c 31270 XFREE(cipherInfo, NULL, DYNAMIC_TYPE_STRING);
wolfSSL 15:117db924cf7c 31271
wolfSSL 15:117db924cf7c 31272 *pem = (byte*)XMALLOC((*plen)+1, NULL, DYNAMIC_TYPE_KEY);
wolfSSL 15:117db924cf7c 31273 if (*pem == NULL) {
wolfSSL 15:117db924cf7c 31274 WOLFSSL_MSG("malloc failed");
wolfSSL 15:117db924cf7c 31275 XFREE(tmp, NULL, DYNAMIC_TYPE_PEM);
wolfSSL 15:117db924cf7c 31276 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 31277 }
wolfSSL 15:117db924cf7c 31278 XMEMSET(*pem, 0, (*plen)+1);
wolfSSL 15:117db924cf7c 31279
wolfSSL 15:117db924cf7c 31280 if (XMEMCPY(*pem, tmp, *plen) == NULL) {
wolfSSL 15:117db924cf7c 31281 WOLFSSL_MSG("XMEMCPY failed");
wolfSSL 15:117db924cf7c 31282 XFREE(pem, NULL, DYNAMIC_TYPE_KEY);
wolfSSL 15:117db924cf7c 31283 XFREE(tmp, NULL, DYNAMIC_TYPE_PEM);
wolfSSL 15:117db924cf7c 31284 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 31285 }
wolfSSL 15:117db924cf7c 31286 XFREE(tmp, NULL, DYNAMIC_TYPE_PEM);
wolfSSL 15:117db924cf7c 31287
wolfSSL 15:117db924cf7c 31288 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 31289 }
wolfSSL 15:117db924cf7c 31290
wolfSSL 15:117db924cf7c 31291
wolfSSL 15:117db924cf7c 31292 #ifndef NO_FILESYSTEM
wolfSSL 15:117db924cf7c 31293 /* return code compliant with OpenSSL :
wolfSSL 15:117db924cf7c 31294 * 1 if success, 0 if error
wolfSSL 15:117db924cf7c 31295 */
wolfSSL 16:8e0d178b1d1e 31296 int wolfSSL_PEM_write_RSAPrivateKey(XFILE fp, WOLFSSL_RSA *rsa,
wolfSSL 15:117db924cf7c 31297 const EVP_CIPHER *enc,
wolfSSL 15:117db924cf7c 31298 unsigned char *kstr, int klen,
wolfSSL 15:117db924cf7c 31299 pem_password_cb *cb, void *u)
wolfSSL 15:117db924cf7c 31300 {
wolfSSL 15:117db924cf7c 31301 byte *pem;
wolfSSL 15:117db924cf7c 31302 int plen, ret;
wolfSSL 15:117db924cf7c 31303
wolfSSL 15:117db924cf7c 31304 (void)cb;
wolfSSL 15:117db924cf7c 31305 (void)u;
wolfSSL 15:117db924cf7c 31306
wolfSSL 15:117db924cf7c 31307 WOLFSSL_MSG("wolfSSL_PEM_write_RSAPrivateKey");
wolfSSL 15:117db924cf7c 31308
wolfSSL 16:8e0d178b1d1e 31309 if (fp == XBADFILE || rsa == NULL || rsa->internal == NULL)
wolfSSL 16:8e0d178b1d1e 31310 {
wolfSSL 15:117db924cf7c 31311 WOLFSSL_MSG("Bad function arguments");
wolfSSL 15:117db924cf7c 31312 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 31313 }
wolfSSL 15:117db924cf7c 31314
wolfSSL 15:117db924cf7c 31315 ret = wolfSSL_PEM_write_mem_RSAPrivateKey(rsa, enc, kstr, klen, &pem, &plen);
wolfSSL 15:117db924cf7c 31316 if (ret != WOLFSSL_SUCCESS) {
wolfSSL 15:117db924cf7c 31317 WOLFSSL_MSG("wolfSSL_PEM_write_mem_RSAPrivateKey failed");
wolfSSL 15:117db924cf7c 31318 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 31319 }
wolfSSL 15:117db924cf7c 31320
wolfSSL 15:117db924cf7c 31321 ret = (int)XFWRITE(pem, plen, 1, fp);
wolfSSL 15:117db924cf7c 31322 if (ret != 1) {
wolfSSL 15:117db924cf7c 31323 WOLFSSL_MSG("RSA private key file write failed");
wolfSSL 15:117db924cf7c 31324 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 31325 }
wolfSSL 15:117db924cf7c 31326
wolfSSL 15:117db924cf7c 31327 XFREE(pem, NULL, DYNAMIC_TYPE_KEY);
wolfSSL 15:117db924cf7c 31328 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 31329 }
wolfSSL 15:117db924cf7c 31330 #endif /* NO_FILESYSTEM */
wolfSSL 15:117db924cf7c 31331 #endif /* WOLFSSL_KEY_GEN && !NO_RSA && !HAVE_USER_RSA && WOLFSSL_PEM_TO_DER */
wolfSSL 15:117db924cf7c 31332
wolfSSL 15:117db924cf7c 31333
wolfSSL 15:117db924cf7c 31334 #ifdef HAVE_ECC
wolfSSL 15:117db924cf7c 31335
wolfSSL 16:8e0d178b1d1e 31336 #ifdef ALT_ECC_SIZE
wolfSSL 16:8e0d178b1d1e 31337 static int SetIndividualInternalEcc(WOLFSSL_BIGNUM* bn, mp_int* mpi)
wolfSSL 16:8e0d178b1d1e 31338 {
wolfSSL 16:8e0d178b1d1e 31339 WOLFSSL_MSG("Entering SetIndividualInternal");
wolfSSL 16:8e0d178b1d1e 31340
wolfSSL 16:8e0d178b1d1e 31341 if (bn == NULL || bn->internal == NULL) {
wolfSSL 16:8e0d178b1d1e 31342 WOLFSSL_MSG("bn NULL error");
wolfSSL 16:8e0d178b1d1e 31343 return WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 31344 }
wolfSSL 16:8e0d178b1d1e 31345
wolfSSL 16:8e0d178b1d1e 31346 if (mpi == NULL) {
wolfSSL 16:8e0d178b1d1e 31347 WOLFSSL_MSG("mpi NULL error");
wolfSSL 16:8e0d178b1d1e 31348 return WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 31349 }
wolfSSL 16:8e0d178b1d1e 31350
wolfSSL 16:8e0d178b1d1e 31351 if (mp_copy((mp_int*)bn->internal, mpi) != MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 31352 WOLFSSL_MSG("mp_copy error");
wolfSSL 16:8e0d178b1d1e 31353 return WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 31354 }
wolfSSL 16:8e0d178b1d1e 31355
wolfSSL 16:8e0d178b1d1e 31356 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 31357 }
wolfSSL 16:8e0d178b1d1e 31358 #endif /* ALT_ECC_SIZE */
wolfSSL 16:8e0d178b1d1e 31359
wolfSSL 15:117db924cf7c 31360 /* EC_POINT Openssl -> WolfSSL */
wolfSSL 15:117db924cf7c 31361 static int SetECPointInternal(WOLFSSL_EC_POINT *p)
wolfSSL 15:117db924cf7c 31362 {
wolfSSL 15:117db924cf7c 31363 ecc_point* point;
wolfSSL 15:117db924cf7c 31364 WOLFSSL_ENTER("SetECPointInternal");
wolfSSL 15:117db924cf7c 31365
wolfSSL 15:117db924cf7c 31366 if (p == NULL || p->internal == NULL) {
wolfSSL 15:117db924cf7c 31367 WOLFSSL_MSG("ECPoint NULL error");
wolfSSL 15:117db924cf7c 31368 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 31369 }
wolfSSL 15:117db924cf7c 31370
wolfSSL 15:117db924cf7c 31371 point = (ecc_point*)p->internal;
wolfSSL 15:117db924cf7c 31372
wolfSSL 16:8e0d178b1d1e 31373 #ifndef ALT_ECC_SIZE
wolfSSL 15:117db924cf7c 31374 if (p->X != NULL && SetIndividualInternal(p->X, point->x) != WOLFSSL_SUCCESS) {
wolfSSL 15:117db924cf7c 31375 WOLFSSL_MSG("ecc point X error");
wolfSSL 15:117db924cf7c 31376 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 31377 }
wolfSSL 15:117db924cf7c 31378
wolfSSL 15:117db924cf7c 31379 if (p->Y != NULL && SetIndividualInternal(p->Y, point->y) != WOLFSSL_SUCCESS) {
wolfSSL 15:117db924cf7c 31380 WOLFSSL_MSG("ecc point Y error");
wolfSSL 15:117db924cf7c 31381 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 31382 }
wolfSSL 15:117db924cf7c 31383
wolfSSL 15:117db924cf7c 31384 if (p->Z != NULL && SetIndividualInternal(p->Z, point->z) != WOLFSSL_SUCCESS) {
wolfSSL 15:117db924cf7c 31385 WOLFSSL_MSG("ecc point Z error");
wolfSSL 15:117db924cf7c 31386 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 31387 }
wolfSSL 16:8e0d178b1d1e 31388 #else
wolfSSL 16:8e0d178b1d1e 31389 if (p->X != NULL && SetIndividualInternalEcc(p->X, point->x) != WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 31390 WOLFSSL_MSG("ecc point X error");
wolfSSL 16:8e0d178b1d1e 31391 return WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 31392 }
wolfSSL 16:8e0d178b1d1e 31393
wolfSSL 16:8e0d178b1d1e 31394 if (p->Y != NULL && SetIndividualInternalEcc(p->Y, point->y) != WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 31395 WOLFSSL_MSG("ecc point Y error");
wolfSSL 16:8e0d178b1d1e 31396 return WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 31397 }
wolfSSL 16:8e0d178b1d1e 31398
wolfSSL 16:8e0d178b1d1e 31399 if (p->Z != NULL && SetIndividualInternalEcc(p->Z, point->z) != WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 31400 WOLFSSL_MSG("ecc point Z error");
wolfSSL 16:8e0d178b1d1e 31401 return WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 31402 }
wolfSSL 16:8e0d178b1d1e 31403 #endif
wolfSSL 15:117db924cf7c 31404
wolfSSL 15:117db924cf7c 31405 p->inSet = 1;
wolfSSL 15:117db924cf7c 31406
wolfSSL 15:117db924cf7c 31407 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 31408 }
wolfSSL 15:117db924cf7c 31409
wolfSSL 15:117db924cf7c 31410 /* EC_POINT WolfSSL -> OpenSSL */
wolfSSL 15:117db924cf7c 31411 static int SetECPointExternal(WOLFSSL_EC_POINT *p)
wolfSSL 15:117db924cf7c 31412 {
wolfSSL 15:117db924cf7c 31413 ecc_point* point;
wolfSSL 15:117db924cf7c 31414
wolfSSL 15:117db924cf7c 31415 WOLFSSL_ENTER("SetECPointExternal");
wolfSSL 15:117db924cf7c 31416
wolfSSL 15:117db924cf7c 31417 if (p == NULL || p->internal == NULL) {
wolfSSL 15:117db924cf7c 31418 WOLFSSL_MSG("ECPoint NULL error");
wolfSSL 15:117db924cf7c 31419 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 31420 }
wolfSSL 15:117db924cf7c 31421
wolfSSL 15:117db924cf7c 31422 point = (ecc_point*)p->internal;
wolfSSL 15:117db924cf7c 31423
wolfSSL 15:117db924cf7c 31424 if (SetIndividualExternal(&p->X, point->x) != WOLFSSL_SUCCESS) {
wolfSSL 15:117db924cf7c 31425 WOLFSSL_MSG("ecc point X error");
wolfSSL 15:117db924cf7c 31426 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 31427 }
wolfSSL 15:117db924cf7c 31428
wolfSSL 15:117db924cf7c 31429 if (SetIndividualExternal(&p->Y, point->y) != WOLFSSL_SUCCESS) {
wolfSSL 15:117db924cf7c 31430 WOLFSSL_MSG("ecc point Y error");
wolfSSL 15:117db924cf7c 31431 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 31432 }
wolfSSL 15:117db924cf7c 31433
wolfSSL 15:117db924cf7c 31434 if (SetIndividualExternal(&p->Z, point->z) != WOLFSSL_SUCCESS) {
wolfSSL 15:117db924cf7c 31435 WOLFSSL_MSG("ecc point Z error");
wolfSSL 15:117db924cf7c 31436 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 31437 }
wolfSSL 15:117db924cf7c 31438
wolfSSL 15:117db924cf7c 31439 p->exSet = 1;
wolfSSL 15:117db924cf7c 31440
wolfSSL 15:117db924cf7c 31441 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 31442 }
wolfSSL 15:117db924cf7c 31443
wolfSSL 15:117db924cf7c 31444
wolfSSL 15:117db924cf7c 31445 /* EC_KEY wolfSSL -> OpenSSL */
wolfSSL 16:8e0d178b1d1e 31446 int SetECKeyExternal(WOLFSSL_EC_KEY* eckey)
wolfSSL 15:117db924cf7c 31447 {
wolfSSL 15:117db924cf7c 31448 ecc_key* key;
wolfSSL 15:117db924cf7c 31449
wolfSSL 15:117db924cf7c 31450 WOLFSSL_ENTER("SetECKeyExternal");
wolfSSL 15:117db924cf7c 31451
wolfSSL 15:117db924cf7c 31452 if (eckey == NULL || eckey->internal == NULL) {
wolfSSL 15:117db924cf7c 31453 WOLFSSL_MSG("ec key NULL error");
wolfSSL 15:117db924cf7c 31454 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 31455 }
wolfSSL 15:117db924cf7c 31456
wolfSSL 15:117db924cf7c 31457 key = (ecc_key*)eckey->internal;
wolfSSL 15:117db924cf7c 31458
wolfSSL 15:117db924cf7c 31459 /* set group (OID, nid and idx) */
wolfSSL 15:117db924cf7c 31460 eckey->group->curve_oid = ecc_sets[key->idx].oidSum;
wolfSSL 15:117db924cf7c 31461 eckey->group->curve_nid = ecc_sets[key->idx].id;
wolfSSL 15:117db924cf7c 31462 eckey->group->curve_idx = key->idx;
wolfSSL 15:117db924cf7c 31463
wolfSSL 15:117db924cf7c 31464 if (eckey->pub_key->internal != NULL) {
wolfSSL 15:117db924cf7c 31465 /* set the internal public key */
wolfSSL 15:117db924cf7c 31466 if (wc_ecc_copy_point(&key->pubkey,
wolfSSL 15:117db924cf7c 31467 (ecc_point*)eckey->pub_key->internal) != MP_OKAY) {
wolfSSL 15:117db924cf7c 31468 WOLFSSL_MSG("SetECKeyExternal ecc_copy_point failed");
wolfSSL 15:117db924cf7c 31469 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 31470 }
wolfSSL 15:117db924cf7c 31471
wolfSSL 15:117db924cf7c 31472 /* set the external pubkey (point) */
wolfSSL 15:117db924cf7c 31473 if (SetECPointExternal(eckey->pub_key) != WOLFSSL_SUCCESS) {
wolfSSL 15:117db924cf7c 31474 WOLFSSL_MSG("SetECKeyExternal SetECPointExternal failed");
wolfSSL 15:117db924cf7c 31475 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 31476 }
wolfSSL 15:117db924cf7c 31477 }
wolfSSL 15:117db924cf7c 31478
wolfSSL 15:117db924cf7c 31479 /* set the external privkey */
wolfSSL 15:117db924cf7c 31480 if (key->type == ECC_PRIVATEKEY) {
wolfSSL 15:117db924cf7c 31481 if (SetIndividualExternal(&eckey->priv_key, &key->k) != WOLFSSL_SUCCESS) {
wolfSSL 15:117db924cf7c 31482 WOLFSSL_MSG("ec priv key error");
wolfSSL 15:117db924cf7c 31483 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 31484 }
wolfSSL 15:117db924cf7c 31485 }
wolfSSL 15:117db924cf7c 31486
wolfSSL 15:117db924cf7c 31487 eckey->exSet = 1;
wolfSSL 15:117db924cf7c 31488
wolfSSL 15:117db924cf7c 31489 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 31490 }
wolfSSL 16:8e0d178b1d1e 31491
wolfSSL 15:117db924cf7c 31492 /* EC_KEY Openssl -> WolfSSL */
wolfSSL 16:8e0d178b1d1e 31493 int SetECKeyInternal(WOLFSSL_EC_KEY* eckey)
wolfSSL 15:117db924cf7c 31494 {
wolfSSL 15:117db924cf7c 31495 ecc_key* key;
wolfSSL 15:117db924cf7c 31496
wolfSSL 15:117db924cf7c 31497 WOLFSSL_ENTER("SetECKeyInternal");
wolfSSL 15:117db924cf7c 31498
wolfSSL 16:8e0d178b1d1e 31499 if (eckey == NULL || eckey->internal == NULL || eckey->group == NULL) {
wolfSSL 15:117db924cf7c 31500 WOLFSSL_MSG("ec key NULL error");
wolfSSL 15:117db924cf7c 31501 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 31502 }
wolfSSL 15:117db924cf7c 31503
wolfSSL 15:117db924cf7c 31504 key = (ecc_key*)eckey->internal;
wolfSSL 15:117db924cf7c 31505
wolfSSL 15:117db924cf7c 31506 /* validate group */
wolfSSL 15:117db924cf7c 31507 if ((eckey->group->curve_idx < 0) ||
wolfSSL 15:117db924cf7c 31508 (wc_ecc_is_valid_idx(eckey->group->curve_idx) == 0)) {
wolfSSL 15:117db924cf7c 31509 WOLFSSL_MSG("invalid curve idx");
wolfSSL 15:117db924cf7c 31510 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 31511 }
wolfSSL 15:117db924cf7c 31512
wolfSSL 15:117db924cf7c 31513 /* set group (idx of curve and corresponding domain parameters) */
wolfSSL 15:117db924cf7c 31514 key->idx = eckey->group->curve_idx;
wolfSSL 15:117db924cf7c 31515 key->dp = &ecc_sets[key->idx];
wolfSSL 15:117db924cf7c 31516
wolfSSL 15:117db924cf7c 31517 /* set pubkey (point) */
wolfSSL 15:117db924cf7c 31518 if (eckey->pub_key != NULL) {
wolfSSL 15:117db924cf7c 31519 if (SetECPointInternal(eckey->pub_key) != WOLFSSL_SUCCESS) {
wolfSSL 15:117db924cf7c 31520 WOLFSSL_MSG("ec key pub error");
wolfSSL 15:117db924cf7c 31521 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 31522 }
wolfSSL 15:117db924cf7c 31523
wolfSSL 16:8e0d178b1d1e 31524 /* copy over the public point to key */
wolfSSL 16:8e0d178b1d1e 31525 if (wc_ecc_copy_point((ecc_point*)eckey->pub_key->internal, &key->pubkey) != MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 31526 WOLFSSL_MSG("wc_ecc_copy_point error");
wolfSSL 16:8e0d178b1d1e 31527 return WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 31528 }
wolfSSL 16:8e0d178b1d1e 31529
wolfSSL 15:117db924cf7c 31530 /* public key */
wolfSSL 15:117db924cf7c 31531 key->type = ECC_PUBLICKEY;
wolfSSL 15:117db924cf7c 31532 }
wolfSSL 15:117db924cf7c 31533
wolfSSL 15:117db924cf7c 31534 /* set privkey */
wolfSSL 15:117db924cf7c 31535 if (eckey->priv_key != NULL) {
wolfSSL 15:117db924cf7c 31536 if (SetIndividualInternal(eckey->priv_key, &key->k) != WOLFSSL_SUCCESS) {
wolfSSL 15:117db924cf7c 31537 WOLFSSL_MSG("ec key priv error");
wolfSSL 15:117db924cf7c 31538 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 31539 }
wolfSSL 15:117db924cf7c 31540
wolfSSL 15:117db924cf7c 31541 /* private key */
wolfSSL 15:117db924cf7c 31542 key->type = ECC_PRIVATEKEY;
wolfSSL 15:117db924cf7c 31543 }
wolfSSL 15:117db924cf7c 31544
wolfSSL 15:117db924cf7c 31545 eckey->inSet = 1;
wolfSSL 15:117db924cf7c 31546
wolfSSL 15:117db924cf7c 31547 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 31548 }
wolfSSL 15:117db924cf7c 31549
wolfSSL 15:117db924cf7c 31550 WOLFSSL_EC_POINT *wolfSSL_EC_KEY_get0_public_key(const WOLFSSL_EC_KEY *key)
wolfSSL 15:117db924cf7c 31551 {
wolfSSL 15:117db924cf7c 31552 WOLFSSL_ENTER("wolfSSL_EC_KEY_get0_public_key");
wolfSSL 15:117db924cf7c 31553
wolfSSL 15:117db924cf7c 31554 if (key == NULL) {
wolfSSL 16:8e0d178b1d1e 31555 WOLFSSL_MSG("wolfSSL_EC_KEY_get0_public_key Bad arguments");
wolfSSL 15:117db924cf7c 31556 return NULL;
wolfSSL 15:117db924cf7c 31557 }
wolfSSL 15:117db924cf7c 31558
wolfSSL 15:117db924cf7c 31559 return key->pub_key;
wolfSSL 15:117db924cf7c 31560 }
wolfSSL 15:117db924cf7c 31561
wolfSSL 15:117db924cf7c 31562 const WOLFSSL_EC_GROUP *wolfSSL_EC_KEY_get0_group(const WOLFSSL_EC_KEY *key)
wolfSSL 15:117db924cf7c 31563 {
wolfSSL 15:117db924cf7c 31564 WOLFSSL_ENTER("wolfSSL_EC_KEY_get0_group");
wolfSSL 15:117db924cf7c 31565
wolfSSL 15:117db924cf7c 31566 if (key == NULL) {
wolfSSL 15:117db924cf7c 31567 WOLFSSL_MSG("wolfSSL_EC_KEY_get0_group Bad arguments");
wolfSSL 15:117db924cf7c 31568 return NULL;
wolfSSL 15:117db924cf7c 31569 }
wolfSSL 15:117db924cf7c 31570
wolfSSL 15:117db924cf7c 31571 return key->group;
wolfSSL 15:117db924cf7c 31572 }
wolfSSL 15:117db924cf7c 31573
wolfSSL 15:117db924cf7c 31574
wolfSSL 15:117db924cf7c 31575 /* return code compliant with OpenSSL :
wolfSSL 15:117db924cf7c 31576 * 1 if success, 0 if error
wolfSSL 15:117db924cf7c 31577 */
wolfSSL 15:117db924cf7c 31578 int wolfSSL_EC_KEY_set_private_key(WOLFSSL_EC_KEY *key,
wolfSSL 15:117db924cf7c 31579 const WOLFSSL_BIGNUM *priv_key)
wolfSSL 15:117db924cf7c 31580 {
wolfSSL 15:117db924cf7c 31581 WOLFSSL_ENTER("wolfSSL_EC_KEY_set_private_key");
wolfSSL 15:117db924cf7c 31582
wolfSSL 15:117db924cf7c 31583 if (key == NULL || priv_key == NULL) {
wolfSSL 15:117db924cf7c 31584 WOLFSSL_MSG("Bad arguments");
wolfSSL 15:117db924cf7c 31585 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 31586 }
wolfSSL 15:117db924cf7c 31587
wolfSSL 15:117db924cf7c 31588 /* free key if previously set */
wolfSSL 15:117db924cf7c 31589 if (key->priv_key != NULL)
wolfSSL 15:117db924cf7c 31590 wolfSSL_BN_free(key->priv_key);
wolfSSL 15:117db924cf7c 31591
wolfSSL 15:117db924cf7c 31592 key->priv_key = wolfSSL_BN_dup(priv_key);
wolfSSL 15:117db924cf7c 31593 if (key->priv_key == NULL) {
wolfSSL 15:117db924cf7c 31594 WOLFSSL_MSG("key ecc priv key NULL");
wolfSSL 15:117db924cf7c 31595 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 31596 }
wolfSSL 15:117db924cf7c 31597
wolfSSL 15:117db924cf7c 31598 if (SetECKeyInternal(key) != WOLFSSL_SUCCESS) {
wolfSSL 15:117db924cf7c 31599 WOLFSSL_MSG("SetECKeyInternal failed");
wolfSSL 15:117db924cf7c 31600 wolfSSL_BN_free(key->priv_key);
wolfSSL 15:117db924cf7c 31601 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 31602 }
wolfSSL 15:117db924cf7c 31603
wolfSSL 15:117db924cf7c 31604 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 31605 }
wolfSSL 15:117db924cf7c 31606
wolfSSL 15:117db924cf7c 31607
wolfSSL 15:117db924cf7c 31608 WOLFSSL_BIGNUM *wolfSSL_EC_KEY_get0_private_key(const WOLFSSL_EC_KEY *key)
wolfSSL 15:117db924cf7c 31609 {
wolfSSL 15:117db924cf7c 31610 WOLFSSL_ENTER("wolfSSL_EC_KEY_get0_private_key");
wolfSSL 15:117db924cf7c 31611
wolfSSL 15:117db924cf7c 31612 if (key == NULL) {
wolfSSL 15:117db924cf7c 31613 WOLFSSL_MSG("wolfSSL_EC_KEY_get0_private_key Bad arguments");
wolfSSL 15:117db924cf7c 31614 return NULL;
wolfSSL 15:117db924cf7c 31615 }
wolfSSL 15:117db924cf7c 31616
wolfSSL 16:8e0d178b1d1e 31617 if (wolfSSL_BN_is_zero(key->priv_key)) {
wolfSSL 16:8e0d178b1d1e 31618 /* return NULL if not set */
wolfSSL 16:8e0d178b1d1e 31619 return NULL;
wolfSSL 16:8e0d178b1d1e 31620 }
wolfSSL 16:8e0d178b1d1e 31621
wolfSSL 15:117db924cf7c 31622 return key->priv_key;
wolfSSL 15:117db924cf7c 31623 }
wolfSSL 15:117db924cf7c 31624
wolfSSL 15:117db924cf7c 31625 WOLFSSL_EC_KEY *wolfSSL_EC_KEY_new_by_curve_name(int nid)
wolfSSL 15:117db924cf7c 31626 {
wolfSSL 15:117db924cf7c 31627 WOLFSSL_EC_KEY *key;
wolfSSL 15:117db924cf7c 31628 int x;
wolfSSL 16:8e0d178b1d1e 31629 int eccEnum;
wolfSSL 15:117db924cf7c 31630
wolfSSL 15:117db924cf7c 31631 WOLFSSL_ENTER("wolfSSL_EC_KEY_new_by_curve_name");
wolfSSL 15:117db924cf7c 31632
wolfSSL 16:8e0d178b1d1e 31633 /* If NID passed in is OpenSSL type, convert it to ecc_curve_id enum */
wolfSSL 16:8e0d178b1d1e 31634 eccEnum = NIDToEccEnum(nid);
wolfSSL 16:8e0d178b1d1e 31635 if (eccEnum == -1)
wolfSSL 16:8e0d178b1d1e 31636 eccEnum = nid;
wolfSSL 16:8e0d178b1d1e 31637
wolfSSL 15:117db924cf7c 31638 key = wolfSSL_EC_KEY_new();
wolfSSL 15:117db924cf7c 31639 if (key == NULL) {
wolfSSL 15:117db924cf7c 31640 WOLFSSL_MSG("wolfSSL_EC_KEY_new failure");
wolfSSL 15:117db924cf7c 31641 return NULL;
wolfSSL 15:117db924cf7c 31642 }
wolfSSL 15:117db924cf7c 31643
wolfSSL 15:117db924cf7c 31644 /* set the nid of the curve */
wolfSSL 16:8e0d178b1d1e 31645 key->group->curve_nid = eccEnum;
wolfSSL 15:117db924cf7c 31646
wolfSSL 15:117db924cf7c 31647 /* search and set the corresponding internal curve idx */
wolfSSL 15:117db924cf7c 31648 for (x = 0; ecc_sets[x].size != 0; x++)
wolfSSL 15:117db924cf7c 31649 if (ecc_sets[x].id == key->group->curve_nid) {
wolfSSL 15:117db924cf7c 31650 key->group->curve_idx = x;
wolfSSL 15:117db924cf7c 31651 key->group->curve_oid = ecc_sets[x].oidSum;
wolfSSL 15:117db924cf7c 31652 break;
wolfSSL 15:117db924cf7c 31653 }
wolfSSL 15:117db924cf7c 31654
wolfSSL 15:117db924cf7c 31655 return key;
wolfSSL 15:117db924cf7c 31656 }
wolfSSL 15:117db924cf7c 31657
wolfSSL 16:8e0d178b1d1e 31658 const char* wolfSSL_EC_curve_nid2nist(int nid)
wolfSSL 16:8e0d178b1d1e 31659 {
wolfSSL 16:8e0d178b1d1e 31660 const WOLF_EC_NIST_NAME* nist_name;
wolfSSL 16:8e0d178b1d1e 31661 for (nist_name = kNistCurves; nist_name->name != NULL; nist_name++) {
wolfSSL 16:8e0d178b1d1e 31662 if (nist_name->nid == nid) {
wolfSSL 16:8e0d178b1d1e 31663 return kNistCurves->name;
wolfSSL 16:8e0d178b1d1e 31664 }
wolfSSL 16:8e0d178b1d1e 31665 }
wolfSSL 16:8e0d178b1d1e 31666 return NULL;
wolfSSL 16:8e0d178b1d1e 31667 }
wolfSSL 16:8e0d178b1d1e 31668
wolfSSL 16:8e0d178b1d1e 31669 #ifdef WOLFSSL_TLS13
wolfSSL 16:8e0d178b1d1e 31670 static int populate_groups(int* groups, int max_count, char *list)
wolfSSL 16:8e0d178b1d1e 31671 {
wolfSSL 16:8e0d178b1d1e 31672 char *end;
wolfSSL 16:8e0d178b1d1e 31673 int len;
wolfSSL 16:8e0d178b1d1e 31674 int count = 0;
wolfSSL 16:8e0d178b1d1e 31675 const WOLF_EC_NIST_NAME* nist_name;
wolfSSL 16:8e0d178b1d1e 31676
wolfSSL 16:8e0d178b1d1e 31677 if (!groups || !list) {
wolfSSL 16:8e0d178b1d1e 31678 return -1;
wolfSSL 16:8e0d178b1d1e 31679 }
wolfSSL 16:8e0d178b1d1e 31680
wolfSSL 16:8e0d178b1d1e 31681 for (end = list; ; list = ++end) {
wolfSSL 16:8e0d178b1d1e 31682 if (count > max_count) {
wolfSSL 16:8e0d178b1d1e 31683 WOLFSSL_MSG("Too many curves in list");
wolfSSL 16:8e0d178b1d1e 31684 return -1;
wolfSSL 16:8e0d178b1d1e 31685 }
wolfSSL 16:8e0d178b1d1e 31686 while (*end != ':' && *end != '\0') end++;
wolfSSL 16:8e0d178b1d1e 31687 len = (int)(end - list); /* end points to char after end
wolfSSL 16:8e0d178b1d1e 31688 * of curve name so no need for -1 */
wolfSSL 16:8e0d178b1d1e 31689 if ((len < kNistCurves_MIN_NAME_LEN) ||
wolfSSL 16:8e0d178b1d1e 31690 (len > kNistCurves_MAX_NAME_LEN)) {
wolfSSL 16:8e0d178b1d1e 31691 WOLFSSL_MSG("Unrecognized curve name in list");
wolfSSL 16:8e0d178b1d1e 31692 return -1;
wolfSSL 16:8e0d178b1d1e 31693 }
wolfSSL 16:8e0d178b1d1e 31694 for (nist_name = kNistCurves; nist_name->name != NULL; nist_name++) {
wolfSSL 16:8e0d178b1d1e 31695 if (len == nist_name->name_len &&
wolfSSL 16:8e0d178b1d1e 31696 XSTRNCMP(list, nist_name->name, nist_name->name_len) == 0) {
wolfSSL 16:8e0d178b1d1e 31697 break;
wolfSSL 16:8e0d178b1d1e 31698 }
wolfSSL 16:8e0d178b1d1e 31699 }
wolfSSL 16:8e0d178b1d1e 31700 if (!nist_name->name) {
wolfSSL 16:8e0d178b1d1e 31701 WOLFSSL_MSG("Unrecognized curve name in list");
wolfSSL 16:8e0d178b1d1e 31702 return -1;
wolfSSL 16:8e0d178b1d1e 31703 }
wolfSSL 16:8e0d178b1d1e 31704 groups[count++] = nist_name->nid;
wolfSSL 16:8e0d178b1d1e 31705 if (*end == '\0') break;
wolfSSL 16:8e0d178b1d1e 31706 }
wolfSSL 16:8e0d178b1d1e 31707
wolfSSL 16:8e0d178b1d1e 31708 return count;
wolfSSL 16:8e0d178b1d1e 31709 }
wolfSSL 16:8e0d178b1d1e 31710
wolfSSL 16:8e0d178b1d1e 31711 int wolfSSL_CTX_set1_groups_list(WOLFSSL_CTX *ctx, char *list)
wolfSSL 16:8e0d178b1d1e 31712 {
wolfSSL 16:8e0d178b1d1e 31713 int groups[WOLFSSL_MAX_GROUP_COUNT];
wolfSSL 16:8e0d178b1d1e 31714 int count;
wolfSSL 16:8e0d178b1d1e 31715
wolfSSL 16:8e0d178b1d1e 31716 if (!ctx || !list) {
wolfSSL 16:8e0d178b1d1e 31717 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 31718 }
wolfSSL 16:8e0d178b1d1e 31719
wolfSSL 16:8e0d178b1d1e 31720 if ((count = populate_groups(groups,
wolfSSL 16:8e0d178b1d1e 31721 WOLFSSL_MAX_GROUP_COUNT, list)) == -1) {
wolfSSL 16:8e0d178b1d1e 31722 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 31723 }
wolfSSL 16:8e0d178b1d1e 31724
wolfSSL 16:8e0d178b1d1e 31725 return wolfSSL_CTX_set_groups(ctx, groups, count) == WOLFSSL_SUCCESS ?
wolfSSL 16:8e0d178b1d1e 31726 WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 31727 }
wolfSSL 16:8e0d178b1d1e 31728
wolfSSL 16:8e0d178b1d1e 31729 int wolfSSL_set1_groups_list(WOLFSSL *ssl, char *list)
wolfSSL 16:8e0d178b1d1e 31730 {
wolfSSL 16:8e0d178b1d1e 31731 int groups[WOLFSSL_MAX_GROUP_COUNT];
wolfSSL 16:8e0d178b1d1e 31732 int count;
wolfSSL 16:8e0d178b1d1e 31733
wolfSSL 16:8e0d178b1d1e 31734 if (!ssl || !list) {
wolfSSL 16:8e0d178b1d1e 31735 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 31736 }
wolfSSL 16:8e0d178b1d1e 31737
wolfSSL 16:8e0d178b1d1e 31738 if ((count = populate_groups(groups,
wolfSSL 16:8e0d178b1d1e 31739 WOLFSSL_MAX_GROUP_COUNT, list)) == -1) {
wolfSSL 16:8e0d178b1d1e 31740 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 31741 }
wolfSSL 16:8e0d178b1d1e 31742
wolfSSL 16:8e0d178b1d1e 31743 return wolfSSL_set_groups(ssl, groups, count) == WOLFSSL_SUCCESS ?
wolfSSL 16:8e0d178b1d1e 31744 WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 31745 }
wolfSSL 16:8e0d178b1d1e 31746 #endif /* WOLFSSL_TLS13 */
wolfSSL 16:8e0d178b1d1e 31747
wolfSSL 15:117db924cf7c 31748 static void InitwolfSSL_ECKey(WOLFSSL_EC_KEY* key)
wolfSSL 15:117db924cf7c 31749 {
wolfSSL 15:117db924cf7c 31750 if (key) {
wolfSSL 15:117db924cf7c 31751 key->group = NULL;
wolfSSL 15:117db924cf7c 31752 key->pub_key = NULL;
wolfSSL 15:117db924cf7c 31753 key->priv_key = NULL;
wolfSSL 15:117db924cf7c 31754 key->internal = NULL;
wolfSSL 15:117db924cf7c 31755 key->inSet = 0;
wolfSSL 15:117db924cf7c 31756 key->exSet = 0;
wolfSSL 15:117db924cf7c 31757 }
wolfSSL 15:117db924cf7c 31758 }
wolfSSL 15:117db924cf7c 31759
wolfSSL 15:117db924cf7c 31760 WOLFSSL_EC_KEY *wolfSSL_EC_KEY_new(void)
wolfSSL 15:117db924cf7c 31761 {
wolfSSL 15:117db924cf7c 31762 WOLFSSL_EC_KEY *external;
wolfSSL 15:117db924cf7c 31763 WOLFSSL_ENTER("wolfSSL_EC_KEY_new");
wolfSSL 15:117db924cf7c 31764
wolfSSL 15:117db924cf7c 31765 external = (WOLFSSL_EC_KEY*)XMALLOC(sizeof(WOLFSSL_EC_KEY), NULL,
wolfSSL 15:117db924cf7c 31766 DYNAMIC_TYPE_ECC);
wolfSSL 15:117db924cf7c 31767 if (external == NULL) {
wolfSSL 15:117db924cf7c 31768 WOLFSSL_MSG("wolfSSL_EC_KEY_new malloc WOLFSSL_EC_KEY failure");
wolfSSL 15:117db924cf7c 31769 return NULL;
wolfSSL 15:117db924cf7c 31770 }
wolfSSL 15:117db924cf7c 31771 XMEMSET(external, 0, sizeof(WOLFSSL_EC_KEY));
wolfSSL 15:117db924cf7c 31772
wolfSSL 15:117db924cf7c 31773 InitwolfSSL_ECKey(external);
wolfSSL 15:117db924cf7c 31774
wolfSSL 15:117db924cf7c 31775 external->internal = (ecc_key*)XMALLOC(sizeof(ecc_key), NULL,
wolfSSL 15:117db924cf7c 31776 DYNAMIC_TYPE_ECC);
wolfSSL 15:117db924cf7c 31777 if (external->internal == NULL) {
wolfSSL 15:117db924cf7c 31778 WOLFSSL_MSG("wolfSSL_EC_KEY_new malloc ecc key failure");
wolfSSL 16:8e0d178b1d1e 31779 goto error;
wolfSSL 15:117db924cf7c 31780 }
wolfSSL 15:117db924cf7c 31781 XMEMSET(external->internal, 0, sizeof(ecc_key));
wolfSSL 15:117db924cf7c 31782
wolfSSL 16:8e0d178b1d1e 31783 if (wc_ecc_init((ecc_key*)external->internal) != 0) {
wolfSSL 16:8e0d178b1d1e 31784 WOLFSSL_MSG("wolfSSL_EC_KEY_new init ecc key failure");
wolfSSL 16:8e0d178b1d1e 31785 goto error;
wolfSSL 15:117db924cf7c 31786 }
wolfSSL 15:117db924cf7c 31787
wolfSSL 15:117db924cf7c 31788 /* curve group */
wolfSSL 16:8e0d178b1d1e 31789 external->group = wolfSSL_EC_GROUP_new_by_curve_name(ECC_CURVE_DEF);
wolfSSL 15:117db924cf7c 31790 if (external->group == NULL) {
wolfSSL 15:117db924cf7c 31791 WOLFSSL_MSG("wolfSSL_EC_KEY_new malloc WOLFSSL_EC_GROUP failure");
wolfSSL 16:8e0d178b1d1e 31792 goto error;
wolfSSL 16:8e0d178b1d1e 31793 }
wolfSSL 16:8e0d178b1d1e 31794
wolfSSL 16:8e0d178b1d1e 31795 /* public key */
wolfSSL 16:8e0d178b1d1e 31796 external->pub_key = wolfSSL_EC_POINT_new(external->group);
wolfSSL 16:8e0d178b1d1e 31797 if (external->pub_key == NULL) {
wolfSSL 16:8e0d178b1d1e 31798 WOLFSSL_MSG("wolfSSL_EC_POINT_new failure");
wolfSSL 16:8e0d178b1d1e 31799 goto error;
wolfSSL 16:8e0d178b1d1e 31800 }
wolfSSL 15:117db924cf7c 31801
wolfSSL 15:117db924cf7c 31802 /* private key */
wolfSSL 15:117db924cf7c 31803 external->priv_key = wolfSSL_BN_new();
wolfSSL 15:117db924cf7c 31804 if (external->priv_key == NULL) {
wolfSSL 15:117db924cf7c 31805 WOLFSSL_MSG("wolfSSL_BN_new failure");
wolfSSL 16:8e0d178b1d1e 31806 goto error;
wolfSSL 15:117db924cf7c 31807 }
wolfSSL 15:117db924cf7c 31808
wolfSSL 15:117db924cf7c 31809 return external;
wolfSSL 16:8e0d178b1d1e 31810 error:
wolfSSL 16:8e0d178b1d1e 31811 wolfSSL_EC_KEY_free(external);
wolfSSL 16:8e0d178b1d1e 31812 return NULL;
wolfSSL 15:117db924cf7c 31813 }
wolfSSL 15:117db924cf7c 31814
wolfSSL 15:117db924cf7c 31815 void wolfSSL_EC_KEY_free(WOLFSSL_EC_KEY *key)
wolfSSL 15:117db924cf7c 31816 {
wolfSSL 15:117db924cf7c 31817 WOLFSSL_ENTER("wolfSSL_EC_KEY_free");
wolfSSL 15:117db924cf7c 31818
wolfSSL 15:117db924cf7c 31819 if (key != NULL) {
wolfSSL 15:117db924cf7c 31820 if (key->internal != NULL) {
wolfSSL 15:117db924cf7c 31821 wc_ecc_free((ecc_key*)key->internal);
wolfSSL 15:117db924cf7c 31822 XFREE(key->internal, NULL, DYNAMIC_TYPE_ECC);
wolfSSL 15:117db924cf7c 31823 }
wolfSSL 15:117db924cf7c 31824 wolfSSL_BN_free(key->priv_key);
wolfSSL 15:117db924cf7c 31825 wolfSSL_EC_POINT_free(key->pub_key);
wolfSSL 15:117db924cf7c 31826 wolfSSL_EC_GROUP_free(key->group);
wolfSSL 15:117db924cf7c 31827 InitwolfSSL_ECKey(key); /* set back to NULLs for safety */
wolfSSL 15:117db924cf7c 31828
wolfSSL 15:117db924cf7c 31829 XFREE(key, NULL, DYNAMIC_TYPE_ECC);
wolfSSL 16:8e0d178b1d1e 31830 /* key = NULL, don't try to access or double free it */
wolfSSL 16:8e0d178b1d1e 31831 }
wolfSSL 16:8e0d178b1d1e 31832 }
wolfSSL 15:117db924cf7c 31833
wolfSSL 15:117db924cf7c 31834 #ifndef NO_WOLFSSL_STUB
wolfSSL 15:117db924cf7c 31835 int wolfSSL_EC_KEY_set_group(WOLFSSL_EC_KEY *key, WOLFSSL_EC_GROUP *group)
wolfSSL 15:117db924cf7c 31836 {
wolfSSL 15:117db924cf7c 31837 (void)key;
wolfSSL 15:117db924cf7c 31838 (void)group;
wolfSSL 15:117db924cf7c 31839
wolfSSL 15:117db924cf7c 31840 WOLFSSL_ENTER("wolfSSL_EC_KEY_set_group");
wolfSSL 15:117db924cf7c 31841 WOLFSSL_STUB("EC_KEY_set_group");
wolfSSL 15:117db924cf7c 31842
wolfSSL 15:117db924cf7c 31843 return -1;
wolfSSL 15:117db924cf7c 31844 }
wolfSSL 15:117db924cf7c 31845 #endif
wolfSSL 15:117db924cf7c 31846
wolfSSL 15:117db924cf7c 31847 int wolfSSL_EC_KEY_generate_key(WOLFSSL_EC_KEY *key)
wolfSSL 15:117db924cf7c 31848 {
wolfSSL 15:117db924cf7c 31849 int initTmpRng = 0;
wolfSSL 15:117db924cf7c 31850 WC_RNG* rng = NULL;
wolfSSL 15:117db924cf7c 31851 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 31852 WC_RNG* tmpRNG = NULL;
wolfSSL 15:117db924cf7c 31853 #else
wolfSSL 15:117db924cf7c 31854 WC_RNG tmpRNG[1];
wolfSSL 15:117db924cf7c 31855 #endif
wolfSSL 15:117db924cf7c 31856
wolfSSL 15:117db924cf7c 31857 WOLFSSL_ENTER("wolfSSL_EC_KEY_generate_key");
wolfSSL 15:117db924cf7c 31858
wolfSSL 15:117db924cf7c 31859 if (key == NULL || key->internal == NULL ||
wolfSSL 15:117db924cf7c 31860 key->group == NULL || key->group->curve_idx < 0) {
wolfSSL 15:117db924cf7c 31861 WOLFSSL_MSG("wolfSSL_EC_KEY_generate_key Bad arguments");
wolfSSL 15:117db924cf7c 31862 return 0;
wolfSSL 15:117db924cf7c 31863 }
wolfSSL 15:117db924cf7c 31864
wolfSSL 15:117db924cf7c 31865 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 31866 tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG);
wolfSSL 15:117db924cf7c 31867 if (tmpRNG == NULL)
wolfSSL 15:117db924cf7c 31868 return 0;
wolfSSL 15:117db924cf7c 31869 #endif
wolfSSL 15:117db924cf7c 31870
wolfSSL 15:117db924cf7c 31871 if (wc_InitRng(tmpRNG) == 0) {
wolfSSL 15:117db924cf7c 31872 rng = tmpRNG;
wolfSSL 15:117db924cf7c 31873 initTmpRng = 1;
wolfSSL 15:117db924cf7c 31874 }
wolfSSL 15:117db924cf7c 31875 else {
wolfSSL 15:117db924cf7c 31876 WOLFSSL_MSG("Bad RNG Init, trying global");
wolfSSL 15:117db924cf7c 31877 if (initGlobalRNG == 0)
wolfSSL 15:117db924cf7c 31878 WOLFSSL_MSG("Global RNG no Init");
wolfSSL 15:117db924cf7c 31879 else
wolfSSL 15:117db924cf7c 31880 rng = &globalRNG;
wolfSSL 15:117db924cf7c 31881 }
wolfSSL 15:117db924cf7c 31882
wolfSSL 15:117db924cf7c 31883 if (rng == NULL) {
wolfSSL 15:117db924cf7c 31884 WOLFSSL_MSG("wolfSSL_EC_KEY_generate_key failed to set RNG");
wolfSSL 15:117db924cf7c 31885 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 31886 XFREE(tmpRNG, NULL, DYNAMIC_TYPE_RNG);
wolfSSL 15:117db924cf7c 31887 #endif
wolfSSL 15:117db924cf7c 31888 return 0;
wolfSSL 15:117db924cf7c 31889 }
wolfSSL 15:117db924cf7c 31890
wolfSSL 15:117db924cf7c 31891 if (wc_ecc_make_key_ex(rng, 0, (ecc_key*)key->internal,
wolfSSL 15:117db924cf7c 31892 key->group->curve_nid) != MP_OKAY) {
wolfSSL 15:117db924cf7c 31893 WOLFSSL_MSG("wolfSSL_EC_KEY_generate_key wc_ecc_make_key failed");
wolfSSL 15:117db924cf7c 31894 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 31895 XFREE(tmpRNG, NULL, DYNAMIC_TYPE_RNG);
wolfSSL 15:117db924cf7c 31896 #endif
wolfSSL 15:117db924cf7c 31897 return 0;
wolfSSL 15:117db924cf7c 31898 }
wolfSSL 15:117db924cf7c 31899
wolfSSL 15:117db924cf7c 31900 if (initTmpRng)
wolfSSL 15:117db924cf7c 31901 wc_FreeRng(tmpRNG);
wolfSSL 15:117db924cf7c 31902 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 31903 XFREE(tmpRNG, NULL, DYNAMIC_TYPE_RNG);
wolfSSL 15:117db924cf7c 31904 #endif
wolfSSL 15:117db924cf7c 31905
wolfSSL 15:117db924cf7c 31906 if (SetECKeyExternal(key) != WOLFSSL_SUCCESS) {
wolfSSL 15:117db924cf7c 31907 WOLFSSL_MSG("wolfSSL_EC_KEY_generate_key SetECKeyExternal failed");
wolfSSL 15:117db924cf7c 31908 return 0;
wolfSSL 15:117db924cf7c 31909 }
wolfSSL 15:117db924cf7c 31910
wolfSSL 15:117db924cf7c 31911 return 1;
wolfSSL 15:117db924cf7c 31912 }
wolfSSL 15:117db924cf7c 31913
wolfSSL 15:117db924cf7c 31914 #ifndef NO_WOLFSSL_STUB
wolfSSL 15:117db924cf7c 31915 void wolfSSL_EC_KEY_set_asn1_flag(WOLFSSL_EC_KEY *key, int asn1_flag)
wolfSSL 15:117db924cf7c 31916 {
wolfSSL 15:117db924cf7c 31917 (void)key;
wolfSSL 15:117db924cf7c 31918 (void)asn1_flag;
wolfSSL 15:117db924cf7c 31919
wolfSSL 15:117db924cf7c 31920 WOLFSSL_ENTER("wolfSSL_EC_KEY_set_asn1_flag");
wolfSSL 15:117db924cf7c 31921 WOLFSSL_STUB("EC_KEY_set_asn1_flag");
wolfSSL 15:117db924cf7c 31922 }
wolfSSL 15:117db924cf7c 31923 #endif
wolfSSL 15:117db924cf7c 31924
wolfSSL 16:8e0d178b1d1e 31925 static int setupPoint(const WOLFSSL_EC_POINT *p) {
wolfSSL 16:8e0d178b1d1e 31926 if (!p) {
wolfSSL 16:8e0d178b1d1e 31927 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 31928 }
wolfSSL 16:8e0d178b1d1e 31929 if (p->inSet == 0) {
wolfSSL 16:8e0d178b1d1e 31930 WOLFSSL_MSG("No ECPoint internal set, do it");
wolfSSL 16:8e0d178b1d1e 31931
wolfSSL 16:8e0d178b1d1e 31932 if (SetECPointInternal((WOLFSSL_EC_POINT *)p) != WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 31933 WOLFSSL_MSG("SetECPointInternal SetECPointInternal failed");
wolfSSL 16:8e0d178b1d1e 31934 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 31935 }
wolfSSL 16:8e0d178b1d1e 31936 }
wolfSSL 16:8e0d178b1d1e 31937 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 31938 }
wolfSSL 16:8e0d178b1d1e 31939
wolfSSL 15:117db924cf7c 31940 /* return code compliant with OpenSSL :
wolfSSL 15:117db924cf7c 31941 * 1 if success, 0 if error
wolfSSL 15:117db924cf7c 31942 */
wolfSSL 15:117db924cf7c 31943 int wolfSSL_EC_KEY_set_public_key(WOLFSSL_EC_KEY *key,
wolfSSL 15:117db924cf7c 31944 const WOLFSSL_EC_POINT *pub)
wolfSSL 15:117db924cf7c 31945 {
wolfSSL 15:117db924cf7c 31946 ecc_point *pub_p, *key_p;
wolfSSL 15:117db924cf7c 31947
wolfSSL 15:117db924cf7c 31948 WOLFSSL_ENTER("wolfSSL_EC_KEY_set_public_key");
wolfSSL 15:117db924cf7c 31949
wolfSSL 15:117db924cf7c 31950 if (key == NULL || key->internal == NULL ||
wolfSSL 15:117db924cf7c 31951 pub == NULL || pub->internal == NULL) {
wolfSSL 15:117db924cf7c 31952 WOLFSSL_MSG("wolfSSL_EC_GROUP_get_order Bad arguments");
wolfSSL 15:117db924cf7c 31953 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 31954 }
wolfSSL 15:117db924cf7c 31955
wolfSSL 15:117db924cf7c 31956 if (key->inSet == 0) {
wolfSSL 15:117db924cf7c 31957 if (SetECKeyInternal(key) != WOLFSSL_SUCCESS) {
wolfSSL 15:117db924cf7c 31958 WOLFSSL_MSG("SetECKeyInternal failed");
wolfSSL 15:117db924cf7c 31959 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 31960 }
wolfSSL 15:117db924cf7c 31961 }
wolfSSL 15:117db924cf7c 31962
wolfSSL 16:8e0d178b1d1e 31963 if (setupPoint(pub) != WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 31964 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 31965 }
wolfSSL 15:117db924cf7c 31966
wolfSSL 15:117db924cf7c 31967 pub_p = (ecc_point*)pub->internal;
wolfSSL 15:117db924cf7c 31968 key_p = (ecc_point*)key->pub_key->internal;
wolfSSL 15:117db924cf7c 31969
wolfSSL 15:117db924cf7c 31970 /* create new point if required */
wolfSSL 15:117db924cf7c 31971 if (key_p == NULL)
wolfSSL 15:117db924cf7c 31972 key_p = wc_ecc_new_point();
wolfSSL 15:117db924cf7c 31973
wolfSSL 15:117db924cf7c 31974 if (key_p == NULL) {
wolfSSL 15:117db924cf7c 31975 WOLFSSL_MSG("key ecc point NULL");
wolfSSL 15:117db924cf7c 31976 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 31977 }
wolfSSL 15:117db924cf7c 31978
wolfSSL 15:117db924cf7c 31979 if (wc_ecc_copy_point(pub_p, key_p) != MP_OKAY) {
wolfSSL 15:117db924cf7c 31980 WOLFSSL_MSG("ecc_copy_point failure");
wolfSSL 15:117db924cf7c 31981 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 31982 }
wolfSSL 15:117db924cf7c 31983
wolfSSL 16:8e0d178b1d1e 31984 if (SetECPointExternal(key->pub_key) != WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 31985 WOLFSSL_MSG("SetECKeyInternal failed");
wolfSSL 16:8e0d178b1d1e 31986 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 31987 }
wolfSSL 16:8e0d178b1d1e 31988
wolfSSL 16:8e0d178b1d1e 31989 if (SetECKeyInternal(key) != WOLFSSL_SUCCESS) {
wolfSSL 15:117db924cf7c 31990 WOLFSSL_MSG("SetECKeyInternal failed");
wolfSSL 15:117db924cf7c 31991 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 31992 }
wolfSSL 15:117db924cf7c 31993
wolfSSL 15:117db924cf7c 31994 wolfSSL_EC_POINT_dump("pub", pub);
wolfSSL 15:117db924cf7c 31995 wolfSSL_EC_POINT_dump("key->pub_key", key->pub_key);
wolfSSL 15:117db924cf7c 31996
wolfSSL 15:117db924cf7c 31997 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 31998 }
wolfSSL 15:117db924cf7c 31999 /* End EC_KEY */
wolfSSL 15:117db924cf7c 32000
wolfSSL 16:8e0d178b1d1e 32001 int wolfSSL_ECDSA_size(const WOLFSSL_EC_KEY *key)
wolfSSL 16:8e0d178b1d1e 32002 {
wolfSSL 16:8e0d178b1d1e 32003 const EC_GROUP *group;
wolfSSL 16:8e0d178b1d1e 32004 int bits, bytes;
wolfSSL 16:8e0d178b1d1e 32005 word32 headerSz = 4; /* 2*ASN_TAG + 2*LEN(ENUM) */
wolfSSL 16:8e0d178b1d1e 32006
wolfSSL 16:8e0d178b1d1e 32007 if (!key) {
wolfSSL 16:8e0d178b1d1e 32008 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 32009 }
wolfSSL 16:8e0d178b1d1e 32010
wolfSSL 16:8e0d178b1d1e 32011 if (!(group = wolfSSL_EC_KEY_get0_group(key))) {
wolfSSL 16:8e0d178b1d1e 32012 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 32013 }
wolfSSL 16:8e0d178b1d1e 32014 if ((bits = wolfSSL_EC_GROUP_order_bits(group)) == 0) {
wolfSSL 16:8e0d178b1d1e 32015 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 32016 }
wolfSSL 16:8e0d178b1d1e 32017 bytes = (bits + 7) / 8; /* bytes needed to hold bits */
wolfSSL 16:8e0d178b1d1e 32018 return headerSz +
wolfSSL 16:8e0d178b1d1e 32019 2 + /* possible leading zeroes in r and s */
wolfSSL 16:8e0d178b1d1e 32020 bytes + bytes + /* r and s */
wolfSSL 16:8e0d178b1d1e 32021 2;
wolfSSL 16:8e0d178b1d1e 32022 }
wolfSSL 16:8e0d178b1d1e 32023
wolfSSL 16:8e0d178b1d1e 32024 int wolfSSL_ECDSA_sign(int type, const unsigned char *digest,
wolfSSL 16:8e0d178b1d1e 32025 int digestSz, unsigned char *sig,
wolfSSL 16:8e0d178b1d1e 32026 unsigned int *sigSz, WOLFSSL_EC_KEY *key)
wolfSSL 16:8e0d178b1d1e 32027 {
wolfSSL 16:8e0d178b1d1e 32028 int ret = WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 32029 WC_RNG* rng = NULL;
wolfSSL 16:8e0d178b1d1e 32030 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 16:8e0d178b1d1e 32031 WC_RNG* tmpRNG = NULL;
wolfSSL 16:8e0d178b1d1e 32032 #else
wolfSSL 16:8e0d178b1d1e 32033 WC_RNG tmpRNG[1];
wolfSSL 16:8e0d178b1d1e 32034 #endif
wolfSSL 16:8e0d178b1d1e 32035 int initTmpRng = 0;
wolfSSL 16:8e0d178b1d1e 32036
wolfSSL 16:8e0d178b1d1e 32037 WOLFSSL_ENTER("wolfSSL_ECDSA_sign");
wolfSSL 16:8e0d178b1d1e 32038
wolfSSL 16:8e0d178b1d1e 32039 if (!key) {
wolfSSL 16:8e0d178b1d1e 32040 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 32041 }
wolfSSL 16:8e0d178b1d1e 32042
wolfSSL 16:8e0d178b1d1e 32043 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 16:8e0d178b1d1e 32044 tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG);
wolfSSL 16:8e0d178b1d1e 32045 if (tmpRNG == NULL)
wolfSSL 16:8e0d178b1d1e 32046 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 32047 #endif
wolfSSL 16:8e0d178b1d1e 32048
wolfSSL 16:8e0d178b1d1e 32049 if (wc_InitRng(tmpRNG) == 0) {
wolfSSL 16:8e0d178b1d1e 32050 rng = tmpRNG;
wolfSSL 16:8e0d178b1d1e 32051 initTmpRng = 1;
wolfSSL 16:8e0d178b1d1e 32052 }
wolfSSL 16:8e0d178b1d1e 32053 else {
wolfSSL 16:8e0d178b1d1e 32054 WOLFSSL_MSG("Bad RNG Init, trying global");
wolfSSL 16:8e0d178b1d1e 32055 if (initGlobalRNG == 0) {
wolfSSL 16:8e0d178b1d1e 32056 WOLFSSL_MSG("Global RNG no Init");
wolfSSL 16:8e0d178b1d1e 32057 }
wolfSSL 16:8e0d178b1d1e 32058 else {
wolfSSL 16:8e0d178b1d1e 32059 rng = &globalRNG;
wolfSSL 16:8e0d178b1d1e 32060 }
wolfSSL 16:8e0d178b1d1e 32061 }
wolfSSL 16:8e0d178b1d1e 32062 if (rng) {
wolfSSL 16:8e0d178b1d1e 32063 if (wc_ecc_sign_hash(digest, digestSz, sig, sigSz, rng, (ecc_key*)key->internal) != MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 32064 ret = WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 32065 }
wolfSSL 16:8e0d178b1d1e 32066 if (initTmpRng) {
wolfSSL 16:8e0d178b1d1e 32067 wc_FreeRng(tmpRNG);
wolfSSL 16:8e0d178b1d1e 32068 }
wolfSSL 16:8e0d178b1d1e 32069 } else {
wolfSSL 16:8e0d178b1d1e 32070 ret = WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 32071 }
wolfSSL 16:8e0d178b1d1e 32072
wolfSSL 16:8e0d178b1d1e 32073 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 16:8e0d178b1d1e 32074 if (tmpRNG)
wolfSSL 16:8e0d178b1d1e 32075 XFREE(tmpRNG, NULL, DYNAMIC_TYPE_RNG);
wolfSSL 16:8e0d178b1d1e 32076 #endif
wolfSSL 16:8e0d178b1d1e 32077
wolfSSL 16:8e0d178b1d1e 32078 (void)type;
wolfSSL 16:8e0d178b1d1e 32079 return ret;
wolfSSL 16:8e0d178b1d1e 32080 }
wolfSSL 16:8e0d178b1d1e 32081
wolfSSL 16:8e0d178b1d1e 32082 #ifndef HAVE_SELFTEST
wolfSSL 16:8e0d178b1d1e 32083 /* ECC point compression types were not included in selftest ecc.h */
wolfSSL 16:8e0d178b1d1e 32084
wolfSSL 16:8e0d178b1d1e 32085 char* wolfSSL_EC_POINT_point2hex(const WOLFSSL_EC_GROUP* group,
wolfSSL 16:8e0d178b1d1e 32086 const WOLFSSL_EC_POINT* point, int form,
wolfSSL 16:8e0d178b1d1e 32087 WOLFSSL_BN_CTX* ctx)
wolfSSL 16:8e0d178b1d1e 32088 {
wolfSSL 16:8e0d178b1d1e 32089 static const char* hexDigit = "0123456789ABCDEF";
wolfSSL 16:8e0d178b1d1e 32090 char* hex = NULL;
wolfSSL 16:8e0d178b1d1e 32091 int id;
wolfSSL 16:8e0d178b1d1e 32092 int i, sz, len;
wolfSSL 16:8e0d178b1d1e 32093
wolfSSL 16:8e0d178b1d1e 32094 (void)ctx;
wolfSSL 16:8e0d178b1d1e 32095
wolfSSL 16:8e0d178b1d1e 32096 if (group == NULL || point == NULL)
wolfSSL 16:8e0d178b1d1e 32097 return NULL;
wolfSSL 16:8e0d178b1d1e 32098
wolfSSL 16:8e0d178b1d1e 32099 id = wc_ecc_get_curve_id(group->curve_idx);
wolfSSL 16:8e0d178b1d1e 32100
wolfSSL 16:8e0d178b1d1e 32101 if ((sz = wc_ecc_get_curve_size_from_id(id)) < 0)
wolfSSL 16:8e0d178b1d1e 32102 return NULL;
wolfSSL 16:8e0d178b1d1e 32103
wolfSSL 16:8e0d178b1d1e 32104 len = sz + 1;
wolfSSL 16:8e0d178b1d1e 32105 if (form == POINT_CONVERSION_UNCOMPRESSED)
wolfSSL 16:8e0d178b1d1e 32106 len += sz;
wolfSSL 16:8e0d178b1d1e 32107
wolfSSL 16:8e0d178b1d1e 32108 hex = (char*)XMALLOC(2 * len + 1, NULL, DYNAMIC_TYPE_ECC);
wolfSSL 16:8e0d178b1d1e 32109 if (hex == NULL)
wolfSSL 16:8e0d178b1d1e 32110 return NULL;
wolfSSL 16:8e0d178b1d1e 32111 XMEMSET(hex, 0, 2 * len + 1);
wolfSSL 16:8e0d178b1d1e 32112
wolfSSL 16:8e0d178b1d1e 32113 /* Put in x-ordinate after format byte. */
wolfSSL 16:8e0d178b1d1e 32114 i = sz - mp_unsigned_bin_size((mp_int*)point->X->internal) + 1;
wolfSSL 16:8e0d178b1d1e 32115 if (mp_to_unsigned_bin((mp_int*)point->X->internal, (byte*)(hex + i)) < 0) {
wolfSSL 16:8e0d178b1d1e 32116 XFREE(hex, NULL, DYNAMIC_TYPE_ECC);
wolfSSL 16:8e0d178b1d1e 32117 return NULL;
wolfSSL 16:8e0d178b1d1e 32118 }
wolfSSL 16:8e0d178b1d1e 32119
wolfSSL 16:8e0d178b1d1e 32120 if (form == POINT_CONVERSION_COMPRESSED) {
wolfSSL 16:8e0d178b1d1e 32121 hex[0] = mp_isodd((mp_int*)point->Y->internal) ? ECC_POINT_COMP_ODD :
wolfSSL 16:8e0d178b1d1e 32122 ECC_POINT_COMP_EVEN;
wolfSSL 16:8e0d178b1d1e 32123 }
wolfSSL 16:8e0d178b1d1e 32124 else {
wolfSSL 16:8e0d178b1d1e 32125 hex[0] = ECC_POINT_UNCOMP;
wolfSSL 16:8e0d178b1d1e 32126 /* Put in y-ordinate after x-ordinate */
wolfSSL 16:8e0d178b1d1e 32127 i = 1 + 2 * sz - mp_unsigned_bin_size((mp_int*)point->Y->internal);
wolfSSL 16:8e0d178b1d1e 32128 if (mp_to_unsigned_bin((mp_int*)point->Y->internal,
wolfSSL 16:8e0d178b1d1e 32129 (byte*)(hex + i)) < 0) {
wolfSSL 16:8e0d178b1d1e 32130 XFREE(hex, NULL, DYNAMIC_TYPE_ECC);
wolfSSL 16:8e0d178b1d1e 32131 return NULL;
wolfSSL 16:8e0d178b1d1e 32132 }
wolfSSL 16:8e0d178b1d1e 32133 }
wolfSSL 16:8e0d178b1d1e 32134
wolfSSL 16:8e0d178b1d1e 32135 for (i = len-1; i >= 0; i--) {
wolfSSL 16:8e0d178b1d1e 32136 byte b = hex[i];
wolfSSL 16:8e0d178b1d1e 32137 hex[i * 2 + 1] = hexDigit[b & 0xf];
wolfSSL 16:8e0d178b1d1e 32138 hex[i * 2 ] = hexDigit[b >> 4];
wolfSSL 16:8e0d178b1d1e 32139 }
wolfSSL 16:8e0d178b1d1e 32140
wolfSSL 16:8e0d178b1d1e 32141 return hex;
wolfSSL 16:8e0d178b1d1e 32142 }
wolfSSL 16:8e0d178b1d1e 32143
wolfSSL 16:8e0d178b1d1e 32144 #endif /* HAVE_SELFTEST */
wolfSSL 16:8e0d178b1d1e 32145
wolfSSL 15:117db924cf7c 32146 void wolfSSL_EC_POINT_dump(const char *msg, const WOLFSSL_EC_POINT *p)
wolfSSL 15:117db924cf7c 32147 {
wolfSSL 15:117db924cf7c 32148 #if defined(DEBUG_WOLFSSL)
wolfSSL 15:117db924cf7c 32149 char *num;
wolfSSL 15:117db924cf7c 32150
wolfSSL 15:117db924cf7c 32151 WOLFSSL_ENTER("wolfSSL_EC_POINT_dump");
wolfSSL 15:117db924cf7c 32152
wolfSSL 16:8e0d178b1d1e 32153 if (!WOLFSSL_IS_DEBUG_ON() || wolfSSL_GetLoggingCb()) {
wolfSSL 16:8e0d178b1d1e 32154 return;
wolfSSL 16:8e0d178b1d1e 32155 }
wolfSSL 16:8e0d178b1d1e 32156
wolfSSL 15:117db924cf7c 32157 if (p == NULL) {
wolfSSL 15:117db924cf7c 32158 printf("%s = NULL", msg);
wolfSSL 15:117db924cf7c 32159 return;
wolfSSL 15:117db924cf7c 32160 }
wolfSSL 15:117db924cf7c 32161
wolfSSL 15:117db924cf7c 32162 printf("%s:\n\tinSet=%d, exSet=%d\n", msg, p->inSet, p->exSet);
wolfSSL 15:117db924cf7c 32163 num = wolfSSL_BN_bn2hex(p->X);
wolfSSL 15:117db924cf7c 32164 printf("\tX = %s\n", num);
wolfSSL 15:117db924cf7c 32165 XFREE(num, NULL, DYNAMIC_TYPE_ECC);
wolfSSL 15:117db924cf7c 32166 num = wolfSSL_BN_bn2hex(p->Y);
wolfSSL 15:117db924cf7c 32167 printf("\tY = %s\n", num);
wolfSSL 15:117db924cf7c 32168 XFREE(num, NULL, DYNAMIC_TYPE_ECC);
wolfSSL 15:117db924cf7c 32169 num = wolfSSL_BN_bn2hex(p->Z);
wolfSSL 15:117db924cf7c 32170 printf("\tZ = %s\n", num);
wolfSSL 15:117db924cf7c 32171 XFREE(num, NULL, DYNAMIC_TYPE_ECC);
wolfSSL 15:117db924cf7c 32172 #else
wolfSSL 15:117db924cf7c 32173 (void)msg;
wolfSSL 15:117db924cf7c 32174 (void)p;
wolfSSL 15:117db924cf7c 32175 #endif
wolfSSL 15:117db924cf7c 32176 }
wolfSSL 15:117db924cf7c 32177
wolfSSL 15:117db924cf7c 32178 /* Start EC_GROUP */
wolfSSL 15:117db924cf7c 32179
wolfSSL 15:117db924cf7c 32180 /* return code compliant with OpenSSL :
wolfSSL 15:117db924cf7c 32181 * 0 if equal, 1 if not and -1 in case of error
wolfSSL 15:117db924cf7c 32182 */
wolfSSL 15:117db924cf7c 32183 int wolfSSL_EC_GROUP_cmp(const WOLFSSL_EC_GROUP *a, const WOLFSSL_EC_GROUP *b,
wolfSSL 15:117db924cf7c 32184 WOLFSSL_BN_CTX *ctx)
wolfSSL 15:117db924cf7c 32185 {
wolfSSL 15:117db924cf7c 32186 (void)ctx;
wolfSSL 15:117db924cf7c 32187
wolfSSL 15:117db924cf7c 32188 WOLFSSL_ENTER("wolfSSL_EC_GROUP_cmp");
wolfSSL 15:117db924cf7c 32189
wolfSSL 15:117db924cf7c 32190 if (a == NULL || b == NULL) {
wolfSSL 15:117db924cf7c 32191 WOLFSSL_MSG("wolfSSL_EC_GROUP_cmp Bad arguments");
wolfSSL 15:117db924cf7c 32192 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 32193 }
wolfSSL 15:117db924cf7c 32194
wolfSSL 15:117db924cf7c 32195 /* ok */
wolfSSL 15:117db924cf7c 32196 if ((a->curve_idx == b->curve_idx) && (a->curve_nid == b->curve_nid))
wolfSSL 15:117db924cf7c 32197 return 0;
wolfSSL 15:117db924cf7c 32198
wolfSSL 15:117db924cf7c 32199 /* ko */
wolfSSL 15:117db924cf7c 32200 return 1;
wolfSSL 15:117db924cf7c 32201 }
wolfSSL 15:117db924cf7c 32202
wolfSSL 15:117db924cf7c 32203 #endif /* HAVE_ECC */
wolfSSL 15:117db924cf7c 32204 #endif /* OPENSSL_EXTRA */
wolfSSL 15:117db924cf7c 32205
wolfSSL 15:117db924cf7c 32206 #if defined(HAVE_ECC) && (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
wolfSSL 16:8e0d178b1d1e 32207 const WOLFSSL_EC_METHOD* wolfSSL_EC_GROUP_method_of(
wolfSSL 16:8e0d178b1d1e 32208 const WOLFSSL_EC_GROUP *group)
wolfSSL 16:8e0d178b1d1e 32209 {
wolfSSL 16:8e0d178b1d1e 32210 return group;
wolfSSL 16:8e0d178b1d1e 32211 }
wolfSSL 16:8e0d178b1d1e 32212
wolfSSL 16:8e0d178b1d1e 32213 int wolfSSL_EC_METHOD_get_field_type(const WOLFSSL_EC_METHOD *meth)
wolfSSL 16:8e0d178b1d1e 32214 {
wolfSSL 16:8e0d178b1d1e 32215 if (meth) {
wolfSSL 16:8e0d178b1d1e 32216 return NID_X9_62_prime_field;
wolfSSL 16:8e0d178b1d1e 32217 }
wolfSSL 16:8e0d178b1d1e 32218 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 32219 }
wolfSSL 16:8e0d178b1d1e 32220
wolfSSL 15:117db924cf7c 32221 void wolfSSL_EC_GROUP_free(WOLFSSL_EC_GROUP *group)
wolfSSL 15:117db924cf7c 32222 {
wolfSSL 15:117db924cf7c 32223 WOLFSSL_ENTER("wolfSSL_EC_GROUP_free");
wolfSSL 15:117db924cf7c 32224
wolfSSL 15:117db924cf7c 32225 XFREE(group, NULL, DYNAMIC_TYPE_ECC);
wolfSSL 16:8e0d178b1d1e 32226 /* group = NULL, don't try to access or double free it */
wolfSSL 15:117db924cf7c 32227 }
wolfSSL 15:117db924cf7c 32228 #endif
wolfSSL 15:117db924cf7c 32229
wolfSSL 15:117db924cf7c 32230 #ifdef OPENSSL_EXTRA
wolfSSL 15:117db924cf7c 32231 #ifdef HAVE_ECC
wolfSSL 15:117db924cf7c 32232 #ifndef NO_WOLFSSL_STUB
wolfSSL 15:117db924cf7c 32233 void wolfSSL_EC_GROUP_set_asn1_flag(WOLFSSL_EC_GROUP *group, int flag)
wolfSSL 15:117db924cf7c 32234 {
wolfSSL 15:117db924cf7c 32235 (void)group;
wolfSSL 15:117db924cf7c 32236 (void)flag;
wolfSSL 15:117db924cf7c 32237
wolfSSL 15:117db924cf7c 32238 WOLFSSL_ENTER("wolfSSL_EC_GROUP_set_asn1_flag");
wolfSSL 15:117db924cf7c 32239 WOLFSSL_STUB("EC_GROUP_set_asn1_flag");
wolfSSL 15:117db924cf7c 32240 }
wolfSSL 15:117db924cf7c 32241 #endif
wolfSSL 15:117db924cf7c 32242
wolfSSL 15:117db924cf7c 32243 WOLFSSL_EC_GROUP *wolfSSL_EC_GROUP_new_by_curve_name(int nid)
wolfSSL 15:117db924cf7c 32244 {
wolfSSL 15:117db924cf7c 32245 WOLFSSL_EC_GROUP *g;
wolfSSL 15:117db924cf7c 32246 int x;
wolfSSL 16:8e0d178b1d1e 32247 int eccEnum;
wolfSSL 15:117db924cf7c 32248
wolfSSL 15:117db924cf7c 32249 WOLFSSL_ENTER("wolfSSL_EC_GROUP_new_by_curve_name");
wolfSSL 15:117db924cf7c 32250
wolfSSL 16:8e0d178b1d1e 32251 /* If NID passed in is OpenSSL type, convert it to ecc_curve_id enum */
wolfSSL 16:8e0d178b1d1e 32252 eccEnum = NIDToEccEnum(nid);
wolfSSL 16:8e0d178b1d1e 32253 if (eccEnum == -1)
wolfSSL 16:8e0d178b1d1e 32254 eccEnum = nid;
wolfSSL 16:8e0d178b1d1e 32255
wolfSSL 16:8e0d178b1d1e 32256
wolfSSL 15:117db924cf7c 32257 /* curve group */
wolfSSL 15:117db924cf7c 32258 g = (WOLFSSL_EC_GROUP*) XMALLOC(sizeof(WOLFSSL_EC_GROUP), NULL,
wolfSSL 15:117db924cf7c 32259 DYNAMIC_TYPE_ECC);
wolfSSL 15:117db924cf7c 32260 if (g == NULL) {
wolfSSL 15:117db924cf7c 32261 WOLFSSL_MSG("wolfSSL_EC_GROUP_new_by_curve_name malloc failure");
wolfSSL 15:117db924cf7c 32262 return NULL;
wolfSSL 15:117db924cf7c 32263 }
wolfSSL 15:117db924cf7c 32264 XMEMSET(g, 0, sizeof(WOLFSSL_EC_GROUP));
wolfSSL 15:117db924cf7c 32265
wolfSSL 15:117db924cf7c 32266 /* set the nid of the curve */
wolfSSL 16:8e0d178b1d1e 32267 g->curve_nid = eccEnum;
wolfSSL 16:8e0d178b1d1e 32268
wolfSSL 16:8e0d178b1d1e 32269 if (eccEnum > ECC_CURVE_DEF) {
wolfSSL 16:8e0d178b1d1e 32270 /* search and set the corresponding internal curve idx */
wolfSSL 16:8e0d178b1d1e 32271 for (x = 0; ecc_sets[x].size != 0; x++)
wolfSSL 16:8e0d178b1d1e 32272 if (ecc_sets[x].id == g->curve_nid) {
wolfSSL 16:8e0d178b1d1e 32273 g->curve_idx = x;
wolfSSL 16:8e0d178b1d1e 32274 g->curve_oid = ecc_sets[x].oidSum;
wolfSSL 16:8e0d178b1d1e 32275 break;
wolfSSL 16:8e0d178b1d1e 32276 }
wolfSSL 16:8e0d178b1d1e 32277 }
wolfSSL 15:117db924cf7c 32278
wolfSSL 15:117db924cf7c 32279 return g;
wolfSSL 15:117db924cf7c 32280 }
wolfSSL 15:117db924cf7c 32281
wolfSSL 15:117db924cf7c 32282 /* return code compliant with OpenSSL :
wolfSSL 15:117db924cf7c 32283 * the curve nid if success, 0 if error
wolfSSL 15:117db924cf7c 32284 */
wolfSSL 15:117db924cf7c 32285 int wolfSSL_EC_GROUP_get_curve_name(const WOLFSSL_EC_GROUP *group)
wolfSSL 15:117db924cf7c 32286 {
wolfSSL 16:8e0d178b1d1e 32287 int nid;
wolfSSL 15:117db924cf7c 32288 WOLFSSL_ENTER("wolfSSL_EC_GROUP_get_curve_name");
wolfSSL 15:117db924cf7c 32289
wolfSSL 15:117db924cf7c 32290 if (group == NULL) {
wolfSSL 15:117db924cf7c 32291 WOLFSSL_MSG("wolfSSL_EC_GROUP_get_curve_name Bad arguments");
wolfSSL 15:117db924cf7c 32292 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 32293 }
wolfSSL 15:117db924cf7c 32294
wolfSSL 16:8e0d178b1d1e 32295 /* If curve_nid is ECC Enum type, return corresponding OpenSSL nid */
wolfSSL 16:8e0d178b1d1e 32296 if ((nid = EccEnumToNID(group->curve_nid)) != -1)
wolfSSL 16:8e0d178b1d1e 32297 return nid;
wolfSSL 16:8e0d178b1d1e 32298
wolfSSL 15:117db924cf7c 32299 return group->curve_nid;
wolfSSL 15:117db924cf7c 32300 }
wolfSSL 15:117db924cf7c 32301
wolfSSL 15:117db924cf7c 32302 /* return code compliant with OpenSSL :
wolfSSL 15:117db924cf7c 32303 * the degree of the curve if success, 0 if error
wolfSSL 15:117db924cf7c 32304 */
wolfSSL 15:117db924cf7c 32305 int wolfSSL_EC_GROUP_get_degree(const WOLFSSL_EC_GROUP *group)
wolfSSL 15:117db924cf7c 32306 {
wolfSSL 16:8e0d178b1d1e 32307 int nid;
wolfSSL 16:8e0d178b1d1e 32308 int tmp;
wolfSSL 16:8e0d178b1d1e 32309
wolfSSL 15:117db924cf7c 32310 WOLFSSL_ENTER("wolfSSL_EC_GROUP_get_degree");
wolfSSL 15:117db924cf7c 32311
wolfSSL 15:117db924cf7c 32312 if (group == NULL || group->curve_idx < 0) {
wolfSSL 15:117db924cf7c 32313 WOLFSSL_MSG("wolfSSL_EC_GROUP_get_degree Bad arguments");
wolfSSL 15:117db924cf7c 32314 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 32315 }
wolfSSL 15:117db924cf7c 32316
wolfSSL 16:8e0d178b1d1e 32317 /* If curve_nid passed in is an ecc_curve_id enum, convert it to the
wolfSSL 16:8e0d178b1d1e 32318 corresponding OpenSSL NID */
wolfSSL 16:8e0d178b1d1e 32319 tmp = EccEnumToNID(group->curve_nid);
wolfSSL 16:8e0d178b1d1e 32320 if (tmp != -1){
wolfSSL 16:8e0d178b1d1e 32321 nid = tmp;
wolfSSL 16:8e0d178b1d1e 32322 }
wolfSSL 16:8e0d178b1d1e 32323 else{
wolfSSL 16:8e0d178b1d1e 32324 nid = group->curve_nid;
wolfSSL 16:8e0d178b1d1e 32325 }
wolfSSL 16:8e0d178b1d1e 32326
wolfSSL 16:8e0d178b1d1e 32327 switch(nid) {
wolfSSL 15:117db924cf7c 32328 case NID_secp112r1:
wolfSSL 15:117db924cf7c 32329 case NID_secp112r2:
wolfSSL 15:117db924cf7c 32330 return 112;
wolfSSL 15:117db924cf7c 32331 case NID_secp128r1:
wolfSSL 15:117db924cf7c 32332 case NID_secp128r2:
wolfSSL 15:117db924cf7c 32333 return 128;
wolfSSL 15:117db924cf7c 32334 case NID_secp160k1:
wolfSSL 15:117db924cf7c 32335 case NID_secp160r1:
wolfSSL 15:117db924cf7c 32336 case NID_secp160r2:
wolfSSL 15:117db924cf7c 32337 case NID_brainpoolP160r1:
wolfSSL 15:117db924cf7c 32338 return 160;
wolfSSL 15:117db924cf7c 32339 case NID_secp192k1:
wolfSSL 15:117db924cf7c 32340 case NID_brainpoolP192r1:
wolfSSL 15:117db924cf7c 32341 case NID_X9_62_prime192v1:
wolfSSL 15:117db924cf7c 32342 return 192;
wolfSSL 15:117db924cf7c 32343 case NID_secp224k1:
wolfSSL 15:117db924cf7c 32344 case NID_secp224r1:
wolfSSL 15:117db924cf7c 32345 case NID_brainpoolP224r1:
wolfSSL 15:117db924cf7c 32346 return 224;
wolfSSL 15:117db924cf7c 32347 case NID_secp256k1:
wolfSSL 15:117db924cf7c 32348 case NID_brainpoolP256r1:
wolfSSL 15:117db924cf7c 32349 case NID_X9_62_prime256v1:
wolfSSL 15:117db924cf7c 32350 return 256;
wolfSSL 15:117db924cf7c 32351 case NID_brainpoolP320r1:
wolfSSL 15:117db924cf7c 32352 return 320;
wolfSSL 15:117db924cf7c 32353 case NID_secp384r1:
wolfSSL 15:117db924cf7c 32354 case NID_brainpoolP384r1:
wolfSSL 15:117db924cf7c 32355 return 384;
wolfSSL 15:117db924cf7c 32356 case NID_secp521r1:
wolfSSL 16:8e0d178b1d1e 32357 return 521;
wolfSSL 15:117db924cf7c 32358 case NID_brainpoolP512r1:
wolfSSL 16:8e0d178b1d1e 32359 return 512;
wolfSSL 15:117db924cf7c 32360 default:
wolfSSL 15:117db924cf7c 32361 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 32362 }
wolfSSL 15:117db924cf7c 32363 }
wolfSSL 15:117db924cf7c 32364
wolfSSL 16:8e0d178b1d1e 32365 /* Converts OpenSSL NID value of ECC curves to the associated enum values in
wolfSSL 16:8e0d178b1d1e 32366 ecc_curve_id, used by ecc_sets[].*/
wolfSSL 16:8e0d178b1d1e 32367 int NIDToEccEnum(int n)
wolfSSL 16:8e0d178b1d1e 32368 {
wolfSSL 16:8e0d178b1d1e 32369 WOLFSSL_ENTER("NIDToEccEnum()");
wolfSSL 16:8e0d178b1d1e 32370
wolfSSL 16:8e0d178b1d1e 32371 switch(n) {
wolfSSL 16:8e0d178b1d1e 32372 case NID_X9_62_prime192v1:
wolfSSL 16:8e0d178b1d1e 32373 return ECC_SECP192R1;
wolfSSL 16:8e0d178b1d1e 32374 case NID_X9_62_prime192v2:
wolfSSL 16:8e0d178b1d1e 32375 return ECC_PRIME192V2;
wolfSSL 16:8e0d178b1d1e 32376 case NID_X9_62_prime192v3:
wolfSSL 16:8e0d178b1d1e 32377 return ECC_PRIME192V3;
wolfSSL 16:8e0d178b1d1e 32378 case NID_X9_62_prime239v1:
wolfSSL 16:8e0d178b1d1e 32379 return ECC_PRIME239V1;
wolfSSL 16:8e0d178b1d1e 32380 case NID_X9_62_prime239v2:
wolfSSL 16:8e0d178b1d1e 32381 return ECC_PRIME239V2;
wolfSSL 16:8e0d178b1d1e 32382 case NID_X9_62_prime239v3:
wolfSSL 16:8e0d178b1d1e 32383 return ECC_PRIME239V3;
wolfSSL 16:8e0d178b1d1e 32384 case NID_X9_62_prime256v1:
wolfSSL 16:8e0d178b1d1e 32385 return ECC_SECP256R1;
wolfSSL 16:8e0d178b1d1e 32386 case NID_secp112r1:
wolfSSL 16:8e0d178b1d1e 32387 return ECC_SECP112R1;
wolfSSL 16:8e0d178b1d1e 32388 case NID_secp112r2:
wolfSSL 16:8e0d178b1d1e 32389 return ECC_SECP112R2;
wolfSSL 16:8e0d178b1d1e 32390 case NID_secp128r1:
wolfSSL 16:8e0d178b1d1e 32391 return ECC_SECP128R1;
wolfSSL 16:8e0d178b1d1e 32392 case NID_secp128r2:
wolfSSL 16:8e0d178b1d1e 32393 return ECC_SECP128R2;
wolfSSL 16:8e0d178b1d1e 32394 case NID_secp160r1:
wolfSSL 16:8e0d178b1d1e 32395 return ECC_SECP160R1;
wolfSSL 16:8e0d178b1d1e 32396 case NID_secp160r2:
wolfSSL 16:8e0d178b1d1e 32397 return ECC_SECP160R2;
wolfSSL 16:8e0d178b1d1e 32398 case NID_secp224r1:
wolfSSL 16:8e0d178b1d1e 32399 return ECC_SECP224R1;
wolfSSL 16:8e0d178b1d1e 32400 case NID_secp384r1:
wolfSSL 16:8e0d178b1d1e 32401 return ECC_SECP384R1;
wolfSSL 16:8e0d178b1d1e 32402 case NID_secp521r1:
wolfSSL 16:8e0d178b1d1e 32403 return ECC_SECP521R1;
wolfSSL 16:8e0d178b1d1e 32404 case NID_secp160k1:
wolfSSL 16:8e0d178b1d1e 32405 return ECC_SECP160K1;
wolfSSL 16:8e0d178b1d1e 32406 case NID_secp192k1:
wolfSSL 16:8e0d178b1d1e 32407 return ECC_SECP192K1;
wolfSSL 16:8e0d178b1d1e 32408 case NID_secp224k1:
wolfSSL 16:8e0d178b1d1e 32409 return ECC_SECP224K1;
wolfSSL 16:8e0d178b1d1e 32410 case NID_secp256k1:
wolfSSL 16:8e0d178b1d1e 32411 return ECC_SECP256K1;
wolfSSL 16:8e0d178b1d1e 32412 case NID_brainpoolP160r1:
wolfSSL 16:8e0d178b1d1e 32413 return ECC_BRAINPOOLP160R1;
wolfSSL 16:8e0d178b1d1e 32414 case NID_brainpoolP192r1:
wolfSSL 16:8e0d178b1d1e 32415 return ECC_BRAINPOOLP192R1;
wolfSSL 16:8e0d178b1d1e 32416 case NID_brainpoolP224r1:
wolfSSL 16:8e0d178b1d1e 32417 return ECC_BRAINPOOLP224R1;
wolfSSL 16:8e0d178b1d1e 32418 case NID_brainpoolP256r1:
wolfSSL 16:8e0d178b1d1e 32419 return ECC_BRAINPOOLP256R1;
wolfSSL 16:8e0d178b1d1e 32420 case NID_brainpoolP320r1:
wolfSSL 16:8e0d178b1d1e 32421 return ECC_BRAINPOOLP320R1;
wolfSSL 16:8e0d178b1d1e 32422 case NID_brainpoolP384r1:
wolfSSL 16:8e0d178b1d1e 32423 return ECC_BRAINPOOLP384R1;
wolfSSL 16:8e0d178b1d1e 32424 case NID_brainpoolP512r1:
wolfSSL 16:8e0d178b1d1e 32425 return ECC_BRAINPOOLP512R1;
wolfSSL 16:8e0d178b1d1e 32426 default:
wolfSSL 16:8e0d178b1d1e 32427 WOLFSSL_MSG("NID not found");
wolfSSL 16:8e0d178b1d1e 32428 return -1;
wolfSSL 16:8e0d178b1d1e 32429 }
wolfSSL 16:8e0d178b1d1e 32430 }
wolfSSL 16:8e0d178b1d1e 32431
wolfSSL 15:117db924cf7c 32432 /* return code compliant with OpenSSL :
wolfSSL 15:117db924cf7c 32433 * 1 if success, 0 if error
wolfSSL 15:117db924cf7c 32434 */
wolfSSL 15:117db924cf7c 32435 int wolfSSL_EC_GROUP_get_order(const WOLFSSL_EC_GROUP *group,
wolfSSL 15:117db924cf7c 32436 WOLFSSL_BIGNUM *order, WOLFSSL_BN_CTX *ctx)
wolfSSL 15:117db924cf7c 32437 {
wolfSSL 15:117db924cf7c 32438 (void)ctx;
wolfSSL 15:117db924cf7c 32439
wolfSSL 15:117db924cf7c 32440 if (group == NULL || order == NULL || order->internal == NULL) {
wolfSSL 15:117db924cf7c 32441 WOLFSSL_MSG("wolfSSL_EC_GROUP_get_order NULL error");
wolfSSL 15:117db924cf7c 32442 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 32443 }
wolfSSL 15:117db924cf7c 32444
wolfSSL 15:117db924cf7c 32445 if (mp_init((mp_int*)order->internal) != MP_OKAY) {
wolfSSL 15:117db924cf7c 32446 WOLFSSL_MSG("wolfSSL_EC_GROUP_get_order mp_init failure");
wolfSSL 15:117db924cf7c 32447 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 32448 }
wolfSSL 15:117db924cf7c 32449
wolfSSL 15:117db924cf7c 32450 if (mp_read_radix((mp_int*)order->internal,
wolfSSL 15:117db924cf7c 32451 ecc_sets[group->curve_idx].order, MP_RADIX_HEX) != MP_OKAY) {
wolfSSL 15:117db924cf7c 32452 WOLFSSL_MSG("wolfSSL_EC_GROUP_get_order mp_read order failure");
wolfSSL 15:117db924cf7c 32453 mp_clear((mp_int*)order->internal);
wolfSSL 15:117db924cf7c 32454 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 32455 }
wolfSSL 15:117db924cf7c 32456
wolfSSL 15:117db924cf7c 32457 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 32458 }
wolfSSL 16:8e0d178b1d1e 32459
wolfSSL 16:8e0d178b1d1e 32460 int wolfSSL_EC_GROUP_order_bits(const WOLFSSL_EC_GROUP *group)
wolfSSL 16:8e0d178b1d1e 32461 {
wolfSSL 16:8e0d178b1d1e 32462 int ret;
wolfSSL 16:8e0d178b1d1e 32463 mp_int order;
wolfSSL 16:8e0d178b1d1e 32464
wolfSSL 16:8e0d178b1d1e 32465 if (group == NULL || group->curve_idx < 0) {
wolfSSL 16:8e0d178b1d1e 32466 WOLFSSL_MSG("wolfSSL_EC_GROUP_order_bits NULL error");
wolfSSL 16:8e0d178b1d1e 32467 return 0;
wolfSSL 16:8e0d178b1d1e 32468 }
wolfSSL 16:8e0d178b1d1e 32469
wolfSSL 16:8e0d178b1d1e 32470 ret = mp_init(&order);
wolfSSL 16:8e0d178b1d1e 32471 if (ret == 0) {
wolfSSL 16:8e0d178b1d1e 32472 ret = mp_read_radix(&order, ecc_sets[group->curve_idx].order,
wolfSSL 16:8e0d178b1d1e 32473 MP_RADIX_HEX);
wolfSSL 16:8e0d178b1d1e 32474 if (ret == 0)
wolfSSL 16:8e0d178b1d1e 32475 ret = mp_count_bits(&order);
wolfSSL 16:8e0d178b1d1e 32476 mp_clear(&order);
wolfSSL 16:8e0d178b1d1e 32477 }
wolfSSL 16:8e0d178b1d1e 32478
wolfSSL 16:8e0d178b1d1e 32479 return ret;
wolfSSL 16:8e0d178b1d1e 32480 }
wolfSSL 16:8e0d178b1d1e 32481
wolfSSL 15:117db924cf7c 32482 /* End EC_GROUP */
wolfSSL 15:117db924cf7c 32483
wolfSSL 15:117db924cf7c 32484 /* Start EC_POINT */
wolfSSL 15:117db924cf7c 32485
wolfSSL 15:117db924cf7c 32486 /* return code compliant with OpenSSL :
wolfSSL 15:117db924cf7c 32487 * 1 if success, 0 if error
wolfSSL 15:117db924cf7c 32488 */
wolfSSL 15:117db924cf7c 32489 int wolfSSL_ECPoint_i2d(const WOLFSSL_EC_GROUP *group,
wolfSSL 15:117db924cf7c 32490 const WOLFSSL_EC_POINT *p,
wolfSSL 15:117db924cf7c 32491 unsigned char *out, unsigned int *len)
wolfSSL 15:117db924cf7c 32492 {
wolfSSL 15:117db924cf7c 32493 int err;
wolfSSL 15:117db924cf7c 32494
wolfSSL 15:117db924cf7c 32495 WOLFSSL_ENTER("wolfSSL_ECPoint_i2d");
wolfSSL 15:117db924cf7c 32496
wolfSSL 15:117db924cf7c 32497 if (group == NULL || p == NULL || len == NULL) {
wolfSSL 15:117db924cf7c 32498 WOLFSSL_MSG("wolfSSL_ECPoint_i2d NULL error");
wolfSSL 15:117db924cf7c 32499 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 32500 }
wolfSSL 15:117db924cf7c 32501
wolfSSL 16:8e0d178b1d1e 32502 if (setupPoint(p) != WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 32503 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 32504 }
wolfSSL 15:117db924cf7c 32505
wolfSSL 15:117db924cf7c 32506 if (out != NULL) {
wolfSSL 15:117db924cf7c 32507 wolfSSL_EC_POINT_dump("i2d p", p);
wolfSSL 15:117db924cf7c 32508 }
wolfSSL 15:117db924cf7c 32509
wolfSSL 15:117db924cf7c 32510 err = wc_ecc_export_point_der(group->curve_idx, (ecc_point*)p->internal,
wolfSSL 15:117db924cf7c 32511 out, len);
wolfSSL 15:117db924cf7c 32512 if (err != MP_OKAY && !(out == NULL && err == LENGTH_ONLY_E)) {
wolfSSL 15:117db924cf7c 32513 WOLFSSL_MSG("wolfSSL_ECPoint_i2d wc_ecc_export_point_der failed");
wolfSSL 15:117db924cf7c 32514 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 32515 }
wolfSSL 15:117db924cf7c 32516
wolfSSL 15:117db924cf7c 32517 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 32518 }
wolfSSL 15:117db924cf7c 32519
wolfSSL 15:117db924cf7c 32520 /* return code compliant with OpenSSL :
wolfSSL 15:117db924cf7c 32521 * 1 if success, 0 if error
wolfSSL 15:117db924cf7c 32522 */
wolfSSL 15:117db924cf7c 32523 int wolfSSL_ECPoint_d2i(unsigned char *in, unsigned int len,
wolfSSL 15:117db924cf7c 32524 const WOLFSSL_EC_GROUP *group, WOLFSSL_EC_POINT *p)
wolfSSL 15:117db924cf7c 32525 {
wolfSSL 15:117db924cf7c 32526 WOLFSSL_ENTER("wolfSSL_ECPoint_d2i");
wolfSSL 15:117db924cf7c 32527
wolfSSL 15:117db924cf7c 32528 if (group == NULL || p == NULL || p->internal == NULL || in == NULL) {
wolfSSL 15:117db924cf7c 32529 WOLFSSL_MSG("wolfSSL_ECPoint_d2i NULL error");
wolfSSL 15:117db924cf7c 32530 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 32531 }
wolfSSL 15:117db924cf7c 32532
wolfSSL 16:8e0d178b1d1e 32533 #ifndef HAVE_SELFTEST
wolfSSL 16:8e0d178b1d1e 32534 if (wc_ecc_import_point_der_ex(in, len, group->curve_idx,
wolfSSL 16:8e0d178b1d1e 32535 (ecc_point*)p->internal, 0) != MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 32536 WOLFSSL_MSG("wc_ecc_import_point_der_ex failed");
wolfSSL 16:8e0d178b1d1e 32537 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 32538 }
wolfSSL 16:8e0d178b1d1e 32539 #else
wolfSSL 16:8e0d178b1d1e 32540 /* ECC_POINT_UNCOMP is not defined CAVP self test so use magic number */
wolfSSL 16:8e0d178b1d1e 32541 if (in[0] == 0x04) {
wolfSSL 16:8e0d178b1d1e 32542 if (wc_ecc_import_point_der(in, len, group->curve_idx,
wolfSSL 16:8e0d178b1d1e 32543 (ecc_point*)p->internal) != MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 32544 WOLFSSL_MSG("wc_ecc_import_point_der failed");
wolfSSL 16:8e0d178b1d1e 32545 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 32546 }
wolfSSL 16:8e0d178b1d1e 32547 }
wolfSSL 16:8e0d178b1d1e 32548 else {
wolfSSL 16:8e0d178b1d1e 32549 WOLFSSL_MSG("Only uncompressed points supported with HAVE_SELFTEST");
wolfSSL 16:8e0d178b1d1e 32550 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 32551 }
wolfSSL 16:8e0d178b1d1e 32552 #endif
wolfSSL 16:8e0d178b1d1e 32553
wolfSSL 16:8e0d178b1d1e 32554 /* Set new external point */
wolfSSL 16:8e0d178b1d1e 32555 if (SetECPointExternal(p) != WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 32556 WOLFSSL_MSG("SetECPointExternal failed");
wolfSSL 16:8e0d178b1d1e 32557 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 32558 }
wolfSSL 15:117db924cf7c 32559
wolfSSL 15:117db924cf7c 32560 wolfSSL_EC_POINT_dump("d2i p", p);
wolfSSL 15:117db924cf7c 32561
wolfSSL 15:117db924cf7c 32562 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 32563 }
wolfSSL 15:117db924cf7c 32564
wolfSSL 16:8e0d178b1d1e 32565 size_t wolfSSL_EC_POINT_point2oct(const WOLFSSL_EC_GROUP *group,
wolfSSL 16:8e0d178b1d1e 32566 const WOLFSSL_EC_POINT *p,
wolfSSL 16:8e0d178b1d1e 32567 char form,
wolfSSL 16:8e0d178b1d1e 32568 byte *buf, size_t len, WOLFSSL_BN_CTX *ctx)
wolfSSL 16:8e0d178b1d1e 32569 {
wolfSSL 16:8e0d178b1d1e 32570 word32 min_len = (word32)len;
wolfSSL 16:8e0d178b1d1e 32571 #ifndef HAVE_SELFTEST
wolfSSL 16:8e0d178b1d1e 32572 int compressed = form == POINT_CONVERSION_COMPRESSED ? 1 : 0;
wolfSSL 16:8e0d178b1d1e 32573 #endif /* !HAVE_SELFTEST */
wolfSSL 16:8e0d178b1d1e 32574
wolfSSL 16:8e0d178b1d1e 32575 WOLFSSL_ENTER("EC_POINT_point2oct");
wolfSSL 16:8e0d178b1d1e 32576
wolfSSL 16:8e0d178b1d1e 32577 if (!group || !p) {
wolfSSL 16:8e0d178b1d1e 32578 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 32579 }
wolfSSL 16:8e0d178b1d1e 32580
wolfSSL 16:8e0d178b1d1e 32581 if (setupPoint(p) != WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 32582 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 32583 }
wolfSSL 16:8e0d178b1d1e 32584
wolfSSL 16:8e0d178b1d1e 32585 if (wolfSSL_EC_POINT_is_at_infinity(group, p)) {
wolfSSL 16:8e0d178b1d1e 32586 /* encodes to a single 0 octet */
wolfSSL 16:8e0d178b1d1e 32587 if (buf != NULL) {
wolfSSL 16:8e0d178b1d1e 32588 if (len < 1) {
wolfSSL 16:8e0d178b1d1e 32589 ECerr(EC_F_EC_GFP_SIMPLE_POINT2OCT, EC_R_BUFFER_TOO_SMALL);
wolfSSL 16:8e0d178b1d1e 32590 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 32591 }
wolfSSL 16:8e0d178b1d1e 32592 buf[0] = 0;
wolfSSL 16:8e0d178b1d1e 32593 }
wolfSSL 16:8e0d178b1d1e 32594 return 1;
wolfSSL 16:8e0d178b1d1e 32595 }
wolfSSL 16:8e0d178b1d1e 32596
wolfSSL 16:8e0d178b1d1e 32597 if (form != POINT_CONVERSION_UNCOMPRESSED
wolfSSL 16:8e0d178b1d1e 32598 #ifndef HAVE_SELFTEST
wolfSSL 16:8e0d178b1d1e 32599 && form != POINT_CONVERSION_COMPRESSED
wolfSSL 16:8e0d178b1d1e 32600 #endif /* !HAVE_SELFTEST */
wolfSSL 16:8e0d178b1d1e 32601 ) {
wolfSSL 16:8e0d178b1d1e 32602 WOLFSSL_MSG("Unsupported curve form");
wolfSSL 16:8e0d178b1d1e 32603 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 32604 }
wolfSSL 16:8e0d178b1d1e 32605
wolfSSL 16:8e0d178b1d1e 32606 #ifndef HAVE_SELFTEST
wolfSSL 16:8e0d178b1d1e 32607 if (wc_ecc_export_point_der_ex(group->curve_idx, (ecc_point*)p->internal,
wolfSSL 16:8e0d178b1d1e 32608 buf, &min_len, compressed) != (buf ? MP_OKAY : LENGTH_ONLY_E)) {
wolfSSL 16:8e0d178b1d1e 32609 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 32610 }
wolfSSL 16:8e0d178b1d1e 32611 #else
wolfSSL 16:8e0d178b1d1e 32612 if (wc_ecc_export_point_der(group->curve_idx, (ecc_point*)p->internal,
wolfSSL 16:8e0d178b1d1e 32613 buf, &min_len) != (buf ? MP_OKAY : LENGTH_ONLY_E)) {
wolfSSL 16:8e0d178b1d1e 32614 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 32615 }
wolfSSL 16:8e0d178b1d1e 32616 #endif /* !HAVE_SELFTEST */
wolfSSL 16:8e0d178b1d1e 32617
wolfSSL 16:8e0d178b1d1e 32618 (void)ctx;
wolfSSL 16:8e0d178b1d1e 32619
wolfSSL 16:8e0d178b1d1e 32620 return (size_t)min_len;
wolfSSL 16:8e0d178b1d1e 32621 }
wolfSSL 16:8e0d178b1d1e 32622
wolfSSL 16:8e0d178b1d1e 32623 int wolfSSL_EC_POINT_oct2point(const WOLFSSL_EC_GROUP *group,
wolfSSL 16:8e0d178b1d1e 32624 WOLFSSL_EC_POINT *p, const unsigned char *buf,
wolfSSL 16:8e0d178b1d1e 32625 size_t len, WOLFSSL_BN_CTX *ctx)
wolfSSL 16:8e0d178b1d1e 32626 {
wolfSSL 16:8e0d178b1d1e 32627 WOLFSSL_ENTER("wolfSSL_EC_POINT_oct2point");
wolfSSL 16:8e0d178b1d1e 32628
wolfSSL 16:8e0d178b1d1e 32629 if (!group || !p) {
wolfSSL 16:8e0d178b1d1e 32630 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 32631 }
wolfSSL 16:8e0d178b1d1e 32632
wolfSSL 16:8e0d178b1d1e 32633 (void)ctx;
wolfSSL 16:8e0d178b1d1e 32634
wolfSSL 16:8e0d178b1d1e 32635 return wolfSSL_ECPoint_d2i((unsigned char*)buf, (unsigned int)len, group, p);
wolfSSL 16:8e0d178b1d1e 32636 }
wolfSSL 16:8e0d178b1d1e 32637
wolfSSL 16:8e0d178b1d1e 32638 int wolfSSL_i2o_ECPublicKey(const WOLFSSL_EC_KEY *in, unsigned char **out)
wolfSSL 16:8e0d178b1d1e 32639 {
wolfSSL 16:8e0d178b1d1e 32640 size_t len;
wolfSSL 16:8e0d178b1d1e 32641 unsigned char *tmp = NULL;
wolfSSL 16:8e0d178b1d1e 32642 char form;
wolfSSL 16:8e0d178b1d1e 32643 WOLFSSL_ENTER("wolfSSL_i2o_ECPublicKey");
wolfSSL 16:8e0d178b1d1e 32644
wolfSSL 16:8e0d178b1d1e 32645 if (!in) {
wolfSSL 16:8e0d178b1d1e 32646 WOLFSSL_MSG("wolfSSL_i2o_ECPublicKey Bad arguments");
wolfSSL 16:8e0d178b1d1e 32647 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 32648 }
wolfSSL 16:8e0d178b1d1e 32649
wolfSSL 16:8e0d178b1d1e 32650 /* Default to compressed form if not set */
wolfSSL 16:8e0d178b1d1e 32651 form = in->form == POINT_CONVERSION_UNCOMPRESSED ?
wolfSSL 16:8e0d178b1d1e 32652 POINT_CONVERSION_UNCOMPRESSED:
wolfSSL 16:8e0d178b1d1e 32653 POINT_CONVERSION_COMPRESSED;
wolfSSL 16:8e0d178b1d1e 32654
wolfSSL 16:8e0d178b1d1e 32655 len = wolfSSL_EC_POINT_point2oct(in->group, in->pub_key, form,
wolfSSL 16:8e0d178b1d1e 32656 NULL, 0, NULL);
wolfSSL 16:8e0d178b1d1e 32657
wolfSSL 16:8e0d178b1d1e 32658 if (len != WOLFSSL_FAILURE && out) {
wolfSSL 16:8e0d178b1d1e 32659 if (!*out) {
wolfSSL 16:8e0d178b1d1e 32660 if (!(tmp = (unsigned char*)XMALLOC(len, NULL,
wolfSSL 16:8e0d178b1d1e 32661 DYNAMIC_TYPE_OPENSSL))) {
wolfSSL 16:8e0d178b1d1e 32662 WOLFSSL_MSG("malloc failed");
wolfSSL 16:8e0d178b1d1e 32663 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 32664 }
wolfSSL 16:8e0d178b1d1e 32665 *out = tmp;
wolfSSL 16:8e0d178b1d1e 32666 }
wolfSSL 16:8e0d178b1d1e 32667
wolfSSL 16:8e0d178b1d1e 32668 if (wolfSSL_EC_POINT_point2oct(in->group, in->pub_key, form, *out,
wolfSSL 16:8e0d178b1d1e 32669 len, NULL) == WOLFSSL_FAILURE) {
wolfSSL 16:8e0d178b1d1e 32670 if (tmp) {
wolfSSL 16:8e0d178b1d1e 32671 XFREE(tmp, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL 16:8e0d178b1d1e 32672 *out = NULL;
wolfSSL 16:8e0d178b1d1e 32673 }
wolfSSL 16:8e0d178b1d1e 32674 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 32675 }
wolfSSL 16:8e0d178b1d1e 32676
wolfSSL 16:8e0d178b1d1e 32677 if (!tmp) {
wolfSSL 16:8e0d178b1d1e 32678 /* Move buffer forward if it was not alloced in this function */
wolfSSL 16:8e0d178b1d1e 32679 *out += len;
wolfSSL 16:8e0d178b1d1e 32680 }
wolfSSL 16:8e0d178b1d1e 32681 }
wolfSSL 16:8e0d178b1d1e 32682
wolfSSL 16:8e0d178b1d1e 32683 return (int)len;
wolfSSL 16:8e0d178b1d1e 32684 }
wolfSSL 16:8e0d178b1d1e 32685
wolfSSL 16:8e0d178b1d1e 32686 void wolfSSL_EC_KEY_set_conv_form(WOLFSSL_EC_KEY *eckey, char form)
wolfSSL 16:8e0d178b1d1e 32687 {
wolfSSL 16:8e0d178b1d1e 32688 if (eckey && (form == POINT_CONVERSION_COMPRESSED ||
wolfSSL 16:8e0d178b1d1e 32689 form == POINT_CONVERSION_UNCOMPRESSED)) {
wolfSSL 16:8e0d178b1d1e 32690 eckey->form = form;
wolfSSL 16:8e0d178b1d1e 32691 }
wolfSSL 16:8e0d178b1d1e 32692 }
wolfSSL 16:8e0d178b1d1e 32693
wolfSSL 16:8e0d178b1d1e 32694
wolfSSL 16:8e0d178b1d1e 32695 /* wolfSSL_EC_POINT_point2bn should return "in" if not null */
wolfSSL 16:8e0d178b1d1e 32696 WOLFSSL_BIGNUM *wolfSSL_EC_POINT_point2bn(const WOLFSSL_EC_GROUP *group,
wolfSSL 16:8e0d178b1d1e 32697 const WOLFSSL_EC_POINT *p,
wolfSSL 16:8e0d178b1d1e 32698 char form,
wolfSSL 16:8e0d178b1d1e 32699 WOLFSSL_BIGNUM *in, WOLFSSL_BN_CTX *ctx)
wolfSSL 16:8e0d178b1d1e 32700 {
wolfSSL 16:8e0d178b1d1e 32701 size_t len;
wolfSSL 16:8e0d178b1d1e 32702 byte *buf;
wolfSSL 16:8e0d178b1d1e 32703 WOLFSSL_BIGNUM *ret = NULL;
wolfSSL 16:8e0d178b1d1e 32704
wolfSSL 16:8e0d178b1d1e 32705 WOLFSSL_ENTER("wolfSSL_EC_POINT_oct2point");
wolfSSL 16:8e0d178b1d1e 32706
wolfSSL 16:8e0d178b1d1e 32707 if (!group || !p) {
wolfSSL 16:8e0d178b1d1e 32708 return NULL;
wolfSSL 16:8e0d178b1d1e 32709 }
wolfSSL 16:8e0d178b1d1e 32710
wolfSSL 16:8e0d178b1d1e 32711 if ((len = wolfSSL_EC_POINT_point2oct(group, p, form,
wolfSSL 16:8e0d178b1d1e 32712 NULL, 0, ctx)) == WOLFSSL_FAILURE) {
wolfSSL 16:8e0d178b1d1e 32713 return NULL;
wolfSSL 16:8e0d178b1d1e 32714 }
wolfSSL 16:8e0d178b1d1e 32715
wolfSSL 16:8e0d178b1d1e 32716 if (!(buf = (byte*)XMALLOC(len, NULL, DYNAMIC_TYPE_TMP_BUFFER))) {
wolfSSL 16:8e0d178b1d1e 32717 WOLFSSL_MSG("malloc failed");
wolfSSL 16:8e0d178b1d1e 32718 return NULL;
wolfSSL 16:8e0d178b1d1e 32719 }
wolfSSL 16:8e0d178b1d1e 32720
wolfSSL 16:8e0d178b1d1e 32721 if (wolfSSL_EC_POINT_point2oct(group, p, form,
wolfSSL 16:8e0d178b1d1e 32722 buf, len, ctx) == len) {
wolfSSL 16:8e0d178b1d1e 32723 ret = wolfSSL_BN_bin2bn(buf, (int)len, in);
wolfSSL 16:8e0d178b1d1e 32724 }
wolfSSL 16:8e0d178b1d1e 32725
wolfSSL 16:8e0d178b1d1e 32726 XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 32727
wolfSSL 16:8e0d178b1d1e 32728 return ret;
wolfSSL 16:8e0d178b1d1e 32729 }
wolfSSL 16:8e0d178b1d1e 32730
wolfSSL 15:117db924cf7c 32731 WOLFSSL_EC_POINT *wolfSSL_EC_POINT_new(const WOLFSSL_EC_GROUP *group)
wolfSSL 15:117db924cf7c 32732 {
wolfSSL 15:117db924cf7c 32733 WOLFSSL_EC_POINT *p;
wolfSSL 15:117db924cf7c 32734
wolfSSL 15:117db924cf7c 32735 WOLFSSL_ENTER("wolfSSL_EC_POINT_new");
wolfSSL 15:117db924cf7c 32736
wolfSSL 15:117db924cf7c 32737 if (group == NULL) {
wolfSSL 15:117db924cf7c 32738 WOLFSSL_MSG("wolfSSL_EC_POINT_new NULL error");
wolfSSL 15:117db924cf7c 32739 return NULL;
wolfSSL 15:117db924cf7c 32740 }
wolfSSL 15:117db924cf7c 32741
wolfSSL 15:117db924cf7c 32742 p = (WOLFSSL_EC_POINT *)XMALLOC(sizeof(WOLFSSL_EC_POINT), NULL,
wolfSSL 15:117db924cf7c 32743 DYNAMIC_TYPE_ECC);
wolfSSL 15:117db924cf7c 32744 if (p == NULL) {
wolfSSL 15:117db924cf7c 32745 WOLFSSL_MSG("wolfSSL_EC_POINT_new malloc ecc point failure");
wolfSSL 15:117db924cf7c 32746 return NULL;
wolfSSL 15:117db924cf7c 32747 }
wolfSSL 15:117db924cf7c 32748 XMEMSET(p, 0, sizeof(WOLFSSL_EC_POINT));
wolfSSL 15:117db924cf7c 32749
wolfSSL 15:117db924cf7c 32750 p->internal = wc_ecc_new_point();
wolfSSL 15:117db924cf7c 32751 if (p->internal == NULL) {
wolfSSL 15:117db924cf7c 32752 WOLFSSL_MSG("ecc_new_point failure");
wolfSSL 15:117db924cf7c 32753 XFREE(p, NULL, DYNAMIC_TYPE_ECC);
wolfSSL 15:117db924cf7c 32754 return NULL;
wolfSSL 15:117db924cf7c 32755 }
wolfSSL 15:117db924cf7c 32756
wolfSSL 15:117db924cf7c 32757 return p;
wolfSSL 15:117db924cf7c 32758 }
wolfSSL 15:117db924cf7c 32759
wolfSSL 15:117db924cf7c 32760 /* return code compliant with OpenSSL :
wolfSSL 15:117db924cf7c 32761 * 1 if success, 0 if error
wolfSSL 15:117db924cf7c 32762 */
wolfSSL 15:117db924cf7c 32763 int wolfSSL_EC_POINT_get_affine_coordinates_GFp(const WOLFSSL_EC_GROUP *group,
wolfSSL 15:117db924cf7c 32764 const WOLFSSL_EC_POINT *point,
wolfSSL 15:117db924cf7c 32765 WOLFSSL_BIGNUM *x,
wolfSSL 15:117db924cf7c 32766 WOLFSSL_BIGNUM *y,
wolfSSL 15:117db924cf7c 32767 WOLFSSL_BN_CTX *ctx)
wolfSSL 15:117db924cf7c 32768 {
wolfSSL 16:8e0d178b1d1e 32769 mp_digit mp;
wolfSSL 16:8e0d178b1d1e 32770 mp_int modulus;
wolfSSL 15:117db924cf7c 32771 (void)ctx;
wolfSSL 15:117db924cf7c 32772
wolfSSL 15:117db924cf7c 32773 WOLFSSL_ENTER("wolfSSL_EC_POINT_get_affine_coordinates_GFp");
wolfSSL 15:117db924cf7c 32774
wolfSSL 15:117db924cf7c 32775 if (group == NULL || point == NULL || point->internal == NULL ||
wolfSSL 16:8e0d178b1d1e 32776 x == NULL || y == NULL || wolfSSL_EC_POINT_is_at_infinity(group, point)) {
wolfSSL 15:117db924cf7c 32777 WOLFSSL_MSG("wolfSSL_EC_POINT_get_affine_coordinates_GFp NULL error");
wolfSSL 15:117db924cf7c 32778 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 32779 }
wolfSSL 15:117db924cf7c 32780
wolfSSL 16:8e0d178b1d1e 32781 if (setupPoint(point) != WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 32782 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 32783 }
wolfSSL 16:8e0d178b1d1e 32784
wolfSSL 16:8e0d178b1d1e 32785 if (!wolfSSL_BN_is_one(point->Z)) {
wolfSSL 16:8e0d178b1d1e 32786 if (mp_init(&modulus) != MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 32787 WOLFSSL_MSG("mp_init failed");
wolfSSL 16:8e0d178b1d1e 32788 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 32789 }
wolfSSL 16:8e0d178b1d1e 32790 /* Map the Jacobian point back to affine space */
wolfSSL 16:8e0d178b1d1e 32791 if (mp_read_radix(&modulus, ecc_sets[group->curve_idx].prime, MP_RADIX_HEX) != MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 32792 WOLFSSL_MSG("mp_read_radix failed");
wolfSSL 16:8e0d178b1d1e 32793 mp_clear(&modulus);
wolfSSL 16:8e0d178b1d1e 32794 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 32795 }
wolfSSL 16:8e0d178b1d1e 32796 if (mp_montgomery_setup(&modulus, &mp) != MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 32797 WOLFSSL_MSG("mp_montgomery_setup failed");
wolfSSL 16:8e0d178b1d1e 32798 mp_clear(&modulus);
wolfSSL 16:8e0d178b1d1e 32799 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 32800 }
wolfSSL 16:8e0d178b1d1e 32801 if (ecc_map((ecc_point*)point->internal, &modulus, mp) != MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 32802 WOLFSSL_MSG("ecc_map failed");
wolfSSL 16:8e0d178b1d1e 32803 mp_clear(&modulus);
wolfSSL 16:8e0d178b1d1e 32804 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 32805 }
wolfSSL 16:8e0d178b1d1e 32806 if (SetECPointExternal((WOLFSSL_EC_POINT *)point) != WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 32807 WOLFSSL_MSG("SetECPointExternal failed");
wolfSSL 16:8e0d178b1d1e 32808 mp_clear(&modulus);
wolfSSL 15:117db924cf7c 32809 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 32810 }
wolfSSL 15:117db924cf7c 32811 }
wolfSSL 15:117db924cf7c 32812
wolfSSL 15:117db924cf7c 32813 BN_copy(x, point->X);
wolfSSL 15:117db924cf7c 32814 BN_copy(y, point->Y);
wolfSSL 16:8e0d178b1d1e 32815 mp_clear(&modulus);
wolfSSL 16:8e0d178b1d1e 32816
wolfSSL 16:8e0d178b1d1e 32817 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 32818 }
wolfSSL 16:8e0d178b1d1e 32819
wolfSSL 16:8e0d178b1d1e 32820 int wolfSSL_EC_POINT_set_affine_coordinates_GFp(const WOLFSSL_EC_GROUP *group,
wolfSSL 16:8e0d178b1d1e 32821 WOLFSSL_EC_POINT *point,
wolfSSL 16:8e0d178b1d1e 32822 const WOLFSSL_BIGNUM *x,
wolfSSL 16:8e0d178b1d1e 32823 const WOLFSSL_BIGNUM *y,
wolfSSL 16:8e0d178b1d1e 32824 WOLFSSL_BN_CTX *ctx)
wolfSSL 16:8e0d178b1d1e 32825 {
wolfSSL 16:8e0d178b1d1e 32826 (void)ctx;
wolfSSL 16:8e0d178b1d1e 32827 WOLFSSL_ENTER("wolfSSL_EC_POINT_set_affine_coordinates_GFp");
wolfSSL 16:8e0d178b1d1e 32828
wolfSSL 16:8e0d178b1d1e 32829 if (group == NULL || point == NULL || point->internal == NULL ||
wolfSSL 16:8e0d178b1d1e 32830 x == NULL || y == NULL) {
wolfSSL 16:8e0d178b1d1e 32831 WOLFSSL_MSG("wolfSSL_EC_POINT_set_affine_coordinates_GFp NULL error");
wolfSSL 16:8e0d178b1d1e 32832 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 32833 }
wolfSSL 16:8e0d178b1d1e 32834
wolfSSL 16:8e0d178b1d1e 32835 if (!point->X) {
wolfSSL 16:8e0d178b1d1e 32836 point->X = wolfSSL_BN_new();
wolfSSL 16:8e0d178b1d1e 32837 }
wolfSSL 16:8e0d178b1d1e 32838 if (!point->Y) {
wolfSSL 16:8e0d178b1d1e 32839 point->Y = wolfSSL_BN_new();
wolfSSL 16:8e0d178b1d1e 32840 }
wolfSSL 16:8e0d178b1d1e 32841 if (!point->Z) {
wolfSSL 16:8e0d178b1d1e 32842 point->Z = wolfSSL_BN_new();
wolfSSL 16:8e0d178b1d1e 32843 }
wolfSSL 16:8e0d178b1d1e 32844 if (!point->X || !point->Y || !point->Z) {
wolfSSL 16:8e0d178b1d1e 32845 WOLFSSL_MSG("wolfSSL_BN_new failed");
wolfSSL 16:8e0d178b1d1e 32846 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 32847 }
wolfSSL 16:8e0d178b1d1e 32848
wolfSSL 16:8e0d178b1d1e 32849 BN_copy(point->X, x);
wolfSSL 16:8e0d178b1d1e 32850 BN_copy(point->Y, y);
wolfSSL 16:8e0d178b1d1e 32851 BN_copy(point->Z, wolfSSL_BN_value_one());
wolfSSL 16:8e0d178b1d1e 32852
wolfSSL 16:8e0d178b1d1e 32853 if (SetECPointInternal((WOLFSSL_EC_POINT *)point) != WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 32854 WOLFSSL_MSG("SetECPointInternal failed");
wolfSSL 16:8e0d178b1d1e 32855 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 32856 }
wolfSSL 16:8e0d178b1d1e 32857
wolfSSL 16:8e0d178b1d1e 32858 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 32859 }
wolfSSL 16:8e0d178b1d1e 32860
wolfSSL 16:8e0d178b1d1e 32861 #if !defined(WOLFSSL_ATECC508A) && !defined(HAVE_SELFTEST)
wolfSSL 16:8e0d178b1d1e 32862 /* Calculate the value: generator * n + q * m
wolfSSL 16:8e0d178b1d1e 32863 * return code compliant with OpenSSL :
wolfSSL 15:117db924cf7c 32864 * 1 if success, 0 if error
wolfSSL 15:117db924cf7c 32865 */
wolfSSL 15:117db924cf7c 32866 int wolfSSL_EC_POINT_mul(const WOLFSSL_EC_GROUP *group, WOLFSSL_EC_POINT *r,
wolfSSL 15:117db924cf7c 32867 const WOLFSSL_BIGNUM *n, const WOLFSSL_EC_POINT *q,
wolfSSL 15:117db924cf7c 32868 const WOLFSSL_BIGNUM *m, WOLFSSL_BN_CTX *ctx)
wolfSSL 15:117db924cf7c 32869 {
wolfSSL 15:117db924cf7c 32870 mp_int a, prime;
wolfSSL 16:8e0d178b1d1e 32871 int ret = WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 32872 ecc_point* result = NULL;
wolfSSL 16:8e0d178b1d1e 32873 ecc_point* tmp = NULL;
wolfSSL 15:117db924cf7c 32874
wolfSSL 15:117db924cf7c 32875 (void)ctx;
wolfSSL 15:117db924cf7c 32876
wolfSSL 15:117db924cf7c 32877 WOLFSSL_ENTER("wolfSSL_EC_POINT_mul");
wolfSSL 15:117db924cf7c 32878
wolfSSL 16:8e0d178b1d1e 32879 if (!group || !r) {
wolfSSL 15:117db924cf7c 32880 WOLFSSL_MSG("wolfSSL_EC_POINT_mul NULL error");
wolfSSL 15:117db924cf7c 32881 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 32882 }
wolfSSL 15:117db924cf7c 32883
wolfSSL 16:8e0d178b1d1e 32884 if (!(result = wc_ecc_new_point())) {
wolfSSL 16:8e0d178b1d1e 32885 WOLFSSL_MSG("wolfSSL_EC_POINT_new error");
wolfSSL 16:8e0d178b1d1e 32886 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 32887 }
wolfSSL 15:117db924cf7c 32888
wolfSSL 15:117db924cf7c 32889 /* read the curve prime and a */
wolfSSL 15:117db924cf7c 32890 if (mp_init_multi(&prime, &a, NULL, NULL, NULL, NULL) != MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 32891 WOLFSSL_MSG("mp_init_multi error");
wolfSSL 16:8e0d178b1d1e 32892 goto cleanup;
wolfSSL 16:8e0d178b1d1e 32893 }
wolfSSL 16:8e0d178b1d1e 32894
wolfSSL 16:8e0d178b1d1e 32895 if (q && setupPoint(q) != WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 32896 WOLFSSL_MSG("setupPoint error");
wolfSSL 16:8e0d178b1d1e 32897 goto cleanup;
wolfSSL 16:8e0d178b1d1e 32898 }
wolfSSL 16:8e0d178b1d1e 32899
wolfSSL 16:8e0d178b1d1e 32900 if (mp_read_radix(&prime, ecc_sets[group->curve_idx].prime, MP_RADIX_HEX)
wolfSSL 16:8e0d178b1d1e 32901 != MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 32902 WOLFSSL_MSG("mp_read_radix prime error");
wolfSSL 16:8e0d178b1d1e 32903 goto cleanup;
wolfSSL 16:8e0d178b1d1e 32904 }
wolfSSL 16:8e0d178b1d1e 32905
wolfSSL 16:8e0d178b1d1e 32906 if (mp_read_radix(&a, ecc_sets[group->curve_idx].Af, MP_RADIX_HEX)
wolfSSL 16:8e0d178b1d1e 32907 != MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 32908 WOLFSSL_MSG("mp_read_radix a error");
wolfSSL 16:8e0d178b1d1e 32909 goto cleanup;
wolfSSL 16:8e0d178b1d1e 32910 }
wolfSSL 16:8e0d178b1d1e 32911
wolfSSL 16:8e0d178b1d1e 32912 if (n) {
wolfSSL 16:8e0d178b1d1e 32913 /* load generator */
wolfSSL 16:8e0d178b1d1e 32914 if (wc_ecc_get_generator(result, group->curve_idx)
wolfSSL 16:8e0d178b1d1e 32915 != MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 32916 WOLFSSL_MSG("wc_ecc_get_generator error");
wolfSSL 16:8e0d178b1d1e 32917 goto cleanup;
wolfSSL 16:8e0d178b1d1e 32918 }
wolfSSL 16:8e0d178b1d1e 32919 }
wolfSSL 16:8e0d178b1d1e 32920
wolfSSL 16:8e0d178b1d1e 32921 if (n && q && m) {
wolfSSL 16:8e0d178b1d1e 32922 /* r = generator * n + q * m */
wolfSSL 16:8e0d178b1d1e 32923 #ifdef ECC_SHAMIR
wolfSSL 16:8e0d178b1d1e 32924 if (ecc_mul2add(result, (mp_int*)n->internal,
wolfSSL 16:8e0d178b1d1e 32925 (ecc_point*)q->internal, (mp_int*)m->internal,
wolfSSL 16:8e0d178b1d1e 32926 result, &a, &prime, NULL)
wolfSSL 16:8e0d178b1d1e 32927 != MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 32928 WOLFSSL_MSG("ecc_mul2add error");
wolfSSL 16:8e0d178b1d1e 32929 goto cleanup;
wolfSSL 16:8e0d178b1d1e 32930 }
wolfSSL 16:8e0d178b1d1e 32931 #else
wolfSSL 16:8e0d178b1d1e 32932 mp_digit mp = 0;
wolfSSL 16:8e0d178b1d1e 32933 if (mp_montgomery_setup(&prime, &mp) != MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 32934 WOLFSSL_MSG("mp_montgomery_setup nqm error");
wolfSSL 16:8e0d178b1d1e 32935 goto cleanup;
wolfSSL 16:8e0d178b1d1e 32936 }
wolfSSL 16:8e0d178b1d1e 32937 if (!(tmp = wc_ecc_new_point())) {
wolfSSL 16:8e0d178b1d1e 32938 WOLFSSL_MSG("wolfSSL_EC_POINT_new nqm error");
wolfSSL 16:8e0d178b1d1e 32939 goto cleanup;
wolfSSL 16:8e0d178b1d1e 32940 }
wolfSSL 16:8e0d178b1d1e 32941 /* r = generator * n */
wolfSSL 16:8e0d178b1d1e 32942 if (wc_ecc_mulmod((mp_int*)n->internal, result, result, &a, &prime, 1)
wolfSSL 16:8e0d178b1d1e 32943 != MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 32944 WOLFSSL_MSG("wc_ecc_mulmod nqm error");
wolfSSL 16:8e0d178b1d1e 32945 goto cleanup;
wolfSSL 16:8e0d178b1d1e 32946 }
wolfSSL 16:8e0d178b1d1e 32947 /* tmp = q * m */
wolfSSL 16:8e0d178b1d1e 32948 if (wc_ecc_mulmod((mp_int*)m->internal, (ecc_point*)q->internal,
wolfSSL 16:8e0d178b1d1e 32949 tmp, &a, &prime, 1) != MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 32950 WOLFSSL_MSG("wc_ecc_mulmod nqm error");
wolfSSL 16:8e0d178b1d1e 32951 goto cleanup;
wolfSSL 16:8e0d178b1d1e 32952 }
wolfSSL 16:8e0d178b1d1e 32953 /* result = result + tmp */
wolfSSL 16:8e0d178b1d1e 32954 if (ecc_projective_add_point(tmp, result, result, &a, &prime, mp)
wolfSSL 16:8e0d178b1d1e 32955 != MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 32956 WOLFSSL_MSG("wc_ecc_mulmod nqm error");
wolfSSL 16:8e0d178b1d1e 32957 goto cleanup;
wolfSSL 16:8e0d178b1d1e 32958 }
wolfSSL 16:8e0d178b1d1e 32959 if (ecc_map(result, &prime, mp) != MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 32960 WOLFSSL_MSG("ecc_map nqm error");
wolfSSL 16:8e0d178b1d1e 32961 goto cleanup;
wolfSSL 16:8e0d178b1d1e 32962 }
wolfSSL 16:8e0d178b1d1e 32963 #endif
wolfSSL 16:8e0d178b1d1e 32964 }
wolfSSL 16:8e0d178b1d1e 32965 else if (n) {
wolfSSL 16:8e0d178b1d1e 32966 /* r = generator * n */
wolfSSL 16:8e0d178b1d1e 32967 if (wc_ecc_mulmod((mp_int*)n->internal, result, result, &a, &prime, 1)
wolfSSL 16:8e0d178b1d1e 32968 != MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 32969 WOLFSSL_MSG("wc_ecc_mulmod gn error");
wolfSSL 16:8e0d178b1d1e 32970 goto cleanup;
wolfSSL 16:8e0d178b1d1e 32971 }
wolfSSL 16:8e0d178b1d1e 32972 }
wolfSSL 16:8e0d178b1d1e 32973 else if (q && m) {
wolfSSL 16:8e0d178b1d1e 32974 /* r = q * m */
wolfSSL 16:8e0d178b1d1e 32975 if (wc_ecc_mulmod((mp_int*)m->internal, (ecc_point*)q->internal,
wolfSSL 16:8e0d178b1d1e 32976 result, &a, &prime, 1) != MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 32977 WOLFSSL_MSG("wc_ecc_mulmod qm error");
wolfSSL 16:8e0d178b1d1e 32978 goto cleanup;
wolfSSL 16:8e0d178b1d1e 32979 }
wolfSSL 16:8e0d178b1d1e 32980 }
wolfSSL 16:8e0d178b1d1e 32981
wolfSSL 16:8e0d178b1d1e 32982 /* copy to destination */
wolfSSL 16:8e0d178b1d1e 32983 if (wc_ecc_copy_point(result, (ecc_point*)r->internal)) {
wolfSSL 16:8e0d178b1d1e 32984 WOLFSSL_MSG("wc_ecc_copy_point error");
wolfSSL 16:8e0d178b1d1e 32985 goto cleanup;
wolfSSL 16:8e0d178b1d1e 32986 }
wolfSSL 16:8e0d178b1d1e 32987 r->inSet = 1;
wolfSSL 16:8e0d178b1d1e 32988 if (SetECPointExternal(r) != WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 32989 WOLFSSL_MSG("SetECPointExternal error");
wolfSSL 16:8e0d178b1d1e 32990 goto cleanup;
wolfSSL 16:8e0d178b1d1e 32991 }
wolfSSL 16:8e0d178b1d1e 32992
wolfSSL 16:8e0d178b1d1e 32993 ret = WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 32994 cleanup:
wolfSSL 15:117db924cf7c 32995 mp_clear(&a);
wolfSSL 15:117db924cf7c 32996 mp_clear(&prime);
wolfSSL 16:8e0d178b1d1e 32997 wc_ecc_del_point(result);
wolfSSL 16:8e0d178b1d1e 32998 wc_ecc_del_point(tmp);
wolfSSL 16:8e0d178b1d1e 32999 return ret;
wolfSSL 16:8e0d178b1d1e 33000 }
wolfSSL 16:8e0d178b1d1e 33001 #endif /* !defined(WOLFSSL_ATECC508A) && defined(ECC_SHAMIR) &&
wolfSSL 16:8e0d178b1d1e 33002 * !defined(HAVE_SELFTEST) */
wolfSSL 15:117db924cf7c 33003
wolfSSL 15:117db924cf7c 33004 void wolfSSL_EC_POINT_clear_free(WOLFSSL_EC_POINT *p)
wolfSSL 15:117db924cf7c 33005 {
wolfSSL 15:117db924cf7c 33006 WOLFSSL_ENTER("wolfSSL_EC_POINT_clear_free");
wolfSSL 15:117db924cf7c 33007
wolfSSL 15:117db924cf7c 33008 wolfSSL_EC_POINT_free(p);
wolfSSL 15:117db924cf7c 33009 }
wolfSSL 15:117db924cf7c 33010
wolfSSL 15:117db924cf7c 33011 /* return code compliant with OpenSSL :
wolfSSL 15:117db924cf7c 33012 * 0 if equal, 1 if not and -1 in case of error
wolfSSL 15:117db924cf7c 33013 */
wolfSSL 15:117db924cf7c 33014 int wolfSSL_EC_POINT_cmp(const WOLFSSL_EC_GROUP *group,
wolfSSL 15:117db924cf7c 33015 const WOLFSSL_EC_POINT *a, const WOLFSSL_EC_POINT *b,
wolfSSL 15:117db924cf7c 33016 WOLFSSL_BN_CTX *ctx)
wolfSSL 15:117db924cf7c 33017 {
wolfSSL 15:117db924cf7c 33018 int ret;
wolfSSL 15:117db924cf7c 33019
wolfSSL 15:117db924cf7c 33020 (void)ctx;
wolfSSL 15:117db924cf7c 33021
wolfSSL 15:117db924cf7c 33022 WOLFSSL_ENTER("wolfSSL_EC_POINT_cmp");
wolfSSL 15:117db924cf7c 33023
wolfSSL 15:117db924cf7c 33024 if (group == NULL || a == NULL || a->internal == NULL || b == NULL ||
wolfSSL 15:117db924cf7c 33025 b->internal == NULL) {
wolfSSL 15:117db924cf7c 33026 WOLFSSL_MSG("wolfSSL_EC_POINT_cmp Bad arguments");
wolfSSL 15:117db924cf7c 33027 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 33028 }
wolfSSL 15:117db924cf7c 33029
wolfSSL 15:117db924cf7c 33030 ret = wc_ecc_cmp_point((ecc_point*)a->internal, (ecc_point*)b->internal);
wolfSSL 15:117db924cf7c 33031 if (ret == MP_EQ)
wolfSSL 15:117db924cf7c 33032 return 0;
wolfSSL 15:117db924cf7c 33033 else if (ret == MP_LT || ret == MP_GT)
wolfSSL 15:117db924cf7c 33034 return 1;
wolfSSL 15:117db924cf7c 33035
wolfSSL 15:117db924cf7c 33036 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 33037 }
wolfSSL 16:8e0d178b1d1e 33038
wolfSSL 16:8e0d178b1d1e 33039 int wolfSSL_EC_POINT_copy(WOLFSSL_EC_POINT *dest, const WOLFSSL_EC_POINT *src)
wolfSSL 16:8e0d178b1d1e 33040 {
wolfSSL 16:8e0d178b1d1e 33041 WOLFSSL_ENTER("wolfSSL_EC_POINT_copy");
wolfSSL 16:8e0d178b1d1e 33042
wolfSSL 16:8e0d178b1d1e 33043 if (!dest || !src) {
wolfSSL 16:8e0d178b1d1e 33044 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 33045 }
wolfSSL 16:8e0d178b1d1e 33046
wolfSSL 16:8e0d178b1d1e 33047 if (setupPoint(src) != WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 33048 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 33049 }
wolfSSL 16:8e0d178b1d1e 33050
wolfSSL 16:8e0d178b1d1e 33051 if (wc_ecc_copy_point((ecc_point*) dest->internal,
wolfSSL 16:8e0d178b1d1e 33052 (ecc_point*) src->internal) != MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 33053 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 33054 }
wolfSSL 16:8e0d178b1d1e 33055
wolfSSL 16:8e0d178b1d1e 33056 dest->inSet = 1;
wolfSSL 16:8e0d178b1d1e 33057
wolfSSL 16:8e0d178b1d1e 33058 if (SetECPointExternal(dest) != WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 33059 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 33060 }
wolfSSL 16:8e0d178b1d1e 33061
wolfSSL 16:8e0d178b1d1e 33062 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 33063 }
wolfSSL 15:117db924cf7c 33064 #endif /* HAVE_ECC */
wolfSSL 15:117db924cf7c 33065 #endif /* OPENSSL_EXTRA */
wolfSSL 15:117db924cf7c 33066
wolfSSL 15:117db924cf7c 33067 #if defined(HAVE_ECC) && (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
wolfSSL 15:117db924cf7c 33068 void wolfSSL_EC_POINT_free(WOLFSSL_EC_POINT *p)
wolfSSL 15:117db924cf7c 33069 {
wolfSSL 15:117db924cf7c 33070 WOLFSSL_ENTER("wolfSSL_EC_POINT_free");
wolfSSL 15:117db924cf7c 33071
wolfSSL 15:117db924cf7c 33072 if (p != NULL) {
wolfSSL 15:117db924cf7c 33073 if (p->internal != NULL) {
wolfSSL 15:117db924cf7c 33074 wc_ecc_del_point((ecc_point*)p->internal);
wolfSSL 15:117db924cf7c 33075 p->internal = NULL;
wolfSSL 15:117db924cf7c 33076 }
wolfSSL 15:117db924cf7c 33077
wolfSSL 15:117db924cf7c 33078 wolfSSL_BN_free(p->X);
wolfSSL 15:117db924cf7c 33079 wolfSSL_BN_free(p->Y);
wolfSSL 15:117db924cf7c 33080 wolfSSL_BN_free(p->Z);
wolfSSL 15:117db924cf7c 33081 p->X = NULL;
wolfSSL 15:117db924cf7c 33082 p->Y = NULL;
wolfSSL 15:117db924cf7c 33083 p->Z = NULL;
wolfSSL 15:117db924cf7c 33084 p->inSet = p->exSet = 0;
wolfSSL 15:117db924cf7c 33085
wolfSSL 15:117db924cf7c 33086 XFREE(p, NULL, DYNAMIC_TYPE_ECC);
wolfSSL 16:8e0d178b1d1e 33087 /* p = NULL, don't try to access or double free it */
wolfSSL 15:117db924cf7c 33088 }
wolfSSL 15:117db924cf7c 33089 }
wolfSSL 15:117db924cf7c 33090 #endif
wolfSSL 15:117db924cf7c 33091
wolfSSL 15:117db924cf7c 33092 #ifdef OPENSSL_EXTRA
wolfSSL 15:117db924cf7c 33093 #ifdef HAVE_ECC
wolfSSL 15:117db924cf7c 33094 /* return code compliant with OpenSSL :
wolfSSL 15:117db924cf7c 33095 * 1 if point at infinity, 0 else
wolfSSL 15:117db924cf7c 33096 */
wolfSSL 15:117db924cf7c 33097 int wolfSSL_EC_POINT_is_at_infinity(const WOLFSSL_EC_GROUP *group,
wolfSSL 15:117db924cf7c 33098 const WOLFSSL_EC_POINT *point)
wolfSSL 15:117db924cf7c 33099 {
wolfSSL 15:117db924cf7c 33100 int ret;
wolfSSL 15:117db924cf7c 33101
wolfSSL 15:117db924cf7c 33102 WOLFSSL_ENTER("wolfSSL_EC_POINT_is_at_infinity");
wolfSSL 15:117db924cf7c 33103
wolfSSL 15:117db924cf7c 33104 if (group == NULL || point == NULL || point->internal == NULL) {
wolfSSL 15:117db924cf7c 33105 WOLFSSL_MSG("wolfSSL_EC_POINT_is_at_infinity NULL error");
wolfSSL 15:117db924cf7c 33106 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 33107 }
wolfSSL 16:8e0d178b1d1e 33108
wolfSSL 16:8e0d178b1d1e 33109 if (setupPoint(point) != WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 33110 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 33111 }
wolfSSL 15:117db924cf7c 33112
wolfSSL 15:117db924cf7c 33113 ret = wc_ecc_point_is_at_infinity((ecc_point*)point->internal);
wolfSSL 16:8e0d178b1d1e 33114 if (ret < 0) {
wolfSSL 15:117db924cf7c 33115 WOLFSSL_MSG("ecc_point_is_at_infinity failure");
wolfSSL 15:117db924cf7c 33116 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 33117 }
wolfSSL 15:117db924cf7c 33118
wolfSSL 16:8e0d178b1d1e 33119 return ret;
wolfSSL 15:117db924cf7c 33120 }
wolfSSL 15:117db924cf7c 33121
wolfSSL 15:117db924cf7c 33122 /* End EC_POINT */
wolfSSL 15:117db924cf7c 33123
wolfSSL 16:8e0d178b1d1e 33124 size_t wolfSSL_EC_get_builtin_curves(WOLFSSL_EC_BUILTIN_CURVE *r, size_t nitems)
wolfSSL 16:8e0d178b1d1e 33125 {
wolfSSL 16:8e0d178b1d1e 33126 size_t i, min_nitems;
wolfSSL 16:8e0d178b1d1e 33127 #ifdef HAVE_SELFTEST
wolfSSL 16:8e0d178b1d1e 33128 size_t ecc_sets_count;
wolfSSL 16:8e0d178b1d1e 33129 for (i = 0; ecc_sets[i].size != 0 && ecc_sets[i].name != NULL; i++);
wolfSSL 16:8e0d178b1d1e 33130 ecc_sets_count = i;
wolfSSL 16:8e0d178b1d1e 33131 #endif
wolfSSL 16:8e0d178b1d1e 33132
wolfSSL 16:8e0d178b1d1e 33133 if (r == NULL || nitems == 0)
wolfSSL 16:8e0d178b1d1e 33134 return ecc_sets_count;
wolfSSL 16:8e0d178b1d1e 33135
wolfSSL 16:8e0d178b1d1e 33136 min_nitems = nitems < ecc_sets_count ? nitems : ecc_sets_count;
wolfSSL 16:8e0d178b1d1e 33137
wolfSSL 16:8e0d178b1d1e 33138 for (i = 0; i < min_nitems; i++) {
wolfSSL 16:8e0d178b1d1e 33139 r[i].nid = EccEnumToNID(ecc_sets[i].id);
wolfSSL 16:8e0d178b1d1e 33140 r[i].comment = wolfSSL_OBJ_nid2sn(r[i].nid);
wolfSSL 16:8e0d178b1d1e 33141 }
wolfSSL 16:8e0d178b1d1e 33142
wolfSSL 16:8e0d178b1d1e 33143 return ecc_sets_count;
wolfSSL 16:8e0d178b1d1e 33144 }
wolfSSL 16:8e0d178b1d1e 33145
wolfSSL 15:117db924cf7c 33146 /* Start ECDSA_SIG */
wolfSSL 15:117db924cf7c 33147 void wolfSSL_ECDSA_SIG_free(WOLFSSL_ECDSA_SIG *sig)
wolfSSL 15:117db924cf7c 33148 {
wolfSSL 15:117db924cf7c 33149 WOLFSSL_ENTER("wolfSSL_ECDSA_SIG_free");
wolfSSL 15:117db924cf7c 33150
wolfSSL 15:117db924cf7c 33151 if (sig) {
wolfSSL 15:117db924cf7c 33152 wolfSSL_BN_free(sig->r);
wolfSSL 15:117db924cf7c 33153 wolfSSL_BN_free(sig->s);
wolfSSL 15:117db924cf7c 33154
wolfSSL 15:117db924cf7c 33155 XFREE(sig, NULL, DYNAMIC_TYPE_ECC);
wolfSSL 15:117db924cf7c 33156 }
wolfSSL 15:117db924cf7c 33157 }
wolfSSL 15:117db924cf7c 33158
wolfSSL 15:117db924cf7c 33159 WOLFSSL_ECDSA_SIG *wolfSSL_ECDSA_SIG_new(void)
wolfSSL 15:117db924cf7c 33160 {
wolfSSL 15:117db924cf7c 33161 WOLFSSL_ECDSA_SIG *sig;
wolfSSL 15:117db924cf7c 33162
wolfSSL 15:117db924cf7c 33163 WOLFSSL_ENTER("wolfSSL_ECDSA_SIG_new");
wolfSSL 15:117db924cf7c 33164
wolfSSL 15:117db924cf7c 33165 sig = (WOLFSSL_ECDSA_SIG*) XMALLOC(sizeof(WOLFSSL_ECDSA_SIG), NULL,
wolfSSL 15:117db924cf7c 33166 DYNAMIC_TYPE_ECC);
wolfSSL 15:117db924cf7c 33167 if (sig == NULL) {
wolfSSL 15:117db924cf7c 33168 WOLFSSL_MSG("wolfSSL_ECDSA_SIG_new malloc ECDSA signature failure");
wolfSSL 15:117db924cf7c 33169 return NULL;
wolfSSL 15:117db924cf7c 33170 }
wolfSSL 15:117db924cf7c 33171
wolfSSL 15:117db924cf7c 33172 sig->s = NULL;
wolfSSL 15:117db924cf7c 33173 sig->r = wolfSSL_BN_new();
wolfSSL 15:117db924cf7c 33174 if (sig->r == NULL) {
wolfSSL 15:117db924cf7c 33175 WOLFSSL_MSG("wolfSSL_ECDSA_SIG_new malloc ECDSA r failure");
wolfSSL 15:117db924cf7c 33176 wolfSSL_ECDSA_SIG_free(sig);
wolfSSL 15:117db924cf7c 33177 return NULL;
wolfSSL 15:117db924cf7c 33178 }
wolfSSL 15:117db924cf7c 33179
wolfSSL 15:117db924cf7c 33180 sig->s = wolfSSL_BN_new();
wolfSSL 15:117db924cf7c 33181 if (sig->s == NULL) {
wolfSSL 15:117db924cf7c 33182 WOLFSSL_MSG("wolfSSL_ECDSA_SIG_new malloc ECDSA s failure");
wolfSSL 15:117db924cf7c 33183 wolfSSL_ECDSA_SIG_free(sig);
wolfSSL 15:117db924cf7c 33184 return NULL;
wolfSSL 15:117db924cf7c 33185 }
wolfSSL 15:117db924cf7c 33186
wolfSSL 15:117db924cf7c 33187 return sig;
wolfSSL 15:117db924cf7c 33188 }
wolfSSL 15:117db924cf7c 33189
wolfSSL 15:117db924cf7c 33190 /* return signature structure on success, NULL otherwise */
wolfSSL 15:117db924cf7c 33191 WOLFSSL_ECDSA_SIG *wolfSSL_ECDSA_do_sign(const unsigned char *d, int dlen,
wolfSSL 15:117db924cf7c 33192 WOLFSSL_EC_KEY *key)
wolfSSL 15:117db924cf7c 33193 {
wolfSSL 15:117db924cf7c 33194 WOLFSSL_ECDSA_SIG *sig = NULL;
wolfSSL 15:117db924cf7c 33195 int initTmpRng = 0;
wolfSSL 15:117db924cf7c 33196 WC_RNG* rng = NULL;
wolfSSL 15:117db924cf7c 33197 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 33198 WC_RNG* tmpRNG = NULL;
wolfSSL 15:117db924cf7c 33199 #else
wolfSSL 15:117db924cf7c 33200 WC_RNG tmpRNG[1];
wolfSSL 15:117db924cf7c 33201 #endif
wolfSSL 15:117db924cf7c 33202
wolfSSL 15:117db924cf7c 33203 WOLFSSL_ENTER("wolfSSL_ECDSA_do_sign");
wolfSSL 15:117db924cf7c 33204
wolfSSL 15:117db924cf7c 33205 if (d == NULL || key == NULL || key->internal == NULL) {
wolfSSL 15:117db924cf7c 33206 WOLFSSL_MSG("wolfSSL_ECDSA_do_sign Bad arguments");
wolfSSL 15:117db924cf7c 33207 return NULL;
wolfSSL 15:117db924cf7c 33208 }
wolfSSL 15:117db924cf7c 33209
wolfSSL 15:117db924cf7c 33210 /* set internal key if not done */
wolfSSL 15:117db924cf7c 33211 if (key->inSet == 0)
wolfSSL 15:117db924cf7c 33212 {
wolfSSL 15:117db924cf7c 33213 WOLFSSL_MSG("wolfSSL_ECDSA_do_sign No EC key internal set, do it");
wolfSSL 15:117db924cf7c 33214
wolfSSL 15:117db924cf7c 33215 if (SetECKeyInternal(key) != WOLFSSL_SUCCESS) {
wolfSSL 15:117db924cf7c 33216 WOLFSSL_MSG("wolfSSL_ECDSA_do_sign SetECKeyInternal failed");
wolfSSL 15:117db924cf7c 33217 return NULL;
wolfSSL 15:117db924cf7c 33218 }
wolfSSL 15:117db924cf7c 33219 }
wolfSSL 15:117db924cf7c 33220
wolfSSL 15:117db924cf7c 33221 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 33222 tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG);
wolfSSL 15:117db924cf7c 33223 if (tmpRNG == NULL)
wolfSSL 15:117db924cf7c 33224 return NULL;
wolfSSL 15:117db924cf7c 33225 #endif
wolfSSL 15:117db924cf7c 33226
wolfSSL 15:117db924cf7c 33227 if (wc_InitRng(tmpRNG) == 0) {
wolfSSL 15:117db924cf7c 33228 rng = tmpRNG;
wolfSSL 15:117db924cf7c 33229 initTmpRng = 1;
wolfSSL 15:117db924cf7c 33230 }
wolfSSL 15:117db924cf7c 33231 else {
wolfSSL 15:117db924cf7c 33232 WOLFSSL_MSG("wolfSSL_ECDSA_do_sign Bad RNG Init, trying global");
wolfSSL 15:117db924cf7c 33233 if (initGlobalRNG == 0)
wolfSSL 15:117db924cf7c 33234 WOLFSSL_MSG("wolfSSL_ECDSA_do_sign Global RNG no Init");
wolfSSL 15:117db924cf7c 33235 else
wolfSSL 15:117db924cf7c 33236 rng = &globalRNG;
wolfSSL 15:117db924cf7c 33237 }
wolfSSL 15:117db924cf7c 33238
wolfSSL 15:117db924cf7c 33239 if (rng) {
wolfSSL 15:117db924cf7c 33240 mp_int sig_r, sig_s;
wolfSSL 15:117db924cf7c 33241
wolfSSL 15:117db924cf7c 33242 if (mp_init_multi(&sig_r, &sig_s, NULL, NULL, NULL, NULL) == MP_OKAY) {
wolfSSL 15:117db924cf7c 33243 if (wc_ecc_sign_hash_ex(d, dlen, rng, (ecc_key*)key->internal,
wolfSSL 15:117db924cf7c 33244 &sig_r, &sig_s) != MP_OKAY) {
wolfSSL 15:117db924cf7c 33245 WOLFSSL_MSG("wc_ecc_sign_hash_ex failed");
wolfSSL 15:117db924cf7c 33246 }
wolfSSL 15:117db924cf7c 33247 else {
wolfSSL 15:117db924cf7c 33248 /* put signature blob in ECDSA structure */
wolfSSL 15:117db924cf7c 33249 sig = wolfSSL_ECDSA_SIG_new();
wolfSSL 15:117db924cf7c 33250 if (sig == NULL)
wolfSSL 15:117db924cf7c 33251 WOLFSSL_MSG("wolfSSL_ECDSA_SIG_new failed");
wolfSSL 15:117db924cf7c 33252 else if (SetIndividualExternal(&(sig->r), &sig_r)!=WOLFSSL_SUCCESS){
wolfSSL 15:117db924cf7c 33253 WOLFSSL_MSG("ecdsa r key error");
wolfSSL 15:117db924cf7c 33254 wolfSSL_ECDSA_SIG_free(sig);
wolfSSL 15:117db924cf7c 33255 sig = NULL;
wolfSSL 15:117db924cf7c 33256 }
wolfSSL 15:117db924cf7c 33257 else if (SetIndividualExternal(&(sig->s), &sig_s)!=WOLFSSL_SUCCESS){
wolfSSL 15:117db924cf7c 33258 WOLFSSL_MSG("ecdsa s key error");
wolfSSL 15:117db924cf7c 33259 wolfSSL_ECDSA_SIG_free(sig);
wolfSSL 15:117db924cf7c 33260 sig = NULL;
wolfSSL 15:117db924cf7c 33261 }
wolfSSL 15:117db924cf7c 33262
wolfSSL 15:117db924cf7c 33263 }
wolfSSL 15:117db924cf7c 33264 mp_free(&sig_r);
wolfSSL 15:117db924cf7c 33265 mp_free(&sig_s);
wolfSSL 15:117db924cf7c 33266 }
wolfSSL 15:117db924cf7c 33267 }
wolfSSL 15:117db924cf7c 33268
wolfSSL 15:117db924cf7c 33269 if (initTmpRng)
wolfSSL 15:117db924cf7c 33270 wc_FreeRng(tmpRNG);
wolfSSL 15:117db924cf7c 33271 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 33272 XFREE(tmpRNG, NULL, DYNAMIC_TYPE_RNG);
wolfSSL 15:117db924cf7c 33273 #endif
wolfSSL 15:117db924cf7c 33274
wolfSSL 15:117db924cf7c 33275 return sig;
wolfSSL 15:117db924cf7c 33276 }
wolfSSL 15:117db924cf7c 33277
wolfSSL 15:117db924cf7c 33278 /* return code compliant with OpenSSL :
wolfSSL 15:117db924cf7c 33279 * 1 for a valid signature, 0 for an invalid signature and -1 on error
wolfSSL 15:117db924cf7c 33280 */
wolfSSL 15:117db924cf7c 33281 int wolfSSL_ECDSA_do_verify(const unsigned char *d, int dlen,
wolfSSL 15:117db924cf7c 33282 const WOLFSSL_ECDSA_SIG *sig, WOLFSSL_EC_KEY *key)
wolfSSL 15:117db924cf7c 33283 {
wolfSSL 15:117db924cf7c 33284 int check_sign = 0;
wolfSSL 15:117db924cf7c 33285
wolfSSL 15:117db924cf7c 33286 WOLFSSL_ENTER("wolfSSL_ECDSA_do_verify");
wolfSSL 15:117db924cf7c 33287
wolfSSL 15:117db924cf7c 33288 if (d == NULL || sig == NULL || key == NULL || key->internal == NULL) {
wolfSSL 15:117db924cf7c 33289 WOLFSSL_MSG("wolfSSL_ECDSA_do_verify Bad arguments");
wolfSSL 15:117db924cf7c 33290 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 33291 }
wolfSSL 15:117db924cf7c 33292
wolfSSL 15:117db924cf7c 33293 /* set internal key if not done */
wolfSSL 15:117db924cf7c 33294 if (key->inSet == 0)
wolfSSL 15:117db924cf7c 33295 {
wolfSSL 15:117db924cf7c 33296 WOLFSSL_MSG("No EC key internal set, do it");
wolfSSL 15:117db924cf7c 33297
wolfSSL 15:117db924cf7c 33298 if (SetECKeyInternal(key) != WOLFSSL_SUCCESS) {
wolfSSL 15:117db924cf7c 33299 WOLFSSL_MSG("SetECKeyInternal failed");
wolfSSL 15:117db924cf7c 33300 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 33301 }
wolfSSL 15:117db924cf7c 33302 }
wolfSSL 15:117db924cf7c 33303
wolfSSL 15:117db924cf7c 33304 if (wc_ecc_verify_hash_ex((mp_int*)sig->r->internal,
wolfSSL 15:117db924cf7c 33305 (mp_int*)sig->s->internal, d, dlen, &check_sign,
wolfSSL 15:117db924cf7c 33306 (ecc_key *)key->internal) != MP_OKAY) {
wolfSSL 15:117db924cf7c 33307 WOLFSSL_MSG("wc_ecc_verify_hash failed");
wolfSSL 15:117db924cf7c 33308 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 33309 }
wolfSSL 15:117db924cf7c 33310 else if (check_sign == 0) {
wolfSSL 15:117db924cf7c 33311 WOLFSSL_MSG("wc_ecc_verify_hash incorrect signature detected");
wolfSSL 15:117db924cf7c 33312 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 33313 }
wolfSSL 15:117db924cf7c 33314
wolfSSL 15:117db924cf7c 33315 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 33316 }
wolfSSL 16:8e0d178b1d1e 33317
wolfSSL 16:8e0d178b1d1e 33318 WOLFSSL_ECDSA_SIG *wolfSSL_d2i_ECDSA_SIG(WOLFSSL_ECDSA_SIG **sig,
wolfSSL 16:8e0d178b1d1e 33319 const unsigned char **pp, long len)
wolfSSL 16:8e0d178b1d1e 33320 {
wolfSSL 16:8e0d178b1d1e 33321 WOLFSSL_ECDSA_SIG *s = NULL;
wolfSSL 16:8e0d178b1d1e 33322
wolfSSL 16:8e0d178b1d1e 33323 if (pp == NULL)
wolfSSL 16:8e0d178b1d1e 33324 return NULL;
wolfSSL 16:8e0d178b1d1e 33325
wolfSSL 16:8e0d178b1d1e 33326 if (sig != NULL)
wolfSSL 16:8e0d178b1d1e 33327 s = *sig;
wolfSSL 16:8e0d178b1d1e 33328 if (s == NULL) {
wolfSSL 16:8e0d178b1d1e 33329 s = wolfSSL_ECDSA_SIG_new();
wolfSSL 16:8e0d178b1d1e 33330 if (s == NULL)
wolfSSL 16:8e0d178b1d1e 33331 return NULL;
wolfSSL 16:8e0d178b1d1e 33332 }
wolfSSL 16:8e0d178b1d1e 33333
wolfSSL 16:8e0d178b1d1e 33334 /* DecodeECC_DSA_Sig calls mp_init, so free these */
wolfSSL 16:8e0d178b1d1e 33335 mp_free((mp_int*)s->r->internal);
wolfSSL 16:8e0d178b1d1e 33336 mp_free((mp_int*)s->s->internal);
wolfSSL 16:8e0d178b1d1e 33337
wolfSSL 16:8e0d178b1d1e 33338 if (DecodeECC_DSA_Sig(*pp, (word32)len, (mp_int*)s->r->internal,
wolfSSL 16:8e0d178b1d1e 33339 (mp_int*)s->s->internal) != MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 33340 if (sig == NULL || *sig == NULL)
wolfSSL 16:8e0d178b1d1e 33341 wolfSSL_ECDSA_SIG_free(s);
wolfSSL 16:8e0d178b1d1e 33342 return NULL;
wolfSSL 16:8e0d178b1d1e 33343 }
wolfSSL 16:8e0d178b1d1e 33344
wolfSSL 16:8e0d178b1d1e 33345 *pp += len;
wolfSSL 16:8e0d178b1d1e 33346 if (sig != NULL)
wolfSSL 16:8e0d178b1d1e 33347 *sig = s;
wolfSSL 16:8e0d178b1d1e 33348 return s;
wolfSSL 16:8e0d178b1d1e 33349 }
wolfSSL 16:8e0d178b1d1e 33350
wolfSSL 16:8e0d178b1d1e 33351 int wolfSSL_i2d_ECDSA_SIG(const WOLFSSL_ECDSA_SIG *sig, unsigned char **pp)
wolfSSL 16:8e0d178b1d1e 33352 {
wolfSSL 16:8e0d178b1d1e 33353 word32 len;
wolfSSL 16:8e0d178b1d1e 33354
wolfSSL 16:8e0d178b1d1e 33355 if (sig == NULL)
wolfSSL 16:8e0d178b1d1e 33356 return 0;
wolfSSL 16:8e0d178b1d1e 33357
wolfSSL 16:8e0d178b1d1e 33358 /* ASN.1: SEQ + INT + INT
wolfSSL 16:8e0d178b1d1e 33359 * ASN.1 Integer must be a positive value - prepend zero if number has
wolfSSL 16:8e0d178b1d1e 33360 * top bit set.
wolfSSL 16:8e0d178b1d1e 33361 */
wolfSSL 16:8e0d178b1d1e 33362 len = 2 + mp_leading_bit((mp_int*)sig->r->internal) +
wolfSSL 16:8e0d178b1d1e 33363 mp_unsigned_bin_size((mp_int*)sig->r->internal) +
wolfSSL 16:8e0d178b1d1e 33364 2 + mp_leading_bit((mp_int*)sig->s->internal) +
wolfSSL 16:8e0d178b1d1e 33365 mp_unsigned_bin_size((mp_int*)sig->s->internal);
wolfSSL 16:8e0d178b1d1e 33366 /* Two bytes required for length if ASN.1 SEQ data greater than 127 bytes
wolfSSL 16:8e0d178b1d1e 33367 * and less than 256 bytes.
wolfSSL 16:8e0d178b1d1e 33368 */
wolfSSL 16:8e0d178b1d1e 33369 len = 1 + ((len > 127) ? 2 : 1) + len;
wolfSSL 16:8e0d178b1d1e 33370 if (pp != NULL && *pp != NULL) {
wolfSSL 16:8e0d178b1d1e 33371 if (StoreECC_DSA_Sig(*pp, &len, (mp_int*)sig->r->internal,
wolfSSL 16:8e0d178b1d1e 33372 (mp_int*)sig->s->internal) != MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 33373 len = 0;
wolfSSL 16:8e0d178b1d1e 33374 }
wolfSSL 16:8e0d178b1d1e 33375 else
wolfSSL 16:8e0d178b1d1e 33376 *pp += len;
wolfSSL 16:8e0d178b1d1e 33377 }
wolfSSL 16:8e0d178b1d1e 33378
wolfSSL 16:8e0d178b1d1e 33379 return (int)len;
wolfSSL 16:8e0d178b1d1e 33380 }
wolfSSL 15:117db924cf7c 33381 /* End ECDSA_SIG */
wolfSSL 15:117db924cf7c 33382
wolfSSL 15:117db924cf7c 33383 /* Start ECDH */
wolfSSL 15:117db924cf7c 33384 /* return code compliant with OpenSSL :
wolfSSL 15:117db924cf7c 33385 * length of computed key if success, -1 if error
wolfSSL 15:117db924cf7c 33386 */
wolfSSL 15:117db924cf7c 33387 int wolfSSL_ECDH_compute_key(void *out, size_t outlen,
wolfSSL 15:117db924cf7c 33388 const WOLFSSL_EC_POINT *pub_key,
wolfSSL 15:117db924cf7c 33389 WOLFSSL_EC_KEY *ecdh,
wolfSSL 15:117db924cf7c 33390 void *(*KDF) (const void *in, size_t inlen,
wolfSSL 15:117db924cf7c 33391 void *out, size_t *outlen))
wolfSSL 15:117db924cf7c 33392 {
wolfSSL 15:117db924cf7c 33393 word32 len;
wolfSSL 15:117db924cf7c 33394 (void)KDF;
wolfSSL 15:117db924cf7c 33395
wolfSSL 15:117db924cf7c 33396 (void)KDF;
wolfSSL 15:117db924cf7c 33397
wolfSSL 15:117db924cf7c 33398 WOLFSSL_ENTER("wolfSSL_ECDH_compute_key");
wolfSSL 15:117db924cf7c 33399
wolfSSL 15:117db924cf7c 33400 if (out == NULL || pub_key == NULL || pub_key->internal == NULL ||
wolfSSL 15:117db924cf7c 33401 ecdh == NULL || ecdh->internal == NULL) {
wolfSSL 15:117db924cf7c 33402 WOLFSSL_MSG("Bad function arguments");
wolfSSL 15:117db924cf7c 33403 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 33404 }
wolfSSL 15:117db924cf7c 33405
wolfSSL 15:117db924cf7c 33406 /* set internal key if not done */
wolfSSL 15:117db924cf7c 33407 if (ecdh->inSet == 0)
wolfSSL 15:117db924cf7c 33408 {
wolfSSL 15:117db924cf7c 33409 WOLFSSL_MSG("No EC key internal set, do it");
wolfSSL 15:117db924cf7c 33410
wolfSSL 15:117db924cf7c 33411 if (SetECKeyInternal(ecdh) != WOLFSSL_SUCCESS) {
wolfSSL 15:117db924cf7c 33412 WOLFSSL_MSG("SetECKeyInternal failed");
wolfSSL 15:117db924cf7c 33413 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 33414 }
wolfSSL 15:117db924cf7c 33415 }
wolfSSL 15:117db924cf7c 33416
wolfSSL 15:117db924cf7c 33417 len = (word32)outlen;
wolfSSL 15:117db924cf7c 33418
wolfSSL 15:117db924cf7c 33419 if (wc_ecc_shared_secret_ssh((ecc_key*)ecdh->internal,
wolfSSL 15:117db924cf7c 33420 (ecc_point*)pub_key->internal,
wolfSSL 15:117db924cf7c 33421 (byte *)out, &len) != MP_OKAY) {
wolfSSL 15:117db924cf7c 33422 WOLFSSL_MSG("wc_ecc_shared_secret failed");
wolfSSL 15:117db924cf7c 33423 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 33424 }
wolfSSL 15:117db924cf7c 33425
wolfSSL 15:117db924cf7c 33426 return len;
wolfSSL 15:117db924cf7c 33427 }
wolfSSL 15:117db924cf7c 33428 /* End ECDH */
wolfSSL 15:117db924cf7c 33429
wolfSSL 15:117db924cf7c 33430 #if !defined(NO_FILESYSTEM)
wolfSSL 15:117db924cf7c 33431 /* return code compliant with OpenSSL :
wolfSSL 15:117db924cf7c 33432 * 1 if success, 0 if error
wolfSSL 15:117db924cf7c 33433 */
wolfSSL 15:117db924cf7c 33434 #ifndef NO_WOLFSSL_STUB
wolfSSL 16:8e0d178b1d1e 33435 int wolfSSL_PEM_write_EC_PUBKEY(XFILE fp, WOLFSSL_EC_KEY *x)
wolfSSL 15:117db924cf7c 33436 {
wolfSSL 15:117db924cf7c 33437 (void)fp;
wolfSSL 15:117db924cf7c 33438 (void)x;
wolfSSL 15:117db924cf7c 33439 WOLFSSL_STUB("PEM_write_EC_PUBKEY");
wolfSSL 15:117db924cf7c 33440 WOLFSSL_MSG("wolfSSL_PEM_write_EC_PUBKEY not implemented");
wolfSSL 15:117db924cf7c 33441
wolfSSL 15:117db924cf7c 33442 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 33443 }
wolfSSL 15:117db924cf7c 33444 #endif
wolfSSL 15:117db924cf7c 33445
wolfSSL 16:8e0d178b1d1e 33446 /* Uses the same format of input as wolfSSL_PEM_read_bio_PrivateKey but expects
wolfSSL 16:8e0d178b1d1e 33447 * the results to be an EC key.
wolfSSL 16:8e0d178b1d1e 33448 *
wolfSSL 16:8e0d178b1d1e 33449 * bio structure to read EC private key from
wolfSSL 16:8e0d178b1d1e 33450 * ec if not null is then set to the result
wolfSSL 16:8e0d178b1d1e 33451 * cb password callback for reading PEM
wolfSSL 16:8e0d178b1d1e 33452 * pass password string
wolfSSL 16:8e0d178b1d1e 33453 *
wolfSSL 16:8e0d178b1d1e 33454 * returns a pointer to a new WOLFSSL_EC_KEY struct on success and NULL on fail
wolfSSL 16:8e0d178b1d1e 33455 */
wolfSSL 16:8e0d178b1d1e 33456
wolfSSL 16:8e0d178b1d1e 33457 WOLFSSL_EC_KEY* wolfSSL_PEM_read_bio_EC_PUBKEY(WOLFSSL_BIO* bio,
wolfSSL 16:8e0d178b1d1e 33458 WOLFSSL_EC_KEY** ec,
wolfSSL 16:8e0d178b1d1e 33459 pem_password_cb* cb, void *pass)
wolfSSL 16:8e0d178b1d1e 33460 {
wolfSSL 16:8e0d178b1d1e 33461 WOLFSSL_EVP_PKEY* pkey;
wolfSSL 16:8e0d178b1d1e 33462 WOLFSSL_EC_KEY* local;
wolfSSL 16:8e0d178b1d1e 33463
wolfSSL 16:8e0d178b1d1e 33464 WOLFSSL_ENTER("wolfSSL_PEM_read_bio_EC_PUBKEY");
wolfSSL 16:8e0d178b1d1e 33465
wolfSSL 16:8e0d178b1d1e 33466 pkey = wolfSSL_PEM_read_bio_PUBKEY(bio, NULL, cb, pass);
wolfSSL 16:8e0d178b1d1e 33467 if (pkey == NULL) {
wolfSSL 16:8e0d178b1d1e 33468 return NULL;
wolfSSL 16:8e0d178b1d1e 33469 }
wolfSSL 16:8e0d178b1d1e 33470
wolfSSL 16:8e0d178b1d1e 33471 /* Since the WOLFSSL_EC_KEY structure is being taken from WOLFSSL_EVP_PKEY the
wolfSSL 16:8e0d178b1d1e 33472 * flag indicating that the WOLFSSL_EC_KEY structure is owned should be FALSE
wolfSSL 16:8e0d178b1d1e 33473 * to avoid having it free'd */
wolfSSL 16:8e0d178b1d1e 33474 pkey->ownEcc = 0;
wolfSSL 16:8e0d178b1d1e 33475 local = pkey->ecc;
wolfSSL 16:8e0d178b1d1e 33476 if (ec != NULL) {
wolfSSL 16:8e0d178b1d1e 33477 *ec = local;
wolfSSL 16:8e0d178b1d1e 33478 }
wolfSSL 16:8e0d178b1d1e 33479
wolfSSL 16:8e0d178b1d1e 33480 wolfSSL_EVP_PKEY_free(pkey);
wolfSSL 16:8e0d178b1d1e 33481 return local;
wolfSSL 16:8e0d178b1d1e 33482 }
wolfSSL 16:8e0d178b1d1e 33483
wolfSSL 16:8e0d178b1d1e 33484 /* Reads a private EC key from a WOLFSSL_BIO into a WOLFSSL_EC_KEY.
wolfSSL 16:8e0d178b1d1e 33485 * Returns WOLFSSL_SUCCESS or WOLFSSL_FAILURE
wolfSSL 16:8e0d178b1d1e 33486 */
wolfSSL 16:8e0d178b1d1e 33487 WOLFSSL_EC_KEY* wolfSSL_PEM_read_bio_ECPrivateKey(WOLFSSL_BIO* bio,
wolfSSL 16:8e0d178b1d1e 33488 WOLFSSL_EC_KEY** ec,
wolfSSL 16:8e0d178b1d1e 33489 pem_password_cb* cb,
wolfSSL 16:8e0d178b1d1e 33490 void *pass)
wolfSSL 16:8e0d178b1d1e 33491 {
wolfSSL 16:8e0d178b1d1e 33492 WOLFSSL_EVP_PKEY* pkey;
wolfSSL 16:8e0d178b1d1e 33493 WOLFSSL_EC_KEY* local;
wolfSSL 16:8e0d178b1d1e 33494
wolfSSL 16:8e0d178b1d1e 33495 WOLFSSL_ENTER("wolfSSL_PEM_read_bio_ECPrivateKey");
wolfSSL 16:8e0d178b1d1e 33496
wolfSSL 16:8e0d178b1d1e 33497 pkey = wolfSSL_PEM_read_bio_PrivateKey(bio, NULL, cb, pass);
wolfSSL 16:8e0d178b1d1e 33498 if (pkey == NULL) {
wolfSSL 16:8e0d178b1d1e 33499 return NULL;
wolfSSL 16:8e0d178b1d1e 33500 }
wolfSSL 16:8e0d178b1d1e 33501
wolfSSL 16:8e0d178b1d1e 33502 /* Since the WOLFSSL_EC_KEY structure is being taken from WOLFSSL_EVP_PKEY the
wolfSSL 16:8e0d178b1d1e 33503 * flag indicating that the WOLFSSL_EC_KEY structure is owned should be FALSE
wolfSSL 16:8e0d178b1d1e 33504 * to avoid having it free'd */
wolfSSL 16:8e0d178b1d1e 33505 pkey->ownEcc = 0;
wolfSSL 16:8e0d178b1d1e 33506 local = pkey->ecc;
wolfSSL 16:8e0d178b1d1e 33507 if (ec != NULL) {
wolfSSL 16:8e0d178b1d1e 33508 *ec = local;
wolfSSL 16:8e0d178b1d1e 33509 }
wolfSSL 16:8e0d178b1d1e 33510
wolfSSL 16:8e0d178b1d1e 33511 wolfSSL_EVP_PKEY_free(pkey);
wolfSSL 16:8e0d178b1d1e 33512 return local;
wolfSSL 16:8e0d178b1d1e 33513 }
wolfSSL 15:117db924cf7c 33514 #endif /* NO_FILESYSTEM */
wolfSSL 15:117db924cf7c 33515
wolfSSL 15:117db924cf7c 33516 #if defined(WOLFSSL_KEY_GEN)
wolfSSL 16:8e0d178b1d1e 33517 /* Takes a public WOLFSSL_EC_KEY and writes it out to WOLFSSL_BIO
wolfSSL 16:8e0d178b1d1e 33518 * Returns WOLFSSL_SUCCESS or WOLFSSL_FAILURE
wolfSSL 16:8e0d178b1d1e 33519 */
wolfSSL 16:8e0d178b1d1e 33520 int wolfSSL_PEM_write_bio_EC_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_EC_KEY* ec)
wolfSSL 16:8e0d178b1d1e 33521 {
wolfSSL 16:8e0d178b1d1e 33522 int ret = 0, der_max_len = 0, derSz = 0;
wolfSSL 16:8e0d178b1d1e 33523 byte *derBuf;
wolfSSL 16:8e0d178b1d1e 33524 WOLFSSL_EVP_PKEY* pkey;
wolfSSL 16:8e0d178b1d1e 33525
wolfSSL 16:8e0d178b1d1e 33526 WOLFSSL_ENTER("wolfSSL_PEM_write_bio_EC_PUBKEY");
wolfSSL 16:8e0d178b1d1e 33527
wolfSSL 16:8e0d178b1d1e 33528 if (bio == NULL || ec == NULL) {
wolfSSL 16:8e0d178b1d1e 33529 WOLFSSL_MSG("Bad Function Arguments");
wolfSSL 16:8e0d178b1d1e 33530 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 33531 }
wolfSSL 16:8e0d178b1d1e 33532
wolfSSL 16:8e0d178b1d1e 33533 /* Initialize pkey structure */
wolfSSL 16:8e0d178b1d1e 33534 pkey = wolfSSL_EVP_PKEY_new_ex(bio->heap);
wolfSSL 16:8e0d178b1d1e 33535 if (pkey == NULL) {
wolfSSL 16:8e0d178b1d1e 33536 WOLFSSL_MSG("wolfSSL_EVP_PKEY_new_ex failed");
wolfSSL 16:8e0d178b1d1e 33537 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 33538 }
wolfSSL 16:8e0d178b1d1e 33539
wolfSSL 16:8e0d178b1d1e 33540 /* Set pkey info */
wolfSSL 16:8e0d178b1d1e 33541 pkey->ecc = ec;
wolfSSL 16:8e0d178b1d1e 33542 pkey->ownEcc = 0; /* pkey does not own ECC */
wolfSSL 16:8e0d178b1d1e 33543 pkey->type = EVP_PKEY_EC;
wolfSSL 16:8e0d178b1d1e 33544
wolfSSL 16:8e0d178b1d1e 33545 /* 4 > size of pub, priv + ASN.1 additional information */
wolfSSL 16:8e0d178b1d1e 33546 der_max_len = 4 * wc_ecc_size((ecc_key*)ec->internal) + AES_BLOCK_SIZE;
wolfSSL 16:8e0d178b1d1e 33547
wolfSSL 16:8e0d178b1d1e 33548 derBuf = (byte*)XMALLOC(der_max_len, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 33549 if (derBuf == NULL) {
wolfSSL 16:8e0d178b1d1e 33550 WOLFSSL_MSG("Malloc failed");
wolfSSL 16:8e0d178b1d1e 33551 wolfSSL_EVP_PKEY_free(pkey);
wolfSSL 16:8e0d178b1d1e 33552 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 33553 }
wolfSSL 16:8e0d178b1d1e 33554
wolfSSL 16:8e0d178b1d1e 33555 /* convert key to der format */
wolfSSL 16:8e0d178b1d1e 33556 derSz = wc_EccPublicKeyToDer((ecc_key*)ec->internal, derBuf, der_max_len, 1);
wolfSSL 16:8e0d178b1d1e 33557 if (derSz < 0) {
wolfSSL 16:8e0d178b1d1e 33558 WOLFSSL_MSG("wc_EccPublicKeyToDer failed");
wolfSSL 16:8e0d178b1d1e 33559 XFREE(derBuf, NULL, DYNAMIC_TYPE_DER);
wolfSSL 16:8e0d178b1d1e 33560 wolfSSL_EVP_PKEY_free(pkey);
wolfSSL 16:8e0d178b1d1e 33561 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 33562 }
wolfSSL 16:8e0d178b1d1e 33563
wolfSSL 16:8e0d178b1d1e 33564 pkey->pkey.ptr = (char*)XMALLOC(derSz, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 33565 if (pkey->pkey.ptr == NULL) {
wolfSSL 16:8e0d178b1d1e 33566 WOLFSSL_MSG("key malloc failed");
wolfSSL 16:8e0d178b1d1e 33567 XFREE(derBuf, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 33568 wolfSSL_EVP_PKEY_free(pkey);
wolfSSL 16:8e0d178b1d1e 33569 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 33570 }
wolfSSL 16:8e0d178b1d1e 33571
wolfSSL 16:8e0d178b1d1e 33572 /* add der info to the evp key */
wolfSSL 16:8e0d178b1d1e 33573 pkey->pkey_sz = derSz;
wolfSSL 16:8e0d178b1d1e 33574 XMEMCPY(pkey->pkey.ptr, derBuf, derSz);
wolfSSL 16:8e0d178b1d1e 33575 XFREE(derBuf, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 33576
wolfSSL 16:8e0d178b1d1e 33577 if((ret = wolfSSL_PEM_write_bio_PUBKEY(bio, pkey)) != WOLFSSL_SUCCESS){
wolfSSL 16:8e0d178b1d1e 33578 WOLFSSL_MSG("wolfSSL_PEM_write_bio_PUBKEY failed");
wolfSSL 16:8e0d178b1d1e 33579 }
wolfSSL 16:8e0d178b1d1e 33580 wolfSSL_EVP_PKEY_free(pkey);
wolfSSL 16:8e0d178b1d1e 33581
wolfSSL 16:8e0d178b1d1e 33582 return ret;
wolfSSL 16:8e0d178b1d1e 33583 }
wolfSSL 15:117db924cf7c 33584
wolfSSL 15:117db924cf7c 33585 /* return code compliant with OpenSSL :
wolfSSL 15:117db924cf7c 33586 * 1 if success, 0 if error
wolfSSL 15:117db924cf7c 33587 */
wolfSSL 16:8e0d178b1d1e 33588 int wolfSSL_PEM_write_bio_ECPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EC_KEY* ec,
wolfSSL 15:117db924cf7c 33589 const EVP_CIPHER* cipher,
wolfSSL 15:117db924cf7c 33590 unsigned char* passwd, int len,
wolfSSL 15:117db924cf7c 33591 pem_password_cb* cb, void* arg)
wolfSSL 15:117db924cf7c 33592 {
wolfSSL 16:8e0d178b1d1e 33593 int ret = 0, der_max_len = 0, derSz = 0;
wolfSSL 16:8e0d178b1d1e 33594 byte *derBuf;
wolfSSL 16:8e0d178b1d1e 33595 WOLFSSL_EVP_PKEY* pkey;
wolfSSL 16:8e0d178b1d1e 33596 WOLFSSL_ENTER("WOLFSSL_PEM_write_bio_ECPrivateKey");
wolfSSL 16:8e0d178b1d1e 33597
wolfSSL 16:8e0d178b1d1e 33598 if (bio == NULL || ec == NULL) {
wolfSSL 16:8e0d178b1d1e 33599 WOLFSSL_MSG("Bad Function Arguments");
wolfSSL 16:8e0d178b1d1e 33600 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 33601 }
wolfSSL 16:8e0d178b1d1e 33602
wolfSSL 16:8e0d178b1d1e 33603 /* Initialize pkey structure */
wolfSSL 16:8e0d178b1d1e 33604 pkey = wolfSSL_EVP_PKEY_new_ex(bio->heap);
wolfSSL 16:8e0d178b1d1e 33605 if (pkey == NULL) {
wolfSSL 16:8e0d178b1d1e 33606 WOLFSSL_MSG("wolfSSL_EVP_PKEY_new_ex failed");
wolfSSL 16:8e0d178b1d1e 33607 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 33608 }
wolfSSL 16:8e0d178b1d1e 33609
wolfSSL 16:8e0d178b1d1e 33610 /* Set pkey info */
wolfSSL 16:8e0d178b1d1e 33611 pkey->ecc = ec;
wolfSSL 16:8e0d178b1d1e 33612 pkey->ownEcc = 0; /* pkey does not own ECC */
wolfSSL 16:8e0d178b1d1e 33613 pkey->type = EVP_PKEY_EC;
wolfSSL 16:8e0d178b1d1e 33614
wolfSSL 16:8e0d178b1d1e 33615 /* 4 > size of pub, priv + ASN.1 additional informations
wolfSSL 16:8e0d178b1d1e 33616 */
wolfSSL 16:8e0d178b1d1e 33617 der_max_len = 4 * wc_ecc_size((ecc_key*)ec->internal) + AES_BLOCK_SIZE;
wolfSSL 16:8e0d178b1d1e 33618
wolfSSL 16:8e0d178b1d1e 33619 derBuf = (byte*)XMALLOC(der_max_len, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 33620 if (derBuf == NULL) {
wolfSSL 16:8e0d178b1d1e 33621 WOLFSSL_MSG("Malloc failed");
wolfSSL 16:8e0d178b1d1e 33622 wolfSSL_EVP_PKEY_free(pkey);
wolfSSL 16:8e0d178b1d1e 33623 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 33624 }
wolfSSL 16:8e0d178b1d1e 33625
wolfSSL 16:8e0d178b1d1e 33626 /* convert key to der format */
wolfSSL 16:8e0d178b1d1e 33627 derSz = wc_EccKeyToDer((ecc_key*)ec->internal, derBuf, der_max_len);
wolfSSL 16:8e0d178b1d1e 33628 if (derSz < 0) {
wolfSSL 16:8e0d178b1d1e 33629 WOLFSSL_MSG("wc_EccKeyToDer failed");
wolfSSL 16:8e0d178b1d1e 33630 XFREE(derBuf, NULL, DYNAMIC_TYPE_DER);
wolfSSL 16:8e0d178b1d1e 33631 wolfSSL_EVP_PKEY_free(pkey);
wolfSSL 16:8e0d178b1d1e 33632 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 33633 }
wolfSSL 16:8e0d178b1d1e 33634
wolfSSL 16:8e0d178b1d1e 33635 pkey->pkey.ptr = (char*)XMALLOC(derSz, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 33636 if (pkey->pkey.ptr == NULL) {
wolfSSL 16:8e0d178b1d1e 33637 WOLFSSL_MSG("key malloc failed");
wolfSSL 16:8e0d178b1d1e 33638 XFREE(derBuf, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 33639 wolfSSL_EVP_PKEY_free(pkey);
wolfSSL 16:8e0d178b1d1e 33640 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 33641 }
wolfSSL 16:8e0d178b1d1e 33642
wolfSSL 16:8e0d178b1d1e 33643 /* add der info to the evp key */
wolfSSL 16:8e0d178b1d1e 33644 pkey->pkey_sz = derSz;
wolfSSL 16:8e0d178b1d1e 33645 XMEMCPY(pkey->pkey.ptr, derBuf, derSz);
wolfSSL 16:8e0d178b1d1e 33646 XFREE(derBuf, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 33647
wolfSSL 16:8e0d178b1d1e 33648 ret = wolfSSL_PEM_write_bio_PrivateKey(bio, pkey, cipher, passwd, len,
wolfSSL 16:8e0d178b1d1e 33649 cb, arg);
wolfSSL 16:8e0d178b1d1e 33650 wolfSSL_EVP_PKEY_free(pkey);
wolfSSL 16:8e0d178b1d1e 33651
wolfSSL 16:8e0d178b1d1e 33652 return ret;
wolfSSL 16:8e0d178b1d1e 33653 }
wolfSSL 15:117db924cf7c 33654
wolfSSL 15:117db924cf7c 33655 /* return code compliant with OpenSSL :
wolfSSL 15:117db924cf7c 33656 * 1 if success, 0 if error
wolfSSL 15:117db924cf7c 33657 */
wolfSSL 15:117db924cf7c 33658 int wolfSSL_PEM_write_mem_ECPrivateKey(WOLFSSL_EC_KEY* ecc,
wolfSSL 15:117db924cf7c 33659 const EVP_CIPHER* cipher,
wolfSSL 15:117db924cf7c 33660 unsigned char* passwd, int passwdSz,
wolfSSL 15:117db924cf7c 33661 unsigned char **pem, int *plen)
wolfSSL 15:117db924cf7c 33662 {
wolfSSL 15:117db924cf7c 33663 #if defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM)
wolfSSL 15:117db924cf7c 33664 byte *derBuf, *tmp, *cipherInfo = NULL;
wolfSSL 15:117db924cf7c 33665 int der_max_len = 0, derSz = 0;
wolfSSL 15:117db924cf7c 33666 const int type = ECC_PRIVATEKEY_TYPE;
wolfSSL 15:117db924cf7c 33667 const char* header = NULL;
wolfSSL 15:117db924cf7c 33668 const char* footer = NULL;
wolfSSL 15:117db924cf7c 33669
wolfSSL 15:117db924cf7c 33670 WOLFSSL_MSG("wolfSSL_PEM_write_mem_ECPrivateKey");
wolfSSL 15:117db924cf7c 33671
wolfSSL 15:117db924cf7c 33672 if (pem == NULL || plen == NULL || ecc == NULL || ecc->internal == NULL) {
wolfSSL 15:117db924cf7c 33673 WOLFSSL_MSG("Bad function arguments");
wolfSSL 15:117db924cf7c 33674 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 33675 }
wolfSSL 15:117db924cf7c 33676
wolfSSL 15:117db924cf7c 33677 if (wc_PemGetHeaderFooter(type, &header, &footer) != 0)
wolfSSL 15:117db924cf7c 33678 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 33679
wolfSSL 15:117db924cf7c 33680 if (ecc->inSet == 0) {
wolfSSL 15:117db924cf7c 33681 WOLFSSL_MSG("No ECC internal set, do it");
wolfSSL 15:117db924cf7c 33682
wolfSSL 15:117db924cf7c 33683 if (SetECKeyInternal(ecc) != WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 33684 WOLFSSL_MSG("SetECKeyInternal failed");
wolfSSL 16:8e0d178b1d1e 33685 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 33686 }
wolfSSL 16:8e0d178b1d1e 33687 }
wolfSSL 16:8e0d178b1d1e 33688
wolfSSL 16:8e0d178b1d1e 33689 /* 4 > size of pub, priv + ASN.1 additional information */
wolfSSL 15:117db924cf7c 33690 der_max_len = 4 * wc_ecc_size((ecc_key*)ecc->internal) + AES_BLOCK_SIZE;
wolfSSL 15:117db924cf7c 33691
wolfSSL 15:117db924cf7c 33692 derBuf = (byte*)XMALLOC(der_max_len, NULL, DYNAMIC_TYPE_DER);
wolfSSL 15:117db924cf7c 33693 if (derBuf == NULL) {
wolfSSL 15:117db924cf7c 33694 WOLFSSL_MSG("malloc failed");
wolfSSL 15:117db924cf7c 33695 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 33696 }
wolfSSL 15:117db924cf7c 33697
wolfSSL 15:117db924cf7c 33698 /* Key to DER */
wolfSSL 15:117db924cf7c 33699 derSz = wc_EccKeyToDer((ecc_key*)ecc->internal, derBuf, der_max_len);
wolfSSL 15:117db924cf7c 33700 if (derSz < 0) {
wolfSSL 16:8e0d178b1d1e 33701 WOLFSSL_MSG("wc_EccKeyToDer failed");
wolfSSL 15:117db924cf7c 33702 XFREE(derBuf, NULL, DYNAMIC_TYPE_DER);
wolfSSL 15:117db924cf7c 33703 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 33704 }
wolfSSL 15:117db924cf7c 33705
wolfSSL 15:117db924cf7c 33706 /* encrypt DER buffer if required */
wolfSSL 15:117db924cf7c 33707 if (passwd != NULL && passwdSz > 0 && cipher != NULL) {
wolfSSL 15:117db924cf7c 33708 int ret;
wolfSSL 15:117db924cf7c 33709
wolfSSL 15:117db924cf7c 33710 ret = EncryptDerKey(derBuf, &derSz, cipher,
wolfSSL 15:117db924cf7c 33711 passwd, passwdSz, &cipherInfo);
wolfSSL 15:117db924cf7c 33712 if (ret != WOLFSSL_SUCCESS) {
wolfSSL 15:117db924cf7c 33713 WOLFSSL_MSG("EncryptDerKey failed");
wolfSSL 15:117db924cf7c 33714 XFREE(derBuf, NULL, DYNAMIC_TYPE_DER);
wolfSSL 15:117db924cf7c 33715 return ret;
wolfSSL 15:117db924cf7c 33716 }
wolfSSL 15:117db924cf7c 33717
wolfSSL 15:117db924cf7c 33718 /* tmp buffer with a max size */
wolfSSL 15:117db924cf7c 33719 *plen = (derSz * 2) + (int)XSTRLEN(header) + 1 +
wolfSSL 15:117db924cf7c 33720 (int)XSTRLEN(footer) + 1 + HEADER_ENCRYPTED_KEY_SIZE;
wolfSSL 15:117db924cf7c 33721 }
wolfSSL 15:117db924cf7c 33722 else { /* tmp buffer with a max size */
wolfSSL 15:117db924cf7c 33723 *plen = (derSz * 2) + (int)XSTRLEN(header) + 1 +
wolfSSL 15:117db924cf7c 33724 (int)XSTRLEN(footer) + 1;
wolfSSL 15:117db924cf7c 33725 }
wolfSSL 15:117db924cf7c 33726
wolfSSL 15:117db924cf7c 33727 tmp = (byte*)XMALLOC(*plen, NULL, DYNAMIC_TYPE_PEM);
wolfSSL 15:117db924cf7c 33728 if (tmp == NULL) {
wolfSSL 15:117db924cf7c 33729 WOLFSSL_MSG("malloc failed");
wolfSSL 15:117db924cf7c 33730 XFREE(derBuf, NULL, DYNAMIC_TYPE_DER);
wolfSSL 15:117db924cf7c 33731 if (cipherInfo != NULL)
wolfSSL 15:117db924cf7c 33732 XFREE(cipherInfo, NULL, DYNAMIC_TYPE_STRING);
wolfSSL 15:117db924cf7c 33733 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 33734 }
wolfSSL 15:117db924cf7c 33735
wolfSSL 15:117db924cf7c 33736 /* DER to PEM */
wolfSSL 15:117db924cf7c 33737 *plen = wc_DerToPemEx(derBuf, derSz, tmp, *plen, cipherInfo, type);
wolfSSL 15:117db924cf7c 33738 if (*plen <= 0) {
wolfSSL 15:117db924cf7c 33739 WOLFSSL_MSG("wc_DerToPemEx failed");
wolfSSL 15:117db924cf7c 33740 XFREE(derBuf, NULL, DYNAMIC_TYPE_DER);
wolfSSL 15:117db924cf7c 33741 XFREE(tmp, NULL, DYNAMIC_TYPE_PEM);
wolfSSL 15:117db924cf7c 33742 if (cipherInfo != NULL)
wolfSSL 15:117db924cf7c 33743 XFREE(cipherInfo, NULL, DYNAMIC_TYPE_STRING);
wolfSSL 15:117db924cf7c 33744 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 33745 }
wolfSSL 15:117db924cf7c 33746 XFREE(derBuf, NULL, DYNAMIC_TYPE_DER);
wolfSSL 15:117db924cf7c 33747 if (cipherInfo != NULL)
wolfSSL 15:117db924cf7c 33748 XFREE(cipherInfo, NULL, DYNAMIC_TYPE_STRING);
wolfSSL 15:117db924cf7c 33749
wolfSSL 15:117db924cf7c 33750 *pem = (byte*)XMALLOC((*plen)+1, NULL, DYNAMIC_TYPE_KEY);
wolfSSL 15:117db924cf7c 33751 if (*pem == NULL) {
wolfSSL 15:117db924cf7c 33752 WOLFSSL_MSG("malloc failed");
wolfSSL 15:117db924cf7c 33753 XFREE(tmp, NULL, DYNAMIC_TYPE_PEM);
wolfSSL 15:117db924cf7c 33754 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 33755 }
wolfSSL 15:117db924cf7c 33756 XMEMSET(*pem, 0, (*plen)+1);
wolfSSL 15:117db924cf7c 33757
wolfSSL 15:117db924cf7c 33758 if (XMEMCPY(*pem, tmp, *plen) == NULL) {
wolfSSL 15:117db924cf7c 33759 WOLFSSL_MSG("XMEMCPY failed");
wolfSSL 15:117db924cf7c 33760 XFREE(pem, NULL, DYNAMIC_TYPE_KEY);
wolfSSL 15:117db924cf7c 33761 XFREE(tmp, NULL, DYNAMIC_TYPE_PEM);
wolfSSL 15:117db924cf7c 33762 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 33763 }
wolfSSL 15:117db924cf7c 33764 XFREE(tmp, NULL, DYNAMIC_TYPE_PEM);
wolfSSL 15:117db924cf7c 33765
wolfSSL 15:117db924cf7c 33766 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 33767 #else
wolfSSL 15:117db924cf7c 33768 (void)ecc;
wolfSSL 15:117db924cf7c 33769 (void)cipher;
wolfSSL 15:117db924cf7c 33770 (void)passwd;
wolfSSL 15:117db924cf7c 33771 (void)passwdSz;
wolfSSL 15:117db924cf7c 33772 (void)pem;
wolfSSL 15:117db924cf7c 33773 (void)plen;
wolfSSL 15:117db924cf7c 33774 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 33775 #endif /* WOLFSSL_PEM_TO_DER || WOLFSSL_DER_TO_PEM */
wolfSSL 15:117db924cf7c 33776 }
wolfSSL 15:117db924cf7c 33777
wolfSSL 15:117db924cf7c 33778 #ifndef NO_FILESYSTEM
wolfSSL 15:117db924cf7c 33779 /* return code compliant with OpenSSL :
wolfSSL 15:117db924cf7c 33780 * 1 if success, 0 if error
wolfSSL 15:117db924cf7c 33781 */
wolfSSL 16:8e0d178b1d1e 33782 int wolfSSL_PEM_write_ECPrivateKey(XFILE fp, WOLFSSL_EC_KEY *ecc,
wolfSSL 15:117db924cf7c 33783 const EVP_CIPHER *enc,
wolfSSL 15:117db924cf7c 33784 unsigned char *kstr, int klen,
wolfSSL 15:117db924cf7c 33785 pem_password_cb *cb, void *u)
wolfSSL 15:117db924cf7c 33786 {
wolfSSL 15:117db924cf7c 33787 byte *pem;
wolfSSL 15:117db924cf7c 33788 int plen, ret;
wolfSSL 15:117db924cf7c 33789
wolfSSL 15:117db924cf7c 33790 (void)cb;
wolfSSL 15:117db924cf7c 33791 (void)u;
wolfSSL 15:117db924cf7c 33792
wolfSSL 15:117db924cf7c 33793 WOLFSSL_MSG("wolfSSL_PEM_write_ECPrivateKey");
wolfSSL 15:117db924cf7c 33794
wolfSSL 16:8e0d178b1d1e 33795 if (fp == XBADFILE || ecc == NULL || ecc->internal == NULL) {
wolfSSL 15:117db924cf7c 33796 WOLFSSL_MSG("Bad function arguments");
wolfSSL 15:117db924cf7c 33797 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 33798 }
wolfSSL 15:117db924cf7c 33799
wolfSSL 15:117db924cf7c 33800 ret = wolfSSL_PEM_write_mem_ECPrivateKey(ecc, enc, kstr, klen, &pem, &plen);
wolfSSL 15:117db924cf7c 33801 if (ret != WOLFSSL_SUCCESS) {
wolfSSL 15:117db924cf7c 33802 WOLFSSL_MSG("wolfSSL_PEM_write_mem_ECPrivateKey failed");
wolfSSL 15:117db924cf7c 33803 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 33804 }
wolfSSL 15:117db924cf7c 33805
wolfSSL 15:117db924cf7c 33806 ret = (int)XFWRITE(pem, plen, 1, fp);
wolfSSL 15:117db924cf7c 33807 if (ret != 1) {
wolfSSL 15:117db924cf7c 33808 WOLFSSL_MSG("ECC private key file write failed");
wolfSSL 15:117db924cf7c 33809 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 33810 }
wolfSSL 15:117db924cf7c 33811
wolfSSL 15:117db924cf7c 33812 XFREE(pem, NULL, DYNAMIC_TYPE_KEY);
wolfSSL 15:117db924cf7c 33813 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 33814 }
wolfSSL 15:117db924cf7c 33815
wolfSSL 15:117db924cf7c 33816 #endif /* NO_FILESYSTEM */
wolfSSL 15:117db924cf7c 33817 #endif /* defined(WOLFSSL_KEY_GEN) */
wolfSSL 15:117db924cf7c 33818
wolfSSL 15:117db924cf7c 33819 #endif /* HAVE_ECC */
wolfSSL 15:117db924cf7c 33820
wolfSSL 15:117db924cf7c 33821
wolfSSL 15:117db924cf7c 33822 #ifndef NO_DSA
wolfSSL 15:117db924cf7c 33823
wolfSSL 15:117db924cf7c 33824 #if defined(WOLFSSL_KEY_GEN)
wolfSSL 15:117db924cf7c 33825
wolfSSL 16:8e0d178b1d1e 33826 /* Takes a DSA Privatekey and writes it out to a WOLFSSL_BIO
wolfSSL 16:8e0d178b1d1e 33827 * Returns WOLFSSL_SUCCESS or WOLFSSL_FAILURE
wolfSSL 15:117db924cf7c 33828 */
wolfSSL 15:117db924cf7c 33829 int wolfSSL_PEM_write_bio_DSAPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_DSA* dsa,
wolfSSL 15:117db924cf7c 33830 const EVP_CIPHER* cipher,
wolfSSL 15:117db924cf7c 33831 unsigned char* passwd, int len,
wolfSSL 15:117db924cf7c 33832 pem_password_cb* cb, void* arg)
wolfSSL 15:117db924cf7c 33833 {
wolfSSL 16:8e0d178b1d1e 33834 int ret = 0, der_max_len = 0, derSz = 0;
wolfSSL 16:8e0d178b1d1e 33835 byte *derBuf;
wolfSSL 16:8e0d178b1d1e 33836 WOLFSSL_EVP_PKEY* pkey;
wolfSSL 16:8e0d178b1d1e 33837
wolfSSL 16:8e0d178b1d1e 33838 WOLFSSL_ENTER("wolfSSL_PEM_write_bio_DSAPrivateKey");
wolfSSL 16:8e0d178b1d1e 33839
wolfSSL 16:8e0d178b1d1e 33840 if (bio == NULL || dsa == NULL) {
wolfSSL 16:8e0d178b1d1e 33841 WOLFSSL_MSG("Bad Function Arguments");
wolfSSL 16:8e0d178b1d1e 33842 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 33843 }
wolfSSL 16:8e0d178b1d1e 33844
wolfSSL 16:8e0d178b1d1e 33845 pkey = wolfSSL_EVP_PKEY_new_ex(bio->heap);
wolfSSL 16:8e0d178b1d1e 33846 if (pkey == NULL) {
wolfSSL 16:8e0d178b1d1e 33847 WOLFSSL_MSG("wolfSSL_EVP_PKEY_new_ex failed");
wolfSSL 16:8e0d178b1d1e 33848 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 33849 }
wolfSSL 16:8e0d178b1d1e 33850
wolfSSL 16:8e0d178b1d1e 33851 pkey->type = EVP_PKEY_DSA;
wolfSSL 16:8e0d178b1d1e 33852 pkey->dsa = dsa;
wolfSSL 16:8e0d178b1d1e 33853 pkey->ownDsa = 0;
wolfSSL 16:8e0d178b1d1e 33854
wolfSSL 16:8e0d178b1d1e 33855 /* 4 > size of pub, priv, p, q, g + ASN.1 additional information */
wolfSSL 16:8e0d178b1d1e 33856 der_max_len = 4 * wolfSSL_BN_num_bytes(dsa->g) + AES_BLOCK_SIZE;
wolfSSL 16:8e0d178b1d1e 33857
wolfSSL 16:8e0d178b1d1e 33858 derBuf = (byte*)XMALLOC(der_max_len, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 33859 if (derBuf == NULL) {
wolfSSL 16:8e0d178b1d1e 33860 WOLFSSL_MSG("Malloc failed");
wolfSSL 16:8e0d178b1d1e 33861 wolfSSL_EVP_PKEY_free(pkey);
wolfSSL 16:8e0d178b1d1e 33862 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 33863 }
wolfSSL 16:8e0d178b1d1e 33864
wolfSSL 16:8e0d178b1d1e 33865 /* convert key to der format */
wolfSSL 16:8e0d178b1d1e 33866 derSz = wc_DsaKeyToDer((DsaKey*)dsa->internal, derBuf, der_max_len);
wolfSSL 16:8e0d178b1d1e 33867 if (derSz < 0) {
wolfSSL 16:8e0d178b1d1e 33868 WOLFSSL_MSG("wc_DsaKeyToDer failed");
wolfSSL 16:8e0d178b1d1e 33869 XFREE(derBuf, NULL, DYNAMIC_TYPE_DER);
wolfSSL 16:8e0d178b1d1e 33870 wolfSSL_EVP_PKEY_free(pkey);
wolfSSL 16:8e0d178b1d1e 33871 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 33872 }
wolfSSL 16:8e0d178b1d1e 33873
wolfSSL 16:8e0d178b1d1e 33874 pkey->pkey.ptr = (char*)XMALLOC(derSz, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 33875 if (pkey->pkey.ptr == NULL) {
wolfSSL 16:8e0d178b1d1e 33876 WOLFSSL_MSG("key malloc failed");
wolfSSL 16:8e0d178b1d1e 33877 XFREE(derBuf, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 33878 wolfSSL_EVP_PKEY_free(pkey);
wolfSSL 16:8e0d178b1d1e 33879 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 33880 }
wolfSSL 16:8e0d178b1d1e 33881
wolfSSL 16:8e0d178b1d1e 33882 /* add der info to the evp key */
wolfSSL 16:8e0d178b1d1e 33883 pkey->pkey_sz = derSz;
wolfSSL 16:8e0d178b1d1e 33884 XMEMCPY(pkey->pkey.ptr, derBuf, derSz);
wolfSSL 16:8e0d178b1d1e 33885 XFREE(derBuf, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 33886
wolfSSL 16:8e0d178b1d1e 33887 ret = wolfSSL_PEM_write_bio_PrivateKey(bio, pkey, cipher, passwd, len,
wolfSSL 16:8e0d178b1d1e 33888 cb, arg);
wolfSSL 16:8e0d178b1d1e 33889 wolfSSL_EVP_PKEY_free(pkey);
wolfSSL 16:8e0d178b1d1e 33890
wolfSSL 16:8e0d178b1d1e 33891 return ret;
wolfSSL 16:8e0d178b1d1e 33892 }
wolfSSL 16:8e0d178b1d1e 33893
wolfSSL 16:8e0d178b1d1e 33894 #ifndef HAVE_SELFTEST
wolfSSL 16:8e0d178b1d1e 33895 /* Takes a DSA public key and writes it out to a WOLFSSL_BIO
wolfSSL 16:8e0d178b1d1e 33896 * Returns WOLFSSL_SUCCESS or WOLFSSL_FAILURE
wolfSSL 16:8e0d178b1d1e 33897 */
wolfSSL 16:8e0d178b1d1e 33898 int wolfSSL_PEM_write_bio_DSA_PUBKEY(WOLFSSL_BIO* bio, WOLFSSL_DSA* dsa)
wolfSSL 16:8e0d178b1d1e 33899 {
wolfSSL 16:8e0d178b1d1e 33900 int ret = 0, derMax = 0, derSz = 0;
wolfSSL 16:8e0d178b1d1e 33901 byte *derBuf;
wolfSSL 16:8e0d178b1d1e 33902 WOLFSSL_EVP_PKEY* pkey;
wolfSSL 16:8e0d178b1d1e 33903
wolfSSL 16:8e0d178b1d1e 33904 WOLFSSL_ENTER("wolfSSL_PEM_write_bio_DSA_PUBKEY");
wolfSSL 16:8e0d178b1d1e 33905
wolfSSL 16:8e0d178b1d1e 33906 if (bio == NULL || dsa == NULL) {
wolfSSL 16:8e0d178b1d1e 33907 WOLFSSL_MSG("Bad function arguements");
wolfSSL 16:8e0d178b1d1e 33908 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 33909 }
wolfSSL 16:8e0d178b1d1e 33910
wolfSSL 16:8e0d178b1d1e 33911 pkey = wolfSSL_EVP_PKEY_new_ex(bio->heap);
wolfSSL 16:8e0d178b1d1e 33912 if (pkey == NULL) {
wolfSSL 16:8e0d178b1d1e 33913 WOLFSSL_MSG("wolfSSL_EVP_PKEY_new_ex failed");
wolfSSL 16:8e0d178b1d1e 33914 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 33915 }
wolfSSL 16:8e0d178b1d1e 33916
wolfSSL 16:8e0d178b1d1e 33917 pkey->type = EVP_PKEY_DSA;
wolfSSL 16:8e0d178b1d1e 33918 pkey->dsa = dsa;
wolfSSL 16:8e0d178b1d1e 33919 pkey->ownDsa = 0;
wolfSSL 16:8e0d178b1d1e 33920
wolfSSL 16:8e0d178b1d1e 33921 /* 4 > size of pub, priv, p, q, g + ASN.1 additional information */
wolfSSL 16:8e0d178b1d1e 33922 derMax = 4 * wolfSSL_BN_num_bytes(dsa->g) + AES_BLOCK_SIZE;
wolfSSL 16:8e0d178b1d1e 33923
wolfSSL 16:8e0d178b1d1e 33924 derBuf = (byte*)XMALLOC(derMax, bio->heap, DYNAMIC_TYPE_DER);
wolfSSL 16:8e0d178b1d1e 33925 if (derBuf == NULL) {
wolfSSL 16:8e0d178b1d1e 33926 WOLFSSL_MSG("malloc failed");
wolfSSL 16:8e0d178b1d1e 33927 wolfSSL_EVP_PKEY_free(pkey);
wolfSSL 16:8e0d178b1d1e 33928 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 33929 }
wolfSSL 16:8e0d178b1d1e 33930
wolfSSL 16:8e0d178b1d1e 33931 /* Key to DER */
wolfSSL 16:8e0d178b1d1e 33932 derSz = wc_DsaKeyToPublicDer((DsaKey*)dsa->internal, derBuf, derMax);
wolfSSL 16:8e0d178b1d1e 33933 if (derSz < 0) {
wolfSSL 16:8e0d178b1d1e 33934 WOLFSSL_MSG("wc_DsaKeyToDer failed");
wolfSSL 16:8e0d178b1d1e 33935 XFREE(derBuf, bio->heap, DYNAMIC_TYPE_DER);
wolfSSL 16:8e0d178b1d1e 33936 wolfSSL_EVP_PKEY_free(pkey);
wolfSSL 16:8e0d178b1d1e 33937 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 33938 }
wolfSSL 16:8e0d178b1d1e 33939
wolfSSL 16:8e0d178b1d1e 33940 pkey->pkey.ptr = (char*)XMALLOC(derSz, bio->heap, DYNAMIC_TYPE_DER);
wolfSSL 16:8e0d178b1d1e 33941
wolfSSL 16:8e0d178b1d1e 33942 if (pkey->pkey.ptr == NULL) {
wolfSSL 16:8e0d178b1d1e 33943 WOLFSSL_MSG("key malloc failed");
wolfSSL 16:8e0d178b1d1e 33944 XFREE(derBuf, bio->heap, DYNAMIC_TYPE_DER);
wolfSSL 16:8e0d178b1d1e 33945 wolfSSL_EVP_PKEY_free(pkey);
wolfSSL 16:8e0d178b1d1e 33946 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 33947 }
wolfSSL 16:8e0d178b1d1e 33948 pkey->pkey_sz = derSz;
wolfSSL 16:8e0d178b1d1e 33949 XMEMSET(pkey->pkey.ptr, 0, derSz);
wolfSSL 16:8e0d178b1d1e 33950
wolfSSL 16:8e0d178b1d1e 33951 if (XMEMCPY(pkey->pkey.ptr, derBuf, derSz) == NULL) {
wolfSSL 16:8e0d178b1d1e 33952 WOLFSSL_MSG("XMEMCPY failed");
wolfSSL 16:8e0d178b1d1e 33953 XFREE(derBuf, bio->heap, DYNAMIC_TYPE_DER);
wolfSSL 16:8e0d178b1d1e 33954 XFREE(pkey->pkey.ptr, bio->heap, DYNAMIC_TYPE_DER);
wolfSSL 16:8e0d178b1d1e 33955 wolfSSL_EVP_PKEY_free(pkey);
wolfSSL 16:8e0d178b1d1e 33956 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 33957 }
wolfSSL 16:8e0d178b1d1e 33958 XFREE(derBuf, bio->heap, DYNAMIC_TYPE_DER);
wolfSSL 16:8e0d178b1d1e 33959 ret = wolfSSL_PEM_write_bio_PUBKEY(bio, pkey);
wolfSSL 16:8e0d178b1d1e 33960 wolfSSL_EVP_PKEY_free(pkey);
wolfSSL 16:8e0d178b1d1e 33961 return ret;
wolfSSL 16:8e0d178b1d1e 33962 }
wolfSSL 16:8e0d178b1d1e 33963 #endif /* HAVE_SELFTEST */
wolfSSL 15:117db924cf7c 33964
wolfSSL 15:117db924cf7c 33965 /* return code compliant with OpenSSL :
wolfSSL 15:117db924cf7c 33966 * 1 if success, 0 if error
wolfSSL 15:117db924cf7c 33967 */
wolfSSL 15:117db924cf7c 33968 int wolfSSL_PEM_write_mem_DSAPrivateKey(WOLFSSL_DSA* dsa,
wolfSSL 15:117db924cf7c 33969 const EVP_CIPHER* cipher,
wolfSSL 15:117db924cf7c 33970 unsigned char* passwd, int passwdSz,
wolfSSL 15:117db924cf7c 33971 unsigned char **pem, int *plen)
wolfSSL 15:117db924cf7c 33972 {
wolfSSL 15:117db924cf7c 33973 #if defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM)
wolfSSL 15:117db924cf7c 33974 byte *derBuf, *tmp, *cipherInfo = NULL;
wolfSSL 15:117db924cf7c 33975 int der_max_len = 0, derSz = 0;
wolfSSL 15:117db924cf7c 33976 const int type = DSA_PRIVATEKEY_TYPE;
wolfSSL 15:117db924cf7c 33977 const char* header = NULL;
wolfSSL 15:117db924cf7c 33978 const char* footer = NULL;
wolfSSL 15:117db924cf7c 33979
wolfSSL 15:117db924cf7c 33980 WOLFSSL_MSG("wolfSSL_PEM_write_mem_DSAPrivateKey");
wolfSSL 15:117db924cf7c 33981
wolfSSL 15:117db924cf7c 33982 if (pem == NULL || plen == NULL || dsa == NULL || dsa->internal == NULL) {
wolfSSL 15:117db924cf7c 33983 WOLFSSL_MSG("Bad function arguments");
wolfSSL 15:117db924cf7c 33984 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 33985 }
wolfSSL 15:117db924cf7c 33986
wolfSSL 15:117db924cf7c 33987 if (wc_PemGetHeaderFooter(type, &header, &footer) != 0)
wolfSSL 15:117db924cf7c 33988 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 33989
wolfSSL 15:117db924cf7c 33990 if (dsa->inSet == 0) {
wolfSSL 15:117db924cf7c 33991 WOLFSSL_MSG("No DSA internal set, do it");
wolfSSL 15:117db924cf7c 33992
wolfSSL 15:117db924cf7c 33993 if (SetDsaInternal(dsa) != WOLFSSL_SUCCESS) {
wolfSSL 15:117db924cf7c 33994 WOLFSSL_MSG("SetDsaInternal failed");
wolfSSL 15:117db924cf7c 33995 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 33996 }
wolfSSL 15:117db924cf7c 33997 }
wolfSSL 15:117db924cf7c 33998
wolfSSL 16:8e0d178b1d1e 33999 /* 4 > size of pub, priv, p, q, g + ASN.1 additional information */
wolfSSL 15:117db924cf7c 34000 der_max_len = 4 * wolfSSL_BN_num_bytes(dsa->g) + AES_BLOCK_SIZE;
wolfSSL 15:117db924cf7c 34001
wolfSSL 15:117db924cf7c 34002 derBuf = (byte*)XMALLOC(der_max_len, NULL, DYNAMIC_TYPE_DER);
wolfSSL 15:117db924cf7c 34003 if (derBuf == NULL) {
wolfSSL 15:117db924cf7c 34004 WOLFSSL_MSG("malloc failed");
wolfSSL 15:117db924cf7c 34005 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 34006 }
wolfSSL 15:117db924cf7c 34007
wolfSSL 15:117db924cf7c 34008 /* Key to DER */
wolfSSL 15:117db924cf7c 34009 derSz = wc_DsaKeyToDer((DsaKey*)dsa->internal, derBuf, der_max_len);
wolfSSL 15:117db924cf7c 34010 if (derSz < 0) {
wolfSSL 15:117db924cf7c 34011 WOLFSSL_MSG("wc_DsaKeyToDer failed");
wolfSSL 15:117db924cf7c 34012 XFREE(derBuf, NULL, DYNAMIC_TYPE_DER);
wolfSSL 15:117db924cf7c 34013 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 34014 }
wolfSSL 15:117db924cf7c 34015
wolfSSL 15:117db924cf7c 34016 /* encrypt DER buffer if required */
wolfSSL 15:117db924cf7c 34017 if (passwd != NULL && passwdSz > 0 && cipher != NULL) {
wolfSSL 15:117db924cf7c 34018 int ret;
wolfSSL 15:117db924cf7c 34019
wolfSSL 15:117db924cf7c 34020 ret = EncryptDerKey(derBuf, &derSz, cipher,
wolfSSL 15:117db924cf7c 34021 passwd, passwdSz, &cipherInfo);
wolfSSL 15:117db924cf7c 34022 if (ret != WOLFSSL_SUCCESS) {
wolfSSL 15:117db924cf7c 34023 WOLFSSL_MSG("EncryptDerKey failed");
wolfSSL 15:117db924cf7c 34024 XFREE(derBuf, NULL, DYNAMIC_TYPE_DER);
wolfSSL 15:117db924cf7c 34025 return ret;
wolfSSL 15:117db924cf7c 34026 }
wolfSSL 15:117db924cf7c 34027
wolfSSL 15:117db924cf7c 34028 /* tmp buffer with a max size */
wolfSSL 15:117db924cf7c 34029 *plen = (derSz * 2) + (int)XSTRLEN(header) + 1 +
wolfSSL 15:117db924cf7c 34030 (int)XSTRLEN(footer) + 1 + HEADER_ENCRYPTED_KEY_SIZE;
wolfSSL 15:117db924cf7c 34031 }
wolfSSL 15:117db924cf7c 34032 else { /* tmp buffer with a max size */
wolfSSL 15:117db924cf7c 34033 *plen = (derSz * 2) + (int)XSTRLEN(header) + 1 +
wolfSSL 15:117db924cf7c 34034 (int)XSTRLEN(footer) + 1;
wolfSSL 15:117db924cf7c 34035 }
wolfSSL 15:117db924cf7c 34036
wolfSSL 15:117db924cf7c 34037 tmp = (byte*)XMALLOC(*plen, NULL, DYNAMIC_TYPE_PEM);
wolfSSL 15:117db924cf7c 34038 if (tmp == NULL) {
wolfSSL 15:117db924cf7c 34039 WOLFSSL_MSG("malloc failed");
wolfSSL 15:117db924cf7c 34040 XFREE(derBuf, NULL, DYNAMIC_TYPE_DER);
wolfSSL 15:117db924cf7c 34041 if (cipherInfo != NULL)
wolfSSL 15:117db924cf7c 34042 XFREE(cipherInfo, NULL, DYNAMIC_TYPE_STRING);
wolfSSL 15:117db924cf7c 34043 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 34044 }
wolfSSL 15:117db924cf7c 34045
wolfSSL 15:117db924cf7c 34046 /* DER to PEM */
wolfSSL 15:117db924cf7c 34047 *plen = wc_DerToPemEx(derBuf, derSz, tmp, *plen, cipherInfo, type);
wolfSSL 15:117db924cf7c 34048 if (*plen <= 0) {
wolfSSL 15:117db924cf7c 34049 WOLFSSL_MSG("wc_DerToPemEx failed");
wolfSSL 15:117db924cf7c 34050 XFREE(derBuf, NULL, DYNAMIC_TYPE_DER);
wolfSSL 15:117db924cf7c 34051 XFREE(tmp, NULL, DYNAMIC_TYPE_PEM);
wolfSSL 15:117db924cf7c 34052 if (cipherInfo != NULL)
wolfSSL 15:117db924cf7c 34053 XFREE(cipherInfo, NULL, DYNAMIC_TYPE_STRING);
wolfSSL 15:117db924cf7c 34054 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 34055 }
wolfSSL 15:117db924cf7c 34056 XFREE(derBuf, NULL, DYNAMIC_TYPE_DER);
wolfSSL 15:117db924cf7c 34057 if (cipherInfo != NULL)
wolfSSL 15:117db924cf7c 34058 XFREE(cipherInfo, NULL, DYNAMIC_TYPE_STRING);
wolfSSL 15:117db924cf7c 34059
wolfSSL 15:117db924cf7c 34060 *pem = (byte*)XMALLOC((*plen)+1, NULL, DYNAMIC_TYPE_KEY);
wolfSSL 15:117db924cf7c 34061 if (*pem == NULL) {
wolfSSL 15:117db924cf7c 34062 WOLFSSL_MSG("malloc failed");
wolfSSL 15:117db924cf7c 34063 XFREE(tmp, NULL, DYNAMIC_TYPE_PEM);
wolfSSL 15:117db924cf7c 34064 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 34065 }
wolfSSL 15:117db924cf7c 34066 XMEMSET(*pem, 0, (*plen)+1);
wolfSSL 15:117db924cf7c 34067
wolfSSL 15:117db924cf7c 34068 if (XMEMCPY(*pem, tmp, *plen) == NULL) {
wolfSSL 15:117db924cf7c 34069 WOLFSSL_MSG("XMEMCPY failed");
wolfSSL 15:117db924cf7c 34070 XFREE(pem, NULL, DYNAMIC_TYPE_KEY);
wolfSSL 15:117db924cf7c 34071 XFREE(tmp, NULL, DYNAMIC_TYPE_PEM);
wolfSSL 15:117db924cf7c 34072 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 34073 }
wolfSSL 15:117db924cf7c 34074 XFREE(tmp, NULL, DYNAMIC_TYPE_PEM);
wolfSSL 15:117db924cf7c 34075
wolfSSL 15:117db924cf7c 34076 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 34077 #else
wolfSSL 15:117db924cf7c 34078 (void)dsa;
wolfSSL 15:117db924cf7c 34079 (void)cipher;
wolfSSL 15:117db924cf7c 34080 (void)passwd;
wolfSSL 15:117db924cf7c 34081 (void)passwdSz;
wolfSSL 15:117db924cf7c 34082 (void)pem;
wolfSSL 15:117db924cf7c 34083 (void)plen;
wolfSSL 15:117db924cf7c 34084 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 34085 #endif /* WOLFSSL_PEM_TO_DER || WOLFSSL_DER_TO_PEM */
wolfSSL 15:117db924cf7c 34086 }
wolfSSL 15:117db924cf7c 34087
wolfSSL 15:117db924cf7c 34088 #ifndef NO_FILESYSTEM
wolfSSL 15:117db924cf7c 34089 /* return code compliant with OpenSSL :
wolfSSL 15:117db924cf7c 34090 * 1 if success, 0 if error
wolfSSL 15:117db924cf7c 34091 */
wolfSSL 16:8e0d178b1d1e 34092 int wolfSSL_PEM_write_DSAPrivateKey(XFILE fp, WOLFSSL_DSA *dsa,
wolfSSL 15:117db924cf7c 34093 const EVP_CIPHER *enc,
wolfSSL 15:117db924cf7c 34094 unsigned char *kstr, int klen,
wolfSSL 15:117db924cf7c 34095 pem_password_cb *cb, void *u)
wolfSSL 15:117db924cf7c 34096 {
wolfSSL 15:117db924cf7c 34097 byte *pem;
wolfSSL 15:117db924cf7c 34098 int plen, ret;
wolfSSL 15:117db924cf7c 34099
wolfSSL 15:117db924cf7c 34100 (void)cb;
wolfSSL 15:117db924cf7c 34101 (void)u;
wolfSSL 15:117db924cf7c 34102
wolfSSL 15:117db924cf7c 34103 WOLFSSL_MSG("wolfSSL_PEM_write_DSAPrivateKey");
wolfSSL 15:117db924cf7c 34104
wolfSSL 16:8e0d178b1d1e 34105 if (fp == XBADFILE || dsa == NULL || dsa->internal == NULL) {
wolfSSL 15:117db924cf7c 34106 WOLFSSL_MSG("Bad function arguments");
wolfSSL 15:117db924cf7c 34107 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 34108 }
wolfSSL 15:117db924cf7c 34109
wolfSSL 15:117db924cf7c 34110 ret = wolfSSL_PEM_write_mem_DSAPrivateKey(dsa, enc, kstr, klen, &pem, &plen);
wolfSSL 15:117db924cf7c 34111 if (ret != WOLFSSL_SUCCESS) {
wolfSSL 15:117db924cf7c 34112 WOLFSSL_MSG("wolfSSL_PEM_write_mem_DSAPrivateKey failed");
wolfSSL 15:117db924cf7c 34113 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 34114 }
wolfSSL 15:117db924cf7c 34115
wolfSSL 15:117db924cf7c 34116 ret = (int)XFWRITE(pem, plen, 1, fp);
wolfSSL 15:117db924cf7c 34117 if (ret != 1) {
wolfSSL 15:117db924cf7c 34118 WOLFSSL_MSG("DSA private key file write failed");
wolfSSL 15:117db924cf7c 34119 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 34120 }
wolfSSL 15:117db924cf7c 34121
wolfSSL 15:117db924cf7c 34122 XFREE(pem, NULL, DYNAMIC_TYPE_KEY);
wolfSSL 15:117db924cf7c 34123 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 34124 }
wolfSSL 15:117db924cf7c 34125
wolfSSL 15:117db924cf7c 34126 #endif /* NO_FILESYSTEM */
wolfSSL 15:117db924cf7c 34127 #endif /* defined(WOLFSSL_KEY_GEN) */
wolfSSL 15:117db924cf7c 34128
wolfSSL 15:117db924cf7c 34129 #ifndef NO_FILESYSTEM
wolfSSL 15:117db924cf7c 34130 /* return code compliant with OpenSSL :
wolfSSL 15:117db924cf7c 34131 * 1 if success, 0 if error
wolfSSL 15:117db924cf7c 34132 */
wolfSSL 15:117db924cf7c 34133 #ifndef NO_WOLFSSL_STUB
wolfSSL 16:8e0d178b1d1e 34134 int wolfSSL_PEM_write_DSA_PUBKEY(XFILE fp, WOLFSSL_DSA *x)
wolfSSL 15:117db924cf7c 34135 {
wolfSSL 15:117db924cf7c 34136 (void)fp;
wolfSSL 15:117db924cf7c 34137 (void)x;
wolfSSL 15:117db924cf7c 34138 WOLFSSL_STUB("PEM_write_DSA_PUBKEY");
wolfSSL 15:117db924cf7c 34139 WOLFSSL_MSG("wolfSSL_PEM_write_DSA_PUBKEY not implemented");
wolfSSL 15:117db924cf7c 34140
wolfSSL 15:117db924cf7c 34141 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 34142 }
wolfSSL 15:117db924cf7c 34143 #endif
wolfSSL 15:117db924cf7c 34144 #endif /* NO_FILESYSTEM */
wolfSSL 15:117db924cf7c 34145
wolfSSL 15:117db924cf7c 34146 #endif /* #ifndef NO_DSA */
wolfSSL 15:117db924cf7c 34147
wolfSSL 16:8e0d178b1d1e 34148 static int pem_read_bio_key(WOLFSSL_BIO* bio, pem_password_cb* cb, void* pass,
wolfSSL 16:8e0d178b1d1e 34149 int keyType, int* eccFlag, DerBuffer** der)
wolfSSL 16:8e0d178b1d1e 34150 {
wolfSSL 16:8e0d178b1d1e 34151 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 16:8e0d178b1d1e 34152 EncryptedInfo* info = NULL;
wolfSSL 15:117db924cf7c 34153 #else
wolfSSL 15:117db924cf7c 34154 EncryptedInfo info[1];
wolfSSL 15:117db924cf7c 34155 #endif /* WOLFSSL_SMALL_STACK */
wolfSSL 16:8e0d178b1d1e 34156 pem_password_cb* localCb = NULL;
wolfSSL 15:117db924cf7c 34157 char* mem = NULL;
wolfSSL 16:8e0d178b1d1e 34158 int memSz = 0;
wolfSSL 16:8e0d178b1d1e 34159 int ret;
wolfSSL 16:8e0d178b1d1e 34160
wolfSSL 16:8e0d178b1d1e 34161 if(cb) {
wolfSSL 16:8e0d178b1d1e 34162 localCb = cb;
wolfSSL 16:8e0d178b1d1e 34163 } else {
wolfSSL 16:8e0d178b1d1e 34164 if(pass) {
wolfSSL 16:8e0d178b1d1e 34165 localCb = wolfSSL_PEM_def_callback;
wolfSSL 16:8e0d178b1d1e 34166 }
wolfSSL 15:117db924cf7c 34167 }
wolfSSL 15:117db924cf7c 34168
wolfSSL 15:117db924cf7c 34169 if ((ret = wolfSSL_BIO_pending(bio)) > 0) {
wolfSSL 15:117db924cf7c 34170 memSz = ret;
wolfSSL 15:117db924cf7c 34171 mem = (char*)XMALLOC(memSz, bio->heap, DYNAMIC_TYPE_OPENSSL);
wolfSSL 15:117db924cf7c 34172 if (mem == NULL) {
wolfSSL 15:117db924cf7c 34173 WOLFSSL_MSG("Memory error");
wolfSSL 16:8e0d178b1d1e 34174 ret = MEMORY_E;
wolfSSL 16:8e0d178b1d1e 34175 }
wolfSSL 16:8e0d178b1d1e 34176 if (ret >= 0) {
wolfSSL 16:8e0d178b1d1e 34177 if ((ret = wolfSSL_BIO_read(bio, mem, memSz)) <= 0) {
wolfSSL 16:8e0d178b1d1e 34178 XFREE(mem, bio->heap, DYNAMIC_TYPE_OPENSSL);
wolfSSL 16:8e0d178b1d1e 34179 mem = NULL;
wolfSSL 16:8e0d178b1d1e 34180 ret = MEMORY_E;
wolfSSL 16:8e0d178b1d1e 34181 }
wolfSSL 15:117db924cf7c 34182 }
wolfSSL 15:117db924cf7c 34183 }
wolfSSL 15:117db924cf7c 34184 else if (bio->type == WOLFSSL_BIO_FILE) {
wolfSSL 16:8e0d178b1d1e 34185 int sz = 100; /* read from file by 100 byte chunks */
wolfSSL 15:117db924cf7c 34186 int idx = 0;
wolfSSL 15:117db924cf7c 34187 char* tmp = (char*)XMALLOC(sz, bio->heap, DYNAMIC_TYPE_OPENSSL);
wolfSSL 15:117db924cf7c 34188 memSz = 0;
wolfSSL 15:117db924cf7c 34189 if (tmp == NULL) {
wolfSSL 15:117db924cf7c 34190 WOLFSSL_MSG("Memory error");
wolfSSL 16:8e0d178b1d1e 34191 ret = MEMORY_E;
wolfSSL 16:8e0d178b1d1e 34192 }
wolfSSL 16:8e0d178b1d1e 34193
wolfSSL 16:8e0d178b1d1e 34194 while (ret >= 0 && (sz = wolfSSL_BIO_read(bio, tmp, sz)) > 0) {
wolfSSL 16:8e0d178b1d1e 34195 char* newMem;
wolfSSL 15:117db924cf7c 34196 if (memSz + sz < 0) {
wolfSSL 15:117db924cf7c 34197 /* sanity check */
wolfSSL 15:117db924cf7c 34198 break;
wolfSSL 15:117db924cf7c 34199 }
wolfSSL 16:8e0d178b1d1e 34200 newMem = (char*)XREALLOC(mem, memSz + sz, bio->heap,
wolfSSL 15:117db924cf7c 34201 DYNAMIC_TYPE_OPENSSL);
wolfSSL 16:8e0d178b1d1e 34202 if (newMem == NULL) {
wolfSSL 15:117db924cf7c 34203 WOLFSSL_MSG("Memory error");
wolfSSL 16:8e0d178b1d1e 34204 XFREE(mem, bio->heap, DYNAMIC_TYPE_OPENSSL);
wolfSSL 16:8e0d178b1d1e 34205 mem = NULL;
wolfSSL 15:117db924cf7c 34206 XFREE(tmp, bio->heap, DYNAMIC_TYPE_OPENSSL);
wolfSSL 16:8e0d178b1d1e 34207 tmp = NULL;
wolfSSL 16:8e0d178b1d1e 34208 ret = MEMORY_E;
wolfSSL 16:8e0d178b1d1e 34209 break;
wolfSSL 16:8e0d178b1d1e 34210 }
wolfSSL 16:8e0d178b1d1e 34211 mem = newMem;
wolfSSL 15:117db924cf7c 34212 XMEMCPY(mem + idx, tmp, sz);
wolfSSL 15:117db924cf7c 34213 memSz += sz;
wolfSSL 15:117db924cf7c 34214 idx += sz;
wolfSSL 16:8e0d178b1d1e 34215 sz = 100; /* read another 100 byte chunk from file */
wolfSSL 15:117db924cf7c 34216 }
wolfSSL 15:117db924cf7c 34217 XFREE(tmp, bio->heap, DYNAMIC_TYPE_OPENSSL);
wolfSSL 16:8e0d178b1d1e 34218 tmp = NULL;
wolfSSL 15:117db924cf7c 34219 if (memSz <= 0) {
wolfSSL 15:117db924cf7c 34220 WOLFSSL_MSG("No data to read from bio");
wolfSSL 15:117db924cf7c 34221 if (mem != NULL) {
wolfSSL 15:117db924cf7c 34222 XFREE(mem, bio->heap, DYNAMIC_TYPE_OPENSSL);
wolfSSL 16:8e0d178b1d1e 34223 mem = NULL;
wolfSSL 16:8e0d178b1d1e 34224 }
wolfSSL 16:8e0d178b1d1e 34225 ret = BUFFER_E;
wolfSSL 15:117db924cf7c 34226 }
wolfSSL 15:117db924cf7c 34227 }
wolfSSL 15:117db924cf7c 34228 else {
wolfSSL 15:117db924cf7c 34229 WOLFSSL_MSG("No data to read from bio");
wolfSSL 16:8e0d178b1d1e 34230 ret = NOT_COMPILED_IN;
wolfSSL 16:8e0d178b1d1e 34231 }
wolfSSL 16:8e0d178b1d1e 34232
wolfSSL 16:8e0d178b1d1e 34233 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 16:8e0d178b1d1e 34234 if (ret >= 0) {
wolfSSL 16:8e0d178b1d1e 34235 info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), NULL,
wolfSSL 16:8e0d178b1d1e 34236 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 34237 if (info == NULL) {
wolfSSL 16:8e0d178b1d1e 34238 WOLFSSL_MSG("Error getting memory for EncryptedInfo structure");
wolfSSL 16:8e0d178b1d1e 34239 XFREE(mem, bio->heap, DYNAMIC_TYPE_OPENSSL);
wolfSSL 16:8e0d178b1d1e 34240 mem = NULL;
wolfSSL 16:8e0d178b1d1e 34241 ret = MEMORY_E;
wolfSSL 16:8e0d178b1d1e 34242 }
wolfSSL 16:8e0d178b1d1e 34243 }
wolfSSL 16:8e0d178b1d1e 34244 #endif
wolfSSL 16:8e0d178b1d1e 34245
wolfSSL 16:8e0d178b1d1e 34246 if (ret >= 0) {
wolfSSL 16:8e0d178b1d1e 34247 XMEMSET(info, 0, sizeof(EncryptedInfo));
wolfSSL 16:8e0d178b1d1e 34248 info->passwd_cb = localCb;
wolfSSL 16:8e0d178b1d1e 34249 info->passwd_userdata = pass;
wolfSSL 16:8e0d178b1d1e 34250 ret = PemToDer((const unsigned char*)mem, memSz, keyType, der,
wolfSSL 16:8e0d178b1d1e 34251 NULL, info, eccFlag);
wolfSSL 16:8e0d178b1d1e 34252
wolfSSL 16:8e0d178b1d1e 34253 if (ret < 0) {
wolfSSL 16:8e0d178b1d1e 34254 WOLFSSL_MSG("Bad Pem To Der");
wolfSSL 16:8e0d178b1d1e 34255 }
wolfSSL 16:8e0d178b1d1e 34256 else {
wolfSSL 16:8e0d178b1d1e 34257 /* write left over data back to bio */
wolfSSL 16:8e0d178b1d1e 34258 if ((memSz - (int)info->consumed) > 0 &&
wolfSSL 16:8e0d178b1d1e 34259 bio->type != WOLFSSL_BIO_FILE) {
wolfSSL 16:8e0d178b1d1e 34260 if (wolfSSL_BIO_write(bio, mem + (int)info->consumed,
wolfSSL 16:8e0d178b1d1e 34261 memSz - (int)info->consumed) <= 0) {
wolfSSL 16:8e0d178b1d1e 34262 WOLFSSL_MSG("Unable to advance bio read pointer");
wolfSSL 16:8e0d178b1d1e 34263 }
wolfSSL 16:8e0d178b1d1e 34264 }
wolfSSL 15:117db924cf7c 34265 }
wolfSSL 15:117db924cf7c 34266 }
wolfSSL 15:117db924cf7c 34267
wolfSSL 15:117db924cf7c 34268 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 34269 XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 34270 #endif
wolfSSL 15:117db924cf7c 34271 XFREE(mem, bio->heap, DYNAMIC_TYPE_OPENSSL);
wolfSSL 16:8e0d178b1d1e 34272
wolfSSL 16:8e0d178b1d1e 34273 return ret;
wolfSSL 16:8e0d178b1d1e 34274 }
wolfSSL 16:8e0d178b1d1e 34275
wolfSSL 16:8e0d178b1d1e 34276 WOLFSSL_EVP_PKEY* wolfSSL_PEM_read_bio_PrivateKey(WOLFSSL_BIO* bio,
wolfSSL 16:8e0d178b1d1e 34277 WOLFSSL_EVP_PKEY** key,
wolfSSL 16:8e0d178b1d1e 34278 pem_password_cb* cb,
wolfSSL 16:8e0d178b1d1e 34279 void* pass)
wolfSSL 16:8e0d178b1d1e 34280 {
wolfSSL 16:8e0d178b1d1e 34281 WOLFSSL_EVP_PKEY* pkey = NULL;
wolfSSL 16:8e0d178b1d1e 34282 DerBuffer* der = NULL;
wolfSSL 16:8e0d178b1d1e 34283 int keyFormat = 0;
wolfSSL 16:8e0d178b1d1e 34284 int type = -1;
wolfSSL 16:8e0d178b1d1e 34285
wolfSSL 16:8e0d178b1d1e 34286 WOLFSSL_ENTER("wolfSSL_PEM_read_bio_PrivateKey");
wolfSSL 16:8e0d178b1d1e 34287
wolfSSL 16:8e0d178b1d1e 34288 if (bio == NULL)
wolfSSL 16:8e0d178b1d1e 34289 return pkey;
wolfSSL 16:8e0d178b1d1e 34290
wolfSSL 16:8e0d178b1d1e 34291 if (pem_read_bio_key(bio, cb, pass, PRIVATEKEY_TYPE, &keyFormat,
wolfSSL 16:8e0d178b1d1e 34292 &der) >= 0) {
wolfSSL 16:8e0d178b1d1e 34293 const unsigned char* ptr = der->buffer;
wolfSSL 16:8e0d178b1d1e 34294
wolfSSL 16:8e0d178b1d1e 34295 if (keyFormat) {
wolfSSL 16:8e0d178b1d1e 34296 /* keyFormat is Key_Sum enum */
wolfSSL 16:8e0d178b1d1e 34297 if (keyFormat == RSAk)
wolfSSL 16:8e0d178b1d1e 34298 type = EVP_PKEY_RSA;
wolfSSL 16:8e0d178b1d1e 34299 else if (keyFormat == ECDSAk)
wolfSSL 16:8e0d178b1d1e 34300 type = EVP_PKEY_EC;
wolfSSL 16:8e0d178b1d1e 34301 else if (keyFormat == DSAk)
wolfSSL 16:8e0d178b1d1e 34302 type = EVP_PKEY_DSA;
wolfSSL 16:8e0d178b1d1e 34303 else if (keyFormat == DHk)
wolfSSL 16:8e0d178b1d1e 34304 type = EVP_PKEY_DH;
wolfSSL 16:8e0d178b1d1e 34305 }
wolfSSL 16:8e0d178b1d1e 34306 else {
wolfSSL 16:8e0d178b1d1e 34307 /* Default to RSA if format is not set */
wolfSSL 16:8e0d178b1d1e 34308 type = EVP_PKEY_RSA;
wolfSSL 16:8e0d178b1d1e 34309 }
wolfSSL 16:8e0d178b1d1e 34310
wolfSSL 16:8e0d178b1d1e 34311 /* handle case where reuse is attempted */
wolfSSL 16:8e0d178b1d1e 34312 if (key != NULL && *key != NULL)
wolfSSL 16:8e0d178b1d1e 34313 pkey = *key;
wolfSSL 16:8e0d178b1d1e 34314
wolfSSL 16:8e0d178b1d1e 34315 wolfSSL_d2i_PrivateKey(type, &pkey, &ptr, der->length);
wolfSSL 16:8e0d178b1d1e 34316 if (pkey == NULL) {
wolfSSL 16:8e0d178b1d1e 34317 WOLFSSL_MSG("Error loading DER buffer into WOLFSSL_EVP_PKEY");
wolfSSL 16:8e0d178b1d1e 34318 }
wolfSSL 16:8e0d178b1d1e 34319 }
wolfSSL 16:8e0d178b1d1e 34320
wolfSSL 15:117db924cf7c 34321 FreeDer(&der);
wolfSSL 15:117db924cf7c 34322
wolfSSL 16:8e0d178b1d1e 34323 if (key != NULL && pkey != NULL)
wolfSSL 15:117db924cf7c 34324 *key = pkey;
wolfSSL 16:8e0d178b1d1e 34325
wolfSSL 16:8e0d178b1d1e 34326 WOLFSSL_LEAVE("wolfSSL_PEM_read_bio_PrivateKey", 0);
wolfSSL 15:117db924cf7c 34327
wolfSSL 15:117db924cf7c 34328 return pkey;
wolfSSL 15:117db924cf7c 34329 }
wolfSSL 15:117db924cf7c 34330
wolfSSL 16:8e0d178b1d1e 34331 WOLFSSL_EVP_PKEY *wolfSSL_PEM_read_bio_PUBKEY(WOLFSSL_BIO* bio,
wolfSSL 16:8e0d178b1d1e 34332 WOLFSSL_EVP_PKEY **key,
wolfSSL 16:8e0d178b1d1e 34333 pem_password_cb *cb, void *pass)
wolfSSL 16:8e0d178b1d1e 34334 {
wolfSSL 16:8e0d178b1d1e 34335 WOLFSSL_EVP_PKEY* pkey = NULL;
wolfSSL 16:8e0d178b1d1e 34336 DerBuffer* der = NULL;
wolfSSL 16:8e0d178b1d1e 34337 int keyFormat = 0;
wolfSSL 16:8e0d178b1d1e 34338
wolfSSL 16:8e0d178b1d1e 34339 WOLFSSL_ENTER("wolfSSL_PEM_read_bio_PUBKEY");
wolfSSL 16:8e0d178b1d1e 34340
wolfSSL 16:8e0d178b1d1e 34341 if (bio == NULL)
wolfSSL 16:8e0d178b1d1e 34342 return pkey;
wolfSSL 16:8e0d178b1d1e 34343
wolfSSL 16:8e0d178b1d1e 34344 if (pem_read_bio_key(bio, cb, pass, PUBLICKEY_TYPE, &keyFormat, &der) >= 0) {
wolfSSL 16:8e0d178b1d1e 34345 const unsigned char* ptr = der->buffer;
wolfSSL 16:8e0d178b1d1e 34346
wolfSSL 16:8e0d178b1d1e 34347 /* handle case where reuse is attempted */
wolfSSL 16:8e0d178b1d1e 34348 if (key != NULL && *key != NULL)
wolfSSL 16:8e0d178b1d1e 34349 pkey = *key;
wolfSSL 16:8e0d178b1d1e 34350
wolfSSL 16:8e0d178b1d1e 34351 wolfSSL_d2i_PUBKEY(&pkey, &ptr, der->length);
wolfSSL 16:8e0d178b1d1e 34352 if (pkey == NULL) {
wolfSSL 16:8e0d178b1d1e 34353 WOLFSSL_MSG("Error loading DER buffer into WOLFSSL_EVP_PKEY");
wolfSSL 16:8e0d178b1d1e 34354 }
wolfSSL 16:8e0d178b1d1e 34355 }
wolfSSL 16:8e0d178b1d1e 34356
wolfSSL 16:8e0d178b1d1e 34357 FreeDer(&der);
wolfSSL 16:8e0d178b1d1e 34358
wolfSSL 16:8e0d178b1d1e 34359 if (key != NULL && pkey != NULL)
wolfSSL 16:8e0d178b1d1e 34360 *key = pkey;
wolfSSL 16:8e0d178b1d1e 34361
wolfSSL 16:8e0d178b1d1e 34362 WOLFSSL_LEAVE("wolfSSL_PEM_read_bio_PUBKEY", 0);
wolfSSL 16:8e0d178b1d1e 34363
wolfSSL 16:8e0d178b1d1e 34364 return pkey;
wolfSSL 16:8e0d178b1d1e 34365 }
wolfSSL 16:8e0d178b1d1e 34366
wolfSSL 16:8e0d178b1d1e 34367
wolfSSL 16:8e0d178b1d1e 34368 #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) && !defined(NO_RSA)
wolfSSL 15:117db924cf7c 34369 /* Uses the same format of input as wolfSSL_PEM_read_bio_PrivateKey but expects
wolfSSL 15:117db924cf7c 34370 * the results to be an RSA key.
wolfSSL 15:117db924cf7c 34371 *
wolfSSL 15:117db924cf7c 34372 * bio structure to read RSA private key from
wolfSSL 15:117db924cf7c 34373 * rsa if not null is then set to the result
wolfSSL 15:117db924cf7c 34374 * cb password callback for reading PEM
wolfSSL 15:117db924cf7c 34375 * pass password string
wolfSSL 15:117db924cf7c 34376 *
wolfSSL 15:117db924cf7c 34377 * returns a pointer to a new WOLFSSL_RSA structure on success and NULL on fail
wolfSSL 15:117db924cf7c 34378 */
wolfSSL 15:117db924cf7c 34379 WOLFSSL_RSA* wolfSSL_PEM_read_bio_RSAPrivateKey(WOLFSSL_BIO* bio,
wolfSSL 15:117db924cf7c 34380 WOLFSSL_RSA** rsa, pem_password_cb* cb, void* pass)
wolfSSL 15:117db924cf7c 34381 {
wolfSSL 15:117db924cf7c 34382 WOLFSSL_EVP_PKEY* pkey;
wolfSSL 15:117db924cf7c 34383 WOLFSSL_RSA* local;
wolfSSL 15:117db924cf7c 34384
wolfSSL 16:8e0d178b1d1e 34385 WOLFSSL_ENTER("PEM_read_bio_RSAPrivateKey");
wolfSSL 16:8e0d178b1d1e 34386
wolfSSL 15:117db924cf7c 34387 pkey = wolfSSL_PEM_read_bio_PrivateKey(bio, NULL, cb, pass);
wolfSSL 15:117db924cf7c 34388 if (pkey == NULL) {
wolfSSL 15:117db924cf7c 34389 return NULL;
wolfSSL 15:117db924cf7c 34390 }
wolfSSL 15:117db924cf7c 34391
wolfSSL 15:117db924cf7c 34392 /* Since the WOLFSSL_RSA structure is being taken from WOLFSSL_EVP_PEKY the
wolfSSL 15:117db924cf7c 34393 * flag indicating that the WOLFSSL_RSA structure is owned should be FALSE
wolfSSL 15:117db924cf7c 34394 * to avoid having it free'd */
wolfSSL 15:117db924cf7c 34395 pkey->ownRsa = 0;
wolfSSL 15:117db924cf7c 34396 local = pkey->rsa;
wolfSSL 15:117db924cf7c 34397 if (rsa != NULL) {
wolfSSL 15:117db924cf7c 34398 *rsa = local;
wolfSSL 15:117db924cf7c 34399 }
wolfSSL 15:117db924cf7c 34400
wolfSSL 15:117db924cf7c 34401 wolfSSL_EVP_PKEY_free(pkey);
wolfSSL 15:117db924cf7c 34402 return local;
wolfSSL 15:117db924cf7c 34403 }
wolfSSL 16:8e0d178b1d1e 34404 #endif /* OPENSSL_EXTRA || OPENSSL_ALL || !NO_RSA */
wolfSSL 16:8e0d178b1d1e 34405
wolfSSL 16:8e0d178b1d1e 34406 #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) && (!defined(NO_CERTS) && \
wolfSSL 16:8e0d178b1d1e 34407 !defined(NO_FILESYSTEM) && !defined(NO_DSA) && defined(WOLFSSL_KEY_GEN))
wolfSSL 16:8e0d178b1d1e 34408 /* Uses the same format of input as wolfSSL_PEM_read_bio_PrivateKey but expects
wolfSSL 16:8e0d178b1d1e 34409 * the results to be an DSA key.
wolfSSL 16:8e0d178b1d1e 34410 *
wolfSSL 16:8e0d178b1d1e 34411 * bio structure to read DSA private key from
wolfSSL 16:8e0d178b1d1e 34412 * dsa if not null is then set to the result
wolfSSL 16:8e0d178b1d1e 34413 * cb password callback for reading PEM
wolfSSL 16:8e0d178b1d1e 34414 * pass password string
wolfSSL 16:8e0d178b1d1e 34415 *
wolfSSL 16:8e0d178b1d1e 34416 * returns a pointer to a new WOLFSSL_DSA structure on success and NULL on fail
wolfSSL 16:8e0d178b1d1e 34417 */
wolfSSL 16:8e0d178b1d1e 34418 WOLFSSL_DSA* wolfSSL_PEM_read_bio_DSAPrivateKey(WOLFSSL_BIO* bio,
wolfSSL 16:8e0d178b1d1e 34419 WOLFSSL_DSA** dsa,
wolfSSL 16:8e0d178b1d1e 34420 pem_password_cb* cb,void *pass)
wolfSSL 16:8e0d178b1d1e 34421 {
wolfSSL 16:8e0d178b1d1e 34422 WOLFSSL_EVP_PKEY* pkey = NULL;
wolfSSL 16:8e0d178b1d1e 34423 WOLFSSL_DSA* local;
wolfSSL 16:8e0d178b1d1e 34424 WOLFSSL_ENTER("wolfSSL_PEM_read_bio_DSAPrivateKey");
wolfSSL 16:8e0d178b1d1e 34425
wolfSSL 16:8e0d178b1d1e 34426
wolfSSL 16:8e0d178b1d1e 34427 pkey = wolfSSL_PEM_read_bio_PrivateKey(bio, NULL, cb, pass);
wolfSSL 16:8e0d178b1d1e 34428 if (pkey == NULL) {
wolfSSL 16:8e0d178b1d1e 34429 WOLFSSL_MSG("Error in PEM_read_bio_PrivateKey");
wolfSSL 16:8e0d178b1d1e 34430 return NULL;
wolfSSL 16:8e0d178b1d1e 34431 }
wolfSSL 16:8e0d178b1d1e 34432 /* Since the WOLFSSL_DSA structure is being taken from WOLFSSL_EVP_PKEY the
wolfSSL 16:8e0d178b1d1e 34433 * flag indicating that the WOLFSSL_DSA structure is owned should be FALSE
wolfSSL 16:8e0d178b1d1e 34434 * to avoid having it free'd */
wolfSSL 16:8e0d178b1d1e 34435 pkey->ownDsa = 0;
wolfSSL 16:8e0d178b1d1e 34436 local = pkey->dsa;
wolfSSL 16:8e0d178b1d1e 34437 if (dsa != NULL) {
wolfSSL 16:8e0d178b1d1e 34438 *dsa = local;
wolfSSL 16:8e0d178b1d1e 34439 }
wolfSSL 16:8e0d178b1d1e 34440 wolfSSL_EVP_PKEY_free(pkey);
wolfSSL 16:8e0d178b1d1e 34441 return local;
wolfSSL 16:8e0d178b1d1e 34442 }
wolfSSL 16:8e0d178b1d1e 34443
wolfSSL 16:8e0d178b1d1e 34444 /* Reads an DSA public key from a WOLFSSL_BIO into a WOLFSSL_DSA.
wolfSSL 16:8e0d178b1d1e 34445 * Returns WOLFSSL_SUCCESS or WOLFSSL_FAILURE
wolfSSL 16:8e0d178b1d1e 34446 */
wolfSSL 16:8e0d178b1d1e 34447 WOLFSSL_DSA *wolfSSL_PEM_read_bio_DSA_PUBKEY(WOLFSSL_BIO* bio,WOLFSSL_DSA** dsa,
wolfSSL 16:8e0d178b1d1e 34448 pem_password_cb* cb, void *pass)
wolfSSL 16:8e0d178b1d1e 34449 {
wolfSSL 16:8e0d178b1d1e 34450 WOLFSSL_EVP_PKEY* pkey;
wolfSSL 16:8e0d178b1d1e 34451 WOLFSSL_DSA* local;
wolfSSL 16:8e0d178b1d1e 34452 WOLFSSL_ENTER("wolfSSL_PEM_read_bio_DSA_PUBKEY");
wolfSSL 16:8e0d178b1d1e 34453
wolfSSL 16:8e0d178b1d1e 34454 pkey = wolfSSL_PEM_read_bio_PUBKEY(bio, NULL, cb, pass);
wolfSSL 16:8e0d178b1d1e 34455 if (pkey == NULL) {
wolfSSL 16:8e0d178b1d1e 34456 WOLFSSL_MSG("wolfSSL_PEM_read_bio_PUBKEY failed");
wolfSSL 16:8e0d178b1d1e 34457 return NULL;
wolfSSL 16:8e0d178b1d1e 34458 }
wolfSSL 16:8e0d178b1d1e 34459
wolfSSL 16:8e0d178b1d1e 34460 /* Since the WOLFSSL_DSA structure is being taken from WOLFSSL_EVP_PKEY the
wolfSSL 16:8e0d178b1d1e 34461 * flag indicating that the WOLFSSL_DSA structure is owned should be FALSE
wolfSSL 16:8e0d178b1d1e 34462 * to avoid having it free'd */
wolfSSL 16:8e0d178b1d1e 34463 pkey->ownDsa = 0;
wolfSSL 16:8e0d178b1d1e 34464 local = pkey->dsa;
wolfSSL 16:8e0d178b1d1e 34465 if (dsa != NULL) {
wolfSSL 16:8e0d178b1d1e 34466 *dsa = local;
wolfSSL 16:8e0d178b1d1e 34467 }
wolfSSL 16:8e0d178b1d1e 34468
wolfSSL 16:8e0d178b1d1e 34469 wolfSSL_EVP_PKEY_free(pkey);
wolfSSL 16:8e0d178b1d1e 34470 return local;
wolfSSL 16:8e0d178b1d1e 34471 }
wolfSSL 16:8e0d178b1d1e 34472 #endif
wolfSSL 16:8e0d178b1d1e 34473
wolfSSL 16:8e0d178b1d1e 34474 #ifdef HAVE_ECC
wolfSSL 16:8e0d178b1d1e 34475 /* returns a new WOLFSSL_EC_GROUP structure on success and NULL on fail */
wolfSSL 16:8e0d178b1d1e 34476 WOLFSSL_EC_GROUP* wolfSSL_PEM_read_bio_ECPKParameters(WOLFSSL_BIO* bio,
wolfSSL 16:8e0d178b1d1e 34477 WOLFSSL_EC_GROUP** group, pem_password_cb* cb, void* pass)
wolfSSL 16:8e0d178b1d1e 34478 {
wolfSSL 16:8e0d178b1d1e 34479 WOLFSSL_EVP_PKEY* pkey;
wolfSSL 16:8e0d178b1d1e 34480 WOLFSSL_EC_GROUP* ret = NULL;
wolfSSL 16:8e0d178b1d1e 34481
wolfSSL 16:8e0d178b1d1e 34482 /* check on if bio is null is done in wolfSSL_PEM_read_bio_PrivateKey */
wolfSSL 16:8e0d178b1d1e 34483 pkey = wolfSSL_PEM_read_bio_PrivateKey(bio, NULL, cb, pass);
wolfSSL 16:8e0d178b1d1e 34484 if (pkey != NULL) {
wolfSSL 16:8e0d178b1d1e 34485 if (pkey->type != EVP_PKEY_EC) {
wolfSSL 16:8e0d178b1d1e 34486 WOLFSSL_MSG("Unexpected key type");
wolfSSL 16:8e0d178b1d1e 34487 }
wolfSSL 16:8e0d178b1d1e 34488 else {
wolfSSL 16:8e0d178b1d1e 34489 ret = (WOLFSSL_EC_GROUP*)wolfSSL_EC_KEY_get0_group(pkey->ecc);
wolfSSL 16:8e0d178b1d1e 34490
wolfSSL 16:8e0d178b1d1e 34491 /* set ecc group to null so it is not free'd when pkey is free'd */
wolfSSL 16:8e0d178b1d1e 34492 pkey->ecc->group = NULL;
wolfSSL 16:8e0d178b1d1e 34493 }
wolfSSL 16:8e0d178b1d1e 34494 }
wolfSSL 16:8e0d178b1d1e 34495
wolfSSL 16:8e0d178b1d1e 34496 (void)group;
wolfSSL 16:8e0d178b1d1e 34497 wolfSSL_EVP_PKEY_free(pkey);
wolfSSL 16:8e0d178b1d1e 34498 return ret;
wolfSSL 16:8e0d178b1d1e 34499 }
wolfSSL 16:8e0d178b1d1e 34500 #endif /* HAVE_ECC */
wolfSSL 15:117db924cf7c 34501
wolfSSL 15:117db924cf7c 34502 #if !defined(NO_FILESYSTEM)
wolfSSL 16:8e0d178b1d1e 34503 WOLFSSL_EVP_PKEY *wolfSSL_PEM_read_PUBKEY(XFILE fp, EVP_PKEY **x,
wolfSSL 15:117db924cf7c 34504 pem_password_cb *cb, void *u)
wolfSSL 15:117db924cf7c 34505 {
wolfSSL 15:117db924cf7c 34506 (void)fp;
wolfSSL 15:117db924cf7c 34507 (void)x;
wolfSSL 15:117db924cf7c 34508 (void)cb;
wolfSSL 15:117db924cf7c 34509 (void)u;
wolfSSL 15:117db924cf7c 34510
wolfSSL 15:117db924cf7c 34511 WOLFSSL_MSG("wolfSSL_PEM_read_PUBKEY not implemented");
wolfSSL 15:117db924cf7c 34512
wolfSSL 15:117db924cf7c 34513 return NULL;
wolfSSL 15:117db924cf7c 34514 }
wolfSSL 15:117db924cf7c 34515 #endif /* NO_FILESYSTEM */
wolfSSL 15:117db924cf7c 34516
wolfSSL 15:117db924cf7c 34517 #ifndef NO_RSA
wolfSSL 15:117db924cf7c 34518
wolfSSL 16:8e0d178b1d1e 34519 #if defined(XSNPRINTF) && !defined(HAVE_FAST_RSA)
wolfSSL 16:8e0d178b1d1e 34520 /* snprintf() must be available */
wolfSSL 16:8e0d178b1d1e 34521
wolfSSL 16:8e0d178b1d1e 34522 /******************************************************************************
wolfSSL 16:8e0d178b1d1e 34523 * wolfSSL_RSA_print - writes the human readable form of RSA to bio
wolfSSL 16:8e0d178b1d1e 34524 *
wolfSSL 16:8e0d178b1d1e 34525 * RETURNS:
wolfSSL 16:8e0d178b1d1e 34526 * returns WOLFSSL_SUCCESS on success, otherwise returns WOLFSSL_FAILURE
wolfSSL 16:8e0d178b1d1e 34527 */
wolfSSL 16:8e0d178b1d1e 34528 int wolfSSL_RSA_print(WOLFSSL_BIO* bio, WOLFSSL_RSA* rsa, int offset)
wolfSSL 16:8e0d178b1d1e 34529 {
wolfSSL 16:8e0d178b1d1e 34530 char tmp[100] = {0};
wolfSSL 16:8e0d178b1d1e 34531 word32 idx = 0;
wolfSSL 16:8e0d178b1d1e 34532 int sz = 0;
wolfSSL 16:8e0d178b1d1e 34533 byte lbit = 0;
wolfSSL 16:8e0d178b1d1e 34534 int rawLen = 0;
wolfSSL 16:8e0d178b1d1e 34535 byte* rawKey = NULL;
wolfSSL 16:8e0d178b1d1e 34536 RsaKey* iRsa = NULL;
wolfSSL 16:8e0d178b1d1e 34537 int i = 0;
wolfSSL 16:8e0d178b1d1e 34538 mp_int *rsaElem = NULL;
wolfSSL 16:8e0d178b1d1e 34539 char rsaStr[][20] = { "Modulus:",
wolfSSL 16:8e0d178b1d1e 34540 "PublicExponent:",
wolfSSL 16:8e0d178b1d1e 34541 "PrivateExponent:",
wolfSSL 16:8e0d178b1d1e 34542 "Prime1:",
wolfSSL 16:8e0d178b1d1e 34543 "Prime2:",
wolfSSL 16:8e0d178b1d1e 34544 "Exponent1:",
wolfSSL 16:8e0d178b1d1e 34545 "Exponent2:",
wolfSSL 16:8e0d178b1d1e 34546 "Coefficient:"
wolfSSL 16:8e0d178b1d1e 34547 };
wolfSSL 16:8e0d178b1d1e 34548
wolfSSL 16:8e0d178b1d1e 34549 WOLFSSL_ENTER("wolfSSL_RSA_print");
wolfSSL 16:8e0d178b1d1e 34550 (void)offset;
wolfSSL 16:8e0d178b1d1e 34551
wolfSSL 16:8e0d178b1d1e 34552 if (bio == NULL || rsa == NULL) {
wolfSSL 16:8e0d178b1d1e 34553 return WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 34554 }
wolfSSL 16:8e0d178b1d1e 34555
wolfSSL 16:8e0d178b1d1e 34556 if ((sz = wolfSSL_RSA_size(rsa)) < 0) {
wolfSSL 16:8e0d178b1d1e 34557 WOLFSSL_MSG("Error getting RSA key size");
wolfSSL 16:8e0d178b1d1e 34558 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 34559 }
wolfSSL 16:8e0d178b1d1e 34560 iRsa = (RsaKey*)rsa->internal;
wolfSSL 16:8e0d178b1d1e 34561
wolfSSL 16:8e0d178b1d1e 34562 XSNPRINTF(tmp, sizeof(tmp) - 1, "\n%s: (%d bit)",
wolfSSL 16:8e0d178b1d1e 34563 "RSA Private-Key", 8 * sz);
wolfSSL 16:8e0d178b1d1e 34564 tmp[sizeof(tmp) - 1] = '\0';
wolfSSL 16:8e0d178b1d1e 34565 if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) {
wolfSSL 16:8e0d178b1d1e 34566 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 34567 }
wolfSSL 16:8e0d178b1d1e 34568
wolfSSL 16:8e0d178b1d1e 34569 for (i=0; i<RSA_INTS; i++) {
wolfSSL 16:8e0d178b1d1e 34570 switch(i) {
wolfSSL 16:8e0d178b1d1e 34571 case 0:
wolfSSL 16:8e0d178b1d1e 34572 /* Print out modulus */
wolfSSL 16:8e0d178b1d1e 34573 rsaElem = &iRsa->n;
wolfSSL 16:8e0d178b1d1e 34574 break;
wolfSSL 16:8e0d178b1d1e 34575 case 1:
wolfSSL 16:8e0d178b1d1e 34576 rsaElem = &iRsa->e;
wolfSSL 16:8e0d178b1d1e 34577 break;
wolfSSL 16:8e0d178b1d1e 34578 case 2:
wolfSSL 16:8e0d178b1d1e 34579 rsaElem = &iRsa->d;
wolfSSL 16:8e0d178b1d1e 34580 break;
wolfSSL 16:8e0d178b1d1e 34581 case 3:
wolfSSL 16:8e0d178b1d1e 34582 rsaElem = &iRsa->p;
wolfSSL 16:8e0d178b1d1e 34583 break;
wolfSSL 16:8e0d178b1d1e 34584 case 4:
wolfSSL 16:8e0d178b1d1e 34585 rsaElem = &iRsa->q;
wolfSSL 16:8e0d178b1d1e 34586 break;
wolfSSL 16:8e0d178b1d1e 34587 case 5:
wolfSSL 16:8e0d178b1d1e 34588 rsaElem = &iRsa->dP;
wolfSSL 16:8e0d178b1d1e 34589 break;
wolfSSL 16:8e0d178b1d1e 34590 case 6:
wolfSSL 16:8e0d178b1d1e 34591 rsaElem = &iRsa->dQ;
wolfSSL 16:8e0d178b1d1e 34592 break;
wolfSSL 16:8e0d178b1d1e 34593 case 7:
wolfSSL 16:8e0d178b1d1e 34594 rsaElem = &iRsa->u;
wolfSSL 16:8e0d178b1d1e 34595 break;
wolfSSL 16:8e0d178b1d1e 34596 default:
wolfSSL 16:8e0d178b1d1e 34597 WOLFSSL_MSG("Bad index value");
wolfSSL 16:8e0d178b1d1e 34598 }
wolfSSL 16:8e0d178b1d1e 34599
wolfSSL 16:8e0d178b1d1e 34600 if (i == 1) {
wolfSSL 16:8e0d178b1d1e 34601 /* Print out exponent values */
wolfSSL 16:8e0d178b1d1e 34602 rawLen = mp_unsigned_bin_size(rsaElem);
wolfSSL 16:8e0d178b1d1e 34603 if (rawLen < 0) {
wolfSSL 16:8e0d178b1d1e 34604 WOLFSSL_MSG("Error getting exponent size");
wolfSSL 16:8e0d178b1d1e 34605 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 34606 }
wolfSSL 16:8e0d178b1d1e 34607
wolfSSL 16:8e0d178b1d1e 34608 if ((word32)rawLen < sizeof(word32)) {
wolfSSL 16:8e0d178b1d1e 34609 rawLen = sizeof(word32);
wolfSSL 16:8e0d178b1d1e 34610 }
wolfSSL 16:8e0d178b1d1e 34611 rawKey = (byte*)XMALLOC(rawLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 34612 if (rawKey == NULL) {
wolfSSL 16:8e0d178b1d1e 34613 WOLFSSL_MSG("Memory error");
wolfSSL 16:8e0d178b1d1e 34614 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 34615 }
wolfSSL 16:8e0d178b1d1e 34616 XMEMSET(rawKey, 0, rawLen);
wolfSSL 16:8e0d178b1d1e 34617 mp_to_unsigned_bin(rsaElem, rawKey);
wolfSSL 16:8e0d178b1d1e 34618 if ((word32)rawLen <= sizeof(word32)) {
wolfSSL 16:8e0d178b1d1e 34619 idx = *(word32*)rawKey;
wolfSSL 16:8e0d178b1d1e 34620 #ifdef BIG_ENDIAN_ORDER
wolfSSL 16:8e0d178b1d1e 34621 idx = ByteReverseWord32(idx);
wolfSSL 16:8e0d178b1d1e 34622 #endif
wolfSSL 16:8e0d178b1d1e 34623 }
wolfSSL 16:8e0d178b1d1e 34624 XSNPRINTF(tmp, sizeof(tmp) - 1, "\nExponent: %d (0x%x)", idx, idx);
wolfSSL 16:8e0d178b1d1e 34625 if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) {
wolfSSL 16:8e0d178b1d1e 34626 XFREE(rawKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 34627 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 34628 }
wolfSSL 16:8e0d178b1d1e 34629 XFREE(rawKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 34630 }
wolfSSL 16:8e0d178b1d1e 34631 else {
wolfSSL 16:8e0d178b1d1e 34632 XSNPRINTF(tmp, sizeof(tmp) - 1, "\n%s\n ", rsaStr[i]);
wolfSSL 16:8e0d178b1d1e 34633 tmp[sizeof(tmp) - 1] = '\0';
wolfSSL 16:8e0d178b1d1e 34634 if (mp_leading_bit(rsaElem)) {
wolfSSL 16:8e0d178b1d1e 34635 lbit = 1;
wolfSSL 16:8e0d178b1d1e 34636 XSTRNCAT(tmp, "00", 3);
wolfSSL 16:8e0d178b1d1e 34637 }
wolfSSL 16:8e0d178b1d1e 34638
wolfSSL 16:8e0d178b1d1e 34639 rawLen = mp_unsigned_bin_size(rsaElem);
wolfSSL 16:8e0d178b1d1e 34640 rawKey = (byte*)XMALLOC(rawLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 34641 if (rawKey == NULL) {
wolfSSL 16:8e0d178b1d1e 34642 WOLFSSL_MSG("Memory error");
wolfSSL 16:8e0d178b1d1e 34643 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 34644 }
wolfSSL 16:8e0d178b1d1e 34645 mp_to_unsigned_bin(rsaElem, rawKey);
wolfSSL 16:8e0d178b1d1e 34646 for (idx = 0; idx < (word32)rawLen; idx++) {
wolfSSL 16:8e0d178b1d1e 34647 char val[5];
wolfSSL 16:8e0d178b1d1e 34648 int valSz = 5;
wolfSSL 16:8e0d178b1d1e 34649
wolfSSL 16:8e0d178b1d1e 34650 if ((idx == 0) && !lbit) {
wolfSSL 16:8e0d178b1d1e 34651 XSNPRINTF(val, valSz - 1, "%02x", rawKey[idx]);
wolfSSL 16:8e0d178b1d1e 34652 }
wolfSSL 16:8e0d178b1d1e 34653 else if ((idx != 0) && (((idx + lbit) % 15) == 0)) {
wolfSSL 16:8e0d178b1d1e 34654 tmp[sizeof(tmp) - 1] = '\0';
wolfSSL 16:8e0d178b1d1e 34655 if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) {
wolfSSL 16:8e0d178b1d1e 34656 XFREE(rawKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 34657 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 34658 }
wolfSSL 16:8e0d178b1d1e 34659 XSNPRINTF(tmp, sizeof(tmp) - 1,
wolfSSL 16:8e0d178b1d1e 34660 ":\n ");
wolfSSL 16:8e0d178b1d1e 34661 XSNPRINTF(val, valSz - 1, "%02x", rawKey[idx]);
wolfSSL 16:8e0d178b1d1e 34662 }
wolfSSL 16:8e0d178b1d1e 34663 else {
wolfSSL 16:8e0d178b1d1e 34664 XSNPRINTF(val, valSz - 1, ":%02x", rawKey[idx]);
wolfSSL 16:8e0d178b1d1e 34665 }
wolfSSL 16:8e0d178b1d1e 34666 XSTRNCAT(tmp, val, valSz);
wolfSSL 16:8e0d178b1d1e 34667 }
wolfSSL 16:8e0d178b1d1e 34668 XFREE(rawKey, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 34669
wolfSSL 16:8e0d178b1d1e 34670 /* print out remaining values */
wolfSSL 16:8e0d178b1d1e 34671 if ((idx > 0) && (((idx - 1 + lbit) % 15) != 0)) {
wolfSSL 16:8e0d178b1d1e 34672 tmp[sizeof(tmp) - 1] = '\0';
wolfSSL 16:8e0d178b1d1e 34673 if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) {
wolfSSL 16:8e0d178b1d1e 34674 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 34675 }
wolfSSL 16:8e0d178b1d1e 34676 }
wolfSSL 16:8e0d178b1d1e 34677 lbit = 0;
wolfSSL 16:8e0d178b1d1e 34678 }
wolfSSL 16:8e0d178b1d1e 34679
wolfSSL 16:8e0d178b1d1e 34680 }
wolfSSL 16:8e0d178b1d1e 34681 /* done with print out */
wolfSSL 16:8e0d178b1d1e 34682 if (wolfSSL_BIO_write(bio, "\n\0", (int)XSTRLEN("\n\0")) <= 0) {
wolfSSL 16:8e0d178b1d1e 34683 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 34684 }
wolfSSL 16:8e0d178b1d1e 34685
wolfSSL 16:8e0d178b1d1e 34686 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 34687 }
wolfSSL 16:8e0d178b1d1e 34688
wolfSSL 16:8e0d178b1d1e 34689 #endif /* XSNPRINTF */
wolfSSL 16:8e0d178b1d1e 34690
wolfSSL 15:117db924cf7c 34691 #if !defined(NO_FILESYSTEM)
wolfSSL 15:117db924cf7c 34692 #ifndef NO_WOLFSSL_STUB
wolfSSL 16:8e0d178b1d1e 34693 WOLFSSL_RSA *wolfSSL_PEM_read_RSAPublicKey(XFILE fp, WOLFSSL_RSA **x,
wolfSSL 15:117db924cf7c 34694 pem_password_cb *cb, void *u)
wolfSSL 15:117db924cf7c 34695 {
wolfSSL 15:117db924cf7c 34696 (void)fp;
wolfSSL 15:117db924cf7c 34697 (void)x;
wolfSSL 15:117db924cf7c 34698 (void)cb;
wolfSSL 15:117db924cf7c 34699 (void)u;
wolfSSL 15:117db924cf7c 34700 WOLFSSL_STUB("PEM_read_RSAPublicKey");
wolfSSL 15:117db924cf7c 34701 WOLFSSL_MSG("wolfSSL_PEM_read_RSAPublicKey not implemented");
wolfSSL 15:117db924cf7c 34702
wolfSSL 15:117db924cf7c 34703 return NULL;
wolfSSL 15:117db924cf7c 34704 }
wolfSSL 15:117db924cf7c 34705 #endif
wolfSSL 15:117db924cf7c 34706 /* return code compliant with OpenSSL :
wolfSSL 15:117db924cf7c 34707 * 1 if success, 0 if error
wolfSSL 15:117db924cf7c 34708 */
wolfSSL 15:117db924cf7c 34709 #ifndef NO_WOLFSSL_STUB
wolfSSL 16:8e0d178b1d1e 34710 int wolfSSL_PEM_write_RSAPublicKey(XFILE fp, WOLFSSL_RSA *x)
wolfSSL 15:117db924cf7c 34711 {
wolfSSL 15:117db924cf7c 34712 (void)fp;
wolfSSL 15:117db924cf7c 34713 (void)x;
wolfSSL 15:117db924cf7c 34714 WOLFSSL_STUB("PEM_write_RSAPublicKey");
wolfSSL 15:117db924cf7c 34715 WOLFSSL_MSG("wolfSSL_PEM_write_RSAPublicKey not implemented");
wolfSSL 15:117db924cf7c 34716
wolfSSL 15:117db924cf7c 34717 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 34718 }
wolfSSL 15:117db924cf7c 34719 #endif
wolfSSL 15:117db924cf7c 34720
wolfSSL 15:117db924cf7c 34721 /* return code compliant with OpenSSL :
wolfSSL 15:117db924cf7c 34722 * 1 if success, 0 if error
wolfSSL 15:117db924cf7c 34723 */
wolfSSL 15:117db924cf7c 34724 #ifndef NO_WOLFSSL_STUB
wolfSSL 16:8e0d178b1d1e 34725 int wolfSSL_PEM_write_RSA_PUBKEY(XFILE fp, WOLFSSL_RSA *x)
wolfSSL 15:117db924cf7c 34726 {
wolfSSL 15:117db924cf7c 34727 (void)fp;
wolfSSL 15:117db924cf7c 34728 (void)x;
wolfSSL 15:117db924cf7c 34729 WOLFSSL_STUB("PEM_write_RSA_PUBKEY");
wolfSSL 15:117db924cf7c 34730 WOLFSSL_MSG("wolfSSL_PEM_write_RSA_PUBKEY not implemented");
wolfSSL 15:117db924cf7c 34731
wolfSSL 15:117db924cf7c 34732 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 34733 }
wolfSSL 15:117db924cf7c 34734 #endif
wolfSSL 15:117db924cf7c 34735
wolfSSL 15:117db924cf7c 34736 #endif /* NO_FILESYSTEM */
wolfSSL 15:117db924cf7c 34737
wolfSSL 16:8e0d178b1d1e 34738 WOLFSSL_RSA *wolfSSL_d2i_RSAPublicKey(WOLFSSL_RSA **r, const unsigned char **pp,
wolfSSL 16:8e0d178b1d1e 34739 long len)
wolfSSL 15:117db924cf7c 34740 {
wolfSSL 15:117db924cf7c 34741 WOLFSSL_RSA *rsa = NULL;
wolfSSL 15:117db924cf7c 34742
wolfSSL 15:117db924cf7c 34743 WOLFSSL_ENTER("d2i_RSAPublicKey");
wolfSSL 15:117db924cf7c 34744
wolfSSL 16:8e0d178b1d1e 34745 if (pp == NULL) {
wolfSSL 15:117db924cf7c 34746 WOLFSSL_MSG("Bad argument");
wolfSSL 15:117db924cf7c 34747 return NULL;
wolfSSL 15:117db924cf7c 34748 }
wolfSSL 16:8e0d178b1d1e 34749 if ((rsa = wolfSSL_RSA_new()) == NULL) {
wolfSSL 15:117db924cf7c 34750 WOLFSSL_MSG("RSA_new failed");
wolfSSL 15:117db924cf7c 34751 return NULL;
wolfSSL 15:117db924cf7c 34752 }
wolfSSL 15:117db924cf7c 34753
wolfSSL 16:8e0d178b1d1e 34754 if (wolfSSL_RSA_LoadDer_ex(rsa, *pp, (int)len, WOLFSSL_RSA_LOAD_PUBLIC)
wolfSSL 16:8e0d178b1d1e 34755 != WOLFSSL_SUCCESS) {
wolfSSL 15:117db924cf7c 34756 WOLFSSL_MSG("RSA_LoadDer failed");
wolfSSL 15:117db924cf7c 34757 wolfSSL_RSA_free(rsa);
wolfSSL 15:117db924cf7c 34758 rsa = NULL;
wolfSSL 16:8e0d178b1d1e 34759 }
wolfSSL 16:8e0d178b1d1e 34760 if (r != NULL)
wolfSSL 15:117db924cf7c 34761 *r = rsa;
wolfSSL 16:8e0d178b1d1e 34762
wolfSSL 15:117db924cf7c 34763 return rsa;
wolfSSL 15:117db924cf7c 34764 }
wolfSSL 15:117db924cf7c 34765
wolfSSL 16:8e0d178b1d1e 34766 /* Converts an RSA private key from DER format to an RSA structure.
wolfSSL 16:8e0d178b1d1e 34767 Returns pointer to the RSA structure on success and NULL if error. */
wolfSSL 16:8e0d178b1d1e 34768 WOLFSSL_RSA *wolfSSL_d2i_RSAPrivateKey(WOLFSSL_RSA **r,
wolfSSL 15:117db924cf7c 34769 const unsigned char **derBuf, long derSz)
wolfSSL 15:117db924cf7c 34770 {
wolfSSL 15:117db924cf7c 34771 WOLFSSL_RSA *rsa = NULL;
wolfSSL 15:117db924cf7c 34772
wolfSSL 15:117db924cf7c 34773 WOLFSSL_ENTER("wolfSSL_d2i_RSAPrivateKey");
wolfSSL 15:117db924cf7c 34774
wolfSSL 15:117db924cf7c 34775 /* check for bad functions arguments */
wolfSSL 15:117db924cf7c 34776 if (derBuf == NULL) {
wolfSSL 15:117db924cf7c 34777 WOLFSSL_MSG("Bad argument");
wolfSSL 15:117db924cf7c 34778 return NULL;
wolfSSL 15:117db924cf7c 34779 }
wolfSSL 15:117db924cf7c 34780 if ((rsa = wolfSSL_RSA_new()) == NULL) {
wolfSSL 15:117db924cf7c 34781 WOLFSSL_MSG("RSA_new failed");
wolfSSL 15:117db924cf7c 34782 return NULL;
wolfSSL 15:117db924cf7c 34783 }
wolfSSL 15:117db924cf7c 34784
wolfSSL 16:8e0d178b1d1e 34785 if (wolfSSL_RSA_LoadDer_ex(rsa, *derBuf, (int)derSz,
wolfSSL 15:117db924cf7c 34786 WOLFSSL_RSA_LOAD_PRIVATE) != WOLFSSL_SUCCESS) {
wolfSSL 15:117db924cf7c 34787 WOLFSSL_MSG("RSA_LoadDer failed");
wolfSSL 15:117db924cf7c 34788 wolfSSL_RSA_free(rsa);
wolfSSL 15:117db924cf7c 34789 rsa = NULL;
wolfSSL 16:8e0d178b1d1e 34790 }
wolfSSL 16:8e0d178b1d1e 34791 if (r != NULL)
wolfSSL 15:117db924cf7c 34792 *r = rsa;
wolfSSL 15:117db924cf7c 34793
wolfSSL 15:117db924cf7c 34794 return rsa;
wolfSSL 15:117db924cf7c 34795 }
wolfSSL 15:117db924cf7c 34796
wolfSSL 16:8e0d178b1d1e 34797 #if !defined(HAVE_FAST_RSA) && defined(WOLFSSL_KEY_GEN) && \
wolfSSL 16:8e0d178b1d1e 34798 !defined(NO_RSA) && !defined(HAVE_USER_RSA)
wolfSSL 16:8e0d178b1d1e 34799 /* Converts an internal RSA structure to DER format.
wolfSSL 16:8e0d178b1d1e 34800 * If "pp" is null then buffer size only is returned.
wolfSSL 16:8e0d178b1d1e 34801 * If "*pp" is null then a created buffer is set in *pp and the caller is
wolfSSL 16:8e0d178b1d1e 34802 * responsible for free'ing it.
wolfSSL 16:8e0d178b1d1e 34803 * Returns size of DER on success and WOLFSSL_FAILURE if error
wolfSSL 16:8e0d178b1d1e 34804 */
wolfSSL 15:117db924cf7c 34805 int wolfSSL_i2d_RSAPrivateKey(WOLFSSL_RSA *rsa, unsigned char **pp)
wolfSSL 15:117db924cf7c 34806 {
wolfSSL 16:8e0d178b1d1e 34807 int ret;
wolfSSL 15:117db924cf7c 34808
wolfSSL 15:117db924cf7c 34809 WOLFSSL_ENTER("wolfSSL_i2d_RSAPrivateKey");
wolfSSL 15:117db924cf7c 34810
wolfSSL 15:117db924cf7c 34811 /* check for bad functions arguments */
wolfSSL 16:8e0d178b1d1e 34812 if (rsa == NULL) {
wolfSSL 15:117db924cf7c 34813 WOLFSSL_MSG("Bad Function Arguments");
wolfSSL 15:117db924cf7c 34814 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 34815 }
wolfSSL 15:117db924cf7c 34816
wolfSSL 16:8e0d178b1d1e 34817 if ((ret = wolfSSL_RSA_To_Der(rsa, pp, 0)) < 0) {
wolfSSL 16:8e0d178b1d1e 34818 WOLFSSL_MSG("wolfSSL_RSA_To_Der failed");
wolfSSL 16:8e0d178b1d1e 34819 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 34820 }
wolfSSL 16:8e0d178b1d1e 34821
wolfSSL 16:8e0d178b1d1e 34822 return ret; /* returns size of DER if successful */
wolfSSL 16:8e0d178b1d1e 34823 }
wolfSSL 15:117db924cf7c 34824
wolfSSL 15:117db924cf7c 34825
wolfSSL 15:117db924cf7c 34826 int wolfSSL_i2d_RSAPublicKey(WOLFSSL_RSA *rsa, const unsigned char **pp)
wolfSSL 15:117db924cf7c 34827 {
wolfSSL 16:8e0d178b1d1e 34828 int ret;
wolfSSL 16:8e0d178b1d1e 34829
wolfSSL 16:8e0d178b1d1e 34830 /* check for bad functions arguments */
wolfSSL 16:8e0d178b1d1e 34831 if (rsa == NULL) {
wolfSSL 16:8e0d178b1d1e 34832 WOLFSSL_MSG("Bad Function Arguments");
wolfSSL 16:8e0d178b1d1e 34833 return BAD_FUNC_ARG;
wolfSSL 16:8e0d178b1d1e 34834 }
wolfSSL 16:8e0d178b1d1e 34835
wolfSSL 16:8e0d178b1d1e 34836 if ((ret = wolfSSL_RSA_To_Der(rsa, (byte**)pp, 1)) < 0) {
wolfSSL 16:8e0d178b1d1e 34837 WOLFSSL_MSG("wolfSSL_RSA_To_Der failed");
wolfSSL 16:8e0d178b1d1e 34838 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 34839 }
wolfSSL 16:8e0d178b1d1e 34840
wolfSSL 16:8e0d178b1d1e 34841 return ret;
wolfSSL 16:8e0d178b1d1e 34842 }
wolfSSL 16:8e0d178b1d1e 34843 #endif /* !defined(HAVE_FAST_RSA) && defined(WOLFSSL_KEY_GEN) && \
wolfSSL 16:8e0d178b1d1e 34844 * !defined(NO_RSA) && !defined(HAVE_USER_RSA) */
wolfSSL 15:117db924cf7c 34845
wolfSSL 15:117db924cf7c 34846 #endif /* !NO_RSA */
wolfSSL 15:117db924cf7c 34847 #endif /* OPENSSL_EXTRA */
wolfSSL 15:117db924cf7c 34848
wolfSSL 15:117db924cf7c 34849 #if !defined(NO_RSA) && (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
wolfSSL 15:117db924cf7c 34850 /* return WOLFSSL_SUCCESS if success, WOLFSSL_FATAL_ERROR if error */
wolfSSL 15:117db924cf7c 34851 int wolfSSL_RSA_LoadDer(WOLFSSL_RSA* rsa, const unsigned char* derBuf, int derSz)
wolfSSL 15:117db924cf7c 34852 {
wolfSSL 15:117db924cf7c 34853 return wolfSSL_RSA_LoadDer_ex(rsa, derBuf, derSz, WOLFSSL_RSA_LOAD_PRIVATE);
wolfSSL 15:117db924cf7c 34854 }
wolfSSL 15:117db924cf7c 34855
wolfSSL 15:117db924cf7c 34856
wolfSSL 15:117db924cf7c 34857 int wolfSSL_RSA_LoadDer_ex(WOLFSSL_RSA* rsa, const unsigned char* derBuf,
wolfSSL 15:117db924cf7c 34858 int derSz, int opt)
wolfSSL 15:117db924cf7c 34859 {
wolfSSL 15:117db924cf7c 34860
wolfSSL 15:117db924cf7c 34861 word32 idx = 0;
wolfSSL 15:117db924cf7c 34862 int ret;
wolfSSL 15:117db924cf7c 34863
wolfSSL 15:117db924cf7c 34864 WOLFSSL_ENTER("wolfSSL_RSA_LoadDer");
wolfSSL 15:117db924cf7c 34865
wolfSSL 15:117db924cf7c 34866 if (rsa == NULL || rsa->internal == NULL || derBuf == NULL || derSz <= 0) {
wolfSSL 15:117db924cf7c 34867 WOLFSSL_MSG("Bad function arguments");
wolfSSL 15:117db924cf7c 34868 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 34869 }
wolfSSL 15:117db924cf7c 34870
wolfSSL 15:117db924cf7c 34871 if (opt == WOLFSSL_RSA_LOAD_PRIVATE) {
wolfSSL 15:117db924cf7c 34872 ret = wc_RsaPrivateKeyDecode(derBuf, &idx, (RsaKey*)rsa->internal, derSz);
wolfSSL 15:117db924cf7c 34873 }
wolfSSL 15:117db924cf7c 34874 else {
wolfSSL 15:117db924cf7c 34875 ret = wc_RsaPublicKeyDecode(derBuf, &idx, (RsaKey*)rsa->internal, derSz);
wolfSSL 15:117db924cf7c 34876 }
wolfSSL 15:117db924cf7c 34877
wolfSSL 15:117db924cf7c 34878 if (ret < 0) {
wolfSSL 15:117db924cf7c 34879 if (opt == WOLFSSL_RSA_LOAD_PRIVATE) {
wolfSSL 15:117db924cf7c 34880 WOLFSSL_MSG("RsaPrivateKeyDecode failed");
wolfSSL 15:117db924cf7c 34881 }
wolfSSL 15:117db924cf7c 34882 else {
wolfSSL 15:117db924cf7c 34883 WOLFSSL_MSG("RsaPublicKeyDecode failed");
wolfSSL 15:117db924cf7c 34884 }
wolfSSL 15:117db924cf7c 34885 return SSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 34886 }
wolfSSL 15:117db924cf7c 34887
wolfSSL 15:117db924cf7c 34888 if (SetRsaExternal(rsa) != WOLFSSL_SUCCESS) {
wolfSSL 15:117db924cf7c 34889 WOLFSSL_MSG("SetRsaExternal failed");
wolfSSL 15:117db924cf7c 34890 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 34891 }
wolfSSL 15:117db924cf7c 34892
wolfSSL 15:117db924cf7c 34893 rsa->inSet = 1;
wolfSSL 15:117db924cf7c 34894
wolfSSL 15:117db924cf7c 34895 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 34896 }
wolfSSL 16:8e0d178b1d1e 34897
wolfSSL 16:8e0d178b1d1e 34898 #if defined(WC_RSA_PSS) && (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || \
wolfSSL 16:8e0d178b1d1e 34899 defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_NGINX))
wolfSSL 16:8e0d178b1d1e 34900 static int hash2mgf(enum wc_HashType hType)
wolfSSL 16:8e0d178b1d1e 34901 {
wolfSSL 16:8e0d178b1d1e 34902 switch (hType) {
wolfSSL 16:8e0d178b1d1e 34903 #ifndef NO_SHA
wolfSSL 16:8e0d178b1d1e 34904 case WC_HASH_TYPE_SHA:
wolfSSL 16:8e0d178b1d1e 34905 return WC_MGF1SHA1;
wolfSSL 16:8e0d178b1d1e 34906 #endif
wolfSSL 16:8e0d178b1d1e 34907 #ifndef NO_SHA256
wolfSSL 16:8e0d178b1d1e 34908 #ifdef WOLFSSL_SHA224
wolfSSL 16:8e0d178b1d1e 34909 case WC_HASH_TYPE_SHA224:
wolfSSL 16:8e0d178b1d1e 34910 return WC_MGF1SHA224;
wolfSSL 16:8e0d178b1d1e 34911 #endif
wolfSSL 16:8e0d178b1d1e 34912 case WC_HASH_TYPE_SHA256:
wolfSSL 16:8e0d178b1d1e 34913 return WC_MGF1SHA256;
wolfSSL 16:8e0d178b1d1e 34914 #endif
wolfSSL 16:8e0d178b1d1e 34915 #ifdef WOLFSSL_SHA384
wolfSSL 16:8e0d178b1d1e 34916 case WC_HASH_TYPE_SHA384:
wolfSSL 16:8e0d178b1d1e 34917 return WC_MGF1SHA384;
wolfSSL 16:8e0d178b1d1e 34918 #endif
wolfSSL 16:8e0d178b1d1e 34919 #ifdef WOLFSSL_SHA512
wolfSSL 16:8e0d178b1d1e 34920 case WC_HASH_TYPE_SHA512:
wolfSSL 16:8e0d178b1d1e 34921 return WC_MGF1SHA512;
wolfSSL 16:8e0d178b1d1e 34922 #endif
wolfSSL 16:8e0d178b1d1e 34923 case WC_HASH_TYPE_NONE:
wolfSSL 16:8e0d178b1d1e 34924 case WC_HASH_TYPE_MD2:
wolfSSL 16:8e0d178b1d1e 34925 case WC_HASH_TYPE_MD4:
wolfSSL 16:8e0d178b1d1e 34926 case WC_HASH_TYPE_MD5:
wolfSSL 16:8e0d178b1d1e 34927 case WC_HASH_TYPE_MD5_SHA:
wolfSSL 16:8e0d178b1d1e 34928 case WC_HASH_TYPE_SHA3_224:
wolfSSL 16:8e0d178b1d1e 34929 case WC_HASH_TYPE_SHA3_256:
wolfSSL 16:8e0d178b1d1e 34930 case WC_HASH_TYPE_SHA3_384:
wolfSSL 16:8e0d178b1d1e 34931 case WC_HASH_TYPE_SHA3_512:
wolfSSL 16:8e0d178b1d1e 34932 case WC_HASH_TYPE_BLAKE2B:
wolfSSL 16:8e0d178b1d1e 34933 case WC_HASH_TYPE_BLAKE2S:
wolfSSL 16:8e0d178b1d1e 34934 default:
wolfSSL 16:8e0d178b1d1e 34935 WOLFSSL_MSG("Unrecognized or unsupported hash function");
wolfSSL 16:8e0d178b1d1e 34936 return WC_MGF1NONE;
wolfSSL 16:8e0d178b1d1e 34937 }
wolfSSL 16:8e0d178b1d1e 34938 }
wolfSSL 16:8e0d178b1d1e 34939
wolfSSL 16:8e0d178b1d1e 34940 /*
wolfSSL 16:8e0d178b1d1e 34941 * +-----------+
wolfSSL 16:8e0d178b1d1e 34942 * | M |
wolfSSL 16:8e0d178b1d1e 34943 * +-----------+
wolfSSL 16:8e0d178b1d1e 34944 * |
wolfSSL 16:8e0d178b1d1e 34945 * V
wolfSSL 16:8e0d178b1d1e 34946 * Hash
wolfSSL 16:8e0d178b1d1e 34947 * |
wolfSSL 16:8e0d178b1d1e 34948 * V
wolfSSL 16:8e0d178b1d1e 34949 * +--------+----------+----------+
wolfSSL 16:8e0d178b1d1e 34950 * M' = |Padding1| mHash | salt |
wolfSSL 16:8e0d178b1d1e 34951 * +--------+----------+----------+
wolfSSL 16:8e0d178b1d1e 34952 * |
wolfSSL 16:8e0d178b1d1e 34953 * +--------+----------+ V
wolfSSL 16:8e0d178b1d1e 34954 * DB = |Padding2|maskedseed| Hash
wolfSSL 16:8e0d178b1d1e 34955 * +--------+----------+ |
wolfSSL 16:8e0d178b1d1e 34956 * | |
wolfSSL 16:8e0d178b1d1e 34957 * V | +--+
wolfSSL 16:8e0d178b1d1e 34958 * xor <--- MGF <---| |bc|
wolfSSL 16:8e0d178b1d1e 34959 * | | +--+
wolfSSL 16:8e0d178b1d1e 34960 * | | |
wolfSSL 16:8e0d178b1d1e 34961 * V V V
wolfSSL 16:8e0d178b1d1e 34962 * +-------------------+----------+--+
wolfSSL 16:8e0d178b1d1e 34963 * EM = | maskedDB |maskedseed|bc|
wolfSSL 16:8e0d178b1d1e 34964 * +-------------------+----------+--+
wolfSSL 16:8e0d178b1d1e 34965 * Diagram taken from https://tools.ietf.org/html/rfc3447#section-9.1
wolfSSL 16:8e0d178b1d1e 34966 */
wolfSSL 16:8e0d178b1d1e 34967 int wolfSSL_RSA_padding_add_PKCS1_PSS(WOLFSSL_RSA *rsa, unsigned char *EM,
wolfSSL 16:8e0d178b1d1e 34968 const unsigned char *mHash,
wolfSSL 16:8e0d178b1d1e 34969 const WOLFSSL_EVP_MD *hashAlg, int saltLen)
wolfSSL 16:8e0d178b1d1e 34970 {
wolfSSL 16:8e0d178b1d1e 34971 int hashLen, emLen, mgf;
wolfSSL 16:8e0d178b1d1e 34972 int ret = WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 34973 int initTmpRng = 0;
wolfSSL 16:8e0d178b1d1e 34974 WC_RNG *rng = NULL;
wolfSSL 16:8e0d178b1d1e 34975 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 16:8e0d178b1d1e 34976 WC_RNG* tmpRNG = NULL;
wolfSSL 16:8e0d178b1d1e 34977 #else
wolfSSL 16:8e0d178b1d1e 34978 WC_RNG _tmpRNG[1];
wolfSSL 16:8e0d178b1d1e 34979 WC_RNG* tmpRNG = _tmpRNG;
wolfSSL 16:8e0d178b1d1e 34980 #endif
wolfSSL 16:8e0d178b1d1e 34981 enum wc_HashType hashType;
wolfSSL 16:8e0d178b1d1e 34982
wolfSSL 16:8e0d178b1d1e 34983 WOLFSSL_ENTER("wolfSSL_RSA_padding_add_PKCS1_PSS");
wolfSSL 16:8e0d178b1d1e 34984
wolfSSL 16:8e0d178b1d1e 34985 if (!rsa || !EM || !mHash || !hashAlg) {
wolfSSL 16:8e0d178b1d1e 34986 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 34987 }
wolfSSL 16:8e0d178b1d1e 34988
wolfSSL 16:8e0d178b1d1e 34989 if (!(rng = WOLFSSL_RSA_GetRNG(rsa, (WC_RNG**)&tmpRNG, &initTmpRng))) {
wolfSSL 16:8e0d178b1d1e 34990 WOLFSSL_MSG("WOLFSSL_RSA_GetRNG error");
wolfSSL 16:8e0d178b1d1e 34991 goto cleanup;
wolfSSL 16:8e0d178b1d1e 34992 }
wolfSSL 16:8e0d178b1d1e 34993
wolfSSL 16:8e0d178b1d1e 34994 if (!rsa->exSet && SetRsaExternal(rsa) != WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 34995 WOLFSSL_MSG("SetRsaExternal error");
wolfSSL 16:8e0d178b1d1e 34996 goto cleanup;
wolfSSL 16:8e0d178b1d1e 34997 }
wolfSSL 16:8e0d178b1d1e 34998
wolfSSL 16:8e0d178b1d1e 34999 hashType = wolfSSL_EVP_md2macType(hashAlg);
wolfSSL 16:8e0d178b1d1e 35000 if (hashType < WC_HASH_TYPE_NONE || hashType > WC_HASH_TYPE_MAX) {
wolfSSL 16:8e0d178b1d1e 35001 WOLFSSL_MSG("wolfSSL_EVP_md2macType error");
wolfSSL 16:8e0d178b1d1e 35002 goto cleanup;
wolfSSL 16:8e0d178b1d1e 35003 }
wolfSSL 16:8e0d178b1d1e 35004
wolfSSL 16:8e0d178b1d1e 35005 if ((mgf = hash2mgf(hashType)) == WC_MGF1NONE) {
wolfSSL 16:8e0d178b1d1e 35006 WOLFSSL_MSG("hash2mgf error");
wolfSSL 16:8e0d178b1d1e 35007 goto cleanup;
wolfSSL 16:8e0d178b1d1e 35008 }
wolfSSL 16:8e0d178b1d1e 35009
wolfSSL 16:8e0d178b1d1e 35010 if ((hashLen = wolfSSL_EVP_MD_size(hashAlg)) < 0) {
wolfSSL 16:8e0d178b1d1e 35011 WOLFSSL_MSG("wolfSSL_EVP_MD_size error");
wolfSSL 16:8e0d178b1d1e 35012 goto cleanup;
wolfSSL 16:8e0d178b1d1e 35013 }
wolfSSL 16:8e0d178b1d1e 35014
wolfSSL 16:8e0d178b1d1e 35015 if ((emLen = wolfSSL_RSA_size(rsa)) <= 0) {
wolfSSL 16:8e0d178b1d1e 35016 WOLFSSL_MSG("wolfSSL_RSA_size error");
wolfSSL 16:8e0d178b1d1e 35017 goto cleanup;
wolfSSL 16:8e0d178b1d1e 35018 }
wolfSSL 16:8e0d178b1d1e 35019
wolfSSL 16:8e0d178b1d1e 35020 switch (saltLen) {
wolfSSL 16:8e0d178b1d1e 35021 /* Negative saltLen values are treated differently */
wolfSSL 16:8e0d178b1d1e 35022 case RSA_PSS_SALTLEN_DIGEST:
wolfSSL 16:8e0d178b1d1e 35023 saltLen = hashLen;
wolfSSL 16:8e0d178b1d1e 35024 break;
wolfSSL 16:8e0d178b1d1e 35025 case RSA_PSS_SALTLEN_MAX_SIGN:
wolfSSL 16:8e0d178b1d1e 35026 case RSA_PSS_SALTLEN_MAX:
wolfSSL 16:8e0d178b1d1e 35027 saltLen = emLen - hashLen - 2;
wolfSSL 16:8e0d178b1d1e 35028 break;
wolfSSL 16:8e0d178b1d1e 35029 default:
wolfSSL 16:8e0d178b1d1e 35030 if (saltLen < 0) {
wolfSSL 16:8e0d178b1d1e 35031 /* Not any currently implemented negative value */
wolfSSL 16:8e0d178b1d1e 35032 WOLFSSL_MSG("invalid saltLen");
wolfSSL 16:8e0d178b1d1e 35033 goto cleanup;
wolfSSL 16:8e0d178b1d1e 35034 }
wolfSSL 16:8e0d178b1d1e 35035 }
wolfSSL 16:8e0d178b1d1e 35036
wolfSSL 16:8e0d178b1d1e 35037 if (wc_RsaPad_ex(mHash, wolfSSL_EVP_MD_size(hashAlg), EM, emLen,
wolfSSL 16:8e0d178b1d1e 35038 RSA_BLOCK_TYPE_1, rng, WC_RSA_PSS_PAD,
wolfSSL 16:8e0d178b1d1e 35039 wolfSSL_EVP_md2macType(hashAlg), mgf, NULL, 0, saltLen,
wolfSSL 16:8e0d178b1d1e 35040 wolfSSL_BN_num_bits(rsa->n), NULL) != MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 35041 WOLFSSL_MSG("wc_RsaPad_ex error");
wolfSSL 16:8e0d178b1d1e 35042 goto cleanup;
wolfSSL 16:8e0d178b1d1e 35043 }
wolfSSL 16:8e0d178b1d1e 35044
wolfSSL 16:8e0d178b1d1e 35045 ret = WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 35046 cleanup:
wolfSSL 16:8e0d178b1d1e 35047 if (initTmpRng)
wolfSSL 16:8e0d178b1d1e 35048 wc_FreeRng(tmpRNG);
wolfSSL 16:8e0d178b1d1e 35049 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 16:8e0d178b1d1e 35050 if (tmpRNG)
wolfSSL 16:8e0d178b1d1e 35051 XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 35052 #endif
wolfSSL 16:8e0d178b1d1e 35053
wolfSSL 16:8e0d178b1d1e 35054 return ret;
wolfSSL 16:8e0d178b1d1e 35055 }
wolfSSL 16:8e0d178b1d1e 35056
wolfSSL 16:8e0d178b1d1e 35057 /*
wolfSSL 16:8e0d178b1d1e 35058 * Refer to wolfSSL_RSA_padding_add_PKCS1_PSS
wolfSSL 16:8e0d178b1d1e 35059 * for an explanation of the parameters.
wolfSSL 16:8e0d178b1d1e 35060 */
wolfSSL 16:8e0d178b1d1e 35061 int wolfSSL_RSA_verify_PKCS1_PSS(WOLFSSL_RSA *rsa, const unsigned char *mHash,
wolfSSL 16:8e0d178b1d1e 35062 const WOLFSSL_EVP_MD *hashAlg,
wolfSSL 16:8e0d178b1d1e 35063 const unsigned char *EM, int saltLen)
wolfSSL 16:8e0d178b1d1e 35064 {
wolfSSL 16:8e0d178b1d1e 35065 int hashLen, mgf, emLen, mPrimeLen;
wolfSSL 16:8e0d178b1d1e 35066 enum wc_HashType hashType;
wolfSSL 16:8e0d178b1d1e 35067 byte *mPrime = NULL;
wolfSSL 16:8e0d178b1d1e 35068 byte *buf = NULL;
wolfSSL 16:8e0d178b1d1e 35069
wolfSSL 16:8e0d178b1d1e 35070 WOLFSSL_ENTER("wolfSSL_RSA_verify_PKCS1_PSS");
wolfSSL 16:8e0d178b1d1e 35071
wolfSSL 16:8e0d178b1d1e 35072 if (!rsa || !mHash || !hashAlg || !EM) {
wolfSSL 16:8e0d178b1d1e 35073 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 35074 }
wolfSSL 16:8e0d178b1d1e 35075
wolfSSL 16:8e0d178b1d1e 35076 if ((hashLen = wolfSSL_EVP_MD_size(hashAlg)) < 0) {
wolfSSL 16:8e0d178b1d1e 35077 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 35078 }
wolfSSL 16:8e0d178b1d1e 35079
wolfSSL 16:8e0d178b1d1e 35080 if ((emLen = wolfSSL_RSA_size(rsa)) <= 0) {
wolfSSL 16:8e0d178b1d1e 35081 WOLFSSL_MSG("wolfSSL_RSA_size error");
wolfSSL 16:8e0d178b1d1e 35082 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 35083 }
wolfSSL 16:8e0d178b1d1e 35084
wolfSSL 16:8e0d178b1d1e 35085 switch (saltLen) {
wolfSSL 16:8e0d178b1d1e 35086 /* Negative saltLen values are treated differently */
wolfSSL 16:8e0d178b1d1e 35087 case RSA_PSS_SALTLEN_DIGEST:
wolfSSL 16:8e0d178b1d1e 35088 saltLen = hashLen;
wolfSSL 16:8e0d178b1d1e 35089 break;
wolfSSL 16:8e0d178b1d1e 35090 case RSA_PSS_SALTLEN_MAX_SIGN:
wolfSSL 16:8e0d178b1d1e 35091 case RSA_PSS_SALTLEN_MAX:
wolfSSL 16:8e0d178b1d1e 35092 saltLen = emLen - hashLen - 2;
wolfSSL 16:8e0d178b1d1e 35093 break;
wolfSSL 16:8e0d178b1d1e 35094 default:
wolfSSL 16:8e0d178b1d1e 35095 if (saltLen < 0) {
wolfSSL 16:8e0d178b1d1e 35096 /* Not any currently implemented negative value */
wolfSSL 16:8e0d178b1d1e 35097 WOLFSSL_MSG("invalid saltLen");
wolfSSL 16:8e0d178b1d1e 35098 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 35099 }
wolfSSL 16:8e0d178b1d1e 35100 }
wolfSSL 16:8e0d178b1d1e 35101
wolfSSL 16:8e0d178b1d1e 35102 if (!rsa->exSet && SetRsaExternal(rsa) != WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 35103 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 35104 }
wolfSSL 16:8e0d178b1d1e 35105
wolfSSL 16:8e0d178b1d1e 35106 hashType = wolfSSL_EVP_md2macType(hashAlg);
wolfSSL 16:8e0d178b1d1e 35107 if (hashType < WC_HASH_TYPE_NONE || hashType > WC_HASH_TYPE_MAX) {
wolfSSL 16:8e0d178b1d1e 35108 WOLFSSL_MSG("wolfSSL_EVP_md2macType error");
wolfSSL 16:8e0d178b1d1e 35109 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 35110 }
wolfSSL 16:8e0d178b1d1e 35111
wolfSSL 16:8e0d178b1d1e 35112 if ((mgf = hash2mgf(hashType)) == WC_MGF1NONE) {
wolfSSL 16:8e0d178b1d1e 35113 WOLFSSL_MSG("hash2mgf error");
wolfSSL 16:8e0d178b1d1e 35114 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 35115 }
wolfSSL 16:8e0d178b1d1e 35116
wolfSSL 16:8e0d178b1d1e 35117 if ((hashLen = wolfSSL_EVP_MD_size(hashAlg)) < 0) {
wolfSSL 16:8e0d178b1d1e 35118 WOLFSSL_MSG("wolfSSL_EVP_MD_size error");
wolfSSL 16:8e0d178b1d1e 35119 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 35120 }
wolfSSL 16:8e0d178b1d1e 35121
wolfSSL 16:8e0d178b1d1e 35122 if (!(buf = (byte*)XMALLOC(emLen, NULL, DYNAMIC_TYPE_TMP_BUFFER))) {
wolfSSL 16:8e0d178b1d1e 35123 WOLFSSL_MSG("malloc error");
wolfSSL 16:8e0d178b1d1e 35124 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 35125 }
wolfSSL 16:8e0d178b1d1e 35126 XMEMCPY(buf, EM, emLen);
wolfSSL 16:8e0d178b1d1e 35127
wolfSSL 16:8e0d178b1d1e 35128 /* Remove and verify the PSS padding */
wolfSSL 16:8e0d178b1d1e 35129 if ((mPrimeLen = wc_RsaUnPad_ex(buf, emLen, &mPrime,
wolfSSL 16:8e0d178b1d1e 35130 RSA_BLOCK_TYPE_1, WC_RSA_PSS_PAD, hashType,
wolfSSL 16:8e0d178b1d1e 35131 mgf, NULL, 0, saltLen,
wolfSSL 16:8e0d178b1d1e 35132 wolfSSL_BN_num_bits(rsa->n), NULL)) < 0) {
wolfSSL 16:8e0d178b1d1e 35133 WOLFSSL_MSG("wc_RsaPad_ex error");
wolfSSL 16:8e0d178b1d1e 35134 XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 35135 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 35136 }
wolfSSL 16:8e0d178b1d1e 35137
wolfSSL 16:8e0d178b1d1e 35138 /* Verify the hash is correct */
wolfSSL 16:8e0d178b1d1e 35139 if (wc_RsaPSS_CheckPadding_ex(mHash, hashLen, mPrime, mPrimeLen, hashType,
wolfSSL 16:8e0d178b1d1e 35140 saltLen, wolfSSL_BN_num_bits(rsa->n))
wolfSSL 16:8e0d178b1d1e 35141 != MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 35142 WOLFSSL_MSG("wc_RsaPSS_CheckPadding_ex error");
wolfSSL 16:8e0d178b1d1e 35143 XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 35144 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 35145 }
wolfSSL 16:8e0d178b1d1e 35146 XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 35147 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 35148 }
wolfSSL 16:8e0d178b1d1e 35149 #endif
wolfSSL 16:8e0d178b1d1e 35150
wolfSSL 16:8e0d178b1d1e 35151 #if defined(OPENSSL_EXTRA)
wolfSSL 16:8e0d178b1d1e 35152 WOLFSSL_RSA_METHOD *wolfSSL_RSA_meth_new(const char *name, int flags)
wolfSSL 16:8e0d178b1d1e 35153 {
wolfSSL 16:8e0d178b1d1e 35154 int name_len;
wolfSSL 16:8e0d178b1d1e 35155 WOLFSSL_RSA_METHOD* meth;
wolfSSL 16:8e0d178b1d1e 35156
wolfSSL 16:8e0d178b1d1e 35157 if (name == NULL) {
wolfSSL 16:8e0d178b1d1e 35158 return NULL;
wolfSSL 16:8e0d178b1d1e 35159 }
wolfSSL 16:8e0d178b1d1e 35160
wolfSSL 16:8e0d178b1d1e 35161 meth = (WOLFSSL_RSA_METHOD*)XMALLOC(sizeof(WOLFSSL_RSA_METHOD), NULL,
wolfSSL 16:8e0d178b1d1e 35162 DYNAMIC_TYPE_OPENSSL);
wolfSSL 16:8e0d178b1d1e 35163 name_len = (int)XSTRLEN(name);
wolfSSL 16:8e0d178b1d1e 35164 if (!meth) {
wolfSSL 16:8e0d178b1d1e 35165 return NULL;
wolfSSL 16:8e0d178b1d1e 35166 }
wolfSSL 16:8e0d178b1d1e 35167 meth->flags = flags;
wolfSSL 16:8e0d178b1d1e 35168 meth->name = (char*)XMALLOC(name_len+1, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL 16:8e0d178b1d1e 35169 if (!meth->name) {
wolfSSL 16:8e0d178b1d1e 35170 XFREE(meth, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL 16:8e0d178b1d1e 35171 return NULL;
wolfSSL 16:8e0d178b1d1e 35172 }
wolfSSL 16:8e0d178b1d1e 35173 XMEMCPY(meth->name, name, name_len+1);
wolfSSL 16:8e0d178b1d1e 35174
wolfSSL 16:8e0d178b1d1e 35175 return meth;
wolfSSL 16:8e0d178b1d1e 35176 }
wolfSSL 16:8e0d178b1d1e 35177
wolfSSL 16:8e0d178b1d1e 35178 void wolfSSL_RSA_meth_free(WOLFSSL_RSA_METHOD *meth)
wolfSSL 16:8e0d178b1d1e 35179 {
wolfSSL 16:8e0d178b1d1e 35180 if (meth) {
wolfSSL 16:8e0d178b1d1e 35181 XFREE(meth->name, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL 16:8e0d178b1d1e 35182 XFREE(meth, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL 16:8e0d178b1d1e 35183 }
wolfSSL 16:8e0d178b1d1e 35184 }
wolfSSL 16:8e0d178b1d1e 35185
wolfSSL 16:8e0d178b1d1e 35186 #ifndef NO_WOLFSSL_STUB
wolfSSL 16:8e0d178b1d1e 35187 int wolfSSL_RSA_meth_set(WOLFSSL_RSA_METHOD *rsa, void* p)
wolfSSL 16:8e0d178b1d1e 35188 {
wolfSSL 16:8e0d178b1d1e 35189 (void)rsa;
wolfSSL 16:8e0d178b1d1e 35190 (void)p;
wolfSSL 16:8e0d178b1d1e 35191 WOLFSSL_STUB("RSA_METHOD is not implemented.");
wolfSSL 16:8e0d178b1d1e 35192 return 1;
wolfSSL 16:8e0d178b1d1e 35193 }
wolfSSL 16:8e0d178b1d1e 35194 #endif
wolfSSL 16:8e0d178b1d1e 35195
wolfSSL 16:8e0d178b1d1e 35196 int wolfSSL_RSA_set_method(WOLFSSL_RSA *rsa, WOLFSSL_RSA_METHOD *meth)
wolfSSL 16:8e0d178b1d1e 35197 {
wolfSSL 16:8e0d178b1d1e 35198 if (rsa)
wolfSSL 16:8e0d178b1d1e 35199 rsa->meth = meth;
wolfSSL 16:8e0d178b1d1e 35200 return 1;
wolfSSL 16:8e0d178b1d1e 35201 }
wolfSSL 16:8e0d178b1d1e 35202
wolfSSL 16:8e0d178b1d1e 35203 const WOLFSSL_RSA_METHOD* wolfSSL_RSA_get_method(const WOLFSSL_RSA *rsa)
wolfSSL 16:8e0d178b1d1e 35204 {
wolfSSL 16:8e0d178b1d1e 35205 if (!rsa) {
wolfSSL 16:8e0d178b1d1e 35206 return NULL;
wolfSSL 16:8e0d178b1d1e 35207 }
wolfSSL 16:8e0d178b1d1e 35208 return rsa->meth;
wolfSSL 16:8e0d178b1d1e 35209 }
wolfSSL 16:8e0d178b1d1e 35210
wolfSSL 16:8e0d178b1d1e 35211 const WOLFSSL_RSA_METHOD* wolfSSL_RSA_get_default_method(void)
wolfSSL 16:8e0d178b1d1e 35212 {
wolfSSL 16:8e0d178b1d1e 35213 return wolfSSL_RSA_meth_new("wolfSSL RSA", 0);
wolfSSL 16:8e0d178b1d1e 35214 }
wolfSSL 16:8e0d178b1d1e 35215
wolfSSL 16:8e0d178b1d1e 35216 int wolfSSL_RSA_flags(const WOLFSSL_RSA *r)
wolfSSL 16:8e0d178b1d1e 35217 {
wolfSSL 16:8e0d178b1d1e 35218 if (r && r->meth) {
wolfSSL 16:8e0d178b1d1e 35219 return r->meth->flags;
wolfSSL 16:8e0d178b1d1e 35220 } else {
wolfSSL 16:8e0d178b1d1e 35221 return 0;
wolfSSL 16:8e0d178b1d1e 35222 }
wolfSSL 16:8e0d178b1d1e 35223 }
wolfSSL 16:8e0d178b1d1e 35224
wolfSSL 16:8e0d178b1d1e 35225 void wolfSSL_RSA_set_flags(WOLFSSL_RSA *r, int flags)
wolfSSL 16:8e0d178b1d1e 35226 {
wolfSSL 16:8e0d178b1d1e 35227 if (r && r->meth) {
wolfSSL 16:8e0d178b1d1e 35228 r->meth->flags = flags;
wolfSSL 16:8e0d178b1d1e 35229 }
wolfSSL 16:8e0d178b1d1e 35230 }
wolfSSL 16:8e0d178b1d1e 35231
wolfSSL 16:8e0d178b1d1e 35232 #if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) && !defined(HAVE_USER_RSA)
wolfSSL 16:8e0d178b1d1e 35233 WOLFSSL_RSA* wolfSSL_RSAPublicKey_dup(WOLFSSL_RSA *rsa)
wolfSSL 16:8e0d178b1d1e 35234 {
wolfSSL 16:8e0d178b1d1e 35235 int derSz = 0;
wolfSSL 16:8e0d178b1d1e 35236 byte *derBuf = NULL;
wolfSSL 16:8e0d178b1d1e 35237 WOLFSSL_RSA* local;
wolfSSL 16:8e0d178b1d1e 35238
wolfSSL 16:8e0d178b1d1e 35239 WOLFSSL_ENTER("wolfSSL_RSAPublicKey_dup");
wolfSSL 16:8e0d178b1d1e 35240
wolfSSL 16:8e0d178b1d1e 35241 if (!rsa) {
wolfSSL 16:8e0d178b1d1e 35242 return NULL;
wolfSSL 16:8e0d178b1d1e 35243 }
wolfSSL 16:8e0d178b1d1e 35244
wolfSSL 16:8e0d178b1d1e 35245 local = wolfSSL_RSA_new();
wolfSSL 16:8e0d178b1d1e 35246 if (local == NULL) {
wolfSSL 16:8e0d178b1d1e 35247 WOLFSSL_MSG("Error creating a new WOLFSSL_RSA structure");
wolfSSL 16:8e0d178b1d1e 35248 return NULL;
wolfSSL 16:8e0d178b1d1e 35249 }
wolfSSL 16:8e0d178b1d1e 35250
wolfSSL 16:8e0d178b1d1e 35251 if ((derSz = wolfSSL_RSA_To_Der(rsa, &derBuf, 1)) < 0) {
wolfSSL 16:8e0d178b1d1e 35252 WOLFSSL_MSG("wolfSSL_RSA_To_Der failed");
wolfSSL 16:8e0d178b1d1e 35253 return NULL;
wolfSSL 16:8e0d178b1d1e 35254 }
wolfSSL 16:8e0d178b1d1e 35255
wolfSSL 16:8e0d178b1d1e 35256 if (wolfSSL_RSA_LoadDer_ex(local,
wolfSSL 16:8e0d178b1d1e 35257 derBuf, derSz,
wolfSSL 16:8e0d178b1d1e 35258 WOLFSSL_RSA_LOAD_PUBLIC) != SSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 35259 wolfSSL_RSA_free(local);
wolfSSL 16:8e0d178b1d1e 35260 local = NULL;
wolfSSL 16:8e0d178b1d1e 35261 }
wolfSSL 16:8e0d178b1d1e 35262 XFREE(derBuf, NULL, DYNAMIC_TYPE_ASN1);
wolfSSL 16:8e0d178b1d1e 35263 return local;
wolfSSL 16:8e0d178b1d1e 35264 }
wolfSSL 16:8e0d178b1d1e 35265 #endif
wolfSSL 16:8e0d178b1d1e 35266
wolfSSL 16:8e0d178b1d1e 35267 void* wolfSSL_RSA_get_ex_data(const WOLFSSL_RSA *rsa, int idx)
wolfSSL 16:8e0d178b1d1e 35268 {
wolfSSL 16:8e0d178b1d1e 35269 WOLFSSL_ENTER("wolfSSL_RSA_get_ex_data");
wolfSSL 16:8e0d178b1d1e 35270 #ifdef HAVE_EX_DATA
wolfSSL 16:8e0d178b1d1e 35271 if (rsa) {
wolfSSL 16:8e0d178b1d1e 35272 return wolfSSL_CRYPTO_get_ex_data(&rsa->ex_data, idx);
wolfSSL 16:8e0d178b1d1e 35273 }
wolfSSL 16:8e0d178b1d1e 35274 #else
wolfSSL 16:8e0d178b1d1e 35275 (void)rsa;
wolfSSL 16:8e0d178b1d1e 35276 (void)idx;
wolfSSL 16:8e0d178b1d1e 35277 #endif
wolfSSL 16:8e0d178b1d1e 35278 return NULL;
wolfSSL 16:8e0d178b1d1e 35279 }
wolfSSL 16:8e0d178b1d1e 35280
wolfSSL 16:8e0d178b1d1e 35281 int wolfSSL_RSA_set_ex_data(WOLFSSL_RSA *rsa, int idx, void *data)
wolfSSL 16:8e0d178b1d1e 35282 {
wolfSSL 16:8e0d178b1d1e 35283 WOLFSSL_ENTER("wolfSSL_RSA_set_ex_data");
wolfSSL 16:8e0d178b1d1e 35284 #ifdef HAVE_EX_DATA
wolfSSL 16:8e0d178b1d1e 35285 if (rsa) {
wolfSSL 16:8e0d178b1d1e 35286 return wolfSSL_CRYPTO_set_ex_data(&rsa->ex_data, idx, data);
wolfSSL 16:8e0d178b1d1e 35287 }
wolfSSL 16:8e0d178b1d1e 35288 #else
wolfSSL 16:8e0d178b1d1e 35289 (void)rsa;
wolfSSL 16:8e0d178b1d1e 35290 (void)idx;
wolfSSL 16:8e0d178b1d1e 35291 (void)data;
wolfSSL 16:8e0d178b1d1e 35292 #endif
wolfSSL 16:8e0d178b1d1e 35293 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 35294 }
wolfSSL 16:8e0d178b1d1e 35295
wolfSSL 16:8e0d178b1d1e 35296 int wolfSSL_RSA_set0_key(WOLFSSL_RSA *r, WOLFSSL_BIGNUM *n, WOLFSSL_BIGNUM *e,
wolfSSL 16:8e0d178b1d1e 35297 WOLFSSL_BIGNUM *d)
wolfSSL 16:8e0d178b1d1e 35298 {
wolfSSL 16:8e0d178b1d1e 35299 /* If the fields n and e in r are NULL, the corresponding input
wolfSSL 16:8e0d178b1d1e 35300 * parameters MUST be non-NULL for n and e. d may be
wolfSSL 16:8e0d178b1d1e 35301 * left NULL (in case only the public key is used).
wolfSSL 16:8e0d178b1d1e 35302 */
wolfSSL 16:8e0d178b1d1e 35303 if ((!r->n && !n) || (!r->e && !e))
wolfSSL 16:8e0d178b1d1e 35304 return 0;
wolfSSL 16:8e0d178b1d1e 35305
wolfSSL 16:8e0d178b1d1e 35306 if (n) {
wolfSSL 16:8e0d178b1d1e 35307 wolfSSL_BN_free(r->n);
wolfSSL 16:8e0d178b1d1e 35308 r->n = n;
wolfSSL 16:8e0d178b1d1e 35309 }
wolfSSL 16:8e0d178b1d1e 35310 if (e) {
wolfSSL 16:8e0d178b1d1e 35311 wolfSSL_BN_free(r->e);
wolfSSL 16:8e0d178b1d1e 35312 r->e = e;
wolfSSL 16:8e0d178b1d1e 35313 }
wolfSSL 16:8e0d178b1d1e 35314 if (d) {
wolfSSL 16:8e0d178b1d1e 35315 wolfSSL_BN_clear_free(r->d);
wolfSSL 16:8e0d178b1d1e 35316 r->d = d;
wolfSSL 16:8e0d178b1d1e 35317 }
wolfSSL 16:8e0d178b1d1e 35318
wolfSSL 16:8e0d178b1d1e 35319 return 1;
wolfSSL 16:8e0d178b1d1e 35320 }
wolfSSL 16:8e0d178b1d1e 35321 #endif /* OPENSSL_EXTRA */
wolfSSL 15:117db924cf7c 35322 #endif /* NO_RSA */
wolfSSL 15:117db924cf7c 35323
wolfSSL 15:117db924cf7c 35324 #ifdef OPENSSL_EXTRA
wolfSSL 15:117db924cf7c 35325 #ifndef NO_DSA
wolfSSL 15:117db924cf7c 35326 /* return WOLFSSL_SUCCESS if success, WOLFSSL_FATAL_ERROR if error */
wolfSSL 15:117db924cf7c 35327 int wolfSSL_DSA_LoadDer(WOLFSSL_DSA* dsa, const unsigned char* derBuf, int derSz)
wolfSSL 15:117db924cf7c 35328 {
wolfSSL 15:117db924cf7c 35329 word32 idx = 0;
wolfSSL 15:117db924cf7c 35330 int ret;
wolfSSL 15:117db924cf7c 35331
wolfSSL 15:117db924cf7c 35332 WOLFSSL_ENTER("wolfSSL_DSA_LoadDer");
wolfSSL 15:117db924cf7c 35333
wolfSSL 15:117db924cf7c 35334 if (dsa == NULL || dsa->internal == NULL || derBuf == NULL || derSz <= 0) {
wolfSSL 15:117db924cf7c 35335 WOLFSSL_MSG("Bad function arguments");
wolfSSL 15:117db924cf7c 35336 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 35337 }
wolfSSL 15:117db924cf7c 35338
wolfSSL 15:117db924cf7c 35339 ret = DsaPrivateKeyDecode(derBuf, &idx, (DsaKey*)dsa->internal, derSz);
wolfSSL 15:117db924cf7c 35340 if (ret < 0) {
wolfSSL 15:117db924cf7c 35341 WOLFSSL_MSG("DsaPrivateKeyDecode failed");
wolfSSL 15:117db924cf7c 35342 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 35343 }
wolfSSL 15:117db924cf7c 35344
wolfSSL 15:117db924cf7c 35345 if (SetDsaExternal(dsa) != WOLFSSL_SUCCESS) {
wolfSSL 15:117db924cf7c 35346 WOLFSSL_MSG("SetDsaExternal failed");
wolfSSL 15:117db924cf7c 35347 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 35348 }
wolfSSL 15:117db924cf7c 35349
wolfSSL 15:117db924cf7c 35350 dsa->inSet = 1;
wolfSSL 15:117db924cf7c 35351
wolfSSL 15:117db924cf7c 35352 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 35353 }
wolfSSL 16:8e0d178b1d1e 35354
wolfSSL 16:8e0d178b1d1e 35355 /* Loads DSA key from DER buffer. opt = DSA_LOAD_PRIVATE or DSA_LOAD_PUBLIC.
wolfSSL 16:8e0d178b1d1e 35356 returns 1 on success, or 0 on failure. */
wolfSSL 16:8e0d178b1d1e 35357 int wolfSSL_DSA_LoadDer_ex(WOLFSSL_DSA* dsa, const unsigned char* derBuf,
wolfSSL 16:8e0d178b1d1e 35358 int derSz, int opt)
wolfSSL 16:8e0d178b1d1e 35359 {
wolfSSL 16:8e0d178b1d1e 35360 word32 idx = 0;
wolfSSL 16:8e0d178b1d1e 35361 int ret;
wolfSSL 16:8e0d178b1d1e 35362
wolfSSL 16:8e0d178b1d1e 35363 WOLFSSL_ENTER("wolfSSL_DSA_LoadDer");
wolfSSL 16:8e0d178b1d1e 35364
wolfSSL 16:8e0d178b1d1e 35365 if (dsa == NULL || dsa->internal == NULL || derBuf == NULL || derSz <= 0) {
wolfSSL 16:8e0d178b1d1e 35366 WOLFSSL_MSG("Bad function arguments");
wolfSSL 16:8e0d178b1d1e 35367 return WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 35368 }
wolfSSL 16:8e0d178b1d1e 35369
wolfSSL 16:8e0d178b1d1e 35370 if (opt == WOLFSSL_DSA_LOAD_PRIVATE) {
wolfSSL 16:8e0d178b1d1e 35371 ret = DsaPrivateKeyDecode(derBuf, &idx, (DsaKey*)dsa->internal, derSz);
wolfSSL 16:8e0d178b1d1e 35372 }
wolfSSL 16:8e0d178b1d1e 35373 else {
wolfSSL 16:8e0d178b1d1e 35374 ret = DsaPublicKeyDecode(derBuf, &idx, (DsaKey*)dsa->internal, derSz);
wolfSSL 16:8e0d178b1d1e 35375 }
wolfSSL 16:8e0d178b1d1e 35376
wolfSSL 16:8e0d178b1d1e 35377 if (ret < 0 && opt == WOLFSSL_DSA_LOAD_PRIVATE) {
wolfSSL 16:8e0d178b1d1e 35378 WOLFSSL_MSG("DsaPrivateKeyDecode failed");
wolfSSL 16:8e0d178b1d1e 35379 return WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 35380 }
wolfSSL 16:8e0d178b1d1e 35381 else if (ret < 0 && opt == WOLFSSL_DSA_LOAD_PUBLIC) {
wolfSSL 16:8e0d178b1d1e 35382 WOLFSSL_MSG("DsaPublicKeyDecode failed");
wolfSSL 16:8e0d178b1d1e 35383 return WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 35384 }
wolfSSL 16:8e0d178b1d1e 35385
wolfSSL 16:8e0d178b1d1e 35386 if (SetDsaExternal(dsa) != WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 35387 WOLFSSL_MSG("SetDsaExternal failed");
wolfSSL 16:8e0d178b1d1e 35388 return WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 35389 }
wolfSSL 16:8e0d178b1d1e 35390
wolfSSL 16:8e0d178b1d1e 35391 dsa->inSet = 1;
wolfSSL 16:8e0d178b1d1e 35392
wolfSSL 16:8e0d178b1d1e 35393 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 35394 }
wolfSSL 16:8e0d178b1d1e 35395 #endif /* !NO_DSA */
wolfSSL 15:117db924cf7c 35396
wolfSSL 15:117db924cf7c 35397 #ifdef HAVE_ECC
wolfSSL 15:117db924cf7c 35398 /* return WOLFSSL_SUCCESS if success, WOLFSSL_FATAL_ERROR if error */
wolfSSL 16:8e0d178b1d1e 35399 int wolfSSL_EC_KEY_LoadDer(WOLFSSL_EC_KEY* key, const unsigned char* derBuf,
wolfSSL 16:8e0d178b1d1e 35400 int derSz)
wolfSSL 16:8e0d178b1d1e 35401 {
wolfSSL 16:8e0d178b1d1e 35402 return wolfSSL_EC_KEY_LoadDer_ex(key, derBuf, derSz,
wolfSSL 16:8e0d178b1d1e 35403 WOLFSSL_EC_KEY_LOAD_PRIVATE);
wolfSSL 16:8e0d178b1d1e 35404 }
wolfSSL 16:8e0d178b1d1e 35405
wolfSSL 16:8e0d178b1d1e 35406 int wolfSSL_EC_KEY_LoadDer_ex(WOLFSSL_EC_KEY* key, const unsigned char* derBuf,
wolfSSL 16:8e0d178b1d1e 35407 int derSz, int opt)
wolfSSL 15:117db924cf7c 35408 {
wolfSSL 15:117db924cf7c 35409 word32 idx = 0;
wolfSSL 15:117db924cf7c 35410 int ret;
wolfSSL 15:117db924cf7c 35411
wolfSSL 15:117db924cf7c 35412 WOLFSSL_ENTER("wolfSSL_EC_KEY_LoadDer");
wolfSSL 15:117db924cf7c 35413
wolfSSL 15:117db924cf7c 35414 if (key == NULL || key->internal == NULL || derBuf == NULL || derSz <= 0) {
wolfSSL 15:117db924cf7c 35415 WOLFSSL_MSG("Bad function arguments");
wolfSSL 15:117db924cf7c 35416 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 35417 }
wolfSSL 15:117db924cf7c 35418
wolfSSL 16:8e0d178b1d1e 35419 if (opt == WOLFSSL_EC_KEY_LOAD_PRIVATE) {
wolfSSL 16:8e0d178b1d1e 35420 ret = wc_EccPrivateKeyDecode(derBuf, &idx, (ecc_key*)key->internal,
wolfSSL 16:8e0d178b1d1e 35421 derSz);
wolfSSL 16:8e0d178b1d1e 35422 }
wolfSSL 16:8e0d178b1d1e 35423 else {
wolfSSL 16:8e0d178b1d1e 35424 ret = wc_EccPublicKeyDecode(derBuf, &idx, (ecc_key*)key->internal,
wolfSSL 16:8e0d178b1d1e 35425 derSz);
wolfSSL 16:8e0d178b1d1e 35426 }
wolfSSL 15:117db924cf7c 35427 if (ret < 0) {
wolfSSL 16:8e0d178b1d1e 35428 if (opt == WOLFSSL_EC_KEY_LOAD_PRIVATE) {
wolfSSL 16:8e0d178b1d1e 35429 WOLFSSL_MSG("wc_EccPrivateKeyDecode failed");
wolfSSL 16:8e0d178b1d1e 35430 }
wolfSSL 16:8e0d178b1d1e 35431 else {
wolfSSL 16:8e0d178b1d1e 35432 WOLFSSL_MSG("wc_EccPublicKeyDecode failed");
wolfSSL 16:8e0d178b1d1e 35433 }
wolfSSL 15:117db924cf7c 35434 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 35435 }
wolfSSL 15:117db924cf7c 35436
wolfSSL 15:117db924cf7c 35437 if (SetECKeyExternal(key) != WOLFSSL_SUCCESS) {
wolfSSL 15:117db924cf7c 35438 WOLFSSL_MSG("SetECKeyExternal failed");
wolfSSL 15:117db924cf7c 35439 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 35440 }
wolfSSL 15:117db924cf7c 35441
wolfSSL 15:117db924cf7c 35442 key->inSet = 1;
wolfSSL 15:117db924cf7c 35443
wolfSSL 15:117db924cf7c 35444 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 35445 }
wolfSSL 15:117db924cf7c 35446 #endif /* HAVE_ECC */
wolfSSL 15:117db924cf7c 35447
wolfSSL 16:8e0d178b1d1e 35448 #if !defined(NO_DH) && (defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH))
wolfSSL 16:8e0d178b1d1e 35449 /* return WOLFSSL_SUCCESS if success, WOLFSSL_FATAL_ERROR if error */
wolfSSL 16:8e0d178b1d1e 35450 int wolfSSL_DH_LoadDer(WOLFSSL_DH* dh, const unsigned char* derBuf, int derSz)
wolfSSL 16:8e0d178b1d1e 35451 {
wolfSSL 16:8e0d178b1d1e 35452 word32 idx = 0;
wolfSSL 16:8e0d178b1d1e 35453 int ret;
wolfSSL 16:8e0d178b1d1e 35454
wolfSSL 16:8e0d178b1d1e 35455 if (dh == NULL || dh->internal == NULL || derBuf == NULL || derSz <= 0) {
wolfSSL 16:8e0d178b1d1e 35456 WOLFSSL_MSG("Bad function arguments");
wolfSSL 16:8e0d178b1d1e 35457 return WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 35458 }
wolfSSL 16:8e0d178b1d1e 35459
wolfSSL 16:8e0d178b1d1e 35460 ret = wc_DhKeyDecode(derBuf, &idx, (DhKey*)dh->internal, (word32)derSz);
wolfSSL 16:8e0d178b1d1e 35461 if (ret < 0) {
wolfSSL 16:8e0d178b1d1e 35462 WOLFSSL_MSG("wc_DhKeyDecode failed");
wolfSSL 16:8e0d178b1d1e 35463 return WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 35464 }
wolfSSL 16:8e0d178b1d1e 35465
wolfSSL 16:8e0d178b1d1e 35466 if (SetDhExternal(dh) != WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 35467 WOLFSSL_MSG("SetDhExternal failed");
wolfSSL 16:8e0d178b1d1e 35468 return WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 35469 }
wolfSSL 16:8e0d178b1d1e 35470
wolfSSL 16:8e0d178b1d1e 35471 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 35472 }
wolfSSL 16:8e0d178b1d1e 35473 #endif /* ! NO_DH && WOLFSSL_QT || OPENSSL_ALL */
wolfSSL 15:117db924cf7c 35474
wolfSSL 15:117db924cf7c 35475 #endif /* OPENSSL_EXTRA */
wolfSSL 15:117db924cf7c 35476
wolfSSL 15:117db924cf7c 35477
wolfSSL 16:8e0d178b1d1e 35478 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
wolfSSL 16:8e0d178b1d1e 35479
wolfSSL 16:8e0d178b1d1e 35480 /* increments ref count of WOLFSSL_RSA. Return 1 on success, 0 on error */
wolfSSL 16:8e0d178b1d1e 35481 int wolfSSL_RSA_up_ref(WOLFSSL_RSA* rsa)
wolfSSL 16:8e0d178b1d1e 35482 {
wolfSSL 16:8e0d178b1d1e 35483 if (rsa) {
wolfSSL 16:8e0d178b1d1e 35484 if (wc_LockMutex(&rsa->refMutex) != 0) {
wolfSSL 16:8e0d178b1d1e 35485 WOLFSSL_MSG("Failed to lock x509 mutex");
wolfSSL 16:8e0d178b1d1e 35486 }
wolfSSL 16:8e0d178b1d1e 35487 rsa->refCount++;
wolfSSL 16:8e0d178b1d1e 35488 wc_UnLockMutex(&rsa->refMutex);
wolfSSL 16:8e0d178b1d1e 35489
wolfSSL 16:8e0d178b1d1e 35490 return 1;
wolfSSL 16:8e0d178b1d1e 35491 }
wolfSSL 16:8e0d178b1d1e 35492
wolfSSL 16:8e0d178b1d1e 35493 return 0;
wolfSSL 16:8e0d178b1d1e 35494 }
wolfSSL 16:8e0d178b1d1e 35495
wolfSSL 16:8e0d178b1d1e 35496 /* increments ref count of WOLFSSL_X509. Return 1 on success, 0 on error */
wolfSSL 16:8e0d178b1d1e 35497 int wolfSSL_X509_up_ref(WOLFSSL_X509* x509)
wolfSSL 16:8e0d178b1d1e 35498 {
wolfSSL 16:8e0d178b1d1e 35499 if (x509) {
wolfSSL 16:8e0d178b1d1e 35500 if (wc_LockMutex(&x509->refMutex) != 0) {
wolfSSL 16:8e0d178b1d1e 35501 WOLFSSL_MSG("Failed to lock x509 mutex");
wolfSSL 16:8e0d178b1d1e 35502 }
wolfSSL 16:8e0d178b1d1e 35503 x509->refCount++;
wolfSSL 16:8e0d178b1d1e 35504 wc_UnLockMutex(&x509->refMutex);
wolfSSL 16:8e0d178b1d1e 35505
wolfSSL 16:8e0d178b1d1e 35506 return 1;
wolfSSL 16:8e0d178b1d1e 35507 }
wolfSSL 16:8e0d178b1d1e 35508
wolfSSL 16:8e0d178b1d1e 35509 return 0;
wolfSSL 16:8e0d178b1d1e 35510 }
wolfSSL 16:8e0d178b1d1e 35511
wolfSSL 16:8e0d178b1d1e 35512 #endif /* OPENSSL_EXTRA || OPENSSL_ALL */
wolfSSL 16:8e0d178b1d1e 35513
wolfSSL 16:8e0d178b1d1e 35514
wolfSSL 15:117db924cf7c 35515 #ifdef WOLFSSL_ALT_CERT_CHAINS
wolfSSL 15:117db924cf7c 35516 int wolfSSL_is_peer_alt_cert_chain(const WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 35517 {
wolfSSL 15:117db924cf7c 35518 int isUsing = 0;
wolfSSL 15:117db924cf7c 35519 if (ssl)
wolfSSL 15:117db924cf7c 35520 isUsing = ssl->options.usingAltCertChain;
wolfSSL 15:117db924cf7c 35521 return isUsing;
wolfSSL 15:117db924cf7c 35522 }
wolfSSL 15:117db924cf7c 35523 #endif /* WOLFSSL_ALT_CERT_CHAINS */
wolfSSL 15:117db924cf7c 35524
wolfSSL 15:117db924cf7c 35525
wolfSSL 15:117db924cf7c 35526 #ifdef SESSION_CERTS
wolfSSL 15:117db924cf7c 35527
wolfSSL 15:117db924cf7c 35528 #ifdef WOLFSSL_ALT_CERT_CHAINS
wolfSSL 15:117db924cf7c 35529 /* Get peer's alternate certificate chain */
wolfSSL 15:117db924cf7c 35530 WOLFSSL_X509_CHAIN* wolfSSL_get_peer_alt_chain(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 35531 {
wolfSSL 15:117db924cf7c 35532 WOLFSSL_ENTER("wolfSSL_get_peer_alt_chain");
wolfSSL 15:117db924cf7c 35533 if (ssl)
wolfSSL 15:117db924cf7c 35534 return &ssl->session.altChain;
wolfSSL 15:117db924cf7c 35535
wolfSSL 15:117db924cf7c 35536 return 0;
wolfSSL 15:117db924cf7c 35537 }
wolfSSL 15:117db924cf7c 35538 #endif /* WOLFSSL_ALT_CERT_CHAINS */
wolfSSL 15:117db924cf7c 35539
wolfSSL 15:117db924cf7c 35540
wolfSSL 15:117db924cf7c 35541 /* Get peer's certificate chain */
wolfSSL 15:117db924cf7c 35542 WOLFSSL_X509_CHAIN* wolfSSL_get_peer_chain(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 35543 {
wolfSSL 15:117db924cf7c 35544 WOLFSSL_ENTER("wolfSSL_get_peer_chain");
wolfSSL 15:117db924cf7c 35545 if (ssl)
wolfSSL 15:117db924cf7c 35546 return &ssl->session.chain;
wolfSSL 15:117db924cf7c 35547
wolfSSL 15:117db924cf7c 35548 return 0;
wolfSSL 15:117db924cf7c 35549 }
wolfSSL 15:117db924cf7c 35550
wolfSSL 15:117db924cf7c 35551
wolfSSL 15:117db924cf7c 35552 /* Get peer's certificate chain total count */
wolfSSL 15:117db924cf7c 35553 int wolfSSL_get_chain_count(WOLFSSL_X509_CHAIN* chain)
wolfSSL 15:117db924cf7c 35554 {
wolfSSL 15:117db924cf7c 35555 WOLFSSL_ENTER("wolfSSL_get_chain_count");
wolfSSL 15:117db924cf7c 35556 if (chain)
wolfSSL 15:117db924cf7c 35557 return chain->count;
wolfSSL 15:117db924cf7c 35558
wolfSSL 15:117db924cf7c 35559 return 0;
wolfSSL 15:117db924cf7c 35560 }
wolfSSL 15:117db924cf7c 35561
wolfSSL 15:117db924cf7c 35562
wolfSSL 15:117db924cf7c 35563 /* Get peer's ASN.1 DER certificate at index (idx) length in bytes */
wolfSSL 15:117db924cf7c 35564 int wolfSSL_get_chain_length(WOLFSSL_X509_CHAIN* chain, int idx)
wolfSSL 15:117db924cf7c 35565 {
wolfSSL 15:117db924cf7c 35566 WOLFSSL_ENTER("wolfSSL_get_chain_length");
wolfSSL 15:117db924cf7c 35567 if (chain)
wolfSSL 15:117db924cf7c 35568 return chain->certs[idx].length;
wolfSSL 15:117db924cf7c 35569
wolfSSL 15:117db924cf7c 35570 return 0;
wolfSSL 15:117db924cf7c 35571 }
wolfSSL 15:117db924cf7c 35572
wolfSSL 15:117db924cf7c 35573
wolfSSL 15:117db924cf7c 35574 /* Get peer's ASN.1 DER certificate at index (idx) */
wolfSSL 15:117db924cf7c 35575 byte* wolfSSL_get_chain_cert(WOLFSSL_X509_CHAIN* chain, int idx)
wolfSSL 15:117db924cf7c 35576 {
wolfSSL 15:117db924cf7c 35577 WOLFSSL_ENTER("wolfSSL_get_chain_cert");
wolfSSL 15:117db924cf7c 35578 if (chain)
wolfSSL 15:117db924cf7c 35579 return chain->certs[idx].buffer;
wolfSSL 15:117db924cf7c 35580
wolfSSL 15:117db924cf7c 35581 return 0;
wolfSSL 15:117db924cf7c 35582 }
wolfSSL 15:117db924cf7c 35583
wolfSSL 15:117db924cf7c 35584
wolfSSL 15:117db924cf7c 35585 /* Get peer's wolfSSL X509 certificate at index (idx) */
wolfSSL 15:117db924cf7c 35586 WOLFSSL_X509* wolfSSL_get_chain_X509(WOLFSSL_X509_CHAIN* chain, int idx)
wolfSSL 15:117db924cf7c 35587 {
wolfSSL 15:117db924cf7c 35588 int ret;
wolfSSL 15:117db924cf7c 35589 WOLFSSL_X509* x509 = NULL;
wolfSSL 15:117db924cf7c 35590 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 35591 DecodedCert* cert = NULL;
wolfSSL 15:117db924cf7c 35592 #else
wolfSSL 15:117db924cf7c 35593 DecodedCert cert[1];
wolfSSL 15:117db924cf7c 35594 #endif
wolfSSL 15:117db924cf7c 35595
wolfSSL 15:117db924cf7c 35596 WOLFSSL_ENTER("wolfSSL_get_chain_X509");
wolfSSL 15:117db924cf7c 35597 if (chain != NULL) {
wolfSSL 15:117db924cf7c 35598 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 35599 cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL,
wolfSSL 15:117db924cf7c 35600 DYNAMIC_TYPE_DCERT);
wolfSSL 15:117db924cf7c 35601 if (cert != NULL)
wolfSSL 15:117db924cf7c 35602 #endif
wolfSSL 15:117db924cf7c 35603 {
wolfSSL 15:117db924cf7c 35604 InitDecodedCert(cert, chain->certs[idx].buffer,
wolfSSL 15:117db924cf7c 35605 chain->certs[idx].length, NULL);
wolfSSL 15:117db924cf7c 35606
wolfSSL 15:117db924cf7c 35607 if ((ret = ParseCertRelative(cert, CERT_TYPE, 0, NULL)) != 0) {
wolfSSL 15:117db924cf7c 35608 WOLFSSL_MSG("Failed to parse cert");
wolfSSL 15:117db924cf7c 35609 }
wolfSSL 15:117db924cf7c 35610 else {
wolfSSL 15:117db924cf7c 35611 x509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), NULL,
wolfSSL 15:117db924cf7c 35612 DYNAMIC_TYPE_X509);
wolfSSL 15:117db924cf7c 35613 if (x509 == NULL) {
wolfSSL 15:117db924cf7c 35614 WOLFSSL_MSG("Failed alloc X509");
wolfSSL 15:117db924cf7c 35615 }
wolfSSL 15:117db924cf7c 35616 else {
wolfSSL 15:117db924cf7c 35617 InitX509(x509, 1, NULL);
wolfSSL 15:117db924cf7c 35618
wolfSSL 15:117db924cf7c 35619 if ((ret = CopyDecodedToX509(x509, cert)) != 0) {
wolfSSL 15:117db924cf7c 35620 WOLFSSL_MSG("Failed to copy decoded");
wolfSSL 16:8e0d178b1d1e 35621 wolfSSL_X509_free(x509);
wolfSSL 15:117db924cf7c 35622 x509 = NULL;
wolfSSL 15:117db924cf7c 35623 }
wolfSSL 15:117db924cf7c 35624 }
wolfSSL 15:117db924cf7c 35625 }
wolfSSL 15:117db924cf7c 35626
wolfSSL 15:117db924cf7c 35627 FreeDecodedCert(cert);
wolfSSL 15:117db924cf7c 35628 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 35629 XFREE(cert, NULL, DYNAMIC_TYPE_DCERT);
wolfSSL 15:117db924cf7c 35630 #endif
wolfSSL 15:117db924cf7c 35631 }
wolfSSL 15:117db924cf7c 35632 }
wolfSSL 15:117db924cf7c 35633 (void)ret;
wolfSSL 15:117db924cf7c 35634
wolfSSL 15:117db924cf7c 35635 return x509;
wolfSSL 15:117db924cf7c 35636 }
wolfSSL 15:117db924cf7c 35637
wolfSSL 15:117db924cf7c 35638
wolfSSL 15:117db924cf7c 35639 /* Get peer's PEM certificate at index (idx), output to buffer if inLen big
wolfSSL 15:117db924cf7c 35640 enough else return error (-1). If buffer is NULL only calculate
wolfSSL 15:117db924cf7c 35641 outLen. Output length is in *outLen WOLFSSL_SUCCESS on ok */
wolfSSL 15:117db924cf7c 35642 int wolfSSL_get_chain_cert_pem(WOLFSSL_X509_CHAIN* chain, int idx,
wolfSSL 15:117db924cf7c 35643 unsigned char* buf, int inLen, int* outLen)
wolfSSL 15:117db924cf7c 35644 {
wolfSSL 15:117db924cf7c 35645 #if defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM)
wolfSSL 15:117db924cf7c 35646 const char* header = NULL;
wolfSSL 15:117db924cf7c 35647 const char* footer = NULL;
wolfSSL 15:117db924cf7c 35648 int headerLen;
wolfSSL 15:117db924cf7c 35649 int footerLen;
wolfSSL 15:117db924cf7c 35650 int i;
wolfSSL 15:117db924cf7c 35651 int err;
wolfSSL 15:117db924cf7c 35652 word32 szNeeded = 0;
wolfSSL 15:117db924cf7c 35653
wolfSSL 15:117db924cf7c 35654 WOLFSSL_ENTER("wolfSSL_get_chain_cert_pem");
wolfSSL 15:117db924cf7c 35655 if (!chain || !outLen || idx < 0 || idx >= wolfSSL_get_chain_count(chain))
wolfSSL 15:117db924cf7c 35656 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 35657
wolfSSL 15:117db924cf7c 35658 err = wc_PemGetHeaderFooter(CERT_TYPE, &header, &footer);
wolfSSL 15:117db924cf7c 35659 if (err != 0)
wolfSSL 15:117db924cf7c 35660 return err;
wolfSSL 15:117db924cf7c 35661
wolfSSL 15:117db924cf7c 35662 headerLen = (int)XSTRLEN(header);
wolfSSL 15:117db924cf7c 35663 footerLen = (int)XSTRLEN(footer);
wolfSSL 15:117db924cf7c 35664
wolfSSL 15:117db924cf7c 35665 /* Null output buffer return size needed in outLen */
wolfSSL 15:117db924cf7c 35666 if(!buf) {
wolfSSL 15:117db924cf7c 35667 if(Base64_Encode(chain->certs[idx].buffer, chain->certs[idx].length,
wolfSSL 15:117db924cf7c 35668 NULL, &szNeeded) != LENGTH_ONLY_E)
wolfSSL 15:117db924cf7c 35669 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 35670 *outLen = szNeeded + headerLen + footerLen;
wolfSSL 15:117db924cf7c 35671 return LENGTH_ONLY_E;
wolfSSL 15:117db924cf7c 35672 }
wolfSSL 15:117db924cf7c 35673
wolfSSL 15:117db924cf7c 35674 /* don't even try if inLen too short */
wolfSSL 15:117db924cf7c 35675 if (inLen < headerLen + footerLen + chain->certs[idx].length)
wolfSSL 15:117db924cf7c 35676 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 35677
wolfSSL 15:117db924cf7c 35678 /* header */
wolfSSL 15:117db924cf7c 35679 if (XMEMCPY(buf, header, headerLen) == NULL)
wolfSSL 15:117db924cf7c 35680 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 35681
wolfSSL 15:117db924cf7c 35682 i = headerLen;
wolfSSL 15:117db924cf7c 35683
wolfSSL 15:117db924cf7c 35684 /* body */
wolfSSL 15:117db924cf7c 35685 *outLen = inLen; /* input to Base64_Encode */
wolfSSL 15:117db924cf7c 35686 if ( (err = Base64_Encode(chain->certs[idx].buffer,
wolfSSL 15:117db924cf7c 35687 chain->certs[idx].length, buf + i, (word32*)outLen)) < 0)
wolfSSL 15:117db924cf7c 35688 return err;
wolfSSL 15:117db924cf7c 35689 i += *outLen;
wolfSSL 15:117db924cf7c 35690
wolfSSL 15:117db924cf7c 35691 /* footer */
wolfSSL 15:117db924cf7c 35692 if ( (i + footerLen) > inLen)
wolfSSL 15:117db924cf7c 35693 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 35694 if (XMEMCPY(buf + i, footer, footerLen) == NULL)
wolfSSL 15:117db924cf7c 35695 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 35696 *outLen += headerLen + footerLen;
wolfSSL 15:117db924cf7c 35697
wolfSSL 15:117db924cf7c 35698 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 35699 #else
wolfSSL 15:117db924cf7c 35700 (void)chain;
wolfSSL 15:117db924cf7c 35701 (void)idx;
wolfSSL 15:117db924cf7c 35702 (void)buf;
wolfSSL 15:117db924cf7c 35703 (void)inLen;
wolfSSL 15:117db924cf7c 35704 (void)outLen;
wolfSSL 15:117db924cf7c 35705 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 35706 #endif /* WOLFSSL_PEM_TO_DER || WOLFSSL_DER_TO_PEM */
wolfSSL 15:117db924cf7c 35707 }
wolfSSL 15:117db924cf7c 35708
wolfSSL 15:117db924cf7c 35709
wolfSSL 15:117db924cf7c 35710 /* get session ID */
wolfSSL 16:8e0d178b1d1e 35711 WOLFSSL_ABI
wolfSSL 15:117db924cf7c 35712 const byte* wolfSSL_get_sessionID(const WOLFSSL_SESSION* session)
wolfSSL 15:117db924cf7c 35713 {
wolfSSL 15:117db924cf7c 35714 WOLFSSL_ENTER("wolfSSL_get_sessionID");
wolfSSL 15:117db924cf7c 35715 if (session)
wolfSSL 15:117db924cf7c 35716 return session->sessionID;
wolfSSL 15:117db924cf7c 35717
wolfSSL 15:117db924cf7c 35718 return NULL;
wolfSSL 15:117db924cf7c 35719 }
wolfSSL 15:117db924cf7c 35720
wolfSSL 15:117db924cf7c 35721
wolfSSL 15:117db924cf7c 35722 #endif /* SESSION_CERTS */
wolfSSL 15:117db924cf7c 35723
wolfSSL 15:117db924cf7c 35724 #ifdef HAVE_FUZZER
wolfSSL 15:117db924cf7c 35725 void wolfSSL_SetFuzzerCb(WOLFSSL* ssl, CallbackFuzzer cbf, void* fCtx)
wolfSSL 15:117db924cf7c 35726 {
wolfSSL 15:117db924cf7c 35727 if (ssl) {
wolfSSL 15:117db924cf7c 35728 ssl->fuzzerCb = cbf;
wolfSSL 15:117db924cf7c 35729 ssl->fuzzerCtx = fCtx;
wolfSSL 15:117db924cf7c 35730 }
wolfSSL 15:117db924cf7c 35731 }
wolfSSL 15:117db924cf7c 35732 #endif
wolfSSL 15:117db924cf7c 35733
wolfSSL 15:117db924cf7c 35734 #ifndef NO_CERTS
wolfSSL 15:117db924cf7c 35735 #ifdef HAVE_PK_CALLBACKS
wolfSSL 15:117db924cf7c 35736
wolfSSL 15:117db924cf7c 35737 #ifdef HAVE_ECC
wolfSSL 15:117db924cf7c 35738 void wolfSSL_CTX_SetEccKeyGenCb(WOLFSSL_CTX* ctx, CallbackEccKeyGen cb)
wolfSSL 15:117db924cf7c 35739 {
wolfSSL 15:117db924cf7c 35740 if (ctx)
wolfSSL 15:117db924cf7c 35741 ctx->EccKeyGenCb = cb;
wolfSSL 15:117db924cf7c 35742 }
wolfSSL 15:117db924cf7c 35743 void wolfSSL_SetEccKeyGenCtx(WOLFSSL* ssl, void *ctx)
wolfSSL 15:117db924cf7c 35744 {
wolfSSL 15:117db924cf7c 35745 if (ssl)
wolfSSL 15:117db924cf7c 35746 ssl->EccKeyGenCtx = ctx;
wolfSSL 15:117db924cf7c 35747 }
wolfSSL 15:117db924cf7c 35748 void* wolfSSL_GetEccKeyGenCtx(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 35749 {
wolfSSL 15:117db924cf7c 35750 if (ssl)
wolfSSL 15:117db924cf7c 35751 return ssl->EccKeyGenCtx;
wolfSSL 15:117db924cf7c 35752
wolfSSL 15:117db924cf7c 35753 return NULL;
wolfSSL 15:117db924cf7c 35754 }
wolfSSL 15:117db924cf7c 35755
wolfSSL 16:8e0d178b1d1e 35756 WOLFSSL_ABI
wolfSSL 15:117db924cf7c 35757 void wolfSSL_CTX_SetEccSignCb(WOLFSSL_CTX* ctx, CallbackEccSign cb)
wolfSSL 15:117db924cf7c 35758 {
wolfSSL 15:117db924cf7c 35759 if (ctx)
wolfSSL 15:117db924cf7c 35760 ctx->EccSignCb = cb;
wolfSSL 15:117db924cf7c 35761 }
wolfSSL 15:117db924cf7c 35762 void wolfSSL_SetEccSignCtx(WOLFSSL* ssl, void *ctx)
wolfSSL 15:117db924cf7c 35763 {
wolfSSL 15:117db924cf7c 35764 if (ssl)
wolfSSL 15:117db924cf7c 35765 ssl->EccSignCtx = ctx;
wolfSSL 15:117db924cf7c 35766 }
wolfSSL 15:117db924cf7c 35767 void* wolfSSL_GetEccSignCtx(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 35768 {
wolfSSL 15:117db924cf7c 35769 if (ssl)
wolfSSL 15:117db924cf7c 35770 return ssl->EccSignCtx;
wolfSSL 15:117db924cf7c 35771
wolfSSL 15:117db924cf7c 35772 return NULL;
wolfSSL 15:117db924cf7c 35773 }
wolfSSL 15:117db924cf7c 35774
wolfSSL 15:117db924cf7c 35775 void wolfSSL_CTX_SetEccVerifyCb(WOLFSSL_CTX* ctx, CallbackEccVerify cb)
wolfSSL 15:117db924cf7c 35776 {
wolfSSL 15:117db924cf7c 35777 if (ctx)
wolfSSL 15:117db924cf7c 35778 ctx->EccVerifyCb = cb;
wolfSSL 15:117db924cf7c 35779 }
wolfSSL 15:117db924cf7c 35780 void wolfSSL_SetEccVerifyCtx(WOLFSSL* ssl, void *ctx)
wolfSSL 15:117db924cf7c 35781 {
wolfSSL 15:117db924cf7c 35782 if (ssl)
wolfSSL 15:117db924cf7c 35783 ssl->EccVerifyCtx = ctx;
wolfSSL 15:117db924cf7c 35784 }
wolfSSL 15:117db924cf7c 35785 void* wolfSSL_GetEccVerifyCtx(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 35786 {
wolfSSL 15:117db924cf7c 35787 if (ssl)
wolfSSL 15:117db924cf7c 35788 return ssl->EccVerifyCtx;
wolfSSL 15:117db924cf7c 35789
wolfSSL 15:117db924cf7c 35790 return NULL;
wolfSSL 15:117db924cf7c 35791 }
wolfSSL 15:117db924cf7c 35792
wolfSSL 15:117db924cf7c 35793 void wolfSSL_CTX_SetEccSharedSecretCb(WOLFSSL_CTX* ctx, CallbackEccSharedSecret cb)
wolfSSL 15:117db924cf7c 35794 {
wolfSSL 15:117db924cf7c 35795 if (ctx)
wolfSSL 15:117db924cf7c 35796 ctx->EccSharedSecretCb = cb;
wolfSSL 15:117db924cf7c 35797 }
wolfSSL 15:117db924cf7c 35798 void wolfSSL_SetEccSharedSecretCtx(WOLFSSL* ssl, void *ctx)
wolfSSL 15:117db924cf7c 35799 {
wolfSSL 15:117db924cf7c 35800 if (ssl)
wolfSSL 15:117db924cf7c 35801 ssl->EccSharedSecretCtx = ctx;
wolfSSL 15:117db924cf7c 35802 }
wolfSSL 15:117db924cf7c 35803 void* wolfSSL_GetEccSharedSecretCtx(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 35804 {
wolfSSL 15:117db924cf7c 35805 if (ssl)
wolfSSL 15:117db924cf7c 35806 return ssl->EccSharedSecretCtx;
wolfSSL 15:117db924cf7c 35807
wolfSSL 15:117db924cf7c 35808 return NULL;
wolfSSL 15:117db924cf7c 35809 }
wolfSSL 15:117db924cf7c 35810 #endif /* HAVE_ECC */
wolfSSL 15:117db924cf7c 35811
wolfSSL 15:117db924cf7c 35812 #ifdef HAVE_ED25519
wolfSSL 15:117db924cf7c 35813 void wolfSSL_CTX_SetEd25519SignCb(WOLFSSL_CTX* ctx, CallbackEd25519Sign cb)
wolfSSL 15:117db924cf7c 35814 {
wolfSSL 15:117db924cf7c 35815 if (ctx)
wolfSSL 15:117db924cf7c 35816 ctx->Ed25519SignCb = cb;
wolfSSL 15:117db924cf7c 35817 }
wolfSSL 15:117db924cf7c 35818 void wolfSSL_SetEd25519SignCtx(WOLFSSL* ssl, void *ctx)
wolfSSL 15:117db924cf7c 35819 {
wolfSSL 15:117db924cf7c 35820 if (ssl)
wolfSSL 15:117db924cf7c 35821 ssl->Ed25519SignCtx = ctx;
wolfSSL 15:117db924cf7c 35822 }
wolfSSL 15:117db924cf7c 35823 void* wolfSSL_GetEd25519SignCtx(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 35824 {
wolfSSL 15:117db924cf7c 35825 if (ssl)
wolfSSL 15:117db924cf7c 35826 return ssl->Ed25519SignCtx;
wolfSSL 15:117db924cf7c 35827
wolfSSL 15:117db924cf7c 35828 return NULL;
wolfSSL 15:117db924cf7c 35829 }
wolfSSL 15:117db924cf7c 35830
wolfSSL 15:117db924cf7c 35831 void wolfSSL_CTX_SetEd25519VerifyCb(WOLFSSL_CTX* ctx, CallbackEd25519Verify cb)
wolfSSL 15:117db924cf7c 35832 {
wolfSSL 15:117db924cf7c 35833 if (ctx)
wolfSSL 15:117db924cf7c 35834 ctx->Ed25519VerifyCb = cb;
wolfSSL 15:117db924cf7c 35835 }
wolfSSL 15:117db924cf7c 35836 void wolfSSL_SetEd25519VerifyCtx(WOLFSSL* ssl, void *ctx)
wolfSSL 15:117db924cf7c 35837 {
wolfSSL 15:117db924cf7c 35838 if (ssl)
wolfSSL 15:117db924cf7c 35839 ssl->Ed25519VerifyCtx = ctx;
wolfSSL 15:117db924cf7c 35840 }
wolfSSL 15:117db924cf7c 35841 void* wolfSSL_GetEd25519VerifyCtx(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 35842 {
wolfSSL 15:117db924cf7c 35843 if (ssl)
wolfSSL 15:117db924cf7c 35844 return ssl->Ed25519VerifyCtx;
wolfSSL 15:117db924cf7c 35845
wolfSSL 15:117db924cf7c 35846 return NULL;
wolfSSL 15:117db924cf7c 35847 }
wolfSSL 15:117db924cf7c 35848 #endif /* HAVE_ED25519 */
wolfSSL 15:117db924cf7c 35849
wolfSSL 15:117db924cf7c 35850 #ifdef HAVE_CURVE25519
wolfSSL 15:117db924cf7c 35851 void wolfSSL_CTX_SetX25519KeyGenCb(WOLFSSL_CTX* ctx,
wolfSSL 15:117db924cf7c 35852 CallbackX25519KeyGen cb)
wolfSSL 15:117db924cf7c 35853 {
wolfSSL 15:117db924cf7c 35854 if (ctx)
wolfSSL 15:117db924cf7c 35855 ctx->X25519KeyGenCb = cb;
wolfSSL 15:117db924cf7c 35856 }
wolfSSL 15:117db924cf7c 35857 void wolfSSL_SetX25519KeyGenCtx(WOLFSSL* ssl, void *ctx)
wolfSSL 15:117db924cf7c 35858 {
wolfSSL 15:117db924cf7c 35859 if (ssl)
wolfSSL 15:117db924cf7c 35860 ssl->X25519KeyGenCtx = ctx;
wolfSSL 15:117db924cf7c 35861 }
wolfSSL 15:117db924cf7c 35862 void* wolfSSL_GetX25519KeyGenCtx(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 35863 {
wolfSSL 15:117db924cf7c 35864 if (ssl)
wolfSSL 15:117db924cf7c 35865 return ssl->X25519KeyGenCtx;
wolfSSL 15:117db924cf7c 35866
wolfSSL 15:117db924cf7c 35867 return NULL;
wolfSSL 15:117db924cf7c 35868 }
wolfSSL 15:117db924cf7c 35869
wolfSSL 15:117db924cf7c 35870 void wolfSSL_CTX_SetX25519SharedSecretCb(WOLFSSL_CTX* ctx,
wolfSSL 15:117db924cf7c 35871 CallbackX25519SharedSecret cb)
wolfSSL 15:117db924cf7c 35872 {
wolfSSL 15:117db924cf7c 35873 if (ctx)
wolfSSL 15:117db924cf7c 35874 ctx->X25519SharedSecretCb = cb;
wolfSSL 15:117db924cf7c 35875 }
wolfSSL 15:117db924cf7c 35876 void wolfSSL_SetX25519SharedSecretCtx(WOLFSSL* ssl, void *ctx)
wolfSSL 15:117db924cf7c 35877 {
wolfSSL 15:117db924cf7c 35878 if (ssl)
wolfSSL 15:117db924cf7c 35879 ssl->X25519SharedSecretCtx = ctx;
wolfSSL 15:117db924cf7c 35880 }
wolfSSL 15:117db924cf7c 35881 void* wolfSSL_GetX25519SharedSecretCtx(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 35882 {
wolfSSL 15:117db924cf7c 35883 if (ssl)
wolfSSL 15:117db924cf7c 35884 return ssl->X25519SharedSecretCtx;
wolfSSL 15:117db924cf7c 35885
wolfSSL 15:117db924cf7c 35886 return NULL;
wolfSSL 15:117db924cf7c 35887 }
wolfSSL 15:117db924cf7c 35888 #endif /* HAVE_CURVE25519 */
wolfSSL 15:117db924cf7c 35889
wolfSSL 16:8e0d178b1d1e 35890 #ifdef HAVE_ED448
wolfSSL 16:8e0d178b1d1e 35891 void wolfSSL_CTX_SetEd448SignCb(WOLFSSL_CTX* ctx, CallbackEd448Sign cb)
wolfSSL 16:8e0d178b1d1e 35892 {
wolfSSL 16:8e0d178b1d1e 35893 if (ctx)
wolfSSL 16:8e0d178b1d1e 35894 ctx->Ed448SignCb = cb;
wolfSSL 16:8e0d178b1d1e 35895 }
wolfSSL 16:8e0d178b1d1e 35896 void wolfSSL_SetEd448SignCtx(WOLFSSL* ssl, void *ctx)
wolfSSL 16:8e0d178b1d1e 35897 {
wolfSSL 16:8e0d178b1d1e 35898 if (ssl)
wolfSSL 16:8e0d178b1d1e 35899 ssl->Ed448SignCtx = ctx;
wolfSSL 16:8e0d178b1d1e 35900 }
wolfSSL 16:8e0d178b1d1e 35901 void* wolfSSL_GetEd448SignCtx(WOLFSSL* ssl)
wolfSSL 16:8e0d178b1d1e 35902 {
wolfSSL 16:8e0d178b1d1e 35903 if (ssl)
wolfSSL 16:8e0d178b1d1e 35904 return ssl->Ed448SignCtx;
wolfSSL 16:8e0d178b1d1e 35905
wolfSSL 16:8e0d178b1d1e 35906 return NULL;
wolfSSL 16:8e0d178b1d1e 35907 }
wolfSSL 16:8e0d178b1d1e 35908
wolfSSL 16:8e0d178b1d1e 35909 void wolfSSL_CTX_SetEd448VerifyCb(WOLFSSL_CTX* ctx, CallbackEd448Verify cb)
wolfSSL 16:8e0d178b1d1e 35910 {
wolfSSL 16:8e0d178b1d1e 35911 if (ctx)
wolfSSL 16:8e0d178b1d1e 35912 ctx->Ed448VerifyCb = cb;
wolfSSL 16:8e0d178b1d1e 35913 }
wolfSSL 16:8e0d178b1d1e 35914 void wolfSSL_SetEd448VerifyCtx(WOLFSSL* ssl, void *ctx)
wolfSSL 16:8e0d178b1d1e 35915 {
wolfSSL 16:8e0d178b1d1e 35916 if (ssl)
wolfSSL 16:8e0d178b1d1e 35917 ssl->Ed448VerifyCtx = ctx;
wolfSSL 16:8e0d178b1d1e 35918 }
wolfSSL 16:8e0d178b1d1e 35919 void* wolfSSL_GetEd448VerifyCtx(WOLFSSL* ssl)
wolfSSL 16:8e0d178b1d1e 35920 {
wolfSSL 16:8e0d178b1d1e 35921 if (ssl)
wolfSSL 16:8e0d178b1d1e 35922 return ssl->Ed448VerifyCtx;
wolfSSL 16:8e0d178b1d1e 35923
wolfSSL 16:8e0d178b1d1e 35924 return NULL;
wolfSSL 16:8e0d178b1d1e 35925 }
wolfSSL 16:8e0d178b1d1e 35926 #endif /* HAVE_ED448 */
wolfSSL 16:8e0d178b1d1e 35927
wolfSSL 16:8e0d178b1d1e 35928 #ifdef HAVE_CURVE448
wolfSSL 16:8e0d178b1d1e 35929 void wolfSSL_CTX_SetX448KeyGenCb(WOLFSSL_CTX* ctx,
wolfSSL 16:8e0d178b1d1e 35930 CallbackX448KeyGen cb)
wolfSSL 16:8e0d178b1d1e 35931 {
wolfSSL 16:8e0d178b1d1e 35932 if (ctx)
wolfSSL 16:8e0d178b1d1e 35933 ctx->X448KeyGenCb = cb;
wolfSSL 16:8e0d178b1d1e 35934 }
wolfSSL 16:8e0d178b1d1e 35935 void wolfSSL_SetX448KeyGenCtx(WOLFSSL* ssl, void *ctx)
wolfSSL 16:8e0d178b1d1e 35936 {
wolfSSL 16:8e0d178b1d1e 35937 if (ssl)
wolfSSL 16:8e0d178b1d1e 35938 ssl->X448KeyGenCtx = ctx;
wolfSSL 16:8e0d178b1d1e 35939 }
wolfSSL 16:8e0d178b1d1e 35940 void* wolfSSL_GetX448KeyGenCtx(WOLFSSL* ssl)
wolfSSL 16:8e0d178b1d1e 35941 {
wolfSSL 16:8e0d178b1d1e 35942 if (ssl)
wolfSSL 16:8e0d178b1d1e 35943 return ssl->X448KeyGenCtx;
wolfSSL 16:8e0d178b1d1e 35944
wolfSSL 16:8e0d178b1d1e 35945 return NULL;
wolfSSL 16:8e0d178b1d1e 35946 }
wolfSSL 16:8e0d178b1d1e 35947
wolfSSL 16:8e0d178b1d1e 35948 void wolfSSL_CTX_SetX448SharedSecretCb(WOLFSSL_CTX* ctx,
wolfSSL 16:8e0d178b1d1e 35949 CallbackX448SharedSecret cb)
wolfSSL 16:8e0d178b1d1e 35950 {
wolfSSL 16:8e0d178b1d1e 35951 if (ctx)
wolfSSL 16:8e0d178b1d1e 35952 ctx->X448SharedSecretCb = cb;
wolfSSL 16:8e0d178b1d1e 35953 }
wolfSSL 16:8e0d178b1d1e 35954 void wolfSSL_SetX448SharedSecretCtx(WOLFSSL* ssl, void *ctx)
wolfSSL 16:8e0d178b1d1e 35955 {
wolfSSL 16:8e0d178b1d1e 35956 if (ssl)
wolfSSL 16:8e0d178b1d1e 35957 ssl->X448SharedSecretCtx = ctx;
wolfSSL 16:8e0d178b1d1e 35958 }
wolfSSL 16:8e0d178b1d1e 35959 void* wolfSSL_GetX448SharedSecretCtx(WOLFSSL* ssl)
wolfSSL 16:8e0d178b1d1e 35960 {
wolfSSL 16:8e0d178b1d1e 35961 if (ssl)
wolfSSL 16:8e0d178b1d1e 35962 return ssl->X448SharedSecretCtx;
wolfSSL 16:8e0d178b1d1e 35963
wolfSSL 16:8e0d178b1d1e 35964 return NULL;
wolfSSL 16:8e0d178b1d1e 35965 }
wolfSSL 16:8e0d178b1d1e 35966 #endif /* HAVE_CURVE448 */
wolfSSL 16:8e0d178b1d1e 35967
wolfSSL 15:117db924cf7c 35968 #ifndef NO_RSA
wolfSSL 15:117db924cf7c 35969 void wolfSSL_CTX_SetRsaSignCb(WOLFSSL_CTX* ctx, CallbackRsaSign cb)
wolfSSL 15:117db924cf7c 35970 {
wolfSSL 15:117db924cf7c 35971 if (ctx)
wolfSSL 15:117db924cf7c 35972 ctx->RsaSignCb = cb;
wolfSSL 15:117db924cf7c 35973 }
wolfSSL 15:117db924cf7c 35974 void wolfSSL_CTX_SetRsaSignCheckCb(WOLFSSL_CTX* ctx, CallbackRsaVerify cb)
wolfSSL 15:117db924cf7c 35975 {
wolfSSL 15:117db924cf7c 35976 if (ctx)
wolfSSL 15:117db924cf7c 35977 ctx->RsaSignCheckCb = cb;
wolfSSL 15:117db924cf7c 35978 }
wolfSSL 15:117db924cf7c 35979 void wolfSSL_SetRsaSignCtx(WOLFSSL* ssl, void *ctx)
wolfSSL 15:117db924cf7c 35980 {
wolfSSL 15:117db924cf7c 35981 if (ssl)
wolfSSL 15:117db924cf7c 35982 ssl->RsaSignCtx = ctx;
wolfSSL 15:117db924cf7c 35983 }
wolfSSL 15:117db924cf7c 35984 void* wolfSSL_GetRsaSignCtx(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 35985 {
wolfSSL 15:117db924cf7c 35986 if (ssl)
wolfSSL 15:117db924cf7c 35987 return ssl->RsaSignCtx;
wolfSSL 15:117db924cf7c 35988
wolfSSL 15:117db924cf7c 35989 return NULL;
wolfSSL 15:117db924cf7c 35990 }
wolfSSL 15:117db924cf7c 35991
wolfSSL 15:117db924cf7c 35992
wolfSSL 15:117db924cf7c 35993 void wolfSSL_CTX_SetRsaVerifyCb(WOLFSSL_CTX* ctx, CallbackRsaVerify cb)
wolfSSL 15:117db924cf7c 35994 {
wolfSSL 15:117db924cf7c 35995 if (ctx)
wolfSSL 15:117db924cf7c 35996 ctx->RsaVerifyCb = cb;
wolfSSL 15:117db924cf7c 35997 }
wolfSSL 15:117db924cf7c 35998 void wolfSSL_SetRsaVerifyCtx(WOLFSSL* ssl, void *ctx)
wolfSSL 15:117db924cf7c 35999 {
wolfSSL 15:117db924cf7c 36000 if (ssl)
wolfSSL 15:117db924cf7c 36001 ssl->RsaVerifyCtx = ctx;
wolfSSL 15:117db924cf7c 36002 }
wolfSSL 15:117db924cf7c 36003 void* wolfSSL_GetRsaVerifyCtx(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 36004 {
wolfSSL 15:117db924cf7c 36005 if (ssl)
wolfSSL 15:117db924cf7c 36006 return ssl->RsaVerifyCtx;
wolfSSL 15:117db924cf7c 36007
wolfSSL 15:117db924cf7c 36008 return NULL;
wolfSSL 15:117db924cf7c 36009 }
wolfSSL 15:117db924cf7c 36010
wolfSSL 15:117db924cf7c 36011 #ifdef WC_RSA_PSS
wolfSSL 15:117db924cf7c 36012 void wolfSSL_CTX_SetRsaPssSignCb(WOLFSSL_CTX* ctx, CallbackRsaPssSign cb)
wolfSSL 15:117db924cf7c 36013 {
wolfSSL 15:117db924cf7c 36014 if (ctx)
wolfSSL 15:117db924cf7c 36015 ctx->RsaPssSignCb = cb;
wolfSSL 15:117db924cf7c 36016 }
wolfSSL 15:117db924cf7c 36017 void wolfSSL_CTX_SetRsaPssSignCheckCb(WOLFSSL_CTX* ctx, CallbackRsaPssVerify cb)
wolfSSL 15:117db924cf7c 36018 {
wolfSSL 15:117db924cf7c 36019 if (ctx)
wolfSSL 15:117db924cf7c 36020 ctx->RsaPssSignCheckCb = cb;
wolfSSL 15:117db924cf7c 36021 }
wolfSSL 15:117db924cf7c 36022 void wolfSSL_SetRsaPssSignCtx(WOLFSSL* ssl, void *ctx)
wolfSSL 15:117db924cf7c 36023 {
wolfSSL 15:117db924cf7c 36024 if (ssl)
wolfSSL 15:117db924cf7c 36025 ssl->RsaPssSignCtx = ctx;
wolfSSL 15:117db924cf7c 36026 }
wolfSSL 15:117db924cf7c 36027 void* wolfSSL_GetRsaPssSignCtx(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 36028 {
wolfSSL 15:117db924cf7c 36029 if (ssl)
wolfSSL 15:117db924cf7c 36030 return ssl->RsaPssSignCtx;
wolfSSL 15:117db924cf7c 36031
wolfSSL 15:117db924cf7c 36032 return NULL;
wolfSSL 15:117db924cf7c 36033 }
wolfSSL 15:117db924cf7c 36034
wolfSSL 15:117db924cf7c 36035 void wolfSSL_CTX_SetRsaPssVerifyCb(WOLFSSL_CTX* ctx, CallbackRsaPssVerify cb)
wolfSSL 15:117db924cf7c 36036 {
wolfSSL 15:117db924cf7c 36037 if (ctx)
wolfSSL 15:117db924cf7c 36038 ctx->RsaPssVerifyCb = cb;
wolfSSL 15:117db924cf7c 36039 }
wolfSSL 15:117db924cf7c 36040 void wolfSSL_SetRsaPssVerifyCtx(WOLFSSL* ssl, void *ctx)
wolfSSL 15:117db924cf7c 36041 {
wolfSSL 15:117db924cf7c 36042 if (ssl)
wolfSSL 15:117db924cf7c 36043 ssl->RsaPssVerifyCtx = ctx;
wolfSSL 15:117db924cf7c 36044 }
wolfSSL 15:117db924cf7c 36045 void* wolfSSL_GetRsaPssVerifyCtx(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 36046 {
wolfSSL 15:117db924cf7c 36047 if (ssl)
wolfSSL 15:117db924cf7c 36048 return ssl->RsaPssVerifyCtx;
wolfSSL 15:117db924cf7c 36049
wolfSSL 15:117db924cf7c 36050 return NULL;
wolfSSL 15:117db924cf7c 36051 }
wolfSSL 15:117db924cf7c 36052 #endif /* WC_RSA_PSS */
wolfSSL 15:117db924cf7c 36053
wolfSSL 15:117db924cf7c 36054 void wolfSSL_CTX_SetRsaEncCb(WOLFSSL_CTX* ctx, CallbackRsaEnc cb)
wolfSSL 15:117db924cf7c 36055 {
wolfSSL 15:117db924cf7c 36056 if (ctx)
wolfSSL 15:117db924cf7c 36057 ctx->RsaEncCb = cb;
wolfSSL 15:117db924cf7c 36058 }
wolfSSL 15:117db924cf7c 36059 void wolfSSL_SetRsaEncCtx(WOLFSSL* ssl, void *ctx)
wolfSSL 15:117db924cf7c 36060 {
wolfSSL 15:117db924cf7c 36061 if (ssl)
wolfSSL 15:117db924cf7c 36062 ssl->RsaEncCtx = ctx;
wolfSSL 15:117db924cf7c 36063 }
wolfSSL 15:117db924cf7c 36064 void* wolfSSL_GetRsaEncCtx(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 36065 {
wolfSSL 15:117db924cf7c 36066 if (ssl)
wolfSSL 15:117db924cf7c 36067 return ssl->RsaEncCtx;
wolfSSL 15:117db924cf7c 36068
wolfSSL 15:117db924cf7c 36069 return NULL;
wolfSSL 15:117db924cf7c 36070 }
wolfSSL 15:117db924cf7c 36071
wolfSSL 15:117db924cf7c 36072 void wolfSSL_CTX_SetRsaDecCb(WOLFSSL_CTX* ctx, CallbackRsaDec cb)
wolfSSL 15:117db924cf7c 36073 {
wolfSSL 15:117db924cf7c 36074 if (ctx)
wolfSSL 15:117db924cf7c 36075 ctx->RsaDecCb = cb;
wolfSSL 15:117db924cf7c 36076 }
wolfSSL 15:117db924cf7c 36077 void wolfSSL_SetRsaDecCtx(WOLFSSL* ssl, void *ctx)
wolfSSL 15:117db924cf7c 36078 {
wolfSSL 15:117db924cf7c 36079 if (ssl)
wolfSSL 15:117db924cf7c 36080 ssl->RsaDecCtx = ctx;
wolfSSL 15:117db924cf7c 36081 }
wolfSSL 15:117db924cf7c 36082 void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 36083 {
wolfSSL 15:117db924cf7c 36084 if (ssl)
wolfSSL 15:117db924cf7c 36085 return ssl->RsaDecCtx;
wolfSSL 15:117db924cf7c 36086
wolfSSL 15:117db924cf7c 36087 return NULL;
wolfSSL 15:117db924cf7c 36088 }
wolfSSL 15:117db924cf7c 36089 #endif /* NO_RSA */
wolfSSL 15:117db924cf7c 36090
wolfSSL 15:117db924cf7c 36091 #endif /* HAVE_PK_CALLBACKS */
wolfSSL 15:117db924cf7c 36092 #endif /* NO_CERTS */
wolfSSL 15:117db924cf7c 36093
wolfSSL 15:117db924cf7c 36094 #if defined(HAVE_PK_CALLBACKS) && !defined(NO_DH)
wolfSSL 15:117db924cf7c 36095 void wolfSSL_CTX_SetDhAgreeCb(WOLFSSL_CTX* ctx, CallbackDhAgree cb)
wolfSSL 15:117db924cf7c 36096 {
wolfSSL 15:117db924cf7c 36097 if (ctx)
wolfSSL 15:117db924cf7c 36098 ctx->DhAgreeCb = cb;
wolfSSL 15:117db924cf7c 36099 }
wolfSSL 15:117db924cf7c 36100 void wolfSSL_SetDhAgreeCtx(WOLFSSL* ssl, void *ctx)
wolfSSL 15:117db924cf7c 36101 {
wolfSSL 15:117db924cf7c 36102 if (ssl)
wolfSSL 15:117db924cf7c 36103 ssl->DhAgreeCtx = ctx;
wolfSSL 15:117db924cf7c 36104 }
wolfSSL 15:117db924cf7c 36105 void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 36106 {
wolfSSL 15:117db924cf7c 36107 if (ssl)
wolfSSL 15:117db924cf7c 36108 return ssl->DhAgreeCtx;
wolfSSL 15:117db924cf7c 36109
wolfSSL 15:117db924cf7c 36110 return NULL;
wolfSSL 15:117db924cf7c 36111 }
wolfSSL 15:117db924cf7c 36112 #endif /* HAVE_PK_CALLBACKS && !NO_DH */
wolfSSL 15:117db924cf7c 36113
wolfSSL 15:117db924cf7c 36114
wolfSSL 15:117db924cf7c 36115 #ifdef WOLFSSL_HAVE_WOLFSCEP
wolfSSL 15:117db924cf7c 36116 /* Used by autoconf to see if wolfSCEP is available */
wolfSSL 15:117db924cf7c 36117 void wolfSSL_wolfSCEP(void) {}
wolfSSL 15:117db924cf7c 36118 #endif
wolfSSL 15:117db924cf7c 36119
wolfSSL 15:117db924cf7c 36120
wolfSSL 15:117db924cf7c 36121 #ifdef WOLFSSL_HAVE_CERT_SERVICE
wolfSSL 15:117db924cf7c 36122 /* Used by autoconf to see if cert service is available */
wolfSSL 15:117db924cf7c 36123 void wolfSSL_cert_service(void) {}
wolfSSL 15:117db924cf7c 36124 #endif
wolfSSL 15:117db924cf7c 36125
wolfSSL 16:8e0d178b1d1e 36126 #ifdef OPENSSL_EXTRA
wolfSSL 15:117db924cf7c 36127 #ifndef NO_CERTS
wolfSSL 16:8e0d178b1d1e 36128 void wolfSSL_X509_NAME_free(WOLFSSL_X509_NAME *name)
wolfSSL 16:8e0d178b1d1e 36129 {
wolfSSL 15:117db924cf7c 36130 WOLFSSL_ENTER("wolfSSL_X509_NAME_free");
wolfSSL 15:117db924cf7c 36131 FreeX509Name(name, NULL);
wolfSSL 15:117db924cf7c 36132 XFREE(name, NULL, DYNAMIC_TYPE_X509);
wolfSSL 15:117db924cf7c 36133 }
wolfSSL 15:117db924cf7c 36134
wolfSSL 15:117db924cf7c 36135
wolfSSL 15:117db924cf7c 36136 /* Malloc's a new WOLFSSL_X509_NAME structure
wolfSSL 15:117db924cf7c 36137 *
wolfSSL 15:117db924cf7c 36138 * returns NULL on failure, otherwise returns a new structure.
wolfSSL 15:117db924cf7c 36139 */
wolfSSL 16:8e0d178b1d1e 36140 WOLFSSL_X509_NAME* wolfSSL_X509_NAME_new(void)
wolfSSL 15:117db924cf7c 36141 {
wolfSSL 15:117db924cf7c 36142 WOLFSSL_X509_NAME* name;
wolfSSL 15:117db924cf7c 36143
wolfSSL 15:117db924cf7c 36144 WOLFSSL_ENTER("wolfSSL_X509_NAME_new");
wolfSSL 15:117db924cf7c 36145
wolfSSL 15:117db924cf7c 36146 name = (WOLFSSL_X509_NAME*)XMALLOC(sizeof(WOLFSSL_X509_NAME), NULL,
wolfSSL 15:117db924cf7c 36147 DYNAMIC_TYPE_X509);
wolfSSL 15:117db924cf7c 36148 if (name != NULL) {
wolfSSL 15:117db924cf7c 36149 InitX509Name(name, 1);
wolfSSL 15:117db924cf7c 36150 }
wolfSSL 15:117db924cf7c 36151 return name;
wolfSSL 15:117db924cf7c 36152 }
wolfSSL 15:117db924cf7c 36153
wolfSSL 16:8e0d178b1d1e 36154 /* Creates a duplicate of a WOLFSSL_X509_NAME structure.
wolfSSL 16:8e0d178b1d1e 36155 Returns a new WOLFSSL_X509_NAME structure or NULL on failure */
wolfSSL 16:8e0d178b1d1e 36156 WOLFSSL_X509_NAME* wolfSSL_X509_NAME_dup(WOLFSSL_X509_NAME *name)
wolfSSL 16:8e0d178b1d1e 36157 {
wolfSSL 16:8e0d178b1d1e 36158 WOLFSSL_X509_NAME* dup = NULL;
wolfSSL 16:8e0d178b1d1e 36159
wolfSSL 16:8e0d178b1d1e 36160 WOLFSSL_ENTER("wolfSSL_X509_NAME_dup");
wolfSSL 16:8e0d178b1d1e 36161
wolfSSL 16:8e0d178b1d1e 36162 if (name == NULL) {
wolfSSL 16:8e0d178b1d1e 36163 WOLFSSL_MSG("NULL parameter");
wolfSSL 16:8e0d178b1d1e 36164 return NULL;
wolfSSL 16:8e0d178b1d1e 36165 }
wolfSSL 16:8e0d178b1d1e 36166
wolfSSL 16:8e0d178b1d1e 36167 if (!(dup = wolfSSL_X509_NAME_new())) {
wolfSSL 16:8e0d178b1d1e 36168 return NULL;
wolfSSL 16:8e0d178b1d1e 36169 }
wolfSSL 16:8e0d178b1d1e 36170
wolfSSL 16:8e0d178b1d1e 36171 /* copy contents */
wolfSSL 16:8e0d178b1d1e 36172 XMEMCPY(dup, name, sizeof(WOLFSSL_X509_NAME));
wolfSSL 16:8e0d178b1d1e 36173 InitX509Name(dup, 1);
wolfSSL 16:8e0d178b1d1e 36174 dup->sz = name->sz;
wolfSSL 16:8e0d178b1d1e 36175
wolfSSL 16:8e0d178b1d1e 36176 /* handle dynamic portions */
wolfSSL 16:8e0d178b1d1e 36177 if (name->dynamicName) {
wolfSSL 16:8e0d178b1d1e 36178 if (!(dup->name = (char*)XMALLOC(name->sz, 0,
wolfSSL 16:8e0d178b1d1e 36179 DYNAMIC_TYPE_OPENSSL))) {
wolfSSL 16:8e0d178b1d1e 36180 goto err;
wolfSSL 16:8e0d178b1d1e 36181 }
wolfSSL 16:8e0d178b1d1e 36182 }
wolfSSL 16:8e0d178b1d1e 36183 XMEMCPY(dup->name, name->name, name->sz);
wolfSSL 16:8e0d178b1d1e 36184 #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
wolfSSL 16:8e0d178b1d1e 36185 !defined(NO_ASN)
wolfSSL 16:8e0d178b1d1e 36186 if (!(dup->fullName.fullName = (char*)XMALLOC(name->fullName.fullNameLen,
wolfSSL 16:8e0d178b1d1e 36187 0, DYNAMIC_TYPE_OPENSSL))) {
wolfSSL 16:8e0d178b1d1e 36188 goto err;
wolfSSL 16:8e0d178b1d1e 36189 }
wolfSSL 16:8e0d178b1d1e 36190 XMEMCPY(dup->fullName.fullName, name->fullName.fullName,
wolfSSL 16:8e0d178b1d1e 36191 name->fullName.fullNameLen);
wolfSSL 16:8e0d178b1d1e 36192 #endif
wolfSSL 16:8e0d178b1d1e 36193
wolfSSL 16:8e0d178b1d1e 36194 return dup;
wolfSSL 16:8e0d178b1d1e 36195
wolfSSL 16:8e0d178b1d1e 36196 err:
wolfSSL 16:8e0d178b1d1e 36197 if (dup) {
wolfSSL 16:8e0d178b1d1e 36198 if (dup->dynamicName && dup->name) {
wolfSSL 16:8e0d178b1d1e 36199 XFREE(dup->name, 0, DYNAMIC_TYPE_OPENSSL);
wolfSSL 16:8e0d178b1d1e 36200 dup->name = NULL;
wolfSSL 16:8e0d178b1d1e 36201 }
wolfSSL 16:8e0d178b1d1e 36202 #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
wolfSSL 16:8e0d178b1d1e 36203 !defined(NO_ASN)
wolfSSL 16:8e0d178b1d1e 36204 if (dup->fullName.fullName &&
wolfSSL 16:8e0d178b1d1e 36205 dup->fullName.fullName != name->fullName.fullName) {
wolfSSL 16:8e0d178b1d1e 36206 XFREE(dup->fullName.fullName, 0, DYNAMIC_TYPE_OPENSSL);
wolfSSL 16:8e0d178b1d1e 36207 dup->fullName.fullName = NULL;
wolfSSL 16:8e0d178b1d1e 36208 }
wolfSSL 16:8e0d178b1d1e 36209 #endif
wolfSSL 16:8e0d178b1d1e 36210 wolfSSL_X509_NAME_free(dup);
wolfSSL 16:8e0d178b1d1e 36211 }
wolfSSL 16:8e0d178b1d1e 36212 return NULL;
wolfSSL 16:8e0d178b1d1e 36213 }
wolfSSL 16:8e0d178b1d1e 36214
wolfSSL 16:8e0d178b1d1e 36215 #if defined(WOLFSSL_CERT_GEN)
wolfSSL 15:117db924cf7c 36216 /* helper function for CopyX509NameToCertName()
wolfSSL 15:117db924cf7c 36217 *
wolfSSL 15:117db924cf7c 36218 * returns WOLFSSL_SUCCESS on success
wolfSSL 15:117db924cf7c 36219 */
wolfSSL 15:117db924cf7c 36220 static int CopyX509NameEntry(char* out, int mx, char* in, int inLen)
wolfSSL 15:117db924cf7c 36221 {
wolfSSL 15:117db924cf7c 36222 if (inLen > mx) {
wolfSSL 15:117db924cf7c 36223 WOLFSSL_MSG("Name too long");
wolfSSL 15:117db924cf7c 36224 XMEMCPY(out, in, mx);
wolfSSL 15:117db924cf7c 36225 }
wolfSSL 15:117db924cf7c 36226 else {
wolfSSL 15:117db924cf7c 36227 XMEMCPY(out, in, inLen);
wolfSSL 15:117db924cf7c 36228 out[inLen] = '\0';
wolfSSL 15:117db924cf7c 36229 }
wolfSSL 15:117db924cf7c 36230
wolfSSL 15:117db924cf7c 36231 /* make sure is null terminated */
wolfSSL 15:117db924cf7c 36232 out[mx-1] = '\0';
wolfSSL 15:117db924cf7c 36233
wolfSSL 15:117db924cf7c 36234 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 36235 }
wolfSSL 15:117db924cf7c 36236
wolfSSL 15:117db924cf7c 36237
wolfSSL 15:117db924cf7c 36238 /* Helper function to copy cert name from a WOLFSSL_X509_NAME structure to
wolfSSL 15:117db924cf7c 36239 * a CertName structure.
wolfSSL 15:117db924cf7c 36240 *
wolfSSL 15:117db924cf7c 36241 * returns WOLFSSL_SUCCESS on success and a negative error value on failure
wolfSSL 15:117db924cf7c 36242 */
wolfSSL 15:117db924cf7c 36243 static int CopyX509NameToCertName(WOLFSSL_X509_NAME* n, CertName* cName)
wolfSSL 15:117db924cf7c 36244 {
wolfSSL 15:117db924cf7c 36245 DecodedName* dn = NULL;
wolfSSL 15:117db924cf7c 36246
wolfSSL 15:117db924cf7c 36247 if (n == NULL || cName == NULL) {
wolfSSL 15:117db924cf7c 36248 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 36249 }
wolfSSL 15:117db924cf7c 36250
wolfSSL 15:117db924cf7c 36251 dn = &(n->fullName);
wolfSSL 15:117db924cf7c 36252
wolfSSL 15:117db924cf7c 36253 /* initialize cert name */
wolfSSL 15:117db924cf7c 36254 cName->country[0] = '\0';
wolfSSL 15:117db924cf7c 36255 cName->countryEnc = CTC_PRINTABLE;
wolfSSL 15:117db924cf7c 36256 cName->state[0] = '\0';
wolfSSL 15:117db924cf7c 36257 cName->stateEnc = CTC_UTF8;
wolfSSL 15:117db924cf7c 36258 cName->locality[0] = '\0';
wolfSSL 15:117db924cf7c 36259 cName->localityEnc = CTC_UTF8;
wolfSSL 15:117db924cf7c 36260 cName->sur[0] = '\0';
wolfSSL 15:117db924cf7c 36261 cName->surEnc = CTC_UTF8;
wolfSSL 15:117db924cf7c 36262 cName->org[0] = '\0';
wolfSSL 15:117db924cf7c 36263 cName->orgEnc = CTC_UTF8;
wolfSSL 15:117db924cf7c 36264 cName->unit[0] = '\0';
wolfSSL 15:117db924cf7c 36265 cName->unitEnc = CTC_UTF8;
wolfSSL 15:117db924cf7c 36266 cName->commonName[0] = '\0';
wolfSSL 15:117db924cf7c 36267 cName->commonNameEnc = CTC_UTF8;
wolfSSL 16:8e0d178b1d1e 36268 cName->serialDev[0] = '\0';
wolfSSL 16:8e0d178b1d1e 36269 cName->serialDevEnc = CTC_PRINTABLE;
wolfSSL 16:8e0d178b1d1e 36270 #ifdef WOLFSSL_CERT_EXT
wolfSSL 16:8e0d178b1d1e 36271 cName->busCat[0] = '\0';
wolfSSL 16:8e0d178b1d1e 36272 cName->busCatEnc = CTC_UTF8;
wolfSSL 16:8e0d178b1d1e 36273 cName->joiC[0] = '\0';
wolfSSL 16:8e0d178b1d1e 36274 cName->joiCEnc = CTC_PRINTABLE;
wolfSSL 16:8e0d178b1d1e 36275 cName->joiSt[0] = '\0';
wolfSSL 16:8e0d178b1d1e 36276 cName->joiStEnc = CTC_PRINTABLE;
wolfSSL 16:8e0d178b1d1e 36277 #endif
wolfSSL 15:117db924cf7c 36278 cName->email[0] = '\0';
wolfSSL 15:117db924cf7c 36279
wolfSSL 15:117db924cf7c 36280
wolfSSL 15:117db924cf7c 36281 /* ASN_COUNTRY_NAME */
wolfSSL 15:117db924cf7c 36282 WOLFSSL_MSG("Copy Country Name");
wolfSSL 15:117db924cf7c 36283 if (CopyX509NameEntry(cName->country, CTC_NAME_SIZE, dn->fullName + dn->cIdx,
wolfSSL 15:117db924cf7c 36284 dn->cLen) != SSL_SUCCESS) {
wolfSSL 15:117db924cf7c 36285 return BUFFER_E;
wolfSSL 15:117db924cf7c 36286 }
wolfSSL 15:117db924cf7c 36287
wolfSSL 15:117db924cf7c 36288 /* ASN_ORGUNIT_NAME */
wolfSSL 15:117db924cf7c 36289 WOLFSSL_MSG("Copy Org Unit Name");
wolfSSL 15:117db924cf7c 36290 if (CopyX509NameEntry(cName->unit, CTC_NAME_SIZE, dn->fullName + dn->ouIdx,
wolfSSL 15:117db924cf7c 36291 dn->ouLen) != SSL_SUCCESS) {
wolfSSL 15:117db924cf7c 36292 return BUFFER_E;
wolfSSL 15:117db924cf7c 36293 }
wolfSSL 15:117db924cf7c 36294
wolfSSL 15:117db924cf7c 36295 /* ASN_ORG_NAME */
wolfSSL 15:117db924cf7c 36296 WOLFSSL_MSG("Copy Org Name");
wolfSSL 15:117db924cf7c 36297 if (CopyX509NameEntry(cName->org, CTC_NAME_SIZE, dn->fullName + dn->oIdx,
wolfSSL 15:117db924cf7c 36298 dn->oLen) != SSL_SUCCESS) {
wolfSSL 15:117db924cf7c 36299 return BUFFER_E;
wolfSSL 15:117db924cf7c 36300 }
wolfSSL 15:117db924cf7c 36301
wolfSSL 15:117db924cf7c 36302 /* ASN_STATE_NAME */
wolfSSL 15:117db924cf7c 36303 WOLFSSL_MSG("Copy State Name");
wolfSSL 15:117db924cf7c 36304 if (CopyX509NameEntry(cName->state, CTC_NAME_SIZE, dn->fullName + dn->stIdx,
wolfSSL 15:117db924cf7c 36305 dn->stLen) != SSL_SUCCESS) {
wolfSSL 15:117db924cf7c 36306 return BUFFER_E;
wolfSSL 15:117db924cf7c 36307 }
wolfSSL 15:117db924cf7c 36308
wolfSSL 15:117db924cf7c 36309 /* ASN_LOCALITY_NAME */
wolfSSL 15:117db924cf7c 36310 WOLFSSL_MSG("Copy Locality Name");
wolfSSL 15:117db924cf7c 36311 if (CopyX509NameEntry(cName->locality, CTC_NAME_SIZE,
wolfSSL 15:117db924cf7c 36312 dn->fullName + dn->lIdx, dn->lLen)
wolfSSL 15:117db924cf7c 36313 != SSL_SUCCESS) {
wolfSSL 15:117db924cf7c 36314 return BUFFER_E;
wolfSSL 15:117db924cf7c 36315 }
wolfSSL 15:117db924cf7c 36316
wolfSSL 15:117db924cf7c 36317 /* ASN_SUR_NAME */
wolfSSL 15:117db924cf7c 36318 WOLFSSL_MSG("Copy Sur Name");
wolfSSL 15:117db924cf7c 36319 if (CopyX509NameEntry(cName->sur, CTC_NAME_SIZE, dn->fullName + dn->snIdx,
wolfSSL 15:117db924cf7c 36320 dn->snLen) != SSL_SUCCESS) {
wolfSSL 15:117db924cf7c 36321 return BUFFER_E;
wolfSSL 15:117db924cf7c 36322 }
wolfSSL 15:117db924cf7c 36323
wolfSSL 15:117db924cf7c 36324 /* ASN_COMMON_NAME */
wolfSSL 15:117db924cf7c 36325 WOLFSSL_MSG("Copy Common Name");
wolfSSL 15:117db924cf7c 36326 if (CopyX509NameEntry(cName->commonName, CTC_NAME_SIZE,
wolfSSL 15:117db924cf7c 36327 dn->fullName + dn->cnIdx, dn->cnLen)
wolfSSL 15:117db924cf7c 36328 != SSL_SUCCESS) {
wolfSSL 15:117db924cf7c 36329 return BUFFER_E;
wolfSSL 15:117db924cf7c 36330 }
wolfSSL 15:117db924cf7c 36331
wolfSSL 16:8e0d178b1d1e 36332 /* ASN_SERIAL_NUMBER */
wolfSSL 16:8e0d178b1d1e 36333 WOLFSSL_MSG("Copy Serial Number of Device");
wolfSSL 16:8e0d178b1d1e 36334 if (CopyX509NameEntry(cName->serialDev, CTC_NAME_SIZE,
wolfSSL 16:8e0d178b1d1e 36335 dn->fullName + dn->serialIdx, dn->serialLen)
wolfSSL 16:8e0d178b1d1e 36336 != SSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 36337 return BUFFER_E;
wolfSSL 16:8e0d178b1d1e 36338 }
wolfSSL 16:8e0d178b1d1e 36339
wolfSSL 16:8e0d178b1d1e 36340 #ifdef WOLFSSL_CERT_EXT
wolfSSL 16:8e0d178b1d1e 36341 /* ASN_BUS_CAT */
wolfSSL 16:8e0d178b1d1e 36342 WOLFSSL_MSG("Copy Business Category");
wolfSSL 16:8e0d178b1d1e 36343 if (CopyX509NameEntry(cName->busCat, CTC_NAME_SIZE,
wolfSSL 16:8e0d178b1d1e 36344 dn->fullName + dn->bcIdx, dn->bcLen)
wolfSSL 16:8e0d178b1d1e 36345 != SSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 36346 return BUFFER_E;
wolfSSL 16:8e0d178b1d1e 36347 }
wolfSSL 16:8e0d178b1d1e 36348
wolfSSL 16:8e0d178b1d1e 36349 /* JoI Country */
wolfSSL 16:8e0d178b1d1e 36350 WOLFSSL_MSG("Copy Jurisdiction of Incorporation Country");
wolfSSL 16:8e0d178b1d1e 36351 if (CopyX509NameEntry(cName->joiC, CTC_NAME_SIZE,
wolfSSL 16:8e0d178b1d1e 36352 dn->fullName + dn->jcIdx, dn->jcLen)
wolfSSL 16:8e0d178b1d1e 36353 != SSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 36354 return BUFFER_E;
wolfSSL 16:8e0d178b1d1e 36355 }
wolfSSL 16:8e0d178b1d1e 36356
wolfSSL 16:8e0d178b1d1e 36357 /* JoI State */
wolfSSL 16:8e0d178b1d1e 36358 WOLFSSL_MSG("Copy Jurisdiction of Incorporation State");
wolfSSL 16:8e0d178b1d1e 36359 if (CopyX509NameEntry(cName->joiSt, CTC_NAME_SIZE,
wolfSSL 16:8e0d178b1d1e 36360 dn->fullName + dn->jsIdx, dn->jsLen)
wolfSSL 16:8e0d178b1d1e 36361 != SSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 36362 return BUFFER_E;
wolfSSL 16:8e0d178b1d1e 36363 }
wolfSSL 16:8e0d178b1d1e 36364 #endif
wolfSSL 16:8e0d178b1d1e 36365
wolfSSL 15:117db924cf7c 36366 WOLFSSL_MSG("Copy Email");
wolfSSL 15:117db924cf7c 36367 if (CopyX509NameEntry(cName->email, CTC_NAME_SIZE,
wolfSSL 15:117db924cf7c 36368 dn->fullName + dn->emailIdx, dn->emailLen)
wolfSSL 15:117db924cf7c 36369 != SSL_SUCCESS) {
wolfSSL 15:117db924cf7c 36370 return BUFFER_E;
wolfSSL 15:117db924cf7c 36371 }
wolfSSL 15:117db924cf7c 36372
wolfSSL 15:117db924cf7c 36373 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 36374 }
wolfSSL 15:117db924cf7c 36375
wolfSSL 16:8e0d178b1d1e 36376 #ifdef WOLFSSL_CERT_REQ
wolfSSL 16:8e0d178b1d1e 36377 static int ReqCertFromX509(Cert* cert, WOLFSSL_X509* req)
wolfSSL 16:8e0d178b1d1e 36378 {
wolfSSL 16:8e0d178b1d1e 36379 int ret;
wolfSSL 16:8e0d178b1d1e 36380
wolfSSL 16:8e0d178b1d1e 36381 if (wc_InitCert(cert) != 0)
wolfSSL 16:8e0d178b1d1e 36382 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 36383
wolfSSL 16:8e0d178b1d1e 36384 ret = CopyX509NameToCertName(&req->subject, &cert->subject);
wolfSSL 16:8e0d178b1d1e 36385 if (ret == WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 36386 cert->version = req->version;
wolfSSL 16:8e0d178b1d1e 36387 cert->isCA = req->isCa;
wolfSSL 16:8e0d178b1d1e 36388 #ifdef WOLFSSL_CERT_EXT
wolfSSL 16:8e0d178b1d1e 36389 if (req->subjKeyIdSz != 0) {
wolfSSL 16:8e0d178b1d1e 36390 XMEMCPY(cert->skid, req->subjKeyId, req->subjKeyIdSz);
wolfSSL 16:8e0d178b1d1e 36391 cert->skidSz = req->subjKeyIdSz;
wolfSSL 16:8e0d178b1d1e 36392 }
wolfSSL 16:8e0d178b1d1e 36393 if (req->keyUsageSet)
wolfSSL 16:8e0d178b1d1e 36394 cert->keyUsage = req->keyUsage;
wolfSSL 16:8e0d178b1d1e 36395 /* Extended Key Usage not supported. */
wolfSSL 16:8e0d178b1d1e 36396 #endif
wolfSSL 16:8e0d178b1d1e 36397 }
wolfSSL 16:8e0d178b1d1e 36398
wolfSSL 16:8e0d178b1d1e 36399 return ret;
wolfSSL 16:8e0d178b1d1e 36400 }
wolfSSL 16:8e0d178b1d1e 36401 #endif
wolfSSL 16:8e0d178b1d1e 36402
wolfSSL 16:8e0d178b1d1e 36403 /* convert a WOLFSSL_X509 to a Cert structure for writing out */
wolfSSL 16:8e0d178b1d1e 36404 static int CertFromX509(Cert* cert, WOLFSSL_X509* x509)
wolfSSL 16:8e0d178b1d1e 36405 {
wolfSSL 16:8e0d178b1d1e 36406 int ret;
wolfSSL 16:8e0d178b1d1e 36407 #ifdef WOLFSSL_CERT_EXT
wolfSSL 16:8e0d178b1d1e 36408 int i;
wolfSSL 16:8e0d178b1d1e 36409 #endif
wolfSSL 16:8e0d178b1d1e 36410
wolfSSL 16:8e0d178b1d1e 36411 WOLFSSL_ENTER("wolfSSL_X509_to_Cert()");
wolfSSL 16:8e0d178b1d1e 36412
wolfSSL 16:8e0d178b1d1e 36413 if (x509 == NULL || cert == NULL) {
wolfSSL 16:8e0d178b1d1e 36414 return BAD_FUNC_ARG;
wolfSSL 16:8e0d178b1d1e 36415 }
wolfSSL 16:8e0d178b1d1e 36416
wolfSSL 16:8e0d178b1d1e 36417 wc_InitCert(cert);
wolfSSL 16:8e0d178b1d1e 36418
wolfSSL 16:8e0d178b1d1e 36419 cert->version = (int)wolfSSL_X509_get_version(x509);
wolfSSL 16:8e0d178b1d1e 36420
wolfSSL 16:8e0d178b1d1e 36421 #ifdef WOLFSSL_ALT_NAMES
wolfSSL 16:8e0d178b1d1e 36422 if (x509->notBefore.length > 0) {
wolfSSL 16:8e0d178b1d1e 36423 if ((x509->notBefore.length + 2) < CTC_DATE_SIZE) {
wolfSSL 16:8e0d178b1d1e 36424 cert->beforeDate[0] = x509->notBefore.type;
wolfSSL 16:8e0d178b1d1e 36425 cert->beforeDate[1] = x509->notBefore.length;
wolfSSL 16:8e0d178b1d1e 36426 XMEMCPY(&cert->beforeDate[2], x509->notBefore.data,
wolfSSL 16:8e0d178b1d1e 36427 x509->notBefore.length);
wolfSSL 16:8e0d178b1d1e 36428 cert->beforeDateSz = x509->notBefore.length + 2;
wolfSSL 16:8e0d178b1d1e 36429 }
wolfSSL 16:8e0d178b1d1e 36430 else {
wolfSSL 16:8e0d178b1d1e 36431 WOLFSSL_MSG("Not before date too large");
wolfSSL 16:8e0d178b1d1e 36432 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 36433 }
wolfSSL 16:8e0d178b1d1e 36434 }
wolfSSL 16:8e0d178b1d1e 36435 else {
wolfSSL 16:8e0d178b1d1e 36436 cert->beforeDateSz = 0;
wolfSSL 16:8e0d178b1d1e 36437 }
wolfSSL 16:8e0d178b1d1e 36438 if (x509->notAfter.length > 0) {
wolfSSL 16:8e0d178b1d1e 36439 if ((x509->notAfter.length + 2) < CTC_DATE_SIZE) {
wolfSSL 16:8e0d178b1d1e 36440 cert->afterDate[0] = x509->notAfter.type;
wolfSSL 16:8e0d178b1d1e 36441 cert->afterDate[1] = x509->notAfter.length;
wolfSSL 16:8e0d178b1d1e 36442 XMEMCPY(&cert->afterDate[2], x509->notAfter.data,
wolfSSL 16:8e0d178b1d1e 36443 x509->notAfter.length);
wolfSSL 16:8e0d178b1d1e 36444 cert->afterDateSz = x509->notAfter.length + 2;
wolfSSL 16:8e0d178b1d1e 36445 }
wolfSSL 16:8e0d178b1d1e 36446 else {
wolfSSL 16:8e0d178b1d1e 36447 WOLFSSL_MSG("Not after date too large");
wolfSSL 16:8e0d178b1d1e 36448 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 36449 }
wolfSSL 16:8e0d178b1d1e 36450 }
wolfSSL 16:8e0d178b1d1e 36451 else {
wolfSSL 16:8e0d178b1d1e 36452 cert->afterDateSz = 0;
wolfSSL 16:8e0d178b1d1e 36453 }
wolfSSL 16:8e0d178b1d1e 36454
wolfSSL 16:8e0d178b1d1e 36455 cert->altNamesSz = FlattenAltNames(cert->altNames,
wolfSSL 16:8e0d178b1d1e 36456 sizeof(cert->altNames), x509->altNames);
wolfSSL 16:8e0d178b1d1e 36457
wolfSSL 16:8e0d178b1d1e 36458 #endif /* WOLFSSL_ALT_NAMES */
wolfSSL 16:8e0d178b1d1e 36459
wolfSSL 16:8e0d178b1d1e 36460 cert->sigType = wolfSSL_X509_get_signature_type(x509);
wolfSSL 16:8e0d178b1d1e 36461 cert->keyType = x509->pubKeyOID;
wolfSSL 16:8e0d178b1d1e 36462 cert->isCA = wolfSSL_X509_get_isCA(x509);
wolfSSL 16:8e0d178b1d1e 36463
wolfSSL 16:8e0d178b1d1e 36464 #ifdef WOLFSSL_CERT_EXT
wolfSSL 16:8e0d178b1d1e 36465 if (x509->subjKeyIdSz < CTC_MAX_SKID_SIZE) {
wolfSSL 16:8e0d178b1d1e 36466 XMEMCPY(cert->skid, x509->subjKeyId, x509->subjKeyIdSz);
wolfSSL 16:8e0d178b1d1e 36467 cert->skidSz = (int)x509->subjKeyIdSz;
wolfSSL 16:8e0d178b1d1e 36468 }
wolfSSL 16:8e0d178b1d1e 36469 else {
wolfSSL 16:8e0d178b1d1e 36470 WOLFSSL_MSG("Subject Key ID too large");
wolfSSL 16:8e0d178b1d1e 36471 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 36472 }
wolfSSL 16:8e0d178b1d1e 36473
wolfSSL 16:8e0d178b1d1e 36474 if (x509->authKeyIdSz < CTC_MAX_AKID_SIZE) {
wolfSSL 16:8e0d178b1d1e 36475 XMEMCPY(cert->akid, x509->authKeyId, x509->authKeyIdSz);
wolfSSL 16:8e0d178b1d1e 36476 cert->akidSz = (int)x509->authKeyIdSz;
wolfSSL 16:8e0d178b1d1e 36477 }
wolfSSL 16:8e0d178b1d1e 36478 else {
wolfSSL 16:8e0d178b1d1e 36479 WOLFSSL_MSG("Auth Key ID too large");
wolfSSL 16:8e0d178b1d1e 36480 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 36481 }
wolfSSL 16:8e0d178b1d1e 36482
wolfSSL 16:8e0d178b1d1e 36483 for (i = 0; i < x509->certPoliciesNb; i++) {
wolfSSL 16:8e0d178b1d1e 36484 /* copy the smaller of MAX macros, by default they are currently equal*/
wolfSSL 16:8e0d178b1d1e 36485 if ((int)CTC_MAX_CERTPOL_SZ <= (int)MAX_CERTPOL_SZ) {
wolfSSL 16:8e0d178b1d1e 36486 XMEMCPY(cert->certPolicies[i], x509->certPolicies[i],
wolfSSL 16:8e0d178b1d1e 36487 CTC_MAX_CERTPOL_SZ);
wolfSSL 16:8e0d178b1d1e 36488 }
wolfSSL 16:8e0d178b1d1e 36489 else {
wolfSSL 16:8e0d178b1d1e 36490 XMEMCPY(cert->certPolicies[i], x509->certPolicies[i],
wolfSSL 16:8e0d178b1d1e 36491 MAX_CERTPOL_SZ);
wolfSSL 16:8e0d178b1d1e 36492 }
wolfSSL 16:8e0d178b1d1e 36493 }
wolfSSL 16:8e0d178b1d1e 36494 cert->certPoliciesNb = (word16)x509->certPoliciesNb;
wolfSSL 16:8e0d178b1d1e 36495
wolfSSL 16:8e0d178b1d1e 36496 cert->keyUsage = x509->keyUsage;
wolfSSL 16:8e0d178b1d1e 36497 #endif /* WOLFSSL_CERT_EXT */
wolfSSL 16:8e0d178b1d1e 36498
wolfSSL 16:8e0d178b1d1e 36499 #ifdef WOLFSSL_CERT_REQ
wolfSSL 16:8e0d178b1d1e 36500 /* copy over challenge password for REQ certs */
wolfSSL 16:8e0d178b1d1e 36501 XMEMCPY(cert->challengePw, x509->challengePw, CTC_NAME_SIZE);
wolfSSL 16:8e0d178b1d1e 36502 #endif
wolfSSL 16:8e0d178b1d1e 36503
wolfSSL 16:8e0d178b1d1e 36504 if (x509->serialSz <= CTC_SERIAL_SIZE) {
wolfSSL 16:8e0d178b1d1e 36505 XMEMCPY(cert->serial, x509->serial, x509->serialSz);
wolfSSL 16:8e0d178b1d1e 36506 }
wolfSSL 16:8e0d178b1d1e 36507 else {
wolfSSL 16:8e0d178b1d1e 36508 WOLFSSL_MSG("Serial size error");
wolfSSL 16:8e0d178b1d1e 36509 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 36510 }
wolfSSL 16:8e0d178b1d1e 36511
wolfSSL 16:8e0d178b1d1e 36512 /* copy over Name structures */
wolfSSL 16:8e0d178b1d1e 36513 if (x509->issuerSet)
wolfSSL 16:8e0d178b1d1e 36514 cert->selfSigned = 0;
wolfSSL 16:8e0d178b1d1e 36515 if ((ret = CopyX509NameToCertName(&(x509->issuer), &(cert->issuer)))
wolfSSL 16:8e0d178b1d1e 36516 != WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 36517 WOLFSSL_MSG("Error copying over issuer names");
wolfSSL 16:8e0d178b1d1e 36518 WOLFSSL_LEAVE("wolfSSL_X509_to_Cert()", ret);
wolfSSL 16:8e0d178b1d1e 36519 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 36520 }
wolfSSL 16:8e0d178b1d1e 36521 if ((ret = CopyX509NameToCertName(&(x509->subject), &(cert->subject)))
wolfSSL 16:8e0d178b1d1e 36522 != WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 36523 WOLFSSL_MSG("Error copying over subject names");
wolfSSL 16:8e0d178b1d1e 36524 WOLFSSL_LEAVE("wolfSSL_X509_to_Cert()", ret);
wolfSSL 16:8e0d178b1d1e 36525 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 36526 }
wolfSSL 16:8e0d178b1d1e 36527
wolfSSL 16:8e0d178b1d1e 36528 cert->heap = x509->heap;
wolfSSL 16:8e0d178b1d1e 36529
wolfSSL 16:8e0d178b1d1e 36530 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 36531 }
wolfSSL 16:8e0d178b1d1e 36532
wolfSSL 16:8e0d178b1d1e 36533
wolfSSL 16:8e0d178b1d1e 36534 /* returns the sig type to use on success i.e CTC_SHAwRSA and WOLFSSL_FALURE
wolfSSL 16:8e0d178b1d1e 36535 * on fail case */
wolfSSL 16:8e0d178b1d1e 36536 static int wolfSSL_sigTypeFromPKEY(WOLFSSL_EVP_MD* md,
wolfSSL 16:8e0d178b1d1e 36537 WOLFSSL_EVP_PKEY* pkey)
wolfSSL 16:8e0d178b1d1e 36538 {
wolfSSL 16:8e0d178b1d1e 36539 int hashType;
wolfSSL 16:8e0d178b1d1e 36540 int sigType = WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 36541
wolfSSL 16:8e0d178b1d1e 36542 /* Convert key type and hash algorithm to a signature algorithm */
wolfSSL 16:8e0d178b1d1e 36543 if (wolfSSL_EVP_get_hashinfo(md, &hashType, NULL) == WOLFSSL_FAILURE)
wolfSSL 16:8e0d178b1d1e 36544 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 36545
wolfSSL 16:8e0d178b1d1e 36546
wolfSSL 16:8e0d178b1d1e 36547 if (pkey->type == EVP_PKEY_RSA) {
wolfSSL 16:8e0d178b1d1e 36548 switch (hashType) {
wolfSSL 16:8e0d178b1d1e 36549 case WC_HASH_TYPE_SHA:
wolfSSL 16:8e0d178b1d1e 36550 sigType = CTC_SHAwRSA;
wolfSSL 16:8e0d178b1d1e 36551 break;
wolfSSL 16:8e0d178b1d1e 36552 case WC_HASH_TYPE_SHA224:
wolfSSL 16:8e0d178b1d1e 36553 sigType = CTC_SHA224wRSA;
wolfSSL 16:8e0d178b1d1e 36554 break;
wolfSSL 16:8e0d178b1d1e 36555 case WC_HASH_TYPE_SHA256:
wolfSSL 16:8e0d178b1d1e 36556 sigType = CTC_SHA256wRSA;
wolfSSL 16:8e0d178b1d1e 36557 break;
wolfSSL 16:8e0d178b1d1e 36558 case WC_HASH_TYPE_SHA384:
wolfSSL 16:8e0d178b1d1e 36559 sigType = CTC_SHA384wRSA;
wolfSSL 16:8e0d178b1d1e 36560 break;
wolfSSL 16:8e0d178b1d1e 36561 case WC_HASH_TYPE_SHA512:
wolfSSL 16:8e0d178b1d1e 36562 sigType = CTC_SHA512wRSA;
wolfSSL 16:8e0d178b1d1e 36563 break;
wolfSSL 16:8e0d178b1d1e 36564 default:
wolfSSL 16:8e0d178b1d1e 36565 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 36566 }
wolfSSL 16:8e0d178b1d1e 36567 }
wolfSSL 16:8e0d178b1d1e 36568 else if (pkey->type == EVP_PKEY_EC) {
wolfSSL 16:8e0d178b1d1e 36569 switch (hashType) {
wolfSSL 16:8e0d178b1d1e 36570 case WC_HASH_TYPE_SHA:
wolfSSL 16:8e0d178b1d1e 36571 sigType = CTC_SHAwECDSA;
wolfSSL 16:8e0d178b1d1e 36572 break;
wolfSSL 16:8e0d178b1d1e 36573 case WC_HASH_TYPE_SHA224:
wolfSSL 16:8e0d178b1d1e 36574 sigType = CTC_SHA224wECDSA;
wolfSSL 16:8e0d178b1d1e 36575 break;
wolfSSL 16:8e0d178b1d1e 36576 case WC_HASH_TYPE_SHA256:
wolfSSL 16:8e0d178b1d1e 36577 sigType = CTC_SHA256wECDSA;
wolfSSL 16:8e0d178b1d1e 36578 break;
wolfSSL 16:8e0d178b1d1e 36579 case WC_HASH_TYPE_SHA384:
wolfSSL 16:8e0d178b1d1e 36580 sigType = CTC_SHA384wECDSA;
wolfSSL 16:8e0d178b1d1e 36581 break;
wolfSSL 16:8e0d178b1d1e 36582 case WC_HASH_TYPE_SHA512:
wolfSSL 16:8e0d178b1d1e 36583 sigType = CTC_SHA512wECDSA;
wolfSSL 16:8e0d178b1d1e 36584 break;
wolfSSL 16:8e0d178b1d1e 36585 default:
wolfSSL 16:8e0d178b1d1e 36586 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 36587 }
wolfSSL 16:8e0d178b1d1e 36588 }
wolfSSL 16:8e0d178b1d1e 36589 else
wolfSSL 16:8e0d178b1d1e 36590 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 36591 return sigType;
wolfSSL 16:8e0d178b1d1e 36592 }
wolfSSL 16:8e0d178b1d1e 36593
wolfSSL 16:8e0d178b1d1e 36594
wolfSSL 16:8e0d178b1d1e 36595 /* generates DER buffer from WOLFSSL_X509
wolfSSL 16:8e0d178b1d1e 36596 * If req == 1 then creates a request DER buffer
wolfSSL 16:8e0d178b1d1e 36597 *
wolfSSL 16:8e0d178b1d1e 36598 * updates derSz with certificate body size on success
wolfSSL 16:8e0d178b1d1e 36599 * return WOLFSSL_SUCCESS on success
wolfSSL 16:8e0d178b1d1e 36600 */
wolfSSL 16:8e0d178b1d1e 36601 static int wolfSSL_X509_make_der(WOLFSSL_X509* x509, int req,
wolfSSL 16:8e0d178b1d1e 36602 unsigned char* der, int* derSz)
wolfSSL 16:8e0d178b1d1e 36603 {
wolfSSL 16:8e0d178b1d1e 36604 int ret;
wolfSSL 16:8e0d178b1d1e 36605 Cert cert;
wolfSSL 16:8e0d178b1d1e 36606 void* key = NULL;
wolfSSL 16:8e0d178b1d1e 36607 int type = -1;
wolfSSL 16:8e0d178b1d1e 36608 #ifndef NO_RSA
wolfSSL 16:8e0d178b1d1e 36609 RsaKey rsa;
wolfSSL 16:8e0d178b1d1e 36610 #endif
wolfSSL 16:8e0d178b1d1e 36611 #ifdef HAVE_ECC
wolfSSL 16:8e0d178b1d1e 36612 ecc_key ecc;
wolfSSL 16:8e0d178b1d1e 36613 #endif
wolfSSL 16:8e0d178b1d1e 36614 WC_RNG rng;
wolfSSL 16:8e0d178b1d1e 36615 word32 idx = 0;
wolfSSL 16:8e0d178b1d1e 36616
wolfSSL 16:8e0d178b1d1e 36617 if (x509 == NULL || der == NULL || derSz == NULL)
wolfSSL 16:8e0d178b1d1e 36618 return BAD_FUNC_ARG;
wolfSSL 16:8e0d178b1d1e 36619
wolfSSL 16:8e0d178b1d1e 36620 #ifndef WOLFSSL_CERT_REQ
wolfSSL 16:8e0d178b1d1e 36621 if (req) {
wolfSSL 16:8e0d178b1d1e 36622 WOLFSSL_MSG("WOLFSSL_CERT_REQ needed for certificate request");
wolfSSL 16:8e0d178b1d1e 36623 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 36624 }
wolfSSL 16:8e0d178b1d1e 36625 #endif
wolfSSL 16:8e0d178b1d1e 36626
wolfSSL 16:8e0d178b1d1e 36627 #ifdef WOLFSSL_CERT_REQ
wolfSSL 16:8e0d178b1d1e 36628 if (req) {
wolfSSL 16:8e0d178b1d1e 36629 if (ReqCertFromX509(&cert, x509) != WOLFSSL_SUCCESS)
wolfSSL 16:8e0d178b1d1e 36630 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 36631 }
wolfSSL 16:8e0d178b1d1e 36632 else
wolfSSL 16:8e0d178b1d1e 36633 #endif
wolfSSL 16:8e0d178b1d1e 36634 {
wolfSSL 16:8e0d178b1d1e 36635 /* Create a Cert that has the certificate fields. */
wolfSSL 16:8e0d178b1d1e 36636 if (CertFromX509(&cert, x509) != WOLFSSL_SUCCESS)
wolfSSL 16:8e0d178b1d1e 36637 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 36638 }
wolfSSL 16:8e0d178b1d1e 36639
wolfSSL 16:8e0d178b1d1e 36640 /* Create a public key object from requests public key. */
wolfSSL 16:8e0d178b1d1e 36641 #ifndef NO_RSA
wolfSSL 16:8e0d178b1d1e 36642 if (x509->pubKeyOID == RSAk) {
wolfSSL 16:8e0d178b1d1e 36643 type = RSA_TYPE;
wolfSSL 16:8e0d178b1d1e 36644 ret = wc_InitRsaKey(&rsa, x509->heap);
wolfSSL 16:8e0d178b1d1e 36645 if (ret != 0)
wolfSSL 16:8e0d178b1d1e 36646 return ret;
wolfSSL 16:8e0d178b1d1e 36647 ret = wc_RsaPublicKeyDecode(x509->pubKey.buffer, &idx, &rsa,
wolfSSL 16:8e0d178b1d1e 36648 x509->pubKey.length);
wolfSSL 16:8e0d178b1d1e 36649 if (ret != 0) {
wolfSSL 16:8e0d178b1d1e 36650 wc_FreeRsaKey(&rsa);
wolfSSL 16:8e0d178b1d1e 36651 return ret;
wolfSSL 16:8e0d178b1d1e 36652 }
wolfSSL 16:8e0d178b1d1e 36653 key = (void*)&rsa;
wolfSSL 16:8e0d178b1d1e 36654 }
wolfSSL 16:8e0d178b1d1e 36655 #endif
wolfSSL 16:8e0d178b1d1e 36656 #ifdef HAVE_ECC
wolfSSL 16:8e0d178b1d1e 36657 if (x509->pubKeyOID == ECDSAk) {
wolfSSL 16:8e0d178b1d1e 36658 type = ECC_TYPE;
wolfSSL 16:8e0d178b1d1e 36659 ret = wc_ecc_init(&ecc);
wolfSSL 16:8e0d178b1d1e 36660 if (ret != 0)
wolfSSL 16:8e0d178b1d1e 36661 return ret;
wolfSSL 16:8e0d178b1d1e 36662 ret = wc_EccPublicKeyDecode(x509->pubKey.buffer, &idx, &ecc,
wolfSSL 16:8e0d178b1d1e 36663 x509->pubKey.length);
wolfSSL 16:8e0d178b1d1e 36664 if (ret != 0) {
wolfSSL 16:8e0d178b1d1e 36665 wc_ecc_free(&ecc);
wolfSSL 16:8e0d178b1d1e 36666 return ret;
wolfSSL 16:8e0d178b1d1e 36667 }
wolfSSL 16:8e0d178b1d1e 36668 key = (void*)&ecc;
wolfSSL 16:8e0d178b1d1e 36669 }
wolfSSL 16:8e0d178b1d1e 36670 #endif
wolfSSL 16:8e0d178b1d1e 36671 if (key == NULL)
wolfSSL 16:8e0d178b1d1e 36672 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 36673
wolfSSL 16:8e0d178b1d1e 36674 /* Make the body of the certificate request. */
wolfSSL 16:8e0d178b1d1e 36675 #ifdef WOLFSSL_CERT_REQ
wolfSSL 16:8e0d178b1d1e 36676 if (req) {
wolfSSL 16:8e0d178b1d1e 36677 ret = wc_MakeCertReq_ex(&cert, der, *derSz, type, key);
wolfSSL 16:8e0d178b1d1e 36678 }
wolfSSL 16:8e0d178b1d1e 36679 else
wolfSSL 16:8e0d178b1d1e 36680 #endif
wolfSSL 16:8e0d178b1d1e 36681 {
wolfSSL 16:8e0d178b1d1e 36682 ret = wc_InitRng(&rng);
wolfSSL 16:8e0d178b1d1e 36683 if (ret != 0)
wolfSSL 16:8e0d178b1d1e 36684 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 36685
wolfSSL 16:8e0d178b1d1e 36686 ret = wc_MakeCert_ex(&cert, der, *derSz, type, key, &rng);
wolfSSL 16:8e0d178b1d1e 36687 wc_FreeRng(&rng);
wolfSSL 16:8e0d178b1d1e 36688 }
wolfSSL 16:8e0d178b1d1e 36689 if (ret < 0) {
wolfSSL 16:8e0d178b1d1e 36690 return ret;
wolfSSL 16:8e0d178b1d1e 36691 }
wolfSSL 16:8e0d178b1d1e 36692
wolfSSL 16:8e0d178b1d1e 36693 /* Dispose of the public key object. */
wolfSSL 16:8e0d178b1d1e 36694 #ifndef NO_RSA
wolfSSL 16:8e0d178b1d1e 36695 if (x509->pubKeyOID == RSAk)
wolfSSL 16:8e0d178b1d1e 36696 wc_FreeRsaKey(&rsa);
wolfSSL 16:8e0d178b1d1e 36697 #endif
wolfSSL 16:8e0d178b1d1e 36698 #ifdef HAVE_ECC
wolfSSL 16:8e0d178b1d1e 36699 if (x509->pubKeyOID == ECDSAk)
wolfSSL 16:8e0d178b1d1e 36700 wc_ecc_free(&ecc);
wolfSSL 16:8e0d178b1d1e 36701 #endif
wolfSSL 16:8e0d178b1d1e 36702 *derSz = ret;
wolfSSL 16:8e0d178b1d1e 36703
wolfSSL 16:8e0d178b1d1e 36704 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 36705 }
wolfSSL 16:8e0d178b1d1e 36706
wolfSSL 16:8e0d178b1d1e 36707
wolfSSL 16:8e0d178b1d1e 36708 /* signs a der buffer for the WOLFSSL_X509 structure using the PKEY and MD
wolfSSL 16:8e0d178b1d1e 36709 * hash passed in
wolfSSL 16:8e0d178b1d1e 36710 *
wolfSSL 16:8e0d178b1d1e 36711 * WARNING: this free's and replaces the existing DER buffer in the
wolfSSL 16:8e0d178b1d1e 36712 * WOLFSSL_X509 with the newly signed buffer.
wolfSSL 16:8e0d178b1d1e 36713 * returns size of signed buffer on success and negative values on fail
wolfSSL 16:8e0d178b1d1e 36714 */
wolfSSL 16:8e0d178b1d1e 36715 static int wolfSSL_X509_resign_cert(WOLFSSL_X509* x509, int req,
wolfSSL 16:8e0d178b1d1e 36716 unsigned char* der, int derSz, int certBodySz, WOLFSSL_EVP_MD* md,
wolfSSL 16:8e0d178b1d1e 36717 WOLFSSL_EVP_PKEY* pkey)
wolfSSL 16:8e0d178b1d1e 36718 {
wolfSSL 16:8e0d178b1d1e 36719 int ret;
wolfSSL 16:8e0d178b1d1e 36720 void* key = NULL;
wolfSSL 16:8e0d178b1d1e 36721 int type = -1;
wolfSSL 16:8e0d178b1d1e 36722 int sigType;
wolfSSL 16:8e0d178b1d1e 36723 WC_RNG rng;
wolfSSL 16:8e0d178b1d1e 36724
wolfSSL 16:8e0d178b1d1e 36725 sigType = wolfSSL_sigTypeFromPKEY(md, pkey);
wolfSSL 16:8e0d178b1d1e 36726 if (sigType == WOLFSSL_FAILURE)
wolfSSL 16:8e0d178b1d1e 36727 return WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 36728
wolfSSL 16:8e0d178b1d1e 36729
wolfSSL 16:8e0d178b1d1e 36730 /* Get the private key object and type from pkey. */
wolfSSL 16:8e0d178b1d1e 36731 #ifndef NO_RSA
wolfSSL 16:8e0d178b1d1e 36732 if (pkey->type == EVP_PKEY_RSA) {
wolfSSL 16:8e0d178b1d1e 36733 type = RSA_TYPE;
wolfSSL 16:8e0d178b1d1e 36734 key = pkey->rsa->internal;
wolfSSL 16:8e0d178b1d1e 36735 }
wolfSSL 16:8e0d178b1d1e 36736 #endif
wolfSSL 16:8e0d178b1d1e 36737 #ifdef HAVE_ECC
wolfSSL 16:8e0d178b1d1e 36738 if (pkey->type == EVP_PKEY_EC) {
wolfSSL 16:8e0d178b1d1e 36739 type = ECC_TYPE;
wolfSSL 16:8e0d178b1d1e 36740 key = pkey->ecc->internal;
wolfSSL 16:8e0d178b1d1e 36741 }
wolfSSL 16:8e0d178b1d1e 36742 #endif
wolfSSL 16:8e0d178b1d1e 36743
wolfSSL 16:8e0d178b1d1e 36744 /* Sign the certificate request body. */
wolfSSL 16:8e0d178b1d1e 36745 ret = wc_InitRng(&rng);
wolfSSL 16:8e0d178b1d1e 36746 if (ret != 0)
wolfSSL 16:8e0d178b1d1e 36747 return ret;
wolfSSL 16:8e0d178b1d1e 36748 ret = wc_SignCert_ex(certBodySz, sigType, der, derSz, type, key, &rng);
wolfSSL 16:8e0d178b1d1e 36749 wc_FreeRng(&rng);
wolfSSL 16:8e0d178b1d1e 36750 if (ret < 0)
wolfSSL 16:8e0d178b1d1e 36751 return ret;
wolfSSL 16:8e0d178b1d1e 36752
wolfSSL 16:8e0d178b1d1e 36753 /* Put in the new certificate encoding into the x509 object. */
wolfSSL 16:8e0d178b1d1e 36754 FreeDer(&x509->derCert);
wolfSSL 16:8e0d178b1d1e 36755 type = CERT_TYPE;
wolfSSL 16:8e0d178b1d1e 36756 #ifdef WOLFSSL_REQ_CERT
wolfSSL 16:8e0d178b1d1e 36757 if (req) {
wolfSSL 16:8e0d178b1d1e 36758 type = CERTREQ_TYPE;
wolfSSL 16:8e0d178b1d1e 36759 }
wolfSSL 16:8e0d178b1d1e 36760 #endif
wolfSSL 16:8e0d178b1d1e 36761
wolfSSL 16:8e0d178b1d1e 36762 if (AllocDer(&x509->derCert, ret, type, NULL) != 0)
wolfSSL 16:8e0d178b1d1e 36763 return WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 36764 XMEMCPY(x509->derCert->buffer, der, ret);
wolfSSL 16:8e0d178b1d1e 36765 x509->derCert->length = ret;
wolfSSL 16:8e0d178b1d1e 36766
wolfSSL 16:8e0d178b1d1e 36767 (void)req;
wolfSSL 16:8e0d178b1d1e 36768 return ret;
wolfSSL 16:8e0d178b1d1e 36769 }
wolfSSL 16:8e0d178b1d1e 36770
wolfSSL 16:8e0d178b1d1e 36771
wolfSSL 16:8e0d178b1d1e 36772 /* returns the size of signature on success */
wolfSSL 16:8e0d178b1d1e 36773 int wolfSSL_X509_sign(WOLFSSL_X509* x509, WOLFSSL_EVP_PKEY* pkey,
wolfSSL 16:8e0d178b1d1e 36774 const WOLFSSL_EVP_MD* md)
wolfSSL 16:8e0d178b1d1e 36775 {
wolfSSL 16:8e0d178b1d1e 36776 int ret;
wolfSSL 16:8e0d178b1d1e 36777 byte der[4096]; /* @TODO dynamic set based on expected cert size */
wolfSSL 16:8e0d178b1d1e 36778 int derSz = sizeof(der);
wolfSSL 16:8e0d178b1d1e 36779
wolfSSL 16:8e0d178b1d1e 36780 WOLFSSL_ENTER("wolfSSL_X509_sign");
wolfSSL 16:8e0d178b1d1e 36781
wolfSSL 16:8e0d178b1d1e 36782 if (x509 == NULL || pkey == NULL || md == NULL)
wolfSSL 16:8e0d178b1d1e 36783 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 36784
wolfSSL 16:8e0d178b1d1e 36785 x509->sigOID = wolfSSL_sigTypeFromPKEY((WOLFSSL_EVP_MD*)md, pkey);
wolfSSL 16:8e0d178b1d1e 36786 if ((ret = wolfSSL_X509_make_der(x509, 0, der, &derSz)) !=
wolfSSL 16:8e0d178b1d1e 36787 WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 36788 WOLFSSL_MSG("Unable to make DER for X509");
wolfSSL 16:8e0d178b1d1e 36789 WOLFSSL_LEAVE("wolfSSL_X509_sign", ret);
wolfSSL 16:8e0d178b1d1e 36790 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 36791 }
wolfSSL 16:8e0d178b1d1e 36792
wolfSSL 16:8e0d178b1d1e 36793 ret = wolfSSL_X509_resign_cert(x509, 0, der, sizeof(der), derSz,
wolfSSL 16:8e0d178b1d1e 36794 (WOLFSSL_EVP_MD*)md, pkey);
wolfSSL 16:8e0d178b1d1e 36795 if (ret <= 0) {
wolfSSL 16:8e0d178b1d1e 36796 WOLFSSL_LEAVE("wolfSSL_X509_sign", ret);
wolfSSL 16:8e0d178b1d1e 36797 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 36798 }
wolfSSL 16:8e0d178b1d1e 36799
wolfSSL 16:8e0d178b1d1e 36800 return ret;
wolfSSL 16:8e0d178b1d1e 36801 }
wolfSSL 16:8e0d178b1d1e 36802
wolfSSL 15:117db924cf7c 36803
wolfSSL 15:117db924cf7c 36804 /* Converts the x509 name structure into DER format.
wolfSSL 15:117db924cf7c 36805 *
wolfSSL 15:117db924cf7c 36806 * out pointer to either a pre setup buffer or a pointer to null for
wolfSSL 15:117db924cf7c 36807 * creating a dynamic buffer. In the case that a pre-existing buffer is
wolfSSL 15:117db924cf7c 36808 * used out will be incremented the size of the DER buffer on success.
wolfSSL 15:117db924cf7c 36809 *
wolfSSL 15:117db924cf7c 36810 * returns the size of the buffer on success, or negative value with failure
wolfSSL 15:117db924cf7c 36811 */
wolfSSL 15:117db924cf7c 36812 int wolfSSL_i2d_X509_NAME(WOLFSSL_X509_NAME* name, unsigned char** out)
wolfSSL 15:117db924cf7c 36813 {
wolfSSL 15:117db924cf7c 36814 CertName cName;
wolfSSL 15:117db924cf7c 36815 unsigned char buf[256]; /* ASN_MAX_NAME */
wolfSSL 15:117db924cf7c 36816 int sz;
wolfSSL 16:8e0d178b1d1e 36817 WOLFSSL_ENTER("wolfSSL_i2d_X509_NAME");
wolfSSL 15:117db924cf7c 36818
wolfSSL 15:117db924cf7c 36819 if (out == NULL || name == NULL) {
wolfSSL 15:117db924cf7c 36820 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 36821 }
wolfSSL 16:8e0d178b1d1e 36822 XMEMSET(&cName, 0, sizeof(CertName));
wolfSSL 15:117db924cf7c 36823
wolfSSL 15:117db924cf7c 36824 if (CopyX509NameToCertName(name, &cName) != SSL_SUCCESS) {
wolfSSL 15:117db924cf7c 36825 WOLFSSL_MSG("Error converting x509 name to internal CertName");
wolfSSL 15:117db924cf7c 36826 return SSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 36827 }
wolfSSL 15:117db924cf7c 36828
wolfSSL 15:117db924cf7c 36829 sz = SetName(buf, sizeof(buf), &cName);
wolfSSL 15:117db924cf7c 36830 if (sz < 0) {
wolfSSL 15:117db924cf7c 36831 return sz;
wolfSSL 15:117db924cf7c 36832 }
wolfSSL 15:117db924cf7c 36833
wolfSSL 15:117db924cf7c 36834 /* using buffer passed in */
wolfSSL 15:117db924cf7c 36835 if (*out != NULL) {
wolfSSL 15:117db924cf7c 36836 XMEMCPY(*out, buf, sz);
wolfSSL 15:117db924cf7c 36837 *out += sz;
wolfSSL 15:117db924cf7c 36838 }
wolfSSL 15:117db924cf7c 36839 else {
wolfSSL 15:117db924cf7c 36840 *out = (unsigned char*)XMALLOC(sz, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL 15:117db924cf7c 36841 if (*out == NULL) {
wolfSSL 15:117db924cf7c 36842 return MEMORY_E;
wolfSSL 15:117db924cf7c 36843 }
wolfSSL 15:117db924cf7c 36844 XMEMCPY(*out, buf, sz);
wolfSSL 15:117db924cf7c 36845 }
wolfSSL 15:117db924cf7c 36846
wolfSSL 15:117db924cf7c 36847 return sz;
wolfSSL 15:117db924cf7c 36848 }
wolfSSL 15:117db924cf7c 36849 #endif /* WOLFSSL_CERT_GEN */
wolfSSL 15:117db924cf7c 36850
wolfSSL 15:117db924cf7c 36851
wolfSSL 15:117db924cf7c 36852 /* Compares the two X509 names. If the size of x is larger then y then a
wolfSSL 15:117db924cf7c 36853 * positive value is returned if x is smaller a negative value is returned.
wolfSSL 16:8e0d178b1d1e 36854 * In the case that the sizes are equal a the value of strcmp between the
wolfSSL 15:117db924cf7c 36855 * two names is returned.
wolfSSL 15:117db924cf7c 36856 *
wolfSSL 16:8e0d178b1d1e 36857 * x First name for comparison
wolfSSL 15:117db924cf7c 36858 * y Second name to compare with x
wolfSSL 15:117db924cf7c 36859 */
wolfSSL 15:117db924cf7c 36860 int wolfSSL_X509_NAME_cmp(const WOLFSSL_X509_NAME* x,
wolfSSL 15:117db924cf7c 36861 const WOLFSSL_X509_NAME* y)
wolfSSL 15:117db924cf7c 36862 {
wolfSSL 16:8e0d178b1d1e 36863 const char* _x;
wolfSSL 16:8e0d178b1d1e 36864 const char* _y;
wolfSSL 16:8e0d178b1d1e 36865 WOLFSSL_ENTER("wolfSSL_X509_NAME_cmp");
wolfSSL 15:117db924cf7c 36866
wolfSSL 15:117db924cf7c 36867 if (x == NULL || y == NULL) {
wolfSSL 15:117db924cf7c 36868 WOLFSSL_MSG("Bad argument passed in");
wolfSSL 15:117db924cf7c 36869 return -2;
wolfSSL 15:117db924cf7c 36870 }
wolfSSL 15:117db924cf7c 36871
wolfSSL 16:8e0d178b1d1e 36872 if (x == y) {
wolfSSL 16:8e0d178b1d1e 36873 return 0; /* match */
wolfSSL 16:8e0d178b1d1e 36874 }
wolfSSL 16:8e0d178b1d1e 36875
wolfSSL 16:8e0d178b1d1e 36876 if (x->sz != y->sz) {
wolfSSL 15:117db924cf7c 36877 return x->sz - y->sz;
wolfSSL 15:117db924cf7c 36878 }
wolfSSL 16:8e0d178b1d1e 36879
wolfSSL 16:8e0d178b1d1e 36880 /*
wolfSSL 16:8e0d178b1d1e 36881 * If the name member is not set or is immediately null terminated then
wolfSSL 16:8e0d178b1d1e 36882 * compare the staticName member
wolfSSL 16:8e0d178b1d1e 36883 */
wolfSSL 16:8e0d178b1d1e 36884 _x = (x->name && *x->name) ? x->name : x->staticName;
wolfSSL 16:8e0d178b1d1e 36885 _y = (y->name && *y->name) ? y->name : y->staticName;
wolfSSL 16:8e0d178b1d1e 36886
wolfSSL 16:8e0d178b1d1e 36887 return XSTRNCMP(_x, _y, x->sz); /* y sz is the same */
wolfSSL 15:117db924cf7c 36888 }
wolfSSL 15:117db924cf7c 36889
wolfSSL 15:117db924cf7c 36890
wolfSSL 15:117db924cf7c 36891 WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 **x,
wolfSSL 15:117db924cf7c 36892 pem_password_cb *cb, void *u)
wolfSSL 15:117db924cf7c 36893 {
wolfSSL 15:117db924cf7c 36894 WOLFSSL_X509* x509 = NULL;
wolfSSL 15:117db924cf7c 36895 #if defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM)
wolfSSL 15:117db924cf7c 36896 unsigned char* pem = NULL;
wolfSSL 15:117db924cf7c 36897 int pemSz;
wolfSSL 15:117db924cf7c 36898 long i = 0, l;
wolfSSL 15:117db924cf7c 36899 const char* footer = NULL;
wolfSSL 15:117db924cf7c 36900
wolfSSL 15:117db924cf7c 36901 WOLFSSL_ENTER("wolfSSL_PEM_read_bio_X509");
wolfSSL 15:117db924cf7c 36902
wolfSSL 15:117db924cf7c 36903 if (bp == NULL) {
wolfSSL 15:117db924cf7c 36904 WOLFSSL_LEAVE("wolfSSL_PEM_read_bio_X509", BAD_FUNC_ARG);
wolfSSL 15:117db924cf7c 36905 return NULL;
wolfSSL 15:117db924cf7c 36906 }
wolfSSL 15:117db924cf7c 36907
wolfSSL 16:8e0d178b1d1e 36908 if ((l = wolfSSL_BIO_get_len(bp)) <= 0) {
wolfSSL 16:8e0d178b1d1e 36909 #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX)
wolfSSL 16:8e0d178b1d1e 36910 /* No certificate in buffer */
wolfSSL 16:8e0d178b1d1e 36911 WOLFSSL_ERROR(ASN_NO_PEM_HEADER);
wolfSSL 16:8e0d178b1d1e 36912 #endif
wolfSSL 16:8e0d178b1d1e 36913 return NULL;
wolfSSL 16:8e0d178b1d1e 36914 }
wolfSSL 15:117db924cf7c 36915
wolfSSL 15:117db924cf7c 36916 pem = (unsigned char*)XMALLOC(l, 0, DYNAMIC_TYPE_PEM);
wolfSSL 15:117db924cf7c 36917 if (pem == NULL)
wolfSSL 15:117db924cf7c 36918 return NULL;
wolfSSL 15:117db924cf7c 36919
wolfSSL 15:117db924cf7c 36920 i = 0;
wolfSSL 15:117db924cf7c 36921 if (wc_PemGetHeaderFooter(CERT_TYPE, NULL, &footer) != 0) {
wolfSSL 15:117db924cf7c 36922 XFREE(pem, 0, DYNAMIC_TYPE_PEM);
wolfSSL 15:117db924cf7c 36923 return NULL;
wolfSSL 15:117db924cf7c 36924 }
wolfSSL 15:117db924cf7c 36925
wolfSSL 15:117db924cf7c 36926 /* TODO: Inefficient
wolfSSL 15:117db924cf7c 36927 * reading in one byte at a time until see "END CERTIFICATE"
wolfSSL 15:117db924cf7c 36928 */
wolfSSL 15:117db924cf7c 36929 while ((l = wolfSSL_BIO_read(bp, (char *)&pem[i], 1)) == 1) {
wolfSSL 15:117db924cf7c 36930 i++;
wolfSSL 15:117db924cf7c 36931 if (i > 26 && XMEMCMP((char *)&pem[i-26], footer, 25) == 0) {
wolfSSL 15:117db924cf7c 36932 if (pem[i-1] == '\r') {
wolfSSL 15:117db924cf7c 36933 /* found \r , Windows line ending is \r\n so try to read one
wolfSSL 15:117db924cf7c 36934 * more byte for \n, ignoring return value */
wolfSSL 15:117db924cf7c 36935 (void)wolfSSL_BIO_read(bp, (char *)&pem[i++], 1);
wolfSSL 15:117db924cf7c 36936 }
wolfSSL 15:117db924cf7c 36937 break;
wolfSSL 15:117db924cf7c 36938 }
wolfSSL 15:117db924cf7c 36939 }
wolfSSL 15:117db924cf7c 36940 #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX)
wolfSSL 15:117db924cf7c 36941 if (l == 0)
wolfSSL 15:117db924cf7c 36942 WOLFSSL_ERROR(ASN_NO_PEM_HEADER);
wolfSSL 15:117db924cf7c 36943 #endif
wolfSSL 15:117db924cf7c 36944 pemSz = (int)i;
wolfSSL 15:117db924cf7c 36945 x509 = wolfSSL_X509_load_certificate_buffer(pem, pemSz,
wolfSSL 15:117db924cf7c 36946 WOLFSSL_FILETYPE_PEM);
wolfSSL 15:117db924cf7c 36947
wolfSSL 15:117db924cf7c 36948 if (x != NULL) {
wolfSSL 15:117db924cf7c 36949 *x = x509;
wolfSSL 15:117db924cf7c 36950 }
wolfSSL 15:117db924cf7c 36951
wolfSSL 15:117db924cf7c 36952 XFREE(pem, NULL, DYNAMIC_TYPE_PEM);
wolfSSL 15:117db924cf7c 36953
wolfSSL 15:117db924cf7c 36954 #endif /* WOLFSSL_PEM_TO_DER || WOLFSSL_DER_TO_PEM */
wolfSSL 15:117db924cf7c 36955 (void)bp;
wolfSSL 15:117db924cf7c 36956 (void)x;
wolfSSL 15:117db924cf7c 36957 (void)cb;
wolfSSL 15:117db924cf7c 36958 (void)u;
wolfSSL 15:117db924cf7c 36959
wolfSSL 15:117db924cf7c 36960 return x509;
wolfSSL 15:117db924cf7c 36961 }
wolfSSL 15:117db924cf7c 36962
wolfSSL 16:8e0d178b1d1e 36963 WOLFSSL_X509_CRL *wolfSSL_PEM_read_bio_X509_CRL(WOLFSSL_BIO *bp,
wolfSSL 16:8e0d178b1d1e 36964 WOLFSSL_X509_CRL **x, pem_password_cb *cb, void *u)
wolfSSL 16:8e0d178b1d1e 36965 {
wolfSSL 16:8e0d178b1d1e 36966 #if defined(WOLFSSL_PEM_TO_DER) && defined(HAVE_CRL)
wolfSSL 15:117db924cf7c 36967 unsigned char* pem = NULL;
wolfSSL 15:117db924cf7c 36968 int pemSz;
wolfSSL 15:117db924cf7c 36969 int derSz;
wolfSSL 16:8e0d178b1d1e 36970 DerBuffer* der = NULL;
wolfSSL 16:8e0d178b1d1e 36971 WOLFSSL_X509_CRL* crl = NULL;
wolfSSL 16:8e0d178b1d1e 36972
wolfSSL 16:8e0d178b1d1e 36973 if ((pemSz = wolfSSL_BIO_get_len(bp)) <= 0) {
wolfSSL 16:8e0d178b1d1e 36974 goto err;
wolfSSL 16:8e0d178b1d1e 36975 }
wolfSSL 16:8e0d178b1d1e 36976
wolfSSL 16:8e0d178b1d1e 36977 pem = (unsigned char*)XMALLOC(pemSz, 0, DYNAMIC_TYPE_PEM);
wolfSSL 16:8e0d178b1d1e 36978 if (pem == NULL) {
wolfSSL 16:8e0d178b1d1e 36979 goto err;
wolfSSL 16:8e0d178b1d1e 36980 }
wolfSSL 16:8e0d178b1d1e 36981
wolfSSL 16:8e0d178b1d1e 36982 if (wolfSSL_BIO_read(bp, pem, pemSz) != pemSz) {
wolfSSL 16:8e0d178b1d1e 36983 goto err;
wolfSSL 16:8e0d178b1d1e 36984 }
wolfSSL 16:8e0d178b1d1e 36985
wolfSSL 16:8e0d178b1d1e 36986 if((PemToDer(pem, pemSz, CRL_TYPE, &der, NULL, NULL, NULL)) < 0) {
wolfSSL 16:8e0d178b1d1e 36987 goto err;
wolfSSL 16:8e0d178b1d1e 36988 }
wolfSSL 16:8e0d178b1d1e 36989 derSz = der->length;
wolfSSL 16:8e0d178b1d1e 36990 if((crl = wolfSSL_d2i_X509_CRL(x, der->buffer, derSz)) == NULL) {
wolfSSL 16:8e0d178b1d1e 36991 goto err;
wolfSSL 16:8e0d178b1d1e 36992 }
wolfSSL 16:8e0d178b1d1e 36993
wolfSSL 16:8e0d178b1d1e 36994 err:
wolfSSL 16:8e0d178b1d1e 36995 if(pem != NULL) {
wolfSSL 16:8e0d178b1d1e 36996 XFREE(pem, 0, DYNAMIC_TYPE_PEM);
wolfSSL 16:8e0d178b1d1e 36997 }
wolfSSL 16:8e0d178b1d1e 36998 if(der != NULL) {
wolfSSL 16:8e0d178b1d1e 36999 FreeDer(&der);
wolfSSL 16:8e0d178b1d1e 37000 }
wolfSSL 16:8e0d178b1d1e 37001
wolfSSL 16:8e0d178b1d1e 37002 (void)cb;
wolfSSL 16:8e0d178b1d1e 37003 (void)u;
wolfSSL 16:8e0d178b1d1e 37004
wolfSSL 16:8e0d178b1d1e 37005 return crl;
wolfSSL 16:8e0d178b1d1e 37006 #else
wolfSSL 16:8e0d178b1d1e 37007 (void)bp;
wolfSSL 16:8e0d178b1d1e 37008 (void)x;
wolfSSL 16:8e0d178b1d1e 37009 (void)cb;
wolfSSL 16:8e0d178b1d1e 37010 (void)u;
wolfSSL 16:8e0d178b1d1e 37011
wolfSSL 16:8e0d178b1d1e 37012 return NULL;
wolfSSL 16:8e0d178b1d1e 37013 #endif
wolfSSL 16:8e0d178b1d1e 37014 }
wolfSSL 16:8e0d178b1d1e 37015
wolfSSL 16:8e0d178b1d1e 37016 #if !defined(NO_FILESYSTEM)
wolfSSL 16:8e0d178b1d1e 37017 static void* wolfSSL_PEM_read_X509_ex(XFILE fp, void **x,
wolfSSL 16:8e0d178b1d1e 37018 pem_password_cb *cb, void *u, int type)
wolfSSL 16:8e0d178b1d1e 37019 {
wolfSSL 16:8e0d178b1d1e 37020 unsigned char* pem = NULL;
wolfSSL 16:8e0d178b1d1e 37021 int pemSz;
wolfSSL 16:8e0d178b1d1e 37022 long i = 0, l;
wolfSSL 16:8e0d178b1d1e 37023 void *newx509;
wolfSSL 16:8e0d178b1d1e 37024 int derSz;
wolfSSL 16:8e0d178b1d1e 37025 DerBuffer* der = NULL;
wolfSSL 16:8e0d178b1d1e 37026
wolfSSL 16:8e0d178b1d1e 37027 WOLFSSL_ENTER("wolfSSL_PEM_read_X509");
wolfSSL 16:8e0d178b1d1e 37028
wolfSSL 16:8e0d178b1d1e 37029 if (fp == XBADFILE) {
wolfSSL 16:8e0d178b1d1e 37030 WOLFSSL_LEAVE("wolfSSL_PEM_read_X509", BAD_FUNC_ARG);
wolfSSL 16:8e0d178b1d1e 37031 return NULL;
wolfSSL 16:8e0d178b1d1e 37032 }
wolfSSL 16:8e0d178b1d1e 37033 /* Read cert from file */
wolfSSL 15:117db924cf7c 37034 i = XFTELL(fp);
wolfSSL 15:117db924cf7c 37035 if (i < 0) {
wolfSSL 16:8e0d178b1d1e 37036 WOLFSSL_LEAVE("wolfSSL_PEM_read_X509", BAD_FUNC_ARG);
wolfSSL 16:8e0d178b1d1e 37037 return NULL;
wolfSSL 16:8e0d178b1d1e 37038 }
wolfSSL 16:8e0d178b1d1e 37039
wolfSSL 16:8e0d178b1d1e 37040 if (XFSEEK(fp, 0, XSEEK_END) != 0)
wolfSSL 15:117db924cf7c 37041 return NULL;
wolfSSL 15:117db924cf7c 37042 l = XFTELL(fp);
wolfSSL 15:117db924cf7c 37043 if (l < 0)
wolfSSL 15:117db924cf7c 37044 return NULL;
wolfSSL 15:117db924cf7c 37045 if (XFSEEK(fp, i, SEEK_SET) != 0)
wolfSSL 15:117db924cf7c 37046 return NULL;
wolfSSL 15:117db924cf7c 37047 pemSz = (int)(l - i);
wolfSSL 16:8e0d178b1d1e 37048
wolfSSL 15:117db924cf7c 37049 /* check calculated length */
wolfSSL 16:8e0d178b1d1e 37050 if (pemSz > MAX_WOLFSSL_FILE_SIZE || pemSz < 0) {
wolfSSL 16:8e0d178b1d1e 37051 WOLFSSL_MSG("PEM_read_X509_ex file size error");
wolfSSL 16:8e0d178b1d1e 37052 return NULL;
wolfSSL 16:8e0d178b1d1e 37053 }
wolfSSL 16:8e0d178b1d1e 37054
wolfSSL 16:8e0d178b1d1e 37055 /* allocate pem buffer */
wolfSSL 16:8e0d178b1d1e 37056 pem = (unsigned char*)XMALLOC(pemSz, NULL, DYNAMIC_TYPE_PEM);
wolfSSL 16:8e0d178b1d1e 37057 if (pem == NULL)
wolfSSL 16:8e0d178b1d1e 37058 return NULL;
wolfSSL 16:8e0d178b1d1e 37059
wolfSSL 16:8e0d178b1d1e 37060 if ((int)XFREAD((char *)pem, 1, pemSz, fp) != pemSz)
wolfSSL 15:117db924cf7c 37061 goto err_exit;
wolfSSL 16:8e0d178b1d1e 37062
wolfSSL 16:8e0d178b1d1e 37063 switch (type) {
wolfSSL 16:8e0d178b1d1e 37064 case CERT_TYPE:
wolfSSL 16:8e0d178b1d1e 37065 newx509 = (void *)wolfSSL_X509_load_certificate_buffer(pem,
wolfSSL 16:8e0d178b1d1e 37066 pemSz, WOLFSSL_FILETYPE_PEM);
wolfSSL 16:8e0d178b1d1e 37067 break;
wolfSSL 16:8e0d178b1d1e 37068
wolfSSL 16:8e0d178b1d1e 37069 #ifdef HAVE_CRL
wolfSSL 16:8e0d178b1d1e 37070 case CRL_TYPE:
wolfSSL 16:8e0d178b1d1e 37071 if ((PemToDer(pem, pemSz, CRL_TYPE, &der, NULL, NULL, NULL)) < 0)
wolfSSL 16:8e0d178b1d1e 37072 goto err_exit;
wolfSSL 16:8e0d178b1d1e 37073 derSz = der->length;
wolfSSL 16:8e0d178b1d1e 37074 newx509 = (void*)wolfSSL_d2i_X509_CRL((WOLFSSL_X509_CRL **)x,
wolfSSL 16:8e0d178b1d1e 37075 (const unsigned char *)der->buffer, derSz);
wolfSSL 16:8e0d178b1d1e 37076 if (newx509 == NULL)
wolfSSL 16:8e0d178b1d1e 37077 goto err_exit;
wolfSSL 16:8e0d178b1d1e 37078 FreeDer(&der);
wolfSSL 16:8e0d178b1d1e 37079 break;
wolfSSL 16:8e0d178b1d1e 37080 #endif
wolfSSL 16:8e0d178b1d1e 37081
wolfSSL 16:8e0d178b1d1e 37082 default:
wolfSSL 16:8e0d178b1d1e 37083 goto err_exit;
wolfSSL 16:8e0d178b1d1e 37084 }
wolfSSL 16:8e0d178b1d1e 37085 if (x != NULL) {
wolfSSL 16:8e0d178b1d1e 37086 *x = newx509;
wolfSSL 16:8e0d178b1d1e 37087 }
wolfSSL 16:8e0d178b1d1e 37088 XFREE(pem, NULL, DYNAMIC_TYPE_PEM);
wolfSSL 16:8e0d178b1d1e 37089 return newx509;
wolfSSL 15:117db924cf7c 37090
wolfSSL 15:117db924cf7c 37091 err_exit:
wolfSSL 16:8e0d178b1d1e 37092 if (pem != NULL)
wolfSSL 16:8e0d178b1d1e 37093 XFREE(pem, NULL, DYNAMIC_TYPE_PEM);
wolfSSL 16:8e0d178b1d1e 37094 if (der != NULL)
wolfSSL 15:117db924cf7c 37095 FreeDer(&der);
wolfSSL 16:8e0d178b1d1e 37096
wolfSSL 16:8e0d178b1d1e 37097 /* unused */
wolfSSL 15:117db924cf7c 37098 (void)cb;
wolfSSL 15:117db924cf7c 37099 (void)u;
wolfSSL 16:8e0d178b1d1e 37100 (void)derSz;
wolfSSL 16:8e0d178b1d1e 37101
wolfSSL 16:8e0d178b1d1e 37102 return NULL;
wolfSSL 16:8e0d178b1d1e 37103 }
wolfSSL 16:8e0d178b1d1e 37104
wolfSSL 16:8e0d178b1d1e 37105 WOLFSSL_API WOLFSSL_X509* wolfSSL_PEM_read_X509(XFILE fp, WOLFSSL_X509 **x,
wolfSSL 16:8e0d178b1d1e 37106 pem_password_cb *cb, void *u)
wolfSSL 16:8e0d178b1d1e 37107 {
wolfSSL 16:8e0d178b1d1e 37108 return (WOLFSSL_X509* )wolfSSL_PEM_read_X509_ex(fp, (void **)x, cb, u, CERT_TYPE);
wolfSSL 16:8e0d178b1d1e 37109 }
wolfSSL 16:8e0d178b1d1e 37110
wolfSSL 16:8e0d178b1d1e 37111 #if defined(HAVE_CRL)
wolfSSL 16:8e0d178b1d1e 37112 WOLFSSL_API WOLFSSL_X509_CRL* wolfSSL_PEM_read_X509_CRL(XFILE fp, WOLFSSL_X509_CRL **crl,
wolfSSL 16:8e0d178b1d1e 37113 pem_password_cb *cb, void *u)
wolfSSL 16:8e0d178b1d1e 37114 {
wolfSSL 16:8e0d178b1d1e 37115 return (WOLFSSL_X509_CRL* )wolfSSL_PEM_read_X509_ex(fp, (void **)crl, cb, u, CRL_TYPE);
wolfSSL 16:8e0d178b1d1e 37116 }
wolfSSL 16:8e0d178b1d1e 37117 #endif
wolfSSL 16:8e0d178b1d1e 37118
wolfSSL 16:8e0d178b1d1e 37119 int wolfSSL_PEM_write_X509(XFILE fp, WOLFSSL_X509* x)
wolfSSL 16:8e0d178b1d1e 37120 {
wolfSSL 16:8e0d178b1d1e 37121 int ret;
wolfSSL 16:8e0d178b1d1e 37122 WOLFSSL_BIO* bio;
wolfSSL 16:8e0d178b1d1e 37123
wolfSSL 16:8e0d178b1d1e 37124 if (x == NULL)
wolfSSL 16:8e0d178b1d1e 37125 return 0;
wolfSSL 16:8e0d178b1d1e 37126
wolfSSL 16:8e0d178b1d1e 37127 bio = wolfSSL_BIO_new(wolfSSL_BIO_s_file());
wolfSSL 16:8e0d178b1d1e 37128 if (bio == NULL)
wolfSSL 16:8e0d178b1d1e 37129 return 0;
wolfSSL 16:8e0d178b1d1e 37130
wolfSSL 16:8e0d178b1d1e 37131 if (wolfSSL_BIO_set_fp(bio, fp, BIO_NOCLOSE) != WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 37132 wolfSSL_BIO_free(bio);
wolfSSL 16:8e0d178b1d1e 37133 bio = NULL;
wolfSSL 16:8e0d178b1d1e 37134 }
wolfSSL 16:8e0d178b1d1e 37135
wolfSSL 16:8e0d178b1d1e 37136 ret = wolfSSL_PEM_write_bio_X509(bio, x);
wolfSSL 16:8e0d178b1d1e 37137
wolfSSL 16:8e0d178b1d1e 37138 if (bio != NULL)
wolfSSL 16:8e0d178b1d1e 37139 wolfSSL_BIO_free(bio);
wolfSSL 16:8e0d178b1d1e 37140
wolfSSL 16:8e0d178b1d1e 37141 return ret;
wolfSSL 16:8e0d178b1d1e 37142 }
wolfSSL 16:8e0d178b1d1e 37143 #endif /* !NO_FILESYSTEM */
wolfSSL 16:8e0d178b1d1e 37144
wolfSSL 16:8e0d178b1d1e 37145 #define PEM_BEGIN "-----BEGIN "
wolfSSL 16:8e0d178b1d1e 37146 #define PEM_BEGIN_SZ 11
wolfSSL 16:8e0d178b1d1e 37147 #define PEM_END "-----END "
wolfSSL 16:8e0d178b1d1e 37148 #define PEM_END_SZ 9
wolfSSL 16:8e0d178b1d1e 37149 #define PEM_HDR_FIN "-----"
wolfSSL 16:8e0d178b1d1e 37150 #define PEM_HDR_FIN_SZ 5
wolfSSL 16:8e0d178b1d1e 37151 #define PEM_HDR_FIN_EOL_NEWLINE "-----\n"
wolfSSL 16:8e0d178b1d1e 37152 #define PEM_HDR_FIN_EOL_NULL_TERM "-----\0"
wolfSSL 16:8e0d178b1d1e 37153 #define PEM_HDR_FIN_EOL_SZ 6
wolfSSL 16:8e0d178b1d1e 37154
wolfSSL 16:8e0d178b1d1e 37155 int wolfSSL_PEM_read_bio(WOLFSSL_BIO* bio, char **name, char **header,
wolfSSL 16:8e0d178b1d1e 37156 unsigned char **data, long *len)
wolfSSL 16:8e0d178b1d1e 37157 {
wolfSSL 16:8e0d178b1d1e 37158 int ret = WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 37159 char pem[256];
wolfSSL 16:8e0d178b1d1e 37160 int pemLen;
wolfSSL 16:8e0d178b1d1e 37161 char* p;
wolfSSL 16:8e0d178b1d1e 37162 char* nameStr = NULL;
wolfSSL 16:8e0d178b1d1e 37163 int nameLen = 0;
wolfSSL 16:8e0d178b1d1e 37164 char* headerStr = NULL;
wolfSSL 16:8e0d178b1d1e 37165 int headerLen;
wolfSSL 16:8e0d178b1d1e 37166 int headerFound = 0;
wolfSSL 16:8e0d178b1d1e 37167 unsigned char* der = NULL;
wolfSSL 16:8e0d178b1d1e 37168 word32 derLen = 0;
wolfSSL 16:8e0d178b1d1e 37169
wolfSSL 16:8e0d178b1d1e 37170 if (bio == NULL || name == NULL || header == NULL || data == NULL ||
wolfSSL 16:8e0d178b1d1e 37171 len == NULL) {
wolfSSL 16:8e0d178b1d1e 37172 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 37173 }
wolfSSL 16:8e0d178b1d1e 37174
wolfSSL 16:8e0d178b1d1e 37175 /* Find header line. */
wolfSSL 16:8e0d178b1d1e 37176 pem[sizeof(pem) - 1] = '\0';
wolfSSL 16:8e0d178b1d1e 37177 while ((pemLen = wolfSSL_BIO_gets(bio, pem, sizeof(pem) - 1)) > 0) {
wolfSSL 16:8e0d178b1d1e 37178 if (XSTRNCMP(pem, PEM_BEGIN, PEM_BEGIN_SZ) == 0)
wolfSSL 16:8e0d178b1d1e 37179 break;
wolfSSL 16:8e0d178b1d1e 37180 }
wolfSSL 16:8e0d178b1d1e 37181 if (pemLen <= 0)
wolfSSL 16:8e0d178b1d1e 37182 ret = WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 37183 /* Have a header line. */
wolfSSL 16:8e0d178b1d1e 37184 if (ret == WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 37185 while (pem[pemLen - 1] == '\r' || pem[pemLen - 1] == '\n')
wolfSSL 16:8e0d178b1d1e 37186 pemLen--;
wolfSSL 16:8e0d178b1d1e 37187 pem[pemLen] = '\0';
wolfSSL 16:8e0d178b1d1e 37188 if (XSTRNCMP(pem + pemLen - PEM_HDR_FIN_SZ, PEM_HDR_FIN,
wolfSSL 16:8e0d178b1d1e 37189 PEM_HDR_FIN_SZ) != 0) {
wolfSSL 16:8e0d178b1d1e 37190 ret = WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 37191 }
wolfSSL 16:8e0d178b1d1e 37192 }
wolfSSL 16:8e0d178b1d1e 37193
wolfSSL 16:8e0d178b1d1e 37194 /* Get out name. */
wolfSSL 16:8e0d178b1d1e 37195 if (ret == WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 37196 nameLen = pemLen - PEM_BEGIN_SZ - PEM_HDR_FIN_SZ;
wolfSSL 16:8e0d178b1d1e 37197 nameStr = (char*)XMALLOC(nameLen + 1, NULL,
wolfSSL 16:8e0d178b1d1e 37198 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 37199 if (nameStr == NULL)
wolfSSL 16:8e0d178b1d1e 37200 ret = WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 37201 }
wolfSSL 16:8e0d178b1d1e 37202 if (ret == WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 37203 XSTRNCPY(nameStr, pem + PEM_BEGIN_SZ, nameLen);
wolfSSL 16:8e0d178b1d1e 37204 nameStr[nameLen] = '\0';
wolfSSL 16:8e0d178b1d1e 37205
wolfSSL 16:8e0d178b1d1e 37206 /* Get header of PEM - encryption header. */
wolfSSL 16:8e0d178b1d1e 37207 headerLen = 0;
wolfSSL 16:8e0d178b1d1e 37208 while ((pemLen = wolfSSL_BIO_gets(bio, pem, sizeof(pem) - 1)) > 0) {
wolfSSL 16:8e0d178b1d1e 37209 while (pemLen > 0 && (pem[pemLen - 1] == '\r' ||
wolfSSL 16:8e0d178b1d1e 37210 pem[pemLen - 1] == '\n')) {
wolfSSL 16:8e0d178b1d1e 37211 pemLen--;
wolfSSL 16:8e0d178b1d1e 37212 }
wolfSSL 16:8e0d178b1d1e 37213 pem[pemLen++] = '\n';
wolfSSL 16:8e0d178b1d1e 37214 pem[pemLen] = '\0';
wolfSSL 16:8e0d178b1d1e 37215
wolfSSL 16:8e0d178b1d1e 37216 /* Header separator is a blank line. */
wolfSSL 16:8e0d178b1d1e 37217 if (pem[0] == '\n') {
wolfSSL 16:8e0d178b1d1e 37218 headerFound = 1;
wolfSSL 16:8e0d178b1d1e 37219 break;
wolfSSL 16:8e0d178b1d1e 37220 }
wolfSSL 16:8e0d178b1d1e 37221
wolfSSL 16:8e0d178b1d1e 37222 /* Didn't find a blank line - no header. */
wolfSSL 16:8e0d178b1d1e 37223 if (XSTRNCMP(pem, PEM_END, PEM_END_SZ) == 0) {
wolfSSL 16:8e0d178b1d1e 37224 der = (unsigned char*)headerStr;
wolfSSL 16:8e0d178b1d1e 37225 derLen = headerLen;
wolfSSL 16:8e0d178b1d1e 37226 /* Empty header - empty string. */
wolfSSL 16:8e0d178b1d1e 37227 headerStr = (char*)XMALLOC(1, NULL,
wolfSSL 16:8e0d178b1d1e 37228 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 37229 if (headerStr == NULL)
wolfSSL 16:8e0d178b1d1e 37230 ret = WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 37231 else
wolfSSL 16:8e0d178b1d1e 37232 headerStr[0] = '\0';
wolfSSL 16:8e0d178b1d1e 37233 break;
wolfSSL 16:8e0d178b1d1e 37234 }
wolfSSL 16:8e0d178b1d1e 37235
wolfSSL 16:8e0d178b1d1e 37236 p = (char*)XREALLOC(headerStr, headerLen + pemLen + 1, NULL,
wolfSSL 16:8e0d178b1d1e 37237 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 37238 if (p == NULL) {
wolfSSL 16:8e0d178b1d1e 37239 ret = WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 37240 break;
wolfSSL 16:8e0d178b1d1e 37241 }
wolfSSL 16:8e0d178b1d1e 37242
wolfSSL 16:8e0d178b1d1e 37243 headerStr = p;
wolfSSL 16:8e0d178b1d1e 37244 XMEMCPY(headerStr + headerLen, pem, pemLen + 1);
wolfSSL 16:8e0d178b1d1e 37245 headerLen += pemLen;
wolfSSL 16:8e0d178b1d1e 37246 }
wolfSSL 16:8e0d178b1d1e 37247 if (pemLen <= 0)
wolfSSL 16:8e0d178b1d1e 37248 ret = WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 37249 }
wolfSSL 16:8e0d178b1d1e 37250
wolfSSL 16:8e0d178b1d1e 37251 /* Get body of PEM - if there was a header */
wolfSSL 16:8e0d178b1d1e 37252 if (ret == WOLFSSL_SUCCESS && headerFound) {
wolfSSL 16:8e0d178b1d1e 37253 derLen = 0;
wolfSSL 16:8e0d178b1d1e 37254 while ((pemLen = wolfSSL_BIO_gets(bio, pem, sizeof(pem) - 1)) > 0) {
wolfSSL 16:8e0d178b1d1e 37255 while (pemLen > 0 && (pem[pemLen - 1] == '\r' ||
wolfSSL 16:8e0d178b1d1e 37256 pem[pemLen - 1] == '\n')) {
wolfSSL 16:8e0d178b1d1e 37257 pemLen--;
wolfSSL 16:8e0d178b1d1e 37258 }
wolfSSL 16:8e0d178b1d1e 37259 pem[pemLen++] = '\n';
wolfSSL 16:8e0d178b1d1e 37260 pem[pemLen] = '\0';
wolfSSL 16:8e0d178b1d1e 37261
wolfSSL 16:8e0d178b1d1e 37262 if (XSTRNCMP(pem, PEM_END, PEM_END_SZ) == 0)
wolfSSL 16:8e0d178b1d1e 37263 break;
wolfSSL 16:8e0d178b1d1e 37264
wolfSSL 16:8e0d178b1d1e 37265 p = (char*)XREALLOC(der, derLen + pemLen + 1, NULL,
wolfSSL 16:8e0d178b1d1e 37266 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 37267 if (p == NULL) {
wolfSSL 16:8e0d178b1d1e 37268 ret = WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 37269 break;
wolfSSL 16:8e0d178b1d1e 37270 }
wolfSSL 16:8e0d178b1d1e 37271
wolfSSL 16:8e0d178b1d1e 37272 der = (unsigned char*)p;
wolfSSL 16:8e0d178b1d1e 37273 XMEMCPY(der + derLen, pem, pemLen + 1);
wolfSSL 16:8e0d178b1d1e 37274 derLen += pemLen;
wolfSSL 16:8e0d178b1d1e 37275 }
wolfSSL 16:8e0d178b1d1e 37276 if (pemLen <= 0)
wolfSSL 16:8e0d178b1d1e 37277 ret = WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 37278 }
wolfSSL 16:8e0d178b1d1e 37279
wolfSSL 16:8e0d178b1d1e 37280 /* Check trailer. */
wolfSSL 16:8e0d178b1d1e 37281 if (ret == WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 37282 if (XSTRNCMP(pem + PEM_END_SZ, nameStr, nameLen) != 0)
wolfSSL 16:8e0d178b1d1e 37283 ret = WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 37284 }
wolfSSL 16:8e0d178b1d1e 37285 if (ret == WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 37286 if (XSTRNCMP(pem + PEM_END_SZ + nameLen,
wolfSSL 16:8e0d178b1d1e 37287 PEM_HDR_FIN_EOL_NEWLINE,
wolfSSL 16:8e0d178b1d1e 37288 PEM_HDR_FIN_EOL_SZ) != 0 &&
wolfSSL 16:8e0d178b1d1e 37289 XSTRNCMP(pem + PEM_END_SZ + nameLen,
wolfSSL 16:8e0d178b1d1e 37290 PEM_HDR_FIN_EOL_NULL_TERM,
wolfSSL 16:8e0d178b1d1e 37291 PEM_HDR_FIN_EOL_SZ) != 0) {
wolfSSL 16:8e0d178b1d1e 37292 ret = WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 37293 }
wolfSSL 16:8e0d178b1d1e 37294 }
wolfSSL 16:8e0d178b1d1e 37295
wolfSSL 16:8e0d178b1d1e 37296 /* Base64 decode body. */
wolfSSL 16:8e0d178b1d1e 37297 if (ret == WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 37298 if (Base64_Decode(der, derLen, der, &derLen) != 0)
wolfSSL 16:8e0d178b1d1e 37299 ret = WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 37300 }
wolfSSL 16:8e0d178b1d1e 37301
wolfSSL 16:8e0d178b1d1e 37302 if (ret == WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 37303 *name = nameStr;
wolfSSL 16:8e0d178b1d1e 37304 *header = headerStr;
wolfSSL 16:8e0d178b1d1e 37305 *data = der;
wolfSSL 16:8e0d178b1d1e 37306 *len = derLen;
wolfSSL 16:8e0d178b1d1e 37307 nameStr = NULL;
wolfSSL 16:8e0d178b1d1e 37308 headerStr = NULL;
wolfSSL 16:8e0d178b1d1e 37309 der = NULL;
wolfSSL 16:8e0d178b1d1e 37310 }
wolfSSL 16:8e0d178b1d1e 37311
wolfSSL 16:8e0d178b1d1e 37312 if (nameStr != NULL)
wolfSSL 16:8e0d178b1d1e 37313 XFREE(nameStr, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 37314 if (headerStr != NULL)
wolfSSL 16:8e0d178b1d1e 37315 XFREE(headerStr, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 37316 if (der != NULL)
wolfSSL 16:8e0d178b1d1e 37317 XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 37318
wolfSSL 16:8e0d178b1d1e 37319 return ret;
wolfSSL 16:8e0d178b1d1e 37320 }
wolfSSL 16:8e0d178b1d1e 37321
wolfSSL 16:8e0d178b1d1e 37322 int wolfSSL_PEM_write_bio(WOLFSSL_BIO* bio, const char *name,
wolfSSL 16:8e0d178b1d1e 37323 const char *header, const unsigned char *data,
wolfSSL 16:8e0d178b1d1e 37324 long len)
wolfSSL 16:8e0d178b1d1e 37325 {
wolfSSL 16:8e0d178b1d1e 37326 int err = 0;
wolfSSL 16:8e0d178b1d1e 37327 int outSz = 0;
wolfSSL 16:8e0d178b1d1e 37328 int nameLen;
wolfSSL 16:8e0d178b1d1e 37329 int headerLen;
wolfSSL 16:8e0d178b1d1e 37330 byte* pem = NULL;
wolfSSL 16:8e0d178b1d1e 37331 word32 pemLen;
wolfSSL 16:8e0d178b1d1e 37332 word32 derLen = (word32)len;
wolfSSL 16:8e0d178b1d1e 37333
wolfSSL 16:8e0d178b1d1e 37334 if (bio == NULL || name == NULL || header == NULL || data == NULL)
wolfSSL 16:8e0d178b1d1e 37335 return 0;
wolfSSL 16:8e0d178b1d1e 37336
wolfSSL 16:8e0d178b1d1e 37337 nameLen = (int)XSTRLEN(name);
wolfSSL 16:8e0d178b1d1e 37338 headerLen = (int)XSTRLEN(header);
wolfSSL 16:8e0d178b1d1e 37339
wolfSSL 16:8e0d178b1d1e 37340 pemLen = (derLen + 2) / 3 * 4;
wolfSSL 16:8e0d178b1d1e 37341 pemLen += (pemLen + 63) / 64;
wolfSSL 16:8e0d178b1d1e 37342
wolfSSL 16:8e0d178b1d1e 37343 pem = (byte*)XMALLOC(pemLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 37344 err = pem == NULL;
wolfSSL 16:8e0d178b1d1e 37345 if (!err)
wolfSSL 16:8e0d178b1d1e 37346 err = Base64_Encode(data, derLen, pem, &pemLen) != 0;
wolfSSL 16:8e0d178b1d1e 37347
wolfSSL 16:8e0d178b1d1e 37348 if (!err) {
wolfSSL 16:8e0d178b1d1e 37349 err = wolfSSL_BIO_write(bio, PEM_BEGIN, PEM_BEGIN_SZ) !=
wolfSSL 16:8e0d178b1d1e 37350 (int)PEM_BEGIN_SZ;
wolfSSL 16:8e0d178b1d1e 37351 }
wolfSSL 16:8e0d178b1d1e 37352 if (!err)
wolfSSL 16:8e0d178b1d1e 37353 err = wolfSSL_BIO_write(bio, name, nameLen) != nameLen;
wolfSSL 16:8e0d178b1d1e 37354 if (!err) {
wolfSSL 16:8e0d178b1d1e 37355 err = wolfSSL_BIO_write(bio, PEM_HDR_FIN_EOL_NEWLINE,
wolfSSL 16:8e0d178b1d1e 37356 PEM_HDR_FIN_EOL_SZ) != (int)PEM_HDR_FIN_EOL_SZ;
wolfSSL 16:8e0d178b1d1e 37357 }
wolfSSL 16:8e0d178b1d1e 37358 if (!err && headerLen > 0) {
wolfSSL 16:8e0d178b1d1e 37359 err = wolfSSL_BIO_write(bio, header, headerLen) != headerLen;
wolfSSL 16:8e0d178b1d1e 37360 /* Blank line after a header and before body. */
wolfSSL 16:8e0d178b1d1e 37361 if (!err)
wolfSSL 16:8e0d178b1d1e 37362 err = wolfSSL_BIO_write(bio, "\n", 1) != 1;
wolfSSL 16:8e0d178b1d1e 37363 headerLen++;
wolfSSL 16:8e0d178b1d1e 37364 }
wolfSSL 16:8e0d178b1d1e 37365 if (!err)
wolfSSL 16:8e0d178b1d1e 37366 err = wolfSSL_BIO_write(bio, pem, pemLen) != (int)pemLen;
wolfSSL 16:8e0d178b1d1e 37367 if (!err)
wolfSSL 16:8e0d178b1d1e 37368 err = wolfSSL_BIO_write(bio, PEM_END, PEM_END_SZ) !=
wolfSSL 16:8e0d178b1d1e 37369 (int)PEM_END_SZ;
wolfSSL 16:8e0d178b1d1e 37370 if (!err)
wolfSSL 16:8e0d178b1d1e 37371 err = wolfSSL_BIO_write(bio, name, nameLen) != nameLen;
wolfSSL 16:8e0d178b1d1e 37372 if (!err) {
wolfSSL 16:8e0d178b1d1e 37373 err = wolfSSL_BIO_write(bio, PEM_HDR_FIN_EOL_NEWLINE,
wolfSSL 16:8e0d178b1d1e 37374 PEM_HDR_FIN_EOL_SZ) != (int)PEM_HDR_FIN_EOL_SZ;
wolfSSL 16:8e0d178b1d1e 37375 }
wolfSSL 16:8e0d178b1d1e 37376
wolfSSL 16:8e0d178b1d1e 37377 if (!err) {
wolfSSL 16:8e0d178b1d1e 37378 outSz = PEM_BEGIN_SZ + nameLen + PEM_HDR_FIN_EOL_SZ + headerLen +
wolfSSL 16:8e0d178b1d1e 37379 pemLen + PEM_END_SZ + nameLen + PEM_HDR_FIN_EOL_SZ;
wolfSSL 16:8e0d178b1d1e 37380 }
wolfSSL 16:8e0d178b1d1e 37381
wolfSSL 16:8e0d178b1d1e 37382 if (pem != NULL)
wolfSSL 16:8e0d178b1d1e 37383 XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 37384
wolfSSL 16:8e0d178b1d1e 37385 return outSz;
wolfSSL 16:8e0d178b1d1e 37386 }
wolfSSL 16:8e0d178b1d1e 37387
wolfSSL 16:8e0d178b1d1e 37388 #if !defined(NO_FILESYSTEM)
wolfSSL 16:8e0d178b1d1e 37389 int wolfSSL_PEM_read(XFILE fp, char **name, char **header,
wolfSSL 16:8e0d178b1d1e 37390 unsigned char **data, long *len)
wolfSSL 16:8e0d178b1d1e 37391 {
wolfSSL 16:8e0d178b1d1e 37392 int ret;
wolfSSL 16:8e0d178b1d1e 37393 WOLFSSL_BIO* bio;
wolfSSL 16:8e0d178b1d1e 37394
wolfSSL 16:8e0d178b1d1e 37395 if (name == NULL || header == NULL || data == NULL || len == NULL)
wolfSSL 16:8e0d178b1d1e 37396 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 37397
wolfSSL 16:8e0d178b1d1e 37398 bio = wolfSSL_BIO_new(wolfSSL_BIO_s_file());
wolfSSL 16:8e0d178b1d1e 37399 if (bio == NULL)
wolfSSL 16:8e0d178b1d1e 37400 return 0;
wolfSSL 16:8e0d178b1d1e 37401
wolfSSL 16:8e0d178b1d1e 37402 if (wolfSSL_BIO_set_fp(bio, fp, BIO_NOCLOSE) != WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 37403 wolfSSL_BIO_free(bio);
wolfSSL 16:8e0d178b1d1e 37404 bio = NULL;
wolfSSL 16:8e0d178b1d1e 37405 }
wolfSSL 16:8e0d178b1d1e 37406
wolfSSL 16:8e0d178b1d1e 37407 ret = wolfSSL_PEM_read_bio(bio, name, header, data, len);
wolfSSL 16:8e0d178b1d1e 37408
wolfSSL 16:8e0d178b1d1e 37409 if (bio != NULL)
wolfSSL 16:8e0d178b1d1e 37410 wolfSSL_BIO_free(bio);
wolfSSL 16:8e0d178b1d1e 37411
wolfSSL 16:8e0d178b1d1e 37412 return ret;
wolfSSL 16:8e0d178b1d1e 37413 }
wolfSSL 16:8e0d178b1d1e 37414
wolfSSL 16:8e0d178b1d1e 37415 int wolfSSL_PEM_write(XFILE fp, const char *name, const char *header,
wolfSSL 16:8e0d178b1d1e 37416 const unsigned char *data, long len)
wolfSSL 16:8e0d178b1d1e 37417 {
wolfSSL 16:8e0d178b1d1e 37418 int ret;
wolfSSL 16:8e0d178b1d1e 37419 WOLFSSL_BIO* bio;
wolfSSL 16:8e0d178b1d1e 37420
wolfSSL 16:8e0d178b1d1e 37421 if (name == NULL || header == NULL || data == NULL)
wolfSSL 16:8e0d178b1d1e 37422 return 0;
wolfSSL 16:8e0d178b1d1e 37423
wolfSSL 16:8e0d178b1d1e 37424 bio = wolfSSL_BIO_new(wolfSSL_BIO_s_file());
wolfSSL 16:8e0d178b1d1e 37425 if (bio == NULL)
wolfSSL 16:8e0d178b1d1e 37426 return 0;
wolfSSL 16:8e0d178b1d1e 37427
wolfSSL 16:8e0d178b1d1e 37428 if (wolfSSL_BIO_set_fp(bio, fp, BIO_NOCLOSE) != WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 37429 wolfSSL_BIO_free(bio);
wolfSSL 16:8e0d178b1d1e 37430 bio = NULL;
wolfSSL 16:8e0d178b1d1e 37431 }
wolfSSL 16:8e0d178b1d1e 37432
wolfSSL 16:8e0d178b1d1e 37433 ret = wolfSSL_PEM_write_bio(bio, name, header, data, len);
wolfSSL 16:8e0d178b1d1e 37434
wolfSSL 16:8e0d178b1d1e 37435 if (bio != NULL)
wolfSSL 16:8e0d178b1d1e 37436 wolfSSL_BIO_free(bio);
wolfSSL 16:8e0d178b1d1e 37437
wolfSSL 16:8e0d178b1d1e 37438 return ret;
wolfSSL 16:8e0d178b1d1e 37439 }
wolfSSL 16:8e0d178b1d1e 37440 #endif
wolfSSL 16:8e0d178b1d1e 37441
wolfSSL 16:8e0d178b1d1e 37442 int wolfSSL_PEM_get_EVP_CIPHER_INFO(char* header, EncryptedInfo* cipher)
wolfSSL 16:8e0d178b1d1e 37443 {
wolfSSL 16:8e0d178b1d1e 37444 if (header == NULL || cipher == NULL)
wolfSSL 16:8e0d178b1d1e 37445 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 37446
wolfSSL 16:8e0d178b1d1e 37447 XMEMSET(cipher, 0, sizeof(*cipher));
wolfSSL 16:8e0d178b1d1e 37448
wolfSSL 16:8e0d178b1d1e 37449 if (wc_EncryptedInfoParse(cipher, &header, XSTRLEN(header)) != 0)
wolfSSL 16:8e0d178b1d1e 37450 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 37451
wolfSSL 16:8e0d178b1d1e 37452 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 37453 }
wolfSSL 16:8e0d178b1d1e 37454
wolfSSL 16:8e0d178b1d1e 37455 int wolfSSL_PEM_do_header(EncryptedInfo* cipher, unsigned char* data,
wolfSSL 16:8e0d178b1d1e 37456 long* len, pem_password_cb* callback, void* ctx)
wolfSSL 16:8e0d178b1d1e 37457 {
wolfSSL 16:8e0d178b1d1e 37458 int ret = WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 37459 char password[NAME_SZ];
wolfSSL 16:8e0d178b1d1e 37460 int passwordSz;
wolfSSL 16:8e0d178b1d1e 37461
wolfSSL 16:8e0d178b1d1e 37462 if (cipher == NULL || data == NULL || len == NULL || callback == NULL)
wolfSSL 16:8e0d178b1d1e 37463 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 37464
wolfSSL 16:8e0d178b1d1e 37465 passwordSz = callback(password, sizeof(password), PEM_PASS_READ, ctx);
wolfSSL 16:8e0d178b1d1e 37466 if (passwordSz < 0)
wolfSSL 16:8e0d178b1d1e 37467 ret = WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 37468
wolfSSL 16:8e0d178b1d1e 37469 if (ret == WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 37470 if (wc_BufferKeyDecrypt(cipher, data, (word32)*len, (byte*)password,
wolfSSL 16:8e0d178b1d1e 37471 passwordSz, WC_MD5) != 0) {
wolfSSL 16:8e0d178b1d1e 37472 ret = WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 37473 }
wolfSSL 16:8e0d178b1d1e 37474 }
wolfSSL 16:8e0d178b1d1e 37475
wolfSSL 16:8e0d178b1d1e 37476 if (passwordSz > 0)
wolfSSL 16:8e0d178b1d1e 37477 XMEMSET(password, 0, passwordSz);
wolfSSL 16:8e0d178b1d1e 37478
wolfSSL 16:8e0d178b1d1e 37479 return ret;
wolfSSL 16:8e0d178b1d1e 37480 }
wolfSSL 15:117db924cf7c 37481
wolfSSL 15:117db924cf7c 37482 /*
wolfSSL 15:117db924cf7c 37483 * bp : bio to read X509 from
wolfSSL 15:117db924cf7c 37484 * x : x509 to write to
wolfSSL 15:117db924cf7c 37485 * cb : password call back for reading PEM
wolfSSL 15:117db924cf7c 37486 * u : password
wolfSSL 15:117db924cf7c 37487 * _AUX is for working with a trusted X509 certificate
wolfSSL 15:117db924cf7c 37488 */
wolfSSL 15:117db924cf7c 37489 WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509_AUX(WOLFSSL_BIO *bp,
wolfSSL 15:117db924cf7c 37490 WOLFSSL_X509 **x, pem_password_cb *cb, void *u) {
wolfSSL 15:117db924cf7c 37491 WOLFSSL_ENTER("wolfSSL_PEM_read_bio_X509");
wolfSSL 15:117db924cf7c 37492
wolfSSL 15:117db924cf7c 37493 /* AUX info is; trusted/rejected uses, friendly name, private key id,
wolfSSL 15:117db924cf7c 37494 * and potentially a stack of "other" info. wolfSSL does not store
wolfSSL 15:117db924cf7c 37495 * friendly name or private key id yet in WOLFSSL_X509 for human
wolfSSL 16:8e0d178b1d1e 37496 * readability and does not support extra trusted/rejected uses for
wolfSSL 15:117db924cf7c 37497 * root CA. */
wolfSSL 15:117db924cf7c 37498 return wolfSSL_PEM_read_bio_X509(bp, x, cb, u);
wolfSSL 15:117db924cf7c 37499 }
wolfSSL 15:117db924cf7c 37500
wolfSSL 16:8e0d178b1d1e 37501
wolfSSL 16:8e0d178b1d1e 37502 #ifdef OPENSSL_ALL
wolfSSL 16:8e0d178b1d1e 37503 /* create and return a new WOLFSSL_X509_PKEY structure or NULL on failure */
wolfSSL 16:8e0d178b1d1e 37504 static WOLFSSL_X509_PKEY* wolfSSL_X509_PKEY_new(void* heap)
wolfSSL 16:8e0d178b1d1e 37505 {
wolfSSL 16:8e0d178b1d1e 37506 WOLFSSL_X509_PKEY* ret;
wolfSSL 16:8e0d178b1d1e 37507
wolfSSL 16:8e0d178b1d1e 37508 ret = (WOLFSSL_X509_PKEY*)XMALLOC(sizeof(WOLFSSL_X509_PKEY), heap,
wolfSSL 16:8e0d178b1d1e 37509 DYNAMIC_TYPE_KEY);
wolfSSL 16:8e0d178b1d1e 37510 if (ret != NULL) {
wolfSSL 16:8e0d178b1d1e 37511 XMEMSET(ret, 0, sizeof(WOLFSSL_X509_PKEY));
wolfSSL 16:8e0d178b1d1e 37512 ret->heap = heap;
wolfSSL 16:8e0d178b1d1e 37513 }
wolfSSL 16:8e0d178b1d1e 37514 return ret;
wolfSSL 16:8e0d178b1d1e 37515 }
wolfSSL 16:8e0d178b1d1e 37516
wolfSSL 16:8e0d178b1d1e 37517
wolfSSL 16:8e0d178b1d1e 37518 /* sets the values of X509_PKEY based on certificate passed in
wolfSSL 16:8e0d178b1d1e 37519 * return WOLFSSL_SUCCESS on success */
wolfSSL 16:8e0d178b1d1e 37520 static int wolfSSL_X509_PKEY_set(WOLFSSL_X509_PKEY* xPkey,
wolfSSL 16:8e0d178b1d1e 37521 WOLFSSL_X509* x509)
wolfSSL 16:8e0d178b1d1e 37522 {
wolfSSL 16:8e0d178b1d1e 37523 if (xPkey == NULL || x509 == NULL) {
wolfSSL 16:8e0d178b1d1e 37524 return BAD_FUNC_ARG;
wolfSSL 16:8e0d178b1d1e 37525 }
wolfSSL 16:8e0d178b1d1e 37526 wolfSSL_EVP_PKEY_free(xPkey->dec_pkey);
wolfSSL 16:8e0d178b1d1e 37527 xPkey->dec_pkey = wolfSSL_X509_get_pubkey(x509);
wolfSSL 16:8e0d178b1d1e 37528 if (xPkey->dec_pkey == NULL) {
wolfSSL 16:8e0d178b1d1e 37529 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 37530 }
wolfSSL 16:8e0d178b1d1e 37531 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 37532 }
wolfSSL 16:8e0d178b1d1e 37533
wolfSSL 16:8e0d178b1d1e 37534
wolfSSL 16:8e0d178b1d1e 37535 /* free up all memory used by "xPkey" passed in */
wolfSSL 16:8e0d178b1d1e 37536 static void wolfSSL_X509_PKEY_free(WOLFSSL_X509_PKEY* xPkey)
wolfSSL 16:8e0d178b1d1e 37537 {
wolfSSL 16:8e0d178b1d1e 37538 if (xPkey != NULL) {
wolfSSL 16:8e0d178b1d1e 37539 wolfSSL_EVP_PKEY_free(xPkey->dec_pkey);
wolfSSL 16:8e0d178b1d1e 37540 }
wolfSSL 16:8e0d178b1d1e 37541 XFREE(xPkey, xPkey->heap, DYNAMIC_TYPE_KEY);
wolfSSL 16:8e0d178b1d1e 37542 }
wolfSSL 16:8e0d178b1d1e 37543
wolfSSL 16:8e0d178b1d1e 37544
wolfSSL 16:8e0d178b1d1e 37545 /* Takes control of x509 on success
wolfSSL 16:8e0d178b1d1e 37546 * helper function to break out code needed to set WOLFSSL_X509_INFO up
wolfSSL 16:8e0d178b1d1e 37547 * free's "info" passed in if is not defaults
wolfSSL 16:8e0d178b1d1e 37548 *
wolfSSL 16:8e0d178b1d1e 37549 * returns WOLFSSL_SUCCESS on success
wolfSSL 16:8e0d178b1d1e 37550 */
wolfSSL 16:8e0d178b1d1e 37551 static int wolfSSL_X509_INFO_set(WOLFSSL_X509_INFO* info,
wolfSSL 16:8e0d178b1d1e 37552 WOLFSSL_X509* x509)
wolfSSL 16:8e0d178b1d1e 37553 {
wolfSSL 16:8e0d178b1d1e 37554 if (info == NULL || x509 == NULL) {
wolfSSL 16:8e0d178b1d1e 37555 return BAD_FUNC_ARG;
wolfSSL 16:8e0d178b1d1e 37556 }
wolfSSL 16:8e0d178b1d1e 37557
wolfSSL 16:8e0d178b1d1e 37558 /* check is fresh "info" passed in, if not free it */
wolfSSL 16:8e0d178b1d1e 37559 if (info->x509 != NULL || info->x_pkey != NULL) {
wolfSSL 16:8e0d178b1d1e 37560 WOLFSSL_X509_INFO* tmp;
wolfSSL 16:8e0d178b1d1e 37561
wolfSSL 16:8e0d178b1d1e 37562 tmp = wolfSSL_X509_INFO_new();
wolfSSL 16:8e0d178b1d1e 37563 if (tmp == NULL) {
wolfSSL 16:8e0d178b1d1e 37564 WOLFSSL_MSG("Unable to create new structure");
wolfSSL 16:8e0d178b1d1e 37565 return MEMORY_E;
wolfSSL 16:8e0d178b1d1e 37566 }
wolfSSL 16:8e0d178b1d1e 37567 wolfSSL_X509_INFO_free(info);
wolfSSL 16:8e0d178b1d1e 37568 info = tmp;
wolfSSL 16:8e0d178b1d1e 37569 }
wolfSSL 16:8e0d178b1d1e 37570
wolfSSL 16:8e0d178b1d1e 37571 info->x509 = x509;
wolfSSL 16:8e0d178b1d1e 37572
wolfSSL 16:8e0d178b1d1e 37573 //@TODO info->num
wolfSSL 16:8e0d178b1d1e 37574 //@TODO info->enc_cipher
wolfSSL 16:8e0d178b1d1e 37575 //@TODO info->enc_len
wolfSSL 16:8e0d178b1d1e 37576 //@TODO info->enc_data
wolfSSL 16:8e0d178b1d1e 37577 //@TODO info->crl
wolfSSL 16:8e0d178b1d1e 37578
wolfSSL 16:8e0d178b1d1e 37579 info->x_pkey = wolfSSL_X509_PKEY_new(x509->heap);
wolfSSL 16:8e0d178b1d1e 37580 return wolfSSL_X509_PKEY_set(info->x_pkey, x509);
wolfSSL 16:8e0d178b1d1e 37581 }
wolfSSL 16:8e0d178b1d1e 37582
wolfSSL 16:8e0d178b1d1e 37583
wolfSSL 16:8e0d178b1d1e 37584 /*
wolfSSL 16:8e0d178b1d1e 37585 * bio WOLFSSL_BIO to read certificates from
wolfSSL 16:8e0d178b1d1e 37586 * sk possible stack to push more X509_INFO structs to. Can be NULL
wolfSSL 16:8e0d178b1d1e 37587 * cb callback password for encrypted PEM certificates
wolfSSL 16:8e0d178b1d1e 37588 * u user input such as password
wolfSSL 16:8e0d178b1d1e 37589 *
wolfSSL 16:8e0d178b1d1e 37590 * returns stack on success and NULL or default stack passed in on fail
wolfSSL 16:8e0d178b1d1e 37591 */
wolfSSL 16:8e0d178b1d1e 37592 WOLF_STACK_OF(WOLFSSL_X509_INFO)* wolfSSL_PEM_X509_INFO_read_bio(
wolfSSL 16:8e0d178b1d1e 37593 WOLFSSL_BIO* bio, WOLF_STACK_OF(WOLFSSL_X509_INFO)* sk,
wolfSSL 16:8e0d178b1d1e 37594 pem_password_cb* cb, void* u)
wolfSSL 16:8e0d178b1d1e 37595 {
wolfSSL 16:8e0d178b1d1e 37596 WOLF_STACK_OF(WOLFSSL_X509_INFO)* localSk;
wolfSSL 16:8e0d178b1d1e 37597 WOLFSSL_X509* x509 = NULL;
wolfSSL 16:8e0d178b1d1e 37598 int ret = WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 37599
wolfSSL 16:8e0d178b1d1e 37600 WOLFSSL_ENTER("wolfSSL_PEM_X509_INFO_read_bio");
wolfSSL 16:8e0d178b1d1e 37601
wolfSSL 16:8e0d178b1d1e 37602 /* attempt to used passed in stack or create a new one */
wolfSSL 16:8e0d178b1d1e 37603 if (sk != NULL) {
wolfSSL 16:8e0d178b1d1e 37604 localSk = sk;
wolfSSL 16:8e0d178b1d1e 37605 }
wolfSSL 16:8e0d178b1d1e 37606 else {
wolfSSL 16:8e0d178b1d1e 37607 localSk = wolfSSL_sk_X509_INFO_new_null();
wolfSSL 16:8e0d178b1d1e 37608 }
wolfSSL 16:8e0d178b1d1e 37609 if (localSk == NULL) {
wolfSSL 16:8e0d178b1d1e 37610 WOLFSSL_LEAVE("wolfSSL_PEM_X509_INFO_read_bio", MEMORY_E);
wolfSSL 16:8e0d178b1d1e 37611 return NULL;
wolfSSL 16:8e0d178b1d1e 37612 }
wolfSSL 16:8e0d178b1d1e 37613
wolfSSL 16:8e0d178b1d1e 37614 /* parse through BIO and push new info's found onto stack */
wolfSSL 16:8e0d178b1d1e 37615 do {
wolfSSL 16:8e0d178b1d1e 37616 x509 = wolfSSL_PEM_read_bio_X509(bio, NULL, cb, u);
wolfSSL 16:8e0d178b1d1e 37617 if (x509 != NULL) {
wolfSSL 16:8e0d178b1d1e 37618 WOLFSSL_X509_INFO* current;
wolfSSL 16:8e0d178b1d1e 37619
wolfSSL 16:8e0d178b1d1e 37620 current = wolfSSL_X509_INFO_new();
wolfSSL 16:8e0d178b1d1e 37621 if (current == NULL) {
wolfSSL 16:8e0d178b1d1e 37622 WOLFSSL_LEAVE("wolfSSL_PEM_X509_INFO_read_bio", MEMORY_E);
wolfSSL 16:8e0d178b1d1e 37623 return NULL;
wolfSSL 16:8e0d178b1d1e 37624 }
wolfSSL 16:8e0d178b1d1e 37625 ret = wolfSSL_X509_INFO_set(current, x509);
wolfSSL 16:8e0d178b1d1e 37626 if (ret != WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 37627 wolfSSL_X509_free(x509);
wolfSSL 16:8e0d178b1d1e 37628 }
wolfSSL 16:8e0d178b1d1e 37629 else {
wolfSSL 16:8e0d178b1d1e 37630 wolfSSL_sk_X509_INFO_push(localSk, current);
wolfSSL 16:8e0d178b1d1e 37631 }
wolfSSL 16:8e0d178b1d1e 37632 }
wolfSSL 16:8e0d178b1d1e 37633 } while (x509 != NULL && ret == WOLFSSL_SUCCESS);
wolfSSL 16:8e0d178b1d1e 37634 WOLFSSL_LEAVE("wolfSSL_PEM_X509_INFO_read_bio", ret);
wolfSSL 16:8e0d178b1d1e 37635 return localSk;
wolfSSL 16:8e0d178b1d1e 37636 }
wolfSSL 16:8e0d178b1d1e 37637 #endif /* OPENSSL_ALL */
wolfSSL 16:8e0d178b1d1e 37638
wolfSSL 15:117db924cf7c 37639 void wolfSSL_X509_NAME_ENTRY_free(WOLFSSL_X509_NAME_ENTRY* ne)
wolfSSL 15:117db924cf7c 37640 {
wolfSSL 16:8e0d178b1d1e 37641 WOLFSSL_ENTER("wolfSSL_X509_NAME_ENTRY_free");
wolfSSL 15:117db924cf7c 37642 if (ne != NULL) {
wolfSSL 15:117db924cf7c 37643 if (ne->value != NULL && ne->value != &(ne->data)) {
wolfSSL 15:117db924cf7c 37644 wolfSSL_ASN1_STRING_free(ne->value);
wolfSSL 15:117db924cf7c 37645 }
wolfSSL 15:117db924cf7c 37646 XFREE(ne, NULL, DYNAMIC_TYPE_NAME_ENTRY);
wolfSSL 15:117db924cf7c 37647 }
wolfSSL 15:117db924cf7c 37648 }
wolfSSL 15:117db924cf7c 37649
wolfSSL 15:117db924cf7c 37650
wolfSSL 15:117db924cf7c 37651 WOLFSSL_X509_NAME_ENTRY* wolfSSL_X509_NAME_ENTRY_new(void)
wolfSSL 15:117db924cf7c 37652 {
wolfSSL 16:8e0d178b1d1e 37653 WOLFSSL_X509_NAME_ENTRY* ne;
wolfSSL 15:117db924cf7c 37654
wolfSSL 15:117db924cf7c 37655 ne = (WOLFSSL_X509_NAME_ENTRY*)XMALLOC(sizeof(WOLFSSL_X509_NAME_ENTRY),
wolfSSL 15:117db924cf7c 37656 NULL, DYNAMIC_TYPE_NAME_ENTRY);
wolfSSL 15:117db924cf7c 37657 if (ne != NULL) {
wolfSSL 15:117db924cf7c 37658 XMEMSET(ne, 0, sizeof(WOLFSSL_X509_NAME_ENTRY));
wolfSSL 15:117db924cf7c 37659 ne->value = &(ne->data);
wolfSSL 15:117db924cf7c 37660 }
wolfSSL 15:117db924cf7c 37661
wolfSSL 15:117db924cf7c 37662 return ne;
wolfSSL 15:117db924cf7c 37663 }
wolfSSL 15:117db924cf7c 37664
wolfSSL 15:117db924cf7c 37665
wolfSSL 16:8e0d178b1d1e 37666 /* Create a new WOLFSSL_X509_NAME_ENTRY structure based on the text passed
wolfSSL 16:8e0d178b1d1e 37667 * in. Returns NULL on failure */
wolfSSL 16:8e0d178b1d1e 37668 WOLFSSL_X509_NAME_ENTRY* wolfSSL_X509_NAME_ENTRY_create_by_txt(
wolfSSL 16:8e0d178b1d1e 37669 WOLFSSL_X509_NAME_ENTRY **neIn, const char *txt, int type,
wolfSSL 16:8e0d178b1d1e 37670 const unsigned char *data, int dataSz)
wolfSSL 16:8e0d178b1d1e 37671 {
wolfSSL 16:8e0d178b1d1e 37672 int nid = -1;
wolfSSL 16:8e0d178b1d1e 37673 WOLFSSL_X509_NAME_ENTRY* ne = NULL;
wolfSSL 16:8e0d178b1d1e 37674
wolfSSL 16:8e0d178b1d1e 37675 WOLFSSL_ENTER("wolfSSL_X509_NAME_ENTRY_create_by_txt()");
wolfSSL 16:8e0d178b1d1e 37676
wolfSSL 16:8e0d178b1d1e 37677 if (txt == NULL) {
wolfSSL 16:8e0d178b1d1e 37678 return NULL;
wolfSSL 16:8e0d178b1d1e 37679 }
wolfSSL 16:8e0d178b1d1e 37680
wolfSSL 16:8e0d178b1d1e 37681 if (neIn != NULL) {
wolfSSL 16:8e0d178b1d1e 37682 ne = *neIn;
wolfSSL 16:8e0d178b1d1e 37683 }
wolfSSL 16:8e0d178b1d1e 37684
wolfSSL 16:8e0d178b1d1e 37685 nid = wolfSSL_OBJ_txt2nid(txt);
wolfSSL 16:8e0d178b1d1e 37686 if (nid == NID_undef) {
wolfSSL 16:8e0d178b1d1e 37687 WOLFSSL_MSG("Unable to find text");
wolfSSL 16:8e0d178b1d1e 37688 ne = NULL;
wolfSSL 16:8e0d178b1d1e 37689 }
wolfSSL 16:8e0d178b1d1e 37690 else {
wolfSSL 16:8e0d178b1d1e 37691 if (ne == NULL) {
wolfSSL 16:8e0d178b1d1e 37692 ne = wolfSSL_X509_NAME_ENTRY_new();
wolfSSL 16:8e0d178b1d1e 37693 if (ne == NULL) {
wolfSSL 16:8e0d178b1d1e 37694 return NULL;
wolfSSL 16:8e0d178b1d1e 37695 }
wolfSSL 16:8e0d178b1d1e 37696 }
wolfSSL 16:8e0d178b1d1e 37697 ne->nid = nid;
wolfSSL 16:8e0d178b1d1e 37698 ne->value = wolfSSL_ASN1_STRING_type_new(type);
wolfSSL 16:8e0d178b1d1e 37699 if (ne->value != NULL) {
wolfSSL 16:8e0d178b1d1e 37700 wolfSSL_ASN1_STRING_set(ne->value, (const void*)data, dataSz);
wolfSSL 16:8e0d178b1d1e 37701 ne->set = 1;
wolfSSL 16:8e0d178b1d1e 37702 }
wolfSSL 16:8e0d178b1d1e 37703 }
wolfSSL 16:8e0d178b1d1e 37704
wolfSSL 16:8e0d178b1d1e 37705 return ne;
wolfSSL 16:8e0d178b1d1e 37706 }
wolfSSL 16:8e0d178b1d1e 37707
wolfSSL 16:8e0d178b1d1e 37708
wolfSSL 15:117db924cf7c 37709 WOLFSSL_X509_NAME_ENTRY* wolfSSL_X509_NAME_ENTRY_create_by_NID(
wolfSSL 15:117db924cf7c 37710 WOLFSSL_X509_NAME_ENTRY** out, int nid, int type,
wolfSSL 16:8e0d178b1d1e 37711 const unsigned char* data, int dataSz)
wolfSSL 16:8e0d178b1d1e 37712 {
wolfSSL 16:8e0d178b1d1e 37713 WOLFSSL_X509_NAME_ENTRY* ne;
wolfSSL 15:117db924cf7c 37714
wolfSSL 15:117db924cf7c 37715 WOLFSSL_ENTER("wolfSSL_X509_NAME_ENTRY_create_by_NID()");
wolfSSL 15:117db924cf7c 37716
wolfSSL 15:117db924cf7c 37717 ne = wolfSSL_X509_NAME_ENTRY_new();
wolfSSL 15:117db924cf7c 37718 if (ne == NULL) {
wolfSSL 15:117db924cf7c 37719 return NULL;
wolfSSL 15:117db924cf7c 37720 }
wolfSSL 15:117db924cf7c 37721
wolfSSL 15:117db924cf7c 37722 ne->nid = nid;
wolfSSL 15:117db924cf7c 37723 ne->value = wolfSSL_ASN1_STRING_type_new(type);
wolfSSL 15:117db924cf7c 37724 wolfSSL_ASN1_STRING_set(ne->value, (const void*)data, dataSz);
wolfSSL 15:117db924cf7c 37725 ne->set = 1;
wolfSSL 15:117db924cf7c 37726
wolfSSL 15:117db924cf7c 37727 if (out != NULL) {
wolfSSL 15:117db924cf7c 37728 *out = ne;
wolfSSL 15:117db924cf7c 37729 }
wolfSSL 15:117db924cf7c 37730
wolfSSL 15:117db924cf7c 37731 return ne;
wolfSSL 15:117db924cf7c 37732 }
wolfSSL 15:117db924cf7c 37733
wolfSSL 16:8e0d178b1d1e 37734 static int RebuildFullNameAdd(DecodedName* dName, char* data)
wolfSSL 16:8e0d178b1d1e 37735 {
wolfSSL 16:8e0d178b1d1e 37736 int totalLen = 0;
wolfSSL 16:8e0d178b1d1e 37737 int i;
wolfSSL 16:8e0d178b1d1e 37738 char* fullName;
wolfSSL 16:8e0d178b1d1e 37739 int idx;
wolfSSL 16:8e0d178b1d1e 37740
wolfSSL 16:8e0d178b1d1e 37741 if (dName->cnLen != 0)
wolfSSL 16:8e0d178b1d1e 37742 totalLen += dName->cnLen + 4;
wolfSSL 16:8e0d178b1d1e 37743 if (dName->snLen != 0)
wolfSSL 16:8e0d178b1d1e 37744 totalLen += dName->snLen + 4;
wolfSSL 16:8e0d178b1d1e 37745 if (dName->cLen != 0)
wolfSSL 16:8e0d178b1d1e 37746 totalLen += dName->cLen + 3;
wolfSSL 16:8e0d178b1d1e 37747 if (dName->lLen != 0)
wolfSSL 16:8e0d178b1d1e 37748 totalLen += dName->lLen + 3;
wolfSSL 16:8e0d178b1d1e 37749 if (dName->stLen != 0)
wolfSSL 16:8e0d178b1d1e 37750 totalLen += dName->stLen + 4;
wolfSSL 16:8e0d178b1d1e 37751 if (dName->oLen != 0)
wolfSSL 16:8e0d178b1d1e 37752 totalLen += dName->oLen + 3;
wolfSSL 16:8e0d178b1d1e 37753 if (dName->ouLen != 0)
wolfSSL 16:8e0d178b1d1e 37754 totalLen += dName->ouLen + 4;
wolfSSL 16:8e0d178b1d1e 37755 if (dName->emailLen != 0)
wolfSSL 16:8e0d178b1d1e 37756 totalLen += dName->emailLen + 14;
wolfSSL 16:8e0d178b1d1e 37757 if (dName->uidLen != 0)
wolfSSL 16:8e0d178b1d1e 37758 totalLen += dName->uidLen + 5;
wolfSSL 16:8e0d178b1d1e 37759 if (dName->serialLen != 0)
wolfSSL 16:8e0d178b1d1e 37760 totalLen += dName->serialLen + 14;
wolfSSL 16:8e0d178b1d1e 37761 if (dName->dcNum != 0) {
wolfSSL 16:8e0d178b1d1e 37762 for (i = 0; i < dName->dcNum; i++)
wolfSSL 16:8e0d178b1d1e 37763 totalLen += dName->dcLen[i] + 4;
wolfSSL 16:8e0d178b1d1e 37764 }
wolfSSL 16:8e0d178b1d1e 37765
wolfSSL 16:8e0d178b1d1e 37766 fullName = (char*)XMALLOC(totalLen + 1, NULL, DYNAMIC_TYPE_X509);
wolfSSL 16:8e0d178b1d1e 37767 if (fullName == NULL)
wolfSSL 16:8e0d178b1d1e 37768 return MEMORY_E;
wolfSSL 16:8e0d178b1d1e 37769
wolfSSL 16:8e0d178b1d1e 37770 idx = 0;
wolfSSL 16:8e0d178b1d1e 37771 dName->entryCount = 0;
wolfSSL 16:8e0d178b1d1e 37772 if (dName->cnLen != 0) {
wolfSSL 16:8e0d178b1d1e 37773 dName->entryCount++;
wolfSSL 16:8e0d178b1d1e 37774 XMEMCPY(fullName + idx, WOLFSSL_COMMON_NAME, 4);
wolfSSL 16:8e0d178b1d1e 37775 idx += 4;
wolfSSL 16:8e0d178b1d1e 37776 if (dName->cnIdx == -1)
wolfSSL 16:8e0d178b1d1e 37777 XMEMCPY(fullName + idx, data, dName->cnLen);
wolfSSL 16:8e0d178b1d1e 37778 else {
wolfSSL 16:8e0d178b1d1e 37779 XMEMCPY(fullName + idx, dName->fullName + dName->cnIdx,
wolfSSL 16:8e0d178b1d1e 37780 dName->cnLen);
wolfSSL 16:8e0d178b1d1e 37781 }
wolfSSL 16:8e0d178b1d1e 37782 dName->cnIdx = idx;
wolfSSL 16:8e0d178b1d1e 37783 idx += dName->cnLen;
wolfSSL 16:8e0d178b1d1e 37784 }
wolfSSL 16:8e0d178b1d1e 37785 if (dName->snLen != 0) {
wolfSSL 16:8e0d178b1d1e 37786 dName->entryCount++;
wolfSSL 16:8e0d178b1d1e 37787 XMEMCPY(fullName + idx, WOLFSSL_SUR_NAME, 4);
wolfSSL 16:8e0d178b1d1e 37788 idx += 4;
wolfSSL 16:8e0d178b1d1e 37789 if (dName->snIdx == -1)
wolfSSL 16:8e0d178b1d1e 37790 XMEMCPY(fullName + idx, data, dName->snLen);
wolfSSL 16:8e0d178b1d1e 37791 else {
wolfSSL 16:8e0d178b1d1e 37792 XMEMCPY(fullName + idx, dName->fullName + dName->snIdx,
wolfSSL 16:8e0d178b1d1e 37793 dName->snLen);
wolfSSL 16:8e0d178b1d1e 37794 }
wolfSSL 16:8e0d178b1d1e 37795 dName->snIdx = idx;
wolfSSL 16:8e0d178b1d1e 37796 idx += dName->snLen;
wolfSSL 16:8e0d178b1d1e 37797 }
wolfSSL 16:8e0d178b1d1e 37798 if (dName->cLen != 0) {
wolfSSL 16:8e0d178b1d1e 37799 dName->entryCount++;
wolfSSL 16:8e0d178b1d1e 37800 XMEMCPY(fullName + idx, WOLFSSL_COUNTRY_NAME, 3);
wolfSSL 16:8e0d178b1d1e 37801 idx += 3;
wolfSSL 16:8e0d178b1d1e 37802 if (dName->cIdx == -1)
wolfSSL 16:8e0d178b1d1e 37803 XMEMCPY(fullName + idx, data, dName->cLen);
wolfSSL 16:8e0d178b1d1e 37804 else {
wolfSSL 16:8e0d178b1d1e 37805 XMEMCPY(fullName + idx, dName->fullName + dName->cIdx,
wolfSSL 16:8e0d178b1d1e 37806 dName->cLen);
wolfSSL 16:8e0d178b1d1e 37807 }
wolfSSL 16:8e0d178b1d1e 37808 dName->cIdx = idx;
wolfSSL 16:8e0d178b1d1e 37809 idx += dName->cLen;
wolfSSL 16:8e0d178b1d1e 37810 }
wolfSSL 16:8e0d178b1d1e 37811 if (dName->lLen != 0) {
wolfSSL 16:8e0d178b1d1e 37812 dName->entryCount++;
wolfSSL 16:8e0d178b1d1e 37813 XMEMCPY(fullName + idx, WOLFSSL_LOCALITY_NAME, 3);
wolfSSL 16:8e0d178b1d1e 37814 idx += 3;
wolfSSL 16:8e0d178b1d1e 37815 if (dName->lIdx == -1)
wolfSSL 16:8e0d178b1d1e 37816 XMEMCPY(fullName + idx, data, dName->lLen);
wolfSSL 16:8e0d178b1d1e 37817 else {
wolfSSL 16:8e0d178b1d1e 37818 XMEMCPY(fullName + idx, dName->fullName + dName->lIdx,
wolfSSL 16:8e0d178b1d1e 37819 dName->lLen);
wolfSSL 16:8e0d178b1d1e 37820 }
wolfSSL 16:8e0d178b1d1e 37821 dName->lIdx = idx;
wolfSSL 16:8e0d178b1d1e 37822 idx += dName->lLen;
wolfSSL 16:8e0d178b1d1e 37823 }
wolfSSL 16:8e0d178b1d1e 37824 if (dName->stLen != 0) {
wolfSSL 16:8e0d178b1d1e 37825 dName->entryCount++;
wolfSSL 16:8e0d178b1d1e 37826 XMEMCPY(fullName + idx, WOLFSSL_STATE_NAME, 4);
wolfSSL 16:8e0d178b1d1e 37827 idx += 4;
wolfSSL 16:8e0d178b1d1e 37828 if (dName->stIdx == -1)
wolfSSL 16:8e0d178b1d1e 37829 XMEMCPY(fullName + idx, data, dName->stLen);
wolfSSL 16:8e0d178b1d1e 37830 else {
wolfSSL 16:8e0d178b1d1e 37831 XMEMCPY(fullName + idx, dName->fullName + dName->stIdx,
wolfSSL 16:8e0d178b1d1e 37832 dName->stLen);
wolfSSL 16:8e0d178b1d1e 37833 }
wolfSSL 16:8e0d178b1d1e 37834 dName->stIdx = idx;
wolfSSL 16:8e0d178b1d1e 37835 idx += dName->stLen;
wolfSSL 16:8e0d178b1d1e 37836 }
wolfSSL 16:8e0d178b1d1e 37837 if (dName->oLen != 0) {
wolfSSL 16:8e0d178b1d1e 37838 dName->entryCount++;
wolfSSL 16:8e0d178b1d1e 37839 XMEMCPY(fullName + idx, WOLFSSL_ORG_NAME, 3);
wolfSSL 16:8e0d178b1d1e 37840 idx += 3;
wolfSSL 16:8e0d178b1d1e 37841 if (dName->oIdx == -1)
wolfSSL 16:8e0d178b1d1e 37842 XMEMCPY(fullName + idx, data, dName->oLen);
wolfSSL 16:8e0d178b1d1e 37843 else {
wolfSSL 16:8e0d178b1d1e 37844 XMEMCPY(fullName + idx, dName->fullName + dName->oIdx,
wolfSSL 16:8e0d178b1d1e 37845 dName->oLen);
wolfSSL 16:8e0d178b1d1e 37846 }
wolfSSL 16:8e0d178b1d1e 37847 dName->oIdx = idx;
wolfSSL 16:8e0d178b1d1e 37848 idx += dName->oLen;
wolfSSL 16:8e0d178b1d1e 37849 }
wolfSSL 16:8e0d178b1d1e 37850 if (dName->ouLen != 0) {
wolfSSL 16:8e0d178b1d1e 37851 dName->entryCount++;
wolfSSL 16:8e0d178b1d1e 37852 XMEMCPY(fullName + idx, WOLFSSL_ORGUNIT_NAME, 4);
wolfSSL 16:8e0d178b1d1e 37853 idx += 4;
wolfSSL 16:8e0d178b1d1e 37854 if (dName->ouIdx == -1)
wolfSSL 16:8e0d178b1d1e 37855 XMEMCPY(fullName + idx, data, dName->ouLen);
wolfSSL 16:8e0d178b1d1e 37856 else {
wolfSSL 16:8e0d178b1d1e 37857 XMEMCPY(fullName + idx, dName->fullName + dName->ouIdx,
wolfSSL 16:8e0d178b1d1e 37858 dName->ouLen);
wolfSSL 16:8e0d178b1d1e 37859 }
wolfSSL 16:8e0d178b1d1e 37860 dName->ouIdx = idx;
wolfSSL 16:8e0d178b1d1e 37861 idx += dName->ouLen;
wolfSSL 16:8e0d178b1d1e 37862 }
wolfSSL 16:8e0d178b1d1e 37863 if (dName->emailLen != 0) {
wolfSSL 16:8e0d178b1d1e 37864 dName->entryCount++;
wolfSSL 16:8e0d178b1d1e 37865 XMEMCPY(fullName + idx, "/emailAddress=", 14);
wolfSSL 16:8e0d178b1d1e 37866 idx += 14;
wolfSSL 16:8e0d178b1d1e 37867 if (dName->emailIdx == -1)
wolfSSL 16:8e0d178b1d1e 37868 XMEMCPY(fullName + idx, data, dName->emailLen);
wolfSSL 16:8e0d178b1d1e 37869 else {
wolfSSL 16:8e0d178b1d1e 37870 XMEMCPY(fullName + idx, dName->fullName + dName->emailIdx,
wolfSSL 16:8e0d178b1d1e 37871 dName->emailLen);
wolfSSL 16:8e0d178b1d1e 37872 }
wolfSSL 16:8e0d178b1d1e 37873 dName->emailIdx = idx;
wolfSSL 16:8e0d178b1d1e 37874 idx += dName->emailLen;
wolfSSL 16:8e0d178b1d1e 37875 }
wolfSSL 16:8e0d178b1d1e 37876 if (dName->dcNum != 0) {
wolfSSL 16:8e0d178b1d1e 37877 for (i = 0; i < dName->dcNum; i++) {
wolfSSL 16:8e0d178b1d1e 37878 dName->entryCount++;
wolfSSL 16:8e0d178b1d1e 37879 XMEMCPY(fullName + idx, WOLFSSL_DOMAIN_COMPONENT, 4);
wolfSSL 16:8e0d178b1d1e 37880 idx += 4;
wolfSSL 16:8e0d178b1d1e 37881 XMEMCPY(fullName + idx, dName->fullName + dName->dcIdx[i],
wolfSSL 16:8e0d178b1d1e 37882 dName->dcLen[i]);
wolfSSL 16:8e0d178b1d1e 37883 dName->dcIdx[i] = idx;
wolfSSL 16:8e0d178b1d1e 37884 idx += dName->dcLen[i];
wolfSSL 16:8e0d178b1d1e 37885 }
wolfSSL 16:8e0d178b1d1e 37886 }
wolfSSL 16:8e0d178b1d1e 37887 if (dName->uidLen != 0) {
wolfSSL 16:8e0d178b1d1e 37888 dName->entryCount++;
wolfSSL 16:8e0d178b1d1e 37889 XMEMCPY(fullName + idx, "/UID=", 5);
wolfSSL 16:8e0d178b1d1e 37890 idx += 5;
wolfSSL 16:8e0d178b1d1e 37891 if (dName->uidIdx == -1)
wolfSSL 16:8e0d178b1d1e 37892 XMEMCPY(fullName + idx, data, dName->uidLen);
wolfSSL 16:8e0d178b1d1e 37893 else {
wolfSSL 16:8e0d178b1d1e 37894 XMEMCPY(fullName + idx, dName->fullName + dName->uidIdx,
wolfSSL 16:8e0d178b1d1e 37895 dName->uidLen);
wolfSSL 16:8e0d178b1d1e 37896 }
wolfSSL 16:8e0d178b1d1e 37897 dName->uidIdx = idx;
wolfSSL 16:8e0d178b1d1e 37898 idx += dName->uidLen;
wolfSSL 16:8e0d178b1d1e 37899 }
wolfSSL 16:8e0d178b1d1e 37900 if (dName->serialLen != 0) {
wolfSSL 16:8e0d178b1d1e 37901 dName->entryCount++;
wolfSSL 16:8e0d178b1d1e 37902 XMEMCPY(fullName + idx, WOLFSSL_SERIAL_NUMBER, 14);
wolfSSL 16:8e0d178b1d1e 37903 idx += 14;
wolfSSL 16:8e0d178b1d1e 37904 if (dName->serialIdx == -1)
wolfSSL 16:8e0d178b1d1e 37905 XMEMCPY(fullName + idx, data, dName->serialLen);
wolfSSL 16:8e0d178b1d1e 37906 else {
wolfSSL 16:8e0d178b1d1e 37907 XMEMCPY(fullName + idx, dName->fullName + dName->serialIdx,
wolfSSL 16:8e0d178b1d1e 37908 dName->serialLen);
wolfSSL 16:8e0d178b1d1e 37909 }
wolfSSL 16:8e0d178b1d1e 37910 dName->serialIdx = idx;
wolfSSL 16:8e0d178b1d1e 37911 idx += dName->serialLen;
wolfSSL 16:8e0d178b1d1e 37912 }
wolfSSL 16:8e0d178b1d1e 37913
wolfSSL 16:8e0d178b1d1e 37914 if (dName->fullName != NULL)
wolfSSL 16:8e0d178b1d1e 37915 XFREE(dName->fullName, NULL, DYNAMIC_TYPE_X509);
wolfSSL 16:8e0d178b1d1e 37916 dName->fullName = fullName;
wolfSSL 16:8e0d178b1d1e 37917 dName->fullNameLen = idx + 1;
wolfSSL 16:8e0d178b1d1e 37918
wolfSSL 16:8e0d178b1d1e 37919 return 0;
wolfSSL 16:8e0d178b1d1e 37920 }
wolfSSL 15:117db924cf7c 37921
wolfSSL 15:117db924cf7c 37922 /* Copies entry into name. With it being copied freeing entry becomes the
wolfSSL 15:117db924cf7c 37923 * callers responsibility.
wolfSSL 15:117db924cf7c 37924 * returns 1 for success and 0 for error */
wolfSSL 15:117db924cf7c 37925 int wolfSSL_X509_NAME_add_entry(WOLFSSL_X509_NAME* name,
wolfSSL 15:117db924cf7c 37926 WOLFSSL_X509_NAME_ENTRY* entry, int idx, int set)
wolfSSL 15:117db924cf7c 37927 {
wolfSSL 15:117db924cf7c 37928 int i;
wolfSSL 16:8e0d178b1d1e 37929 int fullName = 1;
wolfSSL 15:117db924cf7c 37930
wolfSSL 15:117db924cf7c 37931 WOLFSSL_ENTER("wolfSSL_X509_NAME_add_entry()");
wolfSSL 15:117db924cf7c 37932
wolfSSL 16:8e0d178b1d1e 37933 switch (entry->nid) {
wolfSSL 16:8e0d178b1d1e 37934 case ASN_COMMON_NAME:
wolfSSL 16:8e0d178b1d1e 37935 name->fullName.cnIdx = -1;
wolfSSL 16:8e0d178b1d1e 37936 name->fullName.cnLen = entry->value->length;
wolfSSL 16:8e0d178b1d1e 37937 name->fullName.cnNid = entry->nid;
wolfSSL 16:8e0d178b1d1e 37938 break;
wolfSSL 16:8e0d178b1d1e 37939 case ASN_SUR_NAME:
wolfSSL 16:8e0d178b1d1e 37940 name->fullName.snIdx = -1;
wolfSSL 16:8e0d178b1d1e 37941 name->fullName.snLen = entry->value->length;
wolfSSL 16:8e0d178b1d1e 37942 name->fullName.snNid = entry->nid;
wolfSSL 16:8e0d178b1d1e 37943 break;
wolfSSL 16:8e0d178b1d1e 37944 case ASN_SERIAL_NUMBER:
wolfSSL 16:8e0d178b1d1e 37945 name->fullName.serialIdx = -1;
wolfSSL 16:8e0d178b1d1e 37946 name->fullName.serialLen = entry->value->length;
wolfSSL 16:8e0d178b1d1e 37947 name->fullName.serialNid = entry->nid;
wolfSSL 16:8e0d178b1d1e 37948 break;
wolfSSL 16:8e0d178b1d1e 37949 case ASN_COUNTRY_NAME:
wolfSSL 16:8e0d178b1d1e 37950 name->fullName.cIdx = -1;
wolfSSL 16:8e0d178b1d1e 37951 name->fullName.cLen = entry->value->length;
wolfSSL 16:8e0d178b1d1e 37952 name->fullName.cNid = entry->nid;
wolfSSL 16:8e0d178b1d1e 37953 break;
wolfSSL 16:8e0d178b1d1e 37954 case ASN_LOCALITY_NAME:
wolfSSL 16:8e0d178b1d1e 37955 name->fullName.lIdx = -1;
wolfSSL 16:8e0d178b1d1e 37956 name->fullName.lLen = entry->value->length;
wolfSSL 16:8e0d178b1d1e 37957 name->fullName.lNid = entry->nid;
wolfSSL 16:8e0d178b1d1e 37958 break;
wolfSSL 16:8e0d178b1d1e 37959 case ASN_STATE_NAME:
wolfSSL 16:8e0d178b1d1e 37960 name->fullName.stIdx = -1;
wolfSSL 16:8e0d178b1d1e 37961 name->fullName.stLen = entry->value->length;
wolfSSL 16:8e0d178b1d1e 37962 name->fullName.stNid = entry->nid;
wolfSSL 16:8e0d178b1d1e 37963 break;
wolfSSL 16:8e0d178b1d1e 37964 case ASN_ORG_NAME:
wolfSSL 16:8e0d178b1d1e 37965 name->fullName.oIdx = -1;
wolfSSL 16:8e0d178b1d1e 37966 name->fullName.oLen = entry->value->length;
wolfSSL 16:8e0d178b1d1e 37967 name->fullName.oNid = entry->nid;
wolfSSL 16:8e0d178b1d1e 37968 break;
wolfSSL 16:8e0d178b1d1e 37969 case ASN_ORGUNIT_NAME:
wolfSSL 16:8e0d178b1d1e 37970 name->fullName.ouIdx = -1;
wolfSSL 16:8e0d178b1d1e 37971 name->fullName.ouLen = entry->value->length;
wolfSSL 16:8e0d178b1d1e 37972 name->fullName.ouNid = entry->nid;
wolfSSL 16:8e0d178b1d1e 37973 break;
wolfSSL 16:8e0d178b1d1e 37974 case NID_emailAddress:
wolfSSL 16:8e0d178b1d1e 37975 name->fullName.emailIdx = -1;
wolfSSL 16:8e0d178b1d1e 37976 name->fullName.emailLen = entry->value->length;
wolfSSL 16:8e0d178b1d1e 37977 name->fullName.emailNid = entry->nid;
wolfSSL 16:8e0d178b1d1e 37978 break;
wolfSSL 16:8e0d178b1d1e 37979 case ASN_USER_ID:
wolfSSL 16:8e0d178b1d1e 37980 name->fullName.uidIdx = -1;
wolfSSL 16:8e0d178b1d1e 37981 name->fullName.uidLen = entry->value->length;
wolfSSL 16:8e0d178b1d1e 37982 name->fullName.uidNid = entry->nid;
wolfSSL 16:8e0d178b1d1e 37983 break;
wolfSSL 16:8e0d178b1d1e 37984 case ASN_DOMAIN_COMPONENT:
wolfSSL 16:8e0d178b1d1e 37985 name->fullName.dcIdx[0] = -1;
wolfSSL 16:8e0d178b1d1e 37986 name->fullName.dcLen[0] = entry->value->length;
wolfSSL 16:8e0d178b1d1e 37987 break;
wolfSSL 16:8e0d178b1d1e 37988 default:
wolfSSL 16:8e0d178b1d1e 37989 fullName = 0;
wolfSSL 16:8e0d178b1d1e 37990 break;
wolfSSL 16:8e0d178b1d1e 37991 }
wolfSSL 16:8e0d178b1d1e 37992
wolfSSL 16:8e0d178b1d1e 37993 if (fullName) {
wolfSSL 16:8e0d178b1d1e 37994 int nid = entry->nid;
wolfSSL 16:8e0d178b1d1e 37995
wolfSSL 16:8e0d178b1d1e 37996 if (nid == NID_emailAddress) {
wolfSSL 16:8e0d178b1d1e 37997 nid = (int)ASN_EMAIL_NAME;
wolfSSL 16:8e0d178b1d1e 37998 }
wolfSSL 16:8e0d178b1d1e 37999
wolfSSL 16:8e0d178b1d1e 38000 if (idx >= DN_NAMES_MAX + DOMAIN_COMPONENT_MAX) {
wolfSSL 16:8e0d178b1d1e 38001 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 38002 }
wolfSSL 16:8e0d178b1d1e 38003
wolfSSL 16:8e0d178b1d1e 38004 if (idx >= 0) {
wolfSSL 16:8e0d178b1d1e 38005 name->fullName.loc[idx] = nid;
wolfSSL 16:8e0d178b1d1e 38006 if (idx == name->fullName.locSz) {
wolfSSL 16:8e0d178b1d1e 38007 name->fullName.locSz += 1;
wolfSSL 16:8e0d178b1d1e 38008 }
wolfSSL 16:8e0d178b1d1e 38009 }
wolfSSL 16:8e0d178b1d1e 38010
wolfSSL 16:8e0d178b1d1e 38011 /* place at end */
wolfSSL 16:8e0d178b1d1e 38012 if (idx < 0 && name->fullName.locSz + 1
wolfSSL 16:8e0d178b1d1e 38013 < DN_NAMES_MAX + DOMAIN_COMPONENT_MAX) {
wolfSSL 16:8e0d178b1d1e 38014 name->fullName.loc[name->fullName.locSz] = nid;
wolfSSL 16:8e0d178b1d1e 38015 name->fullName.locSz += 1;
wolfSSL 16:8e0d178b1d1e 38016 }
wolfSSL 16:8e0d178b1d1e 38017
wolfSSL 16:8e0d178b1d1e 38018 if (RebuildFullNameAdd(&name->fullName, entry->value->data) != 0)
wolfSSL 16:8e0d178b1d1e 38019 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 38020 }
wolfSSL 16:8e0d178b1d1e 38021 else {
wolfSSL 16:8e0d178b1d1e 38022 for (i = 0; i < MAX_NAME_ENTRIES; i++) {
wolfSSL 16:8e0d178b1d1e 38023 if (name->extra[i].set != 1) { /* not set so overwritten */
wolfSSL 16:8e0d178b1d1e 38024 WOLFSSL_X509_NAME_ENTRY* current = &(name->extra[i]);
wolfSSL 16:8e0d178b1d1e 38025 WOLFSSL_ASN1_STRING* str;
wolfSSL 16:8e0d178b1d1e 38026
wolfSSL 16:8e0d178b1d1e 38027 WOLFSSL_MSG("Found place for name entry");
wolfSSL 16:8e0d178b1d1e 38028
wolfSSL 16:8e0d178b1d1e 38029 XMEMCPY(current, entry, sizeof(WOLFSSL_X509_NAME_ENTRY));
wolfSSL 16:8e0d178b1d1e 38030 str = entry->value;
wolfSSL 16:8e0d178b1d1e 38031 XMEMCPY(&(current->data), str, sizeof(WOLFSSL_ASN1_STRING));
wolfSSL 16:8e0d178b1d1e 38032 current->value = &(current->data);
wolfSSL 16:8e0d178b1d1e 38033 current->data.data = (char*)XMALLOC(str->length,
wolfSSL 16:8e0d178b1d1e 38034 name->x509->heap, DYNAMIC_TYPE_OPENSSL);
wolfSSL 16:8e0d178b1d1e 38035
wolfSSL 16:8e0d178b1d1e 38036 if (current->data.data == NULL) {
wolfSSL 16:8e0d178b1d1e 38037 return SSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 38038 }
wolfSSL 16:8e0d178b1d1e 38039 XMEMCPY(current->data.data, str->data, str->length);
wolfSSL 16:8e0d178b1d1e 38040
wolfSSL 16:8e0d178b1d1e 38041 /* make sure is null terminated */
wolfSSL 16:8e0d178b1d1e 38042 current->data.data[str->length - 1] = '\0';
wolfSSL 16:8e0d178b1d1e 38043
wolfSSL 16:8e0d178b1d1e 38044 current->set = 1; /* make sure now listed as set */
wolfSSL 16:8e0d178b1d1e 38045 break;
wolfSSL 16:8e0d178b1d1e 38046 }
wolfSSL 16:8e0d178b1d1e 38047 }
wolfSSL 16:8e0d178b1d1e 38048
wolfSSL 16:8e0d178b1d1e 38049 if (i == MAX_NAME_ENTRIES) {
wolfSSL 16:8e0d178b1d1e 38050 WOLFSSL_MSG("No spot found for name entry");
wolfSSL 16:8e0d178b1d1e 38051 return SSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 38052 }
wolfSSL 15:117db924cf7c 38053 }
wolfSSL 15:117db924cf7c 38054
wolfSSL 15:117db924cf7c 38055 (void)idx;
wolfSSL 15:117db924cf7c 38056 (void)set;
wolfSSL 15:117db924cf7c 38057 return SSL_SUCCESS;
wolfSSL 15:117db924cf7c 38058 }
wolfSSL 16:8e0d178b1d1e 38059
wolfSSL 16:8e0d178b1d1e 38060 int wolfSSL_X509_NAME_add_entry_by_txt(WOLFSSL_X509_NAME *name,
wolfSSL 16:8e0d178b1d1e 38061 const char *field, int type,
wolfSSL 16:8e0d178b1d1e 38062 const unsigned char *bytes, int len,
wolfSSL 16:8e0d178b1d1e 38063 int loc, int set)
wolfSSL 16:8e0d178b1d1e 38064 {
wolfSSL 16:8e0d178b1d1e 38065 int ret = WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 38066 int nid;
wolfSSL 16:8e0d178b1d1e 38067 WOLFSSL_X509_NAME_ENTRY* entry;
wolfSSL 16:8e0d178b1d1e 38068
wolfSSL 16:8e0d178b1d1e 38069 (void)type;
wolfSSL 16:8e0d178b1d1e 38070 WOLFSSL_ENTER("wolfSSL_X509_NAME_add_entry_by_txt");
wolfSSL 16:8e0d178b1d1e 38071
wolfSSL 16:8e0d178b1d1e 38072 if (name == NULL || field == NULL)
wolfSSL 16:8e0d178b1d1e 38073 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 38074
wolfSSL 16:8e0d178b1d1e 38075 if ((nid = wolfSSL_OBJ_txt2nid(field)) == NID_undef)
wolfSSL 16:8e0d178b1d1e 38076 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 38077
wolfSSL 16:8e0d178b1d1e 38078 entry = wolfSSL_X509_NAME_ENTRY_create_by_NID(NULL,
wolfSSL 16:8e0d178b1d1e 38079 nid, type, (unsigned char*)bytes, len);
wolfSSL 16:8e0d178b1d1e 38080 if (entry == NULL)
wolfSSL 16:8e0d178b1d1e 38081 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 38082
wolfSSL 16:8e0d178b1d1e 38083 ret = wolfSSL_X509_NAME_add_entry(name, entry, loc, set);
wolfSSL 16:8e0d178b1d1e 38084 wolfSSL_X509_NAME_ENTRY_free(entry);
wolfSSL 16:8e0d178b1d1e 38085
wolfSSL 16:8e0d178b1d1e 38086 return ret;
wolfSSL 16:8e0d178b1d1e 38087 }
wolfSSL 16:8e0d178b1d1e 38088
wolfSSL 16:8e0d178b1d1e 38089 int wolfSSL_X509_NAME_add_entry_by_NID(WOLFSSL_X509_NAME *name, int nid,
wolfSSL 16:8e0d178b1d1e 38090 int type, const unsigned char *bytes,
wolfSSL 16:8e0d178b1d1e 38091 int len, int loc, int set)
wolfSSL 16:8e0d178b1d1e 38092 {
wolfSSL 16:8e0d178b1d1e 38093 int ret;
wolfSSL 16:8e0d178b1d1e 38094 WOLFSSL_X509_NAME_ENTRY* entry;
wolfSSL 16:8e0d178b1d1e 38095 entry = wolfSSL_X509_NAME_ENTRY_create_by_NID(NULL, nid, type, bytes, len);
wolfSSL 16:8e0d178b1d1e 38096 if (entry == NULL)
wolfSSL 16:8e0d178b1d1e 38097 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 38098 ret = wolfSSL_X509_NAME_add_entry(name, entry, loc, set);
wolfSSL 16:8e0d178b1d1e 38099 wolfSSL_X509_NAME_ENTRY_free(entry);
wolfSSL 16:8e0d178b1d1e 38100 return ret;
wolfSSL 16:8e0d178b1d1e 38101 }
wolfSSL 16:8e0d178b1d1e 38102 #endif /* !NO_CERTS */
wolfSSL 15:117db924cf7c 38103
wolfSSL 15:117db924cf7c 38104
wolfSSL 15:117db924cf7c 38105 /* NID variables are dependent on compatibility header files currently
wolfSSL 15:117db924cf7c 38106 *
wolfSSL 15:117db924cf7c 38107 * returns a pointer to a new WOLFSSL_ASN1_OBJECT struct on success and NULL
wolfSSL 15:117db924cf7c 38108 * on fail
wolfSSL 15:117db924cf7c 38109 */
wolfSSL 16:8e0d178b1d1e 38110
wolfSSL 15:117db924cf7c 38111 WOLFSSL_ASN1_OBJECT* wolfSSL_OBJ_nid2obj(int id)
wolfSSL 15:117db924cf7c 38112 {
wolfSSL 16:8e0d178b1d1e 38113 return wolfSSL_OBJ_nid2obj_ex(id, NULL);
wolfSSL 16:8e0d178b1d1e 38114 }
wolfSSL 16:8e0d178b1d1e 38115
wolfSSL 16:8e0d178b1d1e 38116
wolfSSL 16:8e0d178b1d1e 38117 WOLFSSL_LOCAL WOLFSSL_ASN1_OBJECT* wolfSSL_OBJ_nid2obj_ex(int id,
wolfSSL 16:8e0d178b1d1e 38118 WOLFSSL_ASN1_OBJECT* arg_obj)
wolfSSL 16:8e0d178b1d1e 38119 {
wolfSSL 15:117db924cf7c 38120 word32 oidSz = 0;
wolfSSL 15:117db924cf7c 38121 const byte* oid;
wolfSSL 15:117db924cf7c 38122 word32 type = 0;
wolfSSL 16:8e0d178b1d1e 38123 WOLFSSL_ASN1_OBJECT* obj = arg_obj;
wolfSSL 15:117db924cf7c 38124 byte objBuf[MAX_OID_SZ + MAX_LENGTH_SZ + 1]; /* +1 for object tag */
wolfSSL 15:117db924cf7c 38125 word32 objSz = 0;
wolfSSL 16:8e0d178b1d1e 38126 const char* sName = NULL;
wolfSSL 16:8e0d178b1d1e 38127 int i;
wolfSSL 15:117db924cf7c 38128
wolfSSL 15:117db924cf7c 38129 WOLFSSL_ENTER("wolfSSL_OBJ_nid2obj()");
wolfSSL 15:117db924cf7c 38130
wolfSSL 16:8e0d178b1d1e 38131 for (i = 0; i < (int)WOLFSSL_OBJECT_INFO_SZ; i++) {
wolfSSL 16:8e0d178b1d1e 38132 if (wolfssl_object_info[i].nid == id) {
wolfSSL 16:8e0d178b1d1e 38133 id = wolfssl_object_info[i].id;
wolfSSL 16:8e0d178b1d1e 38134 sName = wolfssl_object_info[i].sName;
wolfSSL 16:8e0d178b1d1e 38135 type = wolfssl_object_info[i].type;
wolfSSL 16:8e0d178b1d1e 38136 break;
wolfSSL 16:8e0d178b1d1e 38137 }
wolfSSL 16:8e0d178b1d1e 38138 }
wolfSSL 16:8e0d178b1d1e 38139 if (i == (int)WOLFSSL_OBJECT_INFO_SZ) {
wolfSSL 16:8e0d178b1d1e 38140 WOLFSSL_MSG("NID not in table");
wolfSSL 16:8e0d178b1d1e 38141 #ifdef WOLFSSL_QT
wolfSSL 16:8e0d178b1d1e 38142 sName = NULL;
wolfSSL 16:8e0d178b1d1e 38143 type = id;
wolfSSL 16:8e0d178b1d1e 38144 #else
wolfSSL 16:8e0d178b1d1e 38145 return NULL;
wolfSSL 16:8e0d178b1d1e 38146 #endif
wolfSSL 15:117db924cf7c 38147 }
wolfSSL 15:117db924cf7c 38148
wolfSSL 15:117db924cf7c 38149 #ifdef HAVE_ECC
wolfSSL 15:117db924cf7c 38150 if (type == 0 && wc_ecc_get_oid(id, &oid, &oidSz) > 0) {
wolfSSL 15:117db924cf7c 38151 type = oidCurveType;
wolfSSL 15:117db924cf7c 38152 }
wolfSSL 15:117db924cf7c 38153 #endif /* HAVE_ECC */
wolfSSL 15:117db924cf7c 38154
wolfSSL 16:8e0d178b1d1e 38155 if (sName != NULL) {
wolfSSL 16:8e0d178b1d1e 38156 if (XSTRLEN(sName) > WOLFSSL_MAX_SNAME - 1) {
wolfSSL 16:8e0d178b1d1e 38157 WOLFSSL_MSG("Attempted short name is too large");
wolfSSL 16:8e0d178b1d1e 38158 return NULL;
wolfSSL 16:8e0d178b1d1e 38159 }
wolfSSL 15:117db924cf7c 38160 }
wolfSSL 15:117db924cf7c 38161
wolfSSL 15:117db924cf7c 38162 oid = OidFromId(id, type, &oidSz);
wolfSSL 15:117db924cf7c 38163
wolfSSL 15:117db924cf7c 38164 /* set object ID to buffer */
wolfSSL 16:8e0d178b1d1e 38165 if (obj == NULL){
wolfSSL 16:8e0d178b1d1e 38166 obj = wolfSSL_ASN1_OBJECT_new();
wolfSSL 16:8e0d178b1d1e 38167 if (obj == NULL) {
wolfSSL 16:8e0d178b1d1e 38168 WOLFSSL_MSG("Issue creating WOLFSSL_ASN1_OBJECT struct");
wolfSSL 16:8e0d178b1d1e 38169 return NULL;
wolfSSL 16:8e0d178b1d1e 38170 }
wolfSSL 16:8e0d178b1d1e 38171 obj->dynamic |= WOLFSSL_ASN1_DYNAMIC;
wolfSSL 16:8e0d178b1d1e 38172 } else {
wolfSSL 16:8e0d178b1d1e 38173 obj->dynamic &= ~WOLFSSL_ASN1_DYNAMIC;
wolfSSL 15:117db924cf7c 38174 }
wolfSSL 15:117db924cf7c 38175 obj->type = id;
wolfSSL 15:117db924cf7c 38176 obj->grp = type;
wolfSSL 16:8e0d178b1d1e 38177
wolfSSL 16:8e0d178b1d1e 38178 obj->sName[0] = '\0';
wolfSSL 16:8e0d178b1d1e 38179 if (sName != NULL) {
wolfSSL 16:8e0d178b1d1e 38180 XMEMCPY(obj->sName, (char*)sName, XSTRLEN((char*)sName));
wolfSSL 16:8e0d178b1d1e 38181 }
wolfSSL 15:117db924cf7c 38182
wolfSSL 15:117db924cf7c 38183 objBuf[0] = ASN_OBJECT_ID; objSz++;
wolfSSL 15:117db924cf7c 38184 objSz += SetLength(oidSz, objBuf + 1);
wolfSSL 15:117db924cf7c 38185 XMEMCPY(objBuf + objSz, oid, oidSz);
wolfSSL 15:117db924cf7c 38186 objSz += oidSz;
wolfSSL 15:117db924cf7c 38187 obj->objSz = objSz;
wolfSSL 16:8e0d178b1d1e 38188 if(((obj->dynamic & WOLFSSL_ASN1_DYNAMIC_DATA) != 0) ||
wolfSSL 16:8e0d178b1d1e 38189 (obj->obj == NULL)) {
wolfSSL 16:8e0d178b1d1e 38190 obj->obj = (byte*)XREALLOC((byte*)obj->obj, obj->objSz, NULL,
wolfSSL 16:8e0d178b1d1e 38191 DYNAMIC_TYPE_ASN1);
wolfSSL 16:8e0d178b1d1e 38192 if (obj->obj == NULL) {
wolfSSL 16:8e0d178b1d1e 38193 wolfSSL_ASN1_OBJECT_free(obj);
wolfSSL 16:8e0d178b1d1e 38194 return NULL;
wolfSSL 16:8e0d178b1d1e 38195 }
wolfSSL 16:8e0d178b1d1e 38196 obj->dynamic |= WOLFSSL_ASN1_DYNAMIC_DATA ;
wolfSSL 16:8e0d178b1d1e 38197 } else {
wolfSSL 16:8e0d178b1d1e 38198 obj->dynamic &= ~WOLFSSL_ASN1_DYNAMIC_DATA ;
wolfSSL 16:8e0d178b1d1e 38199 }
wolfSSL 16:8e0d178b1d1e 38200 XMEMCPY((byte*)obj->obj, objBuf, obj->objSz);
wolfSSL 15:117db924cf7c 38201
wolfSSL 15:117db924cf7c 38202 (void)type;
wolfSSL 15:117db924cf7c 38203
wolfSSL 15:117db924cf7c 38204 return obj;
wolfSSL 15:117db924cf7c 38205 }
wolfSSL 15:117db924cf7c 38206
wolfSSL 16:8e0d178b1d1e 38207 static const char* oid_translate_num_to_str(const char* oid)
wolfSSL 16:8e0d178b1d1e 38208 {
wolfSSL 16:8e0d178b1d1e 38209 const struct oid_dict {
wolfSSL 16:8e0d178b1d1e 38210 const char* num;
wolfSSL 16:8e0d178b1d1e 38211 const char* desc;
wolfSSL 16:8e0d178b1d1e 38212 } oid_dict[] = {
wolfSSL 16:8e0d178b1d1e 38213 { "2.5.29.37.0", "Any Extended Key Usage" },
wolfSSL 16:8e0d178b1d1e 38214 { "1.3.6.1.5.5.7.3.1", "TLS Web Server Authentication" },
wolfSSL 16:8e0d178b1d1e 38215 { "1.3.6.1.5.5.7.3.2", "TLS Web Client Authentication" },
wolfSSL 16:8e0d178b1d1e 38216 { "1.3.6.1.5.5.7.3.3", "Code Signing" },
wolfSSL 16:8e0d178b1d1e 38217 { "1.3.6.1.5.5.7.3.4", "E-mail Protection" },
wolfSSL 16:8e0d178b1d1e 38218 { "1.3.6.1.5.5.7.3.8", "Time Stamping" },
wolfSSL 16:8e0d178b1d1e 38219 { "1.3.6.1.5.5.7.3.9", "OCSP Signing" },
wolfSSL 16:8e0d178b1d1e 38220 { NULL, NULL }
wolfSSL 16:8e0d178b1d1e 38221 };
wolfSSL 16:8e0d178b1d1e 38222 const struct oid_dict* idx;
wolfSSL 16:8e0d178b1d1e 38223
wolfSSL 16:8e0d178b1d1e 38224 for (idx = oid_dict; idx->num != NULL; idx++) {
wolfSSL 16:8e0d178b1d1e 38225 if (!XSTRNCMP(oid, idx->num, XSTRLEN(idx->num))) {
wolfSSL 16:8e0d178b1d1e 38226 return idx->desc;
wolfSSL 16:8e0d178b1d1e 38227 }
wolfSSL 16:8e0d178b1d1e 38228 }
wolfSSL 16:8e0d178b1d1e 38229 return NULL;
wolfSSL 16:8e0d178b1d1e 38230 }
wolfSSL 15:117db924cf7c 38231
wolfSSL 15:117db924cf7c 38232 /* if no_name is one than use numerical form otherwise can be short name.
wolfSSL 15:117db924cf7c 38233 *
wolfSSL 15:117db924cf7c 38234 * returns the buffer size on success
wolfSSL 15:117db924cf7c 38235 */
wolfSSL 15:117db924cf7c 38236 int wolfSSL_OBJ_obj2txt(char *buf, int bufLen, WOLFSSL_ASN1_OBJECT *a, int no_name)
wolfSSL 15:117db924cf7c 38237 {
wolfSSL 15:117db924cf7c 38238 int bufSz;
wolfSSL 16:8e0d178b1d1e 38239 const char* desc;
wolfSSL 15:117db924cf7c 38240
wolfSSL 15:117db924cf7c 38241 WOLFSSL_ENTER("wolfSSL_OBJ_obj2txt()");
wolfSSL 15:117db924cf7c 38242
wolfSSL 15:117db924cf7c 38243 if (buf == NULL || bufLen <= 1 || a == NULL) {
wolfSSL 15:117db924cf7c 38244 WOLFSSL_MSG("Bad input argument");
wolfSSL 15:117db924cf7c 38245 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 38246 }
wolfSSL 15:117db924cf7c 38247
wolfSSL 15:117db924cf7c 38248 if (no_name == 1) {
wolfSSL 15:117db924cf7c 38249 int length;
wolfSSL 15:117db924cf7c 38250 word32 idx = 0;
wolfSSL 16:8e0d178b1d1e 38251 byte tag;
wolfSSL 16:8e0d178b1d1e 38252
wolfSSL 16:8e0d178b1d1e 38253 if (GetASNTag(a->obj, &idx, &tag, a->objSz) != 0) {
wolfSSL 16:8e0d178b1d1e 38254 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 38255 }
wolfSSL 16:8e0d178b1d1e 38256
wolfSSL 16:8e0d178b1d1e 38257 if (tag != ASN_OBJECT_ID) {
wolfSSL 15:117db924cf7c 38258 WOLFSSL_MSG("Bad ASN1 Object");
wolfSSL 15:117db924cf7c 38259 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 38260 }
wolfSSL 15:117db924cf7c 38261
wolfSSL 15:117db924cf7c 38262 if (GetLength((const byte*)a->obj, &idx, &length,
wolfSSL 15:117db924cf7c 38263 a->objSz) < 0 || length < 0) {
wolfSSL 15:117db924cf7c 38264 return ASN_PARSE_E;
wolfSSL 15:117db924cf7c 38265 }
wolfSSL 15:117db924cf7c 38266
wolfSSL 15:117db924cf7c 38267 if (bufLen < MAX_OID_STRING_SZ) {
wolfSSL 15:117db924cf7c 38268 bufSz = bufLen - 1;
wolfSSL 15:117db924cf7c 38269 }
wolfSSL 15:117db924cf7c 38270 else {
wolfSSL 15:117db924cf7c 38271 bufSz = MAX_OID_STRING_SZ;
wolfSSL 15:117db924cf7c 38272 }
wolfSSL 15:117db924cf7c 38273
wolfSSL 15:117db924cf7c 38274 if ((bufSz = DecodePolicyOID(buf, (word32)bufSz, a->obj + idx,
wolfSSL 15:117db924cf7c 38275 (word32)length)) <= 0) {
wolfSSL 15:117db924cf7c 38276 WOLFSSL_MSG("Error decoding OID");
wolfSSL 15:117db924cf7c 38277 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 38278 }
wolfSSL 15:117db924cf7c 38279
wolfSSL 15:117db924cf7c 38280 }
wolfSSL 15:117db924cf7c 38281 else { /* return short name */
wolfSSL 15:117db924cf7c 38282 if (XSTRLEN(a->sName) + 1 < (word32)bufLen - 1) {
wolfSSL 15:117db924cf7c 38283 bufSz = (int)XSTRLEN(a->sName);
wolfSSL 15:117db924cf7c 38284 }
wolfSSL 15:117db924cf7c 38285 else {
wolfSSL 15:117db924cf7c 38286 bufSz = bufLen - 1;
wolfSSL 15:117db924cf7c 38287 }
wolfSSL 16:8e0d178b1d1e 38288 if (bufSz) {
wolfSSL 16:8e0d178b1d1e 38289 XMEMCPY(buf, a->sName, bufSz);
wolfSSL 16:8e0d178b1d1e 38290 }
wolfSSL 16:8e0d178b1d1e 38291 else if (wolfSSL_OBJ_obj2txt(buf, bufLen, a, 1)) {
wolfSSL 16:8e0d178b1d1e 38292 if ((desc = oid_translate_num_to_str(buf))) {
wolfSSL 16:8e0d178b1d1e 38293 bufSz = (int)XSTRLEN(desc);
wolfSSL 16:8e0d178b1d1e 38294 XMEMCPY(buf, desc, min(bufSz, bufLen));
wolfSSL 16:8e0d178b1d1e 38295 }
wolfSSL 16:8e0d178b1d1e 38296 }
wolfSSL 16:8e0d178b1d1e 38297 else if (a->type == GEN_DNS || a->type == GEN_EMAIL || a->type == GEN_URI) {
wolfSSL 16:8e0d178b1d1e 38298 bufSz = (int)XSTRLEN((const char*)a->obj);
wolfSSL 16:8e0d178b1d1e 38299 XMEMCPY(buf, a->obj, min(bufSz, bufLen));
wolfSSL 16:8e0d178b1d1e 38300 }
wolfSSL 15:117db924cf7c 38301 }
wolfSSL 15:117db924cf7c 38302
wolfSSL 15:117db924cf7c 38303 buf[bufSz] = '\0';
wolfSSL 16:8e0d178b1d1e 38304 #ifdef WOLFSSL_QT
wolfSSL 16:8e0d178b1d1e 38305 /* For unknown extension types, QT expects the short name to be the
wolfSSL 16:8e0d178b1d1e 38306 text representation of the oid */
wolfSSL 16:8e0d178b1d1e 38307 if (XSTRLEN(a->sName) == 0) {
wolfSSL 16:8e0d178b1d1e 38308 XMEMCPY(a->sName, buf, bufSz);
wolfSSL 16:8e0d178b1d1e 38309 }
wolfSSL 16:8e0d178b1d1e 38310 #endif
wolfSSL 15:117db924cf7c 38311 return bufSz;
wolfSSL 15:117db924cf7c 38312 }
wolfSSL 16:8e0d178b1d1e 38313 #endif /* OPENSSL_EXTRA */
wolfSSL 16:8e0d178b1d1e 38314
wolfSSL 16:8e0d178b1d1e 38315 #if defined(OPENSSL_EXTRA) && !defined(NO_ASN)
wolfSSL 16:8e0d178b1d1e 38316 /* DN_Tags to strings */
wolfSSL 16:8e0d178b1d1e 38317 static const struct DN_Tag_Strings {
wolfSSL 16:8e0d178b1d1e 38318 enum DN_Tags tag;
wolfSSL 16:8e0d178b1d1e 38319 const char* str;
wolfSSL 16:8e0d178b1d1e 38320 } dn_tag_strings[] = {
wolfSSL 16:8e0d178b1d1e 38321 { ASN_COMMON_NAME, "CN" },
wolfSSL 16:8e0d178b1d1e 38322 { ASN_SUR_NAME, "SN" },
wolfSSL 16:8e0d178b1d1e 38323 { ASN_SERIAL_NUMBER, "serialNumber" },
wolfSSL 16:8e0d178b1d1e 38324 { ASN_COUNTRY_NAME, "C" },
wolfSSL 16:8e0d178b1d1e 38325 { ASN_LOCALITY_NAME, "L" },
wolfSSL 16:8e0d178b1d1e 38326 { ASN_STATE_NAME, "ST" },
wolfSSL 16:8e0d178b1d1e 38327 { ASN_ORG_NAME, "O"},
wolfSSL 16:8e0d178b1d1e 38328 { ASN_ORGUNIT_NAME, "OU"},
wolfSSL 16:8e0d178b1d1e 38329 { ASN_BUS_CAT, "businessCategory"},
wolfSSL 16:8e0d178b1d1e 38330 { ASN_EMAIL_NAME, "emailAddress"},
wolfSSL 16:8e0d178b1d1e 38331 { ASN_USER_ID, "UID"},
wolfSSL 16:8e0d178b1d1e 38332 { ASN_DOMAIN_COMPONENT, "DC"},
wolfSSL 16:8e0d178b1d1e 38333 { ASN_DN_NULL, NULL }
wolfSSL 16:8e0d178b1d1e 38334 };
wolfSSL 16:8e0d178b1d1e 38335
wolfSSL 16:8e0d178b1d1e 38336 int wolfSSL_X509_NAME_get_index_by_OBJ(WOLFSSL_X509_NAME *name,
wolfSSL 16:8e0d178b1d1e 38337 const WOLFSSL_ASN1_OBJECT *obj,
wolfSSL 16:8e0d178b1d1e 38338 int idx) {
wolfSSL 16:8e0d178b1d1e 38339 const struct DN_Tag_Strings* dn;
wolfSSL 16:8e0d178b1d1e 38340 enum DN_Tags tag = ASN_DN_NULL;
wolfSSL 16:8e0d178b1d1e 38341
wolfSSL 16:8e0d178b1d1e 38342 if (!name || idx >= name->fullName.locSz ||
wolfSSL 16:8e0d178b1d1e 38343 !obj || !obj->obj) {
wolfSSL 16:8e0d178b1d1e 38344 return -1;
wolfSSL 16:8e0d178b1d1e 38345 }
wolfSSL 16:8e0d178b1d1e 38346
wolfSSL 16:8e0d178b1d1e 38347 if (idx < 0) {
wolfSSL 16:8e0d178b1d1e 38348 idx = 0;
wolfSSL 16:8e0d178b1d1e 38349 }
wolfSSL 16:8e0d178b1d1e 38350 for (dn = dn_tag_strings; dn->str != NULL; dn++) {
wolfSSL 16:8e0d178b1d1e 38351 /* Find the DN_Tags number for the name */
wolfSSL 16:8e0d178b1d1e 38352 if (XSTRNCMP((const char*) obj->sName, dn->str, obj->objSz - 1) == 0) {
wolfSSL 16:8e0d178b1d1e 38353 tag = dn->tag;
wolfSSL 16:8e0d178b1d1e 38354 break;
wolfSSL 16:8e0d178b1d1e 38355 }
wolfSSL 16:8e0d178b1d1e 38356 }
wolfSSL 16:8e0d178b1d1e 38357 if (!tag) {
wolfSSL 16:8e0d178b1d1e 38358 /* Unable to identify desired name */
wolfSSL 16:8e0d178b1d1e 38359 return -1;
wolfSSL 16:8e0d178b1d1e 38360 }
wolfSSL 16:8e0d178b1d1e 38361 for (idx++; idx < name->fullName.locSz; idx++) {
wolfSSL 16:8e0d178b1d1e 38362 /* Find index of desired name */
wolfSSL 16:8e0d178b1d1e 38363 if ((enum DN_Tags)name->fullName.loc[idx] == tag) {
wolfSSL 16:8e0d178b1d1e 38364 return idx;
wolfSSL 16:8e0d178b1d1e 38365 }
wolfSSL 16:8e0d178b1d1e 38366 }
wolfSSL 16:8e0d178b1d1e 38367 return -1;
wolfSSL 16:8e0d178b1d1e 38368 }
wolfSSL 16:8e0d178b1d1e 38369 #endif
wolfSSL 15:117db924cf7c 38370
wolfSSL 15:117db924cf7c 38371 #if defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY) || \
wolfSSL 15:117db924cf7c 38372 defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(HAVE_STUNNEL) || \
wolfSSL 15:117db924cf7c 38373 defined(WOLFSSL_NGINX) || defined(HAVE_POCO_LIB) || \
wolfSSL 15:117db924cf7c 38374 defined(WOLFSSL_HAPROXY)
wolfSSL 15:117db924cf7c 38375
wolfSSL 15:117db924cf7c 38376 #ifndef NO_SHA
wolfSSL 15:117db924cf7c 38377 /* One shot SHA1 hash of message.
wolfSSL 15:117db924cf7c 38378 *
wolfSSL 15:117db924cf7c 38379 * d message to hash
wolfSSL 15:117db924cf7c 38380 * n size of d buffer
wolfSSL 15:117db924cf7c 38381 * md buffer to hold digest. Should be SHA_DIGEST_SIZE.
wolfSSL 15:117db924cf7c 38382 *
wolfSSL 15:117db924cf7c 38383 * Note: if md is null then a static buffer of SHA_DIGEST_SIZE is used.
wolfSSL 15:117db924cf7c 38384 * When the static buffer is used this function is not thread safe.
wolfSSL 15:117db924cf7c 38385 *
wolfSSL 15:117db924cf7c 38386 * Returns a pointer to the message digest on success and NULL on failure.
wolfSSL 15:117db924cf7c 38387 */
wolfSSL 15:117db924cf7c 38388 unsigned char *wolfSSL_SHA1(const unsigned char *d, size_t n,
wolfSSL 15:117db924cf7c 38389 unsigned char *md)
wolfSSL 15:117db924cf7c 38390 {
wolfSSL 15:117db924cf7c 38391 static byte dig[WC_SHA_DIGEST_SIZE];
wolfSSL 15:117db924cf7c 38392 wc_Sha sha;
wolfSSL 15:117db924cf7c 38393
wolfSSL 15:117db924cf7c 38394 WOLFSSL_ENTER("wolfSSL_SHA1");
wolfSSL 15:117db924cf7c 38395
wolfSSL 15:117db924cf7c 38396 if (wc_InitSha_ex(&sha, NULL, 0) != 0) {
wolfSSL 15:117db924cf7c 38397 WOLFSSL_MSG("SHA1 Init failed");
wolfSSL 15:117db924cf7c 38398 return NULL;
wolfSSL 15:117db924cf7c 38399 }
wolfSSL 15:117db924cf7c 38400
wolfSSL 15:117db924cf7c 38401 if (wc_ShaUpdate(&sha, (const byte*)d, (word32)n) != 0) {
wolfSSL 15:117db924cf7c 38402 WOLFSSL_MSG("SHA1 Update failed");
wolfSSL 15:117db924cf7c 38403 return NULL;
wolfSSL 15:117db924cf7c 38404 }
wolfSSL 15:117db924cf7c 38405
wolfSSL 15:117db924cf7c 38406 if (wc_ShaFinal(&sha, dig) != 0) {
wolfSSL 15:117db924cf7c 38407 WOLFSSL_MSG("SHA1 Final failed");
wolfSSL 15:117db924cf7c 38408 return NULL;
wolfSSL 15:117db924cf7c 38409 }
wolfSSL 15:117db924cf7c 38410
wolfSSL 15:117db924cf7c 38411 wc_ShaFree(&sha);
wolfSSL 15:117db924cf7c 38412
wolfSSL 15:117db924cf7c 38413 if (md != NULL) {
wolfSSL 15:117db924cf7c 38414 XMEMCPY(md, dig, WC_SHA_DIGEST_SIZE);
wolfSSL 15:117db924cf7c 38415 return md;
wolfSSL 15:117db924cf7c 38416 }
wolfSSL 15:117db924cf7c 38417 else {
wolfSSL 15:117db924cf7c 38418 return (unsigned char*)dig;
wolfSSL 15:117db924cf7c 38419 }
wolfSSL 15:117db924cf7c 38420 }
wolfSSL 15:117db924cf7c 38421 #endif /* ! NO_SHA */
wolfSSL 15:117db924cf7c 38422
wolfSSL 15:117db924cf7c 38423 #ifndef NO_SHA256
wolfSSL 15:117db924cf7c 38424 /* One shot SHA256 hash of message.
wolfSSL 15:117db924cf7c 38425 *
wolfSSL 15:117db924cf7c 38426 * d message to hash
wolfSSL 15:117db924cf7c 38427 * n size of d buffer
wolfSSL 15:117db924cf7c 38428 * md buffer to hold digest. Should be WC_SHA256_DIGEST_SIZE.
wolfSSL 15:117db924cf7c 38429 *
wolfSSL 15:117db924cf7c 38430 * Note: if md is null then a static buffer of WC_SHA256_DIGEST_SIZE is used.
wolfSSL 15:117db924cf7c 38431 * When the static buffer is used this function is not thread safe.
wolfSSL 15:117db924cf7c 38432 *
wolfSSL 15:117db924cf7c 38433 * Returns a pointer to the message digest on success and NULL on failure.
wolfSSL 15:117db924cf7c 38434 */
wolfSSL 15:117db924cf7c 38435 unsigned char *wolfSSL_SHA256(const unsigned char *d, size_t n,
wolfSSL 15:117db924cf7c 38436 unsigned char *md)
wolfSSL 15:117db924cf7c 38437 {
wolfSSL 15:117db924cf7c 38438 static byte dig[WC_SHA256_DIGEST_SIZE];
wolfSSL 15:117db924cf7c 38439 wc_Sha256 sha;
wolfSSL 15:117db924cf7c 38440
wolfSSL 15:117db924cf7c 38441 WOLFSSL_ENTER("wolfSSL_SHA256");
wolfSSL 15:117db924cf7c 38442
wolfSSL 15:117db924cf7c 38443 if (wc_InitSha256_ex(&sha, NULL, 0) != 0) {
wolfSSL 15:117db924cf7c 38444 WOLFSSL_MSG("SHA256 Init failed");
wolfSSL 15:117db924cf7c 38445 return NULL;
wolfSSL 15:117db924cf7c 38446 }
wolfSSL 15:117db924cf7c 38447
wolfSSL 15:117db924cf7c 38448 if (wc_Sha256Update(&sha, (const byte*)d, (word32)n) != 0) {
wolfSSL 15:117db924cf7c 38449 WOLFSSL_MSG("SHA256 Update failed");
wolfSSL 15:117db924cf7c 38450 return NULL;
wolfSSL 15:117db924cf7c 38451 }
wolfSSL 15:117db924cf7c 38452
wolfSSL 15:117db924cf7c 38453 if (wc_Sha256Final(&sha, dig) != 0) {
wolfSSL 15:117db924cf7c 38454 WOLFSSL_MSG("SHA256 Final failed");
wolfSSL 15:117db924cf7c 38455 return NULL;
wolfSSL 15:117db924cf7c 38456 }
wolfSSL 15:117db924cf7c 38457
wolfSSL 15:117db924cf7c 38458 wc_Sha256Free(&sha);
wolfSSL 15:117db924cf7c 38459
wolfSSL 15:117db924cf7c 38460 if (md != NULL) {
wolfSSL 15:117db924cf7c 38461 XMEMCPY(md, dig, WC_SHA256_DIGEST_SIZE);
wolfSSL 15:117db924cf7c 38462 return md;
wolfSSL 15:117db924cf7c 38463 }
wolfSSL 15:117db924cf7c 38464 else {
wolfSSL 15:117db924cf7c 38465 return (unsigned char*)dig;
wolfSSL 15:117db924cf7c 38466 }
wolfSSL 15:117db924cf7c 38467 }
wolfSSL 15:117db924cf7c 38468 #endif /* ! NO_SHA256 */
wolfSSL 15:117db924cf7c 38469
wolfSSL 15:117db924cf7c 38470 #ifdef WOLFSSL_SHA384
wolfSSL 15:117db924cf7c 38471 /* One shot SHA384 hash of message.
wolfSSL 15:117db924cf7c 38472 *
wolfSSL 15:117db924cf7c 38473 * d message to hash
wolfSSL 15:117db924cf7c 38474 * n size of d buffer
wolfSSL 15:117db924cf7c 38475 * md buffer to hold digest. Should be WC_SHA256_DIGEST_SIZE.
wolfSSL 15:117db924cf7c 38476 *
wolfSSL 15:117db924cf7c 38477 * Note: if md is null then a static buffer of WC_SHA256_DIGEST_SIZE is used.
wolfSSL 15:117db924cf7c 38478 * When the static buffer is used this function is not thread safe.
wolfSSL 15:117db924cf7c 38479 *
wolfSSL 15:117db924cf7c 38480 * Returns a pointer to the message digest on success and NULL on failure.
wolfSSL 15:117db924cf7c 38481 */
wolfSSL 15:117db924cf7c 38482 unsigned char *wolfSSL_SHA384(const unsigned char *d, size_t n,
wolfSSL 15:117db924cf7c 38483 unsigned char *md)
wolfSSL 15:117db924cf7c 38484 {
wolfSSL 15:117db924cf7c 38485 static byte dig[WC_SHA384_DIGEST_SIZE];
wolfSSL 15:117db924cf7c 38486 wc_Sha384 sha;
wolfSSL 15:117db924cf7c 38487
wolfSSL 15:117db924cf7c 38488 WOLFSSL_ENTER("wolfSSL_SHA384");
wolfSSL 15:117db924cf7c 38489
wolfSSL 15:117db924cf7c 38490 if (wc_InitSha384_ex(&sha, NULL, 0) != 0) {
wolfSSL 15:117db924cf7c 38491 WOLFSSL_MSG("SHA384 Init failed");
wolfSSL 15:117db924cf7c 38492 return NULL;
wolfSSL 15:117db924cf7c 38493 }
wolfSSL 15:117db924cf7c 38494
wolfSSL 15:117db924cf7c 38495 if (wc_Sha384Update(&sha, (const byte*)d, (word32)n) != 0) {
wolfSSL 15:117db924cf7c 38496 WOLFSSL_MSG("SHA384 Update failed");
wolfSSL 15:117db924cf7c 38497 return NULL;
wolfSSL 15:117db924cf7c 38498 }
wolfSSL 15:117db924cf7c 38499
wolfSSL 15:117db924cf7c 38500 if (wc_Sha384Final(&sha, dig) != 0) {
wolfSSL 15:117db924cf7c 38501 WOLFSSL_MSG("SHA384 Final failed");
wolfSSL 15:117db924cf7c 38502 return NULL;
wolfSSL 15:117db924cf7c 38503 }
wolfSSL 15:117db924cf7c 38504
wolfSSL 15:117db924cf7c 38505 wc_Sha384Free(&sha);
wolfSSL 15:117db924cf7c 38506
wolfSSL 15:117db924cf7c 38507 if (md != NULL) {
wolfSSL 15:117db924cf7c 38508 XMEMCPY(md, dig, WC_SHA384_DIGEST_SIZE);
wolfSSL 15:117db924cf7c 38509 return md;
wolfSSL 15:117db924cf7c 38510 }
wolfSSL 15:117db924cf7c 38511 else {
wolfSSL 15:117db924cf7c 38512 return (unsigned char*)dig;
wolfSSL 15:117db924cf7c 38513 }
wolfSSL 15:117db924cf7c 38514 }
wolfSSL 15:117db924cf7c 38515 #endif /* WOLFSSL_SHA384 */
wolfSSL 15:117db924cf7c 38516
wolfSSL 15:117db924cf7c 38517
wolfSSL 15:117db924cf7c 38518 #if defined(WOLFSSL_SHA512)
wolfSSL 15:117db924cf7c 38519 /* One shot SHA512 hash of message.
wolfSSL 15:117db924cf7c 38520 *
wolfSSL 15:117db924cf7c 38521 * d message to hash
wolfSSL 15:117db924cf7c 38522 * n size of d buffer
wolfSSL 15:117db924cf7c 38523 * md buffer to hold digest. Should be WC_SHA256_DIGEST_SIZE.
wolfSSL 15:117db924cf7c 38524 *
wolfSSL 15:117db924cf7c 38525 * Note: if md is null then a static buffer of WC_SHA256_DIGEST_SIZE is used.
wolfSSL 15:117db924cf7c 38526 * When the static buffer is used this function is not thread safe.
wolfSSL 15:117db924cf7c 38527 *
wolfSSL 15:117db924cf7c 38528 * Returns a pointer to the message digest on success and NULL on failure.
wolfSSL 15:117db924cf7c 38529 */
wolfSSL 15:117db924cf7c 38530 unsigned char *wolfSSL_SHA512(const unsigned char *d, size_t n,
wolfSSL 15:117db924cf7c 38531 unsigned char *md)
wolfSSL 15:117db924cf7c 38532 {
wolfSSL 15:117db924cf7c 38533 static byte dig[WC_SHA512_DIGEST_SIZE];
wolfSSL 15:117db924cf7c 38534 wc_Sha512 sha;
wolfSSL 15:117db924cf7c 38535
wolfSSL 15:117db924cf7c 38536 WOLFSSL_ENTER("wolfSSL_SHA512");
wolfSSL 15:117db924cf7c 38537
wolfSSL 15:117db924cf7c 38538 if (wc_InitSha512_ex(&sha, NULL, 0) != 0) {
wolfSSL 15:117db924cf7c 38539 WOLFSSL_MSG("SHA512 Init failed");
wolfSSL 15:117db924cf7c 38540 return NULL;
wolfSSL 15:117db924cf7c 38541 }
wolfSSL 15:117db924cf7c 38542
wolfSSL 15:117db924cf7c 38543 if (wc_Sha512Update(&sha, (const byte*)d, (word32)n) != 0) {
wolfSSL 15:117db924cf7c 38544 WOLFSSL_MSG("SHA512 Update failed");
wolfSSL 15:117db924cf7c 38545 return NULL;
wolfSSL 15:117db924cf7c 38546 }
wolfSSL 15:117db924cf7c 38547
wolfSSL 15:117db924cf7c 38548 if (wc_Sha512Final(&sha, dig) != 0) {
wolfSSL 15:117db924cf7c 38549 WOLFSSL_MSG("SHA512 Final failed");
wolfSSL 15:117db924cf7c 38550 return NULL;
wolfSSL 15:117db924cf7c 38551 }
wolfSSL 15:117db924cf7c 38552
wolfSSL 15:117db924cf7c 38553 wc_Sha512Free(&sha);
wolfSSL 15:117db924cf7c 38554
wolfSSL 15:117db924cf7c 38555 if (md != NULL) {
wolfSSL 15:117db924cf7c 38556 XMEMCPY(md, dig, WC_SHA512_DIGEST_SIZE);
wolfSSL 15:117db924cf7c 38557 return md;
wolfSSL 15:117db924cf7c 38558 }
wolfSSL 15:117db924cf7c 38559 else {
wolfSSL 15:117db924cf7c 38560 return (unsigned char*)dig;
wolfSSL 15:117db924cf7c 38561 }
wolfSSL 15:117db924cf7c 38562 }
wolfSSL 15:117db924cf7c 38563 #endif /* defined(WOLFSSL_SHA512) */
wolfSSL 16:8e0d178b1d1e 38564 #endif /* OPENSSL_EXTRA */
wolfSSL 16:8e0d178b1d1e 38565
wolfSSL 16:8e0d178b1d1e 38566 #ifndef WOLFCRYPT_ONLY
wolfSSL 16:8e0d178b1d1e 38567 #if defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY) || \
wolfSSL 16:8e0d178b1d1e 38568 defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(HAVE_STUNNEL) || \
wolfSSL 16:8e0d178b1d1e 38569 defined(WOLFSSL_NGINX) || defined(HAVE_POCO_LIB) || \
wolfSSL 16:8e0d178b1d1e 38570 defined(WOLFSSL_HAPROXY)
wolfSSL 15:117db924cf7c 38571
wolfSSL 15:117db924cf7c 38572 char wolfSSL_CTX_use_certificate(WOLFSSL_CTX *ctx, WOLFSSL_X509 *x)
wolfSSL 15:117db924cf7c 38573 {
wolfSSL 15:117db924cf7c 38574 int ret;
wolfSSL 15:117db924cf7c 38575
wolfSSL 15:117db924cf7c 38576 WOLFSSL_ENTER("wolfSSL_CTX_use_certificate");
wolfSSL 15:117db924cf7c 38577
wolfSSL 15:117db924cf7c 38578 FreeDer(&ctx->certificate); /* Make sure previous is free'd */
wolfSSL 15:117db924cf7c 38579 ret = AllocDer(&ctx->certificate, x->derCert->length, CERT_TYPE,
wolfSSL 15:117db924cf7c 38580 ctx->heap);
wolfSSL 15:117db924cf7c 38581 if (ret != 0)
wolfSSL 15:117db924cf7c 38582 return 0;
wolfSSL 15:117db924cf7c 38583
wolfSSL 15:117db924cf7c 38584 XMEMCPY(ctx->certificate->buffer, x->derCert->buffer,
wolfSSL 15:117db924cf7c 38585 x->derCert->length);
wolfSSL 15:117db924cf7c 38586 #ifdef KEEP_OUR_CERT
wolfSSL 15:117db924cf7c 38587 if (ctx->ourCert != NULL && ctx->ownOurCert) {
wolfSSL 15:117db924cf7c 38588 FreeX509(ctx->ourCert);
wolfSSL 15:117db924cf7c 38589 XFREE(ctx->ourCert, ctx->heap, DYNAMIC_TYPE_X509);
wolfSSL 15:117db924cf7c 38590 }
wolfSSL 16:8e0d178b1d1e 38591 #ifndef WOLFSSL_X509_STORE_CERTS
wolfSSL 15:117db924cf7c 38592 ctx->ourCert = x;
wolfSSL 16:8e0d178b1d1e 38593 #else
wolfSSL 16:8e0d178b1d1e 38594 ctx->ourCert = wolfSSL_X509_d2i(NULL, x->derCert->buffer,x->derCert->length);
wolfSSL 16:8e0d178b1d1e 38595 if(ctx->ourCert == NULL){
wolfSSL 16:8e0d178b1d1e 38596 return 0;
wolfSSL 16:8e0d178b1d1e 38597 }
wolfSSL 16:8e0d178b1d1e 38598 #endif
wolfSSL 16:8e0d178b1d1e 38599
wolfSSL 15:117db924cf7c 38600 ctx->ownOurCert = 0;
wolfSSL 15:117db924cf7c 38601 #endif
wolfSSL 15:117db924cf7c 38602
wolfSSL 15:117db924cf7c 38603 /* Update the available options with public keys. */
wolfSSL 15:117db924cf7c 38604 switch (x->pubKeyOID) {
wolfSSL 15:117db924cf7c 38605 case RSAk:
wolfSSL 15:117db924cf7c 38606 ctx->haveRSA = 1;
wolfSSL 15:117db924cf7c 38607 break;
wolfSSL 15:117db924cf7c 38608 #ifdef HAVE_ED25519
wolfSSL 15:117db924cf7c 38609 case ED25519k:
wolfSSL 15:117db924cf7c 38610 #endif
wolfSSL 16:8e0d178b1d1e 38611 #ifdef HAVE_ED448
wolfSSL 16:8e0d178b1d1e 38612 case ED448k:
wolfSSL 16:8e0d178b1d1e 38613 #endif
wolfSSL 15:117db924cf7c 38614 case ECDSAk:
wolfSSL 15:117db924cf7c 38615 ctx->haveECC = 1;
wolfSSL 16:8e0d178b1d1e 38616 #if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448)
wolfSSL 15:117db924cf7c 38617 ctx->pkCurveOID = x->pkCurveOID;
wolfSSL 16:8e0d178b1d1e 38618 #endif
wolfSSL 16:8e0d178b1d1e 38619 break;
wolfSSL 16:8e0d178b1d1e 38620 }
wolfSSL 16:8e0d178b1d1e 38621
wolfSSL 16:8e0d178b1d1e 38622 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 38623 }
wolfSSL 16:8e0d178b1d1e 38624
wolfSSL 16:8e0d178b1d1e 38625 int wolfSSL_CTX_add1_chain_cert(WOLFSSL_CTX* ctx, WOLFSSL_X509* x509)
wolfSSL 16:8e0d178b1d1e 38626 {
wolfSSL 16:8e0d178b1d1e 38627 int ret;
wolfSSL 16:8e0d178b1d1e 38628 if (ctx == NULL || x509 == NULL || x509->derCert == NULL) {
wolfSSL 16:8e0d178b1d1e 38629 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 38630 }
wolfSSL 16:8e0d178b1d1e 38631
wolfSSL 16:8e0d178b1d1e 38632 ret = wolfSSL_CTX_load_verify_buffer(ctx, x509->derCert->buffer,
wolfSSL 16:8e0d178b1d1e 38633 x509->derCert->length, WOLFSSL_FILETYPE_ASN1);
wolfSSL 16:8e0d178b1d1e 38634
wolfSSL 16:8e0d178b1d1e 38635 return (ret == 0) ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 38636 }
wolfSSL 16:8e0d178b1d1e 38637
wolfSSL 15:117db924cf7c 38638 int wolfSSL_BIO_read_filename(WOLFSSL_BIO *b, const char *name) {
wolfSSL 15:117db924cf7c 38639 #ifndef NO_FILESYSTEM
wolfSSL 15:117db924cf7c 38640 XFILE fp;
wolfSSL 15:117db924cf7c 38641
wolfSSL 15:117db924cf7c 38642 WOLFSSL_ENTER("wolfSSL_BIO_new_file");
wolfSSL 15:117db924cf7c 38643
wolfSSL 16:8e0d178b1d1e 38644 if ((wolfSSL_BIO_get_fp(b, &fp) == WOLFSSL_SUCCESS) && (fp != XBADFILE))
wolfSSL 15:117db924cf7c 38645 {
wolfSSL 15:117db924cf7c 38646 XFCLOSE(fp);
wolfSSL 15:117db924cf7c 38647 }
wolfSSL 15:117db924cf7c 38648
wolfSSL 15:117db924cf7c 38649 fp = XFOPEN(name, "r");
wolfSSL 16:8e0d178b1d1e 38650 if (fp == XBADFILE)
wolfSSL 15:117db924cf7c 38651 return WOLFSSL_BAD_FILE;
wolfSSL 15:117db924cf7c 38652
wolfSSL 15:117db924cf7c 38653 if (wolfSSL_BIO_set_fp(b, fp, BIO_CLOSE) != WOLFSSL_SUCCESS) {
wolfSSL 15:117db924cf7c 38654 XFCLOSE(fp);
wolfSSL 15:117db924cf7c 38655 return WOLFSSL_BAD_FILE;
wolfSSL 15:117db924cf7c 38656 }
wolfSSL 15:117db924cf7c 38657
wolfSSL 15:117db924cf7c 38658 /* file is closed when bio is free'd */
wolfSSL 15:117db924cf7c 38659 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 38660 #else
wolfSSL 15:117db924cf7c 38661 (void)name;
wolfSSL 15:117db924cf7c 38662 (void)b;
wolfSSL 15:117db924cf7c 38663 return WOLFSSL_NOT_IMPLEMENTED;
wolfSSL 15:117db924cf7c 38664 #endif
wolfSSL 15:117db924cf7c 38665 }
wolfSSL 16:8e0d178b1d1e 38666
wolfSSL 16:8e0d178b1d1e 38667 /* Return the corresponding short name for the nid <n>.
wolfSSL 16:8e0d178b1d1e 38668 * or NULL if short name can't be found.
wolfSSL 16:8e0d178b1d1e 38669 */
wolfSSL 15:117db924cf7c 38670 const char * wolfSSL_OBJ_nid2sn(int n) {
wolfSSL 16:8e0d178b1d1e 38671 const WOLFSSL_ObjectInfo *obj_info = wolfssl_object_info;
wolfSSL 16:8e0d178b1d1e 38672 size_t i;
wolfSSL 15:117db924cf7c 38673 WOLFSSL_ENTER("wolfSSL_OBJ_nid2sn");
wolfSSL 16:8e0d178b1d1e 38674 for (i = 0; i < WOLFSSL_OBJECT_INFO_SZ; i++, obj_info++) {
wolfSSL 16:8e0d178b1d1e 38675 if (obj_info->nid == n) {
wolfSSL 16:8e0d178b1d1e 38676 return obj_info->sName;
wolfSSL 16:8e0d178b1d1e 38677 }
wolfSSL 16:8e0d178b1d1e 38678 }
wolfSSL 16:8e0d178b1d1e 38679 WOLFSSL_MSG("SN not found");
wolfSSL 16:8e0d178b1d1e 38680 return NULL;
wolfSSL 16:8e0d178b1d1e 38681 }
wolfSSL 16:8e0d178b1d1e 38682
wolfSSL 16:8e0d178b1d1e 38683 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
wolfSSL 15:117db924cf7c 38684 int wolfSSL_OBJ_sn2nid(const char *sn) {
wolfSSL 16:8e0d178b1d1e 38685 WOLFSSL_ENTER("wolfSSL_OBJ_sn2nid");
wolfSSL 16:8e0d178b1d1e 38686 if (sn == NULL)
wolfSSL 16:8e0d178b1d1e 38687 return NID_undef;
wolfSSL 16:8e0d178b1d1e 38688 return wc_OBJ_sn2nid(sn);
wolfSSL 16:8e0d178b1d1e 38689 }
wolfSSL 16:8e0d178b1d1e 38690 #endif
wolfSSL 16:8e0d178b1d1e 38691
wolfSSL 15:117db924cf7c 38692
wolfSSL 15:117db924cf7c 38693 /* Gets the NID value that corresponds with the ASN1 object.
wolfSSL 15:117db924cf7c 38694 *
wolfSSL 15:117db924cf7c 38695 * o ASN1 object to get NID of
wolfSSL 15:117db924cf7c 38696 *
wolfSSL 15:117db924cf7c 38697 * Return NID on success and a negative value on failure
wolfSSL 15:117db924cf7c 38698 */
wolfSSL 16:8e0d178b1d1e 38699 int wolfSSL_OBJ_obj2nid(const WOLFSSL_ASN1_OBJECT *o)
wolfSSL 16:8e0d178b1d1e 38700 {
wolfSSL 15:117db924cf7c 38701 word32 oid = 0;
wolfSSL 15:117db924cf7c 38702 word32 idx = 0;
wolfSSL 15:117db924cf7c 38703
wolfSSL 15:117db924cf7c 38704 WOLFSSL_ENTER("wolfSSL_OBJ_obj2nid");
wolfSSL 15:117db924cf7c 38705
wolfSSL 15:117db924cf7c 38706 if (o == NULL) {
wolfSSL 15:117db924cf7c 38707 return -1;
wolfSSL 15:117db924cf7c 38708 }
wolfSSL 15:117db924cf7c 38709
wolfSSL 16:8e0d178b1d1e 38710 #ifdef WOLFSSL_QT
wolfSSL 16:8e0d178b1d1e 38711 if (o->grp == oidCertExtType) {
wolfSSL 16:8e0d178b1d1e 38712 /* If nid is an unknown extension, return NID_undef */
wolfSSL 16:8e0d178b1d1e 38713 if (wolfSSL_OBJ_nid2sn(o->nid) == NULL)
wolfSSL 16:8e0d178b1d1e 38714 return NID_undef;
wolfSSL 16:8e0d178b1d1e 38715 }
wolfSSL 16:8e0d178b1d1e 38716 #endif
wolfSSL 16:8e0d178b1d1e 38717
wolfSSL 16:8e0d178b1d1e 38718 if (o->nid > 0)
wolfSSL 16:8e0d178b1d1e 38719 return o->nid;
wolfSSL 16:8e0d178b1d1e 38720 if (GetObjectId(o->obj, &idx, &oid, o->grp, o->objSz) < 0) {
wolfSSL 15:117db924cf7c 38721 WOLFSSL_MSG("Issue getting OID of object");
wolfSSL 15:117db924cf7c 38722 return -1;
wolfSSL 15:117db924cf7c 38723 }
wolfSSL 15:117db924cf7c 38724
wolfSSL 16:8e0d178b1d1e 38725 return oid2nid(oid, o->grp);
wolfSSL 16:8e0d178b1d1e 38726 }
wolfSSL 16:8e0d178b1d1e 38727
wolfSSL 16:8e0d178b1d1e 38728 /* Returns the long name that corresponds with an ASN1_OBJECT nid value.
wolfSSL 16:8e0d178b1d1e 38729 * n : NID value of ASN1_OBJECT to search */
wolfSSL 16:8e0d178b1d1e 38730 const char* wolfSSL_OBJ_nid2ln(int n)
wolfSSL 16:8e0d178b1d1e 38731 {
wolfSSL 16:8e0d178b1d1e 38732 const WOLFSSL_ObjectInfo *obj_info = wolfssl_object_info;
wolfSSL 16:8e0d178b1d1e 38733 size_t i;
wolfSSL 15:117db924cf7c 38734 WOLFSSL_ENTER("wolfSSL_OBJ_nid2ln");
wolfSSL 16:8e0d178b1d1e 38735 for (i = 0; i < WOLFSSL_OBJECT_INFO_SZ; i++, obj_info++) {
wolfSSL 16:8e0d178b1d1e 38736 if (obj_info->nid == n) {
wolfSSL 16:8e0d178b1d1e 38737 return obj_info->lName;
wolfSSL 16:8e0d178b1d1e 38738 }
wolfSSL 16:8e0d178b1d1e 38739 }
wolfSSL 16:8e0d178b1d1e 38740 WOLFSSL_MSG("NID not found in table");
wolfSSL 16:8e0d178b1d1e 38741 return NULL;
wolfSSL 16:8e0d178b1d1e 38742 }
wolfSSL 16:8e0d178b1d1e 38743
wolfSSL 16:8e0d178b1d1e 38744 /* Return the corresponding NID for the long name <ln>
wolfSSL 16:8e0d178b1d1e 38745 * or NID_undef if NID can't be found.
wolfSSL 16:8e0d178b1d1e 38746 */
wolfSSL 16:8e0d178b1d1e 38747 int wolfSSL_OBJ_ln2nid(const char *ln)
wolfSSL 16:8e0d178b1d1e 38748 {
wolfSSL 16:8e0d178b1d1e 38749 const WOLFSSL_ObjectInfo *obj_info = wolfssl_object_info;
wolfSSL 16:8e0d178b1d1e 38750 size_t i, lnlen;
wolfSSL 16:8e0d178b1d1e 38751 WOLFSSL_ENTER("wolfSSL_OBJ_ln2nid");
wolfSSL 16:8e0d178b1d1e 38752 if (ln && (lnlen = XSTRLEN(ln)) > 0) {
wolfSSL 16:8e0d178b1d1e 38753 /* Accept input like "/commonName=" */
wolfSSL 16:8e0d178b1d1e 38754 if (ln[0] == '/') {
wolfSSL 16:8e0d178b1d1e 38755 ln++;
wolfSSL 16:8e0d178b1d1e 38756 lnlen--;
wolfSSL 16:8e0d178b1d1e 38757 }
wolfSSL 16:8e0d178b1d1e 38758 if (lnlen) {
wolfSSL 16:8e0d178b1d1e 38759 if (ln[lnlen-1] == '=') {
wolfSSL 16:8e0d178b1d1e 38760 lnlen--;
wolfSSL 16:8e0d178b1d1e 38761 }
wolfSSL 16:8e0d178b1d1e 38762 for (i = 0; i < WOLFSSL_OBJECT_INFO_SZ; i++, obj_info++) {
wolfSSL 16:8e0d178b1d1e 38763 if (lnlen == XSTRLEN(obj_info->lName) &&
wolfSSL 16:8e0d178b1d1e 38764 XSTRNCMP(ln, obj_info->lName, lnlen) == 0) {
wolfSSL 16:8e0d178b1d1e 38765 return obj_info->nid;
wolfSSL 16:8e0d178b1d1e 38766 }
wolfSSL 16:8e0d178b1d1e 38767 }
wolfSSL 16:8e0d178b1d1e 38768 }
wolfSSL 16:8e0d178b1d1e 38769 }
wolfSSL 16:8e0d178b1d1e 38770 return NID_undef;
wolfSSL 16:8e0d178b1d1e 38771 }
wolfSSL 16:8e0d178b1d1e 38772
wolfSSL 16:8e0d178b1d1e 38773 /* compares two objects, return 0 if equal */
wolfSSL 16:8e0d178b1d1e 38774 int wolfSSL_OBJ_cmp(const WOLFSSL_ASN1_OBJECT* a,
wolfSSL 16:8e0d178b1d1e 38775 const WOLFSSL_ASN1_OBJECT* b)
wolfSSL 16:8e0d178b1d1e 38776 {
wolfSSL 16:8e0d178b1d1e 38777 WOLFSSL_ENTER("wolfSSL_OBJ_cmp");
wolfSSL 16:8e0d178b1d1e 38778
wolfSSL 16:8e0d178b1d1e 38779 if (a != NULL && b != NULL &&
wolfSSL 16:8e0d178b1d1e 38780 a->obj != NULL && b->obj != NULL &&
wolfSSL 16:8e0d178b1d1e 38781 a->objSz == b->objSz) {
wolfSSL 16:8e0d178b1d1e 38782 return XMEMCMP(a->obj, b->obj, a->objSz);
wolfSSL 16:8e0d178b1d1e 38783 }
wolfSSL 16:8e0d178b1d1e 38784
wolfSSL 16:8e0d178b1d1e 38785 return WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 38786 }
wolfSSL 16:8e0d178b1d1e 38787
wolfSSL 16:8e0d178b1d1e 38788 /* Gets the NID value that is related to the OID string passed in. Example
wolfSSL 16:8e0d178b1d1e 38789 * string would be "2.5.29.14" for subject key ID.
wolfSSL 16:8e0d178b1d1e 38790 *
wolfSSL 16:8e0d178b1d1e 38791 * returns NID value on success and NID_undef on error
wolfSSL 16:8e0d178b1d1e 38792 */
wolfSSL 15:117db924cf7c 38793 int wolfSSL_OBJ_txt2nid(const char* s)
wolfSSL 15:117db924cf7c 38794 {
wolfSSL 16:8e0d178b1d1e 38795 unsigned int i;
wolfSSL 16:8e0d178b1d1e 38796 #ifdef WOLFSSL_CERT_EXT
wolfSSL 16:8e0d178b1d1e 38797 int ret;
wolfSSL 16:8e0d178b1d1e 38798 unsigned int sum = 0;
wolfSSL 16:8e0d178b1d1e 38799 unsigned int outSz = MAX_OID_SZ;
wolfSSL 16:8e0d178b1d1e 38800 unsigned char out[MAX_OID_SZ];
wolfSSL 16:8e0d178b1d1e 38801 #endif
wolfSSL 16:8e0d178b1d1e 38802
wolfSSL 16:8e0d178b1d1e 38803 WOLFSSL_ENTER("OBJ_txt2nid");
wolfSSL 16:8e0d178b1d1e 38804
wolfSSL 16:8e0d178b1d1e 38805 if (s == NULL) {
wolfSSL 16:8e0d178b1d1e 38806 return NID_undef;
wolfSSL 16:8e0d178b1d1e 38807 }
wolfSSL 16:8e0d178b1d1e 38808
wolfSSL 16:8e0d178b1d1e 38809 #ifdef WOLFSSL_CERT_EXT
wolfSSL 16:8e0d178b1d1e 38810 ret = EncodePolicyOID(out, &outSz, s, NULL);
wolfSSL 16:8e0d178b1d1e 38811 if (ret == 0) {
wolfSSL 16:8e0d178b1d1e 38812 /* sum OID */
wolfSSL 16:8e0d178b1d1e 38813 for (i = 0; i < outSz; i++) {
wolfSSL 16:8e0d178b1d1e 38814 sum += out[i];
wolfSSL 16:8e0d178b1d1e 38815 }
wolfSSL 16:8e0d178b1d1e 38816 }
wolfSSL 16:8e0d178b1d1e 38817 #endif /* WOLFSSL_CERT_EXT */
wolfSSL 16:8e0d178b1d1e 38818
wolfSSL 16:8e0d178b1d1e 38819 /* get the group that the OID's sum is in
wolfSSL 16:8e0d178b1d1e 38820 * @TODO possible conflict with multiples */
wolfSSL 16:8e0d178b1d1e 38821 for (i = 0; i < WOLFSSL_OBJECT_INFO_SZ; i++) {
wolfSSL 16:8e0d178b1d1e 38822 int len;
wolfSSL 16:8e0d178b1d1e 38823 #ifdef WOLFSSL_CERT_EXT
wolfSSL 16:8e0d178b1d1e 38824 if (ret == 0) {
wolfSSL 16:8e0d178b1d1e 38825 if (wolfssl_object_info[i].id == (int)sum) {
wolfSSL 16:8e0d178b1d1e 38826 return wolfssl_object_info[i].nid;
wolfSSL 16:8e0d178b1d1e 38827 }
wolfSSL 16:8e0d178b1d1e 38828 }
wolfSSL 16:8e0d178b1d1e 38829 #endif
wolfSSL 16:8e0d178b1d1e 38830
wolfSSL 16:8e0d178b1d1e 38831 /* try as a short name */
wolfSSL 16:8e0d178b1d1e 38832 len = (int)XSTRLEN(s);
wolfSSL 16:8e0d178b1d1e 38833 if (XSTRNCMP(wolfssl_object_info[i].sName, s, len) == 0) {
wolfSSL 16:8e0d178b1d1e 38834 return wolfssl_object_info[i].nid;
wolfSSL 16:8e0d178b1d1e 38835 }
wolfSSL 16:8e0d178b1d1e 38836
wolfSSL 16:8e0d178b1d1e 38837 /* try as a long name */
wolfSSL 16:8e0d178b1d1e 38838 if (XSTRNCMP(wolfssl_object_info[i].lName, s, len) == 0) {
wolfSSL 16:8e0d178b1d1e 38839 return wolfssl_object_info[i].nid;
wolfSSL 16:8e0d178b1d1e 38840 }
wolfSSL 16:8e0d178b1d1e 38841 }
wolfSSL 16:8e0d178b1d1e 38842
wolfSSL 16:8e0d178b1d1e 38843 return NID_undef;
wolfSSL 16:8e0d178b1d1e 38844 }
wolfSSL 16:8e0d178b1d1e 38845
wolfSSL 16:8e0d178b1d1e 38846 /* Creates new ASN1_OBJECT from short name, long name, or text
wolfSSL 16:8e0d178b1d1e 38847 * representation of oid. If no_name is 0, then short name, long name, and
wolfSSL 16:8e0d178b1d1e 38848 * numerical value of oid are interpreted. If no_name is 1, then only the
wolfSSL 16:8e0d178b1d1e 38849 * numerical value of the oid is interpreted.
wolfSSL 16:8e0d178b1d1e 38850 *
wolfSSL 16:8e0d178b1d1e 38851 * Returns pointer to ASN1_OBJECT on success, or NULL on error.
wolfSSL 16:8e0d178b1d1e 38852 */
wolfSSL 16:8e0d178b1d1e 38853 #if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN)
wolfSSL 16:8e0d178b1d1e 38854 WOLFSSL_ASN1_OBJECT* wolfSSL_OBJ_txt2obj(const char* s, int no_name)
wolfSSL 16:8e0d178b1d1e 38855 {
wolfSSL 16:8e0d178b1d1e 38856 int len, i, ret;
wolfSSL 16:8e0d178b1d1e 38857 int nid = NID_undef;
wolfSSL 16:8e0d178b1d1e 38858 unsigned int outSz = MAX_OID_SZ;
wolfSSL 16:8e0d178b1d1e 38859 unsigned char out[MAX_OID_SZ];
wolfSSL 16:8e0d178b1d1e 38860 unsigned int sum = 0;
wolfSSL 16:8e0d178b1d1e 38861
wolfSSL 16:8e0d178b1d1e 38862 WOLFSSL_ENTER("wolfSSL_OBJ_txt2obj");
wolfSSL 16:8e0d178b1d1e 38863
wolfSSL 16:8e0d178b1d1e 38864 if (s == NULL)
wolfSSL 16:8e0d178b1d1e 38865 return NULL;
wolfSSL 16:8e0d178b1d1e 38866
wolfSSL 16:8e0d178b1d1e 38867 /* If s is numerical value, try to sum oid */
wolfSSL 16:8e0d178b1d1e 38868 ret = EncodePolicyOID(out, &outSz, s, NULL);
wolfSSL 16:8e0d178b1d1e 38869 if (ret == 0) {
wolfSSL 16:8e0d178b1d1e 38870 for (i = 0; i < (int)outSz; i++) {
wolfSSL 16:8e0d178b1d1e 38871 sum += out[i];
wolfSSL 16:8e0d178b1d1e 38872 }
wolfSSL 16:8e0d178b1d1e 38873 }
wolfSSL 16:8e0d178b1d1e 38874
wolfSSL 16:8e0d178b1d1e 38875 len = (int)XSTRLEN(s);
wolfSSL 16:8e0d178b1d1e 38876
wolfSSL 16:8e0d178b1d1e 38877 /* TODO: update short names in wolfssl_object_info and check OID sums
wolfSSL 16:8e0d178b1d1e 38878 are correct */
wolfSSL 16:8e0d178b1d1e 38879 for (i = 0; i < (int)WOLFSSL_OBJECT_INFO_SZ; i++) {
wolfSSL 16:8e0d178b1d1e 38880 /* Short name, long name, and numerical value are interpreted */
wolfSSL 16:8e0d178b1d1e 38881 if (no_name == 0 && ((XSTRNCMP(s, wolfssl_object_info[i].sName, len) == 0) ||
wolfSSL 16:8e0d178b1d1e 38882 (XSTRNCMP(s, wolfssl_object_info[i].lName, len) == 0) ||
wolfSSL 16:8e0d178b1d1e 38883 (wolfssl_object_info[i].id == (int)sum)))
wolfSSL 16:8e0d178b1d1e 38884 nid = wolfssl_object_info[i].nid;
wolfSSL 16:8e0d178b1d1e 38885 /* Only numerical value is interpreted */
wolfSSL 16:8e0d178b1d1e 38886 else if (no_name == 1 && wolfssl_object_info[i].id == (int)sum)
wolfSSL 16:8e0d178b1d1e 38887 nid = wolfssl_object_info[i].nid;
wolfSSL 16:8e0d178b1d1e 38888 }
wolfSSL 16:8e0d178b1d1e 38889
wolfSSL 16:8e0d178b1d1e 38890 if (nid != NID_undef)
wolfSSL 16:8e0d178b1d1e 38891 return wolfSSL_OBJ_nid2obj(nid);
wolfSSL 16:8e0d178b1d1e 38892
wolfSSL 16:8e0d178b1d1e 38893 return NULL;
wolfSSL 16:8e0d178b1d1e 38894 }
wolfSSL 16:8e0d178b1d1e 38895 #endif
wolfSSL 16:8e0d178b1d1e 38896
wolfSSL 16:8e0d178b1d1e 38897 /* compatibility function. Its intended use is to remove OID's from an
wolfSSL 16:8e0d178b1d1e 38898 * internal table that have been added with OBJ_create. wolfSSL manages its
wolfSSL 16:8e0d178b1d1e 38899 * own internal OID values and does not currently support OBJ_create. */
wolfSSL 15:117db924cf7c 38900 void wolfSSL_OBJ_cleanup(void)
wolfSSL 15:117db924cf7c 38901 {
wolfSSL 15:117db924cf7c 38902 WOLFSSL_ENTER("wolfSSL_OBJ_cleanup()");
wolfSSL 15:117db924cf7c 38903 }
wolfSSL 15:117db924cf7c 38904
wolfSSL 15:117db924cf7c 38905 #ifndef NO_WOLFSSL_STUB
wolfSSL 16:8e0d178b1d1e 38906 int wolfSSL_OBJ_create(const char *oid, const char *sn, const char *ln)
wolfSSL 16:8e0d178b1d1e 38907 {
wolfSSL 16:8e0d178b1d1e 38908 (void)oid;
wolfSSL 16:8e0d178b1d1e 38909 (void)sn;
wolfSSL 16:8e0d178b1d1e 38910 (void)ln;
wolfSSL 16:8e0d178b1d1e 38911 WOLFSSL_STUB("wolfSSL_OBJ_create");
wolfSSL 16:8e0d178b1d1e 38912 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 38913 }
wolfSSL 16:8e0d178b1d1e 38914 #endif
wolfSSL 16:8e0d178b1d1e 38915
wolfSSL 16:8e0d178b1d1e 38916 void wolfSSL_set_verify_depth(WOLFSSL *ssl, int depth)
wolfSSL 16:8e0d178b1d1e 38917 {
wolfSSL 16:8e0d178b1d1e 38918 #if !defined(OPENSSL_EXTRA) && !defined(NO_WOLFSSL_STUB)
wolfSSL 15:117db924cf7c 38919 (void)ssl;
wolfSSL 15:117db924cf7c 38920 (void)depth;
wolfSSL 15:117db924cf7c 38921 WOLFSSL_STUB("wolfSSL_set_verify_depth");
wolfSSL 16:8e0d178b1d1e 38922 #else
wolfSSL 16:8e0d178b1d1e 38923 WOLFSSL_ENTER("wolfSSL_set_verify_depth");
wolfSSL 15:117db924cf7c 38924 ssl->options.verifyDepth = (byte)depth;
wolfSSL 16:8e0d178b1d1e 38925 #endif
wolfSSL 16:8e0d178b1d1e 38926 }
wolfSSL 16:8e0d178b1d1e 38927
wolfSSL 16:8e0d178b1d1e 38928
wolfSSL 15:117db924cf7c 38929 WOLFSSL_ASN1_OBJECT * wolfSSL_X509_NAME_ENTRY_get_object(WOLFSSL_X509_NAME_ENTRY *ne) {
wolfSSL 15:117db924cf7c 38930 WOLFSSL_ENTER("wolfSSL_X509_NAME_ENTRY_get_object");
wolfSSL 16:8e0d178b1d1e 38931 if (ne == NULL) return NULL;
wolfSSL 16:8e0d178b1d1e 38932 if (wolfSSL_OBJ_nid2obj_ex(ne->nid, &ne->object) != NULL) {
wolfSSL 16:8e0d178b1d1e 38933 ne->object.nid = ne->nid;
wolfSSL 16:8e0d178b1d1e 38934 return &ne->object;
wolfSSL 16:8e0d178b1d1e 38935 }
wolfSSL 16:8e0d178b1d1e 38936 return NULL;
wolfSSL 16:8e0d178b1d1e 38937 }
wolfSSL 16:8e0d178b1d1e 38938
wolfSSL 16:8e0d178b1d1e 38939
wolfSSL 16:8e0d178b1d1e 38940 /* looks up the DN given the location "loc". "loc" is the number indicating
wolfSSL 16:8e0d178b1d1e 38941 * the order that the DN was parsed as, 0 is first DN parsed.
wolfSSL 16:8e0d178b1d1e 38942 *
wolfSSL 16:8e0d178b1d1e 38943 * returns the setup WOLFSSL_X509_NAME pointer on success and NULL on fail
wolfSSL 16:8e0d178b1d1e 38944 */
wolfSSL 16:8e0d178b1d1e 38945 static WOLFSSL_X509_NAME* wolfSSL_nameByLoc(WOLFSSL_X509_NAME *name, int loc)
wolfSSL 16:8e0d178b1d1e 38946 {
wolfSSL 16:8e0d178b1d1e 38947 char* pt = NULL;
wolfSSL 16:8e0d178b1d1e 38948 int sz = 0;
wolfSSL 16:8e0d178b1d1e 38949
wolfSSL 16:8e0d178b1d1e 38950 switch (name->fullName.loc[loc])
wolfSSL 16:8e0d178b1d1e 38951 {
wolfSSL 16:8e0d178b1d1e 38952 case ASN_COMMON_NAME:
wolfSSL 16:8e0d178b1d1e 38953 sz = name->fullName.cnLen;
wolfSSL 16:8e0d178b1d1e 38954 pt = &name->fullName.fullName[name->fullName.cnIdx];
wolfSSL 16:8e0d178b1d1e 38955 name->cnEntry.nid = name->fullName.cnNid;
wolfSSL 16:8e0d178b1d1e 38956 break;
wolfSSL 16:8e0d178b1d1e 38957 case ASN_COUNTRY_NAME:
wolfSSL 16:8e0d178b1d1e 38958 sz = name->fullName.cLen;
wolfSSL 16:8e0d178b1d1e 38959 pt = &name->fullName.fullName[name->fullName.cIdx];
wolfSSL 16:8e0d178b1d1e 38960 name->cnEntry.nid = name->fullName.cNid;
wolfSSL 16:8e0d178b1d1e 38961 break;
wolfSSL 16:8e0d178b1d1e 38962 case ASN_LOCALITY_NAME:
wolfSSL 16:8e0d178b1d1e 38963 sz = name->fullName.lLen;
wolfSSL 16:8e0d178b1d1e 38964 pt = &name->fullName.fullName[name->fullName.lIdx];
wolfSSL 16:8e0d178b1d1e 38965 name->cnEntry.nid = name->fullName.lNid;
wolfSSL 16:8e0d178b1d1e 38966 break;
wolfSSL 16:8e0d178b1d1e 38967 case ASN_STATE_NAME:
wolfSSL 16:8e0d178b1d1e 38968 sz = name->fullName.stLen;
wolfSSL 16:8e0d178b1d1e 38969 pt = &name->fullName.fullName[name->fullName.stIdx];
wolfSSL 16:8e0d178b1d1e 38970 name->cnEntry.nid = name->fullName.stNid;
wolfSSL 16:8e0d178b1d1e 38971 break;
wolfSSL 16:8e0d178b1d1e 38972 case ASN_ORG_NAME:
wolfSSL 16:8e0d178b1d1e 38973 sz = name->fullName.oLen;
wolfSSL 16:8e0d178b1d1e 38974 pt = &name->fullName.fullName[name->fullName.oIdx];
wolfSSL 16:8e0d178b1d1e 38975 name->cnEntry.nid = name->fullName.oNid;
wolfSSL 16:8e0d178b1d1e 38976 break;
wolfSSL 16:8e0d178b1d1e 38977 case ASN_ORGUNIT_NAME:
wolfSSL 16:8e0d178b1d1e 38978 sz = name->fullName.ouLen;
wolfSSL 16:8e0d178b1d1e 38979 pt = &name->fullName.fullName[name->fullName.ouIdx];
wolfSSL 16:8e0d178b1d1e 38980 name->cnEntry.nid = name->fullName.ouNid;
wolfSSL 16:8e0d178b1d1e 38981 break;
wolfSSL 16:8e0d178b1d1e 38982 case ASN_EMAIL_NAME:
wolfSSL 16:8e0d178b1d1e 38983 sz = name->fullName.emailLen;
wolfSSL 16:8e0d178b1d1e 38984 pt = &name->fullName.fullName[name->fullName.emailIdx];
wolfSSL 16:8e0d178b1d1e 38985 name->cnEntry.nid = name->fullName.emailNid;
wolfSSL 16:8e0d178b1d1e 38986 break;
wolfSSL 16:8e0d178b1d1e 38987 case ASN_SUR_NAME:
wolfSSL 16:8e0d178b1d1e 38988 sz = name->fullName.snLen;
wolfSSL 16:8e0d178b1d1e 38989 pt = &name->fullName.fullName[name->fullName.snIdx];
wolfSSL 16:8e0d178b1d1e 38990 name->cnEntry.nid = name->fullName.snNid;
wolfSSL 16:8e0d178b1d1e 38991 break;
wolfSSL 16:8e0d178b1d1e 38992 case ASN_USER_ID:
wolfSSL 16:8e0d178b1d1e 38993 sz = name->fullName.uidLen;
wolfSSL 16:8e0d178b1d1e 38994 pt = &name->fullName.fullName[name->fullName.uidIdx];
wolfSSL 16:8e0d178b1d1e 38995 name->cnEntry.nid = name->fullName.uidNid;
wolfSSL 16:8e0d178b1d1e 38996 break;
wolfSSL 16:8e0d178b1d1e 38997 case ASN_SERIAL_NUMBER:
wolfSSL 16:8e0d178b1d1e 38998 sz = name->fullName.serialLen;
wolfSSL 16:8e0d178b1d1e 38999 pt = &name->fullName.fullName[name->fullName.serialIdx];
wolfSSL 16:8e0d178b1d1e 39000 name->cnEntry.nid = name->fullName.serialNid;
wolfSSL 16:8e0d178b1d1e 39001 break;
wolfSSL 16:8e0d178b1d1e 39002 #ifdef WOLFSSL_CERT_EXT
wolfSSL 16:8e0d178b1d1e 39003 case ASN_BUS_CAT:
wolfSSL 16:8e0d178b1d1e 39004 sz = name->fullName.bcLen;
wolfSSL 16:8e0d178b1d1e 39005 pt = &name->fullName.fullName[name->fullName.bcIdx];
wolfSSL 16:8e0d178b1d1e 39006 break;
wolfSSL 16:8e0d178b1d1e 39007 #endif
wolfSSL 16:8e0d178b1d1e 39008
wolfSSL 16:8e0d178b1d1e 39009 case ASN_DOMAIN_COMPONENT:
wolfSSL 16:8e0d178b1d1e 39010 /* get index of DC i.e. first or second or ... case */
wolfSSL 16:8e0d178b1d1e 39011 {
wolfSSL 16:8e0d178b1d1e 39012 int idx = 0, i;
wolfSSL 16:8e0d178b1d1e 39013 for (i = 0; i < loc; i++) {
wolfSSL 16:8e0d178b1d1e 39014 if (name->fullName.loc[i] == ASN_DOMAIN_COMPONENT) {
wolfSSL 16:8e0d178b1d1e 39015 idx++;
wolfSSL 16:8e0d178b1d1e 39016 }
wolfSSL 16:8e0d178b1d1e 39017 }
wolfSSL 16:8e0d178b1d1e 39018
wolfSSL 16:8e0d178b1d1e 39019 /* check that index is not larger than max buffer size or larger
wolfSSL 16:8e0d178b1d1e 39020 * than the number of domain components parsed */
wolfSSL 16:8e0d178b1d1e 39021 if (idx >= DOMAIN_COMPONENT_MAX || idx > name->fullName.dcNum) {
wolfSSL 16:8e0d178b1d1e 39022 WOLFSSL_MSG("Index was larger then domain buffer");
wolfSSL 16:8e0d178b1d1e 39023 return NULL;
wolfSSL 16:8e0d178b1d1e 39024 }
wolfSSL 16:8e0d178b1d1e 39025 pt = &name->fullName.fullName[name->fullName.dcIdx[idx]],
wolfSSL 16:8e0d178b1d1e 39026 sz = name->fullName.dcLen[idx];
wolfSSL 16:8e0d178b1d1e 39027 name->cnEntry.nid = ASN_DOMAIN_COMPONENT;
wolfSSL 16:8e0d178b1d1e 39028 name->cnEntry.data.type = CTC_UTF8;
wolfSSL 16:8e0d178b1d1e 39029 }
wolfSSL 16:8e0d178b1d1e 39030 break;
wolfSSL 16:8e0d178b1d1e 39031
wolfSSL 16:8e0d178b1d1e 39032 default:
wolfSSL 16:8e0d178b1d1e 39033 return NULL;
wolfSSL 16:8e0d178b1d1e 39034 }
wolfSSL 16:8e0d178b1d1e 39035
wolfSSL 16:8e0d178b1d1e 39036 /* -1 to leave room for trailing terminator 0 */
wolfSSL 16:8e0d178b1d1e 39037 if (sz == 0 || sz >= CTC_NAME_SIZE - 1)
wolfSSL 16:8e0d178b1d1e 39038 return NULL;
wolfSSL 16:8e0d178b1d1e 39039 if (wolfSSL_ASN1_STRING_set(name->cnEntry.value, pt, sz) !=
wolfSSL 16:8e0d178b1d1e 39040 WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 39041 WOLFSSL_MSG("Error setting local ASN1 string data");
wolfSSL 16:8e0d178b1d1e 39042 return NULL;
wolfSSL 16:8e0d178b1d1e 39043 }
wolfSSL 16:8e0d178b1d1e 39044 name->cnEntry.value->type = CTC_UTF8;
wolfSSL 16:8e0d178b1d1e 39045 name->cnEntry.set = 1;
wolfSSL 16:8e0d178b1d1e 39046 return name;
wolfSSL 16:8e0d178b1d1e 39047 }
wolfSSL 16:8e0d178b1d1e 39048
wolfSSL 15:117db924cf7c 39049
wolfSSL 15:117db924cf7c 39050 WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_get_entry(
wolfSSL 16:8e0d178b1d1e 39051 WOLFSSL_X509_NAME *name, int loc)
wolfSSL 16:8e0d178b1d1e 39052 {
wolfSSL 15:117db924cf7c 39053 WOLFSSL_ENTER("wolfSSL_X509_NAME_get_entry");
wolfSSL 15:117db924cf7c 39054
wolfSSL 16:8e0d178b1d1e 39055 if (name == NULL) {
wolfSSL 16:8e0d178b1d1e 39056 return NULL;
wolfSSL 16:8e0d178b1d1e 39057 }
wolfSSL 16:8e0d178b1d1e 39058
wolfSSL 16:8e0d178b1d1e 39059 if (loc < 0) {
wolfSSL 15:117db924cf7c 39060 WOLFSSL_MSG("Bad argument");
wolfSSL 15:117db924cf7c 39061 return NULL;
wolfSSL 15:117db924cf7c 39062 }
wolfSSL 15:117db924cf7c 39063
wolfSSL 16:8e0d178b1d1e 39064 if (loc <= DN_NAMES_MAX + name->fullName.dcNum) {
wolfSSL 16:8e0d178b1d1e 39065 if (wolfSSL_nameByLoc(name, loc) != NULL)
wolfSSL 16:8e0d178b1d1e 39066 return &name->cnEntry;
wolfSSL 16:8e0d178b1d1e 39067 }
wolfSSL 15:117db924cf7c 39068 /* DC component */
wolfSSL 16:8e0d178b1d1e 39069 if (name->fullName.dcMode) {
wolfSSL 15:117db924cf7c 39070 if (name->fullName.fullName != NULL){
wolfSSL 15:117db924cf7c 39071 if (loc == name->fullName.dcNum){
wolfSSL 16:8e0d178b1d1e 39072 name->cnEntry.data.data
wolfSSL 16:8e0d178b1d1e 39073 = &name->fullName.fullName[name->fullName.cIdx];
wolfSSL 15:117db924cf7c 39074 name->cnEntry.data.length = name->fullName.cLen;
wolfSSL 15:117db924cf7c 39075 name->cnEntry.nid = ASN_COUNTRY_NAME;
wolfSSL 15:117db924cf7c 39076 } else {
wolfSSL 16:8e0d178b1d1e 39077 name->cnEntry.data.data
wolfSSL 16:8e0d178b1d1e 39078 = &name->fullName.fullName[name->fullName.dcIdx[loc]];
wolfSSL 15:117db924cf7c 39079 name->cnEntry.data.length = name->fullName.dcLen[loc];
wolfSSL 15:117db924cf7c 39080 name->cnEntry.nid = ASN_DOMAIN_COMPONENT;
wolfSSL 15:117db924cf7c 39081 }
wolfSSL 15:117db924cf7c 39082 }
wolfSSL 15:117db924cf7c 39083 name->cnEntry.data.type = CTC_UTF8;
wolfSSL 16:8e0d178b1d1e 39084 /* common name index case */
wolfSSL 16:8e0d178b1d1e 39085 } else if (loc == name->fullName.cnIdx && name->x509 != NULL) {
wolfSSL 15:117db924cf7c 39086 /* get CN shortcut from x509 since it has null terminator */
wolfSSL 15:117db924cf7c 39087 name->cnEntry.data.data = name->x509->subjectCN;
wolfSSL 15:117db924cf7c 39088 name->cnEntry.data.length = name->fullName.cnLen;
wolfSSL 15:117db924cf7c 39089 name->cnEntry.data.type = CTC_UTF8;
wolfSSL 15:117db924cf7c 39090 name->cnEntry.nid = ASN_COMMON_NAME;
wolfSSL 15:117db924cf7c 39091 name->cnEntry.set = 1;
wolfSSL 16:8e0d178b1d1e 39092 } else {
wolfSSL 16:8e0d178b1d1e 39093 WOLFSSL_MSG("loc passed in is not in range of parsed DN's");
wolfSSL 16:8e0d178b1d1e 39094 return NULL;
wolfSSL 16:8e0d178b1d1e 39095 }
wolfSSL 16:8e0d178b1d1e 39096 return &name->cnEntry;
wolfSSL 15:117db924cf7c 39097 }
wolfSSL 15:117db924cf7c 39098
wolfSSL 15:117db924cf7c 39099 #ifndef NO_WOLFSSL_STUB
wolfSSL 16:8e0d178b1d1e 39100 int wolfSSL_X509_check_private_key(WOLFSSL_X509 *x509, WOLFSSL_EVP_PKEY *key)
wolfSSL 16:8e0d178b1d1e 39101 {
wolfSSL 15:117db924cf7c 39102 (void) x509;
wolfSSL 15:117db924cf7c 39103 (void) key;
wolfSSL 15:117db924cf7c 39104 WOLFSSL_ENTER("wolfSSL_X509_check_private_key");
wolfSSL 15:117db924cf7c 39105 WOLFSSL_STUB("X509_check_private_key");
wolfSSL 15:117db924cf7c 39106
wolfSSL 15:117db924cf7c 39107 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 39108 }
wolfSSL 15:117db924cf7c 39109
wolfSSL 16:8e0d178b1d1e 39110 WOLF_STACK_OF(WOLFSSL_X509_NAME) *wolfSSL_dup_CA_list(
wolfSSL 16:8e0d178b1d1e 39111 WOLF_STACK_OF(WOLFSSL_X509_NAME) *sk)
wolfSSL 16:8e0d178b1d1e 39112 {
wolfSSL 15:117db924cf7c 39113 (void) sk;
wolfSSL 15:117db924cf7c 39114 WOLFSSL_ENTER("wolfSSL_dup_CA_list");
wolfSSL 15:117db924cf7c 39115 WOLFSSL_STUB("SSL_dup_CA_list");
wolfSSL 15:117db924cf7c 39116
wolfSSL 15:117db924cf7c 39117 return NULL;
wolfSSL 15:117db924cf7c 39118 }
wolfSSL 16:8e0d178b1d1e 39119
wolfSSL 16:8e0d178b1d1e 39120 #endif
wolfSSL 16:8e0d178b1d1e 39121
wolfSSL 16:8e0d178b1d1e 39122 #endif /* OPENSSL_ALL || HAVE_LIGHTY || WOLFSSL_MYSQL_COMPATIBLE ||
wolfSSL 16:8e0d178b1d1e 39123 HAVE_STUNNEL || WOLFSSL_NGINX || HAVE_POCO_LIB || WOLFSSL_HAPROXY */
wolfSSL 15:117db924cf7c 39124 #endif /* OPENSSL_EXTRA */
wolfSSL 15:117db924cf7c 39125
wolfSSL 16:8e0d178b1d1e 39126 #ifndef WOLFCRYPT_ONLY
wolfSSL 16:8e0d178b1d1e 39127
wolfSSL 15:117db924cf7c 39128 #ifdef OPENSSL_EXTRA
wolfSSL 15:117db924cf7c 39129
wolfSSL 15:117db924cf7c 39130 /* wolfSSL uses negative values for error states. This function returns an
wolfSSL 15:117db924cf7c 39131 * unsigned type so the value returned is the absolute value of the error.
wolfSSL 15:117db924cf7c 39132 */
wolfSSL 15:117db924cf7c 39133 unsigned long wolfSSL_ERR_peek_last_error_line(const char **file, int *line)
wolfSSL 15:117db924cf7c 39134 {
wolfSSL 15:117db924cf7c 39135 WOLFSSL_ENTER("wolfSSL_ERR_peek_last_error");
wolfSSL 15:117db924cf7c 39136
wolfSSL 15:117db924cf7c 39137 (void)line;
wolfSSL 15:117db924cf7c 39138 (void)file;
wolfSSL 16:8e0d178b1d1e 39139 #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(DEBUG_WOLFSSL) || \
wolfSSL 16:8e0d178b1d1e 39140 defined(WOLFSSL_HAPROXY)
wolfSSL 15:117db924cf7c 39141 {
wolfSSL 15:117db924cf7c 39142 int ret;
wolfSSL 15:117db924cf7c 39143
wolfSSL 15:117db924cf7c 39144 if ((ret = wc_PeekErrorNode(-1, file, NULL, line)) < 0) {
wolfSSL 15:117db924cf7c 39145 WOLFSSL_MSG("Issue peeking at error node in queue");
wolfSSL 15:117db924cf7c 39146 return 0;
wolfSSL 15:117db924cf7c 39147 }
wolfSSL 15:117db924cf7c 39148 #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX)
wolfSSL 15:117db924cf7c 39149 if (ret == -ASN_NO_PEM_HEADER)
wolfSSL 15:117db924cf7c 39150 return (ERR_LIB_PEM << 24) | PEM_R_NO_START_LINE;
wolfSSL 15:117db924cf7c 39151 #endif
wolfSSL 15:117db924cf7c 39152 return (unsigned long)ret;
wolfSSL 15:117db924cf7c 39153 }
wolfSSL 15:117db924cf7c 39154 #else
wolfSSL 15:117db924cf7c 39155 return (unsigned long)(0 - NOT_COMPILED_IN);
wolfSSL 15:117db924cf7c 39156 #endif
wolfSSL 15:117db924cf7c 39157 }
wolfSSL 15:117db924cf7c 39158
wolfSSL 15:117db924cf7c 39159
wolfSSL 15:117db924cf7c 39160 #ifndef NO_CERTS
wolfSSL 15:117db924cf7c 39161 int wolfSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, WOLFSSL_EVP_PKEY *pkey)
wolfSSL 15:117db924cf7c 39162 {
wolfSSL 15:117db924cf7c 39163 WOLFSSL_ENTER("wolfSSL_CTX_use_PrivateKey");
wolfSSL 15:117db924cf7c 39164
wolfSSL 15:117db924cf7c 39165 if (ctx == NULL || pkey == NULL) {
wolfSSL 15:117db924cf7c 39166 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 39167 }
wolfSSL 15:117db924cf7c 39168
wolfSSL 15:117db924cf7c 39169 if (pkey->pkey.ptr != NULL) {
wolfSSL 15:117db924cf7c 39170 /* ptr for WOLFSSL_EVP_PKEY struct is expected to be DER format */
wolfSSL 15:117db924cf7c 39171 return wolfSSL_CTX_use_PrivateKey_buffer(ctx,
wolfSSL 15:117db924cf7c 39172 (const unsigned char*)pkey->pkey.ptr,
wolfSSL 15:117db924cf7c 39173 pkey->pkey_sz, SSL_FILETYPE_ASN1);
wolfSSL 15:117db924cf7c 39174 }
wolfSSL 15:117db924cf7c 39175
wolfSSL 15:117db924cf7c 39176 WOLFSSL_MSG("wolfSSL private key not set");
wolfSSL 15:117db924cf7c 39177 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 39178 }
wolfSSL 15:117db924cf7c 39179 #endif /* !NO_CERTS */
wolfSSL 15:117db924cf7c 39180
wolfSSL 15:117db924cf7c 39181
wolfSSL 16:8e0d178b1d1e 39182 #if defined(HAVE_EX_DATA) || defined(FORTRESS)
wolfSSL 15:117db924cf7c 39183 void* wolfSSL_CTX_get_ex_data(const WOLFSSL_CTX* ctx, int idx)
wolfSSL 15:117db924cf7c 39184 {
wolfSSL 15:117db924cf7c 39185 WOLFSSL_ENTER("wolfSSL_CTX_get_ex_data");
wolfSSL 15:117db924cf7c 39186 #ifdef HAVE_EX_DATA
wolfSSL 16:8e0d178b1d1e 39187 if(ctx != NULL) {
wolfSSL 16:8e0d178b1d1e 39188 return wolfSSL_CRYPTO_get_ex_data(&ctx->ex_data, idx);
wolfSSL 15:117db924cf7c 39189 }
wolfSSL 15:117db924cf7c 39190 #else
wolfSSL 15:117db924cf7c 39191 (void)ctx;
wolfSSL 15:117db924cf7c 39192 (void)idx;
wolfSSL 15:117db924cf7c 39193 #endif
wolfSSL 15:117db924cf7c 39194 return NULL;
wolfSSL 15:117db924cf7c 39195 }
wolfSSL 15:117db924cf7c 39196
wolfSSL 15:117db924cf7c 39197 int wolfSSL_CTX_get_ex_new_index(long idx, void* arg, void* a, void* b,
wolfSSL 15:117db924cf7c 39198 void* c)
wolfSSL 15:117db924cf7c 39199 {
wolfSSL 15:117db924cf7c 39200 static int ctx_idx = 0;
wolfSSL 15:117db924cf7c 39201
wolfSSL 15:117db924cf7c 39202 WOLFSSL_ENTER("wolfSSL_CTX_get_ex_new_index");
wolfSSL 15:117db924cf7c 39203 (void)idx;
wolfSSL 15:117db924cf7c 39204 (void)arg;
wolfSSL 15:117db924cf7c 39205 (void)a;
wolfSSL 15:117db924cf7c 39206 (void)b;
wolfSSL 15:117db924cf7c 39207 (void)c;
wolfSSL 15:117db924cf7c 39208
wolfSSL 15:117db924cf7c 39209 return ctx_idx++;
wolfSSL 15:117db924cf7c 39210 }
wolfSSL 15:117db924cf7c 39211
wolfSSL 15:117db924cf7c 39212 /* Return the index that can be used for the WOLFSSL structure to store
wolfSSL 15:117db924cf7c 39213 * application data.
wolfSSL 15:117db924cf7c 39214 *
wolfSSL 15:117db924cf7c 39215 */
wolfSSL 15:117db924cf7c 39216 int wolfSSL_get_ex_new_index(long argValue, void* arg,
wolfSSL 15:117db924cf7c 39217 WOLFSSL_CRYPTO_EX_new* cb1, WOLFSSL_CRYPTO_EX_dup* cb2,
wolfSSL 15:117db924cf7c 39218 WOLFSSL_CRYPTO_EX_free* cb3)
wolfSSL 15:117db924cf7c 39219 {
wolfSSL 15:117db924cf7c 39220 static int ssl_idx = 0;
wolfSSL 15:117db924cf7c 39221
wolfSSL 15:117db924cf7c 39222 WOLFSSL_ENTER("wolfSSL_get_ex_new_index");
wolfSSL 15:117db924cf7c 39223
wolfSSL 15:117db924cf7c 39224 (void)argValue;
wolfSSL 15:117db924cf7c 39225 (void)arg;
wolfSSL 15:117db924cf7c 39226 (void)cb1;
wolfSSL 15:117db924cf7c 39227 (void)cb2;
wolfSSL 15:117db924cf7c 39228 (void)cb3;
wolfSSL 15:117db924cf7c 39229
wolfSSL 15:117db924cf7c 39230 return ssl_idx++;
wolfSSL 15:117db924cf7c 39231 }
wolfSSL 15:117db924cf7c 39232
wolfSSL 15:117db924cf7c 39233
wolfSSL 15:117db924cf7c 39234 int wolfSSL_CTX_set_ex_data(WOLFSSL_CTX* ctx, int idx, void* data)
wolfSSL 15:117db924cf7c 39235 {
wolfSSL 15:117db924cf7c 39236 WOLFSSL_ENTER("wolfSSL_CTX_set_ex_data");
wolfSSL 15:117db924cf7c 39237 #ifdef HAVE_EX_DATA
wolfSSL 16:8e0d178b1d1e 39238 if (ctx != NULL)
wolfSSL 16:8e0d178b1d1e 39239 {
wolfSSL 16:8e0d178b1d1e 39240 return wolfSSL_CRYPTO_set_ex_data(&ctx->ex_data, idx, data);
wolfSSL 15:117db924cf7c 39241 }
wolfSSL 15:117db924cf7c 39242 #else
wolfSSL 15:117db924cf7c 39243 (void)ctx;
wolfSSL 15:117db924cf7c 39244 (void)idx;
wolfSSL 15:117db924cf7c 39245 (void)data;
wolfSSL 15:117db924cf7c 39246 #endif
wolfSSL 15:117db924cf7c 39247 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 39248 }
wolfSSL 16:8e0d178b1d1e 39249 #endif
wolfSSL 15:117db924cf7c 39250
wolfSSL 15:117db924cf7c 39251
wolfSSL 15:117db924cf7c 39252 /* Returns char* to app data stored in ex[0].
wolfSSL 15:117db924cf7c 39253 *
wolfSSL 15:117db924cf7c 39254 * ssl WOLFSSL structure to get app data from
wolfSSL 15:117db924cf7c 39255 */
wolfSSL 15:117db924cf7c 39256 void* wolfSSL_get_app_data(const WOLFSSL *ssl)
wolfSSL 15:117db924cf7c 39257 {
wolfSSL 15:117db924cf7c 39258 /* checkout exdata stuff... */
wolfSSL 15:117db924cf7c 39259 WOLFSSL_ENTER("wolfSSL_get_app_data");
wolfSSL 15:117db924cf7c 39260
wolfSSL 15:117db924cf7c 39261 return wolfSSL_get_ex_data(ssl, 0);
wolfSSL 15:117db924cf7c 39262 }
wolfSSL 15:117db924cf7c 39263
wolfSSL 15:117db924cf7c 39264
wolfSSL 15:117db924cf7c 39265 /* Set ex array 0 to have app data
wolfSSL 15:117db924cf7c 39266 *
wolfSSL 15:117db924cf7c 39267 * ssl WOLFSSL struct to set app data in
wolfSSL 15:117db924cf7c 39268 * arg data to be stored
wolfSSL 15:117db924cf7c 39269 *
wolfSSL 16:8e0d178b1d1e 39270 * Returns SSL_SUCCESS on success and SSL_FAILURE on failure
wolfSSL 15:117db924cf7c 39271 */
wolfSSL 15:117db924cf7c 39272 int wolfSSL_set_app_data(WOLFSSL *ssl, void* arg) {
wolfSSL 15:117db924cf7c 39273 WOLFSSL_ENTER("wolfSSL_set_app_data");
wolfSSL 15:117db924cf7c 39274
wolfSSL 15:117db924cf7c 39275 return wolfSSL_set_ex_data(ssl, 0, arg);
wolfSSL 15:117db924cf7c 39276 }
wolfSSL 15:117db924cf7c 39277
wolfSSL 15:117db924cf7c 39278
wolfSSL 15:117db924cf7c 39279 int wolfSSL_set_ex_data(WOLFSSL* ssl, int idx, void* data)
wolfSSL 15:117db924cf7c 39280 {
wolfSSL 15:117db924cf7c 39281 WOLFSSL_ENTER("wolfSSL_set_ex_data");
wolfSSL 15:117db924cf7c 39282 #if defined(HAVE_EX_DATA) || defined(FORTRESS)
wolfSSL 16:8e0d178b1d1e 39283 if (ssl != NULL)
wolfSSL 16:8e0d178b1d1e 39284 {
wolfSSL 16:8e0d178b1d1e 39285 return wolfSSL_CRYPTO_set_ex_data(&ssl->ex_data, idx, data);
wolfSSL 15:117db924cf7c 39286 }
wolfSSL 15:117db924cf7c 39287 #else
wolfSSL 15:117db924cf7c 39288 WOLFSSL_MSG("HAVE_EX_DATA macro is not defined");
wolfSSL 15:117db924cf7c 39289 (void)ssl;
wolfSSL 15:117db924cf7c 39290 (void)idx;
wolfSSL 15:117db924cf7c 39291 (void)data;
wolfSSL 15:117db924cf7c 39292 #endif
wolfSSL 15:117db924cf7c 39293 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 39294 }
wolfSSL 15:117db924cf7c 39295
wolfSSL 15:117db924cf7c 39296
wolfSSL 15:117db924cf7c 39297
wolfSSL 15:117db924cf7c 39298 void* wolfSSL_get_ex_data(const WOLFSSL* ssl, int idx)
wolfSSL 15:117db924cf7c 39299 {
wolfSSL 15:117db924cf7c 39300 WOLFSSL_ENTER("wolfSSL_get_ex_data");
wolfSSL 15:117db924cf7c 39301 #if defined(HAVE_EX_DATA) || defined(FORTRESS)
wolfSSL 16:8e0d178b1d1e 39302 if (ssl != NULL) {
wolfSSL 16:8e0d178b1d1e 39303 return wolfSSL_CRYPTO_get_ex_data(&ssl->ex_data, idx);
wolfSSL 16:8e0d178b1d1e 39304 }
wolfSSL 15:117db924cf7c 39305 #else
wolfSSL 15:117db924cf7c 39306 WOLFSSL_MSG("HAVE_EX_DATA macro is not defined");
wolfSSL 15:117db924cf7c 39307 (void)ssl;
wolfSSL 15:117db924cf7c 39308 (void)idx;
wolfSSL 15:117db924cf7c 39309 #endif
wolfSSL 15:117db924cf7c 39310 return 0;
wolfSSL 15:117db924cf7c 39311 }
wolfSSL 15:117db924cf7c 39312
wolfSSL 15:117db924cf7c 39313 #ifndef NO_DSA
wolfSSL 15:117db924cf7c 39314 WOLFSSL_DSA *wolfSSL_PEM_read_bio_DSAparams(WOLFSSL_BIO *bp, WOLFSSL_DSA **x,
wolfSSL 15:117db924cf7c 39315 pem_password_cb *cb, void *u)
wolfSSL 15:117db924cf7c 39316 {
wolfSSL 15:117db924cf7c 39317 WOLFSSL_DSA* dsa;
wolfSSL 15:117db924cf7c 39318 DsaKey* key;
wolfSSL 15:117db924cf7c 39319 int length;
wolfSSL 15:117db924cf7c 39320 unsigned char* buf;
wolfSSL 15:117db924cf7c 39321 word32 bufSz;
wolfSSL 15:117db924cf7c 39322 int ret;
wolfSSL 15:117db924cf7c 39323 word32 idx = 0;
wolfSSL 15:117db924cf7c 39324 DerBuffer* pDer;
wolfSSL 15:117db924cf7c 39325
wolfSSL 15:117db924cf7c 39326 WOLFSSL_ENTER("wolfSSL_PEM_read_bio_DSAparams");
wolfSSL 15:117db924cf7c 39327
wolfSSL 15:117db924cf7c 39328 ret = wolfSSL_BIO_get_mem_data(bp, &buf);
wolfSSL 15:117db924cf7c 39329 if (ret <= 0) {
wolfSSL 15:117db924cf7c 39330 WOLFSSL_LEAVE("wolfSSL_PEM_read_bio_DSAparams", ret);
wolfSSL 15:117db924cf7c 39331 return NULL;
wolfSSL 15:117db924cf7c 39332 }
wolfSSL 15:117db924cf7c 39333
wolfSSL 15:117db924cf7c 39334 bufSz = (word32)ret;
wolfSSL 15:117db924cf7c 39335
wolfSSL 15:117db924cf7c 39336 if (cb != NULL || u != NULL) {
wolfSSL 15:117db924cf7c 39337 /*
wolfSSL 15:117db924cf7c 39338 * cb is for a call back when encountering encrypted PEM files
wolfSSL 15:117db924cf7c 39339 * if cb == NULL and u != NULL then u = null terminated password string
wolfSSL 15:117db924cf7c 39340 */
wolfSSL 15:117db924cf7c 39341 WOLFSSL_MSG("Not yet supporting call back or password for encrypted PEM");
wolfSSL 15:117db924cf7c 39342 }
wolfSSL 15:117db924cf7c 39343
wolfSSL 15:117db924cf7c 39344 if ((ret = PemToDer(buf, (long)bufSz, DSA_PARAM_TYPE, &pDer, NULL, NULL,
wolfSSL 15:117db924cf7c 39345 NULL)) < 0 ) {
wolfSSL 15:117db924cf7c 39346 WOLFSSL_MSG("Issue converting from PEM to DER");
wolfSSL 15:117db924cf7c 39347 return NULL;
wolfSSL 15:117db924cf7c 39348 }
wolfSSL 15:117db924cf7c 39349
wolfSSL 15:117db924cf7c 39350 if ((ret = GetSequence(pDer->buffer, &idx, &length, pDer->length)) < 0) {
wolfSSL 15:117db924cf7c 39351 WOLFSSL_LEAVE("wolfSSL_PEM_read_bio_DSAparams", ret);
wolfSSL 15:117db924cf7c 39352 FreeDer(&pDer);
wolfSSL 15:117db924cf7c 39353 return NULL;
wolfSSL 15:117db924cf7c 39354 }
wolfSSL 15:117db924cf7c 39355
wolfSSL 15:117db924cf7c 39356 dsa = wolfSSL_DSA_new();
wolfSSL 15:117db924cf7c 39357 if (dsa == NULL) {
wolfSSL 15:117db924cf7c 39358 FreeDer(&pDer);
wolfSSL 15:117db924cf7c 39359 WOLFSSL_MSG("Error creating DSA struct");
wolfSSL 15:117db924cf7c 39360 return NULL;
wolfSSL 15:117db924cf7c 39361 }
wolfSSL 15:117db924cf7c 39362
wolfSSL 15:117db924cf7c 39363 key = (DsaKey*)dsa->internal;
wolfSSL 15:117db924cf7c 39364 if (key == NULL) {
wolfSSL 15:117db924cf7c 39365 FreeDer(&pDer);
wolfSSL 15:117db924cf7c 39366 wolfSSL_DSA_free(dsa);
wolfSSL 15:117db924cf7c 39367 WOLFSSL_MSG("Error finding DSA key struct");
wolfSSL 15:117db924cf7c 39368 return NULL;
wolfSSL 15:117db924cf7c 39369 }
wolfSSL 15:117db924cf7c 39370
wolfSSL 15:117db924cf7c 39371 if (GetInt(&key->p, pDer->buffer, &idx, pDer->length) < 0 ||
wolfSSL 15:117db924cf7c 39372 GetInt(&key->q, pDer->buffer, &idx, pDer->length) < 0 ||
wolfSSL 15:117db924cf7c 39373 GetInt(&key->g, pDer->buffer, &idx, pDer->length) < 0 ) {
wolfSSL 15:117db924cf7c 39374 WOLFSSL_MSG("dsa key error");
wolfSSL 15:117db924cf7c 39375 FreeDer(&pDer);
wolfSSL 15:117db924cf7c 39376 wolfSSL_DSA_free(dsa);
wolfSSL 15:117db924cf7c 39377 return NULL;
wolfSSL 15:117db924cf7c 39378 }
wolfSSL 15:117db924cf7c 39379
wolfSSL 15:117db924cf7c 39380 if (SetIndividualExternal(&dsa->p, &key->p) != WOLFSSL_SUCCESS) {
wolfSSL 15:117db924cf7c 39381 WOLFSSL_MSG("dsa p key error");
wolfSSL 15:117db924cf7c 39382 FreeDer(&pDer);
wolfSSL 15:117db924cf7c 39383 wolfSSL_DSA_free(dsa);
wolfSSL 15:117db924cf7c 39384 return NULL;
wolfSSL 15:117db924cf7c 39385 }
wolfSSL 15:117db924cf7c 39386
wolfSSL 15:117db924cf7c 39387 if (SetIndividualExternal(&dsa->q, &key->q) != WOLFSSL_SUCCESS) {
wolfSSL 15:117db924cf7c 39388 WOLFSSL_MSG("dsa q key error");
wolfSSL 15:117db924cf7c 39389 FreeDer(&pDer);
wolfSSL 15:117db924cf7c 39390 wolfSSL_DSA_free(dsa);
wolfSSL 15:117db924cf7c 39391 return NULL;
wolfSSL 15:117db924cf7c 39392 }
wolfSSL 15:117db924cf7c 39393
wolfSSL 15:117db924cf7c 39394 if (SetIndividualExternal(&dsa->g, &key->g) != WOLFSSL_SUCCESS) {
wolfSSL 15:117db924cf7c 39395 WOLFSSL_MSG("dsa g key error");
wolfSSL 15:117db924cf7c 39396 FreeDer(&pDer);
wolfSSL 15:117db924cf7c 39397 wolfSSL_DSA_free(dsa);
wolfSSL 15:117db924cf7c 39398 return NULL;
wolfSSL 15:117db924cf7c 39399 }
wolfSSL 15:117db924cf7c 39400
wolfSSL 15:117db924cf7c 39401 if (x != NULL) {
wolfSSL 15:117db924cf7c 39402 *x = dsa;
wolfSSL 15:117db924cf7c 39403 }
wolfSSL 15:117db924cf7c 39404
wolfSSL 15:117db924cf7c 39405 FreeDer(&pDer);
wolfSSL 15:117db924cf7c 39406 return dsa;
wolfSSL 15:117db924cf7c 39407 }
wolfSSL 15:117db924cf7c 39408 #endif /* NO_DSA */
wolfSSL 16:8e0d178b1d1e 39409 #endif /* OPENSSL_EXTRA */
wolfSSL 16:8e0d178b1d1e 39410 #endif /* WOLFCRYPT_ONLY */
wolfSSL 16:8e0d178b1d1e 39411
wolfSSL 16:8e0d178b1d1e 39412 #if defined(OPENSSL_EXTRA)
wolfSSL 15:117db924cf7c 39413
wolfSSL 15:117db924cf7c 39414 /* Begin functions for openssl/buffer.h */
wolfSSL 15:117db924cf7c 39415 WOLFSSL_BUF_MEM* wolfSSL_BUF_MEM_new(void)
wolfSSL 15:117db924cf7c 39416 {
wolfSSL 15:117db924cf7c 39417 WOLFSSL_BUF_MEM* buf;
wolfSSL 15:117db924cf7c 39418 buf = (WOLFSSL_BUF_MEM*)XMALLOC(sizeof(WOLFSSL_BUF_MEM), NULL,
wolfSSL 15:117db924cf7c 39419 DYNAMIC_TYPE_OPENSSL);
wolfSSL 15:117db924cf7c 39420 if (buf) {
wolfSSL 15:117db924cf7c 39421 XMEMSET(buf, 0, sizeof(WOLFSSL_BUF_MEM));
wolfSSL 15:117db924cf7c 39422 }
wolfSSL 15:117db924cf7c 39423 return buf;
wolfSSL 15:117db924cf7c 39424 }
wolfSSL 15:117db924cf7c 39425
wolfSSL 15:117db924cf7c 39426
wolfSSL 15:117db924cf7c 39427 /* returns length of buffer on success */
wolfSSL 15:117db924cf7c 39428 int wolfSSL_BUF_MEM_grow(WOLFSSL_BUF_MEM* buf, size_t len)
wolfSSL 15:117db924cf7c 39429 {
wolfSSL 15:117db924cf7c 39430 int len_int = (int)len;
wolfSSL 15:117db924cf7c 39431 int mx;
wolfSSL 15:117db924cf7c 39432
wolfSSL 15:117db924cf7c 39433 /* verify provided arguments */
wolfSSL 15:117db924cf7c 39434 if (buf == NULL || len_int < 0) {
wolfSSL 15:117db924cf7c 39435 return 0; /* BAD_FUNC_ARG; */
wolfSSL 15:117db924cf7c 39436 }
wolfSSL 15:117db924cf7c 39437
wolfSSL 15:117db924cf7c 39438 /* check to see if fits in existing length */
wolfSSL 15:117db924cf7c 39439 if (buf->length > len) {
wolfSSL 15:117db924cf7c 39440 buf->length = len;
wolfSSL 15:117db924cf7c 39441 return len_int;
wolfSSL 15:117db924cf7c 39442 }
wolfSSL 15:117db924cf7c 39443
wolfSSL 15:117db924cf7c 39444 /* check to see if fits in max buffer */
wolfSSL 15:117db924cf7c 39445 if (buf->max >= len) {
wolfSSL 15:117db924cf7c 39446 if (buf->data != NULL) {
wolfSSL 15:117db924cf7c 39447 XMEMSET(&buf->data[buf->length], 0, len - buf->length);
wolfSSL 15:117db924cf7c 39448 }
wolfSSL 15:117db924cf7c 39449 buf->length = len;
wolfSSL 15:117db924cf7c 39450 return len_int;
wolfSSL 15:117db924cf7c 39451 }
wolfSSL 15:117db924cf7c 39452
wolfSSL 15:117db924cf7c 39453 /* expand size, to handle growth */
wolfSSL 15:117db924cf7c 39454 mx = (len_int + 3) / 3 * 4;
wolfSSL 15:117db924cf7c 39455
wolfSSL 15:117db924cf7c 39456 /* use realloc */
wolfSSL 15:117db924cf7c 39457 buf->data = (char*)XREALLOC(buf->data, mx, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 39458 if (buf->data == NULL) {
wolfSSL 15:117db924cf7c 39459 return 0; /* ERR_R_MALLOC_FAILURE; */
wolfSSL 15:117db924cf7c 39460 }
wolfSSL 15:117db924cf7c 39461
wolfSSL 15:117db924cf7c 39462 buf->max = mx;
wolfSSL 15:117db924cf7c 39463 XMEMSET(&buf->data[buf->length], 0, len - buf->length);
wolfSSL 15:117db924cf7c 39464 buf->length = len;
wolfSSL 15:117db924cf7c 39465
wolfSSL 15:117db924cf7c 39466 return len_int;
wolfSSL 15:117db924cf7c 39467 }
wolfSSL 15:117db924cf7c 39468
wolfSSL 15:117db924cf7c 39469 void wolfSSL_BUF_MEM_free(WOLFSSL_BUF_MEM* buf)
wolfSSL 15:117db924cf7c 39470 {
wolfSSL 15:117db924cf7c 39471 if (buf) {
wolfSSL 15:117db924cf7c 39472 if (buf->data) {
wolfSSL 15:117db924cf7c 39473 XFREE(buf->data, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 39474 buf->data = NULL;
wolfSSL 15:117db924cf7c 39475 }
wolfSSL 15:117db924cf7c 39476 buf->max = 0;
wolfSSL 15:117db924cf7c 39477 buf->length = 0;
wolfSSL 15:117db924cf7c 39478 XFREE(buf, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL 15:117db924cf7c 39479 }
wolfSSL 15:117db924cf7c 39480 }
wolfSSL 15:117db924cf7c 39481 /* End Functions for openssl/buffer.h */
wolfSSL 15:117db924cf7c 39482
wolfSSL 15:117db924cf7c 39483 #endif /* OPENSSL_EXTRA */
wolfSSL 15:117db924cf7c 39484
wolfSSL 15:117db924cf7c 39485
wolfSSL 15:117db924cf7c 39486 #if defined(HAVE_LIGHTY) || defined(HAVE_STUNNEL) \
wolfSSL 15:117db924cf7c 39487 || defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(OPENSSL_EXTRA)
wolfSSL 15:117db924cf7c 39488
wolfSSL 15:117db924cf7c 39489 WOLFSSL_BIO *wolfSSL_BIO_new_file(const char *filename, const char *mode)
wolfSSL 15:117db924cf7c 39490 {
wolfSSL 15:117db924cf7c 39491 #ifndef NO_FILESYSTEM
wolfSSL 15:117db924cf7c 39492 WOLFSSL_BIO* bio;
wolfSSL 15:117db924cf7c 39493 XFILE fp;
wolfSSL 15:117db924cf7c 39494
wolfSSL 15:117db924cf7c 39495 WOLFSSL_ENTER("wolfSSL_BIO_new_file");
wolfSSL 15:117db924cf7c 39496
wolfSSL 15:117db924cf7c 39497 fp = XFOPEN(filename, mode);
wolfSSL 16:8e0d178b1d1e 39498 if (fp == XBADFILE)
wolfSSL 15:117db924cf7c 39499 return NULL;
wolfSSL 15:117db924cf7c 39500
wolfSSL 15:117db924cf7c 39501 bio = wolfSSL_BIO_new(wolfSSL_BIO_s_file());
wolfSSL 15:117db924cf7c 39502 if (bio == NULL) {
wolfSSL 15:117db924cf7c 39503 XFCLOSE(fp);
wolfSSL 15:117db924cf7c 39504 return bio;
wolfSSL 15:117db924cf7c 39505 }
wolfSSL 15:117db924cf7c 39506
wolfSSL 15:117db924cf7c 39507 if (wolfSSL_BIO_set_fp(bio, fp, BIO_CLOSE) != WOLFSSL_SUCCESS) {
wolfSSL 15:117db924cf7c 39508 XFCLOSE(fp);
wolfSSL 15:117db924cf7c 39509 wolfSSL_BIO_free(bio);
wolfSSL 15:117db924cf7c 39510 bio = NULL;
wolfSSL 15:117db924cf7c 39511 }
wolfSSL 15:117db924cf7c 39512
wolfSSL 15:117db924cf7c 39513 /* file is closed when BIO is free'd */
wolfSSL 15:117db924cf7c 39514 return bio;
wolfSSL 15:117db924cf7c 39515 #else
wolfSSL 15:117db924cf7c 39516 (void)filename;
wolfSSL 15:117db924cf7c 39517 (void)mode;
wolfSSL 15:117db924cf7c 39518 return NULL;
wolfSSL 15:117db924cf7c 39519 #endif /* NO_FILESYSTEM */
wolfSSL 15:117db924cf7c 39520 }
wolfSSL 15:117db924cf7c 39521
wolfSSL 16:8e0d178b1d1e 39522 #ifndef NO_FILESYSTEM
wolfSSL 16:8e0d178b1d1e 39523 WOLFSSL_BIO* wolfSSL_BIO_new_fp(XFILE fp, int close_flag)
wolfSSL 16:8e0d178b1d1e 39524 {
wolfSSL 16:8e0d178b1d1e 39525 WOLFSSL_BIO* bio;
wolfSSL 16:8e0d178b1d1e 39526
wolfSSL 16:8e0d178b1d1e 39527 WOLFSSL_ENTER("wolfSSL_BIO_new_fp");
wolfSSL 16:8e0d178b1d1e 39528
wolfSSL 16:8e0d178b1d1e 39529 bio = wolfSSL_BIO_new(wolfSSL_BIO_s_file());
wolfSSL 16:8e0d178b1d1e 39530 if (bio == NULL) {
wolfSSL 16:8e0d178b1d1e 39531 return bio;
wolfSSL 16:8e0d178b1d1e 39532 }
wolfSSL 16:8e0d178b1d1e 39533
wolfSSL 16:8e0d178b1d1e 39534 if (wolfSSL_BIO_set_fp(bio, fp, close_flag) != WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 39535 wolfSSL_BIO_free(bio);
wolfSSL 16:8e0d178b1d1e 39536 bio = NULL;
wolfSSL 16:8e0d178b1d1e 39537 }
wolfSSL 16:8e0d178b1d1e 39538
wolfSSL 16:8e0d178b1d1e 39539 /* file is closed when BIO is free'd or by user depending on flag */
wolfSSL 16:8e0d178b1d1e 39540 return bio;
wolfSSL 16:8e0d178b1d1e 39541 }
wolfSSL 16:8e0d178b1d1e 39542 #endif
wolfSSL 16:8e0d178b1d1e 39543
wolfSSL 15:117db924cf7c 39544
wolfSSL 15:117db924cf7c 39545 #ifndef NO_DH
wolfSSL 15:117db924cf7c 39546 WOLFSSL_DH *wolfSSL_PEM_read_bio_DHparams(WOLFSSL_BIO *bio, WOLFSSL_DH **x,
wolfSSL 15:117db924cf7c 39547 pem_password_cb *cb, void *u)
wolfSSL 15:117db924cf7c 39548 {
wolfSSL 15:117db924cf7c 39549 #ifndef NO_FILESYSTEM
wolfSSL 15:117db924cf7c 39550 WOLFSSL_DH* localDh = NULL;
wolfSSL 15:117db924cf7c 39551 unsigned char* mem = NULL;
wolfSSL 15:117db924cf7c 39552 word32 size;
wolfSSL 15:117db924cf7c 39553 long sz;
wolfSSL 15:117db924cf7c 39554 int ret;
wolfSSL 15:117db924cf7c 39555 DerBuffer *der = NULL;
wolfSSL 15:117db924cf7c 39556 byte* p = NULL;
wolfSSL 15:117db924cf7c 39557 byte* g = NULL;
wolfSSL 15:117db924cf7c 39558 word32 pSz = MAX_DH_SIZE;
wolfSSL 15:117db924cf7c 39559 word32 gSz = MAX_DH_SIZE;
wolfSSL 15:117db924cf7c 39560 int memAlloced = 0;
wolfSSL 15:117db924cf7c 39561
wolfSSL 15:117db924cf7c 39562 WOLFSSL_ENTER("wolfSSL_PEM_read_bio_DHparams");
wolfSSL 15:117db924cf7c 39563 (void)cb;
wolfSSL 15:117db924cf7c 39564 (void)u;
wolfSSL 15:117db924cf7c 39565
wolfSSL 15:117db924cf7c 39566 if (bio == NULL) {
wolfSSL 15:117db924cf7c 39567 WOLFSSL_MSG("Bad Function Argument bio is NULL");
wolfSSL 15:117db924cf7c 39568 return NULL;
wolfSSL 15:117db924cf7c 39569 }
wolfSSL 15:117db924cf7c 39570
wolfSSL 15:117db924cf7c 39571 if (bio->type == WOLFSSL_BIO_MEMORY) {
wolfSSL 15:117db924cf7c 39572 /* Use the buffer directly. */
wolfSSL 15:117db924cf7c 39573 ret = wolfSSL_BIO_get_mem_data(bio, &mem);
wolfSSL 15:117db924cf7c 39574 if (mem == NULL || ret <= 0) {
wolfSSL 15:117db924cf7c 39575 WOLFSSL_MSG("Failed to get data from bio struct");
wolfSSL 15:117db924cf7c 39576 goto end;
wolfSSL 15:117db924cf7c 39577 }
wolfSSL 15:117db924cf7c 39578 size = ret;
wolfSSL 15:117db924cf7c 39579 }
wolfSSL 15:117db924cf7c 39580 else if (bio->type == WOLFSSL_BIO_FILE) {
wolfSSL 15:117db924cf7c 39581 /* Read whole file into a new buffer. */
wolfSSL 16:8e0d178b1d1e 39582 if (XFSEEK((XFILE)bio->ptr, 0, SEEK_END) != 0)
wolfSSL 16:8e0d178b1d1e 39583 goto end;
wolfSSL 16:8e0d178b1d1e 39584 sz = XFTELL((XFILE)bio->ptr);
wolfSSL 16:8e0d178b1d1e 39585 if (XFSEEK((XFILE)bio->ptr, 0, SEEK_SET) != 0)
wolfSSL 15:117db924cf7c 39586 goto end;
wolfSSL 16:8e0d178b1d1e 39587 if (sz > MAX_WOLFSSL_FILE_SIZE || sz <= 0L) {
wolfSSL 16:8e0d178b1d1e 39588 WOLFSSL_MSG("PEM_read_bio_DHparams file size error");
wolfSSL 16:8e0d178b1d1e 39589 goto end;
wolfSSL 16:8e0d178b1d1e 39590 }
wolfSSL 15:117db924cf7c 39591 mem = (unsigned char*)XMALLOC(sz, NULL, DYNAMIC_TYPE_PEM);
wolfSSL 15:117db924cf7c 39592 if (mem == NULL)
wolfSSL 15:117db924cf7c 39593 goto end;
wolfSSL 15:117db924cf7c 39594 memAlloced = 1;
wolfSSL 15:117db924cf7c 39595
wolfSSL 15:117db924cf7c 39596 if (wolfSSL_BIO_read(bio, (char *)mem, (int)sz) <= 0)
wolfSSL 15:117db924cf7c 39597 goto end;
wolfSSL 15:117db924cf7c 39598 size = (word32)sz;
wolfSSL 15:117db924cf7c 39599 }
wolfSSL 15:117db924cf7c 39600 else {
wolfSSL 15:117db924cf7c 39601 WOLFSSL_MSG("BIO type not supported for reading DH parameters");
wolfSSL 15:117db924cf7c 39602 goto end;
wolfSSL 15:117db924cf7c 39603 }
wolfSSL 15:117db924cf7c 39604
wolfSSL 15:117db924cf7c 39605 ret = PemToDer(mem, size, DH_PARAM_TYPE, &der, NULL, NULL, NULL);
wolfSSL 15:117db924cf7c 39606 if (ret != 0)
wolfSSL 15:117db924cf7c 39607 goto end;
wolfSSL 15:117db924cf7c 39608
wolfSSL 15:117db924cf7c 39609 /* Use the object passed in, otherwise allocate a new object */
wolfSSL 15:117db924cf7c 39610 if (x != NULL)
wolfSSL 15:117db924cf7c 39611 localDh = *x;
wolfSSL 15:117db924cf7c 39612 if (localDh == NULL) {
wolfSSL 16:8e0d178b1d1e 39613 localDh = wolfSSL_DH_new();
wolfSSL 15:117db924cf7c 39614 if (localDh == NULL)
wolfSSL 15:117db924cf7c 39615 goto end;
wolfSSL 15:117db924cf7c 39616 }
wolfSSL 15:117db924cf7c 39617
wolfSSL 15:117db924cf7c 39618 /* Load data in manually */
wolfSSL 15:117db924cf7c 39619 p = (byte*)XMALLOC(pSz, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 15:117db924cf7c 39620 g = (byte*)XMALLOC(gSz, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 15:117db924cf7c 39621 if (p == NULL || g == NULL)
wolfSSL 15:117db924cf7c 39622 goto end;
wolfSSL 15:117db924cf7c 39623
wolfSSL 15:117db924cf7c 39624 /* Extract the p and g as data from the DER encoded DH parameters. */
wolfSSL 15:117db924cf7c 39625 ret = wc_DhParamsLoad(der->buffer, der->length, p, &pSz, g, &gSz);
wolfSSL 15:117db924cf7c 39626 if (ret != 0) {
wolfSSL 15:117db924cf7c 39627 if (x != NULL && localDh != *x)
wolfSSL 15:117db924cf7c 39628 XFREE(localDh, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL 15:117db924cf7c 39629 localDh = NULL;
wolfSSL 15:117db924cf7c 39630 goto end;
wolfSSL 15:117db924cf7c 39631 }
wolfSSL 15:117db924cf7c 39632
wolfSSL 15:117db924cf7c 39633 if (x != NULL)
wolfSSL 15:117db924cf7c 39634 *x = localDh;
wolfSSL 15:117db924cf7c 39635
wolfSSL 15:117db924cf7c 39636 /* Put p and g in as big numbers. */
wolfSSL 15:117db924cf7c 39637 if (localDh->p != NULL) {
wolfSSL 15:117db924cf7c 39638 wolfSSL_BN_free(localDh->p);
wolfSSL 15:117db924cf7c 39639 localDh->p = NULL;
wolfSSL 15:117db924cf7c 39640 }
wolfSSL 15:117db924cf7c 39641 if (localDh->g != NULL) {
wolfSSL 15:117db924cf7c 39642 wolfSSL_BN_free(localDh->g);
wolfSSL 15:117db924cf7c 39643 localDh->g = NULL;
wolfSSL 15:117db924cf7c 39644 }
wolfSSL 15:117db924cf7c 39645 localDh->p = wolfSSL_BN_bin2bn(p, pSz, NULL);
wolfSSL 15:117db924cf7c 39646 localDh->g = wolfSSL_BN_bin2bn(g, gSz, NULL);
wolfSSL 15:117db924cf7c 39647 if (localDh->p == NULL || localDh->g == NULL) {
wolfSSL 15:117db924cf7c 39648 if (x != NULL && localDh != *x)
wolfSSL 15:117db924cf7c 39649 wolfSSL_DH_free(localDh);
wolfSSL 15:117db924cf7c 39650 localDh = NULL;
wolfSSL 15:117db924cf7c 39651 }
wolfSSL 15:117db924cf7c 39652
wolfSSL 16:8e0d178b1d1e 39653 if (localDh != NULL && localDh->inSet == 0) {
wolfSSL 16:8e0d178b1d1e 39654 if (SetDhInternal(localDh) != WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 39655 WOLFSSL_MSG("Unable to set internal DH structure");
wolfSSL 16:8e0d178b1d1e 39656 wolfSSL_DH_free(localDh);
wolfSSL 16:8e0d178b1d1e 39657 localDh = NULL;
wolfSSL 16:8e0d178b1d1e 39658 }
wolfSSL 16:8e0d178b1d1e 39659 }
wolfSSL 16:8e0d178b1d1e 39660
wolfSSL 15:117db924cf7c 39661 end:
wolfSSL 15:117db924cf7c 39662 if (memAlloced) XFREE(mem, NULL, DYNAMIC_TYPE_PEM);
wolfSSL 15:117db924cf7c 39663 if (der != NULL) FreeDer(&der);
wolfSSL 15:117db924cf7c 39664 XFREE(p, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 15:117db924cf7c 39665 XFREE(g, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 15:117db924cf7c 39666 return localDh;
wolfSSL 15:117db924cf7c 39667 #else
wolfSSL 15:117db924cf7c 39668 (void)bio;
wolfSSL 15:117db924cf7c 39669 (void)x;
wolfSSL 15:117db924cf7c 39670 (void)cb;
wolfSSL 15:117db924cf7c 39671 (void)u;
wolfSSL 15:117db924cf7c 39672 return NULL;
wolfSSL 15:117db924cf7c 39673 #endif
wolfSSL 15:117db924cf7c 39674 }
wolfSSL 16:8e0d178b1d1e 39675
wolfSSL 16:8e0d178b1d1e 39676 #ifndef NO_FILESYSTEM
wolfSSL 16:8e0d178b1d1e 39677 #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH)
wolfSSL 16:8e0d178b1d1e 39678 /* Convert DH key parameters to DER format, write to output (outSz)
wolfSSL 16:8e0d178b1d1e 39679 * If output is NULL then max expected size is set to outSz and LENGTH_ONLY_E is
wolfSSL 16:8e0d178b1d1e 39680 * returned.
wolfSSL 16:8e0d178b1d1e 39681 *
wolfSSL 16:8e0d178b1d1e 39682 * Note : static function due to redefinition complications with DhKey and FIPS
wolfSSL 16:8e0d178b1d1e 39683 * version 2 build.
wolfSSL 16:8e0d178b1d1e 39684 *
wolfSSL 16:8e0d178b1d1e 39685 * return bytes written on success */
wolfSSL 16:8e0d178b1d1e 39686 int wc_DhParamsToDer(DhKey* key, byte* out, word32* outSz)
wolfSSL 16:8e0d178b1d1e 39687 {
wolfSSL 16:8e0d178b1d1e 39688 word32 sz = 0, idx = 0;
wolfSSL 16:8e0d178b1d1e 39689 int pSz = 0, gSz = 0, ret;
wolfSSL 16:8e0d178b1d1e 39690 byte scratch[MAX_LENGTH_SZ];
wolfSSL 16:8e0d178b1d1e 39691
wolfSSL 16:8e0d178b1d1e 39692 if (key == NULL || outSz == NULL) {
wolfSSL 16:8e0d178b1d1e 39693 return BAD_FUNC_ARG;
wolfSSL 16:8e0d178b1d1e 39694 }
wolfSSL 16:8e0d178b1d1e 39695
wolfSSL 16:8e0d178b1d1e 39696 pSz = mp_unsigned_bin_size(&key->p);
wolfSSL 16:8e0d178b1d1e 39697 if (pSz < 0) {
wolfSSL 16:8e0d178b1d1e 39698 return pSz;
wolfSSL 16:8e0d178b1d1e 39699 }
wolfSSL 16:8e0d178b1d1e 39700 if (mp_leading_bit(&key->p)) {
wolfSSL 16:8e0d178b1d1e 39701 pSz++;
wolfSSL 16:8e0d178b1d1e 39702 }
wolfSSL 16:8e0d178b1d1e 39703
wolfSSL 16:8e0d178b1d1e 39704 gSz = mp_unsigned_bin_size(&key->g);
wolfSSL 16:8e0d178b1d1e 39705 if (gSz < 0) {
wolfSSL 16:8e0d178b1d1e 39706 return gSz;
wolfSSL 16:8e0d178b1d1e 39707 }
wolfSSL 16:8e0d178b1d1e 39708 if (mp_leading_bit(&key->g)) {
wolfSSL 16:8e0d178b1d1e 39709 gSz++;
wolfSSL 16:8e0d178b1d1e 39710 }
wolfSSL 16:8e0d178b1d1e 39711
wolfSSL 16:8e0d178b1d1e 39712 sz = ASN_TAG_SZ; /* Integer */
wolfSSL 16:8e0d178b1d1e 39713 sz += SetLength(pSz, scratch);
wolfSSL 16:8e0d178b1d1e 39714 sz += ASN_TAG_SZ; /* Integer */
wolfSSL 16:8e0d178b1d1e 39715 sz += SetLength(gSz, scratch);
wolfSSL 16:8e0d178b1d1e 39716 sz += gSz + pSz;
wolfSSL 16:8e0d178b1d1e 39717
wolfSSL 16:8e0d178b1d1e 39718 if (out == NULL) {
wolfSSL 16:8e0d178b1d1e 39719 byte seqScratch[MAX_SEQ_SZ];
wolfSSL 16:8e0d178b1d1e 39720
wolfSSL 16:8e0d178b1d1e 39721 *outSz = sz + SetSequence(sz, seqScratch);
wolfSSL 16:8e0d178b1d1e 39722 return LENGTH_ONLY_E;
wolfSSL 16:8e0d178b1d1e 39723 }
wolfSSL 16:8e0d178b1d1e 39724
wolfSSL 16:8e0d178b1d1e 39725 if (*outSz < MAX_SEQ_SZ || *outSz < sz) {
wolfSSL 16:8e0d178b1d1e 39726 return BUFFER_E;
wolfSSL 16:8e0d178b1d1e 39727 }
wolfSSL 16:8e0d178b1d1e 39728
wolfSSL 16:8e0d178b1d1e 39729 idx += SetSequence(sz, out);
wolfSSL 16:8e0d178b1d1e 39730 if (*outSz < idx + sz) {
wolfSSL 16:8e0d178b1d1e 39731 return BUFFER_E;
wolfSSL 16:8e0d178b1d1e 39732 }
wolfSSL 16:8e0d178b1d1e 39733
wolfSSL 16:8e0d178b1d1e 39734 out[idx++] = ASN_INTEGER;
wolfSSL 16:8e0d178b1d1e 39735 idx += SetLength(pSz, out + idx);
wolfSSL 16:8e0d178b1d1e 39736 if (mp_leading_bit(&key->p)) {
wolfSSL 16:8e0d178b1d1e 39737 out[idx++] = 0x00;
wolfSSL 16:8e0d178b1d1e 39738 pSz -= 1; /* subtract 1 from size to account for leading 0 */
wolfSSL 16:8e0d178b1d1e 39739 }
wolfSSL 16:8e0d178b1d1e 39740 ret = mp_to_unsigned_bin(&key->p, out + idx);
wolfSSL 16:8e0d178b1d1e 39741 if (ret != MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 39742 return BUFFER_E;
wolfSSL 16:8e0d178b1d1e 39743 }
wolfSSL 16:8e0d178b1d1e 39744 idx += pSz;
wolfSSL 16:8e0d178b1d1e 39745
wolfSSL 16:8e0d178b1d1e 39746 out[idx++] = ASN_INTEGER;
wolfSSL 16:8e0d178b1d1e 39747 idx += SetLength(gSz, out + idx);
wolfSSL 16:8e0d178b1d1e 39748 if (mp_leading_bit(&key->g)) {
wolfSSL 16:8e0d178b1d1e 39749 out[idx++] = 0x00;
wolfSSL 16:8e0d178b1d1e 39750 gSz -= 1; /* subtract 1 from size to account for leading 0 */
wolfSSL 16:8e0d178b1d1e 39751 }
wolfSSL 16:8e0d178b1d1e 39752 ret = mp_to_unsigned_bin(&key->g, out + idx);
wolfSSL 16:8e0d178b1d1e 39753 if (ret != MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 39754 return BUFFER_E;
wolfSSL 16:8e0d178b1d1e 39755 }
wolfSSL 16:8e0d178b1d1e 39756 idx += gSz;
wolfSSL 16:8e0d178b1d1e 39757 return idx;
wolfSSL 16:8e0d178b1d1e 39758 }
wolfSSL 16:8e0d178b1d1e 39759
wolfSSL 16:8e0d178b1d1e 39760 int wc_DhPubKeyToDer(DhKey* key, byte* out, word32* outSz)
wolfSSL 16:8e0d178b1d1e 39761 {
wolfSSL 16:8e0d178b1d1e 39762 word32 sz = 0;
wolfSSL 16:8e0d178b1d1e 39763 word32 paramSz = 0;
wolfSSL 16:8e0d178b1d1e 39764 int ret;
wolfSSL 16:8e0d178b1d1e 39765 int pubSz = 0;
wolfSSL 16:8e0d178b1d1e 39766 int idx = 0;
wolfSSL 16:8e0d178b1d1e 39767 byte scratch[MAX_ALGO_SZ];
wolfSSL 16:8e0d178b1d1e 39768
wolfSSL 16:8e0d178b1d1e 39769 /* Get size of entire key */
wolfSSL 16:8e0d178b1d1e 39770
wolfSSL 16:8e0d178b1d1e 39771 /* SEQUENCE <--| SetAlgoId
wolfSSL 16:8e0d178b1d1e 39772 * OBJECT IDENTIFIER <--|
wolfSSL 16:8e0d178b1d1e 39773 * SEQUENCE <--
wolfSSL 16:8e0d178b1d1e 39774 * INTEGER | wc_DhParamsToDer
wolfSSL 16:8e0d178b1d1e 39775 * INTEGER <--
wolfSSL 16:8e0d178b1d1e 39776 */
wolfSSL 16:8e0d178b1d1e 39777 ret = wc_DhParamsToDer(key, NULL, &paramSz);
wolfSSL 16:8e0d178b1d1e 39778 if (ret != LENGTH_ONLY_E)
wolfSSL 16:8e0d178b1d1e 39779 return ASN_PARSE_E;
wolfSSL 16:8e0d178b1d1e 39780 sz += paramSz;
wolfSSL 16:8e0d178b1d1e 39781 sz += SetAlgoID(DHk, scratch, oidKeyType, paramSz);
wolfSSL 16:8e0d178b1d1e 39782
wolfSSL 16:8e0d178b1d1e 39783 /* BIT STRING
wolfSSL 16:8e0d178b1d1e 39784 * INTEGER
wolfSSL 16:8e0d178b1d1e 39785 */
wolfSSL 16:8e0d178b1d1e 39786 pubSz = mp_unsigned_bin_size(&key->pub);
wolfSSL 16:8e0d178b1d1e 39787 if (pubSz < 0)
wolfSSL 16:8e0d178b1d1e 39788 return pubSz;
wolfSSL 16:8e0d178b1d1e 39789
wolfSSL 16:8e0d178b1d1e 39790 if (mp_leading_bit(&key->pub))
wolfSSL 16:8e0d178b1d1e 39791 pubSz++;
wolfSSL 16:8e0d178b1d1e 39792
wolfSSL 16:8e0d178b1d1e 39793 sz += ASN_TAG_SZ; /* Integer */
wolfSSL 16:8e0d178b1d1e 39794 sz += SetLength(pubSz, scratch);
wolfSSL 16:8e0d178b1d1e 39795 sz += pubSz;
wolfSSL 16:8e0d178b1d1e 39796
wolfSSL 16:8e0d178b1d1e 39797 sz += SetBitString(pubSz, 0, scratch);
wolfSSL 16:8e0d178b1d1e 39798
wolfSSL 16:8e0d178b1d1e 39799 if (out == NULL) {
wolfSSL 16:8e0d178b1d1e 39800 /* Uppermost SEQUENCE */
wolfSSL 16:8e0d178b1d1e 39801 *outSz = sz + SetSequence(sz, scratch);
wolfSSL 16:8e0d178b1d1e 39802 return LENGTH_ONLY_E;
wolfSSL 16:8e0d178b1d1e 39803 }
wolfSSL 16:8e0d178b1d1e 39804 /* end get size of entire key */
wolfSSL 16:8e0d178b1d1e 39805
wolfSSL 16:8e0d178b1d1e 39806 /* Check for indexing errors */
wolfSSL 16:8e0d178b1d1e 39807 if (*outSz < MAX_SEQ_SZ || *outSz < sz) {
wolfSSL 16:8e0d178b1d1e 39808 return BUFFER_E;
wolfSSL 16:8e0d178b1d1e 39809 }
wolfSSL 16:8e0d178b1d1e 39810
wolfSSL 16:8e0d178b1d1e 39811 /* Build Up Entire Key */
wolfSSL 16:8e0d178b1d1e 39812
wolfSSL 16:8e0d178b1d1e 39813 idx += SetSequence(sz, out);
wolfSSL 16:8e0d178b1d1e 39814
wolfSSL 16:8e0d178b1d1e 39815 idx += SetAlgoID(DHk, out+idx, oidKeyType, paramSz);
wolfSSL 16:8e0d178b1d1e 39816 ret = wc_DhParamsToDer(key, out+idx, &paramSz);
wolfSSL 16:8e0d178b1d1e 39817 if (ret < 0)
wolfSSL 16:8e0d178b1d1e 39818 return ret;
wolfSSL 16:8e0d178b1d1e 39819 idx += ret;
wolfSSL 16:8e0d178b1d1e 39820
wolfSSL 16:8e0d178b1d1e 39821 /* BIT STRING
wolfSSL 16:8e0d178b1d1e 39822 * INTEGER
wolfSSL 16:8e0d178b1d1e 39823 */
wolfSSL 16:8e0d178b1d1e 39824 idx += SetBitString(pubSz, 0, out+idx);
wolfSSL 16:8e0d178b1d1e 39825
wolfSSL 16:8e0d178b1d1e 39826 out[idx++] = ASN_INTEGER;
wolfSSL 16:8e0d178b1d1e 39827 idx += SetLength(pubSz, out + idx);
wolfSSL 16:8e0d178b1d1e 39828 if (mp_leading_bit(&key->pub)) {
wolfSSL 16:8e0d178b1d1e 39829 out[idx++] = 0x00;
wolfSSL 16:8e0d178b1d1e 39830 pubSz -= 1; /* subtract 1 from size to account for leading 0 */
wolfSSL 16:8e0d178b1d1e 39831 }
wolfSSL 16:8e0d178b1d1e 39832 ret = mp_to_unsigned_bin(&key->pub, out + idx);
wolfSSL 16:8e0d178b1d1e 39833 if (ret != MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 39834 return BUFFER_E;
wolfSSL 16:8e0d178b1d1e 39835 }
wolfSSL 16:8e0d178b1d1e 39836 idx += pubSz;
wolfSSL 16:8e0d178b1d1e 39837
wolfSSL 16:8e0d178b1d1e 39838 return idx;
wolfSSL 16:8e0d178b1d1e 39839 }
wolfSSL 16:8e0d178b1d1e 39840
wolfSSL 16:8e0d178b1d1e 39841 int wc_DhPrivKeyToDer(DhKey* key, byte* out, word32* outSz)
wolfSSL 16:8e0d178b1d1e 39842 {
wolfSSL 16:8e0d178b1d1e 39843 word32 sz = 0;
wolfSSL 16:8e0d178b1d1e 39844 word32 paramSz = 0;
wolfSSL 16:8e0d178b1d1e 39845 int ret;
wolfSSL 16:8e0d178b1d1e 39846 int privSz = 0;
wolfSSL 16:8e0d178b1d1e 39847 int idx = 0;
wolfSSL 16:8e0d178b1d1e 39848 byte scratch[MAX_ALGO_SZ];
wolfSSL 16:8e0d178b1d1e 39849
wolfSSL 16:8e0d178b1d1e 39850 /* Get size of entire key */
wolfSSL 16:8e0d178b1d1e 39851
wolfSSL 16:8e0d178b1d1e 39852 /* INTEGER 0 */
wolfSSL 16:8e0d178b1d1e 39853 sz += ASN_TAG_SZ; /* Integer */
wolfSSL 16:8e0d178b1d1e 39854 sz += SetLength(1, scratch);
wolfSSL 16:8e0d178b1d1e 39855 sz += 1;
wolfSSL 16:8e0d178b1d1e 39856
wolfSSL 16:8e0d178b1d1e 39857 /* SEQUENCE <--| SetAlgoId
wolfSSL 16:8e0d178b1d1e 39858 * OBJECT IDENTIFIER <--|
wolfSSL 16:8e0d178b1d1e 39859 * SEQUENCE <--
wolfSSL 16:8e0d178b1d1e 39860 * INTEGER | wc_DhParamsToDer
wolfSSL 16:8e0d178b1d1e 39861 * INTEGER <--
wolfSSL 16:8e0d178b1d1e 39862 */
wolfSSL 16:8e0d178b1d1e 39863 ret = wc_DhParamsToDer(key, NULL, &paramSz);
wolfSSL 16:8e0d178b1d1e 39864 if (ret != LENGTH_ONLY_E)
wolfSSL 16:8e0d178b1d1e 39865 return ASN_PARSE_E;
wolfSSL 16:8e0d178b1d1e 39866 sz += paramSz;
wolfSSL 16:8e0d178b1d1e 39867 sz += SetAlgoID(DHk, scratch, oidKeyType, paramSz);
wolfSSL 16:8e0d178b1d1e 39868
wolfSSL 16:8e0d178b1d1e 39869 /* OCTET STRING
wolfSSL 16:8e0d178b1d1e 39870 * INTEGER
wolfSSL 16:8e0d178b1d1e 39871 */
wolfSSL 16:8e0d178b1d1e 39872 privSz = mp_unsigned_bin_size(&key->priv);
wolfSSL 16:8e0d178b1d1e 39873 if (privSz < 0)
wolfSSL 16:8e0d178b1d1e 39874 return privSz;
wolfSSL 16:8e0d178b1d1e 39875 else if (privSz > 256) /* Key is larger than 2048 */
wolfSSL 16:8e0d178b1d1e 39876 return ASN_VERSION_E;
wolfSSL 16:8e0d178b1d1e 39877
wolfSSL 16:8e0d178b1d1e 39878 if (mp_leading_bit(&key->priv))
wolfSSL 16:8e0d178b1d1e 39879 privSz++;
wolfSSL 16:8e0d178b1d1e 39880
wolfSSL 16:8e0d178b1d1e 39881 sz += ASN_TAG_SZ; /* Integer */
wolfSSL 16:8e0d178b1d1e 39882 sz += SetLength(privSz, scratch);
wolfSSL 16:8e0d178b1d1e 39883 sz += privSz;
wolfSSL 16:8e0d178b1d1e 39884
wolfSSL 16:8e0d178b1d1e 39885 sz += SetOctetString(privSz + ASN_OCTET_STRING, scratch);
wolfSSL 16:8e0d178b1d1e 39886
wolfSSL 16:8e0d178b1d1e 39887 if (out == NULL) {
wolfSSL 16:8e0d178b1d1e 39888 /* Uppermost SEQUENCE */
wolfSSL 16:8e0d178b1d1e 39889 *outSz = sz + SetSequence(sz, scratch);
wolfSSL 16:8e0d178b1d1e 39890 return LENGTH_ONLY_E;
wolfSSL 16:8e0d178b1d1e 39891 }
wolfSSL 16:8e0d178b1d1e 39892 /* end get size of entire key */
wolfSSL 16:8e0d178b1d1e 39893
wolfSSL 16:8e0d178b1d1e 39894 /* Check for indexing errors */
wolfSSL 16:8e0d178b1d1e 39895 if (*outSz < MAX_SEQ_SZ || *outSz < sz) {
wolfSSL 16:8e0d178b1d1e 39896 return BUFFER_E;
wolfSSL 16:8e0d178b1d1e 39897 }
wolfSSL 16:8e0d178b1d1e 39898
wolfSSL 16:8e0d178b1d1e 39899 /* Build Up Entire Key */
wolfSSL 16:8e0d178b1d1e 39900
wolfSSL 16:8e0d178b1d1e 39901 idx += SetSequence(sz, out);
wolfSSL 16:8e0d178b1d1e 39902
wolfSSL 16:8e0d178b1d1e 39903 /* INTEGER 0 */
wolfSSL 16:8e0d178b1d1e 39904 out[idx++] = ASN_INTEGER;
wolfSSL 16:8e0d178b1d1e 39905 idx += SetLength(1, out+idx);
wolfSSL 16:8e0d178b1d1e 39906 out[idx++] = 0;
wolfSSL 16:8e0d178b1d1e 39907
wolfSSL 16:8e0d178b1d1e 39908 idx += SetAlgoID(DHk, out+idx, oidKeyType, paramSz);
wolfSSL 16:8e0d178b1d1e 39909 ret = wc_DhParamsToDer(key, out+idx, &paramSz);
wolfSSL 16:8e0d178b1d1e 39910 if (ret < 0)
wolfSSL 16:8e0d178b1d1e 39911 return ret;
wolfSSL 16:8e0d178b1d1e 39912 idx += ret;
wolfSSL 16:8e0d178b1d1e 39913
wolfSSL 16:8e0d178b1d1e 39914 /* OCTET STRING
wolfSSL 16:8e0d178b1d1e 39915 * INTEGER
wolfSSL 16:8e0d178b1d1e 39916 */
wolfSSL 16:8e0d178b1d1e 39917 if (privSz == 256) {
wolfSSL 16:8e0d178b1d1e 39918 idx += SetOctetString(privSz + ASN_OCTET_STRING, out+idx);
wolfSSL 16:8e0d178b1d1e 39919 } else if (privSz == 128) {
wolfSSL 16:8e0d178b1d1e 39920 idx += SetOctetString(privSz + ASN_OCTET_STRING-1, out+idx);
wolfSSL 16:8e0d178b1d1e 39921 } else if (privSz == 64) {
wolfSSL 16:8e0d178b1d1e 39922 idx += SetOctetString(privSz + ASN_OCTET_STRING-2, out+idx);
wolfSSL 16:8e0d178b1d1e 39923 } else {
wolfSSL 16:8e0d178b1d1e 39924 WOLFSSL_MSG("Unsupported key size");
wolfSSL 16:8e0d178b1d1e 39925 return ASN_VERSION_E;
wolfSSL 16:8e0d178b1d1e 39926 }
wolfSSL 16:8e0d178b1d1e 39927
wolfSSL 16:8e0d178b1d1e 39928 out[idx++] = ASN_INTEGER;
wolfSSL 16:8e0d178b1d1e 39929 idx += SetLength(privSz, out + idx);
wolfSSL 16:8e0d178b1d1e 39930 if (mp_leading_bit(&key->priv)) {
wolfSSL 16:8e0d178b1d1e 39931 out[idx++] = 0x00;
wolfSSL 16:8e0d178b1d1e 39932 privSz -= 1; /* subtract 1 from size to account for leading 0 */
wolfSSL 16:8e0d178b1d1e 39933 }
wolfSSL 16:8e0d178b1d1e 39934 ret = mp_to_unsigned_bin(&key->priv, out + idx);
wolfSSL 16:8e0d178b1d1e 39935 if (ret != MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 39936 return BUFFER_E;
wolfSSL 16:8e0d178b1d1e 39937 }
wolfSSL 16:8e0d178b1d1e 39938 idx += privSz;
wolfSSL 16:8e0d178b1d1e 39939
wolfSSL 16:8e0d178b1d1e 39940 return idx;
wolfSSL 16:8e0d178b1d1e 39941 }
wolfSSL 16:8e0d178b1d1e 39942
wolfSSL 16:8e0d178b1d1e 39943 /* Writes the DH parameters in PEM format from "dh" out to the file pointer
wolfSSL 16:8e0d178b1d1e 39944 * passed in.
wolfSSL 16:8e0d178b1d1e 39945 *
wolfSSL 16:8e0d178b1d1e 39946 * returns WOLFSSL_SUCCESS on success
wolfSSL 16:8e0d178b1d1e 39947 */
wolfSSL 16:8e0d178b1d1e 39948 int wolfSSL_PEM_write_DHparams(XFILE fp, WOLFSSL_DH* dh)
wolfSSL 16:8e0d178b1d1e 39949 {
wolfSSL 16:8e0d178b1d1e 39950 int ret;
wolfSSL 16:8e0d178b1d1e 39951 word32 derSz = 0, pemSz = 0;
wolfSSL 16:8e0d178b1d1e 39952 byte *der, *pem;
wolfSSL 16:8e0d178b1d1e 39953 DhKey* key;
wolfSSL 16:8e0d178b1d1e 39954
wolfSSL 16:8e0d178b1d1e 39955 WOLFSSL_ENTER("wolfSSL_PEM_write_DHparams");
wolfSSL 16:8e0d178b1d1e 39956
wolfSSL 16:8e0d178b1d1e 39957 if (dh == NULL) {
wolfSSL 16:8e0d178b1d1e 39958 WOLFSSL_LEAVE("wolfSSL_PEM_write_DHparams", BAD_FUNC_ARG);
wolfSSL 16:8e0d178b1d1e 39959 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 39960 }
wolfSSL 16:8e0d178b1d1e 39961
wolfSSL 16:8e0d178b1d1e 39962 if (dh->inSet == 0) {
wolfSSL 16:8e0d178b1d1e 39963 if (SetDhInternal(dh) != WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 39964 WOLFSSL_MSG("Unable to set internal DH structure");
wolfSSL 16:8e0d178b1d1e 39965 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 39966 }
wolfSSL 16:8e0d178b1d1e 39967 }
wolfSSL 16:8e0d178b1d1e 39968 key = (DhKey*)dh->internal;
wolfSSL 16:8e0d178b1d1e 39969 ret = wc_DhParamsToDer(key, NULL, &derSz);
wolfSSL 16:8e0d178b1d1e 39970 if (ret != LENGTH_ONLY_E) {
wolfSSL 16:8e0d178b1d1e 39971 WOLFSSL_MSG("Failed to get size of DH params");
wolfSSL 16:8e0d178b1d1e 39972 WOLFSSL_LEAVE("wolfSSL_PEM_write_DHparams", ret);
wolfSSL 16:8e0d178b1d1e 39973 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 39974 }
wolfSSL 16:8e0d178b1d1e 39975
wolfSSL 16:8e0d178b1d1e 39976 der = (byte*)XMALLOC(derSz, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 39977 if (der == NULL) {
wolfSSL 16:8e0d178b1d1e 39978 WOLFSSL_LEAVE("wolfSSL_PEM_write_DHparams", MEMORY_E);
wolfSSL 16:8e0d178b1d1e 39979 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 39980 }
wolfSSL 16:8e0d178b1d1e 39981 ret = wc_DhParamsToDer(key, der, &derSz);
wolfSSL 16:8e0d178b1d1e 39982 if (ret <= 0) {
wolfSSL 16:8e0d178b1d1e 39983 WOLFSSL_MSG("Failed to export DH params");
wolfSSL 16:8e0d178b1d1e 39984 WOLFSSL_LEAVE("wolfSSL_PEM_write_DHparams", ret);
wolfSSL 16:8e0d178b1d1e 39985 XFREE(der, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 39986 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 39987 }
wolfSSL 16:8e0d178b1d1e 39988
wolfSSL 16:8e0d178b1d1e 39989 /* convert to PEM */
wolfSSL 16:8e0d178b1d1e 39990 ret = wc_DerToPem(der, derSz, NULL, 0, DH_PARAM_TYPE);
wolfSSL 16:8e0d178b1d1e 39991 if (ret < 0) {
wolfSSL 16:8e0d178b1d1e 39992 WOLFSSL_MSG("Failed to convert DH params to PEM");
wolfSSL 16:8e0d178b1d1e 39993 WOLFSSL_LEAVE("wolfSSL_PEM_write_DHparams", ret);
wolfSSL 16:8e0d178b1d1e 39994 XFREE(der, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 39995 return ret;
wolfSSL 16:8e0d178b1d1e 39996 }
wolfSSL 16:8e0d178b1d1e 39997 pemSz = (word32)ret;
wolfSSL 16:8e0d178b1d1e 39998
wolfSSL 16:8e0d178b1d1e 39999 pem = (byte*)XMALLOC(pemSz, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 40000 if (pem == NULL) {
wolfSSL 16:8e0d178b1d1e 40001 WOLFSSL_LEAVE("wolfSSL_PEM_write_DHparams", MEMORY_E);
wolfSSL 16:8e0d178b1d1e 40002 XFREE(der, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 40003 return ret;
wolfSSL 16:8e0d178b1d1e 40004 }
wolfSSL 16:8e0d178b1d1e 40005 ret = wc_DerToPem(der, derSz, pem, pemSz, DH_PARAM_TYPE);
wolfSSL 16:8e0d178b1d1e 40006 XFREE(der, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 40007 if (ret < 0) {
wolfSSL 16:8e0d178b1d1e 40008 WOLFSSL_MSG("Failed to convert DH params to PEM");
wolfSSL 16:8e0d178b1d1e 40009 WOLFSSL_LEAVE("wolfSSL_PEM_write_DHparams", ret);
wolfSSL 16:8e0d178b1d1e 40010 XFREE(pem, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 40011 return ret;
wolfSSL 16:8e0d178b1d1e 40012 }
wolfSSL 16:8e0d178b1d1e 40013
wolfSSL 16:8e0d178b1d1e 40014 ret = (int)XFWRITE(pem, 1, pemSz, fp);
wolfSSL 16:8e0d178b1d1e 40015 XFREE(pem, key->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 40016 if (ret <= 0) {
wolfSSL 16:8e0d178b1d1e 40017 WOLFSSL_MSG("Failed to write to file");
wolfSSL 16:8e0d178b1d1e 40018 WOLFSSL_LEAVE("wolfSSL_PEM_write_DHparams", ret);
wolfSSL 16:8e0d178b1d1e 40019 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 40020 }
wolfSSL 16:8e0d178b1d1e 40021
wolfSSL 16:8e0d178b1d1e 40022 WOLFSSL_LEAVE("wolfSSL_PEM_write_DHparams", WOLFSSL_SUCCESS);
wolfSSL 16:8e0d178b1d1e 40023 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 40024 }
wolfSSL 16:8e0d178b1d1e 40025 #endif /* WOLFSSL_QT || OPENSSL_ALL */
wolfSSL 16:8e0d178b1d1e 40026 #endif /* !NO_FILESYSTEM */
wolfSSL 16:8e0d178b1d1e 40027 #endif /* !NO_DH */
wolfSSL 15:117db924cf7c 40028
wolfSSL 15:117db924cf7c 40029 #ifdef WOLFSSL_CERT_GEN
wolfSSL 15:117db924cf7c 40030
wolfSSL 15:117db924cf7c 40031 #ifdef WOLFSSL_CERT_REQ
wolfSSL 15:117db924cf7c 40032 /* writes the x509 from x to the WOLFSSL_BIO bp
wolfSSL 15:117db924cf7c 40033 *
wolfSSL 15:117db924cf7c 40034 * returns WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on fail
wolfSSL 15:117db924cf7c 40035 */
wolfSSL 15:117db924cf7c 40036 int wolfSSL_PEM_write_bio_X509_REQ(WOLFSSL_BIO *bp, WOLFSSL_X509 *x)
wolfSSL 15:117db924cf7c 40037 {
wolfSSL 15:117db924cf7c 40038 byte* pem;
wolfSSL 15:117db924cf7c 40039 int pemSz = 0;
wolfSSL 15:117db924cf7c 40040 const unsigned char* der;
wolfSSL 15:117db924cf7c 40041 int derSz;
wolfSSL 15:117db924cf7c 40042 int ret;
wolfSSL 15:117db924cf7c 40043
wolfSSL 15:117db924cf7c 40044 WOLFSSL_ENTER("wolfSSL_PEM_write_bio_X509_REQ()");
wolfSSL 15:117db924cf7c 40045
wolfSSL 15:117db924cf7c 40046 if (x == NULL || bp == NULL) {
wolfSSL 15:117db924cf7c 40047 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 40048 }
wolfSSL 15:117db924cf7c 40049
wolfSSL 15:117db924cf7c 40050 der = wolfSSL_X509_get_der(x, &derSz);
wolfSSL 15:117db924cf7c 40051 if (der == NULL) {
wolfSSL 15:117db924cf7c 40052 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 40053 }
wolfSSL 15:117db924cf7c 40054
wolfSSL 15:117db924cf7c 40055 /* get PEM size */
wolfSSL 15:117db924cf7c 40056 pemSz = wc_DerToPemEx(der, derSz, NULL, 0, NULL, CERTREQ_TYPE);
wolfSSL 15:117db924cf7c 40057 if (pemSz < 0) {
wolfSSL 15:117db924cf7c 40058 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 40059 }
wolfSSL 15:117db924cf7c 40060
wolfSSL 15:117db924cf7c 40061 /* create PEM buffer and convert from DER */
wolfSSL 15:117db924cf7c 40062 pem = (byte*)XMALLOC(pemSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 40063 if (pem == NULL) {
wolfSSL 15:117db924cf7c 40064 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 40065 }
wolfSSL 15:117db924cf7c 40066 if (wc_DerToPemEx(der, derSz, pem, pemSz, NULL, CERTREQ_TYPE) < 0) {
wolfSSL 15:117db924cf7c 40067 XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 40068 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 40069 }
wolfSSL 15:117db924cf7c 40070
wolfSSL 15:117db924cf7c 40071 /* write the PEM to BIO */
wolfSSL 15:117db924cf7c 40072 ret = wolfSSL_BIO_write(bp, pem, pemSz);
wolfSSL 15:117db924cf7c 40073 XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 40074
wolfSSL 15:117db924cf7c 40075 if (ret <= 0) return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 40076 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 40077 }
wolfSSL 15:117db924cf7c 40078 #endif /* WOLFSSL_CERT_REQ */
wolfSSL 15:117db924cf7c 40079
wolfSSL 15:117db924cf7c 40080
wolfSSL 15:117db924cf7c 40081 /* writes the x509 from x to the WOLFSSL_BIO bp
wolfSSL 15:117db924cf7c 40082 *
wolfSSL 15:117db924cf7c 40083 * returns WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on fail
wolfSSL 15:117db924cf7c 40084 */
wolfSSL 15:117db924cf7c 40085 int wolfSSL_PEM_write_bio_X509_AUX(WOLFSSL_BIO *bp, WOLFSSL_X509 *x)
wolfSSL 15:117db924cf7c 40086 {
wolfSSL 15:117db924cf7c 40087 byte* pem;
wolfSSL 15:117db924cf7c 40088 int pemSz = 0;
wolfSSL 15:117db924cf7c 40089 const unsigned char* der;
wolfSSL 15:117db924cf7c 40090 int derSz;
wolfSSL 15:117db924cf7c 40091 int ret;
wolfSSL 15:117db924cf7c 40092
wolfSSL 15:117db924cf7c 40093 WOLFSSL_ENTER("wolfSSL_PEM_write_bio_X509_AUX()");
wolfSSL 15:117db924cf7c 40094
wolfSSL 15:117db924cf7c 40095 if (bp == NULL || x == NULL) {
wolfSSL 15:117db924cf7c 40096 WOLFSSL_MSG("NULL argument passed in");
wolfSSL 15:117db924cf7c 40097 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 40098 }
wolfSSL 15:117db924cf7c 40099
wolfSSL 15:117db924cf7c 40100 der = wolfSSL_X509_get_der(x, &derSz);
wolfSSL 15:117db924cf7c 40101 if (der == NULL) {
wolfSSL 15:117db924cf7c 40102 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 40103 }
wolfSSL 15:117db924cf7c 40104
wolfSSL 15:117db924cf7c 40105 /* get PEM size */
wolfSSL 15:117db924cf7c 40106 pemSz = wc_DerToPemEx(der, derSz, NULL, 0, NULL, CERT_TYPE);
wolfSSL 15:117db924cf7c 40107 if (pemSz < 0) {
wolfSSL 15:117db924cf7c 40108 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 40109 }
wolfSSL 15:117db924cf7c 40110
wolfSSL 15:117db924cf7c 40111 /* create PEM buffer and convert from DER */
wolfSSL 15:117db924cf7c 40112 pem = (byte*)XMALLOC(pemSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 40113 if (pem == NULL) {
wolfSSL 15:117db924cf7c 40114 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 40115 }
wolfSSL 15:117db924cf7c 40116 if (wc_DerToPemEx(der, derSz, pem, pemSz, NULL, CERT_TYPE) < 0) {
wolfSSL 15:117db924cf7c 40117 XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 40118 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 40119 }
wolfSSL 15:117db924cf7c 40120
wolfSSL 15:117db924cf7c 40121 /* write the PEM to BIO */
wolfSSL 15:117db924cf7c 40122 ret = wolfSSL_BIO_write(bp, pem, pemSz);
wolfSSL 15:117db924cf7c 40123 XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 40124
wolfSSL 15:117db924cf7c 40125 if (ret <= 0) return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 40126 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 40127 }
wolfSSL 15:117db924cf7c 40128 #endif /* WOLFSSL_CERT_GEN */
wolfSSL 15:117db924cf7c 40129
wolfSSL 15:117db924cf7c 40130 int wolfSSL_PEM_write_bio_X509(WOLFSSL_BIO *bio, WOLFSSL_X509 *cert)
wolfSSL 15:117db924cf7c 40131 {
wolfSSL 15:117db924cf7c 40132 byte* pem;
wolfSSL 15:117db924cf7c 40133 int pemSz = 0;
wolfSSL 15:117db924cf7c 40134 const unsigned char* der;
wolfSSL 15:117db924cf7c 40135 int derSz;
wolfSSL 15:117db924cf7c 40136 int ret;
wolfSSL 15:117db924cf7c 40137
wolfSSL 15:117db924cf7c 40138 WOLFSSL_ENTER("wolfSSL_PEM_write_bio_X509_AUX()");
wolfSSL 15:117db924cf7c 40139
wolfSSL 15:117db924cf7c 40140 if (bio == NULL || cert == NULL) {
wolfSSL 15:117db924cf7c 40141 WOLFSSL_MSG("NULL argument passed in");
wolfSSL 15:117db924cf7c 40142 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 40143 }
wolfSSL 15:117db924cf7c 40144
wolfSSL 15:117db924cf7c 40145 der = wolfSSL_X509_get_der(cert, &derSz);
wolfSSL 15:117db924cf7c 40146 if (der == NULL) {
wolfSSL 15:117db924cf7c 40147 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 40148 }
wolfSSL 15:117db924cf7c 40149
wolfSSL 15:117db924cf7c 40150 /* get PEM size */
wolfSSL 15:117db924cf7c 40151 pemSz = wc_DerToPemEx(der, derSz, NULL, 0, NULL, CERT_TYPE);
wolfSSL 15:117db924cf7c 40152 if (pemSz < 0) {
wolfSSL 15:117db924cf7c 40153 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 40154 }
wolfSSL 15:117db924cf7c 40155
wolfSSL 15:117db924cf7c 40156 /* create PEM buffer and convert from DER */
wolfSSL 15:117db924cf7c 40157 pem = (byte*)XMALLOC(pemSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 40158 if (pem == NULL) {
wolfSSL 15:117db924cf7c 40159 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 40160 }
wolfSSL 15:117db924cf7c 40161 if (wc_DerToPemEx(der, derSz, pem, pemSz, NULL, CERT_TYPE) < 0) {
wolfSSL 15:117db924cf7c 40162 XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 40163 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 40164 }
wolfSSL 15:117db924cf7c 40165
wolfSSL 15:117db924cf7c 40166 /* write the PEM to BIO */
wolfSSL 15:117db924cf7c 40167 ret = wolfSSL_BIO_write(bio, pem, pemSz);
wolfSSL 15:117db924cf7c 40168 XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 40169
wolfSSL 15:117db924cf7c 40170 if (ret <= 0) return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 40171 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 40172 }
wolfSSL 15:117db924cf7c 40173
wolfSSL 15:117db924cf7c 40174
wolfSSL 15:117db924cf7c 40175 #if defined(OPENSSL_EXTRA) && !defined(NO_DH)
wolfSSL 16:8e0d178b1d1e 40176 /* Initialize ctx->dh with dh's params. Return WOLFSSL_SUCCESS on ok */
wolfSSL 15:117db924cf7c 40177 long wolfSSL_CTX_set_tmp_dh(WOLFSSL_CTX* ctx, WOLFSSL_DH* dh)
wolfSSL 15:117db924cf7c 40178 {
wolfSSL 15:117db924cf7c 40179 int pSz, gSz;
wolfSSL 15:117db924cf7c 40180 byte *p, *g;
wolfSSL 15:117db924cf7c 40181 int ret=0;
wolfSSL 15:117db924cf7c 40182
wolfSSL 15:117db924cf7c 40183 WOLFSSL_ENTER("wolfSSL_CTX_set_tmp_dh");
wolfSSL 15:117db924cf7c 40184
wolfSSL 15:117db924cf7c 40185 if(!ctx || !dh)
wolfSSL 15:117db924cf7c 40186 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 40187
wolfSSL 15:117db924cf7c 40188 /* Get needed size for p and g */
wolfSSL 15:117db924cf7c 40189 pSz = wolfSSL_BN_bn2bin(dh->p, NULL);
wolfSSL 15:117db924cf7c 40190 gSz = wolfSSL_BN_bn2bin(dh->g, NULL);
wolfSSL 15:117db924cf7c 40191
wolfSSL 15:117db924cf7c 40192 if(pSz <= 0 || gSz <= 0)
wolfSSL 15:117db924cf7c 40193 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 40194
wolfSSL 15:117db924cf7c 40195 p = (byte*)XMALLOC(pSz, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 15:117db924cf7c 40196 if(!p)
wolfSSL 15:117db924cf7c 40197 return MEMORY_E;
wolfSSL 15:117db924cf7c 40198
wolfSSL 15:117db924cf7c 40199 g = (byte*)XMALLOC(gSz, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 15:117db924cf7c 40200 if(!g) {
wolfSSL 15:117db924cf7c 40201 XFREE(p, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 15:117db924cf7c 40202 return MEMORY_E;
wolfSSL 15:117db924cf7c 40203 }
wolfSSL 15:117db924cf7c 40204
wolfSSL 15:117db924cf7c 40205 pSz = wolfSSL_BN_bn2bin(dh->p, p);
wolfSSL 15:117db924cf7c 40206 gSz = wolfSSL_BN_bn2bin(dh->g, g);
wolfSSL 15:117db924cf7c 40207
wolfSSL 15:117db924cf7c 40208 if(pSz >= 0 && gSz >= 0) /* Conversion successful */
wolfSSL 15:117db924cf7c 40209 ret = wolfSSL_CTX_SetTmpDH(ctx, p, pSz, g, gSz);
wolfSSL 15:117db924cf7c 40210
wolfSSL 15:117db924cf7c 40211 XFREE(p, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 15:117db924cf7c 40212 XFREE(g, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 15:117db924cf7c 40213
wolfSSL 15:117db924cf7c 40214 return pSz > 0 && gSz > 0 ? ret : WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 40215 }
wolfSSL 15:117db924cf7c 40216 #endif /* OPENSSL_EXTRA && !NO_DH */
wolfSSL 15:117db924cf7c 40217
wolfSSL 15:117db924cf7c 40218
wolfSSL 15:117db924cf7c 40219 /* returns the enum value associated with handshake state
wolfSSL 15:117db924cf7c 40220 *
wolfSSL 15:117db924cf7c 40221 * ssl the WOLFSSL structure to get state of
wolfSSL 15:117db924cf7c 40222 */
wolfSSL 15:117db924cf7c 40223 int wolfSSL_get_state(const WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 40224 {
wolfSSL 15:117db924cf7c 40225 WOLFSSL_ENTER("wolfSSL_get_state");
wolfSSL 15:117db924cf7c 40226
wolfSSL 15:117db924cf7c 40227 if (ssl == NULL) {
wolfSSL 15:117db924cf7c 40228 WOLFSSL_MSG("Null argument passed in");
wolfSSL 15:117db924cf7c 40229 return SSL_FAILURE;
wolfSSL 15:117db924cf7c 40230 }
wolfSSL 15:117db924cf7c 40231
wolfSSL 15:117db924cf7c 40232 return ssl->options.handShakeState;
wolfSSL 15:117db924cf7c 40233 }
wolfSSL 15:117db924cf7c 40234 #endif /* HAVE_LIGHTY || HAVE_STUNNEL || WOLFSSL_MYSQL_COMPATIBLE */
wolfSSL 15:117db924cf7c 40235
wolfSSL 16:8e0d178b1d1e 40236 #if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || defined(WOLFSSL_HAPROXY) \
wolfSSL 16:8e0d178b1d1e 40237 || defined(WOLFSSL_NGINX) || defined(WOLFSSL_QT)
wolfSSL 16:8e0d178b1d1e 40238
wolfSSL 16:8e0d178b1d1e 40239 long wolfSSL_ctrl(WOLFSSL* ssl, int cmd, long opt, void* pt)
wolfSSL 16:8e0d178b1d1e 40240 {
wolfSSL 16:8e0d178b1d1e 40241 WOLFSSL_ENTER("wolfSSL_ctrl");
wolfSSL 16:8e0d178b1d1e 40242 if (ssl == NULL)
wolfSSL 16:8e0d178b1d1e 40243 return BAD_FUNC_ARG;
wolfSSL 16:8e0d178b1d1e 40244
wolfSSL 16:8e0d178b1d1e 40245 switch (cmd) {
wolfSSL 16:8e0d178b1d1e 40246 #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_QT) || defined(OPENSSL_ALL)
wolfSSL 16:8e0d178b1d1e 40247 case SSL_CTRL_SET_TLSEXT_HOSTNAME:
wolfSSL 16:8e0d178b1d1e 40248 WOLFSSL_MSG("Entering Case: SSL_CTRL_SET_TLSEXT_HOSTNAME.");
wolfSSL 16:8e0d178b1d1e 40249 #ifdef HAVE_SNI
wolfSSL 16:8e0d178b1d1e 40250 if (pt == NULL) {
wolfSSL 16:8e0d178b1d1e 40251 WOLFSSL_MSG("Passed in NULL Host Name.");
wolfSSL 16:8e0d178b1d1e 40252 break;
wolfSSL 16:8e0d178b1d1e 40253 }
wolfSSL 16:8e0d178b1d1e 40254 return wolfSSL_set_tlsext_host_name(ssl, (const char*) pt);
wolfSSL 16:8e0d178b1d1e 40255 #else
wolfSSL 16:8e0d178b1d1e 40256 WOLFSSL_MSG("SNI not enabled.");
wolfSSL 16:8e0d178b1d1e 40257 break;
wolfSSL 16:8e0d178b1d1e 40258 #endif /* HAVE_SNI */
wolfSSL 16:8e0d178b1d1e 40259 #endif /* WOLFSSL_NGINX || WOLFSSL_QT || OPENSSL_ALL */
wolfSSL 16:8e0d178b1d1e 40260 default:
wolfSSL 16:8e0d178b1d1e 40261 WOLFSSL_MSG("Case not implemented.");
wolfSSL 16:8e0d178b1d1e 40262 }
wolfSSL 16:8e0d178b1d1e 40263 (void)opt;
wolfSSL 16:8e0d178b1d1e 40264 (void)pt;
wolfSSL 16:8e0d178b1d1e 40265 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 40266 }
wolfSSL 16:8e0d178b1d1e 40267
wolfSSL 16:8e0d178b1d1e 40268 long wolfSSL_CTX_ctrl(WOLFSSL_CTX* ctx, int cmd, long opt, void* pt)
wolfSSL 16:8e0d178b1d1e 40269 {
wolfSSL 16:8e0d178b1d1e 40270 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
wolfSSL 16:8e0d178b1d1e 40271 long ctrl_opt;
wolfSSL 16:8e0d178b1d1e 40272 #endif
wolfSSL 16:8e0d178b1d1e 40273 long ret = WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 40274
wolfSSL 16:8e0d178b1d1e 40275 WOLFSSL_ENTER("wolfSSL_CTX_ctrl");
wolfSSL 16:8e0d178b1d1e 40276 if (ctx == NULL)
wolfSSL 16:8e0d178b1d1e 40277 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 40278
wolfSSL 16:8e0d178b1d1e 40279 switch (cmd) {
wolfSSL 16:8e0d178b1d1e 40280 case SSL_CTRL_CHAIN:
wolfSSL 16:8e0d178b1d1e 40281 #ifdef SESSION_CERTS
wolfSSL 16:8e0d178b1d1e 40282 {
wolfSSL 16:8e0d178b1d1e 40283 /*
wolfSSL 16:8e0d178b1d1e 40284 * We don't care about opt here because a copy of the certificate is
wolfSSL 16:8e0d178b1d1e 40285 * stored anyway so increasing the reference counter is not necessary.
wolfSSL 16:8e0d178b1d1e 40286 * Just check to make sure that it is set to one of the correct values.
wolfSSL 16:8e0d178b1d1e 40287 */
wolfSSL 16:8e0d178b1d1e 40288 WOLF_STACK_OF(WOLFSSL_X509)* sk = (WOLF_STACK_OF(WOLFSSL_X509)*) pt;
wolfSSL 16:8e0d178b1d1e 40289 WOLFSSL_X509* x509;
wolfSSL 16:8e0d178b1d1e 40290 int i;
wolfSSL 16:8e0d178b1d1e 40291 if (opt != 0 && opt != 1) {
wolfSSL 16:8e0d178b1d1e 40292 ret = WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 40293 break;
wolfSSL 16:8e0d178b1d1e 40294 }
wolfSSL 16:8e0d178b1d1e 40295 /* Clear certificate chain */
wolfSSL 16:8e0d178b1d1e 40296 FreeDer(&ctx->certChain);
wolfSSL 16:8e0d178b1d1e 40297 if (sk) {
wolfSSL 16:8e0d178b1d1e 40298 for (i = 0; i < wolfSSL_sk_X509_num(sk); i++) {
wolfSSL 16:8e0d178b1d1e 40299 x509 = wolfSSL_sk_X509_value(sk, i);
wolfSSL 16:8e0d178b1d1e 40300 /* Prevent wolfSSL_CTX_add_extra_chain_cert from freeing cert */
wolfSSL 16:8e0d178b1d1e 40301 if (wolfSSL_X509_up_ref(x509) != 1) {
wolfSSL 16:8e0d178b1d1e 40302 WOLFSSL_MSG("Error increasing reference count");
wolfSSL 16:8e0d178b1d1e 40303 continue;
wolfSSL 16:8e0d178b1d1e 40304 }
wolfSSL 16:8e0d178b1d1e 40305 if (wolfSSL_CTX_add_extra_chain_cert(ctx, x509) !=
wolfSSL 16:8e0d178b1d1e 40306 WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 40307 WOLFSSL_MSG("Error adding certificate to context");
wolfSSL 16:8e0d178b1d1e 40308 /* Decrease reference count on failure */
wolfSSL 16:8e0d178b1d1e 40309 wolfSSL_X509_free(x509);
wolfSSL 16:8e0d178b1d1e 40310 }
wolfSSL 16:8e0d178b1d1e 40311 }
wolfSSL 16:8e0d178b1d1e 40312 }
wolfSSL 16:8e0d178b1d1e 40313 /* Free previous chain */
wolfSSL 16:8e0d178b1d1e 40314 wolfSSL_sk_X509_free(ctx->x509Chain);
wolfSSL 16:8e0d178b1d1e 40315 ctx->x509Chain = sk;
wolfSSL 16:8e0d178b1d1e 40316 if (sk) {
wolfSSL 16:8e0d178b1d1e 40317 for (i = 0; i < wolfSSL_sk_X509_num(sk); i++) {
wolfSSL 16:8e0d178b1d1e 40318 x509 = wolfSSL_sk_X509_value(sk, i);
wolfSSL 16:8e0d178b1d1e 40319 /* On successful setting of new chain up all refs */
wolfSSL 16:8e0d178b1d1e 40320 if (wolfSSL_X509_up_ref(x509) != 1) {
wolfSSL 16:8e0d178b1d1e 40321 WOLFSSL_MSG("Error increasing reference count");
wolfSSL 16:8e0d178b1d1e 40322 continue;
wolfSSL 16:8e0d178b1d1e 40323 }
wolfSSL 16:8e0d178b1d1e 40324 }
wolfSSL 16:8e0d178b1d1e 40325 }
wolfSSL 16:8e0d178b1d1e 40326 }
wolfSSL 16:8e0d178b1d1e 40327 #else
wolfSSL 16:8e0d178b1d1e 40328 WOLFSSL_MSG("Session certificates not compiled in");
wolfSSL 16:8e0d178b1d1e 40329 ret = WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 40330 #endif
wolfSSL 16:8e0d178b1d1e 40331 break;
wolfSSL 16:8e0d178b1d1e 40332
wolfSSL 16:8e0d178b1d1e 40333 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
wolfSSL 16:8e0d178b1d1e 40334 case SSL_CTRL_OPTIONS:
wolfSSL 16:8e0d178b1d1e 40335 WOLFSSL_MSG("Entering Case: SSL_CTRL_OPTIONS.");
wolfSSL 16:8e0d178b1d1e 40336 ctrl_opt = wolfSSL_CTX_set_options(ctx, opt);
wolfSSL 16:8e0d178b1d1e 40337
wolfSSL 16:8e0d178b1d1e 40338 #ifdef WOLFSSL_QT
wolfSSL 16:8e0d178b1d1e 40339 /* Set whether to use client or server cipher preference */
wolfSSL 16:8e0d178b1d1e 40340 if ((ctrl_opt & SSL_OP_CIPHER_SERVER_PREFERENCE)
wolfSSL 16:8e0d178b1d1e 40341 == SSL_OP_CIPHER_SERVER_PREFERENCE) {
wolfSSL 16:8e0d178b1d1e 40342 WOLFSSL_MSG("Using Server's Cipher Preference.");
wolfSSL 16:8e0d178b1d1e 40343 ctx->useClientOrder = FALSE;
wolfSSL 16:8e0d178b1d1e 40344 } else {
wolfSSL 16:8e0d178b1d1e 40345 WOLFSSL_MSG("Using Client's Cipher Preference.");
wolfSSL 16:8e0d178b1d1e 40346 ctx->useClientOrder = TRUE;
wolfSSL 16:8e0d178b1d1e 40347 }
wolfSSL 16:8e0d178b1d1e 40348 #endif /* WOLFSSL_QT */
wolfSSL 16:8e0d178b1d1e 40349
wolfSSL 16:8e0d178b1d1e 40350 return ctrl_opt;
wolfSSL 16:8e0d178b1d1e 40351 #endif /* OPENSSL_EXTRA || HAVE_WEBSERVER */
wolfSSL 16:8e0d178b1d1e 40352 case SSL_CTRL_EXTRA_CHAIN_CERT:
wolfSSL 16:8e0d178b1d1e 40353 WOLFSSL_MSG("Entering Case: SSL_CTRL_EXTRA_CHAIN_CERT.");
wolfSSL 16:8e0d178b1d1e 40354 if (pt == NULL) {
wolfSSL 16:8e0d178b1d1e 40355 WOLFSSL_MSG("Passed in x509 pointer NULL.");
wolfSSL 16:8e0d178b1d1e 40356 ret = WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 40357 break;
wolfSSL 16:8e0d178b1d1e 40358 }
wolfSSL 16:8e0d178b1d1e 40359 return wolfSSL_CTX_add_extra_chain_cert(ctx, (WOLFSSL_X509*)pt);
wolfSSL 16:8e0d178b1d1e 40360
wolfSSL 16:8e0d178b1d1e 40361 #ifndef NO_DH
wolfSSL 16:8e0d178b1d1e 40362 case SSL_CTRL_SET_TMP_DH:
wolfSSL 16:8e0d178b1d1e 40363 WOLFSSL_MSG("Entering Case: SSL_CTRL_SET_TMP_DH.");
wolfSSL 16:8e0d178b1d1e 40364 if (pt == NULL) {
wolfSSL 16:8e0d178b1d1e 40365 WOLFSSL_MSG("Passed in DH pointer NULL.");
wolfSSL 16:8e0d178b1d1e 40366 ret = WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 40367 break;
wolfSSL 16:8e0d178b1d1e 40368 }
wolfSSL 16:8e0d178b1d1e 40369 return wolfSSL_CTX_set_tmp_dh(ctx, (WOLFSSL_DH*)pt);
wolfSSL 16:8e0d178b1d1e 40370 #endif
wolfSSL 16:8e0d178b1d1e 40371
wolfSSL 16:8e0d178b1d1e 40372 #ifdef HAVE_ECC
wolfSSL 16:8e0d178b1d1e 40373 case SSL_CTRL_SET_TMP_ECDH:
wolfSSL 16:8e0d178b1d1e 40374 WOLFSSL_MSG("Entering Case: SSL_CTRL_SET_TMP_ECDH.");
wolfSSL 16:8e0d178b1d1e 40375 if (pt == NULL) {
wolfSSL 16:8e0d178b1d1e 40376 WOLFSSL_MSG("Passed in ECDH pointer NULL.");
wolfSSL 16:8e0d178b1d1e 40377 ret = WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 40378 break;
wolfSSL 16:8e0d178b1d1e 40379 }
wolfSSL 16:8e0d178b1d1e 40380 return wolfSSL_SSL_CTX_set_tmp_ecdh(ctx, (WOLFSSL_EC_KEY*)pt);
wolfSSL 16:8e0d178b1d1e 40381 #endif
wolfSSL 16:8e0d178b1d1e 40382 case SSL_CTRL_MODE:
wolfSSL 16:8e0d178b1d1e 40383 wolfSSL_CTX_set_mode(ctx,opt);
wolfSSL 16:8e0d178b1d1e 40384 break;
wolfSSL 16:8e0d178b1d1e 40385
wolfSSL 16:8e0d178b1d1e 40386 default:
wolfSSL 16:8e0d178b1d1e 40387 WOLFSSL_MSG("CTX_ctrl cmd not implemented");
wolfSSL 16:8e0d178b1d1e 40388 ret = WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 40389 break;
wolfSSL 16:8e0d178b1d1e 40390 }
wolfSSL 16:8e0d178b1d1e 40391
wolfSSL 16:8e0d178b1d1e 40392 (void)ctx;
wolfSSL 16:8e0d178b1d1e 40393 (void)cmd;
wolfSSL 16:8e0d178b1d1e 40394 (void)opt;
wolfSSL 16:8e0d178b1d1e 40395 (void)pt;
wolfSSL 16:8e0d178b1d1e 40396 WOLFSSL_LEAVE("wolfSSL_CTX_ctrl", (int)ret);
wolfSSL 16:8e0d178b1d1e 40397 return ret;
wolfSSL 16:8e0d178b1d1e 40398 }
wolfSSL 16:8e0d178b1d1e 40399
wolfSSL 16:8e0d178b1d1e 40400 #ifndef WOLFSSL_NO_STUB
wolfSSL 16:8e0d178b1d1e 40401 long wolfSSL_CTX_callback_ctrl(WOLFSSL_CTX* ctx, int cmd, void (*fp)(void))
wolfSSL 16:8e0d178b1d1e 40402 {
wolfSSL 16:8e0d178b1d1e 40403 (void) ctx;
wolfSSL 16:8e0d178b1d1e 40404 (void) cmd;
wolfSSL 16:8e0d178b1d1e 40405 (void) fp;
wolfSSL 16:8e0d178b1d1e 40406 WOLFSSL_STUB("wolfSSL_CTX_callback_ctrl");
wolfSSL 16:8e0d178b1d1e 40407 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 40408
wolfSSL 16:8e0d178b1d1e 40409 }
wolfSSL 16:8e0d178b1d1e 40410 #endif /* WOLFSSL_NO_STUB */
wolfSSL 16:8e0d178b1d1e 40411
wolfSSL 16:8e0d178b1d1e 40412 #ifndef NO_WOLFSSL_STUB
wolfSSL 16:8e0d178b1d1e 40413 long wolfSSL_CTX_clear_extra_chain_certs(WOLFSSL_CTX* ctx)
wolfSSL 16:8e0d178b1d1e 40414 {
wolfSSL 16:8e0d178b1d1e 40415 return wolfSSL_CTX_ctrl(ctx, SSL_CTRL_CLEAR_EXTRA_CHAIN_CERTS, 0l, NULL);
wolfSSL 16:8e0d178b1d1e 40416 }
wolfSSL 16:8e0d178b1d1e 40417 #endif
wolfSSL 15:117db924cf7c 40418
wolfSSL 15:117db924cf7c 40419 /* Returns the verifyCallback from the ssl structure if successful.
wolfSSL 15:117db924cf7c 40420 Returns NULL otherwise. */
wolfSSL 15:117db924cf7c 40421 VerifyCallback wolfSSL_get_verify_callback(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 40422 {
wolfSSL 15:117db924cf7c 40423 WOLFSSL_ENTER("wolfSSL_get_verify_callback()");
wolfSSL 15:117db924cf7c 40424 if (ssl) {
wolfSSL 15:117db924cf7c 40425 return ssl->verifyCallback;
wolfSSL 15:117db924cf7c 40426 }
wolfSSL 15:117db924cf7c 40427 return NULL;
wolfSSL 15:117db924cf7c 40428 }
wolfSSL 15:117db924cf7c 40429
wolfSSL 15:117db924cf7c 40430 /* Creates a new bio pair.
wolfSSL 15:117db924cf7c 40431 Returns WOLFSSL_SUCCESS if no error, WOLFSSL_FAILURE otherwise.*/
wolfSSL 15:117db924cf7c 40432 int wolfSSL_BIO_new_bio_pair(WOLFSSL_BIO **bio1_p, size_t writebuf1,
wolfSSL 15:117db924cf7c 40433 WOLFSSL_BIO **bio2_p, size_t writebuf2)
wolfSSL 15:117db924cf7c 40434 {
wolfSSL 15:117db924cf7c 40435 WOLFSSL_BIO *bio1 = NULL, *bio2 = NULL;
wolfSSL 15:117db924cf7c 40436 int ret = 1;
wolfSSL 15:117db924cf7c 40437
wolfSSL 15:117db924cf7c 40438 WOLFSSL_ENTER("wolfSSL_BIO_new_bio_pair()");
wolfSSL 15:117db924cf7c 40439
wolfSSL 15:117db924cf7c 40440 if (bio1_p == NULL || bio2_p == NULL) {
wolfSSL 15:117db924cf7c 40441 WOLFSSL_MSG("Bad Function Argument");
wolfSSL 15:117db924cf7c 40442 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 40443 }
wolfSSL 15:117db924cf7c 40444
wolfSSL 15:117db924cf7c 40445 /* set up the new bio structures and write buf sizes */
wolfSSL 15:117db924cf7c 40446 if ((bio1 = wolfSSL_BIO_new(wolfSSL_BIO_s_bio())) == NULL) {
wolfSSL 15:117db924cf7c 40447 WOLFSSL_MSG("Bio allocation failed");
wolfSSL 15:117db924cf7c 40448 ret = WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 40449 }
wolfSSL 15:117db924cf7c 40450 if (ret) {
wolfSSL 15:117db924cf7c 40451 if ((bio2 = wolfSSL_BIO_new(wolfSSL_BIO_s_bio())) == NULL) {
wolfSSL 15:117db924cf7c 40452 WOLFSSL_MSG("Bio allocation failed");
wolfSSL 15:117db924cf7c 40453 ret = WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 40454 }
wolfSSL 15:117db924cf7c 40455 }
wolfSSL 15:117db924cf7c 40456 if (ret && writebuf1) {
wolfSSL 15:117db924cf7c 40457 if (!(ret = wolfSSL_BIO_set_write_buf_size(bio1, writebuf1))) {
wolfSSL 15:117db924cf7c 40458 WOLFSSL_MSG("wolfSSL_BIO_set_write_buf() failure");
wolfSSL 15:117db924cf7c 40459 }
wolfSSL 15:117db924cf7c 40460 }
wolfSSL 15:117db924cf7c 40461 if (ret && writebuf2) {
wolfSSL 15:117db924cf7c 40462 if (!(ret = wolfSSL_BIO_set_write_buf_size(bio2, writebuf2))) {
wolfSSL 15:117db924cf7c 40463 WOLFSSL_MSG("wolfSSL_BIO_set_write_buf() failure");
wolfSSL 15:117db924cf7c 40464 }
wolfSSL 15:117db924cf7c 40465 }
wolfSSL 15:117db924cf7c 40466
wolfSSL 15:117db924cf7c 40467 if (ret) {
wolfSSL 15:117db924cf7c 40468 if ((ret = wolfSSL_BIO_make_bio_pair(bio1, bio2))) {
wolfSSL 15:117db924cf7c 40469 *bio1_p = bio1;
wolfSSL 15:117db924cf7c 40470 *bio2_p = bio2;
wolfSSL 15:117db924cf7c 40471 }
wolfSSL 15:117db924cf7c 40472 }
wolfSSL 15:117db924cf7c 40473 if (!ret) {
wolfSSL 15:117db924cf7c 40474 wolfSSL_BIO_free(bio1);
wolfSSL 15:117db924cf7c 40475 bio1 = NULL;
wolfSSL 15:117db924cf7c 40476 wolfSSL_BIO_free(bio2);
wolfSSL 15:117db924cf7c 40477 bio2 = NULL;
wolfSSL 15:117db924cf7c 40478 }
wolfSSL 15:117db924cf7c 40479 return ret;
wolfSSL 15:117db924cf7c 40480 }
wolfSSL 15:117db924cf7c 40481
wolfSSL 15:117db924cf7c 40482
wolfSSL 16:8e0d178b1d1e 40483 #if !defined(HAVE_FAST_RSA) && defined(WOLFSSL_KEY_GEN) && \
wolfSSL 16:8e0d178b1d1e 40484 !defined(NO_RSA) && !defined(HAVE_USER_RSA)
wolfSSL 15:117db924cf7c 40485 /* Converts an rsa key from a bio buffer into an internal rsa structure.
wolfSSL 15:117db924cf7c 40486 Returns a pointer to the new WOLFSSL_RSA structure. */
wolfSSL 15:117db924cf7c 40487 WOLFSSL_RSA* wolfSSL_d2i_RSAPrivateKey_bio(WOLFSSL_BIO *bio, WOLFSSL_RSA **out)
wolfSSL 15:117db924cf7c 40488 {
wolfSSL 15:117db924cf7c 40489 const unsigned char* bioMem = NULL;
wolfSSL 15:117db924cf7c 40490 int bioMemSz = 0;
wolfSSL 15:117db924cf7c 40491 WOLFSSL_RSA* key = NULL;
wolfSSL 15:117db924cf7c 40492 unsigned char maxKeyBuf[4096];
wolfSSL 15:117db924cf7c 40493 unsigned char* bufPtr = NULL;
wolfSSL 15:117db924cf7c 40494 unsigned char* extraBioMem = NULL;
wolfSSL 15:117db924cf7c 40495 int extraBioMemSz = 0;
wolfSSL 15:117db924cf7c 40496 int derLength = 0;
wolfSSL 15:117db924cf7c 40497 int j = 0, i = 0;
wolfSSL 15:117db924cf7c 40498
wolfSSL 15:117db924cf7c 40499 WOLFSSL_ENTER("wolfSSL_d2i_RSAPrivateKey_bio()");
wolfSSL 15:117db924cf7c 40500
wolfSSL 15:117db924cf7c 40501 if (bio == NULL) {
wolfSSL 15:117db924cf7c 40502 WOLFSSL_MSG("Bad Function Argument");
wolfSSL 15:117db924cf7c 40503 return NULL;
wolfSSL 15:117db924cf7c 40504 }
wolfSSL 15:117db924cf7c 40505 (void)out;
wolfSSL 15:117db924cf7c 40506
wolfSSL 15:117db924cf7c 40507 bioMemSz = wolfSSL_BIO_pending(bio);
wolfSSL 15:117db924cf7c 40508 if (bioMemSz <= 0) {
wolfSSL 15:117db924cf7c 40509 WOLFSSL_MSG("wolfSSL_BIO_pending() failure");
wolfSSL 15:117db924cf7c 40510 return NULL;
wolfSSL 15:117db924cf7c 40511 }
wolfSSL 15:117db924cf7c 40512
wolfSSL 15:117db924cf7c 40513 bioMem = (unsigned char*)XMALLOC(bioMemSz, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 40514 if (bioMem == NULL) {
wolfSSL 15:117db924cf7c 40515 WOLFSSL_MSG("Malloc failure");
wolfSSL 15:117db924cf7c 40516 return NULL;
wolfSSL 15:117db924cf7c 40517 }
wolfSSL 15:117db924cf7c 40518
wolfSSL 15:117db924cf7c 40519 bufPtr = maxKeyBuf;
wolfSSL 15:117db924cf7c 40520 if (wolfSSL_BIO_read(bio, (unsigned char*)bioMem, (int)bioMemSz) == bioMemSz) {
wolfSSL 16:8e0d178b1d1e 40521 const byte* bioMemPt = bioMem; /* leave bioMem pointer unaltered */
wolfSSL 16:8e0d178b1d1e 40522 if ((key = wolfSSL_d2i_RSAPrivateKey(NULL, &bioMemPt, bioMemSz)) == NULL) {
wolfSSL 15:117db924cf7c 40523 XFREE((unsigned char*)bioMem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 40524 return NULL;
wolfSSL 15:117db924cf7c 40525 }
wolfSSL 15:117db924cf7c 40526
wolfSSL 15:117db924cf7c 40527 /* This function is used to get the total length of the rsa key. */
wolfSSL 15:117db924cf7c 40528 derLength = wolfSSL_i2d_RSAPrivateKey(key, &bufPtr);
wolfSSL 15:117db924cf7c 40529
wolfSSL 15:117db924cf7c 40530 /* Write extra data back into bio object if necessary. */
wolfSSL 15:117db924cf7c 40531 extraBioMemSz = (bioMemSz - derLength);
wolfSSL 15:117db924cf7c 40532 if (extraBioMemSz > 0) {
wolfSSL 15:117db924cf7c 40533 extraBioMem = (unsigned char *)XMALLOC(extraBioMemSz, NULL,
wolfSSL 15:117db924cf7c 40534 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 40535 if (extraBioMem == NULL) {
wolfSSL 16:8e0d178b1d1e 40536 WOLFSSL_MSG("Malloc failure");
wolfSSL 16:8e0d178b1d1e 40537 XFREE((unsigned char*)extraBioMem, bio->heap,
wolfSSL 15:117db924cf7c 40538 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 40539 XFREE((unsigned char*)bioMem, bio->heap,
wolfSSL 15:117db924cf7c 40540 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 40541 return NULL;
wolfSSL 15:117db924cf7c 40542 }
wolfSSL 15:117db924cf7c 40543
wolfSSL 15:117db924cf7c 40544 for (i = derLength; i < bioMemSz; i++) {
wolfSSL 15:117db924cf7c 40545 *(extraBioMem + j) = *(bioMem + i);
wolfSSL 15:117db924cf7c 40546 j++;
wolfSSL 15:117db924cf7c 40547 }
wolfSSL 15:117db924cf7c 40548
wolfSSL 15:117db924cf7c 40549 wolfSSL_BIO_write(bio, extraBioMem, extraBioMemSz);
wolfSSL 15:117db924cf7c 40550 if (wolfSSL_BIO_pending(bio) <= 0) {
wolfSSL 15:117db924cf7c 40551 WOLFSSL_MSG("Failed to write memory to bio");
wolfSSL 16:8e0d178b1d1e 40552 XFREE((unsigned char*)extraBioMem, bio->heap,
wolfSSL 15:117db924cf7c 40553 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 40554 XFREE((unsigned char*)bioMem, bio->heap,
wolfSSL 15:117db924cf7c 40555 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 40556 return NULL;
wolfSSL 15:117db924cf7c 40557 }
wolfSSL 16:8e0d178b1d1e 40558 XFREE((unsigned char*)extraBioMem, bio->heap,
wolfSSL 15:117db924cf7c 40559 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 40560 }
wolfSSL 15:117db924cf7c 40561
wolfSSL 15:117db924cf7c 40562 if (out != NULL && key != NULL) {
wolfSSL 15:117db924cf7c 40563 *out = key;
wolfSSL 15:117db924cf7c 40564 }
wolfSSL 15:117db924cf7c 40565 }
wolfSSL 15:117db924cf7c 40566 XFREE((unsigned char*)bioMem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 40567 return key;
wolfSSL 15:117db924cf7c 40568 }
wolfSSL 15:117db924cf7c 40569 #endif
wolfSSL 15:117db924cf7c 40570
wolfSSL 15:117db924cf7c 40571
wolfSSL 15:117db924cf7c 40572 /* Adds the ASN1 certificate to the user ctx.
wolfSSL 15:117db924cf7c 40573 Returns WOLFSSL_SUCCESS if no error, returns WOLFSSL_FAILURE otherwise.*/
wolfSSL 16:8e0d178b1d1e 40574 int wolfSSL_CTX_use_certificate_ASN1(WOLFSSL_CTX *ctx, int derSz,
wolfSSL 15:117db924cf7c 40575 const unsigned char *der)
wolfSSL 15:117db924cf7c 40576 {
wolfSSL 15:117db924cf7c 40577 WOLFSSL_ENTER("wolfSSL_CTX_use_certificate_ASN1()");
wolfSSL 15:117db924cf7c 40578 if (der != NULL && ctx != NULL) {
wolfSSL 16:8e0d178b1d1e 40579 if (wolfSSL_CTX_use_certificate_buffer(ctx, der, derSz,
wolfSSL 15:117db924cf7c 40580 WOLFSSL_FILETYPE_ASN1) == WOLFSSL_SUCCESS) {
wolfSSL 15:117db924cf7c 40581 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 40582 }
wolfSSL 15:117db924cf7c 40583
wolfSSL 15:117db924cf7c 40584 }
wolfSSL 15:117db924cf7c 40585 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 40586 }
wolfSSL 15:117db924cf7c 40587
wolfSSL 15:117db924cf7c 40588
wolfSSL 16:8e0d178b1d1e 40589 #if !defined(HAVE_FAST_RSA) && defined(WOLFSSL_KEY_GEN) && \
wolfSSL 16:8e0d178b1d1e 40590 !defined(NO_RSA) && !defined(HAVE_USER_RSA)
wolfSSL 15:117db924cf7c 40591 /* Adds the rsa private key to the user ctx.
wolfSSL 15:117db924cf7c 40592 Returns WOLFSSL_SUCCESS if no error, returns WOLFSSL_FAILURE otherwise.*/
wolfSSL 15:117db924cf7c 40593 int wolfSSL_CTX_use_RSAPrivateKey(WOLFSSL_CTX* ctx, WOLFSSL_RSA* rsa)
wolfSSL 15:117db924cf7c 40594 {
wolfSSL 15:117db924cf7c 40595 int ret;
wolfSSL 15:117db924cf7c 40596 int derSize;
wolfSSL 15:117db924cf7c 40597 unsigned char maxDerBuf[4096];
wolfSSL 15:117db924cf7c 40598 unsigned char* key = NULL;
wolfSSL 15:117db924cf7c 40599
wolfSSL 15:117db924cf7c 40600 WOLFSSL_ENTER("wolfSSL_CTX_use_RSAPrivateKey()");
wolfSSL 15:117db924cf7c 40601
wolfSSL 15:117db924cf7c 40602 if (ctx == NULL || rsa == NULL) {
wolfSSL 15:117db924cf7c 40603 WOLFSSL_MSG("one or more inputs were NULL");
wolfSSL 15:117db924cf7c 40604 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 40605 }
wolfSSL 15:117db924cf7c 40606 key = maxDerBuf;
wolfSSL 15:117db924cf7c 40607 /* convert RSA struct to der encoded buffer and get the size */
wolfSSL 15:117db924cf7c 40608 if ((derSize = wolfSSL_i2d_RSAPrivateKey(rsa, &key)) <= 0) {
wolfSSL 15:117db924cf7c 40609 WOLFSSL_MSG("wolfSSL_i2d_RSAPrivateKey() failure");
wolfSSL 15:117db924cf7c 40610 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 40611 }
wolfSSL 16:8e0d178b1d1e 40612 ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx, (const unsigned char*)maxDerBuf,
wolfSSL 15:117db924cf7c 40613 derSize, SSL_FILETYPE_ASN1);
wolfSSL 15:117db924cf7c 40614 if (ret != WOLFSSL_SUCCESS) {
wolfSSL 15:117db924cf7c 40615 WOLFSSL_MSG("wolfSSL_CTX_USE_PrivateKey_buffer() failure");
wolfSSL 15:117db924cf7c 40616 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 40617 }
wolfSSL 15:117db924cf7c 40618 return ret;
wolfSSL 15:117db924cf7c 40619 }
wolfSSL 15:117db924cf7c 40620 #endif /* NO_RSA && !HAVE_FAST_RSA */
wolfSSL 15:117db924cf7c 40621
wolfSSL 15:117db924cf7c 40622
wolfSSL 15:117db924cf7c 40623 /* Converts EVP_PKEY data from a bio buffer to a WOLFSSL_EVP_PKEY structure.
wolfSSL 15:117db924cf7c 40624 Returns pointer to private EVP_PKEY struct upon success, NULL if there
wolfSSL 15:117db924cf7c 40625 is a failure.*/
wolfSSL 15:117db924cf7c 40626 WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_bio(WOLFSSL_BIO* bio,
wolfSSL 15:117db924cf7c 40627 WOLFSSL_EVP_PKEY** out)
wolfSSL 15:117db924cf7c 40628 {
wolfSSL 15:117db924cf7c 40629 unsigned char* mem = NULL;
wolfSSL 15:117db924cf7c 40630 int memSz = 0;
wolfSSL 15:117db924cf7c 40631 WOLFSSL_EVP_PKEY* key = NULL;
wolfSSL 15:117db924cf7c 40632 int i = 0, j = 0;
wolfSSL 15:117db924cf7c 40633 unsigned char* extraBioMem = NULL;
wolfSSL 15:117db924cf7c 40634 int extraBioMemSz = 0;
wolfSSL 15:117db924cf7c 40635 int derLength = 0;
wolfSSL 15:117db924cf7c 40636
wolfSSL 15:117db924cf7c 40637 WOLFSSL_ENTER("wolfSSL_d2i_PrivateKey_bio()");
wolfSSL 15:117db924cf7c 40638
wolfSSL 15:117db924cf7c 40639 if (bio == NULL) {
wolfSSL 15:117db924cf7c 40640 return NULL;
wolfSSL 15:117db924cf7c 40641 }
wolfSSL 15:117db924cf7c 40642 (void)out;
wolfSSL 15:117db924cf7c 40643
wolfSSL 15:117db924cf7c 40644 memSz = wolfSSL_BIO_pending(bio);
wolfSSL 15:117db924cf7c 40645 if (memSz <= 0) {
wolfSSL 15:117db924cf7c 40646 WOLFSSL_MSG("wolfSSL_BIO_pending() failure");
wolfSSL 15:117db924cf7c 40647 return NULL;
wolfSSL 15:117db924cf7c 40648 }
wolfSSL 15:117db924cf7c 40649
wolfSSL 15:117db924cf7c 40650 mem = (unsigned char*)XMALLOC(memSz, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 40651 if (mem == NULL) {
wolfSSL 15:117db924cf7c 40652 WOLFSSL_MSG("Malloc failure");
wolfSSL 15:117db924cf7c 40653 return NULL;
wolfSSL 15:117db924cf7c 40654 }
wolfSSL 15:117db924cf7c 40655
wolfSSL 15:117db924cf7c 40656 if (wolfSSL_BIO_read(bio, (unsigned char*)mem, memSz) == memSz) {
wolfSSL 15:117db924cf7c 40657 /* Determines key type and returns the new private EVP_PKEY object */
wolfSSL 15:117db924cf7c 40658 if ((key = wolfSSL_d2i_PrivateKey_EVP(NULL, &mem, (long)memSz)) == NULL) {
wolfSSL 15:117db924cf7c 40659 WOLFSSL_MSG("wolfSSL_d2i_PrivateKey_EVP() failure");
wolfSSL 15:117db924cf7c 40660 XFREE(mem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 40661 return NULL;
wolfSSL 15:117db924cf7c 40662 }
wolfSSL 15:117db924cf7c 40663
wolfSSL 15:117db924cf7c 40664 /* Write extra data back into bio object if necessary. */
wolfSSL 15:117db924cf7c 40665 derLength = key->pkey_sz;
wolfSSL 15:117db924cf7c 40666 extraBioMemSz = (memSz - derLength);
wolfSSL 15:117db924cf7c 40667 if (extraBioMemSz > 0) {
wolfSSL 15:117db924cf7c 40668 extraBioMem = (unsigned char *)XMALLOC(extraBioMemSz, NULL,
wolfSSL 15:117db924cf7c 40669 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 40670 if (extraBioMem == NULL) {
wolfSSL 15:117db924cf7c 40671 WOLFSSL_MSG("Malloc failure");
wolfSSL 15:117db924cf7c 40672 XFREE((unsigned char*)extraBioMem, bio->heap,
wolfSSL 15:117db924cf7c 40673 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 40674 XFREE(mem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 40675 return NULL;
wolfSSL 15:117db924cf7c 40676 }
wolfSSL 15:117db924cf7c 40677
wolfSSL 15:117db924cf7c 40678 for (i = derLength; i < memSz; i++) {
wolfSSL 15:117db924cf7c 40679 *(extraBioMem + j) = *(mem + i);
wolfSSL 15:117db924cf7c 40680 j++;
wolfSSL 15:117db924cf7c 40681 }
wolfSSL 15:117db924cf7c 40682
wolfSSL 15:117db924cf7c 40683 wolfSSL_BIO_write(bio, extraBioMem, extraBioMemSz);
wolfSSL 15:117db924cf7c 40684 if (wolfSSL_BIO_pending(bio) <= 0) {
wolfSSL 15:117db924cf7c 40685 WOLFSSL_MSG("Failed to write memory to bio");
wolfSSL 15:117db924cf7c 40686 XFREE((unsigned char*)extraBioMem, bio->heap,
wolfSSL 15:117db924cf7c 40687 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 40688 XFREE(mem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 40689 return NULL;
wolfSSL 15:117db924cf7c 40690 }
wolfSSL 15:117db924cf7c 40691 XFREE((unsigned char*)extraBioMem, bio->heap,
wolfSSL 15:117db924cf7c 40692 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 40693 }
wolfSSL 15:117db924cf7c 40694
wolfSSL 16:8e0d178b1d1e 40695 if (out != NULL) {
wolfSSL 15:117db924cf7c 40696 *out = key;
wolfSSL 15:117db924cf7c 40697 }
wolfSSL 15:117db924cf7c 40698 }
wolfSSL 15:117db924cf7c 40699 XFREE(mem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 40700 return key;
wolfSSL 15:117db924cf7c 40701 }
wolfSSL 15:117db924cf7c 40702
wolfSSL 15:117db924cf7c 40703
wolfSSL 15:117db924cf7c 40704 /* Converts a DER encoded private key to a WOLFSSL_EVP_PKEY structure.
wolfSSL 15:117db924cf7c 40705 * returns a pointer to a new WOLFSSL_EVP_PKEY structure on success and NULL
wolfSSL 15:117db924cf7c 40706 * on fail */
wolfSSL 15:117db924cf7c 40707 WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_EVP(WOLFSSL_EVP_PKEY** out,
wolfSSL 15:117db924cf7c 40708 unsigned char** in, long inSz)
wolfSSL 15:117db924cf7c 40709 {
wolfSSL 15:117db924cf7c 40710 WOLFSSL_EVP_PKEY* pkey = NULL;
wolfSSL 15:117db924cf7c 40711 const unsigned char* mem;
wolfSSL 15:117db924cf7c 40712 long memSz = inSz;
wolfSSL 15:117db924cf7c 40713
wolfSSL 15:117db924cf7c 40714 WOLFSSL_ENTER("wolfSSL_d2i_PrivateKey_EVP()");
wolfSSL 15:117db924cf7c 40715
wolfSSL 16:8e0d178b1d1e 40716 if (in == NULL || *in == NULL || inSz < 0) {
wolfSSL 15:117db924cf7c 40717 WOLFSSL_MSG("Bad argument");
wolfSSL 15:117db924cf7c 40718 return NULL;
wolfSSL 15:117db924cf7c 40719 }
wolfSSL 15:117db924cf7c 40720 mem = *in;
wolfSSL 15:117db924cf7c 40721
wolfSSL 15:117db924cf7c 40722 #if !defined(NO_RSA)
wolfSSL 15:117db924cf7c 40723 {
wolfSSL 15:117db924cf7c 40724 RsaKey rsa;
wolfSSL 15:117db924cf7c 40725 word32 keyIdx = 0;
wolfSSL 15:117db924cf7c 40726
wolfSSL 15:117db924cf7c 40727 /* test if RSA key */
wolfSSL 15:117db924cf7c 40728 if (wc_InitRsaKey(&rsa, NULL) == 0 &&
wolfSSL 15:117db924cf7c 40729 wc_RsaPrivateKeyDecode(mem, &keyIdx, &rsa, (word32)memSz) == 0) {
wolfSSL 15:117db924cf7c 40730 wc_FreeRsaKey(&rsa);
wolfSSL 16:8e0d178b1d1e 40731 pkey = wolfSSL_EVP_PKEY_new();
wolfSSL 15:117db924cf7c 40732 if (pkey != NULL) {
wolfSSL 15:117db924cf7c 40733 pkey->pkey_sz = keyIdx;
wolfSSL 15:117db924cf7c 40734 pkey->pkey.ptr = (char*)XMALLOC(memSz, NULL,
wolfSSL 15:117db924cf7c 40735 DYNAMIC_TYPE_PRIVATE_KEY);
wolfSSL 15:117db924cf7c 40736 if (pkey->pkey.ptr == NULL) {
wolfSSL 15:117db924cf7c 40737 wolfSSL_EVP_PKEY_free(pkey);
wolfSSL 15:117db924cf7c 40738 return NULL;
wolfSSL 15:117db924cf7c 40739 }
wolfSSL 15:117db924cf7c 40740 XMEMCPY(pkey->pkey.ptr, mem, keyIdx);
wolfSSL 15:117db924cf7c 40741 pkey->type = EVP_PKEY_RSA;
wolfSSL 15:117db924cf7c 40742 if (out != NULL) {
wolfSSL 15:117db924cf7c 40743 *out = pkey;
wolfSSL 15:117db924cf7c 40744 }
wolfSSL 15:117db924cf7c 40745
wolfSSL 15:117db924cf7c 40746 pkey->ownRsa = 1;
wolfSSL 15:117db924cf7c 40747 pkey->rsa = wolfSSL_RSA_new();
wolfSSL 15:117db924cf7c 40748 if (pkey->rsa == NULL) {
wolfSSL 15:117db924cf7c 40749 wolfSSL_EVP_PKEY_free(pkey);
wolfSSL 15:117db924cf7c 40750 return NULL;
wolfSSL 15:117db924cf7c 40751 }
wolfSSL 15:117db924cf7c 40752
wolfSSL 15:117db924cf7c 40753 if (wolfSSL_RSA_LoadDer_ex(pkey->rsa,
wolfSSL 15:117db924cf7c 40754 (const unsigned char*)pkey->pkey.ptr,
wolfSSL 15:117db924cf7c 40755 pkey->pkey_sz, WOLFSSL_RSA_LOAD_PRIVATE) != 1) {
wolfSSL 15:117db924cf7c 40756 wolfSSL_EVP_PKEY_free(pkey);
wolfSSL 15:117db924cf7c 40757 return NULL;
wolfSSL 15:117db924cf7c 40758 }
wolfSSL 15:117db924cf7c 40759
wolfSSL 15:117db924cf7c 40760 return pkey;
wolfSSL 15:117db924cf7c 40761 }
wolfSSL 15:117db924cf7c 40762 }
wolfSSL 15:117db924cf7c 40763 wc_FreeRsaKey(&rsa);
wolfSSL 15:117db924cf7c 40764 }
wolfSSL 15:117db924cf7c 40765 #endif /* NO_RSA */
wolfSSL 15:117db924cf7c 40766
wolfSSL 15:117db924cf7c 40767 #ifdef HAVE_ECC
wolfSSL 15:117db924cf7c 40768 {
wolfSSL 15:117db924cf7c 40769 word32 keyIdx = 0;
wolfSSL 15:117db924cf7c 40770 ecc_key ecc;
wolfSSL 15:117db924cf7c 40771
wolfSSL 15:117db924cf7c 40772 /* test if ecc key */
wolfSSL 15:117db924cf7c 40773 if (wc_ecc_init(&ecc) == 0 &&
wolfSSL 15:117db924cf7c 40774 wc_EccPrivateKeyDecode(mem, &keyIdx, &ecc, (word32)memSz) == 0) {
wolfSSL 15:117db924cf7c 40775 wc_ecc_free(&ecc);
wolfSSL 16:8e0d178b1d1e 40776 pkey = wolfSSL_EVP_PKEY_new();
wolfSSL 15:117db924cf7c 40777 if (pkey != NULL) {
wolfSSL 15:117db924cf7c 40778 pkey->pkey_sz = keyIdx;
wolfSSL 15:117db924cf7c 40779 pkey->pkey.ptr = (char*)XMALLOC(keyIdx, NULL,
wolfSSL 15:117db924cf7c 40780 DYNAMIC_TYPE_PRIVATE_KEY);
wolfSSL 15:117db924cf7c 40781 if (pkey->pkey.ptr == NULL) {
wolfSSL 15:117db924cf7c 40782 wolfSSL_EVP_PKEY_free(pkey);
wolfSSL 15:117db924cf7c 40783 return NULL;
wolfSSL 15:117db924cf7c 40784 }
wolfSSL 15:117db924cf7c 40785 XMEMCPY(pkey->pkey.ptr, mem, keyIdx);
wolfSSL 15:117db924cf7c 40786 pkey->type = EVP_PKEY_EC;
wolfSSL 15:117db924cf7c 40787 if (out != NULL) {
wolfSSL 15:117db924cf7c 40788 *out = pkey;
wolfSSL 15:117db924cf7c 40789 }
wolfSSL 15:117db924cf7c 40790 return pkey;
wolfSSL 15:117db924cf7c 40791 }
wolfSSL 15:117db924cf7c 40792 }
wolfSSL 15:117db924cf7c 40793 wc_ecc_free(&ecc);
wolfSSL 15:117db924cf7c 40794 }
wolfSSL 15:117db924cf7c 40795 #endif /* HAVE_ECC */
wolfSSL 15:117db924cf7c 40796 return pkey;
wolfSSL 15:117db924cf7c 40797 }
wolfSSL 16:8e0d178b1d1e 40798 #endif /* OPENSSL_ALL || WOLFSSL_ASIO || WOLFSSL_HAPROXY || WOLFSSL_QT */
wolfSSL 15:117db924cf7c 40799
wolfSSL 15:117db924cf7c 40800
wolfSSL 15:117db924cf7c 40801 /* stunnel compatibility functions*/
wolfSSL 16:8e0d178b1d1e 40802 #if defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && (defined(HAVE_STUNNEL) || \
wolfSSL 16:8e0d178b1d1e 40803 defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY) || \
wolfSSL 16:8e0d178b1d1e 40804 defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_OPENSSH)))
wolfSSL 15:117db924cf7c 40805 void wolfSSL_ERR_remove_thread_state(void* pid)
wolfSSL 15:117db924cf7c 40806 {
wolfSSL 15:117db924cf7c 40807 (void) pid;
wolfSSL 15:117db924cf7c 40808 return;
wolfSSL 15:117db924cf7c 40809 }
wolfSSL 15:117db924cf7c 40810
wolfSSL 15:117db924cf7c 40811 #ifndef NO_FILESYSTEM
wolfSSL 15:117db924cf7c 40812 /***TBD ***/
wolfSSL 16:8e0d178b1d1e 40813 void wolfSSL_print_all_errors_fp(XFILE fp)
wolfSSL 15:117db924cf7c 40814 {
wolfSSL 15:117db924cf7c 40815 (void)fp;
wolfSSL 15:117db924cf7c 40816 }
wolfSSL 15:117db924cf7c 40817 #endif
wolfSSL 15:117db924cf7c 40818
wolfSSL 15:117db924cf7c 40819 int wolfSSL_SESSION_set_ex_data(WOLFSSL_SESSION* session, int idx, void* data)
wolfSSL 15:117db924cf7c 40820 {
wolfSSL 15:117db924cf7c 40821 WOLFSSL_ENTER("wolfSSL_SESSION_set_ex_data");
wolfSSL 15:117db924cf7c 40822 #ifdef HAVE_EX_DATA
wolfSSL 16:8e0d178b1d1e 40823 if(session != NULL) {
wolfSSL 16:8e0d178b1d1e 40824 return wolfSSL_CRYPTO_set_ex_data(&session->ex_data, idx, data);
wolfSSL 15:117db924cf7c 40825 }
wolfSSL 15:117db924cf7c 40826 #else
wolfSSL 15:117db924cf7c 40827 (void)session;
wolfSSL 15:117db924cf7c 40828 (void)idx;
wolfSSL 15:117db924cf7c 40829 (void)data;
wolfSSL 15:117db924cf7c 40830 #endif
wolfSSL 15:117db924cf7c 40831 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 40832 }
wolfSSL 15:117db924cf7c 40833
wolfSSL 15:117db924cf7c 40834
wolfSSL 15:117db924cf7c 40835 int wolfSSL_SESSION_get_ex_new_index(long idx, void* data, void* cb1,
wolfSSL 15:117db924cf7c 40836 void* cb2, CRYPTO_free_func* cb3)
wolfSSL 15:117db924cf7c 40837 {
wolfSSL 15:117db924cf7c 40838 WOLFSSL_ENTER("wolfSSL_SESSION_get_ex_new_index");
wolfSSL 15:117db924cf7c 40839 (void)idx;
wolfSSL 15:117db924cf7c 40840 (void)cb1;
wolfSSL 15:117db924cf7c 40841 (void)cb2;
wolfSSL 15:117db924cf7c 40842 (void)cb3;
wolfSSL 15:117db924cf7c 40843 if (XSTRNCMP((const char*)data, "redirect index", 14) == 0) {
wolfSSL 15:117db924cf7c 40844 return 0;
wolfSSL 15:117db924cf7c 40845 }
wolfSSL 15:117db924cf7c 40846 else if (XSTRNCMP((const char*)data, "addr index", 10) == 0) {
wolfSSL 15:117db924cf7c 40847 return 1;
wolfSSL 15:117db924cf7c 40848 }
wolfSSL 15:117db924cf7c 40849 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 40850 }
wolfSSL 15:117db924cf7c 40851
wolfSSL 15:117db924cf7c 40852
wolfSSL 15:117db924cf7c 40853 void* wolfSSL_SESSION_get_ex_data(const WOLFSSL_SESSION* session, int idx)
wolfSSL 15:117db924cf7c 40854 {
wolfSSL 15:117db924cf7c 40855 WOLFSSL_ENTER("wolfSSL_SESSION_get_ex_data");
wolfSSL 15:117db924cf7c 40856 #ifdef HAVE_EX_DATA
wolfSSL 16:8e0d178b1d1e 40857 if (session != NULL) {
wolfSSL 16:8e0d178b1d1e 40858 return wolfSSL_CRYPTO_get_ex_data(&session->ex_data, idx);
wolfSSL 16:8e0d178b1d1e 40859 }
wolfSSL 15:117db924cf7c 40860 #else
wolfSSL 15:117db924cf7c 40861 (void)session;
wolfSSL 15:117db924cf7c 40862 (void)idx;
wolfSSL 15:117db924cf7c 40863 #endif
wolfSSL 15:117db924cf7c 40864 return NULL;
wolfSSL 15:117db924cf7c 40865 }
wolfSSL 15:117db924cf7c 40866
wolfSSL 15:117db924cf7c 40867 #ifndef NO_WOLFSSL_STUB
wolfSSL 15:117db924cf7c 40868 int wolfSSL_CRYPTO_set_mem_ex_functions(void *(*m) (size_t, const char *, int),
wolfSSL 15:117db924cf7c 40869 void *(*r) (void *, size_t, const char *,
wolfSSL 15:117db924cf7c 40870 int), void (*f) (void *))
wolfSSL 15:117db924cf7c 40871 {
wolfSSL 15:117db924cf7c 40872 (void) m;
wolfSSL 15:117db924cf7c 40873 (void) r;
wolfSSL 15:117db924cf7c 40874 (void) f;
wolfSSL 15:117db924cf7c 40875 WOLFSSL_ENTER("wolfSSL_CRYPTO_set_mem_ex_functions");
wolfSSL 15:117db924cf7c 40876 WOLFSSL_STUB("CRYPTO_set_mem_ex_functions");
wolfSSL 15:117db924cf7c 40877
wolfSSL 15:117db924cf7c 40878 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 40879 }
wolfSSL 15:117db924cf7c 40880 #endif
wolfSSL 15:117db924cf7c 40881
wolfSSL 15:117db924cf7c 40882
wolfSSL 15:117db924cf7c 40883 void wolfSSL_CRYPTO_cleanup_all_ex_data(void){
wolfSSL 15:117db924cf7c 40884 WOLFSSL_ENTER("CRYPTO_cleanup_all_ex_data");
wolfSSL 15:117db924cf7c 40885 }
wolfSSL 15:117db924cf7c 40886
wolfSSL 15:117db924cf7c 40887
wolfSSL 15:117db924cf7c 40888 #ifndef NO_WOLFSSL_STUB
wolfSSL 15:117db924cf7c 40889 WOLFSSL_DH *wolfSSL_DH_generate_parameters(int prime_len, int generator,
wolfSSL 15:117db924cf7c 40890 void (*callback) (int, int, void *), void *cb_arg)
wolfSSL 15:117db924cf7c 40891 {
wolfSSL 15:117db924cf7c 40892 (void)prime_len;
wolfSSL 15:117db924cf7c 40893 (void)generator;
wolfSSL 15:117db924cf7c 40894 (void)callback;
wolfSSL 15:117db924cf7c 40895 (void)cb_arg;
wolfSSL 15:117db924cf7c 40896 WOLFSSL_ENTER("wolfSSL_DH_generate_parameters");
wolfSSL 15:117db924cf7c 40897 WOLFSSL_STUB("DH_generate_parameters");
wolfSSL 15:117db924cf7c 40898
wolfSSL 15:117db924cf7c 40899 return NULL;
wolfSSL 15:117db924cf7c 40900 }
wolfSSL 15:117db924cf7c 40901 #endif
wolfSSL 15:117db924cf7c 40902
wolfSSL 15:117db924cf7c 40903 #ifndef NO_WOLFSSL_STUB
wolfSSL 15:117db924cf7c 40904 int wolfSSL_DH_generate_parameters_ex(WOLFSSL_DH* dh, int prime_len, int generator,
wolfSSL 15:117db924cf7c 40905 void (*callback) (int, int, void *))
wolfSSL 15:117db924cf7c 40906 {
wolfSSL 15:117db924cf7c 40907 (void)prime_len;
wolfSSL 15:117db924cf7c 40908 (void)generator;
wolfSSL 15:117db924cf7c 40909 (void)callback;
wolfSSL 15:117db924cf7c 40910 (void)dh;
wolfSSL 15:117db924cf7c 40911 WOLFSSL_ENTER("wolfSSL_DH_generate_parameters_ex");
wolfSSL 15:117db924cf7c 40912 WOLFSSL_STUB("DH_generate_parameters_ex");
wolfSSL 15:117db924cf7c 40913
wolfSSL 15:117db924cf7c 40914 return -1;
wolfSSL 15:117db924cf7c 40915 }
wolfSSL 15:117db924cf7c 40916 #endif
wolfSSL 15:117db924cf7c 40917
wolfSSL 15:117db924cf7c 40918 void wolfSSL_ERR_load_crypto_strings(void)
wolfSSL 15:117db924cf7c 40919 {
wolfSSL 15:117db924cf7c 40920 WOLFSSL_ENTER("wolfSSL_ERR_load_crypto_strings");
wolfSSL 15:117db924cf7c 40921 /* Do nothing */
wolfSSL 15:117db924cf7c 40922 return;
wolfSSL 15:117db924cf7c 40923 }
wolfSSL 15:117db924cf7c 40924
wolfSSL 15:117db924cf7c 40925 #ifndef NO_WOLFSSL_STUB
wolfSSL 15:117db924cf7c 40926 int wolfSSL_FIPS_mode(void)
wolfSSL 15:117db924cf7c 40927 {
wolfSSL 15:117db924cf7c 40928 WOLFSSL_ENTER("wolfSSL_FIPS_mode");
wolfSSL 15:117db924cf7c 40929 WOLFSSL_STUB("FIPS_mode");
wolfSSL 15:117db924cf7c 40930
wolfSSL 15:117db924cf7c 40931 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 40932 }
wolfSSL 15:117db924cf7c 40933 #endif
wolfSSL 15:117db924cf7c 40934
wolfSSL 15:117db924cf7c 40935 #ifndef NO_WOLFSSL_STUB
wolfSSL 15:117db924cf7c 40936 int wolfSSL_FIPS_mode_set(int r)
wolfSSL 15:117db924cf7c 40937 {
wolfSSL 15:117db924cf7c 40938 (void)r;
wolfSSL 15:117db924cf7c 40939 WOLFSSL_ENTER("wolfSSL_FIPS_mode_set");
wolfSSL 15:117db924cf7c 40940 WOLFSSL_STUB("FIPS_mode_set");
wolfSSL 15:117db924cf7c 40941
wolfSSL 15:117db924cf7c 40942 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 40943 }
wolfSSL 15:117db924cf7c 40944 #endif
wolfSSL 15:117db924cf7c 40945
wolfSSL 15:117db924cf7c 40946 #ifndef NO_WOLFSSL_STUB
wolfSSL 15:117db924cf7c 40947 int wolfSSL_RAND_set_rand_method(const void *meth)
wolfSSL 15:117db924cf7c 40948 {
wolfSSL 15:117db924cf7c 40949 (void) meth;
wolfSSL 15:117db924cf7c 40950 WOLFSSL_ENTER("wolfSSL_RAND_set_rand_method");
wolfSSL 15:117db924cf7c 40951 WOLFSSL_STUB("RAND_set_rand_method");
wolfSSL 15:117db924cf7c 40952
wolfSSL 15:117db924cf7c 40953 /* if implemented RAND_bytes and RAND_pseudo_bytes need updated
wolfSSL 15:117db924cf7c 40954 * those two functions will call the respective functions from meth */
wolfSSL 15:117db924cf7c 40955 return SSL_FAILURE;
wolfSSL 15:117db924cf7c 40956 }
wolfSSL 15:117db924cf7c 40957 #endif
wolfSSL 15:117db924cf7c 40958
wolfSSL 15:117db924cf7c 40959 int wolfSSL_CIPHER_get_bits(const WOLFSSL_CIPHER *c, int *alg_bits)
wolfSSL 15:117db924cf7c 40960 {
wolfSSL 15:117db924cf7c 40961 int ret = WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 40962 WOLFSSL_ENTER("wolfSSL_CIPHER_get_bits");
wolfSSL 16:8e0d178b1d1e 40963
wolfSSL 16:8e0d178b1d1e 40964 #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL)
wolfSSL 16:8e0d178b1d1e 40965 (void)alg_bits;
wolfSSL 16:8e0d178b1d1e 40966 if (c!= NULL)
wolfSSL 16:8e0d178b1d1e 40967 ret = c->bits;
wolfSSL 16:8e0d178b1d1e 40968 #else
wolfSSL 16:8e0d178b1d1e 40969 if (c != NULL && c->ssl != NULL) {
wolfSSL 15:117db924cf7c 40970 ret = 8 * c->ssl->specs.key_size;
wolfSSL 16:8e0d178b1d1e 40971 if (alg_bits != NULL) {
wolfSSL 15:117db924cf7c 40972 *alg_bits = ret;
wolfSSL 15:117db924cf7c 40973 }
wolfSSL 15:117db924cf7c 40974 }
wolfSSL 16:8e0d178b1d1e 40975 #endif
wolfSSL 16:8e0d178b1d1e 40976 return ret;
wolfSSL 16:8e0d178b1d1e 40977 }
wolfSSL 16:8e0d178b1d1e 40978
wolfSSL 16:8e0d178b1d1e 40979 #if defined(OPENSSL_ALL)
wolfSSL 16:8e0d178b1d1e 40980 WOLFSSL_X509_INFO* wolfSSL_X509_INFO_new(void)
wolfSSL 16:8e0d178b1d1e 40981 {
wolfSSL 16:8e0d178b1d1e 40982 WOLFSSL_X509_INFO* info;
wolfSSL 16:8e0d178b1d1e 40983 info = (WOLFSSL_X509_INFO*)XMALLOC(sizeof(WOLFSSL_X509_INFO), NULL,
wolfSSL 16:8e0d178b1d1e 40984 DYNAMIC_TYPE_X509);
wolfSSL 16:8e0d178b1d1e 40985 if (info) {
wolfSSL 16:8e0d178b1d1e 40986 XMEMSET(info, 0, sizeof(*info));
wolfSSL 16:8e0d178b1d1e 40987 }
wolfSSL 16:8e0d178b1d1e 40988 return info;
wolfSSL 16:8e0d178b1d1e 40989 }
wolfSSL 16:8e0d178b1d1e 40990
wolfSSL 16:8e0d178b1d1e 40991 void wolfSSL_X509_INFO_free(WOLFSSL_X509_INFO* info)
wolfSSL 16:8e0d178b1d1e 40992 {
wolfSSL 16:8e0d178b1d1e 40993 if (info == NULL)
wolfSSL 16:8e0d178b1d1e 40994 return;
wolfSSL 16:8e0d178b1d1e 40995
wolfSSL 16:8e0d178b1d1e 40996 if (info->x509) {
wolfSSL 16:8e0d178b1d1e 40997 wolfSSL_X509_free(info->x509);
wolfSSL 16:8e0d178b1d1e 40998 info->x509 = NULL;
wolfSSL 16:8e0d178b1d1e 40999 }
wolfSSL 16:8e0d178b1d1e 41000 #ifdef HAVE_CRL
wolfSSL 16:8e0d178b1d1e 41001 if (info->crl) {
wolfSSL 16:8e0d178b1d1e 41002 wolfSSL_X509_CRL_free(info->crl);
wolfSSL 16:8e0d178b1d1e 41003 info->crl = NULL;
wolfSSL 16:8e0d178b1d1e 41004 }
wolfSSL 16:8e0d178b1d1e 41005 #endif
wolfSSL 16:8e0d178b1d1e 41006 wolfSSL_X509_PKEY_free(info->x_pkey);
wolfSSL 16:8e0d178b1d1e 41007 info->x_pkey = NULL;
wolfSSL 16:8e0d178b1d1e 41008
wolfSSL 16:8e0d178b1d1e 41009 XFREE(info, NULL, DYNAMIC_TYPE_X509);
wolfSSL 16:8e0d178b1d1e 41010 }
wolfSSL 16:8e0d178b1d1e 41011 #endif
wolfSSL 16:8e0d178b1d1e 41012
wolfSSL 16:8e0d178b1d1e 41013 WOLFSSL_STACK* wolfSSL_sk_X509_INFO_new_null(void)
wolfSSL 16:8e0d178b1d1e 41014 {
wolfSSL 16:8e0d178b1d1e 41015 WOLFSSL_STACK* sk = wolfSSL_sk_new_node(NULL);
wolfSSL 16:8e0d178b1d1e 41016 if (sk) {
wolfSSL 16:8e0d178b1d1e 41017 sk->type = STACK_TYPE_X509_INFO;
wolfSSL 16:8e0d178b1d1e 41018 }
wolfSSL 16:8e0d178b1d1e 41019 return sk;
wolfSSL 16:8e0d178b1d1e 41020 }
wolfSSL 16:8e0d178b1d1e 41021
wolfSSL 16:8e0d178b1d1e 41022
wolfSSL 16:8e0d178b1d1e 41023 /* returns value less than 0 on fail to match
wolfSSL 16:8e0d178b1d1e 41024 * On a successful match the priority level found is returned
wolfSSL 16:8e0d178b1d1e 41025 */
wolfSSL 16:8e0d178b1d1e 41026 int wolfSSL_sk_SSL_CIPHER_find(
wolfSSL 16:8e0d178b1d1e 41027 WOLF_STACK_OF(WOLFSSL_CIPHER)* sk, const WOLFSSL_CIPHER* toFind)
wolfSSL 16:8e0d178b1d1e 41028 {
wolfSSL 16:8e0d178b1d1e 41029 WOLFSSL_STACK* next;
wolfSSL 16:8e0d178b1d1e 41030 int i, sz;
wolfSSL 16:8e0d178b1d1e 41031
wolfSSL 16:8e0d178b1d1e 41032 if (sk == NULL || toFind == NULL) {
wolfSSL 16:8e0d178b1d1e 41033 return WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 41034 }
wolfSSL 16:8e0d178b1d1e 41035
wolfSSL 16:8e0d178b1d1e 41036 sz = wolfSSL_sk_SSL_CIPHER_num(sk);
wolfSSL 16:8e0d178b1d1e 41037 next = sk;
wolfSSL 16:8e0d178b1d1e 41038 for (i = 0; i < sz && next != NULL; i++) {
wolfSSL 16:8e0d178b1d1e 41039 if (next->data.cipher.cipherSuite0 == toFind->cipherSuite0 &&
wolfSSL 16:8e0d178b1d1e 41040 next->data.cipher.cipherSuite == toFind->cipherSuite) {
wolfSSL 16:8e0d178b1d1e 41041 return sz - i; /* reverse because stack pushed highest on first */
wolfSSL 16:8e0d178b1d1e 41042 }
wolfSSL 16:8e0d178b1d1e 41043 next = next->next;
wolfSSL 16:8e0d178b1d1e 41044 }
wolfSSL 16:8e0d178b1d1e 41045 return WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 41046 }
wolfSSL 16:8e0d178b1d1e 41047
wolfSSL 16:8e0d178b1d1e 41048
wolfSSL 16:8e0d178b1d1e 41049 /* copies over data of "in" to "out" */
wolfSSL 16:8e0d178b1d1e 41050 static void wolfSSL_CIPHER_copy(WOLFSSL_CIPHER* in, WOLFSSL_CIPHER* out)
wolfSSL 16:8e0d178b1d1e 41051 {
wolfSSL 16:8e0d178b1d1e 41052 if (in == NULL || out == NULL)
wolfSSL 16:8e0d178b1d1e 41053 return;
wolfSSL 16:8e0d178b1d1e 41054
wolfSSL 16:8e0d178b1d1e 41055 out->cipherSuite = in->cipherSuite;
wolfSSL 16:8e0d178b1d1e 41056 out->cipherSuite0 = in->cipherSuite0;
wolfSSL 16:8e0d178b1d1e 41057 }
wolfSSL 16:8e0d178b1d1e 41058
wolfSSL 16:8e0d178b1d1e 41059
wolfSSL 16:8e0d178b1d1e 41060 /* create duplicate of stack and return the new stack
wolfSSL 16:8e0d178b1d1e 41061 * returns null on failure */
wolfSSL 16:8e0d178b1d1e 41062 WOLF_STACK_OF(WOLFSSL_CIPHER)* wolfSSL_sk_SSL_CIPHER_dup(
wolfSSL 16:8e0d178b1d1e 41063 WOLF_STACK_OF(WOLFSSL_CIPHER)* in)
wolfSSL 16:8e0d178b1d1e 41064 {
wolfSSL 16:8e0d178b1d1e 41065 WOLFSSL_STACK* current;
wolfSSL 16:8e0d178b1d1e 41066 WOLF_STACK_OF(WOLFSSL_CIPHER)* ret = NULL;
wolfSSL 16:8e0d178b1d1e 41067 int i, sz;
wolfSSL 16:8e0d178b1d1e 41068
wolfSSL 16:8e0d178b1d1e 41069 sz = wolfSSL_sk_SSL_CIPHER_num(in);
wolfSSL 16:8e0d178b1d1e 41070 current = in;
wolfSSL 16:8e0d178b1d1e 41071 for (i = 0; i < sz && current != NULL; i++) {
wolfSSL 16:8e0d178b1d1e 41072 WOLFSSL_STACK* add = wolfSSL_sk_new_node(in->heap);
wolfSSL 16:8e0d178b1d1e 41073 if (add != NULL) {
wolfSSL 16:8e0d178b1d1e 41074 add->type = STACK_TYPE_CIPHER;
wolfSSL 16:8e0d178b1d1e 41075 wolfSSL_CIPHER_copy(&(current->data.cipher), &(add->data.cipher));
wolfSSL 16:8e0d178b1d1e 41076 add->num = i+1;
wolfSSL 16:8e0d178b1d1e 41077 add->next = ret;
wolfSSL 16:8e0d178b1d1e 41078 ret = add;
wolfSSL 16:8e0d178b1d1e 41079 current = current->next;
wolfSSL 16:8e0d178b1d1e 41080 }
wolfSSL 16:8e0d178b1d1e 41081 }
wolfSSL 16:8e0d178b1d1e 41082 return ret;
wolfSSL 16:8e0d178b1d1e 41083 }
wolfSSL 16:8e0d178b1d1e 41084
wolfSSL 16:8e0d178b1d1e 41085 /* nothing to do yet */
wolfSSL 16:8e0d178b1d1e 41086 static void wolfSSL_CIPHER_free(WOLFSSL_CIPHER* in)
wolfSSL 16:8e0d178b1d1e 41087 {
wolfSSL 16:8e0d178b1d1e 41088 (void)in;
wolfSSL 16:8e0d178b1d1e 41089 }
wolfSSL 16:8e0d178b1d1e 41090
wolfSSL 16:8e0d178b1d1e 41091
wolfSSL 16:8e0d178b1d1e 41092 /* free's all nodes in the stack and there data */
wolfSSL 16:8e0d178b1d1e 41093 void wolfSSL_sk_SSL_CIPHER_free(WOLF_STACK_OF(WOLFSSL_CIPHER)* sk)
wolfSSL 16:8e0d178b1d1e 41094 {
wolfSSL 16:8e0d178b1d1e 41095 WOLFSSL_STACK* current = sk;
wolfSSL 16:8e0d178b1d1e 41096
wolfSSL 16:8e0d178b1d1e 41097 while (current != NULL) {
wolfSSL 16:8e0d178b1d1e 41098 WOLFSSL_STACK* toFree = current;
wolfSSL 16:8e0d178b1d1e 41099 current = current->next;
wolfSSL 16:8e0d178b1d1e 41100
wolfSSL 16:8e0d178b1d1e 41101 wolfSSL_CIPHER_free(&(toFree->data.cipher));
wolfSSL 16:8e0d178b1d1e 41102 wolfSSL_sk_free_node(toFree);
wolfSSL 16:8e0d178b1d1e 41103 }
wolfSSL 16:8e0d178b1d1e 41104 }
wolfSSL 16:8e0d178b1d1e 41105
wolfSSL 16:8e0d178b1d1e 41106
wolfSSL 16:8e0d178b1d1e 41107 int wolfSSL_sk_X509_INFO_num(const WOLF_STACK_OF(WOLFSSL_X509_INFO) *sk)
wolfSSL 16:8e0d178b1d1e 41108 {
wolfSSL 16:8e0d178b1d1e 41109 WOLFSSL_ENTER("wolfSSL_sk_X509_INFO_num");
wolfSSL 16:8e0d178b1d1e 41110
wolfSSL 16:8e0d178b1d1e 41111 if (sk == NULL)
wolfSSL 16:8e0d178b1d1e 41112 return -1;
wolfSSL 16:8e0d178b1d1e 41113 return (int)sk->num;
wolfSSL 16:8e0d178b1d1e 41114 }
wolfSSL 16:8e0d178b1d1e 41115
wolfSSL 16:8e0d178b1d1e 41116 WOLFSSL_X509_INFO* wolfSSL_sk_X509_INFO_value(const WOLF_STACK_OF(WOLFSSL_X509_INFO) *sk, int i)
wolfSSL 16:8e0d178b1d1e 41117 {
wolfSSL 16:8e0d178b1d1e 41118 WOLFSSL_ENTER("wolfSSL_sk_X509_INFO_value");
wolfSSL 16:8e0d178b1d1e 41119
wolfSSL 16:8e0d178b1d1e 41120 for (; sk != NULL && i > 0; i--)
wolfSSL 16:8e0d178b1d1e 41121 sk = sk->next;
wolfSSL 16:8e0d178b1d1e 41122
wolfSSL 16:8e0d178b1d1e 41123 if (i != 0 || sk == NULL)
wolfSSL 16:8e0d178b1d1e 41124 return NULL;
wolfSSL 16:8e0d178b1d1e 41125 return sk->data.info;
wolfSSL 16:8e0d178b1d1e 41126 }
wolfSSL 16:8e0d178b1d1e 41127
wolfSSL 16:8e0d178b1d1e 41128 WOLFSSL_X509_INFO* wolfSSL_sk_X509_INFO_pop(WOLF_STACK_OF(WOLFSSL_X509_INFO)* sk)
wolfSSL 16:8e0d178b1d1e 41129 {
wolfSSL 16:8e0d178b1d1e 41130 WOLFSSL_STACK* node;
wolfSSL 16:8e0d178b1d1e 41131 WOLFSSL_X509_INFO* info;
wolfSSL 16:8e0d178b1d1e 41132
wolfSSL 16:8e0d178b1d1e 41133 if (sk == NULL) {
wolfSSL 16:8e0d178b1d1e 41134 return NULL;
wolfSSL 16:8e0d178b1d1e 41135 }
wolfSSL 16:8e0d178b1d1e 41136
wolfSSL 16:8e0d178b1d1e 41137 node = sk->next;
wolfSSL 16:8e0d178b1d1e 41138 info = sk->data.info;
wolfSSL 16:8e0d178b1d1e 41139
wolfSSL 16:8e0d178b1d1e 41140 if (node != NULL) { /* update sk and remove node from stack */
wolfSSL 16:8e0d178b1d1e 41141 sk->data.info = node->data.info;
wolfSSL 16:8e0d178b1d1e 41142 sk->next = node->next;
wolfSSL 16:8e0d178b1d1e 41143 XFREE(node, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL 16:8e0d178b1d1e 41144 }
wolfSSL 16:8e0d178b1d1e 41145 else { /* last x509 in stack */
wolfSSL 16:8e0d178b1d1e 41146 sk->data.info = NULL;
wolfSSL 16:8e0d178b1d1e 41147 }
wolfSSL 16:8e0d178b1d1e 41148
wolfSSL 16:8e0d178b1d1e 41149 if (sk->num > 0) {
wolfSSL 16:8e0d178b1d1e 41150 sk->num -= 1;
wolfSSL 16:8e0d178b1d1e 41151 }
wolfSSL 16:8e0d178b1d1e 41152
wolfSSL 16:8e0d178b1d1e 41153 return info;
wolfSSL 16:8e0d178b1d1e 41154 }
wolfSSL 16:8e0d178b1d1e 41155
wolfSSL 16:8e0d178b1d1e 41156 #if defined(OPENSSL_ALL)
wolfSSL 16:8e0d178b1d1e 41157 void wolfSSL_sk_X509_INFO_pop_free(WOLF_STACK_OF(WOLFSSL_X509_INFO)* sk,
wolfSSL 16:8e0d178b1d1e 41158 void (*f) (WOLFSSL_X509_INFO*))
wolfSSL 16:8e0d178b1d1e 41159 {
wolfSSL 16:8e0d178b1d1e 41160 WOLFSSL_STACK* node;
wolfSSL 16:8e0d178b1d1e 41161
wolfSSL 16:8e0d178b1d1e 41162 WOLFSSL_ENTER("wolfSSL_sk_X509_INFO_pop_free");
wolfSSL 16:8e0d178b1d1e 41163
wolfSSL 16:8e0d178b1d1e 41164 if (sk == NULL) {
wolfSSL 16:8e0d178b1d1e 41165 return;
wolfSSL 16:8e0d178b1d1e 41166 }
wolfSSL 16:8e0d178b1d1e 41167
wolfSSL 16:8e0d178b1d1e 41168 /* parse through stack freeing each node */
wolfSSL 16:8e0d178b1d1e 41169 node = sk->next;
wolfSSL 16:8e0d178b1d1e 41170 while (node && sk->num > 1) {
wolfSSL 16:8e0d178b1d1e 41171 WOLFSSL_STACK* tmp = node;
wolfSSL 16:8e0d178b1d1e 41172 node = node->next;
wolfSSL 16:8e0d178b1d1e 41173
wolfSSL 16:8e0d178b1d1e 41174 if (f)
wolfSSL 16:8e0d178b1d1e 41175 f(tmp->data.info);
wolfSSL 16:8e0d178b1d1e 41176 else
wolfSSL 16:8e0d178b1d1e 41177 wolfSSL_X509_INFO_free(tmp->data.info);
wolfSSL 16:8e0d178b1d1e 41178 tmp->data.info = NULL;
wolfSSL 16:8e0d178b1d1e 41179 XFREE(tmp, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL 16:8e0d178b1d1e 41180 sk->num -= 1;
wolfSSL 16:8e0d178b1d1e 41181 }
wolfSSL 16:8e0d178b1d1e 41182
wolfSSL 16:8e0d178b1d1e 41183 /* free head of stack */
wolfSSL 16:8e0d178b1d1e 41184 if (sk->num == 1) {
wolfSSL 16:8e0d178b1d1e 41185 if (f)
wolfSSL 16:8e0d178b1d1e 41186 f(sk->data.info);
wolfSSL 16:8e0d178b1d1e 41187 else
wolfSSL 16:8e0d178b1d1e 41188 wolfSSL_X509_INFO_free(sk->data.info);
wolfSSL 16:8e0d178b1d1e 41189 sk->data.info = NULL;
wolfSSL 16:8e0d178b1d1e 41190 }
wolfSSL 16:8e0d178b1d1e 41191 XFREE(sk, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL 16:8e0d178b1d1e 41192 }
wolfSSL 16:8e0d178b1d1e 41193
wolfSSL 16:8e0d178b1d1e 41194 void wolfSSL_sk_X509_INFO_free(WOLF_STACK_OF(WOLFSSL_X509_INFO) *sk)
wolfSSL 16:8e0d178b1d1e 41195 {
wolfSSL 16:8e0d178b1d1e 41196 wolfSSL_sk_X509_INFO_pop_free(sk, NULL);
wolfSSL 16:8e0d178b1d1e 41197 }
wolfSSL 16:8e0d178b1d1e 41198
wolfSSL 16:8e0d178b1d1e 41199
wolfSSL 16:8e0d178b1d1e 41200 /* Adds the WOLFSSL_X509_INFO to the stack "sk". "sk" takes control of "in" and
wolfSSL 16:8e0d178b1d1e 41201 * tries to free it when the stack is free'd.
wolfSSL 16:8e0d178b1d1e 41202 *
wolfSSL 16:8e0d178b1d1e 41203 * return 1 on success 0 on fail
wolfSSL 16:8e0d178b1d1e 41204 */
wolfSSL 16:8e0d178b1d1e 41205 int wolfSSL_sk_X509_INFO_push(WOLF_STACK_OF(WOLFSSL_X509_INFO)* sk,
wolfSSL 16:8e0d178b1d1e 41206 WOLFSSL_X509_INFO* in)
wolfSSL 16:8e0d178b1d1e 41207 {
wolfSSL 16:8e0d178b1d1e 41208 WOLFSSL_STACK* node;
wolfSSL 16:8e0d178b1d1e 41209
wolfSSL 16:8e0d178b1d1e 41210 if (sk == NULL || in == NULL) {
wolfSSL 16:8e0d178b1d1e 41211 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 41212 }
wolfSSL 16:8e0d178b1d1e 41213
wolfSSL 16:8e0d178b1d1e 41214 /* no previous values in stack */
wolfSSL 16:8e0d178b1d1e 41215 if (sk->data.info == NULL) {
wolfSSL 16:8e0d178b1d1e 41216 sk->data.info = in;
wolfSSL 16:8e0d178b1d1e 41217 sk->num += 1;
wolfSSL 16:8e0d178b1d1e 41218 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 41219 }
wolfSSL 16:8e0d178b1d1e 41220
wolfSSL 16:8e0d178b1d1e 41221 /* stack already has value(s) create a new node and add more */
wolfSSL 16:8e0d178b1d1e 41222 node = (WOLFSSL_STACK*)XMALLOC(sizeof(WOLFSSL_STACK), NULL,
wolfSSL 16:8e0d178b1d1e 41223 DYNAMIC_TYPE_X509);
wolfSSL 16:8e0d178b1d1e 41224 if (node == NULL) {
wolfSSL 16:8e0d178b1d1e 41225 WOLFSSL_MSG("Memory error");
wolfSSL 16:8e0d178b1d1e 41226 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 41227 }
wolfSSL 16:8e0d178b1d1e 41228 XMEMSET(node, 0, sizeof(WOLFSSL_STACK));
wolfSSL 16:8e0d178b1d1e 41229
wolfSSL 16:8e0d178b1d1e 41230 /* push new obj onto head of stack */
wolfSSL 16:8e0d178b1d1e 41231 node->data.info = sk->data.info;
wolfSSL 16:8e0d178b1d1e 41232 node->next = sk->next;
wolfSSL 16:8e0d178b1d1e 41233 node->type = sk->type;
wolfSSL 16:8e0d178b1d1e 41234 sk->next = node;
wolfSSL 16:8e0d178b1d1e 41235 sk->data.info = in;
wolfSSL 16:8e0d178b1d1e 41236 sk->num += 1;
wolfSSL 16:8e0d178b1d1e 41237
wolfSSL 16:8e0d178b1d1e 41238 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 41239 }
wolfSSL 16:8e0d178b1d1e 41240
wolfSSL 16:8e0d178b1d1e 41241
wolfSSL 16:8e0d178b1d1e 41242 WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_sk_X509_NAME_new(wolf_sk_compare_cb cb)
wolfSSL 16:8e0d178b1d1e 41243 {
wolfSSL 16:8e0d178b1d1e 41244 WOLFSSL_STACK* sk;
wolfSSL 16:8e0d178b1d1e 41245
wolfSSL 16:8e0d178b1d1e 41246 WOLFSSL_ENTER("wolfSSL_sk_X509_NAME_new");
wolfSSL 16:8e0d178b1d1e 41247
wolfSSL 16:8e0d178b1d1e 41248 sk = wolfSSL_sk_new_node(NULL);
wolfSSL 16:8e0d178b1d1e 41249 if (sk != NULL) {
wolfSSL 16:8e0d178b1d1e 41250 sk->type = STACK_TYPE_X509_NAME;
wolfSSL 16:8e0d178b1d1e 41251 sk->comp = cb;
wolfSSL 16:8e0d178b1d1e 41252 }
wolfSSL 16:8e0d178b1d1e 41253
wolfSSL 16:8e0d178b1d1e 41254 return sk;
wolfSSL 16:8e0d178b1d1e 41255 }
wolfSSL 16:8e0d178b1d1e 41256
wolfSSL 16:8e0d178b1d1e 41257 int wolfSSL_sk_X509_NAME_push(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk,
wolfSSL 16:8e0d178b1d1e 41258 WOLFSSL_X509_NAME* name)
wolfSSL 16:8e0d178b1d1e 41259 {
wolfSSL 16:8e0d178b1d1e 41260 WOLFSSL_STACK* node;
wolfSSL 16:8e0d178b1d1e 41261
wolfSSL 16:8e0d178b1d1e 41262 WOLFSSL_ENTER("wolfSSL_sk_X509_NAME_push");
wolfSSL 16:8e0d178b1d1e 41263
wolfSSL 16:8e0d178b1d1e 41264 if (sk == NULL || name == NULL) {
wolfSSL 16:8e0d178b1d1e 41265 return BAD_FUNC_ARG;
wolfSSL 16:8e0d178b1d1e 41266 }
wolfSSL 16:8e0d178b1d1e 41267
wolfSSL 16:8e0d178b1d1e 41268 /* no previous values in stack */
wolfSSL 16:8e0d178b1d1e 41269 if (sk->data.name == NULL) {
wolfSSL 16:8e0d178b1d1e 41270 sk->data.name = name;
wolfSSL 16:8e0d178b1d1e 41271 sk->num += 1;
wolfSSL 16:8e0d178b1d1e 41272 return 0;
wolfSSL 16:8e0d178b1d1e 41273 }
wolfSSL 16:8e0d178b1d1e 41274
wolfSSL 16:8e0d178b1d1e 41275 /* stack already has value(s) create a new node and add more */
wolfSSL 16:8e0d178b1d1e 41276 node = (WOLFSSL_STACK*)XMALLOC(sizeof(WOLFSSL_STACK), NULL,
wolfSSL 16:8e0d178b1d1e 41277 DYNAMIC_TYPE_OPENSSL);
wolfSSL 16:8e0d178b1d1e 41278 if (node == NULL) {
wolfSSL 16:8e0d178b1d1e 41279 WOLFSSL_MSG("Memory error");
wolfSSL 16:8e0d178b1d1e 41280 return MEMORY_E;
wolfSSL 16:8e0d178b1d1e 41281 }
wolfSSL 16:8e0d178b1d1e 41282 XMEMSET(node, 0, sizeof(WOLFSSL_STACK));
wolfSSL 16:8e0d178b1d1e 41283
wolfSSL 16:8e0d178b1d1e 41284 /* push new obj onto head of stack */
wolfSSL 16:8e0d178b1d1e 41285 node->data.name = sk->data.name;
wolfSSL 16:8e0d178b1d1e 41286 node->next = sk->next;
wolfSSL 16:8e0d178b1d1e 41287 sk->type = STACK_TYPE_X509_NAME;
wolfSSL 16:8e0d178b1d1e 41288 sk->next = node;
wolfSSL 16:8e0d178b1d1e 41289 sk->data.name = name;
wolfSSL 16:8e0d178b1d1e 41290 sk->num += 1;
wolfSSL 16:8e0d178b1d1e 41291
wolfSSL 16:8e0d178b1d1e 41292 return 0;
wolfSSL 16:8e0d178b1d1e 41293 }
wolfSSL 16:8e0d178b1d1e 41294
wolfSSL 16:8e0d178b1d1e 41295 /* return index of found, or negative to indicate not found */
wolfSSL 16:8e0d178b1d1e 41296 int wolfSSL_sk_X509_NAME_find(const WOLF_STACK_OF(WOLFSSL_X509_NAME) *sk,
wolfSSL 16:8e0d178b1d1e 41297 WOLFSSL_X509_NAME *name)
wolfSSL 16:8e0d178b1d1e 41298 {
wolfSSL 16:8e0d178b1d1e 41299 int i;
wolfSSL 16:8e0d178b1d1e 41300
wolfSSL 16:8e0d178b1d1e 41301 WOLFSSL_ENTER("wolfSSL_sk_X509_NAME_find");
wolfSSL 16:8e0d178b1d1e 41302
wolfSSL 16:8e0d178b1d1e 41303 if (sk == NULL)
wolfSSL 16:8e0d178b1d1e 41304 return BAD_FUNC_ARG;
wolfSSL 16:8e0d178b1d1e 41305
wolfSSL 16:8e0d178b1d1e 41306 for (i = 0; sk; i++, sk = sk->next) {
wolfSSL 16:8e0d178b1d1e 41307 if (wolfSSL_X509_NAME_cmp(sk->data.name, name) == 0) {
wolfSSL 16:8e0d178b1d1e 41308 return i;
wolfSSL 16:8e0d178b1d1e 41309 }
wolfSSL 16:8e0d178b1d1e 41310 }
wolfSSL 16:8e0d178b1d1e 41311 return -1;
wolfSSL 16:8e0d178b1d1e 41312 }
wolfSSL 16:8e0d178b1d1e 41313
wolfSSL 16:8e0d178b1d1e 41314 int wolfSSL_sk_X509_OBJECT_num(const WOLF_STACK_OF(WOLFSSL_X509_OBJECT) *s)
wolfSSL 16:8e0d178b1d1e 41315 {
wolfSSL 16:8e0d178b1d1e 41316 WOLFSSL_ENTER("wolfSSL_sk_X509_OBJECT_num");
wolfSSL 16:8e0d178b1d1e 41317 if (s) {
wolfSSL 16:8e0d178b1d1e 41318 return (int)s->num;
wolfSSL 16:8e0d178b1d1e 41319 } else {
wolfSSL 16:8e0d178b1d1e 41320 return 0;
wolfSSL 16:8e0d178b1d1e 41321 }
wolfSSL 16:8e0d178b1d1e 41322 }
wolfSSL 16:8e0d178b1d1e 41323
wolfSSL 16:8e0d178b1d1e 41324
wolfSSL 16:8e0d178b1d1e 41325 int wolfSSL_sk_X509_NAME_set_cmp_func(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk,
wolfSSL 16:8e0d178b1d1e 41326 wolf_sk_compare_cb cb)
wolfSSL 16:8e0d178b1d1e 41327 {
wolfSSL 16:8e0d178b1d1e 41328 WOLFSSL_ENTER("wolfSSL_sk_X509_NAME_set_cmp_func");
wolfSSL 16:8e0d178b1d1e 41329
wolfSSL 16:8e0d178b1d1e 41330 if (sk == NULL)
wolfSSL 16:8e0d178b1d1e 41331 return BAD_FUNC_ARG;
wolfSSL 16:8e0d178b1d1e 41332
wolfSSL 16:8e0d178b1d1e 41333 sk->comp = cb;
wolfSSL 16:8e0d178b1d1e 41334 return 0;
wolfSSL 16:8e0d178b1d1e 41335 }
wolfSSL 16:8e0d178b1d1e 41336 #endif /* OPENSSL_ALL */
wolfSSL 16:8e0d178b1d1e 41337
wolfSSL 16:8e0d178b1d1e 41338 int wolfSSL_sk_X509_NAME_num(const WOLF_STACK_OF(WOLFSSL_X509_NAME) *sk)
wolfSSL 15:117db924cf7c 41339 {
wolfSSL 15:117db924cf7c 41340 WOLFSSL_ENTER("wolfSSL_sk_X509_NAME_num");
wolfSSL 15:117db924cf7c 41341
wolfSSL 16:8e0d178b1d1e 41342 if (sk == NULL)
wolfSSL 16:8e0d178b1d1e 41343 return BAD_FUNC_ARG;
wolfSSL 16:8e0d178b1d1e 41344
wolfSSL 16:8e0d178b1d1e 41345 return (int)sk->num;
wolfSSL 16:8e0d178b1d1e 41346 }
wolfSSL 16:8e0d178b1d1e 41347
wolfSSL 16:8e0d178b1d1e 41348 /* Getter function for WOLFSSL_X509_NAME pointer
wolfSSL 16:8e0d178b1d1e 41349 *
wolfSSL 16:8e0d178b1d1e 41350 * sk is the stack to retrieve pointer from
wolfSSL 16:8e0d178b1d1e 41351 * i is the index value in stack
wolfSSL 16:8e0d178b1d1e 41352 *
wolfSSL 16:8e0d178b1d1e 41353 * returns a pointer to a WOLFSSL_X509_NAME structure on success and NULL on
wolfSSL 16:8e0d178b1d1e 41354 * fail
wolfSSL 16:8e0d178b1d1e 41355 */
wolfSSL 16:8e0d178b1d1e 41356 WOLFSSL_X509_NAME* wolfSSL_sk_X509_NAME_value(const STACK_OF(WOLFSSL_X509_NAME)* sk,
wolfSSL 16:8e0d178b1d1e 41357 int i)
wolfSSL 16:8e0d178b1d1e 41358 {
wolfSSL 16:8e0d178b1d1e 41359 WOLFSSL_ENTER("wolfSSL_sk_X509_NAME_value");
wolfSSL 16:8e0d178b1d1e 41360
wolfSSL 16:8e0d178b1d1e 41361 for (; sk != NULL && i > 0; i--) {
wolfSSL 16:8e0d178b1d1e 41362 sk = sk->next;
wolfSSL 16:8e0d178b1d1e 41363 }
wolfSSL 16:8e0d178b1d1e 41364
wolfSSL 16:8e0d178b1d1e 41365 if (i != 0 || sk == NULL)
wolfSSL 16:8e0d178b1d1e 41366 return NULL;
wolfSSL 16:8e0d178b1d1e 41367
wolfSSL 16:8e0d178b1d1e 41368 return sk->data.name;
wolfSSL 16:8e0d178b1d1e 41369 }
wolfSSL 16:8e0d178b1d1e 41370
wolfSSL 16:8e0d178b1d1e 41371 WOLFSSL_X509_NAME* wolfSSL_sk_X509_NAME_pop(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk)
wolfSSL 16:8e0d178b1d1e 41372 {
wolfSSL 16:8e0d178b1d1e 41373 WOLFSSL_STACK* node;
wolfSSL 16:8e0d178b1d1e 41374 WOLFSSL_X509_NAME* name;
wolfSSL 16:8e0d178b1d1e 41375
wolfSSL 16:8e0d178b1d1e 41376 if (sk == NULL) {
wolfSSL 16:8e0d178b1d1e 41377 return NULL;
wolfSSL 16:8e0d178b1d1e 41378 }
wolfSSL 16:8e0d178b1d1e 41379
wolfSSL 16:8e0d178b1d1e 41380 node = sk->next;
wolfSSL 16:8e0d178b1d1e 41381 name = sk->data.name;
wolfSSL 16:8e0d178b1d1e 41382
wolfSSL 16:8e0d178b1d1e 41383 if (node != NULL) { /* update sk and remove node from stack */
wolfSSL 16:8e0d178b1d1e 41384 sk->data.name = node->data.name;
wolfSSL 16:8e0d178b1d1e 41385 sk->next = node->next;
wolfSSL 16:8e0d178b1d1e 41386 XFREE(node, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL 16:8e0d178b1d1e 41387 }
wolfSSL 16:8e0d178b1d1e 41388 else { /* last x509 in stack */
wolfSSL 16:8e0d178b1d1e 41389 sk->data.name = NULL;
wolfSSL 16:8e0d178b1d1e 41390 }
wolfSSL 16:8e0d178b1d1e 41391
wolfSSL 16:8e0d178b1d1e 41392 if (sk->num > 0) {
wolfSSL 16:8e0d178b1d1e 41393 sk->num -= 1;
wolfSSL 16:8e0d178b1d1e 41394 }
wolfSSL 16:8e0d178b1d1e 41395
wolfSSL 16:8e0d178b1d1e 41396 return name;
wolfSSL 16:8e0d178b1d1e 41397 }
wolfSSL 16:8e0d178b1d1e 41398
wolfSSL 16:8e0d178b1d1e 41399 void wolfSSL_sk_X509_NAME_pop_free(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk,
wolfSSL 16:8e0d178b1d1e 41400 void (*f) (WOLFSSL_X509_NAME*))
wolfSSL 16:8e0d178b1d1e 41401 {
wolfSSL 16:8e0d178b1d1e 41402 WOLFSSL_STACK* node;
wolfSSL 16:8e0d178b1d1e 41403 WOLFSSL_ENTER("wolfSSL_sk_X509_NAME_pop_free");
wolfSSL 16:8e0d178b1d1e 41404
wolfSSL 16:8e0d178b1d1e 41405 if (sk == NULL)
wolfSSL 16:8e0d178b1d1e 41406 return;
wolfSSL 16:8e0d178b1d1e 41407
wolfSSL 16:8e0d178b1d1e 41408 node = sk->next;
wolfSSL 16:8e0d178b1d1e 41409 while (node && sk->num > 1) {
wolfSSL 16:8e0d178b1d1e 41410 WOLFSSL_STACK* tmp = node;
wolfSSL 16:8e0d178b1d1e 41411 node = node->next;
wolfSSL 16:8e0d178b1d1e 41412 if (f)
wolfSSL 16:8e0d178b1d1e 41413 f(tmp->data.name);
wolfSSL 16:8e0d178b1d1e 41414 else
wolfSSL 16:8e0d178b1d1e 41415 wolfSSL_X509_NAME_free(tmp->data.name);
wolfSSL 16:8e0d178b1d1e 41416 tmp->data.name = NULL;
wolfSSL 16:8e0d178b1d1e 41417 XFREE(tmp, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL 16:8e0d178b1d1e 41418 sk->num -= 1;
wolfSSL 16:8e0d178b1d1e 41419 }
wolfSSL 16:8e0d178b1d1e 41420
wolfSSL 16:8e0d178b1d1e 41421 /* free head of stack */
wolfSSL 16:8e0d178b1d1e 41422 if (sk->num == 1) {
wolfSSL 16:8e0d178b1d1e 41423 if (f)
wolfSSL 16:8e0d178b1d1e 41424 f(sk->data.name);
wolfSSL 16:8e0d178b1d1e 41425 else
wolfSSL 16:8e0d178b1d1e 41426 wolfSSL_X509_NAME_free(sk->data.name);
wolfSSL 16:8e0d178b1d1e 41427 sk->data.name = NULL;
wolfSSL 16:8e0d178b1d1e 41428 }
wolfSSL 16:8e0d178b1d1e 41429
wolfSSL 16:8e0d178b1d1e 41430 XFREE(sk, sk->heap, DYNAMIC_TYPE_OPENSSL);
wolfSSL 16:8e0d178b1d1e 41431 }
wolfSSL 16:8e0d178b1d1e 41432
wolfSSL 16:8e0d178b1d1e 41433 /* Free only the sk structure, NOT X509_NAME members */
wolfSSL 16:8e0d178b1d1e 41434 void wolfSSL_sk_X509_NAME_free(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk)
wolfSSL 16:8e0d178b1d1e 41435 {
wolfSSL 16:8e0d178b1d1e 41436 WOLFSSL_STACK* node;
wolfSSL 16:8e0d178b1d1e 41437 WOLFSSL_ENTER("wolfSSL_sk_X509_NAME_free");
wolfSSL 16:8e0d178b1d1e 41438
wolfSSL 16:8e0d178b1d1e 41439 if (sk == NULL)
wolfSSL 16:8e0d178b1d1e 41440 return;
wolfSSL 16:8e0d178b1d1e 41441
wolfSSL 16:8e0d178b1d1e 41442 node = sk->next;
wolfSSL 16:8e0d178b1d1e 41443 while (sk->num > 1) {
wolfSSL 16:8e0d178b1d1e 41444 WOLFSSL_STACK* tmp = node;
wolfSSL 16:8e0d178b1d1e 41445 node = node->next;
wolfSSL 16:8e0d178b1d1e 41446 XFREE(tmp, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL 16:8e0d178b1d1e 41447 sk->num -= 1;
wolfSSL 16:8e0d178b1d1e 41448 }
wolfSSL 16:8e0d178b1d1e 41449
wolfSSL 16:8e0d178b1d1e 41450 XFREE(sk, sk->heap, DYNAMIC_TYPE_OPENSSL);
wolfSSL 16:8e0d178b1d1e 41451 }
wolfSSL 16:8e0d178b1d1e 41452
wolfSSL 16:8e0d178b1d1e 41453 #if defined(WOLFSSL_APACHE_HTTPD) || defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX)
wolfSSL 16:8e0d178b1d1e 41454 /* Helper function for X509_NAME_print_ex. Sets *buf to string for domain
wolfSSL 16:8e0d178b1d1e 41455 name attribute based on NID. Returns size of buf */
wolfSSL 16:8e0d178b1d1e 41456 static int get_dn_attr_by_nid(int n, const char** buf)
wolfSSL 16:8e0d178b1d1e 41457 {
wolfSSL 16:8e0d178b1d1e 41458 int len = 0;
wolfSSL 16:8e0d178b1d1e 41459 const char *str;
wolfSSL 16:8e0d178b1d1e 41460
wolfSSL 16:8e0d178b1d1e 41461 switch(n)
wolfSSL 16:8e0d178b1d1e 41462 {
wolfSSL 16:8e0d178b1d1e 41463 case NID_commonName :
wolfSSL 16:8e0d178b1d1e 41464 str = "CN";
wolfSSL 16:8e0d178b1d1e 41465 len = 2;
wolfSSL 16:8e0d178b1d1e 41466 break;
wolfSSL 16:8e0d178b1d1e 41467 case NID_countryName:
wolfSSL 16:8e0d178b1d1e 41468 str = "C";
wolfSSL 16:8e0d178b1d1e 41469 len = 1;
wolfSSL 16:8e0d178b1d1e 41470 break;
wolfSSL 16:8e0d178b1d1e 41471 case NID_localityName:
wolfSSL 16:8e0d178b1d1e 41472 str = "L";
wolfSSL 16:8e0d178b1d1e 41473 len = 1;
wolfSSL 16:8e0d178b1d1e 41474 break;
wolfSSL 16:8e0d178b1d1e 41475 case NID_stateOrProvinceName:
wolfSSL 16:8e0d178b1d1e 41476 str = "ST";
wolfSSL 16:8e0d178b1d1e 41477 len = 2;
wolfSSL 16:8e0d178b1d1e 41478 break;
wolfSSL 16:8e0d178b1d1e 41479 case NID_organizationName:
wolfSSL 16:8e0d178b1d1e 41480 str = "O";
wolfSSL 16:8e0d178b1d1e 41481 len = 1;
wolfSSL 16:8e0d178b1d1e 41482 break;
wolfSSL 16:8e0d178b1d1e 41483 case NID_organizationalUnitName:
wolfSSL 16:8e0d178b1d1e 41484 str = "OU";
wolfSSL 16:8e0d178b1d1e 41485 len = 2;
wolfSSL 16:8e0d178b1d1e 41486 break;
wolfSSL 16:8e0d178b1d1e 41487 case NID_emailAddress:
wolfSSL 16:8e0d178b1d1e 41488 str = "emailAddress";
wolfSSL 16:8e0d178b1d1e 41489 len = 12;
wolfSSL 16:8e0d178b1d1e 41490 break;
wolfSSL 16:8e0d178b1d1e 41491 default:
wolfSSL 16:8e0d178b1d1e 41492 WOLFSSL_MSG("Attribute type not found");
wolfSSL 16:8e0d178b1d1e 41493 str = NULL;
wolfSSL 16:8e0d178b1d1e 41494
wolfSSL 16:8e0d178b1d1e 41495 }
wolfSSL 16:8e0d178b1d1e 41496 if (buf != NULL)
wolfSSL 16:8e0d178b1d1e 41497 *buf = str;
wolfSSL 16:8e0d178b1d1e 41498 return len;
wolfSSL 16:8e0d178b1d1e 41499 }
wolfSSL 16:8e0d178b1d1e 41500 #endif
wolfSSL 16:8e0d178b1d1e 41501
wolfSSL 16:8e0d178b1d1e 41502 /*
wolfSSL 16:8e0d178b1d1e 41503 * The BIO output of wolfSSL_X509_NAME_print_ex does NOT include the null terminator
wolfSSL 16:8e0d178b1d1e 41504 */
wolfSSL 15:117db924cf7c 41505 int wolfSSL_X509_NAME_print_ex(WOLFSSL_BIO* bio, WOLFSSL_X509_NAME* name,
wolfSSL 15:117db924cf7c 41506 int indent, unsigned long flags)
wolfSSL 15:117db924cf7c 41507 {
wolfSSL 16:8e0d178b1d1e 41508 #if defined(WOLFSSL_APACHE_HTTPD) || defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX)
wolfSSL 16:8e0d178b1d1e 41509 int count = 0, len = 0, totalSz = 0, tmpSz = 0;
wolfSSL 16:8e0d178b1d1e 41510 char tmp[ASN_NAME_MAX];
wolfSSL 16:8e0d178b1d1e 41511 char fullName[ASN_NAME_MAX];
wolfSSL 16:8e0d178b1d1e 41512 const char *buf = NULL;
wolfSSL 16:8e0d178b1d1e 41513 WOLFSSL_X509_NAME_ENTRY* ne;
wolfSSL 16:8e0d178b1d1e 41514 WOLFSSL_ASN1_STRING* str;
wolfSSL 16:8e0d178b1d1e 41515 #endif
wolfSSL 15:117db924cf7c 41516 int i;
wolfSSL 15:117db924cf7c 41517 (void)flags;
wolfSSL 15:117db924cf7c 41518 WOLFSSL_ENTER("wolfSSL_X509_NAME_print_ex");
wolfSSL 15:117db924cf7c 41519
wolfSSL 15:117db924cf7c 41520 for (i = 0; i < indent; i++) {
wolfSSL 15:117db924cf7c 41521 if (wolfSSL_BIO_write(bio, " ", 1) != 1)
wolfSSL 15:117db924cf7c 41522 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 41523 }
wolfSSL 15:117db924cf7c 41524
wolfSSL 16:8e0d178b1d1e 41525 #if defined(WOLFSSL_APACHE_HTTPD) || defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX)
wolfSSL 16:8e0d178b1d1e 41526 /* If XN_FLAG_DN_REV is present, print X509_NAME in reverse order */
wolfSSL 16:8e0d178b1d1e 41527 if (flags == (XN_FLAG_RFC2253 & ~XN_FLAG_DN_REV)) {
wolfSSL 16:8e0d178b1d1e 41528 fullName[0] = '\0';
wolfSSL 16:8e0d178b1d1e 41529 count = wolfSSL_X509_NAME_entry_count(name);
wolfSSL 16:8e0d178b1d1e 41530 for (i = 0; i < count; i++) {
wolfSSL 16:8e0d178b1d1e 41531 ne = wolfSSL_X509_NAME_get_entry(name, count - i - 1);
wolfSSL 16:8e0d178b1d1e 41532 if (ne == NULL)
wolfSSL 16:8e0d178b1d1e 41533 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 41534
wolfSSL 16:8e0d178b1d1e 41535 str = wolfSSL_X509_NAME_ENTRY_get_data(ne);
wolfSSL 16:8e0d178b1d1e 41536 if (str == NULL)
wolfSSL 16:8e0d178b1d1e 41537 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 41538
wolfSSL 16:8e0d178b1d1e 41539 len = get_dn_attr_by_nid(ne->nid, &buf);
wolfSSL 16:8e0d178b1d1e 41540 if (len == 0 || buf == NULL)
wolfSSL 16:8e0d178b1d1e 41541 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 41542
wolfSSL 16:8e0d178b1d1e 41543 tmpSz = str->length + len + 2; /* + 2 for '=' and comma */
wolfSSL 16:8e0d178b1d1e 41544 if (tmpSz > ASN_NAME_MAX) {
wolfSSL 16:8e0d178b1d1e 41545 WOLFSSL_MSG("Size greater than ASN_NAME_MAX");
wolfSSL 16:8e0d178b1d1e 41546 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 41547 }
wolfSSL 16:8e0d178b1d1e 41548
wolfSSL 16:8e0d178b1d1e 41549 if (i < count - 1) {
wolfSSL 16:8e0d178b1d1e 41550 /* tmpSz+1 for last null char */
wolfSSL 16:8e0d178b1d1e 41551 XSNPRINTF(tmp, tmpSz+1, "%s=%s,", buf, str->data);
wolfSSL 16:8e0d178b1d1e 41552 XSTRNCAT(fullName, tmp, tmpSz);
wolfSSL 16:8e0d178b1d1e 41553 }
wolfSSL 16:8e0d178b1d1e 41554 else {
wolfSSL 16:8e0d178b1d1e 41555 XSNPRINTF(tmp, tmpSz, "%s=%s", buf, str->data);
wolfSSL 16:8e0d178b1d1e 41556 XSTRNCAT(fullName, tmp, tmpSz-1);
wolfSSL 16:8e0d178b1d1e 41557 tmpSz--; /* Don't include null char in tmpSz */
wolfSSL 16:8e0d178b1d1e 41558 }
wolfSSL 16:8e0d178b1d1e 41559 totalSz += tmpSz;
wolfSSL 16:8e0d178b1d1e 41560 }
wolfSSL 16:8e0d178b1d1e 41561 if (wolfSSL_BIO_write(bio, fullName, totalSz) != totalSz)
wolfSSL 16:8e0d178b1d1e 41562 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 41563 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 41564 }
wolfSSL 16:8e0d178b1d1e 41565 #else
wolfSSL 15:117db924cf7c 41566 if (flags == XN_FLAG_RFC2253) {
wolfSSL 15:117db924cf7c 41567 if (wolfSSL_BIO_write(bio, name->name + 1, name->sz - 2)
wolfSSL 15:117db924cf7c 41568 != name->sz - 2)
wolfSSL 15:117db924cf7c 41569 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 41570 }
wolfSSL 16:8e0d178b1d1e 41571 #endif /* WOLFSSL_APACHE_HTTPD || OPENSSL_ALL || WOLFSSL_NGINX */
wolfSSL 16:8e0d178b1d1e 41572 else if (wolfSSL_BIO_write(bio, name->name, name->sz - 1) != name->sz - 1)
wolfSSL 15:117db924cf7c 41573 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 41574
wolfSSL 15:117db924cf7c 41575 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 41576 }
wolfSSL 15:117db924cf7c 41577
wolfSSL 15:117db924cf7c 41578 #ifndef NO_WOLFSSL_STUB
wolfSSL 15:117db924cf7c 41579 WOLFSSL_ASN1_BIT_STRING* wolfSSL_X509_get0_pubkey_bitstr(const WOLFSSL_X509* x)
wolfSSL 15:117db924cf7c 41580 {
wolfSSL 15:117db924cf7c 41581 (void)x;
wolfSSL 15:117db924cf7c 41582 WOLFSSL_ENTER("wolfSSL_X509_get0_pubkey_bitstr");
wolfSSL 15:117db924cf7c 41583 WOLFSSL_STUB("X509_get0_pubkey_bitstr");
wolfSSL 15:117db924cf7c 41584
wolfSSL 15:117db924cf7c 41585 return NULL;
wolfSSL 15:117db924cf7c 41586 }
wolfSSL 15:117db924cf7c 41587 #endif
wolfSSL 15:117db924cf7c 41588
wolfSSL 15:117db924cf7c 41589 #ifndef NO_WOLFSSL_STUB
wolfSSL 15:117db924cf7c 41590 int wolfSSL_CTX_add_session(WOLFSSL_CTX* ctx, WOLFSSL_SESSION* session)
wolfSSL 15:117db924cf7c 41591 {
wolfSSL 15:117db924cf7c 41592 (void)ctx;
wolfSSL 15:117db924cf7c 41593 (void)session;
wolfSSL 15:117db924cf7c 41594 WOLFSSL_ENTER("wolfSSL_CTX_add_session");
wolfSSL 15:117db924cf7c 41595 WOLFSSL_STUB("SSL_CTX_add_session");
wolfSSL 15:117db924cf7c 41596
wolfSSL 15:117db924cf7c 41597 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 41598 }
wolfSSL 15:117db924cf7c 41599 #endif
wolfSSL 15:117db924cf7c 41600
wolfSSL 15:117db924cf7c 41601
wolfSSL 15:117db924cf7c 41602 int wolfSSL_version(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 41603 {
wolfSSL 15:117db924cf7c 41604 WOLFSSL_ENTER("wolfSSL_version");
wolfSSL 15:117db924cf7c 41605 if (ssl->version.major == SSLv3_MAJOR) {
wolfSSL 15:117db924cf7c 41606 switch (ssl->version.minor) {
wolfSSL 15:117db924cf7c 41607 case SSLv3_MINOR :
wolfSSL 15:117db924cf7c 41608 return SSL3_VERSION;
wolfSSL 15:117db924cf7c 41609 case TLSv1_MINOR :
wolfSSL 16:8e0d178b1d1e 41610 return TLS1_VERSION;
wolfSSL 15:117db924cf7c 41611 case TLSv1_1_MINOR :
wolfSSL 16:8e0d178b1d1e 41612 return TLS1_1_VERSION;
wolfSSL 15:117db924cf7c 41613 case TLSv1_2_MINOR :
wolfSSL 16:8e0d178b1d1e 41614 return TLS1_2_VERSION;
wolfSSL 15:117db924cf7c 41615 case TLSv1_3_MINOR :
wolfSSL 16:8e0d178b1d1e 41616 return TLS1_3_VERSION;
wolfSSL 15:117db924cf7c 41617 default:
wolfSSL 15:117db924cf7c 41618 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 41619 }
wolfSSL 15:117db924cf7c 41620 }
wolfSSL 15:117db924cf7c 41621 else if (ssl->version.major == DTLS_MAJOR) {
wolfSSL 15:117db924cf7c 41622 switch (ssl->version.minor) {
wolfSSL 15:117db924cf7c 41623 case DTLS_MINOR :
wolfSSL 16:8e0d178b1d1e 41624 return DTLS1_VERSION;
wolfSSL 15:117db924cf7c 41625 case DTLSv1_2_MINOR :
wolfSSL 16:8e0d178b1d1e 41626 return DTLS1_2_VERSION;
wolfSSL 15:117db924cf7c 41627 default:
wolfSSL 15:117db924cf7c 41628 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 41629 }
wolfSSL 15:117db924cf7c 41630 }
wolfSSL 15:117db924cf7c 41631 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 41632 }
wolfSSL 15:117db924cf7c 41633
wolfSSL 15:117db924cf7c 41634
wolfSSL 15:117db924cf7c 41635 int wolfSSL_X509_NAME_get_sz(WOLFSSL_X509_NAME* name)
wolfSSL 15:117db924cf7c 41636 {
wolfSSL 15:117db924cf7c 41637 WOLFSSL_ENTER("wolfSSL_X509_NAME_get_sz");
wolfSSL 15:117db924cf7c 41638 if(!name)
wolfSSL 15:117db924cf7c 41639 return -1;
wolfSSL 15:117db924cf7c 41640 return name->sz;
wolfSSL 15:117db924cf7c 41641 }
wolfSSL 15:117db924cf7c 41642
wolfSSL 15:117db924cf7c 41643 #ifdef HAVE_SNI
wolfSSL 15:117db924cf7c 41644 int wolfSSL_set_tlsext_host_name(WOLFSSL* ssl, const char* host_name)
wolfSSL 15:117db924cf7c 41645 {
wolfSSL 15:117db924cf7c 41646 int ret;
wolfSSL 15:117db924cf7c 41647 WOLFSSL_ENTER("wolfSSL_set_tlsext_host_name");
wolfSSL 15:117db924cf7c 41648 ret = wolfSSL_UseSNI(ssl, WOLFSSL_SNI_HOST_NAME,
wolfSSL 15:117db924cf7c 41649 host_name, (word16)XSTRLEN(host_name));
wolfSSL 15:117db924cf7c 41650 WOLFSSL_LEAVE("wolfSSL_set_tlsext_host_name", ret);
wolfSSL 15:117db924cf7c 41651 return ret;
wolfSSL 15:117db924cf7c 41652 }
wolfSSL 15:117db924cf7c 41653
wolfSSL 15:117db924cf7c 41654
wolfSSL 15:117db924cf7c 41655 #ifndef NO_WOLFSSL_SERVER
wolfSSL 15:117db924cf7c 41656 const char * wolfSSL_get_servername(WOLFSSL* ssl, byte type)
wolfSSL 15:117db924cf7c 41657 {
wolfSSL 15:117db924cf7c 41658 void * serverName = NULL;
wolfSSL 15:117db924cf7c 41659 if (ssl == NULL)
wolfSSL 15:117db924cf7c 41660 return NULL;
wolfSSL 15:117db924cf7c 41661 TLSX_SNI_GetRequest(ssl->extensions, type, &serverName);
wolfSSL 15:117db924cf7c 41662 return (const char *)serverName;
wolfSSL 15:117db924cf7c 41663 }
wolfSSL 15:117db924cf7c 41664 #endif /* NO_WOLFSSL_SERVER */
wolfSSL 15:117db924cf7c 41665 #endif /* HAVE_SNI */
wolfSSL 15:117db924cf7c 41666
wolfSSL 15:117db924cf7c 41667 WOLFSSL_CTX* wolfSSL_set_SSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
wolfSSL 15:117db924cf7c 41668 {
wolfSSL 15:117db924cf7c 41669 if (ssl && ctx && SetSSL_CTX(ssl, ctx, 0) == WOLFSSL_SUCCESS)
wolfSSL 15:117db924cf7c 41670 return ssl->ctx;
wolfSSL 15:117db924cf7c 41671 return NULL;
wolfSSL 15:117db924cf7c 41672 }
wolfSSL 15:117db924cf7c 41673
wolfSSL 15:117db924cf7c 41674
wolfSSL 15:117db924cf7c 41675 VerifyCallback wolfSSL_CTX_get_verify_callback(WOLFSSL_CTX* ctx)
wolfSSL 15:117db924cf7c 41676 {
wolfSSL 15:117db924cf7c 41677 WOLFSSL_ENTER("wolfSSL_CTX_get_verify_callback");
wolfSSL 15:117db924cf7c 41678 if(ctx)
wolfSSL 15:117db924cf7c 41679 return ctx->verifyCallback;
wolfSSL 15:117db924cf7c 41680 return NULL;
wolfSSL 15:117db924cf7c 41681 }
wolfSSL 15:117db924cf7c 41682
wolfSSL 15:117db924cf7c 41683
wolfSSL 15:117db924cf7c 41684 void wolfSSL_CTX_set_servername_callback(WOLFSSL_CTX* ctx, CallbackSniRecv cb)
wolfSSL 15:117db924cf7c 41685 {
wolfSSL 15:117db924cf7c 41686 WOLFSSL_ENTER("wolfSSL_CTX_set_servername_callback");
wolfSSL 15:117db924cf7c 41687 if (ctx)
wolfSSL 15:117db924cf7c 41688 ctx->sniRecvCb = cb;
wolfSSL 15:117db924cf7c 41689 }
wolfSSL 15:117db924cf7c 41690
wolfSSL 15:117db924cf7c 41691 int wolfSSL_CTX_set_tlsext_servername_callback(WOLFSSL_CTX* ctx,
wolfSSL 15:117db924cf7c 41692 CallbackSniRecv cb)
wolfSSL 15:117db924cf7c 41693 {
wolfSSL 15:117db924cf7c 41694 WOLFSSL_ENTER("wolfSSL_CTX_set_tlsext_servername_callback");
wolfSSL 15:117db924cf7c 41695 if (ctx) {
wolfSSL 15:117db924cf7c 41696 ctx->sniRecvCb = cb;
wolfSSL 16:8e0d178b1d1e 41697 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 41698 }
wolfSSL 16:8e0d178b1d1e 41699 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 41700 }
wolfSSL 16:8e0d178b1d1e 41701
wolfSSL 16:8e0d178b1d1e 41702 int wolfSSL_CTX_set_servername_arg(WOLFSSL_CTX* ctx, void* arg)
wolfSSL 15:117db924cf7c 41703 {
wolfSSL 15:117db924cf7c 41704 WOLFSSL_ENTER("wolfSSL_CTX_set_servername_arg");
wolfSSL 16:8e0d178b1d1e 41705 if (ctx) {
wolfSSL 15:117db924cf7c 41706 ctx->sniRecvCbArg = arg;
wolfSSL 16:8e0d178b1d1e 41707 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 41708 }
wolfSSL 16:8e0d178b1d1e 41709 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 41710 }
wolfSSL 15:117db924cf7c 41711
wolfSSL 15:117db924cf7c 41712 void wolfSSL_ERR_load_BIO_strings(void) {
wolfSSL 15:117db924cf7c 41713 WOLFSSL_ENTER("ERR_load_BIO_strings");
wolfSSL 15:117db924cf7c 41714 /* do nothing */
wolfSSL 15:117db924cf7c 41715 }
wolfSSL 15:117db924cf7c 41716
wolfSSL 15:117db924cf7c 41717 #ifndef NO_WOLFSSL_STUB
wolfSSL 15:117db924cf7c 41718 void wolfSSL_THREADID_set_callback(void(*threadid_func)(void*))
wolfSSL 15:117db924cf7c 41719 {
wolfSSL 15:117db924cf7c 41720 WOLFSSL_ENTER("wolfSSL_THREADID_set_callback");
wolfSSL 15:117db924cf7c 41721 WOLFSSL_STUB("CRYPTO_THREADID_set_callback");
wolfSSL 15:117db924cf7c 41722 (void)threadid_func;
wolfSSL 15:117db924cf7c 41723 return;
wolfSSL 15:117db924cf7c 41724 }
wolfSSL 15:117db924cf7c 41725 #endif
wolfSSL 15:117db924cf7c 41726
wolfSSL 15:117db924cf7c 41727 #ifndef NO_WOLFSSL_STUB
wolfSSL 15:117db924cf7c 41728 void wolfSSL_THREADID_set_numeric(void* id, unsigned long val)
wolfSSL 15:117db924cf7c 41729 {
wolfSSL 15:117db924cf7c 41730 WOLFSSL_ENTER("wolfSSL_THREADID_set_numeric");
wolfSSL 15:117db924cf7c 41731 WOLFSSL_STUB("CRYPTO_THREADID_set_numeric");
wolfSSL 15:117db924cf7c 41732 (void)id;
wolfSSL 15:117db924cf7c 41733 (void)val;
wolfSSL 15:117db924cf7c 41734 return;
wolfSSL 15:117db924cf7c 41735 }
wolfSSL 15:117db924cf7c 41736 #endif
wolfSSL 15:117db924cf7c 41737
wolfSSL 15:117db924cf7c 41738
wolfSSL 15:117db924cf7c 41739 #ifndef NO_WOLFSSL_STUB
wolfSSL 16:8e0d178b1d1e 41740 WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_STORE_get1_certs(
wolfSSL 16:8e0d178b1d1e 41741 WOLFSSL_X509_STORE_CTX* ctx, WOLFSSL_X509_NAME* name)
wolfSSL 15:117db924cf7c 41742 {
wolfSSL 15:117db924cf7c 41743 WOLFSSL_ENTER("wolfSSL_X509_STORE_get1_certs");
wolfSSL 15:117db924cf7c 41744 WOLFSSL_STUB("X509_STORE_get1_certs");
wolfSSL 15:117db924cf7c 41745 (void)ctx;
wolfSSL 15:117db924cf7c 41746 (void)name;
wolfSSL 15:117db924cf7c 41747 return NULL;
wolfSSL 15:117db924cf7c 41748 }
wolfSSL 16:8e0d178b1d1e 41749
wolfSSL 16:8e0d178b1d1e 41750 WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* wolfSSL_X509_STORE_get0_objects(
wolfSSL 16:8e0d178b1d1e 41751 WOLFSSL_X509_STORE* store)
wolfSSL 16:8e0d178b1d1e 41752 {
wolfSSL 16:8e0d178b1d1e 41753 WOLFSSL_ENTER("wolfSSL_X509_STORE_get0_objects");
wolfSSL 16:8e0d178b1d1e 41754 WOLFSSL_STUB("wolfSSL_X509_STORE_get0_objects");
wolfSSL 16:8e0d178b1d1e 41755 (void)store;
wolfSSL 16:8e0d178b1d1e 41756 return NULL;
wolfSSL 16:8e0d178b1d1e 41757 }
wolfSSL 16:8e0d178b1d1e 41758
wolfSSL 16:8e0d178b1d1e 41759 WOLFSSL_X509_OBJECT* wolfSSL_sk_X509_OBJECT_delete(
wolfSSL 16:8e0d178b1d1e 41760 WOLF_STACK_OF(WOLFSSL_X509_OBJECT)* sk, int i)
wolfSSL 16:8e0d178b1d1e 41761 {
wolfSSL 16:8e0d178b1d1e 41762 WOLFSSL_ENTER("wolfSSL_sk_X509_OBJECT_delete");
wolfSSL 16:8e0d178b1d1e 41763 WOLFSSL_STUB("wolfSSL_sk_X509_OBJECT_delete");
wolfSSL 16:8e0d178b1d1e 41764 (void)sk;
wolfSSL 16:8e0d178b1d1e 41765 (void)i;
wolfSSL 16:8e0d178b1d1e 41766 return NULL;
wolfSSL 16:8e0d178b1d1e 41767 }
wolfSSL 16:8e0d178b1d1e 41768
wolfSSL 16:8e0d178b1d1e 41769 void wolfSSL_X509_OBJECT_free(WOLFSSL_X509_OBJECT *a)
wolfSSL 16:8e0d178b1d1e 41770 {
wolfSSL 16:8e0d178b1d1e 41771 WOLFSSL_ENTER("wolfSSL_X509_OBJECT_free");
wolfSSL 16:8e0d178b1d1e 41772 WOLFSSL_STUB("wolfSSL_X509_OBJECT_free");
wolfSSL 16:8e0d178b1d1e 41773 (void)a;
wolfSSL 16:8e0d178b1d1e 41774 }
wolfSSL 16:8e0d178b1d1e 41775
wolfSSL 16:8e0d178b1d1e 41776 #endif
wolfSSL 16:8e0d178b1d1e 41777
wolfSSL 15:117db924cf7c 41778
wolfSSL 15:117db924cf7c 41779 #endif /* OPENSSL_ALL || (OPENSSL_EXTRA && (HAVE_STUNNEL || WOLFSSL_NGINX || HAVE_LIGHTY)) */
wolfSSL 15:117db924cf7c 41780
wolfSSL 15:117db924cf7c 41781
wolfSSL 16:8e0d178b1d1e 41782 #if defined(OPENSSL_EXTRA)
wolfSSL 16:8e0d178b1d1e 41783
wolfSSL 16:8e0d178b1d1e 41784 int wolfSSL_sk_X509_num(const WOLF_STACK_OF(WOLFSSL_X509) *s)
wolfSSL 16:8e0d178b1d1e 41785 {
wolfSSL 16:8e0d178b1d1e 41786 WOLFSSL_ENTER("wolfSSL_sk_X509_num");
wolfSSL 16:8e0d178b1d1e 41787
wolfSSL 16:8e0d178b1d1e 41788 if (s == NULL)
wolfSSL 16:8e0d178b1d1e 41789 return -1;
wolfSSL 16:8e0d178b1d1e 41790 return (int)s->num;
wolfSSL 16:8e0d178b1d1e 41791 }
wolfSSL 16:8e0d178b1d1e 41792
wolfSSL 16:8e0d178b1d1e 41793 unsigned long wolfSSL_ERR_peek_last_error(void)
wolfSSL 16:8e0d178b1d1e 41794 {
wolfSSL 16:8e0d178b1d1e 41795 WOLFSSL_ENTER("wolfSSL_ERR_peek_last_error");
wolfSSL 16:8e0d178b1d1e 41796
wolfSSL 16:8e0d178b1d1e 41797 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_NGINX)
wolfSSL 16:8e0d178b1d1e 41798 {
wolfSSL 16:8e0d178b1d1e 41799 int ret;
wolfSSL 16:8e0d178b1d1e 41800
wolfSSL 16:8e0d178b1d1e 41801 if ((ret = wc_PeekErrorNode(-1, NULL, NULL, NULL)) < 0) {
wolfSSL 16:8e0d178b1d1e 41802 WOLFSSL_MSG("Issue peeking at error node in queue");
wolfSSL 16:8e0d178b1d1e 41803 return 0;
wolfSSL 16:8e0d178b1d1e 41804 }
wolfSSL 16:8e0d178b1d1e 41805 if (ret == -ASN_NO_PEM_HEADER)
wolfSSL 16:8e0d178b1d1e 41806 return (ERR_LIB_PEM << 24) | PEM_R_NO_START_LINE;
wolfSSL 16:8e0d178b1d1e 41807 return (unsigned long)ret;
wolfSSL 16:8e0d178b1d1e 41808 }
wolfSSL 16:8e0d178b1d1e 41809 #else
wolfSSL 16:8e0d178b1d1e 41810 return (unsigned long)(0 - NOT_COMPILED_IN);
wolfSSL 16:8e0d178b1d1e 41811 #endif
wolfSSL 16:8e0d178b1d1e 41812 }
wolfSSL 16:8e0d178b1d1e 41813
wolfSSL 16:8e0d178b1d1e 41814 #endif /* OPENSSL_EXTRA */
wolfSSL 16:8e0d178b1d1e 41815
wolfSSL 16:8e0d178b1d1e 41816 WOLFSSL_CTX* wolfSSL_get_SSL_CTX(WOLFSSL* ssl)
wolfSSL 16:8e0d178b1d1e 41817 {
wolfSSL 16:8e0d178b1d1e 41818 WOLFSSL_ENTER("wolfSSL_get_SSL_CTX");
wolfSSL 16:8e0d178b1d1e 41819 return ssl->ctx;
wolfSSL 16:8e0d178b1d1e 41820 }
wolfSSL 16:8e0d178b1d1e 41821
wolfSSL 15:117db924cf7c 41822 #if defined(OPENSSL_ALL) || \
wolfSSL 16:8e0d178b1d1e 41823 defined(OPENSSL_EXTRA) || defined(HAVE_STUNNEL) || \
wolfSSL 16:8e0d178b1d1e 41824 defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
wolfSSL 15:117db924cf7c 41825
wolfSSL 15:117db924cf7c 41826 const byte* wolfSSL_SESSION_get_id(WOLFSSL_SESSION* sess, unsigned int* idLen)
wolfSSL 15:117db924cf7c 41827 {
wolfSSL 15:117db924cf7c 41828 WOLFSSL_ENTER("wolfSSL_SESSION_get_id");
wolfSSL 15:117db924cf7c 41829 if(!sess || !idLen) {
wolfSSL 15:117db924cf7c 41830 WOLFSSL_MSG("Bad func args. Please provide idLen");
wolfSSL 15:117db924cf7c 41831 return NULL;
wolfSSL 15:117db924cf7c 41832 }
wolfSSL 15:117db924cf7c 41833 *idLen = sess->sessionIDSz;
wolfSSL 15:117db924cf7c 41834 return sess->sessionID;
wolfSSL 15:117db924cf7c 41835 }
wolfSSL 16:8e0d178b1d1e 41836
wolfSSL 16:8e0d178b1d1e 41837 #if (defined(HAVE_SESSION_TICKET) || defined(SESSION_CERTS)) && \
wolfSSL 16:8e0d178b1d1e 41838 !defined(NO_FILESYSTEM)
wolfSSL 16:8e0d178b1d1e 41839
wolfSSL 16:8e0d178b1d1e 41840 #if defined(SESSION_CERTS) || \
wolfSSL 16:8e0d178b1d1e 41841 (defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET))
wolfSSL 16:8e0d178b1d1e 41842 /* returns a pointer to the protocol used by the session */
wolfSSL 16:8e0d178b1d1e 41843 static const char* wolfSSL_SESSION_get_protocol(const WOLFSSL_SESSION* in)
wolfSSL 16:8e0d178b1d1e 41844 {
wolfSSL 16:8e0d178b1d1e 41845 return wolfSSL_internal_get_version((ProtocolVersion*)&in->version);
wolfSSL 16:8e0d178b1d1e 41846 }
wolfSSL 16:8e0d178b1d1e 41847 #endif
wolfSSL 16:8e0d178b1d1e 41848
wolfSSL 16:8e0d178b1d1e 41849 /* returns true (non 0) if the session has EMS (extended master secret) */
wolfSSL 16:8e0d178b1d1e 41850 static int wolfSSL_SESSION_haveEMS(const WOLFSSL_SESSION* in)
wolfSSL 16:8e0d178b1d1e 41851 {
wolfSSL 16:8e0d178b1d1e 41852 if (in == NULL)
wolfSSL 16:8e0d178b1d1e 41853 return 0;
wolfSSL 16:8e0d178b1d1e 41854 return in->haveEMS;
wolfSSL 16:8e0d178b1d1e 41855 }
wolfSSL 16:8e0d178b1d1e 41856
wolfSSL 16:8e0d178b1d1e 41857 #if defined(HAVE_SESSION_TICKET)
wolfSSL 16:8e0d178b1d1e 41858 /* prints out the ticket to bio passed in
wolfSSL 16:8e0d178b1d1e 41859 * return WOLFSSL_SUCCESS on success
wolfSSL 16:8e0d178b1d1e 41860 */
wolfSSL 16:8e0d178b1d1e 41861 static int wolfSSL_SESSION_print_ticket(WOLFSSL_BIO* bio,
wolfSSL 16:8e0d178b1d1e 41862 const WOLFSSL_SESSION* in, const char* tab)
wolfSSL 16:8e0d178b1d1e 41863 {
wolfSSL 16:8e0d178b1d1e 41864 unsigned short i, j, z, sz;
wolfSSL 16:8e0d178b1d1e 41865 short tag = 0;
wolfSSL 16:8e0d178b1d1e 41866 byte* pt;
wolfSSL 16:8e0d178b1d1e 41867
wolfSSL 16:8e0d178b1d1e 41868
wolfSSL 16:8e0d178b1d1e 41869 if (in == NULL || bio == NULL) {
wolfSSL 16:8e0d178b1d1e 41870 return BAD_FUNC_ARG;
wolfSSL 16:8e0d178b1d1e 41871 }
wolfSSL 16:8e0d178b1d1e 41872
wolfSSL 16:8e0d178b1d1e 41873 sz = in->ticketLen;
wolfSSL 16:8e0d178b1d1e 41874 pt = in->ticket;
wolfSSL 16:8e0d178b1d1e 41875
wolfSSL 16:8e0d178b1d1e 41876 if (wolfSSL_BIO_printf(bio, "%s\n", (sz == 0)? " NONE": "") <= 0)
wolfSSL 16:8e0d178b1d1e 41877 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 41878
wolfSSL 16:8e0d178b1d1e 41879 for (i = 0; i < sz;) {
wolfSSL 16:8e0d178b1d1e 41880 char asc[16];
wolfSSL 16:8e0d178b1d1e 41881
wolfSSL 16:8e0d178b1d1e 41882 if (sz - i < 16) {
wolfSSL 16:8e0d178b1d1e 41883 if (wolfSSL_BIO_printf(bio, "%s%04X -", tab, tag + (sz - i)) <= 0)
wolfSSL 16:8e0d178b1d1e 41884 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 41885 }
wolfSSL 16:8e0d178b1d1e 41886 else {
wolfSSL 16:8e0d178b1d1e 41887 if (wolfSSL_BIO_printf(bio, "%s%04X -", tab, tag) <= 0)
wolfSSL 16:8e0d178b1d1e 41888 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 41889 }
wolfSSL 16:8e0d178b1d1e 41890 for (j = 0; i < sz && j < 8; j++,i++) {
wolfSSL 16:8e0d178b1d1e 41891 asc[j] = ((pt[i])&0x6f)>='A'?((pt[i])&0x6f):'.';
wolfSSL 16:8e0d178b1d1e 41892 if (wolfSSL_BIO_printf(bio, " %02X", pt[i]) <= 0)
wolfSSL 16:8e0d178b1d1e 41893 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 41894 }
wolfSSL 16:8e0d178b1d1e 41895
wolfSSL 16:8e0d178b1d1e 41896 if (i < sz) {
wolfSSL 16:8e0d178b1d1e 41897 asc[j] = ((pt[i])&0x6f)>='A'?((pt[i])&0x6f):'.';
wolfSSL 16:8e0d178b1d1e 41898 if (wolfSSL_BIO_printf(bio, "-%02X", pt[i]) <= 0)
wolfSSL 16:8e0d178b1d1e 41899 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 41900 j++;
wolfSSL 16:8e0d178b1d1e 41901 i++;
wolfSSL 16:8e0d178b1d1e 41902 }
wolfSSL 16:8e0d178b1d1e 41903
wolfSSL 16:8e0d178b1d1e 41904 for (; i < sz && j < 16; j++,i++) {
wolfSSL 16:8e0d178b1d1e 41905 asc[j] = ((pt[i])&0x6f)>='A'?((pt[i])&0x6f):'.';
wolfSSL 16:8e0d178b1d1e 41906 if (wolfSSL_BIO_printf(bio, " %02X", pt[i]) <= 0)
wolfSSL 16:8e0d178b1d1e 41907 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 41908 }
wolfSSL 16:8e0d178b1d1e 41909
wolfSSL 16:8e0d178b1d1e 41910 /* pad out spacing */
wolfSSL 16:8e0d178b1d1e 41911 for (z = j; z < 17; z++) {
wolfSSL 16:8e0d178b1d1e 41912 if (wolfSSL_BIO_printf(bio, " ") <= 0)
wolfSSL 16:8e0d178b1d1e 41913 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 41914 }
wolfSSL 16:8e0d178b1d1e 41915
wolfSSL 16:8e0d178b1d1e 41916 for (z = 0; z < j; z++) {
wolfSSL 16:8e0d178b1d1e 41917 if (wolfSSL_BIO_printf(bio, "%c", asc[z]) <= 0)
wolfSSL 16:8e0d178b1d1e 41918 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 41919 }
wolfSSL 16:8e0d178b1d1e 41920 if (wolfSSL_BIO_printf(bio, "\n") <= 0)
wolfSSL 16:8e0d178b1d1e 41921 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 41922
wolfSSL 16:8e0d178b1d1e 41923 tag += 16;
wolfSSL 16:8e0d178b1d1e 41924 }
wolfSSL 16:8e0d178b1d1e 41925 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 41926 }
wolfSSL 16:8e0d178b1d1e 41927 #endif /* HAVE_SESSION_TICKET */
wolfSSL 16:8e0d178b1d1e 41928
wolfSSL 16:8e0d178b1d1e 41929
wolfSSL 16:8e0d178b1d1e 41930 /* prints out the session information in human readable form
wolfSSL 16:8e0d178b1d1e 41931 * return WOLFSSL_SUCCESS on success
wolfSSL 16:8e0d178b1d1e 41932 */
wolfSSL 16:8e0d178b1d1e 41933 int wolfSSL_SESSION_print(WOLFSSL_BIO *bp, const WOLFSSL_SESSION *x)
wolfSSL 16:8e0d178b1d1e 41934 {
wolfSSL 16:8e0d178b1d1e 41935 const unsigned char* pt;
wolfSSL 16:8e0d178b1d1e 41936 unsigned char buf[SECRET_LEN];
wolfSSL 16:8e0d178b1d1e 41937 unsigned int sz = 0, i;
wolfSSL 16:8e0d178b1d1e 41938 int ret;
wolfSSL 16:8e0d178b1d1e 41939 WOLFSSL_SESSION* session = (WOLFSSL_SESSION*)x;
wolfSSL 16:8e0d178b1d1e 41940
wolfSSL 16:8e0d178b1d1e 41941 if (session == NULL) {
wolfSSL 16:8e0d178b1d1e 41942 WOLFSSL_MSG("Bad NULL argument");
wolfSSL 16:8e0d178b1d1e 41943 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 41944 }
wolfSSL 16:8e0d178b1d1e 41945
wolfSSL 16:8e0d178b1d1e 41946 if (wolfSSL_BIO_printf(bp, "%s\n", "SSL-Session:") <= 0)
wolfSSL 16:8e0d178b1d1e 41947 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 41948
wolfSSL 16:8e0d178b1d1e 41949 #if defined(SESSION_CERTS) || (defined(WOLFSSL_TLS13) && \
wolfSSL 16:8e0d178b1d1e 41950 defined(HAVE_SESSION_TICKET))
wolfSSL 16:8e0d178b1d1e 41951 if (wolfSSL_BIO_printf(bp, " Protocol : %s\n",
wolfSSL 16:8e0d178b1d1e 41952 wolfSSL_SESSION_get_protocol(session)) <= 0)
wolfSSL 16:8e0d178b1d1e 41953 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 41954 #endif
wolfSSL 16:8e0d178b1d1e 41955
wolfSSL 16:8e0d178b1d1e 41956 if (wolfSSL_BIO_printf(bp, " Cipher : %s\n",
wolfSSL 16:8e0d178b1d1e 41957 wolfSSL_SESSION_CIPHER_get_name(session)) <= 0)
wolfSSL 16:8e0d178b1d1e 41958 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 41959
wolfSSL 16:8e0d178b1d1e 41960 pt = wolfSSL_SESSION_get_id(session, &sz);
wolfSSL 16:8e0d178b1d1e 41961 if (wolfSSL_BIO_printf(bp, " Session-ID: ") <= 0)
wolfSSL 16:8e0d178b1d1e 41962 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 41963
wolfSSL 16:8e0d178b1d1e 41964 for (i = 0; i < sz; i++) {
wolfSSL 16:8e0d178b1d1e 41965 if (wolfSSL_BIO_printf(bp, "%02X", pt[i]) <= 0)
wolfSSL 16:8e0d178b1d1e 41966 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 41967 }
wolfSSL 16:8e0d178b1d1e 41968 if (wolfSSL_BIO_printf(bp, "\n") <= 0)
wolfSSL 16:8e0d178b1d1e 41969 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 41970
wolfSSL 16:8e0d178b1d1e 41971 if (wolfSSL_BIO_printf(bp, " Session-ID-ctx: \n") <= 0)
wolfSSL 16:8e0d178b1d1e 41972 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 41973
wolfSSL 16:8e0d178b1d1e 41974 ret = wolfSSL_SESSION_get_master_key(x, buf, sizeof(buf));
wolfSSL 16:8e0d178b1d1e 41975 if (wolfSSL_BIO_printf(bp, " Master-Key: ") <= 0)
wolfSSL 16:8e0d178b1d1e 41976 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 41977
wolfSSL 16:8e0d178b1d1e 41978 if (ret > 0) {
wolfSSL 16:8e0d178b1d1e 41979 sz = (unsigned int)ret;
wolfSSL 16:8e0d178b1d1e 41980 for (i = 0; i < sz; i++) {
wolfSSL 16:8e0d178b1d1e 41981 if (wolfSSL_BIO_printf(bp, "%02X", buf[i]) <= 0)
wolfSSL 16:8e0d178b1d1e 41982 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 41983 }
wolfSSL 16:8e0d178b1d1e 41984 }
wolfSSL 16:8e0d178b1d1e 41985 if (wolfSSL_BIO_printf(bp, "\n") <= 0)
wolfSSL 16:8e0d178b1d1e 41986 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 41987
wolfSSL 16:8e0d178b1d1e 41988 /* @TODO PSK identity hint and SRP */
wolfSSL 16:8e0d178b1d1e 41989
wolfSSL 16:8e0d178b1d1e 41990 if (wolfSSL_BIO_printf(bp, " TLS session ticket:") <= 0)
wolfSSL 16:8e0d178b1d1e 41991 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 41992
wolfSSL 16:8e0d178b1d1e 41993 #ifdef HAVE_SESSION_TICKET
wolfSSL 16:8e0d178b1d1e 41994 if (wolfSSL_SESSION_print_ticket(bp, x, " ") != WOLFSSL_SUCCESS)
wolfSSL 16:8e0d178b1d1e 41995 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 41996 #endif
wolfSSL 16:8e0d178b1d1e 41997
wolfSSL 16:8e0d178b1d1e 41998 if (wolfSSL_BIO_printf(bp, " Start Time: %ld\n",
wolfSSL 16:8e0d178b1d1e 41999 wolfSSL_SESSION_get_time(x)) <= 0)
wolfSSL 16:8e0d178b1d1e 42000 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 42001
wolfSSL 16:8e0d178b1d1e 42002 if (wolfSSL_BIO_printf(bp, " Timeout : %ld (sec)\n",
wolfSSL 16:8e0d178b1d1e 42003 wolfSSL_SESSION_get_timeout(x)) <= 0)
wolfSSL 16:8e0d178b1d1e 42004 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 42005
wolfSSL 16:8e0d178b1d1e 42006 /* @TODO verify return code print */
wolfSSL 16:8e0d178b1d1e 42007
wolfSSL 16:8e0d178b1d1e 42008 if (wolfSSL_BIO_printf(bp, " Extended master secret: %s\n",
wolfSSL 16:8e0d178b1d1e 42009 (wolfSSL_SESSION_haveEMS(session) == 0)? "no" : "yes") <= 0)
wolfSSL 16:8e0d178b1d1e 42010 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 42011
wolfSSL 16:8e0d178b1d1e 42012 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 42013 }
wolfSSL 16:8e0d178b1d1e 42014 #endif /* (HAVE_SESSION_TICKET || SESSION_CERTS) && !NO_FILESYSTEM */
wolfSSL 16:8e0d178b1d1e 42015
wolfSSL 16:8e0d178b1d1e 42016 #endif /* OPENSSL_ALL || OPENSSL_EXTRA || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */
wolfSSL 15:117db924cf7c 42017
wolfSSL 15:117db924cf7c 42018 #if defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && defined(HAVE_STUNNEL)) \
wolfSSL 15:117db924cf7c 42019 || defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX)
wolfSSL 15:117db924cf7c 42020
wolfSSL 15:117db924cf7c 42021 int wolfSSL_CTX_get_verify_mode(WOLFSSL_CTX* ctx)
wolfSSL 15:117db924cf7c 42022 {
wolfSSL 15:117db924cf7c 42023 int mode = 0;
wolfSSL 15:117db924cf7c 42024 WOLFSSL_ENTER("wolfSSL_CTX_get_verify_mode");
wolfSSL 15:117db924cf7c 42025
wolfSSL 15:117db924cf7c 42026 if(!ctx)
wolfSSL 15:117db924cf7c 42027 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 42028
wolfSSL 15:117db924cf7c 42029 if (ctx->verifyPeer)
wolfSSL 15:117db924cf7c 42030 mode |= WOLFSSL_VERIFY_PEER;
wolfSSL 15:117db924cf7c 42031 else if (ctx->verifyNone)
wolfSSL 15:117db924cf7c 42032 mode |= WOLFSSL_VERIFY_NONE;
wolfSSL 15:117db924cf7c 42033
wolfSSL 15:117db924cf7c 42034 if (ctx->failNoCert)
wolfSSL 15:117db924cf7c 42035 mode |= WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT;
wolfSSL 15:117db924cf7c 42036
wolfSSL 15:117db924cf7c 42037 if (ctx->failNoCertxPSK)
wolfSSL 15:117db924cf7c 42038 mode |= WOLFSSL_VERIFY_FAIL_EXCEPT_PSK;
wolfSSL 15:117db924cf7c 42039
wolfSSL 15:117db924cf7c 42040 WOLFSSL_LEAVE("wolfSSL_CTX_get_verify_mode", mode);
wolfSSL 15:117db924cf7c 42041 return mode;
wolfSSL 15:117db924cf7c 42042 }
wolfSSL 16:8e0d178b1d1e 42043
wolfSSL 16:8e0d178b1d1e 42044 #endif
wolfSSL 15:117db924cf7c 42045 #if defined(OPENSSL_EXTRA) && defined(HAVE_CURVE25519)
wolfSSL 15:117db924cf7c 42046 /* return 1 if success, 0 if error
wolfSSL 15:117db924cf7c 42047 * output keys are little endian format
wolfSSL 15:117db924cf7c 42048 */
wolfSSL 15:117db924cf7c 42049 int wolfSSL_EC25519_generate_key(unsigned char *priv, unsigned int *privSz,
wolfSSL 15:117db924cf7c 42050 unsigned char *pub, unsigned int *pubSz)
wolfSSL 15:117db924cf7c 42051 {
wolfSSL 15:117db924cf7c 42052 #ifndef WOLFSSL_KEY_GEN
wolfSSL 15:117db924cf7c 42053 WOLFSSL_MSG("No Key Gen built in");
wolfSSL 15:117db924cf7c 42054 (void) priv;
wolfSSL 15:117db924cf7c 42055 (void) privSz;
wolfSSL 15:117db924cf7c 42056 (void) pub;
wolfSSL 15:117db924cf7c 42057 (void) pubSz;
wolfSSL 15:117db924cf7c 42058 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 42059 #else /* WOLFSSL_KEY_GEN */
wolfSSL 15:117db924cf7c 42060 int ret = WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 42061 int initTmpRng = 0;
wolfSSL 15:117db924cf7c 42062 WC_RNG *rng = NULL;
wolfSSL 15:117db924cf7c 42063 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 42064 WC_RNG *tmpRNG = NULL;
wolfSSL 15:117db924cf7c 42065 #else
wolfSSL 15:117db924cf7c 42066 WC_RNG tmpRNG[1];
wolfSSL 15:117db924cf7c 42067 #endif
wolfSSL 15:117db924cf7c 42068
wolfSSL 15:117db924cf7c 42069 WOLFSSL_ENTER("wolfSSL_EC25519_generate_key");
wolfSSL 15:117db924cf7c 42070
wolfSSL 15:117db924cf7c 42071 if (priv == NULL || privSz == NULL || *privSz < CURVE25519_KEYSIZE ||
wolfSSL 15:117db924cf7c 42072 pub == NULL || pubSz == NULL || *pubSz < CURVE25519_KEYSIZE) {
wolfSSL 15:117db924cf7c 42073 WOLFSSL_MSG("Bad arguments");
wolfSSL 15:117db924cf7c 42074 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 42075 }
wolfSSL 15:117db924cf7c 42076
wolfSSL 15:117db924cf7c 42077 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 42078 tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG);
wolfSSL 15:117db924cf7c 42079 if (tmpRNG == NULL)
wolfSSL 15:117db924cf7c 42080 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 42081 #endif
wolfSSL 15:117db924cf7c 42082 if (wc_InitRng(tmpRNG) == 0) {
wolfSSL 15:117db924cf7c 42083 rng = tmpRNG;
wolfSSL 15:117db924cf7c 42084 initTmpRng = 1;
wolfSSL 15:117db924cf7c 42085 }
wolfSSL 15:117db924cf7c 42086 else {
wolfSSL 15:117db924cf7c 42087 WOLFSSL_MSG("Bad RNG Init, trying global");
wolfSSL 15:117db924cf7c 42088 if (initGlobalRNG == 0)
wolfSSL 15:117db924cf7c 42089 WOLFSSL_MSG("Global RNG no Init");
wolfSSL 15:117db924cf7c 42090 else
wolfSSL 15:117db924cf7c 42091 rng = &globalRNG;
wolfSSL 15:117db924cf7c 42092 }
wolfSSL 15:117db924cf7c 42093
wolfSSL 15:117db924cf7c 42094 if (rng) {
wolfSSL 15:117db924cf7c 42095 curve25519_key key;
wolfSSL 15:117db924cf7c 42096
wolfSSL 15:117db924cf7c 42097 if (wc_curve25519_init(&key) != MP_OKAY)
wolfSSL 15:117db924cf7c 42098 WOLFSSL_MSG("wc_curve25519_init failed");
wolfSSL 15:117db924cf7c 42099 else if (wc_curve25519_make_key(rng, CURVE25519_KEYSIZE, &key)!=MP_OKAY)
wolfSSL 15:117db924cf7c 42100 WOLFSSL_MSG("wc_curve25519_make_key failed");
wolfSSL 15:117db924cf7c 42101 /* export key pair */
wolfSSL 15:117db924cf7c 42102 else if (wc_curve25519_export_key_raw_ex(&key, priv, privSz, pub,
wolfSSL 15:117db924cf7c 42103 pubSz, EC25519_LITTLE_ENDIAN)
wolfSSL 15:117db924cf7c 42104 != MP_OKAY)
wolfSSL 15:117db924cf7c 42105 WOLFSSL_MSG("wc_curve25519_export_key_raw_ex failed");
wolfSSL 15:117db924cf7c 42106 else
wolfSSL 15:117db924cf7c 42107 ret = WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 42108
wolfSSL 15:117db924cf7c 42109 wc_curve25519_free(&key);
wolfSSL 15:117db924cf7c 42110 }
wolfSSL 15:117db924cf7c 42111
wolfSSL 15:117db924cf7c 42112 if (initTmpRng)
wolfSSL 15:117db924cf7c 42113 wc_FreeRng(tmpRNG);
wolfSSL 15:117db924cf7c 42114
wolfSSL 15:117db924cf7c 42115 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 42116 XFREE(tmpRNG, NULL, DYNAMIC_TYPE_RNG);
wolfSSL 15:117db924cf7c 42117 #endif
wolfSSL 15:117db924cf7c 42118
wolfSSL 15:117db924cf7c 42119 return ret;
wolfSSL 15:117db924cf7c 42120 #endif /* WOLFSSL_KEY_GEN */
wolfSSL 15:117db924cf7c 42121 }
wolfSSL 15:117db924cf7c 42122
wolfSSL 15:117db924cf7c 42123 /* return 1 if success, 0 if error
wolfSSL 15:117db924cf7c 42124 * input and output keys are little endian format
wolfSSL 15:117db924cf7c 42125 */
wolfSSL 15:117db924cf7c 42126 int wolfSSL_EC25519_shared_key(unsigned char *shared, unsigned int *sharedSz,
wolfSSL 15:117db924cf7c 42127 const unsigned char *priv, unsigned int privSz,
wolfSSL 15:117db924cf7c 42128 const unsigned char *pub, unsigned int pubSz)
wolfSSL 15:117db924cf7c 42129 {
wolfSSL 15:117db924cf7c 42130 #ifndef WOLFSSL_KEY_GEN
wolfSSL 15:117db924cf7c 42131 WOLFSSL_MSG("No Key Gen built in");
wolfSSL 15:117db924cf7c 42132 (void) shared;
wolfSSL 15:117db924cf7c 42133 (void) sharedSz;
wolfSSL 15:117db924cf7c 42134 (void) priv;
wolfSSL 15:117db924cf7c 42135 (void) privSz;
wolfSSL 15:117db924cf7c 42136 (void) pub;
wolfSSL 15:117db924cf7c 42137 (void) pubSz;
wolfSSL 15:117db924cf7c 42138 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 42139 #else /* WOLFSSL_KEY_GEN */
wolfSSL 15:117db924cf7c 42140 int ret = WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 42141 curve25519_key privkey, pubkey;
wolfSSL 15:117db924cf7c 42142
wolfSSL 15:117db924cf7c 42143 WOLFSSL_ENTER("wolfSSL_EC25519_shared_key");
wolfSSL 15:117db924cf7c 42144
wolfSSL 15:117db924cf7c 42145 if (shared == NULL || sharedSz == NULL || *sharedSz < CURVE25519_KEYSIZE ||
wolfSSL 15:117db924cf7c 42146 priv == NULL || privSz < CURVE25519_KEYSIZE ||
wolfSSL 15:117db924cf7c 42147 pub == NULL || pubSz < CURVE25519_KEYSIZE) {
wolfSSL 15:117db924cf7c 42148 WOLFSSL_MSG("Bad arguments");
wolfSSL 15:117db924cf7c 42149 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 42150 }
wolfSSL 15:117db924cf7c 42151
wolfSSL 15:117db924cf7c 42152 /* import private key */
wolfSSL 15:117db924cf7c 42153 if (wc_curve25519_init(&privkey) != MP_OKAY) {
wolfSSL 15:117db924cf7c 42154 WOLFSSL_MSG("wc_curve25519_init privkey failed");
wolfSSL 15:117db924cf7c 42155 return ret;
wolfSSL 15:117db924cf7c 42156 }
wolfSSL 15:117db924cf7c 42157 if (wc_curve25519_import_private_ex(priv, privSz, &privkey,
wolfSSL 15:117db924cf7c 42158 EC25519_LITTLE_ENDIAN) != MP_OKAY) {
wolfSSL 15:117db924cf7c 42159 WOLFSSL_MSG("wc_curve25519_import_private_ex failed");
wolfSSL 15:117db924cf7c 42160 wc_curve25519_free(&privkey);
wolfSSL 15:117db924cf7c 42161 return ret;
wolfSSL 15:117db924cf7c 42162 }
wolfSSL 15:117db924cf7c 42163
wolfSSL 15:117db924cf7c 42164 /* import public key */
wolfSSL 15:117db924cf7c 42165 if (wc_curve25519_init(&pubkey) != MP_OKAY) {
wolfSSL 15:117db924cf7c 42166 WOLFSSL_MSG("wc_curve25519_init pubkey failed");
wolfSSL 15:117db924cf7c 42167 wc_curve25519_free(&privkey);
wolfSSL 15:117db924cf7c 42168 return ret;
wolfSSL 15:117db924cf7c 42169 }
wolfSSL 15:117db924cf7c 42170 if (wc_curve25519_import_public_ex(pub, pubSz, &pubkey,
wolfSSL 15:117db924cf7c 42171 EC25519_LITTLE_ENDIAN) != MP_OKAY) {
wolfSSL 15:117db924cf7c 42172 WOLFSSL_MSG("wc_curve25519_import_public_ex failed");
wolfSSL 15:117db924cf7c 42173 wc_curve25519_free(&privkey);
wolfSSL 15:117db924cf7c 42174 wc_curve25519_free(&pubkey);
wolfSSL 15:117db924cf7c 42175 return ret;
wolfSSL 15:117db924cf7c 42176 }
wolfSSL 15:117db924cf7c 42177
wolfSSL 15:117db924cf7c 42178 if (wc_curve25519_shared_secret_ex(&privkey, &pubkey,
wolfSSL 15:117db924cf7c 42179 shared, sharedSz,
wolfSSL 15:117db924cf7c 42180 EC25519_LITTLE_ENDIAN) != MP_OKAY)
wolfSSL 15:117db924cf7c 42181 WOLFSSL_MSG("wc_curve25519_shared_secret_ex failed");
wolfSSL 15:117db924cf7c 42182 else
wolfSSL 15:117db924cf7c 42183 ret = WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 42184
wolfSSL 15:117db924cf7c 42185 wc_curve25519_free(&privkey);
wolfSSL 15:117db924cf7c 42186 wc_curve25519_free(&pubkey);
wolfSSL 15:117db924cf7c 42187
wolfSSL 15:117db924cf7c 42188 return ret;
wolfSSL 15:117db924cf7c 42189 #endif /* WOLFSSL_KEY_GEN */
wolfSSL 15:117db924cf7c 42190 }
wolfSSL 15:117db924cf7c 42191 #endif /* OPENSSL_EXTRA && HAVE_CURVE25519 */
wolfSSL 15:117db924cf7c 42192
wolfSSL 15:117db924cf7c 42193 #if defined(OPENSSL_EXTRA) && defined(HAVE_ED25519)
wolfSSL 15:117db924cf7c 42194 /* return 1 if success, 0 if error
wolfSSL 15:117db924cf7c 42195 * output keys are little endian format
wolfSSL 15:117db924cf7c 42196 */
wolfSSL 15:117db924cf7c 42197 int wolfSSL_ED25519_generate_key(unsigned char *priv, unsigned int *privSz,
wolfSSL 15:117db924cf7c 42198 unsigned char *pub, unsigned int *pubSz)
wolfSSL 15:117db924cf7c 42199 {
wolfSSL 15:117db924cf7c 42200 #ifndef WOLFSSL_KEY_GEN
wolfSSL 15:117db924cf7c 42201 WOLFSSL_MSG("No Key Gen built in");
wolfSSL 15:117db924cf7c 42202 (void) priv;
wolfSSL 15:117db924cf7c 42203 (void) privSz;
wolfSSL 15:117db924cf7c 42204 (void) pub;
wolfSSL 15:117db924cf7c 42205 (void) pubSz;
wolfSSL 15:117db924cf7c 42206 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 42207 #else /* WOLFSSL_KEY_GEN */
wolfSSL 15:117db924cf7c 42208 int ret = WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 42209 int initTmpRng = 0;
wolfSSL 15:117db924cf7c 42210 WC_RNG *rng = NULL;
wolfSSL 15:117db924cf7c 42211 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 42212 WC_RNG *tmpRNG = NULL;
wolfSSL 15:117db924cf7c 42213 #else
wolfSSL 15:117db924cf7c 42214 WC_RNG tmpRNG[1];
wolfSSL 15:117db924cf7c 42215 #endif
wolfSSL 15:117db924cf7c 42216
wolfSSL 15:117db924cf7c 42217 WOLFSSL_ENTER("wolfSSL_ED25519_generate_key");
wolfSSL 15:117db924cf7c 42218
wolfSSL 15:117db924cf7c 42219 if (priv == NULL || privSz == NULL || *privSz < ED25519_PRV_KEY_SIZE ||
wolfSSL 15:117db924cf7c 42220 pub == NULL || pubSz == NULL || *pubSz < ED25519_PUB_KEY_SIZE) {
wolfSSL 15:117db924cf7c 42221 WOLFSSL_MSG("Bad arguments");
wolfSSL 15:117db924cf7c 42222 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 42223 }
wolfSSL 15:117db924cf7c 42224
wolfSSL 15:117db924cf7c 42225 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 42226 tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG);
wolfSSL 15:117db924cf7c 42227 if (tmpRNG == NULL)
wolfSSL 15:117db924cf7c 42228 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 42229 #endif
wolfSSL 15:117db924cf7c 42230 if (wc_InitRng(tmpRNG) == 0) {
wolfSSL 15:117db924cf7c 42231 rng = tmpRNG;
wolfSSL 15:117db924cf7c 42232 initTmpRng = 1;
wolfSSL 15:117db924cf7c 42233 }
wolfSSL 15:117db924cf7c 42234 else {
wolfSSL 15:117db924cf7c 42235 WOLFSSL_MSG("Bad RNG Init, trying global");
wolfSSL 15:117db924cf7c 42236 if (initGlobalRNG == 0)
wolfSSL 15:117db924cf7c 42237 WOLFSSL_MSG("Global RNG no Init");
wolfSSL 15:117db924cf7c 42238 else
wolfSSL 15:117db924cf7c 42239 rng = &globalRNG;
wolfSSL 15:117db924cf7c 42240 }
wolfSSL 15:117db924cf7c 42241
wolfSSL 15:117db924cf7c 42242 if (rng) {
wolfSSL 15:117db924cf7c 42243 ed25519_key key;
wolfSSL 15:117db924cf7c 42244
wolfSSL 15:117db924cf7c 42245 if (wc_ed25519_init(&key) != MP_OKAY)
wolfSSL 15:117db924cf7c 42246 WOLFSSL_MSG("wc_ed25519_init failed");
wolfSSL 15:117db924cf7c 42247 else if (wc_ed25519_make_key(rng, ED25519_KEY_SIZE, &key)!=MP_OKAY)
wolfSSL 15:117db924cf7c 42248 WOLFSSL_MSG("wc_ed25519_make_key failed");
wolfSSL 15:117db924cf7c 42249 /* export private key */
wolfSSL 15:117db924cf7c 42250 else if (wc_ed25519_export_key(&key, priv, privSz, pub, pubSz)!=MP_OKAY)
wolfSSL 15:117db924cf7c 42251 WOLFSSL_MSG("wc_ed25519_export_key failed");
wolfSSL 15:117db924cf7c 42252 else
wolfSSL 15:117db924cf7c 42253 ret = WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 42254
wolfSSL 15:117db924cf7c 42255 wc_ed25519_free(&key);
wolfSSL 15:117db924cf7c 42256 }
wolfSSL 15:117db924cf7c 42257
wolfSSL 15:117db924cf7c 42258 if (initTmpRng)
wolfSSL 15:117db924cf7c 42259 wc_FreeRng(tmpRNG);
wolfSSL 15:117db924cf7c 42260
wolfSSL 15:117db924cf7c 42261 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 42262 XFREE(tmpRNG, NULL, DYNAMIC_TYPE_RNG);
wolfSSL 15:117db924cf7c 42263 #endif
wolfSSL 15:117db924cf7c 42264
wolfSSL 15:117db924cf7c 42265 return ret;
wolfSSL 15:117db924cf7c 42266 #endif /* WOLFSSL_KEY_GEN */
wolfSSL 15:117db924cf7c 42267 }
wolfSSL 15:117db924cf7c 42268
wolfSSL 15:117db924cf7c 42269 /* return 1 if success, 0 if error
wolfSSL 15:117db924cf7c 42270 * input and output keys are little endian format
wolfSSL 15:117db924cf7c 42271 * priv is a buffer containing private and public part of key
wolfSSL 15:117db924cf7c 42272 */
wolfSSL 15:117db924cf7c 42273 int wolfSSL_ED25519_sign(const unsigned char *msg, unsigned int msgSz,
wolfSSL 15:117db924cf7c 42274 const unsigned char *priv, unsigned int privSz,
wolfSSL 15:117db924cf7c 42275 unsigned char *sig, unsigned int *sigSz)
wolfSSL 15:117db924cf7c 42276 {
wolfSSL 15:117db924cf7c 42277 #ifndef WOLFSSL_KEY_GEN
wolfSSL 15:117db924cf7c 42278 WOLFSSL_MSG("No Key Gen built in");
wolfSSL 15:117db924cf7c 42279 (void) msg;
wolfSSL 15:117db924cf7c 42280 (void) msgSz;
wolfSSL 15:117db924cf7c 42281 (void) priv;
wolfSSL 15:117db924cf7c 42282 (void) privSz;
wolfSSL 15:117db924cf7c 42283 (void) sig;
wolfSSL 15:117db924cf7c 42284 (void) sigSz;
wolfSSL 15:117db924cf7c 42285 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 42286 #else /* WOLFSSL_KEY_GEN */
wolfSSL 15:117db924cf7c 42287 ed25519_key key;
wolfSSL 15:117db924cf7c 42288 int ret = WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 42289
wolfSSL 15:117db924cf7c 42290 WOLFSSL_ENTER("wolfSSL_ED25519_sign");
wolfSSL 15:117db924cf7c 42291
wolfSSL 15:117db924cf7c 42292 if (priv == NULL || privSz != ED25519_PRV_KEY_SIZE ||
wolfSSL 15:117db924cf7c 42293 msg == NULL || sig == NULL || *sigSz < ED25519_SIG_SIZE) {
wolfSSL 15:117db924cf7c 42294 WOLFSSL_MSG("Bad arguments");
wolfSSL 15:117db924cf7c 42295 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 42296 }
wolfSSL 15:117db924cf7c 42297
wolfSSL 15:117db924cf7c 42298 /* import key */
wolfSSL 15:117db924cf7c 42299 if (wc_ed25519_init(&key) != MP_OKAY) {
wolfSSL 15:117db924cf7c 42300 WOLFSSL_MSG("wc_curve25519_init failed");
wolfSSL 15:117db924cf7c 42301 return ret;
wolfSSL 15:117db924cf7c 42302 }
wolfSSL 15:117db924cf7c 42303 if (wc_ed25519_import_private_key(priv, privSz/2,
wolfSSL 15:117db924cf7c 42304 priv+(privSz/2), ED25519_PUB_KEY_SIZE,
wolfSSL 15:117db924cf7c 42305 &key) != MP_OKAY){
wolfSSL 15:117db924cf7c 42306 WOLFSSL_MSG("wc_ed25519_import_private failed");
wolfSSL 15:117db924cf7c 42307 wc_ed25519_free(&key);
wolfSSL 15:117db924cf7c 42308 return ret;
wolfSSL 15:117db924cf7c 42309 }
wolfSSL 15:117db924cf7c 42310
wolfSSL 15:117db924cf7c 42311 if (wc_ed25519_sign_msg(msg, msgSz, sig, sigSz, &key) != MP_OKAY)
wolfSSL 15:117db924cf7c 42312 WOLFSSL_MSG("wc_curve25519_shared_secret_ex failed");
wolfSSL 15:117db924cf7c 42313 else
wolfSSL 15:117db924cf7c 42314 ret = WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 42315
wolfSSL 15:117db924cf7c 42316 wc_ed25519_free(&key);
wolfSSL 15:117db924cf7c 42317
wolfSSL 15:117db924cf7c 42318 return ret;
wolfSSL 15:117db924cf7c 42319 #endif /* WOLFSSL_KEY_GEN */
wolfSSL 15:117db924cf7c 42320 }
wolfSSL 15:117db924cf7c 42321
wolfSSL 15:117db924cf7c 42322 /* return 1 if success, 0 if error
wolfSSL 15:117db924cf7c 42323 * input and output keys are little endian format
wolfSSL 15:117db924cf7c 42324 * pub is a buffer containing public part of key
wolfSSL 15:117db924cf7c 42325 */
wolfSSL 15:117db924cf7c 42326 int wolfSSL_ED25519_verify(const unsigned char *msg, unsigned int msgSz,
wolfSSL 15:117db924cf7c 42327 const unsigned char *pub, unsigned int pubSz,
wolfSSL 15:117db924cf7c 42328 const unsigned char *sig, unsigned int sigSz)
wolfSSL 15:117db924cf7c 42329 {
wolfSSL 15:117db924cf7c 42330 #ifndef WOLFSSL_KEY_GEN
wolfSSL 15:117db924cf7c 42331 WOLFSSL_MSG("No Key Gen built in");
wolfSSL 15:117db924cf7c 42332 (void) msg;
wolfSSL 15:117db924cf7c 42333 (void) msgSz;
wolfSSL 15:117db924cf7c 42334 (void) pub;
wolfSSL 15:117db924cf7c 42335 (void) pubSz;
wolfSSL 15:117db924cf7c 42336 (void) sig;
wolfSSL 15:117db924cf7c 42337 (void) sigSz;
wolfSSL 15:117db924cf7c 42338 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 42339 #else /* WOLFSSL_KEY_GEN */
wolfSSL 15:117db924cf7c 42340 ed25519_key key;
wolfSSL 15:117db924cf7c 42341 int ret = WOLFSSL_FAILURE, check = 0;
wolfSSL 15:117db924cf7c 42342
wolfSSL 15:117db924cf7c 42343 WOLFSSL_ENTER("wolfSSL_ED25519_verify");
wolfSSL 15:117db924cf7c 42344
wolfSSL 15:117db924cf7c 42345 if (pub == NULL || pubSz != ED25519_PUB_KEY_SIZE ||
wolfSSL 15:117db924cf7c 42346 msg == NULL || sig == NULL || sigSz != ED25519_SIG_SIZE) {
wolfSSL 15:117db924cf7c 42347 WOLFSSL_MSG("Bad arguments");
wolfSSL 15:117db924cf7c 42348 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 42349 }
wolfSSL 15:117db924cf7c 42350
wolfSSL 15:117db924cf7c 42351 /* import key */
wolfSSL 15:117db924cf7c 42352 if (wc_ed25519_init(&key) != MP_OKAY) {
wolfSSL 15:117db924cf7c 42353 WOLFSSL_MSG("wc_curve25519_init failed");
wolfSSL 15:117db924cf7c 42354 return ret;
wolfSSL 15:117db924cf7c 42355 }
wolfSSL 15:117db924cf7c 42356 if (wc_ed25519_import_public(pub, pubSz, &key) != MP_OKAY){
wolfSSL 15:117db924cf7c 42357 WOLFSSL_MSG("wc_ed25519_import_public failed");
wolfSSL 15:117db924cf7c 42358 wc_ed25519_free(&key);
wolfSSL 15:117db924cf7c 42359 return ret;
wolfSSL 15:117db924cf7c 42360 }
wolfSSL 15:117db924cf7c 42361
wolfSSL 15:117db924cf7c 42362 if ((ret = wc_ed25519_verify_msg((byte*)sig, sigSz, msg, msgSz,
wolfSSL 15:117db924cf7c 42363 &check, &key)) != MP_OKAY) {
wolfSSL 15:117db924cf7c 42364 WOLFSSL_MSG("wc_ed25519_verify_msg failed");
wolfSSL 15:117db924cf7c 42365 }
wolfSSL 15:117db924cf7c 42366 else if (!check)
wolfSSL 15:117db924cf7c 42367 WOLFSSL_MSG("wc_ed25519_verify_msg failed (signature invalid)");
wolfSSL 15:117db924cf7c 42368 else
wolfSSL 15:117db924cf7c 42369 ret = WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 42370
wolfSSL 15:117db924cf7c 42371 wc_ed25519_free(&key);
wolfSSL 15:117db924cf7c 42372
wolfSSL 15:117db924cf7c 42373 return ret;
wolfSSL 15:117db924cf7c 42374 #endif /* WOLFSSL_KEY_GEN */
wolfSSL 15:117db924cf7c 42375 }
wolfSSL 15:117db924cf7c 42376
wolfSSL 15:117db924cf7c 42377 #endif /* OPENSSL_EXTRA && HAVE_ED25519 */
wolfSSL 15:117db924cf7c 42378
wolfSSL 16:8e0d178b1d1e 42379 #if defined(OPENSSL_EXTRA) && defined(HAVE_CURVE448)
wolfSSL 16:8e0d178b1d1e 42380 /* return 1 if success, 0 if error
wolfSSL 16:8e0d178b1d1e 42381 * output keys are little endian format
wolfSSL 16:8e0d178b1d1e 42382 */
wolfSSL 16:8e0d178b1d1e 42383 int wolfSSL_EC448_generate_key(unsigned char *priv, unsigned int *privSz,
wolfSSL 16:8e0d178b1d1e 42384 unsigned char *pub, unsigned int *pubSz)
wolfSSL 16:8e0d178b1d1e 42385 {
wolfSSL 16:8e0d178b1d1e 42386 #ifndef WOLFSSL_KEY_GEN
wolfSSL 16:8e0d178b1d1e 42387 WOLFSSL_MSG("No Key Gen built in");
wolfSSL 16:8e0d178b1d1e 42388 (void) priv;
wolfSSL 16:8e0d178b1d1e 42389 (void) privSz;
wolfSSL 16:8e0d178b1d1e 42390 (void) pub;
wolfSSL 16:8e0d178b1d1e 42391 (void) pubSz;
wolfSSL 16:8e0d178b1d1e 42392 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 42393 #else /* WOLFSSL_KEY_GEN */
wolfSSL 16:8e0d178b1d1e 42394 int ret = WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 42395 int initTmpRng = 0;
wolfSSL 16:8e0d178b1d1e 42396 WC_RNG *rng = NULL;
wolfSSL 16:8e0d178b1d1e 42397 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 16:8e0d178b1d1e 42398 WC_RNG *tmpRNG = NULL;
wolfSSL 16:8e0d178b1d1e 42399 #else
wolfSSL 16:8e0d178b1d1e 42400 WC_RNG tmpRNG[1];
wolfSSL 16:8e0d178b1d1e 42401 #endif
wolfSSL 16:8e0d178b1d1e 42402
wolfSSL 16:8e0d178b1d1e 42403 WOLFSSL_ENTER("wolfSSL_EC448_generate_key");
wolfSSL 16:8e0d178b1d1e 42404
wolfSSL 16:8e0d178b1d1e 42405 if (priv == NULL || privSz == NULL || *privSz < CURVE448_KEY_SIZE ||
wolfSSL 16:8e0d178b1d1e 42406 pub == NULL || pubSz == NULL || *pubSz < CURVE448_KEY_SIZE) {
wolfSSL 16:8e0d178b1d1e 42407 WOLFSSL_MSG("Bad arguments");
wolfSSL 16:8e0d178b1d1e 42408 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 42409 }
wolfSSL 16:8e0d178b1d1e 42410
wolfSSL 16:8e0d178b1d1e 42411 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 16:8e0d178b1d1e 42412 tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG);
wolfSSL 16:8e0d178b1d1e 42413 if (tmpRNG == NULL)
wolfSSL 16:8e0d178b1d1e 42414 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 42415 #endif
wolfSSL 16:8e0d178b1d1e 42416 if (wc_InitRng(tmpRNG) == 0) {
wolfSSL 16:8e0d178b1d1e 42417 rng = tmpRNG;
wolfSSL 16:8e0d178b1d1e 42418 initTmpRng = 1;
wolfSSL 16:8e0d178b1d1e 42419 }
wolfSSL 16:8e0d178b1d1e 42420 else {
wolfSSL 16:8e0d178b1d1e 42421 WOLFSSL_MSG("Bad RNG Init, trying global");
wolfSSL 16:8e0d178b1d1e 42422 if (initGlobalRNG == 0)
wolfSSL 16:8e0d178b1d1e 42423 WOLFSSL_MSG("Global RNG no Init");
wolfSSL 16:8e0d178b1d1e 42424 else
wolfSSL 16:8e0d178b1d1e 42425 rng = &globalRNG;
wolfSSL 16:8e0d178b1d1e 42426 }
wolfSSL 16:8e0d178b1d1e 42427
wolfSSL 16:8e0d178b1d1e 42428 if (rng) {
wolfSSL 16:8e0d178b1d1e 42429 curve448_key key;
wolfSSL 16:8e0d178b1d1e 42430
wolfSSL 16:8e0d178b1d1e 42431 if (wc_curve448_init(&key) != MP_OKAY)
wolfSSL 16:8e0d178b1d1e 42432 WOLFSSL_MSG("wc_curve448_init failed");
wolfSSL 16:8e0d178b1d1e 42433 else if (wc_curve448_make_key(rng, CURVE448_KEY_SIZE, &key)!=MP_OKAY)
wolfSSL 16:8e0d178b1d1e 42434 WOLFSSL_MSG("wc_curve448_make_key failed");
wolfSSL 16:8e0d178b1d1e 42435 /* export key pair */
wolfSSL 16:8e0d178b1d1e 42436 else if (wc_curve448_export_key_raw_ex(&key, priv, privSz, pub, pubSz,
wolfSSL 16:8e0d178b1d1e 42437 EC448_LITTLE_ENDIAN)
wolfSSL 16:8e0d178b1d1e 42438 != MP_OKAY)
wolfSSL 16:8e0d178b1d1e 42439 WOLFSSL_MSG("wc_curve448_export_key_raw_ex failed");
wolfSSL 16:8e0d178b1d1e 42440 else
wolfSSL 16:8e0d178b1d1e 42441 ret = WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 42442
wolfSSL 16:8e0d178b1d1e 42443 wc_curve448_free(&key);
wolfSSL 16:8e0d178b1d1e 42444 }
wolfSSL 16:8e0d178b1d1e 42445
wolfSSL 16:8e0d178b1d1e 42446 if (initTmpRng)
wolfSSL 16:8e0d178b1d1e 42447 wc_FreeRng(tmpRNG);
wolfSSL 16:8e0d178b1d1e 42448
wolfSSL 16:8e0d178b1d1e 42449 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 16:8e0d178b1d1e 42450 XFREE(tmpRNG, NULL, DYNAMIC_TYPE_RNG);
wolfSSL 16:8e0d178b1d1e 42451 #endif
wolfSSL 16:8e0d178b1d1e 42452
wolfSSL 16:8e0d178b1d1e 42453 return ret;
wolfSSL 16:8e0d178b1d1e 42454 #endif /* WOLFSSL_KEY_GEN */
wolfSSL 16:8e0d178b1d1e 42455 }
wolfSSL 16:8e0d178b1d1e 42456
wolfSSL 16:8e0d178b1d1e 42457 /* return 1 if success, 0 if error
wolfSSL 16:8e0d178b1d1e 42458 * input and output keys are little endian format
wolfSSL 16:8e0d178b1d1e 42459 */
wolfSSL 16:8e0d178b1d1e 42460 int wolfSSL_EC448_shared_key(unsigned char *shared, unsigned int *sharedSz,
wolfSSL 16:8e0d178b1d1e 42461 const unsigned char *priv, unsigned int privSz,
wolfSSL 16:8e0d178b1d1e 42462 const unsigned char *pub, unsigned int pubSz)
wolfSSL 16:8e0d178b1d1e 42463 {
wolfSSL 16:8e0d178b1d1e 42464 #ifndef WOLFSSL_KEY_GEN
wolfSSL 16:8e0d178b1d1e 42465 WOLFSSL_MSG("No Key Gen built in");
wolfSSL 16:8e0d178b1d1e 42466 (void) shared;
wolfSSL 16:8e0d178b1d1e 42467 (void) sharedSz;
wolfSSL 16:8e0d178b1d1e 42468 (void) priv;
wolfSSL 16:8e0d178b1d1e 42469 (void) privSz;
wolfSSL 16:8e0d178b1d1e 42470 (void) pub;
wolfSSL 16:8e0d178b1d1e 42471 (void) pubSz;
wolfSSL 16:8e0d178b1d1e 42472 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 42473 #else /* WOLFSSL_KEY_GEN */
wolfSSL 16:8e0d178b1d1e 42474 int ret = WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 42475 curve448_key privkey, pubkey;
wolfSSL 16:8e0d178b1d1e 42476
wolfSSL 16:8e0d178b1d1e 42477 WOLFSSL_ENTER("wolfSSL_EC448_shared_key");
wolfSSL 16:8e0d178b1d1e 42478
wolfSSL 16:8e0d178b1d1e 42479 if (shared == NULL || sharedSz == NULL || *sharedSz < CURVE448_KEY_SIZE ||
wolfSSL 16:8e0d178b1d1e 42480 priv == NULL || privSz < CURVE448_KEY_SIZE ||
wolfSSL 16:8e0d178b1d1e 42481 pub == NULL || pubSz < CURVE448_KEY_SIZE) {
wolfSSL 16:8e0d178b1d1e 42482 WOLFSSL_MSG("Bad arguments");
wolfSSL 16:8e0d178b1d1e 42483 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 42484 }
wolfSSL 16:8e0d178b1d1e 42485
wolfSSL 16:8e0d178b1d1e 42486 /* import private key */
wolfSSL 16:8e0d178b1d1e 42487 if (wc_curve448_init(&privkey) != MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 42488 WOLFSSL_MSG("wc_curve448_init privkey failed");
wolfSSL 16:8e0d178b1d1e 42489 return ret;
wolfSSL 16:8e0d178b1d1e 42490 }
wolfSSL 16:8e0d178b1d1e 42491 if (wc_curve448_import_private_ex(priv, privSz, &privkey,
wolfSSL 16:8e0d178b1d1e 42492 EC448_LITTLE_ENDIAN) != MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 42493 WOLFSSL_MSG("wc_curve448_import_private_ex failed");
wolfSSL 16:8e0d178b1d1e 42494 wc_curve448_free(&privkey);
wolfSSL 16:8e0d178b1d1e 42495 return ret;
wolfSSL 16:8e0d178b1d1e 42496 }
wolfSSL 16:8e0d178b1d1e 42497
wolfSSL 16:8e0d178b1d1e 42498 /* import public key */
wolfSSL 16:8e0d178b1d1e 42499 if (wc_curve448_init(&pubkey) != MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 42500 WOLFSSL_MSG("wc_curve448_init pubkey failed");
wolfSSL 16:8e0d178b1d1e 42501 wc_curve448_free(&privkey);
wolfSSL 16:8e0d178b1d1e 42502 return ret;
wolfSSL 16:8e0d178b1d1e 42503 }
wolfSSL 16:8e0d178b1d1e 42504 if (wc_curve448_import_public_ex(pub, pubSz, &pubkey,
wolfSSL 16:8e0d178b1d1e 42505 EC448_LITTLE_ENDIAN) != MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 42506 WOLFSSL_MSG("wc_curve448_import_public_ex failed");
wolfSSL 16:8e0d178b1d1e 42507 wc_curve448_free(&privkey);
wolfSSL 16:8e0d178b1d1e 42508 wc_curve448_free(&pubkey);
wolfSSL 16:8e0d178b1d1e 42509 return ret;
wolfSSL 16:8e0d178b1d1e 42510 }
wolfSSL 16:8e0d178b1d1e 42511
wolfSSL 16:8e0d178b1d1e 42512 if (wc_curve448_shared_secret_ex(&privkey, &pubkey, shared, sharedSz,
wolfSSL 16:8e0d178b1d1e 42513 EC448_LITTLE_ENDIAN) != MP_OKAY)
wolfSSL 16:8e0d178b1d1e 42514 WOLFSSL_MSG("wc_curve448_shared_secret_ex failed");
wolfSSL 16:8e0d178b1d1e 42515 else
wolfSSL 16:8e0d178b1d1e 42516 ret = WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 42517
wolfSSL 16:8e0d178b1d1e 42518 wc_curve448_free(&privkey);
wolfSSL 16:8e0d178b1d1e 42519 wc_curve448_free(&pubkey);
wolfSSL 16:8e0d178b1d1e 42520
wolfSSL 16:8e0d178b1d1e 42521 return ret;
wolfSSL 16:8e0d178b1d1e 42522 #endif /* WOLFSSL_KEY_GEN */
wolfSSL 16:8e0d178b1d1e 42523 }
wolfSSL 16:8e0d178b1d1e 42524 #endif /* OPENSSL_EXTRA && HAVE_CURVE448 */
wolfSSL 16:8e0d178b1d1e 42525
wolfSSL 16:8e0d178b1d1e 42526 #if defined(OPENSSL_EXTRA) && defined(HAVE_ED448)
wolfSSL 16:8e0d178b1d1e 42527 /* return 1 if success, 0 if error
wolfSSL 16:8e0d178b1d1e 42528 * output keys are little endian format
wolfSSL 16:8e0d178b1d1e 42529 */
wolfSSL 16:8e0d178b1d1e 42530 int wolfSSL_ED448_generate_key(unsigned char *priv, unsigned int *privSz,
wolfSSL 16:8e0d178b1d1e 42531 unsigned char *pub, unsigned int *pubSz)
wolfSSL 16:8e0d178b1d1e 42532 {
wolfSSL 16:8e0d178b1d1e 42533 #ifndef WOLFSSL_KEY_GEN
wolfSSL 16:8e0d178b1d1e 42534 WOLFSSL_MSG("No Key Gen built in");
wolfSSL 16:8e0d178b1d1e 42535 (void) priv;
wolfSSL 16:8e0d178b1d1e 42536 (void) privSz;
wolfSSL 16:8e0d178b1d1e 42537 (void) pub;
wolfSSL 16:8e0d178b1d1e 42538 (void) pubSz;
wolfSSL 16:8e0d178b1d1e 42539 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 42540 #else /* WOLFSSL_KEY_GEN */
wolfSSL 16:8e0d178b1d1e 42541 int ret = WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 42542 int initTmpRng = 0;
wolfSSL 16:8e0d178b1d1e 42543 WC_RNG *rng = NULL;
wolfSSL 16:8e0d178b1d1e 42544 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 16:8e0d178b1d1e 42545 WC_RNG *tmpRNG = NULL;
wolfSSL 16:8e0d178b1d1e 42546 #else
wolfSSL 16:8e0d178b1d1e 42547 WC_RNG tmpRNG[1];
wolfSSL 16:8e0d178b1d1e 42548 #endif
wolfSSL 16:8e0d178b1d1e 42549
wolfSSL 16:8e0d178b1d1e 42550 WOLFSSL_ENTER("wolfSSL_ED448_generate_key");
wolfSSL 16:8e0d178b1d1e 42551
wolfSSL 16:8e0d178b1d1e 42552 if (priv == NULL || privSz == NULL || *privSz < ED448_PRV_KEY_SIZE ||
wolfSSL 16:8e0d178b1d1e 42553 pub == NULL || pubSz == NULL || *pubSz < ED448_PUB_KEY_SIZE) {
wolfSSL 16:8e0d178b1d1e 42554 WOLFSSL_MSG("Bad arguments");
wolfSSL 16:8e0d178b1d1e 42555 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 42556 }
wolfSSL 16:8e0d178b1d1e 42557
wolfSSL 16:8e0d178b1d1e 42558 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 16:8e0d178b1d1e 42559 tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG);
wolfSSL 16:8e0d178b1d1e 42560 if (tmpRNG == NULL)
wolfSSL 16:8e0d178b1d1e 42561 return WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 42562 #endif
wolfSSL 16:8e0d178b1d1e 42563 if (wc_InitRng(tmpRNG) == 0) {
wolfSSL 16:8e0d178b1d1e 42564 rng = tmpRNG;
wolfSSL 16:8e0d178b1d1e 42565 initTmpRng = 1;
wolfSSL 16:8e0d178b1d1e 42566 }
wolfSSL 16:8e0d178b1d1e 42567 else {
wolfSSL 16:8e0d178b1d1e 42568 WOLFSSL_MSG("Bad RNG Init, trying global");
wolfSSL 16:8e0d178b1d1e 42569 if (initGlobalRNG == 0)
wolfSSL 16:8e0d178b1d1e 42570 WOLFSSL_MSG("Global RNG no Init");
wolfSSL 16:8e0d178b1d1e 42571 else
wolfSSL 16:8e0d178b1d1e 42572 rng = &globalRNG;
wolfSSL 16:8e0d178b1d1e 42573 }
wolfSSL 16:8e0d178b1d1e 42574
wolfSSL 16:8e0d178b1d1e 42575 if (rng) {
wolfSSL 16:8e0d178b1d1e 42576 ed448_key key;
wolfSSL 16:8e0d178b1d1e 42577
wolfSSL 16:8e0d178b1d1e 42578 if (wc_ed448_init(&key) != MP_OKAY)
wolfSSL 16:8e0d178b1d1e 42579 WOLFSSL_MSG("wc_ed448_init failed");
wolfSSL 16:8e0d178b1d1e 42580 else if (wc_ed448_make_key(rng, ED448_KEY_SIZE, &key) != MP_OKAY)
wolfSSL 16:8e0d178b1d1e 42581 WOLFSSL_MSG("wc_ed448_make_key failed");
wolfSSL 16:8e0d178b1d1e 42582 /* export private key */
wolfSSL 16:8e0d178b1d1e 42583 else if (wc_ed448_export_key(&key, priv, privSz, pub, pubSz) != MP_OKAY)
wolfSSL 16:8e0d178b1d1e 42584 WOLFSSL_MSG("wc_ed448_export_key failed");
wolfSSL 16:8e0d178b1d1e 42585 else
wolfSSL 16:8e0d178b1d1e 42586 ret = WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 42587
wolfSSL 16:8e0d178b1d1e 42588 wc_ed448_free(&key);
wolfSSL 16:8e0d178b1d1e 42589 }
wolfSSL 16:8e0d178b1d1e 42590
wolfSSL 16:8e0d178b1d1e 42591 if (initTmpRng)
wolfSSL 16:8e0d178b1d1e 42592 wc_FreeRng(tmpRNG);
wolfSSL 16:8e0d178b1d1e 42593
wolfSSL 16:8e0d178b1d1e 42594 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 16:8e0d178b1d1e 42595 XFREE(tmpRNG, NULL, DYNAMIC_TYPE_RNG);
wolfSSL 16:8e0d178b1d1e 42596 #endif
wolfSSL 16:8e0d178b1d1e 42597
wolfSSL 16:8e0d178b1d1e 42598 return ret;
wolfSSL 16:8e0d178b1d1e 42599 #endif /* WOLFSSL_KEY_GEN */
wolfSSL 16:8e0d178b1d1e 42600 }
wolfSSL 16:8e0d178b1d1e 42601
wolfSSL 16:8e0d178b1d1e 42602 /* return 1 if success, 0 if error
wolfSSL 16:8e0d178b1d1e 42603 * input and output keys are little endian format
wolfSSL 16:8e0d178b1d1e 42604 * priv is a buffer containing private and public part of key
wolfSSL 16:8e0d178b1d1e 42605 */
wolfSSL 16:8e0d178b1d1e 42606 int wolfSSL_ED448_sign(const unsigned char *msg, unsigned int msgSz,
wolfSSL 16:8e0d178b1d1e 42607 const unsigned char *priv, unsigned int privSz,
wolfSSL 16:8e0d178b1d1e 42608 unsigned char *sig, unsigned int *sigSz)
wolfSSL 16:8e0d178b1d1e 42609 {
wolfSSL 16:8e0d178b1d1e 42610 #ifndef WOLFSSL_KEY_GEN
wolfSSL 16:8e0d178b1d1e 42611 WOLFSSL_MSG("No Key Gen built in");
wolfSSL 16:8e0d178b1d1e 42612 (void) msg;
wolfSSL 16:8e0d178b1d1e 42613 (void) msgSz;
wolfSSL 16:8e0d178b1d1e 42614 (void) priv;
wolfSSL 16:8e0d178b1d1e 42615 (void) privSz;
wolfSSL 16:8e0d178b1d1e 42616 (void) sig;
wolfSSL 16:8e0d178b1d1e 42617 (void) sigSz;
wolfSSL 16:8e0d178b1d1e 42618 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 42619 #else /* WOLFSSL_KEY_GEN */
wolfSSL 16:8e0d178b1d1e 42620 ed448_key key;
wolfSSL 16:8e0d178b1d1e 42621 int ret = WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 42622
wolfSSL 16:8e0d178b1d1e 42623 WOLFSSL_ENTER("wolfSSL_ED448_sign");
wolfSSL 16:8e0d178b1d1e 42624
wolfSSL 16:8e0d178b1d1e 42625 if (priv == NULL || privSz != ED448_PRV_KEY_SIZE || msg == NULL ||
wolfSSL 16:8e0d178b1d1e 42626 sig == NULL || *sigSz < ED448_SIG_SIZE) {
wolfSSL 16:8e0d178b1d1e 42627 WOLFSSL_MSG("Bad arguments");
wolfSSL 16:8e0d178b1d1e 42628 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 42629 }
wolfSSL 16:8e0d178b1d1e 42630
wolfSSL 16:8e0d178b1d1e 42631 /* import key */
wolfSSL 16:8e0d178b1d1e 42632 if (wc_ed448_init(&key) != MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 42633 WOLFSSL_MSG("wc_curve448_init failed");
wolfSSL 16:8e0d178b1d1e 42634 return ret;
wolfSSL 16:8e0d178b1d1e 42635 }
wolfSSL 16:8e0d178b1d1e 42636 if (wc_ed448_import_private_key(priv, privSz/2, priv+(privSz/2),
wolfSSL 16:8e0d178b1d1e 42637 ED448_PUB_KEY_SIZE, &key) != MP_OKAY){
wolfSSL 16:8e0d178b1d1e 42638 WOLFSSL_MSG("wc_ed448_import_private failed");
wolfSSL 16:8e0d178b1d1e 42639 wc_ed448_free(&key);
wolfSSL 16:8e0d178b1d1e 42640 return ret;
wolfSSL 16:8e0d178b1d1e 42641 }
wolfSSL 16:8e0d178b1d1e 42642
wolfSSL 16:8e0d178b1d1e 42643 if (wc_ed448_sign_msg(msg, msgSz, sig, sigSz, &key) != MP_OKAY)
wolfSSL 16:8e0d178b1d1e 42644 WOLFSSL_MSG("wc_curve448_shared_secret_ex failed");
wolfSSL 16:8e0d178b1d1e 42645 else
wolfSSL 16:8e0d178b1d1e 42646 ret = WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 42647
wolfSSL 16:8e0d178b1d1e 42648 wc_ed448_free(&key);
wolfSSL 16:8e0d178b1d1e 42649
wolfSSL 16:8e0d178b1d1e 42650 return ret;
wolfSSL 16:8e0d178b1d1e 42651 #endif /* WOLFSSL_KEY_GEN */
wolfSSL 16:8e0d178b1d1e 42652 }
wolfSSL 16:8e0d178b1d1e 42653
wolfSSL 16:8e0d178b1d1e 42654 /* return 1 if success, 0 if error
wolfSSL 16:8e0d178b1d1e 42655 * input and output keys are little endian format
wolfSSL 16:8e0d178b1d1e 42656 * pub is a buffer containing public part of key
wolfSSL 16:8e0d178b1d1e 42657 */
wolfSSL 16:8e0d178b1d1e 42658 int wolfSSL_ED448_verify(const unsigned char *msg, unsigned int msgSz,
wolfSSL 16:8e0d178b1d1e 42659 const unsigned char *pub, unsigned int pubSz,
wolfSSL 16:8e0d178b1d1e 42660 const unsigned char *sig, unsigned int sigSz)
wolfSSL 16:8e0d178b1d1e 42661 {
wolfSSL 16:8e0d178b1d1e 42662 #ifndef WOLFSSL_KEY_GEN
wolfSSL 16:8e0d178b1d1e 42663 WOLFSSL_MSG("No Key Gen built in");
wolfSSL 16:8e0d178b1d1e 42664 (void) msg;
wolfSSL 16:8e0d178b1d1e 42665 (void) msgSz;
wolfSSL 16:8e0d178b1d1e 42666 (void) pub;
wolfSSL 16:8e0d178b1d1e 42667 (void) pubSz;
wolfSSL 16:8e0d178b1d1e 42668 (void) sig;
wolfSSL 16:8e0d178b1d1e 42669 (void) sigSz;
wolfSSL 16:8e0d178b1d1e 42670 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 42671 #else /* WOLFSSL_KEY_GEN */
wolfSSL 16:8e0d178b1d1e 42672 ed448_key key;
wolfSSL 16:8e0d178b1d1e 42673 int ret = WOLFSSL_FAILURE, check = 0;
wolfSSL 16:8e0d178b1d1e 42674
wolfSSL 16:8e0d178b1d1e 42675 WOLFSSL_ENTER("wolfSSL_ED448_verify");
wolfSSL 16:8e0d178b1d1e 42676
wolfSSL 16:8e0d178b1d1e 42677 if (pub == NULL || pubSz != ED448_PUB_KEY_SIZE || msg == NULL ||
wolfSSL 16:8e0d178b1d1e 42678 sig == NULL || sigSz != ED448_SIG_SIZE) {
wolfSSL 16:8e0d178b1d1e 42679 WOLFSSL_MSG("Bad arguments");
wolfSSL 16:8e0d178b1d1e 42680 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 42681 }
wolfSSL 16:8e0d178b1d1e 42682
wolfSSL 16:8e0d178b1d1e 42683 /* import key */
wolfSSL 16:8e0d178b1d1e 42684 if (wc_ed448_init(&key) != MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 42685 WOLFSSL_MSG("wc_curve448_init failed");
wolfSSL 16:8e0d178b1d1e 42686 return ret;
wolfSSL 16:8e0d178b1d1e 42687 }
wolfSSL 16:8e0d178b1d1e 42688 if (wc_ed448_import_public(pub, pubSz, &key) != MP_OKAY){
wolfSSL 16:8e0d178b1d1e 42689 WOLFSSL_MSG("wc_ed448_import_public failed");
wolfSSL 16:8e0d178b1d1e 42690 wc_ed448_free(&key);
wolfSSL 16:8e0d178b1d1e 42691 return ret;
wolfSSL 16:8e0d178b1d1e 42692 }
wolfSSL 16:8e0d178b1d1e 42693
wolfSSL 16:8e0d178b1d1e 42694 if ((ret = wc_ed448_verify_msg((byte*)sig, sigSz, msg, msgSz, &check,
wolfSSL 16:8e0d178b1d1e 42695 &key)) != MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 42696 WOLFSSL_MSG("wc_ed448_verify_msg failed");
wolfSSL 16:8e0d178b1d1e 42697 }
wolfSSL 16:8e0d178b1d1e 42698 else if (!check)
wolfSSL 16:8e0d178b1d1e 42699 WOLFSSL_MSG("wc_ed448_verify_msg failed (signature invalid)");
wolfSSL 16:8e0d178b1d1e 42700 else
wolfSSL 16:8e0d178b1d1e 42701 ret = WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 42702
wolfSSL 16:8e0d178b1d1e 42703 wc_ed448_free(&key);
wolfSSL 16:8e0d178b1d1e 42704
wolfSSL 16:8e0d178b1d1e 42705 return ret;
wolfSSL 16:8e0d178b1d1e 42706 #endif /* WOLFSSL_KEY_GEN */
wolfSSL 16:8e0d178b1d1e 42707 }
wolfSSL 16:8e0d178b1d1e 42708
wolfSSL 16:8e0d178b1d1e 42709 #endif /* OPENSSL_EXTRA && HAVE_ED448 */
wolfSSL 16:8e0d178b1d1e 42710
wolfSSL 15:117db924cf7c 42711 #ifdef WOLFSSL_JNI
wolfSSL 15:117db924cf7c 42712
wolfSSL 15:117db924cf7c 42713 int wolfSSL_set_jobject(WOLFSSL* ssl, void* objPtr)
wolfSSL 15:117db924cf7c 42714 {
wolfSSL 15:117db924cf7c 42715 WOLFSSL_ENTER("wolfSSL_set_jobject");
wolfSSL 15:117db924cf7c 42716 if (ssl != NULL)
wolfSSL 15:117db924cf7c 42717 {
wolfSSL 15:117db924cf7c 42718 ssl->jObjectRef = objPtr;
wolfSSL 15:117db924cf7c 42719 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 42720 }
wolfSSL 15:117db924cf7c 42721 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 42722 }
wolfSSL 15:117db924cf7c 42723
wolfSSL 15:117db924cf7c 42724 void* wolfSSL_get_jobject(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 42725 {
wolfSSL 15:117db924cf7c 42726 WOLFSSL_ENTER("wolfSSL_get_jobject");
wolfSSL 15:117db924cf7c 42727 if (ssl != NULL)
wolfSSL 15:117db924cf7c 42728 return ssl->jObjectRef;
wolfSSL 15:117db924cf7c 42729 return NULL;
wolfSSL 15:117db924cf7c 42730 }
wolfSSL 15:117db924cf7c 42731
wolfSSL 15:117db924cf7c 42732 #endif /* WOLFSSL_JNI */
wolfSSL 15:117db924cf7c 42733
wolfSSL 15:117db924cf7c 42734
wolfSSL 15:117db924cf7c 42735 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 15:117db924cf7c 42736 int wolfSSL_CTX_AsyncPoll(WOLFSSL_CTX* ctx, WOLF_EVENT** events, int maxEvents,
wolfSSL 15:117db924cf7c 42737 WOLF_EVENT_FLAG flags, int* eventCount)
wolfSSL 15:117db924cf7c 42738 {
wolfSSL 15:117db924cf7c 42739 if (ctx == NULL) {
wolfSSL 15:117db924cf7c 42740 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 42741 }
wolfSSL 15:117db924cf7c 42742
wolfSSL 15:117db924cf7c 42743 return wolfAsync_EventQueuePoll(&ctx->event_queue, NULL,
wolfSSL 15:117db924cf7c 42744 events, maxEvents, flags, eventCount);
wolfSSL 15:117db924cf7c 42745 }
wolfSSL 15:117db924cf7c 42746
wolfSSL 15:117db924cf7c 42747 int wolfSSL_AsyncPoll(WOLFSSL* ssl, WOLF_EVENT_FLAG flags)
wolfSSL 15:117db924cf7c 42748 {
wolfSSL 15:117db924cf7c 42749 int ret, eventCount = 0;
wolfSSL 15:117db924cf7c 42750 WOLF_EVENT* events[1];
wolfSSL 15:117db924cf7c 42751
wolfSSL 15:117db924cf7c 42752 if (ssl == NULL) {
wolfSSL 15:117db924cf7c 42753 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 42754 }
wolfSSL 15:117db924cf7c 42755
wolfSSL 15:117db924cf7c 42756 ret = wolfAsync_EventQueuePoll(&ssl->ctx->event_queue, ssl,
wolfSSL 16:8e0d178b1d1e 42757 events, sizeof(events)/sizeof(*events), flags, &eventCount);
wolfSSL 15:117db924cf7c 42758 if (ret == 0) {
wolfSSL 15:117db924cf7c 42759 ret = eventCount;
wolfSSL 15:117db924cf7c 42760 }
wolfSSL 15:117db924cf7c 42761
wolfSSL 15:117db924cf7c 42762 return ret;
wolfSSL 15:117db924cf7c 42763 }
wolfSSL 15:117db924cf7c 42764 #endif /* WOLFSSL_ASYNC_CRYPT */
wolfSSL 15:117db924cf7c 42765
wolfSSL 15:117db924cf7c 42766 #ifdef OPENSSL_EXTRA
wolfSSL 15:117db924cf7c 42767 unsigned long wolfSSL_ERR_peek_error_line_data(const char **file, int *line,
wolfSSL 15:117db924cf7c 42768 const char **data, int *flags)
wolfSSL 15:117db924cf7c 42769 {
wolfSSL 15:117db924cf7c 42770 WOLFSSL_ENTER("wolfSSL_ERR_peek_error_line_data");
wolfSSL 15:117db924cf7c 42771
wolfSSL 15:117db924cf7c 42772 (void)line;
wolfSSL 15:117db924cf7c 42773 (void)file;
wolfSSL 15:117db924cf7c 42774
wolfSSL 15:117db924cf7c 42775 /* No data or flags stored - error display only in Nginx. */
wolfSSL 15:117db924cf7c 42776 if (data != NULL) {
wolfSSL 15:117db924cf7c 42777 *data = "";
wolfSSL 15:117db924cf7c 42778 }
wolfSSL 15:117db924cf7c 42779 if (flags != NULL) {
wolfSSL 15:117db924cf7c 42780 *flags = 0;
wolfSSL 15:117db924cf7c 42781 }
wolfSSL 15:117db924cf7c 42782
wolfSSL 15:117db924cf7c 42783 #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \
wolfSSL 16:8e0d178b1d1e 42784 defined(WOLFSSL_OPENSSH) || defined(WOLFSSL_HAPROXY) || \
wolfSSL 16:8e0d178b1d1e 42785 defined(WOLFSSL_MYSQL_COMPATIBLE)
wolfSSL 15:117db924cf7c 42786 {
wolfSSL 15:117db924cf7c 42787 int ret = 0;
wolfSSL 15:117db924cf7c 42788
wolfSSL 15:117db924cf7c 42789 while (1) {
wolfSSL 15:117db924cf7c 42790 if ((ret = wc_PeekErrorNode(-1, file, NULL, line)) < 0) {
wolfSSL 15:117db924cf7c 42791 WOLFSSL_MSG("Issue peeking at error node in queue");
wolfSSL 15:117db924cf7c 42792 return 0;
wolfSSL 15:117db924cf7c 42793 }
wolfSSL 16:8e0d178b1d1e 42794 /* OpenSSL uses positive error codes */
wolfSSL 16:8e0d178b1d1e 42795 if (ret < 0) {
wolfSSL 16:8e0d178b1d1e 42796 ret = -ret;
wolfSSL 16:8e0d178b1d1e 42797 }
wolfSSL 16:8e0d178b1d1e 42798
wolfSSL 16:8e0d178b1d1e 42799 if (ret == -ASN_NO_PEM_HEADER)
wolfSSL 15:117db924cf7c 42800 return (ERR_LIB_PEM << 24) | PEM_R_NO_START_LINE;
wolfSSL 15:117db924cf7c 42801 if (ret != WANT_READ && ret != WANT_WRITE &&
wolfSSL 15:117db924cf7c 42802 ret != ZERO_RETURN && ret != WOLFSSL_ERROR_ZERO_RETURN &&
wolfSSL 15:117db924cf7c 42803 ret != SOCKET_PEER_CLOSED_E && ret != SOCKET_ERROR_E)
wolfSSL 15:117db924cf7c 42804 break;
wolfSSL 15:117db924cf7c 42805
wolfSSL 15:117db924cf7c 42806 wc_RemoveErrorNode(-1);
wolfSSL 15:117db924cf7c 42807 }
wolfSSL 15:117db924cf7c 42808
wolfSSL 15:117db924cf7c 42809 return (unsigned long)ret;
wolfSSL 15:117db924cf7c 42810 }
wolfSSL 15:117db924cf7c 42811 #else
wolfSSL 15:117db924cf7c 42812 return (unsigned long)(0 - NOT_COMPILED_IN);
wolfSSL 15:117db924cf7c 42813 #endif
wolfSSL 15:117db924cf7c 42814 }
wolfSSL 15:117db924cf7c 42815 #endif
wolfSSL 15:117db924cf7c 42816
wolfSSL 15:117db924cf7c 42817 #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
wolfSSL 15:117db924cf7c 42818
wolfSSL 16:8e0d178b1d1e 42819 /* returns a pointer to internal cipher suite list. Should not be free'd by
wolfSSL 16:8e0d178b1d1e 42820 * caller.
wolfSSL 16:8e0d178b1d1e 42821 */
wolfSSL 15:117db924cf7c 42822 WOLF_STACK_OF(WOLFSSL_CIPHER) *wolfSSL_get_ciphers_compat(const WOLFSSL *ssl)
wolfSSL 15:117db924cf7c 42823 {
wolfSSL 16:8e0d178b1d1e 42824 WOLF_STACK_OF(WOLFSSL_CIPHER)* ret = NULL;
wolfSSL 16:8e0d178b1d1e 42825 Suites* suites;
wolfSSL 16:8e0d178b1d1e 42826
wolfSSL 16:8e0d178b1d1e 42827 WOLFSSL_ENTER("wolfSSL_get_ciphers_compat");
wolfSSL 16:8e0d178b1d1e 42828 if (ssl == NULL || (ssl->suites == NULL && ssl->ctx->suites == NULL)) {
wolfSSL 16:8e0d178b1d1e 42829 return NULL;
wolfSSL 16:8e0d178b1d1e 42830 }
wolfSSL 16:8e0d178b1d1e 42831
wolfSSL 16:8e0d178b1d1e 42832 if (ssl->suites != NULL) {
wolfSSL 16:8e0d178b1d1e 42833 suites = ssl->suites;
wolfSSL 16:8e0d178b1d1e 42834 }
wolfSSL 16:8e0d178b1d1e 42835 else {
wolfSSL 16:8e0d178b1d1e 42836 suites = ssl->ctx->suites;
wolfSSL 16:8e0d178b1d1e 42837 }
wolfSSL 16:8e0d178b1d1e 42838
wolfSSL 16:8e0d178b1d1e 42839 /* check if stack needs populated */
wolfSSL 16:8e0d178b1d1e 42840 if (suites->stack == NULL) {
wolfSSL 16:8e0d178b1d1e 42841 int i;
wolfSSL 16:8e0d178b1d1e 42842 for (i = 0; i < suites->suiteSz; i+=2) {
wolfSSL 16:8e0d178b1d1e 42843 WOLFSSL_STACK* add = wolfSSL_sk_new_node(ssl->heap);
wolfSSL 16:8e0d178b1d1e 42844 if (add != NULL) {
wolfSSL 16:8e0d178b1d1e 42845 add->type = STACK_TYPE_CIPHER;
wolfSSL 16:8e0d178b1d1e 42846 add->data.cipher.cipherSuite0 = suites->suites[i];
wolfSSL 16:8e0d178b1d1e 42847 add->data.cipher.cipherSuite = suites->suites[i+1];
wolfSSL 16:8e0d178b1d1e 42848 #if defined(WOLFSSL_QT) || defined(OPENSSL_ALL)
wolfSSL 16:8e0d178b1d1e 42849 /* in_stack is checked in wolfSSL_CIPHER_description */
wolfSSL 16:8e0d178b1d1e 42850 add->data.cipher.in_stack = 1;
wolfSSL 16:8e0d178b1d1e 42851 #endif
wolfSSL 16:8e0d178b1d1e 42852
wolfSSL 16:8e0d178b1d1e 42853 add->next = ret;
wolfSSL 16:8e0d178b1d1e 42854 if (ret != NULL) {
wolfSSL 16:8e0d178b1d1e 42855 add->num = ret->num + 1;
wolfSSL 16:8e0d178b1d1e 42856 }
wolfSSL 16:8e0d178b1d1e 42857 else {
wolfSSL 16:8e0d178b1d1e 42858 add->num = 1;
wolfSSL 16:8e0d178b1d1e 42859 }
wolfSSL 16:8e0d178b1d1e 42860 ret = add;
wolfSSL 16:8e0d178b1d1e 42861 }
wolfSSL 16:8e0d178b1d1e 42862 }
wolfSSL 16:8e0d178b1d1e 42863 suites->stack = ret;
wolfSSL 16:8e0d178b1d1e 42864 }
wolfSSL 16:8e0d178b1d1e 42865 return suites->stack;
wolfSSL 16:8e0d178b1d1e 42866 }
wolfSSL 15:117db924cf7c 42867
wolfSSL 15:117db924cf7c 42868 #ifndef NO_WOLFSSL_STUB
wolfSSL 15:117db924cf7c 42869 void wolfSSL_OPENSSL_config(char *config_name)
wolfSSL 15:117db924cf7c 42870 {
wolfSSL 15:117db924cf7c 42871 (void)config_name;
wolfSSL 15:117db924cf7c 42872 WOLFSSL_STUB("OPENSSL_config");
wolfSSL 15:117db924cf7c 42873 }
wolfSSL 16:8e0d178b1d1e 42874 #endif /* !NO_WOLFSSL_STUB */
wolfSSL 16:8e0d178b1d1e 42875 #endif /* OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */
wolfSSL 15:117db924cf7c 42876
wolfSSL 15:117db924cf7c 42877 #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) \
wolfSSL 15:117db924cf7c 42878 || defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY)
wolfSSL 15:117db924cf7c 42879 int wolfSSL_X509_get_ex_new_index(int idx, void *arg, void *a, void *b, void *c)
wolfSSL 15:117db924cf7c 42880 {
wolfSSL 15:117db924cf7c 42881 static int x509_idx = 0;
wolfSSL 15:117db924cf7c 42882
wolfSSL 15:117db924cf7c 42883 WOLFSSL_ENTER("wolfSSL_X509_get_ex_new_index");
wolfSSL 15:117db924cf7c 42884 (void)idx;
wolfSSL 15:117db924cf7c 42885 (void)arg;
wolfSSL 15:117db924cf7c 42886 (void)a;
wolfSSL 15:117db924cf7c 42887 (void)b;
wolfSSL 15:117db924cf7c 42888 (void)c;
wolfSSL 15:117db924cf7c 42889
wolfSSL 15:117db924cf7c 42890 return x509_idx++;
wolfSSL 15:117db924cf7c 42891 }
wolfSSL 15:117db924cf7c 42892
wolfSSL 16:8e0d178b1d1e 42893 #if defined(HAVE_EX_DATA) || defined(FORTRESS)
wolfSSL 16:8e0d178b1d1e 42894 void* wolfSSL_CRYPTO_get_ex_data(const WOLFSSL_CRYPTO_EX_DATA* ex_data, int idx)
wolfSSL 16:8e0d178b1d1e 42895 {
wolfSSL 16:8e0d178b1d1e 42896 WOLFSSL_ENTER("wolfSSL_CTX_get_ex_data");
wolfSSL 16:8e0d178b1d1e 42897 #ifdef MAX_EX_DATA
wolfSSL 16:8e0d178b1d1e 42898 if(ex_data && idx < MAX_EX_DATA && idx >= 0) {
wolfSSL 16:8e0d178b1d1e 42899 return ex_data->ex_data[idx];
wolfSSL 16:8e0d178b1d1e 42900 }
wolfSSL 16:8e0d178b1d1e 42901 #else
wolfSSL 16:8e0d178b1d1e 42902 (void)ex_data;
wolfSSL 16:8e0d178b1d1e 42903 (void)idx;
wolfSSL 16:8e0d178b1d1e 42904 #endif
wolfSSL 16:8e0d178b1d1e 42905 return NULL;
wolfSSL 16:8e0d178b1d1e 42906 }
wolfSSL 16:8e0d178b1d1e 42907
wolfSSL 16:8e0d178b1d1e 42908 int wolfSSL_CRYPTO_set_ex_data(WOLFSSL_CRYPTO_EX_DATA* ex_data, int idx, void *data)
wolfSSL 16:8e0d178b1d1e 42909 {
wolfSSL 16:8e0d178b1d1e 42910 WOLFSSL_ENTER("wolfSSL_CRYPTO_set_ex_data");
wolfSSL 16:8e0d178b1d1e 42911 #ifdef MAX_EX_DATA
wolfSSL 16:8e0d178b1d1e 42912 if (ex_data && idx < MAX_EX_DATA && idx >= 0) {
wolfSSL 16:8e0d178b1d1e 42913 ex_data->ex_data[idx] = data;
wolfSSL 16:8e0d178b1d1e 42914 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 42915 }
wolfSSL 16:8e0d178b1d1e 42916 #else
wolfSSL 16:8e0d178b1d1e 42917 (void)ex_data;
wolfSSL 16:8e0d178b1d1e 42918 (void)idx;
wolfSSL 16:8e0d178b1d1e 42919 (void)data;
wolfSSL 16:8e0d178b1d1e 42920 #endif
wolfSSL 16:8e0d178b1d1e 42921 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 42922 }
wolfSSL 16:8e0d178b1d1e 42923 #endif /* defined(HAVE_EX_DATA) || defined(FORTRESS) */
wolfSSL 16:8e0d178b1d1e 42924
wolfSSL 15:117db924cf7c 42925 void *wolfSSL_X509_get_ex_data(X509 *x509, int idx)
wolfSSL 15:117db924cf7c 42926 {
wolfSSL 15:117db924cf7c 42927 WOLFSSL_ENTER("wolfSSL_X509_get_ex_data");
wolfSSL 15:117db924cf7c 42928 #ifdef HAVE_EX_DATA
wolfSSL 16:8e0d178b1d1e 42929 if (x509 != NULL) {
wolfSSL 16:8e0d178b1d1e 42930 return wolfSSL_CRYPTO_get_ex_data(&x509->ex_data, idx);
wolfSSL 15:117db924cf7c 42931 }
wolfSSL 15:117db924cf7c 42932 #else
wolfSSL 15:117db924cf7c 42933 (void)x509;
wolfSSL 15:117db924cf7c 42934 (void)idx;
wolfSSL 15:117db924cf7c 42935 #endif
wolfSSL 15:117db924cf7c 42936 return NULL;
wolfSSL 15:117db924cf7c 42937 }
wolfSSL 16:8e0d178b1d1e 42938
wolfSSL 15:117db924cf7c 42939 int wolfSSL_X509_set_ex_data(X509 *x509, int idx, void *data)
wolfSSL 15:117db924cf7c 42940 {
wolfSSL 15:117db924cf7c 42941 WOLFSSL_ENTER("wolfSSL_X509_set_ex_data");
wolfSSL 15:117db924cf7c 42942 #ifdef HAVE_EX_DATA
wolfSSL 16:8e0d178b1d1e 42943 if (x509 != NULL)
wolfSSL 16:8e0d178b1d1e 42944 {
wolfSSL 16:8e0d178b1d1e 42945 return wolfSSL_CRYPTO_set_ex_data(&x509->ex_data, idx, data);
wolfSSL 15:117db924cf7c 42946 }
wolfSSL 15:117db924cf7c 42947 #else
wolfSSL 15:117db924cf7c 42948 (void)x509;
wolfSSL 15:117db924cf7c 42949 (void)idx;
wolfSSL 15:117db924cf7c 42950 (void)data;
wolfSSL 15:117db924cf7c 42951 #endif
wolfSSL 15:117db924cf7c 42952 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 42953 }
wolfSSL 16:8e0d178b1d1e 42954
wolfSSL 15:117db924cf7c 42955 int wolfSSL_X509_NAME_digest(const WOLFSSL_X509_NAME *name,
wolfSSL 15:117db924cf7c 42956 const WOLFSSL_EVP_MD *type, unsigned char *md, unsigned int *len)
wolfSSL 15:117db924cf7c 42957 {
wolfSSL 15:117db924cf7c 42958 WOLFSSL_ENTER("wolfSSL_X509_NAME_digest");
wolfSSL 15:117db924cf7c 42959
wolfSSL 15:117db924cf7c 42960 if (name == NULL || type == NULL)
wolfSSL 15:117db924cf7c 42961 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 42962
wolfSSL 16:8e0d178b1d1e 42963 #if !defined(NO_FILESYSTEM) && !defined(NO_PWDBASED)
wolfSSL 15:117db924cf7c 42964 return wolfSSL_EVP_Digest((unsigned char*)name->fullName.fullName,
wolfSSL 15:117db924cf7c 42965 name->fullName.fullNameLen, md, len, type, NULL);
wolfSSL 15:117db924cf7c 42966 #else
wolfSSL 15:117db924cf7c 42967 (void)md;
wolfSSL 15:117db924cf7c 42968 (void)len;
wolfSSL 15:117db924cf7c 42969 return NOT_COMPILED_IN;
wolfSSL 15:117db924cf7c 42970 #endif
wolfSSL 15:117db924cf7c 42971 }
wolfSSL 15:117db924cf7c 42972
wolfSSL 15:117db924cf7c 42973 long wolfSSL_SSL_CTX_get_timeout(const WOLFSSL_CTX *ctx)
wolfSSL 15:117db924cf7c 42974 {
wolfSSL 15:117db924cf7c 42975 WOLFSSL_ENTER("wolfSSL_SSL_CTX_get_timeout");
wolfSSL 15:117db924cf7c 42976
wolfSSL 15:117db924cf7c 42977 if (ctx == NULL)
wolfSSL 15:117db924cf7c 42978 return 0;
wolfSSL 15:117db924cf7c 42979
wolfSSL 15:117db924cf7c 42980 return ctx->timeout;
wolfSSL 15:117db924cf7c 42981 }
wolfSSL 15:117db924cf7c 42982
wolfSSL 16:8e0d178b1d1e 42983
wolfSSL 16:8e0d178b1d1e 42984 /* returns the time in seconds of the current timeout */
wolfSSL 16:8e0d178b1d1e 42985 long wolfSSL_get_timeout(WOLFSSL* ssl)
wolfSSL 16:8e0d178b1d1e 42986 {
wolfSSL 16:8e0d178b1d1e 42987 WOLFSSL_ENTER("wolfSSL_get_timeout");
wolfSSL 16:8e0d178b1d1e 42988
wolfSSL 16:8e0d178b1d1e 42989 if (ssl == NULL)
wolfSSL 16:8e0d178b1d1e 42990 return 0;
wolfSSL 16:8e0d178b1d1e 42991 return ssl->timeout;
wolfSSL 16:8e0d178b1d1e 42992 }
wolfSSL 16:8e0d178b1d1e 42993
wolfSSL 15:117db924cf7c 42994 #ifdef HAVE_ECC
wolfSSL 15:117db924cf7c 42995 int wolfSSL_SSL_CTX_set_tmp_ecdh(WOLFSSL_CTX *ctx, WOLFSSL_EC_KEY *ecdh)
wolfSSL 15:117db924cf7c 42996 {
wolfSSL 15:117db924cf7c 42997 WOLFSSL_ENTER("wolfSSL_SSL_CTX_set_tmp_ecdh");
wolfSSL 15:117db924cf7c 42998
wolfSSL 15:117db924cf7c 42999 if (ctx == NULL || ecdh == NULL)
wolfSSL 15:117db924cf7c 43000 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 43001
wolfSSL 15:117db924cf7c 43002 ctx->ecdhCurveOID = ecdh->group->curve_oid;
wolfSSL 15:117db924cf7c 43003
wolfSSL 15:117db924cf7c 43004 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 43005 }
wolfSSL 15:117db924cf7c 43006 #endif
wolfSSL 15:117db924cf7c 43007
wolfSSL 15:117db924cf7c 43008 /* Assumes that the session passed in is from the cache. */
wolfSSL 15:117db924cf7c 43009 int wolfSSL_SSL_CTX_remove_session(WOLFSSL_CTX *ctx, WOLFSSL_SESSION *s)
wolfSSL 15:117db924cf7c 43010 {
wolfSSL 15:117db924cf7c 43011 WOLFSSL_ENTER("wolfSSL_SSL_CTX_remove_session");
wolfSSL 15:117db924cf7c 43012
wolfSSL 15:117db924cf7c 43013 if (ctx == NULL || s == NULL)
wolfSSL 15:117db924cf7c 43014 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 43015
wolfSSL 15:117db924cf7c 43016 #ifdef HAVE_EXT_CACHE
wolfSSL 15:117db924cf7c 43017 if (!ctx->internalCacheOff)
wolfSSL 15:117db924cf7c 43018 #endif
wolfSSL 15:117db924cf7c 43019 {
wolfSSL 15:117db924cf7c 43020 /* Don't remove session just timeout session. */
wolfSSL 15:117db924cf7c 43021 s->timeout = 0;
wolfSSL 15:117db924cf7c 43022 }
wolfSSL 15:117db924cf7c 43023
wolfSSL 15:117db924cf7c 43024 #ifdef HAVE_EXT_CACHE
wolfSSL 15:117db924cf7c 43025 if (ctx->rem_sess_cb != NULL)
wolfSSL 15:117db924cf7c 43026 ctx->rem_sess_cb(ctx, s);
wolfSSL 15:117db924cf7c 43027 #endif
wolfSSL 15:117db924cf7c 43028
wolfSSL 15:117db924cf7c 43029 return 0;
wolfSSL 15:117db924cf7c 43030 }
wolfSSL 15:117db924cf7c 43031
wolfSSL 15:117db924cf7c 43032 BIO *wolfSSL_SSL_get_rbio(const WOLFSSL *s)
wolfSSL 15:117db924cf7c 43033 {
wolfSSL 15:117db924cf7c 43034 WOLFSSL_ENTER("wolfSSL_SSL_get_rbio");
wolfSSL 15:117db924cf7c 43035 /* Nginx sets the buffer size if the read BIO is different to write BIO.
wolfSSL 15:117db924cf7c 43036 * The setting buffer size doesn't do anything so return NULL for both.
wolfSSL 15:117db924cf7c 43037 */
wolfSSL 16:8e0d178b1d1e 43038 if (s == NULL)
wolfSSL 16:8e0d178b1d1e 43039 return NULL;
wolfSSL 16:8e0d178b1d1e 43040
wolfSSL 16:8e0d178b1d1e 43041 return s->biord;
wolfSSL 15:117db924cf7c 43042 }
wolfSSL 15:117db924cf7c 43043 BIO *wolfSSL_SSL_get_wbio(const WOLFSSL *s)
wolfSSL 15:117db924cf7c 43044 {
wolfSSL 15:117db924cf7c 43045 WOLFSSL_ENTER("wolfSSL_SSL_get_wbio");
wolfSSL 15:117db924cf7c 43046 (void)s;
wolfSSL 15:117db924cf7c 43047 /* Nginx sets the buffer size if the read BIO is different to write BIO.
wolfSSL 15:117db924cf7c 43048 * The setting buffer size doesn't do anything so return NULL for both.
wolfSSL 15:117db924cf7c 43049 */
wolfSSL 16:8e0d178b1d1e 43050 if (s == NULL)
wolfSSL 16:8e0d178b1d1e 43051 return NULL;
wolfSSL 16:8e0d178b1d1e 43052
wolfSSL 16:8e0d178b1d1e 43053 return s->biowr;
wolfSSL 15:117db924cf7c 43054 }
wolfSSL 15:117db924cf7c 43055
wolfSSL 15:117db924cf7c 43056 int wolfSSL_SSL_do_handshake(WOLFSSL *s)
wolfSSL 15:117db924cf7c 43057 {
wolfSSL 15:117db924cf7c 43058 WOLFSSL_ENTER("wolfSSL_SSL_do_handshake");
wolfSSL 15:117db924cf7c 43059
wolfSSL 15:117db924cf7c 43060 if (s == NULL)
wolfSSL 15:117db924cf7c 43061 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 43062
wolfSSL 15:117db924cf7c 43063 if (s->options.side == WOLFSSL_CLIENT_END) {
wolfSSL 15:117db924cf7c 43064 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 15:117db924cf7c 43065 return wolfSSL_connect(s);
wolfSSL 15:117db924cf7c 43066 #else
wolfSSL 15:117db924cf7c 43067 WOLFSSL_MSG("Client not compiled in");
wolfSSL 15:117db924cf7c 43068 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 43069 #endif
wolfSSL 15:117db924cf7c 43070 }
wolfSSL 15:117db924cf7c 43071
wolfSSL 15:117db924cf7c 43072 #ifndef NO_WOLFSSL_SERVER
wolfSSL 15:117db924cf7c 43073 return wolfSSL_accept(s);
wolfSSL 15:117db924cf7c 43074 #else
wolfSSL 15:117db924cf7c 43075 WOLFSSL_MSG("Server not compiled in");
wolfSSL 15:117db924cf7c 43076 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 43077 #endif
wolfSSL 15:117db924cf7c 43078 }
wolfSSL 15:117db924cf7c 43079
wolfSSL 16:8e0d178b1d1e 43080 int wolfSSL_SSL_in_init(WOLFSSL *ssl)
wolfSSL 16:8e0d178b1d1e 43081 {
wolfSSL 16:8e0d178b1d1e 43082 WOLFSSL_ENTER("SSL_in_init");
wolfSSL 16:8e0d178b1d1e 43083
wolfSSL 16:8e0d178b1d1e 43084 if (ssl == NULL)
wolfSSL 16:8e0d178b1d1e 43085 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 43086
wolfSSL 16:8e0d178b1d1e 43087 if (ssl->options.side == WOLFSSL_CLIENT_END) {
wolfSSL 16:8e0d178b1d1e 43088 return ssl->options.connectState < SECOND_REPLY_DONE;
wolfSSL 16:8e0d178b1d1e 43089 }
wolfSSL 16:8e0d178b1d1e 43090 return ssl->options.acceptState < ACCEPT_THIRD_REPLY_DONE;
wolfSSL 16:8e0d178b1d1e 43091 }
wolfSSL 16:8e0d178b1d1e 43092
wolfSSL 16:8e0d178b1d1e 43093 int wolfSSL_SSL_in_connect_init(WOLFSSL* ssl)
wolfSSL 16:8e0d178b1d1e 43094 {
wolfSSL 16:8e0d178b1d1e 43095 WOLFSSL_ENTER("SSL_connect_init");
wolfSSL 16:8e0d178b1d1e 43096
wolfSSL 16:8e0d178b1d1e 43097 if (ssl == NULL)
wolfSSL 16:8e0d178b1d1e 43098 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 43099
wolfSSL 16:8e0d178b1d1e 43100 if (ssl->options.side == WOLFSSL_CLIENT_END) {
wolfSSL 16:8e0d178b1d1e 43101 return ssl->options.connectState > CONNECT_BEGIN &&
wolfSSL 16:8e0d178b1d1e 43102 ssl->options.connectState < SECOND_REPLY_DONE;
wolfSSL 16:8e0d178b1d1e 43103 }
wolfSSL 16:8e0d178b1d1e 43104
wolfSSL 16:8e0d178b1d1e 43105 return ssl->options.acceptState > ACCEPT_BEGIN &&
wolfSSL 16:8e0d178b1d1e 43106 ssl->options.acceptState < ACCEPT_THIRD_REPLY_DONE;
wolfSSL 15:117db924cf7c 43107 }
wolfSSL 15:117db924cf7c 43108
wolfSSL 15:117db924cf7c 43109 #ifndef NO_SESSION_CACHE
wolfSSL 15:117db924cf7c 43110
wolfSSL 15:117db924cf7c 43111 WOLFSSL_SESSION *wolfSSL_SSL_get0_session(const WOLFSSL *ssl)
wolfSSL 15:117db924cf7c 43112 {
wolfSSL 15:117db924cf7c 43113 WOLFSSL_SESSION *session;
wolfSSL 15:117db924cf7c 43114
wolfSSL 15:117db924cf7c 43115 WOLFSSL_ENTER("wolfSSL_SSL_get0_session");
wolfSSL 15:117db924cf7c 43116
wolfSSL 15:117db924cf7c 43117 if (ssl == NULL) {
wolfSSL 15:117db924cf7c 43118 return NULL;
wolfSSL 15:117db924cf7c 43119 }
wolfSSL 15:117db924cf7c 43120
wolfSSL 15:117db924cf7c 43121 session = wolfSSL_get_session((WOLFSSL*)ssl);
wolfSSL 15:117db924cf7c 43122
wolfSSL 15:117db924cf7c 43123 #ifdef HAVE_EXT_CACHE
wolfSSL 15:117db924cf7c 43124 ((WOLFSSL*)ssl)->extSession = session;
wolfSSL 15:117db924cf7c 43125 #endif
wolfSSL 15:117db924cf7c 43126
wolfSSL 15:117db924cf7c 43127 return session;
wolfSSL 15:117db924cf7c 43128 }
wolfSSL 15:117db924cf7c 43129
wolfSSL 15:117db924cf7c 43130 #endif /* NO_SESSION_CACHE */
wolfSSL 15:117db924cf7c 43131
wolfSSL 15:117db924cf7c 43132 int wolfSSL_X509_check_host(X509 *x, const char *chk, size_t chklen,
wolfSSL 15:117db924cf7c 43133 unsigned int flags, char **peername)
wolfSSL 15:117db924cf7c 43134 {
wolfSSL 15:117db924cf7c 43135 int ret;
wolfSSL 15:117db924cf7c 43136 DecodedCert dCert;
wolfSSL 15:117db924cf7c 43137
wolfSSL 15:117db924cf7c 43138 WOLFSSL_ENTER("wolfSSL_X509_check_host");
wolfSSL 15:117db924cf7c 43139
wolfSSL 15:117db924cf7c 43140 /* flags and peername not needed for Nginx. */
wolfSSL 15:117db924cf7c 43141 (void)flags;
wolfSSL 15:117db924cf7c 43142 (void)peername;
wolfSSL 15:117db924cf7c 43143
wolfSSL 15:117db924cf7c 43144 if (flags == WOLFSSL_NO_WILDCARDS) {
wolfSSL 15:117db924cf7c 43145 WOLFSSL_MSG("X509_CHECK_FLAG_NO_WILDCARDS not yet implemented");
wolfSSL 15:117db924cf7c 43146 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 43147 }
wolfSSL 15:117db924cf7c 43148
wolfSSL 15:117db924cf7c 43149 InitDecodedCert(&dCert, x->derCert->buffer, x->derCert->length, NULL);
wolfSSL 15:117db924cf7c 43150 ret = ParseCertRelative(&dCert, CERT_TYPE, 0, NULL);
wolfSSL 16:8e0d178b1d1e 43151 if (ret != 0) {
wolfSSL 16:8e0d178b1d1e 43152 FreeDecodedCert(&dCert);
wolfSSL 16:8e0d178b1d1e 43153 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 43154 }
wolfSSL 15:117db924cf7c 43155
wolfSSL 15:117db924cf7c 43156 ret = CheckHostName(&dCert, (char *)chk, chklen);
wolfSSL 15:117db924cf7c 43157 FreeDecodedCert(&dCert);
wolfSSL 15:117db924cf7c 43158 if (ret != 0)
wolfSSL 15:117db924cf7c 43159 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 43160 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 43161 }
wolfSSL 15:117db924cf7c 43162
wolfSSL 15:117db924cf7c 43163 int wolfSSL_i2a_ASN1_INTEGER(BIO *bp, const WOLFSSL_ASN1_INTEGER *a)
wolfSSL 15:117db924cf7c 43164 {
wolfSSL 15:117db924cf7c 43165 static char num[16] = { '0', '1', '2', '3', '4', '5', '6', '7',
wolfSSL 15:117db924cf7c 43166 '8', '9', 'a', 'b', 'c', 'd', 'e', 'f' };
wolfSSL 15:117db924cf7c 43167 int i;
wolfSSL 15:117db924cf7c 43168 word32 j;
wolfSSL 15:117db924cf7c 43169 word32 len = 0;
wolfSSL 15:117db924cf7c 43170
wolfSSL 15:117db924cf7c 43171 WOLFSSL_ENTER("wolfSSL_i2a_ASN1_INTEGER");
wolfSSL 15:117db924cf7c 43172
wolfSSL 15:117db924cf7c 43173 if (bp == NULL || a == NULL)
wolfSSL 15:117db924cf7c 43174 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 43175
wolfSSL 15:117db924cf7c 43176 /* Skip ASN.1 INTEGER (type) byte. */
wolfSSL 15:117db924cf7c 43177 i = 1;
wolfSSL 16:8e0d178b1d1e 43178 /* When indefinite length, can't determine length with data available. */
wolfSSL 15:117db924cf7c 43179 if (a->data[i] == 0x80)
wolfSSL 15:117db924cf7c 43180 return 0;
wolfSSL 15:117db924cf7c 43181 /* One length byte if less than 0x80. */
wolfSSL 15:117db924cf7c 43182 if (a->data[i] < 0x80)
wolfSSL 15:117db924cf7c 43183 len = a->data[i++];
wolfSSL 15:117db924cf7c 43184 /* Multiple length byte if greater than 0x80. */
wolfSSL 15:117db924cf7c 43185 else if (a->data[i] > 0x80) {
wolfSSL 15:117db924cf7c 43186 switch (a->data[i++] - 0x80) {
wolfSSL 15:117db924cf7c 43187 case 4:
wolfSSL 15:117db924cf7c 43188 len |= a->data[i++] << 24;
wolfSSL 15:117db924cf7c 43189 FALL_THROUGH;
wolfSSL 15:117db924cf7c 43190 case 3:
wolfSSL 15:117db924cf7c 43191 len |= a->data[i++] << 16;
wolfSSL 15:117db924cf7c 43192 FALL_THROUGH;
wolfSSL 15:117db924cf7c 43193 case 2:
wolfSSL 15:117db924cf7c 43194 len |= a->data[i++] << 8;
wolfSSL 15:117db924cf7c 43195 FALL_THROUGH;
wolfSSL 15:117db924cf7c 43196 case 1:
wolfSSL 15:117db924cf7c 43197 len |= a->data[i++];
wolfSSL 15:117db924cf7c 43198 break;
wolfSSL 15:117db924cf7c 43199 default:
wolfSSL 15:117db924cf7c 43200 /* Not supporting greater than 4 bytes of length. */
wolfSSL 15:117db924cf7c 43201 return 0;
wolfSSL 15:117db924cf7c 43202 }
wolfSSL 15:117db924cf7c 43203 }
wolfSSL 15:117db924cf7c 43204
wolfSSL 15:117db924cf7c 43205 /* Zero length integer is the value zero. */
wolfSSL 15:117db924cf7c 43206 if (len == 0) {
wolfSSL 15:117db924cf7c 43207 wolfSSL_BIO_write(bp, "00", 2);
wolfSSL 15:117db924cf7c 43208 return 2;
wolfSSL 15:117db924cf7c 43209 }
wolfSSL 15:117db924cf7c 43210
wolfSSL 15:117db924cf7c 43211 /* Don't do negative - just write out every byte. */
wolfSSL 15:117db924cf7c 43212 for (j = 0; j < len; i++,j++) {
wolfSSL 15:117db924cf7c 43213 wolfSSL_BIO_write(bp, &num[a->data[i] >> 4], 1);
wolfSSL 15:117db924cf7c 43214 wolfSSL_BIO_write(bp, &num[a->data[i] & 0xf], 1);
wolfSSL 15:117db924cf7c 43215 }
wolfSSL 15:117db924cf7c 43216
wolfSSL 15:117db924cf7c 43217 /* Two nibbles written for each byte. */
wolfSSL 15:117db924cf7c 43218 return len * 2;
wolfSSL 15:117db924cf7c 43219 }
wolfSSL 15:117db924cf7c 43220
wolfSSL 15:117db924cf7c 43221
wolfSSL 15:117db924cf7c 43222 #if defined(HAVE_SESSION_TICKET) && !defined(NO_WOLFSSL_SERVER)
wolfSSL 15:117db924cf7c 43223 /* Expected return values from implementations of OpenSSL ticket key callback.
wolfSSL 15:117db924cf7c 43224 */
wolfSSL 15:117db924cf7c 43225 #define TICKET_KEY_CB_RET_FAILURE -1
wolfSSL 15:117db924cf7c 43226 #define TICKET_KEY_CB_RET_NOT_FOUND 0
wolfSSL 15:117db924cf7c 43227 #define TICKET_KEY_CB_RET_OK 1
wolfSSL 15:117db924cf7c 43228 #define TICKET_KEY_CB_RET_RENEW 2
wolfSSL 15:117db924cf7c 43229
wolfSSL 15:117db924cf7c 43230 /* The ticket key callback as used in OpenSSL is stored here. */
wolfSSL 15:117db924cf7c 43231 static int (*ticketKeyCb)(WOLFSSL *ssl, unsigned char *name, unsigned char *iv,
wolfSSL 15:117db924cf7c 43232 WOLFSSL_EVP_CIPHER_CTX *ectx, WOLFSSL_HMAC_CTX *hctx, int enc) = NULL;
wolfSSL 15:117db924cf7c 43233
wolfSSL 15:117db924cf7c 43234 /* Implementation of session ticket encryption/decryption using OpenSSL
wolfSSL 15:117db924cf7c 43235 * callback to initialize the cipher and HMAC.
wolfSSL 15:117db924cf7c 43236 *
wolfSSL 15:117db924cf7c 43237 * ssl The SSL/TLS object.
wolfSSL 15:117db924cf7c 43238 * keyName The key name - used to identify the key to be used.
wolfSSL 15:117db924cf7c 43239 * iv The IV to use.
wolfSSL 15:117db924cf7c 43240 * mac The MAC of the encrypted data.
wolfSSL 15:117db924cf7c 43241 * enc Encrypt ticket.
wolfSSL 15:117db924cf7c 43242 * encTicket The ticket data.
wolfSSL 15:117db924cf7c 43243 * encTicketLen The length of the ticket data.
wolfSSL 15:117db924cf7c 43244 * encLen The encrypted/decrypted ticket length - output length.
wolfSSL 15:117db924cf7c 43245 * ctx Ignored. Application specific data.
wolfSSL 15:117db924cf7c 43246 * returns WOLFSSL_TICKET_RET_OK to indicate success,
wolfSSL 15:117db924cf7c 43247 * WOLFSSL_TICKET_RET_CREATE if a new ticket is required and
wolfSSL 15:117db924cf7c 43248 * WOLFSSL_TICKET_RET_FATAL on error.
wolfSSL 15:117db924cf7c 43249 */
wolfSSL 15:117db924cf7c 43250 static int wolfSSL_TicketKeyCb(WOLFSSL* ssl,
wolfSSL 15:117db924cf7c 43251 unsigned char keyName[WOLFSSL_TICKET_NAME_SZ],
wolfSSL 15:117db924cf7c 43252 unsigned char iv[WOLFSSL_TICKET_IV_SZ],
wolfSSL 15:117db924cf7c 43253 unsigned char mac[WOLFSSL_TICKET_MAC_SZ],
wolfSSL 15:117db924cf7c 43254 int enc, unsigned char* encTicket,
wolfSSL 15:117db924cf7c 43255 int encTicketLen, int* encLen, void* ctx)
wolfSSL 15:117db924cf7c 43256 {
wolfSSL 15:117db924cf7c 43257 byte digest[WC_MAX_DIGEST_SIZE];
wolfSSL 15:117db924cf7c 43258 WOLFSSL_EVP_CIPHER_CTX evpCtx;
wolfSSL 15:117db924cf7c 43259 WOLFSSL_HMAC_CTX hmacCtx;
wolfSSL 15:117db924cf7c 43260 unsigned int mdSz = 0;
wolfSSL 15:117db924cf7c 43261 int len = 0;
wolfSSL 15:117db924cf7c 43262 int ret = WOLFSSL_TICKET_RET_FATAL;
wolfSSL 15:117db924cf7c 43263 int res;
wolfSSL 15:117db924cf7c 43264
wolfSSL 15:117db924cf7c 43265 (void)ctx;
wolfSSL 15:117db924cf7c 43266
wolfSSL 15:117db924cf7c 43267 if (ticketKeyCb == NULL)
wolfSSL 15:117db924cf7c 43268 return WOLFSSL_TICKET_RET_FATAL;
wolfSSL 15:117db924cf7c 43269
wolfSSL 15:117db924cf7c 43270 wolfSSL_EVP_CIPHER_CTX_init(&evpCtx);
wolfSSL 15:117db924cf7c 43271 /* Initialize the cipher and HMAC. */
wolfSSL 15:117db924cf7c 43272 res = ticketKeyCb(ssl, keyName, iv, &evpCtx, &hmacCtx, enc);
wolfSSL 15:117db924cf7c 43273 if (res != TICKET_KEY_CB_RET_OK && res != TICKET_KEY_CB_RET_RENEW)
wolfSSL 15:117db924cf7c 43274 return WOLFSSL_TICKET_RET_FATAL;
wolfSSL 15:117db924cf7c 43275
wolfSSL 15:117db924cf7c 43276 if (enc)
wolfSSL 15:117db924cf7c 43277 {
wolfSSL 15:117db924cf7c 43278 /* Encrypt in place. */
wolfSSL 15:117db924cf7c 43279 if (!wolfSSL_EVP_CipherUpdate(&evpCtx, encTicket, &len,
wolfSSL 15:117db924cf7c 43280 encTicket, encTicketLen))
wolfSSL 15:117db924cf7c 43281 goto end;
wolfSSL 15:117db924cf7c 43282 encTicketLen = len;
wolfSSL 15:117db924cf7c 43283 if (!wolfSSL_EVP_EncryptFinal(&evpCtx, &encTicket[encTicketLen], &len))
wolfSSL 15:117db924cf7c 43284 goto end;
wolfSSL 15:117db924cf7c 43285 /* Total length of encrypted data. */
wolfSSL 15:117db924cf7c 43286 encTicketLen += len;
wolfSSL 15:117db924cf7c 43287 *encLen = encTicketLen;
wolfSSL 15:117db924cf7c 43288
wolfSSL 15:117db924cf7c 43289 /* HMAC the encrypted data into the parameter 'mac'. */
wolfSSL 15:117db924cf7c 43290 if (!wolfSSL_HMAC_Update(&hmacCtx, encTicket, encTicketLen))
wolfSSL 15:117db924cf7c 43291 goto end;
wolfSSL 15:117db924cf7c 43292 #ifdef WOLFSSL_SHA512
wolfSSL 15:117db924cf7c 43293 /* Check for SHA512, which would overrun the mac buffer */
wolfSSL 15:117db924cf7c 43294 if (hmacCtx.hmac.macType == WC_SHA512)
wolfSSL 15:117db924cf7c 43295 goto end;
wolfSSL 15:117db924cf7c 43296 #endif
wolfSSL 15:117db924cf7c 43297 if (!wolfSSL_HMAC_Final(&hmacCtx, mac, &mdSz))
wolfSSL 15:117db924cf7c 43298 goto end;
wolfSSL 15:117db924cf7c 43299 }
wolfSSL 15:117db924cf7c 43300 else
wolfSSL 15:117db924cf7c 43301 {
wolfSSL 15:117db924cf7c 43302 /* HMAC the encrypted data and compare it to the passed in data. */
wolfSSL 15:117db924cf7c 43303 if (!wolfSSL_HMAC_Update(&hmacCtx, encTicket, encTicketLen))
wolfSSL 15:117db924cf7c 43304 goto end;
wolfSSL 15:117db924cf7c 43305 if (!wolfSSL_HMAC_Final(&hmacCtx, digest, &mdSz))
wolfSSL 15:117db924cf7c 43306 goto end;
wolfSSL 15:117db924cf7c 43307 if (XMEMCMP(mac, digest, mdSz) != 0)
wolfSSL 15:117db924cf7c 43308 goto end;
wolfSSL 15:117db924cf7c 43309
wolfSSL 15:117db924cf7c 43310 /* Decrypt the ticket data in place. */
wolfSSL 15:117db924cf7c 43311 if (!wolfSSL_EVP_CipherUpdate(&evpCtx, encTicket, &len,
wolfSSL 15:117db924cf7c 43312 encTicket, encTicketLen))
wolfSSL 15:117db924cf7c 43313 goto end;
wolfSSL 15:117db924cf7c 43314 encTicketLen = len;
wolfSSL 15:117db924cf7c 43315 if (!wolfSSL_EVP_DecryptFinal(&evpCtx, &encTicket[encTicketLen], &len))
wolfSSL 15:117db924cf7c 43316 goto end;
wolfSSL 15:117db924cf7c 43317 /* Total length of decrypted data. */
wolfSSL 15:117db924cf7c 43318 *encLen = encTicketLen + len;
wolfSSL 15:117db924cf7c 43319 }
wolfSSL 15:117db924cf7c 43320
wolfSSL 15:117db924cf7c 43321 ret = (res == TICKET_KEY_CB_RET_RENEW) ? WOLFSSL_TICKET_RET_CREATE :
wolfSSL 15:117db924cf7c 43322 WOLFSSL_TICKET_RET_OK;
wolfSSL 15:117db924cf7c 43323 end:
wolfSSL 15:117db924cf7c 43324 return ret;
wolfSSL 15:117db924cf7c 43325 }
wolfSSL 15:117db924cf7c 43326
wolfSSL 15:117db924cf7c 43327 /* Set the callback to use when encrypting/decrypting tickets.
wolfSSL 15:117db924cf7c 43328 *
wolfSSL 15:117db924cf7c 43329 * ctx The SSL/TLS context object.
wolfSSL 15:117db924cf7c 43330 * cb The OpenSSL session ticket callback.
wolfSSL 15:117db924cf7c 43331 * returns WOLFSSL_SUCCESS to indicate success.
wolfSSL 15:117db924cf7c 43332 */
wolfSSL 15:117db924cf7c 43333 int wolfSSL_CTX_set_tlsext_ticket_key_cb(WOLFSSL_CTX *ctx, int (*cb)(
wolfSSL 15:117db924cf7c 43334 WOLFSSL *ssl, unsigned char *name, unsigned char *iv,
wolfSSL 15:117db924cf7c 43335 WOLFSSL_EVP_CIPHER_CTX *ectx, WOLFSSL_HMAC_CTX *hctx, int enc))
wolfSSL 15:117db924cf7c 43336 {
wolfSSL 15:117db924cf7c 43337 /* Store callback in a global. */
wolfSSL 15:117db924cf7c 43338 ticketKeyCb = cb;
wolfSSL 15:117db924cf7c 43339 /* Set the ticket encryption callback to be a wrapper around OpenSSL
wolfSSL 15:117db924cf7c 43340 * callback.
wolfSSL 15:117db924cf7c 43341 */
wolfSSL 15:117db924cf7c 43342 ctx->ticketEncCb = wolfSSL_TicketKeyCb;
wolfSSL 15:117db924cf7c 43343
wolfSSL 15:117db924cf7c 43344 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 43345 }
wolfSSL 15:117db924cf7c 43346 #endif /* HAVE_SESSION_TICKET */
wolfSSL 15:117db924cf7c 43347
wolfSSL 15:117db924cf7c 43348 #endif /* OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY ||
wolfSSL 15:117db924cf7c 43349 OPENSSL_EXTRA || HAVE_LIGHTY */
wolfSSL 15:117db924cf7c 43350
wolfSSL 15:117db924cf7c 43351 #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
wolfSSL 15:117db924cf7c 43352 #ifdef HAVE_OCSP
wolfSSL 15:117db924cf7c 43353 /* Not an OpenSSL API. */
wolfSSL 15:117db924cf7c 43354 int wolfSSL_get_ocsp_response(WOLFSSL* ssl, byte** response)
wolfSSL 15:117db924cf7c 43355 {
wolfSSL 15:117db924cf7c 43356 *response = ssl->ocspResp;
wolfSSL 15:117db924cf7c 43357 return ssl->ocspRespSz;
wolfSSL 15:117db924cf7c 43358 }
wolfSSL 15:117db924cf7c 43359
wolfSSL 15:117db924cf7c 43360 /* Not an OpenSSL API. */
wolfSSL 15:117db924cf7c 43361 char* wolfSSL_get_ocsp_url(WOLFSSL* ssl)
wolfSSL 15:117db924cf7c 43362 {
wolfSSL 15:117db924cf7c 43363 return ssl->url;
wolfSSL 15:117db924cf7c 43364 }
wolfSSL 15:117db924cf7c 43365
wolfSSL 15:117db924cf7c 43366 /* Not an OpenSSL API. */
wolfSSL 15:117db924cf7c 43367 int wolfSSL_set_ocsp_url(WOLFSSL* ssl, char* url)
wolfSSL 15:117db924cf7c 43368 {
wolfSSL 15:117db924cf7c 43369 if (ssl == NULL)
wolfSSL 15:117db924cf7c 43370 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 43371
wolfSSL 15:117db924cf7c 43372 ssl->url = url;
wolfSSL 15:117db924cf7c 43373 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 43374 }
wolfSSL 15:117db924cf7c 43375 #endif /* OCSP */
wolfSSL 15:117db924cf7c 43376 #endif /* OPENSSL_ALL / WOLFSSL_NGINX / WOLFSSL_HAPROXY */
wolfSSL 15:117db924cf7c 43377
wolfSSL 15:117db924cf7c 43378 #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \
wolfSSL 15:117db924cf7c 43379 defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
wolfSSL 15:117db924cf7c 43380 int wolfSSL_CTX_get_extra_chain_certs(WOLFSSL_CTX* ctx, WOLF_STACK_OF(X509)** chain)
wolfSSL 15:117db924cf7c 43381 {
wolfSSL 15:117db924cf7c 43382 word32 idx;
wolfSSL 15:117db924cf7c 43383 word32 length;
wolfSSL 15:117db924cf7c 43384 WOLFSSL_STACK* node;
wolfSSL 15:117db924cf7c 43385 WOLFSSL_STACK* last = NULL;
wolfSSL 15:117db924cf7c 43386
wolfSSL 15:117db924cf7c 43387 if (ctx == NULL || chain == NULL) {
wolfSSL 15:117db924cf7c 43388 chain = NULL;
wolfSSL 15:117db924cf7c 43389 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 43390 }
wolfSSL 15:117db924cf7c 43391 if (ctx->x509Chain != NULL) {
wolfSSL 15:117db924cf7c 43392 *chain = ctx->x509Chain;
wolfSSL 15:117db924cf7c 43393 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 43394 }
wolfSSL 15:117db924cf7c 43395
wolfSSL 15:117db924cf7c 43396 /* If there are no chains then success! */
wolfSSL 15:117db924cf7c 43397 *chain = NULL;
wolfSSL 15:117db924cf7c 43398 if (ctx->certChain == NULL || ctx->certChain->length == 0) {
wolfSSL 15:117db924cf7c 43399 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 43400 }
wolfSSL 15:117db924cf7c 43401
wolfSSL 15:117db924cf7c 43402 /* Create a new stack of WOLFSSL_X509 object from chain buffer. */
wolfSSL 15:117db924cf7c 43403 for (idx = 0; idx < ctx->certChain->length; ) {
wolfSSL 15:117db924cf7c 43404 node = (WOLFSSL_STACK*)XMALLOC(sizeof(WOLFSSL_STACK), NULL,
wolfSSL 15:117db924cf7c 43405 DYNAMIC_TYPE_OPENSSL);
wolfSSL 15:117db924cf7c 43406 if (node == NULL)
wolfSSL 15:117db924cf7c 43407 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 43408 node->next = NULL;
wolfSSL 15:117db924cf7c 43409
wolfSSL 15:117db924cf7c 43410 /* 3 byte length | X509 DER data */
wolfSSL 15:117db924cf7c 43411 ato24(ctx->certChain->buffer + idx, &length);
wolfSSL 15:117db924cf7c 43412 idx += 3;
wolfSSL 15:117db924cf7c 43413
wolfSSL 15:117db924cf7c 43414 /* Create a new X509 from DER encoded data. */
wolfSSL 15:117db924cf7c 43415 node->data.x509 = wolfSSL_X509_d2i(NULL, ctx->certChain->buffer + idx,
wolfSSL 15:117db924cf7c 43416 length);
wolfSSL 15:117db924cf7c 43417 if (node->data.x509 == NULL) {
wolfSSL 15:117db924cf7c 43418 XFREE(node, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL 15:117db924cf7c 43419 /* Return as much of the chain as we created. */
wolfSSL 15:117db924cf7c 43420 ctx->x509Chain = *chain;
wolfSSL 15:117db924cf7c 43421 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 43422 }
wolfSSL 15:117db924cf7c 43423 idx += length;
wolfSSL 15:117db924cf7c 43424
wolfSSL 15:117db924cf7c 43425 /* Add object to the end of the stack. */
wolfSSL 15:117db924cf7c 43426 if (last == NULL) {
wolfSSL 15:117db924cf7c 43427 node->num = 1;
wolfSSL 15:117db924cf7c 43428 *chain = node;
wolfSSL 15:117db924cf7c 43429 }
wolfSSL 15:117db924cf7c 43430 else {
wolfSSL 15:117db924cf7c 43431 (*chain)->num++;
wolfSSL 15:117db924cf7c 43432 last->next = node;
wolfSSL 15:117db924cf7c 43433 }
wolfSSL 15:117db924cf7c 43434
wolfSSL 15:117db924cf7c 43435 last = node;
wolfSSL 15:117db924cf7c 43436 }
wolfSSL 15:117db924cf7c 43437
wolfSSL 15:117db924cf7c 43438 ctx->x509Chain = *chain;
wolfSSL 15:117db924cf7c 43439
wolfSSL 15:117db924cf7c 43440 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 43441 }
wolfSSL 15:117db924cf7c 43442
wolfSSL 15:117db924cf7c 43443 int wolfSSL_CTX_set_tlsext_status_cb(WOLFSSL_CTX* ctx,
wolfSSL 15:117db924cf7c 43444 int(*cb)(WOLFSSL*, void*))
wolfSSL 15:117db924cf7c 43445 {
wolfSSL 15:117db924cf7c 43446 if (ctx == NULL || ctx->cm == NULL)
wolfSSL 15:117db924cf7c 43447 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 43448
wolfSSL 16:8e0d178b1d1e 43449 #if !defined(NO_WOLFSSL_SERVER) && (defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
wolfSSL 16:8e0d178b1d1e 43450 || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2))
wolfSSL 15:117db924cf7c 43451 /* Ensure stapling is on for callback to be used. */
wolfSSL 15:117db924cf7c 43452 wolfSSL_CTX_EnableOCSPStapling(ctx);
wolfSSL 15:117db924cf7c 43453
wolfSSL 15:117db924cf7c 43454 if (ctx->cm->ocsp_stapling == NULL)
wolfSSL 15:117db924cf7c 43455 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 43456
wolfSSL 15:117db924cf7c 43457 ctx->cm->ocsp_stapling->statusCb = cb;
wolfSSL 15:117db924cf7c 43458 #else
wolfSSL 15:117db924cf7c 43459 (void)cb;
wolfSSL 15:117db924cf7c 43460 #endif
wolfSSL 15:117db924cf7c 43461
wolfSSL 15:117db924cf7c 43462 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 43463 }
wolfSSL 15:117db924cf7c 43464
wolfSSL 15:117db924cf7c 43465 int wolfSSL_X509_STORE_CTX_get1_issuer(WOLFSSL_X509 **issuer,
wolfSSL 15:117db924cf7c 43466 WOLFSSL_X509_STORE_CTX *ctx, WOLFSSL_X509 *x)
wolfSSL 15:117db924cf7c 43467 {
wolfSSL 15:117db924cf7c 43468 WOLFSSL_STACK* node;
wolfSSL 15:117db924cf7c 43469 Signer* ca = NULL;
wolfSSL 15:117db924cf7c 43470 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 43471 DecodedCert* cert = NULL;
wolfSSL 15:117db924cf7c 43472 #else
wolfSSL 15:117db924cf7c 43473 DecodedCert cert[1];
wolfSSL 15:117db924cf7c 43474 #endif
wolfSSL 15:117db924cf7c 43475
wolfSSL 15:117db924cf7c 43476 if (issuer == NULL || ctx == NULL || x == NULL)
wolfSSL 15:117db924cf7c 43477 return WOLFSSL_FATAL_ERROR;
wolfSSL 15:117db924cf7c 43478
wolfSSL 15:117db924cf7c 43479 if (ctx->chain != NULL) {
wolfSSL 15:117db924cf7c 43480 for (node = ctx->chain; node != NULL; node = node->next) {
wolfSSL 15:117db924cf7c 43481 if (wolfSSL_X509_check_issued(node->data.x509, x) == X509_V_OK) {
wolfSSL 15:117db924cf7c 43482 *issuer = x;
wolfSSL 15:117db924cf7c 43483 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 43484 }
wolfSSL 15:117db924cf7c 43485 }
wolfSSL 15:117db924cf7c 43486 }
wolfSSL 15:117db924cf7c 43487
wolfSSL 15:117db924cf7c 43488
wolfSSL 15:117db924cf7c 43489 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 43490 cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, DYNAMIC_TYPE_DCERT);
wolfSSL 15:117db924cf7c 43491 if (cert == NULL)
wolfSSL 15:117db924cf7c 43492 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 43493 #endif
wolfSSL 15:117db924cf7c 43494
wolfSSL 15:117db924cf7c 43495 /* Use existing CA retrieval APIs that use DecodedCert. */
wolfSSL 15:117db924cf7c 43496 InitDecodedCert(cert, x->derCert->buffer, x->derCert->length, NULL);
wolfSSL 15:117db924cf7c 43497 if (ParseCertRelative(cert, CERT_TYPE, 0, NULL) == 0) {
wolfSSL 15:117db924cf7c 43498 #ifndef NO_SKID
wolfSSL 15:117db924cf7c 43499 if (cert->extAuthKeyIdSet)
wolfSSL 15:117db924cf7c 43500 ca = GetCA(ctx->store->cm, cert->extAuthKeyId);
wolfSSL 15:117db924cf7c 43501 if (ca == NULL)
wolfSSL 15:117db924cf7c 43502 ca = GetCAByName(ctx->store->cm, cert->issuerHash);
wolfSSL 15:117db924cf7c 43503 #else /* NO_SKID */
wolfSSL 15:117db924cf7c 43504 ca = GetCA(ctx->store->cm, cert->issuerHash);
wolfSSL 15:117db924cf7c 43505 #endif /* NO SKID */
wolfSSL 15:117db924cf7c 43506 }
wolfSSL 15:117db924cf7c 43507 FreeDecodedCert(cert);
wolfSSL 15:117db924cf7c 43508 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 15:117db924cf7c 43509 XFREE(cert, NULL, DYNAMIC_TYPE_DCERT);
wolfSSL 15:117db924cf7c 43510 #endif
wolfSSL 15:117db924cf7c 43511
wolfSSL 15:117db924cf7c 43512 if (ca == NULL)
wolfSSL 15:117db924cf7c 43513 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 43514
wolfSSL 16:8e0d178b1d1e 43515 #ifdef WOLFSSL_SIGNER_DER_CERT
wolfSSL 16:8e0d178b1d1e 43516 /* populate issuer with Signer DER */
wolfSSL 16:8e0d178b1d1e 43517 *issuer = wolfSSL_X509_d2i(issuer, ca->derCert->buffer,
wolfSSL 16:8e0d178b1d1e 43518 ca->derCert->length);
wolfSSL 16:8e0d178b1d1e 43519 if (*issuer == NULL)
wolfSSL 16:8e0d178b1d1e 43520 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 43521 #else
wolfSSL 16:8e0d178b1d1e 43522 /* Create an empty certificate as CA doesn't have a certificate. */
wolfSSL 15:117db924cf7c 43523 *issuer = (WOLFSSL_X509 *)XMALLOC(sizeof(WOLFSSL_X509), 0,
wolfSSL 15:117db924cf7c 43524 DYNAMIC_TYPE_OPENSSL);
wolfSSL 15:117db924cf7c 43525 if (*issuer == NULL)
wolfSSL 15:117db924cf7c 43526 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 43527
wolfSSL 16:8e0d178b1d1e 43528 InitX509((*issuer), 1, NULL);
wolfSSL 15:117db924cf7c 43529 #endif
wolfSSL 15:117db924cf7c 43530
wolfSSL 15:117db924cf7c 43531 /* Result is ignored when passed to wolfSSL_OCSP_cert_to_id(). */
wolfSSL 15:117db924cf7c 43532
wolfSSL 15:117db924cf7c 43533 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 43534 }
wolfSSL 15:117db924cf7c 43535
wolfSSL 15:117db924cf7c 43536 void wolfSSL_X509_email_free(WOLF_STACK_OF(WOLFSSL_STRING) *sk)
wolfSSL 15:117db924cf7c 43537 {
wolfSSL 15:117db924cf7c 43538 WOLFSSL_STACK *curr;
wolfSSL 15:117db924cf7c 43539
wolfSSL 15:117db924cf7c 43540 while (sk != NULL) {
wolfSSL 15:117db924cf7c 43541 curr = sk;
wolfSSL 15:117db924cf7c 43542 sk = sk->next;
wolfSSL 15:117db924cf7c 43543
wolfSSL 15:117db924cf7c 43544 XFREE(curr, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL 15:117db924cf7c 43545 }
wolfSSL 15:117db924cf7c 43546 }
wolfSSL 15:117db924cf7c 43547
wolfSSL 15:117db924cf7c 43548 WOLF_STACK_OF(WOLFSSL_STRING) *wolfSSL_X509_get1_ocsp(WOLFSSL_X509 *x)
wolfSSL 15:117db924cf7c 43549 {
wolfSSL 15:117db924cf7c 43550 WOLFSSL_STACK* list = NULL;
wolfSSL 15:117db924cf7c 43551 char* url;
wolfSSL 15:117db924cf7c 43552
wolfSSL 15:117db924cf7c 43553 if (x->authInfoSz == 0)
wolfSSL 15:117db924cf7c 43554 return NULL;
wolfSSL 15:117db924cf7c 43555
wolfSSL 15:117db924cf7c 43556 list = (WOLFSSL_STACK*)XMALLOC(sizeof(WOLFSSL_STACK) + x->authInfoSz + 1,
wolfSSL 15:117db924cf7c 43557 NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL 15:117db924cf7c 43558 if (list == NULL)
wolfSSL 15:117db924cf7c 43559 return NULL;
wolfSSL 15:117db924cf7c 43560
wolfSSL 15:117db924cf7c 43561 url = (char*)list;
wolfSSL 15:117db924cf7c 43562 url += sizeof(WOLFSSL_STACK);
wolfSSL 15:117db924cf7c 43563 XMEMCPY(url, x->authInfo, x->authInfoSz);
wolfSSL 15:117db924cf7c 43564 url[x->authInfoSz] = '\0';
wolfSSL 15:117db924cf7c 43565
wolfSSL 15:117db924cf7c 43566 list->data.string = url;
wolfSSL 15:117db924cf7c 43567 list->next = NULL;
wolfSSL 15:117db924cf7c 43568
wolfSSL 15:117db924cf7c 43569 return list;
wolfSSL 15:117db924cf7c 43570 }
wolfSSL 15:117db924cf7c 43571
wolfSSL 15:117db924cf7c 43572 int wolfSSL_X509_check_issued(WOLFSSL_X509 *issuer, WOLFSSL_X509 *subject)
wolfSSL 15:117db924cf7c 43573 {
wolfSSL 15:117db924cf7c 43574 WOLFSSL_X509_NAME *issuerName = wolfSSL_X509_get_issuer_name(subject);
wolfSSL 15:117db924cf7c 43575 WOLFSSL_X509_NAME *subjectName = wolfSSL_X509_get_subject_name(issuer);
wolfSSL 15:117db924cf7c 43576
wolfSSL 15:117db924cf7c 43577 if (issuerName == NULL || subjectName == NULL)
wolfSSL 15:117db924cf7c 43578 return X509_V_ERR_SUBJECT_ISSUER_MISMATCH;
wolfSSL 15:117db924cf7c 43579
wolfSSL 15:117db924cf7c 43580 /* Literal matching of encoded names and key ids. */
wolfSSL 15:117db924cf7c 43581 if (issuerName->sz != subjectName->sz ||
wolfSSL 15:117db924cf7c 43582 XMEMCMP(issuerName->name, subjectName->name, subjectName->sz) != 0) {
wolfSSL 15:117db924cf7c 43583 return X509_V_ERR_SUBJECT_ISSUER_MISMATCH;
wolfSSL 15:117db924cf7c 43584 }
wolfSSL 15:117db924cf7c 43585
wolfSSL 15:117db924cf7c 43586 if (subject->authKeyId != NULL && issuer->subjKeyId != NULL) {
wolfSSL 15:117db924cf7c 43587 if (subject->authKeyIdSz != issuer->subjKeyIdSz ||
wolfSSL 15:117db924cf7c 43588 XMEMCMP(subject->authKeyId, issuer->subjKeyId,
wolfSSL 15:117db924cf7c 43589 issuer->subjKeyIdSz) != 0) {
wolfSSL 15:117db924cf7c 43590 return X509_V_ERR_SUBJECT_ISSUER_MISMATCH;
wolfSSL 15:117db924cf7c 43591 }
wolfSSL 15:117db924cf7c 43592 }
wolfSSL 15:117db924cf7c 43593
wolfSSL 15:117db924cf7c 43594 return X509_V_OK;
wolfSSL 15:117db924cf7c 43595 }
wolfSSL 15:117db924cf7c 43596
wolfSSL 15:117db924cf7c 43597 WOLFSSL_X509* wolfSSL_X509_dup(WOLFSSL_X509 *x)
wolfSSL 15:117db924cf7c 43598 {
wolfSSL 15:117db924cf7c 43599 return wolfSSL_X509_d2i(NULL, x->derCert->buffer, x->derCert->length);
wolfSSL 15:117db924cf7c 43600 }
wolfSSL 15:117db924cf7c 43601
wolfSSL 15:117db924cf7c 43602 char* wolfSSL_sk_WOLFSSL_STRING_value(WOLF_STACK_OF(WOLFSSL_STRING)* strings,
wolfSSL 15:117db924cf7c 43603 int idx)
wolfSSL 15:117db924cf7c 43604 {
wolfSSL 15:117db924cf7c 43605 for (; idx > 0 && strings != NULL; idx--)
wolfSSL 15:117db924cf7c 43606 strings = strings->next;
wolfSSL 15:117db924cf7c 43607 if (strings == NULL)
wolfSSL 15:117db924cf7c 43608 return NULL;
wolfSSL 15:117db924cf7c 43609 return strings->data.string;
wolfSSL 15:117db924cf7c 43610 }
wolfSSL 15:117db924cf7c 43611 #endif /* WOLFSSL_NGINX || WOLFSSL_HAPROXY || OPENSSL_EXTRA || OPENSSL_ALL */
wolfSSL 15:117db924cf7c 43612
wolfSSL 15:117db924cf7c 43613 #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
wolfSSL 15:117db924cf7c 43614 #ifdef HAVE_ALPN
wolfSSL 15:117db924cf7c 43615 void wolfSSL_get0_alpn_selected(const WOLFSSL *ssl, const unsigned char **data,
wolfSSL 15:117db924cf7c 43616 unsigned int *len)
wolfSSL 15:117db924cf7c 43617 {
wolfSSL 15:117db924cf7c 43618 word16 nameLen;
wolfSSL 15:117db924cf7c 43619
wolfSSL 15:117db924cf7c 43620 if (ssl != NULL && data != NULL && len != NULL) {
wolfSSL 15:117db924cf7c 43621 TLSX_ALPN_GetRequest(ssl->extensions, (void **)data, &nameLen);
wolfSSL 15:117db924cf7c 43622 *len = nameLen;
wolfSSL 15:117db924cf7c 43623 }
wolfSSL 15:117db924cf7c 43624 }
wolfSSL 15:117db924cf7c 43625
wolfSSL 15:117db924cf7c 43626 int wolfSSL_select_next_proto(unsigned char **out, unsigned char *outLen,
wolfSSL 15:117db924cf7c 43627 const unsigned char *in, unsigned int inLen,
wolfSSL 15:117db924cf7c 43628 const unsigned char *clientNames,
wolfSSL 15:117db924cf7c 43629 unsigned int clientLen)
wolfSSL 15:117db924cf7c 43630 {
wolfSSL 15:117db924cf7c 43631 unsigned int i, j;
wolfSSL 15:117db924cf7c 43632 byte lenIn, lenClient;
wolfSSL 15:117db924cf7c 43633
wolfSSL 15:117db924cf7c 43634 if (out == NULL || outLen == NULL || in == NULL || clientNames == NULL)
wolfSSL 15:117db924cf7c 43635 return OPENSSL_NPN_UNSUPPORTED;
wolfSSL 15:117db924cf7c 43636
wolfSSL 15:117db924cf7c 43637 for (i = 0; i < inLen; i += lenIn) {
wolfSSL 15:117db924cf7c 43638 lenIn = in[i++];
wolfSSL 15:117db924cf7c 43639 for (j = 0; j < clientLen; j += lenClient) {
wolfSSL 15:117db924cf7c 43640 lenClient = clientNames[j++];
wolfSSL 15:117db924cf7c 43641
wolfSSL 15:117db924cf7c 43642 if (lenIn != lenClient)
wolfSSL 15:117db924cf7c 43643 continue;
wolfSSL 15:117db924cf7c 43644
wolfSSL 15:117db924cf7c 43645 if (XMEMCMP(in + i, clientNames + j, lenIn) == 0) {
wolfSSL 15:117db924cf7c 43646 *out = (unsigned char *)(in + i);
wolfSSL 15:117db924cf7c 43647 *outLen = lenIn;
wolfSSL 15:117db924cf7c 43648 return OPENSSL_NPN_NEGOTIATED;
wolfSSL 15:117db924cf7c 43649 }
wolfSSL 15:117db924cf7c 43650 }
wolfSSL 15:117db924cf7c 43651 }
wolfSSL 15:117db924cf7c 43652
wolfSSL 15:117db924cf7c 43653 *out = (unsigned char *)clientNames + 1;
wolfSSL 15:117db924cf7c 43654 *outLen = clientNames[0];
wolfSSL 15:117db924cf7c 43655 return OPENSSL_NPN_NO_OVERLAP;
wolfSSL 15:117db924cf7c 43656 }
wolfSSL 15:117db924cf7c 43657
wolfSSL 15:117db924cf7c 43658 void wolfSSL_CTX_set_alpn_select_cb(WOLFSSL_CTX *ctx,
wolfSSL 15:117db924cf7c 43659 int (*cb) (WOLFSSL *ssl,
wolfSSL 15:117db924cf7c 43660 const unsigned char **out,
wolfSSL 15:117db924cf7c 43661 unsigned char *outlen,
wolfSSL 15:117db924cf7c 43662 const unsigned char *in,
wolfSSL 15:117db924cf7c 43663 unsigned int inlen,
wolfSSL 15:117db924cf7c 43664 void *arg), void *arg)
wolfSSL 15:117db924cf7c 43665 {
wolfSSL 15:117db924cf7c 43666 if (ctx != NULL) {
wolfSSL 15:117db924cf7c 43667 ctx->alpnSelect = cb;
wolfSSL 15:117db924cf7c 43668 ctx->alpnSelectArg = arg;
wolfSSL 15:117db924cf7c 43669 }
wolfSSL 15:117db924cf7c 43670 }
wolfSSL 15:117db924cf7c 43671
wolfSSL 15:117db924cf7c 43672 void wolfSSL_CTX_set_next_protos_advertised_cb(WOLFSSL_CTX *s,
wolfSSL 15:117db924cf7c 43673 int (*cb) (WOLFSSL *ssl,
wolfSSL 15:117db924cf7c 43674 const unsigned char
wolfSSL 15:117db924cf7c 43675 **out,
wolfSSL 15:117db924cf7c 43676 unsigned int *outlen,
wolfSSL 15:117db924cf7c 43677 void *arg), void *arg)
wolfSSL 15:117db924cf7c 43678 {
wolfSSL 15:117db924cf7c 43679 (void)s;
wolfSSL 15:117db924cf7c 43680 (void)cb;
wolfSSL 15:117db924cf7c 43681 (void)arg;
wolfSSL 15:117db924cf7c 43682 WOLFSSL_STUB("wolfSSL_CTX_set_next_protos_advertised_cb");
wolfSSL 15:117db924cf7c 43683 }
wolfSSL 15:117db924cf7c 43684
wolfSSL 15:117db924cf7c 43685 void wolfSSL_CTX_set_next_proto_select_cb(WOLFSSL_CTX *s,
wolfSSL 15:117db924cf7c 43686 int (*cb) (WOLFSSL *ssl,
wolfSSL 15:117db924cf7c 43687 unsigned char **out,
wolfSSL 15:117db924cf7c 43688 unsigned char *outlen,
wolfSSL 15:117db924cf7c 43689 const unsigned char *in,
wolfSSL 15:117db924cf7c 43690 unsigned int inlen,
wolfSSL 15:117db924cf7c 43691 void *arg), void *arg)
wolfSSL 15:117db924cf7c 43692 {
wolfSSL 15:117db924cf7c 43693 (void)s;
wolfSSL 15:117db924cf7c 43694 (void)cb;
wolfSSL 15:117db924cf7c 43695 (void)arg;
wolfSSL 15:117db924cf7c 43696 WOLFSSL_STUB("wolfSSL_CTX_set_next_proto_select_cb");
wolfSSL 15:117db924cf7c 43697 }
wolfSSL 15:117db924cf7c 43698
wolfSSL 15:117db924cf7c 43699 void wolfSSL_get0_next_proto_negotiated(const WOLFSSL *s, const unsigned char **data,
wolfSSL 15:117db924cf7c 43700 unsigned *len)
wolfSSL 15:117db924cf7c 43701 {
wolfSSL 15:117db924cf7c 43702 (void)s;
wolfSSL 15:117db924cf7c 43703 (void)data;
wolfSSL 15:117db924cf7c 43704 (void)len;
wolfSSL 15:117db924cf7c 43705 WOLFSSL_STUB("wolfSSL_get0_next_proto_negotiated");
wolfSSL 15:117db924cf7c 43706 }
wolfSSL 15:117db924cf7c 43707 #endif /* HAVE_ALPN */
wolfSSL 15:117db924cf7c 43708
wolfSSL 15:117db924cf7c 43709 #endif /* WOLFSSL_NGINX / WOLFSSL_HAPROXY */
wolfSSL 15:117db924cf7c 43710
wolfSSL 15:117db924cf7c 43711 #if defined(OPENSSL_EXTRA) && defined(HAVE_ECC)
wolfSSL 16:8e0d178b1d1e 43712 int wolfSSL_CTX_set1_curves_list(WOLFSSL_CTX* ctx, const char* names)
wolfSSL 15:117db924cf7c 43713 {
wolfSSL 15:117db924cf7c 43714 int idx, start = 0, len;
wolfSSL 16:8e0d178b1d1e 43715 word16 curve;
wolfSSL 15:117db924cf7c 43716 char name[MAX_CURVE_NAME_SZ];
wolfSSL 15:117db924cf7c 43717
wolfSSL 15:117db924cf7c 43718 /* Disable all curves so that only the ones the user wants are enabled. */
wolfSSL 16:8e0d178b1d1e 43719 ctx->disabledCurves = 0xFFFFFFFFUL;
wolfSSL 15:117db924cf7c 43720 for (idx = 1; names[idx-1] != '\0'; idx++) {
wolfSSL 15:117db924cf7c 43721 if (names[idx] != ':' && names[idx] != '\0')
wolfSSL 15:117db924cf7c 43722 continue;
wolfSSL 15:117db924cf7c 43723
wolfSSL 15:117db924cf7c 43724 len = idx - 1 - start;
wolfSSL 15:117db924cf7c 43725 if (len > MAX_CURVE_NAME_SZ - 1)
wolfSSL 15:117db924cf7c 43726 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 43727
wolfSSL 15:117db924cf7c 43728 XMEMCPY(name, names + start, len);
wolfSSL 15:117db924cf7c 43729 name[len] = 0;
wolfSSL 15:117db924cf7c 43730
wolfSSL 15:117db924cf7c 43731 if ((XSTRNCMP(name, "prime256v1", len) == 0) ||
wolfSSL 15:117db924cf7c 43732 (XSTRNCMP(name, "secp256r1", len) == 0) ||
wolfSSL 15:117db924cf7c 43733 (XSTRNCMP(name, "P-256", len) == 0)) {
wolfSSL 15:117db924cf7c 43734 curve = WOLFSSL_ECC_SECP256R1;
wolfSSL 15:117db924cf7c 43735 }
wolfSSL 15:117db924cf7c 43736 else if ((XSTRNCMP(name, "secp384r1", len) == 0) ||
wolfSSL 15:117db924cf7c 43737 (XSTRNCMP(name, "P-384", len) == 0)) {
wolfSSL 15:117db924cf7c 43738 curve = WOLFSSL_ECC_SECP384R1;
wolfSSL 15:117db924cf7c 43739 }
wolfSSL 15:117db924cf7c 43740 else if ((XSTRNCMP(name, "secp521r1", len) == 0) ||
wolfSSL 15:117db924cf7c 43741 (XSTRNCMP(name, "P-521", len) == 0)) {
wolfSSL 15:117db924cf7c 43742 curve = WOLFSSL_ECC_SECP521R1;
wolfSSL 15:117db924cf7c 43743 }
wolfSSL 16:8e0d178b1d1e 43744 else if (XSTRNCMP(name, "X25519", len) == 0) {
wolfSSL 15:117db924cf7c 43745 curve = WOLFSSL_ECC_X25519;
wolfSSL 16:8e0d178b1d1e 43746 }
wolfSSL 16:8e0d178b1d1e 43747 else if (XSTRNCMP(name, "X448", len) == 0) {
wolfSSL 16:8e0d178b1d1e 43748 curve = WOLFSSL_ECC_X448;
wolfSSL 16:8e0d178b1d1e 43749 }
wolfSSL 16:8e0d178b1d1e 43750 else {
wolfSSL 16:8e0d178b1d1e 43751 #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
wolfSSL 16:8e0d178b1d1e 43752 int ret;
wolfSSL 16:8e0d178b1d1e 43753 const ecc_set_type *eccSet;
wolfSSL 16:8e0d178b1d1e 43754
wolfSSL 16:8e0d178b1d1e 43755 ret = wc_ecc_get_curve_idx_from_name(name);
wolfSSL 16:8e0d178b1d1e 43756 if (ret < 0) {
wolfSSL 16:8e0d178b1d1e 43757 WOLFSSL_MSG("Could not find name in set");
wolfSSL 16:8e0d178b1d1e 43758 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 43759 }
wolfSSL 16:8e0d178b1d1e 43760
wolfSSL 16:8e0d178b1d1e 43761 eccSet = wc_ecc_get_curve_params(ret);
wolfSSL 16:8e0d178b1d1e 43762 if (eccSet == NULL) {
wolfSSL 16:8e0d178b1d1e 43763 WOLFSSL_MSG("NULL set returned");
wolfSSL 16:8e0d178b1d1e 43764 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 43765 }
wolfSSL 16:8e0d178b1d1e 43766
wolfSSL 16:8e0d178b1d1e 43767 curve = GetCurveByOID(eccSet->oidSum);
wolfSSL 16:8e0d178b1d1e 43768 #else
wolfSSL 16:8e0d178b1d1e 43769 WOLFSSL_MSG("API not present to search farther using name");
wolfSSL 16:8e0d178b1d1e 43770 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 43771 #endif
wolfSSL 16:8e0d178b1d1e 43772 }
wolfSSL 16:8e0d178b1d1e 43773
wolfSSL 16:8e0d178b1d1e 43774 if (curve > (sizeof(word32) * WOLFSSL_BIT_SIZE)) {
wolfSSL 16:8e0d178b1d1e 43775 /* shift left more than size of ctx->disabledCurves causes static
wolfSSL 16:8e0d178b1d1e 43776 * analysis report */
wolfSSL 16:8e0d178b1d1e 43777 WOLFSSL_MSG("curve value is too large for upcoming shift");
wolfSSL 16:8e0d178b1d1e 43778 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 43779 }
wolfSSL 16:8e0d178b1d1e 43780
wolfSSL 16:8e0d178b1d1e 43781 #if defined(HAVE_SUPPORTED_CURVES) && !defined(NO_WOLFSSL_CLIENT)
wolfSSL 16:8e0d178b1d1e 43782 /* set the supported curve so client TLS extension contains only the
wolfSSL 16:8e0d178b1d1e 43783 * desired curves */
wolfSSL 16:8e0d178b1d1e 43784 if (wolfSSL_CTX_UseSupportedCurve(ctx, curve) != WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 43785 WOLFSSL_MSG("Unable to set supported curve");
wolfSSL 16:8e0d178b1d1e 43786 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 43787 }
wolfSSL 16:8e0d178b1d1e 43788 #endif
wolfSSL 15:117db924cf7c 43789
wolfSSL 15:117db924cf7c 43790 /* Switch the bit to off and therefore is enabled. */
wolfSSL 16:8e0d178b1d1e 43791 ctx->disabledCurves &= ~(1U << curve);
wolfSSL 15:117db924cf7c 43792 start = idx + 1;
wolfSSL 15:117db924cf7c 43793 }
wolfSSL 15:117db924cf7c 43794
wolfSSL 15:117db924cf7c 43795 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 43796 }
wolfSSL 16:8e0d178b1d1e 43797
wolfSSL 16:8e0d178b1d1e 43798 int wolfSSL_set1_curves_list(WOLFSSL* ssl, const char* names)
wolfSSL 16:8e0d178b1d1e 43799 {
wolfSSL 16:8e0d178b1d1e 43800 if (ssl == NULL) {
wolfSSL 16:8e0d178b1d1e 43801 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 43802 }
wolfSSL 16:8e0d178b1d1e 43803 return wolfSSL_CTX_set1_curves_list(ssl->ctx, names);
wolfSSL 16:8e0d178b1d1e 43804 }
wolfSSL 16:8e0d178b1d1e 43805 #endif /* OPENSSL_EXTRA && HAVE_ECC */
wolfSSL 15:117db924cf7c 43806
wolfSSL 15:117db924cf7c 43807 #ifdef OPENSSL_EXTRA
wolfSSL 15:117db924cf7c 43808 #ifndef NO_WOLFSSL_STUB
wolfSSL 15:117db924cf7c 43809 int wolfSSL_CTX_set_msg_callback(WOLFSSL_CTX *ctx, SSL_Msg_Cb cb)
wolfSSL 15:117db924cf7c 43810 {
wolfSSL 15:117db924cf7c 43811 WOLFSSL_STUB("SSL_CTX_set_msg_callback");
wolfSSL 15:117db924cf7c 43812 (void)ctx;
wolfSSL 15:117db924cf7c 43813 (void)cb;
wolfSSL 15:117db924cf7c 43814 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 43815 }
wolfSSL 15:117db924cf7c 43816 #endif
wolfSSL 15:117db924cf7c 43817
wolfSSL 15:117db924cf7c 43818
wolfSSL 15:117db924cf7c 43819 /* Sets a callback for when sending and receiving protocol messages.
wolfSSL 15:117db924cf7c 43820 *
wolfSSL 15:117db924cf7c 43821 * ssl WOLFSSL structure to set callback in
wolfSSL 15:117db924cf7c 43822 * cb callback to use
wolfSSL 15:117db924cf7c 43823 *
wolfSSL 15:117db924cf7c 43824 * return SSL_SUCCESS on success and SSL_FAILURE with error case
wolfSSL 15:117db924cf7c 43825 */
wolfSSL 15:117db924cf7c 43826 int wolfSSL_set_msg_callback(WOLFSSL *ssl, SSL_Msg_Cb cb)
wolfSSL 15:117db924cf7c 43827 {
wolfSSL 15:117db924cf7c 43828 WOLFSSL_ENTER("wolfSSL_set_msg_callback");
wolfSSL 15:117db924cf7c 43829
wolfSSL 15:117db924cf7c 43830 if (ssl == NULL) {
wolfSSL 15:117db924cf7c 43831 return SSL_FAILURE;
wolfSSL 15:117db924cf7c 43832 }
wolfSSL 15:117db924cf7c 43833
wolfSSL 15:117db924cf7c 43834 if (cb != NULL) {
wolfSSL 15:117db924cf7c 43835 ssl->toInfoOn = 1;
wolfSSL 15:117db924cf7c 43836 }
wolfSSL 15:117db924cf7c 43837
wolfSSL 15:117db924cf7c 43838 ssl->protoMsgCb = cb;
wolfSSL 15:117db924cf7c 43839 return SSL_SUCCESS;
wolfSSL 15:117db924cf7c 43840 }
wolfSSL 15:117db924cf7c 43841 #ifndef NO_WOLFSSL_STUB
wolfSSL 15:117db924cf7c 43842 int wolfSSL_CTX_set_msg_callback_arg(WOLFSSL_CTX *ctx, void* arg)
wolfSSL 15:117db924cf7c 43843 {
wolfSSL 15:117db924cf7c 43844 WOLFSSL_STUB("SSL_CTX_set_msg_callback_arg");
wolfSSL 15:117db924cf7c 43845 (void)ctx;
wolfSSL 15:117db924cf7c 43846 (void)arg;
wolfSSL 15:117db924cf7c 43847 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 43848 }
wolfSSL 15:117db924cf7c 43849 #endif
wolfSSL 15:117db924cf7c 43850
wolfSSL 15:117db924cf7c 43851 int wolfSSL_set_msg_callback_arg(WOLFSSL *ssl, void* arg)
wolfSSL 15:117db924cf7c 43852 {
wolfSSL 15:117db924cf7c 43853 WOLFSSL_ENTER("wolfSSL_set_msg_callback_arg");
wolfSSL 16:8e0d178b1d1e 43854 if (ssl == NULL)
wolfSSL 16:8e0d178b1d1e 43855 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 43856
wolfSSL 15:117db924cf7c 43857 ssl->protoMsgCtx = arg;
wolfSSL 15:117db924cf7c 43858 return WOLFSSL_SUCCESS;
wolfSSL 15:117db924cf7c 43859 }
wolfSSL 15:117db924cf7c 43860
wolfSSL 15:117db924cf7c 43861 void *wolfSSL_OPENSSL_memdup(const void *data, size_t siz, const char* file, int line)
wolfSSL 15:117db924cf7c 43862 {
wolfSSL 15:117db924cf7c 43863 void *ret;
wolfSSL 15:117db924cf7c 43864 (void)file;
wolfSSL 15:117db924cf7c 43865 (void)line;
wolfSSL 15:117db924cf7c 43866
wolfSSL 15:117db924cf7c 43867 if (data == NULL || siz >= INT_MAX)
wolfSSL 15:117db924cf7c 43868 return NULL;
wolfSSL 15:117db924cf7c 43869
wolfSSL 15:117db924cf7c 43870 ret = OPENSSL_malloc(siz);
wolfSSL 15:117db924cf7c 43871 if (ret == NULL) {
wolfSSL 15:117db924cf7c 43872 return NULL;
wolfSSL 15:117db924cf7c 43873 }
wolfSSL 15:117db924cf7c 43874 return XMEMCPY(ret, data, siz);
wolfSSL 15:117db924cf7c 43875 }
wolfSSL 15:117db924cf7c 43876
wolfSSL 15:117db924cf7c 43877 int wolfSSL_CTX_set_alpn_protos(WOLFSSL_CTX *ctx, const unsigned char *p,
wolfSSL 15:117db924cf7c 43878 unsigned int p_len)
wolfSSL 15:117db924cf7c 43879 {
wolfSSL 15:117db924cf7c 43880 WOLFSSL_ENTER("wolfSSL_CTX_set_alpn_protos");
wolfSSL 15:117db924cf7c 43881 if(ctx == NULL)
wolfSSL 15:117db924cf7c 43882 return BAD_FUNC_ARG;
wolfSSL 15:117db924cf7c 43883 if((void *)ctx->alpn_cli_protos != NULL)
wolfSSL 15:117db924cf7c 43884 wolfSSL_OPENSSL_free((void *)ctx->alpn_cli_protos);
wolfSSL 15:117db924cf7c 43885 ctx->alpn_cli_protos =
wolfSSL 15:117db924cf7c 43886 (const unsigned char *)wolfSSL_OPENSSL_memdup(p, p_len, NULL, 0);
wolfSSL 15:117db924cf7c 43887 if (ctx->alpn_cli_protos == NULL) {
wolfSSL 15:117db924cf7c 43888 return SSL_FAILURE;
wolfSSL 15:117db924cf7c 43889 }
wolfSSL 15:117db924cf7c 43890 ctx->alpn_cli_protos_len = p_len;
wolfSSL 15:117db924cf7c 43891
wolfSSL 15:117db924cf7c 43892 return SSL_SUCCESS;
wolfSSL 15:117db924cf7c 43893 }
wolfSSL 15:117db924cf7c 43894
wolfSSL 16:8e0d178b1d1e 43895
wolfSSL 16:8e0d178b1d1e 43896 #ifdef HAVE_ALPN
wolfSSL 16:8e0d178b1d1e 43897 /* Sets the ALPN extension protos
wolfSSL 16:8e0d178b1d1e 43898 *
wolfSSL 16:8e0d178b1d1e 43899 * example format is
wolfSSL 16:8e0d178b1d1e 43900 * unsigned char p[] = {
wolfSSL 16:8e0d178b1d1e 43901 * 8, 'h', 't', 't', 'p', '/', '1', '.', '1'
wolfSSL 16:8e0d178b1d1e 43902 * };
wolfSSL 16:8e0d178b1d1e 43903 *
wolfSSL 16:8e0d178b1d1e 43904 * returns WOLFSSL_SUCCESS on success */
wolfSSL 16:8e0d178b1d1e 43905 int wolfSSL_set_alpn_protos(WOLFSSL* ssl,
wolfSSL 16:8e0d178b1d1e 43906 const unsigned char* p, unsigned int p_len)
wolfSSL 16:8e0d178b1d1e 43907 {
wolfSSL 16:8e0d178b1d1e 43908 WOLFSSL_BIO* bio;
wolfSSL 16:8e0d178b1d1e 43909 char* pt;
wolfSSL 16:8e0d178b1d1e 43910
wolfSSL 16:8e0d178b1d1e 43911 unsigned int sz;
wolfSSL 16:8e0d178b1d1e 43912 unsigned int idx = 0;
wolfSSL 16:8e0d178b1d1e 43913 int alpn_opt = WOLFSSL_ALPN_CONTINUE_ON_MISMATCH;
wolfSSL 16:8e0d178b1d1e 43914 WOLFSSL_ENTER("wolfSSL_set_alpn_protos");
wolfSSL 16:8e0d178b1d1e 43915
wolfSSL 16:8e0d178b1d1e 43916 if (ssl == NULL || p_len <= 1) {
wolfSSL 16:8e0d178b1d1e 43917 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 43918 }
wolfSSL 16:8e0d178b1d1e 43919
wolfSSL 16:8e0d178b1d1e 43920 bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem());
wolfSSL 16:8e0d178b1d1e 43921 if (bio == NULL) {
wolfSSL 16:8e0d178b1d1e 43922 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 43923 }
wolfSSL 16:8e0d178b1d1e 43924
wolfSSL 16:8e0d178b1d1e 43925 /* convert into comma separated list */
wolfSSL 16:8e0d178b1d1e 43926 while (idx < p_len - 1) {
wolfSSL 16:8e0d178b1d1e 43927 unsigned int i;
wolfSSL 16:8e0d178b1d1e 43928
wolfSSL 16:8e0d178b1d1e 43929 sz = p[idx++];
wolfSSL 16:8e0d178b1d1e 43930 if (idx + sz > p_len) {
wolfSSL 16:8e0d178b1d1e 43931 WOLFSSL_MSG("Bad list format");
wolfSSL 16:8e0d178b1d1e 43932 wolfSSL_BIO_free(bio);
wolfSSL 16:8e0d178b1d1e 43933 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 43934 }
wolfSSL 16:8e0d178b1d1e 43935 if (sz > 0) {
wolfSSL 16:8e0d178b1d1e 43936 for (i = 0; i < sz; i++) {
wolfSSL 16:8e0d178b1d1e 43937 wolfSSL_BIO_write(bio, &p[idx++], 1);
wolfSSL 16:8e0d178b1d1e 43938 }
wolfSSL 16:8e0d178b1d1e 43939 if (idx < p_len - 1)
wolfSSL 16:8e0d178b1d1e 43940 wolfSSL_BIO_write(bio, ",", 1);
wolfSSL 16:8e0d178b1d1e 43941 }
wolfSSL 16:8e0d178b1d1e 43942 }
wolfSSL 16:8e0d178b1d1e 43943 wolfSSL_BIO_write(bio, "\0", 1);
wolfSSL 16:8e0d178b1d1e 43944
wolfSSL 16:8e0d178b1d1e 43945 /* clears out all current ALPN extensions set */
wolfSSL 16:8e0d178b1d1e 43946 TLSX_Remove(&ssl->extensions, TLSX_APPLICATION_LAYER_PROTOCOL, ssl->heap);
wolfSSL 16:8e0d178b1d1e 43947
wolfSSL 16:8e0d178b1d1e 43948 if ((sz = wolfSSL_BIO_get_mem_data(bio, &pt)) > 0) {
wolfSSL 16:8e0d178b1d1e 43949 wolfSSL_UseALPN(ssl, pt, sz, alpn_opt);
wolfSSL 16:8e0d178b1d1e 43950 }
wolfSSL 16:8e0d178b1d1e 43951 wolfSSL_BIO_free(bio);
wolfSSL 16:8e0d178b1d1e 43952 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 43953 }
wolfSSL 16:8e0d178b1d1e 43954 #endif /* HAVE_ALPN */
wolfSSL 15:117db924cf7c 43955 #endif
wolfSSL 15:117db924cf7c 43956
wolfSSL 15:117db924cf7c 43957 #endif /* WOLFCRYPT_ONLY */
wolfSSL 15:117db924cf7c 43958
wolfSSL 15:117db924cf7c 43959 #if defined(OPENSSL_EXTRA)
wolfSSL 16:8e0d178b1d1e 43960
wolfSSL 16:8e0d178b1d1e 43961 #define WOLFSSL_BIO_INCLUDED
wolfSSL 16:8e0d178b1d1e 43962 #include "src/bio.c"
wolfSSL 16:8e0d178b1d1e 43963
wolfSSL 16:8e0d178b1d1e 43964 int oid2nid(word32 oid, int grp)
wolfSSL 16:8e0d178b1d1e 43965 {
wolfSSL 16:8e0d178b1d1e 43966 /* get OID type */
wolfSSL 16:8e0d178b1d1e 43967 switch (grp) {
wolfSSL 16:8e0d178b1d1e 43968 /* oidHashType */
wolfSSL 16:8e0d178b1d1e 43969 case oidHashType:
wolfSSL 16:8e0d178b1d1e 43970 switch (oid) {
wolfSSL 16:8e0d178b1d1e 43971 #ifdef WOLFSSL_MD2
wolfSSL 16:8e0d178b1d1e 43972 case MD2h:
wolfSSL 16:8e0d178b1d1e 43973 return NID_md2;
wolfSSL 16:8e0d178b1d1e 43974 #endif
wolfSSL 16:8e0d178b1d1e 43975 #ifndef NO_MD5
wolfSSL 16:8e0d178b1d1e 43976 case MD5h:
wolfSSL 16:8e0d178b1d1e 43977 return NID_md5;
wolfSSL 16:8e0d178b1d1e 43978 #endif
wolfSSL 16:8e0d178b1d1e 43979 #ifndef NO_SHA
wolfSSL 16:8e0d178b1d1e 43980 case SHAh:
wolfSSL 16:8e0d178b1d1e 43981 return NID_sha1;
wolfSSL 16:8e0d178b1d1e 43982 #endif
wolfSSL 16:8e0d178b1d1e 43983 case SHA224h:
wolfSSL 16:8e0d178b1d1e 43984 return NID_sha224;
wolfSSL 16:8e0d178b1d1e 43985 #ifndef NO_SHA256
wolfSSL 16:8e0d178b1d1e 43986 case SHA256h:
wolfSSL 16:8e0d178b1d1e 43987 return NID_sha256;
wolfSSL 16:8e0d178b1d1e 43988 #endif
wolfSSL 16:8e0d178b1d1e 43989 #ifdef WOLFSSL_SHA384
wolfSSL 16:8e0d178b1d1e 43990 case SHA384h:
wolfSSL 16:8e0d178b1d1e 43991 return NID_sha384;
wolfSSL 16:8e0d178b1d1e 43992 #endif
wolfSSL 16:8e0d178b1d1e 43993 #ifdef WOLFSSL_SHA512
wolfSSL 16:8e0d178b1d1e 43994 case SHA512h:
wolfSSL 16:8e0d178b1d1e 43995 return NID_sha512;
wolfSSL 16:8e0d178b1d1e 43996 #endif
wolfSSL 16:8e0d178b1d1e 43997 }
wolfSSL 16:8e0d178b1d1e 43998 break;
wolfSSL 16:8e0d178b1d1e 43999
wolfSSL 16:8e0d178b1d1e 44000 /* oidSigType */
wolfSSL 16:8e0d178b1d1e 44001 case oidSigType:
wolfSSL 16:8e0d178b1d1e 44002 switch (oid) {
wolfSSL 16:8e0d178b1d1e 44003 #ifndef NO_DSA
wolfSSL 16:8e0d178b1d1e 44004 case CTC_SHAwDSA:
wolfSSL 16:8e0d178b1d1e 44005 return CTC_SHAwDSA;
wolfSSL 16:8e0d178b1d1e 44006 #endif /* NO_DSA */
wolfSSL 16:8e0d178b1d1e 44007 #ifndef NO_RSA
wolfSSL 16:8e0d178b1d1e 44008 case CTC_MD2wRSA:
wolfSSL 16:8e0d178b1d1e 44009 return CTC_MD2wRSA;
wolfSSL 16:8e0d178b1d1e 44010 case CTC_MD5wRSA:
wolfSSL 16:8e0d178b1d1e 44011 return CTC_MD5wRSA;
wolfSSL 16:8e0d178b1d1e 44012 case CTC_SHAwRSA:
wolfSSL 16:8e0d178b1d1e 44013 return CTC_SHAwRSA;
wolfSSL 16:8e0d178b1d1e 44014 case CTC_SHA224wRSA:
wolfSSL 16:8e0d178b1d1e 44015 return CTC_SHA224wRSA;
wolfSSL 16:8e0d178b1d1e 44016 case CTC_SHA256wRSA:
wolfSSL 16:8e0d178b1d1e 44017 return CTC_SHA256wRSA;
wolfSSL 16:8e0d178b1d1e 44018 case CTC_SHA384wRSA:
wolfSSL 16:8e0d178b1d1e 44019 return CTC_SHA384wRSA;
wolfSSL 16:8e0d178b1d1e 44020 case CTC_SHA512wRSA:
wolfSSL 16:8e0d178b1d1e 44021 return CTC_SHA512wRSA;
wolfSSL 16:8e0d178b1d1e 44022 #endif /* NO_RSA */
wolfSSL 16:8e0d178b1d1e 44023 #ifdef HAVE_ECC
wolfSSL 16:8e0d178b1d1e 44024 case CTC_SHAwECDSA:
wolfSSL 16:8e0d178b1d1e 44025 return CTC_SHAwECDSA;
wolfSSL 16:8e0d178b1d1e 44026 case CTC_SHA224wECDSA:
wolfSSL 16:8e0d178b1d1e 44027 return CTC_SHA224wECDSA;
wolfSSL 16:8e0d178b1d1e 44028 case CTC_SHA256wECDSA:
wolfSSL 16:8e0d178b1d1e 44029 return CTC_SHA256wECDSA;
wolfSSL 16:8e0d178b1d1e 44030 case CTC_SHA384wECDSA:
wolfSSL 16:8e0d178b1d1e 44031 return CTC_SHA384wECDSA;
wolfSSL 16:8e0d178b1d1e 44032 case CTC_SHA512wECDSA:
wolfSSL 16:8e0d178b1d1e 44033 return CTC_SHA512wECDSA;
wolfSSL 16:8e0d178b1d1e 44034 #endif /* HAVE_ECC */
wolfSSL 16:8e0d178b1d1e 44035 }
wolfSSL 16:8e0d178b1d1e 44036 break;
wolfSSL 16:8e0d178b1d1e 44037
wolfSSL 16:8e0d178b1d1e 44038 /* oidKeyType */
wolfSSL 16:8e0d178b1d1e 44039 case oidKeyType:
wolfSSL 16:8e0d178b1d1e 44040 switch (oid) {
wolfSSL 16:8e0d178b1d1e 44041 #ifndef NO_DSA
wolfSSL 16:8e0d178b1d1e 44042 case DSAk:
wolfSSL 16:8e0d178b1d1e 44043 return DSAk;
wolfSSL 16:8e0d178b1d1e 44044 #endif /* NO_DSA */
wolfSSL 16:8e0d178b1d1e 44045 #ifndef NO_RSA
wolfSSL 16:8e0d178b1d1e 44046 case RSAk:
wolfSSL 16:8e0d178b1d1e 44047 return RSAk;
wolfSSL 16:8e0d178b1d1e 44048 #endif /* NO_RSA */
wolfSSL 16:8e0d178b1d1e 44049 #ifdef HAVE_NTRU
wolfSSL 16:8e0d178b1d1e 44050 case NTRUk:
wolfSSL 16:8e0d178b1d1e 44051 return NTRUk;
wolfSSL 16:8e0d178b1d1e 44052 #endif /* HAVE_NTRU */
wolfSSL 16:8e0d178b1d1e 44053 #ifdef HAVE_ECC
wolfSSL 16:8e0d178b1d1e 44054 case ECDSAk:
wolfSSL 16:8e0d178b1d1e 44055 return ECDSAk;
wolfSSL 16:8e0d178b1d1e 44056 #endif /* HAVE_ECC */
wolfSSL 16:8e0d178b1d1e 44057 }
wolfSSL 16:8e0d178b1d1e 44058 break;
wolfSSL 16:8e0d178b1d1e 44059
wolfSSL 16:8e0d178b1d1e 44060
wolfSSL 16:8e0d178b1d1e 44061 #ifdef HAVE_ECC
wolfSSL 16:8e0d178b1d1e 44062 case oidCurveType:
wolfSSL 16:8e0d178b1d1e 44063 switch (oid) {
wolfSSL 16:8e0d178b1d1e 44064 case ECC_SECP192R1_OID:
wolfSSL 16:8e0d178b1d1e 44065 return NID_X9_62_prime192v1;
wolfSSL 16:8e0d178b1d1e 44066 case ECC_PRIME192V2_OID:
wolfSSL 16:8e0d178b1d1e 44067 return NID_X9_62_prime192v2;
wolfSSL 16:8e0d178b1d1e 44068 case ECC_PRIME192V3_OID:
wolfSSL 16:8e0d178b1d1e 44069 return NID_X9_62_prime192v3;
wolfSSL 16:8e0d178b1d1e 44070 case ECC_PRIME239V1_OID:
wolfSSL 16:8e0d178b1d1e 44071 return NID_X9_62_prime239v1;
wolfSSL 16:8e0d178b1d1e 44072 case ECC_PRIME239V2_OID:
wolfSSL 16:8e0d178b1d1e 44073 return NID_X9_62_prime239v2;
wolfSSL 16:8e0d178b1d1e 44074 case ECC_PRIME239V3_OID:
wolfSSL 16:8e0d178b1d1e 44075 return NID_X9_62_prime239v3;
wolfSSL 16:8e0d178b1d1e 44076 case ECC_SECP256R1_OID:
wolfSSL 16:8e0d178b1d1e 44077 return NID_X9_62_prime256v1;
wolfSSL 16:8e0d178b1d1e 44078 case ECC_SECP112R1_OID:
wolfSSL 16:8e0d178b1d1e 44079 return NID_secp112r1;
wolfSSL 16:8e0d178b1d1e 44080 case ECC_SECP112R2_OID:
wolfSSL 16:8e0d178b1d1e 44081 return NID_secp112r2;
wolfSSL 16:8e0d178b1d1e 44082 case ECC_SECP128R1_OID:
wolfSSL 16:8e0d178b1d1e 44083 return NID_secp128r1;
wolfSSL 16:8e0d178b1d1e 44084 case ECC_SECP128R2_OID:
wolfSSL 16:8e0d178b1d1e 44085 return NID_secp128r2;
wolfSSL 16:8e0d178b1d1e 44086 case ECC_SECP160R1_OID:
wolfSSL 16:8e0d178b1d1e 44087 return NID_secp160r1;
wolfSSL 16:8e0d178b1d1e 44088 case ECC_SECP160R2_OID:
wolfSSL 16:8e0d178b1d1e 44089 return NID_secp160r2;
wolfSSL 16:8e0d178b1d1e 44090 case ECC_SECP224R1_OID:
wolfSSL 16:8e0d178b1d1e 44091 return NID_secp224r1;
wolfSSL 16:8e0d178b1d1e 44092 case ECC_SECP384R1_OID:
wolfSSL 16:8e0d178b1d1e 44093 return NID_secp384r1;
wolfSSL 16:8e0d178b1d1e 44094 case ECC_SECP521R1_OID:
wolfSSL 16:8e0d178b1d1e 44095 return NID_secp521r1;
wolfSSL 16:8e0d178b1d1e 44096 case ECC_SECP160K1_OID:
wolfSSL 16:8e0d178b1d1e 44097 return NID_secp160k1;
wolfSSL 16:8e0d178b1d1e 44098 case ECC_SECP192K1_OID:
wolfSSL 16:8e0d178b1d1e 44099 return NID_secp192k1;
wolfSSL 16:8e0d178b1d1e 44100 case ECC_SECP224K1_OID:
wolfSSL 16:8e0d178b1d1e 44101 return NID_secp224k1;
wolfSSL 16:8e0d178b1d1e 44102 case ECC_SECP256K1_OID:
wolfSSL 16:8e0d178b1d1e 44103 return NID_secp256k1;
wolfSSL 16:8e0d178b1d1e 44104 case ECC_BRAINPOOLP160R1_OID:
wolfSSL 16:8e0d178b1d1e 44105 return NID_brainpoolP160r1;
wolfSSL 16:8e0d178b1d1e 44106 case ECC_BRAINPOOLP192R1_OID:
wolfSSL 16:8e0d178b1d1e 44107 return NID_brainpoolP192r1;
wolfSSL 16:8e0d178b1d1e 44108 case ECC_BRAINPOOLP224R1_OID:
wolfSSL 16:8e0d178b1d1e 44109 return NID_brainpoolP224r1;
wolfSSL 16:8e0d178b1d1e 44110 case ECC_BRAINPOOLP256R1_OID:
wolfSSL 16:8e0d178b1d1e 44111 return NID_brainpoolP256r1;
wolfSSL 16:8e0d178b1d1e 44112 case ECC_BRAINPOOLP320R1_OID:
wolfSSL 16:8e0d178b1d1e 44113 return NID_brainpoolP320r1;
wolfSSL 16:8e0d178b1d1e 44114 case ECC_BRAINPOOLP384R1_OID:
wolfSSL 16:8e0d178b1d1e 44115 return NID_brainpoolP384r1;
wolfSSL 16:8e0d178b1d1e 44116 case ECC_BRAINPOOLP512R1_OID:
wolfSSL 16:8e0d178b1d1e 44117 return NID_brainpoolP512r1;
wolfSSL 16:8e0d178b1d1e 44118 }
wolfSSL 16:8e0d178b1d1e 44119 break;
wolfSSL 16:8e0d178b1d1e 44120 #endif /* HAVE_ECC */
wolfSSL 16:8e0d178b1d1e 44121
wolfSSL 16:8e0d178b1d1e 44122 /* oidBlkType */
wolfSSL 16:8e0d178b1d1e 44123 case oidBlkType:
wolfSSL 16:8e0d178b1d1e 44124 switch (oid) {
wolfSSL 16:8e0d178b1d1e 44125 #ifdef WOLFSSL_AES_128
wolfSSL 16:8e0d178b1d1e 44126 case AES128CBCb:
wolfSSL 16:8e0d178b1d1e 44127 return AES128CBCb;
wolfSSL 16:8e0d178b1d1e 44128 #endif
wolfSSL 16:8e0d178b1d1e 44129 #ifdef WOLFSSL_AES_192
wolfSSL 16:8e0d178b1d1e 44130 case AES192CBCb:
wolfSSL 16:8e0d178b1d1e 44131 return AES192CBCb;
wolfSSL 16:8e0d178b1d1e 44132 #endif
wolfSSL 16:8e0d178b1d1e 44133 #ifdef WOLFSSL_AES_256
wolfSSL 16:8e0d178b1d1e 44134 case AES256CBCb:
wolfSSL 16:8e0d178b1d1e 44135 return AES256CBCb;
wolfSSL 16:8e0d178b1d1e 44136 #endif
wolfSSL 16:8e0d178b1d1e 44137 #ifndef NO_DES3
wolfSSL 16:8e0d178b1d1e 44138 case DESb:
wolfSSL 16:8e0d178b1d1e 44139 return NID_des;
wolfSSL 16:8e0d178b1d1e 44140 case DES3b:
wolfSSL 16:8e0d178b1d1e 44141 return NID_des3;
wolfSSL 16:8e0d178b1d1e 44142 #endif
wolfSSL 16:8e0d178b1d1e 44143 }
wolfSSL 16:8e0d178b1d1e 44144 break;
wolfSSL 16:8e0d178b1d1e 44145
wolfSSL 16:8e0d178b1d1e 44146 #ifdef HAVE_OCSP
wolfSSL 16:8e0d178b1d1e 44147 case oidOcspType:
wolfSSL 16:8e0d178b1d1e 44148 switch (oid) {
wolfSSL 16:8e0d178b1d1e 44149 case OCSP_BASIC_OID:
wolfSSL 16:8e0d178b1d1e 44150 return NID_id_pkix_OCSP_basic;
wolfSSL 16:8e0d178b1d1e 44151 case OCSP_NONCE_OID:
wolfSSL 16:8e0d178b1d1e 44152 return OCSP_NONCE_OID;
wolfSSL 16:8e0d178b1d1e 44153 }
wolfSSL 16:8e0d178b1d1e 44154 break;
wolfSSL 16:8e0d178b1d1e 44155 #endif /* HAVE_OCSP */
wolfSSL 16:8e0d178b1d1e 44156
wolfSSL 16:8e0d178b1d1e 44157 /* oidCertExtType */
wolfSSL 16:8e0d178b1d1e 44158 case oidCertExtType:
wolfSSL 16:8e0d178b1d1e 44159 switch (oid) {
wolfSSL 16:8e0d178b1d1e 44160 case BASIC_CA_OID:
wolfSSL 16:8e0d178b1d1e 44161 return BASIC_CA_OID;
wolfSSL 16:8e0d178b1d1e 44162 case ALT_NAMES_OID:
wolfSSL 16:8e0d178b1d1e 44163 return ALT_NAMES_OID;
wolfSSL 16:8e0d178b1d1e 44164 case CRL_DIST_OID:
wolfSSL 16:8e0d178b1d1e 44165 return CRL_DIST_OID;
wolfSSL 16:8e0d178b1d1e 44166 case AUTH_INFO_OID:
wolfSSL 16:8e0d178b1d1e 44167 return AUTH_INFO_OID;
wolfSSL 16:8e0d178b1d1e 44168 case AUTH_KEY_OID:
wolfSSL 16:8e0d178b1d1e 44169 return AUTH_KEY_OID;
wolfSSL 16:8e0d178b1d1e 44170 case SUBJ_KEY_OID:
wolfSSL 16:8e0d178b1d1e 44171 return SUBJ_KEY_OID;
wolfSSL 16:8e0d178b1d1e 44172 case INHIBIT_ANY_OID:
wolfSSL 16:8e0d178b1d1e 44173 return INHIBIT_ANY_OID;
wolfSSL 16:8e0d178b1d1e 44174 case KEY_USAGE_OID:
wolfSSL 16:8e0d178b1d1e 44175 return NID_key_usage;
wolfSSL 16:8e0d178b1d1e 44176 case NAME_CONS_OID:
wolfSSL 16:8e0d178b1d1e 44177 return NID_name_constraints;
wolfSSL 16:8e0d178b1d1e 44178 case CERT_POLICY_OID:
wolfSSL 16:8e0d178b1d1e 44179 return NID_certificate_policies;
wolfSSL 16:8e0d178b1d1e 44180 }
wolfSSL 16:8e0d178b1d1e 44181 break;
wolfSSL 16:8e0d178b1d1e 44182
wolfSSL 16:8e0d178b1d1e 44183 /* oidCertAuthInfoType */
wolfSSL 16:8e0d178b1d1e 44184 case oidCertAuthInfoType:
wolfSSL 16:8e0d178b1d1e 44185 switch (oid) {
wolfSSL 16:8e0d178b1d1e 44186 case AIA_OCSP_OID:
wolfSSL 16:8e0d178b1d1e 44187 return AIA_OCSP_OID;
wolfSSL 16:8e0d178b1d1e 44188 case AIA_CA_ISSUER_OID:
wolfSSL 16:8e0d178b1d1e 44189 return AIA_CA_ISSUER_OID;
wolfSSL 16:8e0d178b1d1e 44190 }
wolfSSL 16:8e0d178b1d1e 44191 break;
wolfSSL 16:8e0d178b1d1e 44192
wolfSSL 16:8e0d178b1d1e 44193 /* oidCertPolicyType */
wolfSSL 16:8e0d178b1d1e 44194 case oidCertPolicyType:
wolfSSL 16:8e0d178b1d1e 44195 switch (oid) {
wolfSSL 16:8e0d178b1d1e 44196 case CP_ANY_OID:
wolfSSL 16:8e0d178b1d1e 44197 return NID_any_policy;
wolfSSL 16:8e0d178b1d1e 44198 }
wolfSSL 16:8e0d178b1d1e 44199 break;
wolfSSL 16:8e0d178b1d1e 44200
wolfSSL 16:8e0d178b1d1e 44201 /* oidCertAltNameType */
wolfSSL 16:8e0d178b1d1e 44202 case oidCertAltNameType:
wolfSSL 16:8e0d178b1d1e 44203 switch (oid) {
wolfSSL 16:8e0d178b1d1e 44204 case HW_NAME_OID:
wolfSSL 16:8e0d178b1d1e 44205 return NID_hw_name_oid;
wolfSSL 16:8e0d178b1d1e 44206 }
wolfSSL 16:8e0d178b1d1e 44207 break;
wolfSSL 16:8e0d178b1d1e 44208
wolfSSL 16:8e0d178b1d1e 44209 /* oidCertKeyUseType */
wolfSSL 16:8e0d178b1d1e 44210 case oidCertKeyUseType:
wolfSSL 16:8e0d178b1d1e 44211 switch (oid) {
wolfSSL 16:8e0d178b1d1e 44212 case EKU_ANY_OID:
wolfSSL 16:8e0d178b1d1e 44213 return NID_anyExtendedKeyUsage;
wolfSSL 16:8e0d178b1d1e 44214 case EKU_SERVER_AUTH_OID:
wolfSSL 16:8e0d178b1d1e 44215 return EKU_SERVER_AUTH_OID;
wolfSSL 16:8e0d178b1d1e 44216 case EKU_CLIENT_AUTH_OID:
wolfSSL 16:8e0d178b1d1e 44217 return EKU_CLIENT_AUTH_OID;
wolfSSL 16:8e0d178b1d1e 44218 case EKU_OCSP_SIGN_OID:
wolfSSL 16:8e0d178b1d1e 44219 return EKU_OCSP_SIGN_OID;
wolfSSL 16:8e0d178b1d1e 44220 }
wolfSSL 16:8e0d178b1d1e 44221 break;
wolfSSL 16:8e0d178b1d1e 44222
wolfSSL 16:8e0d178b1d1e 44223 /* oidKdfType */
wolfSSL 16:8e0d178b1d1e 44224 case oidKdfType:
wolfSSL 16:8e0d178b1d1e 44225 switch (oid) {
wolfSSL 16:8e0d178b1d1e 44226 case PBKDF2_OID:
wolfSSL 16:8e0d178b1d1e 44227 return PBKDF2_OID;
wolfSSL 16:8e0d178b1d1e 44228 }
wolfSSL 16:8e0d178b1d1e 44229 break;
wolfSSL 16:8e0d178b1d1e 44230
wolfSSL 16:8e0d178b1d1e 44231 /* oidPBEType */
wolfSSL 16:8e0d178b1d1e 44232 case oidPBEType:
wolfSSL 16:8e0d178b1d1e 44233 switch (oid) {
wolfSSL 16:8e0d178b1d1e 44234 case PBE_SHA1_RC4_128:
wolfSSL 16:8e0d178b1d1e 44235 return PBE_SHA1_RC4_128;
wolfSSL 16:8e0d178b1d1e 44236 case PBE_SHA1_DES:
wolfSSL 16:8e0d178b1d1e 44237 return PBE_SHA1_DES;
wolfSSL 16:8e0d178b1d1e 44238 case PBE_SHA1_DES3:
wolfSSL 16:8e0d178b1d1e 44239 return PBE_SHA1_DES3;
wolfSSL 16:8e0d178b1d1e 44240 }
wolfSSL 16:8e0d178b1d1e 44241 break;
wolfSSL 16:8e0d178b1d1e 44242
wolfSSL 16:8e0d178b1d1e 44243 /* oidKeyWrapType */
wolfSSL 16:8e0d178b1d1e 44244 case oidKeyWrapType:
wolfSSL 16:8e0d178b1d1e 44245 switch (oid) {
wolfSSL 16:8e0d178b1d1e 44246 #ifdef WOLFSSL_AES_128
wolfSSL 16:8e0d178b1d1e 44247 case AES128_WRAP:
wolfSSL 16:8e0d178b1d1e 44248 return AES128_WRAP;
wolfSSL 16:8e0d178b1d1e 44249 #endif
wolfSSL 16:8e0d178b1d1e 44250 #ifdef WOLFSSL_AES_192
wolfSSL 16:8e0d178b1d1e 44251 case AES192_WRAP:
wolfSSL 16:8e0d178b1d1e 44252 return AES192_WRAP;
wolfSSL 16:8e0d178b1d1e 44253 #endif
wolfSSL 16:8e0d178b1d1e 44254 #ifdef WOLFSSL_AES_256
wolfSSL 16:8e0d178b1d1e 44255 case AES256_WRAP:
wolfSSL 16:8e0d178b1d1e 44256 return AES256_WRAP;
wolfSSL 16:8e0d178b1d1e 44257 #endif
wolfSSL 16:8e0d178b1d1e 44258 }
wolfSSL 16:8e0d178b1d1e 44259 break;
wolfSSL 16:8e0d178b1d1e 44260
wolfSSL 16:8e0d178b1d1e 44261 /* oidCmsKeyAgreeType */
wolfSSL 16:8e0d178b1d1e 44262 case oidCmsKeyAgreeType:
wolfSSL 16:8e0d178b1d1e 44263 switch (oid) {
wolfSSL 16:8e0d178b1d1e 44264 #ifndef NO_SHA
wolfSSL 16:8e0d178b1d1e 44265 case dhSinglePass_stdDH_sha1kdf_scheme:
wolfSSL 16:8e0d178b1d1e 44266 return dhSinglePass_stdDH_sha1kdf_scheme;
wolfSSL 16:8e0d178b1d1e 44267 #endif
wolfSSL 16:8e0d178b1d1e 44268 #ifdef WOLFSSL_SHA224
wolfSSL 16:8e0d178b1d1e 44269 case dhSinglePass_stdDH_sha224kdf_scheme:
wolfSSL 16:8e0d178b1d1e 44270 return dhSinglePass_stdDH_sha224kdf_scheme;
wolfSSL 16:8e0d178b1d1e 44271 #endif
wolfSSL 16:8e0d178b1d1e 44272 #ifndef NO_SHA256
wolfSSL 16:8e0d178b1d1e 44273 case dhSinglePass_stdDH_sha256kdf_scheme:
wolfSSL 16:8e0d178b1d1e 44274 return dhSinglePass_stdDH_sha256kdf_scheme;
wolfSSL 16:8e0d178b1d1e 44275 #endif
wolfSSL 16:8e0d178b1d1e 44276 #ifdef WOLFSSL_SHA384
wolfSSL 16:8e0d178b1d1e 44277 case dhSinglePass_stdDH_sha384kdf_scheme:
wolfSSL 16:8e0d178b1d1e 44278 return dhSinglePass_stdDH_sha384kdf_scheme;
wolfSSL 16:8e0d178b1d1e 44279 #endif
wolfSSL 16:8e0d178b1d1e 44280 #ifdef WOLFSSL_SHA512
wolfSSL 16:8e0d178b1d1e 44281 case dhSinglePass_stdDH_sha512kdf_scheme:
wolfSSL 16:8e0d178b1d1e 44282 return dhSinglePass_stdDH_sha512kdf_scheme;
wolfSSL 16:8e0d178b1d1e 44283 #endif
wolfSSL 16:8e0d178b1d1e 44284 }
wolfSSL 16:8e0d178b1d1e 44285 break;
wolfSSL 16:8e0d178b1d1e 44286
wolfSSL 16:8e0d178b1d1e 44287 default:
wolfSSL 16:8e0d178b1d1e 44288 WOLFSSL_MSG("NID not in table");
wolfSSL 16:8e0d178b1d1e 44289 return -1;
wolfSSL 16:8e0d178b1d1e 44290 }
wolfSSL 16:8e0d178b1d1e 44291
wolfSSL 16:8e0d178b1d1e 44292 return -1;
wolfSSL 16:8e0d178b1d1e 44293 }
wolfSSL 16:8e0d178b1d1e 44294
wolfSSL 16:8e0d178b1d1e 44295
wolfSSL 16:8e0d178b1d1e 44296 /* when calling SetIndividualInternal, mpi should be cleared by caller if no
wolfSSL 16:8e0d178b1d1e 44297 * longer used. ie mp_free(mpi). This is to free data when fastmath is
wolfSSL 16:8e0d178b1d1e 44298 * disabled since a copy of mpi is made by this function and placed into bn.
wolfSSL 16:8e0d178b1d1e 44299 */
wolfSSL 16:8e0d178b1d1e 44300 int SetIndividualInternal(WOLFSSL_BIGNUM* bn, mp_int* mpi)
wolfSSL 16:8e0d178b1d1e 44301 {
wolfSSL 16:8e0d178b1d1e 44302 WOLFSSL_MSG("Entering SetIndividualInternal");
wolfSSL 16:8e0d178b1d1e 44303
wolfSSL 16:8e0d178b1d1e 44304 if (bn == NULL || bn->internal == NULL) {
wolfSSL 16:8e0d178b1d1e 44305 WOLFSSL_MSG("bn NULL error");
wolfSSL 16:8e0d178b1d1e 44306 return WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 44307 }
wolfSSL 16:8e0d178b1d1e 44308
wolfSSL 16:8e0d178b1d1e 44309 if (mpi == NULL || (mp_init(mpi) != MP_OKAY)) {
wolfSSL 16:8e0d178b1d1e 44310 WOLFSSL_MSG("mpi NULL error");
wolfSSL 16:8e0d178b1d1e 44311 return WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 44312 }
wolfSSL 16:8e0d178b1d1e 44313
wolfSSL 16:8e0d178b1d1e 44314 if (mp_copy((mp_int*)bn->internal, mpi) != MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 44315 WOLFSSL_MSG("mp_copy error");
wolfSSL 16:8e0d178b1d1e 44316 return WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 44317 }
wolfSSL 16:8e0d178b1d1e 44318
wolfSSL 16:8e0d178b1d1e 44319 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 44320 }
wolfSSL 16:8e0d178b1d1e 44321
wolfSSL 16:8e0d178b1d1e 44322
wolfSSL 16:8e0d178b1d1e 44323 #ifndef NO_ASN
wolfSSL 16:8e0d178b1d1e 44324 WOLFSSL_BIGNUM *wolfSSL_ASN1_INTEGER_to_BN(const WOLFSSL_ASN1_INTEGER *ai,
wolfSSL 16:8e0d178b1d1e 44325 WOLFSSL_BIGNUM *bn)
wolfSSL 16:8e0d178b1d1e 44326 {
wolfSSL 16:8e0d178b1d1e 44327 mp_int mpi;
wolfSSL 16:8e0d178b1d1e 44328 word32 idx = 0;
wolfSSL 16:8e0d178b1d1e 44329 int ret;
wolfSSL 16:8e0d178b1d1e 44330
wolfSSL 16:8e0d178b1d1e 44331 WOLFSSL_ENTER("wolfSSL_ASN1_INTEGER_to_BN");
wolfSSL 16:8e0d178b1d1e 44332
wolfSSL 16:8e0d178b1d1e 44333 if (ai == NULL) {
wolfSSL 16:8e0d178b1d1e 44334 return NULL;
wolfSSL 16:8e0d178b1d1e 44335 }
wolfSSL 16:8e0d178b1d1e 44336
wolfSSL 16:8e0d178b1d1e 44337 ret = GetInt(&mpi, ai->data, &idx, ai->dataMax);
wolfSSL 16:8e0d178b1d1e 44338 if (ret != 0) {
wolfSSL 16:8e0d178b1d1e 44339 #ifdef WOLFSSL_QT
wolfSSL 16:8e0d178b1d1e 44340 mp_init(&mpi); /* must init mpi */
wolfSSL 16:8e0d178b1d1e 44341 /* Serial number in QT starts at index 0 of data */
wolfSSL 16:8e0d178b1d1e 44342 if (mp_read_unsigned_bin(&mpi, (byte*)ai->data, ai->length) != 0) {
wolfSSL 16:8e0d178b1d1e 44343 mp_clear(&mpi);
wolfSSL 16:8e0d178b1d1e 44344 return NULL;
wolfSSL 16:8e0d178b1d1e 44345 }
wolfSSL 16:8e0d178b1d1e 44346 #else
wolfSSL 16:8e0d178b1d1e 44347 /* expecting ASN1 format for INTEGER */
wolfSSL 16:8e0d178b1d1e 44348 WOLFSSL_LEAVE("wolfSSL_ASN1_INTEGER_to_BN", ret);
wolfSSL 16:8e0d178b1d1e 44349 return NULL;
wolfSSL 16:8e0d178b1d1e 44350 #endif
wolfSSL 16:8e0d178b1d1e 44351 }
wolfSSL 16:8e0d178b1d1e 44352
wolfSSL 16:8e0d178b1d1e 44353 /* mp_clear needs called because mpi is copied and causes memory leak with
wolfSSL 16:8e0d178b1d1e 44354 * --disable-fastmath */
wolfSSL 16:8e0d178b1d1e 44355 ret = SetIndividualExternal(&bn, &mpi);
wolfSSL 16:8e0d178b1d1e 44356 mp_clear(&mpi);
wolfSSL 16:8e0d178b1d1e 44357
wolfSSL 16:8e0d178b1d1e 44358 if (ret != WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 44359 return NULL;
wolfSSL 16:8e0d178b1d1e 44360 }
wolfSSL 16:8e0d178b1d1e 44361 return bn;
wolfSSL 16:8e0d178b1d1e 44362 }
wolfSSL 16:8e0d178b1d1e 44363 #endif /* !NO_ASN */
wolfSSL 16:8e0d178b1d1e 44364
wolfSSL 16:8e0d178b1d1e 44365 #if !defined(NO_DSA) && !defined(NO_DH)
wolfSSL 16:8e0d178b1d1e 44366 WOLFSSL_DH *wolfSSL_DSA_dup_DH(const WOLFSSL_DSA *dsa)
wolfSSL 16:8e0d178b1d1e 44367 {
wolfSSL 16:8e0d178b1d1e 44368 WOLFSSL_DH* dh;
wolfSSL 16:8e0d178b1d1e 44369 DhKey* key;
wolfSSL 16:8e0d178b1d1e 44370
wolfSSL 16:8e0d178b1d1e 44371 WOLFSSL_ENTER("wolfSSL_DSA_dup_DH");
wolfSSL 16:8e0d178b1d1e 44372
wolfSSL 16:8e0d178b1d1e 44373 if (dsa == NULL) {
wolfSSL 16:8e0d178b1d1e 44374 return NULL;
wolfSSL 16:8e0d178b1d1e 44375 }
wolfSSL 16:8e0d178b1d1e 44376
wolfSSL 16:8e0d178b1d1e 44377 dh = wolfSSL_DH_new();
wolfSSL 16:8e0d178b1d1e 44378 if (dh == NULL) {
wolfSSL 16:8e0d178b1d1e 44379 return NULL;
wolfSSL 16:8e0d178b1d1e 44380 }
wolfSSL 16:8e0d178b1d1e 44381 key = (DhKey*)dh->internal;
wolfSSL 16:8e0d178b1d1e 44382
wolfSSL 16:8e0d178b1d1e 44383 if (dsa->p != NULL &&
wolfSSL 16:8e0d178b1d1e 44384 SetIndividualInternal(((WOLFSSL_DSA*)dsa)->p, &key->p) != WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 44385 WOLFSSL_MSG("rsa p key error");
wolfSSL 16:8e0d178b1d1e 44386 wolfSSL_DH_free(dh);
wolfSSL 16:8e0d178b1d1e 44387 return NULL;
wolfSSL 16:8e0d178b1d1e 44388 }
wolfSSL 16:8e0d178b1d1e 44389 if (dsa->g != NULL &&
wolfSSL 16:8e0d178b1d1e 44390 SetIndividualInternal(((WOLFSSL_DSA*)dsa)->g, &key->g) != WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 44391 WOLFSSL_MSG("rsa g key error");
wolfSSL 16:8e0d178b1d1e 44392 wolfSSL_DH_free(dh);
wolfSSL 16:8e0d178b1d1e 44393 return NULL;
wolfSSL 16:8e0d178b1d1e 44394 }
wolfSSL 16:8e0d178b1d1e 44395
wolfSSL 16:8e0d178b1d1e 44396 if (SetIndividualExternal(&dh->p, &key->p) != WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 44397 WOLFSSL_MSG("dsa p key error");
wolfSSL 16:8e0d178b1d1e 44398 wolfSSL_DH_free(dh);
wolfSSL 16:8e0d178b1d1e 44399 return NULL;
wolfSSL 16:8e0d178b1d1e 44400 }
wolfSSL 16:8e0d178b1d1e 44401 if (SetIndividualExternal(&dh->g, &key->g) != WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 44402 WOLFSSL_MSG("dsa g key error");
wolfSSL 16:8e0d178b1d1e 44403 wolfSSL_DH_free(dh);
wolfSSL 16:8e0d178b1d1e 44404 return NULL;
wolfSSL 16:8e0d178b1d1e 44405 }
wolfSSL 16:8e0d178b1d1e 44406
wolfSSL 16:8e0d178b1d1e 44407 return dh;
wolfSSL 16:8e0d178b1d1e 44408 }
wolfSSL 16:8e0d178b1d1e 44409 #endif /* !NO_DSA && !NO_DH */
wolfSSL 16:8e0d178b1d1e 44410
wolfSSL 16:8e0d178b1d1e 44411
wolfSSL 16:8e0d178b1d1e 44412 #ifndef NO_RSA
wolfSSL 16:8e0d178b1d1e 44413 #if !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA)
wolfSSL 16:8e0d178b1d1e 44414 /* Openssl -> WolfSSL */
wolfSSL 16:8e0d178b1d1e 44415 int SetRsaInternal(WOLFSSL_RSA* rsa)
wolfSSL 16:8e0d178b1d1e 44416 {
wolfSSL 16:8e0d178b1d1e 44417 RsaKey* key;
wolfSSL 16:8e0d178b1d1e 44418 WOLFSSL_MSG("Entering SetRsaInternal");
wolfSSL 16:8e0d178b1d1e 44419
wolfSSL 16:8e0d178b1d1e 44420 if (rsa == NULL || rsa->internal == NULL) {
wolfSSL 16:8e0d178b1d1e 44421 WOLFSSL_MSG("rsa key NULL error");
wolfSSL 16:8e0d178b1d1e 44422 return WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 44423 }
wolfSSL 16:8e0d178b1d1e 44424
wolfSSL 16:8e0d178b1d1e 44425 key = (RsaKey*)rsa->internal;
wolfSSL 16:8e0d178b1d1e 44426
wolfSSL 16:8e0d178b1d1e 44427 if (SetIndividualInternal(rsa->n, &key->n) != WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 44428 WOLFSSL_MSG("rsa n key error");
wolfSSL 16:8e0d178b1d1e 44429 return WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 44430 }
wolfSSL 16:8e0d178b1d1e 44431
wolfSSL 16:8e0d178b1d1e 44432 if (SetIndividualInternal(rsa->e, &key->e) != WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 44433 WOLFSSL_MSG("rsa e key error");
wolfSSL 16:8e0d178b1d1e 44434 return WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 44435 }
wolfSSL 16:8e0d178b1d1e 44436
wolfSSL 16:8e0d178b1d1e 44437 /* public key */
wolfSSL 16:8e0d178b1d1e 44438 key->type = RSA_PUBLIC;
wolfSSL 16:8e0d178b1d1e 44439
wolfSSL 16:8e0d178b1d1e 44440 if (rsa->d != NULL) {
wolfSSL 16:8e0d178b1d1e 44441 if (SetIndividualInternal(rsa->d, &key->d) != WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 44442 WOLFSSL_MSG("rsa d key error");
wolfSSL 16:8e0d178b1d1e 44443 return WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 44444 }
wolfSSL 16:8e0d178b1d1e 44445
wolfSSL 16:8e0d178b1d1e 44446 /* private key */
wolfSSL 16:8e0d178b1d1e 44447 key->type = RSA_PRIVATE;
wolfSSL 16:8e0d178b1d1e 44448 }
wolfSSL 16:8e0d178b1d1e 44449
wolfSSL 16:8e0d178b1d1e 44450 if (rsa->p != NULL &&
wolfSSL 16:8e0d178b1d1e 44451 SetIndividualInternal(rsa->p, &key->p) != WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 44452 WOLFSSL_MSG("rsa p key error");
wolfSSL 16:8e0d178b1d1e 44453 return WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 44454 }
wolfSSL 16:8e0d178b1d1e 44455
wolfSSL 16:8e0d178b1d1e 44456 if (rsa->q != NULL &&
wolfSSL 16:8e0d178b1d1e 44457 SetIndividualInternal(rsa->q, &key->q) != WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 44458 WOLFSSL_MSG("rsa q key error");
wolfSSL 16:8e0d178b1d1e 44459 return WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 44460 }
wolfSSL 16:8e0d178b1d1e 44461
wolfSSL 16:8e0d178b1d1e 44462 #ifndef RSA_LOW_MEM
wolfSSL 16:8e0d178b1d1e 44463 if (rsa->dmp1 != NULL &&
wolfSSL 16:8e0d178b1d1e 44464 SetIndividualInternal(rsa->dmp1, &key->dP) != WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 44465 WOLFSSL_MSG("rsa dP key error");
wolfSSL 16:8e0d178b1d1e 44466 return WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 44467 }
wolfSSL 16:8e0d178b1d1e 44468
wolfSSL 16:8e0d178b1d1e 44469 if (rsa->dmq1 != NULL &&
wolfSSL 16:8e0d178b1d1e 44470 SetIndividualInternal(rsa->dmq1, &key->dQ) != WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 44471 WOLFSSL_MSG("rsa dQ key error");
wolfSSL 16:8e0d178b1d1e 44472 return WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 44473 }
wolfSSL 16:8e0d178b1d1e 44474
wolfSSL 16:8e0d178b1d1e 44475 if (rsa->iqmp != NULL &&
wolfSSL 16:8e0d178b1d1e 44476 SetIndividualInternal(rsa->iqmp, &key->u) != WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 44477 WOLFSSL_MSG("rsa u key error");
wolfSSL 16:8e0d178b1d1e 44478 return WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 44479 }
wolfSSL 16:8e0d178b1d1e 44480 #endif /* !RSA_LOW_MEM */
wolfSSL 16:8e0d178b1d1e 44481
wolfSSL 16:8e0d178b1d1e 44482 rsa->inSet = 1;
wolfSSL 16:8e0d178b1d1e 44483
wolfSSL 16:8e0d178b1d1e 44484 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 44485 }
wolfSSL 16:8e0d178b1d1e 44486
wolfSSL 16:8e0d178b1d1e 44487
wolfSSL 16:8e0d178b1d1e 44488 /* SSL_SUCCESS on ok */
wolfSSL 16:8e0d178b1d1e 44489 #ifndef NO_WOLFSSL_STUB
wolfSSL 16:8e0d178b1d1e 44490 int wolfSSL_RSA_blinding_on(WOLFSSL_RSA* rsa, WOLFSSL_BN_CTX* bn)
wolfSSL 16:8e0d178b1d1e 44491 {
wolfSSL 16:8e0d178b1d1e 44492 (void)rsa;
wolfSSL 16:8e0d178b1d1e 44493 (void)bn;
wolfSSL 16:8e0d178b1d1e 44494 WOLFSSL_STUB("RSA_blinding_on");
wolfSSL 16:8e0d178b1d1e 44495 WOLFSSL_MSG("wolfSSL_RSA_blinding_on");
wolfSSL 16:8e0d178b1d1e 44496
wolfSSL 16:8e0d178b1d1e 44497 return WOLFSSL_SUCCESS; /* on by default */
wolfSSL 16:8e0d178b1d1e 44498 }
wolfSSL 16:8e0d178b1d1e 44499 #endif
wolfSSL 16:8e0d178b1d1e 44500
wolfSSL 16:8e0d178b1d1e 44501 /* return compliant with OpenSSL
wolfSSL 16:8e0d178b1d1e 44502 * size of encrypted data if success , -1 if error
wolfSSL 16:8e0d178b1d1e 44503 */
wolfSSL 16:8e0d178b1d1e 44504 int wolfSSL_RSA_public_encrypt(int len, const unsigned char* fr,
wolfSSL 16:8e0d178b1d1e 44505 unsigned char* to, WOLFSSL_RSA* rsa, int padding)
wolfSSL 16:8e0d178b1d1e 44506 {
wolfSSL 16:8e0d178b1d1e 44507 int initTmpRng = 0;
wolfSSL 16:8e0d178b1d1e 44508 WC_RNG *rng = NULL;
wolfSSL 16:8e0d178b1d1e 44509 int outLen;
wolfSSL 16:8e0d178b1d1e 44510 int ret = 0;
wolfSSL 16:8e0d178b1d1e 44511 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 16:8e0d178b1d1e 44512 WC_RNG* tmpRNG = NULL;
wolfSSL 16:8e0d178b1d1e 44513 #else
wolfSSL 16:8e0d178b1d1e 44514 WC_RNG _tmpRNG[1];
wolfSSL 16:8e0d178b1d1e 44515 WC_RNG* tmpRNG = _tmpRNG;
wolfSSL 16:8e0d178b1d1e 44516 #endif
wolfSSL 16:8e0d178b1d1e 44517 #if !defined(HAVE_FIPS) && !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA)
wolfSSL 16:8e0d178b1d1e 44518 int mgf = WC_MGF1NONE;
wolfSSL 16:8e0d178b1d1e 44519 enum wc_HashType hash = WC_HASH_TYPE_NONE;
wolfSSL 16:8e0d178b1d1e 44520 #endif
wolfSSL 16:8e0d178b1d1e 44521
wolfSSL 16:8e0d178b1d1e 44522 WOLFSSL_MSG("wolfSSL_RSA_public_encrypt");
wolfSSL 16:8e0d178b1d1e 44523
wolfSSL 16:8e0d178b1d1e 44524 /* Check and remap the padding to internal values, if needed. */
wolfSSL 16:8e0d178b1d1e 44525 #if !defined(HAVE_FIPS) && !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA)
wolfSSL 16:8e0d178b1d1e 44526 if (padding == RSA_PKCS1_PADDING)
wolfSSL 16:8e0d178b1d1e 44527 padding = WC_RSA_PKCSV15_PAD;
wolfSSL 16:8e0d178b1d1e 44528 else if (padding == RSA_PKCS1_OAEP_PADDING) {
wolfSSL 16:8e0d178b1d1e 44529 padding = WC_RSA_OAEP_PAD;
wolfSSL 16:8e0d178b1d1e 44530 hash = WC_HASH_TYPE_SHA;
wolfSSL 16:8e0d178b1d1e 44531 mgf = WC_MGF1SHA1;
wolfSSL 16:8e0d178b1d1e 44532 }
wolfSSL 16:8e0d178b1d1e 44533 else if (padding == RSA_PKCS1_PSS_PADDING) {
wolfSSL 16:8e0d178b1d1e 44534 padding = WC_RSA_PSS_PAD;
wolfSSL 16:8e0d178b1d1e 44535 hash = WC_HASH_TYPE_SHA256;
wolfSSL 16:8e0d178b1d1e 44536 mgf = WC_MGF1SHA256;
wolfSSL 16:8e0d178b1d1e 44537 }
wolfSSL 16:8e0d178b1d1e 44538 else if (padding == RSA_NO_PADDING) {
wolfSSL 16:8e0d178b1d1e 44539 padding = WC_RSA_NO_PAD;
wolfSSL 16:8e0d178b1d1e 44540 }
wolfSSL 16:8e0d178b1d1e 44541 #else
wolfSSL 16:8e0d178b1d1e 44542 if (padding == RSA_PKCS1_PADDING)
wolfSSL 16:8e0d178b1d1e 44543 ;
wolfSSL 16:8e0d178b1d1e 44544 #endif
wolfSSL 16:8e0d178b1d1e 44545 else {
wolfSSL 16:8e0d178b1d1e 44546 WOLFSSL_MSG("wolfSSL_RSA_public_encrypt unsupported padding");
wolfSSL 16:8e0d178b1d1e 44547 return 0;
wolfSSL 16:8e0d178b1d1e 44548 }
wolfSSL 16:8e0d178b1d1e 44549
wolfSSL 16:8e0d178b1d1e 44550 if (rsa->inSet == 0)
wolfSSL 16:8e0d178b1d1e 44551 {
wolfSSL 16:8e0d178b1d1e 44552 if (SetRsaInternal(rsa) != SSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 44553 WOLFSSL_MSG("SetRsaInternal failed");
wolfSSL 16:8e0d178b1d1e 44554 return 0;
wolfSSL 16:8e0d178b1d1e 44555 }
wolfSSL 16:8e0d178b1d1e 44556 }
wolfSSL 16:8e0d178b1d1e 44557
wolfSSL 16:8e0d178b1d1e 44558 outLen = wolfSSL_RSA_size(rsa);
wolfSSL 16:8e0d178b1d1e 44559
wolfSSL 16:8e0d178b1d1e 44560 rng = WOLFSSL_RSA_GetRNG(rsa, (WC_RNG**)&tmpRNG, &initTmpRng);
wolfSSL 16:8e0d178b1d1e 44561
wolfSSL 16:8e0d178b1d1e 44562 if (outLen == 0) {
wolfSSL 16:8e0d178b1d1e 44563 WOLFSSL_MSG("Bad RSA size");
wolfSSL 16:8e0d178b1d1e 44564 }
wolfSSL 16:8e0d178b1d1e 44565
wolfSSL 16:8e0d178b1d1e 44566 if (rng) {
wolfSSL 16:8e0d178b1d1e 44567 #if !defined(HAVE_FIPS) && !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA)
wolfSSL 16:8e0d178b1d1e 44568 ret = wc_RsaPublicEncrypt_ex(fr, len, to, outLen,
wolfSSL 16:8e0d178b1d1e 44569 (RsaKey*)rsa->internal, rng, padding,
wolfSSL 16:8e0d178b1d1e 44570 hash, mgf, NULL, 0);
wolfSSL 16:8e0d178b1d1e 44571 #else
wolfSSL 16:8e0d178b1d1e 44572 ret = wc_RsaPublicEncrypt(fr, len, to, outLen,
wolfSSL 16:8e0d178b1d1e 44573 (RsaKey*)rsa->internal, rng);
wolfSSL 16:8e0d178b1d1e 44574 #endif
wolfSSL 16:8e0d178b1d1e 44575 if (ret <= 0) {
wolfSSL 16:8e0d178b1d1e 44576 WOLFSSL_MSG("Bad Rsa Encrypt");
wolfSSL 16:8e0d178b1d1e 44577 }
wolfSSL 16:8e0d178b1d1e 44578 if (len <= 0) {
wolfSSL 16:8e0d178b1d1e 44579 WOLFSSL_MSG("Bad Rsa Encrypt");
wolfSSL 16:8e0d178b1d1e 44580 }
wolfSSL 16:8e0d178b1d1e 44581 }
wolfSSL 16:8e0d178b1d1e 44582
wolfSSL 16:8e0d178b1d1e 44583 if (initTmpRng)
wolfSSL 16:8e0d178b1d1e 44584 wc_FreeRng(tmpRNG);
wolfSSL 16:8e0d178b1d1e 44585 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 16:8e0d178b1d1e 44586 if (tmpRNG)
wolfSSL 16:8e0d178b1d1e 44587 XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 44588 #endif
wolfSSL 16:8e0d178b1d1e 44589
wolfSSL 16:8e0d178b1d1e 44590 if (ret >= 0)
wolfSSL 16:8e0d178b1d1e 44591 WOLFSSL_MSG("wolfSSL_RSA_public_encrypt success");
wolfSSL 16:8e0d178b1d1e 44592 else {
wolfSSL 16:8e0d178b1d1e 44593 WOLFSSL_MSG("wolfSSL_RSA_public_encrypt failed");
wolfSSL 16:8e0d178b1d1e 44594 ret = WOLFSSL_FATAL_ERROR; /* return -1 on error case */
wolfSSL 16:8e0d178b1d1e 44595 }
wolfSSL 16:8e0d178b1d1e 44596 return ret;
wolfSSL 16:8e0d178b1d1e 44597 }
wolfSSL 16:8e0d178b1d1e 44598
wolfSSL 16:8e0d178b1d1e 44599
wolfSSL 16:8e0d178b1d1e 44600
wolfSSL 16:8e0d178b1d1e 44601
wolfSSL 16:8e0d178b1d1e 44602 /* return compliant with OpenSSL
wolfSSL 16:8e0d178b1d1e 44603 * size of plain recovered data if success , -1 if error
wolfSSL 16:8e0d178b1d1e 44604 */
wolfSSL 16:8e0d178b1d1e 44605 int wolfSSL_RSA_private_decrypt(int len, const unsigned char* fr,
wolfSSL 16:8e0d178b1d1e 44606 unsigned char* to, WOLFSSL_RSA* rsa, int padding)
wolfSSL 16:8e0d178b1d1e 44607 {
wolfSSL 16:8e0d178b1d1e 44608 int outLen;
wolfSSL 16:8e0d178b1d1e 44609 int ret = 0;
wolfSSL 16:8e0d178b1d1e 44610 #if !defined(HAVE_FIPS) && !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA)
wolfSSL 16:8e0d178b1d1e 44611 int mgf = WC_MGF1NONE;
wolfSSL 16:8e0d178b1d1e 44612 enum wc_HashType hash = WC_HASH_TYPE_NONE;
wolfSSL 16:8e0d178b1d1e 44613 #endif
wolfSSL 16:8e0d178b1d1e 44614
wolfSSL 16:8e0d178b1d1e 44615 WOLFSSL_MSG("wolfSSL_RSA_private_decrypt");
wolfSSL 16:8e0d178b1d1e 44616
wolfSSL 16:8e0d178b1d1e 44617 #if !defined(HAVE_FIPS) && !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA)
wolfSSL 16:8e0d178b1d1e 44618 if (padding == RSA_PKCS1_PADDING)
wolfSSL 16:8e0d178b1d1e 44619 padding = WC_RSA_PKCSV15_PAD;
wolfSSL 16:8e0d178b1d1e 44620 else if (padding == RSA_PKCS1_OAEP_PADDING) {
wolfSSL 16:8e0d178b1d1e 44621 padding = WC_RSA_OAEP_PAD;
wolfSSL 16:8e0d178b1d1e 44622 hash = WC_HASH_TYPE_SHA;
wolfSSL 16:8e0d178b1d1e 44623 mgf = WC_MGF1SHA1;
wolfSSL 16:8e0d178b1d1e 44624 }
wolfSSL 16:8e0d178b1d1e 44625 else if (padding == RSA_PKCS1_PSS_PADDING) {
wolfSSL 16:8e0d178b1d1e 44626 padding = WC_RSA_PSS_PAD;
wolfSSL 16:8e0d178b1d1e 44627 hash = WC_HASH_TYPE_SHA256;
wolfSSL 16:8e0d178b1d1e 44628 mgf = WC_MGF1SHA256;
wolfSSL 16:8e0d178b1d1e 44629 }
wolfSSL 16:8e0d178b1d1e 44630 else if (padding == RSA_NO_PADDING) {
wolfSSL 16:8e0d178b1d1e 44631 padding = WC_RSA_NO_PAD;
wolfSSL 16:8e0d178b1d1e 44632 }
wolfSSL 16:8e0d178b1d1e 44633 #else
wolfSSL 16:8e0d178b1d1e 44634 if (padding == RSA_PKCS1_PADDING)
wolfSSL 16:8e0d178b1d1e 44635 ;
wolfSSL 16:8e0d178b1d1e 44636 #endif
wolfSSL 16:8e0d178b1d1e 44637 else {
wolfSSL 16:8e0d178b1d1e 44638 WOLFSSL_MSG("wolfSSL_RSA_private_decrypt unsupported padding");
wolfSSL 16:8e0d178b1d1e 44639 return 0;
wolfSSL 16:8e0d178b1d1e 44640 }
wolfSSL 16:8e0d178b1d1e 44641
wolfSSL 16:8e0d178b1d1e 44642 if (rsa->inSet == 0)
wolfSSL 16:8e0d178b1d1e 44643 {
wolfSSL 16:8e0d178b1d1e 44644 if (SetRsaInternal(rsa) != SSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 44645 WOLFSSL_MSG("SetRsaInternal failed");
wolfSSL 16:8e0d178b1d1e 44646 return 0;
wolfSSL 16:8e0d178b1d1e 44647 }
wolfSSL 16:8e0d178b1d1e 44648 }
wolfSSL 16:8e0d178b1d1e 44649
wolfSSL 16:8e0d178b1d1e 44650 outLen = wolfSSL_RSA_size(rsa);
wolfSSL 16:8e0d178b1d1e 44651 if (outLen == 0) {
wolfSSL 16:8e0d178b1d1e 44652 WOLFSSL_MSG("Bad RSA size");
wolfSSL 16:8e0d178b1d1e 44653 }
wolfSSL 16:8e0d178b1d1e 44654
wolfSSL 16:8e0d178b1d1e 44655 /* size of 'to' buffer must be size of RSA key */
wolfSSL 16:8e0d178b1d1e 44656 #if !defined(HAVE_FIPS) && !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA)
wolfSSL 16:8e0d178b1d1e 44657 ret = wc_RsaPrivateDecrypt_ex(fr, len, to, outLen,
wolfSSL 16:8e0d178b1d1e 44658 (RsaKey*)rsa->internal, padding,
wolfSSL 16:8e0d178b1d1e 44659 hash, mgf, NULL, 0);
wolfSSL 16:8e0d178b1d1e 44660 #else
wolfSSL 16:8e0d178b1d1e 44661 ret = wc_RsaPrivateDecrypt(fr, len, to, outLen,
wolfSSL 16:8e0d178b1d1e 44662 (RsaKey*)rsa->internal);
wolfSSL 16:8e0d178b1d1e 44663 #endif
wolfSSL 16:8e0d178b1d1e 44664
wolfSSL 16:8e0d178b1d1e 44665 if (len <= 0) {
wolfSSL 16:8e0d178b1d1e 44666 WOLFSSL_MSG("Bad Rsa Decrypt");
wolfSSL 16:8e0d178b1d1e 44667 }
wolfSSL 16:8e0d178b1d1e 44668
wolfSSL 16:8e0d178b1d1e 44669 if (ret > 0)
wolfSSL 16:8e0d178b1d1e 44670 WOLFSSL_MSG("wolfSSL_RSA_private_decrypt success");
wolfSSL 16:8e0d178b1d1e 44671 else {
wolfSSL 16:8e0d178b1d1e 44672 WOLFSSL_MSG("wolfSSL_RSA_private_decrypt failed");
wolfSSL 16:8e0d178b1d1e 44673 ret = WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 44674 }
wolfSSL 16:8e0d178b1d1e 44675 return ret;
wolfSSL 16:8e0d178b1d1e 44676 }
wolfSSL 16:8e0d178b1d1e 44677
wolfSSL 16:8e0d178b1d1e 44678 #if !defined(_WIN32) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
wolfSSL 16:8e0d178b1d1e 44679 int wolfSSL_RSA_public_decrypt(int flen, const unsigned char* from,
wolfSSL 16:8e0d178b1d1e 44680 unsigned char* to, WOLFSSL_RSA* rsa, int padding)
wolfSSL 16:8e0d178b1d1e 44681 {
wolfSSL 16:8e0d178b1d1e 44682 int tlen = 0;
wolfSSL 16:8e0d178b1d1e 44683 int pad_type;
wolfSSL 16:8e0d178b1d1e 44684
wolfSSL 16:8e0d178b1d1e 44685 WOLFSSL_ENTER("wolfSSL_RSA_public_decrypt");
wolfSSL 16:8e0d178b1d1e 44686
wolfSSL 16:8e0d178b1d1e 44687 if (rsa == NULL || rsa->internal == NULL || from == NULL) {
wolfSSL 16:8e0d178b1d1e 44688 WOLFSSL_MSG("Bad function arguments");
wolfSSL 16:8e0d178b1d1e 44689 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 44690 }
wolfSSL 16:8e0d178b1d1e 44691
wolfSSL 16:8e0d178b1d1e 44692 switch (padding) {
wolfSSL 16:8e0d178b1d1e 44693 case RSA_PKCS1_PADDING:
wolfSSL 16:8e0d178b1d1e 44694 pad_type = WC_RSA_PKCSV15_PAD;
wolfSSL 16:8e0d178b1d1e 44695 break;
wolfSSL 16:8e0d178b1d1e 44696 case RSA_PKCS1_OAEP_PADDING:
wolfSSL 16:8e0d178b1d1e 44697 pad_type = WC_RSA_OAEP_PAD;
wolfSSL 16:8e0d178b1d1e 44698 break;
wolfSSL 16:8e0d178b1d1e 44699 case RSA_PKCS1_PSS_PADDING:
wolfSSL 16:8e0d178b1d1e 44700 pad_type = WC_RSA_PSS_PAD;
wolfSSL 16:8e0d178b1d1e 44701 break;
wolfSSL 16:8e0d178b1d1e 44702 case RSA_NO_PADDING:
wolfSSL 16:8e0d178b1d1e 44703 pad_type = WC_RSA_NO_PAD;
wolfSSL 16:8e0d178b1d1e 44704 break;
wolfSSL 16:8e0d178b1d1e 44705 default:
wolfSSL 16:8e0d178b1d1e 44706 WOLFSSL_MSG("wolfSSL_RSA_public_decrypt unsupported padding");
wolfSSL 16:8e0d178b1d1e 44707 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 44708 }
wolfSSL 16:8e0d178b1d1e 44709
wolfSSL 16:8e0d178b1d1e 44710 if (rsa->inSet == 0)
wolfSSL 16:8e0d178b1d1e 44711 {
wolfSSL 16:8e0d178b1d1e 44712 WOLFSSL_MSG("No RSA internal set, do it");
wolfSSL 16:8e0d178b1d1e 44713
wolfSSL 16:8e0d178b1d1e 44714 if (SetRsaInternal(rsa) != WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 44715 WOLFSSL_MSG("SetRsaInternal failed");
wolfSSL 16:8e0d178b1d1e 44716 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 44717 }
wolfSSL 16:8e0d178b1d1e 44718 }
wolfSSL 16:8e0d178b1d1e 44719
wolfSSL 16:8e0d178b1d1e 44720 /* size of 'to' buffer must be size of RSA key */
wolfSSL 16:8e0d178b1d1e 44721 tlen = wc_RsaSSL_Verify_ex(from, flen, to, wolfSSL_RSA_size(rsa),
wolfSSL 16:8e0d178b1d1e 44722 (RsaKey*)rsa->internal, pad_type);
wolfSSL 16:8e0d178b1d1e 44723 if (tlen <= 0)
wolfSSL 16:8e0d178b1d1e 44724 WOLFSSL_MSG("wolfSSL_RSA_public_decrypt failed");
wolfSSL 16:8e0d178b1d1e 44725 else {
wolfSSL 16:8e0d178b1d1e 44726 WOLFSSL_MSG("wolfSSL_RSA_public_decrypt success");
wolfSSL 16:8e0d178b1d1e 44727 }
wolfSSL 16:8e0d178b1d1e 44728 return tlen;
wolfSSL 16:8e0d178b1d1e 44729 }
wolfSSL 16:8e0d178b1d1e 44730 #endif /* !defined(_WIN32) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) */
wolfSSL 16:8e0d178b1d1e 44731
wolfSSL 16:8e0d178b1d1e 44732 /* RSA private encrypt calls wc_RsaSSL_Sign. Similar function set up as RSA
wolfSSL 16:8e0d178b1d1e 44733 * public decrypt.
wolfSSL 16:8e0d178b1d1e 44734 *
wolfSSL 16:8e0d178b1d1e 44735 * len Length of input buffer
wolfSSL 16:8e0d178b1d1e 44736 * in Input buffer to sign
wolfSSL 16:8e0d178b1d1e 44737 * out Output buffer (expected to be greater than or equal to RSA key size)
wolfSSL 16:8e0d178b1d1e 44738 * rsa Key to use for encryption
wolfSSL 16:8e0d178b1d1e 44739 * padding Type of RSA padding to use.
wolfSSL 16:8e0d178b1d1e 44740 */
wolfSSL 16:8e0d178b1d1e 44741 int wolfSSL_RSA_private_encrypt(int len, unsigned char* in,
wolfSSL 16:8e0d178b1d1e 44742 unsigned char* out, WOLFSSL_RSA* rsa, int padding)
wolfSSL 16:8e0d178b1d1e 44743 {
wolfSSL 16:8e0d178b1d1e 44744 int sz = 0;
wolfSSL 16:8e0d178b1d1e 44745 WC_RNG* rng = NULL;
wolfSSL 16:8e0d178b1d1e 44746 #if !defined(WC_RSA_BLINDING) || defined(HAVE_USER_RSA)
wolfSSL 16:8e0d178b1d1e 44747 WC_RNG rng_lcl;
wolfSSL 16:8e0d178b1d1e 44748 #endif
wolfSSL 16:8e0d178b1d1e 44749 RsaKey* key;
wolfSSL 16:8e0d178b1d1e 44750
wolfSSL 16:8e0d178b1d1e 44751 WOLFSSL_MSG("wolfSSL_RSA_private_encrypt");
wolfSSL 16:8e0d178b1d1e 44752
wolfSSL 16:8e0d178b1d1e 44753 if (len < 0 || rsa == NULL || rsa->internal == NULL || in == NULL) {
wolfSSL 16:8e0d178b1d1e 44754 WOLFSSL_MSG("Bad function arguments");
wolfSSL 16:8e0d178b1d1e 44755 return 0;
wolfSSL 16:8e0d178b1d1e 44756 }
wolfSSL 16:8e0d178b1d1e 44757
wolfSSL 16:8e0d178b1d1e 44758 if (padding != RSA_PKCS1_PADDING && padding != RSA_PKCS1_PSS_PADDING) {
wolfSSL 16:8e0d178b1d1e 44759 WOLFSSL_MSG("wolfSSL_RSA_private_encrypt unsupported padding");
wolfSSL 16:8e0d178b1d1e 44760 return 0;
wolfSSL 16:8e0d178b1d1e 44761 }
wolfSSL 16:8e0d178b1d1e 44762
wolfSSL 16:8e0d178b1d1e 44763 if (rsa->inSet == 0)
wolfSSL 16:8e0d178b1d1e 44764 {
wolfSSL 16:8e0d178b1d1e 44765 WOLFSSL_MSG("Setting internal RSA structure");
wolfSSL 16:8e0d178b1d1e 44766
wolfSSL 16:8e0d178b1d1e 44767 if (SetRsaInternal(rsa) != SSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 44768 WOLFSSL_MSG("SetRsaInternal failed");
wolfSSL 16:8e0d178b1d1e 44769 return 0;
wolfSSL 16:8e0d178b1d1e 44770 }
wolfSSL 16:8e0d178b1d1e 44771 }
wolfSSL 16:8e0d178b1d1e 44772
wolfSSL 16:8e0d178b1d1e 44773 key = (RsaKey*)rsa->internal;
wolfSSL 16:8e0d178b1d1e 44774 #if defined(WC_RSA_BLINDING) && !defined(HAVE_USER_RSA)
wolfSSL 16:8e0d178b1d1e 44775 rng = key->rng;
wolfSSL 16:8e0d178b1d1e 44776 #else
wolfSSL 16:8e0d178b1d1e 44777 rng = &rng_lcl;
wolfSSL 16:8e0d178b1d1e 44778 #ifndef HAVE_FIPS
wolfSSL 16:8e0d178b1d1e 44779 if (wc_InitRng_ex(rng, key->heap, INVALID_DEVID) != 0)
wolfSSL 16:8e0d178b1d1e 44780 #else
wolfSSL 16:8e0d178b1d1e 44781 if (wc_InitRng(rng) != 0)
wolfSSL 16:8e0d178b1d1e 44782 #endif
wolfSSL 16:8e0d178b1d1e 44783 {
wolfSSL 16:8e0d178b1d1e 44784 WOLFSSL_MSG("Error with random number");
wolfSSL 16:8e0d178b1d1e 44785 return SSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 44786 }
wolfSSL 16:8e0d178b1d1e 44787 #endif
wolfSSL 16:8e0d178b1d1e 44788
wolfSSL 16:8e0d178b1d1e 44789 /* size of output buffer must be size of RSA key */
wolfSSL 16:8e0d178b1d1e 44790 sz = wc_RsaSSL_Sign(in, (word32)len, out, wolfSSL_RSA_size(rsa), key, rng);
wolfSSL 16:8e0d178b1d1e 44791 #if !defined(WC_RSA_BLINDING) || defined(HAVE_USER_RSA)
wolfSSL 16:8e0d178b1d1e 44792 if (wc_FreeRng(rng) != 0) {
wolfSSL 16:8e0d178b1d1e 44793 WOLFSSL_MSG("Error freeing random number generator");
wolfSSL 16:8e0d178b1d1e 44794 return SSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 44795 }
wolfSSL 16:8e0d178b1d1e 44796 #endif
wolfSSL 16:8e0d178b1d1e 44797 if (sz <= 0) {
wolfSSL 16:8e0d178b1d1e 44798 WOLFSSL_LEAVE("wolfSSL_RSA_private_encrypt", sz);
wolfSSL 16:8e0d178b1d1e 44799 return 0;
wolfSSL 16:8e0d178b1d1e 44800 }
wolfSSL 16:8e0d178b1d1e 44801
wolfSSL 16:8e0d178b1d1e 44802 return sz;
wolfSSL 16:8e0d178b1d1e 44803 }
wolfSSL 16:8e0d178b1d1e 44804 #endif /* HAVE_USER_RSA */
wolfSSL 16:8e0d178b1d1e 44805 #endif
wolfSSL 16:8e0d178b1d1e 44806
wolfSSL 16:8e0d178b1d1e 44807
wolfSSL 16:8e0d178b1d1e 44808 /* frees all nodes in the current threads error queue
wolfSSL 16:8e0d178b1d1e 44809 *
wolfSSL 16:8e0d178b1d1e 44810 * id thread id. ERR_remove_state is depreciated and id is ignored. The
wolfSSL 16:8e0d178b1d1e 44811 * current threads queue will be free'd.
wolfSSL 16:8e0d178b1d1e 44812 */
wolfSSL 16:8e0d178b1d1e 44813 void wolfSSL_ERR_remove_state(unsigned long id)
wolfSSL 16:8e0d178b1d1e 44814 {
wolfSSL 16:8e0d178b1d1e 44815 WOLFSSL_ENTER("wolfSSL_ERR_remove_state");
wolfSSL 16:8e0d178b1d1e 44816 (void)id;
wolfSSL 16:8e0d178b1d1e 44817 if (wc_ERR_remove_state() != 0) {
wolfSSL 16:8e0d178b1d1e 44818 WOLFSSL_MSG("Error with removing the state");
wolfSSL 16:8e0d178b1d1e 44819 }
wolfSSL 16:8e0d178b1d1e 44820 }
wolfSSL 16:8e0d178b1d1e 44821
wolfSSL 16:8e0d178b1d1e 44822
wolfSSL 16:8e0d178b1d1e 44823 WOLFSSL_BN_CTX* wolfSSL_BN_CTX_new(void)
wolfSSL 16:8e0d178b1d1e 44824 {
wolfSSL 16:8e0d178b1d1e 44825 static int ctx; /* wolfcrypt doesn't now need ctx */
wolfSSL 16:8e0d178b1d1e 44826
wolfSSL 16:8e0d178b1d1e 44827 WOLFSSL_MSG("wolfSSL_BN_CTX_new");
wolfSSL 16:8e0d178b1d1e 44828 return (WOLFSSL_BN_CTX*)&ctx;
wolfSSL 16:8e0d178b1d1e 44829
wolfSSL 16:8e0d178b1d1e 44830 }
wolfSSL 16:8e0d178b1d1e 44831
wolfSSL 16:8e0d178b1d1e 44832 void wolfSSL_BN_CTX_init(WOLFSSL_BN_CTX* ctx)
wolfSSL 16:8e0d178b1d1e 44833 {
wolfSSL 16:8e0d178b1d1e 44834 (void)ctx;
wolfSSL 16:8e0d178b1d1e 44835 WOLFSSL_MSG("wolfSSL_BN_CTX_init");
wolfSSL 16:8e0d178b1d1e 44836 }
wolfSSL 16:8e0d178b1d1e 44837
wolfSSL 16:8e0d178b1d1e 44838
wolfSSL 16:8e0d178b1d1e 44839 void wolfSSL_BN_CTX_free(WOLFSSL_BN_CTX* ctx)
wolfSSL 16:8e0d178b1d1e 44840 {
wolfSSL 16:8e0d178b1d1e 44841 (void)ctx;
wolfSSL 16:8e0d178b1d1e 44842 WOLFSSL_MSG("wolfSSL_BN_CTX_free");
wolfSSL 16:8e0d178b1d1e 44843 /* do free since static ctx that does nothing */
wolfSSL 16:8e0d178b1d1e 44844 }
wolfSSL 16:8e0d178b1d1e 44845
wolfSSL 16:8e0d178b1d1e 44846 /* WOLFSSL_SUCCESS on ok */
wolfSSL 16:8e0d178b1d1e 44847 int wolfSSL_BN_sub(WOLFSSL_BIGNUM* r, const WOLFSSL_BIGNUM* a,
wolfSSL 16:8e0d178b1d1e 44848 const WOLFSSL_BIGNUM* b)
wolfSSL 16:8e0d178b1d1e 44849 {
wolfSSL 16:8e0d178b1d1e 44850 WOLFSSL_MSG("wolfSSL_BN_sub");
wolfSSL 16:8e0d178b1d1e 44851
wolfSSL 16:8e0d178b1d1e 44852 if (r == NULL || a == NULL || b == NULL)
wolfSSL 16:8e0d178b1d1e 44853 return 0;
wolfSSL 16:8e0d178b1d1e 44854
wolfSSL 16:8e0d178b1d1e 44855 if (mp_sub((mp_int*)a->internal,(mp_int*)b->internal,
wolfSSL 16:8e0d178b1d1e 44856 (mp_int*)r->internal) == MP_OKAY)
wolfSSL 16:8e0d178b1d1e 44857 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 44858
wolfSSL 16:8e0d178b1d1e 44859 WOLFSSL_MSG("wolfSSL_BN_sub mp_sub failed");
wolfSSL 16:8e0d178b1d1e 44860 return 0;
wolfSSL 16:8e0d178b1d1e 44861 }
wolfSSL 16:8e0d178b1d1e 44862
wolfSSL 16:8e0d178b1d1e 44863 /* WOLFSSL_SUCCESS on ok */
wolfSSL 16:8e0d178b1d1e 44864 int wolfSSL_BN_mod(WOLFSSL_BIGNUM* r, const WOLFSSL_BIGNUM* a,
wolfSSL 16:8e0d178b1d1e 44865 const WOLFSSL_BIGNUM* b, const WOLFSSL_BN_CTX* c)
wolfSSL 16:8e0d178b1d1e 44866 {
wolfSSL 16:8e0d178b1d1e 44867 (void)c;
wolfSSL 16:8e0d178b1d1e 44868 WOLFSSL_MSG("wolfSSL_BN_mod");
wolfSSL 16:8e0d178b1d1e 44869
wolfSSL 16:8e0d178b1d1e 44870 if (r == NULL || a == NULL || b == NULL)
wolfSSL 16:8e0d178b1d1e 44871 return 0;
wolfSSL 16:8e0d178b1d1e 44872
wolfSSL 16:8e0d178b1d1e 44873 if (mp_mod((mp_int*)a->internal,(mp_int*)b->internal,
wolfSSL 16:8e0d178b1d1e 44874 (mp_int*)r->internal) == MP_OKAY)
wolfSSL 16:8e0d178b1d1e 44875 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 44876
wolfSSL 16:8e0d178b1d1e 44877 WOLFSSL_MSG("wolfSSL_BN_mod mp_mod failed");
wolfSSL 16:8e0d178b1d1e 44878 return 0;
wolfSSL 16:8e0d178b1d1e 44879 }
wolfSSL 16:8e0d178b1d1e 44880
wolfSSL 16:8e0d178b1d1e 44881
wolfSSL 16:8e0d178b1d1e 44882 /* r = (a^p) % m */
wolfSSL 16:8e0d178b1d1e 44883 int wolfSSL_BN_mod_exp(WOLFSSL_BIGNUM *r, const WOLFSSL_BIGNUM *a,
wolfSSL 16:8e0d178b1d1e 44884 const WOLFSSL_BIGNUM *p, const WOLFSSL_BIGNUM *m, WOLFSSL_BN_CTX *ctx)
wolfSSL 16:8e0d178b1d1e 44885 {
wolfSSL 16:8e0d178b1d1e 44886 int ret;
wolfSSL 16:8e0d178b1d1e 44887
wolfSSL 16:8e0d178b1d1e 44888 WOLFSSL_ENTER("wolfSSL_BN_mod_exp");
wolfSSL 16:8e0d178b1d1e 44889
wolfSSL 16:8e0d178b1d1e 44890 (void) ctx;
wolfSSL 16:8e0d178b1d1e 44891 if (r == NULL || a == NULL || p == NULL || m == NULL) {
wolfSSL 16:8e0d178b1d1e 44892 WOLFSSL_MSG("Bad Argument");
wolfSSL 16:8e0d178b1d1e 44893 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 44894 }
wolfSSL 16:8e0d178b1d1e 44895
wolfSSL 16:8e0d178b1d1e 44896 if ((ret = mp_exptmod((mp_int*)a->internal,(mp_int*)p->internal,
wolfSSL 16:8e0d178b1d1e 44897 (mp_int*)m->internal, (mp_int*)r->internal)) == MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 44898 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 44899 }
wolfSSL 16:8e0d178b1d1e 44900
wolfSSL 16:8e0d178b1d1e 44901 WOLFSSL_LEAVE("wolfSSL_BN_mod_exp", ret);
wolfSSL 16:8e0d178b1d1e 44902 (void)ret;
wolfSSL 16:8e0d178b1d1e 44903
wolfSSL 16:8e0d178b1d1e 44904 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 44905 }
wolfSSL 16:8e0d178b1d1e 44906
wolfSSL 16:8e0d178b1d1e 44907 /* r = (a * p) % m */
wolfSSL 16:8e0d178b1d1e 44908 int wolfSSL_BN_mod_mul(WOLFSSL_BIGNUM *r, const WOLFSSL_BIGNUM *a,
wolfSSL 16:8e0d178b1d1e 44909 const WOLFSSL_BIGNUM *p, const WOLFSSL_BIGNUM *m, WOLFSSL_BN_CTX *ctx)
wolfSSL 16:8e0d178b1d1e 44910 {
wolfSSL 16:8e0d178b1d1e 44911 int ret;
wolfSSL 16:8e0d178b1d1e 44912
wolfSSL 16:8e0d178b1d1e 44913 WOLFSSL_ENTER("wolfSSL_BN_mod_mul");
wolfSSL 16:8e0d178b1d1e 44914
wolfSSL 16:8e0d178b1d1e 44915 (void) ctx;
wolfSSL 16:8e0d178b1d1e 44916 if (r == NULL || a == NULL || p == NULL || m == NULL) {
wolfSSL 16:8e0d178b1d1e 44917 WOLFSSL_MSG("Bad Argument");
wolfSSL 16:8e0d178b1d1e 44918 return SSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 44919 }
wolfSSL 16:8e0d178b1d1e 44920
wolfSSL 16:8e0d178b1d1e 44921 if ((ret = mp_mulmod((mp_int*)a->internal,(mp_int*)p->internal,
wolfSSL 16:8e0d178b1d1e 44922 (mp_int*)m->internal, (mp_int*)r->internal)) == MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 44923 return SSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 44924 }
wolfSSL 16:8e0d178b1d1e 44925
wolfSSL 16:8e0d178b1d1e 44926 WOLFSSL_LEAVE("wolfSSL_BN_mod_mul", ret);
wolfSSL 16:8e0d178b1d1e 44927 (void)ret;
wolfSSL 16:8e0d178b1d1e 44928
wolfSSL 16:8e0d178b1d1e 44929 return SSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 44930 }
wolfSSL 16:8e0d178b1d1e 44931
wolfSSL 16:8e0d178b1d1e 44932 #ifdef OPENSSL_EXTRA
wolfSSL 16:8e0d178b1d1e 44933 const WOLFSSL_BIGNUM* wolfSSL_BN_value_one(void)
wolfSSL 16:8e0d178b1d1e 44934 {
wolfSSL 16:8e0d178b1d1e 44935 WOLFSSL_MSG("wolfSSL_BN_value_one");
wolfSSL 16:8e0d178b1d1e 44936
wolfSSL 16:8e0d178b1d1e 44937 if (bn_one == NULL) {
wolfSSL 16:8e0d178b1d1e 44938 bn_one = wolfSSL_BN_new();
wolfSSL 16:8e0d178b1d1e 44939 if (bn_one) {
wolfSSL 16:8e0d178b1d1e 44940 if (mp_set_int((mp_int*)bn_one->internal, 1) != MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 44941 /* handle error by freeing BN and returning NULL */
wolfSSL 16:8e0d178b1d1e 44942 wolfSSL_BN_free(bn_one);
wolfSSL 16:8e0d178b1d1e 44943 bn_one = NULL;
wolfSSL 16:8e0d178b1d1e 44944 }
wolfSSL 16:8e0d178b1d1e 44945 }
wolfSSL 16:8e0d178b1d1e 44946 }
wolfSSL 16:8e0d178b1d1e 44947
wolfSSL 16:8e0d178b1d1e 44948 return bn_one;
wolfSSL 16:8e0d178b1d1e 44949 }
wolfSSL 16:8e0d178b1d1e 44950 #endif
wolfSSL 16:8e0d178b1d1e 44951
wolfSSL 16:8e0d178b1d1e 44952 /* return compliant with OpenSSL
wolfSSL 16:8e0d178b1d1e 44953 * size of BIGNUM in bytes, 0 if error */
wolfSSL 16:8e0d178b1d1e 44954 int wolfSSL_BN_num_bytes(const WOLFSSL_BIGNUM* bn)
wolfSSL 16:8e0d178b1d1e 44955 {
wolfSSL 16:8e0d178b1d1e 44956 WOLFSSL_ENTER("wolfSSL_BN_num_bytes");
wolfSSL 16:8e0d178b1d1e 44957
wolfSSL 16:8e0d178b1d1e 44958 if (bn == NULL || bn->internal == NULL)
wolfSSL 16:8e0d178b1d1e 44959 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 44960
wolfSSL 16:8e0d178b1d1e 44961 return mp_unsigned_bin_size((mp_int*)bn->internal);
wolfSSL 16:8e0d178b1d1e 44962 }
wolfSSL 16:8e0d178b1d1e 44963
wolfSSL 16:8e0d178b1d1e 44964 /* return compliant with OpenSSL
wolfSSL 16:8e0d178b1d1e 44965 * size of BIGNUM in bits, 0 if error */
wolfSSL 16:8e0d178b1d1e 44966 int wolfSSL_BN_num_bits(const WOLFSSL_BIGNUM* bn)
wolfSSL 16:8e0d178b1d1e 44967 {
wolfSSL 16:8e0d178b1d1e 44968 WOLFSSL_ENTER("wolfSSL_BN_num_bits");
wolfSSL 16:8e0d178b1d1e 44969
wolfSSL 16:8e0d178b1d1e 44970 if (bn == NULL || bn->internal == NULL)
wolfSSL 16:8e0d178b1d1e 44971 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 44972
wolfSSL 16:8e0d178b1d1e 44973 return mp_count_bits((mp_int*)bn->internal);
wolfSSL 16:8e0d178b1d1e 44974 }
wolfSSL 16:8e0d178b1d1e 44975
wolfSSL 16:8e0d178b1d1e 44976 int wolfSSL_BN_is_negative(const WOLFSSL_BIGNUM* bn)
wolfSSL 16:8e0d178b1d1e 44977 {
wolfSSL 16:8e0d178b1d1e 44978 if (bn == NULL)
wolfSSL 16:8e0d178b1d1e 44979 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 44980
wolfSSL 16:8e0d178b1d1e 44981 return mp_isneg((mp_int*)bn->internal);
wolfSSL 16:8e0d178b1d1e 44982 }
wolfSSL 16:8e0d178b1d1e 44983
wolfSSL 16:8e0d178b1d1e 44984 /* return compliant with OpenSSL
wolfSSL 16:8e0d178b1d1e 44985 * 1 if BIGNUM is zero, 0 else */
wolfSSL 16:8e0d178b1d1e 44986 int wolfSSL_BN_is_zero(const WOLFSSL_BIGNUM* bn)
wolfSSL 16:8e0d178b1d1e 44987 {
wolfSSL 16:8e0d178b1d1e 44988 WOLFSSL_MSG("wolfSSL_BN_is_zero");
wolfSSL 16:8e0d178b1d1e 44989
wolfSSL 16:8e0d178b1d1e 44990 if (bn == NULL || bn->internal == NULL)
wolfSSL 16:8e0d178b1d1e 44991 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 44992
wolfSSL 16:8e0d178b1d1e 44993 if (mp_iszero((mp_int*)bn->internal) == MP_YES)
wolfSSL 16:8e0d178b1d1e 44994 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 44995
wolfSSL 16:8e0d178b1d1e 44996 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 44997 }
wolfSSL 16:8e0d178b1d1e 44998
wolfSSL 16:8e0d178b1d1e 44999 /* return compliant with OpenSSL
wolfSSL 16:8e0d178b1d1e 45000 * 1 if BIGNUM is one, 0 else */
wolfSSL 16:8e0d178b1d1e 45001 int wolfSSL_BN_is_one(const WOLFSSL_BIGNUM* bn)
wolfSSL 16:8e0d178b1d1e 45002 {
wolfSSL 16:8e0d178b1d1e 45003 WOLFSSL_MSG("wolfSSL_BN_is_one");
wolfSSL 16:8e0d178b1d1e 45004
wolfSSL 16:8e0d178b1d1e 45005 if (bn == NULL || bn->internal == NULL)
wolfSSL 16:8e0d178b1d1e 45006 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 45007
wolfSSL 16:8e0d178b1d1e 45008 if (mp_cmp_d((mp_int*)bn->internal, 1) == MP_EQ)
wolfSSL 16:8e0d178b1d1e 45009 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 45010
wolfSSL 16:8e0d178b1d1e 45011 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 45012 }
wolfSSL 16:8e0d178b1d1e 45013
wolfSSL 16:8e0d178b1d1e 45014 /* return compliant with OpenSSL
wolfSSL 16:8e0d178b1d1e 45015 * 1 if BIGNUM is odd, 0 else */
wolfSSL 16:8e0d178b1d1e 45016 int wolfSSL_BN_is_odd(const WOLFSSL_BIGNUM* bn)
wolfSSL 16:8e0d178b1d1e 45017 {
wolfSSL 16:8e0d178b1d1e 45018 WOLFSSL_MSG("wolfSSL_BN_is_odd");
wolfSSL 16:8e0d178b1d1e 45019
wolfSSL 16:8e0d178b1d1e 45020 if (bn == NULL || bn->internal == NULL)
wolfSSL 16:8e0d178b1d1e 45021 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 45022
wolfSSL 16:8e0d178b1d1e 45023 if (mp_isodd((mp_int*)bn->internal) == MP_YES)
wolfSSL 16:8e0d178b1d1e 45024 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 45025
wolfSSL 16:8e0d178b1d1e 45026 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 45027 }
wolfSSL 16:8e0d178b1d1e 45028
wolfSSL 16:8e0d178b1d1e 45029 /* return compliant with OpenSSL
wolfSSL 16:8e0d178b1d1e 45030 * 1 if BIGNUM is word, 0 else */
wolfSSL 16:8e0d178b1d1e 45031 int wolfSSL_BN_is_word(const WOLFSSL_BIGNUM* bn, WOLFSSL_BN_ULONG w)
wolfSSL 16:8e0d178b1d1e 45032 {
wolfSSL 16:8e0d178b1d1e 45033 WOLFSSL_ENTER("wolfSSL_BN_is_word");
wolfSSL 16:8e0d178b1d1e 45034
wolfSSL 16:8e0d178b1d1e 45035 if (bn == NULL || bn->internal == NULL) {
wolfSSL 16:8e0d178b1d1e 45036 WOLFSSL_MSG("bn NULL error");
wolfSSL 16:8e0d178b1d1e 45037 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 45038 }
wolfSSL 16:8e0d178b1d1e 45039
wolfSSL 16:8e0d178b1d1e 45040 if (mp_isword((mp_int*)bn->internal, w) == MP_YES) {
wolfSSL 16:8e0d178b1d1e 45041 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 45042 }
wolfSSL 16:8e0d178b1d1e 45043
wolfSSL 16:8e0d178b1d1e 45044 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 45045 }
wolfSSL 16:8e0d178b1d1e 45046
wolfSSL 16:8e0d178b1d1e 45047 /* return compliant with OpenSSL
wolfSSL 16:8e0d178b1d1e 45048 * -1 if a < b, 0 if a == b and 1 if a > b
wolfSSL 16:8e0d178b1d1e 45049 */
wolfSSL 16:8e0d178b1d1e 45050 int wolfSSL_BN_cmp(const WOLFSSL_BIGNUM* a, const WOLFSSL_BIGNUM* b)
wolfSSL 16:8e0d178b1d1e 45051 {
wolfSSL 16:8e0d178b1d1e 45052 int ret;
wolfSSL 16:8e0d178b1d1e 45053
wolfSSL 16:8e0d178b1d1e 45054 WOLFSSL_MSG("wolfSSL_BN_cmp");
wolfSSL 16:8e0d178b1d1e 45055
wolfSSL 16:8e0d178b1d1e 45056 if (a == NULL || a->internal == NULL || b == NULL || b->internal == NULL)
wolfSSL 16:8e0d178b1d1e 45057 return WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 45058
wolfSSL 16:8e0d178b1d1e 45059 ret = mp_cmp((mp_int*)a->internal, (mp_int*)b->internal);
wolfSSL 16:8e0d178b1d1e 45060
wolfSSL 16:8e0d178b1d1e 45061 return (ret == MP_EQ ? 0 : (ret == MP_GT ? 1 : -1));
wolfSSL 16:8e0d178b1d1e 45062 }
wolfSSL 16:8e0d178b1d1e 45063
wolfSSL 16:8e0d178b1d1e 45064 /* return compliant with OpenSSL
wolfSSL 16:8e0d178b1d1e 45065 * length of BIGNUM in bytes, -1 if error */
wolfSSL 16:8e0d178b1d1e 45066 int wolfSSL_BN_bn2bin(const WOLFSSL_BIGNUM* bn, unsigned char* r)
wolfSSL 16:8e0d178b1d1e 45067 {
wolfSSL 16:8e0d178b1d1e 45068 WOLFSSL_MSG("wolfSSL_BN_bn2bin");
wolfSSL 16:8e0d178b1d1e 45069
wolfSSL 16:8e0d178b1d1e 45070 if (bn == NULL || bn->internal == NULL) {
wolfSSL 16:8e0d178b1d1e 45071 WOLFSSL_MSG("NULL bn error");
wolfSSL 16:8e0d178b1d1e 45072 return WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 45073 }
wolfSSL 16:8e0d178b1d1e 45074
wolfSSL 16:8e0d178b1d1e 45075 if (r == NULL)
wolfSSL 16:8e0d178b1d1e 45076 return mp_unsigned_bin_size((mp_int*)bn->internal);
wolfSSL 16:8e0d178b1d1e 45077
wolfSSL 16:8e0d178b1d1e 45078 if (mp_to_unsigned_bin((mp_int*)bn->internal, r) != MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 45079 WOLFSSL_MSG("mp_to_unsigned_bin error");
wolfSSL 16:8e0d178b1d1e 45080 return WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 45081 }
wolfSSL 16:8e0d178b1d1e 45082
wolfSSL 16:8e0d178b1d1e 45083 return mp_unsigned_bin_size((mp_int*)bn->internal);
wolfSSL 16:8e0d178b1d1e 45084 }
wolfSSL 16:8e0d178b1d1e 45085
wolfSSL 16:8e0d178b1d1e 45086
wolfSSL 16:8e0d178b1d1e 45087 WOLFSSL_BIGNUM* wolfSSL_BN_bin2bn(const unsigned char* str, int len,
wolfSSL 16:8e0d178b1d1e 45088 WOLFSSL_BIGNUM* ret)
wolfSSL 16:8e0d178b1d1e 45089 {
wolfSSL 16:8e0d178b1d1e 45090 int weOwn = 0;
wolfSSL 16:8e0d178b1d1e 45091
wolfSSL 16:8e0d178b1d1e 45092 WOLFSSL_MSG("wolfSSL_BN_bin2bn");
wolfSSL 16:8e0d178b1d1e 45093
wolfSSL 16:8e0d178b1d1e 45094 /* if ret is null create a BN */
wolfSSL 16:8e0d178b1d1e 45095 if (ret == NULL) {
wolfSSL 16:8e0d178b1d1e 45096 ret = wolfSSL_BN_new();
wolfSSL 16:8e0d178b1d1e 45097 weOwn = 1;
wolfSSL 16:8e0d178b1d1e 45098 if (ret == NULL)
wolfSSL 16:8e0d178b1d1e 45099 return NULL;
wolfSSL 16:8e0d178b1d1e 45100 }
wolfSSL 16:8e0d178b1d1e 45101
wolfSSL 16:8e0d178b1d1e 45102 /* check ret and ret->internal then read in value */
wolfSSL 16:8e0d178b1d1e 45103 if (ret && ret->internal) {
wolfSSL 16:8e0d178b1d1e 45104 if (mp_read_unsigned_bin((mp_int*)ret->internal, str, len) != 0) {
wolfSSL 16:8e0d178b1d1e 45105 WOLFSSL_MSG("mp_read_unsigned_bin failure");
wolfSSL 16:8e0d178b1d1e 45106 if (weOwn)
wolfSSL 16:8e0d178b1d1e 45107 wolfSSL_BN_free(ret);
wolfSSL 16:8e0d178b1d1e 45108 return NULL;
wolfSSL 16:8e0d178b1d1e 45109 }
wolfSSL 16:8e0d178b1d1e 45110 } else {
wolfSSL 16:8e0d178b1d1e 45111 return NULL;
wolfSSL 16:8e0d178b1d1e 45112 }
wolfSSL 16:8e0d178b1d1e 45113
wolfSSL 16:8e0d178b1d1e 45114 return ret;
wolfSSL 16:8e0d178b1d1e 45115 }
wolfSSL 16:8e0d178b1d1e 45116
wolfSSL 16:8e0d178b1d1e 45117 /* return compliant with OpenSSL
wolfSSL 16:8e0d178b1d1e 45118 * 1 if success, 0 if error */
wolfSSL 16:8e0d178b1d1e 45119 #ifndef NO_WOLFSSL_STUB
wolfSSL 16:8e0d178b1d1e 45120 int wolfSSL_mask_bits(WOLFSSL_BIGNUM* bn, int n)
wolfSSL 16:8e0d178b1d1e 45121 {
wolfSSL 16:8e0d178b1d1e 45122 (void)bn;
wolfSSL 16:8e0d178b1d1e 45123 (void)n;
wolfSSL 16:8e0d178b1d1e 45124 WOLFSSL_ENTER("wolfSSL_BN_mask_bits");
wolfSSL 16:8e0d178b1d1e 45125 WOLFSSL_STUB("BN_mask_bits");
wolfSSL 16:8e0d178b1d1e 45126 return SSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 45127 }
wolfSSL 16:8e0d178b1d1e 45128 #endif
wolfSSL 16:8e0d178b1d1e 45129
wolfSSL 16:8e0d178b1d1e 45130
wolfSSL 16:8e0d178b1d1e 45131 /* WOLFSSL_SUCCESS on ok */
wolfSSL 16:8e0d178b1d1e 45132 int wolfSSL_BN_rand(WOLFSSL_BIGNUM* bn, int bits, int top, int bottom)
wolfSSL 16:8e0d178b1d1e 45133 {
wolfSSL 16:8e0d178b1d1e 45134 int ret = 0;
wolfSSL 16:8e0d178b1d1e 45135 int len = bits / 8;
wolfSSL 16:8e0d178b1d1e 45136 int initTmpRng = 0;
wolfSSL 16:8e0d178b1d1e 45137 WC_RNG* rng = NULL;
wolfSSL 16:8e0d178b1d1e 45138 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 16:8e0d178b1d1e 45139 WC_RNG* tmpRNG = NULL;
wolfSSL 16:8e0d178b1d1e 45140 byte* buff = NULL;
wolfSSL 16:8e0d178b1d1e 45141 #else
wolfSSL 16:8e0d178b1d1e 45142 WC_RNG tmpRNG[1];
wolfSSL 16:8e0d178b1d1e 45143 byte buff[1024];
wolfSSL 16:8e0d178b1d1e 45144 #endif
wolfSSL 16:8e0d178b1d1e 45145
wolfSSL 16:8e0d178b1d1e 45146 (void)top;
wolfSSL 16:8e0d178b1d1e 45147 (void)bottom;
wolfSSL 16:8e0d178b1d1e 45148 WOLFSSL_MSG("wolfSSL_BN_rand");
wolfSSL 16:8e0d178b1d1e 45149
wolfSSL 16:8e0d178b1d1e 45150 if (bits % 8)
wolfSSL 16:8e0d178b1d1e 45151 len++;
wolfSSL 16:8e0d178b1d1e 45152
wolfSSL 16:8e0d178b1d1e 45153 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 16:8e0d178b1d1e 45154 buff = (byte*)XMALLOC(1024, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 45155 tmpRNG = (WC_RNG*) XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG);
wolfSSL 16:8e0d178b1d1e 45156 if (buff == NULL || tmpRNG == NULL) {
wolfSSL 16:8e0d178b1d1e 45157 XFREE(buff, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 45158 XFREE(tmpRNG, NULL, DYNAMIC_TYPE_RNG);
wolfSSL 16:8e0d178b1d1e 45159 return ret;
wolfSSL 16:8e0d178b1d1e 45160 }
wolfSSL 16:8e0d178b1d1e 45161 #endif
wolfSSL 16:8e0d178b1d1e 45162
wolfSSL 16:8e0d178b1d1e 45163 if (bn == NULL || bn->internal == NULL)
wolfSSL 16:8e0d178b1d1e 45164 WOLFSSL_MSG("Bad function arguments");
wolfSSL 16:8e0d178b1d1e 45165 else if (wc_InitRng(tmpRNG) == 0) {
wolfSSL 16:8e0d178b1d1e 45166 rng = tmpRNG;
wolfSSL 16:8e0d178b1d1e 45167 initTmpRng = 1;
wolfSSL 16:8e0d178b1d1e 45168 }
wolfSSL 16:8e0d178b1d1e 45169 else if (initGlobalRNG)
wolfSSL 16:8e0d178b1d1e 45170 rng = &globalRNG;
wolfSSL 16:8e0d178b1d1e 45171
wolfSSL 16:8e0d178b1d1e 45172 if (rng) {
wolfSSL 16:8e0d178b1d1e 45173 if (wc_RNG_GenerateBlock(rng, buff, len) != 0)
wolfSSL 16:8e0d178b1d1e 45174 WOLFSSL_MSG("Bad wc_RNG_GenerateBlock");
wolfSSL 16:8e0d178b1d1e 45175 else {
wolfSSL 16:8e0d178b1d1e 45176 buff[0] |= 0x80 | 0x40;
wolfSSL 16:8e0d178b1d1e 45177 buff[len-1] |= 0x01;
wolfSSL 16:8e0d178b1d1e 45178
wolfSSL 16:8e0d178b1d1e 45179 if (mp_read_unsigned_bin((mp_int*)bn->internal,buff,len) != MP_OKAY)
wolfSSL 16:8e0d178b1d1e 45180 WOLFSSL_MSG("mp read bin failed");
wolfSSL 16:8e0d178b1d1e 45181 else
wolfSSL 16:8e0d178b1d1e 45182 ret = WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 45183 }
wolfSSL 16:8e0d178b1d1e 45184 }
wolfSSL 16:8e0d178b1d1e 45185
wolfSSL 16:8e0d178b1d1e 45186 if (initTmpRng)
wolfSSL 16:8e0d178b1d1e 45187 wc_FreeRng(tmpRNG);
wolfSSL 16:8e0d178b1d1e 45188
wolfSSL 16:8e0d178b1d1e 45189 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 16:8e0d178b1d1e 45190 XFREE(buff, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 45191 XFREE(tmpRNG, NULL, DYNAMIC_TYPE_RNG);
wolfSSL 16:8e0d178b1d1e 45192 #endif
wolfSSL 16:8e0d178b1d1e 45193
wolfSSL 16:8e0d178b1d1e 45194 return ret;
wolfSSL 16:8e0d178b1d1e 45195 }
wolfSSL 16:8e0d178b1d1e 45196
wolfSSL 16:8e0d178b1d1e 45197
wolfSSL 16:8e0d178b1d1e 45198 /* WOLFSSL_SUCCESS on ok
wolfSSL 16:8e0d178b1d1e 45199 * code is same as wolfSSL_BN_rand except for how top and bottom is handled.
wolfSSL 16:8e0d178b1d1e 45200 * top -1 then leave most sig bit alone
wolfSSL 16:8e0d178b1d1e 45201 * top 0 then most sig is set to 1
wolfSSL 16:8e0d178b1d1e 45202 * top is 1 then first two most sig bits are 1
wolfSSL 16:8e0d178b1d1e 45203 *
wolfSSL 16:8e0d178b1d1e 45204 * bottom is hot then odd number */
wolfSSL 16:8e0d178b1d1e 45205 int wolfSSL_BN_pseudo_rand(WOLFSSL_BIGNUM* bn, int bits, int top, int bottom)
wolfSSL 16:8e0d178b1d1e 45206 {
wolfSSL 16:8e0d178b1d1e 45207 int ret = 0;
wolfSSL 16:8e0d178b1d1e 45208 int len = bits / 8;
wolfSSL 16:8e0d178b1d1e 45209 int initTmpRng = 0;
wolfSSL 16:8e0d178b1d1e 45210 WC_RNG* rng = NULL;
wolfSSL 16:8e0d178b1d1e 45211 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 16:8e0d178b1d1e 45212 WC_RNG* tmpRNG = NULL;
wolfSSL 16:8e0d178b1d1e 45213 byte* buff = NULL;
wolfSSL 16:8e0d178b1d1e 45214 #else
wolfSSL 16:8e0d178b1d1e 45215 WC_RNG tmpRNG[1];
wolfSSL 16:8e0d178b1d1e 45216 byte buff[1024];
wolfSSL 16:8e0d178b1d1e 45217 #endif
wolfSSL 16:8e0d178b1d1e 45218
wolfSSL 16:8e0d178b1d1e 45219 WOLFSSL_MSG("wolfSSL_BN_rand");
wolfSSL 16:8e0d178b1d1e 45220
wolfSSL 16:8e0d178b1d1e 45221 if (bits % 8)
wolfSSL 16:8e0d178b1d1e 45222 len++;
wolfSSL 16:8e0d178b1d1e 45223
wolfSSL 16:8e0d178b1d1e 45224 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 16:8e0d178b1d1e 45225 buff = (byte*)XMALLOC(1024, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 45226 tmpRNG = (WC_RNG*) XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 45227 if (buff == NULL || tmpRNG == NULL) {
wolfSSL 16:8e0d178b1d1e 45228 XFREE(buff, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 45229 XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 45230 return ret;
wolfSSL 16:8e0d178b1d1e 45231 }
wolfSSL 16:8e0d178b1d1e 45232 #endif
wolfSSL 16:8e0d178b1d1e 45233
wolfSSL 16:8e0d178b1d1e 45234 if (bn == NULL || bn->internal == NULL)
wolfSSL 16:8e0d178b1d1e 45235 WOLFSSL_MSG("Bad function arguments");
wolfSSL 16:8e0d178b1d1e 45236 else if (wc_InitRng(tmpRNG) == 0) {
wolfSSL 16:8e0d178b1d1e 45237 rng = tmpRNG;
wolfSSL 16:8e0d178b1d1e 45238 initTmpRng = 1;
wolfSSL 16:8e0d178b1d1e 45239 }
wolfSSL 16:8e0d178b1d1e 45240 else if (initGlobalRNG)
wolfSSL 16:8e0d178b1d1e 45241 rng = &globalRNG;
wolfSSL 16:8e0d178b1d1e 45242
wolfSSL 16:8e0d178b1d1e 45243 if (rng) {
wolfSSL 16:8e0d178b1d1e 45244 if (wc_RNG_GenerateBlock(rng, buff, len) != 0)
wolfSSL 16:8e0d178b1d1e 45245 WOLFSSL_MSG("Bad wc_RNG_GenerateBlock");
wolfSSL 16:8e0d178b1d1e 45246 else {
wolfSSL 16:8e0d178b1d1e 45247 switch (top) {
wolfSSL 16:8e0d178b1d1e 45248 case -1:
wolfSSL 16:8e0d178b1d1e 45249 break;
wolfSSL 16:8e0d178b1d1e 45250
wolfSSL 16:8e0d178b1d1e 45251 case 0:
wolfSSL 16:8e0d178b1d1e 45252 buff[0] |= 0x80;
wolfSSL 16:8e0d178b1d1e 45253 break;
wolfSSL 16:8e0d178b1d1e 45254
wolfSSL 16:8e0d178b1d1e 45255 case 1:
wolfSSL 16:8e0d178b1d1e 45256 buff[0] |= 0x80 | 0x40;
wolfSSL 16:8e0d178b1d1e 45257 break;
wolfSSL 16:8e0d178b1d1e 45258 }
wolfSSL 16:8e0d178b1d1e 45259
wolfSSL 16:8e0d178b1d1e 45260 if (bottom == 1) {
wolfSSL 16:8e0d178b1d1e 45261 buff[len-1] |= 0x01;
wolfSSL 16:8e0d178b1d1e 45262 }
wolfSSL 16:8e0d178b1d1e 45263
wolfSSL 16:8e0d178b1d1e 45264 if (mp_read_unsigned_bin((mp_int*)bn->internal,buff,len) != MP_OKAY)
wolfSSL 16:8e0d178b1d1e 45265 WOLFSSL_MSG("mp read bin failed");
wolfSSL 16:8e0d178b1d1e 45266 else
wolfSSL 16:8e0d178b1d1e 45267 ret = WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 45268 }
wolfSSL 16:8e0d178b1d1e 45269 }
wolfSSL 16:8e0d178b1d1e 45270
wolfSSL 16:8e0d178b1d1e 45271 if (initTmpRng)
wolfSSL 16:8e0d178b1d1e 45272 wc_FreeRng(tmpRNG);
wolfSSL 16:8e0d178b1d1e 45273
wolfSSL 16:8e0d178b1d1e 45274 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 16:8e0d178b1d1e 45275 XFREE(buff, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 45276 XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 45277 #endif
wolfSSL 16:8e0d178b1d1e 45278
wolfSSL 16:8e0d178b1d1e 45279 return ret;
wolfSSL 16:8e0d178b1d1e 45280 }
wolfSSL 16:8e0d178b1d1e 45281
wolfSSL 16:8e0d178b1d1e 45282 /* return code compliant with OpenSSL :
wolfSSL 16:8e0d178b1d1e 45283 * 1 if bit set, 0 else
wolfSSL 16:8e0d178b1d1e 45284 */
wolfSSL 16:8e0d178b1d1e 45285 int wolfSSL_BN_is_bit_set(const WOLFSSL_BIGNUM* bn, int n)
wolfSSL 16:8e0d178b1d1e 45286 {
wolfSSL 16:8e0d178b1d1e 45287 if (bn == NULL || bn->internal == NULL) {
wolfSSL 16:8e0d178b1d1e 45288 WOLFSSL_MSG("bn NULL error");
wolfSSL 16:8e0d178b1d1e 45289 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 45290 }
wolfSSL 16:8e0d178b1d1e 45291
wolfSSL 16:8e0d178b1d1e 45292 return mp_is_bit_set((mp_int*)bn->internal, (mp_digit)n);
wolfSSL 16:8e0d178b1d1e 45293 }
wolfSSL 16:8e0d178b1d1e 45294
wolfSSL 16:8e0d178b1d1e 45295 /* return code compliant with OpenSSL :
wolfSSL 16:8e0d178b1d1e 45296 * 1 if success, 0 else
wolfSSL 16:8e0d178b1d1e 45297 */
wolfSSL 16:8e0d178b1d1e 45298 int wolfSSL_BN_set_bit(WOLFSSL_BIGNUM* bn, int n)
wolfSSL 16:8e0d178b1d1e 45299 {
wolfSSL 16:8e0d178b1d1e 45300 if (bn == NULL || bn->internal == NULL) {
wolfSSL 16:8e0d178b1d1e 45301 WOLFSSL_MSG("bn NULL error");
wolfSSL 16:8e0d178b1d1e 45302 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 45303 }
wolfSSL 16:8e0d178b1d1e 45304
wolfSSL 16:8e0d178b1d1e 45305 if (mp_set_bit((mp_int*)bn->internal, n) != MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 45306 WOLFSSL_MSG("mp_set_bit error");
wolfSSL 16:8e0d178b1d1e 45307 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 45308 }
wolfSSL 16:8e0d178b1d1e 45309
wolfSSL 16:8e0d178b1d1e 45310 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 45311 }
wolfSSL 16:8e0d178b1d1e 45312
wolfSSL 16:8e0d178b1d1e 45313
wolfSSL 16:8e0d178b1d1e 45314 int wolfSSL_BN_clear_bit(WOLFSSL_BIGNUM* bn, int n)
wolfSSL 16:8e0d178b1d1e 45315 {
wolfSSL 16:8e0d178b1d1e 45316 int ret = WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 45317 #ifndef WOLFSSL_SMALL_STACK
wolfSSL 16:8e0d178b1d1e 45318 mp_int tmp[1];
wolfSSL 16:8e0d178b1d1e 45319 #else
wolfSSL 16:8e0d178b1d1e 45320 mp_int* tmp = NULL;
wolfSSL 16:8e0d178b1d1e 45321 #endif
wolfSSL 16:8e0d178b1d1e 45322
wolfSSL 16:8e0d178b1d1e 45323 if (bn == NULL || bn->internal == NULL) {
wolfSSL 16:8e0d178b1d1e 45324 WOLFSSL_MSG("bn NULL error");
wolfSSL 16:8e0d178b1d1e 45325 goto cleanup;
wolfSSL 16:8e0d178b1d1e 45326 }
wolfSSL 16:8e0d178b1d1e 45327 if (mp_is_bit_set((mp_int*)bn->internal, n)) {
wolfSSL 16:8e0d178b1d1e 45328 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 16:8e0d178b1d1e 45329 tmp = (mp_int*)XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_BIGINT);
wolfSSL 16:8e0d178b1d1e 45330 if (tmp == NULL) {
wolfSSL 16:8e0d178b1d1e 45331 goto cleanup;
wolfSSL 16:8e0d178b1d1e 45332 }
wolfSSL 16:8e0d178b1d1e 45333 #endif
wolfSSL 16:8e0d178b1d1e 45334 if (mp_init(tmp) != MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 45335 goto cleanup;
wolfSSL 16:8e0d178b1d1e 45336 }
wolfSSL 16:8e0d178b1d1e 45337 if (mp_set_bit(tmp, n) != MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 45338 goto cleanup;
wolfSSL 16:8e0d178b1d1e 45339 }
wolfSSL 16:8e0d178b1d1e 45340 if (mp_sub((mp_int*)bn->internal, tmp, (mp_int*)bn->internal) != MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 45341 goto cleanup;
wolfSSL 16:8e0d178b1d1e 45342 }
wolfSSL 16:8e0d178b1d1e 45343 }
wolfSSL 16:8e0d178b1d1e 45344
wolfSSL 16:8e0d178b1d1e 45345 ret = WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 45346 cleanup:
wolfSSL 16:8e0d178b1d1e 45347 mp_clear(tmp);
wolfSSL 16:8e0d178b1d1e 45348 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 16:8e0d178b1d1e 45349 if (tmp)
wolfSSL 16:8e0d178b1d1e 45350 XFREE(tmp, NULL, DYNAMIC_TYPE_BIGINT);
wolfSSL 16:8e0d178b1d1e 45351 #endif
wolfSSL 16:8e0d178b1d1e 45352 return ret;
wolfSSL 16:8e0d178b1d1e 45353 }
wolfSSL 16:8e0d178b1d1e 45354
wolfSSL 16:8e0d178b1d1e 45355
wolfSSL 16:8e0d178b1d1e 45356 /* WOLFSSL_SUCCESS on ok */
wolfSSL 16:8e0d178b1d1e 45357 /* Note on use: this function expects str to be an even length. It is
wolfSSL 16:8e0d178b1d1e 45358 * converting pairs of bytes into 8-bit values. As an example, the RSA
wolfSSL 16:8e0d178b1d1e 45359 * public exponent is commonly 0x010001. To get it to convert, you need
wolfSSL 16:8e0d178b1d1e 45360 * to pass in the string "010001", it will fail if you use "10001". This
wolfSSL 16:8e0d178b1d1e 45361 * is an affect of how Base16_Decode() works.
wolfSSL 16:8e0d178b1d1e 45362 */
wolfSSL 16:8e0d178b1d1e 45363 int wolfSSL_BN_hex2bn(WOLFSSL_BIGNUM** bn, const char* str)
wolfSSL 16:8e0d178b1d1e 45364 {
wolfSSL 16:8e0d178b1d1e 45365 int ret = 0;
wolfSSL 16:8e0d178b1d1e 45366 word32 decSz = 1024;
wolfSSL 16:8e0d178b1d1e 45367 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 16:8e0d178b1d1e 45368 byte* decoded;
wolfSSL 16:8e0d178b1d1e 45369 #else
wolfSSL 16:8e0d178b1d1e 45370 byte decoded[1024];
wolfSSL 16:8e0d178b1d1e 45371 #endif
wolfSSL 16:8e0d178b1d1e 45372 int weOwn = 0;
wolfSSL 16:8e0d178b1d1e 45373 int strLen;
wolfSSL 16:8e0d178b1d1e 45374
wolfSSL 16:8e0d178b1d1e 45375 WOLFSSL_MSG("wolfSSL_BN_hex2bn");
wolfSSL 16:8e0d178b1d1e 45376
wolfSSL 16:8e0d178b1d1e 45377 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 16:8e0d178b1d1e 45378 decoded = (byte*)XMALLOC(decSz, NULL, DYNAMIC_TYPE_DER);
wolfSSL 16:8e0d178b1d1e 45379 if (decoded == NULL)
wolfSSL 16:8e0d178b1d1e 45380 return ret;
wolfSSL 16:8e0d178b1d1e 45381 #endif
wolfSSL 16:8e0d178b1d1e 45382
wolfSSL 16:8e0d178b1d1e 45383 if (str == NULL || str[0] == '\0') {
wolfSSL 16:8e0d178b1d1e 45384 WOLFSSL_MSG("Bad function argument");
wolfSSL 16:8e0d178b1d1e 45385 ret = WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 45386 } else {
wolfSSL 16:8e0d178b1d1e 45387 strLen = (int)XSTRLEN(str);
wolfSSL 16:8e0d178b1d1e 45388 /* ignore trailing new lines */
wolfSSL 16:8e0d178b1d1e 45389 while (str[strLen-1] == '\n' && strLen > 0) strLen--;
wolfSSL 16:8e0d178b1d1e 45390
wolfSSL 16:8e0d178b1d1e 45391 if (Base16_Decode((byte*)str, strLen, decoded, &decSz) < 0)
wolfSSL 16:8e0d178b1d1e 45392 WOLFSSL_MSG("Bad Base16_Decode error");
wolfSSL 16:8e0d178b1d1e 45393 else if (bn == NULL)
wolfSSL 16:8e0d178b1d1e 45394 ret = decSz;
wolfSSL 16:8e0d178b1d1e 45395 else {
wolfSSL 16:8e0d178b1d1e 45396 if (*bn == NULL) {
wolfSSL 16:8e0d178b1d1e 45397 *bn = wolfSSL_BN_new();
wolfSSL 16:8e0d178b1d1e 45398 if (*bn != NULL) {
wolfSSL 16:8e0d178b1d1e 45399 weOwn = 1;
wolfSSL 16:8e0d178b1d1e 45400 }
wolfSSL 16:8e0d178b1d1e 45401 }
wolfSSL 16:8e0d178b1d1e 45402
wolfSSL 16:8e0d178b1d1e 45403 if (*bn == NULL)
wolfSSL 16:8e0d178b1d1e 45404 WOLFSSL_MSG("BN new failed");
wolfSSL 16:8e0d178b1d1e 45405 else if (wolfSSL_BN_bin2bn(decoded, decSz, *bn) == NULL) {
wolfSSL 16:8e0d178b1d1e 45406 WOLFSSL_MSG("Bad bin2bn error");
wolfSSL 16:8e0d178b1d1e 45407 if (weOwn == 1) {
wolfSSL 16:8e0d178b1d1e 45408 wolfSSL_BN_free(*bn); /* Free new BN */
wolfSSL 16:8e0d178b1d1e 45409 }
wolfSSL 16:8e0d178b1d1e 45410 }
wolfSSL 16:8e0d178b1d1e 45411 else
wolfSSL 16:8e0d178b1d1e 45412 ret = WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 45413 }
wolfSSL 16:8e0d178b1d1e 45414 }
wolfSSL 16:8e0d178b1d1e 45415
wolfSSL 16:8e0d178b1d1e 45416 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 16:8e0d178b1d1e 45417 XFREE(decoded, NULL, DYNAMIC_TYPE_DER);
wolfSSL 16:8e0d178b1d1e 45418 #endif
wolfSSL 16:8e0d178b1d1e 45419
wolfSSL 16:8e0d178b1d1e 45420 return ret;
wolfSSL 16:8e0d178b1d1e 45421 }
wolfSSL 16:8e0d178b1d1e 45422
wolfSSL 16:8e0d178b1d1e 45423
wolfSSL 16:8e0d178b1d1e 45424 WOLFSSL_BIGNUM* wolfSSL_BN_dup(const WOLFSSL_BIGNUM* bn)
wolfSSL 16:8e0d178b1d1e 45425 {
wolfSSL 16:8e0d178b1d1e 45426 WOLFSSL_BIGNUM* ret;
wolfSSL 16:8e0d178b1d1e 45427
wolfSSL 16:8e0d178b1d1e 45428 WOLFSSL_MSG("wolfSSL_BN_dup");
wolfSSL 16:8e0d178b1d1e 45429
wolfSSL 16:8e0d178b1d1e 45430 if (bn == NULL || bn->internal == NULL) {
wolfSSL 16:8e0d178b1d1e 45431 WOLFSSL_MSG("bn NULL error");
wolfSSL 16:8e0d178b1d1e 45432 return NULL;
wolfSSL 16:8e0d178b1d1e 45433 }
wolfSSL 16:8e0d178b1d1e 45434
wolfSSL 16:8e0d178b1d1e 45435 ret = wolfSSL_BN_new();
wolfSSL 16:8e0d178b1d1e 45436 if (ret == NULL) {
wolfSSL 16:8e0d178b1d1e 45437 WOLFSSL_MSG("bn new error");
wolfSSL 16:8e0d178b1d1e 45438 return NULL;
wolfSSL 16:8e0d178b1d1e 45439 }
wolfSSL 16:8e0d178b1d1e 45440
wolfSSL 16:8e0d178b1d1e 45441 if (mp_copy((mp_int*)bn->internal, (mp_int*)ret->internal) != MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 45442 WOLFSSL_MSG("mp_copy error");
wolfSSL 16:8e0d178b1d1e 45443 wolfSSL_BN_free(ret);
wolfSSL 16:8e0d178b1d1e 45444 return NULL;
wolfSSL 16:8e0d178b1d1e 45445 }
wolfSSL 16:8e0d178b1d1e 45446
wolfSSL 16:8e0d178b1d1e 45447 ret->neg = bn->neg;
wolfSSL 16:8e0d178b1d1e 45448
wolfSSL 16:8e0d178b1d1e 45449 return ret;
wolfSSL 16:8e0d178b1d1e 45450 }
wolfSSL 16:8e0d178b1d1e 45451
wolfSSL 16:8e0d178b1d1e 45452
wolfSSL 16:8e0d178b1d1e 45453 WOLFSSL_BIGNUM* wolfSSL_BN_copy(WOLFSSL_BIGNUM* r, const WOLFSSL_BIGNUM* bn)
wolfSSL 16:8e0d178b1d1e 45454 {
wolfSSL 16:8e0d178b1d1e 45455 WOLFSSL_MSG("wolfSSL_BN_copy");
wolfSSL 16:8e0d178b1d1e 45456
wolfSSL 16:8e0d178b1d1e 45457 if (r == NULL || bn == NULL) {
wolfSSL 16:8e0d178b1d1e 45458 WOLFSSL_MSG("r or bn NULL error");
wolfSSL 16:8e0d178b1d1e 45459 return NULL;
wolfSSL 16:8e0d178b1d1e 45460 }
wolfSSL 16:8e0d178b1d1e 45461
wolfSSL 16:8e0d178b1d1e 45462 if (mp_copy((mp_int*)bn->internal, (mp_int*)r->internal) != MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 45463 WOLFSSL_MSG("mp_copy error");
wolfSSL 16:8e0d178b1d1e 45464 return NULL;
wolfSSL 16:8e0d178b1d1e 45465 }
wolfSSL 16:8e0d178b1d1e 45466
wolfSSL 16:8e0d178b1d1e 45467 r->neg = bn->neg;
wolfSSL 16:8e0d178b1d1e 45468
wolfSSL 16:8e0d178b1d1e 45469 return r;
wolfSSL 16:8e0d178b1d1e 45470 }
wolfSSL 16:8e0d178b1d1e 45471
wolfSSL 16:8e0d178b1d1e 45472 /* return code compliant with OpenSSL :
wolfSSL 16:8e0d178b1d1e 45473 * 1 if success, 0 else
wolfSSL 16:8e0d178b1d1e 45474 */
wolfSSL 16:8e0d178b1d1e 45475 int wolfSSL_BN_set_word(WOLFSSL_BIGNUM* bn, WOLFSSL_BN_ULONG w)
wolfSSL 16:8e0d178b1d1e 45476 {
wolfSSL 16:8e0d178b1d1e 45477 WOLFSSL_MSG("wolfSSL_BN_set_word");
wolfSSL 16:8e0d178b1d1e 45478
wolfSSL 16:8e0d178b1d1e 45479 if (bn == NULL) {
wolfSSL 16:8e0d178b1d1e 45480 WOLFSSL_MSG("bn NULL error");
wolfSSL 16:8e0d178b1d1e 45481 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 45482 }
wolfSSL 16:8e0d178b1d1e 45483
wolfSSL 16:8e0d178b1d1e 45484 if (mp_set_int((mp_int*)bn->internal, w) != MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 45485 WOLFSSL_MSG("mp_init_set_int error");
wolfSSL 16:8e0d178b1d1e 45486 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 45487 }
wolfSSL 16:8e0d178b1d1e 45488
wolfSSL 16:8e0d178b1d1e 45489 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 45490 }
wolfSSL 16:8e0d178b1d1e 45491
wolfSSL 16:8e0d178b1d1e 45492
wolfSSL 16:8e0d178b1d1e 45493 /* Returns the big number as an unsigned long if possible.
wolfSSL 16:8e0d178b1d1e 45494 *
wolfSSL 16:8e0d178b1d1e 45495 * bn big number structure to get value from
wolfSSL 16:8e0d178b1d1e 45496 *
wolfSSL 16:8e0d178b1d1e 45497 * Returns value or 0xFFFFFFFFL if bigger than unsigned long.
wolfSSL 16:8e0d178b1d1e 45498 */
wolfSSL 16:8e0d178b1d1e 45499 unsigned long wolfSSL_BN_get_word(const WOLFSSL_BIGNUM* bn)
wolfSSL 16:8e0d178b1d1e 45500 {
wolfSSL 16:8e0d178b1d1e 45501 mp_int* mp;
wolfSSL 16:8e0d178b1d1e 45502
wolfSSL 16:8e0d178b1d1e 45503 WOLFSSL_MSG("wolfSSL_BN_get_word");
wolfSSL 16:8e0d178b1d1e 45504
wolfSSL 16:8e0d178b1d1e 45505 if (bn == NULL) {
wolfSSL 16:8e0d178b1d1e 45506 WOLFSSL_MSG("Invalid argument");
wolfSSL 16:8e0d178b1d1e 45507 return 0;
wolfSSL 16:8e0d178b1d1e 45508 }
wolfSSL 16:8e0d178b1d1e 45509
wolfSSL 16:8e0d178b1d1e 45510 if (wolfSSL_BN_num_bytes(bn) > (int)sizeof(unsigned long)) {
wolfSSL 16:8e0d178b1d1e 45511 WOLFSSL_MSG("bignum is larger than unsigned long");
wolfSSL 16:8e0d178b1d1e 45512 return 0xFFFFFFFFL;
wolfSSL 16:8e0d178b1d1e 45513 }
wolfSSL 16:8e0d178b1d1e 45514 mp = (mp_int*)bn->internal;
wolfSSL 16:8e0d178b1d1e 45515
wolfSSL 16:8e0d178b1d1e 45516 return (unsigned long)(mp->dp[0]);
wolfSSL 16:8e0d178b1d1e 45517 }
wolfSSL 16:8e0d178b1d1e 45518
wolfSSL 16:8e0d178b1d1e 45519 /* return code compliant with OpenSSL :
wolfSSL 16:8e0d178b1d1e 45520 * number length in decimal if success, 0 if error
wolfSSL 16:8e0d178b1d1e 45521 */
wolfSSL 16:8e0d178b1d1e 45522 #ifndef NO_WOLFSSL_STUB
wolfSSL 16:8e0d178b1d1e 45523 int wolfSSL_BN_dec2bn(WOLFSSL_BIGNUM** bn, const char* str)
wolfSSL 16:8e0d178b1d1e 45524 {
wolfSSL 16:8e0d178b1d1e 45525 (void)bn;
wolfSSL 16:8e0d178b1d1e 45526 (void)str;
wolfSSL 16:8e0d178b1d1e 45527
wolfSSL 16:8e0d178b1d1e 45528 WOLFSSL_MSG("wolfSSL_BN_dec2bn");
wolfSSL 16:8e0d178b1d1e 45529 WOLFSSL_STUB("BN_dec2bn");
wolfSSL 16:8e0d178b1d1e 45530 return SSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 45531 }
wolfSSL 16:8e0d178b1d1e 45532 #endif
wolfSSL 16:8e0d178b1d1e 45533
wolfSSL 16:8e0d178b1d1e 45534 #if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)
wolfSSL 16:8e0d178b1d1e 45535 char *wolfSSL_BN_bn2dec(const WOLFSSL_BIGNUM *bn)
wolfSSL 16:8e0d178b1d1e 45536 {
wolfSSL 16:8e0d178b1d1e 45537 int len = 0;
wolfSSL 16:8e0d178b1d1e 45538 char *buf;
wolfSSL 16:8e0d178b1d1e 45539
wolfSSL 16:8e0d178b1d1e 45540 WOLFSSL_MSG("wolfSSL_BN_bn2dec");
wolfSSL 16:8e0d178b1d1e 45541
wolfSSL 16:8e0d178b1d1e 45542 if (bn == NULL || bn->internal == NULL) {
wolfSSL 16:8e0d178b1d1e 45543 WOLFSSL_MSG("bn NULL error");
wolfSSL 16:8e0d178b1d1e 45544 return NULL;
wolfSSL 16:8e0d178b1d1e 45545 }
wolfSSL 16:8e0d178b1d1e 45546
wolfSSL 16:8e0d178b1d1e 45547 if (mp_radix_size((mp_int*)bn->internal, MP_RADIX_DEC, &len) != MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 45548 WOLFSSL_MSG("mp_radix_size failure");
wolfSSL 16:8e0d178b1d1e 45549 return NULL;
wolfSSL 16:8e0d178b1d1e 45550 }
wolfSSL 16:8e0d178b1d1e 45551
wolfSSL 16:8e0d178b1d1e 45552 buf = (char*) XMALLOC(len, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL 16:8e0d178b1d1e 45553 if (buf == NULL) {
wolfSSL 16:8e0d178b1d1e 45554 WOLFSSL_MSG("BN_bn2dec malloc buffer failure");
wolfSSL 16:8e0d178b1d1e 45555 return NULL;
wolfSSL 16:8e0d178b1d1e 45556 }
wolfSSL 16:8e0d178b1d1e 45557
wolfSSL 16:8e0d178b1d1e 45558 if (mp_todecimal((mp_int*)bn->internal, buf) != MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 45559 XFREE(buf, NULL, DYNAMIC_TYPE_ECC);
wolfSSL 16:8e0d178b1d1e 45560 return NULL;
wolfSSL 16:8e0d178b1d1e 45561 }
wolfSSL 16:8e0d178b1d1e 45562
wolfSSL 16:8e0d178b1d1e 45563 return buf;
wolfSSL 16:8e0d178b1d1e 45564 }
wolfSSL 16:8e0d178b1d1e 45565 #else
wolfSSL 16:8e0d178b1d1e 45566 char* wolfSSL_BN_bn2dec(const WOLFSSL_BIGNUM* bn)
wolfSSL 16:8e0d178b1d1e 45567 {
wolfSSL 16:8e0d178b1d1e 45568 (void)bn;
wolfSSL 16:8e0d178b1d1e 45569
wolfSSL 16:8e0d178b1d1e 45570 WOLFSSL_MSG("wolfSSL_BN_bn2dec");
wolfSSL 16:8e0d178b1d1e 45571
wolfSSL 16:8e0d178b1d1e 45572 return NULL;
wolfSSL 16:8e0d178b1d1e 45573 }
wolfSSL 16:8e0d178b1d1e 45574 #endif /* defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) */
wolfSSL 16:8e0d178b1d1e 45575
wolfSSL 16:8e0d178b1d1e 45576 /* return code compliant with OpenSSL :
wolfSSL 16:8e0d178b1d1e 45577 * 1 if success, 0 else
wolfSSL 16:8e0d178b1d1e 45578 */
wolfSSL 16:8e0d178b1d1e 45579 int wolfSSL_BN_lshift(WOLFSSL_BIGNUM *r, const WOLFSSL_BIGNUM *bn, int n)
wolfSSL 16:8e0d178b1d1e 45580 {
wolfSSL 16:8e0d178b1d1e 45581 WOLFSSL_MSG("wolfSSL_BN_lshift");
wolfSSL 16:8e0d178b1d1e 45582
wolfSSL 16:8e0d178b1d1e 45583 if (r == NULL || r->internal == NULL || bn == NULL || bn->internal == NULL){
wolfSSL 16:8e0d178b1d1e 45584 WOLFSSL_MSG("bn NULL error");
wolfSSL 16:8e0d178b1d1e 45585 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 45586 }
wolfSSL 16:8e0d178b1d1e 45587
wolfSSL 16:8e0d178b1d1e 45588 if (mp_mul_2d((mp_int*)bn->internal, n, (mp_int*)r->internal) != MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 45589 WOLFSSL_MSG("mp_mul_2d error");
wolfSSL 16:8e0d178b1d1e 45590 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 45591 }
wolfSSL 16:8e0d178b1d1e 45592
wolfSSL 16:8e0d178b1d1e 45593 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 45594 }
wolfSSL 16:8e0d178b1d1e 45595
wolfSSL 16:8e0d178b1d1e 45596 /* return code compliant with OpenSSL :
wolfSSL 16:8e0d178b1d1e 45597 * 1 if success, 0 else
wolfSSL 16:8e0d178b1d1e 45598 */
wolfSSL 16:8e0d178b1d1e 45599 int wolfSSL_BN_rshift(WOLFSSL_BIGNUM *r, const WOLFSSL_BIGNUM *bn, int n)
wolfSSL 16:8e0d178b1d1e 45600 {
wolfSSL 16:8e0d178b1d1e 45601 WOLFSSL_MSG("wolfSSL_BN_rshift");
wolfSSL 16:8e0d178b1d1e 45602
wolfSSL 16:8e0d178b1d1e 45603 if (r == NULL || r->internal == NULL || bn == NULL || bn->internal == NULL){
wolfSSL 16:8e0d178b1d1e 45604 WOLFSSL_MSG("bn NULL error");
wolfSSL 16:8e0d178b1d1e 45605 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 45606 }
wolfSSL 16:8e0d178b1d1e 45607
wolfSSL 16:8e0d178b1d1e 45608 if (mp_div_2d((mp_int*)bn->internal, n,
wolfSSL 16:8e0d178b1d1e 45609 (mp_int*)r->internal, NULL) != MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 45610 WOLFSSL_MSG("mp_mul_2d error");
wolfSSL 16:8e0d178b1d1e 45611 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 45612 }
wolfSSL 16:8e0d178b1d1e 45613
wolfSSL 16:8e0d178b1d1e 45614 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 45615 }
wolfSSL 16:8e0d178b1d1e 45616
wolfSSL 16:8e0d178b1d1e 45617 /* return code compliant with OpenSSL :
wolfSSL 16:8e0d178b1d1e 45618 * 1 if success, 0 else
wolfSSL 16:8e0d178b1d1e 45619 */
wolfSSL 16:8e0d178b1d1e 45620 int wolfSSL_BN_add_word(WOLFSSL_BIGNUM *bn, WOLFSSL_BN_ULONG w)
wolfSSL 16:8e0d178b1d1e 45621 {
wolfSSL 16:8e0d178b1d1e 45622 WOLFSSL_MSG("wolfSSL_BN_add_word");
wolfSSL 16:8e0d178b1d1e 45623
wolfSSL 16:8e0d178b1d1e 45624 if (bn == NULL || bn->internal == NULL) {
wolfSSL 16:8e0d178b1d1e 45625 WOLFSSL_MSG("bn NULL error");
wolfSSL 16:8e0d178b1d1e 45626 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 45627 }
wolfSSL 16:8e0d178b1d1e 45628
wolfSSL 16:8e0d178b1d1e 45629 if (mp_add_d((mp_int*)bn->internal, w, (mp_int*)bn->internal) != MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 45630 WOLFSSL_MSG("mp_add_d error");
wolfSSL 16:8e0d178b1d1e 45631 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 45632 }
wolfSSL 16:8e0d178b1d1e 45633
wolfSSL 16:8e0d178b1d1e 45634 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 45635 }
wolfSSL 16:8e0d178b1d1e 45636
wolfSSL 16:8e0d178b1d1e 45637 /* return code compliant with OpenSSL :
wolfSSL 16:8e0d178b1d1e 45638 * 1 if success, 0 else
wolfSSL 16:8e0d178b1d1e 45639 */
wolfSSL 16:8e0d178b1d1e 45640 int wolfSSL_BN_add(WOLFSSL_BIGNUM *r, WOLFSSL_BIGNUM *a, WOLFSSL_BIGNUM *b)
wolfSSL 16:8e0d178b1d1e 45641 {
wolfSSL 16:8e0d178b1d1e 45642 WOLFSSL_MSG("wolfSSL_BN_add");
wolfSSL 16:8e0d178b1d1e 45643
wolfSSL 16:8e0d178b1d1e 45644 if (r == NULL || r->internal == NULL || a == NULL || a->internal == NULL ||
wolfSSL 16:8e0d178b1d1e 45645 b == NULL || b->internal == NULL) {
wolfSSL 16:8e0d178b1d1e 45646 WOLFSSL_MSG("bn NULL error");
wolfSSL 16:8e0d178b1d1e 45647 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 45648 }
wolfSSL 16:8e0d178b1d1e 45649
wolfSSL 16:8e0d178b1d1e 45650 if (mp_add((mp_int*)a->internal, (mp_int*)b->internal,
wolfSSL 16:8e0d178b1d1e 45651 (mp_int*)r->internal) != MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 45652 WOLFSSL_MSG("mp_add_d error");
wolfSSL 16:8e0d178b1d1e 45653 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 45654 }
wolfSSL 16:8e0d178b1d1e 45655
wolfSSL 16:8e0d178b1d1e 45656 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 45657 }
wolfSSL 16:8e0d178b1d1e 45658
wolfSSL 16:8e0d178b1d1e 45659 /* r = a + b (mod m) */
wolfSSL 16:8e0d178b1d1e 45660 int wolfSSL_BN_mod_add(WOLFSSL_BIGNUM *r, const WOLFSSL_BIGNUM *a,
wolfSSL 16:8e0d178b1d1e 45661 const WOLFSSL_BIGNUM *b, const WOLFSSL_BIGNUM *m,
wolfSSL 16:8e0d178b1d1e 45662 WOLFSSL_BN_CTX *ctx)
wolfSSL 16:8e0d178b1d1e 45663 {
wolfSSL 16:8e0d178b1d1e 45664 (void)ctx;
wolfSSL 16:8e0d178b1d1e 45665 WOLFSSL_MSG("wolfSSL_BN_add");
wolfSSL 16:8e0d178b1d1e 45666
wolfSSL 16:8e0d178b1d1e 45667 if (r == NULL || r->internal == NULL ||
wolfSSL 16:8e0d178b1d1e 45668 a == NULL || a->internal == NULL ||
wolfSSL 16:8e0d178b1d1e 45669 b == NULL || b->internal == NULL ||
wolfSSL 16:8e0d178b1d1e 45670 m == NULL || m->internal == NULL) {
wolfSSL 16:8e0d178b1d1e 45671 WOLFSSL_MSG("bn NULL error");
wolfSSL 16:8e0d178b1d1e 45672 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 45673 }
wolfSSL 16:8e0d178b1d1e 45674
wolfSSL 16:8e0d178b1d1e 45675 if (mp_addmod((mp_int*)a->internal, (mp_int*)b->internal,
wolfSSL 16:8e0d178b1d1e 45676 (mp_int*)m->internal, (mp_int*)r->internal) != MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 45677 WOLFSSL_MSG("mp_add_d error");
wolfSSL 16:8e0d178b1d1e 45678 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 45679 }
wolfSSL 16:8e0d178b1d1e 45680
wolfSSL 16:8e0d178b1d1e 45681 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 45682 }
wolfSSL 16:8e0d178b1d1e 45683
wolfSSL 16:8e0d178b1d1e 45684 #ifdef WOLFSSL_KEY_GEN
wolfSSL 16:8e0d178b1d1e 45685
wolfSSL 16:8e0d178b1d1e 45686 /* return code compliant with OpenSSL :
wolfSSL 16:8e0d178b1d1e 45687 * 1 if prime, 0 if not, -1 if error
wolfSSL 16:8e0d178b1d1e 45688 */
wolfSSL 16:8e0d178b1d1e 45689 int wolfSSL_BN_is_prime_ex(const WOLFSSL_BIGNUM *bn, int nbchecks,
wolfSSL 16:8e0d178b1d1e 45690 WOLFSSL_BN_CTX *ctx, WOLFSSL_BN_GENCB *cb)
wolfSSL 16:8e0d178b1d1e 45691 {
wolfSSL 16:8e0d178b1d1e 45692 WC_RNG* rng = NULL;
wolfSSL 16:8e0d178b1d1e 45693 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 16:8e0d178b1d1e 45694 WC_RNG* tmpRNG = NULL;
wolfSSL 16:8e0d178b1d1e 45695 #else
wolfSSL 16:8e0d178b1d1e 45696 WC_RNG tmpRNG[1];
wolfSSL 16:8e0d178b1d1e 45697 #endif
wolfSSL 16:8e0d178b1d1e 45698 int initTmpRng = 0;
wolfSSL 16:8e0d178b1d1e 45699 int res = MP_NO;
wolfSSL 16:8e0d178b1d1e 45700
wolfSSL 16:8e0d178b1d1e 45701 (void)ctx;
wolfSSL 16:8e0d178b1d1e 45702 (void)cb;
wolfSSL 16:8e0d178b1d1e 45703
wolfSSL 16:8e0d178b1d1e 45704 WOLFSSL_MSG("wolfSSL_BN_is_prime_ex");
wolfSSL 16:8e0d178b1d1e 45705
wolfSSL 16:8e0d178b1d1e 45706 if (bn == NULL || bn->internal == NULL) {
wolfSSL 16:8e0d178b1d1e 45707 WOLFSSL_MSG("bn NULL error");
wolfSSL 16:8e0d178b1d1e 45708 return WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 45709 }
wolfSSL 16:8e0d178b1d1e 45710
wolfSSL 16:8e0d178b1d1e 45711 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 16:8e0d178b1d1e 45712 tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG);
wolfSSL 16:8e0d178b1d1e 45713 if (tmpRNG == NULL)
wolfSSL 16:8e0d178b1d1e 45714 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 45715 #endif
wolfSSL 16:8e0d178b1d1e 45716 if (wc_InitRng(tmpRNG) == 0) {
wolfSSL 16:8e0d178b1d1e 45717 rng = tmpRNG;
wolfSSL 16:8e0d178b1d1e 45718 initTmpRng = 1;
wolfSSL 16:8e0d178b1d1e 45719 }
wolfSSL 16:8e0d178b1d1e 45720 else {
wolfSSL 16:8e0d178b1d1e 45721 WOLFSSL_MSG("Bad RNG Init, trying global");
wolfSSL 16:8e0d178b1d1e 45722 if (initGlobalRNG == 0) {
wolfSSL 16:8e0d178b1d1e 45723 WOLFSSL_MSG("Global RNG no Init");
wolfSSL 16:8e0d178b1d1e 45724 }
wolfSSL 16:8e0d178b1d1e 45725 else
wolfSSL 16:8e0d178b1d1e 45726 rng = &globalRNG;
wolfSSL 16:8e0d178b1d1e 45727 }
wolfSSL 16:8e0d178b1d1e 45728
wolfSSL 16:8e0d178b1d1e 45729 if (rng) {
wolfSSL 16:8e0d178b1d1e 45730 if (mp_prime_is_prime_ex((mp_int*)bn->internal,
wolfSSL 16:8e0d178b1d1e 45731 nbchecks, &res, rng) != MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 45732 WOLFSSL_MSG("mp_prime_is_prime_ex error");
wolfSSL 16:8e0d178b1d1e 45733 res = MP_NO;
wolfSSL 16:8e0d178b1d1e 45734 }
wolfSSL 16:8e0d178b1d1e 45735 }
wolfSSL 16:8e0d178b1d1e 45736
wolfSSL 16:8e0d178b1d1e 45737 if (initTmpRng)
wolfSSL 16:8e0d178b1d1e 45738 wc_FreeRng(tmpRNG);
wolfSSL 16:8e0d178b1d1e 45739 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 16:8e0d178b1d1e 45740 XFREE(tmpRNG, NULL, DYNAMIC_TYPE_RNG);
wolfSSL 16:8e0d178b1d1e 45741 #endif
wolfSSL 16:8e0d178b1d1e 45742
wolfSSL 16:8e0d178b1d1e 45743 if (res != MP_YES) {
wolfSSL 16:8e0d178b1d1e 45744 WOLFSSL_MSG("mp_prime_is_prime_ex not prime");
wolfSSL 16:8e0d178b1d1e 45745 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 45746 }
wolfSSL 16:8e0d178b1d1e 45747
wolfSSL 16:8e0d178b1d1e 45748 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 45749 }
wolfSSL 16:8e0d178b1d1e 45750
wolfSSL 16:8e0d178b1d1e 45751 /* return code compliant with OpenSSL :
wolfSSL 16:8e0d178b1d1e 45752 * (bn mod w) if success, -1 if error
wolfSSL 16:8e0d178b1d1e 45753 */
wolfSSL 16:8e0d178b1d1e 45754 WOLFSSL_BN_ULONG wolfSSL_BN_mod_word(const WOLFSSL_BIGNUM *bn,
wolfSSL 16:8e0d178b1d1e 45755 WOLFSSL_BN_ULONG w)
wolfSSL 16:8e0d178b1d1e 45756 {
wolfSSL 16:8e0d178b1d1e 45757 WOLFSSL_BN_ULONG ret = 0;
wolfSSL 16:8e0d178b1d1e 45758
wolfSSL 16:8e0d178b1d1e 45759 WOLFSSL_MSG("wolfSSL_BN_mod_word");
wolfSSL 16:8e0d178b1d1e 45760
wolfSSL 16:8e0d178b1d1e 45761 if (bn == NULL || bn->internal == NULL) {
wolfSSL 16:8e0d178b1d1e 45762 WOLFSSL_MSG("bn NULL error");
wolfSSL 16:8e0d178b1d1e 45763 return (WOLFSSL_BN_ULONG)WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 45764 }
wolfSSL 16:8e0d178b1d1e 45765
wolfSSL 16:8e0d178b1d1e 45766 if (mp_mod_d((mp_int*)bn->internal, w, &ret) != MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 45767 WOLFSSL_MSG("mp_add_d error");
wolfSSL 16:8e0d178b1d1e 45768 return (WOLFSSL_BN_ULONG)WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 45769 }
wolfSSL 16:8e0d178b1d1e 45770
wolfSSL 16:8e0d178b1d1e 45771 return ret;
wolfSSL 16:8e0d178b1d1e 45772 }
wolfSSL 16:8e0d178b1d1e 45773 #endif /* #ifdef WOLFSSL_KEY_GEN */
wolfSSL 16:8e0d178b1d1e 45774
wolfSSL 16:8e0d178b1d1e 45775 char *wolfSSL_BN_bn2hex(const WOLFSSL_BIGNUM *bn)
wolfSSL 16:8e0d178b1d1e 45776 {
wolfSSL 16:8e0d178b1d1e 45777 int len = 0;
wolfSSL 16:8e0d178b1d1e 45778 char *buf;
wolfSSL 16:8e0d178b1d1e 45779
wolfSSL 16:8e0d178b1d1e 45780 WOLFSSL_ENTER("wolfSSL_BN_bn2hex");
wolfSSL 16:8e0d178b1d1e 45781
wolfSSL 16:8e0d178b1d1e 45782 if (bn == NULL || bn->internal == NULL) {
wolfSSL 16:8e0d178b1d1e 45783 WOLFSSL_MSG("bn NULL error");
wolfSSL 16:8e0d178b1d1e 45784 return NULL;
wolfSSL 16:8e0d178b1d1e 45785 }
wolfSSL 16:8e0d178b1d1e 45786
wolfSSL 16:8e0d178b1d1e 45787 if (mp_radix_size((mp_int*)bn->internal, MP_RADIX_HEX, &len) != MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 45788 WOLFSSL_MSG("mp_radix_size failure");
wolfSSL 16:8e0d178b1d1e 45789 return NULL;
wolfSSL 16:8e0d178b1d1e 45790 }
wolfSSL 16:8e0d178b1d1e 45791 len += 1; /* add one for null terminator */
wolfSSL 16:8e0d178b1d1e 45792
wolfSSL 16:8e0d178b1d1e 45793 buf = (char*)XMALLOC(len, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL 16:8e0d178b1d1e 45794 if (buf == NULL) {
wolfSSL 16:8e0d178b1d1e 45795 WOLFSSL_MSG("BN_bn2hex malloc buffer failure");
wolfSSL 16:8e0d178b1d1e 45796 return NULL;
wolfSSL 16:8e0d178b1d1e 45797 }
wolfSSL 16:8e0d178b1d1e 45798
wolfSSL 16:8e0d178b1d1e 45799 if (mp_tohex((mp_int*)bn->internal, buf) != MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 45800 XFREE(buf, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL 16:8e0d178b1d1e 45801 return NULL;
wolfSSL 16:8e0d178b1d1e 45802 }
wolfSSL 16:8e0d178b1d1e 45803
wolfSSL 16:8e0d178b1d1e 45804 return buf;
wolfSSL 16:8e0d178b1d1e 45805 }
wolfSSL 16:8e0d178b1d1e 45806
wolfSSL 16:8e0d178b1d1e 45807 #ifndef NO_FILESYSTEM
wolfSSL 16:8e0d178b1d1e 45808 /* return code compliant with OpenSSL :
wolfSSL 16:8e0d178b1d1e 45809 * 1 if success, 0 if error
wolfSSL 16:8e0d178b1d1e 45810 */
wolfSSL 16:8e0d178b1d1e 45811 int wolfSSL_BN_print_fp(XFILE fp, const WOLFSSL_BIGNUM *bn)
wolfSSL 16:8e0d178b1d1e 45812 {
wolfSSL 16:8e0d178b1d1e 45813 char *buf;
wolfSSL 16:8e0d178b1d1e 45814
wolfSSL 16:8e0d178b1d1e 45815 WOLFSSL_ENTER("wolfSSL_BN_print_fp");
wolfSSL 16:8e0d178b1d1e 45816
wolfSSL 16:8e0d178b1d1e 45817 if (fp == XBADFILE || bn == NULL || bn->internal == NULL) {
wolfSSL 16:8e0d178b1d1e 45818 WOLFSSL_MSG("bn NULL error");
wolfSSL 16:8e0d178b1d1e 45819 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 45820 }
wolfSSL 16:8e0d178b1d1e 45821
wolfSSL 16:8e0d178b1d1e 45822 buf = wolfSSL_BN_bn2hex(bn);
wolfSSL 16:8e0d178b1d1e 45823 if (buf == NULL) {
wolfSSL 16:8e0d178b1d1e 45824 WOLFSSL_MSG("wolfSSL_BN_bn2hex failure");
wolfSSL 16:8e0d178b1d1e 45825 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 45826 }
wolfSSL 16:8e0d178b1d1e 45827
wolfSSL 16:8e0d178b1d1e 45828 fprintf(fp, "%s", buf);
wolfSSL 16:8e0d178b1d1e 45829 XFREE(buf, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL 16:8e0d178b1d1e 45830
wolfSSL 16:8e0d178b1d1e 45831 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 45832 }
wolfSSL 16:8e0d178b1d1e 45833 #endif /* !NO_FILESYSTEM */
wolfSSL 16:8e0d178b1d1e 45834
wolfSSL 16:8e0d178b1d1e 45835
wolfSSL 16:8e0d178b1d1e 45836 WOLFSSL_BIGNUM *wolfSSL_BN_CTX_get(WOLFSSL_BN_CTX *ctx)
wolfSSL 16:8e0d178b1d1e 45837 {
wolfSSL 16:8e0d178b1d1e 45838 /* ctx is not used, return new Bignum */
wolfSSL 16:8e0d178b1d1e 45839 (void)ctx;
wolfSSL 16:8e0d178b1d1e 45840
wolfSSL 16:8e0d178b1d1e 45841 WOLFSSL_ENTER("wolfSSL_BN_CTX_get");
wolfSSL 16:8e0d178b1d1e 45842
wolfSSL 16:8e0d178b1d1e 45843 return wolfSSL_BN_new();
wolfSSL 16:8e0d178b1d1e 45844 }
wolfSSL 16:8e0d178b1d1e 45845
wolfSSL 16:8e0d178b1d1e 45846 #ifndef NO_WOLFSSL_STUB
wolfSSL 16:8e0d178b1d1e 45847 void wolfSSL_BN_CTX_start(WOLFSSL_BN_CTX *ctx)
wolfSSL 16:8e0d178b1d1e 45848 {
wolfSSL 16:8e0d178b1d1e 45849 (void)ctx;
wolfSSL 16:8e0d178b1d1e 45850
wolfSSL 16:8e0d178b1d1e 45851 WOLFSSL_ENTER("wolfSSL_BN_CTX_start");
wolfSSL 16:8e0d178b1d1e 45852 WOLFSSL_STUB("BN_CTX_start");
wolfSSL 16:8e0d178b1d1e 45853 WOLFSSL_MSG("wolfSSL_BN_CTX_start TBD");
wolfSSL 16:8e0d178b1d1e 45854 }
wolfSSL 16:8e0d178b1d1e 45855 #endif
wolfSSL 16:8e0d178b1d1e 45856
wolfSSL 16:8e0d178b1d1e 45857
wolfSSL 16:8e0d178b1d1e 45858 WOLFSSL_BIGNUM *wolfSSL_BN_mod_inverse(WOLFSSL_BIGNUM *r,
wolfSSL 16:8e0d178b1d1e 45859 WOLFSSL_BIGNUM *a,
wolfSSL 16:8e0d178b1d1e 45860 const WOLFSSL_BIGNUM *n,
wolfSSL 16:8e0d178b1d1e 45861 WOLFSSL_BN_CTX *ctx)
wolfSSL 16:8e0d178b1d1e 45862 {
wolfSSL 16:8e0d178b1d1e 45863 int dynamic = 0;
wolfSSL 16:8e0d178b1d1e 45864
wolfSSL 16:8e0d178b1d1e 45865 /* ctx is not used */
wolfSSL 16:8e0d178b1d1e 45866 (void)ctx;
wolfSSL 16:8e0d178b1d1e 45867
wolfSSL 16:8e0d178b1d1e 45868 WOLFSSL_ENTER("wolfSSL_BN_mod_inverse");
wolfSSL 16:8e0d178b1d1e 45869
wolfSSL 16:8e0d178b1d1e 45870 /* check parameter */
wolfSSL 16:8e0d178b1d1e 45871 if (r == NULL) {
wolfSSL 16:8e0d178b1d1e 45872 r = wolfSSL_BN_new();
wolfSSL 16:8e0d178b1d1e 45873 if (r == NULL){
wolfSSL 16:8e0d178b1d1e 45874 WOLFSSL_MSG("WolfSSL_BN_new() failed");
wolfSSL 16:8e0d178b1d1e 45875 return NULL;
wolfSSL 16:8e0d178b1d1e 45876 }
wolfSSL 16:8e0d178b1d1e 45877 dynamic = 1;
wolfSSL 16:8e0d178b1d1e 45878 }
wolfSSL 16:8e0d178b1d1e 45879
wolfSSL 16:8e0d178b1d1e 45880 if (a == NULL) {
wolfSSL 16:8e0d178b1d1e 45881 WOLFSSL_MSG("a NULL error");
wolfSSL 16:8e0d178b1d1e 45882 if (dynamic == 1) {
wolfSSL 16:8e0d178b1d1e 45883 wolfSSL_BN_free(r);
wolfSSL 16:8e0d178b1d1e 45884 }
wolfSSL 16:8e0d178b1d1e 45885 return NULL;
wolfSSL 16:8e0d178b1d1e 45886 }
wolfSSL 16:8e0d178b1d1e 45887
wolfSSL 16:8e0d178b1d1e 45888 if (n == NULL) {
wolfSSL 16:8e0d178b1d1e 45889 WOLFSSL_MSG("n NULL error");
wolfSSL 16:8e0d178b1d1e 45890 if (dynamic == 1) {
wolfSSL 16:8e0d178b1d1e 45891 wolfSSL_BN_free(r);
wolfSSL 16:8e0d178b1d1e 45892 }
wolfSSL 16:8e0d178b1d1e 45893 return NULL;
wolfSSL 16:8e0d178b1d1e 45894 }
wolfSSL 16:8e0d178b1d1e 45895
wolfSSL 16:8e0d178b1d1e 45896 /* Compute inverse of a modulo n and return r */
wolfSSL 16:8e0d178b1d1e 45897 if (mp_invmod((mp_int *)a->internal,(mp_int *)n->internal,
wolfSSL 16:8e0d178b1d1e 45898 (mp_int*)r->internal) == MP_VAL){
wolfSSL 16:8e0d178b1d1e 45899 WOLFSSL_MSG("mp_invmod() error");
wolfSSL 16:8e0d178b1d1e 45900 if (dynamic == 1) {
wolfSSL 16:8e0d178b1d1e 45901 wolfSSL_BN_free(r);
wolfSSL 16:8e0d178b1d1e 45902 }
wolfSSL 16:8e0d178b1d1e 45903 return NULL;
wolfSSL 16:8e0d178b1d1e 45904 }
wolfSSL 16:8e0d178b1d1e 45905
wolfSSL 16:8e0d178b1d1e 45906 return r;
wolfSSL 16:8e0d178b1d1e 45907 }
wolfSSL 16:8e0d178b1d1e 45908 #endif /* OPENSSL_EXTRA */
wolfSSL 16:8e0d178b1d1e 45909 #if (defined(WOLFSSL_QT) || defined(OPENSSL_ALL)) && !defined(NO_ASN)
wolfSSL 16:8e0d178b1d1e 45910 static int unprintable_char(char c)
wolfSSL 16:8e0d178b1d1e 45911 {
wolfSSL 16:8e0d178b1d1e 45912 const unsigned char last_unprintable = 31;
wolfSSL 16:8e0d178b1d1e 45913 const unsigned char LF = 10;
wolfSSL 16:8e0d178b1d1e 45914 const unsigned char CR = 13;
wolfSSL 16:8e0d178b1d1e 45915
wolfSSL 16:8e0d178b1d1e 45916 if (c <= last_unprintable && c != LF && c != CR) {
wolfSSL 16:8e0d178b1d1e 45917 return 1;
wolfSSL 16:8e0d178b1d1e 45918 }
wolfSSL 16:8e0d178b1d1e 45919 return 0;
wolfSSL 16:8e0d178b1d1e 45920 }
wolfSSL 16:8e0d178b1d1e 45921
wolfSSL 16:8e0d178b1d1e 45922 int wolfSSL_ASN1_STRING_print(WOLFSSL_BIO *out, WOLFSSL_ASN1_STRING *str)
wolfSSL 16:8e0d178b1d1e 45923 {
wolfSSL 16:8e0d178b1d1e 45924 int i;
wolfSSL 16:8e0d178b1d1e 45925
wolfSSL 16:8e0d178b1d1e 45926 WOLFSSL_ENTER("wolfSSL_ASN1_STRING_print");
wolfSSL 16:8e0d178b1d1e 45927 if (out == NULL || str == NULL)
wolfSSL 16:8e0d178b1d1e 45928 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 45929
wolfSSL 16:8e0d178b1d1e 45930 for (i=0; i < str->length; i++) {
wolfSSL 16:8e0d178b1d1e 45931 if (unprintable_char(str->data[i])) {
wolfSSL 16:8e0d178b1d1e 45932 str->data[i] = '.';
wolfSSL 16:8e0d178b1d1e 45933 }
wolfSSL 16:8e0d178b1d1e 45934 }
wolfSSL 16:8e0d178b1d1e 45935
wolfSSL 16:8e0d178b1d1e 45936 if (wolfSSL_BIO_write(out, str->data, str->length) != str->length){
wolfSSL 16:8e0d178b1d1e 45937 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 45938 }
wolfSSL 16:8e0d178b1d1e 45939
wolfSSL 16:8e0d178b1d1e 45940 return str->length;
wolfSSL 16:8e0d178b1d1e 45941 }
wolfSSL 16:8e0d178b1d1e 45942 #endif /* (WOLFSSL_QT || OPENSSL_ALL) && !NO_ASN */
wolfSSL 16:8e0d178b1d1e 45943
wolfSSL 16:8e0d178b1d1e 45944 #if defined(OPENSSL_EXTRA)
wolfSSL 15:117db924cf7c 45945 int wolfSSL_X509_check_ca(WOLFSSL_X509 *x509)
wolfSSL 15:117db924cf7c 45946 {
wolfSSL 15:117db924cf7c 45947 WOLFSSL_ENTER("X509_check_ca");
wolfSSL 15:117db924cf7c 45948
wolfSSL 15:117db924cf7c 45949 if (x509 == NULL)
wolfSSL 15:117db924cf7c 45950 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 45951 if (x509->isCa)
wolfSSL 15:117db924cf7c 45952 return 1;
wolfSSL 15:117db924cf7c 45953 if (x509->extKeyUsageCrit)
wolfSSL 15:117db924cf7c 45954 return 4;
wolfSSL 15:117db924cf7c 45955
wolfSSL 15:117db924cf7c 45956 return 0;
wolfSSL 15:117db924cf7c 45957 }
wolfSSL 15:117db924cf7c 45958
wolfSSL 15:117db924cf7c 45959
wolfSSL 15:117db924cf7c 45960 const char *wolfSSL_ASN1_tag2str(int tag)
wolfSSL 15:117db924cf7c 45961 {
wolfSSL 15:117db924cf7c 45962 static const char *const tag_label[31] = {
wolfSSL 15:117db924cf7c 45963 "EOC", "BOOLEAN", "INTEGER", "BIT STRING", "OCTET STRING", "NULL",
wolfSSL 15:117db924cf7c 45964 "OBJECT", "OBJECT DESCRIPTOR", "EXTERNAL", "REAL", "ENUMERATED",
wolfSSL 15:117db924cf7c 45965 "<ASN1 11>", "UTF8STRING", "<ASN1 13>", "<ASN1 14>", "<ASN1 15>",
wolfSSL 15:117db924cf7c 45966 "SEQUENCE", "SET", "NUMERICSTRING", "PRINTABLESTRING", "T61STRING",
wolfSSL 15:117db924cf7c 45967 "VIDEOTEXTSTRING", "IA5STRING", "UTCTIME", "GENERALIZEDTIME",
wolfSSL 15:117db924cf7c 45968 "GRAPHICSTRING", "VISIBLESTRING", "GENERALSTRING", "UNIVERSALSTRING",
wolfSSL 15:117db924cf7c 45969 "<ASN1 29>", "BMPSTRING"
wolfSSL 15:117db924cf7c 45970 };
wolfSSL 15:117db924cf7c 45971
wolfSSL 15:117db924cf7c 45972 if ((tag == V_ASN1_NEG_INTEGER) || (tag == V_ASN1_NEG_ENUMERATED))
wolfSSL 15:117db924cf7c 45973 tag &= ~0x100;
wolfSSL 15:117db924cf7c 45974 if (tag < 0 || tag > 30)
wolfSSL 15:117db924cf7c 45975 return "(unknown)";
wolfSSL 15:117db924cf7c 45976 return tag_label[tag];
wolfSSL 15:117db924cf7c 45977 }
wolfSSL 15:117db924cf7c 45978
wolfSSL 15:117db924cf7c 45979 static int check_esc_char(char c, char *esc)
wolfSSL 15:117db924cf7c 45980 {
wolfSSL 16:8e0d178b1d1e 45981 char *ptr;
wolfSSL 15:117db924cf7c 45982
wolfSSL 15:117db924cf7c 45983 ptr = esc;
wolfSSL 15:117db924cf7c 45984 while(*ptr != 0){
wolfSSL 15:117db924cf7c 45985 if (c == *ptr)
wolfSSL 15:117db924cf7c 45986 return 1;
wolfSSL 15:117db924cf7c 45987 ptr++;
wolfSSL 15:117db924cf7c 45988 }
wolfSSL 15:117db924cf7c 45989 return 0;
wolfSSL 15:117db924cf7c 45990 }
wolfSSL 15:117db924cf7c 45991
wolfSSL 15:117db924cf7c 45992 int wolfSSL_ASN1_STRING_print_ex(WOLFSSL_BIO *out, WOLFSSL_ASN1_STRING *str,
wolfSSL 15:117db924cf7c 45993 unsigned long flags)
wolfSSL 15:117db924cf7c 45994 {
wolfSSL 15:117db924cf7c 45995 size_t str_len = 0, type_len = 0;
wolfSSL 15:117db924cf7c 45996 unsigned char *typebuf = NULL;
wolfSSL 15:117db924cf7c 45997 const char *hash="#";
wolfSSL 15:117db924cf7c 45998
wolfSSL 15:117db924cf7c 45999 WOLFSSL_ENTER("wolfSSL_ASN1_STRING_PRINT_ex");
wolfSSL 15:117db924cf7c 46000 if (out == NULL || str == NULL)
wolfSSL 15:117db924cf7c 46001 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 46002
wolfSSL 15:117db924cf7c 46003 /* add ASN1 type tag */
wolfSSL 15:117db924cf7c 46004 if (flags & ASN1_STRFLGS_SHOW_TYPE){
wolfSSL 15:117db924cf7c 46005 const char *tag = wolfSSL_ASN1_tag2str(str->type);
wolfSSL 15:117db924cf7c 46006 /* colon len + tag len + null*/
wolfSSL 15:117db924cf7c 46007 type_len = XSTRLEN(tag) + 2;
wolfSSL 15:117db924cf7c 46008 typebuf = (unsigned char *)XMALLOC(type_len , NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 46009 if (typebuf == NULL){
wolfSSL 15:117db924cf7c 46010 WOLFSSL_MSG("memory alloc failed.");
wolfSSL 15:117db924cf7c 46011 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 46012 }
wolfSSL 15:117db924cf7c 46013 XMEMSET(typebuf, 0, type_len);
wolfSSL 15:117db924cf7c 46014 XSNPRINTF((char*)typebuf, (size_t)type_len , "%s:", tag);
wolfSSL 15:117db924cf7c 46015 type_len--;
wolfSSL 15:117db924cf7c 46016 }
wolfSSL 15:117db924cf7c 46017
wolfSSL 15:117db924cf7c 46018 /* dump hex */
wolfSSL 15:117db924cf7c 46019 if (flags & ASN1_STRFLGS_DUMP_ALL){
wolfSSL 15:117db924cf7c 46020 static const char hex_char[] = { '0', '1', '2', '3', '4', '5', '6',
wolfSSL 15:117db924cf7c 46021 '7','8', '9', 'A', 'B', 'C', 'D',
wolfSSL 15:117db924cf7c 46022 'E', 'F' };
wolfSSL 15:117db924cf7c 46023 char hex_tmp[4];
wolfSSL 15:117db924cf7c 46024 char *str_ptr, *str_end;
wolfSSL 15:117db924cf7c 46025
wolfSSL 15:117db924cf7c 46026 if (type_len > 0){
wolfSSL 15:117db924cf7c 46027 if (wolfSSL_BIO_write(out, typebuf, (int)type_len) != (int)type_len){
wolfSSL 15:117db924cf7c 46028 XFREE(typebuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 46029 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 46030 }
wolfSSL 15:117db924cf7c 46031 str_len += type_len;
wolfSSL 15:117db924cf7c 46032 }
wolfSSL 15:117db924cf7c 46033 if (wolfSSL_BIO_write(out, hash, 1) != 1){
wolfSSL 15:117db924cf7c 46034 goto err_exit;
wolfSSL 15:117db924cf7c 46035 }
wolfSSL 15:117db924cf7c 46036 str_len++;
wolfSSL 15:117db924cf7c 46037 if (flags & ASN1_STRFLGS_DUMP_DER){
wolfSSL 15:117db924cf7c 46038 hex_tmp[0] = hex_char[str->type >> 4];
wolfSSL 15:117db924cf7c 46039 hex_tmp[1] = hex_char[str->type & 0xf];
wolfSSL 15:117db924cf7c 46040 hex_tmp[2] = hex_char[str->length >> 4];
wolfSSL 15:117db924cf7c 46041 hex_tmp[3] = hex_char[str->length & 0xf];
wolfSSL 15:117db924cf7c 46042 if (wolfSSL_BIO_write(out, hex_tmp, 4) != 4){
wolfSSL 15:117db924cf7c 46043 goto err_exit;
wolfSSL 15:117db924cf7c 46044 }
wolfSSL 15:117db924cf7c 46045 str_len += 4;
wolfSSL 15:117db924cf7c 46046 XMEMSET(hex_tmp, 0, 4);
wolfSSL 15:117db924cf7c 46047 }
wolfSSL 15:117db924cf7c 46048
wolfSSL 15:117db924cf7c 46049 str_ptr = str->data;
wolfSSL 15:117db924cf7c 46050 str_end = str->data + str->length;
wolfSSL 15:117db924cf7c 46051 while (str_ptr < str_end){
wolfSSL 15:117db924cf7c 46052 hex_tmp[0] = hex_char[*str_ptr >> 4];
wolfSSL 15:117db924cf7c 46053 hex_tmp[1] = hex_char[*str_ptr & 0xf];
wolfSSL 15:117db924cf7c 46054 if (wolfSSL_BIO_write(out, hex_tmp, 2) != 2){
wolfSSL 15:117db924cf7c 46055 goto err_exit;
wolfSSL 15:117db924cf7c 46056 }
wolfSSL 15:117db924cf7c 46057 str_ptr++;
wolfSSL 15:117db924cf7c 46058 str_len += 2;
wolfSSL 15:117db924cf7c 46059 }
wolfSSL 15:117db924cf7c 46060 if (type_len > 0)
wolfSSL 15:117db924cf7c 46061 XFREE(typebuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 46062
wolfSSL 15:117db924cf7c 46063 return (int)str_len;
wolfSSL 15:117db924cf7c 46064 }
wolfSSL 15:117db924cf7c 46065
wolfSSL 15:117db924cf7c 46066 if (type_len > 0){
wolfSSL 15:117db924cf7c 46067 if (wolfSSL_BIO_write(out, typebuf, (int)type_len) != (int)type_len){
wolfSSL 15:117db924cf7c 46068 XFREE(typebuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 46069 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 46070 }
wolfSSL 15:117db924cf7c 46071 str_len += type_len;
wolfSSL 15:117db924cf7c 46072 }
wolfSSL 15:117db924cf7c 46073
wolfSSL 15:117db924cf7c 46074 if (flags & ASN1_STRFLGS_ESC_2253){
wolfSSL 15:117db924cf7c 46075 char esc_ch[] = "+;<>\\";
wolfSSL 16:8e0d178b1d1e 46076 char* esc_ptr;
wolfSSL 15:117db924cf7c 46077
wolfSSL 15:117db924cf7c 46078 esc_ptr = str->data;
wolfSSL 15:117db924cf7c 46079 while (*esc_ptr != 0){
wolfSSL 15:117db924cf7c 46080 if (check_esc_char(*esc_ptr, esc_ch)){
wolfSSL 15:117db924cf7c 46081 if (wolfSSL_BIO_write(out,"\\", 1) != 1)
wolfSSL 15:117db924cf7c 46082 goto err_exit;
wolfSSL 15:117db924cf7c 46083 str_len++;
wolfSSL 15:117db924cf7c 46084 }
wolfSSL 15:117db924cf7c 46085 if (wolfSSL_BIO_write(out, esc_ptr, 1) != 1)
wolfSSL 15:117db924cf7c 46086 goto err_exit;
wolfSSL 15:117db924cf7c 46087 str_len++;
wolfSSL 15:117db924cf7c 46088 esc_ptr++;
wolfSSL 15:117db924cf7c 46089 }
wolfSSL 15:117db924cf7c 46090 if (type_len > 0)
wolfSSL 15:117db924cf7c 46091 XFREE(typebuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 46092 return (int)str_len;
wolfSSL 15:117db924cf7c 46093 }
wolfSSL 15:117db924cf7c 46094
wolfSSL 15:117db924cf7c 46095 if (wolfSSL_BIO_write(out, str->data, str->length) != str->length){
wolfSSL 15:117db924cf7c 46096 goto err_exit;
wolfSSL 15:117db924cf7c 46097 }
wolfSSL 15:117db924cf7c 46098 str_len += str->length;
wolfSSL 15:117db924cf7c 46099 if (type_len > 0)
wolfSSL 15:117db924cf7c 46100 XFREE(typebuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 46101
wolfSSL 15:117db924cf7c 46102 return (int)str_len;
wolfSSL 15:117db924cf7c 46103
wolfSSL 15:117db924cf7c 46104 err_exit:
wolfSSL 15:117db924cf7c 46105 if (type_len > 0)
wolfSSL 15:117db924cf7c 46106 XFREE(typebuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 15:117db924cf7c 46107 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 46108 }
wolfSSL 15:117db924cf7c 46109
wolfSSL 16:8e0d178b1d1e 46110 #if !defined(NO_ASN_TIME) && !defined(USER_TIME) && !defined(TIME_OVERRIDES)
wolfSSL 16:8e0d178b1d1e 46111 WOLFSSL_ASN1_TIME* wolfSSL_ASN1_TIME_new(void)
wolfSSL 16:8e0d178b1d1e 46112 {
wolfSSL 16:8e0d178b1d1e 46113 WOLFSSL_ASN1_TIME* ret = (WOLFSSL_ASN1_TIME*)
wolfSSL 16:8e0d178b1d1e 46114 XMALLOC(sizeof(WOLFSSL_ASN1_TIME), NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL 16:8e0d178b1d1e 46115 if (!ret)
wolfSSL 16:8e0d178b1d1e 46116 return NULL;
wolfSSL 16:8e0d178b1d1e 46117 XMEMSET(ret, 0, sizeof(WOLFSSL_ASN1_TIME));
wolfSSL 16:8e0d178b1d1e 46118 return ret;
wolfSSL 16:8e0d178b1d1e 46119 }
wolfSSL 16:8e0d178b1d1e 46120
wolfSSL 16:8e0d178b1d1e 46121 void wolfSSL_ASN1_TIME_free(WOLFSSL_ASN1_TIME* t)
wolfSSL 16:8e0d178b1d1e 46122 {
wolfSSL 16:8e0d178b1d1e 46123 if (t) {
wolfSSL 16:8e0d178b1d1e 46124 XFREE(t, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL 16:8e0d178b1d1e 46125 }
wolfSSL 16:8e0d178b1d1e 46126 }
wolfSSL 16:8e0d178b1d1e 46127
wolfSSL 16:8e0d178b1d1e 46128 WOLFSSL_ASN1_TIME* wolfSSL_ASN1_TIME_adj(WOLFSSL_ASN1_TIME *s, time_t t,
wolfSSL 16:8e0d178b1d1e 46129 int offset_day, long offset_sec)
wolfSSL 16:8e0d178b1d1e 46130 {
wolfSSL 16:8e0d178b1d1e 46131 const time_t sec_per_day = 24*60*60;
wolfSSL 16:8e0d178b1d1e 46132 struct tm* ts = NULL;
wolfSSL 16:8e0d178b1d1e 46133 struct tm* tmpTime;
wolfSSL 16:8e0d178b1d1e 46134 time_t t_adj = 0;
wolfSSL 16:8e0d178b1d1e 46135 time_t offset_day_sec = 0;
wolfSSL 16:8e0d178b1d1e 46136 #if defined(NEED_TMP_TIME)
wolfSSL 16:8e0d178b1d1e 46137 struct tm tmpTimeStorage;
wolfSSL 16:8e0d178b1d1e 46138
wolfSSL 16:8e0d178b1d1e 46139 tmpTime = &tmpTimeStorage;
wolfSSL 16:8e0d178b1d1e 46140 #else
wolfSSL 16:8e0d178b1d1e 46141 tmpTime = NULL;
wolfSSL 16:8e0d178b1d1e 46142 #endif
wolfSSL 16:8e0d178b1d1e 46143 (void)tmpTime;
wolfSSL 16:8e0d178b1d1e 46144
wolfSSL 16:8e0d178b1d1e 46145 WOLFSSL_ENTER("wolfSSL_ASN1_TIME_adj");
wolfSSL 16:8e0d178b1d1e 46146
wolfSSL 16:8e0d178b1d1e 46147 if (s == NULL){
wolfSSL 16:8e0d178b1d1e 46148 s = wolfSSL_ASN1_TIME_new();
wolfSSL 16:8e0d178b1d1e 46149 if (s == NULL){
wolfSSL 16:8e0d178b1d1e 46150 return NULL;
wolfSSL 16:8e0d178b1d1e 46151 }
wolfSSL 16:8e0d178b1d1e 46152 }
wolfSSL 16:8e0d178b1d1e 46153
wolfSSL 16:8e0d178b1d1e 46154 /* compute GMT time with offset */
wolfSSL 16:8e0d178b1d1e 46155 offset_day_sec = offset_day * sec_per_day;
wolfSSL 16:8e0d178b1d1e 46156 t_adj = t + offset_day_sec + offset_sec;
wolfSSL 16:8e0d178b1d1e 46157 ts = (struct tm *)XGMTIME(&t_adj, tmpTime);
wolfSSL 16:8e0d178b1d1e 46158 if (ts == NULL){
wolfSSL 16:8e0d178b1d1e 46159 WOLFSSL_MSG("failed to get time data.");
wolfSSL 16:8e0d178b1d1e 46160 XFREE(s, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL 16:8e0d178b1d1e 46161 return NULL;
wolfSSL 16:8e0d178b1d1e 46162 }
wolfSSL 16:8e0d178b1d1e 46163
wolfSSL 16:8e0d178b1d1e 46164 /* create ASN1 time notation */
wolfSSL 16:8e0d178b1d1e 46165 /* UTC Time */
wolfSSL 16:8e0d178b1d1e 46166 if (ts->tm_year >= 50 && ts->tm_year < 150){
wolfSSL 16:8e0d178b1d1e 46167 char utc_str[ASN_UTC_TIME_SIZE];
wolfSSL 16:8e0d178b1d1e 46168 int utc_year = 0,utc_mon,utc_day,utc_hour,utc_min,utc_sec;
wolfSSL 16:8e0d178b1d1e 46169
wolfSSL 16:8e0d178b1d1e 46170 s->type = V_ASN1_UTCTIME;
wolfSSL 16:8e0d178b1d1e 46171 s->length = ASN_UTC_TIME_SIZE;
wolfSSL 16:8e0d178b1d1e 46172
wolfSSL 16:8e0d178b1d1e 46173 if (ts->tm_year >= 50 && ts->tm_year < 100){
wolfSSL 16:8e0d178b1d1e 46174 utc_year = ts->tm_year;
wolfSSL 16:8e0d178b1d1e 46175 } else if (ts->tm_year >= 100 && ts->tm_year < 150){
wolfSSL 16:8e0d178b1d1e 46176 utc_year = ts->tm_year - 100;
wolfSSL 16:8e0d178b1d1e 46177 }
wolfSSL 16:8e0d178b1d1e 46178 utc_mon = ts->tm_mon + 1;
wolfSSL 16:8e0d178b1d1e 46179 utc_day = ts->tm_mday;
wolfSSL 16:8e0d178b1d1e 46180 utc_hour = ts->tm_hour;
wolfSSL 16:8e0d178b1d1e 46181 utc_min = ts->tm_min;
wolfSSL 16:8e0d178b1d1e 46182 utc_sec = ts->tm_sec;
wolfSSL 16:8e0d178b1d1e 46183 XSNPRINTF((char *)utc_str, sizeof(utc_str),
wolfSSL 16:8e0d178b1d1e 46184 "%02d%02d%02d%02d%02d%02dZ",
wolfSSL 16:8e0d178b1d1e 46185 utc_year, utc_mon, utc_day, utc_hour, utc_min, utc_sec);
wolfSSL 16:8e0d178b1d1e 46186 XMEMCPY(s->data, (byte *)utc_str, s->length);
wolfSSL 16:8e0d178b1d1e 46187 /* GeneralizedTime */
wolfSSL 16:8e0d178b1d1e 46188 } else {
wolfSSL 16:8e0d178b1d1e 46189 char gt_str[ASN_GENERALIZED_TIME_MAX];
wolfSSL 16:8e0d178b1d1e 46190 int gt_year,gt_mon,gt_day,gt_hour,gt_min,gt_sec;
wolfSSL 16:8e0d178b1d1e 46191
wolfSSL 16:8e0d178b1d1e 46192 s->type = V_ASN1_GENERALIZEDTIME;
wolfSSL 16:8e0d178b1d1e 46193 s->length = ASN_GENERALIZED_TIME_SIZE;
wolfSSL 16:8e0d178b1d1e 46194
wolfSSL 16:8e0d178b1d1e 46195 gt_year = ts->tm_year + 1900;
wolfSSL 16:8e0d178b1d1e 46196 gt_mon = ts->tm_mon + 1;
wolfSSL 16:8e0d178b1d1e 46197 gt_day = ts->tm_mday;
wolfSSL 16:8e0d178b1d1e 46198 gt_hour = ts->tm_hour;
wolfSSL 16:8e0d178b1d1e 46199 gt_min = ts->tm_min;
wolfSSL 16:8e0d178b1d1e 46200 gt_sec = ts->tm_sec;
wolfSSL 16:8e0d178b1d1e 46201 XSNPRINTF((char *)gt_str, sizeof(gt_str),
wolfSSL 16:8e0d178b1d1e 46202 "%4d%02d%02d%02d%02d%02dZ",
wolfSSL 16:8e0d178b1d1e 46203 gt_year, gt_mon, gt_day, gt_hour, gt_min,gt_sec);
wolfSSL 16:8e0d178b1d1e 46204 XMEMCPY(s->data, (byte *)gt_str, s->length);
wolfSSL 16:8e0d178b1d1e 46205 }
wolfSSL 16:8e0d178b1d1e 46206
wolfSSL 16:8e0d178b1d1e 46207 return s;
wolfSSL 16:8e0d178b1d1e 46208 }
wolfSSL 16:8e0d178b1d1e 46209 #endif /* !NO_ASN_TIME && !USER_TIME && !TIME_OVERRIDES */
wolfSSL 16:8e0d178b1d1e 46210
wolfSSL 15:117db924cf7c 46211 #ifndef NO_ASN_TIME
wolfSSL 16:8e0d178b1d1e 46212 /* not a compatibility function - length getter for opaque type */
wolfSSL 16:8e0d178b1d1e 46213 int wolfSSL_ASN1_TIME_get_length(WOLFSSL_ASN1_TIME *t)
wolfSSL 16:8e0d178b1d1e 46214 {
wolfSSL 16:8e0d178b1d1e 46215 WOLFSSL_ENTER("wolfSSL_ASN1_TIME_get_length");
wolfSSL 16:8e0d178b1d1e 46216 if (t == NULL)
wolfSSL 16:8e0d178b1d1e 46217 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 46218 return t->length;
wolfSSL 16:8e0d178b1d1e 46219 }
wolfSSL 16:8e0d178b1d1e 46220 /* not a compatibility function - data getter for opaque type */
wolfSSL 16:8e0d178b1d1e 46221 unsigned char* wolfSSL_ASN1_TIME_get_data(WOLFSSL_ASN1_TIME *t)
wolfSSL 16:8e0d178b1d1e 46222 {
wolfSSL 16:8e0d178b1d1e 46223 WOLFSSL_ENTER("wolfSSL_ASN1_TIME_get_data");
wolfSSL 16:8e0d178b1d1e 46224 if (t == NULL)
wolfSSL 16:8e0d178b1d1e 46225 return NULL;
wolfSSL 16:8e0d178b1d1e 46226 return t->data;
wolfSSL 16:8e0d178b1d1e 46227 }
wolfSSL 16:8e0d178b1d1e 46228
wolfSSL 16:8e0d178b1d1e 46229 WOLFSSL_ASN1_TIME* wolfSSL_ASN1_TIME_to_generalizedtime(WOLFSSL_ASN1_TIME *t,
wolfSSL 15:117db924cf7c 46230 WOLFSSL_ASN1_TIME **out)
wolfSSL 15:117db924cf7c 46231 {
wolfSSL 16:8e0d178b1d1e 46232 int time_type = 0;
wolfSSL 15:117db924cf7c 46233 WOLFSSL_ASN1_TIME *ret = NULL;
wolfSSL 15:117db924cf7c 46234
wolfSSL 15:117db924cf7c 46235 WOLFSSL_ENTER("wolfSSL_ASN1_TIME_to_generalizedtime");
wolfSSL 16:8e0d178b1d1e 46236 if (t == NULL) {
wolfSSL 16:8e0d178b1d1e 46237 WOLFSSL_MSG("Invalid ASN_TIME value");
wolfSSL 16:8e0d178b1d1e 46238 } else {
wolfSSL 16:8e0d178b1d1e 46239 time_type = t->type;
wolfSSL 16:8e0d178b1d1e 46240 if (time_type != ASN_UTC_TIME && time_type != ASN_GENERALIZED_TIME){
wolfSSL 16:8e0d178b1d1e 46241 WOLFSSL_MSG("Invalid ASN_TIME type.");
wolfSSL 16:8e0d178b1d1e 46242 } else {
wolfSSL 16:8e0d178b1d1e 46243 if (out == NULL || *out == NULL) {
wolfSSL 16:8e0d178b1d1e 46244 ret = wolfSSL_ASN1_TIME_new();
wolfSSL 16:8e0d178b1d1e 46245 if (ret == NULL){
wolfSSL 16:8e0d178b1d1e 46246 WOLFSSL_MSG("memory alloc failed.");
wolfSSL 16:8e0d178b1d1e 46247 }
wolfSSL 16:8e0d178b1d1e 46248 } else {
wolfSSL 16:8e0d178b1d1e 46249 ret = *out;
wolfSSL 16:8e0d178b1d1e 46250 }
wolfSSL 16:8e0d178b1d1e 46251 }
wolfSSL 16:8e0d178b1d1e 46252 }
wolfSSL 16:8e0d178b1d1e 46253
wolfSSL 16:8e0d178b1d1e 46254 if (ret != NULL) {
wolfSSL 16:8e0d178b1d1e 46255 if (time_type == ASN_GENERALIZED_TIME){
wolfSSL 16:8e0d178b1d1e 46256 XMEMCPY(ret->data, t->data, ASN_GENERALIZED_TIME_SIZE);
wolfSSL 16:8e0d178b1d1e 46257 } else { /* ASN_UTC_TIME */
wolfSSL 16:8e0d178b1d1e 46258 /* convert UTC to generalized time */
wolfSSL 16:8e0d178b1d1e 46259 ret->type = ASN_GENERALIZED_TIME;
wolfSSL 16:8e0d178b1d1e 46260 ret->length = ASN_GENERALIZED_TIME_SIZE;
wolfSSL 16:8e0d178b1d1e 46261 if (t->data[0] >= '5') {
wolfSSL 16:8e0d178b1d1e 46262 ret->data[0] = '1'; ret->data[1] = '9';
wolfSSL 16:8e0d178b1d1e 46263 } else {
wolfSSL 16:8e0d178b1d1e 46264 ret->data[0] = '2'; ret->data[1] = '0';
wolfSSL 16:8e0d178b1d1e 46265 }
wolfSSL 16:8e0d178b1d1e 46266 XMEMCPY(&ret->data[2], t->data, ASN_UTC_TIME_SIZE);
wolfSSL 16:8e0d178b1d1e 46267 }
wolfSSL 16:8e0d178b1d1e 46268 }
wolfSSL 16:8e0d178b1d1e 46269
wolfSSL 16:8e0d178b1d1e 46270 return ret;
wolfSSL 15:117db924cf7c 46271 }
wolfSSL 15:117db924cf7c 46272 #endif /* !NO_ASN_TIME */
wolfSSL 15:117db924cf7c 46273
wolfSSL 15:117db924cf7c 46274 #ifndef NO_ASN
wolfSSL 15:117db924cf7c 46275 int wolfSSL_i2c_ASN1_INTEGER(WOLFSSL_ASN1_INTEGER *a, unsigned char **pp)
wolfSSL 15:117db924cf7c 46276 {
wolfSSL 15:117db924cf7c 46277 unsigned char *pptr = NULL;
wolfSSL 15:117db924cf7c 46278 char pad = 0 ;
wolfSSL 15:117db924cf7c 46279 unsigned char pad_val = 0;
wolfSSL 15:117db924cf7c 46280 int ret_size = 0;
wolfSSL 15:117db924cf7c 46281 unsigned char data1 = 0;
wolfSSL 15:117db924cf7c 46282 unsigned char neg = 0;
wolfSSL 15:117db924cf7c 46283 int i = 0;
wolfSSL 15:117db924cf7c 46284
wolfSSL 15:117db924cf7c 46285 WOLFSSL_ENTER("wolfSSL_i2c_ASN1_INTEGER");
wolfSSL 15:117db924cf7c 46286 if (a == NULL)
wolfSSL 15:117db924cf7c 46287 return WOLFSSL_FAILURE;
wolfSSL 15:117db924cf7c 46288
wolfSSL 15:117db924cf7c 46289 ret_size = a->intData[1];
wolfSSL 15:117db924cf7c 46290 if (ret_size == 0)
wolfSSL 15:117db924cf7c 46291 ret_size = 1;
wolfSSL 15:117db924cf7c 46292 else{
wolfSSL 15:117db924cf7c 46293 ret_size = (int)a->intData[1];
wolfSSL 15:117db924cf7c 46294 neg = a->negative;
wolfSSL 15:117db924cf7c 46295 data1 = a->intData[2];
wolfSSL 15:117db924cf7c 46296 if (ret_size == 1 && data1 == 0)
wolfSSL 15:117db924cf7c 46297 neg = 0;
wolfSSL 15:117db924cf7c 46298 /* 0x80 or greater positive number in first byte */
wolfSSL 15:117db924cf7c 46299 if (!neg && (data1 > 127)){
wolfSSL 15:117db924cf7c 46300 pad = 1;
wolfSSL 15:117db924cf7c 46301 pad_val = 0;
wolfSSL 15:117db924cf7c 46302 } else if (neg){
wolfSSL 15:117db924cf7c 46303 /* negative number */
wolfSSL 15:117db924cf7c 46304 if (data1 > 128){
wolfSSL 15:117db924cf7c 46305 pad = 1;
wolfSSL 15:117db924cf7c 46306 pad_val = 0xff;
wolfSSL 15:117db924cf7c 46307 } else if (data1 == 128){
wolfSSL 15:117db924cf7c 46308 for (i = 3; i < a->intData[1] + 2; i++){
wolfSSL 15:117db924cf7c 46309 if (a->intData[i]){
wolfSSL 15:117db924cf7c 46310 pad = 1;
wolfSSL 15:117db924cf7c 46311 pad_val = 0xff;
wolfSSL 15:117db924cf7c 46312 break;
wolfSSL 15:117db924cf7c 46313 }
wolfSSL 15:117db924cf7c 46314 }
wolfSSL 15:117db924cf7c 46315 }
wolfSSL 15:117db924cf7c 46316 }
wolfSSL 15:117db924cf7c 46317 ret_size += (int)pad;
wolfSSL 15:117db924cf7c 46318 }
wolfSSL 15:117db924cf7c 46319 if (pp == NULL)
wolfSSL 15:117db924cf7c 46320 return ret_size;
wolfSSL 15:117db924cf7c 46321
wolfSSL 15:117db924cf7c 46322 pptr = *pp;
wolfSSL 15:117db924cf7c 46323 if (pad)
wolfSSL 15:117db924cf7c 46324 *(pptr++) = pad_val;
wolfSSL 15:117db924cf7c 46325 if (a->intData[1] == 0)
wolfSSL 15:117db924cf7c 46326 *(pptr++) = 0;
wolfSSL 15:117db924cf7c 46327 else if (!neg){
wolfSSL 15:117db924cf7c 46328 /* positive number */
wolfSSL 15:117db924cf7c 46329 for (i=0; i < a->intData[1]; i++){
wolfSSL 15:117db924cf7c 46330 *pptr = a->intData[i+2];
wolfSSL 15:117db924cf7c 46331 pptr++;
wolfSSL 15:117db924cf7c 46332 }
wolfSSL 15:117db924cf7c 46333 } else {
wolfSSL 15:117db924cf7c 46334 /* negative number */
wolfSSL 15:117db924cf7c 46335 int str_len = 0;
wolfSSL 15:117db924cf7c 46336
wolfSSL 15:117db924cf7c 46337 /* 0 padding from end of buffer */
wolfSSL 15:117db924cf7c 46338 str_len = (int)a->intData[1];
wolfSSL 15:117db924cf7c 46339 pptr += a->intData[1] - 1;
wolfSSL 15:117db924cf7c 46340 while (!a->intData[str_len + 2] && str_len > 1){
wolfSSL 15:117db924cf7c 46341 *(pptr--) = 0;
wolfSSL 15:117db924cf7c 46342 str_len--;
wolfSSL 15:117db924cf7c 46343 }
wolfSSL 15:117db924cf7c 46344 /* 2's complement next octet */
wolfSSL 15:117db924cf7c 46345 *(pptr--) = ((a->intData[str_len + 1]) ^ 0xff) + 1;
wolfSSL 15:117db924cf7c 46346 str_len--;
wolfSSL 15:117db924cf7c 46347 /* Complement any octets left */
wolfSSL 15:117db924cf7c 46348 while (str_len > 0){
wolfSSL 15:117db924cf7c 46349 *(pptr--) = a->intData[str_len + 1] ^ 0xff;
wolfSSL 15:117db924cf7c 46350 str_len--;
wolfSSL 15:117db924cf7c 46351 }
wolfSSL 15:117db924cf7c 46352 }
wolfSSL 15:117db924cf7c 46353 *pp += ret_size;
wolfSSL 15:117db924cf7c 46354 return ret_size;
wolfSSL 15:117db924cf7c 46355 }
wolfSSL 15:117db924cf7c 46356 #endif /* !NO_ASN */
wolfSSL 15:117db924cf7c 46357
wolfSSL 16:8e0d178b1d1e 46358
wolfSSL 16:8e0d178b1d1e 46359 #ifndef NO_CERTS
wolfSSL 16:8e0d178b1d1e 46360 int wolfSSL_X509_CA_num(WOLFSSL_X509_STORE* store)
wolfSSL 16:8e0d178b1d1e 46361 {
wolfSSL 16:8e0d178b1d1e 46362 int i = 0;
wolfSSL 16:8e0d178b1d1e 46363 int cnt_ret = 0;
wolfSSL 16:8e0d178b1d1e 46364 Signer **table;
wolfSSL 16:8e0d178b1d1e 46365
wolfSSL 16:8e0d178b1d1e 46366 WOLFSSL_ENTER("wolfSSL_X509_CA_num");
wolfSSL 16:8e0d178b1d1e 46367 if (store == NULL || store->cm == NULL){
wolfSSL 16:8e0d178b1d1e 46368 WOLFSSL_MSG("invalid parameter");
wolfSSL 16:8e0d178b1d1e 46369 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 46370 }
wolfSSL 16:8e0d178b1d1e 46371
wolfSSL 16:8e0d178b1d1e 46372 table = store->cm->caTable;
wolfSSL 16:8e0d178b1d1e 46373 if (table){
wolfSSL 16:8e0d178b1d1e 46374 if (wc_LockMutex(&store->cm->caLock) == 0){
wolfSSL 16:8e0d178b1d1e 46375 for (i = 0; i < CA_TABLE_SIZE; i++) {
wolfSSL 16:8e0d178b1d1e 46376 Signer* signer = table[i];
wolfSSL 16:8e0d178b1d1e 46377 while (signer) {
wolfSSL 16:8e0d178b1d1e 46378 Signer* next = signer->next;
wolfSSL 16:8e0d178b1d1e 46379 cnt_ret++;
wolfSSL 16:8e0d178b1d1e 46380 signer = next;
wolfSSL 16:8e0d178b1d1e 46381 }
wolfSSL 16:8e0d178b1d1e 46382 }
wolfSSL 16:8e0d178b1d1e 46383 wc_UnLockMutex(&store->cm->caLock);
wolfSSL 16:8e0d178b1d1e 46384 }
wolfSSL 16:8e0d178b1d1e 46385 }
wolfSSL 16:8e0d178b1d1e 46386
wolfSSL 16:8e0d178b1d1e 46387 return cnt_ret;
wolfSSL 16:8e0d178b1d1e 46388 }
wolfSSL 16:8e0d178b1d1e 46389 #endif /* !NO_CERTS */
wolfSSL 16:8e0d178b1d1e 46390
wolfSSL 16:8e0d178b1d1e 46391 long wolfSSL_X509_get_version(const WOLFSSL_X509 *x509)
wolfSSL 16:8e0d178b1d1e 46392 {
wolfSSL 16:8e0d178b1d1e 46393 int version = 0;
wolfSSL 16:8e0d178b1d1e 46394
wolfSSL 16:8e0d178b1d1e 46395 WOLFSSL_ENTER("wolfSSL_X509_get_version");
wolfSSL 16:8e0d178b1d1e 46396
wolfSSL 16:8e0d178b1d1e 46397 if (x509 == NULL){
wolfSSL 16:8e0d178b1d1e 46398 WOLFSSL_MSG("invalid parameter");
wolfSSL 16:8e0d178b1d1e 46399 return 0L;
wolfSSL 16:8e0d178b1d1e 46400 }
wolfSSL 16:8e0d178b1d1e 46401 version = x509->version;
wolfSSL 16:8e0d178b1d1e 46402 if (version != 0)
wolfSSL 16:8e0d178b1d1e 46403 return (long)version - 1L;
wolfSSL 16:8e0d178b1d1e 46404
wolfSSL 16:8e0d178b1d1e 46405 return 0L;
wolfSSL 16:8e0d178b1d1e 46406 }
wolfSSL 16:8e0d178b1d1e 46407
wolfSSL 16:8e0d178b1d1e 46408
wolfSSL 16:8e0d178b1d1e 46409 int wolfSSL_X509_get_signature_nid(const WOLFSSL_X509 *x)
wolfSSL 16:8e0d178b1d1e 46410 {
wolfSSL 16:8e0d178b1d1e 46411 if (x == NULL)
wolfSSL 16:8e0d178b1d1e 46412 return 0;
wolfSSL 16:8e0d178b1d1e 46413
wolfSSL 16:8e0d178b1d1e 46414 return oid2nid(x->sigOID, oidSigType);
wolfSSL 16:8e0d178b1d1e 46415 }
wolfSSL 16:8e0d178b1d1e 46416 #endif /* OPENSSL_EXTRA */
wolfSSL 16:8e0d178b1d1e 46417
wolfSSL 16:8e0d178b1d1e 46418 #if defined(OPENSSL_EXTRA) && !defined(NO_RSA)
wolfSSL 16:8e0d178b1d1e 46419 /* return compliant with OpenSSL
wolfSSL 16:8e0d178b1d1e 46420 * RSA modulus size in bytes, -1 if error
wolfSSL 16:8e0d178b1d1e 46421 */
wolfSSL 16:8e0d178b1d1e 46422 int wolfSSL_RSA_size(const WOLFSSL_RSA* rsa)
wolfSSL 16:8e0d178b1d1e 46423 {
wolfSSL 16:8e0d178b1d1e 46424 WOLFSSL_ENTER("wolfSSL_RSA_size");
wolfSSL 16:8e0d178b1d1e 46425
wolfSSL 16:8e0d178b1d1e 46426 if (rsa == NULL)
wolfSSL 16:8e0d178b1d1e 46427 return WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 46428 if (rsa->inSet == 0)
wolfSSL 16:8e0d178b1d1e 46429 {
wolfSSL 16:8e0d178b1d1e 46430 if (SetRsaInternal((WOLFSSL_RSA*)rsa) != SSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 46431 WOLFSSL_MSG("SetRsaInternal failed");
wolfSSL 16:8e0d178b1d1e 46432 return 0;
wolfSSL 16:8e0d178b1d1e 46433 }
wolfSSL 16:8e0d178b1d1e 46434 }
wolfSSL 16:8e0d178b1d1e 46435 return wc_RsaEncryptSize((RsaKey*)rsa->internal);
wolfSSL 16:8e0d178b1d1e 46436 }
wolfSSL 16:8e0d178b1d1e 46437 #endif
wolfSSL 16:8e0d178b1d1e 46438
wolfSSL 16:8e0d178b1d1e 46439 #if !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA) && \
wolfSSL 16:8e0d178b1d1e 46440 !defined(NO_RSA) && (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
wolfSSL 16:8e0d178b1d1e 46441 /* WolfSSL -> OpenSSL */
wolfSSL 16:8e0d178b1d1e 46442 int SetRsaExternal(WOLFSSL_RSA* rsa)
wolfSSL 16:8e0d178b1d1e 46443 {
wolfSSL 16:8e0d178b1d1e 46444 RsaKey* key;
wolfSSL 16:8e0d178b1d1e 46445 WOLFSSL_MSG("Entering SetRsaExternal");
wolfSSL 16:8e0d178b1d1e 46446
wolfSSL 16:8e0d178b1d1e 46447 if (rsa == NULL || rsa->internal == NULL) {
wolfSSL 16:8e0d178b1d1e 46448 WOLFSSL_MSG("rsa key NULL error");
wolfSSL 16:8e0d178b1d1e 46449 return WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 46450 }
wolfSSL 16:8e0d178b1d1e 46451
wolfSSL 16:8e0d178b1d1e 46452 key = (RsaKey*)rsa->internal;
wolfSSL 16:8e0d178b1d1e 46453
wolfSSL 16:8e0d178b1d1e 46454 if (SetIndividualExternal(&rsa->n, &key->n) != WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 46455 WOLFSSL_MSG("rsa n key error");
wolfSSL 16:8e0d178b1d1e 46456 return WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 46457 }
wolfSSL 16:8e0d178b1d1e 46458
wolfSSL 16:8e0d178b1d1e 46459 if (SetIndividualExternal(&rsa->e, &key->e) != WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 46460 WOLFSSL_MSG("rsa e key error");
wolfSSL 16:8e0d178b1d1e 46461 return WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 46462 }
wolfSSL 16:8e0d178b1d1e 46463
wolfSSL 16:8e0d178b1d1e 46464 if (key->type == RSA_PRIVATE) {
wolfSSL 16:8e0d178b1d1e 46465 if (SetIndividualExternal(&rsa->d, &key->d) != WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 46466 WOLFSSL_MSG("rsa d key error");
wolfSSL 16:8e0d178b1d1e 46467 return WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 46468 }
wolfSSL 16:8e0d178b1d1e 46469
wolfSSL 16:8e0d178b1d1e 46470 if (SetIndividualExternal(&rsa->p, &key->p) != WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 46471 WOLFSSL_MSG("rsa p key error");
wolfSSL 16:8e0d178b1d1e 46472 return WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 46473 }
wolfSSL 16:8e0d178b1d1e 46474
wolfSSL 16:8e0d178b1d1e 46475 if (SetIndividualExternal(&rsa->q, &key->q) != WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 46476 WOLFSSL_MSG("rsa q key error");
wolfSSL 16:8e0d178b1d1e 46477 return WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 46478 }
wolfSSL 16:8e0d178b1d1e 46479
wolfSSL 16:8e0d178b1d1e 46480 #ifndef RSA_LOW_MEM
wolfSSL 16:8e0d178b1d1e 46481 if (SetIndividualExternal(&rsa->dmp1, &key->dP) != WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 46482 WOLFSSL_MSG("rsa dP key error");
wolfSSL 16:8e0d178b1d1e 46483 return WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 46484 }
wolfSSL 16:8e0d178b1d1e 46485
wolfSSL 16:8e0d178b1d1e 46486 if (SetIndividualExternal(&rsa->dmq1, &key->dQ) != WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 46487 WOLFSSL_MSG("rsa dQ key error");
wolfSSL 16:8e0d178b1d1e 46488 return WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 46489 }
wolfSSL 16:8e0d178b1d1e 46490
wolfSSL 16:8e0d178b1d1e 46491 if (SetIndividualExternal(&rsa->iqmp, &key->u) != WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 46492 WOLFSSL_MSG("rsa u key error");
wolfSSL 16:8e0d178b1d1e 46493 return WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 46494 }
wolfSSL 16:8e0d178b1d1e 46495 #endif /* !RSA_LOW_MEM */
wolfSSL 16:8e0d178b1d1e 46496 }
wolfSSL 16:8e0d178b1d1e 46497 rsa->exSet = 1;
wolfSSL 16:8e0d178b1d1e 46498
wolfSSL 16:8e0d178b1d1e 46499 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 46500 }
wolfSSL 16:8e0d178b1d1e 46501 #endif
wolfSSL 16:8e0d178b1d1e 46502 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
wolfSSL 16:8e0d178b1d1e 46503 /* when calling SetIndividualExternal, mpi should be cleared by caller if no
wolfSSL 16:8e0d178b1d1e 46504 * longer used. ie mp_free(mpi). This is to free data when fastmath is
wolfSSL 16:8e0d178b1d1e 46505 * disabled since a copy of mpi is made by this function and placed into bn.
wolfSSL 16:8e0d178b1d1e 46506 */
wolfSSL 16:8e0d178b1d1e 46507 int SetIndividualExternal(WOLFSSL_BIGNUM** bn, mp_int* mpi)
wolfSSL 16:8e0d178b1d1e 46508 {
wolfSSL 16:8e0d178b1d1e 46509 byte dynamic = 0;
wolfSSL 16:8e0d178b1d1e 46510
wolfSSL 16:8e0d178b1d1e 46511 WOLFSSL_MSG("Entering SetIndividualExternal");
wolfSSL 16:8e0d178b1d1e 46512
wolfSSL 16:8e0d178b1d1e 46513 if (mpi == NULL || bn == NULL) {
wolfSSL 16:8e0d178b1d1e 46514 WOLFSSL_MSG("mpi NULL error");
wolfSSL 16:8e0d178b1d1e 46515 return WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 46516 }
wolfSSL 16:8e0d178b1d1e 46517
wolfSSL 16:8e0d178b1d1e 46518 if (*bn == NULL) {
wolfSSL 16:8e0d178b1d1e 46519 *bn = wolfSSL_BN_new();
wolfSSL 16:8e0d178b1d1e 46520 if (*bn == NULL) {
wolfSSL 16:8e0d178b1d1e 46521 WOLFSSL_MSG("SetIndividualExternal alloc failed");
wolfSSL 16:8e0d178b1d1e 46522 return WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 46523 }
wolfSSL 16:8e0d178b1d1e 46524 dynamic = 1;
wolfSSL 16:8e0d178b1d1e 46525 }
wolfSSL 16:8e0d178b1d1e 46526
wolfSSL 16:8e0d178b1d1e 46527 if (mp_copy(mpi, (mp_int*)((*bn)->internal)) != MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 46528 WOLFSSL_MSG("mp_copy error");
wolfSSL 16:8e0d178b1d1e 46529 if (dynamic == 1) {
wolfSSL 16:8e0d178b1d1e 46530 wolfSSL_BN_free(*bn);
wolfSSL 16:8e0d178b1d1e 46531 }
wolfSSL 16:8e0d178b1d1e 46532 return WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 46533 }
wolfSSL 16:8e0d178b1d1e 46534
wolfSSL 16:8e0d178b1d1e 46535 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 46536 }
wolfSSL 16:8e0d178b1d1e 46537
wolfSSL 16:8e0d178b1d1e 46538
wolfSSL 16:8e0d178b1d1e 46539 static void InitwolfSSL_BigNum(WOLFSSL_BIGNUM* bn)
wolfSSL 16:8e0d178b1d1e 46540 {
wolfSSL 16:8e0d178b1d1e 46541 if (bn) {
wolfSSL 16:8e0d178b1d1e 46542 XMEMSET(bn, 0, sizeof(WOLFSSL_BIGNUM));
wolfSSL 16:8e0d178b1d1e 46543 bn->neg = 0;
wolfSSL 16:8e0d178b1d1e 46544 bn->internal = NULL;
wolfSSL 16:8e0d178b1d1e 46545 }
wolfSSL 16:8e0d178b1d1e 46546 }
wolfSSL 16:8e0d178b1d1e 46547
wolfSSL 16:8e0d178b1d1e 46548
wolfSSL 16:8e0d178b1d1e 46549 WOLFSSL_BIGNUM* wolfSSL_BN_new(void)
wolfSSL 16:8e0d178b1d1e 46550 {
wolfSSL 16:8e0d178b1d1e 46551 WOLFSSL_BIGNUM* external;
wolfSSL 16:8e0d178b1d1e 46552 mp_int* mpi;
wolfSSL 16:8e0d178b1d1e 46553
wolfSSL 16:8e0d178b1d1e 46554 WOLFSSL_MSG("wolfSSL_BN_new");
wolfSSL 16:8e0d178b1d1e 46555
wolfSSL 16:8e0d178b1d1e 46556 #if !defined(USE_FAST_MATH) || defined(HAVE_WOLF_BIGINT)
wolfSSL 16:8e0d178b1d1e 46557 mpi = (mp_int*) XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_BIGINT);
wolfSSL 16:8e0d178b1d1e 46558 if (mpi == NULL) {
wolfSSL 16:8e0d178b1d1e 46559 WOLFSSL_MSG("wolfSSL_BN_new malloc mpi failure");
wolfSSL 16:8e0d178b1d1e 46560 return NULL;
wolfSSL 16:8e0d178b1d1e 46561 }
wolfSSL 16:8e0d178b1d1e 46562 #endif
wolfSSL 16:8e0d178b1d1e 46563
wolfSSL 16:8e0d178b1d1e 46564 external = (WOLFSSL_BIGNUM*) XMALLOC(sizeof(WOLFSSL_BIGNUM), NULL,
wolfSSL 16:8e0d178b1d1e 46565 DYNAMIC_TYPE_BIGINT);
wolfSSL 16:8e0d178b1d1e 46566 if (external == NULL) {
wolfSSL 16:8e0d178b1d1e 46567 WOLFSSL_MSG("wolfSSL_BN_new malloc WOLFSSL_BIGNUM failure");
wolfSSL 16:8e0d178b1d1e 46568 #if !defined(USE_FAST_MATH) || defined(HAVE_WOLF_BIGINT)
wolfSSL 16:8e0d178b1d1e 46569 XFREE(mpi, NULL, DYNAMIC_TYPE_BIGINT);
wolfSSL 16:8e0d178b1d1e 46570 #endif
wolfSSL 16:8e0d178b1d1e 46571 return NULL;
wolfSSL 16:8e0d178b1d1e 46572 }
wolfSSL 16:8e0d178b1d1e 46573
wolfSSL 16:8e0d178b1d1e 46574 #if defined(USE_FAST_MATH) && !defined(HAVE_WOLF_BIGINT)
wolfSSL 16:8e0d178b1d1e 46575 mpi = &external->fp;
wolfSSL 16:8e0d178b1d1e 46576 #endif
wolfSSL 16:8e0d178b1d1e 46577
wolfSSL 16:8e0d178b1d1e 46578 InitwolfSSL_BigNum(external);
wolfSSL 16:8e0d178b1d1e 46579 if (mp_init(mpi) != MP_OKAY) {
wolfSSL 16:8e0d178b1d1e 46580 wolfSSL_BN_free(external);
wolfSSL 16:8e0d178b1d1e 46581 return NULL;
wolfSSL 16:8e0d178b1d1e 46582 }
wolfSSL 16:8e0d178b1d1e 46583 external->internal = mpi;
wolfSSL 16:8e0d178b1d1e 46584
wolfSSL 16:8e0d178b1d1e 46585 return external;
wolfSSL 16:8e0d178b1d1e 46586 }
wolfSSL 16:8e0d178b1d1e 46587
wolfSSL 16:8e0d178b1d1e 46588
wolfSSL 16:8e0d178b1d1e 46589 #if defined(USE_FAST_MATH) && !defined(HAVE_WOLF_BIGINT)
wolfSSL 16:8e0d178b1d1e 46590 /* This function works without BN_free only with TFM */
wolfSSL 16:8e0d178b1d1e 46591 void wolfSSL_BN_init(WOLFSSL_BIGNUM* bn)
wolfSSL 16:8e0d178b1d1e 46592 {
wolfSSL 16:8e0d178b1d1e 46593 if(bn == NULL)return;
wolfSSL 16:8e0d178b1d1e 46594 WOLFSSL_MSG("wolfSSL_BN_init");
wolfSSL 16:8e0d178b1d1e 46595 InitwolfSSL_BigNum(bn);
wolfSSL 16:8e0d178b1d1e 46596 if (mp_init(&bn->fp) != MP_OKAY)
wolfSSL 16:8e0d178b1d1e 46597 return;
wolfSSL 16:8e0d178b1d1e 46598 bn->internal = (void *)&bn->fp;
wolfSSL 16:8e0d178b1d1e 46599 }
wolfSSL 16:8e0d178b1d1e 46600 #endif
wolfSSL 16:8e0d178b1d1e 46601
wolfSSL 16:8e0d178b1d1e 46602 void wolfSSL_BN_free(WOLFSSL_BIGNUM* bn)
wolfSSL 16:8e0d178b1d1e 46603 {
wolfSSL 16:8e0d178b1d1e 46604 WOLFSSL_MSG("wolfSSL_BN_free");
wolfSSL 16:8e0d178b1d1e 46605 if (bn) {
wolfSSL 16:8e0d178b1d1e 46606 if (bn->internal) {
wolfSSL 16:8e0d178b1d1e 46607 mp_int* bni = (mp_int*)bn->internal;
wolfSSL 16:8e0d178b1d1e 46608 mp_free(bni);
wolfSSL 16:8e0d178b1d1e 46609 #if !defined(USE_FAST_MATH) || defined(HAVE_WOLF_BIGINT)
wolfSSL 16:8e0d178b1d1e 46610 XFREE(bn->internal, NULL, DYNAMIC_TYPE_BIGINT);
wolfSSL 16:8e0d178b1d1e 46611 #endif
wolfSSL 16:8e0d178b1d1e 46612 bn->internal = NULL;
wolfSSL 16:8e0d178b1d1e 46613 }
wolfSSL 16:8e0d178b1d1e 46614 XFREE(bn, NULL, DYNAMIC_TYPE_BIGINT);
wolfSSL 16:8e0d178b1d1e 46615 /* bn = NULL, don't try to access or double free it */
wolfSSL 16:8e0d178b1d1e 46616 }
wolfSSL 16:8e0d178b1d1e 46617 }
wolfSSL 16:8e0d178b1d1e 46618
wolfSSL 16:8e0d178b1d1e 46619 void wolfSSL_BN_clear_free(WOLFSSL_BIGNUM* bn)
wolfSSL 16:8e0d178b1d1e 46620 {
wolfSSL 16:8e0d178b1d1e 46621 WOLFSSL_MSG("wolfSSL_BN_clear_free");
wolfSSL 16:8e0d178b1d1e 46622 if (bn) {
wolfSSL 16:8e0d178b1d1e 46623 if (bn->internal) {
wolfSSL 16:8e0d178b1d1e 46624 mp_int* bni = (mp_int*)bn->internal;
wolfSSL 16:8e0d178b1d1e 46625 mp_forcezero(bni);
wolfSSL 16:8e0d178b1d1e 46626 }
wolfSSL 16:8e0d178b1d1e 46627 wolfSSL_BN_free(bn);
wolfSSL 16:8e0d178b1d1e 46628 }
wolfSSL 16:8e0d178b1d1e 46629 }
wolfSSL 16:8e0d178b1d1e 46630
wolfSSL 16:8e0d178b1d1e 46631 void wolfSSL_BN_clear(WOLFSSL_BIGNUM* bn)
wolfSSL 16:8e0d178b1d1e 46632 {
wolfSSL 16:8e0d178b1d1e 46633 WOLFSSL_MSG("wolfSSL_BN_clear");
wolfSSL 16:8e0d178b1d1e 46634 if (bn && bn->internal) {
wolfSSL 16:8e0d178b1d1e 46635 mp_forcezero((mp_int*)bn->internal);
wolfSSL 16:8e0d178b1d1e 46636 }
wolfSSL 16:8e0d178b1d1e 46637 }
wolfSSL 16:8e0d178b1d1e 46638 #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
wolfSSL 16:8e0d178b1d1e 46639
wolfSSL 16:8e0d178b1d1e 46640 #if !defined(NO_RSA) && (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
wolfSSL 16:8e0d178b1d1e 46641 static void InitwolfSSL_Rsa(WOLFSSL_RSA* rsa)
wolfSSL 16:8e0d178b1d1e 46642 {
wolfSSL 16:8e0d178b1d1e 46643 if (rsa) {
wolfSSL 16:8e0d178b1d1e 46644 XMEMSET(rsa, 0, sizeof(WOLFSSL_RSA));
wolfSSL 16:8e0d178b1d1e 46645 }
wolfSSL 16:8e0d178b1d1e 46646 }
wolfSSL 16:8e0d178b1d1e 46647
wolfSSL 16:8e0d178b1d1e 46648
wolfSSL 16:8e0d178b1d1e 46649 void wolfSSL_RSA_free(WOLFSSL_RSA* rsa)
wolfSSL 16:8e0d178b1d1e 46650 {
wolfSSL 16:8e0d178b1d1e 46651 WOLFSSL_ENTER("wolfSSL_RSA_free");
wolfSSL 16:8e0d178b1d1e 46652
wolfSSL 16:8e0d178b1d1e 46653 if (rsa) {
wolfSSL 16:8e0d178b1d1e 46654 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
wolfSSL 16:8e0d178b1d1e 46655 int doFree = 0;
wolfSSL 16:8e0d178b1d1e 46656 if (wc_LockMutex(&rsa->refMutex) != 0) {
wolfSSL 16:8e0d178b1d1e 46657 WOLFSSL_MSG("Couldn't lock rsa mutex");
wolfSSL 16:8e0d178b1d1e 46658 }
wolfSSL 16:8e0d178b1d1e 46659
wolfSSL 16:8e0d178b1d1e 46660 /* only free if all references to it are done */
wolfSSL 16:8e0d178b1d1e 46661 rsa->refCount--;
wolfSSL 16:8e0d178b1d1e 46662 if (rsa->refCount == 0) {
wolfSSL 16:8e0d178b1d1e 46663 doFree = 1;
wolfSSL 16:8e0d178b1d1e 46664 }
wolfSSL 16:8e0d178b1d1e 46665 wc_UnLockMutex(&rsa->refMutex);
wolfSSL 16:8e0d178b1d1e 46666
wolfSSL 16:8e0d178b1d1e 46667 if (!doFree) {
wolfSSL 16:8e0d178b1d1e 46668 return;
wolfSSL 16:8e0d178b1d1e 46669 }
wolfSSL 16:8e0d178b1d1e 46670
wolfSSL 16:8e0d178b1d1e 46671 wc_FreeMutex(&rsa->refMutex);
wolfSSL 16:8e0d178b1d1e 46672 #endif
wolfSSL 16:8e0d178b1d1e 46673
wolfSSL 16:8e0d178b1d1e 46674 if (rsa->internal) {
wolfSSL 16:8e0d178b1d1e 46675 #if !defined(HAVE_FIPS) && !defined(HAVE_USER_RSA) && \
wolfSSL 16:8e0d178b1d1e 46676 !defined(HAVE_FAST_RSA) && defined(WC_RSA_BLINDING)
wolfSSL 16:8e0d178b1d1e 46677 WC_RNG* rng;
wolfSSL 16:8e0d178b1d1e 46678
wolfSSL 16:8e0d178b1d1e 46679 /* check if RNG is owned before freeing it */
wolfSSL 16:8e0d178b1d1e 46680 if (rsa->ownRng) {
wolfSSL 16:8e0d178b1d1e 46681 rng = ((RsaKey*)rsa->internal)->rng;
wolfSSL 16:8e0d178b1d1e 46682 if (rng != NULL && rng != &globalRNG) {
wolfSSL 16:8e0d178b1d1e 46683 wc_FreeRng(rng);
wolfSSL 16:8e0d178b1d1e 46684 XFREE(rng, NULL, DYNAMIC_TYPE_RNG);
wolfSSL 16:8e0d178b1d1e 46685 }
wolfSSL 16:8e0d178b1d1e 46686 }
wolfSSL 16:8e0d178b1d1e 46687 #endif /* WC_RSA_BLINDING */
wolfSSL 16:8e0d178b1d1e 46688 wc_FreeRsaKey((RsaKey*)rsa->internal);
wolfSSL 16:8e0d178b1d1e 46689 XFREE(rsa->internal, NULL, DYNAMIC_TYPE_RSA);
wolfSSL 16:8e0d178b1d1e 46690 rsa->internal = NULL;
wolfSSL 16:8e0d178b1d1e 46691 }
wolfSSL 16:8e0d178b1d1e 46692 wolfSSL_BN_free(rsa->iqmp);
wolfSSL 16:8e0d178b1d1e 46693 wolfSSL_BN_free(rsa->dmq1);
wolfSSL 16:8e0d178b1d1e 46694 wolfSSL_BN_free(rsa->dmp1);
wolfSSL 16:8e0d178b1d1e 46695 wolfSSL_BN_free(rsa->q);
wolfSSL 16:8e0d178b1d1e 46696 wolfSSL_BN_free(rsa->p);
wolfSSL 16:8e0d178b1d1e 46697 wolfSSL_BN_free(rsa->d);
wolfSSL 16:8e0d178b1d1e 46698 wolfSSL_BN_free(rsa->e);
wolfSSL 16:8e0d178b1d1e 46699 wolfSSL_BN_free(rsa->n);
wolfSSL 16:8e0d178b1d1e 46700
wolfSSL 16:8e0d178b1d1e 46701 #ifdef WC_RSA_BLINDING
wolfSSL 16:8e0d178b1d1e 46702 if (rsa->rng && wc_FreeRng(rsa->rng) != 0) {
wolfSSL 16:8e0d178b1d1e 46703 WOLFSSL_MSG("Issue freeing rng");
wolfSSL 16:8e0d178b1d1e 46704 }
wolfSSL 16:8e0d178b1d1e 46705 XFREE(rsa->rng, NULL, DYNAMIC_TYPE_RNG);
wolfSSL 16:8e0d178b1d1e 46706 #endif
wolfSSL 16:8e0d178b1d1e 46707
wolfSSL 16:8e0d178b1d1e 46708 #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY)
wolfSSL 16:8e0d178b1d1e 46709 if (rsa->meth) {
wolfSSL 16:8e0d178b1d1e 46710 wolfSSL_RSA_meth_free(rsa->meth);
wolfSSL 16:8e0d178b1d1e 46711 }
wolfSSL 16:8e0d178b1d1e 46712 #endif
wolfSSL 16:8e0d178b1d1e 46713
wolfSSL 16:8e0d178b1d1e 46714 InitwolfSSL_Rsa(rsa); /* set back to NULLs for safety */
wolfSSL 16:8e0d178b1d1e 46715
wolfSSL 16:8e0d178b1d1e 46716 XFREE(rsa, NULL, DYNAMIC_TYPE_RSA);
wolfSSL 16:8e0d178b1d1e 46717
wolfSSL 16:8e0d178b1d1e 46718 /* rsa = NULL, don't try to access or double free it */
wolfSSL 16:8e0d178b1d1e 46719 }
wolfSSL 16:8e0d178b1d1e 46720 }
wolfSSL 16:8e0d178b1d1e 46721
wolfSSL 16:8e0d178b1d1e 46722 WOLFSSL_RSA* wolfSSL_RSA_new(void)
wolfSSL 16:8e0d178b1d1e 46723 {
wolfSSL 16:8e0d178b1d1e 46724 WOLFSSL_RSA* external;
wolfSSL 16:8e0d178b1d1e 46725 RsaKey* key;
wolfSSL 16:8e0d178b1d1e 46726
wolfSSL 16:8e0d178b1d1e 46727 WOLFSSL_ENTER("wolfSSL_RSA_new");
wolfSSL 16:8e0d178b1d1e 46728
wolfSSL 16:8e0d178b1d1e 46729 key = (RsaKey*) XMALLOC(sizeof(RsaKey), NULL, DYNAMIC_TYPE_RSA);
wolfSSL 16:8e0d178b1d1e 46730 if (key == NULL) {
wolfSSL 16:8e0d178b1d1e 46731 WOLFSSL_MSG("wolfSSL_RSA_new malloc RsaKey failure");
wolfSSL 16:8e0d178b1d1e 46732 return NULL;
wolfSSL 16:8e0d178b1d1e 46733 }
wolfSSL 16:8e0d178b1d1e 46734
wolfSSL 16:8e0d178b1d1e 46735 external = (WOLFSSL_RSA*) XMALLOC(sizeof(WOLFSSL_RSA), NULL,
wolfSSL 16:8e0d178b1d1e 46736 DYNAMIC_TYPE_RSA);
wolfSSL 16:8e0d178b1d1e 46737 if (external == NULL) {
wolfSSL 16:8e0d178b1d1e 46738 WOLFSSL_MSG("wolfSSL_RSA_new malloc WOLFSSL_RSA failure");
wolfSSL 16:8e0d178b1d1e 46739 XFREE(key, NULL, DYNAMIC_TYPE_RSA);
wolfSSL 16:8e0d178b1d1e 46740 return NULL;
wolfSSL 16:8e0d178b1d1e 46741 }
wolfSSL 16:8e0d178b1d1e 46742
wolfSSL 16:8e0d178b1d1e 46743 InitwolfSSL_Rsa(external);
wolfSSL 16:8e0d178b1d1e 46744 if (wc_InitRsaKey(key, NULL) != 0) {
wolfSSL 16:8e0d178b1d1e 46745 WOLFSSL_MSG("InitRsaKey WOLFSSL_RSA failure");
wolfSSL 16:8e0d178b1d1e 46746 XFREE(external, NULL, DYNAMIC_TYPE_RSA);
wolfSSL 16:8e0d178b1d1e 46747 XFREE(key, NULL, DYNAMIC_TYPE_RSA);
wolfSSL 16:8e0d178b1d1e 46748 return NULL;
wolfSSL 16:8e0d178b1d1e 46749 }
wolfSSL 16:8e0d178b1d1e 46750
wolfSSL 16:8e0d178b1d1e 46751 #if !defined(HAVE_FIPS) && !defined(HAVE_USER_RSA) && \
wolfSSL 16:8e0d178b1d1e 46752 !defined(HAVE_FAST_RSA) && defined(WC_RSA_BLINDING)
wolfSSL 16:8e0d178b1d1e 46753 {
wolfSSL 16:8e0d178b1d1e 46754 WC_RNG* rng;
wolfSSL 16:8e0d178b1d1e 46755
wolfSSL 16:8e0d178b1d1e 46756 rng = (WC_RNG*) XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG);
wolfSSL 16:8e0d178b1d1e 46757 if (rng != NULL && wc_InitRng(rng) != 0) {
wolfSSL 16:8e0d178b1d1e 46758 WOLFSSL_MSG("InitRng failure, attempting to use global RNG");
wolfSSL 16:8e0d178b1d1e 46759 XFREE(rng, NULL, DYNAMIC_TYPE_RNG);
wolfSSL 16:8e0d178b1d1e 46760 rng = NULL;
wolfSSL 16:8e0d178b1d1e 46761 }
wolfSSL 16:8e0d178b1d1e 46762
wolfSSL 16:8e0d178b1d1e 46763 external->ownRng = 1;
wolfSSL 16:8e0d178b1d1e 46764 if (rng == NULL && initGlobalRNG) {
wolfSSL 16:8e0d178b1d1e 46765 external->ownRng = 0;
wolfSSL 16:8e0d178b1d1e 46766 rng = &globalRNG;
wolfSSL 16:8e0d178b1d1e 46767 }
wolfSSL 16:8e0d178b1d1e 46768
wolfSSL 16:8e0d178b1d1e 46769 if (rng == NULL) {
wolfSSL 16:8e0d178b1d1e 46770 WOLFSSL_MSG("wolfSSL_RSA_new no WC_RNG for blinding");
wolfSSL 16:8e0d178b1d1e 46771 XFREE(external, NULL, DYNAMIC_TYPE_RSA);
wolfSSL 16:8e0d178b1d1e 46772 XFREE(key, NULL, DYNAMIC_TYPE_RSA);
wolfSSL 16:8e0d178b1d1e 46773 return NULL;
wolfSSL 16:8e0d178b1d1e 46774 }
wolfSSL 16:8e0d178b1d1e 46775
wolfSSL 16:8e0d178b1d1e 46776 wc_RsaSetRNG(key, rng);
wolfSSL 16:8e0d178b1d1e 46777 }
wolfSSL 16:8e0d178b1d1e 46778 #else
wolfSSL 16:8e0d178b1d1e 46779 XMEMSET(key, 0, sizeof(RsaKey));
wolfSSL 16:8e0d178b1d1e 46780 #endif /* WC_RSA_BLINDING */
wolfSSL 16:8e0d178b1d1e 46781
wolfSSL 16:8e0d178b1d1e 46782 external->internal = key;
wolfSSL 16:8e0d178b1d1e 46783 external->inSet = 0;
wolfSSL 16:8e0d178b1d1e 46784 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
wolfSSL 16:8e0d178b1d1e 46785 external->refCount = 1;
wolfSSL 16:8e0d178b1d1e 46786 wc_InitMutex(&external->refMutex);
wolfSSL 16:8e0d178b1d1e 46787 #endif
wolfSSL 16:8e0d178b1d1e 46788 return external;
wolfSSL 16:8e0d178b1d1e 46789 }
wolfSSL 16:8e0d178b1d1e 46790 #endif /* !NO_RSA && (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */
wolfSSL 16:8e0d178b1d1e 46791
wolfSSL 16:8e0d178b1d1e 46792 #if defined(OPENSSL_ALL) && defined(HAVE_PKCS7)
wolfSSL 16:8e0d178b1d1e 46793 PKCS7* wolfSSL_PKCS7_new(void)
wolfSSL 16:8e0d178b1d1e 46794 {
wolfSSL 16:8e0d178b1d1e 46795 WOLFSSL_PKCS7* pkcs7;
wolfSSL 16:8e0d178b1d1e 46796 int ret = 0;
wolfSSL 16:8e0d178b1d1e 46797
wolfSSL 16:8e0d178b1d1e 46798 pkcs7 = (WOLFSSL_PKCS7*)XMALLOC(sizeof(*pkcs7), NULL, DYNAMIC_TYPE_PKCS7);
wolfSSL 16:8e0d178b1d1e 46799 if (pkcs7 != NULL) {
wolfSSL 16:8e0d178b1d1e 46800 XMEMSET(pkcs7, 0, sizeof(*pkcs7));
wolfSSL 16:8e0d178b1d1e 46801 ret = wc_PKCS7_Init(&pkcs7->pkcs7, NULL, INVALID_DEVID);
wolfSSL 16:8e0d178b1d1e 46802 }
wolfSSL 16:8e0d178b1d1e 46803
wolfSSL 16:8e0d178b1d1e 46804 if (ret != 0 && pkcs7 != NULL)
wolfSSL 16:8e0d178b1d1e 46805 XFREE(pkcs7, NULL, DYNAMIC_TYPE_PKCS7);
wolfSSL 16:8e0d178b1d1e 46806
wolfSSL 16:8e0d178b1d1e 46807 return (PKCS7*)pkcs7;
wolfSSL 16:8e0d178b1d1e 46808 }
wolfSSL 16:8e0d178b1d1e 46809 /******************************************************************************
wolfSSL 16:8e0d178b1d1e 46810 * wolfSSL_PKCS7_SIGNED_new - allocates PKCS7 and initialize it for a signed data
wolfSSL 16:8e0d178b1d1e 46811 *
wolfSSL 16:8e0d178b1d1e 46812 * RETURNS:
wolfSSL 16:8e0d178b1d1e 46813 * returns pointer to the PKCS7 structure on success, otherwise returns NULL
wolfSSL 16:8e0d178b1d1e 46814 */
wolfSSL 16:8e0d178b1d1e 46815 PKCS7_SIGNED* wolfSSL_PKCS7_SIGNED_new(void)
wolfSSL 16:8e0d178b1d1e 46816 {
wolfSSL 16:8e0d178b1d1e 46817 byte signedData[]= { 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x02};
wolfSSL 16:8e0d178b1d1e 46818 PKCS7* pkcs7 = NULL;
wolfSSL 16:8e0d178b1d1e 46819
wolfSSL 16:8e0d178b1d1e 46820 if ((pkcs7 = wolfSSL_PKCS7_new()) == NULL)
wolfSSL 16:8e0d178b1d1e 46821 return NULL;
wolfSSL 16:8e0d178b1d1e 46822 pkcs7->contentOID = SIGNED_DATA;
wolfSSL 16:8e0d178b1d1e 46823 if ((wc_PKCS7_SetContentType(pkcs7, signedData, sizeof(signedData))) < 0) {
wolfSSL 16:8e0d178b1d1e 46824 if (pkcs7) {
wolfSSL 16:8e0d178b1d1e 46825 wolfSSL_PKCS7_free(pkcs7);
wolfSSL 16:8e0d178b1d1e 46826 return NULL;
wolfSSL 16:8e0d178b1d1e 46827 }
wolfSSL 16:8e0d178b1d1e 46828 }
wolfSSL 16:8e0d178b1d1e 46829 return pkcs7;
wolfSSL 16:8e0d178b1d1e 46830 }
wolfSSL 16:8e0d178b1d1e 46831
wolfSSL 16:8e0d178b1d1e 46832 void wolfSSL_PKCS7_free(PKCS7* pkcs7)
wolfSSL 16:8e0d178b1d1e 46833 {
wolfSSL 16:8e0d178b1d1e 46834 WOLFSSL_PKCS7* p7 = (WOLFSSL_PKCS7*)pkcs7;
wolfSSL 16:8e0d178b1d1e 46835
wolfSSL 16:8e0d178b1d1e 46836 if (p7 != NULL) {
wolfSSL 16:8e0d178b1d1e 46837 if (p7->data != NULL)
wolfSSL 16:8e0d178b1d1e 46838 XFREE(p7->data, NULL, DYNAMIC_TYPE_PKCS7);
wolfSSL 16:8e0d178b1d1e 46839 wc_PKCS7_Free(&p7->pkcs7);
wolfSSL 16:8e0d178b1d1e 46840 XFREE(p7, NULL, DYNAMIC_TYPE_PKCS7);
wolfSSL 16:8e0d178b1d1e 46841 }
wolfSSL 16:8e0d178b1d1e 46842 }
wolfSSL 16:8e0d178b1d1e 46843 void wolfSSL_PKCS7_SIGNED_free(PKCS7_SIGNED* p7)
wolfSSL 16:8e0d178b1d1e 46844 {
wolfSSL 16:8e0d178b1d1e 46845 wolfSSL_PKCS7_free(p7);
wolfSSL 16:8e0d178b1d1e 46846 return;
wolfSSL 16:8e0d178b1d1e 46847 }
wolfSSL 16:8e0d178b1d1e 46848 PKCS7* wolfSSL_d2i_PKCS7(PKCS7** p7, const unsigned char** in, int len)
wolfSSL 16:8e0d178b1d1e 46849 {
wolfSSL 16:8e0d178b1d1e 46850 WOLFSSL_PKCS7* pkcs7 = NULL;
wolfSSL 16:8e0d178b1d1e 46851 word32 idx = 0;
wolfSSL 16:8e0d178b1d1e 46852
wolfSSL 16:8e0d178b1d1e 46853 if (in == NULL)
wolfSSL 16:8e0d178b1d1e 46854 return NULL;
wolfSSL 16:8e0d178b1d1e 46855
wolfSSL 16:8e0d178b1d1e 46856 if ((pkcs7 = (WOLFSSL_PKCS7*)wolfSSL_PKCS7_new()) == NULL)
wolfSSL 16:8e0d178b1d1e 46857 return NULL;
wolfSSL 16:8e0d178b1d1e 46858
wolfSSL 16:8e0d178b1d1e 46859 if (GetSequence(*in, &idx, &pkcs7->len, len) < 0) {
wolfSSL 16:8e0d178b1d1e 46860 wolfSSL_PKCS7_free((PKCS7*)pkcs7);
wolfSSL 16:8e0d178b1d1e 46861 return NULL;
wolfSSL 16:8e0d178b1d1e 46862 }
wolfSSL 16:8e0d178b1d1e 46863 pkcs7->len += idx;
wolfSSL 16:8e0d178b1d1e 46864
wolfSSL 16:8e0d178b1d1e 46865 pkcs7->data = (byte*)XMALLOC(pkcs7->len, NULL, DYNAMIC_TYPE_PKCS7);
wolfSSL 16:8e0d178b1d1e 46866 if (pkcs7->data == NULL) {
wolfSSL 16:8e0d178b1d1e 46867 wolfSSL_PKCS7_free((PKCS7*)pkcs7);
wolfSSL 16:8e0d178b1d1e 46868 return NULL;
wolfSSL 16:8e0d178b1d1e 46869 }
wolfSSL 16:8e0d178b1d1e 46870 XMEMCPY(pkcs7->data, *in, pkcs7->len);
wolfSSL 16:8e0d178b1d1e 46871 *in += pkcs7->len;
wolfSSL 16:8e0d178b1d1e 46872
wolfSSL 16:8e0d178b1d1e 46873 if (p7 != NULL)
wolfSSL 16:8e0d178b1d1e 46874 *p7 = (PKCS7*)pkcs7;
wolfSSL 16:8e0d178b1d1e 46875 return (PKCS7*)pkcs7;
wolfSSL 16:8e0d178b1d1e 46876 }
wolfSSL 16:8e0d178b1d1e 46877
wolfSSL 16:8e0d178b1d1e 46878 PKCS7* wolfSSL_d2i_PKCS7_bio(WOLFSSL_BIO* bio, PKCS7** p7)
wolfSSL 16:8e0d178b1d1e 46879 {
wolfSSL 16:8e0d178b1d1e 46880 WOLFSSL_PKCS7* pkcs7;
wolfSSL 16:8e0d178b1d1e 46881
wolfSSL 16:8e0d178b1d1e 46882 if (bio == NULL)
wolfSSL 16:8e0d178b1d1e 46883 return NULL;
wolfSSL 16:8e0d178b1d1e 46884
wolfSSL 16:8e0d178b1d1e 46885 if ((pkcs7 = (WOLFSSL_PKCS7*)wolfSSL_PKCS7_new()) == NULL)
wolfSSL 16:8e0d178b1d1e 46886 return NULL;
wolfSSL 16:8e0d178b1d1e 46887
wolfSSL 16:8e0d178b1d1e 46888 pkcs7->len = wolfSSL_BIO_pending(bio);
wolfSSL 16:8e0d178b1d1e 46889 pkcs7->data = (byte*)XMALLOC(pkcs7->len, NULL, DYNAMIC_TYPE_PKCS7);
wolfSSL 16:8e0d178b1d1e 46890 if (pkcs7->data == NULL) {
wolfSSL 16:8e0d178b1d1e 46891 wolfSSL_PKCS7_free((PKCS7*)pkcs7);
wolfSSL 16:8e0d178b1d1e 46892 return NULL;
wolfSSL 16:8e0d178b1d1e 46893 }
wolfSSL 16:8e0d178b1d1e 46894
wolfSSL 16:8e0d178b1d1e 46895 if (wolfSSL_BIO_read(bio, pkcs7->data, pkcs7->len) != pkcs7->len) {
wolfSSL 16:8e0d178b1d1e 46896 wolfSSL_PKCS7_free((PKCS7*)pkcs7);
wolfSSL 16:8e0d178b1d1e 46897 return NULL;
wolfSSL 16:8e0d178b1d1e 46898 }
wolfSSL 16:8e0d178b1d1e 46899
wolfSSL 16:8e0d178b1d1e 46900 if (p7 != NULL)
wolfSSL 16:8e0d178b1d1e 46901 *p7 = (PKCS7*)pkcs7;
wolfSSL 16:8e0d178b1d1e 46902 return (PKCS7*)pkcs7;
wolfSSL 16:8e0d178b1d1e 46903 }
wolfSSL 16:8e0d178b1d1e 46904
wolfSSL 16:8e0d178b1d1e 46905 int wolfSSL_PKCS7_verify(PKCS7* pkcs7, WOLFSSL_STACK* certs,
wolfSSL 16:8e0d178b1d1e 46906 WOLFSSL_X509_STORE* store, WOLFSSL_BIO* in,
wolfSSL 16:8e0d178b1d1e 46907 WOLFSSL_BIO* out, int flags)
wolfSSL 16:8e0d178b1d1e 46908 {
wolfSSL 16:8e0d178b1d1e 46909 int ret = 0;
wolfSSL 16:8e0d178b1d1e 46910 unsigned char* mem = NULL;
wolfSSL 16:8e0d178b1d1e 46911 int memSz = 0;
wolfSSL 16:8e0d178b1d1e 46912 WOLFSSL_PKCS7* p7 = (WOLFSSL_PKCS7*)pkcs7;
wolfSSL 16:8e0d178b1d1e 46913
wolfSSL 16:8e0d178b1d1e 46914 if (pkcs7 == NULL)
wolfSSL 16:8e0d178b1d1e 46915 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 46916
wolfSSL 16:8e0d178b1d1e 46917 if (in != NULL) {
wolfSSL 16:8e0d178b1d1e 46918 if ((memSz = wolfSSL_BIO_get_mem_data(in, &mem)) < 0)
wolfSSL 16:8e0d178b1d1e 46919 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 46920
wolfSSL 16:8e0d178b1d1e 46921 p7->pkcs7.content = mem;
wolfSSL 16:8e0d178b1d1e 46922 p7->pkcs7.contentSz = memSz;
wolfSSL 16:8e0d178b1d1e 46923 }
wolfSSL 16:8e0d178b1d1e 46924
wolfSSL 16:8e0d178b1d1e 46925 /* certs is the list of certificates to find the cert with issuer/serial. */
wolfSSL 16:8e0d178b1d1e 46926 (void)certs;
wolfSSL 16:8e0d178b1d1e 46927 /* store is the certificate store to use to verify signer certificate
wolfSSL 16:8e0d178b1d1e 46928 * associated with the signers.
wolfSSL 16:8e0d178b1d1e 46929 */
wolfSSL 16:8e0d178b1d1e 46930 (void)store;
wolfSSL 16:8e0d178b1d1e 46931
wolfSSL 16:8e0d178b1d1e 46932 ret = wc_PKCS7_VerifySignedData_ex(&p7->pkcs7, NULL, 0, p7->data, p7->len,
wolfSSL 16:8e0d178b1d1e 46933 NULL, 0);
wolfSSL 16:8e0d178b1d1e 46934 if (ret != 0)
wolfSSL 16:8e0d178b1d1e 46935 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 46936
wolfSSL 16:8e0d178b1d1e 46937 if ((flags & PKCS7_NOVERIFY) != PKCS7_NOVERIFY) {
wolfSSL 16:8e0d178b1d1e 46938 /* All signer certificates are verified. */
wolfSSL 16:8e0d178b1d1e 46939 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 46940 }
wolfSSL 16:8e0d178b1d1e 46941
wolfSSL 16:8e0d178b1d1e 46942 if (out != NULL)
wolfSSL 16:8e0d178b1d1e 46943 wolfSSL_BIO_write(out, p7->pkcs7.content, p7->pkcs7.contentSz);
wolfSSL 16:8e0d178b1d1e 46944
wolfSSL 16:8e0d178b1d1e 46945 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 46946 }
wolfSSL 16:8e0d178b1d1e 46947
wolfSSL 16:8e0d178b1d1e 46948 WOLFSSL_STACK* wolfSSL_PKCS7_get0_signers(PKCS7* pkcs7, WOLFSSL_STACK* certs,
wolfSSL 16:8e0d178b1d1e 46949 int flags)
wolfSSL 16:8e0d178b1d1e 46950 {
wolfSSL 16:8e0d178b1d1e 46951 WOLFSSL_STACK* signers = NULL;
wolfSSL 16:8e0d178b1d1e 46952 WOLFSSL_PKCS7* p7 = (WOLFSSL_PKCS7*)pkcs7;
wolfSSL 16:8e0d178b1d1e 46953
wolfSSL 16:8e0d178b1d1e 46954 if (p7 == NULL)
wolfSSL 16:8e0d178b1d1e 46955 return NULL;
wolfSSL 16:8e0d178b1d1e 46956 /* Only PKCS#7 messages with a single cert that is the verifying certificate
wolfSSL 16:8e0d178b1d1e 46957 * is supported.
wolfSSL 16:8e0d178b1d1e 46958 */
wolfSSL 16:8e0d178b1d1e 46959 if ((flags | PKCS7_NOINTERN) == PKCS7_NOINTERN)
wolfSSL 16:8e0d178b1d1e 46960 return NULL;
wolfSSL 16:8e0d178b1d1e 46961
wolfSSL 16:8e0d178b1d1e 46962 signers = (WOLFSSL_STACK*)XMALLOC(sizeof(WOLFSSL_STACK), NULL,
wolfSSL 16:8e0d178b1d1e 46963 DYNAMIC_TYPE_X509);
wolfSSL 16:8e0d178b1d1e 46964 if (signers == NULL)
wolfSSL 16:8e0d178b1d1e 46965 return NULL;
wolfSSL 16:8e0d178b1d1e 46966
wolfSSL 16:8e0d178b1d1e 46967 signers->num = 1;
wolfSSL 16:8e0d178b1d1e 46968 signers->data.x509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), NULL,
wolfSSL 16:8e0d178b1d1e 46969 DYNAMIC_TYPE_X509);
wolfSSL 16:8e0d178b1d1e 46970 if (signers->data.x509 == NULL) {
wolfSSL 16:8e0d178b1d1e 46971 XFREE(signers, NULL, DYNAMIC_TYPE_X509);
wolfSSL 16:8e0d178b1d1e 46972 return NULL;
wolfSSL 16:8e0d178b1d1e 46973 }
wolfSSL 16:8e0d178b1d1e 46974
wolfSSL 16:8e0d178b1d1e 46975 if (DecodeToX509(signers->data.x509, p7->pkcs7.singleCert,
wolfSSL 16:8e0d178b1d1e 46976 p7->pkcs7.singleCertSz) != 0) {
wolfSSL 16:8e0d178b1d1e 46977 XFREE(signers->data.x509, NULL, DYNAMIC_TYPE_X509);
wolfSSL 16:8e0d178b1d1e 46978 XFREE(signers, NULL, DYNAMIC_TYPE_X509);
wolfSSL 16:8e0d178b1d1e 46979 return NULL;
wolfSSL 16:8e0d178b1d1e 46980 }
wolfSSL 16:8e0d178b1d1e 46981
wolfSSL 16:8e0d178b1d1e 46982 (void)certs;
wolfSSL 16:8e0d178b1d1e 46983
wolfSSL 16:8e0d178b1d1e 46984 return signers;
wolfSSL 16:8e0d178b1d1e 46985 }
wolfSSL 16:8e0d178b1d1e 46986
wolfSSL 16:8e0d178b1d1e 46987 /******************************************************************************
wolfSSL 16:8e0d178b1d1e 46988 * wolfSSL_PEM_write_bio_PKCS7 - writes the PKCS7 data to BIO
wolfSSL 16:8e0d178b1d1e 46989 *
wolfSSL 16:8e0d178b1d1e 46990 * RETURNS:
wolfSSL 16:8e0d178b1d1e 46991 * returns WOLFSSL_SUCCESS on success, otherwise returns WOLFSSL_FAILURE
wolfSSL 16:8e0d178b1d1e 46992 */
wolfSSL 16:8e0d178b1d1e 46993
wolfSSL 16:8e0d178b1d1e 46994 int wolfSSL_PEM_write_bio_PKCS7(WOLFSSL_BIO* bio, PKCS7* p7)
wolfSSL 16:8e0d178b1d1e 46995 {
wolfSSL 16:8e0d178b1d1e 46996 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 16:8e0d178b1d1e 46997 byte* outputHead;
wolfSSL 16:8e0d178b1d1e 46998 byte* outputFoot;
wolfSSL 16:8e0d178b1d1e 46999 #else
wolfSSL 16:8e0d178b1d1e 47000 byte outputHead[2048];
wolfSSL 16:8e0d178b1d1e 47001 byte outputFoot[2048];
wolfSSL 16:8e0d178b1d1e 47002 #endif
wolfSSL 16:8e0d178b1d1e 47003 word32 outputHeadSz = 2048;
wolfSSL 16:8e0d178b1d1e 47004 word32 outputFootSz = 2048;
wolfSSL 16:8e0d178b1d1e 47005 word32 outputSz = 0;
wolfSSL 16:8e0d178b1d1e 47006 byte* output = NULL;
wolfSSL 16:8e0d178b1d1e 47007 byte* pem = NULL;
wolfSSL 16:8e0d178b1d1e 47008 int pemSz = -1;
wolfSSL 16:8e0d178b1d1e 47009 enum wc_HashType hashType;
wolfSSL 16:8e0d178b1d1e 47010 byte hashBuf[WC_MAX_DIGEST_SIZE];
wolfSSL 16:8e0d178b1d1e 47011 word32 hashSz = -1;
wolfSSL 16:8e0d178b1d1e 47012
wolfSSL 16:8e0d178b1d1e 47013 WOLFSSL_ENTER("wolfSSL_PEM_write_bio_PKCS7()");
wolfSSL 16:8e0d178b1d1e 47014
wolfSSL 16:8e0d178b1d1e 47015 if (bio == NULL || p7 == NULL)
wolfSSL 16:8e0d178b1d1e 47016 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 47017
wolfSSL 16:8e0d178b1d1e 47018 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 16:8e0d178b1d1e 47019 outputHead = (byte*)XMALLOC(outputHeadSz, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 47020 if (outputHead == NULL)
wolfSSL 16:8e0d178b1d1e 47021 return MEMORY_E;
wolfSSL 16:8e0d178b1d1e 47022
wolfSSL 16:8e0d178b1d1e 47023 outputFoot = (byte*)XMALLOC(outputFootSz, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 47024 if (outputFoot == NULL)
wolfSSL 16:8e0d178b1d1e 47025 goto error;
wolfSSL 16:8e0d178b1d1e 47026
wolfSSL 16:8e0d178b1d1e 47027 #endif
wolfSSL 16:8e0d178b1d1e 47028
wolfSSL 16:8e0d178b1d1e 47029 XMEMSET(hashBuf, 0, WC_MAX_DIGEST_SIZE);
wolfSSL 16:8e0d178b1d1e 47030 XMEMSET(outputHead, 0, outputHeadSz);
wolfSSL 16:8e0d178b1d1e 47031 XMEMSET(outputFoot, 0, outputFootSz);
wolfSSL 16:8e0d178b1d1e 47032
wolfSSL 16:8e0d178b1d1e 47033 hashType = wc_OidGetHash(p7->hashOID);
wolfSSL 16:8e0d178b1d1e 47034 hashSz = wc_HashGetDigestSize(hashType);
wolfSSL 16:8e0d178b1d1e 47035 if (hashSz > WC_MAX_DIGEST_SIZE)
wolfSSL 16:8e0d178b1d1e 47036 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 47037
wolfSSL 16:8e0d178b1d1e 47038 /* only SIGNED_DATA is supported */
wolfSSL 16:8e0d178b1d1e 47039 switch (p7->contentOID) {
wolfSSL 16:8e0d178b1d1e 47040 case SIGNED_DATA:
wolfSSL 16:8e0d178b1d1e 47041 break;
wolfSSL 16:8e0d178b1d1e 47042 default:
wolfSSL 16:8e0d178b1d1e 47043 WOLFSSL_MSG("Unknown PKCS#7 Type");
wolfSSL 16:8e0d178b1d1e 47044 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 47045 };
wolfSSL 16:8e0d178b1d1e 47046
wolfSSL 16:8e0d178b1d1e 47047 if ((wc_PKCS7_EncodeSignedData_ex(p7, hashBuf, hashSz,
wolfSSL 16:8e0d178b1d1e 47048 outputHead, &outputHeadSz, outputFoot, &outputFootSz)) != 0)
wolfSSL 16:8e0d178b1d1e 47049 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 47050
wolfSSL 16:8e0d178b1d1e 47051 outputSz = outputHeadSz + p7->contentSz + outputFootSz;
wolfSSL 16:8e0d178b1d1e 47052 output = (byte*)XMALLOC(outputSz, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 47053
wolfSSL 16:8e0d178b1d1e 47054 if (!output)
wolfSSL 16:8e0d178b1d1e 47055 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 47056
wolfSSL 16:8e0d178b1d1e 47057 XMEMSET(output, 0, outputSz);
wolfSSL 16:8e0d178b1d1e 47058 outputSz = 0;
wolfSSL 16:8e0d178b1d1e 47059 XMEMCPY(&output[outputSz], outputHead, outputHeadSz);
wolfSSL 16:8e0d178b1d1e 47060 outputSz += outputHeadSz;
wolfSSL 16:8e0d178b1d1e 47061 XMEMCPY(&output[outputSz], p7->content, p7->contentSz);
wolfSSL 16:8e0d178b1d1e 47062 outputSz += p7->contentSz;
wolfSSL 16:8e0d178b1d1e 47063 XMEMCPY(&output[outputSz], outputFoot, outputFootSz);
wolfSSL 16:8e0d178b1d1e 47064 outputSz += outputFootSz;
wolfSSL 16:8e0d178b1d1e 47065
wolfSSL 16:8e0d178b1d1e 47066 /* get PEM size */
wolfSSL 16:8e0d178b1d1e 47067 pemSz = wc_DerToPemEx(output, outputSz, NULL, 0, NULL, CERT_TYPE);
wolfSSL 16:8e0d178b1d1e 47068 if (pemSz < 0)
wolfSSL 16:8e0d178b1d1e 47069 goto error;
wolfSSL 16:8e0d178b1d1e 47070
wolfSSL 16:8e0d178b1d1e 47071 pemSz++; /* for '\0'*/
wolfSSL 16:8e0d178b1d1e 47072
wolfSSL 16:8e0d178b1d1e 47073 /* create PEM buffer and convert from DER to PEM*/
wolfSSL 16:8e0d178b1d1e 47074 if ((pem = (byte*)XMALLOC(pemSz, bio->heap, DYNAMIC_TYPE_TMP_BUFFER)) == NULL)
wolfSSL 16:8e0d178b1d1e 47075 goto error;
wolfSSL 16:8e0d178b1d1e 47076
wolfSSL 16:8e0d178b1d1e 47077 XMEMSET(pem, 0, pemSz);
wolfSSL 16:8e0d178b1d1e 47078
wolfSSL 16:8e0d178b1d1e 47079 if (wc_DerToPemEx(output, outputSz, pem, pemSz, NULL, CERT_TYPE) < 0) {
wolfSSL 16:8e0d178b1d1e 47080 goto error;
wolfSSL 16:8e0d178b1d1e 47081 }
wolfSSL 16:8e0d178b1d1e 47082 if ((wolfSSL_BIO_write(bio, pem, pemSz) == pemSz)) {
wolfSSL 16:8e0d178b1d1e 47083 XFREE(output, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 47084 XFREE(pem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 47085 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 16:8e0d178b1d1e 47086 XFREE(outputHead, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 47087 XFREE(outputFoot, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 47088 #endif
wolfSSL 16:8e0d178b1d1e 47089 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 47090 }
wolfSSL 16:8e0d178b1d1e 47091
wolfSSL 16:8e0d178b1d1e 47092 error:
wolfSSL 16:8e0d178b1d1e 47093 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 16:8e0d178b1d1e 47094 if (outputHead) {
wolfSSL 16:8e0d178b1d1e 47095 XFREE(outputHead, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 47096 }
wolfSSL 16:8e0d178b1d1e 47097 if (outputFoot) {
wolfSSL 16:8e0d178b1d1e 47098 XFREE(outputFoot, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 47099 }
wolfSSL 16:8e0d178b1d1e 47100 #endif
wolfSSL 16:8e0d178b1d1e 47101 if (output) {
wolfSSL 16:8e0d178b1d1e 47102 XFREE(output, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 47103 }
wolfSSL 16:8e0d178b1d1e 47104 if (pem) {
wolfSSL 16:8e0d178b1d1e 47105 XFREE(pem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 47106 }
wolfSSL 16:8e0d178b1d1e 47107 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 47108 }
wolfSSL 16:8e0d178b1d1e 47109 #endif /* OPENSSL_ALL && HAVE_PKCS7 */
wolfSSL 16:8e0d178b1d1e 47110
wolfSSL 16:8e0d178b1d1e 47111 #if defined(OPENSSL_EXTRA)
wolfSSL 16:8e0d178b1d1e 47112 WOLFSSL_STACK* wolfSSL_sk_X509_new(void)
wolfSSL 16:8e0d178b1d1e 47113 {
wolfSSL 16:8e0d178b1d1e 47114 WOLFSSL_STACK* s = (WOLFSSL_STACK*)XMALLOC(sizeof(WOLFSSL_STACK), NULL,
wolfSSL 16:8e0d178b1d1e 47115 DYNAMIC_TYPE_X509);
wolfSSL 16:8e0d178b1d1e 47116 if (s != NULL) {
wolfSSL 16:8e0d178b1d1e 47117 XMEMSET(s, 0, sizeof(*s));
wolfSSL 16:8e0d178b1d1e 47118 s->type = STACK_TYPE_X509;
wolfSSL 16:8e0d178b1d1e 47119 }
wolfSSL 16:8e0d178b1d1e 47120
wolfSSL 16:8e0d178b1d1e 47121 return s;
wolfSSL 16:8e0d178b1d1e 47122 }
wolfSSL 16:8e0d178b1d1e 47123 #endif
wolfSSL 16:8e0d178b1d1e 47124
wolfSSL 16:8e0d178b1d1e 47125 #ifdef OPENSSL_ALL
wolfSSL 16:8e0d178b1d1e 47126 int wolfSSL_PEM_write_bio_PKCS8PrivateKey(WOLFSSL_BIO* bio,
wolfSSL 16:8e0d178b1d1e 47127 WOLFSSL_EVP_PKEY* pkey,
wolfSSL 16:8e0d178b1d1e 47128 const WOLFSSL_EVP_CIPHER* enc,
wolfSSL 16:8e0d178b1d1e 47129 char* passwd, int passwdSz,
wolfSSL 16:8e0d178b1d1e 47130 pem_password_cb* cb, void* ctx)
wolfSSL 16:8e0d178b1d1e 47131 {
wolfSSL 16:8e0d178b1d1e 47132 int ret = 0;
wolfSSL 16:8e0d178b1d1e 47133 char password[NAME_SZ];
wolfSSL 16:8e0d178b1d1e 47134 byte* key = NULL;
wolfSSL 16:8e0d178b1d1e 47135 word32 keySz;
wolfSSL 16:8e0d178b1d1e 47136 byte* pem = NULL;
wolfSSL 16:8e0d178b1d1e 47137 int pemSz;
wolfSSL 16:8e0d178b1d1e 47138 int type = PKCS8_PRIVATEKEY_TYPE;
wolfSSL 16:8e0d178b1d1e 47139 int algId;
wolfSSL 16:8e0d178b1d1e 47140 const byte* curveOid;
wolfSSL 16:8e0d178b1d1e 47141 word32 oidSz;
wolfSSL 16:8e0d178b1d1e 47142 int encAlgId;
wolfSSL 16:8e0d178b1d1e 47143
wolfSSL 16:8e0d178b1d1e 47144 if (bio == NULL || pkey == NULL)
wolfSSL 16:8e0d178b1d1e 47145 return -1;
wolfSSL 16:8e0d178b1d1e 47146
wolfSSL 16:8e0d178b1d1e 47147 keySz = pkey->pkey_sz + 128;
wolfSSL 16:8e0d178b1d1e 47148 key = (byte*)XMALLOC(keySz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 47149 if (key == NULL)
wolfSSL 16:8e0d178b1d1e 47150 ret = MEMORY_E;
wolfSSL 16:8e0d178b1d1e 47151
wolfSSL 16:8e0d178b1d1e 47152 if (ret == 0 && enc != NULL && passwd == NULL) {
wolfSSL 16:8e0d178b1d1e 47153 passwdSz = cb(password, sizeof(password), 1, ctx);
wolfSSL 16:8e0d178b1d1e 47154 if (passwdSz < 0)
wolfSSL 16:8e0d178b1d1e 47155 ret = WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 47156 passwd = password;
wolfSSL 16:8e0d178b1d1e 47157 }
wolfSSL 16:8e0d178b1d1e 47158
wolfSSL 16:8e0d178b1d1e 47159 if (ret == 0 && enc != NULL) {
wolfSSL 16:8e0d178b1d1e 47160 WC_RNG rng;
wolfSSL 16:8e0d178b1d1e 47161 ret = wc_InitRng(&rng);
wolfSSL 16:8e0d178b1d1e 47162 if (ret == 0) {
wolfSSL 16:8e0d178b1d1e 47163 #ifndef NO_DES3
wolfSSL 16:8e0d178b1d1e 47164 if (enc == EVP_DES_CBC)
wolfSSL 16:8e0d178b1d1e 47165 encAlgId = DESb;
wolfSSL 16:8e0d178b1d1e 47166 else if (enc == EVP_DES_EDE3_CBC)
wolfSSL 16:8e0d178b1d1e 47167 encAlgId = DES3b;
wolfSSL 16:8e0d178b1d1e 47168 else
wolfSSL 16:8e0d178b1d1e 47169 #endif
wolfSSL 16:8e0d178b1d1e 47170 #if !defined(NO_AES) && defined(HAVE_AES_CBC)
wolfSSL 16:8e0d178b1d1e 47171 #ifdef WOLFSSL_AES_256
wolfSSL 16:8e0d178b1d1e 47172 if (enc == EVP_AES_256_CBC)
wolfSSL 16:8e0d178b1d1e 47173 encAlgId = AES256CBCb;
wolfSSL 16:8e0d178b1d1e 47174 else
wolfSSL 16:8e0d178b1d1e 47175 #endif
wolfSSL 16:8e0d178b1d1e 47176 #endif
wolfSSL 16:8e0d178b1d1e 47177 ret = -1;
wolfSSL 16:8e0d178b1d1e 47178 if (ret == 0) {
wolfSSL 16:8e0d178b1d1e 47179 ret = TraditionalEnc((byte*)pkey->pkey.ptr, pkey->pkey_sz, key,
wolfSSL 16:8e0d178b1d1e 47180 &keySz, passwd, passwdSz, PKCS5, PBES2,
wolfSSL 16:8e0d178b1d1e 47181 encAlgId, NULL, 0, WC_PKCS12_ITT_DEFAULT,
wolfSSL 16:8e0d178b1d1e 47182 &rng, NULL);
wolfSSL 16:8e0d178b1d1e 47183 if (ret > 0) {
wolfSSL 16:8e0d178b1d1e 47184 keySz = ret;
wolfSSL 16:8e0d178b1d1e 47185 ret = 0;
wolfSSL 16:8e0d178b1d1e 47186 }
wolfSSL 16:8e0d178b1d1e 47187 }
wolfSSL 16:8e0d178b1d1e 47188 wc_FreeRng(&rng);
wolfSSL 16:8e0d178b1d1e 47189 }
wolfSSL 16:8e0d178b1d1e 47190 type = PKCS8_ENC_PRIVATEKEY_TYPE;
wolfSSL 16:8e0d178b1d1e 47191 }
wolfSSL 16:8e0d178b1d1e 47192 if (ret == 0 && enc == NULL) {
wolfSSL 16:8e0d178b1d1e 47193 type = PKCS8_PRIVATEKEY_TYPE;
wolfSSL 16:8e0d178b1d1e 47194 if (pkey->type == EVP_PKEY_EC) {
wolfSSL 16:8e0d178b1d1e 47195 algId = ECDSAk;
wolfSSL 16:8e0d178b1d1e 47196 ret = wc_ecc_get_oid(pkey->ecc->group->curve_oid, &curveOid,
wolfSSL 16:8e0d178b1d1e 47197 &oidSz);
wolfSSL 16:8e0d178b1d1e 47198 }
wolfSSL 16:8e0d178b1d1e 47199 else {
wolfSSL 16:8e0d178b1d1e 47200 algId = RSAk;
wolfSSL 16:8e0d178b1d1e 47201 curveOid = NULL;
wolfSSL 16:8e0d178b1d1e 47202 oidSz = 0;
wolfSSL 16:8e0d178b1d1e 47203 }
wolfSSL 16:8e0d178b1d1e 47204
wolfSSL 16:8e0d178b1d1e 47205 if (ret >= 0) {
wolfSSL 16:8e0d178b1d1e 47206 ret = wc_CreatePKCS8Key(key, &keySz, (byte*)pkey->pkey.ptr,
wolfSSL 16:8e0d178b1d1e 47207 pkey->pkey_sz, algId, curveOid, oidSz);
wolfSSL 16:8e0d178b1d1e 47208 keySz = ret;
wolfSSL 16:8e0d178b1d1e 47209 }
wolfSSL 16:8e0d178b1d1e 47210 }
wolfSSL 16:8e0d178b1d1e 47211
wolfSSL 16:8e0d178b1d1e 47212 if (password == passwd)
wolfSSL 16:8e0d178b1d1e 47213 XMEMSET(password, 0, passwdSz);
wolfSSL 16:8e0d178b1d1e 47214
wolfSSL 16:8e0d178b1d1e 47215 if (ret >= 0) {
wolfSSL 16:8e0d178b1d1e 47216 pemSz = 2 * keySz + 2 * 64;
wolfSSL 16:8e0d178b1d1e 47217 pem = (byte*)XMALLOC(pemSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 47218 if (pem == NULL)
wolfSSL 16:8e0d178b1d1e 47219 ret = MEMORY_E;
wolfSSL 16:8e0d178b1d1e 47220 }
wolfSSL 16:8e0d178b1d1e 47221
wolfSSL 16:8e0d178b1d1e 47222 if (ret >= 0)
wolfSSL 16:8e0d178b1d1e 47223 ret = wc_DerToPemEx(key, keySz, pem, pemSz, NULL, type);
wolfSSL 16:8e0d178b1d1e 47224
wolfSSL 16:8e0d178b1d1e 47225 if (key != NULL)
wolfSSL 16:8e0d178b1d1e 47226 XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 47227
wolfSSL 16:8e0d178b1d1e 47228 if (ret >= 0) {
wolfSSL 16:8e0d178b1d1e 47229 if (wolfSSL_BIO_write(bio, pem, ret) != ret)
wolfSSL 16:8e0d178b1d1e 47230 ret = -1;
wolfSSL 16:8e0d178b1d1e 47231 }
wolfSSL 16:8e0d178b1d1e 47232
wolfSSL 16:8e0d178b1d1e 47233 if (pem != NULL)
wolfSSL 16:8e0d178b1d1e 47234 XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 16:8e0d178b1d1e 47235
wolfSSL 16:8e0d178b1d1e 47236 return ret < 0 ? 0 : ret;
wolfSSL 16:8e0d178b1d1e 47237
wolfSSL 16:8e0d178b1d1e 47238 }
wolfSSL 16:8e0d178b1d1e 47239
wolfSSL 16:8e0d178b1d1e 47240 static int bio_get_data(WOLFSSL_BIO* bio, byte** data)
wolfSSL 16:8e0d178b1d1e 47241 {
wolfSSL 16:8e0d178b1d1e 47242 int ret = 0;
wolfSSL 16:8e0d178b1d1e 47243 byte* mem = NULL;
wolfSSL 16:8e0d178b1d1e 47244 #ifndef NO_FILESYSTEM
wolfSSL 16:8e0d178b1d1e 47245 long memSz;
wolfSSL 16:8e0d178b1d1e 47246 XFILE file;
wolfSSL 16:8e0d178b1d1e 47247 long curr;
wolfSSL 16:8e0d178b1d1e 47248 #endif
wolfSSL 16:8e0d178b1d1e 47249
wolfSSL 16:8e0d178b1d1e 47250 if ((ret = wolfSSL_BIO_pending(bio)) > 0) {
wolfSSL 16:8e0d178b1d1e 47251 }
wolfSSL 16:8e0d178b1d1e 47252 #ifndef NO_FILESYSTEM
wolfSSL 16:8e0d178b1d1e 47253 else if (bio->type == WOLFSSL_BIO_FILE) {
wolfSSL 16:8e0d178b1d1e 47254 if (wolfSSL_BIO_get_fp(bio, &file) != WOLFSSL_SUCCESS)
wolfSSL 16:8e0d178b1d1e 47255 ret = BAD_FUNC_ARG;
wolfSSL 16:8e0d178b1d1e 47256 if (ret == 0) {
wolfSSL 16:8e0d178b1d1e 47257 curr = XFTELL(file);
wolfSSL 16:8e0d178b1d1e 47258 if (curr < 0) {
wolfSSL 16:8e0d178b1d1e 47259 ret = WOLFSSL_BAD_FILE;
wolfSSL 16:8e0d178b1d1e 47260 }
wolfSSL 16:8e0d178b1d1e 47261 if (XFSEEK(file, 0, XSEEK_END) != 0)
wolfSSL 16:8e0d178b1d1e 47262 ret = WOLFSSL_BAD_FILE;
wolfSSL 16:8e0d178b1d1e 47263 }
wolfSSL 16:8e0d178b1d1e 47264 if (ret == 0) {
wolfSSL 16:8e0d178b1d1e 47265 memSz = XFTELL(file);
wolfSSL 16:8e0d178b1d1e 47266 if (memSz > MAX_WOLFSSL_FILE_SIZE || memSz < 0) {
wolfSSL 16:8e0d178b1d1e 47267 ret = WOLFSSL_BAD_FILE;
wolfSSL 16:8e0d178b1d1e 47268 }
wolfSSL 16:8e0d178b1d1e 47269 }
wolfSSL 16:8e0d178b1d1e 47270 if (ret == 0) {
wolfSSL 16:8e0d178b1d1e 47271 memSz -= curr;
wolfSSL 16:8e0d178b1d1e 47272 ret = (int)memSz;
wolfSSL 16:8e0d178b1d1e 47273 if (XFSEEK(file, curr, SEEK_SET) != 0)
wolfSSL 16:8e0d178b1d1e 47274 ret = WOLFSSL_BAD_FILE;
wolfSSL 16:8e0d178b1d1e 47275 }
wolfSSL 16:8e0d178b1d1e 47276 }
wolfSSL 16:8e0d178b1d1e 47277 #endif
wolfSSL 16:8e0d178b1d1e 47278
wolfSSL 16:8e0d178b1d1e 47279 if (ret > 0) {
wolfSSL 16:8e0d178b1d1e 47280 mem = (byte*)XMALLOC(ret, bio->heap, DYNAMIC_TYPE_OPENSSL);
wolfSSL 16:8e0d178b1d1e 47281 if (mem == NULL) {
wolfSSL 16:8e0d178b1d1e 47282 WOLFSSL_MSG("Memory error");
wolfSSL 16:8e0d178b1d1e 47283 ret = MEMORY_E;
wolfSSL 16:8e0d178b1d1e 47284 }
wolfSSL 16:8e0d178b1d1e 47285 if (ret >= 0) {
wolfSSL 16:8e0d178b1d1e 47286 if ((ret = wolfSSL_BIO_read(bio, mem, ret)) <= 0) {
wolfSSL 16:8e0d178b1d1e 47287 XFREE(mem, bio->heap, DYNAMIC_TYPE_OPENSSL);
wolfSSL 16:8e0d178b1d1e 47288 ret = MEMORY_E;
wolfSSL 16:8e0d178b1d1e 47289 mem = NULL;
wolfSSL 16:8e0d178b1d1e 47290 }
wolfSSL 16:8e0d178b1d1e 47291 }
wolfSSL 16:8e0d178b1d1e 47292 }
wolfSSL 16:8e0d178b1d1e 47293
wolfSSL 16:8e0d178b1d1e 47294 *data = mem;
wolfSSL 16:8e0d178b1d1e 47295
wolfSSL 16:8e0d178b1d1e 47296 return ret;
wolfSSL 16:8e0d178b1d1e 47297 }
wolfSSL 16:8e0d178b1d1e 47298
wolfSSL 16:8e0d178b1d1e 47299 #ifndef NO_WOLFSSL_STUB
wolfSSL 16:8e0d178b1d1e 47300 void wolfSSL_BIO_set_init(WOLFSSL_BIO* bio, int init)
wolfSSL 16:8e0d178b1d1e 47301 {
wolfSSL 16:8e0d178b1d1e 47302 WOLFSSL_STUB("wolfSSL_BIO_set_init");
wolfSSL 16:8e0d178b1d1e 47303 (void)bio;
wolfSSL 16:8e0d178b1d1e 47304 (void)init;
wolfSSL 16:8e0d178b1d1e 47305 }
wolfSSL 16:8e0d178b1d1e 47306
wolfSSL 16:8e0d178b1d1e 47307 void wolfSSL_BIO_set_shutdown(WOLFSSL_BIO* bio, int shut)
wolfSSL 16:8e0d178b1d1e 47308 {
wolfSSL 16:8e0d178b1d1e 47309 WOLFSSL_STUB("wolfSSL_BIO_set_shutdown");
wolfSSL 16:8e0d178b1d1e 47310 (void)bio;
wolfSSL 16:8e0d178b1d1e 47311 (void)shut;
wolfSSL 16:8e0d178b1d1e 47312
wolfSSL 16:8e0d178b1d1e 47313 }
wolfSSL 16:8e0d178b1d1e 47314 int wolfSSL_BIO_get_shutdown(WOLFSSL_BIO* bio)
wolfSSL 16:8e0d178b1d1e 47315 {
wolfSSL 16:8e0d178b1d1e 47316 WOLFSSL_STUB("wolfSSL_BIO_get_shutdown");
wolfSSL 16:8e0d178b1d1e 47317 (void)bio;
wolfSSL 16:8e0d178b1d1e 47318 return 0;
wolfSSL 16:8e0d178b1d1e 47319 }
wolfSSL 16:8e0d178b1d1e 47320 #endif /* NO_WOLFSSL_STUB */
wolfSSL 16:8e0d178b1d1e 47321
wolfSSL 16:8e0d178b1d1e 47322 void wolfSSL_BIO_clear_retry_flags(WOLFSSL_BIO* bio)
wolfSSL 16:8e0d178b1d1e 47323 {
wolfSSL 16:8e0d178b1d1e 47324 WOLFSSL_ENTER("wolfSSL_BIO_clear_retry_flags");
wolfSSL 16:8e0d178b1d1e 47325
wolfSSL 16:8e0d178b1d1e 47326 if (bio)
wolfSSL 16:8e0d178b1d1e 47327 bio->flags &= ~(WOLFSSL_BIO_FLAG_READ|WOLFSSL_BIO_FLAG_RETRY);
wolfSSL 16:8e0d178b1d1e 47328 }
wolfSSL 16:8e0d178b1d1e 47329
wolfSSL 16:8e0d178b1d1e 47330 int wolfSSL_BIO_should_retry(WOLFSSL_BIO *bio)
wolfSSL 16:8e0d178b1d1e 47331 {
wolfSSL 16:8e0d178b1d1e 47332 int ret = 0;
wolfSSL 16:8e0d178b1d1e 47333 if (bio != NULL) {
wolfSSL 16:8e0d178b1d1e 47334 ret = (int)(bio->flags & WOLFSSL_BIO_FLAG_RETRY);
wolfSSL 16:8e0d178b1d1e 47335 }
wolfSSL 16:8e0d178b1d1e 47336
wolfSSL 16:8e0d178b1d1e 47337 return ret;
wolfSSL 16:8e0d178b1d1e 47338 }
wolfSSL 16:8e0d178b1d1e 47339
wolfSSL 16:8e0d178b1d1e 47340 /* DER data is PKCS#8 encrypted. */
wolfSSL 16:8e0d178b1d1e 47341 WOLFSSL_EVP_PKEY* wolfSSL_d2i_PKCS8PrivateKey_bio(WOLFSSL_BIO* bio,
wolfSSL 16:8e0d178b1d1e 47342 WOLFSSL_EVP_PKEY** pkey,
wolfSSL 16:8e0d178b1d1e 47343 pem_password_cb* cb,
wolfSSL 16:8e0d178b1d1e 47344 void* ctx)
wolfSSL 16:8e0d178b1d1e 47345 {
wolfSSL 16:8e0d178b1d1e 47346 int ret;
wolfSSL 16:8e0d178b1d1e 47347 byte* der;
wolfSSL 16:8e0d178b1d1e 47348 int len;
wolfSSL 16:8e0d178b1d1e 47349 byte* p;
wolfSSL 16:8e0d178b1d1e 47350 char password[NAME_SZ];
wolfSSL 16:8e0d178b1d1e 47351 int passwordSz;
wolfSSL 16:8e0d178b1d1e 47352 word32 algId;
wolfSSL 16:8e0d178b1d1e 47353 WOLFSSL_EVP_PKEY* key;
wolfSSL 16:8e0d178b1d1e 47354
wolfSSL 16:8e0d178b1d1e 47355 if ((len = bio_get_data(bio, &der)) < 0)
wolfSSL 16:8e0d178b1d1e 47356 return NULL;
wolfSSL 16:8e0d178b1d1e 47357
wolfSSL 16:8e0d178b1d1e 47358 if (cb != NULL) {
wolfSSL 16:8e0d178b1d1e 47359 passwordSz = cb(password, sizeof(password), PEM_PASS_READ, ctx);
wolfSSL 16:8e0d178b1d1e 47360 if (passwordSz < 0) {
wolfSSL 16:8e0d178b1d1e 47361 XFREE(der, bio->heap, DYNAMIC_TYPE_OPENSSL);
wolfSSL 16:8e0d178b1d1e 47362 return NULL;
wolfSSL 16:8e0d178b1d1e 47363 }
wolfSSL 16:8e0d178b1d1e 47364
wolfSSL 16:8e0d178b1d1e 47365 ret = ToTraditionalEnc(der, len, password, passwordSz, &algId);
wolfSSL 16:8e0d178b1d1e 47366 if (ret < 0) {
wolfSSL 16:8e0d178b1d1e 47367 XFREE(der, bio->heap, DYNAMIC_TYPE_OPENSSL);
wolfSSL 16:8e0d178b1d1e 47368 return NULL;
wolfSSL 16:8e0d178b1d1e 47369 }
wolfSSL 16:8e0d178b1d1e 47370
wolfSSL 16:8e0d178b1d1e 47371 XMEMSET(password, 0, passwordSz);
wolfSSL 16:8e0d178b1d1e 47372 }
wolfSSL 16:8e0d178b1d1e 47373
wolfSSL 16:8e0d178b1d1e 47374 p = der;
wolfSSL 16:8e0d178b1d1e 47375 key = wolfSSL_d2i_PrivateKey_EVP(pkey, &p, len);
wolfSSL 16:8e0d178b1d1e 47376 XFREE(der, bio->heap, DYNAMIC_TYPE_OPENSSL);
wolfSSL 16:8e0d178b1d1e 47377 return key;
wolfSSL 16:8e0d178b1d1e 47378 }
wolfSSL 16:8e0d178b1d1e 47379
wolfSSL 16:8e0d178b1d1e 47380 /* Detect which type of key it is before decoding. */
wolfSSL 16:8e0d178b1d1e 47381 WOLFSSL_EVP_PKEY* wolfSSL_d2i_AutoPrivateKey(WOLFSSL_EVP_PKEY** pkey,
wolfSSL 16:8e0d178b1d1e 47382 const unsigned char** pp,
wolfSSL 16:8e0d178b1d1e 47383 long length)
wolfSSL 16:8e0d178b1d1e 47384 {
wolfSSL 16:8e0d178b1d1e 47385 int ret;
wolfSSL 16:8e0d178b1d1e 47386 WOLFSSL_EVP_PKEY* key = NULL;
wolfSSL 16:8e0d178b1d1e 47387 const byte* der = *pp;
wolfSSL 16:8e0d178b1d1e 47388 word32 idx = 0;
wolfSSL 16:8e0d178b1d1e 47389 int len = 0;
wolfSSL 16:8e0d178b1d1e 47390 word32 end = 0;
wolfSSL 16:8e0d178b1d1e 47391 int cnt = 0;
wolfSSL 16:8e0d178b1d1e 47392 int type;
wolfSSL 16:8e0d178b1d1e 47393 word32 algId;
wolfSSL 16:8e0d178b1d1e 47394 word32 keyLen = (word32)length;
wolfSSL 16:8e0d178b1d1e 47395
wolfSSL 16:8e0d178b1d1e 47396 /* Take off PKCS#8 wrapper if found. */
wolfSSL 16:8e0d178b1d1e 47397 if ((len = ToTraditionalInline_ex(der, &idx, keyLen, &algId)) >= 0) {
wolfSSL 16:8e0d178b1d1e 47398 der += idx;
wolfSSL 16:8e0d178b1d1e 47399 keyLen = len;
wolfSSL 16:8e0d178b1d1e 47400 }
wolfSSL 16:8e0d178b1d1e 47401 idx = 0;
wolfSSL 16:8e0d178b1d1e 47402 len = 0;
wolfSSL 16:8e0d178b1d1e 47403
wolfSSL 16:8e0d178b1d1e 47404 /* Use the number of elements in the outer sequence to determine key type.
wolfSSL 16:8e0d178b1d1e 47405 */
wolfSSL 16:8e0d178b1d1e 47406 ret = GetSequence(der, &idx, &len, keyLen);
wolfSSL 16:8e0d178b1d1e 47407 if (ret >= 0) {
wolfSSL 16:8e0d178b1d1e 47408 end = idx + len;
wolfSSL 16:8e0d178b1d1e 47409 while (ret >= 0 && idx < end) {
wolfSSL 16:8e0d178b1d1e 47410 /* Skip type */
wolfSSL 16:8e0d178b1d1e 47411 idx++;
wolfSSL 16:8e0d178b1d1e 47412 /* Get length and skip over - keeping count */
wolfSSL 16:8e0d178b1d1e 47413 len = 0;
wolfSSL 16:8e0d178b1d1e 47414 ret = GetLength(der, &idx, &len, keyLen);
wolfSSL 16:8e0d178b1d1e 47415 if (ret >= 0) {
wolfSSL 16:8e0d178b1d1e 47416 if (idx + len > end)
wolfSSL 16:8e0d178b1d1e 47417 ret = ASN_PARSE_E;
wolfSSL 16:8e0d178b1d1e 47418 else {
wolfSSL 16:8e0d178b1d1e 47419 idx += len;
wolfSSL 16:8e0d178b1d1e 47420 cnt++;
wolfSSL 16:8e0d178b1d1e 47421 }
wolfSSL 16:8e0d178b1d1e 47422 }
wolfSSL 16:8e0d178b1d1e 47423 }
wolfSSL 16:8e0d178b1d1e 47424 }
wolfSSL 16:8e0d178b1d1e 47425
wolfSSL 16:8e0d178b1d1e 47426 if (ret >= 0) {
wolfSSL 16:8e0d178b1d1e 47427 /* ECC includes version, private[, curve][, public key] */
wolfSSL 16:8e0d178b1d1e 47428 if (cnt >= 2 && cnt <= 4)
wolfSSL 16:8e0d178b1d1e 47429 type = EVP_PKEY_EC;
wolfSSL 16:8e0d178b1d1e 47430 else
wolfSSL 16:8e0d178b1d1e 47431 type = EVP_PKEY_RSA;
wolfSSL 16:8e0d178b1d1e 47432
wolfSSL 16:8e0d178b1d1e 47433 key = wolfSSL_d2i_PrivateKey(type, pkey, &der, keyLen);
wolfSSL 16:8e0d178b1d1e 47434 *pp = der;
wolfSSL 16:8e0d178b1d1e 47435 }
wolfSSL 16:8e0d178b1d1e 47436
wolfSSL 16:8e0d178b1d1e 47437 return key;
wolfSSL 16:8e0d178b1d1e 47438 }
wolfSSL 16:8e0d178b1d1e 47439 #endif
wolfSSL 16:8e0d178b1d1e 47440
wolfSSL 16:8e0d178b1d1e 47441 #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
wolfSSL 16:8e0d178b1d1e 47442 defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ)
wolfSSL 16:8e0d178b1d1e 47443 int wolfSSL_X509_set_subject_name(WOLFSSL_X509 *cert, WOLFSSL_X509_NAME *name)
wolfSSL 16:8e0d178b1d1e 47444 {
wolfSSL 16:8e0d178b1d1e 47445 int i;
wolfSSL 16:8e0d178b1d1e 47446 WOLFSSL_X509_NAME_ENTRY* ne;
wolfSSL 16:8e0d178b1d1e 47447
wolfSSL 16:8e0d178b1d1e 47448 WOLFSSL_ENTER("X509_set_subject_name");
wolfSSL 16:8e0d178b1d1e 47449 if (cert == NULL || name == NULL)
wolfSSL 16:8e0d178b1d1e 47450 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 47451
wolfSSL 16:8e0d178b1d1e 47452 FreeX509Name(&cert->subject, cert->heap);
wolfSSL 16:8e0d178b1d1e 47453 InitX509Name(&cert->subject, 0);
wolfSSL 16:8e0d178b1d1e 47454 if (name->dynamicName) {
wolfSSL 16:8e0d178b1d1e 47455 cert->subject.name = (char*)XMALLOC(name->sz, cert->heap,
wolfSSL 16:8e0d178b1d1e 47456 DYNAMIC_TYPE_SUBJECT_CN);
wolfSSL 16:8e0d178b1d1e 47457 if (cert->subject.name == NULL)
wolfSSL 16:8e0d178b1d1e 47458 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 47459 }
wolfSSL 16:8e0d178b1d1e 47460 XMEMCPY(cert->subject.name, name->name, name->sz);
wolfSSL 16:8e0d178b1d1e 47461 cert->subject.sz = name->sz;
wolfSSL 16:8e0d178b1d1e 47462
wolfSSL 16:8e0d178b1d1e 47463 for (i = 0; i < 10; i++) {
wolfSSL 16:8e0d178b1d1e 47464 ne = wolfSSL_X509_NAME_get_entry(name, i);
wolfSSL 16:8e0d178b1d1e 47465 if (ne != NULL)
wolfSSL 16:8e0d178b1d1e 47466 wolfSSL_X509_NAME_add_entry(&cert->subject, ne, i, 1);
wolfSSL 16:8e0d178b1d1e 47467 }
wolfSSL 16:8e0d178b1d1e 47468 cert->subject.x509 = cert;
wolfSSL 16:8e0d178b1d1e 47469 cert->subject.name = cert->subject.fullName.fullName;
wolfSSL 16:8e0d178b1d1e 47470 cert->subject.sz = cert->subject.fullName.fullNameLen;
wolfSSL 16:8e0d178b1d1e 47471
wolfSSL 16:8e0d178b1d1e 47472 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 47473 }
wolfSSL 16:8e0d178b1d1e 47474
wolfSSL 16:8e0d178b1d1e 47475 int wolfSSL_X509_set_issuer_name(WOLFSSL_X509 *cert, WOLFSSL_X509_NAME *name)
wolfSSL 16:8e0d178b1d1e 47476 {
wolfSSL 16:8e0d178b1d1e 47477 int i;
wolfSSL 16:8e0d178b1d1e 47478 WOLFSSL_X509_NAME_ENTRY* ne;
wolfSSL 16:8e0d178b1d1e 47479
wolfSSL 16:8e0d178b1d1e 47480 WOLFSSL_ENTER("X509_set_issuer_name");
wolfSSL 16:8e0d178b1d1e 47481 if (cert == NULL || name == NULL)
wolfSSL 16:8e0d178b1d1e 47482 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 47483
wolfSSL 16:8e0d178b1d1e 47484 FreeX509Name(&cert->issuer, cert->heap);
wolfSSL 16:8e0d178b1d1e 47485 InitX509Name(&cert->issuer, 0);
wolfSSL 16:8e0d178b1d1e 47486 if (name->dynamicName) {
wolfSSL 16:8e0d178b1d1e 47487 cert->issuer.name = (char*)XMALLOC(name->sz, cert->heap,
wolfSSL 16:8e0d178b1d1e 47488 DYNAMIC_TYPE_SUBJECT_CN);
wolfSSL 16:8e0d178b1d1e 47489 if (cert->issuer.name == NULL)
wolfSSL 16:8e0d178b1d1e 47490 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 47491 }
wolfSSL 16:8e0d178b1d1e 47492 XMEMCPY(cert->issuer.name, name->name, name->sz);
wolfSSL 16:8e0d178b1d1e 47493 cert->issuer.sz = name->sz;
wolfSSL 16:8e0d178b1d1e 47494
wolfSSL 16:8e0d178b1d1e 47495 for (i = 0; i < 10; i++) {
wolfSSL 16:8e0d178b1d1e 47496 ne = wolfSSL_X509_NAME_get_entry(name, i);
wolfSSL 16:8e0d178b1d1e 47497 if (ne != NULL)
wolfSSL 16:8e0d178b1d1e 47498 wolfSSL_X509_NAME_add_entry(&cert->issuer, ne, i, 1);
wolfSSL 16:8e0d178b1d1e 47499 }
wolfSSL 16:8e0d178b1d1e 47500 cert->issuer.x509 = cert;
wolfSSL 16:8e0d178b1d1e 47501 cert->issuer.name = cert->issuer.fullName.fullName;
wolfSSL 16:8e0d178b1d1e 47502 cert->issuer.sz = cert->issuer.fullName.fullNameLen;
wolfSSL 16:8e0d178b1d1e 47503 cert->issuerSet = 1;
wolfSSL 16:8e0d178b1d1e 47504
wolfSSL 16:8e0d178b1d1e 47505 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 47506 }
wolfSSL 16:8e0d178b1d1e 47507
wolfSSL 16:8e0d178b1d1e 47508 int wolfSSL_X509_set_notAfter(WOLFSSL_X509* x509, const WOLFSSL_ASN1_TIME* t)
wolfSSL 16:8e0d178b1d1e 47509 {
wolfSSL 16:8e0d178b1d1e 47510 if (x509 == NULL || t == NULL) {
wolfSSL 16:8e0d178b1d1e 47511 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 47512 }
wolfSSL 16:8e0d178b1d1e 47513
wolfSSL 16:8e0d178b1d1e 47514 XMEMCPY(&x509->notAfter, t, sizeof(WOLFSSL_ASN1_TIME));
wolfSSL 16:8e0d178b1d1e 47515
wolfSSL 16:8e0d178b1d1e 47516 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 47517 }
wolfSSL 16:8e0d178b1d1e 47518
wolfSSL 16:8e0d178b1d1e 47519 int wolfSSL_X509_set_notBefore(WOLFSSL_X509* x509, const WOLFSSL_ASN1_TIME* t)
wolfSSL 16:8e0d178b1d1e 47520 {
wolfSSL 16:8e0d178b1d1e 47521 if (x509 == NULL || t == NULL) {
wolfSSL 16:8e0d178b1d1e 47522 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 47523 }
wolfSSL 16:8e0d178b1d1e 47524
wolfSSL 16:8e0d178b1d1e 47525 XMEMCPY(&x509->notBefore, t, sizeof(WOLFSSL_ASN1_TIME));
wolfSSL 16:8e0d178b1d1e 47526
wolfSSL 16:8e0d178b1d1e 47527 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 47528 }
wolfSSL 16:8e0d178b1d1e 47529
wolfSSL 16:8e0d178b1d1e 47530 int wolfSSL_X509_set_serialNumber(WOLFSSL_X509* x509, WOLFSSL_ASN1_INTEGER* s)
wolfSSL 16:8e0d178b1d1e 47531 {
wolfSSL 16:8e0d178b1d1e 47532 WOLFSSL_ENTER("wolfSSL_X509_set_serialNumber");
wolfSSL 16:8e0d178b1d1e 47533 if (!x509 || !s || s->dataMax >= EXTERNAL_SERIAL_SIZE)
wolfSSL 16:8e0d178b1d1e 47534 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 47535
wolfSSL 16:8e0d178b1d1e 47536 if (s->isDynamic)
wolfSSL 16:8e0d178b1d1e 47537 XSTRNCPY((char*)x509->serial,(char*)s->data,s->dataMax);
wolfSSL 16:8e0d178b1d1e 47538 else
wolfSSL 16:8e0d178b1d1e 47539 XSTRNCPY((char*)x509->serial,(char*)s->intData,s->dataMax);
wolfSSL 16:8e0d178b1d1e 47540
wolfSSL 16:8e0d178b1d1e 47541 x509->serial[s->dataMax] = 0;
wolfSSL 16:8e0d178b1d1e 47542 x509->serialSz = s->dataMax;
wolfSSL 16:8e0d178b1d1e 47543
wolfSSL 16:8e0d178b1d1e 47544 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 47545 }
wolfSSL 16:8e0d178b1d1e 47546
wolfSSL 16:8e0d178b1d1e 47547
wolfSSL 16:8e0d178b1d1e 47548 int wolfSSL_X509_set_pubkey(WOLFSSL_X509 *cert, WOLFSSL_EVP_PKEY *pkey)
wolfSSL 16:8e0d178b1d1e 47549 {
wolfSSL 16:8e0d178b1d1e 47550 byte* p;
wolfSSL 16:8e0d178b1d1e 47551 WOLFSSL_ENTER("wolfSSL_X509_set_pubkey");
wolfSSL 16:8e0d178b1d1e 47552
wolfSSL 16:8e0d178b1d1e 47553 if (cert == NULL || pkey == NULL)
wolfSSL 16:8e0d178b1d1e 47554 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 47555
wolfSSL 16:8e0d178b1d1e 47556 if (pkey->type == EVP_PKEY_RSA)
wolfSSL 16:8e0d178b1d1e 47557 cert->pubKeyOID = RSAk;
wolfSSL 16:8e0d178b1d1e 47558 else if (pkey->type == EVP_PKEY_EC)
wolfSSL 16:8e0d178b1d1e 47559 cert->pubKeyOID = ECDSAk;
wolfSSL 16:8e0d178b1d1e 47560 else
wolfSSL 16:8e0d178b1d1e 47561 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 47562
wolfSSL 16:8e0d178b1d1e 47563 p = (byte*)XMALLOC(pkey->pkey_sz, cert->heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 16:8e0d178b1d1e 47564 if (p == NULL)
wolfSSL 16:8e0d178b1d1e 47565 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 47566
wolfSSL 16:8e0d178b1d1e 47567 if (cert->pubKey.buffer != NULL)
wolfSSL 16:8e0d178b1d1e 47568 XFREE(cert->pubKey.buffer, cert->heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 16:8e0d178b1d1e 47569 cert->pubKey.buffer = p;
wolfSSL 16:8e0d178b1d1e 47570 XMEMCPY(cert->pubKey.buffer, pkey->pkey.ptr, pkey->pkey_sz);
wolfSSL 16:8e0d178b1d1e 47571 cert->pubKey.length = pkey->pkey_sz;
wolfSSL 16:8e0d178b1d1e 47572
wolfSSL 16:8e0d178b1d1e 47573 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 47574 }
wolfSSL 16:8e0d178b1d1e 47575
wolfSSL 16:8e0d178b1d1e 47576 int wolfSSL_X509_set_version(WOLFSSL_X509* x509, long v)
wolfSSL 16:8e0d178b1d1e 47577 {
wolfSSL 16:8e0d178b1d1e 47578 WOLFSSL_ENTER("wolfSSL_X509_set_version");
wolfSSL 16:8e0d178b1d1e 47579 if ((x509 == NULL) || (v < 0) || (v > INT_MAX)) {
wolfSSL 16:8e0d178b1d1e 47580 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 47581 }
wolfSSL 16:8e0d178b1d1e 47582 x509->version = (int) v + 1;
wolfSSL 16:8e0d178b1d1e 47583
wolfSSL 16:8e0d178b1d1e 47584 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 47585 }
wolfSSL 16:8e0d178b1d1e 47586
wolfSSL 16:8e0d178b1d1e 47587 #endif /* OPENSSL_EXTRA && !NO_CERTS && WOLFSSL_CERT_GEN && WOLFSSL_CERT_REQ */
wolfSSL 16:8e0d178b1d1e 47588
wolfSSL 16:8e0d178b1d1e 47589 #if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \
wolfSSL 16:8e0d178b1d1e 47590 defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ)
wolfSSL 16:8e0d178b1d1e 47591
wolfSSL 16:8e0d178b1d1e 47592 void wolfSSL_X509V3_set_ctx(WOLFSSL_X509V3_CTX* ctx, WOLFSSL_X509* issuer,
wolfSSL 16:8e0d178b1d1e 47593 WOLFSSL_X509* subject, WOLFSSL_X509* req, WOLFSSL_X509_CRL* crl,
wolfSSL 16:8e0d178b1d1e 47594 int flag)
wolfSSL 16:8e0d178b1d1e 47595 {
wolfSSL 16:8e0d178b1d1e 47596 int ret = WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 47597 WOLFSSL_ENTER("wolfSSL_X509V3_set_ctx");
wolfSSL 16:8e0d178b1d1e 47598 if (!ctx || !ctx->x509)
wolfSSL 16:8e0d178b1d1e 47599 return;
wolfSSL 16:8e0d178b1d1e 47600
wolfSSL 16:8e0d178b1d1e 47601 /* Set parameters in ctx as long as ret == WOLFSSL_SUCCESS */
wolfSSL 16:8e0d178b1d1e 47602 if (issuer)
wolfSSL 16:8e0d178b1d1e 47603 ret = wolfSSL_X509_set_issuer_name(ctx->x509,&issuer->issuer);
wolfSSL 16:8e0d178b1d1e 47604
wolfSSL 16:8e0d178b1d1e 47605 if (subject && ret == WOLFSSL_SUCCESS)
wolfSSL 16:8e0d178b1d1e 47606 ret = wolfSSL_X509_set_subject_name(ctx->x509,&subject->subject);
wolfSSL 16:8e0d178b1d1e 47607
wolfSSL 16:8e0d178b1d1e 47608 if (req && ret == WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 47609 WOLFSSL_MSG("req not implemented.");
wolfSSL 16:8e0d178b1d1e 47610 }
wolfSSL 16:8e0d178b1d1e 47611
wolfSSL 16:8e0d178b1d1e 47612 if (crl && ret == WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 47613 WOLFSSL_MSG("crl not implemented.");
wolfSSL 16:8e0d178b1d1e 47614 }
wolfSSL 16:8e0d178b1d1e 47615
wolfSSL 16:8e0d178b1d1e 47616 if (flag && ret == WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 47617 WOLFSSL_MSG("flag not implemented.");
wolfSSL 16:8e0d178b1d1e 47618 }
wolfSSL 16:8e0d178b1d1e 47619
wolfSSL 16:8e0d178b1d1e 47620 if (!ret) {
wolfSSL 16:8e0d178b1d1e 47621 WOLFSSL_MSG("Error setting WOLFSSL_X509V3_CTX parameters.");
wolfSSL 16:8e0d178b1d1e 47622 }
wolfSSL 16:8e0d178b1d1e 47623 }
wolfSSL 16:8e0d178b1d1e 47624
wolfSSL 16:8e0d178b1d1e 47625 int wolfSSL_i2d_X509_REQ(WOLFSSL_X509* req, unsigned char** out)
wolfSSL 16:8e0d178b1d1e 47626 {
wolfSSL 16:8e0d178b1d1e 47627 const unsigned char* der;
wolfSSL 16:8e0d178b1d1e 47628 int derSz = 0;
wolfSSL 16:8e0d178b1d1e 47629 WOLFSSL_ENTER("wolfSSL_i2d_X509_REQ");
wolfSSL 16:8e0d178b1d1e 47630
wolfSSL 16:8e0d178b1d1e 47631 if (req == NULL || out == NULL) {
wolfSSL 16:8e0d178b1d1e 47632 return BAD_FUNC_ARG;
wolfSSL 16:8e0d178b1d1e 47633 }
wolfSSL 16:8e0d178b1d1e 47634
wolfSSL 16:8e0d178b1d1e 47635 der = wolfSSL_X509_get_der(req, &derSz);
wolfSSL 16:8e0d178b1d1e 47636 if (der == NULL) {
wolfSSL 16:8e0d178b1d1e 47637 return MEMORY_E;
wolfSSL 16:8e0d178b1d1e 47638 }
wolfSSL 16:8e0d178b1d1e 47639
wolfSSL 16:8e0d178b1d1e 47640 if (*out == NULL) {
wolfSSL 16:8e0d178b1d1e 47641 *out = (unsigned char*)XMALLOC(derSz, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL 16:8e0d178b1d1e 47642 if (*out == NULL) {
wolfSSL 16:8e0d178b1d1e 47643 return MEMORY_E;
wolfSSL 16:8e0d178b1d1e 47644 }
wolfSSL 16:8e0d178b1d1e 47645 }
wolfSSL 16:8e0d178b1d1e 47646
wolfSSL 16:8e0d178b1d1e 47647 XMEMCPY(*out, der, derSz);
wolfSSL 16:8e0d178b1d1e 47648
wolfSSL 16:8e0d178b1d1e 47649 return derSz;
wolfSSL 16:8e0d178b1d1e 47650 }
wolfSSL 16:8e0d178b1d1e 47651
wolfSSL 16:8e0d178b1d1e 47652 WOLFSSL_X509* wolfSSL_X509_REQ_new(void)
wolfSSL 16:8e0d178b1d1e 47653 {
wolfSSL 16:8e0d178b1d1e 47654 return wolfSSL_X509_new();
wolfSSL 16:8e0d178b1d1e 47655 }
wolfSSL 16:8e0d178b1d1e 47656
wolfSSL 16:8e0d178b1d1e 47657 void wolfSSL_X509_REQ_free(WOLFSSL_X509* req)
wolfSSL 16:8e0d178b1d1e 47658 {
wolfSSL 16:8e0d178b1d1e 47659 wolfSSL_X509_free(req);
wolfSSL 16:8e0d178b1d1e 47660 }
wolfSSL 16:8e0d178b1d1e 47661
wolfSSL 16:8e0d178b1d1e 47662 int wolfSSL_X509_REQ_sign(WOLFSSL_X509 *req, WOLFSSL_EVP_PKEY *pkey,
wolfSSL 16:8e0d178b1d1e 47663 const WOLFSSL_EVP_MD *md)
wolfSSL 16:8e0d178b1d1e 47664 {
wolfSSL 16:8e0d178b1d1e 47665 byte der[2048];
wolfSSL 16:8e0d178b1d1e 47666 int derSz = sizeof(der);
wolfSSL 16:8e0d178b1d1e 47667
wolfSSL 16:8e0d178b1d1e 47668 if (req == NULL || pkey == NULL || md == NULL)
wolfSSL 16:8e0d178b1d1e 47669 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 47670
wolfSSL 16:8e0d178b1d1e 47671 /* Create a Cert that has the certificate request fields. */
wolfSSL 16:8e0d178b1d1e 47672 req->sigOID = wolfSSL_sigTypeFromPKEY((WOLFSSL_EVP_MD*)md, pkey);
wolfSSL 16:8e0d178b1d1e 47673 if (wolfSSL_X509_make_der(req, 1, der, &derSz) != WOLFSSL_SUCCESS) {
wolfSSL 16:8e0d178b1d1e 47674 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 47675 }
wolfSSL 16:8e0d178b1d1e 47676
wolfSSL 16:8e0d178b1d1e 47677 if (wolfSSL_X509_resign_cert(req, 1, der, sizeof(der), derSz,
wolfSSL 16:8e0d178b1d1e 47678 (WOLFSSL_EVP_MD*)md, pkey) <= 0) {
wolfSSL 16:8e0d178b1d1e 47679 return WOLFSSL_FAILURE;
wolfSSL 16:8e0d178b1d1e 47680 }
wolfSSL 16:8e0d178b1d1e 47681 return WOLFSSL_SUCCESS;
wolfSSL 16:8e0d178b1d1e 47682 }
wolfSSL 16:8e0d178b1d1e 47683
wolfSSL 16:8e0d178b1d1e 47684
wolfSSL 16:8e0d178b1d1e 47685 #ifndef NO_WOLFSSL_STUB
wolfSSL 16:8e0d178b1d1e 47686 int wolfSSL_X509_REQ_add_extensions(WOLFSSL_X509* req,
wolfSSL 16:8e0d178b1d1e 47687 WOLF_STACK_OF(WOLFSSL_X509_EXTENSION)* ext)
wolfSSL 16:8e0d178b1d1e 47688 {
wolfSSL 16:8e0d178b1d1e 47689 (void)req;
wolfSSL 16:8e0d178b1d1e 47690 (void)ext;
wolfSSL 16:8e0d178b1d1e 47691 return WOLFSSL_FATAL_ERROR;
wolfSSL 16:8e0d178b1d1e 47692 }
wolfSSL 16:8e0d178b1d1e 47693 #endif
wolfSSL 16:8e0d178b1d1e 47694
wolfSSL 16:8e0d178b1d1e 47695 int wolfSSL_X509_REQ_set_subject_name(WOLFSSL_X509 *req,
wolfSSL 16:8e0d178b1d1e 47696 WOLFSSL_X509_NAME *name)
wolfSSL 16:8e0d178b1d1e 47697 {
wolfSSL 16:8e0d178b1d1e 47698 return wolfSSL_X509_set_subject_name(req, name);
wolfSSL 16:8e0d178b1d1e 47699 }
wolfSSL 16:8e0d178b1d1e 47700
wolfSSL 16:8e0d178b1d1e 47701 int wolfSSL_X509_REQ_set_pubkey(WOLFSSL_X509 *req, WOLFSSL_EVP_PKEY *pkey)
wolfSSL 16:8e0d178b1d1e 47702 {
wolfSSL 16:8e0d178b1d1e 47703 return wolfSSL_X509_set_pubkey(req, pkey);
wolfSSL 16:8e0d178b1d1e 47704 }
wolfSSL 16:8e0d178b1d1e 47705 #endif /* OPENSSL_EXTRA && !NO_CERTS && WOLFSSL_CERT_GEN && WOLFSSL_CERT_REQ */
wolfSSL 16:8e0d178b1d1e 47706
wolfSSL 16:8e0d178b1d1e 47707
wolfSSL 15:117db924cf7c 47708