wolf SSL / wolfSSL

wolfSSL SSL/TLS library, support up to TLS1.3

Dependents:   CyaSSL-Twitter-OAuth4Tw Example-client-tls-cert TwitterReader TweetTest ... more

src/internal.c@11:cee25a834751, 2017-05-30 (annotated)

Committer:
wolfSSL
Date:
Tue May 30 01:44:10 2017 +0000
Revision:
11:cee25a834751
wolfSSL 3.11.0

Who changed what in which revision?

UserRevisionLine numberNew contents of line
wolfSSL 11:cee25a834751 1 /* internal.c
wolfSSL 11:cee25a834751 2 *
wolfSSL 11:cee25a834751 3 * Copyright (C) 2006-2016 wolfSSL Inc.
wolfSSL 11:cee25a834751 4 *
wolfSSL 11:cee25a834751 5 * This file is part of wolfSSL.
wolfSSL 11:cee25a834751 6 *
wolfSSL 11:cee25a834751 7 * wolfSSL is free software; you can redistribute it and/or modify
wolfSSL 11:cee25a834751 8 * it under the terms of the GNU General Public License as published by
wolfSSL 11:cee25a834751 9 * the Free Software Foundation; either version 2 of the License, or
wolfSSL 11:cee25a834751 10 * (at your option) any later version.
wolfSSL 11:cee25a834751 11 *
wolfSSL 11:cee25a834751 12 * wolfSSL is distributed in the hope that it will be useful,
wolfSSL 11:cee25a834751 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
wolfSSL 11:cee25a834751 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
wolfSSL 11:cee25a834751 15 * GNU General Public License for more details.
wolfSSL 11:cee25a834751 16 *
wolfSSL 11:cee25a834751 17 * You should have received a copy of the GNU General Public License
wolfSSL 11:cee25a834751 18 * along with this program; if not, write to the Free Software
wolfSSL 11:cee25a834751 19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
wolfSSL 11:cee25a834751 20 */
wolfSSL 11:cee25a834751 21
wolfSSL 11:cee25a834751 22
wolfSSL 11:cee25a834751 23
wolfSSL 11:cee25a834751 24 #ifdef HAVE_CONFIG_H
wolfSSL 11:cee25a834751 25 #include <config.h>
wolfSSL 11:cee25a834751 26 #endif
wolfSSL 11:cee25a834751 27
wolfSSL 11:cee25a834751 28 #include <wolfssl/wolfcrypt/settings.h>
wolfSSL 11:cee25a834751 29
wolfSSL 11:cee25a834751 30 #ifndef WOLFCRYPT_ONLY
wolfSSL 11:cee25a834751 31
wolfSSL 11:cee25a834751 32 #include <wolfssl/internal.h>
wolfSSL 11:cee25a834751 33 #include <wolfssl/error-ssl.h>
wolfSSL 11:cee25a834751 34 #include <wolfssl/wolfcrypt/asn.h>
wolfSSL 11:cee25a834751 35 #include <wolfssl/wolfcrypt/dh.h>
wolfSSL 11:cee25a834751 36 #ifdef NO_INLINE
wolfSSL 11:cee25a834751 37 #include <wolfssl/wolfcrypt/misc.h>
wolfSSL 11:cee25a834751 38 #else
wolfSSL 11:cee25a834751 39 #define WOLFSSL_MISC_INCLUDED
wolfSSL 11:cee25a834751 40 #include <wolfcrypt/src/misc.c>
wolfSSL 11:cee25a834751 41 #endif
wolfSSL 11:cee25a834751 42
wolfSSL 11:cee25a834751 43 #ifdef HAVE_LIBZ
wolfSSL 11:cee25a834751 44 #include "zlib.h"
wolfSSL 11:cee25a834751 45 #endif
wolfSSL 11:cee25a834751 46
wolfSSL 11:cee25a834751 47 #ifdef HAVE_NTRU
wolfSSL 11:cee25a834751 48 #include "libntruencrypt/ntru_crypto.h"
wolfSSL 11:cee25a834751 49 #endif
wolfSSL 11:cee25a834751 50
wolfSSL 11:cee25a834751 51 #if defined(DEBUG_WOLFSSL) || defined(SHOW_SECRETS) || \
wolfSSL 11:cee25a834751 52 defined(CHACHA_AEAD_TEST) || defined(WOLFSSL_SESSION_EXPORT_DEBUG)
wolfSSL 11:cee25a834751 53 #if defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX)
wolfSSL 11:cee25a834751 54 #if MQX_USE_IO_OLD
wolfSSL 11:cee25a834751 55 #include <fio.h>
wolfSSL 11:cee25a834751 56 #else
wolfSSL 11:cee25a834751 57 #include <nio.h>
wolfSSL 11:cee25a834751 58 #endif
wolfSSL 11:cee25a834751 59 #else
wolfSSL 11:cee25a834751 60 #include <stdio.h>
wolfSSL 11:cee25a834751 61 #endif
wolfSSL 11:cee25a834751 62 #endif
wolfSSL 11:cee25a834751 63
wolfSSL 11:cee25a834751 64 #ifdef __sun
wolfSSL 11:cee25a834751 65 #include <sys/filio.h>
wolfSSL 11:cee25a834751 66 #endif
wolfSSL 11:cee25a834751 67
wolfSSL 11:cee25a834751 68
wolfSSL 11:cee25a834751 69 #define ERROR_OUT(err, eLabel) { ret = (err); goto eLabel; }
wolfSSL 11:cee25a834751 70
wolfSSL 11:cee25a834751 71 #ifdef _MSC_VER
wolfSSL 11:cee25a834751 72 /* disable for while(0) cases at the .c level for now */
wolfSSL 11:cee25a834751 73 #pragma warning(disable:4127)
wolfSSL 11:cee25a834751 74 #endif
wolfSSL 11:cee25a834751 75
wolfSSL 11:cee25a834751 76 #if defined(WOLFSSL_CALLBACKS) && !defined(LARGE_STATIC_BUFFERS)
wolfSSL 11:cee25a834751 77 #error \
wolfSSL 11:cee25a834751 78 WOLFSSL_CALLBACKS needs LARGE_STATIC_BUFFERS, please add LARGE_STATIC_BUFFERS
wolfSSL 11:cee25a834751 79 #endif
wolfSSL 11:cee25a834751 80
wolfSSL 11:cee25a834751 81 #if defined(HAVE_SECURE_RENEGOTIATION) && defined(HAVE_RENEGOTIATION_INDICATION)
wolfSSL 11:cee25a834751 82 #error Cannot use both secure-renegotiation and renegotiation-indication
wolfSSL 11:cee25a834751 83 #endif
wolfSSL 11:cee25a834751 84
wolfSSL 11:cee25a834751 85 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 11:cee25a834751 86 static int DoHelloVerifyRequest(WOLFSSL* ssl, const byte* input, word32*,
wolfSSL 11:cee25a834751 87 word32);
wolfSSL 11:cee25a834751 88 static int DoServerHello(WOLFSSL* ssl, const byte* input, word32*, word32);
wolfSSL 11:cee25a834751 89 static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, word32*,
wolfSSL 11:cee25a834751 90 word32);
wolfSSL 11:cee25a834751 91 #ifndef NO_CERTS
wolfSSL 11:cee25a834751 92 static int DoCertificateRequest(WOLFSSL* ssl, const byte* input, word32*,
wolfSSL 11:cee25a834751 93 word32);
wolfSSL 11:cee25a834751 94 #endif
wolfSSL 11:cee25a834751 95 #ifdef HAVE_SESSION_TICKET
wolfSSL 11:cee25a834751 96 static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32*,
wolfSSL 11:cee25a834751 97 word32);
wolfSSL 11:cee25a834751 98 #endif
wolfSSL 11:cee25a834751 99 #endif
wolfSSL 11:cee25a834751 100
wolfSSL 11:cee25a834751 101
wolfSSL 11:cee25a834751 102 #ifndef NO_WOLFSSL_SERVER
wolfSSL 11:cee25a834751 103 static int DoClientHello(WOLFSSL* ssl, const byte* input, word32*, word32);
wolfSSL 11:cee25a834751 104 static int DoClientKeyExchange(WOLFSSL* ssl, byte* input, word32*, word32);
wolfSSL 11:cee25a834751 105 #if !defined(NO_RSA) || defined(HAVE_ECC)
wolfSSL 11:cee25a834751 106 static int DoCertificateVerify(WOLFSSL* ssl, byte*, word32*, word32);
wolfSSL 11:cee25a834751 107 #endif
wolfSSL 11:cee25a834751 108 #if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined (WOLFSSL_HAPROXY)
wolfSSL 11:cee25a834751 109 static int SNI_Callback(WOLFSSL* ssl);
wolfSSL 11:cee25a834751 110 #endif
wolfSSL 11:cee25a834751 111 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 112 static int SendHelloVerifyRequest(WOLFSSL*, const byte*, byte);
wolfSSL 11:cee25a834751 113 #endif /* WOLFSSL_DTLS */
wolfSSL 11:cee25a834751 114 #endif
wolfSSL 11:cee25a834751 115
wolfSSL 11:cee25a834751 116
wolfSSL 11:cee25a834751 117 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 118 static INLINE int DtlsCheckWindow(WOLFSSL* ssl);
wolfSSL 11:cee25a834751 119 static INLINE int DtlsUpdateWindow(WOLFSSL* ssl);
wolfSSL 11:cee25a834751 120 #endif
wolfSSL 11:cee25a834751 121
wolfSSL 11:cee25a834751 122
wolfSSL 11:cee25a834751 123 enum processReply {
wolfSSL 11:cee25a834751 124 doProcessInit = 0,
wolfSSL 11:cee25a834751 125 #ifndef NO_WOLFSSL_SERVER
wolfSSL 11:cee25a834751 126 runProcessOldClientHello,
wolfSSL 11:cee25a834751 127 #endif
wolfSSL 11:cee25a834751 128 getRecordLayerHeader,
wolfSSL 11:cee25a834751 129 getData,
wolfSSL 11:cee25a834751 130 decryptMessage,
wolfSSL 11:cee25a834751 131 verifyMessage,
wolfSSL 11:cee25a834751 132 runProcessingOneMessage
wolfSSL 11:cee25a834751 133 };
wolfSSL 11:cee25a834751 134
wolfSSL 11:cee25a834751 135 /* sub-states for build message */
wolfSSL 11:cee25a834751 136 enum buildMsgState {
wolfSSL 11:cee25a834751 137 BUILD_MSG_BEGIN = 0,
wolfSSL 11:cee25a834751 138 BUILD_MSG_SIZE,
wolfSSL 11:cee25a834751 139 BUILD_MSG_HASH,
wolfSSL 11:cee25a834751 140 BUILD_MSG_VERIFY_MAC,
wolfSSL 11:cee25a834751 141 BUILD_MSG_ENCRYPT,
wolfSSL 11:cee25a834751 142 };
wolfSSL 11:cee25a834751 143
wolfSSL 11:cee25a834751 144 /* sub-states for cipher operations */
wolfSSL 11:cee25a834751 145 enum cipherState {
wolfSSL 11:cee25a834751 146 CIPHER_STATE_BEGIN = 0,
wolfSSL 11:cee25a834751 147 CIPHER_STATE_DO,
wolfSSL 11:cee25a834751 148 CIPHER_STATE_END,
wolfSSL 11:cee25a834751 149 };
wolfSSL 11:cee25a834751 150
wolfSSL 11:cee25a834751 151 /* sub-states for send/do key share (key exchange) */
wolfSSL 11:cee25a834751 152 enum asyncState {
wolfSSL 11:cee25a834751 153 TLS_ASYNC_BEGIN = 0,
wolfSSL 11:cee25a834751 154 TLS_ASYNC_BUILD,
wolfSSL 11:cee25a834751 155 TLS_ASYNC_DO,
wolfSSL 11:cee25a834751 156 TLS_ASYNC_VERIFY,
wolfSSL 11:cee25a834751 157 TLS_ASYNC_FINALIZE,
wolfSSL 11:cee25a834751 158 TLS_ASYNC_END
wolfSSL 11:cee25a834751 159 };
wolfSSL 11:cee25a834751 160
wolfSSL 11:cee25a834751 161
wolfSSL 11:cee25a834751 162 #ifndef NO_OLD_TLS
wolfSSL 11:cee25a834751 163 static int SSL_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz,
wolfSSL 11:cee25a834751 164 int content, int verify);
wolfSSL 11:cee25a834751 165
wolfSSL 11:cee25a834751 166 #endif
wolfSSL 11:cee25a834751 167
wolfSSL 11:cee25a834751 168 #ifndef NO_CERTS
wolfSSL 11:cee25a834751 169 static int BuildCertHashes(WOLFSSL* ssl, Hashes* hashes);
wolfSSL 11:cee25a834751 170 #endif
wolfSSL 11:cee25a834751 171
wolfSSL 11:cee25a834751 172 #ifdef HAVE_QSH
wolfSSL 11:cee25a834751 173 int QSH_Init(WOLFSSL* ssl);
wolfSSL 11:cee25a834751 174 #endif
wolfSSL 11:cee25a834751 175
wolfSSL 11:cee25a834751 176
wolfSSL 11:cee25a834751 177 int IsTLS(const WOLFSSL* ssl)
wolfSSL 11:cee25a834751 178 {
wolfSSL 11:cee25a834751 179 if (ssl->version.major == SSLv3_MAJOR && ssl->version.minor >=TLSv1_MINOR)
wolfSSL 11:cee25a834751 180 return 1;
wolfSSL 11:cee25a834751 181
wolfSSL 11:cee25a834751 182 return 0;
wolfSSL 11:cee25a834751 183 }
wolfSSL 11:cee25a834751 184
wolfSSL 11:cee25a834751 185
wolfSSL 11:cee25a834751 186 int IsAtLeastTLSv1_2(const WOLFSSL* ssl)
wolfSSL 11:cee25a834751 187 {
wolfSSL 11:cee25a834751 188 if (ssl->version.major == SSLv3_MAJOR && ssl->version.minor >=TLSv1_2_MINOR)
wolfSSL 11:cee25a834751 189 return 1;
wolfSSL 11:cee25a834751 190 if (ssl->version.major == DTLS_MAJOR && ssl->version.minor <= DTLSv1_2_MINOR)
wolfSSL 11:cee25a834751 191 return 1;
wolfSSL 11:cee25a834751 192
wolfSSL 11:cee25a834751 193 return 0;
wolfSSL 11:cee25a834751 194 }
wolfSSL 11:cee25a834751 195
wolfSSL 11:cee25a834751 196
wolfSSL 11:cee25a834751 197 static INLINE int IsEncryptionOn(WOLFSSL* ssl, int isSend)
wolfSSL 11:cee25a834751 198 {
wolfSSL 11:cee25a834751 199 (void)isSend;
wolfSSL 11:cee25a834751 200
wolfSSL 11:cee25a834751 201 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 202 /* For DTLS, epoch 0 is always not encrypted. */
wolfSSL 11:cee25a834751 203 if (ssl->options.dtls && !isSend && ssl->keys.curEpoch == 0)
wolfSSL 11:cee25a834751 204 return 0;
wolfSSL 11:cee25a834751 205 #endif /* WOLFSSL_DTLS */
wolfSSL 11:cee25a834751 206
wolfSSL 11:cee25a834751 207 return ssl->keys.encryptionOn;
wolfSSL 11:cee25a834751 208 }
wolfSSL 11:cee25a834751 209
wolfSSL 11:cee25a834751 210
wolfSSL 11:cee25a834751 211 /* If SCTP is not enabled returns the state of the dtls option.
wolfSSL 11:cee25a834751 212 * If SCTP is enabled returns dtls && !sctp. */
wolfSSL 11:cee25a834751 213 static INLINE int IsDtlsNotSctpMode(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 214 {
wolfSSL 11:cee25a834751 215 int result = ssl->options.dtls;
wolfSSL 11:cee25a834751 216
wolfSSL 11:cee25a834751 217 if (result) {
wolfSSL 11:cee25a834751 218 #ifdef WOLFSSL_SCTP
wolfSSL 11:cee25a834751 219 result = !ssl->options.dtlsSctp;
wolfSSL 11:cee25a834751 220 #endif
wolfSSL 11:cee25a834751 221 }
wolfSSL 11:cee25a834751 222
wolfSSL 11:cee25a834751 223 return result;
wolfSSL 11:cee25a834751 224 }
wolfSSL 11:cee25a834751 225
wolfSSL 11:cee25a834751 226
wolfSSL 11:cee25a834751 227 #ifdef HAVE_QSH
wolfSSL 11:cee25a834751 228 /* free all structs that where used with QSH */
wolfSSL 11:cee25a834751 229 static int QSH_FreeAll(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 230 {
wolfSSL 11:cee25a834751 231 QSHKey* key = ssl->QSH_Key;
wolfSSL 11:cee25a834751 232 QSHKey* preKey = NULL;
wolfSSL 11:cee25a834751 233 QSHSecret* secret = ssl->QSH_secret;
wolfSSL 11:cee25a834751 234 QSHScheme* list = NULL;
wolfSSL 11:cee25a834751 235 QSHScheme* preList = NULL;
wolfSSL 11:cee25a834751 236
wolfSSL 11:cee25a834751 237 /* free elements in struct */
wolfSSL 11:cee25a834751 238 while (key) {
wolfSSL 11:cee25a834751 239 preKey = key;
wolfSSL 11:cee25a834751 240 if (key->pri.buffer) {
wolfSSL 11:cee25a834751 241 ForceZero(key->pri.buffer, key->pri.length);
wolfSSL 11:cee25a834751 242 XFREE(key->pri.buffer, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 243 }
wolfSSL 11:cee25a834751 244 if (key->pub.buffer)
wolfSSL 11:cee25a834751 245 XFREE(key->pub.buffer, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 246 key = (QSHKey*)key->next;
wolfSSL 11:cee25a834751 247
wolfSSL 11:cee25a834751 248 /* free struct */
wolfSSL 11:cee25a834751 249 XFREE(preKey, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 250 }
wolfSSL 11:cee25a834751 251 key = NULL;
wolfSSL 11:cee25a834751 252
wolfSSL 11:cee25a834751 253
wolfSSL 11:cee25a834751 254 /* free all of peers QSH keys */
wolfSSL 11:cee25a834751 255 key = ssl->peerQSHKey;
wolfSSL 11:cee25a834751 256 while (key) {
wolfSSL 11:cee25a834751 257 preKey = key;
wolfSSL 11:cee25a834751 258 if (key->pri.buffer) {
wolfSSL 11:cee25a834751 259 ForceZero(key->pri.buffer, key->pri.length);
wolfSSL 11:cee25a834751 260 XFREE(key->pri.buffer, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 261 }
wolfSSL 11:cee25a834751 262 if (key->pub.buffer)
wolfSSL 11:cee25a834751 263 XFREE(key->pub.buffer, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 264 key = (QSHKey*)key->next;
wolfSSL 11:cee25a834751 265
wolfSSL 11:cee25a834751 266 /* free struct */
wolfSSL 11:cee25a834751 267 XFREE(preKey, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 268 }
wolfSSL 11:cee25a834751 269 key = NULL;
wolfSSL 11:cee25a834751 270
wolfSSL 11:cee25a834751 271 /* free secret information */
wolfSSL 11:cee25a834751 272 if (secret) {
wolfSSL 11:cee25a834751 273 /* free up the QSHScheme list in QSHSecret */
wolfSSL 11:cee25a834751 274 if (secret->list)
wolfSSL 11:cee25a834751 275 list = secret->list;
wolfSSL 11:cee25a834751 276 while (list) {
wolfSSL 11:cee25a834751 277 preList = list;
wolfSSL 11:cee25a834751 278 if (list->PK)
wolfSSL 11:cee25a834751 279 XFREE(list->PK, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 280 list = (QSHScheme*)list->next;
wolfSSL 11:cee25a834751 281 XFREE(preList, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 282 }
wolfSSL 11:cee25a834751 283
wolfSSL 11:cee25a834751 284 /* free secret buffers */
wolfSSL 11:cee25a834751 285 if (secret->SerSi) {
wolfSSL 11:cee25a834751 286 if (secret->SerSi->buffer) {
wolfSSL 11:cee25a834751 287 /* clear extra secret material that supplemented Master Secret*/
wolfSSL 11:cee25a834751 288 ForceZero(secret->SerSi->buffer, secret->SerSi->length);
wolfSSL 11:cee25a834751 289 XFREE(secret->SerSi->buffer, ssl->heap,DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 290 }
wolfSSL 11:cee25a834751 291 XFREE(secret->SerSi, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 292 }
wolfSSL 11:cee25a834751 293 if (secret->CliSi) {
wolfSSL 11:cee25a834751 294 if (secret->CliSi->buffer) {
wolfSSL 11:cee25a834751 295 /* clear extra secret material that supplemented Master Secret*/
wolfSSL 11:cee25a834751 296 ForceZero(secret->CliSi->buffer, secret->CliSi->length);
wolfSSL 11:cee25a834751 297 XFREE(secret->CliSi->buffer, ssl->heap,DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 298 }
wolfSSL 11:cee25a834751 299 XFREE(secret->CliSi, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 300 }
wolfSSL 11:cee25a834751 301 }
wolfSSL 11:cee25a834751 302 XFREE(secret, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 303 secret = NULL;
wolfSSL 11:cee25a834751 304
wolfSSL 11:cee25a834751 305 return 0;
wolfSSL 11:cee25a834751 306 }
wolfSSL 11:cee25a834751 307 #endif
wolfSSL 11:cee25a834751 308
wolfSSL 11:cee25a834751 309
wolfSSL 11:cee25a834751 310 #ifdef HAVE_NTRU
wolfSSL 11:cee25a834751 311 static WC_RNG* rng;
wolfSSL 11:cee25a834751 312 static wolfSSL_Mutex* rngMutex;
wolfSSL 11:cee25a834751 313
wolfSSL 11:cee25a834751 314 static word32 GetEntropy(unsigned char* out, word32 num_bytes)
wolfSSL 11:cee25a834751 315 {
wolfSSL 11:cee25a834751 316 int ret = 0;
wolfSSL 11:cee25a834751 317
wolfSSL 11:cee25a834751 318 if (rng == NULL) {
wolfSSL 11:cee25a834751 319 if ((rng = (WC_RNG*)XMALLOC(sizeof(WC_RNG), 0,
wolfSSL 11:cee25a834751 320 DYNAMIC_TYPE_TLSX)) == NULL)
wolfSSL 11:cee25a834751 321 return DRBG_OUT_OF_MEMORY;
wolfSSL 11:cee25a834751 322 wc_InitRng(rng);
wolfSSL 11:cee25a834751 323 }
wolfSSL 11:cee25a834751 324
wolfSSL 11:cee25a834751 325 if (rngMutex == NULL) {
wolfSSL 11:cee25a834751 326 if ((rngMutex = (wolfSSL_Mutex*)XMALLOC(sizeof(wolfSSL_Mutex), 0,
wolfSSL 11:cee25a834751 327 DYNAMIC_TYPE_TLSX)) == NULL)
wolfSSL 11:cee25a834751 328 return DRBG_OUT_OF_MEMORY;
wolfSSL 11:cee25a834751 329 wc_InitMutex(rngMutex);
wolfSSL 11:cee25a834751 330 }
wolfSSL 11:cee25a834751 331
wolfSSL 11:cee25a834751 332 ret |= wc_LockMutex(rngMutex);
wolfSSL 11:cee25a834751 333 ret |= wc_RNG_GenerateBlock(rng, out, num_bytes);
wolfSSL 11:cee25a834751 334 ret |= wc_UnLockMutex(rngMutex);
wolfSSL 11:cee25a834751 335
wolfSSL 11:cee25a834751 336 if (ret != 0)
wolfSSL 11:cee25a834751 337 return DRBG_ENTROPY_FAIL;
wolfSSL 11:cee25a834751 338
wolfSSL 11:cee25a834751 339 return DRBG_OK;
wolfSSL 11:cee25a834751 340 }
wolfSSL 11:cee25a834751 341 #endif /* HAVE_NTRU */
wolfSSL 11:cee25a834751 342
wolfSSL 11:cee25a834751 343 /* used by ssl.c too */
wolfSSL 11:cee25a834751 344 void c32to24(word32 in, word24 out)
wolfSSL 11:cee25a834751 345 {
wolfSSL 11:cee25a834751 346 out[0] = (in >> 16) & 0xff;
wolfSSL 11:cee25a834751 347 out[1] = (in >> 8) & 0xff;
wolfSSL 11:cee25a834751 348 out[2] = in & 0xff;
wolfSSL 11:cee25a834751 349 }
wolfSSL 11:cee25a834751 350
wolfSSL 11:cee25a834751 351
wolfSSL 11:cee25a834751 352 /* convert 16 bit integer to opaque */
wolfSSL 11:cee25a834751 353 static INLINE void c16toa(word16 u16, byte* c)
wolfSSL 11:cee25a834751 354 {
wolfSSL 11:cee25a834751 355 c[0] = (u16 >> 8) & 0xff;
wolfSSL 11:cee25a834751 356 c[1] = u16 & 0xff;
wolfSSL 11:cee25a834751 357 }
wolfSSL 11:cee25a834751 358
wolfSSL 11:cee25a834751 359
wolfSSL 11:cee25a834751 360 #if !defined(NO_OLD_TLS) || defined(HAVE_CHACHA) || defined(HAVE_AESCCM) \
wolfSSL 11:cee25a834751 361 || defined(HAVE_AESGCM) || defined(WOLFSSL_SESSION_EXPORT) \
wolfSSL 11:cee25a834751 362 || defined(WOLFSSL_DTLS) || defined(HAVE_SESSION_TICKET)
wolfSSL 11:cee25a834751 363 /* convert 32 bit integer to opaque */
wolfSSL 11:cee25a834751 364 static INLINE void c32toa(word32 u32, byte* c)
wolfSSL 11:cee25a834751 365 {
wolfSSL 11:cee25a834751 366 c[0] = (u32 >> 24) & 0xff;
wolfSSL 11:cee25a834751 367 c[1] = (u32 >> 16) & 0xff;
wolfSSL 11:cee25a834751 368 c[2] = (u32 >> 8) & 0xff;
wolfSSL 11:cee25a834751 369 c[3] = u32 & 0xff;
wolfSSL 11:cee25a834751 370 }
wolfSSL 11:cee25a834751 371
wolfSSL 11:cee25a834751 372 #endif
wolfSSL 11:cee25a834751 373
wolfSSL 11:cee25a834751 374
wolfSSL 11:cee25a834751 375 /* convert a 24 bit integer into a 32 bit one */
wolfSSL 11:cee25a834751 376 static INLINE void c24to32(const word24 u24, word32* u32)
wolfSSL 11:cee25a834751 377 {
wolfSSL 11:cee25a834751 378 *u32 = (u24[0] << 16) | (u24[1] << 8) | u24[2];
wolfSSL 11:cee25a834751 379 }
wolfSSL 11:cee25a834751 380
wolfSSL 11:cee25a834751 381
wolfSSL 11:cee25a834751 382 /* convert opaque to 16 bit integer */
wolfSSL 11:cee25a834751 383 static INLINE void ato16(const byte* c, word16* u16)
wolfSSL 11:cee25a834751 384 {
wolfSSL 11:cee25a834751 385 *u16 = (word16) ((c[0] << 8) | (c[1]));
wolfSSL 11:cee25a834751 386 }
wolfSSL 11:cee25a834751 387
wolfSSL 11:cee25a834751 388
wolfSSL 11:cee25a834751 389 #if defined(WOLFSSL_DTLS) || defined(HAVE_SESSION_TICKET) || \
wolfSSL 11:cee25a834751 390 defined(WOLFSSL_SESSION_EXPORT)
wolfSSL 11:cee25a834751 391
wolfSSL 11:cee25a834751 392 /* convert opaque to 32 bit integer */
wolfSSL 11:cee25a834751 393 static INLINE void ato32(const byte* c, word32* u32)
wolfSSL 11:cee25a834751 394 {
wolfSSL 11:cee25a834751 395 *u32 = (c[0] << 24) | (c[1] << 16) | (c[2] << 8) | c[3];
wolfSSL 11:cee25a834751 396 }
wolfSSL 11:cee25a834751 397
wolfSSL 11:cee25a834751 398 #endif /* WOLFSSL_DTLS */
wolfSSL 11:cee25a834751 399
wolfSSL 11:cee25a834751 400
wolfSSL 11:cee25a834751 401 #ifdef HAVE_LIBZ
wolfSSL 11:cee25a834751 402
wolfSSL 11:cee25a834751 403 /* alloc user allocs to work with zlib */
wolfSSL 11:cee25a834751 404 static void* myAlloc(void* opaque, unsigned int item, unsigned int size)
wolfSSL 11:cee25a834751 405 {
wolfSSL 11:cee25a834751 406 (void)opaque;
wolfSSL 11:cee25a834751 407 return XMALLOC(item * size, opaque, DYNAMIC_TYPE_LIBZ);
wolfSSL 11:cee25a834751 408 }
wolfSSL 11:cee25a834751 409
wolfSSL 11:cee25a834751 410
wolfSSL 11:cee25a834751 411 static void myFree(void* opaque, void* memory)
wolfSSL 11:cee25a834751 412 {
wolfSSL 11:cee25a834751 413 (void)opaque;
wolfSSL 11:cee25a834751 414 XFREE(memory, opaque, DYNAMIC_TYPE_LIBZ);
wolfSSL 11:cee25a834751 415 }
wolfSSL 11:cee25a834751 416
wolfSSL 11:cee25a834751 417
wolfSSL 11:cee25a834751 418 /* init zlib comp/decomp streams, 0 on success */
wolfSSL 11:cee25a834751 419 static int InitStreams(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 420 {
wolfSSL 11:cee25a834751 421 ssl->c_stream.zalloc = (alloc_func)myAlloc;
wolfSSL 11:cee25a834751 422 ssl->c_stream.zfree = (free_func)myFree;
wolfSSL 11:cee25a834751 423 ssl->c_stream.opaque = (voidpf)ssl->heap;
wolfSSL 11:cee25a834751 424
wolfSSL 11:cee25a834751 425 if (deflateInit(&ssl->c_stream, Z_DEFAULT_COMPRESSION) != Z_OK)
wolfSSL 11:cee25a834751 426 return ZLIB_INIT_ERROR;
wolfSSL 11:cee25a834751 427
wolfSSL 11:cee25a834751 428 ssl->didStreamInit = 1;
wolfSSL 11:cee25a834751 429
wolfSSL 11:cee25a834751 430 ssl->d_stream.zalloc = (alloc_func)myAlloc;
wolfSSL 11:cee25a834751 431 ssl->d_stream.zfree = (free_func)myFree;
wolfSSL 11:cee25a834751 432 ssl->d_stream.opaque = (voidpf)ssl->heap;
wolfSSL 11:cee25a834751 433
wolfSSL 11:cee25a834751 434 if (inflateInit(&ssl->d_stream) != Z_OK) return ZLIB_INIT_ERROR;
wolfSSL 11:cee25a834751 435
wolfSSL 11:cee25a834751 436 return 0;
wolfSSL 11:cee25a834751 437 }
wolfSSL 11:cee25a834751 438
wolfSSL 11:cee25a834751 439
wolfSSL 11:cee25a834751 440 static void FreeStreams(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 441 {
wolfSSL 11:cee25a834751 442 if (ssl->didStreamInit) {
wolfSSL 11:cee25a834751 443 deflateEnd(&ssl->c_stream);
wolfSSL 11:cee25a834751 444 inflateEnd(&ssl->d_stream);
wolfSSL 11:cee25a834751 445 }
wolfSSL 11:cee25a834751 446 }
wolfSSL 11:cee25a834751 447
wolfSSL 11:cee25a834751 448
wolfSSL 11:cee25a834751 449 /* compress in to out, return out size or error */
wolfSSL 11:cee25a834751 450 static int myCompress(WOLFSSL* ssl, byte* in, int inSz, byte* out, int outSz)
wolfSSL 11:cee25a834751 451 {
wolfSSL 11:cee25a834751 452 int err;
wolfSSL 11:cee25a834751 453 int currTotal = (int)ssl->c_stream.total_out;
wolfSSL 11:cee25a834751 454
wolfSSL 11:cee25a834751 455 ssl->c_stream.next_in = in;
wolfSSL 11:cee25a834751 456 ssl->c_stream.avail_in = inSz;
wolfSSL 11:cee25a834751 457 ssl->c_stream.next_out = out;
wolfSSL 11:cee25a834751 458 ssl->c_stream.avail_out = outSz;
wolfSSL 11:cee25a834751 459
wolfSSL 11:cee25a834751 460 err = deflate(&ssl->c_stream, Z_SYNC_FLUSH);
wolfSSL 11:cee25a834751 461 if (err != Z_OK && err != Z_STREAM_END) return ZLIB_COMPRESS_ERROR;
wolfSSL 11:cee25a834751 462
wolfSSL 11:cee25a834751 463 return (int)ssl->c_stream.total_out - currTotal;
wolfSSL 11:cee25a834751 464 }
wolfSSL 11:cee25a834751 465
wolfSSL 11:cee25a834751 466
wolfSSL 11:cee25a834751 467 /* decompress in to out, return out size or error */
wolfSSL 11:cee25a834751 468 static int myDeCompress(WOLFSSL* ssl, byte* in,int inSz, byte* out,int outSz)
wolfSSL 11:cee25a834751 469 {
wolfSSL 11:cee25a834751 470 int err;
wolfSSL 11:cee25a834751 471 int currTotal = (int)ssl->d_stream.total_out;
wolfSSL 11:cee25a834751 472
wolfSSL 11:cee25a834751 473 ssl->d_stream.next_in = in;
wolfSSL 11:cee25a834751 474 ssl->d_stream.avail_in = inSz;
wolfSSL 11:cee25a834751 475 ssl->d_stream.next_out = out;
wolfSSL 11:cee25a834751 476 ssl->d_stream.avail_out = outSz;
wolfSSL 11:cee25a834751 477
wolfSSL 11:cee25a834751 478 err = inflate(&ssl->d_stream, Z_SYNC_FLUSH);
wolfSSL 11:cee25a834751 479 if (err != Z_OK && err != Z_STREAM_END) return ZLIB_DECOMPRESS_ERROR;
wolfSSL 11:cee25a834751 480
wolfSSL 11:cee25a834751 481 return (int)ssl->d_stream.total_out - currTotal;
wolfSSL 11:cee25a834751 482 }
wolfSSL 11:cee25a834751 483
wolfSSL 11:cee25a834751 484 #endif /* HAVE_LIBZ */
wolfSSL 11:cee25a834751 485
wolfSSL 11:cee25a834751 486
wolfSSL 11:cee25a834751 487 #ifdef WOLFSSL_SESSION_EXPORT
wolfSSL 11:cee25a834751 488 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 489 /* serializes the cipher specs struct for exporting */
wolfSSL 11:cee25a834751 490 static int ExportCipherSpecState(WOLFSSL* ssl, byte* exp, word32 len, byte ver)
wolfSSL 11:cee25a834751 491 {
wolfSSL 11:cee25a834751 492 word32 idx = 0;
wolfSSL 11:cee25a834751 493 CipherSpecs* specs;
wolfSSL 11:cee25a834751 494
wolfSSL 11:cee25a834751 495 WOLFSSL_ENTER("ExportCipherSpecState");
wolfSSL 11:cee25a834751 496
wolfSSL 11:cee25a834751 497 if (exp == NULL || ssl == NULL) {
wolfSSL 11:cee25a834751 498 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 499 }
wolfSSL 11:cee25a834751 500
wolfSSL 11:cee25a834751 501 specs= &(ssl->specs);
wolfSSL 11:cee25a834751 502
wolfSSL 11:cee25a834751 503 if (DTLS_EXPORT_SPC_SZ > len) {
wolfSSL 11:cee25a834751 504 return BUFFER_E;
wolfSSL 11:cee25a834751 505 }
wolfSSL 11:cee25a834751 506
wolfSSL 11:cee25a834751 507 XMEMSET(exp, 0, DTLS_EXPORT_SPC_SZ);
wolfSSL 11:cee25a834751 508
wolfSSL 11:cee25a834751 509 c16toa(specs->key_size, exp + idx); idx += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 510 c16toa(specs->iv_size, exp + idx); idx += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 511 c16toa(specs->block_size, exp + idx); idx += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 512 c16toa(specs->aead_mac_size, exp + idx); idx += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 513 exp[idx++] = specs->bulk_cipher_algorithm;
wolfSSL 11:cee25a834751 514 exp[idx++] = specs->cipher_type;
wolfSSL 11:cee25a834751 515 exp[idx++] = specs->mac_algorithm;
wolfSSL 11:cee25a834751 516 exp[idx++] = specs->kea;
wolfSSL 11:cee25a834751 517 exp[idx++] = specs->sig_algo;
wolfSSL 11:cee25a834751 518 exp[idx++] = specs->hash_size;
wolfSSL 11:cee25a834751 519 exp[idx++] = specs->pad_size;
wolfSSL 11:cee25a834751 520 exp[idx++] = specs->static_ecdh;
wolfSSL 11:cee25a834751 521
wolfSSL 11:cee25a834751 522 if (idx != DTLS_EXPORT_SPC_SZ) {
wolfSSL 11:cee25a834751 523 WOLFSSL_MSG("DTLS_EXPORT_SPC_SZ needs updated and export version");
wolfSSL 11:cee25a834751 524 return DTLS_EXPORT_VER_E;
wolfSSL 11:cee25a834751 525 }
wolfSSL 11:cee25a834751 526
wolfSSL 11:cee25a834751 527 WOLFSSL_LEAVE("ExportCipherSpecState", idx);
wolfSSL 11:cee25a834751 528 (void)ver;
wolfSSL 11:cee25a834751 529 return idx;
wolfSSL 11:cee25a834751 530 }
wolfSSL 11:cee25a834751 531
wolfSSL 11:cee25a834751 532
wolfSSL 11:cee25a834751 533 /* serializes the key struct for exporting */
wolfSSL 11:cee25a834751 534 static int ExportKeyState(WOLFSSL* ssl, byte* exp, word32 len, byte ver)
wolfSSL 11:cee25a834751 535 {
wolfSSL 11:cee25a834751 536 word32 idx = 0;
wolfSSL 11:cee25a834751 537 byte sz;
wolfSSL 11:cee25a834751 538 Keys* keys;
wolfSSL 11:cee25a834751 539
wolfSSL 11:cee25a834751 540 WOLFSSL_ENTER("ExportKeyState");
wolfSSL 11:cee25a834751 541
wolfSSL 11:cee25a834751 542 if (exp == NULL || ssl == NULL) {
wolfSSL 11:cee25a834751 543 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 544 }
wolfSSL 11:cee25a834751 545
wolfSSL 11:cee25a834751 546 keys = &(ssl->keys);
wolfSSL 11:cee25a834751 547
wolfSSL 11:cee25a834751 548 if (DTLS_EXPORT_KEY_SZ > len) {
wolfSSL 11:cee25a834751 549 WOLFSSL_MSG("Buffer not large enough for max key struct size");
wolfSSL 11:cee25a834751 550 return BUFFER_E;
wolfSSL 11:cee25a834751 551 }
wolfSSL 11:cee25a834751 552
wolfSSL 11:cee25a834751 553 XMEMSET(exp, 0, DTLS_EXPORT_KEY_SZ);
wolfSSL 11:cee25a834751 554
wolfSSL 11:cee25a834751 555 c32toa(keys->peer_sequence_number_hi, exp + idx); idx += OPAQUE32_LEN;
wolfSSL 11:cee25a834751 556 c32toa(keys->peer_sequence_number_lo, exp + idx); idx += OPAQUE32_LEN;
wolfSSL 11:cee25a834751 557 c32toa(keys->sequence_number_hi, exp + idx); idx += OPAQUE32_LEN;
wolfSSL 11:cee25a834751 558 c32toa(keys->sequence_number_lo, exp + idx); idx += OPAQUE32_LEN;
wolfSSL 11:cee25a834751 559
wolfSSL 11:cee25a834751 560 c16toa(keys->nextEpoch, exp + idx); idx += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 561 c16toa(keys->nextSeq_hi, exp + idx); idx += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 562 c32toa(keys->nextSeq_lo, exp + idx); idx += OPAQUE32_LEN;
wolfSSL 11:cee25a834751 563 c16toa(keys->curEpoch, exp + idx); idx += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 564 c16toa(keys->curSeq_hi, exp + idx); idx += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 565 c32toa(keys->curSeq_lo, exp + idx); idx += OPAQUE32_LEN;
wolfSSL 11:cee25a834751 566 c16toa(keys->prevSeq_hi, exp + idx); idx += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 567 c32toa(keys->prevSeq_lo, exp + idx); idx += OPAQUE32_LEN;
wolfSSL 11:cee25a834751 568
wolfSSL 11:cee25a834751 569 c16toa(keys->dtls_peer_handshake_number, exp + idx); idx += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 570 c16toa(keys->dtls_expected_peer_handshake_number, exp + idx);
wolfSSL 11:cee25a834751 571 idx += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 572
wolfSSL 11:cee25a834751 573 c16toa(keys->dtls_sequence_number_hi, exp + idx); idx += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 574 c32toa(keys->dtls_sequence_number_lo, exp + idx); idx += OPAQUE32_LEN;
wolfSSL 11:cee25a834751 575 c16toa(keys->dtls_prev_sequence_number_hi, exp + idx); idx += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 576 c32toa(keys->dtls_prev_sequence_number_lo, exp + idx); idx += OPAQUE32_LEN;
wolfSSL 11:cee25a834751 577 c16toa(keys->dtls_epoch, exp + idx); idx += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 578 c16toa(keys->dtls_handshake_number, exp + idx); idx += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 579 c32toa(keys->encryptSz, exp + idx); idx += OPAQUE32_LEN;
wolfSSL 11:cee25a834751 580 c32toa(keys->padSz, exp + idx); idx += OPAQUE32_LEN;
wolfSSL 11:cee25a834751 581 exp[idx++] = keys->encryptionOn;
wolfSSL 11:cee25a834751 582 exp[idx++] = keys->decryptedCur;
wolfSSL 11:cee25a834751 583
wolfSSL 11:cee25a834751 584 {
wolfSSL 11:cee25a834751 585 word32 i;
wolfSSL 11:cee25a834751 586
wolfSSL 11:cee25a834751 587 c16toa(WOLFSSL_DTLS_WINDOW_WORDS, exp + idx); idx += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 588 for (i = 0; i < WOLFSSL_DTLS_WINDOW_WORDS; i++) {
wolfSSL 11:cee25a834751 589 c32toa(keys->window[i], exp + idx);
wolfSSL 11:cee25a834751 590 idx += OPAQUE32_LEN;
wolfSSL 11:cee25a834751 591 }
wolfSSL 11:cee25a834751 592 c16toa(WOLFSSL_DTLS_WINDOW_WORDS, exp + idx); idx += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 593 for (i = 0; i < WOLFSSL_DTLS_WINDOW_WORDS; i++) {
wolfSSL 11:cee25a834751 594 c32toa(keys->prevWindow[i], exp + idx);
wolfSSL 11:cee25a834751 595 idx += OPAQUE32_LEN;
wolfSSL 11:cee25a834751 596 }
wolfSSL 11:cee25a834751 597 }
wolfSSL 11:cee25a834751 598
wolfSSL 11:cee25a834751 599 #ifdef HAVE_TRUNCATED_HMAC
wolfSSL 11:cee25a834751 600 sz = ssl->truncated_hmac ? TRUNCATED_HMAC_SZ: ssl->specs.hash_size;
wolfSSL 11:cee25a834751 601 exp[idx++] = ssl->truncated_hmac;
wolfSSL 11:cee25a834751 602 #else
wolfSSL 11:cee25a834751 603 sz = ssl->specs.hash_size;
wolfSSL 11:cee25a834751 604 exp[idx++] = 0; /* no truncated hmac */
wolfSSL 11:cee25a834751 605 #endif
wolfSSL 11:cee25a834751 606 exp[idx++] = sz;
wolfSSL 11:cee25a834751 607 XMEMCPY(exp + idx, keys->client_write_MAC_secret, sz); idx += sz;
wolfSSL 11:cee25a834751 608 XMEMCPY(exp + idx, keys->server_write_MAC_secret, sz); idx += sz;
wolfSSL 11:cee25a834751 609
wolfSSL 11:cee25a834751 610 sz = ssl->specs.key_size;
wolfSSL 11:cee25a834751 611 exp[idx++] = sz;
wolfSSL 11:cee25a834751 612 XMEMCPY(exp + idx, keys->client_write_key, sz); idx += sz;
wolfSSL 11:cee25a834751 613 XMEMCPY(exp + idx, keys->server_write_key, sz); idx += sz;
wolfSSL 11:cee25a834751 614
wolfSSL 11:cee25a834751 615 sz = ssl->specs.iv_size;
wolfSSL 11:cee25a834751 616 exp[idx++] = sz;
wolfSSL 11:cee25a834751 617 XMEMCPY(exp + idx, keys->client_write_IV, sz); idx += sz;
wolfSSL 11:cee25a834751 618 XMEMCPY(exp + idx, keys->server_write_IV, sz); idx += sz;
wolfSSL 11:cee25a834751 619 XMEMCPY(exp + idx, keys->aead_exp_IV, AEAD_MAX_EXP_SZ);
wolfSSL 11:cee25a834751 620 idx += AEAD_MAX_EXP_SZ;
wolfSSL 11:cee25a834751 621
wolfSSL 11:cee25a834751 622 sz = AEAD_MAX_IMP_SZ;
wolfSSL 11:cee25a834751 623 exp[idx++] = sz;
wolfSSL 11:cee25a834751 624 XMEMCPY(exp + idx, keys->aead_enc_imp_IV, sz); idx += sz;
wolfSSL 11:cee25a834751 625 XMEMCPY(exp + idx, keys->aead_dec_imp_IV, sz); idx += sz;
wolfSSL 11:cee25a834751 626
wolfSSL 11:cee25a834751 627 /* DTLS_EXPORT_KEY_SZ is max value. idx size can vary */
wolfSSL 11:cee25a834751 628 if (idx > DTLS_EXPORT_KEY_SZ) {
wolfSSL 11:cee25a834751 629 WOLFSSL_MSG("DTLS_EXPORT_KEY_SZ needs updated and export version");
wolfSSL 11:cee25a834751 630 return DTLS_EXPORT_VER_E;
wolfSSL 11:cee25a834751 631 }
wolfSSL 11:cee25a834751 632
wolfSSL 11:cee25a834751 633 WOLFSSL_LEAVE("ExportKeyState", idx);
wolfSSL 11:cee25a834751 634 (void)ver;
wolfSSL 11:cee25a834751 635 return idx;
wolfSSL 11:cee25a834751 636 }
wolfSSL 11:cee25a834751 637
wolfSSL 11:cee25a834751 638 static int ImportCipherSpecState(WOLFSSL* ssl, byte* exp, word32 len, byte ver)
wolfSSL 11:cee25a834751 639 {
wolfSSL 11:cee25a834751 640 word32 idx = 0;
wolfSSL 11:cee25a834751 641 CipherSpecs* specs;
wolfSSL 11:cee25a834751 642
wolfSSL 11:cee25a834751 643 WOLFSSL_ENTER("ImportCipherSpecState");
wolfSSL 11:cee25a834751 644
wolfSSL 11:cee25a834751 645 if (exp == NULL || ssl == NULL) {
wolfSSL 11:cee25a834751 646 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 647 }
wolfSSL 11:cee25a834751 648
wolfSSL 11:cee25a834751 649 specs= &(ssl->specs);
wolfSSL 11:cee25a834751 650
wolfSSL 11:cee25a834751 651 if (DTLS_EXPORT_SPC_SZ > len) {
wolfSSL 11:cee25a834751 652 WOLFSSL_MSG("Buffer not large enough for max spec struct size");
wolfSSL 11:cee25a834751 653 return BUFFER_E;
wolfSSL 11:cee25a834751 654 }
wolfSSL 11:cee25a834751 655
wolfSSL 11:cee25a834751 656 ato16(exp + idx, &specs->key_size); idx += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 657 ato16(exp + idx, &specs->iv_size); idx += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 658 ato16(exp + idx, &specs->block_size); idx += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 659 ato16(exp + idx, &specs->aead_mac_size); idx += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 660 specs->bulk_cipher_algorithm = exp[idx++];
wolfSSL 11:cee25a834751 661 specs->cipher_type = exp[idx++];
wolfSSL 11:cee25a834751 662 specs->mac_algorithm = exp[idx++];
wolfSSL 11:cee25a834751 663 specs->kea = exp[idx++];
wolfSSL 11:cee25a834751 664 specs->sig_algo = exp[idx++];
wolfSSL 11:cee25a834751 665 specs->hash_size = exp[idx++];
wolfSSL 11:cee25a834751 666 specs->pad_size = exp[idx++];
wolfSSL 11:cee25a834751 667 specs->static_ecdh = exp[idx++];
wolfSSL 11:cee25a834751 668
wolfSSL 11:cee25a834751 669 WOLFSSL_LEAVE("ImportCipherSpecState", idx);
wolfSSL 11:cee25a834751 670 (void)ver;
wolfSSL 11:cee25a834751 671 return idx;
wolfSSL 11:cee25a834751 672 }
wolfSSL 11:cee25a834751 673
wolfSSL 11:cee25a834751 674
wolfSSL 11:cee25a834751 675 static int ImportKeyState(WOLFSSL* ssl, byte* exp, word32 len, byte ver)
wolfSSL 11:cee25a834751 676 {
wolfSSL 11:cee25a834751 677 word32 idx = 0;
wolfSSL 11:cee25a834751 678 byte sz;
wolfSSL 11:cee25a834751 679 Keys* keys;
wolfSSL 11:cee25a834751 680
wolfSSL 11:cee25a834751 681 WOLFSSL_ENTER("ImportKeyState");
wolfSSL 11:cee25a834751 682
wolfSSL 11:cee25a834751 683 if (exp == NULL || ssl == NULL) {
wolfSSL 11:cee25a834751 684 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 685 }
wolfSSL 11:cee25a834751 686
wolfSSL 11:cee25a834751 687 keys = &(ssl->keys);
wolfSSL 11:cee25a834751 688
wolfSSL 11:cee25a834751 689 /* check minimum length -- includes byte used for size indicators */
wolfSSL 11:cee25a834751 690 if (len < DTLS_EXPORT_MIN_KEY_SZ) {
wolfSSL 11:cee25a834751 691 return BUFFER_E;
wolfSSL 11:cee25a834751 692 }
wolfSSL 11:cee25a834751 693 ato32(exp + idx, &keys->peer_sequence_number_hi); idx += OPAQUE32_LEN;
wolfSSL 11:cee25a834751 694 ato32(exp + idx, &keys->peer_sequence_number_lo); idx += OPAQUE32_LEN;
wolfSSL 11:cee25a834751 695 ato32(exp + idx, &keys->sequence_number_hi); idx += OPAQUE32_LEN;
wolfSSL 11:cee25a834751 696 ato32(exp + idx, &keys->sequence_number_lo); idx += OPAQUE32_LEN;
wolfSSL 11:cee25a834751 697
wolfSSL 11:cee25a834751 698 ato16(exp + idx, &keys->nextEpoch); idx += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 699 ato16(exp + idx, &keys->nextSeq_hi); idx += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 700 ato32(exp + idx, &keys->nextSeq_lo); idx += OPAQUE32_LEN;
wolfSSL 11:cee25a834751 701 ato16(exp + idx, &keys->curEpoch); idx += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 702 ato16(exp + idx, &keys->curSeq_hi); idx += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 703 ato32(exp + idx, &keys->curSeq_lo); idx += OPAQUE32_LEN;
wolfSSL 11:cee25a834751 704 ato16(exp + idx, &keys->prevSeq_hi); idx += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 705 ato32(exp + idx, &keys->prevSeq_lo); idx += OPAQUE32_LEN;
wolfSSL 11:cee25a834751 706
wolfSSL 11:cee25a834751 707 ato16(exp + idx, &keys->dtls_peer_handshake_number); idx += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 708 ato16(exp + idx, &keys->dtls_expected_peer_handshake_number);
wolfSSL 11:cee25a834751 709 idx += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 710
wolfSSL 11:cee25a834751 711 ato16(exp + idx, &keys->dtls_sequence_number_hi); idx += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 712 ato32(exp + idx, &keys->dtls_sequence_number_lo); idx += OPAQUE32_LEN;
wolfSSL 11:cee25a834751 713 ato16(exp + idx, &keys->dtls_prev_sequence_number_hi); idx += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 714 ato32(exp + idx, &keys->dtls_prev_sequence_number_lo); idx += OPAQUE32_LEN;
wolfSSL 11:cee25a834751 715 ato16(exp + idx, &keys->dtls_epoch); idx += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 716 ato16(exp + idx, &keys->dtls_handshake_number); idx += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 717 ato32(exp + idx, &keys->encryptSz); idx += OPAQUE32_LEN;
wolfSSL 11:cee25a834751 718 ato32(exp + idx, &keys->padSz); idx += OPAQUE32_LEN;
wolfSSL 11:cee25a834751 719 keys->encryptionOn = exp[idx++];
wolfSSL 11:cee25a834751 720 keys->decryptedCur = exp[idx++];
wolfSSL 11:cee25a834751 721
wolfSSL 11:cee25a834751 722 {
wolfSSL 11:cee25a834751 723 word16 i, wordCount, wordAdj = 0;
wolfSSL 11:cee25a834751 724
wolfSSL 11:cee25a834751 725 /* do window */
wolfSSL 11:cee25a834751 726 ato16(exp + idx, &wordCount);
wolfSSL 11:cee25a834751 727 idx += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 728
wolfSSL 11:cee25a834751 729 if (wordCount > WOLFSSL_DTLS_WINDOW_WORDS) {
wolfSSL 11:cee25a834751 730 wordCount = WOLFSSL_DTLS_WINDOW_WORDS;
wolfSSL 11:cee25a834751 731 wordAdj = (WOLFSSL_DTLS_WINDOW_WORDS - wordCount) * sizeof(word32);
wolfSSL 11:cee25a834751 732 }
wolfSSL 11:cee25a834751 733
wolfSSL 11:cee25a834751 734 XMEMSET(keys->window, 0xFF, DTLS_SEQ_SZ);
wolfSSL 11:cee25a834751 735 for (i = 0; i < wordCount; i++) {
wolfSSL 11:cee25a834751 736 ato32(exp + idx, &keys->window[i]);
wolfSSL 11:cee25a834751 737 idx += OPAQUE32_LEN;
wolfSSL 11:cee25a834751 738 }
wolfSSL 11:cee25a834751 739 idx += wordAdj;
wolfSSL 11:cee25a834751 740
wolfSSL 11:cee25a834751 741 /* do prevWindow */
wolfSSL 11:cee25a834751 742 ato16(exp + idx, &wordCount);
wolfSSL 11:cee25a834751 743 idx += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 744
wolfSSL 11:cee25a834751 745 if (wordCount > WOLFSSL_DTLS_WINDOW_WORDS) {
wolfSSL 11:cee25a834751 746 wordCount = WOLFSSL_DTLS_WINDOW_WORDS;
wolfSSL 11:cee25a834751 747 wordAdj = (WOLFSSL_DTLS_WINDOW_WORDS - wordCount) * sizeof(word32);
wolfSSL 11:cee25a834751 748 }
wolfSSL 11:cee25a834751 749
wolfSSL 11:cee25a834751 750 XMEMSET(keys->prevWindow, 0xFF, DTLS_SEQ_SZ);
wolfSSL 11:cee25a834751 751 for (i = 0; i < wordCount; i++) {
wolfSSL 11:cee25a834751 752 ato32(exp + idx, &keys->prevWindow[i]);
wolfSSL 11:cee25a834751 753 idx += OPAQUE32_LEN;
wolfSSL 11:cee25a834751 754 }
wolfSSL 11:cee25a834751 755 idx += wordAdj;
wolfSSL 11:cee25a834751 756
wolfSSL 11:cee25a834751 757 }
wolfSSL 11:cee25a834751 758
wolfSSL 11:cee25a834751 759 #ifdef HAVE_TRUNCATED_HMAC
wolfSSL 11:cee25a834751 760 ssl->truncated_hmac = exp[idx++];
wolfSSL 11:cee25a834751 761 #else
wolfSSL 11:cee25a834751 762 idx++; /* no truncated hmac */
wolfSSL 11:cee25a834751 763 #endif
wolfSSL 11:cee25a834751 764 sz = exp[idx++];
wolfSSL 11:cee25a834751 765 if (sz > MAX_DIGEST_SIZE || sz + idx > len) {
wolfSSL 11:cee25a834751 766 return BUFFER_E;
wolfSSL 11:cee25a834751 767 }
wolfSSL 11:cee25a834751 768 XMEMCPY(keys->client_write_MAC_secret, exp + idx, sz); idx += sz;
wolfSSL 11:cee25a834751 769 XMEMCPY(keys->server_write_MAC_secret, exp + idx, sz); idx += sz;
wolfSSL 11:cee25a834751 770
wolfSSL 11:cee25a834751 771 sz = exp[idx++];
wolfSSL 11:cee25a834751 772 if (sz > AES_256_KEY_SIZE || sz + idx > len) {
wolfSSL 11:cee25a834751 773 return BUFFER_E;
wolfSSL 11:cee25a834751 774 }
wolfSSL 11:cee25a834751 775 XMEMCPY(keys->client_write_key, exp + idx, sz); idx += sz;
wolfSSL 11:cee25a834751 776 XMEMCPY(keys->server_write_key, exp + idx, sz); idx += sz;
wolfSSL 11:cee25a834751 777
wolfSSL 11:cee25a834751 778 sz = exp[idx++];
wolfSSL 11:cee25a834751 779 if (sz > MAX_WRITE_IV_SZ || sz + idx > len) {
wolfSSL 11:cee25a834751 780 return BUFFER_E;
wolfSSL 11:cee25a834751 781 }
wolfSSL 11:cee25a834751 782 XMEMCPY(keys->client_write_IV, exp + idx, sz); idx += sz;
wolfSSL 11:cee25a834751 783 XMEMCPY(keys->server_write_IV, exp + idx, sz); idx += sz;
wolfSSL 11:cee25a834751 784 XMEMCPY(keys->aead_exp_IV, exp + idx, AEAD_MAX_EXP_SZ);
wolfSSL 11:cee25a834751 785 idx += AEAD_MAX_EXP_SZ;
wolfSSL 11:cee25a834751 786
wolfSSL 11:cee25a834751 787 sz = exp[idx++];
wolfSSL 11:cee25a834751 788 if (sz > AEAD_MAX_IMP_SZ || sz + idx > len) {
wolfSSL 11:cee25a834751 789 return BUFFER_E;
wolfSSL 11:cee25a834751 790 }
wolfSSL 11:cee25a834751 791 XMEMCPY(keys->aead_enc_imp_IV, exp + idx, sz); idx += sz;
wolfSSL 11:cee25a834751 792 XMEMCPY(keys->aead_dec_imp_IV, exp + idx, sz); idx += sz;
wolfSSL 11:cee25a834751 793
wolfSSL 11:cee25a834751 794 WOLFSSL_LEAVE("ImportKeyState", idx);
wolfSSL 11:cee25a834751 795 (void)ver;
wolfSSL 11:cee25a834751 796 return idx;
wolfSSL 11:cee25a834751 797 }
wolfSSL 11:cee25a834751 798
wolfSSL 11:cee25a834751 799
wolfSSL 11:cee25a834751 800 /* copy over necessary information from Options struct to buffer
wolfSSL 11:cee25a834751 801 * On success returns size of buffer used on failure returns a negative value */
wolfSSL 11:cee25a834751 802 static int dtls_export_new(WOLFSSL* ssl, byte* exp, word32 len, byte ver)
wolfSSL 11:cee25a834751 803 {
wolfSSL 11:cee25a834751 804 int idx = 0;
wolfSSL 11:cee25a834751 805 word16 zero = 0;
wolfSSL 11:cee25a834751 806 Options* options = &ssl->options;
wolfSSL 11:cee25a834751 807
wolfSSL 11:cee25a834751 808 WOLFSSL_ENTER("dtls_export_new");
wolfSSL 11:cee25a834751 809
wolfSSL 11:cee25a834751 810 if (exp == NULL || options == NULL || len < DTLS_EXPORT_OPT_SZ) {
wolfSSL 11:cee25a834751 811 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 812 }
wolfSSL 11:cee25a834751 813
wolfSSL 11:cee25a834751 814 XMEMSET(exp, 0, DTLS_EXPORT_OPT_SZ);
wolfSSL 11:cee25a834751 815
wolfSSL 11:cee25a834751 816 /* these options are kept and sent to indicate verify status and strength
wolfSSL 11:cee25a834751 817 * of handshake */
wolfSSL 11:cee25a834751 818 exp[idx++] = options->sendVerify;
wolfSSL 11:cee25a834751 819 exp[idx++] = options->verifyPeer;
wolfSSL 11:cee25a834751 820 exp[idx++] = options->verifyNone;
wolfSSL 11:cee25a834751 821 exp[idx++] = options->downgrade;
wolfSSL 11:cee25a834751 822 #ifndef NO_DH
wolfSSL 11:cee25a834751 823 c16toa(options->minDhKeySz, exp + idx); idx += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 824 c16toa(options->dhKeySz, exp + idx); idx += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 825 #else
wolfSSL 11:cee25a834751 826 c16toa(zero, exp + idx); idx += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 827 c16toa(zero, exp + idx); idx += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 828 #endif
wolfSSL 11:cee25a834751 829 #ifndef NO_RSA
wolfSSL 11:cee25a834751 830 c16toa((word16)(options->minRsaKeySz), exp + idx); idx += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 831 #else
wolfSSL 11:cee25a834751 832 c16toa(zero, exp + idx); idx += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 833 #endif
wolfSSL 11:cee25a834751 834 #ifdef HAVE_ECC
wolfSSL 11:cee25a834751 835 c16toa((word16)(options->minEccKeySz), exp + idx); idx += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 836 #else
wolfSSL 11:cee25a834751 837 c16toa(zero, exp + idx); idx += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 838 #endif
wolfSSL 11:cee25a834751 839
wolfSSL 11:cee25a834751 840 /* these options are kept to indicate state and behavior */
wolfSSL 11:cee25a834751 841 #ifndef NO_PSK
wolfSSL 11:cee25a834751 842 exp[idx++] = options->havePSK;
wolfSSL 11:cee25a834751 843 #else
wolfSSL 11:cee25a834751 844 exp[idx++] = 0;
wolfSSL 11:cee25a834751 845 #endif
wolfSSL 11:cee25a834751 846 exp[idx++] = options->sessionCacheOff;
wolfSSL 11:cee25a834751 847 exp[idx++] = options->sessionCacheFlushOff;
wolfSSL 11:cee25a834751 848 exp[idx++] = options->side;
wolfSSL 11:cee25a834751 849 exp[idx++] = options->resuming;
wolfSSL 11:cee25a834751 850 exp[idx++] = options->haveSessionId;
wolfSSL 11:cee25a834751 851 exp[idx++] = options->tls;
wolfSSL 11:cee25a834751 852 exp[idx++] = options->tls1_1;
wolfSSL 11:cee25a834751 853 exp[idx++] = options->dtls;
wolfSSL 11:cee25a834751 854 exp[idx++] = options->connReset;
wolfSSL 11:cee25a834751 855 exp[idx++] = options->isClosed;
wolfSSL 11:cee25a834751 856 exp[idx++] = options->closeNotify;
wolfSSL 11:cee25a834751 857 exp[idx++] = options->sentNotify;
wolfSSL 11:cee25a834751 858 exp[idx++] = options->usingCompression;
wolfSSL 11:cee25a834751 859 exp[idx++] = options->haveRSA;
wolfSSL 11:cee25a834751 860 exp[idx++] = options->haveECC;
wolfSSL 11:cee25a834751 861 exp[idx++] = options->haveDH;
wolfSSL 11:cee25a834751 862 exp[idx++] = options->haveNTRU;
wolfSSL 11:cee25a834751 863 exp[idx++] = options->haveQSH;
wolfSSL 11:cee25a834751 864 exp[idx++] = options->haveECDSAsig;
wolfSSL 11:cee25a834751 865 exp[idx++] = options->haveStaticECC;
wolfSSL 11:cee25a834751 866 exp[idx++] = options->havePeerVerify;
wolfSSL 11:cee25a834751 867 exp[idx++] = options->usingPSK_cipher;
wolfSSL 11:cee25a834751 868 exp[idx++] = options->usingAnon_cipher;
wolfSSL 11:cee25a834751 869 exp[idx++] = options->sendAlertState;
wolfSSL 11:cee25a834751 870 exp[idx++] = options->partialWrite;
wolfSSL 11:cee25a834751 871 exp[idx++] = options->quietShutdown;
wolfSSL 11:cee25a834751 872 exp[idx++] = options->groupMessages;
wolfSSL 11:cee25a834751 873 #ifdef HAVE_POLY1305
wolfSSL 11:cee25a834751 874 exp[idx++] = options->oldPoly;
wolfSSL 11:cee25a834751 875 #else
wolfSSL 11:cee25a834751 876 exp[idx++] = 0;
wolfSSL 11:cee25a834751 877 #endif
wolfSSL 11:cee25a834751 878 #ifdef HAVE_ANON
wolfSSL 11:cee25a834751 879 exp[idx++] = options->haveAnon;
wolfSSL 11:cee25a834751 880 #else
wolfSSL 11:cee25a834751 881 exp[idx++] = 0;
wolfSSL 11:cee25a834751 882 #endif
wolfSSL 11:cee25a834751 883 #ifdef HAVE_SESSION_TICKET
wolfSSL 11:cee25a834751 884 exp[idx++] = options->createTicket;
wolfSSL 11:cee25a834751 885 exp[idx++] = options->useTicket;
wolfSSL 11:cee25a834751 886 #else
wolfSSL 11:cee25a834751 887 exp[idx++] = 0;
wolfSSL 11:cee25a834751 888 exp[idx++] = 0;
wolfSSL 11:cee25a834751 889 #endif
wolfSSL 11:cee25a834751 890 exp[idx++] = options->processReply;
wolfSSL 11:cee25a834751 891 exp[idx++] = options->cipherSuite0;
wolfSSL 11:cee25a834751 892 exp[idx++] = options->cipherSuite;
wolfSSL 11:cee25a834751 893 exp[idx++] = options->serverState;
wolfSSL 11:cee25a834751 894 exp[idx++] = options->clientState;
wolfSSL 11:cee25a834751 895 exp[idx++] = options->handShakeState;
wolfSSL 11:cee25a834751 896 exp[idx++] = options->handShakeDone;
wolfSSL 11:cee25a834751 897 exp[idx++] = options->minDowngrade;
wolfSSL 11:cee25a834751 898 exp[idx++] = options->connectState;
wolfSSL 11:cee25a834751 899 exp[idx++] = options->acceptState;
wolfSSL 11:cee25a834751 900 exp[idx++] = options->asyncState;
wolfSSL 11:cee25a834751 901
wolfSSL 11:cee25a834751 902 /* version of connection */
wolfSSL 11:cee25a834751 903 exp[idx++] = ssl->version.major;
wolfSSL 11:cee25a834751 904 exp[idx++] = ssl->version.minor;
wolfSSL 11:cee25a834751 905
wolfSSL 11:cee25a834751 906 (void)zero;
wolfSSL 11:cee25a834751 907 (void)ver;
wolfSSL 11:cee25a834751 908
wolfSSL 11:cee25a834751 909 /* check if changes were made and notify of need to update export version */
wolfSSL 11:cee25a834751 910 if (idx != DTLS_EXPORT_OPT_SZ) {
wolfSSL 11:cee25a834751 911 WOLFSSL_MSG("Update DTLS_EXPORT_OPT_SZ and version of wolfSSL export");
wolfSSL 11:cee25a834751 912 return DTLS_EXPORT_VER_E;
wolfSSL 11:cee25a834751 913 }
wolfSSL 11:cee25a834751 914
wolfSSL 11:cee25a834751 915 WOLFSSL_LEAVE("dtls_export_new", idx);
wolfSSL 11:cee25a834751 916
wolfSSL 11:cee25a834751 917 return idx;
wolfSSL 11:cee25a834751 918 }
wolfSSL 11:cee25a834751 919
wolfSSL 11:cee25a834751 920
wolfSSL 11:cee25a834751 921 /* copy items from Export struct to Options struct
wolfSSL 11:cee25a834751 922 * On success returns size of buffer used on failure returns a negative value */
wolfSSL 11:cee25a834751 923 static int dtls_export_load(WOLFSSL* ssl, byte* exp, word32 len, byte ver)
wolfSSL 11:cee25a834751 924 {
wolfSSL 11:cee25a834751 925 int idx = 0;
wolfSSL 11:cee25a834751 926 Options* options = &ssl->options;
wolfSSL 11:cee25a834751 927
wolfSSL 11:cee25a834751 928 if (ver != DTLS_EXPORT_VERSION) {
wolfSSL 11:cee25a834751 929 WOLFSSL_MSG("Export version not supported");
wolfSSL 11:cee25a834751 930 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 931 }
wolfSSL 11:cee25a834751 932
wolfSSL 11:cee25a834751 933 if (exp == NULL || options == NULL || len < DTLS_EXPORT_OPT_SZ) {
wolfSSL 11:cee25a834751 934 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 935 }
wolfSSL 11:cee25a834751 936
wolfSSL 11:cee25a834751 937 /* these options are kept and sent to indicate verify status and strength
wolfSSL 11:cee25a834751 938 * of handshake */
wolfSSL 11:cee25a834751 939 options->sendVerify = exp[idx++];
wolfSSL 11:cee25a834751 940 options->verifyPeer = exp[idx++];
wolfSSL 11:cee25a834751 941 options->verifyNone = exp[idx++];
wolfSSL 11:cee25a834751 942 options->downgrade = exp[idx++];
wolfSSL 11:cee25a834751 943 #ifndef NO_DH
wolfSSL 11:cee25a834751 944 ato16(exp + idx, &(options->minDhKeySz)); idx += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 945 ato16(exp + idx, &(options->dhKeySz)); idx += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 946 #else
wolfSSL 11:cee25a834751 947 idx += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 948 idx += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 949 #endif
wolfSSL 11:cee25a834751 950 #ifndef NO_RSA
wolfSSL 11:cee25a834751 951 ato16(exp + idx, (word16*)&(options->minRsaKeySz)); idx += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 952 #else
wolfSSL 11:cee25a834751 953 idx += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 954 #endif
wolfSSL 11:cee25a834751 955 #ifdef HAVE_ECC
wolfSSL 11:cee25a834751 956 ato16(exp + idx, (word16*)&(options->minEccKeySz)); idx += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 957 #else
wolfSSL 11:cee25a834751 958 idx += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 959 #endif
wolfSSL 11:cee25a834751 960
wolfSSL 11:cee25a834751 961 /* these options are kept to indicate state and behavior */
wolfSSL 11:cee25a834751 962 #ifndef NO_PSK
wolfSSL 11:cee25a834751 963 options->havePSK = exp[idx++];
wolfSSL 11:cee25a834751 964 #else
wolfSSL 11:cee25a834751 965 idx++;
wolfSSL 11:cee25a834751 966 #endif
wolfSSL 11:cee25a834751 967 options->sessionCacheOff = exp[idx++];
wolfSSL 11:cee25a834751 968 options->sessionCacheFlushOff = exp[idx++];
wolfSSL 11:cee25a834751 969 options->side = exp[idx++];
wolfSSL 11:cee25a834751 970 options->resuming = exp[idx++];
wolfSSL 11:cee25a834751 971 options->haveSessionId = exp[idx++];
wolfSSL 11:cee25a834751 972 options->tls = exp[idx++];
wolfSSL 11:cee25a834751 973 options->tls1_1 = exp[idx++];
wolfSSL 11:cee25a834751 974 options->dtls = exp[idx++];
wolfSSL 11:cee25a834751 975 options->connReset = exp[idx++];
wolfSSL 11:cee25a834751 976 options->isClosed = exp[idx++];
wolfSSL 11:cee25a834751 977 options->closeNotify = exp[idx++];
wolfSSL 11:cee25a834751 978 options->sentNotify = exp[idx++];
wolfSSL 11:cee25a834751 979 options->usingCompression = exp[idx++];
wolfSSL 11:cee25a834751 980 options->haveRSA = exp[idx++];
wolfSSL 11:cee25a834751 981 options->haveECC = exp[idx++];
wolfSSL 11:cee25a834751 982 options->haveDH = exp[idx++];
wolfSSL 11:cee25a834751 983 options->haveNTRU = exp[idx++];
wolfSSL 11:cee25a834751 984 options->haveQSH = exp[idx++];
wolfSSL 11:cee25a834751 985 options->haveECDSAsig = exp[idx++];
wolfSSL 11:cee25a834751 986 options->haveStaticECC = exp[idx++];
wolfSSL 11:cee25a834751 987 options->havePeerVerify = exp[idx++];
wolfSSL 11:cee25a834751 988 options->usingPSK_cipher = exp[idx++];
wolfSSL 11:cee25a834751 989 options->usingAnon_cipher = exp[idx++];
wolfSSL 11:cee25a834751 990 options->sendAlertState = exp[idx++];
wolfSSL 11:cee25a834751 991 options->partialWrite = exp[idx++];
wolfSSL 11:cee25a834751 992 options->quietShutdown = exp[idx++];
wolfSSL 11:cee25a834751 993 options->groupMessages = exp[idx++];
wolfSSL 11:cee25a834751 994 #ifdef HAVE_POLY1305
wolfSSL 11:cee25a834751 995 options->oldPoly = exp[idx++]; /* set when to use old rfc way of poly*/
wolfSSL 11:cee25a834751 996 #else
wolfSSL 11:cee25a834751 997 idx++;
wolfSSL 11:cee25a834751 998 #endif
wolfSSL 11:cee25a834751 999 #ifdef HAVE_ANON
wolfSSL 11:cee25a834751 1000 options->haveAnon = exp[idx++]; /* User wants to allow Anon suites */
wolfSSL 11:cee25a834751 1001 #else
wolfSSL 11:cee25a834751 1002 idx++;
wolfSSL 11:cee25a834751 1003 #endif
wolfSSL 11:cee25a834751 1004 #ifdef HAVE_SESSION_TICKET
wolfSSL 11:cee25a834751 1005 options->createTicket = exp[idx++]; /* Server to create new Ticket */
wolfSSL 11:cee25a834751 1006 options->useTicket = exp[idx++]; /* Use Ticket not session cache */
wolfSSL 11:cee25a834751 1007 #else
wolfSSL 11:cee25a834751 1008 idx++;
wolfSSL 11:cee25a834751 1009 idx++;
wolfSSL 11:cee25a834751 1010 #endif
wolfSSL 11:cee25a834751 1011 options->processReply = exp[idx++];
wolfSSL 11:cee25a834751 1012 options->cipherSuite0 = exp[idx++];
wolfSSL 11:cee25a834751 1013 options->cipherSuite = exp[idx++];
wolfSSL 11:cee25a834751 1014 options->serverState = exp[idx++];
wolfSSL 11:cee25a834751 1015 options->clientState = exp[idx++];
wolfSSL 11:cee25a834751 1016 options->handShakeState = exp[idx++];
wolfSSL 11:cee25a834751 1017 options->handShakeDone = exp[idx++];
wolfSSL 11:cee25a834751 1018 options->minDowngrade = exp[idx++];
wolfSSL 11:cee25a834751 1019 options->connectState = exp[idx++];
wolfSSL 11:cee25a834751 1020 options->acceptState = exp[idx++];
wolfSSL 11:cee25a834751 1021 options->asyncState = exp[idx++];
wolfSSL 11:cee25a834751 1022
wolfSSL 11:cee25a834751 1023 /* version of connection */
wolfSSL 11:cee25a834751 1024 if (ssl->version.major != exp[idx++] || ssl->version.minor != exp[idx++]) {
wolfSSL 11:cee25a834751 1025 WOLFSSL_MSG("Version mismatch ie DTLS v1 vs v1.2");
wolfSSL 11:cee25a834751 1026 return VERSION_ERROR;
wolfSSL 11:cee25a834751 1027 }
wolfSSL 11:cee25a834751 1028
wolfSSL 11:cee25a834751 1029 return idx;
wolfSSL 11:cee25a834751 1030 }
wolfSSL 11:cee25a834751 1031
wolfSSL 11:cee25a834751 1032 static int ExportPeerInfo(WOLFSSL* ssl, byte* exp, word32 len, byte ver)
wolfSSL 11:cee25a834751 1033 {
wolfSSL 11:cee25a834751 1034 int idx = 0;
wolfSSL 11:cee25a834751 1035 int ipSz = DTLS_EXPORT_IP; /* start as max size */
wolfSSL 11:cee25a834751 1036 int fam = 0;
wolfSSL 11:cee25a834751 1037 word16 port = 0;
wolfSSL 11:cee25a834751 1038 char ip[DTLS_EXPORT_IP];
wolfSSL 11:cee25a834751 1039
wolfSSL 11:cee25a834751 1040 if (ver != DTLS_EXPORT_VERSION) {
wolfSSL 11:cee25a834751 1041 WOLFSSL_MSG("Export version not supported");
wolfSSL 11:cee25a834751 1042 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 1043 }
wolfSSL 11:cee25a834751 1044
wolfSSL 11:cee25a834751 1045 if (ssl == NULL || exp == NULL || len < sizeof(ip) + 3 * DTLS_EXPORT_LEN) {
wolfSSL 11:cee25a834751 1046 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 1047 }
wolfSSL 11:cee25a834751 1048
wolfSSL 11:cee25a834751 1049 if (ssl->ctx->CBGetPeer == NULL) {
wolfSSL 11:cee25a834751 1050 WOLFSSL_MSG("No get peer call back set");
wolfSSL 11:cee25a834751 1051 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 1052 }
wolfSSL 11:cee25a834751 1053 if (ssl->ctx->CBGetPeer(ssl, ip, &ipSz, &port, &fam) != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 1054 WOLFSSL_MSG("Get peer callback error");
wolfSSL 11:cee25a834751 1055 return SOCKET_ERROR_E;
wolfSSL 11:cee25a834751 1056 }
wolfSSL 11:cee25a834751 1057
wolfSSL 11:cee25a834751 1058 /* check that ipSz/fam is not negative or too large since user can set cb */
wolfSSL 11:cee25a834751 1059 if (ipSz < 0 || ipSz > DTLS_EXPORT_IP || fam < 0) {
wolfSSL 11:cee25a834751 1060 WOLFSSL_MSG("Bad ipSz or fam returned from get peer callback");
wolfSSL 11:cee25a834751 1061 return SOCKET_ERROR_E;
wolfSSL 11:cee25a834751 1062 }
wolfSSL 11:cee25a834751 1063
wolfSSL 11:cee25a834751 1064 c16toa((word16)fam, exp + idx); idx += DTLS_EXPORT_LEN;
wolfSSL 11:cee25a834751 1065 c16toa((word16)ipSz, exp + idx); idx += DTLS_EXPORT_LEN;
wolfSSL 11:cee25a834751 1066 XMEMCPY(exp + idx, ip, ipSz); idx += ipSz;
wolfSSL 11:cee25a834751 1067 c16toa(port, exp + idx); idx += DTLS_EXPORT_LEN;
wolfSSL 11:cee25a834751 1068
wolfSSL 11:cee25a834751 1069 return idx;
wolfSSL 11:cee25a834751 1070 }
wolfSSL 11:cee25a834751 1071
wolfSSL 11:cee25a834751 1072
wolfSSL 11:cee25a834751 1073 static int ImportPeerInfo(WOLFSSL* ssl, byte* buf, word32 len, byte ver)
wolfSSL 11:cee25a834751 1074 {
wolfSSL 11:cee25a834751 1075 word16 idx = 0;
wolfSSL 11:cee25a834751 1076 word16 ipSz;
wolfSSL 11:cee25a834751 1077 word16 fam;
wolfSSL 11:cee25a834751 1078 word16 port;
wolfSSL 11:cee25a834751 1079 char ip[DTLS_EXPORT_IP];
wolfSSL 11:cee25a834751 1080
wolfSSL 11:cee25a834751 1081 if (ver != DTLS_EXPORT_VERSION) {
wolfSSL 11:cee25a834751 1082 WOLFSSL_MSG("Export version not supported");
wolfSSL 11:cee25a834751 1083 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 1084 }
wolfSSL 11:cee25a834751 1085
wolfSSL 11:cee25a834751 1086 if (ssl == NULL || buf == NULL || len < 3 * DTLS_EXPORT_LEN) {
wolfSSL 11:cee25a834751 1087 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 1088 }
wolfSSL 11:cee25a834751 1089
wolfSSL 11:cee25a834751 1090 /* import sin family */
wolfSSL 11:cee25a834751 1091 ato16(buf + idx, &fam); idx += DTLS_EXPORT_LEN;
wolfSSL 11:cee25a834751 1092
wolfSSL 11:cee25a834751 1093 /* import ip address idx, and ipSz are unsigned but cast for enum */
wolfSSL 11:cee25a834751 1094 ato16(buf + idx, &ipSz); idx += DTLS_EXPORT_LEN;
wolfSSL 11:cee25a834751 1095 if (ipSz >= sizeof(ip) || (word16)(idx + ipSz + DTLS_EXPORT_LEN) > len) {
wolfSSL 11:cee25a834751 1096 return BUFFER_E;
wolfSSL 11:cee25a834751 1097 }
wolfSSL 11:cee25a834751 1098 XMEMSET(ip, 0, sizeof(ip));
wolfSSL 11:cee25a834751 1099 XMEMCPY(ip, buf + idx, ipSz); idx += ipSz;
wolfSSL 11:cee25a834751 1100 ip[ipSz] = '\0'; /* with check that ipSz less than ip this is valid */
wolfSSL 11:cee25a834751 1101 ato16(buf + idx, &port); idx += DTLS_EXPORT_LEN;
wolfSSL 11:cee25a834751 1102
wolfSSL 11:cee25a834751 1103 /* sanity check for a function to call, then use it to import peer info */
wolfSSL 11:cee25a834751 1104 if (ssl->ctx->CBSetPeer == NULL) {
wolfSSL 11:cee25a834751 1105 WOLFSSL_MSG("No set peer function");
wolfSSL 11:cee25a834751 1106 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 1107 }
wolfSSL 11:cee25a834751 1108 if (ssl->ctx->CBSetPeer(ssl, ip, ipSz, port, fam) != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 1109 WOLFSSL_MSG("Error setting peer info");
wolfSSL 11:cee25a834751 1110 return SOCKET_ERROR_E;
wolfSSL 11:cee25a834751 1111 }
wolfSSL 11:cee25a834751 1112
wolfSSL 11:cee25a834751 1113 return idx;
wolfSSL 11:cee25a834751 1114 }
wolfSSL 11:cee25a834751 1115
wolfSSL 11:cee25a834751 1116
wolfSSL 11:cee25a834751 1117 /* WOLFSSL_LOCAL function that serializes the current WOLFSSL session
wolfSSL 11:cee25a834751 1118 * buf is used to hold the serialized WOLFSSL struct and sz is the size of buf
wolfSSL 11:cee25a834751 1119 * passed in.
wolfSSL 11:cee25a834751 1120 * On success returns the size of serialized session.*/
wolfSSL 11:cee25a834751 1121 int wolfSSL_dtls_export_internal(WOLFSSL* ssl, byte* buf, word32 sz)
wolfSSL 11:cee25a834751 1122 {
wolfSSL 11:cee25a834751 1123 int ret;
wolfSSL 11:cee25a834751 1124 word32 idx = 0;
wolfSSL 11:cee25a834751 1125 word32 totalLen = 0;
wolfSSL 11:cee25a834751 1126
wolfSSL 11:cee25a834751 1127 WOLFSSL_ENTER("wolfSSL_dtls_export_internal");
wolfSSL 11:cee25a834751 1128
wolfSSL 11:cee25a834751 1129 if (buf == NULL || ssl == NULL) {
wolfSSL 11:cee25a834751 1130 WOLFSSL_LEAVE("wolfSSL_dtls_export_internal", BAD_FUNC_ARG);
wolfSSL 11:cee25a834751 1131 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 1132 }
wolfSSL 11:cee25a834751 1133
wolfSSL 11:cee25a834751 1134 totalLen += DTLS_EXPORT_LEN * 2; /* 2 protocol bytes and 2 length bytes */
wolfSSL 11:cee25a834751 1135 /* each of the following have a 2 byte length before data */
wolfSSL 11:cee25a834751 1136 totalLen += DTLS_EXPORT_LEN + DTLS_EXPORT_OPT_SZ;
wolfSSL 11:cee25a834751 1137 totalLen += DTLS_EXPORT_LEN + DTLS_EXPORT_KEY_SZ;
wolfSSL 11:cee25a834751 1138 totalLen += DTLS_EXPORT_LEN + DTLS_EXPORT_SPC_SZ;
wolfSSL 11:cee25a834751 1139 totalLen += DTLS_EXPORT_LEN + ssl->buffers.dtlsCtx.peer.sz;
wolfSSL 11:cee25a834751 1140
wolfSSL 11:cee25a834751 1141 if (totalLen > sz) {
wolfSSL 11:cee25a834751 1142 WOLFSSL_LEAVE("wolfSSL_dtls_export_internal", BUFFER_E);
wolfSSL 11:cee25a834751 1143 return BUFFER_E;
wolfSSL 11:cee25a834751 1144 }
wolfSSL 11:cee25a834751 1145
wolfSSL 11:cee25a834751 1146 buf[idx++] = (byte)DTLS_EXPORT_PRO;
wolfSSL 11:cee25a834751 1147 buf[idx++] = ((byte)DTLS_EXPORT_PRO & 0xF0) |
wolfSSL 11:cee25a834751 1148 ((byte)DTLS_EXPORT_VERSION & 0X0F);
wolfSSL 11:cee25a834751 1149
wolfSSL 11:cee25a834751 1150 idx += DTLS_EXPORT_LEN; /* leave spot for length */
wolfSSL 11:cee25a834751 1151
wolfSSL 11:cee25a834751 1152 c16toa((word16)DTLS_EXPORT_OPT_SZ, buf + idx); idx += DTLS_EXPORT_LEN;
wolfSSL 11:cee25a834751 1153 if ((ret = dtls_export_new(ssl, buf + idx, sz - idx,
wolfSSL 11:cee25a834751 1154 DTLS_EXPORT_VERSION)) < 0) {
wolfSSL 11:cee25a834751 1155 WOLFSSL_LEAVE("wolfSSL_dtls_export_internal", ret);
wolfSSL 11:cee25a834751 1156 return ret;
wolfSSL 11:cee25a834751 1157 }
wolfSSL 11:cee25a834751 1158 idx += ret;
wolfSSL 11:cee25a834751 1159
wolfSSL 11:cee25a834751 1160 /* export keys struct and dtls state -- variable length stored in ret */
wolfSSL 11:cee25a834751 1161 idx += DTLS_EXPORT_LEN; /* leave room for length */
wolfSSL 11:cee25a834751 1162 if ((ret = ExportKeyState(ssl, buf + idx, sz - idx,
wolfSSL 11:cee25a834751 1163 DTLS_EXPORT_VERSION)) < 0) {
wolfSSL 11:cee25a834751 1164 WOLFSSL_LEAVE("wolfSSL_dtls_export_internal", ret);
wolfSSL 11:cee25a834751 1165 return ret;
wolfSSL 11:cee25a834751 1166 }
wolfSSL 11:cee25a834751 1167 c16toa((word16)ret, buf + idx - DTLS_EXPORT_LEN); idx += ret;
wolfSSL 11:cee25a834751 1168
wolfSSL 11:cee25a834751 1169 /* export of cipher specs struct */
wolfSSL 11:cee25a834751 1170 c16toa((word16)DTLS_EXPORT_SPC_SZ, buf + idx); idx += DTLS_EXPORT_LEN;
wolfSSL 11:cee25a834751 1171 if ((ret = ExportCipherSpecState(ssl, buf + idx, sz - idx,
wolfSSL 11:cee25a834751 1172 DTLS_EXPORT_VERSION)) < 0) {
wolfSSL 11:cee25a834751 1173 WOLFSSL_LEAVE("wolfSSL_dtls_export_internal", ret);
wolfSSL 11:cee25a834751 1174 return ret;
wolfSSL 11:cee25a834751 1175 }
wolfSSL 11:cee25a834751 1176 idx += ret;
wolfSSL 11:cee25a834751 1177
wolfSSL 11:cee25a834751 1178 /* export of dtls peer information */
wolfSSL 11:cee25a834751 1179 idx += DTLS_EXPORT_LEN;
wolfSSL 11:cee25a834751 1180 if ((ret = ExportPeerInfo(ssl, buf + idx, sz - idx,
wolfSSL 11:cee25a834751 1181 DTLS_EXPORT_VERSION)) < 0) {
wolfSSL 11:cee25a834751 1182 WOLFSSL_LEAVE("wolfSSL_dtls_export_internal", ret);
wolfSSL 11:cee25a834751 1183 return ret;
wolfSSL 11:cee25a834751 1184 }
wolfSSL 11:cee25a834751 1185 c16toa(ret, buf + idx - DTLS_EXPORT_LEN);
wolfSSL 11:cee25a834751 1186 idx += ret;
wolfSSL 11:cee25a834751 1187
wolfSSL 11:cee25a834751 1188 /* place total length of exported buffer minus 2 bytes protocol/version */
wolfSSL 11:cee25a834751 1189 c16toa((word16)(idx - DTLS_EXPORT_LEN), buf + DTLS_EXPORT_LEN);
wolfSSL 11:cee25a834751 1190
wolfSSL 11:cee25a834751 1191 /* if compiled with debug options then print the version, protocol, size */
wolfSSL 11:cee25a834751 1192 #ifdef WOLFSSL_SESSION_EXPORT_DEBUG
wolfSSL 11:cee25a834751 1193 {
wolfSSL 11:cee25a834751 1194 char debug[256];
wolfSSL 11:cee25a834751 1195 snprintf(debug, sizeof(debug), "Exporting DTLS session\n"
wolfSSL 11:cee25a834751 1196 "\tVersion : %d\n\tProtocol : %02X%01X\n\tLength of: %d\n\n"
wolfSSL 11:cee25a834751 1197 , (int)DTLS_EXPORT_VERSION, buf[0], (buf[1] >> 4), idx - 2);
wolfSSL 11:cee25a834751 1198 WOLFSSL_MSG(debug);
wolfSSL 11:cee25a834751 1199 }
wolfSSL 11:cee25a834751 1200 #endif /* WOLFSSL_SESSION_EXPORT_DEBUG */
wolfSSL 11:cee25a834751 1201
wolfSSL 11:cee25a834751 1202 WOLFSSL_LEAVE("wolfSSL_dtls_export_internal", idx);
wolfSSL 11:cee25a834751 1203 return idx;
wolfSSL 11:cee25a834751 1204 }
wolfSSL 11:cee25a834751 1205
wolfSSL 11:cee25a834751 1206
wolfSSL 11:cee25a834751 1207 /* On success return amount of buffer consumed */
wolfSSL 11:cee25a834751 1208 int wolfSSL_dtls_import_internal(WOLFSSL* ssl, byte* buf, word32 sz)
wolfSSL 11:cee25a834751 1209 {
wolfSSL 11:cee25a834751 1210 word32 idx = 0;
wolfSSL 11:cee25a834751 1211 word16 length = 0;
wolfSSL 11:cee25a834751 1212 int version;
wolfSSL 11:cee25a834751 1213 int ret;
wolfSSL 11:cee25a834751 1214
wolfSSL 11:cee25a834751 1215 WOLFSSL_ENTER("wolfSSL_dtls_import_internal");
wolfSSL 11:cee25a834751 1216 /* check at least enough room for protocol and length */
wolfSSL 11:cee25a834751 1217 if (sz < DTLS_EXPORT_LEN * 2 || ssl == NULL) {
wolfSSL 11:cee25a834751 1218 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 1219 }
wolfSSL 11:cee25a834751 1220
wolfSSL 11:cee25a834751 1221 /* sanity check on protocol ID and size of buffer */
wolfSSL 11:cee25a834751 1222 if (buf[idx++] != (byte)DTLS_EXPORT_PRO ||
wolfSSL 11:cee25a834751 1223 (buf[idx] & 0xF0) != ((byte)DTLS_EXPORT_PRO & 0xF0)) {
wolfSSL 11:cee25a834751 1224 /* don't increment on second idx to next get version */
wolfSSL 11:cee25a834751 1225 WOLFSSL_MSG("Incorrect protocol");
wolfSSL 11:cee25a834751 1226 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 1227 }
wolfSSL 11:cee25a834751 1228 version = buf[idx++] & 0x0F;
wolfSSL 11:cee25a834751 1229
wolfSSL 11:cee25a834751 1230 ato16(buf + idx, &length); idx += DTLS_EXPORT_LEN;
wolfSSL 11:cee25a834751 1231 if (length > sz - DTLS_EXPORT_LEN) { /* subtract 2 for protocol */
wolfSSL 11:cee25a834751 1232 return BUFFER_E;
wolfSSL 11:cee25a834751 1233 }
wolfSSL 11:cee25a834751 1234
wolfSSL 11:cee25a834751 1235 /* if compiled with debug options then print the version, protocol, size */
wolfSSL 11:cee25a834751 1236 #ifdef WOLFSSL_SESSION_EXPORT_DEBUG
wolfSSL 11:cee25a834751 1237 {
wolfSSL 11:cee25a834751 1238 char debug[256];
wolfSSL 11:cee25a834751 1239 snprintf(debug, sizeof(debug), "Importing DTLS session\n"
wolfSSL 11:cee25a834751 1240 "\tVersion : %d\n\tProtocol : %02X%01X\n\tLength of: %d\n\n"
wolfSSL 11:cee25a834751 1241 , (int)version, buf[0], (buf[1] >> 4), length);
wolfSSL 11:cee25a834751 1242 WOLFSSL_MSG(debug);
wolfSSL 11:cee25a834751 1243 }
wolfSSL 11:cee25a834751 1244 #endif /* WOLFSSL_SESSION_EXPORT_DEBUG */
wolfSSL 11:cee25a834751 1245
wolfSSL 11:cee25a834751 1246 /* perform sanity checks and extract Options information used */
wolfSSL 11:cee25a834751 1247 if (DTLS_EXPORT_LEN + DTLS_EXPORT_OPT_SZ + idx > sz) {
wolfSSL 11:cee25a834751 1248 WOLFSSL_MSG("Import Options struct error");
wolfSSL 11:cee25a834751 1249 return BUFFER_E;
wolfSSL 11:cee25a834751 1250 }
wolfSSL 11:cee25a834751 1251 ato16(buf + idx, &length); idx += DTLS_EXPORT_LEN;
wolfSSL 11:cee25a834751 1252 if (length != DTLS_EXPORT_OPT_SZ) {
wolfSSL 11:cee25a834751 1253 WOLFSSL_MSG("Import Options struct error");
wolfSSL 11:cee25a834751 1254 return BUFFER_E;
wolfSSL 11:cee25a834751 1255 }
wolfSSL 11:cee25a834751 1256 if ((ret = dtls_export_load(ssl, buf + idx, length, version)) < 0) {
wolfSSL 11:cee25a834751 1257 WOLFSSL_MSG("Import Options struct error");
wolfSSL 11:cee25a834751 1258 return ret;
wolfSSL 11:cee25a834751 1259 }
wolfSSL 11:cee25a834751 1260 idx += length;
wolfSSL 11:cee25a834751 1261
wolfSSL 11:cee25a834751 1262 /* perform sanity checks and extract Keys struct */
wolfSSL 11:cee25a834751 1263 if (DTLS_EXPORT_LEN + idx > sz) {
wolfSSL 11:cee25a834751 1264 WOLFSSL_MSG("Import Key struct error");
wolfSSL 11:cee25a834751 1265 return BUFFER_E;
wolfSSL 11:cee25a834751 1266 }
wolfSSL 11:cee25a834751 1267 ato16(buf + idx, &length); idx += DTLS_EXPORT_LEN;
wolfSSL 11:cee25a834751 1268 if (length > DTLS_EXPORT_KEY_SZ || length + idx > sz) {
wolfSSL 11:cee25a834751 1269 WOLFSSL_MSG("Import Key struct error");
wolfSSL 11:cee25a834751 1270 return BUFFER_E;
wolfSSL 11:cee25a834751 1271 }
wolfSSL 11:cee25a834751 1272 if ((ret = ImportKeyState(ssl, buf + idx, length, version)) < 0) {
wolfSSL 11:cee25a834751 1273 WOLFSSL_MSG("Import Key struct error");
wolfSSL 11:cee25a834751 1274 return ret;
wolfSSL 11:cee25a834751 1275 }
wolfSSL 11:cee25a834751 1276 idx += ret;
wolfSSL 11:cee25a834751 1277
wolfSSL 11:cee25a834751 1278 /* perform sanity checks and extract CipherSpecs struct */
wolfSSL 11:cee25a834751 1279 if (DTLS_EXPORT_LEN + DTLS_EXPORT_SPC_SZ + idx > sz) {
wolfSSL 11:cee25a834751 1280 WOLFSSL_MSG("Import CipherSpecs struct error");
wolfSSL 11:cee25a834751 1281 return BUFFER_E;
wolfSSL 11:cee25a834751 1282 }
wolfSSL 11:cee25a834751 1283 ato16(buf + idx, &length); idx += DTLS_EXPORT_LEN;
wolfSSL 11:cee25a834751 1284 if ( length != DTLS_EXPORT_SPC_SZ) {
wolfSSL 11:cee25a834751 1285 WOLFSSL_MSG("Import CipherSpecs struct error");
wolfSSL 11:cee25a834751 1286 return BUFFER_E;
wolfSSL 11:cee25a834751 1287 }
wolfSSL 11:cee25a834751 1288 if ((ret = ImportCipherSpecState(ssl, buf + idx, length, version)) < 0) {
wolfSSL 11:cee25a834751 1289 WOLFSSL_MSG("Import CipherSpecs struct error");
wolfSSL 11:cee25a834751 1290 return ret;
wolfSSL 11:cee25a834751 1291 }
wolfSSL 11:cee25a834751 1292 idx += ret;
wolfSSL 11:cee25a834751 1293
wolfSSL 11:cee25a834751 1294 /* perform sanity checks and extract DTLS peer info */
wolfSSL 11:cee25a834751 1295 if (DTLS_EXPORT_LEN + idx > sz) {
wolfSSL 11:cee25a834751 1296 WOLFSSL_MSG("Import DTLS peer info error");
wolfSSL 11:cee25a834751 1297 return BUFFER_E;
wolfSSL 11:cee25a834751 1298 }
wolfSSL 11:cee25a834751 1299 ato16(buf + idx, &length); idx += DTLS_EXPORT_LEN;
wolfSSL 11:cee25a834751 1300 if (idx + length > sz) {
wolfSSL 11:cee25a834751 1301 WOLFSSL_MSG("Import DTLS peer info error");
wolfSSL 11:cee25a834751 1302 return BUFFER_E;
wolfSSL 11:cee25a834751 1303 }
wolfSSL 11:cee25a834751 1304 if ((ret = ImportPeerInfo(ssl, buf + idx, length, version)) < 0) {
wolfSSL 11:cee25a834751 1305 WOLFSSL_MSG("Import Peer Addr error");
wolfSSL 11:cee25a834751 1306 return ret;
wolfSSL 11:cee25a834751 1307 }
wolfSSL 11:cee25a834751 1308 idx += ret;
wolfSSL 11:cee25a834751 1309
wolfSSL 11:cee25a834751 1310 SetKeysSide(ssl, ENCRYPT_AND_DECRYPT_SIDE);
wolfSSL 11:cee25a834751 1311
wolfSSL 11:cee25a834751 1312 /* set hmac function to use when verifying */
wolfSSL 11:cee25a834751 1313 if (ssl->options.tls == 1 || ssl->options.tls1_1 == 1 ||
wolfSSL 11:cee25a834751 1314 ssl->options.dtls == 1) {
wolfSSL 11:cee25a834751 1315 ssl->hmac = TLS_hmac;
wolfSSL 11:cee25a834751 1316 }
wolfSSL 11:cee25a834751 1317
wolfSSL 11:cee25a834751 1318 /* make sure is a valid suite used */
wolfSSL 11:cee25a834751 1319 if (wolfSSL_get_cipher(ssl) == NULL) {
wolfSSL 11:cee25a834751 1320 WOLFSSL_MSG("Can not match cipher suite imported");
wolfSSL 11:cee25a834751 1321 return MATCH_SUITE_ERROR;
wolfSSL 11:cee25a834751 1322 }
wolfSSL 11:cee25a834751 1323
wolfSSL 11:cee25a834751 1324 /* do not allow stream ciphers with DTLS */
wolfSSL 11:cee25a834751 1325 if (ssl->specs.cipher_type == stream) {
wolfSSL 11:cee25a834751 1326 WOLFSSL_MSG("Can not import stream ciphers for DTLS");
wolfSSL 11:cee25a834751 1327 return SANITY_CIPHER_E;
wolfSSL 11:cee25a834751 1328 }
wolfSSL 11:cee25a834751 1329
wolfSSL 11:cee25a834751 1330 return idx;
wolfSSL 11:cee25a834751 1331 }
wolfSSL 11:cee25a834751 1332 #endif /* WOLFSSL_DTLS */
wolfSSL 11:cee25a834751 1333 #endif /* WOLFSSL_SESSION_EXPORT */
wolfSSL 11:cee25a834751 1334
wolfSSL 11:cee25a834751 1335
wolfSSL 11:cee25a834751 1336 void InitSSL_Method(WOLFSSL_METHOD* method, ProtocolVersion pv)
wolfSSL 11:cee25a834751 1337 {
wolfSSL 11:cee25a834751 1338 method->version = pv;
wolfSSL 11:cee25a834751 1339 method->side = WOLFSSL_CLIENT_END;
wolfSSL 11:cee25a834751 1340 method->downgrade = 0;
wolfSSL 11:cee25a834751 1341 }
wolfSSL 11:cee25a834751 1342
wolfSSL 11:cee25a834751 1343
wolfSSL 11:cee25a834751 1344 /* Initialize SSL context, return 0 on success */
wolfSSL 11:cee25a834751 1345 int InitSSL_Ctx(WOLFSSL_CTX* ctx, WOLFSSL_METHOD* method, void* heap)
wolfSSL 11:cee25a834751 1346 {
wolfSSL 11:cee25a834751 1347 int ret = 0;
wolfSSL 11:cee25a834751 1348
wolfSSL 11:cee25a834751 1349 XMEMSET(ctx, 0, sizeof(WOLFSSL_CTX));
wolfSSL 11:cee25a834751 1350
wolfSSL 11:cee25a834751 1351 ctx->method = method;
wolfSSL 11:cee25a834751 1352 ctx->refCount = 1; /* so either CTX_free or SSL_free can release */
wolfSSL 11:cee25a834751 1353 ctx->heap = ctx; /* defaults to self */
wolfSSL 11:cee25a834751 1354 ctx->timeout = WOLFSSL_SESSION_TIMEOUT;
wolfSSL 11:cee25a834751 1355 ctx->minDowngrade = TLSv1_MINOR; /* current default */
wolfSSL 11:cee25a834751 1356
wolfSSL 11:cee25a834751 1357 if (wc_InitMutex(&ctx->countMutex) < 0) {
wolfSSL 11:cee25a834751 1358 WOLFSSL_MSG("Mutex error on CTX init");
wolfSSL 11:cee25a834751 1359 ctx->err = CTX_INIT_MUTEX_E;
wolfSSL 11:cee25a834751 1360 return BAD_MUTEX_E;
wolfSSL 11:cee25a834751 1361 }
wolfSSL 11:cee25a834751 1362
wolfSSL 11:cee25a834751 1363 #ifndef NO_DH
wolfSSL 11:cee25a834751 1364 ctx->minDhKeySz = MIN_DHKEY_SZ;
wolfSSL 11:cee25a834751 1365 #endif
wolfSSL 11:cee25a834751 1366 #ifndef NO_RSA
wolfSSL 11:cee25a834751 1367 ctx->minRsaKeySz = MIN_RSAKEY_SZ;
wolfSSL 11:cee25a834751 1368 #endif
wolfSSL 11:cee25a834751 1369 #ifdef HAVE_ECC
wolfSSL 11:cee25a834751 1370 ctx->minEccKeySz = MIN_ECCKEY_SZ;
wolfSSL 11:cee25a834751 1371 ctx->eccTempKeySz = ECDHE_SIZE;
wolfSSL 11:cee25a834751 1372 #endif
wolfSSL 11:cee25a834751 1373
wolfSSL 11:cee25a834751 1374 #ifndef WOLFSSL_USER_IO
wolfSSL 11:cee25a834751 1375 ctx->CBIORecv = EmbedReceive;
wolfSSL 11:cee25a834751 1376 ctx->CBIOSend = EmbedSend;
wolfSSL 11:cee25a834751 1377 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 1378 if (method->version.major == DTLS_MAJOR) {
wolfSSL 11:cee25a834751 1379 ctx->CBIORecv = EmbedReceiveFrom;
wolfSSL 11:cee25a834751 1380 ctx->CBIOSend = EmbedSendTo;
wolfSSL 11:cee25a834751 1381 }
wolfSSL 11:cee25a834751 1382 #ifdef WOLFSSL_SESSION_EXPORT
wolfSSL 11:cee25a834751 1383 ctx->CBGetPeer = EmbedGetPeer;
wolfSSL 11:cee25a834751 1384 ctx->CBSetPeer = EmbedSetPeer;
wolfSSL 11:cee25a834751 1385 #endif
wolfSSL 11:cee25a834751 1386 #endif
wolfSSL 11:cee25a834751 1387 #endif /* WOLFSSL_USER_IO */
wolfSSL 11:cee25a834751 1388
wolfSSL 11:cee25a834751 1389 #ifdef HAVE_NETX
wolfSSL 11:cee25a834751 1390 ctx->CBIORecv = NetX_Receive;
wolfSSL 11:cee25a834751 1391 ctx->CBIOSend = NetX_Send;
wolfSSL 11:cee25a834751 1392 #endif
wolfSSL 11:cee25a834751 1393
wolfSSL 11:cee25a834751 1394 #ifdef HAVE_NTRU
wolfSSL 11:cee25a834751 1395 if (method->side == WOLFSSL_CLIENT_END)
wolfSSL 11:cee25a834751 1396 ctx->haveNTRU = 1; /* always on cliet side */
wolfSSL 11:cee25a834751 1397 /* server can turn on by loading key */
wolfSSL 11:cee25a834751 1398 #endif
wolfSSL 11:cee25a834751 1399 #ifdef HAVE_ECC
wolfSSL 11:cee25a834751 1400 if (method->side == WOLFSSL_CLIENT_END) {
wolfSSL 11:cee25a834751 1401 ctx->haveECDSAsig = 1; /* always on cliet side */
wolfSSL 11:cee25a834751 1402 ctx->haveECC = 1; /* server turns on with ECC key cert */
wolfSSL 11:cee25a834751 1403 ctx->haveStaticECC = 1; /* server can turn on by loading key */
wolfSSL 11:cee25a834751 1404 }
wolfSSL 11:cee25a834751 1405 #endif
wolfSSL 11:cee25a834751 1406
wolfSSL 11:cee25a834751 1407 ctx->devId = INVALID_DEVID;
wolfSSL 11:cee25a834751 1408
wolfSSL 11:cee25a834751 1409 #if defined(WOLFSSL_DTLS) && defined(WOLFSSL_SCTP)
wolfSSL 11:cee25a834751 1410 ctx->dtlsMtuSz = MAX_RECORD_SIZE;
wolfSSL 11:cee25a834751 1411 #endif
wolfSSL 11:cee25a834751 1412
wolfSSL 11:cee25a834751 1413 #ifndef NO_CERTS
wolfSSL 11:cee25a834751 1414 ctx->cm = wolfSSL_CertManagerNew_ex(heap);
wolfSSL 11:cee25a834751 1415 if (ctx->cm == NULL) {
wolfSSL 11:cee25a834751 1416 WOLFSSL_MSG("Bad Cert Manager New");
wolfSSL 11:cee25a834751 1417 return BAD_CERT_MANAGER_ERROR;
wolfSSL 11:cee25a834751 1418 }
wolfSSL 11:cee25a834751 1419 #ifdef OPENSSL_EXTRA
wolfSSL 11:cee25a834751 1420 /* setup WOLFSSL_X509_STORE */
wolfSSL 11:cee25a834751 1421 ctx->x509_store.cm = ctx->cm;
wolfSSL 11:cee25a834751 1422 #endif
wolfSSL 11:cee25a834751 1423 #endif
wolfSSL 11:cee25a834751 1424
wolfSSL 11:cee25a834751 1425 #if defined(HAVE_EXTENDED_MASTER) && !defined(NO_WOLFSSL_CLIENT)
wolfSSL 11:cee25a834751 1426 if (method->side == WOLFSSL_CLIENT_END) {
wolfSSL 11:cee25a834751 1427 if ((method->version.major == SSLv3_MAJOR) &&
wolfSSL 11:cee25a834751 1428 (method->version.minor >= TLSv1_MINOR)) {
wolfSSL 11:cee25a834751 1429
wolfSSL 11:cee25a834751 1430 ctx->haveEMS = 1;
wolfSSL 11:cee25a834751 1431 }
wolfSSL 11:cee25a834751 1432 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 1433 if (method->version.major == DTLS_MAJOR)
wolfSSL 11:cee25a834751 1434 ctx->haveEMS = 1;
wolfSSL 11:cee25a834751 1435 #endif /* WOLFSSL_DTLS */
wolfSSL 11:cee25a834751 1436 }
wolfSSL 11:cee25a834751 1437 #endif /* HAVE_EXTENDED_MASTER && !NO_WOLFSSL_CLIENT */
wolfSSL 11:cee25a834751 1438
wolfSSL 11:cee25a834751 1439 #if defined(HAVE_SESSION_TICKET) && !defined(NO_WOLFSSL_SERVER)
wolfSSL 11:cee25a834751 1440 ctx->ticketHint = SESSION_TICKET_HINT_DEFAULT;
wolfSSL 11:cee25a834751 1441 #endif
wolfSSL 11:cee25a834751 1442
wolfSSL 11:cee25a834751 1443 #ifdef HAVE_WOLF_EVENT
wolfSSL 11:cee25a834751 1444 ret = wolfEventQueue_Init(&ctx->event_queue);
wolfSSL 11:cee25a834751 1445 #endif /* HAVE_WOLF_EVENT */
wolfSSL 11:cee25a834751 1446
wolfSSL 11:cee25a834751 1447 ctx->heap = heap; /* wolfSSL_CTX_load_static_memory sets */
wolfSSL 11:cee25a834751 1448
wolfSSL 11:cee25a834751 1449 return ret;
wolfSSL 11:cee25a834751 1450 }
wolfSSL 11:cee25a834751 1451
wolfSSL 11:cee25a834751 1452
wolfSSL 11:cee25a834751 1453 /* In case contexts are held in array and don't want to free actual ctx */
wolfSSL 11:cee25a834751 1454 void SSL_CtxResourceFree(WOLFSSL_CTX* ctx)
wolfSSL 11:cee25a834751 1455 {
wolfSSL 11:cee25a834751 1456 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
wolfSSL 11:cee25a834751 1457 int i;
wolfSSL 11:cee25a834751 1458 #endif
wolfSSL 11:cee25a834751 1459
wolfSSL 11:cee25a834751 1460 #ifdef HAVE_WOLF_EVENT
wolfSSL 11:cee25a834751 1461 wolfEventQueue_Free(&ctx->event_queue);
wolfSSL 11:cee25a834751 1462 #endif /* HAVE_WOLF_EVENT */
wolfSSL 11:cee25a834751 1463
wolfSSL 11:cee25a834751 1464 XFREE(ctx->method, ctx->heap, DYNAMIC_TYPE_METHOD);
wolfSSL 11:cee25a834751 1465 if (ctx->suites)
wolfSSL 11:cee25a834751 1466 XFREE(ctx->suites, ctx->heap, DYNAMIC_TYPE_SUITES);
wolfSSL 11:cee25a834751 1467
wolfSSL 11:cee25a834751 1468 #ifndef NO_DH
wolfSSL 11:cee25a834751 1469 XFREE(ctx->serverDH_G.buffer, ctx->heap, DYNAMIC_TYPE_DH_BUFFER);
wolfSSL 11:cee25a834751 1470 XFREE(ctx->serverDH_P.buffer, ctx->heap, DYNAMIC_TYPE_DH_BUFFER);
wolfSSL 11:cee25a834751 1471 #endif /* !NO_DH */
wolfSSL 11:cee25a834751 1472
wolfSSL 11:cee25a834751 1473 #ifdef SINGLE_THREADED
wolfSSL 11:cee25a834751 1474 if (ctx->rng) {
wolfSSL 11:cee25a834751 1475 wc_FreeRng(ctx->rng);
wolfSSL 11:cee25a834751 1476 XFREE(ctx->rng, ctx->heap, DYNAMIC_TYPE_RNG);
wolfSSL 11:cee25a834751 1477 }
wolfSSL 11:cee25a834751 1478 #endif /* SINGLE_THREADED */
wolfSSL 11:cee25a834751 1479
wolfSSL 11:cee25a834751 1480 #ifndef NO_CERTS
wolfSSL 11:cee25a834751 1481 FreeDer(&ctx->privateKey);
wolfSSL 11:cee25a834751 1482 FreeDer(&ctx->certificate);
wolfSSL 11:cee25a834751 1483 #ifdef KEEP_OUR_CERT
wolfSSL 11:cee25a834751 1484 if (ctx->ourCert && ctx->ownOurCert) {
wolfSSL 11:cee25a834751 1485 FreeX509(ctx->ourCert);
wolfSSL 11:cee25a834751 1486 XFREE(ctx->ourCert, ctx->heap, DYNAMIC_TYPE_X509);
wolfSSL 11:cee25a834751 1487 }
wolfSSL 11:cee25a834751 1488 #endif /* KEEP_OUR_CERT */
wolfSSL 11:cee25a834751 1489 FreeDer(&ctx->certChain);
wolfSSL 11:cee25a834751 1490 wolfSSL_CertManagerFree(ctx->cm);
wolfSSL 11:cee25a834751 1491 #ifdef OPENSSL_EXTRA
wolfSSL 11:cee25a834751 1492 while (ctx->ca_names != NULL) {
wolfSSL 11:cee25a834751 1493 WOLFSSL_STACK *next = ctx->ca_names->next;
wolfSSL 11:cee25a834751 1494 wolfSSL_X509_NAME_free(ctx->ca_names->data.name);
wolfSSL 11:cee25a834751 1495 XFREE(ctx->ca_names->data.name, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL 11:cee25a834751 1496 XFREE(ctx->ca_names, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL 11:cee25a834751 1497 ctx->ca_names = next;
wolfSSL 11:cee25a834751 1498 }
wolfSSL 11:cee25a834751 1499 #endif
wolfSSL 11:cee25a834751 1500 #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
wolfSSL 11:cee25a834751 1501 while (ctx->x509Chain != NULL) {
wolfSSL 11:cee25a834751 1502 WOLFSSL_STACK *next = ctx->x509Chain->next;
wolfSSL 11:cee25a834751 1503 wolfSSL_X509_free(ctx->x509Chain->data.x509);
wolfSSL 11:cee25a834751 1504 XFREE(ctx->x509Chain, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL 11:cee25a834751 1505 ctx->x509Chain = next;
wolfSSL 11:cee25a834751 1506 }
wolfSSL 11:cee25a834751 1507 #endif
wolfSSL 11:cee25a834751 1508 #endif /* !NO_CERTS */
wolfSSL 11:cee25a834751 1509
wolfSSL 11:cee25a834751 1510 #ifdef HAVE_TLS_EXTENSIONS
wolfSSL 11:cee25a834751 1511 TLSX_FreeAll(ctx->extensions, ctx->heap);
wolfSSL 11:cee25a834751 1512
wolfSSL 11:cee25a834751 1513 #ifndef NO_WOLFSSL_SERVER
wolfSSL 11:cee25a834751 1514 #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
wolfSSL 11:cee25a834751 1515 || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
wolfSSL 11:cee25a834751 1516 if (ctx->certOcspRequest) {
wolfSSL 11:cee25a834751 1517 FreeOcspRequest(ctx->certOcspRequest);
wolfSSL 11:cee25a834751 1518 XFREE(ctx->certOcspRequest, ctx->heap, DYNAMIC_TYPE_OCSP_REQUEST);
wolfSSL 11:cee25a834751 1519 }
wolfSSL 11:cee25a834751 1520 #endif
wolfSSL 11:cee25a834751 1521
wolfSSL 11:cee25a834751 1522 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
wolfSSL 11:cee25a834751 1523 for (i = 0; i < MAX_CHAIN_DEPTH; i++) {
wolfSSL 11:cee25a834751 1524 if (ctx->chainOcspRequest[i]) {
wolfSSL 11:cee25a834751 1525 FreeOcspRequest(ctx->chainOcspRequest[i]);
wolfSSL 11:cee25a834751 1526 XFREE(ctx->chainOcspRequest[i], ctx->heap, DYNAMIC_TYPE_OCSP_REQUEST);
wolfSSL 11:cee25a834751 1527 }
wolfSSL 11:cee25a834751 1528 }
wolfSSL 11:cee25a834751 1529 #endif /* HAVE_CERTIFICATE_STATUS_REQUEST_V2 */
wolfSSL 11:cee25a834751 1530 #endif /* !NO_WOLFSSL_SERVER */
wolfSSL 11:cee25a834751 1531
wolfSSL 11:cee25a834751 1532 #endif /* HAVE_TLS_EXTENSIONS */
wolfSSL 11:cee25a834751 1533
wolfSSL 11:cee25a834751 1534 #ifdef WOLFSSL_STATIC_MEMORY
wolfSSL 11:cee25a834751 1535 if (ctx->heap != NULL) {
wolfSSL 11:cee25a834751 1536 #ifdef WOLFSSL_HEAP_TEST
wolfSSL 11:cee25a834751 1537 /* avoid derefrencing a test value */
wolfSSL 11:cee25a834751 1538 if (ctx->heap != (void*)WOLFSSL_HEAP_TEST)
wolfSSL 11:cee25a834751 1539 #endif
wolfSSL 11:cee25a834751 1540 {
wolfSSL 11:cee25a834751 1541 WOLFSSL_HEAP_HINT* hint = (WOLFSSL_HEAP_HINT*)(ctx->heap);
wolfSSL 11:cee25a834751 1542 wc_FreeMutex(&((WOLFSSL_HEAP*)(hint->memory))->memory_mutex);
wolfSSL 11:cee25a834751 1543 }
wolfSSL 11:cee25a834751 1544 }
wolfSSL 11:cee25a834751 1545 #endif /* WOLFSSL_STATIC_MEMORY */
wolfSSL 11:cee25a834751 1546 }
wolfSSL 11:cee25a834751 1547
wolfSSL 11:cee25a834751 1548
wolfSSL 11:cee25a834751 1549 void FreeSSL_Ctx(WOLFSSL_CTX* ctx)
wolfSSL 11:cee25a834751 1550 {
wolfSSL 11:cee25a834751 1551 int doFree = 0;
wolfSSL 11:cee25a834751 1552
wolfSSL 11:cee25a834751 1553 if (wc_LockMutex(&ctx->countMutex) != 0) {
wolfSSL 11:cee25a834751 1554 WOLFSSL_MSG("Couldn't lock count mutex");
wolfSSL 11:cee25a834751 1555
wolfSSL 11:cee25a834751 1556 /* check error state, if mutex error code then mutex init failed but
wolfSSL 11:cee25a834751 1557 * CTX was still malloc'd */
wolfSSL 11:cee25a834751 1558 if (ctx->err == CTX_INIT_MUTEX_E) {
wolfSSL 11:cee25a834751 1559 SSL_CtxResourceFree(ctx);
wolfSSL 11:cee25a834751 1560 XFREE(ctx, ctx->heap, DYNAMIC_TYPE_CTX);
wolfSSL 11:cee25a834751 1561 }
wolfSSL 11:cee25a834751 1562 return;
wolfSSL 11:cee25a834751 1563 }
wolfSSL 11:cee25a834751 1564 ctx->refCount--;
wolfSSL 11:cee25a834751 1565 if (ctx->refCount == 0)
wolfSSL 11:cee25a834751 1566 doFree = 1;
wolfSSL 11:cee25a834751 1567 wc_UnLockMutex(&ctx->countMutex);
wolfSSL 11:cee25a834751 1568
wolfSSL 11:cee25a834751 1569 if (doFree) {
wolfSSL 11:cee25a834751 1570 WOLFSSL_MSG("CTX ref count down to 0, doing full free");
wolfSSL 11:cee25a834751 1571 SSL_CtxResourceFree(ctx);
wolfSSL 11:cee25a834751 1572 wc_FreeMutex(&ctx->countMutex);
wolfSSL 11:cee25a834751 1573 XFREE(ctx, ctx->heap, DYNAMIC_TYPE_CTX);
wolfSSL 11:cee25a834751 1574 }
wolfSSL 11:cee25a834751 1575 else {
wolfSSL 11:cee25a834751 1576 (void)ctx;
wolfSSL 11:cee25a834751 1577 WOLFSSL_MSG("CTX ref count not 0 yet, no free");
wolfSSL 11:cee25a834751 1578 }
wolfSSL 11:cee25a834751 1579 }
wolfSSL 11:cee25a834751 1580
wolfSSL 11:cee25a834751 1581
wolfSSL 11:cee25a834751 1582 /* Set cipher pointers to null */
wolfSSL 11:cee25a834751 1583 void InitCiphers(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 1584 {
wolfSSL 11:cee25a834751 1585 #ifdef BUILD_ARC4
wolfSSL 11:cee25a834751 1586 ssl->encrypt.arc4 = NULL;
wolfSSL 11:cee25a834751 1587 ssl->decrypt.arc4 = NULL;
wolfSSL 11:cee25a834751 1588 #endif
wolfSSL 11:cee25a834751 1589 #ifdef BUILD_DES3
wolfSSL 11:cee25a834751 1590 ssl->encrypt.des3 = NULL;
wolfSSL 11:cee25a834751 1591 ssl->decrypt.des3 = NULL;
wolfSSL 11:cee25a834751 1592 #endif
wolfSSL 11:cee25a834751 1593 #ifdef BUILD_AES
wolfSSL 11:cee25a834751 1594 ssl->encrypt.aes = NULL;
wolfSSL 11:cee25a834751 1595 ssl->decrypt.aes = NULL;
wolfSSL 11:cee25a834751 1596 #endif
wolfSSL 11:cee25a834751 1597 #ifdef HAVE_CAMELLIA
wolfSSL 11:cee25a834751 1598 ssl->encrypt.cam = NULL;
wolfSSL 11:cee25a834751 1599 ssl->decrypt.cam = NULL;
wolfSSL 11:cee25a834751 1600 #endif
wolfSSL 11:cee25a834751 1601 #ifdef HAVE_HC128
wolfSSL 11:cee25a834751 1602 ssl->encrypt.hc128 = NULL;
wolfSSL 11:cee25a834751 1603 ssl->decrypt.hc128 = NULL;
wolfSSL 11:cee25a834751 1604 #endif
wolfSSL 11:cee25a834751 1605 #ifdef BUILD_RABBIT
wolfSSL 11:cee25a834751 1606 ssl->encrypt.rabbit = NULL;
wolfSSL 11:cee25a834751 1607 ssl->decrypt.rabbit = NULL;
wolfSSL 11:cee25a834751 1608 #endif
wolfSSL 11:cee25a834751 1609 #ifdef HAVE_CHACHA
wolfSSL 11:cee25a834751 1610 ssl->encrypt.chacha = NULL;
wolfSSL 11:cee25a834751 1611 ssl->decrypt.chacha = NULL;
wolfSSL 11:cee25a834751 1612 #endif
wolfSSL 11:cee25a834751 1613 #ifdef HAVE_POLY1305
wolfSSL 11:cee25a834751 1614 ssl->auth.poly1305 = NULL;
wolfSSL 11:cee25a834751 1615 #endif
wolfSSL 11:cee25a834751 1616 ssl->encrypt.setup = 0;
wolfSSL 11:cee25a834751 1617 ssl->decrypt.setup = 0;
wolfSSL 11:cee25a834751 1618 #ifdef HAVE_ONE_TIME_AUTH
wolfSSL 11:cee25a834751 1619 ssl->auth.setup = 0;
wolfSSL 11:cee25a834751 1620 #endif
wolfSSL 11:cee25a834751 1621 #ifdef HAVE_IDEA
wolfSSL 11:cee25a834751 1622 ssl->encrypt.idea = NULL;
wolfSSL 11:cee25a834751 1623 ssl->decrypt.idea = NULL;
wolfSSL 11:cee25a834751 1624 #endif
wolfSSL 11:cee25a834751 1625 }
wolfSSL 11:cee25a834751 1626
wolfSSL 11:cee25a834751 1627
wolfSSL 11:cee25a834751 1628 /* Free ciphers */
wolfSSL 11:cee25a834751 1629 void FreeCiphers(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 1630 {
wolfSSL 11:cee25a834751 1631 (void)ssl;
wolfSSL 11:cee25a834751 1632 #ifdef BUILD_ARC4
wolfSSL 11:cee25a834751 1633 wc_Arc4Free(ssl->encrypt.arc4);
wolfSSL 11:cee25a834751 1634 wc_Arc4Free(ssl->decrypt.arc4);
wolfSSL 11:cee25a834751 1635 XFREE(ssl->encrypt.arc4, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL 11:cee25a834751 1636 XFREE(ssl->decrypt.arc4, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL 11:cee25a834751 1637 #endif
wolfSSL 11:cee25a834751 1638 #ifdef BUILD_DES3
wolfSSL 11:cee25a834751 1639 wc_Des3Free(ssl->encrypt.des3);
wolfSSL 11:cee25a834751 1640 wc_Des3Free(ssl->decrypt.des3);
wolfSSL 11:cee25a834751 1641 XFREE(ssl->encrypt.des3, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL 11:cee25a834751 1642 XFREE(ssl->decrypt.des3, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL 11:cee25a834751 1643 #endif
wolfSSL 11:cee25a834751 1644 #ifdef BUILD_AES
wolfSSL 11:cee25a834751 1645 wc_AesFree(ssl->encrypt.aes);
wolfSSL 11:cee25a834751 1646 wc_AesFree(ssl->decrypt.aes);
wolfSSL 11:cee25a834751 1647 #if defined(BUILD_AESGCM) || defined(HAVE_AESCCM)
wolfSSL 11:cee25a834751 1648 XFREE(ssl->decrypt.additional, ssl->heap, DYNAMIC_TYPE_AES);
wolfSSL 11:cee25a834751 1649 XFREE(ssl->decrypt.nonce, ssl->heap, DYNAMIC_TYPE_AES);
wolfSSL 11:cee25a834751 1650 XFREE(ssl->encrypt.additional, ssl->heap, DYNAMIC_TYPE_AES);
wolfSSL 11:cee25a834751 1651 XFREE(ssl->encrypt.nonce, ssl->heap, DYNAMIC_TYPE_AES);
wolfSSL 11:cee25a834751 1652 #endif
wolfSSL 11:cee25a834751 1653 XFREE(ssl->encrypt.aes, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL 11:cee25a834751 1654 XFREE(ssl->decrypt.aes, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL 11:cee25a834751 1655 #endif
wolfSSL 11:cee25a834751 1656 #ifdef HAVE_CAMELLIA
wolfSSL 11:cee25a834751 1657 XFREE(ssl->encrypt.cam, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL 11:cee25a834751 1658 XFREE(ssl->decrypt.cam, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL 11:cee25a834751 1659 #endif
wolfSSL 11:cee25a834751 1660 #ifdef HAVE_HC128
wolfSSL 11:cee25a834751 1661 XFREE(ssl->encrypt.hc128, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL 11:cee25a834751 1662 XFREE(ssl->decrypt.hc128, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL 11:cee25a834751 1663 #endif
wolfSSL 11:cee25a834751 1664 #ifdef BUILD_RABBIT
wolfSSL 11:cee25a834751 1665 XFREE(ssl->encrypt.rabbit, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL 11:cee25a834751 1666 XFREE(ssl->decrypt.rabbit, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL 11:cee25a834751 1667 #endif
wolfSSL 11:cee25a834751 1668 #ifdef HAVE_CHACHA
wolfSSL 11:cee25a834751 1669 XFREE(ssl->encrypt.chacha, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL 11:cee25a834751 1670 XFREE(ssl->decrypt.chacha, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL 11:cee25a834751 1671 #endif
wolfSSL 11:cee25a834751 1672 #ifdef HAVE_POLY1305
wolfSSL 11:cee25a834751 1673 XFREE(ssl->auth.poly1305, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL 11:cee25a834751 1674 #endif
wolfSSL 11:cee25a834751 1675 #ifdef HAVE_IDEA
wolfSSL 11:cee25a834751 1676 XFREE(ssl->encrypt.idea, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL 11:cee25a834751 1677 XFREE(ssl->decrypt.idea, ssl->heap, DYNAMIC_TYPE_CIPHER);
wolfSSL 11:cee25a834751 1678 #endif
wolfSSL 11:cee25a834751 1679 }
wolfSSL 11:cee25a834751 1680
wolfSSL 11:cee25a834751 1681
wolfSSL 11:cee25a834751 1682 void InitCipherSpecs(CipherSpecs* cs)
wolfSSL 11:cee25a834751 1683 {
wolfSSL 11:cee25a834751 1684 cs->bulk_cipher_algorithm = INVALID_BYTE;
wolfSSL 11:cee25a834751 1685 cs->cipher_type = INVALID_BYTE;
wolfSSL 11:cee25a834751 1686 cs->mac_algorithm = INVALID_BYTE;
wolfSSL 11:cee25a834751 1687 cs->kea = INVALID_BYTE;
wolfSSL 11:cee25a834751 1688 cs->sig_algo = INVALID_BYTE;
wolfSSL 11:cee25a834751 1689
wolfSSL 11:cee25a834751 1690 cs->hash_size = 0;
wolfSSL 11:cee25a834751 1691 cs->static_ecdh = 0;
wolfSSL 11:cee25a834751 1692 cs->key_size = 0;
wolfSSL 11:cee25a834751 1693 cs->iv_size = 0;
wolfSSL 11:cee25a834751 1694 cs->block_size = 0;
wolfSSL 11:cee25a834751 1695 }
wolfSSL 11:cee25a834751 1696
wolfSSL 11:cee25a834751 1697 static void InitSuitesHashSigAlgo(Suites* suites, int haveECDSAsig,
wolfSSL 11:cee25a834751 1698 int haveRSAsig, int haveAnon)
wolfSSL 11:cee25a834751 1699 {
wolfSSL 11:cee25a834751 1700 int idx = 0;
wolfSSL 11:cee25a834751 1701
wolfSSL 11:cee25a834751 1702 if (haveECDSAsig) {
wolfSSL 11:cee25a834751 1703 #ifdef WOLFSSL_SHA512
wolfSSL 11:cee25a834751 1704 suites->hashSigAlgo[idx++] = sha512_mac;
wolfSSL 11:cee25a834751 1705 suites->hashSigAlgo[idx++] = ecc_dsa_sa_algo;
wolfSSL 11:cee25a834751 1706 #endif
wolfSSL 11:cee25a834751 1707 #ifdef WOLFSSL_SHA384
wolfSSL 11:cee25a834751 1708 suites->hashSigAlgo[idx++] = sha384_mac;
wolfSSL 11:cee25a834751 1709 suites->hashSigAlgo[idx++] = ecc_dsa_sa_algo;
wolfSSL 11:cee25a834751 1710 #endif
wolfSSL 11:cee25a834751 1711 #ifndef NO_SHA256
wolfSSL 11:cee25a834751 1712 suites->hashSigAlgo[idx++] = sha256_mac;
wolfSSL 11:cee25a834751 1713 suites->hashSigAlgo[idx++] = ecc_dsa_sa_algo;
wolfSSL 11:cee25a834751 1714 #endif
wolfSSL 11:cee25a834751 1715 #if !defined(NO_SHA) && (!defined(NO_OLD_TLS) || \
wolfSSL 11:cee25a834751 1716 defined(WOLFSSL_ALLOW_TLS_SHA1))
wolfSSL 11:cee25a834751 1717 suites->hashSigAlgo[idx++] = sha_mac;
wolfSSL 11:cee25a834751 1718 suites->hashSigAlgo[idx++] = ecc_dsa_sa_algo;
wolfSSL 11:cee25a834751 1719 #endif
wolfSSL 11:cee25a834751 1720 }
wolfSSL 11:cee25a834751 1721
wolfSSL 11:cee25a834751 1722 if (haveRSAsig) {
wolfSSL 11:cee25a834751 1723 #ifdef WOLFSSL_SHA512
wolfSSL 11:cee25a834751 1724 suites->hashSigAlgo[idx++] = sha512_mac;
wolfSSL 11:cee25a834751 1725 suites->hashSigAlgo[idx++] = rsa_sa_algo;
wolfSSL 11:cee25a834751 1726 #endif
wolfSSL 11:cee25a834751 1727 #ifdef WOLFSSL_SHA384
wolfSSL 11:cee25a834751 1728 suites->hashSigAlgo[idx++] = sha384_mac;
wolfSSL 11:cee25a834751 1729 suites->hashSigAlgo[idx++] = rsa_sa_algo;
wolfSSL 11:cee25a834751 1730 #endif
wolfSSL 11:cee25a834751 1731 #ifndef NO_SHA256
wolfSSL 11:cee25a834751 1732 suites->hashSigAlgo[idx++] = sha256_mac;
wolfSSL 11:cee25a834751 1733 suites->hashSigAlgo[idx++] = rsa_sa_algo;
wolfSSL 11:cee25a834751 1734 #endif
wolfSSL 11:cee25a834751 1735 #if !defined(NO_SHA) && (!defined(NO_OLD_TLS) || \
wolfSSL 11:cee25a834751 1736 defined(WOLFSSL_ALLOW_TLS_SHA1))
wolfSSL 11:cee25a834751 1737 suites->hashSigAlgo[idx++] = sha_mac;
wolfSSL 11:cee25a834751 1738 suites->hashSigAlgo[idx++] = rsa_sa_algo;
wolfSSL 11:cee25a834751 1739 #endif
wolfSSL 11:cee25a834751 1740 }
wolfSSL 11:cee25a834751 1741
wolfSSL 11:cee25a834751 1742 if (haveAnon) {
wolfSSL 11:cee25a834751 1743 #ifdef HAVE_ANON
wolfSSL 11:cee25a834751 1744 suites->hashSigAlgo[idx++] = sha_mac;
wolfSSL 11:cee25a834751 1745 suites->hashSigAlgo[idx++] = anonymous_sa_algo;
wolfSSL 11:cee25a834751 1746 #endif
wolfSSL 11:cee25a834751 1747 }
wolfSSL 11:cee25a834751 1748
wolfSSL 11:cee25a834751 1749 suites->hashSigAlgoSz = (word16)idx;
wolfSSL 11:cee25a834751 1750 }
wolfSSL 11:cee25a834751 1751
wolfSSL 11:cee25a834751 1752 void InitSuites(Suites* suites, ProtocolVersion pv, word16 haveRSA,
wolfSSL 11:cee25a834751 1753 word16 havePSK, word16 haveDH, word16 haveNTRU,
wolfSSL 11:cee25a834751 1754 word16 haveECDSAsig, word16 haveECC,
wolfSSL 11:cee25a834751 1755 word16 haveStaticECC, int side)
wolfSSL 11:cee25a834751 1756 {
wolfSSL 11:cee25a834751 1757 word16 idx = 0;
wolfSSL 11:cee25a834751 1758 int tls = pv.major == SSLv3_MAJOR && pv.minor >= TLSv1_MINOR;
wolfSSL 11:cee25a834751 1759 int tls1_2 = pv.major == SSLv3_MAJOR && pv.minor >= TLSv1_2_MINOR;
wolfSSL 11:cee25a834751 1760 int dtls = 0;
wolfSSL 11:cee25a834751 1761 int haveRSAsig = 1;
wolfSSL 11:cee25a834751 1762
wolfSSL 11:cee25a834751 1763 (void)tls; /* shut up compiler */
wolfSSL 11:cee25a834751 1764 (void)tls1_2;
wolfSSL 11:cee25a834751 1765 (void)dtls;
wolfSSL 11:cee25a834751 1766 (void)haveDH;
wolfSSL 11:cee25a834751 1767 (void)havePSK;
wolfSSL 11:cee25a834751 1768 (void)haveNTRU;
wolfSSL 11:cee25a834751 1769 (void)haveStaticECC;
wolfSSL 11:cee25a834751 1770 (void)haveECC;
wolfSSL 11:cee25a834751 1771
wolfSSL 11:cee25a834751 1772 if (suites == NULL) {
wolfSSL 11:cee25a834751 1773 WOLFSSL_MSG("InitSuites pointer error");
wolfSSL 11:cee25a834751 1774 return;
wolfSSL 11:cee25a834751 1775 }
wolfSSL 11:cee25a834751 1776
wolfSSL 11:cee25a834751 1777 if (suites->setSuites)
wolfSSL 11:cee25a834751 1778 return; /* trust user settings, don't override */
wolfSSL 11:cee25a834751 1779
wolfSSL 11:cee25a834751 1780 if (side == WOLFSSL_SERVER_END && haveStaticECC) {
wolfSSL 11:cee25a834751 1781 haveRSA = 0; /* can't do RSA with ECDSA key */
wolfSSL 11:cee25a834751 1782 (void)haveRSA; /* some builds won't read */
wolfSSL 11:cee25a834751 1783 }
wolfSSL 11:cee25a834751 1784
wolfSSL 11:cee25a834751 1785 if (side == WOLFSSL_SERVER_END && haveECDSAsig) {
wolfSSL 11:cee25a834751 1786 haveRSAsig = 0; /* can't have RSA sig if signed by ECDSA */
wolfSSL 11:cee25a834751 1787 (void)haveRSAsig; /* non ecc builds won't read */
wolfSSL 11:cee25a834751 1788 }
wolfSSL 11:cee25a834751 1789
wolfSSL 11:cee25a834751 1790 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 1791 if (pv.major == DTLS_MAJOR) {
wolfSSL 11:cee25a834751 1792 dtls = 1;
wolfSSL 11:cee25a834751 1793 tls = 1;
wolfSSL 11:cee25a834751 1794 /* May be dead assignments dependant upon configuration */
wolfSSL 11:cee25a834751 1795 (void) dtls;
wolfSSL 11:cee25a834751 1796 (void) tls;
wolfSSL 11:cee25a834751 1797 tls1_2 = pv.minor <= DTLSv1_2_MINOR;
wolfSSL 11:cee25a834751 1798 }
wolfSSL 11:cee25a834751 1799 #endif
wolfSSL 11:cee25a834751 1800
wolfSSL 11:cee25a834751 1801 #ifdef HAVE_RENEGOTIATION_INDICATION
wolfSSL 11:cee25a834751 1802 if (side == WOLFSSL_CLIENT_END) {
wolfSSL 11:cee25a834751 1803 suites->suites[idx++] = 0;
wolfSSL 11:cee25a834751 1804 suites->suites[idx++] = TLS_EMPTY_RENEGOTIATION_INFO_SCSV;
wolfSSL 11:cee25a834751 1805 }
wolfSSL 11:cee25a834751 1806 #endif
wolfSSL 11:cee25a834751 1807
wolfSSL 11:cee25a834751 1808 #ifdef BUILD_TLS_QSH
wolfSSL 11:cee25a834751 1809 if (tls) {
wolfSSL 11:cee25a834751 1810 suites->suites[idx++] = QSH_BYTE;
wolfSSL 11:cee25a834751 1811 suites->suites[idx++] = TLS_QSH;
wolfSSL 11:cee25a834751 1812 }
wolfSSL 11:cee25a834751 1813 #endif
wolfSSL 11:cee25a834751 1814
wolfSSL 11:cee25a834751 1815 #ifdef BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA
wolfSSL 11:cee25a834751 1816 if (tls && haveNTRU && haveRSA) {
wolfSSL 11:cee25a834751 1817 suites->suites[idx++] = 0;
wolfSSL 11:cee25a834751 1818 suites->suites[idx++] = TLS_NTRU_RSA_WITH_AES_256_CBC_SHA;
wolfSSL 11:cee25a834751 1819 }
wolfSSL 11:cee25a834751 1820 #endif
wolfSSL 11:cee25a834751 1821
wolfSSL 11:cee25a834751 1822 #ifdef BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA
wolfSSL 11:cee25a834751 1823 if (tls && haveNTRU && haveRSA) {
wolfSSL 11:cee25a834751 1824 suites->suites[idx++] = 0;
wolfSSL 11:cee25a834751 1825 suites->suites[idx++] = TLS_NTRU_RSA_WITH_AES_128_CBC_SHA;
wolfSSL 11:cee25a834751 1826 }
wolfSSL 11:cee25a834751 1827 #endif
wolfSSL 11:cee25a834751 1828
wolfSSL 11:cee25a834751 1829 #ifdef BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA
wolfSSL 11:cee25a834751 1830 if (!dtls && tls && haveNTRU && haveRSA) {
wolfSSL 11:cee25a834751 1831 suites->suites[idx++] = 0;
wolfSSL 11:cee25a834751 1832 suites->suites[idx++] = TLS_NTRU_RSA_WITH_RC4_128_SHA;
wolfSSL 11:cee25a834751 1833 }
wolfSSL 11:cee25a834751 1834 #endif
wolfSSL 11:cee25a834751 1835
wolfSSL 11:cee25a834751 1836 #ifdef BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL 11:cee25a834751 1837 if (tls && haveNTRU && haveRSA) {
wolfSSL 11:cee25a834751 1838 suites->suites[idx++] = 0;
wolfSSL 11:cee25a834751 1839 suites->suites[idx++] = TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA;
wolfSSL 11:cee25a834751 1840 }
wolfSSL 11:cee25a834751 1841 #endif
wolfSSL 11:cee25a834751 1842
wolfSSL 11:cee25a834751 1843 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
wolfSSL 11:cee25a834751 1844 if (tls1_2 && haveECC) {
wolfSSL 11:cee25a834751 1845 suites->suites[idx++] = ECC_BYTE;
wolfSSL 11:cee25a834751 1846 suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384;
wolfSSL 11:cee25a834751 1847 }
wolfSSL 11:cee25a834751 1848 #endif
wolfSSL 11:cee25a834751 1849
wolfSSL 11:cee25a834751 1850 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
wolfSSL 11:cee25a834751 1851 if (tls1_2 && haveECC) {
wolfSSL 11:cee25a834751 1852 suites->suites[idx++] = ECC_BYTE;
wolfSSL 11:cee25a834751 1853 suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256;
wolfSSL 11:cee25a834751 1854 }
wolfSSL 11:cee25a834751 1855 #endif
wolfSSL 11:cee25a834751 1856
wolfSSL 11:cee25a834751 1857 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
wolfSSL 11:cee25a834751 1858 if (tls1_2 && haveRSA) {
wolfSSL 11:cee25a834751 1859 suites->suites[idx++] = ECC_BYTE;
wolfSSL 11:cee25a834751 1860 suites->suites[idx++] = TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384;
wolfSSL 11:cee25a834751 1861 }
wolfSSL 11:cee25a834751 1862 #endif
wolfSSL 11:cee25a834751 1863
wolfSSL 11:cee25a834751 1864 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
wolfSSL 11:cee25a834751 1865 if (tls1_2 && haveRSA) {
wolfSSL 11:cee25a834751 1866 suites->suites[idx++] = ECC_BYTE;
wolfSSL 11:cee25a834751 1867 suites->suites[idx++] = TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256;
wolfSSL 11:cee25a834751 1868 }
wolfSSL 11:cee25a834751 1869 #endif
wolfSSL 11:cee25a834751 1870
wolfSSL 11:cee25a834751 1871 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
wolfSSL 11:cee25a834751 1872 if (tls1_2 && haveDH && haveRSA) {
wolfSSL 11:cee25a834751 1873 suites->suites[idx++] = 0;
wolfSSL 11:cee25a834751 1874 suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_256_GCM_SHA384;
wolfSSL 11:cee25a834751 1875 }
wolfSSL 11:cee25a834751 1876 #endif
wolfSSL 11:cee25a834751 1877
wolfSSL 11:cee25a834751 1878 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
wolfSSL 11:cee25a834751 1879 if (tls1_2 && haveDH && haveRSA) {
wolfSSL 11:cee25a834751 1880 suites->suites[idx++] = 0;
wolfSSL 11:cee25a834751 1881 suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_128_GCM_SHA256;
wolfSSL 11:cee25a834751 1882 }
wolfSSL 11:cee25a834751 1883 #endif
wolfSSL 11:cee25a834751 1884
wolfSSL 11:cee25a834751 1885 #ifdef BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384
wolfSSL 11:cee25a834751 1886 if (tls1_2 && haveRSA) {
wolfSSL 11:cee25a834751 1887 suites->suites[idx++] = 0;
wolfSSL 11:cee25a834751 1888 suites->suites[idx++] = TLS_RSA_WITH_AES_256_GCM_SHA384;
wolfSSL 11:cee25a834751 1889 }
wolfSSL 11:cee25a834751 1890 #endif
wolfSSL 11:cee25a834751 1891
wolfSSL 11:cee25a834751 1892 #ifdef BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256
wolfSSL 11:cee25a834751 1893 if (tls1_2 && haveRSA) {
wolfSSL 11:cee25a834751 1894 suites->suites[idx++] = 0;
wolfSSL 11:cee25a834751 1895 suites->suites[idx++] = TLS_RSA_WITH_AES_128_GCM_SHA256;
wolfSSL 11:cee25a834751 1896 }
wolfSSL 11:cee25a834751 1897 #endif
wolfSSL 11:cee25a834751 1898
wolfSSL 11:cee25a834751 1899 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
wolfSSL 11:cee25a834751 1900 if (tls1_2 && haveECC && haveStaticECC) {
wolfSSL 11:cee25a834751 1901 suites->suites[idx++] = ECC_BYTE;
wolfSSL 11:cee25a834751 1902 suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384;
wolfSSL 11:cee25a834751 1903 }
wolfSSL 11:cee25a834751 1904 #endif
wolfSSL 11:cee25a834751 1905
wolfSSL 11:cee25a834751 1906 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
wolfSSL 11:cee25a834751 1907 if (tls1_2 && haveECC && haveStaticECC) {
wolfSSL 11:cee25a834751 1908 suites->suites[idx++] = ECC_BYTE;
wolfSSL 11:cee25a834751 1909 suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256;
wolfSSL 11:cee25a834751 1910 }
wolfSSL 11:cee25a834751 1911 #endif
wolfSSL 11:cee25a834751 1912
wolfSSL 11:cee25a834751 1913 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
wolfSSL 11:cee25a834751 1914 if (tls1_2 && haveRSAsig && haveStaticECC) {
wolfSSL 11:cee25a834751 1915 suites->suites[idx++] = ECC_BYTE;
wolfSSL 11:cee25a834751 1916 suites->suites[idx++] = TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384;
wolfSSL 11:cee25a834751 1917 }
wolfSSL 11:cee25a834751 1918 #endif
wolfSSL 11:cee25a834751 1919
wolfSSL 11:cee25a834751 1920 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
wolfSSL 11:cee25a834751 1921 if (tls1_2 && haveRSAsig && haveStaticECC) {
wolfSSL 11:cee25a834751 1922 suites->suites[idx++] = ECC_BYTE;
wolfSSL 11:cee25a834751 1923 suites->suites[idx++] = TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256;
wolfSSL 11:cee25a834751 1924 }
wolfSSL 11:cee25a834751 1925 #endif
wolfSSL 11:cee25a834751 1926
wolfSSL 11:cee25a834751 1927 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
wolfSSL 11:cee25a834751 1928 if (tls1_2 && haveDH && havePSK) {
wolfSSL 11:cee25a834751 1929 suites->suites[idx++] = 0;
wolfSSL 11:cee25a834751 1930 suites->suites[idx++] = TLS_DHE_PSK_WITH_AES_256_GCM_SHA384;
wolfSSL 11:cee25a834751 1931 }
wolfSSL 11:cee25a834751 1932 #endif
wolfSSL 11:cee25a834751 1933
wolfSSL 11:cee25a834751 1934 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
wolfSSL 11:cee25a834751 1935 if (tls1_2 && haveDH && havePSK) {
wolfSSL 11:cee25a834751 1936 suites->suites[idx++] = 0;
wolfSSL 11:cee25a834751 1937 suites->suites[idx++] = TLS_DHE_PSK_WITH_AES_128_GCM_SHA256;
wolfSSL 11:cee25a834751 1938 }
wolfSSL 11:cee25a834751 1939 #endif
wolfSSL 11:cee25a834751 1940
wolfSSL 11:cee25a834751 1941 #ifdef BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384
wolfSSL 11:cee25a834751 1942 if (tls1_2 && havePSK) {
wolfSSL 11:cee25a834751 1943 suites->suites[idx++] = 0;
wolfSSL 11:cee25a834751 1944 suites->suites[idx++] = TLS_PSK_WITH_AES_256_GCM_SHA384;
wolfSSL 11:cee25a834751 1945 }
wolfSSL 11:cee25a834751 1946 #endif
wolfSSL 11:cee25a834751 1947
wolfSSL 11:cee25a834751 1948 #ifdef BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256
wolfSSL 11:cee25a834751 1949 if (tls1_2 && havePSK) {
wolfSSL 11:cee25a834751 1950 suites->suites[idx++] = 0;
wolfSSL 11:cee25a834751 1951 suites->suites[idx++] = TLS_PSK_WITH_AES_128_GCM_SHA256;
wolfSSL 11:cee25a834751 1952 }
wolfSSL 11:cee25a834751 1953 #endif
wolfSSL 11:cee25a834751 1954
wolfSSL 11:cee25a834751 1955 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
wolfSSL 11:cee25a834751 1956 if (tls1_2 && haveECC) {
wolfSSL 11:cee25a834751 1957 suites->suites[idx++] = CHACHA_BYTE;
wolfSSL 11:cee25a834751 1958 suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256;
wolfSSL 11:cee25a834751 1959 }
wolfSSL 11:cee25a834751 1960 #endif
wolfSSL 11:cee25a834751 1961
wolfSSL 11:cee25a834751 1962 #ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
wolfSSL 11:cee25a834751 1963 if (tls1_2 && haveRSA) {
wolfSSL 11:cee25a834751 1964 suites->suites[idx++] = CHACHA_BYTE;
wolfSSL 11:cee25a834751 1965 suites->suites[idx++] = TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256;
wolfSSL 11:cee25a834751 1966 }
wolfSSL 11:cee25a834751 1967 #endif
wolfSSL 11:cee25a834751 1968
wolfSSL 11:cee25a834751 1969 #ifdef BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
wolfSSL 11:cee25a834751 1970 if (tls1_2 && haveRSA) {
wolfSSL 11:cee25a834751 1971 suites->suites[idx++] = CHACHA_BYTE;
wolfSSL 11:cee25a834751 1972 suites->suites[idx++] = TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256;
wolfSSL 11:cee25a834751 1973 }
wolfSSL 11:cee25a834751 1974 #endif
wolfSSL 11:cee25a834751 1975
wolfSSL 11:cee25a834751 1976 /* Place as higher priority for MYSQL */
wolfSSL 11:cee25a834751 1977 #if defined(WOLFSSL_MYSQL_COMPATIBLE)
wolfSSL 11:cee25a834751 1978 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
wolfSSL 11:cee25a834751 1979 if (tls && haveDH && haveRSA) {
wolfSSL 11:cee25a834751 1980 suites->suites[idx++] = 0;
wolfSSL 11:cee25a834751 1981 suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_256_CBC_SHA;
wolfSSL 11:cee25a834751 1982 }
wolfSSL 11:cee25a834751 1983 #endif
wolfSSL 11:cee25a834751 1984 #endif
wolfSSL 11:cee25a834751 1985
wolfSSL 11:cee25a834751 1986 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
wolfSSL 11:cee25a834751 1987 if (tls1_2 && haveRSA) {
wolfSSL 11:cee25a834751 1988 suites->suites[idx++] = ECC_BYTE;
wolfSSL 11:cee25a834751 1989 suites->suites[idx++] = TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256;
wolfSSL 11:cee25a834751 1990 }
wolfSSL 11:cee25a834751 1991 #endif
wolfSSL 11:cee25a834751 1992
wolfSSL 11:cee25a834751 1993 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
wolfSSL 11:cee25a834751 1994 if (tls1_2 && haveECC) {
wolfSSL 11:cee25a834751 1995 suites->suites[idx++] = ECC_BYTE;
wolfSSL 11:cee25a834751 1996 suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256;
wolfSSL 11:cee25a834751 1997 }
wolfSSL 11:cee25a834751 1998 #endif
wolfSSL 11:cee25a834751 1999
wolfSSL 11:cee25a834751 2000 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
wolfSSL 11:cee25a834751 2001 if (tls1_2 && haveRSAsig && haveStaticECC) {
wolfSSL 11:cee25a834751 2002 suites->suites[idx++] = ECC_BYTE;
wolfSSL 11:cee25a834751 2003 suites->suites[idx++] = TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256;
wolfSSL 11:cee25a834751 2004 }
wolfSSL 11:cee25a834751 2005 #endif
wolfSSL 11:cee25a834751 2006
wolfSSL 11:cee25a834751 2007 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
wolfSSL 11:cee25a834751 2008 if (tls1_2 && haveECC && haveStaticECC) {
wolfSSL 11:cee25a834751 2009 suites->suites[idx++] = ECC_BYTE;
wolfSSL 11:cee25a834751 2010 suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256;
wolfSSL 11:cee25a834751 2011 }
wolfSSL 11:cee25a834751 2012 #endif
wolfSSL 11:cee25a834751 2013
wolfSSL 11:cee25a834751 2014 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
wolfSSL 11:cee25a834751 2015 if (tls1_2 && haveRSA) {
wolfSSL 11:cee25a834751 2016 suites->suites[idx++] = ECC_BYTE;
wolfSSL 11:cee25a834751 2017 suites->suites[idx++] = TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384;
wolfSSL 11:cee25a834751 2018 }
wolfSSL 11:cee25a834751 2019 #endif
wolfSSL 11:cee25a834751 2020
wolfSSL 11:cee25a834751 2021 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
wolfSSL 11:cee25a834751 2022 if (tls1_2 && haveECC) {
wolfSSL 11:cee25a834751 2023 suites->suites[idx++] = ECC_BYTE;
wolfSSL 11:cee25a834751 2024 suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384;
wolfSSL 11:cee25a834751 2025 }
wolfSSL 11:cee25a834751 2026 #endif
wolfSSL 11:cee25a834751 2027
wolfSSL 11:cee25a834751 2028 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
wolfSSL 11:cee25a834751 2029 if (tls1_2 && haveRSAsig && haveStaticECC) {
wolfSSL 11:cee25a834751 2030 suites->suites[idx++] = ECC_BYTE;
wolfSSL 11:cee25a834751 2031 suites->suites[idx++] = TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384;
wolfSSL 11:cee25a834751 2032 }
wolfSSL 11:cee25a834751 2033 #endif
wolfSSL 11:cee25a834751 2034
wolfSSL 11:cee25a834751 2035 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
wolfSSL 11:cee25a834751 2036 if (tls1_2 && haveECC && haveStaticECC) {
wolfSSL 11:cee25a834751 2037 suites->suites[idx++] = ECC_BYTE;
wolfSSL 11:cee25a834751 2038 suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384;
wolfSSL 11:cee25a834751 2039 }
wolfSSL 11:cee25a834751 2040 #endif
wolfSSL 11:cee25a834751 2041
wolfSSL 11:cee25a834751 2042 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
wolfSSL 11:cee25a834751 2043 if (tls && haveECC) {
wolfSSL 11:cee25a834751 2044 suites->suites[idx++] = ECC_BYTE;
wolfSSL 11:cee25a834751 2045 suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA;
wolfSSL 11:cee25a834751 2046 }
wolfSSL 11:cee25a834751 2047 #endif
wolfSSL 11:cee25a834751 2048
wolfSSL 11:cee25a834751 2049 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
wolfSSL 11:cee25a834751 2050 if (tls && haveECC && haveStaticECC) {
wolfSSL 11:cee25a834751 2051 suites->suites[idx++] = ECC_BYTE;
wolfSSL 11:cee25a834751 2052 suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA;
wolfSSL 11:cee25a834751 2053 }
wolfSSL 11:cee25a834751 2054 #endif
wolfSSL 11:cee25a834751 2055
wolfSSL 11:cee25a834751 2056 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
wolfSSL 11:cee25a834751 2057 if (tls && haveECC) {
wolfSSL 11:cee25a834751 2058 suites->suites[idx++] = ECC_BYTE;
wolfSSL 11:cee25a834751 2059 suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA;
wolfSSL 11:cee25a834751 2060 }
wolfSSL 11:cee25a834751 2061 #endif
wolfSSL 11:cee25a834751 2062
wolfSSL 11:cee25a834751 2063 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
wolfSSL 11:cee25a834751 2064 if (tls && haveECC && haveStaticECC) {
wolfSSL 11:cee25a834751 2065 suites->suites[idx++] = ECC_BYTE;
wolfSSL 11:cee25a834751 2066 suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA;
wolfSSL 11:cee25a834751 2067 }
wolfSSL 11:cee25a834751 2068 #endif
wolfSSL 11:cee25a834751 2069
wolfSSL 11:cee25a834751 2070 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
wolfSSL 11:cee25a834751 2071 if (!dtls && tls && haveECC) {
wolfSSL 11:cee25a834751 2072 suites->suites[idx++] = ECC_BYTE;
wolfSSL 11:cee25a834751 2073 suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_RC4_128_SHA;
wolfSSL 11:cee25a834751 2074 }
wolfSSL 11:cee25a834751 2075 #endif
wolfSSL 11:cee25a834751 2076
wolfSSL 11:cee25a834751 2077 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
wolfSSL 11:cee25a834751 2078 if (!dtls && tls && haveECC && haveStaticECC) {
wolfSSL 11:cee25a834751 2079 suites->suites[idx++] = ECC_BYTE;
wolfSSL 11:cee25a834751 2080 suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_RC4_128_SHA;
wolfSSL 11:cee25a834751 2081 }
wolfSSL 11:cee25a834751 2082 #endif
wolfSSL 11:cee25a834751 2083
wolfSSL 11:cee25a834751 2084 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
wolfSSL 11:cee25a834751 2085 if (tls && haveECC) {
wolfSSL 11:cee25a834751 2086 suites->suites[idx++] = ECC_BYTE;
wolfSSL 11:cee25a834751 2087 suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA;
wolfSSL 11:cee25a834751 2088 }
wolfSSL 11:cee25a834751 2089 #endif
wolfSSL 11:cee25a834751 2090
wolfSSL 11:cee25a834751 2091 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
wolfSSL 11:cee25a834751 2092 if (tls && haveECC && haveStaticECC) {
wolfSSL 11:cee25a834751 2093 suites->suites[idx++] = ECC_BYTE;
wolfSSL 11:cee25a834751 2094 suites->suites[idx++] = TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA;
wolfSSL 11:cee25a834751 2095 }
wolfSSL 11:cee25a834751 2096 #endif
wolfSSL 11:cee25a834751 2097
wolfSSL 11:cee25a834751 2098 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
wolfSSL 11:cee25a834751 2099 if (tls && haveRSA) {
wolfSSL 11:cee25a834751 2100 suites->suites[idx++] = ECC_BYTE;
wolfSSL 11:cee25a834751 2101 suites->suites[idx++] = TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA;
wolfSSL 11:cee25a834751 2102 }
wolfSSL 11:cee25a834751 2103 #endif
wolfSSL 11:cee25a834751 2104
wolfSSL 11:cee25a834751 2105 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
wolfSSL 11:cee25a834751 2106 if (tls && haveRSAsig && haveStaticECC) {
wolfSSL 11:cee25a834751 2107 suites->suites[idx++] = ECC_BYTE;
wolfSSL 11:cee25a834751 2108 suites->suites[idx++] = TLS_ECDH_RSA_WITH_AES_256_CBC_SHA;
wolfSSL 11:cee25a834751 2109 }
wolfSSL 11:cee25a834751 2110 #endif
wolfSSL 11:cee25a834751 2111
wolfSSL 11:cee25a834751 2112 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
wolfSSL 11:cee25a834751 2113 if (tls && haveRSA) {
wolfSSL 11:cee25a834751 2114 suites->suites[idx++] = ECC_BYTE;
wolfSSL 11:cee25a834751 2115 suites->suites[idx++] = TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA;
wolfSSL 11:cee25a834751 2116 }
wolfSSL 11:cee25a834751 2117 #endif
wolfSSL 11:cee25a834751 2118
wolfSSL 11:cee25a834751 2119 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
wolfSSL 11:cee25a834751 2120 if (tls && haveRSAsig && haveStaticECC) {
wolfSSL 11:cee25a834751 2121 suites->suites[idx++] = ECC_BYTE;
wolfSSL 11:cee25a834751 2122 suites->suites[idx++] = TLS_ECDH_RSA_WITH_AES_128_CBC_SHA;
wolfSSL 11:cee25a834751 2123 }
wolfSSL 11:cee25a834751 2124 #endif
wolfSSL 11:cee25a834751 2125
wolfSSL 11:cee25a834751 2126 #ifdef BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA
wolfSSL 11:cee25a834751 2127 if (!dtls && tls && haveRSA) {
wolfSSL 11:cee25a834751 2128 suites->suites[idx++] = ECC_BYTE;
wolfSSL 11:cee25a834751 2129 suites->suites[idx++] = TLS_ECDHE_RSA_WITH_RC4_128_SHA;
wolfSSL 11:cee25a834751 2130 }
wolfSSL 11:cee25a834751 2131 #endif
wolfSSL 11:cee25a834751 2132
wolfSSL 11:cee25a834751 2133 #ifdef BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA
wolfSSL 11:cee25a834751 2134 if (!dtls && tls && haveRSAsig && haveStaticECC) {
wolfSSL 11:cee25a834751 2135 suites->suites[idx++] = ECC_BYTE;
wolfSSL 11:cee25a834751 2136 suites->suites[idx++] = TLS_ECDH_RSA_WITH_RC4_128_SHA;
wolfSSL 11:cee25a834751 2137 }
wolfSSL 11:cee25a834751 2138 #endif
wolfSSL 11:cee25a834751 2139
wolfSSL 11:cee25a834751 2140 #ifdef BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL 11:cee25a834751 2141 if (tls && haveRSA) {
wolfSSL 11:cee25a834751 2142 suites->suites[idx++] = ECC_BYTE;
wolfSSL 11:cee25a834751 2143 suites->suites[idx++] = TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA;
wolfSSL 11:cee25a834751 2144 }
wolfSSL 11:cee25a834751 2145 #endif
wolfSSL 11:cee25a834751 2146
wolfSSL 11:cee25a834751 2147 #ifdef BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL 11:cee25a834751 2148 if (tls && haveRSAsig && haveStaticECC) {
wolfSSL 11:cee25a834751 2149 suites->suites[idx++] = ECC_BYTE;
wolfSSL 11:cee25a834751 2150 suites->suites[idx++] = TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA;
wolfSSL 11:cee25a834751 2151 }
wolfSSL 11:cee25a834751 2152 #endif
wolfSSL 11:cee25a834751 2153
wolfSSL 11:cee25a834751 2154 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM
wolfSSL 11:cee25a834751 2155 if (tls1_2 && haveECC) {
wolfSSL 11:cee25a834751 2156 suites->suites[idx++] = ECC_BYTE;
wolfSSL 11:cee25a834751 2157 suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_128_CCM;
wolfSSL 11:cee25a834751 2158 }
wolfSSL 11:cee25a834751 2159 #endif
wolfSSL 11:cee25a834751 2160
wolfSSL 11:cee25a834751 2161 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
wolfSSL 11:cee25a834751 2162 if (tls1_2 && haveECC) {
wolfSSL 11:cee25a834751 2163 suites->suites[idx++] = ECC_BYTE;
wolfSSL 11:cee25a834751 2164 suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8;
wolfSSL 11:cee25a834751 2165 }
wolfSSL 11:cee25a834751 2166 #endif
wolfSSL 11:cee25a834751 2167
wolfSSL 11:cee25a834751 2168 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
wolfSSL 11:cee25a834751 2169 if (tls1_2 && haveECC) {
wolfSSL 11:cee25a834751 2170 suites->suites[idx++] = ECC_BYTE;
wolfSSL 11:cee25a834751 2171 suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8;
wolfSSL 11:cee25a834751 2172 }
wolfSSL 11:cee25a834751 2173 #endif
wolfSSL 11:cee25a834751 2174
wolfSSL 11:cee25a834751 2175 #ifdef BUILD_TLS_RSA_WITH_AES_128_CCM_8
wolfSSL 11:cee25a834751 2176 if (tls1_2 && haveRSA) {
wolfSSL 11:cee25a834751 2177 suites->suites[idx++] = ECC_BYTE;
wolfSSL 11:cee25a834751 2178 suites->suites[idx++] = TLS_RSA_WITH_AES_128_CCM_8;
wolfSSL 11:cee25a834751 2179 }
wolfSSL 11:cee25a834751 2180 #endif
wolfSSL 11:cee25a834751 2181
wolfSSL 11:cee25a834751 2182 #ifdef BUILD_TLS_RSA_WITH_AES_256_CCM_8
wolfSSL 11:cee25a834751 2183 if (tls1_2 && haveRSA) {
wolfSSL 11:cee25a834751 2184 suites->suites[idx++] = ECC_BYTE;
wolfSSL 11:cee25a834751 2185 suites->suites[idx++] = TLS_RSA_WITH_AES_256_CCM_8;
wolfSSL 11:cee25a834751 2186 }
wolfSSL 11:cee25a834751 2187 #endif
wolfSSL 11:cee25a834751 2188
wolfSSL 11:cee25a834751 2189 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
wolfSSL 11:cee25a834751 2190 if (tls && haveDH && haveRSA) {
wolfSSL 11:cee25a834751 2191 suites->suites[idx++] = 0;
wolfSSL 11:cee25a834751 2192 suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_256_CBC_SHA256;
wolfSSL 11:cee25a834751 2193 }
wolfSSL 11:cee25a834751 2194 #endif
wolfSSL 11:cee25a834751 2195
wolfSSL 11:cee25a834751 2196 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
wolfSSL 11:cee25a834751 2197 if (tls && haveDH && haveRSA) {
wolfSSL 11:cee25a834751 2198 suites->suites[idx++] = 0;
wolfSSL 11:cee25a834751 2199 suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_128_CBC_SHA256;
wolfSSL 11:cee25a834751 2200 }
wolfSSL 11:cee25a834751 2201 #endif
wolfSSL 11:cee25a834751 2202
wolfSSL 11:cee25a834751 2203 /* Place as higher priority for MYSQL testing */
wolfSSL 11:cee25a834751 2204 #if !defined(WOLFSSL_MYSQL_COMPATIBLE)
wolfSSL 11:cee25a834751 2205 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
wolfSSL 11:cee25a834751 2206 if (tls && haveDH && haveRSA) {
wolfSSL 11:cee25a834751 2207 suites->suites[idx++] = 0;
wolfSSL 11:cee25a834751 2208 suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_256_CBC_SHA;
wolfSSL 11:cee25a834751 2209 }
wolfSSL 11:cee25a834751 2210 #endif
wolfSSL 11:cee25a834751 2211 #endif
wolfSSL 11:cee25a834751 2212
wolfSSL 11:cee25a834751 2213 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
wolfSSL 11:cee25a834751 2214 if (tls && haveDH && haveRSA) {
wolfSSL 11:cee25a834751 2215 suites->suites[idx++] = 0;
wolfSSL 11:cee25a834751 2216 suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_128_CBC_SHA;
wolfSSL 11:cee25a834751 2217 }
wolfSSL 11:cee25a834751 2218 #endif
wolfSSL 11:cee25a834751 2219
wolfSSL 11:cee25a834751 2220 #ifdef BUILD_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL 11:cee25a834751 2221 if (tls && haveDH && haveRSA) {
wolfSSL 11:cee25a834751 2222 suites->suites[idx++] = 0;
wolfSSL 11:cee25a834751 2223 suites->suites[idx++] = TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA;
wolfSSL 11:cee25a834751 2224 }
wolfSSL 11:cee25a834751 2225 #endif
wolfSSL 11:cee25a834751 2226
wolfSSL 11:cee25a834751 2227 #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256
wolfSSL 11:cee25a834751 2228 if (tls && haveRSA) {
wolfSSL 11:cee25a834751 2229 suites->suites[idx++] = 0;
wolfSSL 11:cee25a834751 2230 suites->suites[idx++] = TLS_RSA_WITH_AES_256_CBC_SHA256;
wolfSSL 11:cee25a834751 2231 }
wolfSSL 11:cee25a834751 2232 #endif
wolfSSL 11:cee25a834751 2233
wolfSSL 11:cee25a834751 2234 #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256
wolfSSL 11:cee25a834751 2235 if (tls && haveRSA) {
wolfSSL 11:cee25a834751 2236 suites->suites[idx++] = 0;
wolfSSL 11:cee25a834751 2237 suites->suites[idx++] = TLS_RSA_WITH_AES_128_CBC_SHA256;
wolfSSL 11:cee25a834751 2238 }
wolfSSL 11:cee25a834751 2239 #endif
wolfSSL 11:cee25a834751 2240
wolfSSL 11:cee25a834751 2241 #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA
wolfSSL 11:cee25a834751 2242 if (tls && haveRSA) {
wolfSSL 11:cee25a834751 2243 suites->suites[idx++] = 0;
wolfSSL 11:cee25a834751 2244 suites->suites[idx++] = TLS_RSA_WITH_AES_256_CBC_SHA;
wolfSSL 11:cee25a834751 2245 }
wolfSSL 11:cee25a834751 2246 #endif
wolfSSL 11:cee25a834751 2247
wolfSSL 11:cee25a834751 2248 #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA
wolfSSL 11:cee25a834751 2249 if (tls && haveRSA) {
wolfSSL 11:cee25a834751 2250 suites->suites[idx++] = 0;
wolfSSL 11:cee25a834751 2251 suites->suites[idx++] = TLS_RSA_WITH_AES_128_CBC_SHA;
wolfSSL 11:cee25a834751 2252 }
wolfSSL 11:cee25a834751 2253 #endif
wolfSSL 11:cee25a834751 2254
wolfSSL 11:cee25a834751 2255 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256
wolfSSL 11:cee25a834751 2256 if (tls1_2 && haveECC) {
wolfSSL 11:cee25a834751 2257 suites->suites[idx++] = CHACHA_BYTE;
wolfSSL 11:cee25a834751 2258 suites->suites[idx++] =
wolfSSL 11:cee25a834751 2259 TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256;
wolfSSL 11:cee25a834751 2260 }
wolfSSL 11:cee25a834751 2261 #endif
wolfSSL 11:cee25a834751 2262
wolfSSL 11:cee25a834751 2263 #ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256
wolfSSL 11:cee25a834751 2264 if (tls1_2 && haveRSA) {
wolfSSL 11:cee25a834751 2265 suites->suites[idx++] = CHACHA_BYTE;
wolfSSL 11:cee25a834751 2266 suites->suites[idx++] = TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256;
wolfSSL 11:cee25a834751 2267 }
wolfSSL 11:cee25a834751 2268 #endif
wolfSSL 11:cee25a834751 2269
wolfSSL 11:cee25a834751 2270 #ifdef BUILD_TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256
wolfSSL 11:cee25a834751 2271 if (tls1_2 && haveRSA) {
wolfSSL 11:cee25a834751 2272 suites->suites[idx++] = CHACHA_BYTE;
wolfSSL 11:cee25a834751 2273 suites->suites[idx++] = TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256;
wolfSSL 11:cee25a834751 2274 }
wolfSSL 11:cee25a834751 2275 #endif
wolfSSL 11:cee25a834751 2276
wolfSSL 11:cee25a834751 2277 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_NULL_SHA
wolfSSL 11:cee25a834751 2278 if (tls && haveECC) {
wolfSSL 11:cee25a834751 2279 suites->suites[idx++] = ECC_BYTE;
wolfSSL 11:cee25a834751 2280 suites->suites[idx++] = TLS_ECDHE_ECDSA_WITH_NULL_SHA;
wolfSSL 11:cee25a834751 2281 }
wolfSSL 11:cee25a834751 2282 #endif
wolfSSL 11:cee25a834751 2283
wolfSSL 11:cee25a834751 2284 #ifdef BUILD_TLS_RSA_WITH_NULL_SHA
wolfSSL 11:cee25a834751 2285 if (tls && haveRSA) {
wolfSSL 11:cee25a834751 2286 suites->suites[idx++] = 0;
wolfSSL 11:cee25a834751 2287 suites->suites[idx++] = TLS_RSA_WITH_NULL_SHA;
wolfSSL 11:cee25a834751 2288 }
wolfSSL 11:cee25a834751 2289 #endif
wolfSSL 11:cee25a834751 2290
wolfSSL 11:cee25a834751 2291 #ifdef BUILD_TLS_RSA_WITH_NULL_SHA256
wolfSSL 11:cee25a834751 2292 if (tls && haveRSA) {
wolfSSL 11:cee25a834751 2293 suites->suites[idx++] = 0;
wolfSSL 11:cee25a834751 2294 suites->suites[idx++] = TLS_RSA_WITH_NULL_SHA256;
wolfSSL 11:cee25a834751 2295 }
wolfSSL 11:cee25a834751 2296 #endif
wolfSSL 11:cee25a834751 2297
wolfSSL 11:cee25a834751 2298 #ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA
wolfSSL 11:cee25a834751 2299 if (tls && havePSK) {
wolfSSL 11:cee25a834751 2300 suites->suites[idx++] = 0;
wolfSSL 11:cee25a834751 2301 suites->suites[idx++] = TLS_PSK_WITH_AES_256_CBC_SHA;
wolfSSL 11:cee25a834751 2302 }
wolfSSL 11:cee25a834751 2303 #endif
wolfSSL 11:cee25a834751 2304
wolfSSL 11:cee25a834751 2305 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
wolfSSL 11:cee25a834751 2306 if (tls && haveDH && havePSK) {
wolfSSL 11:cee25a834751 2307 suites->suites[idx++] = 0;
wolfSSL 11:cee25a834751 2308 suites->suites[idx++] = TLS_DHE_PSK_WITH_AES_256_CBC_SHA384;
wolfSSL 11:cee25a834751 2309 }
wolfSSL 11:cee25a834751 2310 #endif
wolfSSL 11:cee25a834751 2311
wolfSSL 11:cee25a834751 2312 #ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384
wolfSSL 11:cee25a834751 2313 if (tls && havePSK) {
wolfSSL 11:cee25a834751 2314 suites->suites[idx++] = 0;
wolfSSL 11:cee25a834751 2315 suites->suites[idx++] = TLS_PSK_WITH_AES_256_CBC_SHA384;
wolfSSL 11:cee25a834751 2316 }
wolfSSL 11:cee25a834751 2317 #endif
wolfSSL 11:cee25a834751 2318
wolfSSL 11:cee25a834751 2319 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
wolfSSL 11:cee25a834751 2320 if (tls && haveDH && havePSK) {
wolfSSL 11:cee25a834751 2321 suites->suites[idx++] = 0;
wolfSSL 11:cee25a834751 2322 suites->suites[idx++] = TLS_DHE_PSK_WITH_AES_128_CBC_SHA256;
wolfSSL 11:cee25a834751 2323 }
wolfSSL 11:cee25a834751 2324 #endif
wolfSSL 11:cee25a834751 2325
wolfSSL 11:cee25a834751 2326 #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256
wolfSSL 11:cee25a834751 2327 if (tls && havePSK) {
wolfSSL 11:cee25a834751 2328 suites->suites[idx++] = 0;
wolfSSL 11:cee25a834751 2329 suites->suites[idx++] = TLS_PSK_WITH_AES_128_CBC_SHA256;
wolfSSL 11:cee25a834751 2330 }
wolfSSL 11:cee25a834751 2331 #endif
wolfSSL 11:cee25a834751 2332
wolfSSL 11:cee25a834751 2333 #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA
wolfSSL 11:cee25a834751 2334 if (tls && havePSK) {
wolfSSL 11:cee25a834751 2335 suites->suites[idx++] = 0;
wolfSSL 11:cee25a834751 2336 suites->suites[idx++] = TLS_PSK_WITH_AES_128_CBC_SHA;
wolfSSL 11:cee25a834751 2337 }
wolfSSL 11:cee25a834751 2338 #endif
wolfSSL 11:cee25a834751 2339
wolfSSL 11:cee25a834751 2340 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CCM
wolfSSL 11:cee25a834751 2341 if (tls && haveDH && havePSK) {
wolfSSL 11:cee25a834751 2342 suites->suites[idx++] = ECC_BYTE;
wolfSSL 11:cee25a834751 2343 suites->suites[idx++] = TLS_DHE_PSK_WITH_AES_128_CCM;
wolfSSL 11:cee25a834751 2344 }
wolfSSL 11:cee25a834751 2345 #endif
wolfSSL 11:cee25a834751 2346
wolfSSL 11:cee25a834751 2347 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CCM
wolfSSL 11:cee25a834751 2348 if (tls && haveDH && havePSK) {
wolfSSL 11:cee25a834751 2349 suites->suites[idx++] = ECC_BYTE;
wolfSSL 11:cee25a834751 2350 suites->suites[idx++] = TLS_DHE_PSK_WITH_AES_256_CCM;
wolfSSL 11:cee25a834751 2351 }
wolfSSL 11:cee25a834751 2352 #endif
wolfSSL 11:cee25a834751 2353
wolfSSL 11:cee25a834751 2354 #ifdef BUILD_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256
wolfSSL 11:cee25a834751 2355 if (tls && havePSK) {
wolfSSL 11:cee25a834751 2356 suites->suites[idx++] = CHACHA_BYTE;
wolfSSL 11:cee25a834751 2357 suites->suites[idx++] = TLS_PSK_WITH_CHACHA20_POLY1305_SHA256;
wolfSSL 11:cee25a834751 2358 }
wolfSSL 11:cee25a834751 2359 #endif
wolfSSL 11:cee25a834751 2360
wolfSSL 11:cee25a834751 2361 #ifdef BUILD_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256
wolfSSL 11:cee25a834751 2362 if (tls && havePSK) {
wolfSSL 11:cee25a834751 2363 suites->suites[idx++] = CHACHA_BYTE;
wolfSSL 11:cee25a834751 2364 suites->suites[idx++] = TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256;
wolfSSL 11:cee25a834751 2365 }
wolfSSL 11:cee25a834751 2366 #endif
wolfSSL 11:cee25a834751 2367
wolfSSL 11:cee25a834751 2368 #ifdef BUILD_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256
wolfSSL 11:cee25a834751 2369 if (tls && havePSK) {
wolfSSL 11:cee25a834751 2370 suites->suites[idx++] = CHACHA_BYTE;
wolfSSL 11:cee25a834751 2371 suites->suites[idx++] = TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256;
wolfSSL 11:cee25a834751 2372 }
wolfSSL 11:cee25a834751 2373 #endif
wolfSSL 11:cee25a834751 2374
wolfSSL 11:cee25a834751 2375 #ifdef BUILD_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
wolfSSL 11:cee25a834751 2376 if (tls && havePSK) {
wolfSSL 11:cee25a834751 2377 suites->suites[idx++] = ECC_BYTE;
wolfSSL 11:cee25a834751 2378 suites->suites[idx++] = TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256;
wolfSSL 11:cee25a834751 2379 }
wolfSSL 11:cee25a834751 2380 #endif
wolfSSL 11:cee25a834751 2381
wolfSSL 11:cee25a834751 2382 #ifdef BUILD_TLS_PSK_WITH_AES_128_CCM
wolfSSL 11:cee25a834751 2383 if (tls && havePSK) {
wolfSSL 11:cee25a834751 2384 suites->suites[idx++] = ECC_BYTE;
wolfSSL 11:cee25a834751 2385 suites->suites[idx++] = TLS_PSK_WITH_AES_128_CCM;
wolfSSL 11:cee25a834751 2386 }
wolfSSL 11:cee25a834751 2387 #endif
wolfSSL 11:cee25a834751 2388
wolfSSL 11:cee25a834751 2389 #ifdef BUILD_TLS_PSK_WITH_AES_256_CCM
wolfSSL 11:cee25a834751 2390 if (tls && havePSK) {
wolfSSL 11:cee25a834751 2391 suites->suites[idx++] = ECC_BYTE;
wolfSSL 11:cee25a834751 2392 suites->suites[idx++] = TLS_PSK_WITH_AES_256_CCM;
wolfSSL 11:cee25a834751 2393 }
wolfSSL 11:cee25a834751 2394 #endif
wolfSSL 11:cee25a834751 2395
wolfSSL 11:cee25a834751 2396 #ifdef BUILD_TLS_PSK_WITH_AES_128_CCM_8
wolfSSL 11:cee25a834751 2397 if (tls && havePSK) {
wolfSSL 11:cee25a834751 2398 suites->suites[idx++] = ECC_BYTE;
wolfSSL 11:cee25a834751 2399 suites->suites[idx++] = TLS_PSK_WITH_AES_128_CCM_8;
wolfSSL 11:cee25a834751 2400 }
wolfSSL 11:cee25a834751 2401 #endif
wolfSSL 11:cee25a834751 2402
wolfSSL 11:cee25a834751 2403 #ifdef BUILD_TLS_PSK_WITH_AES_256_CCM_8
wolfSSL 11:cee25a834751 2404 if (tls && havePSK) {
wolfSSL 11:cee25a834751 2405 suites->suites[idx++] = ECC_BYTE;
wolfSSL 11:cee25a834751 2406 suites->suites[idx++] = TLS_PSK_WITH_AES_256_CCM_8;
wolfSSL 11:cee25a834751 2407 }
wolfSSL 11:cee25a834751 2408 #endif
wolfSSL 11:cee25a834751 2409
wolfSSL 11:cee25a834751 2410 #ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA384
wolfSSL 11:cee25a834751 2411 if (tls && haveDH && havePSK) {
wolfSSL 11:cee25a834751 2412 suites->suites[idx++] = 0;
wolfSSL 11:cee25a834751 2413 suites->suites[idx++] = TLS_DHE_PSK_WITH_NULL_SHA384;
wolfSSL 11:cee25a834751 2414 }
wolfSSL 11:cee25a834751 2415 #endif
wolfSSL 11:cee25a834751 2416
wolfSSL 11:cee25a834751 2417 #ifdef BUILD_TLS_PSK_WITH_NULL_SHA384
wolfSSL 11:cee25a834751 2418 if (tls && havePSK) {
wolfSSL 11:cee25a834751 2419 suites->suites[idx++] = 0;
wolfSSL 11:cee25a834751 2420 suites->suites[idx++] = TLS_PSK_WITH_NULL_SHA384;
wolfSSL 11:cee25a834751 2421 }
wolfSSL 11:cee25a834751 2422 #endif
wolfSSL 11:cee25a834751 2423
wolfSSL 11:cee25a834751 2424 #ifdef BUILD_TLS_ECDHE_PSK_WITH_NULL_SHA256
wolfSSL 11:cee25a834751 2425 if (tls && havePSK) {
wolfSSL 11:cee25a834751 2426 suites->suites[idx++] = ECC_BYTE;
wolfSSL 11:cee25a834751 2427 suites->suites[idx++] = TLS_ECDHE_PSK_WITH_NULL_SHA256;
wolfSSL 11:cee25a834751 2428 }
wolfSSL 11:cee25a834751 2429 #endif
wolfSSL 11:cee25a834751 2430
wolfSSL 11:cee25a834751 2431 #ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA256
wolfSSL 11:cee25a834751 2432 if (tls && haveDH && havePSK) {
wolfSSL 11:cee25a834751 2433 suites->suites[idx++] = 0;
wolfSSL 11:cee25a834751 2434 suites->suites[idx++] = TLS_DHE_PSK_WITH_NULL_SHA256;
wolfSSL 11:cee25a834751 2435 }
wolfSSL 11:cee25a834751 2436 #endif
wolfSSL 11:cee25a834751 2437
wolfSSL 11:cee25a834751 2438 #ifdef BUILD_TLS_PSK_WITH_NULL_SHA256
wolfSSL 11:cee25a834751 2439 if (tls && havePSK) {
wolfSSL 11:cee25a834751 2440 suites->suites[idx++] = 0;
wolfSSL 11:cee25a834751 2441 suites->suites[idx++] = TLS_PSK_WITH_NULL_SHA256;
wolfSSL 11:cee25a834751 2442 }
wolfSSL 11:cee25a834751 2443 #endif
wolfSSL 11:cee25a834751 2444
wolfSSL 11:cee25a834751 2445 #ifdef BUILD_TLS_PSK_WITH_NULL_SHA
wolfSSL 11:cee25a834751 2446 if (tls && havePSK) {
wolfSSL 11:cee25a834751 2447 suites->suites[idx++] = 0;
wolfSSL 11:cee25a834751 2448 suites->suites[idx++] = TLS_PSK_WITH_NULL_SHA;
wolfSSL 11:cee25a834751 2449 }
wolfSSL 11:cee25a834751 2450 #endif
wolfSSL 11:cee25a834751 2451
wolfSSL 11:cee25a834751 2452 #ifdef BUILD_SSL_RSA_WITH_RC4_128_SHA
wolfSSL 11:cee25a834751 2453 if (!dtls && haveRSA) {
wolfSSL 11:cee25a834751 2454 suites->suites[idx++] = 0;
wolfSSL 11:cee25a834751 2455 suites->suites[idx++] = SSL_RSA_WITH_RC4_128_SHA;
wolfSSL 11:cee25a834751 2456 }
wolfSSL 11:cee25a834751 2457 #endif
wolfSSL 11:cee25a834751 2458
wolfSSL 11:cee25a834751 2459 #ifdef BUILD_SSL_RSA_WITH_RC4_128_MD5
wolfSSL 11:cee25a834751 2460 if (!dtls && haveRSA) {
wolfSSL 11:cee25a834751 2461 suites->suites[idx++] = 0;
wolfSSL 11:cee25a834751 2462 suites->suites[idx++] = SSL_RSA_WITH_RC4_128_MD5;
wolfSSL 11:cee25a834751 2463 }
wolfSSL 11:cee25a834751 2464 #endif
wolfSSL 11:cee25a834751 2465
wolfSSL 11:cee25a834751 2466 #ifdef BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL 11:cee25a834751 2467 if (haveRSA ) {
wolfSSL 11:cee25a834751 2468 suites->suites[idx++] = 0;
wolfSSL 11:cee25a834751 2469 suites->suites[idx++] = SSL_RSA_WITH_3DES_EDE_CBC_SHA;
wolfSSL 11:cee25a834751 2470 }
wolfSSL 11:cee25a834751 2471 #endif
wolfSSL 11:cee25a834751 2472
wolfSSL 11:cee25a834751 2473 #ifdef BUILD_TLS_RSA_WITH_HC_128_MD5
wolfSSL 11:cee25a834751 2474 if (!dtls && tls && haveRSA) {
wolfSSL 11:cee25a834751 2475 suites->suites[idx++] = 0;
wolfSSL 11:cee25a834751 2476 suites->suites[idx++] = TLS_RSA_WITH_HC_128_MD5;
wolfSSL 11:cee25a834751 2477 }
wolfSSL 11:cee25a834751 2478 #endif
wolfSSL 11:cee25a834751 2479
wolfSSL 11:cee25a834751 2480 #ifdef BUILD_TLS_RSA_WITH_HC_128_SHA
wolfSSL 11:cee25a834751 2481 if (!dtls && tls && haveRSA) {
wolfSSL 11:cee25a834751 2482 suites->suites[idx++] = 0;
wolfSSL 11:cee25a834751 2483 suites->suites[idx++] = TLS_RSA_WITH_HC_128_SHA;
wolfSSL 11:cee25a834751 2484 }
wolfSSL 11:cee25a834751 2485 #endif
wolfSSL 11:cee25a834751 2486
wolfSSL 11:cee25a834751 2487 #ifdef BUILD_TLS_RSA_WITH_HC_128_B2B256
wolfSSL 11:cee25a834751 2488 if (!dtls && tls && haveRSA) {
wolfSSL 11:cee25a834751 2489 suites->suites[idx++] = 0;
wolfSSL 11:cee25a834751 2490 suites->suites[idx++] = TLS_RSA_WITH_HC_128_B2B256;
wolfSSL 11:cee25a834751 2491 }
wolfSSL 11:cee25a834751 2492 #endif
wolfSSL 11:cee25a834751 2493
wolfSSL 11:cee25a834751 2494 #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256
wolfSSL 11:cee25a834751 2495 if (tls && haveRSA) {
wolfSSL 11:cee25a834751 2496 suites->suites[idx++] = 0;
wolfSSL 11:cee25a834751 2497 suites->suites[idx++] = TLS_RSA_WITH_AES_128_CBC_B2B256;
wolfSSL 11:cee25a834751 2498 }
wolfSSL 11:cee25a834751 2499 #endif
wolfSSL 11:cee25a834751 2500
wolfSSL 11:cee25a834751 2501 #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256
wolfSSL 11:cee25a834751 2502 if (tls && haveRSA) {
wolfSSL 11:cee25a834751 2503 suites->suites[idx++] = 0;
wolfSSL 11:cee25a834751 2504 suites->suites[idx++] = TLS_RSA_WITH_AES_256_CBC_B2B256;
wolfSSL 11:cee25a834751 2505 }
wolfSSL 11:cee25a834751 2506 #endif
wolfSSL 11:cee25a834751 2507
wolfSSL 11:cee25a834751 2508 #ifdef BUILD_TLS_RSA_WITH_RABBIT_SHA
wolfSSL 11:cee25a834751 2509 if (!dtls && tls && haveRSA) {
wolfSSL 11:cee25a834751 2510 suites->suites[idx++] = 0;
wolfSSL 11:cee25a834751 2511 suites->suites[idx++] = TLS_RSA_WITH_RABBIT_SHA;
wolfSSL 11:cee25a834751 2512 }
wolfSSL 11:cee25a834751 2513 #endif
wolfSSL 11:cee25a834751 2514
wolfSSL 11:cee25a834751 2515 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
wolfSSL 11:cee25a834751 2516 if (tls && haveRSA) {
wolfSSL 11:cee25a834751 2517 suites->suites[idx++] = 0;
wolfSSL 11:cee25a834751 2518 suites->suites[idx++] = TLS_RSA_WITH_CAMELLIA_128_CBC_SHA;
wolfSSL 11:cee25a834751 2519 }
wolfSSL 11:cee25a834751 2520 #endif
wolfSSL 11:cee25a834751 2521
wolfSSL 11:cee25a834751 2522 #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
wolfSSL 11:cee25a834751 2523 if (tls && haveDH && haveRSA) {
wolfSSL 11:cee25a834751 2524 suites->suites[idx++] = 0;
wolfSSL 11:cee25a834751 2525 suites->suites[idx++] = TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA;
wolfSSL 11:cee25a834751 2526 }
wolfSSL 11:cee25a834751 2527 #endif
wolfSSL 11:cee25a834751 2528
wolfSSL 11:cee25a834751 2529 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
wolfSSL 11:cee25a834751 2530 if (tls && haveRSA) {
wolfSSL 11:cee25a834751 2531 suites->suites[idx++] = 0;
wolfSSL 11:cee25a834751 2532 suites->suites[idx++] = TLS_RSA_WITH_CAMELLIA_256_CBC_SHA;
wolfSSL 11:cee25a834751 2533 }
wolfSSL 11:cee25a834751 2534 #endif
wolfSSL 11:cee25a834751 2535
wolfSSL 11:cee25a834751 2536 #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
wolfSSL 11:cee25a834751 2537 if (tls && haveDH && haveRSA) {
wolfSSL 11:cee25a834751 2538 suites->suites[idx++] = 0;
wolfSSL 11:cee25a834751 2539 suites->suites[idx++] = TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA;
wolfSSL 11:cee25a834751 2540 }
wolfSSL 11:cee25a834751 2541 #endif
wolfSSL 11:cee25a834751 2542
wolfSSL 11:cee25a834751 2543 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
wolfSSL 11:cee25a834751 2544 if (tls && haveRSA) {
wolfSSL 11:cee25a834751 2545 suites->suites[idx++] = 0;
wolfSSL 11:cee25a834751 2546 suites->suites[idx++] = TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256;
wolfSSL 11:cee25a834751 2547 }
wolfSSL 11:cee25a834751 2548 #endif
wolfSSL 11:cee25a834751 2549
wolfSSL 11:cee25a834751 2550 #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
wolfSSL 11:cee25a834751 2551 if (tls && haveDH && haveRSA) {
wolfSSL 11:cee25a834751 2552 suites->suites[idx++] = 0;
wolfSSL 11:cee25a834751 2553 suites->suites[idx++] = TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256;
wolfSSL 11:cee25a834751 2554 }
wolfSSL 11:cee25a834751 2555 #endif
wolfSSL 11:cee25a834751 2556
wolfSSL 11:cee25a834751 2557 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
wolfSSL 11:cee25a834751 2558 if (tls && haveRSA) {
wolfSSL 11:cee25a834751 2559 suites->suites[idx++] = 0;
wolfSSL 11:cee25a834751 2560 suites->suites[idx++] = TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256;
wolfSSL 11:cee25a834751 2561 }
wolfSSL 11:cee25a834751 2562 #endif
wolfSSL 11:cee25a834751 2563
wolfSSL 11:cee25a834751 2564 #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
wolfSSL 11:cee25a834751 2565 if (tls && haveDH && haveRSA) {
wolfSSL 11:cee25a834751 2566 suites->suites[idx++] = 0;
wolfSSL 11:cee25a834751 2567 suites->suites[idx++] = TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256;
wolfSSL 11:cee25a834751 2568 }
wolfSSL 11:cee25a834751 2569 #endif
wolfSSL 11:cee25a834751 2570
wolfSSL 11:cee25a834751 2571 #ifdef BUILD_SSL_RSA_WITH_IDEA_CBC_SHA
wolfSSL 11:cee25a834751 2572 if (haveRSA) {
wolfSSL 11:cee25a834751 2573 suites->suites[idx++] = 0;
wolfSSL 11:cee25a834751 2574 suites->suites[idx++] = SSL_RSA_WITH_IDEA_CBC_SHA;
wolfSSL 11:cee25a834751 2575 }
wolfSSL 11:cee25a834751 2576 #endif
wolfSSL 11:cee25a834751 2577
wolfSSL 11:cee25a834751 2578 suites->suiteSz = idx;
wolfSSL 11:cee25a834751 2579
wolfSSL 11:cee25a834751 2580 InitSuitesHashSigAlgo(suites, haveECDSAsig, haveRSAsig, 0);
wolfSSL 11:cee25a834751 2581 }
wolfSSL 11:cee25a834751 2582
wolfSSL 11:cee25a834751 2583
wolfSSL 11:cee25a834751 2584 #ifndef NO_CERTS
wolfSSL 11:cee25a834751 2585
wolfSSL 11:cee25a834751 2586
wolfSSL 11:cee25a834751 2587 void InitX509Name(WOLFSSL_X509_NAME* name, int dynamicFlag)
wolfSSL 11:cee25a834751 2588 {
wolfSSL 11:cee25a834751 2589 (void)dynamicFlag;
wolfSSL 11:cee25a834751 2590
wolfSSL 11:cee25a834751 2591 if (name != NULL) {
wolfSSL 11:cee25a834751 2592 name->name = name->staticName;
wolfSSL 11:cee25a834751 2593 name->dynamicName = 0;
wolfSSL 11:cee25a834751 2594 #ifdef OPENSSL_EXTRA
wolfSSL 11:cee25a834751 2595 XMEMSET(&name->fullName, 0, sizeof(DecodedName));
wolfSSL 11:cee25a834751 2596 XMEMSET(&name->cnEntry, 0, sizeof(WOLFSSL_X509_NAME_ENTRY));
wolfSSL 11:cee25a834751 2597 name->cnEntry.value = &(name->cnEntry.data); /* point to internal data*/
wolfSSL 11:cee25a834751 2598 name->x509 = NULL;
wolfSSL 11:cee25a834751 2599 #endif /* OPENSSL_EXTRA */
wolfSSL 11:cee25a834751 2600 }
wolfSSL 11:cee25a834751 2601 }
wolfSSL 11:cee25a834751 2602
wolfSSL 11:cee25a834751 2603
wolfSSL 11:cee25a834751 2604 void FreeX509Name(WOLFSSL_X509_NAME* name, void* heap)
wolfSSL 11:cee25a834751 2605 {
wolfSSL 11:cee25a834751 2606 if (name != NULL) {
wolfSSL 11:cee25a834751 2607 if (name->dynamicName)
wolfSSL 11:cee25a834751 2608 XFREE(name->name, heap, DYNAMIC_TYPE_SUBJECT_CN);
wolfSSL 11:cee25a834751 2609 #ifdef OPENSSL_EXTRA
wolfSSL 11:cee25a834751 2610 if (name->fullName.fullName != NULL)
wolfSSL 11:cee25a834751 2611 XFREE(name->fullName.fullName, heap, DYNAMIC_TYPE_X509);
wolfSSL 11:cee25a834751 2612 #endif /* OPENSSL_EXTRA */
wolfSSL 11:cee25a834751 2613 }
wolfSSL 11:cee25a834751 2614 (void)heap;
wolfSSL 11:cee25a834751 2615 }
wolfSSL 11:cee25a834751 2616
wolfSSL 11:cee25a834751 2617
wolfSSL 11:cee25a834751 2618 /* Initialize wolfSSL X509 type */
wolfSSL 11:cee25a834751 2619 void InitX509(WOLFSSL_X509* x509, int dynamicFlag, void* heap)
wolfSSL 11:cee25a834751 2620 {
wolfSSL 11:cee25a834751 2621 if (x509 == NULL) {
wolfSSL 11:cee25a834751 2622 WOLFSSL_MSG("Null parameter passed in!");
wolfSSL 11:cee25a834751 2623 return;
wolfSSL 11:cee25a834751 2624 }
wolfSSL 11:cee25a834751 2625
wolfSSL 11:cee25a834751 2626 XMEMSET(x509, 0, sizeof(WOLFSSL_X509));
wolfSSL 11:cee25a834751 2627
wolfSSL 11:cee25a834751 2628 x509->heap = heap;
wolfSSL 11:cee25a834751 2629 InitX509Name(&x509->issuer, 0);
wolfSSL 11:cee25a834751 2630 InitX509Name(&x509->subject, 0);
wolfSSL 11:cee25a834751 2631 x509->version = 0;
wolfSSL 11:cee25a834751 2632 x509->pubKey.buffer = NULL;
wolfSSL 11:cee25a834751 2633 x509->sig.buffer = NULL;
wolfSSL 11:cee25a834751 2634 x509->derCert = NULL;
wolfSSL 11:cee25a834751 2635 x509->altNames = NULL;
wolfSSL 11:cee25a834751 2636 x509->altNamesNext = NULL;
wolfSSL 11:cee25a834751 2637 x509->dynamicMemory = (byte)dynamicFlag;
wolfSSL 11:cee25a834751 2638 x509->isCa = 0;
wolfSSL 11:cee25a834751 2639 #ifdef HAVE_ECC
wolfSSL 11:cee25a834751 2640 x509->pkCurveOID = 0;
wolfSSL 11:cee25a834751 2641 #endif /* HAVE_ECC */
wolfSSL 11:cee25a834751 2642 #ifdef OPENSSL_EXTRA
wolfSSL 11:cee25a834751 2643 x509->pathLength = 0;
wolfSSL 11:cee25a834751 2644 x509->basicConstSet = 0;
wolfSSL 11:cee25a834751 2645 x509->basicConstCrit = 0;
wolfSSL 11:cee25a834751 2646 x509->basicConstPlSet = 0;
wolfSSL 11:cee25a834751 2647 x509->subjAltNameSet = 0;
wolfSSL 11:cee25a834751 2648 x509->subjAltNameCrit = 0;
wolfSSL 11:cee25a834751 2649 x509->authKeyIdSet = 0;
wolfSSL 11:cee25a834751 2650 x509->authKeyIdCrit = 0;
wolfSSL 11:cee25a834751 2651 x509->authKeyId = NULL;
wolfSSL 11:cee25a834751 2652 x509->authKeyIdSz = 0;
wolfSSL 11:cee25a834751 2653 x509->subjKeyIdSet = 0;
wolfSSL 11:cee25a834751 2654 x509->subjKeyIdCrit = 0;
wolfSSL 11:cee25a834751 2655 x509->subjKeyId = NULL;
wolfSSL 11:cee25a834751 2656 x509->subjKeyIdSz = 0;
wolfSSL 11:cee25a834751 2657 x509->keyUsageSet = 0;
wolfSSL 11:cee25a834751 2658 x509->keyUsageCrit = 0;
wolfSSL 11:cee25a834751 2659 x509->keyUsage = 0;
wolfSSL 11:cee25a834751 2660 #ifdef WOLFSSL_SEP
wolfSSL 11:cee25a834751 2661 x509->certPolicySet = 0;
wolfSSL 11:cee25a834751 2662 x509->certPolicyCrit = 0;
wolfSSL 11:cee25a834751 2663 #endif /* WOLFSSL_SEP */
wolfSSL 11:cee25a834751 2664 #endif /* OPENSSL_EXTRA */
wolfSSL 11:cee25a834751 2665 }
wolfSSL 11:cee25a834751 2666
wolfSSL 11:cee25a834751 2667
wolfSSL 11:cee25a834751 2668 /* Free wolfSSL X509 type */
wolfSSL 11:cee25a834751 2669 void FreeX509(WOLFSSL_X509* x509)
wolfSSL 11:cee25a834751 2670 {
wolfSSL 11:cee25a834751 2671 if (x509 == NULL)
wolfSSL 11:cee25a834751 2672 return;
wolfSSL 11:cee25a834751 2673
wolfSSL 11:cee25a834751 2674 FreeX509Name(&x509->issuer, x509->heap);
wolfSSL 11:cee25a834751 2675 FreeX509Name(&x509->subject, x509->heap);
wolfSSL 11:cee25a834751 2676 if (x509->pubKey.buffer)
wolfSSL 11:cee25a834751 2677 XFREE(x509->pubKey.buffer, x509->heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 11:cee25a834751 2678 FreeDer(&x509->derCert);
wolfSSL 11:cee25a834751 2679 XFREE(x509->sig.buffer, x509->heap, DYNAMIC_TYPE_SIGNATURE);
wolfSSL 11:cee25a834751 2680 #ifdef OPENSSL_EXTRA
wolfSSL 11:cee25a834751 2681 XFREE(x509->authKeyId, x509->heap, DYNAMIC_TYPE_X509_EXT);
wolfSSL 11:cee25a834751 2682 XFREE(x509->subjKeyId, x509->heap, DYNAMIC_TYPE_X509_EXT);
wolfSSL 11:cee25a834751 2683 if (x509->authInfo != NULL) {
wolfSSL 11:cee25a834751 2684 XFREE(x509->authInfo, x509->heap, DYNAMIC_TYPE_X509_EXT);
wolfSSL 11:cee25a834751 2685 }
wolfSSL 11:cee25a834751 2686 if (x509->extKeyUsageSrc != NULL) {
wolfSSL 11:cee25a834751 2687 XFREE(x509->extKeyUsageSrc, x509->heap, DYNAMIC_TYPE_X509_EXT);
wolfSSL 11:cee25a834751 2688 }
wolfSSL 11:cee25a834751 2689 #endif /* OPENSSL_EXTRA */
wolfSSL 11:cee25a834751 2690 if (x509->altNames)
wolfSSL 11:cee25a834751 2691 FreeAltNames(x509->altNames, NULL);
wolfSSL 11:cee25a834751 2692 }
wolfSSL 11:cee25a834751 2693
wolfSSL 11:cee25a834751 2694
wolfSSL 11:cee25a834751 2695 #ifndef NO_RSA
wolfSSL 11:cee25a834751 2696
wolfSSL 11:cee25a834751 2697 int RsaSign(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out,
wolfSSL 11:cee25a834751 2698 word32* outSz, RsaKey* key, const byte* keyBuf, word32 keySz, void* ctx)
wolfSSL 11:cee25a834751 2699 {
wolfSSL 11:cee25a834751 2700 int ret;
wolfSSL 11:cee25a834751 2701
wolfSSL 11:cee25a834751 2702 (void)ssl;
wolfSSL 11:cee25a834751 2703 (void)keyBuf;
wolfSSL 11:cee25a834751 2704 (void)keySz;
wolfSSL 11:cee25a834751 2705 (void)ctx;
wolfSSL 11:cee25a834751 2706
wolfSSL 11:cee25a834751 2707 WOLFSSL_ENTER("RsaSign");
wolfSSL 11:cee25a834751 2708
wolfSSL 11:cee25a834751 2709 #if defined(HAVE_PK_CALLBACKS)
wolfSSL 11:cee25a834751 2710 if (ssl->ctx->RsaSignCb) {
wolfSSL 11:cee25a834751 2711 ret = ssl->ctx->RsaSignCb(ssl, in, inSz, out, outSz, keyBuf, keySz,
wolfSSL 11:cee25a834751 2712 ctx);
wolfSSL 11:cee25a834751 2713 }
wolfSSL 11:cee25a834751 2714 else
wolfSSL 11:cee25a834751 2715 #endif /*HAVE_PK_CALLBACKS */
wolfSSL 11:cee25a834751 2716 {
wolfSSL 11:cee25a834751 2717 ret = wc_RsaSSL_Sign(in, inSz, out, *outSz, key, ssl->rng);
wolfSSL 11:cee25a834751 2718 }
wolfSSL 11:cee25a834751 2719
wolfSSL 11:cee25a834751 2720 /* Handle async pending response */
wolfSSL 11:cee25a834751 2721 #if defined(WOLFSSL_ASYNC_CRYPT)
wolfSSL 11:cee25a834751 2722 if (ret == WC_PENDING_E) {
wolfSSL 11:cee25a834751 2723 ret = wolfSSL_AsyncPush(ssl, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
wolfSSL 11:cee25a834751 2724 }
wolfSSL 11:cee25a834751 2725 #endif /* WOLFSSL_ASYNC_CRYPT */
wolfSSL 11:cee25a834751 2726
wolfSSL 11:cee25a834751 2727 /* For positive response return in outSz */
wolfSSL 11:cee25a834751 2728 if (ret > 0) {
wolfSSL 11:cee25a834751 2729 *outSz = ret;
wolfSSL 11:cee25a834751 2730 ret = 0;
wolfSSL 11:cee25a834751 2731 }
wolfSSL 11:cee25a834751 2732
wolfSSL 11:cee25a834751 2733 WOLFSSL_LEAVE("RsaSign", ret);
wolfSSL 11:cee25a834751 2734
wolfSSL 11:cee25a834751 2735 return ret;
wolfSSL 11:cee25a834751 2736 }
wolfSSL 11:cee25a834751 2737
wolfSSL 11:cee25a834751 2738 int RsaVerify(WOLFSSL* ssl, byte* in, word32 inSz,
wolfSSL 11:cee25a834751 2739 byte** out, RsaKey* key, const byte* keyBuf, word32 keySz, void* ctx)
wolfSSL 11:cee25a834751 2740 {
wolfSSL 11:cee25a834751 2741 int ret;
wolfSSL 11:cee25a834751 2742
wolfSSL 11:cee25a834751 2743 (void)ssl;
wolfSSL 11:cee25a834751 2744 (void)keyBuf;
wolfSSL 11:cee25a834751 2745 (void)keySz;
wolfSSL 11:cee25a834751 2746 (void)ctx;
wolfSSL 11:cee25a834751 2747
wolfSSL 11:cee25a834751 2748 WOLFSSL_ENTER("RsaVerify");
wolfSSL 11:cee25a834751 2749
wolfSSL 11:cee25a834751 2750 #ifdef HAVE_PK_CALLBACKS
wolfSSL 11:cee25a834751 2751 if (ssl->ctx->RsaVerifyCb) {
wolfSSL 11:cee25a834751 2752 ret = ssl->ctx->RsaVerifyCb(ssl, in, inSz, out, keyBuf, keySz, ctx);
wolfSSL 11:cee25a834751 2753 }
wolfSSL 11:cee25a834751 2754 else
wolfSSL 11:cee25a834751 2755 #endif /*HAVE_PK_CALLBACKS */
wolfSSL 11:cee25a834751 2756 {
wolfSSL 11:cee25a834751 2757 ret = wc_RsaSSL_VerifyInline(in, inSz, out, key);
wolfSSL 11:cee25a834751 2758 }
wolfSSL 11:cee25a834751 2759
wolfSSL 11:cee25a834751 2760 /* Handle async pending response */
wolfSSL 11:cee25a834751 2761 #if defined(WOLFSSL_ASYNC_CRYPT)
wolfSSL 11:cee25a834751 2762 if (ret == WC_PENDING_E) {
wolfSSL 11:cee25a834751 2763 ret = wolfSSL_AsyncPush(ssl, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
wolfSSL 11:cee25a834751 2764 }
wolfSSL 11:cee25a834751 2765 #endif /* WOLFSSL_ASYNC_CRYPT */
wolfSSL 11:cee25a834751 2766
wolfSSL 11:cee25a834751 2767 WOLFSSL_LEAVE("RsaVerify", ret);
wolfSSL 11:cee25a834751 2768
wolfSSL 11:cee25a834751 2769 return ret;
wolfSSL 11:cee25a834751 2770 }
wolfSSL 11:cee25a834751 2771
wolfSSL 11:cee25a834751 2772 /* Verify RSA signature, 0 on success */
wolfSSL 11:cee25a834751 2773 int VerifyRsaSign(WOLFSSL* ssl, byte* verifySig, word32 sigSz,
wolfSSL 11:cee25a834751 2774 const byte* plain, word32 plainSz, RsaKey* key)
wolfSSL 11:cee25a834751 2775 {
wolfSSL 11:cee25a834751 2776 byte* out = NULL; /* inline result */
wolfSSL 11:cee25a834751 2777 int ret;
wolfSSL 11:cee25a834751 2778
wolfSSL 11:cee25a834751 2779 (void)ssl;
wolfSSL 11:cee25a834751 2780
wolfSSL 11:cee25a834751 2781 WOLFSSL_ENTER("VerifyRsaSign");
wolfSSL 11:cee25a834751 2782
wolfSSL 11:cee25a834751 2783 if (verifySig == NULL || plain == NULL || key == NULL) {
wolfSSL 11:cee25a834751 2784 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 2785 }
wolfSSL 11:cee25a834751 2786
wolfSSL 11:cee25a834751 2787 if (sigSz > ENCRYPT_LEN) {
wolfSSL 11:cee25a834751 2788 WOLFSSL_MSG("Signature buffer too big");
wolfSSL 11:cee25a834751 2789 return BUFFER_E;
wolfSSL 11:cee25a834751 2790 }
wolfSSL 11:cee25a834751 2791
wolfSSL 11:cee25a834751 2792 ret = wc_RsaSSL_VerifyInline(verifySig, sigSz, &out, key);
wolfSSL 11:cee25a834751 2793
wolfSSL 11:cee25a834751 2794 if (ret > 0) {
wolfSSL 11:cee25a834751 2795 if (ret != (int)plainSz || !out ||
wolfSSL 11:cee25a834751 2796 XMEMCMP(plain, out, plainSz) != 0) {
wolfSSL 11:cee25a834751 2797 WOLFSSL_MSG("RSA Signature verification failed");
wolfSSL 11:cee25a834751 2798 ret = RSA_SIGN_FAULT;
wolfSSL 11:cee25a834751 2799 } else {
wolfSSL 11:cee25a834751 2800 ret = 0; /* RSA reset */
wolfSSL 11:cee25a834751 2801 }
wolfSSL 11:cee25a834751 2802 }
wolfSSL 11:cee25a834751 2803
wolfSSL 11:cee25a834751 2804 /* Handle async pending response */
wolfSSL 11:cee25a834751 2805 #if defined(WOLFSSL_ASYNC_CRYPT)
wolfSSL 11:cee25a834751 2806 if (ret == WC_PENDING_E) {
wolfSSL 11:cee25a834751 2807 ret = wolfSSL_AsyncPush(ssl, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
wolfSSL 11:cee25a834751 2808 }
wolfSSL 11:cee25a834751 2809 #endif /* WOLFSSL_ASYNC_CRYPT */
wolfSSL 11:cee25a834751 2810
wolfSSL 11:cee25a834751 2811 WOLFSSL_LEAVE("VerifyRsaSign", ret);
wolfSSL 11:cee25a834751 2812
wolfSSL 11:cee25a834751 2813 return ret;
wolfSSL 11:cee25a834751 2814 }
wolfSSL 11:cee25a834751 2815
wolfSSL 11:cee25a834751 2816 int RsaDec(WOLFSSL* ssl, byte* in, word32 inSz, byte** out, word32* outSz,
wolfSSL 11:cee25a834751 2817 RsaKey* key, const byte* keyBuf, word32 keySz, void* ctx)
wolfSSL 11:cee25a834751 2818 {
wolfSSL 11:cee25a834751 2819 int ret;
wolfSSL 11:cee25a834751 2820
wolfSSL 11:cee25a834751 2821 (void)ssl;
wolfSSL 11:cee25a834751 2822 (void)keyBuf;
wolfSSL 11:cee25a834751 2823 (void)keySz;
wolfSSL 11:cee25a834751 2824 (void)ctx;
wolfSSL 11:cee25a834751 2825
wolfSSL 11:cee25a834751 2826 WOLFSSL_ENTER("RsaDec");
wolfSSL 11:cee25a834751 2827
wolfSSL 11:cee25a834751 2828 #ifdef HAVE_PK_CALLBACKS
wolfSSL 11:cee25a834751 2829 if (ssl->ctx->RsaDecCb) {
wolfSSL 11:cee25a834751 2830 ret = ssl->ctx->RsaDecCb(ssl, in, inSz, out, keyBuf, keySz,
wolfSSL 11:cee25a834751 2831 ctx);
wolfSSL 11:cee25a834751 2832 }
wolfSSL 11:cee25a834751 2833 else
wolfSSL 11:cee25a834751 2834 #endif /* HAVE_PK_CALLBACKS */
wolfSSL 11:cee25a834751 2835 {
wolfSSL 11:cee25a834751 2836 #ifdef WC_RSA_BLINDING
wolfSSL 11:cee25a834751 2837 ret = wc_RsaSetRNG(key, ssl->rng);
wolfSSL 11:cee25a834751 2838 if (ret != 0)
wolfSSL 11:cee25a834751 2839 return ret;
wolfSSL 11:cee25a834751 2840 #endif
wolfSSL 11:cee25a834751 2841 ret = wc_RsaPrivateDecryptInline(in, inSz, out, key);
wolfSSL 11:cee25a834751 2842 }
wolfSSL 11:cee25a834751 2843
wolfSSL 11:cee25a834751 2844 /* Handle async pending response */
wolfSSL 11:cee25a834751 2845 #if defined(WOLFSSL_ASYNC_CRYPT)
wolfSSL 11:cee25a834751 2846 if (ret == WC_PENDING_E) {
wolfSSL 11:cee25a834751 2847 ret = wolfSSL_AsyncPush(ssl, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
wolfSSL 11:cee25a834751 2848 }
wolfSSL 11:cee25a834751 2849 #endif /* WOLFSSL_ASYNC_CRYPT */
wolfSSL 11:cee25a834751 2850
wolfSSL 11:cee25a834751 2851 /* For positive response return in outSz */
wolfSSL 11:cee25a834751 2852 if (ret > 0) {
wolfSSL 11:cee25a834751 2853 *outSz = ret;
wolfSSL 11:cee25a834751 2854 ret = 0;
wolfSSL 11:cee25a834751 2855 }
wolfSSL 11:cee25a834751 2856
wolfSSL 11:cee25a834751 2857 WOLFSSL_LEAVE("RsaDec", ret);
wolfSSL 11:cee25a834751 2858
wolfSSL 11:cee25a834751 2859 return ret;
wolfSSL 11:cee25a834751 2860 }
wolfSSL 11:cee25a834751 2861
wolfSSL 11:cee25a834751 2862 int RsaEnc(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out, word32* outSz,
wolfSSL 11:cee25a834751 2863 RsaKey* key, const byte* keyBuf, word32 keySz, void* ctx)
wolfSSL 11:cee25a834751 2864 {
wolfSSL 11:cee25a834751 2865 int ret;
wolfSSL 11:cee25a834751 2866
wolfSSL 11:cee25a834751 2867 (void)ssl;
wolfSSL 11:cee25a834751 2868 (void)keyBuf;
wolfSSL 11:cee25a834751 2869 (void)keySz;
wolfSSL 11:cee25a834751 2870 (void)ctx;
wolfSSL 11:cee25a834751 2871
wolfSSL 11:cee25a834751 2872 WOLFSSL_ENTER("RsaEnc");
wolfSSL 11:cee25a834751 2873
wolfSSL 11:cee25a834751 2874 #ifdef HAVE_PK_CALLBACKS
wolfSSL 11:cee25a834751 2875 if (ssl->ctx->RsaEncCb) {
wolfSSL 11:cee25a834751 2876 ret = ssl->ctx->RsaEncCb(ssl, in, inSz, out, outSz, keyBuf, keySz,
wolfSSL 11:cee25a834751 2877 ctx);
wolfSSL 11:cee25a834751 2878 }
wolfSSL 11:cee25a834751 2879 else
wolfSSL 11:cee25a834751 2880 #endif /* HAVE_PK_CALLBACKS */
wolfSSL 11:cee25a834751 2881 {
wolfSSL 11:cee25a834751 2882 ret = wc_RsaPublicEncrypt(in, inSz, out, *outSz, key, ssl->rng);
wolfSSL 11:cee25a834751 2883 }
wolfSSL 11:cee25a834751 2884
wolfSSL 11:cee25a834751 2885 /* Handle async pending response */
wolfSSL 11:cee25a834751 2886 #if defined(WOLFSSL_ASYNC_CRYPT)
wolfSSL 11:cee25a834751 2887 if (ret == WC_PENDING_E) {
wolfSSL 11:cee25a834751 2888 ret = wolfSSL_AsyncPush(ssl, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
wolfSSL 11:cee25a834751 2889 }
wolfSSL 11:cee25a834751 2890 #endif /* WOLFSSL_ASYNC_CRYPT */
wolfSSL 11:cee25a834751 2891
wolfSSL 11:cee25a834751 2892 /* For positive response return in outSz */
wolfSSL 11:cee25a834751 2893 if (ret > 0) {
wolfSSL 11:cee25a834751 2894 *outSz = ret;
wolfSSL 11:cee25a834751 2895 ret = 0;
wolfSSL 11:cee25a834751 2896 }
wolfSSL 11:cee25a834751 2897
wolfSSL 11:cee25a834751 2898 WOLFSSL_LEAVE("RsaEnc", ret);
wolfSSL 11:cee25a834751 2899
wolfSSL 11:cee25a834751 2900 return ret;
wolfSSL 11:cee25a834751 2901 }
wolfSSL 11:cee25a834751 2902
wolfSSL 11:cee25a834751 2903 #endif /* NO_RSA */
wolfSSL 11:cee25a834751 2904
wolfSSL 11:cee25a834751 2905 #ifdef HAVE_ECC
wolfSSL 11:cee25a834751 2906
wolfSSL 11:cee25a834751 2907 int EccSign(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out,
wolfSSL 11:cee25a834751 2908 word32* outSz, ecc_key* key, byte* keyBuf, word32 keySz, void* ctx)
wolfSSL 11:cee25a834751 2909 {
wolfSSL 11:cee25a834751 2910 int ret;
wolfSSL 11:cee25a834751 2911
wolfSSL 11:cee25a834751 2912 (void)ssl;
wolfSSL 11:cee25a834751 2913 (void)keyBuf;
wolfSSL 11:cee25a834751 2914 (void)keySz;
wolfSSL 11:cee25a834751 2915 (void)ctx;
wolfSSL 11:cee25a834751 2916
wolfSSL 11:cee25a834751 2917 WOLFSSL_ENTER("EccSign");
wolfSSL 11:cee25a834751 2918
wolfSSL 11:cee25a834751 2919 #if defined(HAVE_PK_CALLBACKS)
wolfSSL 11:cee25a834751 2920 if (ssl->ctx->EccSignCb) {
wolfSSL 11:cee25a834751 2921 ret = ssl->ctx->EccSignCb(ssl, in, inSz, out, outSz, keyBuf,
wolfSSL 11:cee25a834751 2922 keySz, ctx);
wolfSSL 11:cee25a834751 2923 }
wolfSSL 11:cee25a834751 2924 else
wolfSSL 11:cee25a834751 2925 #endif /* HAVE_PK_CALLBACKS */
wolfSSL 11:cee25a834751 2926 {
wolfSSL 11:cee25a834751 2927 ret = wc_ecc_sign_hash(in, inSz, out, outSz, ssl->rng, key);
wolfSSL 11:cee25a834751 2928 }
wolfSSL 11:cee25a834751 2929
wolfSSL 11:cee25a834751 2930 /* Handle async pending response */
wolfSSL 11:cee25a834751 2931 #if defined(WOLFSSL_ASYNC_CRYPT)
wolfSSL 11:cee25a834751 2932 if (ret == WC_PENDING_E) {
wolfSSL 11:cee25a834751 2933 ret = wolfSSL_AsyncPush(ssl, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
wolfSSL 11:cee25a834751 2934 }
wolfSSL 11:cee25a834751 2935 #endif /* WOLFSSL_ASYNC_CRYPT */
wolfSSL 11:cee25a834751 2936
wolfSSL 11:cee25a834751 2937 WOLFSSL_LEAVE("EccSign", ret);
wolfSSL 11:cee25a834751 2938
wolfSSL 11:cee25a834751 2939 return ret;
wolfSSL 11:cee25a834751 2940 }
wolfSSL 11:cee25a834751 2941
wolfSSL 11:cee25a834751 2942 int EccVerify(WOLFSSL* ssl, const byte* in, word32 inSz, const byte* out,
wolfSSL 11:cee25a834751 2943 word32 outSz, ecc_key* key, byte* keyBuf, word32 keySz,
wolfSSL 11:cee25a834751 2944 void* ctx)
wolfSSL 11:cee25a834751 2945 {
wolfSSL 11:cee25a834751 2946 int ret;
wolfSSL 11:cee25a834751 2947
wolfSSL 11:cee25a834751 2948 (void)ssl;
wolfSSL 11:cee25a834751 2949 (void)keyBuf;
wolfSSL 11:cee25a834751 2950 (void)keySz;
wolfSSL 11:cee25a834751 2951 (void)ctx;
wolfSSL 11:cee25a834751 2952
wolfSSL 11:cee25a834751 2953 WOLFSSL_ENTER("EccVerify");
wolfSSL 11:cee25a834751 2954
wolfSSL 11:cee25a834751 2955 #ifdef HAVE_PK_CALLBACKS
wolfSSL 11:cee25a834751 2956 if (ssl->ctx->EccVerifyCb) {
wolfSSL 11:cee25a834751 2957 ret = ssl->ctx->EccVerifyCb(ssl, in, inSz, out, outSz, keyBuf, keySz,
wolfSSL 11:cee25a834751 2958 &ssl->eccVerifyRes, ctx);
wolfSSL 11:cee25a834751 2959 }
wolfSSL 11:cee25a834751 2960 else
wolfSSL 11:cee25a834751 2961 #endif /* HAVE_PK_CALLBACKS */
wolfSSL 11:cee25a834751 2962 {
wolfSSL 11:cee25a834751 2963 ret = wc_ecc_verify_hash(in, inSz, out, outSz, &ssl->eccVerifyRes, key);
wolfSSL 11:cee25a834751 2964 }
wolfSSL 11:cee25a834751 2965
wolfSSL 11:cee25a834751 2966 /* Handle async pending response */
wolfSSL 11:cee25a834751 2967 #if defined(WOLFSSL_ASYNC_CRYPT)
wolfSSL 11:cee25a834751 2968 if (ret == WC_PENDING_E) {
wolfSSL 11:cee25a834751 2969 ret = wolfSSL_AsyncPush(ssl, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
wolfSSL 11:cee25a834751 2970 }
wolfSSL 11:cee25a834751 2971 else
wolfSSL 11:cee25a834751 2972 #endif /* WOLFSSL_ASYNC_CRYPT */
wolfSSL 11:cee25a834751 2973 {
wolfSSL 11:cee25a834751 2974 ret = (ret != 0 || ssl->eccVerifyRes == 0) ? VERIFY_SIGN_ERROR : 0;
wolfSSL 11:cee25a834751 2975 }
wolfSSL 11:cee25a834751 2976
wolfSSL 11:cee25a834751 2977 WOLFSSL_LEAVE("EccVerify", ret);
wolfSSL 11:cee25a834751 2978
wolfSSL 11:cee25a834751 2979 return ret;
wolfSSL 11:cee25a834751 2980 }
wolfSSL 11:cee25a834751 2981
wolfSSL 11:cee25a834751 2982 #ifdef HAVE_PK_CALLBACKS
wolfSSL 11:cee25a834751 2983 /* Gets ECC key for shared secret callback testing
wolfSSL 11:cee25a834751 2984 * Client side: returns peer key
wolfSSL 11:cee25a834751 2985 * Server side: returns private key
wolfSSL 11:cee25a834751 2986 */
wolfSSL 11:cee25a834751 2987 static int EccGetKey(WOLFSSL* ssl, ecc_key** otherKey)
wolfSSL 11:cee25a834751 2988 {
wolfSSL 11:cee25a834751 2989 int ret = NO_PEER_KEY;
wolfSSL 11:cee25a834751 2990 ecc_key* tmpKey = NULL;
wolfSSL 11:cee25a834751 2991
wolfSSL 11:cee25a834751 2992 if (ssl == NULL || otherKey == NULL) {
wolfSSL 11:cee25a834751 2993 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 2994 }
wolfSSL 11:cee25a834751 2995
wolfSSL 11:cee25a834751 2996 if (ssl->options.side == WOLFSSL_CLIENT_END) {
wolfSSL 11:cee25a834751 2997 if (ssl->specs.static_ecdh) {
wolfSSL 11:cee25a834751 2998 if (!ssl->peerEccDsaKey || !ssl->peerEccDsaKeyPresent ||
wolfSSL 11:cee25a834751 2999 !ssl->peerEccDsaKey->dp) {
wolfSSL 11:cee25a834751 3000 return NO_PEER_KEY;
wolfSSL 11:cee25a834751 3001 }
wolfSSL 11:cee25a834751 3002 tmpKey = (struct ecc_key*)ssl->peerEccDsaKey;
wolfSSL 11:cee25a834751 3003 }
wolfSSL 11:cee25a834751 3004 else {
wolfSSL 11:cee25a834751 3005 if (!ssl->peerEccKey || !ssl->peerEccKeyPresent ||
wolfSSL 11:cee25a834751 3006 !ssl->peerEccKey->dp) {
wolfSSL 11:cee25a834751 3007 return NO_PEER_KEY;
wolfSSL 11:cee25a834751 3008 }
wolfSSL 11:cee25a834751 3009 tmpKey = (struct ecc_key*)ssl->peerEccKey;
wolfSSL 11:cee25a834751 3010 }
wolfSSL 11:cee25a834751 3011 }
wolfSSL 11:cee25a834751 3012 else if (ssl->options.side == WOLFSSL_SERVER_END) {
wolfSSL 11:cee25a834751 3013 if (ssl->specs.static_ecdh) {
wolfSSL 11:cee25a834751 3014 if (ssl->hsKey == NULL) {
wolfSSL 11:cee25a834751 3015 return NO_PRIVATE_KEY;
wolfSSL 11:cee25a834751 3016 }
wolfSSL 11:cee25a834751 3017 tmpKey = (struct ecc_key*)ssl->hsKey;
wolfSSL 11:cee25a834751 3018 }
wolfSSL 11:cee25a834751 3019 else {
wolfSSL 11:cee25a834751 3020 if (!ssl->eccTempKeyPresent) {
wolfSSL 11:cee25a834751 3021 return NO_PRIVATE_KEY;
wolfSSL 11:cee25a834751 3022 }
wolfSSL 11:cee25a834751 3023 tmpKey = (struct ecc_key*)ssl->eccTempKey;
wolfSSL 11:cee25a834751 3024 }
wolfSSL 11:cee25a834751 3025 }
wolfSSL 11:cee25a834751 3026
wolfSSL 11:cee25a834751 3027 if (tmpKey) {
wolfSSL 11:cee25a834751 3028 *otherKey = tmpKey;
wolfSSL 11:cee25a834751 3029 ret = 0;
wolfSSL 11:cee25a834751 3030 }
wolfSSL 11:cee25a834751 3031
wolfSSL 11:cee25a834751 3032 return ret;
wolfSSL 11:cee25a834751 3033 }
wolfSSL 11:cee25a834751 3034 #endif /* HAVE_PK_CALLBACKS */
wolfSSL 11:cee25a834751 3035
wolfSSL 11:cee25a834751 3036 int EccSharedSecret(WOLFSSL* ssl, ecc_key* priv_key, ecc_key* pub_key,
wolfSSL 11:cee25a834751 3037 byte* pubKeyDer, word32* pubKeySz, byte* out, word32* outlen,
wolfSSL 11:cee25a834751 3038 int side, void* ctx)
wolfSSL 11:cee25a834751 3039 {
wolfSSL 11:cee25a834751 3040 int ret;
wolfSSL 11:cee25a834751 3041
wolfSSL 11:cee25a834751 3042 (void)ssl;
wolfSSL 11:cee25a834751 3043 (void)pubKeyDer;
wolfSSL 11:cee25a834751 3044 (void)pubKeySz;
wolfSSL 11:cee25a834751 3045 (void)side;
wolfSSL 11:cee25a834751 3046 (void)ctx;
wolfSSL 11:cee25a834751 3047
wolfSSL 11:cee25a834751 3048 WOLFSSL_ENTER("EccSharedSecret");
wolfSSL 11:cee25a834751 3049
wolfSSL 11:cee25a834751 3050 #ifdef HAVE_PK_CALLBACKS
wolfSSL 11:cee25a834751 3051 if (ssl->ctx->EccSharedSecretCb) {
wolfSSL 11:cee25a834751 3052 ecc_key* otherKey = NULL;
wolfSSL 11:cee25a834751 3053
wolfSSL 11:cee25a834751 3054 ret = EccGetKey(ssl, &otherKey);
wolfSSL 11:cee25a834751 3055 if (ret == 0) {
wolfSSL 11:cee25a834751 3056 ret = ssl->ctx->EccSharedSecretCb(ssl, otherKey, pubKeyDer,
wolfSSL 11:cee25a834751 3057 pubKeySz, out, outlen, side, ctx);
wolfSSL 11:cee25a834751 3058 }
wolfSSL 11:cee25a834751 3059 }
wolfSSL 11:cee25a834751 3060 else
wolfSSL 11:cee25a834751 3061 #endif
wolfSSL 11:cee25a834751 3062 {
wolfSSL 11:cee25a834751 3063 ret = wc_ecc_shared_secret(priv_key, pub_key, out, outlen);
wolfSSL 11:cee25a834751 3064 }
wolfSSL 11:cee25a834751 3065
wolfSSL 11:cee25a834751 3066 /* Handle async pending response */
wolfSSL 11:cee25a834751 3067 #if defined(WOLFSSL_ASYNC_CRYPT)
wolfSSL 11:cee25a834751 3068 if (ret == WC_PENDING_E) {
wolfSSL 11:cee25a834751 3069 ret = wolfSSL_AsyncPush(ssl, &priv_key->asyncDev,
wolfSSL 11:cee25a834751 3070 WC_ASYNC_FLAG_CALL_AGAIN);
wolfSSL 11:cee25a834751 3071 }
wolfSSL 11:cee25a834751 3072 #endif /* WOLFSSL_ASYNC_CRYPT */
wolfSSL 11:cee25a834751 3073
wolfSSL 11:cee25a834751 3074 WOLFSSL_LEAVE("EccSharedSecret", ret);
wolfSSL 11:cee25a834751 3075
wolfSSL 11:cee25a834751 3076 return ret;
wolfSSL 11:cee25a834751 3077 }
wolfSSL 11:cee25a834751 3078
wolfSSL 11:cee25a834751 3079 int EccMakeKey(WOLFSSL* ssl, ecc_key* key, ecc_key* peer)
wolfSSL 11:cee25a834751 3080 {
wolfSSL 11:cee25a834751 3081 int ret = 0;
wolfSSL 11:cee25a834751 3082 int keySz = 0;
wolfSSL 11:cee25a834751 3083
wolfSSL 11:cee25a834751 3084 WOLFSSL_ENTER("EccMakeKey");
wolfSSL 11:cee25a834751 3085
wolfSSL 11:cee25a834751 3086 if (peer == NULL) {
wolfSSL 11:cee25a834751 3087 keySz = ssl->eccTempKeySz;
wolfSSL 11:cee25a834751 3088 }
wolfSSL 11:cee25a834751 3089 else {
wolfSSL 11:cee25a834751 3090 keySz = peer->dp->size;
wolfSSL 11:cee25a834751 3091 }
wolfSSL 11:cee25a834751 3092
wolfSSL 11:cee25a834751 3093 if (ssl->ecdhCurveOID > 0) {
wolfSSL 11:cee25a834751 3094 ret = wc_ecc_make_key_ex(ssl->rng, keySz, key,
wolfSSL 11:cee25a834751 3095 wc_ecc_get_oid(ssl->ecdhCurveOID, NULL, NULL));
wolfSSL 11:cee25a834751 3096 }
wolfSSL 11:cee25a834751 3097 else {
wolfSSL 11:cee25a834751 3098 ret = wc_ecc_make_key(ssl->rng, keySz, key);
wolfSSL 11:cee25a834751 3099 if (ret == 0)
wolfSSL 11:cee25a834751 3100 ssl->ecdhCurveOID = key->dp->oidSum;
wolfSSL 11:cee25a834751 3101 }
wolfSSL 11:cee25a834751 3102
wolfSSL 11:cee25a834751 3103 /* Handle async pending response */
wolfSSL 11:cee25a834751 3104 #if defined(WOLFSSL_ASYNC_CRYPT)
wolfSSL 11:cee25a834751 3105 if (ret == WC_PENDING_E) {
wolfSSL 11:cee25a834751 3106 ret = wolfSSL_AsyncPush(ssl, &key->asyncDev, WC_ASYNC_FLAG_NONE);
wolfSSL 11:cee25a834751 3107 }
wolfSSL 11:cee25a834751 3108 #endif /* WOLFSSL_ASYNC_CRYPT */
wolfSSL 11:cee25a834751 3109
wolfSSL 11:cee25a834751 3110 WOLFSSL_LEAVE("EccMakeKey", ret);
wolfSSL 11:cee25a834751 3111
wolfSSL 11:cee25a834751 3112 return ret;
wolfSSL 11:cee25a834751 3113 }
wolfSSL 11:cee25a834751 3114
wolfSSL 11:cee25a834751 3115 #endif /* HAVE_ECC */
wolfSSL 11:cee25a834751 3116
wolfSSL 11:cee25a834751 3117 #endif /* !NO_CERTS */
wolfSSL 11:cee25a834751 3118
wolfSSL 11:cee25a834751 3119 #if !defined(NO_CERTS) || !defined(NO_PSK)
wolfSSL 11:cee25a834751 3120 #if !defined(NO_DH)
wolfSSL 11:cee25a834751 3121
wolfSSL 11:cee25a834751 3122 int DhGenKeyPair(WOLFSSL* ssl, DhKey* dhKey,
wolfSSL 11:cee25a834751 3123 byte* priv, word32* privSz,
wolfSSL 11:cee25a834751 3124 byte* pub, word32* pubSz)
wolfSSL 11:cee25a834751 3125 {
wolfSSL 11:cee25a834751 3126 int ret;
wolfSSL 11:cee25a834751 3127
wolfSSL 11:cee25a834751 3128 WOLFSSL_ENTER("DhGenKeyPair");
wolfSSL 11:cee25a834751 3129
wolfSSL 11:cee25a834751 3130 ret = wc_DhGenerateKeyPair(dhKey, ssl->rng, priv, privSz, pub, pubSz);
wolfSSL 11:cee25a834751 3131
wolfSSL 11:cee25a834751 3132 /* Handle async pending response */
wolfSSL 11:cee25a834751 3133 #if defined(WOLFSSL_ASYNC_CRYPT)
wolfSSL 11:cee25a834751 3134 if (ret == WC_PENDING_E) {
wolfSSL 11:cee25a834751 3135 ret = wolfSSL_AsyncPush(ssl, &dhKey->asyncDev, WC_ASYNC_FLAG_NONE);
wolfSSL 11:cee25a834751 3136 }
wolfSSL 11:cee25a834751 3137 #endif /* WOLFSSL_ASYNC_CRYPT */
wolfSSL 11:cee25a834751 3138
wolfSSL 11:cee25a834751 3139 WOLFSSL_LEAVE("DhGenKeyPair", ret);
wolfSSL 11:cee25a834751 3140
wolfSSL 11:cee25a834751 3141 return ret;
wolfSSL 11:cee25a834751 3142 }
wolfSSL 11:cee25a834751 3143
wolfSSL 11:cee25a834751 3144 int DhAgree(WOLFSSL* ssl, DhKey* dhKey,
wolfSSL 11:cee25a834751 3145 const byte* priv, word32 privSz,
wolfSSL 11:cee25a834751 3146 const byte* otherPub, word32 otherPubSz,
wolfSSL 11:cee25a834751 3147 byte* agree, word32* agreeSz)
wolfSSL 11:cee25a834751 3148 {
wolfSSL 11:cee25a834751 3149 int ret;
wolfSSL 11:cee25a834751 3150
wolfSSL 11:cee25a834751 3151 (void)ssl;
wolfSSL 11:cee25a834751 3152
wolfSSL 11:cee25a834751 3153 WOLFSSL_ENTER("DhAgree");
wolfSSL 11:cee25a834751 3154
wolfSSL 11:cee25a834751 3155 ret = wc_DhAgree(dhKey, agree, agreeSz, priv, privSz, otherPub, otherPubSz);
wolfSSL 11:cee25a834751 3156
wolfSSL 11:cee25a834751 3157 /* Handle async pending response */
wolfSSL 11:cee25a834751 3158 #if defined(WOLFSSL_ASYNC_CRYPT)
wolfSSL 11:cee25a834751 3159 if (ret == WC_PENDING_E) {
wolfSSL 11:cee25a834751 3160 ret = wolfSSL_AsyncPush(ssl, &dhKey->asyncDev, WC_ASYNC_FLAG_NONE);
wolfSSL 11:cee25a834751 3161 }
wolfSSL 11:cee25a834751 3162 #endif /* WOLFSSL_ASYNC_CRYPT */
wolfSSL 11:cee25a834751 3163
wolfSSL 11:cee25a834751 3164 WOLFSSL_LEAVE("DhAgree", ret);
wolfSSL 11:cee25a834751 3165
wolfSSL 11:cee25a834751 3166 return ret;
wolfSSL 11:cee25a834751 3167 }
wolfSSL 11:cee25a834751 3168
wolfSSL 11:cee25a834751 3169 #endif /* !NO_DH */
wolfSSL 11:cee25a834751 3170 #endif /* !NO_CERTS || !NO_PSK */
wolfSSL 11:cee25a834751 3171
wolfSSL 11:cee25a834751 3172
wolfSSL 11:cee25a834751 3173
wolfSSL 11:cee25a834751 3174 /* This function inherits a WOLFSSL_CTX's fields into an SSL object.
wolfSSL 11:cee25a834751 3175 It is used during initialization and to switch an ssl's CTX with
wolfSSL 11:cee25a834751 3176 wolfSSL_Set_SSL_CTX. Requires ssl->suites alloc and ssl-arrays with PSK
wolfSSL 11:cee25a834751 3177 unless writeDup is on.
wolfSSL 11:cee25a834751 3178
wolfSSL 11:cee25a834751 3179 ssl object to initialize
wolfSSL 11:cee25a834751 3180 ctx parent factory
wolfSSL 11:cee25a834751 3181 writeDup flag indicating this is a write dup only
wolfSSL 11:cee25a834751 3182
wolfSSL 11:cee25a834751 3183 SSL_SUCCESS return value on success */
wolfSSL 11:cee25a834751 3184 int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
wolfSSL 11:cee25a834751 3185 {
wolfSSL 11:cee25a834751 3186 byte havePSK = 0;
wolfSSL 11:cee25a834751 3187 byte haveAnon = 0;
wolfSSL 11:cee25a834751 3188 byte newSSL;
wolfSSL 11:cee25a834751 3189 byte haveRSA = 0;
wolfSSL 11:cee25a834751 3190 (void) haveAnon; /* Squash unused var warnings */
wolfSSL 11:cee25a834751 3191
wolfSSL 11:cee25a834751 3192 if (!ssl || !ctx)
wolfSSL 11:cee25a834751 3193 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 3194
wolfSSL 11:cee25a834751 3195 if (ssl->suites == NULL && !writeDup)
wolfSSL 11:cee25a834751 3196 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 3197
wolfSSL 11:cee25a834751 3198 newSSL = ssl->ctx == NULL; /* Assign after null check */
wolfSSL 11:cee25a834751 3199
wolfSSL 11:cee25a834751 3200 #ifndef NO_PSK
wolfSSL 11:cee25a834751 3201 if (ctx->server_hint[0] && ssl->arrays == NULL && !writeDup) {
wolfSSL 11:cee25a834751 3202 return BAD_FUNC_ARG; /* needed for copy below */
wolfSSL 11:cee25a834751 3203 }
wolfSSL 11:cee25a834751 3204 #endif
wolfSSL 11:cee25a834751 3205
wolfSSL 11:cee25a834751 3206
wolfSSL 11:cee25a834751 3207 #ifndef NO_RSA
wolfSSL 11:cee25a834751 3208 haveRSA = 1;
wolfSSL 11:cee25a834751 3209 #endif
wolfSSL 11:cee25a834751 3210 #ifndef NO_PSK
wolfSSL 11:cee25a834751 3211 havePSK = ctx->havePSK;
wolfSSL 11:cee25a834751 3212 #endif /* NO_PSK */
wolfSSL 11:cee25a834751 3213 #ifdef HAVE_ANON
wolfSSL 11:cee25a834751 3214 haveAnon = ctx->haveAnon;
wolfSSL 11:cee25a834751 3215 #endif /* HAVE_ANON*/
wolfSSL 11:cee25a834751 3216
wolfSSL 11:cee25a834751 3217 /* decrement previous CTX reference count if exists.
wolfSSL 11:cee25a834751 3218 * This should only happen if switching ctxs!*/
wolfSSL 11:cee25a834751 3219 if (!newSSL) {
wolfSSL 11:cee25a834751 3220 WOLFSSL_MSG("freeing old ctx to decrement reference count. Switching ctx.");
wolfSSL 11:cee25a834751 3221 wolfSSL_CTX_free(ssl->ctx);
wolfSSL 11:cee25a834751 3222 }
wolfSSL 11:cee25a834751 3223
wolfSSL 11:cee25a834751 3224 /* increment CTX reference count */
wolfSSL 11:cee25a834751 3225 if (wc_LockMutex(&ctx->countMutex) != 0) {
wolfSSL 11:cee25a834751 3226 WOLFSSL_MSG("Couldn't lock CTX count mutex");
wolfSSL 11:cee25a834751 3227 return BAD_MUTEX_E;
wolfSSL 11:cee25a834751 3228 }
wolfSSL 11:cee25a834751 3229 ctx->refCount++;
wolfSSL 11:cee25a834751 3230 wc_UnLockMutex(&ctx->countMutex);
wolfSSL 11:cee25a834751 3231 ssl->ctx = ctx; /* only for passing to calls, options could change */
wolfSSL 11:cee25a834751 3232 ssl->version = ctx->method->version;
wolfSSL 11:cee25a834751 3233
wolfSSL 11:cee25a834751 3234 #ifdef HAVE_ECC
wolfSSL 11:cee25a834751 3235 ssl->eccTempKeySz = ctx->eccTempKeySz;
wolfSSL 11:cee25a834751 3236 ssl->pkCurveOID = ctx->pkCurveOID;
wolfSSL 11:cee25a834751 3237 ssl->ecdhCurveOID = ctx->ecdhCurveOID;
wolfSSL 11:cee25a834751 3238 #endif
wolfSSL 11:cee25a834751 3239
wolfSSL 11:cee25a834751 3240 #ifdef OPENSSL_EXTRA
wolfSSL 11:cee25a834751 3241 ssl->options.mask = ctx->mask;
wolfSSL 11:cee25a834751 3242 #endif
wolfSSL 11:cee25a834751 3243 ssl->timeout = ctx->timeout;
wolfSSL 11:cee25a834751 3244 ssl->verifyCallback = ctx->verifyCallback;
wolfSSL 11:cee25a834751 3245 ssl->options.side = ctx->method->side;
wolfSSL 11:cee25a834751 3246 ssl->options.downgrade = ctx->method->downgrade;
wolfSSL 11:cee25a834751 3247 ssl->options.minDowngrade = ctx->minDowngrade;
wolfSSL 11:cee25a834751 3248
wolfSSL 11:cee25a834751 3249 ssl->options.haveDH = ctx->haveDH;
wolfSSL 11:cee25a834751 3250 ssl->options.haveNTRU = ctx->haveNTRU;
wolfSSL 11:cee25a834751 3251 ssl->options.haveECDSAsig = ctx->haveECDSAsig;
wolfSSL 11:cee25a834751 3252 ssl->options.haveECC = ctx->haveECC;
wolfSSL 11:cee25a834751 3253 ssl->options.haveStaticECC = ctx->haveStaticECC;
wolfSSL 11:cee25a834751 3254
wolfSSL 11:cee25a834751 3255 #ifndef NO_PSK
wolfSSL 11:cee25a834751 3256 ssl->options.havePSK = ctx->havePSK;
wolfSSL 11:cee25a834751 3257 ssl->options.client_psk_cb = ctx->client_psk_cb;
wolfSSL 11:cee25a834751 3258 ssl->options.server_psk_cb = ctx->server_psk_cb;
wolfSSL 11:cee25a834751 3259 #endif /* NO_PSK */
wolfSSL 11:cee25a834751 3260
wolfSSL 11:cee25a834751 3261 #ifdef HAVE_ANON
wolfSSL 11:cee25a834751 3262 ssl->options.haveAnon = ctx->haveAnon;
wolfSSL 11:cee25a834751 3263 #endif
wolfSSL 11:cee25a834751 3264 #ifndef NO_DH
wolfSSL 11:cee25a834751 3265 ssl->options.minDhKeySz = ctx->minDhKeySz;
wolfSSL 11:cee25a834751 3266 #endif
wolfSSL 11:cee25a834751 3267 #ifndef NO_RSA
wolfSSL 11:cee25a834751 3268 ssl->options.minRsaKeySz = ctx->minRsaKeySz;
wolfSSL 11:cee25a834751 3269 #endif
wolfSSL 11:cee25a834751 3270 #ifdef HAVE_ECC
wolfSSL 11:cee25a834751 3271 ssl->options.minEccKeySz = ctx->minEccKeySz;
wolfSSL 11:cee25a834751 3272 #endif
wolfSSL 11:cee25a834751 3273
wolfSSL 11:cee25a834751 3274 ssl->options.sessionCacheOff = ctx->sessionCacheOff;
wolfSSL 11:cee25a834751 3275 ssl->options.sessionCacheFlushOff = ctx->sessionCacheFlushOff;
wolfSSL 11:cee25a834751 3276 #ifdef HAVE_EXT_CACHE
wolfSSL 11:cee25a834751 3277 ssl->options.internalCacheOff = ctx->internalCacheOff;
wolfSSL 11:cee25a834751 3278 #endif
wolfSSL 11:cee25a834751 3279
wolfSSL 11:cee25a834751 3280 ssl->options.verifyPeer = ctx->verifyPeer;
wolfSSL 11:cee25a834751 3281 ssl->options.verifyNone = ctx->verifyNone;
wolfSSL 11:cee25a834751 3282 ssl->options.failNoCert = ctx->failNoCert;
wolfSSL 11:cee25a834751 3283 ssl->options.failNoCertxPSK = ctx->failNoCertxPSK;
wolfSSL 11:cee25a834751 3284 ssl->options.sendVerify = ctx->sendVerify;
wolfSSL 11:cee25a834751 3285
wolfSSL 11:cee25a834751 3286 ssl->options.partialWrite = ctx->partialWrite;
wolfSSL 11:cee25a834751 3287 ssl->options.quietShutdown = ctx->quietShutdown;
wolfSSL 11:cee25a834751 3288 ssl->options.groupMessages = ctx->groupMessages;
wolfSSL 11:cee25a834751 3289
wolfSSL 11:cee25a834751 3290 #ifndef NO_DH
wolfSSL 11:cee25a834751 3291 ssl->buffers.serverDH_P = ctx->serverDH_P;
wolfSSL 11:cee25a834751 3292 ssl->buffers.serverDH_G = ctx->serverDH_G;
wolfSSL 11:cee25a834751 3293 #endif
wolfSSL 11:cee25a834751 3294
wolfSSL 11:cee25a834751 3295 #ifndef NO_CERTS
wolfSSL 11:cee25a834751 3296 /* ctx still owns certificate, certChain, key, dh, and cm */
wolfSSL 11:cee25a834751 3297 ssl->buffers.certificate = ctx->certificate;
wolfSSL 11:cee25a834751 3298 ssl->buffers.certChain = ctx->certChain;
wolfSSL 11:cee25a834751 3299 ssl->buffers.key = ctx->privateKey;
wolfSSL 11:cee25a834751 3300 #endif
wolfSSL 11:cee25a834751 3301
wolfSSL 11:cee25a834751 3302 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 11:cee25a834751 3303 ssl->devId = ctx->devId;
wolfSSL 11:cee25a834751 3304 #endif
wolfSSL 11:cee25a834751 3305
wolfSSL 11:cee25a834751 3306 if (writeDup == 0) {
wolfSSL 11:cee25a834751 3307
wolfSSL 11:cee25a834751 3308 #ifndef NO_PSK
wolfSSL 11:cee25a834751 3309 if (ctx->server_hint[0]) { /* set in CTX */
wolfSSL 11:cee25a834751 3310 XSTRNCPY(ssl->arrays->server_hint, ctx->server_hint,
wolfSSL 11:cee25a834751 3311 sizeof(ssl->arrays->server_hint));
wolfSSL 11:cee25a834751 3312 ssl->arrays->server_hint[MAX_PSK_ID_LEN] = '\0'; /* null term */
wolfSSL 11:cee25a834751 3313 }
wolfSSL 11:cee25a834751 3314 #endif /* NO_PSK */
wolfSSL 11:cee25a834751 3315
wolfSSL 11:cee25a834751 3316 if (ctx->suites)
wolfSSL 11:cee25a834751 3317 *ssl->suites = *ctx->suites;
wolfSSL 11:cee25a834751 3318 else
wolfSSL 11:cee25a834751 3319 XMEMSET(ssl->suites, 0, sizeof(Suites));
wolfSSL 11:cee25a834751 3320
wolfSSL 11:cee25a834751 3321 /* make sure server has DH parms, and add PSK if there, add NTRU too */
wolfSSL 11:cee25a834751 3322 if (ssl->options.side == WOLFSSL_SERVER_END)
wolfSSL 11:cee25a834751 3323 InitSuites(ssl->suites, ssl->version, haveRSA, havePSK,
wolfSSL 11:cee25a834751 3324 ssl->options.haveDH, ssl->options.haveNTRU,
wolfSSL 11:cee25a834751 3325 ssl->options.haveECDSAsig, ssl->options.haveECC,
wolfSSL 11:cee25a834751 3326 ssl->options.haveStaticECC, ssl->options.side);
wolfSSL 11:cee25a834751 3327 else
wolfSSL 11:cee25a834751 3328 InitSuites(ssl->suites, ssl->version, haveRSA, havePSK, TRUE,
wolfSSL 11:cee25a834751 3329 ssl->options.haveNTRU, ssl->options.haveECDSAsig,
wolfSSL 11:cee25a834751 3330 ssl->options.haveECC, ssl->options.haveStaticECC,
wolfSSL 11:cee25a834751 3331 ssl->options.side);
wolfSSL 11:cee25a834751 3332
wolfSSL 11:cee25a834751 3333 #if !defined(NO_CERTS) && !defined(WOLFSSL_SESSION_EXPORT)
wolfSSL 11:cee25a834751 3334 /* make sure server has cert and key unless using PSK or Anon
wolfSSL 11:cee25a834751 3335 * This should be true even if just switching ssl ctx */
wolfSSL 11:cee25a834751 3336 if (ssl->options.side == WOLFSSL_SERVER_END && !havePSK && !haveAnon)
wolfSSL 11:cee25a834751 3337 if (!ssl->buffers.certificate || !ssl->buffers.certificate->buffer
wolfSSL 11:cee25a834751 3338 || !ssl->buffers.key || !ssl->buffers.key->buffer) {
wolfSSL 11:cee25a834751 3339 WOLFSSL_MSG("Server missing certificate and/or private key");
wolfSSL 11:cee25a834751 3340 return NO_PRIVATE_KEY;
wolfSSL 11:cee25a834751 3341 }
wolfSSL 11:cee25a834751 3342 #endif
wolfSSL 11:cee25a834751 3343
wolfSSL 11:cee25a834751 3344 } /* writeDup check */
wolfSSL 11:cee25a834751 3345
wolfSSL 11:cee25a834751 3346 #ifdef WOLFSSL_SESSION_EXPORT
wolfSSL 11:cee25a834751 3347 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 3348 ssl->dtls_export = ctx->dtls_export; /* export function for session */
wolfSSL 11:cee25a834751 3349 #endif
wolfSSL 11:cee25a834751 3350 #endif
wolfSSL 11:cee25a834751 3351
wolfSSL 11:cee25a834751 3352 #ifdef OPENSSL_EXTRA
wolfSSL 11:cee25a834751 3353 ssl->readAhead = ctx->readAhead;
wolfSSL 11:cee25a834751 3354 #endif
wolfSSL 11:cee25a834751 3355
wolfSSL 11:cee25a834751 3356 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 3357 }
wolfSSL 11:cee25a834751 3358
wolfSSL 11:cee25a834751 3359 static int InitHashes(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 3360 {
wolfSSL 11:cee25a834751 3361 int ret;
wolfSSL 11:cee25a834751 3362
wolfSSL 11:cee25a834751 3363 ssl->hsHashes = (HS_Hashes*)XMALLOC(sizeof(HS_Hashes), ssl->heap,
wolfSSL 11:cee25a834751 3364 DYNAMIC_TYPE_HASHES);
wolfSSL 11:cee25a834751 3365 if (ssl->hsHashes == NULL) {
wolfSSL 11:cee25a834751 3366 WOLFSSL_MSG("HS_Hashes Memory error");
wolfSSL 11:cee25a834751 3367 return MEMORY_E;
wolfSSL 11:cee25a834751 3368 }
wolfSSL 11:cee25a834751 3369 XMEMSET(ssl->hsHashes, 0, sizeof(HS_Hashes));
wolfSSL 11:cee25a834751 3370
wolfSSL 11:cee25a834751 3371 #ifndef NO_OLD_TLS
wolfSSL 11:cee25a834751 3372 #ifndef NO_MD5
wolfSSL 11:cee25a834751 3373 ret = wc_InitMd5_ex(&ssl->hsHashes->hashMd5, ssl->heap, ssl->devId);
wolfSSL 11:cee25a834751 3374 if (ret != 0)
wolfSSL 11:cee25a834751 3375 return ret;
wolfSSL 11:cee25a834751 3376 #endif
wolfSSL 11:cee25a834751 3377 #ifndef NO_SHA
wolfSSL 11:cee25a834751 3378 ret = wc_InitSha_ex(&ssl->hsHashes->hashSha, ssl->heap, ssl->devId);
wolfSSL 11:cee25a834751 3379 if (ret != 0)
wolfSSL 11:cee25a834751 3380 return ret;
wolfSSL 11:cee25a834751 3381 #endif
wolfSSL 11:cee25a834751 3382 #endif /* !NO_OLD_TLS */
wolfSSL 11:cee25a834751 3383 #ifndef NO_SHA256
wolfSSL 11:cee25a834751 3384 ret = wc_InitSha256_ex(&ssl->hsHashes->hashSha256, ssl->heap, ssl->devId);
wolfSSL 11:cee25a834751 3385 if (ret != 0)
wolfSSL 11:cee25a834751 3386 return ret;
wolfSSL 11:cee25a834751 3387 #endif
wolfSSL 11:cee25a834751 3388 #ifdef WOLFSSL_SHA384
wolfSSL 11:cee25a834751 3389 ret = wc_InitSha384_ex(&ssl->hsHashes->hashSha384, ssl->heap, ssl->devId);
wolfSSL 11:cee25a834751 3390 if (ret != 0)
wolfSSL 11:cee25a834751 3391 return ret;
wolfSSL 11:cee25a834751 3392 #endif
wolfSSL 11:cee25a834751 3393 #ifdef WOLFSSL_SHA512
wolfSSL 11:cee25a834751 3394 ret = wc_InitSha512_ex(&ssl->hsHashes->hashSha512, ssl->heap, ssl->devId);
wolfSSL 11:cee25a834751 3395 if (ret != 0)
wolfSSL 11:cee25a834751 3396 return ret;
wolfSSL 11:cee25a834751 3397 #endif
wolfSSL 11:cee25a834751 3398
wolfSSL 11:cee25a834751 3399 return ret;
wolfSSL 11:cee25a834751 3400 }
wolfSSL 11:cee25a834751 3401
wolfSSL 11:cee25a834751 3402 static void FreeHashes(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 3403 {
wolfSSL 11:cee25a834751 3404 if (ssl->hsHashes) {
wolfSSL 11:cee25a834751 3405 #ifndef NO_OLD_TLS
wolfSSL 11:cee25a834751 3406 #ifndef NO_MD5
wolfSSL 11:cee25a834751 3407 wc_Md5Free(&ssl->hsHashes->hashMd5);
wolfSSL 11:cee25a834751 3408 #endif
wolfSSL 11:cee25a834751 3409 #ifndef NO_SHA
wolfSSL 11:cee25a834751 3410 wc_ShaFree(&ssl->hsHashes->hashSha);
wolfSSL 11:cee25a834751 3411 #endif
wolfSSL 11:cee25a834751 3412 #endif /* !NO_OLD_TLS */
wolfSSL 11:cee25a834751 3413 #ifndef NO_SHA256
wolfSSL 11:cee25a834751 3414 wc_Sha256Free(&ssl->hsHashes->hashSha256);
wolfSSL 11:cee25a834751 3415 #endif
wolfSSL 11:cee25a834751 3416 #ifdef WOLFSSL_SHA384
wolfSSL 11:cee25a834751 3417 wc_Sha384Free(&ssl->hsHashes->hashSha384);
wolfSSL 11:cee25a834751 3418 #endif
wolfSSL 11:cee25a834751 3419 #ifdef WOLFSSL_SHA512
wolfSSL 11:cee25a834751 3420 wc_Sha512Free(&ssl->hsHashes->hashSha512);
wolfSSL 11:cee25a834751 3421 #endif
wolfSSL 11:cee25a834751 3422
wolfSSL 11:cee25a834751 3423 XFREE(ssl->hsHashes, ssl->heap, DYNAMIC_TYPE_HASHES);
wolfSSL 11:cee25a834751 3424 ssl->hsHashes = NULL;
wolfSSL 11:cee25a834751 3425 }
wolfSSL 11:cee25a834751 3426 }
wolfSSL 11:cee25a834751 3427
wolfSSL 11:cee25a834751 3428
wolfSSL 11:cee25a834751 3429 /* init everything to 0, NULL, default values before calling anything that may
wolfSSL 11:cee25a834751 3430 fail so that destructor has a "good" state to cleanup
wolfSSL 11:cee25a834751 3431
wolfSSL 11:cee25a834751 3432 ssl object to initialize
wolfSSL 11:cee25a834751 3433 ctx parent factory
wolfSSL 11:cee25a834751 3434 writeDup flag indicating this is a write dup only
wolfSSL 11:cee25a834751 3435
wolfSSL 11:cee25a834751 3436 0 on success */
wolfSSL 11:cee25a834751 3437 int InitSSL(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup)
wolfSSL 11:cee25a834751 3438 {
wolfSSL 11:cee25a834751 3439 int ret;
wolfSSL 11:cee25a834751 3440
wolfSSL 11:cee25a834751 3441 XMEMSET(ssl, 0, sizeof(WOLFSSL));
wolfSSL 11:cee25a834751 3442
wolfSSL 11:cee25a834751 3443 #if defined(WOLFSSL_STATIC_MEMORY)
wolfSSL 11:cee25a834751 3444 if (ctx->heap != NULL) {
wolfSSL 11:cee25a834751 3445 WOLFSSL_HEAP_HINT* ssl_hint;
wolfSSL 11:cee25a834751 3446 WOLFSSL_HEAP_HINT* ctx_hint;
wolfSSL 11:cee25a834751 3447
wolfSSL 11:cee25a834751 3448 /* avoid derefrencing a test value */
wolfSSL 11:cee25a834751 3449 #ifdef WOLFSSL_HEAP_TEST
wolfSSL 11:cee25a834751 3450 if (ctx->heap == (void*)WOLFSSL_HEAP_TEST) {
wolfSSL 11:cee25a834751 3451 ssl->heap = ctx->heap;
wolfSSL 11:cee25a834751 3452 }
wolfSSL 11:cee25a834751 3453 else {
wolfSSL 11:cee25a834751 3454 #endif
wolfSSL 11:cee25a834751 3455 ssl->heap = (WOLFSSL_HEAP_HINT*)XMALLOC(sizeof(WOLFSSL_HEAP_HINT),
wolfSSL 11:cee25a834751 3456 ctx->heap, DYNAMIC_TYPE_SSL);
wolfSSL 11:cee25a834751 3457 if (ssl->heap == NULL) {
wolfSSL 11:cee25a834751 3458 return MEMORY_E;
wolfSSL 11:cee25a834751 3459 }
wolfSSL 11:cee25a834751 3460 XMEMSET(ssl->heap, 0, sizeof(WOLFSSL_HEAP_HINT));
wolfSSL 11:cee25a834751 3461 ssl_hint = ((WOLFSSL_HEAP_HINT*)(ssl->heap));
wolfSSL 11:cee25a834751 3462 ctx_hint = ((WOLFSSL_HEAP_HINT*)(ctx->heap));
wolfSSL 11:cee25a834751 3463
wolfSSL 11:cee25a834751 3464 /* lock and check IO count / handshake count */
wolfSSL 11:cee25a834751 3465 if (wc_LockMutex(&(ctx_hint->memory->memory_mutex)) != 0) {
wolfSSL 11:cee25a834751 3466 WOLFSSL_MSG("Bad memory_mutex lock");
wolfSSL 11:cee25a834751 3467 XFREE(ssl->heap, ctx->heap, DYNAMIC_TYPE_SSL);
wolfSSL 11:cee25a834751 3468 ssl->heap = NULL; /* free and set to NULL for IO counter */
wolfSSL 11:cee25a834751 3469 return BAD_MUTEX_E;
wolfSSL 11:cee25a834751 3470 }
wolfSSL 11:cee25a834751 3471 if (ctx_hint->memory->maxHa > 0 &&
wolfSSL 11:cee25a834751 3472 ctx_hint->memory->maxHa <= ctx_hint->memory->curHa) {
wolfSSL 11:cee25a834751 3473 WOLFSSL_MSG("At max number of handshakes for static memory");
wolfSSL 11:cee25a834751 3474 wc_UnLockMutex(&(ctx_hint->memory->memory_mutex));
wolfSSL 11:cee25a834751 3475 XFREE(ssl->heap, ctx->heap, DYNAMIC_TYPE_SSL);
wolfSSL 11:cee25a834751 3476 ssl->heap = NULL; /* free and set to NULL for IO counter */
wolfSSL 11:cee25a834751 3477 return MEMORY_E;
wolfSSL 11:cee25a834751 3478 }
wolfSSL 11:cee25a834751 3479
wolfSSL 11:cee25a834751 3480 if (ctx_hint->memory->maxIO > 0 &&
wolfSSL 11:cee25a834751 3481 ctx_hint->memory->maxIO <= ctx_hint->memory->curIO) {
wolfSSL 11:cee25a834751 3482 WOLFSSL_MSG("At max number of IO allowed for static memory");
wolfSSL 11:cee25a834751 3483 wc_UnLockMutex(&(ctx_hint->memory->memory_mutex));
wolfSSL 11:cee25a834751 3484 XFREE(ssl->heap, ctx->heap, DYNAMIC_TYPE_SSL);
wolfSSL 11:cee25a834751 3485 ssl->heap = NULL; /* free and set to NULL for IO counter */
wolfSSL 11:cee25a834751 3486 return MEMORY_E;
wolfSSL 11:cee25a834751 3487 }
wolfSSL 11:cee25a834751 3488 ctx_hint->memory->curIO++;
wolfSSL 11:cee25a834751 3489 ctx_hint->memory->curHa++;
wolfSSL 11:cee25a834751 3490 ssl_hint->memory = ctx_hint->memory;
wolfSSL 11:cee25a834751 3491 ssl_hint->haFlag = 1;
wolfSSL 11:cee25a834751 3492 wc_UnLockMutex(&(ctx_hint->memory->memory_mutex));
wolfSSL 11:cee25a834751 3493
wolfSSL 11:cee25a834751 3494 /* check if tracking stats */
wolfSSL 11:cee25a834751 3495 if (ctx_hint->memory->flag & WOLFMEM_TRACK_STATS) {
wolfSSL 11:cee25a834751 3496 ssl_hint->stats = (WOLFSSL_MEM_CONN_STATS*)XMALLOC(
wolfSSL 11:cee25a834751 3497 sizeof(WOLFSSL_MEM_CONN_STATS), ctx->heap, DYNAMIC_TYPE_SSL);
wolfSSL 11:cee25a834751 3498 if (ssl_hint->stats == NULL) {
wolfSSL 11:cee25a834751 3499 return MEMORY_E;
wolfSSL 11:cee25a834751 3500 }
wolfSSL 11:cee25a834751 3501 XMEMSET(ssl_hint->stats, 0, sizeof(WOLFSSL_MEM_CONN_STATS));
wolfSSL 11:cee25a834751 3502 }
wolfSSL 11:cee25a834751 3503
wolfSSL 11:cee25a834751 3504 /* check if using fixed IO buffers */
wolfSSL 11:cee25a834751 3505 if (ctx_hint->memory->flag & WOLFMEM_IO_POOL_FIXED) {
wolfSSL 11:cee25a834751 3506 if (wc_LockMutex(&(ctx_hint->memory->memory_mutex)) != 0) {
wolfSSL 11:cee25a834751 3507 WOLFSSL_MSG("Bad memory_mutex lock");
wolfSSL 11:cee25a834751 3508 return BAD_MUTEX_E;
wolfSSL 11:cee25a834751 3509 }
wolfSSL 11:cee25a834751 3510 if (SetFixedIO(ctx_hint->memory, &(ssl_hint->inBuf)) != 1) {
wolfSSL 11:cee25a834751 3511 wc_UnLockMutex(&(ctx_hint->memory->memory_mutex));
wolfSSL 11:cee25a834751 3512 return MEMORY_E;
wolfSSL 11:cee25a834751 3513 }
wolfSSL 11:cee25a834751 3514 if (SetFixedIO(ctx_hint->memory, &(ssl_hint->outBuf)) != 1) {
wolfSSL 11:cee25a834751 3515 wc_UnLockMutex(&(ctx_hint->memory->memory_mutex));
wolfSSL 11:cee25a834751 3516 return MEMORY_E;
wolfSSL 11:cee25a834751 3517 }
wolfSSL 11:cee25a834751 3518 if (ssl_hint->outBuf == NULL || ssl_hint->inBuf == NULL) {
wolfSSL 11:cee25a834751 3519 WOLFSSL_MSG("Not enough memory to create fixed IO buffers");
wolfSSL 11:cee25a834751 3520 wc_UnLockMutex(&(ctx_hint->memory->memory_mutex));
wolfSSL 11:cee25a834751 3521 return MEMORY_E;
wolfSSL 11:cee25a834751 3522 }
wolfSSL 11:cee25a834751 3523 wc_UnLockMutex(&(ctx_hint->memory->memory_mutex));
wolfSSL 11:cee25a834751 3524 }
wolfSSL 11:cee25a834751 3525 #ifdef WOLFSSL_HEAP_TEST
wolfSSL 11:cee25a834751 3526 }
wolfSSL 11:cee25a834751 3527 #endif
wolfSSL 11:cee25a834751 3528 }
wolfSSL 11:cee25a834751 3529 else {
wolfSSL 11:cee25a834751 3530 ssl->heap = ctx->heap;
wolfSSL 11:cee25a834751 3531 }
wolfSSL 11:cee25a834751 3532 #else
wolfSSL 11:cee25a834751 3533 ssl->heap = ctx->heap; /* carry over user heap without static memory */
wolfSSL 11:cee25a834751 3534 #endif /* WOLFSSL_STATIC_MEMORY */
wolfSSL 11:cee25a834751 3535
wolfSSL 11:cee25a834751 3536 ssl->buffers.inputBuffer.buffer = ssl->buffers.inputBuffer.staticBuffer;
wolfSSL 11:cee25a834751 3537 ssl->buffers.inputBuffer.bufferSize = STATIC_BUFFER_LEN;
wolfSSL 11:cee25a834751 3538
wolfSSL 11:cee25a834751 3539 ssl->buffers.outputBuffer.buffer = ssl->buffers.outputBuffer.staticBuffer;
wolfSSL 11:cee25a834751 3540 ssl->buffers.outputBuffer.bufferSize = STATIC_BUFFER_LEN;
wolfSSL 11:cee25a834751 3541
wolfSSL 11:cee25a834751 3542 #if defined(KEEP_PEER_CERT) || defined(GOAHEAD_WS)
wolfSSL 11:cee25a834751 3543 InitX509(&ssl->peerCert, 0, ssl->heap);
wolfSSL 11:cee25a834751 3544 #endif
wolfSSL 11:cee25a834751 3545
wolfSSL 11:cee25a834751 3546 ssl->rfd = -1; /* set to invalid descriptor */
wolfSSL 11:cee25a834751 3547 ssl->wfd = -1;
wolfSSL 11:cee25a834751 3548 ssl->devId = ctx->devId; /* device for async HW (from wolfAsync_DevOpen) */
wolfSSL 11:cee25a834751 3549
wolfSSL 11:cee25a834751 3550 ssl->IOCB_ReadCtx = &ssl->rfd; /* prevent invalid pointer access if not */
wolfSSL 11:cee25a834751 3551 ssl->IOCB_WriteCtx = &ssl->wfd; /* correctly set */
wolfSSL 11:cee25a834751 3552
wolfSSL 11:cee25a834751 3553 #ifdef HAVE_NETX
wolfSSL 11:cee25a834751 3554 ssl->IOCB_ReadCtx = &ssl->nxCtx; /* default NetX IO ctx, same for read */
wolfSSL 11:cee25a834751 3555 ssl->IOCB_WriteCtx = &ssl->nxCtx; /* and write */
wolfSSL 11:cee25a834751 3556 #endif
wolfSSL 11:cee25a834751 3557
wolfSSL 11:cee25a834751 3558 /* initialize states */
wolfSSL 11:cee25a834751 3559 ssl->options.serverState = NULL_STATE;
wolfSSL 11:cee25a834751 3560 ssl->options.clientState = NULL_STATE;
wolfSSL 11:cee25a834751 3561 ssl->options.connectState = CONNECT_BEGIN;
wolfSSL 11:cee25a834751 3562 ssl->options.acceptState = ACCEPT_BEGIN;
wolfSSL 11:cee25a834751 3563 ssl->options.handShakeState = NULL_STATE;
wolfSSL 11:cee25a834751 3564 ssl->options.processReply = doProcessInit;
wolfSSL 11:cee25a834751 3565 ssl->options.asyncState = TLS_ASYNC_BEGIN;
wolfSSL 11:cee25a834751 3566 ssl->options.buildMsgState = BUILD_MSG_BEGIN;
wolfSSL 11:cee25a834751 3567 ssl->encrypt.state = CIPHER_STATE_BEGIN;
wolfSSL 11:cee25a834751 3568 ssl->decrypt.state = CIPHER_STATE_BEGIN;
wolfSSL 11:cee25a834751 3569
wolfSSL 11:cee25a834751 3570 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 3571 #ifdef WOLFSSL_SCTP
wolfSSL 11:cee25a834751 3572 ssl->options.dtlsSctp = ctx->dtlsSctp;
wolfSSL 11:cee25a834751 3573 ssl->dtlsMtuSz = ctx->dtlsMtuSz;
wolfSSL 11:cee25a834751 3574 ssl->dtls_expected_rx = ssl->dtlsMtuSz;
wolfSSL 11:cee25a834751 3575 #else
wolfSSL 11:cee25a834751 3576 ssl->dtls_expected_rx = MAX_MTU;
wolfSSL 11:cee25a834751 3577 #endif
wolfSSL 11:cee25a834751 3578 ssl->dtls_timeout_init = DTLS_TIMEOUT_INIT;
wolfSSL 11:cee25a834751 3579 ssl->dtls_timeout_max = DTLS_TIMEOUT_MAX;
wolfSSL 11:cee25a834751 3580 ssl->dtls_timeout = ssl->dtls_timeout_init;
wolfSSL 11:cee25a834751 3581 ssl->buffers.dtlsCtx.rfd = -1;
wolfSSL 11:cee25a834751 3582 ssl->buffers.dtlsCtx.wfd = -1;
wolfSSL 11:cee25a834751 3583 #endif
wolfSSL 11:cee25a834751 3584
wolfSSL 11:cee25a834751 3585 #ifndef NO_OLD_TLS
wolfSSL 11:cee25a834751 3586 ssl->hmac = SSL_hmac; /* default to SSLv3 */
wolfSSL 11:cee25a834751 3587 #else
wolfSSL 11:cee25a834751 3588 ssl->hmac = TLS_hmac;
wolfSSL 11:cee25a834751 3589 #endif
wolfSSL 11:cee25a834751 3590
wolfSSL 11:cee25a834751 3591
wolfSSL 11:cee25a834751 3592 ssl->cipher.ssl = ssl;
wolfSSL 11:cee25a834751 3593
wolfSSL 11:cee25a834751 3594 #ifdef HAVE_EXTENDED_MASTER
wolfSSL 11:cee25a834751 3595 ssl->options.haveEMS = ctx->haveEMS;
wolfSSL 11:cee25a834751 3596 #endif
wolfSSL 11:cee25a834751 3597 ssl->options.useClientOrder = ctx->useClientOrder;
wolfSSL 11:cee25a834751 3598
wolfSSL 11:cee25a834751 3599 #ifdef HAVE_TLS_EXTENSIONS
wolfSSL 11:cee25a834751 3600 #ifdef HAVE_MAX_FRAGMENT
wolfSSL 11:cee25a834751 3601 ssl->max_fragment = MAX_RECORD_SIZE;
wolfSSL 11:cee25a834751 3602 #endif
wolfSSL 11:cee25a834751 3603 #ifdef HAVE_ALPN
wolfSSL 11:cee25a834751 3604 ssl->alpn_client_list = NULL;
wolfSSL 11:cee25a834751 3605 #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
wolfSSL 11:cee25a834751 3606 ssl->alpnSelect = ctx->alpnSelect;
wolfSSL 11:cee25a834751 3607 ssl->alpnSelectArg = ctx->alpnSelectArg;
wolfSSL 11:cee25a834751 3608 #endif
wolfSSL 11:cee25a834751 3609 #endif
wolfSSL 11:cee25a834751 3610 #ifdef HAVE_SUPPORTED_CURVES
wolfSSL 11:cee25a834751 3611 ssl->options.userCurves = ctx->userCurves;
wolfSSL 11:cee25a834751 3612 #endif
wolfSSL 11:cee25a834751 3613 #endif /* HAVE_TLS_EXTENSIONS */
wolfSSL 11:cee25a834751 3614
wolfSSL 11:cee25a834751 3615 /* default alert state (none) */
wolfSSL 11:cee25a834751 3616 ssl->alert_history.last_rx.code = -1;
wolfSSL 11:cee25a834751 3617 ssl->alert_history.last_rx.level = -1;
wolfSSL 11:cee25a834751 3618 ssl->alert_history.last_tx.code = -1;
wolfSSL 11:cee25a834751 3619 ssl->alert_history.last_tx.level = -1;
wolfSSL 11:cee25a834751 3620
wolfSSL 11:cee25a834751 3621 InitCiphers(ssl);
wolfSSL 11:cee25a834751 3622 InitCipherSpecs(&ssl->specs);
wolfSSL 11:cee25a834751 3623
wolfSSL 11:cee25a834751 3624 /* all done with init, now can return errors, call other stuff */
wolfSSL 11:cee25a834751 3625
wolfSSL 11:cee25a834751 3626 if (!writeDup) {
wolfSSL 11:cee25a834751 3627 /* arrays */
wolfSSL 11:cee25a834751 3628 ssl->arrays = (Arrays*)XMALLOC(sizeof(Arrays), ssl->heap,
wolfSSL 11:cee25a834751 3629 DYNAMIC_TYPE_ARRAYS);
wolfSSL 11:cee25a834751 3630 if (ssl->arrays == NULL) {
wolfSSL 11:cee25a834751 3631 WOLFSSL_MSG("Arrays Memory error");
wolfSSL 11:cee25a834751 3632 return MEMORY_E;
wolfSSL 11:cee25a834751 3633 }
wolfSSL 11:cee25a834751 3634 XMEMSET(ssl->arrays, 0, sizeof(Arrays));
wolfSSL 11:cee25a834751 3635 ssl->arrays->preMasterSecret = (byte*)XMALLOC(ENCRYPT_LEN, ssl->heap,
wolfSSL 11:cee25a834751 3636 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 3637 if (ssl->arrays->preMasterSecret == NULL) {
wolfSSL 11:cee25a834751 3638 return MEMORY_E;
wolfSSL 11:cee25a834751 3639 }
wolfSSL 11:cee25a834751 3640 XMEMSET(ssl->arrays->preMasterSecret, 0, ENCRYPT_LEN);
wolfSSL 11:cee25a834751 3641
wolfSSL 11:cee25a834751 3642 /* suites */
wolfSSL 11:cee25a834751 3643 ssl->suites = (Suites*)XMALLOC(sizeof(Suites), ssl->heap,
wolfSSL 11:cee25a834751 3644 DYNAMIC_TYPE_SUITES);
wolfSSL 11:cee25a834751 3645 if (ssl->suites == NULL) {
wolfSSL 11:cee25a834751 3646 WOLFSSL_MSG("Suites Memory error");
wolfSSL 11:cee25a834751 3647 return MEMORY_E;
wolfSSL 11:cee25a834751 3648 }
wolfSSL 11:cee25a834751 3649 }
wolfSSL 11:cee25a834751 3650
wolfSSL 11:cee25a834751 3651 /* Initialize SSL with the appropriate fields from it's ctx */
wolfSSL 11:cee25a834751 3652 /* requires valid arrays and suites unless writeDup ing */
wolfSSL 11:cee25a834751 3653 if ((ret = SetSSL_CTX(ssl, ctx, writeDup)) != SSL_SUCCESS)
wolfSSL 11:cee25a834751 3654 return ret;
wolfSSL 11:cee25a834751 3655
wolfSSL 11:cee25a834751 3656 ssl->options.dtls = ssl->version.major == DTLS_MAJOR;
wolfSSL 11:cee25a834751 3657
wolfSSL 11:cee25a834751 3658 #ifdef SINGLE_THREADED
wolfSSL 11:cee25a834751 3659 ssl->rng = ctx->rng; /* CTX may have one, if so use it */
wolfSSL 11:cee25a834751 3660 #endif
wolfSSL 11:cee25a834751 3661
wolfSSL 11:cee25a834751 3662 if (ssl->rng == NULL) {
wolfSSL 11:cee25a834751 3663 /* RNG */
wolfSSL 11:cee25a834751 3664 ssl->rng = (WC_RNG*)XMALLOC(sizeof(WC_RNG), ssl->heap,DYNAMIC_TYPE_RNG);
wolfSSL 11:cee25a834751 3665 if (ssl->rng == NULL) {
wolfSSL 11:cee25a834751 3666 WOLFSSL_MSG("RNG Memory error");
wolfSSL 11:cee25a834751 3667 return MEMORY_E;
wolfSSL 11:cee25a834751 3668 }
wolfSSL 11:cee25a834751 3669 XMEMSET(ssl->rng, 0, sizeof(WC_RNG));
wolfSSL 11:cee25a834751 3670 ssl->options.weOwnRng = 1;
wolfSSL 11:cee25a834751 3671
wolfSSL 11:cee25a834751 3672 /* FIPS RNG API does not accept a heap hint */
wolfSSL 11:cee25a834751 3673 #ifndef HAVE_FIPS
wolfSSL 11:cee25a834751 3674 if ( (ret = wc_InitRng_ex(ssl->rng, ssl->heap, ssl->devId)) != 0) {
wolfSSL 11:cee25a834751 3675 WOLFSSL_MSG("RNG Init error");
wolfSSL 11:cee25a834751 3676 return ret;
wolfSSL 11:cee25a834751 3677 }
wolfSSL 11:cee25a834751 3678 #else
wolfSSL 11:cee25a834751 3679 if ( (ret = wc_InitRng(ssl->rng)) != 0) {
wolfSSL 11:cee25a834751 3680 WOLFSSL_MSG("RNG Init error");
wolfSSL 11:cee25a834751 3681 return ret;
wolfSSL 11:cee25a834751 3682 }
wolfSSL 11:cee25a834751 3683 #endif
wolfSSL 11:cee25a834751 3684 }
wolfSSL 11:cee25a834751 3685
wolfSSL 11:cee25a834751 3686 if (writeDup) {
wolfSSL 11:cee25a834751 3687 /* all done */
wolfSSL 11:cee25a834751 3688 return 0;
wolfSSL 11:cee25a834751 3689 }
wolfSSL 11:cee25a834751 3690
wolfSSL 11:cee25a834751 3691 /* hsHashes */
wolfSSL 11:cee25a834751 3692 ret = InitHashes(ssl);
wolfSSL 11:cee25a834751 3693 if (ret != 0)
wolfSSL 11:cee25a834751 3694 return ret;
wolfSSL 11:cee25a834751 3695
wolfSSL 11:cee25a834751 3696 #if defined(WOLFSSL_DTLS) && !defined(NO_WOLFSSL_SERVER)
wolfSSL 11:cee25a834751 3697 if (ssl->options.dtls && ssl->options.side == WOLFSSL_SERVER_END) {
wolfSSL 11:cee25a834751 3698 ret = wolfSSL_DTLS_SetCookieSecret(ssl, NULL, 0);
wolfSSL 11:cee25a834751 3699 if (ret != 0) {
wolfSSL 11:cee25a834751 3700 WOLFSSL_MSG("DTLS Cookie Secret error");
wolfSSL 11:cee25a834751 3701 return ret;
wolfSSL 11:cee25a834751 3702 }
wolfSSL 11:cee25a834751 3703 }
wolfSSL 11:cee25a834751 3704 #endif /* WOLFSSL_DTLS && !NO_WOLFSSL_SERVER */
wolfSSL 11:cee25a834751 3705
wolfSSL 11:cee25a834751 3706 #ifdef HAVE_SECRET_CALLBACK
wolfSSL 11:cee25a834751 3707 ssl->sessionSecretCb = NULL;
wolfSSL 11:cee25a834751 3708 ssl->sessionSecretCtx = NULL;
wolfSSL 11:cee25a834751 3709 #endif
wolfSSL 11:cee25a834751 3710
wolfSSL 11:cee25a834751 3711 #ifdef HAVE_SESSION_TICKET
wolfSSL 11:cee25a834751 3712 ssl->session.ticket = ssl->session.staticTicket;
wolfSSL 11:cee25a834751 3713 #endif
wolfSSL 11:cee25a834751 3714 return 0;
wolfSSL 11:cee25a834751 3715 }
wolfSSL 11:cee25a834751 3716
wolfSSL 11:cee25a834751 3717
wolfSSL 11:cee25a834751 3718 /* free use of temporary arrays */
wolfSSL 11:cee25a834751 3719 void FreeArrays(WOLFSSL* ssl, int keep)
wolfSSL 11:cee25a834751 3720 {
wolfSSL 11:cee25a834751 3721 if (ssl->arrays) {
wolfSSL 11:cee25a834751 3722 if (keep) {
wolfSSL 11:cee25a834751 3723 /* keeps session id for user retrieval */
wolfSSL 11:cee25a834751 3724 XMEMCPY(ssl->session.sessionID, ssl->arrays->sessionID, ID_LEN);
wolfSSL 11:cee25a834751 3725 ssl->session.sessionIDSz = ssl->arrays->sessionIDSz;
wolfSSL 11:cee25a834751 3726 }
wolfSSL 11:cee25a834751 3727 if (ssl->arrays->preMasterSecret) {
wolfSSL 11:cee25a834751 3728 XFREE(ssl->arrays->preMasterSecret, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 3729 ssl->arrays->preMasterSecret = NULL;
wolfSSL 11:cee25a834751 3730 }
wolfSSL 11:cee25a834751 3731 XFREE(ssl->arrays->pendingMsg, ssl->heap, DYNAMIC_TYPE_ARRAYS);
wolfSSL 11:cee25a834751 3732 ssl->arrays->pendingMsg = NULL;
wolfSSL 11:cee25a834751 3733 ForceZero(ssl->arrays, sizeof(Arrays)); /* clear arrays struct */
wolfSSL 11:cee25a834751 3734 }
wolfSSL 11:cee25a834751 3735 XFREE(ssl->arrays, ssl->heap, DYNAMIC_TYPE_ARRAYS);
wolfSSL 11:cee25a834751 3736 ssl->arrays = NULL;
wolfSSL 11:cee25a834751 3737 }
wolfSSL 11:cee25a834751 3738
wolfSSL 11:cee25a834751 3739 void FreeKey(WOLFSSL* ssl, int type, void** pKey)
wolfSSL 11:cee25a834751 3740 {
wolfSSL 11:cee25a834751 3741 if (ssl && pKey && *pKey) {
wolfSSL 11:cee25a834751 3742 switch (type) {
wolfSSL 11:cee25a834751 3743 #ifndef NO_RSA
wolfSSL 11:cee25a834751 3744 case DYNAMIC_TYPE_RSA:
wolfSSL 11:cee25a834751 3745 wc_FreeRsaKey((RsaKey*)*pKey);
wolfSSL 11:cee25a834751 3746 break;
wolfSSL 11:cee25a834751 3747 #endif /* ! NO_RSA */
wolfSSL 11:cee25a834751 3748 #ifdef HAVE_ECC
wolfSSL 11:cee25a834751 3749 case DYNAMIC_TYPE_ECC:
wolfSSL 11:cee25a834751 3750 wc_ecc_free((ecc_key*)*pKey);
wolfSSL 11:cee25a834751 3751 break;
wolfSSL 11:cee25a834751 3752 #endif /* HAVE_ECC */
wolfSSL 11:cee25a834751 3753 #ifndef NO_DH
wolfSSL 11:cee25a834751 3754 case DYNAMIC_TYPE_DH:
wolfSSL 11:cee25a834751 3755 wc_FreeDhKey((DhKey*)*pKey);
wolfSSL 11:cee25a834751 3756 break;
wolfSSL 11:cee25a834751 3757 #endif /* !NO_DH */
wolfSSL 11:cee25a834751 3758 default:
wolfSSL 11:cee25a834751 3759 break;
wolfSSL 11:cee25a834751 3760 }
wolfSSL 11:cee25a834751 3761 XFREE(*pKey, ssl->heap, type);
wolfSSL 11:cee25a834751 3762
wolfSSL 11:cee25a834751 3763 /* Reset pointer */
wolfSSL 11:cee25a834751 3764 *pKey = NULL;
wolfSSL 11:cee25a834751 3765 }
wolfSSL 11:cee25a834751 3766 }
wolfSSL 11:cee25a834751 3767
wolfSSL 11:cee25a834751 3768 int AllocKey(WOLFSSL* ssl, int type, void** pKey)
wolfSSL 11:cee25a834751 3769 {
wolfSSL 11:cee25a834751 3770 int ret = BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 3771 int sz = 0;
wolfSSL 11:cee25a834751 3772
wolfSSL 11:cee25a834751 3773 if (ssl == NULL || pKey == NULL) {
wolfSSL 11:cee25a834751 3774 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 3775 }
wolfSSL 11:cee25a834751 3776
wolfSSL 11:cee25a834751 3777 /* Sanity check key destination */
wolfSSL 11:cee25a834751 3778 if (*pKey != NULL) {
wolfSSL 11:cee25a834751 3779 WOLFSSL_MSG("Key already present!");
wolfSSL 11:cee25a834751 3780 return BAD_STATE_E;
wolfSSL 11:cee25a834751 3781 }
wolfSSL 11:cee25a834751 3782
wolfSSL 11:cee25a834751 3783 /* Determine size */
wolfSSL 11:cee25a834751 3784 switch (type) {
wolfSSL 11:cee25a834751 3785 case DYNAMIC_TYPE_RSA:
wolfSSL 11:cee25a834751 3786 #ifndef NO_RSA
wolfSSL 11:cee25a834751 3787 sz = sizeof(RsaKey);
wolfSSL 11:cee25a834751 3788 #endif /* ! NO_RSA */
wolfSSL 11:cee25a834751 3789 break;
wolfSSL 11:cee25a834751 3790 case DYNAMIC_TYPE_ECC:
wolfSSL 11:cee25a834751 3791 #ifdef HAVE_ECC
wolfSSL 11:cee25a834751 3792 sz = sizeof(ecc_key);
wolfSSL 11:cee25a834751 3793 #endif /* HAVE_ECC */
wolfSSL 11:cee25a834751 3794 break;
wolfSSL 11:cee25a834751 3795 case DYNAMIC_TYPE_DH:
wolfSSL 11:cee25a834751 3796 #ifndef NO_DH
wolfSSL 11:cee25a834751 3797 sz = sizeof(DhKey);
wolfSSL 11:cee25a834751 3798 #endif /* !NO_DH */
wolfSSL 11:cee25a834751 3799 break;
wolfSSL 11:cee25a834751 3800 default:
wolfSSL 11:cee25a834751 3801 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 3802 }
wolfSSL 11:cee25a834751 3803
wolfSSL 11:cee25a834751 3804 if (sz == 0) {
wolfSSL 11:cee25a834751 3805 return NOT_COMPILED_IN;
wolfSSL 11:cee25a834751 3806 }
wolfSSL 11:cee25a834751 3807
wolfSSL 11:cee25a834751 3808 /* Allocate memeory for key */
wolfSSL 11:cee25a834751 3809 *pKey = XMALLOC(sz, ssl->heap, type);
wolfSSL 11:cee25a834751 3810 if (*pKey == NULL) {
wolfSSL 11:cee25a834751 3811 return MEMORY_E;
wolfSSL 11:cee25a834751 3812 }
wolfSSL 11:cee25a834751 3813
wolfSSL 11:cee25a834751 3814 /* Initialize key */
wolfSSL 11:cee25a834751 3815 switch (type) {
wolfSSL 11:cee25a834751 3816 #ifndef NO_RSA
wolfSSL 11:cee25a834751 3817 case DYNAMIC_TYPE_RSA:
wolfSSL 11:cee25a834751 3818 ret = wc_InitRsaKey_ex((RsaKey*)*pKey, ssl->heap, ssl->devId);
wolfSSL 11:cee25a834751 3819 break;
wolfSSL 11:cee25a834751 3820 #endif /* ! NO_RSA */
wolfSSL 11:cee25a834751 3821 #ifdef HAVE_ECC
wolfSSL 11:cee25a834751 3822 case DYNAMIC_TYPE_ECC:
wolfSSL 11:cee25a834751 3823 ret = wc_ecc_init_ex((ecc_key*)*pKey, ssl->heap, ssl->devId);
wolfSSL 11:cee25a834751 3824 break;
wolfSSL 11:cee25a834751 3825 #endif /* HAVE_ECC */
wolfSSL 11:cee25a834751 3826 #ifndef NO_DH
wolfSSL 11:cee25a834751 3827 case DYNAMIC_TYPE_DH:
wolfSSL 11:cee25a834751 3828 ret = wc_InitDhKey_ex((DhKey*)*pKey, ssl->heap, ssl->devId);
wolfSSL 11:cee25a834751 3829 break;
wolfSSL 11:cee25a834751 3830 #endif /* !NO_DH */
wolfSSL 11:cee25a834751 3831 default:
wolfSSL 11:cee25a834751 3832 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 3833 }
wolfSSL 11:cee25a834751 3834
wolfSSL 11:cee25a834751 3835 /* On error free handshake key */
wolfSSL 11:cee25a834751 3836 if (ret != 0) {
wolfSSL 11:cee25a834751 3837 FreeKey(ssl, type, pKey);
wolfSSL 11:cee25a834751 3838 }
wolfSSL 11:cee25a834751 3839
wolfSSL 11:cee25a834751 3840 return ret;
wolfSSL 11:cee25a834751 3841 }
wolfSSL 11:cee25a834751 3842
wolfSSL 11:cee25a834751 3843 static void FreeKeyExchange(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 3844 {
wolfSSL 11:cee25a834751 3845 /* Cleanup signature buffer */
wolfSSL 11:cee25a834751 3846 if (ssl->buffers.sig.buffer) {
wolfSSL 11:cee25a834751 3847 XFREE(ssl->buffers.sig.buffer, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 3848 ssl->buffers.sig.buffer = NULL;
wolfSSL 11:cee25a834751 3849 ssl->buffers.sig.length = 0;
wolfSSL 11:cee25a834751 3850 }
wolfSSL 11:cee25a834751 3851
wolfSSL 11:cee25a834751 3852 /* Cleanup digest buffer */
wolfSSL 11:cee25a834751 3853 if (ssl->buffers.digest.buffer) {
wolfSSL 11:cee25a834751 3854 XFREE(ssl->buffers.digest.buffer, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 3855 ssl->buffers.digest.buffer = NULL;
wolfSSL 11:cee25a834751 3856 ssl->buffers.digest.length = 0;
wolfSSL 11:cee25a834751 3857 }
wolfSSL 11:cee25a834751 3858
wolfSSL 11:cee25a834751 3859 /* Free handshake key */
wolfSSL 11:cee25a834751 3860 FreeKey(ssl, ssl->hsType, &ssl->hsKey);
wolfSSL 11:cee25a834751 3861
wolfSSL 11:cee25a834751 3862 #ifndef NO_DH
wolfSSL 11:cee25a834751 3863 /* Free temp DH key */
wolfSSL 11:cee25a834751 3864 FreeKey(ssl, DYNAMIC_TYPE_DH, (void**)&ssl->buffers.serverDH_Key);
wolfSSL 11:cee25a834751 3865 #endif
wolfSSL 11:cee25a834751 3866
wolfSSL 11:cee25a834751 3867 /* Cleanup async */
wolfSSL 11:cee25a834751 3868 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 11:cee25a834751 3869 if (ssl->async.freeArgs) {
wolfSSL 11:cee25a834751 3870 ssl->async.freeArgs(ssl, ssl->async.args);
wolfSSL 11:cee25a834751 3871 ssl->async.freeArgs = NULL;
wolfSSL 11:cee25a834751 3872 }
wolfSSL 11:cee25a834751 3873 #endif
wolfSSL 11:cee25a834751 3874 }
wolfSSL 11:cee25a834751 3875
wolfSSL 11:cee25a834751 3876 /* In case holding SSL object in array and don't want to free actual ssl */
wolfSSL 11:cee25a834751 3877 void SSL_ResourceFree(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 3878 {
wolfSSL 11:cee25a834751 3879 /* Note: any resources used during the handshake should be released in the
wolfSSL 11:cee25a834751 3880 * function FreeHandshakeResources(). Be careful with the special cases
wolfSSL 11:cee25a834751 3881 * like the RNG which may optionally be kept for the whole session. (For
wolfSSL 11:cee25a834751 3882 * example with the RNG, it isn't used beyond the handshake except when
wolfSSL 11:cee25a834751 3883 * using stream ciphers where it is retained. */
wolfSSL 11:cee25a834751 3884
wolfSSL 11:cee25a834751 3885 FreeCiphers(ssl);
wolfSSL 11:cee25a834751 3886 FreeArrays(ssl, 0);
wolfSSL 11:cee25a834751 3887 FreeKeyExchange(ssl);
wolfSSL 11:cee25a834751 3888 if (ssl->options.weOwnRng) {
wolfSSL 11:cee25a834751 3889 wc_FreeRng(ssl->rng);
wolfSSL 11:cee25a834751 3890 XFREE(ssl->rng, ssl->heap, DYNAMIC_TYPE_RNG);
wolfSSL 11:cee25a834751 3891 }
wolfSSL 11:cee25a834751 3892 XFREE(ssl->suites, ssl->heap, DYNAMIC_TYPE_SUITES);
wolfSSL 11:cee25a834751 3893 FreeHashes(ssl);
wolfSSL 11:cee25a834751 3894 XFREE(ssl->buffers.domainName.buffer, ssl->heap, DYNAMIC_TYPE_DOMAIN);
wolfSSL 11:cee25a834751 3895
wolfSSL 11:cee25a834751 3896 /* clear keys struct after session */
wolfSSL 11:cee25a834751 3897 ForceZero(&ssl->keys, sizeof(Keys));
wolfSSL 11:cee25a834751 3898
wolfSSL 11:cee25a834751 3899 #ifndef NO_DH
wolfSSL 11:cee25a834751 3900 if (ssl->buffers.serverDH_Priv.buffer) {
wolfSSL 11:cee25a834751 3901 ForceZero(ssl->buffers.serverDH_Priv.buffer,
wolfSSL 11:cee25a834751 3902 ssl->buffers.serverDH_Priv.length);
wolfSSL 11:cee25a834751 3903 }
wolfSSL 11:cee25a834751 3904 XFREE(ssl->buffers.serverDH_Priv.buffer, ssl->heap, DYNAMIC_TYPE_DH_BUFFER);
wolfSSL 11:cee25a834751 3905 XFREE(ssl->buffers.serverDH_Pub.buffer, ssl->heap, DYNAMIC_TYPE_DH_BUFFER);
wolfSSL 11:cee25a834751 3906 /* parameters (p,g) may be owned by ctx */
wolfSSL 11:cee25a834751 3907 if (ssl->buffers.weOwnDH || ssl->options.side == WOLFSSL_CLIENT_END) {
wolfSSL 11:cee25a834751 3908 XFREE(ssl->buffers.serverDH_G.buffer, ssl->heap, DYNAMIC_TYPE_DH_BUFFER);
wolfSSL 11:cee25a834751 3909 XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap, DYNAMIC_TYPE_DH_BUFFER);
wolfSSL 11:cee25a834751 3910 }
wolfSSL 11:cee25a834751 3911 #endif /* !NO_DH */
wolfSSL 11:cee25a834751 3912 #ifndef NO_CERTS
wolfSSL 11:cee25a834751 3913 ssl->keepCert = 0; /* make sure certificate is free'd */
wolfSSL 11:cee25a834751 3914 wolfSSL_UnloadCertsKeys(ssl);
wolfSSL 11:cee25a834751 3915 #endif
wolfSSL 11:cee25a834751 3916 #ifndef NO_RSA
wolfSSL 11:cee25a834751 3917 FreeKey(ssl, DYNAMIC_TYPE_RSA, (void**)&ssl->peerRsaKey);
wolfSSL 11:cee25a834751 3918 ssl->peerRsaKeyPresent = 0;
wolfSSL 11:cee25a834751 3919 #endif
wolfSSL 11:cee25a834751 3920 if (ssl->buffers.inputBuffer.dynamicFlag)
wolfSSL 11:cee25a834751 3921 ShrinkInputBuffer(ssl, FORCED_FREE);
wolfSSL 11:cee25a834751 3922 if (ssl->buffers.outputBuffer.dynamicFlag)
wolfSSL 11:cee25a834751 3923 ShrinkOutputBuffer(ssl);
wolfSSL 11:cee25a834751 3924 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 3925 DtlsMsgPoolReset(ssl);
wolfSSL 11:cee25a834751 3926 if (ssl->dtls_rx_msg_list != NULL) {
wolfSSL 11:cee25a834751 3927 DtlsMsgListDelete(ssl->dtls_rx_msg_list, ssl->heap);
wolfSSL 11:cee25a834751 3928 ssl->dtls_rx_msg_list = NULL;
wolfSSL 11:cee25a834751 3929 ssl->dtls_rx_msg_list_sz = 0;
wolfSSL 11:cee25a834751 3930 }
wolfSSL 11:cee25a834751 3931 XFREE(ssl->buffers.dtlsCtx.peer.sa, ssl->heap, DYNAMIC_TYPE_SOCKADDR);
wolfSSL 11:cee25a834751 3932 ssl->buffers.dtlsCtx.peer.sa = NULL;
wolfSSL 11:cee25a834751 3933 #ifndef NO_WOLFSSL_SERVER
wolfSSL 11:cee25a834751 3934 XFREE(ssl->buffers.dtlsCookieSecret.buffer, ssl->heap,
wolfSSL 11:cee25a834751 3935 DYNAMIC_TYPE_COOKIE_PWD);
wolfSSL 11:cee25a834751 3936 #endif
wolfSSL 11:cee25a834751 3937 #endif /* WOLFSSL_DTLS */
wolfSSL 11:cee25a834751 3938 #if defined(OPENSSL_EXTRA) || defined(GOAHEAD_WS)
wolfSSL 11:cee25a834751 3939 if (ssl->biord != ssl->biowr) /* only free write if different */
wolfSSL 11:cee25a834751 3940 wolfSSL_BIO_free(ssl->biowr);
wolfSSL 11:cee25a834751 3941 wolfSSL_BIO_free(ssl->biord); /* always free read bio */
wolfSSL 11:cee25a834751 3942 #endif
wolfSSL 11:cee25a834751 3943 #ifdef HAVE_LIBZ
wolfSSL 11:cee25a834751 3944 FreeStreams(ssl);
wolfSSL 11:cee25a834751 3945 #endif
wolfSSL 11:cee25a834751 3946 #ifdef HAVE_ECC
wolfSSL 11:cee25a834751 3947 FreeKey(ssl, DYNAMIC_TYPE_ECC, (void**)&ssl->peerEccKey);
wolfSSL 11:cee25a834751 3948 ssl->peerEccKeyPresent = 0;
wolfSSL 11:cee25a834751 3949 FreeKey(ssl, DYNAMIC_TYPE_ECC, (void**)&ssl->peerEccDsaKey);
wolfSSL 11:cee25a834751 3950 ssl->peerEccDsaKeyPresent = 0;
wolfSSL 11:cee25a834751 3951 FreeKey(ssl, DYNAMIC_TYPE_ECC, (void**)&ssl->eccTempKey);
wolfSSL 11:cee25a834751 3952 ssl->eccTempKeyPresent = 0;
wolfSSL 11:cee25a834751 3953 #endif /* HAVE_ECC */
wolfSSL 11:cee25a834751 3954 #ifdef HAVE_PK_CALLBACKS
wolfSSL 11:cee25a834751 3955 #ifdef HAVE_ECC
wolfSSL 11:cee25a834751 3956 XFREE(ssl->buffers.peerEccDsaKey.buffer, ssl->heap, DYNAMIC_TYPE_ECC);
wolfSSL 11:cee25a834751 3957 #endif /* HAVE_ECC */
wolfSSL 11:cee25a834751 3958 #ifndef NO_RSA
wolfSSL 11:cee25a834751 3959 XFREE(ssl->buffers.peerRsaKey.buffer, ssl->heap, DYNAMIC_TYPE_RSA);
wolfSSL 11:cee25a834751 3960 #endif /* NO_RSA */
wolfSSL 11:cee25a834751 3961 #endif /* HAVE_PK_CALLBACKS */
wolfSSL 11:cee25a834751 3962 #ifdef HAVE_TLS_EXTENSIONS
wolfSSL 11:cee25a834751 3963 TLSX_FreeAll(ssl->extensions, ssl->heap);
wolfSSL 11:cee25a834751 3964
wolfSSL 11:cee25a834751 3965 #ifdef HAVE_ALPN
wolfSSL 11:cee25a834751 3966 if (ssl->alpn_client_list != NULL) {
wolfSSL 11:cee25a834751 3967 XFREE(ssl->alpn_client_list, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 3968 ssl->alpn_client_list = NULL;
wolfSSL 11:cee25a834751 3969 }
wolfSSL 11:cee25a834751 3970 #endif
wolfSSL 11:cee25a834751 3971 #endif /* HAVE_TLS_EXTENSIONS */
wolfSSL 11:cee25a834751 3972 #ifdef HAVE_NETX
wolfSSL 11:cee25a834751 3973 if (ssl->nxCtx.nxPacket)
wolfSSL 11:cee25a834751 3974 nx_packet_release(ssl->nxCtx.nxPacket);
wolfSSL 11:cee25a834751 3975 #endif
wolfSSL 11:cee25a834751 3976 #if defined(KEEP_PEER_CERT) || defined(GOAHEAD_WS)
wolfSSL 11:cee25a834751 3977 FreeX509(&ssl->peerCert);
wolfSSL 11:cee25a834751 3978 #endif
wolfSSL 11:cee25a834751 3979
wolfSSL 11:cee25a834751 3980 #ifdef HAVE_SESSION_TICKET
wolfSSL 11:cee25a834751 3981 if (ssl->session.isDynamic) {
wolfSSL 11:cee25a834751 3982 XFREE(ssl->session.ticket, ssl->heap, DYNAMIC_TYPE_SESSION_TICK);
wolfSSL 11:cee25a834751 3983 ssl->session.ticket = ssl->session.staticTicket;
wolfSSL 11:cee25a834751 3984 ssl->session.isDynamic = 0;
wolfSSL 11:cee25a834751 3985 ssl->session.ticketLen = 0;
wolfSSL 11:cee25a834751 3986 }
wolfSSL 11:cee25a834751 3987 #endif
wolfSSL 11:cee25a834751 3988 #ifdef HAVE_EXT_CACHE
wolfSSL 11:cee25a834751 3989 wolfSSL_SESSION_free(ssl->extSession);
wolfSSL 11:cee25a834751 3990 #endif
wolfSSL 11:cee25a834751 3991 #ifdef HAVE_WRITE_DUP
wolfSSL 11:cee25a834751 3992 if (ssl->dupWrite) {
wolfSSL 11:cee25a834751 3993 FreeWriteDup(ssl);
wolfSSL 11:cee25a834751 3994 }
wolfSSL 11:cee25a834751 3995 #endif
wolfSSL 11:cee25a834751 3996
wolfSSL 11:cee25a834751 3997 #ifdef WOLFSSL_STATIC_MEMORY
wolfSSL 11:cee25a834751 3998 /* check if using fixed io buffers and free them */
wolfSSL 11:cee25a834751 3999 if (ssl->heap != NULL) {
wolfSSL 11:cee25a834751 4000 #ifdef WOLFSSL_HEAP_TEST
wolfSSL 11:cee25a834751 4001 /* avoid dereferencing a test value */
wolfSSL 11:cee25a834751 4002 if (ssl->heap != (void*)WOLFSSL_HEAP_TEST) {
wolfSSL 11:cee25a834751 4003 #endif
wolfSSL 11:cee25a834751 4004 WOLFSSL_HEAP_HINT* ssl_hint = (WOLFSSL_HEAP_HINT*)ssl->heap;
wolfSSL 11:cee25a834751 4005 WOLFSSL_HEAP* ctx_heap;
wolfSSL 11:cee25a834751 4006
wolfSSL 11:cee25a834751 4007 ctx_heap = ssl_hint->memory;
wolfSSL 11:cee25a834751 4008 if (wc_LockMutex(&(ctx_heap->memory_mutex)) != 0) {
wolfSSL 11:cee25a834751 4009 WOLFSSL_MSG("Bad memory_mutex lock");
wolfSSL 11:cee25a834751 4010 }
wolfSSL 11:cee25a834751 4011 ctx_heap->curIO--;
wolfSSL 11:cee25a834751 4012 if (FreeFixedIO(ctx_heap, &(ssl_hint->outBuf)) != 1) {
wolfSSL 11:cee25a834751 4013 WOLFSSL_MSG("Error freeing fixed output buffer");
wolfSSL 11:cee25a834751 4014 }
wolfSSL 11:cee25a834751 4015 if (FreeFixedIO(ctx_heap, &(ssl_hint->inBuf)) != 1) {
wolfSSL 11:cee25a834751 4016 WOLFSSL_MSG("Error freeing fixed output buffer");
wolfSSL 11:cee25a834751 4017 }
wolfSSL 11:cee25a834751 4018 if (ssl_hint->haFlag) { /* check if handshake count has been decreased*/
wolfSSL 11:cee25a834751 4019 ctx_heap->curHa--;
wolfSSL 11:cee25a834751 4020 }
wolfSSL 11:cee25a834751 4021 wc_UnLockMutex(&(ctx_heap->memory_mutex));
wolfSSL 11:cee25a834751 4022
wolfSSL 11:cee25a834751 4023 /* check if tracking stats */
wolfSSL 11:cee25a834751 4024 if (ctx_heap->flag & WOLFMEM_TRACK_STATS) {
wolfSSL 11:cee25a834751 4025 XFREE(ssl_hint->stats, ssl->ctx->heap, DYNAMIC_TYPE_SSL);
wolfSSL 11:cee25a834751 4026 }
wolfSSL 11:cee25a834751 4027 XFREE(ssl->heap, ssl->ctx->heap, DYNAMIC_TYPE_SSL);
wolfSSL 11:cee25a834751 4028 #ifdef WOLFSSL_HEAP_TEST
wolfSSL 11:cee25a834751 4029 }
wolfSSL 11:cee25a834751 4030 #endif
wolfSSL 11:cee25a834751 4031 }
wolfSSL 11:cee25a834751 4032 #endif /* WOLFSSL_STATIC_MEMORY */
wolfSSL 11:cee25a834751 4033 }
wolfSSL 11:cee25a834751 4034
wolfSSL 11:cee25a834751 4035 /* Free any handshake resources no longer needed */
wolfSSL 11:cee25a834751 4036 void FreeHandshakeResources(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 4037 {
wolfSSL 11:cee25a834751 4038
wolfSSL 11:cee25a834751 4039 #ifdef HAVE_SECURE_RENEGOTIATION
wolfSSL 11:cee25a834751 4040 if (ssl->secure_renegotiation && ssl->secure_renegotiation->enabled) {
wolfSSL 11:cee25a834751 4041 WOLFSSL_MSG("Secure Renegotiation needs to retain handshake resources");
wolfSSL 11:cee25a834751 4042 return;
wolfSSL 11:cee25a834751 4043 }
wolfSSL 11:cee25a834751 4044 #endif
wolfSSL 11:cee25a834751 4045
wolfSSL 11:cee25a834751 4046 /* input buffer */
wolfSSL 11:cee25a834751 4047 if (ssl->buffers.inputBuffer.dynamicFlag)
wolfSSL 11:cee25a834751 4048 ShrinkInputBuffer(ssl, NO_FORCED_FREE);
wolfSSL 11:cee25a834751 4049
wolfSSL 11:cee25a834751 4050 /* suites */
wolfSSL 11:cee25a834751 4051 XFREE(ssl->suites, ssl->heap, DYNAMIC_TYPE_SUITES);
wolfSSL 11:cee25a834751 4052 ssl->suites = NULL;
wolfSSL 11:cee25a834751 4053
wolfSSL 11:cee25a834751 4054 /* hsHashes */
wolfSSL 11:cee25a834751 4055 FreeHashes(ssl);
wolfSSL 11:cee25a834751 4056
wolfSSL 11:cee25a834751 4057 /* RNG */
wolfSSL 11:cee25a834751 4058 if (ssl->specs.cipher_type == stream || ssl->options.tls1_1 == 0) {
wolfSSL 11:cee25a834751 4059 if (ssl->options.weOwnRng) {
wolfSSL 11:cee25a834751 4060 wc_FreeRng(ssl->rng);
wolfSSL 11:cee25a834751 4061 XFREE(ssl->rng, ssl->heap, DYNAMIC_TYPE_RNG);
wolfSSL 11:cee25a834751 4062 ssl->rng = NULL;
wolfSSL 11:cee25a834751 4063 ssl->options.weOwnRng = 0;
wolfSSL 11:cee25a834751 4064 }
wolfSSL 11:cee25a834751 4065 }
wolfSSL 11:cee25a834751 4066
wolfSSL 11:cee25a834751 4067 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 4068 /* DTLS_POOL */
wolfSSL 11:cee25a834751 4069 if (ssl->options.dtls) {
wolfSSL 11:cee25a834751 4070 DtlsMsgPoolReset(ssl);
wolfSSL 11:cee25a834751 4071 DtlsMsgListDelete(ssl->dtls_rx_msg_list, ssl->heap);
wolfSSL 11:cee25a834751 4072 ssl->dtls_rx_msg_list = NULL;
wolfSSL 11:cee25a834751 4073 ssl->dtls_rx_msg_list_sz = 0;
wolfSSL 11:cee25a834751 4074 }
wolfSSL 11:cee25a834751 4075 #endif
wolfSSL 11:cee25a834751 4076
wolfSSL 11:cee25a834751 4077 /* arrays */
wolfSSL 11:cee25a834751 4078 if (ssl->options.saveArrays == 0)
wolfSSL 11:cee25a834751 4079 FreeArrays(ssl, 1);
wolfSSL 11:cee25a834751 4080
wolfSSL 11:cee25a834751 4081 #ifndef NO_RSA
wolfSSL 11:cee25a834751 4082 /* peerRsaKey */
wolfSSL 11:cee25a834751 4083 FreeKey(ssl, DYNAMIC_TYPE_RSA, (void**)&ssl->peerRsaKey);
wolfSSL 11:cee25a834751 4084 ssl->peerRsaKeyPresent = 0;
wolfSSL 11:cee25a834751 4085 #endif
wolfSSL 11:cee25a834751 4086
wolfSSL 11:cee25a834751 4087 #ifdef HAVE_ECC
wolfSSL 11:cee25a834751 4088 FreeKey(ssl, DYNAMIC_TYPE_ECC, (void**)&ssl->peerEccKey);
wolfSSL 11:cee25a834751 4089 ssl->peerEccKeyPresent = 0;
wolfSSL 11:cee25a834751 4090 FreeKey(ssl, DYNAMIC_TYPE_ECC, (void**)&ssl->peerEccDsaKey);
wolfSSL 11:cee25a834751 4091 ssl->peerEccDsaKeyPresent = 0;
wolfSSL 11:cee25a834751 4092 FreeKey(ssl, DYNAMIC_TYPE_ECC, (void**)&ssl->eccTempKey);
wolfSSL 11:cee25a834751 4093 ssl->eccTempKeyPresent = 0;
wolfSSL 11:cee25a834751 4094 #endif /* HAVE_ECC */
wolfSSL 11:cee25a834751 4095 #ifndef NO_DH
wolfSSL 11:cee25a834751 4096 if (ssl->buffers.serverDH_Priv.buffer) {
wolfSSL 11:cee25a834751 4097 ForceZero(ssl->buffers.serverDH_Priv.buffer,
wolfSSL 11:cee25a834751 4098 ssl->buffers.serverDH_Priv.length);
wolfSSL 11:cee25a834751 4099 }
wolfSSL 11:cee25a834751 4100 XFREE(ssl->buffers.serverDH_Priv.buffer, ssl->heap, DYNAMIC_TYPE_DH_BUFFER);
wolfSSL 11:cee25a834751 4101 ssl->buffers.serverDH_Priv.buffer = NULL;
wolfSSL 11:cee25a834751 4102 XFREE(ssl->buffers.serverDH_Pub.buffer, ssl->heap, DYNAMIC_TYPE_DH_BUFFER);
wolfSSL 11:cee25a834751 4103 ssl->buffers.serverDH_Pub.buffer = NULL;
wolfSSL 11:cee25a834751 4104 /* parameters (p,g) may be owned by ctx */
wolfSSL 11:cee25a834751 4105 if (ssl->buffers.weOwnDH || ssl->options.side == WOLFSSL_CLIENT_END) {
wolfSSL 11:cee25a834751 4106 XFREE(ssl->buffers.serverDH_G.buffer, ssl->heap, DYNAMIC_TYPE_DH_BUFFER);
wolfSSL 11:cee25a834751 4107 ssl->buffers.serverDH_G.buffer = NULL;
wolfSSL 11:cee25a834751 4108 XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap, DYNAMIC_TYPE_DH_BUFFER);
wolfSSL 11:cee25a834751 4109 ssl->buffers.serverDH_P.buffer = NULL;
wolfSSL 11:cee25a834751 4110 }
wolfSSL 11:cee25a834751 4111 #endif /* !NO_DH */
wolfSSL 11:cee25a834751 4112 #ifndef NO_CERTS
wolfSSL 11:cee25a834751 4113 wolfSSL_UnloadCertsKeys(ssl);
wolfSSL 11:cee25a834751 4114 #endif
wolfSSL 11:cee25a834751 4115 #ifdef HAVE_PK_CALLBACKS
wolfSSL 11:cee25a834751 4116 #ifdef HAVE_ECC
wolfSSL 11:cee25a834751 4117 XFREE(ssl->buffers.peerEccDsaKey.buffer, ssl->heap, DYNAMIC_TYPE_ECC);
wolfSSL 11:cee25a834751 4118 ssl->buffers.peerEccDsaKey.buffer = NULL;
wolfSSL 11:cee25a834751 4119 #endif /* HAVE_ECC */
wolfSSL 11:cee25a834751 4120 #ifndef NO_RSA
wolfSSL 11:cee25a834751 4121 XFREE(ssl->buffers.peerRsaKey.buffer, ssl->heap, DYNAMIC_TYPE_RSA);
wolfSSL 11:cee25a834751 4122 ssl->buffers.peerRsaKey.buffer = NULL;
wolfSSL 11:cee25a834751 4123 #endif /* NO_RSA */
wolfSSL 11:cee25a834751 4124 #endif /* HAVE_PK_CALLBACKS */
wolfSSL 11:cee25a834751 4125
wolfSSL 11:cee25a834751 4126 #ifdef HAVE_QSH
wolfSSL 11:cee25a834751 4127 QSH_FreeAll(ssl);
wolfSSL 11:cee25a834751 4128 #endif
wolfSSL 11:cee25a834751 4129
wolfSSL 11:cee25a834751 4130 #ifdef HAVE_SESSION_TICKET
wolfSSL 11:cee25a834751 4131 if (ssl->session.isDynamic) {
wolfSSL 11:cee25a834751 4132 XFREE(ssl->session.ticket, ssl->heap, DYNAMIC_TYPE_SESSION_TICK);
wolfSSL 11:cee25a834751 4133 ssl->session.ticket = ssl->session.staticTicket;
wolfSSL 11:cee25a834751 4134 ssl->session.isDynamic = 0;
wolfSSL 11:cee25a834751 4135 ssl->session.ticketLen = 0;
wolfSSL 11:cee25a834751 4136 }
wolfSSL 11:cee25a834751 4137 #endif
wolfSSL 11:cee25a834751 4138
wolfSSL 11:cee25a834751 4139 #ifdef WOLFSSL_STATIC_MEMORY
wolfSSL 11:cee25a834751 4140 /* when done with handshake decrement current handshake count */
wolfSSL 11:cee25a834751 4141 if (ssl->heap != NULL) {
wolfSSL 11:cee25a834751 4142 #ifdef WOLFSSL_HEAP_TEST
wolfSSL 11:cee25a834751 4143 /* avoid dereferencing a test value */
wolfSSL 11:cee25a834751 4144 if (ssl->heap != (void*)WOLFSSL_HEAP_TEST) {
wolfSSL 11:cee25a834751 4145 #endif
wolfSSL 11:cee25a834751 4146 WOLFSSL_HEAP_HINT* ssl_hint = (WOLFSSL_HEAP_HINT*)ssl->heap;
wolfSSL 11:cee25a834751 4147 WOLFSSL_HEAP* ctx_heap;
wolfSSL 11:cee25a834751 4148
wolfSSL 11:cee25a834751 4149 ctx_heap = ssl_hint->memory;
wolfSSL 11:cee25a834751 4150 if (wc_LockMutex(&(ctx_heap->memory_mutex)) != 0) {
wolfSSL 11:cee25a834751 4151 WOLFSSL_MSG("Bad memory_mutex lock");
wolfSSL 11:cee25a834751 4152 }
wolfSSL 11:cee25a834751 4153 ctx_heap->curHa--;
wolfSSL 11:cee25a834751 4154 ssl_hint->haFlag = 0; /* set to zero since handshake has been dec */
wolfSSL 11:cee25a834751 4155 wc_UnLockMutex(&(ctx_heap->memory_mutex));
wolfSSL 11:cee25a834751 4156 #ifdef WOLFSSL_HEAP_TEST
wolfSSL 11:cee25a834751 4157 }
wolfSSL 11:cee25a834751 4158 #endif
wolfSSL 11:cee25a834751 4159 }
wolfSSL 11:cee25a834751 4160 #endif /* WOLFSSL_STATIC_MEMORY */
wolfSSL 11:cee25a834751 4161 }
wolfSSL 11:cee25a834751 4162
wolfSSL 11:cee25a834751 4163
wolfSSL 11:cee25a834751 4164 /* heap argument is the heap hint used when creating SSL */
wolfSSL 11:cee25a834751 4165 void FreeSSL(WOLFSSL* ssl, void* heap)
wolfSSL 11:cee25a834751 4166 {
wolfSSL 11:cee25a834751 4167 if (ssl->ctx) {
wolfSSL 11:cee25a834751 4168 FreeSSL_Ctx(ssl->ctx); /* will decrement and free underyling CTX if 0 */
wolfSSL 11:cee25a834751 4169 }
wolfSSL 11:cee25a834751 4170 SSL_ResourceFree(ssl);
wolfSSL 11:cee25a834751 4171 XFREE(ssl, heap, DYNAMIC_TYPE_SSL);
wolfSSL 11:cee25a834751 4172 (void)heap;
wolfSSL 11:cee25a834751 4173 }
wolfSSL 11:cee25a834751 4174
wolfSSL 11:cee25a834751 4175
wolfSSL 11:cee25a834751 4176 #if !defined(NO_OLD_TLS) || defined(HAVE_CHACHA) || defined(HAVE_AESCCM) \
wolfSSL 11:cee25a834751 4177 || defined(HAVE_AESGCM) || defined(WOLFSSL_DTLS)
wolfSSL 11:cee25a834751 4178 static INLINE void GetSEQIncrement(WOLFSSL* ssl, int verify, word32 seq[2])
wolfSSL 11:cee25a834751 4179 {
wolfSSL 11:cee25a834751 4180 if (verify) {
wolfSSL 11:cee25a834751 4181 seq[0] = ssl->keys.peer_sequence_number_hi;
wolfSSL 11:cee25a834751 4182 seq[1] = ssl->keys.peer_sequence_number_lo++;
wolfSSL 11:cee25a834751 4183 if (seq[1] > ssl->keys.peer_sequence_number_lo) {
wolfSSL 11:cee25a834751 4184 /* handle rollover */
wolfSSL 11:cee25a834751 4185 ssl->keys.peer_sequence_number_hi++;
wolfSSL 11:cee25a834751 4186 }
wolfSSL 11:cee25a834751 4187 }
wolfSSL 11:cee25a834751 4188 else {
wolfSSL 11:cee25a834751 4189 seq[0] = ssl->keys.sequence_number_hi;
wolfSSL 11:cee25a834751 4190 seq[1] = ssl->keys.sequence_number_lo++;
wolfSSL 11:cee25a834751 4191 if (seq[1] > ssl->keys.sequence_number_lo) {
wolfSSL 11:cee25a834751 4192 /* handle rollover */
wolfSSL 11:cee25a834751 4193 ssl->keys.sequence_number_hi++;
wolfSSL 11:cee25a834751 4194 }
wolfSSL 11:cee25a834751 4195 }
wolfSSL 11:cee25a834751 4196 }
wolfSSL 11:cee25a834751 4197
wolfSSL 11:cee25a834751 4198
wolfSSL 11:cee25a834751 4199 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 4200 static INLINE void DtlsGetSEQ(WOLFSSL* ssl, int order, word32 seq[2])
wolfSSL 11:cee25a834751 4201 {
wolfSSL 11:cee25a834751 4202 if (order == PREV_ORDER) {
wolfSSL 11:cee25a834751 4203 /* Previous epoch case */
wolfSSL 11:cee25a834751 4204 seq[0] = ((ssl->keys.dtls_epoch - 1) << 16) |
wolfSSL 11:cee25a834751 4205 (ssl->keys.dtls_prev_sequence_number_hi & 0xFFFF);
wolfSSL 11:cee25a834751 4206 seq[1] = ssl->keys.dtls_prev_sequence_number_lo;
wolfSSL 11:cee25a834751 4207 }
wolfSSL 11:cee25a834751 4208 else if (order == PEER_ORDER) {
wolfSSL 11:cee25a834751 4209 seq[0] = (ssl->keys.curEpoch << 16) |
wolfSSL 11:cee25a834751 4210 (ssl->keys.curSeq_hi & 0xFFFF);
wolfSSL 11:cee25a834751 4211 seq[1] = ssl->keys.curSeq_lo; /* explicit from peer */
wolfSSL 11:cee25a834751 4212 }
wolfSSL 11:cee25a834751 4213 else {
wolfSSL 11:cee25a834751 4214 seq[0] = (ssl->keys.dtls_epoch << 16) |
wolfSSL 11:cee25a834751 4215 (ssl->keys.dtls_sequence_number_hi & 0xFFFF);
wolfSSL 11:cee25a834751 4216 seq[1] = ssl->keys.dtls_sequence_number_lo;
wolfSSL 11:cee25a834751 4217 }
wolfSSL 11:cee25a834751 4218 }
wolfSSL 11:cee25a834751 4219
wolfSSL 11:cee25a834751 4220 static INLINE void DtlsSEQIncrement(WOLFSSL* ssl, int order)
wolfSSL 11:cee25a834751 4221 {
wolfSSL 11:cee25a834751 4222 word32 seq;
wolfSSL 11:cee25a834751 4223
wolfSSL 11:cee25a834751 4224 if (order == PREV_ORDER) {
wolfSSL 11:cee25a834751 4225 seq = ssl->keys.dtls_prev_sequence_number_lo++;
wolfSSL 11:cee25a834751 4226 if (seq > ssl->keys.dtls_prev_sequence_number_lo) {
wolfSSL 11:cee25a834751 4227 /* handle rollover */
wolfSSL 11:cee25a834751 4228 ssl->keys.dtls_prev_sequence_number_hi++;
wolfSSL 11:cee25a834751 4229 }
wolfSSL 11:cee25a834751 4230 }
wolfSSL 11:cee25a834751 4231 else if (order == PEER_ORDER) {
wolfSSL 11:cee25a834751 4232 seq = ssl->keys.peer_sequence_number_lo++;
wolfSSL 11:cee25a834751 4233 if (seq > ssl->keys.peer_sequence_number_lo) {
wolfSSL 11:cee25a834751 4234 /* handle rollover */
wolfSSL 11:cee25a834751 4235 ssl->keys.peer_sequence_number_hi++;
wolfSSL 11:cee25a834751 4236 }
wolfSSL 11:cee25a834751 4237 }
wolfSSL 11:cee25a834751 4238 else {
wolfSSL 11:cee25a834751 4239 seq = ssl->keys.dtls_sequence_number_lo++;
wolfSSL 11:cee25a834751 4240 if (seq > ssl->keys.dtls_sequence_number_lo) {
wolfSSL 11:cee25a834751 4241 /* handle rollover */
wolfSSL 11:cee25a834751 4242 ssl->keys.dtls_sequence_number_hi++;
wolfSSL 11:cee25a834751 4243 }
wolfSSL 11:cee25a834751 4244 }
wolfSSL 11:cee25a834751 4245 }
wolfSSL 11:cee25a834751 4246 #endif /* WOLFSSL_DTLS */
wolfSSL 11:cee25a834751 4247
wolfSSL 11:cee25a834751 4248
wolfSSL 11:cee25a834751 4249 static INLINE void WriteSEQ(WOLFSSL* ssl, int verifyOrder, byte* out)
wolfSSL 11:cee25a834751 4250 {
wolfSSL 11:cee25a834751 4251 word32 seq[2] = {0, 0};
wolfSSL 11:cee25a834751 4252
wolfSSL 11:cee25a834751 4253 if (!ssl->options.dtls) {
wolfSSL 11:cee25a834751 4254 GetSEQIncrement(ssl, verifyOrder, seq);
wolfSSL 11:cee25a834751 4255 }
wolfSSL 11:cee25a834751 4256 else {
wolfSSL 11:cee25a834751 4257 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 4258 DtlsGetSEQ(ssl, verifyOrder, seq);
wolfSSL 11:cee25a834751 4259 #endif
wolfSSL 11:cee25a834751 4260 }
wolfSSL 11:cee25a834751 4261
wolfSSL 11:cee25a834751 4262 c32toa(seq[0], out);
wolfSSL 11:cee25a834751 4263 c32toa(seq[1], out + OPAQUE32_LEN);
wolfSSL 11:cee25a834751 4264 }
wolfSSL 11:cee25a834751 4265 #endif
wolfSSL 11:cee25a834751 4266
wolfSSL 11:cee25a834751 4267
wolfSSL 11:cee25a834751 4268 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 4269
wolfSSL 11:cee25a834751 4270 /* functions for managing DTLS datagram reordering */
wolfSSL 11:cee25a834751 4271
wolfSSL 11:cee25a834751 4272 /* Need to allocate space for the handshake message header. The hashing
wolfSSL 11:cee25a834751 4273 * routines assume the message pointer is still within the buffer that
wolfSSL 11:cee25a834751 4274 * has the headers, and will include those headers in the hash. The store
wolfSSL 11:cee25a834751 4275 * routines need to take that into account as well. New will allocate
wolfSSL 11:cee25a834751 4276 * extra space for the headers. */
wolfSSL 11:cee25a834751 4277 DtlsMsg* DtlsMsgNew(word32 sz, void* heap)
wolfSSL 11:cee25a834751 4278 {
wolfSSL 11:cee25a834751 4279 DtlsMsg* msg = NULL;
wolfSSL 11:cee25a834751 4280
wolfSSL 11:cee25a834751 4281 (void)heap;
wolfSSL 11:cee25a834751 4282 msg = (DtlsMsg*)XMALLOC(sizeof(DtlsMsg), heap, DYNAMIC_TYPE_DTLS_MSG);
wolfSSL 11:cee25a834751 4283
wolfSSL 11:cee25a834751 4284 if (msg != NULL) {
wolfSSL 11:cee25a834751 4285 XMEMSET(msg, 0, sizeof(DtlsMsg));
wolfSSL 11:cee25a834751 4286 msg->buf = (byte*)XMALLOC(sz + DTLS_HANDSHAKE_HEADER_SZ,
wolfSSL 11:cee25a834751 4287 heap, DYNAMIC_TYPE_DTLS_BUFFER);
wolfSSL 11:cee25a834751 4288 if (msg->buf != NULL) {
wolfSSL 11:cee25a834751 4289 msg->sz = sz;
wolfSSL 11:cee25a834751 4290 msg->type = no_shake;
wolfSSL 11:cee25a834751 4291 msg->msg = msg->buf + DTLS_HANDSHAKE_HEADER_SZ;
wolfSSL 11:cee25a834751 4292 }
wolfSSL 11:cee25a834751 4293 else {
wolfSSL 11:cee25a834751 4294 XFREE(msg, heap, DYNAMIC_TYPE_DTLS_MSG);
wolfSSL 11:cee25a834751 4295 msg = NULL;
wolfSSL 11:cee25a834751 4296 }
wolfSSL 11:cee25a834751 4297 }
wolfSSL 11:cee25a834751 4298
wolfSSL 11:cee25a834751 4299 return msg;
wolfSSL 11:cee25a834751 4300 }
wolfSSL 11:cee25a834751 4301
wolfSSL 11:cee25a834751 4302 void DtlsMsgDelete(DtlsMsg* item, void* heap)
wolfSSL 11:cee25a834751 4303 {
wolfSSL 11:cee25a834751 4304 (void)heap;
wolfSSL 11:cee25a834751 4305
wolfSSL 11:cee25a834751 4306 if (item != NULL) {
wolfSSL 11:cee25a834751 4307 DtlsFrag* cur = item->fragList;
wolfSSL 11:cee25a834751 4308 while (cur != NULL) {
wolfSSL 11:cee25a834751 4309 DtlsFrag* next = cur->next;
wolfSSL 11:cee25a834751 4310 XFREE(cur, heap, DYNAMIC_TYPE_DTLS_FRAG);
wolfSSL 11:cee25a834751 4311 cur = next;
wolfSSL 11:cee25a834751 4312 }
wolfSSL 11:cee25a834751 4313 if (item->buf != NULL)
wolfSSL 11:cee25a834751 4314 XFREE(item->buf, heap, DYNAMIC_TYPE_DTLS_BUFFER);
wolfSSL 11:cee25a834751 4315 XFREE(item, heap, DYNAMIC_TYPE_DTLS_MSG);
wolfSSL 11:cee25a834751 4316 }
wolfSSL 11:cee25a834751 4317 }
wolfSSL 11:cee25a834751 4318
wolfSSL 11:cee25a834751 4319
wolfSSL 11:cee25a834751 4320 void DtlsMsgListDelete(DtlsMsg* head, void* heap)
wolfSSL 11:cee25a834751 4321 {
wolfSSL 11:cee25a834751 4322 DtlsMsg* next;
wolfSSL 11:cee25a834751 4323 while (head) {
wolfSSL 11:cee25a834751 4324 next = head->next;
wolfSSL 11:cee25a834751 4325 DtlsMsgDelete(head, heap);
wolfSSL 11:cee25a834751 4326 head = next;
wolfSSL 11:cee25a834751 4327 }
wolfSSL 11:cee25a834751 4328 }
wolfSSL 11:cee25a834751 4329
wolfSSL 11:cee25a834751 4330
wolfSSL 11:cee25a834751 4331 /* Create a DTLS Fragment from *begin - end, adjust new *begin and bytesLeft */
wolfSSL 11:cee25a834751 4332 static DtlsFrag* CreateFragment(word32* begin, word32 end, const byte* data,
wolfSSL 11:cee25a834751 4333 byte* buf, word32* bytesLeft, void* heap)
wolfSSL 11:cee25a834751 4334 {
wolfSSL 11:cee25a834751 4335 DtlsFrag* newFrag;
wolfSSL 11:cee25a834751 4336 word32 added = end - *begin + 1;
wolfSSL 11:cee25a834751 4337
wolfSSL 11:cee25a834751 4338 (void)heap;
wolfSSL 11:cee25a834751 4339 newFrag = (DtlsFrag*)XMALLOC(sizeof(DtlsFrag), heap,
wolfSSL 11:cee25a834751 4340 DYNAMIC_TYPE_DTLS_FRAG);
wolfSSL 11:cee25a834751 4341 if (newFrag != NULL) {
wolfSSL 11:cee25a834751 4342 newFrag->next = NULL;
wolfSSL 11:cee25a834751 4343 newFrag->begin = *begin;
wolfSSL 11:cee25a834751 4344 newFrag->end = end;
wolfSSL 11:cee25a834751 4345
wolfSSL 11:cee25a834751 4346 XMEMCPY(buf + *begin, data, added);
wolfSSL 11:cee25a834751 4347 *bytesLeft -= added;
wolfSSL 11:cee25a834751 4348 *begin = newFrag->end + 1;
wolfSSL 11:cee25a834751 4349 }
wolfSSL 11:cee25a834751 4350
wolfSSL 11:cee25a834751 4351 return newFrag;
wolfSSL 11:cee25a834751 4352 }
wolfSSL 11:cee25a834751 4353
wolfSSL 11:cee25a834751 4354
wolfSSL 11:cee25a834751 4355 int DtlsMsgSet(DtlsMsg* msg, word32 seq, const byte* data, byte type,
wolfSSL 11:cee25a834751 4356 word32 fragOffset, word32 fragSz, void* heap)
wolfSSL 11:cee25a834751 4357 {
wolfSSL 11:cee25a834751 4358 if (msg != NULL && data != NULL && msg->fragSz <= msg->sz &&
wolfSSL 11:cee25a834751 4359 (fragOffset + fragSz) <= msg->sz) {
wolfSSL 11:cee25a834751 4360 DtlsFrag* cur = msg->fragList;
wolfSSL 11:cee25a834751 4361 DtlsFrag* prev = cur;
wolfSSL 11:cee25a834751 4362 DtlsFrag* newFrag;
wolfSSL 11:cee25a834751 4363 word32 bytesLeft = fragSz; /* could be overlapping fragment */
wolfSSL 11:cee25a834751 4364 word32 startOffset = fragOffset;
wolfSSL 11:cee25a834751 4365 word32 added;
wolfSSL 11:cee25a834751 4366
wolfSSL 11:cee25a834751 4367 msg->seq = seq;
wolfSSL 11:cee25a834751 4368 msg->type = type;
wolfSSL 11:cee25a834751 4369
wolfSSL 11:cee25a834751 4370 if (fragOffset == 0) {
wolfSSL 11:cee25a834751 4371 XMEMCPY(msg->buf, data - DTLS_HANDSHAKE_HEADER_SZ,
wolfSSL 11:cee25a834751 4372 DTLS_HANDSHAKE_HEADER_SZ);
wolfSSL 11:cee25a834751 4373 c32to24(msg->sz, msg->msg - DTLS_HANDSHAKE_FRAG_SZ);
wolfSSL 11:cee25a834751 4374 }
wolfSSL 11:cee25a834751 4375
wolfSSL 11:cee25a834751 4376 /* if no mesage data, just return */
wolfSSL 11:cee25a834751 4377 if (fragSz == 0)
wolfSSL 11:cee25a834751 4378 return 0;
wolfSSL 11:cee25a834751 4379
wolfSSL 11:cee25a834751 4380 /* if list is empty add full fragment to front */
wolfSSL 11:cee25a834751 4381 if (cur == NULL) {
wolfSSL 11:cee25a834751 4382 newFrag = CreateFragment(&fragOffset, fragOffset + fragSz - 1, data,
wolfSSL 11:cee25a834751 4383 msg->msg, &bytesLeft, heap);
wolfSSL 11:cee25a834751 4384 if (newFrag == NULL)
wolfSSL 11:cee25a834751 4385 return MEMORY_E;
wolfSSL 11:cee25a834751 4386
wolfSSL 11:cee25a834751 4387 msg->fragSz = fragSz;
wolfSSL 11:cee25a834751 4388 msg->fragList = newFrag;
wolfSSL 11:cee25a834751 4389
wolfSSL 11:cee25a834751 4390 return 0;
wolfSSL 11:cee25a834751 4391 }
wolfSSL 11:cee25a834751 4392
wolfSSL 11:cee25a834751 4393 /* add to front if before current front, up to next->begin */
wolfSSL 11:cee25a834751 4394 if (fragOffset < cur->begin) {
wolfSSL 11:cee25a834751 4395 word32 end = fragOffset + fragSz - 1;
wolfSSL 11:cee25a834751 4396
wolfSSL 11:cee25a834751 4397 if (end >= cur->begin)
wolfSSL 11:cee25a834751 4398 end = cur->begin - 1;
wolfSSL 11:cee25a834751 4399
wolfSSL 11:cee25a834751 4400 added = end - fragOffset + 1;
wolfSSL 11:cee25a834751 4401 newFrag = CreateFragment(&fragOffset, end, data, msg->msg,
wolfSSL 11:cee25a834751 4402 &bytesLeft, heap);
wolfSSL 11:cee25a834751 4403 if (newFrag == NULL)
wolfSSL 11:cee25a834751 4404 return MEMORY_E;
wolfSSL 11:cee25a834751 4405
wolfSSL 11:cee25a834751 4406 msg->fragSz += added;
wolfSSL 11:cee25a834751 4407
wolfSSL 11:cee25a834751 4408 newFrag->next = cur;
wolfSSL 11:cee25a834751 4409 msg->fragList = newFrag;
wolfSSL 11:cee25a834751 4410 }
wolfSSL 11:cee25a834751 4411
wolfSSL 11:cee25a834751 4412 /* while we have bytes left, try to find a gap to fill */
wolfSSL 11:cee25a834751 4413 while (bytesLeft > 0) {
wolfSSL 11:cee25a834751 4414 /* get previous packet in list */
wolfSSL 11:cee25a834751 4415 while (cur && (fragOffset >= cur->begin)) {
wolfSSL 11:cee25a834751 4416 prev = cur;
wolfSSL 11:cee25a834751 4417 cur = cur->next;
wolfSSL 11:cee25a834751 4418 }
wolfSSL 11:cee25a834751 4419
wolfSSL 11:cee25a834751 4420 /* don't add duplicate data */
wolfSSL 11:cee25a834751 4421 if (prev->end >= fragOffset) {
wolfSSL 11:cee25a834751 4422 if ( (fragOffset + bytesLeft - 1) <= prev->end)
wolfSSL 11:cee25a834751 4423 return 0;
wolfSSL 11:cee25a834751 4424 fragOffset = prev->end + 1;
wolfSSL 11:cee25a834751 4425 bytesLeft = startOffset + fragSz - fragOffset;
wolfSSL 11:cee25a834751 4426 }
wolfSSL 11:cee25a834751 4427
wolfSSL 11:cee25a834751 4428 if (cur == NULL)
wolfSSL 11:cee25a834751 4429 /* we're at the end */
wolfSSL 11:cee25a834751 4430 added = bytesLeft;
wolfSSL 11:cee25a834751 4431 else
wolfSSL 11:cee25a834751 4432 /* we're in between two frames */
wolfSSL 11:cee25a834751 4433 added = min(bytesLeft, cur->begin - fragOffset);
wolfSSL 11:cee25a834751 4434
wolfSSL 11:cee25a834751 4435 /* data already there */
wolfSSL 11:cee25a834751 4436 if (added == 0)
wolfSSL 11:cee25a834751 4437 continue;
wolfSSL 11:cee25a834751 4438
wolfSSL 11:cee25a834751 4439 newFrag = CreateFragment(&fragOffset, fragOffset + added - 1,
wolfSSL 11:cee25a834751 4440 data + fragOffset - startOffset,
wolfSSL 11:cee25a834751 4441 msg->msg, &bytesLeft, heap);
wolfSSL 11:cee25a834751 4442 if (newFrag == NULL)
wolfSSL 11:cee25a834751 4443 return MEMORY_E;
wolfSSL 11:cee25a834751 4444
wolfSSL 11:cee25a834751 4445 msg->fragSz += added;
wolfSSL 11:cee25a834751 4446
wolfSSL 11:cee25a834751 4447 newFrag->next = prev->next;
wolfSSL 11:cee25a834751 4448 prev->next = newFrag;
wolfSSL 11:cee25a834751 4449 }
wolfSSL 11:cee25a834751 4450 }
wolfSSL 11:cee25a834751 4451
wolfSSL 11:cee25a834751 4452 return 0;
wolfSSL 11:cee25a834751 4453 }
wolfSSL 11:cee25a834751 4454
wolfSSL 11:cee25a834751 4455
wolfSSL 11:cee25a834751 4456 DtlsMsg* DtlsMsgFind(DtlsMsg* head, word32 seq)
wolfSSL 11:cee25a834751 4457 {
wolfSSL 11:cee25a834751 4458 while (head != NULL && head->seq != seq) {
wolfSSL 11:cee25a834751 4459 head = head->next;
wolfSSL 11:cee25a834751 4460 }
wolfSSL 11:cee25a834751 4461 return head;
wolfSSL 11:cee25a834751 4462 }
wolfSSL 11:cee25a834751 4463
wolfSSL 11:cee25a834751 4464
wolfSSL 11:cee25a834751 4465 void DtlsMsgStore(WOLFSSL* ssl, word32 seq, const byte* data,
wolfSSL 11:cee25a834751 4466 word32 dataSz, byte type, word32 fragOffset, word32 fragSz, void* heap)
wolfSSL 11:cee25a834751 4467 {
wolfSSL 11:cee25a834751 4468 /* See if seq exists in the list. If it isn't in the list, make
wolfSSL 11:cee25a834751 4469 * a new item of size dataSz, copy fragSz bytes from data to msg->msg
wolfSSL 11:cee25a834751 4470 * starting at offset fragOffset, and add fragSz to msg->fragSz. If
wolfSSL 11:cee25a834751 4471 * the seq is in the list and it isn't full, copy fragSz bytes from
wolfSSL 11:cee25a834751 4472 * data to msg->msg starting at offset fragOffset, and add fragSz to
wolfSSL 11:cee25a834751 4473 * msg->fragSz. Insertions take into account data already in the list
wolfSSL 11:cee25a834751 4474 * in case there are overlaps in the handshake message due to retransmit
wolfSSL 11:cee25a834751 4475 * messages. The new item should be inserted into the list in its
wolfSSL 11:cee25a834751 4476 * proper position.
wolfSSL 11:cee25a834751 4477 *
wolfSSL 11:cee25a834751 4478 * 1. Find seq in list, or where seq should go in list. If seq not in
wolfSSL 11:cee25a834751 4479 * list, create new item and insert into list. Either case, keep
wolfSSL 11:cee25a834751 4480 * pointer to item.
wolfSSL 11:cee25a834751 4481 * 2. Copy the data from the message to the stored message where it
wolfSSL 11:cee25a834751 4482 * belongs without overlaps.
wolfSSL 11:cee25a834751 4483 */
wolfSSL 11:cee25a834751 4484
wolfSSL 11:cee25a834751 4485 DtlsMsg* head = ssl->dtls_rx_msg_list;
wolfSSL 11:cee25a834751 4486
wolfSSL 11:cee25a834751 4487 if (head != NULL) {
wolfSSL 11:cee25a834751 4488 DtlsMsg* cur = DtlsMsgFind(head, seq);
wolfSSL 11:cee25a834751 4489 if (cur == NULL) {
wolfSSL 11:cee25a834751 4490 cur = DtlsMsgNew(dataSz, heap);
wolfSSL 11:cee25a834751 4491 if (cur != NULL) {
wolfSSL 11:cee25a834751 4492 if (DtlsMsgSet(cur, seq, data, type,
wolfSSL 11:cee25a834751 4493 fragOffset, fragSz, heap) < 0) {
wolfSSL 11:cee25a834751 4494 DtlsMsgDelete(cur, heap);
wolfSSL 11:cee25a834751 4495 }
wolfSSL 11:cee25a834751 4496 else {
wolfSSL 11:cee25a834751 4497 ssl->dtls_rx_msg_list_sz++;
wolfSSL 11:cee25a834751 4498 head = DtlsMsgInsert(head, cur);
wolfSSL 11:cee25a834751 4499 }
wolfSSL 11:cee25a834751 4500 }
wolfSSL 11:cee25a834751 4501 }
wolfSSL 11:cee25a834751 4502 else {
wolfSSL 11:cee25a834751 4503 /* If this fails, the data is just dropped. */
wolfSSL 11:cee25a834751 4504 DtlsMsgSet(cur, seq, data, type, fragOffset, fragSz, heap);
wolfSSL 11:cee25a834751 4505 }
wolfSSL 11:cee25a834751 4506 }
wolfSSL 11:cee25a834751 4507 else {
wolfSSL 11:cee25a834751 4508 head = DtlsMsgNew(dataSz, heap);
wolfSSL 11:cee25a834751 4509 if (DtlsMsgSet(head, seq, data, type, fragOffset, fragSz, heap) < 0) {
wolfSSL 11:cee25a834751 4510 DtlsMsgDelete(head, heap);
wolfSSL 11:cee25a834751 4511 head = NULL;
wolfSSL 11:cee25a834751 4512 }
wolfSSL 11:cee25a834751 4513 else {
wolfSSL 11:cee25a834751 4514 ssl->dtls_rx_msg_list_sz++;
wolfSSL 11:cee25a834751 4515 }
wolfSSL 11:cee25a834751 4516 }
wolfSSL 11:cee25a834751 4517
wolfSSL 11:cee25a834751 4518 ssl->dtls_rx_msg_list = head;
wolfSSL 11:cee25a834751 4519 }
wolfSSL 11:cee25a834751 4520
wolfSSL 11:cee25a834751 4521
wolfSSL 11:cee25a834751 4522 /* DtlsMsgInsert() is an in-order insert. */
wolfSSL 11:cee25a834751 4523 DtlsMsg* DtlsMsgInsert(DtlsMsg* head, DtlsMsg* item)
wolfSSL 11:cee25a834751 4524 {
wolfSSL 11:cee25a834751 4525 if (head == NULL || item->seq < head->seq) {
wolfSSL 11:cee25a834751 4526 item->next = head;
wolfSSL 11:cee25a834751 4527 head = item;
wolfSSL 11:cee25a834751 4528 }
wolfSSL 11:cee25a834751 4529 else if (head->next == NULL) {
wolfSSL 11:cee25a834751 4530 head->next = item;
wolfSSL 11:cee25a834751 4531 }
wolfSSL 11:cee25a834751 4532 else {
wolfSSL 11:cee25a834751 4533 DtlsMsg* cur = head->next;
wolfSSL 11:cee25a834751 4534 DtlsMsg* prev = head;
wolfSSL 11:cee25a834751 4535 while (cur) {
wolfSSL 11:cee25a834751 4536 if (item->seq < cur->seq) {
wolfSSL 11:cee25a834751 4537 item->next = cur;
wolfSSL 11:cee25a834751 4538 prev->next = item;
wolfSSL 11:cee25a834751 4539 break;
wolfSSL 11:cee25a834751 4540 }
wolfSSL 11:cee25a834751 4541 prev = cur;
wolfSSL 11:cee25a834751 4542 cur = cur->next;
wolfSSL 11:cee25a834751 4543 }
wolfSSL 11:cee25a834751 4544 if (cur == NULL) {
wolfSSL 11:cee25a834751 4545 prev->next = item;
wolfSSL 11:cee25a834751 4546 }
wolfSSL 11:cee25a834751 4547 }
wolfSSL 11:cee25a834751 4548
wolfSSL 11:cee25a834751 4549 return head;
wolfSSL 11:cee25a834751 4550 }
wolfSSL 11:cee25a834751 4551
wolfSSL 11:cee25a834751 4552
wolfSSL 11:cee25a834751 4553 /* DtlsMsgPoolSave() adds the message to the end of the stored transmit list. */
wolfSSL 11:cee25a834751 4554 int DtlsMsgPoolSave(WOLFSSL* ssl, const byte* data, word32 dataSz)
wolfSSL 11:cee25a834751 4555 {
wolfSSL 11:cee25a834751 4556 DtlsMsg* item;
wolfSSL 11:cee25a834751 4557 int ret = 0;
wolfSSL 11:cee25a834751 4558
wolfSSL 11:cee25a834751 4559 if (ssl->dtls_tx_msg_list_sz > DTLS_POOL_SZ)
wolfSSL 11:cee25a834751 4560 return DTLS_POOL_SZ_E;
wolfSSL 11:cee25a834751 4561
wolfSSL 11:cee25a834751 4562 item = DtlsMsgNew(dataSz, ssl->heap);
wolfSSL 11:cee25a834751 4563
wolfSSL 11:cee25a834751 4564 if (item != NULL) {
wolfSSL 11:cee25a834751 4565 DtlsMsg* cur = ssl->dtls_tx_msg_list;
wolfSSL 11:cee25a834751 4566
wolfSSL 11:cee25a834751 4567 XMEMCPY(item->buf, data, dataSz);
wolfSSL 11:cee25a834751 4568 item->sz = dataSz;
wolfSSL 11:cee25a834751 4569 item->seq = ssl->keys.dtls_epoch;
wolfSSL 11:cee25a834751 4570
wolfSSL 11:cee25a834751 4571 if (cur == NULL)
wolfSSL 11:cee25a834751 4572 ssl->dtls_tx_msg_list = item;
wolfSSL 11:cee25a834751 4573 else {
wolfSSL 11:cee25a834751 4574 while (cur->next)
wolfSSL 11:cee25a834751 4575 cur = cur->next;
wolfSSL 11:cee25a834751 4576 cur->next = item;
wolfSSL 11:cee25a834751 4577 }
wolfSSL 11:cee25a834751 4578 ssl->dtls_tx_msg_list_sz++;
wolfSSL 11:cee25a834751 4579 }
wolfSSL 11:cee25a834751 4580 else
wolfSSL 11:cee25a834751 4581 ret = MEMORY_E;
wolfSSL 11:cee25a834751 4582
wolfSSL 11:cee25a834751 4583 return ret;
wolfSSL 11:cee25a834751 4584 }
wolfSSL 11:cee25a834751 4585
wolfSSL 11:cee25a834751 4586
wolfSSL 11:cee25a834751 4587 /* DtlsMsgPoolTimeout() updates the timeout time. */
wolfSSL 11:cee25a834751 4588 int DtlsMsgPoolTimeout(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 4589 {
wolfSSL 11:cee25a834751 4590 int result = -1;
wolfSSL 11:cee25a834751 4591 if (ssl->dtls_timeout < ssl->dtls_timeout_max) {
wolfSSL 11:cee25a834751 4592 ssl->dtls_timeout *= DTLS_TIMEOUT_MULTIPLIER;
wolfSSL 11:cee25a834751 4593 result = 0;
wolfSSL 11:cee25a834751 4594 }
wolfSSL 11:cee25a834751 4595 return result;
wolfSSL 11:cee25a834751 4596 }
wolfSSL 11:cee25a834751 4597
wolfSSL 11:cee25a834751 4598
wolfSSL 11:cee25a834751 4599 /* DtlsMsgPoolReset() deletes the stored transmit list and resets the timeout
wolfSSL 11:cee25a834751 4600 * value. */
wolfSSL 11:cee25a834751 4601 void DtlsMsgPoolReset(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 4602 {
wolfSSL 11:cee25a834751 4603 if (ssl->dtls_tx_msg_list) {
wolfSSL 11:cee25a834751 4604 DtlsMsgListDelete(ssl->dtls_tx_msg_list, ssl->heap);
wolfSSL 11:cee25a834751 4605 ssl->dtls_tx_msg_list = NULL;
wolfSSL 11:cee25a834751 4606 ssl->dtls_tx_msg_list_sz = 0;
wolfSSL 11:cee25a834751 4607 ssl->dtls_timeout = ssl->dtls_timeout_init;
wolfSSL 11:cee25a834751 4608 }
wolfSSL 11:cee25a834751 4609 }
wolfSSL 11:cee25a834751 4610
wolfSSL 11:cee25a834751 4611
wolfSSL 11:cee25a834751 4612 int VerifyForDtlsMsgPoolSend(WOLFSSL* ssl, byte type, word32 fragOffset)
wolfSSL 11:cee25a834751 4613 {
wolfSSL 11:cee25a834751 4614 /**
wolfSSL 11:cee25a834751 4615 * only the first message from previous flight should be valid
wolfSSL 11:cee25a834751 4616 * to be used for triggering retransmission of whole DtlsMsgPool.
wolfSSL 11:cee25a834751 4617 * change cipher suite type is not verified here
wolfSSL 11:cee25a834751 4618 */
wolfSSL 11:cee25a834751 4619 return ((fragOffset == 0) &&
wolfSSL 11:cee25a834751 4620 (((ssl->options.side == WOLFSSL_SERVER_END) &&
wolfSSL 11:cee25a834751 4621 ((type == client_hello) ||
wolfSSL 11:cee25a834751 4622 ((ssl->options.verifyPeer) && (type == certificate)) ||
wolfSSL 11:cee25a834751 4623 ((!ssl->options.verifyPeer) && (type == client_key_exchange)))) ||
wolfSSL 11:cee25a834751 4624 ((ssl->options.side == WOLFSSL_CLIENT_END) &&
wolfSSL 11:cee25a834751 4625 (type == server_hello))));
wolfSSL 11:cee25a834751 4626 }
wolfSSL 11:cee25a834751 4627
wolfSSL 11:cee25a834751 4628
wolfSSL 11:cee25a834751 4629 /* DtlsMsgPoolSend() will send the stored transmit list. The stored list is
wolfSSL 11:cee25a834751 4630 * updated with new sequence numbers, and will be re-encrypted if needed. */
wolfSSL 11:cee25a834751 4631 int DtlsMsgPoolSend(WOLFSSL* ssl, int sendOnlyFirstPacket)
wolfSSL 11:cee25a834751 4632 {
wolfSSL 11:cee25a834751 4633 int ret = 0;
wolfSSL 11:cee25a834751 4634 DtlsMsg* pool = ssl->dtls_tx_msg_list;
wolfSSL 11:cee25a834751 4635
wolfSSL 11:cee25a834751 4636 if (pool != NULL) {
wolfSSL 11:cee25a834751 4637
wolfSSL 11:cee25a834751 4638 while (pool != NULL) {
wolfSSL 11:cee25a834751 4639 if (pool->seq == 0) {
wolfSSL 11:cee25a834751 4640 DtlsRecordLayerHeader* dtls;
wolfSSL 11:cee25a834751 4641 int epochOrder;
wolfSSL 11:cee25a834751 4642
wolfSSL 11:cee25a834751 4643 dtls = (DtlsRecordLayerHeader*)pool->buf;
wolfSSL 11:cee25a834751 4644 /* If the stored record's epoch is 0, and the currently set
wolfSSL 11:cee25a834751 4645 * epoch is 0, use the "current order" sequence number.
wolfSSL 11:cee25a834751 4646 * If the stored record's epoch is 0 and the currently set
wolfSSL 11:cee25a834751 4647 * epoch is not 0, the stored record is considered a "previous
wolfSSL 11:cee25a834751 4648 * order" sequence number. */
wolfSSL 11:cee25a834751 4649 epochOrder = (ssl->keys.dtls_epoch == 0) ?
wolfSSL 11:cee25a834751 4650 CUR_ORDER : PREV_ORDER;
wolfSSL 11:cee25a834751 4651
wolfSSL 11:cee25a834751 4652 WriteSEQ(ssl, epochOrder, dtls->sequence_number);
wolfSSL 11:cee25a834751 4653 DtlsSEQIncrement(ssl, epochOrder);
wolfSSL 11:cee25a834751 4654 if ((ret = CheckAvailableSize(ssl, pool->sz)) != 0)
wolfSSL 11:cee25a834751 4655 return ret;
wolfSSL 11:cee25a834751 4656
wolfSSL 11:cee25a834751 4657 XMEMCPY(ssl->buffers.outputBuffer.buffer,
wolfSSL 11:cee25a834751 4658 pool->buf, pool->sz);
wolfSSL 11:cee25a834751 4659 ssl->buffers.outputBuffer.idx = 0;
wolfSSL 11:cee25a834751 4660 ssl->buffers.outputBuffer.length = pool->sz;
wolfSSL 11:cee25a834751 4661 }
wolfSSL 11:cee25a834751 4662 else if (pool->seq == ssl->keys.dtls_epoch) {
wolfSSL 11:cee25a834751 4663 byte* input;
wolfSSL 11:cee25a834751 4664 byte* output;
wolfSSL 11:cee25a834751 4665 int inputSz, sendSz;
wolfSSL 11:cee25a834751 4666
wolfSSL 11:cee25a834751 4667 input = pool->buf;
wolfSSL 11:cee25a834751 4668 inputSz = pool->sz;
wolfSSL 11:cee25a834751 4669 sendSz = inputSz + MAX_MSG_EXTRA;
wolfSSL 11:cee25a834751 4670
wolfSSL 11:cee25a834751 4671 if ((ret = CheckAvailableSize(ssl, sendSz)) != 0)
wolfSSL 11:cee25a834751 4672 return ret;
wolfSSL 11:cee25a834751 4673
wolfSSL 11:cee25a834751 4674 output = ssl->buffers.outputBuffer.buffer +
wolfSSL 11:cee25a834751 4675 ssl->buffers.outputBuffer.length;
wolfSSL 11:cee25a834751 4676 sendSz = BuildMessage(ssl, output, sendSz, input, inputSz,
wolfSSL 11:cee25a834751 4677 handshake, 0, 0, 0);
wolfSSL 11:cee25a834751 4678 if (sendSz < 0)
wolfSSL 11:cee25a834751 4679 return BUILD_MSG_ERROR;
wolfSSL 11:cee25a834751 4680
wolfSSL 11:cee25a834751 4681 ssl->buffers.outputBuffer.length += sendSz;
wolfSSL 11:cee25a834751 4682 }
wolfSSL 11:cee25a834751 4683
wolfSSL 11:cee25a834751 4684 ret = SendBuffered(ssl);
wolfSSL 11:cee25a834751 4685 if (ret < 0) {
wolfSSL 11:cee25a834751 4686 return ret;
wolfSSL 11:cee25a834751 4687 }
wolfSSL 11:cee25a834751 4688
wolfSSL 11:cee25a834751 4689 /**
wolfSSL 11:cee25a834751 4690 * on server side, retranmission is being triggered only by sending
wolfSSL 11:cee25a834751 4691 * first message of given flight, in order to trigger client
wolfSSL 11:cee25a834751 4692 * to retransmit its whole flight. Sending the whole previous flight
wolfSSL 11:cee25a834751 4693 * could lead to retranmission of previous client flight for each
wolfSSL 11:cee25a834751 4694 * server message from previous flight. Therefore one message should
wolfSSL 11:cee25a834751 4695 * be enough to do the trick.
wolfSSL 11:cee25a834751 4696 */
wolfSSL 11:cee25a834751 4697 if (sendOnlyFirstPacket &&
wolfSSL 11:cee25a834751 4698 ssl->options.side == WOLFSSL_SERVER_END) {
wolfSSL 11:cee25a834751 4699
wolfSSL 11:cee25a834751 4700 pool = NULL;
wolfSSL 11:cee25a834751 4701 }
wolfSSL 11:cee25a834751 4702 else
wolfSSL 11:cee25a834751 4703 pool = pool->next;
wolfSSL 11:cee25a834751 4704 }
wolfSSL 11:cee25a834751 4705 }
wolfSSL 11:cee25a834751 4706
wolfSSL 11:cee25a834751 4707 return ret;
wolfSSL 11:cee25a834751 4708 }
wolfSSL 11:cee25a834751 4709
wolfSSL 11:cee25a834751 4710 #endif /* WOLFSSL_DTLS */
wolfSSL 11:cee25a834751 4711
wolfSSL 11:cee25a834751 4712 #if defined(WOLFSSL_ALLOW_SSLV3) && !defined(NO_OLD_TLS)
wolfSSL 11:cee25a834751 4713
wolfSSL 11:cee25a834751 4714 ProtocolVersion MakeSSLv3(void)
wolfSSL 11:cee25a834751 4715 {
wolfSSL 11:cee25a834751 4716 ProtocolVersion pv;
wolfSSL 11:cee25a834751 4717 pv.major = SSLv3_MAJOR;
wolfSSL 11:cee25a834751 4718 pv.minor = SSLv3_MINOR;
wolfSSL 11:cee25a834751 4719
wolfSSL 11:cee25a834751 4720 return pv;
wolfSSL 11:cee25a834751 4721 }
wolfSSL 11:cee25a834751 4722
wolfSSL 11:cee25a834751 4723 #endif /* WOLFSSL_ALLOW_SSLV3 && !NO_OLD_TLS */
wolfSSL 11:cee25a834751 4724
wolfSSL 11:cee25a834751 4725
wolfSSL 11:cee25a834751 4726 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 4727
wolfSSL 11:cee25a834751 4728 ProtocolVersion MakeDTLSv1(void)
wolfSSL 11:cee25a834751 4729 {
wolfSSL 11:cee25a834751 4730 ProtocolVersion pv;
wolfSSL 11:cee25a834751 4731 pv.major = DTLS_MAJOR;
wolfSSL 11:cee25a834751 4732 pv.minor = DTLS_MINOR;
wolfSSL 11:cee25a834751 4733
wolfSSL 11:cee25a834751 4734 return pv;
wolfSSL 11:cee25a834751 4735 }
wolfSSL 11:cee25a834751 4736
wolfSSL 11:cee25a834751 4737 ProtocolVersion MakeDTLSv1_2(void)
wolfSSL 11:cee25a834751 4738 {
wolfSSL 11:cee25a834751 4739 ProtocolVersion pv;
wolfSSL 11:cee25a834751 4740 pv.major = DTLS_MAJOR;
wolfSSL 11:cee25a834751 4741 pv.minor = DTLSv1_2_MINOR;
wolfSSL 11:cee25a834751 4742
wolfSSL 11:cee25a834751 4743 return pv;
wolfSSL 11:cee25a834751 4744 }
wolfSSL 11:cee25a834751 4745
wolfSSL 11:cee25a834751 4746 #endif /* WOLFSSL_DTLS */
wolfSSL 11:cee25a834751 4747
wolfSSL 11:cee25a834751 4748
wolfSSL 11:cee25a834751 4749
wolfSSL 11:cee25a834751 4750
wolfSSL 11:cee25a834751 4751 #if defined(USER_TICKS)
wolfSSL 11:cee25a834751 4752 #if 0
wolfSSL 11:cee25a834751 4753 word32 LowResTimer(void)
wolfSSL 11:cee25a834751 4754 {
wolfSSL 11:cee25a834751 4755 /*
wolfSSL 11:cee25a834751 4756 write your own clock tick function if don't want time(0)
wolfSSL 11:cee25a834751 4757 needs second accuracy but doesn't have to correlated to EPOCH
wolfSSL 11:cee25a834751 4758 */
wolfSSL 11:cee25a834751 4759 }
wolfSSL 11:cee25a834751 4760 #endif
wolfSSL 11:cee25a834751 4761
wolfSSL 11:cee25a834751 4762 #elif defined(TIME_OVERRIDES)
wolfSSL 11:cee25a834751 4763
wolfSSL 11:cee25a834751 4764 /* use same asn time overrides unless user wants tick override above */
wolfSSL 11:cee25a834751 4765
wolfSSL 11:cee25a834751 4766 #ifndef HAVE_TIME_T_TYPE
wolfSSL 11:cee25a834751 4767 typedef long time_t;
wolfSSL 11:cee25a834751 4768 #endif
wolfSSL 11:cee25a834751 4769 extern time_t XTIME(time_t * timer);
wolfSSL 11:cee25a834751 4770
wolfSSL 11:cee25a834751 4771 word32 LowResTimer(void)
wolfSSL 11:cee25a834751 4772 {
wolfSSL 11:cee25a834751 4773 return (word32) XTIME(0);
wolfSSL 11:cee25a834751 4774 }
wolfSSL 11:cee25a834751 4775
wolfSSL 11:cee25a834751 4776 #elif defined(USE_WINDOWS_API)
wolfSSL 11:cee25a834751 4777
wolfSSL 11:cee25a834751 4778 word32 LowResTimer(void)
wolfSSL 11:cee25a834751 4779 {
wolfSSL 11:cee25a834751 4780 static int init = 0;
wolfSSL 11:cee25a834751 4781 static LARGE_INTEGER freq;
wolfSSL 11:cee25a834751 4782 LARGE_INTEGER count;
wolfSSL 11:cee25a834751 4783
wolfSSL 11:cee25a834751 4784 if (!init) {
wolfSSL 11:cee25a834751 4785 QueryPerformanceFrequency(&freq);
wolfSSL 11:cee25a834751 4786 init = 1;
wolfSSL 11:cee25a834751 4787 }
wolfSSL 11:cee25a834751 4788
wolfSSL 11:cee25a834751 4789 QueryPerformanceCounter(&count);
wolfSSL 11:cee25a834751 4790
wolfSSL 11:cee25a834751 4791 return (word32)(count.QuadPart / freq.QuadPart);
wolfSSL 11:cee25a834751 4792 }
wolfSSL 11:cee25a834751 4793
wolfSSL 11:cee25a834751 4794 #elif defined(HAVE_RTP_SYS)
wolfSSL 11:cee25a834751 4795
wolfSSL 11:cee25a834751 4796 #include "rtptime.h"
wolfSSL 11:cee25a834751 4797
wolfSSL 11:cee25a834751 4798 word32 LowResTimer(void)
wolfSSL 11:cee25a834751 4799 {
wolfSSL 11:cee25a834751 4800 return (word32)rtp_get_system_sec();
wolfSSL 11:cee25a834751 4801 }
wolfSSL 11:cee25a834751 4802
wolfSSL 11:cee25a834751 4803
wolfSSL 11:cee25a834751 4804 #elif defined(MICRIUM)
wolfSSL 11:cee25a834751 4805
wolfSSL 11:cee25a834751 4806 word32 LowResTimer(void)
wolfSSL 11:cee25a834751 4807 {
wolfSSL 11:cee25a834751 4808 NET_SECURE_OS_TICK clk = 0;
wolfSSL 11:cee25a834751 4809
wolfSSL 11:cee25a834751 4810 #if (NET_SECURE_MGR_CFG_EN == DEF_ENABLED)
wolfSSL 11:cee25a834751 4811 clk = NetSecure_OS_TimeGet();
wolfSSL 11:cee25a834751 4812 #endif
wolfSSL 11:cee25a834751 4813 return (word32)clk;
wolfSSL 11:cee25a834751 4814 }
wolfSSL 11:cee25a834751 4815
wolfSSL 11:cee25a834751 4816
wolfSSL 11:cee25a834751 4817 #elif defined(MICROCHIP_TCPIP_V5)
wolfSSL 11:cee25a834751 4818
wolfSSL 11:cee25a834751 4819 word32 LowResTimer(void)
wolfSSL 11:cee25a834751 4820 {
wolfSSL 11:cee25a834751 4821 return (word32) (TickGet() / TICKS_PER_SECOND);
wolfSSL 11:cee25a834751 4822 }
wolfSSL 11:cee25a834751 4823
wolfSSL 11:cee25a834751 4824
wolfSSL 11:cee25a834751 4825 #elif defined(MICROCHIP_TCPIP)
wolfSSL 11:cee25a834751 4826
wolfSSL 11:cee25a834751 4827 #if defined(MICROCHIP_MPLAB_HARMONY)
wolfSSL 11:cee25a834751 4828
wolfSSL 11:cee25a834751 4829 #include <system/tmr/sys_tmr.h>
wolfSSL 11:cee25a834751 4830
wolfSSL 11:cee25a834751 4831 word32 LowResTimer(void)
wolfSSL 11:cee25a834751 4832 {
wolfSSL 11:cee25a834751 4833 return (word32) (SYS_TMR_TickCountGet() /
wolfSSL 11:cee25a834751 4834 SYS_TMR_TickCounterFrequencyGet());
wolfSSL 11:cee25a834751 4835 }
wolfSSL 11:cee25a834751 4836
wolfSSL 11:cee25a834751 4837 #else
wolfSSL 11:cee25a834751 4838
wolfSSL 11:cee25a834751 4839 word32 LowResTimer(void)
wolfSSL 11:cee25a834751 4840 {
wolfSSL 11:cee25a834751 4841 return (word32) (SYS_TICK_Get() / SYS_TICK_TicksPerSecondGet());
wolfSSL 11:cee25a834751 4842 }
wolfSSL 11:cee25a834751 4843
wolfSSL 11:cee25a834751 4844 #endif
wolfSSL 11:cee25a834751 4845
wolfSSL 11:cee25a834751 4846 #elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX)
wolfSSL 11:cee25a834751 4847
wolfSSL 11:cee25a834751 4848 word32 LowResTimer(void)
wolfSSL 11:cee25a834751 4849 {
wolfSSL 11:cee25a834751 4850 TIME_STRUCT mqxTime;
wolfSSL 11:cee25a834751 4851
wolfSSL 11:cee25a834751 4852 _time_get_elapsed(&mqxTime);
wolfSSL 11:cee25a834751 4853
wolfSSL 11:cee25a834751 4854 return (word32) mqxTime.SECONDS;
wolfSSL 11:cee25a834751 4855 }
wolfSSL 11:cee25a834751 4856 #elif defined(FREESCALE_FREE_RTOS) || defined(FREESCALE_KSDK_FREERTOS)
wolfSSL 11:cee25a834751 4857
wolfSSL 11:cee25a834751 4858 #include "include/task.h"
wolfSSL 11:cee25a834751 4859
wolfSSL 11:cee25a834751 4860 unsigned int LowResTimer(void)
wolfSSL 11:cee25a834751 4861 {
wolfSSL 11:cee25a834751 4862 return (unsigned int)(((float)xTaskGetTickCount())/configTICK_RATE_HZ);
wolfSSL 11:cee25a834751 4863 }
wolfSSL 11:cee25a834751 4864
wolfSSL 11:cee25a834751 4865 #elif defined(FREESCALE_KSDK_BM)
wolfSSL 11:cee25a834751 4866
wolfSSL 11:cee25a834751 4867 #include "lwip/sys.h" /* lwIP */
wolfSSL 11:cee25a834751 4868 word32 LowResTimer(void)
wolfSSL 11:cee25a834751 4869 {
wolfSSL 11:cee25a834751 4870 return sys_now()/1000;
wolfSSL 11:cee25a834751 4871 }
wolfSSL 11:cee25a834751 4872
wolfSSL 11:cee25a834751 4873 #elif defined(WOLFSSL_TIRTOS)
wolfSSL 11:cee25a834751 4874
wolfSSL 11:cee25a834751 4875 word32 LowResTimer(void)
wolfSSL 11:cee25a834751 4876 {
wolfSSL 11:cee25a834751 4877 return (word32) Seconds_get();
wolfSSL 11:cee25a834751 4878 }
wolfSSL 11:cee25a834751 4879
wolfSSL 11:cee25a834751 4880 #elif defined(WOLFSSL_UTASKER)
wolfSSL 11:cee25a834751 4881
wolfSSL 11:cee25a834751 4882 word32 LowResTimer(void)
wolfSSL 11:cee25a834751 4883 {
wolfSSL 11:cee25a834751 4884 return (word32)(uTaskerSystemTick / TICK_RESOLUTION);
wolfSSL 11:cee25a834751 4885 }
wolfSSL 11:cee25a834751 4886
wolfSSL 11:cee25a834751 4887 #else
wolfSSL 11:cee25a834751 4888 /* Posix style time */
wolfSSL 11:cee25a834751 4889 #include <time.h>
wolfSSL 11:cee25a834751 4890
wolfSSL 11:cee25a834751 4891 word32 LowResTimer(void)
wolfSSL 11:cee25a834751 4892 {
wolfSSL 11:cee25a834751 4893 return (word32)time(0);
wolfSSL 11:cee25a834751 4894 }
wolfSSL 11:cee25a834751 4895
wolfSSL 11:cee25a834751 4896
wolfSSL 11:cee25a834751 4897 #endif
wolfSSL 11:cee25a834751 4898
wolfSSL 11:cee25a834751 4899
wolfSSL 11:cee25a834751 4900 #ifndef NO_CERTS
wolfSSL 11:cee25a834751 4901 static int HashOutputRaw(WOLFSSL* ssl, const byte* output, int sz)
wolfSSL 11:cee25a834751 4902 {
wolfSSL 11:cee25a834751 4903 int ret = 0;
wolfSSL 11:cee25a834751 4904
wolfSSL 11:cee25a834751 4905 (void)output;
wolfSSL 11:cee25a834751 4906 (void)sz;
wolfSSL 11:cee25a834751 4907
wolfSSL 11:cee25a834751 4908 #ifdef HAVE_FUZZER
wolfSSL 11:cee25a834751 4909 if (ssl->fuzzerCb)
wolfSSL 11:cee25a834751 4910 ssl->fuzzerCb(ssl, output, sz, FUZZ_HASH, ssl->fuzzerCtx);
wolfSSL 11:cee25a834751 4911 #endif
wolfSSL 11:cee25a834751 4912 #ifndef NO_OLD_TLS
wolfSSL 11:cee25a834751 4913 #ifndef NO_SHA
wolfSSL 11:cee25a834751 4914 wc_ShaUpdate(&ssl->hsHashes->hashSha, output, sz);
wolfSSL 11:cee25a834751 4915 #endif
wolfSSL 11:cee25a834751 4916 #ifndef NO_MD5
wolfSSL 11:cee25a834751 4917 wc_Md5Update(&ssl->hsHashes->hashMd5, output, sz);
wolfSSL 11:cee25a834751 4918 #endif
wolfSSL 11:cee25a834751 4919 #endif /* NO_OLD_TLS */
wolfSSL 11:cee25a834751 4920
wolfSSL 11:cee25a834751 4921 if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL 11:cee25a834751 4922 #ifndef NO_SHA256
wolfSSL 11:cee25a834751 4923 ret = wc_Sha256Update(&ssl->hsHashes->hashSha256, output, sz);
wolfSSL 11:cee25a834751 4924 if (ret != 0)
wolfSSL 11:cee25a834751 4925 return ret;
wolfSSL 11:cee25a834751 4926 #endif
wolfSSL 11:cee25a834751 4927 #ifdef WOLFSSL_SHA384
wolfSSL 11:cee25a834751 4928 ret = wc_Sha384Update(&ssl->hsHashes->hashSha384, output, sz);
wolfSSL 11:cee25a834751 4929 if (ret != 0)
wolfSSL 11:cee25a834751 4930 return ret;
wolfSSL 11:cee25a834751 4931 #endif
wolfSSL 11:cee25a834751 4932 #ifdef WOLFSSL_SHA512
wolfSSL 11:cee25a834751 4933 ret = wc_Sha512Update(&ssl->hsHashes->hashSha512, output, sz);
wolfSSL 11:cee25a834751 4934 if (ret != 0)
wolfSSL 11:cee25a834751 4935 return ret;
wolfSSL 11:cee25a834751 4936 #endif
wolfSSL 11:cee25a834751 4937 }
wolfSSL 11:cee25a834751 4938
wolfSSL 11:cee25a834751 4939 return ret;
wolfSSL 11:cee25a834751 4940 }
wolfSSL 11:cee25a834751 4941 #endif /* NO_CERTS */
wolfSSL 11:cee25a834751 4942
wolfSSL 11:cee25a834751 4943
wolfSSL 11:cee25a834751 4944 /* add output to md5 and sha handshake hashes, exclude record header */
wolfSSL 11:cee25a834751 4945 static int HashOutput(WOLFSSL* ssl, const byte* output, int sz, int ivSz)
wolfSSL 11:cee25a834751 4946 {
wolfSSL 11:cee25a834751 4947 int ret = 0;
wolfSSL 11:cee25a834751 4948 const byte* adj;
wolfSSL 11:cee25a834751 4949
wolfSSL 11:cee25a834751 4950 adj = output + RECORD_HEADER_SZ + ivSz;
wolfSSL 11:cee25a834751 4951 sz -= RECORD_HEADER_SZ;
wolfSSL 11:cee25a834751 4952
wolfSSL 11:cee25a834751 4953 #ifdef HAVE_FUZZER
wolfSSL 11:cee25a834751 4954 if (ssl->fuzzerCb)
wolfSSL 11:cee25a834751 4955 ssl->fuzzerCb(ssl, output, sz, FUZZ_HASH, ssl->fuzzerCtx);
wolfSSL 11:cee25a834751 4956 #endif
wolfSSL 11:cee25a834751 4957 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 4958 if (ssl->options.dtls) {
wolfSSL 11:cee25a834751 4959 adj += DTLS_RECORD_EXTRA;
wolfSSL 11:cee25a834751 4960 sz -= DTLS_RECORD_EXTRA;
wolfSSL 11:cee25a834751 4961 }
wolfSSL 11:cee25a834751 4962 #endif
wolfSSL 11:cee25a834751 4963 #ifndef NO_OLD_TLS
wolfSSL 11:cee25a834751 4964 #ifndef NO_SHA
wolfSSL 11:cee25a834751 4965 wc_ShaUpdate(&ssl->hsHashes->hashSha, adj, sz);
wolfSSL 11:cee25a834751 4966 #endif
wolfSSL 11:cee25a834751 4967 #ifndef NO_MD5
wolfSSL 11:cee25a834751 4968 wc_Md5Update(&ssl->hsHashes->hashMd5, adj, sz);
wolfSSL 11:cee25a834751 4969 #endif
wolfSSL 11:cee25a834751 4970 #endif
wolfSSL 11:cee25a834751 4971
wolfSSL 11:cee25a834751 4972 if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL 11:cee25a834751 4973 #ifndef NO_SHA256
wolfSSL 11:cee25a834751 4974 ret = wc_Sha256Update(&ssl->hsHashes->hashSha256, adj, sz);
wolfSSL 11:cee25a834751 4975 if (ret != 0)
wolfSSL 11:cee25a834751 4976 return ret;
wolfSSL 11:cee25a834751 4977 #endif
wolfSSL 11:cee25a834751 4978 #ifdef WOLFSSL_SHA384
wolfSSL 11:cee25a834751 4979 ret = wc_Sha384Update(&ssl->hsHashes->hashSha384, adj, sz);
wolfSSL 11:cee25a834751 4980 if (ret != 0)
wolfSSL 11:cee25a834751 4981 return ret;
wolfSSL 11:cee25a834751 4982 #endif
wolfSSL 11:cee25a834751 4983 #ifdef WOLFSSL_SHA512
wolfSSL 11:cee25a834751 4984 ret = wc_Sha512Update(&ssl->hsHashes->hashSha512, adj, sz);
wolfSSL 11:cee25a834751 4985 if (ret != 0)
wolfSSL 11:cee25a834751 4986 return ret;
wolfSSL 11:cee25a834751 4987 #endif
wolfSSL 11:cee25a834751 4988 }
wolfSSL 11:cee25a834751 4989
wolfSSL 11:cee25a834751 4990 return ret;
wolfSSL 11:cee25a834751 4991 }
wolfSSL 11:cee25a834751 4992
wolfSSL 11:cee25a834751 4993
wolfSSL 11:cee25a834751 4994 /* add input to md5 and sha handshake hashes, include handshake header */
wolfSSL 11:cee25a834751 4995 static int HashInput(WOLFSSL* ssl, const byte* input, int sz)
wolfSSL 11:cee25a834751 4996 {
wolfSSL 11:cee25a834751 4997 int ret = 0;
wolfSSL 11:cee25a834751 4998 const byte* adj;
wolfSSL 11:cee25a834751 4999
wolfSSL 11:cee25a834751 5000 adj = input - HANDSHAKE_HEADER_SZ;
wolfSSL 11:cee25a834751 5001 sz += HANDSHAKE_HEADER_SZ;
wolfSSL 11:cee25a834751 5002
wolfSSL 11:cee25a834751 5003 (void)adj;
wolfSSL 11:cee25a834751 5004
wolfSSL 11:cee25a834751 5005 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 5006 if (ssl->options.dtls) {
wolfSSL 11:cee25a834751 5007 adj -= DTLS_HANDSHAKE_EXTRA;
wolfSSL 11:cee25a834751 5008 sz += DTLS_HANDSHAKE_EXTRA;
wolfSSL 11:cee25a834751 5009 }
wolfSSL 11:cee25a834751 5010 #endif
wolfSSL 11:cee25a834751 5011
wolfSSL 11:cee25a834751 5012 #ifndef NO_OLD_TLS
wolfSSL 11:cee25a834751 5013 #ifndef NO_SHA
wolfSSL 11:cee25a834751 5014 wc_ShaUpdate(&ssl->hsHashes->hashSha, adj, sz);
wolfSSL 11:cee25a834751 5015 #endif
wolfSSL 11:cee25a834751 5016 #ifndef NO_MD5
wolfSSL 11:cee25a834751 5017 wc_Md5Update(&ssl->hsHashes->hashMd5, adj, sz);
wolfSSL 11:cee25a834751 5018 #endif
wolfSSL 11:cee25a834751 5019 #endif
wolfSSL 11:cee25a834751 5020
wolfSSL 11:cee25a834751 5021 if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL 11:cee25a834751 5022 #ifndef NO_SHA256
wolfSSL 11:cee25a834751 5023 ret = wc_Sha256Update(&ssl->hsHashes->hashSha256, adj, sz);
wolfSSL 11:cee25a834751 5024 if (ret != 0)
wolfSSL 11:cee25a834751 5025 return ret;
wolfSSL 11:cee25a834751 5026 #endif
wolfSSL 11:cee25a834751 5027 #ifdef WOLFSSL_SHA384
wolfSSL 11:cee25a834751 5028 ret = wc_Sha384Update(&ssl->hsHashes->hashSha384, adj, sz);
wolfSSL 11:cee25a834751 5029 if (ret != 0)
wolfSSL 11:cee25a834751 5030 return ret;
wolfSSL 11:cee25a834751 5031 #endif
wolfSSL 11:cee25a834751 5032 #ifdef WOLFSSL_SHA512
wolfSSL 11:cee25a834751 5033 ret = wc_Sha512Update(&ssl->hsHashes->hashSha512, adj, sz);
wolfSSL 11:cee25a834751 5034 if (ret != 0)
wolfSSL 11:cee25a834751 5035 return ret;
wolfSSL 11:cee25a834751 5036 #endif
wolfSSL 11:cee25a834751 5037 }
wolfSSL 11:cee25a834751 5038
wolfSSL 11:cee25a834751 5039 return ret;
wolfSSL 11:cee25a834751 5040 }
wolfSSL 11:cee25a834751 5041
wolfSSL 11:cee25a834751 5042
wolfSSL 11:cee25a834751 5043 /* add record layer header for message */
wolfSSL 11:cee25a834751 5044 static void AddRecordHeader(byte* output, word32 length, byte type, WOLFSSL* ssl)
wolfSSL 11:cee25a834751 5045 {
wolfSSL 11:cee25a834751 5046 RecordLayerHeader* rl;
wolfSSL 11:cee25a834751 5047
wolfSSL 11:cee25a834751 5048 /* record layer header */
wolfSSL 11:cee25a834751 5049 rl = (RecordLayerHeader*)output;
wolfSSL 11:cee25a834751 5050 if (rl == NULL) {
wolfSSL 11:cee25a834751 5051 return;
wolfSSL 11:cee25a834751 5052 }
wolfSSL 11:cee25a834751 5053 rl->type = type;
wolfSSL 11:cee25a834751 5054 rl->pvMajor = ssl->version.major; /* type and version same in each */
wolfSSL 11:cee25a834751 5055 rl->pvMinor = ssl->version.minor;
wolfSSL 11:cee25a834751 5056
wolfSSL 11:cee25a834751 5057 #ifdef WOLFSSL_ALTERNATIVE_DOWNGRADE
wolfSSL 11:cee25a834751 5058 if (ssl->options.side == WOLFSSL_CLIENT_END
wolfSSL 11:cee25a834751 5059 && ssl->options.connectState == CONNECT_BEGIN
wolfSSL 11:cee25a834751 5060 && !ssl->options.resuming) {
wolfSSL 11:cee25a834751 5061 rl->pvMinor = ssl->options.downgrade ? ssl->options.minDowngrade
wolfSSL 11:cee25a834751 5062 : ssl->version.minor;
wolfSSL 11:cee25a834751 5063 }
wolfSSL 11:cee25a834751 5064 #endif
wolfSSL 11:cee25a834751 5065
wolfSSL 11:cee25a834751 5066 if (!ssl->options.dtls) {
wolfSSL 11:cee25a834751 5067 c16toa((word16)length, rl->length);
wolfSSL 11:cee25a834751 5068 }
wolfSSL 11:cee25a834751 5069 else {
wolfSSL 11:cee25a834751 5070 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 5071 DtlsRecordLayerHeader* dtls;
wolfSSL 11:cee25a834751 5072
wolfSSL 11:cee25a834751 5073 /* dtls record layer header extensions */
wolfSSL 11:cee25a834751 5074 dtls = (DtlsRecordLayerHeader*)output;
wolfSSL 11:cee25a834751 5075 WriteSEQ(ssl, 0, dtls->sequence_number);
wolfSSL 11:cee25a834751 5076 c16toa((word16)length, dtls->length);
wolfSSL 11:cee25a834751 5077 #endif
wolfSSL 11:cee25a834751 5078 }
wolfSSL 11:cee25a834751 5079 }
wolfSSL 11:cee25a834751 5080
wolfSSL 11:cee25a834751 5081
wolfSSL 11:cee25a834751 5082 /* add handshake header for message */
wolfSSL 11:cee25a834751 5083 static void AddHandShakeHeader(byte* output, word32 length,
wolfSSL 11:cee25a834751 5084 word32 fragOffset, word32 fragLength,
wolfSSL 11:cee25a834751 5085 byte type, WOLFSSL* ssl)
wolfSSL 11:cee25a834751 5086 {
wolfSSL 11:cee25a834751 5087 HandShakeHeader* hs;
wolfSSL 11:cee25a834751 5088 (void)fragOffset;
wolfSSL 11:cee25a834751 5089 (void)fragLength;
wolfSSL 11:cee25a834751 5090 (void)ssl;
wolfSSL 11:cee25a834751 5091
wolfSSL 11:cee25a834751 5092 /* handshake header */
wolfSSL 11:cee25a834751 5093 hs = (HandShakeHeader*)output;
wolfSSL 11:cee25a834751 5094 hs->type = type;
wolfSSL 11:cee25a834751 5095 c32to24(length, hs->length); /* type and length same for each */
wolfSSL 11:cee25a834751 5096 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 5097 if (ssl->options.dtls) {
wolfSSL 11:cee25a834751 5098 DtlsHandShakeHeader* dtls;
wolfSSL 11:cee25a834751 5099
wolfSSL 11:cee25a834751 5100 /* dtls handshake header extensions */
wolfSSL 11:cee25a834751 5101 dtls = (DtlsHandShakeHeader*)output;
wolfSSL 11:cee25a834751 5102 c16toa(ssl->keys.dtls_handshake_number++, dtls->message_seq);
wolfSSL 11:cee25a834751 5103 c32to24(fragOffset, dtls->fragment_offset);
wolfSSL 11:cee25a834751 5104 c32to24(fragLength, dtls->fragment_length);
wolfSSL 11:cee25a834751 5105 }
wolfSSL 11:cee25a834751 5106 #endif
wolfSSL 11:cee25a834751 5107 }
wolfSSL 11:cee25a834751 5108
wolfSSL 11:cee25a834751 5109
wolfSSL 11:cee25a834751 5110 /* add both headers for handshake message */
wolfSSL 11:cee25a834751 5111 static void AddHeaders(byte* output, word32 length, byte type, WOLFSSL* ssl)
wolfSSL 11:cee25a834751 5112 {
wolfSSL 11:cee25a834751 5113 word32 lengthAdj = HANDSHAKE_HEADER_SZ;
wolfSSL 11:cee25a834751 5114 word32 outputAdj = RECORD_HEADER_SZ;
wolfSSL 11:cee25a834751 5115
wolfSSL 11:cee25a834751 5116 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 5117 if (ssl->options.dtls) {
wolfSSL 11:cee25a834751 5118 lengthAdj += DTLS_HANDSHAKE_EXTRA;
wolfSSL 11:cee25a834751 5119 outputAdj += DTLS_RECORD_EXTRA;
wolfSSL 11:cee25a834751 5120 }
wolfSSL 11:cee25a834751 5121 #endif
wolfSSL 11:cee25a834751 5122
wolfSSL 11:cee25a834751 5123 AddRecordHeader(output, length + lengthAdj, handshake, ssl);
wolfSSL 11:cee25a834751 5124 AddHandShakeHeader(output + outputAdj, length, 0, length, type, ssl);
wolfSSL 11:cee25a834751 5125 }
wolfSSL 11:cee25a834751 5126
wolfSSL 11:cee25a834751 5127
wolfSSL 11:cee25a834751 5128 #ifndef NO_CERTS
wolfSSL 11:cee25a834751 5129 static void AddFragHeaders(byte* output, word32 fragSz, word32 fragOffset,
wolfSSL 11:cee25a834751 5130 word32 length, byte type, WOLFSSL* ssl)
wolfSSL 11:cee25a834751 5131 {
wolfSSL 11:cee25a834751 5132 word32 lengthAdj = HANDSHAKE_HEADER_SZ;
wolfSSL 11:cee25a834751 5133 word32 outputAdj = RECORD_HEADER_SZ;
wolfSSL 11:cee25a834751 5134 (void)fragSz;
wolfSSL 11:cee25a834751 5135
wolfSSL 11:cee25a834751 5136 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 5137 if (ssl->options.dtls) {
wolfSSL 11:cee25a834751 5138 lengthAdj += DTLS_HANDSHAKE_EXTRA;
wolfSSL 11:cee25a834751 5139 outputAdj += DTLS_RECORD_EXTRA;
wolfSSL 11:cee25a834751 5140 }
wolfSSL 11:cee25a834751 5141 #endif
wolfSSL 11:cee25a834751 5142
wolfSSL 11:cee25a834751 5143 AddRecordHeader(output, fragSz + lengthAdj, handshake, ssl);
wolfSSL 11:cee25a834751 5144 AddHandShakeHeader(output + outputAdj, length, fragOffset, fragSz, type, ssl);
wolfSSL 11:cee25a834751 5145 }
wolfSSL 11:cee25a834751 5146 #endif /* NO_CERTS */
wolfSSL 11:cee25a834751 5147
wolfSSL 11:cee25a834751 5148
wolfSSL 11:cee25a834751 5149 /* return bytes received, -1 on error */
wolfSSL 11:cee25a834751 5150 static int Receive(WOLFSSL* ssl, byte* buf, word32 sz)
wolfSSL 11:cee25a834751 5151 {
wolfSSL 11:cee25a834751 5152 int recvd;
wolfSSL 11:cee25a834751 5153
wolfSSL 11:cee25a834751 5154 if (ssl->ctx->CBIORecv == NULL) {
wolfSSL 11:cee25a834751 5155 WOLFSSL_MSG("Your IO Recv callback is null, please set");
wolfSSL 11:cee25a834751 5156 return -1;
wolfSSL 11:cee25a834751 5157 }
wolfSSL 11:cee25a834751 5158
wolfSSL 11:cee25a834751 5159 retry:
wolfSSL 11:cee25a834751 5160 recvd = ssl->ctx->CBIORecv(ssl, (char *)buf, (int)sz, ssl->IOCB_ReadCtx);
wolfSSL 11:cee25a834751 5161 if (recvd < 0)
wolfSSL 11:cee25a834751 5162 switch (recvd) {
wolfSSL 11:cee25a834751 5163 case WOLFSSL_CBIO_ERR_GENERAL: /* general/unknown error */
wolfSSL 11:cee25a834751 5164 return -1;
wolfSSL 11:cee25a834751 5165
wolfSSL 11:cee25a834751 5166 case WOLFSSL_CBIO_ERR_WANT_READ: /* want read, would block */
wolfSSL 11:cee25a834751 5167 return WANT_READ;
wolfSSL 11:cee25a834751 5168
wolfSSL 11:cee25a834751 5169 case WOLFSSL_CBIO_ERR_CONN_RST: /* connection reset */
wolfSSL 11:cee25a834751 5170 #ifdef USE_WINDOWS_API
wolfSSL 11:cee25a834751 5171 if (ssl->options.dtls) {
wolfSSL 11:cee25a834751 5172 goto retry;
wolfSSL 11:cee25a834751 5173 }
wolfSSL 11:cee25a834751 5174 #endif
wolfSSL 11:cee25a834751 5175 ssl->options.connReset = 1;
wolfSSL 11:cee25a834751 5176 return -1;
wolfSSL 11:cee25a834751 5177
wolfSSL 11:cee25a834751 5178 case WOLFSSL_CBIO_ERR_ISR: /* interrupt */
wolfSSL 11:cee25a834751 5179 /* see if we got our timeout */
wolfSSL 11:cee25a834751 5180 #ifdef WOLFSSL_CALLBACKS
wolfSSL 11:cee25a834751 5181 if (ssl->toInfoOn) {
wolfSSL 11:cee25a834751 5182 struct itimerval timeout;
wolfSSL 11:cee25a834751 5183 getitimer(ITIMER_REAL, &timeout);
wolfSSL 11:cee25a834751 5184 if (timeout.it_value.tv_sec == 0 &&
wolfSSL 11:cee25a834751 5185 timeout.it_value.tv_usec == 0) {
wolfSSL 11:cee25a834751 5186 XSTRNCPY(ssl->timeoutInfo.timeoutName,
wolfSSL 11:cee25a834751 5187 "recv() timeout", MAX_TIMEOUT_NAME_SZ);
wolfSSL 11:cee25a834751 5188 WOLFSSL_MSG("Got our timeout");
wolfSSL 11:cee25a834751 5189 return WANT_READ;
wolfSSL 11:cee25a834751 5190 }
wolfSSL 11:cee25a834751 5191 }
wolfSSL 11:cee25a834751 5192 #endif
wolfSSL 11:cee25a834751 5193 goto retry;
wolfSSL 11:cee25a834751 5194
wolfSSL 11:cee25a834751 5195 case WOLFSSL_CBIO_ERR_CONN_CLOSE: /* peer closed connection */
wolfSSL 11:cee25a834751 5196 ssl->options.isClosed = 1;
wolfSSL 11:cee25a834751 5197 return -1;
wolfSSL 11:cee25a834751 5198
wolfSSL 11:cee25a834751 5199 case WOLFSSL_CBIO_ERR_TIMEOUT:
wolfSSL 11:cee25a834751 5200 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 5201 if (IsDtlsNotSctpMode(ssl) &&
wolfSSL 11:cee25a834751 5202 !ssl->options.handShakeDone &&
wolfSSL 11:cee25a834751 5203 DtlsMsgPoolTimeout(ssl) == 0 &&
wolfSSL 11:cee25a834751 5204 DtlsMsgPoolSend(ssl, 0) == 0) {
wolfSSL 11:cee25a834751 5205
wolfSSL 11:cee25a834751 5206 goto retry;
wolfSSL 11:cee25a834751 5207 }
wolfSSL 11:cee25a834751 5208 #endif
wolfSSL 11:cee25a834751 5209 return -1;
wolfSSL 11:cee25a834751 5210
wolfSSL 11:cee25a834751 5211 default:
wolfSSL 11:cee25a834751 5212 return recvd;
wolfSSL 11:cee25a834751 5213 }
wolfSSL 11:cee25a834751 5214
wolfSSL 11:cee25a834751 5215 return recvd;
wolfSSL 11:cee25a834751 5216 }
wolfSSL 11:cee25a834751 5217
wolfSSL 11:cee25a834751 5218
wolfSSL 11:cee25a834751 5219 /* Switch dynamic output buffer back to static, buffer is assumed clear */
wolfSSL 11:cee25a834751 5220 void ShrinkOutputBuffer(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 5221 {
wolfSSL 11:cee25a834751 5222 WOLFSSL_MSG("Shrinking output buffer\n");
wolfSSL 11:cee25a834751 5223 XFREE(ssl->buffers.outputBuffer.buffer - ssl->buffers.outputBuffer.offset,
wolfSSL 11:cee25a834751 5224 ssl->heap, DYNAMIC_TYPE_OUT_BUFFER);
wolfSSL 11:cee25a834751 5225 ssl->buffers.outputBuffer.buffer = ssl->buffers.outputBuffer.staticBuffer;
wolfSSL 11:cee25a834751 5226 ssl->buffers.outputBuffer.bufferSize = STATIC_BUFFER_LEN;
wolfSSL 11:cee25a834751 5227 ssl->buffers.outputBuffer.dynamicFlag = 0;
wolfSSL 11:cee25a834751 5228 ssl->buffers.outputBuffer.offset = 0;
wolfSSL 11:cee25a834751 5229 }
wolfSSL 11:cee25a834751 5230
wolfSSL 11:cee25a834751 5231
wolfSSL 11:cee25a834751 5232 /* Switch dynamic input buffer back to static, keep any remaining input */
wolfSSL 11:cee25a834751 5233 /* forced free means cleaning up */
wolfSSL 11:cee25a834751 5234 void ShrinkInputBuffer(WOLFSSL* ssl, int forcedFree)
wolfSSL 11:cee25a834751 5235 {
wolfSSL 11:cee25a834751 5236 int usedLength = ssl->buffers.inputBuffer.length -
wolfSSL 11:cee25a834751 5237 ssl->buffers.inputBuffer.idx;
wolfSSL 11:cee25a834751 5238 if (!forcedFree && usedLength > STATIC_BUFFER_LEN)
wolfSSL 11:cee25a834751 5239 return;
wolfSSL 11:cee25a834751 5240
wolfSSL 11:cee25a834751 5241 WOLFSSL_MSG("Shrinking input buffer\n");
wolfSSL 11:cee25a834751 5242
wolfSSL 11:cee25a834751 5243 if (!forcedFree && usedLength > 0)
wolfSSL 11:cee25a834751 5244 XMEMCPY(ssl->buffers.inputBuffer.staticBuffer,
wolfSSL 11:cee25a834751 5245 ssl->buffers.inputBuffer.buffer + ssl->buffers.inputBuffer.idx,
wolfSSL 11:cee25a834751 5246 usedLength);
wolfSSL 11:cee25a834751 5247
wolfSSL 11:cee25a834751 5248 XFREE(ssl->buffers.inputBuffer.buffer - ssl->buffers.inputBuffer.offset,
wolfSSL 11:cee25a834751 5249 ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
wolfSSL 11:cee25a834751 5250 ssl->buffers.inputBuffer.buffer = ssl->buffers.inputBuffer.staticBuffer;
wolfSSL 11:cee25a834751 5251 ssl->buffers.inputBuffer.bufferSize = STATIC_BUFFER_LEN;
wolfSSL 11:cee25a834751 5252 ssl->buffers.inputBuffer.dynamicFlag = 0;
wolfSSL 11:cee25a834751 5253 ssl->buffers.inputBuffer.offset = 0;
wolfSSL 11:cee25a834751 5254 ssl->buffers.inputBuffer.idx = 0;
wolfSSL 11:cee25a834751 5255 ssl->buffers.inputBuffer.length = usedLength;
wolfSSL 11:cee25a834751 5256 }
wolfSSL 11:cee25a834751 5257
wolfSSL 11:cee25a834751 5258 int SendBuffered(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 5259 {
wolfSSL 11:cee25a834751 5260 if (ssl->ctx->CBIOSend == NULL) {
wolfSSL 11:cee25a834751 5261 WOLFSSL_MSG("Your IO Send callback is null, please set");
wolfSSL 11:cee25a834751 5262 return SOCKET_ERROR_E;
wolfSSL 11:cee25a834751 5263 }
wolfSSL 11:cee25a834751 5264
wolfSSL 11:cee25a834751 5265 while (ssl->buffers.outputBuffer.length > 0) {
wolfSSL 11:cee25a834751 5266 int sent = ssl->ctx->CBIOSend(ssl,
wolfSSL 11:cee25a834751 5267 (char*)ssl->buffers.outputBuffer.buffer +
wolfSSL 11:cee25a834751 5268 ssl->buffers.outputBuffer.idx,
wolfSSL 11:cee25a834751 5269 (int)ssl->buffers.outputBuffer.length,
wolfSSL 11:cee25a834751 5270 ssl->IOCB_WriteCtx);
wolfSSL 11:cee25a834751 5271 if (sent < 0) {
wolfSSL 11:cee25a834751 5272 switch (sent) {
wolfSSL 11:cee25a834751 5273
wolfSSL 11:cee25a834751 5274 case WOLFSSL_CBIO_ERR_WANT_WRITE: /* would block */
wolfSSL 11:cee25a834751 5275 return WANT_WRITE;
wolfSSL 11:cee25a834751 5276
wolfSSL 11:cee25a834751 5277 case WOLFSSL_CBIO_ERR_CONN_RST: /* connection reset */
wolfSSL 11:cee25a834751 5278 ssl->options.connReset = 1;
wolfSSL 11:cee25a834751 5279 break;
wolfSSL 11:cee25a834751 5280
wolfSSL 11:cee25a834751 5281 case WOLFSSL_CBIO_ERR_ISR: /* interrupt */
wolfSSL 11:cee25a834751 5282 /* see if we got our timeout */
wolfSSL 11:cee25a834751 5283 #ifdef WOLFSSL_CALLBACKS
wolfSSL 11:cee25a834751 5284 if (ssl->toInfoOn) {
wolfSSL 11:cee25a834751 5285 struct itimerval timeout;
wolfSSL 11:cee25a834751 5286 getitimer(ITIMER_REAL, &timeout);
wolfSSL 11:cee25a834751 5287 if (timeout.it_value.tv_sec == 0 &&
wolfSSL 11:cee25a834751 5288 timeout.it_value.tv_usec == 0) {
wolfSSL 11:cee25a834751 5289 XSTRNCPY(ssl->timeoutInfo.timeoutName,
wolfSSL 11:cee25a834751 5290 "send() timeout", MAX_TIMEOUT_NAME_SZ);
wolfSSL 11:cee25a834751 5291 WOLFSSL_MSG("Got our timeout");
wolfSSL 11:cee25a834751 5292 return WANT_WRITE;
wolfSSL 11:cee25a834751 5293 }
wolfSSL 11:cee25a834751 5294 }
wolfSSL 11:cee25a834751 5295 #endif
wolfSSL 11:cee25a834751 5296 continue;
wolfSSL 11:cee25a834751 5297
wolfSSL 11:cee25a834751 5298 case WOLFSSL_CBIO_ERR_CONN_CLOSE: /* epipe / conn closed */
wolfSSL 11:cee25a834751 5299 ssl->options.connReset = 1; /* treat same as reset */
wolfSSL 11:cee25a834751 5300 break;
wolfSSL 11:cee25a834751 5301
wolfSSL 11:cee25a834751 5302 default:
wolfSSL 11:cee25a834751 5303 return SOCKET_ERROR_E;
wolfSSL 11:cee25a834751 5304 }
wolfSSL 11:cee25a834751 5305
wolfSSL 11:cee25a834751 5306 return SOCKET_ERROR_E;
wolfSSL 11:cee25a834751 5307 }
wolfSSL 11:cee25a834751 5308
wolfSSL 11:cee25a834751 5309 if (sent > (int)ssl->buffers.outputBuffer.length) {
wolfSSL 11:cee25a834751 5310 WOLFSSL_MSG("SendBuffered() out of bounds read");
wolfSSL 11:cee25a834751 5311 return SEND_OOB_READ_E;
wolfSSL 11:cee25a834751 5312 }
wolfSSL 11:cee25a834751 5313
wolfSSL 11:cee25a834751 5314 ssl->buffers.outputBuffer.idx += sent;
wolfSSL 11:cee25a834751 5315 ssl->buffers.outputBuffer.length -= sent;
wolfSSL 11:cee25a834751 5316 }
wolfSSL 11:cee25a834751 5317
wolfSSL 11:cee25a834751 5318 ssl->buffers.outputBuffer.idx = 0;
wolfSSL 11:cee25a834751 5319
wolfSSL 11:cee25a834751 5320 if (ssl->buffers.outputBuffer.dynamicFlag)
wolfSSL 11:cee25a834751 5321 ShrinkOutputBuffer(ssl);
wolfSSL 11:cee25a834751 5322
wolfSSL 11:cee25a834751 5323 return 0;
wolfSSL 11:cee25a834751 5324 }
wolfSSL 11:cee25a834751 5325
wolfSSL 11:cee25a834751 5326
wolfSSL 11:cee25a834751 5327 /* Grow the output buffer */
wolfSSL 11:cee25a834751 5328 static INLINE int GrowOutputBuffer(WOLFSSL* ssl, int size)
wolfSSL 11:cee25a834751 5329 {
wolfSSL 11:cee25a834751 5330 byte* tmp;
wolfSSL 11:cee25a834751 5331 #if WOLFSSL_GENERAL_ALIGNMENT > 0
wolfSSL 11:cee25a834751 5332 byte hdrSz = ssl->options.dtls ? DTLS_RECORD_HEADER_SZ :
wolfSSL 11:cee25a834751 5333 RECORD_HEADER_SZ;
wolfSSL 11:cee25a834751 5334 byte align = WOLFSSL_GENERAL_ALIGNMENT;
wolfSSL 11:cee25a834751 5335 #else
wolfSSL 11:cee25a834751 5336 const byte align = WOLFSSL_GENERAL_ALIGNMENT;
wolfSSL 11:cee25a834751 5337 #endif
wolfSSL 11:cee25a834751 5338
wolfSSL 11:cee25a834751 5339 #if WOLFSSL_GENERAL_ALIGNMENT > 0
wolfSSL 11:cee25a834751 5340 /* the encrypted data will be offset from the front of the buffer by
wolfSSL 11:cee25a834751 5341 the header, if the user wants encrypted alignment they need
wolfSSL 11:cee25a834751 5342 to define their alignment requirement */
wolfSSL 11:cee25a834751 5343
wolfSSL 11:cee25a834751 5344 if (align) {
wolfSSL 11:cee25a834751 5345 while (align < hdrSz)
wolfSSL 11:cee25a834751 5346 align *= 2;
wolfSSL 11:cee25a834751 5347 }
wolfSSL 11:cee25a834751 5348 #endif
wolfSSL 11:cee25a834751 5349
wolfSSL 11:cee25a834751 5350 tmp = (byte*)XMALLOC(size + ssl->buffers.outputBuffer.length + align,
wolfSSL 11:cee25a834751 5351 ssl->heap, DYNAMIC_TYPE_OUT_BUFFER);
wolfSSL 11:cee25a834751 5352 WOLFSSL_MSG("growing output buffer\n");
wolfSSL 11:cee25a834751 5353
wolfSSL 11:cee25a834751 5354 if (tmp == NULL)
wolfSSL 11:cee25a834751 5355 return MEMORY_E;
wolfSSL 11:cee25a834751 5356
wolfSSL 11:cee25a834751 5357 #if WOLFSSL_GENERAL_ALIGNMENT > 0
wolfSSL 11:cee25a834751 5358 if (align)
wolfSSL 11:cee25a834751 5359 tmp += align - hdrSz;
wolfSSL 11:cee25a834751 5360 #endif
wolfSSL 11:cee25a834751 5361
wolfSSL 11:cee25a834751 5362 if (ssl->buffers.outputBuffer.length)
wolfSSL 11:cee25a834751 5363 XMEMCPY(tmp, ssl->buffers.outputBuffer.buffer,
wolfSSL 11:cee25a834751 5364 ssl->buffers.outputBuffer.length);
wolfSSL 11:cee25a834751 5365
wolfSSL 11:cee25a834751 5366 if (ssl->buffers.outputBuffer.dynamicFlag)
wolfSSL 11:cee25a834751 5367 XFREE(ssl->buffers.outputBuffer.buffer -
wolfSSL 11:cee25a834751 5368 ssl->buffers.outputBuffer.offset, ssl->heap,
wolfSSL 11:cee25a834751 5369 DYNAMIC_TYPE_OUT_BUFFER);
wolfSSL 11:cee25a834751 5370 ssl->buffers.outputBuffer.dynamicFlag = 1;
wolfSSL 11:cee25a834751 5371
wolfSSL 11:cee25a834751 5372 #if WOLFSSL_GENERAL_ALIGNMENT > 0
wolfSSL 11:cee25a834751 5373 if (align)
wolfSSL 11:cee25a834751 5374 ssl->buffers.outputBuffer.offset = align - hdrSz;
wolfSSL 11:cee25a834751 5375 else
wolfSSL 11:cee25a834751 5376 #endif
wolfSSL 11:cee25a834751 5377 ssl->buffers.outputBuffer.offset = 0;
wolfSSL 11:cee25a834751 5378
wolfSSL 11:cee25a834751 5379 ssl->buffers.outputBuffer.buffer = tmp;
wolfSSL 11:cee25a834751 5380 ssl->buffers.outputBuffer.bufferSize = size +
wolfSSL 11:cee25a834751 5381 ssl->buffers.outputBuffer.length;
wolfSSL 11:cee25a834751 5382 return 0;
wolfSSL 11:cee25a834751 5383 }
wolfSSL 11:cee25a834751 5384
wolfSSL 11:cee25a834751 5385
wolfSSL 11:cee25a834751 5386 /* Grow the input buffer, should only be to read cert or big app data */
wolfSSL 11:cee25a834751 5387 int GrowInputBuffer(WOLFSSL* ssl, int size, int usedLength)
wolfSSL 11:cee25a834751 5388 {
wolfSSL 11:cee25a834751 5389 byte* tmp;
wolfSSL 11:cee25a834751 5390 #if defined(WOLFSSL_DTLS) || WOLFSSL_GENERAL_ALIGNMENT > 0
wolfSSL 11:cee25a834751 5391 byte align = ssl->options.dtls ? WOLFSSL_GENERAL_ALIGNMENT : 0;
wolfSSL 11:cee25a834751 5392 byte hdrSz = DTLS_RECORD_HEADER_SZ;
wolfSSL 11:cee25a834751 5393 #else
wolfSSL 11:cee25a834751 5394 const byte align = WOLFSSL_GENERAL_ALIGNMENT;
wolfSSL 11:cee25a834751 5395 #endif
wolfSSL 11:cee25a834751 5396
wolfSSL 11:cee25a834751 5397 #if defined(WOLFSSL_DTLS) || WOLFSSL_GENERAL_ALIGNMENT > 0
wolfSSL 11:cee25a834751 5398 /* the encrypted data will be offset from the front of the buffer by
wolfSSL 11:cee25a834751 5399 the dtls record header, if the user wants encrypted alignment they need
wolfSSL 11:cee25a834751 5400 to define their alignment requirement. in tls we read record header
wolfSSL 11:cee25a834751 5401 to get size of record and put actual data back at front, so don't need */
wolfSSL 11:cee25a834751 5402
wolfSSL 11:cee25a834751 5403 if (align) {
wolfSSL 11:cee25a834751 5404 while (align < hdrSz)
wolfSSL 11:cee25a834751 5405 align *= 2;
wolfSSL 11:cee25a834751 5406 }
wolfSSL 11:cee25a834751 5407 #endif
wolfSSL 11:cee25a834751 5408
wolfSSL 11:cee25a834751 5409 if (usedLength < 0 || size < 0) {
wolfSSL 11:cee25a834751 5410 WOLFSSL_MSG("GrowInputBuffer() called with negative number");
wolfSSL 11:cee25a834751 5411 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 5412 }
wolfSSL 11:cee25a834751 5413
wolfSSL 11:cee25a834751 5414 tmp = (byte*)XMALLOC(size + usedLength + align,
wolfSSL 11:cee25a834751 5415 ssl->heap, DYNAMIC_TYPE_IN_BUFFER);
wolfSSL 11:cee25a834751 5416 WOLFSSL_MSG("growing input buffer\n");
wolfSSL 11:cee25a834751 5417
wolfSSL 11:cee25a834751 5418 if (tmp == NULL)
wolfSSL 11:cee25a834751 5419 return MEMORY_E;
wolfSSL 11:cee25a834751 5420
wolfSSL 11:cee25a834751 5421 #if defined(WOLFSSL_DTLS) || WOLFSSL_GENERAL_ALIGNMENT > 0
wolfSSL 11:cee25a834751 5422 if (align)
wolfSSL 11:cee25a834751 5423 tmp += align - hdrSz;
wolfSSL 11:cee25a834751 5424 #endif
wolfSSL 11:cee25a834751 5425
wolfSSL 11:cee25a834751 5426 if (usedLength)
wolfSSL 11:cee25a834751 5427 XMEMCPY(tmp, ssl->buffers.inputBuffer.buffer +
wolfSSL 11:cee25a834751 5428 ssl->buffers.inputBuffer.idx, usedLength);
wolfSSL 11:cee25a834751 5429
wolfSSL 11:cee25a834751 5430 if (ssl->buffers.inputBuffer.dynamicFlag)
wolfSSL 11:cee25a834751 5431 XFREE(ssl->buffers.inputBuffer.buffer - ssl->buffers.inputBuffer.offset,
wolfSSL 11:cee25a834751 5432 ssl->heap,DYNAMIC_TYPE_IN_BUFFER);
wolfSSL 11:cee25a834751 5433
wolfSSL 11:cee25a834751 5434 ssl->buffers.inputBuffer.dynamicFlag = 1;
wolfSSL 11:cee25a834751 5435 #if defined(WOLFSSL_DTLS) || WOLFSSL_GENERAL_ALIGNMENT > 0
wolfSSL 11:cee25a834751 5436 if (align)
wolfSSL 11:cee25a834751 5437 ssl->buffers.inputBuffer.offset = align - hdrSz;
wolfSSL 11:cee25a834751 5438 else
wolfSSL 11:cee25a834751 5439 #endif
wolfSSL 11:cee25a834751 5440 ssl->buffers.inputBuffer.offset = 0;
wolfSSL 11:cee25a834751 5441
wolfSSL 11:cee25a834751 5442 ssl->buffers.inputBuffer.buffer = tmp;
wolfSSL 11:cee25a834751 5443 ssl->buffers.inputBuffer.bufferSize = size + usedLength;
wolfSSL 11:cee25a834751 5444 ssl->buffers.inputBuffer.idx = 0;
wolfSSL 11:cee25a834751 5445 ssl->buffers.inputBuffer.length = usedLength;
wolfSSL 11:cee25a834751 5446
wolfSSL 11:cee25a834751 5447 return 0;
wolfSSL 11:cee25a834751 5448 }
wolfSSL 11:cee25a834751 5449
wolfSSL 11:cee25a834751 5450
wolfSSL 11:cee25a834751 5451 /* check available size into output buffer, make room if needed */
wolfSSL 11:cee25a834751 5452 int CheckAvailableSize(WOLFSSL *ssl, int size)
wolfSSL 11:cee25a834751 5453 {
wolfSSL 11:cee25a834751 5454 if (size < 0) {
wolfSSL 11:cee25a834751 5455 WOLFSSL_MSG("CheckAvailableSize() called with negative number");
wolfSSL 11:cee25a834751 5456 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 5457 }
wolfSSL 11:cee25a834751 5458
wolfSSL 11:cee25a834751 5459 if (ssl->buffers.outputBuffer.bufferSize - ssl->buffers.outputBuffer.length
wolfSSL 11:cee25a834751 5460 < (word32)size) {
wolfSSL 11:cee25a834751 5461 if (GrowOutputBuffer(ssl, size) < 0)
wolfSSL 11:cee25a834751 5462 return MEMORY_E;
wolfSSL 11:cee25a834751 5463 }
wolfSSL 11:cee25a834751 5464
wolfSSL 11:cee25a834751 5465 return 0;
wolfSSL 11:cee25a834751 5466 }
wolfSSL 11:cee25a834751 5467
wolfSSL 11:cee25a834751 5468
wolfSSL 11:cee25a834751 5469 /* do all verify and sanity checks on record header */
wolfSSL 11:cee25a834751 5470 static int GetRecordHeader(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
wolfSSL 11:cee25a834751 5471 RecordLayerHeader* rh, word16 *size)
wolfSSL 11:cee25a834751 5472 {
wolfSSL 11:cee25a834751 5473 if (!ssl->options.dtls) {
wolfSSL 11:cee25a834751 5474 #ifdef HAVE_FUZZER
wolfSSL 11:cee25a834751 5475 if (ssl->fuzzerCb)
wolfSSL 11:cee25a834751 5476 ssl->fuzzerCb(ssl, input + *inOutIdx, RECORD_HEADER_SZ, FUZZ_HEAD,
wolfSSL 11:cee25a834751 5477 ssl->fuzzerCtx);
wolfSSL 11:cee25a834751 5478 #endif
wolfSSL 11:cee25a834751 5479 XMEMCPY(rh, input + *inOutIdx, RECORD_HEADER_SZ);
wolfSSL 11:cee25a834751 5480 *inOutIdx += RECORD_HEADER_SZ;
wolfSSL 11:cee25a834751 5481 ato16(rh->length, size);
wolfSSL 11:cee25a834751 5482 }
wolfSSL 11:cee25a834751 5483 else {
wolfSSL 11:cee25a834751 5484 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 5485 #ifdef HAVE_FUZZER
wolfSSL 11:cee25a834751 5486 if (ssl->fuzzerCb)
wolfSSL 11:cee25a834751 5487 ssl->fuzzerCb(ssl, input + *inOutIdx, DTLS_RECORD_HEADER_SZ,
wolfSSL 11:cee25a834751 5488 FUZZ_HEAD, ssl->fuzzerCtx);
wolfSSL 11:cee25a834751 5489 #endif
wolfSSL 11:cee25a834751 5490 /* type and version in same sport */
wolfSSL 11:cee25a834751 5491 XMEMCPY(rh, input + *inOutIdx, ENUM_LEN + VERSION_SZ);
wolfSSL 11:cee25a834751 5492 *inOutIdx += ENUM_LEN + VERSION_SZ;
wolfSSL 11:cee25a834751 5493 ato16(input + *inOutIdx, &ssl->keys.curEpoch);
wolfSSL 11:cee25a834751 5494 *inOutIdx += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 5495 ato16(input + *inOutIdx, &ssl->keys.curSeq_hi);
wolfSSL 11:cee25a834751 5496 *inOutIdx += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 5497 ato32(input + *inOutIdx, &ssl->keys.curSeq_lo);
wolfSSL 11:cee25a834751 5498 *inOutIdx += OPAQUE32_LEN; /* advance past rest of seq */
wolfSSL 11:cee25a834751 5499 ato16(input + *inOutIdx, size);
wolfSSL 11:cee25a834751 5500 *inOutIdx += LENGTH_SZ;
wolfSSL 11:cee25a834751 5501 #endif
wolfSSL 11:cee25a834751 5502 }
wolfSSL 11:cee25a834751 5503
wolfSSL 11:cee25a834751 5504 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 5505 if (IsDtlsNotSctpMode(ssl) &&
wolfSSL 11:cee25a834751 5506 (!DtlsCheckWindow(ssl) ||
wolfSSL 11:cee25a834751 5507 (ssl->options.handShakeDone && ssl->keys.curEpoch == 0))) {
wolfSSL 11:cee25a834751 5508 return SEQUENCE_ERROR;
wolfSSL 11:cee25a834751 5509 }
wolfSSL 11:cee25a834751 5510 #endif
wolfSSL 11:cee25a834751 5511
wolfSSL 11:cee25a834751 5512 #ifdef OPENSSL_EXTRA
wolfSSL 11:cee25a834751 5513 /* case where specific protocols are turned off */
wolfSSL 11:cee25a834751 5514 if (!ssl->options.dtls && ssl->options.mask > 0) {
wolfSSL 11:cee25a834751 5515 if (rh->pvMinor == SSLv3_MINOR &&
wolfSSL 11:cee25a834751 5516 (ssl->options.mask & SSL_OP_NO_SSLv3) == SSL_OP_NO_SSLv3) {
wolfSSL 11:cee25a834751 5517 WOLFSSL_MSG("Option set to not allow SSLv3");
wolfSSL 11:cee25a834751 5518 return VERSION_ERROR;
wolfSSL 11:cee25a834751 5519 }
wolfSSL 11:cee25a834751 5520 if (rh->pvMinor == TLSv1_MINOR &&
wolfSSL 11:cee25a834751 5521 (ssl->options.mask & SSL_OP_NO_TLSv1) == SSL_OP_NO_TLSv1) {
wolfSSL 11:cee25a834751 5522 WOLFSSL_MSG("Option set to not allow TLSv1");
wolfSSL 11:cee25a834751 5523 return VERSION_ERROR;
wolfSSL 11:cee25a834751 5524 }
wolfSSL 11:cee25a834751 5525 if (rh->pvMinor == TLSv1_1_MINOR &&
wolfSSL 11:cee25a834751 5526 (ssl->options.mask & SSL_OP_NO_TLSv1_1) == SSL_OP_NO_TLSv1_1) {
wolfSSL 11:cee25a834751 5527 WOLFSSL_MSG("Option set to not allow TLSv1.1");
wolfSSL 11:cee25a834751 5528 return VERSION_ERROR;
wolfSSL 11:cee25a834751 5529 }
wolfSSL 11:cee25a834751 5530 if (rh->pvMinor == TLSv1_2_MINOR &&
wolfSSL 11:cee25a834751 5531 (ssl->options.mask & SSL_OP_NO_TLSv1_2) == SSL_OP_NO_TLSv1_2) {
wolfSSL 11:cee25a834751 5532 WOLFSSL_MSG("Option set to not allow TLSv1.2");
wolfSSL 11:cee25a834751 5533 return VERSION_ERROR;
wolfSSL 11:cee25a834751 5534 }
wolfSSL 11:cee25a834751 5535 }
wolfSSL 11:cee25a834751 5536 #endif /* OPENSSL_EXTRA */
wolfSSL 11:cee25a834751 5537
wolfSSL 11:cee25a834751 5538 /* catch version mismatch */
wolfSSL 11:cee25a834751 5539 if (rh->pvMajor != ssl->version.major || rh->pvMinor != ssl->version.minor){
wolfSSL 11:cee25a834751 5540 if (ssl->options.side == WOLFSSL_SERVER_END &&
wolfSSL 11:cee25a834751 5541 ssl->options.acceptState < ACCEPT_FIRST_REPLY_DONE)
wolfSSL 11:cee25a834751 5542
wolfSSL 11:cee25a834751 5543 WOLFSSL_MSG("Client attempting to connect with different version");
wolfSSL 11:cee25a834751 5544 else if (ssl->options.side == WOLFSSL_CLIENT_END &&
wolfSSL 11:cee25a834751 5545 ssl->options.downgrade &&
wolfSSL 11:cee25a834751 5546 ssl->options.connectState < FIRST_REPLY_DONE)
wolfSSL 11:cee25a834751 5547 WOLFSSL_MSG("Server attempting to accept with different version");
wolfSSL 11:cee25a834751 5548 else if (ssl->options.dtls && rh->type == handshake)
wolfSSL 11:cee25a834751 5549 /* Check the DTLS handshake message RH version later. */
wolfSSL 11:cee25a834751 5550 WOLFSSL_MSG("DTLS handshake, skip RH version number check");
wolfSSL 11:cee25a834751 5551 else {
wolfSSL 11:cee25a834751 5552 WOLFSSL_MSG("SSL version error");
wolfSSL 11:cee25a834751 5553 return VERSION_ERROR; /* only use requested version */
wolfSSL 11:cee25a834751 5554 }
wolfSSL 11:cee25a834751 5555 }
wolfSSL 11:cee25a834751 5556
wolfSSL 11:cee25a834751 5557 /* record layer length check */
wolfSSL 11:cee25a834751 5558 #ifdef HAVE_MAX_FRAGMENT
wolfSSL 11:cee25a834751 5559 if (*size > (ssl->max_fragment + MAX_COMP_EXTRA + MAX_MSG_EXTRA)) {
wolfSSL 11:cee25a834751 5560 SendAlert(ssl, alert_fatal, record_overflow);
wolfSSL 11:cee25a834751 5561 return LENGTH_ERROR;
wolfSSL 11:cee25a834751 5562 }
wolfSSL 11:cee25a834751 5563 #else
wolfSSL 11:cee25a834751 5564 if (*size > (MAX_RECORD_SIZE + MAX_COMP_EXTRA + MAX_MSG_EXTRA))
wolfSSL 11:cee25a834751 5565 return LENGTH_ERROR;
wolfSSL 11:cee25a834751 5566 #endif
wolfSSL 11:cee25a834751 5567
wolfSSL 11:cee25a834751 5568 /* verify record type here as well */
wolfSSL 11:cee25a834751 5569 switch (rh->type) {
wolfSSL 11:cee25a834751 5570 case handshake:
wolfSSL 11:cee25a834751 5571 case change_cipher_spec:
wolfSSL 11:cee25a834751 5572 case application_data:
wolfSSL 11:cee25a834751 5573 case alert:
wolfSSL 11:cee25a834751 5574 break;
wolfSSL 11:cee25a834751 5575 case no_type:
wolfSSL 11:cee25a834751 5576 default:
wolfSSL 11:cee25a834751 5577 WOLFSSL_MSG("Unknown Record Type");
wolfSSL 11:cee25a834751 5578 return UNKNOWN_RECORD_TYPE;
wolfSSL 11:cee25a834751 5579 }
wolfSSL 11:cee25a834751 5580
wolfSSL 11:cee25a834751 5581 /* haven't decrypted this record yet */
wolfSSL 11:cee25a834751 5582 ssl->keys.decryptedCur = 0;
wolfSSL 11:cee25a834751 5583
wolfSSL 11:cee25a834751 5584 return 0;
wolfSSL 11:cee25a834751 5585 }
wolfSSL 11:cee25a834751 5586
wolfSSL 11:cee25a834751 5587
wolfSSL 11:cee25a834751 5588 static int GetHandShakeHeader(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
wolfSSL 11:cee25a834751 5589 byte *type, word32 *size, word32 totalSz)
wolfSSL 11:cee25a834751 5590 {
wolfSSL 11:cee25a834751 5591 const byte *ptr = input + *inOutIdx;
wolfSSL 11:cee25a834751 5592 (void)ssl;
wolfSSL 11:cee25a834751 5593
wolfSSL 11:cee25a834751 5594 *inOutIdx += HANDSHAKE_HEADER_SZ;
wolfSSL 11:cee25a834751 5595 if (*inOutIdx > totalSz)
wolfSSL 11:cee25a834751 5596 return BUFFER_E;
wolfSSL 11:cee25a834751 5597
wolfSSL 11:cee25a834751 5598 *type = ptr[0];
wolfSSL 11:cee25a834751 5599 c24to32(&ptr[1], size);
wolfSSL 11:cee25a834751 5600
wolfSSL 11:cee25a834751 5601 return 0;
wolfSSL 11:cee25a834751 5602 }
wolfSSL 11:cee25a834751 5603
wolfSSL 11:cee25a834751 5604
wolfSSL 11:cee25a834751 5605 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 5606 static int GetDtlsHandShakeHeader(WOLFSSL* ssl, const byte* input,
wolfSSL 11:cee25a834751 5607 word32* inOutIdx, byte *type, word32 *size,
wolfSSL 11:cee25a834751 5608 word32 *fragOffset, word32 *fragSz,
wolfSSL 11:cee25a834751 5609 word32 totalSz)
wolfSSL 11:cee25a834751 5610 {
wolfSSL 11:cee25a834751 5611 word32 idx = *inOutIdx;
wolfSSL 11:cee25a834751 5612
wolfSSL 11:cee25a834751 5613 *inOutIdx += HANDSHAKE_HEADER_SZ + DTLS_HANDSHAKE_EXTRA;
wolfSSL 11:cee25a834751 5614 if (*inOutIdx > totalSz)
wolfSSL 11:cee25a834751 5615 return BUFFER_E;
wolfSSL 11:cee25a834751 5616
wolfSSL 11:cee25a834751 5617 *type = input[idx++];
wolfSSL 11:cee25a834751 5618 c24to32(input + idx, size);
wolfSSL 11:cee25a834751 5619 idx += OPAQUE24_LEN;
wolfSSL 11:cee25a834751 5620
wolfSSL 11:cee25a834751 5621 ato16(input + idx, &ssl->keys.dtls_peer_handshake_number);
wolfSSL 11:cee25a834751 5622 idx += DTLS_HANDSHAKE_SEQ_SZ;
wolfSSL 11:cee25a834751 5623
wolfSSL 11:cee25a834751 5624 c24to32(input + idx, fragOffset);
wolfSSL 11:cee25a834751 5625 idx += DTLS_HANDSHAKE_FRAG_SZ;
wolfSSL 11:cee25a834751 5626 c24to32(input + idx, fragSz);
wolfSSL 11:cee25a834751 5627
wolfSSL 11:cee25a834751 5628 if (ssl->curRL.pvMajor != ssl->version.major ||
wolfSSL 11:cee25a834751 5629 ssl->curRL.pvMinor != ssl->version.minor) {
wolfSSL 11:cee25a834751 5630
wolfSSL 11:cee25a834751 5631 if (*type != client_hello && *type != hello_verify_request)
wolfSSL 11:cee25a834751 5632 return VERSION_ERROR;
wolfSSL 11:cee25a834751 5633 else {
wolfSSL 11:cee25a834751 5634 WOLFSSL_MSG("DTLS Handshake ignoring hello or verify version");
wolfSSL 11:cee25a834751 5635 }
wolfSSL 11:cee25a834751 5636 }
wolfSSL 11:cee25a834751 5637 return 0;
wolfSSL 11:cee25a834751 5638 }
wolfSSL 11:cee25a834751 5639 #endif
wolfSSL 11:cee25a834751 5640
wolfSSL 11:cee25a834751 5641
wolfSSL 11:cee25a834751 5642 #if !defined(NO_OLD_TLS) || \
wolfSSL 11:cee25a834751 5643 (defined(NO_OLD_TLS) && defined(WOLFSSL_ALLOW_TLS_SHA1))
wolfSSL 11:cee25a834751 5644 /* fill with MD5 pad size since biggest required */
wolfSSL 11:cee25a834751 5645 static const byte PAD1[PAD_MD5] =
wolfSSL 11:cee25a834751 5646 { 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
wolfSSL 11:cee25a834751 5647 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
wolfSSL 11:cee25a834751 5648 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
wolfSSL 11:cee25a834751 5649 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
wolfSSL 11:cee25a834751 5650 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36,
wolfSSL 11:cee25a834751 5651 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36
wolfSSL 11:cee25a834751 5652 };
wolfSSL 11:cee25a834751 5653 static const byte PAD2[PAD_MD5] =
wolfSSL 11:cee25a834751 5654 { 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
wolfSSL 11:cee25a834751 5655 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
wolfSSL 11:cee25a834751 5656 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
wolfSSL 11:cee25a834751 5657 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
wolfSSL 11:cee25a834751 5658 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c,
wolfSSL 11:cee25a834751 5659 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c, 0x5c
wolfSSL 11:cee25a834751 5660 };
wolfSSL 11:cee25a834751 5661 #endif /* !NO_OLD_TLS || (NO_OLD_TLS && WOLFSSL_ALLOW_TLS_SHA1) */
wolfSSL 11:cee25a834751 5662
wolfSSL 11:cee25a834751 5663 #ifndef NO_OLD_TLS
wolfSSL 11:cee25a834751 5664
wolfSSL 11:cee25a834751 5665 /* calculate MD5 hash for finished */
wolfSSL 11:cee25a834751 5666 #ifdef WOLFSSL_TI_HASH
wolfSSL 11:cee25a834751 5667 #include <wolfssl/wolfcrypt/hash.h>
wolfSSL 11:cee25a834751 5668 #endif
wolfSSL 11:cee25a834751 5669
wolfSSL 11:cee25a834751 5670 static int BuildMD5(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
wolfSSL 11:cee25a834751 5671 {
wolfSSL 11:cee25a834751 5672 int ret;
wolfSSL 11:cee25a834751 5673 byte md5_result[MD5_DIGEST_SIZE];
wolfSSL 11:cee25a834751 5674 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 5675 Md5* md5 = (Md5*)XMALLOC(sizeof(Md5), ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 5676 if (md5 == NULL)
wolfSSL 11:cee25a834751 5677 return MEMORY_E;
wolfSSL 11:cee25a834751 5678 #else
wolfSSL 11:cee25a834751 5679 Md5 md5[1];
wolfSSL 11:cee25a834751 5680 #endif
wolfSSL 11:cee25a834751 5681
wolfSSL 11:cee25a834751 5682 /* make md5 inner */
wolfSSL 11:cee25a834751 5683 ret = wc_Md5Copy(&ssl->hsHashes->hashMd5, md5);
wolfSSL 11:cee25a834751 5684 if (ret == 0)
wolfSSL 11:cee25a834751 5685 ret = wc_Md5Update(md5, sender, SIZEOF_SENDER);
wolfSSL 11:cee25a834751 5686 if (ret == 0)
wolfSSL 11:cee25a834751 5687 ret = wc_Md5Update(md5, ssl->arrays->masterSecret,SECRET_LEN);
wolfSSL 11:cee25a834751 5688 if (ret == 0)
wolfSSL 11:cee25a834751 5689 ret = wc_Md5Update(md5, PAD1, PAD_MD5);
wolfSSL 11:cee25a834751 5690 if (ret == 0)
wolfSSL 11:cee25a834751 5691 ret = wc_Md5Final(md5, md5_result);
wolfSSL 11:cee25a834751 5692
wolfSSL 11:cee25a834751 5693 /* make md5 outer */
wolfSSL 11:cee25a834751 5694 if (ret == 0) {
wolfSSL 11:cee25a834751 5695 ret = wc_InitMd5_ex(md5, ssl->heap, ssl->devId);
wolfSSL 11:cee25a834751 5696 if (ret == 0) {
wolfSSL 11:cee25a834751 5697 ret = wc_Md5Update(md5, ssl->arrays->masterSecret,SECRET_LEN);
wolfSSL 11:cee25a834751 5698 if (ret == 0)
wolfSSL 11:cee25a834751 5699 ret = wc_Md5Update(md5, PAD2, PAD_MD5);
wolfSSL 11:cee25a834751 5700 if (ret == 0)
wolfSSL 11:cee25a834751 5701 ret = wc_Md5Update(md5, md5_result, MD5_DIGEST_SIZE);
wolfSSL 11:cee25a834751 5702 if (ret == 0)
wolfSSL 11:cee25a834751 5703 ret = wc_Md5Final(md5, hashes->md5);
wolfSSL 11:cee25a834751 5704 wc_Md5Free(md5);
wolfSSL 11:cee25a834751 5705 }
wolfSSL 11:cee25a834751 5706 }
wolfSSL 11:cee25a834751 5707
wolfSSL 11:cee25a834751 5708 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 5709 XFREE(md5, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 5710 #endif
wolfSSL 11:cee25a834751 5711
wolfSSL 11:cee25a834751 5712 return ret;
wolfSSL 11:cee25a834751 5713 }
wolfSSL 11:cee25a834751 5714
wolfSSL 11:cee25a834751 5715
wolfSSL 11:cee25a834751 5716 /* calculate SHA hash for finished */
wolfSSL 11:cee25a834751 5717 static int BuildSHA(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
wolfSSL 11:cee25a834751 5718 {
wolfSSL 11:cee25a834751 5719 int ret;
wolfSSL 11:cee25a834751 5720 byte sha_result[SHA_DIGEST_SIZE];
wolfSSL 11:cee25a834751 5721 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 5722 Sha* sha = (Sha*)XMALLOC(sizeof(Sha), ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 5723 if (sha == NULL)
wolfSSL 11:cee25a834751 5724 return MEMORY_E;
wolfSSL 11:cee25a834751 5725 #else
wolfSSL 11:cee25a834751 5726 Sha sha[1];
wolfSSL 11:cee25a834751 5727 #endif
wolfSSL 11:cee25a834751 5728 /* make sha inner */
wolfSSL 11:cee25a834751 5729 ret = wc_ShaCopy(&ssl->hsHashes->hashSha, sha); /* Save current position */
wolfSSL 11:cee25a834751 5730 if (ret == 0)
wolfSSL 11:cee25a834751 5731 ret = wc_ShaUpdate(sha, sender, SIZEOF_SENDER);
wolfSSL 11:cee25a834751 5732 if (ret == 0)
wolfSSL 11:cee25a834751 5733 ret = wc_ShaUpdate(sha, ssl->arrays->masterSecret,SECRET_LEN);
wolfSSL 11:cee25a834751 5734 if (ret == 0)
wolfSSL 11:cee25a834751 5735 ret = wc_ShaUpdate(sha, PAD1, PAD_SHA);
wolfSSL 11:cee25a834751 5736 if (ret == 0)
wolfSSL 11:cee25a834751 5737 ret = wc_ShaFinal(sha, sha_result);
wolfSSL 11:cee25a834751 5738
wolfSSL 11:cee25a834751 5739 /* make sha outer */
wolfSSL 11:cee25a834751 5740 if (ret == 0) {
wolfSSL 11:cee25a834751 5741 ret = wc_InitSha_ex(sha, ssl->heap, ssl->devId);
wolfSSL 11:cee25a834751 5742 if (ret == 0) {
wolfSSL 11:cee25a834751 5743 ret = wc_ShaUpdate(sha, ssl->arrays->masterSecret,SECRET_LEN);
wolfSSL 11:cee25a834751 5744 if (ret == 0)
wolfSSL 11:cee25a834751 5745 ret = wc_ShaUpdate(sha, PAD2, PAD_SHA);
wolfSSL 11:cee25a834751 5746 if (ret == 0)
wolfSSL 11:cee25a834751 5747 ret = wc_ShaUpdate(sha, sha_result, SHA_DIGEST_SIZE);
wolfSSL 11:cee25a834751 5748 if (ret == 0)
wolfSSL 11:cee25a834751 5749 ret = wc_ShaFinal(sha, hashes->sha);
wolfSSL 11:cee25a834751 5750 wc_ShaFree(sha);
wolfSSL 11:cee25a834751 5751 }
wolfSSL 11:cee25a834751 5752 }
wolfSSL 11:cee25a834751 5753
wolfSSL 11:cee25a834751 5754 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 5755 XFREE(sha, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 5756 #endif
wolfSSL 11:cee25a834751 5757
wolfSSL 11:cee25a834751 5758 return ret;
wolfSSL 11:cee25a834751 5759 }
wolfSSL 11:cee25a834751 5760 #endif
wolfSSL 11:cee25a834751 5761
wolfSSL 11:cee25a834751 5762 /* Finished doesn't support SHA512, not SHA512 cipher suites yet */
wolfSSL 11:cee25a834751 5763 static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender)
wolfSSL 11:cee25a834751 5764 {
wolfSSL 11:cee25a834751 5765 int ret = 0;
wolfSSL 11:cee25a834751 5766 #ifdef WOLFSSL_SHA384
wolfSSL 11:cee25a834751 5767 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 5768 Sha384* sha384 = (Sha384*)XMALLOC(sizeof(Sha384), ssl->heap,
wolfSSL 11:cee25a834751 5769 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 5770 #else
wolfSSL 11:cee25a834751 5771 Sha384 sha384[1];
wolfSSL 11:cee25a834751 5772 #endif /* WOLFSSL_SMALL_STACK */
wolfSSL 11:cee25a834751 5773 #endif /* WOLFSSL_SHA384 */
wolfSSL 11:cee25a834751 5774
wolfSSL 11:cee25a834751 5775 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 5776 if (ssl == NULL
wolfSSL 11:cee25a834751 5777 #ifdef WOLFSSL_SHA384
wolfSSL 11:cee25a834751 5778 || sha384 == NULL
wolfSSL 11:cee25a834751 5779 #endif
wolfSSL 11:cee25a834751 5780 ) {
wolfSSL 11:cee25a834751 5781 #ifdef WOLFSSL_SHA384
wolfSSL 11:cee25a834751 5782 XFREE(sha384, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 5783 #endif
wolfSSL 11:cee25a834751 5784 return MEMORY_E;
wolfSSL 11:cee25a834751 5785 }
wolfSSL 11:cee25a834751 5786 #endif
wolfSSL 11:cee25a834751 5787
wolfSSL 11:cee25a834751 5788 /* store current states, building requires get_digest which resets state */
wolfSSL 11:cee25a834751 5789 #ifdef WOLFSSL_SHA384
wolfSSL 11:cee25a834751 5790 sha384[0] = ssl->hsHashes->hashSha384;
wolfSSL 11:cee25a834751 5791 #endif
wolfSSL 11:cee25a834751 5792
wolfSSL 11:cee25a834751 5793 #ifndef NO_TLS
wolfSSL 11:cee25a834751 5794 if (ssl->options.tls) {
wolfSSL 11:cee25a834751 5795 ret = BuildTlsFinished(ssl, hashes, sender);
wolfSSL 11:cee25a834751 5796 }
wolfSSL 11:cee25a834751 5797 #endif
wolfSSL 11:cee25a834751 5798 #ifndef NO_OLD_TLS
wolfSSL 11:cee25a834751 5799 if (!ssl->options.tls) {
wolfSSL 11:cee25a834751 5800 ret = BuildMD5(ssl, hashes, sender);
wolfSSL 11:cee25a834751 5801 if (ret == 0) {
wolfSSL 11:cee25a834751 5802 ret = BuildSHA(ssl, hashes, sender);
wolfSSL 11:cee25a834751 5803 }
wolfSSL 11:cee25a834751 5804 }
wolfSSL 11:cee25a834751 5805 #endif
wolfSSL 11:cee25a834751 5806
wolfSSL 11:cee25a834751 5807 /* restore */
wolfSSL 11:cee25a834751 5808 if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL 11:cee25a834751 5809 #ifdef WOLFSSL_SHA384
wolfSSL 11:cee25a834751 5810 ssl->hsHashes->hashSha384 = sha384[0];
wolfSSL 11:cee25a834751 5811 #endif
wolfSSL 11:cee25a834751 5812 }
wolfSSL 11:cee25a834751 5813
wolfSSL 11:cee25a834751 5814 #ifdef WOLFSSL_SHA384
wolfSSL 11:cee25a834751 5815 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 5816 XFREE(sha384, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 5817 #endif
wolfSSL 11:cee25a834751 5818 #endif
wolfSSL 11:cee25a834751 5819
wolfSSL 11:cee25a834751 5820 return ret;
wolfSSL 11:cee25a834751 5821 }
wolfSSL 11:cee25a834751 5822
wolfSSL 11:cee25a834751 5823
wolfSSL 11:cee25a834751 5824 /* cipher requirements */
wolfSSL 11:cee25a834751 5825 enum {
wolfSSL 11:cee25a834751 5826 REQUIRES_RSA,
wolfSSL 11:cee25a834751 5827 REQUIRES_DHE,
wolfSSL 11:cee25a834751 5828 REQUIRES_ECC,
wolfSSL 11:cee25a834751 5829 REQUIRES_ECC_STATIC,
wolfSSL 11:cee25a834751 5830 REQUIRES_PSK,
wolfSSL 11:cee25a834751 5831 REQUIRES_NTRU,
wolfSSL 11:cee25a834751 5832 REQUIRES_RSA_SIG
wolfSSL 11:cee25a834751 5833 };
wolfSSL 11:cee25a834751 5834
wolfSSL 11:cee25a834751 5835
wolfSSL 11:cee25a834751 5836
wolfSSL 11:cee25a834751 5837 /* Does this cipher suite (first, second) have the requirement
wolfSSL 11:cee25a834751 5838 an ephemeral key exchange will still require the key for signing
wolfSSL 11:cee25a834751 5839 the key exchange so ECHDE_RSA requires an rsa key thus rsa_kea */
wolfSSL 11:cee25a834751 5840 static int CipherRequires(byte first, byte second, int requirement)
wolfSSL 11:cee25a834751 5841 {
wolfSSL 11:cee25a834751 5842
wolfSSL 11:cee25a834751 5843 if (first == CHACHA_BYTE) {
wolfSSL 11:cee25a834751 5844
wolfSSL 11:cee25a834751 5845 switch (second) {
wolfSSL 11:cee25a834751 5846
wolfSSL 11:cee25a834751 5847 case TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 :
wolfSSL 11:cee25a834751 5848 if (requirement == REQUIRES_RSA)
wolfSSL 11:cee25a834751 5849 return 1;
wolfSSL 11:cee25a834751 5850 break;
wolfSSL 11:cee25a834751 5851
wolfSSL 11:cee25a834751 5852 case TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 :
wolfSSL 11:cee25a834751 5853 if (requirement == REQUIRES_ECC)
wolfSSL 11:cee25a834751 5854 return 1;
wolfSSL 11:cee25a834751 5855 break;
wolfSSL 11:cee25a834751 5856
wolfSSL 11:cee25a834751 5857 case TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 :
wolfSSL 11:cee25a834751 5858 if (requirement == REQUIRES_RSA)
wolfSSL 11:cee25a834751 5859 return 1;
wolfSSL 11:cee25a834751 5860 if (requirement == REQUIRES_DHE)
wolfSSL 11:cee25a834751 5861 return 1;
wolfSSL 11:cee25a834751 5862 break;
wolfSSL 11:cee25a834751 5863
wolfSSL 11:cee25a834751 5864 case TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 :
wolfSSL 11:cee25a834751 5865 if (requirement == REQUIRES_RSA)
wolfSSL 11:cee25a834751 5866 return 1;
wolfSSL 11:cee25a834751 5867 break;
wolfSSL 11:cee25a834751 5868
wolfSSL 11:cee25a834751 5869 case TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256 :
wolfSSL 11:cee25a834751 5870 if (requirement == REQUIRES_ECC)
wolfSSL 11:cee25a834751 5871 return 1;
wolfSSL 11:cee25a834751 5872 break;
wolfSSL 11:cee25a834751 5873
wolfSSL 11:cee25a834751 5874 case TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 :
wolfSSL 11:cee25a834751 5875 if (requirement == REQUIRES_RSA)
wolfSSL 11:cee25a834751 5876 return 1;
wolfSSL 11:cee25a834751 5877 if (requirement == REQUIRES_DHE)
wolfSSL 11:cee25a834751 5878 return 1;
wolfSSL 11:cee25a834751 5879 break;
wolfSSL 11:cee25a834751 5880
wolfSSL 11:cee25a834751 5881
wolfSSL 11:cee25a834751 5882 case TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 :
wolfSSL 11:cee25a834751 5883 if (requirement == REQUIRES_PSK)
wolfSSL 11:cee25a834751 5884 return 1;
wolfSSL 11:cee25a834751 5885 break;
wolfSSL 11:cee25a834751 5886
wolfSSL 11:cee25a834751 5887 case TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 :
wolfSSL 11:cee25a834751 5888 if (requirement == REQUIRES_PSK)
wolfSSL 11:cee25a834751 5889 return 1;
wolfSSL 11:cee25a834751 5890 break;
wolfSSL 11:cee25a834751 5891
wolfSSL 11:cee25a834751 5892 case TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 :
wolfSSL 11:cee25a834751 5893 if (requirement == REQUIRES_PSK)
wolfSSL 11:cee25a834751 5894 return 1;
wolfSSL 11:cee25a834751 5895 if (requirement == REQUIRES_DHE)
wolfSSL 11:cee25a834751 5896 return 1;
wolfSSL 11:cee25a834751 5897 break;
wolfSSL 11:cee25a834751 5898 }
wolfSSL 11:cee25a834751 5899 }
wolfSSL 11:cee25a834751 5900
wolfSSL 11:cee25a834751 5901 /* ECC extensions */
wolfSSL 11:cee25a834751 5902 if (first == ECC_BYTE) {
wolfSSL 11:cee25a834751 5903
wolfSSL 11:cee25a834751 5904 switch (second) {
wolfSSL 11:cee25a834751 5905
wolfSSL 11:cee25a834751 5906 #ifndef NO_RSA
wolfSSL 11:cee25a834751 5907 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA :
wolfSSL 11:cee25a834751 5908 if (requirement == REQUIRES_RSA)
wolfSSL 11:cee25a834751 5909 return 1;
wolfSSL 11:cee25a834751 5910 break;
wolfSSL 11:cee25a834751 5911
wolfSSL 11:cee25a834751 5912 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA :
wolfSSL 11:cee25a834751 5913 if (requirement == REQUIRES_ECC_STATIC)
wolfSSL 11:cee25a834751 5914 return 1;
wolfSSL 11:cee25a834751 5915 if (requirement == REQUIRES_RSA_SIG)
wolfSSL 11:cee25a834751 5916 return 1;
wolfSSL 11:cee25a834751 5917 break;
wolfSSL 11:cee25a834751 5918
wolfSSL 11:cee25a834751 5919 #ifndef NO_DES3
wolfSSL 11:cee25a834751 5920 case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA :
wolfSSL 11:cee25a834751 5921 if (requirement == REQUIRES_RSA)
wolfSSL 11:cee25a834751 5922 return 1;
wolfSSL 11:cee25a834751 5923 break;
wolfSSL 11:cee25a834751 5924
wolfSSL 11:cee25a834751 5925 case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA :
wolfSSL 11:cee25a834751 5926 if (requirement == REQUIRES_ECC_STATIC)
wolfSSL 11:cee25a834751 5927 return 1;
wolfSSL 11:cee25a834751 5928 if (requirement == REQUIRES_RSA_SIG)
wolfSSL 11:cee25a834751 5929 return 1;
wolfSSL 11:cee25a834751 5930 break;
wolfSSL 11:cee25a834751 5931 #endif
wolfSSL 11:cee25a834751 5932
wolfSSL 11:cee25a834751 5933 #ifndef NO_RC4
wolfSSL 11:cee25a834751 5934 case TLS_ECDHE_RSA_WITH_RC4_128_SHA :
wolfSSL 11:cee25a834751 5935 if (requirement == REQUIRES_RSA)
wolfSSL 11:cee25a834751 5936 return 1;
wolfSSL 11:cee25a834751 5937 break;
wolfSSL 11:cee25a834751 5938
wolfSSL 11:cee25a834751 5939 case TLS_ECDH_RSA_WITH_RC4_128_SHA :
wolfSSL 11:cee25a834751 5940 if (requirement == REQUIRES_ECC_STATIC)
wolfSSL 11:cee25a834751 5941 return 1;
wolfSSL 11:cee25a834751 5942 if (requirement == REQUIRES_RSA_SIG)
wolfSSL 11:cee25a834751 5943 return 1;
wolfSSL 11:cee25a834751 5944 break;
wolfSSL 11:cee25a834751 5945 #endif
wolfSSL 11:cee25a834751 5946 #endif /* NO_RSA */
wolfSSL 11:cee25a834751 5947
wolfSSL 11:cee25a834751 5948 #ifndef NO_DES3
wolfSSL 11:cee25a834751 5949 case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA :
wolfSSL 11:cee25a834751 5950 if (requirement == REQUIRES_ECC)
wolfSSL 11:cee25a834751 5951 return 1;
wolfSSL 11:cee25a834751 5952 break;
wolfSSL 11:cee25a834751 5953
wolfSSL 11:cee25a834751 5954 case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA :
wolfSSL 11:cee25a834751 5955 if (requirement == REQUIRES_ECC_STATIC)
wolfSSL 11:cee25a834751 5956 return 1;
wolfSSL 11:cee25a834751 5957 break;
wolfSSL 11:cee25a834751 5958 #endif
wolfSSL 11:cee25a834751 5959 #ifndef NO_RC4
wolfSSL 11:cee25a834751 5960 case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA :
wolfSSL 11:cee25a834751 5961 if (requirement == REQUIRES_ECC)
wolfSSL 11:cee25a834751 5962 return 1;
wolfSSL 11:cee25a834751 5963 break;
wolfSSL 11:cee25a834751 5964
wolfSSL 11:cee25a834751 5965 case TLS_ECDH_ECDSA_WITH_RC4_128_SHA :
wolfSSL 11:cee25a834751 5966 if (requirement == REQUIRES_ECC_STATIC)
wolfSSL 11:cee25a834751 5967 return 1;
wolfSSL 11:cee25a834751 5968 break;
wolfSSL 11:cee25a834751 5969 #endif
wolfSSL 11:cee25a834751 5970 #ifndef NO_RSA
wolfSSL 11:cee25a834751 5971 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA :
wolfSSL 11:cee25a834751 5972 if (requirement == REQUIRES_RSA)
wolfSSL 11:cee25a834751 5973 return 1;
wolfSSL 11:cee25a834751 5974 break;
wolfSSL 11:cee25a834751 5975
wolfSSL 11:cee25a834751 5976 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA :
wolfSSL 11:cee25a834751 5977 if (requirement == REQUIRES_ECC_STATIC)
wolfSSL 11:cee25a834751 5978 return 1;
wolfSSL 11:cee25a834751 5979 if (requirement == REQUIRES_RSA_SIG)
wolfSSL 11:cee25a834751 5980 return 1;
wolfSSL 11:cee25a834751 5981 break;
wolfSSL 11:cee25a834751 5982 #endif
wolfSSL 11:cee25a834751 5983
wolfSSL 11:cee25a834751 5984 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA :
wolfSSL 11:cee25a834751 5985 if (requirement == REQUIRES_ECC)
wolfSSL 11:cee25a834751 5986 return 1;
wolfSSL 11:cee25a834751 5987 break;
wolfSSL 11:cee25a834751 5988
wolfSSL 11:cee25a834751 5989 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA :
wolfSSL 11:cee25a834751 5990 if (requirement == REQUIRES_ECC_STATIC)
wolfSSL 11:cee25a834751 5991 return 1;
wolfSSL 11:cee25a834751 5992 break;
wolfSSL 11:cee25a834751 5993
wolfSSL 11:cee25a834751 5994 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA :
wolfSSL 11:cee25a834751 5995 if (requirement == REQUIRES_ECC)
wolfSSL 11:cee25a834751 5996 return 1;
wolfSSL 11:cee25a834751 5997 break;
wolfSSL 11:cee25a834751 5998
wolfSSL 11:cee25a834751 5999 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA :
wolfSSL 11:cee25a834751 6000 if (requirement == REQUIRES_ECC_STATIC)
wolfSSL 11:cee25a834751 6001 return 1;
wolfSSL 11:cee25a834751 6002 break;
wolfSSL 11:cee25a834751 6003
wolfSSL 11:cee25a834751 6004 case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 :
wolfSSL 11:cee25a834751 6005 if (requirement == REQUIRES_ECC)
wolfSSL 11:cee25a834751 6006 return 1;
wolfSSL 11:cee25a834751 6007 break;
wolfSSL 11:cee25a834751 6008
wolfSSL 11:cee25a834751 6009 case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 :
wolfSSL 11:cee25a834751 6010 if (requirement == REQUIRES_ECC)
wolfSSL 11:cee25a834751 6011 return 1;
wolfSSL 11:cee25a834751 6012 break;
wolfSSL 11:cee25a834751 6013
wolfSSL 11:cee25a834751 6014 case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 :
wolfSSL 11:cee25a834751 6015 if (requirement == REQUIRES_ECC_STATIC)
wolfSSL 11:cee25a834751 6016 return 1;
wolfSSL 11:cee25a834751 6017 break;
wolfSSL 11:cee25a834751 6018
wolfSSL 11:cee25a834751 6019 case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 :
wolfSSL 11:cee25a834751 6020 if (requirement == REQUIRES_ECC_STATIC)
wolfSSL 11:cee25a834751 6021 return 1;
wolfSSL 11:cee25a834751 6022 break;
wolfSSL 11:cee25a834751 6023
wolfSSL 11:cee25a834751 6024 #ifndef NO_RSA
wolfSSL 11:cee25a834751 6025 case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 :
wolfSSL 11:cee25a834751 6026 if (requirement == REQUIRES_RSA)
wolfSSL 11:cee25a834751 6027 return 1;
wolfSSL 11:cee25a834751 6028 break;
wolfSSL 11:cee25a834751 6029
wolfSSL 11:cee25a834751 6030 case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 :
wolfSSL 11:cee25a834751 6031 if (requirement == REQUIRES_RSA)
wolfSSL 11:cee25a834751 6032 return 1;
wolfSSL 11:cee25a834751 6033 break;
wolfSSL 11:cee25a834751 6034
wolfSSL 11:cee25a834751 6035 case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 :
wolfSSL 11:cee25a834751 6036 if (requirement == REQUIRES_ECC_STATIC)
wolfSSL 11:cee25a834751 6037 return 1;
wolfSSL 11:cee25a834751 6038 if (requirement == REQUIRES_RSA_SIG)
wolfSSL 11:cee25a834751 6039 return 1;
wolfSSL 11:cee25a834751 6040 break;
wolfSSL 11:cee25a834751 6041
wolfSSL 11:cee25a834751 6042 case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 :
wolfSSL 11:cee25a834751 6043 if (requirement == REQUIRES_ECC_STATIC)
wolfSSL 11:cee25a834751 6044 return 1;
wolfSSL 11:cee25a834751 6045 if (requirement == REQUIRES_RSA_SIG)
wolfSSL 11:cee25a834751 6046 return 1;
wolfSSL 11:cee25a834751 6047 break;
wolfSSL 11:cee25a834751 6048
wolfSSL 11:cee25a834751 6049 case TLS_RSA_WITH_AES_128_CCM_8 :
wolfSSL 11:cee25a834751 6050 case TLS_RSA_WITH_AES_256_CCM_8 :
wolfSSL 11:cee25a834751 6051 if (requirement == REQUIRES_RSA)
wolfSSL 11:cee25a834751 6052 return 1;
wolfSSL 11:cee25a834751 6053 if (requirement == REQUIRES_RSA_SIG)
wolfSSL 11:cee25a834751 6054 return 1;
wolfSSL 11:cee25a834751 6055 break;
wolfSSL 11:cee25a834751 6056
wolfSSL 11:cee25a834751 6057 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 :
wolfSSL 11:cee25a834751 6058 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 :
wolfSSL 11:cee25a834751 6059 if (requirement == REQUIRES_RSA)
wolfSSL 11:cee25a834751 6060 return 1;
wolfSSL 11:cee25a834751 6061 break;
wolfSSL 11:cee25a834751 6062
wolfSSL 11:cee25a834751 6063 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 :
wolfSSL 11:cee25a834751 6064 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 :
wolfSSL 11:cee25a834751 6065 if (requirement == REQUIRES_RSA_SIG)
wolfSSL 11:cee25a834751 6066 return 1;
wolfSSL 11:cee25a834751 6067 if (requirement == REQUIRES_ECC_STATIC)
wolfSSL 11:cee25a834751 6068 return 1;
wolfSSL 11:cee25a834751 6069 break;
wolfSSL 11:cee25a834751 6070 #endif
wolfSSL 11:cee25a834751 6071
wolfSSL 11:cee25a834751 6072 case TLS_ECDHE_ECDSA_WITH_AES_128_CCM :
wolfSSL 11:cee25a834751 6073 case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 :
wolfSSL 11:cee25a834751 6074 case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 :
wolfSSL 11:cee25a834751 6075 if (requirement == REQUIRES_ECC)
wolfSSL 11:cee25a834751 6076 return 1;
wolfSSL 11:cee25a834751 6077 break;
wolfSSL 11:cee25a834751 6078
wolfSSL 11:cee25a834751 6079 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 :
wolfSSL 11:cee25a834751 6080 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 :
wolfSSL 11:cee25a834751 6081 if (requirement == REQUIRES_ECC)
wolfSSL 11:cee25a834751 6082 return 1;
wolfSSL 11:cee25a834751 6083 break;
wolfSSL 11:cee25a834751 6084
wolfSSL 11:cee25a834751 6085 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 :
wolfSSL 11:cee25a834751 6086 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 :
wolfSSL 11:cee25a834751 6087 if (requirement == REQUIRES_ECC)
wolfSSL 11:cee25a834751 6088 return 1;
wolfSSL 11:cee25a834751 6089 if (requirement == REQUIRES_ECC_STATIC)
wolfSSL 11:cee25a834751 6090 return 1;
wolfSSL 11:cee25a834751 6091 break;
wolfSSL 11:cee25a834751 6092
wolfSSL 11:cee25a834751 6093 case TLS_PSK_WITH_AES_128_CCM:
wolfSSL 11:cee25a834751 6094 case TLS_PSK_WITH_AES_256_CCM:
wolfSSL 11:cee25a834751 6095 case TLS_PSK_WITH_AES_128_CCM_8:
wolfSSL 11:cee25a834751 6096 case TLS_PSK_WITH_AES_256_CCM_8:
wolfSSL 11:cee25a834751 6097 if (requirement == REQUIRES_PSK)
wolfSSL 11:cee25a834751 6098 return 1;
wolfSSL 11:cee25a834751 6099 break;
wolfSSL 11:cee25a834751 6100
wolfSSL 11:cee25a834751 6101 case TLS_DHE_PSK_WITH_AES_128_CCM:
wolfSSL 11:cee25a834751 6102 case TLS_DHE_PSK_WITH_AES_256_CCM:
wolfSSL 11:cee25a834751 6103 if (requirement == REQUIRES_PSK)
wolfSSL 11:cee25a834751 6104 return 1;
wolfSSL 11:cee25a834751 6105 if (requirement == REQUIRES_DHE)
wolfSSL 11:cee25a834751 6106 return 1;
wolfSSL 11:cee25a834751 6107 break;
wolfSSL 11:cee25a834751 6108
wolfSSL 11:cee25a834751 6109 case TLS_ECDHE_ECDSA_WITH_NULL_SHA :
wolfSSL 11:cee25a834751 6110 if (requirement == REQUIRES_ECC)
wolfSSL 11:cee25a834751 6111 return 1;
wolfSSL 11:cee25a834751 6112 break;
wolfSSL 11:cee25a834751 6113
wolfSSL 11:cee25a834751 6114 case TLS_ECDHE_PSK_WITH_NULL_SHA256 :
wolfSSL 11:cee25a834751 6115 if (requirement == REQUIRES_PSK)
wolfSSL 11:cee25a834751 6116 return 1;
wolfSSL 11:cee25a834751 6117 break;
wolfSSL 11:cee25a834751 6118
wolfSSL 11:cee25a834751 6119 case TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 :
wolfSSL 11:cee25a834751 6120 if (requirement == REQUIRES_PSK)
wolfSSL 11:cee25a834751 6121 return 1;
wolfSSL 11:cee25a834751 6122 break;
wolfSSL 11:cee25a834751 6123
wolfSSL 11:cee25a834751 6124 default:
wolfSSL 11:cee25a834751 6125 WOLFSSL_MSG("Unsupported cipher suite, CipherRequires ECC");
wolfSSL 11:cee25a834751 6126 return 0;
wolfSSL 11:cee25a834751 6127 } /* switch */
wolfSSL 11:cee25a834751 6128 } /* if */
wolfSSL 11:cee25a834751 6129 if (first != ECC_BYTE && first != CHACHA_BYTE) { /* normal suites */
wolfSSL 11:cee25a834751 6130 switch (second) {
wolfSSL 11:cee25a834751 6131
wolfSSL 11:cee25a834751 6132 #ifndef NO_RSA
wolfSSL 11:cee25a834751 6133 case SSL_RSA_WITH_RC4_128_SHA :
wolfSSL 11:cee25a834751 6134 if (requirement == REQUIRES_RSA)
wolfSSL 11:cee25a834751 6135 return 1;
wolfSSL 11:cee25a834751 6136 break;
wolfSSL 11:cee25a834751 6137
wolfSSL 11:cee25a834751 6138 case SSL_RSA_WITH_RC4_128_MD5 :
wolfSSL 11:cee25a834751 6139 if (requirement == REQUIRES_RSA)
wolfSSL 11:cee25a834751 6140 return 1;
wolfSSL 11:cee25a834751 6141 break;
wolfSSL 11:cee25a834751 6142
wolfSSL 11:cee25a834751 6143 case SSL_RSA_WITH_3DES_EDE_CBC_SHA :
wolfSSL 11:cee25a834751 6144 if (requirement == REQUIRES_RSA)
wolfSSL 11:cee25a834751 6145 return 1;
wolfSSL 11:cee25a834751 6146 break;
wolfSSL 11:cee25a834751 6147
wolfSSL 11:cee25a834751 6148 case TLS_NTRU_RSA_WITH_RC4_128_SHA :
wolfSSL 11:cee25a834751 6149 if (requirement == REQUIRES_NTRU)
wolfSSL 11:cee25a834751 6150 return 1;
wolfSSL 11:cee25a834751 6151 break;
wolfSSL 11:cee25a834751 6152
wolfSSL 11:cee25a834751 6153 case TLS_RSA_WITH_AES_128_CBC_SHA :
wolfSSL 11:cee25a834751 6154 if (requirement == REQUIRES_RSA)
wolfSSL 11:cee25a834751 6155 return 1;
wolfSSL 11:cee25a834751 6156 break;
wolfSSL 11:cee25a834751 6157
wolfSSL 11:cee25a834751 6158 case TLS_RSA_WITH_AES_128_CBC_SHA256 :
wolfSSL 11:cee25a834751 6159 if (requirement == REQUIRES_RSA)
wolfSSL 11:cee25a834751 6160 return 1;
wolfSSL 11:cee25a834751 6161 break;
wolfSSL 11:cee25a834751 6162
wolfSSL 11:cee25a834751 6163 case TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA :
wolfSSL 11:cee25a834751 6164 if (requirement == REQUIRES_NTRU)
wolfSSL 11:cee25a834751 6165 return 1;
wolfSSL 11:cee25a834751 6166 break;
wolfSSL 11:cee25a834751 6167
wolfSSL 11:cee25a834751 6168 case TLS_RSA_WITH_AES_256_CBC_SHA :
wolfSSL 11:cee25a834751 6169 if (requirement == REQUIRES_RSA)
wolfSSL 11:cee25a834751 6170 return 1;
wolfSSL 11:cee25a834751 6171 break;
wolfSSL 11:cee25a834751 6172
wolfSSL 11:cee25a834751 6173 case TLS_NTRU_RSA_WITH_AES_128_CBC_SHA :
wolfSSL 11:cee25a834751 6174 if (requirement == REQUIRES_NTRU)
wolfSSL 11:cee25a834751 6175 return 1;
wolfSSL 11:cee25a834751 6176 break;
wolfSSL 11:cee25a834751 6177
wolfSSL 11:cee25a834751 6178 case TLS_RSA_WITH_AES_256_CBC_SHA256 :
wolfSSL 11:cee25a834751 6179 if (requirement == REQUIRES_RSA)
wolfSSL 11:cee25a834751 6180 return 1;
wolfSSL 11:cee25a834751 6181 break;
wolfSSL 11:cee25a834751 6182
wolfSSL 11:cee25a834751 6183 case TLS_RSA_WITH_NULL_SHA :
wolfSSL 11:cee25a834751 6184 case TLS_RSA_WITH_NULL_SHA256 :
wolfSSL 11:cee25a834751 6185 if (requirement == REQUIRES_RSA)
wolfSSL 11:cee25a834751 6186 return 1;
wolfSSL 11:cee25a834751 6187 break;
wolfSSL 11:cee25a834751 6188
wolfSSL 11:cee25a834751 6189 case TLS_NTRU_RSA_WITH_AES_256_CBC_SHA :
wolfSSL 11:cee25a834751 6190 if (requirement == REQUIRES_NTRU)
wolfSSL 11:cee25a834751 6191 return 1;
wolfSSL 11:cee25a834751 6192 break;
wolfSSL 11:cee25a834751 6193
wolfSSL 11:cee25a834751 6194 case SSL_RSA_WITH_IDEA_CBC_SHA :
wolfSSL 11:cee25a834751 6195 if (requirement == REQUIRES_RSA)
wolfSSL 11:cee25a834751 6196 return 1;
wolfSSL 11:cee25a834751 6197 break;
wolfSSL 11:cee25a834751 6198 #endif
wolfSSL 11:cee25a834751 6199
wolfSSL 11:cee25a834751 6200 case TLS_PSK_WITH_AES_128_GCM_SHA256 :
wolfSSL 11:cee25a834751 6201 case TLS_PSK_WITH_AES_256_GCM_SHA384 :
wolfSSL 11:cee25a834751 6202 case TLS_PSK_WITH_AES_128_CBC_SHA256 :
wolfSSL 11:cee25a834751 6203 case TLS_PSK_WITH_AES_256_CBC_SHA384 :
wolfSSL 11:cee25a834751 6204 case TLS_PSK_WITH_AES_128_CBC_SHA :
wolfSSL 11:cee25a834751 6205 case TLS_PSK_WITH_AES_256_CBC_SHA :
wolfSSL 11:cee25a834751 6206 case TLS_PSK_WITH_NULL_SHA384 :
wolfSSL 11:cee25a834751 6207 case TLS_PSK_WITH_NULL_SHA256 :
wolfSSL 11:cee25a834751 6208 case TLS_PSK_WITH_NULL_SHA :
wolfSSL 11:cee25a834751 6209 if (requirement == REQUIRES_PSK)
wolfSSL 11:cee25a834751 6210 return 1;
wolfSSL 11:cee25a834751 6211 break;
wolfSSL 11:cee25a834751 6212
wolfSSL 11:cee25a834751 6213 case TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 :
wolfSSL 11:cee25a834751 6214 case TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 :
wolfSSL 11:cee25a834751 6215 case TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 :
wolfSSL 11:cee25a834751 6216 case TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 :
wolfSSL 11:cee25a834751 6217 case TLS_DHE_PSK_WITH_NULL_SHA384 :
wolfSSL 11:cee25a834751 6218 case TLS_DHE_PSK_WITH_NULL_SHA256 :
wolfSSL 11:cee25a834751 6219 if (requirement == REQUIRES_DHE)
wolfSSL 11:cee25a834751 6220 return 1;
wolfSSL 11:cee25a834751 6221 if (requirement == REQUIRES_PSK)
wolfSSL 11:cee25a834751 6222 return 1;
wolfSSL 11:cee25a834751 6223 break;
wolfSSL 11:cee25a834751 6224
wolfSSL 11:cee25a834751 6225 #ifndef NO_RSA
wolfSSL 11:cee25a834751 6226 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 :
wolfSSL 11:cee25a834751 6227 if (requirement == REQUIRES_RSA)
wolfSSL 11:cee25a834751 6228 return 1;
wolfSSL 11:cee25a834751 6229 if (requirement == REQUIRES_DHE)
wolfSSL 11:cee25a834751 6230 return 1;
wolfSSL 11:cee25a834751 6231 break;
wolfSSL 11:cee25a834751 6232
wolfSSL 11:cee25a834751 6233 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 :
wolfSSL 11:cee25a834751 6234 if (requirement == REQUIRES_RSA)
wolfSSL 11:cee25a834751 6235 return 1;
wolfSSL 11:cee25a834751 6236 if (requirement == REQUIRES_DHE)
wolfSSL 11:cee25a834751 6237 return 1;
wolfSSL 11:cee25a834751 6238 break;
wolfSSL 11:cee25a834751 6239
wolfSSL 11:cee25a834751 6240 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA :
wolfSSL 11:cee25a834751 6241 if (requirement == REQUIRES_RSA)
wolfSSL 11:cee25a834751 6242 return 1;
wolfSSL 11:cee25a834751 6243 if (requirement == REQUIRES_DHE)
wolfSSL 11:cee25a834751 6244 return 1;
wolfSSL 11:cee25a834751 6245 break;
wolfSSL 11:cee25a834751 6246
wolfSSL 11:cee25a834751 6247 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA :
wolfSSL 11:cee25a834751 6248 if (requirement == REQUIRES_RSA)
wolfSSL 11:cee25a834751 6249 return 1;
wolfSSL 11:cee25a834751 6250 if (requirement == REQUIRES_DHE)
wolfSSL 11:cee25a834751 6251 return 1;
wolfSSL 11:cee25a834751 6252 break;
wolfSSL 11:cee25a834751 6253
wolfSSL 11:cee25a834751 6254 case TLS_RSA_WITH_HC_128_MD5 :
wolfSSL 11:cee25a834751 6255 if (requirement == REQUIRES_RSA)
wolfSSL 11:cee25a834751 6256 return 1;
wolfSSL 11:cee25a834751 6257 break;
wolfSSL 11:cee25a834751 6258
wolfSSL 11:cee25a834751 6259 case TLS_RSA_WITH_HC_128_SHA :
wolfSSL 11:cee25a834751 6260 if (requirement == REQUIRES_RSA)
wolfSSL 11:cee25a834751 6261 return 1;
wolfSSL 11:cee25a834751 6262 break;
wolfSSL 11:cee25a834751 6263
wolfSSL 11:cee25a834751 6264 case TLS_RSA_WITH_HC_128_B2B256:
wolfSSL 11:cee25a834751 6265 if (requirement == REQUIRES_RSA)
wolfSSL 11:cee25a834751 6266 return 1;
wolfSSL 11:cee25a834751 6267 break;
wolfSSL 11:cee25a834751 6268
wolfSSL 11:cee25a834751 6269 case TLS_RSA_WITH_AES_128_CBC_B2B256:
wolfSSL 11:cee25a834751 6270 case TLS_RSA_WITH_AES_256_CBC_B2B256:
wolfSSL 11:cee25a834751 6271 if (requirement == REQUIRES_RSA)
wolfSSL 11:cee25a834751 6272 return 1;
wolfSSL 11:cee25a834751 6273 break;
wolfSSL 11:cee25a834751 6274
wolfSSL 11:cee25a834751 6275 case TLS_RSA_WITH_RABBIT_SHA :
wolfSSL 11:cee25a834751 6276 if (requirement == REQUIRES_RSA)
wolfSSL 11:cee25a834751 6277 return 1;
wolfSSL 11:cee25a834751 6278 break;
wolfSSL 11:cee25a834751 6279
wolfSSL 11:cee25a834751 6280 case TLS_RSA_WITH_AES_128_GCM_SHA256 :
wolfSSL 11:cee25a834751 6281 case TLS_RSA_WITH_AES_256_GCM_SHA384 :
wolfSSL 11:cee25a834751 6282 if (requirement == REQUIRES_RSA)
wolfSSL 11:cee25a834751 6283 return 1;
wolfSSL 11:cee25a834751 6284 break;
wolfSSL 11:cee25a834751 6285
wolfSSL 11:cee25a834751 6286 case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 :
wolfSSL 11:cee25a834751 6287 case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 :
wolfSSL 11:cee25a834751 6288 if (requirement == REQUIRES_RSA)
wolfSSL 11:cee25a834751 6289 return 1;
wolfSSL 11:cee25a834751 6290 if (requirement == REQUIRES_DHE)
wolfSSL 11:cee25a834751 6291 return 1;
wolfSSL 11:cee25a834751 6292 break;
wolfSSL 11:cee25a834751 6293
wolfSSL 11:cee25a834751 6294 case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA :
wolfSSL 11:cee25a834751 6295 case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA :
wolfSSL 11:cee25a834751 6296 case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 :
wolfSSL 11:cee25a834751 6297 case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 :
wolfSSL 11:cee25a834751 6298 if (requirement == REQUIRES_RSA)
wolfSSL 11:cee25a834751 6299 return 1;
wolfSSL 11:cee25a834751 6300 break;
wolfSSL 11:cee25a834751 6301
wolfSSL 11:cee25a834751 6302 case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA :
wolfSSL 11:cee25a834751 6303 case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA :
wolfSSL 11:cee25a834751 6304 case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 :
wolfSSL 11:cee25a834751 6305 case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 :
wolfSSL 11:cee25a834751 6306 if (requirement == REQUIRES_RSA)
wolfSSL 11:cee25a834751 6307 return 1;
wolfSSL 11:cee25a834751 6308 if (requirement == REQUIRES_RSA_SIG)
wolfSSL 11:cee25a834751 6309 return 1;
wolfSSL 11:cee25a834751 6310 if (requirement == REQUIRES_DHE)
wolfSSL 11:cee25a834751 6311 return 1;
wolfSSL 11:cee25a834751 6312 break;
wolfSSL 11:cee25a834751 6313
wolfSSL 11:cee25a834751 6314 case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA:
wolfSSL 11:cee25a834751 6315 if (requirement == REQUIRES_RSA)
wolfSSL 11:cee25a834751 6316 return 1;
wolfSSL 11:cee25a834751 6317 if (requirement == REQUIRES_RSA_SIG)
wolfSSL 11:cee25a834751 6318 return 1;
wolfSSL 11:cee25a834751 6319 if (requirement == REQUIRES_DHE)
wolfSSL 11:cee25a834751 6320 return 1;
wolfSSL 11:cee25a834751 6321 break;
wolfSSL 11:cee25a834751 6322 #endif
wolfSSL 11:cee25a834751 6323 #ifdef HAVE_ANON
wolfSSL 11:cee25a834751 6324 case TLS_DH_anon_WITH_AES_128_CBC_SHA :
wolfSSL 11:cee25a834751 6325 if (requirement == REQUIRES_DHE)
wolfSSL 11:cee25a834751 6326 return 1;
wolfSSL 11:cee25a834751 6327 break;
wolfSSL 11:cee25a834751 6328 #endif
wolfSSL 11:cee25a834751 6329
wolfSSL 11:cee25a834751 6330 default:
wolfSSL 11:cee25a834751 6331 WOLFSSL_MSG("Unsupported cipher suite, CipherRequires");
wolfSSL 11:cee25a834751 6332 return 0;
wolfSSL 11:cee25a834751 6333 } /* switch */
wolfSSL 11:cee25a834751 6334 } /* if ECC / Normal suites else */
wolfSSL 11:cee25a834751 6335
wolfSSL 11:cee25a834751 6336 return 0;
wolfSSL 11:cee25a834751 6337 }
wolfSSL 11:cee25a834751 6338
wolfSSL 11:cee25a834751 6339
wolfSSL 11:cee25a834751 6340 #ifndef NO_CERTS
wolfSSL 11:cee25a834751 6341
wolfSSL 11:cee25a834751 6342
wolfSSL 11:cee25a834751 6343 /* Match names with wildcards, each wildcard can represent a single name
wolfSSL 11:cee25a834751 6344 component or fragment but not mulitple names, i.e.,
wolfSSL 11:cee25a834751 6345 *.z.com matches y.z.com but not x.y.z.com
wolfSSL 11:cee25a834751 6346
wolfSSL 11:cee25a834751 6347 return 1 on success */
wolfSSL 11:cee25a834751 6348 static int MatchDomainName(const char* pattern, int len, const char* str)
wolfSSL 11:cee25a834751 6349 {
wolfSSL 11:cee25a834751 6350 char p, s;
wolfSSL 11:cee25a834751 6351
wolfSSL 11:cee25a834751 6352 if (pattern == NULL || str == NULL || len <= 0)
wolfSSL 11:cee25a834751 6353 return 0;
wolfSSL 11:cee25a834751 6354
wolfSSL 11:cee25a834751 6355 while (len > 0) {
wolfSSL 11:cee25a834751 6356
wolfSSL 11:cee25a834751 6357 p = (char)XTOLOWER((unsigned char)*pattern++);
wolfSSL 11:cee25a834751 6358 if (p == 0)
wolfSSL 11:cee25a834751 6359 break;
wolfSSL 11:cee25a834751 6360
wolfSSL 11:cee25a834751 6361 if (p == '*') {
wolfSSL 11:cee25a834751 6362 while (--len > 0 &&
wolfSSL 11:cee25a834751 6363 (p = (char)XTOLOWER((unsigned char)*pattern++)) == '*') {
wolfSSL 11:cee25a834751 6364 }
wolfSSL 11:cee25a834751 6365
wolfSSL 11:cee25a834751 6366 if (len == 0)
wolfSSL 11:cee25a834751 6367 p = '\0';
wolfSSL 11:cee25a834751 6368
wolfSSL 11:cee25a834751 6369 while ( (s = (char)XTOLOWER((unsigned char) *str)) != '\0') {
wolfSSL 11:cee25a834751 6370 if (s == p)
wolfSSL 11:cee25a834751 6371 break;
wolfSSL 11:cee25a834751 6372 if (s == '.')
wolfSSL 11:cee25a834751 6373 return 0;
wolfSSL 11:cee25a834751 6374 str++;
wolfSSL 11:cee25a834751 6375 }
wolfSSL 11:cee25a834751 6376 }
wolfSSL 11:cee25a834751 6377 else {
wolfSSL 11:cee25a834751 6378 if (p != (char)XTOLOWER((unsigned char) *str))
wolfSSL 11:cee25a834751 6379 return 0;
wolfSSL 11:cee25a834751 6380 }
wolfSSL 11:cee25a834751 6381
wolfSSL 11:cee25a834751 6382 if (*str != '\0')
wolfSSL 11:cee25a834751 6383 str++;
wolfSSL 11:cee25a834751 6384
wolfSSL 11:cee25a834751 6385 if (len > 0)
wolfSSL 11:cee25a834751 6386 len--;
wolfSSL 11:cee25a834751 6387 }
wolfSSL 11:cee25a834751 6388
wolfSSL 11:cee25a834751 6389 return *str == '\0';
wolfSSL 11:cee25a834751 6390 }
wolfSSL 11:cee25a834751 6391
wolfSSL 11:cee25a834751 6392
wolfSSL 11:cee25a834751 6393 /* try to find an altName match to domain, return 1 on success */
wolfSSL 11:cee25a834751 6394 static int CheckAltNames(DecodedCert* dCert, char* domain)
wolfSSL 11:cee25a834751 6395 {
wolfSSL 11:cee25a834751 6396 int match = 0;
wolfSSL 11:cee25a834751 6397 DNS_entry* altName = NULL;
wolfSSL 11:cee25a834751 6398
wolfSSL 11:cee25a834751 6399 WOLFSSL_MSG("Checking AltNames");
wolfSSL 11:cee25a834751 6400
wolfSSL 11:cee25a834751 6401 if (dCert)
wolfSSL 11:cee25a834751 6402 altName = dCert->altNames;
wolfSSL 11:cee25a834751 6403
wolfSSL 11:cee25a834751 6404 while (altName) {
wolfSSL 11:cee25a834751 6405 WOLFSSL_MSG("\tindividual AltName check");
wolfSSL 11:cee25a834751 6406
wolfSSL 11:cee25a834751 6407 if (MatchDomainName(altName->name,(int)XSTRLEN(altName->name), domain)){
wolfSSL 11:cee25a834751 6408 match = 1;
wolfSSL 11:cee25a834751 6409 break;
wolfSSL 11:cee25a834751 6410 }
wolfSSL 11:cee25a834751 6411
wolfSSL 11:cee25a834751 6412 altName = altName->next;
wolfSSL 11:cee25a834751 6413 }
wolfSSL 11:cee25a834751 6414
wolfSSL 11:cee25a834751 6415 return match;
wolfSSL 11:cee25a834751 6416 }
wolfSSL 11:cee25a834751 6417
wolfSSL 11:cee25a834751 6418
wolfSSL 11:cee25a834751 6419 #ifdef OPENSSL_EXTRA
wolfSSL 11:cee25a834751 6420 /* Check that alternative names, if they exists, match the domain.
wolfSSL 11:cee25a834751 6421 * Fail if there are wild patterns and they didn't match.
wolfSSL 11:cee25a834751 6422 * Check the common name if no alternative names matched.
wolfSSL 11:cee25a834751 6423 *
wolfSSL 11:cee25a834751 6424 * dCert Decoded cert to get the alternative names from.
wolfSSL 11:cee25a834751 6425 * domain Domain name to compare against.
wolfSSL 11:cee25a834751 6426 * checkCN Whether to check the common name.
wolfSSL 11:cee25a834751 6427 * returns whether there was a problem in matching.
wolfSSL 11:cee25a834751 6428 */
wolfSSL 11:cee25a834751 6429 static int CheckForAltNames(DecodedCert* dCert, char* domain, int* checkCN)
wolfSSL 11:cee25a834751 6430 {
wolfSSL 11:cee25a834751 6431 int match;
wolfSSL 11:cee25a834751 6432 DNS_entry* altName = NULL;
wolfSSL 11:cee25a834751 6433
wolfSSL 11:cee25a834751 6434 WOLFSSL_MSG("Checking AltNames");
wolfSSL 11:cee25a834751 6435
wolfSSL 11:cee25a834751 6436 if (dCert)
wolfSSL 11:cee25a834751 6437 altName = dCert->altNames;
wolfSSL 11:cee25a834751 6438
wolfSSL 11:cee25a834751 6439 *checkCN = altName == NULL;
wolfSSL 11:cee25a834751 6440 match = 0;
wolfSSL 11:cee25a834751 6441 while (altName) {
wolfSSL 11:cee25a834751 6442 WOLFSSL_MSG("\tindividual AltName check");
wolfSSL 11:cee25a834751 6443
wolfSSL 11:cee25a834751 6444 if (MatchDomainName(altName->name, (int)XSTRLEN(altName->name),
wolfSSL 11:cee25a834751 6445 domain)) {
wolfSSL 11:cee25a834751 6446 match = 1;
wolfSSL 11:cee25a834751 6447 *checkCN = 0;
wolfSSL 11:cee25a834751 6448 break;
wolfSSL 11:cee25a834751 6449 }
wolfSSL 11:cee25a834751 6450 /* No matches and wild pattern match failed. */
wolfSSL 11:cee25a834751 6451 else if (altName->name[0] == '*' && match == 0)
wolfSSL 11:cee25a834751 6452 match = -1;
wolfSSL 11:cee25a834751 6453
wolfSSL 11:cee25a834751 6454 altName = altName->next;
wolfSSL 11:cee25a834751 6455 }
wolfSSL 11:cee25a834751 6456
wolfSSL 11:cee25a834751 6457 return match != -1;
wolfSSL 11:cee25a834751 6458 }
wolfSSL 11:cee25a834751 6459
wolfSSL 11:cee25a834751 6460 /* Check the domain name matches the subject alternative name or the subject
wolfSSL 11:cee25a834751 6461 * name.
wolfSSL 11:cee25a834751 6462 *
wolfSSL 11:cee25a834751 6463 * dcert Decoded certificate.
wolfSSL 11:cee25a834751 6464 * domainName The domain name.
wolfSSL 11:cee25a834751 6465 * domainNameLen The length of the domain name.
wolfSSL 11:cee25a834751 6466 * returns DOMAIN_NAME_MISMATCH when no match found and 0 on success.
wolfSSL 11:cee25a834751 6467 */
wolfSSL 11:cee25a834751 6468 int CheckHostName(DecodedCert* dCert, char *domainName, size_t domainNameLen)
wolfSSL 11:cee25a834751 6469 {
wolfSSL 11:cee25a834751 6470 int checkCN;
wolfSSL 11:cee25a834751 6471
wolfSSL 11:cee25a834751 6472 /* Assume name is NUL terminated. */
wolfSSL 11:cee25a834751 6473 (void)domainNameLen;
wolfSSL 11:cee25a834751 6474
wolfSSL 11:cee25a834751 6475 if (CheckForAltNames(dCert, domainName, &checkCN) == 0) {
wolfSSL 11:cee25a834751 6476 WOLFSSL_MSG("DomainName match on alt names failed too");
wolfSSL 11:cee25a834751 6477 return DOMAIN_NAME_MISMATCH;
wolfSSL 11:cee25a834751 6478 }
wolfSSL 11:cee25a834751 6479 if (checkCN == 1) {
wolfSSL 11:cee25a834751 6480 if (MatchDomainName(dCert->subjectCN, dCert->subjectCNLen,
wolfSSL 11:cee25a834751 6481 domainName) == 0) {
wolfSSL 11:cee25a834751 6482 WOLFSSL_MSG("DomainName match on common name failed");
wolfSSL 11:cee25a834751 6483 return DOMAIN_NAME_MISMATCH;
wolfSSL 11:cee25a834751 6484 }
wolfSSL 11:cee25a834751 6485 }
wolfSSL 11:cee25a834751 6486
wolfSSL 11:cee25a834751 6487 return 0;
wolfSSL 11:cee25a834751 6488 }
wolfSSL 11:cee25a834751 6489 #endif
wolfSSL 11:cee25a834751 6490
wolfSSL 11:cee25a834751 6491 #if defined(KEEP_PEER_CERT) || defined(SESSION_CERTS)
wolfSSL 11:cee25a834751 6492
wolfSSL 11:cee25a834751 6493 /* Copy parts X509 needs from Decoded cert, 0 on success */
wolfSSL 11:cee25a834751 6494 int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert)
wolfSSL 11:cee25a834751 6495 {
wolfSSL 11:cee25a834751 6496 int ret = 0;
wolfSSL 11:cee25a834751 6497
wolfSSL 11:cee25a834751 6498 if (x509 == NULL || dCert == NULL ||
wolfSSL 11:cee25a834751 6499 dCert->subjectCNLen < 0)
wolfSSL 11:cee25a834751 6500 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 6501
wolfSSL 11:cee25a834751 6502 x509->version = dCert->version + 1;
wolfSSL 11:cee25a834751 6503
wolfSSL 11:cee25a834751 6504 XSTRNCPY(x509->issuer.name, dCert->issuer, ASN_NAME_MAX);
wolfSSL 11:cee25a834751 6505 x509->issuer.name[ASN_NAME_MAX - 1] = '\0';
wolfSSL 11:cee25a834751 6506 x509->issuer.sz = (int)XSTRLEN(x509->issuer.name) + 1;
wolfSSL 11:cee25a834751 6507 #ifdef OPENSSL_EXTRA
wolfSSL 11:cee25a834751 6508 if (dCert->issuerName.fullName != NULL) {
wolfSSL 11:cee25a834751 6509 XMEMCPY(&x509->issuer.fullName,
wolfSSL 11:cee25a834751 6510 &dCert->issuerName, sizeof(DecodedName));
wolfSSL 11:cee25a834751 6511 x509->issuer.fullName.fullName = (char*)XMALLOC(
wolfSSL 11:cee25a834751 6512 dCert->issuerName.fullNameLen, x509->heap,
wolfSSL 11:cee25a834751 6513 DYNAMIC_TYPE_X509);
wolfSSL 11:cee25a834751 6514 if (x509->issuer.fullName.fullName != NULL)
wolfSSL 11:cee25a834751 6515 XMEMCPY(x509->issuer.fullName.fullName,
wolfSSL 11:cee25a834751 6516 dCert->issuerName.fullName, dCert->issuerName.fullNameLen);
wolfSSL 11:cee25a834751 6517 }
wolfSSL 11:cee25a834751 6518 x509->issuer.x509 = x509;
wolfSSL 11:cee25a834751 6519 #endif /* OPENSSL_EXTRA */
wolfSSL 11:cee25a834751 6520
wolfSSL 11:cee25a834751 6521 XSTRNCPY(x509->subject.name, dCert->subject, ASN_NAME_MAX);
wolfSSL 11:cee25a834751 6522 x509->subject.name[ASN_NAME_MAX - 1] = '\0';
wolfSSL 11:cee25a834751 6523 x509->subject.sz = (int)XSTRLEN(x509->subject.name) + 1;
wolfSSL 11:cee25a834751 6524 #ifdef OPENSSL_EXTRA
wolfSSL 11:cee25a834751 6525 if (dCert->subjectName.fullName != NULL) {
wolfSSL 11:cee25a834751 6526 XMEMCPY(&x509->subject.fullName,
wolfSSL 11:cee25a834751 6527 &dCert->subjectName, sizeof(DecodedName));
wolfSSL 11:cee25a834751 6528 x509->subject.fullName.fullName = (char*)XMALLOC(
wolfSSL 11:cee25a834751 6529 dCert->subjectName.fullNameLen, x509->heap, DYNAMIC_TYPE_X509);
wolfSSL 11:cee25a834751 6530 if (x509->subject.fullName.fullName != NULL)
wolfSSL 11:cee25a834751 6531 XMEMCPY(x509->subject.fullName.fullName,
wolfSSL 11:cee25a834751 6532 dCert->subjectName.fullName, dCert->subjectName.fullNameLen);
wolfSSL 11:cee25a834751 6533 }
wolfSSL 11:cee25a834751 6534 x509->subject.x509 = x509;
wolfSSL 11:cee25a834751 6535 #endif /* OPENSSL_EXTRA */
wolfSSL 11:cee25a834751 6536
wolfSSL 11:cee25a834751 6537 XMEMCPY(x509->serial, dCert->serial, EXTERNAL_SERIAL_SIZE);
wolfSSL 11:cee25a834751 6538 x509->serialSz = dCert->serialSz;
wolfSSL 11:cee25a834751 6539 if (dCert->subjectCNLen < ASN_NAME_MAX) {
wolfSSL 11:cee25a834751 6540 XMEMCPY(x509->subjectCN, dCert->subjectCN, dCert->subjectCNLen);
wolfSSL 11:cee25a834751 6541 x509->subjectCN[dCert->subjectCNLen] = '\0';
wolfSSL 11:cee25a834751 6542 }
wolfSSL 11:cee25a834751 6543 else
wolfSSL 11:cee25a834751 6544 x509->subjectCN[0] = '\0';
wolfSSL 11:cee25a834751 6545
wolfSSL 11:cee25a834751 6546 #ifdef WOLFSSL_SEP
wolfSSL 11:cee25a834751 6547 {
wolfSSL 11:cee25a834751 6548 int minSz = min(dCert->deviceTypeSz, EXTERNAL_SERIAL_SIZE);
wolfSSL 11:cee25a834751 6549 if (minSz > 0) {
wolfSSL 11:cee25a834751 6550 x509->deviceTypeSz = minSz;
wolfSSL 11:cee25a834751 6551 XMEMCPY(x509->deviceType, dCert->deviceType, minSz);
wolfSSL 11:cee25a834751 6552 }
wolfSSL 11:cee25a834751 6553 else
wolfSSL 11:cee25a834751 6554 x509->deviceTypeSz = 0;
wolfSSL 11:cee25a834751 6555 minSz = min(dCert->hwTypeSz, EXTERNAL_SERIAL_SIZE);
wolfSSL 11:cee25a834751 6556 if (minSz > 0) {
wolfSSL 11:cee25a834751 6557 x509->hwTypeSz = minSz;
wolfSSL 11:cee25a834751 6558 XMEMCPY(x509->hwType, dCert->hwType, minSz);
wolfSSL 11:cee25a834751 6559 }
wolfSSL 11:cee25a834751 6560 else
wolfSSL 11:cee25a834751 6561 x509->hwTypeSz = 0;
wolfSSL 11:cee25a834751 6562 minSz = min(dCert->hwSerialNumSz, EXTERNAL_SERIAL_SIZE);
wolfSSL 11:cee25a834751 6563 if (minSz > 0) {
wolfSSL 11:cee25a834751 6564 x509->hwSerialNumSz = minSz;
wolfSSL 11:cee25a834751 6565 XMEMCPY(x509->hwSerialNum, dCert->hwSerialNum, minSz);
wolfSSL 11:cee25a834751 6566 }
wolfSSL 11:cee25a834751 6567 else
wolfSSL 11:cee25a834751 6568 x509->hwSerialNumSz = 0;
wolfSSL 11:cee25a834751 6569 }
wolfSSL 11:cee25a834751 6570 #endif /* WOLFSSL_SEP */
wolfSSL 11:cee25a834751 6571 {
wolfSSL 11:cee25a834751 6572 int minSz = min(dCert->beforeDateLen, MAX_DATE_SZ);
wolfSSL 11:cee25a834751 6573 if (minSz > 0) {
wolfSSL 11:cee25a834751 6574 x509->notBeforeSz = minSz;
wolfSSL 11:cee25a834751 6575 XMEMCPY(x509->notBefore, dCert->beforeDate, minSz);
wolfSSL 11:cee25a834751 6576 }
wolfSSL 11:cee25a834751 6577 else
wolfSSL 11:cee25a834751 6578 x509->notBeforeSz = 0;
wolfSSL 11:cee25a834751 6579 minSz = min(dCert->afterDateLen, MAX_DATE_SZ);
wolfSSL 11:cee25a834751 6580 if (minSz > 0) {
wolfSSL 11:cee25a834751 6581 x509->notAfterSz = minSz;
wolfSSL 11:cee25a834751 6582 XMEMCPY(x509->notAfter, dCert->afterDate, minSz);
wolfSSL 11:cee25a834751 6583 }
wolfSSL 11:cee25a834751 6584 else
wolfSSL 11:cee25a834751 6585 x509->notAfterSz = 0;
wolfSSL 11:cee25a834751 6586 }
wolfSSL 11:cee25a834751 6587
wolfSSL 11:cee25a834751 6588 if (dCert->publicKey != NULL && dCert->pubKeySize != 0) {
wolfSSL 11:cee25a834751 6589 x509->pubKey.buffer = (byte*)XMALLOC(
wolfSSL 11:cee25a834751 6590 dCert->pubKeySize, x509->heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 11:cee25a834751 6591 if (x509->pubKey.buffer != NULL) {
wolfSSL 11:cee25a834751 6592 x509->pubKeyOID = dCert->keyOID;
wolfSSL 11:cee25a834751 6593 x509->pubKey.length = dCert->pubKeySize;
wolfSSL 11:cee25a834751 6594 XMEMCPY(x509->pubKey.buffer, dCert->publicKey, dCert->pubKeySize);
wolfSSL 11:cee25a834751 6595 }
wolfSSL 11:cee25a834751 6596 else
wolfSSL 11:cee25a834751 6597 ret = MEMORY_E;
wolfSSL 11:cee25a834751 6598 }
wolfSSL 11:cee25a834751 6599
wolfSSL 11:cee25a834751 6600 if (dCert->signature != NULL && dCert->sigLength != 0 &&
wolfSSL 11:cee25a834751 6601 dCert->sigLength <= MAX_ENCODED_SIG_SZ) {
wolfSSL 11:cee25a834751 6602 x509->sig.buffer = (byte*)XMALLOC(
wolfSSL 11:cee25a834751 6603 dCert->sigLength, x509->heap, DYNAMIC_TYPE_SIGNATURE);
wolfSSL 11:cee25a834751 6604 if (x509->sig.buffer == NULL) {
wolfSSL 11:cee25a834751 6605 ret = MEMORY_E;
wolfSSL 11:cee25a834751 6606 }
wolfSSL 11:cee25a834751 6607 else {
wolfSSL 11:cee25a834751 6608 XMEMCPY(x509->sig.buffer, dCert->signature, dCert->sigLength);
wolfSSL 11:cee25a834751 6609 x509->sig.length = dCert->sigLength;
wolfSSL 11:cee25a834751 6610 x509->sigOID = dCert->signatureOID;
wolfSSL 11:cee25a834751 6611 }
wolfSSL 11:cee25a834751 6612 }
wolfSSL 11:cee25a834751 6613
wolfSSL 11:cee25a834751 6614 /* store cert for potential retrieval */
wolfSSL 11:cee25a834751 6615 if (AllocDer(&x509->derCert, dCert->maxIdx, CERT_TYPE, x509->heap) == 0) {
wolfSSL 11:cee25a834751 6616 XMEMCPY(x509->derCert->buffer, dCert->source, dCert->maxIdx);
wolfSSL 11:cee25a834751 6617 }
wolfSSL 11:cee25a834751 6618 else {
wolfSSL 11:cee25a834751 6619 ret = MEMORY_E;
wolfSSL 11:cee25a834751 6620 }
wolfSSL 11:cee25a834751 6621
wolfSSL 11:cee25a834751 6622 x509->altNames = dCert->altNames;
wolfSSL 11:cee25a834751 6623 dCert->weOwnAltNames = 0;
wolfSSL 11:cee25a834751 6624 x509->altNamesNext = x509->altNames; /* index hint */
wolfSSL 11:cee25a834751 6625
wolfSSL 11:cee25a834751 6626 x509->isCa = dCert->isCA;
wolfSSL 11:cee25a834751 6627 #ifdef OPENSSL_EXTRA
wolfSSL 11:cee25a834751 6628 x509->pathLength = dCert->pathLength;
wolfSSL 11:cee25a834751 6629 x509->keyUsage = dCert->extKeyUsage;
wolfSSL 11:cee25a834751 6630
wolfSSL 11:cee25a834751 6631 x509->CRLdistSet = dCert->extCRLdistSet;
wolfSSL 11:cee25a834751 6632 x509->CRLdistCrit = dCert->extCRLdistCrit;
wolfSSL 11:cee25a834751 6633 x509->CRLInfo = dCert->extCrlInfo;
wolfSSL 11:cee25a834751 6634 x509->CRLInfoSz = dCert->extCrlInfoSz;
wolfSSL 11:cee25a834751 6635 x509->authInfoSet = dCert->extAuthInfoSet;
wolfSSL 11:cee25a834751 6636 x509->authInfoCrit = dCert->extAuthInfoCrit;
wolfSSL 11:cee25a834751 6637 if (dCert->extAuthInfo != NULL && dCert->extAuthInfoSz > 0) {
wolfSSL 11:cee25a834751 6638 x509->authInfo = (byte*)XMALLOC(dCert->extAuthInfoSz, x509->heap,
wolfSSL 11:cee25a834751 6639 DYNAMIC_TYPE_X509_EXT);
wolfSSL 11:cee25a834751 6640 if (x509->authInfo != NULL) {
wolfSSL 11:cee25a834751 6641 XMEMCPY(x509->authInfo, dCert->extAuthInfo, dCert->extAuthInfoSz);
wolfSSL 11:cee25a834751 6642 x509->authInfoSz = dCert->extAuthInfoSz;
wolfSSL 11:cee25a834751 6643 }
wolfSSL 11:cee25a834751 6644 else {
wolfSSL 11:cee25a834751 6645 ret = MEMORY_E;
wolfSSL 11:cee25a834751 6646 }
wolfSSL 11:cee25a834751 6647 }
wolfSSL 11:cee25a834751 6648 x509->basicConstSet = dCert->extBasicConstSet;
wolfSSL 11:cee25a834751 6649 x509->basicConstCrit = dCert->extBasicConstCrit;
wolfSSL 11:cee25a834751 6650 x509->basicConstPlSet = dCert->pathLengthSet;
wolfSSL 11:cee25a834751 6651 x509->subjAltNameSet = dCert->extSubjAltNameSet;
wolfSSL 11:cee25a834751 6652 x509->subjAltNameCrit = dCert->extSubjAltNameCrit;
wolfSSL 11:cee25a834751 6653 x509->authKeyIdSet = dCert->extAuthKeyIdSet;
wolfSSL 11:cee25a834751 6654 x509->authKeyIdCrit = dCert->extAuthKeyIdCrit;
wolfSSL 11:cee25a834751 6655 if (dCert->extAuthKeyIdSrc != NULL && dCert->extAuthKeyIdSz != 0) {
wolfSSL 11:cee25a834751 6656 x509->authKeyId = (byte*)XMALLOC(dCert->extAuthKeyIdSz, x509->heap,
wolfSSL 11:cee25a834751 6657 DYNAMIC_TYPE_X509_EXT);
wolfSSL 11:cee25a834751 6658 if (x509->authKeyId != NULL) {
wolfSSL 11:cee25a834751 6659 XMEMCPY(x509->authKeyId,
wolfSSL 11:cee25a834751 6660 dCert->extAuthKeyIdSrc, dCert->extAuthKeyIdSz);
wolfSSL 11:cee25a834751 6661 x509->authKeyIdSz = dCert->extAuthKeyIdSz;
wolfSSL 11:cee25a834751 6662 }
wolfSSL 11:cee25a834751 6663 else
wolfSSL 11:cee25a834751 6664 ret = MEMORY_E;
wolfSSL 11:cee25a834751 6665 }
wolfSSL 11:cee25a834751 6666 x509->subjKeyIdSet = dCert->extSubjKeyIdSet;
wolfSSL 11:cee25a834751 6667 x509->subjKeyIdCrit = dCert->extSubjKeyIdCrit;
wolfSSL 11:cee25a834751 6668 if (dCert->extSubjKeyIdSrc != NULL && dCert->extSubjKeyIdSz != 0) {
wolfSSL 11:cee25a834751 6669 x509->subjKeyId = (byte*)XMALLOC(dCert->extSubjKeyIdSz, x509->heap,
wolfSSL 11:cee25a834751 6670 DYNAMIC_TYPE_X509_EXT);
wolfSSL 11:cee25a834751 6671 if (x509->subjKeyId != NULL) {
wolfSSL 11:cee25a834751 6672 XMEMCPY(x509->subjKeyId,
wolfSSL 11:cee25a834751 6673 dCert->extSubjKeyIdSrc, dCert->extSubjKeyIdSz);
wolfSSL 11:cee25a834751 6674 x509->subjKeyIdSz = dCert->extSubjKeyIdSz;
wolfSSL 11:cee25a834751 6675 }
wolfSSL 11:cee25a834751 6676 else
wolfSSL 11:cee25a834751 6677 ret = MEMORY_E;
wolfSSL 11:cee25a834751 6678 }
wolfSSL 11:cee25a834751 6679 x509->keyUsageSet = dCert->extKeyUsageSet;
wolfSSL 11:cee25a834751 6680 x509->keyUsageCrit = dCert->extKeyUsageCrit;
wolfSSL 11:cee25a834751 6681 if (dCert->extExtKeyUsageSrc != NULL && dCert->extExtKeyUsageSz > 0) {
wolfSSL 11:cee25a834751 6682 x509->extKeyUsageSrc = (byte*)XMALLOC(dCert->extExtKeyUsageSz,
wolfSSL 11:cee25a834751 6683 x509->heap, DYNAMIC_TYPE_X509_EXT);
wolfSSL 11:cee25a834751 6684 if (x509->extKeyUsageSrc != NULL) {
wolfSSL 11:cee25a834751 6685 XMEMCPY(x509->extKeyUsageSrc, dCert->extExtKeyUsageSrc,
wolfSSL 11:cee25a834751 6686 dCert->extExtKeyUsageSz);
wolfSSL 11:cee25a834751 6687 x509->extKeyUsageSz = dCert->extExtKeyUsageSz;
wolfSSL 11:cee25a834751 6688 x509->extKeyUsageCrit = dCert->extExtKeyUsageCrit;
wolfSSL 11:cee25a834751 6689 x509->extKeyUsageCount = dCert->extExtKeyUsageCount;
wolfSSL 11:cee25a834751 6690 }
wolfSSL 11:cee25a834751 6691 else {
wolfSSL 11:cee25a834751 6692 ret = MEMORY_E;
wolfSSL 11:cee25a834751 6693 }
wolfSSL 11:cee25a834751 6694 }
wolfSSL 11:cee25a834751 6695 #ifdef WOLFSSL_SEP
wolfSSL 11:cee25a834751 6696 x509->certPolicySet = dCert->extCertPolicySet;
wolfSSL 11:cee25a834751 6697 x509->certPolicyCrit = dCert->extCertPolicyCrit;
wolfSSL 11:cee25a834751 6698 #endif /* WOLFSSL_SEP */
wolfSSL 11:cee25a834751 6699 #ifdef WOLFSSL_CERT_EXT
wolfSSL 11:cee25a834751 6700 {
wolfSSL 11:cee25a834751 6701 int i;
wolfSSL 11:cee25a834751 6702 for (i = 0; i < dCert->extCertPoliciesNb && i < MAX_CERTPOL_NB; i++)
wolfSSL 11:cee25a834751 6703 XMEMCPY(x509->certPolicies[i], dCert->extCertPolicies[i],
wolfSSL 11:cee25a834751 6704 MAX_CERTPOL_SZ);
wolfSSL 11:cee25a834751 6705 x509->certPoliciesNb = dCert->extCertPoliciesNb;
wolfSSL 11:cee25a834751 6706 }
wolfSSL 11:cee25a834751 6707 #endif /* WOLFSSL_CERT_EXT */
wolfSSL 11:cee25a834751 6708 #endif /* OPENSSL_EXTRA */
wolfSSL 11:cee25a834751 6709 #ifdef HAVE_ECC
wolfSSL 11:cee25a834751 6710 x509->pkCurveOID = dCert->pkCurveOID;
wolfSSL 11:cee25a834751 6711 #endif /* HAVE_ECC */
wolfSSL 11:cee25a834751 6712
wolfSSL 11:cee25a834751 6713 return ret;
wolfSSL 11:cee25a834751 6714 }
wolfSSL 11:cee25a834751 6715
wolfSSL 11:cee25a834751 6716 #endif /* KEEP_PEER_CERT || SESSION_CERTS */
wolfSSL 11:cee25a834751 6717
wolfSSL 11:cee25a834751 6718 typedef struct DoCertArgs {
wolfSSL 11:cee25a834751 6719 buffer* certs;
wolfSSL 11:cee25a834751 6720 DecodedCert* dCert;
wolfSSL 11:cee25a834751 6721 char* domain;
wolfSSL 11:cee25a834751 6722 word32 idx;
wolfSSL 11:cee25a834751 6723 word32 begin;
wolfSSL 11:cee25a834751 6724 int totalCerts; /* number of certs in certs buffer */
wolfSSL 11:cee25a834751 6725 int count;
wolfSSL 11:cee25a834751 6726 int dCertInit;
wolfSSL 11:cee25a834751 6727 int certIdx;
wolfSSL 11:cee25a834751 6728 #ifdef WOLFSSL_TRUST_PEER_CERT
wolfSSL 11:cee25a834751 6729 byte haveTrustPeer; /* was cert verified by loaded trusted peer cert */
wolfSSL 11:cee25a834751 6730 #endif
wolfSSL 11:cee25a834751 6731 } DoCertArgs;
wolfSSL 11:cee25a834751 6732
wolfSSL 11:cee25a834751 6733 static void FreeDoCertArgs(WOLFSSL* ssl, void* pArgs)
wolfSSL 11:cee25a834751 6734 {
wolfSSL 11:cee25a834751 6735 DoCertArgs* args = (DoCertArgs*)pArgs;
wolfSSL 11:cee25a834751 6736
wolfSSL 11:cee25a834751 6737 (void)ssl;
wolfSSL 11:cee25a834751 6738
wolfSSL 11:cee25a834751 6739 if (args->domain) {
wolfSSL 11:cee25a834751 6740 XFREE(args->domain, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 6741 args->domain = NULL;
wolfSSL 11:cee25a834751 6742 }
wolfSSL 11:cee25a834751 6743 if (args->certs) {
wolfSSL 11:cee25a834751 6744 XFREE(args->certs, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 6745 args->certs = NULL;
wolfSSL 11:cee25a834751 6746 }
wolfSSL 11:cee25a834751 6747 if (args->dCert) {
wolfSSL 11:cee25a834751 6748 if (args->dCertInit) {
wolfSSL 11:cee25a834751 6749 FreeDecodedCert(args->dCert);
wolfSSL 11:cee25a834751 6750 args->dCertInit = 0;
wolfSSL 11:cee25a834751 6751 }
wolfSSL 11:cee25a834751 6752 XFREE(args->dCert, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 6753 args->dCert = NULL;
wolfSSL 11:cee25a834751 6754 }
wolfSSL 11:cee25a834751 6755 }
wolfSSL 11:cee25a834751 6756
wolfSSL 11:cee25a834751 6757 static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx,
wolfSSL 11:cee25a834751 6758 word32 size)
wolfSSL 11:cee25a834751 6759 {
wolfSSL 11:cee25a834751 6760 int ret = 0, lastErr = 0;
wolfSSL 11:cee25a834751 6761 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 11:cee25a834751 6762 DoCertArgs* args = (DoCertArgs*)ssl->async.args;
wolfSSL 11:cee25a834751 6763 typedef char args_test[sizeof(ssl->async.args) >= sizeof(*args) ? 1 : -1];
wolfSSL 11:cee25a834751 6764 (void)sizeof(args_test);
wolfSSL 11:cee25a834751 6765 #else
wolfSSL 11:cee25a834751 6766 DoCertArgs args[1];
wolfSSL 11:cee25a834751 6767 #endif
wolfSSL 11:cee25a834751 6768
wolfSSL 11:cee25a834751 6769 #ifdef WOLFSSL_TRUST_PEER_CERT
wolfSSL 11:cee25a834751 6770 byte haveTrustPeer = 0; /* was cert verified by loaded trusted peer cert */
wolfSSL 11:cee25a834751 6771 #endif
wolfSSL 11:cee25a834751 6772
wolfSSL 11:cee25a834751 6773 WOLFSSL_ENTER("DoCertificate");
wolfSSL 11:cee25a834751 6774
wolfSSL 11:cee25a834751 6775 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 11:cee25a834751 6776 ret = wolfSSL_AsyncPop(ssl, &ssl->options.asyncState);
wolfSSL 11:cee25a834751 6777 if (ret != WC_NOT_PENDING_E) {
wolfSSL 11:cee25a834751 6778 /* Check for error */
wolfSSL 11:cee25a834751 6779 if (ret < 0)
wolfSSL 11:cee25a834751 6780 goto exit_dc;
wolfSSL 11:cee25a834751 6781 }
wolfSSL 11:cee25a834751 6782 else
wolfSSL 11:cee25a834751 6783 #endif
wolfSSL 11:cee25a834751 6784 {
wolfSSL 11:cee25a834751 6785 /* Reset state */
wolfSSL 11:cee25a834751 6786 ret = 0;
wolfSSL 11:cee25a834751 6787 ssl->options.asyncState = TLS_ASYNC_BEGIN;
wolfSSL 11:cee25a834751 6788 XMEMSET(args, 0, sizeof(DoCertArgs));
wolfSSL 11:cee25a834751 6789 args->idx = *inOutIdx;
wolfSSL 11:cee25a834751 6790 args->begin = *inOutIdx;
wolfSSL 11:cee25a834751 6791 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 11:cee25a834751 6792 ssl->async.freeArgs = FreeDoCertArgs;
wolfSSL 11:cee25a834751 6793 #endif
wolfSSL 11:cee25a834751 6794 }
wolfSSL 11:cee25a834751 6795
wolfSSL 11:cee25a834751 6796 switch(ssl->options.asyncState)
wolfSSL 11:cee25a834751 6797 {
wolfSSL 11:cee25a834751 6798 case TLS_ASYNC_BEGIN:
wolfSSL 11:cee25a834751 6799 {
wolfSSL 11:cee25a834751 6800 word32 listSz;
wolfSSL 11:cee25a834751 6801
wolfSSL 11:cee25a834751 6802 #ifdef WOLFSSL_CALLBACKS
wolfSSL 11:cee25a834751 6803 if (ssl->hsInfoOn)
wolfSSL 11:cee25a834751 6804 AddPacketName("Certificate", &ssl->handShakeInfo);
wolfSSL 11:cee25a834751 6805 if (ssl->toInfoOn)
wolfSSL 11:cee25a834751 6806 AddLateName("Certificate", &ssl->timeoutInfo);
wolfSSL 11:cee25a834751 6807 #endif
wolfSSL 11:cee25a834751 6808
wolfSSL 11:cee25a834751 6809 /* allocate buffer for certs */
wolfSSL 11:cee25a834751 6810 args->certs = (buffer*)XMALLOC(sizeof(buffer) * MAX_CHAIN_DEPTH,
wolfSSL 11:cee25a834751 6811 ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 6812 if (args->certs == NULL) {
wolfSSL 11:cee25a834751 6813 ERROR_OUT(MEMORY_E, exit_dc);
wolfSSL 11:cee25a834751 6814 }
wolfSSL 11:cee25a834751 6815 XMEMSET(args->certs, 0, sizeof(buffer) * MAX_CHAIN_DEPTH);
wolfSSL 11:cee25a834751 6816
wolfSSL 11:cee25a834751 6817 if ((args->idx - args->begin) + OPAQUE24_LEN > size) {
wolfSSL 11:cee25a834751 6818 ERROR_OUT(BUFFER_ERROR, exit_dc);
wolfSSL 11:cee25a834751 6819 }
wolfSSL 11:cee25a834751 6820
wolfSSL 11:cee25a834751 6821 c24to32(input + args->idx, &listSz);
wolfSSL 11:cee25a834751 6822 args->idx += OPAQUE24_LEN;
wolfSSL 11:cee25a834751 6823
wolfSSL 11:cee25a834751 6824 if (listSz > MAX_RECORD_SIZE) {
wolfSSL 11:cee25a834751 6825 ERROR_OUT(BUFFER_ERROR, exit_dc);
wolfSSL 11:cee25a834751 6826 }
wolfSSL 11:cee25a834751 6827
wolfSSL 11:cee25a834751 6828 if ((args->idx - args->begin) + listSz != size) {
wolfSSL 11:cee25a834751 6829 ERROR_OUT(BUFFER_ERROR, exit_dc);
wolfSSL 11:cee25a834751 6830 }
wolfSSL 11:cee25a834751 6831
wolfSSL 11:cee25a834751 6832 WOLFSSL_MSG("Loading peer's cert chain");
wolfSSL 11:cee25a834751 6833 /* first put cert chain into buffer so can verify top down
wolfSSL 11:cee25a834751 6834 we're sent bottom up */
wolfSSL 11:cee25a834751 6835 while (listSz) {
wolfSSL 11:cee25a834751 6836 word32 certSz;
wolfSSL 11:cee25a834751 6837
wolfSSL 11:cee25a834751 6838 if (args->totalCerts >= MAX_CHAIN_DEPTH) {
wolfSSL 11:cee25a834751 6839 #ifdef OPENSSL_EXTRA
wolfSSL 11:cee25a834751 6840 ssl->peerVerifyRet = X509_V_ERR_CERT_CHAIN_TOO_LONG;
wolfSSL 11:cee25a834751 6841 #endif
wolfSSL 11:cee25a834751 6842 ERROR_OUT(MAX_CHAIN_ERROR, exit_dc);
wolfSSL 11:cee25a834751 6843 }
wolfSSL 11:cee25a834751 6844
wolfSSL 11:cee25a834751 6845 if ((args->idx - args->begin) + OPAQUE24_LEN > size) {
wolfSSL 11:cee25a834751 6846 ERROR_OUT(BUFFER_ERROR, exit_dc);
wolfSSL 11:cee25a834751 6847 }
wolfSSL 11:cee25a834751 6848
wolfSSL 11:cee25a834751 6849 c24to32(input + args->idx, &certSz);
wolfSSL 11:cee25a834751 6850 args->idx += OPAQUE24_LEN;
wolfSSL 11:cee25a834751 6851
wolfSSL 11:cee25a834751 6852 if ((args->idx - args->begin) + certSz > size) {
wolfSSL 11:cee25a834751 6853 ERROR_OUT(BUFFER_ERROR, exit_dc);
wolfSSL 11:cee25a834751 6854 }
wolfSSL 11:cee25a834751 6855
wolfSSL 11:cee25a834751 6856 args->certs[args->totalCerts].length = certSz;
wolfSSL 11:cee25a834751 6857 args->certs[args->totalCerts].buffer = input + args->idx;
wolfSSL 11:cee25a834751 6858
wolfSSL 11:cee25a834751 6859 #ifdef SESSION_CERTS
wolfSSL 11:cee25a834751 6860 if (ssl->session.chain.count < MAX_CHAIN_DEPTH &&
wolfSSL 11:cee25a834751 6861 certSz < MAX_X509_SIZE) {
wolfSSL 11:cee25a834751 6862 ssl->session.chain.certs[
wolfSSL 11:cee25a834751 6863 ssl->session.chain.count].length = certSz;
wolfSSL 11:cee25a834751 6864 XMEMCPY(ssl->session.chain.certs[
wolfSSL 11:cee25a834751 6865 ssl->session.chain.count].buffer,
wolfSSL 11:cee25a834751 6866 input + args->idx, certSz);
wolfSSL 11:cee25a834751 6867 ssl->session.chain.count++;
wolfSSL 11:cee25a834751 6868 }
wolfSSL 11:cee25a834751 6869 else {
wolfSSL 11:cee25a834751 6870 WOLFSSL_MSG("Couldn't store chain cert for session");
wolfSSL 11:cee25a834751 6871 }
wolfSSL 11:cee25a834751 6872 #endif /* SESSION_CERTS */
wolfSSL 11:cee25a834751 6873
wolfSSL 11:cee25a834751 6874 args->idx += certSz;
wolfSSL 11:cee25a834751 6875 listSz -= certSz + CERT_HEADER_SZ;
wolfSSL 11:cee25a834751 6876
wolfSSL 11:cee25a834751 6877 args->totalCerts++;
wolfSSL 11:cee25a834751 6878 WOLFSSL_MSG("\tPut another cert into chain");
wolfSSL 11:cee25a834751 6879 } /* while (listSz) */
wolfSSL 11:cee25a834751 6880
wolfSSL 11:cee25a834751 6881 args->count = args->totalCerts;
wolfSSL 11:cee25a834751 6882 args->certIdx = 0;
wolfSSL 11:cee25a834751 6883
wolfSSL 11:cee25a834751 6884 args->dCertInit = 0;
wolfSSL 11:cee25a834751 6885 args->dCert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), ssl->heap,
wolfSSL 11:cee25a834751 6886 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 6887 if (args->dCert == NULL) {
wolfSSL 11:cee25a834751 6888 ERROR_OUT(MEMORY_E, exit_dc);
wolfSSL 11:cee25a834751 6889 }
wolfSSL 11:cee25a834751 6890
wolfSSL 11:cee25a834751 6891 /* Advance state and proceed */
wolfSSL 11:cee25a834751 6892 ssl->options.asyncState = TLS_ASYNC_BUILD;
wolfSSL 11:cee25a834751 6893 } /* case TLS_ASYNC_BEGIN */
wolfSSL 11:cee25a834751 6894
wolfSSL 11:cee25a834751 6895 case TLS_ASYNC_BUILD:
wolfSSL 11:cee25a834751 6896 {
wolfSSL 11:cee25a834751 6897 if (args->count > 0) {
wolfSSL 11:cee25a834751 6898 #ifdef WOLFSSL_TRUST_PEER_CERT
wolfSSL 11:cee25a834751 6899 if (args->certIdx == 0) {
wolfSSL 11:cee25a834751 6900 /* if using trusted peer certs check before verify chain
wolfSSL 11:cee25a834751 6901 and CA test */
wolfSSL 11:cee25a834751 6902 TrustedPeerCert* tp;
wolfSSL 11:cee25a834751 6903
wolfSSL 11:cee25a834751 6904 if (!args->dCertInit) {
wolfSSL 11:cee25a834751 6905 InitDecodedCert(args->dCert,
wolfSSL 11:cee25a834751 6906 args->certs[args->certIdx].buffer,
wolfSSL 11:cee25a834751 6907 args->certs[args->certIdx].length, ssl->heap);
wolfSSL 11:cee25a834751 6908 args->dCert->sigCtx.devId = ssl->devId; /* setup async dev */
wolfSSL 11:cee25a834751 6909 args->dCertInit = 1;
wolfSSL 11:cee25a834751 6910 }
wolfSSL 11:cee25a834751 6911
wolfSSL 11:cee25a834751 6912 ret = ParseCertRelative(args->dCert, CERT_TYPE, 0,
wolfSSL 11:cee25a834751 6913 ssl->ctx->cm);
wolfSSL 11:cee25a834751 6914 if (ret != 0) {
wolfSSL 11:cee25a834751 6915 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 11:cee25a834751 6916 if (ret == WC_PENDING_E) {
wolfSSL 11:cee25a834751 6917 ret = wolfSSL_AsyncPush(ssl,
wolfSSL 11:cee25a834751 6918 args->dCert->sigCtx.asyncDev,
wolfSSL 11:cee25a834751 6919 WC_ASYNC_FLAG_CALL_AGAIN);
wolfSSL 11:cee25a834751 6920 }
wolfSSL 11:cee25a834751 6921 #endif
wolfSSL 11:cee25a834751 6922 goto exit_dc;
wolfSSL 11:cee25a834751 6923 }
wolfSSL 11:cee25a834751 6924
wolfSSL 11:cee25a834751 6925 #ifndef NO_SKID
wolfSSL 11:cee25a834751 6926 if (args->dCert->extAuthKeyIdSet) {
wolfSSL 11:cee25a834751 6927 tp = GetTrustedPeer(ssl->ctx->cm,
wolfSSL 11:cee25a834751 6928 args->dCert->extSubjKeyId, WC_MATCH_SKID);
wolfSSL 11:cee25a834751 6929 }
wolfSSL 11:cee25a834751 6930 else { /* if the cert has no SKID try to match by name */
wolfSSL 11:cee25a834751 6931 tp = GetTrustedPeer(ssl->ctx->cm,
wolfSSL 11:cee25a834751 6932 args->dCert->subjectHash, WC_MATCH_NAME);
wolfSSL 11:cee25a834751 6933 }
wolfSSL 11:cee25a834751 6934 #else /* NO_SKID */
wolfSSL 11:cee25a834751 6935 tp = GetTrustedPeer(ssl->ctx->cm, args->dCert->subjectHash,
wolfSSL 11:cee25a834751 6936 WC_MATCH_NAME);
wolfSSL 11:cee25a834751 6937 #endif /* NO SKID */
wolfSSL 11:cee25a834751 6938 WOLFSSL_MSG("Checking for trusted peer cert");
wolfSSL 11:cee25a834751 6939
wolfSSL 11:cee25a834751 6940 if (tp == NULL) {
wolfSSL 11:cee25a834751 6941 /* no trusted peer cert */
wolfSSL 11:cee25a834751 6942 WOLFSSL_MSG("No matching trusted peer cert. "
wolfSSL 11:cee25a834751 6943 "Checking CAs");
wolfSSL 11:cee25a834751 6944 FreeDecodedCert(args->dCert);
wolfSSL 11:cee25a834751 6945 args->dCertInit = 0;
wolfSSL 11:cee25a834751 6946 } else if (MatchTrustedPeer(tp, args->dCert)){
wolfSSL 11:cee25a834751 6947 WOLFSSL_MSG("Found matching trusted peer cert");
wolfSSL 11:cee25a834751 6948 haveTrustPeer = 1;
wolfSSL 11:cee25a834751 6949 } else {
wolfSSL 11:cee25a834751 6950 WOLFSSL_MSG("Trusted peer cert did not match!");
wolfSSL 11:cee25a834751 6951 FreeDecodedCert(args->dCert);
wolfSSL 11:cee25a834751 6952 args->dCertInit = 0;
wolfSSL 11:cee25a834751 6953 }
wolfSSL 11:cee25a834751 6954 }
wolfSSL 11:cee25a834751 6955 #endif /* WOLFSSL_TRUST_PEER_CERT */
wolfSSL 11:cee25a834751 6956
wolfSSL 11:cee25a834751 6957 /* verify up to peer's first */
wolfSSL 11:cee25a834751 6958 /* do not verify chain if trusted peer cert found */
wolfSSL 11:cee25a834751 6959 while (args->count > 1
wolfSSL 11:cee25a834751 6960 #ifdef WOLFSSL_TRUST_PEER_CERT
wolfSSL 11:cee25a834751 6961 && !haveTrustPeer
wolfSSL 11:cee25a834751 6962 #endif /* WOLFSSL_TRUST_PEER_CERT */
wolfSSL 11:cee25a834751 6963 ) {
wolfSSL 11:cee25a834751 6964 byte* subjectHash;
wolfSSL 11:cee25a834751 6965
wolfSSL 11:cee25a834751 6966 args->certIdx = args->count - 1;
wolfSSL 11:cee25a834751 6967
wolfSSL 11:cee25a834751 6968 if (!args->dCertInit) {
wolfSSL 11:cee25a834751 6969 InitDecodedCert(args->dCert,
wolfSSL 11:cee25a834751 6970 args->certs[args->certIdx].buffer,
wolfSSL 11:cee25a834751 6971 args->certs[args->certIdx].length, ssl->heap);
wolfSSL 11:cee25a834751 6972 args->dCert->sigCtx.devId = ssl->devId; /* setup async dev */
wolfSSL 11:cee25a834751 6973 args->dCertInit = 1;
wolfSSL 11:cee25a834751 6974 }
wolfSSL 11:cee25a834751 6975
wolfSSL 11:cee25a834751 6976 ret = ParseCertRelative(args->dCert, CERT_TYPE,
wolfSSL 11:cee25a834751 6977 !ssl->options.verifyNone, ssl->ctx->cm);
wolfSSL 11:cee25a834751 6978 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 11:cee25a834751 6979 if (ret == WC_PENDING_E) {
wolfSSL 11:cee25a834751 6980 ret = wolfSSL_AsyncPush(ssl,
wolfSSL 11:cee25a834751 6981 args->dCert->sigCtx.asyncDev,
wolfSSL 11:cee25a834751 6982 WC_ASYNC_FLAG_CALL_AGAIN);
wolfSSL 11:cee25a834751 6983 goto exit_dc;
wolfSSL 11:cee25a834751 6984 }
wolfSSL 11:cee25a834751 6985 #endif
wolfSSL 11:cee25a834751 6986
wolfSSL 11:cee25a834751 6987 #ifndef NO_SKID
wolfSSL 11:cee25a834751 6988 subjectHash = args->dCert->extSubjKeyId;
wolfSSL 11:cee25a834751 6989 #else
wolfSSL 11:cee25a834751 6990 subjectHash = args->dCert->subjectHash;
wolfSSL 11:cee25a834751 6991 #endif
wolfSSL 11:cee25a834751 6992
wolfSSL 11:cee25a834751 6993 /* Check key sizes for certs. Is redundent check since
wolfSSL 11:cee25a834751 6994 ProcessBuffer also performs this check. */
wolfSSL 11:cee25a834751 6995 if (!ssl->options.verifyNone) {
wolfSSL 11:cee25a834751 6996 switch (args->dCert->keyOID) {
wolfSSL 11:cee25a834751 6997 #ifndef NO_RSA
wolfSSL 11:cee25a834751 6998 case RSAk:
wolfSSL 11:cee25a834751 6999 if (ssl->options.minRsaKeySz < 0 ||
wolfSSL 11:cee25a834751 7000 args->dCert->pubKeySize <
wolfSSL 11:cee25a834751 7001 (word16)ssl->options.minRsaKeySz) {
wolfSSL 11:cee25a834751 7002 WOLFSSL_MSG(
wolfSSL 11:cee25a834751 7003 "RSA key size in cert chain error");
wolfSSL 11:cee25a834751 7004 ret = RSA_KEY_SIZE_E;
wolfSSL 11:cee25a834751 7005 }
wolfSSL 11:cee25a834751 7006 break;
wolfSSL 11:cee25a834751 7007 #endif /* !NO_RSA */
wolfSSL 11:cee25a834751 7008 #ifdef HAVE_ECC
wolfSSL 11:cee25a834751 7009 case ECDSAk:
wolfSSL 11:cee25a834751 7010 if (ssl->options.minEccKeySz < 0 ||
wolfSSL 11:cee25a834751 7011 args->dCert->pubKeySize <
wolfSSL 11:cee25a834751 7012 (word16)ssl->options.minEccKeySz) {
wolfSSL 11:cee25a834751 7013 WOLFSSL_MSG(
wolfSSL 11:cee25a834751 7014 "ECC key size in cert chain error");
wolfSSL 11:cee25a834751 7015 ret = ECC_KEY_SIZE_E;
wolfSSL 11:cee25a834751 7016 }
wolfSSL 11:cee25a834751 7017 break;
wolfSSL 11:cee25a834751 7018 #endif /* HAVE_ECC */
wolfSSL 11:cee25a834751 7019 default:
wolfSSL 11:cee25a834751 7020 WOLFSSL_MSG("Key size not checked");
wolfSSL 11:cee25a834751 7021 /* key not being checked for size if not in
wolfSSL 11:cee25a834751 7022 switch */
wolfSSL 11:cee25a834751 7023 break;
wolfSSL 11:cee25a834751 7024 } /* switch (dCert->keyOID) */
wolfSSL 11:cee25a834751 7025 } /* if (!ssl->options.verifyNone) */
wolfSSL 11:cee25a834751 7026
wolfSSL 11:cee25a834751 7027 if (ret == 0 && args->dCert->isCA == 0) {
wolfSSL 11:cee25a834751 7028 WOLFSSL_MSG("Chain cert is not a CA, not adding as one");
wolfSSL 11:cee25a834751 7029 }
wolfSSL 11:cee25a834751 7030 else if (ret == 0 && ssl->options.verifyNone) {
wolfSSL 11:cee25a834751 7031 WOLFSSL_MSG("Chain cert not verified by option, not adding as CA");
wolfSSL 11:cee25a834751 7032 }
wolfSSL 11:cee25a834751 7033 else if (ret == 0 && !AlreadySigner(ssl->ctx->cm, subjectHash)) {
wolfSSL 11:cee25a834751 7034 DerBuffer* add = NULL;
wolfSSL 11:cee25a834751 7035 ret = AllocDer(&add, args->certs[args->certIdx].length,
wolfSSL 11:cee25a834751 7036 CA_TYPE, ssl->heap);
wolfSSL 11:cee25a834751 7037 if (ret < 0)
wolfSSL 11:cee25a834751 7038 goto exit_dc;
wolfSSL 11:cee25a834751 7039
wolfSSL 11:cee25a834751 7040 WOLFSSL_MSG("Adding CA from chain");
wolfSSL 11:cee25a834751 7041
wolfSSL 11:cee25a834751 7042 XMEMCPY(add->buffer, args->certs[args->certIdx].buffer,
wolfSSL 11:cee25a834751 7043 args->certs[args->certIdx].length);
wolfSSL 11:cee25a834751 7044
wolfSSL 11:cee25a834751 7045 /* already verified above */
wolfSSL 11:cee25a834751 7046 ret = AddCA(ssl->ctx->cm, &add, WOLFSSL_CHAIN_CA, 0);
wolfSSL 11:cee25a834751 7047 if (ret == 1) {
wolfSSL 11:cee25a834751 7048 ret = 0; /* SSL_SUCCESS for external */
wolfSSL 11:cee25a834751 7049 }
wolfSSL 11:cee25a834751 7050 }
wolfSSL 11:cee25a834751 7051 else if (ret != 0) {
wolfSSL 11:cee25a834751 7052 WOLFSSL_MSG("Failed to verify CA from chain");
wolfSSL 11:cee25a834751 7053 #ifdef OPENSSL_EXTRA
wolfSSL 11:cee25a834751 7054 ssl->peerVerifyRet = X509_V_ERR_INVALID_CA;
wolfSSL 11:cee25a834751 7055 #endif
wolfSSL 11:cee25a834751 7056 }
wolfSSL 11:cee25a834751 7057 else {
wolfSSL 11:cee25a834751 7058 WOLFSSL_MSG("Verified CA from chain and already had it");
wolfSSL 11:cee25a834751 7059 }
wolfSSL 11:cee25a834751 7060
wolfSSL 11:cee25a834751 7061 #if defined(HAVE_OCSP) || defined(HAVE_CRL)
wolfSSL 11:cee25a834751 7062 if (ret == 0) {
wolfSSL 11:cee25a834751 7063 int doCrlLookup = 1;
wolfSSL 11:cee25a834751 7064 #ifdef HAVE_OCSP
wolfSSL 11:cee25a834751 7065 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
wolfSSL 11:cee25a834751 7066 if (ssl->status_request_v2) {
wolfSSL 11:cee25a834751 7067 ret = TLSX_CSR2_InitRequests(ssl->extensions,
wolfSSL 11:cee25a834751 7068 args->dCert, 0, ssl->heap);
wolfSSL 11:cee25a834751 7069 }
wolfSSL 11:cee25a834751 7070 else /* skips OCSP and force CRL check */
wolfSSL 11:cee25a834751 7071 #endif /* HAVE_CERTIFICATE_STATUS_REQUEST_V2 */
wolfSSL 11:cee25a834751 7072 if (ssl->ctx->cm->ocspEnabled &&
wolfSSL 11:cee25a834751 7073 ssl->ctx->cm->ocspCheckAll) {
wolfSSL 11:cee25a834751 7074 WOLFSSL_MSG("Doing Non Leaf OCSP check");
wolfSSL 11:cee25a834751 7075 ret = CheckCertOCSP(ssl->ctx->cm->ocsp, args->dCert,
wolfSSL 11:cee25a834751 7076 NULL);
wolfSSL 11:cee25a834751 7077 doCrlLookup = (ret == OCSP_CERT_UNKNOWN);
wolfSSL 11:cee25a834751 7078 if (ret != 0) {
wolfSSL 11:cee25a834751 7079 doCrlLookup = 0;
wolfSSL 11:cee25a834751 7080 WOLFSSL_MSG("\tOCSP Lookup not ok");
wolfSSL 11:cee25a834751 7081 }
wolfSSL 11:cee25a834751 7082 }
wolfSSL 11:cee25a834751 7083 #endif /* HAVE_OCSP */
wolfSSL 11:cee25a834751 7084
wolfSSL 11:cee25a834751 7085 #ifdef HAVE_CRL
wolfSSL 11:cee25a834751 7086 if (ret == 0 && doCrlLookup &&
wolfSSL 11:cee25a834751 7087 ssl->ctx->cm->crlEnabled &&
wolfSSL 11:cee25a834751 7088 ssl->ctx->cm->crlCheckAll) {
wolfSSL 11:cee25a834751 7089 WOLFSSL_MSG("Doing Non Leaf CRL check");
wolfSSL 11:cee25a834751 7090 ret = CheckCertCRL(ssl->ctx->cm->crl, args->dCert);
wolfSSL 11:cee25a834751 7091 if (ret != 0) {
wolfSSL 11:cee25a834751 7092 WOLFSSL_MSG("\tCRL check not ok");
wolfSSL 11:cee25a834751 7093 }
wolfSSL 11:cee25a834751 7094 }
wolfSSL 11:cee25a834751 7095 #endif /* HAVE_CRL */
wolfSSL 11:cee25a834751 7096 (void)doCrlLookup;
wolfSSL 11:cee25a834751 7097 }
wolfSSL 11:cee25a834751 7098 #endif /* HAVE_OCSP || HAVE_CRL */
wolfSSL 11:cee25a834751 7099
wolfSSL 11:cee25a834751 7100 if (ret != 0 && lastErr == 0) {
wolfSSL 11:cee25a834751 7101 lastErr = ret; /* save error from last time */
wolfSSL 11:cee25a834751 7102 }
wolfSSL 11:cee25a834751 7103
wolfSSL 11:cee25a834751 7104 FreeDecodedCert(args->dCert);
wolfSSL 11:cee25a834751 7105 args->dCertInit = 0;
wolfSSL 11:cee25a834751 7106 args->count--;
wolfSSL 11:cee25a834751 7107 } /* while (count > 0 && !haveTrustPeer) */
wolfSSL 11:cee25a834751 7108 } /* if (count > 0) */
wolfSSL 11:cee25a834751 7109
wolfSSL 11:cee25a834751 7110 /* Check for error */
wolfSSL 11:cee25a834751 7111 if (ret != 0) {
wolfSSL 11:cee25a834751 7112 goto exit_dc;
wolfSSL 11:cee25a834751 7113 }
wolfSSL 11:cee25a834751 7114
wolfSSL 11:cee25a834751 7115 /* Advance state and proceed */
wolfSSL 11:cee25a834751 7116 ssl->options.asyncState = TLS_ASYNC_DO;
wolfSSL 11:cee25a834751 7117 } /* case TLS_ASYNC_BUILD */
wolfSSL 11:cee25a834751 7118
wolfSSL 11:cee25a834751 7119 case TLS_ASYNC_DO:
wolfSSL 11:cee25a834751 7120 {
wolfSSL 11:cee25a834751 7121 /* peer's, may not have one if blank client cert sent by TLSv1.2 */
wolfSSL 11:cee25a834751 7122 if (args->count > 0) {
wolfSSL 11:cee25a834751 7123 int fatal = 0;
wolfSSL 11:cee25a834751 7124
wolfSSL 11:cee25a834751 7125 WOLFSSL_MSG("Verifying Peer's cert");
wolfSSL 11:cee25a834751 7126
wolfSSL 11:cee25a834751 7127 args->certIdx = 0;
wolfSSL 11:cee25a834751 7128
wolfSSL 11:cee25a834751 7129 if (!args->dCertInit) {
wolfSSL 11:cee25a834751 7130 InitDecodedCert(args->dCert,
wolfSSL 11:cee25a834751 7131 args->certs[args->certIdx].buffer,
wolfSSL 11:cee25a834751 7132 args->certs[args->certIdx].length, ssl->heap);
wolfSSL 11:cee25a834751 7133 args->dCertInit = 1;
wolfSSL 11:cee25a834751 7134 }
wolfSSL 11:cee25a834751 7135
wolfSSL 11:cee25a834751 7136 #ifdef WOLFSSL_TRUST_PEER_CERT
wolfSSL 11:cee25a834751 7137 if (!haveTrustPeer)
wolfSSL 11:cee25a834751 7138 #endif
wolfSSL 11:cee25a834751 7139 { /* only parse if not already present in dCert from above */
wolfSSL 11:cee25a834751 7140 ret = ParseCertRelative(args->dCert, CERT_TYPE,
wolfSSL 11:cee25a834751 7141 !ssl->options.verifyNone, ssl->ctx->cm);
wolfSSL 11:cee25a834751 7142 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 11:cee25a834751 7143 if (ret == WC_PENDING_E) {
wolfSSL 11:cee25a834751 7144 ret = wolfSSL_AsyncPush(ssl,
wolfSSL 11:cee25a834751 7145 args->dCert->sigCtx.asyncDev,
wolfSSL 11:cee25a834751 7146 WC_ASYNC_FLAG_CALL_AGAIN);
wolfSSL 11:cee25a834751 7147 goto exit_dc;
wolfSSL 11:cee25a834751 7148 }
wolfSSL 11:cee25a834751 7149 #endif
wolfSSL 11:cee25a834751 7150 }
wolfSSL 11:cee25a834751 7151
wolfSSL 11:cee25a834751 7152 if (ret == 0) {
wolfSSL 11:cee25a834751 7153 WOLFSSL_MSG("Verified Peer's cert");
wolfSSL 11:cee25a834751 7154 #ifdef OPENSSL_EXTRA
wolfSSL 11:cee25a834751 7155 ssl->peerVerifyRet = X509_V_OK;
wolfSSL 11:cee25a834751 7156 #endif
wolfSSL 11:cee25a834751 7157 fatal = 0;
wolfSSL 11:cee25a834751 7158 #ifdef OPENSSL_EXTRA
wolfSSL 11:cee25a834751 7159 ssl->peerVerifyRet = X509_V_ERR_CERT_REJECTED;
wolfSSL 11:cee25a834751 7160 #endif
wolfSSL 11:cee25a834751 7161 }
wolfSSL 11:cee25a834751 7162 else if (ret == ASN_PARSE_E || ret == BUFFER_E) {
wolfSSL 11:cee25a834751 7163 WOLFSSL_MSG("Got Peer cert ASN PARSE or BUFFER ERROR");
wolfSSL 11:cee25a834751 7164 fatal = 1;
wolfSSL 11:cee25a834751 7165 }
wolfSSL 11:cee25a834751 7166 else {
wolfSSL 11:cee25a834751 7167 WOLFSSL_MSG("Failed to verify Peer's cert");
wolfSSL 11:cee25a834751 7168 #ifdef OPENSSL_EXTRA
wolfSSL 11:cee25a834751 7169 ssl->peerVerifyRet = X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE;
wolfSSL 11:cee25a834751 7170 #endif
wolfSSL 11:cee25a834751 7171 if (ssl->verifyCallback) {
wolfSSL 11:cee25a834751 7172 WOLFSSL_MSG(
wolfSSL 11:cee25a834751 7173 "\tCallback override available, will continue");
wolfSSL 11:cee25a834751 7174 fatal = 0;
wolfSSL 11:cee25a834751 7175 }
wolfSSL 11:cee25a834751 7176 else {
wolfSSL 11:cee25a834751 7177 WOLFSSL_MSG("\tNo callback override available, fatal");
wolfSSL 11:cee25a834751 7178 fatal = 1;
wolfSSL 11:cee25a834751 7179 }
wolfSSL 11:cee25a834751 7180 }
wolfSSL 11:cee25a834751 7181
wolfSSL 11:cee25a834751 7182 #ifdef HAVE_SECURE_RENEGOTIATION
wolfSSL 11:cee25a834751 7183 if (fatal == 0 && ssl->secure_renegotiation
wolfSSL 11:cee25a834751 7184 && ssl->secure_renegotiation->enabled) {
wolfSSL 11:cee25a834751 7185
wolfSSL 11:cee25a834751 7186 if (IsEncryptionOn(ssl, 0)) {
wolfSSL 11:cee25a834751 7187 /* compare against previous time */
wolfSSL 11:cee25a834751 7188 if (XMEMCMP(args->dCert->subjectHash,
wolfSSL 11:cee25a834751 7189 ssl->secure_renegotiation->subject_hash,
wolfSSL 11:cee25a834751 7190 SHA_DIGEST_SIZE) != 0) {
wolfSSL 11:cee25a834751 7191 WOLFSSL_MSG(
wolfSSL 11:cee25a834751 7192 "Peer sent different cert during scr, fatal");
wolfSSL 11:cee25a834751 7193 fatal = 1;
wolfSSL 11:cee25a834751 7194 ret = SCR_DIFFERENT_CERT_E;
wolfSSL 11:cee25a834751 7195 }
wolfSSL 11:cee25a834751 7196 }
wolfSSL 11:cee25a834751 7197
wolfSSL 11:cee25a834751 7198 /* cache peer's hash */
wolfSSL 11:cee25a834751 7199 if (fatal == 0) {
wolfSSL 11:cee25a834751 7200 XMEMCPY(ssl->secure_renegotiation->subject_hash,
wolfSSL 11:cee25a834751 7201 args->dCert->subjectHash, SHA_DIGEST_SIZE);
wolfSSL 11:cee25a834751 7202 }
wolfSSL 11:cee25a834751 7203 }
wolfSSL 11:cee25a834751 7204 #endif /* HAVE_SECURE_RENEGOTIATION */
wolfSSL 11:cee25a834751 7205
wolfSSL 11:cee25a834751 7206 #if defined(HAVE_OCSP) || defined(HAVE_CRL)
wolfSSL 11:cee25a834751 7207 if (fatal == 0) {
wolfSSL 11:cee25a834751 7208 int doLookup = 1;
wolfSSL 11:cee25a834751 7209
wolfSSL 11:cee25a834751 7210 if (ssl->options.side == WOLFSSL_CLIENT_END) {
wolfSSL 11:cee25a834751 7211 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST
wolfSSL 11:cee25a834751 7212 if (ssl->status_request) {
wolfSSL 11:cee25a834751 7213 fatal = TLSX_CSR_InitRequest(ssl->extensions,
wolfSSL 11:cee25a834751 7214 args->dCert, ssl->heap);
wolfSSL 11:cee25a834751 7215 doLookup = 0;
wolfSSL 11:cee25a834751 7216 }
wolfSSL 11:cee25a834751 7217 #endif /* HAVE_CERTIFICATE_STATUS_REQUEST */
wolfSSL 11:cee25a834751 7218 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
wolfSSL 11:cee25a834751 7219 if (ssl->status_request_v2) {
wolfSSL 11:cee25a834751 7220 fatal = TLSX_CSR2_InitRequests(ssl->extensions,
wolfSSL 11:cee25a834751 7221 args->dCert, 1, ssl->heap);
wolfSSL 11:cee25a834751 7222 doLookup = 0;
wolfSSL 11:cee25a834751 7223 }
wolfSSL 11:cee25a834751 7224 #endif /* HAVE_CERTIFICATE_STATUS_REQUEST_V2 */
wolfSSL 11:cee25a834751 7225 }
wolfSSL 11:cee25a834751 7226
wolfSSL 11:cee25a834751 7227 #ifdef HAVE_OCSP
wolfSSL 11:cee25a834751 7228 if (doLookup && ssl->ctx->cm->ocspEnabled) {
wolfSSL 11:cee25a834751 7229 WOLFSSL_MSG("Doing Leaf OCSP check");
wolfSSL 11:cee25a834751 7230 ret = CheckCertOCSP(ssl->ctx->cm->ocsp,
wolfSSL 11:cee25a834751 7231 args->dCert, NULL);
wolfSSL 11:cee25a834751 7232 doLookup = (ret == OCSP_CERT_UNKNOWN);
wolfSSL 11:cee25a834751 7233 if (ret != 0) {
wolfSSL 11:cee25a834751 7234 WOLFSSL_MSG("\tOCSP Lookup not ok");
wolfSSL 11:cee25a834751 7235 fatal = 0;
wolfSSL 11:cee25a834751 7236 #ifdef OPENSSL_EXTRA
wolfSSL 11:cee25a834751 7237 ssl->peerVerifyRet = X509_V_ERR_CERT_REJECTED;
wolfSSL 11:cee25a834751 7238 #endif
wolfSSL 11:cee25a834751 7239 }
wolfSSL 11:cee25a834751 7240 }
wolfSSL 11:cee25a834751 7241 #endif /* HAVE_OCSP */
wolfSSL 11:cee25a834751 7242
wolfSSL 11:cee25a834751 7243 #ifdef HAVE_CRL
wolfSSL 11:cee25a834751 7244 if (doLookup && ssl->ctx->cm->crlEnabled) {
wolfSSL 11:cee25a834751 7245 WOLFSSL_MSG("Doing Leaf CRL check");
wolfSSL 11:cee25a834751 7246 ret = CheckCertCRL(ssl->ctx->cm->crl, args->dCert);
wolfSSL 11:cee25a834751 7247 if (ret != 0) {
wolfSSL 11:cee25a834751 7248 WOLFSSL_MSG("\tCRL check not ok");
wolfSSL 11:cee25a834751 7249 fatal = 0;
wolfSSL 11:cee25a834751 7250 #ifdef OPENSSL_EXTRA
wolfSSL 11:cee25a834751 7251 ssl->peerVerifyRet = X509_V_ERR_CERT_REJECTED;
wolfSSL 11:cee25a834751 7252 #endif
wolfSSL 11:cee25a834751 7253 }
wolfSSL 11:cee25a834751 7254 }
wolfSSL 11:cee25a834751 7255 #endif /* HAVE_CRL */
wolfSSL 11:cee25a834751 7256 (void)doLookup;
wolfSSL 11:cee25a834751 7257 }
wolfSSL 11:cee25a834751 7258 #endif /* HAVE_OCSP || HAVE_CRL */
wolfSSL 11:cee25a834751 7259
wolfSSL 11:cee25a834751 7260 #ifdef KEEP_PEER_CERT
wolfSSL 11:cee25a834751 7261 if (fatal == 0) {
wolfSSL 11:cee25a834751 7262 /* set X509 format for peer cert */
wolfSSL 11:cee25a834751 7263 int copyRet = CopyDecodedToX509(&ssl->peerCert,
wolfSSL 11:cee25a834751 7264 args->dCert);
wolfSSL 11:cee25a834751 7265 if (copyRet == MEMORY_E)
wolfSSL 11:cee25a834751 7266 fatal = 1;
wolfSSL 11:cee25a834751 7267 }
wolfSSL 11:cee25a834751 7268 #endif /* KEEP_PEER_CERT */
wolfSSL 11:cee25a834751 7269
wolfSSL 11:cee25a834751 7270 #ifndef IGNORE_KEY_EXTENSIONS
wolfSSL 11:cee25a834751 7271 if (args->dCert->extKeyUsageSet) {
wolfSSL 11:cee25a834751 7272 if ((ssl->specs.kea == rsa_kea) &&
wolfSSL 11:cee25a834751 7273 (ssl->options.side == WOLFSSL_CLIENT_END) &&
wolfSSL 11:cee25a834751 7274 (args->dCert->extKeyUsage & KEYUSE_KEY_ENCIPHER) == 0) {
wolfSSL 11:cee25a834751 7275 ret = KEYUSE_ENCIPHER_E;
wolfSSL 11:cee25a834751 7276 }
wolfSSL 11:cee25a834751 7277 if ((ssl->specs.sig_algo == rsa_sa_algo ||
wolfSSL 11:cee25a834751 7278 (ssl->specs.sig_algo == ecc_dsa_sa_algo &&
wolfSSL 11:cee25a834751 7279 !ssl->specs.static_ecdh)) &&
wolfSSL 11:cee25a834751 7280 (args->dCert->extKeyUsage & KEYUSE_DIGITAL_SIG) == 0) {
wolfSSL 11:cee25a834751 7281 WOLFSSL_MSG("KeyUse Digital Sig not set");
wolfSSL 11:cee25a834751 7282 ret = KEYUSE_SIGNATURE_E;
wolfSSL 11:cee25a834751 7283 }
wolfSSL 11:cee25a834751 7284 }
wolfSSL 11:cee25a834751 7285
wolfSSL 11:cee25a834751 7286 if (args->dCert->extExtKeyUsageSet) {
wolfSSL 11:cee25a834751 7287 if (ssl->options.side == WOLFSSL_CLIENT_END) {
wolfSSL 11:cee25a834751 7288 if ((args->dCert->extExtKeyUsage &
wolfSSL 11:cee25a834751 7289 (EXTKEYUSE_ANY | EXTKEYUSE_SERVER_AUTH)) == 0) {
wolfSSL 11:cee25a834751 7290 WOLFSSL_MSG("ExtKeyUse Server Auth not set");
wolfSSL 11:cee25a834751 7291 ret = EXTKEYUSE_AUTH_E;
wolfSSL 11:cee25a834751 7292 }
wolfSSL 11:cee25a834751 7293 }
wolfSSL 11:cee25a834751 7294 else {
wolfSSL 11:cee25a834751 7295 if ((args->dCert->extExtKeyUsage &
wolfSSL 11:cee25a834751 7296 (EXTKEYUSE_ANY | EXTKEYUSE_CLIENT_AUTH)) == 0) {
wolfSSL 11:cee25a834751 7297 WOLFSSL_MSG("ExtKeyUse Client Auth not set");
wolfSSL 11:cee25a834751 7298 ret = EXTKEYUSE_AUTH_E;
wolfSSL 11:cee25a834751 7299 }
wolfSSL 11:cee25a834751 7300 }
wolfSSL 11:cee25a834751 7301 }
wolfSSL 11:cee25a834751 7302 #endif /* IGNORE_KEY_EXTENSIONS */
wolfSSL 11:cee25a834751 7303
wolfSSL 11:cee25a834751 7304 if (fatal) {
wolfSSL 11:cee25a834751 7305 ssl->error = ret;
wolfSSL 11:cee25a834751 7306 #ifdef OPENSSL_EXTRA
wolfSSL 11:cee25a834751 7307 ssl->peerVerifyRet = X509_V_ERR_CERT_REJECTED;
wolfSSL 11:cee25a834751 7308 #endif
wolfSSL 11:cee25a834751 7309 goto exit_dc;
wolfSSL 11:cee25a834751 7310 }
wolfSSL 11:cee25a834751 7311
wolfSSL 11:cee25a834751 7312 ssl->options.havePeerCert = 1;
wolfSSL 11:cee25a834751 7313 } /* if (count > 0) */
wolfSSL 11:cee25a834751 7314
wolfSSL 11:cee25a834751 7315 /* Check for error */
wolfSSL 11:cee25a834751 7316 if (ret != 0) {
wolfSSL 11:cee25a834751 7317 goto exit_dc;
wolfSSL 11:cee25a834751 7318 }
wolfSSL 11:cee25a834751 7319
wolfSSL 11:cee25a834751 7320 /* Advance state and proceed */
wolfSSL 11:cee25a834751 7321 ssl->options.asyncState = TLS_ASYNC_VERIFY;
wolfSSL 11:cee25a834751 7322 } /* case TLS_ASYNC_DO */
wolfSSL 11:cee25a834751 7323
wolfSSL 11:cee25a834751 7324 case TLS_ASYNC_VERIFY:
wolfSSL 11:cee25a834751 7325 {
wolfSSL 11:cee25a834751 7326 if (args->count > 0) {
wolfSSL 11:cee25a834751 7327 args->domain = (char*)XMALLOC(ASN_NAME_MAX, ssl->heap,
wolfSSL 11:cee25a834751 7328 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 7329 if (args->domain == NULL) {
wolfSSL 11:cee25a834751 7330 ERROR_OUT(MEMORY_E, exit_dc);
wolfSSL 11:cee25a834751 7331 }
wolfSSL 11:cee25a834751 7332
wolfSSL 11:cee25a834751 7333 /* store for callback use */
wolfSSL 11:cee25a834751 7334 if (args->dCert->subjectCNLen < ASN_NAME_MAX) {
wolfSSL 11:cee25a834751 7335 XMEMCPY(args->domain, args->dCert->subjectCN, args->dCert->subjectCNLen);
wolfSSL 11:cee25a834751 7336 args->domain[args->dCert->subjectCNLen] = '\0';
wolfSSL 11:cee25a834751 7337 }
wolfSSL 11:cee25a834751 7338 else {
wolfSSL 11:cee25a834751 7339 args->domain[0] = '\0';
wolfSSL 11:cee25a834751 7340 }
wolfSSL 11:cee25a834751 7341
wolfSSL 11:cee25a834751 7342 if (!ssl->options.verifyNone && ssl->buffers.domainName.buffer) {
wolfSSL 11:cee25a834751 7343 if (MatchDomainName(args->dCert->subjectCN,
wolfSSL 11:cee25a834751 7344 args->dCert->subjectCNLen,
wolfSSL 11:cee25a834751 7345 (char*)ssl->buffers.domainName.buffer) == 0) {
wolfSSL 11:cee25a834751 7346 WOLFSSL_MSG("DomainName match on common name failed");
wolfSSL 11:cee25a834751 7347 if (CheckAltNames(args->dCert,
wolfSSL 11:cee25a834751 7348 (char*)ssl->buffers.domainName.buffer) == 0 ) {
wolfSSL 11:cee25a834751 7349 WOLFSSL_MSG(
wolfSSL 11:cee25a834751 7350 "DomainName match on alt names failed too");
wolfSSL 11:cee25a834751 7351 /* try to get peer key still */
wolfSSL 11:cee25a834751 7352 ret = DOMAIN_NAME_MISMATCH;
wolfSSL 11:cee25a834751 7353 }
wolfSSL 11:cee25a834751 7354 }
wolfSSL 11:cee25a834751 7355 }
wolfSSL 11:cee25a834751 7356
wolfSSL 11:cee25a834751 7357 /* decode peer key */
wolfSSL 11:cee25a834751 7358 switch (args->dCert->keyOID) {
wolfSSL 11:cee25a834751 7359 #ifndef NO_RSA
wolfSSL 11:cee25a834751 7360 case RSAk:
wolfSSL 11:cee25a834751 7361 {
wolfSSL 11:cee25a834751 7362 word32 keyIdx = 0;
wolfSSL 11:cee25a834751 7363 int keyRet = 0;
wolfSSL 11:cee25a834751 7364
wolfSSL 11:cee25a834751 7365 if (ssl->peerRsaKey == NULL) {
wolfSSL 11:cee25a834751 7366 keyRet = AllocKey(ssl, DYNAMIC_TYPE_RSA,
wolfSSL 11:cee25a834751 7367 (void**)&ssl->peerRsaKey);
wolfSSL 11:cee25a834751 7368 } else if (ssl->peerRsaKeyPresent) {
wolfSSL 11:cee25a834751 7369 /* don't leak on reuse */
wolfSSL 11:cee25a834751 7370 wc_FreeRsaKey(ssl->peerRsaKey);
wolfSSL 11:cee25a834751 7371 ssl->peerRsaKeyPresent = 0;
wolfSSL 11:cee25a834751 7372 keyRet = wc_InitRsaKey_ex(ssl->peerRsaKey,
wolfSSL 11:cee25a834751 7373 ssl->heap, ssl->devId);
wolfSSL 11:cee25a834751 7374 }
wolfSSL 11:cee25a834751 7375
wolfSSL 11:cee25a834751 7376 if (keyRet != 0 || wc_RsaPublicKeyDecode(
wolfSSL 11:cee25a834751 7377 args->dCert->publicKey, &keyIdx, ssl->peerRsaKey,
wolfSSL 11:cee25a834751 7378 args->dCert->pubKeySize) != 0) {
wolfSSL 11:cee25a834751 7379 ret = PEER_KEY_ERROR;
wolfSSL 11:cee25a834751 7380 }
wolfSSL 11:cee25a834751 7381 else {
wolfSSL 11:cee25a834751 7382 ssl->peerRsaKeyPresent = 1;
wolfSSL 11:cee25a834751 7383 #ifdef HAVE_PK_CALLBACKS
wolfSSL 11:cee25a834751 7384 #ifndef NO_RSA
wolfSSL 11:cee25a834751 7385 ssl->buffers.peerRsaKey.buffer =
wolfSSL 11:cee25a834751 7386 (byte*)XMALLOC(args->dCert->pubKeySize,
wolfSSL 11:cee25a834751 7387 ssl->heap, DYNAMIC_TYPE_RSA);
wolfSSL 11:cee25a834751 7388 if (ssl->buffers.peerRsaKey.buffer == NULL) {
wolfSSL 11:cee25a834751 7389 ret = MEMORY_ERROR;
wolfSSL 11:cee25a834751 7390 }
wolfSSL 11:cee25a834751 7391 else {
wolfSSL 11:cee25a834751 7392 XMEMCPY(ssl->buffers.peerRsaKey.buffer,
wolfSSL 11:cee25a834751 7393 args->dCert->publicKey,
wolfSSL 11:cee25a834751 7394 args->dCert->pubKeySize);
wolfSSL 11:cee25a834751 7395 ssl->buffers.peerRsaKey.length =
wolfSSL 11:cee25a834751 7396 args->dCert->pubKeySize;
wolfSSL 11:cee25a834751 7397 }
wolfSSL 11:cee25a834751 7398 #endif /* NO_RSA */
wolfSSL 11:cee25a834751 7399 #endif /* HAVE_PK_CALLBACKS */
wolfSSL 11:cee25a834751 7400 }
wolfSSL 11:cee25a834751 7401
wolfSSL 11:cee25a834751 7402 /* check size of peer RSA key */
wolfSSL 11:cee25a834751 7403 if (ret == 0 && ssl->peerRsaKeyPresent &&
wolfSSL 11:cee25a834751 7404 !ssl->options.verifyNone &&
wolfSSL 11:cee25a834751 7405 wc_RsaEncryptSize(ssl->peerRsaKey)
wolfSSL 11:cee25a834751 7406 < ssl->options.minRsaKeySz) {
wolfSSL 11:cee25a834751 7407 ret = RSA_KEY_SIZE_E;
wolfSSL 11:cee25a834751 7408 WOLFSSL_MSG("Peer RSA key is too small");
wolfSSL 11:cee25a834751 7409 }
wolfSSL 11:cee25a834751 7410 break;
wolfSSL 11:cee25a834751 7411 }
wolfSSL 11:cee25a834751 7412 #endif /* NO_RSA */
wolfSSL 11:cee25a834751 7413 #ifdef HAVE_NTRU
wolfSSL 11:cee25a834751 7414 case NTRUk:
wolfSSL 11:cee25a834751 7415 {
wolfSSL 11:cee25a834751 7416 if (args->dCert->pubKeySize > sizeof(ssl->peerNtruKey)) {
wolfSSL 11:cee25a834751 7417 ret = PEER_KEY_ERROR;
wolfSSL 11:cee25a834751 7418 }
wolfSSL 11:cee25a834751 7419 else {
wolfSSL 11:cee25a834751 7420 XMEMCPY(ssl->peerNtruKey, args->dCert->publicKey,
wolfSSL 11:cee25a834751 7421 args->dCert->pubKeySize);
wolfSSL 11:cee25a834751 7422 ssl->peerNtruKeyLen =
wolfSSL 11:cee25a834751 7423 (word16)args->dCert->pubKeySize;
wolfSSL 11:cee25a834751 7424 ssl->peerNtruKeyPresent = 1;
wolfSSL 11:cee25a834751 7425 }
wolfSSL 11:cee25a834751 7426 break;
wolfSSL 11:cee25a834751 7427 }
wolfSSL 11:cee25a834751 7428 #endif /* HAVE_NTRU */
wolfSSL 11:cee25a834751 7429 #ifdef HAVE_ECC
wolfSSL 11:cee25a834751 7430 case ECDSAk:
wolfSSL 11:cee25a834751 7431 {
wolfSSL 11:cee25a834751 7432 int curveId;
wolfSSL 11:cee25a834751 7433 if (ssl->peerEccDsaKey == NULL) {
wolfSSL 11:cee25a834751 7434 /* alloc/init on demand */
wolfSSL 11:cee25a834751 7435 ret = AllocKey(ssl, DYNAMIC_TYPE_ECC,
wolfSSL 11:cee25a834751 7436 (void**)&ssl->peerEccDsaKey);
wolfSSL 11:cee25a834751 7437 } else if (ssl->peerEccDsaKeyPresent) {
wolfSSL 11:cee25a834751 7438 /* don't leak on reuse */
wolfSSL 11:cee25a834751 7439 wc_ecc_free(ssl->peerEccDsaKey);
wolfSSL 11:cee25a834751 7440 ssl->peerEccDsaKeyPresent = 0;
wolfSSL 11:cee25a834751 7441 ret = wc_ecc_init_ex(ssl->peerEccDsaKey,
wolfSSL 11:cee25a834751 7442 ssl->heap, ssl->devId);
wolfSSL 11:cee25a834751 7443 }
wolfSSL 11:cee25a834751 7444 if (ret != 0) {
wolfSSL 11:cee25a834751 7445 break;
wolfSSL 11:cee25a834751 7446 }
wolfSSL 11:cee25a834751 7447
wolfSSL 11:cee25a834751 7448 curveId = wc_ecc_get_oid(args->dCert->keyOID, NULL, NULL);
wolfSSL 11:cee25a834751 7449 if (wc_ecc_import_x963_ex(args->dCert->publicKey,
wolfSSL 11:cee25a834751 7450 args->dCert->pubKeySize, ssl->peerEccDsaKey,
wolfSSL 11:cee25a834751 7451 curveId) != 0) {
wolfSSL 11:cee25a834751 7452 ret = PEER_KEY_ERROR;
wolfSSL 11:cee25a834751 7453 }
wolfSSL 11:cee25a834751 7454 else {
wolfSSL 11:cee25a834751 7455 ssl->peerEccDsaKeyPresent = 1;
wolfSSL 11:cee25a834751 7456 #ifdef HAVE_PK_CALLBACKS
wolfSSL 11:cee25a834751 7457 #ifdef HAVE_ECC
wolfSSL 11:cee25a834751 7458 ssl->buffers.peerEccDsaKey.buffer =
wolfSSL 11:cee25a834751 7459 (byte*)XMALLOC(args->dCert->pubKeySize,
wolfSSL 11:cee25a834751 7460 ssl->heap, DYNAMIC_TYPE_ECC);
wolfSSL 11:cee25a834751 7461 if (ssl->buffers.peerEccDsaKey.buffer == NULL)
wolfSSL 11:cee25a834751 7462 ret = MEMORY_ERROR;
wolfSSL 11:cee25a834751 7463 else {
wolfSSL 11:cee25a834751 7464 XMEMCPY(ssl->buffers.peerEccDsaKey.buffer,
wolfSSL 11:cee25a834751 7465 args->dCert->publicKey,
wolfSSL 11:cee25a834751 7466 args->dCert->pubKeySize);
wolfSSL 11:cee25a834751 7467 ssl->buffers.peerEccDsaKey.length =
wolfSSL 11:cee25a834751 7468 args->dCert->pubKeySize;
wolfSSL 11:cee25a834751 7469 }
wolfSSL 11:cee25a834751 7470 #endif /* HAVE_ECC */
wolfSSL 11:cee25a834751 7471 #endif /*HAVE_PK_CALLBACKS */
wolfSSL 11:cee25a834751 7472 }
wolfSSL 11:cee25a834751 7473
wolfSSL 11:cee25a834751 7474 /* check size of peer ECC key */
wolfSSL 11:cee25a834751 7475 if (ret == 0 && ssl->peerEccDsaKeyPresent &&
wolfSSL 11:cee25a834751 7476 !ssl->options.verifyNone &&
wolfSSL 11:cee25a834751 7477 wc_ecc_size(ssl->peerEccDsaKey)
wolfSSL 11:cee25a834751 7478 < ssl->options.minEccKeySz) {
wolfSSL 11:cee25a834751 7479 ret = ECC_KEY_SIZE_E;
wolfSSL 11:cee25a834751 7480 WOLFSSL_MSG("Peer ECC key is too small");
wolfSSL 11:cee25a834751 7481 }
wolfSSL 11:cee25a834751 7482 break;
wolfSSL 11:cee25a834751 7483 }
wolfSSL 11:cee25a834751 7484 #endif /* HAVE_ECC */
wolfSSL 11:cee25a834751 7485 default:
wolfSSL 11:cee25a834751 7486 break;
wolfSSL 11:cee25a834751 7487 }
wolfSSL 11:cee25a834751 7488
wolfSSL 11:cee25a834751 7489 FreeDecodedCert(args->dCert);
wolfSSL 11:cee25a834751 7490 args->dCertInit = 0;
wolfSSL 11:cee25a834751 7491
wolfSSL 11:cee25a834751 7492 /* release since we don't need it anymore */
wolfSSL 11:cee25a834751 7493 if (args->dCert) {
wolfSSL 11:cee25a834751 7494 XFREE(args->dCert, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 7495 args->dCert = NULL;
wolfSSL 11:cee25a834751 7496 }
wolfSSL 11:cee25a834751 7497 } /* if (count > 0) */
wolfSSL 11:cee25a834751 7498
wolfSSL 11:cee25a834751 7499 /* Check for error */
wolfSSL 11:cee25a834751 7500 if (ret != 0) {
wolfSSL 11:cee25a834751 7501 goto exit_dc;
wolfSSL 11:cee25a834751 7502 }
wolfSSL 11:cee25a834751 7503
wolfSSL 11:cee25a834751 7504 /* Advance state and proceed */
wolfSSL 11:cee25a834751 7505 ssl->options.asyncState = TLS_ASYNC_FINALIZE;
wolfSSL 11:cee25a834751 7506 } /* case TLS_ASYNC_VERIFY */
wolfSSL 11:cee25a834751 7507
wolfSSL 11:cee25a834751 7508 case TLS_ASYNC_FINALIZE:
wolfSSL 11:cee25a834751 7509 {
wolfSSL 11:cee25a834751 7510 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 7511 WOLFSSL_X509_STORE_CTX* store = (WOLFSSL_X509_STORE_CTX*)XMALLOC(
wolfSSL 11:cee25a834751 7512 sizeof(WOLFSSL_X509_STORE_CTX), ssl->heap,
wolfSSL 11:cee25a834751 7513 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 7514 if (store == NULL) {
wolfSSL 11:cee25a834751 7515 ERROR_OUT(MEMORY_E, exit_dc);
wolfSSL 11:cee25a834751 7516 }
wolfSSL 11:cee25a834751 7517 #else
wolfSSL 11:cee25a834751 7518 WOLFSSL_X509_STORE_CTX store[1];
wolfSSL 11:cee25a834751 7519 #endif
wolfSSL 11:cee25a834751 7520
wolfSSL 11:cee25a834751 7521 XMEMSET(store, 0, sizeof(WOLFSSL_X509_STORE_CTX));
wolfSSL 11:cee25a834751 7522
wolfSSL 11:cee25a834751 7523 /* load last error */
wolfSSL 11:cee25a834751 7524 if (lastErr != 0 && ret == 0) {
wolfSSL 11:cee25a834751 7525 ret = lastErr;
wolfSSL 11:cee25a834751 7526 }
wolfSSL 11:cee25a834751 7527
wolfSSL 11:cee25a834751 7528 if (ret != 0) {
wolfSSL 11:cee25a834751 7529 if (!ssl->options.verifyNone) {
wolfSSL 11:cee25a834751 7530 int why = bad_certificate;
wolfSSL 11:cee25a834751 7531
wolfSSL 11:cee25a834751 7532 if (ret == ASN_AFTER_DATE_E || ret == ASN_BEFORE_DATE_E) {
wolfSSL 11:cee25a834751 7533 why = certificate_expired;
wolfSSL 11:cee25a834751 7534 }
wolfSSL 11:cee25a834751 7535 if (ssl->verifyCallback) {
wolfSSL 11:cee25a834751 7536 int ok;
wolfSSL 11:cee25a834751 7537
wolfSSL 11:cee25a834751 7538 store->error = ret;
wolfSSL 11:cee25a834751 7539 store->error_depth = args->totalCerts;
wolfSSL 11:cee25a834751 7540 store->discardSessionCerts = 0;
wolfSSL 11:cee25a834751 7541 store->domain = args->domain;
wolfSSL 11:cee25a834751 7542 store->userCtx = ssl->verifyCbCtx;
wolfSSL 11:cee25a834751 7543 store->certs = args->certs;
wolfSSL 11:cee25a834751 7544 store->totalCerts = args->totalCerts;
wolfSSL 11:cee25a834751 7545 #ifdef KEEP_PEER_CERT
wolfSSL 11:cee25a834751 7546 if (ssl->peerCert.subject.sz > 0)
wolfSSL 11:cee25a834751 7547 store->current_cert = &ssl->peerCert;
wolfSSL 11:cee25a834751 7548 else
wolfSSL 11:cee25a834751 7549 store->current_cert = NULL;
wolfSSL 11:cee25a834751 7550 #else
wolfSSL 11:cee25a834751 7551 store->current_cert = NULL;
wolfSSL 11:cee25a834751 7552 #endif /* KEEP_PEER_CERT */
wolfSSL 11:cee25a834751 7553 #if defined(HAVE_EX_DATA) || defined(HAVE_FORTRESS)
wolfSSL 11:cee25a834751 7554 store->ex_data = ssl;
wolfSSL 11:cee25a834751 7555 #endif
wolfSSL 11:cee25a834751 7556 ok = ssl->verifyCallback(0, store);
wolfSSL 11:cee25a834751 7557 if (ok) {
wolfSSL 11:cee25a834751 7558 WOLFSSL_MSG("Verify callback overriding error!");
wolfSSL 11:cee25a834751 7559 ret = 0;
wolfSSL 11:cee25a834751 7560 }
wolfSSL 11:cee25a834751 7561 #ifdef SESSION_CERTS
wolfSSL 11:cee25a834751 7562 if (store->discardSessionCerts) {
wolfSSL 11:cee25a834751 7563 WOLFSSL_MSG("Verify callback requested discard sess certs");
wolfSSL 11:cee25a834751 7564 ssl->session.chain.count = 0;
wolfSSL 11:cee25a834751 7565 }
wolfSSL 11:cee25a834751 7566 #endif /* SESSION_CERTS */
wolfSSL 11:cee25a834751 7567 }
wolfSSL 11:cee25a834751 7568 if (ret != 0) {
wolfSSL 11:cee25a834751 7569 SendAlert(ssl, alert_fatal, why); /* try to send */
wolfSSL 11:cee25a834751 7570 ssl->options.isClosed = 1;
wolfSSL 11:cee25a834751 7571 }
wolfSSL 11:cee25a834751 7572 }
wolfSSL 11:cee25a834751 7573 ssl->error = ret;
wolfSSL 11:cee25a834751 7574 }
wolfSSL 11:cee25a834751 7575 #ifdef WOLFSSL_ALWAYS_VERIFY_CB
wolfSSL 11:cee25a834751 7576 else {
wolfSSL 11:cee25a834751 7577 if (ssl->verifyCallback) {
wolfSSL 11:cee25a834751 7578 int ok;
wolfSSL 11:cee25a834751 7579
wolfSSL 11:cee25a834751 7580 store->error = ret;
wolfSSL 11:cee25a834751 7581 #ifdef WOLFSSL_WPAS
wolfSSL 11:cee25a834751 7582 store->error_depth = 0;
wolfSSL 11:cee25a834751 7583 #else
wolfSSL 11:cee25a834751 7584 store->error_depth = args->totalCerts;
wolfSSL 11:cee25a834751 7585 #endif
wolfSSL 11:cee25a834751 7586 store->discardSessionCerts = 0;
wolfSSL 11:cee25a834751 7587 store->domain = args->domain;
wolfSSL 11:cee25a834751 7588 store->userCtx = ssl->verifyCbCtx;
wolfSSL 11:cee25a834751 7589 store->certs = args->certs;
wolfSSL 11:cee25a834751 7590 store->totalCerts = args->totalCerts;
wolfSSL 11:cee25a834751 7591 #ifdef KEEP_PEER_CERT
wolfSSL 11:cee25a834751 7592 if (ssl->peerCert.subject.sz > 0)
wolfSSL 11:cee25a834751 7593 store->current_cert = &ssl->peerCert;
wolfSSL 11:cee25a834751 7594 else
wolfSSL 11:cee25a834751 7595 store->current_cert = NULL;
wolfSSL 11:cee25a834751 7596 #endif
wolfSSL 11:cee25a834751 7597 store->ex_data = ssl;
wolfSSL 11:cee25a834751 7598
wolfSSL 11:cee25a834751 7599 ok = ssl->verifyCallback(1, store);
wolfSSL 11:cee25a834751 7600 if (!ok) {
wolfSSL 11:cee25a834751 7601 WOLFSSL_MSG("Verify callback overriding valid certificate!");
wolfSSL 11:cee25a834751 7602 ret = -1;
wolfSSL 11:cee25a834751 7603 SendAlert(ssl, alert_fatal, bad_certificate);
wolfSSL 11:cee25a834751 7604 ssl->options.isClosed = 1;
wolfSSL 11:cee25a834751 7605 }
wolfSSL 11:cee25a834751 7606 #ifdef SESSION_CERTS
wolfSSL 11:cee25a834751 7607 if (store->discardSessionCerts) {
wolfSSL 11:cee25a834751 7608 WOLFSSL_MSG("Verify callback requested discard sess certs");
wolfSSL 11:cee25a834751 7609 ssl->session.chain.count = 0;
wolfSSL 11:cee25a834751 7610 }
wolfSSL 11:cee25a834751 7611 #endif /* SESSION_CERTS */
wolfSSL 11:cee25a834751 7612 }
wolfSSL 11:cee25a834751 7613 }
wolfSSL 11:cee25a834751 7614 #endif /* WOLFSSL_ALWAYS_VERIFY_CB */
wolfSSL 11:cee25a834751 7615
wolfSSL 11:cee25a834751 7616 if (ssl->options.verifyNone &&
wolfSSL 11:cee25a834751 7617 (ret == CRL_MISSING || ret == CRL_CERT_REVOKED)) {
wolfSSL 11:cee25a834751 7618 WOLFSSL_MSG("Ignoring CRL problem based on verify setting");
wolfSSL 11:cee25a834751 7619 ret = ssl->error = 0;
wolfSSL 11:cee25a834751 7620 }
wolfSSL 11:cee25a834751 7621
wolfSSL 11:cee25a834751 7622 if (ret == 0 && ssl->options.side == WOLFSSL_CLIENT_END) {
wolfSSL 11:cee25a834751 7623 ssl->options.serverState = SERVER_CERT_COMPLETE;
wolfSSL 11:cee25a834751 7624 }
wolfSSL 11:cee25a834751 7625
wolfSSL 11:cee25a834751 7626 if (IsEncryptionOn(ssl, 0)) {
wolfSSL 11:cee25a834751 7627 args->idx += ssl->keys.padSz;
wolfSSL 11:cee25a834751 7628 }
wolfSSL 11:cee25a834751 7629
wolfSSL 11:cee25a834751 7630 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 7631 XFREE(store, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 7632 #endif
wolfSSL 11:cee25a834751 7633 /* Advance state and proceed */
wolfSSL 11:cee25a834751 7634 ssl->options.asyncState = TLS_ASYNC_END;
wolfSSL 11:cee25a834751 7635 } /* case TLS_ASYNC_FINALIZE */
wolfSSL 11:cee25a834751 7636
wolfSSL 11:cee25a834751 7637 case TLS_ASYNC_END:
wolfSSL 11:cee25a834751 7638 {
wolfSSL 11:cee25a834751 7639 /* Set final index */
wolfSSL 11:cee25a834751 7640 *inOutIdx = args->idx;
wolfSSL 11:cee25a834751 7641
wolfSSL 11:cee25a834751 7642 break;
wolfSSL 11:cee25a834751 7643 }
wolfSSL 11:cee25a834751 7644 default:
wolfSSL 11:cee25a834751 7645 ret = INPUT_CASE_ERROR;
wolfSSL 11:cee25a834751 7646 break;
wolfSSL 11:cee25a834751 7647 } /* switch(ssl->options.asyncState) */
wolfSSL 11:cee25a834751 7648
wolfSSL 11:cee25a834751 7649 exit_dc:
wolfSSL 11:cee25a834751 7650
wolfSSL 11:cee25a834751 7651 WOLFSSL_LEAVE("DoCertificate", ret);
wolfSSL 11:cee25a834751 7652
wolfSSL 11:cee25a834751 7653 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 11:cee25a834751 7654 /* Handle WC_PENDING_E */
wolfSSL 11:cee25a834751 7655 if (ret == WC_PENDING_E) {
wolfSSL 11:cee25a834751 7656 /* Mark message as not recevied so it can process again */
wolfSSL 11:cee25a834751 7657 ssl->msgsReceived.got_certificate = 0;
wolfSSL 11:cee25a834751 7658
wolfSSL 11:cee25a834751 7659 return ret;
wolfSSL 11:cee25a834751 7660 }
wolfSSL 11:cee25a834751 7661 #endif /* WOLFSSL_ASYNC_CRYPT */
wolfSSL 11:cee25a834751 7662
wolfSSL 11:cee25a834751 7663 FreeDoCertArgs(ssl, args);
wolfSSL 11:cee25a834751 7664 FreeKeyExchange(ssl);
wolfSSL 11:cee25a834751 7665
wolfSSL 11:cee25a834751 7666 return ret;
wolfSSL 11:cee25a834751 7667 }
wolfSSL 11:cee25a834751 7668
wolfSSL 11:cee25a834751 7669
wolfSSL 11:cee25a834751 7670 static int DoCertificateStatus(WOLFSSL* ssl, byte* input, word32* inOutIdx,
wolfSSL 11:cee25a834751 7671 word32 size)
wolfSSL 11:cee25a834751 7672 {
wolfSSL 11:cee25a834751 7673 int ret = 0;
wolfSSL 11:cee25a834751 7674 byte status_type;
wolfSSL 11:cee25a834751 7675 word32 status_length;
wolfSSL 11:cee25a834751 7676
wolfSSL 11:cee25a834751 7677 if (size < ENUM_LEN + OPAQUE24_LEN)
wolfSSL 11:cee25a834751 7678 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 7679
wolfSSL 11:cee25a834751 7680 status_type = input[(*inOutIdx)++];
wolfSSL 11:cee25a834751 7681
wolfSSL 11:cee25a834751 7682 c24to32(input + *inOutIdx, &status_length);
wolfSSL 11:cee25a834751 7683 *inOutIdx += OPAQUE24_LEN;
wolfSSL 11:cee25a834751 7684
wolfSSL 11:cee25a834751 7685 if (size != ENUM_LEN + OPAQUE24_LEN + status_length)
wolfSSL 11:cee25a834751 7686 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 7687
wolfSSL 11:cee25a834751 7688 switch (status_type) {
wolfSSL 11:cee25a834751 7689
wolfSSL 11:cee25a834751 7690 #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
wolfSSL 11:cee25a834751 7691 || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
wolfSSL 11:cee25a834751 7692
wolfSSL 11:cee25a834751 7693 /* WOLFSSL_CSR_OCSP overlaps with WOLFSSL_CSR2_OCSP */
wolfSSL 11:cee25a834751 7694 case WOLFSSL_CSR2_OCSP: {
wolfSSL 11:cee25a834751 7695 OcspRequest* request;
wolfSSL 11:cee25a834751 7696
wolfSSL 11:cee25a834751 7697 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 7698 CertStatus* status;
wolfSSL 11:cee25a834751 7699 OcspResponse* response;
wolfSSL 11:cee25a834751 7700 #else
wolfSSL 11:cee25a834751 7701 CertStatus status[1];
wolfSSL 11:cee25a834751 7702 OcspResponse response[1];
wolfSSL 11:cee25a834751 7703 #endif
wolfSSL 11:cee25a834751 7704
wolfSSL 11:cee25a834751 7705 do {
wolfSSL 11:cee25a834751 7706 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST
wolfSSL 11:cee25a834751 7707 if (ssl->status_request) {
wolfSSL 11:cee25a834751 7708 request = (OcspRequest*)TLSX_CSR_GetRequest(
wolfSSL 11:cee25a834751 7709 ssl->extensions);
wolfSSL 11:cee25a834751 7710 ssl->status_request = 0;
wolfSSL 11:cee25a834751 7711 break;
wolfSSL 11:cee25a834751 7712 }
wolfSSL 11:cee25a834751 7713 #endif
wolfSSL 11:cee25a834751 7714
wolfSSL 11:cee25a834751 7715 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
wolfSSL 11:cee25a834751 7716 if (ssl->status_request_v2) {
wolfSSL 11:cee25a834751 7717 request = (OcspRequest*)TLSX_CSR2_GetRequest(
wolfSSL 11:cee25a834751 7718 ssl->extensions, status_type, 0);
wolfSSL 11:cee25a834751 7719 ssl->status_request_v2 = 0;
wolfSSL 11:cee25a834751 7720 break;
wolfSSL 11:cee25a834751 7721 }
wolfSSL 11:cee25a834751 7722 #endif
wolfSSL 11:cee25a834751 7723
wolfSSL 11:cee25a834751 7724 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 7725 } while(0);
wolfSSL 11:cee25a834751 7726
wolfSSL 11:cee25a834751 7727 if (request == NULL)
wolfSSL 11:cee25a834751 7728 return BAD_CERTIFICATE_STATUS_ERROR; /* not expected */
wolfSSL 11:cee25a834751 7729
wolfSSL 11:cee25a834751 7730 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 7731 status = (CertStatus*)XMALLOC(sizeof(CertStatus), ssl->heap,
wolfSSL 11:cee25a834751 7732 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 7733 response = (OcspResponse*)XMALLOC(sizeof(OcspResponse), ssl->heap,
wolfSSL 11:cee25a834751 7734 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 7735
wolfSSL 11:cee25a834751 7736 if (status == NULL || response == NULL) {
wolfSSL 11:cee25a834751 7737 if (status)
wolfSSL 11:cee25a834751 7738 XFREE(status, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 7739 if (response)
wolfSSL 11:cee25a834751 7740 XFREE(response, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 7741
wolfSSL 11:cee25a834751 7742 return MEMORY_ERROR;
wolfSSL 11:cee25a834751 7743 }
wolfSSL 11:cee25a834751 7744 #endif
wolfSSL 11:cee25a834751 7745
wolfSSL 11:cee25a834751 7746 InitOcspResponse(response, status, input +*inOutIdx, status_length);
wolfSSL 11:cee25a834751 7747
wolfSSL 11:cee25a834751 7748 if (OcspResponseDecode(response, ssl->ctx->cm, ssl->heap, 0) != 0)
wolfSSL 11:cee25a834751 7749 ret = BAD_CERTIFICATE_STATUS_ERROR;
wolfSSL 11:cee25a834751 7750 else if (CompareOcspReqResp(request, response) != 0)
wolfSSL 11:cee25a834751 7751 ret = BAD_CERTIFICATE_STATUS_ERROR;
wolfSSL 11:cee25a834751 7752 else if (response->responseStatus != OCSP_SUCCESSFUL)
wolfSSL 11:cee25a834751 7753 ret = BAD_CERTIFICATE_STATUS_ERROR;
wolfSSL 11:cee25a834751 7754 else if (response->status->status == CERT_REVOKED)
wolfSSL 11:cee25a834751 7755 ret = OCSP_CERT_REVOKED;
wolfSSL 11:cee25a834751 7756 else if (response->status->status != CERT_GOOD)
wolfSSL 11:cee25a834751 7757 ret = BAD_CERTIFICATE_STATUS_ERROR;
wolfSSL 11:cee25a834751 7758
wolfSSL 11:cee25a834751 7759 *inOutIdx += status_length;
wolfSSL 11:cee25a834751 7760
wolfSSL 11:cee25a834751 7761 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 7762 XFREE(status, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 7763 XFREE(response, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 7764 #endif
wolfSSL 11:cee25a834751 7765
wolfSSL 11:cee25a834751 7766 }
wolfSSL 11:cee25a834751 7767 break;
wolfSSL 11:cee25a834751 7768
wolfSSL 11:cee25a834751 7769 #endif
wolfSSL 11:cee25a834751 7770
wolfSSL 11:cee25a834751 7771 #if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
wolfSSL 11:cee25a834751 7772
wolfSSL 11:cee25a834751 7773 case WOLFSSL_CSR2_OCSP_MULTI: {
wolfSSL 11:cee25a834751 7774 OcspRequest* request;
wolfSSL 11:cee25a834751 7775 word32 list_length = status_length;
wolfSSL 11:cee25a834751 7776 byte idx = 0;
wolfSSL 11:cee25a834751 7777
wolfSSL 11:cee25a834751 7778 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 7779 CertStatus* status;
wolfSSL 11:cee25a834751 7780 OcspResponse* response;
wolfSSL 11:cee25a834751 7781 #else
wolfSSL 11:cee25a834751 7782 CertStatus status[1];
wolfSSL 11:cee25a834751 7783 OcspResponse response[1];
wolfSSL 11:cee25a834751 7784 #endif
wolfSSL 11:cee25a834751 7785
wolfSSL 11:cee25a834751 7786 do {
wolfSSL 11:cee25a834751 7787 if (ssl->status_request_v2) {
wolfSSL 11:cee25a834751 7788 ssl->status_request_v2 = 0;
wolfSSL 11:cee25a834751 7789 break;
wolfSSL 11:cee25a834751 7790 }
wolfSSL 11:cee25a834751 7791
wolfSSL 11:cee25a834751 7792 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 7793 } while(0);
wolfSSL 11:cee25a834751 7794
wolfSSL 11:cee25a834751 7795 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 7796 status = (CertStatus*)XMALLOC(sizeof(CertStatus), ssl->heap,
wolfSSL 11:cee25a834751 7797 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 7798 response = (OcspResponse*)XMALLOC(sizeof(OcspResponse), ssl->heap,
wolfSSL 11:cee25a834751 7799 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 7800
wolfSSL 11:cee25a834751 7801 if (status == NULL || response == NULL) {
wolfSSL 11:cee25a834751 7802 if (status)
wolfSSL 11:cee25a834751 7803 XFREE(status, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 7804 if (response)
wolfSSL 11:cee25a834751 7805 XFREE(response, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 7806
wolfSSL 11:cee25a834751 7807 return MEMORY_ERROR;
wolfSSL 11:cee25a834751 7808 }
wolfSSL 11:cee25a834751 7809 #endif
wolfSSL 11:cee25a834751 7810
wolfSSL 11:cee25a834751 7811 while (list_length && ret == 0) {
wolfSSL 11:cee25a834751 7812 if (OPAQUE24_LEN > list_length) {
wolfSSL 11:cee25a834751 7813 ret = BUFFER_ERROR;
wolfSSL 11:cee25a834751 7814 break;
wolfSSL 11:cee25a834751 7815 }
wolfSSL 11:cee25a834751 7816
wolfSSL 11:cee25a834751 7817 c24to32(input + *inOutIdx, &status_length);
wolfSSL 11:cee25a834751 7818 *inOutIdx += OPAQUE24_LEN;
wolfSSL 11:cee25a834751 7819 list_length -= OPAQUE24_LEN;
wolfSSL 11:cee25a834751 7820
wolfSSL 11:cee25a834751 7821 if (status_length > list_length) {
wolfSSL 11:cee25a834751 7822 ret = BUFFER_ERROR;
wolfSSL 11:cee25a834751 7823 break;
wolfSSL 11:cee25a834751 7824 }
wolfSSL 11:cee25a834751 7825
wolfSSL 11:cee25a834751 7826 if (status_length) {
wolfSSL 11:cee25a834751 7827 InitOcspResponse(response, status, input +*inOutIdx,
wolfSSL 11:cee25a834751 7828 status_length);
wolfSSL 11:cee25a834751 7829
wolfSSL 11:cee25a834751 7830 if ((OcspResponseDecode(response, ssl->ctx->cm, ssl->heap,
wolfSSL 11:cee25a834751 7831 0) != 0)
wolfSSL 11:cee25a834751 7832 || (response->responseStatus != OCSP_SUCCESSFUL)
wolfSSL 11:cee25a834751 7833 || (response->status->status != CERT_GOOD))
wolfSSL 11:cee25a834751 7834 ret = BAD_CERTIFICATE_STATUS_ERROR;
wolfSSL 11:cee25a834751 7835
wolfSSL 11:cee25a834751 7836 while (ret == 0) {
wolfSSL 11:cee25a834751 7837 request = (OcspRequest*)TLSX_CSR2_GetRequest(
wolfSSL 11:cee25a834751 7838 ssl->extensions, status_type, idx++);
wolfSSL 11:cee25a834751 7839
wolfSSL 11:cee25a834751 7840 if (request == NULL)
wolfSSL 11:cee25a834751 7841 ret = BAD_CERTIFICATE_STATUS_ERROR;
wolfSSL 11:cee25a834751 7842 else if (CompareOcspReqResp(request, response) == 0)
wolfSSL 11:cee25a834751 7843 break;
wolfSSL 11:cee25a834751 7844 else if (idx == 1) /* server cert must be OK */
wolfSSL 11:cee25a834751 7845 ret = BAD_CERTIFICATE_STATUS_ERROR;
wolfSSL 11:cee25a834751 7846 }
wolfSSL 11:cee25a834751 7847
wolfSSL 11:cee25a834751 7848 *inOutIdx += status_length;
wolfSSL 11:cee25a834751 7849 list_length -= status_length;
wolfSSL 11:cee25a834751 7850 }
wolfSSL 11:cee25a834751 7851 }
wolfSSL 11:cee25a834751 7852
wolfSSL 11:cee25a834751 7853 #if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
wolfSSL 11:cee25a834751 7854 ssl->status_request_v2 = 0;
wolfSSL 11:cee25a834751 7855 #endif
wolfSSL 11:cee25a834751 7856
wolfSSL 11:cee25a834751 7857 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 7858 XFREE(status, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 7859 XFREE(response, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 7860 #endif
wolfSSL 11:cee25a834751 7861
wolfSSL 11:cee25a834751 7862 }
wolfSSL 11:cee25a834751 7863 break;
wolfSSL 11:cee25a834751 7864
wolfSSL 11:cee25a834751 7865 #endif
wolfSSL 11:cee25a834751 7866
wolfSSL 11:cee25a834751 7867 default:
wolfSSL 11:cee25a834751 7868 ret = BUFFER_ERROR;
wolfSSL 11:cee25a834751 7869 }
wolfSSL 11:cee25a834751 7870
wolfSSL 11:cee25a834751 7871 if (ret != 0)
wolfSSL 11:cee25a834751 7872 SendAlert(ssl, alert_fatal, bad_certificate_status_response);
wolfSSL 11:cee25a834751 7873
wolfSSL 11:cee25a834751 7874 return ret;
wolfSSL 11:cee25a834751 7875 }
wolfSSL 11:cee25a834751 7876
wolfSSL 11:cee25a834751 7877 #endif /* !NO_CERTS */
wolfSSL 11:cee25a834751 7878
wolfSSL 11:cee25a834751 7879
wolfSSL 11:cee25a834751 7880 static int DoHelloRequest(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
wolfSSL 11:cee25a834751 7881 word32 size, word32 totalSz)
wolfSSL 11:cee25a834751 7882 {
wolfSSL 11:cee25a834751 7883 (void)input;
wolfSSL 11:cee25a834751 7884
wolfSSL 11:cee25a834751 7885 if (size) /* must be 0 */
wolfSSL 11:cee25a834751 7886 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 7887
wolfSSL 11:cee25a834751 7888 if (IsEncryptionOn(ssl, 0)) {
wolfSSL 11:cee25a834751 7889 /* access beyond input + size should be checked against totalSz */
wolfSSL 11:cee25a834751 7890 if (*inOutIdx + ssl->keys.padSz > totalSz)
wolfSSL 11:cee25a834751 7891 return BUFFER_E;
wolfSSL 11:cee25a834751 7892
wolfSSL 11:cee25a834751 7893 *inOutIdx += ssl->keys.padSz;
wolfSSL 11:cee25a834751 7894 }
wolfSSL 11:cee25a834751 7895
wolfSSL 11:cee25a834751 7896 if (ssl->options.side == WOLFSSL_SERVER_END) {
wolfSSL 11:cee25a834751 7897 SendAlert(ssl, alert_fatal, unexpected_message); /* try */
wolfSSL 11:cee25a834751 7898 return FATAL_ERROR;
wolfSSL 11:cee25a834751 7899 }
wolfSSL 11:cee25a834751 7900 #ifdef HAVE_SECURE_RENEGOTIATION
wolfSSL 11:cee25a834751 7901 else if (ssl->secure_renegotiation && ssl->secure_renegotiation->enabled) {
wolfSSL 11:cee25a834751 7902 ssl->secure_renegotiation->startScr = 1;
wolfSSL 11:cee25a834751 7903 return 0;
wolfSSL 11:cee25a834751 7904 }
wolfSSL 11:cee25a834751 7905 #endif
wolfSSL 11:cee25a834751 7906 else {
wolfSSL 11:cee25a834751 7907 return SendAlert(ssl, alert_warning, no_renegotiation);
wolfSSL 11:cee25a834751 7908 }
wolfSSL 11:cee25a834751 7909 }
wolfSSL 11:cee25a834751 7910
wolfSSL 11:cee25a834751 7911
wolfSSL 11:cee25a834751 7912 int DoFinished(WOLFSSL* ssl, const byte* input, word32* inOutIdx, word32 size,
wolfSSL 11:cee25a834751 7913 word32 totalSz, int sniff)
wolfSSL 11:cee25a834751 7914 {
wolfSSL 11:cee25a834751 7915 word32 finishedSz = (ssl->options.tls ? TLS_FINISHED_SZ : FINISHED_SZ);
wolfSSL 11:cee25a834751 7916
wolfSSL 11:cee25a834751 7917 if (finishedSz != size)
wolfSSL 11:cee25a834751 7918 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 7919
wolfSSL 11:cee25a834751 7920 /* check against totalSz */
wolfSSL 11:cee25a834751 7921 if (*inOutIdx + size + ssl->keys.padSz > totalSz)
wolfSSL 11:cee25a834751 7922 return BUFFER_E;
wolfSSL 11:cee25a834751 7923
wolfSSL 11:cee25a834751 7924 #ifdef WOLFSSL_CALLBACKS
wolfSSL 11:cee25a834751 7925 if (ssl->hsInfoOn) AddPacketName("Finished", &ssl->handShakeInfo);
wolfSSL 11:cee25a834751 7926 if (ssl->toInfoOn) AddLateName("Finished", &ssl->timeoutInfo);
wolfSSL 11:cee25a834751 7927 #endif
wolfSSL 11:cee25a834751 7928
wolfSSL 11:cee25a834751 7929 if (sniff == NO_SNIFF) {
wolfSSL 11:cee25a834751 7930 if (XMEMCMP(input + *inOutIdx, &ssl->hsHashes->verifyHashes,size) != 0){
wolfSSL 11:cee25a834751 7931 WOLFSSL_MSG("Verify finished error on hashes");
wolfSSL 11:cee25a834751 7932 return VERIFY_FINISHED_ERROR;
wolfSSL 11:cee25a834751 7933 }
wolfSSL 11:cee25a834751 7934 }
wolfSSL 11:cee25a834751 7935
wolfSSL 11:cee25a834751 7936 #ifdef HAVE_SECURE_RENEGOTIATION
wolfSSL 11:cee25a834751 7937 if (ssl->secure_renegotiation) {
wolfSSL 11:cee25a834751 7938 /* save peer's state */
wolfSSL 11:cee25a834751 7939 if (ssl->options.side == WOLFSSL_CLIENT_END)
wolfSSL 11:cee25a834751 7940 XMEMCPY(ssl->secure_renegotiation->server_verify_data,
wolfSSL 11:cee25a834751 7941 input + *inOutIdx, TLS_FINISHED_SZ);
wolfSSL 11:cee25a834751 7942 else
wolfSSL 11:cee25a834751 7943 XMEMCPY(ssl->secure_renegotiation->client_verify_data,
wolfSSL 11:cee25a834751 7944 input + *inOutIdx, TLS_FINISHED_SZ);
wolfSSL 11:cee25a834751 7945 }
wolfSSL 11:cee25a834751 7946 #endif
wolfSSL 11:cee25a834751 7947
wolfSSL 11:cee25a834751 7948 /* force input exhaustion at ProcessReply consuming padSz */
wolfSSL 11:cee25a834751 7949 *inOutIdx += size + ssl->keys.padSz;
wolfSSL 11:cee25a834751 7950
wolfSSL 11:cee25a834751 7951 if (ssl->options.side == WOLFSSL_CLIENT_END) {
wolfSSL 11:cee25a834751 7952 ssl->options.serverState = SERVER_FINISHED_COMPLETE;
wolfSSL 11:cee25a834751 7953 if (!ssl->options.resuming) {
wolfSSL 11:cee25a834751 7954 ssl->options.handShakeState = HANDSHAKE_DONE;
wolfSSL 11:cee25a834751 7955 ssl->options.handShakeDone = 1;
wolfSSL 11:cee25a834751 7956 }
wolfSSL 11:cee25a834751 7957 }
wolfSSL 11:cee25a834751 7958 else {
wolfSSL 11:cee25a834751 7959 ssl->options.clientState = CLIENT_FINISHED_COMPLETE;
wolfSSL 11:cee25a834751 7960 if (ssl->options.resuming) {
wolfSSL 11:cee25a834751 7961 ssl->options.handShakeState = HANDSHAKE_DONE;
wolfSSL 11:cee25a834751 7962 ssl->options.handShakeDone = 1;
wolfSSL 11:cee25a834751 7963 }
wolfSSL 11:cee25a834751 7964 }
wolfSSL 11:cee25a834751 7965
wolfSSL 11:cee25a834751 7966 return 0;
wolfSSL 11:cee25a834751 7967 }
wolfSSL 11:cee25a834751 7968
wolfSSL 11:cee25a834751 7969
wolfSSL 11:cee25a834751 7970 /* Make sure no duplicates, no fast forward, or other problems; 0 on success */
wolfSSL 11:cee25a834751 7971 static int SanityCheckMsgReceived(WOLFSSL* ssl, byte type)
wolfSSL 11:cee25a834751 7972 {
wolfSSL 11:cee25a834751 7973 /* verify not a duplicate, mark received, check state */
wolfSSL 11:cee25a834751 7974 switch (type) {
wolfSSL 11:cee25a834751 7975
wolfSSL 11:cee25a834751 7976 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 11:cee25a834751 7977 case hello_request:
wolfSSL 11:cee25a834751 7978 if (ssl->msgsReceived.got_hello_request) {
wolfSSL 11:cee25a834751 7979 WOLFSSL_MSG("Duplicate HelloRequest received");
wolfSSL 11:cee25a834751 7980 return DUPLICATE_MSG_E;
wolfSSL 11:cee25a834751 7981 }
wolfSSL 11:cee25a834751 7982 ssl->msgsReceived.got_hello_request = 1;
wolfSSL 11:cee25a834751 7983
wolfSSL 11:cee25a834751 7984 break;
wolfSSL 11:cee25a834751 7985 #endif
wolfSSL 11:cee25a834751 7986
wolfSSL 11:cee25a834751 7987 #ifndef NO_WOLFSSL_SERVER
wolfSSL 11:cee25a834751 7988 case client_hello:
wolfSSL 11:cee25a834751 7989 if (ssl->msgsReceived.got_client_hello) {
wolfSSL 11:cee25a834751 7990 WOLFSSL_MSG("Duplicate ClientHello received");
wolfSSL 11:cee25a834751 7991 return DUPLICATE_MSG_E;
wolfSSL 11:cee25a834751 7992 }
wolfSSL 11:cee25a834751 7993 ssl->msgsReceived.got_client_hello = 1;
wolfSSL 11:cee25a834751 7994
wolfSSL 11:cee25a834751 7995 break;
wolfSSL 11:cee25a834751 7996 #endif
wolfSSL 11:cee25a834751 7997
wolfSSL 11:cee25a834751 7998 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 11:cee25a834751 7999 case server_hello:
wolfSSL 11:cee25a834751 8000 if (ssl->msgsReceived.got_server_hello) {
wolfSSL 11:cee25a834751 8001 WOLFSSL_MSG("Duplicate ServerHello received");
wolfSSL 11:cee25a834751 8002 return DUPLICATE_MSG_E;
wolfSSL 11:cee25a834751 8003 }
wolfSSL 11:cee25a834751 8004 ssl->msgsReceived.got_server_hello = 1;
wolfSSL 11:cee25a834751 8005
wolfSSL 11:cee25a834751 8006 break;
wolfSSL 11:cee25a834751 8007 #endif
wolfSSL 11:cee25a834751 8008
wolfSSL 11:cee25a834751 8009 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 11:cee25a834751 8010 case hello_verify_request:
wolfSSL 11:cee25a834751 8011 if (ssl->msgsReceived.got_hello_verify_request) {
wolfSSL 11:cee25a834751 8012 WOLFSSL_MSG("Duplicate HelloVerifyRequest received");
wolfSSL 11:cee25a834751 8013 return DUPLICATE_MSG_E;
wolfSSL 11:cee25a834751 8014 }
wolfSSL 11:cee25a834751 8015 ssl->msgsReceived.got_hello_verify_request = 1;
wolfSSL 11:cee25a834751 8016
wolfSSL 11:cee25a834751 8017 break;
wolfSSL 11:cee25a834751 8018 #endif
wolfSSL 11:cee25a834751 8019
wolfSSL 11:cee25a834751 8020 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 11:cee25a834751 8021 case session_ticket:
wolfSSL 11:cee25a834751 8022 if (ssl->msgsReceived.got_session_ticket) {
wolfSSL 11:cee25a834751 8023 WOLFSSL_MSG("Duplicate SessionTicket received");
wolfSSL 11:cee25a834751 8024 return DUPLICATE_MSG_E;
wolfSSL 11:cee25a834751 8025 }
wolfSSL 11:cee25a834751 8026 ssl->msgsReceived.got_session_ticket = 1;
wolfSSL 11:cee25a834751 8027
wolfSSL 11:cee25a834751 8028 break;
wolfSSL 11:cee25a834751 8029 #endif
wolfSSL 11:cee25a834751 8030
wolfSSL 11:cee25a834751 8031 case certificate:
wolfSSL 11:cee25a834751 8032 if (ssl->msgsReceived.got_certificate) {
wolfSSL 11:cee25a834751 8033 WOLFSSL_MSG("Duplicate Certificate received");
wolfSSL 11:cee25a834751 8034 return DUPLICATE_MSG_E;
wolfSSL 11:cee25a834751 8035 }
wolfSSL 11:cee25a834751 8036 ssl->msgsReceived.got_certificate = 1;
wolfSSL 11:cee25a834751 8037
wolfSSL 11:cee25a834751 8038 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 11:cee25a834751 8039 if (ssl->options.side == WOLFSSL_CLIENT_END) {
wolfSSL 11:cee25a834751 8040 if ( ssl->msgsReceived.got_server_hello == 0) {
wolfSSL 11:cee25a834751 8041 WOLFSSL_MSG("No ServerHello before Cert");
wolfSSL 11:cee25a834751 8042 return OUT_OF_ORDER_E;
wolfSSL 11:cee25a834751 8043 }
wolfSSL 11:cee25a834751 8044 }
wolfSSL 11:cee25a834751 8045 #endif
wolfSSL 11:cee25a834751 8046 #ifndef NO_WOLFSSL_SERVER
wolfSSL 11:cee25a834751 8047 if (ssl->options.side == WOLFSSL_SERVER_END) {
wolfSSL 11:cee25a834751 8048 if ( ssl->msgsReceived.got_client_hello == 0) {
wolfSSL 11:cee25a834751 8049 WOLFSSL_MSG("No ClientHello before Cert");
wolfSSL 11:cee25a834751 8050 return OUT_OF_ORDER_E;
wolfSSL 11:cee25a834751 8051 }
wolfSSL 11:cee25a834751 8052 }
wolfSSL 11:cee25a834751 8053 #endif
wolfSSL 11:cee25a834751 8054 break;
wolfSSL 11:cee25a834751 8055
wolfSSL 11:cee25a834751 8056 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 11:cee25a834751 8057 case certificate_status:
wolfSSL 11:cee25a834751 8058 if (ssl->msgsReceived.got_certificate_status) {
wolfSSL 11:cee25a834751 8059 WOLFSSL_MSG("Duplicate CertificateSatatus received");
wolfSSL 11:cee25a834751 8060 return DUPLICATE_MSG_E;
wolfSSL 11:cee25a834751 8061 }
wolfSSL 11:cee25a834751 8062 ssl->msgsReceived.got_certificate_status = 1;
wolfSSL 11:cee25a834751 8063
wolfSSL 11:cee25a834751 8064 if (ssl->msgsReceived.got_certificate == 0) {
wolfSSL 11:cee25a834751 8065 WOLFSSL_MSG("No Certificate before CertificateStatus");
wolfSSL 11:cee25a834751 8066 return OUT_OF_ORDER_E;
wolfSSL 11:cee25a834751 8067 }
wolfSSL 11:cee25a834751 8068 if (ssl->msgsReceived.got_server_key_exchange != 0) {
wolfSSL 11:cee25a834751 8069 WOLFSSL_MSG("CertificateStatus after ServerKeyExchange");
wolfSSL 11:cee25a834751 8070 return OUT_OF_ORDER_E;
wolfSSL 11:cee25a834751 8071 }
wolfSSL 11:cee25a834751 8072
wolfSSL 11:cee25a834751 8073 break;
wolfSSL 11:cee25a834751 8074 #endif
wolfSSL 11:cee25a834751 8075
wolfSSL 11:cee25a834751 8076 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 11:cee25a834751 8077 case server_key_exchange:
wolfSSL 11:cee25a834751 8078 if (ssl->msgsReceived.got_server_key_exchange) {
wolfSSL 11:cee25a834751 8079 WOLFSSL_MSG("Duplicate ServerKeyExchange received");
wolfSSL 11:cee25a834751 8080 return DUPLICATE_MSG_E;
wolfSSL 11:cee25a834751 8081 }
wolfSSL 11:cee25a834751 8082 ssl->msgsReceived.got_server_key_exchange = 1;
wolfSSL 11:cee25a834751 8083
wolfSSL 11:cee25a834751 8084 if (ssl->msgsReceived.got_server_hello == 0) {
wolfSSL 11:cee25a834751 8085 WOLFSSL_MSG("No ServerHello before ServerKeyExchange");
wolfSSL 11:cee25a834751 8086 return OUT_OF_ORDER_E;
wolfSSL 11:cee25a834751 8087 }
wolfSSL 11:cee25a834751 8088 if (ssl->msgsReceived.got_certificate_status == 0) {
wolfSSL 11:cee25a834751 8089 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST
wolfSSL 11:cee25a834751 8090 if (ssl->status_request) {
wolfSSL 11:cee25a834751 8091 int ret;
wolfSSL 11:cee25a834751 8092
wolfSSL 11:cee25a834751 8093 WOLFSSL_MSG("No CertificateStatus before ServerKeyExchange");
wolfSSL 11:cee25a834751 8094 if ((ret = TLSX_CSR_ForceRequest(ssl)) != 0)
wolfSSL 11:cee25a834751 8095 return ret;
wolfSSL 11:cee25a834751 8096 }
wolfSSL 11:cee25a834751 8097 #endif
wolfSSL 11:cee25a834751 8098 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
wolfSSL 11:cee25a834751 8099 if (ssl->status_request_v2) {
wolfSSL 11:cee25a834751 8100 int ret;
wolfSSL 11:cee25a834751 8101
wolfSSL 11:cee25a834751 8102 WOLFSSL_MSG("No CertificateStatus before ServerKeyExchange");
wolfSSL 11:cee25a834751 8103 if ((ret = TLSX_CSR2_ForceRequest(ssl)) != 0)
wolfSSL 11:cee25a834751 8104 return ret;
wolfSSL 11:cee25a834751 8105 }
wolfSSL 11:cee25a834751 8106 #endif
wolfSSL 11:cee25a834751 8107 }
wolfSSL 11:cee25a834751 8108
wolfSSL 11:cee25a834751 8109 break;
wolfSSL 11:cee25a834751 8110 #endif
wolfSSL 11:cee25a834751 8111
wolfSSL 11:cee25a834751 8112 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 11:cee25a834751 8113 case certificate_request:
wolfSSL 11:cee25a834751 8114 if (ssl->msgsReceived.got_certificate_request) {
wolfSSL 11:cee25a834751 8115 WOLFSSL_MSG("Duplicate CertificateRequest received");
wolfSSL 11:cee25a834751 8116 return DUPLICATE_MSG_E;
wolfSSL 11:cee25a834751 8117 }
wolfSSL 11:cee25a834751 8118 ssl->msgsReceived.got_certificate_request = 1;
wolfSSL 11:cee25a834751 8119
wolfSSL 11:cee25a834751 8120 break;
wolfSSL 11:cee25a834751 8121 #endif
wolfSSL 11:cee25a834751 8122
wolfSSL 11:cee25a834751 8123 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 11:cee25a834751 8124 case server_hello_done:
wolfSSL 11:cee25a834751 8125 if (ssl->msgsReceived.got_server_hello_done) {
wolfSSL 11:cee25a834751 8126 WOLFSSL_MSG("Duplicate ServerHelloDone received");
wolfSSL 11:cee25a834751 8127 return DUPLICATE_MSG_E;
wolfSSL 11:cee25a834751 8128 }
wolfSSL 11:cee25a834751 8129 ssl->msgsReceived.got_server_hello_done = 1;
wolfSSL 11:cee25a834751 8130
wolfSSL 11:cee25a834751 8131 if (ssl->msgsReceived.got_certificate == 0) {
wolfSSL 11:cee25a834751 8132 if (ssl->specs.kea == psk_kea ||
wolfSSL 11:cee25a834751 8133 ssl->specs.kea == dhe_psk_kea ||
wolfSSL 11:cee25a834751 8134 ssl->specs.kea == ecdhe_psk_kea ||
wolfSSL 11:cee25a834751 8135 ssl->options.usingAnon_cipher) {
wolfSSL 11:cee25a834751 8136 WOLFSSL_MSG("No Cert required");
wolfSSL 11:cee25a834751 8137 } else {
wolfSSL 11:cee25a834751 8138 WOLFSSL_MSG("No Certificate before ServerHelloDone");
wolfSSL 11:cee25a834751 8139 return OUT_OF_ORDER_E;
wolfSSL 11:cee25a834751 8140 }
wolfSSL 11:cee25a834751 8141 }
wolfSSL 11:cee25a834751 8142 if (ssl->msgsReceived.got_server_key_exchange == 0) {
wolfSSL 11:cee25a834751 8143 int pskNoServerHint = 0; /* not required in this case */
wolfSSL 11:cee25a834751 8144
wolfSSL 11:cee25a834751 8145 #ifndef NO_PSK
wolfSSL 11:cee25a834751 8146 if (ssl->specs.kea == psk_kea &&
wolfSSL 11:cee25a834751 8147 ssl->arrays->server_hint[0] == 0)
wolfSSL 11:cee25a834751 8148 pskNoServerHint = 1;
wolfSSL 11:cee25a834751 8149 #endif
wolfSSL 11:cee25a834751 8150 if (ssl->specs.static_ecdh == 1 ||
wolfSSL 11:cee25a834751 8151 ssl->specs.kea == rsa_kea ||
wolfSSL 11:cee25a834751 8152 ssl->specs.kea == ntru_kea ||
wolfSSL 11:cee25a834751 8153 pskNoServerHint) {
wolfSSL 11:cee25a834751 8154 WOLFSSL_MSG("No KeyExchange required");
wolfSSL 11:cee25a834751 8155 } else {
wolfSSL 11:cee25a834751 8156 WOLFSSL_MSG("No ServerKeyExchange before ServerDone");
wolfSSL 11:cee25a834751 8157 return OUT_OF_ORDER_E;
wolfSSL 11:cee25a834751 8158 }
wolfSSL 11:cee25a834751 8159 }
wolfSSL 11:cee25a834751 8160 break;
wolfSSL 11:cee25a834751 8161 #endif
wolfSSL 11:cee25a834751 8162
wolfSSL 11:cee25a834751 8163 #ifndef NO_WOLFSSL_SERVER
wolfSSL 11:cee25a834751 8164 case certificate_verify:
wolfSSL 11:cee25a834751 8165 if (ssl->msgsReceived.got_certificate_verify) {
wolfSSL 11:cee25a834751 8166 WOLFSSL_MSG("Duplicate CertificateVerify received");
wolfSSL 11:cee25a834751 8167 return DUPLICATE_MSG_E;
wolfSSL 11:cee25a834751 8168 }
wolfSSL 11:cee25a834751 8169 ssl->msgsReceived.got_certificate_verify = 1;
wolfSSL 11:cee25a834751 8170
wolfSSL 11:cee25a834751 8171 if ( ssl->msgsReceived.got_certificate == 0) {
wolfSSL 11:cee25a834751 8172 WOLFSSL_MSG("No Cert before CertVerify");
wolfSSL 11:cee25a834751 8173 return OUT_OF_ORDER_E;
wolfSSL 11:cee25a834751 8174 }
wolfSSL 11:cee25a834751 8175 break;
wolfSSL 11:cee25a834751 8176 #endif
wolfSSL 11:cee25a834751 8177
wolfSSL 11:cee25a834751 8178 #ifndef NO_WOLFSSL_SERVER
wolfSSL 11:cee25a834751 8179 case client_key_exchange:
wolfSSL 11:cee25a834751 8180 if (ssl->msgsReceived.got_client_key_exchange) {
wolfSSL 11:cee25a834751 8181 WOLFSSL_MSG("Duplicate ClientKeyExchange received");
wolfSSL 11:cee25a834751 8182 return DUPLICATE_MSG_E;
wolfSSL 11:cee25a834751 8183 }
wolfSSL 11:cee25a834751 8184 ssl->msgsReceived.got_client_key_exchange = 1;
wolfSSL 11:cee25a834751 8185
wolfSSL 11:cee25a834751 8186 if (ssl->msgsReceived.got_client_hello == 0) {
wolfSSL 11:cee25a834751 8187 WOLFSSL_MSG("No ClientHello before ClientKeyExchange");
wolfSSL 11:cee25a834751 8188 return OUT_OF_ORDER_E;
wolfSSL 11:cee25a834751 8189 }
wolfSSL 11:cee25a834751 8190 break;
wolfSSL 11:cee25a834751 8191 #endif
wolfSSL 11:cee25a834751 8192
wolfSSL 11:cee25a834751 8193 case finished:
wolfSSL 11:cee25a834751 8194 if (ssl->msgsReceived.got_finished) {
wolfSSL 11:cee25a834751 8195 WOLFSSL_MSG("Duplicate Finished received");
wolfSSL 11:cee25a834751 8196 return DUPLICATE_MSG_E;
wolfSSL 11:cee25a834751 8197 }
wolfSSL 11:cee25a834751 8198 ssl->msgsReceived.got_finished = 1;
wolfSSL 11:cee25a834751 8199
wolfSSL 11:cee25a834751 8200 if (ssl->msgsReceived.got_change_cipher == 0) {
wolfSSL 11:cee25a834751 8201 WOLFSSL_MSG("Finished received before ChangeCipher");
wolfSSL 11:cee25a834751 8202 return NO_CHANGE_CIPHER_E;
wolfSSL 11:cee25a834751 8203 }
wolfSSL 11:cee25a834751 8204
wolfSSL 11:cee25a834751 8205 break;
wolfSSL 11:cee25a834751 8206
wolfSSL 11:cee25a834751 8207 case change_cipher_hs:
wolfSSL 11:cee25a834751 8208 if (ssl->msgsReceived.got_change_cipher) {
wolfSSL 11:cee25a834751 8209 WOLFSSL_MSG("Duplicate ChangeCipher received");
wolfSSL 11:cee25a834751 8210 return DUPLICATE_MSG_E;
wolfSSL 11:cee25a834751 8211 }
wolfSSL 11:cee25a834751 8212 /* DTLS is going to ignore the CCS message if the client key
wolfSSL 11:cee25a834751 8213 * exchange message wasn't received yet. */
wolfSSL 11:cee25a834751 8214 if (!ssl->options.dtls)
wolfSSL 11:cee25a834751 8215 ssl->msgsReceived.got_change_cipher = 1;
wolfSSL 11:cee25a834751 8216
wolfSSL 11:cee25a834751 8217 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 11:cee25a834751 8218 if (ssl->options.side == WOLFSSL_CLIENT_END) {
wolfSSL 11:cee25a834751 8219 if (!ssl->options.resuming &&
wolfSSL 11:cee25a834751 8220 ssl->msgsReceived.got_server_hello_done == 0) {
wolfSSL 11:cee25a834751 8221 WOLFSSL_MSG("No ServerHelloDone before ChangeCipher");
wolfSSL 11:cee25a834751 8222 return OUT_OF_ORDER_E;
wolfSSL 11:cee25a834751 8223 }
wolfSSL 11:cee25a834751 8224 #ifdef HAVE_SESSION_TICKET
wolfSSL 11:cee25a834751 8225 if (ssl->expect_session_ticket) {
wolfSSL 11:cee25a834751 8226 WOLFSSL_MSG("Expected session ticket missing");
wolfSSL 11:cee25a834751 8227 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 8228 if (ssl->options.dtls)
wolfSSL 11:cee25a834751 8229 return OUT_OF_ORDER_E;
wolfSSL 11:cee25a834751 8230 #endif
wolfSSL 11:cee25a834751 8231 return SESSION_TICKET_EXPECT_E;
wolfSSL 11:cee25a834751 8232 }
wolfSSL 11:cee25a834751 8233 #endif
wolfSSL 11:cee25a834751 8234 }
wolfSSL 11:cee25a834751 8235 #endif
wolfSSL 11:cee25a834751 8236 #ifndef NO_WOLFSSL_SERVER
wolfSSL 11:cee25a834751 8237 if (ssl->options.side == WOLFSSL_SERVER_END) {
wolfSSL 11:cee25a834751 8238 if (!ssl->options.resuming &&
wolfSSL 11:cee25a834751 8239 ssl->msgsReceived.got_client_key_exchange == 0) {
wolfSSL 11:cee25a834751 8240 WOLFSSL_MSG("No ClientKeyExchange before ChangeCipher");
wolfSSL 11:cee25a834751 8241 return OUT_OF_ORDER_E;
wolfSSL 11:cee25a834751 8242 }
wolfSSL 11:cee25a834751 8243 #ifndef NO_CERTS
wolfSSL 11:cee25a834751 8244 if (ssl->options.verifyPeer &&
wolfSSL 11:cee25a834751 8245 ssl->options.havePeerCert) {
wolfSSL 11:cee25a834751 8246
wolfSSL 11:cee25a834751 8247 if (!ssl->options.havePeerVerify) {
wolfSSL 11:cee25a834751 8248 WOLFSSL_MSG("client didn't send cert verify");
wolfSSL 11:cee25a834751 8249 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 8250 if (ssl->options.dtls)
wolfSSL 11:cee25a834751 8251 return OUT_OF_ORDER_E;
wolfSSL 11:cee25a834751 8252 #endif
wolfSSL 11:cee25a834751 8253 return NO_PEER_VERIFY;
wolfSSL 11:cee25a834751 8254 }
wolfSSL 11:cee25a834751 8255 }
wolfSSL 11:cee25a834751 8256 #endif
wolfSSL 11:cee25a834751 8257 }
wolfSSL 11:cee25a834751 8258 #endif
wolfSSL 11:cee25a834751 8259 if (ssl->options.dtls)
wolfSSL 11:cee25a834751 8260 ssl->msgsReceived.got_change_cipher = 1;
wolfSSL 11:cee25a834751 8261 break;
wolfSSL 11:cee25a834751 8262
wolfSSL 11:cee25a834751 8263 default:
wolfSSL 11:cee25a834751 8264 WOLFSSL_MSG("Unknown message type");
wolfSSL 11:cee25a834751 8265 return SANITY_MSG_E;
wolfSSL 11:cee25a834751 8266 }
wolfSSL 11:cee25a834751 8267
wolfSSL 11:cee25a834751 8268 return 0;
wolfSSL 11:cee25a834751 8269 }
wolfSSL 11:cee25a834751 8270
wolfSSL 11:cee25a834751 8271
wolfSSL 11:cee25a834751 8272 static int DoHandShakeMsgType(WOLFSSL* ssl, byte* input, word32* inOutIdx,
wolfSSL 11:cee25a834751 8273 byte type, word32 size, word32 totalSz)
wolfSSL 11:cee25a834751 8274 {
wolfSSL 11:cee25a834751 8275 int ret = 0;
wolfSSL 11:cee25a834751 8276 word32 expectedIdx;
wolfSSL 11:cee25a834751 8277
wolfSSL 11:cee25a834751 8278 WOLFSSL_ENTER("DoHandShakeMsgType");
wolfSSL 11:cee25a834751 8279
wolfSSL 11:cee25a834751 8280 /* make sure can read the message */
wolfSSL 11:cee25a834751 8281 if (*inOutIdx + size > totalSz)
wolfSSL 11:cee25a834751 8282 return INCOMPLETE_DATA;
wolfSSL 11:cee25a834751 8283
wolfSSL 11:cee25a834751 8284 expectedIdx = *inOutIdx + size +
wolfSSL 11:cee25a834751 8285 (ssl->keys.encryptionOn ? ssl->keys.padSz : 0);
wolfSSL 11:cee25a834751 8286
wolfSSL 11:cee25a834751 8287 /* sanity check msg received */
wolfSSL 11:cee25a834751 8288 if ( (ret = SanityCheckMsgReceived(ssl, type)) != 0) {
wolfSSL 11:cee25a834751 8289 WOLFSSL_MSG("Sanity Check on handshake message type received failed");
wolfSSL 11:cee25a834751 8290 return ret;
wolfSSL 11:cee25a834751 8291 }
wolfSSL 11:cee25a834751 8292
wolfSSL 11:cee25a834751 8293 #ifdef WOLFSSL_CALLBACKS
wolfSSL 11:cee25a834751 8294 /* add name later, add on record and handshake header part back on */
wolfSSL 11:cee25a834751 8295 if (ssl->toInfoOn) {
wolfSSL 11:cee25a834751 8296 int add = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
wolfSSL 11:cee25a834751 8297 AddPacketInfo(0, &ssl->timeoutInfo, input + *inOutIdx - add,
wolfSSL 11:cee25a834751 8298 size + add, ssl->heap);
wolfSSL 11:cee25a834751 8299 AddLateRecordHeader(&ssl->curRL, &ssl->timeoutInfo);
wolfSSL 11:cee25a834751 8300 }
wolfSSL 11:cee25a834751 8301 #endif
wolfSSL 11:cee25a834751 8302
wolfSSL 11:cee25a834751 8303 if (ssl->options.handShakeState == HANDSHAKE_DONE && type != hello_request){
wolfSSL 11:cee25a834751 8304 WOLFSSL_MSG("HandShake message after handshake complete");
wolfSSL 11:cee25a834751 8305 SendAlert(ssl, alert_fatal, unexpected_message);
wolfSSL 11:cee25a834751 8306 return OUT_OF_ORDER_E;
wolfSSL 11:cee25a834751 8307 }
wolfSSL 11:cee25a834751 8308
wolfSSL 11:cee25a834751 8309 if (ssl->options.side == WOLFSSL_CLIENT_END && ssl->options.dtls == 0 &&
wolfSSL 11:cee25a834751 8310 ssl->options.serverState == NULL_STATE && type != server_hello) {
wolfSSL 11:cee25a834751 8311 WOLFSSL_MSG("First server message not server hello");
wolfSSL 11:cee25a834751 8312 SendAlert(ssl, alert_fatal, unexpected_message);
wolfSSL 11:cee25a834751 8313 return OUT_OF_ORDER_E;
wolfSSL 11:cee25a834751 8314 }
wolfSSL 11:cee25a834751 8315
wolfSSL 11:cee25a834751 8316 if (ssl->options.side == WOLFSSL_CLIENT_END && ssl->options.dtls &&
wolfSSL 11:cee25a834751 8317 type == server_hello_done &&
wolfSSL 11:cee25a834751 8318 ssl->options.serverState < SERVER_HELLO_COMPLETE) {
wolfSSL 11:cee25a834751 8319 WOLFSSL_MSG("Server hello done received before server hello in DTLS");
wolfSSL 11:cee25a834751 8320 SendAlert(ssl, alert_fatal, unexpected_message);
wolfSSL 11:cee25a834751 8321 return OUT_OF_ORDER_E;
wolfSSL 11:cee25a834751 8322 }
wolfSSL 11:cee25a834751 8323
wolfSSL 11:cee25a834751 8324 if (ssl->options.side == WOLFSSL_SERVER_END &&
wolfSSL 11:cee25a834751 8325 ssl->options.clientState == NULL_STATE && type != client_hello) {
wolfSSL 11:cee25a834751 8326 WOLFSSL_MSG("First client message not client hello");
wolfSSL 11:cee25a834751 8327 SendAlert(ssl, alert_fatal, unexpected_message);
wolfSSL 11:cee25a834751 8328 return OUT_OF_ORDER_E;
wolfSSL 11:cee25a834751 8329 }
wolfSSL 11:cee25a834751 8330
wolfSSL 11:cee25a834751 8331 /* above checks handshake state */
wolfSSL 11:cee25a834751 8332 /* hello_request not hashed */
wolfSSL 11:cee25a834751 8333 /* Also, skip hashing the client_hello message here for DTLS. It will be
wolfSSL 11:cee25a834751 8334 * hashed later if the DTLS cookie is correct. */
wolfSSL 11:cee25a834751 8335 if (type != hello_request &&
wolfSSL 11:cee25a834751 8336 !(IsDtlsNotSctpMode(ssl) && type == client_hello) &&
wolfSSL 11:cee25a834751 8337 ssl->error != WC_PENDING_E) {
wolfSSL 11:cee25a834751 8338 ret = HashInput(ssl, input + *inOutIdx, size);
wolfSSL 11:cee25a834751 8339 if (ret != 0) return ret;
wolfSSL 11:cee25a834751 8340 }
wolfSSL 11:cee25a834751 8341
wolfSSL 11:cee25a834751 8342 switch (type) {
wolfSSL 11:cee25a834751 8343
wolfSSL 11:cee25a834751 8344 case hello_request:
wolfSSL 11:cee25a834751 8345 WOLFSSL_MSG("processing hello request");
wolfSSL 11:cee25a834751 8346 ret = DoHelloRequest(ssl, input, inOutIdx, size, totalSz);
wolfSSL 11:cee25a834751 8347 break;
wolfSSL 11:cee25a834751 8348
wolfSSL 11:cee25a834751 8349 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 11:cee25a834751 8350 case hello_verify_request:
wolfSSL 11:cee25a834751 8351 WOLFSSL_MSG("processing hello verify request");
wolfSSL 11:cee25a834751 8352 ret = DoHelloVerifyRequest(ssl, input,inOutIdx, size);
wolfSSL 11:cee25a834751 8353 break;
wolfSSL 11:cee25a834751 8354
wolfSSL 11:cee25a834751 8355 case server_hello:
wolfSSL 11:cee25a834751 8356 WOLFSSL_MSG("processing server hello");
wolfSSL 11:cee25a834751 8357 ret = DoServerHello(ssl, input, inOutIdx, size);
wolfSSL 11:cee25a834751 8358 break;
wolfSSL 11:cee25a834751 8359
wolfSSL 11:cee25a834751 8360 #ifndef NO_CERTS
wolfSSL 11:cee25a834751 8361 case certificate_request:
wolfSSL 11:cee25a834751 8362 WOLFSSL_MSG("processing certificate request");
wolfSSL 11:cee25a834751 8363 ret = DoCertificateRequest(ssl, input, inOutIdx, size);
wolfSSL 11:cee25a834751 8364 break;
wolfSSL 11:cee25a834751 8365 #endif
wolfSSL 11:cee25a834751 8366
wolfSSL 11:cee25a834751 8367 case server_key_exchange:
wolfSSL 11:cee25a834751 8368 WOLFSSL_MSG("processing server key exchange");
wolfSSL 11:cee25a834751 8369 ret = DoServerKeyExchange(ssl, input, inOutIdx, size);
wolfSSL 11:cee25a834751 8370 break;
wolfSSL 11:cee25a834751 8371
wolfSSL 11:cee25a834751 8372 #ifdef HAVE_SESSION_TICKET
wolfSSL 11:cee25a834751 8373 case session_ticket:
wolfSSL 11:cee25a834751 8374 WOLFSSL_MSG("processing session ticket");
wolfSSL 11:cee25a834751 8375 ret = DoSessionTicket(ssl, input, inOutIdx, size);
wolfSSL 11:cee25a834751 8376 break;
wolfSSL 11:cee25a834751 8377 #endif /* HAVE_SESSION_TICKET */
wolfSSL 11:cee25a834751 8378 #endif
wolfSSL 11:cee25a834751 8379
wolfSSL 11:cee25a834751 8380 #ifndef NO_CERTS
wolfSSL 11:cee25a834751 8381 case certificate:
wolfSSL 11:cee25a834751 8382 WOLFSSL_MSG("processing certificate");
wolfSSL 11:cee25a834751 8383 ret = DoCertificate(ssl, input, inOutIdx, size);
wolfSSL 11:cee25a834751 8384 break;
wolfSSL 11:cee25a834751 8385
wolfSSL 11:cee25a834751 8386 case certificate_status:
wolfSSL 11:cee25a834751 8387 WOLFSSL_MSG("processing certificate status");
wolfSSL 11:cee25a834751 8388 ret = DoCertificateStatus(ssl, input, inOutIdx, size);
wolfSSL 11:cee25a834751 8389 break;
wolfSSL 11:cee25a834751 8390 #endif
wolfSSL 11:cee25a834751 8391
wolfSSL 11:cee25a834751 8392 case server_hello_done:
wolfSSL 11:cee25a834751 8393 WOLFSSL_MSG("processing server hello done");
wolfSSL 11:cee25a834751 8394 #ifdef WOLFSSL_CALLBACKS
wolfSSL 11:cee25a834751 8395 if (ssl->hsInfoOn)
wolfSSL 11:cee25a834751 8396 AddPacketName("ServerHelloDone", &ssl->handShakeInfo);
wolfSSL 11:cee25a834751 8397 if (ssl->toInfoOn)
wolfSSL 11:cee25a834751 8398 AddLateName("ServerHelloDone", &ssl->timeoutInfo);
wolfSSL 11:cee25a834751 8399 #endif
wolfSSL 11:cee25a834751 8400 ssl->options.serverState = SERVER_HELLODONE_COMPLETE;
wolfSSL 11:cee25a834751 8401 if (IsEncryptionOn(ssl, 0)) {
wolfSSL 11:cee25a834751 8402 *inOutIdx += ssl->keys.padSz;
wolfSSL 11:cee25a834751 8403 }
wolfSSL 11:cee25a834751 8404 if (ssl->options.resuming) {
wolfSSL 11:cee25a834751 8405 WOLFSSL_MSG("Not resuming as thought");
wolfSSL 11:cee25a834751 8406 ssl->options.resuming = 0;
wolfSSL 11:cee25a834751 8407 }
wolfSSL 11:cee25a834751 8408 break;
wolfSSL 11:cee25a834751 8409
wolfSSL 11:cee25a834751 8410 case finished:
wolfSSL 11:cee25a834751 8411 WOLFSSL_MSG("processing finished");
wolfSSL 11:cee25a834751 8412 ret = DoFinished(ssl, input, inOutIdx, size, totalSz, NO_SNIFF);
wolfSSL 11:cee25a834751 8413 break;
wolfSSL 11:cee25a834751 8414
wolfSSL 11:cee25a834751 8415 #ifndef NO_WOLFSSL_SERVER
wolfSSL 11:cee25a834751 8416 case client_hello:
wolfSSL 11:cee25a834751 8417 WOLFSSL_MSG("processing client hello");
wolfSSL 11:cee25a834751 8418 ret = DoClientHello(ssl, input, inOutIdx, size);
wolfSSL 11:cee25a834751 8419 break;
wolfSSL 11:cee25a834751 8420
wolfSSL 11:cee25a834751 8421 case client_key_exchange:
wolfSSL 11:cee25a834751 8422 WOLFSSL_MSG("processing client key exchange");
wolfSSL 11:cee25a834751 8423 ret = DoClientKeyExchange(ssl, input, inOutIdx, size);
wolfSSL 11:cee25a834751 8424 break;
wolfSSL 11:cee25a834751 8425
wolfSSL 11:cee25a834751 8426 #if !defined(NO_RSA) || defined(HAVE_ECC)
wolfSSL 11:cee25a834751 8427 case certificate_verify:
wolfSSL 11:cee25a834751 8428 WOLFSSL_MSG("processing certificate verify");
wolfSSL 11:cee25a834751 8429 ret = DoCertificateVerify(ssl, input, inOutIdx, size);
wolfSSL 11:cee25a834751 8430 break;
wolfSSL 11:cee25a834751 8431 #endif /* !NO_RSA || HAVE_ECC */
wolfSSL 11:cee25a834751 8432
wolfSSL 11:cee25a834751 8433 #endif /* !NO_WOLFSSL_SERVER */
wolfSSL 11:cee25a834751 8434
wolfSSL 11:cee25a834751 8435 default:
wolfSSL 11:cee25a834751 8436 WOLFSSL_MSG("Unknown handshake message type");
wolfSSL 11:cee25a834751 8437 ret = UNKNOWN_HANDSHAKE_TYPE;
wolfSSL 11:cee25a834751 8438 break;
wolfSSL 11:cee25a834751 8439 }
wolfSSL 11:cee25a834751 8440
wolfSSL 11:cee25a834751 8441 if (ret == 0 && expectedIdx != *inOutIdx) {
wolfSSL 11:cee25a834751 8442 WOLFSSL_MSG("Extra data in handshake message");
wolfSSL 11:cee25a834751 8443 if (!ssl->options.dtls)
wolfSSL 11:cee25a834751 8444 SendAlert(ssl, alert_fatal, decode_error);
wolfSSL 11:cee25a834751 8445 ret = DECODE_E;
wolfSSL 11:cee25a834751 8446 }
wolfSSL 11:cee25a834751 8447
wolfSSL 11:cee25a834751 8448 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 11:cee25a834751 8449 /* if async, offset index so this msg will be processed again */
wolfSSL 11:cee25a834751 8450 if (ret == WC_PENDING_E) {
wolfSSL 11:cee25a834751 8451 *inOutIdx -= HANDSHAKE_HEADER_SZ;
wolfSSL 11:cee25a834751 8452 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 8453 if (ssl->options.dtls) {
wolfSSL 11:cee25a834751 8454 *inOutIdx -= DTLS_HANDSHAKE_EXTRA;
wolfSSL 11:cee25a834751 8455 }
wolfSSL 11:cee25a834751 8456 #endif
wolfSSL 11:cee25a834751 8457 }
wolfSSL 11:cee25a834751 8458 #endif
wolfSSL 11:cee25a834751 8459
wolfSSL 11:cee25a834751 8460 WOLFSSL_LEAVE("DoHandShakeMsgType()", ret);
wolfSSL 11:cee25a834751 8461 return ret;
wolfSSL 11:cee25a834751 8462 }
wolfSSL 11:cee25a834751 8463
wolfSSL 11:cee25a834751 8464
wolfSSL 11:cee25a834751 8465 static int DoHandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx,
wolfSSL 11:cee25a834751 8466 word32 totalSz)
wolfSSL 11:cee25a834751 8467 {
wolfSSL 11:cee25a834751 8468 int ret = 0;
wolfSSL 11:cee25a834751 8469 word32 inputLength;
wolfSSL 11:cee25a834751 8470
wolfSSL 11:cee25a834751 8471 WOLFSSL_ENTER("DoHandShakeMsg()");
wolfSSL 11:cee25a834751 8472
wolfSSL 11:cee25a834751 8473 if (ssl->arrays == NULL) {
wolfSSL 11:cee25a834751 8474 byte type;
wolfSSL 11:cee25a834751 8475 word32 size;
wolfSSL 11:cee25a834751 8476
wolfSSL 11:cee25a834751 8477 if (GetHandShakeHeader(ssl,input,inOutIdx,&type, &size, totalSz) != 0)
wolfSSL 11:cee25a834751 8478 return PARSE_ERROR;
wolfSSL 11:cee25a834751 8479
wolfSSL 11:cee25a834751 8480 return DoHandShakeMsgType(ssl, input, inOutIdx, type, size, totalSz);
wolfSSL 11:cee25a834751 8481 }
wolfSSL 11:cee25a834751 8482
wolfSSL 11:cee25a834751 8483 inputLength = ssl->buffers.inputBuffer.length - *inOutIdx;
wolfSSL 11:cee25a834751 8484
wolfSSL 11:cee25a834751 8485 /* If there is a pending fragmented handshake message,
wolfSSL 11:cee25a834751 8486 * pending message size will be non-zero. */
wolfSSL 11:cee25a834751 8487 if (ssl->arrays->pendingMsgSz == 0) {
wolfSSL 11:cee25a834751 8488 byte type;
wolfSSL 11:cee25a834751 8489 word32 size;
wolfSSL 11:cee25a834751 8490
wolfSSL 11:cee25a834751 8491 if (GetHandShakeHeader(ssl,input, inOutIdx, &type, &size, totalSz) != 0)
wolfSSL 11:cee25a834751 8492 return PARSE_ERROR;
wolfSSL 11:cee25a834751 8493
wolfSSL 11:cee25a834751 8494 /* Cap the maximum size of a handshake message to something reasonable.
wolfSSL 11:cee25a834751 8495 * By default is the maximum size of a certificate message assuming
wolfSSL 11:cee25a834751 8496 * nine 2048-bit RSA certificates in the chain. */
wolfSSL 11:cee25a834751 8497 if (size > MAX_HANDSHAKE_SZ) {
wolfSSL 11:cee25a834751 8498 WOLFSSL_MSG("Handshake message too large");
wolfSSL 11:cee25a834751 8499 return HANDSHAKE_SIZE_ERROR;
wolfSSL 11:cee25a834751 8500 }
wolfSSL 11:cee25a834751 8501
wolfSSL 11:cee25a834751 8502 /* size is the size of the certificate message payload */
wolfSSL 11:cee25a834751 8503 if (inputLength - HANDSHAKE_HEADER_SZ < size) {
wolfSSL 11:cee25a834751 8504 ssl->arrays->pendingMsgType = type;
wolfSSL 11:cee25a834751 8505 ssl->arrays->pendingMsgSz = size + HANDSHAKE_HEADER_SZ;
wolfSSL 11:cee25a834751 8506 ssl->arrays->pendingMsg = (byte*)XMALLOC(size + HANDSHAKE_HEADER_SZ,
wolfSSL 11:cee25a834751 8507 ssl->heap,
wolfSSL 11:cee25a834751 8508 DYNAMIC_TYPE_ARRAYS);
wolfSSL 11:cee25a834751 8509 if (ssl->arrays->pendingMsg == NULL)
wolfSSL 11:cee25a834751 8510 return MEMORY_E;
wolfSSL 11:cee25a834751 8511 XMEMCPY(ssl->arrays->pendingMsg,
wolfSSL 11:cee25a834751 8512 input + *inOutIdx - HANDSHAKE_HEADER_SZ,
wolfSSL 11:cee25a834751 8513 inputLength);
wolfSSL 11:cee25a834751 8514 ssl->arrays->pendingMsgOffset = inputLength;
wolfSSL 11:cee25a834751 8515 *inOutIdx += inputLength - HANDSHAKE_HEADER_SZ;
wolfSSL 11:cee25a834751 8516 return 0;
wolfSSL 11:cee25a834751 8517 }
wolfSSL 11:cee25a834751 8518
wolfSSL 11:cee25a834751 8519 ret = DoHandShakeMsgType(ssl, input, inOutIdx, type, size, totalSz);
wolfSSL 11:cee25a834751 8520 }
wolfSSL 11:cee25a834751 8521 else {
wolfSSL 11:cee25a834751 8522 if (inputLength + ssl->arrays->pendingMsgOffset
wolfSSL 11:cee25a834751 8523 > ssl->arrays->pendingMsgSz) {
wolfSSL 11:cee25a834751 8524
wolfSSL 11:cee25a834751 8525 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 8526 }
wolfSSL 11:cee25a834751 8527 else {
wolfSSL 11:cee25a834751 8528 XMEMCPY(ssl->arrays->pendingMsg + ssl->arrays->pendingMsgOffset,
wolfSSL 11:cee25a834751 8529 input + *inOutIdx, inputLength);
wolfSSL 11:cee25a834751 8530 ssl->arrays->pendingMsgOffset += inputLength;
wolfSSL 11:cee25a834751 8531 *inOutIdx += inputLength;
wolfSSL 11:cee25a834751 8532 }
wolfSSL 11:cee25a834751 8533
wolfSSL 11:cee25a834751 8534 if (ssl->arrays->pendingMsgOffset == ssl->arrays->pendingMsgSz)
wolfSSL 11:cee25a834751 8535 {
wolfSSL 11:cee25a834751 8536 word32 idx = 0;
wolfSSL 11:cee25a834751 8537 ret = DoHandShakeMsgType(ssl,
wolfSSL 11:cee25a834751 8538 ssl->arrays->pendingMsg
wolfSSL 11:cee25a834751 8539 + HANDSHAKE_HEADER_SZ,
wolfSSL 11:cee25a834751 8540 &idx, ssl->arrays->pendingMsgType,
wolfSSL 11:cee25a834751 8541 ssl->arrays->pendingMsgSz
wolfSSL 11:cee25a834751 8542 - HANDSHAKE_HEADER_SZ,
wolfSSL 11:cee25a834751 8543 ssl->arrays->pendingMsgSz);
wolfSSL 11:cee25a834751 8544 XFREE(ssl->arrays->pendingMsg, ssl->heap, DYNAMIC_TYPE_ARRAYS);
wolfSSL 11:cee25a834751 8545 ssl->arrays->pendingMsg = NULL;
wolfSSL 11:cee25a834751 8546 ssl->arrays->pendingMsgSz = 0;
wolfSSL 11:cee25a834751 8547 }
wolfSSL 11:cee25a834751 8548 }
wolfSSL 11:cee25a834751 8549
wolfSSL 11:cee25a834751 8550 WOLFSSL_LEAVE("DoHandShakeMsg()", ret);
wolfSSL 11:cee25a834751 8551 return ret;
wolfSSL 11:cee25a834751 8552 }
wolfSSL 11:cee25a834751 8553
wolfSSL 11:cee25a834751 8554
wolfSSL 11:cee25a834751 8555 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 8556
wolfSSL 11:cee25a834751 8557 static INLINE int DtlsCheckWindow(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 8558 {
wolfSSL 11:cee25a834751 8559 word32* window;
wolfSSL 11:cee25a834751 8560 word16 cur_hi, next_hi;
wolfSSL 11:cee25a834751 8561 word32 cur_lo, next_lo, diff;
wolfSSL 11:cee25a834751 8562 int curLT;
wolfSSL 11:cee25a834751 8563
wolfSSL 11:cee25a834751 8564 if (ssl->keys.curEpoch == ssl->keys.nextEpoch) {
wolfSSL 11:cee25a834751 8565 next_hi = ssl->keys.nextSeq_hi;
wolfSSL 11:cee25a834751 8566 next_lo = ssl->keys.nextSeq_lo;
wolfSSL 11:cee25a834751 8567 window = ssl->keys.window;
wolfSSL 11:cee25a834751 8568 }
wolfSSL 11:cee25a834751 8569 else if (ssl->keys.curEpoch == ssl->keys.nextEpoch - 1) {
wolfSSL 11:cee25a834751 8570 next_hi = ssl->keys.prevSeq_hi;
wolfSSL 11:cee25a834751 8571 next_lo = ssl->keys.prevSeq_lo;
wolfSSL 11:cee25a834751 8572 window = ssl->keys.prevWindow;
wolfSSL 11:cee25a834751 8573 }
wolfSSL 11:cee25a834751 8574 else {
wolfSSL 11:cee25a834751 8575 return 0;
wolfSSL 11:cee25a834751 8576 }
wolfSSL 11:cee25a834751 8577
wolfSSL 11:cee25a834751 8578 cur_hi = ssl->keys.curSeq_hi;
wolfSSL 11:cee25a834751 8579 cur_lo = ssl->keys.curSeq_lo;
wolfSSL 11:cee25a834751 8580
wolfSSL 11:cee25a834751 8581 /* If the difference between next and cur is > 2^32, way outside window. */
wolfSSL 11:cee25a834751 8582 if ((cur_hi > next_hi + 1) || (next_hi > cur_hi + 1)) {
wolfSSL 11:cee25a834751 8583 WOLFSSL_MSG("Current record from way too far in the future.");
wolfSSL 11:cee25a834751 8584 return 0;
wolfSSL 11:cee25a834751 8585 }
wolfSSL 11:cee25a834751 8586
wolfSSL 11:cee25a834751 8587 if (cur_hi == next_hi) {
wolfSSL 11:cee25a834751 8588 curLT = cur_lo < next_lo;
wolfSSL 11:cee25a834751 8589 diff = curLT ? next_lo - cur_lo : cur_lo - next_lo;
wolfSSL 11:cee25a834751 8590 }
wolfSSL 11:cee25a834751 8591 else {
wolfSSL 11:cee25a834751 8592 curLT = cur_hi < next_hi;
wolfSSL 11:cee25a834751 8593 diff = curLT ? cur_lo - next_lo : next_lo - cur_lo;
wolfSSL 11:cee25a834751 8594 }
wolfSSL 11:cee25a834751 8595
wolfSSL 11:cee25a834751 8596 /* Check to see that the next value is greater than the number of messages
wolfSSL 11:cee25a834751 8597 * trackable in the window, and that the difference between the next
wolfSSL 11:cee25a834751 8598 * expected sequence number and the received sequence number is inside the
wolfSSL 11:cee25a834751 8599 * window. */
wolfSSL 11:cee25a834751 8600 if ((next_hi || next_lo > DTLS_SEQ_BITS) &&
wolfSSL 11:cee25a834751 8601 curLT && (diff > DTLS_SEQ_BITS)) {
wolfSSL 11:cee25a834751 8602
wolfSSL 11:cee25a834751 8603 WOLFSSL_MSG("Current record sequence number from the past.");
wolfSSL 11:cee25a834751 8604 return 0;
wolfSSL 11:cee25a834751 8605 }
wolfSSL 11:cee25a834751 8606 else if (!curLT && (diff > DTLS_SEQ_BITS)) {
wolfSSL 11:cee25a834751 8607 WOLFSSL_MSG("Rejecting message too far into the future.");
wolfSSL 11:cee25a834751 8608 return 0;
wolfSSL 11:cee25a834751 8609 }
wolfSSL 11:cee25a834751 8610 else if (curLT) {
wolfSSL 11:cee25a834751 8611 word32 idx = diff / DTLS_WORD_BITS;
wolfSSL 11:cee25a834751 8612 word32 newDiff = diff % DTLS_WORD_BITS;
wolfSSL 11:cee25a834751 8613
wolfSSL 11:cee25a834751 8614 /* verify idx is valid for window array */
wolfSSL 11:cee25a834751 8615 if (idx >= WOLFSSL_DTLS_WINDOW_WORDS) {
wolfSSL 11:cee25a834751 8616 WOLFSSL_MSG("Invalid DTLS windows index");
wolfSSL 11:cee25a834751 8617 return 0;
wolfSSL 11:cee25a834751 8618 }
wolfSSL 11:cee25a834751 8619
wolfSSL 11:cee25a834751 8620 if (window[idx] & (1 << (newDiff - 1))) {
wolfSSL 11:cee25a834751 8621 WOLFSSL_MSG("Current record sequence number already received.");
wolfSSL 11:cee25a834751 8622 return 0;
wolfSSL 11:cee25a834751 8623 }
wolfSSL 11:cee25a834751 8624 }
wolfSSL 11:cee25a834751 8625
wolfSSL 11:cee25a834751 8626 return 1;
wolfSSL 11:cee25a834751 8627 }
wolfSSL 11:cee25a834751 8628
wolfSSL 11:cee25a834751 8629
wolfSSL 11:cee25a834751 8630 static INLINE int DtlsUpdateWindow(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 8631 {
wolfSSL 11:cee25a834751 8632 word32* window;
wolfSSL 11:cee25a834751 8633 word32* next_lo;
wolfSSL 11:cee25a834751 8634 word16* next_hi;
wolfSSL 11:cee25a834751 8635 int curLT;
wolfSSL 11:cee25a834751 8636 word32 cur_lo, diff;
wolfSSL 11:cee25a834751 8637 word16 cur_hi;
wolfSSL 11:cee25a834751 8638
wolfSSL 11:cee25a834751 8639 if (ssl->keys.curEpoch == ssl->keys.nextEpoch) {
wolfSSL 11:cee25a834751 8640 next_hi = &ssl->keys.nextSeq_hi;
wolfSSL 11:cee25a834751 8641 next_lo = &ssl->keys.nextSeq_lo;
wolfSSL 11:cee25a834751 8642 window = ssl->keys.window;
wolfSSL 11:cee25a834751 8643 }
wolfSSL 11:cee25a834751 8644 else {
wolfSSL 11:cee25a834751 8645 next_hi = &ssl->keys.prevSeq_hi;
wolfSSL 11:cee25a834751 8646 next_lo = &ssl->keys.prevSeq_lo;
wolfSSL 11:cee25a834751 8647 window = ssl->keys.prevWindow;
wolfSSL 11:cee25a834751 8648 }
wolfSSL 11:cee25a834751 8649
wolfSSL 11:cee25a834751 8650 cur_hi = ssl->keys.curSeq_hi;
wolfSSL 11:cee25a834751 8651 cur_lo = ssl->keys.curSeq_lo;
wolfSSL 11:cee25a834751 8652
wolfSSL 11:cee25a834751 8653 if (cur_hi == *next_hi) {
wolfSSL 11:cee25a834751 8654 curLT = cur_lo < *next_lo;
wolfSSL 11:cee25a834751 8655 diff = curLT ? *next_lo - cur_lo : cur_lo - *next_lo;
wolfSSL 11:cee25a834751 8656 }
wolfSSL 11:cee25a834751 8657 else {
wolfSSL 11:cee25a834751 8658 curLT = cur_hi < *next_hi;
wolfSSL 11:cee25a834751 8659 diff = curLT ? cur_lo - *next_lo : *next_lo - cur_lo;
wolfSSL 11:cee25a834751 8660 }
wolfSSL 11:cee25a834751 8661
wolfSSL 11:cee25a834751 8662 if (curLT) {
wolfSSL 11:cee25a834751 8663 word32 idx = diff / DTLS_WORD_BITS;
wolfSSL 11:cee25a834751 8664 word32 newDiff = diff % DTLS_WORD_BITS;
wolfSSL 11:cee25a834751 8665
wolfSSL 11:cee25a834751 8666 if (idx < WOLFSSL_DTLS_WINDOW_WORDS)
wolfSSL 11:cee25a834751 8667 window[idx] |= (1 << (newDiff - 1));
wolfSSL 11:cee25a834751 8668 }
wolfSSL 11:cee25a834751 8669 else {
wolfSSL 11:cee25a834751 8670 if (diff >= DTLS_SEQ_BITS)
wolfSSL 11:cee25a834751 8671 XMEMSET(window, 0, DTLS_SEQ_SZ);
wolfSSL 11:cee25a834751 8672 else {
wolfSSL 11:cee25a834751 8673 word32 idx, newDiff, temp, i;
wolfSSL 11:cee25a834751 8674 word32 oldWindow[WOLFSSL_DTLS_WINDOW_WORDS];
wolfSSL 11:cee25a834751 8675
wolfSSL 11:cee25a834751 8676 temp = 0;
wolfSSL 11:cee25a834751 8677 diff++;
wolfSSL 11:cee25a834751 8678 idx = diff / DTLS_WORD_BITS;
wolfSSL 11:cee25a834751 8679 newDiff = diff % DTLS_WORD_BITS;
wolfSSL 11:cee25a834751 8680
wolfSSL 11:cee25a834751 8681 XMEMCPY(oldWindow, window, sizeof(oldWindow));
wolfSSL 11:cee25a834751 8682
wolfSSL 11:cee25a834751 8683 for (i = 0; i < WOLFSSL_DTLS_WINDOW_WORDS; i++) {
wolfSSL 11:cee25a834751 8684 if (i < idx)
wolfSSL 11:cee25a834751 8685 window[i] = 0;
wolfSSL 11:cee25a834751 8686 else {
wolfSSL 11:cee25a834751 8687 temp |= (oldWindow[i-idx] << newDiff);
wolfSSL 11:cee25a834751 8688 window[i] = temp;
wolfSSL 11:cee25a834751 8689 temp = oldWindow[i-idx] >> (DTLS_WORD_BITS - newDiff);
wolfSSL 11:cee25a834751 8690 }
wolfSSL 11:cee25a834751 8691 }
wolfSSL 11:cee25a834751 8692 }
wolfSSL 11:cee25a834751 8693 window[0] |= 1;
wolfSSL 11:cee25a834751 8694 *next_lo = cur_lo + 1;
wolfSSL 11:cee25a834751 8695 if (*next_lo < cur_lo)
wolfSSL 11:cee25a834751 8696 (*next_hi)++;
wolfSSL 11:cee25a834751 8697 }
wolfSSL 11:cee25a834751 8698
wolfSSL 11:cee25a834751 8699 return 1;
wolfSSL 11:cee25a834751 8700 }
wolfSSL 11:cee25a834751 8701
wolfSSL 11:cee25a834751 8702
wolfSSL 11:cee25a834751 8703 static int DtlsMsgDrain(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 8704 {
wolfSSL 11:cee25a834751 8705 DtlsMsg* item = ssl->dtls_rx_msg_list;
wolfSSL 11:cee25a834751 8706 int ret = 0;
wolfSSL 11:cee25a834751 8707
wolfSSL 11:cee25a834751 8708 /* While there is an item in the store list, and it is the expected
wolfSSL 11:cee25a834751 8709 * message, and it is complete, and there hasn't been an error in the
wolfSSL 11:cee25a834751 8710 * last messge... */
wolfSSL 11:cee25a834751 8711 while (item != NULL &&
wolfSSL 11:cee25a834751 8712 ssl->keys.dtls_expected_peer_handshake_number == item->seq &&
wolfSSL 11:cee25a834751 8713 item->fragSz == item->sz &&
wolfSSL 11:cee25a834751 8714 ret == 0) {
wolfSSL 11:cee25a834751 8715 word32 idx = 0;
wolfSSL 11:cee25a834751 8716 ssl->keys.dtls_expected_peer_handshake_number++;
wolfSSL 11:cee25a834751 8717 ret = DoHandShakeMsgType(ssl, item->msg,
wolfSSL 11:cee25a834751 8718 &idx, item->type, item->sz, item->sz);
wolfSSL 11:cee25a834751 8719 ssl->dtls_rx_msg_list = item->next;
wolfSSL 11:cee25a834751 8720 DtlsMsgDelete(item, ssl->heap);
wolfSSL 11:cee25a834751 8721 item = ssl->dtls_rx_msg_list;
wolfSSL 11:cee25a834751 8722 ssl->dtls_rx_msg_list_sz--;
wolfSSL 11:cee25a834751 8723 }
wolfSSL 11:cee25a834751 8724
wolfSSL 11:cee25a834751 8725 return ret;
wolfSSL 11:cee25a834751 8726 }
wolfSSL 11:cee25a834751 8727
wolfSSL 11:cee25a834751 8728
wolfSSL 11:cee25a834751 8729 static int DoDtlsHandShakeMsg(WOLFSSL* ssl, byte* input, word32* inOutIdx,
wolfSSL 11:cee25a834751 8730 word32 totalSz)
wolfSSL 11:cee25a834751 8731 {
wolfSSL 11:cee25a834751 8732 byte type;
wolfSSL 11:cee25a834751 8733 word32 size;
wolfSSL 11:cee25a834751 8734 word32 fragOffset, fragSz;
wolfSSL 11:cee25a834751 8735 int ret = 0;
wolfSSL 11:cee25a834751 8736
wolfSSL 11:cee25a834751 8737 WOLFSSL_ENTER("DoDtlsHandShakeMsg()");
wolfSSL 11:cee25a834751 8738 if (GetDtlsHandShakeHeader(ssl, input, inOutIdx, &type,
wolfSSL 11:cee25a834751 8739 &size, &fragOffset, &fragSz, totalSz) != 0)
wolfSSL 11:cee25a834751 8740 return PARSE_ERROR;
wolfSSL 11:cee25a834751 8741
wolfSSL 11:cee25a834751 8742 if (*inOutIdx + fragSz > totalSz)
wolfSSL 11:cee25a834751 8743 return INCOMPLETE_DATA;
wolfSSL 11:cee25a834751 8744
wolfSSL 11:cee25a834751 8745 /* Check the handshake sequence number first. If out of order,
wolfSSL 11:cee25a834751 8746 * add the current message to the list. If the message is in order,
wolfSSL 11:cee25a834751 8747 * but it is a fragment, add the current message to the list, then
wolfSSL 11:cee25a834751 8748 * check the head of the list to see if it is complete, if so, pop
wolfSSL 11:cee25a834751 8749 * it out as the current message. If the message is complete and in
wolfSSL 11:cee25a834751 8750 * order, process it. Check the head of the list to see if it is in
wolfSSL 11:cee25a834751 8751 * order, if so, process it. (Repeat until list exhausted.) If the
wolfSSL 11:cee25a834751 8752 * head is out of order, return for more processing.
wolfSSL 11:cee25a834751 8753 */
wolfSSL 11:cee25a834751 8754 if (ssl->keys.dtls_peer_handshake_number >
wolfSSL 11:cee25a834751 8755 ssl->keys.dtls_expected_peer_handshake_number) {
wolfSSL 11:cee25a834751 8756 /* Current message is out of order. It will get stored in the list.
wolfSSL 11:cee25a834751 8757 * Storing also takes care of defragmentation. If the messages is a
wolfSSL 11:cee25a834751 8758 * client hello, we need to process this out of order; the server
wolfSSL 11:cee25a834751 8759 * is not supposed to keep state, but the second client hello will
wolfSSL 11:cee25a834751 8760 * have a different handshake sequence number than is expected, and
wolfSSL 11:cee25a834751 8761 * the server shouldn't be expecting any particular handshake sequence
wolfSSL 11:cee25a834751 8762 * number. (If the cookie changes multiple times in quick succession,
wolfSSL 11:cee25a834751 8763 * the client could be sending multiple new client hello messages
wolfSSL 11:cee25a834751 8764 * with newer and newer cookies.) */
wolfSSL 11:cee25a834751 8765 if (type != client_hello) {
wolfSSL 11:cee25a834751 8766 if (ssl->dtls_rx_msg_list_sz < DTLS_POOL_SZ) {
wolfSSL 11:cee25a834751 8767 DtlsMsgStore(ssl, ssl->keys.dtls_peer_handshake_number,
wolfSSL 11:cee25a834751 8768 input + *inOutIdx, size, type,
wolfSSL 11:cee25a834751 8769 fragOffset, fragSz, ssl->heap);
wolfSSL 11:cee25a834751 8770 }
wolfSSL 11:cee25a834751 8771 *inOutIdx += fragSz;
wolfSSL 11:cee25a834751 8772 ret = 0;
wolfSSL 11:cee25a834751 8773 }
wolfSSL 11:cee25a834751 8774 else {
wolfSSL 11:cee25a834751 8775 ret = DoHandShakeMsgType(ssl, input, inOutIdx, type, size, totalSz);
wolfSSL 11:cee25a834751 8776 if (ret == 0) {
wolfSSL 11:cee25a834751 8777 ssl->keys.dtls_expected_peer_handshake_number =
wolfSSL 11:cee25a834751 8778 ssl->keys.dtls_peer_handshake_number + 1;
wolfSSL 11:cee25a834751 8779 }
wolfSSL 11:cee25a834751 8780 }
wolfSSL 11:cee25a834751 8781 }
wolfSSL 11:cee25a834751 8782 else if (ssl->keys.dtls_peer_handshake_number <
wolfSSL 11:cee25a834751 8783 ssl->keys.dtls_expected_peer_handshake_number) {
wolfSSL 11:cee25a834751 8784 /* Already saw this message and processed it. It can be ignored. */
wolfSSL 11:cee25a834751 8785 *inOutIdx += fragSz;
wolfSSL 11:cee25a834751 8786 if(type == finished ) {
wolfSSL 11:cee25a834751 8787 if (*inOutIdx + ssl->keys.padSz > totalSz) {
wolfSSL 11:cee25a834751 8788 return BUFFER_E;
wolfSSL 11:cee25a834751 8789 }
wolfSSL 11:cee25a834751 8790 *inOutIdx += ssl->keys.padSz;
wolfSSL 11:cee25a834751 8791 }
wolfSSL 11:cee25a834751 8792 if (IsDtlsNotSctpMode(ssl) &&
wolfSSL 11:cee25a834751 8793 VerifyForDtlsMsgPoolSend(ssl, type, fragOffset)) {
wolfSSL 11:cee25a834751 8794
wolfSSL 11:cee25a834751 8795 ret = DtlsMsgPoolSend(ssl, 0);
wolfSSL 11:cee25a834751 8796 }
wolfSSL 11:cee25a834751 8797 }
wolfSSL 11:cee25a834751 8798 else if (fragSz < size) {
wolfSSL 11:cee25a834751 8799 /* Since this branch is in order, but fragmented, dtls_rx_msg_list will
wolfSSL 11:cee25a834751 8800 * be pointing to the message with this fragment in it. Check it to see
wolfSSL 11:cee25a834751 8801 * if it is completed. */
wolfSSL 11:cee25a834751 8802 if (ssl->dtls_rx_msg_list_sz < DTLS_POOL_SZ) {
wolfSSL 11:cee25a834751 8803 DtlsMsgStore(ssl, ssl->keys.dtls_peer_handshake_number,
wolfSSL 11:cee25a834751 8804 input + *inOutIdx, size, type,
wolfSSL 11:cee25a834751 8805 fragOffset, fragSz, ssl->heap);
wolfSSL 11:cee25a834751 8806 }
wolfSSL 11:cee25a834751 8807 *inOutIdx += fragSz;
wolfSSL 11:cee25a834751 8808 ret = 0;
wolfSSL 11:cee25a834751 8809 if (ssl->dtls_rx_msg_list != NULL &&
wolfSSL 11:cee25a834751 8810 ssl->dtls_rx_msg_list->fragSz >= ssl->dtls_rx_msg_list->sz)
wolfSSL 11:cee25a834751 8811 ret = DtlsMsgDrain(ssl);
wolfSSL 11:cee25a834751 8812 }
wolfSSL 11:cee25a834751 8813 else {
wolfSSL 11:cee25a834751 8814 /* This branch is in order next, and a complete message. */
wolfSSL 11:cee25a834751 8815 ret = DoHandShakeMsgType(ssl, input, inOutIdx, type, size, totalSz);
wolfSSL 11:cee25a834751 8816 if (ret == 0) {
wolfSSL 11:cee25a834751 8817 if (type != client_hello || !IsDtlsNotSctpMode(ssl))
wolfSSL 11:cee25a834751 8818 ssl->keys.dtls_expected_peer_handshake_number++;
wolfSSL 11:cee25a834751 8819 if (ssl->dtls_rx_msg_list != NULL) {
wolfSSL 11:cee25a834751 8820 ret = DtlsMsgDrain(ssl);
wolfSSL 11:cee25a834751 8821 }
wolfSSL 11:cee25a834751 8822 }
wolfSSL 11:cee25a834751 8823 }
wolfSSL 11:cee25a834751 8824
wolfSSL 11:cee25a834751 8825 WOLFSSL_LEAVE("DoDtlsHandShakeMsg()", ret);
wolfSSL 11:cee25a834751 8826 return ret;
wolfSSL 11:cee25a834751 8827 }
wolfSSL 11:cee25a834751 8828 #endif
wolfSSL 11:cee25a834751 8829
wolfSSL 11:cee25a834751 8830
wolfSSL 11:cee25a834751 8831 #ifdef HAVE_AEAD
wolfSSL 11:cee25a834751 8832 static INLINE void AeadIncrementExpIV(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 8833 {
wolfSSL 11:cee25a834751 8834 int i;
wolfSSL 11:cee25a834751 8835 for (i = AEAD_MAX_EXP_SZ-1; i >= 0; i--) {
wolfSSL 11:cee25a834751 8836 if (++ssl->keys.aead_exp_IV[i]) return;
wolfSSL 11:cee25a834751 8837 }
wolfSSL 11:cee25a834751 8838 }
wolfSSL 11:cee25a834751 8839
wolfSSL 11:cee25a834751 8840
wolfSSL 11:cee25a834751 8841 #if defined(HAVE_POLY1305) && defined(HAVE_CHACHA)
wolfSSL 11:cee25a834751 8842 /* Used for the older version of creating AEAD tags with Poly1305 */
wolfSSL 11:cee25a834751 8843 static int Poly1305TagOld(WOLFSSL* ssl, byte* additional, const byte* out,
wolfSSL 11:cee25a834751 8844 byte* cipher, word16 sz, byte* tag)
wolfSSL 11:cee25a834751 8845 {
wolfSSL 11:cee25a834751 8846 int ret = 0;
wolfSSL 11:cee25a834751 8847 int msglen = (sz - ssl->specs.aead_mac_size);
wolfSSL 11:cee25a834751 8848 word32 keySz = 32;
wolfSSL 11:cee25a834751 8849 byte padding[8]; /* used to temporarily store lengths */
wolfSSL 11:cee25a834751 8850
wolfSSL 11:cee25a834751 8851 #ifdef CHACHA_AEAD_TEST
wolfSSL 11:cee25a834751 8852 printf("Using old version of poly1305 input.\n");
wolfSSL 11:cee25a834751 8853 #endif
wolfSSL 11:cee25a834751 8854
wolfSSL 11:cee25a834751 8855 if (msglen < 0)
wolfSSL 11:cee25a834751 8856 return INPUT_CASE_ERROR;
wolfSSL 11:cee25a834751 8857
wolfSSL 11:cee25a834751 8858 if ((ret = wc_Poly1305SetKey(ssl->auth.poly1305, cipher, keySz)) != 0)
wolfSSL 11:cee25a834751 8859 return ret;
wolfSSL 11:cee25a834751 8860
wolfSSL 11:cee25a834751 8861 if ((ret = wc_Poly1305Update(ssl->auth.poly1305, additional,
wolfSSL 11:cee25a834751 8862 AEAD_AUTH_DATA_SZ)) != 0)
wolfSSL 11:cee25a834751 8863 return ret;
wolfSSL 11:cee25a834751 8864
wolfSSL 11:cee25a834751 8865 /* length of additional input plus padding */
wolfSSL 11:cee25a834751 8866 XMEMSET(padding, 0, sizeof(padding));
wolfSSL 11:cee25a834751 8867 padding[0] = AEAD_AUTH_DATA_SZ;
wolfSSL 11:cee25a834751 8868 if ((ret = wc_Poly1305Update(ssl->auth.poly1305, padding,
wolfSSL 11:cee25a834751 8869 sizeof(padding))) != 0)
wolfSSL 11:cee25a834751 8870 return ret;
wolfSSL 11:cee25a834751 8871
wolfSSL 11:cee25a834751 8872
wolfSSL 11:cee25a834751 8873 /* add cipher info and then its length */
wolfSSL 11:cee25a834751 8874 XMEMSET(padding, 0, sizeof(padding));
wolfSSL 11:cee25a834751 8875 if ((ret = wc_Poly1305Update(ssl->auth.poly1305, out, msglen)) != 0)
wolfSSL 11:cee25a834751 8876 return ret;
wolfSSL 11:cee25a834751 8877
wolfSSL 11:cee25a834751 8878 /* 32 bit size of cipher to 64 bit endian */
wolfSSL 11:cee25a834751 8879 padding[0] = msglen & 0xff;
wolfSSL 11:cee25a834751 8880 padding[1] = (msglen >> 8) & 0xff;
wolfSSL 11:cee25a834751 8881 padding[2] = (msglen >> 16) & 0xff;
wolfSSL 11:cee25a834751 8882 padding[3] = (msglen >> 24) & 0xff;
wolfSSL 11:cee25a834751 8883 if ((ret = wc_Poly1305Update(ssl->auth.poly1305, padding, sizeof(padding)))
wolfSSL 11:cee25a834751 8884 != 0)
wolfSSL 11:cee25a834751 8885 return ret;
wolfSSL 11:cee25a834751 8886
wolfSSL 11:cee25a834751 8887 /* generate tag */
wolfSSL 11:cee25a834751 8888 if ((ret = wc_Poly1305Final(ssl->auth.poly1305, tag)) != 0)
wolfSSL 11:cee25a834751 8889 return ret;
wolfSSL 11:cee25a834751 8890
wolfSSL 11:cee25a834751 8891 return ret;
wolfSSL 11:cee25a834751 8892 }
wolfSSL 11:cee25a834751 8893
wolfSSL 11:cee25a834751 8894
wolfSSL 11:cee25a834751 8895 /* When the flag oldPoly is not set this follows RFC7905. When oldPoly is set
wolfSSL 11:cee25a834751 8896 * the implmentation follows an older draft for creating the nonce and MAC.
wolfSSL 11:cee25a834751 8897 * The flag oldPoly gets set automaticlly depending on what cipher suite was
wolfSSL 11:cee25a834751 8898 * negotiated in the handshake. This is able to be done because the IDs for the
wolfSSL 11:cee25a834751 8899 * cipher suites was updated in RFC7905 giving unique values for the older
wolfSSL 11:cee25a834751 8900 * draft in comparision to the more recent RFC.
wolfSSL 11:cee25a834751 8901 *
wolfSSL 11:cee25a834751 8902 * ssl WOLFSSL structure to get cipher and TLS state from
wolfSSL 11:cee25a834751 8903 * out output buffer to hold encrypted data
wolfSSL 11:cee25a834751 8904 * input data to encrypt
wolfSSL 11:cee25a834751 8905 * sz size of input
wolfSSL 11:cee25a834751 8906 *
wolfSSL 11:cee25a834751 8907 * Return 0 on success negative values in error case
wolfSSL 11:cee25a834751 8908 */
wolfSSL 11:cee25a834751 8909 static int ChachaAEADEncrypt(WOLFSSL* ssl, byte* out, const byte* input,
wolfSSL 11:cee25a834751 8910 word16 sz)
wolfSSL 11:cee25a834751 8911 {
wolfSSL 11:cee25a834751 8912 const byte* additionalSrc = input - RECORD_HEADER_SZ;
wolfSSL 11:cee25a834751 8913 int ret = 0;
wolfSSL 11:cee25a834751 8914 word32 msgLen = (sz - ssl->specs.aead_mac_size);
wolfSSL 11:cee25a834751 8915 byte tag[POLY1305_AUTH_SZ];
wolfSSL 11:cee25a834751 8916 byte add[AEAD_AUTH_DATA_SZ];
wolfSSL 11:cee25a834751 8917 byte nonce[CHACHA20_NONCE_SZ];
wolfSSL 11:cee25a834751 8918 byte poly[CHACHA20_256_KEY_SIZE]; /* generated key for poly1305 */
wolfSSL 11:cee25a834751 8919 #ifdef CHACHA_AEAD_TEST
wolfSSL 11:cee25a834751 8920 int i;
wolfSSL 11:cee25a834751 8921 #endif
wolfSSL 11:cee25a834751 8922
wolfSSL 11:cee25a834751 8923 XMEMSET(tag, 0, sizeof(tag));
wolfSSL 11:cee25a834751 8924 XMEMSET(nonce, 0, sizeof(nonce));
wolfSSL 11:cee25a834751 8925 XMEMSET(poly, 0, sizeof(poly));
wolfSSL 11:cee25a834751 8926 XMEMSET(add, 0, sizeof(add));
wolfSSL 11:cee25a834751 8927
wolfSSL 11:cee25a834751 8928 /* opaque SEQ number stored for AD */
wolfSSL 11:cee25a834751 8929 WriteSEQ(ssl, CUR_ORDER, add);
wolfSSL 11:cee25a834751 8930
wolfSSL 11:cee25a834751 8931 if (ssl->options.oldPoly != 0) {
wolfSSL 11:cee25a834751 8932 /* get nonce. SEQ should not be incremented again here */
wolfSSL 11:cee25a834751 8933 XMEMCPY(nonce + CHACHA20_OLD_OFFSET, add, OPAQUE32_LEN * 2);
wolfSSL 11:cee25a834751 8934 }
wolfSSL 11:cee25a834751 8935
wolfSSL 11:cee25a834751 8936 /* Store the type, version. Unfortunately, they are in
wolfSSL 11:cee25a834751 8937 * the input buffer ahead of the plaintext. */
wolfSSL 11:cee25a834751 8938 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 8939 if (ssl->options.dtls) {
wolfSSL 11:cee25a834751 8940 additionalSrc -= DTLS_HANDSHAKE_EXTRA;
wolfSSL 11:cee25a834751 8941 DtlsSEQIncrement(ssl, CUR_ORDER);
wolfSSL 11:cee25a834751 8942 }
wolfSSL 11:cee25a834751 8943 #endif
wolfSSL 11:cee25a834751 8944
wolfSSL 11:cee25a834751 8945 /* add TLS message size to additional data */
wolfSSL 11:cee25a834751 8946 add[AEAD_AUTH_DATA_SZ - 2] = (msgLen >> 8) & 0xff;
wolfSSL 11:cee25a834751 8947 add[AEAD_AUTH_DATA_SZ - 1] = msgLen & 0xff;
wolfSSL 11:cee25a834751 8948
wolfSSL 11:cee25a834751 8949 XMEMCPY(add + AEAD_TYPE_OFFSET, additionalSrc, 3);
wolfSSL 11:cee25a834751 8950
wolfSSL 11:cee25a834751 8951 #ifdef CHACHA_AEAD_TEST
wolfSSL 11:cee25a834751 8952 printf("Encrypt Additional : ");
wolfSSL 11:cee25a834751 8953 for (i = 0; i < AEAD_AUTH_DATA_SZ; i++) {
wolfSSL 11:cee25a834751 8954 printf("%02x", add[i]);
wolfSSL 11:cee25a834751 8955 }
wolfSSL 11:cee25a834751 8956 printf("\n\n");
wolfSSL 11:cee25a834751 8957 printf("input before encryption :\n");
wolfSSL 11:cee25a834751 8958 for (i = 0; i < sz; i++) {
wolfSSL 11:cee25a834751 8959 printf("%02x", input[i]);
wolfSSL 11:cee25a834751 8960 if ((i + 1) % 16 == 0)
wolfSSL 11:cee25a834751 8961 printf("\n");
wolfSSL 11:cee25a834751 8962 }
wolfSSL 11:cee25a834751 8963 printf("\n");
wolfSSL 11:cee25a834751 8964 #endif
wolfSSL 11:cee25a834751 8965
wolfSSL 11:cee25a834751 8966 if (ssl->options.oldPoly == 0) {
wolfSSL 11:cee25a834751 8967 /* nonce is formed by 4 0x00 byte padded to the left followed by 8 byte
wolfSSL 11:cee25a834751 8968 * record sequence number XORed with client_write_IV/server_write_IV */
wolfSSL 11:cee25a834751 8969 XMEMCPY(nonce, ssl->keys.aead_enc_imp_IV, CHACHA20_IMP_IV_SZ);
wolfSSL 11:cee25a834751 8970 nonce[4] ^= add[0];
wolfSSL 11:cee25a834751 8971 nonce[5] ^= add[1];
wolfSSL 11:cee25a834751 8972 nonce[6] ^= add[2];
wolfSSL 11:cee25a834751 8973 nonce[7] ^= add[3];
wolfSSL 11:cee25a834751 8974 nonce[8] ^= add[4];
wolfSSL 11:cee25a834751 8975 nonce[9] ^= add[5];
wolfSSL 11:cee25a834751 8976 nonce[10] ^= add[6];
wolfSSL 11:cee25a834751 8977 nonce[11] ^= add[7];
wolfSSL 11:cee25a834751 8978 }
wolfSSL 11:cee25a834751 8979
wolfSSL 11:cee25a834751 8980 /* set the nonce for chacha and get poly1305 key */
wolfSSL 11:cee25a834751 8981 if ((ret = wc_Chacha_SetIV(ssl->encrypt.chacha, nonce, 0)) != 0) {
wolfSSL 11:cee25a834751 8982 ForceZero(nonce, CHACHA20_NONCE_SZ);
wolfSSL 11:cee25a834751 8983 return ret;
wolfSSL 11:cee25a834751 8984 }
wolfSSL 11:cee25a834751 8985
wolfSSL 11:cee25a834751 8986 ForceZero(nonce, CHACHA20_NONCE_SZ); /* done with nonce, clear it */
wolfSSL 11:cee25a834751 8987 /* create Poly1305 key using chacha20 keystream */
wolfSSL 11:cee25a834751 8988 if ((ret = wc_Chacha_Process(ssl->encrypt.chacha, poly,
wolfSSL 11:cee25a834751 8989 poly, sizeof(poly))) != 0)
wolfSSL 11:cee25a834751 8990 return ret;
wolfSSL 11:cee25a834751 8991
wolfSSL 11:cee25a834751 8992 /* encrypt the plain text */
wolfSSL 11:cee25a834751 8993 if ((ret = wc_Chacha_Process(ssl->encrypt.chacha, out,
wolfSSL 11:cee25a834751 8994 input, msgLen)) != 0) {
wolfSSL 11:cee25a834751 8995 ForceZero(poly, sizeof(poly));
wolfSSL 11:cee25a834751 8996 return ret;
wolfSSL 11:cee25a834751 8997 }
wolfSSL 11:cee25a834751 8998
wolfSSL 11:cee25a834751 8999 /* get the poly1305 tag using either old padding scheme or more recent */
wolfSSL 11:cee25a834751 9000 if (ssl->options.oldPoly != 0) {
wolfSSL 11:cee25a834751 9001 if ((ret = Poly1305TagOld(ssl, add, (const byte* )out,
wolfSSL 11:cee25a834751 9002 poly, sz, tag)) != 0) {
wolfSSL 11:cee25a834751 9003 ForceZero(poly, sizeof(poly));
wolfSSL 11:cee25a834751 9004 return ret;
wolfSSL 11:cee25a834751 9005 }
wolfSSL 11:cee25a834751 9006 }
wolfSSL 11:cee25a834751 9007 else {
wolfSSL 11:cee25a834751 9008 if ((ret = wc_Poly1305SetKey(ssl->auth.poly1305, poly,
wolfSSL 11:cee25a834751 9009 sizeof(poly))) != 0) {
wolfSSL 11:cee25a834751 9010 ForceZero(poly, sizeof(poly));
wolfSSL 11:cee25a834751 9011 return ret;
wolfSSL 11:cee25a834751 9012 }
wolfSSL 11:cee25a834751 9013 if ((ret = wc_Poly1305_MAC(ssl->auth.poly1305, add,
wolfSSL 11:cee25a834751 9014 sizeof(add), out, msgLen, tag, sizeof(tag))) != 0) {
wolfSSL 11:cee25a834751 9015 ForceZero(poly, sizeof(poly));
wolfSSL 11:cee25a834751 9016 return ret;
wolfSSL 11:cee25a834751 9017 }
wolfSSL 11:cee25a834751 9018 }
wolfSSL 11:cee25a834751 9019 ForceZero(poly, sizeof(poly)); /* done with poly1305 key, clear it */
wolfSSL 11:cee25a834751 9020
wolfSSL 11:cee25a834751 9021 /* append tag to ciphertext */
wolfSSL 11:cee25a834751 9022 XMEMCPY(out + msgLen, tag, sizeof(tag));
wolfSSL 11:cee25a834751 9023
wolfSSL 11:cee25a834751 9024 AeadIncrementExpIV(ssl);
wolfSSL 11:cee25a834751 9025
wolfSSL 11:cee25a834751 9026 #ifdef CHACHA_AEAD_TEST
wolfSSL 11:cee25a834751 9027 printf("mac tag :\n");
wolfSSL 11:cee25a834751 9028 for (i = 0; i < 16; i++) {
wolfSSL 11:cee25a834751 9029 printf("%02x", tag[i]);
wolfSSL 11:cee25a834751 9030 if ((i + 1) % 16 == 0)
wolfSSL 11:cee25a834751 9031 printf("\n");
wolfSSL 11:cee25a834751 9032 }
wolfSSL 11:cee25a834751 9033 printf("\n\noutput after encrypt :\n");
wolfSSL 11:cee25a834751 9034 for (i = 0; i < sz; i++) {
wolfSSL 11:cee25a834751 9035 printf("%02x", out[i]);
wolfSSL 11:cee25a834751 9036 if ((i + 1) % 16 == 0)
wolfSSL 11:cee25a834751 9037 printf("\n");
wolfSSL 11:cee25a834751 9038 }
wolfSSL 11:cee25a834751 9039 printf("\n");
wolfSSL 11:cee25a834751 9040 #endif
wolfSSL 11:cee25a834751 9041
wolfSSL 11:cee25a834751 9042 return ret;
wolfSSL 11:cee25a834751 9043 }
wolfSSL 11:cee25a834751 9044
wolfSSL 11:cee25a834751 9045
wolfSSL 11:cee25a834751 9046 /* When the flag oldPoly is not set this follows RFC7905. When oldPoly is set
wolfSSL 11:cee25a834751 9047 * the implmentation follows an older draft for creating the nonce and MAC.
wolfSSL 11:cee25a834751 9048 * The flag oldPoly gets set automaticlly depending on what cipher suite was
wolfSSL 11:cee25a834751 9049 * negotiated in the handshake. This is able to be done because the IDs for the
wolfSSL 11:cee25a834751 9050 * cipher suites was updated in RFC7905 giving unique values for the older
wolfSSL 11:cee25a834751 9051 * draft in comparision to the more recent RFC.
wolfSSL 11:cee25a834751 9052 *
wolfSSL 11:cee25a834751 9053 * ssl WOLFSSL structure to get cipher and TLS state from
wolfSSL 11:cee25a834751 9054 * plain output buffer to hold decrypted data
wolfSSL 11:cee25a834751 9055 * input data to decrypt
wolfSSL 11:cee25a834751 9056 * sz size of input
wolfSSL 11:cee25a834751 9057 *
wolfSSL 11:cee25a834751 9058 * Return 0 on success negative values in error case
wolfSSL 11:cee25a834751 9059 */
wolfSSL 11:cee25a834751 9060 static int ChachaAEADDecrypt(WOLFSSL* ssl, byte* plain, const byte* input,
wolfSSL 11:cee25a834751 9061 word16 sz)
wolfSSL 11:cee25a834751 9062 {
wolfSSL 11:cee25a834751 9063 byte add[AEAD_AUTH_DATA_SZ];
wolfSSL 11:cee25a834751 9064 byte nonce[CHACHA20_NONCE_SZ];
wolfSSL 11:cee25a834751 9065 byte tag[POLY1305_AUTH_SZ];
wolfSSL 11:cee25a834751 9066 byte poly[CHACHA20_256_KEY_SIZE]; /* generated key for mac */
wolfSSL 11:cee25a834751 9067 int ret = 0;
wolfSSL 11:cee25a834751 9068 int msgLen = (sz - ssl->specs.aead_mac_size);
wolfSSL 11:cee25a834751 9069
wolfSSL 11:cee25a834751 9070 #ifdef CHACHA_AEAD_TEST
wolfSSL 11:cee25a834751 9071 int i;
wolfSSL 11:cee25a834751 9072 printf("input before decrypt :\n");
wolfSSL 11:cee25a834751 9073 for (i = 0; i < sz; i++) {
wolfSSL 11:cee25a834751 9074 printf("%02x", input[i]);
wolfSSL 11:cee25a834751 9075 if ((i + 1) % 16 == 0)
wolfSSL 11:cee25a834751 9076 printf("\n");
wolfSSL 11:cee25a834751 9077 }
wolfSSL 11:cee25a834751 9078 printf("\n");
wolfSSL 11:cee25a834751 9079 #endif
wolfSSL 11:cee25a834751 9080
wolfSSL 11:cee25a834751 9081 XMEMSET(tag, 0, sizeof(tag));
wolfSSL 11:cee25a834751 9082 XMEMSET(poly, 0, sizeof(poly));
wolfSSL 11:cee25a834751 9083 XMEMSET(nonce, 0, sizeof(nonce));
wolfSSL 11:cee25a834751 9084 XMEMSET(add, 0, sizeof(add));
wolfSSL 11:cee25a834751 9085
wolfSSL 11:cee25a834751 9086 /* sequence number field is 64-bits */
wolfSSL 11:cee25a834751 9087 WriteSEQ(ssl, PEER_ORDER, add);
wolfSSL 11:cee25a834751 9088
wolfSSL 11:cee25a834751 9089 if (ssl->options.oldPoly != 0) {
wolfSSL 11:cee25a834751 9090 /* get nonce, SEQ should not be incremented again here */
wolfSSL 11:cee25a834751 9091 XMEMCPY(nonce + CHACHA20_OLD_OFFSET, add, OPAQUE32_LEN * 2);
wolfSSL 11:cee25a834751 9092 }
wolfSSL 11:cee25a834751 9093
wolfSSL 11:cee25a834751 9094 /* get AD info */
wolfSSL 11:cee25a834751 9095 /* Store the type, version. */
wolfSSL 11:cee25a834751 9096 add[AEAD_TYPE_OFFSET] = ssl->curRL.type;
wolfSSL 11:cee25a834751 9097 add[AEAD_VMAJ_OFFSET] = ssl->curRL.pvMajor;
wolfSSL 11:cee25a834751 9098 add[AEAD_VMIN_OFFSET] = ssl->curRL.pvMinor;
wolfSSL 11:cee25a834751 9099
wolfSSL 11:cee25a834751 9100 /* add TLS message size to additional data */
wolfSSL 11:cee25a834751 9101 add[AEAD_AUTH_DATA_SZ - 2] = (msgLen >> 8) & 0xff;
wolfSSL 11:cee25a834751 9102 add[AEAD_AUTH_DATA_SZ - 1] = msgLen & 0xff;
wolfSSL 11:cee25a834751 9103
wolfSSL 11:cee25a834751 9104 #ifdef CHACHA_AEAD_TEST
wolfSSL 11:cee25a834751 9105 printf("Decrypt Additional : ");
wolfSSL 11:cee25a834751 9106 for (i = 0; i < AEAD_AUTH_DATA_SZ; i++) {
wolfSSL 11:cee25a834751 9107 printf("%02x", add[i]);
wolfSSL 11:cee25a834751 9108 }
wolfSSL 11:cee25a834751 9109 printf("\n\n");
wolfSSL 11:cee25a834751 9110 #endif
wolfSSL 11:cee25a834751 9111
wolfSSL 11:cee25a834751 9112 if (ssl->options.oldPoly == 0) {
wolfSSL 11:cee25a834751 9113 /* nonce is formed by 4 0x00 byte padded to the left followed by 8 byte
wolfSSL 11:cee25a834751 9114 * record sequence number XORed with client_write_IV/server_write_IV */
wolfSSL 11:cee25a834751 9115 XMEMCPY(nonce, ssl->keys.aead_dec_imp_IV, CHACHA20_IMP_IV_SZ);
wolfSSL 11:cee25a834751 9116 nonce[4] ^= add[0];
wolfSSL 11:cee25a834751 9117 nonce[5] ^= add[1];
wolfSSL 11:cee25a834751 9118 nonce[6] ^= add[2];
wolfSSL 11:cee25a834751 9119 nonce[7] ^= add[3];
wolfSSL 11:cee25a834751 9120 nonce[8] ^= add[4];
wolfSSL 11:cee25a834751 9121 nonce[9] ^= add[5];
wolfSSL 11:cee25a834751 9122 nonce[10] ^= add[6];
wolfSSL 11:cee25a834751 9123 nonce[11] ^= add[7];
wolfSSL 11:cee25a834751 9124 }
wolfSSL 11:cee25a834751 9125
wolfSSL 11:cee25a834751 9126 /* set nonce and get poly1305 key */
wolfSSL 11:cee25a834751 9127 if ((ret = wc_Chacha_SetIV(ssl->decrypt.chacha, nonce, 0)) != 0) {
wolfSSL 11:cee25a834751 9128 ForceZero(nonce, CHACHA20_NONCE_SZ);
wolfSSL 11:cee25a834751 9129 return ret;
wolfSSL 11:cee25a834751 9130 }
wolfSSL 11:cee25a834751 9131
wolfSSL 11:cee25a834751 9132 ForceZero(nonce, CHACHA20_NONCE_SZ); /* done with nonce, clear it */
wolfSSL 11:cee25a834751 9133 /* use chacha20 keystream to get poly1305 key for tag */
wolfSSL 11:cee25a834751 9134 if ((ret = wc_Chacha_Process(ssl->decrypt.chacha, poly,
wolfSSL 11:cee25a834751 9135 poly, sizeof(poly))) != 0)
wolfSSL 11:cee25a834751 9136 return ret;
wolfSSL 11:cee25a834751 9137
wolfSSL 11:cee25a834751 9138 /* get the tag using Poly1305 */
wolfSSL 11:cee25a834751 9139 if (ssl->options.oldPoly != 0) {
wolfSSL 11:cee25a834751 9140 if ((ret = Poly1305TagOld(ssl, add, input, poly, sz, tag)) != 0) {
wolfSSL 11:cee25a834751 9141 ForceZero(poly, sizeof(poly));
wolfSSL 11:cee25a834751 9142 return ret;
wolfSSL 11:cee25a834751 9143 }
wolfSSL 11:cee25a834751 9144 }
wolfSSL 11:cee25a834751 9145 else {
wolfSSL 11:cee25a834751 9146 if ((ret = wc_Poly1305SetKey(ssl->auth.poly1305, poly,
wolfSSL 11:cee25a834751 9147 sizeof(poly))) != 0) {
wolfSSL 11:cee25a834751 9148 ForceZero(poly, sizeof(poly));
wolfSSL 11:cee25a834751 9149 return ret;
wolfSSL 11:cee25a834751 9150 }
wolfSSL 11:cee25a834751 9151 if ((ret = wc_Poly1305_MAC(ssl->auth.poly1305, add,
wolfSSL 11:cee25a834751 9152 sizeof(add), (byte*)input, msgLen, tag, sizeof(tag))) != 0) {
wolfSSL 11:cee25a834751 9153 ForceZero(poly, sizeof(poly));
wolfSSL 11:cee25a834751 9154 return ret;
wolfSSL 11:cee25a834751 9155 }
wolfSSL 11:cee25a834751 9156 }
wolfSSL 11:cee25a834751 9157 ForceZero(poly, sizeof(poly)); /* done with poly1305 key, clear it */
wolfSSL 11:cee25a834751 9158
wolfSSL 11:cee25a834751 9159 /* check tag sent along with packet */
wolfSSL 11:cee25a834751 9160 if (ConstantCompare(input + msgLen, tag, ssl->specs.aead_mac_size) != 0) {
wolfSSL 11:cee25a834751 9161 WOLFSSL_MSG("MAC did not match");
wolfSSL 11:cee25a834751 9162 if (!ssl->options.dtls)
wolfSSL 11:cee25a834751 9163 SendAlert(ssl, alert_fatal, bad_record_mac);
wolfSSL 11:cee25a834751 9164 return VERIFY_MAC_ERROR;
wolfSSL 11:cee25a834751 9165 }
wolfSSL 11:cee25a834751 9166
wolfSSL 11:cee25a834751 9167 /* if the tag was good decrypt message */
wolfSSL 11:cee25a834751 9168 if ((ret = wc_Chacha_Process(ssl->decrypt.chacha, plain,
wolfSSL 11:cee25a834751 9169 input, msgLen)) != 0)
wolfSSL 11:cee25a834751 9170 return ret;
wolfSSL 11:cee25a834751 9171
wolfSSL 11:cee25a834751 9172 #ifdef CHACHA_AEAD_TEST
wolfSSL 11:cee25a834751 9173 printf("plain after decrypt :\n");
wolfSSL 11:cee25a834751 9174 for (i = 0; i < sz; i++) {
wolfSSL 11:cee25a834751 9175 printf("%02x", plain[i]);
wolfSSL 11:cee25a834751 9176 if ((i + 1) % 16 == 0)
wolfSSL 11:cee25a834751 9177 printf("\n");
wolfSSL 11:cee25a834751 9178 }
wolfSSL 11:cee25a834751 9179 printf("\n");
wolfSSL 11:cee25a834751 9180 #endif
wolfSSL 11:cee25a834751 9181
wolfSSL 11:cee25a834751 9182 return ret;
wolfSSL 11:cee25a834751 9183 }
wolfSSL 11:cee25a834751 9184 #endif /* HAVE_CHACHA && HAVE_POLY1305 */
wolfSSL 11:cee25a834751 9185 #endif /* HAVE_AEAD */
wolfSSL 11:cee25a834751 9186
wolfSSL 11:cee25a834751 9187
wolfSSL 11:cee25a834751 9188 static INLINE int EncryptDo(WOLFSSL* ssl, byte* out, const byte* input,
wolfSSL 11:cee25a834751 9189 word16 sz, int asyncOkay)
wolfSSL 11:cee25a834751 9190 {
wolfSSL 11:cee25a834751 9191 int ret = 0;
wolfSSL 11:cee25a834751 9192 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 11:cee25a834751 9193 WC_ASYNC_DEV* asyncDev = NULL;
wolfSSL 11:cee25a834751 9194 word32 event_flags = WC_ASYNC_FLAG_CALL_AGAIN;
wolfSSL 11:cee25a834751 9195 #else
wolfSSL 11:cee25a834751 9196 (void)asyncOkay;
wolfSSL 11:cee25a834751 9197 #endif
wolfSSL 11:cee25a834751 9198
wolfSSL 11:cee25a834751 9199 (void)out;
wolfSSL 11:cee25a834751 9200 (void)input;
wolfSSL 11:cee25a834751 9201 (void)sz;
wolfSSL 11:cee25a834751 9202
wolfSSL 11:cee25a834751 9203 switch (ssl->specs.bulk_cipher_algorithm) {
wolfSSL 11:cee25a834751 9204 #ifdef BUILD_ARC4
wolfSSL 11:cee25a834751 9205 case wolfssl_rc4:
wolfSSL 11:cee25a834751 9206 wc_Arc4Process(ssl->encrypt.arc4, out, input, sz);
wolfSSL 11:cee25a834751 9207 break;
wolfSSL 11:cee25a834751 9208 #endif
wolfSSL 11:cee25a834751 9209
wolfSSL 11:cee25a834751 9210 #ifdef BUILD_DES3
wolfSSL 11:cee25a834751 9211 case wolfssl_triple_des:
wolfSSL 11:cee25a834751 9212 ret = wc_Des3_CbcEncrypt(ssl->encrypt.des3, out, input, sz);
wolfSSL 11:cee25a834751 9213 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 11:cee25a834751 9214 if (ret == WC_PENDING_E) {
wolfSSL 11:cee25a834751 9215 asyncDev = &ssl->encrypt.des3->asyncDev;
wolfSSL 11:cee25a834751 9216 if (asyncOkay)
wolfSSL 11:cee25a834751 9217 ret = wolfSSL_AsyncPush(ssl, asyncDev, event_flags);
wolfSSL 11:cee25a834751 9218 }
wolfSSL 11:cee25a834751 9219 #endif
wolfSSL 11:cee25a834751 9220 break;
wolfSSL 11:cee25a834751 9221 #endif
wolfSSL 11:cee25a834751 9222
wolfSSL 11:cee25a834751 9223 #ifdef BUILD_AES
wolfSSL 11:cee25a834751 9224 case wolfssl_aes:
wolfSSL 11:cee25a834751 9225 ret = wc_AesCbcEncrypt(ssl->encrypt.aes, out, input, sz);
wolfSSL 11:cee25a834751 9226 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 11:cee25a834751 9227 if (ret == WC_PENDING_E) {
wolfSSL 11:cee25a834751 9228 asyncDev = &ssl->encrypt.aes->asyncDev;
wolfSSL 11:cee25a834751 9229 if (asyncOkay)
wolfSSL 11:cee25a834751 9230 ret = wolfSSL_AsyncPush(ssl, asyncDev, event_flags);
wolfSSL 11:cee25a834751 9231 break;
wolfSSL 11:cee25a834751 9232 }
wolfSSL 11:cee25a834751 9233 #endif
wolfSSL 11:cee25a834751 9234 break;
wolfSSL 11:cee25a834751 9235 #endif
wolfSSL 11:cee25a834751 9236
wolfSSL 11:cee25a834751 9237 #if defined(BUILD_AESGCM) || defined(HAVE_AESCCM)
wolfSSL 11:cee25a834751 9238 case wolfssl_aes_gcm:
wolfSSL 11:cee25a834751 9239 case wolfssl_aes_ccm:/* GCM AEAD macros use same size as CCM */
wolfSSL 11:cee25a834751 9240 {
wolfSSL 11:cee25a834751 9241 wc_AesAuthEncryptFunc aes_auth_fn;
wolfSSL 11:cee25a834751 9242 const byte* additionalSrc;
wolfSSL 11:cee25a834751 9243 #if defined(BUILD_AESGCM) && defined(HAVE_AESCCM)
wolfSSL 11:cee25a834751 9244 aes_auth_fn = (ssl->specs.bulk_cipher_algorithm == wolfssl_aes_gcm)
wolfSSL 11:cee25a834751 9245 ? wc_AesGcmEncrypt : wc_AesCcmEncrypt;
wolfSSL 11:cee25a834751 9246 #elif defined(BUILD_AESGCM)
wolfSSL 11:cee25a834751 9247 aes_auth_fn = wc_AesGcmEncrypt;
wolfSSL 11:cee25a834751 9248 #else
wolfSSL 11:cee25a834751 9249 aes_auth_fn = wc_AesCcmEncrypt;
wolfSSL 11:cee25a834751 9250 #endif
wolfSSL 11:cee25a834751 9251 additionalSrc = input - 5;
wolfSSL 11:cee25a834751 9252
wolfSSL 11:cee25a834751 9253 XMEMSET(ssl->encrypt.additional, 0, AEAD_AUTH_DATA_SZ);
wolfSSL 11:cee25a834751 9254
wolfSSL 11:cee25a834751 9255 /* sequence number field is 64-bits */
wolfSSL 11:cee25a834751 9256 WriteSEQ(ssl, CUR_ORDER, ssl->encrypt.additional);
wolfSSL 11:cee25a834751 9257
wolfSSL 11:cee25a834751 9258 /* Store the type, version. Unfortunately, they are in
wolfSSL 11:cee25a834751 9259 * the input buffer ahead of the plaintext. */
wolfSSL 11:cee25a834751 9260 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 9261 if (ssl->options.dtls) {
wolfSSL 11:cee25a834751 9262 additionalSrc -= DTLS_HANDSHAKE_EXTRA;
wolfSSL 11:cee25a834751 9263 }
wolfSSL 11:cee25a834751 9264 #endif
wolfSSL 11:cee25a834751 9265 XMEMCPY(ssl->encrypt.additional + AEAD_TYPE_OFFSET,
wolfSSL 11:cee25a834751 9266 additionalSrc, 3);
wolfSSL 11:cee25a834751 9267
wolfSSL 11:cee25a834751 9268 /* Store the length of the plain text minus the explicit
wolfSSL 11:cee25a834751 9269 * IV length minus the authentication tag size. */
wolfSSL 11:cee25a834751 9270 c16toa(sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size,
wolfSSL 11:cee25a834751 9271 ssl->encrypt.additional + AEAD_LEN_OFFSET);
wolfSSL 11:cee25a834751 9272 XMEMCPY(ssl->encrypt.nonce,
wolfSSL 11:cee25a834751 9273 ssl->keys.aead_enc_imp_IV, AESGCM_IMP_IV_SZ);
wolfSSL 11:cee25a834751 9274 XMEMCPY(ssl->encrypt.nonce + AESGCM_IMP_IV_SZ,
wolfSSL 11:cee25a834751 9275 ssl->keys.aead_exp_IV, AESGCM_EXP_IV_SZ);
wolfSSL 11:cee25a834751 9276 ret = aes_auth_fn(ssl->encrypt.aes,
wolfSSL 11:cee25a834751 9277 out + AESGCM_EXP_IV_SZ, input + AESGCM_EXP_IV_SZ,
wolfSSL 11:cee25a834751 9278 sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size,
wolfSSL 11:cee25a834751 9279 ssl->encrypt.nonce, AESGCM_NONCE_SZ,
wolfSSL 11:cee25a834751 9280 out + sz - ssl->specs.aead_mac_size,
wolfSSL 11:cee25a834751 9281 ssl->specs.aead_mac_size,
wolfSSL 11:cee25a834751 9282 ssl->encrypt.additional, AEAD_AUTH_DATA_SZ);
wolfSSL 11:cee25a834751 9283 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 11:cee25a834751 9284 if (ret == WC_PENDING_E) {
wolfSSL 11:cee25a834751 9285 asyncDev = &ssl->encrypt.aes->asyncDev;
wolfSSL 11:cee25a834751 9286 if (asyncOkay)
wolfSSL 11:cee25a834751 9287 ret = wolfSSL_AsyncPush(ssl, asyncDev, event_flags);
wolfSSL 11:cee25a834751 9288 }
wolfSSL 11:cee25a834751 9289 #endif
wolfSSL 11:cee25a834751 9290 }
wolfSSL 11:cee25a834751 9291 break;
wolfSSL 11:cee25a834751 9292 #endif /* BUILD_AESGCM || HAVE_AESCCM */
wolfSSL 11:cee25a834751 9293
wolfSSL 11:cee25a834751 9294 #ifdef HAVE_CAMELLIA
wolfSSL 11:cee25a834751 9295 case wolfssl_camellia:
wolfSSL 11:cee25a834751 9296 wc_CamelliaCbcEncrypt(ssl->encrypt.cam, out, input, sz);
wolfSSL 11:cee25a834751 9297 break;
wolfSSL 11:cee25a834751 9298 #endif
wolfSSL 11:cee25a834751 9299
wolfSSL 11:cee25a834751 9300 #ifdef HAVE_HC128
wolfSSL 11:cee25a834751 9301 case wolfssl_hc128:
wolfSSL 11:cee25a834751 9302 ret = wc_Hc128_Process(ssl->encrypt.hc128, out, input, sz);
wolfSSL 11:cee25a834751 9303 break;
wolfSSL 11:cee25a834751 9304 #endif
wolfSSL 11:cee25a834751 9305
wolfSSL 11:cee25a834751 9306 #ifdef BUILD_RABBIT
wolfSSL 11:cee25a834751 9307 case wolfssl_rabbit:
wolfSSL 11:cee25a834751 9308 ret = wc_RabbitProcess(ssl->encrypt.rabbit, out, input, sz);
wolfSSL 11:cee25a834751 9309 break;
wolfSSL 11:cee25a834751 9310 #endif
wolfSSL 11:cee25a834751 9311
wolfSSL 11:cee25a834751 9312 #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
wolfSSL 11:cee25a834751 9313 case wolfssl_chacha:
wolfSSL 11:cee25a834751 9314 ret = ChachaAEADEncrypt(ssl, out, input, sz);
wolfSSL 11:cee25a834751 9315 break;
wolfSSL 11:cee25a834751 9316 #endif
wolfSSL 11:cee25a834751 9317
wolfSSL 11:cee25a834751 9318 #ifdef HAVE_NULL_CIPHER
wolfSSL 11:cee25a834751 9319 case wolfssl_cipher_null:
wolfSSL 11:cee25a834751 9320 if (input != out) {
wolfSSL 11:cee25a834751 9321 XMEMMOVE(out, input, sz);
wolfSSL 11:cee25a834751 9322 }
wolfSSL 11:cee25a834751 9323 break;
wolfSSL 11:cee25a834751 9324 #endif
wolfSSL 11:cee25a834751 9325
wolfSSL 11:cee25a834751 9326 #ifdef HAVE_IDEA
wolfSSL 11:cee25a834751 9327 case wolfssl_idea:
wolfSSL 11:cee25a834751 9328 ret = wc_IdeaCbcEncrypt(ssl->encrypt.idea, out, input, sz);
wolfSSL 11:cee25a834751 9329 break;
wolfSSL 11:cee25a834751 9330 #endif
wolfSSL 11:cee25a834751 9331
wolfSSL 11:cee25a834751 9332 default:
wolfSSL 11:cee25a834751 9333 WOLFSSL_MSG("wolfSSL Encrypt programming error");
wolfSSL 11:cee25a834751 9334 ret = ENCRYPT_ERROR;
wolfSSL 11:cee25a834751 9335 }
wolfSSL 11:cee25a834751 9336
wolfSSL 11:cee25a834751 9337 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 11:cee25a834751 9338 /* if async is not okay, then block */
wolfSSL 11:cee25a834751 9339 if (ret == WC_PENDING_E && !asyncOkay) {
wolfSSL 11:cee25a834751 9340 ret = wc_AsyncWait(ret, asyncDev, event_flags);
wolfSSL 11:cee25a834751 9341 }
wolfSSL 11:cee25a834751 9342 #endif
wolfSSL 11:cee25a834751 9343
wolfSSL 11:cee25a834751 9344 return ret;
wolfSSL 11:cee25a834751 9345 }
wolfSSL 11:cee25a834751 9346
wolfSSL 11:cee25a834751 9347 static INLINE int Encrypt(WOLFSSL* ssl, byte* out, const byte* input, word16 sz,
wolfSSL 11:cee25a834751 9348 int asyncOkay)
wolfSSL 11:cee25a834751 9349 {
wolfSSL 11:cee25a834751 9350 int ret = 0;
wolfSSL 11:cee25a834751 9351
wolfSSL 11:cee25a834751 9352 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 11:cee25a834751 9353 if (asyncOkay && ssl->error == WC_PENDING_E) {
wolfSSL 11:cee25a834751 9354 ssl->error = 0; /* clear async */
wolfSSL 11:cee25a834751 9355 }
wolfSSL 11:cee25a834751 9356 #endif
wolfSSL 11:cee25a834751 9357
wolfSSL 11:cee25a834751 9358 switch (ssl->encrypt.state) {
wolfSSL 11:cee25a834751 9359 case CIPHER_STATE_BEGIN:
wolfSSL 11:cee25a834751 9360 {
wolfSSL 11:cee25a834751 9361 if (ssl->encrypt.setup == 0) {
wolfSSL 11:cee25a834751 9362 WOLFSSL_MSG("Encrypt ciphers not setup");
wolfSSL 11:cee25a834751 9363 return ENCRYPT_ERROR;
wolfSSL 11:cee25a834751 9364 }
wolfSSL 11:cee25a834751 9365
wolfSSL 11:cee25a834751 9366 #ifdef HAVE_FUZZER
wolfSSL 11:cee25a834751 9367 if (ssl->fuzzerCb)
wolfSSL 11:cee25a834751 9368 ssl->fuzzerCb(ssl, input, sz, FUZZ_ENCRYPT, ssl->fuzzerCtx);
wolfSSL 11:cee25a834751 9369 #endif
wolfSSL 11:cee25a834751 9370
wolfSSL 11:cee25a834751 9371 #if defined(BUILD_AESGCM) || defined(HAVE_AESCCM)
wolfSSL 11:cee25a834751 9372 /* make sure AES GCM/CCM memory is allocated */
wolfSSL 11:cee25a834751 9373 /* free for these happens in FreeCiphers */
wolfSSL 11:cee25a834751 9374 if (ssl->specs.bulk_cipher_algorithm == wolfssl_aes_ccm ||
wolfSSL 11:cee25a834751 9375 ssl->specs.bulk_cipher_algorithm == wolfssl_aes_gcm) {
wolfSSL 11:cee25a834751 9376 /* make sure auth iv and auth are allocated */
wolfSSL 11:cee25a834751 9377 if (ssl->encrypt.additional == NULL)
wolfSSL 11:cee25a834751 9378 ssl->encrypt.additional = (byte*)XMALLOC(AEAD_AUTH_DATA_SZ,
wolfSSL 11:cee25a834751 9379 ssl->heap, DYNAMIC_TYPE_AES);
wolfSSL 11:cee25a834751 9380 if (ssl->encrypt.nonce == NULL)
wolfSSL 11:cee25a834751 9381 ssl->encrypt.nonce = (byte*)XMALLOC(AESGCM_NONCE_SZ,
wolfSSL 11:cee25a834751 9382 ssl->heap, DYNAMIC_TYPE_AES);
wolfSSL 11:cee25a834751 9383 if (ssl->encrypt.additional == NULL ||
wolfSSL 11:cee25a834751 9384 ssl->encrypt.nonce == NULL) {
wolfSSL 11:cee25a834751 9385 return MEMORY_E;
wolfSSL 11:cee25a834751 9386 }
wolfSSL 11:cee25a834751 9387 }
wolfSSL 11:cee25a834751 9388 #endif /* BUILD_AESGCM || HAVE_AESCCM */
wolfSSL 11:cee25a834751 9389
wolfSSL 11:cee25a834751 9390 /* Advance state and proceed */
wolfSSL 11:cee25a834751 9391 ssl->encrypt.state = CIPHER_STATE_DO;
wolfSSL 11:cee25a834751 9392 }
wolfSSL 11:cee25a834751 9393 case CIPHER_STATE_DO:
wolfSSL 11:cee25a834751 9394 {
wolfSSL 11:cee25a834751 9395 ret = EncryptDo(ssl, out, input, sz, asyncOkay);
wolfSSL 11:cee25a834751 9396
wolfSSL 11:cee25a834751 9397 /* Advance state */
wolfSSL 11:cee25a834751 9398 ssl->encrypt.state = CIPHER_STATE_END;
wolfSSL 11:cee25a834751 9399
wolfSSL 11:cee25a834751 9400 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 11:cee25a834751 9401 /* If pending, then leave and return will resume below */
wolfSSL 11:cee25a834751 9402 if (ret == WC_PENDING_E) {
wolfSSL 11:cee25a834751 9403 return ret;
wolfSSL 11:cee25a834751 9404 }
wolfSSL 11:cee25a834751 9405 #endif
wolfSSL 11:cee25a834751 9406 }
wolfSSL 11:cee25a834751 9407
wolfSSL 11:cee25a834751 9408 case CIPHER_STATE_END:
wolfSSL 11:cee25a834751 9409 {
wolfSSL 11:cee25a834751 9410 #if defined(BUILD_AESGCM) || defined(HAVE_AESCCM)
wolfSSL 11:cee25a834751 9411 if (ssl->specs.bulk_cipher_algorithm == wolfssl_aes_ccm ||
wolfSSL 11:cee25a834751 9412 ssl->specs.bulk_cipher_algorithm == wolfssl_aes_gcm)
wolfSSL 11:cee25a834751 9413 {
wolfSSL 11:cee25a834751 9414 /* finalize authentication cipher */
wolfSSL 11:cee25a834751 9415 AeadIncrementExpIV(ssl);
wolfSSL 11:cee25a834751 9416
wolfSSL 11:cee25a834751 9417 if (ssl->encrypt.nonce)
wolfSSL 11:cee25a834751 9418 ForceZero(ssl->encrypt.nonce, AESGCM_NONCE_SZ);
wolfSSL 11:cee25a834751 9419
wolfSSL 11:cee25a834751 9420 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 9421 if (ssl->options.dtls)
wolfSSL 11:cee25a834751 9422 DtlsSEQIncrement(ssl, CUR_ORDER);
wolfSSL 11:cee25a834751 9423 #endif
wolfSSL 11:cee25a834751 9424 }
wolfSSL 11:cee25a834751 9425 #endif /* BUILD_AESGCM || HAVE_AESCCM */
wolfSSL 11:cee25a834751 9426 break;
wolfSSL 11:cee25a834751 9427 }
wolfSSL 11:cee25a834751 9428 }
wolfSSL 11:cee25a834751 9429
wolfSSL 11:cee25a834751 9430 /* Reset state */
wolfSSL 11:cee25a834751 9431 ssl->encrypt.state = CIPHER_STATE_BEGIN;
wolfSSL 11:cee25a834751 9432
wolfSSL 11:cee25a834751 9433 return ret;
wolfSSL 11:cee25a834751 9434 }
wolfSSL 11:cee25a834751 9435
wolfSSL 11:cee25a834751 9436 static INLINE int DecryptDo(WOLFSSL* ssl, byte* plain, const byte* input,
wolfSSL 11:cee25a834751 9437 word16 sz)
wolfSSL 11:cee25a834751 9438 {
wolfSSL 11:cee25a834751 9439 int ret = 0;
wolfSSL 11:cee25a834751 9440
wolfSSL 11:cee25a834751 9441 (void)plain;
wolfSSL 11:cee25a834751 9442 (void)input;
wolfSSL 11:cee25a834751 9443 (void)sz;
wolfSSL 11:cee25a834751 9444
wolfSSL 11:cee25a834751 9445 switch (ssl->specs.bulk_cipher_algorithm)
wolfSSL 11:cee25a834751 9446 {
wolfSSL 11:cee25a834751 9447 #ifdef BUILD_ARC4
wolfSSL 11:cee25a834751 9448 case wolfssl_rc4:
wolfSSL 11:cee25a834751 9449 wc_Arc4Process(ssl->decrypt.arc4, plain, input, sz);
wolfSSL 11:cee25a834751 9450 break;
wolfSSL 11:cee25a834751 9451 #endif
wolfSSL 11:cee25a834751 9452
wolfSSL 11:cee25a834751 9453 #ifdef BUILD_DES3
wolfSSL 11:cee25a834751 9454 case wolfssl_triple_des:
wolfSSL 11:cee25a834751 9455 ret = wc_Des3_CbcDecrypt(ssl->decrypt.des3, plain, input, sz);
wolfSSL 11:cee25a834751 9456 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 11:cee25a834751 9457 if (ret == WC_PENDING_E) {
wolfSSL 11:cee25a834751 9458 ret = wolfSSL_AsyncPush(ssl, &ssl->decrypt.des3->asyncDev,
wolfSSL 11:cee25a834751 9459 WC_ASYNC_FLAG_CALL_AGAIN);
wolfSSL 11:cee25a834751 9460 }
wolfSSL 11:cee25a834751 9461 #endif
wolfSSL 11:cee25a834751 9462 break;
wolfSSL 11:cee25a834751 9463 #endif
wolfSSL 11:cee25a834751 9464
wolfSSL 11:cee25a834751 9465 #ifdef BUILD_AES
wolfSSL 11:cee25a834751 9466 case wolfssl_aes:
wolfSSL 11:cee25a834751 9467 ret = wc_AesCbcDecrypt(ssl->decrypt.aes, plain, input, sz);
wolfSSL 11:cee25a834751 9468 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 11:cee25a834751 9469 if (ret == WC_PENDING_E) {
wolfSSL 11:cee25a834751 9470 ret = wolfSSL_AsyncPush(ssl, &ssl->decrypt.aes->asyncDev,
wolfSSL 11:cee25a834751 9471 WC_ASYNC_FLAG_CALL_AGAIN);
wolfSSL 11:cee25a834751 9472 }
wolfSSL 11:cee25a834751 9473 #endif
wolfSSL 11:cee25a834751 9474 break;
wolfSSL 11:cee25a834751 9475 #endif
wolfSSL 11:cee25a834751 9476
wolfSSL 11:cee25a834751 9477 #if defined(BUILD_AESGCM) || defined(HAVE_AESCCM)
wolfSSL 11:cee25a834751 9478 case wolfssl_aes_gcm:
wolfSSL 11:cee25a834751 9479 case wolfssl_aes_ccm: /* GCM AEAD macros use same size as CCM */
wolfSSL 11:cee25a834751 9480 {
wolfSSL 11:cee25a834751 9481 wc_AesAuthDecryptFunc aes_auth_fn;
wolfSSL 11:cee25a834751 9482 #if defined(BUILD_AESGCM) && defined(HAVE_AESCCM)
wolfSSL 11:cee25a834751 9483 aes_auth_fn = (ssl->specs.bulk_cipher_algorithm == wolfssl_aes_gcm)
wolfSSL 11:cee25a834751 9484 ? wc_AesGcmDecrypt : wc_AesCcmDecrypt;
wolfSSL 11:cee25a834751 9485 #elif defined(BUILD_AESGCM)
wolfSSL 11:cee25a834751 9486 aes_auth_fn = wc_AesGcmDecrypt;
wolfSSL 11:cee25a834751 9487 #else
wolfSSL 11:cee25a834751 9488 aes_auth_fn = wc_AesCcmDecrypt;
wolfSSL 11:cee25a834751 9489 #endif
wolfSSL 11:cee25a834751 9490
wolfSSL 11:cee25a834751 9491 XMEMSET(ssl->decrypt.additional, 0, AEAD_AUTH_DATA_SZ);
wolfSSL 11:cee25a834751 9492
wolfSSL 11:cee25a834751 9493 /* sequence number field is 64-bits */
wolfSSL 11:cee25a834751 9494 WriteSEQ(ssl, PEER_ORDER, ssl->decrypt.additional);
wolfSSL 11:cee25a834751 9495
wolfSSL 11:cee25a834751 9496 ssl->decrypt.additional[AEAD_TYPE_OFFSET] = ssl->curRL.type;
wolfSSL 11:cee25a834751 9497 ssl->decrypt.additional[AEAD_VMAJ_OFFSET] = ssl->curRL.pvMajor;
wolfSSL 11:cee25a834751 9498 ssl->decrypt.additional[AEAD_VMIN_OFFSET] = ssl->curRL.pvMinor;
wolfSSL 11:cee25a834751 9499
wolfSSL 11:cee25a834751 9500 c16toa(sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size,
wolfSSL 11:cee25a834751 9501 ssl->decrypt.additional + AEAD_LEN_OFFSET);
wolfSSL 11:cee25a834751 9502 XMEMCPY(ssl->decrypt.nonce, ssl->keys.aead_dec_imp_IV,
wolfSSL 11:cee25a834751 9503 AESGCM_IMP_IV_SZ);
wolfSSL 11:cee25a834751 9504 XMEMCPY(ssl->decrypt.nonce + AESGCM_IMP_IV_SZ, input,
wolfSSL 11:cee25a834751 9505 AESGCM_EXP_IV_SZ);
wolfSSL 11:cee25a834751 9506 if ((ret = aes_auth_fn(ssl->decrypt.aes,
wolfSSL 11:cee25a834751 9507 plain + AESGCM_EXP_IV_SZ,
wolfSSL 11:cee25a834751 9508 input + AESGCM_EXP_IV_SZ,
wolfSSL 11:cee25a834751 9509 sz - AESGCM_EXP_IV_SZ - ssl->specs.aead_mac_size,
wolfSSL 11:cee25a834751 9510 ssl->decrypt.nonce, AESGCM_NONCE_SZ,
wolfSSL 11:cee25a834751 9511 input + sz - ssl->specs.aead_mac_size,
wolfSSL 11:cee25a834751 9512 ssl->specs.aead_mac_size,
wolfSSL 11:cee25a834751 9513 ssl->decrypt.additional, AEAD_AUTH_DATA_SZ)) < 0) {
wolfSSL 11:cee25a834751 9514 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 11:cee25a834751 9515 if (ret == WC_PENDING_E) {
wolfSSL 11:cee25a834751 9516 ret = wolfSSL_AsyncPush(ssl,
wolfSSL 11:cee25a834751 9517 &ssl->decrypt.aes->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN);
wolfSSL 11:cee25a834751 9518 break;
wolfSSL 11:cee25a834751 9519 }
wolfSSL 11:cee25a834751 9520 #endif
wolfSSL 11:cee25a834751 9521 }
wolfSSL 11:cee25a834751 9522 }
wolfSSL 11:cee25a834751 9523 break;
wolfSSL 11:cee25a834751 9524 #endif /* BUILD_AESGCM || HAVE_AESCCM */
wolfSSL 11:cee25a834751 9525
wolfSSL 11:cee25a834751 9526 #ifdef HAVE_CAMELLIA
wolfSSL 11:cee25a834751 9527 case wolfssl_camellia:
wolfSSL 11:cee25a834751 9528 wc_CamelliaCbcDecrypt(ssl->decrypt.cam, plain, input, sz);
wolfSSL 11:cee25a834751 9529 break;
wolfSSL 11:cee25a834751 9530 #endif
wolfSSL 11:cee25a834751 9531
wolfSSL 11:cee25a834751 9532 #ifdef HAVE_HC128
wolfSSL 11:cee25a834751 9533 case wolfssl_hc128:
wolfSSL 11:cee25a834751 9534 ret = wc_Hc128_Process(ssl->decrypt.hc128, plain, input, sz);
wolfSSL 11:cee25a834751 9535 break;
wolfSSL 11:cee25a834751 9536 #endif
wolfSSL 11:cee25a834751 9537
wolfSSL 11:cee25a834751 9538 #ifdef BUILD_RABBIT
wolfSSL 11:cee25a834751 9539 case wolfssl_rabbit:
wolfSSL 11:cee25a834751 9540 ret = wc_RabbitProcess(ssl->decrypt.rabbit, plain, input, sz);
wolfSSL 11:cee25a834751 9541 break;
wolfSSL 11:cee25a834751 9542 #endif
wolfSSL 11:cee25a834751 9543
wolfSSL 11:cee25a834751 9544 #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
wolfSSL 11:cee25a834751 9545 case wolfssl_chacha:
wolfSSL 11:cee25a834751 9546 ret = ChachaAEADDecrypt(ssl, plain, input, sz);
wolfSSL 11:cee25a834751 9547 break;
wolfSSL 11:cee25a834751 9548 #endif
wolfSSL 11:cee25a834751 9549
wolfSSL 11:cee25a834751 9550 #ifdef HAVE_NULL_CIPHER
wolfSSL 11:cee25a834751 9551 case wolfssl_cipher_null:
wolfSSL 11:cee25a834751 9552 if (input != plain) {
wolfSSL 11:cee25a834751 9553 XMEMMOVE(plain, input, sz);
wolfSSL 11:cee25a834751 9554 }
wolfSSL 11:cee25a834751 9555 break;
wolfSSL 11:cee25a834751 9556 #endif
wolfSSL 11:cee25a834751 9557
wolfSSL 11:cee25a834751 9558 #ifdef HAVE_IDEA
wolfSSL 11:cee25a834751 9559 case wolfssl_idea:
wolfSSL 11:cee25a834751 9560 ret = wc_IdeaCbcDecrypt(ssl->decrypt.idea, plain, input, sz);
wolfSSL 11:cee25a834751 9561 break;
wolfSSL 11:cee25a834751 9562 #endif
wolfSSL 11:cee25a834751 9563
wolfSSL 11:cee25a834751 9564 default:
wolfSSL 11:cee25a834751 9565 WOLFSSL_MSG("wolfSSL Decrypt programming error");
wolfSSL 11:cee25a834751 9566 ret = DECRYPT_ERROR;
wolfSSL 11:cee25a834751 9567 }
wolfSSL 11:cee25a834751 9568
wolfSSL 11:cee25a834751 9569 return ret;
wolfSSL 11:cee25a834751 9570 }
wolfSSL 11:cee25a834751 9571
wolfSSL 11:cee25a834751 9572 static INLINE int Decrypt(WOLFSSL* ssl, byte* plain, const byte* input,
wolfSSL 11:cee25a834751 9573 word16 sz)
wolfSSL 11:cee25a834751 9574 {
wolfSSL 11:cee25a834751 9575 int ret = 0;
wolfSSL 11:cee25a834751 9576
wolfSSL 11:cee25a834751 9577 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 11:cee25a834751 9578 ret = wolfSSL_AsyncPop(ssl, &ssl->decrypt.state);
wolfSSL 11:cee25a834751 9579 if (ret != WC_NOT_PENDING_E) {
wolfSSL 11:cee25a834751 9580 /* check for still pending */
wolfSSL 11:cee25a834751 9581 if (ret == WC_PENDING_E)
wolfSSL 11:cee25a834751 9582 return ret;
wolfSSL 11:cee25a834751 9583
wolfSSL 11:cee25a834751 9584 ssl->error = 0; /* clear async */
wolfSSL 11:cee25a834751 9585
wolfSSL 11:cee25a834751 9586 /* let failures through so CIPHER_STATE_END logic is run */
wolfSSL 11:cee25a834751 9587 }
wolfSSL 11:cee25a834751 9588 else
wolfSSL 11:cee25a834751 9589 #endif
wolfSSL 11:cee25a834751 9590 {
wolfSSL 11:cee25a834751 9591 /* Reset state */
wolfSSL 11:cee25a834751 9592 ret = 0;
wolfSSL 11:cee25a834751 9593 ssl->decrypt.state = CIPHER_STATE_BEGIN;
wolfSSL 11:cee25a834751 9594 }
wolfSSL 11:cee25a834751 9595
wolfSSL 11:cee25a834751 9596 switch (ssl->decrypt.state) {
wolfSSL 11:cee25a834751 9597 case CIPHER_STATE_BEGIN:
wolfSSL 11:cee25a834751 9598 {
wolfSSL 11:cee25a834751 9599 if (ssl->decrypt.setup == 0) {
wolfSSL 11:cee25a834751 9600 WOLFSSL_MSG("Decrypt ciphers not setup");
wolfSSL 11:cee25a834751 9601 return DECRYPT_ERROR;
wolfSSL 11:cee25a834751 9602 }
wolfSSL 11:cee25a834751 9603
wolfSSL 11:cee25a834751 9604 #if defined(BUILD_AESGCM) || defined(HAVE_AESCCM)
wolfSSL 11:cee25a834751 9605 /* make sure AES GCM/CCM memory is allocated */
wolfSSL 11:cee25a834751 9606 /* free for these happens in FreeCiphers */
wolfSSL 11:cee25a834751 9607 if (ssl->specs.bulk_cipher_algorithm == wolfssl_aes_ccm ||
wolfSSL 11:cee25a834751 9608 ssl->specs.bulk_cipher_algorithm == wolfssl_aes_gcm) {
wolfSSL 11:cee25a834751 9609 /* make sure auth iv and auth are allocated */
wolfSSL 11:cee25a834751 9610 if (ssl->decrypt.additional == NULL)
wolfSSL 11:cee25a834751 9611 ssl->decrypt.additional = (byte*)XMALLOC(AEAD_AUTH_DATA_SZ,
wolfSSL 11:cee25a834751 9612 ssl->heap, DYNAMIC_TYPE_AES);
wolfSSL 11:cee25a834751 9613 if (ssl->decrypt.nonce == NULL)
wolfSSL 11:cee25a834751 9614 ssl->decrypt.nonce = (byte*)XMALLOC(AESGCM_NONCE_SZ,
wolfSSL 11:cee25a834751 9615 ssl->heap, DYNAMIC_TYPE_AES);
wolfSSL 11:cee25a834751 9616 if (ssl->decrypt.additional == NULL ||
wolfSSL 11:cee25a834751 9617 ssl->decrypt.nonce == NULL) {
wolfSSL 11:cee25a834751 9618 return MEMORY_E;
wolfSSL 11:cee25a834751 9619 }
wolfSSL 11:cee25a834751 9620 }
wolfSSL 11:cee25a834751 9621 #endif /* BUILD_AESGCM || HAVE_AESCCM */
wolfSSL 11:cee25a834751 9622
wolfSSL 11:cee25a834751 9623 /* Advance state and proceed */
wolfSSL 11:cee25a834751 9624 ssl->decrypt.state = CIPHER_STATE_DO;
wolfSSL 11:cee25a834751 9625 }
wolfSSL 11:cee25a834751 9626 case CIPHER_STATE_DO:
wolfSSL 11:cee25a834751 9627 {
wolfSSL 11:cee25a834751 9628 ret = DecryptDo(ssl, plain, input, sz);
wolfSSL 11:cee25a834751 9629
wolfSSL 11:cee25a834751 9630 /* Advance state */
wolfSSL 11:cee25a834751 9631 ssl->decrypt.state = CIPHER_STATE_END;
wolfSSL 11:cee25a834751 9632
wolfSSL 11:cee25a834751 9633 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 11:cee25a834751 9634 /* If pending, leave and return below */
wolfSSL 11:cee25a834751 9635 if (ret == WC_PENDING_E) {
wolfSSL 11:cee25a834751 9636 return ret;
wolfSSL 11:cee25a834751 9637 }
wolfSSL 11:cee25a834751 9638 #endif
wolfSSL 11:cee25a834751 9639 }
wolfSSL 11:cee25a834751 9640
wolfSSL 11:cee25a834751 9641 case CIPHER_STATE_END:
wolfSSL 11:cee25a834751 9642 {
wolfSSL 11:cee25a834751 9643 #if defined(BUILD_AESGCM) || defined(HAVE_AESCCM)
wolfSSL 11:cee25a834751 9644 /* make sure AES GCM/CCM nonce is cleared */
wolfSSL 11:cee25a834751 9645 if (ssl->specs.bulk_cipher_algorithm == wolfssl_aes_ccm ||
wolfSSL 11:cee25a834751 9646 ssl->specs.bulk_cipher_algorithm == wolfssl_aes_gcm) {
wolfSSL 11:cee25a834751 9647 if (ssl->decrypt.nonce)
wolfSSL 11:cee25a834751 9648 ForceZero(ssl->decrypt.nonce, AESGCM_NONCE_SZ);
wolfSSL 11:cee25a834751 9649
wolfSSL 11:cee25a834751 9650 if (ret < 0)
wolfSSL 11:cee25a834751 9651 ret = VERIFY_MAC_ERROR;
wolfSSL 11:cee25a834751 9652 }
wolfSSL 11:cee25a834751 9653 #endif /* BUILD_AESGCM || HAVE_AESCCM */
wolfSSL 11:cee25a834751 9654 break;
wolfSSL 11:cee25a834751 9655 }
wolfSSL 11:cee25a834751 9656 }
wolfSSL 11:cee25a834751 9657
wolfSSL 11:cee25a834751 9658 /* Reset state */
wolfSSL 11:cee25a834751 9659 ssl->decrypt.state = CIPHER_STATE_BEGIN;
wolfSSL 11:cee25a834751 9660
wolfSSL 11:cee25a834751 9661 /* handle mac error case */
wolfSSL 11:cee25a834751 9662 if (ret == VERIFY_MAC_ERROR) {
wolfSSL 11:cee25a834751 9663 if (!ssl->options.dtls)
wolfSSL 11:cee25a834751 9664 SendAlert(ssl, alert_fatal, bad_record_mac);
wolfSSL 11:cee25a834751 9665 }
wolfSSL 11:cee25a834751 9666
wolfSSL 11:cee25a834751 9667 return ret;
wolfSSL 11:cee25a834751 9668 }
wolfSSL 11:cee25a834751 9669
wolfSSL 11:cee25a834751 9670
wolfSSL 11:cee25a834751 9671 /* check cipher text size for sanity */
wolfSSL 11:cee25a834751 9672 static int SanityCheckCipherText(WOLFSSL* ssl, word32 encryptSz)
wolfSSL 11:cee25a834751 9673 {
wolfSSL 11:cee25a834751 9674 #ifdef HAVE_TRUNCATED_HMAC
wolfSSL 11:cee25a834751 9675 word32 minLength = ssl->truncated_hmac ? (byte)TRUNCATED_HMAC_SZ
wolfSSL 11:cee25a834751 9676 : ssl->specs.hash_size;
wolfSSL 11:cee25a834751 9677 #else
wolfSSL 11:cee25a834751 9678 word32 minLength = ssl->specs.hash_size; /* covers stream */
wolfSSL 11:cee25a834751 9679 #endif
wolfSSL 11:cee25a834751 9680
wolfSSL 11:cee25a834751 9681 if (ssl->specs.cipher_type == block) {
wolfSSL 11:cee25a834751 9682 if (encryptSz % ssl->specs.block_size) {
wolfSSL 11:cee25a834751 9683 WOLFSSL_MSG("Block ciphertext not block size");
wolfSSL 11:cee25a834751 9684 return SANITY_CIPHER_E;
wolfSSL 11:cee25a834751 9685 }
wolfSSL 11:cee25a834751 9686
wolfSSL 11:cee25a834751 9687 minLength++; /* pad byte */
wolfSSL 11:cee25a834751 9688
wolfSSL 11:cee25a834751 9689 if (ssl->specs.block_size > minLength)
wolfSSL 11:cee25a834751 9690 minLength = ssl->specs.block_size;
wolfSSL 11:cee25a834751 9691
wolfSSL 11:cee25a834751 9692 if (ssl->options.tls1_1)
wolfSSL 11:cee25a834751 9693 minLength += ssl->specs.block_size; /* explicit IV */
wolfSSL 11:cee25a834751 9694 }
wolfSSL 11:cee25a834751 9695 else if (ssl->specs.cipher_type == aead) {
wolfSSL 11:cee25a834751 9696 minLength = ssl->specs.aead_mac_size; /* authTag size */
wolfSSL 11:cee25a834751 9697 if (ssl->specs.bulk_cipher_algorithm != wolfssl_chacha)
wolfSSL 11:cee25a834751 9698 minLength += AESGCM_EXP_IV_SZ; /* explicit IV */
wolfSSL 11:cee25a834751 9699 }
wolfSSL 11:cee25a834751 9700
wolfSSL 11:cee25a834751 9701 if (encryptSz < minLength) {
wolfSSL 11:cee25a834751 9702 WOLFSSL_MSG("Ciphertext not minimum size");
wolfSSL 11:cee25a834751 9703 return SANITY_CIPHER_E;
wolfSSL 11:cee25a834751 9704 }
wolfSSL 11:cee25a834751 9705
wolfSSL 11:cee25a834751 9706 return 0;
wolfSSL 11:cee25a834751 9707 }
wolfSSL 11:cee25a834751 9708
wolfSSL 11:cee25a834751 9709
wolfSSL 11:cee25a834751 9710 #ifndef NO_OLD_TLS
wolfSSL 11:cee25a834751 9711
wolfSSL 11:cee25a834751 9712 static INLINE void Md5Rounds(int rounds, const byte* data, int sz)
wolfSSL 11:cee25a834751 9713 {
wolfSSL 11:cee25a834751 9714 Md5 md5;
wolfSSL 11:cee25a834751 9715 int i;
wolfSSL 11:cee25a834751 9716
wolfSSL 11:cee25a834751 9717 wc_InitMd5(&md5); /* no error check on purpose, dummy round */
wolfSSL 11:cee25a834751 9718
wolfSSL 11:cee25a834751 9719 for (i = 0; i < rounds; i++)
wolfSSL 11:cee25a834751 9720 wc_Md5Update(&md5, data, sz);
wolfSSL 11:cee25a834751 9721 wc_Md5Free(&md5); /* in case needed to release resources */
wolfSSL 11:cee25a834751 9722 }
wolfSSL 11:cee25a834751 9723
wolfSSL 11:cee25a834751 9724
wolfSSL 11:cee25a834751 9725
wolfSSL 11:cee25a834751 9726 /* do a dummy sha round */
wolfSSL 11:cee25a834751 9727 static INLINE void ShaRounds(int rounds, const byte* data, int sz)
wolfSSL 11:cee25a834751 9728 {
wolfSSL 11:cee25a834751 9729 Sha sha;
wolfSSL 11:cee25a834751 9730 int i;
wolfSSL 11:cee25a834751 9731
wolfSSL 11:cee25a834751 9732 wc_InitSha(&sha); /* no error check on purpose, dummy round */
wolfSSL 11:cee25a834751 9733
wolfSSL 11:cee25a834751 9734 for (i = 0; i < rounds; i++)
wolfSSL 11:cee25a834751 9735 wc_ShaUpdate(&sha, data, sz);
wolfSSL 11:cee25a834751 9736 wc_ShaFree(&sha); /* in case needed to release resources */
wolfSSL 11:cee25a834751 9737 }
wolfSSL 11:cee25a834751 9738 #endif
wolfSSL 11:cee25a834751 9739
wolfSSL 11:cee25a834751 9740
wolfSSL 11:cee25a834751 9741 #ifndef NO_SHA256
wolfSSL 11:cee25a834751 9742
wolfSSL 11:cee25a834751 9743 static INLINE void Sha256Rounds(int rounds, const byte* data, int sz)
wolfSSL 11:cee25a834751 9744 {
wolfSSL 11:cee25a834751 9745 Sha256 sha256;
wolfSSL 11:cee25a834751 9746 int i;
wolfSSL 11:cee25a834751 9747
wolfSSL 11:cee25a834751 9748 wc_InitSha256(&sha256); /* no error check on purpose, dummy round */
wolfSSL 11:cee25a834751 9749
wolfSSL 11:cee25a834751 9750 for (i = 0; i < rounds; i++) {
wolfSSL 11:cee25a834751 9751 wc_Sha256Update(&sha256, data, sz);
wolfSSL 11:cee25a834751 9752 /* no error check on purpose, dummy round */
wolfSSL 11:cee25a834751 9753 }
wolfSSL 11:cee25a834751 9754 wc_Sha256Free(&sha256); /* in case needed to release resources */
wolfSSL 11:cee25a834751 9755 }
wolfSSL 11:cee25a834751 9756
wolfSSL 11:cee25a834751 9757 #endif
wolfSSL 11:cee25a834751 9758
wolfSSL 11:cee25a834751 9759
wolfSSL 11:cee25a834751 9760 #ifdef WOLFSSL_SHA384
wolfSSL 11:cee25a834751 9761
wolfSSL 11:cee25a834751 9762 static INLINE void Sha384Rounds(int rounds, const byte* data, int sz)
wolfSSL 11:cee25a834751 9763 {
wolfSSL 11:cee25a834751 9764 Sha384 sha384;
wolfSSL 11:cee25a834751 9765 int i;
wolfSSL 11:cee25a834751 9766
wolfSSL 11:cee25a834751 9767 wc_InitSha384(&sha384); /* no error check on purpose, dummy round */
wolfSSL 11:cee25a834751 9768
wolfSSL 11:cee25a834751 9769 for (i = 0; i < rounds; i++) {
wolfSSL 11:cee25a834751 9770 wc_Sha384Update(&sha384, data, sz);
wolfSSL 11:cee25a834751 9771 /* no error check on purpose, dummy round */
wolfSSL 11:cee25a834751 9772 }
wolfSSL 11:cee25a834751 9773 wc_Sha384Free(&sha384); /* in case needed to release resources */
wolfSSL 11:cee25a834751 9774 }
wolfSSL 11:cee25a834751 9775
wolfSSL 11:cee25a834751 9776 #endif
wolfSSL 11:cee25a834751 9777
wolfSSL 11:cee25a834751 9778
wolfSSL 11:cee25a834751 9779 #ifdef WOLFSSL_SHA512
wolfSSL 11:cee25a834751 9780
wolfSSL 11:cee25a834751 9781 static INLINE void Sha512Rounds(int rounds, const byte* data, int sz)
wolfSSL 11:cee25a834751 9782 {
wolfSSL 11:cee25a834751 9783 Sha512 sha512;
wolfSSL 11:cee25a834751 9784 int i;
wolfSSL 11:cee25a834751 9785
wolfSSL 11:cee25a834751 9786 wc_InitSha512(&sha512); /* no error check on purpose, dummy round */
wolfSSL 11:cee25a834751 9787
wolfSSL 11:cee25a834751 9788 for (i = 0; i < rounds; i++) {
wolfSSL 11:cee25a834751 9789 wc_Sha512Update(&sha512, data, sz);
wolfSSL 11:cee25a834751 9790 /* no error check on purpose, dummy round */
wolfSSL 11:cee25a834751 9791 }
wolfSSL 11:cee25a834751 9792 wc_Sha512Free(&sha512); /* in case needed to release resources */
wolfSSL 11:cee25a834751 9793 }
wolfSSL 11:cee25a834751 9794
wolfSSL 11:cee25a834751 9795 #endif
wolfSSL 11:cee25a834751 9796
wolfSSL 11:cee25a834751 9797
wolfSSL 11:cee25a834751 9798 #ifdef WOLFSSL_RIPEMD
wolfSSL 11:cee25a834751 9799
wolfSSL 11:cee25a834751 9800 static INLINE void RmdRounds(int rounds, const byte* data, int sz)
wolfSSL 11:cee25a834751 9801 {
wolfSSL 11:cee25a834751 9802 RipeMd ripemd;
wolfSSL 11:cee25a834751 9803 int i;
wolfSSL 11:cee25a834751 9804
wolfSSL 11:cee25a834751 9805 wc_InitRipeMd(&ripemd);
wolfSSL 11:cee25a834751 9806
wolfSSL 11:cee25a834751 9807 for (i = 0; i < rounds; i++)
wolfSSL 11:cee25a834751 9808 wc_RipeMdUpdate(&ripemd, data, sz);
wolfSSL 11:cee25a834751 9809 }
wolfSSL 11:cee25a834751 9810
wolfSSL 11:cee25a834751 9811 #endif
wolfSSL 11:cee25a834751 9812
wolfSSL 11:cee25a834751 9813
wolfSSL 11:cee25a834751 9814 /* Do dummy rounds */
wolfSSL 11:cee25a834751 9815 static INLINE void DoRounds(int type, int rounds, const byte* data, int sz)
wolfSSL 11:cee25a834751 9816 {
wolfSSL 11:cee25a834751 9817 (void)rounds;
wolfSSL 11:cee25a834751 9818 (void)data;
wolfSSL 11:cee25a834751 9819 (void)sz;
wolfSSL 11:cee25a834751 9820
wolfSSL 11:cee25a834751 9821 switch (type) {
wolfSSL 11:cee25a834751 9822 case no_mac :
wolfSSL 11:cee25a834751 9823 break;
wolfSSL 11:cee25a834751 9824
wolfSSL 11:cee25a834751 9825 #ifndef NO_OLD_TLS
wolfSSL 11:cee25a834751 9826 #ifndef NO_MD5
wolfSSL 11:cee25a834751 9827 case md5_mac :
wolfSSL 11:cee25a834751 9828 Md5Rounds(rounds, data, sz);
wolfSSL 11:cee25a834751 9829 break;
wolfSSL 11:cee25a834751 9830 #endif
wolfSSL 11:cee25a834751 9831
wolfSSL 11:cee25a834751 9832 #ifndef NO_SHA
wolfSSL 11:cee25a834751 9833 case sha_mac :
wolfSSL 11:cee25a834751 9834 ShaRounds(rounds, data, sz);
wolfSSL 11:cee25a834751 9835 break;
wolfSSL 11:cee25a834751 9836 #endif
wolfSSL 11:cee25a834751 9837 #endif
wolfSSL 11:cee25a834751 9838
wolfSSL 11:cee25a834751 9839 #ifndef NO_SHA256
wolfSSL 11:cee25a834751 9840 case sha256_mac :
wolfSSL 11:cee25a834751 9841 Sha256Rounds(rounds, data, sz);
wolfSSL 11:cee25a834751 9842 break;
wolfSSL 11:cee25a834751 9843 #endif
wolfSSL 11:cee25a834751 9844
wolfSSL 11:cee25a834751 9845 #ifdef WOLFSSL_SHA384
wolfSSL 11:cee25a834751 9846 case sha384_mac :
wolfSSL 11:cee25a834751 9847 Sha384Rounds(rounds, data, sz);
wolfSSL 11:cee25a834751 9848 break;
wolfSSL 11:cee25a834751 9849 #endif
wolfSSL 11:cee25a834751 9850
wolfSSL 11:cee25a834751 9851 #ifdef WOLFSSL_SHA512
wolfSSL 11:cee25a834751 9852 case sha512_mac :
wolfSSL 11:cee25a834751 9853 Sha512Rounds(rounds, data, sz);
wolfSSL 11:cee25a834751 9854 break;
wolfSSL 11:cee25a834751 9855 #endif
wolfSSL 11:cee25a834751 9856
wolfSSL 11:cee25a834751 9857 #ifdef WOLFSSL_RIPEMD
wolfSSL 11:cee25a834751 9858 case rmd_mac :
wolfSSL 11:cee25a834751 9859 RmdRounds(rounds, data, sz);
wolfSSL 11:cee25a834751 9860 break;
wolfSSL 11:cee25a834751 9861 #endif
wolfSSL 11:cee25a834751 9862
wolfSSL 11:cee25a834751 9863 default:
wolfSSL 11:cee25a834751 9864 WOLFSSL_MSG("Bad round type");
wolfSSL 11:cee25a834751 9865 break;
wolfSSL 11:cee25a834751 9866 }
wolfSSL 11:cee25a834751 9867 }
wolfSSL 11:cee25a834751 9868
wolfSSL 11:cee25a834751 9869
wolfSSL 11:cee25a834751 9870 /* do number of compression rounds on dummy data */
wolfSSL 11:cee25a834751 9871 static INLINE void CompressRounds(WOLFSSL* ssl, int rounds, const byte* dummy)
wolfSSL 11:cee25a834751 9872 {
wolfSSL 11:cee25a834751 9873 if (rounds)
wolfSSL 11:cee25a834751 9874 DoRounds(ssl->specs.mac_algorithm, rounds, dummy, COMPRESS_LOWER);
wolfSSL 11:cee25a834751 9875 }
wolfSSL 11:cee25a834751 9876
wolfSSL 11:cee25a834751 9877
wolfSSL 11:cee25a834751 9878 /* check all length bytes for the pad value, return 0 on success */
wolfSSL 11:cee25a834751 9879 static int PadCheck(const byte* a, byte pad, int length)
wolfSSL 11:cee25a834751 9880 {
wolfSSL 11:cee25a834751 9881 int i;
wolfSSL 11:cee25a834751 9882 int compareSum = 0;
wolfSSL 11:cee25a834751 9883
wolfSSL 11:cee25a834751 9884 for (i = 0; i < length; i++) {
wolfSSL 11:cee25a834751 9885 compareSum |= a[i] ^ pad;
wolfSSL 11:cee25a834751 9886 }
wolfSSL 11:cee25a834751 9887
wolfSSL 11:cee25a834751 9888 return compareSum;
wolfSSL 11:cee25a834751 9889 }
wolfSSL 11:cee25a834751 9890
wolfSSL 11:cee25a834751 9891
wolfSSL 11:cee25a834751 9892 /* get compression extra rounds */
wolfSSL 11:cee25a834751 9893 static INLINE int GetRounds(int pLen, int padLen, int t)
wolfSSL 11:cee25a834751 9894 {
wolfSSL 11:cee25a834751 9895 int roundL1 = 1; /* round up flags */
wolfSSL 11:cee25a834751 9896 int roundL2 = 1;
wolfSSL 11:cee25a834751 9897
wolfSSL 11:cee25a834751 9898 int L1 = COMPRESS_CONSTANT + pLen - t;
wolfSSL 11:cee25a834751 9899 int L2 = COMPRESS_CONSTANT + pLen - padLen - 1 - t;
wolfSSL 11:cee25a834751 9900
wolfSSL 11:cee25a834751 9901 L1 -= COMPRESS_UPPER;
wolfSSL 11:cee25a834751 9902 L2 -= COMPRESS_UPPER;
wolfSSL 11:cee25a834751 9903
wolfSSL 11:cee25a834751 9904 if ( (L1 % COMPRESS_LOWER) == 0)
wolfSSL 11:cee25a834751 9905 roundL1 = 0;
wolfSSL 11:cee25a834751 9906 if ( (L2 % COMPRESS_LOWER) == 0)
wolfSSL 11:cee25a834751 9907 roundL2 = 0;
wolfSSL 11:cee25a834751 9908
wolfSSL 11:cee25a834751 9909 L1 /= COMPRESS_LOWER;
wolfSSL 11:cee25a834751 9910 L2 /= COMPRESS_LOWER;
wolfSSL 11:cee25a834751 9911
wolfSSL 11:cee25a834751 9912 L1 += roundL1;
wolfSSL 11:cee25a834751 9913 L2 += roundL2;
wolfSSL 11:cee25a834751 9914
wolfSSL 11:cee25a834751 9915 return L1 - L2;
wolfSSL 11:cee25a834751 9916 }
wolfSSL 11:cee25a834751 9917
wolfSSL 11:cee25a834751 9918
wolfSSL 11:cee25a834751 9919 /* timing resistant pad/verify check, return 0 on success */
wolfSSL 11:cee25a834751 9920 static int TimingPadVerify(WOLFSSL* ssl, const byte* input, int padLen, int t,
wolfSSL 11:cee25a834751 9921 int pLen, int content)
wolfSSL 11:cee25a834751 9922 {
wolfSSL 11:cee25a834751 9923 byte verify[MAX_DIGEST_SIZE];
wolfSSL 11:cee25a834751 9924 byte dmy[sizeof(WOLFSSL) >= MAX_PAD_SIZE ? 1 : MAX_PAD_SIZE] = {0};
wolfSSL 11:cee25a834751 9925 byte* dummy = sizeof(dmy) < MAX_PAD_SIZE ? (byte*) ssl : dmy;
wolfSSL 11:cee25a834751 9926 int ret = 0;
wolfSSL 11:cee25a834751 9927
wolfSSL 11:cee25a834751 9928 (void)dmy;
wolfSSL 11:cee25a834751 9929
wolfSSL 11:cee25a834751 9930 if ( (t + padLen + 1) > pLen) {
wolfSSL 11:cee25a834751 9931 WOLFSSL_MSG("Plain Len not long enough for pad/mac");
wolfSSL 11:cee25a834751 9932 PadCheck(dummy, (byte)padLen, MAX_PAD_SIZE);
wolfSSL 11:cee25a834751 9933 ssl->hmac(ssl, verify, input, pLen - t, content, 1); /* still compare */
wolfSSL 11:cee25a834751 9934 ConstantCompare(verify, input + pLen - t, t);
wolfSSL 11:cee25a834751 9935
wolfSSL 11:cee25a834751 9936 return VERIFY_MAC_ERROR;
wolfSSL 11:cee25a834751 9937 }
wolfSSL 11:cee25a834751 9938
wolfSSL 11:cee25a834751 9939 if (PadCheck(input + pLen - (padLen + 1), (byte)padLen, padLen + 1) != 0) {
wolfSSL 11:cee25a834751 9940 WOLFSSL_MSG("PadCheck failed");
wolfSSL 11:cee25a834751 9941 PadCheck(dummy, (byte)padLen, MAX_PAD_SIZE - padLen - 1);
wolfSSL 11:cee25a834751 9942 ssl->hmac(ssl, verify, input, pLen - t, content, 1); /* still compare */
wolfSSL 11:cee25a834751 9943 ConstantCompare(verify, input + pLen - t, t);
wolfSSL 11:cee25a834751 9944
wolfSSL 11:cee25a834751 9945 return VERIFY_MAC_ERROR;
wolfSSL 11:cee25a834751 9946 }
wolfSSL 11:cee25a834751 9947
wolfSSL 11:cee25a834751 9948 PadCheck(dummy, (byte)padLen, MAX_PAD_SIZE - padLen - 1);
wolfSSL 11:cee25a834751 9949 ret = ssl->hmac(ssl, verify, input, pLen - padLen - 1 - t, content, 1);
wolfSSL 11:cee25a834751 9950
wolfSSL 11:cee25a834751 9951 CompressRounds(ssl, GetRounds(pLen, padLen, t), dummy);
wolfSSL 11:cee25a834751 9952
wolfSSL 11:cee25a834751 9953 if (ConstantCompare(verify, input + (pLen - padLen - 1 - t), t) != 0) {
wolfSSL 11:cee25a834751 9954 WOLFSSL_MSG("Verify MAC compare failed");
wolfSSL 11:cee25a834751 9955 return VERIFY_MAC_ERROR;
wolfSSL 11:cee25a834751 9956 }
wolfSSL 11:cee25a834751 9957
wolfSSL 11:cee25a834751 9958 /* treat any faulure as verify MAC error */
wolfSSL 11:cee25a834751 9959 if (ret != 0)
wolfSSL 11:cee25a834751 9960 ret = VERIFY_MAC_ERROR;
wolfSSL 11:cee25a834751 9961
wolfSSL 11:cee25a834751 9962 return ret;
wolfSSL 11:cee25a834751 9963 }
wolfSSL 11:cee25a834751 9964
wolfSSL 11:cee25a834751 9965
wolfSSL 11:cee25a834751 9966 int DoApplicationData(WOLFSSL* ssl, byte* input, word32* inOutIdx)
wolfSSL 11:cee25a834751 9967 {
wolfSSL 11:cee25a834751 9968 word32 msgSz = ssl->keys.encryptSz;
wolfSSL 11:cee25a834751 9969 word32 idx = *inOutIdx;
wolfSSL 11:cee25a834751 9970 int dataSz;
wolfSSL 11:cee25a834751 9971 int ivExtra = 0;
wolfSSL 11:cee25a834751 9972 byte* rawData = input + idx; /* keep current for hmac */
wolfSSL 11:cee25a834751 9973 #ifdef HAVE_LIBZ
wolfSSL 11:cee25a834751 9974 byte decomp[MAX_RECORD_SIZE + MAX_COMP_EXTRA];
wolfSSL 11:cee25a834751 9975 #endif
wolfSSL 11:cee25a834751 9976
wolfSSL 11:cee25a834751 9977 if (ssl->options.handShakeDone == 0) {
wolfSSL 11:cee25a834751 9978 WOLFSSL_MSG("Received App data before a handshake completed");
wolfSSL 11:cee25a834751 9979 SendAlert(ssl, alert_fatal, unexpected_message);
wolfSSL 11:cee25a834751 9980 return OUT_OF_ORDER_E;
wolfSSL 11:cee25a834751 9981 }
wolfSSL 11:cee25a834751 9982
wolfSSL 11:cee25a834751 9983 if (ssl->specs.cipher_type == block) {
wolfSSL 11:cee25a834751 9984 if (ssl->options.tls1_1)
wolfSSL 11:cee25a834751 9985 ivExtra = ssl->specs.block_size;
wolfSSL 11:cee25a834751 9986 }
wolfSSL 11:cee25a834751 9987 else if (ssl->specs.cipher_type == aead) {
wolfSSL 11:cee25a834751 9988 if (ssl->specs.bulk_cipher_algorithm != wolfssl_chacha)
wolfSSL 11:cee25a834751 9989 ivExtra = AESGCM_EXP_IV_SZ;
wolfSSL 11:cee25a834751 9990 }
wolfSSL 11:cee25a834751 9991
wolfSSL 11:cee25a834751 9992 dataSz = msgSz - ivExtra - ssl->keys.padSz;
wolfSSL 11:cee25a834751 9993 if (dataSz < 0) {
wolfSSL 11:cee25a834751 9994 WOLFSSL_MSG("App data buffer error, malicious input?");
wolfSSL 11:cee25a834751 9995 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 9996 }
wolfSSL 11:cee25a834751 9997
wolfSSL 11:cee25a834751 9998 /* read data */
wolfSSL 11:cee25a834751 9999 if (dataSz) {
wolfSSL 11:cee25a834751 10000 int rawSz = dataSz; /* keep raw size for idx adjustment */
wolfSSL 11:cee25a834751 10001
wolfSSL 11:cee25a834751 10002 #ifdef HAVE_LIBZ
wolfSSL 11:cee25a834751 10003 if (ssl->options.usingCompression) {
wolfSSL 11:cee25a834751 10004 dataSz = myDeCompress(ssl, rawData, dataSz, decomp, sizeof(decomp));
wolfSSL 11:cee25a834751 10005 if (dataSz < 0) return dataSz;
wolfSSL 11:cee25a834751 10006 }
wolfSSL 11:cee25a834751 10007 #endif
wolfSSL 11:cee25a834751 10008 idx += rawSz;
wolfSSL 11:cee25a834751 10009
wolfSSL 11:cee25a834751 10010 ssl->buffers.clearOutputBuffer.buffer = rawData;
wolfSSL 11:cee25a834751 10011 ssl->buffers.clearOutputBuffer.length = dataSz;
wolfSSL 11:cee25a834751 10012 }
wolfSSL 11:cee25a834751 10013
wolfSSL 11:cee25a834751 10014 idx += ssl->keys.padSz;
wolfSSL 11:cee25a834751 10015
wolfSSL 11:cee25a834751 10016 #ifdef HAVE_LIBZ
wolfSSL 11:cee25a834751 10017 /* decompress could be bigger, overwrite after verify */
wolfSSL 11:cee25a834751 10018 if (ssl->options.usingCompression)
wolfSSL 11:cee25a834751 10019 XMEMMOVE(rawData, decomp, dataSz);
wolfSSL 11:cee25a834751 10020 #endif
wolfSSL 11:cee25a834751 10021
wolfSSL 11:cee25a834751 10022 *inOutIdx = idx;
wolfSSL 11:cee25a834751 10023 return 0;
wolfSSL 11:cee25a834751 10024 }
wolfSSL 11:cee25a834751 10025
wolfSSL 11:cee25a834751 10026
wolfSSL 11:cee25a834751 10027 /* process alert, return level */
wolfSSL 11:cee25a834751 10028 static int DoAlert(WOLFSSL* ssl, byte* input, word32* inOutIdx, int* type,
wolfSSL 11:cee25a834751 10029 word32 totalSz)
wolfSSL 11:cee25a834751 10030 {
wolfSSL 11:cee25a834751 10031 byte level;
wolfSSL 11:cee25a834751 10032 byte code;
wolfSSL 11:cee25a834751 10033
wolfSSL 11:cee25a834751 10034 #ifdef WOLFSSL_CALLBACKS
wolfSSL 11:cee25a834751 10035 if (ssl->hsInfoOn)
wolfSSL 11:cee25a834751 10036 AddPacketName("Alert", &ssl->handShakeInfo);
wolfSSL 11:cee25a834751 10037 if (ssl->toInfoOn)
wolfSSL 11:cee25a834751 10038 /* add record header back on to info + alert bytes level/code */
wolfSSL 11:cee25a834751 10039 AddPacketInfo("Alert", &ssl->timeoutInfo, input + *inOutIdx -
wolfSSL 11:cee25a834751 10040 RECORD_HEADER_SZ, RECORD_HEADER_SZ + ALERT_SIZE,
wolfSSL 11:cee25a834751 10041 ssl->heap);
wolfSSL 11:cee25a834751 10042 #endif
wolfSSL 11:cee25a834751 10043
wolfSSL 11:cee25a834751 10044 /* make sure can read the message */
wolfSSL 11:cee25a834751 10045 if (*inOutIdx + ALERT_SIZE > totalSz)
wolfSSL 11:cee25a834751 10046 return BUFFER_E;
wolfSSL 11:cee25a834751 10047
wolfSSL 11:cee25a834751 10048 level = input[(*inOutIdx)++];
wolfSSL 11:cee25a834751 10049 code = input[(*inOutIdx)++];
wolfSSL 11:cee25a834751 10050 ssl->alert_history.last_rx.code = code;
wolfSSL 11:cee25a834751 10051 ssl->alert_history.last_rx.level = level;
wolfSSL 11:cee25a834751 10052 *type = code;
wolfSSL 11:cee25a834751 10053 if (level == alert_fatal) {
wolfSSL 11:cee25a834751 10054 ssl->options.isClosed = 1; /* Don't send close_notify */
wolfSSL 11:cee25a834751 10055 }
wolfSSL 11:cee25a834751 10056
wolfSSL 11:cee25a834751 10057 WOLFSSL_MSG("Got alert");
wolfSSL 11:cee25a834751 10058 if (*type == close_notify) {
wolfSSL 11:cee25a834751 10059 WOLFSSL_MSG("\tclose notify");
wolfSSL 11:cee25a834751 10060 ssl->options.closeNotify = 1;
wolfSSL 11:cee25a834751 10061 }
wolfSSL 11:cee25a834751 10062 WOLFSSL_ERROR(*type);
wolfSSL 11:cee25a834751 10063 if (IsEncryptionOn(ssl, 0)) {
wolfSSL 11:cee25a834751 10064 if (*inOutIdx + ssl->keys.padSz > totalSz)
wolfSSL 11:cee25a834751 10065 return BUFFER_E;
wolfSSL 11:cee25a834751 10066 *inOutIdx += ssl->keys.padSz;
wolfSSL 11:cee25a834751 10067 }
wolfSSL 11:cee25a834751 10068
wolfSSL 11:cee25a834751 10069 return level;
wolfSSL 11:cee25a834751 10070 }
wolfSSL 11:cee25a834751 10071
wolfSSL 11:cee25a834751 10072 static int GetInputData(WOLFSSL *ssl, word32 size)
wolfSSL 11:cee25a834751 10073 {
wolfSSL 11:cee25a834751 10074 int in;
wolfSSL 11:cee25a834751 10075 int inSz;
wolfSSL 11:cee25a834751 10076 int maxLength;
wolfSSL 11:cee25a834751 10077 int usedLength;
wolfSSL 11:cee25a834751 10078 int dtlsExtra = 0;
wolfSSL 11:cee25a834751 10079
wolfSSL 11:cee25a834751 10080
wolfSSL 11:cee25a834751 10081 /* check max input length */
wolfSSL 11:cee25a834751 10082 usedLength = ssl->buffers.inputBuffer.length - ssl->buffers.inputBuffer.idx;
wolfSSL 11:cee25a834751 10083 maxLength = ssl->buffers.inputBuffer.bufferSize - usedLength;
wolfSSL 11:cee25a834751 10084 inSz = (int)(size - usedLength); /* from last partial read */
wolfSSL 11:cee25a834751 10085
wolfSSL 11:cee25a834751 10086 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 10087 if (ssl->options.dtls) {
wolfSSL 11:cee25a834751 10088 if (size < ssl->dtls_expected_rx)
wolfSSL 11:cee25a834751 10089 dtlsExtra = (int)(ssl->dtls_expected_rx - size);
wolfSSL 11:cee25a834751 10090 inSz = ssl->dtls_expected_rx;
wolfSSL 11:cee25a834751 10091 }
wolfSSL 11:cee25a834751 10092 #endif
wolfSSL 11:cee25a834751 10093
wolfSSL 11:cee25a834751 10094 /* check that no lengths or size values are negative */
wolfSSL 11:cee25a834751 10095 if (usedLength < 0 || maxLength < 0 || inSz <= 0) {
wolfSSL 11:cee25a834751 10096 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 10097 }
wolfSSL 11:cee25a834751 10098
wolfSSL 11:cee25a834751 10099 if (inSz > maxLength) {
wolfSSL 11:cee25a834751 10100 if (GrowInputBuffer(ssl, size + dtlsExtra, usedLength) < 0)
wolfSSL 11:cee25a834751 10101 return MEMORY_E;
wolfSSL 11:cee25a834751 10102 }
wolfSSL 11:cee25a834751 10103
wolfSSL 11:cee25a834751 10104 /* Put buffer data at start if not there */
wolfSSL 11:cee25a834751 10105 if (usedLength > 0 && ssl->buffers.inputBuffer.idx != 0)
wolfSSL 11:cee25a834751 10106 XMEMMOVE(ssl->buffers.inputBuffer.buffer,
wolfSSL 11:cee25a834751 10107 ssl->buffers.inputBuffer.buffer + ssl->buffers.inputBuffer.idx,
wolfSSL 11:cee25a834751 10108 usedLength);
wolfSSL 11:cee25a834751 10109
wolfSSL 11:cee25a834751 10110 /* remove processed data */
wolfSSL 11:cee25a834751 10111 ssl->buffers.inputBuffer.idx = 0;
wolfSSL 11:cee25a834751 10112 ssl->buffers.inputBuffer.length = usedLength;
wolfSSL 11:cee25a834751 10113
wolfSSL 11:cee25a834751 10114 /* read data from network */
wolfSSL 11:cee25a834751 10115 do {
wolfSSL 11:cee25a834751 10116 in = Receive(ssl,
wolfSSL 11:cee25a834751 10117 ssl->buffers.inputBuffer.buffer +
wolfSSL 11:cee25a834751 10118 ssl->buffers.inputBuffer.length,
wolfSSL 11:cee25a834751 10119 inSz);
wolfSSL 11:cee25a834751 10120 if (in == -1)
wolfSSL 11:cee25a834751 10121 return SOCKET_ERROR_E;
wolfSSL 11:cee25a834751 10122
wolfSSL 11:cee25a834751 10123 if (in == WANT_READ)
wolfSSL 11:cee25a834751 10124 return WANT_READ;
wolfSSL 11:cee25a834751 10125
wolfSSL 11:cee25a834751 10126 if (in > inSz)
wolfSSL 11:cee25a834751 10127 return RECV_OVERFLOW_E;
wolfSSL 11:cee25a834751 10128
wolfSSL 11:cee25a834751 10129 ssl->buffers.inputBuffer.length += in;
wolfSSL 11:cee25a834751 10130 inSz -= in;
wolfSSL 11:cee25a834751 10131
wolfSSL 11:cee25a834751 10132 } while (ssl->buffers.inputBuffer.length < size);
wolfSSL 11:cee25a834751 10133
wolfSSL 11:cee25a834751 10134 return 0;
wolfSSL 11:cee25a834751 10135 }
wolfSSL 11:cee25a834751 10136
wolfSSL 11:cee25a834751 10137
wolfSSL 11:cee25a834751 10138 static INLINE int VerifyMac(WOLFSSL* ssl, const byte* input, word32 msgSz,
wolfSSL 11:cee25a834751 10139 int content, word32* padSz)
wolfSSL 11:cee25a834751 10140 {
wolfSSL 11:cee25a834751 10141 int ivExtra = 0;
wolfSSL 11:cee25a834751 10142 int ret;
wolfSSL 11:cee25a834751 10143 word32 pad = 0;
wolfSSL 11:cee25a834751 10144 word32 padByte = 0;
wolfSSL 11:cee25a834751 10145 #ifdef HAVE_TRUNCATED_HMAC
wolfSSL 11:cee25a834751 10146 word32 digestSz = ssl->truncated_hmac ? (byte)TRUNCATED_HMAC_SZ
wolfSSL 11:cee25a834751 10147 : ssl->specs.hash_size;
wolfSSL 11:cee25a834751 10148 #else
wolfSSL 11:cee25a834751 10149 word32 digestSz = ssl->specs.hash_size;
wolfSSL 11:cee25a834751 10150 #endif
wolfSSL 11:cee25a834751 10151 byte verify[MAX_DIGEST_SIZE];
wolfSSL 11:cee25a834751 10152
wolfSSL 11:cee25a834751 10153 if (ssl->specs.cipher_type == block) {
wolfSSL 11:cee25a834751 10154 if (ssl->options.tls1_1)
wolfSSL 11:cee25a834751 10155 ivExtra = ssl->specs.block_size;
wolfSSL 11:cee25a834751 10156 pad = *(input + msgSz - ivExtra - 1);
wolfSSL 11:cee25a834751 10157 padByte = 1;
wolfSSL 11:cee25a834751 10158
wolfSSL 11:cee25a834751 10159 if (ssl->options.tls) {
wolfSSL 11:cee25a834751 10160 ret = TimingPadVerify(ssl, input, pad, digestSz, msgSz - ivExtra,
wolfSSL 11:cee25a834751 10161 content);
wolfSSL 11:cee25a834751 10162 if (ret != 0)
wolfSSL 11:cee25a834751 10163 return ret;
wolfSSL 11:cee25a834751 10164 }
wolfSSL 11:cee25a834751 10165 else { /* sslv3, some implementations have bad padding, but don't
wolfSSL 11:cee25a834751 10166 * allow bad read */
wolfSSL 11:cee25a834751 10167 int badPadLen = 0;
wolfSSL 11:cee25a834751 10168 byte dmy[sizeof(WOLFSSL) >= MAX_PAD_SIZE ? 1 : MAX_PAD_SIZE] = {0};
wolfSSL 11:cee25a834751 10169 byte* dummy = sizeof(dmy) < MAX_PAD_SIZE ? (byte*) ssl : dmy;
wolfSSL 11:cee25a834751 10170
wolfSSL 11:cee25a834751 10171 (void)dmy;
wolfSSL 11:cee25a834751 10172
wolfSSL 11:cee25a834751 10173 if (pad > (msgSz - digestSz - 1)) {
wolfSSL 11:cee25a834751 10174 WOLFSSL_MSG("Plain Len not long enough for pad/mac");
wolfSSL 11:cee25a834751 10175 pad = 0; /* no bad read */
wolfSSL 11:cee25a834751 10176 badPadLen = 1;
wolfSSL 11:cee25a834751 10177 }
wolfSSL 11:cee25a834751 10178 PadCheck(dummy, (byte)pad, MAX_PAD_SIZE); /* timing only */
wolfSSL 11:cee25a834751 10179 ret = ssl->hmac(ssl, verify, input, msgSz - digestSz - pad - 1,
wolfSSL 11:cee25a834751 10180 content, 1);
wolfSSL 11:cee25a834751 10181 if (ConstantCompare(verify, input + msgSz - digestSz - pad - 1,
wolfSSL 11:cee25a834751 10182 digestSz) != 0)
wolfSSL 11:cee25a834751 10183 return VERIFY_MAC_ERROR;
wolfSSL 11:cee25a834751 10184 if (ret != 0 || badPadLen)
wolfSSL 11:cee25a834751 10185 return VERIFY_MAC_ERROR;
wolfSSL 11:cee25a834751 10186 }
wolfSSL 11:cee25a834751 10187 }
wolfSSL 11:cee25a834751 10188 else if (ssl->specs.cipher_type == stream) {
wolfSSL 11:cee25a834751 10189 ret = ssl->hmac(ssl, verify, input, msgSz - digestSz, content, 1);
wolfSSL 11:cee25a834751 10190 if (ConstantCompare(verify, input + msgSz - digestSz, digestSz) != 0){
wolfSSL 11:cee25a834751 10191 return VERIFY_MAC_ERROR;
wolfSSL 11:cee25a834751 10192 }
wolfSSL 11:cee25a834751 10193 if (ret != 0)
wolfSSL 11:cee25a834751 10194 return VERIFY_MAC_ERROR;
wolfSSL 11:cee25a834751 10195 }
wolfSSL 11:cee25a834751 10196
wolfSSL 11:cee25a834751 10197 if (ssl->specs.cipher_type == aead) {
wolfSSL 11:cee25a834751 10198 *padSz = ssl->specs.aead_mac_size;
wolfSSL 11:cee25a834751 10199 }
wolfSSL 11:cee25a834751 10200 else {
wolfSSL 11:cee25a834751 10201 *padSz = digestSz + pad + padByte;
wolfSSL 11:cee25a834751 10202 }
wolfSSL 11:cee25a834751 10203
wolfSSL 11:cee25a834751 10204 return 0;
wolfSSL 11:cee25a834751 10205 }
wolfSSL 11:cee25a834751 10206
wolfSSL 11:cee25a834751 10207
wolfSSL 11:cee25a834751 10208 /* process input requests, return 0 is done, 1 is call again to complete, and
wolfSSL 11:cee25a834751 10209 negative number is error */
wolfSSL 11:cee25a834751 10210 int ProcessReply(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 10211 {
wolfSSL 11:cee25a834751 10212 int ret = 0, type, readSz;
wolfSSL 11:cee25a834751 10213 int atomicUser = 0;
wolfSSL 11:cee25a834751 10214 word32 startIdx = 0;
wolfSSL 11:cee25a834751 10215 #if defined(WOLFSSL_DTLS)
wolfSSL 11:cee25a834751 10216 int used;
wolfSSL 11:cee25a834751 10217 #endif
wolfSSL 11:cee25a834751 10218
wolfSSL 11:cee25a834751 10219 #ifdef ATOMIC_USER
wolfSSL 11:cee25a834751 10220 if (ssl->ctx->DecryptVerifyCb)
wolfSSL 11:cee25a834751 10221 atomicUser = 1;
wolfSSL 11:cee25a834751 10222 #endif
wolfSSL 11:cee25a834751 10223
wolfSSL 11:cee25a834751 10224 if (ssl->error != 0 && ssl->error != WANT_READ &&
wolfSSL 11:cee25a834751 10225 ssl->error != WANT_WRITE && ssl->error != WC_PENDING_E) {
wolfSSL 11:cee25a834751 10226 WOLFSSL_MSG("ProcessReply retry in error state, not allowed");
wolfSSL 11:cee25a834751 10227 return ssl->error;
wolfSSL 11:cee25a834751 10228 }
wolfSSL 11:cee25a834751 10229
wolfSSL 11:cee25a834751 10230 for (;;) {
wolfSSL 11:cee25a834751 10231 switch (ssl->options.processReply) {
wolfSSL 11:cee25a834751 10232
wolfSSL 11:cee25a834751 10233 /* in the WOLFSSL_SERVER case, get the first byte for detecting
wolfSSL 11:cee25a834751 10234 * old client hello */
wolfSSL 11:cee25a834751 10235 case doProcessInit:
wolfSSL 11:cee25a834751 10236
wolfSSL 11:cee25a834751 10237 readSz = RECORD_HEADER_SZ;
wolfSSL 11:cee25a834751 10238
wolfSSL 11:cee25a834751 10239 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 10240 if (ssl->options.dtls)
wolfSSL 11:cee25a834751 10241 readSz = DTLS_RECORD_HEADER_SZ;
wolfSSL 11:cee25a834751 10242 #endif
wolfSSL 11:cee25a834751 10243
wolfSSL 11:cee25a834751 10244 /* get header or return error */
wolfSSL 11:cee25a834751 10245 if (!ssl->options.dtls) {
wolfSSL 11:cee25a834751 10246 if ((ret = GetInputData(ssl, readSz)) < 0)
wolfSSL 11:cee25a834751 10247 return ret;
wolfSSL 11:cee25a834751 10248 } else {
wolfSSL 11:cee25a834751 10249 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 10250 /* read ahead may already have header */
wolfSSL 11:cee25a834751 10251 used = ssl->buffers.inputBuffer.length -
wolfSSL 11:cee25a834751 10252 ssl->buffers.inputBuffer.idx;
wolfSSL 11:cee25a834751 10253 if (used < readSz) {
wolfSSL 11:cee25a834751 10254 if ((ret = GetInputData(ssl, readSz)) < 0)
wolfSSL 11:cee25a834751 10255 return ret;
wolfSSL 11:cee25a834751 10256 }
wolfSSL 11:cee25a834751 10257 #endif
wolfSSL 11:cee25a834751 10258 }
wolfSSL 11:cee25a834751 10259
wolfSSL 11:cee25a834751 10260 #ifdef OLD_HELLO_ALLOWED
wolfSSL 11:cee25a834751 10261
wolfSSL 11:cee25a834751 10262 /* see if sending SSLv2 client hello */
wolfSSL 11:cee25a834751 10263 if ( ssl->options.side == WOLFSSL_SERVER_END &&
wolfSSL 11:cee25a834751 10264 ssl->options.clientState == NULL_STATE &&
wolfSSL 11:cee25a834751 10265 ssl->buffers.inputBuffer.buffer[ssl->buffers.inputBuffer.idx]
wolfSSL 11:cee25a834751 10266 != handshake) {
wolfSSL 11:cee25a834751 10267 byte b0, b1;
wolfSSL 11:cee25a834751 10268
wolfSSL 11:cee25a834751 10269 ssl->options.processReply = runProcessOldClientHello;
wolfSSL 11:cee25a834751 10270
wolfSSL 11:cee25a834751 10271 /* sanity checks before getting size at front */
wolfSSL 11:cee25a834751 10272 if (ssl->buffers.inputBuffer.buffer[
wolfSSL 11:cee25a834751 10273 ssl->buffers.inputBuffer.idx + OPAQUE16_LEN] != OLD_HELLO_ID) {
wolfSSL 11:cee25a834751 10274 WOLFSSL_MSG("Not a valid old client hello");
wolfSSL 11:cee25a834751 10275 return PARSE_ERROR;
wolfSSL 11:cee25a834751 10276 }
wolfSSL 11:cee25a834751 10277
wolfSSL 11:cee25a834751 10278 if (ssl->buffers.inputBuffer.buffer[
wolfSSL 11:cee25a834751 10279 ssl->buffers.inputBuffer.idx + OPAQUE24_LEN] != SSLv3_MAJOR &&
wolfSSL 11:cee25a834751 10280 ssl->buffers.inputBuffer.buffer[
wolfSSL 11:cee25a834751 10281 ssl->buffers.inputBuffer.idx + OPAQUE24_LEN] != DTLS_MAJOR) {
wolfSSL 11:cee25a834751 10282 WOLFSSL_MSG("Not a valid version in old client hello");
wolfSSL 11:cee25a834751 10283 return PARSE_ERROR;
wolfSSL 11:cee25a834751 10284 }
wolfSSL 11:cee25a834751 10285
wolfSSL 11:cee25a834751 10286 /* how many bytes need ProcessOldClientHello */
wolfSSL 11:cee25a834751 10287 b0 =
wolfSSL 11:cee25a834751 10288 ssl->buffers.inputBuffer.buffer[ssl->buffers.inputBuffer.idx++];
wolfSSL 11:cee25a834751 10289 b1 =
wolfSSL 11:cee25a834751 10290 ssl->buffers.inputBuffer.buffer[ssl->buffers.inputBuffer.idx++];
wolfSSL 11:cee25a834751 10291 ssl->curSize = (word16)(((b0 & 0x7f) << 8) | b1);
wolfSSL 11:cee25a834751 10292 }
wolfSSL 11:cee25a834751 10293 else {
wolfSSL 11:cee25a834751 10294 ssl->options.processReply = getRecordLayerHeader;
wolfSSL 11:cee25a834751 10295 continue;
wolfSSL 11:cee25a834751 10296 }
wolfSSL 11:cee25a834751 10297
wolfSSL 11:cee25a834751 10298 /* in the WOLFSSL_SERVER case, run the old client hello */
wolfSSL 11:cee25a834751 10299 case runProcessOldClientHello:
wolfSSL 11:cee25a834751 10300
wolfSSL 11:cee25a834751 10301 /* get sz bytes or return error */
wolfSSL 11:cee25a834751 10302 if (!ssl->options.dtls) {
wolfSSL 11:cee25a834751 10303 if ((ret = GetInputData(ssl, ssl->curSize)) < 0)
wolfSSL 11:cee25a834751 10304 return ret;
wolfSSL 11:cee25a834751 10305 } else {
wolfSSL 11:cee25a834751 10306 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 10307 /* read ahead may already have */
wolfSSL 11:cee25a834751 10308 used = ssl->buffers.inputBuffer.length -
wolfSSL 11:cee25a834751 10309 ssl->buffers.inputBuffer.idx;
wolfSSL 11:cee25a834751 10310 if (used < ssl->curSize)
wolfSSL 11:cee25a834751 10311 if ((ret = GetInputData(ssl, ssl->curSize)) < 0)
wolfSSL 11:cee25a834751 10312 return ret;
wolfSSL 11:cee25a834751 10313 #endif /* WOLFSSL_DTLS */
wolfSSL 11:cee25a834751 10314 }
wolfSSL 11:cee25a834751 10315
wolfSSL 11:cee25a834751 10316 ret = ProcessOldClientHello(ssl, ssl->buffers.inputBuffer.buffer,
wolfSSL 11:cee25a834751 10317 &ssl->buffers.inputBuffer.idx,
wolfSSL 11:cee25a834751 10318 ssl->buffers.inputBuffer.length -
wolfSSL 11:cee25a834751 10319 ssl->buffers.inputBuffer.idx,
wolfSSL 11:cee25a834751 10320 ssl->curSize);
wolfSSL 11:cee25a834751 10321 if (ret < 0)
wolfSSL 11:cee25a834751 10322 return ret;
wolfSSL 11:cee25a834751 10323
wolfSSL 11:cee25a834751 10324 else if (ssl->buffers.inputBuffer.idx ==
wolfSSL 11:cee25a834751 10325 ssl->buffers.inputBuffer.length) {
wolfSSL 11:cee25a834751 10326 ssl->options.processReply = doProcessInit;
wolfSSL 11:cee25a834751 10327 return 0;
wolfSSL 11:cee25a834751 10328 }
wolfSSL 11:cee25a834751 10329
wolfSSL 11:cee25a834751 10330 #endif /* OLD_HELLO_ALLOWED */
wolfSSL 11:cee25a834751 10331
wolfSSL 11:cee25a834751 10332 /* get the record layer header */
wolfSSL 11:cee25a834751 10333 case getRecordLayerHeader:
wolfSSL 11:cee25a834751 10334
wolfSSL 11:cee25a834751 10335 ret = GetRecordHeader(ssl, ssl->buffers.inputBuffer.buffer,
wolfSSL 11:cee25a834751 10336 &ssl->buffers.inputBuffer.idx,
wolfSSL 11:cee25a834751 10337 &ssl->curRL, &ssl->curSize);
wolfSSL 11:cee25a834751 10338 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 10339 if (ssl->options.dtls && ret == SEQUENCE_ERROR) {
wolfSSL 11:cee25a834751 10340 WOLFSSL_MSG("Silently dropping out of order DTLS message");
wolfSSL 11:cee25a834751 10341 ssl->options.processReply = doProcessInit;
wolfSSL 11:cee25a834751 10342 ssl->buffers.inputBuffer.length = 0;
wolfSSL 11:cee25a834751 10343 ssl->buffers.inputBuffer.idx = 0;
wolfSSL 11:cee25a834751 10344
wolfSSL 11:cee25a834751 10345 if (IsDtlsNotSctpMode(ssl) && ssl->options.dtlsHsRetain) {
wolfSSL 11:cee25a834751 10346 ret = DtlsMsgPoolSend(ssl, 0);
wolfSSL 11:cee25a834751 10347 if (ret != 0)
wolfSSL 11:cee25a834751 10348 return ret;
wolfSSL 11:cee25a834751 10349 }
wolfSSL 11:cee25a834751 10350
wolfSSL 11:cee25a834751 10351 continue;
wolfSSL 11:cee25a834751 10352 }
wolfSSL 11:cee25a834751 10353 #endif
wolfSSL 11:cee25a834751 10354 if (ret != 0)
wolfSSL 11:cee25a834751 10355 return ret;
wolfSSL 11:cee25a834751 10356
wolfSSL 11:cee25a834751 10357 ssl->options.processReply = getData;
wolfSSL 11:cee25a834751 10358
wolfSSL 11:cee25a834751 10359 /* retrieve record layer data */
wolfSSL 11:cee25a834751 10360 case getData:
wolfSSL 11:cee25a834751 10361
wolfSSL 11:cee25a834751 10362 /* get sz bytes or return error */
wolfSSL 11:cee25a834751 10363 if (!ssl->options.dtls) {
wolfSSL 11:cee25a834751 10364 if ((ret = GetInputData(ssl, ssl->curSize)) < 0)
wolfSSL 11:cee25a834751 10365 return ret;
wolfSSL 11:cee25a834751 10366 } else {
wolfSSL 11:cee25a834751 10367 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 10368 /* read ahead may already have */
wolfSSL 11:cee25a834751 10369 used = ssl->buffers.inputBuffer.length -
wolfSSL 11:cee25a834751 10370 ssl->buffers.inputBuffer.idx;
wolfSSL 11:cee25a834751 10371 if (used < ssl->curSize)
wolfSSL 11:cee25a834751 10372 if ((ret = GetInputData(ssl, ssl->curSize)) < 0)
wolfSSL 11:cee25a834751 10373 return ret;
wolfSSL 11:cee25a834751 10374 #endif
wolfSSL 11:cee25a834751 10375 }
wolfSSL 11:cee25a834751 10376
wolfSSL 11:cee25a834751 10377 ssl->options.processReply = decryptMessage;
wolfSSL 11:cee25a834751 10378 startIdx = ssl->buffers.inputBuffer.idx; /* in case > 1 msg per */
wolfSSL 11:cee25a834751 10379
wolfSSL 11:cee25a834751 10380 /* decrypt message */
wolfSSL 11:cee25a834751 10381 case decryptMessage:
wolfSSL 11:cee25a834751 10382
wolfSSL 11:cee25a834751 10383 if (IsEncryptionOn(ssl, 0) && ssl->keys.decryptedCur == 0) {
wolfSSL 11:cee25a834751 10384 ret = SanityCheckCipherText(ssl, ssl->curSize);
wolfSSL 11:cee25a834751 10385 if (ret < 0)
wolfSSL 11:cee25a834751 10386 return ret;
wolfSSL 11:cee25a834751 10387
wolfSSL 11:cee25a834751 10388 if (atomicUser) {
wolfSSL 11:cee25a834751 10389 #ifdef ATOMIC_USER
wolfSSL 11:cee25a834751 10390 ret = ssl->ctx->DecryptVerifyCb(ssl,
wolfSSL 11:cee25a834751 10391 ssl->buffers.inputBuffer.buffer +
wolfSSL 11:cee25a834751 10392 ssl->buffers.inputBuffer.idx,
wolfSSL 11:cee25a834751 10393 ssl->buffers.inputBuffer.buffer +
wolfSSL 11:cee25a834751 10394 ssl->buffers.inputBuffer.idx,
wolfSSL 11:cee25a834751 10395 ssl->curSize, ssl->curRL.type, 1,
wolfSSL 11:cee25a834751 10396 &ssl->keys.padSz, ssl->DecryptVerifyCtx);
wolfSSL 11:cee25a834751 10397 #endif /* ATOMIC_USER */
wolfSSL 11:cee25a834751 10398 }
wolfSSL 11:cee25a834751 10399 else {
wolfSSL 11:cee25a834751 10400 ret = Decrypt(ssl, ssl->buffers.inputBuffer.buffer +
wolfSSL 11:cee25a834751 10401 ssl->buffers.inputBuffer.idx,
wolfSSL 11:cee25a834751 10402 ssl->buffers.inputBuffer.buffer +
wolfSSL 11:cee25a834751 10403 ssl->buffers.inputBuffer.idx,
wolfSSL 11:cee25a834751 10404 ssl->curSize);
wolfSSL 11:cee25a834751 10405 }
wolfSSL 11:cee25a834751 10406 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 11:cee25a834751 10407 if (ret == WC_PENDING_E)
wolfSSL 11:cee25a834751 10408 return ret;
wolfSSL 11:cee25a834751 10409 #endif
wolfSSL 11:cee25a834751 10410
wolfSSL 11:cee25a834751 10411 if (ret == 0) {
wolfSSL 11:cee25a834751 10412 /* handle success */
wolfSSL 11:cee25a834751 10413 if (ssl->options.tls1_1 && ssl->specs.cipher_type == block)
wolfSSL 11:cee25a834751 10414 ssl->buffers.inputBuffer.idx += ssl->specs.block_size;
wolfSSL 11:cee25a834751 10415 /* go past TLSv1.1 IV */
wolfSSL 11:cee25a834751 10416 if (ssl->specs.cipher_type == aead &&
wolfSSL 11:cee25a834751 10417 ssl->specs.bulk_cipher_algorithm != wolfssl_chacha)
wolfSSL 11:cee25a834751 10418 ssl->buffers.inputBuffer.idx += AESGCM_EXP_IV_SZ;
wolfSSL 11:cee25a834751 10419 }
wolfSSL 11:cee25a834751 10420 else {
wolfSSL 11:cee25a834751 10421 WOLFSSL_MSG("Decrypt failed");
wolfSSL 11:cee25a834751 10422 WOLFSSL_ERROR(ret);
wolfSSL 11:cee25a834751 10423 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 10424 /* If in DTLS mode, if the decrypt fails for any
wolfSSL 11:cee25a834751 10425 * reason, pretend the datagram never happened. */
wolfSSL 11:cee25a834751 10426 if (ssl->options.dtls) {
wolfSSL 11:cee25a834751 10427 ssl->options.processReply = doProcessInit;
wolfSSL 11:cee25a834751 10428 ssl->buffers.inputBuffer.idx =
wolfSSL 11:cee25a834751 10429 ssl->buffers.inputBuffer.length;
wolfSSL 11:cee25a834751 10430 }
wolfSSL 11:cee25a834751 10431 #endif /* WOLFSSL_DTLS */
wolfSSL 11:cee25a834751 10432 return DECRYPT_ERROR;
wolfSSL 11:cee25a834751 10433 }
wolfSSL 11:cee25a834751 10434 }
wolfSSL 11:cee25a834751 10435
wolfSSL 11:cee25a834751 10436 ssl->options.processReply = verifyMessage;
wolfSSL 11:cee25a834751 10437
wolfSSL 11:cee25a834751 10438 /* verify digest of message */
wolfSSL 11:cee25a834751 10439 case verifyMessage:
wolfSSL 11:cee25a834751 10440
wolfSSL 11:cee25a834751 10441 if (IsEncryptionOn(ssl, 0) && ssl->keys.decryptedCur == 0) {
wolfSSL 11:cee25a834751 10442 if (!atomicUser) {
wolfSSL 11:cee25a834751 10443 ret = VerifyMac(ssl, ssl->buffers.inputBuffer.buffer +
wolfSSL 11:cee25a834751 10444 ssl->buffers.inputBuffer.idx,
wolfSSL 11:cee25a834751 10445 ssl->curSize, ssl->curRL.type,
wolfSSL 11:cee25a834751 10446 &ssl->keys.padSz);
wolfSSL 11:cee25a834751 10447 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 11:cee25a834751 10448 if (ret == WC_PENDING_E)
wolfSSL 11:cee25a834751 10449 return ret;
wolfSSL 11:cee25a834751 10450 #endif
wolfSSL 11:cee25a834751 10451 if (ret < 0) {
wolfSSL 11:cee25a834751 10452 WOLFSSL_MSG("VerifyMac failed");
wolfSSL 11:cee25a834751 10453 WOLFSSL_ERROR(ret);
wolfSSL 11:cee25a834751 10454 return DECRYPT_ERROR;
wolfSSL 11:cee25a834751 10455 }
wolfSSL 11:cee25a834751 10456 }
wolfSSL 11:cee25a834751 10457
wolfSSL 11:cee25a834751 10458 ssl->keys.encryptSz = ssl->curSize;
wolfSSL 11:cee25a834751 10459 ssl->keys.decryptedCur = 1;
wolfSSL 11:cee25a834751 10460 }
wolfSSL 11:cee25a834751 10461
wolfSSL 11:cee25a834751 10462 ssl->options.processReply = runProcessingOneMessage;
wolfSSL 11:cee25a834751 10463
wolfSSL 11:cee25a834751 10464 /* the record layer is here */
wolfSSL 11:cee25a834751 10465 case runProcessingOneMessage:
wolfSSL 11:cee25a834751 10466
wolfSSL 11:cee25a834751 10467 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 10468 if (IsDtlsNotSctpMode(ssl)) {
wolfSSL 11:cee25a834751 10469 DtlsUpdateWindow(ssl);
wolfSSL 11:cee25a834751 10470 }
wolfSSL 11:cee25a834751 10471 #endif /* WOLFSSL_DTLS */
wolfSSL 11:cee25a834751 10472
wolfSSL 11:cee25a834751 10473 WOLFSSL_MSG("received record layer msg");
wolfSSL 11:cee25a834751 10474
wolfSSL 11:cee25a834751 10475 switch (ssl->curRL.type) {
wolfSSL 11:cee25a834751 10476 case handshake :
wolfSSL 11:cee25a834751 10477 /* debugging in DoHandShakeMsg */
wolfSSL 11:cee25a834751 10478 if (!ssl->options.dtls) {
wolfSSL 11:cee25a834751 10479 ret = DoHandShakeMsg(ssl,
wolfSSL 11:cee25a834751 10480 ssl->buffers.inputBuffer.buffer,
wolfSSL 11:cee25a834751 10481 &ssl->buffers.inputBuffer.idx,
wolfSSL 11:cee25a834751 10482 ssl->buffers.inputBuffer.length);
wolfSSL 11:cee25a834751 10483 }
wolfSSL 11:cee25a834751 10484 else {
wolfSSL 11:cee25a834751 10485 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 10486 ret = DoDtlsHandShakeMsg(ssl,
wolfSSL 11:cee25a834751 10487 ssl->buffers.inputBuffer.buffer,
wolfSSL 11:cee25a834751 10488 &ssl->buffers.inputBuffer.idx,
wolfSSL 11:cee25a834751 10489 ssl->buffers.inputBuffer.length);
wolfSSL 11:cee25a834751 10490 #endif
wolfSSL 11:cee25a834751 10491 }
wolfSSL 11:cee25a834751 10492 if (ret != 0)
wolfSSL 11:cee25a834751 10493 return ret;
wolfSSL 11:cee25a834751 10494 break;
wolfSSL 11:cee25a834751 10495
wolfSSL 11:cee25a834751 10496 case change_cipher_spec:
wolfSSL 11:cee25a834751 10497 WOLFSSL_MSG("got CHANGE CIPHER SPEC");
wolfSSL 11:cee25a834751 10498 #ifdef WOLFSSL_CALLBACKS
wolfSSL 11:cee25a834751 10499 if (ssl->hsInfoOn)
wolfSSL 11:cee25a834751 10500 AddPacketName("ChangeCipher", &ssl->handShakeInfo);
wolfSSL 11:cee25a834751 10501 /* add record header back on info */
wolfSSL 11:cee25a834751 10502 if (ssl->toInfoOn) {
wolfSSL 11:cee25a834751 10503 AddPacketInfo("ChangeCipher", &ssl->timeoutInfo,
wolfSSL 11:cee25a834751 10504 ssl->buffers.inputBuffer.buffer +
wolfSSL 11:cee25a834751 10505 ssl->buffers.inputBuffer.idx - RECORD_HEADER_SZ,
wolfSSL 11:cee25a834751 10506 1 + RECORD_HEADER_SZ, ssl->heap);
wolfSSL 11:cee25a834751 10507 AddLateRecordHeader(&ssl->curRL, &ssl->timeoutInfo);
wolfSSL 11:cee25a834751 10508 }
wolfSSL 11:cee25a834751 10509 #endif
wolfSSL 11:cee25a834751 10510
wolfSSL 11:cee25a834751 10511 ret = SanityCheckMsgReceived(ssl, change_cipher_hs);
wolfSSL 11:cee25a834751 10512 if (ret != 0) {
wolfSSL 11:cee25a834751 10513 if (!ssl->options.dtls) {
wolfSSL 11:cee25a834751 10514 return ret;
wolfSSL 11:cee25a834751 10515 }
wolfSSL 11:cee25a834751 10516 else {
wolfSSL 11:cee25a834751 10517 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 10518 /* Check for duplicate CCS message in DTLS mode.
wolfSSL 11:cee25a834751 10519 * DTLS allows for duplicate messages, and it should be
wolfSSL 11:cee25a834751 10520 * skipped. Also skip if out of order. */
wolfSSL 11:cee25a834751 10521 if (ret != DUPLICATE_MSG_E && ret != OUT_OF_ORDER_E)
wolfSSL 11:cee25a834751 10522 return ret;
wolfSSL 11:cee25a834751 10523
wolfSSL 11:cee25a834751 10524 if (IsDtlsNotSctpMode(ssl)) {
wolfSSL 11:cee25a834751 10525 ret = DtlsMsgPoolSend(ssl, 1);
wolfSSL 11:cee25a834751 10526 if (ret != 0)
wolfSSL 11:cee25a834751 10527 return ret;
wolfSSL 11:cee25a834751 10528 }
wolfSSL 11:cee25a834751 10529
wolfSSL 11:cee25a834751 10530 if (ssl->curSize != 1) {
wolfSSL 11:cee25a834751 10531 WOLFSSL_MSG("Malicious or corrupted"
wolfSSL 11:cee25a834751 10532 " duplicate ChangeCipher msg");
wolfSSL 11:cee25a834751 10533 return LENGTH_ERROR;
wolfSSL 11:cee25a834751 10534 }
wolfSSL 11:cee25a834751 10535 ssl->buffers.inputBuffer.idx++;
wolfSSL 11:cee25a834751 10536 break;
wolfSSL 11:cee25a834751 10537 #endif /* WOLFSSL_DTLS */
wolfSSL 11:cee25a834751 10538 }
wolfSSL 11:cee25a834751 10539 }
wolfSSL 11:cee25a834751 10540
wolfSSL 11:cee25a834751 10541 if (IsEncryptionOn(ssl, 0) && ssl->options.handShakeDone) {
wolfSSL 11:cee25a834751 10542 ssl->buffers.inputBuffer.idx += ssl->keys.padSz;
wolfSSL 11:cee25a834751 10543 ssl->curSize -= (word16) ssl->buffers.inputBuffer.idx;
wolfSSL 11:cee25a834751 10544 }
wolfSSL 11:cee25a834751 10545
wolfSSL 11:cee25a834751 10546 if (ssl->curSize != 1) {
wolfSSL 11:cee25a834751 10547 WOLFSSL_MSG("Malicious or corrupted ChangeCipher msg");
wolfSSL 11:cee25a834751 10548 return LENGTH_ERROR;
wolfSSL 11:cee25a834751 10549 }
wolfSSL 11:cee25a834751 10550
wolfSSL 11:cee25a834751 10551 ssl->buffers.inputBuffer.idx++;
wolfSSL 11:cee25a834751 10552 ssl->keys.encryptionOn = 1;
wolfSSL 11:cee25a834751 10553
wolfSSL 11:cee25a834751 10554 /* setup decrypt keys for following messages */
wolfSSL 11:cee25a834751 10555 if ((ret = SetKeysSide(ssl, DECRYPT_SIDE_ONLY)) != 0)
wolfSSL 11:cee25a834751 10556 return ret;
wolfSSL 11:cee25a834751 10557
wolfSSL 11:cee25a834751 10558 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 10559 if (ssl->options.dtls) {
wolfSSL 11:cee25a834751 10560 DtlsMsgPoolReset(ssl);
wolfSSL 11:cee25a834751 10561 ssl->keys.prevSeq_lo = ssl->keys.nextSeq_lo;
wolfSSL 11:cee25a834751 10562 ssl->keys.prevSeq_hi = ssl->keys.nextSeq_hi;
wolfSSL 11:cee25a834751 10563 XMEMCPY(ssl->keys.prevWindow, ssl->keys.window,
wolfSSL 11:cee25a834751 10564 DTLS_SEQ_SZ);
wolfSSL 11:cee25a834751 10565 ssl->keys.nextEpoch++;
wolfSSL 11:cee25a834751 10566 ssl->keys.nextSeq_lo = 0;
wolfSSL 11:cee25a834751 10567 ssl->keys.nextSeq_hi = 0;
wolfSSL 11:cee25a834751 10568 XMEMSET(ssl->keys.window, 0, DTLS_SEQ_SZ);
wolfSSL 11:cee25a834751 10569 }
wolfSSL 11:cee25a834751 10570 #endif
wolfSSL 11:cee25a834751 10571
wolfSSL 11:cee25a834751 10572 #ifdef HAVE_LIBZ
wolfSSL 11:cee25a834751 10573 if (ssl->options.usingCompression)
wolfSSL 11:cee25a834751 10574 if ( (ret = InitStreams(ssl)) != 0)
wolfSSL 11:cee25a834751 10575 return ret;
wolfSSL 11:cee25a834751 10576 #endif
wolfSSL 11:cee25a834751 10577 ret = BuildFinished(ssl, &ssl->hsHashes->verifyHashes,
wolfSSL 11:cee25a834751 10578 ssl->options.side == WOLFSSL_CLIENT_END ?
wolfSSL 11:cee25a834751 10579 server : client);
wolfSSL 11:cee25a834751 10580 if (ret != 0)
wolfSSL 11:cee25a834751 10581 return ret;
wolfSSL 11:cee25a834751 10582 break;
wolfSSL 11:cee25a834751 10583
wolfSSL 11:cee25a834751 10584 case application_data:
wolfSSL 11:cee25a834751 10585 WOLFSSL_MSG("got app DATA");
wolfSSL 11:cee25a834751 10586 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 10587 if (ssl->options.dtls && ssl->options.dtlsHsRetain) {
wolfSSL 11:cee25a834751 10588 FreeHandshakeResources(ssl);
wolfSSL 11:cee25a834751 10589 ssl->options.dtlsHsRetain = 0;
wolfSSL 11:cee25a834751 10590 }
wolfSSL 11:cee25a834751 10591 #endif
wolfSSL 11:cee25a834751 10592 if ((ret = DoApplicationData(ssl,
wolfSSL 11:cee25a834751 10593 ssl->buffers.inputBuffer.buffer,
wolfSSL 11:cee25a834751 10594 &ssl->buffers.inputBuffer.idx))
wolfSSL 11:cee25a834751 10595 != 0) {
wolfSSL 11:cee25a834751 10596 WOLFSSL_ERROR(ret);
wolfSSL 11:cee25a834751 10597 return ret;
wolfSSL 11:cee25a834751 10598 }
wolfSSL 11:cee25a834751 10599 break;
wolfSSL 11:cee25a834751 10600
wolfSSL 11:cee25a834751 10601 case alert:
wolfSSL 11:cee25a834751 10602 WOLFSSL_MSG("got ALERT!");
wolfSSL 11:cee25a834751 10603 ret = DoAlert(ssl, ssl->buffers.inputBuffer.buffer,
wolfSSL 11:cee25a834751 10604 &ssl->buffers.inputBuffer.idx, &type,
wolfSSL 11:cee25a834751 10605 ssl->buffers.inputBuffer.length);
wolfSSL 11:cee25a834751 10606 if (ret == alert_fatal)
wolfSSL 11:cee25a834751 10607 return FATAL_ERROR;
wolfSSL 11:cee25a834751 10608 else if (ret < 0)
wolfSSL 11:cee25a834751 10609 return ret;
wolfSSL 11:cee25a834751 10610
wolfSSL 11:cee25a834751 10611 /* catch warnings that are handled as errors */
wolfSSL 11:cee25a834751 10612 if (type == close_notify)
wolfSSL 11:cee25a834751 10613 return ssl->error = ZERO_RETURN;
wolfSSL 11:cee25a834751 10614
wolfSSL 11:cee25a834751 10615 if (type == decrypt_error)
wolfSSL 11:cee25a834751 10616 return FATAL_ERROR;
wolfSSL 11:cee25a834751 10617 break;
wolfSSL 11:cee25a834751 10618
wolfSSL 11:cee25a834751 10619 default:
wolfSSL 11:cee25a834751 10620 WOLFSSL_ERROR(UNKNOWN_RECORD_TYPE);
wolfSSL 11:cee25a834751 10621 return UNKNOWN_RECORD_TYPE;
wolfSSL 11:cee25a834751 10622 }
wolfSSL 11:cee25a834751 10623
wolfSSL 11:cee25a834751 10624 ssl->options.processReply = doProcessInit;
wolfSSL 11:cee25a834751 10625
wolfSSL 11:cee25a834751 10626 /* input exhausted? */
wolfSSL 11:cee25a834751 10627 if (ssl->buffers.inputBuffer.idx >= ssl->buffers.inputBuffer.length)
wolfSSL 11:cee25a834751 10628 return 0;
wolfSSL 11:cee25a834751 10629
wolfSSL 11:cee25a834751 10630 /* more messages per record */
wolfSSL 11:cee25a834751 10631 else if ((ssl->buffers.inputBuffer.idx - startIdx) < ssl->curSize) {
wolfSSL 11:cee25a834751 10632 WOLFSSL_MSG("More messages in record");
wolfSSL 11:cee25a834751 10633
wolfSSL 11:cee25a834751 10634 ssl->options.processReply = runProcessingOneMessage;
wolfSSL 11:cee25a834751 10635
wolfSSL 11:cee25a834751 10636 if (IsEncryptionOn(ssl, 0)) {
wolfSSL 11:cee25a834751 10637 WOLFSSL_MSG("Bundled encrypted messages, remove middle pad");
wolfSSL 11:cee25a834751 10638 if (ssl->buffers.inputBuffer.idx >= ssl->keys.padSz) {
wolfSSL 11:cee25a834751 10639 ssl->buffers.inputBuffer.idx -= ssl->keys.padSz;
wolfSSL 11:cee25a834751 10640 }
wolfSSL 11:cee25a834751 10641 else {
wolfSSL 11:cee25a834751 10642 WOLFSSL_MSG("\tmiddle padding error");
wolfSSL 11:cee25a834751 10643 return FATAL_ERROR;
wolfSSL 11:cee25a834751 10644 }
wolfSSL 11:cee25a834751 10645 }
wolfSSL 11:cee25a834751 10646
wolfSSL 11:cee25a834751 10647 continue;
wolfSSL 11:cee25a834751 10648 }
wolfSSL 11:cee25a834751 10649 /* more records */
wolfSSL 11:cee25a834751 10650 else {
wolfSSL 11:cee25a834751 10651 WOLFSSL_MSG("More records in input");
wolfSSL 11:cee25a834751 10652 ssl->options.processReply = doProcessInit;
wolfSSL 11:cee25a834751 10653 continue;
wolfSSL 11:cee25a834751 10654 }
wolfSSL 11:cee25a834751 10655
wolfSSL 11:cee25a834751 10656 default:
wolfSSL 11:cee25a834751 10657 WOLFSSL_MSG("Bad process input state, programming error");
wolfSSL 11:cee25a834751 10658 return INPUT_CASE_ERROR;
wolfSSL 11:cee25a834751 10659 }
wolfSSL 11:cee25a834751 10660 }
wolfSSL 11:cee25a834751 10661 }
wolfSSL 11:cee25a834751 10662
wolfSSL 11:cee25a834751 10663
wolfSSL 11:cee25a834751 10664 int SendChangeCipher(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 10665 {
wolfSSL 11:cee25a834751 10666 byte *output;
wolfSSL 11:cee25a834751 10667 int sendSz = RECORD_HEADER_SZ + ENUM_LEN;
wolfSSL 11:cee25a834751 10668 int idx = RECORD_HEADER_SZ;
wolfSSL 11:cee25a834751 10669 int ret;
wolfSSL 11:cee25a834751 10670
wolfSSL 11:cee25a834751 10671 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 10672 if (ssl->options.dtls) {
wolfSSL 11:cee25a834751 10673 sendSz += DTLS_RECORD_EXTRA;
wolfSSL 11:cee25a834751 10674 idx += DTLS_RECORD_EXTRA;
wolfSSL 11:cee25a834751 10675 }
wolfSSL 11:cee25a834751 10676 #endif
wolfSSL 11:cee25a834751 10677
wolfSSL 11:cee25a834751 10678 /* are we in scr */
wolfSSL 11:cee25a834751 10679 if (IsEncryptionOn(ssl, 1) && ssl->options.handShakeDone) {
wolfSSL 11:cee25a834751 10680 sendSz += MAX_MSG_EXTRA;
wolfSSL 11:cee25a834751 10681 }
wolfSSL 11:cee25a834751 10682
wolfSSL 11:cee25a834751 10683 /* check for avalaible size */
wolfSSL 11:cee25a834751 10684 if ((ret = CheckAvailableSize(ssl, sendSz)) != 0)
wolfSSL 11:cee25a834751 10685 return ret;
wolfSSL 11:cee25a834751 10686
wolfSSL 11:cee25a834751 10687 /* get output buffer */
wolfSSL 11:cee25a834751 10688 output = ssl->buffers.outputBuffer.buffer +
wolfSSL 11:cee25a834751 10689 ssl->buffers.outputBuffer.length;
wolfSSL 11:cee25a834751 10690
wolfSSL 11:cee25a834751 10691 AddRecordHeader(output, 1, change_cipher_spec, ssl);
wolfSSL 11:cee25a834751 10692
wolfSSL 11:cee25a834751 10693 output[idx] = 1; /* turn it on */
wolfSSL 11:cee25a834751 10694
wolfSSL 11:cee25a834751 10695 if (IsEncryptionOn(ssl, 1) && ssl->options.handShakeDone) {
wolfSSL 11:cee25a834751 10696 byte input[ENUM_LEN];
wolfSSL 11:cee25a834751 10697 int inputSz = ENUM_LEN;
wolfSSL 11:cee25a834751 10698
wolfSSL 11:cee25a834751 10699 input[0] = 1; /* turn it on */
wolfSSL 11:cee25a834751 10700 sendSz = BuildMessage(ssl, output, sendSz, input, inputSz,
wolfSSL 11:cee25a834751 10701 change_cipher_spec, 0, 0, 0);
wolfSSL 11:cee25a834751 10702 if (sendSz < 0) {
wolfSSL 11:cee25a834751 10703 return sendSz;
wolfSSL 11:cee25a834751 10704 }
wolfSSL 11:cee25a834751 10705 }
wolfSSL 11:cee25a834751 10706
wolfSSL 11:cee25a834751 10707 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 10708 if (IsDtlsNotSctpMode(ssl)) {
wolfSSL 11:cee25a834751 10709 if ((ret = DtlsMsgPoolSave(ssl, output, sendSz)) != 0)
wolfSSL 11:cee25a834751 10710 return ret;
wolfSSL 11:cee25a834751 10711 }
wolfSSL 11:cee25a834751 10712 #endif
wolfSSL 11:cee25a834751 10713 #ifdef WOLFSSL_CALLBACKS
wolfSSL 11:cee25a834751 10714 if (ssl->hsInfoOn) AddPacketName("ChangeCipher", &ssl->handShakeInfo);
wolfSSL 11:cee25a834751 10715 if (ssl->toInfoOn)
wolfSSL 11:cee25a834751 10716 AddPacketInfo("ChangeCipher", &ssl->timeoutInfo, output, sendSz,
wolfSSL 11:cee25a834751 10717 ssl->heap);
wolfSSL 11:cee25a834751 10718 #endif
wolfSSL 11:cee25a834751 10719 ssl->buffers.outputBuffer.length += sendSz;
wolfSSL 11:cee25a834751 10720
wolfSSL 11:cee25a834751 10721 if (ssl->options.groupMessages)
wolfSSL 11:cee25a834751 10722 return 0;
wolfSSL 11:cee25a834751 10723 #if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_DEBUG_DTLS)
wolfSSL 11:cee25a834751 10724 else if (ssl->options.dtls) {
wolfSSL 11:cee25a834751 10725 /* If using DTLS, force the ChangeCipherSpec message to be in the
wolfSSL 11:cee25a834751 10726 * same datagram as the finished message. */
wolfSSL 11:cee25a834751 10727 return 0;
wolfSSL 11:cee25a834751 10728 }
wolfSSL 11:cee25a834751 10729 #endif
wolfSSL 11:cee25a834751 10730 else
wolfSSL 11:cee25a834751 10731 return SendBuffered(ssl);
wolfSSL 11:cee25a834751 10732 }
wolfSSL 11:cee25a834751 10733
wolfSSL 11:cee25a834751 10734
wolfSSL 11:cee25a834751 10735 #ifndef NO_OLD_TLS
wolfSSL 11:cee25a834751 10736 static int SSL_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz,
wolfSSL 11:cee25a834751 10737 int content, int verify)
wolfSSL 11:cee25a834751 10738 {
wolfSSL 11:cee25a834751 10739 byte result[MAX_DIGEST_SIZE];
wolfSSL 11:cee25a834751 10740 word32 digestSz = ssl->specs.hash_size; /* actual sizes */
wolfSSL 11:cee25a834751 10741 word32 padSz = ssl->specs.pad_size;
wolfSSL 11:cee25a834751 10742 int ret = 0;
wolfSSL 11:cee25a834751 10743
wolfSSL 11:cee25a834751 10744 Md5 md5;
wolfSSL 11:cee25a834751 10745 Sha sha;
wolfSSL 11:cee25a834751 10746
wolfSSL 11:cee25a834751 10747 /* data */
wolfSSL 11:cee25a834751 10748 byte seq[SEQ_SZ];
wolfSSL 11:cee25a834751 10749 byte conLen[ENUM_LEN + LENGTH_SZ]; /* content & length */
wolfSSL 11:cee25a834751 10750 const byte* macSecret = wolfSSL_GetMacSecret(ssl, verify);
wolfSSL 11:cee25a834751 10751
wolfSSL 11:cee25a834751 10752 #ifdef HAVE_FUZZER
wolfSSL 11:cee25a834751 10753 if (ssl->fuzzerCb)
wolfSSL 11:cee25a834751 10754 ssl->fuzzerCb(ssl, in, sz, FUZZ_HMAC, ssl->fuzzerCtx);
wolfSSL 11:cee25a834751 10755 #endif
wolfSSL 11:cee25a834751 10756
wolfSSL 11:cee25a834751 10757 XMEMSET(seq, 0, SEQ_SZ);
wolfSSL 11:cee25a834751 10758 conLen[0] = (byte)content;
wolfSSL 11:cee25a834751 10759 c16toa((word16)sz, &conLen[ENUM_LEN]);
wolfSSL 11:cee25a834751 10760 WriteSEQ(ssl, verify, seq);
wolfSSL 11:cee25a834751 10761
wolfSSL 11:cee25a834751 10762 if (ssl->specs.mac_algorithm == md5_mac) {
wolfSSL 11:cee25a834751 10763 ret = wc_InitMd5_ex(&md5, ssl->heap, ssl->devId);
wolfSSL 11:cee25a834751 10764 if (ret != 0)
wolfSSL 11:cee25a834751 10765 return ret;
wolfSSL 11:cee25a834751 10766
wolfSSL 11:cee25a834751 10767 /* inner */
wolfSSL 11:cee25a834751 10768 ret = wc_Md5Update(&md5, macSecret, digestSz);
wolfSSL 11:cee25a834751 10769 ret |= wc_Md5Update(&md5, PAD1, padSz);
wolfSSL 11:cee25a834751 10770 ret |= wc_Md5Update(&md5, seq, SEQ_SZ);
wolfSSL 11:cee25a834751 10771 ret |= wc_Md5Update(&md5, conLen, sizeof(conLen));
wolfSSL 11:cee25a834751 10772 /* in buffer */
wolfSSL 11:cee25a834751 10773 ret |= wc_Md5Update(&md5, in, sz);
wolfSSL 11:cee25a834751 10774 if (ret != 0)
wolfSSL 11:cee25a834751 10775 return VERIFY_MAC_ERROR;
wolfSSL 11:cee25a834751 10776 ret = wc_Md5Final(&md5, result);
wolfSSL 11:cee25a834751 10777 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 11:cee25a834751 10778 /* TODO: Make non-blocking */
wolfSSL 11:cee25a834751 10779 if (ret == WC_PENDING_E) {
wolfSSL 11:cee25a834751 10780 ret = wc_AsyncWait(ret, &md5.asyncDev, WC_ASYNC_FLAG_NONE);
wolfSSL 11:cee25a834751 10781 }
wolfSSL 11:cee25a834751 10782 #endif
wolfSSL 11:cee25a834751 10783 if (ret != 0)
wolfSSL 11:cee25a834751 10784 return VERIFY_MAC_ERROR;
wolfSSL 11:cee25a834751 10785
wolfSSL 11:cee25a834751 10786 /* outer */
wolfSSL 11:cee25a834751 10787 ret = wc_Md5Update(&md5, macSecret, digestSz);
wolfSSL 11:cee25a834751 10788 ret |= wc_Md5Update(&md5, PAD2, padSz);
wolfSSL 11:cee25a834751 10789 ret |= wc_Md5Update(&md5, result, digestSz);
wolfSSL 11:cee25a834751 10790 if (ret != 0)
wolfSSL 11:cee25a834751 10791 return VERIFY_MAC_ERROR;
wolfSSL 11:cee25a834751 10792 ret = wc_Md5Final(&md5, digest);
wolfSSL 11:cee25a834751 10793 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 11:cee25a834751 10794 /* TODO: Make non-blocking */
wolfSSL 11:cee25a834751 10795 if (ret == WC_PENDING_E) {
wolfSSL 11:cee25a834751 10796 ret = wc_AsyncWait(ret, &md5.asyncDev, WC_ASYNC_FLAG_NONE);
wolfSSL 11:cee25a834751 10797 }
wolfSSL 11:cee25a834751 10798 #endif
wolfSSL 11:cee25a834751 10799 if (ret != 0)
wolfSSL 11:cee25a834751 10800 return VERIFY_MAC_ERROR;
wolfSSL 11:cee25a834751 10801
wolfSSL 11:cee25a834751 10802 wc_Md5Free(&md5);
wolfSSL 11:cee25a834751 10803 }
wolfSSL 11:cee25a834751 10804 else {
wolfSSL 11:cee25a834751 10805 ret = wc_InitSha_ex(&sha, ssl->heap, ssl->devId);
wolfSSL 11:cee25a834751 10806 if (ret != 0)
wolfSSL 11:cee25a834751 10807 return ret;
wolfSSL 11:cee25a834751 10808
wolfSSL 11:cee25a834751 10809 /* inner */
wolfSSL 11:cee25a834751 10810 ret = wc_ShaUpdate(&sha, macSecret, digestSz);
wolfSSL 11:cee25a834751 10811 ret |= wc_ShaUpdate(&sha, PAD1, padSz);
wolfSSL 11:cee25a834751 10812 ret |= wc_ShaUpdate(&sha, seq, SEQ_SZ);
wolfSSL 11:cee25a834751 10813 ret |= wc_ShaUpdate(&sha, conLen, sizeof(conLen));
wolfSSL 11:cee25a834751 10814 /* in buffer */
wolfSSL 11:cee25a834751 10815 ret |= wc_ShaUpdate(&sha, in, sz);
wolfSSL 11:cee25a834751 10816 if (ret != 0)
wolfSSL 11:cee25a834751 10817 return VERIFY_MAC_ERROR;
wolfSSL 11:cee25a834751 10818 ret = wc_ShaFinal(&sha, result);
wolfSSL 11:cee25a834751 10819 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 11:cee25a834751 10820 /* TODO: Make non-blocking */
wolfSSL 11:cee25a834751 10821 if (ret == WC_PENDING_E) {
wolfSSL 11:cee25a834751 10822 ret = wc_AsyncWait(ret, &sha.asyncDev, WC_ASYNC_FLAG_NONE);
wolfSSL 11:cee25a834751 10823 }
wolfSSL 11:cee25a834751 10824 #endif
wolfSSL 11:cee25a834751 10825 if (ret != 0)
wolfSSL 11:cee25a834751 10826 return VERIFY_MAC_ERROR;
wolfSSL 11:cee25a834751 10827
wolfSSL 11:cee25a834751 10828 /* outer */
wolfSSL 11:cee25a834751 10829 ret = wc_ShaUpdate(&sha, macSecret, digestSz);
wolfSSL 11:cee25a834751 10830 ret |= wc_ShaUpdate(&sha, PAD2, padSz);
wolfSSL 11:cee25a834751 10831 ret |= wc_ShaUpdate(&sha, result, digestSz);
wolfSSL 11:cee25a834751 10832 if (ret != 0)
wolfSSL 11:cee25a834751 10833 return VERIFY_MAC_ERROR;
wolfSSL 11:cee25a834751 10834 ret = wc_ShaFinal(&sha, digest);
wolfSSL 11:cee25a834751 10835 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 11:cee25a834751 10836 /* TODO: Make non-blocking */
wolfSSL 11:cee25a834751 10837 if (ret == WC_PENDING_E) {
wolfSSL 11:cee25a834751 10838 ret = wc_AsyncWait(ret, &sha.asyncDev, WC_ASYNC_FLAG_NONE);
wolfSSL 11:cee25a834751 10839 }
wolfSSL 11:cee25a834751 10840 #endif
wolfSSL 11:cee25a834751 10841 if (ret != 0)
wolfSSL 11:cee25a834751 10842 return VERIFY_MAC_ERROR;
wolfSSL 11:cee25a834751 10843
wolfSSL 11:cee25a834751 10844 wc_ShaFree(&sha);
wolfSSL 11:cee25a834751 10845 }
wolfSSL 11:cee25a834751 10846 return 0;
wolfSSL 11:cee25a834751 10847 }
wolfSSL 11:cee25a834751 10848 #endif /* NO_OLD_TLS */
wolfSSL 11:cee25a834751 10849
wolfSSL 11:cee25a834751 10850
wolfSSL 11:cee25a834751 10851 #ifndef NO_CERTS
wolfSSL 11:cee25a834751 10852
wolfSSL 11:cee25a834751 10853 #if !defined(NO_MD5) && !defined(NO_OLD_TLS)
wolfSSL 11:cee25a834751 10854 static int BuildMD5_CertVerify(WOLFSSL* ssl, byte* digest)
wolfSSL 11:cee25a834751 10855 {
wolfSSL 11:cee25a834751 10856 int ret;
wolfSSL 11:cee25a834751 10857 byte md5_result[MD5_DIGEST_SIZE];
wolfSSL 11:cee25a834751 10858 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 10859 Md5* md5 = (Md5*)XMALLOC(sizeof(Md5), ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 10860 #else
wolfSSL 11:cee25a834751 10861 Md5 md5[1];
wolfSSL 11:cee25a834751 10862 #endif
wolfSSL 11:cee25a834751 10863
wolfSSL 11:cee25a834751 10864 /* make md5 inner */
wolfSSL 11:cee25a834751 10865 ret = wc_Md5Copy(&ssl->hsHashes->hashMd5, md5); /* Save current position */
wolfSSL 11:cee25a834751 10866 if (ret == 0)
wolfSSL 11:cee25a834751 10867 ret = wc_Md5Update(md5, ssl->arrays->masterSecret,SECRET_LEN);
wolfSSL 11:cee25a834751 10868 if (ret == 0)
wolfSSL 11:cee25a834751 10869 ret = wc_Md5Update(md5, PAD1, PAD_MD5);
wolfSSL 11:cee25a834751 10870 if (ret == 0)
wolfSSL 11:cee25a834751 10871 ret = wc_Md5Final(md5, md5_result);
wolfSSL 11:cee25a834751 10872
wolfSSL 11:cee25a834751 10873 /* make md5 outer */
wolfSSL 11:cee25a834751 10874 if (ret == 0) {
wolfSSL 11:cee25a834751 10875 ret = wc_InitMd5_ex(md5, ssl->heap, ssl->devId);
wolfSSL 11:cee25a834751 10876 if (ret == 0) {
wolfSSL 11:cee25a834751 10877 ret = wc_Md5Update(md5, ssl->arrays->masterSecret, SECRET_LEN);
wolfSSL 11:cee25a834751 10878 if (ret == 0)
wolfSSL 11:cee25a834751 10879 ret = wc_Md5Update(md5, PAD2, PAD_MD5);
wolfSSL 11:cee25a834751 10880 if (ret == 0)
wolfSSL 11:cee25a834751 10881 ret = wc_Md5Update(md5, md5_result, MD5_DIGEST_SIZE);
wolfSSL 11:cee25a834751 10882 if (ret == 0)
wolfSSL 11:cee25a834751 10883 ret = wc_Md5Final(md5, digest);
wolfSSL 11:cee25a834751 10884 wc_Md5Free(md5);
wolfSSL 11:cee25a834751 10885 }
wolfSSL 11:cee25a834751 10886 }
wolfSSL 11:cee25a834751 10887
wolfSSL 11:cee25a834751 10888 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 10889 XFREE(md5, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 10890 #endif
wolfSSL 11:cee25a834751 10891
wolfSSL 11:cee25a834751 10892 return ret;
wolfSSL 11:cee25a834751 10893 }
wolfSSL 11:cee25a834751 10894 #endif /* !NO_MD5 && !NO_OLD_TLS */
wolfSSL 11:cee25a834751 10895
wolfSSL 11:cee25a834751 10896 #if !defined(NO_SHA) && (!defined(NO_OLD_TLS) || \
wolfSSL 11:cee25a834751 10897 defined(WOLFSSL_ALLOW_TLS_SHA1))
wolfSSL 11:cee25a834751 10898 static int BuildSHA_CertVerify(WOLFSSL* ssl, byte* digest)
wolfSSL 11:cee25a834751 10899 {
wolfSSL 11:cee25a834751 10900 int ret;
wolfSSL 11:cee25a834751 10901 byte sha_result[SHA_DIGEST_SIZE];
wolfSSL 11:cee25a834751 10902 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 10903 Sha* sha = (Sha*)XMALLOC(sizeof(Sha), ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 10904 #else
wolfSSL 11:cee25a834751 10905 Sha sha[1];
wolfSSL 11:cee25a834751 10906 #endif
wolfSSL 11:cee25a834751 10907
wolfSSL 11:cee25a834751 10908 /* make sha inner */
wolfSSL 11:cee25a834751 10909 ret = wc_ShaCopy(&ssl->hsHashes->hashSha, sha); /* Save current position */
wolfSSL 11:cee25a834751 10910 if (ret == 0)
wolfSSL 11:cee25a834751 10911 ret = wc_ShaUpdate(sha, ssl->arrays->masterSecret,SECRET_LEN);
wolfSSL 11:cee25a834751 10912 if (ret == 0)
wolfSSL 11:cee25a834751 10913 ret = wc_ShaUpdate(sha, PAD1, PAD_SHA);
wolfSSL 11:cee25a834751 10914 if (ret == 0)
wolfSSL 11:cee25a834751 10915 ret = wc_ShaFinal(sha, sha_result);
wolfSSL 11:cee25a834751 10916
wolfSSL 11:cee25a834751 10917 /* make sha outer */
wolfSSL 11:cee25a834751 10918 if (ret == 0) {
wolfSSL 11:cee25a834751 10919 ret = wc_InitSha_ex(sha, ssl->heap, ssl->devId);
wolfSSL 11:cee25a834751 10920 if (ret == 0) {
wolfSSL 11:cee25a834751 10921 ret = wc_ShaUpdate(sha, ssl->arrays->masterSecret,SECRET_LEN);
wolfSSL 11:cee25a834751 10922 if (ret == 0)
wolfSSL 11:cee25a834751 10923 ret = wc_ShaUpdate(sha, PAD2, PAD_SHA);
wolfSSL 11:cee25a834751 10924 if (ret == 0)
wolfSSL 11:cee25a834751 10925 ret = wc_ShaUpdate(sha, sha_result, SHA_DIGEST_SIZE);
wolfSSL 11:cee25a834751 10926 if (ret == 0)
wolfSSL 11:cee25a834751 10927 ret = wc_ShaFinal(sha, digest);
wolfSSL 11:cee25a834751 10928 wc_ShaFree(sha);
wolfSSL 11:cee25a834751 10929 }
wolfSSL 11:cee25a834751 10930 }
wolfSSL 11:cee25a834751 10931
wolfSSL 11:cee25a834751 10932 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 10933 XFREE(sha, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 10934 #endif
wolfSSL 11:cee25a834751 10935
wolfSSL 11:cee25a834751 10936 return ret;
wolfSSL 11:cee25a834751 10937 }
wolfSSL 11:cee25a834751 10938 #endif /* !NO_SHA && (!NO_OLD_TLS || WOLFSSL_ALLOW_TLS_SHA1) */
wolfSSL 11:cee25a834751 10939
wolfSSL 11:cee25a834751 10940 static int BuildCertHashes(WOLFSSL* ssl, Hashes* hashes)
wolfSSL 11:cee25a834751 10941 {
wolfSSL 11:cee25a834751 10942 int ret = 0;
wolfSSL 11:cee25a834751 10943
wolfSSL 11:cee25a834751 10944 (void)hashes;
wolfSSL 11:cee25a834751 10945
wolfSSL 11:cee25a834751 10946 if (ssl->options.tls) {
wolfSSL 11:cee25a834751 10947 #if !defined(NO_MD5) && !defined(NO_OLD_TLS)
wolfSSL 11:cee25a834751 10948 ret = wc_Md5GetHash(&ssl->hsHashes->hashMd5, hashes->md5);
wolfSSL 11:cee25a834751 10949 if (ret != 0)
wolfSSL 11:cee25a834751 10950 return ret;
wolfSSL 11:cee25a834751 10951 #endif
wolfSSL 11:cee25a834751 10952 #if !defined(NO_SHA)
wolfSSL 11:cee25a834751 10953 ret = wc_ShaGetHash(&ssl->hsHashes->hashSha, hashes->sha);
wolfSSL 11:cee25a834751 10954 if (ret != 0)
wolfSSL 11:cee25a834751 10955 return ret;
wolfSSL 11:cee25a834751 10956 #endif
wolfSSL 11:cee25a834751 10957 if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL 11:cee25a834751 10958 #ifndef NO_SHA256
wolfSSL 11:cee25a834751 10959 ret = wc_Sha256GetHash(&ssl->hsHashes->hashSha256,
wolfSSL 11:cee25a834751 10960 hashes->sha256);
wolfSSL 11:cee25a834751 10961 if (ret != 0)
wolfSSL 11:cee25a834751 10962 return ret;
wolfSSL 11:cee25a834751 10963 #endif
wolfSSL 11:cee25a834751 10964 #ifdef WOLFSSL_SHA384
wolfSSL 11:cee25a834751 10965 ret = wc_Sha384GetHash(&ssl->hsHashes->hashSha384,
wolfSSL 11:cee25a834751 10966 hashes->sha384);
wolfSSL 11:cee25a834751 10967 if (ret != 0)
wolfSSL 11:cee25a834751 10968 return ret;
wolfSSL 11:cee25a834751 10969 #endif
wolfSSL 11:cee25a834751 10970 #ifdef WOLFSSL_SHA512
wolfSSL 11:cee25a834751 10971 ret = wc_Sha512GetHash(&ssl->hsHashes->hashSha512,
wolfSSL 11:cee25a834751 10972 hashes->sha512);
wolfSSL 11:cee25a834751 10973 if (ret != 0)
wolfSSL 11:cee25a834751 10974 return ret;
wolfSSL 11:cee25a834751 10975 #endif
wolfSSL 11:cee25a834751 10976 }
wolfSSL 11:cee25a834751 10977 }
wolfSSL 11:cee25a834751 10978 else {
wolfSSL 11:cee25a834751 10979 #if !defined(NO_MD5) && !defined(NO_OLD_TLS)
wolfSSL 11:cee25a834751 10980 ret = BuildMD5_CertVerify(ssl, hashes->md5);
wolfSSL 11:cee25a834751 10981 if (ret != 0)
wolfSSL 11:cee25a834751 10982 return ret;
wolfSSL 11:cee25a834751 10983 #endif
wolfSSL 11:cee25a834751 10984 #if !defined(NO_SHA) && (!defined(NO_OLD_TLS) || \
wolfSSL 11:cee25a834751 10985 defined(WOLFSSL_ALLOW_TLS_SHA1))
wolfSSL 11:cee25a834751 10986 ret = BuildSHA_CertVerify(ssl, hashes->sha);
wolfSSL 11:cee25a834751 10987 if (ret != 0)
wolfSSL 11:cee25a834751 10988 return ret;
wolfSSL 11:cee25a834751 10989 #endif
wolfSSL 11:cee25a834751 10990 }
wolfSSL 11:cee25a834751 10991
wolfSSL 11:cee25a834751 10992 return ret;
wolfSSL 11:cee25a834751 10993 }
wolfSSL 11:cee25a834751 10994
wolfSSL 11:cee25a834751 10995 #endif /* WOLFSSL_LEANPSK */
wolfSSL 11:cee25a834751 10996
wolfSSL 11:cee25a834751 10997 /* Persistable BuildMessage arguments */
wolfSSL 11:cee25a834751 10998 typedef struct BuildMsgArgs {
wolfSSL 11:cee25a834751 10999 word32 digestSz;
wolfSSL 11:cee25a834751 11000 word32 sz;
wolfSSL 11:cee25a834751 11001 word32 pad;
wolfSSL 11:cee25a834751 11002 word32 idx;
wolfSSL 11:cee25a834751 11003 word32 headerSz;
wolfSSL 11:cee25a834751 11004 word16 size;
wolfSSL 11:cee25a834751 11005 word32 ivSz; /* TLSv1.1 IV */
wolfSSL 11:cee25a834751 11006 byte iv[AES_BLOCK_SIZE]; /* max size */
wolfSSL 11:cee25a834751 11007 } BuildMsgArgs;
wolfSSL 11:cee25a834751 11008
wolfSSL 11:cee25a834751 11009 static void FreeBuildMsgArgs(WOLFSSL* ssl, void* pArgs)
wolfSSL 11:cee25a834751 11010 {
wolfSSL 11:cee25a834751 11011 BuildMsgArgs* args = (BuildMsgArgs*)pArgs;
wolfSSL 11:cee25a834751 11012
wolfSSL 11:cee25a834751 11013 (void)ssl;
wolfSSL 11:cee25a834751 11014 (void)args;
wolfSSL 11:cee25a834751 11015
wolfSSL 11:cee25a834751 11016 /* no allocations in BuildMessage */
wolfSSL 11:cee25a834751 11017 }
wolfSSL 11:cee25a834751 11018
wolfSSL 11:cee25a834751 11019 /* Build SSL Message, encrypted */
wolfSSL 11:cee25a834751 11020 int BuildMessage(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
wolfSSL 11:cee25a834751 11021 int inSz, int type, int hashOutput, int sizeOnly, int asyncOkay)
wolfSSL 11:cee25a834751 11022 {
wolfSSL 11:cee25a834751 11023 int ret = 0;
wolfSSL 11:cee25a834751 11024 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 11:cee25a834751 11025 BuildMsgArgs* args = (BuildMsgArgs*)ssl->async.args;
wolfSSL 11:cee25a834751 11026 typedef char args_test[sizeof(ssl->async.args) >= sizeof(*args) ? 1 : -1];
wolfSSL 11:cee25a834751 11027 (void)sizeof(args_test);
wolfSSL 11:cee25a834751 11028 #else
wolfSSL 11:cee25a834751 11029 BuildMsgArgs args[1];
wolfSSL 11:cee25a834751 11030 #endif
wolfSSL 11:cee25a834751 11031
wolfSSL 11:cee25a834751 11032 WOLFSSL_ENTER("BuildMessage");
wolfSSL 11:cee25a834751 11033
wolfSSL 11:cee25a834751 11034 if (ssl == NULL || output == NULL) {
wolfSSL 11:cee25a834751 11035 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 11036 }
wolfSSL 11:cee25a834751 11037
wolfSSL 11:cee25a834751 11038 ret = WC_NOT_PENDING_E;
wolfSSL 11:cee25a834751 11039 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 11:cee25a834751 11040 if (asyncOkay) {
wolfSSL 11:cee25a834751 11041 ret = wolfSSL_AsyncPop(ssl, &ssl->options.buildMsgState);
wolfSSL 11:cee25a834751 11042 if (ret != WC_NOT_PENDING_E) {
wolfSSL 11:cee25a834751 11043 /* Check for error */
wolfSSL 11:cee25a834751 11044 if (ret < 0)
wolfSSL 11:cee25a834751 11045 goto exit_buildmsg;
wolfSSL 11:cee25a834751 11046 }
wolfSSL 11:cee25a834751 11047 }
wolfSSL 11:cee25a834751 11048 #endif
wolfSSL 11:cee25a834751 11049
wolfSSL 11:cee25a834751 11050 /* Reset state */
wolfSSL 11:cee25a834751 11051 if (ret == WC_NOT_PENDING_E) {
wolfSSL 11:cee25a834751 11052 ret = 0;
wolfSSL 11:cee25a834751 11053 ssl->options.buildMsgState = BUILD_MSG_BEGIN;
wolfSSL 11:cee25a834751 11054 XMEMSET(args, 0, sizeof(BuildMsgArgs));
wolfSSL 11:cee25a834751 11055
wolfSSL 11:cee25a834751 11056 args->sz = RECORD_HEADER_SZ + inSz;
wolfSSL 11:cee25a834751 11057 args->idx = RECORD_HEADER_SZ;
wolfSSL 11:cee25a834751 11058 args->headerSz = RECORD_HEADER_SZ;
wolfSSL 11:cee25a834751 11059 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 11:cee25a834751 11060 ssl->async.freeArgs = FreeBuildMsgArgs;
wolfSSL 11:cee25a834751 11061 #endif
wolfSSL 11:cee25a834751 11062 }
wolfSSL 11:cee25a834751 11063
wolfSSL 11:cee25a834751 11064 switch (ssl->options.buildMsgState) {
wolfSSL 11:cee25a834751 11065 case BUILD_MSG_BEGIN:
wolfSSL 11:cee25a834751 11066 {
wolfSSL 11:cee25a834751 11067 /* catch mistaken sizeOnly parameter */
wolfSSL 11:cee25a834751 11068 if (!sizeOnly && (output == NULL || input == NULL) ) {
wolfSSL 11:cee25a834751 11069 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 11070 }
wolfSSL 11:cee25a834751 11071 if (sizeOnly && (output || input) ) {
wolfSSL 11:cee25a834751 11072 WOLFSSL_MSG("BuildMessage w/sizeOnly doesn't need input/output");
wolfSSL 11:cee25a834751 11073 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 11074 }
wolfSSL 11:cee25a834751 11075
wolfSSL 11:cee25a834751 11076 ssl->options.buildMsgState = BUILD_MSG_SIZE;
wolfSSL 11:cee25a834751 11077 }
wolfSSL 11:cee25a834751 11078
wolfSSL 11:cee25a834751 11079 case BUILD_MSG_SIZE:
wolfSSL 11:cee25a834751 11080 {
wolfSSL 11:cee25a834751 11081 args->digestSz = ssl->specs.hash_size;
wolfSSL 11:cee25a834751 11082 #ifdef HAVE_TRUNCATED_HMAC
wolfSSL 11:cee25a834751 11083 if (ssl->truncated_hmac)
wolfSSL 11:cee25a834751 11084 args->digestSz = min(TRUNCATED_HMAC_SZ, args->digestSz);
wolfSSL 11:cee25a834751 11085 #endif
wolfSSL 11:cee25a834751 11086 args->sz += args->digestSz;
wolfSSL 11:cee25a834751 11087
wolfSSL 11:cee25a834751 11088 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 11089 if (ssl->options.dtls) {
wolfSSL 11:cee25a834751 11090 args->sz += DTLS_RECORD_EXTRA;
wolfSSL 11:cee25a834751 11091 args->idx += DTLS_RECORD_EXTRA;
wolfSSL 11:cee25a834751 11092 args->headerSz += DTLS_RECORD_EXTRA;
wolfSSL 11:cee25a834751 11093 }
wolfSSL 11:cee25a834751 11094 #endif
wolfSSL 11:cee25a834751 11095
wolfSSL 11:cee25a834751 11096 if (ssl->specs.cipher_type == block) {
wolfSSL 11:cee25a834751 11097 word32 blockSz = ssl->specs.block_size;
wolfSSL 11:cee25a834751 11098 if (ssl->options.tls1_1) {
wolfSSL 11:cee25a834751 11099 args->ivSz = blockSz;
wolfSSL 11:cee25a834751 11100 args->sz += args->ivSz;
wolfSSL 11:cee25a834751 11101
wolfSSL 11:cee25a834751 11102 if (args->ivSz > (word32)sizeof(args->iv))
wolfSSL 11:cee25a834751 11103 ERROR_OUT(BUFFER_E, exit_buildmsg);
wolfSSL 11:cee25a834751 11104 }
wolfSSL 11:cee25a834751 11105 args->sz += 1; /* pad byte */
wolfSSL 11:cee25a834751 11106 args->pad = (args->sz - args->headerSz) % blockSz;
wolfSSL 11:cee25a834751 11107 args->pad = blockSz - args->pad;
wolfSSL 11:cee25a834751 11108 args->sz += args->pad;
wolfSSL 11:cee25a834751 11109 }
wolfSSL 11:cee25a834751 11110
wolfSSL 11:cee25a834751 11111 #ifdef HAVE_AEAD
wolfSSL 11:cee25a834751 11112 if (ssl->specs.cipher_type == aead) {
wolfSSL 11:cee25a834751 11113 if (ssl->specs.bulk_cipher_algorithm != wolfssl_chacha)
wolfSSL 11:cee25a834751 11114 args->ivSz = AESGCM_EXP_IV_SZ;
wolfSSL 11:cee25a834751 11115
wolfSSL 11:cee25a834751 11116 args->sz += (args->ivSz + ssl->specs.aead_mac_size - args->digestSz);
wolfSSL 11:cee25a834751 11117 }
wolfSSL 11:cee25a834751 11118 #endif
wolfSSL 11:cee25a834751 11119
wolfSSL 11:cee25a834751 11120 /* done with size calculations */
wolfSSL 11:cee25a834751 11121 if (sizeOnly)
wolfSSL 11:cee25a834751 11122 goto exit_buildmsg;
wolfSSL 11:cee25a834751 11123
wolfSSL 11:cee25a834751 11124 if (args->sz > (word32)outSz) {
wolfSSL 11:cee25a834751 11125 WOLFSSL_MSG("Oops, want to write past output buffer size");
wolfSSL 11:cee25a834751 11126 ERROR_OUT(BUFFER_E, exit_buildmsg);
wolfSSL 11:cee25a834751 11127 }
wolfSSL 11:cee25a834751 11128
wolfSSL 11:cee25a834751 11129 if (args->ivSz > 0) {
wolfSSL 11:cee25a834751 11130 ret = wc_RNG_GenerateBlock(ssl->rng, args->iv, args->ivSz);
wolfSSL 11:cee25a834751 11131 if (ret != 0)
wolfSSL 11:cee25a834751 11132 goto exit_buildmsg;
wolfSSL 11:cee25a834751 11133
wolfSSL 11:cee25a834751 11134 }
wolfSSL 11:cee25a834751 11135
wolfSSL 11:cee25a834751 11136 #ifdef HAVE_AEAD
wolfSSL 11:cee25a834751 11137 if (ssl->specs.cipher_type == aead) {
wolfSSL 11:cee25a834751 11138 if (ssl->specs.bulk_cipher_algorithm != wolfssl_chacha)
wolfSSL 11:cee25a834751 11139 XMEMCPY(args->iv, ssl->keys.aead_exp_IV, AESGCM_EXP_IV_SZ);
wolfSSL 11:cee25a834751 11140 }
wolfSSL 11:cee25a834751 11141 #endif
wolfSSL 11:cee25a834751 11142
wolfSSL 11:cee25a834751 11143 args->size = (word16)(args->sz - args->headerSz); /* include mac and digest */
wolfSSL 11:cee25a834751 11144 AddRecordHeader(output, args->size, (byte)type, ssl);
wolfSSL 11:cee25a834751 11145
wolfSSL 11:cee25a834751 11146 /* write to output */
wolfSSL 11:cee25a834751 11147 if (args->ivSz) {
wolfSSL 11:cee25a834751 11148 XMEMCPY(output + args->idx, args->iv,
wolfSSL 11:cee25a834751 11149 min(args->ivSz, sizeof(args->iv)));
wolfSSL 11:cee25a834751 11150 args->idx += args->ivSz;
wolfSSL 11:cee25a834751 11151 }
wolfSSL 11:cee25a834751 11152 XMEMCPY(output + args->idx, input, inSz);
wolfSSL 11:cee25a834751 11153 args->idx += inSz;
wolfSSL 11:cee25a834751 11154
wolfSSL 11:cee25a834751 11155 ssl->options.buildMsgState = BUILD_MSG_HASH;
wolfSSL 11:cee25a834751 11156 }
wolfSSL 11:cee25a834751 11157 case BUILD_MSG_HASH:
wolfSSL 11:cee25a834751 11158 {
wolfSSL 11:cee25a834751 11159 word32 i;
wolfSSL 11:cee25a834751 11160
wolfSSL 11:cee25a834751 11161 if (type == handshake && hashOutput) {
wolfSSL 11:cee25a834751 11162 ret = HashOutput(ssl, output, args->headerSz + inSz, args->ivSz);
wolfSSL 11:cee25a834751 11163 if (ret != 0)
wolfSSL 11:cee25a834751 11164 goto exit_buildmsg;
wolfSSL 11:cee25a834751 11165 }
wolfSSL 11:cee25a834751 11166 if (ssl->specs.cipher_type == block) {
wolfSSL 11:cee25a834751 11167 word32 tmpIdx = args->idx + args->digestSz;
wolfSSL 11:cee25a834751 11168
wolfSSL 11:cee25a834751 11169 for (i = 0; i <= args->pad; i++)
wolfSSL 11:cee25a834751 11170 output[tmpIdx++] = (byte)args->pad; /* pad byte gets pad value */
wolfSSL 11:cee25a834751 11171 }
wolfSSL 11:cee25a834751 11172
wolfSSL 11:cee25a834751 11173 ssl->options.buildMsgState = BUILD_MSG_VERIFY_MAC;
wolfSSL 11:cee25a834751 11174 }
wolfSSL 11:cee25a834751 11175 case BUILD_MSG_VERIFY_MAC:
wolfSSL 11:cee25a834751 11176 {
wolfSSL 11:cee25a834751 11177 /* User Record Layer Callback handling */
wolfSSL 11:cee25a834751 11178 #ifdef ATOMIC_USER
wolfSSL 11:cee25a834751 11179 if (ssl->ctx->MacEncryptCb) {
wolfSSL 11:cee25a834751 11180 ret = ssl->ctx->MacEncryptCb(ssl, output + args->idx,
wolfSSL 11:cee25a834751 11181 output + args->headerSz + args->ivSz, inSz, type, 0,
wolfSSL 11:cee25a834751 11182 output + args->headerSz, output + args->headerSz, args->size,
wolfSSL 11:cee25a834751 11183 ssl->MacEncryptCtx);
wolfSSL 11:cee25a834751 11184 goto exit_buildmsg;
wolfSSL 11:cee25a834751 11185 }
wolfSSL 11:cee25a834751 11186 #endif
wolfSSL 11:cee25a834751 11187
wolfSSL 11:cee25a834751 11188 if (ssl->specs.cipher_type != aead) {
wolfSSL 11:cee25a834751 11189 #ifdef HAVE_TRUNCATED_HMAC
wolfSSL 11:cee25a834751 11190 if (ssl->truncated_hmac && ssl->specs.hash_size > args->digestSz) {
wolfSSL 11:cee25a834751 11191 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 11192 byte* hmac = NULL;
wolfSSL 11:cee25a834751 11193 #else
wolfSSL 11:cee25a834751 11194 byte hmac[MAX_DIGEST_SIZE];
wolfSSL 11:cee25a834751 11195 #endif
wolfSSL 11:cee25a834751 11196
wolfSSL 11:cee25a834751 11197 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 11198 hmac = (byte*)XMALLOC(MAX_DIGEST_SIZE, ssl->heap,
wolfSSL 11:cee25a834751 11199 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 11200 if (hmac == NULL)
wolfSSL 11:cee25a834751 11201 ERROR_OUT(MEMORY_E, exit_buildmsg);
wolfSSL 11:cee25a834751 11202 #endif
wolfSSL 11:cee25a834751 11203
wolfSSL 11:cee25a834751 11204 ret = ssl->hmac(ssl, hmac, output + args->headerSz + args->ivSz, inSz,
wolfSSL 11:cee25a834751 11205 type, 0);
wolfSSL 11:cee25a834751 11206 XMEMCPY(output + args->idx, hmac, args->digestSz);
wolfSSL 11:cee25a834751 11207
wolfSSL 11:cee25a834751 11208 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 11209 XFREE(hmac, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 11210 #endif
wolfSSL 11:cee25a834751 11211 }
wolfSSL 11:cee25a834751 11212 else
wolfSSL 11:cee25a834751 11213 #endif
wolfSSL 11:cee25a834751 11214 ret = ssl->hmac(ssl, output + args->idx, output + args->headerSz + args->ivSz,
wolfSSL 11:cee25a834751 11215 inSz, type, 0);
wolfSSL 11:cee25a834751 11216 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 11217 if (ssl->options.dtls)
wolfSSL 11:cee25a834751 11218 DtlsSEQIncrement(ssl, CUR_ORDER);
wolfSSL 11:cee25a834751 11219 #endif
wolfSSL 11:cee25a834751 11220 }
wolfSSL 11:cee25a834751 11221 if (ret != 0)
wolfSSL 11:cee25a834751 11222 goto exit_buildmsg;
wolfSSL 11:cee25a834751 11223
wolfSSL 11:cee25a834751 11224 ssl->options.buildMsgState = BUILD_MSG_ENCRYPT;
wolfSSL 11:cee25a834751 11225 }
wolfSSL 11:cee25a834751 11226 case BUILD_MSG_ENCRYPT:
wolfSSL 11:cee25a834751 11227 {
wolfSSL 11:cee25a834751 11228 ret = Encrypt(ssl, output + args->headerSz, output + args->headerSz, args->size,
wolfSSL 11:cee25a834751 11229 asyncOkay);
wolfSSL 11:cee25a834751 11230 break;
wolfSSL 11:cee25a834751 11231 }
wolfSSL 11:cee25a834751 11232 }
wolfSSL 11:cee25a834751 11233
wolfSSL 11:cee25a834751 11234 exit_buildmsg:
wolfSSL 11:cee25a834751 11235
wolfSSL 11:cee25a834751 11236 WOLFSSL_LEAVE("BuildMessage", ret);
wolfSSL 11:cee25a834751 11237
wolfSSL 11:cee25a834751 11238 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 11:cee25a834751 11239 if (ret == WC_PENDING_E) {
wolfSSL 11:cee25a834751 11240 return ret;
wolfSSL 11:cee25a834751 11241 }
wolfSSL 11:cee25a834751 11242 #endif
wolfSSL 11:cee25a834751 11243
wolfSSL 11:cee25a834751 11244 /* make sure build message state is reset */
wolfSSL 11:cee25a834751 11245 ssl->options.buildMsgState = BUILD_MSG_BEGIN;
wolfSSL 11:cee25a834751 11246
wolfSSL 11:cee25a834751 11247 /* return sz on success */
wolfSSL 11:cee25a834751 11248 if (ret == 0)
wolfSSL 11:cee25a834751 11249 ret = args->sz;
wolfSSL 11:cee25a834751 11250
wolfSSL 11:cee25a834751 11251 /* Final cleanup */
wolfSSL 11:cee25a834751 11252 FreeBuildMsgArgs(ssl, args);
wolfSSL 11:cee25a834751 11253
wolfSSL 11:cee25a834751 11254 return ret;
wolfSSL 11:cee25a834751 11255 }
wolfSSL 11:cee25a834751 11256
wolfSSL 11:cee25a834751 11257
wolfSSL 11:cee25a834751 11258 int SendFinished(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 11259 {
wolfSSL 11:cee25a834751 11260 int sendSz,
wolfSSL 11:cee25a834751 11261 finishedSz = ssl->options.tls ? TLS_FINISHED_SZ :
wolfSSL 11:cee25a834751 11262 FINISHED_SZ;
wolfSSL 11:cee25a834751 11263 byte input[FINISHED_SZ + DTLS_HANDSHAKE_HEADER_SZ]; /* max */
wolfSSL 11:cee25a834751 11264 byte *output;
wolfSSL 11:cee25a834751 11265 Hashes* hashes;
wolfSSL 11:cee25a834751 11266 int ret;
wolfSSL 11:cee25a834751 11267 int headerSz = HANDSHAKE_HEADER_SZ;
wolfSSL 11:cee25a834751 11268 int outputSz;
wolfSSL 11:cee25a834751 11269
wolfSSL 11:cee25a834751 11270 /* setup encrypt keys */
wolfSSL 11:cee25a834751 11271 if ((ret = SetKeysSide(ssl, ENCRYPT_SIDE_ONLY)) != 0)
wolfSSL 11:cee25a834751 11272 return ret;
wolfSSL 11:cee25a834751 11273
wolfSSL 11:cee25a834751 11274 /* check for available size */
wolfSSL 11:cee25a834751 11275 outputSz = sizeof(input) + MAX_MSG_EXTRA;
wolfSSL 11:cee25a834751 11276 if ((ret = CheckAvailableSize(ssl, outputSz)) != 0)
wolfSSL 11:cee25a834751 11277 return ret;
wolfSSL 11:cee25a834751 11278
wolfSSL 11:cee25a834751 11279 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 11280 if (ssl->options.dtls) {
wolfSSL 11:cee25a834751 11281 headerSz += DTLS_HANDSHAKE_EXTRA;
wolfSSL 11:cee25a834751 11282 ssl->keys.dtls_epoch++;
wolfSSL 11:cee25a834751 11283 ssl->keys.dtls_prev_sequence_number_hi =
wolfSSL 11:cee25a834751 11284 ssl->keys.dtls_sequence_number_hi;
wolfSSL 11:cee25a834751 11285 ssl->keys.dtls_prev_sequence_number_lo =
wolfSSL 11:cee25a834751 11286 ssl->keys.dtls_sequence_number_lo;
wolfSSL 11:cee25a834751 11287 ssl->keys.dtls_sequence_number_hi = 0;
wolfSSL 11:cee25a834751 11288 ssl->keys.dtls_sequence_number_lo = 0;
wolfSSL 11:cee25a834751 11289 }
wolfSSL 11:cee25a834751 11290 #endif
wolfSSL 11:cee25a834751 11291
wolfSSL 11:cee25a834751 11292 /* get output buffer */
wolfSSL 11:cee25a834751 11293 output = ssl->buffers.outputBuffer.buffer +
wolfSSL 11:cee25a834751 11294 ssl->buffers.outputBuffer.length;
wolfSSL 11:cee25a834751 11295
wolfSSL 11:cee25a834751 11296 AddHandShakeHeader(input, finishedSz, 0, finishedSz, finished, ssl);
wolfSSL 11:cee25a834751 11297
wolfSSL 11:cee25a834751 11298 /* make finished hashes */
wolfSSL 11:cee25a834751 11299 hashes = (Hashes*)&input[headerSz];
wolfSSL 11:cee25a834751 11300 ret = BuildFinished(ssl, hashes,
wolfSSL 11:cee25a834751 11301 ssl->options.side == WOLFSSL_CLIENT_END ? client : server);
wolfSSL 11:cee25a834751 11302 if (ret != 0) return ret;
wolfSSL 11:cee25a834751 11303
wolfSSL 11:cee25a834751 11304 #ifdef HAVE_SECURE_RENEGOTIATION
wolfSSL 11:cee25a834751 11305 if (ssl->secure_renegotiation) {
wolfSSL 11:cee25a834751 11306 if (ssl->options.side == WOLFSSL_CLIENT_END)
wolfSSL 11:cee25a834751 11307 XMEMCPY(ssl->secure_renegotiation->client_verify_data, hashes,
wolfSSL 11:cee25a834751 11308 TLS_FINISHED_SZ);
wolfSSL 11:cee25a834751 11309 else
wolfSSL 11:cee25a834751 11310 XMEMCPY(ssl->secure_renegotiation->server_verify_data, hashes,
wolfSSL 11:cee25a834751 11311 TLS_FINISHED_SZ);
wolfSSL 11:cee25a834751 11312 }
wolfSSL 11:cee25a834751 11313 #endif
wolfSSL 11:cee25a834751 11314
wolfSSL 11:cee25a834751 11315 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 11316 if (IsDtlsNotSctpMode(ssl)) {
wolfSSL 11:cee25a834751 11317 if ((ret = DtlsMsgPoolSave(ssl, input, headerSz + finishedSz)) != 0)
wolfSSL 11:cee25a834751 11318 return ret;
wolfSSL 11:cee25a834751 11319 }
wolfSSL 11:cee25a834751 11320 #endif
wolfSSL 11:cee25a834751 11321
wolfSSL 11:cee25a834751 11322 sendSz = BuildMessage(ssl, output, outputSz, input, headerSz + finishedSz,
wolfSSL 11:cee25a834751 11323 handshake, 1, 0, 0);
wolfSSL 11:cee25a834751 11324 if (sendSz < 0)
wolfSSL 11:cee25a834751 11325 return BUILD_MSG_ERROR;
wolfSSL 11:cee25a834751 11326
wolfSSL 11:cee25a834751 11327 if (!ssl->options.resuming) {
wolfSSL 11:cee25a834751 11328 #ifndef NO_SESSION_CACHE
wolfSSL 11:cee25a834751 11329 AddSession(ssl); /* just try */
wolfSSL 11:cee25a834751 11330 #endif
wolfSSL 11:cee25a834751 11331 if (ssl->options.side == WOLFSSL_SERVER_END) {
wolfSSL 11:cee25a834751 11332 ssl->options.handShakeState = HANDSHAKE_DONE;
wolfSSL 11:cee25a834751 11333 ssl->options.handShakeDone = 1;
wolfSSL 11:cee25a834751 11334 }
wolfSSL 11:cee25a834751 11335 }
wolfSSL 11:cee25a834751 11336 else {
wolfSSL 11:cee25a834751 11337 if (ssl->options.side == WOLFSSL_CLIENT_END) {
wolfSSL 11:cee25a834751 11338 ssl->options.handShakeState = HANDSHAKE_DONE;
wolfSSL 11:cee25a834751 11339 ssl->options.handShakeDone = 1;
wolfSSL 11:cee25a834751 11340 }
wolfSSL 11:cee25a834751 11341 }
wolfSSL 11:cee25a834751 11342
wolfSSL 11:cee25a834751 11343 #ifdef WOLFSSL_CALLBACKS
wolfSSL 11:cee25a834751 11344 if (ssl->hsInfoOn) AddPacketName("Finished", &ssl->handShakeInfo);
wolfSSL 11:cee25a834751 11345 if (ssl->toInfoOn)
wolfSSL 11:cee25a834751 11346 AddPacketInfo("Finished", &ssl->timeoutInfo, output, sendSz,
wolfSSL 11:cee25a834751 11347 ssl->heap);
wolfSSL 11:cee25a834751 11348 #endif
wolfSSL 11:cee25a834751 11349
wolfSSL 11:cee25a834751 11350 ssl->buffers.outputBuffer.length += sendSz;
wolfSSL 11:cee25a834751 11351
wolfSSL 11:cee25a834751 11352 return SendBuffered(ssl);
wolfSSL 11:cee25a834751 11353 }
wolfSSL 11:cee25a834751 11354
wolfSSL 11:cee25a834751 11355
wolfSSL 11:cee25a834751 11356 #ifndef NO_CERTS
wolfSSL 11:cee25a834751 11357 int SendCertificate(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 11358 {
wolfSSL 11:cee25a834751 11359 int ret = 0;
wolfSSL 11:cee25a834751 11360 word32 certSz, certChainSz, headerSz, listSz, payloadSz;
wolfSSL 11:cee25a834751 11361 word32 length, maxFragment;
wolfSSL 11:cee25a834751 11362
wolfSSL 11:cee25a834751 11363 if (ssl->options.usingPSK_cipher || ssl->options.usingAnon_cipher)
wolfSSL 11:cee25a834751 11364 return 0; /* not needed */
wolfSSL 11:cee25a834751 11365
wolfSSL 11:cee25a834751 11366 if (ssl->options.sendVerify == SEND_BLANK_CERT) {
wolfSSL 11:cee25a834751 11367 certSz = 0;
wolfSSL 11:cee25a834751 11368 certChainSz = 0;
wolfSSL 11:cee25a834751 11369 headerSz = CERT_HEADER_SZ;
wolfSSL 11:cee25a834751 11370 length = CERT_HEADER_SZ;
wolfSSL 11:cee25a834751 11371 listSz = 0;
wolfSSL 11:cee25a834751 11372 }
wolfSSL 11:cee25a834751 11373 else {
wolfSSL 11:cee25a834751 11374 if (!ssl->buffers.certificate) {
wolfSSL 11:cee25a834751 11375 WOLFSSL_MSG("Send Cert missing certificate buffer");
wolfSSL 11:cee25a834751 11376 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 11377 }
wolfSSL 11:cee25a834751 11378 certSz = ssl->buffers.certificate->length;
wolfSSL 11:cee25a834751 11379 headerSz = 2 * CERT_HEADER_SZ;
wolfSSL 11:cee25a834751 11380 /* list + cert size */
wolfSSL 11:cee25a834751 11381 length = certSz + headerSz;
wolfSSL 11:cee25a834751 11382 listSz = certSz + CERT_HEADER_SZ;
wolfSSL 11:cee25a834751 11383
wolfSSL 11:cee25a834751 11384 /* may need to send rest of chain, already has leading size(s) */
wolfSSL 11:cee25a834751 11385 if (certSz && ssl->buffers.certChain) {
wolfSSL 11:cee25a834751 11386 certChainSz = ssl->buffers.certChain->length;
wolfSSL 11:cee25a834751 11387 length += certChainSz;
wolfSSL 11:cee25a834751 11388 listSz += certChainSz;
wolfSSL 11:cee25a834751 11389 }
wolfSSL 11:cee25a834751 11390 else
wolfSSL 11:cee25a834751 11391 certChainSz = 0;
wolfSSL 11:cee25a834751 11392 }
wolfSSL 11:cee25a834751 11393
wolfSSL 11:cee25a834751 11394 payloadSz = length;
wolfSSL 11:cee25a834751 11395
wolfSSL 11:cee25a834751 11396 if (ssl->fragOffset != 0)
wolfSSL 11:cee25a834751 11397 length -= (ssl->fragOffset + headerSz);
wolfSSL 11:cee25a834751 11398
wolfSSL 11:cee25a834751 11399 maxFragment = MAX_RECORD_SIZE;
wolfSSL 11:cee25a834751 11400 if (ssl->options.dtls) {
wolfSSL 11:cee25a834751 11401 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 11402 maxFragment = MAX_MTU - DTLS_RECORD_HEADER_SZ
wolfSSL 11:cee25a834751 11403 - DTLS_HANDSHAKE_HEADER_SZ - 100;
wolfSSL 11:cee25a834751 11404 #endif /* WOLFSSL_DTLS */
wolfSSL 11:cee25a834751 11405 }
wolfSSL 11:cee25a834751 11406
wolfSSL 11:cee25a834751 11407 #ifdef HAVE_MAX_FRAGMENT
wolfSSL 11:cee25a834751 11408 if (ssl->max_fragment != 0 && maxFragment >= ssl->max_fragment)
wolfSSL 11:cee25a834751 11409 maxFragment = ssl->max_fragment;
wolfSSL 11:cee25a834751 11410 #endif /* HAVE_MAX_FRAGMENT */
wolfSSL 11:cee25a834751 11411
wolfSSL 11:cee25a834751 11412 while (length > 0 && ret == 0) {
wolfSSL 11:cee25a834751 11413 byte* output = NULL;
wolfSSL 11:cee25a834751 11414 word32 fragSz = 0;
wolfSSL 11:cee25a834751 11415 word32 i = RECORD_HEADER_SZ;
wolfSSL 11:cee25a834751 11416 int sendSz = RECORD_HEADER_SZ;
wolfSSL 11:cee25a834751 11417
wolfSSL 11:cee25a834751 11418 if (!ssl->options.dtls) {
wolfSSL 11:cee25a834751 11419 if (ssl->fragOffset == 0) {
wolfSSL 11:cee25a834751 11420 if (headerSz + certSz + certChainSz <=
wolfSSL 11:cee25a834751 11421 maxFragment - HANDSHAKE_HEADER_SZ) {
wolfSSL 11:cee25a834751 11422
wolfSSL 11:cee25a834751 11423 fragSz = headerSz + certSz + certChainSz;
wolfSSL 11:cee25a834751 11424 }
wolfSSL 11:cee25a834751 11425 else {
wolfSSL 11:cee25a834751 11426 fragSz = maxFragment - HANDSHAKE_HEADER_SZ;
wolfSSL 11:cee25a834751 11427 }
wolfSSL 11:cee25a834751 11428 sendSz += fragSz + HANDSHAKE_HEADER_SZ;
wolfSSL 11:cee25a834751 11429 i += HANDSHAKE_HEADER_SZ;
wolfSSL 11:cee25a834751 11430 }
wolfSSL 11:cee25a834751 11431 else {
wolfSSL 11:cee25a834751 11432 fragSz = min(length, maxFragment);
wolfSSL 11:cee25a834751 11433 sendSz += fragSz;
wolfSSL 11:cee25a834751 11434 }
wolfSSL 11:cee25a834751 11435
wolfSSL 11:cee25a834751 11436 if (IsEncryptionOn(ssl, 1))
wolfSSL 11:cee25a834751 11437 sendSz += MAX_MSG_EXTRA;
wolfSSL 11:cee25a834751 11438 }
wolfSSL 11:cee25a834751 11439 else {
wolfSSL 11:cee25a834751 11440 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 11441 fragSz = min(length, maxFragment);
wolfSSL 11:cee25a834751 11442 sendSz += fragSz + DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA
wolfSSL 11:cee25a834751 11443 + HANDSHAKE_HEADER_SZ;
wolfSSL 11:cee25a834751 11444 i += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA
wolfSSL 11:cee25a834751 11445 + HANDSHAKE_HEADER_SZ;
wolfSSL 11:cee25a834751 11446 #endif
wolfSSL 11:cee25a834751 11447 }
wolfSSL 11:cee25a834751 11448
wolfSSL 11:cee25a834751 11449 /* check for available size */
wolfSSL 11:cee25a834751 11450 if ((ret = CheckAvailableSize(ssl, sendSz)) != 0)
wolfSSL 11:cee25a834751 11451 return ret;
wolfSSL 11:cee25a834751 11452
wolfSSL 11:cee25a834751 11453 /* get output buffer */
wolfSSL 11:cee25a834751 11454 output = ssl->buffers.outputBuffer.buffer +
wolfSSL 11:cee25a834751 11455 ssl->buffers.outputBuffer.length;
wolfSSL 11:cee25a834751 11456
wolfSSL 11:cee25a834751 11457 if (ssl->fragOffset == 0) {
wolfSSL 11:cee25a834751 11458 if (!ssl->options.dtls) {
wolfSSL 11:cee25a834751 11459 AddFragHeaders(output, fragSz, 0, payloadSz, certificate, ssl);
wolfSSL 11:cee25a834751 11460 if (!IsEncryptionOn(ssl, 1))
wolfSSL 11:cee25a834751 11461 HashOutputRaw(ssl, output + RECORD_HEADER_SZ,
wolfSSL 11:cee25a834751 11462 HANDSHAKE_HEADER_SZ);
wolfSSL 11:cee25a834751 11463 }
wolfSSL 11:cee25a834751 11464 else {
wolfSSL 11:cee25a834751 11465 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 11466 AddHeaders(output, payloadSz, certificate, ssl);
wolfSSL 11:cee25a834751 11467 if (!IsEncryptionOn(ssl, 1))
wolfSSL 11:cee25a834751 11468 HashOutputRaw(ssl,
wolfSSL 11:cee25a834751 11469 output + RECORD_HEADER_SZ + DTLS_RECORD_EXTRA,
wolfSSL 11:cee25a834751 11470 HANDSHAKE_HEADER_SZ + DTLS_HANDSHAKE_EXTRA);
wolfSSL 11:cee25a834751 11471 /* Adding the headers increments these, decrement them for
wolfSSL 11:cee25a834751 11472 * actual message header. */
wolfSSL 11:cee25a834751 11473 ssl->keys.dtls_handshake_number--;
wolfSSL 11:cee25a834751 11474 AddFragHeaders(output, fragSz, 0, payloadSz, certificate, ssl);
wolfSSL 11:cee25a834751 11475 ssl->keys.dtls_handshake_number--;
wolfSSL 11:cee25a834751 11476 #endif /* WOLFSSL_DTLS */
wolfSSL 11:cee25a834751 11477 }
wolfSSL 11:cee25a834751 11478
wolfSSL 11:cee25a834751 11479 /* list total */
wolfSSL 11:cee25a834751 11480 c32to24(listSz, output + i);
wolfSSL 11:cee25a834751 11481 if (!IsEncryptionOn(ssl, 1))
wolfSSL 11:cee25a834751 11482 HashOutputRaw(ssl, output + i, CERT_HEADER_SZ);
wolfSSL 11:cee25a834751 11483 i += CERT_HEADER_SZ;
wolfSSL 11:cee25a834751 11484 length -= CERT_HEADER_SZ;
wolfSSL 11:cee25a834751 11485 fragSz -= CERT_HEADER_SZ;
wolfSSL 11:cee25a834751 11486 if (certSz) {
wolfSSL 11:cee25a834751 11487 c32to24(certSz, output + i);
wolfSSL 11:cee25a834751 11488 if (!IsEncryptionOn(ssl, 1))
wolfSSL 11:cee25a834751 11489 HashOutputRaw(ssl, output + i, CERT_HEADER_SZ);
wolfSSL 11:cee25a834751 11490 i += CERT_HEADER_SZ;
wolfSSL 11:cee25a834751 11491 length -= CERT_HEADER_SZ;
wolfSSL 11:cee25a834751 11492 fragSz -= CERT_HEADER_SZ;
wolfSSL 11:cee25a834751 11493
wolfSSL 11:cee25a834751 11494 if (!IsEncryptionOn(ssl, 1)) {
wolfSSL 11:cee25a834751 11495 HashOutputRaw(ssl, ssl->buffers.certificate->buffer, certSz);
wolfSSL 11:cee25a834751 11496 if (certChainSz)
wolfSSL 11:cee25a834751 11497 HashOutputRaw(ssl, ssl->buffers.certChain->buffer,
wolfSSL 11:cee25a834751 11498 certChainSz);
wolfSSL 11:cee25a834751 11499 }
wolfSSL 11:cee25a834751 11500 }
wolfSSL 11:cee25a834751 11501 }
wolfSSL 11:cee25a834751 11502 else {
wolfSSL 11:cee25a834751 11503 if (!ssl->options.dtls) {
wolfSSL 11:cee25a834751 11504 AddRecordHeader(output, fragSz, handshake, ssl);
wolfSSL 11:cee25a834751 11505 }
wolfSSL 11:cee25a834751 11506 else {
wolfSSL 11:cee25a834751 11507 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 11508 AddFragHeaders(output, fragSz, ssl->fragOffset + headerSz,
wolfSSL 11:cee25a834751 11509 payloadSz, certificate, ssl);
wolfSSL 11:cee25a834751 11510 ssl->keys.dtls_handshake_number--;
wolfSSL 11:cee25a834751 11511 #endif /* WOLFSSL_DTLS */
wolfSSL 11:cee25a834751 11512 }
wolfSSL 11:cee25a834751 11513 }
wolfSSL 11:cee25a834751 11514
wolfSSL 11:cee25a834751 11515 /* member */
wolfSSL 11:cee25a834751 11516 if (certSz && ssl->fragOffset < certSz) {
wolfSSL 11:cee25a834751 11517 word32 copySz = min(certSz - ssl->fragOffset, fragSz);
wolfSSL 11:cee25a834751 11518 XMEMCPY(output + i,
wolfSSL 11:cee25a834751 11519 ssl->buffers.certificate->buffer + ssl->fragOffset, copySz);
wolfSSL 11:cee25a834751 11520 i += copySz;
wolfSSL 11:cee25a834751 11521 ssl->fragOffset += copySz;
wolfSSL 11:cee25a834751 11522 length -= copySz;
wolfSSL 11:cee25a834751 11523 fragSz -= copySz;
wolfSSL 11:cee25a834751 11524 }
wolfSSL 11:cee25a834751 11525 if (certChainSz && fragSz) {
wolfSSL 11:cee25a834751 11526 word32 copySz = min(certChainSz + certSz - ssl->fragOffset, fragSz);
wolfSSL 11:cee25a834751 11527 XMEMCPY(output + i,
wolfSSL 11:cee25a834751 11528 ssl->buffers.certChain->buffer + ssl->fragOffset - certSz,
wolfSSL 11:cee25a834751 11529 copySz);
wolfSSL 11:cee25a834751 11530 i += copySz;
wolfSSL 11:cee25a834751 11531 ssl->fragOffset += copySz;
wolfSSL 11:cee25a834751 11532 length -= copySz;
wolfSSL 11:cee25a834751 11533 }
wolfSSL 11:cee25a834751 11534
wolfSSL 11:cee25a834751 11535 if (IsEncryptionOn(ssl, 1)) {
wolfSSL 11:cee25a834751 11536 byte* input = NULL;
wolfSSL 11:cee25a834751 11537 int inputSz = i - RECORD_HEADER_SZ; /* build msg adds rec hdr */
wolfSSL 11:cee25a834751 11538
wolfSSL 11:cee25a834751 11539 if (inputSz < 0) {
wolfSSL 11:cee25a834751 11540 WOLFSSL_MSG("Send Cert bad inputSz");
wolfSSL 11:cee25a834751 11541 return BUFFER_E;
wolfSSL 11:cee25a834751 11542 }
wolfSSL 11:cee25a834751 11543
wolfSSL 11:cee25a834751 11544 if (inputSz > 0) { /* clang thinks could be zero, let's help */
wolfSSL 11:cee25a834751 11545 input = (byte*)XMALLOC(inputSz, ssl->heap,
wolfSSL 11:cee25a834751 11546 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 11547 if (input == NULL)
wolfSSL 11:cee25a834751 11548 return MEMORY_E;
wolfSSL 11:cee25a834751 11549 XMEMCPY(input, output + RECORD_HEADER_SZ, inputSz);
wolfSSL 11:cee25a834751 11550 }
wolfSSL 11:cee25a834751 11551
wolfSSL 11:cee25a834751 11552 sendSz = BuildMessage(ssl, output, sendSz, input, inputSz,
wolfSSL 11:cee25a834751 11553 handshake, 1, 0, 0);
wolfSSL 11:cee25a834751 11554
wolfSSL 11:cee25a834751 11555 if (inputSz > 0)
wolfSSL 11:cee25a834751 11556 XFREE(input, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 11557
wolfSSL 11:cee25a834751 11558 if (sendSz < 0)
wolfSSL 11:cee25a834751 11559 return sendSz;
wolfSSL 11:cee25a834751 11560 }
wolfSSL 11:cee25a834751 11561 else {
wolfSSL 11:cee25a834751 11562 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 11563 if (ssl->options.dtls)
wolfSSL 11:cee25a834751 11564 DtlsSEQIncrement(ssl, CUR_ORDER);
wolfSSL 11:cee25a834751 11565 #endif
wolfSSL 11:cee25a834751 11566 }
wolfSSL 11:cee25a834751 11567
wolfSSL 11:cee25a834751 11568 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 11569 if (IsDtlsNotSctpMode(ssl)) {
wolfSSL 11:cee25a834751 11570 if ((ret = DtlsMsgPoolSave(ssl, output, sendSz)) != 0)
wolfSSL 11:cee25a834751 11571 return ret;
wolfSSL 11:cee25a834751 11572 }
wolfSSL 11:cee25a834751 11573 #endif
wolfSSL 11:cee25a834751 11574
wolfSSL 11:cee25a834751 11575 #ifdef WOLFSSL_CALLBACKS
wolfSSL 11:cee25a834751 11576 if (ssl->hsInfoOn)
wolfSSL 11:cee25a834751 11577 AddPacketName("Certificate", &ssl->handShakeInfo);
wolfSSL 11:cee25a834751 11578 if (ssl->toInfoOn)
wolfSSL 11:cee25a834751 11579 AddPacketInfo("Certificate", &ssl->timeoutInfo, output, sendSz,
wolfSSL 11:cee25a834751 11580 ssl->heap);
wolfSSL 11:cee25a834751 11581 #endif
wolfSSL 11:cee25a834751 11582
wolfSSL 11:cee25a834751 11583 ssl->buffers.outputBuffer.length += sendSz;
wolfSSL 11:cee25a834751 11584 if (!ssl->options.groupMessages)
wolfSSL 11:cee25a834751 11585 ret = SendBuffered(ssl);
wolfSSL 11:cee25a834751 11586 }
wolfSSL 11:cee25a834751 11587
wolfSSL 11:cee25a834751 11588 if (ret != WANT_WRITE) {
wolfSSL 11:cee25a834751 11589 /* Clean up the fragment offset. */
wolfSSL 11:cee25a834751 11590 ssl->fragOffset = 0;
wolfSSL 11:cee25a834751 11591 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 11592 if (ssl->options.dtls)
wolfSSL 11:cee25a834751 11593 ssl->keys.dtls_handshake_number++;
wolfSSL 11:cee25a834751 11594 #endif
wolfSSL 11:cee25a834751 11595 if (ssl->options.side == WOLFSSL_SERVER_END)
wolfSSL 11:cee25a834751 11596 ssl->options.serverState = SERVER_CERT_COMPLETE;
wolfSSL 11:cee25a834751 11597 }
wolfSSL 11:cee25a834751 11598
wolfSSL 11:cee25a834751 11599 return ret;
wolfSSL 11:cee25a834751 11600 }
wolfSSL 11:cee25a834751 11601
wolfSSL 11:cee25a834751 11602
wolfSSL 11:cee25a834751 11603 int SendCertificateRequest(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 11604 {
wolfSSL 11:cee25a834751 11605 byte *output;
wolfSSL 11:cee25a834751 11606 int ret;
wolfSSL 11:cee25a834751 11607 int sendSz;
wolfSSL 11:cee25a834751 11608 word32 i = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
wolfSSL 11:cee25a834751 11609
wolfSSL 11:cee25a834751 11610 int typeTotal = 1; /* only 1 for now */
wolfSSL 11:cee25a834751 11611 int reqSz = ENUM_LEN + typeTotal + REQ_HEADER_SZ; /* add auth later */
wolfSSL 11:cee25a834751 11612
wolfSSL 11:cee25a834751 11613 if (IsAtLeastTLSv1_2(ssl))
wolfSSL 11:cee25a834751 11614 reqSz += LENGTH_SZ + ssl->suites->hashSigAlgoSz;
wolfSSL 11:cee25a834751 11615
wolfSSL 11:cee25a834751 11616 if (ssl->options.usingPSK_cipher || ssl->options.usingAnon_cipher)
wolfSSL 11:cee25a834751 11617 return 0; /* not needed */
wolfSSL 11:cee25a834751 11618
wolfSSL 11:cee25a834751 11619 sendSz = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ + reqSz;
wolfSSL 11:cee25a834751 11620
wolfSSL 11:cee25a834751 11621 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 11622 if (ssl->options.dtls) {
wolfSSL 11:cee25a834751 11623 sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL 11:cee25a834751 11624 i += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL 11:cee25a834751 11625 }
wolfSSL 11:cee25a834751 11626 #endif
wolfSSL 11:cee25a834751 11627 /* check for available size */
wolfSSL 11:cee25a834751 11628 if ((ret = CheckAvailableSize(ssl, sendSz)) != 0)
wolfSSL 11:cee25a834751 11629 return ret;
wolfSSL 11:cee25a834751 11630
wolfSSL 11:cee25a834751 11631 /* get output buffer */
wolfSSL 11:cee25a834751 11632 output = ssl->buffers.outputBuffer.buffer +
wolfSSL 11:cee25a834751 11633 ssl->buffers.outputBuffer.length;
wolfSSL 11:cee25a834751 11634
wolfSSL 11:cee25a834751 11635 AddHeaders(output, reqSz, certificate_request, ssl);
wolfSSL 11:cee25a834751 11636
wolfSSL 11:cee25a834751 11637 /* write to output */
wolfSSL 11:cee25a834751 11638 output[i++] = (byte)typeTotal; /* # of types */
wolfSSL 11:cee25a834751 11639 #ifdef HAVE_ECC
wolfSSL 11:cee25a834751 11640 if ((ssl->options.cipherSuite0 == ECC_BYTE ||
wolfSSL 11:cee25a834751 11641 ssl->options.cipherSuite0 == CHACHA_BYTE) &&
wolfSSL 11:cee25a834751 11642 ssl->specs.sig_algo == ecc_dsa_sa_algo) {
wolfSSL 11:cee25a834751 11643 output[i++] = ecdsa_sign;
wolfSSL 11:cee25a834751 11644 } else
wolfSSL 11:cee25a834751 11645 #endif /* HAVE_ECC */
wolfSSL 11:cee25a834751 11646 {
wolfSSL 11:cee25a834751 11647 output[i++] = rsa_sign;
wolfSSL 11:cee25a834751 11648 }
wolfSSL 11:cee25a834751 11649
wolfSSL 11:cee25a834751 11650 /* supported hash/sig */
wolfSSL 11:cee25a834751 11651 if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL 11:cee25a834751 11652 c16toa(ssl->suites->hashSigAlgoSz, &output[i]);
wolfSSL 11:cee25a834751 11653 i += LENGTH_SZ;
wolfSSL 11:cee25a834751 11654
wolfSSL 11:cee25a834751 11655 XMEMCPY(&output[i],
wolfSSL 11:cee25a834751 11656 ssl->suites->hashSigAlgo, ssl->suites->hashSigAlgoSz);
wolfSSL 11:cee25a834751 11657 i += ssl->suites->hashSigAlgoSz;
wolfSSL 11:cee25a834751 11658 }
wolfSSL 11:cee25a834751 11659
wolfSSL 11:cee25a834751 11660 c16toa(0, &output[i]); /* auth's */
wolfSSL 11:cee25a834751 11661 /* if add more to output, adjust i
wolfSSL 11:cee25a834751 11662 i += REQ_HEADER_SZ; */
wolfSSL 11:cee25a834751 11663
wolfSSL 11:cee25a834751 11664 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 11665 if (IsDtlsNotSctpMode(ssl)) {
wolfSSL 11:cee25a834751 11666 if ((ret = DtlsMsgPoolSave(ssl, output, sendSz)) != 0)
wolfSSL 11:cee25a834751 11667 return ret;
wolfSSL 11:cee25a834751 11668 }
wolfSSL 11:cee25a834751 11669 if (ssl->options.dtls)
wolfSSL 11:cee25a834751 11670 DtlsSEQIncrement(ssl, CUR_ORDER);
wolfSSL 11:cee25a834751 11671 #endif
wolfSSL 11:cee25a834751 11672
wolfSSL 11:cee25a834751 11673 ret = HashOutput(ssl, output, sendSz, 0);
wolfSSL 11:cee25a834751 11674 if (ret != 0)
wolfSSL 11:cee25a834751 11675 return ret;
wolfSSL 11:cee25a834751 11676
wolfSSL 11:cee25a834751 11677 #ifdef WOLFSSL_CALLBACKS
wolfSSL 11:cee25a834751 11678 if (ssl->hsInfoOn)
wolfSSL 11:cee25a834751 11679 AddPacketName("CertificateRequest", &ssl->handShakeInfo);
wolfSSL 11:cee25a834751 11680 if (ssl->toInfoOn)
wolfSSL 11:cee25a834751 11681 AddPacketInfo("CertificateRequest", &ssl->timeoutInfo, output,
wolfSSL 11:cee25a834751 11682 sendSz, ssl->heap);
wolfSSL 11:cee25a834751 11683 #endif
wolfSSL 11:cee25a834751 11684 ssl->buffers.outputBuffer.length += sendSz;
wolfSSL 11:cee25a834751 11685 if (ssl->options.groupMessages)
wolfSSL 11:cee25a834751 11686 return 0;
wolfSSL 11:cee25a834751 11687 else
wolfSSL 11:cee25a834751 11688 return SendBuffered(ssl);
wolfSSL 11:cee25a834751 11689 }
wolfSSL 11:cee25a834751 11690
wolfSSL 11:cee25a834751 11691 #ifndef NO_WOLFSSL_SERVER
wolfSSL 11:cee25a834751 11692 #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
wolfSSL 11:cee25a834751 11693 || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
wolfSSL 11:cee25a834751 11694 static int BuildCertificateStatus(WOLFSSL* ssl, byte type, buffer* status,
wolfSSL 11:cee25a834751 11695 byte count)
wolfSSL 11:cee25a834751 11696 {
wolfSSL 11:cee25a834751 11697 byte* output = NULL;
wolfSSL 11:cee25a834751 11698 word32 idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
wolfSSL 11:cee25a834751 11699 word32 length = ENUM_LEN;
wolfSSL 11:cee25a834751 11700 int sendSz = 0;
wolfSSL 11:cee25a834751 11701 int ret = 0;
wolfSSL 11:cee25a834751 11702 int i = 0;
wolfSSL 11:cee25a834751 11703
wolfSSL 11:cee25a834751 11704 WOLFSSL_ENTER("BuildCertificateStatus");
wolfSSL 11:cee25a834751 11705
wolfSSL 11:cee25a834751 11706 switch (type) {
wolfSSL 11:cee25a834751 11707 case WOLFSSL_CSR2_OCSP_MULTI:
wolfSSL 11:cee25a834751 11708 length += OPAQUE24_LEN;
wolfSSL 11:cee25a834751 11709 /* followed by */
wolfSSL 11:cee25a834751 11710
wolfSSL 11:cee25a834751 11711 case WOLFSSL_CSR2_OCSP:
wolfSSL 11:cee25a834751 11712 for (i = 0; i < count; i++)
wolfSSL 11:cee25a834751 11713 length += OPAQUE24_LEN + status[i].length;
wolfSSL 11:cee25a834751 11714 break;
wolfSSL 11:cee25a834751 11715
wolfSSL 11:cee25a834751 11716 default:
wolfSSL 11:cee25a834751 11717 return 0;
wolfSSL 11:cee25a834751 11718 }
wolfSSL 11:cee25a834751 11719
wolfSSL 11:cee25a834751 11720 sendSz = idx + length;
wolfSSL 11:cee25a834751 11721
wolfSSL 11:cee25a834751 11722 if (ssl->keys.encryptionOn)
wolfSSL 11:cee25a834751 11723 sendSz += MAX_MSG_EXTRA;
wolfSSL 11:cee25a834751 11724
wolfSSL 11:cee25a834751 11725 if ((ret = CheckAvailableSize(ssl, sendSz)) == 0) {
wolfSSL 11:cee25a834751 11726 output = ssl->buffers.outputBuffer.buffer +
wolfSSL 11:cee25a834751 11727 ssl->buffers.outputBuffer.length;
wolfSSL 11:cee25a834751 11728
wolfSSL 11:cee25a834751 11729 AddHeaders(output, length, certificate_status, ssl);
wolfSSL 11:cee25a834751 11730
wolfSSL 11:cee25a834751 11731 output[idx++] = type;
wolfSSL 11:cee25a834751 11732
wolfSSL 11:cee25a834751 11733 if (type == WOLFSSL_CSR2_OCSP_MULTI) {
wolfSSL 11:cee25a834751 11734 c32to24(length - (ENUM_LEN + OPAQUE24_LEN), output + idx);
wolfSSL 11:cee25a834751 11735 idx += OPAQUE24_LEN;
wolfSSL 11:cee25a834751 11736 }
wolfSSL 11:cee25a834751 11737
wolfSSL 11:cee25a834751 11738 for (i = 0; i < count; i++) {
wolfSSL 11:cee25a834751 11739 c32to24(status[i].length, output + idx);
wolfSSL 11:cee25a834751 11740 idx += OPAQUE24_LEN;
wolfSSL 11:cee25a834751 11741
wolfSSL 11:cee25a834751 11742 XMEMCPY(output + idx, status[i].buffer, status[i].length);
wolfSSL 11:cee25a834751 11743 idx += status[i].length;
wolfSSL 11:cee25a834751 11744 }
wolfSSL 11:cee25a834751 11745
wolfSSL 11:cee25a834751 11746 if (IsEncryptionOn(ssl, 1)) {
wolfSSL 11:cee25a834751 11747 byte* input;
wolfSSL 11:cee25a834751 11748 int inputSz = idx - RECORD_HEADER_SZ;
wolfSSL 11:cee25a834751 11749
wolfSSL 11:cee25a834751 11750 input = (byte*)XMALLOC(inputSz, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 11751 if (input == NULL)
wolfSSL 11:cee25a834751 11752 return MEMORY_E;
wolfSSL 11:cee25a834751 11753
wolfSSL 11:cee25a834751 11754 XMEMCPY(input, output + RECORD_HEADER_SZ, inputSz);
wolfSSL 11:cee25a834751 11755 sendSz = BuildMessage(ssl, output, sendSz, input, inputSz,
wolfSSL 11:cee25a834751 11756 handshake, 1, 0, 0);
wolfSSL 11:cee25a834751 11757 XFREE(input, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 11758
wolfSSL 11:cee25a834751 11759 if (sendSz < 0)
wolfSSL 11:cee25a834751 11760 ret = sendSz;
wolfSSL 11:cee25a834751 11761 }
wolfSSL 11:cee25a834751 11762 else {
wolfSSL 11:cee25a834751 11763 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 11764 if (ssl->options.dtls)
wolfSSL 11:cee25a834751 11765 DtlsSEQIncrement(ssl, CUR_ORDER);
wolfSSL 11:cee25a834751 11766 #endif
wolfSSL 11:cee25a834751 11767 ret = HashOutput(ssl, output, sendSz, 0);
wolfSSL 11:cee25a834751 11768 }
wolfSSL 11:cee25a834751 11769
wolfSSL 11:cee25a834751 11770 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 11771 if (ret == 0 && IsDtlsNotSctpMode(ssl))
wolfSSL 11:cee25a834751 11772 ret = DtlsMsgPoolSave(ssl, output, sendSz);
wolfSSL 11:cee25a834751 11773 #endif
wolfSSL 11:cee25a834751 11774
wolfSSL 11:cee25a834751 11775 #ifdef WOLFSSL_CALLBACKS
wolfSSL 11:cee25a834751 11776 if (ret == 0 && ssl->hsInfoOn)
wolfSSL 11:cee25a834751 11777 AddPacketName("CertificateStatus", &ssl->handShakeInfo);
wolfSSL 11:cee25a834751 11778 if (ret == 0 && ssl->toInfoOn)
wolfSSL 11:cee25a834751 11779 AddPacketInfo("CertificateStatus", &ssl->timeoutInfo, output,
wolfSSL 11:cee25a834751 11780 sendSz, ssl->heap);
wolfSSL 11:cee25a834751 11781 #endif
wolfSSL 11:cee25a834751 11782
wolfSSL 11:cee25a834751 11783 if (ret == 0) {
wolfSSL 11:cee25a834751 11784 ssl->buffers.outputBuffer.length += sendSz;
wolfSSL 11:cee25a834751 11785 if (!ssl->options.groupMessages)
wolfSSL 11:cee25a834751 11786 ret = SendBuffered(ssl);
wolfSSL 11:cee25a834751 11787 }
wolfSSL 11:cee25a834751 11788 }
wolfSSL 11:cee25a834751 11789
wolfSSL 11:cee25a834751 11790 WOLFSSL_LEAVE("BuildCertificateStatus", ret);
wolfSSL 11:cee25a834751 11791 return ret;
wolfSSL 11:cee25a834751 11792 }
wolfSSL 11:cee25a834751 11793 #endif
wolfSSL 11:cee25a834751 11794 #endif /* NO_WOLFSSL_SERVER */
wolfSSL 11:cee25a834751 11795
wolfSSL 11:cee25a834751 11796
wolfSSL 11:cee25a834751 11797 int SendCertificateStatus(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 11798 {
wolfSSL 11:cee25a834751 11799 int ret = 0;
wolfSSL 11:cee25a834751 11800 byte status_type = 0;
wolfSSL 11:cee25a834751 11801
wolfSSL 11:cee25a834751 11802 WOLFSSL_ENTER("SendCertificateStatus");
wolfSSL 11:cee25a834751 11803
wolfSSL 11:cee25a834751 11804 (void) ssl;
wolfSSL 11:cee25a834751 11805
wolfSSL 11:cee25a834751 11806 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST
wolfSSL 11:cee25a834751 11807 status_type = ssl->status_request;
wolfSSL 11:cee25a834751 11808 #endif
wolfSSL 11:cee25a834751 11809
wolfSSL 11:cee25a834751 11810 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
wolfSSL 11:cee25a834751 11811 status_type = status_type ? status_type : ssl->status_request_v2;
wolfSSL 11:cee25a834751 11812 #endif
wolfSSL 11:cee25a834751 11813
wolfSSL 11:cee25a834751 11814 switch (status_type) {
wolfSSL 11:cee25a834751 11815
wolfSSL 11:cee25a834751 11816 #ifndef NO_WOLFSSL_SERVER
wolfSSL 11:cee25a834751 11817 #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
wolfSSL 11:cee25a834751 11818 || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
wolfSSL 11:cee25a834751 11819 /* case WOLFSSL_CSR_OCSP: */
wolfSSL 11:cee25a834751 11820 case WOLFSSL_CSR2_OCSP:
wolfSSL 11:cee25a834751 11821 {
wolfSSL 11:cee25a834751 11822 OcspRequest* request = ssl->ctx->certOcspRequest;
wolfSSL 11:cee25a834751 11823 buffer response;
wolfSSL 11:cee25a834751 11824
wolfSSL 11:cee25a834751 11825 XMEMSET(&response, 0, sizeof(response));
wolfSSL 11:cee25a834751 11826
wolfSSL 11:cee25a834751 11827 /* unable to fetch status. skip. */
wolfSSL 11:cee25a834751 11828 if (ssl->ctx->cm == NULL || ssl->ctx->cm->ocspStaplingEnabled == 0)
wolfSSL 11:cee25a834751 11829 return 0;
wolfSSL 11:cee25a834751 11830
wolfSSL 11:cee25a834751 11831 if (request == NULL || ssl->buffers.weOwnCert) {
wolfSSL 11:cee25a834751 11832 DerBuffer* der = ssl->buffers.certificate;
wolfSSL 11:cee25a834751 11833 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 11834 DecodedCert* cert = NULL;
wolfSSL 11:cee25a834751 11835 #else
wolfSSL 11:cee25a834751 11836 DecodedCert cert[1];
wolfSSL 11:cee25a834751 11837 #endif
wolfSSL 11:cee25a834751 11838
wolfSSL 11:cee25a834751 11839 /* unable to fetch status. skip. */
wolfSSL 11:cee25a834751 11840 if (der->buffer == NULL || der->length == 0)
wolfSSL 11:cee25a834751 11841 return 0;
wolfSSL 11:cee25a834751 11842
wolfSSL 11:cee25a834751 11843 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 11844 cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), ssl->heap,
wolfSSL 11:cee25a834751 11845 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 11846 if (cert == NULL)
wolfSSL 11:cee25a834751 11847 return MEMORY_E;
wolfSSL 11:cee25a834751 11848 #endif
wolfSSL 11:cee25a834751 11849
wolfSSL 11:cee25a834751 11850 InitDecodedCert(cert, der->buffer, der->length, ssl->heap);
wolfSSL 11:cee25a834751 11851 /* TODO: Setup async support here */
wolfSSL 11:cee25a834751 11852 if ((ret = ParseCertRelative(cert, CERT_TYPE, VERIFY,
wolfSSL 11:cee25a834751 11853 ssl->ctx->cm)) != 0) {
wolfSSL 11:cee25a834751 11854 WOLFSSL_MSG("ParseCert failed");
wolfSSL 11:cee25a834751 11855 }
wolfSSL 11:cee25a834751 11856 else {
wolfSSL 11:cee25a834751 11857 request = (OcspRequest*)XMALLOC(sizeof(OcspRequest),
wolfSSL 11:cee25a834751 11858 ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
wolfSSL 11:cee25a834751 11859 if (request) {
wolfSSL 11:cee25a834751 11860 ret = InitOcspRequest(request, cert, 0, ssl->heap);
wolfSSL 11:cee25a834751 11861 if (ret == 0) {
wolfSSL 11:cee25a834751 11862 /* make sure ctx OCSP request is updated */
wolfSSL 11:cee25a834751 11863 if (!ssl->buffers.weOwnCert) {
wolfSSL 11:cee25a834751 11864 wolfSSL_Mutex* ocspLock =
wolfSSL 11:cee25a834751 11865 &ssl->ctx->cm->ocsp_stapling->ocspLock;
wolfSSL 11:cee25a834751 11866 if (wc_LockMutex(ocspLock) == 0) {
wolfSSL 11:cee25a834751 11867 if (ssl->ctx->certOcspRequest == NULL)
wolfSSL 11:cee25a834751 11868 ssl->ctx->certOcspRequest = request;
wolfSSL 11:cee25a834751 11869 wc_UnLockMutex(ocspLock);
wolfSSL 11:cee25a834751 11870 }
wolfSSL 11:cee25a834751 11871 }
wolfSSL 11:cee25a834751 11872 }
wolfSSL 11:cee25a834751 11873 else {
wolfSSL 11:cee25a834751 11874 XFREE(request, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
wolfSSL 11:cee25a834751 11875 request = NULL;
wolfSSL 11:cee25a834751 11876 }
wolfSSL 11:cee25a834751 11877 }
wolfSSL 11:cee25a834751 11878 else {
wolfSSL 11:cee25a834751 11879 ret = MEMORY_E;
wolfSSL 11:cee25a834751 11880 }
wolfSSL 11:cee25a834751 11881 }
wolfSSL 11:cee25a834751 11882
wolfSSL 11:cee25a834751 11883 FreeDecodedCert(cert);
wolfSSL 11:cee25a834751 11884
wolfSSL 11:cee25a834751 11885 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 11886 XFREE(cert, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 11887 #endif
wolfSSL 11:cee25a834751 11888 }
wolfSSL 11:cee25a834751 11889
wolfSSL 11:cee25a834751 11890 if (ret == 0) {
wolfSSL 11:cee25a834751 11891 #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
wolfSSL 11:cee25a834751 11892 request->ssl = ssl;
wolfSSL 11:cee25a834751 11893 #endif
wolfSSL 11:cee25a834751 11894 ret = CheckOcspRequest(ssl->ctx->cm->ocsp_stapling, request,
wolfSSL 11:cee25a834751 11895 &response);
wolfSSL 11:cee25a834751 11896
wolfSSL 11:cee25a834751 11897 /* Suppressing, not critical */
wolfSSL 11:cee25a834751 11898 if (ret == OCSP_CERT_REVOKED ||
wolfSSL 11:cee25a834751 11899 ret == OCSP_CERT_UNKNOWN ||
wolfSSL 11:cee25a834751 11900 ret == OCSP_LOOKUP_FAIL) {
wolfSSL 11:cee25a834751 11901 ret = 0;
wolfSSL 11:cee25a834751 11902 }
wolfSSL 11:cee25a834751 11903
wolfSSL 11:cee25a834751 11904 if (response.buffer) {
wolfSSL 11:cee25a834751 11905 if (ret == 0)
wolfSSL 11:cee25a834751 11906 ret = BuildCertificateStatus(ssl, status_type,
wolfSSL 11:cee25a834751 11907 &response, 1);
wolfSSL 11:cee25a834751 11908
wolfSSL 11:cee25a834751 11909 XFREE(response.buffer, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 11910 }
wolfSSL 11:cee25a834751 11911
wolfSSL 11:cee25a834751 11912 }
wolfSSL 11:cee25a834751 11913
wolfSSL 11:cee25a834751 11914 if (request != ssl->ctx->certOcspRequest)
wolfSSL 11:cee25a834751 11915 XFREE(request, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
wolfSSL 11:cee25a834751 11916
wolfSSL 11:cee25a834751 11917 break;
wolfSSL 11:cee25a834751 11918 }
wolfSSL 11:cee25a834751 11919
wolfSSL 11:cee25a834751 11920 #endif /* HAVE_CERTIFICATE_STATUS_REQUEST */
wolfSSL 11:cee25a834751 11921 /* HAVE_CERTIFICATE_STATUS_REQUEST_V2 */
wolfSSL 11:cee25a834751 11922
wolfSSL 11:cee25a834751 11923 #if defined HAVE_CERTIFICATE_STATUS_REQUEST_V2
wolfSSL 11:cee25a834751 11924 case WOLFSSL_CSR2_OCSP_MULTI:
wolfSSL 11:cee25a834751 11925 {
wolfSSL 11:cee25a834751 11926 OcspRequest* request = ssl->ctx->certOcspRequest;
wolfSSL 11:cee25a834751 11927 buffer responses[1 + MAX_CHAIN_DEPTH];
wolfSSL 11:cee25a834751 11928 int i = 0;
wolfSSL 11:cee25a834751 11929
wolfSSL 11:cee25a834751 11930 XMEMSET(responses, 0, sizeof(responses));
wolfSSL 11:cee25a834751 11931
wolfSSL 11:cee25a834751 11932 /* unable to fetch status. skip. */
wolfSSL 11:cee25a834751 11933 if (ssl->ctx->cm == NULL || ssl->ctx->cm->ocspStaplingEnabled == 0)
wolfSSL 11:cee25a834751 11934 return 0;
wolfSSL 11:cee25a834751 11935
wolfSSL 11:cee25a834751 11936 if (!request || ssl->buffers.weOwnCert) {
wolfSSL 11:cee25a834751 11937 DerBuffer* der = ssl->buffers.certificate;
wolfSSL 11:cee25a834751 11938 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 11939 DecodedCert* cert = NULL;
wolfSSL 11:cee25a834751 11940 #else
wolfSSL 11:cee25a834751 11941 DecodedCert cert[1];
wolfSSL 11:cee25a834751 11942 #endif
wolfSSL 11:cee25a834751 11943
wolfSSL 11:cee25a834751 11944 /* unable to fetch status. skip. */
wolfSSL 11:cee25a834751 11945 if (der->buffer == NULL || der->length == 0)
wolfSSL 11:cee25a834751 11946 return 0;
wolfSSL 11:cee25a834751 11947
wolfSSL 11:cee25a834751 11948 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 11949 cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), ssl->heap,
wolfSSL 11:cee25a834751 11950 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 11951 if (cert == NULL)
wolfSSL 11:cee25a834751 11952 return MEMORY_E;
wolfSSL 11:cee25a834751 11953 #endif
wolfSSL 11:cee25a834751 11954
wolfSSL 11:cee25a834751 11955 InitDecodedCert(cert, der->buffer, der->length, ssl->heap);
wolfSSL 11:cee25a834751 11956 /* TODO: Setup async support here */
wolfSSL 11:cee25a834751 11957 if ((ret = ParseCertRelative(cert, CERT_TYPE, VERIFY,
wolfSSL 11:cee25a834751 11958 ssl->ctx->cm)) != 0) {
wolfSSL 11:cee25a834751 11959 WOLFSSL_MSG("ParseCert failed");
wolfSSL 11:cee25a834751 11960 }
wolfSSL 11:cee25a834751 11961 else {
wolfSSL 11:cee25a834751 11962 request = (OcspRequest*)XMALLOC(sizeof(OcspRequest),
wolfSSL 11:cee25a834751 11963 ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
wolfSSL 11:cee25a834751 11964 if (request) {
wolfSSL 11:cee25a834751 11965 ret = InitOcspRequest(request, cert, 0, ssl->heap);
wolfSSL 11:cee25a834751 11966 if (ret == 0) {
wolfSSL 11:cee25a834751 11967 /* make sure ctx OCSP request is updated */
wolfSSL 11:cee25a834751 11968 if (!ssl->buffers.weOwnCert) {
wolfSSL 11:cee25a834751 11969 wolfSSL_Mutex* ocspLock =
wolfSSL 11:cee25a834751 11970 &ssl->ctx->cm->ocsp_stapling->ocspLock;
wolfSSL 11:cee25a834751 11971 if (wc_LockMutex(ocspLock) == 0) {
wolfSSL 11:cee25a834751 11972 if (ssl->ctx->certOcspRequest == NULL)
wolfSSL 11:cee25a834751 11973 ssl->ctx->certOcspRequest = request;
wolfSSL 11:cee25a834751 11974 wc_UnLockMutex(ocspLock);
wolfSSL 11:cee25a834751 11975 }
wolfSSL 11:cee25a834751 11976 }
wolfSSL 11:cee25a834751 11977 }
wolfSSL 11:cee25a834751 11978 else {
wolfSSL 11:cee25a834751 11979 XFREE(request, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
wolfSSL 11:cee25a834751 11980 request = NULL;
wolfSSL 11:cee25a834751 11981 }
wolfSSL 11:cee25a834751 11982 }
wolfSSL 11:cee25a834751 11983 else {
wolfSSL 11:cee25a834751 11984 ret = MEMORY_E;
wolfSSL 11:cee25a834751 11985 }
wolfSSL 11:cee25a834751 11986 }
wolfSSL 11:cee25a834751 11987
wolfSSL 11:cee25a834751 11988 FreeDecodedCert(cert);
wolfSSL 11:cee25a834751 11989
wolfSSL 11:cee25a834751 11990 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 11991 XFREE(cert, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 11992 #endif
wolfSSL 11:cee25a834751 11993 }
wolfSSL 11:cee25a834751 11994
wolfSSL 11:cee25a834751 11995 if (ret == 0) {
wolfSSL 11:cee25a834751 11996 #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
wolfSSL 11:cee25a834751 11997 request->ssl = ssl;
wolfSSL 11:cee25a834751 11998 #endif
wolfSSL 11:cee25a834751 11999 ret = CheckOcspRequest(ssl->ctx->cm->ocsp_stapling, request,
wolfSSL 11:cee25a834751 12000 &responses[0]);
wolfSSL 11:cee25a834751 12001
wolfSSL 11:cee25a834751 12002 /* Suppressing, not critical */
wolfSSL 11:cee25a834751 12003 if (ret == OCSP_CERT_REVOKED ||
wolfSSL 11:cee25a834751 12004 ret == OCSP_CERT_UNKNOWN ||
wolfSSL 11:cee25a834751 12005 ret == OCSP_LOOKUP_FAIL) {
wolfSSL 11:cee25a834751 12006 ret = 0;
wolfSSL 11:cee25a834751 12007 }
wolfSSL 11:cee25a834751 12008 }
wolfSSL 11:cee25a834751 12009
wolfSSL 11:cee25a834751 12010 if (request != ssl->ctx->certOcspRequest)
wolfSSL 11:cee25a834751 12011 XFREE(request, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
wolfSSL 11:cee25a834751 12012
wolfSSL 11:cee25a834751 12013 if (ret == 0 && (!ssl->ctx->chainOcspRequest[0]
wolfSSL 11:cee25a834751 12014 || ssl->buffers.weOwnCertChain)) {
wolfSSL 11:cee25a834751 12015 buffer der;
wolfSSL 11:cee25a834751 12016 word32 idx = 0;
wolfSSL 11:cee25a834751 12017 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 12018 DecodedCert* cert = NULL;
wolfSSL 11:cee25a834751 12019 #else
wolfSSL 11:cee25a834751 12020 DecodedCert cert[1];
wolfSSL 11:cee25a834751 12021 #endif
wolfSSL 11:cee25a834751 12022
wolfSSL 11:cee25a834751 12023 XMEMSET(&der, 0, sizeof(buffer));
wolfSSL 11:cee25a834751 12024
wolfSSL 11:cee25a834751 12025 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 12026 cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), ssl->heap,
wolfSSL 11:cee25a834751 12027 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 12028 if (cert == NULL)
wolfSSL 11:cee25a834751 12029 return MEMORY_E;
wolfSSL 11:cee25a834751 12030 #endif
wolfSSL 11:cee25a834751 12031
wolfSSL 11:cee25a834751 12032 while (idx + OPAQUE24_LEN < ssl->buffers.certChain->length) {
wolfSSL 11:cee25a834751 12033 c24to32(ssl->buffers.certChain->buffer + idx, &der.length);
wolfSSL 11:cee25a834751 12034 idx += OPAQUE24_LEN;
wolfSSL 11:cee25a834751 12035
wolfSSL 11:cee25a834751 12036 der.buffer = ssl->buffers.certChain->buffer + idx;
wolfSSL 11:cee25a834751 12037 idx += der.length;
wolfSSL 11:cee25a834751 12038
wolfSSL 11:cee25a834751 12039 if (idx > ssl->buffers.certChain->length)
wolfSSL 11:cee25a834751 12040 break;
wolfSSL 11:cee25a834751 12041
wolfSSL 11:cee25a834751 12042 InitDecodedCert(cert, der.buffer, der.length, ssl->heap);
wolfSSL 11:cee25a834751 12043 /* TODO: Setup async support here */
wolfSSL 11:cee25a834751 12044 if ((ret = ParseCertRelative(cert, CERT_TYPE, VERIFY,
wolfSSL 11:cee25a834751 12045 ssl->ctx->cm)) != 0) {
wolfSSL 11:cee25a834751 12046 WOLFSSL_MSG("ParseCert failed");
wolfSSL 11:cee25a834751 12047 break;
wolfSSL 11:cee25a834751 12048 }
wolfSSL 11:cee25a834751 12049 else {
wolfSSL 11:cee25a834751 12050 request = (OcspRequest*)XMALLOC(sizeof(OcspRequest),
wolfSSL 11:cee25a834751 12051 ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
wolfSSL 11:cee25a834751 12052 if (request == NULL) {
wolfSSL 11:cee25a834751 12053 FreeDecodedCert(cert);
wolfSSL 11:cee25a834751 12054
wolfSSL 11:cee25a834751 12055 ret = MEMORY_E;
wolfSSL 11:cee25a834751 12056 break;
wolfSSL 11:cee25a834751 12057 }
wolfSSL 11:cee25a834751 12058
wolfSSL 11:cee25a834751 12059 ret = InitOcspRequest(request, cert, 0, ssl->heap);
wolfSSL 11:cee25a834751 12060 if (ret == 0) {
wolfSSL 11:cee25a834751 12061 /* make sure ctx OCSP request is updated */
wolfSSL 11:cee25a834751 12062 if (!ssl->buffers.weOwnCertChain) {
wolfSSL 11:cee25a834751 12063 wolfSSL_Mutex* ocspLock =
wolfSSL 11:cee25a834751 12064 &ssl->ctx->cm->ocsp_stapling->ocspLock;
wolfSSL 11:cee25a834751 12065 if (wc_LockMutex(ocspLock) == 0) {
wolfSSL 11:cee25a834751 12066 if (ssl->ctx->chainOcspRequest[i] == NULL)
wolfSSL 11:cee25a834751 12067 ssl->ctx->chainOcspRequest[i] = request;
wolfSSL 11:cee25a834751 12068 wc_UnLockMutex(ocspLock);
wolfSSL 11:cee25a834751 12069 }
wolfSSL 11:cee25a834751 12070 }
wolfSSL 11:cee25a834751 12071 }
wolfSSL 11:cee25a834751 12072 else {
wolfSSL 11:cee25a834751 12073 FreeDecodedCert(cert);
wolfSSL 11:cee25a834751 12074 XFREE(request, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
wolfSSL 11:cee25a834751 12075 request = NULL;
wolfSSL 11:cee25a834751 12076 break;
wolfSSL 11:cee25a834751 12077 }
wolfSSL 11:cee25a834751 12078
wolfSSL 11:cee25a834751 12079 #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
wolfSSL 11:cee25a834751 12080 request->ssl = ssl;
wolfSSL 11:cee25a834751 12081 #endif
wolfSSL 11:cee25a834751 12082 ret = CheckOcspRequest(ssl->ctx->cm->ocsp_stapling,
wolfSSL 11:cee25a834751 12083 request, &responses[i + 1]);
wolfSSL 11:cee25a834751 12084
wolfSSL 11:cee25a834751 12085 /* Suppressing, not critical */
wolfSSL 11:cee25a834751 12086 if (ret == OCSP_CERT_REVOKED ||
wolfSSL 11:cee25a834751 12087 ret == OCSP_CERT_UNKNOWN ||
wolfSSL 11:cee25a834751 12088 ret == OCSP_LOOKUP_FAIL) {
wolfSSL 11:cee25a834751 12089 ret = 0;
wolfSSL 11:cee25a834751 12090 }
wolfSSL 11:cee25a834751 12091
wolfSSL 11:cee25a834751 12092 if (request != ssl->ctx->chainOcspRequest[i])
wolfSSL 11:cee25a834751 12093 XFREE(request, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);
wolfSSL 11:cee25a834751 12094
wolfSSL 11:cee25a834751 12095 i++;
wolfSSL 11:cee25a834751 12096 }
wolfSSL 11:cee25a834751 12097
wolfSSL 11:cee25a834751 12098 FreeDecodedCert(cert);
wolfSSL 11:cee25a834751 12099 }
wolfSSL 11:cee25a834751 12100
wolfSSL 11:cee25a834751 12101 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 12102 XFREE(cert, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 12103 #endif
wolfSSL 11:cee25a834751 12104 }
wolfSSL 11:cee25a834751 12105 else {
wolfSSL 11:cee25a834751 12106 while (ret == 0 &&
wolfSSL 11:cee25a834751 12107 NULL != (request = ssl->ctx->chainOcspRequest[i])) {
wolfSSL 11:cee25a834751 12108 #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
wolfSSL 11:cee25a834751 12109 request->ssl = ssl;
wolfSSL 11:cee25a834751 12110 #endif
wolfSSL 11:cee25a834751 12111 ret = CheckOcspRequest(ssl->ctx->cm->ocsp_stapling,
wolfSSL 11:cee25a834751 12112 request, &responses[++i]);
wolfSSL 11:cee25a834751 12113
wolfSSL 11:cee25a834751 12114 /* Suppressing, not critical */
wolfSSL 11:cee25a834751 12115 if (ret == OCSP_CERT_REVOKED ||
wolfSSL 11:cee25a834751 12116 ret == OCSP_CERT_UNKNOWN ||
wolfSSL 11:cee25a834751 12117 ret == OCSP_LOOKUP_FAIL) {
wolfSSL 11:cee25a834751 12118 ret = 0;
wolfSSL 11:cee25a834751 12119 }
wolfSSL 11:cee25a834751 12120 }
wolfSSL 11:cee25a834751 12121 }
wolfSSL 11:cee25a834751 12122
wolfSSL 11:cee25a834751 12123 if (responses[0].buffer) {
wolfSSL 11:cee25a834751 12124 if (ret == 0)
wolfSSL 11:cee25a834751 12125 ret = BuildCertificateStatus(ssl, status_type,
wolfSSL 11:cee25a834751 12126 responses, (byte)i + 1);
wolfSSL 11:cee25a834751 12127
wolfSSL 11:cee25a834751 12128 for (i = 0; i < 1 + MAX_CHAIN_DEPTH; i++)
wolfSSL 11:cee25a834751 12129 if (responses[i].buffer)
wolfSSL 11:cee25a834751 12130 XFREE(responses[i].buffer, ssl->heap,
wolfSSL 11:cee25a834751 12131 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 12132 }
wolfSSL 11:cee25a834751 12133
wolfSSL 11:cee25a834751 12134 break;
wolfSSL 11:cee25a834751 12135 }
wolfSSL 11:cee25a834751 12136 #endif /* HAVE_CERTIFICATE_STATUS_REQUEST_V2 */
wolfSSL 11:cee25a834751 12137 #endif /* NO_WOLFSSL_SERVER */
wolfSSL 11:cee25a834751 12138
wolfSSL 11:cee25a834751 12139 default:
wolfSSL 11:cee25a834751 12140 break;
wolfSSL 11:cee25a834751 12141 }
wolfSSL 11:cee25a834751 12142
wolfSSL 11:cee25a834751 12143 return ret;
wolfSSL 11:cee25a834751 12144 }
wolfSSL 11:cee25a834751 12145
wolfSSL 11:cee25a834751 12146 #endif /* !NO_CERTS */
wolfSSL 11:cee25a834751 12147
wolfSSL 11:cee25a834751 12148
wolfSSL 11:cee25a834751 12149 int SendData(WOLFSSL* ssl, const void* data, int sz)
wolfSSL 11:cee25a834751 12150 {
wolfSSL 11:cee25a834751 12151 int sent = 0, /* plainText size */
wolfSSL 11:cee25a834751 12152 sendSz,
wolfSSL 11:cee25a834751 12153 ret,
wolfSSL 11:cee25a834751 12154 dtlsExtra = 0;
wolfSSL 11:cee25a834751 12155
wolfSSL 11:cee25a834751 12156 if (ssl->error == WANT_WRITE || ssl->error == WC_PENDING_E)
wolfSSL 11:cee25a834751 12157 ssl->error = 0;
wolfSSL 11:cee25a834751 12158
wolfSSL 11:cee25a834751 12159 if (ssl->options.handShakeState != HANDSHAKE_DONE) {
wolfSSL 11:cee25a834751 12160 int err;
wolfSSL 11:cee25a834751 12161 WOLFSSL_MSG("handshake not complete, trying to finish");
wolfSSL 11:cee25a834751 12162 if ( (err = wolfSSL_negotiate(ssl)) != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 12163 /* if async would block return WANT_WRITE */
wolfSSL 11:cee25a834751 12164 if (ssl->error == WC_PENDING_E) {
wolfSSL 11:cee25a834751 12165 return WOLFSSL_CBIO_ERR_WANT_WRITE;
wolfSSL 11:cee25a834751 12166 }
wolfSSL 11:cee25a834751 12167 return err;
wolfSSL 11:cee25a834751 12168 }
wolfSSL 11:cee25a834751 12169 }
wolfSSL 11:cee25a834751 12170
wolfSSL 11:cee25a834751 12171 /* last time system socket output buffer was full, try again to send */
wolfSSL 11:cee25a834751 12172 if (ssl->buffers.outputBuffer.length > 0) {
wolfSSL 11:cee25a834751 12173 WOLFSSL_MSG("output buffer was full, trying to send again");
wolfSSL 11:cee25a834751 12174 if ( (ssl->error = SendBuffered(ssl)) < 0) {
wolfSSL 11:cee25a834751 12175 WOLFSSL_ERROR(ssl->error);
wolfSSL 11:cee25a834751 12176 if (ssl->error == SOCKET_ERROR_E && ssl->options.connReset)
wolfSSL 11:cee25a834751 12177 return 0; /* peer reset */
wolfSSL 11:cee25a834751 12178 return ssl->error;
wolfSSL 11:cee25a834751 12179 }
wolfSSL 11:cee25a834751 12180 else {
wolfSSL 11:cee25a834751 12181 /* advance sent to previous sent + plain size just sent */
wolfSSL 11:cee25a834751 12182 sent = ssl->buffers.prevSent + ssl->buffers.plainSz;
wolfSSL 11:cee25a834751 12183 WOLFSSL_MSG("sent write buffered data");
wolfSSL 11:cee25a834751 12184
wolfSSL 11:cee25a834751 12185 if (sent > sz) {
wolfSSL 11:cee25a834751 12186 WOLFSSL_MSG("error: write() after WANT_WRITE with short size");
wolfSSL 11:cee25a834751 12187 return ssl->error = BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 12188 }
wolfSSL 11:cee25a834751 12189 }
wolfSSL 11:cee25a834751 12190 }
wolfSSL 11:cee25a834751 12191
wolfSSL 11:cee25a834751 12192 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 12193 if (ssl->options.dtls) {
wolfSSL 11:cee25a834751 12194 dtlsExtra = DTLS_RECORD_EXTRA;
wolfSSL 11:cee25a834751 12195 }
wolfSSL 11:cee25a834751 12196 #endif
wolfSSL 11:cee25a834751 12197
wolfSSL 11:cee25a834751 12198 for (;;) {
wolfSSL 11:cee25a834751 12199 int len;
wolfSSL 11:cee25a834751 12200 byte* out;
wolfSSL 11:cee25a834751 12201 byte* sendBuffer = (byte*)data + sent; /* may switch on comp */
wolfSSL 11:cee25a834751 12202 int buffSz; /* may switch on comp */
wolfSSL 11:cee25a834751 12203 int outputSz;
wolfSSL 11:cee25a834751 12204 #ifdef HAVE_LIBZ
wolfSSL 11:cee25a834751 12205 byte comp[MAX_RECORD_SIZE + MAX_COMP_EXTRA];
wolfSSL 11:cee25a834751 12206 #endif
wolfSSL 11:cee25a834751 12207
wolfSSL 11:cee25a834751 12208 if (sent == sz) break;
wolfSSL 11:cee25a834751 12209
wolfSSL 11:cee25a834751 12210 len = min(sz - sent, OUTPUT_RECORD_SIZE);
wolfSSL 11:cee25a834751 12211 #ifdef HAVE_MAX_FRAGMENT
wolfSSL 11:cee25a834751 12212 len = min(len, ssl->max_fragment);
wolfSSL 11:cee25a834751 12213 #endif
wolfSSL 11:cee25a834751 12214
wolfSSL 11:cee25a834751 12215 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 12216 if (IsDtlsNotSctpMode(ssl)) {
wolfSSL 11:cee25a834751 12217 len = min(len, MAX_UDP_SIZE);
wolfSSL 11:cee25a834751 12218 }
wolfSSL 11:cee25a834751 12219 #endif
wolfSSL 11:cee25a834751 12220 buffSz = len;
wolfSSL 11:cee25a834751 12221
wolfSSL 11:cee25a834751 12222 /* check for available size */
wolfSSL 11:cee25a834751 12223 outputSz = len + COMP_EXTRA + dtlsExtra + MAX_MSG_EXTRA;
wolfSSL 11:cee25a834751 12224 if ((ret = CheckAvailableSize(ssl, outputSz)) != 0)
wolfSSL 11:cee25a834751 12225 return ssl->error = ret;
wolfSSL 11:cee25a834751 12226
wolfSSL 11:cee25a834751 12227 /* get output buffer */
wolfSSL 11:cee25a834751 12228 out = ssl->buffers.outputBuffer.buffer +
wolfSSL 11:cee25a834751 12229 ssl->buffers.outputBuffer.length;
wolfSSL 11:cee25a834751 12230
wolfSSL 11:cee25a834751 12231 #ifdef HAVE_LIBZ
wolfSSL 11:cee25a834751 12232 if (ssl->options.usingCompression) {
wolfSSL 11:cee25a834751 12233 buffSz = myCompress(ssl, sendBuffer, buffSz, comp, sizeof(comp));
wolfSSL 11:cee25a834751 12234 if (buffSz < 0) {
wolfSSL 11:cee25a834751 12235 return buffSz;
wolfSSL 11:cee25a834751 12236 }
wolfSSL 11:cee25a834751 12237 sendBuffer = comp;
wolfSSL 11:cee25a834751 12238 }
wolfSSL 11:cee25a834751 12239 #endif
wolfSSL 11:cee25a834751 12240 sendSz = BuildMessage(ssl, out, outputSz, sendBuffer, buffSz,
wolfSSL 11:cee25a834751 12241 application_data, 0, 0, 1);
wolfSSL 11:cee25a834751 12242 if (sendSz < 0) {
wolfSSL 11:cee25a834751 12243 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 11:cee25a834751 12244 if (sendSz == WC_PENDING_E)
wolfSSL 11:cee25a834751 12245 ssl->error = sendSz;
wolfSSL 11:cee25a834751 12246 #endif
wolfSSL 11:cee25a834751 12247 return BUILD_MSG_ERROR;
wolfSSL 11:cee25a834751 12248 }
wolfSSL 11:cee25a834751 12249
wolfSSL 11:cee25a834751 12250 ssl->buffers.outputBuffer.length += sendSz;
wolfSSL 11:cee25a834751 12251
wolfSSL 11:cee25a834751 12252 if ( (ret = SendBuffered(ssl)) < 0) {
wolfSSL 11:cee25a834751 12253 WOLFSSL_ERROR(ret);
wolfSSL 11:cee25a834751 12254 /* store for next call if WANT_WRITE or user embedSend() that
wolfSSL 11:cee25a834751 12255 doesn't present like WANT_WRITE */
wolfSSL 11:cee25a834751 12256 ssl->buffers.plainSz = len;
wolfSSL 11:cee25a834751 12257 ssl->buffers.prevSent = sent;
wolfSSL 11:cee25a834751 12258 if (ret == SOCKET_ERROR_E && ssl->options.connReset)
wolfSSL 11:cee25a834751 12259 return 0; /* peer reset */
wolfSSL 11:cee25a834751 12260 return ssl->error = ret;
wolfSSL 11:cee25a834751 12261 }
wolfSSL 11:cee25a834751 12262
wolfSSL 11:cee25a834751 12263 sent += len;
wolfSSL 11:cee25a834751 12264
wolfSSL 11:cee25a834751 12265 /* only one message per attempt */
wolfSSL 11:cee25a834751 12266 if (ssl->options.partialWrite == 1) {
wolfSSL 11:cee25a834751 12267 WOLFSSL_MSG("Paritial Write on, only sending one record");
wolfSSL 11:cee25a834751 12268 break;
wolfSSL 11:cee25a834751 12269 }
wolfSSL 11:cee25a834751 12270 }
wolfSSL 11:cee25a834751 12271
wolfSSL 11:cee25a834751 12272 return sent;
wolfSSL 11:cee25a834751 12273 }
wolfSSL 11:cee25a834751 12274
wolfSSL 11:cee25a834751 12275 /* process input data */
wolfSSL 11:cee25a834751 12276 int ReceiveData(WOLFSSL* ssl, byte* output, int sz, int peek)
wolfSSL 11:cee25a834751 12277 {
wolfSSL 11:cee25a834751 12278 int size;
wolfSSL 11:cee25a834751 12279
wolfSSL 11:cee25a834751 12280 WOLFSSL_ENTER("ReceiveData()");
wolfSSL 11:cee25a834751 12281
wolfSSL 11:cee25a834751 12282 /* reset error state */
wolfSSL 11:cee25a834751 12283 if (ssl->error == WANT_READ || ssl->error == WC_PENDING_E) {
wolfSSL 11:cee25a834751 12284 ssl->error = 0;
wolfSSL 11:cee25a834751 12285 }
wolfSSL 11:cee25a834751 12286
wolfSSL 11:cee25a834751 12287 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 12288 if (ssl->options.dtls) {
wolfSSL 11:cee25a834751 12289 /* In DTLS mode, we forgive some errors and allow the session
wolfSSL 11:cee25a834751 12290 * to continue despite them. */
wolfSSL 11:cee25a834751 12291 if (ssl->error == VERIFY_MAC_ERROR || ssl->error == DECRYPT_ERROR)
wolfSSL 11:cee25a834751 12292 ssl->error = 0;
wolfSSL 11:cee25a834751 12293 }
wolfSSL 11:cee25a834751 12294 #endif /* WOLFSSL_DTLS */
wolfSSL 11:cee25a834751 12295
wolfSSL 11:cee25a834751 12296 if (ssl->error != 0 && ssl->error != WANT_WRITE) {
wolfSSL 11:cee25a834751 12297 WOLFSSL_MSG("User calling wolfSSL_read in error state, not allowed");
wolfSSL 11:cee25a834751 12298 return ssl->error;
wolfSSL 11:cee25a834751 12299 }
wolfSSL 11:cee25a834751 12300
wolfSSL 11:cee25a834751 12301 if (ssl->options.handShakeState != HANDSHAKE_DONE) {
wolfSSL 11:cee25a834751 12302 int err;
wolfSSL 11:cee25a834751 12303 WOLFSSL_MSG("Handshake not complete, trying to finish");
wolfSSL 11:cee25a834751 12304 if ( (err = wolfSSL_negotiate(ssl)) != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 12305 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 11:cee25a834751 12306 /* if async would block return WANT_WRITE */
wolfSSL 11:cee25a834751 12307 if (ssl->error == WC_PENDING_E) {
wolfSSL 11:cee25a834751 12308 return WOLFSSL_CBIO_ERR_WANT_READ;
wolfSSL 11:cee25a834751 12309 }
wolfSSL 11:cee25a834751 12310 #endif
wolfSSL 11:cee25a834751 12311 return err;
wolfSSL 11:cee25a834751 12312 }
wolfSSL 11:cee25a834751 12313 }
wolfSSL 11:cee25a834751 12314
wolfSSL 11:cee25a834751 12315 #ifdef HAVE_SECURE_RENEGOTIATION
wolfSSL 11:cee25a834751 12316 startScr:
wolfSSL 11:cee25a834751 12317 if (ssl->secure_renegotiation && ssl->secure_renegotiation->startScr) {
wolfSSL 11:cee25a834751 12318 int err;
wolfSSL 11:cee25a834751 12319 ssl->secure_renegotiation->startScr = 0; /* only start once */
wolfSSL 11:cee25a834751 12320 WOLFSSL_MSG("Need to start scr, server requested");
wolfSSL 11:cee25a834751 12321 if ( (err = wolfSSL_Rehandshake(ssl)) != SSL_SUCCESS)
wolfSSL 11:cee25a834751 12322 return err;
wolfSSL 11:cee25a834751 12323 }
wolfSSL 11:cee25a834751 12324 #endif
wolfSSL 11:cee25a834751 12325
wolfSSL 11:cee25a834751 12326 while (ssl->buffers.clearOutputBuffer.length == 0) {
wolfSSL 11:cee25a834751 12327 if ( (ssl->error = ProcessReply(ssl)) < 0) {
wolfSSL 11:cee25a834751 12328 WOLFSSL_ERROR(ssl->error);
wolfSSL 11:cee25a834751 12329 if (ssl->error == ZERO_RETURN) {
wolfSSL 11:cee25a834751 12330 WOLFSSL_MSG("Zero return, no more data coming");
wolfSSL 11:cee25a834751 12331 return 0; /* no more data coming */
wolfSSL 11:cee25a834751 12332 }
wolfSSL 11:cee25a834751 12333 if (ssl->error == SOCKET_ERROR_E) {
wolfSSL 11:cee25a834751 12334 if (ssl->options.connReset || ssl->options.isClosed) {
wolfSSL 11:cee25a834751 12335 WOLFSSL_MSG("Peer reset or closed, connection done");
wolfSSL 11:cee25a834751 12336 ssl->error = SOCKET_PEER_CLOSED_E;
wolfSSL 11:cee25a834751 12337 WOLFSSL_ERROR(ssl->error);
wolfSSL 11:cee25a834751 12338 return 0; /* peer reset or closed */
wolfSSL 11:cee25a834751 12339 }
wolfSSL 11:cee25a834751 12340 }
wolfSSL 11:cee25a834751 12341 return ssl->error;
wolfSSL 11:cee25a834751 12342 }
wolfSSL 11:cee25a834751 12343 #ifdef HAVE_SECURE_RENEGOTIATION
wolfSSL 11:cee25a834751 12344 if (ssl->secure_renegotiation &&
wolfSSL 11:cee25a834751 12345 ssl->secure_renegotiation->startScr) {
wolfSSL 11:cee25a834751 12346 goto startScr;
wolfSSL 11:cee25a834751 12347 }
wolfSSL 11:cee25a834751 12348 #endif
wolfSSL 11:cee25a834751 12349 }
wolfSSL 11:cee25a834751 12350
wolfSSL 11:cee25a834751 12351 if (sz < (int)ssl->buffers.clearOutputBuffer.length)
wolfSSL 11:cee25a834751 12352 size = sz;
wolfSSL 11:cee25a834751 12353 else
wolfSSL 11:cee25a834751 12354 size = ssl->buffers.clearOutputBuffer.length;
wolfSSL 11:cee25a834751 12355
wolfSSL 11:cee25a834751 12356 XMEMCPY(output, ssl->buffers.clearOutputBuffer.buffer, size);
wolfSSL 11:cee25a834751 12357
wolfSSL 11:cee25a834751 12358 if (peek == 0) {
wolfSSL 11:cee25a834751 12359 ssl->buffers.clearOutputBuffer.length -= size;
wolfSSL 11:cee25a834751 12360 ssl->buffers.clearOutputBuffer.buffer += size;
wolfSSL 11:cee25a834751 12361 }
wolfSSL 11:cee25a834751 12362
wolfSSL 11:cee25a834751 12363 if (ssl->buffers.clearOutputBuffer.length == 0 &&
wolfSSL 11:cee25a834751 12364 ssl->buffers.inputBuffer.dynamicFlag)
wolfSSL 11:cee25a834751 12365 ShrinkInputBuffer(ssl, NO_FORCED_FREE);
wolfSSL 11:cee25a834751 12366
wolfSSL 11:cee25a834751 12367 WOLFSSL_LEAVE("ReceiveData()", size);
wolfSSL 11:cee25a834751 12368 return size;
wolfSSL 11:cee25a834751 12369 }
wolfSSL 11:cee25a834751 12370
wolfSSL 11:cee25a834751 12371
wolfSSL 11:cee25a834751 12372 /* send alert message */
wolfSSL 11:cee25a834751 12373 int SendAlert(WOLFSSL* ssl, int severity, int type)
wolfSSL 11:cee25a834751 12374 {
wolfSSL 11:cee25a834751 12375 byte input[ALERT_SIZE];
wolfSSL 11:cee25a834751 12376 byte *output;
wolfSSL 11:cee25a834751 12377 int sendSz;
wolfSSL 11:cee25a834751 12378 int ret;
wolfSSL 11:cee25a834751 12379 int outputSz;
wolfSSL 11:cee25a834751 12380 int dtlsExtra = 0;
wolfSSL 11:cee25a834751 12381
wolfSSL 11:cee25a834751 12382 #ifdef HAVE_WRITE_DUP
wolfSSL 11:cee25a834751 12383 if (ssl->dupWrite && ssl->dupSide == READ_DUP_SIDE) {
wolfSSL 11:cee25a834751 12384 int notifyErr = 0;
wolfSSL 11:cee25a834751 12385
wolfSSL 11:cee25a834751 12386 WOLFSSL_MSG("Read dup side cannot write alerts, notifying sibling");
wolfSSL 11:cee25a834751 12387
wolfSSL 11:cee25a834751 12388 if (type == close_notify) {
wolfSSL 11:cee25a834751 12389 notifyErr = ZERO_RETURN;
wolfSSL 11:cee25a834751 12390 } else if (severity == alert_fatal) {
wolfSSL 11:cee25a834751 12391 notifyErr = FATAL_ERROR;
wolfSSL 11:cee25a834751 12392 }
wolfSSL 11:cee25a834751 12393
wolfSSL 11:cee25a834751 12394 if (notifyErr != 0) {
wolfSSL 11:cee25a834751 12395 return NotifyWriteSide(ssl, notifyErr);
wolfSSL 11:cee25a834751 12396 }
wolfSSL 11:cee25a834751 12397
wolfSSL 11:cee25a834751 12398 return 0;
wolfSSL 11:cee25a834751 12399 }
wolfSSL 11:cee25a834751 12400 #endif
wolfSSL 11:cee25a834751 12401
wolfSSL 11:cee25a834751 12402 /* if sendalert is called again for nonblocking */
wolfSSL 11:cee25a834751 12403 if (ssl->options.sendAlertState != 0) {
wolfSSL 11:cee25a834751 12404 ret = SendBuffered(ssl);
wolfSSL 11:cee25a834751 12405 if (ret == 0)
wolfSSL 11:cee25a834751 12406 ssl->options.sendAlertState = 0;
wolfSSL 11:cee25a834751 12407 return ret;
wolfSSL 11:cee25a834751 12408 }
wolfSSL 11:cee25a834751 12409
wolfSSL 11:cee25a834751 12410 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 12411 if (ssl->options.dtls)
wolfSSL 11:cee25a834751 12412 dtlsExtra = DTLS_RECORD_EXTRA;
wolfSSL 11:cee25a834751 12413 #endif
wolfSSL 11:cee25a834751 12414
wolfSSL 11:cee25a834751 12415 /* check for available size */
wolfSSL 11:cee25a834751 12416 outputSz = ALERT_SIZE + MAX_MSG_EXTRA + dtlsExtra;
wolfSSL 11:cee25a834751 12417 if ((ret = CheckAvailableSize(ssl, outputSz)) != 0)
wolfSSL 11:cee25a834751 12418 return ret;
wolfSSL 11:cee25a834751 12419
wolfSSL 11:cee25a834751 12420 /* get output buffer */
wolfSSL 11:cee25a834751 12421 output = ssl->buffers.outputBuffer.buffer +
wolfSSL 11:cee25a834751 12422 ssl->buffers.outputBuffer.length;
wolfSSL 11:cee25a834751 12423
wolfSSL 11:cee25a834751 12424 input[0] = (byte)severity;
wolfSSL 11:cee25a834751 12425 input[1] = (byte)type;
wolfSSL 11:cee25a834751 12426 ssl->alert_history.last_tx.code = type;
wolfSSL 11:cee25a834751 12427 ssl->alert_history.last_tx.level = severity;
wolfSSL 11:cee25a834751 12428 if (severity == alert_fatal) {
wolfSSL 11:cee25a834751 12429 ssl->options.isClosed = 1; /* Don't send close_notify */
wolfSSL 11:cee25a834751 12430 }
wolfSSL 11:cee25a834751 12431
wolfSSL 11:cee25a834751 12432 /* only send encrypted alert if handshake actually complete, otherwise
wolfSSL 11:cee25a834751 12433 other side may not be able to handle it */
wolfSSL 11:cee25a834751 12434 if (IsEncryptionOn(ssl, 1) && ssl->options.handShakeDone)
wolfSSL 11:cee25a834751 12435 sendSz = BuildMessage(ssl, output, outputSz, input, ALERT_SIZE,
wolfSSL 11:cee25a834751 12436 alert, 0, 0, 0);
wolfSSL 11:cee25a834751 12437 else {
wolfSSL 11:cee25a834751 12438
wolfSSL 11:cee25a834751 12439 AddRecordHeader(output, ALERT_SIZE, alert, ssl);
wolfSSL 11:cee25a834751 12440 output += RECORD_HEADER_SZ;
wolfSSL 11:cee25a834751 12441 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 12442 if (ssl->options.dtls)
wolfSSL 11:cee25a834751 12443 output += DTLS_RECORD_EXTRA;
wolfSSL 11:cee25a834751 12444 #endif
wolfSSL 11:cee25a834751 12445 XMEMCPY(output, input, ALERT_SIZE);
wolfSSL 11:cee25a834751 12446
wolfSSL 11:cee25a834751 12447 sendSz = RECORD_HEADER_SZ + ALERT_SIZE;
wolfSSL 11:cee25a834751 12448 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 12449 if (ssl->options.dtls)
wolfSSL 11:cee25a834751 12450 sendSz += DTLS_RECORD_EXTRA;
wolfSSL 11:cee25a834751 12451 #endif
wolfSSL 11:cee25a834751 12452 }
wolfSSL 11:cee25a834751 12453 if (sendSz < 0)
wolfSSL 11:cee25a834751 12454 return BUILD_MSG_ERROR;
wolfSSL 11:cee25a834751 12455
wolfSSL 11:cee25a834751 12456 #ifdef WOLFSSL_CALLBACKS
wolfSSL 11:cee25a834751 12457 if (ssl->hsInfoOn)
wolfSSL 11:cee25a834751 12458 AddPacketName("Alert", &ssl->handShakeInfo);
wolfSSL 11:cee25a834751 12459 if (ssl->toInfoOn)
wolfSSL 11:cee25a834751 12460 AddPacketInfo("Alert", &ssl->timeoutInfo, output, sendSz,ssl->heap);
wolfSSL 11:cee25a834751 12461 #endif
wolfSSL 11:cee25a834751 12462
wolfSSL 11:cee25a834751 12463 ssl->buffers.outputBuffer.length += sendSz;
wolfSSL 11:cee25a834751 12464 ssl->options.sendAlertState = 1;
wolfSSL 11:cee25a834751 12465
wolfSSL 11:cee25a834751 12466 return SendBuffered(ssl);
wolfSSL 11:cee25a834751 12467 }
wolfSSL 11:cee25a834751 12468
wolfSSL 11:cee25a834751 12469 const char* wolfSSL_ERR_reason_error_string(unsigned long e)
wolfSSL 11:cee25a834751 12470 {
wolfSSL 11:cee25a834751 12471 #ifdef NO_ERROR_STRINGS
wolfSSL 11:cee25a834751 12472
wolfSSL 11:cee25a834751 12473 (void)e;
wolfSSL 11:cee25a834751 12474 return "no support for error strings built in";
wolfSSL 11:cee25a834751 12475
wolfSSL 11:cee25a834751 12476 #else
wolfSSL 11:cee25a834751 12477
wolfSSL 11:cee25a834751 12478 int error = (int)e;
wolfSSL 11:cee25a834751 12479
wolfSSL 11:cee25a834751 12480 /* pass to wolfCrypt */
wolfSSL 11:cee25a834751 12481 if (error < MAX_CODE_E && error > MIN_CODE_E) {
wolfSSL 11:cee25a834751 12482 return wc_GetErrorString(error);
wolfSSL 11:cee25a834751 12483 }
wolfSSL 11:cee25a834751 12484
wolfSSL 11:cee25a834751 12485 switch (error) {
wolfSSL 11:cee25a834751 12486
wolfSSL 11:cee25a834751 12487 case UNSUPPORTED_SUITE :
wolfSSL 11:cee25a834751 12488 return "unsupported cipher suite";
wolfSSL 11:cee25a834751 12489
wolfSSL 11:cee25a834751 12490 case INPUT_CASE_ERROR :
wolfSSL 11:cee25a834751 12491 return "input state error";
wolfSSL 11:cee25a834751 12492
wolfSSL 11:cee25a834751 12493 case PREFIX_ERROR :
wolfSSL 11:cee25a834751 12494 return "bad index to key rounds";
wolfSSL 11:cee25a834751 12495
wolfSSL 11:cee25a834751 12496 case MEMORY_ERROR :
wolfSSL 11:cee25a834751 12497 return "out of memory";
wolfSSL 11:cee25a834751 12498
wolfSSL 11:cee25a834751 12499 case VERIFY_FINISHED_ERROR :
wolfSSL 11:cee25a834751 12500 return "verify problem on finished";
wolfSSL 11:cee25a834751 12501
wolfSSL 11:cee25a834751 12502 case VERIFY_MAC_ERROR :
wolfSSL 11:cee25a834751 12503 return "verify mac problem";
wolfSSL 11:cee25a834751 12504
wolfSSL 11:cee25a834751 12505 case PARSE_ERROR :
wolfSSL 11:cee25a834751 12506 return "parse error on header";
wolfSSL 11:cee25a834751 12507
wolfSSL 11:cee25a834751 12508 case SIDE_ERROR :
wolfSSL 11:cee25a834751 12509 return "wrong client/server type";
wolfSSL 11:cee25a834751 12510
wolfSSL 11:cee25a834751 12511 case NO_PEER_CERT :
wolfSSL 11:cee25a834751 12512 return "peer didn't send cert";
wolfSSL 11:cee25a834751 12513
wolfSSL 11:cee25a834751 12514 case UNKNOWN_HANDSHAKE_TYPE :
wolfSSL 11:cee25a834751 12515 return "weird handshake type";
wolfSSL 11:cee25a834751 12516
wolfSSL 11:cee25a834751 12517 case SOCKET_ERROR_E :
wolfSSL 11:cee25a834751 12518 return "error state on socket";
wolfSSL 11:cee25a834751 12519
wolfSSL 11:cee25a834751 12520 case SOCKET_NODATA :
wolfSSL 11:cee25a834751 12521 return "expected data, not there";
wolfSSL 11:cee25a834751 12522
wolfSSL 11:cee25a834751 12523 case INCOMPLETE_DATA :
wolfSSL 11:cee25a834751 12524 return "don't have enough data to complete task";
wolfSSL 11:cee25a834751 12525
wolfSSL 11:cee25a834751 12526 case UNKNOWN_RECORD_TYPE :
wolfSSL 11:cee25a834751 12527 return "unknown type in record hdr";
wolfSSL 11:cee25a834751 12528
wolfSSL 11:cee25a834751 12529 case DECRYPT_ERROR :
wolfSSL 11:cee25a834751 12530 return "error during decryption";
wolfSSL 11:cee25a834751 12531
wolfSSL 11:cee25a834751 12532 case FATAL_ERROR :
wolfSSL 11:cee25a834751 12533 return "revcd alert fatal error";
wolfSSL 11:cee25a834751 12534
wolfSSL 11:cee25a834751 12535 case ENCRYPT_ERROR :
wolfSSL 11:cee25a834751 12536 return "error during encryption";
wolfSSL 11:cee25a834751 12537
wolfSSL 11:cee25a834751 12538 case FREAD_ERROR :
wolfSSL 11:cee25a834751 12539 return "fread problem";
wolfSSL 11:cee25a834751 12540
wolfSSL 11:cee25a834751 12541 case NO_PEER_KEY :
wolfSSL 11:cee25a834751 12542 return "need peer's key";
wolfSSL 11:cee25a834751 12543
wolfSSL 11:cee25a834751 12544 case NO_PRIVATE_KEY :
wolfSSL 11:cee25a834751 12545 return "need the private key";
wolfSSL 11:cee25a834751 12546
wolfSSL 11:cee25a834751 12547 case NO_DH_PARAMS :
wolfSSL 11:cee25a834751 12548 return "server missing DH params";
wolfSSL 11:cee25a834751 12549
wolfSSL 11:cee25a834751 12550 case RSA_PRIVATE_ERROR :
wolfSSL 11:cee25a834751 12551 return "error during rsa priv op";
wolfSSL 11:cee25a834751 12552
wolfSSL 11:cee25a834751 12553 case MATCH_SUITE_ERROR :
wolfSSL 11:cee25a834751 12554 return "can't match cipher suite";
wolfSSL 11:cee25a834751 12555
wolfSSL 11:cee25a834751 12556 case COMPRESSION_ERROR :
wolfSSL 11:cee25a834751 12557 return "compression mismatch error";
wolfSSL 11:cee25a834751 12558
wolfSSL 11:cee25a834751 12559 case BUILD_MSG_ERROR :
wolfSSL 11:cee25a834751 12560 return "build message failure";
wolfSSL 11:cee25a834751 12561
wolfSSL 11:cee25a834751 12562 case BAD_HELLO :
wolfSSL 11:cee25a834751 12563 return "client hello malformed";
wolfSSL 11:cee25a834751 12564
wolfSSL 11:cee25a834751 12565 case DOMAIN_NAME_MISMATCH :
wolfSSL 11:cee25a834751 12566 return "peer subject name mismatch";
wolfSSL 11:cee25a834751 12567
wolfSSL 11:cee25a834751 12568 case WANT_READ :
wolfSSL 11:cee25a834751 12569 case SSL_ERROR_WANT_READ :
wolfSSL 11:cee25a834751 12570 return "non-blocking socket wants data to be read";
wolfSSL 11:cee25a834751 12571
wolfSSL 11:cee25a834751 12572 case NOT_READY_ERROR :
wolfSSL 11:cee25a834751 12573 return "handshake layer not ready yet, complete first";
wolfSSL 11:cee25a834751 12574
wolfSSL 11:cee25a834751 12575 case PMS_VERSION_ERROR :
wolfSSL 11:cee25a834751 12576 return "premaster secret version mismatch error";
wolfSSL 11:cee25a834751 12577
wolfSSL 11:cee25a834751 12578 case VERSION_ERROR :
wolfSSL 11:cee25a834751 12579 return "record layer version error";
wolfSSL 11:cee25a834751 12580
wolfSSL 11:cee25a834751 12581 case WANT_WRITE :
wolfSSL 11:cee25a834751 12582 case SSL_ERROR_WANT_WRITE :
wolfSSL 11:cee25a834751 12583 return "non-blocking socket write buffer full";
wolfSSL 11:cee25a834751 12584
wolfSSL 11:cee25a834751 12585 case BUFFER_ERROR :
wolfSSL 11:cee25a834751 12586 return "malformed buffer input error";
wolfSSL 11:cee25a834751 12587
wolfSSL 11:cee25a834751 12588 case VERIFY_CERT_ERROR :
wolfSSL 11:cee25a834751 12589 return "verify problem on certificate";
wolfSSL 11:cee25a834751 12590
wolfSSL 11:cee25a834751 12591 case VERIFY_SIGN_ERROR :
wolfSSL 11:cee25a834751 12592 return "verify problem based on signature";
wolfSSL 11:cee25a834751 12593
wolfSSL 11:cee25a834751 12594 case CLIENT_ID_ERROR :
wolfSSL 11:cee25a834751 12595 return "psk client identity error";
wolfSSL 11:cee25a834751 12596
wolfSSL 11:cee25a834751 12597 case SERVER_HINT_ERROR:
wolfSSL 11:cee25a834751 12598 return "psk server hint error";
wolfSSL 11:cee25a834751 12599
wolfSSL 11:cee25a834751 12600 case PSK_KEY_ERROR:
wolfSSL 11:cee25a834751 12601 return "psk key callback error";
wolfSSL 11:cee25a834751 12602
wolfSSL 11:cee25a834751 12603 case NTRU_KEY_ERROR:
wolfSSL 11:cee25a834751 12604 return "NTRU key error";
wolfSSL 11:cee25a834751 12605
wolfSSL 11:cee25a834751 12606 case NTRU_DRBG_ERROR:
wolfSSL 11:cee25a834751 12607 return "NTRU drbg error";
wolfSSL 11:cee25a834751 12608
wolfSSL 11:cee25a834751 12609 case NTRU_ENCRYPT_ERROR:
wolfSSL 11:cee25a834751 12610 return "NTRU encrypt error";
wolfSSL 11:cee25a834751 12611
wolfSSL 11:cee25a834751 12612 case NTRU_DECRYPT_ERROR:
wolfSSL 11:cee25a834751 12613 return "NTRU decrypt error";
wolfSSL 11:cee25a834751 12614
wolfSSL 11:cee25a834751 12615 case ZLIB_INIT_ERROR:
wolfSSL 11:cee25a834751 12616 return "zlib init error";
wolfSSL 11:cee25a834751 12617
wolfSSL 11:cee25a834751 12618 case ZLIB_COMPRESS_ERROR:
wolfSSL 11:cee25a834751 12619 return "zlib compress error";
wolfSSL 11:cee25a834751 12620
wolfSSL 11:cee25a834751 12621 case ZLIB_DECOMPRESS_ERROR:
wolfSSL 11:cee25a834751 12622 return "zlib decompress error";
wolfSSL 11:cee25a834751 12623
wolfSSL 11:cee25a834751 12624 case GETTIME_ERROR:
wolfSSL 11:cee25a834751 12625 return "gettimeofday() error";
wolfSSL 11:cee25a834751 12626
wolfSSL 11:cee25a834751 12627 case GETITIMER_ERROR:
wolfSSL 11:cee25a834751 12628 return "getitimer() error";
wolfSSL 11:cee25a834751 12629
wolfSSL 11:cee25a834751 12630 case SIGACT_ERROR:
wolfSSL 11:cee25a834751 12631 return "sigaction() error";
wolfSSL 11:cee25a834751 12632
wolfSSL 11:cee25a834751 12633 case SETITIMER_ERROR:
wolfSSL 11:cee25a834751 12634 return "setitimer() error";
wolfSSL 11:cee25a834751 12635
wolfSSL 11:cee25a834751 12636 case LENGTH_ERROR:
wolfSSL 11:cee25a834751 12637 return "record layer length error";
wolfSSL 11:cee25a834751 12638
wolfSSL 11:cee25a834751 12639 case PEER_KEY_ERROR:
wolfSSL 11:cee25a834751 12640 return "cant decode peer key";
wolfSSL 11:cee25a834751 12641
wolfSSL 11:cee25a834751 12642 case ZERO_RETURN:
wolfSSL 11:cee25a834751 12643 case SSL_ERROR_ZERO_RETURN:
wolfSSL 11:cee25a834751 12644 return "peer sent close notify alert";
wolfSSL 11:cee25a834751 12645
wolfSSL 11:cee25a834751 12646 case ECC_CURVETYPE_ERROR:
wolfSSL 11:cee25a834751 12647 return "Bad ECC Curve Type or unsupported";
wolfSSL 11:cee25a834751 12648
wolfSSL 11:cee25a834751 12649 case ECC_CURVE_ERROR:
wolfSSL 11:cee25a834751 12650 return "Bad ECC Curve or unsupported";
wolfSSL 11:cee25a834751 12651
wolfSSL 11:cee25a834751 12652 case ECC_PEERKEY_ERROR:
wolfSSL 11:cee25a834751 12653 return "Bad ECC Peer Key";
wolfSSL 11:cee25a834751 12654
wolfSSL 11:cee25a834751 12655 case ECC_MAKEKEY_ERROR:
wolfSSL 11:cee25a834751 12656 return "ECC Make Key failure";
wolfSSL 11:cee25a834751 12657
wolfSSL 11:cee25a834751 12658 case ECC_EXPORT_ERROR:
wolfSSL 11:cee25a834751 12659 return "ECC Export Key failure";
wolfSSL 11:cee25a834751 12660
wolfSSL 11:cee25a834751 12661 case ECC_SHARED_ERROR:
wolfSSL 11:cee25a834751 12662 return "ECC DHE shared failure";
wolfSSL 11:cee25a834751 12663
wolfSSL 11:cee25a834751 12664 case NOT_CA_ERROR:
wolfSSL 11:cee25a834751 12665 return "Not a CA by basic constraint error";
wolfSSL 11:cee25a834751 12666
wolfSSL 11:cee25a834751 12667 case HTTP_TIMEOUT:
wolfSSL 11:cee25a834751 12668 return "HTTP timeout for OCSP or CRL req";
wolfSSL 11:cee25a834751 12669
wolfSSL 11:cee25a834751 12670 case BAD_CERT_MANAGER_ERROR:
wolfSSL 11:cee25a834751 12671 return "Bad Cert Manager error";
wolfSSL 11:cee25a834751 12672
wolfSSL 11:cee25a834751 12673 case OCSP_CERT_REVOKED:
wolfSSL 11:cee25a834751 12674 return "OCSP Cert revoked";
wolfSSL 11:cee25a834751 12675
wolfSSL 11:cee25a834751 12676 case CRL_CERT_REVOKED:
wolfSSL 11:cee25a834751 12677 return "CRL Cert revoked";
wolfSSL 11:cee25a834751 12678
wolfSSL 11:cee25a834751 12679 case CRL_MISSING:
wolfSSL 11:cee25a834751 12680 return "CRL missing, not loaded";
wolfSSL 11:cee25a834751 12681
wolfSSL 11:cee25a834751 12682 case MONITOR_SETUP_E:
wolfSSL 11:cee25a834751 12683 return "CRL monitor setup error";
wolfSSL 11:cee25a834751 12684
wolfSSL 11:cee25a834751 12685 case THREAD_CREATE_E:
wolfSSL 11:cee25a834751 12686 return "Thread creation problem";
wolfSSL 11:cee25a834751 12687
wolfSSL 11:cee25a834751 12688 case OCSP_NEED_URL:
wolfSSL 11:cee25a834751 12689 return "OCSP need URL";
wolfSSL 11:cee25a834751 12690
wolfSSL 11:cee25a834751 12691 case OCSP_CERT_UNKNOWN:
wolfSSL 11:cee25a834751 12692 return "OCSP Cert unknown";
wolfSSL 11:cee25a834751 12693
wolfSSL 11:cee25a834751 12694 case OCSP_LOOKUP_FAIL:
wolfSSL 11:cee25a834751 12695 return "OCSP Responder lookup fail";
wolfSSL 11:cee25a834751 12696
wolfSSL 11:cee25a834751 12697 case MAX_CHAIN_ERROR:
wolfSSL 11:cee25a834751 12698 return "Maximum Chain Depth Exceeded";
wolfSSL 11:cee25a834751 12699
wolfSSL 11:cee25a834751 12700 case COOKIE_ERROR:
wolfSSL 11:cee25a834751 12701 return "DTLS Cookie Error";
wolfSSL 11:cee25a834751 12702
wolfSSL 11:cee25a834751 12703 case SEQUENCE_ERROR:
wolfSSL 11:cee25a834751 12704 return "DTLS Sequence Error";
wolfSSL 11:cee25a834751 12705
wolfSSL 11:cee25a834751 12706 case SUITES_ERROR:
wolfSSL 11:cee25a834751 12707 return "Suites Pointer Error";
wolfSSL 11:cee25a834751 12708
wolfSSL 11:cee25a834751 12709 case SSL_NO_PEM_HEADER:
wolfSSL 11:cee25a834751 12710 return "No PEM Header Error";
wolfSSL 11:cee25a834751 12711
wolfSSL 11:cee25a834751 12712 case OUT_OF_ORDER_E:
wolfSSL 11:cee25a834751 12713 return "Out of order message, fatal";
wolfSSL 11:cee25a834751 12714
wolfSSL 11:cee25a834751 12715 case BAD_KEA_TYPE_E:
wolfSSL 11:cee25a834751 12716 return "Bad KEA type found";
wolfSSL 11:cee25a834751 12717
wolfSSL 11:cee25a834751 12718 case SANITY_CIPHER_E:
wolfSSL 11:cee25a834751 12719 return "Sanity check on ciphertext failed";
wolfSSL 11:cee25a834751 12720
wolfSSL 11:cee25a834751 12721 case RECV_OVERFLOW_E:
wolfSSL 11:cee25a834751 12722 return "Receive callback returned more than requested";
wolfSSL 11:cee25a834751 12723
wolfSSL 11:cee25a834751 12724 case GEN_COOKIE_E:
wolfSSL 11:cee25a834751 12725 return "Generate Cookie Error";
wolfSSL 11:cee25a834751 12726
wolfSSL 11:cee25a834751 12727 case NO_PEER_VERIFY:
wolfSSL 11:cee25a834751 12728 return "Need peer certificate verify Error";
wolfSSL 11:cee25a834751 12729
wolfSSL 11:cee25a834751 12730 case FWRITE_ERROR:
wolfSSL 11:cee25a834751 12731 return "fwrite Error";
wolfSSL 11:cee25a834751 12732
wolfSSL 11:cee25a834751 12733 case CACHE_MATCH_ERROR:
wolfSSL 11:cee25a834751 12734 return "Cache restore header match Error";
wolfSSL 11:cee25a834751 12735
wolfSSL 11:cee25a834751 12736 case UNKNOWN_SNI_HOST_NAME_E:
wolfSSL 11:cee25a834751 12737 return "Unrecognized host name Error";
wolfSSL 11:cee25a834751 12738
wolfSSL 11:cee25a834751 12739 case UNKNOWN_MAX_FRAG_LEN_E:
wolfSSL 11:cee25a834751 12740 return "Unrecognized max frag len Error";
wolfSSL 11:cee25a834751 12741
wolfSSL 11:cee25a834751 12742 case KEYUSE_SIGNATURE_E:
wolfSSL 11:cee25a834751 12743 return "Key Use digitalSignature not set Error";
wolfSSL 11:cee25a834751 12744
wolfSSL 11:cee25a834751 12745 case KEYUSE_ENCIPHER_E:
wolfSSL 11:cee25a834751 12746 return "Key Use keyEncipherment not set Error";
wolfSSL 11:cee25a834751 12747
wolfSSL 11:cee25a834751 12748 case EXTKEYUSE_AUTH_E:
wolfSSL 11:cee25a834751 12749 return "Ext Key Use server/client auth not set Error";
wolfSSL 11:cee25a834751 12750
wolfSSL 11:cee25a834751 12751 case SEND_OOB_READ_E:
wolfSSL 11:cee25a834751 12752 return "Send Callback Out of Bounds Read Error";
wolfSSL 11:cee25a834751 12753
wolfSSL 11:cee25a834751 12754 case SECURE_RENEGOTIATION_E:
wolfSSL 11:cee25a834751 12755 return "Invalid Renegotiation Error";
wolfSSL 11:cee25a834751 12756
wolfSSL 11:cee25a834751 12757 case SESSION_TICKET_LEN_E:
wolfSSL 11:cee25a834751 12758 return "Session Ticket Too Long Error";
wolfSSL 11:cee25a834751 12759
wolfSSL 11:cee25a834751 12760 case SESSION_TICKET_EXPECT_E:
wolfSSL 11:cee25a834751 12761 return "Session Ticket Error";
wolfSSL 11:cee25a834751 12762
wolfSSL 11:cee25a834751 12763 case SCR_DIFFERENT_CERT_E:
wolfSSL 11:cee25a834751 12764 return "Peer sent different cert during SCR";
wolfSSL 11:cee25a834751 12765
wolfSSL 11:cee25a834751 12766 case SESSION_SECRET_CB_E:
wolfSSL 11:cee25a834751 12767 return "Session Secret Callback Error";
wolfSSL 11:cee25a834751 12768
wolfSSL 11:cee25a834751 12769 case NO_CHANGE_CIPHER_E:
wolfSSL 11:cee25a834751 12770 return "Finished received from peer before Change Cipher Error";
wolfSSL 11:cee25a834751 12771
wolfSSL 11:cee25a834751 12772 case SANITY_MSG_E:
wolfSSL 11:cee25a834751 12773 return "Sanity Check on message order Error";
wolfSSL 11:cee25a834751 12774
wolfSSL 11:cee25a834751 12775 case DUPLICATE_MSG_E:
wolfSSL 11:cee25a834751 12776 return "Duplicate HandShake message Error";
wolfSSL 11:cee25a834751 12777
wolfSSL 11:cee25a834751 12778 case SNI_UNSUPPORTED:
wolfSSL 11:cee25a834751 12779 return "Protocol version does not support SNI Error";
wolfSSL 11:cee25a834751 12780
wolfSSL 11:cee25a834751 12781 case SOCKET_PEER_CLOSED_E:
wolfSSL 11:cee25a834751 12782 return "Peer closed underlying transport Error";
wolfSSL 11:cee25a834751 12783
wolfSSL 11:cee25a834751 12784 case BAD_TICKET_KEY_CB_SZ:
wolfSSL 11:cee25a834751 12785 return "Bad user session ticket key callback Size Error";
wolfSSL 11:cee25a834751 12786
wolfSSL 11:cee25a834751 12787 case BAD_TICKET_MSG_SZ:
wolfSSL 11:cee25a834751 12788 return "Bad session ticket message Size Error";
wolfSSL 11:cee25a834751 12789
wolfSSL 11:cee25a834751 12790 case BAD_TICKET_ENCRYPT:
wolfSSL 11:cee25a834751 12791 return "Bad user ticket callback encrypt Error";
wolfSSL 11:cee25a834751 12792
wolfSSL 11:cee25a834751 12793 case DH_KEY_SIZE_E:
wolfSSL 11:cee25a834751 12794 return "DH key too small Error";
wolfSSL 11:cee25a834751 12795
wolfSSL 11:cee25a834751 12796 case SNI_ABSENT_ERROR:
wolfSSL 11:cee25a834751 12797 return "No Server Name Indication extension Error";
wolfSSL 11:cee25a834751 12798
wolfSSL 11:cee25a834751 12799 case RSA_SIGN_FAULT:
wolfSSL 11:cee25a834751 12800 return "RSA Signature Fault Error";
wolfSSL 11:cee25a834751 12801
wolfSSL 11:cee25a834751 12802 case HANDSHAKE_SIZE_ERROR:
wolfSSL 11:cee25a834751 12803 return "Handshake message too large Error";
wolfSSL 11:cee25a834751 12804
wolfSSL 11:cee25a834751 12805 case UNKNOWN_ALPN_PROTOCOL_NAME_E:
wolfSSL 11:cee25a834751 12806 return "Unrecognized protocol name Error";
wolfSSL 11:cee25a834751 12807
wolfSSL 11:cee25a834751 12808 case BAD_CERTIFICATE_STATUS_ERROR:
wolfSSL 11:cee25a834751 12809 return "Bad Certificate Status Message Error";
wolfSSL 11:cee25a834751 12810
wolfSSL 11:cee25a834751 12811 case OCSP_INVALID_STATUS:
wolfSSL 11:cee25a834751 12812 return "Invalid OCSP Status Error";
wolfSSL 11:cee25a834751 12813
wolfSSL 11:cee25a834751 12814 case RSA_KEY_SIZE_E:
wolfSSL 11:cee25a834751 12815 return "RSA key too small";
wolfSSL 11:cee25a834751 12816
wolfSSL 11:cee25a834751 12817 case ECC_KEY_SIZE_E:
wolfSSL 11:cee25a834751 12818 return "ECC key too small";
wolfSSL 11:cee25a834751 12819
wolfSSL 11:cee25a834751 12820 case DTLS_EXPORT_VER_E:
wolfSSL 11:cee25a834751 12821 return "Version needs updated after code change or version mismatch";
wolfSSL 11:cee25a834751 12822
wolfSSL 11:cee25a834751 12823 case INPUT_SIZE_E:
wolfSSL 11:cee25a834751 12824 return "Input size too large Error";
wolfSSL 11:cee25a834751 12825
wolfSSL 11:cee25a834751 12826 case CTX_INIT_MUTEX_E:
wolfSSL 11:cee25a834751 12827 return "Initialize ctx mutex error";
wolfSSL 11:cee25a834751 12828
wolfSSL 11:cee25a834751 12829 case EXT_MASTER_SECRET_NEEDED_E:
wolfSSL 11:cee25a834751 12830 return "Extended Master Secret must be enabled to resume EMS session";
wolfSSL 11:cee25a834751 12831
wolfSSL 11:cee25a834751 12832 case DTLS_POOL_SZ_E:
wolfSSL 11:cee25a834751 12833 return "Maximum DTLS pool size exceeded";
wolfSSL 11:cee25a834751 12834
wolfSSL 11:cee25a834751 12835 case DECODE_E:
wolfSSL 11:cee25a834751 12836 return "Decode handshake message error";
wolfSSL 11:cee25a834751 12837
wolfSSL 11:cee25a834751 12838 case WRITE_DUP_READ_E:
wolfSSL 11:cee25a834751 12839 return "Write dup write side can't read error";
wolfSSL 11:cee25a834751 12840
wolfSSL 11:cee25a834751 12841 case WRITE_DUP_WRITE_E:
wolfSSL 11:cee25a834751 12842 return "Write dup read side can't write error";
wolfSSL 11:cee25a834751 12843
wolfSSL 11:cee25a834751 12844 default :
wolfSSL 11:cee25a834751 12845 return "unknown error number";
wolfSSL 11:cee25a834751 12846 }
wolfSSL 11:cee25a834751 12847
wolfSSL 11:cee25a834751 12848 #endif /* NO_ERROR_STRINGS */
wolfSSL 11:cee25a834751 12849 }
wolfSSL 11:cee25a834751 12850
wolfSSL 11:cee25a834751 12851 void SetErrorString(int error, char* str)
wolfSSL 11:cee25a834751 12852 {
wolfSSL 11:cee25a834751 12853 XSTRNCPY(str, wolfSSL_ERR_reason_error_string(error), WOLFSSL_MAX_ERROR_SZ);
wolfSSL 11:cee25a834751 12854 }
wolfSSL 11:cee25a834751 12855
wolfSSL 11:cee25a834751 12856
wolfSSL 11:cee25a834751 12857 /* be sure to add to cipher_name_idx too !!!! */
wolfSSL 11:cee25a834751 12858 static const char* const cipher_names[] =
wolfSSL 11:cee25a834751 12859 {
wolfSSL 11:cee25a834751 12860 #ifdef BUILD_SSL_RSA_WITH_RC4_128_SHA
wolfSSL 11:cee25a834751 12861 "RC4-SHA",
wolfSSL 11:cee25a834751 12862 #endif
wolfSSL 11:cee25a834751 12863
wolfSSL 11:cee25a834751 12864 #ifdef BUILD_SSL_RSA_WITH_RC4_128_MD5
wolfSSL 11:cee25a834751 12865 "RC4-MD5",
wolfSSL 11:cee25a834751 12866 #endif
wolfSSL 11:cee25a834751 12867
wolfSSL 11:cee25a834751 12868 #ifdef BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL 11:cee25a834751 12869 "DES-CBC3-SHA",
wolfSSL 11:cee25a834751 12870 #endif
wolfSSL 11:cee25a834751 12871
wolfSSL 11:cee25a834751 12872 #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA
wolfSSL 11:cee25a834751 12873 "AES128-SHA",
wolfSSL 11:cee25a834751 12874 #endif
wolfSSL 11:cee25a834751 12875
wolfSSL 11:cee25a834751 12876 #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA
wolfSSL 11:cee25a834751 12877 "AES256-SHA",
wolfSSL 11:cee25a834751 12878 #endif
wolfSSL 11:cee25a834751 12879
wolfSSL 11:cee25a834751 12880 #ifdef BUILD_TLS_RSA_WITH_NULL_SHA
wolfSSL 11:cee25a834751 12881 "NULL-SHA",
wolfSSL 11:cee25a834751 12882 #endif
wolfSSL 11:cee25a834751 12883
wolfSSL 11:cee25a834751 12884 #ifdef BUILD_TLS_RSA_WITH_NULL_SHA256
wolfSSL 11:cee25a834751 12885 "NULL-SHA256",
wolfSSL 11:cee25a834751 12886 #endif
wolfSSL 11:cee25a834751 12887
wolfSSL 11:cee25a834751 12888 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
wolfSSL 11:cee25a834751 12889 "DHE-RSA-AES128-SHA",
wolfSSL 11:cee25a834751 12890 #endif
wolfSSL 11:cee25a834751 12891
wolfSSL 11:cee25a834751 12892 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
wolfSSL 11:cee25a834751 12893 "DHE-RSA-AES256-SHA",
wolfSSL 11:cee25a834751 12894 #endif
wolfSSL 11:cee25a834751 12895
wolfSSL 11:cee25a834751 12896 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
wolfSSL 11:cee25a834751 12897 "DHE-PSK-AES256-GCM-SHA384",
wolfSSL 11:cee25a834751 12898 #endif
wolfSSL 11:cee25a834751 12899
wolfSSL 11:cee25a834751 12900 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
wolfSSL 11:cee25a834751 12901 "DHE-PSK-AES128-GCM-SHA256",
wolfSSL 11:cee25a834751 12902 #endif
wolfSSL 11:cee25a834751 12903
wolfSSL 11:cee25a834751 12904 #ifdef BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384
wolfSSL 11:cee25a834751 12905 "PSK-AES256-GCM-SHA384",
wolfSSL 11:cee25a834751 12906 #endif
wolfSSL 11:cee25a834751 12907
wolfSSL 11:cee25a834751 12908 #ifdef BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256
wolfSSL 11:cee25a834751 12909 "PSK-AES128-GCM-SHA256",
wolfSSL 11:cee25a834751 12910 #endif
wolfSSL 11:cee25a834751 12911
wolfSSL 11:cee25a834751 12912 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
wolfSSL 11:cee25a834751 12913 "DHE-PSK-AES256-CBC-SHA384",
wolfSSL 11:cee25a834751 12914 #endif
wolfSSL 11:cee25a834751 12915
wolfSSL 11:cee25a834751 12916 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
wolfSSL 11:cee25a834751 12917 "DHE-PSK-AES128-CBC-SHA256",
wolfSSL 11:cee25a834751 12918 #endif
wolfSSL 11:cee25a834751 12919
wolfSSL 11:cee25a834751 12920 #ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384
wolfSSL 11:cee25a834751 12921 "PSK-AES256-CBC-SHA384",
wolfSSL 11:cee25a834751 12922 #endif
wolfSSL 11:cee25a834751 12923
wolfSSL 11:cee25a834751 12924 #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256
wolfSSL 11:cee25a834751 12925 "PSK-AES128-CBC-SHA256",
wolfSSL 11:cee25a834751 12926 #endif
wolfSSL 11:cee25a834751 12927
wolfSSL 11:cee25a834751 12928 #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA
wolfSSL 11:cee25a834751 12929 "PSK-AES128-CBC-SHA",
wolfSSL 11:cee25a834751 12930 #endif
wolfSSL 11:cee25a834751 12931
wolfSSL 11:cee25a834751 12932 #ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA
wolfSSL 11:cee25a834751 12933 "PSK-AES256-CBC-SHA",
wolfSSL 11:cee25a834751 12934 #endif
wolfSSL 11:cee25a834751 12935
wolfSSL 11:cee25a834751 12936 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CCM
wolfSSL 11:cee25a834751 12937 "DHE-PSK-AES128-CCM",
wolfSSL 11:cee25a834751 12938 #endif
wolfSSL 11:cee25a834751 12939
wolfSSL 11:cee25a834751 12940 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CCM
wolfSSL 11:cee25a834751 12941 "DHE-PSK-AES256-CCM",
wolfSSL 11:cee25a834751 12942 #endif
wolfSSL 11:cee25a834751 12943
wolfSSL 11:cee25a834751 12944 #ifdef BUILD_TLS_PSK_WITH_AES_128_CCM
wolfSSL 11:cee25a834751 12945 "PSK-AES128-CCM",
wolfSSL 11:cee25a834751 12946 #endif
wolfSSL 11:cee25a834751 12947
wolfSSL 11:cee25a834751 12948 #ifdef BUILD_TLS_PSK_WITH_AES_256_CCM
wolfSSL 11:cee25a834751 12949 "PSK-AES256-CCM",
wolfSSL 11:cee25a834751 12950 #endif
wolfSSL 11:cee25a834751 12951
wolfSSL 11:cee25a834751 12952 #ifdef BUILD_TLS_PSK_WITH_AES_128_CCM_8
wolfSSL 11:cee25a834751 12953 "PSK-AES128-CCM-8",
wolfSSL 11:cee25a834751 12954 #endif
wolfSSL 11:cee25a834751 12955
wolfSSL 11:cee25a834751 12956 #ifdef BUILD_TLS_PSK_WITH_AES_256_CCM_8
wolfSSL 11:cee25a834751 12957 "PSK-AES256-CCM-8",
wolfSSL 11:cee25a834751 12958 #endif
wolfSSL 11:cee25a834751 12959
wolfSSL 11:cee25a834751 12960 #ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA384
wolfSSL 11:cee25a834751 12961 "DHE-PSK-NULL-SHA384",
wolfSSL 11:cee25a834751 12962 #endif
wolfSSL 11:cee25a834751 12963
wolfSSL 11:cee25a834751 12964 #ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA256
wolfSSL 11:cee25a834751 12965 "DHE-PSK-NULL-SHA256",
wolfSSL 11:cee25a834751 12966 #endif
wolfSSL 11:cee25a834751 12967
wolfSSL 11:cee25a834751 12968 #ifdef BUILD_TLS_PSK_WITH_NULL_SHA384
wolfSSL 11:cee25a834751 12969 "PSK-NULL-SHA384",
wolfSSL 11:cee25a834751 12970 #endif
wolfSSL 11:cee25a834751 12971
wolfSSL 11:cee25a834751 12972 #ifdef BUILD_TLS_PSK_WITH_NULL_SHA256
wolfSSL 11:cee25a834751 12973 "PSK-NULL-SHA256",
wolfSSL 11:cee25a834751 12974 #endif
wolfSSL 11:cee25a834751 12975
wolfSSL 11:cee25a834751 12976 #ifdef BUILD_TLS_PSK_WITH_NULL_SHA
wolfSSL 11:cee25a834751 12977 "PSK-NULL-SHA",
wolfSSL 11:cee25a834751 12978 #endif
wolfSSL 11:cee25a834751 12979
wolfSSL 11:cee25a834751 12980 #ifdef BUILD_TLS_RSA_WITH_HC_128_MD5
wolfSSL 11:cee25a834751 12981 "HC128-MD5",
wolfSSL 11:cee25a834751 12982 #endif
wolfSSL 11:cee25a834751 12983
wolfSSL 11:cee25a834751 12984 #ifdef BUILD_TLS_RSA_WITH_HC_128_SHA
wolfSSL 11:cee25a834751 12985 "HC128-SHA",
wolfSSL 11:cee25a834751 12986 #endif
wolfSSL 11:cee25a834751 12987
wolfSSL 11:cee25a834751 12988 #ifdef BUILD_TLS_RSA_WITH_HC_128_B2B256
wolfSSL 11:cee25a834751 12989 "HC128-B2B256",
wolfSSL 11:cee25a834751 12990 #endif
wolfSSL 11:cee25a834751 12991
wolfSSL 11:cee25a834751 12992 #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256
wolfSSL 11:cee25a834751 12993 "AES128-B2B256",
wolfSSL 11:cee25a834751 12994 #endif
wolfSSL 11:cee25a834751 12995
wolfSSL 11:cee25a834751 12996 #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256
wolfSSL 11:cee25a834751 12997 "AES256-B2B256",
wolfSSL 11:cee25a834751 12998 #endif
wolfSSL 11:cee25a834751 12999
wolfSSL 11:cee25a834751 13000 #ifdef BUILD_TLS_RSA_WITH_RABBIT_SHA
wolfSSL 11:cee25a834751 13001 "RABBIT-SHA",
wolfSSL 11:cee25a834751 13002 #endif
wolfSSL 11:cee25a834751 13003
wolfSSL 11:cee25a834751 13004 #ifdef BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA
wolfSSL 11:cee25a834751 13005 "NTRU-RC4-SHA",
wolfSSL 11:cee25a834751 13006 #endif
wolfSSL 11:cee25a834751 13007
wolfSSL 11:cee25a834751 13008 #ifdef BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL 11:cee25a834751 13009 "NTRU-DES-CBC3-SHA",
wolfSSL 11:cee25a834751 13010 #endif
wolfSSL 11:cee25a834751 13011
wolfSSL 11:cee25a834751 13012 #ifdef BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA
wolfSSL 11:cee25a834751 13013 "NTRU-AES128-SHA",
wolfSSL 11:cee25a834751 13014 #endif
wolfSSL 11:cee25a834751 13015
wolfSSL 11:cee25a834751 13016 #ifdef BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA
wolfSSL 11:cee25a834751 13017 "NTRU-AES256-SHA",
wolfSSL 11:cee25a834751 13018 #endif
wolfSSL 11:cee25a834751 13019
wolfSSL 11:cee25a834751 13020 #ifdef BUILD_TLS_RSA_WITH_AES_128_CCM_8
wolfSSL 11:cee25a834751 13021 "AES128-CCM-8",
wolfSSL 11:cee25a834751 13022 #endif
wolfSSL 11:cee25a834751 13023
wolfSSL 11:cee25a834751 13024 #ifdef BUILD_TLS_RSA_WITH_AES_256_CCM_8
wolfSSL 11:cee25a834751 13025 "AES256-CCM-8",
wolfSSL 11:cee25a834751 13026 #endif
wolfSSL 11:cee25a834751 13027
wolfSSL 11:cee25a834751 13028 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM
wolfSSL 11:cee25a834751 13029 "ECDHE-ECDSA-AES128-CCM",
wolfSSL 11:cee25a834751 13030 #endif
wolfSSL 11:cee25a834751 13031
wolfSSL 11:cee25a834751 13032 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
wolfSSL 11:cee25a834751 13033 "ECDHE-ECDSA-AES128-CCM-8",
wolfSSL 11:cee25a834751 13034 #endif
wolfSSL 11:cee25a834751 13035
wolfSSL 11:cee25a834751 13036 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
wolfSSL 11:cee25a834751 13037 "ECDHE-ECDSA-AES256-CCM-8",
wolfSSL 11:cee25a834751 13038 #endif
wolfSSL 11:cee25a834751 13039
wolfSSL 11:cee25a834751 13040 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
wolfSSL 11:cee25a834751 13041 "ECDHE-RSA-AES128-SHA",
wolfSSL 11:cee25a834751 13042 #endif
wolfSSL 11:cee25a834751 13043
wolfSSL 11:cee25a834751 13044 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
wolfSSL 11:cee25a834751 13045 "ECDHE-RSA-AES256-SHA",
wolfSSL 11:cee25a834751 13046 #endif
wolfSSL 11:cee25a834751 13047
wolfSSL 11:cee25a834751 13048 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
wolfSSL 11:cee25a834751 13049 "ECDHE-ECDSA-AES128-SHA",
wolfSSL 11:cee25a834751 13050 #endif
wolfSSL 11:cee25a834751 13051
wolfSSL 11:cee25a834751 13052 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
wolfSSL 11:cee25a834751 13053 "ECDHE-ECDSA-AES256-SHA",
wolfSSL 11:cee25a834751 13054 #endif
wolfSSL 11:cee25a834751 13055
wolfSSL 11:cee25a834751 13056 #ifdef BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA
wolfSSL 11:cee25a834751 13057 "ECDHE-RSA-RC4-SHA",
wolfSSL 11:cee25a834751 13058 #endif
wolfSSL 11:cee25a834751 13059
wolfSSL 11:cee25a834751 13060 #ifdef BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL 11:cee25a834751 13061 "ECDHE-RSA-DES-CBC3-SHA",
wolfSSL 11:cee25a834751 13062 #endif
wolfSSL 11:cee25a834751 13063
wolfSSL 11:cee25a834751 13064 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
wolfSSL 11:cee25a834751 13065 "ECDHE-ECDSA-RC4-SHA",
wolfSSL 11:cee25a834751 13066 #endif
wolfSSL 11:cee25a834751 13067
wolfSSL 11:cee25a834751 13068 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
wolfSSL 11:cee25a834751 13069 "ECDHE-ECDSA-DES-CBC3-SHA",
wolfSSL 11:cee25a834751 13070 #endif
wolfSSL 11:cee25a834751 13071
wolfSSL 11:cee25a834751 13072 #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256
wolfSSL 11:cee25a834751 13073 "AES128-SHA256",
wolfSSL 11:cee25a834751 13074 #endif
wolfSSL 11:cee25a834751 13075
wolfSSL 11:cee25a834751 13076 #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256
wolfSSL 11:cee25a834751 13077 "AES256-SHA256",
wolfSSL 11:cee25a834751 13078 #endif
wolfSSL 11:cee25a834751 13079
wolfSSL 11:cee25a834751 13080 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
wolfSSL 11:cee25a834751 13081 "DHE-RSA-AES128-SHA256",
wolfSSL 11:cee25a834751 13082 #endif
wolfSSL 11:cee25a834751 13083
wolfSSL 11:cee25a834751 13084 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
wolfSSL 11:cee25a834751 13085 "DHE-RSA-AES256-SHA256",
wolfSSL 11:cee25a834751 13086 #endif
wolfSSL 11:cee25a834751 13087
wolfSSL 11:cee25a834751 13088 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
wolfSSL 11:cee25a834751 13089 "ECDH-RSA-AES128-SHA",
wolfSSL 11:cee25a834751 13090 #endif
wolfSSL 11:cee25a834751 13091
wolfSSL 11:cee25a834751 13092 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
wolfSSL 11:cee25a834751 13093 "ECDH-RSA-AES256-SHA",
wolfSSL 11:cee25a834751 13094 #endif
wolfSSL 11:cee25a834751 13095
wolfSSL 11:cee25a834751 13096 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
wolfSSL 11:cee25a834751 13097 "ECDH-ECDSA-AES128-SHA",
wolfSSL 11:cee25a834751 13098 #endif
wolfSSL 11:cee25a834751 13099
wolfSSL 11:cee25a834751 13100 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
wolfSSL 11:cee25a834751 13101 "ECDH-ECDSA-AES256-SHA",
wolfSSL 11:cee25a834751 13102 #endif
wolfSSL 11:cee25a834751 13103
wolfSSL 11:cee25a834751 13104 #ifdef BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA
wolfSSL 11:cee25a834751 13105 "ECDH-RSA-RC4-SHA",
wolfSSL 11:cee25a834751 13106 #endif
wolfSSL 11:cee25a834751 13107
wolfSSL 11:cee25a834751 13108 #ifdef BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL 11:cee25a834751 13109 "ECDH-RSA-DES-CBC3-SHA",
wolfSSL 11:cee25a834751 13110 #endif
wolfSSL 11:cee25a834751 13111
wolfSSL 11:cee25a834751 13112 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
wolfSSL 11:cee25a834751 13113 "ECDH-ECDSA-RC4-SHA",
wolfSSL 11:cee25a834751 13114 #endif
wolfSSL 11:cee25a834751 13115
wolfSSL 11:cee25a834751 13116 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
wolfSSL 11:cee25a834751 13117 "ECDH-ECDSA-DES-CBC3-SHA",
wolfSSL 11:cee25a834751 13118 #endif
wolfSSL 11:cee25a834751 13119
wolfSSL 11:cee25a834751 13120 #ifdef BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256
wolfSSL 11:cee25a834751 13121 "AES128-GCM-SHA256",
wolfSSL 11:cee25a834751 13122 #endif
wolfSSL 11:cee25a834751 13123
wolfSSL 11:cee25a834751 13124 #ifdef BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384
wolfSSL 11:cee25a834751 13125 "AES256-GCM-SHA384",
wolfSSL 11:cee25a834751 13126 #endif
wolfSSL 11:cee25a834751 13127
wolfSSL 11:cee25a834751 13128 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
wolfSSL 11:cee25a834751 13129 "DHE-RSA-AES128-GCM-SHA256",
wolfSSL 11:cee25a834751 13130 #endif
wolfSSL 11:cee25a834751 13131
wolfSSL 11:cee25a834751 13132 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
wolfSSL 11:cee25a834751 13133 "DHE-RSA-AES256-GCM-SHA384",
wolfSSL 11:cee25a834751 13134 #endif
wolfSSL 11:cee25a834751 13135
wolfSSL 11:cee25a834751 13136 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
wolfSSL 11:cee25a834751 13137 "ECDHE-RSA-AES128-GCM-SHA256",
wolfSSL 11:cee25a834751 13138 #endif
wolfSSL 11:cee25a834751 13139
wolfSSL 11:cee25a834751 13140 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
wolfSSL 11:cee25a834751 13141 "ECDHE-RSA-AES256-GCM-SHA384",
wolfSSL 11:cee25a834751 13142 #endif
wolfSSL 11:cee25a834751 13143
wolfSSL 11:cee25a834751 13144 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
wolfSSL 11:cee25a834751 13145 "ECDHE-ECDSA-AES128-GCM-SHA256",
wolfSSL 11:cee25a834751 13146 #endif
wolfSSL 11:cee25a834751 13147
wolfSSL 11:cee25a834751 13148 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
wolfSSL 11:cee25a834751 13149 "ECDHE-ECDSA-AES256-GCM-SHA384",
wolfSSL 11:cee25a834751 13150 #endif
wolfSSL 11:cee25a834751 13151
wolfSSL 11:cee25a834751 13152 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
wolfSSL 11:cee25a834751 13153 "ECDH-RSA-AES128-GCM-SHA256",
wolfSSL 11:cee25a834751 13154 #endif
wolfSSL 11:cee25a834751 13155
wolfSSL 11:cee25a834751 13156 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
wolfSSL 11:cee25a834751 13157 "ECDH-RSA-AES256-GCM-SHA384",
wolfSSL 11:cee25a834751 13158 #endif
wolfSSL 11:cee25a834751 13159
wolfSSL 11:cee25a834751 13160 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
wolfSSL 11:cee25a834751 13161 "ECDH-ECDSA-AES128-GCM-SHA256",
wolfSSL 11:cee25a834751 13162 #endif
wolfSSL 11:cee25a834751 13163
wolfSSL 11:cee25a834751 13164 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
wolfSSL 11:cee25a834751 13165 "ECDH-ECDSA-AES256-GCM-SHA384",
wolfSSL 11:cee25a834751 13166 #endif
wolfSSL 11:cee25a834751 13167
wolfSSL 11:cee25a834751 13168 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
wolfSSL 11:cee25a834751 13169 "CAMELLIA128-SHA",
wolfSSL 11:cee25a834751 13170 #endif
wolfSSL 11:cee25a834751 13171
wolfSSL 11:cee25a834751 13172 #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
wolfSSL 11:cee25a834751 13173 "DHE-RSA-CAMELLIA128-SHA",
wolfSSL 11:cee25a834751 13174 #endif
wolfSSL 11:cee25a834751 13175
wolfSSL 11:cee25a834751 13176 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
wolfSSL 11:cee25a834751 13177 "CAMELLIA256-SHA",
wolfSSL 11:cee25a834751 13178 #endif
wolfSSL 11:cee25a834751 13179
wolfSSL 11:cee25a834751 13180 #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
wolfSSL 11:cee25a834751 13181 "DHE-RSA-CAMELLIA256-SHA",
wolfSSL 11:cee25a834751 13182 #endif
wolfSSL 11:cee25a834751 13183
wolfSSL 11:cee25a834751 13184 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
wolfSSL 11:cee25a834751 13185 "CAMELLIA128-SHA256",
wolfSSL 11:cee25a834751 13186 #endif
wolfSSL 11:cee25a834751 13187
wolfSSL 11:cee25a834751 13188 #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
wolfSSL 11:cee25a834751 13189 "DHE-RSA-CAMELLIA128-SHA256",
wolfSSL 11:cee25a834751 13190 #endif
wolfSSL 11:cee25a834751 13191
wolfSSL 11:cee25a834751 13192 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
wolfSSL 11:cee25a834751 13193 "CAMELLIA256-SHA256",
wolfSSL 11:cee25a834751 13194 #endif
wolfSSL 11:cee25a834751 13195
wolfSSL 11:cee25a834751 13196 #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
wolfSSL 11:cee25a834751 13197 "DHE-RSA-CAMELLIA256-SHA256",
wolfSSL 11:cee25a834751 13198 #endif
wolfSSL 11:cee25a834751 13199
wolfSSL 11:cee25a834751 13200 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
wolfSSL 11:cee25a834751 13201 "ECDHE-RSA-AES128-SHA256",
wolfSSL 11:cee25a834751 13202 #endif
wolfSSL 11:cee25a834751 13203
wolfSSL 11:cee25a834751 13204 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
wolfSSL 11:cee25a834751 13205 "ECDHE-ECDSA-AES128-SHA256",
wolfSSL 11:cee25a834751 13206 #endif
wolfSSL 11:cee25a834751 13207
wolfSSL 11:cee25a834751 13208 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
wolfSSL 11:cee25a834751 13209 "ECDH-RSA-AES128-SHA256",
wolfSSL 11:cee25a834751 13210 #endif
wolfSSL 11:cee25a834751 13211
wolfSSL 11:cee25a834751 13212 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
wolfSSL 11:cee25a834751 13213 "ECDH-ECDSA-AES128-SHA256",
wolfSSL 11:cee25a834751 13214 #endif
wolfSSL 11:cee25a834751 13215
wolfSSL 11:cee25a834751 13216 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
wolfSSL 11:cee25a834751 13217 "ECDHE-RSA-AES256-SHA384",
wolfSSL 11:cee25a834751 13218 #endif
wolfSSL 11:cee25a834751 13219
wolfSSL 11:cee25a834751 13220 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
wolfSSL 11:cee25a834751 13221 "ECDHE-ECDSA-AES256-SHA384",
wolfSSL 11:cee25a834751 13222 #endif
wolfSSL 11:cee25a834751 13223
wolfSSL 11:cee25a834751 13224 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
wolfSSL 11:cee25a834751 13225 "ECDH-RSA-AES256-SHA384",
wolfSSL 11:cee25a834751 13226 #endif
wolfSSL 11:cee25a834751 13227
wolfSSL 11:cee25a834751 13228 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
wolfSSL 11:cee25a834751 13229 "ECDH-ECDSA-AES256-SHA384",
wolfSSL 11:cee25a834751 13230 #endif
wolfSSL 11:cee25a834751 13231
wolfSSL 11:cee25a834751 13232 #ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
wolfSSL 11:cee25a834751 13233 "ECDHE-RSA-CHACHA20-POLY1305",
wolfSSL 11:cee25a834751 13234 #endif
wolfSSL 11:cee25a834751 13235
wolfSSL 11:cee25a834751 13236 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
wolfSSL 11:cee25a834751 13237 "ECDHE-ECDSA-CHACHA20-POLY1305",
wolfSSL 11:cee25a834751 13238 #endif
wolfSSL 11:cee25a834751 13239
wolfSSL 11:cee25a834751 13240 #ifdef BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
wolfSSL 11:cee25a834751 13241 "DHE-RSA-CHACHA20-POLY1305",
wolfSSL 11:cee25a834751 13242 #endif
wolfSSL 11:cee25a834751 13243
wolfSSL 11:cee25a834751 13244 #ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256
wolfSSL 11:cee25a834751 13245 "ECDHE-RSA-CHACHA20-POLY1305-OLD",
wolfSSL 11:cee25a834751 13246 #endif
wolfSSL 11:cee25a834751 13247
wolfSSL 11:cee25a834751 13248 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256
wolfSSL 11:cee25a834751 13249 "ECDHE-ECDSA-CHACHA20-POLY1305-OLD",
wolfSSL 11:cee25a834751 13250 #endif
wolfSSL 11:cee25a834751 13251
wolfSSL 11:cee25a834751 13252 #ifdef BUILD_TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256
wolfSSL 11:cee25a834751 13253 "DHE-RSA-CHACHA20-POLY1305-OLD",
wolfSSL 11:cee25a834751 13254 #endif
wolfSSL 11:cee25a834751 13255
wolfSSL 11:cee25a834751 13256 #ifdef BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA
wolfSSL 11:cee25a834751 13257 "ADH-AES128-SHA",
wolfSSL 11:cee25a834751 13258 #endif
wolfSSL 11:cee25a834751 13259
wolfSSL 11:cee25a834751 13260 #ifdef BUILD_TLS_QSH
wolfSSL 11:cee25a834751 13261 "QSH",
wolfSSL 11:cee25a834751 13262 #endif
wolfSSL 11:cee25a834751 13263
wolfSSL 11:cee25a834751 13264 #ifdef HAVE_RENEGOTIATION_INDICATION
wolfSSL 11:cee25a834751 13265 "RENEGOTIATION-INFO",
wolfSSL 11:cee25a834751 13266 #endif
wolfSSL 11:cee25a834751 13267
wolfSSL 11:cee25a834751 13268 #ifdef BUILD_SSL_RSA_WITH_IDEA_CBC_SHA
wolfSSL 11:cee25a834751 13269 "IDEA-CBC-SHA",
wolfSSL 11:cee25a834751 13270 #endif
wolfSSL 11:cee25a834751 13271
wolfSSL 11:cee25a834751 13272 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_NULL_SHA
wolfSSL 11:cee25a834751 13273 "ECDHE-ECDSA-NULL-SHA",
wolfSSL 11:cee25a834751 13274 #endif
wolfSSL 11:cee25a834751 13275
wolfSSL 11:cee25a834751 13276 #ifdef BUILD_TLS_ECDHE_PSK_WITH_NULL_SHA256
wolfSSL 11:cee25a834751 13277 "ECDHE-PSK-NULL-SHA256",
wolfSSL 11:cee25a834751 13278 #endif
wolfSSL 11:cee25a834751 13279
wolfSSL 11:cee25a834751 13280 #ifdef BUILD_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
wolfSSL 11:cee25a834751 13281 "ECDHE-PSK-AES128-CBC-SHA256",
wolfSSL 11:cee25a834751 13282 #endif
wolfSSL 11:cee25a834751 13283
wolfSSL 11:cee25a834751 13284 #ifdef BUILD_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256
wolfSSL 11:cee25a834751 13285 "PSK-CHACHA20-POLY1305",
wolfSSL 11:cee25a834751 13286 #endif
wolfSSL 11:cee25a834751 13287
wolfSSL 11:cee25a834751 13288 #ifdef BUILD_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256
wolfSSL 11:cee25a834751 13289 "ECDHE-PSK-CHACHA20-POLY1305",
wolfSSL 11:cee25a834751 13290 #endif
wolfSSL 11:cee25a834751 13291
wolfSSL 11:cee25a834751 13292 #ifdef BUILD_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256
wolfSSL 11:cee25a834751 13293 "DHE-PSK-CHACHA20-POLY1305",
wolfSSL 11:cee25a834751 13294 #endif
wolfSSL 11:cee25a834751 13295
wolfSSL 11:cee25a834751 13296 #ifdef BUILD_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL 11:cee25a834751 13297 "EDH-RSA-DES-CBC3-SHA",
wolfSSL 11:cee25a834751 13298 #endif
wolfSSL 11:cee25a834751 13299 };
wolfSSL 11:cee25a834751 13300
wolfSSL 11:cee25a834751 13301
wolfSSL 11:cee25a834751 13302 /* cipher suite number that matches above name table */
wolfSSL 11:cee25a834751 13303 static int cipher_name_idx[] =
wolfSSL 11:cee25a834751 13304 {
wolfSSL 11:cee25a834751 13305
wolfSSL 11:cee25a834751 13306 #ifdef BUILD_SSL_RSA_WITH_RC4_128_SHA
wolfSSL 11:cee25a834751 13307 SSL_RSA_WITH_RC4_128_SHA,
wolfSSL 11:cee25a834751 13308 #endif
wolfSSL 11:cee25a834751 13309
wolfSSL 11:cee25a834751 13310 #ifdef BUILD_SSL_RSA_WITH_RC4_128_MD5
wolfSSL 11:cee25a834751 13311 SSL_RSA_WITH_RC4_128_MD5,
wolfSSL 11:cee25a834751 13312 #endif
wolfSSL 11:cee25a834751 13313
wolfSSL 11:cee25a834751 13314 #ifdef BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL 11:cee25a834751 13315 SSL_RSA_WITH_3DES_EDE_CBC_SHA,
wolfSSL 11:cee25a834751 13316 #endif
wolfSSL 11:cee25a834751 13317
wolfSSL 11:cee25a834751 13318 #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA
wolfSSL 11:cee25a834751 13319 TLS_RSA_WITH_AES_128_CBC_SHA,
wolfSSL 11:cee25a834751 13320 #endif
wolfSSL 11:cee25a834751 13321
wolfSSL 11:cee25a834751 13322 #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA
wolfSSL 11:cee25a834751 13323 TLS_RSA_WITH_AES_256_CBC_SHA,
wolfSSL 11:cee25a834751 13324 #endif
wolfSSL 11:cee25a834751 13325
wolfSSL 11:cee25a834751 13326 #ifdef BUILD_TLS_RSA_WITH_NULL_SHA
wolfSSL 11:cee25a834751 13327 TLS_RSA_WITH_NULL_SHA,
wolfSSL 11:cee25a834751 13328 #endif
wolfSSL 11:cee25a834751 13329
wolfSSL 11:cee25a834751 13330 #ifdef BUILD_TLS_RSA_WITH_NULL_SHA256
wolfSSL 11:cee25a834751 13331 TLS_RSA_WITH_NULL_SHA256,
wolfSSL 11:cee25a834751 13332 #endif
wolfSSL 11:cee25a834751 13333
wolfSSL 11:cee25a834751 13334 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
wolfSSL 11:cee25a834751 13335 TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
wolfSSL 11:cee25a834751 13336 #endif
wolfSSL 11:cee25a834751 13337
wolfSSL 11:cee25a834751 13338 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
wolfSSL 11:cee25a834751 13339 TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
wolfSSL 11:cee25a834751 13340 #endif
wolfSSL 11:cee25a834751 13341
wolfSSL 11:cee25a834751 13342 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
wolfSSL 11:cee25a834751 13343 TLS_DHE_PSK_WITH_AES_256_GCM_SHA384,
wolfSSL 11:cee25a834751 13344 #endif
wolfSSL 11:cee25a834751 13345
wolfSSL 11:cee25a834751 13346 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
wolfSSL 11:cee25a834751 13347 TLS_DHE_PSK_WITH_AES_128_GCM_SHA256,
wolfSSL 11:cee25a834751 13348 #endif
wolfSSL 11:cee25a834751 13349
wolfSSL 11:cee25a834751 13350 #ifdef BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384
wolfSSL 11:cee25a834751 13351 TLS_PSK_WITH_AES_256_GCM_SHA384,
wolfSSL 11:cee25a834751 13352 #endif
wolfSSL 11:cee25a834751 13353
wolfSSL 11:cee25a834751 13354 #ifdef BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256
wolfSSL 11:cee25a834751 13355 TLS_PSK_WITH_AES_128_GCM_SHA256,
wolfSSL 11:cee25a834751 13356 #endif
wolfSSL 11:cee25a834751 13357
wolfSSL 11:cee25a834751 13358 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
wolfSSL 11:cee25a834751 13359 TLS_DHE_PSK_WITH_AES_256_CBC_SHA384,
wolfSSL 11:cee25a834751 13360 #endif
wolfSSL 11:cee25a834751 13361
wolfSSL 11:cee25a834751 13362 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
wolfSSL 11:cee25a834751 13363 TLS_DHE_PSK_WITH_AES_128_CBC_SHA256,
wolfSSL 11:cee25a834751 13364 #endif
wolfSSL 11:cee25a834751 13365
wolfSSL 11:cee25a834751 13366 #ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384
wolfSSL 11:cee25a834751 13367 TLS_PSK_WITH_AES_256_CBC_SHA384,
wolfSSL 11:cee25a834751 13368 #endif
wolfSSL 11:cee25a834751 13369
wolfSSL 11:cee25a834751 13370 #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256
wolfSSL 11:cee25a834751 13371 TLS_PSK_WITH_AES_128_CBC_SHA256,
wolfSSL 11:cee25a834751 13372 #endif
wolfSSL 11:cee25a834751 13373
wolfSSL 11:cee25a834751 13374 #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA
wolfSSL 11:cee25a834751 13375 TLS_PSK_WITH_AES_128_CBC_SHA,
wolfSSL 11:cee25a834751 13376 #endif
wolfSSL 11:cee25a834751 13377
wolfSSL 11:cee25a834751 13378 #ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA
wolfSSL 11:cee25a834751 13379 TLS_PSK_WITH_AES_256_CBC_SHA,
wolfSSL 11:cee25a834751 13380 #endif
wolfSSL 11:cee25a834751 13381
wolfSSL 11:cee25a834751 13382 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CCM
wolfSSL 11:cee25a834751 13383 TLS_DHE_PSK_WITH_AES_128_CCM,
wolfSSL 11:cee25a834751 13384 #endif
wolfSSL 11:cee25a834751 13385
wolfSSL 11:cee25a834751 13386 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CCM
wolfSSL 11:cee25a834751 13387 TLS_DHE_PSK_WITH_AES_256_CCM,
wolfSSL 11:cee25a834751 13388 #endif
wolfSSL 11:cee25a834751 13389
wolfSSL 11:cee25a834751 13390 #ifdef BUILD_TLS_PSK_WITH_AES_128_CCM
wolfSSL 11:cee25a834751 13391 TLS_PSK_WITH_AES_128_CCM,
wolfSSL 11:cee25a834751 13392 #endif
wolfSSL 11:cee25a834751 13393
wolfSSL 11:cee25a834751 13394 #ifdef BUILD_TLS_PSK_WITH_AES_256_CCM
wolfSSL 11:cee25a834751 13395 TLS_PSK_WITH_AES_256_CCM,
wolfSSL 11:cee25a834751 13396 #endif
wolfSSL 11:cee25a834751 13397
wolfSSL 11:cee25a834751 13398 #ifdef BUILD_TLS_PSK_WITH_AES_128_CCM_8
wolfSSL 11:cee25a834751 13399 TLS_PSK_WITH_AES_128_CCM_8,
wolfSSL 11:cee25a834751 13400 #endif
wolfSSL 11:cee25a834751 13401
wolfSSL 11:cee25a834751 13402 #ifdef BUILD_TLS_PSK_WITH_AES_256_CCM_8
wolfSSL 11:cee25a834751 13403 TLS_PSK_WITH_AES_256_CCM_8,
wolfSSL 11:cee25a834751 13404 #endif
wolfSSL 11:cee25a834751 13405
wolfSSL 11:cee25a834751 13406 #ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA384
wolfSSL 11:cee25a834751 13407 TLS_DHE_PSK_WITH_NULL_SHA384,
wolfSSL 11:cee25a834751 13408 #endif
wolfSSL 11:cee25a834751 13409
wolfSSL 11:cee25a834751 13410 #ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA256
wolfSSL 11:cee25a834751 13411 TLS_DHE_PSK_WITH_NULL_SHA256,
wolfSSL 11:cee25a834751 13412 #endif
wolfSSL 11:cee25a834751 13413
wolfSSL 11:cee25a834751 13414 #ifdef BUILD_TLS_PSK_WITH_NULL_SHA384
wolfSSL 11:cee25a834751 13415 TLS_PSK_WITH_NULL_SHA384,
wolfSSL 11:cee25a834751 13416 #endif
wolfSSL 11:cee25a834751 13417
wolfSSL 11:cee25a834751 13418 #ifdef BUILD_TLS_PSK_WITH_NULL_SHA256
wolfSSL 11:cee25a834751 13419 TLS_PSK_WITH_NULL_SHA256,
wolfSSL 11:cee25a834751 13420 #endif
wolfSSL 11:cee25a834751 13421
wolfSSL 11:cee25a834751 13422 #ifdef BUILD_TLS_PSK_WITH_NULL_SHA
wolfSSL 11:cee25a834751 13423 TLS_PSK_WITH_NULL_SHA,
wolfSSL 11:cee25a834751 13424 #endif
wolfSSL 11:cee25a834751 13425
wolfSSL 11:cee25a834751 13426 #ifdef BUILD_TLS_RSA_WITH_HC_128_MD5
wolfSSL 11:cee25a834751 13427 TLS_RSA_WITH_HC_128_MD5,
wolfSSL 11:cee25a834751 13428 #endif
wolfSSL 11:cee25a834751 13429
wolfSSL 11:cee25a834751 13430 #ifdef BUILD_TLS_RSA_WITH_HC_128_SHA
wolfSSL 11:cee25a834751 13431 TLS_RSA_WITH_HC_128_SHA,
wolfSSL 11:cee25a834751 13432 #endif
wolfSSL 11:cee25a834751 13433
wolfSSL 11:cee25a834751 13434 #ifdef BUILD_TLS_RSA_WITH_HC_128_B2B256
wolfSSL 11:cee25a834751 13435 TLS_RSA_WITH_HC_128_B2B256,
wolfSSL 11:cee25a834751 13436 #endif
wolfSSL 11:cee25a834751 13437
wolfSSL 11:cee25a834751 13438 #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256
wolfSSL 11:cee25a834751 13439 TLS_RSA_WITH_AES_128_CBC_B2B256,
wolfSSL 11:cee25a834751 13440 #endif
wolfSSL 11:cee25a834751 13441
wolfSSL 11:cee25a834751 13442 #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256
wolfSSL 11:cee25a834751 13443 TLS_RSA_WITH_AES_256_CBC_B2B256,
wolfSSL 11:cee25a834751 13444 #endif
wolfSSL 11:cee25a834751 13445
wolfSSL 11:cee25a834751 13446 #ifdef BUILD_TLS_RSA_WITH_RABBIT_SHA
wolfSSL 11:cee25a834751 13447 TLS_RSA_WITH_RABBIT_SHA,
wolfSSL 11:cee25a834751 13448 #endif
wolfSSL 11:cee25a834751 13449
wolfSSL 11:cee25a834751 13450 #ifdef BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA
wolfSSL 11:cee25a834751 13451 TLS_NTRU_RSA_WITH_RC4_128_SHA,
wolfSSL 11:cee25a834751 13452 #endif
wolfSSL 11:cee25a834751 13453
wolfSSL 11:cee25a834751 13454 #ifdef BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL 11:cee25a834751 13455 TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA,
wolfSSL 11:cee25a834751 13456 #endif
wolfSSL 11:cee25a834751 13457
wolfSSL 11:cee25a834751 13458 #ifdef BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA
wolfSSL 11:cee25a834751 13459 TLS_NTRU_RSA_WITH_AES_128_CBC_SHA,
wolfSSL 11:cee25a834751 13460 #endif
wolfSSL 11:cee25a834751 13461
wolfSSL 11:cee25a834751 13462 #ifdef BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA
wolfSSL 11:cee25a834751 13463 TLS_NTRU_RSA_WITH_AES_256_CBC_SHA,
wolfSSL 11:cee25a834751 13464 #endif
wolfSSL 11:cee25a834751 13465
wolfSSL 11:cee25a834751 13466 #ifdef BUILD_TLS_RSA_WITH_AES_128_CCM_8
wolfSSL 11:cee25a834751 13467 TLS_RSA_WITH_AES_128_CCM_8,
wolfSSL 11:cee25a834751 13468 #endif
wolfSSL 11:cee25a834751 13469
wolfSSL 11:cee25a834751 13470 #ifdef BUILD_TLS_RSA_WITH_AES_256_CCM_8
wolfSSL 11:cee25a834751 13471 TLS_RSA_WITH_AES_256_CCM_8,
wolfSSL 11:cee25a834751 13472 #endif
wolfSSL 11:cee25a834751 13473
wolfSSL 11:cee25a834751 13474 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM
wolfSSL 11:cee25a834751 13475 TLS_ECDHE_ECDSA_WITH_AES_128_CCM,
wolfSSL 11:cee25a834751 13476 #endif
wolfSSL 11:cee25a834751 13477
wolfSSL 11:cee25a834751 13478 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
wolfSSL 11:cee25a834751 13479 TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,
wolfSSL 11:cee25a834751 13480 #endif
wolfSSL 11:cee25a834751 13481
wolfSSL 11:cee25a834751 13482 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
wolfSSL 11:cee25a834751 13483 TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,
wolfSSL 11:cee25a834751 13484 #endif
wolfSSL 11:cee25a834751 13485
wolfSSL 11:cee25a834751 13486 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
wolfSSL 11:cee25a834751 13487 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
wolfSSL 11:cee25a834751 13488 #endif
wolfSSL 11:cee25a834751 13489
wolfSSL 11:cee25a834751 13490 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
wolfSSL 11:cee25a834751 13491 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
wolfSSL 11:cee25a834751 13492 #endif
wolfSSL 11:cee25a834751 13493
wolfSSL 11:cee25a834751 13494 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
wolfSSL 11:cee25a834751 13495 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
wolfSSL 11:cee25a834751 13496 #endif
wolfSSL 11:cee25a834751 13497
wolfSSL 11:cee25a834751 13498 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
wolfSSL 11:cee25a834751 13499 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
wolfSSL 11:cee25a834751 13500 #endif
wolfSSL 11:cee25a834751 13501
wolfSSL 11:cee25a834751 13502 #ifdef BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA
wolfSSL 11:cee25a834751 13503 TLS_ECDHE_RSA_WITH_RC4_128_SHA,
wolfSSL 11:cee25a834751 13504 #endif
wolfSSL 11:cee25a834751 13505
wolfSSL 11:cee25a834751 13506 #ifdef BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL 11:cee25a834751 13507 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
wolfSSL 11:cee25a834751 13508 #endif
wolfSSL 11:cee25a834751 13509
wolfSSL 11:cee25a834751 13510 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
wolfSSL 11:cee25a834751 13511 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
wolfSSL 11:cee25a834751 13512 #endif
wolfSSL 11:cee25a834751 13513
wolfSSL 11:cee25a834751 13514 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
wolfSSL 11:cee25a834751 13515 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
wolfSSL 11:cee25a834751 13516 #endif
wolfSSL 11:cee25a834751 13517
wolfSSL 11:cee25a834751 13518 #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256
wolfSSL 11:cee25a834751 13519 TLS_RSA_WITH_AES_128_CBC_SHA256,
wolfSSL 11:cee25a834751 13520 #endif
wolfSSL 11:cee25a834751 13521
wolfSSL 11:cee25a834751 13522 #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256
wolfSSL 11:cee25a834751 13523 TLS_RSA_WITH_AES_256_CBC_SHA256,
wolfSSL 11:cee25a834751 13524 #endif
wolfSSL 11:cee25a834751 13525
wolfSSL 11:cee25a834751 13526 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
wolfSSL 11:cee25a834751 13527 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,
wolfSSL 11:cee25a834751 13528 #endif
wolfSSL 11:cee25a834751 13529
wolfSSL 11:cee25a834751 13530 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
wolfSSL 11:cee25a834751 13531 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,
wolfSSL 11:cee25a834751 13532 #endif
wolfSSL 11:cee25a834751 13533
wolfSSL 11:cee25a834751 13534 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
wolfSSL 11:cee25a834751 13535 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,
wolfSSL 11:cee25a834751 13536 #endif
wolfSSL 11:cee25a834751 13537
wolfSSL 11:cee25a834751 13538 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
wolfSSL 11:cee25a834751 13539 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
wolfSSL 11:cee25a834751 13540 #endif
wolfSSL 11:cee25a834751 13541
wolfSSL 11:cee25a834751 13542 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
wolfSSL 11:cee25a834751 13543 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,
wolfSSL 11:cee25a834751 13544 #endif
wolfSSL 11:cee25a834751 13545
wolfSSL 11:cee25a834751 13546 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
wolfSSL 11:cee25a834751 13547 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
wolfSSL 11:cee25a834751 13548 #endif
wolfSSL 11:cee25a834751 13549
wolfSSL 11:cee25a834751 13550 #ifdef BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA
wolfSSL 11:cee25a834751 13551 TLS_ECDH_RSA_WITH_RC4_128_SHA,
wolfSSL 11:cee25a834751 13552 #endif
wolfSSL 11:cee25a834751 13553
wolfSSL 11:cee25a834751 13554 #ifdef BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL 11:cee25a834751 13555 TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
wolfSSL 11:cee25a834751 13556 #endif
wolfSSL 11:cee25a834751 13557
wolfSSL 11:cee25a834751 13558 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
wolfSSL 11:cee25a834751 13559 TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
wolfSSL 11:cee25a834751 13560 #endif
wolfSSL 11:cee25a834751 13561
wolfSSL 11:cee25a834751 13562 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
wolfSSL 11:cee25a834751 13563 TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
wolfSSL 11:cee25a834751 13564 #endif
wolfSSL 11:cee25a834751 13565
wolfSSL 11:cee25a834751 13566 #ifdef BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256
wolfSSL 11:cee25a834751 13567 TLS_RSA_WITH_AES_128_GCM_SHA256,
wolfSSL 11:cee25a834751 13568 #endif
wolfSSL 11:cee25a834751 13569
wolfSSL 11:cee25a834751 13570 #ifdef BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384
wolfSSL 11:cee25a834751 13571 TLS_RSA_WITH_AES_256_GCM_SHA384,
wolfSSL 11:cee25a834751 13572 #endif
wolfSSL 11:cee25a834751 13573
wolfSSL 11:cee25a834751 13574 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
wolfSSL 11:cee25a834751 13575 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
wolfSSL 11:cee25a834751 13576 #endif
wolfSSL 11:cee25a834751 13577
wolfSSL 11:cee25a834751 13578 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
wolfSSL 11:cee25a834751 13579 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
wolfSSL 11:cee25a834751 13580 #endif
wolfSSL 11:cee25a834751 13581
wolfSSL 11:cee25a834751 13582 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
wolfSSL 11:cee25a834751 13583 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
wolfSSL 11:cee25a834751 13584 #endif
wolfSSL 11:cee25a834751 13585
wolfSSL 11:cee25a834751 13586 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
wolfSSL 11:cee25a834751 13587 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
wolfSSL 11:cee25a834751 13588 #endif
wolfSSL 11:cee25a834751 13589
wolfSSL 11:cee25a834751 13590 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
wolfSSL 11:cee25a834751 13591 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
wolfSSL 11:cee25a834751 13592 #endif
wolfSSL 11:cee25a834751 13593
wolfSSL 11:cee25a834751 13594 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
wolfSSL 11:cee25a834751 13595 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
wolfSSL 11:cee25a834751 13596 #endif
wolfSSL 11:cee25a834751 13597
wolfSSL 11:cee25a834751 13598 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
wolfSSL 11:cee25a834751 13599 TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,
wolfSSL 11:cee25a834751 13600 #endif
wolfSSL 11:cee25a834751 13601
wolfSSL 11:cee25a834751 13602 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
wolfSSL 11:cee25a834751 13603 TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,
wolfSSL 11:cee25a834751 13604 #endif
wolfSSL 11:cee25a834751 13605
wolfSSL 11:cee25a834751 13606 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
wolfSSL 11:cee25a834751 13607 TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,
wolfSSL 11:cee25a834751 13608 #endif
wolfSSL 11:cee25a834751 13609
wolfSSL 11:cee25a834751 13610 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
wolfSSL 11:cee25a834751 13611 TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,
wolfSSL 11:cee25a834751 13612 #endif
wolfSSL 11:cee25a834751 13613
wolfSSL 11:cee25a834751 13614 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
wolfSSL 11:cee25a834751 13615 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
wolfSSL 11:cee25a834751 13616 #endif
wolfSSL 11:cee25a834751 13617
wolfSSL 11:cee25a834751 13618 #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
wolfSSL 11:cee25a834751 13619 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,
wolfSSL 11:cee25a834751 13620 #endif
wolfSSL 11:cee25a834751 13621
wolfSSL 11:cee25a834751 13622 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
wolfSSL 11:cee25a834751 13623 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
wolfSSL 11:cee25a834751 13624 #endif
wolfSSL 11:cee25a834751 13625
wolfSSL 11:cee25a834751 13626 #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
wolfSSL 11:cee25a834751 13627 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
wolfSSL 11:cee25a834751 13628 #endif
wolfSSL 11:cee25a834751 13629
wolfSSL 11:cee25a834751 13630 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
wolfSSL 11:cee25a834751 13631 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256,
wolfSSL 11:cee25a834751 13632 #endif
wolfSSL 11:cee25a834751 13633
wolfSSL 11:cee25a834751 13634 #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
wolfSSL 11:cee25a834751 13635 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,
wolfSSL 11:cee25a834751 13636 #endif
wolfSSL 11:cee25a834751 13637
wolfSSL 11:cee25a834751 13638 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
wolfSSL 11:cee25a834751 13639 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256,
wolfSSL 11:cee25a834751 13640 #endif
wolfSSL 11:cee25a834751 13641
wolfSSL 11:cee25a834751 13642 #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
wolfSSL 11:cee25a834751 13643 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,
wolfSSL 11:cee25a834751 13644 #endif
wolfSSL 11:cee25a834751 13645
wolfSSL 11:cee25a834751 13646 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
wolfSSL 11:cee25a834751 13647 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,
wolfSSL 11:cee25a834751 13648 #endif
wolfSSL 11:cee25a834751 13649
wolfSSL 11:cee25a834751 13650 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
wolfSSL 11:cee25a834751 13651 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
wolfSSL 11:cee25a834751 13652 #endif
wolfSSL 11:cee25a834751 13653
wolfSSL 11:cee25a834751 13654 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
wolfSSL 11:cee25a834751 13655 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,
wolfSSL 11:cee25a834751 13656 #endif
wolfSSL 11:cee25a834751 13657
wolfSSL 11:cee25a834751 13658 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
wolfSSL 11:cee25a834751 13659 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,
wolfSSL 11:cee25a834751 13660 #endif
wolfSSL 11:cee25a834751 13661
wolfSSL 11:cee25a834751 13662 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
wolfSSL 11:cee25a834751 13663 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
wolfSSL 11:cee25a834751 13664 #endif
wolfSSL 11:cee25a834751 13665
wolfSSL 11:cee25a834751 13666 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
wolfSSL 11:cee25a834751 13667 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
wolfSSL 11:cee25a834751 13668 #endif
wolfSSL 11:cee25a834751 13669
wolfSSL 11:cee25a834751 13670 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
wolfSSL 11:cee25a834751 13671 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,
wolfSSL 11:cee25a834751 13672 #endif
wolfSSL 11:cee25a834751 13673
wolfSSL 11:cee25a834751 13674 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
wolfSSL 11:cee25a834751 13675 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,
wolfSSL 11:cee25a834751 13676 #endif
wolfSSL 11:cee25a834751 13677
wolfSSL 11:cee25a834751 13678 #ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
wolfSSL 11:cee25a834751 13679 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
wolfSSL 11:cee25a834751 13680 #endif
wolfSSL 11:cee25a834751 13681
wolfSSL 11:cee25a834751 13682 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
wolfSSL 11:cee25a834751 13683 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
wolfSSL 11:cee25a834751 13684 #endif
wolfSSL 11:cee25a834751 13685
wolfSSL 11:cee25a834751 13686 #ifdef BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
wolfSSL 11:cee25a834751 13687 TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
wolfSSL 11:cee25a834751 13688 #endif
wolfSSL 11:cee25a834751 13689
wolfSSL 11:cee25a834751 13690 #ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256
wolfSSL 11:cee25a834751 13691 TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256,
wolfSSL 11:cee25a834751 13692 #endif
wolfSSL 11:cee25a834751 13693
wolfSSL 11:cee25a834751 13694 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256
wolfSSL 11:cee25a834751 13695 TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256,
wolfSSL 11:cee25a834751 13696 #endif
wolfSSL 11:cee25a834751 13697
wolfSSL 11:cee25a834751 13698 #ifdef BUILD_TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256
wolfSSL 11:cee25a834751 13699 TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256,
wolfSSL 11:cee25a834751 13700 #endif
wolfSSL 11:cee25a834751 13701
wolfSSL 11:cee25a834751 13702 #ifdef BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA
wolfSSL 11:cee25a834751 13703 TLS_DH_anon_WITH_AES_128_CBC_SHA,
wolfSSL 11:cee25a834751 13704 #endif
wolfSSL 11:cee25a834751 13705
wolfSSL 11:cee25a834751 13706 #ifdef BUILD_TLS_QSH
wolfSSL 11:cee25a834751 13707 TLS_QSH,
wolfSSL 11:cee25a834751 13708 #endif
wolfSSL 11:cee25a834751 13709
wolfSSL 11:cee25a834751 13710 #ifdef HAVE_RENEGOTIATION_INDICATION
wolfSSL 11:cee25a834751 13711 TLS_EMPTY_RENEGOTIATION_INFO_SCSV,
wolfSSL 11:cee25a834751 13712 #endif
wolfSSL 11:cee25a834751 13713
wolfSSL 11:cee25a834751 13714 #ifdef BUILD_SSL_RSA_WITH_IDEA_CBC_SHA
wolfSSL 11:cee25a834751 13715 SSL_RSA_WITH_IDEA_CBC_SHA,
wolfSSL 11:cee25a834751 13716 #endif
wolfSSL 11:cee25a834751 13717
wolfSSL 11:cee25a834751 13718 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_NULL_SHA
wolfSSL 11:cee25a834751 13719 TLS_ECDHE_ECDSA_WITH_NULL_SHA,
wolfSSL 11:cee25a834751 13720 #endif
wolfSSL 11:cee25a834751 13721
wolfSSL 11:cee25a834751 13722 #ifdef BUILD_TLS_ECDHE_PSK_WITH_NULL_SHA256
wolfSSL 11:cee25a834751 13723 TLS_ECDHE_PSK_WITH_NULL_SHA256,
wolfSSL 11:cee25a834751 13724 #endif
wolfSSL 11:cee25a834751 13725
wolfSSL 11:cee25a834751 13726 #ifdef BUILD_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
wolfSSL 11:cee25a834751 13727 TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256,
wolfSSL 11:cee25a834751 13728 #endif
wolfSSL 11:cee25a834751 13729
wolfSSL 11:cee25a834751 13730 #ifdef BUILD_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256
wolfSSL 11:cee25a834751 13731 TLS_PSK_WITH_CHACHA20_POLY1305_SHA256,
wolfSSL 11:cee25a834751 13732 #endif
wolfSSL 11:cee25a834751 13733
wolfSSL 11:cee25a834751 13734 #ifdef BUILD_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256
wolfSSL 11:cee25a834751 13735 TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
wolfSSL 11:cee25a834751 13736 #endif
wolfSSL 11:cee25a834751 13737
wolfSSL 11:cee25a834751 13738 #ifdef BUILD_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256
wolfSSL 11:cee25a834751 13739 TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256,
wolfSSL 11:cee25a834751 13740 #endif
wolfSSL 11:cee25a834751 13741
wolfSSL 11:cee25a834751 13742 #ifdef BUILD_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
wolfSSL 11:cee25a834751 13743 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
wolfSSL 11:cee25a834751 13744 #endif
wolfSSL 11:cee25a834751 13745 };
wolfSSL 11:cee25a834751 13746
wolfSSL 11:cee25a834751 13747
wolfSSL 11:cee25a834751 13748 /* returns the cipher_names array */
wolfSSL 11:cee25a834751 13749 const char* const* GetCipherNames(void)
wolfSSL 11:cee25a834751 13750 {
wolfSSL 11:cee25a834751 13751 return cipher_names;
wolfSSL 11:cee25a834751 13752 }
wolfSSL 11:cee25a834751 13753
wolfSSL 11:cee25a834751 13754
wolfSSL 11:cee25a834751 13755 /* returns the size of the cipher_names array */
wolfSSL 11:cee25a834751 13756 int GetCipherNamesSize(void)
wolfSSL 11:cee25a834751 13757 {
wolfSSL 11:cee25a834751 13758 return (int)(sizeof(cipher_names) / sizeof(char*));
wolfSSL 11:cee25a834751 13759 }
wolfSSL 11:cee25a834751 13760
wolfSSL 11:cee25a834751 13761 /* gets cipher name in the format DHE-RSA-... rather then TLS_DHE... */
wolfSSL 11:cee25a834751 13762 const char* GetCipherNameInternal(const char* cipherName, int cipherSuite)
wolfSSL 11:cee25a834751 13763 {
wolfSSL 11:cee25a834751 13764 const char* result = NULL;
wolfSSL 11:cee25a834751 13765 const char* first;
wolfSSL 11:cee25a834751 13766 int i;
wolfSSL 11:cee25a834751 13767
wolfSSL 11:cee25a834751 13768 if (cipherName == NULL) {
wolfSSL 11:cee25a834751 13769 WOLFSSL_MSG("Bad argument");
wolfSSL 11:cee25a834751 13770 return NULL;
wolfSSL 11:cee25a834751 13771 }
wolfSSL 11:cee25a834751 13772
wolfSSL 11:cee25a834751 13773 first = (XSTRSTR(cipherName, "CHACHA")) ? "CHACHA"
wolfSSL 11:cee25a834751 13774 : (XSTRSTR(cipherName, "EC")) ? "EC"
wolfSSL 11:cee25a834751 13775 : (XSTRSTR(cipherName, "CCM")) ? "CCM"
wolfSSL 11:cee25a834751 13776 : NULL; /* normal */
wolfSSL 11:cee25a834751 13777
wolfSSL 11:cee25a834751 13778 for (i = 0; i < (int)(sizeof(cipher_name_idx)/sizeof(int)); i++) {
wolfSSL 11:cee25a834751 13779 if (cipher_name_idx[i] == cipherSuite) {
wolfSSL 11:cee25a834751 13780 const char* nameFound = cipher_names[i];
wolfSSL 11:cee25a834751 13781
wolfSSL 11:cee25a834751 13782 /* extra sanity check on returned cipher name */
wolfSSL 11:cee25a834751 13783 if (nameFound == NULL) {
wolfSSL 11:cee25a834751 13784 continue;
wolfSSL 11:cee25a834751 13785 }
wolfSSL 11:cee25a834751 13786
wolfSSL 11:cee25a834751 13787 /* if first is null then not any */
wolfSSL 11:cee25a834751 13788 if (first == NULL) {
wolfSSL 11:cee25a834751 13789 if ( !XSTRSTR(nameFound, "CHACHA") &&
wolfSSL 11:cee25a834751 13790 !XSTRSTR(nameFound, "EC") &&
wolfSSL 11:cee25a834751 13791 !XSTRSTR(nameFound, "CCM")) {
wolfSSL 11:cee25a834751 13792 result = nameFound;
wolfSSL 11:cee25a834751 13793 break;
wolfSSL 11:cee25a834751 13794 }
wolfSSL 11:cee25a834751 13795 }
wolfSSL 11:cee25a834751 13796 else if (XSTRSTR(nameFound, first)) {
wolfSSL 11:cee25a834751 13797 result = nameFound;
wolfSSL 11:cee25a834751 13798 break;
wolfSSL 11:cee25a834751 13799 }
wolfSSL 11:cee25a834751 13800 }
wolfSSL 11:cee25a834751 13801 }
wolfSSL 11:cee25a834751 13802
wolfSSL 11:cee25a834751 13803 return result;
wolfSSL 11:cee25a834751 13804 }
wolfSSL 11:cee25a834751 13805
wolfSSL 11:cee25a834751 13806 const char* wolfSSL_get_cipher_name_internal(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 13807 {
wolfSSL 11:cee25a834751 13808 if (ssl == NULL) {
wolfSSL 11:cee25a834751 13809 WOLFSSL_MSG("Bad argument");
wolfSSL 11:cee25a834751 13810 return NULL;
wolfSSL 11:cee25a834751 13811 }
wolfSSL 11:cee25a834751 13812
wolfSSL 11:cee25a834751 13813 return GetCipherNameInternal(
wolfSSL 11:cee25a834751 13814 wolfSSL_CIPHER_get_name(&ssl->cipher),
wolfSSL 11:cee25a834751 13815 ssl->options.cipherSuite);
wolfSSL 11:cee25a834751 13816 }
wolfSSL 11:cee25a834751 13817
wolfSSL 11:cee25a834751 13818
wolfSSL 11:cee25a834751 13819 const char* wolfSSL_get_cipher_name_from_suite(const unsigned char cipherSuite,
wolfSSL 11:cee25a834751 13820 const unsigned char cipherSuite0)
wolfSSL 11:cee25a834751 13821 {
wolfSSL 11:cee25a834751 13822
wolfSSL 11:cee25a834751 13823 WOLFSSL_ENTER("wolfSSL_get_cipher_name_from_suite");
wolfSSL 11:cee25a834751 13824
wolfSSL 11:cee25a834751 13825 (void)cipherSuite;
wolfSSL 11:cee25a834751 13826 (void)cipherSuite0;
wolfSSL 11:cee25a834751 13827
wolfSSL 11:cee25a834751 13828 #ifndef NO_ERROR_STRINGS
wolfSSL 11:cee25a834751 13829
wolfSSL 11:cee25a834751 13830 #if defined(HAVE_CHACHA)
wolfSSL 11:cee25a834751 13831 if (cipherSuite0 == CHACHA_BYTE) {
wolfSSL 11:cee25a834751 13832 /* ChaCha suites */
wolfSSL 11:cee25a834751 13833 switch (cipherSuite) {
wolfSSL 11:cee25a834751 13834 #ifdef HAVE_POLY1305
wolfSSL 11:cee25a834751 13835 #ifndef NO_RSA
wolfSSL 11:cee25a834751 13836 case TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 :
wolfSSL 11:cee25a834751 13837 return "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256";
wolfSSL 11:cee25a834751 13838
wolfSSL 11:cee25a834751 13839 case TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 :
wolfSSL 11:cee25a834751 13840 return "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256";
wolfSSL 11:cee25a834751 13841
wolfSSL 11:cee25a834751 13842 case TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 :
wolfSSL 11:cee25a834751 13843 return "TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256";
wolfSSL 11:cee25a834751 13844
wolfSSL 11:cee25a834751 13845 case TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 :
wolfSSL 11:cee25a834751 13846 return "TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256";
wolfSSL 11:cee25a834751 13847 #endif
wolfSSL 11:cee25a834751 13848 case TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 :
wolfSSL 11:cee25a834751 13849 return "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256";
wolfSSL 11:cee25a834751 13850
wolfSSL 11:cee25a834751 13851 case TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256 :
wolfSSL 11:cee25a834751 13852 return "TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256";
wolfSSL 11:cee25a834751 13853 #ifndef NO_PSK
wolfSSL 11:cee25a834751 13854 case TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 :
wolfSSL 11:cee25a834751 13855 return "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256";
wolfSSL 11:cee25a834751 13856 case TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 :
wolfSSL 11:cee25a834751 13857 return "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256";
wolfSSL 11:cee25a834751 13858 case TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 :
wolfSSL 11:cee25a834751 13859 return "TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256";
wolfSSL 11:cee25a834751 13860 #endif /* NO_PSK */
wolfSSL 11:cee25a834751 13861 #endif /* HAVE_POLY1305 */
wolfSSL 11:cee25a834751 13862 } /* switch */
wolfSSL 11:cee25a834751 13863 } /* chacha */
wolfSSL 11:cee25a834751 13864 #endif /* HAVE_CHACHA */
wolfSSL 11:cee25a834751 13865
wolfSSL 11:cee25a834751 13866 #if defined(HAVE_ECC) || defined(HAVE_AESCCM)
wolfSSL 11:cee25a834751 13867 /* Awkwardly, the ECC cipher suites use the ECC_BYTE as expected,
wolfSSL 11:cee25a834751 13868 * but the AES-CCM cipher suites also use it, even the ones that
wolfSSL 11:cee25a834751 13869 * aren't ECC. */
wolfSSL 11:cee25a834751 13870 if (cipherSuite0 == ECC_BYTE) {
wolfSSL 11:cee25a834751 13871 /* ECC suites */
wolfSSL 11:cee25a834751 13872 switch (cipherSuite) {
wolfSSL 11:cee25a834751 13873 #ifdef HAVE_ECC
wolfSSL 11:cee25a834751 13874 #ifndef NO_RSA
wolfSSL 11:cee25a834751 13875 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 :
wolfSSL 11:cee25a834751 13876 return "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256";
wolfSSL 11:cee25a834751 13877 #endif /* !NO_RSA */
wolfSSL 11:cee25a834751 13878 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 :
wolfSSL 11:cee25a834751 13879 return "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256";
wolfSSL 11:cee25a834751 13880 #ifndef NO_RSA
wolfSSL 11:cee25a834751 13881 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 :
wolfSSL 11:cee25a834751 13882 return "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256";
wolfSSL 11:cee25a834751 13883 #endif /* !NO_RSA */
wolfSSL 11:cee25a834751 13884 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 :
wolfSSL 11:cee25a834751 13885 return "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256";
wolfSSL 11:cee25a834751 13886 #ifndef NO_RSA
wolfSSL 11:cee25a834751 13887 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 :
wolfSSL 11:cee25a834751 13888 return "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384";
wolfSSL 11:cee25a834751 13889 #endif /* !NO_RSA */
wolfSSL 11:cee25a834751 13890 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 :
wolfSSL 11:cee25a834751 13891 return "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384";
wolfSSL 11:cee25a834751 13892 #ifndef NO_RSA
wolfSSL 11:cee25a834751 13893 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 :
wolfSSL 11:cee25a834751 13894 return "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384";
wolfSSL 11:cee25a834751 13895 #endif /* !NO_RSA */
wolfSSL 11:cee25a834751 13896 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 :
wolfSSL 11:cee25a834751 13897 return "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384";
wolfSSL 11:cee25a834751 13898 #ifndef NO_SHA
wolfSSL 11:cee25a834751 13899 #ifndef NO_RSA
wolfSSL 11:cee25a834751 13900 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA :
wolfSSL 11:cee25a834751 13901 return "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA";
wolfSSL 11:cee25a834751 13902 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA :
wolfSSL 11:cee25a834751 13903 return "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA";
wolfSSL 11:cee25a834751 13904 #endif /* !NO_RSA */
wolfSSL 11:cee25a834751 13905 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA :
wolfSSL 11:cee25a834751 13906 return "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA";
wolfSSL 11:cee25a834751 13907 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA :
wolfSSL 11:cee25a834751 13908 return "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA";
wolfSSL 11:cee25a834751 13909 #ifndef NO_RC4
wolfSSL 11:cee25a834751 13910 #ifndef NO_RSA
wolfSSL 11:cee25a834751 13911 case TLS_ECDHE_RSA_WITH_RC4_128_SHA :
wolfSSL 11:cee25a834751 13912 return "TLS_ECDHE_RSA_WITH_RC4_128_SHA";
wolfSSL 11:cee25a834751 13913 #endif /* !NO_RSA */
wolfSSL 11:cee25a834751 13914 case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA :
wolfSSL 11:cee25a834751 13915 return "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA";
wolfSSL 11:cee25a834751 13916 #endif /* !NO_RC4 */
wolfSSL 11:cee25a834751 13917 #ifndef NO_DES3
wolfSSL 11:cee25a834751 13918 #ifndef NO_RSA
wolfSSL 11:cee25a834751 13919 case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA :
wolfSSL 11:cee25a834751 13920 return "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA";
wolfSSL 11:cee25a834751 13921 #endif /* !NO_RSA */
wolfSSL 11:cee25a834751 13922 case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA :
wolfSSL 11:cee25a834751 13923 return "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA";
wolfSSL 11:cee25a834751 13924 #endif /* !NO_DES3 */
wolfSSL 11:cee25a834751 13925
wolfSSL 11:cee25a834751 13926 #ifndef NO_RSA
wolfSSL 11:cee25a834751 13927 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA :
wolfSSL 11:cee25a834751 13928 return "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA";
wolfSSL 11:cee25a834751 13929 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA :
wolfSSL 11:cee25a834751 13930 return "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA";
wolfSSL 11:cee25a834751 13931 #endif /* !NO_RSA */
wolfSSL 11:cee25a834751 13932 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA :
wolfSSL 11:cee25a834751 13933 return "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA";
wolfSSL 11:cee25a834751 13934 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA :
wolfSSL 11:cee25a834751 13935 return "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA";
wolfSSL 11:cee25a834751 13936 #ifndef NO_RC4
wolfSSL 11:cee25a834751 13937 #ifndef NO_RSA
wolfSSL 11:cee25a834751 13938 case TLS_ECDH_RSA_WITH_RC4_128_SHA :
wolfSSL 11:cee25a834751 13939 return "TLS_ECDH_RSA_WITH_RC4_128_SHA";
wolfSSL 11:cee25a834751 13940 #endif /* !NO_RSA */
wolfSSL 11:cee25a834751 13941 case TLS_ECDH_ECDSA_WITH_RC4_128_SHA :
wolfSSL 11:cee25a834751 13942 return "TLS_ECDH_ECDSA_WITH_RC4_128_SHA";
wolfSSL 11:cee25a834751 13943 #endif /* !NO_RC4 */
wolfSSL 11:cee25a834751 13944 #ifndef NO_DES3
wolfSSL 11:cee25a834751 13945 #ifndef NO_RSA
wolfSSL 11:cee25a834751 13946 case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA :
wolfSSL 11:cee25a834751 13947 return "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA";
wolfSSL 11:cee25a834751 13948 #endif /* !NO_RSA */
wolfSSL 11:cee25a834751 13949 case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA :
wolfSSL 11:cee25a834751 13950 return "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA";
wolfSSL 11:cee25a834751 13951 #endif /* !NO_DES3 */
wolfSSL 11:cee25a834751 13952 #endif /* HAVE_ECC */
wolfSSL 11:cee25a834751 13953
wolfSSL 11:cee25a834751 13954 #ifdef HAVE_AESGCM
wolfSSL 11:cee25a834751 13955 #ifndef NO_RSA
wolfSSL 11:cee25a834751 13956 case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 :
wolfSSL 11:cee25a834751 13957 return "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256";
wolfSSL 11:cee25a834751 13958 case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 :
wolfSSL 11:cee25a834751 13959 return "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384";
wolfSSL 11:cee25a834751 13960 #endif /* !NO_RSA */
wolfSSL 11:cee25a834751 13961 case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 :
wolfSSL 11:cee25a834751 13962 return "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256";
wolfSSL 11:cee25a834751 13963 case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 :
wolfSSL 11:cee25a834751 13964 return "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384";
wolfSSL 11:cee25a834751 13965 #ifndef NO_RSA
wolfSSL 11:cee25a834751 13966 case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 :
wolfSSL 11:cee25a834751 13967 return "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256";
wolfSSL 11:cee25a834751 13968 case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 :
wolfSSL 11:cee25a834751 13969 return "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384";
wolfSSL 11:cee25a834751 13970 #endif /* !NO_RSA */
wolfSSL 11:cee25a834751 13971 case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 :
wolfSSL 11:cee25a834751 13972 return "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256";
wolfSSL 11:cee25a834751 13973 case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 :
wolfSSL 11:cee25a834751 13974 return "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384";
wolfSSL 11:cee25a834751 13975 #endif /* HAVE_AESGCM */
wolfSSL 11:cee25a834751 13976
wolfSSL 11:cee25a834751 13977 case TLS_ECDHE_ECDSA_WITH_NULL_SHA :
wolfSSL 11:cee25a834751 13978 return "TLS_ECDHE_ECDSA_WITH_NULL_SHA";
wolfSSL 11:cee25a834751 13979 #ifndef NO_PSK
wolfSSL 11:cee25a834751 13980 case TLS_ECDHE_PSK_WITH_NULL_SHA256 :
wolfSSL 11:cee25a834751 13981 return "TLS_ECDHE_PSK_WITH_NULL_SHA256";
wolfSSL 11:cee25a834751 13982 case TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 :
wolfSSL 11:cee25a834751 13983 return "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256";
wolfSSL 11:cee25a834751 13984 #endif /* !NO_PSK */
wolfSSL 11:cee25a834751 13985 #ifndef NO_RSA
wolfSSL 11:cee25a834751 13986 case TLS_RSA_WITH_AES_128_CCM_8 :
wolfSSL 11:cee25a834751 13987 return "TLS_RSA_WITH_AES_128_CCM_8";
wolfSSL 11:cee25a834751 13988 case TLS_RSA_WITH_AES_256_CCM_8 :
wolfSSL 11:cee25a834751 13989 return "TLS_RSA_WITH_AES_256_CCM_8";
wolfSSL 11:cee25a834751 13990 #endif /* !NO_RSA */
wolfSSL 11:cee25a834751 13991 #ifndef NO_PSK
wolfSSL 11:cee25a834751 13992 case TLS_PSK_WITH_AES_128_CCM_8 :
wolfSSL 11:cee25a834751 13993 return "TLS_PSK_WITH_AES_128_CCM_8";
wolfSSL 11:cee25a834751 13994 case TLS_PSK_WITH_AES_256_CCM_8 :
wolfSSL 11:cee25a834751 13995 return "TLS_PSK_WITH_AES_256_CCM_8";
wolfSSL 11:cee25a834751 13996 case TLS_PSK_WITH_AES_128_CCM :
wolfSSL 11:cee25a834751 13997 return "TLS_PSK_WITH_AES_128_CCM";
wolfSSL 11:cee25a834751 13998 case TLS_PSK_WITH_AES_256_CCM :
wolfSSL 11:cee25a834751 13999 return "TLS_PSK_WITH_AES_256_CCM";
wolfSSL 11:cee25a834751 14000 case TLS_DHE_PSK_WITH_AES_128_CCM :
wolfSSL 11:cee25a834751 14001 return "TLS_DHE_PSK_WITH_AES_128_CCM";
wolfSSL 11:cee25a834751 14002 case TLS_DHE_PSK_WITH_AES_256_CCM :
wolfSSL 11:cee25a834751 14003 return "TLS_DHE_PSK_WITH_AES_256_CCM";
wolfSSL 11:cee25a834751 14004 #endif /* !NO_PSK */
wolfSSL 11:cee25a834751 14005 #ifdef HAVE_ECC
wolfSSL 11:cee25a834751 14006 case TLS_ECDHE_ECDSA_WITH_AES_128_CCM:
wolfSSL 11:cee25a834751 14007 return "TLS_ECDHE_ECDSA_WITH_AES_128_CCM";
wolfSSL 11:cee25a834751 14008 case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8:
wolfSSL 11:cee25a834751 14009 return "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8";
wolfSSL 11:cee25a834751 14010 case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 :
wolfSSL 11:cee25a834751 14011 return "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8";
wolfSSL 11:cee25a834751 14012 #endif /* HAVE_ECC */
wolfSSL 11:cee25a834751 14013 #endif /* HAVE_AESGCM */
wolfSSL 11:cee25a834751 14014
wolfSSL 11:cee25a834751 14015 default:
wolfSSL 11:cee25a834751 14016 return "NONE";
wolfSSL 11:cee25a834751 14017 } /* switch */
wolfSSL 11:cee25a834751 14018 } /* ECC and AES CCM/GCM */
wolfSSL 11:cee25a834751 14019 #endif /* HAVE_ECC || HAVE_AESCCM*/
wolfSSL 11:cee25a834751 14020
wolfSSL 11:cee25a834751 14021 if (cipherSuite0 != ECC_BYTE &&
wolfSSL 11:cee25a834751 14022 cipherSuite0 != CHACHA_BYTE) {
wolfSSL 11:cee25a834751 14023
wolfSSL 11:cee25a834751 14024 /* normal suites */
wolfSSL 11:cee25a834751 14025 switch (cipherSuite) {
wolfSSL 11:cee25a834751 14026 #ifndef NO_RSA
wolfSSL 11:cee25a834751 14027 #ifndef NO_RC4
wolfSSL 11:cee25a834751 14028 #ifndef NO_SHA
wolfSSL 11:cee25a834751 14029 case SSL_RSA_WITH_RC4_128_SHA :
wolfSSL 11:cee25a834751 14030 return "SSL_RSA_WITH_RC4_128_SHA";
wolfSSL 11:cee25a834751 14031 #endif /* !NO_SHA */
wolfSSL 11:cee25a834751 14032 #ifndef NO_MD5
wolfSSL 11:cee25a834751 14033 case SSL_RSA_WITH_RC4_128_MD5 :
wolfSSL 11:cee25a834751 14034 return "SSL_RSA_WITH_RC4_128_MD5";
wolfSSL 11:cee25a834751 14035 #endif /* !NO_MD5 */
wolfSSL 11:cee25a834751 14036 #endif /* !NO_RC4 */
wolfSSL 11:cee25a834751 14037 #ifndef NO_SHA
wolfSSL 11:cee25a834751 14038 #ifndef NO_DES3
wolfSSL 11:cee25a834751 14039 case SSL_RSA_WITH_3DES_EDE_CBC_SHA :
wolfSSL 11:cee25a834751 14040 return "SSL_RSA_WITH_3DES_EDE_CBC_SHA";
wolfSSL 11:cee25a834751 14041 #endif /* !NO_DES3 */
wolfSSL 11:cee25a834751 14042 #ifdef HAVE_IDEA
wolfSSL 11:cee25a834751 14043 case SSL_RSA_WITH_IDEA_CBC_SHA :
wolfSSL 11:cee25a834751 14044 return "SSL_RSA_WITH_IDEA_CBC_SHA";
wolfSSL 11:cee25a834751 14045 #endif /* HAVE_IDEA */
wolfSSL 11:cee25a834751 14046
wolfSSL 11:cee25a834751 14047 case TLS_RSA_WITH_AES_128_CBC_SHA :
wolfSSL 11:cee25a834751 14048 return "TLS_RSA_WITH_AES_128_CBC_SHA";
wolfSSL 11:cee25a834751 14049 case TLS_RSA_WITH_AES_256_CBC_SHA :
wolfSSL 11:cee25a834751 14050 return "TLS_RSA_WITH_AES_256_CBC_SHA";
wolfSSL 11:cee25a834751 14051 #endif /* !NO_SHA */
wolfSSL 11:cee25a834751 14052 case TLS_RSA_WITH_AES_128_CBC_SHA256 :
wolfSSL 11:cee25a834751 14053 return "TLS_RSA_WITH_AES_128_CBC_SHA256";
wolfSSL 11:cee25a834751 14054 case TLS_RSA_WITH_AES_256_CBC_SHA256 :
wolfSSL 11:cee25a834751 14055 return "TLS_RSA_WITH_AES_256_CBC_SHA256";
wolfSSL 11:cee25a834751 14056 #ifdef HAVE_BLAKE2
wolfSSL 11:cee25a834751 14057 case TLS_RSA_WITH_AES_128_CBC_B2B256:
wolfSSL 11:cee25a834751 14058 return "TLS_RSA_WITH_AES_128_CBC_B2B256";
wolfSSL 11:cee25a834751 14059 case TLS_RSA_WITH_AES_256_CBC_B2B256:
wolfSSL 11:cee25a834751 14060 return "TLS_RSA_WITH_AES_256_CBC_B2B256";
wolfSSL 11:cee25a834751 14061 #endif /* HAVE_BLAKE2 */
wolfSSL 11:cee25a834751 14062 #ifndef NO_SHA
wolfSSL 11:cee25a834751 14063 case TLS_RSA_WITH_NULL_SHA :
wolfSSL 11:cee25a834751 14064 return "TLS_RSA_WITH_NULL_SHA";
wolfSSL 11:cee25a834751 14065 #endif /* !NO_SHA */
wolfSSL 11:cee25a834751 14066 case TLS_RSA_WITH_NULL_SHA256 :
wolfSSL 11:cee25a834751 14067 return "TLS_RSA_WITH_NULL_SHA256";
wolfSSL 11:cee25a834751 14068 #endif /* NO_RSA */
wolfSSL 11:cee25a834751 14069
wolfSSL 11:cee25a834751 14070 #ifndef NO_PSK
wolfSSL 11:cee25a834751 14071 #ifndef NO_SHA
wolfSSL 11:cee25a834751 14072 case TLS_PSK_WITH_AES_128_CBC_SHA :
wolfSSL 11:cee25a834751 14073 return "TLS_PSK_WITH_AES_128_CBC_SHA";
wolfSSL 11:cee25a834751 14074 case TLS_PSK_WITH_AES_256_CBC_SHA :
wolfSSL 11:cee25a834751 14075 return "TLS_PSK_WITH_AES_256_CBC_SHA";
wolfSSL 11:cee25a834751 14076 #endif /* !NO_SHA */
wolfSSL 11:cee25a834751 14077 #ifndef NO_SHA256
wolfSSL 11:cee25a834751 14078 case TLS_PSK_WITH_AES_128_CBC_SHA256 :
wolfSSL 11:cee25a834751 14079 return "TLS_PSK_WITH_AES_128_CBC_SHA256";
wolfSSL 11:cee25a834751 14080 case TLS_PSK_WITH_NULL_SHA256 :
wolfSSL 11:cee25a834751 14081 return "TLS_PSK_WITH_NULL_SHA256";
wolfSSL 11:cee25a834751 14082 case TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 :
wolfSSL 11:cee25a834751 14083 return "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256";
wolfSSL 11:cee25a834751 14084 case TLS_DHE_PSK_WITH_NULL_SHA256 :
wolfSSL 11:cee25a834751 14085 return "TLS_DHE_PSK_WITH_NULL_SHA256";
wolfSSL 11:cee25a834751 14086 #ifdef HAVE_AESGCM
wolfSSL 11:cee25a834751 14087 case TLS_PSK_WITH_AES_128_GCM_SHA256 :
wolfSSL 11:cee25a834751 14088 return "TLS_PSK_WITH_AES_128_GCM_SHA256";
wolfSSL 11:cee25a834751 14089 case TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 :
wolfSSL 11:cee25a834751 14090 return "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256";
wolfSSL 11:cee25a834751 14091 #endif /* HAVE_AESGCM */
wolfSSL 11:cee25a834751 14092 #endif /* !NO_SHA256 */
wolfSSL 11:cee25a834751 14093 #ifdef WOLFSSL_SHA384
wolfSSL 11:cee25a834751 14094 case TLS_PSK_WITH_AES_256_CBC_SHA384 :
wolfSSL 11:cee25a834751 14095 return "TLS_PSK_WITH_AES_256_CBC_SHA384";
wolfSSL 11:cee25a834751 14096 case TLS_PSK_WITH_NULL_SHA384 :
wolfSSL 11:cee25a834751 14097 return "TLS_PSK_WITH_NULL_SHA384";
wolfSSL 11:cee25a834751 14098 case TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 :
wolfSSL 11:cee25a834751 14099 return "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384";
wolfSSL 11:cee25a834751 14100 case TLS_DHE_PSK_WITH_NULL_SHA384 :
wolfSSL 11:cee25a834751 14101 return "TLS_DHE_PSK_WITH_NULL_SHA384";
wolfSSL 11:cee25a834751 14102 #ifdef HAVE_AESGCM
wolfSSL 11:cee25a834751 14103 case TLS_PSK_WITH_AES_256_GCM_SHA384 :
wolfSSL 11:cee25a834751 14104 return "TLS_PSK_WITH_AES_256_GCM_SHA384";
wolfSSL 11:cee25a834751 14105 case TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 :
wolfSSL 11:cee25a834751 14106 return "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384";
wolfSSL 11:cee25a834751 14107 #endif /* HAVE_AESGCM */
wolfSSL 11:cee25a834751 14108 #endif /* WOLFSSL_SHA384 */
wolfSSL 11:cee25a834751 14109 #ifndef NO_SHA
wolfSSL 11:cee25a834751 14110 case TLS_PSK_WITH_NULL_SHA :
wolfSSL 11:cee25a834751 14111 return "TLS_PSK_WITH_NULL_SHA";
wolfSSL 11:cee25a834751 14112 #endif /* !NO_SHA */
wolfSSL 11:cee25a834751 14113 #endif /* NO_PSK */
wolfSSL 11:cee25a834751 14114
wolfSSL 11:cee25a834751 14115 #ifndef NO_RSA
wolfSSL 11:cee25a834751 14116 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 :
wolfSSL 11:cee25a834751 14117 return "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256";
wolfSSL 11:cee25a834751 14118 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 :
wolfSSL 11:cee25a834751 14119 return "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256";
wolfSSL 11:cee25a834751 14120 #ifndef NO_SHA
wolfSSL 11:cee25a834751 14121 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA :
wolfSSL 11:cee25a834751 14122 return "TLS_DHE_RSA_WITH_AES_128_CBC_SHA";
wolfSSL 11:cee25a834751 14123 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA :
wolfSSL 11:cee25a834751 14124 return "TLS_DHE_RSA_WITH_AES_256_CBC_SHA";
wolfSSL 11:cee25a834751 14125 #ifndef NO_DES3
wolfSSL 11:cee25a834751 14126 case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA:
wolfSSL 11:cee25a834751 14127 return "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA";
wolfSSL 11:cee25a834751 14128 #endif
wolfSSL 11:cee25a834751 14129 #endif /* !NO_RSA */
wolfSSL 11:cee25a834751 14130 #ifndef NO_HC128
wolfSSL 11:cee25a834751 14131 #ifndef NO_MD5
wolfSSL 11:cee25a834751 14132 case TLS_RSA_WITH_HC_128_MD5 :
wolfSSL 11:cee25a834751 14133 return "TLS_RSA_WITH_HC_128_MD5";
wolfSSL 11:cee25a834751 14134 #endif /* !NO_MD5 */
wolfSSL 11:cee25a834751 14135 #ifndef NO_SHA
wolfSSL 11:cee25a834751 14136 case TLS_RSA_WITH_HC_128_SHA :
wolfSSL 11:cee25a834751 14137 return "TLS_RSA_WITH_HC_128_SHA";
wolfSSL 11:cee25a834751 14138 #endif /* !NO_SHA */
wolfSSL 11:cee25a834751 14139 #ifdef HAVE_BLAKE2
wolfSSL 11:cee25a834751 14140 case TLS_RSA_WITH_HC_128_B2B256:
wolfSSL 11:cee25a834751 14141 return "TLS_RSA_WITH_HC_128_B2B256";
wolfSSL 11:cee25a834751 14142 #endif /* HAVE_BLAKE2 */
wolfSSL 11:cee25a834751 14143 #endif /* !NO_HC128 */
wolfSSL 11:cee25a834751 14144 #ifndef NO_SHA
wolfSSL 11:cee25a834751 14145 #ifndef NO_RABBIT
wolfSSL 11:cee25a834751 14146 case TLS_RSA_WITH_RABBIT_SHA :
wolfSSL 11:cee25a834751 14147 return "TLS_RSA_WITH_RABBIT_SHA";
wolfSSL 11:cee25a834751 14148 #endif /* !NO_RABBIT */
wolfSSL 11:cee25a834751 14149 #ifdef HAVE_NTRU
wolfSSL 11:cee25a834751 14150 #ifndef NO_RC4
wolfSSL 11:cee25a834751 14151 case TLS_NTRU_RSA_WITH_RC4_128_SHA :
wolfSSL 11:cee25a834751 14152 return "TLS_NTRU_RSA_WITH_RC4_128_SHA";
wolfSSL 11:cee25a834751 14153 #endif /* !NO_RC4 */
wolfSSL 11:cee25a834751 14154 #ifndef NO_DES3
wolfSSL 11:cee25a834751 14155 case TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA :
wolfSSL 11:cee25a834751 14156 return "TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA";
wolfSSL 11:cee25a834751 14157 #endif /* !NO_DES3 */
wolfSSL 11:cee25a834751 14158 case TLS_NTRU_RSA_WITH_AES_128_CBC_SHA :
wolfSSL 11:cee25a834751 14159 return "TLS_NTRU_RSA_WITH_AES_128_CBC_SHA";
wolfSSL 11:cee25a834751 14160 case TLS_NTRU_RSA_WITH_AES_256_CBC_SHA :
wolfSSL 11:cee25a834751 14161 return "TLS_NTRU_RSA_WITH_AES_256_CBC_SHA";
wolfSSL 11:cee25a834751 14162 #endif /* HAVE_NTRU */
wolfSSL 11:cee25a834751 14163
wolfSSL 11:cee25a834751 14164 #ifdef HAVE_QSH
wolfSSL 11:cee25a834751 14165 case TLS_QSH :
wolfSSL 11:cee25a834751 14166 return "TLS_QSH";
wolfSSL 11:cee25a834751 14167 #endif /* HAVE_QSH */
wolfSSL 11:cee25a834751 14168 #endif /* !NO_SHA */
wolfSSL 11:cee25a834751 14169
wolfSSL 11:cee25a834751 14170 case TLS_RSA_WITH_AES_128_GCM_SHA256 :
wolfSSL 11:cee25a834751 14171 return "TLS_RSA_WITH_AES_128_GCM_SHA256";
wolfSSL 11:cee25a834751 14172 case TLS_RSA_WITH_AES_256_GCM_SHA384 :
wolfSSL 11:cee25a834751 14173 return "TLS_RSA_WITH_AES_256_GCM_SHA384";
wolfSSL 11:cee25a834751 14174 case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 :
wolfSSL 11:cee25a834751 14175 return "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256";
wolfSSL 11:cee25a834751 14176 case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 :
wolfSSL 11:cee25a834751 14177 return "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384";
wolfSSL 11:cee25a834751 14178 #ifndef NO_SHA
wolfSSL 11:cee25a834751 14179 case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA :
wolfSSL 11:cee25a834751 14180 return "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA";
wolfSSL 11:cee25a834751 14181 case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA :
wolfSSL 11:cee25a834751 14182 return "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA";
wolfSSL 11:cee25a834751 14183 #endif /* !NO_SHA */
wolfSSL 11:cee25a834751 14184 case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 :
wolfSSL 11:cee25a834751 14185 return "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256";
wolfSSL 11:cee25a834751 14186 case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 :
wolfSSL 11:cee25a834751 14187 return "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256";
wolfSSL 11:cee25a834751 14188 #ifndef NO_SHA
wolfSSL 11:cee25a834751 14189 case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA :
wolfSSL 11:cee25a834751 14190 return "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA";
wolfSSL 11:cee25a834751 14191 case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA :
wolfSSL 11:cee25a834751 14192 return "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA";
wolfSSL 11:cee25a834751 14193 #endif /* !NO_SHA */
wolfSSL 11:cee25a834751 14194 case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 :
wolfSSL 11:cee25a834751 14195 return "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256";
wolfSSL 11:cee25a834751 14196 case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 :
wolfSSL 11:cee25a834751 14197 return "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256";
wolfSSL 11:cee25a834751 14198 #endif /* !NO_PSK */
wolfSSL 11:cee25a834751 14199
wolfSSL 11:cee25a834751 14200 #ifdef BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA
wolfSSL 11:cee25a834751 14201 case TLS_DH_anon_WITH_AES_128_CBC_SHA :
wolfSSL 11:cee25a834751 14202 return "TLS_DH_anon_WITH_AES_128_CBC_SHA";
wolfSSL 11:cee25a834751 14203 #endif
wolfSSL 11:cee25a834751 14204 default:
wolfSSL 11:cee25a834751 14205 return "NONE";
wolfSSL 11:cee25a834751 14206 } /* switch */
wolfSSL 11:cee25a834751 14207 } /* normal / PSK */
wolfSSL 11:cee25a834751 14208 #endif /* NO_ERROR_STRINGS */
wolfSSL 11:cee25a834751 14209
wolfSSL 11:cee25a834751 14210 return "NONE";
wolfSSL 11:cee25a834751 14211 }
wolfSSL 11:cee25a834751 14212
wolfSSL 11:cee25a834751 14213
wolfSSL 11:cee25a834751 14214 /**
wolfSSL 11:cee25a834751 14215 Set the enabled cipher suites.
wolfSSL 11:cee25a834751 14216
wolfSSL 11:cee25a834751 14217 @param [out] suites Suites structure.
wolfSSL 11:cee25a834751 14218 @param [in] list List of cipher suites, only supports full name from
wolfSSL 11:cee25a834751 14219 cipher_names[] delimited by ':'.
wolfSSL 11:cee25a834751 14220
wolfSSL 11:cee25a834751 14221 @return true on success, else false.
wolfSSL 11:cee25a834751 14222 */
wolfSSL 11:cee25a834751 14223 int SetCipherList(WOLFSSL_CTX* ctx, Suites* suites, const char* list)
wolfSSL 11:cee25a834751 14224 {
wolfSSL 11:cee25a834751 14225 int ret = 0;
wolfSSL 11:cee25a834751 14226 int idx = 0;
wolfSSL 11:cee25a834751 14227 int haveRSAsig = 0;
wolfSSL 11:cee25a834751 14228 int haveECDSAsig = 0;
wolfSSL 11:cee25a834751 14229 int haveAnon = 0;
wolfSSL 11:cee25a834751 14230 const int suiteSz = GetCipherNamesSize();
wolfSSL 11:cee25a834751 14231 char* next = (char*)list;
wolfSSL 11:cee25a834751 14232
wolfSSL 11:cee25a834751 14233 if (suites == NULL || list == NULL) {
wolfSSL 11:cee25a834751 14234 WOLFSSL_MSG("SetCipherList parameter error");
wolfSSL 11:cee25a834751 14235 return 0;
wolfSSL 11:cee25a834751 14236 }
wolfSSL 11:cee25a834751 14237
wolfSSL 11:cee25a834751 14238 if (next[0] == 0 || XSTRNCMP(next, "ALL", 3) == 0 ||
wolfSSL 11:cee25a834751 14239 XSTRNCMP(next, "DEFAULT", 7) == 0)
wolfSSL 11:cee25a834751 14240 return 1; /* wolfSSL defualt */
wolfSSL 11:cee25a834751 14241
wolfSSL 11:cee25a834751 14242 do {
wolfSSL 11:cee25a834751 14243 char* current = next;
wolfSSL 11:cee25a834751 14244 char name[MAX_SUITE_NAME + 1];
wolfSSL 11:cee25a834751 14245 int i;
wolfSSL 11:cee25a834751 14246 word32 length;
wolfSSL 11:cee25a834751 14247
wolfSSL 11:cee25a834751 14248 next = XSTRSTR(next, ":");
wolfSSL 11:cee25a834751 14249 length = min(sizeof(name), !next ? (word32)XSTRLEN(current) /* last */
wolfSSL 11:cee25a834751 14250 : (word32)(next - current));
wolfSSL 11:cee25a834751 14251
wolfSSL 11:cee25a834751 14252 XSTRNCPY(name, current, length);
wolfSSL 11:cee25a834751 14253 name[(length == sizeof(name)) ? length - 1 : length] = 0;
wolfSSL 11:cee25a834751 14254
wolfSSL 11:cee25a834751 14255 for (i = 0; i < suiteSz; i++) {
wolfSSL 11:cee25a834751 14256 if (XSTRNCMP(name, cipher_names[i], sizeof(name)) == 0) {
wolfSSL 11:cee25a834751 14257 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 14258 /* don't allow stream ciphers with DTLS */
wolfSSL 11:cee25a834751 14259 if (ctx->method->version.major == DTLS_MAJOR) {
wolfSSL 11:cee25a834751 14260 if (XSTRSTR(name, "RC4") ||
wolfSSL 11:cee25a834751 14261 XSTRSTR(name, "HC128") ||
wolfSSL 11:cee25a834751 14262 XSTRSTR(name, "RABBIT"))
wolfSSL 11:cee25a834751 14263 {
wolfSSL 11:cee25a834751 14264 WOLFSSL_MSG("Stream ciphers not supported with DTLS");
wolfSSL 11:cee25a834751 14265 continue;
wolfSSL 11:cee25a834751 14266 }
wolfSSL 11:cee25a834751 14267
wolfSSL 11:cee25a834751 14268 }
wolfSSL 11:cee25a834751 14269 #endif /* WOLFSSL_DTLS */
wolfSSL 11:cee25a834751 14270
wolfSSL 11:cee25a834751 14271 suites->suites[idx++] = (XSTRSTR(name, "CHACHA")) ? CHACHA_BYTE
wolfSSL 11:cee25a834751 14272 : (XSTRSTR(name, "QSH")) ? QSH_BYTE
wolfSSL 11:cee25a834751 14273 : (XSTRSTR(name, "EC")) ? ECC_BYTE
wolfSSL 11:cee25a834751 14274 : (XSTRSTR(name, "CCM")) ? ECC_BYTE
wolfSSL 11:cee25a834751 14275 : 0x00; /* normal */
wolfSSL 11:cee25a834751 14276 suites->suites[idx++] = (byte)cipher_name_idx[i];
wolfSSL 11:cee25a834751 14277
wolfSSL 11:cee25a834751 14278 /* The suites are either ECDSA, RSA, PSK, or Anon. The RSA
wolfSSL 11:cee25a834751 14279 * suites don't necessarily have RSA in the name. */
wolfSSL 11:cee25a834751 14280 if ((haveECDSAsig == 0) && XSTRSTR(name, "ECDSA"))
wolfSSL 11:cee25a834751 14281 haveECDSAsig = 1;
wolfSSL 11:cee25a834751 14282 else if (XSTRSTR(name, "ADH"))
wolfSSL 11:cee25a834751 14283 haveAnon = 1;
wolfSSL 11:cee25a834751 14284 else if ((haveRSAsig == 0) && (XSTRSTR(name, "PSK") == NULL))
wolfSSL 11:cee25a834751 14285 haveRSAsig = 1;
wolfSSL 11:cee25a834751 14286
wolfSSL 11:cee25a834751 14287 ret = 1; /* found at least one */
wolfSSL 11:cee25a834751 14288 break;
wolfSSL 11:cee25a834751 14289 }
wolfSSL 11:cee25a834751 14290 }
wolfSSL 11:cee25a834751 14291 }
wolfSSL 11:cee25a834751 14292 while (next++); /* ++ needed to skip ':' */
wolfSSL 11:cee25a834751 14293
wolfSSL 11:cee25a834751 14294 if (ret) {
wolfSSL 11:cee25a834751 14295 suites->setSuites = 1;
wolfSSL 11:cee25a834751 14296 suites->suiteSz = (word16)idx;
wolfSSL 11:cee25a834751 14297 InitSuitesHashSigAlgo(suites, haveECDSAsig, haveRSAsig, haveAnon);
wolfSSL 11:cee25a834751 14298 }
wolfSSL 11:cee25a834751 14299
wolfSSL 11:cee25a834751 14300 (void)ctx;
wolfSSL 11:cee25a834751 14301
wolfSSL 11:cee25a834751 14302 return ret;
wolfSSL 11:cee25a834751 14303 }
wolfSSL 11:cee25a834751 14304
wolfSSL 11:cee25a834751 14305 #if !defined(NO_WOLFSSL_SERVER) || !defined(NO_CERTS)
wolfSSL 11:cee25a834751 14306 static void PickHashSigAlgo(WOLFSSL* ssl,
wolfSSL 11:cee25a834751 14307 const byte* hashSigAlgo, word32 hashSigAlgoSz)
wolfSSL 11:cee25a834751 14308 {
wolfSSL 11:cee25a834751 14309 word32 i;
wolfSSL 11:cee25a834751 14310
wolfSSL 11:cee25a834751 14311 ssl->suites->sigAlgo = ssl->specs.sig_algo;
wolfSSL 11:cee25a834751 14312
wolfSSL 11:cee25a834751 14313 /* set defaults */
wolfSSL 11:cee25a834751 14314 if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL 11:cee25a834751 14315 #ifdef WOLFSSL_ALLOW_TLS_SHA1
wolfSSL 11:cee25a834751 14316 ssl->suites->hashAlgo = sha_mac;
wolfSSL 11:cee25a834751 14317 #else
wolfSSL 11:cee25a834751 14318 ssl->suites->hashAlgo = sha256_mac;
wolfSSL 11:cee25a834751 14319 #endif
wolfSSL 11:cee25a834751 14320 }
wolfSSL 11:cee25a834751 14321 else {
wolfSSL 11:cee25a834751 14322 ssl->suites->hashAlgo = sha_mac;
wolfSSL 11:cee25a834751 14323 }
wolfSSL 11:cee25a834751 14324
wolfSSL 11:cee25a834751 14325 /* i+1 since peek a byte ahead for type */
wolfSSL 11:cee25a834751 14326 for (i = 0; (i+1) < hashSigAlgoSz; i += HELLO_EXT_SIGALGO_SZ) {
wolfSSL 11:cee25a834751 14327 if (hashSigAlgo[i+1] == ssl->specs.sig_algo) {
wolfSSL 11:cee25a834751 14328 if (hashSigAlgo[i] == sha_mac) {
wolfSSL 11:cee25a834751 14329 break;
wolfSSL 11:cee25a834751 14330 }
wolfSSL 11:cee25a834751 14331 #ifndef NO_SHA256
wolfSSL 11:cee25a834751 14332 else if (hashSigAlgo[i] == sha256_mac) {
wolfSSL 11:cee25a834751 14333 ssl->suites->hashAlgo = sha256_mac;
wolfSSL 11:cee25a834751 14334 break;
wolfSSL 11:cee25a834751 14335 }
wolfSSL 11:cee25a834751 14336 #endif
wolfSSL 11:cee25a834751 14337 #ifdef WOLFSSL_SHA384
wolfSSL 11:cee25a834751 14338 else if (hashSigAlgo[i] == sha384_mac) {
wolfSSL 11:cee25a834751 14339 ssl->suites->hashAlgo = sha384_mac;
wolfSSL 11:cee25a834751 14340 break;
wolfSSL 11:cee25a834751 14341 }
wolfSSL 11:cee25a834751 14342 #endif
wolfSSL 11:cee25a834751 14343 #ifdef WOLFSSL_SHA512
wolfSSL 11:cee25a834751 14344 else if (hashSigAlgo[i] == sha512_mac) {
wolfSSL 11:cee25a834751 14345 ssl->suites->hashAlgo = sha512_mac;
wolfSSL 11:cee25a834751 14346 break;
wolfSSL 11:cee25a834751 14347 }
wolfSSL 11:cee25a834751 14348 #endif
wolfSSL 11:cee25a834751 14349 }
wolfSSL 11:cee25a834751 14350 }
wolfSSL 11:cee25a834751 14351 }
wolfSSL 11:cee25a834751 14352 #endif /* !defined(NO_WOLFSSL_SERVER) || !defined(NO_CERTS) */
wolfSSL 11:cee25a834751 14353
wolfSSL 11:cee25a834751 14354 #ifdef WOLFSSL_CALLBACKS
wolfSSL 11:cee25a834751 14355
wolfSSL 11:cee25a834751 14356 /* Initialisze HandShakeInfo */
wolfSSL 11:cee25a834751 14357 void InitHandShakeInfo(HandShakeInfo* info, WOLFSSL* ssl)
wolfSSL 11:cee25a834751 14358 {
wolfSSL 11:cee25a834751 14359 int i;
wolfSSL 11:cee25a834751 14360
wolfSSL 11:cee25a834751 14361 info->ssl = ssl;
wolfSSL 11:cee25a834751 14362 info->cipherName[0] = 0;
wolfSSL 11:cee25a834751 14363 for (i = 0; i < MAX_PACKETS_HANDSHAKE; i++)
wolfSSL 11:cee25a834751 14364 info->packetNames[i][0] = 0;
wolfSSL 11:cee25a834751 14365 info->numberPackets = 0;
wolfSSL 11:cee25a834751 14366 info->negotiationError = 0;
wolfSSL 11:cee25a834751 14367 }
wolfSSL 11:cee25a834751 14368
wolfSSL 11:cee25a834751 14369 /* Set Final HandShakeInfo parameters */
wolfSSL 11:cee25a834751 14370 void FinishHandShakeInfo(HandShakeInfo* info)
wolfSSL 11:cee25a834751 14371 {
wolfSSL 11:cee25a834751 14372 int i;
wolfSSL 11:cee25a834751 14373 int sz = sizeof(cipher_name_idx)/sizeof(int);
wolfSSL 11:cee25a834751 14374
wolfSSL 11:cee25a834751 14375 for (i = 0; i < sz; i++)
wolfSSL 11:cee25a834751 14376 if (info->ssl->options.cipherSuite == (byte)cipher_name_idx[i]) {
wolfSSL 11:cee25a834751 14377 if (info->ssl->options.cipherSuite0 == ECC_BYTE)
wolfSSL 11:cee25a834751 14378 continue; /* ECC suites at end */
wolfSSL 11:cee25a834751 14379 XSTRNCPY(info->cipherName, cipher_names[i], MAX_CIPHERNAME_SZ);
wolfSSL 11:cee25a834751 14380 break;
wolfSSL 11:cee25a834751 14381 }
wolfSSL 11:cee25a834751 14382
wolfSSL 11:cee25a834751 14383 /* error max and min are negative numbers */
wolfSSL 11:cee25a834751 14384 if (info->ssl->error <= MIN_PARAM_ERR && info->ssl->error >= MAX_PARAM_ERR)
wolfSSL 11:cee25a834751 14385 info->negotiationError = info->ssl->error;
wolfSSL 11:cee25a834751 14386 }
wolfSSL 11:cee25a834751 14387
wolfSSL 11:cee25a834751 14388
wolfSSL 11:cee25a834751 14389 /* Add name to info packet names, increase packet name count */
wolfSSL 11:cee25a834751 14390 void AddPacketName(const char* name, HandShakeInfo* info)
wolfSSL 11:cee25a834751 14391 {
wolfSSL 11:cee25a834751 14392 if (info->numberPackets < MAX_PACKETS_HANDSHAKE) {
wolfSSL 11:cee25a834751 14393 XSTRNCPY(info->packetNames[info->numberPackets++], name,
wolfSSL 11:cee25a834751 14394 MAX_PACKETNAME_SZ);
wolfSSL 11:cee25a834751 14395 }
wolfSSL 11:cee25a834751 14396 }
wolfSSL 11:cee25a834751 14397
wolfSSL 11:cee25a834751 14398
wolfSSL 11:cee25a834751 14399 /* Initialisze TimeoutInfo */
wolfSSL 11:cee25a834751 14400 void InitTimeoutInfo(TimeoutInfo* info)
wolfSSL 11:cee25a834751 14401 {
wolfSSL 11:cee25a834751 14402 int i;
wolfSSL 11:cee25a834751 14403
wolfSSL 11:cee25a834751 14404 info->timeoutName[0] = 0;
wolfSSL 11:cee25a834751 14405 info->flags = 0;
wolfSSL 11:cee25a834751 14406
wolfSSL 11:cee25a834751 14407 for (i = 0; i < MAX_PACKETS_HANDSHAKE; i++) {
wolfSSL 11:cee25a834751 14408 info->packets[i].packetName[0] = 0;
wolfSSL 11:cee25a834751 14409 info->packets[i].timestamp.tv_sec = 0;
wolfSSL 11:cee25a834751 14410 info->packets[i].timestamp.tv_usec = 0;
wolfSSL 11:cee25a834751 14411 info->packets[i].bufferValue = 0;
wolfSSL 11:cee25a834751 14412 info->packets[i].valueSz = 0;
wolfSSL 11:cee25a834751 14413 }
wolfSSL 11:cee25a834751 14414 info->numberPackets = 0;
wolfSSL 11:cee25a834751 14415 info->timeoutValue.tv_sec = 0;
wolfSSL 11:cee25a834751 14416 info->timeoutValue.tv_usec = 0;
wolfSSL 11:cee25a834751 14417 }
wolfSSL 11:cee25a834751 14418
wolfSSL 11:cee25a834751 14419
wolfSSL 11:cee25a834751 14420 /* Free TimeoutInfo */
wolfSSL 11:cee25a834751 14421 void FreeTimeoutInfo(TimeoutInfo* info, void* heap)
wolfSSL 11:cee25a834751 14422 {
wolfSSL 11:cee25a834751 14423 int i;
wolfSSL 11:cee25a834751 14424 (void)heap;
wolfSSL 11:cee25a834751 14425 for (i = 0; i < MAX_PACKETS_HANDSHAKE; i++)
wolfSSL 11:cee25a834751 14426 if (info->packets[i].bufferValue) {
wolfSSL 11:cee25a834751 14427 XFREE(info->packets[i].bufferValue, heap, DYNAMIC_TYPE_INFO);
wolfSSL 11:cee25a834751 14428 info->packets[i].bufferValue = 0;
wolfSSL 11:cee25a834751 14429 }
wolfSSL 11:cee25a834751 14430
wolfSSL 11:cee25a834751 14431 }
wolfSSL 11:cee25a834751 14432
wolfSSL 11:cee25a834751 14433
wolfSSL 11:cee25a834751 14434 /* Add PacketInfo to TimeoutInfo */
wolfSSL 11:cee25a834751 14435 void AddPacketInfo(const char* name, TimeoutInfo* info, const byte* data,
wolfSSL 11:cee25a834751 14436 int sz, void* heap)
wolfSSL 11:cee25a834751 14437 {
wolfSSL 11:cee25a834751 14438 if (info->numberPackets < (MAX_PACKETS_HANDSHAKE - 1)) {
wolfSSL 11:cee25a834751 14439 Timeval currTime;
wolfSSL 11:cee25a834751 14440
wolfSSL 11:cee25a834751 14441 /* may add name after */
wolfSSL 11:cee25a834751 14442 if (name)
wolfSSL 11:cee25a834751 14443 XSTRNCPY(info->packets[info->numberPackets].packetName, name,
wolfSSL 11:cee25a834751 14444 MAX_PACKETNAME_SZ);
wolfSSL 11:cee25a834751 14445
wolfSSL 11:cee25a834751 14446 /* add data, put in buffer if bigger than static buffer */
wolfSSL 11:cee25a834751 14447 info->packets[info->numberPackets].valueSz = sz;
wolfSSL 11:cee25a834751 14448 if (sz < MAX_VALUE_SZ)
wolfSSL 11:cee25a834751 14449 XMEMCPY(info->packets[info->numberPackets].value, data, sz);
wolfSSL 11:cee25a834751 14450 else {
wolfSSL 11:cee25a834751 14451 info->packets[info->numberPackets].bufferValue =
wolfSSL 11:cee25a834751 14452 (byte*)XMALLOC(sz, heap, DYNAMIC_TYPE_INFO);
wolfSSL 11:cee25a834751 14453 if (!info->packets[info->numberPackets].bufferValue)
wolfSSL 11:cee25a834751 14454 /* let next alloc catch, just don't fill, not fatal here */
wolfSSL 11:cee25a834751 14455 info->packets[info->numberPackets].valueSz = 0;
wolfSSL 11:cee25a834751 14456 else
wolfSSL 11:cee25a834751 14457 XMEMCPY(info->packets[info->numberPackets].bufferValue,
wolfSSL 11:cee25a834751 14458 data, sz);
wolfSSL 11:cee25a834751 14459 }
wolfSSL 11:cee25a834751 14460 gettimeofday(&currTime, 0);
wolfSSL 11:cee25a834751 14461 info->packets[info->numberPackets].timestamp.tv_sec =
wolfSSL 11:cee25a834751 14462 currTime.tv_sec;
wolfSSL 11:cee25a834751 14463 info->packets[info->numberPackets].timestamp.tv_usec =
wolfSSL 11:cee25a834751 14464 currTime.tv_usec;
wolfSSL 11:cee25a834751 14465 info->numberPackets++;
wolfSSL 11:cee25a834751 14466 }
wolfSSL 11:cee25a834751 14467 }
wolfSSL 11:cee25a834751 14468
wolfSSL 11:cee25a834751 14469
wolfSSL 11:cee25a834751 14470 /* Add packet name to previsouly added packet info */
wolfSSL 11:cee25a834751 14471 void AddLateName(const char* name, TimeoutInfo* info)
wolfSSL 11:cee25a834751 14472 {
wolfSSL 11:cee25a834751 14473 /* make sure we have a valid previous one */
wolfSSL 11:cee25a834751 14474 if (info->numberPackets > 0 && info->numberPackets <
wolfSSL 11:cee25a834751 14475 MAX_PACKETS_HANDSHAKE) {
wolfSSL 11:cee25a834751 14476 XSTRNCPY(info->packets[info->numberPackets - 1].packetName, name,
wolfSSL 11:cee25a834751 14477 MAX_PACKETNAME_SZ);
wolfSSL 11:cee25a834751 14478 }
wolfSSL 11:cee25a834751 14479 }
wolfSSL 11:cee25a834751 14480
wolfSSL 11:cee25a834751 14481 /* Add record header to previsouly added packet info */
wolfSSL 11:cee25a834751 14482 void AddLateRecordHeader(const RecordLayerHeader* rl, TimeoutInfo* info)
wolfSSL 11:cee25a834751 14483 {
wolfSSL 11:cee25a834751 14484 /* make sure we have a valid previous one */
wolfSSL 11:cee25a834751 14485 if (info->numberPackets > 0 && info->numberPackets <
wolfSSL 11:cee25a834751 14486 MAX_PACKETS_HANDSHAKE) {
wolfSSL 11:cee25a834751 14487 if (info->packets[info->numberPackets - 1].bufferValue)
wolfSSL 11:cee25a834751 14488 XMEMCPY(info->packets[info->numberPackets - 1].bufferValue, rl,
wolfSSL 11:cee25a834751 14489 RECORD_HEADER_SZ);
wolfSSL 11:cee25a834751 14490 else
wolfSSL 11:cee25a834751 14491 XMEMCPY(info->packets[info->numberPackets - 1].value, rl,
wolfSSL 11:cee25a834751 14492 RECORD_HEADER_SZ);
wolfSSL 11:cee25a834751 14493 }
wolfSSL 11:cee25a834751 14494 }
wolfSSL 11:cee25a834751 14495
wolfSSL 11:cee25a834751 14496 #endif /* WOLFSSL_CALLBACKS */
wolfSSL 11:cee25a834751 14497
wolfSSL 11:cee25a834751 14498
wolfSSL 11:cee25a834751 14499
wolfSSL 11:cee25a834751 14500 /* client only parts */
wolfSSL 11:cee25a834751 14501 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 11:cee25a834751 14502
wolfSSL 11:cee25a834751 14503 int SendClientHello(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 14504 {
wolfSSL 11:cee25a834751 14505 byte *output;
wolfSSL 11:cee25a834751 14506 word32 length, idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
wolfSSL 11:cee25a834751 14507 int sendSz;
wolfSSL 11:cee25a834751 14508 int idSz = ssl->options.resuming
wolfSSL 11:cee25a834751 14509 ? ssl->session.sessionIDSz
wolfSSL 11:cee25a834751 14510 : 0;
wolfSSL 11:cee25a834751 14511 int ret;
wolfSSL 11:cee25a834751 14512 word16 extSz = 0;
wolfSSL 11:cee25a834751 14513
wolfSSL 11:cee25a834751 14514 if (ssl->suites == NULL) {
wolfSSL 11:cee25a834751 14515 WOLFSSL_MSG("Bad suites pointer in SendClientHello");
wolfSSL 11:cee25a834751 14516 return SUITES_ERROR;
wolfSSL 11:cee25a834751 14517 }
wolfSSL 11:cee25a834751 14518
wolfSSL 11:cee25a834751 14519 #ifdef HAVE_SESSION_TICKET
wolfSSL 11:cee25a834751 14520 if (ssl->options.resuming && ssl->session.ticketLen > 0) {
wolfSSL 11:cee25a834751 14521 SessionTicket* ticket;
wolfSSL 11:cee25a834751 14522
wolfSSL 11:cee25a834751 14523 ticket = TLSX_SessionTicket_Create(0, ssl->session.ticket,
wolfSSL 11:cee25a834751 14524 ssl->session.ticketLen, ssl->heap);
wolfSSL 11:cee25a834751 14525 if (ticket == NULL) return MEMORY_E;
wolfSSL 11:cee25a834751 14526
wolfSSL 11:cee25a834751 14527 ret = TLSX_UseSessionTicket(&ssl->extensions, ticket, ssl->heap);
wolfSSL 11:cee25a834751 14528 if (ret != SSL_SUCCESS) return ret;
wolfSSL 11:cee25a834751 14529
wolfSSL 11:cee25a834751 14530 idSz = 0;
wolfSSL 11:cee25a834751 14531 }
wolfSSL 11:cee25a834751 14532 #endif
wolfSSL 11:cee25a834751 14533 length = VERSION_SZ + RAN_LEN
wolfSSL 11:cee25a834751 14534 + idSz + ENUM_LEN
wolfSSL 11:cee25a834751 14535 + ssl->suites->suiteSz + SUITE_LEN
wolfSSL 11:cee25a834751 14536 + COMP_LEN + ENUM_LEN;
wolfSSL 11:cee25a834751 14537
wolfSSL 11:cee25a834751 14538 #ifdef HAVE_TLS_EXTENSIONS
wolfSSL 11:cee25a834751 14539 /* auto populate extensions supported unless user defined */
wolfSSL 11:cee25a834751 14540 if ((ret = TLSX_PopulateExtensions(ssl, 0)) != 0)
wolfSSL 11:cee25a834751 14541 return ret;
wolfSSL 11:cee25a834751 14542 #ifdef HAVE_QSH
wolfSSL 11:cee25a834751 14543 if (QSH_Init(ssl) != 0)
wolfSSL 11:cee25a834751 14544 return MEMORY_E;
wolfSSL 11:cee25a834751 14545 #endif
wolfSSL 11:cee25a834751 14546 extSz = TLSX_GetRequestSize(ssl);
wolfSSL 11:cee25a834751 14547 if (extSz != 0)
wolfSSL 11:cee25a834751 14548 length += extSz;
wolfSSL 11:cee25a834751 14549 #else
wolfSSL 11:cee25a834751 14550 if (IsAtLeastTLSv1_2(ssl) && ssl->suites->hashSigAlgoSz)
wolfSSL 11:cee25a834751 14551 extSz += HELLO_EXT_SZ + HELLO_EXT_SIGALGO_SZ
wolfSSL 11:cee25a834751 14552 + ssl->suites->hashSigAlgoSz;
wolfSSL 11:cee25a834751 14553 #ifdef HAVE_EXTENDED_MASTER
wolfSSL 11:cee25a834751 14554 if (ssl->options.haveEMS)
wolfSSL 11:cee25a834751 14555 extSz += HELLO_EXT_SZ;
wolfSSL 11:cee25a834751 14556 #endif
wolfSSL 11:cee25a834751 14557 if (extSz != 0)
wolfSSL 11:cee25a834751 14558 length += extSz + HELLO_EXT_SZ_SZ;
wolfSSL 11:cee25a834751 14559 #endif
wolfSSL 11:cee25a834751 14560 sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ;
wolfSSL 11:cee25a834751 14561
wolfSSL 11:cee25a834751 14562 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 14563 if (ssl->options.dtls) {
wolfSSL 11:cee25a834751 14564 length += ENUM_LEN; /* cookie */
wolfSSL 11:cee25a834751 14565 if (ssl->arrays->cookieSz != 0) length += ssl->arrays->cookieSz;
wolfSSL 11:cee25a834751 14566 sendSz = length + DTLS_HANDSHAKE_HEADER_SZ + DTLS_RECORD_HEADER_SZ;
wolfSSL 11:cee25a834751 14567 idx += DTLS_HANDSHAKE_EXTRA + DTLS_RECORD_EXTRA;
wolfSSL 11:cee25a834751 14568 }
wolfSSL 11:cee25a834751 14569 #endif
wolfSSL 11:cee25a834751 14570
wolfSSL 11:cee25a834751 14571 if (IsEncryptionOn(ssl, 1))
wolfSSL 11:cee25a834751 14572 sendSz += MAX_MSG_EXTRA;
wolfSSL 11:cee25a834751 14573
wolfSSL 11:cee25a834751 14574 /* check for available size */
wolfSSL 11:cee25a834751 14575 if ((ret = CheckAvailableSize(ssl, sendSz)) != 0)
wolfSSL 11:cee25a834751 14576 return ret;
wolfSSL 11:cee25a834751 14577
wolfSSL 11:cee25a834751 14578 /* get output buffer */
wolfSSL 11:cee25a834751 14579 output = ssl->buffers.outputBuffer.buffer +
wolfSSL 11:cee25a834751 14580 ssl->buffers.outputBuffer.length;
wolfSSL 11:cee25a834751 14581
wolfSSL 11:cee25a834751 14582 AddHeaders(output, length, client_hello, ssl);
wolfSSL 11:cee25a834751 14583
wolfSSL 11:cee25a834751 14584 /* client hello, first version */
wolfSSL 11:cee25a834751 14585 output[idx++] = ssl->version.major;
wolfSSL 11:cee25a834751 14586 output[idx++] = ssl->version.minor;
wolfSSL 11:cee25a834751 14587 ssl->chVersion = ssl->version; /* store in case changed */
wolfSSL 11:cee25a834751 14588
wolfSSL 11:cee25a834751 14589 /* then random */
wolfSSL 11:cee25a834751 14590 if (ssl->options.connectState == CONNECT_BEGIN) {
wolfSSL 11:cee25a834751 14591 ret = wc_RNG_GenerateBlock(ssl->rng, output + idx, RAN_LEN);
wolfSSL 11:cee25a834751 14592 if (ret != 0)
wolfSSL 11:cee25a834751 14593 return ret;
wolfSSL 11:cee25a834751 14594
wolfSSL 11:cee25a834751 14595 /* store random */
wolfSSL 11:cee25a834751 14596 XMEMCPY(ssl->arrays->clientRandom, output + idx, RAN_LEN);
wolfSSL 11:cee25a834751 14597 } else {
wolfSSL 11:cee25a834751 14598 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 14599 /* send same random on hello again */
wolfSSL 11:cee25a834751 14600 XMEMCPY(output + idx, ssl->arrays->clientRandom, RAN_LEN);
wolfSSL 11:cee25a834751 14601 #endif
wolfSSL 11:cee25a834751 14602 }
wolfSSL 11:cee25a834751 14603 idx += RAN_LEN;
wolfSSL 11:cee25a834751 14604
wolfSSL 11:cee25a834751 14605 /* then session id */
wolfSSL 11:cee25a834751 14606 output[idx++] = (byte)idSz;
wolfSSL 11:cee25a834751 14607 if (idSz) {
wolfSSL 11:cee25a834751 14608 XMEMCPY(output + idx, ssl->session.sessionID,
wolfSSL 11:cee25a834751 14609 ssl->session.sessionIDSz);
wolfSSL 11:cee25a834751 14610 idx += ssl->session.sessionIDSz;
wolfSSL 11:cee25a834751 14611 }
wolfSSL 11:cee25a834751 14612
wolfSSL 11:cee25a834751 14613 /* then DTLS cookie */
wolfSSL 11:cee25a834751 14614 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 14615 if (ssl->options.dtls) {
wolfSSL 11:cee25a834751 14616 byte cookieSz = ssl->arrays->cookieSz;
wolfSSL 11:cee25a834751 14617
wolfSSL 11:cee25a834751 14618 output[idx++] = cookieSz;
wolfSSL 11:cee25a834751 14619 if (cookieSz) {
wolfSSL 11:cee25a834751 14620 XMEMCPY(&output[idx], ssl->arrays->cookie, cookieSz);
wolfSSL 11:cee25a834751 14621 idx += cookieSz;
wolfSSL 11:cee25a834751 14622 }
wolfSSL 11:cee25a834751 14623 }
wolfSSL 11:cee25a834751 14624 #endif
wolfSSL 11:cee25a834751 14625 /* then cipher suites */
wolfSSL 11:cee25a834751 14626 c16toa(ssl->suites->suiteSz, output + idx);
wolfSSL 11:cee25a834751 14627 idx += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 14628 XMEMCPY(output + idx, &ssl->suites->suites, ssl->suites->suiteSz);
wolfSSL 11:cee25a834751 14629 idx += ssl->suites->suiteSz;
wolfSSL 11:cee25a834751 14630
wolfSSL 11:cee25a834751 14631 /* last, compression */
wolfSSL 11:cee25a834751 14632 output[idx++] = COMP_LEN;
wolfSSL 11:cee25a834751 14633 if (ssl->options.usingCompression)
wolfSSL 11:cee25a834751 14634 output[idx++] = ZLIB_COMPRESSION;
wolfSSL 11:cee25a834751 14635 else
wolfSSL 11:cee25a834751 14636 output[idx++] = NO_COMPRESSION;
wolfSSL 11:cee25a834751 14637
wolfSSL 11:cee25a834751 14638 #ifdef HAVE_TLS_EXTENSIONS
wolfSSL 11:cee25a834751 14639 idx += TLSX_WriteRequest(ssl, output + idx);
wolfSSL 11:cee25a834751 14640
wolfSSL 11:cee25a834751 14641 (void)idx; /* suppress analyzer warning, keep idx current */
wolfSSL 11:cee25a834751 14642 #else
wolfSSL 11:cee25a834751 14643 if (extSz != 0) {
wolfSSL 11:cee25a834751 14644 c16toa(extSz, output + idx);
wolfSSL 11:cee25a834751 14645 idx += HELLO_EXT_SZ_SZ;
wolfSSL 11:cee25a834751 14646
wolfSSL 11:cee25a834751 14647 if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL 11:cee25a834751 14648 if (ssl->suites->hashSigAlgoSz) {
wolfSSL 11:cee25a834751 14649 int i;
wolfSSL 11:cee25a834751 14650 /* extension type */
wolfSSL 11:cee25a834751 14651 c16toa(HELLO_EXT_SIG_ALGO, output + idx);
wolfSSL 11:cee25a834751 14652 idx += HELLO_EXT_TYPE_SZ;
wolfSSL 11:cee25a834751 14653 /* extension data length */
wolfSSL 11:cee25a834751 14654 c16toa(HELLO_EXT_SIGALGO_SZ + ssl->suites->hashSigAlgoSz,
wolfSSL 11:cee25a834751 14655 output + idx);
wolfSSL 11:cee25a834751 14656 idx += HELLO_EXT_SZ_SZ;
wolfSSL 11:cee25a834751 14657 /* sig algos length */
wolfSSL 11:cee25a834751 14658 c16toa(ssl->suites->hashSigAlgoSz, output + idx);
wolfSSL 11:cee25a834751 14659 idx += HELLO_EXT_SIGALGO_SZ;
wolfSSL 11:cee25a834751 14660 for (i = 0; i < ssl->suites->hashSigAlgoSz; i++, idx++) {
wolfSSL 11:cee25a834751 14661 output[idx] = ssl->suites->hashSigAlgo[i];
wolfSSL 11:cee25a834751 14662 }
wolfSSL 11:cee25a834751 14663 }
wolfSSL 11:cee25a834751 14664 }
wolfSSL 11:cee25a834751 14665 #ifdef HAVE_EXTENDED_MASTER
wolfSSL 11:cee25a834751 14666 if (ssl->options.haveEMS) {
wolfSSL 11:cee25a834751 14667 c16toa(HELLO_EXT_EXTMS, output + idx);
wolfSSL 11:cee25a834751 14668 idx += HELLO_EXT_TYPE_SZ;
wolfSSL 11:cee25a834751 14669 c16toa(0, output + idx);
wolfSSL 11:cee25a834751 14670 idx += HELLO_EXT_SZ_SZ;
wolfSSL 11:cee25a834751 14671 }
wolfSSL 11:cee25a834751 14672 #endif
wolfSSL 11:cee25a834751 14673 }
wolfSSL 11:cee25a834751 14674 #endif
wolfSSL 11:cee25a834751 14675
wolfSSL 11:cee25a834751 14676 if (IsEncryptionOn(ssl, 1)) {
wolfSSL 11:cee25a834751 14677 byte* input;
wolfSSL 11:cee25a834751 14678 int inputSz = idx - RECORD_HEADER_SZ; /* build msg adds rec hdr */
wolfSSL 11:cee25a834751 14679
wolfSSL 11:cee25a834751 14680 input = (byte*)XMALLOC(inputSz, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 14681 if (input == NULL)
wolfSSL 11:cee25a834751 14682 return MEMORY_E;
wolfSSL 11:cee25a834751 14683
wolfSSL 11:cee25a834751 14684 XMEMCPY(input, output + RECORD_HEADER_SZ, inputSz);
wolfSSL 11:cee25a834751 14685 sendSz = BuildMessage(ssl, output, sendSz, input, inputSz,
wolfSSL 11:cee25a834751 14686 handshake, 1, 0, 0);
wolfSSL 11:cee25a834751 14687 XFREE(input, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 14688
wolfSSL 11:cee25a834751 14689 if (sendSz < 0)
wolfSSL 11:cee25a834751 14690 return sendSz;
wolfSSL 11:cee25a834751 14691 } else {
wolfSSL 11:cee25a834751 14692 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 14693 if (ssl->options.dtls)
wolfSSL 11:cee25a834751 14694 DtlsSEQIncrement(ssl, CUR_ORDER);
wolfSSL 11:cee25a834751 14695 #endif
wolfSSL 11:cee25a834751 14696 ret = HashOutput(ssl, output, sendSz, 0);
wolfSSL 11:cee25a834751 14697 if (ret != 0)
wolfSSL 11:cee25a834751 14698 return ret;
wolfSSL 11:cee25a834751 14699 }
wolfSSL 11:cee25a834751 14700
wolfSSL 11:cee25a834751 14701 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 14702 if (IsDtlsNotSctpMode(ssl)) {
wolfSSL 11:cee25a834751 14703 if ((ret = DtlsMsgPoolSave(ssl, output, sendSz)) != 0)
wolfSSL 11:cee25a834751 14704 return ret;
wolfSSL 11:cee25a834751 14705 }
wolfSSL 11:cee25a834751 14706 #endif
wolfSSL 11:cee25a834751 14707
wolfSSL 11:cee25a834751 14708 ssl->options.clientState = CLIENT_HELLO_COMPLETE;
wolfSSL 11:cee25a834751 14709
wolfSSL 11:cee25a834751 14710 #ifdef WOLFSSL_CALLBACKS
wolfSSL 11:cee25a834751 14711 if (ssl->hsInfoOn) AddPacketName("ClientHello", &ssl->handShakeInfo);
wolfSSL 11:cee25a834751 14712 if (ssl->toInfoOn)
wolfSSL 11:cee25a834751 14713 AddPacketInfo("ClientHello", &ssl->timeoutInfo, output, sendSz,
wolfSSL 11:cee25a834751 14714 ssl->heap);
wolfSSL 11:cee25a834751 14715 #endif
wolfSSL 11:cee25a834751 14716
wolfSSL 11:cee25a834751 14717 ssl->buffers.outputBuffer.length += sendSz;
wolfSSL 11:cee25a834751 14718
wolfSSL 11:cee25a834751 14719 return SendBuffered(ssl);
wolfSSL 11:cee25a834751 14720 }
wolfSSL 11:cee25a834751 14721
wolfSSL 11:cee25a834751 14722
wolfSSL 11:cee25a834751 14723 static int DoHelloVerifyRequest(WOLFSSL* ssl, const byte* input,
wolfSSL 11:cee25a834751 14724 word32* inOutIdx, word32 size)
wolfSSL 11:cee25a834751 14725 {
wolfSSL 11:cee25a834751 14726 ProtocolVersion pv;
wolfSSL 11:cee25a834751 14727 byte cookieSz;
wolfSSL 11:cee25a834751 14728 word32 begin = *inOutIdx;
wolfSSL 11:cee25a834751 14729
wolfSSL 11:cee25a834751 14730 #ifdef WOLFSSL_CALLBACKS
wolfSSL 11:cee25a834751 14731 if (ssl->hsInfoOn) AddPacketName("HelloVerifyRequest",
wolfSSL 11:cee25a834751 14732 &ssl->handShakeInfo);
wolfSSL 11:cee25a834751 14733 if (ssl->toInfoOn) AddLateName("HelloVerifyRequest", &ssl->timeoutInfo);
wolfSSL 11:cee25a834751 14734 #endif
wolfSSL 11:cee25a834751 14735
wolfSSL 11:cee25a834751 14736 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 14737 if (ssl->options.dtls) {
wolfSSL 11:cee25a834751 14738 DtlsMsgPoolReset(ssl);
wolfSSL 11:cee25a834751 14739 }
wolfSSL 11:cee25a834751 14740 #endif
wolfSSL 11:cee25a834751 14741
wolfSSL 11:cee25a834751 14742 if ((*inOutIdx - begin) + OPAQUE16_LEN + OPAQUE8_LEN > size)
wolfSSL 11:cee25a834751 14743 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 14744
wolfSSL 11:cee25a834751 14745 XMEMCPY(&pv, input + *inOutIdx, OPAQUE16_LEN);
wolfSSL 11:cee25a834751 14746 *inOutIdx += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 14747
wolfSSL 11:cee25a834751 14748 if (pv.major != DTLS_MAJOR ||
wolfSSL 11:cee25a834751 14749 (pv.minor != DTLS_MINOR && pv.minor != DTLSv1_2_MINOR))
wolfSSL 11:cee25a834751 14750 return VERSION_ERROR;
wolfSSL 11:cee25a834751 14751
wolfSSL 11:cee25a834751 14752 cookieSz = input[(*inOutIdx)++];
wolfSSL 11:cee25a834751 14753
wolfSSL 11:cee25a834751 14754 if (cookieSz) {
wolfSSL 11:cee25a834751 14755 if ((*inOutIdx - begin) + cookieSz > size)
wolfSSL 11:cee25a834751 14756 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 14757
wolfSSL 11:cee25a834751 14758 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 14759 if (cookieSz <= MAX_COOKIE_LEN) {
wolfSSL 11:cee25a834751 14760 XMEMCPY(ssl->arrays->cookie, input + *inOutIdx, cookieSz);
wolfSSL 11:cee25a834751 14761 ssl->arrays->cookieSz = cookieSz;
wolfSSL 11:cee25a834751 14762 }
wolfSSL 11:cee25a834751 14763 #endif
wolfSSL 11:cee25a834751 14764 *inOutIdx += cookieSz;
wolfSSL 11:cee25a834751 14765 }
wolfSSL 11:cee25a834751 14766
wolfSSL 11:cee25a834751 14767 ssl->options.serverState = SERVER_HELLOVERIFYREQUEST_COMPLETE;
wolfSSL 11:cee25a834751 14768 return 0;
wolfSSL 11:cee25a834751 14769 }
wolfSSL 11:cee25a834751 14770
wolfSSL 11:cee25a834751 14771
wolfSSL 11:cee25a834751 14772 static INLINE int DSH_CheckSessionId(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 14773 {
wolfSSL 11:cee25a834751 14774 int ret = 0;
wolfSSL 11:cee25a834751 14775
wolfSSL 11:cee25a834751 14776 #ifdef HAVE_SECRET_CALLBACK
wolfSSL 11:cee25a834751 14777 /* If a session secret callback exists, we are using that
wolfSSL 11:cee25a834751 14778 * key instead of the saved session key. */
wolfSSL 11:cee25a834751 14779 ret = ret || (ssl->sessionSecretCb != NULL);
wolfSSL 11:cee25a834751 14780 #endif
wolfSSL 11:cee25a834751 14781
wolfSSL 11:cee25a834751 14782 #ifdef HAVE_SESSION_TICKET
wolfSSL 11:cee25a834751 14783 /* server may send blank ticket which may not be expected to indicate
wolfSSL 11:cee25a834751 14784 * existing one ok but will also be sending a new one */
wolfSSL 11:cee25a834751 14785 ret = ret || (ssl->session.ticketLen > 0);
wolfSSL 11:cee25a834751 14786 #endif
wolfSSL 11:cee25a834751 14787
wolfSSL 11:cee25a834751 14788 ret = ret ||
wolfSSL 11:cee25a834751 14789 (ssl->options.haveSessionId && XMEMCMP(ssl->arrays->sessionID,
wolfSSL 11:cee25a834751 14790 ssl->session.sessionID, ID_LEN) == 0);
wolfSSL 11:cee25a834751 14791
wolfSSL 11:cee25a834751 14792 return ret;
wolfSSL 11:cee25a834751 14793 }
wolfSSL 11:cee25a834751 14794
wolfSSL 11:cee25a834751 14795 static int DoServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
wolfSSL 11:cee25a834751 14796 word32 helloSz)
wolfSSL 11:cee25a834751 14797 {
wolfSSL 11:cee25a834751 14798 byte cs0; /* cipher suite bytes 0, 1 */
wolfSSL 11:cee25a834751 14799 byte cs1;
wolfSSL 11:cee25a834751 14800 ProtocolVersion pv;
wolfSSL 11:cee25a834751 14801 byte compression;
wolfSSL 11:cee25a834751 14802 word32 i = *inOutIdx;
wolfSSL 11:cee25a834751 14803 word32 begin = i;
wolfSSL 11:cee25a834751 14804
wolfSSL 11:cee25a834751 14805 #ifdef WOLFSSL_CALLBACKS
wolfSSL 11:cee25a834751 14806 if (ssl->hsInfoOn) AddPacketName("ServerHello", &ssl->handShakeInfo);
wolfSSL 11:cee25a834751 14807 if (ssl->toInfoOn) AddLateName("ServerHello", &ssl->timeoutInfo);
wolfSSL 11:cee25a834751 14808 #endif
wolfSSL 11:cee25a834751 14809
wolfSSL 11:cee25a834751 14810 /* protocol version, random and session id length check */
wolfSSL 11:cee25a834751 14811 if (OPAQUE16_LEN + RAN_LEN + OPAQUE8_LEN > helloSz)
wolfSSL 11:cee25a834751 14812 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 14813
wolfSSL 11:cee25a834751 14814 /* protocol version */
wolfSSL 11:cee25a834751 14815 XMEMCPY(&pv, input + i, OPAQUE16_LEN);
wolfSSL 11:cee25a834751 14816 i += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 14817
wolfSSL 11:cee25a834751 14818 if (pv.minor > ssl->version.minor) {
wolfSSL 11:cee25a834751 14819 WOLFSSL_MSG("Server using higher version, fatal error");
wolfSSL 11:cee25a834751 14820 return VERSION_ERROR;
wolfSSL 11:cee25a834751 14821 }
wolfSSL 11:cee25a834751 14822 else if (pv.minor < ssl->version.minor) {
wolfSSL 11:cee25a834751 14823 WOLFSSL_MSG("server using lower version");
wolfSSL 11:cee25a834751 14824
wolfSSL 11:cee25a834751 14825 if (!ssl->options.downgrade) {
wolfSSL 11:cee25a834751 14826 WOLFSSL_MSG("\tno downgrade allowed, fatal error");
wolfSSL 11:cee25a834751 14827 return VERSION_ERROR;
wolfSSL 11:cee25a834751 14828 }
wolfSSL 11:cee25a834751 14829 if (pv.minor < ssl->options.minDowngrade) {
wolfSSL 11:cee25a834751 14830 WOLFSSL_MSG("\tversion below minimum allowed, fatal error");
wolfSSL 11:cee25a834751 14831 return VERSION_ERROR;
wolfSSL 11:cee25a834751 14832 }
wolfSSL 11:cee25a834751 14833
wolfSSL 11:cee25a834751 14834 #ifdef HAVE_SECURE_RENEGOTIATION
wolfSSL 11:cee25a834751 14835 if (ssl->secure_renegotiation &&
wolfSSL 11:cee25a834751 14836 ssl->secure_renegotiation->enabled &&
wolfSSL 11:cee25a834751 14837 ssl->options.handShakeDone) {
wolfSSL 11:cee25a834751 14838 WOLFSSL_MSG("Server changed version during scr");
wolfSSL 11:cee25a834751 14839 return VERSION_ERROR;
wolfSSL 11:cee25a834751 14840 }
wolfSSL 11:cee25a834751 14841 #endif
wolfSSL 11:cee25a834751 14842
wolfSSL 11:cee25a834751 14843 if (pv.minor == SSLv3_MINOR) {
wolfSSL 11:cee25a834751 14844 /* turn off tls */
wolfSSL 11:cee25a834751 14845 WOLFSSL_MSG("\tdowngrading to SSLv3");
wolfSSL 11:cee25a834751 14846 ssl->options.tls = 0;
wolfSSL 11:cee25a834751 14847 ssl->options.tls1_1 = 0;
wolfSSL 11:cee25a834751 14848 ssl->version.minor = SSLv3_MINOR;
wolfSSL 11:cee25a834751 14849 }
wolfSSL 11:cee25a834751 14850 else if (pv.minor == TLSv1_MINOR) {
wolfSSL 11:cee25a834751 14851 /* turn off tls 1.1+ */
wolfSSL 11:cee25a834751 14852 WOLFSSL_MSG("\tdowngrading to TLSv1");
wolfSSL 11:cee25a834751 14853 ssl->options.tls1_1 = 0;
wolfSSL 11:cee25a834751 14854 ssl->version.minor = TLSv1_MINOR;
wolfSSL 11:cee25a834751 14855 }
wolfSSL 11:cee25a834751 14856 else if (pv.minor == TLSv1_1_MINOR) {
wolfSSL 11:cee25a834751 14857 WOLFSSL_MSG("\tdowngrading to TLSv1.1");
wolfSSL 11:cee25a834751 14858 ssl->version.minor = TLSv1_1_MINOR;
wolfSSL 11:cee25a834751 14859 }
wolfSSL 11:cee25a834751 14860 }
wolfSSL 11:cee25a834751 14861
wolfSSL 11:cee25a834751 14862 /* random */
wolfSSL 11:cee25a834751 14863 XMEMCPY(ssl->arrays->serverRandom, input + i, RAN_LEN);
wolfSSL 11:cee25a834751 14864 i += RAN_LEN;
wolfSSL 11:cee25a834751 14865
wolfSSL 11:cee25a834751 14866 /* session id */
wolfSSL 11:cee25a834751 14867 ssl->arrays->sessionIDSz = input[i++];
wolfSSL 11:cee25a834751 14868
wolfSSL 11:cee25a834751 14869 if (ssl->arrays->sessionIDSz > ID_LEN) {
wolfSSL 11:cee25a834751 14870 WOLFSSL_MSG("Invalid session ID size");
wolfSSL 11:cee25a834751 14871 ssl->arrays->sessionIDSz = 0;
wolfSSL 11:cee25a834751 14872 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 14873 }
wolfSSL 11:cee25a834751 14874 else if (ssl->arrays->sessionIDSz) {
wolfSSL 11:cee25a834751 14875 if ((i - begin) + ssl->arrays->sessionIDSz > helloSz)
wolfSSL 11:cee25a834751 14876 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 14877
wolfSSL 11:cee25a834751 14878 XMEMCPY(ssl->arrays->sessionID, input + i,
wolfSSL 11:cee25a834751 14879 ssl->arrays->sessionIDSz);
wolfSSL 11:cee25a834751 14880 i += ssl->arrays->sessionIDSz;
wolfSSL 11:cee25a834751 14881 ssl->options.haveSessionId = 1;
wolfSSL 11:cee25a834751 14882 }
wolfSSL 11:cee25a834751 14883
wolfSSL 11:cee25a834751 14884
wolfSSL 11:cee25a834751 14885 /* suite and compression */
wolfSSL 11:cee25a834751 14886 if ((i - begin) + OPAQUE16_LEN + OPAQUE8_LEN > helloSz)
wolfSSL 11:cee25a834751 14887 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 14888
wolfSSL 11:cee25a834751 14889 cs0 = input[i++];
wolfSSL 11:cee25a834751 14890 cs1 = input[i++];
wolfSSL 11:cee25a834751 14891
wolfSSL 11:cee25a834751 14892 #ifdef HAVE_SECURE_RENEGOTIATION
wolfSSL 11:cee25a834751 14893 if (ssl->secure_renegotiation && ssl->secure_renegotiation->enabled &&
wolfSSL 11:cee25a834751 14894 ssl->options.handShakeDone) {
wolfSSL 11:cee25a834751 14895 if (ssl->options.cipherSuite0 != cs0 ||
wolfSSL 11:cee25a834751 14896 ssl->options.cipherSuite != cs1) {
wolfSSL 11:cee25a834751 14897 WOLFSSL_MSG("Server changed cipher suite during scr");
wolfSSL 11:cee25a834751 14898 return MATCH_SUITE_ERROR;
wolfSSL 11:cee25a834751 14899 }
wolfSSL 11:cee25a834751 14900 }
wolfSSL 11:cee25a834751 14901 #endif
wolfSSL 11:cee25a834751 14902
wolfSSL 11:cee25a834751 14903 ssl->options.cipherSuite0 = cs0;
wolfSSL 11:cee25a834751 14904 ssl->options.cipherSuite = cs1;
wolfSSL 11:cee25a834751 14905 compression = input[i++];
wolfSSL 11:cee25a834751 14906
wolfSSL 11:cee25a834751 14907 if (compression != NO_COMPRESSION && !ssl->options.usingCompression) {
wolfSSL 11:cee25a834751 14908 WOLFSSL_MSG("Server forcing compression w/o support");
wolfSSL 11:cee25a834751 14909 return COMPRESSION_ERROR;
wolfSSL 11:cee25a834751 14910 }
wolfSSL 11:cee25a834751 14911
wolfSSL 11:cee25a834751 14912 if (compression != ZLIB_COMPRESSION && ssl->options.usingCompression) {
wolfSSL 11:cee25a834751 14913 WOLFSSL_MSG("Server refused compression, turning off");
wolfSSL 11:cee25a834751 14914 ssl->options.usingCompression = 0; /* turn off if server refused */
wolfSSL 11:cee25a834751 14915 }
wolfSSL 11:cee25a834751 14916
wolfSSL 11:cee25a834751 14917 *inOutIdx = i;
wolfSSL 11:cee25a834751 14918
wolfSSL 11:cee25a834751 14919 #ifdef HAVE_TLS_EXTENSIONS
wolfSSL 11:cee25a834751 14920 if ( (i - begin) < helloSz) {
wolfSSL 11:cee25a834751 14921 if (TLSX_SupportExtensions(ssl)) {
wolfSSL 11:cee25a834751 14922 int ret = 0;
wolfSSL 11:cee25a834751 14923 word16 totalExtSz;
wolfSSL 11:cee25a834751 14924
wolfSSL 11:cee25a834751 14925 if ((i - begin) + OPAQUE16_LEN > helloSz)
wolfSSL 11:cee25a834751 14926 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 14927
wolfSSL 11:cee25a834751 14928 ato16(&input[i], &totalExtSz);
wolfSSL 11:cee25a834751 14929 i += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 14930
wolfSSL 11:cee25a834751 14931 if ((i - begin) + totalExtSz > helloSz)
wolfSSL 11:cee25a834751 14932 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 14933
wolfSSL 11:cee25a834751 14934 if ((ret = TLSX_Parse(ssl, (byte *) input + i,
wolfSSL 11:cee25a834751 14935 totalExtSz, 0, NULL)))
wolfSSL 11:cee25a834751 14936 return ret;
wolfSSL 11:cee25a834751 14937
wolfSSL 11:cee25a834751 14938 i += totalExtSz;
wolfSSL 11:cee25a834751 14939 *inOutIdx = i;
wolfSSL 11:cee25a834751 14940 }
wolfSSL 11:cee25a834751 14941 else
wolfSSL 11:cee25a834751 14942 *inOutIdx = begin + helloSz; /* skip extensions */
wolfSSL 11:cee25a834751 14943 }
wolfSSL 11:cee25a834751 14944 else
wolfSSL 11:cee25a834751 14945 ssl->options.haveEMS = 0; /* If no extensions, no EMS */
wolfSSL 11:cee25a834751 14946 #else
wolfSSL 11:cee25a834751 14947 {
wolfSSL 11:cee25a834751 14948 int allowExt = 0;
wolfSSL 11:cee25a834751 14949 byte pendingEMS = 0;
wolfSSL 11:cee25a834751 14950
wolfSSL 11:cee25a834751 14951 if ( (i - begin) < helloSz) {
wolfSSL 11:cee25a834751 14952 if (ssl->version.major == SSLv3_MAJOR &&
wolfSSL 11:cee25a834751 14953 ssl->version.minor >= TLSv1_MINOR) {
wolfSSL 11:cee25a834751 14954
wolfSSL 11:cee25a834751 14955 allowExt = 1;
wolfSSL 11:cee25a834751 14956 }
wolfSSL 11:cee25a834751 14957 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 14958 if (ssl->version.major == DTLS_MAJOR)
wolfSSL 11:cee25a834751 14959 allowExt = 1;
wolfSSL 11:cee25a834751 14960 #endif
wolfSSL 11:cee25a834751 14961
wolfSSL 11:cee25a834751 14962 if (allowExt) {
wolfSSL 11:cee25a834751 14963 word16 totalExtSz;
wolfSSL 11:cee25a834751 14964
wolfSSL 11:cee25a834751 14965 if ((i - begin) + OPAQUE16_LEN > helloSz)
wolfSSL 11:cee25a834751 14966 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 14967
wolfSSL 11:cee25a834751 14968 ato16(&input[i], &totalExtSz);
wolfSSL 11:cee25a834751 14969 i += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 14970
wolfSSL 11:cee25a834751 14971 if ((i - begin) + totalExtSz > helloSz)
wolfSSL 11:cee25a834751 14972 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 14973
wolfSSL 11:cee25a834751 14974 while (totalExtSz) {
wolfSSL 11:cee25a834751 14975 word16 extId, extSz;
wolfSSL 11:cee25a834751 14976
wolfSSL 11:cee25a834751 14977 if (OPAQUE16_LEN + OPAQUE16_LEN > totalExtSz)
wolfSSL 11:cee25a834751 14978 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 14979
wolfSSL 11:cee25a834751 14980 ato16(&input[i], &extId);
wolfSSL 11:cee25a834751 14981 i += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 14982 ato16(&input[i], &extSz);
wolfSSL 11:cee25a834751 14983 i += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 14984
wolfSSL 11:cee25a834751 14985 if (OPAQUE16_LEN + OPAQUE16_LEN + extSz > totalExtSz)
wolfSSL 11:cee25a834751 14986 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 14987
wolfSSL 11:cee25a834751 14988 if (extId == HELLO_EXT_EXTMS)
wolfSSL 11:cee25a834751 14989 pendingEMS = 1;
wolfSSL 11:cee25a834751 14990 else
wolfSSL 11:cee25a834751 14991 i += extSz;
wolfSSL 11:cee25a834751 14992
wolfSSL 11:cee25a834751 14993 totalExtSz -= OPAQUE16_LEN + OPAQUE16_LEN + extSz;
wolfSSL 11:cee25a834751 14994 }
wolfSSL 11:cee25a834751 14995
wolfSSL 11:cee25a834751 14996 *inOutIdx = i;
wolfSSL 11:cee25a834751 14997 }
wolfSSL 11:cee25a834751 14998 else
wolfSSL 11:cee25a834751 14999 *inOutIdx = begin + helloSz; /* skip extensions */
wolfSSL 11:cee25a834751 15000 }
wolfSSL 11:cee25a834751 15001
wolfSSL 11:cee25a834751 15002 if (!pendingEMS && ssl->options.haveEMS)
wolfSSL 11:cee25a834751 15003 ssl->options.haveEMS = 0;
wolfSSL 11:cee25a834751 15004 }
wolfSSL 11:cee25a834751 15005 #endif
wolfSSL 11:cee25a834751 15006
wolfSSL 11:cee25a834751 15007 ssl->options.serverState = SERVER_HELLO_COMPLETE;
wolfSSL 11:cee25a834751 15008
wolfSSL 11:cee25a834751 15009 if (IsEncryptionOn(ssl, 0)) {
wolfSSL 11:cee25a834751 15010 *inOutIdx += ssl->keys.padSz;
wolfSSL 11:cee25a834751 15011 }
wolfSSL 11:cee25a834751 15012
wolfSSL 11:cee25a834751 15013 #ifdef HAVE_SECRET_CALLBACK
wolfSSL 11:cee25a834751 15014 if (ssl->sessionSecretCb != NULL) {
wolfSSL 11:cee25a834751 15015 int secretSz = SECRET_LEN, ret;
wolfSSL 11:cee25a834751 15016 ret = ssl->sessionSecretCb(ssl, ssl->session.masterSecret,
wolfSSL 11:cee25a834751 15017 &secretSz, ssl->sessionSecretCtx);
wolfSSL 11:cee25a834751 15018 if (ret != 0 || secretSz != SECRET_LEN)
wolfSSL 11:cee25a834751 15019 return SESSION_SECRET_CB_E;
wolfSSL 11:cee25a834751 15020 }
wolfSSL 11:cee25a834751 15021 #endif /* HAVE_SECRET_CALLBACK */
wolfSSL 11:cee25a834751 15022
wolfSSL 11:cee25a834751 15023 if (ssl->options.resuming) {
wolfSSL 11:cee25a834751 15024 if (DSH_CheckSessionId(ssl)) {
wolfSSL 11:cee25a834751 15025 if (SetCipherSpecs(ssl) == 0) {
wolfSSL 11:cee25a834751 15026 int ret = -1;
wolfSSL 11:cee25a834751 15027
wolfSSL 11:cee25a834751 15028 XMEMCPY(ssl->arrays->masterSecret,
wolfSSL 11:cee25a834751 15029 ssl->session.masterSecret, SECRET_LEN);
wolfSSL 11:cee25a834751 15030 #ifdef NO_OLD_TLS
wolfSSL 11:cee25a834751 15031 ret = DeriveTlsKeys(ssl);
wolfSSL 11:cee25a834751 15032 #else
wolfSSL 11:cee25a834751 15033 #ifndef NO_TLS
wolfSSL 11:cee25a834751 15034 if (ssl->options.tls)
wolfSSL 11:cee25a834751 15035 ret = DeriveTlsKeys(ssl);
wolfSSL 11:cee25a834751 15036 #endif
wolfSSL 11:cee25a834751 15037 if (!ssl->options.tls)
wolfSSL 11:cee25a834751 15038 ret = DeriveKeys(ssl);
wolfSSL 11:cee25a834751 15039 #endif
wolfSSL 11:cee25a834751 15040 ssl->options.serverState = SERVER_HELLODONE_COMPLETE;
wolfSSL 11:cee25a834751 15041
wolfSSL 11:cee25a834751 15042 return ret;
wolfSSL 11:cee25a834751 15043 }
wolfSSL 11:cee25a834751 15044 else {
wolfSSL 11:cee25a834751 15045 WOLFSSL_MSG("Unsupported cipher suite, DoServerHello");
wolfSSL 11:cee25a834751 15046 return UNSUPPORTED_SUITE;
wolfSSL 11:cee25a834751 15047 }
wolfSSL 11:cee25a834751 15048 }
wolfSSL 11:cee25a834751 15049 else {
wolfSSL 11:cee25a834751 15050 WOLFSSL_MSG("Server denied resumption attempt");
wolfSSL 11:cee25a834751 15051 ssl->options.resuming = 0; /* server denied resumption try */
wolfSSL 11:cee25a834751 15052 }
wolfSSL 11:cee25a834751 15053 }
wolfSSL 11:cee25a834751 15054 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 15055 if (ssl->options.dtls) {
wolfSSL 11:cee25a834751 15056 DtlsMsgPoolReset(ssl);
wolfSSL 11:cee25a834751 15057 }
wolfSSL 11:cee25a834751 15058 #endif
wolfSSL 11:cee25a834751 15059
wolfSSL 11:cee25a834751 15060 return SetCipherSpecs(ssl);
wolfSSL 11:cee25a834751 15061 }
wolfSSL 11:cee25a834751 15062
wolfSSL 11:cee25a834751 15063
wolfSSL 11:cee25a834751 15064 /* Make sure client setup is valid for this suite, true on success */
wolfSSL 11:cee25a834751 15065 int VerifyClientSuite(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 15066 {
wolfSSL 11:cee25a834751 15067 int havePSK = 0;
wolfSSL 11:cee25a834751 15068 byte first = ssl->options.cipherSuite0;
wolfSSL 11:cee25a834751 15069 byte second = ssl->options.cipherSuite;
wolfSSL 11:cee25a834751 15070
wolfSSL 11:cee25a834751 15071 WOLFSSL_ENTER("VerifyClientSuite");
wolfSSL 11:cee25a834751 15072
wolfSSL 11:cee25a834751 15073 #ifndef NO_PSK
wolfSSL 11:cee25a834751 15074 havePSK = ssl->options.havePSK;
wolfSSL 11:cee25a834751 15075 #endif
wolfSSL 11:cee25a834751 15076
wolfSSL 11:cee25a834751 15077 if (CipherRequires(first, second, REQUIRES_PSK)) {
wolfSSL 11:cee25a834751 15078 WOLFSSL_MSG("Requires PSK");
wolfSSL 11:cee25a834751 15079 if (havePSK == 0) {
wolfSSL 11:cee25a834751 15080 WOLFSSL_MSG("Don't have PSK");
wolfSSL 11:cee25a834751 15081 return 0;
wolfSSL 11:cee25a834751 15082 }
wolfSSL 11:cee25a834751 15083 }
wolfSSL 11:cee25a834751 15084
wolfSSL 11:cee25a834751 15085 return 1; /* success */
wolfSSL 11:cee25a834751 15086 }
wolfSSL 11:cee25a834751 15087
wolfSSL 11:cee25a834751 15088
wolfSSL 11:cee25a834751 15089 #ifndef NO_CERTS
wolfSSL 11:cee25a834751 15090 /* just read in and ignore for now TODO: */
wolfSSL 11:cee25a834751 15091 static int DoCertificateRequest(WOLFSSL* ssl, const byte* input, word32*
wolfSSL 11:cee25a834751 15092 inOutIdx, word32 size)
wolfSSL 11:cee25a834751 15093 {
wolfSSL 11:cee25a834751 15094 word16 len;
wolfSSL 11:cee25a834751 15095 word32 begin = *inOutIdx;
wolfSSL 11:cee25a834751 15096
wolfSSL 11:cee25a834751 15097 #ifdef WOLFSSL_CALLBACKS
wolfSSL 11:cee25a834751 15098 if (ssl->hsInfoOn)
wolfSSL 11:cee25a834751 15099 AddPacketName("CertificateRequest", &ssl->handShakeInfo);
wolfSSL 11:cee25a834751 15100 if (ssl->toInfoOn)
wolfSSL 11:cee25a834751 15101 AddLateName("CertificateRequest", &ssl->timeoutInfo);
wolfSSL 11:cee25a834751 15102 #endif
wolfSSL 11:cee25a834751 15103
wolfSSL 11:cee25a834751 15104 if ((*inOutIdx - begin) + OPAQUE8_LEN > size)
wolfSSL 11:cee25a834751 15105 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 15106
wolfSSL 11:cee25a834751 15107 len = input[(*inOutIdx)++];
wolfSSL 11:cee25a834751 15108
wolfSSL 11:cee25a834751 15109 if ((*inOutIdx - begin) + len > size)
wolfSSL 11:cee25a834751 15110 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 15111
wolfSSL 11:cee25a834751 15112 /* types, read in here */
wolfSSL 11:cee25a834751 15113 *inOutIdx += len;
wolfSSL 11:cee25a834751 15114
wolfSSL 11:cee25a834751 15115 /* signature and hash signature algorithm */
wolfSSL 11:cee25a834751 15116 if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL 11:cee25a834751 15117 if ((*inOutIdx - begin) + OPAQUE16_LEN > size)
wolfSSL 11:cee25a834751 15118 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 15119
wolfSSL 11:cee25a834751 15120 ato16(input + *inOutIdx, &len);
wolfSSL 11:cee25a834751 15121 *inOutIdx += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 15122
wolfSSL 11:cee25a834751 15123 if ((*inOutIdx - begin) + len > size)
wolfSSL 11:cee25a834751 15124 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 15125
wolfSSL 11:cee25a834751 15126 PickHashSigAlgo(ssl, input + *inOutIdx, len);
wolfSSL 11:cee25a834751 15127 *inOutIdx += len;
wolfSSL 11:cee25a834751 15128 }
wolfSSL 11:cee25a834751 15129
wolfSSL 11:cee25a834751 15130 /* authorities */
wolfSSL 11:cee25a834751 15131 if ((*inOutIdx - begin) + OPAQUE16_LEN > size)
wolfSSL 11:cee25a834751 15132 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 15133
wolfSSL 11:cee25a834751 15134 ato16(input + *inOutIdx, &len);
wolfSSL 11:cee25a834751 15135 *inOutIdx += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 15136
wolfSSL 11:cee25a834751 15137 if ((*inOutIdx - begin) + len > size)
wolfSSL 11:cee25a834751 15138 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 15139
wolfSSL 11:cee25a834751 15140 while (len) {
wolfSSL 11:cee25a834751 15141 word16 dnSz;
wolfSSL 11:cee25a834751 15142
wolfSSL 11:cee25a834751 15143 if ((*inOutIdx - begin) + OPAQUE16_LEN > size)
wolfSSL 11:cee25a834751 15144 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 15145
wolfSSL 11:cee25a834751 15146 ato16(input + *inOutIdx, &dnSz);
wolfSSL 11:cee25a834751 15147 *inOutIdx += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 15148
wolfSSL 11:cee25a834751 15149 if ((*inOutIdx - begin) + dnSz > size)
wolfSSL 11:cee25a834751 15150 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 15151
wolfSSL 11:cee25a834751 15152 *inOutIdx += dnSz;
wolfSSL 11:cee25a834751 15153 len -= OPAQUE16_LEN + dnSz;
wolfSSL 11:cee25a834751 15154 }
wolfSSL 11:cee25a834751 15155
wolfSSL 11:cee25a834751 15156 /* don't send client cert or cert verify if user hasn't provided
wolfSSL 11:cee25a834751 15157 cert and private key */
wolfSSL 11:cee25a834751 15158 if (ssl->buffers.certificate && ssl->buffers.certificate->buffer &&
wolfSSL 11:cee25a834751 15159 ssl->buffers.key && ssl->buffers.key->buffer)
wolfSSL 11:cee25a834751 15160 ssl->options.sendVerify = SEND_CERT;
wolfSSL 11:cee25a834751 15161 else if (IsTLS(ssl))
wolfSSL 11:cee25a834751 15162 ssl->options.sendVerify = SEND_BLANK_CERT;
wolfSSL 11:cee25a834751 15163
wolfSSL 11:cee25a834751 15164 if (IsEncryptionOn(ssl, 0))
wolfSSL 11:cee25a834751 15165 *inOutIdx += ssl->keys.padSz;
wolfSSL 11:cee25a834751 15166
wolfSSL 11:cee25a834751 15167 return 0;
wolfSSL 11:cee25a834751 15168 }
wolfSSL 11:cee25a834751 15169 #endif /* !NO_CERTS */
wolfSSL 11:cee25a834751 15170
wolfSSL 11:cee25a834751 15171
wolfSSL 11:cee25a834751 15172 #ifdef HAVE_ECC
wolfSSL 11:cee25a834751 15173
wolfSSL 11:cee25a834751 15174 static int CheckCurveId(int tlsCurveId)
wolfSSL 11:cee25a834751 15175 {
wolfSSL 11:cee25a834751 15176 int ret = ECC_CURVE_ERROR;
wolfSSL 11:cee25a834751 15177
wolfSSL 11:cee25a834751 15178 switch (tlsCurveId) {
wolfSSL 11:cee25a834751 15179 #if defined(HAVE_ECC160) || defined(HAVE_ALL_CURVES)
wolfSSL 11:cee25a834751 15180 #ifndef NO_ECC_SECP
wolfSSL 11:cee25a834751 15181 case WOLFSSL_ECC_SECP160R1: return ECC_SECP160R1_OID;
wolfSSL 11:cee25a834751 15182 #endif /* !NO_ECC_SECP */
wolfSSL 11:cee25a834751 15183 #ifdef HAVE_ECC_SECPR2
wolfSSL 11:cee25a834751 15184 case WOLFSSL_ECC_SECP160R2: return ECC_SECP160R2_OID;
wolfSSL 11:cee25a834751 15185 #endif /* HAVE_ECC_SECPR2 */
wolfSSL 11:cee25a834751 15186 #ifdef HAVE_ECC_KOBLITZ
wolfSSL 11:cee25a834751 15187 case WOLFSSL_ECC_SECP160K1: return ECC_SECP160K1_OID;
wolfSSL 11:cee25a834751 15188 #endif /* HAVE_ECC_KOBLITZ */
wolfSSL 11:cee25a834751 15189 #endif
wolfSSL 11:cee25a834751 15190 #if defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)
wolfSSL 11:cee25a834751 15191 #ifndef NO_ECC_SECP
wolfSSL 11:cee25a834751 15192 case WOLFSSL_ECC_SECP192R1: return ECC_SECP192R1_OID;
wolfSSL 11:cee25a834751 15193 #endif /* !NO_ECC_SECP */
wolfSSL 11:cee25a834751 15194 #ifdef HAVE_ECC_KOBLITZ
wolfSSL 11:cee25a834751 15195 case WOLFSSL_ECC_SECP192K1: return ECC_SECP192K1_OID;
wolfSSL 11:cee25a834751 15196 #endif /* HAVE_ECC_KOBLITZ */
wolfSSL 11:cee25a834751 15197 #endif
wolfSSL 11:cee25a834751 15198 #if defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES)
wolfSSL 11:cee25a834751 15199 #ifndef NO_ECC_SECP
wolfSSL 11:cee25a834751 15200 case WOLFSSL_ECC_SECP224R1: return ECC_SECP224R1_OID;
wolfSSL 11:cee25a834751 15201 #endif /* !NO_ECC_SECP */
wolfSSL 11:cee25a834751 15202 #ifdef HAVE_ECC_KOBLITZ
wolfSSL 11:cee25a834751 15203 case WOLFSSL_ECC_SECP224K1: return ECC_SECP224K1_OID;
wolfSSL 11:cee25a834751 15204 #endif /* HAVE_ECC_KOBLITZ */
wolfSSL 11:cee25a834751 15205 #endif
wolfSSL 11:cee25a834751 15206 #if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES)
wolfSSL 11:cee25a834751 15207 #ifndef NO_ECC_SECP
wolfSSL 11:cee25a834751 15208 case WOLFSSL_ECC_SECP256R1: return ECC_SECP256R1_OID;
wolfSSL 11:cee25a834751 15209 #endif /* !NO_ECC_SECP */
wolfSSL 11:cee25a834751 15210 #ifdef HAVE_ECC_KOBLITZ
wolfSSL 11:cee25a834751 15211 case WOLFSSL_ECC_SECP256K1: return ECC_SECP256K1_OID;
wolfSSL 11:cee25a834751 15212 #endif /* HAVE_ECC_KOBLITZ */
wolfSSL 11:cee25a834751 15213 #ifdef HAVE_ECC_BRAINPOOL
wolfSSL 11:cee25a834751 15214 case WOLFSSL_ECC_BRAINPOOLP256R1: return ECC_BRAINPOOLP256R1_OID;
wolfSSL 11:cee25a834751 15215 #endif /* HAVE_ECC_BRAINPOOL */
wolfSSL 11:cee25a834751 15216 #endif
wolfSSL 11:cee25a834751 15217 #if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)
wolfSSL 11:cee25a834751 15218 #ifndef NO_ECC_SECP
wolfSSL 11:cee25a834751 15219 case WOLFSSL_ECC_SECP384R1: return ECC_SECP384R1_OID;
wolfSSL 11:cee25a834751 15220 #endif /* !NO_ECC_SECP */
wolfSSL 11:cee25a834751 15221 #ifdef HAVE_ECC_BRAINPOOL
wolfSSL 11:cee25a834751 15222 case WOLFSSL_ECC_BRAINPOOLP384R1: return ECC_BRAINPOOLP384R1_OID;
wolfSSL 11:cee25a834751 15223 #endif /* HAVE_ECC_BRAINPOOL */
wolfSSL 11:cee25a834751 15224 #endif
wolfSSL 11:cee25a834751 15225 #if defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES)
wolfSSL 11:cee25a834751 15226 #ifdef HAVE_ECC_BRAINPOOL
wolfSSL 11:cee25a834751 15227 case WOLFSSL_ECC_BRAINPOOLP512R1: return ECC_BRAINPOOLP512R1_OID;
wolfSSL 11:cee25a834751 15228 #endif /* HAVE_ECC_BRAINPOOL */
wolfSSL 11:cee25a834751 15229 #endif
wolfSSL 11:cee25a834751 15230 #if defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)
wolfSSL 11:cee25a834751 15231 #ifndef NO_ECC_SECP
wolfSSL 11:cee25a834751 15232 case WOLFSSL_ECC_SECP521R1: return ECC_SECP521R1_OID;
wolfSSL 11:cee25a834751 15233 #endif /* !NO_ECC_SECP */
wolfSSL 11:cee25a834751 15234 #endif
wolfSSL 11:cee25a834751 15235 }
wolfSSL 11:cee25a834751 15236
wolfSSL 11:cee25a834751 15237 return ret;
wolfSSL 11:cee25a834751 15238 }
wolfSSL 11:cee25a834751 15239
wolfSSL 11:cee25a834751 15240 #endif /* HAVE_ECC */
wolfSSL 11:cee25a834751 15241
wolfSSL 11:cee25a834751 15242
wolfSSL 11:cee25a834751 15243 /* Persistable DoServerKeyExchange arguments */
wolfSSL 11:cee25a834751 15244 typedef struct DskeArgs {
wolfSSL 11:cee25a834751 15245 byte* output; /* not allocated */
wolfSSL 11:cee25a834751 15246 #if !defined(NO_DH) || defined(HAVE_ECC)
wolfSSL 11:cee25a834751 15247 byte* verifySig;
wolfSSL 11:cee25a834751 15248 #endif
wolfSSL 11:cee25a834751 15249 word32 idx;
wolfSSL 11:cee25a834751 15250 word32 begin;
wolfSSL 11:cee25a834751 15251 #ifndef NO_RSA
wolfSSL 11:cee25a834751 15252 int typeH;
wolfSSL 11:cee25a834751 15253 #endif
wolfSSL 11:cee25a834751 15254 #if !defined(NO_DH) || defined(HAVE_ECC)
wolfSSL 11:cee25a834751 15255 word16 verifySigSz;
wolfSSL 11:cee25a834751 15256 #endif
wolfSSL 11:cee25a834751 15257 word16 sigSz;
wolfSSL 11:cee25a834751 15258 byte sigAlgo;
wolfSSL 11:cee25a834751 15259 } DskeArgs;
wolfSSL 11:cee25a834751 15260
wolfSSL 11:cee25a834751 15261 static void FreeDskeArgs(WOLFSSL* ssl, void* pArgs)
wolfSSL 11:cee25a834751 15262 {
wolfSSL 11:cee25a834751 15263 DskeArgs* args = (DskeArgs*)pArgs;
wolfSSL 11:cee25a834751 15264
wolfSSL 11:cee25a834751 15265 (void)ssl;
wolfSSL 11:cee25a834751 15266 (void)args;
wolfSSL 11:cee25a834751 15267
wolfSSL 11:cee25a834751 15268 #if !defined(NO_DH) || defined(HAVE_ECC)
wolfSSL 11:cee25a834751 15269 if (args->verifySig) {
wolfSSL 11:cee25a834751 15270 XFREE(args->verifySig, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 15271 args->verifySig = NULL;
wolfSSL 11:cee25a834751 15272 }
wolfSSL 11:cee25a834751 15273 #endif
wolfSSL 11:cee25a834751 15274 }
wolfSSL 11:cee25a834751 15275
wolfSSL 11:cee25a834751 15276 static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input,
wolfSSL 11:cee25a834751 15277 word32* inOutIdx, word32 size)
wolfSSL 11:cee25a834751 15278 {
wolfSSL 11:cee25a834751 15279 int ret = 0;
wolfSSL 11:cee25a834751 15280 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 11:cee25a834751 15281 DskeArgs* args = (DskeArgs*)ssl->async.args;
wolfSSL 11:cee25a834751 15282 typedef char args_test[sizeof(ssl->async.args) >= sizeof(*args) ? 1 : -1];
wolfSSL 11:cee25a834751 15283 (void)sizeof(args_test);
wolfSSL 11:cee25a834751 15284 #else
wolfSSL 11:cee25a834751 15285 DskeArgs args[1];
wolfSSL 11:cee25a834751 15286 #endif
wolfSSL 11:cee25a834751 15287
wolfSSL 11:cee25a834751 15288 WOLFSSL_ENTER("DoServerKeyExchange");
wolfSSL 11:cee25a834751 15289
wolfSSL 11:cee25a834751 15290 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 11:cee25a834751 15291 ret = wolfSSL_AsyncPop(ssl, &ssl->options.asyncState);
wolfSSL 11:cee25a834751 15292 if (ret != WC_NOT_PENDING_E) {
wolfSSL 11:cee25a834751 15293 /* Check for error */
wolfSSL 11:cee25a834751 15294 if (ret < 0)
wolfSSL 11:cee25a834751 15295 goto exit_dske;
wolfSSL 11:cee25a834751 15296 }
wolfSSL 11:cee25a834751 15297 else
wolfSSL 11:cee25a834751 15298 #endif
wolfSSL 11:cee25a834751 15299 {
wolfSSL 11:cee25a834751 15300 /* Reset state */
wolfSSL 11:cee25a834751 15301 ret = 0;
wolfSSL 11:cee25a834751 15302 ssl->options.asyncState = TLS_ASYNC_BEGIN;
wolfSSL 11:cee25a834751 15303 XMEMSET(args, 0, sizeof(DskeArgs));
wolfSSL 11:cee25a834751 15304 args->idx = *inOutIdx;
wolfSSL 11:cee25a834751 15305 args->begin = *inOutIdx;
wolfSSL 11:cee25a834751 15306 args->sigAlgo = ssl->specs.sig_algo;
wolfSSL 11:cee25a834751 15307 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 11:cee25a834751 15308 ssl->async.freeArgs = FreeDskeArgs;
wolfSSL 11:cee25a834751 15309 #endif
wolfSSL 11:cee25a834751 15310 }
wolfSSL 11:cee25a834751 15311
wolfSSL 11:cee25a834751 15312 switch(ssl->options.asyncState)
wolfSSL 11:cee25a834751 15313 {
wolfSSL 11:cee25a834751 15314 case TLS_ASYNC_BEGIN:
wolfSSL 11:cee25a834751 15315 {
wolfSSL 11:cee25a834751 15316 #ifdef WOLFSSL_CALLBACKS
wolfSSL 11:cee25a834751 15317 if (ssl->hsInfoOn)
wolfSSL 11:cee25a834751 15318 AddPacketName("ServerKeyExchange", &ssl->handShakeInfo);
wolfSSL 11:cee25a834751 15319 if (ssl->toInfoOn)
wolfSSL 11:cee25a834751 15320 AddLateName("ServerKeyExchange", &ssl->timeoutInfo);
wolfSSL 11:cee25a834751 15321 #endif
wolfSSL 11:cee25a834751 15322
wolfSSL 11:cee25a834751 15323 switch(ssl->specs.kea)
wolfSSL 11:cee25a834751 15324 {
wolfSSL 11:cee25a834751 15325 #ifndef NO_PSK
wolfSSL 11:cee25a834751 15326 case psk_kea:
wolfSSL 11:cee25a834751 15327 {
wolfSSL 11:cee25a834751 15328 int srvHintLen;
wolfSSL 11:cee25a834751 15329 word16 length;
wolfSSL 11:cee25a834751 15330
wolfSSL 11:cee25a834751 15331 if ((args->idx - args->begin) + OPAQUE16_LEN > size) {
wolfSSL 11:cee25a834751 15332 ERROR_OUT(BUFFER_ERROR, exit_dske);
wolfSSL 11:cee25a834751 15333 }
wolfSSL 11:cee25a834751 15334
wolfSSL 11:cee25a834751 15335 ato16(input + args->idx, &length);
wolfSSL 11:cee25a834751 15336 args->idx += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 15337
wolfSSL 11:cee25a834751 15338 if ((args->idx - args->begin) + length > size) {
wolfSSL 11:cee25a834751 15339 ERROR_OUT(BUFFER_ERROR, exit_dske);
wolfSSL 11:cee25a834751 15340 }
wolfSSL 11:cee25a834751 15341
wolfSSL 11:cee25a834751 15342 /* get PSK server hint from the wire */
wolfSSL 11:cee25a834751 15343 srvHintLen = min(length, MAX_PSK_ID_LEN);
wolfSSL 11:cee25a834751 15344 XMEMCPY(ssl->arrays->server_hint, input + args->idx,
wolfSSL 11:cee25a834751 15345 srvHintLen);
wolfSSL 11:cee25a834751 15346 ssl->arrays->server_hint[srvHintLen] = '\0'; /* null term */
wolfSSL 11:cee25a834751 15347 args->idx += length;
wolfSSL 11:cee25a834751 15348 break;
wolfSSL 11:cee25a834751 15349 }
wolfSSL 11:cee25a834751 15350 #endif /* !NO_PSK */
wolfSSL 11:cee25a834751 15351 #ifndef NO_DH
wolfSSL 11:cee25a834751 15352 case diffie_hellman_kea:
wolfSSL 11:cee25a834751 15353 {
wolfSSL 11:cee25a834751 15354 word16 length;
wolfSSL 11:cee25a834751 15355
wolfSSL 11:cee25a834751 15356 /* p */
wolfSSL 11:cee25a834751 15357 if ((args->idx - args->begin) + OPAQUE16_LEN > size) {
wolfSSL 11:cee25a834751 15358 ERROR_OUT(BUFFER_ERROR, exit_dske);
wolfSSL 11:cee25a834751 15359 }
wolfSSL 11:cee25a834751 15360
wolfSSL 11:cee25a834751 15361 ato16(input + args->idx, &length);
wolfSSL 11:cee25a834751 15362 args->idx += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 15363
wolfSSL 11:cee25a834751 15364 if ((args->idx - args->begin) + length > size) {
wolfSSL 11:cee25a834751 15365 ERROR_OUT(BUFFER_ERROR, exit_dske);
wolfSSL 11:cee25a834751 15366 }
wolfSSL 11:cee25a834751 15367
wolfSSL 11:cee25a834751 15368 if (length < ssl->options.minDhKeySz) {
wolfSSL 11:cee25a834751 15369 WOLFSSL_MSG("Server using a DH key that is too small");
wolfSSL 11:cee25a834751 15370 SendAlert(ssl, alert_fatal, handshake_failure);
wolfSSL 11:cee25a834751 15371 ERROR_OUT(DH_KEY_SIZE_E, exit_dske);
wolfSSL 11:cee25a834751 15372 }
wolfSSL 11:cee25a834751 15373
wolfSSL 11:cee25a834751 15374 ssl->buffers.serverDH_P.buffer =
wolfSSL 11:cee25a834751 15375 (byte*)XMALLOC(length, ssl->heap, DYNAMIC_TYPE_DH_BUFFER);
wolfSSL 11:cee25a834751 15376 if (ssl->buffers.serverDH_P.buffer) {
wolfSSL 11:cee25a834751 15377 ssl->buffers.serverDH_P.length = length;
wolfSSL 11:cee25a834751 15378 }
wolfSSL 11:cee25a834751 15379 else {
wolfSSL 11:cee25a834751 15380 ERROR_OUT(MEMORY_ERROR, exit_dske);
wolfSSL 11:cee25a834751 15381 }
wolfSSL 11:cee25a834751 15382
wolfSSL 11:cee25a834751 15383 XMEMCPY(ssl->buffers.serverDH_P.buffer, input + args->idx,
wolfSSL 11:cee25a834751 15384 length);
wolfSSL 11:cee25a834751 15385 args->idx += length;
wolfSSL 11:cee25a834751 15386
wolfSSL 11:cee25a834751 15387 ssl->options.dhKeySz = length;
wolfSSL 11:cee25a834751 15388
wolfSSL 11:cee25a834751 15389 /* g */
wolfSSL 11:cee25a834751 15390 if ((args->idx - args->begin) + OPAQUE16_LEN > size) {
wolfSSL 11:cee25a834751 15391 ERROR_OUT(BUFFER_ERROR, exit_dske);
wolfSSL 11:cee25a834751 15392 }
wolfSSL 11:cee25a834751 15393
wolfSSL 11:cee25a834751 15394 ato16(input + args->idx, &length);
wolfSSL 11:cee25a834751 15395 args->idx += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 15396
wolfSSL 11:cee25a834751 15397 if ((args->idx - args->begin) + length > size) {
wolfSSL 11:cee25a834751 15398 ERROR_OUT(BUFFER_ERROR, exit_dske);
wolfSSL 11:cee25a834751 15399 }
wolfSSL 11:cee25a834751 15400
wolfSSL 11:cee25a834751 15401 ssl->buffers.serverDH_G.buffer =
wolfSSL 11:cee25a834751 15402 (byte*)XMALLOC(length, ssl->heap, DYNAMIC_TYPE_DH_BUFFER);
wolfSSL 11:cee25a834751 15403 if (ssl->buffers.serverDH_G.buffer) {
wolfSSL 11:cee25a834751 15404 ssl->buffers.serverDH_G.length = length;
wolfSSL 11:cee25a834751 15405 }
wolfSSL 11:cee25a834751 15406 else {
wolfSSL 11:cee25a834751 15407 ERROR_OUT(MEMORY_ERROR, exit_dske);
wolfSSL 11:cee25a834751 15408 }
wolfSSL 11:cee25a834751 15409
wolfSSL 11:cee25a834751 15410 XMEMCPY(ssl->buffers.serverDH_G.buffer, input + args->idx,
wolfSSL 11:cee25a834751 15411 length);
wolfSSL 11:cee25a834751 15412 args->idx += length;
wolfSSL 11:cee25a834751 15413
wolfSSL 11:cee25a834751 15414 /* pub */
wolfSSL 11:cee25a834751 15415 if ((args->idx - args->begin) + OPAQUE16_LEN > size) {
wolfSSL 11:cee25a834751 15416 ERROR_OUT(BUFFER_ERROR, exit_dske);
wolfSSL 11:cee25a834751 15417 }
wolfSSL 11:cee25a834751 15418
wolfSSL 11:cee25a834751 15419 ato16(input + args->idx, &length);
wolfSSL 11:cee25a834751 15420 args->idx += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 15421
wolfSSL 11:cee25a834751 15422 if ((args->idx - args->begin) + length > size) {
wolfSSL 11:cee25a834751 15423 ERROR_OUT(BUFFER_ERROR, exit_dske);
wolfSSL 11:cee25a834751 15424 }
wolfSSL 11:cee25a834751 15425
wolfSSL 11:cee25a834751 15426 ssl->buffers.serverDH_Pub.buffer =
wolfSSL 11:cee25a834751 15427 (byte*)XMALLOC(length, ssl->heap, DYNAMIC_TYPE_DH_BUFFER);
wolfSSL 11:cee25a834751 15428 if (ssl->buffers.serverDH_Pub.buffer) {
wolfSSL 11:cee25a834751 15429 ssl->buffers.serverDH_Pub.length = length;
wolfSSL 11:cee25a834751 15430 }
wolfSSL 11:cee25a834751 15431 else {
wolfSSL 11:cee25a834751 15432 ERROR_OUT(MEMORY_ERROR, exit_dske);
wolfSSL 11:cee25a834751 15433 }
wolfSSL 11:cee25a834751 15434
wolfSSL 11:cee25a834751 15435 XMEMCPY(ssl->buffers.serverDH_Pub.buffer, input + args->idx,
wolfSSL 11:cee25a834751 15436 length);
wolfSSL 11:cee25a834751 15437 args->idx += length;
wolfSSL 11:cee25a834751 15438 break;
wolfSSL 11:cee25a834751 15439 }
wolfSSL 11:cee25a834751 15440 #endif /* !NO_DH */
wolfSSL 11:cee25a834751 15441 #ifdef HAVE_ECC
wolfSSL 11:cee25a834751 15442 case ecc_diffie_hellman_kea:
wolfSSL 11:cee25a834751 15443 {
wolfSSL 11:cee25a834751 15444 byte b;
wolfSSL 11:cee25a834751 15445 int curveId, curveOid;
wolfSSL 11:cee25a834751 15446 word16 length;
wolfSSL 11:cee25a834751 15447
wolfSSL 11:cee25a834751 15448 if ((args->idx - args->begin) + ENUM_LEN + OPAQUE16_LEN +
wolfSSL 11:cee25a834751 15449 OPAQUE8_LEN > size) {
wolfSSL 11:cee25a834751 15450 ERROR_OUT(BUFFER_ERROR, exit_dske);
wolfSSL 11:cee25a834751 15451 }
wolfSSL 11:cee25a834751 15452
wolfSSL 11:cee25a834751 15453 b = input[args->idx++];
wolfSSL 11:cee25a834751 15454 if (b != named_curve) {
wolfSSL 11:cee25a834751 15455 ERROR_OUT(ECC_CURVETYPE_ERROR, exit_dske);
wolfSSL 11:cee25a834751 15456 }
wolfSSL 11:cee25a834751 15457
wolfSSL 11:cee25a834751 15458 args->idx += 1; /* curve type, eat leading 0 */
wolfSSL 11:cee25a834751 15459 b = input[args->idx++];
wolfSSL 11:cee25a834751 15460 if ((curveOid = CheckCurveId(b)) < 0) {
wolfSSL 11:cee25a834751 15461 ERROR_OUT(ECC_CURVE_ERROR, exit_dske);
wolfSSL 11:cee25a834751 15462 }
wolfSSL 11:cee25a834751 15463 ssl->ecdhCurveOID = curveOid;
wolfSSL 11:cee25a834751 15464
wolfSSL 11:cee25a834751 15465 length = input[args->idx++];
wolfSSL 11:cee25a834751 15466 if ((args->idx - args->begin) + length > size) {
wolfSSL 11:cee25a834751 15467 ERROR_OUT(BUFFER_ERROR, exit_dske);
wolfSSL 11:cee25a834751 15468 }
wolfSSL 11:cee25a834751 15469
wolfSSL 11:cee25a834751 15470 if (ssl->peerEccKey == NULL) {
wolfSSL 11:cee25a834751 15471 /* alloc/init on demand */
wolfSSL 11:cee25a834751 15472 ssl->peerEccKey = (ecc_key*)XMALLOC(sizeof(ecc_key),
wolfSSL 11:cee25a834751 15473 ssl->heap, DYNAMIC_TYPE_ECC);
wolfSSL 11:cee25a834751 15474 if (ssl->peerEccKey == NULL) {
wolfSSL 11:cee25a834751 15475 WOLFSSL_MSG("PeerEccKey Memory error");
wolfSSL 11:cee25a834751 15476 ERROR_OUT(MEMORY_E, exit_dske);
wolfSSL 11:cee25a834751 15477 }
wolfSSL 11:cee25a834751 15478 ret = wc_ecc_init_ex(ssl->peerEccKey, ssl->heap,
wolfSSL 11:cee25a834751 15479 ssl->devId);
wolfSSL 11:cee25a834751 15480 if (ret != 0) {
wolfSSL 11:cee25a834751 15481 goto exit_dske;
wolfSSL 11:cee25a834751 15482 }
wolfSSL 11:cee25a834751 15483 } else if (ssl->peerEccKeyPresent) { /* don't leak on reuse */
wolfSSL 11:cee25a834751 15484 wc_ecc_free(ssl->peerEccKey);
wolfSSL 11:cee25a834751 15485 ssl->peerEccKeyPresent = 0;
wolfSSL 11:cee25a834751 15486 ret = wc_ecc_init_ex(ssl->peerEccKey, ssl->heap, ssl->devId);
wolfSSL 11:cee25a834751 15487 if (ret != 0) {
wolfSSL 11:cee25a834751 15488 goto exit_dske;
wolfSSL 11:cee25a834751 15489 }
wolfSSL 11:cee25a834751 15490 }
wolfSSL 11:cee25a834751 15491
wolfSSL 11:cee25a834751 15492 curveId = wc_ecc_get_oid(curveOid, NULL, NULL);
wolfSSL 11:cee25a834751 15493 if (wc_ecc_import_x963_ex(input + args->idx, length,
wolfSSL 11:cee25a834751 15494 ssl->peerEccKey, curveId) != 0) {
wolfSSL 11:cee25a834751 15495 ERROR_OUT(ECC_PEERKEY_ERROR, exit_dske);
wolfSSL 11:cee25a834751 15496 }
wolfSSL 11:cee25a834751 15497
wolfSSL 11:cee25a834751 15498 args->idx += length;
wolfSSL 11:cee25a834751 15499 ssl->peerEccKeyPresent = 1;
wolfSSL 11:cee25a834751 15500 break;
wolfSSL 11:cee25a834751 15501 }
wolfSSL 11:cee25a834751 15502 #endif /* HAVE_ECC */
wolfSSL 11:cee25a834751 15503 #if !defined(NO_DH) && !defined(NO_PSK)
wolfSSL 11:cee25a834751 15504 case dhe_psk_kea:
wolfSSL 11:cee25a834751 15505 {
wolfSSL 11:cee25a834751 15506 int srvHintLen;
wolfSSL 11:cee25a834751 15507 word16 length;
wolfSSL 11:cee25a834751 15508
wolfSSL 11:cee25a834751 15509 if ((args->idx - args->begin) + OPAQUE16_LEN > size) {
wolfSSL 11:cee25a834751 15510 ERROR_OUT(BUFFER_ERROR, exit_dske);
wolfSSL 11:cee25a834751 15511 }
wolfSSL 11:cee25a834751 15512
wolfSSL 11:cee25a834751 15513 ato16(input + args->idx, &length);
wolfSSL 11:cee25a834751 15514 args->idx += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 15515
wolfSSL 11:cee25a834751 15516 if ((args->idx - args->begin) + length > size) {
wolfSSL 11:cee25a834751 15517 ERROR_OUT(BUFFER_ERROR, exit_dske);
wolfSSL 11:cee25a834751 15518 }
wolfSSL 11:cee25a834751 15519
wolfSSL 11:cee25a834751 15520 /* get PSK server hint from the wire */
wolfSSL 11:cee25a834751 15521 srvHintLen = min(length, MAX_PSK_ID_LEN);
wolfSSL 11:cee25a834751 15522 XMEMCPY(ssl->arrays->server_hint, input + args->idx,
wolfSSL 11:cee25a834751 15523 srvHintLen);
wolfSSL 11:cee25a834751 15524 ssl->arrays->server_hint[srvHintLen] = '\0'; /* null term */
wolfSSL 11:cee25a834751 15525 args->idx += length;
wolfSSL 11:cee25a834751 15526
wolfSSL 11:cee25a834751 15527 /* p */
wolfSSL 11:cee25a834751 15528 if ((args->idx - args->begin) + OPAQUE16_LEN > size) {
wolfSSL 11:cee25a834751 15529 ERROR_OUT(BUFFER_ERROR, exit_dske);
wolfSSL 11:cee25a834751 15530 }
wolfSSL 11:cee25a834751 15531
wolfSSL 11:cee25a834751 15532 ato16(input + args->idx, &length);
wolfSSL 11:cee25a834751 15533 args->idx += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 15534
wolfSSL 11:cee25a834751 15535 if ((args->idx - args->begin) + length > size) {
wolfSSL 11:cee25a834751 15536 ERROR_OUT(BUFFER_ERROR, exit_dske);
wolfSSL 11:cee25a834751 15537 }
wolfSSL 11:cee25a834751 15538
wolfSSL 11:cee25a834751 15539 if (length < ssl->options.minDhKeySz) {
wolfSSL 11:cee25a834751 15540 WOLFSSL_MSG("Server using a DH key that is too small");
wolfSSL 11:cee25a834751 15541 SendAlert(ssl, alert_fatal, handshake_failure);
wolfSSL 11:cee25a834751 15542 ERROR_OUT(DH_KEY_SIZE_E, exit_dske);
wolfSSL 11:cee25a834751 15543 }
wolfSSL 11:cee25a834751 15544
wolfSSL 11:cee25a834751 15545 ssl->buffers.serverDH_P.buffer = (byte*)XMALLOC(length,
wolfSSL 11:cee25a834751 15546 ssl->heap, DYNAMIC_TYPE_DH_BUFFER);
wolfSSL 11:cee25a834751 15547 if (ssl->buffers.serverDH_P.buffer) {
wolfSSL 11:cee25a834751 15548 ssl->buffers.serverDH_P.length = length;
wolfSSL 11:cee25a834751 15549 }
wolfSSL 11:cee25a834751 15550 else {
wolfSSL 11:cee25a834751 15551 ERROR_OUT(MEMORY_ERROR, exit_dske);
wolfSSL 11:cee25a834751 15552 }
wolfSSL 11:cee25a834751 15553
wolfSSL 11:cee25a834751 15554 XMEMCPY(ssl->buffers.serverDH_P.buffer, input + args->idx,
wolfSSL 11:cee25a834751 15555 length);
wolfSSL 11:cee25a834751 15556 args->idx += length;
wolfSSL 11:cee25a834751 15557
wolfSSL 11:cee25a834751 15558 ssl->options.dhKeySz = length;
wolfSSL 11:cee25a834751 15559
wolfSSL 11:cee25a834751 15560 /* g */
wolfSSL 11:cee25a834751 15561 if ((args->idx - args->begin) + OPAQUE16_LEN > size) {
wolfSSL 11:cee25a834751 15562 ERROR_OUT(BUFFER_ERROR, exit_dske);
wolfSSL 11:cee25a834751 15563 }
wolfSSL 11:cee25a834751 15564
wolfSSL 11:cee25a834751 15565 ato16(input + args->idx, &length);
wolfSSL 11:cee25a834751 15566 args->idx += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 15567
wolfSSL 11:cee25a834751 15568 if ((args->idx - args->begin) + length > size) {
wolfSSL 11:cee25a834751 15569 ERROR_OUT(BUFFER_ERROR, exit_dske);
wolfSSL 11:cee25a834751 15570 }
wolfSSL 11:cee25a834751 15571
wolfSSL 11:cee25a834751 15572 ssl->buffers.serverDH_G.buffer = (byte*)XMALLOC(length,
wolfSSL 11:cee25a834751 15573 ssl->heap, DYNAMIC_TYPE_DH_BUFFER);
wolfSSL 11:cee25a834751 15574 if (ssl->buffers.serverDH_G.buffer) {
wolfSSL 11:cee25a834751 15575 ssl->buffers.serverDH_G.length = length;
wolfSSL 11:cee25a834751 15576 }
wolfSSL 11:cee25a834751 15577 else {
wolfSSL 11:cee25a834751 15578 ERROR_OUT(MEMORY_ERROR, exit_dske);
wolfSSL 11:cee25a834751 15579 }
wolfSSL 11:cee25a834751 15580
wolfSSL 11:cee25a834751 15581 XMEMCPY(ssl->buffers.serverDH_G.buffer, input + args->idx,
wolfSSL 11:cee25a834751 15582 length);
wolfSSL 11:cee25a834751 15583 args->idx += length;
wolfSSL 11:cee25a834751 15584
wolfSSL 11:cee25a834751 15585 /* pub */
wolfSSL 11:cee25a834751 15586 if ((args->idx - args->begin) + OPAQUE16_LEN > size) {
wolfSSL 11:cee25a834751 15587 ERROR_OUT(BUFFER_ERROR, exit_dske);
wolfSSL 11:cee25a834751 15588 }
wolfSSL 11:cee25a834751 15589
wolfSSL 11:cee25a834751 15590 ato16(input + args->idx, &length);
wolfSSL 11:cee25a834751 15591 args->idx += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 15592
wolfSSL 11:cee25a834751 15593 if ((args->idx - args->begin) + length > size) {
wolfSSL 11:cee25a834751 15594 ERROR_OUT(BUFFER_ERROR, exit_dske);
wolfSSL 11:cee25a834751 15595 }
wolfSSL 11:cee25a834751 15596
wolfSSL 11:cee25a834751 15597 ssl->buffers.serverDH_Pub.buffer = (byte*)XMALLOC(length,
wolfSSL 11:cee25a834751 15598 ssl->heap, DYNAMIC_TYPE_DH_BUFFER);
wolfSSL 11:cee25a834751 15599 if (ssl->buffers.serverDH_Pub.buffer) {
wolfSSL 11:cee25a834751 15600 ssl->buffers.serverDH_Pub.length = length;
wolfSSL 11:cee25a834751 15601 }
wolfSSL 11:cee25a834751 15602 else {
wolfSSL 11:cee25a834751 15603 ERROR_OUT(MEMORY_ERROR, exit_dske);
wolfSSL 11:cee25a834751 15604 }
wolfSSL 11:cee25a834751 15605
wolfSSL 11:cee25a834751 15606 XMEMCPY(ssl->buffers.serverDH_Pub.buffer, input + args->idx,
wolfSSL 11:cee25a834751 15607 length);
wolfSSL 11:cee25a834751 15608 args->idx += length;
wolfSSL 11:cee25a834751 15609 break;
wolfSSL 11:cee25a834751 15610 }
wolfSSL 11:cee25a834751 15611 #endif /* !NO_DH || !NO_PSK */
wolfSSL 11:cee25a834751 15612 #if defined(HAVE_ECC) && !defined(NO_PSK)
wolfSSL 11:cee25a834751 15613 case ecdhe_psk_kea:
wolfSSL 11:cee25a834751 15614 {
wolfSSL 11:cee25a834751 15615 byte b;
wolfSSL 11:cee25a834751 15616 int curveOid, curveId;
wolfSSL 11:cee25a834751 15617 int srvHintLen;
wolfSSL 11:cee25a834751 15618 word16 length;
wolfSSL 11:cee25a834751 15619
wolfSSL 11:cee25a834751 15620 if ((args->idx - args->begin) + OPAQUE16_LEN > size) {
wolfSSL 11:cee25a834751 15621 ERROR_OUT(BUFFER_ERROR, exit_dske);
wolfSSL 11:cee25a834751 15622 }
wolfSSL 11:cee25a834751 15623
wolfSSL 11:cee25a834751 15624 ato16(input + args->idx, &length);
wolfSSL 11:cee25a834751 15625 args->idx += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 15626
wolfSSL 11:cee25a834751 15627 if ((args->idx - args->begin) + length > size) {
wolfSSL 11:cee25a834751 15628 ERROR_OUT(BUFFER_ERROR, exit_dske);
wolfSSL 11:cee25a834751 15629 }
wolfSSL 11:cee25a834751 15630
wolfSSL 11:cee25a834751 15631 /* get PSK server hint from the wire */
wolfSSL 11:cee25a834751 15632 srvHintLen = min(length, MAX_PSK_ID_LEN);
wolfSSL 11:cee25a834751 15633 XMEMCPY(ssl->arrays->server_hint, input + args->idx,
wolfSSL 11:cee25a834751 15634 srvHintLen);
wolfSSL 11:cee25a834751 15635 ssl->arrays->server_hint[srvHintLen] = '\0'; /* null term */
wolfSSL 11:cee25a834751 15636
wolfSSL 11:cee25a834751 15637 args->idx += length;
wolfSSL 11:cee25a834751 15638
wolfSSL 11:cee25a834751 15639 if ((args->idx - args->begin) + ENUM_LEN + OPAQUE16_LEN +
wolfSSL 11:cee25a834751 15640 OPAQUE8_LEN > size) {
wolfSSL 11:cee25a834751 15641 ERROR_OUT(BUFFER_ERROR, exit_dske);
wolfSSL 11:cee25a834751 15642 }
wolfSSL 11:cee25a834751 15643
wolfSSL 11:cee25a834751 15644 /* Check curve name and ID */
wolfSSL 11:cee25a834751 15645 b = input[args->idx++];
wolfSSL 11:cee25a834751 15646 if (b != named_curve) {
wolfSSL 11:cee25a834751 15647 ERROR_OUT(ECC_CURVETYPE_ERROR, exit_dske);
wolfSSL 11:cee25a834751 15648 }
wolfSSL 11:cee25a834751 15649
wolfSSL 11:cee25a834751 15650 args->idx += 1; /* curve type, eat leading 0 */
wolfSSL 11:cee25a834751 15651 b = input[args->idx++];
wolfSSL 11:cee25a834751 15652 if ((curveOid = CheckCurveId(b)) < 0) {
wolfSSL 11:cee25a834751 15653 ERROR_OUT(ECC_CURVE_ERROR, exit_dske);
wolfSSL 11:cee25a834751 15654 }
wolfSSL 11:cee25a834751 15655
wolfSSL 11:cee25a834751 15656 length = input[args->idx++];
wolfSSL 11:cee25a834751 15657 if ((args->idx - args->begin) + length > size) {
wolfSSL 11:cee25a834751 15658 ERROR_OUT(BUFFER_ERROR, exit_dske);
wolfSSL 11:cee25a834751 15659 }
wolfSSL 11:cee25a834751 15660
wolfSSL 11:cee25a834751 15661 if (ssl->peerEccKey == NULL) {
wolfSSL 11:cee25a834751 15662 /* alloc/init on demand */
wolfSSL 11:cee25a834751 15663 ssl->peerEccKey = (ecc_key*)XMALLOC(sizeof(ecc_key),
wolfSSL 11:cee25a834751 15664 ssl->heap, DYNAMIC_TYPE_ECC);
wolfSSL 11:cee25a834751 15665 if (ssl->peerEccKey == NULL) {
wolfSSL 11:cee25a834751 15666 WOLFSSL_MSG("PeerEccKey Memory error");
wolfSSL 11:cee25a834751 15667 ERROR_OUT(MEMORY_E, exit_dske);
wolfSSL 11:cee25a834751 15668 }
wolfSSL 11:cee25a834751 15669 ret = wc_ecc_init_ex(ssl->peerEccKey, ssl->heap,
wolfSSL 11:cee25a834751 15670 ssl->devId);
wolfSSL 11:cee25a834751 15671 if (ret != 0) {
wolfSSL 11:cee25a834751 15672 goto exit_dske;
wolfSSL 11:cee25a834751 15673 }
wolfSSL 11:cee25a834751 15674 } else if (ssl->peerEccKeyPresent) { /* don't leak on reuse */
wolfSSL 11:cee25a834751 15675 wc_ecc_free(ssl->peerEccKey);
wolfSSL 11:cee25a834751 15676 ssl->peerEccKeyPresent = 0;
wolfSSL 11:cee25a834751 15677 ret = wc_ecc_init_ex(ssl->peerEccKey, ssl->heap,
wolfSSL 11:cee25a834751 15678 ssl->devId);
wolfSSL 11:cee25a834751 15679 if (ret != 0) {
wolfSSL 11:cee25a834751 15680 goto exit_dske;
wolfSSL 11:cee25a834751 15681 }
wolfSSL 11:cee25a834751 15682 }
wolfSSL 11:cee25a834751 15683
wolfSSL 11:cee25a834751 15684 curveId = wc_ecc_get_oid(curveOid, NULL, NULL);
wolfSSL 11:cee25a834751 15685 if (wc_ecc_import_x963_ex(input + args->idx, length,
wolfSSL 11:cee25a834751 15686 ssl->peerEccKey, curveId) != 0) {
wolfSSL 11:cee25a834751 15687 ERROR_OUT(ECC_PEERKEY_ERROR, exit_dske);
wolfSSL 11:cee25a834751 15688 }
wolfSSL 11:cee25a834751 15689
wolfSSL 11:cee25a834751 15690 args->idx += length;
wolfSSL 11:cee25a834751 15691 ssl->peerEccKeyPresent = 1;
wolfSSL 11:cee25a834751 15692 break;
wolfSSL 11:cee25a834751 15693 }
wolfSSL 11:cee25a834751 15694 #endif /* HAVE_ECC || !NO_PSK */
wolfSSL 11:cee25a834751 15695 default:
wolfSSL 11:cee25a834751 15696 ret = BAD_KEA_TYPE_E;
wolfSSL 11:cee25a834751 15697 } /* switch(ssl->specs.kea) */
wolfSSL 11:cee25a834751 15698
wolfSSL 11:cee25a834751 15699 /* Check for error */
wolfSSL 11:cee25a834751 15700 if (ret != 0) {
wolfSSL 11:cee25a834751 15701 goto exit_dske;
wolfSSL 11:cee25a834751 15702 }
wolfSSL 11:cee25a834751 15703
wolfSSL 11:cee25a834751 15704 /* Advance state and proceed */
wolfSSL 11:cee25a834751 15705 ssl->options.asyncState = TLS_ASYNC_BUILD;
wolfSSL 11:cee25a834751 15706 } /* case TLS_ASYNC_BEGIN */
wolfSSL 11:cee25a834751 15707
wolfSSL 11:cee25a834751 15708 case TLS_ASYNC_BUILD:
wolfSSL 11:cee25a834751 15709 {
wolfSSL 11:cee25a834751 15710 switch(ssl->specs.kea)
wolfSSL 11:cee25a834751 15711 {
wolfSSL 11:cee25a834751 15712 case psk_kea:
wolfSSL 11:cee25a834751 15713 case dhe_psk_kea:
wolfSSL 11:cee25a834751 15714 case ecdhe_psk_kea:
wolfSSL 11:cee25a834751 15715 {
wolfSSL 11:cee25a834751 15716 /* Nothing to do in this sub-state */
wolfSSL 11:cee25a834751 15717 break;
wolfSSL 11:cee25a834751 15718 }
wolfSSL 11:cee25a834751 15719
wolfSSL 11:cee25a834751 15720 case diffie_hellman_kea:
wolfSSL 11:cee25a834751 15721 case ecc_diffie_hellman_kea:
wolfSSL 11:cee25a834751 15722 {
wolfSSL 11:cee25a834751 15723 #if defined(NO_DH) && !defined(HAVE_ECC)
wolfSSL 11:cee25a834751 15724 ERROR_OUT(NOT_COMPILED_IN, exit_dske);
wolfSSL 11:cee25a834751 15725 #else
wolfSSL 11:cee25a834751 15726 byte hashAlgo = sha_mac;
wolfSSL 11:cee25a834751 15727 enum wc_HashType hashType = WC_HASH_TYPE_NONE;
wolfSSL 11:cee25a834751 15728 word16 verifySz;
wolfSSL 11:cee25a834751 15729
wolfSSL 11:cee25a834751 15730 if (ssl->options.usingAnon_cipher) {
wolfSSL 11:cee25a834751 15731 break;
wolfSSL 11:cee25a834751 15732 }
wolfSSL 11:cee25a834751 15733
wolfSSL 11:cee25a834751 15734 verifySz = (word16)(args->idx - args->begin);
wolfSSL 11:cee25a834751 15735 if (verifySz > MAX_DH_SZ) {
wolfSSL 11:cee25a834751 15736 ERROR_OUT(BUFFER_ERROR, exit_dske);
wolfSSL 11:cee25a834751 15737 }
wolfSSL 11:cee25a834751 15738
wolfSSL 11:cee25a834751 15739 if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL 11:cee25a834751 15740 if ((args->idx - args->begin) + ENUM_LEN + ENUM_LEN >
wolfSSL 11:cee25a834751 15741 size) {
wolfSSL 11:cee25a834751 15742 ERROR_OUT(BUFFER_ERROR, exit_dske);
wolfSSL 11:cee25a834751 15743 }
wolfSSL 11:cee25a834751 15744
wolfSSL 11:cee25a834751 15745 hashAlgo = input[args->idx++];
wolfSSL 11:cee25a834751 15746 args->sigAlgo = input[args->idx++];
wolfSSL 11:cee25a834751 15747
wolfSSL 11:cee25a834751 15748 switch (hashAlgo) {
wolfSSL 11:cee25a834751 15749 case sha512_mac:
wolfSSL 11:cee25a834751 15750 #ifdef WOLFSSL_SHA512
wolfSSL 11:cee25a834751 15751 hashType = WC_HASH_TYPE_SHA512;
wolfSSL 11:cee25a834751 15752 #endif
wolfSSL 11:cee25a834751 15753 break;
wolfSSL 11:cee25a834751 15754 case sha384_mac:
wolfSSL 11:cee25a834751 15755 #ifdef WOLFSSL_SHA384
wolfSSL 11:cee25a834751 15756 hashType = WC_HASH_TYPE_SHA384;
wolfSSL 11:cee25a834751 15757 #endif
wolfSSL 11:cee25a834751 15758 break;
wolfSSL 11:cee25a834751 15759 case sha256_mac:
wolfSSL 11:cee25a834751 15760 #ifndef NO_SHA256
wolfSSL 11:cee25a834751 15761 hashType = WC_HASH_TYPE_SHA256;
wolfSSL 11:cee25a834751 15762 #endif
wolfSSL 11:cee25a834751 15763 break;
wolfSSL 11:cee25a834751 15764 case sha_mac:
wolfSSL 11:cee25a834751 15765 #if !defined(NO_SHA) && \
wolfSSL 11:cee25a834751 15766 (!defined(NO_OLD_TLS) || \
wolfSSL 11:cee25a834751 15767 defined(WOLFSSL_ALLOW_TLS_SHA1))
wolfSSL 11:cee25a834751 15768 hashType = WC_HASH_TYPE_SHA;
wolfSSL 11:cee25a834751 15769 #endif
wolfSSL 11:cee25a834751 15770 break;
wolfSSL 11:cee25a834751 15771 default:
wolfSSL 11:cee25a834751 15772 WOLFSSL_MSG("Bad hash sig algo");
wolfSSL 11:cee25a834751 15773 break;
wolfSSL 11:cee25a834751 15774 }
wolfSSL 11:cee25a834751 15775
wolfSSL 11:cee25a834751 15776 if (hashType == WC_HASH_TYPE_NONE) {
wolfSSL 11:cee25a834751 15777 ERROR_OUT(ALGO_ID_E, exit_dske);
wolfSSL 11:cee25a834751 15778 }
wolfSSL 11:cee25a834751 15779 } else {
wolfSSL 11:cee25a834751 15780 /* only using sha and md5 for rsa */
wolfSSL 11:cee25a834751 15781 #ifndef NO_OLD_TLS
wolfSSL 11:cee25a834751 15782 hashType = WC_HASH_TYPE_SHA;
wolfSSL 11:cee25a834751 15783 if (args->sigAlgo == rsa_sa_algo) {
wolfSSL 11:cee25a834751 15784 hashType = WC_HASH_TYPE_MD5_SHA;
wolfSSL 11:cee25a834751 15785 }
wolfSSL 11:cee25a834751 15786 #else
wolfSSL 11:cee25a834751 15787 ERROR_OUT(ALGO_ID_E, exit_dske);
wolfSSL 11:cee25a834751 15788 #endif
wolfSSL 11:cee25a834751 15789 }
wolfSSL 11:cee25a834751 15790 #ifndef NO_RSA
wolfSSL 11:cee25a834751 15791 args->typeH = wc_HashGetOID(hashType);
wolfSSL 11:cee25a834751 15792 #endif
wolfSSL 11:cee25a834751 15793
wolfSSL 11:cee25a834751 15794 /* signature */
wolfSSL 11:cee25a834751 15795 if ((args->idx - args->begin) + OPAQUE16_LEN > size) {
wolfSSL 11:cee25a834751 15796 ERROR_OUT(BUFFER_ERROR, exit_dske);
wolfSSL 11:cee25a834751 15797 }
wolfSSL 11:cee25a834751 15798
wolfSSL 11:cee25a834751 15799 ato16(input + args->idx, &args->verifySigSz);
wolfSSL 11:cee25a834751 15800 args->idx += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 15801
wolfSSL 11:cee25a834751 15802 if ((args->idx - args->begin) + args->verifySigSz > size) {
wolfSSL 11:cee25a834751 15803 ERROR_OUT(BUFFER_ERROR, exit_dske);
wolfSSL 11:cee25a834751 15804 }
wolfSSL 11:cee25a834751 15805
wolfSSL 11:cee25a834751 15806 /* buffer for signature */
wolfSSL 11:cee25a834751 15807 ssl->buffers.sig.buffer = (byte*)XMALLOC(SEED_LEN + verifySz,
wolfSSL 11:cee25a834751 15808 ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 15809 if (ssl->buffers.sig.buffer == NULL) {
wolfSSL 11:cee25a834751 15810 ERROR_OUT(MEMORY_E, exit_dske);
wolfSSL 11:cee25a834751 15811 }
wolfSSL 11:cee25a834751 15812 ssl->buffers.sig.length = SEED_LEN + verifySz;
wolfSSL 11:cee25a834751 15813
wolfSSL 11:cee25a834751 15814 /* buffer for hash */
wolfSSL 11:cee25a834751 15815 ssl->buffers.digest.length = wc_HashGetDigestSize(hashType);
wolfSSL 11:cee25a834751 15816 ssl->buffers.digest.buffer = (byte*)XMALLOC(
wolfSSL 11:cee25a834751 15817 ssl->buffers.digest.length, ssl->heap,
wolfSSL 11:cee25a834751 15818 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 15819 if (ssl->buffers.digest.buffer == NULL) {
wolfSSL 11:cee25a834751 15820 ERROR_OUT(MEMORY_E, exit_dske);
wolfSSL 11:cee25a834751 15821 }
wolfSSL 11:cee25a834751 15822
wolfSSL 11:cee25a834751 15823 /* build message to hash */
wolfSSL 11:cee25a834751 15824 XMEMCPY(ssl->buffers.sig.buffer,
wolfSSL 11:cee25a834751 15825 ssl->arrays->clientRandom, RAN_LEN);
wolfSSL 11:cee25a834751 15826 XMEMCPY(&ssl->buffers.sig.buffer[RAN_LEN],
wolfSSL 11:cee25a834751 15827 ssl->arrays->serverRandom, RAN_LEN);
wolfSSL 11:cee25a834751 15828 XMEMCPY(&ssl->buffers.sig.buffer[RAN_LEN * 2],
wolfSSL 11:cee25a834751 15829 input + args->begin, verifySz); /* message */
wolfSSL 11:cee25a834751 15830
wolfSSL 11:cee25a834751 15831 /* Perform hash */
wolfSSL 11:cee25a834751 15832 ret = wc_Hash(hashType,
wolfSSL 11:cee25a834751 15833 ssl->buffers.sig.buffer, ssl->buffers.sig.length,
wolfSSL 11:cee25a834751 15834 ssl->buffers.digest.buffer, ssl->buffers.digest.length);
wolfSSL 11:cee25a834751 15835 if (ret != 0) {
wolfSSL 11:cee25a834751 15836 goto exit_dske;
wolfSSL 11:cee25a834751 15837 }
wolfSSL 11:cee25a834751 15838
wolfSSL 11:cee25a834751 15839 switch (args->sigAlgo)
wolfSSL 11:cee25a834751 15840 {
wolfSSL 11:cee25a834751 15841 #ifndef NO_RSA
wolfSSL 11:cee25a834751 15842 case rsa_sa_algo:
wolfSSL 11:cee25a834751 15843 {
wolfSSL 11:cee25a834751 15844 if (ssl->peerRsaKey == NULL ||
wolfSSL 11:cee25a834751 15845 !ssl->peerRsaKeyPresent) {
wolfSSL 11:cee25a834751 15846 ERROR_OUT(NO_PEER_KEY, exit_dske);
wolfSSL 11:cee25a834751 15847 }
wolfSSL 11:cee25a834751 15848 break;
wolfSSL 11:cee25a834751 15849 }
wolfSSL 11:cee25a834751 15850 #endif /* !NO_RSA */
wolfSSL 11:cee25a834751 15851 #ifdef HAVE_ECC
wolfSSL 11:cee25a834751 15852 case ecc_dsa_sa_algo:
wolfSSL 11:cee25a834751 15853 {
wolfSSL 11:cee25a834751 15854 if (!ssl->peerEccDsaKeyPresent) {
wolfSSL 11:cee25a834751 15855 ERROR_OUT(NO_PEER_KEY, exit_dske);
wolfSSL 11:cee25a834751 15856 }
wolfSSL 11:cee25a834751 15857 break;
wolfSSL 11:cee25a834751 15858 }
wolfSSL 11:cee25a834751 15859 #endif /* HAVE_ECC */
wolfSSL 11:cee25a834751 15860
wolfSSL 11:cee25a834751 15861 default:
wolfSSL 11:cee25a834751 15862 ret = ALGO_ID_E;
wolfSSL 11:cee25a834751 15863 } /* switch (args->sigAlgo) */
wolfSSL 11:cee25a834751 15864
wolfSSL 11:cee25a834751 15865 #endif /* NO_DH && !HAVE_ECC */
wolfSSL 11:cee25a834751 15866 break;
wolfSSL 11:cee25a834751 15867 }
wolfSSL 11:cee25a834751 15868 default:
wolfSSL 11:cee25a834751 15869 ret = BAD_KEA_TYPE_E;
wolfSSL 11:cee25a834751 15870 } /* switch(ssl->specs.kea) */
wolfSSL 11:cee25a834751 15871
wolfSSL 11:cee25a834751 15872 /* Check for error */
wolfSSL 11:cee25a834751 15873 if (ret != 0) {
wolfSSL 11:cee25a834751 15874 goto exit_dske;
wolfSSL 11:cee25a834751 15875 }
wolfSSL 11:cee25a834751 15876
wolfSSL 11:cee25a834751 15877 /* Advance state and proceed */
wolfSSL 11:cee25a834751 15878 ssl->options.asyncState = TLS_ASYNC_DO;
wolfSSL 11:cee25a834751 15879 } /* case TLS_ASYNC_BUILD */
wolfSSL 11:cee25a834751 15880
wolfSSL 11:cee25a834751 15881 case TLS_ASYNC_DO:
wolfSSL 11:cee25a834751 15882 {
wolfSSL 11:cee25a834751 15883 switch(ssl->specs.kea)
wolfSSL 11:cee25a834751 15884 {
wolfSSL 11:cee25a834751 15885 case psk_kea:
wolfSSL 11:cee25a834751 15886 case dhe_psk_kea:
wolfSSL 11:cee25a834751 15887 case ecdhe_psk_kea:
wolfSSL 11:cee25a834751 15888 {
wolfSSL 11:cee25a834751 15889 /* Nothing to do in this sub-state */
wolfSSL 11:cee25a834751 15890 break;
wolfSSL 11:cee25a834751 15891 }
wolfSSL 11:cee25a834751 15892
wolfSSL 11:cee25a834751 15893 case diffie_hellman_kea:
wolfSSL 11:cee25a834751 15894 case ecc_diffie_hellman_kea:
wolfSSL 11:cee25a834751 15895 {
wolfSSL 11:cee25a834751 15896 #if defined(NO_DH) && !defined(HAVE_ECC)
wolfSSL 11:cee25a834751 15897 ERROR_OUT(NOT_COMPILED_IN, exit_dske);
wolfSSL 11:cee25a834751 15898 #else
wolfSSL 11:cee25a834751 15899 if (ssl->options.usingAnon_cipher) {
wolfSSL 11:cee25a834751 15900 break;
wolfSSL 11:cee25a834751 15901 }
wolfSSL 11:cee25a834751 15902
wolfSSL 11:cee25a834751 15903 if (args->verifySig == NULL) {
wolfSSL 11:cee25a834751 15904 args->verifySig = (byte*)XMALLOC(args->verifySigSz,
wolfSSL 11:cee25a834751 15905 ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 15906 if (args->verifySig == NULL) {
wolfSSL 11:cee25a834751 15907 ERROR_OUT(MEMORY_E, exit_dske);
wolfSSL 11:cee25a834751 15908 }
wolfSSL 11:cee25a834751 15909 XMEMCPY(args->verifySig, input + args->idx,
wolfSSL 11:cee25a834751 15910 args->verifySigSz);
wolfSSL 11:cee25a834751 15911 }
wolfSSL 11:cee25a834751 15912
wolfSSL 11:cee25a834751 15913 switch (args->sigAlgo)
wolfSSL 11:cee25a834751 15914 {
wolfSSL 11:cee25a834751 15915 #ifndef NO_RSA
wolfSSL 11:cee25a834751 15916 case rsa_sa_algo:
wolfSSL 11:cee25a834751 15917 {
wolfSSL 11:cee25a834751 15918 ret = RsaVerify(ssl,
wolfSSL 11:cee25a834751 15919 args->verifySig, args->verifySigSz,
wolfSSL 11:cee25a834751 15920 &args->output,
wolfSSL 11:cee25a834751 15921 ssl->peerRsaKey,
wolfSSL 11:cee25a834751 15922 #ifdef HAVE_PK_CALLBACKS
wolfSSL 11:cee25a834751 15923 ssl->buffers.peerRsaKey.buffer,
wolfSSL 11:cee25a834751 15924 ssl->buffers.peerRsaKey.length,
wolfSSL 11:cee25a834751 15925 ssl->RsaVerifyCtx
wolfSSL 11:cee25a834751 15926 #else
wolfSSL 11:cee25a834751 15927 NULL, 0, NULL
wolfSSL 11:cee25a834751 15928 #endif
wolfSSL 11:cee25a834751 15929 );
wolfSSL 11:cee25a834751 15930
wolfSSL 11:cee25a834751 15931 if (ret >= 0) {
wolfSSL 11:cee25a834751 15932 args->sigSz = (word16)ret;
wolfSSL 11:cee25a834751 15933 ret = 0;
wolfSSL 11:cee25a834751 15934 }
wolfSSL 11:cee25a834751 15935 break;
wolfSSL 11:cee25a834751 15936 }
wolfSSL 11:cee25a834751 15937 #endif /* !NO_RSA */
wolfSSL 11:cee25a834751 15938 #ifdef HAVE_ECC
wolfSSL 11:cee25a834751 15939 case ecc_dsa_sa_algo:
wolfSSL 11:cee25a834751 15940 {
wolfSSL 11:cee25a834751 15941 ret = EccVerify(ssl,
wolfSSL 11:cee25a834751 15942 args->verifySig, args->verifySigSz,
wolfSSL 11:cee25a834751 15943 ssl->buffers.digest.buffer,
wolfSSL 11:cee25a834751 15944 ssl->buffers.digest.length,
wolfSSL 11:cee25a834751 15945 ssl->peerEccDsaKey,
wolfSSL 11:cee25a834751 15946 #ifdef HAVE_PK_CALLBACKS
wolfSSL 11:cee25a834751 15947 ssl->buffers.peerEccDsaKey.buffer,
wolfSSL 11:cee25a834751 15948 ssl->buffers.peerEccDsaKey.length,
wolfSSL 11:cee25a834751 15949 ssl->EccVerifyCtx
wolfSSL 11:cee25a834751 15950 #else
wolfSSL 11:cee25a834751 15951 NULL, 0, NULL
wolfSSL 11:cee25a834751 15952 #endif
wolfSSL 11:cee25a834751 15953 );
wolfSSL 11:cee25a834751 15954
wolfSSL 11:cee25a834751 15955 break;
wolfSSL 11:cee25a834751 15956 }
wolfSSL 11:cee25a834751 15957 #endif /* HAVE_ECC */
wolfSSL 11:cee25a834751 15958
wolfSSL 11:cee25a834751 15959 default:
wolfSSL 11:cee25a834751 15960 ret = ALGO_ID_E;
wolfSSL 11:cee25a834751 15961 } /* switch (sigAlgo) */
wolfSSL 11:cee25a834751 15962 #endif /* NO_DH && !HAVE_ECC */
wolfSSL 11:cee25a834751 15963 break;
wolfSSL 11:cee25a834751 15964 }
wolfSSL 11:cee25a834751 15965 default:
wolfSSL 11:cee25a834751 15966 ret = BAD_KEA_TYPE_E;
wolfSSL 11:cee25a834751 15967 } /* switch(ssl->specs.kea) */
wolfSSL 11:cee25a834751 15968
wolfSSL 11:cee25a834751 15969 /* Check for error */
wolfSSL 11:cee25a834751 15970 if (ret != 0) {
wolfSSL 11:cee25a834751 15971 goto exit_dske;
wolfSSL 11:cee25a834751 15972 }
wolfSSL 11:cee25a834751 15973
wolfSSL 11:cee25a834751 15974 /* Advance state and proceed */
wolfSSL 11:cee25a834751 15975 ssl->options.asyncState = TLS_ASYNC_VERIFY;
wolfSSL 11:cee25a834751 15976 } /* case TLS_ASYNC_DO */
wolfSSL 11:cee25a834751 15977
wolfSSL 11:cee25a834751 15978 case TLS_ASYNC_VERIFY:
wolfSSL 11:cee25a834751 15979 {
wolfSSL 11:cee25a834751 15980 switch(ssl->specs.kea)
wolfSSL 11:cee25a834751 15981 {
wolfSSL 11:cee25a834751 15982 case psk_kea:
wolfSSL 11:cee25a834751 15983 case dhe_psk_kea:
wolfSSL 11:cee25a834751 15984 case ecdhe_psk_kea:
wolfSSL 11:cee25a834751 15985 {
wolfSSL 11:cee25a834751 15986 /* Nothing to do in this sub-state */
wolfSSL 11:cee25a834751 15987 break;
wolfSSL 11:cee25a834751 15988 }
wolfSSL 11:cee25a834751 15989
wolfSSL 11:cee25a834751 15990 case diffie_hellman_kea:
wolfSSL 11:cee25a834751 15991 case ecc_diffie_hellman_kea:
wolfSSL 11:cee25a834751 15992 {
wolfSSL 11:cee25a834751 15993 #if defined(NO_DH) && !defined(HAVE_ECC)
wolfSSL 11:cee25a834751 15994 ERROR_OUT(NOT_COMPILED_IN, exit_dske);
wolfSSL 11:cee25a834751 15995 #else
wolfSSL 11:cee25a834751 15996 if (ssl->options.usingAnon_cipher) {
wolfSSL 11:cee25a834751 15997 break;
wolfSSL 11:cee25a834751 15998 }
wolfSSL 11:cee25a834751 15999
wolfSSL 11:cee25a834751 16000 /* increment index after verify is done */
wolfSSL 11:cee25a834751 16001 args->idx += args->verifySigSz;
wolfSSL 11:cee25a834751 16002
wolfSSL 11:cee25a834751 16003 switch(args->sigAlgo)
wolfSSL 11:cee25a834751 16004 {
wolfSSL 11:cee25a834751 16005 #ifndef NO_RSA
wolfSSL 11:cee25a834751 16006 case rsa_sa_algo:
wolfSSL 11:cee25a834751 16007 {
wolfSSL 11:cee25a834751 16008 if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL 11:cee25a834751 16009 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 16010 byte* encodedSig = NULL;
wolfSSL 11:cee25a834751 16011 #else
wolfSSL 11:cee25a834751 16012 byte encodedSig[MAX_ENCODED_SIG_SZ];
wolfSSL 11:cee25a834751 16013 #endif
wolfSSL 11:cee25a834751 16014 word32 encSigSz;
wolfSSL 11:cee25a834751 16015
wolfSSL 11:cee25a834751 16016 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 16017 encodedSig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ,
wolfSSL 11:cee25a834751 16018 ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 16019 if (encodedSig == NULL) {
wolfSSL 11:cee25a834751 16020 ERROR_OUT(MEMORY_E, exit_dske);
wolfSSL 11:cee25a834751 16021 }
wolfSSL 11:cee25a834751 16022 #endif
wolfSSL 11:cee25a834751 16023
wolfSSL 11:cee25a834751 16024 encSigSz = wc_EncodeSignature(encodedSig,
wolfSSL 11:cee25a834751 16025 ssl->buffers.digest.buffer,
wolfSSL 11:cee25a834751 16026 ssl->buffers.digest.length, args->typeH);
wolfSSL 11:cee25a834751 16027 if (encSigSz != args->sigSz || !args->output ||
wolfSSL 11:cee25a834751 16028 XMEMCMP(args->output, encodedSig,
wolfSSL 11:cee25a834751 16029 min(encSigSz, MAX_ENCODED_SIG_SZ)) != 0) {
wolfSSL 11:cee25a834751 16030 ret = VERIFY_SIGN_ERROR;
wolfSSL 11:cee25a834751 16031 }
wolfSSL 11:cee25a834751 16032 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 16033 XFREE(encodedSig, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 16034 #endif
wolfSSL 11:cee25a834751 16035 if (ret != 0) {
wolfSSL 11:cee25a834751 16036 goto exit_dske;
wolfSSL 11:cee25a834751 16037 }
wolfSSL 11:cee25a834751 16038 }
wolfSSL 11:cee25a834751 16039 else if (args->sigSz != FINISHED_SZ ||
wolfSSL 11:cee25a834751 16040 !args->output ||
wolfSSL 11:cee25a834751 16041 XMEMCMP(args->output,
wolfSSL 11:cee25a834751 16042 ssl->buffers.digest.buffer,
wolfSSL 11:cee25a834751 16043 FINISHED_SZ) != 0) {
wolfSSL 11:cee25a834751 16044 ERROR_OUT(VERIFY_SIGN_ERROR, exit_dske);
wolfSSL 11:cee25a834751 16045 }
wolfSSL 11:cee25a834751 16046 break;
wolfSSL 11:cee25a834751 16047 }
wolfSSL 11:cee25a834751 16048 #endif /* !NO_RSA */
wolfSSL 11:cee25a834751 16049 #ifdef HAVE_ECC
wolfSSL 11:cee25a834751 16050 case ecc_dsa_sa_algo:
wolfSSL 11:cee25a834751 16051 /* Nothing to do in this algo */
wolfSSL 11:cee25a834751 16052 break;
wolfSSL 11:cee25a834751 16053 #endif /* HAVE_ECC */
wolfSSL 11:cee25a834751 16054 default:
wolfSSL 11:cee25a834751 16055 ret = ALGO_ID_E;
wolfSSL 11:cee25a834751 16056 } /* switch (sigAlgo) */
wolfSSL 11:cee25a834751 16057 #endif /* NO_DH && !HAVE_ECC */
wolfSSL 11:cee25a834751 16058 break;
wolfSSL 11:cee25a834751 16059 }
wolfSSL 11:cee25a834751 16060 default:
wolfSSL 11:cee25a834751 16061 ret = BAD_KEA_TYPE_E;
wolfSSL 11:cee25a834751 16062 } /* switch(ssl->specs.kea) */
wolfSSL 11:cee25a834751 16063
wolfSSL 11:cee25a834751 16064 /* Check for error */
wolfSSL 11:cee25a834751 16065 if (ret != 0) {
wolfSSL 11:cee25a834751 16066 goto exit_dske;
wolfSSL 11:cee25a834751 16067 }
wolfSSL 11:cee25a834751 16068
wolfSSL 11:cee25a834751 16069 /* Advance state and proceed */
wolfSSL 11:cee25a834751 16070 ssl->options.asyncState = TLS_ASYNC_FINALIZE;
wolfSSL 11:cee25a834751 16071 } /* case TLS_ASYNC_VERIFY */
wolfSSL 11:cee25a834751 16072
wolfSSL 11:cee25a834751 16073 case TLS_ASYNC_FINALIZE:
wolfSSL 11:cee25a834751 16074 {
wolfSSL 11:cee25a834751 16075 if (IsEncryptionOn(ssl, 0)) {
wolfSSL 11:cee25a834751 16076 args->idx += ssl->keys.padSz;
wolfSSL 11:cee25a834751 16077 }
wolfSSL 11:cee25a834751 16078
wolfSSL 11:cee25a834751 16079 /* QSH extensions */
wolfSSL 11:cee25a834751 16080 #ifdef HAVE_QSH
wolfSSL 11:cee25a834751 16081 if (ssl->peerQSHKeyPresent) {
wolfSSL 11:cee25a834751 16082 word16 name;
wolfSSL 11:cee25a834751 16083 int qshSz;
wolfSSL 11:cee25a834751 16084
wolfSSL 11:cee25a834751 16085 /* extension name */
wolfSSL 11:cee25a834751 16086 ato16(input + args->idx, &name);
wolfSSL 11:cee25a834751 16087 args->idx += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 16088
wolfSSL 11:cee25a834751 16089 if (name == TLSX_QUANTUM_SAFE_HYBRID) {
wolfSSL 11:cee25a834751 16090 /* if qshSz is larger than 0 it is the length of
wolfSSL 11:cee25a834751 16091 buffer used */
wolfSSL 11:cee25a834751 16092 if ((qshSz = TLSX_QSHCipher_Parse(ssl, input + args->idx,
wolfSSL 11:cee25a834751 16093 size, 0)) < 0) {
wolfSSL 11:cee25a834751 16094 ERROR_OUT(qshSz, exit_dske);
wolfSSL 11:cee25a834751 16095 }
wolfSSL 11:cee25a834751 16096 args->idx += qshSz;
wolfSSL 11:cee25a834751 16097 }
wolfSSL 11:cee25a834751 16098 else {
wolfSSL 11:cee25a834751 16099 /* unknown extension sent server ignored handshake */
wolfSSL 11:cee25a834751 16100 ERROR_OUT(BUFFER_ERROR, exit_dske);
wolfSSL 11:cee25a834751 16101 }
wolfSSL 11:cee25a834751 16102 }
wolfSSL 11:cee25a834751 16103 #endif
wolfSSL 11:cee25a834751 16104
wolfSSL 11:cee25a834751 16105 /* Advance state and proceed */
wolfSSL 11:cee25a834751 16106 ssl->options.asyncState = TLS_ASYNC_END;
wolfSSL 11:cee25a834751 16107 } /* case TLS_ASYNC_FINALIZE */
wolfSSL 11:cee25a834751 16108
wolfSSL 11:cee25a834751 16109 case TLS_ASYNC_END:
wolfSSL 11:cee25a834751 16110 {
wolfSSL 11:cee25a834751 16111 /* return index */
wolfSSL 11:cee25a834751 16112 *inOutIdx = args->idx;
wolfSSL 11:cee25a834751 16113
wolfSSL 11:cee25a834751 16114 ssl->options.serverState = SERVER_KEYEXCHANGE_COMPLETE;
wolfSSL 11:cee25a834751 16115 break;
wolfSSL 11:cee25a834751 16116 }
wolfSSL 11:cee25a834751 16117 default:
wolfSSL 11:cee25a834751 16118 ret = INPUT_CASE_ERROR;
wolfSSL 11:cee25a834751 16119 } /* switch(ssl->options.asyncState) */
wolfSSL 11:cee25a834751 16120
wolfSSL 11:cee25a834751 16121 exit_dske:
wolfSSL 11:cee25a834751 16122
wolfSSL 11:cee25a834751 16123 WOLFSSL_LEAVE("DoServerKeyExchange", ret);
wolfSSL 11:cee25a834751 16124
wolfSSL 11:cee25a834751 16125 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 11:cee25a834751 16126 /* Handle async operation */
wolfSSL 11:cee25a834751 16127 if (ret == WC_PENDING_E) {
wolfSSL 11:cee25a834751 16128 /* Mark message as not recevied so it can process again */
wolfSSL 11:cee25a834751 16129 ssl->msgsReceived.got_server_key_exchange = 0;
wolfSSL 11:cee25a834751 16130
wolfSSL 11:cee25a834751 16131 return ret;
wolfSSL 11:cee25a834751 16132 }
wolfSSL 11:cee25a834751 16133 #endif /* WOLFSSL_ASYNC_CRYPT */
wolfSSL 11:cee25a834751 16134
wolfSSL 11:cee25a834751 16135 /* Final cleanup */
wolfSSL 11:cee25a834751 16136 FreeDskeArgs(ssl, args);
wolfSSL 11:cee25a834751 16137 FreeKeyExchange(ssl);
wolfSSL 11:cee25a834751 16138
wolfSSL 11:cee25a834751 16139 return ret;
wolfSSL 11:cee25a834751 16140 }
wolfSSL 11:cee25a834751 16141
wolfSSL 11:cee25a834751 16142
wolfSSL 11:cee25a834751 16143 #ifdef HAVE_QSH
wolfSSL 11:cee25a834751 16144
wolfSSL 11:cee25a834751 16145 #ifdef HAVE_NTRU
wolfSSL 11:cee25a834751 16146 /* Encrypt a byte array using ntru
wolfSSL 11:cee25a834751 16147 key a struct containing the public key to use
wolfSSL 11:cee25a834751 16148 bufIn array to be encrypted
wolfSSL 11:cee25a834751 16149 inSz size of bufIn array
wolfSSL 11:cee25a834751 16150 bufOut cipher text out
wolfSSL 11:cee25a834751 16151 outSz will be set to the new size of cipher text
wolfSSL 11:cee25a834751 16152 */
wolfSSL 11:cee25a834751 16153 static int NtruSecretEncrypt(QSHKey* key, byte* bufIn, word32 inSz,
wolfSSL 11:cee25a834751 16154 byte* bufOut, word16* outSz)
wolfSSL 11:cee25a834751 16155 {
wolfSSL 11:cee25a834751 16156 int ret;
wolfSSL 11:cee25a834751 16157 DRBG_HANDLE drbg;
wolfSSL 11:cee25a834751 16158
wolfSSL 11:cee25a834751 16159 /* sanity checks on input arguments */
wolfSSL 11:cee25a834751 16160 if (key == NULL || bufIn == NULL || bufOut == NULL || outSz == NULL)
wolfSSL 11:cee25a834751 16161 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 16162
wolfSSL 11:cee25a834751 16163 if (key->pub.buffer == NULL)
wolfSSL 11:cee25a834751 16164 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 16165
wolfSSL 11:cee25a834751 16166 switch (key->name) {
wolfSSL 11:cee25a834751 16167 case WOLFSSL_NTRU_EESS439:
wolfSSL 11:cee25a834751 16168 case WOLFSSL_NTRU_EESS593:
wolfSSL 11:cee25a834751 16169 case WOLFSSL_NTRU_EESS743:
wolfSSL 11:cee25a834751 16170 break;
wolfSSL 11:cee25a834751 16171 default:
wolfSSL 11:cee25a834751 16172 WOLFSSL_MSG("Unknown QSH encryption key!");
wolfSSL 11:cee25a834751 16173 return -1;
wolfSSL 11:cee25a834751 16174 }
wolfSSL 11:cee25a834751 16175
wolfSSL 11:cee25a834751 16176 /* set up ntru drbg */
wolfSSL 11:cee25a834751 16177 ret = ntru_crypto_drbg_external_instantiate(GetEntropy, &drbg);
wolfSSL 11:cee25a834751 16178 if (ret != DRBG_OK)
wolfSSL 11:cee25a834751 16179 return NTRU_DRBG_ERROR;
wolfSSL 11:cee25a834751 16180
wolfSSL 11:cee25a834751 16181 /* encrypt the byte array */
wolfSSL 11:cee25a834751 16182 ret = ntru_crypto_ntru_encrypt(drbg, key->pub.length, key->pub.buffer,
wolfSSL 11:cee25a834751 16183 inSz, bufIn, outSz, bufOut);
wolfSSL 11:cee25a834751 16184 ntru_crypto_drbg_uninstantiate(drbg);
wolfSSL 11:cee25a834751 16185 if (ret != NTRU_OK)
wolfSSL 11:cee25a834751 16186 return NTRU_ENCRYPT_ERROR;
wolfSSL 11:cee25a834751 16187
wolfSSL 11:cee25a834751 16188 return ret;
wolfSSL 11:cee25a834751 16189 }
wolfSSL 11:cee25a834751 16190
wolfSSL 11:cee25a834751 16191 /* Decrypt a byte array using ntru
wolfSSL 11:cee25a834751 16192 key a struct containing the private key to use
wolfSSL 11:cee25a834751 16193 bufIn array to be decrypted
wolfSSL 11:cee25a834751 16194 inSz size of bufIn array
wolfSSL 11:cee25a834751 16195 bufOut plain text out
wolfSSL 11:cee25a834751 16196 outSz will be set to the new size of plain text
wolfSSL 11:cee25a834751 16197 */
wolfSSL 11:cee25a834751 16198
wolfSSL 11:cee25a834751 16199 static int NtruSecretDecrypt(QSHKey* key, byte* bufIn, word32 inSz,
wolfSSL 11:cee25a834751 16200 byte* bufOut, word16* outSz)
wolfSSL 11:cee25a834751 16201 {
wolfSSL 11:cee25a834751 16202 int ret;
wolfSSL 11:cee25a834751 16203 DRBG_HANDLE drbg;
wolfSSL 11:cee25a834751 16204
wolfSSL 11:cee25a834751 16205 /* sanity checks on input arguments */
wolfSSL 11:cee25a834751 16206 if (key == NULL || bufIn == NULL || bufOut == NULL || outSz == NULL)
wolfSSL 11:cee25a834751 16207 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 16208
wolfSSL 11:cee25a834751 16209 if (key->pri.buffer == NULL)
wolfSSL 11:cee25a834751 16210 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 16211
wolfSSL 11:cee25a834751 16212 switch (key->name) {
wolfSSL 11:cee25a834751 16213 case WOLFSSL_NTRU_EESS439:
wolfSSL 11:cee25a834751 16214 case WOLFSSL_NTRU_EESS593:
wolfSSL 11:cee25a834751 16215 case WOLFSSL_NTRU_EESS743:
wolfSSL 11:cee25a834751 16216 break;
wolfSSL 11:cee25a834751 16217 default:
wolfSSL 11:cee25a834751 16218 WOLFSSL_MSG("Unknown QSH decryption key!");
wolfSSL 11:cee25a834751 16219 return -1;
wolfSSL 11:cee25a834751 16220 }
wolfSSL 11:cee25a834751 16221
wolfSSL 11:cee25a834751 16222
wolfSSL 11:cee25a834751 16223 /* set up drbg */
wolfSSL 11:cee25a834751 16224 ret = ntru_crypto_drbg_external_instantiate(GetEntropy, &drbg);
wolfSSL 11:cee25a834751 16225 if (ret != DRBG_OK)
wolfSSL 11:cee25a834751 16226 return NTRU_DRBG_ERROR;
wolfSSL 11:cee25a834751 16227
wolfSSL 11:cee25a834751 16228 /* decrypt cipher text */
wolfSSL 11:cee25a834751 16229 ret = ntru_crypto_ntru_decrypt(key->pri.length, key->pri.buffer,
wolfSSL 11:cee25a834751 16230 inSz, bufIn, outSz, bufOut);
wolfSSL 11:cee25a834751 16231 ntru_crypto_drbg_uninstantiate(drbg);
wolfSSL 11:cee25a834751 16232 if (ret != NTRU_OK)
wolfSSL 11:cee25a834751 16233 return NTRU_ENCRYPT_ERROR;
wolfSSL 11:cee25a834751 16234
wolfSSL 11:cee25a834751 16235 return ret;
wolfSSL 11:cee25a834751 16236 }
wolfSSL 11:cee25a834751 16237 #endif /* HAVE_NTRU */
wolfSSL 11:cee25a834751 16238
wolfSSL 11:cee25a834751 16239 int QSH_Init(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 16240 {
wolfSSL 11:cee25a834751 16241 /* check so not initialising twice when running DTLS */
wolfSSL 11:cee25a834751 16242 if (ssl->QSH_secret != NULL)
wolfSSL 11:cee25a834751 16243 return 0;
wolfSSL 11:cee25a834751 16244
wolfSSL 11:cee25a834751 16245 /* malloc memory for holding generated secret information */
wolfSSL 11:cee25a834751 16246 if ((ssl->QSH_secret = (QSHSecret*)XMALLOC(sizeof(QSHSecret), ssl->heap,
wolfSSL 11:cee25a834751 16247 DYNAMIC_TYPE_TMP_BUFFER)) == NULL)
wolfSSL 11:cee25a834751 16248 return MEMORY_E;
wolfSSL 11:cee25a834751 16249
wolfSSL 11:cee25a834751 16250 ssl->QSH_secret->CliSi = (buffer*)XMALLOC(sizeof(buffer), ssl->heap,
wolfSSL 11:cee25a834751 16251 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 16252 if (ssl->QSH_secret->CliSi == NULL)
wolfSSL 11:cee25a834751 16253 return MEMORY_E;
wolfSSL 11:cee25a834751 16254
wolfSSL 11:cee25a834751 16255 ssl->QSH_secret->SerSi = (buffer*)XMALLOC(sizeof(buffer), ssl->heap,
wolfSSL 11:cee25a834751 16256 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 16257 if (ssl->QSH_secret->SerSi == NULL)
wolfSSL 11:cee25a834751 16258 return MEMORY_E;
wolfSSL 11:cee25a834751 16259
wolfSSL 11:cee25a834751 16260 /* initialize variables */
wolfSSL 11:cee25a834751 16261 ssl->QSH_secret->list = NULL;
wolfSSL 11:cee25a834751 16262 ssl->QSH_secret->CliSi->length = 0;
wolfSSL 11:cee25a834751 16263 ssl->QSH_secret->CliSi->buffer = NULL;
wolfSSL 11:cee25a834751 16264 ssl->QSH_secret->SerSi->length = 0;
wolfSSL 11:cee25a834751 16265 ssl->QSH_secret->SerSi->buffer = NULL;
wolfSSL 11:cee25a834751 16266
wolfSSL 11:cee25a834751 16267 return 0;
wolfSSL 11:cee25a834751 16268 }
wolfSSL 11:cee25a834751 16269
wolfSSL 11:cee25a834751 16270
wolfSSL 11:cee25a834751 16271 static int QSH_Encrypt(QSHKey* key, byte* in, word32 szIn,
wolfSSL 11:cee25a834751 16272 byte* out, word32* szOut)
wolfSSL 11:cee25a834751 16273 {
wolfSSL 11:cee25a834751 16274 int ret = 0;
wolfSSL 11:cee25a834751 16275 word16 size = *szOut;
wolfSSL 11:cee25a834751 16276
wolfSSL 11:cee25a834751 16277 (void)in;
wolfSSL 11:cee25a834751 16278 (void)szIn;
wolfSSL 11:cee25a834751 16279 (void)out;
wolfSSL 11:cee25a834751 16280 (void)szOut;
wolfSSL 11:cee25a834751 16281
wolfSSL 11:cee25a834751 16282 WOLFSSL_MSG("Encrypting QSH key material");
wolfSSL 11:cee25a834751 16283
wolfSSL 11:cee25a834751 16284 switch (key->name) {
wolfSSL 11:cee25a834751 16285 #ifdef HAVE_NTRU
wolfSSL 11:cee25a834751 16286 case WOLFSSL_NTRU_EESS439:
wolfSSL 11:cee25a834751 16287 case WOLFSSL_NTRU_EESS593:
wolfSSL 11:cee25a834751 16288 case WOLFSSL_NTRU_EESS743:
wolfSSL 11:cee25a834751 16289 ret = NtruSecretEncrypt(key, in, szIn, out, &size);
wolfSSL 11:cee25a834751 16290 break;
wolfSSL 11:cee25a834751 16291 #endif
wolfSSL 11:cee25a834751 16292 default:
wolfSSL 11:cee25a834751 16293 WOLFSSL_MSG("Unknown QSH encryption key!");
wolfSSL 11:cee25a834751 16294 return -1;
wolfSSL 11:cee25a834751 16295 }
wolfSSL 11:cee25a834751 16296
wolfSSL 11:cee25a834751 16297 *szOut = size;
wolfSSL 11:cee25a834751 16298
wolfSSL 11:cee25a834751 16299 return ret;
wolfSSL 11:cee25a834751 16300 }
wolfSSL 11:cee25a834751 16301
wolfSSL 11:cee25a834751 16302
wolfSSL 11:cee25a834751 16303 /* Decrypt using Quantum Safe Handshake algorithms */
wolfSSL 11:cee25a834751 16304 int QSH_Decrypt(QSHKey* key, byte* in, word32 szIn, byte* out, word16* szOut)
wolfSSL 11:cee25a834751 16305 {
wolfSSL 11:cee25a834751 16306 int ret = 0;
wolfSSL 11:cee25a834751 16307 word16 size = *szOut;
wolfSSL 11:cee25a834751 16308
wolfSSL 11:cee25a834751 16309 (void)in;
wolfSSL 11:cee25a834751 16310 (void)szIn;
wolfSSL 11:cee25a834751 16311 (void)out;
wolfSSL 11:cee25a834751 16312 (void)szOut;
wolfSSL 11:cee25a834751 16313
wolfSSL 11:cee25a834751 16314 WOLFSSL_MSG("Decrypting QSH key material");
wolfSSL 11:cee25a834751 16315
wolfSSL 11:cee25a834751 16316 switch (key->name) {
wolfSSL 11:cee25a834751 16317 #ifdef HAVE_NTRU
wolfSSL 11:cee25a834751 16318 case WOLFSSL_NTRU_EESS439:
wolfSSL 11:cee25a834751 16319 case WOLFSSL_NTRU_EESS593:
wolfSSL 11:cee25a834751 16320 case WOLFSSL_NTRU_EESS743:
wolfSSL 11:cee25a834751 16321 ret = NtruSecretDecrypt(key, in, szIn, out, &size);
wolfSSL 11:cee25a834751 16322 break;
wolfSSL 11:cee25a834751 16323 #endif
wolfSSL 11:cee25a834751 16324 default:
wolfSSL 11:cee25a834751 16325 WOLFSSL_MSG("Unknown QSH decryption key!");
wolfSSL 11:cee25a834751 16326 return -1;
wolfSSL 11:cee25a834751 16327 }
wolfSSL 11:cee25a834751 16328
wolfSSL 11:cee25a834751 16329 *szOut = size;
wolfSSL 11:cee25a834751 16330
wolfSSL 11:cee25a834751 16331 return ret;
wolfSSL 11:cee25a834751 16332 }
wolfSSL 11:cee25a834751 16333
wolfSSL 11:cee25a834751 16334
wolfSSL 11:cee25a834751 16335 /* Get the max cipher text for corresponding encryption scheme
wolfSSL 11:cee25a834751 16336 (encrypting 48 or max plain text whichever is smaller)
wolfSSL 11:cee25a834751 16337 */
wolfSSL 11:cee25a834751 16338 static word32 QSH_MaxSecret(QSHKey* key)
wolfSSL 11:cee25a834751 16339 {
wolfSSL 11:cee25a834751 16340 int ret = 0;
wolfSSL 11:cee25a834751 16341 #ifdef HAVE_NTRU
wolfSSL 11:cee25a834751 16342 byte isNtru = 0;
wolfSSL 11:cee25a834751 16343 word16 inSz = 48;
wolfSSL 11:cee25a834751 16344 word16 outSz;
wolfSSL 11:cee25a834751 16345 DRBG_HANDLE drbg = 0;
wolfSSL 11:cee25a834751 16346 byte bufIn[48];
wolfSSL 11:cee25a834751 16347 #endif
wolfSSL 11:cee25a834751 16348
wolfSSL 11:cee25a834751 16349 if (key == NULL || key->pub.length == 0)
wolfSSL 11:cee25a834751 16350 return 0;
wolfSSL 11:cee25a834751 16351
wolfSSL 11:cee25a834751 16352 switch(key->name) {
wolfSSL 11:cee25a834751 16353 #ifdef HAVE_NTRU
wolfSSL 11:cee25a834751 16354 case WOLFSSL_NTRU_EESS439:
wolfSSL 11:cee25a834751 16355 isNtru = 1;
wolfSSL 11:cee25a834751 16356 break;
wolfSSL 11:cee25a834751 16357 case WOLFSSL_NTRU_EESS593:
wolfSSL 11:cee25a834751 16358 isNtru = 1;
wolfSSL 11:cee25a834751 16359 break;
wolfSSL 11:cee25a834751 16360 case WOLFSSL_NTRU_EESS743:
wolfSSL 11:cee25a834751 16361 isNtru = 1;
wolfSSL 11:cee25a834751 16362 break;
wolfSSL 11:cee25a834751 16363 #endif
wolfSSL 11:cee25a834751 16364 default:
wolfSSL 11:cee25a834751 16365 WOLFSSL_MSG("Unknown QSH encryption scheme size!");
wolfSSL 11:cee25a834751 16366 return 0;
wolfSSL 11:cee25a834751 16367 }
wolfSSL 11:cee25a834751 16368
wolfSSL 11:cee25a834751 16369 #ifdef HAVE_NTRU
wolfSSL 11:cee25a834751 16370 if (isNtru) {
wolfSSL 11:cee25a834751 16371 ret = ntru_crypto_drbg_external_instantiate(GetEntropy, &drbg);
wolfSSL 11:cee25a834751 16372 if (ret != DRBG_OK)
wolfSSL 11:cee25a834751 16373 return NTRU_DRBG_ERROR;
wolfSSL 11:cee25a834751 16374 ret = ntru_crypto_ntru_encrypt(drbg, key->pub.length,
wolfSSL 11:cee25a834751 16375 key->pub.buffer, inSz, bufIn, &outSz, NULL);
wolfSSL 11:cee25a834751 16376 if (ret != NTRU_OK) {
wolfSSL 11:cee25a834751 16377 return NTRU_ENCRYPT_ERROR;
wolfSSL 11:cee25a834751 16378 }
wolfSSL 11:cee25a834751 16379 ntru_crypto_drbg_uninstantiate(drbg);
wolfSSL 11:cee25a834751 16380 ret = outSz;
wolfSSL 11:cee25a834751 16381 }
wolfSSL 11:cee25a834751 16382 #endif
wolfSSL 11:cee25a834751 16383
wolfSSL 11:cee25a834751 16384 return ret;
wolfSSL 11:cee25a834751 16385 }
wolfSSL 11:cee25a834751 16386
wolfSSL 11:cee25a834751 16387 /* Generate the secret byte material for pms
wolfSSL 11:cee25a834751 16388 returns length on success and -1 on fail
wolfSSL 11:cee25a834751 16389 */
wolfSSL 11:cee25a834751 16390 static int QSH_GenerateSerCliSecret(WOLFSSL* ssl, byte isServer)
wolfSSL 11:cee25a834751 16391 {
wolfSSL 11:cee25a834751 16392 int sz = 0;
wolfSSL 11:cee25a834751 16393 int plainSz = 48; /* lesser of 48 and max plain text able to encrypt */
wolfSSL 11:cee25a834751 16394 int offset = 0;
wolfSSL 11:cee25a834751 16395 word32 tmpSz = 0;
wolfSSL 11:cee25a834751 16396 buffer* buf;
wolfSSL 11:cee25a834751 16397 QSHKey* current = ssl->peerQSHKey;
wolfSSL 11:cee25a834751 16398 QSHScheme* schmPre = NULL;
wolfSSL 11:cee25a834751 16399 QSHScheme* schm = NULL;
wolfSSL 11:cee25a834751 16400
wolfSSL 11:cee25a834751 16401 if (ssl == NULL)
wolfSSL 11:cee25a834751 16402 return -1;
wolfSSL 11:cee25a834751 16403
wolfSSL 11:cee25a834751 16404 WOLFSSL_MSG("Generating QSH secret key material");
wolfSSL 11:cee25a834751 16405
wolfSSL 11:cee25a834751 16406 /* get size of buffer needed */
wolfSSL 11:cee25a834751 16407 while (current) {
wolfSSL 11:cee25a834751 16408 if (current->pub.length != 0) {
wolfSSL 11:cee25a834751 16409 sz += plainSz;
wolfSSL 11:cee25a834751 16410 }
wolfSSL 11:cee25a834751 16411 current = (QSHKey*)current->next;
wolfSSL 11:cee25a834751 16412 }
wolfSSL 11:cee25a834751 16413
wolfSSL 11:cee25a834751 16414 /* allocate memory for buffer */
wolfSSL 11:cee25a834751 16415 if (isServer) {
wolfSSL 11:cee25a834751 16416 buf = ssl->QSH_secret->SerSi;
wolfSSL 11:cee25a834751 16417 }
wolfSSL 11:cee25a834751 16418 else {
wolfSSL 11:cee25a834751 16419 buf = ssl->QSH_secret->CliSi;
wolfSSL 11:cee25a834751 16420 }
wolfSSL 11:cee25a834751 16421 buf->length = sz;
wolfSSL 11:cee25a834751 16422 buf->buffer = (byte*)XMALLOC(sz, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 16423 if (buf->buffer == NULL) {
wolfSSL 11:cee25a834751 16424 WOLFSSL_ERROR(MEMORY_E);
wolfSSL 11:cee25a834751 16425 }
wolfSSL 11:cee25a834751 16426
wolfSSL 11:cee25a834751 16427 /* create secret information */
wolfSSL 11:cee25a834751 16428 sz = 0;
wolfSSL 11:cee25a834751 16429 current = ssl->peerQSHKey;
wolfSSL 11:cee25a834751 16430 while (current) {
wolfSSL 11:cee25a834751 16431 schm = (QSHScheme*)XMALLOC(sizeof(QSHScheme), ssl->heap,
wolfSSL 11:cee25a834751 16432 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 16433 if (schm == NULL)
wolfSSL 11:cee25a834751 16434 return MEMORY_E;
wolfSSL 11:cee25a834751 16435
wolfSSL 11:cee25a834751 16436 /* initialize variables */
wolfSSL 11:cee25a834751 16437 schm->name = 0;
wolfSSL 11:cee25a834751 16438 schm->PK = NULL;
wolfSSL 11:cee25a834751 16439 schm->PKLen = 0;
wolfSSL 11:cee25a834751 16440 schm->next = NULL;
wolfSSL 11:cee25a834751 16441 if (ssl->QSH_secret->list == NULL) {
wolfSSL 11:cee25a834751 16442 ssl->QSH_secret->list = schm;
wolfSSL 11:cee25a834751 16443 }
wolfSSL 11:cee25a834751 16444 else {
wolfSSL 11:cee25a834751 16445 if (schmPre)
wolfSSL 11:cee25a834751 16446 schmPre->next = schm;
wolfSSL 11:cee25a834751 16447 }
wolfSSL 11:cee25a834751 16448
wolfSSL 11:cee25a834751 16449 tmpSz = QSH_MaxSecret(current);
wolfSSL 11:cee25a834751 16450
wolfSSL 11:cee25a834751 16451 if ((schm->PK = (byte*)XMALLOC(tmpSz, ssl->heap,
wolfSSL 11:cee25a834751 16452 DYNAMIC_TYPE_TMP_BUFFER)) == NULL)
wolfSSL 11:cee25a834751 16453 return -1;
wolfSSL 11:cee25a834751 16454
wolfSSL 11:cee25a834751 16455 /* store info for writing extension */
wolfSSL 11:cee25a834751 16456 schm->name = current->name;
wolfSSL 11:cee25a834751 16457
wolfSSL 11:cee25a834751 16458 /* no key to use for encryption */
wolfSSL 11:cee25a834751 16459 if (tmpSz == 0) {
wolfSSL 11:cee25a834751 16460 current = (QSHKey*)current->next;
wolfSSL 11:cee25a834751 16461 continue;
wolfSSL 11:cee25a834751 16462 }
wolfSSL 11:cee25a834751 16463
wolfSSL 11:cee25a834751 16464 if (wc_RNG_GenerateBlock(ssl->rng, buf->buffer + offset, plainSz)
wolfSSL 11:cee25a834751 16465 != 0) {
wolfSSL 11:cee25a834751 16466 return -1;
wolfSSL 11:cee25a834751 16467 }
wolfSSL 11:cee25a834751 16468 if (QSH_Encrypt(current, buf->buffer + offset, plainSz, schm->PK,
wolfSSL 11:cee25a834751 16469 &tmpSz) != 0) {
wolfSSL 11:cee25a834751 16470 return -1;
wolfSSL 11:cee25a834751 16471 }
wolfSSL 11:cee25a834751 16472 schm->PKLen = tmpSz;
wolfSSL 11:cee25a834751 16473
wolfSSL 11:cee25a834751 16474 sz += tmpSz;
wolfSSL 11:cee25a834751 16475 offset += plainSz;
wolfSSL 11:cee25a834751 16476 schmPre = schm;
wolfSSL 11:cee25a834751 16477 current = (QSHKey*)current->next;
wolfSSL 11:cee25a834751 16478 }
wolfSSL 11:cee25a834751 16479
wolfSSL 11:cee25a834751 16480 return sz;
wolfSSL 11:cee25a834751 16481 }
wolfSSL 11:cee25a834751 16482
wolfSSL 11:cee25a834751 16483
wolfSSL 11:cee25a834751 16484 static word32 QSH_KeyGetSize(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 16485 {
wolfSSL 11:cee25a834751 16486 word32 sz = 0;
wolfSSL 11:cee25a834751 16487 QSHKey* current = ssl->peerQSHKey;
wolfSSL 11:cee25a834751 16488
wolfSSL 11:cee25a834751 16489 if (ssl == NULL)
wolfSSL 11:cee25a834751 16490 return -1;
wolfSSL 11:cee25a834751 16491
wolfSSL 11:cee25a834751 16492 sz += OPAQUE16_LEN; /* type of extension ie 0x00 0x18 */
wolfSSL 11:cee25a834751 16493 sz += OPAQUE24_LEN;
wolfSSL 11:cee25a834751 16494 /* get size of buffer needed */
wolfSSL 11:cee25a834751 16495 while (current) {
wolfSSL 11:cee25a834751 16496 sz += OPAQUE16_LEN; /* scheme id */
wolfSSL 11:cee25a834751 16497 sz += OPAQUE16_LEN; /* encrypted key len*/
wolfSSL 11:cee25a834751 16498 sz += QSH_MaxSecret(current);
wolfSSL 11:cee25a834751 16499 current = (QSHKey*)current->next;
wolfSSL 11:cee25a834751 16500 }
wolfSSL 11:cee25a834751 16501
wolfSSL 11:cee25a834751 16502 return sz;
wolfSSL 11:cee25a834751 16503 }
wolfSSL 11:cee25a834751 16504
wolfSSL 11:cee25a834751 16505
wolfSSL 11:cee25a834751 16506 /* handle QSH key Exchange
wolfSSL 11:cee25a834751 16507 return 0 on success
wolfSSL 11:cee25a834751 16508 */
wolfSSL 11:cee25a834751 16509 static word32 QSH_KeyExchangeWrite(WOLFSSL* ssl, byte isServer)
wolfSSL 11:cee25a834751 16510 {
wolfSSL 11:cee25a834751 16511 int ret = 0;
wolfSSL 11:cee25a834751 16512
wolfSSL 11:cee25a834751 16513 WOLFSSL_ENTER("QSH KeyExchange");
wolfSSL 11:cee25a834751 16514
wolfSSL 11:cee25a834751 16515 ret = QSH_GenerateSerCliSecret(ssl, isServer);
wolfSSL 11:cee25a834751 16516 if (ret < 0)
wolfSSL 11:cee25a834751 16517 return MEMORY_E;
wolfSSL 11:cee25a834751 16518
wolfSSL 11:cee25a834751 16519 return 0;
wolfSSL 11:cee25a834751 16520 }
wolfSSL 11:cee25a834751 16521
wolfSSL 11:cee25a834751 16522 #endif /* HAVE_QSH */
wolfSSL 11:cee25a834751 16523
wolfSSL 11:cee25a834751 16524
wolfSSL 11:cee25a834751 16525 typedef struct SckeArgs {
wolfSSL 11:cee25a834751 16526 byte* output; /* not allocated */
wolfSSL 11:cee25a834751 16527 byte* encSecret;
wolfSSL 11:cee25a834751 16528 byte* input;
wolfSSL 11:cee25a834751 16529 word32 encSz;
wolfSSL 11:cee25a834751 16530 word32 length;
wolfSSL 11:cee25a834751 16531 int sendSz;
wolfSSL 11:cee25a834751 16532 int inputSz;
wolfSSL 11:cee25a834751 16533 } SckeArgs;
wolfSSL 11:cee25a834751 16534
wolfSSL 11:cee25a834751 16535 static void FreeSckeArgs(WOLFSSL* ssl, void* pArgs)
wolfSSL 11:cee25a834751 16536 {
wolfSSL 11:cee25a834751 16537 SckeArgs* args = (SckeArgs*)pArgs;
wolfSSL 11:cee25a834751 16538
wolfSSL 11:cee25a834751 16539 (void)ssl;
wolfSSL 11:cee25a834751 16540
wolfSSL 11:cee25a834751 16541 if (args->encSecret) {
wolfSSL 11:cee25a834751 16542 XFREE(args->encSecret, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 16543 args->encSecret = NULL;
wolfSSL 11:cee25a834751 16544 }
wolfSSL 11:cee25a834751 16545 if (args->input) {
wolfSSL 11:cee25a834751 16546 XFREE(args->input, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 16547 args->input = NULL;
wolfSSL 11:cee25a834751 16548 }
wolfSSL 11:cee25a834751 16549 }
wolfSSL 11:cee25a834751 16550
wolfSSL 11:cee25a834751 16551 int SendClientKeyExchange(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 16552 {
wolfSSL 11:cee25a834751 16553 int ret = 0;
wolfSSL 11:cee25a834751 16554 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 11:cee25a834751 16555 SckeArgs* args = (SckeArgs*)ssl->async.args;
wolfSSL 11:cee25a834751 16556 typedef char args_test[sizeof(ssl->async.args) >= sizeof(*args) ? 1 : -1];
wolfSSL 11:cee25a834751 16557 (void)sizeof(args_test);
wolfSSL 11:cee25a834751 16558 #else
wolfSSL 11:cee25a834751 16559 SckeArgs args[1];
wolfSSL 11:cee25a834751 16560 #endif
wolfSSL 11:cee25a834751 16561
wolfSSL 11:cee25a834751 16562 WOLFSSL_ENTER("SendClientKeyExchange");
wolfSSL 11:cee25a834751 16563
wolfSSL 11:cee25a834751 16564 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 11:cee25a834751 16565 ret = wolfSSL_AsyncPop(ssl, &ssl->options.asyncState);
wolfSSL 11:cee25a834751 16566 if (ret != WC_NOT_PENDING_E) {
wolfSSL 11:cee25a834751 16567 /* Check for error */
wolfSSL 11:cee25a834751 16568 if (ret < 0)
wolfSSL 11:cee25a834751 16569 goto exit_scke;
wolfSSL 11:cee25a834751 16570 }
wolfSSL 11:cee25a834751 16571 else
wolfSSL 11:cee25a834751 16572 #endif
wolfSSL 11:cee25a834751 16573 {
wolfSSL 11:cee25a834751 16574 /* Reset state */
wolfSSL 11:cee25a834751 16575 ret = 0;
wolfSSL 11:cee25a834751 16576 ssl->options.asyncState = TLS_ASYNC_BEGIN;
wolfSSL 11:cee25a834751 16577 XMEMSET(args, 0, sizeof(SckeArgs));
wolfSSL 11:cee25a834751 16578 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 11:cee25a834751 16579 ssl->async.freeArgs = FreeSckeArgs;
wolfSSL 11:cee25a834751 16580 #endif
wolfSSL 11:cee25a834751 16581 }
wolfSSL 11:cee25a834751 16582
wolfSSL 11:cee25a834751 16583 switch(ssl->options.asyncState)
wolfSSL 11:cee25a834751 16584 {
wolfSSL 11:cee25a834751 16585 case TLS_ASYNC_BEGIN:
wolfSSL 11:cee25a834751 16586 {
wolfSSL 11:cee25a834751 16587 switch (ssl->specs.kea) {
wolfSSL 11:cee25a834751 16588 #ifndef NO_RSA
wolfSSL 11:cee25a834751 16589 case rsa_kea:
wolfSSL 11:cee25a834751 16590 if (ssl->peerRsaKey == NULL ||
wolfSSL 11:cee25a834751 16591 ssl->peerRsaKeyPresent == 0) {
wolfSSL 11:cee25a834751 16592 ERROR_OUT(NO_PEER_KEY, exit_scke);
wolfSSL 11:cee25a834751 16593 }
wolfSSL 11:cee25a834751 16594 break;
wolfSSL 11:cee25a834751 16595 #endif
wolfSSL 11:cee25a834751 16596 #ifndef NO_DH
wolfSSL 11:cee25a834751 16597 case diffie_hellman_kea:
wolfSSL 11:cee25a834751 16598 if (ssl->buffers.serverDH_P.buffer == NULL ||
wolfSSL 11:cee25a834751 16599 ssl->buffers.serverDH_G.buffer == NULL ||
wolfSSL 11:cee25a834751 16600 ssl->buffers.serverDH_Pub.buffer == NULL) {
wolfSSL 11:cee25a834751 16601 ERROR_OUT(NO_PEER_KEY, exit_scke);
wolfSSL 11:cee25a834751 16602 }
wolfSSL 11:cee25a834751 16603 break;
wolfSSL 11:cee25a834751 16604 #endif /* NO_DH */
wolfSSL 11:cee25a834751 16605 #ifndef NO_PSK
wolfSSL 11:cee25a834751 16606 case psk_kea:
wolfSSL 11:cee25a834751 16607 /* sanity check that PSK client callback has been set */
wolfSSL 11:cee25a834751 16608 if (ssl->options.client_psk_cb == NULL) {
wolfSSL 11:cee25a834751 16609 WOLFSSL_MSG("No client PSK callback set");
wolfSSL 11:cee25a834751 16610 ERROR_OUT(PSK_KEY_ERROR, exit_scke);
wolfSSL 11:cee25a834751 16611 }
wolfSSL 11:cee25a834751 16612 break;
wolfSSL 11:cee25a834751 16613 #endif /* NO_PSK */
wolfSSL 11:cee25a834751 16614 #if !defined(NO_DH) && !defined(NO_PSK)
wolfSSL 11:cee25a834751 16615 case dhe_psk_kea:
wolfSSL 11:cee25a834751 16616 if (ssl->buffers.serverDH_P.buffer == NULL ||
wolfSSL 11:cee25a834751 16617 ssl->buffers.serverDH_G.buffer == NULL ||
wolfSSL 11:cee25a834751 16618 ssl->buffers.serverDH_Pub.buffer == NULL) {
wolfSSL 11:cee25a834751 16619 ERROR_OUT(NO_PEER_KEY, exit_scke);
wolfSSL 11:cee25a834751 16620 }
wolfSSL 11:cee25a834751 16621
wolfSSL 11:cee25a834751 16622 /* sanity check that PSK client callback has been set */
wolfSSL 11:cee25a834751 16623 if (ssl->options.client_psk_cb == NULL) {
wolfSSL 11:cee25a834751 16624 WOLFSSL_MSG("No client PSK callback set");
wolfSSL 11:cee25a834751 16625 ERROR_OUT(PSK_KEY_ERROR, exit_scke);
wolfSSL 11:cee25a834751 16626 }
wolfSSL 11:cee25a834751 16627 break;
wolfSSL 11:cee25a834751 16628 #endif /* !NO_DH && !NO_PSK */
wolfSSL 11:cee25a834751 16629 #if defined(HAVE_ECC) && !defined(NO_PSK)
wolfSSL 11:cee25a834751 16630 case ecdhe_psk_kea:
wolfSSL 11:cee25a834751 16631 /* sanity check that PSK client callback has been set */
wolfSSL 11:cee25a834751 16632 if (ssl->options.client_psk_cb == NULL) {
wolfSSL 11:cee25a834751 16633 WOLFSSL_MSG("No client PSK callback set");
wolfSSL 11:cee25a834751 16634 ERROR_OUT(PSK_KEY_ERROR, exit_scke);
wolfSSL 11:cee25a834751 16635 }
wolfSSL 11:cee25a834751 16636
wolfSSL 11:cee25a834751 16637 /* Check client ECC public key */
wolfSSL 11:cee25a834751 16638 if (!ssl->peerEccKey || !ssl->peerEccKeyPresent ||
wolfSSL 11:cee25a834751 16639 !ssl->peerEccKey->dp) {
wolfSSL 11:cee25a834751 16640 ERROR_OUT(NO_PEER_KEY, exit_scke);
wolfSSL 11:cee25a834751 16641 }
wolfSSL 11:cee25a834751 16642
wolfSSL 11:cee25a834751 16643 #ifdef HAVE_PK_CALLBACKS
wolfSSL 11:cee25a834751 16644 /* if callback then use it for shared secret */
wolfSSL 11:cee25a834751 16645 if (ssl->ctx->EccSharedSecretCb != NULL) {
wolfSSL 11:cee25a834751 16646 break;
wolfSSL 11:cee25a834751 16647 }
wolfSSL 11:cee25a834751 16648 #endif
wolfSSL 11:cee25a834751 16649
wolfSSL 11:cee25a834751 16650 /* create private key */
wolfSSL 11:cee25a834751 16651 ssl->hsType = DYNAMIC_TYPE_ECC;
wolfSSL 11:cee25a834751 16652 ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey);
wolfSSL 11:cee25a834751 16653 if (ret != 0) {
wolfSSL 11:cee25a834751 16654 goto exit_scke;
wolfSSL 11:cee25a834751 16655 }
wolfSSL 11:cee25a834751 16656
wolfSSL 11:cee25a834751 16657 ret = EccMakeKey(ssl, (ecc_key*)ssl->hsKey, ssl->peerEccKey);
wolfSSL 11:cee25a834751 16658
wolfSSL 11:cee25a834751 16659 break;
wolfSSL 11:cee25a834751 16660 #endif /* HAVE_ECC && !NO_PSK */
wolfSSL 11:cee25a834751 16661 #ifdef HAVE_NTRU
wolfSSL 11:cee25a834751 16662 case ntru_kea:
wolfSSL 11:cee25a834751 16663 if (ssl->peerNtruKeyPresent == 0) {
wolfSSL 11:cee25a834751 16664 ERROR_OUT(NO_PEER_KEY, exit_scke);
wolfSSL 11:cee25a834751 16665 }
wolfSSL 11:cee25a834751 16666 break;
wolfSSL 11:cee25a834751 16667 #endif /* HAVE_NTRU */
wolfSSL 11:cee25a834751 16668 #ifdef HAVE_ECC
wolfSSL 11:cee25a834751 16669 case ecc_diffie_hellman_kea:
wolfSSL 11:cee25a834751 16670 {
wolfSSL 11:cee25a834751 16671 ecc_key* peerKey;
wolfSSL 11:cee25a834751 16672
wolfSSL 11:cee25a834751 16673 #ifdef HAVE_PK_CALLBACKS
wolfSSL 11:cee25a834751 16674 /* if callback then use it for shared secret */
wolfSSL 11:cee25a834751 16675 if (ssl->ctx->EccSharedSecretCb != NULL) {
wolfSSL 11:cee25a834751 16676 break;
wolfSSL 11:cee25a834751 16677 }
wolfSSL 11:cee25a834751 16678 #endif
wolfSSL 11:cee25a834751 16679
wolfSSL 11:cee25a834751 16680 if (ssl->specs.static_ecdh) {
wolfSSL 11:cee25a834751 16681 /* TODO: EccDsa is really fixed Ecc change naming */
wolfSSL 11:cee25a834751 16682 if (!ssl->peerEccDsaKey ||
wolfSSL 11:cee25a834751 16683 !ssl->peerEccDsaKeyPresent ||
wolfSSL 11:cee25a834751 16684 !ssl->peerEccDsaKey->dp) {
wolfSSL 11:cee25a834751 16685 ERROR_OUT(NO_PEER_KEY, exit_scke);
wolfSSL 11:cee25a834751 16686 }
wolfSSL 11:cee25a834751 16687 peerKey = ssl->peerEccDsaKey;
wolfSSL 11:cee25a834751 16688 }
wolfSSL 11:cee25a834751 16689 else {
wolfSSL 11:cee25a834751 16690 if (!ssl->peerEccKey || !ssl->peerEccKeyPresent ||
wolfSSL 11:cee25a834751 16691 !ssl->peerEccKey->dp) {
wolfSSL 11:cee25a834751 16692 ERROR_OUT(NO_PEER_KEY, exit_scke);
wolfSSL 11:cee25a834751 16693 }
wolfSSL 11:cee25a834751 16694 peerKey = ssl->peerEccKey;
wolfSSL 11:cee25a834751 16695 }
wolfSSL 11:cee25a834751 16696 if (peerKey == NULL) {
wolfSSL 11:cee25a834751 16697 ERROR_OUT(NO_PEER_KEY, exit_scke);
wolfSSL 11:cee25a834751 16698 }
wolfSSL 11:cee25a834751 16699
wolfSSL 11:cee25a834751 16700 /* create private key */
wolfSSL 11:cee25a834751 16701 ssl->hsType = DYNAMIC_TYPE_ECC;
wolfSSL 11:cee25a834751 16702 ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey);
wolfSSL 11:cee25a834751 16703 if (ret != 0) {
wolfSSL 11:cee25a834751 16704 goto exit_scke;
wolfSSL 11:cee25a834751 16705 }
wolfSSL 11:cee25a834751 16706
wolfSSL 11:cee25a834751 16707 ret = EccMakeKey(ssl, (ecc_key*)ssl->hsKey, peerKey);
wolfSSL 11:cee25a834751 16708
wolfSSL 11:cee25a834751 16709 break;
wolfSSL 11:cee25a834751 16710 }
wolfSSL 11:cee25a834751 16711 #endif /* HAVE_ECC */
wolfSSL 11:cee25a834751 16712
wolfSSL 11:cee25a834751 16713 default:
wolfSSL 11:cee25a834751 16714 ret = BAD_KEA_TYPE_E;
wolfSSL 11:cee25a834751 16715 } /* switch(ssl->specs.kea) */
wolfSSL 11:cee25a834751 16716
wolfSSL 11:cee25a834751 16717 /* Check for error */
wolfSSL 11:cee25a834751 16718 if (ret != 0) {
wolfSSL 11:cee25a834751 16719 goto exit_scke;
wolfSSL 11:cee25a834751 16720 }
wolfSSL 11:cee25a834751 16721
wolfSSL 11:cee25a834751 16722 /* Advance state and proceed */
wolfSSL 11:cee25a834751 16723 ssl->options.asyncState = TLS_ASYNC_BUILD;
wolfSSL 11:cee25a834751 16724 } /* case TLS_ASYNC_BEGIN */
wolfSSL 11:cee25a834751 16725
wolfSSL 11:cee25a834751 16726 case TLS_ASYNC_BUILD:
wolfSSL 11:cee25a834751 16727 {
wolfSSL 11:cee25a834751 16728 args->encSz = MAX_ENCRYPT_SZ;
wolfSSL 11:cee25a834751 16729 args->encSecret = (byte*)XMALLOC(args->encSz, ssl->heap,
wolfSSL 11:cee25a834751 16730 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 16731 if (args->encSecret == NULL) {
wolfSSL 11:cee25a834751 16732 ERROR_OUT(MEMORY_E, exit_scke);
wolfSSL 11:cee25a834751 16733 }
wolfSSL 11:cee25a834751 16734
wolfSSL 11:cee25a834751 16735 switch(ssl->specs.kea)
wolfSSL 11:cee25a834751 16736 {
wolfSSL 11:cee25a834751 16737 #ifndef NO_RSA
wolfSSL 11:cee25a834751 16738 case rsa_kea:
wolfSSL 11:cee25a834751 16739 {
wolfSSL 11:cee25a834751 16740 ret = wc_RNG_GenerateBlock(ssl->rng,
wolfSSL 11:cee25a834751 16741 ssl->arrays->preMasterSecret, SECRET_LEN);
wolfSSL 11:cee25a834751 16742 if (ret != 0) {
wolfSSL 11:cee25a834751 16743 goto exit_scke;
wolfSSL 11:cee25a834751 16744 }
wolfSSL 11:cee25a834751 16745
wolfSSL 11:cee25a834751 16746 ssl->arrays->preMasterSecret[0] = ssl->chVersion.major;
wolfSSL 11:cee25a834751 16747 ssl->arrays->preMasterSecret[1] = ssl->chVersion.minor;
wolfSSL 11:cee25a834751 16748 ssl->arrays->preMasterSz = SECRET_LEN;
wolfSSL 11:cee25a834751 16749 break;
wolfSSL 11:cee25a834751 16750 }
wolfSSL 11:cee25a834751 16751 #endif /* !NO_RSA */
wolfSSL 11:cee25a834751 16752 #ifndef NO_DH
wolfSSL 11:cee25a834751 16753 case diffie_hellman_kea:
wolfSSL 11:cee25a834751 16754 {
wolfSSL 11:cee25a834751 16755 ssl->buffers.sig.length = ENCRYPT_LEN;
wolfSSL 11:cee25a834751 16756 ssl->buffers.sig.buffer = (byte*)XMALLOC(ENCRYPT_LEN,
wolfSSL 11:cee25a834751 16757 ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 16758 if (ssl->buffers.sig.buffer == NULL) {
wolfSSL 11:cee25a834751 16759 ERROR_OUT(MEMORY_E, exit_scke);
wolfSSL 11:cee25a834751 16760 }
wolfSSL 11:cee25a834751 16761
wolfSSL 11:cee25a834751 16762 ret = AllocKey(ssl, DYNAMIC_TYPE_DH,
wolfSSL 11:cee25a834751 16763 (void**)&ssl->buffers.serverDH_Key);
wolfSSL 11:cee25a834751 16764 if (ret != 0) {
wolfSSL 11:cee25a834751 16765 goto exit_scke;
wolfSSL 11:cee25a834751 16766 }
wolfSSL 11:cee25a834751 16767
wolfSSL 11:cee25a834751 16768 ret = wc_DhSetKey(ssl->buffers.serverDH_Key,
wolfSSL 11:cee25a834751 16769 ssl->buffers.serverDH_P.buffer,
wolfSSL 11:cee25a834751 16770 ssl->buffers.serverDH_P.length,
wolfSSL 11:cee25a834751 16771 ssl->buffers.serverDH_G.buffer,
wolfSSL 11:cee25a834751 16772 ssl->buffers.serverDH_G.length);
wolfSSL 11:cee25a834751 16773 if (ret != 0) {
wolfSSL 11:cee25a834751 16774 goto exit_scke;
wolfSSL 11:cee25a834751 16775 }
wolfSSL 11:cee25a834751 16776
wolfSSL 11:cee25a834751 16777 /* for DH, encSecret is Yc, agree is pre-master */
wolfSSL 11:cee25a834751 16778 ret = DhGenKeyPair(ssl, ssl->buffers.serverDH_Key,
wolfSSL 11:cee25a834751 16779 ssl->buffers.sig.buffer, &ssl->buffers.sig.length,
wolfSSL 11:cee25a834751 16780 args->encSecret, &args->encSz);
wolfSSL 11:cee25a834751 16781 break;
wolfSSL 11:cee25a834751 16782 }
wolfSSL 11:cee25a834751 16783 #endif /* !NO_DH */
wolfSSL 11:cee25a834751 16784 #ifndef NO_PSK
wolfSSL 11:cee25a834751 16785 case psk_kea:
wolfSSL 11:cee25a834751 16786 {
wolfSSL 11:cee25a834751 16787 byte* pms = ssl->arrays->preMasterSecret;
wolfSSL 11:cee25a834751 16788 ssl->arrays->psk_keySz = ssl->options.client_psk_cb(ssl,
wolfSSL 11:cee25a834751 16789 ssl->arrays->server_hint, ssl->arrays->client_identity,
wolfSSL 11:cee25a834751 16790 MAX_PSK_ID_LEN, ssl->arrays->psk_key, MAX_PSK_KEY_LEN);
wolfSSL 11:cee25a834751 16791 if (ssl->arrays->psk_keySz == 0 ||
wolfSSL 11:cee25a834751 16792 ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) {
wolfSSL 11:cee25a834751 16793 ERROR_OUT(PSK_KEY_ERROR, exit_scke);
wolfSSL 11:cee25a834751 16794 }
wolfSSL 11:cee25a834751 16795 ssl->arrays->client_identity[MAX_PSK_ID_LEN] = '\0'; /* null term */
wolfSSL 11:cee25a834751 16796 args->encSz = (word32)XSTRLEN(ssl->arrays->client_identity);
wolfSSL 11:cee25a834751 16797 if (args->encSz > MAX_PSK_ID_LEN) {
wolfSSL 11:cee25a834751 16798 ERROR_OUT(CLIENT_ID_ERROR, exit_scke);
wolfSSL 11:cee25a834751 16799 }
wolfSSL 11:cee25a834751 16800 XMEMCPY(args->encSecret, ssl->arrays->client_identity,
wolfSSL 11:cee25a834751 16801 args->encSz);
wolfSSL 11:cee25a834751 16802
wolfSSL 11:cee25a834751 16803 /* make psk pre master secret */
wolfSSL 11:cee25a834751 16804 /* length of key + length 0s + length of key + key */
wolfSSL 11:cee25a834751 16805 c16toa((word16)ssl->arrays->psk_keySz, pms);
wolfSSL 11:cee25a834751 16806 pms += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 16807 XMEMSET(pms, 0, ssl->arrays->psk_keySz);
wolfSSL 11:cee25a834751 16808 pms += ssl->arrays->psk_keySz;
wolfSSL 11:cee25a834751 16809 c16toa((word16)ssl->arrays->psk_keySz, pms);
wolfSSL 11:cee25a834751 16810 pms += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 16811 XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz);
wolfSSL 11:cee25a834751 16812 ssl->arrays->preMasterSz = (ssl->arrays->psk_keySz * 2) +
wolfSSL 11:cee25a834751 16813 (2 * OPAQUE16_LEN);
wolfSSL 11:cee25a834751 16814 ForceZero(ssl->arrays->psk_key, ssl->arrays->psk_keySz);
wolfSSL 11:cee25a834751 16815 ssl->arrays->psk_keySz = 0; /* No further need */
wolfSSL 11:cee25a834751 16816 break;
wolfSSL 11:cee25a834751 16817 }
wolfSSL 11:cee25a834751 16818 #endif /* !NO_PSK */
wolfSSL 11:cee25a834751 16819 #if !defined(NO_DH) && !defined(NO_PSK)
wolfSSL 11:cee25a834751 16820 case dhe_psk_kea:
wolfSSL 11:cee25a834751 16821 {
wolfSSL 11:cee25a834751 16822 word32 esSz = 0;
wolfSSL 11:cee25a834751 16823 args->output = args->encSecret;
wolfSSL 11:cee25a834751 16824
wolfSSL 11:cee25a834751 16825 ssl->arrays->psk_keySz = ssl->options.client_psk_cb(ssl,
wolfSSL 11:cee25a834751 16826 ssl->arrays->server_hint, ssl->arrays->client_identity,
wolfSSL 11:cee25a834751 16827 MAX_PSK_ID_LEN, ssl->arrays->psk_key, MAX_PSK_KEY_LEN);
wolfSSL 11:cee25a834751 16828 if (ssl->arrays->psk_keySz == 0 ||
wolfSSL 11:cee25a834751 16829 ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) {
wolfSSL 11:cee25a834751 16830 ERROR_OUT(PSK_KEY_ERROR, exit_scke);
wolfSSL 11:cee25a834751 16831 }
wolfSSL 11:cee25a834751 16832 ssl->arrays->client_identity[MAX_PSK_ID_LEN] = '\0'; /* null term */
wolfSSL 11:cee25a834751 16833 esSz = (word32)XSTRLEN(ssl->arrays->client_identity);
wolfSSL 11:cee25a834751 16834
wolfSSL 11:cee25a834751 16835 if (esSz > MAX_PSK_ID_LEN) {
wolfSSL 11:cee25a834751 16836 ERROR_OUT(CLIENT_ID_ERROR, exit_scke);
wolfSSL 11:cee25a834751 16837 }
wolfSSL 11:cee25a834751 16838
wolfSSL 11:cee25a834751 16839 ssl->buffers.sig.length = ENCRYPT_LEN;
wolfSSL 11:cee25a834751 16840 ssl->buffers.sig.buffer = (byte*)XMALLOC(ENCRYPT_LEN,
wolfSSL 11:cee25a834751 16841 ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 16842 if (ssl->buffers.sig.buffer == NULL) {
wolfSSL 11:cee25a834751 16843 ERROR_OUT(MEMORY_E, exit_scke);
wolfSSL 11:cee25a834751 16844 }
wolfSSL 11:cee25a834751 16845
wolfSSL 11:cee25a834751 16846 c16toa((word16)esSz, args->output);
wolfSSL 11:cee25a834751 16847 args->output += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 16848 XMEMCPY(args->output, ssl->arrays->client_identity, esSz);
wolfSSL 11:cee25a834751 16849 args->output += esSz;
wolfSSL 11:cee25a834751 16850 args->encSz = esSz + OPAQUE16_LEN;
wolfSSL 11:cee25a834751 16851
wolfSSL 11:cee25a834751 16852 args->length = 0;
wolfSSL 11:cee25a834751 16853
wolfSSL 11:cee25a834751 16854 ret = AllocKey(ssl, DYNAMIC_TYPE_DH,
wolfSSL 11:cee25a834751 16855 (void**)&ssl->buffers.serverDH_Key);
wolfSSL 11:cee25a834751 16856 if (ret != 0) {
wolfSSL 11:cee25a834751 16857 goto exit_scke;
wolfSSL 11:cee25a834751 16858 }
wolfSSL 11:cee25a834751 16859
wolfSSL 11:cee25a834751 16860 ret = wc_DhSetKey(ssl->buffers.serverDH_Key,
wolfSSL 11:cee25a834751 16861 ssl->buffers.serverDH_P.buffer,
wolfSSL 11:cee25a834751 16862 ssl->buffers.serverDH_P.length,
wolfSSL 11:cee25a834751 16863 ssl->buffers.serverDH_G.buffer,
wolfSSL 11:cee25a834751 16864 ssl->buffers.serverDH_G.length);
wolfSSL 11:cee25a834751 16865 if (ret != 0) {
wolfSSL 11:cee25a834751 16866 goto exit_scke;
wolfSSL 11:cee25a834751 16867 }
wolfSSL 11:cee25a834751 16868
wolfSSL 11:cee25a834751 16869 /* for DH, encSecret is Yc, agree is pre-master */
wolfSSL 11:cee25a834751 16870 ret = DhGenKeyPair(ssl, ssl->buffers.serverDH_Key,
wolfSSL 11:cee25a834751 16871 ssl->buffers.sig.buffer, &ssl->buffers.sig.length,
wolfSSL 11:cee25a834751 16872 args->output + OPAQUE16_LEN, &args->length);
wolfSSL 11:cee25a834751 16873 break;
wolfSSL 11:cee25a834751 16874 }
wolfSSL 11:cee25a834751 16875 #endif /* !NO_DH && !NO_PSK */
wolfSSL 11:cee25a834751 16876 #if defined(HAVE_ECC) && !defined(NO_PSK)
wolfSSL 11:cee25a834751 16877 case ecdhe_psk_kea:
wolfSSL 11:cee25a834751 16878 {
wolfSSL 11:cee25a834751 16879 word32 esSz = 0;
wolfSSL 11:cee25a834751 16880 args->output = args->encSecret;
wolfSSL 11:cee25a834751 16881
wolfSSL 11:cee25a834751 16882 /* Send PSK client identity */
wolfSSL 11:cee25a834751 16883 ssl->arrays->psk_keySz = ssl->options.client_psk_cb(ssl,
wolfSSL 11:cee25a834751 16884 ssl->arrays->server_hint, ssl->arrays->client_identity,
wolfSSL 11:cee25a834751 16885 MAX_PSK_ID_LEN, ssl->arrays->psk_key, MAX_PSK_KEY_LEN);
wolfSSL 11:cee25a834751 16886 if (ssl->arrays->psk_keySz == 0 ||
wolfSSL 11:cee25a834751 16887 ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) {
wolfSSL 11:cee25a834751 16888 ERROR_OUT(PSK_KEY_ERROR, exit_scke);
wolfSSL 11:cee25a834751 16889 }
wolfSSL 11:cee25a834751 16890 ssl->arrays->client_identity[MAX_PSK_ID_LEN] = '\0'; /* null term */
wolfSSL 11:cee25a834751 16891 esSz = (word32)XSTRLEN(ssl->arrays->client_identity);
wolfSSL 11:cee25a834751 16892 if (esSz > MAX_PSK_ID_LEN) {
wolfSSL 11:cee25a834751 16893 ERROR_OUT(CLIENT_ID_ERROR, exit_scke);
wolfSSL 11:cee25a834751 16894 }
wolfSSL 11:cee25a834751 16895
wolfSSL 11:cee25a834751 16896 /* place size and identity in output buffer sz:identity */
wolfSSL 11:cee25a834751 16897 c16toa((word16)esSz, args->output);
wolfSSL 11:cee25a834751 16898 args->output += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 16899 XMEMCPY(args->output, ssl->arrays->client_identity, esSz);
wolfSSL 11:cee25a834751 16900 args->output += esSz;
wolfSSL 11:cee25a834751 16901 args->encSz = esSz + OPAQUE16_LEN;
wolfSSL 11:cee25a834751 16902
wolfSSL 11:cee25a834751 16903 /* length is used for public key size */
wolfSSL 11:cee25a834751 16904 args->length = MAX_ENCRYPT_SZ;
wolfSSL 11:cee25a834751 16905
wolfSSL 11:cee25a834751 16906 /* Create shared ECC key leaving room at the begining
wolfSSL 11:cee25a834751 16907 of buffer for size of shared key. */
wolfSSL 11:cee25a834751 16908 ssl->arrays->preMasterSz = ENCRYPT_LEN - OPAQUE16_LEN;
wolfSSL 11:cee25a834751 16909
wolfSSL 11:cee25a834751 16910 #ifdef HAVE_PK_CALLBACKS
wolfSSL 11:cee25a834751 16911 /* if callback then use it for shared secret */
wolfSSL 11:cee25a834751 16912 if (ssl->ctx->EccSharedSecretCb != NULL) {
wolfSSL 11:cee25a834751 16913 break;
wolfSSL 11:cee25a834751 16914 }
wolfSSL 11:cee25a834751 16915 #endif
wolfSSL 11:cee25a834751 16916
wolfSSL 11:cee25a834751 16917 /* Place ECC key in output buffer, leaving room for size */
wolfSSL 11:cee25a834751 16918 ret = wc_ecc_export_x963((ecc_key*)ssl->hsKey,
wolfSSL 11:cee25a834751 16919 args->output + OPAQUE8_LEN, &args->length);
wolfSSL 11:cee25a834751 16920 if (ret != 0) {
wolfSSL 11:cee25a834751 16921 ERROR_OUT(ECC_EXPORT_ERROR, exit_scke);
wolfSSL 11:cee25a834751 16922 }
wolfSSL 11:cee25a834751 16923
wolfSSL 11:cee25a834751 16924 break;
wolfSSL 11:cee25a834751 16925 }
wolfSSL 11:cee25a834751 16926 #endif /* HAVE_ECC && !NO_PSK */
wolfSSL 11:cee25a834751 16927 #ifdef HAVE_NTRU
wolfSSL 11:cee25a834751 16928 case ntru_kea:
wolfSSL 11:cee25a834751 16929 {
wolfSSL 11:cee25a834751 16930 ret = wc_RNG_GenerateBlock(ssl->rng,
wolfSSL 11:cee25a834751 16931 ssl->arrays->preMasterSecret, SECRET_LEN);
wolfSSL 11:cee25a834751 16932 if (ret != 0) {
wolfSSL 11:cee25a834751 16933 goto exit_scke;
wolfSSL 11:cee25a834751 16934 }
wolfSSL 11:cee25a834751 16935
wolfSSL 11:cee25a834751 16936 ssl->arrays->preMasterSz = SECRET_LEN;
wolfSSL 11:cee25a834751 16937 args->encSz = MAX_ENCRYPT_SZ;
wolfSSL 11:cee25a834751 16938 break;
wolfSSL 11:cee25a834751 16939 }
wolfSSL 11:cee25a834751 16940 #endif /* HAVE_NTRU */
wolfSSL 11:cee25a834751 16941 #ifdef HAVE_ECC
wolfSSL 11:cee25a834751 16942 case ecc_diffie_hellman_kea:
wolfSSL 11:cee25a834751 16943 {
wolfSSL 11:cee25a834751 16944 ssl->arrays->preMasterSz = ENCRYPT_LEN;
wolfSSL 11:cee25a834751 16945
wolfSSL 11:cee25a834751 16946 #ifdef HAVE_PK_CALLBACKS
wolfSSL 11:cee25a834751 16947 /* if callback then use it for shared secret */
wolfSSL 11:cee25a834751 16948 if (ssl->ctx->EccSharedSecretCb != NULL) {
wolfSSL 11:cee25a834751 16949 break;
wolfSSL 11:cee25a834751 16950 }
wolfSSL 11:cee25a834751 16951 #endif
wolfSSL 11:cee25a834751 16952
wolfSSL 11:cee25a834751 16953 /* Place ECC key in buffer, leaving room for size */
wolfSSL 11:cee25a834751 16954 ret = wc_ecc_export_x963((ecc_key*)ssl->hsKey,
wolfSSL 11:cee25a834751 16955 args->encSecret + OPAQUE8_LEN, &args->encSz);
wolfSSL 11:cee25a834751 16956 if (ret != 0) {
wolfSSL 11:cee25a834751 16957 ERROR_OUT(ECC_EXPORT_ERROR, exit_scke);
wolfSSL 11:cee25a834751 16958 }
wolfSSL 11:cee25a834751 16959 break;
wolfSSL 11:cee25a834751 16960 }
wolfSSL 11:cee25a834751 16961 #endif /* HAVE_ECC */
wolfSSL 11:cee25a834751 16962
wolfSSL 11:cee25a834751 16963 default:
wolfSSL 11:cee25a834751 16964 ret = BAD_KEA_TYPE_E;
wolfSSL 11:cee25a834751 16965 } /* switch(ssl->specs.kea) */
wolfSSL 11:cee25a834751 16966
wolfSSL 11:cee25a834751 16967 /* Check for error */
wolfSSL 11:cee25a834751 16968 if (ret != 0) {
wolfSSL 11:cee25a834751 16969 goto exit_scke;
wolfSSL 11:cee25a834751 16970 }
wolfSSL 11:cee25a834751 16971
wolfSSL 11:cee25a834751 16972 /* Advance state and proceed */
wolfSSL 11:cee25a834751 16973 ssl->options.asyncState = TLS_ASYNC_DO;
wolfSSL 11:cee25a834751 16974 } /* case TLS_ASYNC_BUILD */
wolfSSL 11:cee25a834751 16975
wolfSSL 11:cee25a834751 16976 case TLS_ASYNC_DO:
wolfSSL 11:cee25a834751 16977 {
wolfSSL 11:cee25a834751 16978 switch(ssl->specs.kea)
wolfSSL 11:cee25a834751 16979 {
wolfSSL 11:cee25a834751 16980 #ifndef NO_RSA
wolfSSL 11:cee25a834751 16981 case rsa_kea:
wolfSSL 11:cee25a834751 16982 {
wolfSSL 11:cee25a834751 16983 ret = RsaEnc(ssl,
wolfSSL 11:cee25a834751 16984 ssl->arrays->preMasterSecret, SECRET_LEN,
wolfSSL 11:cee25a834751 16985 args->encSecret, &args->encSz,
wolfSSL 11:cee25a834751 16986 ssl->peerRsaKey,
wolfSSL 11:cee25a834751 16987 #if defined(HAVE_PK_CALLBACKS)
wolfSSL 11:cee25a834751 16988 ssl->buffers.peerRsaKey.buffer,
wolfSSL 11:cee25a834751 16989 ssl->buffers.peerRsaKey.length,
wolfSSL 11:cee25a834751 16990 ssl->RsaEncCtx
wolfSSL 11:cee25a834751 16991 #else
wolfSSL 11:cee25a834751 16992 NULL, 0, NULL
wolfSSL 11:cee25a834751 16993 #endif
wolfSSL 11:cee25a834751 16994 );
wolfSSL 11:cee25a834751 16995
wolfSSL 11:cee25a834751 16996 break;
wolfSSL 11:cee25a834751 16997 }
wolfSSL 11:cee25a834751 16998 #endif /* !NO_RSA */
wolfSSL 11:cee25a834751 16999 #ifndef NO_DH
wolfSSL 11:cee25a834751 17000 case diffie_hellman_kea:
wolfSSL 11:cee25a834751 17001 {
wolfSSL 11:cee25a834751 17002 ret = DhAgree(ssl, ssl->buffers.serverDH_Key,
wolfSSL 11:cee25a834751 17003 ssl->buffers.sig.buffer, ssl->buffers.sig.length,
wolfSSL 11:cee25a834751 17004 ssl->buffers.serverDH_Pub.buffer,
wolfSSL 11:cee25a834751 17005 ssl->buffers.serverDH_Pub.length,
wolfSSL 11:cee25a834751 17006 ssl->arrays->preMasterSecret,
wolfSSL 11:cee25a834751 17007 &ssl->arrays->preMasterSz);
wolfSSL 11:cee25a834751 17008 break;
wolfSSL 11:cee25a834751 17009 }
wolfSSL 11:cee25a834751 17010 #endif /* !NO_DH */
wolfSSL 11:cee25a834751 17011 #ifndef NO_PSK
wolfSSL 11:cee25a834751 17012 case psk_kea:
wolfSSL 11:cee25a834751 17013 {
wolfSSL 11:cee25a834751 17014 break;
wolfSSL 11:cee25a834751 17015 }
wolfSSL 11:cee25a834751 17016 #endif /* !NO_PSK */
wolfSSL 11:cee25a834751 17017 #if !defined(NO_DH) && !defined(NO_PSK)
wolfSSL 11:cee25a834751 17018 case dhe_psk_kea:
wolfSSL 11:cee25a834751 17019 {
wolfSSL 11:cee25a834751 17020 ret = DhAgree(ssl, ssl->buffers.serverDH_Key,
wolfSSL 11:cee25a834751 17021 ssl->buffers.sig.buffer, ssl->buffers.sig.length,
wolfSSL 11:cee25a834751 17022 ssl->buffers.serverDH_Pub.buffer,
wolfSSL 11:cee25a834751 17023 ssl->buffers.serverDH_Pub.length,
wolfSSL 11:cee25a834751 17024 ssl->arrays->preMasterSecret + OPAQUE16_LEN,
wolfSSL 11:cee25a834751 17025 &ssl->arrays->preMasterSz);
wolfSSL 11:cee25a834751 17026 break;
wolfSSL 11:cee25a834751 17027 }
wolfSSL 11:cee25a834751 17028 #endif /* !NO_DH && !NO_PSK */
wolfSSL 11:cee25a834751 17029 #if defined(HAVE_ECC) && !defined(NO_PSK)
wolfSSL 11:cee25a834751 17030 case ecdhe_psk_kea:
wolfSSL 11:cee25a834751 17031 {
wolfSSL 11:cee25a834751 17032 ecc_key* key = (ecc_key*)ssl->hsKey;
wolfSSL 11:cee25a834751 17033 ret = EccSharedSecret(ssl, key, ssl->peerEccKey,
wolfSSL 11:cee25a834751 17034 args->output + OPAQUE8_LEN, &args->length,
wolfSSL 11:cee25a834751 17035 ssl->arrays->preMasterSecret + OPAQUE16_LEN,
wolfSSL 11:cee25a834751 17036 &ssl->arrays->preMasterSz,
wolfSSL 11:cee25a834751 17037 WOLFSSL_CLIENT_END,
wolfSSL 11:cee25a834751 17038 #ifdef HAVE_PK_CALLBACKS
wolfSSL 11:cee25a834751 17039 ssl->EccSharedSecretCtx
wolfSSL 11:cee25a834751 17040 #else
wolfSSL 11:cee25a834751 17041 NULL
wolfSSL 11:cee25a834751 17042 #endif
wolfSSL 11:cee25a834751 17043 );
wolfSSL 11:cee25a834751 17044 break;
wolfSSL 11:cee25a834751 17045 }
wolfSSL 11:cee25a834751 17046 #endif /* HAVE_ECC && !NO_PSK */
wolfSSL 11:cee25a834751 17047 #ifdef HAVE_NTRU
wolfSSL 11:cee25a834751 17048 case ntru_kea:
wolfSSL 11:cee25a834751 17049 {
wolfSSL 11:cee25a834751 17050 word32 rc;
wolfSSL 11:cee25a834751 17051 DRBG_HANDLE drbg;
wolfSSL 11:cee25a834751 17052
wolfSSL 11:cee25a834751 17053 rc = ntru_crypto_drbg_external_instantiate(GetEntropy, &drbg);
wolfSSL 11:cee25a834751 17054 if (rc != DRBG_OK) {
wolfSSL 11:cee25a834751 17055 ERROR_OUT(NTRU_DRBG_ERROR, exit_scke);
wolfSSL 11:cee25a834751 17056 }
wolfSSL 11:cee25a834751 17057 rc = ntru_crypto_ntru_encrypt(drbg, ssl->peerNtruKeyLen,
wolfSSL 11:cee25a834751 17058 ssl->peerNtruKey,
wolfSSL 11:cee25a834751 17059 ssl->arrays->preMasterSz,
wolfSSL 11:cee25a834751 17060 ssl->arrays->preMasterSecret,
wolfSSL 11:cee25a834751 17061 (word16*)&args->encSz,
wolfSSL 11:cee25a834751 17062 args->encSecret);
wolfSSL 11:cee25a834751 17063 ntru_crypto_drbg_uninstantiate(drbg);
wolfSSL 11:cee25a834751 17064 if (rc != NTRU_OK) {
wolfSSL 11:cee25a834751 17065 ERROR_OUT(NTRU_ENCRYPT_ERROR, exit_scke);
wolfSSL 11:cee25a834751 17066 }
wolfSSL 11:cee25a834751 17067 ret = 0;
wolfSSL 11:cee25a834751 17068 break;
wolfSSL 11:cee25a834751 17069 }
wolfSSL 11:cee25a834751 17070 #endif /* HAVE_NTRU */
wolfSSL 11:cee25a834751 17071 #ifdef HAVE_ECC
wolfSSL 11:cee25a834751 17072 case ecc_diffie_hellman_kea:
wolfSSL 11:cee25a834751 17073 {
wolfSSL 11:cee25a834751 17074 ecc_key* key = (ecc_key*)ssl->hsKey;
wolfSSL 11:cee25a834751 17075 ecc_key* peerKey = (ssl->specs.static_ecdh) ?
wolfSSL 11:cee25a834751 17076 ssl->peerEccDsaKey : ssl->peerEccKey;
wolfSSL 11:cee25a834751 17077
wolfSSL 11:cee25a834751 17078 ret = EccSharedSecret(ssl,
wolfSSL 11:cee25a834751 17079 key, peerKey,
wolfSSL 11:cee25a834751 17080 args->encSecret + OPAQUE8_LEN, &args->encSz,
wolfSSL 11:cee25a834751 17081 ssl->arrays->preMasterSecret,
wolfSSL 11:cee25a834751 17082 &ssl->arrays->preMasterSz,
wolfSSL 11:cee25a834751 17083 WOLFSSL_CLIENT_END,
wolfSSL 11:cee25a834751 17084 #ifdef HAVE_PK_CALLBACKS
wolfSSL 11:cee25a834751 17085 ssl->EccSharedSecretCtx
wolfSSL 11:cee25a834751 17086 #else
wolfSSL 11:cee25a834751 17087 NULL
wolfSSL 11:cee25a834751 17088 #endif
wolfSSL 11:cee25a834751 17089 );
wolfSSL 11:cee25a834751 17090
wolfSSL 11:cee25a834751 17091 break;
wolfSSL 11:cee25a834751 17092 }
wolfSSL 11:cee25a834751 17093 #endif /* HAVE_ECC */
wolfSSL 11:cee25a834751 17094
wolfSSL 11:cee25a834751 17095 default:
wolfSSL 11:cee25a834751 17096 ret = BAD_KEA_TYPE_E;
wolfSSL 11:cee25a834751 17097 } /* switch(ssl->specs.kea) */
wolfSSL 11:cee25a834751 17098
wolfSSL 11:cee25a834751 17099 /* Check for error */
wolfSSL 11:cee25a834751 17100 if (ret != 0) {
wolfSSL 11:cee25a834751 17101 goto exit_scke;
wolfSSL 11:cee25a834751 17102 }
wolfSSL 11:cee25a834751 17103
wolfSSL 11:cee25a834751 17104 /* Advance state and proceed */
wolfSSL 11:cee25a834751 17105 ssl->options.asyncState = TLS_ASYNC_VERIFY;
wolfSSL 11:cee25a834751 17106 } /* case TLS_ASYNC_DO */
wolfSSL 11:cee25a834751 17107
wolfSSL 11:cee25a834751 17108 case TLS_ASYNC_VERIFY:
wolfSSL 11:cee25a834751 17109 {
wolfSSL 11:cee25a834751 17110 switch(ssl->specs.kea)
wolfSSL 11:cee25a834751 17111 {
wolfSSL 11:cee25a834751 17112 #ifndef NO_RSA
wolfSSL 11:cee25a834751 17113 case rsa_kea:
wolfSSL 11:cee25a834751 17114 {
wolfSSL 11:cee25a834751 17115 break;
wolfSSL 11:cee25a834751 17116 }
wolfSSL 11:cee25a834751 17117 #endif /* !NO_RSA */
wolfSSL 11:cee25a834751 17118 #ifndef NO_DH
wolfSSL 11:cee25a834751 17119 case diffie_hellman_kea:
wolfSSL 11:cee25a834751 17120 {
wolfSSL 11:cee25a834751 17121 break;
wolfSSL 11:cee25a834751 17122 }
wolfSSL 11:cee25a834751 17123 #endif /* !NO_DH */
wolfSSL 11:cee25a834751 17124 #ifndef NO_PSK
wolfSSL 11:cee25a834751 17125 case psk_kea:
wolfSSL 11:cee25a834751 17126 {
wolfSSL 11:cee25a834751 17127 break;
wolfSSL 11:cee25a834751 17128 }
wolfSSL 11:cee25a834751 17129 #endif /* !NO_PSK */
wolfSSL 11:cee25a834751 17130 #if !defined(NO_DH) && !defined(NO_PSK)
wolfSSL 11:cee25a834751 17131 case dhe_psk_kea:
wolfSSL 11:cee25a834751 17132 {
wolfSSL 11:cee25a834751 17133 byte* pms = ssl->arrays->preMasterSecret;
wolfSSL 11:cee25a834751 17134
wolfSSL 11:cee25a834751 17135 /* validate args */
wolfSSL 11:cee25a834751 17136 if (args->output == NULL || args->length == 0) {
wolfSSL 11:cee25a834751 17137 ERROR_OUT(BAD_FUNC_ARG, exit_scke);
wolfSSL 11:cee25a834751 17138 }
wolfSSL 11:cee25a834751 17139
wolfSSL 11:cee25a834751 17140 c16toa((word16)args->length, args->output);
wolfSSL 11:cee25a834751 17141 args->encSz += args->length + OPAQUE16_LEN;
wolfSSL 11:cee25a834751 17142 c16toa((word16)ssl->arrays->preMasterSz, pms);
wolfSSL 11:cee25a834751 17143 ssl->arrays->preMasterSz += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 17144 pms += ssl->arrays->preMasterSz;
wolfSSL 11:cee25a834751 17145
wolfSSL 11:cee25a834751 17146 /* make psk pre master secret */
wolfSSL 11:cee25a834751 17147 /* length of key + length 0s + length of key + key */
wolfSSL 11:cee25a834751 17148 c16toa((word16)ssl->arrays->psk_keySz, pms);
wolfSSL 11:cee25a834751 17149 pms += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 17150 XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz);
wolfSSL 11:cee25a834751 17151 ssl->arrays->preMasterSz +=
wolfSSL 11:cee25a834751 17152 ssl->arrays->psk_keySz + OPAQUE16_LEN;
wolfSSL 11:cee25a834751 17153 ForceZero(ssl->arrays->psk_key, ssl->arrays->psk_keySz);
wolfSSL 11:cee25a834751 17154 ssl->arrays->psk_keySz = 0; /* No further need */
wolfSSL 11:cee25a834751 17155 break;
wolfSSL 11:cee25a834751 17156 }
wolfSSL 11:cee25a834751 17157 #endif /* !NO_DH && !NO_PSK */
wolfSSL 11:cee25a834751 17158 #if defined(HAVE_ECC) && !defined(NO_PSK)
wolfSSL 11:cee25a834751 17159 case ecdhe_psk_kea:
wolfSSL 11:cee25a834751 17160 {
wolfSSL 11:cee25a834751 17161 byte* pms = ssl->arrays->preMasterSecret;
wolfSSL 11:cee25a834751 17162
wolfSSL 11:cee25a834751 17163 /* validate args */
wolfSSL 11:cee25a834751 17164 if (args->output == NULL || args->length > ENCRYPT_LEN) {
wolfSSL 11:cee25a834751 17165 ERROR_OUT(BAD_FUNC_ARG, exit_scke);
wolfSSL 11:cee25a834751 17166 }
wolfSSL 11:cee25a834751 17167
wolfSSL 11:cee25a834751 17168 /* place size of public key in output buffer */
wolfSSL 11:cee25a834751 17169 *args->output = (byte)args->length;
wolfSSL 11:cee25a834751 17170 args->encSz += args->length + OPAQUE8_LEN;
wolfSSL 11:cee25a834751 17171
wolfSSL 11:cee25a834751 17172 /* Create pre master secret is the concatination of
wolfSSL 11:cee25a834751 17173 eccSize + eccSharedKey + pskSize + pskKey */
wolfSSL 11:cee25a834751 17174 c16toa((word16)ssl->arrays->preMasterSz, pms);
wolfSSL 11:cee25a834751 17175 ssl->arrays->preMasterSz += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 17176 pms += ssl->arrays->preMasterSz;
wolfSSL 11:cee25a834751 17177
wolfSSL 11:cee25a834751 17178 c16toa((word16)ssl->arrays->psk_keySz, pms);
wolfSSL 11:cee25a834751 17179 pms += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 17180 XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz);
wolfSSL 11:cee25a834751 17181 ssl->arrays->preMasterSz +=
wolfSSL 11:cee25a834751 17182 ssl->arrays->psk_keySz + OPAQUE16_LEN;
wolfSSL 11:cee25a834751 17183
wolfSSL 11:cee25a834751 17184 ForceZero(ssl->arrays->psk_key, ssl->arrays->psk_keySz);
wolfSSL 11:cee25a834751 17185 ssl->arrays->psk_keySz = 0; /* No further need */
wolfSSL 11:cee25a834751 17186 break;
wolfSSL 11:cee25a834751 17187 }
wolfSSL 11:cee25a834751 17188 #endif /* HAVE_ECC && !NO_PSK */
wolfSSL 11:cee25a834751 17189 #ifdef HAVE_NTRU
wolfSSL 11:cee25a834751 17190 case ntru_kea:
wolfSSL 11:cee25a834751 17191 {
wolfSSL 11:cee25a834751 17192 break;
wolfSSL 11:cee25a834751 17193 }
wolfSSL 11:cee25a834751 17194 #endif /* HAVE_NTRU */
wolfSSL 11:cee25a834751 17195 #ifdef HAVE_ECC
wolfSSL 11:cee25a834751 17196 case ecc_diffie_hellman_kea:
wolfSSL 11:cee25a834751 17197 {
wolfSSL 11:cee25a834751 17198 /* place size of public key in buffer */
wolfSSL 11:cee25a834751 17199 *args->encSecret = (byte)args->encSz;
wolfSSL 11:cee25a834751 17200 args->encSz += OPAQUE8_LEN;
wolfSSL 11:cee25a834751 17201 break;
wolfSSL 11:cee25a834751 17202 }
wolfSSL 11:cee25a834751 17203 #endif /* HAVE_ECC */
wolfSSL 11:cee25a834751 17204
wolfSSL 11:cee25a834751 17205 default:
wolfSSL 11:cee25a834751 17206 ret = BAD_KEA_TYPE_E;
wolfSSL 11:cee25a834751 17207 } /* switch(ssl->specs.kea) */
wolfSSL 11:cee25a834751 17208
wolfSSL 11:cee25a834751 17209 /* Check for error */
wolfSSL 11:cee25a834751 17210 if (ret != 0) {
wolfSSL 11:cee25a834751 17211 goto exit_scke;
wolfSSL 11:cee25a834751 17212 }
wolfSSL 11:cee25a834751 17213
wolfSSL 11:cee25a834751 17214 /* Advance state and proceed */
wolfSSL 11:cee25a834751 17215 ssl->options.asyncState = TLS_ASYNC_FINALIZE;
wolfSSL 11:cee25a834751 17216 } /* case TLS_ASYNC_VERIFY */
wolfSSL 11:cee25a834751 17217
wolfSSL 11:cee25a834751 17218 case TLS_ASYNC_FINALIZE:
wolfSSL 11:cee25a834751 17219 {
wolfSSL 11:cee25a834751 17220 word32 tlsSz = 0;
wolfSSL 11:cee25a834751 17221 word32 idx = 0;
wolfSSL 11:cee25a834751 17222
wolfSSL 11:cee25a834751 17223 #ifdef HAVE_QSH
wolfSSL 11:cee25a834751 17224 word32 qshSz = 0;
wolfSSL 11:cee25a834751 17225 if (ssl->peerQSHKeyPresent) {
wolfSSL 11:cee25a834751 17226 qshSz = QSH_KeyGetSize(ssl);
wolfSSL 11:cee25a834751 17227 }
wolfSSL 11:cee25a834751 17228 #endif
wolfSSL 11:cee25a834751 17229
wolfSSL 11:cee25a834751 17230 if (ssl->options.tls || ssl->specs.kea == diffie_hellman_kea) {
wolfSSL 11:cee25a834751 17231 tlsSz = 2;
wolfSSL 11:cee25a834751 17232 }
wolfSSL 11:cee25a834751 17233
wolfSSL 11:cee25a834751 17234 if (ssl->specs.kea == ecc_diffie_hellman_kea ||
wolfSSL 11:cee25a834751 17235 ssl->specs.kea == dhe_psk_kea ||
wolfSSL 11:cee25a834751 17236 ssl->specs.kea == ecdhe_psk_kea) { /* always off */
wolfSSL 11:cee25a834751 17237 tlsSz = 0;
wolfSSL 11:cee25a834751 17238 }
wolfSSL 11:cee25a834751 17239
wolfSSL 11:cee25a834751 17240 idx = HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ;
wolfSSL 11:cee25a834751 17241 args->sendSz = args->encSz + tlsSz + idx;
wolfSSL 11:cee25a834751 17242
wolfSSL 11:cee25a834751 17243 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 17244 if (ssl->options.dtls) {
wolfSSL 11:cee25a834751 17245 idx += DTLS_HANDSHAKE_EXTRA + DTLS_RECORD_EXTRA;
wolfSSL 11:cee25a834751 17246 args->sendSz += DTLS_HANDSHAKE_EXTRA + DTLS_RECORD_EXTRA;
wolfSSL 11:cee25a834751 17247 }
wolfSSL 11:cee25a834751 17248 #endif
wolfSSL 11:cee25a834751 17249
wolfSSL 11:cee25a834751 17250 if (IsEncryptionOn(ssl, 1)) {
wolfSSL 11:cee25a834751 17251 args->sendSz += MAX_MSG_EXTRA;
wolfSSL 11:cee25a834751 17252 }
wolfSSL 11:cee25a834751 17253
wolfSSL 11:cee25a834751 17254 #ifdef HAVE_QSH
wolfSSL 11:cee25a834751 17255 args->encSz += qshSz;
wolfSSL 11:cee25a834751 17256 args->sendSz += qshSz;
wolfSSL 11:cee25a834751 17257 #endif
wolfSSL 11:cee25a834751 17258
wolfSSL 11:cee25a834751 17259 /* check for available size */
wolfSSL 11:cee25a834751 17260 if ((ret = CheckAvailableSize(ssl, args->sendSz)) != 0) {
wolfSSL 11:cee25a834751 17261 goto exit_scke;
wolfSSL 11:cee25a834751 17262 }
wolfSSL 11:cee25a834751 17263
wolfSSL 11:cee25a834751 17264 /* get output buffer */
wolfSSL 11:cee25a834751 17265 args->output = ssl->buffers.outputBuffer.buffer +
wolfSSL 11:cee25a834751 17266 ssl->buffers.outputBuffer.length;
wolfSSL 11:cee25a834751 17267
wolfSSL 11:cee25a834751 17268 #ifdef HAVE_QSH
wolfSSL 11:cee25a834751 17269 if (ssl->peerQSHKeyPresent) {
wolfSSL 11:cee25a834751 17270 byte idxSave = idx;
wolfSSL 11:cee25a834751 17271 idx = args->sendSz - qshSz;
wolfSSL 11:cee25a834751 17272
wolfSSL 11:cee25a834751 17273 if (QSH_KeyExchangeWrite(ssl, 0) != 0) {
wolfSSL 11:cee25a834751 17274 ERROR_OUT(MEMORY_E, exit_scke);
wolfSSL 11:cee25a834751 17275 }
wolfSSL 11:cee25a834751 17276
wolfSSL 11:cee25a834751 17277 /* extension type */
wolfSSL 11:cee25a834751 17278 c16toa(TLSX_QUANTUM_SAFE_HYBRID, args->output + idx);
wolfSSL 11:cee25a834751 17279 idx += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 17280
wolfSSL 11:cee25a834751 17281 /* write to output and check amount written */
wolfSSL 11:cee25a834751 17282 if (TLSX_QSHPK_Write(ssl->QSH_secret->list,
wolfSSL 11:cee25a834751 17283 args->output + idx) > qshSz - OPAQUE16_LEN) {
wolfSSL 11:cee25a834751 17284 ERROR_OUT(MEMORY_E, exit_scke);
wolfSSL 11:cee25a834751 17285 }
wolfSSL 11:cee25a834751 17286
wolfSSL 11:cee25a834751 17287 idx = idxSave;
wolfSSL 11:cee25a834751 17288 }
wolfSSL 11:cee25a834751 17289 #endif
wolfSSL 11:cee25a834751 17290
wolfSSL 11:cee25a834751 17291 AddHeaders(args->output, args->encSz + tlsSz, client_key_exchange, ssl);
wolfSSL 11:cee25a834751 17292
wolfSSL 11:cee25a834751 17293 #ifdef HAVE_QSH
wolfSSL 11:cee25a834751 17294 if (ssl->peerQSHKeyPresent) {
wolfSSL 11:cee25a834751 17295 args->encSz -= qshSz;
wolfSSL 11:cee25a834751 17296 }
wolfSSL 11:cee25a834751 17297 #endif
wolfSSL 11:cee25a834751 17298 if (tlsSz) {
wolfSSL 11:cee25a834751 17299 c16toa((word16)args->encSz, &args->output[idx]);
wolfSSL 11:cee25a834751 17300 idx += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 17301 }
wolfSSL 11:cee25a834751 17302 XMEMCPY(args->output + idx, args->encSecret, args->encSz);
wolfSSL 11:cee25a834751 17303 idx += args->encSz;
wolfSSL 11:cee25a834751 17304
wolfSSL 11:cee25a834751 17305 if (IsEncryptionOn(ssl, 1)) {
wolfSSL 11:cee25a834751 17306 args->inputSz = idx - RECORD_HEADER_SZ; /* buildmsg adds rechdr */
wolfSSL 11:cee25a834751 17307 args->input = (byte*)XMALLOC(args->inputSz, ssl->heap,
wolfSSL 11:cee25a834751 17308 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 17309 if (args->input == NULL) {
wolfSSL 11:cee25a834751 17310 ERROR_OUT(MEMORY_E, exit_scke);
wolfSSL 11:cee25a834751 17311 }
wolfSSL 11:cee25a834751 17312
wolfSSL 11:cee25a834751 17313 XMEMCPY(args->input, args->output + RECORD_HEADER_SZ,
wolfSSL 11:cee25a834751 17314 args->inputSz);
wolfSSL 11:cee25a834751 17315 }
wolfSSL 11:cee25a834751 17316
wolfSSL 11:cee25a834751 17317 /* Advance state and proceed */
wolfSSL 11:cee25a834751 17318 ssl->options.asyncState = TLS_ASYNC_END;
wolfSSL 11:cee25a834751 17319 } /* case TLS_ASYNC_FINALIZE */
wolfSSL 11:cee25a834751 17320
wolfSSL 11:cee25a834751 17321 case TLS_ASYNC_END:
wolfSSL 11:cee25a834751 17322 {
wolfSSL 11:cee25a834751 17323 if (IsEncryptionOn(ssl, 1)) {
wolfSSL 11:cee25a834751 17324 ret = BuildMessage(ssl, args->output, args->sendSz,
wolfSSL 11:cee25a834751 17325 args->input, args->inputSz, handshake, 1, 0, 1);
wolfSSL 11:cee25a834751 17326 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 11:cee25a834751 17327 if (ret == WC_PENDING_E)
wolfSSL 11:cee25a834751 17328 goto exit_scke;
wolfSSL 11:cee25a834751 17329 #endif
wolfSSL 11:cee25a834751 17330 XFREE(args->input, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 17331 args->input = NULL; /* make sure its not double free'd on cleanup */
wolfSSL 11:cee25a834751 17332
wolfSSL 11:cee25a834751 17333 if (ret >= 0) {
wolfSSL 11:cee25a834751 17334 args->sendSz = ret;
wolfSSL 11:cee25a834751 17335 ret = 0;
wolfSSL 11:cee25a834751 17336 }
wolfSSL 11:cee25a834751 17337 }
wolfSSL 11:cee25a834751 17338 else {
wolfSSL 11:cee25a834751 17339 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 17340 if (ssl->options.dtls)
wolfSSL 11:cee25a834751 17341 DtlsSEQIncrement(ssl, CUR_ORDER);
wolfSSL 11:cee25a834751 17342 #endif
wolfSSL 11:cee25a834751 17343 ret = HashOutput(ssl, args->output, args->sendSz, 0);
wolfSSL 11:cee25a834751 17344 }
wolfSSL 11:cee25a834751 17345
wolfSSL 11:cee25a834751 17346 if (ret != 0) {
wolfSSL 11:cee25a834751 17347 goto exit_scke;
wolfSSL 11:cee25a834751 17348 }
wolfSSL 11:cee25a834751 17349
wolfSSL 11:cee25a834751 17350 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 17351 if (IsDtlsNotSctpMode(ssl)) {
wolfSSL 11:cee25a834751 17352 if ((ret = DtlsMsgPoolSave(ssl, args->output, args->sendSz)) != 0) {
wolfSSL 11:cee25a834751 17353 goto exit_scke;
wolfSSL 11:cee25a834751 17354 }
wolfSSL 11:cee25a834751 17355 }
wolfSSL 11:cee25a834751 17356 #endif
wolfSSL 11:cee25a834751 17357
wolfSSL 11:cee25a834751 17358 #ifdef WOLFSSL_CALLBACKS
wolfSSL 11:cee25a834751 17359 if (ssl->hsInfoOn)
wolfSSL 11:cee25a834751 17360 AddPacketName("ClientKeyExchange", &ssl->handShakeInfo);
wolfSSL 11:cee25a834751 17361 if (ssl->toInfoOn)
wolfSSL 11:cee25a834751 17362 AddPacketInfo("ClientKeyExchange", &ssl->timeoutInfo,
wolfSSL 11:cee25a834751 17363 args->output, args->sendSz, ssl->heap);
wolfSSL 11:cee25a834751 17364 #endif
wolfSSL 11:cee25a834751 17365
wolfSSL 11:cee25a834751 17366 ssl->buffers.outputBuffer.length += args->sendSz;
wolfSSL 11:cee25a834751 17367
wolfSSL 11:cee25a834751 17368 if (!ssl->options.groupMessages) {
wolfSSL 11:cee25a834751 17369 ret = SendBuffered(ssl);
wolfSSL 11:cee25a834751 17370 }
wolfSSL 11:cee25a834751 17371 if (ret == 0 || ret == WANT_WRITE) {
wolfSSL 11:cee25a834751 17372 int tmpRet = MakeMasterSecret(ssl);
wolfSSL 11:cee25a834751 17373 if (tmpRet != 0) {
wolfSSL 11:cee25a834751 17374 ret = tmpRet; /* save WANT_WRITE unless more serious */
wolfSSL 11:cee25a834751 17375 }
wolfSSL 11:cee25a834751 17376 ssl->options.clientState = CLIENT_KEYEXCHANGE_COMPLETE;
wolfSSL 11:cee25a834751 17377 }
wolfSSL 11:cee25a834751 17378 break;
wolfSSL 11:cee25a834751 17379 }
wolfSSL 11:cee25a834751 17380 default:
wolfSSL 11:cee25a834751 17381 ret = INPUT_CASE_ERROR;
wolfSSL 11:cee25a834751 17382 } /* switch(ssl->options.asyncState) */
wolfSSL 11:cee25a834751 17383
wolfSSL 11:cee25a834751 17384 exit_scke:
wolfSSL 11:cee25a834751 17385
wolfSSL 11:cee25a834751 17386 WOLFSSL_LEAVE("SendClientKeyExchange", ret);
wolfSSL 11:cee25a834751 17387
wolfSSL 11:cee25a834751 17388 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 11:cee25a834751 17389 /* Handle async operation */
wolfSSL 11:cee25a834751 17390 if (ret == WC_PENDING_E)
wolfSSL 11:cee25a834751 17391 return ret;
wolfSSL 11:cee25a834751 17392 #endif
wolfSSL 11:cee25a834751 17393
wolfSSL 11:cee25a834751 17394 /* No further need for PMS */
wolfSSL 11:cee25a834751 17395 ForceZero(ssl->arrays->preMasterSecret, ssl->arrays->preMasterSz);
wolfSSL 11:cee25a834751 17396 ssl->arrays->preMasterSz = 0;
wolfSSL 11:cee25a834751 17397
wolfSSL 11:cee25a834751 17398 /* Final cleanup */
wolfSSL 11:cee25a834751 17399 FreeSckeArgs(ssl, args);
wolfSSL 11:cee25a834751 17400 FreeKeyExchange(ssl);
wolfSSL 11:cee25a834751 17401
wolfSSL 11:cee25a834751 17402 return ret;
wolfSSL 11:cee25a834751 17403 }
wolfSSL 11:cee25a834751 17404
wolfSSL 11:cee25a834751 17405
wolfSSL 11:cee25a834751 17406 #ifndef NO_CERTS
wolfSSL 11:cee25a834751 17407
wolfSSL 11:cee25a834751 17408 typedef struct ScvArgs {
wolfSSL 11:cee25a834751 17409 byte* output; /* not allocated */
wolfSSL 11:cee25a834751 17410 #ifndef NO_RSA
wolfSSL 11:cee25a834751 17411 byte* verifySig;
wolfSSL 11:cee25a834751 17412 #endif
wolfSSL 11:cee25a834751 17413 byte* verify; /* not allocated */
wolfSSL 11:cee25a834751 17414 byte* input;
wolfSSL 11:cee25a834751 17415 word32 idx;
wolfSSL 11:cee25a834751 17416 word32 extraSz;
wolfSSL 11:cee25a834751 17417 word32 sigSz;
wolfSSL 11:cee25a834751 17418 int sendSz;
wolfSSL 11:cee25a834751 17419 int length;
wolfSSL 11:cee25a834751 17420 int inputSz;
wolfSSL 11:cee25a834751 17421 } ScvArgs;
wolfSSL 11:cee25a834751 17422
wolfSSL 11:cee25a834751 17423 static void FreeScvArgs(WOLFSSL* ssl, void* pArgs)
wolfSSL 11:cee25a834751 17424 {
wolfSSL 11:cee25a834751 17425 ScvArgs* args = (ScvArgs*)pArgs;
wolfSSL 11:cee25a834751 17426
wolfSSL 11:cee25a834751 17427 (void)ssl;
wolfSSL 11:cee25a834751 17428
wolfSSL 11:cee25a834751 17429 #ifndef NO_RSA
wolfSSL 11:cee25a834751 17430 if (args->verifySig) {
wolfSSL 11:cee25a834751 17431 XFREE(args->verifySig, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 17432 args->verifySig = NULL;
wolfSSL 11:cee25a834751 17433 }
wolfSSL 11:cee25a834751 17434 #endif
wolfSSL 11:cee25a834751 17435 if (args->input) {
wolfSSL 11:cee25a834751 17436 XFREE(args->input, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 17437 args->input = NULL;
wolfSSL 11:cee25a834751 17438 }
wolfSSL 11:cee25a834751 17439 }
wolfSSL 11:cee25a834751 17440
wolfSSL 11:cee25a834751 17441 int SendCertificateVerify(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 17442 {
wolfSSL 11:cee25a834751 17443 int ret = 0;
wolfSSL 11:cee25a834751 17444 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 11:cee25a834751 17445 ScvArgs* args = (ScvArgs*)ssl->async.args;
wolfSSL 11:cee25a834751 17446 typedef char args_test[sizeof(ssl->async.args) >= sizeof(*args) ? 1 : -1];
wolfSSL 11:cee25a834751 17447 (void)sizeof(args_test);
wolfSSL 11:cee25a834751 17448 #else
wolfSSL 11:cee25a834751 17449 ScvArgs args[1];
wolfSSL 11:cee25a834751 17450 #endif
wolfSSL 11:cee25a834751 17451
wolfSSL 11:cee25a834751 17452 WOLFSSL_ENTER("SendCertificateVerify");
wolfSSL 11:cee25a834751 17453
wolfSSL 11:cee25a834751 17454 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 11:cee25a834751 17455 ret = wolfSSL_AsyncPop(ssl, &ssl->options.asyncState);
wolfSSL 11:cee25a834751 17456 if (ret != WC_NOT_PENDING_E) {
wolfSSL 11:cee25a834751 17457 /* Check for error */
wolfSSL 11:cee25a834751 17458 if (ret < 0)
wolfSSL 11:cee25a834751 17459 goto exit_scv;
wolfSSL 11:cee25a834751 17460 }
wolfSSL 11:cee25a834751 17461 else
wolfSSL 11:cee25a834751 17462 #endif
wolfSSL 11:cee25a834751 17463 {
wolfSSL 11:cee25a834751 17464 /* Reset state */
wolfSSL 11:cee25a834751 17465 ret = 0;
wolfSSL 11:cee25a834751 17466 ssl->options.asyncState = TLS_ASYNC_BEGIN;
wolfSSL 11:cee25a834751 17467 XMEMSET(args, 0, sizeof(ScvArgs));
wolfSSL 11:cee25a834751 17468 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 11:cee25a834751 17469 ssl->async.freeArgs = FreeScvArgs;
wolfSSL 11:cee25a834751 17470 #endif
wolfSSL 11:cee25a834751 17471 }
wolfSSL 11:cee25a834751 17472
wolfSSL 11:cee25a834751 17473 switch(ssl->options.asyncState)
wolfSSL 11:cee25a834751 17474 {
wolfSSL 11:cee25a834751 17475 case TLS_ASYNC_BEGIN:
wolfSSL 11:cee25a834751 17476 {
wolfSSL 11:cee25a834751 17477 if (ssl->options.sendVerify == SEND_BLANK_CERT) {
wolfSSL 11:cee25a834751 17478 return 0; /* sent blank cert, can't verify */
wolfSSL 11:cee25a834751 17479 }
wolfSSL 11:cee25a834751 17480
wolfSSL 11:cee25a834751 17481 args->sendSz = MAX_CERT_VERIFY_SZ;
wolfSSL 11:cee25a834751 17482 if (IsEncryptionOn(ssl, 1)) {
wolfSSL 11:cee25a834751 17483 args->sendSz += MAX_MSG_EXTRA;
wolfSSL 11:cee25a834751 17484 }
wolfSSL 11:cee25a834751 17485
wolfSSL 11:cee25a834751 17486 /* check for available size */
wolfSSL 11:cee25a834751 17487 if ((ret = CheckAvailableSize(ssl, args->sendSz)) != 0) {
wolfSSL 11:cee25a834751 17488 goto exit_scv;
wolfSSL 11:cee25a834751 17489 }
wolfSSL 11:cee25a834751 17490
wolfSSL 11:cee25a834751 17491 /* get output buffer */
wolfSSL 11:cee25a834751 17492 args->output = ssl->buffers.outputBuffer.buffer +
wolfSSL 11:cee25a834751 17493 ssl->buffers.outputBuffer.length;
wolfSSL 11:cee25a834751 17494
wolfSSL 11:cee25a834751 17495 /* Advance state and proceed */
wolfSSL 11:cee25a834751 17496 ssl->options.asyncState = TLS_ASYNC_BUILD;
wolfSSL 11:cee25a834751 17497 } /* case TLS_ASYNC_BEGIN */
wolfSSL 11:cee25a834751 17498
wolfSSL 11:cee25a834751 17499 case TLS_ASYNC_BUILD:
wolfSSL 11:cee25a834751 17500 {
wolfSSL 11:cee25a834751 17501 int keySz;
wolfSSL 11:cee25a834751 17502 int typeH = 0;
wolfSSL 11:cee25a834751 17503
wolfSSL 11:cee25a834751 17504 ret = BuildCertHashes(ssl, &ssl->hsHashes->certHashes);
wolfSSL 11:cee25a834751 17505 if (ret != 0) {
wolfSSL 11:cee25a834751 17506 goto exit_scv;
wolfSSL 11:cee25a834751 17507 }
wolfSSL 11:cee25a834751 17508
wolfSSL 11:cee25a834751 17509 /* make sure private key exists */
wolfSSL 11:cee25a834751 17510 if (ssl->buffers.key == NULL || ssl->buffers.key->buffer == NULL) {
wolfSSL 11:cee25a834751 17511 WOLFSSL_MSG("Private key missing!");
wolfSSL 11:cee25a834751 17512 ERROR_OUT(NO_PRIVATE_KEY, exit_scv);
wolfSSL 11:cee25a834751 17513 }
wolfSSL 11:cee25a834751 17514
wolfSSL 11:cee25a834751 17515 #ifndef NO_RSA
wolfSSL 11:cee25a834751 17516 ssl->hsType = DYNAMIC_TYPE_RSA;
wolfSSL 11:cee25a834751 17517 ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey);
wolfSSL 11:cee25a834751 17518 if (ret != 0) {
wolfSSL 11:cee25a834751 17519 goto exit_scv;
wolfSSL 11:cee25a834751 17520 }
wolfSSL 11:cee25a834751 17521
wolfSSL 11:cee25a834751 17522 WOLFSSL_MSG("Trying RSA client cert");
wolfSSL 11:cee25a834751 17523
wolfSSL 11:cee25a834751 17524 ret = wc_RsaPrivateKeyDecode(ssl->buffers.key->buffer, &args->idx,
wolfSSL 11:cee25a834751 17525 (RsaKey*)ssl->hsKey, ssl->buffers.key->length);
wolfSSL 11:cee25a834751 17526 if (ret == 0) {
wolfSSL 11:cee25a834751 17527 keySz = wc_RsaEncryptSize((RsaKey*)ssl->hsKey);
wolfSSL 11:cee25a834751 17528 if (keySz < 0) { /* check if keySz has error case */
wolfSSL 11:cee25a834751 17529 ERROR_OUT(keySz, exit_scv);
wolfSSL 11:cee25a834751 17530 }
wolfSSL 11:cee25a834751 17531
wolfSSL 11:cee25a834751 17532 args->length = (word32)keySz;
wolfSSL 11:cee25a834751 17533 if (keySz < ssl->options.minRsaKeySz) {
wolfSSL 11:cee25a834751 17534 WOLFSSL_MSG("RSA key size too small");
wolfSSL 11:cee25a834751 17535 ERROR_OUT(RSA_KEY_SIZE_E, exit_scv);
wolfSSL 11:cee25a834751 17536 }
wolfSSL 11:cee25a834751 17537 }
wolfSSL 11:cee25a834751 17538 else
wolfSSL 11:cee25a834751 17539 #endif /* !NO_RSA */
wolfSSL 11:cee25a834751 17540 {
wolfSSL 11:cee25a834751 17541 #ifdef HAVE_ECC
wolfSSL 11:cee25a834751 17542 #ifndef NO_RSA
wolfSSL 11:cee25a834751 17543 FreeKey(ssl, ssl->hsType, (void**)&ssl->hsKey);
wolfSSL 11:cee25a834751 17544 #endif /* !NO_RSA */
wolfSSL 11:cee25a834751 17545
wolfSSL 11:cee25a834751 17546 ssl->hsType = DYNAMIC_TYPE_ECC;
wolfSSL 11:cee25a834751 17547 ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey);
wolfSSL 11:cee25a834751 17548 if (ret != 0) {
wolfSSL 11:cee25a834751 17549 goto exit_scv;
wolfSSL 11:cee25a834751 17550 }
wolfSSL 11:cee25a834751 17551
wolfSSL 11:cee25a834751 17552 WOLFSSL_MSG("Trying ECC client cert, RSA didn't work");
wolfSSL 11:cee25a834751 17553
wolfSSL 11:cee25a834751 17554 args->idx = 0;
wolfSSL 11:cee25a834751 17555 ret = wc_EccPrivateKeyDecode(ssl->buffers.key->buffer,
wolfSSL 11:cee25a834751 17556 &args->idx, (ecc_key*)ssl->hsKey, ssl->buffers.key->length);
wolfSSL 11:cee25a834751 17557 if (ret != 0) {
wolfSSL 11:cee25a834751 17558 WOLFSSL_MSG("Bad client cert type");
wolfSSL 11:cee25a834751 17559 goto exit_scv;
wolfSSL 11:cee25a834751 17560 }
wolfSSL 11:cee25a834751 17561
wolfSSL 11:cee25a834751 17562 WOLFSSL_MSG("Using ECC client cert");
wolfSSL 11:cee25a834751 17563 args->length = MAX_ENCODED_SIG_SZ;
wolfSSL 11:cee25a834751 17564
wolfSSL 11:cee25a834751 17565 /* check minimum size of ECC key */
wolfSSL 11:cee25a834751 17566 keySz = wc_ecc_size((ecc_key*)ssl->hsKey);
wolfSSL 11:cee25a834751 17567 if (keySz < ssl->options.minEccKeySz) {
wolfSSL 11:cee25a834751 17568 WOLFSSL_MSG("ECC key size too small");
wolfSSL 11:cee25a834751 17569 ERROR_OUT(ECC_KEY_SIZE_E, exit_scv);
wolfSSL 11:cee25a834751 17570 }
wolfSSL 11:cee25a834751 17571 #endif
wolfSSL 11:cee25a834751 17572 }
wolfSSL 11:cee25a834751 17573
wolfSSL 11:cee25a834751 17574 /* idx is used to track verify pointer offset to output */
wolfSSL 11:cee25a834751 17575 args->idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
wolfSSL 11:cee25a834751 17576 args->verify = &args->output[RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ];
wolfSSL 11:cee25a834751 17577 args->extraSz = 0; /* tls 1.2 hash/sig */
wolfSSL 11:cee25a834751 17578
wolfSSL 11:cee25a834751 17579 /* build encoded signature buffer */
wolfSSL 11:cee25a834751 17580 ssl->buffers.sig.length = MAX_ENCODED_SIG_SZ;
wolfSSL 11:cee25a834751 17581 ssl->buffers.sig.buffer = (byte*)XMALLOC(ssl->buffers.sig.length,
wolfSSL 11:cee25a834751 17582 ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 17583 if (ssl->buffers.sig.buffer == NULL) {
wolfSSL 11:cee25a834751 17584 ERROR_OUT(MEMORY_E, exit_scv);
wolfSSL 11:cee25a834751 17585 }
wolfSSL 11:cee25a834751 17586
wolfSSL 11:cee25a834751 17587 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 17588 if (ssl->options.dtls) {
wolfSSL 11:cee25a834751 17589 args->idx += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL 11:cee25a834751 17590 args->verify += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL 11:cee25a834751 17591 }
wolfSSL 11:cee25a834751 17592 #endif
wolfSSL 11:cee25a834751 17593
wolfSSL 11:cee25a834751 17594 #ifndef NO_OLD_TLS
wolfSSL 11:cee25a834751 17595 #ifndef NO_SHA
wolfSSL 11:cee25a834751 17596 /* old tls default */
wolfSSL 11:cee25a834751 17597 ssl->buffers.digest.length = SHA_DIGEST_SIZE;
wolfSSL 11:cee25a834751 17598 ssl->buffers.digest.buffer = ssl->hsHashes->certHashes.sha;
wolfSSL 11:cee25a834751 17599 typeH = SHAh;
wolfSSL 11:cee25a834751 17600 #endif
wolfSSL 11:cee25a834751 17601 #else
wolfSSL 11:cee25a834751 17602 #ifndef NO_SHA256
wolfSSL 11:cee25a834751 17603 /* new tls default */
wolfSSL 11:cee25a834751 17604 ssl->buffers.digest.length = SHA256_DIGEST_SIZE;
wolfSSL 11:cee25a834751 17605 ssl->buffers.digest.buffer = ssl->hsHashes->certHashes.sha256;
wolfSSL 11:cee25a834751 17606 typeH = SHA256h;
wolfSSL 11:cee25a834751 17607 #endif
wolfSSL 11:cee25a834751 17608 #endif /* !NO_OLD_TLS */
wolfSSL 11:cee25a834751 17609
wolfSSL 11:cee25a834751 17610 if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL 11:cee25a834751 17611 args->verify[0] = ssl->suites->hashAlgo;
wolfSSL 11:cee25a834751 17612 args->verify[1] = (ssl->hsType == DYNAMIC_TYPE_ECC) ?
wolfSSL 11:cee25a834751 17613 ecc_dsa_sa_algo : rsa_sa_algo;
wolfSSL 11:cee25a834751 17614 args->extraSz = HASH_SIG_SIZE;
wolfSSL 11:cee25a834751 17615
wolfSSL 11:cee25a834751 17616 switch (ssl->suites->hashAlgo) {
wolfSSL 11:cee25a834751 17617 #ifndef NO_SHA
wolfSSL 11:cee25a834751 17618 case sha_mac:
wolfSSL 11:cee25a834751 17619 ssl->buffers.digest.length = SHA_DIGEST_SIZE;
wolfSSL 11:cee25a834751 17620 ssl->buffers.digest.buffer =
wolfSSL 11:cee25a834751 17621 ssl->hsHashes->certHashes.sha;
wolfSSL 11:cee25a834751 17622 typeH = SHAh;
wolfSSL 11:cee25a834751 17623 break;
wolfSSL 11:cee25a834751 17624 #endif /* NO_SHA */
wolfSSL 11:cee25a834751 17625 #ifndef NO_SHA256
wolfSSL 11:cee25a834751 17626 case sha256_mac:
wolfSSL 11:cee25a834751 17627 ssl->buffers.digest.length = SHA256_DIGEST_SIZE;
wolfSSL 11:cee25a834751 17628 ssl->buffers.digest.buffer =
wolfSSL 11:cee25a834751 17629 ssl->hsHashes->certHashes.sha256;
wolfSSL 11:cee25a834751 17630 typeH = SHA256h;
wolfSSL 11:cee25a834751 17631 break;
wolfSSL 11:cee25a834751 17632 #endif /* !NO_SHA256 */
wolfSSL 11:cee25a834751 17633 #ifdef WOLFSSL_SHA384
wolfSSL 11:cee25a834751 17634 case sha384_mac:
wolfSSL 11:cee25a834751 17635 ssl->buffers.digest.length = SHA384_DIGEST_SIZE;
wolfSSL 11:cee25a834751 17636 ssl->buffers.digest.buffer =
wolfSSL 11:cee25a834751 17637 ssl->hsHashes->certHashes.sha384;
wolfSSL 11:cee25a834751 17638 typeH = SHA384h;
wolfSSL 11:cee25a834751 17639 break;
wolfSSL 11:cee25a834751 17640 #endif /* WOLFSSL_SHA384 */
wolfSSL 11:cee25a834751 17641 #ifdef WOLFSSL_SHA512
wolfSSL 11:cee25a834751 17642 case sha512_mac:
wolfSSL 11:cee25a834751 17643 ssl->buffers.digest.length = SHA512_DIGEST_SIZE;
wolfSSL 11:cee25a834751 17644 ssl->buffers.digest.buffer =
wolfSSL 11:cee25a834751 17645 ssl->hsHashes->certHashes.sha512;
wolfSSL 11:cee25a834751 17646 typeH = SHA512h;
wolfSSL 11:cee25a834751 17647 break;
wolfSSL 11:cee25a834751 17648 #endif /* WOLFSSL_SHA512 */
wolfSSL 11:cee25a834751 17649 } /* switch */
wolfSSL 11:cee25a834751 17650 }
wolfSSL 11:cee25a834751 17651 #ifndef NO_OLD_TLS
wolfSSL 11:cee25a834751 17652 else {
wolfSSL 11:cee25a834751 17653 /* if old TLS load MD5 and SHA hash as value to sign */
wolfSSL 11:cee25a834751 17654 XMEMCPY(ssl->buffers.sig.buffer,
wolfSSL 11:cee25a834751 17655 (byte*)ssl->hsHashes->certHashes.md5, FINISHED_SZ);
wolfSSL 11:cee25a834751 17656 }
wolfSSL 11:cee25a834751 17657 #endif
wolfSSL 11:cee25a834751 17658
wolfSSL 11:cee25a834751 17659 if (typeH == 0) {
wolfSSL 11:cee25a834751 17660 ERROR_OUT(ALGO_ID_E, exit_scv);
wolfSSL 11:cee25a834751 17661 }
wolfSSL 11:cee25a834751 17662
wolfSSL 11:cee25a834751 17663 #ifndef NO_RSA
wolfSSL 11:cee25a834751 17664 if (ssl->hsType == DYNAMIC_TYPE_RSA) {
wolfSSL 11:cee25a834751 17665 ssl->buffers.sig.length = FINISHED_SZ;
wolfSSL 11:cee25a834751 17666 args->sigSz = ENCRYPT_LEN;
wolfSSL 11:cee25a834751 17667
wolfSSL 11:cee25a834751 17668 if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL 11:cee25a834751 17669 ssl->buffers.sig.length = wc_EncodeSignature(
wolfSSL 11:cee25a834751 17670 ssl->buffers.sig.buffer, ssl->buffers.digest.buffer,
wolfSSL 11:cee25a834751 17671 ssl->buffers.digest.length, typeH);
wolfSSL 11:cee25a834751 17672 }
wolfSSL 11:cee25a834751 17673
wolfSSL 11:cee25a834751 17674 /* prepend hdr */
wolfSSL 11:cee25a834751 17675 c16toa((word16)args->length, args->verify + args->extraSz);
wolfSSL 11:cee25a834751 17676 }
wolfSSL 11:cee25a834751 17677 #endif /* !NO_RSA */
wolfSSL 11:cee25a834751 17678
wolfSSL 11:cee25a834751 17679 /* Advance state and proceed */
wolfSSL 11:cee25a834751 17680 ssl->options.asyncState = TLS_ASYNC_DO;
wolfSSL 11:cee25a834751 17681 } /* case TLS_ASYNC_BUILD */
wolfSSL 11:cee25a834751 17682
wolfSSL 11:cee25a834751 17683 case TLS_ASYNC_DO:
wolfSSL 11:cee25a834751 17684 {
wolfSSL 11:cee25a834751 17685 #ifdef HAVE_ECC
wolfSSL 11:cee25a834751 17686 if (ssl->hsType == DYNAMIC_TYPE_ECC) {
wolfSSL 11:cee25a834751 17687 ecc_key* key = (ecc_key*)ssl->hsKey;
wolfSSL 11:cee25a834751 17688
wolfSSL 11:cee25a834751 17689 ret = EccSign(ssl,
wolfSSL 11:cee25a834751 17690 ssl->buffers.digest.buffer, ssl->buffers.digest.length,
wolfSSL 11:cee25a834751 17691 ssl->buffers.sig.buffer, &ssl->buffers.sig.length,
wolfSSL 11:cee25a834751 17692 key,
wolfSSL 11:cee25a834751 17693 #if defined(HAVE_PK_CALLBACKS)
wolfSSL 11:cee25a834751 17694 ssl->buffers.key->buffer,
wolfSSL 11:cee25a834751 17695 ssl->buffers.key->length,
wolfSSL 11:cee25a834751 17696 ssl->EccSignCtx
wolfSSL 11:cee25a834751 17697 #else
wolfSSL 11:cee25a834751 17698 NULL, 0, NULL
wolfSSL 11:cee25a834751 17699 #endif
wolfSSL 11:cee25a834751 17700 );
wolfSSL 11:cee25a834751 17701 }
wolfSSL 11:cee25a834751 17702 #endif /* HAVE_ECC */
wolfSSL 11:cee25a834751 17703 #ifndef NO_RSA
wolfSSL 11:cee25a834751 17704 if (ssl->hsType == DYNAMIC_TYPE_RSA) {
wolfSSL 11:cee25a834751 17705 RsaKey* key = (RsaKey*)ssl->hsKey;
wolfSSL 11:cee25a834751 17706
wolfSSL 11:cee25a834751 17707 /* restore verify pointer */
wolfSSL 11:cee25a834751 17708 args->verify = &args->output[args->idx];
wolfSSL 11:cee25a834751 17709
wolfSSL 11:cee25a834751 17710 ret = RsaSign(ssl,
wolfSSL 11:cee25a834751 17711 ssl->buffers.sig.buffer, ssl->buffers.sig.length,
wolfSSL 11:cee25a834751 17712 args->verify + args->extraSz + VERIFY_HEADER, &args->sigSz,
wolfSSL 11:cee25a834751 17713 key,
wolfSSL 11:cee25a834751 17714 ssl->buffers.key->buffer,
wolfSSL 11:cee25a834751 17715 ssl->buffers.key->length,
wolfSSL 11:cee25a834751 17716 #ifdef HAVE_PK_CALLBACKS
wolfSSL 11:cee25a834751 17717 ssl->RsaSignCtx
wolfSSL 11:cee25a834751 17718 #else
wolfSSL 11:cee25a834751 17719 NULL
wolfSSL 11:cee25a834751 17720 #endif
wolfSSL 11:cee25a834751 17721 );
wolfSSL 11:cee25a834751 17722 }
wolfSSL 11:cee25a834751 17723 #endif /* !NO_RSA */
wolfSSL 11:cee25a834751 17724
wolfSSL 11:cee25a834751 17725 /* Check for error */
wolfSSL 11:cee25a834751 17726 if (ret != 0) {
wolfSSL 11:cee25a834751 17727 goto exit_scv;
wolfSSL 11:cee25a834751 17728 }
wolfSSL 11:cee25a834751 17729
wolfSSL 11:cee25a834751 17730 /* Advance state and proceed */
wolfSSL 11:cee25a834751 17731 ssl->options.asyncState = TLS_ASYNC_VERIFY;
wolfSSL 11:cee25a834751 17732 } /* case TLS_ASYNC_DO */
wolfSSL 11:cee25a834751 17733
wolfSSL 11:cee25a834751 17734 case TLS_ASYNC_VERIFY:
wolfSSL 11:cee25a834751 17735 {
wolfSSL 11:cee25a834751 17736 /* restore verify pointer */
wolfSSL 11:cee25a834751 17737 args->verify = &args->output[args->idx];
wolfSSL 11:cee25a834751 17738
wolfSSL 11:cee25a834751 17739 #ifdef HAVE_ECC
wolfSSL 11:cee25a834751 17740 if (ssl->hsType == DYNAMIC_TYPE_ECC) {
wolfSSL 11:cee25a834751 17741 args->length = ssl->buffers.sig.length;
wolfSSL 11:cee25a834751 17742 /* prepend hdr */
wolfSSL 11:cee25a834751 17743 c16toa((word16)ssl->buffers.sig.length, args->verify +
wolfSSL 11:cee25a834751 17744 args->extraSz);
wolfSSL 11:cee25a834751 17745 XMEMCPY(args->verify + args->extraSz + VERIFY_HEADER,
wolfSSL 11:cee25a834751 17746 ssl->buffers.sig.buffer, ssl->buffers.sig.length);
wolfSSL 11:cee25a834751 17747 }
wolfSSL 11:cee25a834751 17748 #endif /* HAVE_ECC */
wolfSSL 11:cee25a834751 17749 #ifndef NO_RSA
wolfSSL 11:cee25a834751 17750 if (ssl->hsType == DYNAMIC_TYPE_RSA) {
wolfSSL 11:cee25a834751 17751 RsaKey* key = (RsaKey*)ssl->hsKey;
wolfSSL 11:cee25a834751 17752
wolfSSL 11:cee25a834751 17753 if (args->verifySig == NULL) {
wolfSSL 11:cee25a834751 17754 args->verifySig = (byte*)XMALLOC(args->sigSz, ssl->heap,
wolfSSL 11:cee25a834751 17755 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 17756 if (args->verifySig == NULL) {
wolfSSL 11:cee25a834751 17757 ERROR_OUT(MEMORY_E, exit_scv);
wolfSSL 11:cee25a834751 17758 }
wolfSSL 11:cee25a834751 17759 XMEMCPY(args->verifySig, args->verify + args->extraSz +
wolfSSL 11:cee25a834751 17760 VERIFY_HEADER, args->sigSz);
wolfSSL 11:cee25a834751 17761 }
wolfSSL 11:cee25a834751 17762
wolfSSL 11:cee25a834751 17763 /* check for signature faults */
wolfSSL 11:cee25a834751 17764 ret = VerifyRsaSign(ssl,
wolfSSL 11:cee25a834751 17765 args->verifySig, args->sigSz,
wolfSSL 11:cee25a834751 17766 ssl->buffers.sig.buffer, ssl->buffers.sig.length,
wolfSSL 11:cee25a834751 17767 key
wolfSSL 11:cee25a834751 17768 );
wolfSSL 11:cee25a834751 17769 }
wolfSSL 11:cee25a834751 17770 #endif /* !NO_RSA */
wolfSSL 11:cee25a834751 17771
wolfSSL 11:cee25a834751 17772 /* Check for error */
wolfSSL 11:cee25a834751 17773 if (ret != 0) {
wolfSSL 11:cee25a834751 17774 goto exit_scv;
wolfSSL 11:cee25a834751 17775 }
wolfSSL 11:cee25a834751 17776
wolfSSL 11:cee25a834751 17777 /* Advance state and proceed */
wolfSSL 11:cee25a834751 17778 ssl->options.asyncState = TLS_ASYNC_FINALIZE;
wolfSSL 11:cee25a834751 17779 } /* case TLS_ASYNC_VERIFY */
wolfSSL 11:cee25a834751 17780
wolfSSL 11:cee25a834751 17781 case TLS_ASYNC_FINALIZE:
wolfSSL 11:cee25a834751 17782 {
wolfSSL 11:cee25a834751 17783 if (args->output == NULL) {
wolfSSL 11:cee25a834751 17784 ERROR_OUT(BUFFER_ERROR, exit_scv);
wolfSSL 11:cee25a834751 17785 }
wolfSSL 11:cee25a834751 17786 AddHeaders(args->output, args->length + args->extraSz +
wolfSSL 11:cee25a834751 17787 VERIFY_HEADER, certificate_verify, ssl);
wolfSSL 11:cee25a834751 17788
wolfSSL 11:cee25a834751 17789 args->sendSz = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ +
wolfSSL 11:cee25a834751 17790 args->length + args->extraSz + VERIFY_HEADER;
wolfSSL 11:cee25a834751 17791
wolfSSL 11:cee25a834751 17792 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 17793 if (ssl->options.dtls) {
wolfSSL 11:cee25a834751 17794 args->sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL 11:cee25a834751 17795 }
wolfSSL 11:cee25a834751 17796 #endif
wolfSSL 11:cee25a834751 17797
wolfSSL 11:cee25a834751 17798 if (IsEncryptionOn(ssl, 1)) {
wolfSSL 11:cee25a834751 17799 args->inputSz = args->sendSz - RECORD_HEADER_SZ;
wolfSSL 11:cee25a834751 17800 /* build msg adds rec hdr */
wolfSSL 11:cee25a834751 17801 args->input = (byte*)XMALLOC(args->inputSz, ssl->heap,
wolfSSL 11:cee25a834751 17802 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 17803 if (args->input == NULL) {
wolfSSL 11:cee25a834751 17804 ERROR_OUT(MEMORY_E, exit_scv);
wolfSSL 11:cee25a834751 17805 }
wolfSSL 11:cee25a834751 17806
wolfSSL 11:cee25a834751 17807 XMEMCPY(args->input, args->output + RECORD_HEADER_SZ,
wolfSSL 11:cee25a834751 17808 args->inputSz);
wolfSSL 11:cee25a834751 17809 }
wolfSSL 11:cee25a834751 17810
wolfSSL 11:cee25a834751 17811 /* Advance state and proceed */
wolfSSL 11:cee25a834751 17812 ssl->options.asyncState = TLS_ASYNC_END;
wolfSSL 11:cee25a834751 17813 } /* case TLS_ASYNC_FINALIZE */
wolfSSL 11:cee25a834751 17814
wolfSSL 11:cee25a834751 17815 case TLS_ASYNC_END:
wolfSSL 11:cee25a834751 17816 {
wolfSSL 11:cee25a834751 17817 if (IsEncryptionOn(ssl, 1)) {
wolfSSL 11:cee25a834751 17818 ret = BuildMessage(ssl, args->output,
wolfSSL 11:cee25a834751 17819 MAX_CERT_VERIFY_SZ + MAX_MSG_EXTRA,
wolfSSL 11:cee25a834751 17820 args->input, args->inputSz, handshake,
wolfSSL 11:cee25a834751 17821 1, 0, 1);
wolfSSL 11:cee25a834751 17822 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 11:cee25a834751 17823 if (ret == WC_PENDING_E)
wolfSSL 11:cee25a834751 17824 goto exit_scv;
wolfSSL 11:cee25a834751 17825 #endif
wolfSSL 11:cee25a834751 17826
wolfSSL 11:cee25a834751 17827 XFREE(args->input, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 17828 args->input = NULL; /* make sure its not double free'd on cleanup */
wolfSSL 11:cee25a834751 17829
wolfSSL 11:cee25a834751 17830 if (ret >= 0) {
wolfSSL 11:cee25a834751 17831 args->sendSz = ret;
wolfSSL 11:cee25a834751 17832 ret = 0;
wolfSSL 11:cee25a834751 17833 }
wolfSSL 11:cee25a834751 17834 }
wolfSSL 11:cee25a834751 17835 else {
wolfSSL 11:cee25a834751 17836 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 17837 if (ssl->options.dtls)
wolfSSL 11:cee25a834751 17838 DtlsSEQIncrement(ssl, CUR_ORDER);
wolfSSL 11:cee25a834751 17839 #endif
wolfSSL 11:cee25a834751 17840 ret = HashOutput(ssl, args->output, args->sendSz, 0);
wolfSSL 11:cee25a834751 17841 }
wolfSSL 11:cee25a834751 17842
wolfSSL 11:cee25a834751 17843 if (ret != 0) {
wolfSSL 11:cee25a834751 17844 goto exit_scv;
wolfSSL 11:cee25a834751 17845 }
wolfSSL 11:cee25a834751 17846
wolfSSL 11:cee25a834751 17847 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 17848 if (IsDtlsNotSctpMode(ssl)) {
wolfSSL 11:cee25a834751 17849 ret = DtlsMsgPoolSave(ssl, args->output, args->sendSz);
wolfSSL 11:cee25a834751 17850 }
wolfSSL 11:cee25a834751 17851 #endif
wolfSSL 11:cee25a834751 17852
wolfSSL 11:cee25a834751 17853
wolfSSL 11:cee25a834751 17854 #ifdef WOLFSSL_CALLBACKS
wolfSSL 11:cee25a834751 17855 if (ssl->hsInfoOn)
wolfSSL 11:cee25a834751 17856 AddPacketName("CertificateVerify", &ssl->handShakeInfo);
wolfSSL 11:cee25a834751 17857 if (ssl->toInfoOn)
wolfSSL 11:cee25a834751 17858 AddPacketInfo("CertificateVerify", &ssl->timeoutInfo,
wolfSSL 11:cee25a834751 17859 args->output, args->sendSz, ssl->heap);
wolfSSL 11:cee25a834751 17860 #endif
wolfSSL 11:cee25a834751 17861
wolfSSL 11:cee25a834751 17862 ssl->buffers.outputBuffer.length += args->sendSz;
wolfSSL 11:cee25a834751 17863
wolfSSL 11:cee25a834751 17864 if (!ssl->options.groupMessages) {
wolfSSL 11:cee25a834751 17865 ret = SendBuffered(ssl);
wolfSSL 11:cee25a834751 17866 }
wolfSSL 11:cee25a834751 17867 break;
wolfSSL 11:cee25a834751 17868 }
wolfSSL 11:cee25a834751 17869 default:
wolfSSL 11:cee25a834751 17870 ret = INPUT_CASE_ERROR;
wolfSSL 11:cee25a834751 17871 } /* switch(ssl->options.asyncState) */
wolfSSL 11:cee25a834751 17872
wolfSSL 11:cee25a834751 17873 exit_scv:
wolfSSL 11:cee25a834751 17874
wolfSSL 11:cee25a834751 17875 WOLFSSL_LEAVE("SendCertificateVerify", ret);
wolfSSL 11:cee25a834751 17876
wolfSSL 11:cee25a834751 17877 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 11:cee25a834751 17878 /* Handle async operation */
wolfSSL 11:cee25a834751 17879 if (ret == WC_PENDING_E) {
wolfSSL 11:cee25a834751 17880 return ret;
wolfSSL 11:cee25a834751 17881 }
wolfSSL 11:cee25a834751 17882 #endif /* WOLFSSL_ASYNC_CRYPT */
wolfSSL 11:cee25a834751 17883
wolfSSL 11:cee25a834751 17884 /* Digest is not allocated, so do this to prevent free */
wolfSSL 11:cee25a834751 17885 ssl->buffers.digest.buffer = NULL;
wolfSSL 11:cee25a834751 17886 ssl->buffers.digest.length = 0;
wolfSSL 11:cee25a834751 17887
wolfSSL 11:cee25a834751 17888 /* Final cleanup */
wolfSSL 11:cee25a834751 17889 FreeScvArgs(ssl, args);
wolfSSL 11:cee25a834751 17890 FreeKeyExchange(ssl);
wolfSSL 11:cee25a834751 17891
wolfSSL 11:cee25a834751 17892 return ret;
wolfSSL 11:cee25a834751 17893 }
wolfSSL 11:cee25a834751 17894
wolfSSL 11:cee25a834751 17895 #endif /* NO_CERTS */
wolfSSL 11:cee25a834751 17896
wolfSSL 11:cee25a834751 17897
wolfSSL 11:cee25a834751 17898 #ifdef HAVE_SESSION_TICKET
wolfSSL 11:cee25a834751 17899 int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
wolfSSL 11:cee25a834751 17900 word32 size)
wolfSSL 11:cee25a834751 17901 {
wolfSSL 11:cee25a834751 17902 word32 begin = *inOutIdx;
wolfSSL 11:cee25a834751 17903 word32 lifetime;
wolfSSL 11:cee25a834751 17904 word16 length;
wolfSSL 11:cee25a834751 17905
wolfSSL 11:cee25a834751 17906 if (ssl->expect_session_ticket == 0) {
wolfSSL 11:cee25a834751 17907 WOLFSSL_MSG("Unexpected session ticket");
wolfSSL 11:cee25a834751 17908 return SESSION_TICKET_EXPECT_E;
wolfSSL 11:cee25a834751 17909 }
wolfSSL 11:cee25a834751 17910
wolfSSL 11:cee25a834751 17911 if ((*inOutIdx - begin) + OPAQUE32_LEN > size)
wolfSSL 11:cee25a834751 17912 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 17913
wolfSSL 11:cee25a834751 17914 ato32(input + *inOutIdx, &lifetime);
wolfSSL 11:cee25a834751 17915 *inOutIdx += OPAQUE32_LEN;
wolfSSL 11:cee25a834751 17916
wolfSSL 11:cee25a834751 17917 if ((*inOutIdx - begin) + OPAQUE16_LEN > size)
wolfSSL 11:cee25a834751 17918 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 17919
wolfSSL 11:cee25a834751 17920 ato16(input + *inOutIdx, &length);
wolfSSL 11:cee25a834751 17921 *inOutIdx += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 17922
wolfSSL 11:cee25a834751 17923 if ((*inOutIdx - begin) + length > size)
wolfSSL 11:cee25a834751 17924 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 17925
wolfSSL 11:cee25a834751 17926 if (length > sizeof(ssl->session.staticTicket)) {
wolfSSL 11:cee25a834751 17927 /* Free old dynamic ticket if we already had one */
wolfSSL 11:cee25a834751 17928 if (ssl->session.isDynamic)
wolfSSL 11:cee25a834751 17929 XFREE(ssl->session.ticket, ssl->heap, DYNAMIC_TYPE_SESSION_TICK);
wolfSSL 11:cee25a834751 17930 ssl->session.ticket =
wolfSSL 11:cee25a834751 17931 (byte*)XMALLOC(length, ssl->heap, DYNAMIC_TYPE_SESSION_TICK);
wolfSSL 11:cee25a834751 17932 if (ssl->session.ticket == NULL) {
wolfSSL 11:cee25a834751 17933 /* Set to static ticket to avoid null pointer error */
wolfSSL 11:cee25a834751 17934 ssl->session.ticket = ssl->session.staticTicket;
wolfSSL 11:cee25a834751 17935 ssl->session.isDynamic = 0;
wolfSSL 11:cee25a834751 17936 return MEMORY_E;
wolfSSL 11:cee25a834751 17937 }
wolfSSL 11:cee25a834751 17938 ssl->session.isDynamic = 1;
wolfSSL 11:cee25a834751 17939 } else {
wolfSSL 11:cee25a834751 17940 if(ssl->session.isDynamic) {
wolfSSL 11:cee25a834751 17941 XFREE(ssl->session.ticket, ssl->heap, DYNAMIC_TYPE_SESSION_TICK);
wolfSSL 11:cee25a834751 17942 }
wolfSSL 11:cee25a834751 17943 ssl->session.isDynamic = 0;
wolfSSL 11:cee25a834751 17944 ssl->session.ticket = ssl->session.staticTicket;
wolfSSL 11:cee25a834751 17945 }
wolfSSL 11:cee25a834751 17946
wolfSSL 11:cee25a834751 17947 /* If the received ticket including its length is greater than
wolfSSL 11:cee25a834751 17948 * a length value, the save it. Otherwise, don't save it. */
wolfSSL 11:cee25a834751 17949 if (length > 0) {
wolfSSL 11:cee25a834751 17950 XMEMCPY(ssl->session.ticket, input + *inOutIdx, length);
wolfSSL 11:cee25a834751 17951 *inOutIdx += length;
wolfSSL 11:cee25a834751 17952 ssl->session.ticketLen = length;
wolfSSL 11:cee25a834751 17953 ssl->timeout = lifetime;
wolfSSL 11:cee25a834751 17954 if (ssl->session_ticket_cb != NULL) {
wolfSSL 11:cee25a834751 17955 ssl->session_ticket_cb(ssl,
wolfSSL 11:cee25a834751 17956 ssl->session.ticket, ssl->session.ticketLen,
wolfSSL 11:cee25a834751 17957 ssl->session_ticket_ctx);
wolfSSL 11:cee25a834751 17958 }
wolfSSL 11:cee25a834751 17959 /* Create a fake sessionID based on the ticket, this will
wolfSSL 11:cee25a834751 17960 * supercede the existing session cache info. */
wolfSSL 11:cee25a834751 17961 ssl->options.haveSessionId = 1;
wolfSSL 11:cee25a834751 17962 XMEMCPY(ssl->arrays->sessionID,
wolfSSL 11:cee25a834751 17963 ssl->session.ticket + length - ID_LEN, ID_LEN);
wolfSSL 11:cee25a834751 17964 #ifndef NO_SESSION_CACHE
wolfSSL 11:cee25a834751 17965 AddSession(ssl);
wolfSSL 11:cee25a834751 17966 #endif
wolfSSL 11:cee25a834751 17967
wolfSSL 11:cee25a834751 17968 }
wolfSSL 11:cee25a834751 17969 else {
wolfSSL 11:cee25a834751 17970 ssl->session.ticketLen = 0;
wolfSSL 11:cee25a834751 17971 }
wolfSSL 11:cee25a834751 17972
wolfSSL 11:cee25a834751 17973 if (IsEncryptionOn(ssl, 0)) {
wolfSSL 11:cee25a834751 17974 *inOutIdx += ssl->keys.padSz;
wolfSSL 11:cee25a834751 17975 }
wolfSSL 11:cee25a834751 17976
wolfSSL 11:cee25a834751 17977 ssl->expect_session_ticket = 0;
wolfSSL 11:cee25a834751 17978
wolfSSL 11:cee25a834751 17979 return 0;
wolfSSL 11:cee25a834751 17980 }
wolfSSL 11:cee25a834751 17981 #endif /* HAVE_SESSION_TICKET */
wolfSSL 11:cee25a834751 17982
wolfSSL 11:cee25a834751 17983 #endif /* NO_WOLFSSL_CLIENT */
wolfSSL 11:cee25a834751 17984
wolfSSL 11:cee25a834751 17985
wolfSSL 11:cee25a834751 17986 #ifndef NO_WOLFSSL_SERVER
wolfSSL 11:cee25a834751 17987
wolfSSL 11:cee25a834751 17988 int SendServerHello(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 17989 {
wolfSSL 11:cee25a834751 17990 byte *output;
wolfSSL 11:cee25a834751 17991 word32 length, idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
wolfSSL 11:cee25a834751 17992 int sendSz;
wolfSSL 11:cee25a834751 17993 int ret;
wolfSSL 11:cee25a834751 17994 byte sessIdSz = ID_LEN;
wolfSSL 11:cee25a834751 17995 byte echoId = 0; /* ticket echo id flag */
wolfSSL 11:cee25a834751 17996 byte cacheOff = 0; /* session cache off flag */
wolfSSL 11:cee25a834751 17997
wolfSSL 11:cee25a834751 17998 length = VERSION_SZ + RAN_LEN
wolfSSL 11:cee25a834751 17999 + ID_LEN + ENUM_LEN
wolfSSL 11:cee25a834751 18000 + SUITE_LEN
wolfSSL 11:cee25a834751 18001 + ENUM_LEN;
wolfSSL 11:cee25a834751 18002
wolfSSL 11:cee25a834751 18003 #ifdef HAVE_TLS_EXTENSIONS
wolfSSL 11:cee25a834751 18004 length += TLSX_GetResponseSize(ssl);
wolfSSL 11:cee25a834751 18005 #ifdef HAVE_SESSION_TICKET
wolfSSL 11:cee25a834751 18006 if (ssl->options.useTicket) {
wolfSSL 11:cee25a834751 18007 /* echo session id sz can be 0,32 or bogus len inbetween */
wolfSSL 11:cee25a834751 18008 sessIdSz = ssl->arrays->sessionIDSz;
wolfSSL 11:cee25a834751 18009 if (sessIdSz > ID_LEN) {
wolfSSL 11:cee25a834751 18010 WOLFSSL_MSG("Bad bogus session id len");
wolfSSL 11:cee25a834751 18011 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 18012 }
wolfSSL 11:cee25a834751 18013 length -= (ID_LEN - sessIdSz); /* adjust ID_LEN assumption */
wolfSSL 11:cee25a834751 18014 echoId = 1;
wolfSSL 11:cee25a834751 18015 }
wolfSSL 11:cee25a834751 18016 #endif /* HAVE_SESSION_TICKET */
wolfSSL 11:cee25a834751 18017 #else
wolfSSL 11:cee25a834751 18018 if (ssl->options.haveEMS) {
wolfSSL 11:cee25a834751 18019 length += HELLO_EXT_SZ_SZ + HELLO_EXT_SZ;
wolfSSL 11:cee25a834751 18020 }
wolfSSL 11:cee25a834751 18021 #endif
wolfSSL 11:cee25a834751 18022
wolfSSL 11:cee25a834751 18023 /* is the session cahce off at build or runtime */
wolfSSL 11:cee25a834751 18024 #ifdef NO_SESSION_CACHE
wolfSSL 11:cee25a834751 18025 cacheOff = 1;
wolfSSL 11:cee25a834751 18026 #else
wolfSSL 11:cee25a834751 18027 if (ssl->options.sessionCacheOff == 1) {
wolfSSL 11:cee25a834751 18028 cacheOff = 1;
wolfSSL 11:cee25a834751 18029 }
wolfSSL 11:cee25a834751 18030 #endif
wolfSSL 11:cee25a834751 18031
wolfSSL 11:cee25a834751 18032 /* if no session cache don't send a session ID unless we're echoing
wolfSSL 11:cee25a834751 18033 * an ID as part of session tickets */
wolfSSL 11:cee25a834751 18034 if (echoId == 0 && cacheOff == 1) {
wolfSSL 11:cee25a834751 18035 length -= ID_LEN; /* adjust ID_LEN assumption */
wolfSSL 11:cee25a834751 18036 sessIdSz = 0;
wolfSSL 11:cee25a834751 18037 }
wolfSSL 11:cee25a834751 18038
wolfSSL 11:cee25a834751 18039 /* check for avalaible size */
wolfSSL 11:cee25a834751 18040 if ((ret = CheckAvailableSize(ssl, MAX_HELLO_SZ)) != 0)
wolfSSL 11:cee25a834751 18041 return ret;
wolfSSL 11:cee25a834751 18042
wolfSSL 11:cee25a834751 18043 /* get output buffer */
wolfSSL 11:cee25a834751 18044 output = ssl->buffers.outputBuffer.buffer +
wolfSSL 11:cee25a834751 18045 ssl->buffers.outputBuffer.length;
wolfSSL 11:cee25a834751 18046
wolfSSL 11:cee25a834751 18047 sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ;
wolfSSL 11:cee25a834751 18048 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 18049 if (ssl->options.dtls) {
wolfSSL 11:cee25a834751 18050 /* Server Hello should use the same sequence number as the
wolfSSL 11:cee25a834751 18051 * Client Hello. */
wolfSSL 11:cee25a834751 18052 ssl->keys.dtls_sequence_number_hi = ssl->keys.curSeq_hi;
wolfSSL 11:cee25a834751 18053 ssl->keys.dtls_sequence_number_lo = ssl->keys.curSeq_lo;
wolfSSL 11:cee25a834751 18054 idx += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL 11:cee25a834751 18055 sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL 11:cee25a834751 18056 }
wolfSSL 11:cee25a834751 18057 #endif /* WOLFSSL_DTLS */
wolfSSL 11:cee25a834751 18058 AddHeaders(output, length, server_hello, ssl);
wolfSSL 11:cee25a834751 18059
wolfSSL 11:cee25a834751 18060 /* now write to output */
wolfSSL 11:cee25a834751 18061 /* first version */
wolfSSL 11:cee25a834751 18062 output[idx++] = ssl->version.major;
wolfSSL 11:cee25a834751 18063 output[idx++] = ssl->version.minor;
wolfSSL 11:cee25a834751 18064
wolfSSL 11:cee25a834751 18065 /* then random and session id */
wolfSSL 11:cee25a834751 18066 if (!ssl->options.resuming) {
wolfSSL 11:cee25a834751 18067 /* generate random part and session id */
wolfSSL 11:cee25a834751 18068 ret = wc_RNG_GenerateBlock(ssl->rng, output + idx,
wolfSSL 11:cee25a834751 18069 RAN_LEN + sizeof(sessIdSz) + sessIdSz);
wolfSSL 11:cee25a834751 18070 if (ret != 0)
wolfSSL 11:cee25a834751 18071 return ret;
wolfSSL 11:cee25a834751 18072
wolfSSL 11:cee25a834751 18073 /* store info in SSL for later */
wolfSSL 11:cee25a834751 18074 XMEMCPY(ssl->arrays->serverRandom, output + idx, RAN_LEN);
wolfSSL 11:cee25a834751 18075 idx += RAN_LEN;
wolfSSL 11:cee25a834751 18076 output[idx++] = sessIdSz;
wolfSSL 11:cee25a834751 18077 XMEMCPY(ssl->arrays->sessionID, output + idx, sessIdSz);
wolfSSL 11:cee25a834751 18078 ssl->arrays->sessionIDSz = sessIdSz;
wolfSSL 11:cee25a834751 18079 }
wolfSSL 11:cee25a834751 18080 else {
wolfSSL 11:cee25a834751 18081 /* If resuming, use info from SSL */
wolfSSL 11:cee25a834751 18082 XMEMCPY(output + idx, ssl->arrays->serverRandom, RAN_LEN);
wolfSSL 11:cee25a834751 18083 idx += RAN_LEN;
wolfSSL 11:cee25a834751 18084 output[idx++] = sessIdSz;
wolfSSL 11:cee25a834751 18085 XMEMCPY(output + idx, ssl->arrays->sessionID, sessIdSz);
wolfSSL 11:cee25a834751 18086 }
wolfSSL 11:cee25a834751 18087 idx += sessIdSz;
wolfSSL 11:cee25a834751 18088
wolfSSL 11:cee25a834751 18089 #ifdef SHOW_SECRETS
wolfSSL 11:cee25a834751 18090 {
wolfSSL 11:cee25a834751 18091 int j;
wolfSSL 11:cee25a834751 18092 printf("server random: ");
wolfSSL 11:cee25a834751 18093 for (j = 0; j < RAN_LEN; j++)
wolfSSL 11:cee25a834751 18094 printf("%02x", ssl->arrays->serverRandom[j]);
wolfSSL 11:cee25a834751 18095 printf("\n");
wolfSSL 11:cee25a834751 18096 }
wolfSSL 11:cee25a834751 18097 #endif
wolfSSL 11:cee25a834751 18098
wolfSSL 11:cee25a834751 18099 /* then cipher suite */
wolfSSL 11:cee25a834751 18100 output[idx++] = ssl->options.cipherSuite0;
wolfSSL 11:cee25a834751 18101 output[idx++] = ssl->options.cipherSuite;
wolfSSL 11:cee25a834751 18102
wolfSSL 11:cee25a834751 18103 /* then compression */
wolfSSL 11:cee25a834751 18104 if (ssl->options.usingCompression)
wolfSSL 11:cee25a834751 18105 output[idx++] = ZLIB_COMPRESSION;
wolfSSL 11:cee25a834751 18106 else
wolfSSL 11:cee25a834751 18107 output[idx++] = NO_COMPRESSION;
wolfSSL 11:cee25a834751 18108
wolfSSL 11:cee25a834751 18109 /* last, extensions */
wolfSSL 11:cee25a834751 18110 #ifdef HAVE_TLS_EXTENSIONS
wolfSSL 11:cee25a834751 18111 TLSX_WriteResponse(ssl, output + idx);
wolfSSL 11:cee25a834751 18112 #else
wolfSSL 11:cee25a834751 18113 #ifdef HAVE_EXTENDED_MASTER
wolfSSL 11:cee25a834751 18114 if (ssl->options.haveEMS) {
wolfSSL 11:cee25a834751 18115 c16toa(HELLO_EXT_SZ, output + idx);
wolfSSL 11:cee25a834751 18116 idx += HELLO_EXT_SZ_SZ;
wolfSSL 11:cee25a834751 18117
wolfSSL 11:cee25a834751 18118 c16toa(HELLO_EXT_EXTMS, output + idx);
wolfSSL 11:cee25a834751 18119 idx += HELLO_EXT_TYPE_SZ;
wolfSSL 11:cee25a834751 18120 c16toa(0, output + idx);
wolfSSL 11:cee25a834751 18121 /*idx += HELLO_EXT_SZ_SZ;*/
wolfSSL 11:cee25a834751 18122 /* idx is not used after this point. uncomment the line above
wolfSSL 11:cee25a834751 18123 * if adding any more extentions in the future. */
wolfSSL 11:cee25a834751 18124 }
wolfSSL 11:cee25a834751 18125 #endif
wolfSSL 11:cee25a834751 18126 #endif
wolfSSL 11:cee25a834751 18127
wolfSSL 11:cee25a834751 18128 ssl->buffers.outputBuffer.length += sendSz;
wolfSSL 11:cee25a834751 18129 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 18130 if (IsDtlsNotSctpMode(ssl)) {
wolfSSL 11:cee25a834751 18131 if ((ret = DtlsMsgPoolSave(ssl, output, sendSz)) != 0)
wolfSSL 11:cee25a834751 18132 return ret;
wolfSSL 11:cee25a834751 18133 }
wolfSSL 11:cee25a834751 18134
wolfSSL 11:cee25a834751 18135 if (ssl->options.dtls) {
wolfSSL 11:cee25a834751 18136 DtlsSEQIncrement(ssl, CUR_ORDER);
wolfSSL 11:cee25a834751 18137 }
wolfSSL 11:cee25a834751 18138 #endif
wolfSSL 11:cee25a834751 18139
wolfSSL 11:cee25a834751 18140 ret = HashOutput(ssl, output, sendSz, 0);
wolfSSL 11:cee25a834751 18141 if (ret != 0)
wolfSSL 11:cee25a834751 18142 return ret;
wolfSSL 11:cee25a834751 18143
wolfSSL 11:cee25a834751 18144 #ifdef WOLFSSL_CALLBACKS
wolfSSL 11:cee25a834751 18145 if (ssl->hsInfoOn)
wolfSSL 11:cee25a834751 18146 AddPacketName("ServerHello", &ssl->handShakeInfo);
wolfSSL 11:cee25a834751 18147 if (ssl->toInfoOn)
wolfSSL 11:cee25a834751 18148 AddPacketInfo("ServerHello", &ssl->timeoutInfo, output, sendSz,
wolfSSL 11:cee25a834751 18149 ssl->heap);
wolfSSL 11:cee25a834751 18150 #endif
wolfSSL 11:cee25a834751 18151
wolfSSL 11:cee25a834751 18152 ssl->options.serverState = SERVER_HELLO_COMPLETE;
wolfSSL 11:cee25a834751 18153
wolfSSL 11:cee25a834751 18154 if (ssl->options.groupMessages)
wolfSSL 11:cee25a834751 18155 return 0;
wolfSSL 11:cee25a834751 18156 else
wolfSSL 11:cee25a834751 18157 return SendBuffered(ssl);
wolfSSL 11:cee25a834751 18158 }
wolfSSL 11:cee25a834751 18159
wolfSSL 11:cee25a834751 18160
wolfSSL 11:cee25a834751 18161 #ifdef HAVE_ECC
wolfSSL 11:cee25a834751 18162
wolfSSL 11:cee25a834751 18163 static byte SetCurveId(ecc_key* key)
wolfSSL 11:cee25a834751 18164 {
wolfSSL 11:cee25a834751 18165 if (key == NULL || key->dp == NULL) {
wolfSSL 11:cee25a834751 18166 WOLFSSL_MSG("SetCurveId: Invalid key!");
wolfSSL 11:cee25a834751 18167 return 0;
wolfSSL 11:cee25a834751 18168 }
wolfSSL 11:cee25a834751 18169
wolfSSL 11:cee25a834751 18170 switch(key->dp->oidSum) {
wolfSSL 11:cee25a834751 18171 #if defined(HAVE_ECC160) || defined(HAVE_ALL_CURVES)
wolfSSL 11:cee25a834751 18172 #ifndef NO_ECC_SECP
wolfSSL 11:cee25a834751 18173 case ECC_SECP160R1_OID:
wolfSSL 11:cee25a834751 18174 return WOLFSSL_ECC_SECP160R1;
wolfSSL 11:cee25a834751 18175 #endif /* !NO_ECC_SECP */
wolfSSL 11:cee25a834751 18176 #ifdef HAVE_ECC_SECPR2
wolfSSL 11:cee25a834751 18177 case ECC_SECP160R2_OID:
wolfSSL 11:cee25a834751 18178 return WOLFSSL_ECC_SECP160R2;
wolfSSL 11:cee25a834751 18179 #endif /* HAVE_ECC_SECPR2 */
wolfSSL 11:cee25a834751 18180 #ifdef HAVE_ECC_KOBLITZ
wolfSSL 11:cee25a834751 18181 case ECC_SECP160K1_OID:
wolfSSL 11:cee25a834751 18182 return WOLFSSL_ECC_SECP160K1;
wolfSSL 11:cee25a834751 18183 #endif /* HAVE_ECC_KOBLITZ */
wolfSSL 11:cee25a834751 18184 #endif
wolfSSL 11:cee25a834751 18185 #if defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)
wolfSSL 11:cee25a834751 18186 #ifndef NO_ECC_SECP
wolfSSL 11:cee25a834751 18187 case ECC_SECP192R1_OID:
wolfSSL 11:cee25a834751 18188 return WOLFSSL_ECC_SECP192R1;
wolfSSL 11:cee25a834751 18189 #endif /* !NO_ECC_SECP */
wolfSSL 11:cee25a834751 18190 #ifdef HAVE_ECC_KOBLITZ
wolfSSL 11:cee25a834751 18191 case ECC_SECP192K1_OID:
wolfSSL 11:cee25a834751 18192 return WOLFSSL_ECC_SECP192K1;
wolfSSL 11:cee25a834751 18193 #endif /* HAVE_ECC_KOBLITZ */
wolfSSL 11:cee25a834751 18194 #endif
wolfSSL 11:cee25a834751 18195 #if defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES)
wolfSSL 11:cee25a834751 18196 #ifndef NO_ECC_SECP
wolfSSL 11:cee25a834751 18197 case ECC_SECP224R1_OID:
wolfSSL 11:cee25a834751 18198 return WOLFSSL_ECC_SECP224R1;
wolfSSL 11:cee25a834751 18199 #endif /* !NO_ECC_SECP */
wolfSSL 11:cee25a834751 18200 #ifdef HAVE_ECC_KOBLITZ
wolfSSL 11:cee25a834751 18201 case ECC_SECP224K1_OID:
wolfSSL 11:cee25a834751 18202 return WOLFSSL_ECC_SECP224K1;
wolfSSL 11:cee25a834751 18203 #endif /* HAVE_ECC_KOBLITZ */
wolfSSL 11:cee25a834751 18204 #endif
wolfSSL 11:cee25a834751 18205 #if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES)
wolfSSL 11:cee25a834751 18206 #ifndef NO_ECC_SECP
wolfSSL 11:cee25a834751 18207 case ECC_SECP256R1_OID:
wolfSSL 11:cee25a834751 18208 return WOLFSSL_ECC_SECP256R1;
wolfSSL 11:cee25a834751 18209 #endif /* !NO_ECC_SECP */
wolfSSL 11:cee25a834751 18210 #ifdef HAVE_ECC_KOBLITZ
wolfSSL 11:cee25a834751 18211 case ECC_SECP256K1_OID:
wolfSSL 11:cee25a834751 18212 return WOLFSSL_ECC_SECP256K1;
wolfSSL 11:cee25a834751 18213 #endif /* HAVE_ECC_KOBLITZ */
wolfSSL 11:cee25a834751 18214 #ifdef HAVE_ECC_BRAINPOOL
wolfSSL 11:cee25a834751 18215 case ECC_BRAINPOOLP256R1_OID:
wolfSSL 11:cee25a834751 18216 return WOLFSSL_ECC_BRAINPOOLP256R1;
wolfSSL 11:cee25a834751 18217 #endif /* HAVE_ECC_BRAINPOOL */
wolfSSL 11:cee25a834751 18218 #endif
wolfSSL 11:cee25a834751 18219 #if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)
wolfSSL 11:cee25a834751 18220 #ifndef NO_ECC_SECP
wolfSSL 11:cee25a834751 18221 case ECC_SECP384R1_OID:
wolfSSL 11:cee25a834751 18222 return WOLFSSL_ECC_SECP384R1;
wolfSSL 11:cee25a834751 18223 #endif /* !NO_ECC_SECP */
wolfSSL 11:cee25a834751 18224 #ifdef HAVE_ECC_BRAINPOOL
wolfSSL 11:cee25a834751 18225 case ECC_BRAINPOOLP384R1_OID:
wolfSSL 11:cee25a834751 18226 return WOLFSSL_ECC_BRAINPOOLP384R1;
wolfSSL 11:cee25a834751 18227 #endif /* HAVE_ECC_BRAINPOOL */
wolfSSL 11:cee25a834751 18228 #endif
wolfSSL 11:cee25a834751 18229 #if defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES)
wolfSSL 11:cee25a834751 18230 #ifdef HAVE_ECC_BRAINPOOL
wolfSSL 11:cee25a834751 18231 case ECC_BRAINPOOLP512R1_OID:
wolfSSL 11:cee25a834751 18232 return WOLFSSL_ECC_BRAINPOOLP512R1;
wolfSSL 11:cee25a834751 18233 #endif /* HAVE_ECC_BRAINPOOL */
wolfSSL 11:cee25a834751 18234 #endif
wolfSSL 11:cee25a834751 18235 #if defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)
wolfSSL 11:cee25a834751 18236 #ifndef NO_ECC_SECP
wolfSSL 11:cee25a834751 18237 case ECC_SECP521R1_OID:
wolfSSL 11:cee25a834751 18238 return WOLFSSL_ECC_SECP521R1;
wolfSSL 11:cee25a834751 18239 #endif /* !NO_ECC_SECP */
wolfSSL 11:cee25a834751 18240 #endif
wolfSSL 11:cee25a834751 18241 default:
wolfSSL 11:cee25a834751 18242 return 0;
wolfSSL 11:cee25a834751 18243 }
wolfSSL 11:cee25a834751 18244 }
wolfSSL 11:cee25a834751 18245
wolfSSL 11:cee25a834751 18246 #endif /* HAVE_ECC */
wolfSSL 11:cee25a834751 18247
wolfSSL 11:cee25a834751 18248 typedef struct SskeArgs {
wolfSSL 11:cee25a834751 18249 byte* output; /* not allocated */
wolfSSL 11:cee25a834751 18250 #if defined(HAVE_ECC) || (!defined(NO_DH) && !defined(NO_RSA))
wolfSSL 11:cee25a834751 18251 byte* sigDataBuf;
wolfSSL 11:cee25a834751 18252 #endif
wolfSSL 11:cee25a834751 18253 #if defined(HAVE_ECC)
wolfSSL 11:cee25a834751 18254 byte* exportBuf;
wolfSSL 11:cee25a834751 18255 #endif
wolfSSL 11:cee25a834751 18256 #ifndef NO_RSA
wolfSSL 11:cee25a834751 18257 byte* verifySig;
wolfSSL 11:cee25a834751 18258 #endif
wolfSSL 11:cee25a834751 18259 word32 idx;
wolfSSL 11:cee25a834751 18260 word32 tmpSigSz;
wolfSSL 11:cee25a834751 18261 word32 length;
wolfSSL 11:cee25a834751 18262 word32 sigSz;
wolfSSL 11:cee25a834751 18263 #if defined(HAVE_ECC) || (!defined(NO_DH) && !defined(NO_RSA))
wolfSSL 11:cee25a834751 18264 word32 sigDataSz;
wolfSSL 11:cee25a834751 18265 #endif
wolfSSL 11:cee25a834751 18266 #if defined(HAVE_ECC)
wolfSSL 11:cee25a834751 18267 word32 exportSz;
wolfSSL 11:cee25a834751 18268 #endif
wolfSSL 11:cee25a834751 18269 #ifdef HAVE_QSH
wolfSSL 11:cee25a834751 18270 word32 qshSz;
wolfSSL 11:cee25a834751 18271 #endif
wolfSSL 11:cee25a834751 18272 int sendSz;
wolfSSL 11:cee25a834751 18273 } SskeArgs;
wolfSSL 11:cee25a834751 18274
wolfSSL 11:cee25a834751 18275 static void FreeSskeArgs(WOLFSSL* ssl, void* pArgs)
wolfSSL 11:cee25a834751 18276 {
wolfSSL 11:cee25a834751 18277 SskeArgs* args = (SskeArgs*)pArgs;
wolfSSL 11:cee25a834751 18278
wolfSSL 11:cee25a834751 18279 (void)ssl;
wolfSSL 11:cee25a834751 18280
wolfSSL 11:cee25a834751 18281 #if defined(HAVE_ECC)
wolfSSL 11:cee25a834751 18282 if (args->exportBuf) {
wolfSSL 11:cee25a834751 18283 XFREE(args->exportBuf, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 18284 args->exportBuf = NULL;
wolfSSL 11:cee25a834751 18285 }
wolfSSL 11:cee25a834751 18286 #endif
wolfSSL 11:cee25a834751 18287 #if defined(HAVE_ECC) || (!defined(NO_DH) && !defined(NO_RSA))
wolfSSL 11:cee25a834751 18288 if (args->sigDataBuf) {
wolfSSL 11:cee25a834751 18289 XFREE(args->sigDataBuf, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 18290 args->sigDataBuf = NULL;
wolfSSL 11:cee25a834751 18291 }
wolfSSL 11:cee25a834751 18292 #endif
wolfSSL 11:cee25a834751 18293 #ifndef NO_RSA
wolfSSL 11:cee25a834751 18294 if (args->verifySig) {
wolfSSL 11:cee25a834751 18295 XFREE(args->verifySig, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 18296 args->verifySig = NULL;
wolfSSL 11:cee25a834751 18297 }
wolfSSL 11:cee25a834751 18298 #endif
wolfSSL 11:cee25a834751 18299 (void)args;
wolfSSL 11:cee25a834751 18300 }
wolfSSL 11:cee25a834751 18301
wolfSSL 11:cee25a834751 18302 int SendServerKeyExchange(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 18303 {
wolfSSL 11:cee25a834751 18304 int ret;
wolfSSL 11:cee25a834751 18305 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 11:cee25a834751 18306 SskeArgs* args = (SskeArgs*)ssl->async.args;
wolfSSL 11:cee25a834751 18307 typedef char args_test[sizeof(ssl->async.args) >= sizeof(*args) ? 1 : -1];
wolfSSL 11:cee25a834751 18308 (void)sizeof(args_test);
wolfSSL 11:cee25a834751 18309 #else
wolfSSL 11:cee25a834751 18310 SskeArgs args[1];
wolfSSL 11:cee25a834751 18311 #endif
wolfSSL 11:cee25a834751 18312
wolfSSL 11:cee25a834751 18313 WOLFSSL_ENTER("SendServerKeyExchange");
wolfSSL 11:cee25a834751 18314
wolfSSL 11:cee25a834751 18315 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 11:cee25a834751 18316 ret = wolfSSL_AsyncPop(ssl, &ssl->options.asyncState);
wolfSSL 11:cee25a834751 18317 if (ret != WC_NOT_PENDING_E) {
wolfSSL 11:cee25a834751 18318 /* Check for error */
wolfSSL 11:cee25a834751 18319 if (ret < 0)
wolfSSL 11:cee25a834751 18320 goto exit_sske;
wolfSSL 11:cee25a834751 18321 }
wolfSSL 11:cee25a834751 18322 else
wolfSSL 11:cee25a834751 18323 #endif
wolfSSL 11:cee25a834751 18324 {
wolfSSL 11:cee25a834751 18325 /* Reset state */
wolfSSL 11:cee25a834751 18326 ret = 0;
wolfSSL 11:cee25a834751 18327 ssl->options.asyncState = TLS_ASYNC_BEGIN;
wolfSSL 11:cee25a834751 18328 XMEMSET(args, 0, sizeof(SskeArgs));
wolfSSL 11:cee25a834751 18329 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 11:cee25a834751 18330 ssl->async.freeArgs = FreeSskeArgs;
wolfSSL 11:cee25a834751 18331 #endif
wolfSSL 11:cee25a834751 18332 }
wolfSSL 11:cee25a834751 18333
wolfSSL 11:cee25a834751 18334 switch(ssl->options.asyncState)
wolfSSL 11:cee25a834751 18335 {
wolfSSL 11:cee25a834751 18336 case TLS_ASYNC_BEGIN:
wolfSSL 11:cee25a834751 18337 {
wolfSSL 11:cee25a834751 18338 #ifdef HAVE_QSH
wolfSSL 11:cee25a834751 18339 if (ssl->peerQSHKeyPresent) {
wolfSSL 11:cee25a834751 18340 args->qshSz = QSH_KeyGetSize(ssl);
wolfSSL 11:cee25a834751 18341 }
wolfSSL 11:cee25a834751 18342 #endif
wolfSSL 11:cee25a834751 18343
wolfSSL 11:cee25a834751 18344 /* Do some checks / debug msgs */
wolfSSL 11:cee25a834751 18345 switch(ssl->specs.kea)
wolfSSL 11:cee25a834751 18346 {
wolfSSL 11:cee25a834751 18347 #if defined(HAVE_ECC) && !defined(NO_PSK)
wolfSSL 11:cee25a834751 18348 case ecdhe_psk_kea:
wolfSSL 11:cee25a834751 18349 {
wolfSSL 11:cee25a834751 18350 WOLFSSL_MSG("Using ephemeral ECDH PSK");
wolfSSL 11:cee25a834751 18351 break;
wolfSSL 11:cee25a834751 18352 }
wolfSSL 11:cee25a834751 18353 #endif /* HAVE_ECC && !NO_PSK */
wolfSSL 11:cee25a834751 18354 #ifdef HAVE_ECC
wolfSSL 11:cee25a834751 18355 case ecc_diffie_hellman_kea:
wolfSSL 11:cee25a834751 18356 {
wolfSSL 11:cee25a834751 18357 if (ssl->specs.static_ecdh) {
wolfSSL 11:cee25a834751 18358 WOLFSSL_MSG("Using Static ECDH, not sending ServerKeyExchange");
wolfSSL 11:cee25a834751 18359 ERROR_OUT(0, exit_sske);
wolfSSL 11:cee25a834751 18360 }
wolfSSL 11:cee25a834751 18361
wolfSSL 11:cee25a834751 18362 /* make sure private key exists */
wolfSSL 11:cee25a834751 18363 if (ssl->buffers.key == NULL ||
wolfSSL 11:cee25a834751 18364 ssl->buffers.key->buffer == NULL) {
wolfSSL 11:cee25a834751 18365 ERROR_OUT(NO_PRIVATE_KEY, exit_sske);
wolfSSL 11:cee25a834751 18366 }
wolfSSL 11:cee25a834751 18367
wolfSSL 11:cee25a834751 18368 WOLFSSL_MSG("Using ephemeral ECDH");
wolfSSL 11:cee25a834751 18369 break;
wolfSSL 11:cee25a834751 18370 }
wolfSSL 11:cee25a834751 18371 #endif /* HAVE_ECC */
wolfSSL 11:cee25a834751 18372 }
wolfSSL 11:cee25a834751 18373
wolfSSL 11:cee25a834751 18374 /* Preparing keys */
wolfSSL 11:cee25a834751 18375 switch(ssl->specs.kea)
wolfSSL 11:cee25a834751 18376 {
wolfSSL 11:cee25a834751 18377 #ifndef NO_PSK
wolfSSL 11:cee25a834751 18378 case psk_kea:
wolfSSL 11:cee25a834751 18379 {
wolfSSL 11:cee25a834751 18380 /* Nothing to do in this sub-state */
wolfSSL 11:cee25a834751 18381 break;
wolfSSL 11:cee25a834751 18382 }
wolfSSL 11:cee25a834751 18383 #endif /* !NO_PSK */
wolfSSL 11:cee25a834751 18384 #if !defined(NO_DH) && (!defined(NO_PSK) || !defined(NO_RSA))
wolfSSL 11:cee25a834751 18385 #if !defined(NO_PSK)
wolfSSL 11:cee25a834751 18386 case dhe_psk_kea:
wolfSSL 11:cee25a834751 18387 #endif
wolfSSL 11:cee25a834751 18388 #if !defined(NO_RSA)
wolfSSL 11:cee25a834751 18389 case diffie_hellman_kea:
wolfSSL 11:cee25a834751 18390 #endif
wolfSSL 11:cee25a834751 18391 {
wolfSSL 11:cee25a834751 18392 /* Allocate DH key buffers and generate key */
wolfSSL 11:cee25a834751 18393 if (ssl->buffers.serverDH_P.buffer == NULL ||
wolfSSL 11:cee25a834751 18394 ssl->buffers.serverDH_G.buffer == NULL) {
wolfSSL 11:cee25a834751 18395 ERROR_OUT(NO_DH_PARAMS, exit_sske);
wolfSSL 11:cee25a834751 18396 }
wolfSSL 11:cee25a834751 18397
wolfSSL 11:cee25a834751 18398 if (ssl->buffers.serverDH_Pub.buffer == NULL) {
wolfSSL 11:cee25a834751 18399 /* Free'd in SSL_ResourceFree and FreeHandshakeResources */
wolfSSL 11:cee25a834751 18400 ssl->buffers.serverDH_Pub.buffer = (byte*)XMALLOC(
wolfSSL 11:cee25a834751 18401 ssl->buffers.serverDH_P.length + OPAQUE16_LEN,
wolfSSL 11:cee25a834751 18402 ssl->heap, DYNAMIC_TYPE_DH_BUFFER);
wolfSSL 11:cee25a834751 18403 if (ssl->buffers.serverDH_Pub.buffer == NULL) {
wolfSSL 11:cee25a834751 18404 ERROR_OUT(MEMORY_E, exit_sske);
wolfSSL 11:cee25a834751 18405 }
wolfSSL 11:cee25a834751 18406 }
wolfSSL 11:cee25a834751 18407
wolfSSL 11:cee25a834751 18408 if (ssl->buffers.serverDH_Priv.buffer == NULL) {
wolfSSL 11:cee25a834751 18409 /* Free'd in SSL_ResourceFree and FreeHandshakeResources */
wolfSSL 11:cee25a834751 18410 ssl->buffers.serverDH_Priv.buffer = (byte*)XMALLOC(
wolfSSL 11:cee25a834751 18411 ssl->buffers.serverDH_P.length + OPAQUE16_LEN,
wolfSSL 11:cee25a834751 18412 ssl->heap, DYNAMIC_TYPE_DH_BUFFER);
wolfSSL 11:cee25a834751 18413 if (ssl->buffers.serverDH_Priv.buffer == NULL) {
wolfSSL 11:cee25a834751 18414 ERROR_OUT(MEMORY_E, exit_sske);
wolfSSL 11:cee25a834751 18415 }
wolfSSL 11:cee25a834751 18416 }
wolfSSL 11:cee25a834751 18417
wolfSSL 11:cee25a834751 18418 ssl->options.dhKeySz =
wolfSSL 11:cee25a834751 18419 (word16)ssl->buffers.serverDH_P.length;
wolfSSL 11:cee25a834751 18420
wolfSSL 11:cee25a834751 18421 ret = AllocKey(ssl, DYNAMIC_TYPE_DH,
wolfSSL 11:cee25a834751 18422 (void**)&ssl->buffers.serverDH_Key);
wolfSSL 11:cee25a834751 18423 if (ret != 0) {
wolfSSL 11:cee25a834751 18424 goto exit_sske;
wolfSSL 11:cee25a834751 18425 }
wolfSSL 11:cee25a834751 18426
wolfSSL 11:cee25a834751 18427 ret = wc_DhSetKey(ssl->buffers.serverDH_Key,
wolfSSL 11:cee25a834751 18428 ssl->buffers.serverDH_P.buffer,
wolfSSL 11:cee25a834751 18429 ssl->buffers.serverDH_P.length,
wolfSSL 11:cee25a834751 18430 ssl->buffers.serverDH_G.buffer,
wolfSSL 11:cee25a834751 18431 ssl->buffers.serverDH_G.length);
wolfSSL 11:cee25a834751 18432 if (ret != 0) {
wolfSSL 11:cee25a834751 18433 goto exit_sske;
wolfSSL 11:cee25a834751 18434 }
wolfSSL 11:cee25a834751 18435
wolfSSL 11:cee25a834751 18436 ret = DhGenKeyPair(ssl, ssl->buffers.serverDH_Key,
wolfSSL 11:cee25a834751 18437 ssl->buffers.serverDH_Priv.buffer,
wolfSSL 11:cee25a834751 18438 &ssl->buffers.serverDH_Priv.length,
wolfSSL 11:cee25a834751 18439 ssl->buffers.serverDH_Pub.buffer,
wolfSSL 11:cee25a834751 18440 &ssl->buffers.serverDH_Pub.length);
wolfSSL 11:cee25a834751 18441 break;
wolfSSL 11:cee25a834751 18442 }
wolfSSL 11:cee25a834751 18443 #endif /* !NO_DH && (!NO_PSK || !NO_RSA) */
wolfSSL 11:cee25a834751 18444 #if defined(HAVE_ECC) && !defined(NO_PSK)
wolfSSL 11:cee25a834751 18445 case ecdhe_psk_kea:
wolfSSL 11:cee25a834751 18446 /* Fall through to create temp ECC key */
wolfSSL 11:cee25a834751 18447 #endif /* HAVE_ECC && !NO_PSK */
wolfSSL 11:cee25a834751 18448 #ifdef HAVE_ECC
wolfSSL 11:cee25a834751 18449 case ecc_diffie_hellman_kea:
wolfSSL 11:cee25a834751 18450 {
wolfSSL 11:cee25a834751 18451 /* need ephemeral key now, create it if missing */
wolfSSL 11:cee25a834751 18452 if (ssl->eccTempKey == NULL) {
wolfSSL 11:cee25a834751 18453 /* alloc/init on demand */
wolfSSL 11:cee25a834751 18454 ret = AllocKey(ssl, DYNAMIC_TYPE_ECC,
wolfSSL 11:cee25a834751 18455 (void**)&ssl->eccTempKey);
wolfSSL 11:cee25a834751 18456 if (ret != 0) {
wolfSSL 11:cee25a834751 18457 goto exit_sske;
wolfSSL 11:cee25a834751 18458 }
wolfSSL 11:cee25a834751 18459 }
wolfSSL 11:cee25a834751 18460
wolfSSL 11:cee25a834751 18461 if (ssl->eccTempKeyPresent == 0) {
wolfSSL 11:cee25a834751 18462 /* TODO: Need to first do wc_EccPrivateKeyDecode,
wolfSSL 11:cee25a834751 18463 then we know curve dp */
wolfSSL 11:cee25a834751 18464 ret = EccMakeKey(ssl, ssl->eccTempKey, NULL);
wolfSSL 11:cee25a834751 18465 if (ret == 0 || ret == WC_PENDING_E) {
wolfSSL 11:cee25a834751 18466 ssl->eccTempKeyPresent = 1;
wolfSSL 11:cee25a834751 18467 }
wolfSSL 11:cee25a834751 18468 }
wolfSSL 11:cee25a834751 18469 break;
wolfSSL 11:cee25a834751 18470 }
wolfSSL 11:cee25a834751 18471 #endif /* HAVE_ECC */
wolfSSL 11:cee25a834751 18472 default:
wolfSSL 11:cee25a834751 18473 /* Skip ServerKeyExchange */
wolfSSL 11:cee25a834751 18474 goto exit_sske;
wolfSSL 11:cee25a834751 18475 } /* switch(ssl->specs.kea) */
wolfSSL 11:cee25a834751 18476
wolfSSL 11:cee25a834751 18477 /* Check for error */
wolfSSL 11:cee25a834751 18478 if (ret != 0) {
wolfSSL 11:cee25a834751 18479 goto exit_sske;
wolfSSL 11:cee25a834751 18480 }
wolfSSL 11:cee25a834751 18481
wolfSSL 11:cee25a834751 18482 /* Advance state and proceed */
wolfSSL 11:cee25a834751 18483 ssl->options.asyncState = TLS_ASYNC_BUILD;
wolfSSL 11:cee25a834751 18484 } /* case TLS_ASYNC_BEGIN */
wolfSSL 11:cee25a834751 18485
wolfSSL 11:cee25a834751 18486 case TLS_ASYNC_BUILD:
wolfSSL 11:cee25a834751 18487 {
wolfSSL 11:cee25a834751 18488 #if (!defined(NO_DH) && !defined(NO_RSA)) || defined(HAVE_ECC)
wolfSSL 11:cee25a834751 18489 word32 preSigSz, preSigIdx;
wolfSSL 11:cee25a834751 18490 #endif
wolfSSL 11:cee25a834751 18491
wolfSSL 11:cee25a834751 18492 switch(ssl->specs.kea)
wolfSSL 11:cee25a834751 18493 {
wolfSSL 11:cee25a834751 18494 #ifndef NO_PSK
wolfSSL 11:cee25a834751 18495 case psk_kea:
wolfSSL 11:cee25a834751 18496 {
wolfSSL 11:cee25a834751 18497 args->idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
wolfSSL 11:cee25a834751 18498
wolfSSL 11:cee25a834751 18499 if (ssl->arrays->server_hint[0] == 0) {
wolfSSL 11:cee25a834751 18500 ERROR_OUT(0, exit_sske); /* don't send */
wolfSSL 11:cee25a834751 18501 }
wolfSSL 11:cee25a834751 18502
wolfSSL 11:cee25a834751 18503 /* include size part */
wolfSSL 11:cee25a834751 18504 args->length = (word32)XSTRLEN(ssl->arrays->server_hint);
wolfSSL 11:cee25a834751 18505 if (args->length > MAX_PSK_ID_LEN) {
wolfSSL 11:cee25a834751 18506 ERROR_OUT(SERVER_HINT_ERROR, exit_sske);
wolfSSL 11:cee25a834751 18507 }
wolfSSL 11:cee25a834751 18508
wolfSSL 11:cee25a834751 18509 args->length += HINT_LEN_SZ;
wolfSSL 11:cee25a834751 18510 args->sendSz = args->length + HANDSHAKE_HEADER_SZ +
wolfSSL 11:cee25a834751 18511 RECORD_HEADER_SZ;
wolfSSL 11:cee25a834751 18512
wolfSSL 11:cee25a834751 18513 #ifdef HAVE_QSH
wolfSSL 11:cee25a834751 18514 args->length += args->qshSz;
wolfSSL 11:cee25a834751 18515 args->sendSz += args->qshSz;
wolfSSL 11:cee25a834751 18516 #endif
wolfSSL 11:cee25a834751 18517
wolfSSL 11:cee25a834751 18518 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 18519 if (ssl->options.dtls) {
wolfSSL 11:cee25a834751 18520 args->sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL 11:cee25a834751 18521 args->idx += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL 11:cee25a834751 18522 }
wolfSSL 11:cee25a834751 18523 #endif
wolfSSL 11:cee25a834751 18524 /* check for available size */
wolfSSL 11:cee25a834751 18525 if ((ret = CheckAvailableSize(ssl, args->sendSz)) != 0) {
wolfSSL 11:cee25a834751 18526 goto exit_sske;
wolfSSL 11:cee25a834751 18527 }
wolfSSL 11:cee25a834751 18528
wolfSSL 11:cee25a834751 18529 /* get ouput buffer */
wolfSSL 11:cee25a834751 18530 args->output = ssl->buffers.outputBuffer.buffer +
wolfSSL 11:cee25a834751 18531 ssl->buffers.outputBuffer.length;
wolfSSL 11:cee25a834751 18532
wolfSSL 11:cee25a834751 18533 AddHeaders(args->output, args->length,
wolfSSL 11:cee25a834751 18534 server_key_exchange, ssl);
wolfSSL 11:cee25a834751 18535
wolfSSL 11:cee25a834751 18536 /* key data */
wolfSSL 11:cee25a834751 18537 #ifdef HAVE_QSH
wolfSSL 11:cee25a834751 18538 c16toa((word16)(args->length - args->qshSz -
wolfSSL 11:cee25a834751 18539 HINT_LEN_SZ), args->output + args->idx);
wolfSSL 11:cee25a834751 18540 #else
wolfSSL 11:cee25a834751 18541 c16toa((word16)(args->length - HINT_LEN_SZ),
wolfSSL 11:cee25a834751 18542 args->output + args->idx);
wolfSSL 11:cee25a834751 18543 #endif
wolfSSL 11:cee25a834751 18544
wolfSSL 11:cee25a834751 18545 args->idx += HINT_LEN_SZ;
wolfSSL 11:cee25a834751 18546 XMEMCPY(args->output + args->idx,
wolfSSL 11:cee25a834751 18547 ssl->arrays->server_hint,
wolfSSL 11:cee25a834751 18548 args->length - HINT_LEN_SZ);
wolfSSL 11:cee25a834751 18549 break;
wolfSSL 11:cee25a834751 18550 }
wolfSSL 11:cee25a834751 18551 #endif /* !NO_PSK */
wolfSSL 11:cee25a834751 18552 #if !defined(NO_DH) && !defined(NO_PSK)
wolfSSL 11:cee25a834751 18553 case dhe_psk_kea:
wolfSSL 11:cee25a834751 18554 {
wolfSSL 11:cee25a834751 18555 word32 hintLen;
wolfSSL 11:cee25a834751 18556
wolfSSL 11:cee25a834751 18557 args->idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
wolfSSL 11:cee25a834751 18558 args->length = LENGTH_SZ * 3 + /* p, g, pub */
wolfSSL 11:cee25a834751 18559 ssl->buffers.serverDH_P.length +
wolfSSL 11:cee25a834751 18560 ssl->buffers.serverDH_G.length +
wolfSSL 11:cee25a834751 18561 ssl->buffers.serverDH_Pub.length;
wolfSSL 11:cee25a834751 18562
wolfSSL 11:cee25a834751 18563 /* include size part */
wolfSSL 11:cee25a834751 18564 hintLen = (word32)XSTRLEN(ssl->arrays->server_hint);
wolfSSL 11:cee25a834751 18565 if (hintLen > MAX_PSK_ID_LEN) {
wolfSSL 11:cee25a834751 18566 ERROR_OUT(SERVER_HINT_ERROR, exit_sske);
wolfSSL 11:cee25a834751 18567 }
wolfSSL 11:cee25a834751 18568 args->length += hintLen + HINT_LEN_SZ;
wolfSSL 11:cee25a834751 18569 args->sendSz = args->length + HANDSHAKE_HEADER_SZ +
wolfSSL 11:cee25a834751 18570 RECORD_HEADER_SZ;
wolfSSL 11:cee25a834751 18571
wolfSSL 11:cee25a834751 18572 #ifdef HAVE_QSH
wolfSSL 11:cee25a834751 18573 args->length += args->qshSz;
wolfSSL 11:cee25a834751 18574 args->sendSz += args->qshSz;
wolfSSL 11:cee25a834751 18575 #endif
wolfSSL 11:cee25a834751 18576 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 18577 if (ssl->options.dtls) {
wolfSSL 11:cee25a834751 18578 args->sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL 11:cee25a834751 18579 args->idx += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL 11:cee25a834751 18580 }
wolfSSL 11:cee25a834751 18581 #endif
wolfSSL 11:cee25a834751 18582
wolfSSL 11:cee25a834751 18583 /* check for available size */
wolfSSL 11:cee25a834751 18584 if ((ret = CheckAvailableSize(ssl, args->sendSz)) != 0) {
wolfSSL 11:cee25a834751 18585 goto exit_sske;
wolfSSL 11:cee25a834751 18586 }
wolfSSL 11:cee25a834751 18587
wolfSSL 11:cee25a834751 18588 /* get ouput buffer */
wolfSSL 11:cee25a834751 18589 args->output = ssl->buffers.outputBuffer.buffer +
wolfSSL 11:cee25a834751 18590 ssl->buffers.outputBuffer.length;
wolfSSL 11:cee25a834751 18591
wolfSSL 11:cee25a834751 18592 AddHeaders(args->output, args->length,
wolfSSL 11:cee25a834751 18593 server_key_exchange, ssl);
wolfSSL 11:cee25a834751 18594
wolfSSL 11:cee25a834751 18595 /* key data */
wolfSSL 11:cee25a834751 18596 c16toa((word16)hintLen, args->output + args->idx);
wolfSSL 11:cee25a834751 18597 args->idx += HINT_LEN_SZ;
wolfSSL 11:cee25a834751 18598 XMEMCPY(args->output + args->idx,
wolfSSL 11:cee25a834751 18599 ssl->arrays->server_hint, hintLen);
wolfSSL 11:cee25a834751 18600 args->idx += hintLen;
wolfSSL 11:cee25a834751 18601
wolfSSL 11:cee25a834751 18602 /* add p, g, pub */
wolfSSL 11:cee25a834751 18603 c16toa((word16)ssl->buffers.serverDH_P.length,
wolfSSL 11:cee25a834751 18604 args->output + args->idx);
wolfSSL 11:cee25a834751 18605 args->idx += LENGTH_SZ;
wolfSSL 11:cee25a834751 18606 XMEMCPY(args->output + args->idx,
wolfSSL 11:cee25a834751 18607 ssl->buffers.serverDH_P.buffer,
wolfSSL 11:cee25a834751 18608 ssl->buffers.serverDH_P.length);
wolfSSL 11:cee25a834751 18609 args->idx += ssl->buffers.serverDH_P.length;
wolfSSL 11:cee25a834751 18610
wolfSSL 11:cee25a834751 18611 /* g */
wolfSSL 11:cee25a834751 18612 c16toa((word16)ssl->buffers.serverDH_G.length,
wolfSSL 11:cee25a834751 18613 args->output + args->idx);
wolfSSL 11:cee25a834751 18614 args->idx += LENGTH_SZ;
wolfSSL 11:cee25a834751 18615 XMEMCPY(args->output + args->idx,
wolfSSL 11:cee25a834751 18616 ssl->buffers.serverDH_G.buffer,
wolfSSL 11:cee25a834751 18617 ssl->buffers.serverDH_G.length);
wolfSSL 11:cee25a834751 18618 args->idx += ssl->buffers.serverDH_G.length;
wolfSSL 11:cee25a834751 18619
wolfSSL 11:cee25a834751 18620 /* pub */
wolfSSL 11:cee25a834751 18621 c16toa((word16)ssl->buffers.serverDH_Pub.length,
wolfSSL 11:cee25a834751 18622 args->output + args->idx);
wolfSSL 11:cee25a834751 18623 args->idx += LENGTH_SZ;
wolfSSL 11:cee25a834751 18624 XMEMCPY(args->output + args->idx,
wolfSSL 11:cee25a834751 18625 ssl->buffers.serverDH_Pub.buffer,
wolfSSL 11:cee25a834751 18626 ssl->buffers.serverDH_Pub.length);
wolfSSL 11:cee25a834751 18627 /* No need to update idx, since sizes are already set */
wolfSSL 11:cee25a834751 18628 /* args->idx += ssl->buffers.serverDH_Pub.length; */
wolfSSL 11:cee25a834751 18629 break;
wolfSSL 11:cee25a834751 18630 }
wolfSSL 11:cee25a834751 18631 #endif /* !defined(NO_DH) && !defined(NO_PSK) */
wolfSSL 11:cee25a834751 18632 #if defined(HAVE_ECC) && !defined(NO_PSK)
wolfSSL 11:cee25a834751 18633 case ecdhe_psk_kea:
wolfSSL 11:cee25a834751 18634 {
wolfSSL 11:cee25a834751 18635 word32 hintLen;
wolfSSL 11:cee25a834751 18636
wolfSSL 11:cee25a834751 18637 /* curve type, named curve, length(1) */
wolfSSL 11:cee25a834751 18638 args->idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
wolfSSL 11:cee25a834751 18639 args->length = ENUM_LEN + CURVE_LEN + ENUM_LEN;
wolfSSL 11:cee25a834751 18640
wolfSSL 11:cee25a834751 18641 args->exportSz = MAX_EXPORT_ECC_SZ;
wolfSSL 11:cee25a834751 18642 args->exportBuf = (byte*)XMALLOC(args->exportSz,
wolfSSL 11:cee25a834751 18643 ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 18644 if (args->exportBuf == NULL) {
wolfSSL 11:cee25a834751 18645 ERROR_OUT(MEMORY_E, exit_sske);
wolfSSL 11:cee25a834751 18646 }
wolfSSL 11:cee25a834751 18647 if (wc_ecc_export_x963(ssl->eccTempKey, args->exportBuf,
wolfSSL 11:cee25a834751 18648 &args->exportSz) != 0) {
wolfSSL 11:cee25a834751 18649 ERROR_OUT(ECC_EXPORT_ERROR, exit_sske);
wolfSSL 11:cee25a834751 18650 }
wolfSSL 11:cee25a834751 18651 args->length += args->exportSz;
wolfSSL 11:cee25a834751 18652
wolfSSL 11:cee25a834751 18653 /* include size part */
wolfSSL 11:cee25a834751 18654 hintLen = (word32)XSTRLEN(ssl->arrays->server_hint);
wolfSSL 11:cee25a834751 18655 if (hintLen > MAX_PSK_ID_LEN) {
wolfSSL 11:cee25a834751 18656 ERROR_OUT(SERVER_HINT_ERROR, exit_sske);
wolfSSL 11:cee25a834751 18657 }
wolfSSL 11:cee25a834751 18658 args->length += hintLen + HINT_LEN_SZ;
wolfSSL 11:cee25a834751 18659 args->sendSz = args->length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ;
wolfSSL 11:cee25a834751 18660
wolfSSL 11:cee25a834751 18661 #ifdef HAVE_QSH
wolfSSL 11:cee25a834751 18662 args->length += args->qshSz;
wolfSSL 11:cee25a834751 18663 args->sendSz += args->qshSz;
wolfSSL 11:cee25a834751 18664 #endif
wolfSSL 11:cee25a834751 18665 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 18666 if (ssl->options.dtls) {
wolfSSL 11:cee25a834751 18667 args->sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL 11:cee25a834751 18668 args->idx += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL 11:cee25a834751 18669 }
wolfSSL 11:cee25a834751 18670 #endif
wolfSSL 11:cee25a834751 18671 /* check for available size */
wolfSSL 11:cee25a834751 18672 if ((ret = CheckAvailableSize(ssl, args->sendSz)) != 0) {
wolfSSL 11:cee25a834751 18673 goto exit_sske;
wolfSSL 11:cee25a834751 18674 }
wolfSSL 11:cee25a834751 18675
wolfSSL 11:cee25a834751 18676 /* get output buffer */
wolfSSL 11:cee25a834751 18677 args->output = ssl->buffers.outputBuffer.buffer +
wolfSSL 11:cee25a834751 18678 ssl->buffers.outputBuffer.length;
wolfSSL 11:cee25a834751 18679
wolfSSL 11:cee25a834751 18680 /* key data */
wolfSSL 11:cee25a834751 18681 c16toa((word16)hintLen, args->output + args->idx);
wolfSSL 11:cee25a834751 18682 args->idx += HINT_LEN_SZ;
wolfSSL 11:cee25a834751 18683 XMEMCPY(args->output + args->idx,
wolfSSL 11:cee25a834751 18684 ssl->arrays->server_hint, hintLen);
wolfSSL 11:cee25a834751 18685 args->idx += hintLen;
wolfSSL 11:cee25a834751 18686
wolfSSL 11:cee25a834751 18687 /* ECC key exchange data */
wolfSSL 11:cee25a834751 18688 args->output[args->idx++] = named_curve;
wolfSSL 11:cee25a834751 18689 args->output[args->idx++] = 0x00; /* leading zero */
wolfSSL 11:cee25a834751 18690 args->output[args->idx++] = SetCurveId(ssl->eccTempKey);
wolfSSL 11:cee25a834751 18691 args->output[args->idx++] = (byte)args->exportSz;
wolfSSL 11:cee25a834751 18692 XMEMCPY(args->output + args->idx, args->exportBuf,
wolfSSL 11:cee25a834751 18693 args->exportSz);
wolfSSL 11:cee25a834751 18694 break;
wolfSSL 11:cee25a834751 18695 }
wolfSSL 11:cee25a834751 18696 #endif /* HAVE_ECC && !NO_PSK */
wolfSSL 11:cee25a834751 18697 #ifdef HAVE_ECC
wolfSSL 11:cee25a834751 18698 case ecc_diffie_hellman_kea:
wolfSSL 11:cee25a834751 18699 {
wolfSSL 11:cee25a834751 18700 enum wc_HashType hashType = WC_HASH_TYPE_NONE;
wolfSSL 11:cee25a834751 18701
wolfSSL 11:cee25a834751 18702 /* curve type, named curve, length(1) */
wolfSSL 11:cee25a834751 18703 args->idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
wolfSSL 11:cee25a834751 18704 args->length = ENUM_LEN + CURVE_LEN + ENUM_LEN;
wolfSSL 11:cee25a834751 18705
wolfSSL 11:cee25a834751 18706 /* Export temp ECC key and add to length */
wolfSSL 11:cee25a834751 18707 args->exportSz = MAX_EXPORT_ECC_SZ;
wolfSSL 11:cee25a834751 18708 args->exportBuf = (byte*)XMALLOC(args->exportSz,
wolfSSL 11:cee25a834751 18709 ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 18710 if (args->exportBuf == NULL) {
wolfSSL 11:cee25a834751 18711 ERROR_OUT(MEMORY_E, exit_sske);
wolfSSL 11:cee25a834751 18712 }
wolfSSL 11:cee25a834751 18713 if (wc_ecc_export_x963(ssl->eccTempKey, args->exportBuf,
wolfSSL 11:cee25a834751 18714 &args->exportSz) != 0) {
wolfSSL 11:cee25a834751 18715 ERROR_OUT(ECC_EXPORT_ERROR, exit_sske);
wolfSSL 11:cee25a834751 18716 }
wolfSSL 11:cee25a834751 18717 args->length += args->exportSz;
wolfSSL 11:cee25a834751 18718
wolfSSL 11:cee25a834751 18719 preSigSz = args->length;
wolfSSL 11:cee25a834751 18720 preSigIdx = args->idx;
wolfSSL 11:cee25a834751 18721
wolfSSL 11:cee25a834751 18722 switch(ssl->specs.sig_algo)
wolfSSL 11:cee25a834751 18723 {
wolfSSL 11:cee25a834751 18724 #ifndef NO_RSA
wolfSSL 11:cee25a834751 18725 case rsa_sa_algo:
wolfSSL 11:cee25a834751 18726 {
wolfSSL 11:cee25a834751 18727 word32 i = 0;
wolfSSL 11:cee25a834751 18728 int keySz;
wolfSSL 11:cee25a834751 18729
wolfSSL 11:cee25a834751 18730 ssl->hsType = DYNAMIC_TYPE_RSA;
wolfSSL 11:cee25a834751 18731 ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey);
wolfSSL 11:cee25a834751 18732 if (ret != 0) {
wolfSSL 11:cee25a834751 18733 goto exit_sske;
wolfSSL 11:cee25a834751 18734 }
wolfSSL 11:cee25a834751 18735
wolfSSL 11:cee25a834751 18736 ret = wc_RsaPrivateKeyDecode(
wolfSSL 11:cee25a834751 18737 ssl->buffers.key->buffer,
wolfSSL 11:cee25a834751 18738 &i,
wolfSSL 11:cee25a834751 18739 (RsaKey*)ssl->hsKey,
wolfSSL 11:cee25a834751 18740 ssl->buffers.key->length);
wolfSSL 11:cee25a834751 18741 if (ret != 0) {
wolfSSL 11:cee25a834751 18742 goto exit_sske;
wolfSSL 11:cee25a834751 18743 }
wolfSSL 11:cee25a834751 18744 keySz = wc_RsaEncryptSize((RsaKey*)ssl->hsKey);
wolfSSL 11:cee25a834751 18745 if (keySz < 0) { /* test if keySz has error */
wolfSSL 11:cee25a834751 18746 ERROR_OUT(keySz, exit_sske);
wolfSSL 11:cee25a834751 18747 }
wolfSSL 11:cee25a834751 18748
wolfSSL 11:cee25a834751 18749 args->tmpSigSz = (word32)keySz;
wolfSSL 11:cee25a834751 18750 if (keySz < ssl->options.minRsaKeySz) {
wolfSSL 11:cee25a834751 18751 WOLFSSL_MSG("RSA signature key size too small");
wolfSSL 11:cee25a834751 18752 ERROR_OUT(RSA_KEY_SIZE_E, exit_sske);
wolfSSL 11:cee25a834751 18753 }
wolfSSL 11:cee25a834751 18754 break;
wolfSSL 11:cee25a834751 18755 }
wolfSSL 11:cee25a834751 18756 #endif /* !NO_RSA */
wolfSSL 11:cee25a834751 18757 case ecc_dsa_sa_algo:
wolfSSL 11:cee25a834751 18758 {
wolfSSL 11:cee25a834751 18759 word32 i = 0;
wolfSSL 11:cee25a834751 18760
wolfSSL 11:cee25a834751 18761 ssl->hsType = DYNAMIC_TYPE_ECC;
wolfSSL 11:cee25a834751 18762 ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey);
wolfSSL 11:cee25a834751 18763 if (ret != 0) {
wolfSSL 11:cee25a834751 18764 goto exit_sske;
wolfSSL 11:cee25a834751 18765 }
wolfSSL 11:cee25a834751 18766
wolfSSL 11:cee25a834751 18767 ret = wc_EccPrivateKeyDecode(
wolfSSL 11:cee25a834751 18768 ssl->buffers.key->buffer,
wolfSSL 11:cee25a834751 18769 &i,
wolfSSL 11:cee25a834751 18770 (ecc_key*)ssl->hsKey,
wolfSSL 11:cee25a834751 18771 ssl->buffers.key->length);
wolfSSL 11:cee25a834751 18772 if (ret != 0) {
wolfSSL 11:cee25a834751 18773 goto exit_sske;
wolfSSL 11:cee25a834751 18774 }
wolfSSL 11:cee25a834751 18775 /* worst case estimate */
wolfSSL 11:cee25a834751 18776 args->tmpSigSz = wc_ecc_sig_size(
wolfSSL 11:cee25a834751 18777 (ecc_key*)ssl->hsKey);
wolfSSL 11:cee25a834751 18778
wolfSSL 11:cee25a834751 18779 /* check the minimum ECC key size */
wolfSSL 11:cee25a834751 18780 if (wc_ecc_size((ecc_key*)ssl->hsKey) <
wolfSSL 11:cee25a834751 18781 ssl->options.minEccKeySz) {
wolfSSL 11:cee25a834751 18782 WOLFSSL_MSG("ECC key size too small");
wolfSSL 11:cee25a834751 18783 ret = ECC_KEY_SIZE_E;
wolfSSL 11:cee25a834751 18784 goto exit_sske;
wolfSSL 11:cee25a834751 18785 }
wolfSSL 11:cee25a834751 18786 break;
wolfSSL 11:cee25a834751 18787 }
wolfSSL 11:cee25a834751 18788 default:
wolfSSL 11:cee25a834751 18789 ERROR_OUT(ALGO_ID_E, exit_sske); /* unsupported type */
wolfSSL 11:cee25a834751 18790 } /* switch(ssl->specs.sig_algo) */
wolfSSL 11:cee25a834751 18791
wolfSSL 11:cee25a834751 18792 /* sig length */
wolfSSL 11:cee25a834751 18793 args->length += LENGTH_SZ;
wolfSSL 11:cee25a834751 18794 args->length += args->tmpSigSz;
wolfSSL 11:cee25a834751 18795
wolfSSL 11:cee25a834751 18796 if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL 11:cee25a834751 18797 args->length += HASH_SIG_SIZE;
wolfSSL 11:cee25a834751 18798 }
wolfSSL 11:cee25a834751 18799
wolfSSL 11:cee25a834751 18800 args->sendSz = args->length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ;
wolfSSL 11:cee25a834751 18801
wolfSSL 11:cee25a834751 18802 #ifdef HAVE_QSH
wolfSSL 11:cee25a834751 18803 args->length += args->qshSz;
wolfSSL 11:cee25a834751 18804 args->sendSz += args->qshSz;
wolfSSL 11:cee25a834751 18805 #endif
wolfSSL 11:cee25a834751 18806 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 18807 if (ssl->options.dtls) {
wolfSSL 11:cee25a834751 18808 args->sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL 11:cee25a834751 18809 args->idx += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL 11:cee25a834751 18810 preSigIdx = args->idx;
wolfSSL 11:cee25a834751 18811 }
wolfSSL 11:cee25a834751 18812 #endif
wolfSSL 11:cee25a834751 18813 /* check for available size */
wolfSSL 11:cee25a834751 18814 if ((ret = CheckAvailableSize(ssl, args->sendSz)) != 0) {
wolfSSL 11:cee25a834751 18815 goto exit_sske;
wolfSSL 11:cee25a834751 18816 }
wolfSSL 11:cee25a834751 18817
wolfSSL 11:cee25a834751 18818 /* get ouput buffer */
wolfSSL 11:cee25a834751 18819 args->output = ssl->buffers.outputBuffer.buffer +
wolfSSL 11:cee25a834751 18820 ssl->buffers.outputBuffer.length;
wolfSSL 11:cee25a834751 18821
wolfSSL 11:cee25a834751 18822 /* record and message headers will be added below, when we're sure
wolfSSL 11:cee25a834751 18823 of the sig length */
wolfSSL 11:cee25a834751 18824
wolfSSL 11:cee25a834751 18825 /* key exchange data */
wolfSSL 11:cee25a834751 18826 args->output[args->idx++] = named_curve;
wolfSSL 11:cee25a834751 18827 args->output[args->idx++] = 0x00; /* leading zero */
wolfSSL 11:cee25a834751 18828 args->output[args->idx++] = SetCurveId(ssl->eccTempKey);
wolfSSL 11:cee25a834751 18829 args->output[args->idx++] = (byte)args->exportSz;
wolfSSL 11:cee25a834751 18830 XMEMCPY(args->output + args->idx, args->exportBuf, args->exportSz);
wolfSSL 11:cee25a834751 18831 args->idx += args->exportSz;
wolfSSL 11:cee25a834751 18832
wolfSSL 11:cee25a834751 18833 /* Determine hash type */
wolfSSL 11:cee25a834751 18834 if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL 11:cee25a834751 18835 args->output[args->idx++] = ssl->suites->hashAlgo;
wolfSSL 11:cee25a834751 18836 args->output[args->idx++] = ssl->suites->sigAlgo;
wolfSSL 11:cee25a834751 18837
wolfSSL 11:cee25a834751 18838 switch (ssl->suites->hashAlgo) {
wolfSSL 11:cee25a834751 18839 case sha512_mac:
wolfSSL 11:cee25a834751 18840 #ifdef WOLFSSL_SHA512
wolfSSL 11:cee25a834751 18841 hashType = WC_HASH_TYPE_SHA512;
wolfSSL 11:cee25a834751 18842 #endif
wolfSSL 11:cee25a834751 18843 break;
wolfSSL 11:cee25a834751 18844 case sha384_mac:
wolfSSL 11:cee25a834751 18845 #ifdef WOLFSSL_SHA384
wolfSSL 11:cee25a834751 18846 hashType = WC_HASH_TYPE_SHA384;
wolfSSL 11:cee25a834751 18847 #endif
wolfSSL 11:cee25a834751 18848 break;
wolfSSL 11:cee25a834751 18849 case sha256_mac:
wolfSSL 11:cee25a834751 18850 #ifndef NO_SHA256
wolfSSL 11:cee25a834751 18851 hashType = WC_HASH_TYPE_SHA256;
wolfSSL 11:cee25a834751 18852 #endif
wolfSSL 11:cee25a834751 18853 break;
wolfSSL 11:cee25a834751 18854 case sha_mac:
wolfSSL 11:cee25a834751 18855 #if !defined(NO_SHA) && \
wolfSSL 11:cee25a834751 18856 (!defined(NO_OLD_TLS) || \
wolfSSL 11:cee25a834751 18857 defined(WOLFSSL_ALLOW_TLS_SHA1))
wolfSSL 11:cee25a834751 18858 hashType = WC_HASH_TYPE_SHA;
wolfSSL 11:cee25a834751 18859 #endif
wolfSSL 11:cee25a834751 18860 break;
wolfSSL 11:cee25a834751 18861 default:
wolfSSL 11:cee25a834751 18862 WOLFSSL_MSG("Bad hash sig algo");
wolfSSL 11:cee25a834751 18863 break;
wolfSSL 11:cee25a834751 18864 }
wolfSSL 11:cee25a834751 18865
wolfSSL 11:cee25a834751 18866 if (hashType == WC_HASH_TYPE_NONE) {
wolfSSL 11:cee25a834751 18867 ERROR_OUT(ALGO_ID_E, exit_sske);
wolfSSL 11:cee25a834751 18868 }
wolfSSL 11:cee25a834751 18869
wolfSSL 11:cee25a834751 18870 } else {
wolfSSL 11:cee25a834751 18871 /* only using sha and md5 for rsa */
wolfSSL 11:cee25a834751 18872 #ifndef NO_OLD_TLS
wolfSSL 11:cee25a834751 18873 hashType = WC_HASH_TYPE_SHA;
wolfSSL 11:cee25a834751 18874 if (ssl->suites->sigAlgo == rsa_sa_algo) {
wolfSSL 11:cee25a834751 18875 hashType = WC_HASH_TYPE_MD5_SHA;
wolfSSL 11:cee25a834751 18876 }
wolfSSL 11:cee25a834751 18877 #else
wolfSSL 11:cee25a834751 18878 ERROR_OUT(ALGO_ID_E, exit_sske);
wolfSSL 11:cee25a834751 18879 #endif
wolfSSL 11:cee25a834751 18880 }
wolfSSL 11:cee25a834751 18881
wolfSSL 11:cee25a834751 18882 /* Signtaure length will be written later, when we're sure what it is */
wolfSSL 11:cee25a834751 18883
wolfSSL 11:cee25a834751 18884 #ifdef HAVE_FUZZER
wolfSSL 11:cee25a834751 18885 if (ssl->fuzzerCb) {
wolfSSL 11:cee25a834751 18886 ssl->fuzzerCb(ssl, args->output + preSigIdx,
wolfSSL 11:cee25a834751 18887 preSigSz, FUZZ_SIGNATURE, ssl->fuzzerCtx);
wolfSSL 11:cee25a834751 18888 }
wolfSSL 11:cee25a834751 18889 #endif
wolfSSL 11:cee25a834751 18890
wolfSSL 11:cee25a834751 18891 /* Assemble buffer to hash for signature */
wolfSSL 11:cee25a834751 18892 args->sigDataSz = RAN_LEN + RAN_LEN + preSigSz;
wolfSSL 11:cee25a834751 18893 args->sigDataBuf = (byte*)XMALLOC(args->sigDataSz,
wolfSSL 11:cee25a834751 18894 ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 18895 if (args->sigDataBuf == NULL) {
wolfSSL 11:cee25a834751 18896 ERROR_OUT(MEMORY_E, exit_sske);
wolfSSL 11:cee25a834751 18897 }
wolfSSL 11:cee25a834751 18898 XMEMCPY(args->sigDataBuf, ssl->arrays->clientRandom,
wolfSSL 11:cee25a834751 18899 RAN_LEN);
wolfSSL 11:cee25a834751 18900 XMEMCPY(args->sigDataBuf+RAN_LEN,
wolfSSL 11:cee25a834751 18901 ssl->arrays->serverRandom, RAN_LEN);
wolfSSL 11:cee25a834751 18902 XMEMCPY(args->sigDataBuf+RAN_LEN+RAN_LEN,
wolfSSL 11:cee25a834751 18903 args->output + preSigIdx, preSigSz);
wolfSSL 11:cee25a834751 18904
wolfSSL 11:cee25a834751 18905 ssl->buffers.sig.length = wc_HashGetDigestSize(hashType);
wolfSSL 11:cee25a834751 18906 ssl->buffers.sig.buffer = (byte*)XMALLOC(
wolfSSL 11:cee25a834751 18907 ssl->buffers.sig.length,
wolfSSL 11:cee25a834751 18908 ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 18909 if (ssl->buffers.sig.buffer == NULL) {
wolfSSL 11:cee25a834751 18910 ERROR_OUT(MEMORY_E, exit_sske);
wolfSSL 11:cee25a834751 18911 }
wolfSSL 11:cee25a834751 18912
wolfSSL 11:cee25a834751 18913 /* Perform hash */
wolfSSL 11:cee25a834751 18914 ret = wc_Hash(hashType,
wolfSSL 11:cee25a834751 18915 args->sigDataBuf, args->sigDataSz,
wolfSSL 11:cee25a834751 18916 ssl->buffers.sig.buffer, ssl->buffers.sig.length);
wolfSSL 11:cee25a834751 18917 if (ret != 0) {
wolfSSL 11:cee25a834751 18918 goto exit_sske;
wolfSSL 11:cee25a834751 18919 }
wolfSSL 11:cee25a834751 18920
wolfSSL 11:cee25a834751 18921 args->sigSz = args->tmpSigSz;
wolfSSL 11:cee25a834751 18922
wolfSSL 11:cee25a834751 18923 /* Sign hash to create signature */
wolfSSL 11:cee25a834751 18924 switch (ssl->specs.sig_algo)
wolfSSL 11:cee25a834751 18925 {
wolfSSL 11:cee25a834751 18926 #ifndef NO_RSA
wolfSSL 11:cee25a834751 18927 case rsa_sa_algo:
wolfSSL 11:cee25a834751 18928 {
wolfSSL 11:cee25a834751 18929 /* For TLS 1.2 re-encode signature */
wolfSSL 11:cee25a834751 18930 if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL 11:cee25a834751 18931 int typeH = 0;
wolfSSL 11:cee25a834751 18932 byte* encodedSig = (byte*)XMALLOC(
wolfSSL 11:cee25a834751 18933 MAX_ENCODED_SIG_SZ, ssl->heap,
wolfSSL 11:cee25a834751 18934 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 18935 if (encodedSig == NULL) {
wolfSSL 11:cee25a834751 18936 ERROR_OUT(MEMORY_E, exit_sske);
wolfSSL 11:cee25a834751 18937 }
wolfSSL 11:cee25a834751 18938
wolfSSL 11:cee25a834751 18939 switch (ssl->suites->hashAlgo) {
wolfSSL 11:cee25a834751 18940 case sha512_mac:
wolfSSL 11:cee25a834751 18941 #ifdef WOLFSSL_SHA512
wolfSSL 11:cee25a834751 18942 typeH = SHA512h;
wolfSSL 11:cee25a834751 18943 #endif
wolfSSL 11:cee25a834751 18944 break;
wolfSSL 11:cee25a834751 18945 case sha384_mac:
wolfSSL 11:cee25a834751 18946 #ifdef WOLFSSL_SHA384
wolfSSL 11:cee25a834751 18947 typeH = SHA384h;
wolfSSL 11:cee25a834751 18948 #endif
wolfSSL 11:cee25a834751 18949 break;
wolfSSL 11:cee25a834751 18950 case sha256_mac:
wolfSSL 11:cee25a834751 18951 #ifndef NO_SHA256
wolfSSL 11:cee25a834751 18952 typeH = SHA256h;
wolfSSL 11:cee25a834751 18953 #endif
wolfSSL 11:cee25a834751 18954 break;
wolfSSL 11:cee25a834751 18955 case sha_mac:
wolfSSL 11:cee25a834751 18956 #if !defined(NO_SHA) && \
wolfSSL 11:cee25a834751 18957 (!defined(NO_OLD_TLS) || \
wolfSSL 11:cee25a834751 18958 defined(WOLFSSL_ALLOW_TLS_SHA1))
wolfSSL 11:cee25a834751 18959 typeH = SHAh;
wolfSSL 11:cee25a834751 18960 #endif
wolfSSL 11:cee25a834751 18961 break;
wolfSSL 11:cee25a834751 18962 default:
wolfSSL 11:cee25a834751 18963 break;
wolfSSL 11:cee25a834751 18964 }
wolfSSL 11:cee25a834751 18965
wolfSSL 11:cee25a834751 18966 ssl->buffers.sig.length =
wolfSSL 11:cee25a834751 18967 wc_EncodeSignature(encodedSig,
wolfSSL 11:cee25a834751 18968 ssl->buffers.sig.buffer,
wolfSSL 11:cee25a834751 18969 ssl->buffers.sig.length, typeH);
wolfSSL 11:cee25a834751 18970
wolfSSL 11:cee25a834751 18971 /* Replace sig buffer with new one */
wolfSSL 11:cee25a834751 18972 XFREE(ssl->buffers.sig.buffer, ssl->heap,
wolfSSL 11:cee25a834751 18973 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 18974 ssl->buffers.sig.buffer = encodedSig;
wolfSSL 11:cee25a834751 18975 }
wolfSSL 11:cee25a834751 18976
wolfSSL 11:cee25a834751 18977 /* write sig size here */
wolfSSL 11:cee25a834751 18978 c16toa((word16)args->sigSz,
wolfSSL 11:cee25a834751 18979 args->output + args->idx);
wolfSSL 11:cee25a834751 18980 args->idx += LENGTH_SZ;
wolfSSL 11:cee25a834751 18981 break;
wolfSSL 11:cee25a834751 18982 }
wolfSSL 11:cee25a834751 18983 #endif /* !NO_RSA */
wolfSSL 11:cee25a834751 18984 case ecc_dsa_sa_algo:
wolfSSL 11:cee25a834751 18985 {
wolfSSL 11:cee25a834751 18986 break;
wolfSSL 11:cee25a834751 18987 }
wolfSSL 11:cee25a834751 18988 } /* switch(ssl->specs.sig_algo) */
wolfSSL 11:cee25a834751 18989 break;
wolfSSL 11:cee25a834751 18990 }
wolfSSL 11:cee25a834751 18991 #endif /* HAVE_ECC */
wolfSSL 11:cee25a834751 18992 #if !defined(NO_DH) && !defined(NO_RSA)
wolfSSL 11:cee25a834751 18993 case diffie_hellman_kea:
wolfSSL 11:cee25a834751 18994 {
wolfSSL 11:cee25a834751 18995 enum wc_HashType hashType = WC_HASH_TYPE_NONE;
wolfSSL 11:cee25a834751 18996
wolfSSL 11:cee25a834751 18997 args->idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
wolfSSL 11:cee25a834751 18998 args->length = LENGTH_SZ * 3; /* p, g, pub */
wolfSSL 11:cee25a834751 18999 args->length += ssl->buffers.serverDH_P.length +
wolfSSL 11:cee25a834751 19000 ssl->buffers.serverDH_G.length +
wolfSSL 11:cee25a834751 19001 ssl->buffers.serverDH_Pub.length;
wolfSSL 11:cee25a834751 19002
wolfSSL 11:cee25a834751 19003 preSigIdx = args->idx;
wolfSSL 11:cee25a834751 19004 preSigSz = args->length;
wolfSSL 11:cee25a834751 19005
wolfSSL 11:cee25a834751 19006 if (!ssl->options.usingAnon_cipher) {
wolfSSL 11:cee25a834751 19007 word32 i = 0;
wolfSSL 11:cee25a834751 19008 int keySz;
wolfSSL 11:cee25a834751 19009
wolfSSL 11:cee25a834751 19010 /* make sure private key exists */
wolfSSL 11:cee25a834751 19011 if (ssl->buffers.key == NULL ||
wolfSSL 11:cee25a834751 19012 ssl->buffers.key->buffer == NULL) {
wolfSSL 11:cee25a834751 19013 ERROR_OUT(NO_PRIVATE_KEY, exit_sske);
wolfSSL 11:cee25a834751 19014 }
wolfSSL 11:cee25a834751 19015
wolfSSL 11:cee25a834751 19016 ssl->hsType = DYNAMIC_TYPE_RSA;
wolfSSL 11:cee25a834751 19017 ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey);
wolfSSL 11:cee25a834751 19018 if (ret != 0) {
wolfSSL 11:cee25a834751 19019 goto exit_sske;
wolfSSL 11:cee25a834751 19020 }
wolfSSL 11:cee25a834751 19021
wolfSSL 11:cee25a834751 19022 /* sig length */
wolfSSL 11:cee25a834751 19023 args->length += LENGTH_SZ;
wolfSSL 11:cee25a834751 19024
wolfSSL 11:cee25a834751 19025 ret = wc_RsaPrivateKeyDecode(
wolfSSL 11:cee25a834751 19026 ssl->buffers.key->buffer, &i,
wolfSSL 11:cee25a834751 19027 (RsaKey*)ssl->hsKey, ssl->buffers.key->length);
wolfSSL 11:cee25a834751 19028 if (ret != 0) {
wolfSSL 11:cee25a834751 19029 goto exit_sske;
wolfSSL 11:cee25a834751 19030 }
wolfSSL 11:cee25a834751 19031 keySz = wc_RsaEncryptSize((RsaKey*)ssl->hsKey);
wolfSSL 11:cee25a834751 19032 if (keySz < 0) { /* test if keySz has error */
wolfSSL 11:cee25a834751 19033 ERROR_OUT(keySz, exit_sske);
wolfSSL 11:cee25a834751 19034 }
wolfSSL 11:cee25a834751 19035 args->tmpSigSz = (word32)keySz;
wolfSSL 11:cee25a834751 19036 args->length += args->tmpSigSz;
wolfSSL 11:cee25a834751 19037
wolfSSL 11:cee25a834751 19038 if (keySz < ssl->options.minRsaKeySz) {
wolfSSL 11:cee25a834751 19039 WOLFSSL_MSG("RSA key size too small");
wolfSSL 11:cee25a834751 19040 ERROR_OUT(RSA_KEY_SIZE_E, exit_sske);
wolfSSL 11:cee25a834751 19041 }
wolfSSL 11:cee25a834751 19042
wolfSSL 11:cee25a834751 19043 if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL 11:cee25a834751 19044 args->length += HASH_SIG_SIZE;
wolfSSL 11:cee25a834751 19045 }
wolfSSL 11:cee25a834751 19046 }
wolfSSL 11:cee25a834751 19047
wolfSSL 11:cee25a834751 19048 args->sendSz = args->length + HANDSHAKE_HEADER_SZ +
wolfSSL 11:cee25a834751 19049 RECORD_HEADER_SZ;
wolfSSL 11:cee25a834751 19050
wolfSSL 11:cee25a834751 19051 #ifdef HAVE_QSH
wolfSSL 11:cee25a834751 19052 args->length += args->qshSz;
wolfSSL 11:cee25a834751 19053 args->sendSz += args->qshSz;
wolfSSL 11:cee25a834751 19054 #endif
wolfSSL 11:cee25a834751 19055 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 19056 if (ssl->options.dtls) {
wolfSSL 11:cee25a834751 19057 args->sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL 11:cee25a834751 19058 args->idx += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL 11:cee25a834751 19059 preSigIdx = args->idx;
wolfSSL 11:cee25a834751 19060 }
wolfSSL 11:cee25a834751 19061 #endif
wolfSSL 11:cee25a834751 19062
wolfSSL 11:cee25a834751 19063 /* check for available size */
wolfSSL 11:cee25a834751 19064 if ((ret = CheckAvailableSize(ssl, args->sendSz)) != 0) {
wolfSSL 11:cee25a834751 19065 goto exit_sske;
wolfSSL 11:cee25a834751 19066 }
wolfSSL 11:cee25a834751 19067
wolfSSL 11:cee25a834751 19068 /* get ouput buffer */
wolfSSL 11:cee25a834751 19069 args->output = ssl->buffers.outputBuffer.buffer +
wolfSSL 11:cee25a834751 19070 ssl->buffers.outputBuffer.length;
wolfSSL 11:cee25a834751 19071
wolfSSL 11:cee25a834751 19072 AddHeaders(args->output, args->length,
wolfSSL 11:cee25a834751 19073 server_key_exchange, ssl);
wolfSSL 11:cee25a834751 19074
wolfSSL 11:cee25a834751 19075 /* add p, g, pub */
wolfSSL 11:cee25a834751 19076 c16toa((word16)ssl->buffers.serverDH_P.length,
wolfSSL 11:cee25a834751 19077 args->output + args->idx);
wolfSSL 11:cee25a834751 19078 args->idx += LENGTH_SZ;
wolfSSL 11:cee25a834751 19079 XMEMCPY(args->output + args->idx,
wolfSSL 11:cee25a834751 19080 ssl->buffers.serverDH_P.buffer,
wolfSSL 11:cee25a834751 19081 ssl->buffers.serverDH_P.length);
wolfSSL 11:cee25a834751 19082 args->idx += ssl->buffers.serverDH_P.length;
wolfSSL 11:cee25a834751 19083
wolfSSL 11:cee25a834751 19084 /* g */
wolfSSL 11:cee25a834751 19085 c16toa((word16)ssl->buffers.serverDH_G.length,
wolfSSL 11:cee25a834751 19086 args->output + args->idx);
wolfSSL 11:cee25a834751 19087 args->idx += LENGTH_SZ;
wolfSSL 11:cee25a834751 19088 XMEMCPY(args->output + args->idx,
wolfSSL 11:cee25a834751 19089 ssl->buffers.serverDH_G.buffer,
wolfSSL 11:cee25a834751 19090 ssl->buffers.serverDH_G.length);
wolfSSL 11:cee25a834751 19091 args->idx += ssl->buffers.serverDH_G.length;
wolfSSL 11:cee25a834751 19092
wolfSSL 11:cee25a834751 19093 /* pub */
wolfSSL 11:cee25a834751 19094 c16toa((word16)ssl->buffers.serverDH_Pub.length,
wolfSSL 11:cee25a834751 19095 args->output + args->idx);
wolfSSL 11:cee25a834751 19096 args->idx += LENGTH_SZ;
wolfSSL 11:cee25a834751 19097 XMEMCPY(args->output + args->idx,
wolfSSL 11:cee25a834751 19098 ssl->buffers.serverDH_Pub.buffer,
wolfSSL 11:cee25a834751 19099 ssl->buffers.serverDH_Pub.length);
wolfSSL 11:cee25a834751 19100 args->idx += ssl->buffers.serverDH_Pub.length;
wolfSSL 11:cee25a834751 19101
wolfSSL 11:cee25a834751 19102 #ifdef HAVE_FUZZER
wolfSSL 11:cee25a834751 19103 if (ssl->fuzzerCb) {
wolfSSL 11:cee25a834751 19104 ssl->fuzzerCb(ssl, args->output + preSigIdx,
wolfSSL 11:cee25a834751 19105 preSigSz, FUZZ_SIGNATURE, ssl->fuzzerCtx);
wolfSSL 11:cee25a834751 19106 }
wolfSSL 11:cee25a834751 19107 #endif
wolfSSL 11:cee25a834751 19108
wolfSSL 11:cee25a834751 19109 if (ssl->options.usingAnon_cipher) {
wolfSSL 11:cee25a834751 19110 break;
wolfSSL 11:cee25a834751 19111 }
wolfSSL 11:cee25a834751 19112
wolfSSL 11:cee25a834751 19113 /* Determine hash type */
wolfSSL 11:cee25a834751 19114 if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL 11:cee25a834751 19115 args->output[args->idx++] = ssl->suites->hashAlgo;
wolfSSL 11:cee25a834751 19116 args->output[args->idx++] = ssl->suites->sigAlgo;
wolfSSL 11:cee25a834751 19117
wolfSSL 11:cee25a834751 19118 switch (ssl->suites->hashAlgo) {
wolfSSL 11:cee25a834751 19119 case sha512_mac:
wolfSSL 11:cee25a834751 19120 #ifdef WOLFSSL_SHA512
wolfSSL 11:cee25a834751 19121 hashType = WC_HASH_TYPE_SHA512;
wolfSSL 11:cee25a834751 19122 #endif
wolfSSL 11:cee25a834751 19123 break;
wolfSSL 11:cee25a834751 19124 case sha384_mac:
wolfSSL 11:cee25a834751 19125 #ifdef WOLFSSL_SHA384
wolfSSL 11:cee25a834751 19126 hashType = WC_HASH_TYPE_SHA384;
wolfSSL 11:cee25a834751 19127 #endif
wolfSSL 11:cee25a834751 19128 break;
wolfSSL 11:cee25a834751 19129 case sha256_mac:
wolfSSL 11:cee25a834751 19130 #ifndef NO_SHA256
wolfSSL 11:cee25a834751 19131 hashType = WC_HASH_TYPE_SHA256;
wolfSSL 11:cee25a834751 19132 #endif
wolfSSL 11:cee25a834751 19133 break;
wolfSSL 11:cee25a834751 19134 case sha_mac:
wolfSSL 11:cee25a834751 19135 #if !defined(NO_SHA) && \
wolfSSL 11:cee25a834751 19136 (!defined(NO_OLD_TLS) || \
wolfSSL 11:cee25a834751 19137 defined(WOLFSSL_ALLOW_TLS_SHA1))
wolfSSL 11:cee25a834751 19138 hashType = WC_HASH_TYPE_SHA;
wolfSSL 11:cee25a834751 19139 #endif
wolfSSL 11:cee25a834751 19140 break;
wolfSSL 11:cee25a834751 19141 default:
wolfSSL 11:cee25a834751 19142 WOLFSSL_MSG("Bad hash sig algo");
wolfSSL 11:cee25a834751 19143 break;
wolfSSL 11:cee25a834751 19144 }
wolfSSL 11:cee25a834751 19145
wolfSSL 11:cee25a834751 19146 if (hashType == WC_HASH_TYPE_NONE) {
wolfSSL 11:cee25a834751 19147 ERROR_OUT(ALGO_ID_E, exit_sske);
wolfSSL 11:cee25a834751 19148 }
wolfSSL 11:cee25a834751 19149 } else {
wolfSSL 11:cee25a834751 19150 /* only using sha and md5 for rsa */
wolfSSL 11:cee25a834751 19151 #ifndef NO_OLD_TLS
wolfSSL 11:cee25a834751 19152 hashType = WC_HASH_TYPE_SHA;
wolfSSL 11:cee25a834751 19153 if (ssl->suites->sigAlgo == rsa_sa_algo) {
wolfSSL 11:cee25a834751 19154 hashType = WC_HASH_TYPE_MD5_SHA;
wolfSSL 11:cee25a834751 19155 }
wolfSSL 11:cee25a834751 19156 #else
wolfSSL 11:cee25a834751 19157 ERROR_OUT(ALGO_ID_E, exit_sske);
wolfSSL 11:cee25a834751 19158 #endif
wolfSSL 11:cee25a834751 19159 }
wolfSSL 11:cee25a834751 19160
wolfSSL 11:cee25a834751 19161 /* signature size */
wolfSSL 11:cee25a834751 19162 c16toa((word16)args->tmpSigSz, args->output + args->idx);
wolfSSL 11:cee25a834751 19163 args->idx += LENGTH_SZ;
wolfSSL 11:cee25a834751 19164
wolfSSL 11:cee25a834751 19165 /* Assemble buffer to hash for signature */
wolfSSL 11:cee25a834751 19166 args->sigDataSz = RAN_LEN + RAN_LEN + preSigSz;
wolfSSL 11:cee25a834751 19167 args->sigDataBuf = (byte*)XMALLOC(args->sigDataSz,
wolfSSL 11:cee25a834751 19168 ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 19169 if (args->sigDataBuf == NULL) {
wolfSSL 11:cee25a834751 19170 ERROR_OUT(MEMORY_E, exit_sske);
wolfSSL 11:cee25a834751 19171 }
wolfSSL 11:cee25a834751 19172 XMEMCPY(args->sigDataBuf, ssl->arrays->clientRandom,
wolfSSL 11:cee25a834751 19173 RAN_LEN);
wolfSSL 11:cee25a834751 19174 XMEMCPY(args->sigDataBuf+RAN_LEN,
wolfSSL 11:cee25a834751 19175 ssl->arrays->serverRandom, RAN_LEN);
wolfSSL 11:cee25a834751 19176 XMEMCPY(args->sigDataBuf+RAN_LEN+RAN_LEN,
wolfSSL 11:cee25a834751 19177 args->output + preSigIdx, preSigSz);
wolfSSL 11:cee25a834751 19178
wolfSSL 11:cee25a834751 19179 ssl->buffers.sig.length = wc_HashGetDigestSize(hashType);
wolfSSL 11:cee25a834751 19180 ssl->buffers.sig.buffer = (byte*)XMALLOC(
wolfSSL 11:cee25a834751 19181 ssl->buffers.sig.length, ssl->heap,
wolfSSL 11:cee25a834751 19182 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 19183 if (ssl->buffers.sig.buffer == NULL) {
wolfSSL 11:cee25a834751 19184 ERROR_OUT(MEMORY_E, exit_sske);
wolfSSL 11:cee25a834751 19185 }
wolfSSL 11:cee25a834751 19186
wolfSSL 11:cee25a834751 19187 /* Perform hash */
wolfSSL 11:cee25a834751 19188 ret = wc_Hash(hashType,
wolfSSL 11:cee25a834751 19189 args->sigDataBuf, args->sigDataSz,
wolfSSL 11:cee25a834751 19190 ssl->buffers.sig.buffer, ssl->buffers.sig.length);
wolfSSL 11:cee25a834751 19191 if (ret != 0) {
wolfSSL 11:cee25a834751 19192 goto exit_sske;
wolfSSL 11:cee25a834751 19193 }
wolfSSL 11:cee25a834751 19194
wolfSSL 11:cee25a834751 19195 args->sigSz = args->tmpSigSz;
wolfSSL 11:cee25a834751 19196
wolfSSL 11:cee25a834751 19197 /* Sign hash to create signature */
wolfSSL 11:cee25a834751 19198 switch (ssl->suites->sigAlgo)
wolfSSL 11:cee25a834751 19199 {
wolfSSL 11:cee25a834751 19200 #ifndef NO_RSA
wolfSSL 11:cee25a834751 19201 case rsa_sa_algo:
wolfSSL 11:cee25a834751 19202 {
wolfSSL 11:cee25a834751 19203 /* For TLS 1.2 re-encode signature */
wolfSSL 11:cee25a834751 19204 if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL 11:cee25a834751 19205 int typeH = 0;
wolfSSL 11:cee25a834751 19206 byte* encodedSig = (byte*)XMALLOC(
wolfSSL 11:cee25a834751 19207 MAX_ENCODED_SIG_SZ, ssl->heap,
wolfSSL 11:cee25a834751 19208 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 19209 if (encodedSig == NULL) {
wolfSSL 11:cee25a834751 19210 ERROR_OUT(MEMORY_E, exit_sske);
wolfSSL 11:cee25a834751 19211 }
wolfSSL 11:cee25a834751 19212
wolfSSL 11:cee25a834751 19213 switch (ssl->suites->hashAlgo) {
wolfSSL 11:cee25a834751 19214 case sha512_mac:
wolfSSL 11:cee25a834751 19215 #ifdef WOLFSSL_SHA512
wolfSSL 11:cee25a834751 19216 typeH = SHA512h;
wolfSSL 11:cee25a834751 19217 #endif
wolfSSL 11:cee25a834751 19218 break;
wolfSSL 11:cee25a834751 19219 case sha384_mac:
wolfSSL 11:cee25a834751 19220 #ifdef WOLFSSL_SHA384
wolfSSL 11:cee25a834751 19221 typeH = SHA384h;
wolfSSL 11:cee25a834751 19222 #endif
wolfSSL 11:cee25a834751 19223 break;
wolfSSL 11:cee25a834751 19224 case sha256_mac:
wolfSSL 11:cee25a834751 19225 #ifndef NO_SHA256
wolfSSL 11:cee25a834751 19226 typeH = SHA256h;
wolfSSL 11:cee25a834751 19227 #endif
wolfSSL 11:cee25a834751 19228 break;
wolfSSL 11:cee25a834751 19229 case sha_mac:
wolfSSL 11:cee25a834751 19230 #if !defined(NO_SHA) && \
wolfSSL 11:cee25a834751 19231 (!defined(NO_OLD_TLS) || \
wolfSSL 11:cee25a834751 19232 defined(WOLFSSL_ALLOW_TLS_SHA1))
wolfSSL 11:cee25a834751 19233 typeH = SHAh;
wolfSSL 11:cee25a834751 19234 #endif
wolfSSL 11:cee25a834751 19235 break;
wolfSSL 11:cee25a834751 19236 default:
wolfSSL 11:cee25a834751 19237 break;
wolfSSL 11:cee25a834751 19238 }
wolfSSL 11:cee25a834751 19239
wolfSSL 11:cee25a834751 19240 ssl->buffers.sig.length =
wolfSSL 11:cee25a834751 19241 wc_EncodeSignature(encodedSig,
wolfSSL 11:cee25a834751 19242 ssl->buffers.sig.buffer,
wolfSSL 11:cee25a834751 19243 ssl->buffers.sig.length, typeH);
wolfSSL 11:cee25a834751 19244
wolfSSL 11:cee25a834751 19245 /* Replace sig buffer with new one */
wolfSSL 11:cee25a834751 19246 XFREE(ssl->buffers.sig.buffer, ssl->heap,
wolfSSL 11:cee25a834751 19247 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 19248 ssl->buffers.sig.buffer = encodedSig;
wolfSSL 11:cee25a834751 19249 }
wolfSSL 11:cee25a834751 19250 break;
wolfSSL 11:cee25a834751 19251 }
wolfSSL 11:cee25a834751 19252 #endif /* NO_RSA */
wolfSSL 11:cee25a834751 19253 } /* switch (ssl->suites->sigAlgo) */
wolfSSL 11:cee25a834751 19254 break;
wolfSSL 11:cee25a834751 19255 }
wolfSSL 11:cee25a834751 19256 #endif /* !defined(NO_DH) && !defined(NO_RSA) */
wolfSSL 11:cee25a834751 19257 } /* switch(ssl->specs.kea) */
wolfSSL 11:cee25a834751 19258
wolfSSL 11:cee25a834751 19259 /* Check for error */
wolfSSL 11:cee25a834751 19260 if (ret != 0) {
wolfSSL 11:cee25a834751 19261 goto exit_sske;
wolfSSL 11:cee25a834751 19262 }
wolfSSL 11:cee25a834751 19263
wolfSSL 11:cee25a834751 19264 /* Advance state and proceed */
wolfSSL 11:cee25a834751 19265 ssl->options.asyncState = TLS_ASYNC_DO;
wolfSSL 11:cee25a834751 19266 } /* case TLS_ASYNC_BUILD */
wolfSSL 11:cee25a834751 19267
wolfSSL 11:cee25a834751 19268 case TLS_ASYNC_DO:
wolfSSL 11:cee25a834751 19269 {
wolfSSL 11:cee25a834751 19270 switch(ssl->specs.kea)
wolfSSL 11:cee25a834751 19271 {
wolfSSL 11:cee25a834751 19272 #ifndef NO_PSK
wolfSSL 11:cee25a834751 19273 case psk_kea:
wolfSSL 11:cee25a834751 19274 {
wolfSSL 11:cee25a834751 19275 break;
wolfSSL 11:cee25a834751 19276 }
wolfSSL 11:cee25a834751 19277 #endif /* !NO_PSK */
wolfSSL 11:cee25a834751 19278 #if !defined(NO_DH) && !defined(NO_PSK)
wolfSSL 11:cee25a834751 19279 case dhe_psk_kea:
wolfSSL 11:cee25a834751 19280 {
wolfSSL 11:cee25a834751 19281 break;
wolfSSL 11:cee25a834751 19282 }
wolfSSL 11:cee25a834751 19283 #endif /* !defined(NO_DH) && !defined(NO_PSK) */
wolfSSL 11:cee25a834751 19284 #if defined(HAVE_ECC) && !defined(NO_PSK)
wolfSSL 11:cee25a834751 19285 case ecdhe_psk_kea:
wolfSSL 11:cee25a834751 19286 {
wolfSSL 11:cee25a834751 19287 break;
wolfSSL 11:cee25a834751 19288 }
wolfSSL 11:cee25a834751 19289 #endif /* HAVE_ECC && !NO_PSK */
wolfSSL 11:cee25a834751 19290 #ifdef HAVE_ECC
wolfSSL 11:cee25a834751 19291 case ecc_diffie_hellman_kea:
wolfSSL 11:cee25a834751 19292 {
wolfSSL 11:cee25a834751 19293 /* Sign hash to create signature */
wolfSSL 11:cee25a834751 19294 switch (ssl->specs.sig_algo)
wolfSSL 11:cee25a834751 19295 {
wolfSSL 11:cee25a834751 19296 #ifndef NO_RSA
wolfSSL 11:cee25a834751 19297 case rsa_sa_algo:
wolfSSL 11:cee25a834751 19298 {
wolfSSL 11:cee25a834751 19299 RsaKey* key = (RsaKey*)ssl->hsKey;
wolfSSL 11:cee25a834751 19300
wolfSSL 11:cee25a834751 19301 ret = RsaSign(ssl,
wolfSSL 11:cee25a834751 19302 ssl->buffers.sig.buffer,
wolfSSL 11:cee25a834751 19303 ssl->buffers.sig.length,
wolfSSL 11:cee25a834751 19304 args->output + args->idx,
wolfSSL 11:cee25a834751 19305 &args->sigSz,
wolfSSL 11:cee25a834751 19306 key,
wolfSSL 11:cee25a834751 19307 ssl->buffers.key->buffer,
wolfSSL 11:cee25a834751 19308 ssl->buffers.key->length,
wolfSSL 11:cee25a834751 19309 #ifdef HAVE_PK_CALLBACKS
wolfSSL 11:cee25a834751 19310 ssl->RsaSignCtx
wolfSSL 11:cee25a834751 19311 #else
wolfSSL 11:cee25a834751 19312 NULL
wolfSSL 11:cee25a834751 19313 #endif
wolfSSL 11:cee25a834751 19314 );
wolfSSL 11:cee25a834751 19315 break;
wolfSSL 11:cee25a834751 19316 }
wolfSSL 11:cee25a834751 19317 #endif /* !NO_RSA */
wolfSSL 11:cee25a834751 19318 case ecc_dsa_sa_algo:
wolfSSL 11:cee25a834751 19319 {
wolfSSL 11:cee25a834751 19320 ecc_key* key = (ecc_key*)ssl->hsKey;
wolfSSL 11:cee25a834751 19321
wolfSSL 11:cee25a834751 19322 ret = EccSign(ssl,
wolfSSL 11:cee25a834751 19323 ssl->buffers.sig.buffer,
wolfSSL 11:cee25a834751 19324 ssl->buffers.sig.length,
wolfSSL 11:cee25a834751 19325 args->output + LENGTH_SZ + args->idx,
wolfSSL 11:cee25a834751 19326 &args->sigSz,
wolfSSL 11:cee25a834751 19327 key,
wolfSSL 11:cee25a834751 19328 #if defined(HAVE_PK_CALLBACKS)
wolfSSL 11:cee25a834751 19329 ssl->buffers.key->buffer,
wolfSSL 11:cee25a834751 19330 ssl->buffers.key->length,
wolfSSL 11:cee25a834751 19331 ssl->EccSignCtx
wolfSSL 11:cee25a834751 19332 #else
wolfSSL 11:cee25a834751 19333 NULL, 0, NULL
wolfSSL 11:cee25a834751 19334 #endif
wolfSSL 11:cee25a834751 19335 );
wolfSSL 11:cee25a834751 19336 break;
wolfSSL 11:cee25a834751 19337 }
wolfSSL 11:cee25a834751 19338 } /* switch(ssl->specs.sig_algo) */
wolfSSL 11:cee25a834751 19339 break;
wolfSSL 11:cee25a834751 19340 }
wolfSSL 11:cee25a834751 19341 #endif /* HAVE_ECC */
wolfSSL 11:cee25a834751 19342 #if !defined(NO_DH) && !defined(NO_RSA)
wolfSSL 11:cee25a834751 19343 case diffie_hellman_kea:
wolfSSL 11:cee25a834751 19344 {
wolfSSL 11:cee25a834751 19345 /* Sign hash to create signature */
wolfSSL 11:cee25a834751 19346 switch (ssl->suites->sigAlgo)
wolfSSL 11:cee25a834751 19347 {
wolfSSL 11:cee25a834751 19348 #ifndef NO_RSA
wolfSSL 11:cee25a834751 19349 case rsa_sa_algo:
wolfSSL 11:cee25a834751 19350 {
wolfSSL 11:cee25a834751 19351 RsaKey* key = (RsaKey*)ssl->hsKey;
wolfSSL 11:cee25a834751 19352
wolfSSL 11:cee25a834751 19353 if (ssl->options.usingAnon_cipher) {
wolfSSL 11:cee25a834751 19354 break;
wolfSSL 11:cee25a834751 19355 }
wolfSSL 11:cee25a834751 19356
wolfSSL 11:cee25a834751 19357 ret = RsaSign(ssl,
wolfSSL 11:cee25a834751 19358 ssl->buffers.sig.buffer,
wolfSSL 11:cee25a834751 19359 ssl->buffers.sig.length,
wolfSSL 11:cee25a834751 19360 args->output + args->idx,
wolfSSL 11:cee25a834751 19361 &args->sigSz,
wolfSSL 11:cee25a834751 19362 key,
wolfSSL 11:cee25a834751 19363 ssl->buffers.key->buffer,
wolfSSL 11:cee25a834751 19364 ssl->buffers.key->length,
wolfSSL 11:cee25a834751 19365 #ifdef HAVE_PK_CALLBACKS
wolfSSL 11:cee25a834751 19366 ssl->RsaSignCtx
wolfSSL 11:cee25a834751 19367 #else
wolfSSL 11:cee25a834751 19368 NULL
wolfSSL 11:cee25a834751 19369 #endif
wolfSSL 11:cee25a834751 19370 );
wolfSSL 11:cee25a834751 19371 break;
wolfSSL 11:cee25a834751 19372 }
wolfSSL 11:cee25a834751 19373 #endif /* NO_RSA */
wolfSSL 11:cee25a834751 19374 } /* switch (ssl->suites->sigAlgo) */
wolfSSL 11:cee25a834751 19375
wolfSSL 11:cee25a834751 19376 break;
wolfSSL 11:cee25a834751 19377 }
wolfSSL 11:cee25a834751 19378 #endif /* !defined(NO_DH) && !defined(NO_RSA) */
wolfSSL 11:cee25a834751 19379 } /* switch(ssl->specs.kea) */
wolfSSL 11:cee25a834751 19380
wolfSSL 11:cee25a834751 19381 /* Check for error */
wolfSSL 11:cee25a834751 19382 if (ret != 0) {
wolfSSL 11:cee25a834751 19383 goto exit_sske;
wolfSSL 11:cee25a834751 19384 }
wolfSSL 11:cee25a834751 19385
wolfSSL 11:cee25a834751 19386 /* Advance state and proceed */
wolfSSL 11:cee25a834751 19387 ssl->options.asyncState = TLS_ASYNC_VERIFY;
wolfSSL 11:cee25a834751 19388 } /* case TLS_ASYNC_DO */
wolfSSL 11:cee25a834751 19389
wolfSSL 11:cee25a834751 19390 case TLS_ASYNC_VERIFY:
wolfSSL 11:cee25a834751 19391 {
wolfSSL 11:cee25a834751 19392 switch(ssl->specs.kea)
wolfSSL 11:cee25a834751 19393 {
wolfSSL 11:cee25a834751 19394 #ifndef NO_PSK
wolfSSL 11:cee25a834751 19395 case psk_kea:
wolfSSL 11:cee25a834751 19396 {
wolfSSL 11:cee25a834751 19397 /* Nothing to do in this sub-state */
wolfSSL 11:cee25a834751 19398 break;
wolfSSL 11:cee25a834751 19399 }
wolfSSL 11:cee25a834751 19400 #endif /* !NO_PSK */
wolfSSL 11:cee25a834751 19401 #if !defined(NO_DH) && !defined(NO_PSK)
wolfSSL 11:cee25a834751 19402 case dhe_psk_kea:
wolfSSL 11:cee25a834751 19403 {
wolfSSL 11:cee25a834751 19404 /* Nothing to do in this sub-state */
wolfSSL 11:cee25a834751 19405 break;
wolfSSL 11:cee25a834751 19406 }
wolfSSL 11:cee25a834751 19407 #endif /* !defined(NO_DH) && !defined(NO_PSK) */
wolfSSL 11:cee25a834751 19408 #if defined(HAVE_ECC) && !defined(NO_PSK)
wolfSSL 11:cee25a834751 19409 case ecdhe_psk_kea:
wolfSSL 11:cee25a834751 19410 {
wolfSSL 11:cee25a834751 19411 /* Nothing to do in this sub-state */
wolfSSL 11:cee25a834751 19412 break;
wolfSSL 11:cee25a834751 19413 }
wolfSSL 11:cee25a834751 19414 #endif /* HAVE_ECC && !NO_PSK */
wolfSSL 11:cee25a834751 19415 #ifdef HAVE_ECC
wolfSSL 11:cee25a834751 19416 case ecc_diffie_hellman_kea:
wolfSSL 11:cee25a834751 19417 {
wolfSSL 11:cee25a834751 19418 switch(ssl->specs.sig_algo)
wolfSSL 11:cee25a834751 19419 {
wolfSSL 11:cee25a834751 19420 #ifndef NO_RSA
wolfSSL 11:cee25a834751 19421 case rsa_sa_algo:
wolfSSL 11:cee25a834751 19422 {
wolfSSL 11:cee25a834751 19423 RsaKey* key = (RsaKey*)ssl->hsKey;
wolfSSL 11:cee25a834751 19424
wolfSSL 11:cee25a834751 19425 if (args->verifySig == NULL) {
wolfSSL 11:cee25a834751 19426 if (args->sigSz == 0) {
wolfSSL 11:cee25a834751 19427 ERROR_OUT(BAD_COND_E, exit_sske);
wolfSSL 11:cee25a834751 19428 }
wolfSSL 11:cee25a834751 19429 args->verifySig = (byte*)XMALLOC(
wolfSSL 11:cee25a834751 19430 args->sigSz, ssl->heap,
wolfSSL 11:cee25a834751 19431 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 19432 if (!args->verifySig) {
wolfSSL 11:cee25a834751 19433 ERROR_OUT(MEMORY_E, exit_sske);
wolfSSL 11:cee25a834751 19434 }
wolfSSL 11:cee25a834751 19435 XMEMCPY(args->verifySig,
wolfSSL 11:cee25a834751 19436 args->output + args->idx, args->sigSz);
wolfSSL 11:cee25a834751 19437 }
wolfSSL 11:cee25a834751 19438
wolfSSL 11:cee25a834751 19439 /* check for signature faults */
wolfSSL 11:cee25a834751 19440 ret = VerifyRsaSign(ssl,
wolfSSL 11:cee25a834751 19441 args->verifySig, args->sigSz,
wolfSSL 11:cee25a834751 19442 ssl->buffers.sig.buffer,
wolfSSL 11:cee25a834751 19443 ssl->buffers.sig.length,
wolfSSL 11:cee25a834751 19444 key
wolfSSL 11:cee25a834751 19445 );
wolfSSL 11:cee25a834751 19446 break;
wolfSSL 11:cee25a834751 19447 }
wolfSSL 11:cee25a834751 19448 #endif
wolfSSL 11:cee25a834751 19449 case ecc_dsa_sa_algo:
wolfSSL 11:cee25a834751 19450 {
wolfSSL 11:cee25a834751 19451 /* Now that we know the real sig size, write it. */
wolfSSL 11:cee25a834751 19452 c16toa((word16)args->sigSz,
wolfSSL 11:cee25a834751 19453 args->output + args->idx);
wolfSSL 11:cee25a834751 19454
wolfSSL 11:cee25a834751 19455 /* And adjust length and sendSz from estimates */
wolfSSL 11:cee25a834751 19456 args->length += args->sigSz - args->tmpSigSz;
wolfSSL 11:cee25a834751 19457 args->sendSz += args->sigSz - args->tmpSigSz;
wolfSSL 11:cee25a834751 19458 break;
wolfSSL 11:cee25a834751 19459 }
wolfSSL 11:cee25a834751 19460 default:
wolfSSL 11:cee25a834751 19461 ERROR_OUT(ALGO_ID_E, exit_sske); /* unsupported type */
wolfSSL 11:cee25a834751 19462 } /* switch(ssl->specs.sig_algo) */
wolfSSL 11:cee25a834751 19463 break;
wolfSSL 11:cee25a834751 19464 }
wolfSSL 11:cee25a834751 19465 #endif /* HAVE_ECC */
wolfSSL 11:cee25a834751 19466 #if !defined(NO_DH) && !defined(NO_RSA)
wolfSSL 11:cee25a834751 19467 case diffie_hellman_kea:
wolfSSL 11:cee25a834751 19468 {
wolfSSL 11:cee25a834751 19469 switch (ssl->suites->sigAlgo)
wolfSSL 11:cee25a834751 19470 {
wolfSSL 11:cee25a834751 19471 #ifndef NO_RSA
wolfSSL 11:cee25a834751 19472 case rsa_sa_algo:
wolfSSL 11:cee25a834751 19473 {
wolfSSL 11:cee25a834751 19474 RsaKey* key = (RsaKey*)ssl->hsKey;
wolfSSL 11:cee25a834751 19475
wolfSSL 11:cee25a834751 19476 if (ssl->options.usingAnon_cipher) {
wolfSSL 11:cee25a834751 19477 break;
wolfSSL 11:cee25a834751 19478 }
wolfSSL 11:cee25a834751 19479
wolfSSL 11:cee25a834751 19480 if (args->verifySig == NULL) {
wolfSSL 11:cee25a834751 19481 if (args->sigSz == 0) {
wolfSSL 11:cee25a834751 19482 ERROR_OUT(BAD_COND_E, exit_sske);
wolfSSL 11:cee25a834751 19483 }
wolfSSL 11:cee25a834751 19484 args->verifySig = (byte*)XMALLOC(
wolfSSL 11:cee25a834751 19485 args->sigSz, ssl->heap,
wolfSSL 11:cee25a834751 19486 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 19487 if (!args->verifySig) {
wolfSSL 11:cee25a834751 19488 ERROR_OUT(MEMORY_E, exit_sske);
wolfSSL 11:cee25a834751 19489 }
wolfSSL 11:cee25a834751 19490 XMEMCPY(args->verifySig,
wolfSSL 11:cee25a834751 19491 args->output + args->idx, args->sigSz);
wolfSSL 11:cee25a834751 19492 }
wolfSSL 11:cee25a834751 19493
wolfSSL 11:cee25a834751 19494 /* check for signature faults */
wolfSSL 11:cee25a834751 19495 ret = VerifyRsaSign(ssl,
wolfSSL 11:cee25a834751 19496 args->verifySig, args->sigSz,
wolfSSL 11:cee25a834751 19497 ssl->buffers.sig.buffer,
wolfSSL 11:cee25a834751 19498 ssl->buffers.sig.length,
wolfSSL 11:cee25a834751 19499 key
wolfSSL 11:cee25a834751 19500 );
wolfSSL 11:cee25a834751 19501 break;
wolfSSL 11:cee25a834751 19502 }
wolfSSL 11:cee25a834751 19503 #endif
wolfSSL 11:cee25a834751 19504 } /* switch (ssl->suites->sigAlgo) */
wolfSSL 11:cee25a834751 19505 break;
wolfSSL 11:cee25a834751 19506 }
wolfSSL 11:cee25a834751 19507 #endif /* !defined(NO_DH) && !defined(NO_RSA) */
wolfSSL 11:cee25a834751 19508 } /* switch(ssl->specs.kea) */
wolfSSL 11:cee25a834751 19509
wolfSSL 11:cee25a834751 19510 /* Check for error */
wolfSSL 11:cee25a834751 19511 if (ret != 0) {
wolfSSL 11:cee25a834751 19512 goto exit_sske;
wolfSSL 11:cee25a834751 19513 }
wolfSSL 11:cee25a834751 19514
wolfSSL 11:cee25a834751 19515 /* Advance state and proceed */
wolfSSL 11:cee25a834751 19516 ssl->options.asyncState = TLS_ASYNC_FINALIZE;
wolfSSL 11:cee25a834751 19517 } /* case TLS_ASYNC_VERIFY */
wolfSSL 11:cee25a834751 19518
wolfSSL 11:cee25a834751 19519 case TLS_ASYNC_FINALIZE:
wolfSSL 11:cee25a834751 19520 {
wolfSSL 11:cee25a834751 19521 #ifdef HAVE_QSH
wolfSSL 11:cee25a834751 19522 if (ssl->peerQSHKeyPresent) {
wolfSSL 11:cee25a834751 19523 if (args->qshSz > 0) {
wolfSSL 11:cee25a834751 19524 args->idx = args->sendSz - args->qshSz;
wolfSSL 11:cee25a834751 19525 if (QSH_KeyExchangeWrite(ssl, 1) != 0) {
wolfSSL 11:cee25a834751 19526 ERROR_OUT(MEMORY_E, exit_sske);
wolfSSL 11:cee25a834751 19527 }
wolfSSL 11:cee25a834751 19528
wolfSSL 11:cee25a834751 19529 /* extension type */
wolfSSL 11:cee25a834751 19530 c16toa(TLSX_QUANTUM_SAFE_HYBRID,
wolfSSL 11:cee25a834751 19531 args->output + args->idx);
wolfSSL 11:cee25a834751 19532 args->idx += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 19533
wolfSSL 11:cee25a834751 19534 /* write to output and check amount written */
wolfSSL 11:cee25a834751 19535 if (TLSX_QSHPK_Write(ssl->QSH_secret->list,
wolfSSL 11:cee25a834751 19536 args->output + args->idx) >
wolfSSL 11:cee25a834751 19537 args->qshSz - OPAQUE16_LEN) {
wolfSSL 11:cee25a834751 19538 ERROR_OUT(MEMORY_E, exit_sske);
wolfSSL 11:cee25a834751 19539 }
wolfSSL 11:cee25a834751 19540 }
wolfSSL 11:cee25a834751 19541 }
wolfSSL 11:cee25a834751 19542 #endif
wolfSSL 11:cee25a834751 19543
wolfSSL 11:cee25a834751 19544 #if defined(HAVE_ECC)
wolfSSL 11:cee25a834751 19545 if (ssl->specs.kea == ecdhe_psk_kea ||
wolfSSL 11:cee25a834751 19546 ssl->specs.kea == ecc_diffie_hellman_kea) {
wolfSSL 11:cee25a834751 19547 /* Check output to make sure it was set */
wolfSSL 11:cee25a834751 19548 if (args->output) {
wolfSSL 11:cee25a834751 19549 AddHeaders(args->output, args->length,
wolfSSL 11:cee25a834751 19550 server_key_exchange, ssl);
wolfSSL 11:cee25a834751 19551 }
wolfSSL 11:cee25a834751 19552 else {
wolfSSL 11:cee25a834751 19553 ERROR_OUT(BUFFER_ERROR, exit_sske);
wolfSSL 11:cee25a834751 19554 }
wolfSSL 11:cee25a834751 19555 }
wolfSSL 11:cee25a834751 19556 #endif /* HAVE_ECC */
wolfSSL 11:cee25a834751 19557
wolfSSL 11:cee25a834751 19558 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 19559 if (IsDtlsNotSctpMode(ssl)) {
wolfSSL 11:cee25a834751 19560 if ((ret = DtlsMsgPoolSave(ssl, args->output, args->sendSz)) != 0) {
wolfSSL 11:cee25a834751 19561 goto exit_sske;
wolfSSL 11:cee25a834751 19562 }
wolfSSL 11:cee25a834751 19563 }
wolfSSL 11:cee25a834751 19564
wolfSSL 11:cee25a834751 19565 if (ssl->options.dtls)
wolfSSL 11:cee25a834751 19566 DtlsSEQIncrement(ssl, CUR_ORDER);
wolfSSL 11:cee25a834751 19567 #endif
wolfSSL 11:cee25a834751 19568
wolfSSL 11:cee25a834751 19569 ret = HashOutput(ssl, args->output, args->sendSz, 0);
wolfSSL 11:cee25a834751 19570 if (ret != 0) {
wolfSSL 11:cee25a834751 19571 goto exit_sske;
wolfSSL 11:cee25a834751 19572 }
wolfSSL 11:cee25a834751 19573
wolfSSL 11:cee25a834751 19574 #ifdef WOLFSSL_CALLBACKS
wolfSSL 11:cee25a834751 19575 if (ssl->hsInfoOn) {
wolfSSL 11:cee25a834751 19576 AddPacketName("ServerKeyExchange", &ssl->handShakeInfo);
wolfSSL 11:cee25a834751 19577 }
wolfSSL 11:cee25a834751 19578 if (ssl->toInfoOn) {
wolfSSL 11:cee25a834751 19579 AddPacketInfo("ServerKeyExchange", &ssl->timeoutInfo,
wolfSSL 11:cee25a834751 19580 args->output, args->sendSz, ssl->heap);
wolfSSL 11:cee25a834751 19581 }
wolfSSL 11:cee25a834751 19582 #endif
wolfSSL 11:cee25a834751 19583
wolfSSL 11:cee25a834751 19584 /* Advance state and proceed */
wolfSSL 11:cee25a834751 19585 ssl->options.asyncState = TLS_ASYNC_END;
wolfSSL 11:cee25a834751 19586 } /* case TLS_ASYNC_FINALIZE */
wolfSSL 11:cee25a834751 19587
wolfSSL 11:cee25a834751 19588 case TLS_ASYNC_END:
wolfSSL 11:cee25a834751 19589 {
wolfSSL 11:cee25a834751 19590 ssl->buffers.outputBuffer.length += args->sendSz;
wolfSSL 11:cee25a834751 19591 if (!ssl->options.groupMessages) {
wolfSSL 11:cee25a834751 19592 ret = SendBuffered(ssl);
wolfSSL 11:cee25a834751 19593 }
wolfSSL 11:cee25a834751 19594
wolfSSL 11:cee25a834751 19595 ssl->options.serverState = SERVER_KEYEXCHANGE_COMPLETE;
wolfSSL 11:cee25a834751 19596 break;
wolfSSL 11:cee25a834751 19597 }
wolfSSL 11:cee25a834751 19598 default:
wolfSSL 11:cee25a834751 19599 ret = INPUT_CASE_ERROR;
wolfSSL 11:cee25a834751 19600 } /* switch(ssl->options.asyncState) */
wolfSSL 11:cee25a834751 19601
wolfSSL 11:cee25a834751 19602 exit_sske:
wolfSSL 11:cee25a834751 19603
wolfSSL 11:cee25a834751 19604 WOLFSSL_LEAVE("SendServerKeyExchange", ret);
wolfSSL 11:cee25a834751 19605
wolfSSL 11:cee25a834751 19606 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 11:cee25a834751 19607 /* Handle async operation */
wolfSSL 11:cee25a834751 19608 if (ret == WC_PENDING_E)
wolfSSL 11:cee25a834751 19609 return ret;
wolfSSL 11:cee25a834751 19610 #endif /* WOLFSSL_ASYNC_CRYPT */
wolfSSL 11:cee25a834751 19611
wolfSSL 11:cee25a834751 19612 /* Final cleanup */
wolfSSL 11:cee25a834751 19613 FreeSskeArgs(ssl, args);
wolfSSL 11:cee25a834751 19614 FreeKeyExchange(ssl);
wolfSSL 11:cee25a834751 19615
wolfSSL 11:cee25a834751 19616 return ret;
wolfSSL 11:cee25a834751 19617 }
wolfSSL 11:cee25a834751 19618
wolfSSL 11:cee25a834751 19619 #ifdef HAVE_SERVER_RENEGOTIATION_INFO
wolfSSL 11:cee25a834751 19620
wolfSSL 11:cee25a834751 19621 /* search suites for specific one, idx on success, negative on error */
wolfSSL 11:cee25a834751 19622 static int FindSuite(Suites* suites, byte first, byte second)
wolfSSL 11:cee25a834751 19623 {
wolfSSL 11:cee25a834751 19624 int i;
wolfSSL 11:cee25a834751 19625
wolfSSL 11:cee25a834751 19626 if (suites == NULL || suites->suiteSz == 0) {
wolfSSL 11:cee25a834751 19627 WOLFSSL_MSG("Suites pointer error or suiteSz 0");
wolfSSL 11:cee25a834751 19628 return SUITES_ERROR;
wolfSSL 11:cee25a834751 19629 }
wolfSSL 11:cee25a834751 19630
wolfSSL 11:cee25a834751 19631 for (i = 0; i < suites->suiteSz-1; i += SUITE_LEN) {
wolfSSL 11:cee25a834751 19632 if (suites->suites[i] == first &&
wolfSSL 11:cee25a834751 19633 suites->suites[i+1] == second )
wolfSSL 11:cee25a834751 19634 return i;
wolfSSL 11:cee25a834751 19635 }
wolfSSL 11:cee25a834751 19636
wolfSSL 11:cee25a834751 19637 return MATCH_SUITE_ERROR;
wolfSSL 11:cee25a834751 19638 }
wolfSSL 11:cee25a834751 19639
wolfSSL 11:cee25a834751 19640 #endif
wolfSSL 11:cee25a834751 19641
wolfSSL 11:cee25a834751 19642 /* Make sure server cert/key are valid for this suite, true on success */
wolfSSL 11:cee25a834751 19643 static int VerifyServerSuite(WOLFSSL* ssl, word16 idx)
wolfSSL 11:cee25a834751 19644 {
wolfSSL 11:cee25a834751 19645 int haveRSA = !ssl->options.haveStaticECC;
wolfSSL 11:cee25a834751 19646 int havePSK = 0;
wolfSSL 11:cee25a834751 19647 byte first;
wolfSSL 11:cee25a834751 19648 byte second;
wolfSSL 11:cee25a834751 19649
wolfSSL 11:cee25a834751 19650 WOLFSSL_ENTER("VerifyServerSuite");
wolfSSL 11:cee25a834751 19651
wolfSSL 11:cee25a834751 19652 if (ssl->suites == NULL) {
wolfSSL 11:cee25a834751 19653 WOLFSSL_MSG("Suites pointer error");
wolfSSL 11:cee25a834751 19654 return 0;
wolfSSL 11:cee25a834751 19655 }
wolfSSL 11:cee25a834751 19656
wolfSSL 11:cee25a834751 19657 first = ssl->suites->suites[idx];
wolfSSL 11:cee25a834751 19658 second = ssl->suites->suites[idx+1];
wolfSSL 11:cee25a834751 19659
wolfSSL 11:cee25a834751 19660 #ifndef NO_PSK
wolfSSL 11:cee25a834751 19661 havePSK = ssl->options.havePSK;
wolfSSL 11:cee25a834751 19662 #endif
wolfSSL 11:cee25a834751 19663
wolfSSL 11:cee25a834751 19664 if (ssl->options.haveNTRU)
wolfSSL 11:cee25a834751 19665 haveRSA = 0;
wolfSSL 11:cee25a834751 19666
wolfSSL 11:cee25a834751 19667 if (CipherRequires(first, second, REQUIRES_RSA)) {
wolfSSL 11:cee25a834751 19668 WOLFSSL_MSG("Requires RSA");
wolfSSL 11:cee25a834751 19669 if (haveRSA == 0) {
wolfSSL 11:cee25a834751 19670 WOLFSSL_MSG("Don't have RSA");
wolfSSL 11:cee25a834751 19671 return 0;
wolfSSL 11:cee25a834751 19672 }
wolfSSL 11:cee25a834751 19673 }
wolfSSL 11:cee25a834751 19674
wolfSSL 11:cee25a834751 19675 if (CipherRequires(first, second, REQUIRES_DHE)) {
wolfSSL 11:cee25a834751 19676 WOLFSSL_MSG("Requires DHE");
wolfSSL 11:cee25a834751 19677 if (ssl->options.haveDH == 0) {
wolfSSL 11:cee25a834751 19678 WOLFSSL_MSG("Don't have DHE");
wolfSSL 11:cee25a834751 19679 return 0;
wolfSSL 11:cee25a834751 19680 }
wolfSSL 11:cee25a834751 19681 }
wolfSSL 11:cee25a834751 19682
wolfSSL 11:cee25a834751 19683 if (CipherRequires(first, second, REQUIRES_ECC)) {
wolfSSL 11:cee25a834751 19684 WOLFSSL_MSG("Requires ECC");
wolfSSL 11:cee25a834751 19685 if (ssl->options.haveECC == 0) {
wolfSSL 11:cee25a834751 19686 WOLFSSL_MSG("Don't have ECC");
wolfSSL 11:cee25a834751 19687 return 0;
wolfSSL 11:cee25a834751 19688 }
wolfSSL 11:cee25a834751 19689 }
wolfSSL 11:cee25a834751 19690
wolfSSL 11:cee25a834751 19691 if (CipherRequires(first, second, REQUIRES_ECC_STATIC)) {
wolfSSL 11:cee25a834751 19692 WOLFSSL_MSG("Requires static ECC");
wolfSSL 11:cee25a834751 19693 if (ssl->options.haveStaticECC == 0) {
wolfSSL 11:cee25a834751 19694 WOLFSSL_MSG("Don't have static ECC");
wolfSSL 11:cee25a834751 19695 return 0;
wolfSSL 11:cee25a834751 19696 }
wolfSSL 11:cee25a834751 19697 }
wolfSSL 11:cee25a834751 19698
wolfSSL 11:cee25a834751 19699 if (CipherRequires(first, second, REQUIRES_PSK)) {
wolfSSL 11:cee25a834751 19700 WOLFSSL_MSG("Requires PSK");
wolfSSL 11:cee25a834751 19701 if (havePSK == 0) {
wolfSSL 11:cee25a834751 19702 WOLFSSL_MSG("Don't have PSK");
wolfSSL 11:cee25a834751 19703 return 0;
wolfSSL 11:cee25a834751 19704 }
wolfSSL 11:cee25a834751 19705 }
wolfSSL 11:cee25a834751 19706
wolfSSL 11:cee25a834751 19707 if (CipherRequires(first, second, REQUIRES_NTRU)) {
wolfSSL 11:cee25a834751 19708 WOLFSSL_MSG("Requires NTRU");
wolfSSL 11:cee25a834751 19709 if (ssl->options.haveNTRU == 0) {
wolfSSL 11:cee25a834751 19710 WOLFSSL_MSG("Don't have NTRU");
wolfSSL 11:cee25a834751 19711 return 0;
wolfSSL 11:cee25a834751 19712 }
wolfSSL 11:cee25a834751 19713 }
wolfSSL 11:cee25a834751 19714
wolfSSL 11:cee25a834751 19715 if (CipherRequires(first, second, REQUIRES_RSA_SIG)) {
wolfSSL 11:cee25a834751 19716 WOLFSSL_MSG("Requires RSA Signature");
wolfSSL 11:cee25a834751 19717 if (ssl->options.side == WOLFSSL_SERVER_END &&
wolfSSL 11:cee25a834751 19718 ssl->options.haveECDSAsig == 1) {
wolfSSL 11:cee25a834751 19719 WOLFSSL_MSG("Don't have RSA Signature");
wolfSSL 11:cee25a834751 19720 return 0;
wolfSSL 11:cee25a834751 19721 }
wolfSSL 11:cee25a834751 19722 }
wolfSSL 11:cee25a834751 19723
wolfSSL 11:cee25a834751 19724 #ifdef HAVE_SUPPORTED_CURVES
wolfSSL 11:cee25a834751 19725 if (!TLSX_ValidateEllipticCurves(ssl, first, second)) {
wolfSSL 11:cee25a834751 19726 WOLFSSL_MSG("Don't have matching curves");
wolfSSL 11:cee25a834751 19727 return 0;
wolfSSL 11:cee25a834751 19728 }
wolfSSL 11:cee25a834751 19729 #endif
wolfSSL 11:cee25a834751 19730
wolfSSL 11:cee25a834751 19731 /* ECCDHE is always supported if ECC on */
wolfSSL 11:cee25a834751 19732
wolfSSL 11:cee25a834751 19733 #ifdef HAVE_QSH
wolfSSL 11:cee25a834751 19734 /* need to negotiate a classic suite in addition to TLS_QSH */
wolfSSL 11:cee25a834751 19735 if (first == QSH_BYTE && second == TLS_QSH) {
wolfSSL 11:cee25a834751 19736 if (TLSX_SupportExtensions(ssl)) {
wolfSSL 11:cee25a834751 19737 ssl->options.haveQSH = 1; /* matched TLS_QSH */
wolfSSL 11:cee25a834751 19738 }
wolfSSL 11:cee25a834751 19739 else {
wolfSSL 11:cee25a834751 19740 WOLFSSL_MSG("Version of SSL connection does not support TLS_QSH");
wolfSSL 11:cee25a834751 19741 }
wolfSSL 11:cee25a834751 19742 return 0;
wolfSSL 11:cee25a834751 19743 }
wolfSSL 11:cee25a834751 19744 #endif
wolfSSL 11:cee25a834751 19745
wolfSSL 11:cee25a834751 19746 return 1;
wolfSSL 11:cee25a834751 19747 }
wolfSSL 11:cee25a834751 19748
wolfSSL 11:cee25a834751 19749 #ifndef NO_WOLFSSL_SERVER
wolfSSL 11:cee25a834751 19750 static int CompareSuites(WOLFSSL* ssl, Suites* peerSuites, word16 i,
wolfSSL 11:cee25a834751 19751 word16 j)
wolfSSL 11:cee25a834751 19752 {
wolfSSL 11:cee25a834751 19753 if (ssl->suites->suites[i] == peerSuites->suites[j] &&
wolfSSL 11:cee25a834751 19754 ssl->suites->suites[i+1] == peerSuites->suites[j+1] ) {
wolfSSL 11:cee25a834751 19755
wolfSSL 11:cee25a834751 19756 if (VerifyServerSuite(ssl, i)) {
wolfSSL 11:cee25a834751 19757 int result;
wolfSSL 11:cee25a834751 19758 WOLFSSL_MSG("Verified suite validity");
wolfSSL 11:cee25a834751 19759 ssl->options.cipherSuite0 = ssl->suites->suites[i];
wolfSSL 11:cee25a834751 19760 ssl->options.cipherSuite = ssl->suites->suites[i+1];
wolfSSL 11:cee25a834751 19761 result = SetCipherSpecs(ssl);
wolfSSL 11:cee25a834751 19762 if (result == 0)
wolfSSL 11:cee25a834751 19763 PickHashSigAlgo(ssl, peerSuites->hashSigAlgo,
wolfSSL 11:cee25a834751 19764 peerSuites->hashSigAlgoSz);
wolfSSL 11:cee25a834751 19765 return result;
wolfSSL 11:cee25a834751 19766 }
wolfSSL 11:cee25a834751 19767 else {
wolfSSL 11:cee25a834751 19768 WOLFSSL_MSG("Could not verify suite validity, continue");
wolfSSL 11:cee25a834751 19769 }
wolfSSL 11:cee25a834751 19770 }
wolfSSL 11:cee25a834751 19771
wolfSSL 11:cee25a834751 19772 return MATCH_SUITE_ERROR;
wolfSSL 11:cee25a834751 19773 }
wolfSSL 11:cee25a834751 19774
wolfSSL 11:cee25a834751 19775 static int MatchSuite(WOLFSSL* ssl, Suites* peerSuites)
wolfSSL 11:cee25a834751 19776 {
wolfSSL 11:cee25a834751 19777 int ret;
wolfSSL 11:cee25a834751 19778 word16 i, j;
wolfSSL 11:cee25a834751 19779
wolfSSL 11:cee25a834751 19780 WOLFSSL_ENTER("MatchSuite");
wolfSSL 11:cee25a834751 19781
wolfSSL 11:cee25a834751 19782 /* & 0x1 equivalent % 2 */
wolfSSL 11:cee25a834751 19783 if (peerSuites->suiteSz == 0 || peerSuites->suiteSz & 0x1)
wolfSSL 11:cee25a834751 19784 return MATCH_SUITE_ERROR;
wolfSSL 11:cee25a834751 19785
wolfSSL 11:cee25a834751 19786 if (ssl->suites == NULL)
wolfSSL 11:cee25a834751 19787 return SUITES_ERROR;
wolfSSL 11:cee25a834751 19788
wolfSSL 11:cee25a834751 19789 if (!ssl->options.useClientOrder) {
wolfSSL 11:cee25a834751 19790 /* Server order */
wolfSSL 11:cee25a834751 19791 for (i = 0; i < ssl->suites->suiteSz; i += 2) {
wolfSSL 11:cee25a834751 19792 for (j = 0; j < peerSuites->suiteSz; j += 2) {
wolfSSL 11:cee25a834751 19793 ret = CompareSuites(ssl, peerSuites, i, j);
wolfSSL 11:cee25a834751 19794 if (ret != MATCH_SUITE_ERROR)
wolfSSL 11:cee25a834751 19795 return ret;
wolfSSL 11:cee25a834751 19796 }
wolfSSL 11:cee25a834751 19797 }
wolfSSL 11:cee25a834751 19798 }
wolfSSL 11:cee25a834751 19799 else {
wolfSSL 11:cee25a834751 19800 /* Client order */
wolfSSL 11:cee25a834751 19801 for (j = 0; j < peerSuites->suiteSz; j += 2) {
wolfSSL 11:cee25a834751 19802 for (i = 0; i < ssl->suites->suiteSz; i += 2) {
wolfSSL 11:cee25a834751 19803 ret = CompareSuites(ssl, peerSuites, i, j);
wolfSSL 11:cee25a834751 19804 if (ret != MATCH_SUITE_ERROR)
wolfSSL 11:cee25a834751 19805 return ret;
wolfSSL 11:cee25a834751 19806 }
wolfSSL 11:cee25a834751 19807 }
wolfSSL 11:cee25a834751 19808 }
wolfSSL 11:cee25a834751 19809
wolfSSL 11:cee25a834751 19810 return MATCH_SUITE_ERROR;
wolfSSL 11:cee25a834751 19811 }
wolfSSL 11:cee25a834751 19812 #endif
wolfSSL 11:cee25a834751 19813
wolfSSL 11:cee25a834751 19814 #ifdef OLD_HELLO_ALLOWED
wolfSSL 11:cee25a834751 19815
wolfSSL 11:cee25a834751 19816 /* process old style client hello, deprecate? */
wolfSSL 11:cee25a834751 19817 int ProcessOldClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
wolfSSL 11:cee25a834751 19818 word32 inSz, word16 sz)
wolfSSL 11:cee25a834751 19819 {
wolfSSL 11:cee25a834751 19820 word32 idx = *inOutIdx;
wolfSSL 11:cee25a834751 19821 word16 sessionSz;
wolfSSL 11:cee25a834751 19822 word16 randomSz;
wolfSSL 11:cee25a834751 19823 word16 i, j;
wolfSSL 11:cee25a834751 19824 ProtocolVersion pv;
wolfSSL 11:cee25a834751 19825 Suites clSuites;
wolfSSL 11:cee25a834751 19826
wolfSSL 11:cee25a834751 19827 (void)inSz;
wolfSSL 11:cee25a834751 19828 WOLFSSL_MSG("Got old format client hello");
wolfSSL 11:cee25a834751 19829 #ifdef WOLFSSL_CALLBACKS
wolfSSL 11:cee25a834751 19830 if (ssl->hsInfoOn)
wolfSSL 11:cee25a834751 19831 AddPacketName("ClientHello", &ssl->handShakeInfo);
wolfSSL 11:cee25a834751 19832 if (ssl->toInfoOn)
wolfSSL 11:cee25a834751 19833 AddLateName("ClientHello", &ssl->timeoutInfo);
wolfSSL 11:cee25a834751 19834 #endif
wolfSSL 11:cee25a834751 19835
wolfSSL 11:cee25a834751 19836 /* manually hash input since different format */
wolfSSL 11:cee25a834751 19837 #ifndef NO_OLD_TLS
wolfSSL 11:cee25a834751 19838 #ifndef NO_MD5
wolfSSL 11:cee25a834751 19839 wc_Md5Update(&ssl->hsHashes->hashMd5, input + idx, sz);
wolfSSL 11:cee25a834751 19840 #endif
wolfSSL 11:cee25a834751 19841 #ifndef NO_SHA
wolfSSL 11:cee25a834751 19842 wc_ShaUpdate(&ssl->hsHashes->hashSha, input + idx, sz);
wolfSSL 11:cee25a834751 19843 #endif
wolfSSL 11:cee25a834751 19844 #endif
wolfSSL 11:cee25a834751 19845 #ifndef NO_SHA256
wolfSSL 11:cee25a834751 19846 if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL 11:cee25a834751 19847 int shaRet = wc_Sha256Update(&ssl->hsHashes->hashSha256,
wolfSSL 11:cee25a834751 19848 input + idx, sz);
wolfSSL 11:cee25a834751 19849 if (shaRet != 0)
wolfSSL 11:cee25a834751 19850 return shaRet;
wolfSSL 11:cee25a834751 19851 }
wolfSSL 11:cee25a834751 19852 #endif
wolfSSL 11:cee25a834751 19853
wolfSSL 11:cee25a834751 19854 /* does this value mean client_hello? */
wolfSSL 11:cee25a834751 19855 idx++;
wolfSSL 11:cee25a834751 19856
wolfSSL 11:cee25a834751 19857 /* version */
wolfSSL 11:cee25a834751 19858 pv.major = input[idx++];
wolfSSL 11:cee25a834751 19859 pv.minor = input[idx++];
wolfSSL 11:cee25a834751 19860 ssl->chVersion = pv; /* store */
wolfSSL 11:cee25a834751 19861
wolfSSL 11:cee25a834751 19862 if (ssl->version.minor > pv.minor) {
wolfSSL 11:cee25a834751 19863 byte haveRSA = 0;
wolfSSL 11:cee25a834751 19864 byte havePSK = 0;
wolfSSL 11:cee25a834751 19865 if (!ssl->options.downgrade) {
wolfSSL 11:cee25a834751 19866 WOLFSSL_MSG("Client trying to connect with lesser version");
wolfSSL 11:cee25a834751 19867 return VERSION_ERROR;
wolfSSL 11:cee25a834751 19868 }
wolfSSL 11:cee25a834751 19869 if (pv.minor < ssl->options.minDowngrade) {
wolfSSL 11:cee25a834751 19870 WOLFSSL_MSG("\tversion below minimum allowed, fatal error");
wolfSSL 11:cee25a834751 19871 return VERSION_ERROR;
wolfSSL 11:cee25a834751 19872 }
wolfSSL 11:cee25a834751 19873 if (pv.minor == SSLv3_MINOR) {
wolfSSL 11:cee25a834751 19874 /* turn off tls */
wolfSSL 11:cee25a834751 19875 WOLFSSL_MSG("\tdowngrading to SSLv3");
wolfSSL 11:cee25a834751 19876 ssl->options.tls = 0;
wolfSSL 11:cee25a834751 19877 ssl->options.tls1_1 = 0;
wolfSSL 11:cee25a834751 19878 ssl->version.minor = SSLv3_MINOR;
wolfSSL 11:cee25a834751 19879 }
wolfSSL 11:cee25a834751 19880 else if (pv.minor == TLSv1_MINOR) {
wolfSSL 11:cee25a834751 19881 WOLFSSL_MSG("\tdowngrading to TLSv1");
wolfSSL 11:cee25a834751 19882 /* turn off tls 1.1+ */
wolfSSL 11:cee25a834751 19883 ssl->options.tls1_1 = 0;
wolfSSL 11:cee25a834751 19884 ssl->version.minor = TLSv1_MINOR;
wolfSSL 11:cee25a834751 19885 }
wolfSSL 11:cee25a834751 19886 else if (pv.minor == TLSv1_1_MINOR) {
wolfSSL 11:cee25a834751 19887 WOLFSSL_MSG("\tdowngrading to TLSv1.1");
wolfSSL 11:cee25a834751 19888 ssl->version.minor = TLSv1_1_MINOR;
wolfSSL 11:cee25a834751 19889 }
wolfSSL 11:cee25a834751 19890 #ifndef NO_RSA
wolfSSL 11:cee25a834751 19891 haveRSA = 1;
wolfSSL 11:cee25a834751 19892 #endif
wolfSSL 11:cee25a834751 19893 #ifndef NO_PSK
wolfSSL 11:cee25a834751 19894 havePSK = ssl->options.havePSK;
wolfSSL 11:cee25a834751 19895 #endif
wolfSSL 11:cee25a834751 19896
wolfSSL 11:cee25a834751 19897 InitSuites(ssl->suites, ssl->version, haveRSA, havePSK,
wolfSSL 11:cee25a834751 19898 ssl->options.haveDH, ssl->options.haveNTRU,
wolfSSL 11:cee25a834751 19899 ssl->options.haveECDSAsig, ssl->options.haveECC,
wolfSSL 11:cee25a834751 19900 ssl->options.haveStaticECC, ssl->options.side);
wolfSSL 11:cee25a834751 19901 }
wolfSSL 11:cee25a834751 19902
wolfSSL 11:cee25a834751 19903 /* suite size */
wolfSSL 11:cee25a834751 19904 ato16(&input[idx], &clSuites.suiteSz);
wolfSSL 11:cee25a834751 19905 idx += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 19906
wolfSSL 11:cee25a834751 19907 if (clSuites.suiteSz > WOLFSSL_MAX_SUITE_SZ)
wolfSSL 11:cee25a834751 19908 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 19909 clSuites.hashSigAlgoSz = 0;
wolfSSL 11:cee25a834751 19910
wolfSSL 11:cee25a834751 19911 /* session size */
wolfSSL 11:cee25a834751 19912 ato16(&input[idx], &sessionSz);
wolfSSL 11:cee25a834751 19913 idx += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 19914
wolfSSL 11:cee25a834751 19915 if (sessionSz > ID_LEN)
wolfSSL 11:cee25a834751 19916 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 19917
wolfSSL 11:cee25a834751 19918 /* random size */
wolfSSL 11:cee25a834751 19919 ato16(&input[idx], &randomSz);
wolfSSL 11:cee25a834751 19920 idx += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 19921
wolfSSL 11:cee25a834751 19922 if (randomSz > RAN_LEN)
wolfSSL 11:cee25a834751 19923 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 19924
wolfSSL 11:cee25a834751 19925 /* suites */
wolfSSL 11:cee25a834751 19926 for (i = 0, j = 0; i < clSuites.suiteSz; i += 3) {
wolfSSL 11:cee25a834751 19927 byte first = input[idx++];
wolfSSL 11:cee25a834751 19928 if (!first) { /* implicit: skip sslv2 type */
wolfSSL 11:cee25a834751 19929 XMEMCPY(&clSuites.suites[j], &input[idx], SUITE_LEN);
wolfSSL 11:cee25a834751 19930 j += SUITE_LEN;
wolfSSL 11:cee25a834751 19931 }
wolfSSL 11:cee25a834751 19932 idx += SUITE_LEN;
wolfSSL 11:cee25a834751 19933 }
wolfSSL 11:cee25a834751 19934 clSuites.suiteSz = j;
wolfSSL 11:cee25a834751 19935
wolfSSL 11:cee25a834751 19936 /* session id */
wolfSSL 11:cee25a834751 19937 if (sessionSz) {
wolfSSL 11:cee25a834751 19938 XMEMCPY(ssl->arrays->sessionID, input + idx, sessionSz);
wolfSSL 11:cee25a834751 19939 ssl->arrays->sessionIDSz = (byte)sessionSz;
wolfSSL 11:cee25a834751 19940 idx += sessionSz;
wolfSSL 11:cee25a834751 19941 ssl->options.resuming = 1;
wolfSSL 11:cee25a834751 19942 }
wolfSSL 11:cee25a834751 19943
wolfSSL 11:cee25a834751 19944 /* random */
wolfSSL 11:cee25a834751 19945 if (randomSz < RAN_LEN)
wolfSSL 11:cee25a834751 19946 XMEMSET(ssl->arrays->clientRandom, 0, RAN_LEN - randomSz);
wolfSSL 11:cee25a834751 19947 XMEMCPY(&ssl->arrays->clientRandom[RAN_LEN - randomSz], input + idx,
wolfSSL 11:cee25a834751 19948 randomSz);
wolfSSL 11:cee25a834751 19949 idx += randomSz;
wolfSSL 11:cee25a834751 19950
wolfSSL 11:cee25a834751 19951 if (ssl->options.usingCompression)
wolfSSL 11:cee25a834751 19952 ssl->options.usingCompression = 0; /* turn off */
wolfSSL 11:cee25a834751 19953
wolfSSL 11:cee25a834751 19954 ssl->options.clientState = CLIENT_HELLO_COMPLETE;
wolfSSL 11:cee25a834751 19955 *inOutIdx = idx;
wolfSSL 11:cee25a834751 19956
wolfSSL 11:cee25a834751 19957 ssl->options.haveSessionId = 1;
wolfSSL 11:cee25a834751 19958 /* DoClientHello uses same resume code */
wolfSSL 11:cee25a834751 19959 if (ssl->options.resuming) { /* let's try */
wolfSSL 11:cee25a834751 19960 int ret = -1;
wolfSSL 11:cee25a834751 19961 WOLFSSL_SESSION* session = GetSession(ssl,
wolfSSL 11:cee25a834751 19962 ssl->arrays->masterSecret, 1);
wolfSSL 11:cee25a834751 19963 #ifdef HAVE_SESSION_TICKET
wolfSSL 11:cee25a834751 19964 if (ssl->options.useTicket == 1) {
wolfSSL 11:cee25a834751 19965 session = &ssl->session;
wolfSSL 11:cee25a834751 19966 }
wolfSSL 11:cee25a834751 19967 #endif
wolfSSL 11:cee25a834751 19968
wolfSSL 11:cee25a834751 19969 if (!session) {
wolfSSL 11:cee25a834751 19970 WOLFSSL_MSG("Session lookup for resume failed");
wolfSSL 11:cee25a834751 19971 ssl->options.resuming = 0;
wolfSSL 11:cee25a834751 19972 } else {
wolfSSL 11:cee25a834751 19973 #ifdef HAVE_EXT_CACHE
wolfSSL 11:cee25a834751 19974 wolfSSL_SESSION_free(session);
wolfSSL 11:cee25a834751 19975 #endif
wolfSSL 11:cee25a834751 19976 if (MatchSuite(ssl, &clSuites) < 0) {
wolfSSL 11:cee25a834751 19977 WOLFSSL_MSG("Unsupported cipher suite, OldClientHello");
wolfSSL 11:cee25a834751 19978 return UNSUPPORTED_SUITE;
wolfSSL 11:cee25a834751 19979 }
wolfSSL 11:cee25a834751 19980
wolfSSL 11:cee25a834751 19981 ret = wc_RNG_GenerateBlock(ssl->rng, ssl->arrays->serverRandom,
wolfSSL 11:cee25a834751 19982 RAN_LEN);
wolfSSL 11:cee25a834751 19983 if (ret != 0)
wolfSSL 11:cee25a834751 19984 return ret;
wolfSSL 11:cee25a834751 19985
wolfSSL 11:cee25a834751 19986 #ifdef NO_OLD_TLS
wolfSSL 11:cee25a834751 19987 ret = DeriveTlsKeys(ssl);
wolfSSL 11:cee25a834751 19988 #else
wolfSSL 11:cee25a834751 19989 #ifndef NO_TLS
wolfSSL 11:cee25a834751 19990 if (ssl->options.tls)
wolfSSL 11:cee25a834751 19991 ret = DeriveTlsKeys(ssl);
wolfSSL 11:cee25a834751 19992 #endif
wolfSSL 11:cee25a834751 19993 if (!ssl->options.tls)
wolfSSL 11:cee25a834751 19994 ret = DeriveKeys(ssl);
wolfSSL 11:cee25a834751 19995 #endif
wolfSSL 11:cee25a834751 19996 ssl->options.clientState = CLIENT_KEYEXCHANGE_COMPLETE;
wolfSSL 11:cee25a834751 19997
wolfSSL 11:cee25a834751 19998 return ret;
wolfSSL 11:cee25a834751 19999 }
wolfSSL 11:cee25a834751 20000 }
wolfSSL 11:cee25a834751 20001
wolfSSL 11:cee25a834751 20002 return MatchSuite(ssl, &clSuites);
wolfSSL 11:cee25a834751 20003 }
wolfSSL 11:cee25a834751 20004
wolfSSL 11:cee25a834751 20005 #endif /* OLD_HELLO_ALLOWED */
wolfSSL 11:cee25a834751 20006
wolfSSL 11:cee25a834751 20007
wolfSSL 11:cee25a834751 20008 static int DoClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
wolfSSL 11:cee25a834751 20009 word32 helloSz)
wolfSSL 11:cee25a834751 20010 {
wolfSSL 11:cee25a834751 20011 byte b;
wolfSSL 11:cee25a834751 20012 byte bogusID = 0; /* flag for a bogus session id */
wolfSSL 11:cee25a834751 20013 ProtocolVersion pv;
wolfSSL 11:cee25a834751 20014 Suites clSuites;
wolfSSL 11:cee25a834751 20015 word32 i = *inOutIdx;
wolfSSL 11:cee25a834751 20016 word32 begin = i;
wolfSSL 11:cee25a834751 20017 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 20018 Hmac cookieHmac;
wolfSSL 11:cee25a834751 20019 byte peerCookie[MAX_COOKIE_LEN];
wolfSSL 11:cee25a834751 20020 byte peerCookieSz = 0;
wolfSSL 11:cee25a834751 20021 byte cookieType;
wolfSSL 11:cee25a834751 20022 byte cookieSz = 0;
wolfSSL 11:cee25a834751 20023
wolfSSL 11:cee25a834751 20024 XMEMSET(&cookieHmac, 0, sizeof(Hmac));
wolfSSL 11:cee25a834751 20025 #endif /* WOLFSSL_DTLS */
wolfSSL 11:cee25a834751 20026
wolfSSL 11:cee25a834751 20027 #ifdef WOLFSSL_CALLBACKS
wolfSSL 11:cee25a834751 20028 if (ssl->hsInfoOn) AddPacketName("ClientHello", &ssl->handShakeInfo);
wolfSSL 11:cee25a834751 20029 if (ssl->toInfoOn) AddLateName("ClientHello", &ssl->timeoutInfo);
wolfSSL 11:cee25a834751 20030 #endif
wolfSSL 11:cee25a834751 20031
wolfSSL 11:cee25a834751 20032 /* protocol version, random and session id length check */
wolfSSL 11:cee25a834751 20033 if ((i - begin) + OPAQUE16_LEN + RAN_LEN + OPAQUE8_LEN > helloSz)
wolfSSL 11:cee25a834751 20034 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 20035
wolfSSL 11:cee25a834751 20036 /* protocol version */
wolfSSL 11:cee25a834751 20037 XMEMCPY(&pv, input + i, OPAQUE16_LEN);
wolfSSL 11:cee25a834751 20038 ssl->chVersion = pv; /* store */
wolfSSL 11:cee25a834751 20039 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 20040 if (IsDtlsNotSctpMode(ssl)) {
wolfSSL 11:cee25a834751 20041 int ret;
wolfSSL 11:cee25a834751 20042 #if defined(NO_SHA) && defined(NO_SHA256)
wolfSSL 11:cee25a834751 20043 #error "DTLS needs either SHA or SHA-256"
wolfSSL 11:cee25a834751 20044 #endif /* NO_SHA && NO_SHA256 */
wolfSSL 11:cee25a834751 20045
wolfSSL 11:cee25a834751 20046 #if !defined(NO_SHA) && defined(NO_SHA256)
wolfSSL 11:cee25a834751 20047 cookieType = SHA;
wolfSSL 11:cee25a834751 20048 cookieSz = SHA_DIGEST_SIZE;
wolfSSL 11:cee25a834751 20049 #endif /* NO_SHA */
wolfSSL 11:cee25a834751 20050 #ifndef NO_SHA256
wolfSSL 11:cee25a834751 20051 cookieType = SHA256;
wolfSSL 11:cee25a834751 20052 cookieSz = SHA256_DIGEST_SIZE;
wolfSSL 11:cee25a834751 20053 #endif /* NO_SHA256 */
wolfSSL 11:cee25a834751 20054 ret = wc_HmacSetKey(&cookieHmac, cookieType,
wolfSSL 11:cee25a834751 20055 ssl->buffers.dtlsCookieSecret.buffer,
wolfSSL 11:cee25a834751 20056 ssl->buffers.dtlsCookieSecret.length);
wolfSSL 11:cee25a834751 20057 if (ret != 0) return ret;
wolfSSL 11:cee25a834751 20058 ret = wc_HmacUpdate(&cookieHmac,
wolfSSL 11:cee25a834751 20059 (const byte*)ssl->buffers.dtlsCtx.peer.sa,
wolfSSL 11:cee25a834751 20060 ssl->buffers.dtlsCtx.peer.sz);
wolfSSL 11:cee25a834751 20061 if (ret != 0) return ret;
wolfSSL 11:cee25a834751 20062 ret = wc_HmacUpdate(&cookieHmac, input + i, OPAQUE16_LEN);
wolfSSL 11:cee25a834751 20063 if (ret != 0) return ret;
wolfSSL 11:cee25a834751 20064 }
wolfSSL 11:cee25a834751 20065 #endif /* WOLFSSL_DTLS */
wolfSSL 11:cee25a834751 20066 i += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 20067
wolfSSL 11:cee25a834751 20068 if ((!ssl->options.dtls && ssl->version.minor > pv.minor) ||
wolfSSL 11:cee25a834751 20069 (ssl->options.dtls && ssl->version.minor != DTLS_MINOR
wolfSSL 11:cee25a834751 20070 && ssl->version.minor != DTLSv1_2_MINOR && pv.minor != DTLS_MINOR
wolfSSL 11:cee25a834751 20071 && pv.minor != DTLSv1_2_MINOR)) {
wolfSSL 11:cee25a834751 20072
wolfSSL 11:cee25a834751 20073 word16 haveRSA = 0;
wolfSSL 11:cee25a834751 20074 word16 havePSK = 0;
wolfSSL 11:cee25a834751 20075
wolfSSL 11:cee25a834751 20076 if (!ssl->options.downgrade) {
wolfSSL 11:cee25a834751 20077 WOLFSSL_MSG("Client trying to connect with lesser version");
wolfSSL 11:cee25a834751 20078 return VERSION_ERROR;
wolfSSL 11:cee25a834751 20079 }
wolfSSL 11:cee25a834751 20080 if (pv.minor < ssl->options.minDowngrade) {
wolfSSL 11:cee25a834751 20081 WOLFSSL_MSG("\tversion below minimum allowed, fatal error");
wolfSSL 11:cee25a834751 20082 return VERSION_ERROR;
wolfSSL 11:cee25a834751 20083 }
wolfSSL 11:cee25a834751 20084
wolfSSL 11:cee25a834751 20085 if (pv.minor == SSLv3_MINOR) {
wolfSSL 11:cee25a834751 20086 /* turn off tls */
wolfSSL 11:cee25a834751 20087 WOLFSSL_MSG("\tdowngrading to SSLv3");
wolfSSL 11:cee25a834751 20088 ssl->options.tls = 0;
wolfSSL 11:cee25a834751 20089 ssl->options.tls1_1 = 0;
wolfSSL 11:cee25a834751 20090 ssl->version.minor = SSLv3_MINOR;
wolfSSL 11:cee25a834751 20091 }
wolfSSL 11:cee25a834751 20092 else if (pv.minor == TLSv1_MINOR) {
wolfSSL 11:cee25a834751 20093 /* turn off tls 1.1+ */
wolfSSL 11:cee25a834751 20094 WOLFSSL_MSG("\tdowngrading to TLSv1");
wolfSSL 11:cee25a834751 20095 ssl->options.tls1_1 = 0;
wolfSSL 11:cee25a834751 20096 ssl->version.minor = TLSv1_MINOR;
wolfSSL 11:cee25a834751 20097 }
wolfSSL 11:cee25a834751 20098 else if (pv.minor == TLSv1_1_MINOR) {
wolfSSL 11:cee25a834751 20099 WOLFSSL_MSG("\tdowngrading to TLSv1.1");
wolfSSL 11:cee25a834751 20100 ssl->version.minor = TLSv1_1_MINOR;
wolfSSL 11:cee25a834751 20101 }
wolfSSL 11:cee25a834751 20102 #ifndef NO_RSA
wolfSSL 11:cee25a834751 20103 haveRSA = 1;
wolfSSL 11:cee25a834751 20104 #endif
wolfSSL 11:cee25a834751 20105 #ifndef NO_PSK
wolfSSL 11:cee25a834751 20106 havePSK = ssl->options.havePSK;
wolfSSL 11:cee25a834751 20107 #endif
wolfSSL 11:cee25a834751 20108 InitSuites(ssl->suites, ssl->version, haveRSA, havePSK,
wolfSSL 11:cee25a834751 20109 ssl->options.haveDH, ssl->options.haveNTRU,
wolfSSL 11:cee25a834751 20110 ssl->options.haveECDSAsig, ssl->options.haveECC,
wolfSSL 11:cee25a834751 20111 ssl->options.haveStaticECC, ssl->options.side);
wolfSSL 11:cee25a834751 20112 }
wolfSSL 11:cee25a834751 20113
wolfSSL 11:cee25a834751 20114 /* random */
wolfSSL 11:cee25a834751 20115 XMEMCPY(ssl->arrays->clientRandom, input + i, RAN_LEN);
wolfSSL 11:cee25a834751 20116 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 20117 if (IsDtlsNotSctpMode(ssl)) {
wolfSSL 11:cee25a834751 20118 int ret = wc_HmacUpdate(&cookieHmac, input + i, RAN_LEN);
wolfSSL 11:cee25a834751 20119 if (ret != 0) return ret;
wolfSSL 11:cee25a834751 20120 }
wolfSSL 11:cee25a834751 20121 #endif /* WOLFSSL_DTLS */
wolfSSL 11:cee25a834751 20122 i += RAN_LEN;
wolfSSL 11:cee25a834751 20123
wolfSSL 11:cee25a834751 20124 #ifdef SHOW_SECRETS
wolfSSL 11:cee25a834751 20125 {
wolfSSL 11:cee25a834751 20126 int j;
wolfSSL 11:cee25a834751 20127 printf("client random: ");
wolfSSL 11:cee25a834751 20128 for (j = 0; j < RAN_LEN; j++)
wolfSSL 11:cee25a834751 20129 printf("%02x", ssl->arrays->clientRandom[j]);
wolfSSL 11:cee25a834751 20130 printf("\n");
wolfSSL 11:cee25a834751 20131 }
wolfSSL 11:cee25a834751 20132 #endif
wolfSSL 11:cee25a834751 20133
wolfSSL 11:cee25a834751 20134 /* session id */
wolfSSL 11:cee25a834751 20135 b = input[i++];
wolfSSL 11:cee25a834751 20136
wolfSSL 11:cee25a834751 20137 #ifdef HAVE_SESSION_TICKET
wolfSSL 11:cee25a834751 20138 if (b > 0 && b < ID_LEN) {
wolfSSL 11:cee25a834751 20139 bogusID = 1;
wolfSSL 11:cee25a834751 20140 WOLFSSL_MSG("Client sent bogus session id, let's allow for echo");
wolfSSL 11:cee25a834751 20141 }
wolfSSL 11:cee25a834751 20142 #endif
wolfSSL 11:cee25a834751 20143
wolfSSL 11:cee25a834751 20144 if (b == ID_LEN || bogusID) {
wolfSSL 11:cee25a834751 20145 if ((i - begin) + b > helloSz)
wolfSSL 11:cee25a834751 20146 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 20147
wolfSSL 11:cee25a834751 20148 XMEMCPY(ssl->arrays->sessionID, input + i, b);
wolfSSL 11:cee25a834751 20149 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 20150 if (IsDtlsNotSctpMode(ssl)) {
wolfSSL 11:cee25a834751 20151 int ret = wc_HmacUpdate(&cookieHmac, input + i - 1, b + 1);
wolfSSL 11:cee25a834751 20152 if (ret != 0) return ret;
wolfSSL 11:cee25a834751 20153 }
wolfSSL 11:cee25a834751 20154 #endif /* WOLFSSL_DTLS */
wolfSSL 11:cee25a834751 20155 ssl->arrays->sessionIDSz = b;
wolfSSL 11:cee25a834751 20156 i += b;
wolfSSL 11:cee25a834751 20157 ssl->options.resuming = 1; /* client wants to resume */
wolfSSL 11:cee25a834751 20158 WOLFSSL_MSG("Client wants to resume session");
wolfSSL 11:cee25a834751 20159 }
wolfSSL 11:cee25a834751 20160 else if (b) {
wolfSSL 11:cee25a834751 20161 WOLFSSL_MSG("Invalid session ID size");
wolfSSL 11:cee25a834751 20162 return BUFFER_ERROR; /* session ID nor 0 neither 32 bytes long */
wolfSSL 11:cee25a834751 20163 }
wolfSSL 11:cee25a834751 20164
wolfSSL 11:cee25a834751 20165 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 20166 /* cookie */
wolfSSL 11:cee25a834751 20167 if (ssl->options.dtls) {
wolfSSL 11:cee25a834751 20168
wolfSSL 11:cee25a834751 20169 if ((i - begin) + OPAQUE8_LEN > helloSz)
wolfSSL 11:cee25a834751 20170 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 20171
wolfSSL 11:cee25a834751 20172 peerCookieSz = input[i++];
wolfSSL 11:cee25a834751 20173
wolfSSL 11:cee25a834751 20174 if (peerCookieSz) {
wolfSSL 11:cee25a834751 20175 if (peerCookieSz > MAX_COOKIE_LEN)
wolfSSL 11:cee25a834751 20176 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 20177
wolfSSL 11:cee25a834751 20178 if ((i - begin) + peerCookieSz > helloSz)
wolfSSL 11:cee25a834751 20179 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 20180
wolfSSL 11:cee25a834751 20181 XMEMCPY(peerCookie, input + i, peerCookieSz);
wolfSSL 11:cee25a834751 20182
wolfSSL 11:cee25a834751 20183 i += peerCookieSz;
wolfSSL 11:cee25a834751 20184 }
wolfSSL 11:cee25a834751 20185 }
wolfSSL 11:cee25a834751 20186 #endif
wolfSSL 11:cee25a834751 20187
wolfSSL 11:cee25a834751 20188 /* suites */
wolfSSL 11:cee25a834751 20189 if ((i - begin) + OPAQUE16_LEN > helloSz)
wolfSSL 11:cee25a834751 20190 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 20191
wolfSSL 11:cee25a834751 20192 ato16(&input[i], &clSuites.suiteSz);
wolfSSL 11:cee25a834751 20193 i += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 20194
wolfSSL 11:cee25a834751 20195 /* suites and compression length check */
wolfSSL 11:cee25a834751 20196 if ((i - begin) + clSuites.suiteSz + OPAQUE8_LEN > helloSz)
wolfSSL 11:cee25a834751 20197 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 20198
wolfSSL 11:cee25a834751 20199 if (clSuites.suiteSz > WOLFSSL_MAX_SUITE_SZ)
wolfSSL 11:cee25a834751 20200 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 20201
wolfSSL 11:cee25a834751 20202 XMEMCPY(clSuites.suites, input + i, clSuites.suiteSz);
wolfSSL 11:cee25a834751 20203
wolfSSL 11:cee25a834751 20204 #ifdef HAVE_SERVER_RENEGOTIATION_INFO
wolfSSL 11:cee25a834751 20205 /* check for TLS_EMPTY_RENEGOTIATION_INFO_SCSV suite */
wolfSSL 11:cee25a834751 20206 if (FindSuite(&clSuites, 0, TLS_EMPTY_RENEGOTIATION_INFO_SCSV) >= 0) {
wolfSSL 11:cee25a834751 20207 int ret = 0;
wolfSSL 11:cee25a834751 20208
wolfSSL 11:cee25a834751 20209 ret = TLSX_AddEmptyRenegotiationInfo(&ssl->extensions, ssl->heap);
wolfSSL 11:cee25a834751 20210 if (ret != SSL_SUCCESS)
wolfSSL 11:cee25a834751 20211 return ret;
wolfSSL 11:cee25a834751 20212 }
wolfSSL 11:cee25a834751 20213 #endif /* HAVE_SERVER_RENEGOTIATION_INFO */
wolfSSL 11:cee25a834751 20214
wolfSSL 11:cee25a834751 20215 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 20216 if (IsDtlsNotSctpMode(ssl)) {
wolfSSL 11:cee25a834751 20217 int ret = wc_HmacUpdate(&cookieHmac,
wolfSSL 11:cee25a834751 20218 input + i - OPAQUE16_LEN,
wolfSSL 11:cee25a834751 20219 clSuites.suiteSz + OPAQUE16_LEN);
wolfSSL 11:cee25a834751 20220 if (ret != 0) return ret;
wolfSSL 11:cee25a834751 20221 }
wolfSSL 11:cee25a834751 20222 #endif /* WOLFSSL_DTLS */
wolfSSL 11:cee25a834751 20223 i += clSuites.suiteSz;
wolfSSL 11:cee25a834751 20224 clSuites.hashSigAlgoSz = 0;
wolfSSL 11:cee25a834751 20225
wolfSSL 11:cee25a834751 20226 /* compression length */
wolfSSL 11:cee25a834751 20227 b = input[i++];
wolfSSL 11:cee25a834751 20228
wolfSSL 11:cee25a834751 20229 if ((i - begin) + b > helloSz)
wolfSSL 11:cee25a834751 20230 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 20231
wolfSSL 11:cee25a834751 20232 if (b == 0) {
wolfSSL 11:cee25a834751 20233 WOLFSSL_MSG("No compression types in list");
wolfSSL 11:cee25a834751 20234 return COMPRESSION_ERROR;
wolfSSL 11:cee25a834751 20235 }
wolfSSL 11:cee25a834751 20236
wolfSSL 11:cee25a834751 20237 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 20238 if (IsDtlsNotSctpMode(ssl)) {
wolfSSL 11:cee25a834751 20239 byte newCookie[MAX_COOKIE_LEN];
wolfSSL 11:cee25a834751 20240 int ret;
wolfSSL 11:cee25a834751 20241
wolfSSL 11:cee25a834751 20242 ret = wc_HmacUpdate(&cookieHmac, input + i - 1, b + 1);
wolfSSL 11:cee25a834751 20243 if (ret != 0) return ret;
wolfSSL 11:cee25a834751 20244 ret = wc_HmacFinal(&cookieHmac, newCookie);
wolfSSL 11:cee25a834751 20245 if (ret != 0) return ret;
wolfSSL 11:cee25a834751 20246
wolfSSL 11:cee25a834751 20247 /* If a cookie callback is set, call it to overwrite the cookie.
wolfSSL 11:cee25a834751 20248 * This should be deprecated. The code now calculates the cookie
wolfSSL 11:cee25a834751 20249 * using an HMAC as expected. */
wolfSSL 11:cee25a834751 20250 if (ssl->ctx->CBIOCookie != NULL &&
wolfSSL 11:cee25a834751 20251 ssl->ctx->CBIOCookie(ssl, newCookie, cookieSz,
wolfSSL 11:cee25a834751 20252 ssl->IOCB_CookieCtx) != cookieSz) {
wolfSSL 11:cee25a834751 20253 return COOKIE_ERROR;
wolfSSL 11:cee25a834751 20254 }
wolfSSL 11:cee25a834751 20255
wolfSSL 11:cee25a834751 20256 /* Check the cookie, see if we progress the state machine. */
wolfSSL 11:cee25a834751 20257 if (peerCookieSz != cookieSz ||
wolfSSL 11:cee25a834751 20258 XMEMCMP(peerCookie, newCookie, cookieSz) != 0) {
wolfSSL 11:cee25a834751 20259
wolfSSL 11:cee25a834751 20260 /* Send newCookie to client in a HelloVerifyRequest message
wolfSSL 11:cee25a834751 20261 * and let the state machine alone. */
wolfSSL 11:cee25a834751 20262 ssl->msgsReceived.got_client_hello = 0;
wolfSSL 11:cee25a834751 20263 ssl->keys.dtls_handshake_number = 0;
wolfSSL 11:cee25a834751 20264 ssl->keys.dtls_expected_peer_handshake_number = 0;
wolfSSL 11:cee25a834751 20265 *inOutIdx += helloSz;
wolfSSL 11:cee25a834751 20266 return SendHelloVerifyRequest(ssl, newCookie, cookieSz);
wolfSSL 11:cee25a834751 20267 }
wolfSSL 11:cee25a834751 20268
wolfSSL 11:cee25a834751 20269 /* This was skipped in the DTLS case so we could handle the hello
wolfSSL 11:cee25a834751 20270 * verify request. */
wolfSSL 11:cee25a834751 20271 ret = HashInput(ssl, input + *inOutIdx, helloSz);
wolfSSL 11:cee25a834751 20272 if (ret != 0) return ret;
wolfSSL 11:cee25a834751 20273 }
wolfSSL 11:cee25a834751 20274 #endif /* WOLFSSL_DTLS */
wolfSSL 11:cee25a834751 20275
wolfSSL 11:cee25a834751 20276 {
wolfSSL 11:cee25a834751 20277 /* copmression match types */
wolfSSL 11:cee25a834751 20278 int matchNo = 0;
wolfSSL 11:cee25a834751 20279 int matchZlib = 0;
wolfSSL 11:cee25a834751 20280
wolfSSL 11:cee25a834751 20281 while (b--) {
wolfSSL 11:cee25a834751 20282 byte comp = input[i++];
wolfSSL 11:cee25a834751 20283
wolfSSL 11:cee25a834751 20284 if (comp == NO_COMPRESSION) {
wolfSSL 11:cee25a834751 20285 matchNo = 1;
wolfSSL 11:cee25a834751 20286 }
wolfSSL 11:cee25a834751 20287 if (comp == ZLIB_COMPRESSION) {
wolfSSL 11:cee25a834751 20288 matchZlib = 1;
wolfSSL 11:cee25a834751 20289 }
wolfSSL 11:cee25a834751 20290 }
wolfSSL 11:cee25a834751 20291
wolfSSL 11:cee25a834751 20292 if (ssl->options.usingCompression == 0 && matchNo) {
wolfSSL 11:cee25a834751 20293 WOLFSSL_MSG("Matched No Compression");
wolfSSL 11:cee25a834751 20294 } else if (ssl->options.usingCompression && matchZlib) {
wolfSSL 11:cee25a834751 20295 WOLFSSL_MSG("Matched zlib Compression");
wolfSSL 11:cee25a834751 20296 } else if (ssl->options.usingCompression && matchNo) {
wolfSSL 11:cee25a834751 20297 WOLFSSL_MSG("Could only match no compression, turning off");
wolfSSL 11:cee25a834751 20298 ssl->options.usingCompression = 0; /* turn off */
wolfSSL 11:cee25a834751 20299 } else {
wolfSSL 11:cee25a834751 20300 WOLFSSL_MSG("Could not match compression");
wolfSSL 11:cee25a834751 20301 return COMPRESSION_ERROR;
wolfSSL 11:cee25a834751 20302 }
wolfSSL 11:cee25a834751 20303 }
wolfSSL 11:cee25a834751 20304
wolfSSL 11:cee25a834751 20305 *inOutIdx = i;
wolfSSL 11:cee25a834751 20306
wolfSSL 11:cee25a834751 20307 /* tls extensions */
wolfSSL 11:cee25a834751 20308 if ((i - begin) < helloSz) {
wolfSSL 11:cee25a834751 20309 #ifdef HAVE_TLS_EXTENSIONS
wolfSSL 11:cee25a834751 20310 #ifdef HAVE_QSH
wolfSSL 11:cee25a834751 20311 QSH_Init(ssl);
wolfSSL 11:cee25a834751 20312 #endif
wolfSSL 11:cee25a834751 20313 if (TLSX_SupportExtensions(ssl)) {
wolfSSL 11:cee25a834751 20314 int ret = 0;
wolfSSL 11:cee25a834751 20315 #else
wolfSSL 11:cee25a834751 20316 if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL 11:cee25a834751 20317 #endif
wolfSSL 11:cee25a834751 20318 /* Process the hello extension. Skip unsupported. */
wolfSSL 11:cee25a834751 20319 word16 totalExtSz;
wolfSSL 11:cee25a834751 20320
wolfSSL 11:cee25a834751 20321 #ifdef HAVE_TLS_EXTENSIONS
wolfSSL 11:cee25a834751 20322 /* auto populate extensions supported unless user defined */
wolfSSL 11:cee25a834751 20323 if ((ret = TLSX_PopulateExtensions(ssl, 1)) != 0)
wolfSSL 11:cee25a834751 20324 return ret;
wolfSSL 11:cee25a834751 20325 #endif
wolfSSL 11:cee25a834751 20326
wolfSSL 11:cee25a834751 20327 if ((i - begin) + OPAQUE16_LEN > helloSz)
wolfSSL 11:cee25a834751 20328 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 20329
wolfSSL 11:cee25a834751 20330 ato16(&input[i], &totalExtSz);
wolfSSL 11:cee25a834751 20331 i += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 20332
wolfSSL 11:cee25a834751 20333 if ((i - begin) + totalExtSz > helloSz)
wolfSSL 11:cee25a834751 20334 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 20335
wolfSSL 11:cee25a834751 20336 #ifdef HAVE_TLS_EXTENSIONS
wolfSSL 11:cee25a834751 20337 /* tls extensions */
wolfSSL 11:cee25a834751 20338 if ((ret = TLSX_Parse(ssl, (byte *) input + i,
wolfSSL 11:cee25a834751 20339 totalExtSz, 1, &clSuites)))
wolfSSL 11:cee25a834751 20340 return ret;
wolfSSL 11:cee25a834751 20341 #if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
wolfSSL 11:cee25a834751 20342 if((ret=SNI_Callback(ssl)))
wolfSSL 11:cee25a834751 20343 return ret;
wolfSSL 11:cee25a834751 20344 ssl->options.side = WOLFSSL_SERVER_END;
wolfSSL 11:cee25a834751 20345 #endif /*HAVE_STUNNEL*/
wolfSSL 11:cee25a834751 20346
wolfSSL 11:cee25a834751 20347 i += totalExtSz;
wolfSSL 11:cee25a834751 20348 #else
wolfSSL 11:cee25a834751 20349 while (totalExtSz) {
wolfSSL 11:cee25a834751 20350 word16 extId, extSz;
wolfSSL 11:cee25a834751 20351
wolfSSL 11:cee25a834751 20352 if (OPAQUE16_LEN + OPAQUE16_LEN > totalExtSz)
wolfSSL 11:cee25a834751 20353 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 20354
wolfSSL 11:cee25a834751 20355 ato16(&input[i], &extId);
wolfSSL 11:cee25a834751 20356 i += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 20357 ato16(&input[i], &extSz);
wolfSSL 11:cee25a834751 20358 i += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 20359
wolfSSL 11:cee25a834751 20360 if (OPAQUE16_LEN + OPAQUE16_LEN + extSz > totalExtSz)
wolfSSL 11:cee25a834751 20361 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 20362
wolfSSL 11:cee25a834751 20363 if (extId == HELLO_EXT_SIG_ALGO) {
wolfSSL 11:cee25a834751 20364 ato16(&input[i], &clSuites.hashSigAlgoSz);
wolfSSL 11:cee25a834751 20365 i += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 20366
wolfSSL 11:cee25a834751 20367 if (OPAQUE16_LEN + clSuites.hashSigAlgoSz > extSz)
wolfSSL 11:cee25a834751 20368 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 20369
wolfSSL 11:cee25a834751 20370 XMEMCPY(clSuites.hashSigAlgo, &input[i],
wolfSSL 11:cee25a834751 20371 min(clSuites.hashSigAlgoSz, HELLO_EXT_SIGALGO_MAX));
wolfSSL 11:cee25a834751 20372 i += clSuites.hashSigAlgoSz;
wolfSSL 11:cee25a834751 20373
wolfSSL 11:cee25a834751 20374 if (clSuites.hashSigAlgoSz > HELLO_EXT_SIGALGO_MAX)
wolfSSL 11:cee25a834751 20375 clSuites.hashSigAlgoSz = HELLO_EXT_SIGALGO_MAX;
wolfSSL 11:cee25a834751 20376 }
wolfSSL 11:cee25a834751 20377 #ifdef HAVE_EXTENDED_MASTER
wolfSSL 11:cee25a834751 20378 else if (extId == HELLO_EXT_EXTMS)
wolfSSL 11:cee25a834751 20379 ssl->options.haveEMS = 1;
wolfSSL 11:cee25a834751 20380 #endif
wolfSSL 11:cee25a834751 20381 else
wolfSSL 11:cee25a834751 20382 i += extSz;
wolfSSL 11:cee25a834751 20383
wolfSSL 11:cee25a834751 20384 totalExtSz -= OPAQUE16_LEN + OPAQUE16_LEN + extSz;
wolfSSL 11:cee25a834751 20385 }
wolfSSL 11:cee25a834751 20386 #endif
wolfSSL 11:cee25a834751 20387 *inOutIdx = i;
wolfSSL 11:cee25a834751 20388 }
wolfSSL 11:cee25a834751 20389 else
wolfSSL 11:cee25a834751 20390 *inOutIdx = begin + helloSz; /* skip extensions */
wolfSSL 11:cee25a834751 20391 }
wolfSSL 11:cee25a834751 20392
wolfSSL 11:cee25a834751 20393 ssl->options.clientState = CLIENT_HELLO_COMPLETE;
wolfSSL 11:cee25a834751 20394 ssl->options.haveSessionId = 1;
wolfSSL 11:cee25a834751 20395
wolfSSL 11:cee25a834751 20396 /* ProcessOld uses same resume code */
wolfSSL 11:cee25a834751 20397 if (ssl->options.resuming) {
wolfSSL 11:cee25a834751 20398 int ret = -1;
wolfSSL 11:cee25a834751 20399 WOLFSSL_SESSION* session = GetSession(ssl,
wolfSSL 11:cee25a834751 20400 ssl->arrays->masterSecret, 1);
wolfSSL 11:cee25a834751 20401 #ifdef HAVE_SESSION_TICKET
wolfSSL 11:cee25a834751 20402 if (ssl->options.useTicket == 1) {
wolfSSL 11:cee25a834751 20403 session = &ssl->session;
wolfSSL 11:cee25a834751 20404 } else if (bogusID == 1 && ssl->options.rejectTicket == 0) {
wolfSSL 11:cee25a834751 20405 WOLFSSL_MSG("Bogus session ID without session ticket");
wolfSSL 11:cee25a834751 20406 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 20407 }
wolfSSL 11:cee25a834751 20408 #endif
wolfSSL 11:cee25a834751 20409
wolfSSL 11:cee25a834751 20410 if (!session) {
wolfSSL 11:cee25a834751 20411 WOLFSSL_MSG("Session lookup for resume failed");
wolfSSL 11:cee25a834751 20412 ssl->options.resuming = 0;
wolfSSL 11:cee25a834751 20413 }
wolfSSL 11:cee25a834751 20414 else if (session->haveEMS != ssl->options.haveEMS) {
wolfSSL 11:cee25a834751 20415 /* RFC 7627, 5.3, server-side */
wolfSSL 11:cee25a834751 20416 /* if old sess didn't have EMS, but new does, full handshake */
wolfSSL 11:cee25a834751 20417 if (!session->haveEMS && ssl->options.haveEMS) {
wolfSSL 11:cee25a834751 20418 WOLFSSL_MSG("Attempting to resume a session that didn't "
wolfSSL 11:cee25a834751 20419 "use EMS with a new session with EMS. Do full "
wolfSSL 11:cee25a834751 20420 "handshake.");
wolfSSL 11:cee25a834751 20421 ssl->options.resuming = 0;
wolfSSL 11:cee25a834751 20422 }
wolfSSL 11:cee25a834751 20423 /* if old sess used EMS, but new doesn't, MUST abort */
wolfSSL 11:cee25a834751 20424 else if (session->haveEMS && !ssl->options.haveEMS) {
wolfSSL 11:cee25a834751 20425 WOLFSSL_MSG("Trying to resume a session with EMS without "
wolfSSL 11:cee25a834751 20426 "using EMS");
wolfSSL 11:cee25a834751 20427 return EXT_MASTER_SECRET_NEEDED_E;
wolfSSL 11:cee25a834751 20428 }
wolfSSL 11:cee25a834751 20429 #ifdef HAVE_EXT_CACHE
wolfSSL 11:cee25a834751 20430 wolfSSL_SESSION_free(session);
wolfSSL 11:cee25a834751 20431 #endif
wolfSSL 11:cee25a834751 20432 }
wolfSSL 11:cee25a834751 20433 else {
wolfSSL 11:cee25a834751 20434 #ifdef HAVE_EXT_CACHE
wolfSSL 11:cee25a834751 20435 wolfSSL_SESSION_free(session);
wolfSSL 11:cee25a834751 20436 #endif
wolfSSL 11:cee25a834751 20437 if (MatchSuite(ssl, &clSuites) < 0) {
wolfSSL 11:cee25a834751 20438 WOLFSSL_MSG("Unsupported cipher suite, ClientHello");
wolfSSL 11:cee25a834751 20439 return UNSUPPORTED_SUITE;
wolfSSL 11:cee25a834751 20440 }
wolfSSL 11:cee25a834751 20441
wolfSSL 11:cee25a834751 20442 ret = wc_RNG_GenerateBlock(ssl->rng, ssl->arrays->serverRandom,
wolfSSL 11:cee25a834751 20443 RAN_LEN);
wolfSSL 11:cee25a834751 20444 if (ret != 0)
wolfSSL 11:cee25a834751 20445 return ret;
wolfSSL 11:cee25a834751 20446
wolfSSL 11:cee25a834751 20447 #ifdef NO_OLD_TLS
wolfSSL 11:cee25a834751 20448 ret = DeriveTlsKeys(ssl);
wolfSSL 11:cee25a834751 20449 #else
wolfSSL 11:cee25a834751 20450 #ifndef NO_TLS
wolfSSL 11:cee25a834751 20451 if (ssl->options.tls)
wolfSSL 11:cee25a834751 20452 ret = DeriveTlsKeys(ssl);
wolfSSL 11:cee25a834751 20453 #endif
wolfSSL 11:cee25a834751 20454 if (!ssl->options.tls)
wolfSSL 11:cee25a834751 20455 ret = DeriveKeys(ssl);
wolfSSL 11:cee25a834751 20456 #endif
wolfSSL 11:cee25a834751 20457 ssl->options.clientState = CLIENT_KEYEXCHANGE_COMPLETE;
wolfSSL 11:cee25a834751 20458
wolfSSL 11:cee25a834751 20459 return ret;
wolfSSL 11:cee25a834751 20460 }
wolfSSL 11:cee25a834751 20461 }
wolfSSL 11:cee25a834751 20462 return MatchSuite(ssl, &clSuites);
wolfSSL 11:cee25a834751 20463 }
wolfSSL 11:cee25a834751 20464
wolfSSL 11:cee25a834751 20465
wolfSSL 11:cee25a834751 20466 #if !defined(NO_RSA) || defined(HAVE_ECC)
wolfSSL 11:cee25a834751 20467
wolfSSL 11:cee25a834751 20468 typedef struct DcvArgs {
wolfSSL 11:cee25a834751 20469 byte* output; /* not allocated */
wolfSSL 11:cee25a834751 20470 word32 sendSz;
wolfSSL 11:cee25a834751 20471 word16 sz;
wolfSSL 11:cee25a834751 20472 word32 sigSz;
wolfSSL 11:cee25a834751 20473 word32 idx;
wolfSSL 11:cee25a834751 20474 word32 begin;
wolfSSL 11:cee25a834751 20475 byte hashAlgo;
wolfSSL 11:cee25a834751 20476 byte sigAlgo;
wolfSSL 11:cee25a834751 20477 } DcvArgs;
wolfSSL 11:cee25a834751 20478
wolfSSL 11:cee25a834751 20479 static void FreeDcvArgs(WOLFSSL* ssl, void* pArgs)
wolfSSL 11:cee25a834751 20480 {
wolfSSL 11:cee25a834751 20481 DcvArgs* args = (DcvArgs*)pArgs;
wolfSSL 11:cee25a834751 20482
wolfSSL 11:cee25a834751 20483 (void)ssl;
wolfSSL 11:cee25a834751 20484 (void)args;
wolfSSL 11:cee25a834751 20485 }
wolfSSL 11:cee25a834751 20486
wolfSSL 11:cee25a834751 20487 static int DoCertificateVerify(WOLFSSL* ssl, byte* input,
wolfSSL 11:cee25a834751 20488 word32* inOutIdx, word32 size)
wolfSSL 11:cee25a834751 20489 {
wolfSSL 11:cee25a834751 20490 int ret = 0;
wolfSSL 11:cee25a834751 20491 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 11:cee25a834751 20492 DcvArgs* args = (DcvArgs*)ssl->async.args;
wolfSSL 11:cee25a834751 20493 typedef char args_test[sizeof(ssl->async.args) >= sizeof(*args) ? 1 : -1];
wolfSSL 11:cee25a834751 20494 (void)sizeof(args_test);
wolfSSL 11:cee25a834751 20495 #else
wolfSSL 11:cee25a834751 20496 DcvArgs args[1];
wolfSSL 11:cee25a834751 20497 #endif
wolfSSL 11:cee25a834751 20498
wolfSSL 11:cee25a834751 20499 WOLFSSL_ENTER("DoCertificateVerify");
wolfSSL 11:cee25a834751 20500
wolfSSL 11:cee25a834751 20501 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 11:cee25a834751 20502 ret = wolfSSL_AsyncPop(ssl, &ssl->options.asyncState);
wolfSSL 11:cee25a834751 20503 if (ret != WC_NOT_PENDING_E) {
wolfSSL 11:cee25a834751 20504 /* Check for error */
wolfSSL 11:cee25a834751 20505 if (ret < 0)
wolfSSL 11:cee25a834751 20506 goto exit_dcv;
wolfSSL 11:cee25a834751 20507 }
wolfSSL 11:cee25a834751 20508 else
wolfSSL 11:cee25a834751 20509 #endif
wolfSSL 11:cee25a834751 20510 {
wolfSSL 11:cee25a834751 20511 /* Reset state */
wolfSSL 11:cee25a834751 20512 ret = 0;
wolfSSL 11:cee25a834751 20513 ssl->options.asyncState = TLS_ASYNC_BEGIN;
wolfSSL 11:cee25a834751 20514 XMEMSET(args, 0, sizeof(DcvArgs));
wolfSSL 11:cee25a834751 20515 args->hashAlgo = sha_mac;
wolfSSL 11:cee25a834751 20516 args->sigAlgo = anonymous_sa_algo;
wolfSSL 11:cee25a834751 20517 args->idx = *inOutIdx;
wolfSSL 11:cee25a834751 20518 args->begin = *inOutIdx;
wolfSSL 11:cee25a834751 20519 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 11:cee25a834751 20520 ssl->async.freeArgs = FreeDcvArgs;
wolfSSL 11:cee25a834751 20521 #endif
wolfSSL 11:cee25a834751 20522 }
wolfSSL 11:cee25a834751 20523
wolfSSL 11:cee25a834751 20524 switch(ssl->options.asyncState)
wolfSSL 11:cee25a834751 20525 {
wolfSSL 11:cee25a834751 20526 case TLS_ASYNC_BEGIN:
wolfSSL 11:cee25a834751 20527 {
wolfSSL 11:cee25a834751 20528 #ifdef WOLFSSL_CALLBACKS
wolfSSL 11:cee25a834751 20529 if (ssl->hsInfoOn)
wolfSSL 11:cee25a834751 20530 AddPacketName("CertificateVerify", &ssl->handShakeInfo);
wolfSSL 11:cee25a834751 20531 if (ssl->toInfoOn)
wolfSSL 11:cee25a834751 20532 AddLateName("CertificateVerify", &ssl->timeoutInfo);
wolfSSL 11:cee25a834751 20533 #endif
wolfSSL 11:cee25a834751 20534
wolfSSL 11:cee25a834751 20535 /* Advance state and proceed */
wolfSSL 11:cee25a834751 20536 ssl->options.asyncState = TLS_ASYNC_BUILD;
wolfSSL 11:cee25a834751 20537 } /* case TLS_ASYNC_BEGIN */
wolfSSL 11:cee25a834751 20538
wolfSSL 11:cee25a834751 20539 case TLS_ASYNC_BUILD:
wolfSSL 11:cee25a834751 20540 {
wolfSSL 11:cee25a834751 20541 if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL 11:cee25a834751 20542 if ((args->idx - args->begin) + ENUM_LEN + ENUM_LEN > size) {
wolfSSL 11:cee25a834751 20543 ERROR_OUT(BUFFER_ERROR, exit_dcv);
wolfSSL 11:cee25a834751 20544 }
wolfSSL 11:cee25a834751 20545
wolfSSL 11:cee25a834751 20546 args->hashAlgo = input[args->idx++];
wolfSSL 11:cee25a834751 20547 args->sigAlgo = input[args->idx++];
wolfSSL 11:cee25a834751 20548 }
wolfSSL 11:cee25a834751 20549
wolfSSL 11:cee25a834751 20550 if ((args->idx - args->begin) + OPAQUE16_LEN > size) {
wolfSSL 11:cee25a834751 20551 ERROR_OUT(BUFFER_ERROR, exit_dcv);
wolfSSL 11:cee25a834751 20552 }
wolfSSL 11:cee25a834751 20553
wolfSSL 11:cee25a834751 20554 ato16(input + args->idx, &args->sz);
wolfSSL 11:cee25a834751 20555 args->idx += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 20556
wolfSSL 11:cee25a834751 20557 if ((args->idx - args->begin) + args->sz > size ||
wolfSSL 11:cee25a834751 20558 args->sz > ENCRYPT_LEN) {
wolfSSL 11:cee25a834751 20559 ERROR_OUT(BUFFER_ERROR, exit_dcv);
wolfSSL 11:cee25a834751 20560 }
wolfSSL 11:cee25a834751 20561
wolfSSL 11:cee25a834751 20562 #ifdef HAVE_ECC
wolfSSL 11:cee25a834751 20563 if (ssl->peerEccDsaKeyPresent) {
wolfSSL 11:cee25a834751 20564
wolfSSL 11:cee25a834751 20565 WOLFSSL_MSG("Doing ECC peer cert verify");
wolfSSL 11:cee25a834751 20566
wolfSSL 11:cee25a834751 20567 /* make sure a default is defined */
wolfSSL 11:cee25a834751 20568 #if !defined(NO_SHA)
wolfSSL 11:cee25a834751 20569 ssl->buffers.digest.buffer = ssl->hsHashes->certHashes.sha;
wolfSSL 11:cee25a834751 20570 ssl->buffers.digest.length = SHA_DIGEST_SIZE;
wolfSSL 11:cee25a834751 20571 #elif !defined(NO_SHA256)
wolfSSL 11:cee25a834751 20572 ssl->buffers.digest.buffer = ssl->hsHashes->certHashes.sha256;
wolfSSL 11:cee25a834751 20573 ssl->buffers.digest.length = SHA256_DIGEST_SIZE;
wolfSSL 11:cee25a834751 20574 #elif defined(WOLFSSL_SHA384)
wolfSSL 11:cee25a834751 20575 ssl->buffers.digest.buffer = ssl->hsHashes->certHashes.sha384;
wolfSSL 11:cee25a834751 20576 ssl->buffers.digest.length = SHA384_DIGEST_SIZE;
wolfSSL 11:cee25a834751 20577 #elif defined(WOLFSSL_SHA512)
wolfSSL 11:cee25a834751 20578 ssl->buffers.digest.buffer = ssl->hsHashes->certHashes.sha512;
wolfSSL 11:cee25a834751 20579 ssl->buffers.digest.length = SHA512_DIGEST_SIZE;
wolfSSL 11:cee25a834751 20580 #else
wolfSSL 11:cee25a834751 20581 #error No digest enabled for ECC sig verify
wolfSSL 11:cee25a834751 20582 #endif
wolfSSL 11:cee25a834751 20583
wolfSSL 11:cee25a834751 20584 if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL 11:cee25a834751 20585 if (args->sigAlgo != ecc_dsa_sa_algo) {
wolfSSL 11:cee25a834751 20586 WOLFSSL_MSG("Oops, peer sent ECC key but not in verify");
wolfSSL 11:cee25a834751 20587 }
wolfSSL 11:cee25a834751 20588
wolfSSL 11:cee25a834751 20589 switch (args->hashAlgo) {
wolfSSL 11:cee25a834751 20590 case sha256_mac:
wolfSSL 11:cee25a834751 20591 #ifndef NO_SHA256
wolfSSL 11:cee25a834751 20592 ssl->buffers.digest.buffer = ssl->hsHashes->certHashes.sha256;
wolfSSL 11:cee25a834751 20593 ssl->buffers.digest.length = SHA256_DIGEST_SIZE;
wolfSSL 11:cee25a834751 20594 #endif
wolfSSL 11:cee25a834751 20595 break;
wolfSSL 11:cee25a834751 20596 case sha384_mac:
wolfSSL 11:cee25a834751 20597 #ifdef WOLFSSL_SHA384
wolfSSL 11:cee25a834751 20598 ssl->buffers.digest.buffer = ssl->hsHashes->certHashes.sha384;
wolfSSL 11:cee25a834751 20599 ssl->buffers.digest.length = SHA384_DIGEST_SIZE;
wolfSSL 11:cee25a834751 20600 #endif
wolfSSL 11:cee25a834751 20601 break;
wolfSSL 11:cee25a834751 20602 case sha512_mac:
wolfSSL 11:cee25a834751 20603 #ifdef WOLFSSL_SHA512
wolfSSL 11:cee25a834751 20604 ssl->buffers.digest.buffer = ssl->hsHashes->certHashes.sha512;
wolfSSL 11:cee25a834751 20605 ssl->buffers.digest.length = SHA512_DIGEST_SIZE;
wolfSSL 11:cee25a834751 20606 #endif
wolfSSL 11:cee25a834751 20607 break;
wolfSSL 11:cee25a834751 20608 }
wolfSSL 11:cee25a834751 20609 }
wolfSSL 11:cee25a834751 20610 }
wolfSSL 11:cee25a834751 20611 #endif /* HAVE_ECC */
wolfSSL 11:cee25a834751 20612
wolfSSL 11:cee25a834751 20613 /* Advance state and proceed */
wolfSSL 11:cee25a834751 20614 ssl->options.asyncState = TLS_ASYNC_DO;
wolfSSL 11:cee25a834751 20615 } /* case TLS_ASYNC_BUILD */
wolfSSL 11:cee25a834751 20616
wolfSSL 11:cee25a834751 20617 case TLS_ASYNC_DO:
wolfSSL 11:cee25a834751 20618 {
wolfSSL 11:cee25a834751 20619 #ifndef NO_RSA
wolfSSL 11:cee25a834751 20620 if (ssl->peerRsaKey != NULL && ssl->peerRsaKeyPresent != 0) {
wolfSSL 11:cee25a834751 20621 WOLFSSL_MSG("Doing RSA peer cert verify");
wolfSSL 11:cee25a834751 20622
wolfSSL 11:cee25a834751 20623 ret = RsaVerify(ssl,
wolfSSL 11:cee25a834751 20624 input + args->idx,
wolfSSL 11:cee25a834751 20625 args->sz,
wolfSSL 11:cee25a834751 20626 &args->output,
wolfSSL 11:cee25a834751 20627 ssl->peerRsaKey,
wolfSSL 11:cee25a834751 20628 #ifdef HAVE_PK_CALLBACKS
wolfSSL 11:cee25a834751 20629 ssl->buffers.peerRsaKey.buffer,
wolfSSL 11:cee25a834751 20630 ssl->buffers.peerRsaKey.length,
wolfSSL 11:cee25a834751 20631 ssl->RsaVerifyCtx
wolfSSL 11:cee25a834751 20632 #else
wolfSSL 11:cee25a834751 20633 NULL, 0, NULL
wolfSSL 11:cee25a834751 20634 #endif
wolfSSL 11:cee25a834751 20635 );
wolfSSL 11:cee25a834751 20636 if (ret >= 0) {
wolfSSL 11:cee25a834751 20637 args->sendSz = ret;
wolfSSL 11:cee25a834751 20638 ret = 0;
wolfSSL 11:cee25a834751 20639 }
wolfSSL 11:cee25a834751 20640 }
wolfSSL 11:cee25a834751 20641 #endif /* !NO_RSA */
wolfSSL 11:cee25a834751 20642 #ifdef HAVE_ECC
wolfSSL 11:cee25a834751 20643 if (ssl->peerEccDsaKeyPresent) {
wolfSSL 11:cee25a834751 20644 WOLFSSL_MSG("Doing ECC peer cert verify");
wolfSSL 11:cee25a834751 20645
wolfSSL 11:cee25a834751 20646 ret = EccVerify(ssl,
wolfSSL 11:cee25a834751 20647 input + args->idx, args->sz,
wolfSSL 11:cee25a834751 20648 ssl->buffers.digest.buffer, ssl->buffers.digest.length,
wolfSSL 11:cee25a834751 20649 ssl->peerEccDsaKey,
wolfSSL 11:cee25a834751 20650 #ifdef HAVE_PK_CALLBACKS
wolfSSL 11:cee25a834751 20651 ssl->buffers.peerEccDsaKey.buffer,
wolfSSL 11:cee25a834751 20652 ssl->buffers.peerEccDsaKey.length,
wolfSSL 11:cee25a834751 20653 ssl->EccVerifyCtx
wolfSSL 11:cee25a834751 20654 #else
wolfSSL 11:cee25a834751 20655 NULL, 0, NULL
wolfSSL 11:cee25a834751 20656 #endif
wolfSSL 11:cee25a834751 20657 );
wolfSSL 11:cee25a834751 20658 }
wolfSSL 11:cee25a834751 20659 #endif /* HAVE_ECC */
wolfSSL 11:cee25a834751 20660
wolfSSL 11:cee25a834751 20661 /* Check for error */
wolfSSL 11:cee25a834751 20662 if (ret != 0) {
wolfSSL 11:cee25a834751 20663 goto exit_dcv;
wolfSSL 11:cee25a834751 20664 }
wolfSSL 11:cee25a834751 20665
wolfSSL 11:cee25a834751 20666 /* Advance state and proceed */
wolfSSL 11:cee25a834751 20667 ssl->options.asyncState = TLS_ASYNC_VERIFY;
wolfSSL 11:cee25a834751 20668 } /* case TLS_ASYNC_DO */
wolfSSL 11:cee25a834751 20669
wolfSSL 11:cee25a834751 20670 case TLS_ASYNC_VERIFY:
wolfSSL 11:cee25a834751 20671 {
wolfSSL 11:cee25a834751 20672 #ifndef NO_RSA
wolfSSL 11:cee25a834751 20673 if (ssl->peerRsaKey != NULL && ssl->peerRsaKeyPresent != 0) {
wolfSSL 11:cee25a834751 20674 if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL 11:cee25a834751 20675 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 20676 byte* encodedSig = NULL;
wolfSSL 11:cee25a834751 20677 #else
wolfSSL 11:cee25a834751 20678 byte encodedSig[MAX_ENCODED_SIG_SZ];
wolfSSL 11:cee25a834751 20679 #endif
wolfSSL 11:cee25a834751 20680 int typeH = SHAh;
wolfSSL 11:cee25a834751 20681
wolfSSL 11:cee25a834751 20682 /* make sure a default is defined */
wolfSSL 11:cee25a834751 20683 #if !defined(NO_SHA)
wolfSSL 11:cee25a834751 20684 ssl->buffers.digest.buffer = ssl->hsHashes->certHashes.sha;
wolfSSL 11:cee25a834751 20685 ssl->buffers.digest.length = SHA_DIGEST_SIZE;
wolfSSL 11:cee25a834751 20686 #elif !defined(NO_SHA256)
wolfSSL 11:cee25a834751 20687 ssl->buffers.digest.buffer = ssl->hsHashes->certHashes.sha256;
wolfSSL 11:cee25a834751 20688 ssl->buffers.digest.length = SHA256_DIGEST_SIZE;
wolfSSL 11:cee25a834751 20689 #elif defined(WOLFSSL_SHA384)
wolfSSL 11:cee25a834751 20690 ssl->buffers.digest.buffer = ssl->hsHashes->certHashes.sha384;
wolfSSL 11:cee25a834751 20691 ssl->buffers.digest.length = SHA384_DIGEST_SIZE;
wolfSSL 11:cee25a834751 20692 #elif defined(WOLFSSL_SHA512)
wolfSSL 11:cee25a834751 20693 ssl->buffers.digest.buffer = ssl->hsHashes->certHashes.sha512;
wolfSSL 11:cee25a834751 20694 ssl->buffers.digest.length = SHA512_DIGEST_SIZE;
wolfSSL 11:cee25a834751 20695 #else
wolfSSL 11:cee25a834751 20696 #error No digest enabled for RSA sig verify
wolfSSL 11:cee25a834751 20697 #endif
wolfSSL 11:cee25a834751 20698
wolfSSL 11:cee25a834751 20699 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 20700 encodedSig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ,
wolfSSL 11:cee25a834751 20701 ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 20702 if (encodedSig == NULL) {
wolfSSL 11:cee25a834751 20703 ERROR_OUT(MEMORY_E, exit_dcv);
wolfSSL 11:cee25a834751 20704 }
wolfSSL 11:cee25a834751 20705 #endif
wolfSSL 11:cee25a834751 20706
wolfSSL 11:cee25a834751 20707 if (args->sigAlgo != rsa_sa_algo) {
wolfSSL 11:cee25a834751 20708 WOLFSSL_MSG("Oops, peer sent RSA key but not in verify");
wolfSSL 11:cee25a834751 20709 }
wolfSSL 11:cee25a834751 20710
wolfSSL 11:cee25a834751 20711 switch (args->hashAlgo) {
wolfSSL 11:cee25a834751 20712 case sha256_mac:
wolfSSL 11:cee25a834751 20713 #ifndef NO_SHA256
wolfSSL 11:cee25a834751 20714 typeH = SHA256h;
wolfSSL 11:cee25a834751 20715 ssl->buffers.digest.buffer = ssl->hsHashes->certHashes.sha256;
wolfSSL 11:cee25a834751 20716 ssl->buffers.digest.length = SHA256_DIGEST_SIZE;
wolfSSL 11:cee25a834751 20717 #endif /* !NO_SHA256 */
wolfSSL 11:cee25a834751 20718 break;
wolfSSL 11:cee25a834751 20719 case sha384_mac:
wolfSSL 11:cee25a834751 20720 #ifdef WOLFSSL_SHA384
wolfSSL 11:cee25a834751 20721 typeH = SHA384h;
wolfSSL 11:cee25a834751 20722 ssl->buffers.digest.buffer = ssl->hsHashes->certHashes.sha384;
wolfSSL 11:cee25a834751 20723 ssl->buffers.digest.length = SHA384_DIGEST_SIZE;
wolfSSL 11:cee25a834751 20724 #endif /* WOLFSSL_SHA384 */
wolfSSL 11:cee25a834751 20725 break;
wolfSSL 11:cee25a834751 20726 case sha512_mac:
wolfSSL 11:cee25a834751 20727 #ifdef WOLFSSL_SHA512
wolfSSL 11:cee25a834751 20728 typeH = SHA512h;
wolfSSL 11:cee25a834751 20729 ssl->buffers.digest.buffer = ssl->hsHashes->certHashes.sha512;
wolfSSL 11:cee25a834751 20730 ssl->buffers.digest.length = SHA512_DIGEST_SIZE;
wolfSSL 11:cee25a834751 20731 #endif /* WOLFSSL_SHA512 */
wolfSSL 11:cee25a834751 20732 break;
wolfSSL 11:cee25a834751 20733 } /* switch */
wolfSSL 11:cee25a834751 20734
wolfSSL 11:cee25a834751 20735 args->sigSz = wc_EncodeSignature(encodedSig,
wolfSSL 11:cee25a834751 20736 ssl->buffers.digest.buffer,
wolfSSL 11:cee25a834751 20737 ssl->buffers.digest.length, typeH);
wolfSSL 11:cee25a834751 20738
wolfSSL 11:cee25a834751 20739 if (args->sendSz != args->sigSz || !args->output ||
wolfSSL 11:cee25a834751 20740 XMEMCMP(args->output, encodedSig,
wolfSSL 11:cee25a834751 20741 min(args->sigSz, MAX_ENCODED_SIG_SZ)) != 0) {
wolfSSL 11:cee25a834751 20742 ret = VERIFY_CERT_ERROR;
wolfSSL 11:cee25a834751 20743 }
wolfSSL 11:cee25a834751 20744
wolfSSL 11:cee25a834751 20745 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 20746 XFREE(encodedSig, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 20747 #endif
wolfSSL 11:cee25a834751 20748 }
wolfSSL 11:cee25a834751 20749 else {
wolfSSL 11:cee25a834751 20750 if (args->sendSz != FINISHED_SZ || !args->output ||
wolfSSL 11:cee25a834751 20751 XMEMCMP(args->output,
wolfSSL 11:cee25a834751 20752 &ssl->hsHashes->certHashes, FINISHED_SZ) != 0) {
wolfSSL 11:cee25a834751 20753 ret = VERIFY_CERT_ERROR;
wolfSSL 11:cee25a834751 20754 }
wolfSSL 11:cee25a834751 20755 }
wolfSSL 11:cee25a834751 20756 }
wolfSSL 11:cee25a834751 20757 #endif /* !NO_RSA */
wolfSSL 11:cee25a834751 20758
wolfSSL 11:cee25a834751 20759 /* Advance state and proceed */
wolfSSL 11:cee25a834751 20760 ssl->options.asyncState = TLS_ASYNC_FINALIZE;
wolfSSL 11:cee25a834751 20761 } /* case TLS_ASYNC_VERIFY */
wolfSSL 11:cee25a834751 20762
wolfSSL 11:cee25a834751 20763 case TLS_ASYNC_FINALIZE:
wolfSSL 11:cee25a834751 20764 {
wolfSSL 11:cee25a834751 20765 ssl->options.havePeerVerify = 1;
wolfSSL 11:cee25a834751 20766
wolfSSL 11:cee25a834751 20767 /* Set final index */
wolfSSL 11:cee25a834751 20768 args->idx += args->sz;
wolfSSL 11:cee25a834751 20769 *inOutIdx = args->idx;
wolfSSL 11:cee25a834751 20770
wolfSSL 11:cee25a834751 20771 /* Advance state and proceed */
wolfSSL 11:cee25a834751 20772 ssl->options.asyncState = TLS_ASYNC_END;
wolfSSL 11:cee25a834751 20773 } /* case TLS_ASYNC_FINALIZE */
wolfSSL 11:cee25a834751 20774
wolfSSL 11:cee25a834751 20775 case TLS_ASYNC_END:
wolfSSL 11:cee25a834751 20776 {
wolfSSL 11:cee25a834751 20777 break;
wolfSSL 11:cee25a834751 20778 }
wolfSSL 11:cee25a834751 20779 default:
wolfSSL 11:cee25a834751 20780 ret = INPUT_CASE_ERROR;
wolfSSL 11:cee25a834751 20781 } /* switch(ssl->options.asyncState) */
wolfSSL 11:cee25a834751 20782
wolfSSL 11:cee25a834751 20783 exit_dcv:
wolfSSL 11:cee25a834751 20784
wolfSSL 11:cee25a834751 20785 WOLFSSL_LEAVE("DoCertificateVerify", ret);
wolfSSL 11:cee25a834751 20786
wolfSSL 11:cee25a834751 20787 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 11:cee25a834751 20788 /* Handle async operation */
wolfSSL 11:cee25a834751 20789 if (ret == WC_PENDING_E) {
wolfSSL 11:cee25a834751 20790 /* Mark message as not recevied so it can process again */
wolfSSL 11:cee25a834751 20791 ssl->msgsReceived.got_certificate_verify = 0;
wolfSSL 11:cee25a834751 20792
wolfSSL 11:cee25a834751 20793 return ret;
wolfSSL 11:cee25a834751 20794 }
wolfSSL 11:cee25a834751 20795 #endif /* WOLFSSL_ASYNC_CRYPT */
wolfSSL 11:cee25a834751 20796
wolfSSL 11:cee25a834751 20797 /* Digest is not allocated, so do this to prevent free */
wolfSSL 11:cee25a834751 20798 ssl->buffers.digest.buffer = NULL;
wolfSSL 11:cee25a834751 20799 ssl->buffers.digest.length = 0;
wolfSSL 11:cee25a834751 20800
wolfSSL 11:cee25a834751 20801 /* Final cleanup */
wolfSSL 11:cee25a834751 20802 FreeDcvArgs(ssl, args);
wolfSSL 11:cee25a834751 20803 FreeKeyExchange(ssl);
wolfSSL 11:cee25a834751 20804
wolfSSL 11:cee25a834751 20805 return ret;
wolfSSL 11:cee25a834751 20806 }
wolfSSL 11:cee25a834751 20807
wolfSSL 11:cee25a834751 20808 #endif /* !NO_RSA || HAVE_ECC */
wolfSSL 11:cee25a834751 20809
wolfSSL 11:cee25a834751 20810 int SendServerHelloDone(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 20811 {
wolfSSL 11:cee25a834751 20812 byte* output;
wolfSSL 11:cee25a834751 20813 int sendSz = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
wolfSSL 11:cee25a834751 20814 int ret;
wolfSSL 11:cee25a834751 20815
wolfSSL 11:cee25a834751 20816 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 20817 if (ssl->options.dtls)
wolfSSL 11:cee25a834751 20818 sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL 11:cee25a834751 20819 #endif
wolfSSL 11:cee25a834751 20820
wolfSSL 11:cee25a834751 20821 /* check for available size */
wolfSSL 11:cee25a834751 20822 if ((ret = CheckAvailableSize(ssl, sendSz)) != 0)
wolfSSL 11:cee25a834751 20823 return ret;
wolfSSL 11:cee25a834751 20824
wolfSSL 11:cee25a834751 20825 /* get output buffer */
wolfSSL 11:cee25a834751 20826 output = ssl->buffers.outputBuffer.buffer +
wolfSSL 11:cee25a834751 20827 ssl->buffers.outputBuffer.length;
wolfSSL 11:cee25a834751 20828
wolfSSL 11:cee25a834751 20829 AddHeaders(output, 0, server_hello_done, ssl);
wolfSSL 11:cee25a834751 20830
wolfSSL 11:cee25a834751 20831 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 20832 if (IsDtlsNotSctpMode(ssl)) {
wolfSSL 11:cee25a834751 20833 if ((ret = DtlsMsgPoolSave(ssl, output, sendSz)) != 0)
wolfSSL 11:cee25a834751 20834 return 0;
wolfSSL 11:cee25a834751 20835 }
wolfSSL 11:cee25a834751 20836
wolfSSL 11:cee25a834751 20837 if (ssl->options.dtls)
wolfSSL 11:cee25a834751 20838 DtlsSEQIncrement(ssl, CUR_ORDER);
wolfSSL 11:cee25a834751 20839 #endif
wolfSSL 11:cee25a834751 20840
wolfSSL 11:cee25a834751 20841 ret = HashOutput(ssl, output, sendSz, 0);
wolfSSL 11:cee25a834751 20842 if (ret != 0)
wolfSSL 11:cee25a834751 20843 return ret;
wolfSSL 11:cee25a834751 20844
wolfSSL 11:cee25a834751 20845 #ifdef WOLFSSL_CALLBACKS
wolfSSL 11:cee25a834751 20846 if (ssl->hsInfoOn)
wolfSSL 11:cee25a834751 20847 AddPacketName("ServerHelloDone", &ssl->handShakeInfo);
wolfSSL 11:cee25a834751 20848 if (ssl->toInfoOn)
wolfSSL 11:cee25a834751 20849 AddPacketInfo("ServerHelloDone", &ssl->timeoutInfo, output, sendSz,
wolfSSL 11:cee25a834751 20850 ssl->heap);
wolfSSL 11:cee25a834751 20851 #endif
wolfSSL 11:cee25a834751 20852 ssl->options.serverState = SERVER_HELLODONE_COMPLETE;
wolfSSL 11:cee25a834751 20853
wolfSSL 11:cee25a834751 20854 ssl->buffers.outputBuffer.length += sendSz;
wolfSSL 11:cee25a834751 20855
wolfSSL 11:cee25a834751 20856 return SendBuffered(ssl);
wolfSSL 11:cee25a834751 20857 }
wolfSSL 11:cee25a834751 20858
wolfSSL 11:cee25a834751 20859
wolfSSL 11:cee25a834751 20860 #ifdef HAVE_SESSION_TICKET
wolfSSL 11:cee25a834751 20861
wolfSSL 11:cee25a834751 20862 #define WOLFSSL_TICKET_FIXED_SZ (WOLFSSL_TICKET_NAME_SZ + \
wolfSSL 11:cee25a834751 20863 WOLFSSL_TICKET_IV_SZ + WOLFSSL_TICKET_MAC_SZ + LENGTH_SZ)
wolfSSL 11:cee25a834751 20864 #define WOLFSSL_TICKET_ENC_SZ (SESSION_TICKET_LEN - WOLFSSL_TICKET_FIXED_SZ)
wolfSSL 11:cee25a834751 20865
wolfSSL 11:cee25a834751 20866 /* our ticket format */
wolfSSL 11:cee25a834751 20867 typedef struct InternalTicket {
wolfSSL 11:cee25a834751 20868 ProtocolVersion pv; /* version when ticket created */
wolfSSL 11:cee25a834751 20869 byte suite[SUITE_LEN]; /* cipher suite when created */
wolfSSL 11:cee25a834751 20870 byte msecret[SECRET_LEN]; /* master secret */
wolfSSL 11:cee25a834751 20871 word32 timestamp; /* born on */
wolfSSL 11:cee25a834751 20872 word16 haveEMS; /* have extended master secret */
wolfSSL 11:cee25a834751 20873 } InternalTicket;
wolfSSL 11:cee25a834751 20874
wolfSSL 11:cee25a834751 20875 /* fit within SESSION_TICKET_LEN */
wolfSSL 11:cee25a834751 20876 typedef struct ExternalTicket {
wolfSSL 11:cee25a834751 20877 byte key_name[WOLFSSL_TICKET_NAME_SZ]; /* key context name */
wolfSSL 11:cee25a834751 20878 byte iv[WOLFSSL_TICKET_IV_SZ]; /* this ticket's iv */
wolfSSL 11:cee25a834751 20879 byte enc_len[LENGTH_SZ]; /* encrypted length */
wolfSSL 11:cee25a834751 20880 byte enc_ticket[WOLFSSL_TICKET_ENC_SZ]; /* encrypted internal ticket */
wolfSSL 11:cee25a834751 20881 byte mac[WOLFSSL_TICKET_MAC_SZ]; /* total mac */
wolfSSL 11:cee25a834751 20882 /* !! if add to structure, add to TICKET_FIXED_SZ !! */
wolfSSL 11:cee25a834751 20883 } ExternalTicket;
wolfSSL 11:cee25a834751 20884
wolfSSL 11:cee25a834751 20885 /* create a new session ticket, 0 on success */
wolfSSL 11:cee25a834751 20886 static int CreateTicket(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 20887 {
wolfSSL 11:cee25a834751 20888 InternalTicket it;
wolfSSL 11:cee25a834751 20889 ExternalTicket* et = (ExternalTicket*)ssl->session.ticket;
wolfSSL 11:cee25a834751 20890 int encLen;
wolfSSL 11:cee25a834751 20891 int ret;
wolfSSL 11:cee25a834751 20892 byte zeros[WOLFSSL_TICKET_MAC_SZ]; /* biggest cmp size */
wolfSSL 11:cee25a834751 20893
wolfSSL 11:cee25a834751 20894 XMEMSET(&it, 0, sizeof(it));
wolfSSL 11:cee25a834751 20895
wolfSSL 11:cee25a834751 20896 /* build internal */
wolfSSL 11:cee25a834751 20897 it.pv.major = ssl->version.major;
wolfSSL 11:cee25a834751 20898 it.pv.minor = ssl->version.minor;
wolfSSL 11:cee25a834751 20899
wolfSSL 11:cee25a834751 20900 it.suite[0] = ssl->options.cipherSuite0;
wolfSSL 11:cee25a834751 20901 it.suite[1] = ssl->options.cipherSuite;
wolfSSL 11:cee25a834751 20902
wolfSSL 11:cee25a834751 20903 XMEMCPY(it.msecret, ssl->arrays->masterSecret, SECRET_LEN);
wolfSSL 11:cee25a834751 20904 c32toa(LowResTimer(), (byte*)&it.timestamp);
wolfSSL 11:cee25a834751 20905 it.haveEMS = ssl->options.haveEMS;
wolfSSL 11:cee25a834751 20906
wolfSSL 11:cee25a834751 20907 /* build external */
wolfSSL 11:cee25a834751 20908 XMEMCPY(et->enc_ticket, &it, sizeof(InternalTicket));
wolfSSL 11:cee25a834751 20909
wolfSSL 11:cee25a834751 20910 /* encrypt */
wolfSSL 11:cee25a834751 20911 encLen = WOLFSSL_TICKET_ENC_SZ; /* max size user can use */
wolfSSL 11:cee25a834751 20912 ret = ssl->ctx->ticketEncCb(ssl, et->key_name, et->iv, et->mac, 1,
wolfSSL 11:cee25a834751 20913 et->enc_ticket, sizeof(InternalTicket),
wolfSSL 11:cee25a834751 20914 &encLen, ssl->ctx->ticketEncCtx);
wolfSSL 11:cee25a834751 20915 if (ret == WOLFSSL_TICKET_RET_OK) {
wolfSSL 11:cee25a834751 20916 if (encLen < (int)sizeof(InternalTicket) ||
wolfSSL 11:cee25a834751 20917 encLen > WOLFSSL_TICKET_ENC_SZ) {
wolfSSL 11:cee25a834751 20918 WOLFSSL_MSG("Bad user ticket encrypt size");
wolfSSL 11:cee25a834751 20919 return BAD_TICKET_KEY_CB_SZ;
wolfSSL 11:cee25a834751 20920 }
wolfSSL 11:cee25a834751 20921
wolfSSL 11:cee25a834751 20922 /* sanity checks on encrypt callback */
wolfSSL 11:cee25a834751 20923
wolfSSL 11:cee25a834751 20924 /* internal ticket can't be the same if encrypted */
wolfSSL 11:cee25a834751 20925 if (XMEMCMP(et->enc_ticket, &it, sizeof(InternalTicket)) == 0) {
wolfSSL 11:cee25a834751 20926 WOLFSSL_MSG("User ticket encrypt didn't encrypt");
wolfSSL 11:cee25a834751 20927 return BAD_TICKET_ENCRYPT;
wolfSSL 11:cee25a834751 20928 }
wolfSSL 11:cee25a834751 20929
wolfSSL 11:cee25a834751 20930 XMEMSET(zeros, 0, sizeof(zeros));
wolfSSL 11:cee25a834751 20931
wolfSSL 11:cee25a834751 20932 /* name */
wolfSSL 11:cee25a834751 20933 if (XMEMCMP(et->key_name, zeros, WOLFSSL_TICKET_NAME_SZ) == 0) {
wolfSSL 11:cee25a834751 20934 WOLFSSL_MSG("User ticket encrypt didn't set name");
wolfSSL 11:cee25a834751 20935 return BAD_TICKET_ENCRYPT;
wolfSSL 11:cee25a834751 20936 }
wolfSSL 11:cee25a834751 20937
wolfSSL 11:cee25a834751 20938 /* iv */
wolfSSL 11:cee25a834751 20939 if (XMEMCMP(et->iv, zeros, WOLFSSL_TICKET_IV_SZ) == 0) {
wolfSSL 11:cee25a834751 20940 WOLFSSL_MSG("User ticket encrypt didn't set iv");
wolfSSL 11:cee25a834751 20941 return BAD_TICKET_ENCRYPT;
wolfSSL 11:cee25a834751 20942 }
wolfSSL 11:cee25a834751 20943
wolfSSL 11:cee25a834751 20944 /* mac */
wolfSSL 11:cee25a834751 20945 if (XMEMCMP(et->mac, zeros, WOLFSSL_TICKET_MAC_SZ) == 0) {
wolfSSL 11:cee25a834751 20946 WOLFSSL_MSG("User ticket encrypt didn't set mac");
wolfSSL 11:cee25a834751 20947 return BAD_TICKET_ENCRYPT;
wolfSSL 11:cee25a834751 20948 }
wolfSSL 11:cee25a834751 20949
wolfSSL 11:cee25a834751 20950 /* set size */
wolfSSL 11:cee25a834751 20951 c16toa((word16)encLen, et->enc_len);
wolfSSL 11:cee25a834751 20952 ssl->session.ticketLen = (word16)(encLen + WOLFSSL_TICKET_FIXED_SZ);
wolfSSL 11:cee25a834751 20953 if (encLen < WOLFSSL_TICKET_ENC_SZ) {
wolfSSL 11:cee25a834751 20954 /* move mac up since whole enc buffer not used */
wolfSSL 11:cee25a834751 20955 XMEMMOVE(et->enc_ticket +encLen, et->mac,WOLFSSL_TICKET_MAC_SZ);
wolfSSL 11:cee25a834751 20956 }
wolfSSL 11:cee25a834751 20957 }
wolfSSL 11:cee25a834751 20958
wolfSSL 11:cee25a834751 20959 return ret;
wolfSSL 11:cee25a834751 20960 }
wolfSSL 11:cee25a834751 20961
wolfSSL 11:cee25a834751 20962
wolfSSL 11:cee25a834751 20963 /* Parse ticket sent by client, returns callback return value */
wolfSSL 11:cee25a834751 20964 int DoClientTicket(WOLFSSL* ssl, const byte* input, word32 len)
wolfSSL 11:cee25a834751 20965 {
wolfSSL 11:cee25a834751 20966 ExternalTicket* et;
wolfSSL 11:cee25a834751 20967 InternalTicket* it;
wolfSSL 11:cee25a834751 20968 int ret;
wolfSSL 11:cee25a834751 20969 int outLen;
wolfSSL 11:cee25a834751 20970 word16 inLen;
wolfSSL 11:cee25a834751 20971
wolfSSL 11:cee25a834751 20972 if (len > SESSION_TICKET_LEN ||
wolfSSL 11:cee25a834751 20973 len < (word32)(sizeof(InternalTicket) + WOLFSSL_TICKET_FIXED_SZ)) {
wolfSSL 11:cee25a834751 20974 return BAD_TICKET_MSG_SZ;
wolfSSL 11:cee25a834751 20975 }
wolfSSL 11:cee25a834751 20976
wolfSSL 11:cee25a834751 20977 et = (ExternalTicket*)input;
wolfSSL 11:cee25a834751 20978 it = (InternalTicket*)et->enc_ticket;
wolfSSL 11:cee25a834751 20979
wolfSSL 11:cee25a834751 20980 /* decrypt */
wolfSSL 11:cee25a834751 20981 ato16(et->enc_len, &inLen);
wolfSSL 11:cee25a834751 20982 if (inLen > (word16)(len - WOLFSSL_TICKET_FIXED_SZ)) {
wolfSSL 11:cee25a834751 20983 return BAD_TICKET_MSG_SZ;
wolfSSL 11:cee25a834751 20984 }
wolfSSL 11:cee25a834751 20985 outLen = inLen; /* may be reduced by user padding */
wolfSSL 11:cee25a834751 20986 ret = ssl->ctx->ticketEncCb(ssl, et->key_name, et->iv,
wolfSSL 11:cee25a834751 20987 et->enc_ticket + inLen, 0,
wolfSSL 11:cee25a834751 20988 et->enc_ticket, inLen, &outLen,
wolfSSL 11:cee25a834751 20989 ssl->ctx->ticketEncCtx);
wolfSSL 11:cee25a834751 20990 if (ret == WOLFSSL_TICKET_RET_FATAL || ret < 0) return ret;
wolfSSL 11:cee25a834751 20991 if (outLen > inLen || outLen < (int)sizeof(InternalTicket)) {
wolfSSL 11:cee25a834751 20992 WOLFSSL_MSG("Bad user ticket decrypt len");
wolfSSL 11:cee25a834751 20993 return BAD_TICKET_KEY_CB_SZ;
wolfSSL 11:cee25a834751 20994 }
wolfSSL 11:cee25a834751 20995
wolfSSL 11:cee25a834751 20996 /* get master secret */
wolfSSL 11:cee25a834751 20997 if (ret == WOLFSSL_TICKET_RET_OK || ret == WOLFSSL_TICKET_RET_CREATE) {
wolfSSL 11:cee25a834751 20998 XMEMCPY(ssl->arrays->masterSecret, it->msecret, SECRET_LEN);
wolfSSL 11:cee25a834751 20999 /* Copy the haveExtendedMasterSecret property from the ticket to
wolfSSL 11:cee25a834751 21000 * the saved session, so the property may be checked later. */
wolfSSL 11:cee25a834751 21001 ssl->session.haveEMS = it->haveEMS;
wolfSSL 11:cee25a834751 21002 }
wolfSSL 11:cee25a834751 21003
wolfSSL 11:cee25a834751 21004 return ret;
wolfSSL 11:cee25a834751 21005 }
wolfSSL 11:cee25a834751 21006
wolfSSL 11:cee25a834751 21007
wolfSSL 11:cee25a834751 21008 /* send Session Ticket */
wolfSSL 11:cee25a834751 21009 int SendTicket(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 21010 {
wolfSSL 11:cee25a834751 21011 byte* output;
wolfSSL 11:cee25a834751 21012 int ret;
wolfSSL 11:cee25a834751 21013 int sendSz;
wolfSSL 11:cee25a834751 21014 word32 length = SESSION_HINT_SZ + LENGTH_SZ;
wolfSSL 11:cee25a834751 21015 word32 idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ;
wolfSSL 11:cee25a834751 21016
wolfSSL 11:cee25a834751 21017 if (ssl->options.createTicket) {
wolfSSL 11:cee25a834751 21018 ret = CreateTicket(ssl);
wolfSSL 11:cee25a834751 21019 if (ret != 0) return ret;
wolfSSL 11:cee25a834751 21020 }
wolfSSL 11:cee25a834751 21021
wolfSSL 11:cee25a834751 21022 length += ssl->session.ticketLen;
wolfSSL 11:cee25a834751 21023 sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ;
wolfSSL 11:cee25a834751 21024
wolfSSL 11:cee25a834751 21025 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 21026 if (ssl->options.dtls) {
wolfSSL 11:cee25a834751 21027 sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL 11:cee25a834751 21028 idx += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA;
wolfSSL 11:cee25a834751 21029 }
wolfSSL 11:cee25a834751 21030 #endif
wolfSSL 11:cee25a834751 21031 /* check for available size */
wolfSSL 11:cee25a834751 21032 if ((ret = CheckAvailableSize(ssl, sendSz)) != 0)
wolfSSL 11:cee25a834751 21033 return ret;
wolfSSL 11:cee25a834751 21034
wolfSSL 11:cee25a834751 21035 /* get output buffer */
wolfSSL 11:cee25a834751 21036 output = ssl->buffers.outputBuffer.buffer +
wolfSSL 11:cee25a834751 21037 ssl->buffers.outputBuffer.length;
wolfSSL 11:cee25a834751 21038
wolfSSL 11:cee25a834751 21039 AddHeaders(output, length, session_ticket, ssl);
wolfSSL 11:cee25a834751 21040
wolfSSL 11:cee25a834751 21041 /* hint */
wolfSSL 11:cee25a834751 21042 c32toa(ssl->ctx->ticketHint, output + idx);
wolfSSL 11:cee25a834751 21043 idx += SESSION_HINT_SZ;
wolfSSL 11:cee25a834751 21044
wolfSSL 11:cee25a834751 21045 /* length */
wolfSSL 11:cee25a834751 21046 c16toa(ssl->session.ticketLen, output + idx);
wolfSSL 11:cee25a834751 21047 idx += LENGTH_SZ;
wolfSSL 11:cee25a834751 21048
wolfSSL 11:cee25a834751 21049 /* ticket */
wolfSSL 11:cee25a834751 21050 XMEMCPY(output + idx, ssl->session.ticket, ssl->session.ticketLen);
wolfSSL 11:cee25a834751 21051 /* idx += ssl->session.ticketLen; */
wolfSSL 11:cee25a834751 21052
wolfSSL 11:cee25a834751 21053 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 21054 if (ssl->options.dtls) {
wolfSSL 11:cee25a834751 21055 if ((ret = DtlsMsgPoolSave(ssl, output, sendSz)) != 0)
wolfSSL 11:cee25a834751 21056 return ret;
wolfSSL 11:cee25a834751 21057
wolfSSL 11:cee25a834751 21058 DtlsSEQIncrement(ssl, CUR_ORDER);
wolfSSL 11:cee25a834751 21059 }
wolfSSL 11:cee25a834751 21060 #endif
wolfSSL 11:cee25a834751 21061
wolfSSL 11:cee25a834751 21062 ret = HashOutput(ssl, output, sendSz, 0);
wolfSSL 11:cee25a834751 21063 if (ret != 0) return ret;
wolfSSL 11:cee25a834751 21064 ssl->buffers.outputBuffer.length += sendSz;
wolfSSL 11:cee25a834751 21065
wolfSSL 11:cee25a834751 21066 return SendBuffered(ssl);
wolfSSL 11:cee25a834751 21067 }
wolfSSL 11:cee25a834751 21068
wolfSSL 11:cee25a834751 21069 #endif /* HAVE_SESSION_TICKET */
wolfSSL 11:cee25a834751 21070
wolfSSL 11:cee25a834751 21071
wolfSSL 11:cee25a834751 21072 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 21073 static int SendHelloVerifyRequest(WOLFSSL* ssl,
wolfSSL 11:cee25a834751 21074 const byte* cookie, byte cookieSz)
wolfSSL 11:cee25a834751 21075 {
wolfSSL 11:cee25a834751 21076 byte* output;
wolfSSL 11:cee25a834751 21077 int length = VERSION_SZ + ENUM_LEN + cookieSz;
wolfSSL 11:cee25a834751 21078 int idx = DTLS_RECORD_HEADER_SZ + DTLS_HANDSHAKE_HEADER_SZ;
wolfSSL 11:cee25a834751 21079 int sendSz = length + idx;
wolfSSL 11:cee25a834751 21080 int ret;
wolfSSL 11:cee25a834751 21081
wolfSSL 11:cee25a834751 21082 /* check for available size */
wolfSSL 11:cee25a834751 21083 if ((ret = CheckAvailableSize(ssl, sendSz)) != 0)
wolfSSL 11:cee25a834751 21084 return ret;
wolfSSL 11:cee25a834751 21085
wolfSSL 11:cee25a834751 21086 /* get output buffer */
wolfSSL 11:cee25a834751 21087 output = ssl->buffers.outputBuffer.buffer +
wolfSSL 11:cee25a834751 21088 ssl->buffers.outputBuffer.length;
wolfSSL 11:cee25a834751 21089
wolfSSL 11:cee25a834751 21090 /* Hello Verify Request should use the same sequence number as the
wolfSSL 11:cee25a834751 21091 * Client Hello. */
wolfSSL 11:cee25a834751 21092 ssl->keys.dtls_sequence_number_hi = ssl->keys.curSeq_hi;
wolfSSL 11:cee25a834751 21093 ssl->keys.dtls_sequence_number_lo = ssl->keys.curSeq_lo;
wolfSSL 11:cee25a834751 21094 AddHeaders(output, length, hello_verify_request, ssl);
wolfSSL 11:cee25a834751 21095
wolfSSL 11:cee25a834751 21096 #ifdef OPENSSL_EXTRA
wolfSSL 11:cee25a834751 21097 output[idx++] = DTLS_MAJOR;
wolfSSL 11:cee25a834751 21098 output[idx++] = DTLS_MINOR;
wolfSSL 11:cee25a834751 21099 #else
wolfSSL 11:cee25a834751 21100 output[idx++] = ssl->version.major;
wolfSSL 11:cee25a834751 21101 output[idx++] = ssl->version.minor;
wolfSSL 11:cee25a834751 21102 #endif
wolfSSL 11:cee25a834751 21103
wolfSSL 11:cee25a834751 21104 output[idx++] = cookieSz;
wolfSSL 11:cee25a834751 21105 if (cookie == NULL || cookieSz == 0)
wolfSSL 11:cee25a834751 21106 return COOKIE_ERROR;
wolfSSL 11:cee25a834751 21107
wolfSSL 11:cee25a834751 21108 XMEMCPY(output + idx, cookie, cookieSz);
wolfSSL 11:cee25a834751 21109
wolfSSL 11:cee25a834751 21110 #ifdef WOLFSSL_CALLBACKS
wolfSSL 11:cee25a834751 21111 if (ssl->hsInfoOn)
wolfSSL 11:cee25a834751 21112 AddPacketName("HelloVerifyRequest", &ssl->handShakeInfo);
wolfSSL 11:cee25a834751 21113 if (ssl->toInfoOn)
wolfSSL 11:cee25a834751 21114 AddPacketInfo("HelloVerifyRequest", &ssl->timeoutInfo, output,
wolfSSL 11:cee25a834751 21115 sendSz, ssl->heap);
wolfSSL 11:cee25a834751 21116 #endif
wolfSSL 11:cee25a834751 21117
wolfSSL 11:cee25a834751 21118 ssl->buffers.outputBuffer.length += sendSz;
wolfSSL 11:cee25a834751 21119
wolfSSL 11:cee25a834751 21120 return SendBuffered(ssl);
wolfSSL 11:cee25a834751 21121 }
wolfSSL 11:cee25a834751 21122 #endif /* WOLFSSL_DTLS */
wolfSSL 11:cee25a834751 21123
wolfSSL 11:cee25a834751 21124 typedef struct DckeArgs {
wolfSSL 11:cee25a834751 21125 byte* output; /* not allocated */
wolfSSL 11:cee25a834751 21126 word32 length;
wolfSSL 11:cee25a834751 21127 word32 idx;
wolfSSL 11:cee25a834751 21128 word32 begin;
wolfSSL 11:cee25a834751 21129 word32 sigSz;
wolfSSL 11:cee25a834751 21130 } DckeArgs;
wolfSSL 11:cee25a834751 21131
wolfSSL 11:cee25a834751 21132 static void FreeDckeArgs(WOLFSSL* ssl, void* pArgs)
wolfSSL 11:cee25a834751 21133 {
wolfSSL 11:cee25a834751 21134 DckeArgs* args = (DckeArgs*)pArgs;
wolfSSL 11:cee25a834751 21135
wolfSSL 11:cee25a834751 21136 (void)ssl;
wolfSSL 11:cee25a834751 21137 (void)args;
wolfSSL 11:cee25a834751 21138 }
wolfSSL 11:cee25a834751 21139
wolfSSL 11:cee25a834751 21140 static int DoClientKeyExchange(WOLFSSL* ssl, byte* input, word32* inOutIdx,
wolfSSL 11:cee25a834751 21141 word32 size)
wolfSSL 11:cee25a834751 21142 {
wolfSSL 11:cee25a834751 21143 int ret;
wolfSSL 11:cee25a834751 21144 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 11:cee25a834751 21145 DckeArgs* args = (DckeArgs*)ssl->async.args;
wolfSSL 11:cee25a834751 21146 typedef char args_test[sizeof(ssl->async.args) >= sizeof(*args) ? 1 : -1];
wolfSSL 11:cee25a834751 21147 (void)sizeof(args_test);
wolfSSL 11:cee25a834751 21148 #else
wolfSSL 11:cee25a834751 21149 DckeArgs args[1];
wolfSSL 11:cee25a834751 21150 #endif
wolfSSL 11:cee25a834751 21151
wolfSSL 11:cee25a834751 21152 WOLFSSL_ENTER("DoClientKeyExchange");
wolfSSL 11:cee25a834751 21153
wolfSSL 11:cee25a834751 21154 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 11:cee25a834751 21155 ret = wolfSSL_AsyncPop(ssl, &ssl->options.asyncState);
wolfSSL 11:cee25a834751 21156 if (ret != WC_NOT_PENDING_E) {
wolfSSL 11:cee25a834751 21157 /* Check for error */
wolfSSL 11:cee25a834751 21158 if (ret < 0)
wolfSSL 11:cee25a834751 21159 goto exit_dcke;
wolfSSL 11:cee25a834751 21160 }
wolfSSL 11:cee25a834751 21161 else
wolfSSL 11:cee25a834751 21162 #endif /* WOLFSSL_ASYNC_CRYPT */
wolfSSL 11:cee25a834751 21163 {
wolfSSL 11:cee25a834751 21164 /* Reset state */
wolfSSL 11:cee25a834751 21165 ret = 0;
wolfSSL 11:cee25a834751 21166 ssl->options.asyncState = TLS_ASYNC_BEGIN;
wolfSSL 11:cee25a834751 21167 XMEMSET(args, 0, sizeof(DckeArgs));
wolfSSL 11:cee25a834751 21168 args->idx = *inOutIdx;
wolfSSL 11:cee25a834751 21169 args->begin = *inOutIdx;
wolfSSL 11:cee25a834751 21170 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 11:cee25a834751 21171 ssl->async.freeArgs = FreeDckeArgs;
wolfSSL 11:cee25a834751 21172 #endif
wolfSSL 11:cee25a834751 21173 }
wolfSSL 11:cee25a834751 21174
wolfSSL 11:cee25a834751 21175 /* Do Client Key Exchange State Machine */
wolfSSL 11:cee25a834751 21176 switch(ssl->options.asyncState)
wolfSSL 11:cee25a834751 21177 {
wolfSSL 11:cee25a834751 21178 case TLS_ASYNC_BEGIN:
wolfSSL 11:cee25a834751 21179 {
wolfSSL 11:cee25a834751 21180 /* Sanity checks */
wolfSSL 11:cee25a834751 21181 if (ssl->options.side != WOLFSSL_SERVER_END) {
wolfSSL 11:cee25a834751 21182 WOLFSSL_MSG("Client received client keyexchange, attack?");
wolfSSL 11:cee25a834751 21183 WOLFSSL_ERROR(ssl->error = SIDE_ERROR);
wolfSSL 11:cee25a834751 21184 ERROR_OUT(SSL_FATAL_ERROR, exit_dcke);
wolfSSL 11:cee25a834751 21185 }
wolfSSL 11:cee25a834751 21186
wolfSSL 11:cee25a834751 21187 if (ssl->options.clientState < CLIENT_HELLO_COMPLETE) {
wolfSSL 11:cee25a834751 21188 WOLFSSL_MSG("Client sending keyexchange at wrong time");
wolfSSL 11:cee25a834751 21189 SendAlert(ssl, alert_fatal, unexpected_message);
wolfSSL 11:cee25a834751 21190 ERROR_OUT(OUT_OF_ORDER_E, exit_dcke);
wolfSSL 11:cee25a834751 21191 }
wolfSSL 11:cee25a834751 21192
wolfSSL 11:cee25a834751 21193 #ifndef NO_CERTS
wolfSSL 11:cee25a834751 21194 if (ssl->options.verifyPeer && ssl->options.failNoCert) {
wolfSSL 11:cee25a834751 21195 if (!ssl->options.havePeerCert) {
wolfSSL 11:cee25a834751 21196 WOLFSSL_MSG("client didn't present peer cert");
wolfSSL 11:cee25a834751 21197 ERROR_OUT(NO_PEER_CERT, exit_dcke);
wolfSSL 11:cee25a834751 21198 }
wolfSSL 11:cee25a834751 21199 }
wolfSSL 11:cee25a834751 21200
wolfSSL 11:cee25a834751 21201 if (ssl->options.verifyPeer && ssl->options.failNoCertxPSK) {
wolfSSL 11:cee25a834751 21202 if (!ssl->options.havePeerCert &&
wolfSSL 11:cee25a834751 21203 !ssl->options.usingPSK_cipher) {
wolfSSL 11:cee25a834751 21204 WOLFSSL_MSG("client didn't present peer cert");
wolfSSL 11:cee25a834751 21205 return NO_PEER_CERT;
wolfSSL 11:cee25a834751 21206 }
wolfSSL 11:cee25a834751 21207 }
wolfSSL 11:cee25a834751 21208 #endif /* !NO_CERTS */
wolfSSL 11:cee25a834751 21209
wolfSSL 11:cee25a834751 21210 #ifdef WOLFSSL_CALLBACKS
wolfSSL 11:cee25a834751 21211 if (ssl->hsInfoOn) {
wolfSSL 11:cee25a834751 21212 AddPacketName("ClientKeyExchange", &ssl->handShakeInfo);
wolfSSL 11:cee25a834751 21213 }
wolfSSL 11:cee25a834751 21214 if (ssl->toInfoOn) {
wolfSSL 11:cee25a834751 21215 AddLateName("ClientKeyExchange", &ssl->timeoutInfo);
wolfSSL 11:cee25a834751 21216 }
wolfSSL 11:cee25a834751 21217 #endif
wolfSSL 11:cee25a834751 21218
wolfSSL 11:cee25a834751 21219 switch (ssl->specs.kea) {
wolfSSL 11:cee25a834751 21220 #ifndef NO_RSA
wolfSSL 11:cee25a834751 21221 case rsa_kea:
wolfSSL 11:cee25a834751 21222 {
wolfSSL 11:cee25a834751 21223 /* make sure private key exists */
wolfSSL 11:cee25a834751 21224 if (ssl->buffers.key == NULL ||
wolfSSL 11:cee25a834751 21225 ssl->buffers.key->buffer == NULL) {
wolfSSL 11:cee25a834751 21226 ERROR_OUT(NO_PRIVATE_KEY, exit_dcke);
wolfSSL 11:cee25a834751 21227 }
wolfSSL 11:cee25a834751 21228 break;
wolfSSL 11:cee25a834751 21229 } /* rsa_kea */
wolfSSL 11:cee25a834751 21230 #endif /* !NO_RSA */
wolfSSL 11:cee25a834751 21231 #ifndef NO_PSK
wolfSSL 11:cee25a834751 21232 case psk_kea:
wolfSSL 11:cee25a834751 21233 {
wolfSSL 11:cee25a834751 21234 /* sanity check that PSK server callback has been set */
wolfSSL 11:cee25a834751 21235 if (ssl->options.server_psk_cb == NULL) {
wolfSSL 11:cee25a834751 21236 WOLFSSL_MSG("No server PSK callback set");
wolfSSL 11:cee25a834751 21237 ERROR_OUT(PSK_KEY_ERROR, exit_dcke);
wolfSSL 11:cee25a834751 21238 }
wolfSSL 11:cee25a834751 21239 break;
wolfSSL 11:cee25a834751 21240 }
wolfSSL 11:cee25a834751 21241 #endif /* !NO_PSK */
wolfSSL 11:cee25a834751 21242 #ifdef HAVE_NTRU
wolfSSL 11:cee25a834751 21243 case ntru_kea:
wolfSSL 11:cee25a834751 21244 {
wolfSSL 11:cee25a834751 21245 /* make sure private key exists */
wolfSSL 11:cee25a834751 21246 if (ssl->buffers.key == NULL ||
wolfSSL 11:cee25a834751 21247 ssl->buffers.key->buffer == NULL) {
wolfSSL 11:cee25a834751 21248 ERROR_OUT(NO_PRIVATE_KEY, exit_dcke);
wolfSSL 11:cee25a834751 21249 }
wolfSSL 11:cee25a834751 21250 break;
wolfSSL 11:cee25a834751 21251 }
wolfSSL 11:cee25a834751 21252 #endif /* HAVE_NTRU */
wolfSSL 11:cee25a834751 21253 #ifdef HAVE_ECC
wolfSSL 11:cee25a834751 21254 case ecc_diffie_hellman_kea:
wolfSSL 11:cee25a834751 21255 {
wolfSSL 11:cee25a834751 21256 break;
wolfSSL 11:cee25a834751 21257 }
wolfSSL 11:cee25a834751 21258 #endif /* HAVE_ECC */
wolfSSL 11:cee25a834751 21259 #ifndef NO_DH
wolfSSL 11:cee25a834751 21260 case diffie_hellman_kea:
wolfSSL 11:cee25a834751 21261 {
wolfSSL 11:cee25a834751 21262 break;
wolfSSL 11:cee25a834751 21263 }
wolfSSL 11:cee25a834751 21264 #endif /* !NO_DH */
wolfSSL 11:cee25a834751 21265 #if !defined(NO_DH) && !defined(NO_PSK)
wolfSSL 11:cee25a834751 21266 case dhe_psk_kea:
wolfSSL 11:cee25a834751 21267 {
wolfSSL 11:cee25a834751 21268 /* sanity check that PSK server callback has been set */
wolfSSL 11:cee25a834751 21269 if (ssl->options.server_psk_cb == NULL) {
wolfSSL 11:cee25a834751 21270 WOLFSSL_MSG("No server PSK callback set");
wolfSSL 11:cee25a834751 21271 ERROR_OUT(PSK_KEY_ERROR, exit_dcke);
wolfSSL 11:cee25a834751 21272 }
wolfSSL 11:cee25a834751 21273 break;
wolfSSL 11:cee25a834751 21274 }
wolfSSL 11:cee25a834751 21275 #endif /* !NO_DH && !NO_PSK */
wolfSSL 11:cee25a834751 21276 #if defined(HAVE_ECC) && !defined(NO_PSK)
wolfSSL 11:cee25a834751 21277 case ecdhe_psk_kea:
wolfSSL 11:cee25a834751 21278 {
wolfSSL 11:cee25a834751 21279 /* sanity check that PSK server callback has been set */
wolfSSL 11:cee25a834751 21280 if (ssl->options.server_psk_cb == NULL) {
wolfSSL 11:cee25a834751 21281 WOLFSSL_MSG("No server PSK callback set");
wolfSSL 11:cee25a834751 21282 ERROR_OUT(PSK_KEY_ERROR, exit_dcke);
wolfSSL 11:cee25a834751 21283 }
wolfSSL 11:cee25a834751 21284 break;
wolfSSL 11:cee25a834751 21285 }
wolfSSL 11:cee25a834751 21286 #endif /* HAVE_ECC && !NO_PSK */
wolfSSL 11:cee25a834751 21287 default:
wolfSSL 11:cee25a834751 21288 WOLFSSL_MSG("Bad kea type");
wolfSSL 11:cee25a834751 21289 ret = BAD_KEA_TYPE_E;
wolfSSL 11:cee25a834751 21290 } /* switch (ssl->specs.kea) */
wolfSSL 11:cee25a834751 21291
wolfSSL 11:cee25a834751 21292 /* Check for error */
wolfSSL 11:cee25a834751 21293 if (ret != 0) {
wolfSSL 11:cee25a834751 21294 goto exit_dcke;
wolfSSL 11:cee25a834751 21295 }
wolfSSL 11:cee25a834751 21296
wolfSSL 11:cee25a834751 21297 /* Advance state and proceed */
wolfSSL 11:cee25a834751 21298 ssl->options.asyncState = TLS_ASYNC_BUILD;
wolfSSL 11:cee25a834751 21299 } /* TLS_ASYNC_BEGIN */
wolfSSL 11:cee25a834751 21300
wolfSSL 11:cee25a834751 21301 case TLS_ASYNC_BUILD:
wolfSSL 11:cee25a834751 21302 {
wolfSSL 11:cee25a834751 21303 switch (ssl->specs.kea) {
wolfSSL 11:cee25a834751 21304 #ifndef NO_RSA
wolfSSL 11:cee25a834751 21305 case rsa_kea:
wolfSSL 11:cee25a834751 21306 {
wolfSSL 11:cee25a834751 21307 word32 i = 0;
wolfSSL 11:cee25a834751 21308 int keySz;
wolfSSL 11:cee25a834751 21309
wolfSSL 11:cee25a834751 21310 ssl->hsType = DYNAMIC_TYPE_RSA;
wolfSSL 11:cee25a834751 21311 ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey);
wolfSSL 11:cee25a834751 21312 if (ret != 0) {
wolfSSL 11:cee25a834751 21313 goto exit_dcke;
wolfSSL 11:cee25a834751 21314 }
wolfSSL 11:cee25a834751 21315
wolfSSL 11:cee25a834751 21316 ret = wc_RsaPrivateKeyDecode(ssl->buffers.key->buffer,
wolfSSL 11:cee25a834751 21317 &i, (RsaKey*)ssl->hsKey, ssl->buffers.key->length);
wolfSSL 11:cee25a834751 21318 if (ret != 0) {
wolfSSL 11:cee25a834751 21319 goto exit_dcke;
wolfSSL 11:cee25a834751 21320 }
wolfSSL 11:cee25a834751 21321 keySz = wc_RsaEncryptSize((RsaKey*)ssl->hsKey);
wolfSSL 11:cee25a834751 21322 if (keySz < 0) { /* test if keySz has error */
wolfSSL 11:cee25a834751 21323 ERROR_OUT(keySz, exit_dcke);
wolfSSL 11:cee25a834751 21324 }
wolfSSL 11:cee25a834751 21325 args->length = (word32)keySz;
wolfSSL 11:cee25a834751 21326
wolfSSL 11:cee25a834751 21327 if (keySz < ssl->options.minRsaKeySz) {
wolfSSL 11:cee25a834751 21328 WOLFSSL_MSG("Peer RSA key is too small");
wolfSSL 11:cee25a834751 21329 ERROR_OUT(RSA_KEY_SIZE_E, exit_dcke);
wolfSSL 11:cee25a834751 21330 }
wolfSSL 11:cee25a834751 21331 ssl->arrays->preMasterSz = SECRET_LEN;
wolfSSL 11:cee25a834751 21332
wolfSSL 11:cee25a834751 21333 if (ssl->options.tls) {
wolfSSL 11:cee25a834751 21334 word16 check;
wolfSSL 11:cee25a834751 21335
wolfSSL 11:cee25a834751 21336 if ((args->idx - args->begin) + OPAQUE16_LEN > size) {
wolfSSL 11:cee25a834751 21337 ERROR_OUT(BUFFER_ERROR, exit_dcke);
wolfSSL 11:cee25a834751 21338 }
wolfSSL 11:cee25a834751 21339
wolfSSL 11:cee25a834751 21340 ato16(input + args->idx, &check);
wolfSSL 11:cee25a834751 21341 args->idx += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 21342
wolfSSL 11:cee25a834751 21343 if ((word32)check != args->length) {
wolfSSL 11:cee25a834751 21344 WOLFSSL_MSG("RSA explicit size doesn't match");
wolfSSL 11:cee25a834751 21345 ERROR_OUT(RSA_PRIVATE_ERROR, exit_dcke);
wolfSSL 11:cee25a834751 21346 }
wolfSSL 11:cee25a834751 21347 }
wolfSSL 11:cee25a834751 21348
wolfSSL 11:cee25a834751 21349 if ((args->idx - args->begin) + args->length > size) {
wolfSSL 11:cee25a834751 21350 WOLFSSL_MSG("RSA message too big");
wolfSSL 11:cee25a834751 21351 ERROR_OUT(BUFFER_ERROR, exit_dcke);
wolfSSL 11:cee25a834751 21352 }
wolfSSL 11:cee25a834751 21353
wolfSSL 11:cee25a834751 21354 args->output = NULL;
wolfSSL 11:cee25a834751 21355 break;
wolfSSL 11:cee25a834751 21356 } /* rsa_kea */
wolfSSL 11:cee25a834751 21357 #endif /* !NO_RSA */
wolfSSL 11:cee25a834751 21358 #ifndef NO_PSK
wolfSSL 11:cee25a834751 21359 case psk_kea:
wolfSSL 11:cee25a834751 21360 {
wolfSSL 11:cee25a834751 21361 byte* pms = ssl->arrays->preMasterSecret;
wolfSSL 11:cee25a834751 21362 word16 ci_sz;
wolfSSL 11:cee25a834751 21363
wolfSSL 11:cee25a834751 21364 if ((args->idx - args->begin) + OPAQUE16_LEN > size) {
wolfSSL 11:cee25a834751 21365 ERROR_OUT(BUFFER_ERROR, exit_dcke);
wolfSSL 11:cee25a834751 21366 }
wolfSSL 11:cee25a834751 21367
wolfSSL 11:cee25a834751 21368 ato16(input + args->idx, &ci_sz);
wolfSSL 11:cee25a834751 21369 args->idx += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 21370
wolfSSL 11:cee25a834751 21371 if (ci_sz > MAX_PSK_ID_LEN) {
wolfSSL 11:cee25a834751 21372 ERROR_OUT(CLIENT_ID_ERROR, exit_dcke);
wolfSSL 11:cee25a834751 21373 }
wolfSSL 11:cee25a834751 21374
wolfSSL 11:cee25a834751 21375 if ((args->idx - args->begin) + ci_sz > size) {
wolfSSL 11:cee25a834751 21376 ERROR_OUT(BUFFER_ERROR, exit_dcke);
wolfSSL 11:cee25a834751 21377 }
wolfSSL 11:cee25a834751 21378
wolfSSL 11:cee25a834751 21379 XMEMCPY(ssl->arrays->client_identity,
wolfSSL 11:cee25a834751 21380 input + args->idx, ci_sz);
wolfSSL 11:cee25a834751 21381 args->idx += ci_sz;
wolfSSL 11:cee25a834751 21382
wolfSSL 11:cee25a834751 21383 ssl->arrays->client_identity[ci_sz] = '\0'; /* null term */
wolfSSL 11:cee25a834751 21384 ssl->arrays->psk_keySz = ssl->options.server_psk_cb(ssl,
wolfSSL 11:cee25a834751 21385 ssl->arrays->client_identity, ssl->arrays->psk_key,
wolfSSL 11:cee25a834751 21386 MAX_PSK_KEY_LEN);
wolfSSL 11:cee25a834751 21387
wolfSSL 11:cee25a834751 21388 if (ssl->arrays->psk_keySz == 0 ||
wolfSSL 11:cee25a834751 21389 ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) {
wolfSSL 11:cee25a834751 21390 ERROR_OUT(PSK_KEY_ERROR, exit_dcke);
wolfSSL 11:cee25a834751 21391 }
wolfSSL 11:cee25a834751 21392
wolfSSL 11:cee25a834751 21393 /* make psk pre master secret */
wolfSSL 11:cee25a834751 21394 /* length of key + length 0s + length of key + key */
wolfSSL 11:cee25a834751 21395 c16toa((word16) ssl->arrays->psk_keySz, pms);
wolfSSL 11:cee25a834751 21396 pms += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 21397
wolfSSL 11:cee25a834751 21398 XMEMSET(pms, 0, ssl->arrays->psk_keySz);
wolfSSL 11:cee25a834751 21399 pms += ssl->arrays->psk_keySz;
wolfSSL 11:cee25a834751 21400
wolfSSL 11:cee25a834751 21401 c16toa((word16) ssl->arrays->psk_keySz, pms);
wolfSSL 11:cee25a834751 21402 pms += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 21403
wolfSSL 11:cee25a834751 21404 XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz);
wolfSSL 11:cee25a834751 21405 ssl->arrays->preMasterSz =
wolfSSL 11:cee25a834751 21406 (ssl->arrays->psk_keySz * 2) + (OPAQUE16_LEN * 2);
wolfSSL 11:cee25a834751 21407 break;
wolfSSL 11:cee25a834751 21408 }
wolfSSL 11:cee25a834751 21409 #endif /* !NO_PSK */
wolfSSL 11:cee25a834751 21410 #ifdef HAVE_NTRU
wolfSSL 11:cee25a834751 21411 case ntru_kea:
wolfSSL 11:cee25a834751 21412 {
wolfSSL 11:cee25a834751 21413 word16 cipherLen;
wolfSSL 11:cee25a834751 21414 word16 plainLen = ENCRYPT_LEN;
wolfSSL 11:cee25a834751 21415
wolfSSL 11:cee25a834751 21416 if ((args->idx - args->begin) + OPAQUE16_LEN > size) {
wolfSSL 11:cee25a834751 21417 ERROR_OUT(BUFFER_ERROR, exit_dcke);
wolfSSL 11:cee25a834751 21418 }
wolfSSL 11:cee25a834751 21419
wolfSSL 11:cee25a834751 21420 ato16(input + args->idx, &cipherLen);
wolfSSL 11:cee25a834751 21421 args->idx += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 21422
wolfSSL 11:cee25a834751 21423 if (cipherLen > MAX_NTRU_ENCRYPT_SZ) {
wolfSSL 11:cee25a834751 21424 ERROR_OUT(NTRU_KEY_ERROR, exit_dcke);
wolfSSL 11:cee25a834751 21425 }
wolfSSL 11:cee25a834751 21426
wolfSSL 11:cee25a834751 21427 if ((args->idx - args->begin) + cipherLen > size) {
wolfSSL 11:cee25a834751 21428 ERROR_OUT(BUFFER_ERROR, exit_dcke);
wolfSSL 11:cee25a834751 21429 }
wolfSSL 11:cee25a834751 21430
wolfSSL 11:cee25a834751 21431 if (NTRU_OK != ntru_crypto_ntru_decrypt(
wolfSSL 11:cee25a834751 21432 (word16) ssl->buffers.key->length,
wolfSSL 11:cee25a834751 21433 ssl->buffers.key->buffer, cipherLen,
wolfSSL 11:cee25a834751 21434 input + args->idx, &plainLen,
wolfSSL 11:cee25a834751 21435 ssl->arrays->preMasterSecret)) {
wolfSSL 11:cee25a834751 21436 ERROR_OUT(NTRU_DECRYPT_ERROR, exit_dcke);
wolfSSL 11:cee25a834751 21437 }
wolfSSL 11:cee25a834751 21438
wolfSSL 11:cee25a834751 21439 if (plainLen != SECRET_LEN) {
wolfSSL 11:cee25a834751 21440 ERROR_OUT(NTRU_DECRYPT_ERROR, exit_dcke);
wolfSSL 11:cee25a834751 21441 }
wolfSSL 11:cee25a834751 21442
wolfSSL 11:cee25a834751 21443 args->idx += cipherLen;
wolfSSL 11:cee25a834751 21444 ssl->arrays->preMasterSz = plainLen;
wolfSSL 11:cee25a834751 21445 break;
wolfSSL 11:cee25a834751 21446 }
wolfSSL 11:cee25a834751 21447 #endif /* HAVE_NTRU */
wolfSSL 11:cee25a834751 21448 #ifdef HAVE_ECC
wolfSSL 11:cee25a834751 21449 case ecc_diffie_hellman_kea:
wolfSSL 11:cee25a834751 21450 {
wolfSSL 11:cee25a834751 21451 ecc_key* private_key = ssl->eccTempKey;
wolfSSL 11:cee25a834751 21452
wolfSSL 11:cee25a834751 21453 /* handle static private key */
wolfSSL 11:cee25a834751 21454 if (ssl->specs.static_ecdh) {
wolfSSL 11:cee25a834751 21455 word32 i = 0;
wolfSSL 11:cee25a834751 21456
wolfSSL 11:cee25a834751 21457 ssl->hsType = DYNAMIC_TYPE_ECC;
wolfSSL 11:cee25a834751 21458 ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey);
wolfSSL 11:cee25a834751 21459 if (ret != 0) {
wolfSSL 11:cee25a834751 21460 goto exit_dcke;
wolfSSL 11:cee25a834751 21461 }
wolfSSL 11:cee25a834751 21462
wolfSSL 11:cee25a834751 21463 ret = wc_EccPrivateKeyDecode(
wolfSSL 11:cee25a834751 21464 ssl->buffers.key->buffer,
wolfSSL 11:cee25a834751 21465 &i,
wolfSSL 11:cee25a834751 21466 (ecc_key*)ssl->hsKey,
wolfSSL 11:cee25a834751 21467 ssl->buffers.key->length);
wolfSSL 11:cee25a834751 21468 if (ret == 0) {
wolfSSL 11:cee25a834751 21469 private_key = (ecc_key*)ssl->hsKey;
wolfSSL 11:cee25a834751 21470 if (wc_ecc_size(private_key) <
wolfSSL 11:cee25a834751 21471 ssl->options.minEccKeySz) {
wolfSSL 11:cee25a834751 21472 WOLFSSL_MSG("ECC key too small");
wolfSSL 11:cee25a834751 21473 ERROR_OUT(ECC_KEY_SIZE_E, exit_dcke);
wolfSSL 11:cee25a834751 21474 }
wolfSSL 11:cee25a834751 21475 }
wolfSSL 11:cee25a834751 21476 }
wolfSSL 11:cee25a834751 21477
wolfSSL 11:cee25a834751 21478 /* import peer ECC key */
wolfSSL 11:cee25a834751 21479 if ((args->idx - args->begin) + OPAQUE8_LEN > size) {
wolfSSL 11:cee25a834751 21480 ERROR_OUT(BUFFER_ERROR, exit_dcke);
wolfSSL 11:cee25a834751 21481 }
wolfSSL 11:cee25a834751 21482
wolfSSL 11:cee25a834751 21483 args->length = input[args->idx++];
wolfSSL 11:cee25a834751 21484
wolfSSL 11:cee25a834751 21485 if ((args->idx - args->begin) + args->length > size) {
wolfSSL 11:cee25a834751 21486 ERROR_OUT(BUFFER_ERROR, exit_dcke);
wolfSSL 11:cee25a834751 21487 }
wolfSSL 11:cee25a834751 21488
wolfSSL 11:cee25a834751 21489 ssl->arrays->preMasterSz = ENCRYPT_LEN;
wolfSSL 11:cee25a834751 21490
wolfSSL 11:cee25a834751 21491 #ifdef HAVE_PK_CALLBACKS
wolfSSL 11:cee25a834751 21492 /* if callback then use it for shared secret */
wolfSSL 11:cee25a834751 21493 if (ssl->ctx->EccSharedSecretCb != NULL) {
wolfSSL 11:cee25a834751 21494 break;
wolfSSL 11:cee25a834751 21495 }
wolfSSL 11:cee25a834751 21496 #endif
wolfSSL 11:cee25a834751 21497
wolfSSL 11:cee25a834751 21498 if (!ssl->specs.static_ecdh &&
wolfSSL 11:cee25a834751 21499 ssl->eccTempKeyPresent == 0) {
wolfSSL 11:cee25a834751 21500 WOLFSSL_MSG("Ecc ephemeral key not made correctly");
wolfSSL 11:cee25a834751 21501 ERROR_OUT(ECC_MAKEKEY_ERROR, exit_dcke);
wolfSSL 11:cee25a834751 21502 }
wolfSSL 11:cee25a834751 21503
wolfSSL 11:cee25a834751 21504 if (ssl->peerEccKey == NULL) {
wolfSSL 11:cee25a834751 21505 /* alloc/init on demand */
wolfSSL 11:cee25a834751 21506 ret = AllocKey(ssl, DYNAMIC_TYPE_ECC,
wolfSSL 11:cee25a834751 21507 (void**)&ssl->peerEccKey);
wolfSSL 11:cee25a834751 21508 if (ret != 0) {
wolfSSL 11:cee25a834751 21509 goto exit_dcke;
wolfSSL 11:cee25a834751 21510 }
wolfSSL 11:cee25a834751 21511 } else if (ssl->peerEccKeyPresent) { /* don't leak on reuse */
wolfSSL 11:cee25a834751 21512 wc_ecc_free(ssl->peerEccKey);
wolfSSL 11:cee25a834751 21513 ssl->peerEccKeyPresent = 0;
wolfSSL 11:cee25a834751 21514 ret = wc_ecc_init_ex(ssl->peerEccKey, ssl->heap,
wolfSSL 11:cee25a834751 21515 ssl->devId);
wolfSSL 11:cee25a834751 21516 if (ret != 0) {
wolfSSL 11:cee25a834751 21517 goto exit_dcke;
wolfSSL 11:cee25a834751 21518 }
wolfSSL 11:cee25a834751 21519 }
wolfSSL 11:cee25a834751 21520
wolfSSL 11:cee25a834751 21521 if (wc_ecc_import_x963_ex(input + args->idx, args->length,
wolfSSL 11:cee25a834751 21522 ssl->peerEccKey, private_key->dp->id)) {
wolfSSL 11:cee25a834751 21523 ERROR_OUT(ECC_PEERKEY_ERROR, exit_dcke);
wolfSSL 11:cee25a834751 21524 }
wolfSSL 11:cee25a834751 21525
wolfSSL 11:cee25a834751 21526 ssl->peerEccKeyPresent = 1;
wolfSSL 11:cee25a834751 21527
wolfSSL 11:cee25a834751 21528 if (ret != 0) {
wolfSSL 11:cee25a834751 21529 goto exit_dcke;
wolfSSL 11:cee25a834751 21530 }
wolfSSL 11:cee25a834751 21531 break;
wolfSSL 11:cee25a834751 21532 }
wolfSSL 11:cee25a834751 21533 #endif /* HAVE_ECC */
wolfSSL 11:cee25a834751 21534 #ifndef NO_DH
wolfSSL 11:cee25a834751 21535 case diffie_hellman_kea:
wolfSSL 11:cee25a834751 21536 {
wolfSSL 11:cee25a834751 21537 word16 clientPubSz;
wolfSSL 11:cee25a834751 21538
wolfSSL 11:cee25a834751 21539 if ((args->idx - args->begin) + OPAQUE16_LEN > size) {
wolfSSL 11:cee25a834751 21540 ERROR_OUT(BUFFER_ERROR, exit_dcke);
wolfSSL 11:cee25a834751 21541 }
wolfSSL 11:cee25a834751 21542
wolfSSL 11:cee25a834751 21543 ato16(input + args->idx, &clientPubSz);
wolfSSL 11:cee25a834751 21544 args->idx += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 21545
wolfSSL 11:cee25a834751 21546 if ((args->idx - args->begin) + clientPubSz > size) {
wolfSSL 11:cee25a834751 21547 ERROR_OUT(BUFFER_ERROR, exit_dcke);
wolfSSL 11:cee25a834751 21548 }
wolfSSL 11:cee25a834751 21549
wolfSSL 11:cee25a834751 21550 args->sigSz = clientPubSz;
wolfSSL 11:cee25a834751 21551
wolfSSL 11:cee25a834751 21552 ret = AllocKey(ssl, DYNAMIC_TYPE_DH,
wolfSSL 11:cee25a834751 21553 (void**)&ssl->buffers.serverDH_Key);
wolfSSL 11:cee25a834751 21554 if (ret != 0) {
wolfSSL 11:cee25a834751 21555 goto exit_dcke;
wolfSSL 11:cee25a834751 21556 }
wolfSSL 11:cee25a834751 21557
wolfSSL 11:cee25a834751 21558 ret = wc_DhSetKey(ssl->buffers.serverDH_Key,
wolfSSL 11:cee25a834751 21559 ssl->buffers.serverDH_P.buffer,
wolfSSL 11:cee25a834751 21560 ssl->buffers.serverDH_P.length,
wolfSSL 11:cee25a834751 21561 ssl->buffers.serverDH_G.buffer,
wolfSSL 11:cee25a834751 21562 ssl->buffers.serverDH_G.length);
wolfSSL 11:cee25a834751 21563 break;
wolfSSL 11:cee25a834751 21564 }
wolfSSL 11:cee25a834751 21565 #endif /* !NO_DH */
wolfSSL 11:cee25a834751 21566 #if !defined(NO_DH) && !defined(NO_PSK)
wolfSSL 11:cee25a834751 21567 case dhe_psk_kea:
wolfSSL 11:cee25a834751 21568 {
wolfSSL 11:cee25a834751 21569 word16 clientSz;
wolfSSL 11:cee25a834751 21570
wolfSSL 11:cee25a834751 21571 /* Read in the PSK hint */
wolfSSL 11:cee25a834751 21572 if ((args->idx - args->begin) + OPAQUE16_LEN > size) {
wolfSSL 11:cee25a834751 21573 ERROR_OUT(BUFFER_ERROR, exit_dcke);
wolfSSL 11:cee25a834751 21574 }
wolfSSL 11:cee25a834751 21575
wolfSSL 11:cee25a834751 21576 ato16(input + args->idx, &clientSz);
wolfSSL 11:cee25a834751 21577 args->idx += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 21578 if (clientSz > MAX_PSK_ID_LEN) {
wolfSSL 11:cee25a834751 21579 ERROR_OUT(CLIENT_ID_ERROR, exit_dcke);
wolfSSL 11:cee25a834751 21580 }
wolfSSL 11:cee25a834751 21581
wolfSSL 11:cee25a834751 21582 if ((args->idx - args->begin) + clientSz > size) {
wolfSSL 11:cee25a834751 21583 ERROR_OUT(BUFFER_ERROR, exit_dcke);
wolfSSL 11:cee25a834751 21584 }
wolfSSL 11:cee25a834751 21585
wolfSSL 11:cee25a834751 21586 XMEMCPY(ssl->arrays->client_identity, input + args->idx,
wolfSSL 11:cee25a834751 21587 clientSz);
wolfSSL 11:cee25a834751 21588 args->idx += clientSz;
wolfSSL 11:cee25a834751 21589 ssl->arrays->client_identity[clientSz] = '\0'; /* null term */
wolfSSL 11:cee25a834751 21590
wolfSSL 11:cee25a834751 21591 /* Read in the DHE business */
wolfSSL 11:cee25a834751 21592 if ((args->idx - args->begin) + OPAQUE16_LEN > size) {
wolfSSL 11:cee25a834751 21593 ERROR_OUT(BUFFER_ERROR, exit_dcke);
wolfSSL 11:cee25a834751 21594 }
wolfSSL 11:cee25a834751 21595
wolfSSL 11:cee25a834751 21596 ato16(input + args->idx, &clientSz);
wolfSSL 11:cee25a834751 21597 args->idx += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 21598
wolfSSL 11:cee25a834751 21599 if ((args->idx - args->begin) + clientSz > size) {
wolfSSL 11:cee25a834751 21600 ERROR_OUT(BUFFER_ERROR, exit_dcke);
wolfSSL 11:cee25a834751 21601 }
wolfSSL 11:cee25a834751 21602
wolfSSL 11:cee25a834751 21603 args->sigSz = clientSz;
wolfSSL 11:cee25a834751 21604
wolfSSL 11:cee25a834751 21605 ret = AllocKey(ssl, DYNAMIC_TYPE_DH,
wolfSSL 11:cee25a834751 21606 (void**)&ssl->buffers.serverDH_Key);
wolfSSL 11:cee25a834751 21607 if (ret != 0) {
wolfSSL 11:cee25a834751 21608 goto exit_dcke;
wolfSSL 11:cee25a834751 21609 }
wolfSSL 11:cee25a834751 21610
wolfSSL 11:cee25a834751 21611 ret = wc_DhSetKey(ssl->buffers.serverDH_Key,
wolfSSL 11:cee25a834751 21612 ssl->buffers.serverDH_P.buffer,
wolfSSL 11:cee25a834751 21613 ssl->buffers.serverDH_P.length,
wolfSSL 11:cee25a834751 21614 ssl->buffers.serverDH_G.buffer,
wolfSSL 11:cee25a834751 21615 ssl->buffers.serverDH_G.length);
wolfSSL 11:cee25a834751 21616
wolfSSL 11:cee25a834751 21617 break;
wolfSSL 11:cee25a834751 21618 }
wolfSSL 11:cee25a834751 21619 #endif /* !NO_DH && !NO_PSK */
wolfSSL 11:cee25a834751 21620 #if defined(HAVE_ECC) && !defined(NO_PSK)
wolfSSL 11:cee25a834751 21621 case ecdhe_psk_kea:
wolfSSL 11:cee25a834751 21622 {
wolfSSL 11:cee25a834751 21623 word16 clientSz;
wolfSSL 11:cee25a834751 21624
wolfSSL 11:cee25a834751 21625 /* Read in the PSK hint */
wolfSSL 11:cee25a834751 21626 if ((args->idx - args->begin) + OPAQUE16_LEN > size) {
wolfSSL 11:cee25a834751 21627 ERROR_OUT(BUFFER_ERROR, exit_dcke);
wolfSSL 11:cee25a834751 21628 }
wolfSSL 11:cee25a834751 21629
wolfSSL 11:cee25a834751 21630 ato16(input + args->idx, &clientSz);
wolfSSL 11:cee25a834751 21631 args->idx += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 21632 if (clientSz > MAX_PSK_ID_LEN) {
wolfSSL 11:cee25a834751 21633 ERROR_OUT(CLIENT_ID_ERROR, exit_dcke);
wolfSSL 11:cee25a834751 21634 }
wolfSSL 11:cee25a834751 21635 if ((args->idx - args->begin) + clientSz > size) {
wolfSSL 11:cee25a834751 21636 ERROR_OUT(BUFFER_ERROR, exit_dcke);
wolfSSL 11:cee25a834751 21637 }
wolfSSL 11:cee25a834751 21638
wolfSSL 11:cee25a834751 21639 XMEMCPY(ssl->arrays->client_identity,
wolfSSL 11:cee25a834751 21640 input + args->idx, clientSz);
wolfSSL 11:cee25a834751 21641 args->idx += clientSz;
wolfSSL 11:cee25a834751 21642 ssl->arrays->client_identity[clientSz] = '\0'; /* null term */
wolfSSL 11:cee25a834751 21643
wolfSSL 11:cee25a834751 21644 /* import peer ECC key */
wolfSSL 11:cee25a834751 21645 if ((args->idx - args->begin) + OPAQUE8_LEN > size) {
wolfSSL 11:cee25a834751 21646 ERROR_OUT(BUFFER_ERROR, exit_dcke);
wolfSSL 11:cee25a834751 21647 }
wolfSSL 11:cee25a834751 21648
wolfSSL 11:cee25a834751 21649 args->length = input[args->idx++];
wolfSSL 11:cee25a834751 21650
wolfSSL 11:cee25a834751 21651 if ((args->idx - args->begin) + args->length > size) {
wolfSSL 11:cee25a834751 21652 ERROR_OUT(BUFFER_ERROR, exit_dcke);
wolfSSL 11:cee25a834751 21653 }
wolfSSL 11:cee25a834751 21654
wolfSSL 11:cee25a834751 21655 args->sigSz = ENCRYPT_LEN - OPAQUE16_LEN;
wolfSSL 11:cee25a834751 21656
wolfSSL 11:cee25a834751 21657 #ifdef HAVE_PK_CALLBACKS
wolfSSL 11:cee25a834751 21658 /* if callback then use it for shared secret */
wolfSSL 11:cee25a834751 21659 if (ssl->ctx->EccSharedSecretCb != NULL) {
wolfSSL 11:cee25a834751 21660 break;
wolfSSL 11:cee25a834751 21661 }
wolfSSL 11:cee25a834751 21662 #endif
wolfSSL 11:cee25a834751 21663
wolfSSL 11:cee25a834751 21664 if (ssl->eccTempKeyPresent == 0) {
wolfSSL 11:cee25a834751 21665 WOLFSSL_MSG("Ecc ephemeral key not made correctly");
wolfSSL 11:cee25a834751 21666 ERROR_OUT(ECC_MAKEKEY_ERROR, exit_dcke);
wolfSSL 11:cee25a834751 21667 }
wolfSSL 11:cee25a834751 21668
wolfSSL 11:cee25a834751 21669 if (ssl->peerEccKey == NULL) {
wolfSSL 11:cee25a834751 21670 /* alloc/init on demand */
wolfSSL 11:cee25a834751 21671 ret = AllocKey(ssl, DYNAMIC_TYPE_ECC,
wolfSSL 11:cee25a834751 21672 (void**)&ssl->peerEccKey);
wolfSSL 11:cee25a834751 21673 if (ret != 0) {
wolfSSL 11:cee25a834751 21674 goto exit_dcke;
wolfSSL 11:cee25a834751 21675 }
wolfSSL 11:cee25a834751 21676 }
wolfSSL 11:cee25a834751 21677 else if (ssl->peerEccKeyPresent) { /* don't leak on reuse */
wolfSSL 11:cee25a834751 21678 wc_ecc_free(ssl->peerEccKey);
wolfSSL 11:cee25a834751 21679 ssl->peerEccKeyPresent = 0;
wolfSSL 11:cee25a834751 21680 ret = wc_ecc_init_ex(ssl->peerEccKey, ssl->heap,
wolfSSL 11:cee25a834751 21681 ssl->devId);
wolfSSL 11:cee25a834751 21682 if (ret != 0) {
wolfSSL 11:cee25a834751 21683 goto exit_dcke;
wolfSSL 11:cee25a834751 21684 }
wolfSSL 11:cee25a834751 21685 }
wolfSSL 11:cee25a834751 21686 if (wc_ecc_import_x963_ex(input + args->idx, args->length,
wolfSSL 11:cee25a834751 21687 ssl->peerEccKey, ssl->eccTempKey->dp->id)) {
wolfSSL 11:cee25a834751 21688 ERROR_OUT(ECC_PEERKEY_ERROR, exit_dcke);
wolfSSL 11:cee25a834751 21689 }
wolfSSL 11:cee25a834751 21690
wolfSSL 11:cee25a834751 21691 ssl->peerEccKeyPresent = 1;
wolfSSL 11:cee25a834751 21692 break;
wolfSSL 11:cee25a834751 21693 }
wolfSSL 11:cee25a834751 21694 #endif /* HAVE_ECC && !NO_PSK */
wolfSSL 11:cee25a834751 21695 default:
wolfSSL 11:cee25a834751 21696 ret = BAD_KEA_TYPE_E;
wolfSSL 11:cee25a834751 21697 } /* switch (ssl->specs.kea) */
wolfSSL 11:cee25a834751 21698
wolfSSL 11:cee25a834751 21699 /* Check for error */
wolfSSL 11:cee25a834751 21700 if (ret != 0) {
wolfSSL 11:cee25a834751 21701 goto exit_dcke;
wolfSSL 11:cee25a834751 21702 }
wolfSSL 11:cee25a834751 21703
wolfSSL 11:cee25a834751 21704 /* Advance state and proceed */
wolfSSL 11:cee25a834751 21705 ssl->options.asyncState = TLS_ASYNC_DO;
wolfSSL 11:cee25a834751 21706 } /* TLS_ASYNC_BUILD */
wolfSSL 11:cee25a834751 21707
wolfSSL 11:cee25a834751 21708 case TLS_ASYNC_DO:
wolfSSL 11:cee25a834751 21709 {
wolfSSL 11:cee25a834751 21710 switch (ssl->specs.kea) {
wolfSSL 11:cee25a834751 21711 #ifndef NO_RSA
wolfSSL 11:cee25a834751 21712 case rsa_kea:
wolfSSL 11:cee25a834751 21713 {
wolfSSL 11:cee25a834751 21714 RsaKey* key = (RsaKey*)ssl->hsKey;
wolfSSL 11:cee25a834751 21715 ret = RsaDec(ssl,
wolfSSL 11:cee25a834751 21716 input + args->idx,
wolfSSL 11:cee25a834751 21717 args->length,
wolfSSL 11:cee25a834751 21718 &args->output,
wolfSSL 11:cee25a834751 21719 &args->sigSz,
wolfSSL 11:cee25a834751 21720 key,
wolfSSL 11:cee25a834751 21721 #if defined(HAVE_PK_CALLBACKS)
wolfSSL 11:cee25a834751 21722 ssl->buffers.key->buffer,
wolfSSL 11:cee25a834751 21723 ssl->buffers.key->length,
wolfSSL 11:cee25a834751 21724 ssl->RsaDecCtx
wolfSSL 11:cee25a834751 21725 #else
wolfSSL 11:cee25a834751 21726 NULL, 0, NULL
wolfSSL 11:cee25a834751 21727 #endif
wolfSSL 11:cee25a834751 21728 );
wolfSSL 11:cee25a834751 21729 break;
wolfSSL 11:cee25a834751 21730 } /* rsa_kea */
wolfSSL 11:cee25a834751 21731 #endif /* !NO_RSA */
wolfSSL 11:cee25a834751 21732 #ifndef NO_PSK
wolfSSL 11:cee25a834751 21733 case psk_kea:
wolfSSL 11:cee25a834751 21734 {
wolfSSL 11:cee25a834751 21735 break;
wolfSSL 11:cee25a834751 21736 }
wolfSSL 11:cee25a834751 21737 #endif /* !NO_PSK */
wolfSSL 11:cee25a834751 21738 #ifdef HAVE_NTRU
wolfSSL 11:cee25a834751 21739 case ntru_kea:
wolfSSL 11:cee25a834751 21740 {
wolfSSL 11:cee25a834751 21741 break;
wolfSSL 11:cee25a834751 21742 }
wolfSSL 11:cee25a834751 21743 #endif /* HAVE_NTRU */
wolfSSL 11:cee25a834751 21744 #ifdef HAVE_ECC
wolfSSL 11:cee25a834751 21745 case ecc_diffie_hellman_kea:
wolfSSL 11:cee25a834751 21746 {
wolfSSL 11:cee25a834751 21747 ecc_key* private_key = ssl->eccTempKey;
wolfSSL 11:cee25a834751 21748 if (ssl->specs.static_ecdh) {
wolfSSL 11:cee25a834751 21749 private_key = (ecc_key*)ssl->hsKey;
wolfSSL 11:cee25a834751 21750 }
wolfSSL 11:cee25a834751 21751
wolfSSL 11:cee25a834751 21752 /* Generate shared secret */
wolfSSL 11:cee25a834751 21753 ret = EccSharedSecret(ssl,
wolfSSL 11:cee25a834751 21754 private_key, ssl->peerEccKey,
wolfSSL 11:cee25a834751 21755 input + args->idx, &args->length,
wolfSSL 11:cee25a834751 21756 ssl->arrays->preMasterSecret,
wolfSSL 11:cee25a834751 21757 &ssl->arrays->preMasterSz,
wolfSSL 11:cee25a834751 21758 WOLFSSL_SERVER_END,
wolfSSL 11:cee25a834751 21759 #ifdef HAVE_PK_CALLBACKS
wolfSSL 11:cee25a834751 21760 ssl->EccSharedSecretCtx
wolfSSL 11:cee25a834751 21761 #else
wolfSSL 11:cee25a834751 21762 NULL
wolfSSL 11:cee25a834751 21763 #endif
wolfSSL 11:cee25a834751 21764 );
wolfSSL 11:cee25a834751 21765 break;
wolfSSL 11:cee25a834751 21766 }
wolfSSL 11:cee25a834751 21767 #endif /* HAVE_ECC */
wolfSSL 11:cee25a834751 21768 #ifndef NO_DH
wolfSSL 11:cee25a834751 21769 case diffie_hellman_kea:
wolfSSL 11:cee25a834751 21770 {
wolfSSL 11:cee25a834751 21771 ret = DhAgree(ssl, ssl->buffers.serverDH_Key,
wolfSSL 11:cee25a834751 21772 ssl->buffers.serverDH_Priv.buffer,
wolfSSL 11:cee25a834751 21773 ssl->buffers.serverDH_Priv.length,
wolfSSL 11:cee25a834751 21774 input + args->idx,
wolfSSL 11:cee25a834751 21775 (word16)args->sigSz,
wolfSSL 11:cee25a834751 21776 ssl->arrays->preMasterSecret,
wolfSSL 11:cee25a834751 21777 &ssl->arrays->preMasterSz);
wolfSSL 11:cee25a834751 21778 break;
wolfSSL 11:cee25a834751 21779 }
wolfSSL 11:cee25a834751 21780 #endif /* !NO_DH */
wolfSSL 11:cee25a834751 21781 #if !defined(NO_DH) && !defined(NO_PSK)
wolfSSL 11:cee25a834751 21782 case dhe_psk_kea:
wolfSSL 11:cee25a834751 21783 {
wolfSSL 11:cee25a834751 21784 ret = DhAgree(ssl, ssl->buffers.serverDH_Key,
wolfSSL 11:cee25a834751 21785 ssl->buffers.serverDH_Priv.buffer,
wolfSSL 11:cee25a834751 21786 ssl->buffers.serverDH_Priv.length,
wolfSSL 11:cee25a834751 21787 input + args->idx,
wolfSSL 11:cee25a834751 21788 (word16)args->sigSz,
wolfSSL 11:cee25a834751 21789 ssl->arrays->preMasterSecret + OPAQUE16_LEN,
wolfSSL 11:cee25a834751 21790 &ssl->arrays->preMasterSz);
wolfSSL 11:cee25a834751 21791 break;
wolfSSL 11:cee25a834751 21792 }
wolfSSL 11:cee25a834751 21793 #endif /* !NO_DH && !NO_PSK */
wolfSSL 11:cee25a834751 21794 #if defined(HAVE_ECC) && !defined(NO_PSK)
wolfSSL 11:cee25a834751 21795 case ecdhe_psk_kea:
wolfSSL 11:cee25a834751 21796 {
wolfSSL 11:cee25a834751 21797 /* Generate shared secret */
wolfSSL 11:cee25a834751 21798 ret = EccSharedSecret(ssl,
wolfSSL 11:cee25a834751 21799 ssl->eccTempKey, ssl->peerEccKey,
wolfSSL 11:cee25a834751 21800 input + args->idx, &args->length,
wolfSSL 11:cee25a834751 21801 ssl->arrays->preMasterSecret + OPAQUE16_LEN,
wolfSSL 11:cee25a834751 21802 &args->sigSz,
wolfSSL 11:cee25a834751 21803 WOLFSSL_SERVER_END,
wolfSSL 11:cee25a834751 21804 #ifdef HAVE_PK_CALLBACKS
wolfSSL 11:cee25a834751 21805 ssl->EccSharedSecretCtx
wolfSSL 11:cee25a834751 21806 #else
wolfSSL 11:cee25a834751 21807 NULL
wolfSSL 11:cee25a834751 21808 #endif
wolfSSL 11:cee25a834751 21809 );
wolfSSL 11:cee25a834751 21810 break;
wolfSSL 11:cee25a834751 21811 }
wolfSSL 11:cee25a834751 21812 #endif /* HAVE_ECC && !NO_PSK */
wolfSSL 11:cee25a834751 21813 default:
wolfSSL 11:cee25a834751 21814 ret = BAD_KEA_TYPE_E;
wolfSSL 11:cee25a834751 21815 } /* switch (ssl->specs.kea) */
wolfSSL 11:cee25a834751 21816
wolfSSL 11:cee25a834751 21817 /* Check for error */
wolfSSL 11:cee25a834751 21818 if (ret != 0) {
wolfSSL 11:cee25a834751 21819 goto exit_dcke;
wolfSSL 11:cee25a834751 21820 }
wolfSSL 11:cee25a834751 21821
wolfSSL 11:cee25a834751 21822 /* Advance state and proceed */
wolfSSL 11:cee25a834751 21823 ssl->options.asyncState = TLS_ASYNC_VERIFY;
wolfSSL 11:cee25a834751 21824 } /* TLS_ASYNC_DO */
wolfSSL 11:cee25a834751 21825
wolfSSL 11:cee25a834751 21826 case TLS_ASYNC_VERIFY:
wolfSSL 11:cee25a834751 21827 {
wolfSSL 11:cee25a834751 21828 switch (ssl->specs.kea) {
wolfSSL 11:cee25a834751 21829 #ifndef NO_RSA
wolfSSL 11:cee25a834751 21830 case rsa_kea:
wolfSSL 11:cee25a834751 21831 {
wolfSSL 11:cee25a834751 21832 /* Add the signature length to idx */
wolfSSL 11:cee25a834751 21833 args->idx += args->length;
wolfSSL 11:cee25a834751 21834
wolfSSL 11:cee25a834751 21835 if (args->sigSz == SECRET_LEN && args->output != NULL) {
wolfSSL 11:cee25a834751 21836 XMEMCPY(ssl->arrays->preMasterSecret, args->output, SECRET_LEN);
wolfSSL 11:cee25a834751 21837 if (ssl->arrays->preMasterSecret[0] != ssl->chVersion.major ||
wolfSSL 11:cee25a834751 21838 ssl->arrays->preMasterSecret[1] != ssl->chVersion.minor) {
wolfSSL 11:cee25a834751 21839 ERROR_OUT(PMS_VERSION_ERROR, exit_dcke);
wolfSSL 11:cee25a834751 21840 }
wolfSSL 11:cee25a834751 21841 }
wolfSSL 11:cee25a834751 21842 else {
wolfSSL 11:cee25a834751 21843 ERROR_OUT(RSA_PRIVATE_ERROR, exit_dcke);
wolfSSL 11:cee25a834751 21844 }
wolfSSL 11:cee25a834751 21845 break;
wolfSSL 11:cee25a834751 21846 } /* rsa_kea */
wolfSSL 11:cee25a834751 21847 #endif /* !NO_RSA */
wolfSSL 11:cee25a834751 21848 #ifndef NO_PSK
wolfSSL 11:cee25a834751 21849 case psk_kea:
wolfSSL 11:cee25a834751 21850 {
wolfSSL 11:cee25a834751 21851 break;
wolfSSL 11:cee25a834751 21852 }
wolfSSL 11:cee25a834751 21853 #endif /* !NO_PSK */
wolfSSL 11:cee25a834751 21854 #ifdef HAVE_NTRU
wolfSSL 11:cee25a834751 21855 case ntru_kea:
wolfSSL 11:cee25a834751 21856 {
wolfSSL 11:cee25a834751 21857 break;
wolfSSL 11:cee25a834751 21858 }
wolfSSL 11:cee25a834751 21859 #endif /* HAVE_NTRU */
wolfSSL 11:cee25a834751 21860 #ifdef HAVE_ECC
wolfSSL 11:cee25a834751 21861 case ecc_diffie_hellman_kea:
wolfSSL 11:cee25a834751 21862 {
wolfSSL 11:cee25a834751 21863 /* skip past the imported peer key */
wolfSSL 11:cee25a834751 21864 args->idx += args->length;
wolfSSL 11:cee25a834751 21865 break;
wolfSSL 11:cee25a834751 21866 }
wolfSSL 11:cee25a834751 21867 #endif /* HAVE_ECC */
wolfSSL 11:cee25a834751 21868 #ifndef NO_DH
wolfSSL 11:cee25a834751 21869 case diffie_hellman_kea:
wolfSSL 11:cee25a834751 21870 {
wolfSSL 11:cee25a834751 21871 args->idx += (word16)args->sigSz;
wolfSSL 11:cee25a834751 21872 break;
wolfSSL 11:cee25a834751 21873 }
wolfSSL 11:cee25a834751 21874 #endif /* !NO_DH */
wolfSSL 11:cee25a834751 21875 #if !defined(NO_DH) && !defined(NO_PSK)
wolfSSL 11:cee25a834751 21876 case dhe_psk_kea:
wolfSSL 11:cee25a834751 21877 {
wolfSSL 11:cee25a834751 21878 byte* pms = ssl->arrays->preMasterSecret;
wolfSSL 11:cee25a834751 21879 word16 clientSz = (word16)args->sigSz;
wolfSSL 11:cee25a834751 21880
wolfSSL 11:cee25a834751 21881 args->idx += clientSz;
wolfSSL 11:cee25a834751 21882 c16toa((word16)ssl->arrays->preMasterSz, pms);
wolfSSL 11:cee25a834751 21883 ssl->arrays->preMasterSz += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 21884 pms += ssl->arrays->preMasterSz;
wolfSSL 11:cee25a834751 21885
wolfSSL 11:cee25a834751 21886 /* Use the PSK hint to look up the PSK and add it to the
wolfSSL 11:cee25a834751 21887 * preMasterSecret here. */
wolfSSL 11:cee25a834751 21888 ssl->arrays->psk_keySz = ssl->options.server_psk_cb(ssl,
wolfSSL 11:cee25a834751 21889 ssl->arrays->client_identity, ssl->arrays->psk_key,
wolfSSL 11:cee25a834751 21890 MAX_PSK_KEY_LEN);
wolfSSL 11:cee25a834751 21891
wolfSSL 11:cee25a834751 21892 if (ssl->arrays->psk_keySz == 0 ||
wolfSSL 11:cee25a834751 21893 ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) {
wolfSSL 11:cee25a834751 21894 ERROR_OUT(PSK_KEY_ERROR, exit_dcke);
wolfSSL 11:cee25a834751 21895 }
wolfSSL 11:cee25a834751 21896
wolfSSL 11:cee25a834751 21897 c16toa((word16) ssl->arrays->psk_keySz, pms);
wolfSSL 11:cee25a834751 21898 pms += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 21899
wolfSSL 11:cee25a834751 21900 XMEMCPY(pms, ssl->arrays->psk_key,
wolfSSL 11:cee25a834751 21901 ssl->arrays->psk_keySz);
wolfSSL 11:cee25a834751 21902 ssl->arrays->preMasterSz += ssl->arrays->psk_keySz +
wolfSSL 11:cee25a834751 21903 OPAQUE16_LEN;
wolfSSL 11:cee25a834751 21904 break;
wolfSSL 11:cee25a834751 21905 }
wolfSSL 11:cee25a834751 21906 #endif /* !NO_DH && !NO_PSK */
wolfSSL 11:cee25a834751 21907 #if defined(HAVE_ECC) && !defined(NO_PSK)
wolfSSL 11:cee25a834751 21908 case ecdhe_psk_kea:
wolfSSL 11:cee25a834751 21909 {
wolfSSL 11:cee25a834751 21910 byte* pms = ssl->arrays->preMasterSecret;
wolfSSL 11:cee25a834751 21911 word16 clientSz = (word16)args->sigSz;
wolfSSL 11:cee25a834751 21912
wolfSSL 11:cee25a834751 21913 /* skip past the imported peer key */
wolfSSL 11:cee25a834751 21914 args->idx += args->length;
wolfSSL 11:cee25a834751 21915
wolfSSL 11:cee25a834751 21916 /* Add preMasterSecret */
wolfSSL 11:cee25a834751 21917 c16toa(clientSz, pms);
wolfSSL 11:cee25a834751 21918 ssl->arrays->preMasterSz += OPAQUE16_LEN + clientSz;
wolfSSL 11:cee25a834751 21919 pms += ssl->arrays->preMasterSz;
wolfSSL 11:cee25a834751 21920
wolfSSL 11:cee25a834751 21921 /* Use the PSK hint to look up the PSK and add it to the
wolfSSL 11:cee25a834751 21922 * preMasterSecret here. */
wolfSSL 11:cee25a834751 21923 ssl->arrays->psk_keySz = ssl->options.server_psk_cb(ssl,
wolfSSL 11:cee25a834751 21924 ssl->arrays->client_identity, ssl->arrays->psk_key,
wolfSSL 11:cee25a834751 21925 MAX_PSK_KEY_LEN);
wolfSSL 11:cee25a834751 21926
wolfSSL 11:cee25a834751 21927 if (ssl->arrays->psk_keySz == 0 ||
wolfSSL 11:cee25a834751 21928 ssl->arrays->psk_keySz > MAX_PSK_KEY_LEN) {
wolfSSL 11:cee25a834751 21929 ERROR_OUT(PSK_KEY_ERROR, exit_dcke);
wolfSSL 11:cee25a834751 21930 }
wolfSSL 11:cee25a834751 21931
wolfSSL 11:cee25a834751 21932 c16toa((word16) ssl->arrays->psk_keySz, pms);
wolfSSL 11:cee25a834751 21933 pms += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 21934
wolfSSL 11:cee25a834751 21935 XMEMCPY(pms, ssl->arrays->psk_key, ssl->arrays->psk_keySz);
wolfSSL 11:cee25a834751 21936 ssl->arrays->preMasterSz +=
wolfSSL 11:cee25a834751 21937 ssl->arrays->psk_keySz + OPAQUE16_LEN;
wolfSSL 11:cee25a834751 21938 break;
wolfSSL 11:cee25a834751 21939 }
wolfSSL 11:cee25a834751 21940 #endif /* HAVE_ECC && !NO_PSK */
wolfSSL 11:cee25a834751 21941 default:
wolfSSL 11:cee25a834751 21942 ret = BAD_KEA_TYPE_E;
wolfSSL 11:cee25a834751 21943 } /* switch (ssl->specs.kea) */
wolfSSL 11:cee25a834751 21944
wolfSSL 11:cee25a834751 21945 /* Check for error */
wolfSSL 11:cee25a834751 21946 if (ret != 0) {
wolfSSL 11:cee25a834751 21947 goto exit_dcke;
wolfSSL 11:cee25a834751 21948 }
wolfSSL 11:cee25a834751 21949
wolfSSL 11:cee25a834751 21950 /* Advance state and proceed */
wolfSSL 11:cee25a834751 21951 ssl->options.asyncState = TLS_ASYNC_FINALIZE;
wolfSSL 11:cee25a834751 21952 } /* TLS_ASYNC_VERIFY */
wolfSSL 11:cee25a834751 21953
wolfSSL 11:cee25a834751 21954 case TLS_ASYNC_FINALIZE:
wolfSSL 11:cee25a834751 21955 {
wolfSSL 11:cee25a834751 21956 #ifdef HAVE_QSH
wolfSSL 11:cee25a834751 21957 word16 name;
wolfSSL 11:cee25a834751 21958
wolfSSL 11:cee25a834751 21959 if (ssl->options.haveQSH) {
wolfSSL 11:cee25a834751 21960 /* extension name */
wolfSSL 11:cee25a834751 21961 ato16(input + args->idx, &name);
wolfSSL 11:cee25a834751 21962 args->idx += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 21963
wolfSSL 11:cee25a834751 21964 if (name == TLSX_QUANTUM_SAFE_HYBRID) {
wolfSSL 11:cee25a834751 21965 int qshSz;
wolfSSL 11:cee25a834751 21966 /* if qshSz is larger than 0 it is the
wolfSSL 11:cee25a834751 21967 length of buffer used */
wolfSSL 11:cee25a834751 21968 if ((qshSz = TLSX_QSHCipher_Parse(ssl,
wolfSSL 11:cee25a834751 21969 input + args->idx,
wolfSSL 11:cee25a834751 21970 size - args->idx + args->begin, 1)) < 0) {
wolfSSL 11:cee25a834751 21971 ERROR_OUT(qshSz, exit_dcke);
wolfSSL 11:cee25a834751 21972 }
wolfSSL 11:cee25a834751 21973 args->idx += qshSz;
wolfSSL 11:cee25a834751 21974 }
wolfSSL 11:cee25a834751 21975 else {
wolfSSL 11:cee25a834751 21976 /* unknown extension sent client ignored handshake */
wolfSSL 11:cee25a834751 21977 ERROR_OUT(BUFFER_ERROR, exit_dcke);
wolfSSL 11:cee25a834751 21978 }
wolfSSL 11:cee25a834751 21979 }
wolfSSL 11:cee25a834751 21980 #endif /* HAVE_QSH */
wolfSSL 11:cee25a834751 21981 ret = MakeMasterSecret(ssl);
wolfSSL 11:cee25a834751 21982
wolfSSL 11:cee25a834751 21983 /* Check for error */
wolfSSL 11:cee25a834751 21984 if (ret != 0) {
wolfSSL 11:cee25a834751 21985 goto exit_dcke;
wolfSSL 11:cee25a834751 21986 }
wolfSSL 11:cee25a834751 21987
wolfSSL 11:cee25a834751 21988 /* Advance state and proceed */
wolfSSL 11:cee25a834751 21989 ssl->options.asyncState = TLS_ASYNC_END;
wolfSSL 11:cee25a834751 21990 } /* TLS_ASYNC_FINALIZE */
wolfSSL 11:cee25a834751 21991
wolfSSL 11:cee25a834751 21992 case TLS_ASYNC_END:
wolfSSL 11:cee25a834751 21993 {
wolfSSL 11:cee25a834751 21994 /* Set final index */
wolfSSL 11:cee25a834751 21995 *inOutIdx = args->idx;
wolfSSL 11:cee25a834751 21996
wolfSSL 11:cee25a834751 21997 ssl->options.clientState = CLIENT_KEYEXCHANGE_COMPLETE;
wolfSSL 11:cee25a834751 21998 #ifndef NO_CERTS
wolfSSL 11:cee25a834751 21999 if (ssl->options.verifyPeer) {
wolfSSL 11:cee25a834751 22000 ret = BuildCertHashes(ssl, &ssl->hsHashes->certHashes);
wolfSSL 11:cee25a834751 22001 }
wolfSSL 11:cee25a834751 22002 #endif
wolfSSL 11:cee25a834751 22003 break;
wolfSSL 11:cee25a834751 22004 } /* TLS_ASYNC_END */
wolfSSL 11:cee25a834751 22005 default:
wolfSSL 11:cee25a834751 22006 ret = INPUT_CASE_ERROR;
wolfSSL 11:cee25a834751 22007 } /* switch(ssl->options.asyncState) */
wolfSSL 11:cee25a834751 22008
wolfSSL 11:cee25a834751 22009 exit_dcke:
wolfSSL 11:cee25a834751 22010
wolfSSL 11:cee25a834751 22011 WOLFSSL_LEAVE("DoClientKeyExchange", ret);
wolfSSL 11:cee25a834751 22012
wolfSSL 11:cee25a834751 22013 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 11:cee25a834751 22014 /* Handle async operation */
wolfSSL 11:cee25a834751 22015 if (ret == WC_PENDING_E) {
wolfSSL 11:cee25a834751 22016 /* Mark message as not recevied so it can process again */
wolfSSL 11:cee25a834751 22017 ssl->msgsReceived.got_client_key_exchange = 0;
wolfSSL 11:cee25a834751 22018
wolfSSL 11:cee25a834751 22019 return ret;
wolfSSL 11:cee25a834751 22020 }
wolfSSL 11:cee25a834751 22021 #endif /* WOLFSSL_ASYNC_CRYPT */
wolfSSL 11:cee25a834751 22022
wolfSSL 11:cee25a834751 22023 /* Cleanup PMS */
wolfSSL 11:cee25a834751 22024 ForceZero(ssl->arrays->preMasterSecret, ssl->arrays->preMasterSz);
wolfSSL 11:cee25a834751 22025 ssl->arrays->preMasterSz = 0;
wolfSSL 11:cee25a834751 22026
wolfSSL 11:cee25a834751 22027 /* Final cleanup */
wolfSSL 11:cee25a834751 22028 FreeDckeArgs(ssl, args);
wolfSSL 11:cee25a834751 22029 FreeKeyExchange(ssl);
wolfSSL 11:cee25a834751 22030
wolfSSL 11:cee25a834751 22031 return ret;
wolfSSL 11:cee25a834751 22032 }
wolfSSL 11:cee25a834751 22033
wolfSSL 11:cee25a834751 22034
wolfSSL 11:cee25a834751 22035 #if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
wolfSSL 11:cee25a834751 22036 static int SNI_Callback(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 22037 {
wolfSSL 11:cee25a834751 22038 /* Stunnel supports a custom sni callback to switch an SSL's ctx
wolfSSL 11:cee25a834751 22039 * when SNI is received. Call it now if exists */
wolfSSL 11:cee25a834751 22040 if(ssl && ssl->ctx && ssl->ctx->sniRecvCb) {
wolfSSL 11:cee25a834751 22041 WOLFSSL_MSG("Calling custom sni callback");
wolfSSL 11:cee25a834751 22042 if(ssl->ctx->sniRecvCb(ssl, NULL, ssl->ctx->sniRecvCbArg)
wolfSSL 11:cee25a834751 22043 == alert_fatal) {
wolfSSL 11:cee25a834751 22044 WOLFSSL_MSG("Error in custom sni callback. Fatal alert");
wolfSSL 11:cee25a834751 22045 SendAlert(ssl, alert_fatal, unrecognized_name);
wolfSSL 11:cee25a834751 22046 return FATAL_ERROR;
wolfSSL 11:cee25a834751 22047 }
wolfSSL 11:cee25a834751 22048 }
wolfSSL 11:cee25a834751 22049 return 0;
wolfSSL 11:cee25a834751 22050 }
wolfSSL 11:cee25a834751 22051 #endif /* HAVE_STUNNEL */
wolfSSL 11:cee25a834751 22052 #endif /* NO_WOLFSSL_SERVER */
wolfSSL 11:cee25a834751 22053
wolfSSL 11:cee25a834751 22054
wolfSSL 11:cee25a834751 22055 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 11:cee25a834751 22056 int wolfSSL_AsyncPop(WOLFSSL* ssl, byte* state)
wolfSSL 11:cee25a834751 22057 {
wolfSSL 11:cee25a834751 22058 int ret = 0;
wolfSSL 11:cee25a834751 22059 WC_ASYNC_DEV* asyncDev;
wolfSSL 11:cee25a834751 22060 WOLF_EVENT* event;
wolfSSL 11:cee25a834751 22061
wolfSSL 11:cee25a834751 22062 if (ssl == NULL) {
wolfSSL 11:cee25a834751 22063 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 22064 }
wolfSSL 11:cee25a834751 22065
wolfSSL 11:cee25a834751 22066 /* check for pending async */
wolfSSL 11:cee25a834751 22067 asyncDev = ssl->async.dev;
wolfSSL 11:cee25a834751 22068 if (asyncDev) {
wolfSSL 11:cee25a834751 22069 /* grab event pointer */
wolfSSL 11:cee25a834751 22070 event = &asyncDev->event;
wolfSSL 11:cee25a834751 22071
wolfSSL 11:cee25a834751 22072 ret = wolfAsync_EventPop(event, WOLF_EVENT_TYPE_ASYNC_WOLFSSL);
wolfSSL 11:cee25a834751 22073 if (ret != WC_NOT_PENDING_E && ret != WC_PENDING_E) {
wolfSSL 11:cee25a834751 22074
wolfSSL 11:cee25a834751 22075 /* advance key share state if doesn't need called again */
wolfSSL 11:cee25a834751 22076 if (state && (asyncDev->event.flags & WC_ASYNC_FLAG_CALL_AGAIN) == 0) {
wolfSSL 11:cee25a834751 22077 (*state)++;
wolfSSL 11:cee25a834751 22078 }
wolfSSL 11:cee25a834751 22079
wolfSSL 11:cee25a834751 22080 /* clear event */
wolfSSL 11:cee25a834751 22081 XMEMSET(&asyncDev->event, 0, sizeof(WOLF_EVENT));
wolfSSL 11:cee25a834751 22082
wolfSSL 11:cee25a834751 22083 /* clear async dev */
wolfSSL 11:cee25a834751 22084 ssl->async.dev = NULL;
wolfSSL 11:cee25a834751 22085 }
wolfSSL 11:cee25a834751 22086 }
wolfSSL 11:cee25a834751 22087 else {
wolfSSL 11:cee25a834751 22088 ret = WC_NOT_PENDING_E;
wolfSSL 11:cee25a834751 22089 }
wolfSSL 11:cee25a834751 22090
wolfSSL 11:cee25a834751 22091 WOLFSSL_LEAVE("wolfSSL_AsyncPop", ret);
wolfSSL 11:cee25a834751 22092
wolfSSL 11:cee25a834751 22093 return ret;
wolfSSL 11:cee25a834751 22094 }
wolfSSL 11:cee25a834751 22095
wolfSSL 11:cee25a834751 22096 int wolfSSL_AsyncPush(WOLFSSL* ssl, WC_ASYNC_DEV* asyncDev, word32 flags)
wolfSSL 11:cee25a834751 22097 {
wolfSSL 11:cee25a834751 22098 int ret;
wolfSSL 11:cee25a834751 22099 WOLF_EVENT* event;
wolfSSL 11:cee25a834751 22100
wolfSSL 11:cee25a834751 22101 if (ssl == NULL || asyncDev == NULL) {
wolfSSL 11:cee25a834751 22102 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 22103 }
wolfSSL 11:cee25a834751 22104
wolfSSL 11:cee25a834751 22105 /* grab event pointer */
wolfSSL 11:cee25a834751 22106 event = &asyncDev->event;
wolfSSL 11:cee25a834751 22107
wolfSSL 11:cee25a834751 22108 /* init event */
wolfSSL 11:cee25a834751 22109 ret = wolfAsync_EventInit(event, WOLF_EVENT_TYPE_ASYNC_WOLFSSL, ssl, flags);
wolfSSL 11:cee25a834751 22110 if (ret == 0) {
wolfSSL 11:cee25a834751 22111 ssl->async.dev = asyncDev;
wolfSSL 11:cee25a834751 22112
wolfSSL 11:cee25a834751 22113 /* place event into queue */
wolfSSL 11:cee25a834751 22114 ret = wolfAsync_EventQueuePush(&ssl->ctx->event_queue, event);
wolfSSL 11:cee25a834751 22115 }
wolfSSL 11:cee25a834751 22116
wolfSSL 11:cee25a834751 22117 /* success means return WC_PENDING_E */
wolfSSL 11:cee25a834751 22118 if (ret == 0) {
wolfSSL 11:cee25a834751 22119 ret = WC_PENDING_E;
wolfSSL 11:cee25a834751 22120 }
wolfSSL 11:cee25a834751 22121
wolfSSL 11:cee25a834751 22122 WOLFSSL_LEAVE("wolfSSL_AsyncPush", ret);
wolfSSL 11:cee25a834751 22123
wolfSSL 11:cee25a834751 22124 return ret;
wolfSSL 11:cee25a834751 22125 }
wolfSSL 11:cee25a834751 22126
wolfSSL 11:cee25a834751 22127 #endif /* WOLFSSL_ASYNC_CRYPT */
wolfSSL 11:cee25a834751 22128
wolfSSL 11:cee25a834751 22129
wolfSSL 11:cee25a834751 22130 #undef ERROR_OUT
wolfSSL 11:cee25a834751 22131
wolfSSL 11:cee25a834751 22132 #endif /* WOLFCRYPT_ONLY */
wolfSSL 11:cee25a834751 22133