wolf SSL / wolfSSL

wolfSSL SSL/TLS library, support up to TLS1.3

Dependents:   CyaSSL-Twitter-OAuth4Tw Example-client-tls-cert TwitterReader TweetTest ... more

src/ssl.c@11:cee25a834751, 2017-05-30 (annotated)

Committer:
wolfSSL
Date:
Tue May 30 01:44:10 2017 +0000
Revision:
11:cee25a834751
wolfSSL 3.11.0

Who changed what in which revision?

UserRevisionLine numberNew contents of line
wolfSSL 11:cee25a834751 1 /* ssl.c
wolfSSL 11:cee25a834751 2 *
wolfSSL 11:cee25a834751 3 * Copyright (C) 2006-2016 wolfSSL Inc.
wolfSSL 11:cee25a834751 4 *
wolfSSL 11:cee25a834751 5 * This file is part of wolfSSL.
wolfSSL 11:cee25a834751 6 *
wolfSSL 11:cee25a834751 7 * wolfSSL is free software; you can redistribute it and/or modify
wolfSSL 11:cee25a834751 8 * it under the terms of the GNU General Public License as published by
wolfSSL 11:cee25a834751 9 * the Free Software Foundation; either version 2 of the License, or
wolfSSL 11:cee25a834751 10 * (at your option) any later version.
wolfSSL 11:cee25a834751 11 *
wolfSSL 11:cee25a834751 12 * wolfSSL is distributed in the hope that it will be useful,
wolfSSL 11:cee25a834751 13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
wolfSSL 11:cee25a834751 14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
wolfSSL 11:cee25a834751 15 * GNU General Public License for more details.
wolfSSL 11:cee25a834751 16 *
wolfSSL 11:cee25a834751 17 * You should have received a copy of the GNU General Public License
wolfSSL 11:cee25a834751 18 * along with this program; if not, write to the Free Software
wolfSSL 11:cee25a834751 19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
wolfSSL 11:cee25a834751 20 */
wolfSSL 11:cee25a834751 21
wolfSSL 11:cee25a834751 22
wolfSSL 11:cee25a834751 23 #ifdef HAVE_CONFIG_H
wolfSSL 11:cee25a834751 24 #include <config.h>
wolfSSL 11:cee25a834751 25 #endif
wolfSSL 11:cee25a834751 26
wolfSSL 11:cee25a834751 27 #include <wolfssl/wolfcrypt/settings.h>
wolfSSL 11:cee25a834751 28
wolfSSL 11:cee25a834751 29 #ifndef WOLFCRYPT_ONLY
wolfSSL 11:cee25a834751 30
wolfSSL 11:cee25a834751 31 #ifdef HAVE_ERRNO_H
wolfSSL 11:cee25a834751 32 #include <errno.h>
wolfSSL 11:cee25a834751 33 #endif
wolfSSL 11:cee25a834751 34
wolfSSL 11:cee25a834751 35 #include <wolfssl/internal.h>
wolfSSL 11:cee25a834751 36 #include <wolfssl/error-ssl.h>
wolfSSL 11:cee25a834751 37 #include <wolfssl/wolfcrypt/coding.h>
wolfSSL 11:cee25a834751 38 #ifdef NO_INLINE
wolfSSL 11:cee25a834751 39 #include <wolfssl/wolfcrypt/misc.h>
wolfSSL 11:cee25a834751 40 #else
wolfSSL 11:cee25a834751 41 #define WOLFSSL_MISC_INCLUDED
wolfSSL 11:cee25a834751 42 #include <wolfcrypt/src/misc.c>
wolfSSL 11:cee25a834751 43 #endif
wolfSSL 11:cee25a834751 44
wolfSSL 11:cee25a834751 45
wolfSSL 11:cee25a834751 46 #ifndef WOLFSSL_ALLOW_NO_SUITES
wolfSSL 11:cee25a834751 47 #if defined(NO_DH) && !defined(HAVE_ECC) && !defined(WOLFSSL_STATIC_RSA) \
wolfSSL 11:cee25a834751 48 && !defined(WOLFSSL_STATIC_DH) && !defined(WOLFSSL_STATIC_PSK)
wolfSSL 11:cee25a834751 49 #error "No cipher suites defined because DH disabled, ECC disabled, and no static suites defined. Please see top of README"
wolfSSL 11:cee25a834751 50 #endif
wolfSSL 11:cee25a834751 51 #endif
wolfSSL 11:cee25a834751 52
wolfSSL 11:cee25a834751 53 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) || \
wolfSSL 11:cee25a834751 54 defined(WOLFSSL_KEY_GEN)
wolfSSL 11:cee25a834751 55 #include <wolfssl/openssl/evp.h>
wolfSSL 11:cee25a834751 56 /* openssl headers end, wolfssl internal headers next */
wolfSSL 11:cee25a834751 57 #include <wolfssl/wolfcrypt/wc_encrypt.h>
wolfSSL 11:cee25a834751 58 #endif
wolfSSL 11:cee25a834751 59
wolfSSL 11:cee25a834751 60 #ifdef OPENSSL_EXTRA
wolfSSL 11:cee25a834751 61 /* openssl headers begin */
wolfSSL 11:cee25a834751 62 #include <wolfssl/openssl/hmac.h>
wolfSSL 11:cee25a834751 63 #include <wolfssl/openssl/crypto.h>
wolfSSL 11:cee25a834751 64 #include <wolfssl/openssl/des.h>
wolfSSL 11:cee25a834751 65 #include <wolfssl/openssl/bn.h>
wolfSSL 11:cee25a834751 66 #include <wolfssl/openssl/dh.h>
wolfSSL 11:cee25a834751 67 #include <wolfssl/openssl/rsa.h>
wolfSSL 11:cee25a834751 68 #include <wolfssl/openssl/pem.h>
wolfSSL 11:cee25a834751 69 #include <wolfssl/openssl/ec.h>
wolfSSL 11:cee25a834751 70 #include <wolfssl/openssl/ec25519.h>
wolfSSL 11:cee25a834751 71 #include <wolfssl/openssl/ed25519.h>
wolfSSL 11:cee25a834751 72 #include <wolfssl/openssl/ecdsa.h>
wolfSSL 11:cee25a834751 73 #include <wolfssl/openssl/ecdh.h>
wolfSSL 11:cee25a834751 74 /* openssl headers end, wolfssl internal headers next */
wolfSSL 11:cee25a834751 75 #include <wolfssl/wolfcrypt/hmac.h>
wolfSSL 11:cee25a834751 76 #include <wolfssl/wolfcrypt/random.h>
wolfSSL 11:cee25a834751 77 #include <wolfssl/wolfcrypt/des3.h>
wolfSSL 11:cee25a834751 78 #include <wolfssl/wolfcrypt/md4.h>
wolfSSL 11:cee25a834751 79 #include <wolfssl/wolfcrypt/md5.h>
wolfSSL 11:cee25a834751 80 #include <wolfssl/wolfcrypt/arc4.h>
wolfSSL 11:cee25a834751 81 #include <wolfssl/wolfcrypt/idea.h>
wolfSSL 11:cee25a834751 82 #include <wolfssl/wolfcrypt/curve25519.h>
wolfSSL 11:cee25a834751 83 #include <wolfssl/wolfcrypt/ed25519.h>
wolfSSL 11:cee25a834751 84 #ifdef HAVE_STUNNEL
wolfSSL 11:cee25a834751 85 #include <wolfssl/openssl/ocsp.h>
wolfSSL 11:cee25a834751 86 #endif /* WITH_STUNNEL */
wolfSSL 11:cee25a834751 87 #ifdef WOLFSSL_SHA512
wolfSSL 11:cee25a834751 88 #include <wolfssl/wolfcrypt/sha512.h>
wolfSSL 11:cee25a834751 89 #endif
wolfSSL 11:cee25a834751 90 #endif
wolfSSL 11:cee25a834751 91
wolfSSL 11:cee25a834751 92 #ifdef NO_ASN
wolfSSL 11:cee25a834751 93 #include <wolfssl/wolfcrypt/dh.h>
wolfSSL 11:cee25a834751 94 #endif
wolfSSL 11:cee25a834751 95
wolfSSL 11:cee25a834751 96
wolfSSL 11:cee25a834751 97 #ifndef WOLFSSL_LEANPSK
wolfSSL 11:cee25a834751 98 char* mystrnstr(const char* s1, const char* s2, unsigned int n)
wolfSSL 11:cee25a834751 99 {
wolfSSL 11:cee25a834751 100 unsigned int s2_len = (unsigned int)XSTRLEN(s2);
wolfSSL 11:cee25a834751 101
wolfSSL 11:cee25a834751 102 if (s2_len == 0)
wolfSSL 11:cee25a834751 103 return (char*)s1;
wolfSSL 11:cee25a834751 104
wolfSSL 11:cee25a834751 105 while (n >= s2_len && s1[0]) {
wolfSSL 11:cee25a834751 106 if (s1[0] == s2[0])
wolfSSL 11:cee25a834751 107 if (XMEMCMP(s1, s2, s2_len) == 0)
wolfSSL 11:cee25a834751 108 return (char*)s1;
wolfSSL 11:cee25a834751 109 s1++;
wolfSSL 11:cee25a834751 110 n--;
wolfSSL 11:cee25a834751 111 }
wolfSSL 11:cee25a834751 112
wolfSSL 11:cee25a834751 113 return NULL;
wolfSSL 11:cee25a834751 114 }
wolfSSL 11:cee25a834751 115 #endif
wolfSSL 11:cee25a834751 116
wolfSSL 11:cee25a834751 117 #ifdef WOLFSSL_SESSION_EXPORT
wolfSSL 11:cee25a834751 118 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 119 int wolfSSL_dtls_import(WOLFSSL* ssl, unsigned char* buf, unsigned int sz)
wolfSSL 11:cee25a834751 120 {
wolfSSL 11:cee25a834751 121 WOLFSSL_ENTER("wolfSSL_session_import");
wolfSSL 11:cee25a834751 122
wolfSSL 11:cee25a834751 123 if (ssl == NULL || buf == NULL) {
wolfSSL 11:cee25a834751 124 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 125 }
wolfSSL 11:cee25a834751 126
wolfSSL 11:cee25a834751 127 /* sanity checks on buffer and protocol are done in internal function */
wolfSSL 11:cee25a834751 128 return wolfSSL_dtls_import_internal(ssl, buf, sz);
wolfSSL 11:cee25a834751 129 }
wolfSSL 11:cee25a834751 130
wolfSSL 11:cee25a834751 131
wolfSSL 11:cee25a834751 132 /* Sets the function to call for serializing the session. This function is
wolfSSL 11:cee25a834751 133 * called right after the handshake is completed. */
wolfSSL 11:cee25a834751 134 int wolfSSL_CTX_dtls_set_export(WOLFSSL_CTX* ctx, wc_dtls_export func)
wolfSSL 11:cee25a834751 135 {
wolfSSL 11:cee25a834751 136
wolfSSL 11:cee25a834751 137 WOLFSSL_ENTER("wolfSSL_CTX_dtls_set_export");
wolfSSL 11:cee25a834751 138
wolfSSL 11:cee25a834751 139 /* purposefully allow func to be NULL */
wolfSSL 11:cee25a834751 140 if (ctx == NULL) {
wolfSSL 11:cee25a834751 141 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 142 }
wolfSSL 11:cee25a834751 143
wolfSSL 11:cee25a834751 144 ctx->dtls_export = func;
wolfSSL 11:cee25a834751 145
wolfSSL 11:cee25a834751 146 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 147 }
wolfSSL 11:cee25a834751 148
wolfSSL 11:cee25a834751 149
wolfSSL 11:cee25a834751 150 /* Sets the function in WOLFSSL struct to call for serializing the session. This
wolfSSL 11:cee25a834751 151 * function is called right after the handshake is completed. */
wolfSSL 11:cee25a834751 152 int wolfSSL_dtls_set_export(WOLFSSL* ssl, wc_dtls_export func)
wolfSSL 11:cee25a834751 153 {
wolfSSL 11:cee25a834751 154
wolfSSL 11:cee25a834751 155 WOLFSSL_ENTER("wolfSSL_dtls_set_export");
wolfSSL 11:cee25a834751 156
wolfSSL 11:cee25a834751 157 /* purposefully allow func to be NULL */
wolfSSL 11:cee25a834751 158 if (ssl == NULL) {
wolfSSL 11:cee25a834751 159 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 160 }
wolfSSL 11:cee25a834751 161
wolfSSL 11:cee25a834751 162 ssl->dtls_export = func;
wolfSSL 11:cee25a834751 163
wolfSSL 11:cee25a834751 164 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 165 }
wolfSSL 11:cee25a834751 166
wolfSSL 11:cee25a834751 167
wolfSSL 11:cee25a834751 168 /* This function allows for directly serializing a session rather than using
wolfSSL 11:cee25a834751 169 * callbacks. It has less overhead by removing a temporary buffer and gives
wolfSSL 11:cee25a834751 170 * control over when the session gets serialized. When using callbacks the
wolfSSL 11:cee25a834751 171 * session is always serialized immediatly after the handshake is finished.
wolfSSL 11:cee25a834751 172 *
wolfSSL 11:cee25a834751 173 * buf is the argument to contain the serialized session
wolfSSL 11:cee25a834751 174 * sz is the size of the buffer passed in
wolfSSL 11:cee25a834751 175 * ssl is the WOLFSSL struct to serialize
wolfSSL 11:cee25a834751 176 * returns the size of serialized session on success, 0 on no action, and
wolfSSL 11:cee25a834751 177 * negative value on error */
wolfSSL 11:cee25a834751 178 int wolfSSL_dtls_export(WOLFSSL* ssl, unsigned char* buf, unsigned int* sz)
wolfSSL 11:cee25a834751 179 {
wolfSSL 11:cee25a834751 180 WOLFSSL_ENTER("wolfSSL_dtls_export");
wolfSSL 11:cee25a834751 181
wolfSSL 11:cee25a834751 182 if (ssl == NULL || sz == NULL) {
wolfSSL 11:cee25a834751 183 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 184 }
wolfSSL 11:cee25a834751 185
wolfSSL 11:cee25a834751 186 if (buf == NULL) {
wolfSSL 11:cee25a834751 187 *sz = MAX_EXPORT_BUFFER;
wolfSSL 11:cee25a834751 188 return 0;
wolfSSL 11:cee25a834751 189 }
wolfSSL 11:cee25a834751 190
wolfSSL 11:cee25a834751 191 /* if not DTLS do nothing */
wolfSSL 11:cee25a834751 192 if (!ssl->options.dtls) {
wolfSSL 11:cee25a834751 193 WOLFSSL_MSG("Currently only DTLS export is supported");
wolfSSL 11:cee25a834751 194 return 0;
wolfSSL 11:cee25a834751 195 }
wolfSSL 11:cee25a834751 196
wolfSSL 11:cee25a834751 197 /* copy over keys, options, and dtls state struct */
wolfSSL 11:cee25a834751 198 return wolfSSL_dtls_export_internal(ssl, buf, *sz);
wolfSSL 11:cee25a834751 199 }
wolfSSL 11:cee25a834751 200
wolfSSL 11:cee25a834751 201
wolfSSL 11:cee25a834751 202 /* returns 0 on success */
wolfSSL 11:cee25a834751 203 int wolfSSL_send_session(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 204 {
wolfSSL 11:cee25a834751 205 int ret;
wolfSSL 11:cee25a834751 206 byte* buf;
wolfSSL 11:cee25a834751 207 word16 bufSz = MAX_EXPORT_BUFFER;
wolfSSL 11:cee25a834751 208
wolfSSL 11:cee25a834751 209 WOLFSSL_ENTER("wolfSSL_send_session");
wolfSSL 11:cee25a834751 210
wolfSSL 11:cee25a834751 211 if (ssl == NULL) {
wolfSSL 11:cee25a834751 212 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 213 }
wolfSSL 11:cee25a834751 214
wolfSSL 11:cee25a834751 215 buf = (byte*)XMALLOC(bufSz, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 216 if (buf == NULL) {
wolfSSL 11:cee25a834751 217 return MEMORY_E;
wolfSSL 11:cee25a834751 218 }
wolfSSL 11:cee25a834751 219
wolfSSL 11:cee25a834751 220 /* if not DTLS do nothing */
wolfSSL 11:cee25a834751 221 if (!ssl->options.dtls) {
wolfSSL 11:cee25a834751 222 XFREE(buf, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 223 WOLFSSL_MSG("Currently only DTLS export is supported");
wolfSSL 11:cee25a834751 224 return 0;
wolfSSL 11:cee25a834751 225 }
wolfSSL 11:cee25a834751 226
wolfSSL 11:cee25a834751 227 /* copy over keys, options, and dtls state struct */
wolfSSL 11:cee25a834751 228 ret = wolfSSL_dtls_export_internal(ssl, buf, bufSz);
wolfSSL 11:cee25a834751 229 if (ret < 0) {
wolfSSL 11:cee25a834751 230 XFREE(buf, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 231 return ret;
wolfSSL 11:cee25a834751 232 }
wolfSSL 11:cee25a834751 233
wolfSSL 11:cee25a834751 234 /* if no error ret has size of buffer */
wolfSSL 11:cee25a834751 235 ret = ssl->dtls_export(ssl, buf, ret, NULL);
wolfSSL 11:cee25a834751 236 if (ret != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 237 XFREE(buf, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 238 return ret;
wolfSSL 11:cee25a834751 239 }
wolfSSL 11:cee25a834751 240
wolfSSL 11:cee25a834751 241 XFREE(buf, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 242 return 0;
wolfSSL 11:cee25a834751 243 }
wolfSSL 11:cee25a834751 244 #endif /* WOLFSSL_DTLS */
wolfSSL 11:cee25a834751 245 #endif /* WOLFSSL_SESSION_EXPORT */
wolfSSL 11:cee25a834751 246
wolfSSL 11:cee25a834751 247
wolfSSL 11:cee25a834751 248 /* prevent multiple mutex initializations */
wolfSSL 11:cee25a834751 249 static volatile int initRefCount = 0;
wolfSSL 11:cee25a834751 250 static wolfSSL_Mutex count_mutex; /* init ref count mutex */
wolfSSL 11:cee25a834751 251
wolfSSL 11:cee25a834751 252
wolfSSL 11:cee25a834751 253 /* Create a new WOLFSSL_CTX struct and return the pointer to created struct.
wolfSSL 11:cee25a834751 254 WOLFSSL_METHOD pointer passed in is given to ctx to manage.
wolfSSL 11:cee25a834751 255 This function frees the passed in WOLFSSL_METHOD struct on failure and on
wolfSSL 11:cee25a834751 256 success is freed when ctx is freed.
wolfSSL 11:cee25a834751 257 */
wolfSSL 11:cee25a834751 258 WOLFSSL_CTX* wolfSSL_CTX_new_ex(WOLFSSL_METHOD* method, void* heap)
wolfSSL 11:cee25a834751 259 {
wolfSSL 11:cee25a834751 260 WOLFSSL_CTX* ctx = NULL;
wolfSSL 11:cee25a834751 261
wolfSSL 11:cee25a834751 262 WOLFSSL_ENTER("WOLFSSL_CTX_new_ex");
wolfSSL 11:cee25a834751 263
wolfSSL 11:cee25a834751 264 if (initRefCount == 0) {
wolfSSL 11:cee25a834751 265 /* user no longer forced to call Init themselves */
wolfSSL 11:cee25a834751 266 int ret = wolfSSL_Init();
wolfSSL 11:cee25a834751 267 if (ret != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 268 WOLFSSL_MSG("wolfSSL_Init failed");
wolfSSL 11:cee25a834751 269 WOLFSSL_LEAVE("WOLFSSL_CTX_new", 0);
wolfSSL 11:cee25a834751 270 if (method != NULL) {
wolfSSL 11:cee25a834751 271 XFREE(method, heap, DYNAMIC_TYPE_METHOD);
wolfSSL 11:cee25a834751 272 }
wolfSSL 11:cee25a834751 273 return NULL;
wolfSSL 11:cee25a834751 274 }
wolfSSL 11:cee25a834751 275 }
wolfSSL 11:cee25a834751 276
wolfSSL 11:cee25a834751 277 if (method == NULL)
wolfSSL 11:cee25a834751 278 return ctx;
wolfSSL 11:cee25a834751 279
wolfSSL 11:cee25a834751 280 ctx = (WOLFSSL_CTX*) XMALLOC(sizeof(WOLFSSL_CTX), heap, DYNAMIC_TYPE_CTX);
wolfSSL 11:cee25a834751 281 if (ctx) {
wolfSSL 11:cee25a834751 282 if (InitSSL_Ctx(ctx, method, heap) < 0) {
wolfSSL 11:cee25a834751 283 WOLFSSL_MSG("Init CTX failed");
wolfSSL 11:cee25a834751 284 wolfSSL_CTX_free(ctx);
wolfSSL 11:cee25a834751 285 ctx = NULL;
wolfSSL 11:cee25a834751 286 }
wolfSSL 11:cee25a834751 287 }
wolfSSL 11:cee25a834751 288 else {
wolfSSL 11:cee25a834751 289 WOLFSSL_MSG("Alloc CTX failed, method freed");
wolfSSL 11:cee25a834751 290 XFREE(method, heap, DYNAMIC_TYPE_METHOD);
wolfSSL 11:cee25a834751 291 }
wolfSSL 11:cee25a834751 292
wolfSSL 11:cee25a834751 293 WOLFSSL_LEAVE("WOLFSSL_CTX_new", 0);
wolfSSL 11:cee25a834751 294 return ctx;
wolfSSL 11:cee25a834751 295 }
wolfSSL 11:cee25a834751 296
wolfSSL 11:cee25a834751 297
wolfSSL 11:cee25a834751 298 WOLFSSL_CTX* wolfSSL_CTX_new(WOLFSSL_METHOD* method)
wolfSSL 11:cee25a834751 299 {
wolfSSL 11:cee25a834751 300 #ifdef WOLFSSL_HEAP_TEST
wolfSSL 11:cee25a834751 301 /* if testing the heap hint then set top level CTX to have test value */
wolfSSL 11:cee25a834751 302 return wolfSSL_CTX_new_ex(method, (void*)WOLFSSL_HEAP_TEST);
wolfSSL 11:cee25a834751 303 #else
wolfSSL 11:cee25a834751 304 return wolfSSL_CTX_new_ex(method, NULL);
wolfSSL 11:cee25a834751 305 #endif
wolfSSL 11:cee25a834751 306 }
wolfSSL 11:cee25a834751 307
wolfSSL 11:cee25a834751 308
wolfSSL 11:cee25a834751 309 void wolfSSL_CTX_free(WOLFSSL_CTX* ctx)
wolfSSL 11:cee25a834751 310 {
wolfSSL 11:cee25a834751 311 WOLFSSL_ENTER("SSL_CTX_free");
wolfSSL 11:cee25a834751 312 if (ctx)
wolfSSL 11:cee25a834751 313 FreeSSL_Ctx(ctx);
wolfSSL 11:cee25a834751 314 WOLFSSL_LEAVE("SSL_CTX_free", 0);
wolfSSL 11:cee25a834751 315 }
wolfSSL 11:cee25a834751 316
wolfSSL 11:cee25a834751 317
wolfSSL 11:cee25a834751 318 #ifdef SINGLE_THREADED
wolfSSL 11:cee25a834751 319 /* no locking in single threaded mode, allow a CTX level rng to be shared with
wolfSSL 11:cee25a834751 320 * WOLFSSL objects, SSL_SUCCESS on ok */
wolfSSL 11:cee25a834751 321 int wolfSSL_CTX_new_rng(WOLFSSL_CTX* ctx)
wolfSSL 11:cee25a834751 322 {
wolfSSL 11:cee25a834751 323 WC_RNG* rng;
wolfSSL 11:cee25a834751 324 int ret;
wolfSSL 11:cee25a834751 325
wolfSSL 11:cee25a834751 326 if (ctx == NULL) {
wolfSSL 11:cee25a834751 327 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 328 }
wolfSSL 11:cee25a834751 329
wolfSSL 11:cee25a834751 330 rng = XMALLOC(sizeof(WC_RNG), ctx->heap, DYNAMIC_TYPE_RNG);
wolfSSL 11:cee25a834751 331 if (rng == NULL) {
wolfSSL 11:cee25a834751 332 return MEMORY_E;
wolfSSL 11:cee25a834751 333 }
wolfSSL 11:cee25a834751 334
wolfSSL 11:cee25a834751 335 #ifndef HAVE_FIPS
wolfSSL 11:cee25a834751 336 ret = wc_InitRng_ex(rng, ctx->heap, ctx->devId);
wolfSSL 11:cee25a834751 337 #else
wolfSSL 11:cee25a834751 338 ret = wc_InitRng(rng);
wolfSSL 11:cee25a834751 339 #endif
wolfSSL 11:cee25a834751 340 if (ret != 0) {
wolfSSL 11:cee25a834751 341 XFREE(rng, ctx->heap, DYNAMIC_TYPE_RNG);
wolfSSL 11:cee25a834751 342 return ret;
wolfSSL 11:cee25a834751 343 }
wolfSSL 11:cee25a834751 344
wolfSSL 11:cee25a834751 345 ctx->rng = rng;
wolfSSL 11:cee25a834751 346 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 347 }
wolfSSL 11:cee25a834751 348 #endif
wolfSSL 11:cee25a834751 349
wolfSSL 11:cee25a834751 350
wolfSSL 11:cee25a834751 351 WOLFSSL* wolfSSL_new(WOLFSSL_CTX* ctx)
wolfSSL 11:cee25a834751 352 {
wolfSSL 11:cee25a834751 353 WOLFSSL* ssl = NULL;
wolfSSL 11:cee25a834751 354 int ret = 0;
wolfSSL 11:cee25a834751 355
wolfSSL 11:cee25a834751 356 (void)ret;
wolfSSL 11:cee25a834751 357 WOLFSSL_ENTER("SSL_new");
wolfSSL 11:cee25a834751 358
wolfSSL 11:cee25a834751 359 if (ctx == NULL)
wolfSSL 11:cee25a834751 360 return ssl;
wolfSSL 11:cee25a834751 361
wolfSSL 11:cee25a834751 362 ssl = (WOLFSSL*) XMALLOC(sizeof(WOLFSSL), ctx->heap, DYNAMIC_TYPE_SSL);
wolfSSL 11:cee25a834751 363 if (ssl)
wolfSSL 11:cee25a834751 364 if ( (ret = InitSSL(ssl, ctx, 0)) < 0) {
wolfSSL 11:cee25a834751 365 FreeSSL(ssl, ctx->heap);
wolfSSL 11:cee25a834751 366 ssl = 0;
wolfSSL 11:cee25a834751 367 }
wolfSSL 11:cee25a834751 368
wolfSSL 11:cee25a834751 369 WOLFSSL_LEAVE("SSL_new", ret);
wolfSSL 11:cee25a834751 370 return ssl;
wolfSSL 11:cee25a834751 371 }
wolfSSL 11:cee25a834751 372
wolfSSL 11:cee25a834751 373
wolfSSL 11:cee25a834751 374 void wolfSSL_free(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 375 {
wolfSSL 11:cee25a834751 376 WOLFSSL_ENTER("SSL_free");
wolfSSL 11:cee25a834751 377 if (ssl)
wolfSSL 11:cee25a834751 378 FreeSSL(ssl, ssl->ctx->heap);
wolfSSL 11:cee25a834751 379 WOLFSSL_LEAVE("SSL_free", 0);
wolfSSL 11:cee25a834751 380 }
wolfSSL 11:cee25a834751 381
wolfSSL 11:cee25a834751 382
wolfSSL 11:cee25a834751 383 #ifdef HAVE_WRITE_DUP
wolfSSL 11:cee25a834751 384
wolfSSL 11:cee25a834751 385 /*
wolfSSL 11:cee25a834751 386 * Release resources around WriteDup object
wolfSSL 11:cee25a834751 387 *
wolfSSL 11:cee25a834751 388 * ssl WOLFSSL object
wolfSSL 11:cee25a834751 389 *
wolfSSL 11:cee25a834751 390 * no return, destruction so make best attempt
wolfSSL 11:cee25a834751 391 */
wolfSSL 11:cee25a834751 392 void FreeWriteDup(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 393 {
wolfSSL 11:cee25a834751 394 int doFree = 0;
wolfSSL 11:cee25a834751 395
wolfSSL 11:cee25a834751 396 WOLFSSL_ENTER("FreeWriteDup");
wolfSSL 11:cee25a834751 397
wolfSSL 11:cee25a834751 398 if (ssl->dupWrite) {
wolfSSL 11:cee25a834751 399 if (wc_LockMutex(&ssl->dupWrite->dupMutex) == 0) {
wolfSSL 11:cee25a834751 400 ssl->dupWrite->dupCount--;
wolfSSL 11:cee25a834751 401 if (ssl->dupWrite->dupCount == 0) {
wolfSSL 11:cee25a834751 402 doFree = 1;
wolfSSL 11:cee25a834751 403 } else {
wolfSSL 11:cee25a834751 404 WOLFSSL_MSG("WriteDup count not zero, no full free");
wolfSSL 11:cee25a834751 405 }
wolfSSL 11:cee25a834751 406 wc_UnLockMutex(&ssl->dupWrite->dupMutex);
wolfSSL 11:cee25a834751 407 }
wolfSSL 11:cee25a834751 408 }
wolfSSL 11:cee25a834751 409
wolfSSL 11:cee25a834751 410 if (doFree) {
wolfSSL 11:cee25a834751 411 WOLFSSL_MSG("Doing WriteDup full free, count to zero");
wolfSSL 11:cee25a834751 412 wc_FreeMutex(&ssl->dupWrite->dupMutex);
wolfSSL 11:cee25a834751 413 XFREE(ssl->dupWrite, ssl->heap, DYNAMIC_TYPE_WRITEDUP);
wolfSSL 11:cee25a834751 414 }
wolfSSL 11:cee25a834751 415 }
wolfSSL 11:cee25a834751 416
wolfSSL 11:cee25a834751 417
wolfSSL 11:cee25a834751 418 /*
wolfSSL 11:cee25a834751 419 * duplicate existing ssl members into dup needed for writing
wolfSSL 11:cee25a834751 420 *
wolfSSL 11:cee25a834751 421 * dup write only WOLFSSL
wolfSSL 11:cee25a834751 422 * ssl exisiting WOLFSSL
wolfSSL 11:cee25a834751 423 *
wolfSSL 11:cee25a834751 424 * 0 on success
wolfSSL 11:cee25a834751 425 */
wolfSSL 11:cee25a834751 426 static int DupSSL(WOLFSSL* dup, WOLFSSL* ssl)
wolfSSL 11:cee25a834751 427 {
wolfSSL 11:cee25a834751 428 /* shared dupWrite setup */
wolfSSL 11:cee25a834751 429 ssl->dupWrite = (WriteDup*)XMALLOC(sizeof(WriteDup), ssl->heap,
wolfSSL 11:cee25a834751 430 DYNAMIC_TYPE_WRITEDUP);
wolfSSL 11:cee25a834751 431 if (ssl->dupWrite == NULL) {
wolfSSL 11:cee25a834751 432 return MEMORY_E;
wolfSSL 11:cee25a834751 433 }
wolfSSL 11:cee25a834751 434 XMEMSET(ssl->dupWrite, 0, sizeof(WriteDup));
wolfSSL 11:cee25a834751 435
wolfSSL 11:cee25a834751 436 if (wc_InitMutex(&ssl->dupWrite->dupMutex) != 0) {
wolfSSL 11:cee25a834751 437 XFREE(ssl->dupWrite, ssl->heap, DYNAMIC_TYPE_WRITEDUP);
wolfSSL 11:cee25a834751 438 ssl->dupWrite = NULL;
wolfSSL 11:cee25a834751 439 return BAD_MUTEX_E;
wolfSSL 11:cee25a834751 440 }
wolfSSL 11:cee25a834751 441 ssl->dupWrite->dupCount = 2; /* both sides have a count to start */
wolfSSL 11:cee25a834751 442 dup->dupWrite = ssl->dupWrite ; /* each side uses */
wolfSSL 11:cee25a834751 443
wolfSSL 11:cee25a834751 444 /* copy write parts over to dup writer */
wolfSSL 11:cee25a834751 445 XMEMCPY(&dup->specs, &ssl->specs, sizeof(CipherSpecs));
wolfSSL 11:cee25a834751 446 XMEMCPY(&dup->options, &ssl->options, sizeof(Options));
wolfSSL 11:cee25a834751 447 XMEMCPY(&dup->keys, &ssl->keys, sizeof(Keys));
wolfSSL 11:cee25a834751 448 XMEMCPY(&dup->encrypt, &ssl->encrypt, sizeof(Ciphers));
wolfSSL 11:cee25a834751 449 /* dup side now owns encrypt/write ciphers */
wolfSSL 11:cee25a834751 450 XMEMSET(&ssl->encrypt, 0, sizeof(Ciphers));
wolfSSL 11:cee25a834751 451
wolfSSL 11:cee25a834751 452 dup->IOCB_WriteCtx = ssl->IOCB_WriteCtx;
wolfSSL 11:cee25a834751 453 dup->wfd = ssl->wfd;
wolfSSL 11:cee25a834751 454 dup->wflags = ssl->wflags;
wolfSSL 11:cee25a834751 455 dup->hmac = ssl->hmac;
wolfSSL 11:cee25a834751 456 #ifdef HAVE_TRUNCATED_HMAC
wolfSSL 11:cee25a834751 457 dup->truncated_hmac = ssl->truncated_hmac;
wolfSSL 11:cee25a834751 458 #endif
wolfSSL 11:cee25a834751 459
wolfSSL 11:cee25a834751 460 /* unique side dup setup */
wolfSSL 11:cee25a834751 461 dup->dupSide = WRITE_DUP_SIDE;
wolfSSL 11:cee25a834751 462 ssl->dupSide = READ_DUP_SIDE;
wolfSSL 11:cee25a834751 463
wolfSSL 11:cee25a834751 464 return 0;
wolfSSL 11:cee25a834751 465 }
wolfSSL 11:cee25a834751 466
wolfSSL 11:cee25a834751 467
wolfSSL 11:cee25a834751 468 /*
wolfSSL 11:cee25a834751 469 * duplicate a WOLFSSL object post handshake for writing only
wolfSSL 11:cee25a834751 470 * turn exisitng object into read only. Allows concurrent access from two
wolfSSL 11:cee25a834751 471 * different threads.
wolfSSL 11:cee25a834751 472 *
wolfSSL 11:cee25a834751 473 * ssl exisiting WOLFSSL object
wolfSSL 11:cee25a834751 474 *
wolfSSL 11:cee25a834751 475 * return dup'd WOLFSSL object on success
wolfSSL 11:cee25a834751 476 */
wolfSSL 11:cee25a834751 477 WOLFSSL* wolfSSL_write_dup(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 478 {
wolfSSL 11:cee25a834751 479 WOLFSSL* dup = NULL;
wolfSSL 11:cee25a834751 480 int ret = 0;
wolfSSL 11:cee25a834751 481
wolfSSL 11:cee25a834751 482 (void)ret;
wolfSSL 11:cee25a834751 483 WOLFSSL_ENTER("wolfSSL_write_dup");
wolfSSL 11:cee25a834751 484
wolfSSL 11:cee25a834751 485 if (ssl == NULL) {
wolfSSL 11:cee25a834751 486 return ssl;
wolfSSL 11:cee25a834751 487 }
wolfSSL 11:cee25a834751 488
wolfSSL 11:cee25a834751 489 if (ssl->options.handShakeDone == 0) {
wolfSSL 11:cee25a834751 490 WOLFSSL_MSG("wolfSSL_write_dup called before handshake complete");
wolfSSL 11:cee25a834751 491 return NULL;
wolfSSL 11:cee25a834751 492 }
wolfSSL 11:cee25a834751 493
wolfSSL 11:cee25a834751 494 if (ssl->dupWrite) {
wolfSSL 11:cee25a834751 495 WOLFSSL_MSG("wolfSSL_write_dup already called once");
wolfSSL 11:cee25a834751 496 return NULL;
wolfSSL 11:cee25a834751 497 }
wolfSSL 11:cee25a834751 498
wolfSSL 11:cee25a834751 499 dup = (WOLFSSL*) XMALLOC(sizeof(WOLFSSL), ssl->ctx->heap, DYNAMIC_TYPE_SSL);
wolfSSL 11:cee25a834751 500 if (dup) {
wolfSSL 11:cee25a834751 501 if ( (ret = InitSSL(dup, ssl->ctx, 1)) < 0) {
wolfSSL 11:cee25a834751 502 FreeSSL(dup, ssl->ctx->heap);
wolfSSL 11:cee25a834751 503 dup = NULL;
wolfSSL 11:cee25a834751 504 } else if ( (ret = DupSSL(dup, ssl) < 0)) {
wolfSSL 11:cee25a834751 505 FreeSSL(dup, ssl->ctx->heap);
wolfSSL 11:cee25a834751 506 dup = NULL;
wolfSSL 11:cee25a834751 507 }
wolfSSL 11:cee25a834751 508 }
wolfSSL 11:cee25a834751 509
wolfSSL 11:cee25a834751 510 WOLFSSL_LEAVE("wolfSSL_write_dup", ret);
wolfSSL 11:cee25a834751 511
wolfSSL 11:cee25a834751 512 return dup;
wolfSSL 11:cee25a834751 513 }
wolfSSL 11:cee25a834751 514
wolfSSL 11:cee25a834751 515
wolfSSL 11:cee25a834751 516 /*
wolfSSL 11:cee25a834751 517 * Notify write dup side of fatal error or close notify
wolfSSL 11:cee25a834751 518 *
wolfSSL 11:cee25a834751 519 * ssl WOLFSSL object
wolfSSL 11:cee25a834751 520 * err Notify err
wolfSSL 11:cee25a834751 521 *
wolfSSL 11:cee25a834751 522 * 0 on success
wolfSSL 11:cee25a834751 523 */
wolfSSL 11:cee25a834751 524 int NotifyWriteSide(WOLFSSL* ssl, int err)
wolfSSL 11:cee25a834751 525 {
wolfSSL 11:cee25a834751 526 int ret;
wolfSSL 11:cee25a834751 527
wolfSSL 11:cee25a834751 528 WOLFSSL_ENTER("NotifyWriteSide");
wolfSSL 11:cee25a834751 529
wolfSSL 11:cee25a834751 530 ret = wc_LockMutex(&ssl->dupWrite->dupMutex);
wolfSSL 11:cee25a834751 531 if (ret == 0) {
wolfSSL 11:cee25a834751 532 ssl->dupWrite->dupErr = err;
wolfSSL 11:cee25a834751 533 ret = wc_UnLockMutex(&ssl->dupWrite->dupMutex);
wolfSSL 11:cee25a834751 534 }
wolfSSL 11:cee25a834751 535
wolfSSL 11:cee25a834751 536 return ret;
wolfSSL 11:cee25a834751 537 }
wolfSSL 11:cee25a834751 538
wolfSSL 11:cee25a834751 539
wolfSSL 11:cee25a834751 540 #endif /* HAVE_WRITE_DUP */
wolfSSL 11:cee25a834751 541
wolfSSL 11:cee25a834751 542
wolfSSL 11:cee25a834751 543 #ifdef HAVE_POLY1305
wolfSSL 11:cee25a834751 544 /* set if to use old poly 1 for yes 0 to use new poly */
wolfSSL 11:cee25a834751 545 int wolfSSL_use_old_poly(WOLFSSL* ssl, int value)
wolfSSL 11:cee25a834751 546 {
wolfSSL 11:cee25a834751 547 WOLFSSL_ENTER("SSL_use_old_poly");
wolfSSL 11:cee25a834751 548 WOLFSSL_MSG("Warning SSL connection auto detects old/new and this function"
wolfSSL 11:cee25a834751 549 "is depriciated");
wolfSSL 11:cee25a834751 550 ssl->options.oldPoly = (word16)value;
wolfSSL 11:cee25a834751 551 WOLFSSL_LEAVE("SSL_use_old_poly", 0);
wolfSSL 11:cee25a834751 552 return 0;
wolfSSL 11:cee25a834751 553 }
wolfSSL 11:cee25a834751 554 #endif
wolfSSL 11:cee25a834751 555
wolfSSL 11:cee25a834751 556
wolfSSL 11:cee25a834751 557 int wolfSSL_set_fd(WOLFSSL* ssl, int fd)
wolfSSL 11:cee25a834751 558 {
wolfSSL 11:cee25a834751 559 int ret;
wolfSSL 11:cee25a834751 560
wolfSSL 11:cee25a834751 561 WOLFSSL_ENTER("SSL_set_fd");
wolfSSL 11:cee25a834751 562
wolfSSL 11:cee25a834751 563 if (ssl == NULL) {
wolfSSL 11:cee25a834751 564 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 565 }
wolfSSL 11:cee25a834751 566
wolfSSL 11:cee25a834751 567 ret = wolfSSL_set_read_fd(ssl, fd);
wolfSSL 11:cee25a834751 568 if (ret == SSL_SUCCESS) {
wolfSSL 11:cee25a834751 569 ret = wolfSSL_set_write_fd(ssl, fd);
wolfSSL 11:cee25a834751 570 }
wolfSSL 11:cee25a834751 571
wolfSSL 11:cee25a834751 572 return ret;
wolfSSL 11:cee25a834751 573 }
wolfSSL 11:cee25a834751 574
wolfSSL 11:cee25a834751 575
wolfSSL 11:cee25a834751 576 int wolfSSL_set_read_fd(WOLFSSL* ssl, int fd)
wolfSSL 11:cee25a834751 577 {
wolfSSL 11:cee25a834751 578 WOLFSSL_ENTER("SSL_set_read_fd");
wolfSSL 11:cee25a834751 579
wolfSSL 11:cee25a834751 580 if (ssl == NULL) {
wolfSSL 11:cee25a834751 581 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 582 }
wolfSSL 11:cee25a834751 583
wolfSSL 11:cee25a834751 584 ssl->rfd = fd; /* not used directly to allow IO callbacks */
wolfSSL 11:cee25a834751 585 ssl->IOCB_ReadCtx = &ssl->rfd;
wolfSSL 11:cee25a834751 586
wolfSSL 11:cee25a834751 587 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 588 if (ssl->options.dtls) {
wolfSSL 11:cee25a834751 589 ssl->IOCB_ReadCtx = &ssl->buffers.dtlsCtx;
wolfSSL 11:cee25a834751 590 ssl->buffers.dtlsCtx.rfd = fd;
wolfSSL 11:cee25a834751 591 }
wolfSSL 11:cee25a834751 592 #endif
wolfSSL 11:cee25a834751 593
wolfSSL 11:cee25a834751 594 WOLFSSL_LEAVE("SSL_set_read_fd", SSL_SUCCESS);
wolfSSL 11:cee25a834751 595 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 596 }
wolfSSL 11:cee25a834751 597
wolfSSL 11:cee25a834751 598
wolfSSL 11:cee25a834751 599 int wolfSSL_set_write_fd(WOLFSSL* ssl, int fd)
wolfSSL 11:cee25a834751 600 {
wolfSSL 11:cee25a834751 601 WOLFSSL_ENTER("SSL_set_write_fd");
wolfSSL 11:cee25a834751 602
wolfSSL 11:cee25a834751 603 if (ssl == NULL) {
wolfSSL 11:cee25a834751 604 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 605 }
wolfSSL 11:cee25a834751 606
wolfSSL 11:cee25a834751 607 ssl->wfd = fd; /* not used directly to allow IO callbacks */
wolfSSL 11:cee25a834751 608 ssl->IOCB_WriteCtx = &ssl->wfd;
wolfSSL 11:cee25a834751 609
wolfSSL 11:cee25a834751 610 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 611 if (ssl->options.dtls) {
wolfSSL 11:cee25a834751 612 ssl->IOCB_WriteCtx = &ssl->buffers.dtlsCtx;
wolfSSL 11:cee25a834751 613 ssl->buffers.dtlsCtx.wfd = fd;
wolfSSL 11:cee25a834751 614 }
wolfSSL 11:cee25a834751 615 #endif
wolfSSL 11:cee25a834751 616
wolfSSL 11:cee25a834751 617 WOLFSSL_LEAVE("SSL_set_write_fd", SSL_SUCCESS);
wolfSSL 11:cee25a834751 618 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 619 }
wolfSSL 11:cee25a834751 620
wolfSSL 11:cee25a834751 621
wolfSSL 11:cee25a834751 622 /**
wolfSSL 11:cee25a834751 623 * Get the name of cipher at priority level passed in.
wolfSSL 11:cee25a834751 624 */
wolfSSL 11:cee25a834751 625 char* wolfSSL_get_cipher_list(int priority)
wolfSSL 11:cee25a834751 626 {
wolfSSL 11:cee25a834751 627 const char* const* ciphers = GetCipherNames();
wolfSSL 11:cee25a834751 628
wolfSSL 11:cee25a834751 629 if (priority >= GetCipherNamesSize() || priority < 0) {
wolfSSL 11:cee25a834751 630 return 0;
wolfSSL 11:cee25a834751 631 }
wolfSSL 11:cee25a834751 632
wolfSSL 11:cee25a834751 633 return (char*)ciphers[priority];
wolfSSL 11:cee25a834751 634 }
wolfSSL 11:cee25a834751 635
wolfSSL 11:cee25a834751 636
wolfSSL 11:cee25a834751 637 int wolfSSL_get_ciphers(char* buf, int len)
wolfSSL 11:cee25a834751 638 {
wolfSSL 11:cee25a834751 639 const char* const* ciphers = GetCipherNames();
wolfSSL 11:cee25a834751 640 int totalInc = 0;
wolfSSL 11:cee25a834751 641 int step = 0;
wolfSSL 11:cee25a834751 642 char delim = ':';
wolfSSL 11:cee25a834751 643 int size = GetCipherNamesSize();
wolfSSL 11:cee25a834751 644 int i;
wolfSSL 11:cee25a834751 645
wolfSSL 11:cee25a834751 646 if (buf == NULL || len <= 0)
wolfSSL 11:cee25a834751 647 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 648
wolfSSL 11:cee25a834751 649 /* Add each member to the buffer delimited by a : */
wolfSSL 11:cee25a834751 650 for (i = 0; i < size; i++) {
wolfSSL 11:cee25a834751 651 step = (int)(XSTRLEN(ciphers[i]) + 1); /* delimiter */
wolfSSL 11:cee25a834751 652 totalInc += step;
wolfSSL 11:cee25a834751 653
wolfSSL 11:cee25a834751 654 /* Check to make sure buf is large enough and will not overflow */
wolfSSL 11:cee25a834751 655 if (totalInc < len) {
wolfSSL 11:cee25a834751 656 XSTRNCPY(buf, ciphers[i], XSTRLEN(ciphers[i]));
wolfSSL 11:cee25a834751 657 buf += XSTRLEN(ciphers[i]);
wolfSSL 11:cee25a834751 658
wolfSSL 11:cee25a834751 659 if (i < size - 1)
wolfSSL 11:cee25a834751 660 *buf++ = delim;
wolfSSL 11:cee25a834751 661 else
wolfSSL 11:cee25a834751 662 *buf++ = '\0';
wolfSSL 11:cee25a834751 663 }
wolfSSL 11:cee25a834751 664 else
wolfSSL 11:cee25a834751 665 return BUFFER_E;
wolfSSL 11:cee25a834751 666 }
wolfSSL 11:cee25a834751 667 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 668 }
wolfSSL 11:cee25a834751 669
wolfSSL 11:cee25a834751 670 const char* wolfSSL_get_shared_ciphers(WOLFSSL* ssl, char* buf, int len)
wolfSSL 11:cee25a834751 671 {
wolfSSL 11:cee25a834751 672 const char* cipher;
wolfSSL 11:cee25a834751 673
wolfSSL 11:cee25a834751 674 if (ssl == NULL)
wolfSSL 11:cee25a834751 675 return NULL;
wolfSSL 11:cee25a834751 676
wolfSSL 11:cee25a834751 677 cipher = wolfSSL_get_cipher_name_from_suite(ssl->options.cipherSuite,
wolfSSL 11:cee25a834751 678 ssl->options.cipherSuite0);
wolfSSL 11:cee25a834751 679 len = min(len, (int)(XSTRLEN(cipher) + 1));
wolfSSL 11:cee25a834751 680 XMEMCPY(buf, cipher, len);
wolfSSL 11:cee25a834751 681 return buf;
wolfSSL 11:cee25a834751 682 }
wolfSSL 11:cee25a834751 683
wolfSSL 11:cee25a834751 684 int wolfSSL_get_fd(const WOLFSSL* ssl)
wolfSSL 11:cee25a834751 685 {
wolfSSL 11:cee25a834751 686 WOLFSSL_ENTER("SSL_get_fd");
wolfSSL 11:cee25a834751 687 WOLFSSL_LEAVE("SSL_get_fd", ssl->rfd);
wolfSSL 11:cee25a834751 688 return ssl->rfd;
wolfSSL 11:cee25a834751 689 }
wolfSSL 11:cee25a834751 690
wolfSSL 11:cee25a834751 691
wolfSSL 11:cee25a834751 692 int wolfSSL_get_using_nonblock(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 693 {
wolfSSL 11:cee25a834751 694 WOLFSSL_ENTER("wolfSSL_get_using_nonblock");
wolfSSL 11:cee25a834751 695 WOLFSSL_LEAVE("wolfSSL_get_using_nonblock", ssl->options.usingNonblock);
wolfSSL 11:cee25a834751 696 return ssl->options.usingNonblock;
wolfSSL 11:cee25a834751 697 }
wolfSSL 11:cee25a834751 698
wolfSSL 11:cee25a834751 699
wolfSSL 11:cee25a834751 700 int wolfSSL_dtls(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 701 {
wolfSSL 11:cee25a834751 702 return ssl->options.dtls;
wolfSSL 11:cee25a834751 703 }
wolfSSL 11:cee25a834751 704
wolfSSL 11:cee25a834751 705
wolfSSL 11:cee25a834751 706 #ifndef WOLFSSL_LEANPSK
wolfSSL 11:cee25a834751 707 void wolfSSL_set_using_nonblock(WOLFSSL* ssl, int nonblock)
wolfSSL 11:cee25a834751 708 {
wolfSSL 11:cee25a834751 709 WOLFSSL_ENTER("wolfSSL_set_using_nonblock");
wolfSSL 11:cee25a834751 710 ssl->options.usingNonblock = (nonblock != 0);
wolfSSL 11:cee25a834751 711 }
wolfSSL 11:cee25a834751 712
wolfSSL 11:cee25a834751 713
wolfSSL 11:cee25a834751 714 int wolfSSL_dtls_set_peer(WOLFSSL* ssl, void* peer, unsigned int peerSz)
wolfSSL 11:cee25a834751 715 {
wolfSSL 11:cee25a834751 716 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 717 void* sa = (void*)XMALLOC(peerSz, ssl->heap, DYNAMIC_TYPE_SOCKADDR);
wolfSSL 11:cee25a834751 718 if (sa != NULL) {
wolfSSL 11:cee25a834751 719 if (ssl->buffers.dtlsCtx.peer.sa != NULL)
wolfSSL 11:cee25a834751 720 XFREE(ssl->buffers.dtlsCtx.peer.sa,ssl->heap,DYNAMIC_TYPE_SOCKADDR);
wolfSSL 11:cee25a834751 721 XMEMCPY(sa, peer, peerSz);
wolfSSL 11:cee25a834751 722 ssl->buffers.dtlsCtx.peer.sa = sa;
wolfSSL 11:cee25a834751 723 ssl->buffers.dtlsCtx.peer.sz = peerSz;
wolfSSL 11:cee25a834751 724 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 725 }
wolfSSL 11:cee25a834751 726 return SSL_FAILURE;
wolfSSL 11:cee25a834751 727 #else
wolfSSL 11:cee25a834751 728 (void)ssl;
wolfSSL 11:cee25a834751 729 (void)peer;
wolfSSL 11:cee25a834751 730 (void)peerSz;
wolfSSL 11:cee25a834751 731 return SSL_NOT_IMPLEMENTED;
wolfSSL 11:cee25a834751 732 #endif
wolfSSL 11:cee25a834751 733 }
wolfSSL 11:cee25a834751 734
wolfSSL 11:cee25a834751 735 int wolfSSL_dtls_get_peer(WOLFSSL* ssl, void* peer, unsigned int* peerSz)
wolfSSL 11:cee25a834751 736 {
wolfSSL 11:cee25a834751 737 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 738 if (ssl == NULL) {
wolfSSL 11:cee25a834751 739 return SSL_FAILURE;
wolfSSL 11:cee25a834751 740 }
wolfSSL 11:cee25a834751 741
wolfSSL 11:cee25a834751 742 if (peer != NULL && peerSz != NULL
wolfSSL 11:cee25a834751 743 && *peerSz >= ssl->buffers.dtlsCtx.peer.sz
wolfSSL 11:cee25a834751 744 && ssl->buffers.dtlsCtx.peer.sa != NULL) {
wolfSSL 11:cee25a834751 745 *peerSz = ssl->buffers.dtlsCtx.peer.sz;
wolfSSL 11:cee25a834751 746 XMEMCPY(peer, ssl->buffers.dtlsCtx.peer.sa, *peerSz);
wolfSSL 11:cee25a834751 747 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 748 }
wolfSSL 11:cee25a834751 749 return SSL_FAILURE;
wolfSSL 11:cee25a834751 750 #else
wolfSSL 11:cee25a834751 751 (void)ssl;
wolfSSL 11:cee25a834751 752 (void)peer;
wolfSSL 11:cee25a834751 753 (void)peerSz;
wolfSSL 11:cee25a834751 754 return SSL_NOT_IMPLEMENTED;
wolfSSL 11:cee25a834751 755 #endif
wolfSSL 11:cee25a834751 756 }
wolfSSL 11:cee25a834751 757
wolfSSL 11:cee25a834751 758
wolfSSL 11:cee25a834751 759 #if defined(WOLFSSL_SCTP) && defined(WOLFSSL_DTLS)
wolfSSL 11:cee25a834751 760
wolfSSL 11:cee25a834751 761 int wolfSSL_CTX_dtls_set_sctp(WOLFSSL_CTX* ctx)
wolfSSL 11:cee25a834751 762 {
wolfSSL 11:cee25a834751 763 WOLFSSL_ENTER("wolfSSL_CTX_dtls_set_sctp()");
wolfSSL 11:cee25a834751 764
wolfSSL 11:cee25a834751 765 if (ctx == NULL)
wolfSSL 11:cee25a834751 766 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 767
wolfSSL 11:cee25a834751 768 ctx->dtlsSctp = 1;
wolfSSL 11:cee25a834751 769 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 770 }
wolfSSL 11:cee25a834751 771
wolfSSL 11:cee25a834751 772
wolfSSL 11:cee25a834751 773 int wolfSSL_dtls_set_sctp(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 774 {
wolfSSL 11:cee25a834751 775 WOLFSSL_ENTER("wolfSSL_dtls_set_sctp()");
wolfSSL 11:cee25a834751 776
wolfSSL 11:cee25a834751 777 if (ssl == NULL)
wolfSSL 11:cee25a834751 778 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 779
wolfSSL 11:cee25a834751 780 ssl->options.dtlsSctp = 1;
wolfSSL 11:cee25a834751 781 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 782 }
wolfSSL 11:cee25a834751 783
wolfSSL 11:cee25a834751 784
wolfSSL 11:cee25a834751 785 int wolfSSL_CTX_dtls_set_mtu(WOLFSSL_CTX* ctx, word16 newMtu)
wolfSSL 11:cee25a834751 786 {
wolfSSL 11:cee25a834751 787 if (ctx == NULL || newMtu > MAX_RECORD_SIZE)
wolfSSL 11:cee25a834751 788 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 789
wolfSSL 11:cee25a834751 790 ctx->dtlsMtuSz = newMtu;
wolfSSL 11:cee25a834751 791 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 792 }
wolfSSL 11:cee25a834751 793
wolfSSL 11:cee25a834751 794
wolfSSL 11:cee25a834751 795 int wolfSSL_dtls_set_mtu(WOLFSSL* ssl, word16 newMtu)
wolfSSL 11:cee25a834751 796 {
wolfSSL 11:cee25a834751 797 if (ssl == NULL)
wolfSSL 11:cee25a834751 798 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 799
wolfSSL 11:cee25a834751 800 if (newMtu > MAX_RECORD_SIZE) {
wolfSSL 11:cee25a834751 801 ssl->error = BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 802 return SSL_FAILURE;
wolfSSL 11:cee25a834751 803 }
wolfSSL 11:cee25a834751 804
wolfSSL 11:cee25a834751 805 ssl->dtlsMtuSz = newMtu;
wolfSSL 11:cee25a834751 806 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 807 }
wolfSSL 11:cee25a834751 808
wolfSSL 11:cee25a834751 809
wolfSSL 11:cee25a834751 810 #endif /* WOLFSSL_DTLS && WOLFSSL_SCTP */
wolfSSL 11:cee25a834751 811
wolfSSL 11:cee25a834751 812 #endif /* WOLFSSL_LEANPSK */
wolfSSL 11:cee25a834751 813
wolfSSL 11:cee25a834751 814
wolfSSL 11:cee25a834751 815 /* return underlying connect or accept, SSL_SUCCESS on ok */
wolfSSL 11:cee25a834751 816 int wolfSSL_negotiate(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 817 {
wolfSSL 11:cee25a834751 818 int err = SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 819
wolfSSL 11:cee25a834751 820 WOLFSSL_ENTER("wolfSSL_negotiate");
wolfSSL 11:cee25a834751 821 #ifndef NO_WOLFSSL_SERVER
wolfSSL 11:cee25a834751 822 if (ssl->options.side == WOLFSSL_SERVER_END)
wolfSSL 11:cee25a834751 823 err = wolfSSL_accept(ssl);
wolfSSL 11:cee25a834751 824 #endif
wolfSSL 11:cee25a834751 825
wolfSSL 11:cee25a834751 826 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 11:cee25a834751 827 if (ssl->options.side == WOLFSSL_CLIENT_END)
wolfSSL 11:cee25a834751 828 err = wolfSSL_connect(ssl);
wolfSSL 11:cee25a834751 829 #endif
wolfSSL 11:cee25a834751 830
wolfSSL 11:cee25a834751 831 WOLFSSL_LEAVE("wolfSSL_negotiate", err);
wolfSSL 11:cee25a834751 832
wolfSSL 11:cee25a834751 833 return err;
wolfSSL 11:cee25a834751 834 }
wolfSSL 11:cee25a834751 835
wolfSSL 11:cee25a834751 836
wolfSSL 11:cee25a834751 837 WC_RNG* wolfSSL_GetRNG(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 838 {
wolfSSL 11:cee25a834751 839 if (ssl) {
wolfSSL 11:cee25a834751 840 return ssl->rng;
wolfSSL 11:cee25a834751 841 }
wolfSSL 11:cee25a834751 842
wolfSSL 11:cee25a834751 843 return NULL;
wolfSSL 11:cee25a834751 844 }
wolfSSL 11:cee25a834751 845
wolfSSL 11:cee25a834751 846
wolfSSL 11:cee25a834751 847 #ifndef WOLFSSL_LEANPSK
wolfSSL 11:cee25a834751 848 /* object size based on build */
wolfSSL 11:cee25a834751 849 int wolfSSL_GetObjectSize(void)
wolfSSL 11:cee25a834751 850 {
wolfSSL 11:cee25a834751 851 #ifdef SHOW_SIZES
wolfSSL 11:cee25a834751 852 printf("sizeof suites = %lu\n", sizeof(Suites));
wolfSSL 11:cee25a834751 853 printf("sizeof ciphers(2) = %lu\n", sizeof(Ciphers));
wolfSSL 11:cee25a834751 854 #ifndef NO_RC4
wolfSSL 11:cee25a834751 855 printf("\tsizeof arc4 = %lu\n", sizeof(Arc4));
wolfSSL 11:cee25a834751 856 #endif
wolfSSL 11:cee25a834751 857 printf("\tsizeof aes = %lu\n", sizeof(Aes));
wolfSSL 11:cee25a834751 858 #ifndef NO_DES3
wolfSSL 11:cee25a834751 859 printf("\tsizeof des3 = %lu\n", sizeof(Des3));
wolfSSL 11:cee25a834751 860 #endif
wolfSSL 11:cee25a834751 861 #ifndef NO_RABBIT
wolfSSL 11:cee25a834751 862 printf("\tsizeof rabbit = %lu\n", sizeof(Rabbit));
wolfSSL 11:cee25a834751 863 #endif
wolfSSL 11:cee25a834751 864 #ifdef HAVE_CHACHA
wolfSSL 11:cee25a834751 865 printf("\tsizeof chacha = %lu\n", sizeof(ChaCha));
wolfSSL 11:cee25a834751 866 #endif
wolfSSL 11:cee25a834751 867 printf("sizeof cipher specs = %lu\n", sizeof(CipherSpecs));
wolfSSL 11:cee25a834751 868 printf("sizeof keys = %lu\n", sizeof(Keys));
wolfSSL 11:cee25a834751 869 printf("sizeof Hashes(2) = %lu\n", sizeof(Hashes));
wolfSSL 11:cee25a834751 870 #ifndef NO_MD5
wolfSSL 11:cee25a834751 871 printf("\tsizeof MD5 = %lu\n", sizeof(Md5));
wolfSSL 11:cee25a834751 872 #endif
wolfSSL 11:cee25a834751 873 #ifndef NO_SHA
wolfSSL 11:cee25a834751 874 printf("\tsizeof SHA = %lu\n", sizeof(Sha));
wolfSSL 11:cee25a834751 875 #endif
wolfSSL 11:cee25a834751 876 #ifdef WOLFSSL_SHA224
wolfSSL 11:cee25a834751 877 printf(" sizeof SHA224 = %lu\n", sizeof(Sha224));
wolfSSL 11:cee25a834751 878 #endif
wolfSSL 11:cee25a834751 879 #ifndef NO_SHA256
wolfSSL 11:cee25a834751 880 printf("\tsizeof SHA256 = %lu\n", sizeof(Sha256));
wolfSSL 11:cee25a834751 881 #endif
wolfSSL 11:cee25a834751 882 #ifdef WOLFSSL_SHA384
wolfSSL 11:cee25a834751 883 printf("\tsizeof SHA384 = %lu\n", sizeof(Sha384));
wolfSSL 11:cee25a834751 884 #endif
wolfSSL 11:cee25a834751 885 #ifdef WOLFSSL_SHA384
wolfSSL 11:cee25a834751 886 printf("\tsizeof SHA512 = %lu\n", sizeof(Sha512));
wolfSSL 11:cee25a834751 887 #endif
wolfSSL 11:cee25a834751 888 printf("sizeof Buffers = %lu\n", sizeof(Buffers));
wolfSSL 11:cee25a834751 889 printf("sizeof Options = %lu\n", sizeof(Options));
wolfSSL 11:cee25a834751 890 printf("sizeof Arrays = %lu\n", sizeof(Arrays));
wolfSSL 11:cee25a834751 891 #ifndef NO_RSA
wolfSSL 11:cee25a834751 892 printf("sizeof RsaKey = %lu\n", sizeof(RsaKey));
wolfSSL 11:cee25a834751 893 #endif
wolfSSL 11:cee25a834751 894 #ifdef HAVE_ECC
wolfSSL 11:cee25a834751 895 printf("sizeof ecc_key = %lu\n", sizeof(ecc_key));
wolfSSL 11:cee25a834751 896 #endif
wolfSSL 11:cee25a834751 897 printf("sizeof WOLFSSL_CIPHER = %lu\n", sizeof(WOLFSSL_CIPHER));
wolfSSL 11:cee25a834751 898 printf("sizeof WOLFSSL_SESSION = %lu\n", sizeof(WOLFSSL_SESSION));
wolfSSL 11:cee25a834751 899 printf("sizeof WOLFSSL = %lu\n", sizeof(WOLFSSL));
wolfSSL 11:cee25a834751 900 printf("sizeof WOLFSSL_CTX = %lu\n", sizeof(WOLFSSL_CTX));
wolfSSL 11:cee25a834751 901 #endif
wolfSSL 11:cee25a834751 902
wolfSSL 11:cee25a834751 903 return sizeof(WOLFSSL);
wolfSSL 11:cee25a834751 904 }
wolfSSL 11:cee25a834751 905 #endif
wolfSSL 11:cee25a834751 906
wolfSSL 11:cee25a834751 907
wolfSSL 11:cee25a834751 908 #ifdef WOLFSSL_STATIC_MEMORY
wolfSSL 11:cee25a834751 909
wolfSSL 11:cee25a834751 910 int wolfSSL_CTX_load_static_memory(WOLFSSL_CTX** ctx, wolfSSL_method_func method,
wolfSSL 11:cee25a834751 911 unsigned char* buf, unsigned int sz,
wolfSSL 11:cee25a834751 912 int flag, int max)
wolfSSL 11:cee25a834751 913 {
wolfSSL 11:cee25a834751 914 WOLFSSL_HEAP* heap;
wolfSSL 11:cee25a834751 915 WOLFSSL_HEAP_HINT* hint;
wolfSSL 11:cee25a834751 916 word32 idx = 0;
wolfSSL 11:cee25a834751 917
wolfSSL 11:cee25a834751 918 if (ctx == NULL || buf == NULL) {
wolfSSL 11:cee25a834751 919 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 920 }
wolfSSL 11:cee25a834751 921
wolfSSL 11:cee25a834751 922 if (*ctx == NULL && method == NULL) {
wolfSSL 11:cee25a834751 923 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 924 }
wolfSSL 11:cee25a834751 925
wolfSSL 11:cee25a834751 926 if (*ctx == NULL || (*ctx)->heap == NULL) {
wolfSSL 11:cee25a834751 927 if (sizeof(WOLFSSL_HEAP) + sizeof(WOLFSSL_HEAP_HINT) > sz - idx) {
wolfSSL 11:cee25a834751 928 return BUFFER_E; /* not enough memory for structures */
wolfSSL 11:cee25a834751 929 }
wolfSSL 11:cee25a834751 930 heap = (WOLFSSL_HEAP*)buf;
wolfSSL 11:cee25a834751 931 idx += sizeof(WOLFSSL_HEAP);
wolfSSL 11:cee25a834751 932 if (wolfSSL_init_memory_heap(heap) != 0) {
wolfSSL 11:cee25a834751 933 return SSL_FAILURE;
wolfSSL 11:cee25a834751 934 }
wolfSSL 11:cee25a834751 935 hint = (WOLFSSL_HEAP_HINT*)(buf + idx);
wolfSSL 11:cee25a834751 936 idx += sizeof(WOLFSSL_HEAP_HINT);
wolfSSL 11:cee25a834751 937 XMEMSET(hint, 0, sizeof(WOLFSSL_HEAP_HINT));
wolfSSL 11:cee25a834751 938 hint->memory = heap;
wolfSSL 11:cee25a834751 939
wolfSSL 11:cee25a834751 940 if (*ctx && (*ctx)->heap == NULL) {
wolfSSL 11:cee25a834751 941 (*ctx)->heap = (void*)hint;
wolfSSL 11:cee25a834751 942 }
wolfSSL 11:cee25a834751 943 }
wolfSSL 11:cee25a834751 944 else {
wolfSSL 11:cee25a834751 945 #ifdef WOLFSSL_HEAP_TEST
wolfSSL 11:cee25a834751 946 /* do not load in memory if test has been set */
wolfSSL 11:cee25a834751 947 if ((*ctx)->heap == (void*)WOLFSSL_HEAP_TEST) {
wolfSSL 11:cee25a834751 948 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 949 }
wolfSSL 11:cee25a834751 950 #endif
wolfSSL 11:cee25a834751 951 hint = (WOLFSSL_HEAP_HINT*)((*ctx)->heap);
wolfSSL 11:cee25a834751 952 heap = hint->memory;
wolfSSL 11:cee25a834751 953 }
wolfSSL 11:cee25a834751 954
wolfSSL 11:cee25a834751 955 if (wolfSSL_load_static_memory(buf + idx, sz - idx, flag, heap) != 1) {
wolfSSL 11:cee25a834751 956 WOLFSSL_MSG("Error partitioning memory");
wolfSSL 11:cee25a834751 957 return SSL_FAILURE;
wolfSSL 11:cee25a834751 958 }
wolfSSL 11:cee25a834751 959
wolfSSL 11:cee25a834751 960 /* create ctx if needed */
wolfSSL 11:cee25a834751 961 if (*ctx == NULL) {
wolfSSL 11:cee25a834751 962 *ctx = wolfSSL_CTX_new_ex(method(hint), hint);
wolfSSL 11:cee25a834751 963 if (*ctx == NULL) {
wolfSSL 11:cee25a834751 964 WOLFSSL_MSG("Error creating ctx");
wolfSSL 11:cee25a834751 965 return SSL_FAILURE;
wolfSSL 11:cee25a834751 966 }
wolfSSL 11:cee25a834751 967 }
wolfSSL 11:cee25a834751 968
wolfSSL 11:cee25a834751 969 /* determine what max applies too */
wolfSSL 11:cee25a834751 970 if (flag & WOLFMEM_IO_POOL || flag & WOLFMEM_IO_POOL_FIXED) {
wolfSSL 11:cee25a834751 971 heap->maxIO = max;
wolfSSL 11:cee25a834751 972 }
wolfSSL 11:cee25a834751 973 else { /* general memory used in handshakes */
wolfSSL 11:cee25a834751 974 heap->maxHa = max;
wolfSSL 11:cee25a834751 975 }
wolfSSL 11:cee25a834751 976
wolfSSL 11:cee25a834751 977 heap->flag |= flag;
wolfSSL 11:cee25a834751 978
wolfSSL 11:cee25a834751 979 (void)max;
wolfSSL 11:cee25a834751 980 (void)method;
wolfSSL 11:cee25a834751 981
wolfSSL 11:cee25a834751 982 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 983 }
wolfSSL 11:cee25a834751 984
wolfSSL 11:cee25a834751 985
wolfSSL 11:cee25a834751 986 int wolfSSL_is_static_memory(WOLFSSL* ssl, WOLFSSL_MEM_CONN_STATS* mem_stats)
wolfSSL 11:cee25a834751 987 {
wolfSSL 11:cee25a834751 988 if (ssl == NULL) {
wolfSSL 11:cee25a834751 989 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 990 }
wolfSSL 11:cee25a834751 991 WOLFSSL_ENTER("wolfSSL_is_static_memory");
wolfSSL 11:cee25a834751 992
wolfSSL 11:cee25a834751 993 /* fill out statistics if wanted and WOLFMEM_TRACK_STATS flag */
wolfSSL 11:cee25a834751 994 if (mem_stats != NULL && ssl->heap != NULL) {
wolfSSL 11:cee25a834751 995 WOLFSSL_HEAP_HINT* hint = ((WOLFSSL_HEAP_HINT*)(ssl->heap));
wolfSSL 11:cee25a834751 996 WOLFSSL_HEAP* heap = hint->memory;
wolfSSL 11:cee25a834751 997 if (heap->flag & WOLFMEM_TRACK_STATS && hint->stats != NULL) {
wolfSSL 11:cee25a834751 998 XMEMCPY(mem_stats, hint->stats, sizeof(WOLFSSL_MEM_CONN_STATS));
wolfSSL 11:cee25a834751 999 }
wolfSSL 11:cee25a834751 1000 }
wolfSSL 11:cee25a834751 1001
wolfSSL 11:cee25a834751 1002 return (ssl->heap) ? 1 : 0;
wolfSSL 11:cee25a834751 1003 }
wolfSSL 11:cee25a834751 1004
wolfSSL 11:cee25a834751 1005
wolfSSL 11:cee25a834751 1006 int wolfSSL_CTX_is_static_memory(WOLFSSL_CTX* ctx, WOLFSSL_MEM_STATS* mem_stats)
wolfSSL 11:cee25a834751 1007 {
wolfSSL 11:cee25a834751 1008 if (ctx == NULL) {
wolfSSL 11:cee25a834751 1009 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 1010 }
wolfSSL 11:cee25a834751 1011 WOLFSSL_ENTER("wolfSSL_CTX_is_static_memory");
wolfSSL 11:cee25a834751 1012
wolfSSL 11:cee25a834751 1013 /* fill out statistics if wanted */
wolfSSL 11:cee25a834751 1014 if (mem_stats != NULL && ctx->heap != NULL) {
wolfSSL 11:cee25a834751 1015 WOLFSSL_HEAP* heap = ((WOLFSSL_HEAP_HINT*)(ctx->heap))->memory;
wolfSSL 11:cee25a834751 1016 if (wolfSSL_GetMemStats(heap, mem_stats) != 1) {
wolfSSL 11:cee25a834751 1017 return MEMORY_E;
wolfSSL 11:cee25a834751 1018 }
wolfSSL 11:cee25a834751 1019 }
wolfSSL 11:cee25a834751 1020
wolfSSL 11:cee25a834751 1021 return (ctx->heap) ? 1 : 0;
wolfSSL 11:cee25a834751 1022 }
wolfSSL 11:cee25a834751 1023
wolfSSL 11:cee25a834751 1024 #endif /* WOLFSSL_STATIC_MEMORY */
wolfSSL 11:cee25a834751 1025
wolfSSL 11:cee25a834751 1026
wolfSSL 11:cee25a834751 1027 /* return max record layer size plaintext input size */
wolfSSL 11:cee25a834751 1028 int wolfSSL_GetMaxOutputSize(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 1029 {
wolfSSL 11:cee25a834751 1030 int maxSize = OUTPUT_RECORD_SIZE;
wolfSSL 11:cee25a834751 1031
wolfSSL 11:cee25a834751 1032 WOLFSSL_ENTER("wolfSSL_GetMaxOutputSize");
wolfSSL 11:cee25a834751 1033
wolfSSL 11:cee25a834751 1034 if (ssl == NULL)
wolfSSL 11:cee25a834751 1035 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 1036
wolfSSL 11:cee25a834751 1037 if (ssl->options.handShakeState != HANDSHAKE_DONE) {
wolfSSL 11:cee25a834751 1038 WOLFSSL_MSG("Handshake not complete yet");
wolfSSL 11:cee25a834751 1039 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 1040 }
wolfSSL 11:cee25a834751 1041
wolfSSL 11:cee25a834751 1042 #ifdef HAVE_MAX_FRAGMENT
wolfSSL 11:cee25a834751 1043 maxSize = min(maxSize, ssl->max_fragment);
wolfSSL 11:cee25a834751 1044 #endif
wolfSSL 11:cee25a834751 1045
wolfSSL 11:cee25a834751 1046 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 1047 if (ssl->options.dtls) {
wolfSSL 11:cee25a834751 1048 maxSize = min(maxSize, MAX_UDP_SIZE);
wolfSSL 11:cee25a834751 1049 }
wolfSSL 11:cee25a834751 1050 #endif
wolfSSL 11:cee25a834751 1051
wolfSSL 11:cee25a834751 1052 return maxSize;
wolfSSL 11:cee25a834751 1053 }
wolfSSL 11:cee25a834751 1054
wolfSSL 11:cee25a834751 1055
wolfSSL 11:cee25a834751 1056 /* return record layer size of plaintext input size */
wolfSSL 11:cee25a834751 1057 int wolfSSL_GetOutputSize(WOLFSSL* ssl, int inSz)
wolfSSL 11:cee25a834751 1058 {
wolfSSL 11:cee25a834751 1059 int maxSize;
wolfSSL 11:cee25a834751 1060
wolfSSL 11:cee25a834751 1061 WOLFSSL_ENTER("wolfSSL_GetOutputSize");
wolfSSL 11:cee25a834751 1062
wolfSSL 11:cee25a834751 1063 if (inSz < 0)
wolfSSL 11:cee25a834751 1064 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 1065
wolfSSL 11:cee25a834751 1066 maxSize = wolfSSL_GetMaxOutputSize(ssl);
wolfSSL 11:cee25a834751 1067 if (maxSize < 0)
wolfSSL 11:cee25a834751 1068 return maxSize; /* error */
wolfSSL 11:cee25a834751 1069 if (inSz > maxSize)
wolfSSL 11:cee25a834751 1070 return INPUT_SIZE_E;
wolfSSL 11:cee25a834751 1071
wolfSSL 11:cee25a834751 1072 return BuildMessage(ssl, NULL, 0, NULL, inSz, application_data, 0, 1, 0);
wolfSSL 11:cee25a834751 1073 }
wolfSSL 11:cee25a834751 1074
wolfSSL 11:cee25a834751 1075
wolfSSL 11:cee25a834751 1076 #ifdef HAVE_ECC
wolfSSL 11:cee25a834751 1077 int wolfSSL_CTX_SetMinEccKey_Sz(WOLFSSL_CTX* ctx, short keySz)
wolfSSL 11:cee25a834751 1078 {
wolfSSL 11:cee25a834751 1079 if (ctx == NULL || keySz < 0 || keySz % 8 != 0) {
wolfSSL 11:cee25a834751 1080 WOLFSSL_MSG("Key size must be divisable by 8 or ctx was null");
wolfSSL 11:cee25a834751 1081 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 1082 }
wolfSSL 11:cee25a834751 1083
wolfSSL 11:cee25a834751 1084 ctx->minEccKeySz = keySz / 8;
wolfSSL 11:cee25a834751 1085 ctx->cm->minEccKeySz = keySz / 8;
wolfSSL 11:cee25a834751 1086 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 1087 }
wolfSSL 11:cee25a834751 1088
wolfSSL 11:cee25a834751 1089
wolfSSL 11:cee25a834751 1090 int wolfSSL_SetMinEccKey_Sz(WOLFSSL* ssl, short keySz)
wolfSSL 11:cee25a834751 1091 {
wolfSSL 11:cee25a834751 1092 if (ssl == NULL || keySz < 0 || keySz % 8 != 0) {
wolfSSL 11:cee25a834751 1093 WOLFSSL_MSG("Key size must be divisable by 8 or ssl was null");
wolfSSL 11:cee25a834751 1094 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 1095 }
wolfSSL 11:cee25a834751 1096
wolfSSL 11:cee25a834751 1097 ssl->options.minEccKeySz = keySz / 8;
wolfSSL 11:cee25a834751 1098 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 1099 }
wolfSSL 11:cee25a834751 1100
wolfSSL 11:cee25a834751 1101 #endif /* !NO_RSA */
wolfSSL 11:cee25a834751 1102
wolfSSL 11:cee25a834751 1103 #ifndef NO_RSA
wolfSSL 11:cee25a834751 1104 int wolfSSL_CTX_SetMinRsaKey_Sz(WOLFSSL_CTX* ctx, short keySz)
wolfSSL 11:cee25a834751 1105 {
wolfSSL 11:cee25a834751 1106 if (ctx == NULL || keySz < 0 || keySz % 8 != 0) {
wolfSSL 11:cee25a834751 1107 WOLFSSL_MSG("Key size must be divisable by 8 or ctx was null");
wolfSSL 11:cee25a834751 1108 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 1109 }
wolfSSL 11:cee25a834751 1110
wolfSSL 11:cee25a834751 1111 ctx->minRsaKeySz = keySz / 8;
wolfSSL 11:cee25a834751 1112 ctx->cm->minRsaKeySz = keySz / 8;
wolfSSL 11:cee25a834751 1113 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 1114 }
wolfSSL 11:cee25a834751 1115
wolfSSL 11:cee25a834751 1116
wolfSSL 11:cee25a834751 1117 int wolfSSL_SetMinRsaKey_Sz(WOLFSSL* ssl, short keySz)
wolfSSL 11:cee25a834751 1118 {
wolfSSL 11:cee25a834751 1119 if (ssl == NULL || keySz < 0 || keySz % 8 != 0) {
wolfSSL 11:cee25a834751 1120 WOLFSSL_MSG("Key size must be divisable by 8 or ssl was null");
wolfSSL 11:cee25a834751 1121 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 1122 }
wolfSSL 11:cee25a834751 1123
wolfSSL 11:cee25a834751 1124 ssl->options.minRsaKeySz = keySz / 8;
wolfSSL 11:cee25a834751 1125 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 1126 }
wolfSSL 11:cee25a834751 1127 #endif /* !NO_RSA */
wolfSSL 11:cee25a834751 1128
wolfSSL 11:cee25a834751 1129 #ifndef NO_DH
wolfSSL 11:cee25a834751 1130 /* server Diffie-Hellman parameters, SSL_SUCCESS on ok */
wolfSSL 11:cee25a834751 1131 int wolfSSL_SetTmpDH(WOLFSSL* ssl, const unsigned char* p, int pSz,
wolfSSL 11:cee25a834751 1132 const unsigned char* g, int gSz)
wolfSSL 11:cee25a834751 1133 {
wolfSSL 11:cee25a834751 1134 word16 havePSK = 0;
wolfSSL 11:cee25a834751 1135 word16 haveRSA = 1;
wolfSSL 11:cee25a834751 1136
wolfSSL 11:cee25a834751 1137 WOLFSSL_ENTER("wolfSSL_SetTmpDH");
wolfSSL 11:cee25a834751 1138 if (ssl == NULL || p == NULL || g == NULL) return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 1139
wolfSSL 11:cee25a834751 1140 if (pSz < ssl->options.minDhKeySz)
wolfSSL 11:cee25a834751 1141 return DH_KEY_SIZE_E;
wolfSSL 11:cee25a834751 1142
wolfSSL 11:cee25a834751 1143 if (ssl->options.side != WOLFSSL_SERVER_END)
wolfSSL 11:cee25a834751 1144 return SIDE_ERROR;
wolfSSL 11:cee25a834751 1145
wolfSSL 11:cee25a834751 1146 if (ssl->buffers.serverDH_P.buffer && ssl->buffers.weOwnDH) {
wolfSSL 11:cee25a834751 1147 XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap, DYNAMIC_TYPE_DH_BUFFER);
wolfSSL 11:cee25a834751 1148 ssl->buffers.serverDH_P.buffer = NULL;
wolfSSL 11:cee25a834751 1149 }
wolfSSL 11:cee25a834751 1150 if (ssl->buffers.serverDH_G.buffer && ssl->buffers.weOwnDH) {
wolfSSL 11:cee25a834751 1151 XFREE(ssl->buffers.serverDH_G.buffer, ssl->heap, DYNAMIC_TYPE_DH_BUFFER);
wolfSSL 11:cee25a834751 1152 ssl->buffers.serverDH_G.buffer = NULL;
wolfSSL 11:cee25a834751 1153 }
wolfSSL 11:cee25a834751 1154
wolfSSL 11:cee25a834751 1155 ssl->buffers.weOwnDH = 1; /* SSL owns now */
wolfSSL 11:cee25a834751 1156 ssl->buffers.serverDH_P.buffer = (byte*)XMALLOC(pSz, ssl->heap,
wolfSSL 11:cee25a834751 1157 DYNAMIC_TYPE_DH_BUFFER);
wolfSSL 11:cee25a834751 1158 if (ssl->buffers.serverDH_P.buffer == NULL)
wolfSSL 11:cee25a834751 1159 return MEMORY_E;
wolfSSL 11:cee25a834751 1160
wolfSSL 11:cee25a834751 1161 ssl->buffers.serverDH_G.buffer = (byte*)XMALLOC(gSz, ssl->heap,
wolfSSL 11:cee25a834751 1162 DYNAMIC_TYPE_DH_BUFFER);
wolfSSL 11:cee25a834751 1163 if (ssl->buffers.serverDH_G.buffer == NULL) {
wolfSSL 11:cee25a834751 1164 XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap, DYNAMIC_TYPE_DH_BUFFER);
wolfSSL 11:cee25a834751 1165 ssl->buffers.serverDH_P.buffer = NULL;
wolfSSL 11:cee25a834751 1166 return MEMORY_E;
wolfSSL 11:cee25a834751 1167 }
wolfSSL 11:cee25a834751 1168
wolfSSL 11:cee25a834751 1169 ssl->buffers.serverDH_P.length = pSz;
wolfSSL 11:cee25a834751 1170 ssl->buffers.serverDH_G.length = gSz;
wolfSSL 11:cee25a834751 1171
wolfSSL 11:cee25a834751 1172 XMEMCPY(ssl->buffers.serverDH_P.buffer, p, pSz);
wolfSSL 11:cee25a834751 1173 XMEMCPY(ssl->buffers.serverDH_G.buffer, g, gSz);
wolfSSL 11:cee25a834751 1174
wolfSSL 11:cee25a834751 1175 ssl->options.haveDH = 1;
wolfSSL 11:cee25a834751 1176 #ifndef NO_PSK
wolfSSL 11:cee25a834751 1177 havePSK = ssl->options.havePSK;
wolfSSL 11:cee25a834751 1178 #endif
wolfSSL 11:cee25a834751 1179 #ifdef NO_RSA
wolfSSL 11:cee25a834751 1180 haveRSA = 0;
wolfSSL 11:cee25a834751 1181 #endif
wolfSSL 11:cee25a834751 1182 InitSuites(ssl->suites, ssl->version, haveRSA, havePSK, ssl->options.haveDH,
wolfSSL 11:cee25a834751 1183 ssl->options.haveNTRU, ssl->options.haveECDSAsig,
wolfSSL 11:cee25a834751 1184 ssl->options.haveECC, ssl->options.haveStaticECC,
wolfSSL 11:cee25a834751 1185 ssl->options.side);
wolfSSL 11:cee25a834751 1186
wolfSSL 11:cee25a834751 1187 WOLFSSL_LEAVE("wolfSSL_SetTmpDH", 0);
wolfSSL 11:cee25a834751 1188 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 1189 }
wolfSSL 11:cee25a834751 1190
wolfSSL 11:cee25a834751 1191 /* server ctx Diffie-Hellman parameters, SSL_SUCCESS on ok */
wolfSSL 11:cee25a834751 1192 int wolfSSL_CTX_SetTmpDH(WOLFSSL_CTX* ctx, const unsigned char* p, int pSz,
wolfSSL 11:cee25a834751 1193 const unsigned char* g, int gSz)
wolfSSL 11:cee25a834751 1194 {
wolfSSL 11:cee25a834751 1195 WOLFSSL_ENTER("wolfSSL_CTX_SetTmpDH");
wolfSSL 11:cee25a834751 1196 if (ctx == NULL || p == NULL || g == NULL) return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 1197
wolfSSL 11:cee25a834751 1198 if (pSz < ctx->minDhKeySz)
wolfSSL 11:cee25a834751 1199 return DH_KEY_SIZE_E;
wolfSSL 11:cee25a834751 1200
wolfSSL 11:cee25a834751 1201 XFREE(ctx->serverDH_P.buffer, ctx->heap, DYNAMIC_TYPE_DH_BUFFER);
wolfSSL 11:cee25a834751 1202 XFREE(ctx->serverDH_G.buffer, ctx->heap, DYNAMIC_TYPE_DH_BUFFER);
wolfSSL 11:cee25a834751 1203
wolfSSL 11:cee25a834751 1204 ctx->serverDH_P.buffer = (byte*)XMALLOC(pSz, ctx->heap, DYNAMIC_TYPE_DH_BUFFER);
wolfSSL 11:cee25a834751 1205 if (ctx->serverDH_P.buffer == NULL)
wolfSSL 11:cee25a834751 1206 return MEMORY_E;
wolfSSL 11:cee25a834751 1207
wolfSSL 11:cee25a834751 1208 ctx->serverDH_G.buffer = (byte*)XMALLOC(gSz, ctx->heap, DYNAMIC_TYPE_DH_BUFFER);
wolfSSL 11:cee25a834751 1209 if (ctx->serverDH_G.buffer == NULL) {
wolfSSL 11:cee25a834751 1210 XFREE(ctx->serverDH_P.buffer, ctx->heap, DYNAMIC_TYPE_DH_BUFFER);
wolfSSL 11:cee25a834751 1211 return MEMORY_E;
wolfSSL 11:cee25a834751 1212 }
wolfSSL 11:cee25a834751 1213
wolfSSL 11:cee25a834751 1214 ctx->serverDH_P.length = pSz;
wolfSSL 11:cee25a834751 1215 ctx->serverDH_G.length = gSz;
wolfSSL 11:cee25a834751 1216
wolfSSL 11:cee25a834751 1217 XMEMCPY(ctx->serverDH_P.buffer, p, pSz);
wolfSSL 11:cee25a834751 1218 XMEMCPY(ctx->serverDH_G.buffer, g, gSz);
wolfSSL 11:cee25a834751 1219
wolfSSL 11:cee25a834751 1220 ctx->haveDH = 1;
wolfSSL 11:cee25a834751 1221
wolfSSL 11:cee25a834751 1222 WOLFSSL_LEAVE("wolfSSL_CTX_SetTmpDH", 0);
wolfSSL 11:cee25a834751 1223 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 1224 }
wolfSSL 11:cee25a834751 1225
wolfSSL 11:cee25a834751 1226
wolfSSL 11:cee25a834751 1227 int wolfSSL_CTX_SetMinDhKey_Sz(WOLFSSL_CTX* ctx, word16 keySz)
wolfSSL 11:cee25a834751 1228 {
wolfSSL 11:cee25a834751 1229 if (ctx == NULL || keySz > 16000 || keySz % 8 != 0)
wolfSSL 11:cee25a834751 1230 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 1231
wolfSSL 11:cee25a834751 1232 ctx->minDhKeySz = keySz / 8;
wolfSSL 11:cee25a834751 1233 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 1234 }
wolfSSL 11:cee25a834751 1235
wolfSSL 11:cee25a834751 1236
wolfSSL 11:cee25a834751 1237 int wolfSSL_SetMinDhKey_Sz(WOLFSSL* ssl, word16 keySz)
wolfSSL 11:cee25a834751 1238 {
wolfSSL 11:cee25a834751 1239 if (ssl == NULL || keySz > 16000 || keySz % 8 != 0)
wolfSSL 11:cee25a834751 1240 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 1241
wolfSSL 11:cee25a834751 1242 ssl->options.minDhKeySz = keySz / 8;
wolfSSL 11:cee25a834751 1243 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 1244 }
wolfSSL 11:cee25a834751 1245
wolfSSL 11:cee25a834751 1246
wolfSSL 11:cee25a834751 1247 int wolfSSL_GetDhKey_Sz(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 1248 {
wolfSSL 11:cee25a834751 1249 if (ssl == NULL)
wolfSSL 11:cee25a834751 1250 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 1251
wolfSSL 11:cee25a834751 1252 return (ssl->options.dhKeySz * 8);
wolfSSL 11:cee25a834751 1253 }
wolfSSL 11:cee25a834751 1254
wolfSSL 11:cee25a834751 1255 #endif /* !NO_DH */
wolfSSL 11:cee25a834751 1256
wolfSSL 11:cee25a834751 1257
wolfSSL 11:cee25a834751 1258 int wolfSSL_write(WOLFSSL* ssl, const void* data, int sz)
wolfSSL 11:cee25a834751 1259 {
wolfSSL 11:cee25a834751 1260 int ret;
wolfSSL 11:cee25a834751 1261
wolfSSL 11:cee25a834751 1262 WOLFSSL_ENTER("SSL_write()");
wolfSSL 11:cee25a834751 1263
wolfSSL 11:cee25a834751 1264 if (ssl == NULL || data == NULL || sz < 0)
wolfSSL 11:cee25a834751 1265 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 1266
wolfSSL 11:cee25a834751 1267 #ifdef HAVE_WRITE_DUP
wolfSSL 11:cee25a834751 1268 { /* local variable scope */
wolfSSL 11:cee25a834751 1269 int dupErr = 0; /* local copy */
wolfSSL 11:cee25a834751 1270
wolfSSL 11:cee25a834751 1271 ret = 0;
wolfSSL 11:cee25a834751 1272
wolfSSL 11:cee25a834751 1273 if (ssl->dupWrite && ssl->dupSide == READ_DUP_SIDE) {
wolfSSL 11:cee25a834751 1274 WOLFSSL_MSG("Read dup side cannot write");
wolfSSL 11:cee25a834751 1275 return WRITE_DUP_WRITE_E;
wolfSSL 11:cee25a834751 1276 }
wolfSSL 11:cee25a834751 1277 if (ssl->dupWrite) {
wolfSSL 11:cee25a834751 1278 if (wc_LockMutex(&ssl->dupWrite->dupMutex) != 0) {
wolfSSL 11:cee25a834751 1279 return BAD_MUTEX_E;
wolfSSL 11:cee25a834751 1280 }
wolfSSL 11:cee25a834751 1281 dupErr = ssl->dupWrite->dupErr;
wolfSSL 11:cee25a834751 1282 ret = wc_UnLockMutex(&ssl->dupWrite->dupMutex);
wolfSSL 11:cee25a834751 1283 }
wolfSSL 11:cee25a834751 1284
wolfSSL 11:cee25a834751 1285 if (ret != 0) {
wolfSSL 11:cee25a834751 1286 ssl->error = ret; /* high priority fatal error */
wolfSSL 11:cee25a834751 1287 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 1288 }
wolfSSL 11:cee25a834751 1289 if (dupErr != 0) {
wolfSSL 11:cee25a834751 1290 WOLFSSL_MSG("Write dup error from other side");
wolfSSL 11:cee25a834751 1291 ssl->error = dupErr;
wolfSSL 11:cee25a834751 1292 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 1293 }
wolfSSL 11:cee25a834751 1294 }
wolfSSL 11:cee25a834751 1295 #endif
wolfSSL 11:cee25a834751 1296
wolfSSL 11:cee25a834751 1297 #ifdef HAVE_ERRNO_H
wolfSSL 11:cee25a834751 1298 errno = 0;
wolfSSL 11:cee25a834751 1299 #endif
wolfSSL 11:cee25a834751 1300
wolfSSL 11:cee25a834751 1301 ret = SendData(ssl, data, sz);
wolfSSL 11:cee25a834751 1302
wolfSSL 11:cee25a834751 1303 WOLFSSL_LEAVE("SSL_write()", ret);
wolfSSL 11:cee25a834751 1304
wolfSSL 11:cee25a834751 1305 if (ret < 0)
wolfSSL 11:cee25a834751 1306 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 1307 else
wolfSSL 11:cee25a834751 1308 return ret;
wolfSSL 11:cee25a834751 1309 }
wolfSSL 11:cee25a834751 1310
wolfSSL 11:cee25a834751 1311
wolfSSL 11:cee25a834751 1312 static int wolfSSL_read_internal(WOLFSSL* ssl, void* data, int sz, int peek)
wolfSSL 11:cee25a834751 1313 {
wolfSSL 11:cee25a834751 1314 int ret;
wolfSSL 11:cee25a834751 1315
wolfSSL 11:cee25a834751 1316 WOLFSSL_ENTER("wolfSSL_read_internal()");
wolfSSL 11:cee25a834751 1317
wolfSSL 11:cee25a834751 1318 if (ssl == NULL || data == NULL || sz < 0)
wolfSSL 11:cee25a834751 1319 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 1320
wolfSSL 11:cee25a834751 1321 #ifdef HAVE_WRITE_DUP
wolfSSL 11:cee25a834751 1322 if (ssl->dupWrite && ssl->dupSide == WRITE_DUP_SIDE) {
wolfSSL 11:cee25a834751 1323 WOLFSSL_MSG("Write dup side cannot read");
wolfSSL 11:cee25a834751 1324 return WRITE_DUP_READ_E;
wolfSSL 11:cee25a834751 1325 }
wolfSSL 11:cee25a834751 1326 #endif
wolfSSL 11:cee25a834751 1327
wolfSSL 11:cee25a834751 1328 #ifdef HAVE_ERRNO_H
wolfSSL 11:cee25a834751 1329 errno = 0;
wolfSSL 11:cee25a834751 1330 #endif
wolfSSL 11:cee25a834751 1331
wolfSSL 11:cee25a834751 1332 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 1333 if (ssl->options.dtls) {
wolfSSL 11:cee25a834751 1334 ssl->dtls_expected_rx = max(sz + 100, MAX_MTU);
wolfSSL 11:cee25a834751 1335 #ifdef WOLFSSL_SCTP
wolfSSL 11:cee25a834751 1336 if (ssl->options.dtlsSctp)
wolfSSL 11:cee25a834751 1337 ssl->dtls_expected_rx = max(ssl->dtls_expected_rx, ssl->dtlsMtuSz);
wolfSSL 11:cee25a834751 1338 #endif
wolfSSL 11:cee25a834751 1339 }
wolfSSL 11:cee25a834751 1340 #endif
wolfSSL 11:cee25a834751 1341
wolfSSL 11:cee25a834751 1342 sz = min(sz, OUTPUT_RECORD_SIZE);
wolfSSL 11:cee25a834751 1343 #ifdef HAVE_MAX_FRAGMENT
wolfSSL 11:cee25a834751 1344 sz = min(sz, ssl->max_fragment);
wolfSSL 11:cee25a834751 1345 #endif
wolfSSL 11:cee25a834751 1346 ret = ReceiveData(ssl, (byte*)data, sz, peek);
wolfSSL 11:cee25a834751 1347
wolfSSL 11:cee25a834751 1348 #ifdef HAVE_WRITE_DUP
wolfSSL 11:cee25a834751 1349 if (ssl->dupWrite) {
wolfSSL 11:cee25a834751 1350 if (ssl->error != 0 && ssl->error != WANT_READ &&
wolfSSL 11:cee25a834751 1351 ssl->error != WC_PENDING_E) {
wolfSSL 11:cee25a834751 1352 int notifyErr;
wolfSSL 11:cee25a834751 1353
wolfSSL 11:cee25a834751 1354 WOLFSSL_MSG("Notifying write side of fatal read error");
wolfSSL 11:cee25a834751 1355 notifyErr = NotifyWriteSide(ssl, ssl->error);
wolfSSL 11:cee25a834751 1356 if (notifyErr < 0) {
wolfSSL 11:cee25a834751 1357 ret = ssl->error = notifyErr;
wolfSSL 11:cee25a834751 1358 }
wolfSSL 11:cee25a834751 1359 }
wolfSSL 11:cee25a834751 1360 }
wolfSSL 11:cee25a834751 1361 #endif
wolfSSL 11:cee25a834751 1362
wolfSSL 11:cee25a834751 1363 WOLFSSL_LEAVE("wolfSSL_read_internal()", ret);
wolfSSL 11:cee25a834751 1364
wolfSSL 11:cee25a834751 1365 if (ret < 0)
wolfSSL 11:cee25a834751 1366 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 1367 else
wolfSSL 11:cee25a834751 1368 return ret;
wolfSSL 11:cee25a834751 1369 }
wolfSSL 11:cee25a834751 1370
wolfSSL 11:cee25a834751 1371
wolfSSL 11:cee25a834751 1372 int wolfSSL_peek(WOLFSSL* ssl, void* data, int sz)
wolfSSL 11:cee25a834751 1373 {
wolfSSL 11:cee25a834751 1374 WOLFSSL_ENTER("wolfSSL_peek()");
wolfSSL 11:cee25a834751 1375
wolfSSL 11:cee25a834751 1376 return wolfSSL_read_internal(ssl, data, sz, TRUE);
wolfSSL 11:cee25a834751 1377 }
wolfSSL 11:cee25a834751 1378
wolfSSL 11:cee25a834751 1379
wolfSSL 11:cee25a834751 1380 int wolfSSL_read(WOLFSSL* ssl, void* data, int sz)
wolfSSL 11:cee25a834751 1381 {
wolfSSL 11:cee25a834751 1382 WOLFSSL_ENTER("wolfSSL_read()");
wolfSSL 11:cee25a834751 1383
wolfSSL 11:cee25a834751 1384 return wolfSSL_read_internal(ssl, data, sz, FALSE);
wolfSSL 11:cee25a834751 1385 }
wolfSSL 11:cee25a834751 1386
wolfSSL 11:cee25a834751 1387
wolfSSL 11:cee25a834751 1388 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 11:cee25a834751 1389
wolfSSL 11:cee25a834751 1390 /* let's use async hardware, SSL_SUCCESS on ok */
wolfSSL 11:cee25a834751 1391 int wolfSSL_UseAsync(WOLFSSL* ssl, int devId)
wolfSSL 11:cee25a834751 1392 {
wolfSSL 11:cee25a834751 1393 if (ssl == NULL)
wolfSSL 11:cee25a834751 1394 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 1395
wolfSSL 11:cee25a834751 1396 ssl->devId = devId;
wolfSSL 11:cee25a834751 1397
wolfSSL 11:cee25a834751 1398 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 1399 }
wolfSSL 11:cee25a834751 1400
wolfSSL 11:cee25a834751 1401
wolfSSL 11:cee25a834751 1402 /* let's use async hardware, SSL_SUCCESS on ok */
wolfSSL 11:cee25a834751 1403 int wolfSSL_CTX_UseAsync(WOLFSSL_CTX* ctx, int devId)
wolfSSL 11:cee25a834751 1404 {
wolfSSL 11:cee25a834751 1405 if (ctx == NULL)
wolfSSL 11:cee25a834751 1406 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 1407
wolfSSL 11:cee25a834751 1408 ctx->devId = devId;
wolfSSL 11:cee25a834751 1409
wolfSSL 11:cee25a834751 1410 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 1411 }
wolfSSL 11:cee25a834751 1412
wolfSSL 11:cee25a834751 1413 #endif /* WOLFSSL_ASYNC_CRYPT */
wolfSSL 11:cee25a834751 1414
wolfSSL 11:cee25a834751 1415 #ifdef HAVE_SNI
wolfSSL 11:cee25a834751 1416
wolfSSL 11:cee25a834751 1417 int wolfSSL_UseSNI(WOLFSSL* ssl, byte type, const void* data, word16 size)
wolfSSL 11:cee25a834751 1418 {
wolfSSL 11:cee25a834751 1419 if (ssl == NULL)
wolfSSL 11:cee25a834751 1420 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 1421
wolfSSL 11:cee25a834751 1422 return TLSX_UseSNI(&ssl->extensions, type, data, size, ssl->heap);
wolfSSL 11:cee25a834751 1423 }
wolfSSL 11:cee25a834751 1424
wolfSSL 11:cee25a834751 1425
wolfSSL 11:cee25a834751 1426 int wolfSSL_CTX_UseSNI(WOLFSSL_CTX* ctx, byte type, const void* data,
wolfSSL 11:cee25a834751 1427 word16 size)
wolfSSL 11:cee25a834751 1428 {
wolfSSL 11:cee25a834751 1429 if (ctx == NULL)
wolfSSL 11:cee25a834751 1430 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 1431
wolfSSL 11:cee25a834751 1432 return TLSX_UseSNI(&ctx->extensions, type, data, size, ctx->heap);
wolfSSL 11:cee25a834751 1433 }
wolfSSL 11:cee25a834751 1434
wolfSSL 11:cee25a834751 1435 #ifndef NO_WOLFSSL_SERVER
wolfSSL 11:cee25a834751 1436
wolfSSL 11:cee25a834751 1437 void wolfSSL_SNI_SetOptions(WOLFSSL* ssl, byte type, byte options)
wolfSSL 11:cee25a834751 1438 {
wolfSSL 11:cee25a834751 1439 if (ssl && ssl->extensions)
wolfSSL 11:cee25a834751 1440 TLSX_SNI_SetOptions(ssl->extensions, type, options);
wolfSSL 11:cee25a834751 1441 }
wolfSSL 11:cee25a834751 1442
wolfSSL 11:cee25a834751 1443
wolfSSL 11:cee25a834751 1444 void wolfSSL_CTX_SNI_SetOptions(WOLFSSL_CTX* ctx, byte type, byte options)
wolfSSL 11:cee25a834751 1445 {
wolfSSL 11:cee25a834751 1446 if (ctx && ctx->extensions)
wolfSSL 11:cee25a834751 1447 TLSX_SNI_SetOptions(ctx->extensions, type, options);
wolfSSL 11:cee25a834751 1448 }
wolfSSL 11:cee25a834751 1449
wolfSSL 11:cee25a834751 1450
wolfSSL 11:cee25a834751 1451 byte wolfSSL_SNI_Status(WOLFSSL* ssl, byte type)
wolfSSL 11:cee25a834751 1452 {
wolfSSL 11:cee25a834751 1453 return TLSX_SNI_Status(ssl ? ssl->extensions : NULL, type);
wolfSSL 11:cee25a834751 1454 }
wolfSSL 11:cee25a834751 1455
wolfSSL 11:cee25a834751 1456
wolfSSL 11:cee25a834751 1457 word16 wolfSSL_SNI_GetRequest(WOLFSSL* ssl, byte type, void** data)
wolfSSL 11:cee25a834751 1458 {
wolfSSL 11:cee25a834751 1459 if (data)
wolfSSL 11:cee25a834751 1460 *data = NULL;
wolfSSL 11:cee25a834751 1461
wolfSSL 11:cee25a834751 1462 if (ssl && ssl->extensions)
wolfSSL 11:cee25a834751 1463 return TLSX_SNI_GetRequest(ssl->extensions, type, data);
wolfSSL 11:cee25a834751 1464
wolfSSL 11:cee25a834751 1465 return 0;
wolfSSL 11:cee25a834751 1466 }
wolfSSL 11:cee25a834751 1467
wolfSSL 11:cee25a834751 1468
wolfSSL 11:cee25a834751 1469 int wolfSSL_SNI_GetFromBuffer(const byte* clientHello, word32 helloSz,
wolfSSL 11:cee25a834751 1470 byte type, byte* sni, word32* inOutSz)
wolfSSL 11:cee25a834751 1471 {
wolfSSL 11:cee25a834751 1472 if (clientHello && helloSz > 0 && sni && inOutSz && *inOutSz > 0)
wolfSSL 11:cee25a834751 1473 return TLSX_SNI_GetFromBuffer(clientHello, helloSz, type, sni, inOutSz);
wolfSSL 11:cee25a834751 1474
wolfSSL 11:cee25a834751 1475 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 1476 }
wolfSSL 11:cee25a834751 1477
wolfSSL 11:cee25a834751 1478 #endif /* NO_WOLFSSL_SERVER */
wolfSSL 11:cee25a834751 1479
wolfSSL 11:cee25a834751 1480 #endif /* HAVE_SNI */
wolfSSL 11:cee25a834751 1481
wolfSSL 11:cee25a834751 1482
wolfSSL 11:cee25a834751 1483 #ifdef HAVE_MAX_FRAGMENT
wolfSSL 11:cee25a834751 1484 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 11:cee25a834751 1485
wolfSSL 11:cee25a834751 1486 int wolfSSL_UseMaxFragment(WOLFSSL* ssl, byte mfl)
wolfSSL 11:cee25a834751 1487 {
wolfSSL 11:cee25a834751 1488 if (ssl == NULL)
wolfSSL 11:cee25a834751 1489 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 1490
wolfSSL 11:cee25a834751 1491 return TLSX_UseMaxFragment(&ssl->extensions, mfl, ssl->heap);
wolfSSL 11:cee25a834751 1492 }
wolfSSL 11:cee25a834751 1493
wolfSSL 11:cee25a834751 1494
wolfSSL 11:cee25a834751 1495 int wolfSSL_CTX_UseMaxFragment(WOLFSSL_CTX* ctx, byte mfl)
wolfSSL 11:cee25a834751 1496 {
wolfSSL 11:cee25a834751 1497 if (ctx == NULL)
wolfSSL 11:cee25a834751 1498 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 1499
wolfSSL 11:cee25a834751 1500 return TLSX_UseMaxFragment(&ctx->extensions, mfl, ctx->heap);
wolfSSL 11:cee25a834751 1501 }
wolfSSL 11:cee25a834751 1502
wolfSSL 11:cee25a834751 1503 #endif /* NO_WOLFSSL_CLIENT */
wolfSSL 11:cee25a834751 1504 #endif /* HAVE_MAX_FRAGMENT */
wolfSSL 11:cee25a834751 1505
wolfSSL 11:cee25a834751 1506 #ifdef HAVE_TRUNCATED_HMAC
wolfSSL 11:cee25a834751 1507 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 11:cee25a834751 1508
wolfSSL 11:cee25a834751 1509 int wolfSSL_UseTruncatedHMAC(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 1510 {
wolfSSL 11:cee25a834751 1511 if (ssl == NULL)
wolfSSL 11:cee25a834751 1512 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 1513
wolfSSL 11:cee25a834751 1514 return TLSX_UseTruncatedHMAC(&ssl->extensions, ssl->heap);
wolfSSL 11:cee25a834751 1515 }
wolfSSL 11:cee25a834751 1516
wolfSSL 11:cee25a834751 1517
wolfSSL 11:cee25a834751 1518 int wolfSSL_CTX_UseTruncatedHMAC(WOLFSSL_CTX* ctx)
wolfSSL 11:cee25a834751 1519 {
wolfSSL 11:cee25a834751 1520 if (ctx == NULL)
wolfSSL 11:cee25a834751 1521 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 1522
wolfSSL 11:cee25a834751 1523 return TLSX_UseTruncatedHMAC(&ctx->extensions, ctx->heap);
wolfSSL 11:cee25a834751 1524 }
wolfSSL 11:cee25a834751 1525
wolfSSL 11:cee25a834751 1526 #endif /* NO_WOLFSSL_CLIENT */
wolfSSL 11:cee25a834751 1527 #endif /* HAVE_TRUNCATED_HMAC */
wolfSSL 11:cee25a834751 1528
wolfSSL 11:cee25a834751 1529 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST
wolfSSL 11:cee25a834751 1530
wolfSSL 11:cee25a834751 1531 int wolfSSL_UseOCSPStapling(WOLFSSL* ssl, byte status_type, byte options)
wolfSSL 11:cee25a834751 1532 {
wolfSSL 11:cee25a834751 1533 if (ssl == NULL || ssl->options.side != WOLFSSL_CLIENT_END)
wolfSSL 11:cee25a834751 1534 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 1535
wolfSSL 11:cee25a834751 1536 return TLSX_UseCertificateStatusRequest(&ssl->extensions, status_type,
wolfSSL 11:cee25a834751 1537 options, ssl->heap, ssl->devId);
wolfSSL 11:cee25a834751 1538 }
wolfSSL 11:cee25a834751 1539
wolfSSL 11:cee25a834751 1540
wolfSSL 11:cee25a834751 1541 int wolfSSL_CTX_UseOCSPStapling(WOLFSSL_CTX* ctx, byte status_type,
wolfSSL 11:cee25a834751 1542 byte options)
wolfSSL 11:cee25a834751 1543 {
wolfSSL 11:cee25a834751 1544 if (ctx == NULL || ctx->method->side != WOLFSSL_CLIENT_END)
wolfSSL 11:cee25a834751 1545 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 1546
wolfSSL 11:cee25a834751 1547 return TLSX_UseCertificateStatusRequest(&ctx->extensions, status_type,
wolfSSL 11:cee25a834751 1548 options, ctx->heap, ctx->devId);
wolfSSL 11:cee25a834751 1549 }
wolfSSL 11:cee25a834751 1550
wolfSSL 11:cee25a834751 1551 #endif /* HAVE_CERTIFICATE_STATUS_REQUEST */
wolfSSL 11:cee25a834751 1552
wolfSSL 11:cee25a834751 1553 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
wolfSSL 11:cee25a834751 1554
wolfSSL 11:cee25a834751 1555 int wolfSSL_UseOCSPStaplingV2(WOLFSSL* ssl, byte status_type, byte options)
wolfSSL 11:cee25a834751 1556 {
wolfSSL 11:cee25a834751 1557 if (ssl == NULL || ssl->options.side != WOLFSSL_CLIENT_END)
wolfSSL 11:cee25a834751 1558 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 1559
wolfSSL 11:cee25a834751 1560 return TLSX_UseCertificateStatusRequestV2(&ssl->extensions, status_type,
wolfSSL 11:cee25a834751 1561 options, ssl->heap, ssl->devId);
wolfSSL 11:cee25a834751 1562 }
wolfSSL 11:cee25a834751 1563
wolfSSL 11:cee25a834751 1564
wolfSSL 11:cee25a834751 1565 int wolfSSL_CTX_UseOCSPStaplingV2(WOLFSSL_CTX* ctx,
wolfSSL 11:cee25a834751 1566 byte status_type, byte options)
wolfSSL 11:cee25a834751 1567 {
wolfSSL 11:cee25a834751 1568 if (ctx == NULL || ctx->method->side != WOLFSSL_CLIENT_END)
wolfSSL 11:cee25a834751 1569 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 1570
wolfSSL 11:cee25a834751 1571 return TLSX_UseCertificateStatusRequestV2(&ctx->extensions, status_type,
wolfSSL 11:cee25a834751 1572 options, ctx->heap, ctx->devId);
wolfSSL 11:cee25a834751 1573 }
wolfSSL 11:cee25a834751 1574
wolfSSL 11:cee25a834751 1575 #endif /* HAVE_CERTIFICATE_STATUS_REQUEST_V2 */
wolfSSL 11:cee25a834751 1576
wolfSSL 11:cee25a834751 1577 /* Elliptic Curves */
wolfSSL 11:cee25a834751 1578 #ifdef HAVE_SUPPORTED_CURVES
wolfSSL 11:cee25a834751 1579 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 11:cee25a834751 1580
wolfSSL 11:cee25a834751 1581 int wolfSSL_UseSupportedCurve(WOLFSSL* ssl, word16 name)
wolfSSL 11:cee25a834751 1582 {
wolfSSL 11:cee25a834751 1583 if (ssl == NULL)
wolfSSL 11:cee25a834751 1584 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 1585
wolfSSL 11:cee25a834751 1586 switch (name) {
wolfSSL 11:cee25a834751 1587 case WOLFSSL_ECC_SECP160K1:
wolfSSL 11:cee25a834751 1588 case WOLFSSL_ECC_SECP160R1:
wolfSSL 11:cee25a834751 1589 case WOLFSSL_ECC_SECP160R2:
wolfSSL 11:cee25a834751 1590 case WOLFSSL_ECC_SECP192K1:
wolfSSL 11:cee25a834751 1591 case WOLFSSL_ECC_SECP192R1:
wolfSSL 11:cee25a834751 1592 case WOLFSSL_ECC_SECP224K1:
wolfSSL 11:cee25a834751 1593 case WOLFSSL_ECC_SECP224R1:
wolfSSL 11:cee25a834751 1594 case WOLFSSL_ECC_SECP256K1:
wolfSSL 11:cee25a834751 1595 case WOLFSSL_ECC_SECP256R1:
wolfSSL 11:cee25a834751 1596 case WOLFSSL_ECC_SECP384R1:
wolfSSL 11:cee25a834751 1597 case WOLFSSL_ECC_SECP521R1:
wolfSSL 11:cee25a834751 1598 case WOLFSSL_ECC_BRAINPOOLP256R1:
wolfSSL 11:cee25a834751 1599 case WOLFSSL_ECC_BRAINPOOLP384R1:
wolfSSL 11:cee25a834751 1600 case WOLFSSL_ECC_BRAINPOOLP512R1:
wolfSSL 11:cee25a834751 1601 break;
wolfSSL 11:cee25a834751 1602
wolfSSL 11:cee25a834751 1603 default:
wolfSSL 11:cee25a834751 1604 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 1605 }
wolfSSL 11:cee25a834751 1606
wolfSSL 11:cee25a834751 1607 ssl->options.userCurves = 1;
wolfSSL 11:cee25a834751 1608
wolfSSL 11:cee25a834751 1609 return TLSX_UseSupportedCurve(&ssl->extensions, name, ssl->heap);
wolfSSL 11:cee25a834751 1610 }
wolfSSL 11:cee25a834751 1611
wolfSSL 11:cee25a834751 1612
wolfSSL 11:cee25a834751 1613 int wolfSSL_CTX_UseSupportedCurve(WOLFSSL_CTX* ctx, word16 name)
wolfSSL 11:cee25a834751 1614 {
wolfSSL 11:cee25a834751 1615 if (ctx == NULL)
wolfSSL 11:cee25a834751 1616 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 1617
wolfSSL 11:cee25a834751 1618 switch (name) {
wolfSSL 11:cee25a834751 1619 case WOLFSSL_ECC_SECP160K1:
wolfSSL 11:cee25a834751 1620 case WOLFSSL_ECC_SECP160R1:
wolfSSL 11:cee25a834751 1621 case WOLFSSL_ECC_SECP160R2:
wolfSSL 11:cee25a834751 1622 case WOLFSSL_ECC_SECP192K1:
wolfSSL 11:cee25a834751 1623 case WOLFSSL_ECC_SECP192R1:
wolfSSL 11:cee25a834751 1624 case WOLFSSL_ECC_SECP224K1:
wolfSSL 11:cee25a834751 1625 case WOLFSSL_ECC_SECP224R1:
wolfSSL 11:cee25a834751 1626 case WOLFSSL_ECC_SECP256K1:
wolfSSL 11:cee25a834751 1627 case WOLFSSL_ECC_SECP256R1:
wolfSSL 11:cee25a834751 1628 case WOLFSSL_ECC_SECP384R1:
wolfSSL 11:cee25a834751 1629 case WOLFSSL_ECC_SECP521R1:
wolfSSL 11:cee25a834751 1630 case WOLFSSL_ECC_BRAINPOOLP256R1:
wolfSSL 11:cee25a834751 1631 case WOLFSSL_ECC_BRAINPOOLP384R1:
wolfSSL 11:cee25a834751 1632 case WOLFSSL_ECC_BRAINPOOLP512R1:
wolfSSL 11:cee25a834751 1633 break;
wolfSSL 11:cee25a834751 1634
wolfSSL 11:cee25a834751 1635 default:
wolfSSL 11:cee25a834751 1636 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 1637 }
wolfSSL 11:cee25a834751 1638
wolfSSL 11:cee25a834751 1639 ctx->userCurves = 1;
wolfSSL 11:cee25a834751 1640
wolfSSL 11:cee25a834751 1641 return TLSX_UseSupportedCurve(&ctx->extensions, name, ctx->heap);
wolfSSL 11:cee25a834751 1642 }
wolfSSL 11:cee25a834751 1643
wolfSSL 11:cee25a834751 1644 #endif /* NO_WOLFSSL_CLIENT */
wolfSSL 11:cee25a834751 1645 #endif /* HAVE_SUPPORTED_CURVES */
wolfSSL 11:cee25a834751 1646
wolfSSL 11:cee25a834751 1647 /* QSH quantum safe handshake */
wolfSSL 11:cee25a834751 1648 #ifdef HAVE_QSH
wolfSSL 11:cee25a834751 1649 /* returns 1 if QSH has been used 0 otherwise */
wolfSSL 11:cee25a834751 1650 int wolfSSL_isQSH(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 1651 {
wolfSSL 11:cee25a834751 1652 /* if no ssl struct than QSH was not used */
wolfSSL 11:cee25a834751 1653 if (ssl == NULL)
wolfSSL 11:cee25a834751 1654 return 0;
wolfSSL 11:cee25a834751 1655
wolfSSL 11:cee25a834751 1656 return ssl->isQSH;
wolfSSL 11:cee25a834751 1657 }
wolfSSL 11:cee25a834751 1658
wolfSSL 11:cee25a834751 1659
wolfSSL 11:cee25a834751 1660 int wolfSSL_UseSupportedQSH(WOLFSSL* ssl, word16 name)
wolfSSL 11:cee25a834751 1661 {
wolfSSL 11:cee25a834751 1662 if (ssl == NULL)
wolfSSL 11:cee25a834751 1663 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 1664
wolfSSL 11:cee25a834751 1665 switch (name) {
wolfSSL 11:cee25a834751 1666 #ifdef HAVE_NTRU
wolfSSL 11:cee25a834751 1667 case WOLFSSL_NTRU_EESS439:
wolfSSL 11:cee25a834751 1668 case WOLFSSL_NTRU_EESS593:
wolfSSL 11:cee25a834751 1669 case WOLFSSL_NTRU_EESS743:
wolfSSL 11:cee25a834751 1670 break;
wolfSSL 11:cee25a834751 1671 #endif
wolfSSL 11:cee25a834751 1672 default:
wolfSSL 11:cee25a834751 1673 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 1674 }
wolfSSL 11:cee25a834751 1675
wolfSSL 11:cee25a834751 1676 ssl->user_set_QSHSchemes = 1;
wolfSSL 11:cee25a834751 1677
wolfSSL 11:cee25a834751 1678 return TLSX_UseQSHScheme(&ssl->extensions, name, NULL, 0, ssl->heap);
wolfSSL 11:cee25a834751 1679 }
wolfSSL 11:cee25a834751 1680
wolfSSL 11:cee25a834751 1681 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 11:cee25a834751 1682 /* user control over sending client public key in hello
wolfSSL 11:cee25a834751 1683 when flag = 1 will send keys if flag is 0 or function is not called
wolfSSL 11:cee25a834751 1684 then will not send keys in the hello extension
wolfSSL 11:cee25a834751 1685 return 0 on success
wolfSSL 11:cee25a834751 1686 */
wolfSSL 11:cee25a834751 1687 int wolfSSL_UseClientQSHKeys(WOLFSSL* ssl, unsigned char flag)
wolfSSL 11:cee25a834751 1688 {
wolfSSL 11:cee25a834751 1689 if (ssl == NULL)
wolfSSL 11:cee25a834751 1690 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 1691
wolfSSL 11:cee25a834751 1692 ssl->sendQSHKeys = flag;
wolfSSL 11:cee25a834751 1693
wolfSSL 11:cee25a834751 1694 return 0;
wolfSSL 11:cee25a834751 1695 }
wolfSSL 11:cee25a834751 1696 #endif /* NO_WOLFSSL_CLIENT */
wolfSSL 11:cee25a834751 1697 #endif /* HAVE_QSH */
wolfSSL 11:cee25a834751 1698
wolfSSL 11:cee25a834751 1699
wolfSSL 11:cee25a834751 1700 /* Application-Layer Protocol Negotiation */
wolfSSL 11:cee25a834751 1701 #ifdef HAVE_ALPN
wolfSSL 11:cee25a834751 1702
wolfSSL 11:cee25a834751 1703 int wolfSSL_UseALPN(WOLFSSL* ssl, char *protocol_name_list,
wolfSSL 11:cee25a834751 1704 word32 protocol_name_listSz, byte options)
wolfSSL 11:cee25a834751 1705 {
wolfSSL 11:cee25a834751 1706 char *list, *ptr, *token[10];
wolfSSL 11:cee25a834751 1707 word16 len;
wolfSSL 11:cee25a834751 1708 int idx = 0;
wolfSSL 11:cee25a834751 1709 int ret = SSL_FAILURE;
wolfSSL 11:cee25a834751 1710
wolfSSL 11:cee25a834751 1711 WOLFSSL_ENTER("wolfSSL_UseALPN");
wolfSSL 11:cee25a834751 1712
wolfSSL 11:cee25a834751 1713 if (ssl == NULL || protocol_name_list == NULL)
wolfSSL 11:cee25a834751 1714 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 1715
wolfSSL 11:cee25a834751 1716 if (protocol_name_listSz > (WOLFSSL_MAX_ALPN_NUMBER *
wolfSSL 11:cee25a834751 1717 WOLFSSL_MAX_ALPN_PROTO_NAME_LEN +
wolfSSL 11:cee25a834751 1718 WOLFSSL_MAX_ALPN_NUMBER)) {
wolfSSL 11:cee25a834751 1719 WOLFSSL_MSG("Invalid arguments, protocol name list too long");
wolfSSL 11:cee25a834751 1720 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 1721 }
wolfSSL 11:cee25a834751 1722
wolfSSL 11:cee25a834751 1723 if (!(options & WOLFSSL_ALPN_CONTINUE_ON_MISMATCH) &&
wolfSSL 11:cee25a834751 1724 !(options & WOLFSSL_ALPN_FAILED_ON_MISMATCH)) {
wolfSSL 11:cee25a834751 1725 WOLFSSL_MSG("Invalid arguments, options not supported");
wolfSSL 11:cee25a834751 1726 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 1727 }
wolfSSL 11:cee25a834751 1728
wolfSSL 11:cee25a834751 1729
wolfSSL 11:cee25a834751 1730 list = (char *)XMALLOC(protocol_name_listSz+1, ssl->heap,
wolfSSL 11:cee25a834751 1731 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 1732 if (list == NULL) {
wolfSSL 11:cee25a834751 1733 WOLFSSL_MSG("Memory failure");
wolfSSL 11:cee25a834751 1734 return MEMORY_ERROR;
wolfSSL 11:cee25a834751 1735 }
wolfSSL 11:cee25a834751 1736
wolfSSL 11:cee25a834751 1737 XMEMSET(list, 0, protocol_name_listSz+1);
wolfSSL 11:cee25a834751 1738 XSTRNCPY(list, protocol_name_list, protocol_name_listSz);
wolfSSL 11:cee25a834751 1739
wolfSSL 11:cee25a834751 1740 /* read all protocol name from the list */
wolfSSL 11:cee25a834751 1741 token[idx] = XSTRTOK(list, ",", &ptr);
wolfSSL 11:cee25a834751 1742 while (token[idx] != NULL)
wolfSSL 11:cee25a834751 1743 token[++idx] = XSTRTOK(NULL, ",", &ptr);
wolfSSL 11:cee25a834751 1744
wolfSSL 11:cee25a834751 1745 /* add protocol name list in the TLS extension in reverse order */
wolfSSL 11:cee25a834751 1746 while ((idx--) > 0) {
wolfSSL 11:cee25a834751 1747 len = (word16)XSTRLEN(token[idx]);
wolfSSL 11:cee25a834751 1748
wolfSSL 11:cee25a834751 1749 ret = TLSX_UseALPN(&ssl->extensions, token[idx], len, options,
wolfSSL 11:cee25a834751 1750 ssl->heap);
wolfSSL 11:cee25a834751 1751 if (ret != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 1752 WOLFSSL_MSG("TLSX_UseALPN failure");
wolfSSL 11:cee25a834751 1753 break;
wolfSSL 11:cee25a834751 1754 }
wolfSSL 11:cee25a834751 1755 }
wolfSSL 11:cee25a834751 1756
wolfSSL 11:cee25a834751 1757 XFREE(list, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 1758
wolfSSL 11:cee25a834751 1759 return ret;
wolfSSL 11:cee25a834751 1760 }
wolfSSL 11:cee25a834751 1761
wolfSSL 11:cee25a834751 1762 int wolfSSL_ALPN_GetProtocol(WOLFSSL* ssl, char **protocol_name, word16 *size)
wolfSSL 11:cee25a834751 1763 {
wolfSSL 11:cee25a834751 1764 return TLSX_ALPN_GetRequest(ssl ? ssl->extensions : NULL,
wolfSSL 11:cee25a834751 1765 (void **)protocol_name, size);
wolfSSL 11:cee25a834751 1766 }
wolfSSL 11:cee25a834751 1767
wolfSSL 11:cee25a834751 1768 int wolfSSL_ALPN_GetPeerProtocol(WOLFSSL* ssl, char **list, word16 *listSz)
wolfSSL 11:cee25a834751 1769 {
wolfSSL 11:cee25a834751 1770 if (list == NULL || listSz == NULL)
wolfSSL 11:cee25a834751 1771 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 1772
wolfSSL 11:cee25a834751 1773 if (ssl->alpn_client_list == NULL)
wolfSSL 11:cee25a834751 1774 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 1775
wolfSSL 11:cee25a834751 1776 *listSz = (word16)XSTRLEN(ssl->alpn_client_list);
wolfSSL 11:cee25a834751 1777 if (*listSz == 0)
wolfSSL 11:cee25a834751 1778 return BUFFER_ERROR;
wolfSSL 11:cee25a834751 1779
wolfSSL 11:cee25a834751 1780 *list = (char *)XMALLOC((*listSz)+1, ssl->heap, DYNAMIC_TYPE_TLSX);
wolfSSL 11:cee25a834751 1781 if (*list == NULL)
wolfSSL 11:cee25a834751 1782 return MEMORY_ERROR;
wolfSSL 11:cee25a834751 1783
wolfSSL 11:cee25a834751 1784 XSTRNCPY(*list, ssl->alpn_client_list, (*listSz)+1);
wolfSSL 11:cee25a834751 1785 (*list)[*listSz] = 0;
wolfSSL 11:cee25a834751 1786
wolfSSL 11:cee25a834751 1787 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 1788 }
wolfSSL 11:cee25a834751 1789
wolfSSL 11:cee25a834751 1790
wolfSSL 11:cee25a834751 1791 /* used to free memory allocated by wolfSSL_ALPN_GetPeerProtocol */
wolfSSL 11:cee25a834751 1792 int wolfSSL_ALPN_FreePeerProtocol(WOLFSSL* ssl, char **list)
wolfSSL 11:cee25a834751 1793 {
wolfSSL 11:cee25a834751 1794 if (ssl == NULL) {
wolfSSL 11:cee25a834751 1795 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 1796 }
wolfSSL 11:cee25a834751 1797
wolfSSL 11:cee25a834751 1798 XFREE(*list, ssl->heap, DYNAMIC_TYPE_TLSX);
wolfSSL 11:cee25a834751 1799 *list = NULL;
wolfSSL 11:cee25a834751 1800
wolfSSL 11:cee25a834751 1801 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 1802 }
wolfSSL 11:cee25a834751 1803
wolfSSL 11:cee25a834751 1804 #endif /* HAVE_ALPN */
wolfSSL 11:cee25a834751 1805
wolfSSL 11:cee25a834751 1806 /* Secure Renegotiation */
wolfSSL 11:cee25a834751 1807 #ifdef HAVE_SECURE_RENEGOTIATION
wolfSSL 11:cee25a834751 1808
wolfSSL 11:cee25a834751 1809 /* user is forcing ability to use secure renegotiation, we discourage it */
wolfSSL 11:cee25a834751 1810 int wolfSSL_UseSecureRenegotiation(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 1811 {
wolfSSL 11:cee25a834751 1812 int ret = BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 1813
wolfSSL 11:cee25a834751 1814 if (ssl)
wolfSSL 11:cee25a834751 1815 ret = TLSX_UseSecureRenegotiation(&ssl->extensions, ssl->heap);
wolfSSL 11:cee25a834751 1816
wolfSSL 11:cee25a834751 1817 if (ret == SSL_SUCCESS) {
wolfSSL 11:cee25a834751 1818 TLSX* extension = TLSX_Find(ssl->extensions, TLSX_RENEGOTIATION_INFO);
wolfSSL 11:cee25a834751 1819
wolfSSL 11:cee25a834751 1820 if (extension)
wolfSSL 11:cee25a834751 1821 ssl->secure_renegotiation = (SecureRenegotiation*)extension->data;
wolfSSL 11:cee25a834751 1822 }
wolfSSL 11:cee25a834751 1823
wolfSSL 11:cee25a834751 1824 return ret;
wolfSSL 11:cee25a834751 1825 }
wolfSSL 11:cee25a834751 1826
wolfSSL 11:cee25a834751 1827
wolfSSL 11:cee25a834751 1828 /* do a secure renegotiation handshake, user forced, we discourage */
wolfSSL 11:cee25a834751 1829 int wolfSSL_Rehandshake(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 1830 {
wolfSSL 11:cee25a834751 1831 int ret;
wolfSSL 11:cee25a834751 1832
wolfSSL 11:cee25a834751 1833 if (ssl == NULL)
wolfSSL 11:cee25a834751 1834 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 1835
wolfSSL 11:cee25a834751 1836 if (ssl->secure_renegotiation == NULL) {
wolfSSL 11:cee25a834751 1837 WOLFSSL_MSG("Secure Renegotiation not forced on by user");
wolfSSL 11:cee25a834751 1838 return SECURE_RENEGOTIATION_E;
wolfSSL 11:cee25a834751 1839 }
wolfSSL 11:cee25a834751 1840
wolfSSL 11:cee25a834751 1841 if (ssl->secure_renegotiation->enabled == 0) {
wolfSSL 11:cee25a834751 1842 WOLFSSL_MSG("Secure Renegotiation not enabled at extension level");
wolfSSL 11:cee25a834751 1843 return SECURE_RENEGOTIATION_E;
wolfSSL 11:cee25a834751 1844 }
wolfSSL 11:cee25a834751 1845
wolfSSL 11:cee25a834751 1846 if (ssl->options.handShakeState != HANDSHAKE_DONE) {
wolfSSL 11:cee25a834751 1847 WOLFSSL_MSG("Can't renegotiate until previous handshake complete");
wolfSSL 11:cee25a834751 1848 return SECURE_RENEGOTIATION_E;
wolfSSL 11:cee25a834751 1849 }
wolfSSL 11:cee25a834751 1850
wolfSSL 11:cee25a834751 1851 #ifndef NO_FORCE_SCR_SAME_SUITE
wolfSSL 11:cee25a834751 1852 /* force same suite */
wolfSSL 11:cee25a834751 1853 if (ssl->suites) {
wolfSSL 11:cee25a834751 1854 ssl->suites->suiteSz = SUITE_LEN;
wolfSSL 11:cee25a834751 1855 ssl->suites->suites[0] = ssl->options.cipherSuite0;
wolfSSL 11:cee25a834751 1856 ssl->suites->suites[1] = ssl->options.cipherSuite;
wolfSSL 11:cee25a834751 1857 }
wolfSSL 11:cee25a834751 1858 #endif
wolfSSL 11:cee25a834751 1859
wolfSSL 11:cee25a834751 1860 /* reset handshake states */
wolfSSL 11:cee25a834751 1861 ssl->options.serverState = NULL_STATE;
wolfSSL 11:cee25a834751 1862 ssl->options.clientState = NULL_STATE;
wolfSSL 11:cee25a834751 1863 ssl->options.connectState = CONNECT_BEGIN;
wolfSSL 11:cee25a834751 1864 ssl->options.acceptState = ACCEPT_BEGIN;
wolfSSL 11:cee25a834751 1865 ssl->options.handShakeState = NULL_STATE;
wolfSSL 11:cee25a834751 1866 ssl->options.processReply = 0; /* TODO, move states in internal.h */
wolfSSL 11:cee25a834751 1867
wolfSSL 11:cee25a834751 1868 XMEMSET(&ssl->msgsReceived, 0, sizeof(ssl->msgsReceived));
wolfSSL 11:cee25a834751 1869
wolfSSL 11:cee25a834751 1870 ssl->secure_renegotiation->cache_status = SCR_CACHE_NEEDED;
wolfSSL 11:cee25a834751 1871
wolfSSL 11:cee25a834751 1872 #ifndef NO_OLD_TLS
wolfSSL 11:cee25a834751 1873 #ifndef NO_MD5
wolfSSL 11:cee25a834751 1874 ret = wc_InitMd5_ex(&ssl->hsHashes->hashMd5, ssl->heap, ssl->devId);
wolfSSL 11:cee25a834751 1875 if (ret !=0)
wolfSSL 11:cee25a834751 1876 return ret;
wolfSSL 11:cee25a834751 1877 #endif
wolfSSL 11:cee25a834751 1878 #ifndef NO_SHA
wolfSSL 11:cee25a834751 1879 ret = wc_InitSha_ex(&ssl->hsHashes->hashSha, ssl->heap, ssl->devId);
wolfSSL 11:cee25a834751 1880 if (ret !=0)
wolfSSL 11:cee25a834751 1881 return ret;
wolfSSL 11:cee25a834751 1882 #endif
wolfSSL 11:cee25a834751 1883 #endif /* NO_OLD_TLS */
wolfSSL 11:cee25a834751 1884 #ifndef NO_SHA256
wolfSSL 11:cee25a834751 1885 ret = wc_InitSha256_ex(&ssl->hsHashes->hashSha256, ssl->heap, ssl->devId);
wolfSSL 11:cee25a834751 1886 if (ret !=0)
wolfSSL 11:cee25a834751 1887 return ret;
wolfSSL 11:cee25a834751 1888 #endif
wolfSSL 11:cee25a834751 1889 #ifdef WOLFSSL_SHA384
wolfSSL 11:cee25a834751 1890 ret = wc_InitSha384_ex(&ssl->hsHashes->hashSha384, ssl->heap, ssl->devId);
wolfSSL 11:cee25a834751 1891 if (ret !=0)
wolfSSL 11:cee25a834751 1892 return ret;
wolfSSL 11:cee25a834751 1893 #endif
wolfSSL 11:cee25a834751 1894 #ifdef WOLFSSL_SHA512
wolfSSL 11:cee25a834751 1895 ret = wc_InitSha512_ex(&ssl->hsHashes->hashSha512, ssl->heap, ssl->devId);
wolfSSL 11:cee25a834751 1896 if (ret !=0)
wolfSSL 11:cee25a834751 1897 return ret;
wolfSSL 11:cee25a834751 1898 #endif
wolfSSL 11:cee25a834751 1899
wolfSSL 11:cee25a834751 1900 ret = wolfSSL_negotiate(ssl);
wolfSSL 11:cee25a834751 1901 return ret;
wolfSSL 11:cee25a834751 1902 }
wolfSSL 11:cee25a834751 1903
wolfSSL 11:cee25a834751 1904 #endif /* HAVE_SECURE_RENEGOTIATION */
wolfSSL 11:cee25a834751 1905
wolfSSL 11:cee25a834751 1906 /* Session Ticket */
wolfSSL 11:cee25a834751 1907 #if !defined(NO_WOLFSSL_SERVER) && defined(HAVE_SESSION_TICKET)
wolfSSL 11:cee25a834751 1908 /* SSL_SUCCESS on ok */
wolfSSL 11:cee25a834751 1909 int wolfSSL_CTX_set_TicketEncCb(WOLFSSL_CTX* ctx, SessionTicketEncCb cb)
wolfSSL 11:cee25a834751 1910 {
wolfSSL 11:cee25a834751 1911 if (ctx == NULL)
wolfSSL 11:cee25a834751 1912 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 1913
wolfSSL 11:cee25a834751 1914 ctx->ticketEncCb = cb;
wolfSSL 11:cee25a834751 1915
wolfSSL 11:cee25a834751 1916 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 1917 }
wolfSSL 11:cee25a834751 1918
wolfSSL 11:cee25a834751 1919 /* set hint interval, SSL_SUCCESS on ok */
wolfSSL 11:cee25a834751 1920 int wolfSSL_CTX_set_TicketHint(WOLFSSL_CTX* ctx, int hint)
wolfSSL 11:cee25a834751 1921 {
wolfSSL 11:cee25a834751 1922 if (ctx == NULL)
wolfSSL 11:cee25a834751 1923 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 1924
wolfSSL 11:cee25a834751 1925 ctx->ticketHint = hint;
wolfSSL 11:cee25a834751 1926
wolfSSL 11:cee25a834751 1927 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 1928 }
wolfSSL 11:cee25a834751 1929
wolfSSL 11:cee25a834751 1930 /* set user context, SSL_SUCCESS on ok */
wolfSSL 11:cee25a834751 1931 int wolfSSL_CTX_set_TicketEncCtx(WOLFSSL_CTX* ctx, void* userCtx)
wolfSSL 11:cee25a834751 1932 {
wolfSSL 11:cee25a834751 1933 if (ctx == NULL)
wolfSSL 11:cee25a834751 1934 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 1935
wolfSSL 11:cee25a834751 1936 ctx->ticketEncCtx = userCtx;
wolfSSL 11:cee25a834751 1937
wolfSSL 11:cee25a834751 1938 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 1939 }
wolfSSL 11:cee25a834751 1940
wolfSSL 11:cee25a834751 1941 #endif /* !defined(NO_WOLFSSL_CLIENT) && defined(HAVE_SESSION_TICKET) */
wolfSSL 11:cee25a834751 1942
wolfSSL 11:cee25a834751 1943 /* Session Ticket */
wolfSSL 11:cee25a834751 1944 #if !defined(NO_WOLFSSL_CLIENT) && defined(HAVE_SESSION_TICKET)
wolfSSL 11:cee25a834751 1945 int wolfSSL_UseSessionTicket(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 1946 {
wolfSSL 11:cee25a834751 1947 if (ssl == NULL)
wolfSSL 11:cee25a834751 1948 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 1949
wolfSSL 11:cee25a834751 1950 return TLSX_UseSessionTicket(&ssl->extensions, NULL, ssl->heap);
wolfSSL 11:cee25a834751 1951 }
wolfSSL 11:cee25a834751 1952
wolfSSL 11:cee25a834751 1953 int wolfSSL_CTX_UseSessionTicket(WOLFSSL_CTX* ctx)
wolfSSL 11:cee25a834751 1954 {
wolfSSL 11:cee25a834751 1955 if (ctx == NULL)
wolfSSL 11:cee25a834751 1956 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 1957
wolfSSL 11:cee25a834751 1958 return TLSX_UseSessionTicket(&ctx->extensions, NULL, ctx->heap);
wolfSSL 11:cee25a834751 1959 }
wolfSSL 11:cee25a834751 1960
wolfSSL 11:cee25a834751 1961 WOLFSSL_API int wolfSSL_get_SessionTicket(WOLFSSL* ssl,
wolfSSL 11:cee25a834751 1962 byte* buf, word32* bufSz)
wolfSSL 11:cee25a834751 1963 {
wolfSSL 11:cee25a834751 1964 if (ssl == NULL || buf == NULL || bufSz == NULL || *bufSz == 0)
wolfSSL 11:cee25a834751 1965 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 1966
wolfSSL 11:cee25a834751 1967 if (ssl->session.ticketLen <= *bufSz) {
wolfSSL 11:cee25a834751 1968 XMEMCPY(buf, ssl->session.ticket, ssl->session.ticketLen);
wolfSSL 11:cee25a834751 1969 *bufSz = ssl->session.ticketLen;
wolfSSL 11:cee25a834751 1970 }
wolfSSL 11:cee25a834751 1971 else
wolfSSL 11:cee25a834751 1972 *bufSz = 0;
wolfSSL 11:cee25a834751 1973
wolfSSL 11:cee25a834751 1974 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 1975 }
wolfSSL 11:cee25a834751 1976
wolfSSL 11:cee25a834751 1977 WOLFSSL_API int wolfSSL_set_SessionTicket(WOLFSSL* ssl, const byte* buf,
wolfSSL 11:cee25a834751 1978 word32 bufSz)
wolfSSL 11:cee25a834751 1979 {
wolfSSL 11:cee25a834751 1980 if (ssl == NULL || (buf == NULL && bufSz > 0))
wolfSSL 11:cee25a834751 1981 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 1982
wolfSSL 11:cee25a834751 1983 if (bufSz > 0) {
wolfSSL 11:cee25a834751 1984 /* Ticket will fit into static ticket */
wolfSSL 11:cee25a834751 1985 if(bufSz <= SESSION_TICKET_LEN) {
wolfSSL 11:cee25a834751 1986 if (ssl->session.isDynamic) {
wolfSSL 11:cee25a834751 1987 XFREE(ssl->session.ticket, ssl->heap, DYNAMIC_TYPE_SESSION_TICK);
wolfSSL 11:cee25a834751 1988 ssl->session.isDynamic = 0;
wolfSSL 11:cee25a834751 1989 ssl->session.ticket = ssl->session.staticTicket;
wolfSSL 11:cee25a834751 1990 }
wolfSSL 11:cee25a834751 1991 } else { /* Ticket requires dynamic ticket storage */
wolfSSL 11:cee25a834751 1992 if (ssl->session.ticketLen < bufSz) { /* is dyn buffer big enough */
wolfSSL 11:cee25a834751 1993 if(ssl->session.isDynamic)
wolfSSL 11:cee25a834751 1994 XFREE(ssl->session.ticket, ssl->heap,
wolfSSL 11:cee25a834751 1995 DYNAMIC_TYPE_SESSION_TICK);
wolfSSL 11:cee25a834751 1996 ssl->session.ticket = (byte*)XMALLOC(bufSz, ssl->heap,
wolfSSL 11:cee25a834751 1997 DYNAMIC_TYPE_SESSION_TICK);
wolfSSL 11:cee25a834751 1998 if(!ssl->session.ticket) {
wolfSSL 11:cee25a834751 1999 ssl->session.ticket = ssl->session.staticTicket;
wolfSSL 11:cee25a834751 2000 ssl->session.isDynamic = 0;
wolfSSL 11:cee25a834751 2001 return MEMORY_ERROR;
wolfSSL 11:cee25a834751 2002 }
wolfSSL 11:cee25a834751 2003 ssl->session.isDynamic = 1;
wolfSSL 11:cee25a834751 2004 }
wolfSSL 11:cee25a834751 2005 }
wolfSSL 11:cee25a834751 2006 XMEMCPY(ssl->session.ticket, buf, bufSz);
wolfSSL 11:cee25a834751 2007 }
wolfSSL 11:cee25a834751 2008 ssl->session.ticketLen = (word16)bufSz;
wolfSSL 11:cee25a834751 2009
wolfSSL 11:cee25a834751 2010 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 2011 }
wolfSSL 11:cee25a834751 2012
wolfSSL 11:cee25a834751 2013
wolfSSL 11:cee25a834751 2014 WOLFSSL_API int wolfSSL_set_SessionTicket_cb(WOLFSSL* ssl,
wolfSSL 11:cee25a834751 2015 CallbackSessionTicket cb, void* ctx)
wolfSSL 11:cee25a834751 2016 {
wolfSSL 11:cee25a834751 2017 if (ssl == NULL)
wolfSSL 11:cee25a834751 2018 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 2019
wolfSSL 11:cee25a834751 2020 ssl->session_ticket_cb = cb;
wolfSSL 11:cee25a834751 2021 ssl->session_ticket_ctx = ctx;
wolfSSL 11:cee25a834751 2022
wolfSSL 11:cee25a834751 2023 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 2024 }
wolfSSL 11:cee25a834751 2025 #endif
wolfSSL 11:cee25a834751 2026
wolfSSL 11:cee25a834751 2027
wolfSSL 11:cee25a834751 2028 #ifdef HAVE_EXTENDED_MASTER
wolfSSL 11:cee25a834751 2029 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 11:cee25a834751 2030
wolfSSL 11:cee25a834751 2031 int wolfSSL_CTX_DisableExtendedMasterSecret(WOLFSSL_CTX* ctx)
wolfSSL 11:cee25a834751 2032 {
wolfSSL 11:cee25a834751 2033 if (ctx == NULL)
wolfSSL 11:cee25a834751 2034 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 2035
wolfSSL 11:cee25a834751 2036 ctx->haveEMS = 0;
wolfSSL 11:cee25a834751 2037
wolfSSL 11:cee25a834751 2038 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 2039 }
wolfSSL 11:cee25a834751 2040
wolfSSL 11:cee25a834751 2041
wolfSSL 11:cee25a834751 2042 int wolfSSL_DisableExtendedMasterSecret(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 2043 {
wolfSSL 11:cee25a834751 2044 if (ssl == NULL)
wolfSSL 11:cee25a834751 2045 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 2046
wolfSSL 11:cee25a834751 2047 ssl->options.haveEMS = 0;
wolfSSL 11:cee25a834751 2048
wolfSSL 11:cee25a834751 2049 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 2050 }
wolfSSL 11:cee25a834751 2051
wolfSSL 11:cee25a834751 2052 #endif
wolfSSL 11:cee25a834751 2053 #endif
wolfSSL 11:cee25a834751 2054
wolfSSL 11:cee25a834751 2055
wolfSSL 11:cee25a834751 2056 #ifndef WOLFSSL_LEANPSK
wolfSSL 11:cee25a834751 2057
wolfSSL 11:cee25a834751 2058 int wolfSSL_send(WOLFSSL* ssl, const void* data, int sz, int flags)
wolfSSL 11:cee25a834751 2059 {
wolfSSL 11:cee25a834751 2060 int ret;
wolfSSL 11:cee25a834751 2061 int oldFlags;
wolfSSL 11:cee25a834751 2062
wolfSSL 11:cee25a834751 2063 WOLFSSL_ENTER("wolfSSL_send()");
wolfSSL 11:cee25a834751 2064
wolfSSL 11:cee25a834751 2065 if (ssl == NULL || data == NULL || sz < 0)
wolfSSL 11:cee25a834751 2066 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 2067
wolfSSL 11:cee25a834751 2068 oldFlags = ssl->wflags;
wolfSSL 11:cee25a834751 2069
wolfSSL 11:cee25a834751 2070 ssl->wflags = flags;
wolfSSL 11:cee25a834751 2071 ret = wolfSSL_write(ssl, data, sz);
wolfSSL 11:cee25a834751 2072 ssl->wflags = oldFlags;
wolfSSL 11:cee25a834751 2073
wolfSSL 11:cee25a834751 2074 WOLFSSL_LEAVE("wolfSSL_send()", ret);
wolfSSL 11:cee25a834751 2075
wolfSSL 11:cee25a834751 2076 return ret;
wolfSSL 11:cee25a834751 2077 }
wolfSSL 11:cee25a834751 2078
wolfSSL 11:cee25a834751 2079
wolfSSL 11:cee25a834751 2080 int wolfSSL_recv(WOLFSSL* ssl, void* data, int sz, int flags)
wolfSSL 11:cee25a834751 2081 {
wolfSSL 11:cee25a834751 2082 int ret;
wolfSSL 11:cee25a834751 2083 int oldFlags;
wolfSSL 11:cee25a834751 2084
wolfSSL 11:cee25a834751 2085 WOLFSSL_ENTER("wolfSSL_recv()");
wolfSSL 11:cee25a834751 2086
wolfSSL 11:cee25a834751 2087 if (ssl == NULL || data == NULL || sz < 0)
wolfSSL 11:cee25a834751 2088 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 2089
wolfSSL 11:cee25a834751 2090 oldFlags = ssl->rflags;
wolfSSL 11:cee25a834751 2091
wolfSSL 11:cee25a834751 2092 ssl->rflags = flags;
wolfSSL 11:cee25a834751 2093 ret = wolfSSL_read(ssl, data, sz);
wolfSSL 11:cee25a834751 2094 ssl->rflags = oldFlags;
wolfSSL 11:cee25a834751 2095
wolfSSL 11:cee25a834751 2096 WOLFSSL_LEAVE("wolfSSL_recv()", ret);
wolfSSL 11:cee25a834751 2097
wolfSSL 11:cee25a834751 2098 return ret;
wolfSSL 11:cee25a834751 2099 }
wolfSSL 11:cee25a834751 2100 #endif
wolfSSL 11:cee25a834751 2101
wolfSSL 11:cee25a834751 2102
wolfSSL 11:cee25a834751 2103 /* SSL_SUCCESS on ok */
wolfSSL 11:cee25a834751 2104 int wolfSSL_shutdown(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 2105 {
wolfSSL 11:cee25a834751 2106 int ret = SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 2107 byte tmp;
wolfSSL 11:cee25a834751 2108 WOLFSSL_ENTER("SSL_shutdown()");
wolfSSL 11:cee25a834751 2109
wolfSSL 11:cee25a834751 2110 if (ssl == NULL)
wolfSSL 11:cee25a834751 2111 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 2112
wolfSSL 11:cee25a834751 2113 if (ssl->options.quietShutdown) {
wolfSSL 11:cee25a834751 2114 WOLFSSL_MSG("quiet shutdown, no close notify sent");
wolfSSL 11:cee25a834751 2115 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 2116 }
wolfSSL 11:cee25a834751 2117
wolfSSL 11:cee25a834751 2118 /* try to send close notify, not an error if can't */
wolfSSL 11:cee25a834751 2119 if (!ssl->options.isClosed && !ssl->options.connReset &&
wolfSSL 11:cee25a834751 2120 !ssl->options.sentNotify) {
wolfSSL 11:cee25a834751 2121 ssl->error = SendAlert(ssl, alert_warning, close_notify);
wolfSSL 11:cee25a834751 2122 if (ssl->error < 0) {
wolfSSL 11:cee25a834751 2123 WOLFSSL_ERROR(ssl->error);
wolfSSL 11:cee25a834751 2124 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 2125 }
wolfSSL 11:cee25a834751 2126 ssl->options.sentNotify = 1; /* don't send close_notify twice */
wolfSSL 11:cee25a834751 2127 if (ssl->options.closeNotify)
wolfSSL 11:cee25a834751 2128 ret = SSL_SUCCESS;
wolfSSL 11:cee25a834751 2129 else
wolfSSL 11:cee25a834751 2130 ret = SSL_SHUTDOWN_NOT_DONE;
wolfSSL 11:cee25a834751 2131
wolfSSL 11:cee25a834751 2132 WOLFSSL_LEAVE("SSL_shutdown()", ret);
wolfSSL 11:cee25a834751 2133 return ret;
wolfSSL 11:cee25a834751 2134 }
wolfSSL 11:cee25a834751 2135
wolfSSL 11:cee25a834751 2136 /* call wolfSSL_shutdown again for bidirectional shutdown */
wolfSSL 11:cee25a834751 2137 if (ssl->options.sentNotify && !ssl->options.closeNotify) {
wolfSSL 11:cee25a834751 2138 ret = wolfSSL_read(ssl, &tmp, 0);
wolfSSL 11:cee25a834751 2139 if (ret < 0) {
wolfSSL 11:cee25a834751 2140 WOLFSSL_ERROR(ssl->error);
wolfSSL 11:cee25a834751 2141 ret = SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 2142 } else if (ssl->options.closeNotify) {
wolfSSL 11:cee25a834751 2143 ssl->error = SSL_ERROR_SYSCALL; /* simulate OpenSSL behavior */
wolfSSL 11:cee25a834751 2144 ret = SSL_SUCCESS;
wolfSSL 11:cee25a834751 2145 }
wolfSSL 11:cee25a834751 2146 }
wolfSSL 11:cee25a834751 2147
wolfSSL 11:cee25a834751 2148 WOLFSSL_LEAVE("SSL_shutdown()", ret);
wolfSSL 11:cee25a834751 2149
wolfSSL 11:cee25a834751 2150 return ret;
wolfSSL 11:cee25a834751 2151 }
wolfSSL 11:cee25a834751 2152
wolfSSL 11:cee25a834751 2153
wolfSSL 11:cee25a834751 2154 /* get current error state value */
wolfSSL 11:cee25a834751 2155 int wolfSSL_state(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 2156 {
wolfSSL 11:cee25a834751 2157 if (ssl == NULL) {
wolfSSL 11:cee25a834751 2158 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 2159 }
wolfSSL 11:cee25a834751 2160
wolfSSL 11:cee25a834751 2161 return ssl->error;
wolfSSL 11:cee25a834751 2162 }
wolfSSL 11:cee25a834751 2163
wolfSSL 11:cee25a834751 2164
wolfSSL 11:cee25a834751 2165 int wolfSSL_get_error(WOLFSSL* ssl, int ret)
wolfSSL 11:cee25a834751 2166 {
wolfSSL 11:cee25a834751 2167 WOLFSSL_ENTER("SSL_get_error");
wolfSSL 11:cee25a834751 2168
wolfSSL 11:cee25a834751 2169 if (ret > 0)
wolfSSL 11:cee25a834751 2170 return SSL_ERROR_NONE;
wolfSSL 11:cee25a834751 2171 if (ssl == NULL)
wolfSSL 11:cee25a834751 2172 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 2173
wolfSSL 11:cee25a834751 2174 WOLFSSL_LEAVE("SSL_get_error", ssl->error);
wolfSSL 11:cee25a834751 2175
wolfSSL 11:cee25a834751 2176 /* make sure converted types are handled in SetErrorString() too */
wolfSSL 11:cee25a834751 2177 if (ssl->error == WANT_READ)
wolfSSL 11:cee25a834751 2178 return SSL_ERROR_WANT_READ; /* convert to OpenSSL type */
wolfSSL 11:cee25a834751 2179 else if (ssl->error == WANT_WRITE)
wolfSSL 11:cee25a834751 2180 return SSL_ERROR_WANT_WRITE; /* convert to OpenSSL type */
wolfSSL 11:cee25a834751 2181 else if (ssl->error == ZERO_RETURN)
wolfSSL 11:cee25a834751 2182 return SSL_ERROR_ZERO_RETURN; /* convert to OpenSSL type */
wolfSSL 11:cee25a834751 2183 return ssl->error;
wolfSSL 11:cee25a834751 2184 }
wolfSSL 11:cee25a834751 2185
wolfSSL 11:cee25a834751 2186
wolfSSL 11:cee25a834751 2187 /* retrive alert history, SSL_SUCCESS on ok */
wolfSSL 11:cee25a834751 2188 int wolfSSL_get_alert_history(WOLFSSL* ssl, WOLFSSL_ALERT_HISTORY *h)
wolfSSL 11:cee25a834751 2189 {
wolfSSL 11:cee25a834751 2190 if (ssl && h) {
wolfSSL 11:cee25a834751 2191 *h = ssl->alert_history;
wolfSSL 11:cee25a834751 2192 }
wolfSSL 11:cee25a834751 2193 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 2194 }
wolfSSL 11:cee25a834751 2195
wolfSSL 11:cee25a834751 2196
wolfSSL 11:cee25a834751 2197 /* return TRUE if current error is want read */
wolfSSL 11:cee25a834751 2198 int wolfSSL_want_read(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 2199 {
wolfSSL 11:cee25a834751 2200 WOLFSSL_ENTER("SSL_want_read");
wolfSSL 11:cee25a834751 2201 if (ssl->error == WANT_READ)
wolfSSL 11:cee25a834751 2202 return 1;
wolfSSL 11:cee25a834751 2203
wolfSSL 11:cee25a834751 2204 return 0;
wolfSSL 11:cee25a834751 2205 }
wolfSSL 11:cee25a834751 2206
wolfSSL 11:cee25a834751 2207
wolfSSL 11:cee25a834751 2208 /* return TRUE if current error is want write */
wolfSSL 11:cee25a834751 2209 int wolfSSL_want_write(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 2210 {
wolfSSL 11:cee25a834751 2211 WOLFSSL_ENTER("SSL_want_write");
wolfSSL 11:cee25a834751 2212 if (ssl->error == WANT_WRITE)
wolfSSL 11:cee25a834751 2213 return 1;
wolfSSL 11:cee25a834751 2214
wolfSSL 11:cee25a834751 2215 return 0;
wolfSSL 11:cee25a834751 2216 }
wolfSSL 11:cee25a834751 2217
wolfSSL 11:cee25a834751 2218
wolfSSL 11:cee25a834751 2219 char* wolfSSL_ERR_error_string(unsigned long errNumber, char* data)
wolfSSL 11:cee25a834751 2220 {
wolfSSL 11:cee25a834751 2221 static const char* msg = "Please supply a buffer for error string";
wolfSSL 11:cee25a834751 2222
wolfSSL 11:cee25a834751 2223 WOLFSSL_ENTER("ERR_error_string");
wolfSSL 11:cee25a834751 2224 if (data) {
wolfSSL 11:cee25a834751 2225 SetErrorString((int)errNumber, data);
wolfSSL 11:cee25a834751 2226 return data;
wolfSSL 11:cee25a834751 2227 }
wolfSSL 11:cee25a834751 2228
wolfSSL 11:cee25a834751 2229 return (char*)msg;
wolfSSL 11:cee25a834751 2230 }
wolfSSL 11:cee25a834751 2231
wolfSSL 11:cee25a834751 2232
wolfSSL 11:cee25a834751 2233 void wolfSSL_ERR_error_string_n(unsigned long e, char* buf, unsigned long len)
wolfSSL 11:cee25a834751 2234 {
wolfSSL 11:cee25a834751 2235 WOLFSSL_ENTER("wolfSSL_ERR_error_string_n");
wolfSSL 11:cee25a834751 2236 if (len >= WOLFSSL_MAX_ERROR_SZ)
wolfSSL 11:cee25a834751 2237 wolfSSL_ERR_error_string(e, buf);
wolfSSL 11:cee25a834751 2238 else {
wolfSSL 11:cee25a834751 2239 char tmp[WOLFSSL_MAX_ERROR_SZ];
wolfSSL 11:cee25a834751 2240
wolfSSL 11:cee25a834751 2241 WOLFSSL_MSG("Error buffer too short, truncating");
wolfSSL 11:cee25a834751 2242 if (len) {
wolfSSL 11:cee25a834751 2243 wolfSSL_ERR_error_string(e, tmp);
wolfSSL 11:cee25a834751 2244 XMEMCPY(buf, tmp, len-1);
wolfSSL 11:cee25a834751 2245 buf[len-1] = '\0';
wolfSSL 11:cee25a834751 2246 }
wolfSSL 11:cee25a834751 2247 }
wolfSSL 11:cee25a834751 2248 }
wolfSSL 11:cee25a834751 2249
wolfSSL 11:cee25a834751 2250
wolfSSL 11:cee25a834751 2251 /* don't free temporary arrays at end of handshake */
wolfSSL 11:cee25a834751 2252 void wolfSSL_KeepArrays(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 2253 {
wolfSSL 11:cee25a834751 2254 if (ssl)
wolfSSL 11:cee25a834751 2255 ssl->options.saveArrays = 1;
wolfSSL 11:cee25a834751 2256 }
wolfSSL 11:cee25a834751 2257
wolfSSL 11:cee25a834751 2258
wolfSSL 11:cee25a834751 2259 /* user doesn't need temporary arrays anymore, Free */
wolfSSL 11:cee25a834751 2260 void wolfSSL_FreeArrays(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 2261 {
wolfSSL 11:cee25a834751 2262 if (ssl && ssl->options.handShakeState == HANDSHAKE_DONE) {
wolfSSL 11:cee25a834751 2263 ssl->options.saveArrays = 0;
wolfSSL 11:cee25a834751 2264 FreeArrays(ssl, 1);
wolfSSL 11:cee25a834751 2265 }
wolfSSL 11:cee25a834751 2266 }
wolfSSL 11:cee25a834751 2267
wolfSSL 11:cee25a834751 2268 /* Set option to indicate that the resources are not to be freed after
wolfSSL 11:cee25a834751 2269 * handshake.
wolfSSL 11:cee25a834751 2270 *
wolfSSL 11:cee25a834751 2271 * ssl The SSL/TLS object.
wolfSSL 11:cee25a834751 2272 * returns BAD_FUNC_ARG when ssl is NULL and 0 on success.
wolfSSL 11:cee25a834751 2273 */
wolfSSL 11:cee25a834751 2274 int wolfSSL_KeepHandshakeResources(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 2275 {
wolfSSL 11:cee25a834751 2276 if (ssl == NULL)
wolfSSL 11:cee25a834751 2277 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 2278
wolfSSL 11:cee25a834751 2279 ssl->options.keepResources = 1;
wolfSSL 11:cee25a834751 2280
wolfSSL 11:cee25a834751 2281 return 0;
wolfSSL 11:cee25a834751 2282 }
wolfSSL 11:cee25a834751 2283
wolfSSL 11:cee25a834751 2284 /* Free the handshake resources after handshake.
wolfSSL 11:cee25a834751 2285 *
wolfSSL 11:cee25a834751 2286 * ssl The SSL/TLS object.
wolfSSL 11:cee25a834751 2287 * returns BAD_FUNC_ARG when ssl is NULL and 0 on success.
wolfSSL 11:cee25a834751 2288 */
wolfSSL 11:cee25a834751 2289 int wolfSSL_FreeHandshakeResources(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 2290 {
wolfSSL 11:cee25a834751 2291 if (ssl == NULL)
wolfSSL 11:cee25a834751 2292 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 2293
wolfSSL 11:cee25a834751 2294 FreeHandshakeResources(ssl);
wolfSSL 11:cee25a834751 2295
wolfSSL 11:cee25a834751 2296 return 0;
wolfSSL 11:cee25a834751 2297 }
wolfSSL 11:cee25a834751 2298
wolfSSL 11:cee25a834751 2299 /* Use the client's order of preference when matching cipher suites.
wolfSSL 11:cee25a834751 2300 *
wolfSSL 11:cee25a834751 2301 * ssl The SSL/TLS context object.
wolfSSL 11:cee25a834751 2302 * returns BAD_FUNC_ARG when ssl is NULL and 0 on success.
wolfSSL 11:cee25a834751 2303 */
wolfSSL 11:cee25a834751 2304 int wolfSSL_CTX_UseClientSuites(WOLFSSL_CTX* ctx)
wolfSSL 11:cee25a834751 2305 {
wolfSSL 11:cee25a834751 2306 if (ctx == NULL)
wolfSSL 11:cee25a834751 2307 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 2308
wolfSSL 11:cee25a834751 2309 ctx->useClientOrder = 1;
wolfSSL 11:cee25a834751 2310
wolfSSL 11:cee25a834751 2311 return 0;
wolfSSL 11:cee25a834751 2312 }
wolfSSL 11:cee25a834751 2313
wolfSSL 11:cee25a834751 2314 /* Use the client's order of preference when matching cipher suites.
wolfSSL 11:cee25a834751 2315 *
wolfSSL 11:cee25a834751 2316 * ssl The SSL/TLS object.
wolfSSL 11:cee25a834751 2317 * returns BAD_FUNC_ARG when ssl is NULL and 0 on success.
wolfSSL 11:cee25a834751 2318 */
wolfSSL 11:cee25a834751 2319 int wolfSSL_UseClientSuites(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 2320 {
wolfSSL 11:cee25a834751 2321 if (ssl == NULL)
wolfSSL 11:cee25a834751 2322 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 2323
wolfSSL 11:cee25a834751 2324 ssl->options.useClientOrder = 1;
wolfSSL 11:cee25a834751 2325
wolfSSL 11:cee25a834751 2326 return 0;
wolfSSL 11:cee25a834751 2327 }
wolfSSL 11:cee25a834751 2328
wolfSSL 11:cee25a834751 2329 const byte* wolfSSL_GetMacSecret(WOLFSSL* ssl, int verify)
wolfSSL 11:cee25a834751 2330 {
wolfSSL 11:cee25a834751 2331 if (ssl == NULL)
wolfSSL 11:cee25a834751 2332 return NULL;
wolfSSL 11:cee25a834751 2333
wolfSSL 11:cee25a834751 2334 if ( (ssl->options.side == WOLFSSL_CLIENT_END && !verify) ||
wolfSSL 11:cee25a834751 2335 (ssl->options.side == WOLFSSL_SERVER_END && verify) )
wolfSSL 11:cee25a834751 2336 return ssl->keys.client_write_MAC_secret;
wolfSSL 11:cee25a834751 2337 else
wolfSSL 11:cee25a834751 2338 return ssl->keys.server_write_MAC_secret;
wolfSSL 11:cee25a834751 2339 }
wolfSSL 11:cee25a834751 2340
wolfSSL 11:cee25a834751 2341
wolfSSL 11:cee25a834751 2342 #ifdef ATOMIC_USER
wolfSSL 11:cee25a834751 2343
wolfSSL 11:cee25a834751 2344 void wolfSSL_CTX_SetMacEncryptCb(WOLFSSL_CTX* ctx, CallbackMacEncrypt cb)
wolfSSL 11:cee25a834751 2345 {
wolfSSL 11:cee25a834751 2346 if (ctx)
wolfSSL 11:cee25a834751 2347 ctx->MacEncryptCb = cb;
wolfSSL 11:cee25a834751 2348 }
wolfSSL 11:cee25a834751 2349
wolfSSL 11:cee25a834751 2350
wolfSSL 11:cee25a834751 2351 void wolfSSL_SetMacEncryptCtx(WOLFSSL* ssl, void *ctx)
wolfSSL 11:cee25a834751 2352 {
wolfSSL 11:cee25a834751 2353 if (ssl)
wolfSSL 11:cee25a834751 2354 ssl->MacEncryptCtx = ctx;
wolfSSL 11:cee25a834751 2355 }
wolfSSL 11:cee25a834751 2356
wolfSSL 11:cee25a834751 2357
wolfSSL 11:cee25a834751 2358 void* wolfSSL_GetMacEncryptCtx(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 2359 {
wolfSSL 11:cee25a834751 2360 if (ssl)
wolfSSL 11:cee25a834751 2361 return ssl->MacEncryptCtx;
wolfSSL 11:cee25a834751 2362
wolfSSL 11:cee25a834751 2363 return NULL;
wolfSSL 11:cee25a834751 2364 }
wolfSSL 11:cee25a834751 2365
wolfSSL 11:cee25a834751 2366
wolfSSL 11:cee25a834751 2367 void wolfSSL_CTX_SetDecryptVerifyCb(WOLFSSL_CTX* ctx, CallbackDecryptVerify cb)
wolfSSL 11:cee25a834751 2368 {
wolfSSL 11:cee25a834751 2369 if (ctx)
wolfSSL 11:cee25a834751 2370 ctx->DecryptVerifyCb = cb;
wolfSSL 11:cee25a834751 2371 }
wolfSSL 11:cee25a834751 2372
wolfSSL 11:cee25a834751 2373
wolfSSL 11:cee25a834751 2374 void wolfSSL_SetDecryptVerifyCtx(WOLFSSL* ssl, void *ctx)
wolfSSL 11:cee25a834751 2375 {
wolfSSL 11:cee25a834751 2376 if (ssl)
wolfSSL 11:cee25a834751 2377 ssl->DecryptVerifyCtx = ctx;
wolfSSL 11:cee25a834751 2378 }
wolfSSL 11:cee25a834751 2379
wolfSSL 11:cee25a834751 2380
wolfSSL 11:cee25a834751 2381 void* wolfSSL_GetDecryptVerifyCtx(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 2382 {
wolfSSL 11:cee25a834751 2383 if (ssl)
wolfSSL 11:cee25a834751 2384 return ssl->DecryptVerifyCtx;
wolfSSL 11:cee25a834751 2385
wolfSSL 11:cee25a834751 2386 return NULL;
wolfSSL 11:cee25a834751 2387 }
wolfSSL 11:cee25a834751 2388
wolfSSL 11:cee25a834751 2389
wolfSSL 11:cee25a834751 2390 const byte* wolfSSL_GetClientWriteKey(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 2391 {
wolfSSL 11:cee25a834751 2392 if (ssl)
wolfSSL 11:cee25a834751 2393 return ssl->keys.client_write_key;
wolfSSL 11:cee25a834751 2394
wolfSSL 11:cee25a834751 2395 return NULL;
wolfSSL 11:cee25a834751 2396 }
wolfSSL 11:cee25a834751 2397
wolfSSL 11:cee25a834751 2398
wolfSSL 11:cee25a834751 2399 const byte* wolfSSL_GetClientWriteIV(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 2400 {
wolfSSL 11:cee25a834751 2401 if (ssl)
wolfSSL 11:cee25a834751 2402 return ssl->keys.client_write_IV;
wolfSSL 11:cee25a834751 2403
wolfSSL 11:cee25a834751 2404 return NULL;
wolfSSL 11:cee25a834751 2405 }
wolfSSL 11:cee25a834751 2406
wolfSSL 11:cee25a834751 2407
wolfSSL 11:cee25a834751 2408 const byte* wolfSSL_GetServerWriteKey(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 2409 {
wolfSSL 11:cee25a834751 2410 if (ssl)
wolfSSL 11:cee25a834751 2411 return ssl->keys.server_write_key;
wolfSSL 11:cee25a834751 2412
wolfSSL 11:cee25a834751 2413 return NULL;
wolfSSL 11:cee25a834751 2414 }
wolfSSL 11:cee25a834751 2415
wolfSSL 11:cee25a834751 2416
wolfSSL 11:cee25a834751 2417 const byte* wolfSSL_GetServerWriteIV(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 2418 {
wolfSSL 11:cee25a834751 2419 if (ssl)
wolfSSL 11:cee25a834751 2420 return ssl->keys.server_write_IV;
wolfSSL 11:cee25a834751 2421
wolfSSL 11:cee25a834751 2422 return NULL;
wolfSSL 11:cee25a834751 2423 }
wolfSSL 11:cee25a834751 2424
wolfSSL 11:cee25a834751 2425 int wolfSSL_GetKeySize(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 2426 {
wolfSSL 11:cee25a834751 2427 if (ssl)
wolfSSL 11:cee25a834751 2428 return ssl->specs.key_size;
wolfSSL 11:cee25a834751 2429
wolfSSL 11:cee25a834751 2430 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 2431 }
wolfSSL 11:cee25a834751 2432
wolfSSL 11:cee25a834751 2433
wolfSSL 11:cee25a834751 2434 int wolfSSL_GetIVSize(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 2435 {
wolfSSL 11:cee25a834751 2436 if (ssl)
wolfSSL 11:cee25a834751 2437 return ssl->specs.iv_size;
wolfSSL 11:cee25a834751 2438
wolfSSL 11:cee25a834751 2439 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 2440 }
wolfSSL 11:cee25a834751 2441
wolfSSL 11:cee25a834751 2442
wolfSSL 11:cee25a834751 2443 int wolfSSL_GetBulkCipher(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 2444 {
wolfSSL 11:cee25a834751 2445 if (ssl)
wolfSSL 11:cee25a834751 2446 return ssl->specs.bulk_cipher_algorithm;
wolfSSL 11:cee25a834751 2447
wolfSSL 11:cee25a834751 2448 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 2449 }
wolfSSL 11:cee25a834751 2450
wolfSSL 11:cee25a834751 2451
wolfSSL 11:cee25a834751 2452 int wolfSSL_GetCipherType(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 2453 {
wolfSSL 11:cee25a834751 2454 if (ssl == NULL)
wolfSSL 11:cee25a834751 2455 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 2456
wolfSSL 11:cee25a834751 2457 if (ssl->specs.cipher_type == block)
wolfSSL 11:cee25a834751 2458 return WOLFSSL_BLOCK_TYPE;
wolfSSL 11:cee25a834751 2459 if (ssl->specs.cipher_type == stream)
wolfSSL 11:cee25a834751 2460 return WOLFSSL_STREAM_TYPE;
wolfSSL 11:cee25a834751 2461 if (ssl->specs.cipher_type == aead)
wolfSSL 11:cee25a834751 2462 return WOLFSSL_AEAD_TYPE;
wolfSSL 11:cee25a834751 2463
wolfSSL 11:cee25a834751 2464 return -1;
wolfSSL 11:cee25a834751 2465 }
wolfSSL 11:cee25a834751 2466
wolfSSL 11:cee25a834751 2467
wolfSSL 11:cee25a834751 2468 int wolfSSL_GetCipherBlockSize(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 2469 {
wolfSSL 11:cee25a834751 2470 if (ssl == NULL)
wolfSSL 11:cee25a834751 2471 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 2472
wolfSSL 11:cee25a834751 2473 return ssl->specs.block_size;
wolfSSL 11:cee25a834751 2474 }
wolfSSL 11:cee25a834751 2475
wolfSSL 11:cee25a834751 2476
wolfSSL 11:cee25a834751 2477 int wolfSSL_GetAeadMacSize(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 2478 {
wolfSSL 11:cee25a834751 2479 if (ssl == NULL)
wolfSSL 11:cee25a834751 2480 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 2481
wolfSSL 11:cee25a834751 2482 return ssl->specs.aead_mac_size;
wolfSSL 11:cee25a834751 2483 }
wolfSSL 11:cee25a834751 2484
wolfSSL 11:cee25a834751 2485
wolfSSL 11:cee25a834751 2486 int wolfSSL_IsTLSv1_1(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 2487 {
wolfSSL 11:cee25a834751 2488 if (ssl == NULL)
wolfSSL 11:cee25a834751 2489 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 2490
wolfSSL 11:cee25a834751 2491 if (ssl->options.tls1_1)
wolfSSL 11:cee25a834751 2492 return 1;
wolfSSL 11:cee25a834751 2493
wolfSSL 11:cee25a834751 2494 return 0;
wolfSSL 11:cee25a834751 2495 }
wolfSSL 11:cee25a834751 2496
wolfSSL 11:cee25a834751 2497
wolfSSL 11:cee25a834751 2498 int wolfSSL_GetSide(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 2499 {
wolfSSL 11:cee25a834751 2500 if (ssl)
wolfSSL 11:cee25a834751 2501 return ssl->options.side;
wolfSSL 11:cee25a834751 2502
wolfSSL 11:cee25a834751 2503 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 2504 }
wolfSSL 11:cee25a834751 2505
wolfSSL 11:cee25a834751 2506
wolfSSL 11:cee25a834751 2507 int wolfSSL_GetHmacSize(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 2508 {
wolfSSL 11:cee25a834751 2509 /* AEAD ciphers don't have HMAC keys */
wolfSSL 11:cee25a834751 2510 if (ssl)
wolfSSL 11:cee25a834751 2511 return (ssl->specs.cipher_type != aead) ? ssl->specs.hash_size : 0;
wolfSSL 11:cee25a834751 2512
wolfSSL 11:cee25a834751 2513 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 2514 }
wolfSSL 11:cee25a834751 2515
wolfSSL 11:cee25a834751 2516 #endif /* ATOMIC_USER */
wolfSSL 11:cee25a834751 2517
wolfSSL 11:cee25a834751 2518 #ifndef NO_CERTS
wolfSSL 11:cee25a834751 2519 int AllocDer(DerBuffer** pDer, word32 length, int type, void* heap)
wolfSSL 11:cee25a834751 2520 {
wolfSSL 11:cee25a834751 2521 int ret = BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 2522 if (pDer) {
wolfSSL 11:cee25a834751 2523 int dynType = 0;
wolfSSL 11:cee25a834751 2524 DerBuffer* der;
wolfSSL 11:cee25a834751 2525
wolfSSL 11:cee25a834751 2526 /* Determine dynamic type */
wolfSSL 11:cee25a834751 2527 switch (type) {
wolfSSL 11:cee25a834751 2528 case CA_TYPE: dynType = DYNAMIC_TYPE_CA; break;
wolfSSL 11:cee25a834751 2529 case CERT_TYPE: dynType = DYNAMIC_TYPE_CERT; break;
wolfSSL 11:cee25a834751 2530 case CRL_TYPE: dynType = DYNAMIC_TYPE_CRL; break;
wolfSSL 11:cee25a834751 2531 case DSA_TYPE: dynType = DYNAMIC_TYPE_DSA; break;
wolfSSL 11:cee25a834751 2532 case ECC_TYPE: dynType = DYNAMIC_TYPE_ECC; break;
wolfSSL 11:cee25a834751 2533 case RSA_TYPE: dynType = DYNAMIC_TYPE_RSA; break;
wolfSSL 11:cee25a834751 2534 default: dynType = DYNAMIC_TYPE_KEY; break;
wolfSSL 11:cee25a834751 2535 }
wolfSSL 11:cee25a834751 2536
wolfSSL 11:cee25a834751 2537 /* Setup new buffer */
wolfSSL 11:cee25a834751 2538 *pDer = (DerBuffer*)XMALLOC(sizeof(DerBuffer) + length, heap, dynType);
wolfSSL 11:cee25a834751 2539 if (*pDer == NULL) {
wolfSSL 11:cee25a834751 2540 return MEMORY_ERROR;
wolfSSL 11:cee25a834751 2541 }
wolfSSL 11:cee25a834751 2542 XMEMSET(*pDer, 0, sizeof(DerBuffer) + length);
wolfSSL 11:cee25a834751 2543
wolfSSL 11:cee25a834751 2544 der = *pDer;
wolfSSL 11:cee25a834751 2545 der->type = type;
wolfSSL 11:cee25a834751 2546 der->dynType = dynType; /* Cache this for FreeDer */
wolfSSL 11:cee25a834751 2547 der->heap = heap;
wolfSSL 11:cee25a834751 2548 der->buffer = (byte*)der + sizeof(DerBuffer);
wolfSSL 11:cee25a834751 2549 der->length = length;
wolfSSL 11:cee25a834751 2550 ret = 0; /* Success */
wolfSSL 11:cee25a834751 2551 }
wolfSSL 11:cee25a834751 2552 return ret;
wolfSSL 11:cee25a834751 2553 }
wolfSSL 11:cee25a834751 2554
wolfSSL 11:cee25a834751 2555 void FreeDer(DerBuffer** pDer)
wolfSSL 11:cee25a834751 2556 {
wolfSSL 11:cee25a834751 2557 if (pDer && *pDer)
wolfSSL 11:cee25a834751 2558 {
wolfSSL 11:cee25a834751 2559 DerBuffer* der = (DerBuffer*)*pDer;
wolfSSL 11:cee25a834751 2560
wolfSSL 11:cee25a834751 2561 /* ForceZero private keys */
wolfSSL 11:cee25a834751 2562 if (der->type == PRIVATEKEY_TYPE) {
wolfSSL 11:cee25a834751 2563 ForceZero(der->buffer, der->length);
wolfSSL 11:cee25a834751 2564 }
wolfSSL 11:cee25a834751 2565 der->buffer = NULL;
wolfSSL 11:cee25a834751 2566 der->length = 0;
wolfSSL 11:cee25a834751 2567 XFREE(der, der->heap, der->dynType);
wolfSSL 11:cee25a834751 2568
wolfSSL 11:cee25a834751 2569 *pDer = NULL;
wolfSSL 11:cee25a834751 2570 }
wolfSSL 11:cee25a834751 2571 }
wolfSSL 11:cee25a834751 2572
wolfSSL 11:cee25a834751 2573
wolfSSL 11:cee25a834751 2574 WOLFSSL_CERT_MANAGER* wolfSSL_CertManagerNew_ex(void* heap)
wolfSSL 11:cee25a834751 2575 {
wolfSSL 11:cee25a834751 2576 WOLFSSL_CERT_MANAGER* cm = NULL;
wolfSSL 11:cee25a834751 2577
wolfSSL 11:cee25a834751 2578 WOLFSSL_ENTER("wolfSSL_CertManagerNew");
wolfSSL 11:cee25a834751 2579
wolfSSL 11:cee25a834751 2580 cm = (WOLFSSL_CERT_MANAGER*) XMALLOC(sizeof(WOLFSSL_CERT_MANAGER), heap,
wolfSSL 11:cee25a834751 2581 DYNAMIC_TYPE_CERT_MANAGER);
wolfSSL 11:cee25a834751 2582 if (cm) {
wolfSSL 11:cee25a834751 2583 XMEMSET(cm, 0, sizeof(WOLFSSL_CERT_MANAGER));
wolfSSL 11:cee25a834751 2584
wolfSSL 11:cee25a834751 2585 if (wc_InitMutex(&cm->caLock) != 0) {
wolfSSL 11:cee25a834751 2586 WOLFSSL_MSG("Bad mutex init");
wolfSSL 11:cee25a834751 2587 wolfSSL_CertManagerFree(cm);
wolfSSL 11:cee25a834751 2588 return NULL;
wolfSSL 11:cee25a834751 2589 }
wolfSSL 11:cee25a834751 2590
wolfSSL 11:cee25a834751 2591 #ifdef WOLFSSL_TRUST_PEER_CERT
wolfSSL 11:cee25a834751 2592 if (wc_InitMutex(&cm->tpLock) != 0) {
wolfSSL 11:cee25a834751 2593 WOLFSSL_MSG("Bad mutex init");
wolfSSL 11:cee25a834751 2594 wolfSSL_CertManagerFree(cm);
wolfSSL 11:cee25a834751 2595 return NULL;
wolfSSL 11:cee25a834751 2596 }
wolfSSL 11:cee25a834751 2597 #endif
wolfSSL 11:cee25a834751 2598
wolfSSL 11:cee25a834751 2599 /* set default minimum key size allowed */
wolfSSL 11:cee25a834751 2600 #ifndef NO_RSA
wolfSSL 11:cee25a834751 2601 cm->minRsaKeySz = MIN_RSAKEY_SZ;
wolfSSL 11:cee25a834751 2602 #endif
wolfSSL 11:cee25a834751 2603 #ifdef HAVE_ECC
wolfSSL 11:cee25a834751 2604 cm->minEccKeySz = MIN_ECCKEY_SZ;
wolfSSL 11:cee25a834751 2605 #endif
wolfSSL 11:cee25a834751 2606 cm->heap = heap;
wolfSSL 11:cee25a834751 2607 }
wolfSSL 11:cee25a834751 2608
wolfSSL 11:cee25a834751 2609 return cm;
wolfSSL 11:cee25a834751 2610 }
wolfSSL 11:cee25a834751 2611
wolfSSL 11:cee25a834751 2612
wolfSSL 11:cee25a834751 2613 WOLFSSL_CERT_MANAGER* wolfSSL_CertManagerNew(void)
wolfSSL 11:cee25a834751 2614 {
wolfSSL 11:cee25a834751 2615 return wolfSSL_CertManagerNew_ex(NULL);
wolfSSL 11:cee25a834751 2616 }
wolfSSL 11:cee25a834751 2617
wolfSSL 11:cee25a834751 2618
wolfSSL 11:cee25a834751 2619 void wolfSSL_CertManagerFree(WOLFSSL_CERT_MANAGER* cm)
wolfSSL 11:cee25a834751 2620 {
wolfSSL 11:cee25a834751 2621 WOLFSSL_ENTER("wolfSSL_CertManagerFree");
wolfSSL 11:cee25a834751 2622
wolfSSL 11:cee25a834751 2623 if (cm) {
wolfSSL 11:cee25a834751 2624 #ifdef HAVE_CRL
wolfSSL 11:cee25a834751 2625 if (cm->crl)
wolfSSL 11:cee25a834751 2626 FreeCRL(cm->crl, 1);
wolfSSL 11:cee25a834751 2627 #endif
wolfSSL 11:cee25a834751 2628 #ifdef HAVE_OCSP
wolfSSL 11:cee25a834751 2629 if (cm->ocsp)
wolfSSL 11:cee25a834751 2630 FreeOCSP(cm->ocsp, 1);
wolfSSL 11:cee25a834751 2631 XFREE(cm->ocspOverrideURL, cm->heap, DYNAMIC_TYPE_URL);
wolfSSL 11:cee25a834751 2632 #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
wolfSSL 11:cee25a834751 2633 || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) \
wolfSSL 11:cee25a834751 2634 || defined(WOLFSSL_HAPROXY)
wolfSSL 11:cee25a834751 2635 if (cm->ocsp_stapling)
wolfSSL 11:cee25a834751 2636 FreeOCSP(cm->ocsp_stapling, 1);
wolfSSL 11:cee25a834751 2637 #endif
wolfSSL 11:cee25a834751 2638 #endif
wolfSSL 11:cee25a834751 2639 FreeSignerTable(cm->caTable, CA_TABLE_SIZE, cm->heap);
wolfSSL 11:cee25a834751 2640 wc_FreeMutex(&cm->caLock);
wolfSSL 11:cee25a834751 2641
wolfSSL 11:cee25a834751 2642 #ifdef WOLFSSL_TRUST_PEER_CERT
wolfSSL 11:cee25a834751 2643 FreeTrustedPeerTable(cm->tpTable, TP_TABLE_SIZE, cm->heap);
wolfSSL 11:cee25a834751 2644 wc_FreeMutex(&cm->tpLock);
wolfSSL 11:cee25a834751 2645 #endif
wolfSSL 11:cee25a834751 2646
wolfSSL 11:cee25a834751 2647 XFREE(cm, cm->heap, DYNAMIC_TYPE_CERT_MANAGER);
wolfSSL 11:cee25a834751 2648 }
wolfSSL 11:cee25a834751 2649
wolfSSL 11:cee25a834751 2650 }
wolfSSL 11:cee25a834751 2651
wolfSSL 11:cee25a834751 2652
wolfSSL 11:cee25a834751 2653 /* Unload the CA signer list */
wolfSSL 11:cee25a834751 2654 int wolfSSL_CertManagerUnloadCAs(WOLFSSL_CERT_MANAGER* cm)
wolfSSL 11:cee25a834751 2655 {
wolfSSL 11:cee25a834751 2656 WOLFSSL_ENTER("wolfSSL_CertManagerUnloadCAs");
wolfSSL 11:cee25a834751 2657
wolfSSL 11:cee25a834751 2658 if (cm == NULL)
wolfSSL 11:cee25a834751 2659 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 2660
wolfSSL 11:cee25a834751 2661 if (wc_LockMutex(&cm->caLock) != 0)
wolfSSL 11:cee25a834751 2662 return BAD_MUTEX_E;
wolfSSL 11:cee25a834751 2663
wolfSSL 11:cee25a834751 2664 FreeSignerTable(cm->caTable, CA_TABLE_SIZE, NULL);
wolfSSL 11:cee25a834751 2665
wolfSSL 11:cee25a834751 2666 wc_UnLockMutex(&cm->caLock);
wolfSSL 11:cee25a834751 2667
wolfSSL 11:cee25a834751 2668
wolfSSL 11:cee25a834751 2669 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 2670 }
wolfSSL 11:cee25a834751 2671
wolfSSL 11:cee25a834751 2672
wolfSSL 11:cee25a834751 2673 #ifdef WOLFSSL_TRUST_PEER_CERT
wolfSSL 11:cee25a834751 2674 int wolfSSL_CertManagerUnload_trust_peers(WOLFSSL_CERT_MANAGER* cm)
wolfSSL 11:cee25a834751 2675 {
wolfSSL 11:cee25a834751 2676 WOLFSSL_ENTER("wolfSSL_CertManagerUnload_trust_peers");
wolfSSL 11:cee25a834751 2677
wolfSSL 11:cee25a834751 2678 if (cm == NULL)
wolfSSL 11:cee25a834751 2679 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 2680
wolfSSL 11:cee25a834751 2681 if (wc_LockMutex(&cm->tpLock) != 0)
wolfSSL 11:cee25a834751 2682 return BAD_MUTEX_E;
wolfSSL 11:cee25a834751 2683
wolfSSL 11:cee25a834751 2684 FreeTrustedPeerTable(cm->tpTable, TP_TABLE_SIZE, NULL);
wolfSSL 11:cee25a834751 2685
wolfSSL 11:cee25a834751 2686 wc_UnLockMutex(&cm->tpLock);
wolfSSL 11:cee25a834751 2687
wolfSSL 11:cee25a834751 2688
wolfSSL 11:cee25a834751 2689 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 2690 }
wolfSSL 11:cee25a834751 2691 #endif /* WOLFSSL_TRUST_PEER_CERT */
wolfSSL 11:cee25a834751 2692
wolfSSL 11:cee25a834751 2693
wolfSSL 11:cee25a834751 2694 /* Return bytes written to buff or < 0 for error */
wolfSSL 11:cee25a834751 2695 int wolfSSL_CertPemToDer(const unsigned char* pem, int pemSz,
wolfSSL 11:cee25a834751 2696 unsigned char* buff, int buffSz, int type)
wolfSSL 11:cee25a834751 2697 {
wolfSSL 11:cee25a834751 2698 int eccKey = 0;
wolfSSL 11:cee25a834751 2699 int ret;
wolfSSL 11:cee25a834751 2700 DerBuffer* der = NULL;
wolfSSL 11:cee25a834751 2701 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 2702 EncryptedInfo* info = NULL;
wolfSSL 11:cee25a834751 2703 #else
wolfSSL 11:cee25a834751 2704 EncryptedInfo info[1];
wolfSSL 11:cee25a834751 2705 #endif
wolfSSL 11:cee25a834751 2706
wolfSSL 11:cee25a834751 2707 WOLFSSL_ENTER("wolfSSL_CertPemToDer");
wolfSSL 11:cee25a834751 2708
wolfSSL 11:cee25a834751 2709 if (pem == NULL || buff == NULL || buffSz <= 0) {
wolfSSL 11:cee25a834751 2710 WOLFSSL_MSG("Bad pem der args");
wolfSSL 11:cee25a834751 2711 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 2712 }
wolfSSL 11:cee25a834751 2713
wolfSSL 11:cee25a834751 2714 if (type != CERT_TYPE && type != CA_TYPE && type != CERTREQ_TYPE) {
wolfSSL 11:cee25a834751 2715 WOLFSSL_MSG("Bad cert type");
wolfSSL 11:cee25a834751 2716 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 2717 }
wolfSSL 11:cee25a834751 2718
wolfSSL 11:cee25a834751 2719 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 2720 info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), NULL,
wolfSSL 11:cee25a834751 2721 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 2722 if (info == NULL)
wolfSSL 11:cee25a834751 2723 return MEMORY_E;
wolfSSL 11:cee25a834751 2724 #endif
wolfSSL 11:cee25a834751 2725
wolfSSL 11:cee25a834751 2726 info->set = 0;
wolfSSL 11:cee25a834751 2727 info->ctx = NULL;
wolfSSL 11:cee25a834751 2728 info->consumed = 0;
wolfSSL 11:cee25a834751 2729
wolfSSL 11:cee25a834751 2730 ret = PemToDer(pem, pemSz, type, &der, NULL, info, &eccKey);
wolfSSL 11:cee25a834751 2731
wolfSSL 11:cee25a834751 2732 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 2733 XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 2734 #endif
wolfSSL 11:cee25a834751 2735
wolfSSL 11:cee25a834751 2736 if (ret < 0) {
wolfSSL 11:cee25a834751 2737 WOLFSSL_MSG("Bad Pem To Der");
wolfSSL 11:cee25a834751 2738 }
wolfSSL 11:cee25a834751 2739 else {
wolfSSL 11:cee25a834751 2740 if (der->length <= (word32)buffSz) {
wolfSSL 11:cee25a834751 2741 XMEMCPY(buff, der->buffer, der->length);
wolfSSL 11:cee25a834751 2742 ret = der->length;
wolfSSL 11:cee25a834751 2743 }
wolfSSL 11:cee25a834751 2744 else {
wolfSSL 11:cee25a834751 2745 WOLFSSL_MSG("Bad der length");
wolfSSL 11:cee25a834751 2746 ret = BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 2747 }
wolfSSL 11:cee25a834751 2748 }
wolfSSL 11:cee25a834751 2749
wolfSSL 11:cee25a834751 2750 FreeDer(&der);
wolfSSL 11:cee25a834751 2751 return ret;
wolfSSL 11:cee25a834751 2752 }
wolfSSL 11:cee25a834751 2753
wolfSSL 11:cee25a834751 2754 #endif /* NO_CERTS */
wolfSSL 11:cee25a834751 2755
wolfSSL 11:cee25a834751 2756 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
wolfSSL 11:cee25a834751 2757
wolfSSL 11:cee25a834751 2758 static struct cipher{
wolfSSL 11:cee25a834751 2759 unsigned char type;
wolfSSL 11:cee25a834751 2760 const char *name;
wolfSSL 11:cee25a834751 2761 } cipher_tbl[] = {
wolfSSL 11:cee25a834751 2762
wolfSSL 11:cee25a834751 2763 #ifndef NO_AES
wolfSSL 11:cee25a834751 2764 {AES_128_CBC_TYPE, "AES-128-CBC"},
wolfSSL 11:cee25a834751 2765 {AES_192_CBC_TYPE, "AES-192-CBC"},
wolfSSL 11:cee25a834751 2766 {AES_256_CBC_TYPE, "AES-256-CBC"},
wolfSSL 11:cee25a834751 2767 #if defined(OPENSSL_EXTRA)
wolfSSL 11:cee25a834751 2768 {AES_128_CTR_TYPE, "AES-128-CTR"},
wolfSSL 11:cee25a834751 2769 {AES_192_CTR_TYPE, "AES-192-CTR"},
wolfSSL 11:cee25a834751 2770 {AES_256_CTR_TYPE, "AES-256-CTR"},
wolfSSL 11:cee25a834751 2771
wolfSSL 11:cee25a834751 2772 {AES_128_ECB_TYPE, "AES-128-ECB"},
wolfSSL 11:cee25a834751 2773 {AES_192_ECB_TYPE, "AES-192-ECB"},
wolfSSL 11:cee25a834751 2774 {AES_256_ECB_TYPE, "AES-256-ECB"},
wolfSSL 11:cee25a834751 2775 #endif
wolfSSL 11:cee25a834751 2776
wolfSSL 11:cee25a834751 2777 #endif
wolfSSL 11:cee25a834751 2778
wolfSSL 11:cee25a834751 2779 #ifndef NO_DES3
wolfSSL 11:cee25a834751 2780 {DES_CBC_TYPE, "DES-CBC"},
wolfSSL 11:cee25a834751 2781 {DES_ECB_TYPE, "DES-ECB"},
wolfSSL 11:cee25a834751 2782
wolfSSL 11:cee25a834751 2783 {DES_EDE3_CBC_TYPE, "DES-EDE3-CBC"},
wolfSSL 11:cee25a834751 2784 {DES_EDE3_ECB_TYPE, "DES-EDE3-ECB"},
wolfSSL 11:cee25a834751 2785 #endif
wolfSSL 11:cee25a834751 2786
wolfSSL 11:cee25a834751 2787 #ifdef HAVE_IDEA
wolfSSL 11:cee25a834751 2788 {IDEA_CBC_TYPE, "IDEA-CBC"},
wolfSSL 11:cee25a834751 2789 #endif
wolfSSL 11:cee25a834751 2790 { 0, NULL}
wolfSSL 11:cee25a834751 2791 } ;
wolfSSL 11:cee25a834751 2792
wolfSSL 11:cee25a834751 2793 const WOLFSSL_EVP_CIPHER *wolfSSL_EVP_get_cipherbyname(const char *name)
wolfSSL 11:cee25a834751 2794 {
wolfSSL 11:cee25a834751 2795
wolfSSL 11:cee25a834751 2796 static const struct alias {
wolfSSL 11:cee25a834751 2797 const char *name;
wolfSSL 11:cee25a834751 2798 const char *alias;
wolfSSL 11:cee25a834751 2799 } alias_tbl[] =
wolfSSL 11:cee25a834751 2800 {
wolfSSL 11:cee25a834751 2801 {"DES-CBC", "DES"},
wolfSSL 11:cee25a834751 2802 {"DES-CBC", "des"},
wolfSSL 11:cee25a834751 2803 {"DES-EDE3-CBC", "DES3"},
wolfSSL 11:cee25a834751 2804 {"DES-EDE3-CBC", "des3"},
wolfSSL 11:cee25a834751 2805 {"DES-EDE3-ECB", "des-ede3-ecb"},
wolfSSL 11:cee25a834751 2806 {"IDEA-CBC", "IDEA"},
wolfSSL 11:cee25a834751 2807 {"IDEA-CBC", "idea"},
wolfSSL 11:cee25a834751 2808 {"AES-128-CBC", "AES128"},
wolfSSL 11:cee25a834751 2809 {"AES-128-CBC", "aes128"},
wolfSSL 11:cee25a834751 2810 {"AES-192-CBC", "AES192"},
wolfSSL 11:cee25a834751 2811 {"AES-192-CBC", "aes192"},
wolfSSL 11:cee25a834751 2812 {"AES-256-CBC", "AES256"},
wolfSSL 11:cee25a834751 2813 {"AES-256-CBC", "aes256"},
wolfSSL 11:cee25a834751 2814 { NULL, NULL}
wolfSSL 11:cee25a834751 2815 };
wolfSSL 11:cee25a834751 2816
wolfSSL 11:cee25a834751 2817 const struct cipher *ent ;
wolfSSL 11:cee25a834751 2818 const struct alias *al ;
wolfSSL 11:cee25a834751 2819
wolfSSL 11:cee25a834751 2820 WOLFSSL_ENTER("EVP_get_cipherbyname");
wolfSSL 11:cee25a834751 2821
wolfSSL 11:cee25a834751 2822 for( al = alias_tbl; al->name != NULL; al++)
wolfSSL 11:cee25a834751 2823 if(XSTRNCMP(name, al->alias, XSTRLEN(al->alias)+1) == 0) {
wolfSSL 11:cee25a834751 2824 name = al->name;
wolfSSL 11:cee25a834751 2825 break;
wolfSSL 11:cee25a834751 2826 }
wolfSSL 11:cee25a834751 2827
wolfSSL 11:cee25a834751 2828 for( ent = cipher_tbl; ent->name != NULL; ent++)
wolfSSL 11:cee25a834751 2829 if(XSTRNCMP(name, ent->name, XSTRLEN(ent->name)+1) == 0) {
wolfSSL 11:cee25a834751 2830 return (WOLFSSL_EVP_CIPHER *)ent->name;
wolfSSL 11:cee25a834751 2831 }
wolfSSL 11:cee25a834751 2832
wolfSSL 11:cee25a834751 2833 return NULL;
wolfSSL 11:cee25a834751 2834 }
wolfSSL 11:cee25a834751 2835
wolfSSL 11:cee25a834751 2836
wolfSSL 11:cee25a834751 2837 #ifndef NO_AES
wolfSSL 11:cee25a834751 2838 static char *EVP_AES_128_CBC;
wolfSSL 11:cee25a834751 2839 static char *EVP_AES_192_CBC;
wolfSSL 11:cee25a834751 2840 static char *EVP_AES_256_CBC;
wolfSSL 11:cee25a834751 2841 #if defined(OPENSSL_EXTRA)
wolfSSL 11:cee25a834751 2842 static char *EVP_AES_128_CTR;
wolfSSL 11:cee25a834751 2843 static char *EVP_AES_192_CTR;
wolfSSL 11:cee25a834751 2844 static char *EVP_AES_256_CTR;
wolfSSL 11:cee25a834751 2845
wolfSSL 11:cee25a834751 2846 static char *EVP_AES_128_ECB;
wolfSSL 11:cee25a834751 2847 static char *EVP_AES_192_ECB;
wolfSSL 11:cee25a834751 2848 static char *EVP_AES_256_ECB;
wolfSSL 11:cee25a834751 2849 #endif
wolfSSL 11:cee25a834751 2850 static const int EVP_AES_SIZE = 11;
wolfSSL 11:cee25a834751 2851 #endif
wolfSSL 11:cee25a834751 2852
wolfSSL 11:cee25a834751 2853 #ifndef NO_DES3
wolfSSL 11:cee25a834751 2854 static char *EVP_DES_CBC;
wolfSSL 11:cee25a834751 2855 static char *EVP_DES_ECB;
wolfSSL 11:cee25a834751 2856 static const int EVP_DES_SIZE = 7;
wolfSSL 11:cee25a834751 2857
wolfSSL 11:cee25a834751 2858 static char *EVP_DES_EDE3_CBC;
wolfSSL 11:cee25a834751 2859 static char *EVP_DES_EDE3_ECB;
wolfSSL 11:cee25a834751 2860 static const int EVP_DES_EDE3_SIZE = 12;
wolfSSL 11:cee25a834751 2861 #endif
wolfSSL 11:cee25a834751 2862
wolfSSL 11:cee25a834751 2863 #ifdef HAVE_IDEA
wolfSSL 11:cee25a834751 2864 static char *EVP_IDEA_CBC;
wolfSSL 11:cee25a834751 2865 static const int EVP_IDEA_SIZE = 8;
wolfSSL 11:cee25a834751 2866 #endif
wolfSSL 11:cee25a834751 2867
wolfSSL 11:cee25a834751 2868 void wolfSSL_EVP_init(void)
wolfSSL 11:cee25a834751 2869 {
wolfSSL 11:cee25a834751 2870 #ifndef NO_AES
wolfSSL 11:cee25a834751 2871 EVP_AES_128_CBC = (char *)EVP_get_cipherbyname("AES-128-CBC");
wolfSSL 11:cee25a834751 2872 EVP_AES_192_CBC = (char *)EVP_get_cipherbyname("AES-192-CBC");
wolfSSL 11:cee25a834751 2873 EVP_AES_256_CBC = (char *)EVP_get_cipherbyname("AES-256-CBC");
wolfSSL 11:cee25a834751 2874
wolfSSL 11:cee25a834751 2875 #if defined(OPENSSL_EXTRA)
wolfSSL 11:cee25a834751 2876 EVP_AES_128_CTR = (char *)EVP_get_cipherbyname("AES-128-CTR");
wolfSSL 11:cee25a834751 2877 EVP_AES_192_CTR = (char *)EVP_get_cipherbyname("AES-192-CTR");
wolfSSL 11:cee25a834751 2878 EVP_AES_256_CTR = (char *)EVP_get_cipherbyname("AES-256-CTR");
wolfSSL 11:cee25a834751 2879
wolfSSL 11:cee25a834751 2880 EVP_AES_128_ECB = (char *)EVP_get_cipherbyname("AES-128-ECB");
wolfSSL 11:cee25a834751 2881 EVP_AES_192_ECB = (char *)EVP_get_cipherbyname("AES-192-ECB");
wolfSSL 11:cee25a834751 2882 EVP_AES_256_ECB = (char *)EVP_get_cipherbyname("AES-256-ECB");
wolfSSL 11:cee25a834751 2883 #endif
wolfSSL 11:cee25a834751 2884 #endif
wolfSSL 11:cee25a834751 2885
wolfSSL 11:cee25a834751 2886 #ifndef NO_DES3
wolfSSL 11:cee25a834751 2887 EVP_DES_CBC = (char *)EVP_get_cipherbyname("DES-CBC");
wolfSSL 11:cee25a834751 2888 EVP_DES_ECB = (char *)EVP_get_cipherbyname("DES-ECB");
wolfSSL 11:cee25a834751 2889
wolfSSL 11:cee25a834751 2890 EVP_DES_EDE3_CBC = (char *)EVP_get_cipherbyname("DES-EDE3-CBC");
wolfSSL 11:cee25a834751 2891 EVP_DES_EDE3_ECB = (char *)EVP_get_cipherbyname("DES-EDE3-ECB");
wolfSSL 11:cee25a834751 2892 #endif
wolfSSL 11:cee25a834751 2893
wolfSSL 11:cee25a834751 2894 #ifdef HAVE_IDEA
wolfSSL 11:cee25a834751 2895 EVP_IDEA_CBC = (char *)EVP_get_cipherbyname("IDEA-CBC");
wolfSSL 11:cee25a834751 2896 #endif
wolfSSL 11:cee25a834751 2897 }
wolfSSL 11:cee25a834751 2898
wolfSSL 11:cee25a834751 2899 /* our KeyPemToDer password callback, password in userData */
wolfSSL 11:cee25a834751 2900 static INLINE int OurPasswordCb(char* passwd, int sz, int rw, void* userdata)
wolfSSL 11:cee25a834751 2901 {
wolfSSL 11:cee25a834751 2902 (void)rw;
wolfSSL 11:cee25a834751 2903
wolfSSL 11:cee25a834751 2904 if (userdata == NULL)
wolfSSL 11:cee25a834751 2905 return 0;
wolfSSL 11:cee25a834751 2906
wolfSSL 11:cee25a834751 2907 XSTRNCPY(passwd, (char*)userdata, sz);
wolfSSL 11:cee25a834751 2908 return min((word32)sz, (word32)XSTRLEN((char*)userdata));
wolfSSL 11:cee25a834751 2909 }
wolfSSL 11:cee25a834751 2910
wolfSSL 11:cee25a834751 2911 #endif /* OPENSSL_EXTRA || HAVE_WEBSERVER */
wolfSSL 11:cee25a834751 2912
wolfSSL 11:cee25a834751 2913 #ifndef NO_CERTS
wolfSSL 11:cee25a834751 2914
wolfSSL 11:cee25a834751 2915 /* Return bytes written to buff or < 0 for error */
wolfSSL 11:cee25a834751 2916 int wolfSSL_KeyPemToDer(const unsigned char* pem, int pemSz,
wolfSSL 11:cee25a834751 2917 unsigned char* buff, int buffSz, const char* pass)
wolfSSL 11:cee25a834751 2918 {
wolfSSL 11:cee25a834751 2919 int eccKey = 0;
wolfSSL 11:cee25a834751 2920 int ret;
wolfSSL 11:cee25a834751 2921 DerBuffer* der = NULL;
wolfSSL 11:cee25a834751 2922 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 2923 EncryptedInfo* info = NULL;
wolfSSL 11:cee25a834751 2924 #else
wolfSSL 11:cee25a834751 2925 EncryptedInfo info[1];
wolfSSL 11:cee25a834751 2926 #endif
wolfSSL 11:cee25a834751 2927
wolfSSL 11:cee25a834751 2928 WOLFSSL_ENTER("wolfSSL_KeyPemToDer");
wolfSSL 11:cee25a834751 2929
wolfSSL 11:cee25a834751 2930 if (pem == NULL || buff == NULL || buffSz <= 0) {
wolfSSL 11:cee25a834751 2931 WOLFSSL_MSG("Bad pem der args");
wolfSSL 11:cee25a834751 2932 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 2933 }
wolfSSL 11:cee25a834751 2934
wolfSSL 11:cee25a834751 2935 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 2936 info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), NULL,
wolfSSL 11:cee25a834751 2937 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 2938 if (info == NULL)
wolfSSL 11:cee25a834751 2939 return MEMORY_E;
wolfSSL 11:cee25a834751 2940 #endif
wolfSSL 11:cee25a834751 2941
wolfSSL 11:cee25a834751 2942 info->set = 0;
wolfSSL 11:cee25a834751 2943 info->ctx = NULL;
wolfSSL 11:cee25a834751 2944 info->consumed = 0;
wolfSSL 11:cee25a834751 2945
wolfSSL 11:cee25a834751 2946 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
wolfSSL 11:cee25a834751 2947 if (pass) {
wolfSSL 11:cee25a834751 2948 info->ctx = wolfSSL_CTX_new(wolfSSLv23_client_method());
wolfSSL 11:cee25a834751 2949 if (info->ctx == NULL) {
wolfSSL 11:cee25a834751 2950 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 2951 XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 2952 #endif
wolfSSL 11:cee25a834751 2953 return MEMORY_E;
wolfSSL 11:cee25a834751 2954 }
wolfSSL 11:cee25a834751 2955
wolfSSL 11:cee25a834751 2956 wolfSSL_CTX_set_default_passwd_cb(info->ctx, OurPasswordCb);
wolfSSL 11:cee25a834751 2957 wolfSSL_CTX_set_default_passwd_cb_userdata(info->ctx, (void*)pass);
wolfSSL 11:cee25a834751 2958 }
wolfSSL 11:cee25a834751 2959 #else
wolfSSL 11:cee25a834751 2960 (void)pass;
wolfSSL 11:cee25a834751 2961 #endif
wolfSSL 11:cee25a834751 2962
wolfSSL 11:cee25a834751 2963 ret = PemToDer(pem, pemSz, PRIVATEKEY_TYPE, &der, NULL, info, &eccKey);
wolfSSL 11:cee25a834751 2964
wolfSSL 11:cee25a834751 2965 if (info->ctx)
wolfSSL 11:cee25a834751 2966 wolfSSL_CTX_free(info->ctx);
wolfSSL 11:cee25a834751 2967
wolfSSL 11:cee25a834751 2968 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 2969 XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 2970 #endif
wolfSSL 11:cee25a834751 2971
wolfSSL 11:cee25a834751 2972 if (ret < 0) {
wolfSSL 11:cee25a834751 2973 WOLFSSL_MSG("Bad Pem To Der");
wolfSSL 11:cee25a834751 2974 }
wolfSSL 11:cee25a834751 2975 else {
wolfSSL 11:cee25a834751 2976 if (der->length <= (word32)buffSz) {
wolfSSL 11:cee25a834751 2977 XMEMCPY(buff, der->buffer, der->length);
wolfSSL 11:cee25a834751 2978 ret = der->length;
wolfSSL 11:cee25a834751 2979 }
wolfSSL 11:cee25a834751 2980 else {
wolfSSL 11:cee25a834751 2981 WOLFSSL_MSG("Bad der length");
wolfSSL 11:cee25a834751 2982 ret = BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 2983 }
wolfSSL 11:cee25a834751 2984 }
wolfSSL 11:cee25a834751 2985
wolfSSL 11:cee25a834751 2986 FreeDer(&der);
wolfSSL 11:cee25a834751 2987 return ret;
wolfSSL 11:cee25a834751 2988 }
wolfSSL 11:cee25a834751 2989
wolfSSL 11:cee25a834751 2990 #endif /* !NO_CERTS */
wolfSSL 11:cee25a834751 2991
wolfSSL 11:cee25a834751 2992
wolfSSL 11:cee25a834751 2993
wolfSSL 11:cee25a834751 2994 #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
wolfSSL 11:cee25a834751 2995
wolfSSL 11:cee25a834751 2996 void wolfSSL_ERR_print_errors_fp(FILE* fp, int err)
wolfSSL 11:cee25a834751 2997 {
wolfSSL 11:cee25a834751 2998 char data[WOLFSSL_MAX_ERROR_SZ + 1];
wolfSSL 11:cee25a834751 2999
wolfSSL 11:cee25a834751 3000 WOLFSSL_ENTER("wolfSSL_ERR_print_errors_fp");
wolfSSL 11:cee25a834751 3001 SetErrorString(err, data);
wolfSSL 11:cee25a834751 3002 fprintf(fp, "%s", data);
wolfSSL 11:cee25a834751 3003 }
wolfSSL 11:cee25a834751 3004
wolfSSL 11:cee25a834751 3005 #if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)
wolfSSL 11:cee25a834751 3006 void wolfSSL_ERR_dump_errors_fp(FILE* fp)
wolfSSL 11:cee25a834751 3007 {
wolfSSL 11:cee25a834751 3008 wc_ERR_print_errors_fp(fp);
wolfSSL 11:cee25a834751 3009 }
wolfSSL 11:cee25a834751 3010 #endif
wolfSSL 11:cee25a834751 3011 #endif
wolfSSL 11:cee25a834751 3012
wolfSSL 11:cee25a834751 3013
wolfSSL 11:cee25a834751 3014 int wolfSSL_pending(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 3015 {
wolfSSL 11:cee25a834751 3016 WOLFSSL_ENTER("SSL_pending");
wolfSSL 11:cee25a834751 3017 return ssl->buffers.clearOutputBuffer.length;
wolfSSL 11:cee25a834751 3018 }
wolfSSL 11:cee25a834751 3019
wolfSSL 11:cee25a834751 3020
wolfSSL 11:cee25a834751 3021 #ifndef WOLFSSL_LEANPSK
wolfSSL 11:cee25a834751 3022 /* turn on handshake group messages for context */
wolfSSL 11:cee25a834751 3023 int wolfSSL_CTX_set_group_messages(WOLFSSL_CTX* ctx)
wolfSSL 11:cee25a834751 3024 {
wolfSSL 11:cee25a834751 3025 if (ctx == NULL)
wolfSSL 11:cee25a834751 3026 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 3027
wolfSSL 11:cee25a834751 3028 ctx->groupMessages = 1;
wolfSSL 11:cee25a834751 3029
wolfSSL 11:cee25a834751 3030 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 3031 }
wolfSSL 11:cee25a834751 3032 #endif
wolfSSL 11:cee25a834751 3033
wolfSSL 11:cee25a834751 3034
wolfSSL 11:cee25a834751 3035 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 11:cee25a834751 3036 /* connect enough to get peer cert chain */
wolfSSL 11:cee25a834751 3037 int wolfSSL_connect_cert(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 3038 {
wolfSSL 11:cee25a834751 3039 int ret;
wolfSSL 11:cee25a834751 3040
wolfSSL 11:cee25a834751 3041 if (ssl == NULL)
wolfSSL 11:cee25a834751 3042 return SSL_FAILURE;
wolfSSL 11:cee25a834751 3043
wolfSSL 11:cee25a834751 3044 ssl->options.certOnly = 1;
wolfSSL 11:cee25a834751 3045 ret = wolfSSL_connect(ssl);
wolfSSL 11:cee25a834751 3046 ssl->options.certOnly = 0;
wolfSSL 11:cee25a834751 3047
wolfSSL 11:cee25a834751 3048 return ret;
wolfSSL 11:cee25a834751 3049 }
wolfSSL 11:cee25a834751 3050 #endif
wolfSSL 11:cee25a834751 3051
wolfSSL 11:cee25a834751 3052
wolfSSL 11:cee25a834751 3053 #ifndef WOLFSSL_LEANPSK
wolfSSL 11:cee25a834751 3054 /* turn on handshake group messages for ssl object */
wolfSSL 11:cee25a834751 3055 int wolfSSL_set_group_messages(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 3056 {
wolfSSL 11:cee25a834751 3057 if (ssl == NULL)
wolfSSL 11:cee25a834751 3058 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 3059
wolfSSL 11:cee25a834751 3060 ssl->options.groupMessages = 1;
wolfSSL 11:cee25a834751 3061
wolfSSL 11:cee25a834751 3062 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 3063 }
wolfSSL 11:cee25a834751 3064
wolfSSL 11:cee25a834751 3065
wolfSSL 11:cee25a834751 3066 /* make minVersion the internal equivalent SSL version */
wolfSSL 11:cee25a834751 3067 static int SetMinVersionHelper(byte* minVersion, int version)
wolfSSL 11:cee25a834751 3068 {
wolfSSL 11:cee25a834751 3069 #ifdef NO_TLS
wolfSSL 11:cee25a834751 3070 (void)minVersion;
wolfSSL 11:cee25a834751 3071 #endif
wolfSSL 11:cee25a834751 3072
wolfSSL 11:cee25a834751 3073 switch (version) {
wolfSSL 11:cee25a834751 3074 #if defined(WOLFSSL_ALLOW_SSLV3) && !defined(NO_OLD_TLS)
wolfSSL 11:cee25a834751 3075 case WOLFSSL_SSLV3:
wolfSSL 11:cee25a834751 3076 *minVersion = SSLv3_MINOR;
wolfSSL 11:cee25a834751 3077 break;
wolfSSL 11:cee25a834751 3078 #endif
wolfSSL 11:cee25a834751 3079
wolfSSL 11:cee25a834751 3080 #ifndef NO_TLS
wolfSSL 11:cee25a834751 3081 #ifndef NO_OLD_TLS
wolfSSL 11:cee25a834751 3082 case WOLFSSL_TLSV1:
wolfSSL 11:cee25a834751 3083 *minVersion = TLSv1_MINOR;
wolfSSL 11:cee25a834751 3084 break;
wolfSSL 11:cee25a834751 3085
wolfSSL 11:cee25a834751 3086 case WOLFSSL_TLSV1_1:
wolfSSL 11:cee25a834751 3087 *minVersion = TLSv1_1_MINOR;
wolfSSL 11:cee25a834751 3088 break;
wolfSSL 11:cee25a834751 3089 #endif
wolfSSL 11:cee25a834751 3090 case WOLFSSL_TLSV1_2:
wolfSSL 11:cee25a834751 3091 *minVersion = TLSv1_2_MINOR;
wolfSSL 11:cee25a834751 3092 break;
wolfSSL 11:cee25a834751 3093 #endif
wolfSSL 11:cee25a834751 3094
wolfSSL 11:cee25a834751 3095 default:
wolfSSL 11:cee25a834751 3096 WOLFSSL_MSG("Bad function argument");
wolfSSL 11:cee25a834751 3097 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 3098 }
wolfSSL 11:cee25a834751 3099
wolfSSL 11:cee25a834751 3100 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 3101 }
wolfSSL 11:cee25a834751 3102
wolfSSL 11:cee25a834751 3103
wolfSSL 11:cee25a834751 3104 /* Set minimum downgrade version allowed, SSL_SUCCESS on ok */
wolfSSL 11:cee25a834751 3105 int wolfSSL_CTX_SetMinVersion(WOLFSSL_CTX* ctx, int version)
wolfSSL 11:cee25a834751 3106 {
wolfSSL 11:cee25a834751 3107 WOLFSSL_ENTER("wolfSSL_CTX_SetMinVersion");
wolfSSL 11:cee25a834751 3108
wolfSSL 11:cee25a834751 3109 if (ctx == NULL) {
wolfSSL 11:cee25a834751 3110 WOLFSSL_MSG("Bad function argument");
wolfSSL 11:cee25a834751 3111 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 3112 }
wolfSSL 11:cee25a834751 3113
wolfSSL 11:cee25a834751 3114 return SetMinVersionHelper(&ctx->minDowngrade, version);
wolfSSL 11:cee25a834751 3115 }
wolfSSL 11:cee25a834751 3116
wolfSSL 11:cee25a834751 3117
wolfSSL 11:cee25a834751 3118 /* Set minimum downgrade version allowed, SSL_SUCCESS on ok */
wolfSSL 11:cee25a834751 3119 int wolfSSL_SetMinVersion(WOLFSSL* ssl, int version)
wolfSSL 11:cee25a834751 3120 {
wolfSSL 11:cee25a834751 3121 WOLFSSL_ENTER("wolfSSL_SetMinVersion");
wolfSSL 11:cee25a834751 3122
wolfSSL 11:cee25a834751 3123 if (ssl == NULL) {
wolfSSL 11:cee25a834751 3124 WOLFSSL_MSG("Bad function argument");
wolfSSL 11:cee25a834751 3125 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 3126 }
wolfSSL 11:cee25a834751 3127
wolfSSL 11:cee25a834751 3128 return SetMinVersionHelper(&ssl->options.minDowngrade, version);
wolfSSL 11:cee25a834751 3129 }
wolfSSL 11:cee25a834751 3130
wolfSSL 11:cee25a834751 3131
wolfSSL 11:cee25a834751 3132 int wolfSSL_SetVersion(WOLFSSL* ssl, int version)
wolfSSL 11:cee25a834751 3133 {
wolfSSL 11:cee25a834751 3134 word16 haveRSA = 1;
wolfSSL 11:cee25a834751 3135 word16 havePSK = 0;
wolfSSL 11:cee25a834751 3136
wolfSSL 11:cee25a834751 3137 WOLFSSL_ENTER("wolfSSL_SetVersion");
wolfSSL 11:cee25a834751 3138
wolfSSL 11:cee25a834751 3139 if (ssl == NULL) {
wolfSSL 11:cee25a834751 3140 WOLFSSL_MSG("Bad function argument");
wolfSSL 11:cee25a834751 3141 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 3142 }
wolfSSL 11:cee25a834751 3143
wolfSSL 11:cee25a834751 3144 switch (version) {
wolfSSL 11:cee25a834751 3145 #if defined(WOLFSSL_ALLOW_SSLV3) && !defined(NO_OLD_TLS)
wolfSSL 11:cee25a834751 3146 case WOLFSSL_SSLV3:
wolfSSL 11:cee25a834751 3147 ssl->version = MakeSSLv3();
wolfSSL 11:cee25a834751 3148 break;
wolfSSL 11:cee25a834751 3149 #endif
wolfSSL 11:cee25a834751 3150
wolfSSL 11:cee25a834751 3151 #ifndef NO_TLS
wolfSSL 11:cee25a834751 3152 #ifndef NO_OLD_TLS
wolfSSL 11:cee25a834751 3153 case WOLFSSL_TLSV1:
wolfSSL 11:cee25a834751 3154 ssl->version = MakeTLSv1();
wolfSSL 11:cee25a834751 3155 break;
wolfSSL 11:cee25a834751 3156
wolfSSL 11:cee25a834751 3157 case WOLFSSL_TLSV1_1:
wolfSSL 11:cee25a834751 3158 ssl->version = MakeTLSv1_1();
wolfSSL 11:cee25a834751 3159 break;
wolfSSL 11:cee25a834751 3160 #endif
wolfSSL 11:cee25a834751 3161 case WOLFSSL_TLSV1_2:
wolfSSL 11:cee25a834751 3162 ssl->version = MakeTLSv1_2();
wolfSSL 11:cee25a834751 3163 break;
wolfSSL 11:cee25a834751 3164 #endif
wolfSSL 11:cee25a834751 3165
wolfSSL 11:cee25a834751 3166 default:
wolfSSL 11:cee25a834751 3167 WOLFSSL_MSG("Bad function argument");
wolfSSL 11:cee25a834751 3168 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 3169 }
wolfSSL 11:cee25a834751 3170
wolfSSL 11:cee25a834751 3171 #ifdef NO_RSA
wolfSSL 11:cee25a834751 3172 haveRSA = 0;
wolfSSL 11:cee25a834751 3173 #endif
wolfSSL 11:cee25a834751 3174 #ifndef NO_PSK
wolfSSL 11:cee25a834751 3175 havePSK = ssl->options.havePSK;
wolfSSL 11:cee25a834751 3176 #endif
wolfSSL 11:cee25a834751 3177
wolfSSL 11:cee25a834751 3178 InitSuites(ssl->suites, ssl->version, haveRSA, havePSK, ssl->options.haveDH,
wolfSSL 11:cee25a834751 3179 ssl->options.haveNTRU, ssl->options.haveECDSAsig,
wolfSSL 11:cee25a834751 3180 ssl->options.haveECC, ssl->options.haveStaticECC,
wolfSSL 11:cee25a834751 3181 ssl->options.side);
wolfSSL 11:cee25a834751 3182
wolfSSL 11:cee25a834751 3183 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 3184 }
wolfSSL 11:cee25a834751 3185 #endif /* !leanpsk */
wolfSSL 11:cee25a834751 3186
wolfSSL 11:cee25a834751 3187
wolfSSL 11:cee25a834751 3188 #if !defined(NO_CERTS) || !defined(NO_SESSION_CACHE)
wolfSSL 11:cee25a834751 3189
wolfSSL 11:cee25a834751 3190 /* Make a work from the front of random hash */
wolfSSL 11:cee25a834751 3191 static INLINE word32 MakeWordFromHash(const byte* hashID)
wolfSSL 11:cee25a834751 3192 {
wolfSSL 11:cee25a834751 3193 return (hashID[0] << 24) | (hashID[1] << 16) | (hashID[2] << 8) |
wolfSSL 11:cee25a834751 3194 hashID[3];
wolfSSL 11:cee25a834751 3195 }
wolfSSL 11:cee25a834751 3196
wolfSSL 11:cee25a834751 3197 #endif /* !NO_CERTS || !NO_SESSION_CACHE */
wolfSSL 11:cee25a834751 3198
wolfSSL 11:cee25a834751 3199
wolfSSL 11:cee25a834751 3200 #ifndef NO_CERTS
wolfSSL 11:cee25a834751 3201
wolfSSL 11:cee25a834751 3202 /* hash is the SHA digest of name, just use first 32 bits as hash */
wolfSSL 11:cee25a834751 3203 static INLINE word32 HashSigner(const byte* hash)
wolfSSL 11:cee25a834751 3204 {
wolfSSL 11:cee25a834751 3205 return MakeWordFromHash(hash) % CA_TABLE_SIZE;
wolfSSL 11:cee25a834751 3206 }
wolfSSL 11:cee25a834751 3207
wolfSSL 11:cee25a834751 3208
wolfSSL 11:cee25a834751 3209 /* does CA already exist on signer list */
wolfSSL 11:cee25a834751 3210 int AlreadySigner(WOLFSSL_CERT_MANAGER* cm, byte* hash)
wolfSSL 11:cee25a834751 3211 {
wolfSSL 11:cee25a834751 3212 Signer* signers;
wolfSSL 11:cee25a834751 3213 int ret = 0;
wolfSSL 11:cee25a834751 3214 word32 row;
wolfSSL 11:cee25a834751 3215
wolfSSL 11:cee25a834751 3216 if (cm == NULL || hash == NULL) {
wolfSSL 11:cee25a834751 3217 return ret;
wolfSSL 11:cee25a834751 3218 }
wolfSSL 11:cee25a834751 3219
wolfSSL 11:cee25a834751 3220 row = HashSigner(hash);
wolfSSL 11:cee25a834751 3221
wolfSSL 11:cee25a834751 3222 if (wc_LockMutex(&cm->caLock) != 0) {
wolfSSL 11:cee25a834751 3223 return ret;
wolfSSL 11:cee25a834751 3224 }
wolfSSL 11:cee25a834751 3225 signers = cm->caTable[row];
wolfSSL 11:cee25a834751 3226 while (signers) {
wolfSSL 11:cee25a834751 3227 byte* subjectHash;
wolfSSL 11:cee25a834751 3228
wolfSSL 11:cee25a834751 3229 #ifndef NO_SKID
wolfSSL 11:cee25a834751 3230 subjectHash = signers->subjectKeyIdHash;
wolfSSL 11:cee25a834751 3231 #else
wolfSSL 11:cee25a834751 3232 subjectHash = signers->subjectNameHash;
wolfSSL 11:cee25a834751 3233 #endif
wolfSSL 11:cee25a834751 3234
wolfSSL 11:cee25a834751 3235 if (XMEMCMP(hash, subjectHash, SIGNER_DIGEST_SIZE) == 0) {
wolfSSL 11:cee25a834751 3236 ret = 1; /* success */
wolfSSL 11:cee25a834751 3237 break;
wolfSSL 11:cee25a834751 3238 }
wolfSSL 11:cee25a834751 3239 signers = signers->next;
wolfSSL 11:cee25a834751 3240 }
wolfSSL 11:cee25a834751 3241 wc_UnLockMutex(&cm->caLock);
wolfSSL 11:cee25a834751 3242
wolfSSL 11:cee25a834751 3243 return ret;
wolfSSL 11:cee25a834751 3244 }
wolfSSL 11:cee25a834751 3245
wolfSSL 11:cee25a834751 3246
wolfSSL 11:cee25a834751 3247 #ifdef WOLFSSL_TRUST_PEER_CERT
wolfSSL 11:cee25a834751 3248 /* hash is the SHA digest of name, just use first 32 bits as hash */
wolfSSL 11:cee25a834751 3249 static INLINE word32 TrustedPeerHashSigner(const byte* hash)
wolfSSL 11:cee25a834751 3250 {
wolfSSL 11:cee25a834751 3251 return MakeWordFromHash(hash) % TP_TABLE_SIZE;
wolfSSL 11:cee25a834751 3252 }
wolfSSL 11:cee25a834751 3253
wolfSSL 11:cee25a834751 3254 /* does trusted peer already exist on signer list */
wolfSSL 11:cee25a834751 3255 int AlreadyTrustedPeer(WOLFSSL_CERT_MANAGER* cm, byte* hash)
wolfSSL 11:cee25a834751 3256 {
wolfSSL 11:cee25a834751 3257 TrustedPeerCert* tp;
wolfSSL 11:cee25a834751 3258 int ret = 0;
wolfSSL 11:cee25a834751 3259 word32 row = TrustedPeerHashSigner(hash);
wolfSSL 11:cee25a834751 3260
wolfSSL 11:cee25a834751 3261 if (wc_LockMutex(&cm->tpLock) != 0)
wolfSSL 11:cee25a834751 3262 return ret;
wolfSSL 11:cee25a834751 3263 tp = cm->tpTable[row];
wolfSSL 11:cee25a834751 3264 while (tp) {
wolfSSL 11:cee25a834751 3265 byte* subjectHash;
wolfSSL 11:cee25a834751 3266 #ifndef NO_SKID
wolfSSL 11:cee25a834751 3267 subjectHash = tp->subjectKeyIdHash;
wolfSSL 11:cee25a834751 3268 #else
wolfSSL 11:cee25a834751 3269 subjectHash = tp->subjectNameHash;
wolfSSL 11:cee25a834751 3270 #endif
wolfSSL 11:cee25a834751 3271 if (XMEMCMP(hash, subjectHash, SIGNER_DIGEST_SIZE) == 0) {
wolfSSL 11:cee25a834751 3272 ret = 1;
wolfSSL 11:cee25a834751 3273 break;
wolfSSL 11:cee25a834751 3274 }
wolfSSL 11:cee25a834751 3275 tp = tp->next;
wolfSSL 11:cee25a834751 3276 }
wolfSSL 11:cee25a834751 3277 wc_UnLockMutex(&cm->tpLock);
wolfSSL 11:cee25a834751 3278
wolfSSL 11:cee25a834751 3279 return ret;
wolfSSL 11:cee25a834751 3280 }
wolfSSL 11:cee25a834751 3281
wolfSSL 11:cee25a834751 3282
wolfSSL 11:cee25a834751 3283 /* return Trusted Peer if found, otherwise NULL
wolfSSL 11:cee25a834751 3284 type is what to match on
wolfSSL 11:cee25a834751 3285 */
wolfSSL 11:cee25a834751 3286 TrustedPeerCert* GetTrustedPeer(void* vp, byte* hash, int type)
wolfSSL 11:cee25a834751 3287 {
wolfSSL 11:cee25a834751 3288 WOLFSSL_CERT_MANAGER* cm = (WOLFSSL_CERT_MANAGER*)vp;
wolfSSL 11:cee25a834751 3289 TrustedPeerCert* ret = NULL;
wolfSSL 11:cee25a834751 3290 TrustedPeerCert* tp = NULL;
wolfSSL 11:cee25a834751 3291 word32 row;
wolfSSL 11:cee25a834751 3292
wolfSSL 11:cee25a834751 3293 if (cm == NULL || hash == NULL)
wolfSSL 11:cee25a834751 3294 return NULL;
wolfSSL 11:cee25a834751 3295
wolfSSL 11:cee25a834751 3296 row = TrustedPeerHashSigner(hash);
wolfSSL 11:cee25a834751 3297
wolfSSL 11:cee25a834751 3298 if (wc_LockMutex(&cm->tpLock) != 0)
wolfSSL 11:cee25a834751 3299 return ret;
wolfSSL 11:cee25a834751 3300
wolfSSL 11:cee25a834751 3301 tp = cm->tpTable[row];
wolfSSL 11:cee25a834751 3302 while (tp) {
wolfSSL 11:cee25a834751 3303 byte* subjectHash;
wolfSSL 11:cee25a834751 3304 switch (type) {
wolfSSL 11:cee25a834751 3305 #ifndef NO_SKID
wolfSSL 11:cee25a834751 3306 case WC_MATCH_SKID:
wolfSSL 11:cee25a834751 3307 subjectHash = tp->subjectKeyIdHash;
wolfSSL 11:cee25a834751 3308 break;
wolfSSL 11:cee25a834751 3309 #endif
wolfSSL 11:cee25a834751 3310 case WC_MATCH_NAME:
wolfSSL 11:cee25a834751 3311 subjectHash = tp->subjectNameHash;
wolfSSL 11:cee25a834751 3312 break;
wolfSSL 11:cee25a834751 3313 default:
wolfSSL 11:cee25a834751 3314 WOLFSSL_MSG("Unknown search type");
wolfSSL 11:cee25a834751 3315 wc_UnLockMutex(&cm->tpLock);
wolfSSL 11:cee25a834751 3316 return NULL;
wolfSSL 11:cee25a834751 3317 }
wolfSSL 11:cee25a834751 3318 if (XMEMCMP(hash, subjectHash, SIGNER_DIGEST_SIZE) == 0) {
wolfSSL 11:cee25a834751 3319 ret = tp;
wolfSSL 11:cee25a834751 3320 break;
wolfSSL 11:cee25a834751 3321 }
wolfSSL 11:cee25a834751 3322 tp = tp->next;
wolfSSL 11:cee25a834751 3323 }
wolfSSL 11:cee25a834751 3324 wc_UnLockMutex(&cm->tpLock);
wolfSSL 11:cee25a834751 3325
wolfSSL 11:cee25a834751 3326 return ret;
wolfSSL 11:cee25a834751 3327 }
wolfSSL 11:cee25a834751 3328
wolfSSL 11:cee25a834751 3329
wolfSSL 11:cee25a834751 3330 int MatchTrustedPeer(TrustedPeerCert* tp, DecodedCert* cert)
wolfSSL 11:cee25a834751 3331 {
wolfSSL 11:cee25a834751 3332 if (tp == NULL || cert == NULL)
wolfSSL 11:cee25a834751 3333 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 3334
wolfSSL 11:cee25a834751 3335 /* subject key id or subject hash has been compared when searching
wolfSSL 11:cee25a834751 3336 tpTable for the cert from function GetTrustedPeer */
wolfSSL 11:cee25a834751 3337
wolfSSL 11:cee25a834751 3338 /* compare signatures */
wolfSSL 11:cee25a834751 3339 if (tp->sigLen == cert->sigLength) {
wolfSSL 11:cee25a834751 3340 if (XMEMCMP(tp->sig, cert->signature, cert->sigLength)) {
wolfSSL 11:cee25a834751 3341 return SSL_FAILURE;
wolfSSL 11:cee25a834751 3342 }
wolfSSL 11:cee25a834751 3343 }
wolfSSL 11:cee25a834751 3344 else {
wolfSSL 11:cee25a834751 3345 return SSL_FAILURE;
wolfSSL 11:cee25a834751 3346 }
wolfSSL 11:cee25a834751 3347
wolfSSL 11:cee25a834751 3348 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 3349 }
wolfSSL 11:cee25a834751 3350 #endif /* WOLFSSL_TRUST_PEER_CERT */
wolfSSL 11:cee25a834751 3351
wolfSSL 11:cee25a834751 3352
wolfSSL 11:cee25a834751 3353 /* return CA if found, otherwise NULL */
wolfSSL 11:cee25a834751 3354 Signer* GetCA(void* vp, byte* hash)
wolfSSL 11:cee25a834751 3355 {
wolfSSL 11:cee25a834751 3356 WOLFSSL_CERT_MANAGER* cm = (WOLFSSL_CERT_MANAGER*)vp;
wolfSSL 11:cee25a834751 3357 Signer* ret = NULL;
wolfSSL 11:cee25a834751 3358 Signer* signers;
wolfSSL 11:cee25a834751 3359 word32 row = HashSigner(hash);
wolfSSL 11:cee25a834751 3360
wolfSSL 11:cee25a834751 3361 if (cm == NULL)
wolfSSL 11:cee25a834751 3362 return NULL;
wolfSSL 11:cee25a834751 3363
wolfSSL 11:cee25a834751 3364 if (wc_LockMutex(&cm->caLock) != 0)
wolfSSL 11:cee25a834751 3365 return ret;
wolfSSL 11:cee25a834751 3366
wolfSSL 11:cee25a834751 3367 signers = cm->caTable[row];
wolfSSL 11:cee25a834751 3368 while (signers) {
wolfSSL 11:cee25a834751 3369 byte* subjectHash;
wolfSSL 11:cee25a834751 3370 #ifndef NO_SKID
wolfSSL 11:cee25a834751 3371 subjectHash = signers->subjectKeyIdHash;
wolfSSL 11:cee25a834751 3372 #else
wolfSSL 11:cee25a834751 3373 subjectHash = signers->subjectNameHash;
wolfSSL 11:cee25a834751 3374 #endif
wolfSSL 11:cee25a834751 3375 if (XMEMCMP(hash, subjectHash, SIGNER_DIGEST_SIZE) == 0) {
wolfSSL 11:cee25a834751 3376 ret = signers;
wolfSSL 11:cee25a834751 3377 break;
wolfSSL 11:cee25a834751 3378 }
wolfSSL 11:cee25a834751 3379 signers = signers->next;
wolfSSL 11:cee25a834751 3380 }
wolfSSL 11:cee25a834751 3381 wc_UnLockMutex(&cm->caLock);
wolfSSL 11:cee25a834751 3382
wolfSSL 11:cee25a834751 3383 return ret;
wolfSSL 11:cee25a834751 3384 }
wolfSSL 11:cee25a834751 3385
wolfSSL 11:cee25a834751 3386
wolfSSL 11:cee25a834751 3387 #ifndef NO_SKID
wolfSSL 11:cee25a834751 3388 /* return CA if found, otherwise NULL. Walk through hash table. */
wolfSSL 11:cee25a834751 3389 Signer* GetCAByName(void* vp, byte* hash)
wolfSSL 11:cee25a834751 3390 {
wolfSSL 11:cee25a834751 3391 WOLFSSL_CERT_MANAGER* cm = (WOLFSSL_CERT_MANAGER*)vp;
wolfSSL 11:cee25a834751 3392 Signer* ret = NULL;
wolfSSL 11:cee25a834751 3393 Signer* signers;
wolfSSL 11:cee25a834751 3394 word32 row;
wolfSSL 11:cee25a834751 3395
wolfSSL 11:cee25a834751 3396 if (cm == NULL)
wolfSSL 11:cee25a834751 3397 return NULL;
wolfSSL 11:cee25a834751 3398
wolfSSL 11:cee25a834751 3399 if (wc_LockMutex(&cm->caLock) != 0)
wolfSSL 11:cee25a834751 3400 return ret;
wolfSSL 11:cee25a834751 3401
wolfSSL 11:cee25a834751 3402 for (row = 0; row < CA_TABLE_SIZE && ret == NULL; row++) {
wolfSSL 11:cee25a834751 3403 signers = cm->caTable[row];
wolfSSL 11:cee25a834751 3404 while (signers && ret == NULL) {
wolfSSL 11:cee25a834751 3405 if (XMEMCMP(hash, signers->subjectNameHash,
wolfSSL 11:cee25a834751 3406 SIGNER_DIGEST_SIZE) == 0) {
wolfSSL 11:cee25a834751 3407 ret = signers;
wolfSSL 11:cee25a834751 3408 }
wolfSSL 11:cee25a834751 3409 signers = signers->next;
wolfSSL 11:cee25a834751 3410 }
wolfSSL 11:cee25a834751 3411 }
wolfSSL 11:cee25a834751 3412 wc_UnLockMutex(&cm->caLock);
wolfSSL 11:cee25a834751 3413
wolfSSL 11:cee25a834751 3414 return ret;
wolfSSL 11:cee25a834751 3415 }
wolfSSL 11:cee25a834751 3416 #endif
wolfSSL 11:cee25a834751 3417
wolfSSL 11:cee25a834751 3418
wolfSSL 11:cee25a834751 3419 #ifdef WOLFSSL_TRUST_PEER_CERT
wolfSSL 11:cee25a834751 3420 /* add a trusted peer cert to linked list */
wolfSSL 11:cee25a834751 3421 int AddTrustedPeer(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int verify)
wolfSSL 11:cee25a834751 3422 {
wolfSSL 11:cee25a834751 3423 int ret, row;
wolfSSL 11:cee25a834751 3424 TrustedPeerCert* peerCert;
wolfSSL 11:cee25a834751 3425 DecodedCert* cert = NULL;
wolfSSL 11:cee25a834751 3426 DerBuffer* der = *pDer;
wolfSSL 11:cee25a834751 3427 byte* subjectHash = NULL;
wolfSSL 11:cee25a834751 3428
wolfSSL 11:cee25a834751 3429 WOLFSSL_MSG("Adding a Trusted Peer Cert");
wolfSSL 11:cee25a834751 3430
wolfSSL 11:cee25a834751 3431 cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), cm->heap,
wolfSSL 11:cee25a834751 3432 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 3433 if (cert == NULL)
wolfSSL 11:cee25a834751 3434 return MEMORY_E;
wolfSSL 11:cee25a834751 3435
wolfSSL 11:cee25a834751 3436 InitDecodedCert(cert, der->buffer, der->length, cm->heap);
wolfSSL 11:cee25a834751 3437 if ((ret = ParseCert(cert, TRUSTED_PEER_TYPE, verify, cm)) != 0) {
wolfSSL 11:cee25a834751 3438 XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 3439 return ret;
wolfSSL 11:cee25a834751 3440 }
wolfSSL 11:cee25a834751 3441 WOLFSSL_MSG("\tParsed new trusted peer cert");
wolfSSL 11:cee25a834751 3442
wolfSSL 11:cee25a834751 3443 peerCert = (TrustedPeerCert*)XMALLOC(sizeof(TrustedPeerCert), cm->heap,
wolfSSL 11:cee25a834751 3444 DYNAMIC_TYPE_CERT);
wolfSSL 11:cee25a834751 3445 if (peerCert == NULL) {
wolfSSL 11:cee25a834751 3446 FreeDecodedCert(cert);
wolfSSL 11:cee25a834751 3447 XFREE(cert, cm->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 3448 return MEMORY_E;
wolfSSL 11:cee25a834751 3449 }
wolfSSL 11:cee25a834751 3450 XMEMSET(peerCert, 0, sizeof(TrustedPeerCert));
wolfSSL 11:cee25a834751 3451
wolfSSL 11:cee25a834751 3452 #ifndef NO_SKID
wolfSSL 11:cee25a834751 3453 if (cert->extAuthKeyIdSet) {
wolfSSL 11:cee25a834751 3454 subjectHash = cert->extSubjKeyId;
wolfSSL 11:cee25a834751 3455 }
wolfSSL 11:cee25a834751 3456 else {
wolfSSL 11:cee25a834751 3457 subjectHash = cert->subjectHash;
wolfSSL 11:cee25a834751 3458 }
wolfSSL 11:cee25a834751 3459 #else
wolfSSL 11:cee25a834751 3460 subjectHash = cert->subjectHash;
wolfSSL 11:cee25a834751 3461 #endif
wolfSSL 11:cee25a834751 3462
wolfSSL 11:cee25a834751 3463 #ifndef IGNORE_NAME_CONSTRAINTS
wolfSSL 11:cee25a834751 3464 if (peerCert->permittedNames)
wolfSSL 11:cee25a834751 3465 FreeNameSubtrees(peerCert->permittedNames, cm->heap);
wolfSSL 11:cee25a834751 3466 if (peerCert->excludedNames)
wolfSSL 11:cee25a834751 3467 FreeNameSubtrees(peerCert->excludedNames, cm->heap);
wolfSSL 11:cee25a834751 3468 #endif
wolfSSL 11:cee25a834751 3469
wolfSSL 11:cee25a834751 3470 if (AlreadyTrustedPeer(cm, subjectHash)) {
wolfSSL 11:cee25a834751 3471 WOLFSSL_MSG("\tAlready have this CA, not adding again");
wolfSSL 11:cee25a834751 3472 (void)ret;
wolfSSL 11:cee25a834751 3473 }
wolfSSL 11:cee25a834751 3474 else {
wolfSSL 11:cee25a834751 3475 /* add trusted peer signature */
wolfSSL 11:cee25a834751 3476 peerCert->sigLen = cert->sigLength;
wolfSSL 11:cee25a834751 3477 peerCert->sig = XMALLOC(cert->sigLength, cm->heap,
wolfSSL 11:cee25a834751 3478 DYNAMIC_TYPE_SIGNATURE);
wolfSSL 11:cee25a834751 3479 if (peerCert->sig == NULL) {
wolfSSL 11:cee25a834751 3480 FreeDecodedCert(cert);
wolfSSL 11:cee25a834751 3481 XFREE(cert, cm->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 3482 FreeTrustedPeer(peerCert, cm->heap);
wolfSSL 11:cee25a834751 3483 return MEMORY_E;
wolfSSL 11:cee25a834751 3484 }
wolfSSL 11:cee25a834751 3485 XMEMCPY(peerCert->sig, cert->signature, cert->sigLength);
wolfSSL 11:cee25a834751 3486
wolfSSL 11:cee25a834751 3487 /* add trusted peer name */
wolfSSL 11:cee25a834751 3488 peerCert->nameLen = cert->subjectCNLen;
wolfSSL 11:cee25a834751 3489 peerCert->name = cert->subjectCN;
wolfSSL 11:cee25a834751 3490 #ifndef IGNORE_NAME_CONSTRAINTS
wolfSSL 11:cee25a834751 3491 peerCert->permittedNames = cert->permittedNames;
wolfSSL 11:cee25a834751 3492 peerCert->excludedNames = cert->excludedNames;
wolfSSL 11:cee25a834751 3493 #endif
wolfSSL 11:cee25a834751 3494
wolfSSL 11:cee25a834751 3495 /* add SKID when available and hash of name */
wolfSSL 11:cee25a834751 3496 #ifndef NO_SKID
wolfSSL 11:cee25a834751 3497 XMEMCPY(peerCert->subjectKeyIdHash, cert->extSubjKeyId,
wolfSSL 11:cee25a834751 3498 SIGNER_DIGEST_SIZE);
wolfSSL 11:cee25a834751 3499 #endif
wolfSSL 11:cee25a834751 3500 XMEMCPY(peerCert->subjectNameHash, cert->subjectHash,
wolfSSL 11:cee25a834751 3501 SIGNER_DIGEST_SIZE);
wolfSSL 11:cee25a834751 3502 peerCert->next = NULL; /* If Key Usage not set, all uses valid. */
wolfSSL 11:cee25a834751 3503 cert->subjectCN = 0;
wolfSSL 11:cee25a834751 3504 #ifndef IGNORE_NAME_CONSTRAINTS
wolfSSL 11:cee25a834751 3505 cert->permittedNames = NULL;
wolfSSL 11:cee25a834751 3506 cert->excludedNames = NULL;
wolfSSL 11:cee25a834751 3507 #endif
wolfSSL 11:cee25a834751 3508
wolfSSL 11:cee25a834751 3509 #ifndef NO_SKID
wolfSSL 11:cee25a834751 3510 if (cert->extAuthKeyIdSet) {
wolfSSL 11:cee25a834751 3511 row = TrustedPeerHashSigner(peerCert->subjectKeyIdHash);
wolfSSL 11:cee25a834751 3512 }
wolfSSL 11:cee25a834751 3513 else {
wolfSSL 11:cee25a834751 3514 row = TrustedPeerHashSigner(peerCert->subjectNameHash);
wolfSSL 11:cee25a834751 3515 }
wolfSSL 11:cee25a834751 3516 #else
wolfSSL 11:cee25a834751 3517 row = TrustedPeerHashSigner(peerCert->subjectNameHash);
wolfSSL 11:cee25a834751 3518 #endif
wolfSSL 11:cee25a834751 3519
wolfSSL 11:cee25a834751 3520 if (wc_LockMutex(&cm->tpLock) == 0) {
wolfSSL 11:cee25a834751 3521 peerCert->next = cm->tpTable[row];
wolfSSL 11:cee25a834751 3522 cm->tpTable[row] = peerCert; /* takes ownership */
wolfSSL 11:cee25a834751 3523 wc_UnLockMutex(&cm->tpLock);
wolfSSL 11:cee25a834751 3524 }
wolfSSL 11:cee25a834751 3525 else {
wolfSSL 11:cee25a834751 3526 WOLFSSL_MSG("\tTrusted Peer Cert Mutex Lock failed");
wolfSSL 11:cee25a834751 3527 FreeDecodedCert(cert);
wolfSSL 11:cee25a834751 3528 XFREE(cert, cm->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 3529 FreeTrustedPeer(peerCert, cm->heap);
wolfSSL 11:cee25a834751 3530 return BAD_MUTEX_E;
wolfSSL 11:cee25a834751 3531 }
wolfSSL 11:cee25a834751 3532 }
wolfSSL 11:cee25a834751 3533
wolfSSL 11:cee25a834751 3534 WOLFSSL_MSG("\tFreeing parsed trusted peer cert");
wolfSSL 11:cee25a834751 3535 FreeDecodedCert(cert);
wolfSSL 11:cee25a834751 3536 XFREE(cert, cm->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 3537 WOLFSSL_MSG("\tFreeing der trusted peer cert");
wolfSSL 11:cee25a834751 3538 FreeDer(&der);
wolfSSL 11:cee25a834751 3539 WOLFSSL_MSG("\t\tOK Freeing der trusted peer cert");
wolfSSL 11:cee25a834751 3540 WOLFSSL_LEAVE("AddTrustedPeer", ret);
wolfSSL 11:cee25a834751 3541
wolfSSL 11:cee25a834751 3542 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 3543 }
wolfSSL 11:cee25a834751 3544 #endif /* WOLFSSL_TRUST_PEER_CERT */
wolfSSL 11:cee25a834751 3545
wolfSSL 11:cee25a834751 3546
wolfSSL 11:cee25a834751 3547 /* owns der, internal now uses too */
wolfSSL 11:cee25a834751 3548 /* type flag ids from user or from chain received during verify
wolfSSL 11:cee25a834751 3549 don't allow chain ones to be added w/o isCA extension */
wolfSSL 11:cee25a834751 3550 int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify)
wolfSSL 11:cee25a834751 3551 {
wolfSSL 11:cee25a834751 3552 int ret;
wolfSSL 11:cee25a834751 3553 Signer* signer = 0;
wolfSSL 11:cee25a834751 3554 word32 row;
wolfSSL 11:cee25a834751 3555 byte* subjectHash;
wolfSSL 11:cee25a834751 3556 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 3557 DecodedCert* cert = NULL;
wolfSSL 11:cee25a834751 3558 #else
wolfSSL 11:cee25a834751 3559 DecodedCert cert[1];
wolfSSL 11:cee25a834751 3560 #endif
wolfSSL 11:cee25a834751 3561 DerBuffer* der = *pDer;
wolfSSL 11:cee25a834751 3562
wolfSSL 11:cee25a834751 3563 WOLFSSL_MSG("Adding a CA");
wolfSSL 11:cee25a834751 3564
wolfSSL 11:cee25a834751 3565 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 3566 cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL,
wolfSSL 11:cee25a834751 3567 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 3568 if (cert == NULL)
wolfSSL 11:cee25a834751 3569 return MEMORY_E;
wolfSSL 11:cee25a834751 3570 #endif
wolfSSL 11:cee25a834751 3571
wolfSSL 11:cee25a834751 3572 InitDecodedCert(cert, der->buffer, der->length, cm->heap);
wolfSSL 11:cee25a834751 3573 ret = ParseCert(cert, CA_TYPE, verify, cm);
wolfSSL 11:cee25a834751 3574 WOLFSSL_MSG("\tParsed new CA");
wolfSSL 11:cee25a834751 3575
wolfSSL 11:cee25a834751 3576 #ifndef NO_SKID
wolfSSL 11:cee25a834751 3577 subjectHash = cert->extSubjKeyId;
wolfSSL 11:cee25a834751 3578 #else
wolfSSL 11:cee25a834751 3579 subjectHash = cert->subjectHash;
wolfSSL 11:cee25a834751 3580 #endif
wolfSSL 11:cee25a834751 3581
wolfSSL 11:cee25a834751 3582 /* check CA key size */
wolfSSL 11:cee25a834751 3583 if (verify) {
wolfSSL 11:cee25a834751 3584 switch (cert->keyOID) {
wolfSSL 11:cee25a834751 3585 #ifndef NO_RSA
wolfSSL 11:cee25a834751 3586 case RSAk:
wolfSSL 11:cee25a834751 3587 if (cm->minRsaKeySz < 0 ||
wolfSSL 11:cee25a834751 3588 cert->pubKeySize < (word16)cm->minRsaKeySz) {
wolfSSL 11:cee25a834751 3589 ret = RSA_KEY_SIZE_E;
wolfSSL 11:cee25a834751 3590 WOLFSSL_MSG("\tCA RSA key size error");
wolfSSL 11:cee25a834751 3591 }
wolfSSL 11:cee25a834751 3592 break;
wolfSSL 11:cee25a834751 3593 #endif /* !NO_RSA */
wolfSSL 11:cee25a834751 3594 #ifdef HAVE_ECC
wolfSSL 11:cee25a834751 3595 case ECDSAk:
wolfSSL 11:cee25a834751 3596 if (cm->minEccKeySz < 0 ||
wolfSSL 11:cee25a834751 3597 cert->pubKeySize < (word16)cm->minEccKeySz) {
wolfSSL 11:cee25a834751 3598 ret = ECC_KEY_SIZE_E;
wolfSSL 11:cee25a834751 3599 WOLFSSL_MSG("\tCA ECC key size error");
wolfSSL 11:cee25a834751 3600 }
wolfSSL 11:cee25a834751 3601 break;
wolfSSL 11:cee25a834751 3602 #endif /* HAVE_ECC */
wolfSSL 11:cee25a834751 3603
wolfSSL 11:cee25a834751 3604 default:
wolfSSL 11:cee25a834751 3605 WOLFSSL_MSG("\tNo key size check done on CA");
wolfSSL 11:cee25a834751 3606 break; /* no size check if key type is not in switch */
wolfSSL 11:cee25a834751 3607 }
wolfSSL 11:cee25a834751 3608 }
wolfSSL 11:cee25a834751 3609
wolfSSL 11:cee25a834751 3610 if (ret == 0 && cert->isCA == 0 && type != WOLFSSL_USER_CA) {
wolfSSL 11:cee25a834751 3611 WOLFSSL_MSG("\tCan't add as CA if not actually one");
wolfSSL 11:cee25a834751 3612 ret = NOT_CA_ERROR;
wolfSSL 11:cee25a834751 3613 }
wolfSSL 11:cee25a834751 3614 #ifndef ALLOW_INVALID_CERTSIGN
wolfSSL 11:cee25a834751 3615 else if (ret == 0 && cert->isCA == 1 && type != WOLFSSL_USER_CA &&
wolfSSL 11:cee25a834751 3616 (cert->extKeyUsage & KEYUSE_KEY_CERT_SIGN) == 0) {
wolfSSL 11:cee25a834751 3617 /* Intermediate CA certs are required to have the keyCertSign
wolfSSL 11:cee25a834751 3618 * extension set. User loaded root certs are not. */
wolfSSL 11:cee25a834751 3619 WOLFSSL_MSG("\tDoesn't have key usage certificate signing");
wolfSSL 11:cee25a834751 3620 ret = NOT_CA_ERROR;
wolfSSL 11:cee25a834751 3621 }
wolfSSL 11:cee25a834751 3622 #endif
wolfSSL 11:cee25a834751 3623 else if (ret == 0 && AlreadySigner(cm, subjectHash)) {
wolfSSL 11:cee25a834751 3624 WOLFSSL_MSG("\tAlready have this CA, not adding again");
wolfSSL 11:cee25a834751 3625 (void)ret;
wolfSSL 11:cee25a834751 3626 }
wolfSSL 11:cee25a834751 3627 else if (ret == 0) {
wolfSSL 11:cee25a834751 3628 /* take over signer parts */
wolfSSL 11:cee25a834751 3629 signer = MakeSigner(cm->heap);
wolfSSL 11:cee25a834751 3630 if (!signer)
wolfSSL 11:cee25a834751 3631 ret = MEMORY_ERROR;
wolfSSL 11:cee25a834751 3632 else {
wolfSSL 11:cee25a834751 3633 signer->keyOID = cert->keyOID;
wolfSSL 11:cee25a834751 3634 if (cert->pubKeyStored) {
wolfSSL 11:cee25a834751 3635 signer->publicKey = cert->publicKey;
wolfSSL 11:cee25a834751 3636 signer->pubKeySize = cert->pubKeySize;
wolfSSL 11:cee25a834751 3637 }
wolfSSL 11:cee25a834751 3638 if (cert->subjectCNStored) {
wolfSSL 11:cee25a834751 3639 signer->nameLen = cert->subjectCNLen;
wolfSSL 11:cee25a834751 3640 signer->name = cert->subjectCN;
wolfSSL 11:cee25a834751 3641 }
wolfSSL 11:cee25a834751 3642 signer->pathLength = cert->pathLength;
wolfSSL 11:cee25a834751 3643 signer->pathLengthSet = cert->pathLengthSet;
wolfSSL 11:cee25a834751 3644 #ifndef IGNORE_NAME_CONSTRAINTS
wolfSSL 11:cee25a834751 3645 signer->permittedNames = cert->permittedNames;
wolfSSL 11:cee25a834751 3646 signer->excludedNames = cert->excludedNames;
wolfSSL 11:cee25a834751 3647 #endif
wolfSSL 11:cee25a834751 3648 #ifndef NO_SKID
wolfSSL 11:cee25a834751 3649 XMEMCPY(signer->subjectKeyIdHash, cert->extSubjKeyId,
wolfSSL 11:cee25a834751 3650 SIGNER_DIGEST_SIZE);
wolfSSL 11:cee25a834751 3651 #endif
wolfSSL 11:cee25a834751 3652 XMEMCPY(signer->subjectNameHash, cert->subjectHash,
wolfSSL 11:cee25a834751 3653 SIGNER_DIGEST_SIZE);
wolfSSL 11:cee25a834751 3654 signer->keyUsage = cert->extKeyUsageSet ? cert->extKeyUsage
wolfSSL 11:cee25a834751 3655 : 0xFFFF;
wolfSSL 11:cee25a834751 3656 signer->next = NULL; /* If Key Usage not set, all uses valid. */
wolfSSL 11:cee25a834751 3657 cert->publicKey = 0; /* in case lock fails don't free here. */
wolfSSL 11:cee25a834751 3658 cert->subjectCN = 0;
wolfSSL 11:cee25a834751 3659 #ifndef IGNORE_NAME_CONSTRAINTS
wolfSSL 11:cee25a834751 3660 cert->permittedNames = NULL;
wolfSSL 11:cee25a834751 3661 cert->excludedNames = NULL;
wolfSSL 11:cee25a834751 3662 #endif
wolfSSL 11:cee25a834751 3663
wolfSSL 11:cee25a834751 3664 #ifndef NO_SKID
wolfSSL 11:cee25a834751 3665 row = HashSigner(signer->subjectKeyIdHash);
wolfSSL 11:cee25a834751 3666 #else
wolfSSL 11:cee25a834751 3667 row = HashSigner(signer->subjectNameHash);
wolfSSL 11:cee25a834751 3668 #endif
wolfSSL 11:cee25a834751 3669
wolfSSL 11:cee25a834751 3670 if (wc_LockMutex(&cm->caLock) == 0) {
wolfSSL 11:cee25a834751 3671 signer->next = cm->caTable[row];
wolfSSL 11:cee25a834751 3672 cm->caTable[row] = signer; /* takes ownership */
wolfSSL 11:cee25a834751 3673 wc_UnLockMutex(&cm->caLock);
wolfSSL 11:cee25a834751 3674 if (cm->caCacheCallback)
wolfSSL 11:cee25a834751 3675 cm->caCacheCallback(der->buffer, (int)der->length, type);
wolfSSL 11:cee25a834751 3676 }
wolfSSL 11:cee25a834751 3677 else {
wolfSSL 11:cee25a834751 3678 WOLFSSL_MSG("\tCA Mutex Lock failed");
wolfSSL 11:cee25a834751 3679 ret = BAD_MUTEX_E;
wolfSSL 11:cee25a834751 3680 FreeSigner(signer, cm->heap);
wolfSSL 11:cee25a834751 3681 }
wolfSSL 11:cee25a834751 3682 }
wolfSSL 11:cee25a834751 3683 }
wolfSSL 11:cee25a834751 3684
wolfSSL 11:cee25a834751 3685 WOLFSSL_MSG("\tFreeing Parsed CA");
wolfSSL 11:cee25a834751 3686 FreeDecodedCert(cert);
wolfSSL 11:cee25a834751 3687 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 3688 XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 3689 #endif
wolfSSL 11:cee25a834751 3690 WOLFSSL_MSG("\tFreeing der CA");
wolfSSL 11:cee25a834751 3691 FreeDer(pDer);
wolfSSL 11:cee25a834751 3692 WOLFSSL_MSG("\t\tOK Freeing der CA");
wolfSSL 11:cee25a834751 3693
wolfSSL 11:cee25a834751 3694 WOLFSSL_LEAVE("AddCA", ret);
wolfSSL 11:cee25a834751 3695
wolfSSL 11:cee25a834751 3696 return ret == 0 ? SSL_SUCCESS : ret;
wolfSSL 11:cee25a834751 3697 }
wolfSSL 11:cee25a834751 3698
wolfSSL 11:cee25a834751 3699 #endif /* !NO_CERTS */
wolfSSL 11:cee25a834751 3700
wolfSSL 11:cee25a834751 3701
wolfSSL 11:cee25a834751 3702 #ifndef NO_SESSION_CACHE
wolfSSL 11:cee25a834751 3703
wolfSSL 11:cee25a834751 3704 /* basic config gives a cache with 33 sessions, adequate for clients and
wolfSSL 11:cee25a834751 3705 embedded servers
wolfSSL 11:cee25a834751 3706
wolfSSL 11:cee25a834751 3707 MEDIUM_SESSION_CACHE allows 1055 sessions, adequate for servers that
wolfSSL 11:cee25a834751 3708 aren't under heavy load, basically allows 200 new sessions per minute
wolfSSL 11:cee25a834751 3709
wolfSSL 11:cee25a834751 3710 BIG_SESSION_CACHE yields 20,027 sessions
wolfSSL 11:cee25a834751 3711
wolfSSL 11:cee25a834751 3712 HUGE_SESSION_CACHE yields 65,791 sessions, for servers under heavy load,
wolfSSL 11:cee25a834751 3713 allows over 13,000 new sessions per minute or over 200 new sessions per
wolfSSL 11:cee25a834751 3714 second
wolfSSL 11:cee25a834751 3715
wolfSSL 11:cee25a834751 3716 SMALL_SESSION_CACHE only stores 6 sessions, good for embedded clients
wolfSSL 11:cee25a834751 3717 or systems where the default of nearly 3kB is too much RAM, this define
wolfSSL 11:cee25a834751 3718 uses less than 500 bytes RAM
wolfSSL 11:cee25a834751 3719
wolfSSL 11:cee25a834751 3720 default SESSION_CACHE stores 33 sessions (no XXX_SESSION_CACHE defined)
wolfSSL 11:cee25a834751 3721 */
wolfSSL 11:cee25a834751 3722 #ifdef HUGE_SESSION_CACHE
wolfSSL 11:cee25a834751 3723 #define SESSIONS_PER_ROW 11
wolfSSL 11:cee25a834751 3724 #define SESSION_ROWS 5981
wolfSSL 11:cee25a834751 3725 #elif defined(BIG_SESSION_CACHE)
wolfSSL 11:cee25a834751 3726 #define SESSIONS_PER_ROW 7
wolfSSL 11:cee25a834751 3727 #define SESSION_ROWS 2861
wolfSSL 11:cee25a834751 3728 #elif defined(MEDIUM_SESSION_CACHE)
wolfSSL 11:cee25a834751 3729 #define SESSIONS_PER_ROW 5
wolfSSL 11:cee25a834751 3730 #define SESSION_ROWS 211
wolfSSL 11:cee25a834751 3731 #elif defined(SMALL_SESSION_CACHE)
wolfSSL 11:cee25a834751 3732 #define SESSIONS_PER_ROW 2
wolfSSL 11:cee25a834751 3733 #define SESSION_ROWS 3
wolfSSL 11:cee25a834751 3734 #else
wolfSSL 11:cee25a834751 3735 #define SESSIONS_PER_ROW 3
wolfSSL 11:cee25a834751 3736 #define SESSION_ROWS 11
wolfSSL 11:cee25a834751 3737 #endif
wolfSSL 11:cee25a834751 3738
wolfSSL 11:cee25a834751 3739 typedef struct SessionRow {
wolfSSL 11:cee25a834751 3740 int nextIdx; /* where to place next one */
wolfSSL 11:cee25a834751 3741 int totalCount; /* sessions ever on this row */
wolfSSL 11:cee25a834751 3742 WOLFSSL_SESSION Sessions[SESSIONS_PER_ROW];
wolfSSL 11:cee25a834751 3743 } SessionRow;
wolfSSL 11:cee25a834751 3744
wolfSSL 11:cee25a834751 3745 static SessionRow SessionCache[SESSION_ROWS];
wolfSSL 11:cee25a834751 3746
wolfSSL 11:cee25a834751 3747 #if defined(WOLFSSL_SESSION_STATS) && defined(WOLFSSL_PEAK_SESSIONS)
wolfSSL 11:cee25a834751 3748 static word32 PeakSessions;
wolfSSL 11:cee25a834751 3749 #endif
wolfSSL 11:cee25a834751 3750
wolfSSL 11:cee25a834751 3751 static wolfSSL_Mutex session_mutex; /* SessionCache mutex */
wolfSSL 11:cee25a834751 3752
wolfSSL 11:cee25a834751 3753 #ifndef NO_CLIENT_CACHE
wolfSSL 11:cee25a834751 3754
wolfSSL 11:cee25a834751 3755 typedef struct ClientSession {
wolfSSL 11:cee25a834751 3756 word16 serverRow; /* SessionCache Row id */
wolfSSL 11:cee25a834751 3757 word16 serverIdx; /* SessionCache Idx (column) */
wolfSSL 11:cee25a834751 3758 } ClientSession;
wolfSSL 11:cee25a834751 3759
wolfSSL 11:cee25a834751 3760 typedef struct ClientRow {
wolfSSL 11:cee25a834751 3761 int nextIdx; /* where to place next one */
wolfSSL 11:cee25a834751 3762 int totalCount; /* sessions ever on this row */
wolfSSL 11:cee25a834751 3763 ClientSession Clients[SESSIONS_PER_ROW];
wolfSSL 11:cee25a834751 3764 } ClientRow;
wolfSSL 11:cee25a834751 3765
wolfSSL 11:cee25a834751 3766 static ClientRow ClientCache[SESSION_ROWS]; /* Client Cache */
wolfSSL 11:cee25a834751 3767 /* uses session mutex */
wolfSSL 11:cee25a834751 3768 #endif /* NO_CLIENT_CACHE */
wolfSSL 11:cee25a834751 3769
wolfSSL 11:cee25a834751 3770 #endif /* NO_SESSION_CACHE */
wolfSSL 11:cee25a834751 3771
wolfSSL 11:cee25a834751 3772 int wolfSSL_Init(void)
wolfSSL 11:cee25a834751 3773 {
wolfSSL 11:cee25a834751 3774 WOLFSSL_ENTER("wolfSSL_Init");
wolfSSL 11:cee25a834751 3775
wolfSSL 11:cee25a834751 3776 if (initRefCount == 0) {
wolfSSL 11:cee25a834751 3777 /* Initialize crypto for use with TLS connection */
wolfSSL 11:cee25a834751 3778 if (wolfCrypt_Init() != 0) {
wolfSSL 11:cee25a834751 3779 WOLFSSL_MSG("Bad wolfCrypt Init");
wolfSSL 11:cee25a834751 3780 return WC_INIT_E;
wolfSSL 11:cee25a834751 3781 }
wolfSSL 11:cee25a834751 3782 #ifndef NO_SESSION_CACHE
wolfSSL 11:cee25a834751 3783 if (wc_InitMutex(&session_mutex) != 0) {
wolfSSL 11:cee25a834751 3784 WOLFSSL_MSG("Bad Init Mutex session");
wolfSSL 11:cee25a834751 3785 return BAD_MUTEX_E;
wolfSSL 11:cee25a834751 3786 }
wolfSSL 11:cee25a834751 3787 #endif
wolfSSL 11:cee25a834751 3788 if (wc_InitMutex(&count_mutex) != 0) {
wolfSSL 11:cee25a834751 3789 WOLFSSL_MSG("Bad Init Mutex count");
wolfSSL 11:cee25a834751 3790 return BAD_MUTEX_E;
wolfSSL 11:cee25a834751 3791 }
wolfSSL 11:cee25a834751 3792 }
wolfSSL 11:cee25a834751 3793
wolfSSL 11:cee25a834751 3794 if (wc_LockMutex(&count_mutex) != 0) {
wolfSSL 11:cee25a834751 3795 WOLFSSL_MSG("Bad Lock Mutex count");
wolfSSL 11:cee25a834751 3796 return BAD_MUTEX_E;
wolfSSL 11:cee25a834751 3797 }
wolfSSL 11:cee25a834751 3798
wolfSSL 11:cee25a834751 3799 initRefCount++;
wolfSSL 11:cee25a834751 3800 wc_UnLockMutex(&count_mutex);
wolfSSL 11:cee25a834751 3801
wolfSSL 11:cee25a834751 3802 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 3803 }
wolfSSL 11:cee25a834751 3804
wolfSSL 11:cee25a834751 3805
wolfSSL 11:cee25a834751 3806 #if (defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)) && !defined(NO_CERTS)
wolfSSL 11:cee25a834751 3807
wolfSSL 11:cee25a834751 3808 /* SSL_SUCCESS if ok, <= 0 else */
wolfSSL 11:cee25a834751 3809 static int wolfssl_decrypt_buffer_key(DerBuffer* der, byte* password,
wolfSSL 11:cee25a834751 3810 int passwordSz, EncryptedInfo* info)
wolfSSL 11:cee25a834751 3811 {
wolfSSL 11:cee25a834751 3812 int ret = SSL_BAD_FILE;
wolfSSL 11:cee25a834751 3813
wolfSSL 11:cee25a834751 3814 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 3815 byte* key = NULL;
wolfSSL 11:cee25a834751 3816 #else
wolfSSL 11:cee25a834751 3817 byte key[AES_256_KEY_SIZE];
wolfSSL 11:cee25a834751 3818 #endif
wolfSSL 11:cee25a834751 3819
wolfSSL 11:cee25a834751 3820 (void)passwordSz;
wolfSSL 11:cee25a834751 3821 (void)key;
wolfSSL 11:cee25a834751 3822
wolfSSL 11:cee25a834751 3823 WOLFSSL_ENTER("wolfssl_decrypt_buffer_key");
wolfSSL 11:cee25a834751 3824
wolfSSL 11:cee25a834751 3825 if (der == NULL || password == NULL || info == NULL) {
wolfSSL 11:cee25a834751 3826 WOLFSSL_MSG("bad arguments");
wolfSSL 11:cee25a834751 3827 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 3828 }
wolfSSL 11:cee25a834751 3829
wolfSSL 11:cee25a834751 3830 /* use file's salt for key derivation, hex decode first */
wolfSSL 11:cee25a834751 3831 if (Base16_Decode(info->iv, info->ivSz, info->iv, &info->ivSz) != 0) {
wolfSSL 11:cee25a834751 3832 WOLFSSL_MSG("base16 decode failed");
wolfSSL 11:cee25a834751 3833 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 3834 }
wolfSSL 11:cee25a834751 3835
wolfSSL 11:cee25a834751 3836 #ifndef NO_MD5
wolfSSL 11:cee25a834751 3837
wolfSSL 11:cee25a834751 3838 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 3839 key = (byte*)XMALLOC(AES_256_KEY_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 3840 if (key == NULL) {
wolfSSL 11:cee25a834751 3841 WOLFSSL_MSG("memory failure");
wolfSSL 11:cee25a834751 3842 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 3843 }
wolfSSL 11:cee25a834751 3844 #endif /* WOLFSSL_SMALL_STACK */
wolfSSL 11:cee25a834751 3845
wolfSSL 11:cee25a834751 3846 if ((ret = wolfSSL_EVP_BytesToKey(info->name, "MD5", info->iv,
wolfSSL 11:cee25a834751 3847 password, passwordSz, 1, key, NULL)) <= 0) {
wolfSSL 11:cee25a834751 3848 WOLFSSL_MSG("bytes to key failure");
wolfSSL 11:cee25a834751 3849 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 3850 XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 3851 #endif
wolfSSL 11:cee25a834751 3852 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 3853 }
wolfSSL 11:cee25a834751 3854
wolfSSL 11:cee25a834751 3855 #endif /* NO_MD5 */
wolfSSL 11:cee25a834751 3856
wolfSSL 11:cee25a834751 3857 #ifndef NO_DES3
wolfSSL 11:cee25a834751 3858 if (XSTRNCMP(info->name, EVP_DES_CBC, EVP_DES_SIZE) == 0)
wolfSSL 11:cee25a834751 3859 ret = wc_Des_CbcDecryptWithKey(der->buffer, der->buffer, der->length,
wolfSSL 11:cee25a834751 3860 key, info->iv);
wolfSSL 11:cee25a834751 3861 else if (XSTRNCMP(info->name, EVP_DES_EDE3_CBC, EVP_DES_EDE3_SIZE) == 0)
wolfSSL 11:cee25a834751 3862 ret = wc_Des3_CbcDecryptWithKey(der->buffer, der->buffer, der->length,
wolfSSL 11:cee25a834751 3863 key, info->iv);
wolfSSL 11:cee25a834751 3864 #endif /* NO_DES3 */
wolfSSL 11:cee25a834751 3865 #if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(HAVE_AES_DECRYPT)
wolfSSL 11:cee25a834751 3866 if (XSTRNCMP(info->name, EVP_AES_128_CBC, EVP_AES_SIZE) == 0)
wolfSSL 11:cee25a834751 3867 ret = wc_AesCbcDecryptWithKey(der->buffer, der->buffer, der->length,
wolfSSL 11:cee25a834751 3868 key, AES_128_KEY_SIZE, info->iv);
wolfSSL 11:cee25a834751 3869 else if (XSTRNCMP(info->name, EVP_AES_192_CBC, EVP_AES_SIZE) == 0)
wolfSSL 11:cee25a834751 3870 ret = wc_AesCbcDecryptWithKey(der->buffer, der->buffer, der->length,
wolfSSL 11:cee25a834751 3871 key, AES_192_KEY_SIZE, info->iv);
wolfSSL 11:cee25a834751 3872 else if (XSTRNCMP(info->name, EVP_AES_256_CBC, EVP_AES_SIZE) == 0)
wolfSSL 11:cee25a834751 3873 ret = wc_AesCbcDecryptWithKey(der->buffer, der->buffer, der->length,
wolfSSL 11:cee25a834751 3874 key, AES_256_KEY_SIZE, info->iv);
wolfSSL 11:cee25a834751 3875 #endif /* !NO_AES && HAVE_AES_CBC && HAVE_AES_DECRYPT */
wolfSSL 11:cee25a834751 3876
wolfSSL 11:cee25a834751 3877 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 3878 XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 3879 #endif
wolfSSL 11:cee25a834751 3880
wolfSSL 11:cee25a834751 3881 if (ret == MP_OKAY)
wolfSSL 11:cee25a834751 3882 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 3883 else if (ret == SSL_BAD_FILE)
wolfSSL 11:cee25a834751 3884 return SSL_BAD_FILE;
wolfSSL 11:cee25a834751 3885
wolfSSL 11:cee25a834751 3886 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 3887 }
wolfSSL 11:cee25a834751 3888 #endif /* defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) */
wolfSSL 11:cee25a834751 3889
wolfSSL 11:cee25a834751 3890
wolfSSL 11:cee25a834751 3891 #if defined(WOLFSSL_KEY_GEN) && defined(OPENSSL_EXTRA)
wolfSSL 11:cee25a834751 3892 static int wolfssl_encrypt_buffer_key(byte* der, word32 derSz, byte* password,
wolfSSL 11:cee25a834751 3893 int passwordSz, EncryptedInfo* info)
wolfSSL 11:cee25a834751 3894 {
wolfSSL 11:cee25a834751 3895 int ret = SSL_BAD_FILE;
wolfSSL 11:cee25a834751 3896
wolfSSL 11:cee25a834751 3897 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 3898 byte* key = NULL;
wolfSSL 11:cee25a834751 3899 #else
wolfSSL 11:cee25a834751 3900 byte key[AES_256_KEY_SIZE];
wolfSSL 11:cee25a834751 3901 #endif
wolfSSL 11:cee25a834751 3902
wolfSSL 11:cee25a834751 3903 (void)derSz;
wolfSSL 11:cee25a834751 3904 (void)passwordSz;
wolfSSL 11:cee25a834751 3905 (void)key;
wolfSSL 11:cee25a834751 3906
wolfSSL 11:cee25a834751 3907 WOLFSSL_ENTER("wolfssl_encrypt_buffer_key");
wolfSSL 11:cee25a834751 3908
wolfSSL 11:cee25a834751 3909 if (der == NULL || password == NULL || info == NULL || info->ivSz == 0) {
wolfSSL 11:cee25a834751 3910 WOLFSSL_MSG("bad arguments");
wolfSSL 11:cee25a834751 3911 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 3912 }
wolfSSL 11:cee25a834751 3913
wolfSSL 11:cee25a834751 3914 #ifndef NO_MD5
wolfSSL 11:cee25a834751 3915
wolfSSL 11:cee25a834751 3916 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 3917 key = (byte*)XMALLOC(AES_256_KEY_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 3918 if (key == NULL) {
wolfSSL 11:cee25a834751 3919 WOLFSSL_MSG("memory failure");
wolfSSL 11:cee25a834751 3920 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 3921 }
wolfSSL 11:cee25a834751 3922 #endif /* WOLFSSL_SMALL_STACK */
wolfSSL 11:cee25a834751 3923
wolfSSL 11:cee25a834751 3924 if ((ret = wolfSSL_EVP_BytesToKey(info->name, "MD5", info->iv,
wolfSSL 11:cee25a834751 3925 password, passwordSz, 1, key, NULL)) <= 0) {
wolfSSL 11:cee25a834751 3926 WOLFSSL_MSG("bytes to key failure");
wolfSSL 11:cee25a834751 3927 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 3928 XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 3929 #endif
wolfSSL 11:cee25a834751 3930 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 3931 }
wolfSSL 11:cee25a834751 3932
wolfSSL 11:cee25a834751 3933 #endif /* NO_MD5 */
wolfSSL 11:cee25a834751 3934
wolfSSL 11:cee25a834751 3935 if (ret > 0) {
wolfSSL 11:cee25a834751 3936 ret = SSL_BAD_FILE; /* Reset error return */
wolfSSL 11:cee25a834751 3937 #ifndef NO_DES3
wolfSSL 11:cee25a834751 3938 if (XSTRNCMP(info->name, EVP_DES_CBC, EVP_DES_SIZE) == 0)
wolfSSL 11:cee25a834751 3939 ret = wc_Des_CbcEncryptWithKey(der, der, derSz, key, info->iv);
wolfSSL 11:cee25a834751 3940 else if (XSTRNCMP(info->name, EVP_DES_EDE3_CBC, EVP_DES_EDE3_SIZE) == 0)
wolfSSL 11:cee25a834751 3941 ret = wc_Des3_CbcEncryptWithKey(der, der, derSz, key, info->iv);
wolfSSL 11:cee25a834751 3942 #endif /* NO_DES3 */
wolfSSL 11:cee25a834751 3943 #ifndef NO_AES
wolfSSL 11:cee25a834751 3944 if (XSTRNCMP(info->name, EVP_AES_128_CBC, EVP_AES_SIZE) == 0)
wolfSSL 11:cee25a834751 3945 ret = wc_AesCbcEncryptWithKey(der, der, derSz,
wolfSSL 11:cee25a834751 3946 key, AES_128_KEY_SIZE, info->iv);
wolfSSL 11:cee25a834751 3947 else if (XSTRNCMP(info->name, EVP_AES_192_CBC, EVP_AES_SIZE) == 0)
wolfSSL 11:cee25a834751 3948 ret = wc_AesCbcEncryptWithKey(der, der, derSz,
wolfSSL 11:cee25a834751 3949 key, AES_192_KEY_SIZE, info->iv);
wolfSSL 11:cee25a834751 3950 else if (XSTRNCMP(info->name, EVP_AES_256_CBC, EVP_AES_SIZE) == 0)
wolfSSL 11:cee25a834751 3951 ret = wc_AesCbcEncryptWithKey(der, der, derSz,
wolfSSL 11:cee25a834751 3952 key, AES_256_KEY_SIZE, info->iv);
wolfSSL 11:cee25a834751 3953 #endif /* NO_AES */
wolfSSL 11:cee25a834751 3954 }
wolfSSL 11:cee25a834751 3955
wolfSSL 11:cee25a834751 3956 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 3957 XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 3958 #endif
wolfSSL 11:cee25a834751 3959
wolfSSL 11:cee25a834751 3960 if (ret == MP_OKAY)
wolfSSL 11:cee25a834751 3961 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 3962 else if (ret == SSL_BAD_FILE)
wolfSSL 11:cee25a834751 3963 return SSL_BAD_FILE;
wolfSSL 11:cee25a834751 3964
wolfSSL 11:cee25a834751 3965 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 3966 }
wolfSSL 11:cee25a834751 3967 #endif /* defined(WOLFSSL_KEY_GEN) */
wolfSSL 11:cee25a834751 3968
wolfSSL 11:cee25a834751 3969
wolfSSL 11:cee25a834751 3970 #ifndef NO_CERTS
wolfSSL 11:cee25a834751 3971
wolfSSL 11:cee25a834751 3972 /* Remove PEM header/footer, convert to ASN1, store any encrypted data
wolfSSL 11:cee25a834751 3973 info->consumed tracks of PEM bytes consumed in case multiple parts */
wolfSSL 11:cee25a834751 3974 int PemToDer(const unsigned char* buff, long longSz, int type,
wolfSSL 11:cee25a834751 3975 DerBuffer** pDer, void* heap, EncryptedInfo* info, int* eccKey)
wolfSSL 11:cee25a834751 3976 {
wolfSSL 11:cee25a834751 3977 const char* header = NULL;
wolfSSL 11:cee25a834751 3978 const char* footer = NULL;
wolfSSL 11:cee25a834751 3979 char* headerEnd;
wolfSSL 11:cee25a834751 3980 char* footerEnd;
wolfSSL 11:cee25a834751 3981 char* consumedEnd;
wolfSSL 11:cee25a834751 3982 char* bufferEnd = (char*)(buff + longSz);
wolfSSL 11:cee25a834751 3983 long neededSz;
wolfSSL 11:cee25a834751 3984 int ret = 0;
wolfSSL 11:cee25a834751 3985 int sz = (int)longSz;
wolfSSL 11:cee25a834751 3986 int encrypted_key = 0;
wolfSSL 11:cee25a834751 3987 DerBuffer* der;
wolfSSL 11:cee25a834751 3988
wolfSSL 11:cee25a834751 3989 WOLFSSL_ENTER("PemToDer");
wolfSSL 11:cee25a834751 3990
wolfSSL 11:cee25a834751 3991 switch (type) {
wolfSSL 11:cee25a834751 3992 case CA_TYPE: /* same as below */
wolfSSL 11:cee25a834751 3993 case TRUSTED_PEER_TYPE:
wolfSSL 11:cee25a834751 3994 case CERT_TYPE: header=BEGIN_CERT; footer=END_CERT; break;
wolfSSL 11:cee25a834751 3995 case CRL_TYPE: header=BEGIN_X509_CRL; footer=END_X509_CRL; break;
wolfSSL 11:cee25a834751 3996 case DH_PARAM_TYPE: header=BEGIN_DH_PARAM; footer=END_DH_PARAM; break;
wolfSSL 11:cee25a834751 3997 case DSA_PARAM_TYPE: header=BEGIN_DSA_PARAM; footer=END_DSA_PARAM; break;
wolfSSL 11:cee25a834751 3998 case CERTREQ_TYPE: header=BEGIN_CERT_REQ; footer=END_CERT_REQ; break;
wolfSSL 11:cee25a834751 3999 case DSA_TYPE: header=BEGIN_DSA_PRIV; footer=END_DSA_PRIV; break;
wolfSSL 11:cee25a834751 4000 case ECC_TYPE: header=BEGIN_EC_PRIV; footer=END_EC_PRIV; break;
wolfSSL 11:cee25a834751 4001 case RSA_TYPE: header=BEGIN_RSA_PRIV; footer=END_RSA_PRIV; break;
wolfSSL 11:cee25a834751 4002 case PUBLICKEY_TYPE: header=BEGIN_PUB_KEY; footer=END_PUB_KEY; break;
wolfSSL 11:cee25a834751 4003 default: header=BEGIN_RSA_PRIV; footer=END_RSA_PRIV; break;
wolfSSL 11:cee25a834751 4004 }
wolfSSL 11:cee25a834751 4005
wolfSSL 11:cee25a834751 4006 /* find header */
wolfSSL 11:cee25a834751 4007 for (;;) {
wolfSSL 11:cee25a834751 4008 headerEnd = XSTRNSTR((char*)buff, header, sz);
wolfSSL 11:cee25a834751 4009
wolfSSL 11:cee25a834751 4010 if (headerEnd || type != PRIVATEKEY_TYPE) {
wolfSSL 11:cee25a834751 4011 break;
wolfSSL 11:cee25a834751 4012 } else if (header == BEGIN_RSA_PRIV) {
wolfSSL 11:cee25a834751 4013 header = BEGIN_PRIV_KEY; footer = END_PRIV_KEY;
wolfSSL 11:cee25a834751 4014 } else if (header == BEGIN_PRIV_KEY) {
wolfSSL 11:cee25a834751 4015 header = BEGIN_ENC_PRIV_KEY; footer = END_ENC_PRIV_KEY;
wolfSSL 11:cee25a834751 4016 } else if (header == BEGIN_ENC_PRIV_KEY) {
wolfSSL 11:cee25a834751 4017 header = BEGIN_EC_PRIV; footer = END_EC_PRIV;
wolfSSL 11:cee25a834751 4018 } else if (header == BEGIN_EC_PRIV) {
wolfSSL 11:cee25a834751 4019 header = BEGIN_DSA_PRIV; footer = END_DSA_PRIV;
wolfSSL 11:cee25a834751 4020 } else
wolfSSL 11:cee25a834751 4021 break;
wolfSSL 11:cee25a834751 4022 }
wolfSSL 11:cee25a834751 4023
wolfSSL 11:cee25a834751 4024 if (!headerEnd) {
wolfSSL 11:cee25a834751 4025 WOLFSSL_MSG("Couldn't find PEM header");
wolfSSL 11:cee25a834751 4026 return SSL_NO_PEM_HEADER;
wolfSSL 11:cee25a834751 4027 }
wolfSSL 11:cee25a834751 4028
wolfSSL 11:cee25a834751 4029 headerEnd += XSTRLEN(header);
wolfSSL 11:cee25a834751 4030
wolfSSL 11:cee25a834751 4031 if ((headerEnd + 1) >= bufferEnd)
wolfSSL 11:cee25a834751 4032 return SSL_BAD_FILE;
wolfSSL 11:cee25a834751 4033
wolfSSL 11:cee25a834751 4034 /* eat end of line */
wolfSSL 11:cee25a834751 4035 if (headerEnd[0] == '\n')
wolfSSL 11:cee25a834751 4036 headerEnd++;
wolfSSL 11:cee25a834751 4037 else if (headerEnd[1] == '\n')
wolfSSL 11:cee25a834751 4038 headerEnd += 2;
wolfSSL 11:cee25a834751 4039 else {
wolfSSL 11:cee25a834751 4040 if (info)
wolfSSL 11:cee25a834751 4041 info->consumed = (long)(headerEnd+2 - (char*)buff);
wolfSSL 11:cee25a834751 4042 return SSL_BAD_FILE;
wolfSSL 11:cee25a834751 4043 }
wolfSSL 11:cee25a834751 4044
wolfSSL 11:cee25a834751 4045 if (type == PRIVATEKEY_TYPE) {
wolfSSL 11:cee25a834751 4046 if (eccKey)
wolfSSL 11:cee25a834751 4047 *eccKey = header == BEGIN_EC_PRIV;
wolfSSL 11:cee25a834751 4048 }
wolfSSL 11:cee25a834751 4049
wolfSSL 11:cee25a834751 4050 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
wolfSSL 11:cee25a834751 4051 {
wolfSSL 11:cee25a834751 4052 /* remove encrypted header if there */
wolfSSL 11:cee25a834751 4053 char encHeader[] = "Proc-Type";
wolfSSL 11:cee25a834751 4054 char* line = XSTRNSTR(headerEnd, encHeader, PEM_LINE_LEN);
wolfSSL 11:cee25a834751 4055 if (line) {
wolfSSL 11:cee25a834751 4056 char* newline;
wolfSSL 11:cee25a834751 4057 char* finish;
wolfSSL 11:cee25a834751 4058 char* start = XSTRNSTR(line, "DES", PEM_LINE_LEN);
wolfSSL 11:cee25a834751 4059
wolfSSL 11:cee25a834751 4060 if (!start)
wolfSSL 11:cee25a834751 4061 start = XSTRNSTR(line, "AES", PEM_LINE_LEN);
wolfSSL 11:cee25a834751 4062
wolfSSL 11:cee25a834751 4063 if (!start) return SSL_BAD_FILE;
wolfSSL 11:cee25a834751 4064 if (!info) return SSL_BAD_FILE;
wolfSSL 11:cee25a834751 4065
wolfSSL 11:cee25a834751 4066 finish = XSTRNSTR(start, ",", PEM_LINE_LEN);
wolfSSL 11:cee25a834751 4067
wolfSSL 11:cee25a834751 4068 if (start && finish && (start < finish)) {
wolfSSL 11:cee25a834751 4069 newline = XSTRNSTR(finish, "\r", PEM_LINE_LEN);
wolfSSL 11:cee25a834751 4070
wolfSSL 11:cee25a834751 4071 if (XMEMCPY(info->name, start, finish - start) == NULL)
wolfSSL 11:cee25a834751 4072 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 4073 info->name[finish - start] = 0;
wolfSSL 11:cee25a834751 4074 if (XMEMCPY(info->iv, finish + 1, sizeof(info->iv)) == NULL)
wolfSSL 11:cee25a834751 4075 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 4076
wolfSSL 11:cee25a834751 4077 if (!newline) newline = XSTRNSTR(finish, "\n", PEM_LINE_LEN);
wolfSSL 11:cee25a834751 4078 if (newline && (newline > finish)) {
wolfSSL 11:cee25a834751 4079 info->ivSz = (word32)(newline - (finish + 1));
wolfSSL 11:cee25a834751 4080 info->set = 1;
wolfSSL 11:cee25a834751 4081 }
wolfSSL 11:cee25a834751 4082 else
wolfSSL 11:cee25a834751 4083 return SSL_BAD_FILE;
wolfSSL 11:cee25a834751 4084 }
wolfSSL 11:cee25a834751 4085 else
wolfSSL 11:cee25a834751 4086 return SSL_BAD_FILE;
wolfSSL 11:cee25a834751 4087
wolfSSL 11:cee25a834751 4088 /* eat blank line */
wolfSSL 11:cee25a834751 4089 while (*newline == '\r' || *newline == '\n')
wolfSSL 11:cee25a834751 4090 newline++;
wolfSSL 11:cee25a834751 4091 headerEnd = newline;
wolfSSL 11:cee25a834751 4092
wolfSSL 11:cee25a834751 4093 encrypted_key = 1;
wolfSSL 11:cee25a834751 4094 }
wolfSSL 11:cee25a834751 4095 }
wolfSSL 11:cee25a834751 4096 #endif /* OPENSSL_EXTRA || HAVE_WEBSERVER */
wolfSSL 11:cee25a834751 4097
wolfSSL 11:cee25a834751 4098 /* find footer */
wolfSSL 11:cee25a834751 4099 footerEnd = XSTRNSTR((char*)buff, footer, sz);
wolfSSL 11:cee25a834751 4100 if (!footerEnd) {
wolfSSL 11:cee25a834751 4101 if (info)
wolfSSL 11:cee25a834751 4102 info->consumed = longSz; /* No more certs if no footer */
wolfSSL 11:cee25a834751 4103 return SSL_BAD_FILE;
wolfSSL 11:cee25a834751 4104 }
wolfSSL 11:cee25a834751 4105
wolfSSL 11:cee25a834751 4106 consumedEnd = footerEnd + XSTRLEN(footer);
wolfSSL 11:cee25a834751 4107
wolfSSL 11:cee25a834751 4108 if (consumedEnd < bufferEnd) { /* handle no end of line on last line */
wolfSSL 11:cee25a834751 4109 /* eat end of line */
wolfSSL 11:cee25a834751 4110 if (consumedEnd[0] == '\n')
wolfSSL 11:cee25a834751 4111 consumedEnd++;
wolfSSL 11:cee25a834751 4112 else if ((consumedEnd + 1 < bufferEnd) && consumedEnd[1] == '\n')
wolfSSL 11:cee25a834751 4113 consumedEnd += 2;
wolfSSL 11:cee25a834751 4114 else {
wolfSSL 11:cee25a834751 4115 if (info)
wolfSSL 11:cee25a834751 4116 info->consumed = (long)(consumedEnd+2 - (char*)buff);
wolfSSL 11:cee25a834751 4117 return SSL_BAD_FILE;
wolfSSL 11:cee25a834751 4118 }
wolfSSL 11:cee25a834751 4119 }
wolfSSL 11:cee25a834751 4120
wolfSSL 11:cee25a834751 4121 if (info)
wolfSSL 11:cee25a834751 4122 info->consumed = (long)(consumedEnd - (char*)buff);
wolfSSL 11:cee25a834751 4123
wolfSSL 11:cee25a834751 4124 /* set up der buffer */
wolfSSL 11:cee25a834751 4125 neededSz = (long)(footerEnd - headerEnd);
wolfSSL 11:cee25a834751 4126 if (neededSz > sz || neededSz <= 0)
wolfSSL 11:cee25a834751 4127 return SSL_BAD_FILE;
wolfSSL 11:cee25a834751 4128
wolfSSL 11:cee25a834751 4129 ret = AllocDer(pDer, (word32)neededSz, type, heap);
wolfSSL 11:cee25a834751 4130 if (ret < 0) {
wolfSSL 11:cee25a834751 4131 return ret;
wolfSSL 11:cee25a834751 4132 }
wolfSSL 11:cee25a834751 4133 der = *pDer;
wolfSSL 11:cee25a834751 4134
wolfSSL 11:cee25a834751 4135 if (Base64_Decode((byte*)headerEnd, (word32)neededSz,
wolfSSL 11:cee25a834751 4136 der->buffer, &der->length) < 0)
wolfSSL 11:cee25a834751 4137 return SSL_BAD_FILE;
wolfSSL 11:cee25a834751 4138
wolfSSL 11:cee25a834751 4139 if (header == BEGIN_PRIV_KEY && !encrypted_key) {
wolfSSL 11:cee25a834751 4140 /* pkcs8 key, convert and adjust length */
wolfSSL 11:cee25a834751 4141 if ((ret = ToTraditional(der->buffer, der->length)) < 0)
wolfSSL 11:cee25a834751 4142 return ret;
wolfSSL 11:cee25a834751 4143
wolfSSL 11:cee25a834751 4144 der->length = ret;
wolfSSL 11:cee25a834751 4145 return 0;
wolfSSL 11:cee25a834751 4146 }
wolfSSL 11:cee25a834751 4147
wolfSSL 11:cee25a834751 4148 #if (defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)) && !defined(NO_PWDBASED)
wolfSSL 11:cee25a834751 4149 if (encrypted_key || header == BEGIN_ENC_PRIV_KEY) {
wolfSSL 11:cee25a834751 4150 int passwordSz;
wolfSSL 11:cee25a834751 4151 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 4152 char* password = NULL;
wolfSSL 11:cee25a834751 4153 #else
wolfSSL 11:cee25a834751 4154 char password[80];
wolfSSL 11:cee25a834751 4155 #endif
wolfSSL 11:cee25a834751 4156
wolfSSL 11:cee25a834751 4157 if (!info || !info->ctx || !info->ctx->passwd_cb)
wolfSSL 11:cee25a834751 4158 return SSL_BAD_FILE; /* no callback error */
wolfSSL 11:cee25a834751 4159
wolfSSL 11:cee25a834751 4160 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 4161 password = (char*)XMALLOC(80, heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 4162 if (password == NULL)
wolfSSL 11:cee25a834751 4163 return MEMORY_E;
wolfSSL 11:cee25a834751 4164 #endif
wolfSSL 11:cee25a834751 4165 passwordSz = info->ctx->passwd_cb(password, sizeof(password), 0,
wolfSSL 11:cee25a834751 4166 info->ctx->userdata);
wolfSSL 11:cee25a834751 4167 /* convert and adjust length */
wolfSSL 11:cee25a834751 4168 if (header == BEGIN_ENC_PRIV_KEY) {
wolfSSL 11:cee25a834751 4169 ret = ToTraditionalEnc(der->buffer, der->length,
wolfSSL 11:cee25a834751 4170 password, passwordSz);
wolfSSL 11:cee25a834751 4171 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 4172 XFREE(password, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 4173 #endif
wolfSSL 11:cee25a834751 4174 if (ret < 0) {
wolfSSL 11:cee25a834751 4175 return ret;
wolfSSL 11:cee25a834751 4176 }
wolfSSL 11:cee25a834751 4177
wolfSSL 11:cee25a834751 4178 der->length = ret;
wolfSSL 11:cee25a834751 4179 }
wolfSSL 11:cee25a834751 4180 /* decrypt the key */
wolfSSL 11:cee25a834751 4181 else {
wolfSSL 11:cee25a834751 4182 ret = wolfssl_decrypt_buffer_key(der, (byte*)password,
wolfSSL 11:cee25a834751 4183 passwordSz, info);
wolfSSL 11:cee25a834751 4184 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 4185 XFREE(password, heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 4186 #endif
wolfSSL 11:cee25a834751 4187 if (ret != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 4188 return ret;
wolfSSL 11:cee25a834751 4189 }
wolfSSL 11:cee25a834751 4190 }
wolfSSL 11:cee25a834751 4191 }
wolfSSL 11:cee25a834751 4192 #endif /* OPENSSL_EXTRA || HAVE_WEBSERVER || NO_PWDBASED */
wolfSSL 11:cee25a834751 4193
wolfSSL 11:cee25a834751 4194 return 0;
wolfSSL 11:cee25a834751 4195 }
wolfSSL 11:cee25a834751 4196
wolfSSL 11:cee25a834751 4197
wolfSSL 11:cee25a834751 4198
wolfSSL 11:cee25a834751 4199 /* process user cert chain to pass during the handshake */
wolfSSL 11:cee25a834751 4200 static int ProcessUserChain(WOLFSSL_CTX* ctx, const unsigned char* buff,
wolfSSL 11:cee25a834751 4201 long sz, int format, int type, WOLFSSL* ssl,
wolfSSL 11:cee25a834751 4202 long* used, EncryptedInfo* info)
wolfSSL 11:cee25a834751 4203 {
wolfSSL 11:cee25a834751 4204 int ret = 0;
wolfSSL 11:cee25a834751 4205 void* heap = ctx ? ctx->heap : ((ssl) ? ssl->heap : NULL);
wolfSSL 11:cee25a834751 4206
wolfSSL 11:cee25a834751 4207 /* we may have a user cert chain, try to consume */
wolfSSL 11:cee25a834751 4208 if (type == CERT_TYPE && info->consumed < sz) {
wolfSSL 11:cee25a834751 4209 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 4210 byte staticBuffer[1]; /* force heap usage */
wolfSSL 11:cee25a834751 4211 #else
wolfSSL 11:cee25a834751 4212 byte staticBuffer[FILE_BUFFER_SIZE]; /* tmp chain buffer */
wolfSSL 11:cee25a834751 4213 #endif
wolfSSL 11:cee25a834751 4214 byte* chainBuffer = staticBuffer;
wolfSSL 11:cee25a834751 4215 int dynamicBuffer = 0;
wolfSSL 11:cee25a834751 4216 word32 bufferSz = sizeof(staticBuffer);
wolfSSL 11:cee25a834751 4217 long consumed = info->consumed;
wolfSSL 11:cee25a834751 4218 word32 idx = 0;
wolfSSL 11:cee25a834751 4219 int gotOne = 0;
wolfSSL 11:cee25a834751 4220
wolfSSL 11:cee25a834751 4221 if ( (sz - consumed) > (int)bufferSz) {
wolfSSL 11:cee25a834751 4222 WOLFSSL_MSG("Growing Tmp Chain Buffer");
wolfSSL 11:cee25a834751 4223 bufferSz = (word32)(sz - consumed);
wolfSSL 11:cee25a834751 4224 /* will shrink to actual size */
wolfSSL 11:cee25a834751 4225 chainBuffer = (byte*)XMALLOC(bufferSz, heap, DYNAMIC_TYPE_FILE);
wolfSSL 11:cee25a834751 4226 if (chainBuffer == NULL) {
wolfSSL 11:cee25a834751 4227 return MEMORY_E;
wolfSSL 11:cee25a834751 4228 }
wolfSSL 11:cee25a834751 4229 dynamicBuffer = 1;
wolfSSL 11:cee25a834751 4230 }
wolfSSL 11:cee25a834751 4231
wolfSSL 11:cee25a834751 4232 WOLFSSL_MSG("Processing Cert Chain");
wolfSSL 11:cee25a834751 4233 while (consumed < sz) {
wolfSSL 11:cee25a834751 4234 int eccKey = 0;
wolfSSL 11:cee25a834751 4235 DerBuffer* part = NULL;
wolfSSL 11:cee25a834751 4236 word32 remain = (word32)(sz - consumed);
wolfSSL 11:cee25a834751 4237 info->consumed = 0;
wolfSSL 11:cee25a834751 4238
wolfSSL 11:cee25a834751 4239 if (format == SSL_FILETYPE_PEM) {
wolfSSL 11:cee25a834751 4240 ret = PemToDer(buff + consumed, remain, type, &part,
wolfSSL 11:cee25a834751 4241 heap, info, &eccKey);
wolfSSL 11:cee25a834751 4242 }
wolfSSL 11:cee25a834751 4243 else {
wolfSSL 11:cee25a834751 4244 int length = remain;
wolfSSL 11:cee25a834751 4245 if (format == SSL_FILETYPE_ASN1) {
wolfSSL 11:cee25a834751 4246 /* get length of der (read sequence) */
wolfSSL 11:cee25a834751 4247 word32 inOutIdx = 0;
wolfSSL 11:cee25a834751 4248 if (GetSequence(buff + consumed, &inOutIdx, &length, remain) < 0) {
wolfSSL 11:cee25a834751 4249 ret = SSL_NO_PEM_HEADER;
wolfSSL 11:cee25a834751 4250 }
wolfSSL 11:cee25a834751 4251 length += inOutIdx; /* include leading squence */
wolfSSL 11:cee25a834751 4252 }
wolfSSL 11:cee25a834751 4253 info->consumed = length;
wolfSSL 11:cee25a834751 4254 if (ret == 0) {
wolfSSL 11:cee25a834751 4255 ret = AllocDer(&part, length, type, heap);
wolfSSL 11:cee25a834751 4256 if (ret == 0) {
wolfSSL 11:cee25a834751 4257 XMEMCPY(part->buffer, buff + consumed, length);
wolfSSL 11:cee25a834751 4258 }
wolfSSL 11:cee25a834751 4259 }
wolfSSL 11:cee25a834751 4260 }
wolfSSL 11:cee25a834751 4261 if (ret == 0) {
wolfSSL 11:cee25a834751 4262 gotOne = 1;
wolfSSL 11:cee25a834751 4263 if ((idx + part->length) > bufferSz) {
wolfSSL 11:cee25a834751 4264 WOLFSSL_MSG(" Cert Chain bigger than buffer");
wolfSSL 11:cee25a834751 4265 ret = BUFFER_E;
wolfSSL 11:cee25a834751 4266 }
wolfSSL 11:cee25a834751 4267 else {
wolfSSL 11:cee25a834751 4268 c32to24(part->length, &chainBuffer[idx]);
wolfSSL 11:cee25a834751 4269 idx += CERT_HEADER_SZ;
wolfSSL 11:cee25a834751 4270 XMEMCPY(&chainBuffer[idx], part->buffer, part->length);
wolfSSL 11:cee25a834751 4271 idx += part->length;
wolfSSL 11:cee25a834751 4272 consumed += info->consumed;
wolfSSL 11:cee25a834751 4273 if (used)
wolfSSL 11:cee25a834751 4274 *used += info->consumed;
wolfSSL 11:cee25a834751 4275 }
wolfSSL 11:cee25a834751 4276 }
wolfSSL 11:cee25a834751 4277 FreeDer(&part);
wolfSSL 11:cee25a834751 4278
wolfSSL 11:cee25a834751 4279 if (ret == SSL_NO_PEM_HEADER && gotOne) {
wolfSSL 11:cee25a834751 4280 WOLFSSL_MSG("We got one good cert, so stuff at end ok");
wolfSSL 11:cee25a834751 4281 break;
wolfSSL 11:cee25a834751 4282 }
wolfSSL 11:cee25a834751 4283
wolfSSL 11:cee25a834751 4284 if (ret < 0) {
wolfSSL 11:cee25a834751 4285 WOLFSSL_MSG(" Error in Cert in Chain");
wolfSSL 11:cee25a834751 4286 if (dynamicBuffer)
wolfSSL 11:cee25a834751 4287 XFREE(chainBuffer, heap, DYNAMIC_TYPE_FILE);
wolfSSL 11:cee25a834751 4288 return ret;
wolfSSL 11:cee25a834751 4289 }
wolfSSL 11:cee25a834751 4290 WOLFSSL_MSG(" Consumed another Cert in Chain");
wolfSSL 11:cee25a834751 4291 }
wolfSSL 11:cee25a834751 4292 WOLFSSL_MSG("Finished Processing Cert Chain");
wolfSSL 11:cee25a834751 4293
wolfSSL 11:cee25a834751 4294 /* only retain actual size used */
wolfSSL 11:cee25a834751 4295 ret = 0;
wolfSSL 11:cee25a834751 4296 if (idx > 0) {
wolfSSL 11:cee25a834751 4297 if (ssl) {
wolfSSL 11:cee25a834751 4298 if (ssl->buffers.weOwnCertChain) {
wolfSSL 11:cee25a834751 4299 FreeDer(&ssl->buffers.certChain);
wolfSSL 11:cee25a834751 4300 }
wolfSSL 11:cee25a834751 4301 ret = AllocDer(&ssl->buffers.certChain, idx, type, heap);
wolfSSL 11:cee25a834751 4302 if (ret == 0) {
wolfSSL 11:cee25a834751 4303 XMEMCPY(ssl->buffers.certChain->buffer, chainBuffer, idx);
wolfSSL 11:cee25a834751 4304 ssl->buffers.weOwnCertChain = 1;
wolfSSL 11:cee25a834751 4305 }
wolfSSL 11:cee25a834751 4306 } else if (ctx) {
wolfSSL 11:cee25a834751 4307 FreeDer(&ctx->certChain);
wolfSSL 11:cee25a834751 4308 ret = AllocDer(&ctx->certChain, idx, type, heap);
wolfSSL 11:cee25a834751 4309 if (ret == 0) {
wolfSSL 11:cee25a834751 4310 XMEMCPY(ctx->certChain->buffer, chainBuffer, idx);
wolfSSL 11:cee25a834751 4311 }
wolfSSL 11:cee25a834751 4312 }
wolfSSL 11:cee25a834751 4313 }
wolfSSL 11:cee25a834751 4314
wolfSSL 11:cee25a834751 4315 if (dynamicBuffer)
wolfSSL 11:cee25a834751 4316 XFREE(chainBuffer, heap, DYNAMIC_TYPE_FILE);
wolfSSL 11:cee25a834751 4317 }
wolfSSL 11:cee25a834751 4318
wolfSSL 11:cee25a834751 4319 return ret;
wolfSSL 11:cee25a834751 4320 }
wolfSSL 11:cee25a834751 4321 /* process the buffer buff, length sz, into ctx of format and type
wolfSSL 11:cee25a834751 4322 used tracks bytes consumed, userChain specifies a user cert chain
wolfSSL 11:cee25a834751 4323 to pass during the handshake */
wolfSSL 11:cee25a834751 4324 int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
wolfSSL 11:cee25a834751 4325 long sz, int format, int type, WOLFSSL* ssl,
wolfSSL 11:cee25a834751 4326 long* used, int userChain)
wolfSSL 11:cee25a834751 4327 {
wolfSSL 11:cee25a834751 4328 DerBuffer* der = NULL; /* holds DER or RAW (for NTRU) */
wolfSSL 11:cee25a834751 4329 int ret = 0;
wolfSSL 11:cee25a834751 4330 int eccKey = 0;
wolfSSL 11:cee25a834751 4331 int rsaKey = 0;
wolfSSL 11:cee25a834751 4332 int resetSuites = 0;
wolfSSL 11:cee25a834751 4333 void* heap = ctx ? ctx->heap : ((ssl) ? ssl->heap : NULL);
wolfSSL 11:cee25a834751 4334 int devId = ctx ? ctx->devId : ((ssl) ? ssl->devId : INVALID_DEVID);
wolfSSL 11:cee25a834751 4335 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 4336 EncryptedInfo* info = NULL;
wolfSSL 11:cee25a834751 4337 #else
wolfSSL 11:cee25a834751 4338 EncryptedInfo info[1];
wolfSSL 11:cee25a834751 4339 #endif
wolfSSL 11:cee25a834751 4340
wolfSSL 11:cee25a834751 4341 (void)rsaKey;
wolfSSL 11:cee25a834751 4342
wolfSSL 11:cee25a834751 4343 if (used)
wolfSSL 11:cee25a834751 4344 *used = sz; /* used bytes default to sz, PEM chain may shorten*/
wolfSSL 11:cee25a834751 4345
wolfSSL 11:cee25a834751 4346 /* check args */
wolfSSL 11:cee25a834751 4347 if (format != SSL_FILETYPE_ASN1 && format != SSL_FILETYPE_PEM
wolfSSL 11:cee25a834751 4348 && format != SSL_FILETYPE_RAW)
wolfSSL 11:cee25a834751 4349 return SSL_BAD_FILETYPE;
wolfSSL 11:cee25a834751 4350
wolfSSL 11:cee25a834751 4351 if (ctx == NULL && ssl == NULL)
wolfSSL 11:cee25a834751 4352 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 4353
wolfSSL 11:cee25a834751 4354 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 4355 info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), heap,
wolfSSL 11:cee25a834751 4356 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 4357 if (info == NULL)
wolfSSL 11:cee25a834751 4358 return MEMORY_E;
wolfSSL 11:cee25a834751 4359 #endif
wolfSSL 11:cee25a834751 4360
wolfSSL 11:cee25a834751 4361 XMEMSET(info, 0, sizeof(EncryptedInfo));
wolfSSL 11:cee25a834751 4362 info->set = 0;
wolfSSL 11:cee25a834751 4363 info->ctx = ctx;
wolfSSL 11:cee25a834751 4364 info->consumed = 0;
wolfSSL 11:cee25a834751 4365
wolfSSL 11:cee25a834751 4366 if (format == SSL_FILETYPE_PEM) {
wolfSSL 11:cee25a834751 4367 ret = PemToDer(buff, sz, type, &der, heap, info, &eccKey);
wolfSSL 11:cee25a834751 4368 }
wolfSSL 11:cee25a834751 4369 else { /* ASN1 (DER) or RAW (NTRU) */
wolfSSL 11:cee25a834751 4370 int length = (int)sz;
wolfSSL 11:cee25a834751 4371 if (format == SSL_FILETYPE_ASN1) {
wolfSSL 11:cee25a834751 4372 /* get length of der (read sequence) */
wolfSSL 11:cee25a834751 4373 word32 inOutIdx = 0;
wolfSSL 11:cee25a834751 4374 if (GetSequence(buff, &inOutIdx, &length, (word32)sz) < 0) {
wolfSSL 11:cee25a834751 4375 ret = ASN_PARSE_E;
wolfSSL 11:cee25a834751 4376 }
wolfSSL 11:cee25a834751 4377 length += inOutIdx; /* include leading squence */
wolfSSL 11:cee25a834751 4378 }
wolfSSL 11:cee25a834751 4379 info->consumed = length;
wolfSSL 11:cee25a834751 4380 if (ret == 0) {
wolfSSL 11:cee25a834751 4381 ret = AllocDer(&der, (word32)length, type, heap);
wolfSSL 11:cee25a834751 4382 if (ret == 0) {
wolfSSL 11:cee25a834751 4383 XMEMCPY(der->buffer, buff, length);
wolfSSL 11:cee25a834751 4384 }
wolfSSL 11:cee25a834751 4385 }
wolfSSL 11:cee25a834751 4386 }
wolfSSL 11:cee25a834751 4387
wolfSSL 11:cee25a834751 4388 if (used) {
wolfSSL 11:cee25a834751 4389 *used = info->consumed;
wolfSSL 11:cee25a834751 4390 }
wolfSSL 11:cee25a834751 4391
wolfSSL 11:cee25a834751 4392 /* process user chain */
wolfSSL 11:cee25a834751 4393 if (ret >= 0) {
wolfSSL 11:cee25a834751 4394 if (userChain) {
wolfSSL 11:cee25a834751 4395 ret = ProcessUserChain(ctx, buff, sz, format, type, ssl, used, info);
wolfSSL 11:cee25a834751 4396 }
wolfSSL 11:cee25a834751 4397 }
wolfSSL 11:cee25a834751 4398
wolfSSL 11:cee25a834751 4399 /* check for error */
wolfSSL 11:cee25a834751 4400 if (ret < 0) {
wolfSSL 11:cee25a834751 4401 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 4402 XFREE(info, heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 4403 #endif
wolfSSL 11:cee25a834751 4404 FreeDer(&der);
wolfSSL 11:cee25a834751 4405 return ret;
wolfSSL 11:cee25a834751 4406 }
wolfSSL 11:cee25a834751 4407
wolfSSL 11:cee25a834751 4408 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
wolfSSL 11:cee25a834751 4409 /* for SSL_FILETYPE_PEM, PemToDer manage the decryption if required */
wolfSSL 11:cee25a834751 4410 if (info->set && (format != SSL_FILETYPE_PEM)) {
wolfSSL 11:cee25a834751 4411 /* decrypt */
wolfSSL 11:cee25a834751 4412 int passwordSz;
wolfSSL 11:cee25a834751 4413 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 4414 char* password = NULL;
wolfSSL 11:cee25a834751 4415 #else
wolfSSL 11:cee25a834751 4416 char password[80];
wolfSSL 11:cee25a834751 4417 #endif
wolfSSL 11:cee25a834751 4418
wolfSSL 11:cee25a834751 4419 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 4420 password = (char*)XMALLOC(80, heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 4421 if (password == NULL)
wolfSSL 11:cee25a834751 4422 ret = MEMORY_E;
wolfSSL 11:cee25a834751 4423 else
wolfSSL 11:cee25a834751 4424 #endif
wolfSSL 11:cee25a834751 4425 if (!ctx || !ctx->passwd_cb) {
wolfSSL 11:cee25a834751 4426 ret = NO_PASSWORD;
wolfSSL 11:cee25a834751 4427 }
wolfSSL 11:cee25a834751 4428 else {
wolfSSL 11:cee25a834751 4429 passwordSz = ctx->passwd_cb(password, sizeof(password),
wolfSSL 11:cee25a834751 4430 0, ctx->userdata);
wolfSSL 11:cee25a834751 4431
wolfSSL 11:cee25a834751 4432 /* decrypt the key */
wolfSSL 11:cee25a834751 4433 ret = wolfssl_decrypt_buffer_key(der, (byte*)password,
wolfSSL 11:cee25a834751 4434 passwordSz, info);
wolfSSL 11:cee25a834751 4435 }
wolfSSL 11:cee25a834751 4436
wolfSSL 11:cee25a834751 4437 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 4438 XFREE(password, heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 4439 #endif
wolfSSL 11:cee25a834751 4440
wolfSSL 11:cee25a834751 4441 if (ret != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 4442 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 4443 XFREE(info, heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 4444 #endif
wolfSSL 11:cee25a834751 4445 FreeDer(&der);
wolfSSL 11:cee25a834751 4446 return ret;
wolfSSL 11:cee25a834751 4447 }
wolfSSL 11:cee25a834751 4448 }
wolfSSL 11:cee25a834751 4449 #endif /* OPENSSL_EXTRA || HAVE_WEBSERVER */
wolfSSL 11:cee25a834751 4450
wolfSSL 11:cee25a834751 4451 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 4452 XFREE(info, heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 4453 #endif
wolfSSL 11:cee25a834751 4454
wolfSSL 11:cee25a834751 4455 /* Handle DER owner */
wolfSSL 11:cee25a834751 4456 if (type == CA_TYPE) {
wolfSSL 11:cee25a834751 4457 if (ctx == NULL) {
wolfSSL 11:cee25a834751 4458 WOLFSSL_MSG("Need context for CA load");
wolfSSL 11:cee25a834751 4459 FreeDer(&der);
wolfSSL 11:cee25a834751 4460 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 4461 }
wolfSSL 11:cee25a834751 4462 /* verify CA unless user set to no verify */
wolfSSL 11:cee25a834751 4463 return AddCA(ctx->cm, &der, WOLFSSL_USER_CA, !ctx->verifyNone);
wolfSSL 11:cee25a834751 4464 }
wolfSSL 11:cee25a834751 4465 #ifdef WOLFSSL_TRUST_PEER_CERT
wolfSSL 11:cee25a834751 4466 else if (type == TRUSTED_PEER_TYPE) {
wolfSSL 11:cee25a834751 4467 if (ctx == NULL) {
wolfSSL 11:cee25a834751 4468 WOLFSSL_MSG("Need context for trusted peer cert load");
wolfSSL 11:cee25a834751 4469 FreeDer(&der);
wolfSSL 11:cee25a834751 4470 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 4471 }
wolfSSL 11:cee25a834751 4472 /* add trusted peer cert */
wolfSSL 11:cee25a834751 4473 return AddTrustedPeer(ctx->cm, &der, !ctx->verifyNone);
wolfSSL 11:cee25a834751 4474 }
wolfSSL 11:cee25a834751 4475 #endif /* WOLFSSL_TRUST_PEER_CERT */
wolfSSL 11:cee25a834751 4476 else if (type == CERT_TYPE) {
wolfSSL 11:cee25a834751 4477 if (ssl) {
wolfSSL 11:cee25a834751 4478 /* Make sure previous is free'd */
wolfSSL 11:cee25a834751 4479 if (ssl->buffers.weOwnCert) {
wolfSSL 11:cee25a834751 4480 FreeDer(&ssl->buffers.certificate);
wolfSSL 11:cee25a834751 4481 #ifdef KEEP_OUR_CERT
wolfSSL 11:cee25a834751 4482 FreeX509(ssl->ourCert);
wolfSSL 11:cee25a834751 4483 if (ssl->ourCert) {
wolfSSL 11:cee25a834751 4484 XFREE(ssl->ourCert, ssl->heap, DYNAMIC_TYPE_X509);
wolfSSL 11:cee25a834751 4485 ssl->ourCert = NULL;
wolfSSL 11:cee25a834751 4486 }
wolfSSL 11:cee25a834751 4487 #endif
wolfSSL 11:cee25a834751 4488 }
wolfSSL 11:cee25a834751 4489 ssl->buffers.certificate = der;
wolfSSL 11:cee25a834751 4490 #ifdef KEEP_OUR_CERT
wolfSSL 11:cee25a834751 4491 ssl->keepCert = 1; /* hold cert for ssl lifetime */
wolfSSL 11:cee25a834751 4492 #endif
wolfSSL 11:cee25a834751 4493 ssl->buffers.weOwnCert = 1;
wolfSSL 11:cee25a834751 4494 }
wolfSSL 11:cee25a834751 4495 else if (ctx) {
wolfSSL 11:cee25a834751 4496 FreeDer(&ctx->certificate); /* Make sure previous is free'd */
wolfSSL 11:cee25a834751 4497 #ifdef KEEP_OUR_CERT
wolfSSL 11:cee25a834751 4498 if (ctx->ourCert) {
wolfSSL 11:cee25a834751 4499 if (ctx->ownOurCert) {
wolfSSL 11:cee25a834751 4500 FreeX509(ctx->ourCert);
wolfSSL 11:cee25a834751 4501 XFREE(ctx->ourCert, ctx->heap, DYNAMIC_TYPE_X509);
wolfSSL 11:cee25a834751 4502 }
wolfSSL 11:cee25a834751 4503 ctx->ourCert = NULL;
wolfSSL 11:cee25a834751 4504 }
wolfSSL 11:cee25a834751 4505 #endif
wolfSSL 11:cee25a834751 4506 ctx->certificate = der;
wolfSSL 11:cee25a834751 4507 }
wolfSSL 11:cee25a834751 4508 }
wolfSSL 11:cee25a834751 4509 else if (type == PRIVATEKEY_TYPE) {
wolfSSL 11:cee25a834751 4510 if (ssl) {
wolfSSL 11:cee25a834751 4511 /* Make sure previous is free'd */
wolfSSL 11:cee25a834751 4512 if (ssl->buffers.weOwnKey) {
wolfSSL 11:cee25a834751 4513 FreeDer(&ssl->buffers.key);
wolfSSL 11:cee25a834751 4514 }
wolfSSL 11:cee25a834751 4515 ssl->buffers.key = der;
wolfSSL 11:cee25a834751 4516 ssl->buffers.weOwnKey = 1;
wolfSSL 11:cee25a834751 4517 }
wolfSSL 11:cee25a834751 4518 else if (ctx) {
wolfSSL 11:cee25a834751 4519 FreeDer(&ctx->privateKey);
wolfSSL 11:cee25a834751 4520 ctx->privateKey = der;
wolfSSL 11:cee25a834751 4521 }
wolfSSL 11:cee25a834751 4522 }
wolfSSL 11:cee25a834751 4523 else {
wolfSSL 11:cee25a834751 4524 FreeDer(&der);
wolfSSL 11:cee25a834751 4525 return SSL_BAD_CERTTYPE;
wolfSSL 11:cee25a834751 4526 }
wolfSSL 11:cee25a834751 4527
wolfSSL 11:cee25a834751 4528 if (type == PRIVATEKEY_TYPE && format != SSL_FILETYPE_RAW) {
wolfSSL 11:cee25a834751 4529 #ifndef NO_RSA
wolfSSL 11:cee25a834751 4530 if (!eccKey) {
wolfSSL 11:cee25a834751 4531 /* make sure RSA key can be used */
wolfSSL 11:cee25a834751 4532 word32 idx = 0;
wolfSSL 11:cee25a834751 4533 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 4534 RsaKey* key = NULL;
wolfSSL 11:cee25a834751 4535 #else
wolfSSL 11:cee25a834751 4536 RsaKey key[1];
wolfSSL 11:cee25a834751 4537 #endif
wolfSSL 11:cee25a834751 4538
wolfSSL 11:cee25a834751 4539 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 4540 key = (RsaKey*)XMALLOC(sizeof(RsaKey), heap,
wolfSSL 11:cee25a834751 4541 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 4542 if (key == NULL)
wolfSSL 11:cee25a834751 4543 return MEMORY_E;
wolfSSL 11:cee25a834751 4544 #endif
wolfSSL 11:cee25a834751 4545
wolfSSL 11:cee25a834751 4546 ret = wc_InitRsaKey_ex(key, heap, devId);
wolfSSL 11:cee25a834751 4547 if (ret == 0) {
wolfSSL 11:cee25a834751 4548 if (wc_RsaPrivateKeyDecode(der->buffer, &idx, key, der->length)
wolfSSL 11:cee25a834751 4549 != 0) {
wolfSSL 11:cee25a834751 4550 #ifdef HAVE_ECC
wolfSSL 11:cee25a834751 4551 /* could have DER ECC (or pkcs8 ecc), no easy way to tell */
wolfSSL 11:cee25a834751 4552 eccKey = 1; /* so try it out */
wolfSSL 11:cee25a834751 4553 #else
wolfSSL 11:cee25a834751 4554 WOLFSSL_MSG("RSA decode failed and ECC not enabled to try");
wolfSSL 11:cee25a834751 4555 ret = SSL_BAD_FILE;
wolfSSL 11:cee25a834751 4556 #endif
wolfSSL 11:cee25a834751 4557 } else {
wolfSSL 11:cee25a834751 4558 /* check that the size of the RSA key is enough */
wolfSSL 11:cee25a834751 4559 int RsaSz = wc_RsaEncryptSize((RsaKey*)key);
wolfSSL 11:cee25a834751 4560
wolfSSL 11:cee25a834751 4561 if (ssl) {
wolfSSL 11:cee25a834751 4562 if (RsaSz < ssl->options.minRsaKeySz) {
wolfSSL 11:cee25a834751 4563 ret = RSA_KEY_SIZE_E;
wolfSSL 11:cee25a834751 4564 WOLFSSL_MSG("Private Key size too small");
wolfSSL 11:cee25a834751 4565 }
wolfSSL 11:cee25a834751 4566 }
wolfSSL 11:cee25a834751 4567 else if(ctx) {
wolfSSL 11:cee25a834751 4568 if (RsaSz < ctx->minRsaKeySz) {
wolfSSL 11:cee25a834751 4569 ret = RSA_KEY_SIZE_E;
wolfSSL 11:cee25a834751 4570 WOLFSSL_MSG("Private Key size too small");
wolfSSL 11:cee25a834751 4571 }
wolfSSL 11:cee25a834751 4572 }
wolfSSL 11:cee25a834751 4573 rsaKey = 1;
wolfSSL 11:cee25a834751 4574 (void)rsaKey; /* for no ecc builds */
wolfSSL 11:cee25a834751 4575
wolfSSL 11:cee25a834751 4576 if (ssl && ssl->options.side == WOLFSSL_SERVER_END) {
wolfSSL 11:cee25a834751 4577 ssl->options.haveStaticECC = 0;
wolfSSL 11:cee25a834751 4578 resetSuites = 1;
wolfSSL 11:cee25a834751 4579 }
wolfSSL 11:cee25a834751 4580 }
wolfSSL 11:cee25a834751 4581
wolfSSL 11:cee25a834751 4582 wc_FreeRsaKey(key);
wolfSSL 11:cee25a834751 4583 }
wolfSSL 11:cee25a834751 4584
wolfSSL 11:cee25a834751 4585 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 4586 XFREE(key, heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 4587 #endif
wolfSSL 11:cee25a834751 4588
wolfSSL 11:cee25a834751 4589 if (ret != 0)
wolfSSL 11:cee25a834751 4590 return ret;
wolfSSL 11:cee25a834751 4591 }
wolfSSL 11:cee25a834751 4592 #endif
wolfSSL 11:cee25a834751 4593 #ifdef HAVE_ECC
wolfSSL 11:cee25a834751 4594 if (!rsaKey) {
wolfSSL 11:cee25a834751 4595 /* make sure ECC key can be used */
wolfSSL 11:cee25a834751 4596 word32 idx = 0;
wolfSSL 11:cee25a834751 4597 ecc_key key;
wolfSSL 11:cee25a834751 4598
wolfSSL 11:cee25a834751 4599 ret = wc_ecc_init_ex(&key, heap, devId);
wolfSSL 11:cee25a834751 4600 if (ret != 0) {
wolfSSL 11:cee25a834751 4601 return ret;
wolfSSL 11:cee25a834751 4602 }
wolfSSL 11:cee25a834751 4603
wolfSSL 11:cee25a834751 4604 if (wc_EccPrivateKeyDecode(der->buffer, &idx, &key,
wolfSSL 11:cee25a834751 4605 der->length) != 0) {
wolfSSL 11:cee25a834751 4606 wc_ecc_free(&key);
wolfSSL 11:cee25a834751 4607 return SSL_BAD_FILE;
wolfSSL 11:cee25a834751 4608 }
wolfSSL 11:cee25a834751 4609
wolfSSL 11:cee25a834751 4610 /* check for minimum ECC key size and then free */
wolfSSL 11:cee25a834751 4611 if (ssl) {
wolfSSL 11:cee25a834751 4612 if (wc_ecc_size(&key) < ssl->options.minEccKeySz) {
wolfSSL 11:cee25a834751 4613 wc_ecc_free(&key);
wolfSSL 11:cee25a834751 4614 WOLFSSL_MSG("ECC private key too small");
wolfSSL 11:cee25a834751 4615 return ECC_KEY_SIZE_E;
wolfSSL 11:cee25a834751 4616 }
wolfSSL 11:cee25a834751 4617 }
wolfSSL 11:cee25a834751 4618 else if (ctx) {
wolfSSL 11:cee25a834751 4619 if (wc_ecc_size(&key) < ctx->minEccKeySz) {
wolfSSL 11:cee25a834751 4620 wc_ecc_free(&key);
wolfSSL 11:cee25a834751 4621 WOLFSSL_MSG("ECC private key too small");
wolfSSL 11:cee25a834751 4622 return ECC_KEY_SIZE_E;
wolfSSL 11:cee25a834751 4623 }
wolfSSL 11:cee25a834751 4624 }
wolfSSL 11:cee25a834751 4625
wolfSSL 11:cee25a834751 4626 wc_ecc_free(&key);
wolfSSL 11:cee25a834751 4627 eccKey = 1;
wolfSSL 11:cee25a834751 4628 if (ssl) {
wolfSSL 11:cee25a834751 4629 ssl->options.haveStaticECC = 1;
wolfSSL 11:cee25a834751 4630 }
wolfSSL 11:cee25a834751 4631 else if (ctx) {
wolfSSL 11:cee25a834751 4632 ctx->haveStaticECC = 1;
wolfSSL 11:cee25a834751 4633 }
wolfSSL 11:cee25a834751 4634
wolfSSL 11:cee25a834751 4635 if (ssl && ssl->options.side == WOLFSSL_SERVER_END) {
wolfSSL 11:cee25a834751 4636 resetSuites = 1;
wolfSSL 11:cee25a834751 4637 }
wolfSSL 11:cee25a834751 4638 }
wolfSSL 11:cee25a834751 4639 #endif /* HAVE_ECC */
wolfSSL 11:cee25a834751 4640 }
wolfSSL 11:cee25a834751 4641 else if (type == CERT_TYPE) {
wolfSSL 11:cee25a834751 4642 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 4643 DecodedCert* cert = NULL;
wolfSSL 11:cee25a834751 4644 #else
wolfSSL 11:cee25a834751 4645 DecodedCert cert[1];
wolfSSL 11:cee25a834751 4646 #endif
wolfSSL 11:cee25a834751 4647
wolfSSL 11:cee25a834751 4648 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 4649 cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), heap,
wolfSSL 11:cee25a834751 4650 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 4651 if (cert == NULL)
wolfSSL 11:cee25a834751 4652 return MEMORY_E;
wolfSSL 11:cee25a834751 4653 #endif
wolfSSL 11:cee25a834751 4654
wolfSSL 11:cee25a834751 4655 WOLFSSL_MSG("Checking cert signature type");
wolfSSL 11:cee25a834751 4656 InitDecodedCert(cert, der->buffer, der->length, heap);
wolfSSL 11:cee25a834751 4657
wolfSSL 11:cee25a834751 4658 if (DecodeToKey(cert, 0) < 0) {
wolfSSL 11:cee25a834751 4659 WOLFSSL_MSG("Decode to key failed");
wolfSSL 11:cee25a834751 4660 FreeDecodedCert(cert);
wolfSSL 11:cee25a834751 4661 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 4662 XFREE(cert, heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 4663 #endif
wolfSSL 11:cee25a834751 4664 return SSL_BAD_FILE;
wolfSSL 11:cee25a834751 4665 }
wolfSSL 11:cee25a834751 4666
wolfSSL 11:cee25a834751 4667 if (ssl && ssl->options.side == WOLFSSL_SERVER_END) {
wolfSSL 11:cee25a834751 4668 resetSuites = 1;
wolfSSL 11:cee25a834751 4669 }
wolfSSL 11:cee25a834751 4670 if (ssl && ssl->ctx->haveECDSAsig) {
wolfSSL 11:cee25a834751 4671 WOLFSSL_MSG("SSL layer setting cert, CTX had ECDSA, turning off");
wolfSSL 11:cee25a834751 4672 ssl->options.haveECDSAsig = 0; /* may turn back on next */
wolfSSL 11:cee25a834751 4673 }
wolfSSL 11:cee25a834751 4674
wolfSSL 11:cee25a834751 4675 switch (cert->signatureOID) {
wolfSSL 11:cee25a834751 4676 case CTC_SHAwECDSA:
wolfSSL 11:cee25a834751 4677 case CTC_SHA256wECDSA:
wolfSSL 11:cee25a834751 4678 case CTC_SHA384wECDSA:
wolfSSL 11:cee25a834751 4679 case CTC_SHA512wECDSA:
wolfSSL 11:cee25a834751 4680 WOLFSSL_MSG("ECDSA cert signature");
wolfSSL 11:cee25a834751 4681 if (ssl)
wolfSSL 11:cee25a834751 4682 ssl->options.haveECDSAsig = 1;
wolfSSL 11:cee25a834751 4683 else if (ctx)
wolfSSL 11:cee25a834751 4684 ctx->haveECDSAsig = 1;
wolfSSL 11:cee25a834751 4685 break;
wolfSSL 11:cee25a834751 4686 default:
wolfSSL 11:cee25a834751 4687 WOLFSSL_MSG("Not ECDSA cert signature");
wolfSSL 11:cee25a834751 4688 break;
wolfSSL 11:cee25a834751 4689 }
wolfSSL 11:cee25a834751 4690
wolfSSL 11:cee25a834751 4691 #ifdef HAVE_ECC
wolfSSL 11:cee25a834751 4692 if (ssl) {
wolfSSL 11:cee25a834751 4693 ssl->pkCurveOID = cert->pkCurveOID;
wolfSSL 11:cee25a834751 4694 #ifndef WC_STRICT_SIG
wolfSSL 11:cee25a834751 4695 if (cert->keyOID == ECDSAk) {
wolfSSL 11:cee25a834751 4696 ssl->options.haveECC = 1;
wolfSSL 11:cee25a834751 4697 }
wolfSSL 11:cee25a834751 4698 #else
wolfSSL 11:cee25a834751 4699 ssl->options.haveECC = ssl->options.haveECDSAsig;
wolfSSL 11:cee25a834751 4700 #endif
wolfSSL 11:cee25a834751 4701 }
wolfSSL 11:cee25a834751 4702 else if (ctx) {
wolfSSL 11:cee25a834751 4703 ctx->pkCurveOID = cert->pkCurveOID;
wolfSSL 11:cee25a834751 4704 #ifndef WC_STRICT_SIG
wolfSSL 11:cee25a834751 4705 if (cert->keyOID == ECDSAk) {
wolfSSL 11:cee25a834751 4706 ctx->haveECC = 1;
wolfSSL 11:cee25a834751 4707 }
wolfSSL 11:cee25a834751 4708 #else
wolfSSL 11:cee25a834751 4709 ctx->haveECC = ctx->haveECDSAsig;
wolfSSL 11:cee25a834751 4710 #endif
wolfSSL 11:cee25a834751 4711 }
wolfSSL 11:cee25a834751 4712 #endif
wolfSSL 11:cee25a834751 4713
wolfSSL 11:cee25a834751 4714 /* check key size of cert unless specified not to */
wolfSSL 11:cee25a834751 4715 switch (cert->keyOID) {
wolfSSL 11:cee25a834751 4716 #ifndef NO_RSA
wolfSSL 11:cee25a834751 4717 case RSAk:
wolfSSL 11:cee25a834751 4718 if (ssl && !ssl->options.verifyNone) {
wolfSSL 11:cee25a834751 4719 if (ssl->options.minRsaKeySz < 0 ||
wolfSSL 11:cee25a834751 4720 cert->pubKeySize < (word16)ssl->options.minRsaKeySz) {
wolfSSL 11:cee25a834751 4721 ret = RSA_KEY_SIZE_E;
wolfSSL 11:cee25a834751 4722 WOLFSSL_MSG("Certificate RSA key size too small");
wolfSSL 11:cee25a834751 4723 }
wolfSSL 11:cee25a834751 4724 }
wolfSSL 11:cee25a834751 4725 else if (ctx && !ctx->verifyNone) {
wolfSSL 11:cee25a834751 4726 if (ctx->minRsaKeySz < 0 ||
wolfSSL 11:cee25a834751 4727 cert->pubKeySize < (word16)ctx->minRsaKeySz) {
wolfSSL 11:cee25a834751 4728 ret = RSA_KEY_SIZE_E;
wolfSSL 11:cee25a834751 4729 WOLFSSL_MSG("Certificate RSA key size too small");
wolfSSL 11:cee25a834751 4730 }
wolfSSL 11:cee25a834751 4731 }
wolfSSL 11:cee25a834751 4732 break;
wolfSSL 11:cee25a834751 4733 #endif /* !NO_RSA */
wolfSSL 11:cee25a834751 4734 #ifdef HAVE_ECC
wolfSSL 11:cee25a834751 4735 case ECDSAk:
wolfSSL 11:cee25a834751 4736 if (ssl && !ssl->options.verifyNone) {
wolfSSL 11:cee25a834751 4737 if (ssl->options.minEccKeySz < 0 ||
wolfSSL 11:cee25a834751 4738 cert->pubKeySize < (word16)ssl->options.minEccKeySz) {
wolfSSL 11:cee25a834751 4739 ret = ECC_KEY_SIZE_E;
wolfSSL 11:cee25a834751 4740 WOLFSSL_MSG("Certificate ECC key size error");
wolfSSL 11:cee25a834751 4741 }
wolfSSL 11:cee25a834751 4742 }
wolfSSL 11:cee25a834751 4743 else if (ctx && !ctx->verifyNone) {
wolfSSL 11:cee25a834751 4744 if (ctx->minEccKeySz < 0 ||
wolfSSL 11:cee25a834751 4745 cert->pubKeySize < (word16)ctx->minEccKeySz) {
wolfSSL 11:cee25a834751 4746 ret = ECC_KEY_SIZE_E;
wolfSSL 11:cee25a834751 4747 WOLFSSL_MSG("Certificate ECC key size error");
wolfSSL 11:cee25a834751 4748 }
wolfSSL 11:cee25a834751 4749 }
wolfSSL 11:cee25a834751 4750 break;
wolfSSL 11:cee25a834751 4751 #endif /* HAVE_ECC */
wolfSSL 11:cee25a834751 4752
wolfSSL 11:cee25a834751 4753 default:
wolfSSL 11:cee25a834751 4754 WOLFSSL_MSG("No key size check done on certificate");
wolfSSL 11:cee25a834751 4755 break; /* do no check if not a case for the key */
wolfSSL 11:cee25a834751 4756 }
wolfSSL 11:cee25a834751 4757
wolfSSL 11:cee25a834751 4758 FreeDecodedCert(cert);
wolfSSL 11:cee25a834751 4759 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 4760 XFREE(cert, heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 4761 #endif
wolfSSL 11:cee25a834751 4762
wolfSSL 11:cee25a834751 4763 if (ret != 0) {
wolfSSL 11:cee25a834751 4764 return ret;
wolfSSL 11:cee25a834751 4765 }
wolfSSL 11:cee25a834751 4766 }
wolfSSL 11:cee25a834751 4767
wolfSSL 11:cee25a834751 4768 if (ssl && resetSuites) {
wolfSSL 11:cee25a834751 4769 word16 havePSK = 0;
wolfSSL 11:cee25a834751 4770 word16 haveRSA = 0;
wolfSSL 11:cee25a834751 4771
wolfSSL 11:cee25a834751 4772 #ifndef NO_PSK
wolfSSL 11:cee25a834751 4773 if (ssl->options.havePSK) {
wolfSSL 11:cee25a834751 4774 havePSK = 1;
wolfSSL 11:cee25a834751 4775 }
wolfSSL 11:cee25a834751 4776 #endif
wolfSSL 11:cee25a834751 4777 #ifndef NO_RSA
wolfSSL 11:cee25a834751 4778 haveRSA = 1;
wolfSSL 11:cee25a834751 4779 #endif
wolfSSL 11:cee25a834751 4780
wolfSSL 11:cee25a834751 4781 /* let's reset suites */
wolfSSL 11:cee25a834751 4782 InitSuites(ssl->suites, ssl->version, haveRSA, havePSK,
wolfSSL 11:cee25a834751 4783 ssl->options.haveDH, ssl->options.haveNTRU,
wolfSSL 11:cee25a834751 4784 ssl->options.haveECDSAsig, ssl->options.haveECC,
wolfSSL 11:cee25a834751 4785 ssl->options.haveStaticECC, ssl->options.side);
wolfSSL 11:cee25a834751 4786 }
wolfSSL 11:cee25a834751 4787
wolfSSL 11:cee25a834751 4788 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 4789 }
wolfSSL 11:cee25a834751 4790
wolfSSL 11:cee25a834751 4791
wolfSSL 11:cee25a834751 4792 /* CA PEM file for verification, may have multiple/chain certs to process */
wolfSSL 11:cee25a834751 4793 static int ProcessChainBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
wolfSSL 11:cee25a834751 4794 long sz, int format, int type, WOLFSSL* ssl)
wolfSSL 11:cee25a834751 4795 {
wolfSSL 11:cee25a834751 4796 long used = 0;
wolfSSL 11:cee25a834751 4797 int ret = 0;
wolfSSL 11:cee25a834751 4798 int gotOne = 0;
wolfSSL 11:cee25a834751 4799
wolfSSL 11:cee25a834751 4800 WOLFSSL_MSG("Processing CA PEM file");
wolfSSL 11:cee25a834751 4801 while (used < sz) {
wolfSSL 11:cee25a834751 4802 long consumed = 0;
wolfSSL 11:cee25a834751 4803
wolfSSL 11:cee25a834751 4804 ret = ProcessBuffer(ctx, buff + used, sz - used, format, type, ssl,
wolfSSL 11:cee25a834751 4805 &consumed, 0);
wolfSSL 11:cee25a834751 4806
wolfSSL 11:cee25a834751 4807 #ifdef WOLFSSL_WPAS
wolfSSL 11:cee25a834751 4808 #ifdef HAVE_CRL
wolfSSL 11:cee25a834751 4809 if (ret < 0) {
wolfSSL 11:cee25a834751 4810 DerBuffer* der = NULL;
wolfSSL 11:cee25a834751 4811 EncryptedInfo info;
wolfSSL 11:cee25a834751 4812
wolfSSL 11:cee25a834751 4813 WOLFSSL_MSG("Trying a CRL");
wolfSSL 11:cee25a834751 4814 if (PemToDer(buff + used, sz - used, CRL_TYPE, &der, NULL, &info,
wolfSSL 11:cee25a834751 4815 NULL) == 0) {
wolfSSL 11:cee25a834751 4816 WOLFSSL_MSG(" Proccessed a CRL");
wolfSSL 11:cee25a834751 4817 wolfSSL_CertManagerLoadCRLBuffer(ctx->cm, der->buffer,
wolfSSL 11:cee25a834751 4818 der->length,SSL_FILETYPE_ASN1);
wolfSSL 11:cee25a834751 4819 FreeDer(&der);
wolfSSL 11:cee25a834751 4820 used += info.consumed;
wolfSSL 11:cee25a834751 4821 continue;
wolfSSL 11:cee25a834751 4822 }
wolfSSL 11:cee25a834751 4823 }
wolfSSL 11:cee25a834751 4824 #endif
wolfSSL 11:cee25a834751 4825 #endif
wolfSSL 11:cee25a834751 4826 if (ret < 0)
wolfSSL 11:cee25a834751 4827 {
wolfSSL 11:cee25a834751 4828 if(consumed > 0) { /* Made progress in file */
wolfSSL 11:cee25a834751 4829 WOLFSSL_ERROR(ret);
wolfSSL 11:cee25a834751 4830 WOLFSSL_MSG("CA Parse failed, with progress in file.");
wolfSSL 11:cee25a834751 4831 WOLFSSL_MSG("Search for other certs in file");
wolfSSL 11:cee25a834751 4832 } else {
wolfSSL 11:cee25a834751 4833 WOLFSSL_MSG("CA Parse failed, no progress in file.");
wolfSSL 11:cee25a834751 4834 WOLFSSL_MSG("Do not continue search for other certs in file");
wolfSSL 11:cee25a834751 4835 break;
wolfSSL 11:cee25a834751 4836 }
wolfSSL 11:cee25a834751 4837 } else {
wolfSSL 11:cee25a834751 4838 WOLFSSL_MSG(" Processed a CA");
wolfSSL 11:cee25a834751 4839 gotOne = 1;
wolfSSL 11:cee25a834751 4840 }
wolfSSL 11:cee25a834751 4841 used += consumed;
wolfSSL 11:cee25a834751 4842 }
wolfSSL 11:cee25a834751 4843
wolfSSL 11:cee25a834751 4844 if(gotOne)
wolfSSL 11:cee25a834751 4845 {
wolfSSL 11:cee25a834751 4846 WOLFSSL_MSG("Processed at least one valid CA. Other stuff OK");
wolfSSL 11:cee25a834751 4847 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 4848 }
wolfSSL 11:cee25a834751 4849 return ret;
wolfSSL 11:cee25a834751 4850 }
wolfSSL 11:cee25a834751 4851
wolfSSL 11:cee25a834751 4852
wolfSSL 11:cee25a834751 4853 static INLINE WOLFSSL_METHOD* cm_pick_method(void)
wolfSSL 11:cee25a834751 4854 {
wolfSSL 11:cee25a834751 4855 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 11:cee25a834751 4856 #if defined(WOLFSSL_ALLOW_SSLV3) && !defined(NO_OLD_TLS)
wolfSSL 11:cee25a834751 4857 return wolfSSLv3_client_method();
wolfSSL 11:cee25a834751 4858 #else
wolfSSL 11:cee25a834751 4859 return wolfTLSv1_2_client_method();
wolfSSL 11:cee25a834751 4860 #endif
wolfSSL 11:cee25a834751 4861 #elif !defined(NO_WOLFSSL_SERVER)
wolfSSL 11:cee25a834751 4862 #if defined(WOLFSSL_ALLOW_SSLV3) && !defined(NO_OLD_TLS)
wolfSSL 11:cee25a834751 4863 return wolfSSLv3_server_method();
wolfSSL 11:cee25a834751 4864 #else
wolfSSL 11:cee25a834751 4865 return wolfTLSv1_2_server_method();
wolfSSL 11:cee25a834751 4866 #endif
wolfSSL 11:cee25a834751 4867 #else
wolfSSL 11:cee25a834751 4868 return NULL;
wolfSSL 11:cee25a834751 4869 #endif
wolfSSL 11:cee25a834751 4870 }
wolfSSL 11:cee25a834751 4871
wolfSSL 11:cee25a834751 4872
wolfSSL 11:cee25a834751 4873 /* like load verify locations, 1 for success, < 0 for error */
wolfSSL 11:cee25a834751 4874 int wolfSSL_CertManagerLoadCABuffer(WOLFSSL_CERT_MANAGER* cm,
wolfSSL 11:cee25a834751 4875 const unsigned char* in, long sz, int format)
wolfSSL 11:cee25a834751 4876 {
wolfSSL 11:cee25a834751 4877 int ret = SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 4878 WOLFSSL_CTX* tmp;
wolfSSL 11:cee25a834751 4879
wolfSSL 11:cee25a834751 4880 WOLFSSL_ENTER("wolfSSL_CertManagerLoadCABuffer");
wolfSSL 11:cee25a834751 4881
wolfSSL 11:cee25a834751 4882 if (cm == NULL) {
wolfSSL 11:cee25a834751 4883 WOLFSSL_MSG("No CertManager error");
wolfSSL 11:cee25a834751 4884 return ret;
wolfSSL 11:cee25a834751 4885 }
wolfSSL 11:cee25a834751 4886 tmp = wolfSSL_CTX_new(cm_pick_method());
wolfSSL 11:cee25a834751 4887
wolfSSL 11:cee25a834751 4888 if (tmp == NULL) {
wolfSSL 11:cee25a834751 4889 WOLFSSL_MSG("CTX new failed");
wolfSSL 11:cee25a834751 4890 return ret;
wolfSSL 11:cee25a834751 4891 }
wolfSSL 11:cee25a834751 4892
wolfSSL 11:cee25a834751 4893 /* for tmp use */
wolfSSL 11:cee25a834751 4894 wolfSSL_CertManagerFree(tmp->cm);
wolfSSL 11:cee25a834751 4895 tmp->cm = cm;
wolfSSL 11:cee25a834751 4896
wolfSSL 11:cee25a834751 4897 ret = wolfSSL_CTX_load_verify_buffer(tmp, in, sz, format);
wolfSSL 11:cee25a834751 4898
wolfSSL 11:cee25a834751 4899 /* don't loose our good one */
wolfSSL 11:cee25a834751 4900 tmp->cm = NULL;
wolfSSL 11:cee25a834751 4901 wolfSSL_CTX_free(tmp);
wolfSSL 11:cee25a834751 4902
wolfSSL 11:cee25a834751 4903 return ret;
wolfSSL 11:cee25a834751 4904 }
wolfSSL 11:cee25a834751 4905
wolfSSL 11:cee25a834751 4906 #ifdef HAVE_CRL
wolfSSL 11:cee25a834751 4907
wolfSSL 11:cee25a834751 4908 int wolfSSL_CertManagerLoadCRLBuffer(WOLFSSL_CERT_MANAGER* cm,
wolfSSL 11:cee25a834751 4909 const unsigned char* buff, long sz, int type)
wolfSSL 11:cee25a834751 4910 {
wolfSSL 11:cee25a834751 4911 WOLFSSL_ENTER("wolfSSL_CertManagerLoadCRLBuffer");
wolfSSL 11:cee25a834751 4912 if (cm == NULL)
wolfSSL 11:cee25a834751 4913 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 4914
wolfSSL 11:cee25a834751 4915 if (cm->crl == NULL) {
wolfSSL 11:cee25a834751 4916 if (wolfSSL_CertManagerEnableCRL(cm, 0) != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 4917 WOLFSSL_MSG("Enable CRL failed");
wolfSSL 11:cee25a834751 4918 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 4919 }
wolfSSL 11:cee25a834751 4920 }
wolfSSL 11:cee25a834751 4921
wolfSSL 11:cee25a834751 4922 return BufferLoadCRL(cm->crl, buff, sz, type);
wolfSSL 11:cee25a834751 4923 }
wolfSSL 11:cee25a834751 4924
wolfSSL 11:cee25a834751 4925
wolfSSL 11:cee25a834751 4926 int wolfSSL_CTX_LoadCRLBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
wolfSSL 11:cee25a834751 4927 long sz, int type)
wolfSSL 11:cee25a834751 4928 {
wolfSSL 11:cee25a834751 4929 WOLFSSL_ENTER("wolfSSL_CTX_LoadCRLBuffer");
wolfSSL 11:cee25a834751 4930
wolfSSL 11:cee25a834751 4931 if (ctx == NULL)
wolfSSL 11:cee25a834751 4932 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 4933
wolfSSL 11:cee25a834751 4934 return wolfSSL_CertManagerLoadCRLBuffer(ctx->cm, buff, sz, type);
wolfSSL 11:cee25a834751 4935 }
wolfSSL 11:cee25a834751 4936
wolfSSL 11:cee25a834751 4937
wolfSSL 11:cee25a834751 4938 int wolfSSL_LoadCRLBuffer(WOLFSSL* ssl, const unsigned char* buff,
wolfSSL 11:cee25a834751 4939 long sz, int type)
wolfSSL 11:cee25a834751 4940 {
wolfSSL 11:cee25a834751 4941 WOLFSSL_ENTER("wolfSSL_LoadCRLBuffer");
wolfSSL 11:cee25a834751 4942
wolfSSL 11:cee25a834751 4943 if (ssl == NULL || ssl->ctx == NULL)
wolfSSL 11:cee25a834751 4944 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 4945
wolfSSL 11:cee25a834751 4946 return wolfSSL_CertManagerLoadCRLBuffer(ssl->ctx->cm, buff, sz, type);
wolfSSL 11:cee25a834751 4947 }
wolfSSL 11:cee25a834751 4948
wolfSSL 11:cee25a834751 4949
wolfSSL 11:cee25a834751 4950 #endif /* HAVE_CRL */
wolfSSL 11:cee25a834751 4951
wolfSSL 11:cee25a834751 4952 /* turn on CRL if off and compiled in, set options */
wolfSSL 11:cee25a834751 4953 int wolfSSL_CertManagerEnableCRL(WOLFSSL_CERT_MANAGER* cm, int options)
wolfSSL 11:cee25a834751 4954 {
wolfSSL 11:cee25a834751 4955 int ret = SSL_SUCCESS;
wolfSSL 11:cee25a834751 4956
wolfSSL 11:cee25a834751 4957 (void)options;
wolfSSL 11:cee25a834751 4958
wolfSSL 11:cee25a834751 4959 WOLFSSL_ENTER("wolfSSL_CertManagerEnableCRL");
wolfSSL 11:cee25a834751 4960 if (cm == NULL)
wolfSSL 11:cee25a834751 4961 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 4962
wolfSSL 11:cee25a834751 4963 #ifdef HAVE_CRL
wolfSSL 11:cee25a834751 4964 if (cm->crl == NULL) {
wolfSSL 11:cee25a834751 4965 cm->crl = (WOLFSSL_CRL*)XMALLOC(sizeof(WOLFSSL_CRL), cm->heap,
wolfSSL 11:cee25a834751 4966 DYNAMIC_TYPE_CRL);
wolfSSL 11:cee25a834751 4967 if (cm->crl == NULL)
wolfSSL 11:cee25a834751 4968 return MEMORY_E;
wolfSSL 11:cee25a834751 4969
wolfSSL 11:cee25a834751 4970 if (InitCRL(cm->crl, cm) != 0) {
wolfSSL 11:cee25a834751 4971 WOLFSSL_MSG("Init CRL failed");
wolfSSL 11:cee25a834751 4972 FreeCRL(cm->crl, 1);
wolfSSL 11:cee25a834751 4973 cm->crl = NULL;
wolfSSL 11:cee25a834751 4974 return SSL_FAILURE;
wolfSSL 11:cee25a834751 4975 }
wolfSSL 11:cee25a834751 4976
wolfSSL 11:cee25a834751 4977 #ifdef HAVE_CRL_IO
wolfSSL 11:cee25a834751 4978 cm->crl->crlIOCb = EmbedCrlLookup;
wolfSSL 11:cee25a834751 4979 #endif
wolfSSL 11:cee25a834751 4980 }
wolfSSL 11:cee25a834751 4981
wolfSSL 11:cee25a834751 4982 cm->crlEnabled = 1;
wolfSSL 11:cee25a834751 4983 if (options & WOLFSSL_CRL_CHECKALL)
wolfSSL 11:cee25a834751 4984 cm->crlCheckAll = 1;
wolfSSL 11:cee25a834751 4985 #else
wolfSSL 11:cee25a834751 4986 ret = NOT_COMPILED_IN;
wolfSSL 11:cee25a834751 4987 #endif
wolfSSL 11:cee25a834751 4988
wolfSSL 11:cee25a834751 4989 return ret;
wolfSSL 11:cee25a834751 4990 }
wolfSSL 11:cee25a834751 4991
wolfSSL 11:cee25a834751 4992
wolfSSL 11:cee25a834751 4993 int wolfSSL_CertManagerDisableCRL(WOLFSSL_CERT_MANAGER* cm)
wolfSSL 11:cee25a834751 4994 {
wolfSSL 11:cee25a834751 4995 WOLFSSL_ENTER("wolfSSL_CertManagerDisableCRL");
wolfSSL 11:cee25a834751 4996 if (cm == NULL)
wolfSSL 11:cee25a834751 4997 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 4998
wolfSSL 11:cee25a834751 4999 cm->crlEnabled = 0;
wolfSSL 11:cee25a834751 5000
wolfSSL 11:cee25a834751 5001 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 5002 }
wolfSSL 11:cee25a834751 5003 /* Verify the certificate, SSL_SUCCESS for ok, < 0 for error */
wolfSSL 11:cee25a834751 5004 int wolfSSL_CertManagerVerifyBuffer(WOLFSSL_CERT_MANAGER* cm, const byte* buff,
wolfSSL 11:cee25a834751 5005 long sz, int format)
wolfSSL 11:cee25a834751 5006 {
wolfSSL 11:cee25a834751 5007 int ret = 0;
wolfSSL 11:cee25a834751 5008 DerBuffer* der = NULL;
wolfSSL 11:cee25a834751 5009 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 5010 DecodedCert* cert = NULL;
wolfSSL 11:cee25a834751 5011 #else
wolfSSL 11:cee25a834751 5012 DecodedCert cert[1];
wolfSSL 11:cee25a834751 5013 #endif
wolfSSL 11:cee25a834751 5014
wolfSSL 11:cee25a834751 5015 WOLFSSL_ENTER("wolfSSL_CertManagerVerifyBuffer");
wolfSSL 11:cee25a834751 5016
wolfSSL 11:cee25a834751 5017 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 5018 cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), cm->heap,
wolfSSL 11:cee25a834751 5019 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 5020 if (cert == NULL)
wolfSSL 11:cee25a834751 5021 return MEMORY_E;
wolfSSL 11:cee25a834751 5022 #endif
wolfSSL 11:cee25a834751 5023
wolfSSL 11:cee25a834751 5024 if (format == SSL_FILETYPE_PEM) {
wolfSSL 11:cee25a834751 5025 int eccKey = 0; /* not used */
wolfSSL 11:cee25a834751 5026 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 5027 EncryptedInfo* info = NULL;
wolfSSL 11:cee25a834751 5028 #else
wolfSSL 11:cee25a834751 5029 EncryptedInfo info[1];
wolfSSL 11:cee25a834751 5030 #endif
wolfSSL 11:cee25a834751 5031
wolfSSL 11:cee25a834751 5032 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 5033 info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), cm->heap,
wolfSSL 11:cee25a834751 5034 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 5035 if (info == NULL) {
wolfSSL 11:cee25a834751 5036 XFREE(cert, cm->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 5037 return MEMORY_E;
wolfSSL 11:cee25a834751 5038 }
wolfSSL 11:cee25a834751 5039 #endif
wolfSSL 11:cee25a834751 5040
wolfSSL 11:cee25a834751 5041 info->set = 0;
wolfSSL 11:cee25a834751 5042 info->ctx = NULL;
wolfSSL 11:cee25a834751 5043 info->consumed = 0;
wolfSSL 11:cee25a834751 5044
wolfSSL 11:cee25a834751 5045 ret = PemToDer(buff, sz, CERT_TYPE, &der, cm->heap, info, &eccKey);
wolfSSL 11:cee25a834751 5046 if (ret != 0) {
wolfSSL 11:cee25a834751 5047 FreeDer(&der);
wolfSSL 11:cee25a834751 5048 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 5049 XFREE(info, cm->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 5050 #endif
wolfSSL 11:cee25a834751 5051 return ret;
wolfSSL 11:cee25a834751 5052 }
wolfSSL 11:cee25a834751 5053 InitDecodedCert(cert, der->buffer, der->length, cm->heap);
wolfSSL 11:cee25a834751 5054
wolfSSL 11:cee25a834751 5055 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 5056 XFREE(info, cm->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 5057 #endif
wolfSSL 11:cee25a834751 5058 }
wolfSSL 11:cee25a834751 5059 else
wolfSSL 11:cee25a834751 5060 InitDecodedCert(cert, (byte*)buff, (word32)sz, cm->heap);
wolfSSL 11:cee25a834751 5061
wolfSSL 11:cee25a834751 5062 if (ret == 0)
wolfSSL 11:cee25a834751 5063 ret = ParseCertRelative(cert, CERT_TYPE, 1, cm);
wolfSSL 11:cee25a834751 5064
wolfSSL 11:cee25a834751 5065 #ifdef HAVE_CRL
wolfSSL 11:cee25a834751 5066 if (ret == 0 && cm->crlEnabled)
wolfSSL 11:cee25a834751 5067 ret = CheckCertCRL(cm->crl, cert);
wolfSSL 11:cee25a834751 5068 #endif
wolfSSL 11:cee25a834751 5069
wolfSSL 11:cee25a834751 5070 FreeDecodedCert(cert);
wolfSSL 11:cee25a834751 5071 FreeDer(&der);
wolfSSL 11:cee25a834751 5072 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 5073 XFREE(cert, cm->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 5074 #endif
wolfSSL 11:cee25a834751 5075
wolfSSL 11:cee25a834751 5076 return ret == 0 ? SSL_SUCCESS : ret;
wolfSSL 11:cee25a834751 5077 }
wolfSSL 11:cee25a834751 5078
wolfSSL 11:cee25a834751 5079
wolfSSL 11:cee25a834751 5080 /* turn on OCSP if off and compiled in, set options */
wolfSSL 11:cee25a834751 5081 int wolfSSL_CertManagerEnableOCSP(WOLFSSL_CERT_MANAGER* cm, int options)
wolfSSL 11:cee25a834751 5082 {
wolfSSL 11:cee25a834751 5083 int ret = SSL_SUCCESS;
wolfSSL 11:cee25a834751 5084
wolfSSL 11:cee25a834751 5085 (void)options;
wolfSSL 11:cee25a834751 5086
wolfSSL 11:cee25a834751 5087 WOLFSSL_ENTER("wolfSSL_CertManagerEnableOCSP");
wolfSSL 11:cee25a834751 5088 if (cm == NULL)
wolfSSL 11:cee25a834751 5089 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 5090
wolfSSL 11:cee25a834751 5091 #ifdef HAVE_OCSP
wolfSSL 11:cee25a834751 5092 if (cm->ocsp == NULL) {
wolfSSL 11:cee25a834751 5093 cm->ocsp = (WOLFSSL_OCSP*)XMALLOC(sizeof(WOLFSSL_OCSP), cm->heap,
wolfSSL 11:cee25a834751 5094 DYNAMIC_TYPE_OCSP);
wolfSSL 11:cee25a834751 5095 if (cm->ocsp == NULL)
wolfSSL 11:cee25a834751 5096 return MEMORY_E;
wolfSSL 11:cee25a834751 5097
wolfSSL 11:cee25a834751 5098 if (InitOCSP(cm->ocsp, cm) != 0) {
wolfSSL 11:cee25a834751 5099 WOLFSSL_MSG("Init OCSP failed");
wolfSSL 11:cee25a834751 5100 FreeOCSP(cm->ocsp, 1);
wolfSSL 11:cee25a834751 5101 cm->ocsp = NULL;
wolfSSL 11:cee25a834751 5102 return SSL_FAILURE;
wolfSSL 11:cee25a834751 5103 }
wolfSSL 11:cee25a834751 5104 }
wolfSSL 11:cee25a834751 5105 cm->ocspEnabled = 1;
wolfSSL 11:cee25a834751 5106 if (options & WOLFSSL_OCSP_URL_OVERRIDE)
wolfSSL 11:cee25a834751 5107 cm->ocspUseOverrideURL = 1;
wolfSSL 11:cee25a834751 5108 if (options & WOLFSSL_OCSP_NO_NONCE)
wolfSSL 11:cee25a834751 5109 cm->ocspSendNonce = 0;
wolfSSL 11:cee25a834751 5110 else
wolfSSL 11:cee25a834751 5111 cm->ocspSendNonce = 1;
wolfSSL 11:cee25a834751 5112 if (options & WOLFSSL_OCSP_CHECKALL)
wolfSSL 11:cee25a834751 5113 cm->ocspCheckAll = 1;
wolfSSL 11:cee25a834751 5114 #ifndef WOLFSSL_USER_IO
wolfSSL 11:cee25a834751 5115 cm->ocspIOCb = EmbedOcspLookup;
wolfSSL 11:cee25a834751 5116 cm->ocspRespFreeCb = EmbedOcspRespFree;
wolfSSL 11:cee25a834751 5117 cm->ocspIOCtx = cm->heap;
wolfSSL 11:cee25a834751 5118 #endif /* WOLFSSL_USER_IO */
wolfSSL 11:cee25a834751 5119 #else
wolfSSL 11:cee25a834751 5120 ret = NOT_COMPILED_IN;
wolfSSL 11:cee25a834751 5121 #endif
wolfSSL 11:cee25a834751 5122
wolfSSL 11:cee25a834751 5123 return ret;
wolfSSL 11:cee25a834751 5124 }
wolfSSL 11:cee25a834751 5125
wolfSSL 11:cee25a834751 5126
wolfSSL 11:cee25a834751 5127 int wolfSSL_CertManagerDisableOCSP(WOLFSSL_CERT_MANAGER* cm)
wolfSSL 11:cee25a834751 5128 {
wolfSSL 11:cee25a834751 5129 WOLFSSL_ENTER("wolfSSL_CertManagerDisableOCSP");
wolfSSL 11:cee25a834751 5130 if (cm == NULL)
wolfSSL 11:cee25a834751 5131 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 5132
wolfSSL 11:cee25a834751 5133 cm->ocspEnabled = 0;
wolfSSL 11:cee25a834751 5134
wolfSSL 11:cee25a834751 5135 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 5136 }
wolfSSL 11:cee25a834751 5137
wolfSSL 11:cee25a834751 5138 /* turn on OCSP Stapling if off and compiled in, set options */
wolfSSL 11:cee25a834751 5139 int wolfSSL_CertManagerEnableOCSPStapling(WOLFSSL_CERT_MANAGER* cm)
wolfSSL 11:cee25a834751 5140 {
wolfSSL 11:cee25a834751 5141 int ret = SSL_SUCCESS;
wolfSSL 11:cee25a834751 5142
wolfSSL 11:cee25a834751 5143 WOLFSSL_ENTER("wolfSSL_CertManagerEnableOCSPStapling");
wolfSSL 11:cee25a834751 5144 if (cm == NULL)
wolfSSL 11:cee25a834751 5145 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 5146
wolfSSL 11:cee25a834751 5147 #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
wolfSSL 11:cee25a834751 5148 || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
wolfSSL 11:cee25a834751 5149 if (cm->ocsp_stapling == NULL) {
wolfSSL 11:cee25a834751 5150 cm->ocsp_stapling = (WOLFSSL_OCSP*)XMALLOC(sizeof(WOLFSSL_OCSP),
wolfSSL 11:cee25a834751 5151 cm->heap, DYNAMIC_TYPE_OCSP);
wolfSSL 11:cee25a834751 5152 if (cm->ocsp_stapling == NULL)
wolfSSL 11:cee25a834751 5153 return MEMORY_E;
wolfSSL 11:cee25a834751 5154
wolfSSL 11:cee25a834751 5155 if (InitOCSP(cm->ocsp_stapling, cm) != 0) {
wolfSSL 11:cee25a834751 5156 WOLFSSL_MSG("Init OCSP failed");
wolfSSL 11:cee25a834751 5157 FreeOCSP(cm->ocsp_stapling, 1);
wolfSSL 11:cee25a834751 5158 cm->ocsp_stapling = NULL;
wolfSSL 11:cee25a834751 5159 return SSL_FAILURE;
wolfSSL 11:cee25a834751 5160 }
wolfSSL 11:cee25a834751 5161 }
wolfSSL 11:cee25a834751 5162 cm->ocspStaplingEnabled = 1;
wolfSSL 11:cee25a834751 5163
wolfSSL 11:cee25a834751 5164 #ifndef WOLFSSL_USER_IO
wolfSSL 11:cee25a834751 5165 cm->ocspIOCb = EmbedOcspLookup;
wolfSSL 11:cee25a834751 5166 cm->ocspRespFreeCb = EmbedOcspRespFree;
wolfSSL 11:cee25a834751 5167 cm->ocspIOCtx = cm->heap;
wolfSSL 11:cee25a834751 5168 #endif /* WOLFSSL_USER_IO */
wolfSSL 11:cee25a834751 5169 #else
wolfSSL 11:cee25a834751 5170 ret = NOT_COMPILED_IN;
wolfSSL 11:cee25a834751 5171 #endif
wolfSSL 11:cee25a834751 5172
wolfSSL 11:cee25a834751 5173 return ret;
wolfSSL 11:cee25a834751 5174 }
wolfSSL 11:cee25a834751 5175
wolfSSL 11:cee25a834751 5176
wolfSSL 11:cee25a834751 5177 #ifdef HAVE_OCSP
wolfSSL 11:cee25a834751 5178
wolfSSL 11:cee25a834751 5179
wolfSSL 11:cee25a834751 5180 /* check CRL if enabled, SSL_SUCCESS */
wolfSSL 11:cee25a834751 5181 int wolfSSL_CertManagerCheckOCSP(WOLFSSL_CERT_MANAGER* cm, byte* der, int sz)
wolfSSL 11:cee25a834751 5182 {
wolfSSL 11:cee25a834751 5183 int ret;
wolfSSL 11:cee25a834751 5184 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 5185 DecodedCert* cert = NULL;
wolfSSL 11:cee25a834751 5186 #else
wolfSSL 11:cee25a834751 5187 DecodedCert cert[1];
wolfSSL 11:cee25a834751 5188 #endif
wolfSSL 11:cee25a834751 5189
wolfSSL 11:cee25a834751 5190 WOLFSSL_ENTER("wolfSSL_CertManagerCheckOCSP");
wolfSSL 11:cee25a834751 5191
wolfSSL 11:cee25a834751 5192 if (cm == NULL)
wolfSSL 11:cee25a834751 5193 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 5194
wolfSSL 11:cee25a834751 5195 if (cm->ocspEnabled == 0)
wolfSSL 11:cee25a834751 5196 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 5197
wolfSSL 11:cee25a834751 5198 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 5199 cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL,
wolfSSL 11:cee25a834751 5200 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 5201 if (cert == NULL)
wolfSSL 11:cee25a834751 5202 return MEMORY_E;
wolfSSL 11:cee25a834751 5203 #endif
wolfSSL 11:cee25a834751 5204
wolfSSL 11:cee25a834751 5205 InitDecodedCert(cert, der, sz, NULL);
wolfSSL 11:cee25a834751 5206
wolfSSL 11:cee25a834751 5207 if ((ret = ParseCertRelative(cert, CERT_TYPE, VERIFY_OCSP, cm)) != 0) {
wolfSSL 11:cee25a834751 5208 WOLFSSL_MSG("ParseCert failed");
wolfSSL 11:cee25a834751 5209 }
wolfSSL 11:cee25a834751 5210 else if ((ret = CheckCertOCSP(cm->ocsp, cert, NULL)) != 0) {
wolfSSL 11:cee25a834751 5211 WOLFSSL_MSG("CheckCertOCSP failed");
wolfSSL 11:cee25a834751 5212 }
wolfSSL 11:cee25a834751 5213
wolfSSL 11:cee25a834751 5214 FreeDecodedCert(cert);
wolfSSL 11:cee25a834751 5215 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 5216 XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 5217 #endif
wolfSSL 11:cee25a834751 5218
wolfSSL 11:cee25a834751 5219 return ret == 0 ? SSL_SUCCESS : ret;
wolfSSL 11:cee25a834751 5220 }
wolfSSL 11:cee25a834751 5221
wolfSSL 11:cee25a834751 5222
wolfSSL 11:cee25a834751 5223 int wolfSSL_CertManagerSetOCSPOverrideURL(WOLFSSL_CERT_MANAGER* cm,
wolfSSL 11:cee25a834751 5224 const char* url)
wolfSSL 11:cee25a834751 5225 {
wolfSSL 11:cee25a834751 5226 WOLFSSL_ENTER("wolfSSL_CertManagerSetOCSPOverrideURL");
wolfSSL 11:cee25a834751 5227 if (cm == NULL)
wolfSSL 11:cee25a834751 5228 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 5229
wolfSSL 11:cee25a834751 5230 XFREE(cm->ocspOverrideURL, cm->heap, DYNAMIC_TYPE_URL);
wolfSSL 11:cee25a834751 5231 if (url != NULL) {
wolfSSL 11:cee25a834751 5232 int urlSz = (int)XSTRLEN(url) + 1;
wolfSSL 11:cee25a834751 5233 cm->ocspOverrideURL = (char*)XMALLOC(urlSz, cm->heap, DYNAMIC_TYPE_URL);
wolfSSL 11:cee25a834751 5234 if (cm->ocspOverrideURL != NULL) {
wolfSSL 11:cee25a834751 5235 XMEMCPY(cm->ocspOverrideURL, url, urlSz);
wolfSSL 11:cee25a834751 5236 }
wolfSSL 11:cee25a834751 5237 else
wolfSSL 11:cee25a834751 5238 return MEMORY_E;
wolfSSL 11:cee25a834751 5239 }
wolfSSL 11:cee25a834751 5240 else
wolfSSL 11:cee25a834751 5241 cm->ocspOverrideURL = NULL;
wolfSSL 11:cee25a834751 5242
wolfSSL 11:cee25a834751 5243 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 5244 }
wolfSSL 11:cee25a834751 5245
wolfSSL 11:cee25a834751 5246
wolfSSL 11:cee25a834751 5247 int wolfSSL_CertManagerSetOCSP_Cb(WOLFSSL_CERT_MANAGER* cm,
wolfSSL 11:cee25a834751 5248 CbOCSPIO ioCb, CbOCSPRespFree respFreeCb, void* ioCbCtx)
wolfSSL 11:cee25a834751 5249 {
wolfSSL 11:cee25a834751 5250 WOLFSSL_ENTER("wolfSSL_CertManagerSetOCSP_Cb");
wolfSSL 11:cee25a834751 5251 if (cm == NULL)
wolfSSL 11:cee25a834751 5252 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 5253
wolfSSL 11:cee25a834751 5254 cm->ocspIOCb = ioCb;
wolfSSL 11:cee25a834751 5255 cm->ocspRespFreeCb = respFreeCb;
wolfSSL 11:cee25a834751 5256 cm->ocspIOCtx = ioCbCtx;
wolfSSL 11:cee25a834751 5257
wolfSSL 11:cee25a834751 5258 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 5259 }
wolfSSL 11:cee25a834751 5260
wolfSSL 11:cee25a834751 5261
wolfSSL 11:cee25a834751 5262 int wolfSSL_EnableOCSP(WOLFSSL* ssl, int options)
wolfSSL 11:cee25a834751 5263 {
wolfSSL 11:cee25a834751 5264 WOLFSSL_ENTER("wolfSSL_EnableOCSP");
wolfSSL 11:cee25a834751 5265 if (ssl)
wolfSSL 11:cee25a834751 5266 return wolfSSL_CertManagerEnableOCSP(ssl->ctx->cm, options);
wolfSSL 11:cee25a834751 5267 else
wolfSSL 11:cee25a834751 5268 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 5269 }
wolfSSL 11:cee25a834751 5270
wolfSSL 11:cee25a834751 5271
wolfSSL 11:cee25a834751 5272 int wolfSSL_DisableOCSP(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 5273 {
wolfSSL 11:cee25a834751 5274 WOLFSSL_ENTER("wolfSSL_DisableOCSP");
wolfSSL 11:cee25a834751 5275 if (ssl)
wolfSSL 11:cee25a834751 5276 return wolfSSL_CertManagerDisableOCSP(ssl->ctx->cm);
wolfSSL 11:cee25a834751 5277 else
wolfSSL 11:cee25a834751 5278 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 5279 }
wolfSSL 11:cee25a834751 5280
wolfSSL 11:cee25a834751 5281
wolfSSL 11:cee25a834751 5282 int wolfSSL_SetOCSP_OverrideURL(WOLFSSL* ssl, const char* url)
wolfSSL 11:cee25a834751 5283 {
wolfSSL 11:cee25a834751 5284 WOLFSSL_ENTER("wolfSSL_SetOCSP_OverrideURL");
wolfSSL 11:cee25a834751 5285 if (ssl)
wolfSSL 11:cee25a834751 5286 return wolfSSL_CertManagerSetOCSPOverrideURL(ssl->ctx->cm, url);
wolfSSL 11:cee25a834751 5287 else
wolfSSL 11:cee25a834751 5288 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 5289 }
wolfSSL 11:cee25a834751 5290
wolfSSL 11:cee25a834751 5291
wolfSSL 11:cee25a834751 5292 int wolfSSL_SetOCSP_Cb(WOLFSSL* ssl,
wolfSSL 11:cee25a834751 5293 CbOCSPIO ioCb, CbOCSPRespFree respFreeCb, void* ioCbCtx)
wolfSSL 11:cee25a834751 5294 {
wolfSSL 11:cee25a834751 5295 WOLFSSL_ENTER("wolfSSL_SetOCSP_Cb");
wolfSSL 11:cee25a834751 5296 if (ssl)
wolfSSL 11:cee25a834751 5297 return wolfSSL_CertManagerSetOCSP_Cb(ssl->ctx->cm,
wolfSSL 11:cee25a834751 5298 ioCb, respFreeCb, ioCbCtx);
wolfSSL 11:cee25a834751 5299 else
wolfSSL 11:cee25a834751 5300 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 5301 }
wolfSSL 11:cee25a834751 5302
wolfSSL 11:cee25a834751 5303
wolfSSL 11:cee25a834751 5304 int wolfSSL_CTX_EnableOCSP(WOLFSSL_CTX* ctx, int options)
wolfSSL 11:cee25a834751 5305 {
wolfSSL 11:cee25a834751 5306 WOLFSSL_ENTER("wolfSSL_CTX_EnableOCSP");
wolfSSL 11:cee25a834751 5307 if (ctx)
wolfSSL 11:cee25a834751 5308 return wolfSSL_CertManagerEnableOCSP(ctx->cm, options);
wolfSSL 11:cee25a834751 5309 else
wolfSSL 11:cee25a834751 5310 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 5311 }
wolfSSL 11:cee25a834751 5312
wolfSSL 11:cee25a834751 5313
wolfSSL 11:cee25a834751 5314 int wolfSSL_CTX_DisableOCSP(WOLFSSL_CTX* ctx)
wolfSSL 11:cee25a834751 5315 {
wolfSSL 11:cee25a834751 5316 WOLFSSL_ENTER("wolfSSL_CTX_DisableOCSP");
wolfSSL 11:cee25a834751 5317 if (ctx)
wolfSSL 11:cee25a834751 5318 return wolfSSL_CertManagerDisableOCSP(ctx->cm);
wolfSSL 11:cee25a834751 5319 else
wolfSSL 11:cee25a834751 5320 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 5321 }
wolfSSL 11:cee25a834751 5322
wolfSSL 11:cee25a834751 5323
wolfSSL 11:cee25a834751 5324 int wolfSSL_CTX_SetOCSP_OverrideURL(WOLFSSL_CTX* ctx, const char* url)
wolfSSL 11:cee25a834751 5325 {
wolfSSL 11:cee25a834751 5326 WOLFSSL_ENTER("wolfSSL_SetOCSP_OverrideURL");
wolfSSL 11:cee25a834751 5327 if (ctx)
wolfSSL 11:cee25a834751 5328 return wolfSSL_CertManagerSetOCSPOverrideURL(ctx->cm, url);
wolfSSL 11:cee25a834751 5329 else
wolfSSL 11:cee25a834751 5330 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 5331 }
wolfSSL 11:cee25a834751 5332
wolfSSL 11:cee25a834751 5333
wolfSSL 11:cee25a834751 5334 int wolfSSL_CTX_SetOCSP_Cb(WOLFSSL_CTX* ctx, CbOCSPIO ioCb,
wolfSSL 11:cee25a834751 5335 CbOCSPRespFree respFreeCb, void* ioCbCtx)
wolfSSL 11:cee25a834751 5336 {
wolfSSL 11:cee25a834751 5337 WOLFSSL_ENTER("wolfSSL_CTX_SetOCSP_Cb");
wolfSSL 11:cee25a834751 5338 if (ctx)
wolfSSL 11:cee25a834751 5339 return wolfSSL_CertManagerSetOCSP_Cb(ctx->cm, ioCb,
wolfSSL 11:cee25a834751 5340 respFreeCb, ioCbCtx);
wolfSSL 11:cee25a834751 5341 else
wolfSSL 11:cee25a834751 5342 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 5343 }
wolfSSL 11:cee25a834751 5344
wolfSSL 11:cee25a834751 5345 #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
wolfSSL 11:cee25a834751 5346 || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
wolfSSL 11:cee25a834751 5347 int wolfSSL_CTX_EnableOCSPStapling(WOLFSSL_CTX* ctx)
wolfSSL 11:cee25a834751 5348 {
wolfSSL 11:cee25a834751 5349 WOLFSSL_ENTER("wolfSSL_CTX_EnableOCSPStapling");
wolfSSL 11:cee25a834751 5350 if (ctx)
wolfSSL 11:cee25a834751 5351 return wolfSSL_CertManagerEnableOCSPStapling(ctx->cm);
wolfSSL 11:cee25a834751 5352 else
wolfSSL 11:cee25a834751 5353 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 5354 }
wolfSSL 11:cee25a834751 5355 #endif
wolfSSL 11:cee25a834751 5356
wolfSSL 11:cee25a834751 5357 #endif /* HAVE_OCSP */
wolfSSL 11:cee25a834751 5358
wolfSSL 11:cee25a834751 5359
wolfSSL 11:cee25a834751 5360 #ifndef NO_FILESYSTEM
wolfSSL 11:cee25a834751 5361
wolfSSL 11:cee25a834751 5362 /* process a file with name fname into ctx of format and type
wolfSSL 11:cee25a834751 5363 userChain specifies a user certificate chain to pass during handshake */
wolfSSL 11:cee25a834751 5364 int ProcessFile(WOLFSSL_CTX* ctx, const char* fname, int format, int type,
wolfSSL 11:cee25a834751 5365 WOLFSSL* ssl, int userChain, WOLFSSL_CRL* crl)
wolfSSL 11:cee25a834751 5366 {
wolfSSL 11:cee25a834751 5367 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 5368 byte staticBuffer[1]; /* force heap usage */
wolfSSL 11:cee25a834751 5369 #else
wolfSSL 11:cee25a834751 5370 byte staticBuffer[FILE_BUFFER_SIZE];
wolfSSL 11:cee25a834751 5371 #endif
wolfSSL 11:cee25a834751 5372 byte* myBuffer = staticBuffer;
wolfSSL 11:cee25a834751 5373 int dynamic = 0;
wolfSSL 11:cee25a834751 5374 int ret;
wolfSSL 11:cee25a834751 5375 long sz = 0;
wolfSSL 11:cee25a834751 5376 XFILE file;
wolfSSL 11:cee25a834751 5377 void* heapHint = ctx ? ctx->heap : ((ssl) ? ssl->heap : NULL);
wolfSSL 11:cee25a834751 5378
wolfSSL 11:cee25a834751 5379 (void)crl;
wolfSSL 11:cee25a834751 5380 (void)heapHint;
wolfSSL 11:cee25a834751 5381
wolfSSL 11:cee25a834751 5382 if (fname == NULL) return SSL_BAD_FILE;
wolfSSL 11:cee25a834751 5383
wolfSSL 11:cee25a834751 5384 file = XFOPEN(fname, "rb");
wolfSSL 11:cee25a834751 5385 if (file == XBADFILE) return SSL_BAD_FILE;
wolfSSL 11:cee25a834751 5386 XFSEEK(file, 0, XSEEK_END);
wolfSSL 11:cee25a834751 5387 sz = XFTELL(file);
wolfSSL 11:cee25a834751 5388 XREWIND(file);
wolfSSL 11:cee25a834751 5389
wolfSSL 11:cee25a834751 5390 if (sz > (long)sizeof(staticBuffer)) {
wolfSSL 11:cee25a834751 5391 WOLFSSL_MSG("Getting dynamic buffer");
wolfSSL 11:cee25a834751 5392 myBuffer = (byte*)XMALLOC(sz, heapHint, DYNAMIC_TYPE_FILE);
wolfSSL 11:cee25a834751 5393 if (myBuffer == NULL) {
wolfSSL 11:cee25a834751 5394 XFCLOSE(file);
wolfSSL 11:cee25a834751 5395 return SSL_BAD_FILE;
wolfSSL 11:cee25a834751 5396 }
wolfSSL 11:cee25a834751 5397 dynamic = 1;
wolfSSL 11:cee25a834751 5398 }
wolfSSL 11:cee25a834751 5399 else if (sz <= 0) {
wolfSSL 11:cee25a834751 5400 XFCLOSE(file);
wolfSSL 11:cee25a834751 5401 return SSL_BAD_FILE;
wolfSSL 11:cee25a834751 5402 }
wolfSSL 11:cee25a834751 5403
wolfSSL 11:cee25a834751 5404 if ( (ret = (int)XFREAD(myBuffer, 1, sz, file)) != sz)
wolfSSL 11:cee25a834751 5405 ret = SSL_BAD_FILE;
wolfSSL 11:cee25a834751 5406 else {
wolfSSL 11:cee25a834751 5407 if ((type == CA_TYPE || type == TRUSTED_PEER_TYPE)
wolfSSL 11:cee25a834751 5408 && format == SSL_FILETYPE_PEM)
wolfSSL 11:cee25a834751 5409 ret = ProcessChainBuffer(ctx, myBuffer, sz, format, type, ssl);
wolfSSL 11:cee25a834751 5410 #ifdef HAVE_CRL
wolfSSL 11:cee25a834751 5411 else if (type == CRL_TYPE)
wolfSSL 11:cee25a834751 5412 ret = BufferLoadCRL(crl, myBuffer, sz, format);
wolfSSL 11:cee25a834751 5413 #endif
wolfSSL 11:cee25a834751 5414 else
wolfSSL 11:cee25a834751 5415 ret = ProcessBuffer(ctx, myBuffer, sz, format, type, ssl, NULL,
wolfSSL 11:cee25a834751 5416 userChain);
wolfSSL 11:cee25a834751 5417 }
wolfSSL 11:cee25a834751 5418
wolfSSL 11:cee25a834751 5419 XFCLOSE(file);
wolfSSL 11:cee25a834751 5420 if (dynamic)
wolfSSL 11:cee25a834751 5421 XFREE(myBuffer, heapHint, DYNAMIC_TYPE_FILE);
wolfSSL 11:cee25a834751 5422
wolfSSL 11:cee25a834751 5423 return ret;
wolfSSL 11:cee25a834751 5424 }
wolfSSL 11:cee25a834751 5425
wolfSSL 11:cee25a834751 5426
wolfSSL 11:cee25a834751 5427 /* loads file then loads each file in path, no c_rehash */
wolfSSL 11:cee25a834751 5428 int wolfSSL_CTX_load_verify_locations(WOLFSSL_CTX* ctx, const char* file,
wolfSSL 11:cee25a834751 5429 const char* path)
wolfSSL 11:cee25a834751 5430 {
wolfSSL 11:cee25a834751 5431 int ret = SSL_SUCCESS;
wolfSSL 11:cee25a834751 5432
wolfSSL 11:cee25a834751 5433 WOLFSSL_ENTER("wolfSSL_CTX_load_verify_locations");
wolfSSL 11:cee25a834751 5434
wolfSSL 11:cee25a834751 5435 if (ctx == NULL || (file == NULL && path == NULL) )
wolfSSL 11:cee25a834751 5436 return SSL_FAILURE;
wolfSSL 11:cee25a834751 5437
wolfSSL 11:cee25a834751 5438 if (file)
wolfSSL 11:cee25a834751 5439 ret = ProcessFile(ctx, file, SSL_FILETYPE_PEM, CA_TYPE, NULL, 0, NULL);
wolfSSL 11:cee25a834751 5440
wolfSSL 11:cee25a834751 5441 if (ret == SSL_SUCCESS && path) {
wolfSSL 11:cee25a834751 5442 #ifndef NO_WOLFSSL_DIR
wolfSSL 11:cee25a834751 5443 char* name = NULL;
wolfSSL 11:cee25a834751 5444 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 5445 ReadDirCtx* readCtx = NULL;
wolfSSL 11:cee25a834751 5446 readCtx = (ReadDirCtx*)XMALLOC(sizeof(ReadDirCtx), ctx->heap,
wolfSSL 11:cee25a834751 5447 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 5448 if (name == NULL)
wolfSSL 11:cee25a834751 5449 return MEMORY_E;
wolfSSL 11:cee25a834751 5450 #else
wolfSSL 11:cee25a834751 5451 ReadDirCtx readCtx[1];
wolfSSL 11:cee25a834751 5452 #endif
wolfSSL 11:cee25a834751 5453
wolfSSL 11:cee25a834751 5454 /* try to load each regular file in path */
wolfSSL 11:cee25a834751 5455 ret = wc_ReadDirFirst(readCtx, path, &name);
wolfSSL 11:cee25a834751 5456 while (ret == 0 && name) {
wolfSSL 11:cee25a834751 5457 ret = ProcessFile(ctx, name, SSL_FILETYPE_PEM, CA_TYPE,
wolfSSL 11:cee25a834751 5458 NULL, 0, NULL);
wolfSSL 11:cee25a834751 5459 if (ret != SSL_SUCCESS)
wolfSSL 11:cee25a834751 5460 break;
wolfSSL 11:cee25a834751 5461 ret = wc_ReadDirNext(readCtx, path, &name);
wolfSSL 11:cee25a834751 5462 }
wolfSSL 11:cee25a834751 5463 wc_ReadDirClose(readCtx);
wolfSSL 11:cee25a834751 5464
wolfSSL 11:cee25a834751 5465 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 5466 XFREE(readCtx, ctx->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 5467 #endif
wolfSSL 11:cee25a834751 5468 #else
wolfSSL 11:cee25a834751 5469 ret = NOT_COMPILED_IN;
wolfSSL 11:cee25a834751 5470 #endif
wolfSSL 11:cee25a834751 5471 }
wolfSSL 11:cee25a834751 5472
wolfSSL 11:cee25a834751 5473 return ret;
wolfSSL 11:cee25a834751 5474 }
wolfSSL 11:cee25a834751 5475
wolfSSL 11:cee25a834751 5476
wolfSSL 11:cee25a834751 5477 #ifdef WOLFSSL_TRUST_PEER_CERT
wolfSSL 11:cee25a834751 5478 /* Used to specify a peer cert to match when connecting
wolfSSL 11:cee25a834751 5479 ctx : the ctx structure to load in peer cert
wolfSSL 11:cee25a834751 5480 file: the string name of cert file
wolfSSL 11:cee25a834751 5481 type: type of format such as PEM/DER
wolfSSL 11:cee25a834751 5482 */
wolfSSL 11:cee25a834751 5483 int wolfSSL_CTX_trust_peer_cert(WOLFSSL_CTX* ctx, const char* file, int type)
wolfSSL 11:cee25a834751 5484 {
wolfSSL 11:cee25a834751 5485 WOLFSSL_ENTER("wolfSSL_CTX_trust_peer_cert");
wolfSSL 11:cee25a834751 5486
wolfSSL 11:cee25a834751 5487 if (ctx == NULL || file == NULL) {
wolfSSL 11:cee25a834751 5488 return SSL_FAILURE;
wolfSSL 11:cee25a834751 5489 }
wolfSSL 11:cee25a834751 5490
wolfSSL 11:cee25a834751 5491 return ProcessFile(ctx, file, type, TRUSTED_PEER_TYPE, NULL, 0, NULL);
wolfSSL 11:cee25a834751 5492 }
wolfSSL 11:cee25a834751 5493 #endif /* WOLFSSL_TRUST_PEER_CERT */
wolfSSL 11:cee25a834751 5494
wolfSSL 11:cee25a834751 5495
wolfSSL 11:cee25a834751 5496 /* Verify the certificate, SSL_SUCCESS for ok, < 0 for error */
wolfSSL 11:cee25a834751 5497 int wolfSSL_CertManagerVerify(WOLFSSL_CERT_MANAGER* cm, const char* fname,
wolfSSL 11:cee25a834751 5498 int format)
wolfSSL 11:cee25a834751 5499 {
wolfSSL 11:cee25a834751 5500 int ret = SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 5501 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 5502 byte staticBuffer[1]; /* force heap usage */
wolfSSL 11:cee25a834751 5503 #else
wolfSSL 11:cee25a834751 5504 byte staticBuffer[FILE_BUFFER_SIZE];
wolfSSL 11:cee25a834751 5505 #endif
wolfSSL 11:cee25a834751 5506 byte* myBuffer = staticBuffer;
wolfSSL 11:cee25a834751 5507 int dynamic = 0;
wolfSSL 11:cee25a834751 5508 long sz = 0;
wolfSSL 11:cee25a834751 5509 XFILE file = XFOPEN(fname, "rb");
wolfSSL 11:cee25a834751 5510
wolfSSL 11:cee25a834751 5511 WOLFSSL_ENTER("wolfSSL_CertManagerVerify");
wolfSSL 11:cee25a834751 5512
wolfSSL 11:cee25a834751 5513 if (file == XBADFILE) return SSL_BAD_FILE;
wolfSSL 11:cee25a834751 5514 XFSEEK(file, 0, XSEEK_END);
wolfSSL 11:cee25a834751 5515 sz = XFTELL(file);
wolfSSL 11:cee25a834751 5516 XREWIND(file);
wolfSSL 11:cee25a834751 5517
wolfSSL 11:cee25a834751 5518 if (sz > MAX_WOLFSSL_FILE_SIZE || sz <= 0) {
wolfSSL 11:cee25a834751 5519 WOLFSSL_MSG("CertManagerVerify file bad size");
wolfSSL 11:cee25a834751 5520 XFCLOSE(file);
wolfSSL 11:cee25a834751 5521 return SSL_BAD_FILE;
wolfSSL 11:cee25a834751 5522 }
wolfSSL 11:cee25a834751 5523
wolfSSL 11:cee25a834751 5524 if (sz > (long)sizeof(staticBuffer)) {
wolfSSL 11:cee25a834751 5525 WOLFSSL_MSG("Getting dynamic buffer");
wolfSSL 11:cee25a834751 5526 myBuffer = (byte*) XMALLOC(sz, cm->heap, DYNAMIC_TYPE_FILE);
wolfSSL 11:cee25a834751 5527 if (myBuffer == NULL) {
wolfSSL 11:cee25a834751 5528 XFCLOSE(file);
wolfSSL 11:cee25a834751 5529 return SSL_BAD_FILE;
wolfSSL 11:cee25a834751 5530 }
wolfSSL 11:cee25a834751 5531 dynamic = 1;
wolfSSL 11:cee25a834751 5532 }
wolfSSL 11:cee25a834751 5533
wolfSSL 11:cee25a834751 5534 if ( (ret = (int)XFREAD(myBuffer, 1, sz, file)) != sz)
wolfSSL 11:cee25a834751 5535 ret = SSL_BAD_FILE;
wolfSSL 11:cee25a834751 5536 else
wolfSSL 11:cee25a834751 5537 ret = wolfSSL_CertManagerVerifyBuffer(cm, myBuffer, sz, format);
wolfSSL 11:cee25a834751 5538
wolfSSL 11:cee25a834751 5539 XFCLOSE(file);
wolfSSL 11:cee25a834751 5540 if (dynamic)
wolfSSL 11:cee25a834751 5541 XFREE(myBuffer, cm->heap, DYNAMIC_TYPE_FILE);
wolfSSL 11:cee25a834751 5542
wolfSSL 11:cee25a834751 5543 return ret;
wolfSSL 11:cee25a834751 5544 }
wolfSSL 11:cee25a834751 5545
wolfSSL 11:cee25a834751 5546
wolfSSL 11:cee25a834751 5547 /* like load verify locations, 1 for success, < 0 for error */
wolfSSL 11:cee25a834751 5548 int wolfSSL_CertManagerLoadCA(WOLFSSL_CERT_MANAGER* cm, const char* file,
wolfSSL 11:cee25a834751 5549 const char* path)
wolfSSL 11:cee25a834751 5550 {
wolfSSL 11:cee25a834751 5551 int ret = SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 5552 WOLFSSL_CTX* tmp;
wolfSSL 11:cee25a834751 5553
wolfSSL 11:cee25a834751 5554 WOLFSSL_ENTER("wolfSSL_CertManagerLoadCA");
wolfSSL 11:cee25a834751 5555
wolfSSL 11:cee25a834751 5556 if (cm == NULL) {
wolfSSL 11:cee25a834751 5557 WOLFSSL_MSG("No CertManager error");
wolfSSL 11:cee25a834751 5558 return ret;
wolfSSL 11:cee25a834751 5559 }
wolfSSL 11:cee25a834751 5560 tmp = wolfSSL_CTX_new(cm_pick_method());
wolfSSL 11:cee25a834751 5561
wolfSSL 11:cee25a834751 5562 if (tmp == NULL) {
wolfSSL 11:cee25a834751 5563 WOLFSSL_MSG("CTX new failed");
wolfSSL 11:cee25a834751 5564 return ret;
wolfSSL 11:cee25a834751 5565 }
wolfSSL 11:cee25a834751 5566
wolfSSL 11:cee25a834751 5567 /* for tmp use */
wolfSSL 11:cee25a834751 5568 wolfSSL_CertManagerFree(tmp->cm);
wolfSSL 11:cee25a834751 5569 tmp->cm = cm;
wolfSSL 11:cee25a834751 5570
wolfSSL 11:cee25a834751 5571 ret = wolfSSL_CTX_load_verify_locations(tmp, file, path);
wolfSSL 11:cee25a834751 5572
wolfSSL 11:cee25a834751 5573 /* don't loose our good one */
wolfSSL 11:cee25a834751 5574 tmp->cm = NULL;
wolfSSL 11:cee25a834751 5575 wolfSSL_CTX_free(tmp);
wolfSSL 11:cee25a834751 5576
wolfSSL 11:cee25a834751 5577 return ret;
wolfSSL 11:cee25a834751 5578 }
wolfSSL 11:cee25a834751 5579
wolfSSL 11:cee25a834751 5580
wolfSSL 11:cee25a834751 5581
wolfSSL 11:cee25a834751 5582
wolfSSL 11:cee25a834751 5583 int wolfSSL_CTX_check_private_key(WOLFSSL_CTX* ctx)
wolfSSL 11:cee25a834751 5584 {
wolfSSL 11:cee25a834751 5585 /* TODO: check private against public for RSA match */
wolfSSL 11:cee25a834751 5586 (void)ctx;
wolfSSL 11:cee25a834751 5587 WOLFSSL_ENTER("SSL_CTX_check_private_key");
wolfSSL 11:cee25a834751 5588 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 5589 }
wolfSSL 11:cee25a834751 5590
wolfSSL 11:cee25a834751 5591
wolfSSL 11:cee25a834751 5592 #ifdef HAVE_CRL
wolfSSL 11:cee25a834751 5593
wolfSSL 11:cee25a834751 5594
wolfSSL 11:cee25a834751 5595 /* check CRL if enabled, SSL_SUCCESS */
wolfSSL 11:cee25a834751 5596 int wolfSSL_CertManagerCheckCRL(WOLFSSL_CERT_MANAGER* cm, byte* der, int sz)
wolfSSL 11:cee25a834751 5597 {
wolfSSL 11:cee25a834751 5598 int ret = 0;
wolfSSL 11:cee25a834751 5599 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 5600 DecodedCert* cert = NULL;
wolfSSL 11:cee25a834751 5601 #else
wolfSSL 11:cee25a834751 5602 DecodedCert cert[1];
wolfSSL 11:cee25a834751 5603 #endif
wolfSSL 11:cee25a834751 5604
wolfSSL 11:cee25a834751 5605 WOLFSSL_ENTER("wolfSSL_CertManagerCheckCRL");
wolfSSL 11:cee25a834751 5606
wolfSSL 11:cee25a834751 5607 if (cm == NULL)
wolfSSL 11:cee25a834751 5608 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 5609
wolfSSL 11:cee25a834751 5610 if (cm->crlEnabled == 0)
wolfSSL 11:cee25a834751 5611 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 5612
wolfSSL 11:cee25a834751 5613 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 5614 cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL,
wolfSSL 11:cee25a834751 5615 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 5616 if (cert == NULL)
wolfSSL 11:cee25a834751 5617 return MEMORY_E;
wolfSSL 11:cee25a834751 5618 #endif
wolfSSL 11:cee25a834751 5619
wolfSSL 11:cee25a834751 5620 InitDecodedCert(cert, der, sz, NULL);
wolfSSL 11:cee25a834751 5621
wolfSSL 11:cee25a834751 5622 if ((ret = ParseCertRelative(cert, CERT_TYPE, VERIFY_CRL, cm)) != 0) {
wolfSSL 11:cee25a834751 5623 WOLFSSL_MSG("ParseCert failed");
wolfSSL 11:cee25a834751 5624 }
wolfSSL 11:cee25a834751 5625 else if ((ret = CheckCertCRL(cm->crl, cert)) != 0) {
wolfSSL 11:cee25a834751 5626 WOLFSSL_MSG("CheckCertCRL failed");
wolfSSL 11:cee25a834751 5627 }
wolfSSL 11:cee25a834751 5628
wolfSSL 11:cee25a834751 5629 FreeDecodedCert(cert);
wolfSSL 11:cee25a834751 5630 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 5631 XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 5632 #endif
wolfSSL 11:cee25a834751 5633
wolfSSL 11:cee25a834751 5634 return ret == 0 ? SSL_SUCCESS : ret;
wolfSSL 11:cee25a834751 5635 }
wolfSSL 11:cee25a834751 5636
wolfSSL 11:cee25a834751 5637
wolfSSL 11:cee25a834751 5638 int wolfSSL_CertManagerSetCRL_Cb(WOLFSSL_CERT_MANAGER* cm, CbMissingCRL cb)
wolfSSL 11:cee25a834751 5639 {
wolfSSL 11:cee25a834751 5640 WOLFSSL_ENTER("wolfSSL_CertManagerSetCRL_Cb");
wolfSSL 11:cee25a834751 5641 if (cm == NULL)
wolfSSL 11:cee25a834751 5642 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 5643
wolfSSL 11:cee25a834751 5644 cm->cbMissingCRL = cb;
wolfSSL 11:cee25a834751 5645
wolfSSL 11:cee25a834751 5646 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 5647 }
wolfSSL 11:cee25a834751 5648
wolfSSL 11:cee25a834751 5649 #ifdef HAVE_CRL_IO
wolfSSL 11:cee25a834751 5650 int wolfSSL_CertManagerSetCRL_IOCb(WOLFSSL_CERT_MANAGER* cm, CbCrlIO cb)
wolfSSL 11:cee25a834751 5651 {
wolfSSL 11:cee25a834751 5652 if (cm == NULL)
wolfSSL 11:cee25a834751 5653 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 5654
wolfSSL 11:cee25a834751 5655 cm->crl->crlIOCb = cb;
wolfSSL 11:cee25a834751 5656
wolfSSL 11:cee25a834751 5657 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 5658 }
wolfSSL 11:cee25a834751 5659 #endif
wolfSSL 11:cee25a834751 5660
wolfSSL 11:cee25a834751 5661 int wolfSSL_CertManagerLoadCRL(WOLFSSL_CERT_MANAGER* cm, const char* path,
wolfSSL 11:cee25a834751 5662 int type, int monitor)
wolfSSL 11:cee25a834751 5663 {
wolfSSL 11:cee25a834751 5664 WOLFSSL_ENTER("wolfSSL_CertManagerLoadCRL");
wolfSSL 11:cee25a834751 5665 if (cm == NULL)
wolfSSL 11:cee25a834751 5666 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 5667
wolfSSL 11:cee25a834751 5668 if (cm->crl == NULL) {
wolfSSL 11:cee25a834751 5669 if (wolfSSL_CertManagerEnableCRL(cm, 0) != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 5670 WOLFSSL_MSG("Enable CRL failed");
wolfSSL 11:cee25a834751 5671 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 5672 }
wolfSSL 11:cee25a834751 5673 }
wolfSSL 11:cee25a834751 5674
wolfSSL 11:cee25a834751 5675 return LoadCRL(cm->crl, path, type, monitor);
wolfSSL 11:cee25a834751 5676 }
wolfSSL 11:cee25a834751 5677
wolfSSL 11:cee25a834751 5678
wolfSSL 11:cee25a834751 5679 int wolfSSL_EnableCRL(WOLFSSL* ssl, int options)
wolfSSL 11:cee25a834751 5680 {
wolfSSL 11:cee25a834751 5681 WOLFSSL_ENTER("wolfSSL_EnableCRL");
wolfSSL 11:cee25a834751 5682 if (ssl)
wolfSSL 11:cee25a834751 5683 return wolfSSL_CertManagerEnableCRL(ssl->ctx->cm, options);
wolfSSL 11:cee25a834751 5684 else
wolfSSL 11:cee25a834751 5685 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 5686 }
wolfSSL 11:cee25a834751 5687
wolfSSL 11:cee25a834751 5688
wolfSSL 11:cee25a834751 5689 int wolfSSL_DisableCRL(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 5690 {
wolfSSL 11:cee25a834751 5691 WOLFSSL_ENTER("wolfSSL_DisableCRL");
wolfSSL 11:cee25a834751 5692 if (ssl)
wolfSSL 11:cee25a834751 5693 return wolfSSL_CertManagerDisableCRL(ssl->ctx->cm);
wolfSSL 11:cee25a834751 5694 else
wolfSSL 11:cee25a834751 5695 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 5696 }
wolfSSL 11:cee25a834751 5697
wolfSSL 11:cee25a834751 5698
wolfSSL 11:cee25a834751 5699 int wolfSSL_LoadCRL(WOLFSSL* ssl, const char* path, int type, int monitor)
wolfSSL 11:cee25a834751 5700 {
wolfSSL 11:cee25a834751 5701 WOLFSSL_ENTER("wolfSSL_LoadCRL");
wolfSSL 11:cee25a834751 5702 if (ssl)
wolfSSL 11:cee25a834751 5703 return wolfSSL_CertManagerLoadCRL(ssl->ctx->cm, path, type, monitor);
wolfSSL 11:cee25a834751 5704 else
wolfSSL 11:cee25a834751 5705 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 5706 }
wolfSSL 11:cee25a834751 5707
wolfSSL 11:cee25a834751 5708
wolfSSL 11:cee25a834751 5709 int wolfSSL_SetCRL_Cb(WOLFSSL* ssl, CbMissingCRL cb)
wolfSSL 11:cee25a834751 5710 {
wolfSSL 11:cee25a834751 5711 WOLFSSL_ENTER("wolfSSL_SetCRL_Cb");
wolfSSL 11:cee25a834751 5712 if (ssl)
wolfSSL 11:cee25a834751 5713 return wolfSSL_CertManagerSetCRL_Cb(ssl->ctx->cm, cb);
wolfSSL 11:cee25a834751 5714 else
wolfSSL 11:cee25a834751 5715 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 5716 }
wolfSSL 11:cee25a834751 5717
wolfSSL 11:cee25a834751 5718 #ifdef HAVE_CRL_IO
wolfSSL 11:cee25a834751 5719 int wolfSSL_SetCRL_IOCb(WOLFSSL* ssl, CbCrlIO cb)
wolfSSL 11:cee25a834751 5720 {
wolfSSL 11:cee25a834751 5721 WOLFSSL_ENTER("wolfSSL_SetCRL_Cb");
wolfSSL 11:cee25a834751 5722 if (ssl)
wolfSSL 11:cee25a834751 5723 return wolfSSL_CertManagerSetCRL_IOCb(ssl->ctx->cm, cb);
wolfSSL 11:cee25a834751 5724 else
wolfSSL 11:cee25a834751 5725 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 5726 }
wolfSSL 11:cee25a834751 5727 #endif
wolfSSL 11:cee25a834751 5728
wolfSSL 11:cee25a834751 5729 int wolfSSL_CTX_EnableCRL(WOLFSSL_CTX* ctx, int options)
wolfSSL 11:cee25a834751 5730 {
wolfSSL 11:cee25a834751 5731 WOLFSSL_ENTER("wolfSSL_CTX_EnableCRL");
wolfSSL 11:cee25a834751 5732 if (ctx)
wolfSSL 11:cee25a834751 5733 return wolfSSL_CertManagerEnableCRL(ctx->cm, options);
wolfSSL 11:cee25a834751 5734 else
wolfSSL 11:cee25a834751 5735 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 5736 }
wolfSSL 11:cee25a834751 5737
wolfSSL 11:cee25a834751 5738
wolfSSL 11:cee25a834751 5739 int wolfSSL_CTX_DisableCRL(WOLFSSL_CTX* ctx)
wolfSSL 11:cee25a834751 5740 {
wolfSSL 11:cee25a834751 5741 WOLFSSL_ENTER("wolfSSL_CTX_DisableCRL");
wolfSSL 11:cee25a834751 5742 if (ctx)
wolfSSL 11:cee25a834751 5743 return wolfSSL_CertManagerDisableCRL(ctx->cm);
wolfSSL 11:cee25a834751 5744 else
wolfSSL 11:cee25a834751 5745 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 5746 }
wolfSSL 11:cee25a834751 5747
wolfSSL 11:cee25a834751 5748
wolfSSL 11:cee25a834751 5749 int wolfSSL_CTX_LoadCRL(WOLFSSL_CTX* ctx, const char* path,
wolfSSL 11:cee25a834751 5750 int type, int monitor)
wolfSSL 11:cee25a834751 5751 {
wolfSSL 11:cee25a834751 5752 WOLFSSL_ENTER("wolfSSL_CTX_LoadCRL");
wolfSSL 11:cee25a834751 5753 if (ctx)
wolfSSL 11:cee25a834751 5754 return wolfSSL_CertManagerLoadCRL(ctx->cm, path, type, monitor);
wolfSSL 11:cee25a834751 5755 else
wolfSSL 11:cee25a834751 5756 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 5757 }
wolfSSL 11:cee25a834751 5758
wolfSSL 11:cee25a834751 5759
wolfSSL 11:cee25a834751 5760 int wolfSSL_CTX_SetCRL_Cb(WOLFSSL_CTX* ctx, CbMissingCRL cb)
wolfSSL 11:cee25a834751 5761 {
wolfSSL 11:cee25a834751 5762 WOLFSSL_ENTER("wolfSSL_CTX_SetCRL_Cb");
wolfSSL 11:cee25a834751 5763 if (ctx)
wolfSSL 11:cee25a834751 5764 return wolfSSL_CertManagerSetCRL_Cb(ctx->cm, cb);
wolfSSL 11:cee25a834751 5765 else
wolfSSL 11:cee25a834751 5766 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 5767 }
wolfSSL 11:cee25a834751 5768
wolfSSL 11:cee25a834751 5769 #ifdef HAVE_CRL_IO
wolfSSL 11:cee25a834751 5770 int wolfSSL_CTX_SetCRL_IOCb(WOLFSSL_CTX* ctx, CbCrlIO cb)
wolfSSL 11:cee25a834751 5771 {
wolfSSL 11:cee25a834751 5772 WOLFSSL_ENTER("wolfSSL_CTX_SetCRL_IOCb");
wolfSSL 11:cee25a834751 5773 if (ctx)
wolfSSL 11:cee25a834751 5774 return wolfSSL_CertManagerSetCRL_IOCb(ctx->cm, cb);
wolfSSL 11:cee25a834751 5775 else
wolfSSL 11:cee25a834751 5776 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 5777 }
wolfSSL 11:cee25a834751 5778 #endif
wolfSSL 11:cee25a834751 5779
wolfSSL 11:cee25a834751 5780
wolfSSL 11:cee25a834751 5781 #endif /* HAVE_CRL */
wolfSSL 11:cee25a834751 5782
wolfSSL 11:cee25a834751 5783
wolfSSL 11:cee25a834751 5784 #ifdef WOLFSSL_DER_LOAD
wolfSSL 11:cee25a834751 5785
wolfSSL 11:cee25a834751 5786 /* Add format parameter to allow DER load of CA files */
wolfSSL 11:cee25a834751 5787 int wolfSSL_CTX_der_load_verify_locations(WOLFSSL_CTX* ctx, const char* file,
wolfSSL 11:cee25a834751 5788 int format)
wolfSSL 11:cee25a834751 5789 {
wolfSSL 11:cee25a834751 5790 WOLFSSL_ENTER("wolfSSL_CTX_der_load_verify_locations");
wolfSSL 11:cee25a834751 5791 if (ctx == NULL || file == NULL)
wolfSSL 11:cee25a834751 5792 return SSL_FAILURE;
wolfSSL 11:cee25a834751 5793
wolfSSL 11:cee25a834751 5794 if (ProcessFile(ctx, file, format, CA_TYPE, NULL, 0, NULL) == SSL_SUCCESS)
wolfSSL 11:cee25a834751 5795 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 5796
wolfSSL 11:cee25a834751 5797 return SSL_FAILURE;
wolfSSL 11:cee25a834751 5798 }
wolfSSL 11:cee25a834751 5799
wolfSSL 11:cee25a834751 5800 #endif /* WOLFSSL_DER_LOAD */
wolfSSL 11:cee25a834751 5801
wolfSSL 11:cee25a834751 5802
wolfSSL 11:cee25a834751 5803 #ifdef WOLFSSL_CERT_GEN
wolfSSL 11:cee25a834751 5804
wolfSSL 11:cee25a834751 5805 /* load pem cert from file into der buffer, return der size or error */
wolfSSL 11:cee25a834751 5806 int wolfSSL_PemCertToDer(const char* fileName, unsigned char* derBuf, int derSz)
wolfSSL 11:cee25a834751 5807 {
wolfSSL 11:cee25a834751 5808 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 5809 EncryptedInfo* info = NULL;
wolfSSL 11:cee25a834751 5810 byte staticBuffer[1]; /* force XMALLOC */
wolfSSL 11:cee25a834751 5811 #else
wolfSSL 11:cee25a834751 5812 EncryptedInfo info[1];
wolfSSL 11:cee25a834751 5813 byte staticBuffer[FILE_BUFFER_SIZE];
wolfSSL 11:cee25a834751 5814 #endif
wolfSSL 11:cee25a834751 5815 byte* fileBuf = staticBuffer;
wolfSSL 11:cee25a834751 5816 int dynamic = 0;
wolfSSL 11:cee25a834751 5817 int ret = 0;
wolfSSL 11:cee25a834751 5818 int ecc = 0;
wolfSSL 11:cee25a834751 5819 long sz = 0;
wolfSSL 11:cee25a834751 5820 XFILE file = XFOPEN(fileName, "rb");
wolfSSL 11:cee25a834751 5821 DerBuffer* converted = NULL;
wolfSSL 11:cee25a834751 5822
wolfSSL 11:cee25a834751 5823 WOLFSSL_ENTER("wolfSSL_PemCertToDer");
wolfSSL 11:cee25a834751 5824
wolfSSL 11:cee25a834751 5825 if (file == XBADFILE) {
wolfSSL 11:cee25a834751 5826 ret = SSL_BAD_FILE;
wolfSSL 11:cee25a834751 5827 }
wolfSSL 11:cee25a834751 5828 else {
wolfSSL 11:cee25a834751 5829 XFSEEK(file, 0, XSEEK_END);
wolfSSL 11:cee25a834751 5830 sz = XFTELL(file);
wolfSSL 11:cee25a834751 5831 XREWIND(file);
wolfSSL 11:cee25a834751 5832
wolfSSL 11:cee25a834751 5833 if (sz <= 0) {
wolfSSL 11:cee25a834751 5834 ret = SSL_BAD_FILE;
wolfSSL 11:cee25a834751 5835 }
wolfSSL 11:cee25a834751 5836 else if (sz > (long)sizeof(staticBuffer)) {
wolfSSL 11:cee25a834751 5837 #ifdef WOLFSSL_STATIC_MEMORY
wolfSSL 11:cee25a834751 5838 WOLFSSL_MSG("File was larger then static buffer");
wolfSSL 11:cee25a834751 5839 return MEMORY_E;
wolfSSL 11:cee25a834751 5840 #endif
wolfSSL 11:cee25a834751 5841 fileBuf = (byte*)XMALLOC(sz, 0, DYNAMIC_TYPE_FILE);
wolfSSL 11:cee25a834751 5842 if (fileBuf == NULL)
wolfSSL 11:cee25a834751 5843 ret = MEMORY_E;
wolfSSL 11:cee25a834751 5844 else
wolfSSL 11:cee25a834751 5845 dynamic = 1;
wolfSSL 11:cee25a834751 5846 }
wolfSSL 11:cee25a834751 5847
wolfSSL 11:cee25a834751 5848 if (ret == 0) {
wolfSSL 11:cee25a834751 5849 if ( (ret = (int)XFREAD(fileBuf, 1, sz, file)) != sz) {
wolfSSL 11:cee25a834751 5850 ret = SSL_BAD_FILE;
wolfSSL 11:cee25a834751 5851 }
wolfSSL 11:cee25a834751 5852 else {
wolfSSL 11:cee25a834751 5853 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 5854 info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), NULL,
wolfSSL 11:cee25a834751 5855 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 5856 if (info == NULL)
wolfSSL 11:cee25a834751 5857 ret = MEMORY_E;
wolfSSL 11:cee25a834751 5858 else
wolfSSL 11:cee25a834751 5859 #endif
wolfSSL 11:cee25a834751 5860 {
wolfSSL 11:cee25a834751 5861 ret = PemToDer(fileBuf, sz, CA_TYPE, &converted,
wolfSSL 11:cee25a834751 5862 0, info, &ecc);
wolfSSL 11:cee25a834751 5863 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 5864 XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 5865 #endif
wolfSSL 11:cee25a834751 5866 }
wolfSSL 11:cee25a834751 5867 }
wolfSSL 11:cee25a834751 5868
wolfSSL 11:cee25a834751 5869 if (ret == 0) {
wolfSSL 11:cee25a834751 5870 if (converted->length < (word32)derSz) {
wolfSSL 11:cee25a834751 5871 XMEMCPY(derBuf, converted->buffer, converted->length);
wolfSSL 11:cee25a834751 5872 ret = converted->length;
wolfSSL 11:cee25a834751 5873 }
wolfSSL 11:cee25a834751 5874 else
wolfSSL 11:cee25a834751 5875 ret = BUFFER_E;
wolfSSL 11:cee25a834751 5876 }
wolfSSL 11:cee25a834751 5877
wolfSSL 11:cee25a834751 5878 FreeDer(&converted);
wolfSSL 11:cee25a834751 5879 }
wolfSSL 11:cee25a834751 5880
wolfSSL 11:cee25a834751 5881 XFCLOSE(file);
wolfSSL 11:cee25a834751 5882 if (dynamic)
wolfSSL 11:cee25a834751 5883 XFREE(fileBuf, 0, DYNAMIC_TYPE_FILE);
wolfSSL 11:cee25a834751 5884 }
wolfSSL 11:cee25a834751 5885
wolfSSL 11:cee25a834751 5886 return ret;
wolfSSL 11:cee25a834751 5887 }
wolfSSL 11:cee25a834751 5888
wolfSSL 11:cee25a834751 5889 #endif /* WOLFSSL_CERT_GEN */
wolfSSL 11:cee25a834751 5890
wolfSSL 11:cee25a834751 5891 #ifdef WOLFSSL_CERT_EXT
wolfSSL 11:cee25a834751 5892 #ifndef NO_FILESYSTEM
wolfSSL 11:cee25a834751 5893 /* load pem public key from file into der buffer, return der size or error */
wolfSSL 11:cee25a834751 5894 int wolfSSL_PemPubKeyToDer(const char* fileName,
wolfSSL 11:cee25a834751 5895 unsigned char* derBuf, int derSz)
wolfSSL 11:cee25a834751 5896 {
wolfSSL 11:cee25a834751 5897 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 5898 byte staticBuffer[1]; /* force XMALLOC */
wolfSSL 11:cee25a834751 5899 #else
wolfSSL 11:cee25a834751 5900 byte staticBuffer[FILE_BUFFER_SIZE];
wolfSSL 11:cee25a834751 5901 #endif
wolfSSL 11:cee25a834751 5902 byte* fileBuf = staticBuffer;
wolfSSL 11:cee25a834751 5903 int dynamic = 0;
wolfSSL 11:cee25a834751 5904 int ret = 0;
wolfSSL 11:cee25a834751 5905 long sz = 0;
wolfSSL 11:cee25a834751 5906 XFILE file = XFOPEN(fileName, "rb");
wolfSSL 11:cee25a834751 5907 DerBuffer* converted = NULL;
wolfSSL 11:cee25a834751 5908
wolfSSL 11:cee25a834751 5909 WOLFSSL_ENTER("wolfSSL_PemPubKeyToDer");
wolfSSL 11:cee25a834751 5910
wolfSSL 11:cee25a834751 5911 if (file == XBADFILE) {
wolfSSL 11:cee25a834751 5912 ret = SSL_BAD_FILE;
wolfSSL 11:cee25a834751 5913 }
wolfSSL 11:cee25a834751 5914 else {
wolfSSL 11:cee25a834751 5915 XFSEEK(file, 0, XSEEK_END);
wolfSSL 11:cee25a834751 5916 sz = XFTELL(file);
wolfSSL 11:cee25a834751 5917 XREWIND(file);
wolfSSL 11:cee25a834751 5918
wolfSSL 11:cee25a834751 5919 if (sz <= 0) {
wolfSSL 11:cee25a834751 5920 ret = SSL_BAD_FILE;
wolfSSL 11:cee25a834751 5921 }
wolfSSL 11:cee25a834751 5922 else if (sz > (long)sizeof(staticBuffer)) {
wolfSSL 11:cee25a834751 5923 #ifdef WOLFSSL_STATIC_MEMORY
wolfSSL 11:cee25a834751 5924 WOLFSSL_MSG("File was larger then static buffer");
wolfSSL 11:cee25a834751 5925 return MEMORY_E;
wolfSSL 11:cee25a834751 5926 #endif
wolfSSL 11:cee25a834751 5927 fileBuf = (byte*)XMALLOC(sz, 0, DYNAMIC_TYPE_FILE);
wolfSSL 11:cee25a834751 5928 if (fileBuf == NULL)
wolfSSL 11:cee25a834751 5929 ret = MEMORY_E;
wolfSSL 11:cee25a834751 5930 else
wolfSSL 11:cee25a834751 5931 dynamic = 1;
wolfSSL 11:cee25a834751 5932 }
wolfSSL 11:cee25a834751 5933 if (ret == 0) {
wolfSSL 11:cee25a834751 5934 if ( (ret = (int)XFREAD(fileBuf, 1, sz, file)) != sz)
wolfSSL 11:cee25a834751 5935 ret = SSL_BAD_FILE;
wolfSSL 11:cee25a834751 5936 else
wolfSSL 11:cee25a834751 5937 ret = PemToDer(fileBuf, sz, PUBLICKEY_TYPE, &converted,
wolfSSL 11:cee25a834751 5938 0, NULL, NULL);
wolfSSL 11:cee25a834751 5939
wolfSSL 11:cee25a834751 5940 if (ret == 0) {
wolfSSL 11:cee25a834751 5941 if (converted->length < (word32)derSz) {
wolfSSL 11:cee25a834751 5942 XMEMCPY(derBuf, converted->buffer, converted->length);
wolfSSL 11:cee25a834751 5943 ret = converted->length;
wolfSSL 11:cee25a834751 5944 }
wolfSSL 11:cee25a834751 5945 else
wolfSSL 11:cee25a834751 5946 ret = BUFFER_E;
wolfSSL 11:cee25a834751 5947 }
wolfSSL 11:cee25a834751 5948
wolfSSL 11:cee25a834751 5949 FreeDer(&converted);
wolfSSL 11:cee25a834751 5950 }
wolfSSL 11:cee25a834751 5951
wolfSSL 11:cee25a834751 5952 XFCLOSE(file);
wolfSSL 11:cee25a834751 5953 if (dynamic)
wolfSSL 11:cee25a834751 5954 XFREE(fileBuf, 0, DYNAMIC_TYPE_FILE);
wolfSSL 11:cee25a834751 5955 }
wolfSSL 11:cee25a834751 5956
wolfSSL 11:cee25a834751 5957 return ret;
wolfSSL 11:cee25a834751 5958 }
wolfSSL 11:cee25a834751 5959 #endif /* NO_FILESYSTEM */
wolfSSL 11:cee25a834751 5960
wolfSSL 11:cee25a834751 5961 /* Return bytes written to buff or < 0 for error */
wolfSSL 11:cee25a834751 5962 int wolfSSL_PubKeyPemToDer(const unsigned char* pem, int pemSz,
wolfSSL 11:cee25a834751 5963 unsigned char* buff, int buffSz)
wolfSSL 11:cee25a834751 5964 {
wolfSSL 11:cee25a834751 5965 int ret;
wolfSSL 11:cee25a834751 5966 DerBuffer* der = NULL;
wolfSSL 11:cee25a834751 5967
wolfSSL 11:cee25a834751 5968 WOLFSSL_ENTER("wolfSSL_PubKeyPemToDer");
wolfSSL 11:cee25a834751 5969
wolfSSL 11:cee25a834751 5970 if (pem == NULL || buff == NULL || buffSz <= 0) {
wolfSSL 11:cee25a834751 5971 WOLFSSL_MSG("Bad pem der args");
wolfSSL 11:cee25a834751 5972 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 5973 }
wolfSSL 11:cee25a834751 5974
wolfSSL 11:cee25a834751 5975 ret = PemToDer(pem, pemSz, PUBLICKEY_TYPE, &der, NULL, NULL, NULL);
wolfSSL 11:cee25a834751 5976 if (ret < 0) {
wolfSSL 11:cee25a834751 5977 WOLFSSL_MSG("Bad Pem To Der");
wolfSSL 11:cee25a834751 5978 }
wolfSSL 11:cee25a834751 5979 else {
wolfSSL 11:cee25a834751 5980 if (der->length <= (word32)buffSz) {
wolfSSL 11:cee25a834751 5981 XMEMCPY(buff, der->buffer, der->length);
wolfSSL 11:cee25a834751 5982 ret = der->length;
wolfSSL 11:cee25a834751 5983 }
wolfSSL 11:cee25a834751 5984 else {
wolfSSL 11:cee25a834751 5985 WOLFSSL_MSG("Bad der length");
wolfSSL 11:cee25a834751 5986 ret = BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 5987 }
wolfSSL 11:cee25a834751 5988 }
wolfSSL 11:cee25a834751 5989
wolfSSL 11:cee25a834751 5990 FreeDer(&der);
wolfSSL 11:cee25a834751 5991 return ret;
wolfSSL 11:cee25a834751 5992 }
wolfSSL 11:cee25a834751 5993
wolfSSL 11:cee25a834751 5994 #endif /* WOLFSSL_CERT_EXT */
wolfSSL 11:cee25a834751 5995
wolfSSL 11:cee25a834751 5996 int wolfSSL_CTX_use_certificate_file(WOLFSSL_CTX* ctx, const char* file,
wolfSSL 11:cee25a834751 5997 int format)
wolfSSL 11:cee25a834751 5998 {
wolfSSL 11:cee25a834751 5999 WOLFSSL_ENTER("wolfSSL_CTX_use_certificate_file");
wolfSSL 11:cee25a834751 6000 if (ProcessFile(ctx, file, format, CERT_TYPE, NULL, 0, NULL) == SSL_SUCCESS)
wolfSSL 11:cee25a834751 6001 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 6002
wolfSSL 11:cee25a834751 6003 return SSL_FAILURE;
wolfSSL 11:cee25a834751 6004 }
wolfSSL 11:cee25a834751 6005
wolfSSL 11:cee25a834751 6006
wolfSSL 11:cee25a834751 6007 int wolfSSL_CTX_use_PrivateKey_file(WOLFSSL_CTX* ctx, const char* file,
wolfSSL 11:cee25a834751 6008 int format)
wolfSSL 11:cee25a834751 6009 {
wolfSSL 11:cee25a834751 6010 WOLFSSL_ENTER("wolfSSL_CTX_use_PrivateKey_file");
wolfSSL 11:cee25a834751 6011 if (ProcessFile(ctx, file, format, PRIVATEKEY_TYPE, NULL, 0, NULL)
wolfSSL 11:cee25a834751 6012 == SSL_SUCCESS)
wolfSSL 11:cee25a834751 6013 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 6014
wolfSSL 11:cee25a834751 6015 return SSL_FAILURE;
wolfSSL 11:cee25a834751 6016 }
wolfSSL 11:cee25a834751 6017
wolfSSL 11:cee25a834751 6018
wolfSSL 11:cee25a834751 6019 /* get cert chaining depth using ssl struct */
wolfSSL 11:cee25a834751 6020 long wolfSSL_get_verify_depth(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 6021 {
wolfSSL 11:cee25a834751 6022 if(ssl == NULL) {
wolfSSL 11:cee25a834751 6023 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 6024 }
wolfSSL 11:cee25a834751 6025 return MAX_CHAIN_DEPTH;
wolfSSL 11:cee25a834751 6026 }
wolfSSL 11:cee25a834751 6027
wolfSSL 11:cee25a834751 6028
wolfSSL 11:cee25a834751 6029 /* get cert chaining depth using ctx struct */
wolfSSL 11:cee25a834751 6030 long wolfSSL_CTX_get_verify_depth(WOLFSSL_CTX* ctx)
wolfSSL 11:cee25a834751 6031 {
wolfSSL 11:cee25a834751 6032 if(ctx == NULL) {
wolfSSL 11:cee25a834751 6033 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 6034 }
wolfSSL 11:cee25a834751 6035 return MAX_CHAIN_DEPTH;
wolfSSL 11:cee25a834751 6036 }
wolfSSL 11:cee25a834751 6037
wolfSSL 11:cee25a834751 6038
wolfSSL 11:cee25a834751 6039 int wolfSSL_CTX_use_certificate_chain_file(WOLFSSL_CTX* ctx, const char* file)
wolfSSL 11:cee25a834751 6040 {
wolfSSL 11:cee25a834751 6041 /* process up to MAX_CHAIN_DEPTH plus subject cert */
wolfSSL 11:cee25a834751 6042 WOLFSSL_ENTER("wolfSSL_CTX_use_certificate_chain_file");
wolfSSL 11:cee25a834751 6043 if (ProcessFile(ctx, file, SSL_FILETYPE_PEM,CERT_TYPE,NULL,1, NULL)
wolfSSL 11:cee25a834751 6044 == SSL_SUCCESS)
wolfSSL 11:cee25a834751 6045 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 6046
wolfSSL 11:cee25a834751 6047 return SSL_FAILURE;
wolfSSL 11:cee25a834751 6048 }
wolfSSL 11:cee25a834751 6049
wolfSSL 11:cee25a834751 6050
wolfSSL 11:cee25a834751 6051 #ifndef NO_DH
wolfSSL 11:cee25a834751 6052
wolfSSL 11:cee25a834751 6053 /* server Diffie-Hellman parameters */
wolfSSL 11:cee25a834751 6054 static int wolfSSL_SetTmpDH_file_wrapper(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
wolfSSL 11:cee25a834751 6055 const char* fname, int format)
wolfSSL 11:cee25a834751 6056 {
wolfSSL 11:cee25a834751 6057 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 6058 byte staticBuffer[1]; /* force heap usage */
wolfSSL 11:cee25a834751 6059 #else
wolfSSL 11:cee25a834751 6060 byte staticBuffer[FILE_BUFFER_SIZE];
wolfSSL 11:cee25a834751 6061 #endif
wolfSSL 11:cee25a834751 6062 byte* myBuffer = staticBuffer;
wolfSSL 11:cee25a834751 6063 int dynamic = 0;
wolfSSL 11:cee25a834751 6064 int ret;
wolfSSL 11:cee25a834751 6065 long sz = 0;
wolfSSL 11:cee25a834751 6066 XFILE file;
wolfSSL 11:cee25a834751 6067
wolfSSL 11:cee25a834751 6068 if (ctx == NULL || fname == NULL)
wolfSSL 11:cee25a834751 6069 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 6070
wolfSSL 11:cee25a834751 6071 file = XFOPEN(fname, "rb");
wolfSSL 11:cee25a834751 6072 if (file == XBADFILE) return SSL_BAD_FILE;
wolfSSL 11:cee25a834751 6073 XFSEEK(file, 0, XSEEK_END);
wolfSSL 11:cee25a834751 6074 sz = XFTELL(file);
wolfSSL 11:cee25a834751 6075 XREWIND(file);
wolfSSL 11:cee25a834751 6076
wolfSSL 11:cee25a834751 6077 if (sz > (long)sizeof(staticBuffer)) {
wolfSSL 11:cee25a834751 6078 WOLFSSL_MSG("Getting dynamic buffer");
wolfSSL 11:cee25a834751 6079 myBuffer = (byte*) XMALLOC(sz, ctx->heap, DYNAMIC_TYPE_FILE);
wolfSSL 11:cee25a834751 6080 if (myBuffer == NULL) {
wolfSSL 11:cee25a834751 6081 XFCLOSE(file);
wolfSSL 11:cee25a834751 6082 return SSL_BAD_FILE;
wolfSSL 11:cee25a834751 6083 }
wolfSSL 11:cee25a834751 6084 dynamic = 1;
wolfSSL 11:cee25a834751 6085 }
wolfSSL 11:cee25a834751 6086 else if (sz <= 0) {
wolfSSL 11:cee25a834751 6087 XFCLOSE(file);
wolfSSL 11:cee25a834751 6088 return SSL_BAD_FILE;
wolfSSL 11:cee25a834751 6089 }
wolfSSL 11:cee25a834751 6090
wolfSSL 11:cee25a834751 6091 if ( (ret = (int)XFREAD(myBuffer, 1, sz, file)) != sz)
wolfSSL 11:cee25a834751 6092 ret = SSL_BAD_FILE;
wolfSSL 11:cee25a834751 6093 else {
wolfSSL 11:cee25a834751 6094 if (ssl)
wolfSSL 11:cee25a834751 6095 ret = wolfSSL_SetTmpDH_buffer(ssl, myBuffer, sz, format);
wolfSSL 11:cee25a834751 6096 else
wolfSSL 11:cee25a834751 6097 ret = wolfSSL_CTX_SetTmpDH_buffer(ctx, myBuffer, sz, format);
wolfSSL 11:cee25a834751 6098 }
wolfSSL 11:cee25a834751 6099
wolfSSL 11:cee25a834751 6100 XFCLOSE(file);
wolfSSL 11:cee25a834751 6101 if (dynamic)
wolfSSL 11:cee25a834751 6102 XFREE(myBuffer, ctx->heap, DYNAMIC_TYPE_FILE);
wolfSSL 11:cee25a834751 6103
wolfSSL 11:cee25a834751 6104 return ret;
wolfSSL 11:cee25a834751 6105 }
wolfSSL 11:cee25a834751 6106
wolfSSL 11:cee25a834751 6107 /* server Diffie-Hellman parameters */
wolfSSL 11:cee25a834751 6108 int wolfSSL_SetTmpDH_file(WOLFSSL* ssl, const char* fname, int format)
wolfSSL 11:cee25a834751 6109 {
wolfSSL 11:cee25a834751 6110 if (ssl == NULL)
wolfSSL 11:cee25a834751 6111 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 6112
wolfSSL 11:cee25a834751 6113 return wolfSSL_SetTmpDH_file_wrapper(ssl->ctx, ssl, fname, format);
wolfSSL 11:cee25a834751 6114 }
wolfSSL 11:cee25a834751 6115
wolfSSL 11:cee25a834751 6116
wolfSSL 11:cee25a834751 6117 /* server Diffie-Hellman parameters */
wolfSSL 11:cee25a834751 6118 int wolfSSL_CTX_SetTmpDH_file(WOLFSSL_CTX* ctx, const char* fname, int format)
wolfSSL 11:cee25a834751 6119 {
wolfSSL 11:cee25a834751 6120 return wolfSSL_SetTmpDH_file_wrapper(ctx, NULL, fname, format);
wolfSSL 11:cee25a834751 6121 }
wolfSSL 11:cee25a834751 6122
wolfSSL 11:cee25a834751 6123 #endif /* NO_DH */
wolfSSL 11:cee25a834751 6124
wolfSSL 11:cee25a834751 6125
wolfSSL 11:cee25a834751 6126 #ifdef OPENSSL_EXTRA
wolfSSL 11:cee25a834751 6127 /* put SSL type in extra for now, not very common */
wolfSSL 11:cee25a834751 6128
wolfSSL 11:cee25a834751 6129 WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey(int type, WOLFSSL_EVP_PKEY** out,
wolfSSL 11:cee25a834751 6130 const unsigned char **in, long inSz)
wolfSSL 11:cee25a834751 6131 {
wolfSSL 11:cee25a834751 6132 WOLFSSL_EVP_PKEY* local;
wolfSSL 11:cee25a834751 6133
wolfSSL 11:cee25a834751 6134 WOLFSSL_ENTER("wolfSSL_d2i_PrivateKey");
wolfSSL 11:cee25a834751 6135
wolfSSL 11:cee25a834751 6136 if (in == NULL || inSz < 0) {
wolfSSL 11:cee25a834751 6137 WOLFSSL_MSG("Bad argument");
wolfSSL 11:cee25a834751 6138 return NULL;
wolfSSL 11:cee25a834751 6139 }
wolfSSL 11:cee25a834751 6140
wolfSSL 11:cee25a834751 6141 local = wolfSSL_PKEY_new();
wolfSSL 11:cee25a834751 6142 if (local == NULL) {
wolfSSL 11:cee25a834751 6143 return NULL;
wolfSSL 11:cee25a834751 6144 }
wolfSSL 11:cee25a834751 6145
wolfSSL 11:cee25a834751 6146 local->type = type;
wolfSSL 11:cee25a834751 6147 local->pkey_sz = (int)inSz;
wolfSSL 11:cee25a834751 6148 local->pkey.ptr = (char*)XMALLOC(inSz, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 11:cee25a834751 6149 if (local->pkey.ptr == NULL) {
wolfSSL 11:cee25a834751 6150 wolfSSL_EVP_PKEY_free(local);
wolfSSL 11:cee25a834751 6151 local = NULL;
wolfSSL 11:cee25a834751 6152 }
wolfSSL 11:cee25a834751 6153 else {
wolfSSL 11:cee25a834751 6154 XMEMCPY(local->pkey.ptr, *in, inSz);
wolfSSL 11:cee25a834751 6155 }
wolfSSL 11:cee25a834751 6156
wolfSSL 11:cee25a834751 6157 if (out != NULL) {
wolfSSL 11:cee25a834751 6158 *out = local;
wolfSSL 11:cee25a834751 6159 }
wolfSSL 11:cee25a834751 6160
wolfSSL 11:cee25a834751 6161 return local;
wolfSSL 11:cee25a834751 6162 }
wolfSSL 11:cee25a834751 6163
wolfSSL 11:cee25a834751 6164
wolfSSL 11:cee25a834751 6165 long wolfSSL_ctrl(WOLFSSL* ssl, int cmd, long opt, void* pt)
wolfSSL 11:cee25a834751 6166 {
wolfSSL 11:cee25a834751 6167 WOLFSSL_STUB("wolfSSL_ctrl");
wolfSSL 11:cee25a834751 6168 (void)ssl;
wolfSSL 11:cee25a834751 6169 (void)cmd;
wolfSSL 11:cee25a834751 6170 (void)opt;
wolfSSL 11:cee25a834751 6171 (void)pt;
wolfSSL 11:cee25a834751 6172 return SSL_FAILURE;
wolfSSL 11:cee25a834751 6173 }
wolfSSL 11:cee25a834751 6174
wolfSSL 11:cee25a834751 6175
wolfSSL 11:cee25a834751 6176 long wolfSSL_CTX_ctrl(WOLFSSL_CTX* ctx, int cmd, long opt, void* pt)
wolfSSL 11:cee25a834751 6177 {
wolfSSL 11:cee25a834751 6178 WOLFSSL_STUB("wolfSSL_CTX_ctrl");
wolfSSL 11:cee25a834751 6179 (void)ctx;
wolfSSL 11:cee25a834751 6180 (void)cmd;
wolfSSL 11:cee25a834751 6181 (void)opt;
wolfSSL 11:cee25a834751 6182 (void)pt;
wolfSSL 11:cee25a834751 6183 return SSL_FAILURE;
wolfSSL 11:cee25a834751 6184 }
wolfSSL 11:cee25a834751 6185
wolfSSL 11:cee25a834751 6186 #ifndef NO_CERTS
wolfSSL 11:cee25a834751 6187 int wolfSSL_check_private_key(const WOLFSSL* ssl)
wolfSSL 11:cee25a834751 6188 {
wolfSSL 11:cee25a834751 6189 DecodedCert der;
wolfSSL 11:cee25a834751 6190 word32 size;
wolfSSL 11:cee25a834751 6191 byte* buff;
wolfSSL 11:cee25a834751 6192 int ret;
wolfSSL 11:cee25a834751 6193
wolfSSL 11:cee25a834751 6194 if (ssl == NULL) {
wolfSSL 11:cee25a834751 6195 return SSL_FAILURE;
wolfSSL 11:cee25a834751 6196 }
wolfSSL 11:cee25a834751 6197
wolfSSL 11:cee25a834751 6198 size = ssl->buffers.certificate->length;
wolfSSL 11:cee25a834751 6199 buff = ssl->buffers.certificate->buffer;
wolfSSL 11:cee25a834751 6200 InitDecodedCert(&der, buff, size, ssl->heap);
wolfSSL 11:cee25a834751 6201 if (ParseCertRelative(&der, CERT_TYPE, NO_VERIFY, NULL) != 0) {
wolfSSL 11:cee25a834751 6202 FreeDecodedCert(&der);
wolfSSL 11:cee25a834751 6203 return SSL_FAILURE;
wolfSSL 11:cee25a834751 6204 }
wolfSSL 11:cee25a834751 6205
wolfSSL 11:cee25a834751 6206 size = ssl->buffers.key->length;
wolfSSL 11:cee25a834751 6207 buff = ssl->buffers.key->buffer;
wolfSSL 11:cee25a834751 6208 ret = wc_CheckPrivateKey(buff, size, &der);
wolfSSL 11:cee25a834751 6209 FreeDecodedCert(&der);
wolfSSL 11:cee25a834751 6210 return ret;
wolfSSL 11:cee25a834751 6211 }
wolfSSL 11:cee25a834751 6212
wolfSSL 11:cee25a834751 6213
wolfSSL 11:cee25a834751 6214 /* Looks for the extension matching the passed in nid
wolfSSL 11:cee25a834751 6215 *
wolfSSL 11:cee25a834751 6216 * c : if not null then is set to status value -2 if multiple occurances
wolfSSL 11:cee25a834751 6217 * of the extension are found, -1 if not found, 0 if found and not
wolfSSL 11:cee25a834751 6218 * critical, and 1 if found and critical.
wolfSSL 11:cee25a834751 6219 * nid : Extension OID to be found.
wolfSSL 11:cee25a834751 6220 * idx : if NULL return first extension found match, otherwise start search at
wolfSSL 11:cee25a834751 6221 * idx location and set idx to the location of extension returned.
wolfSSL 11:cee25a834751 6222 * returns NULL or a pointer to an WOLFSSL_STACK holding extension structure
wolfSSL 11:cee25a834751 6223 *
wolfSSL 11:cee25a834751 6224 * NOTE code for decoding extensions is in asn.c DecodeCertExtensions --
wolfSSL 11:cee25a834751 6225 * use already decoded extension in this function to avoid decoding twice.
wolfSSL 11:cee25a834751 6226 * Currently we do not make use of idx since getting pre decoded extensions.
wolfSSL 11:cee25a834751 6227 */
wolfSSL 11:cee25a834751 6228 void* wolfSSL_X509_get_ext_d2i(const WOLFSSL_X509* x509,
wolfSSL 11:cee25a834751 6229 int nid, int* c, int* idx)
wolfSSL 11:cee25a834751 6230 {
wolfSSL 11:cee25a834751 6231 WOLFSSL_STACK* sk = NULL;
wolfSSL 11:cee25a834751 6232 WOLFSSL_ASN1_OBJECT* obj = NULL;
wolfSSL 11:cee25a834751 6233
wolfSSL 11:cee25a834751 6234 WOLFSSL_ENTER("wolfSSL_X509_get_ext_d2i");
wolfSSL 11:cee25a834751 6235
wolfSSL 11:cee25a834751 6236 if (x509 == NULL) {
wolfSSL 11:cee25a834751 6237 return NULL;
wolfSSL 11:cee25a834751 6238 }
wolfSSL 11:cee25a834751 6239
wolfSSL 11:cee25a834751 6240 if (c != NULL) {
wolfSSL 11:cee25a834751 6241 *c = -1; /* default to not found */
wolfSSL 11:cee25a834751 6242 }
wolfSSL 11:cee25a834751 6243
wolfSSL 11:cee25a834751 6244 sk = (STACK_OF(WOLFSSL_ASN1_OBJECT)*)XMALLOC(
wolfSSL 11:cee25a834751 6245 sizeof(STACK_OF(WOLFSSL_ASN1_OBJECT)), NULL, DYNAMIC_TYPE_ASN1);
wolfSSL 11:cee25a834751 6246 if (sk == NULL) {
wolfSSL 11:cee25a834751 6247 return NULL;
wolfSSL 11:cee25a834751 6248 }
wolfSSL 11:cee25a834751 6249 XMEMSET(sk, 0, sizeof(STACK_OF(WOLFSSL_ASN1_OBJECT)));
wolfSSL 11:cee25a834751 6250
wolfSSL 11:cee25a834751 6251 switch (nid) {
wolfSSL 11:cee25a834751 6252 case BASIC_CA_OID:
wolfSSL 11:cee25a834751 6253 if (x509->basicConstSet) {
wolfSSL 11:cee25a834751 6254 obj = wolfSSL_ASN1_OBJECT_new();
wolfSSL 11:cee25a834751 6255 if (c != NULL) {
wolfSSL 11:cee25a834751 6256 *c = x509->basicConstCrit;
wolfSSL 11:cee25a834751 6257 }
wolfSSL 11:cee25a834751 6258 obj->type = BASIC_CA_OID;
wolfSSL 11:cee25a834751 6259 }
wolfSSL 11:cee25a834751 6260 else {
wolfSSL 11:cee25a834751 6261 WOLFSSL_MSG("No Basic Constraint set");
wolfSSL 11:cee25a834751 6262 }
wolfSSL 11:cee25a834751 6263 break;
wolfSSL 11:cee25a834751 6264
wolfSSL 11:cee25a834751 6265 case ALT_NAMES_OID:
wolfSSL 11:cee25a834751 6266 {
wolfSSL 11:cee25a834751 6267 DNS_entry* dns;
wolfSSL 11:cee25a834751 6268
wolfSSL 11:cee25a834751 6269 if (x509->subjAltNameSet && x509->altNames != NULL) {
wolfSSL 11:cee25a834751 6270 /* alt names are DNS_entry structs */
wolfSSL 11:cee25a834751 6271 if (c != NULL) {
wolfSSL 11:cee25a834751 6272 if (x509->altNames->next != NULL) {
wolfSSL 11:cee25a834751 6273 *c = -2; /* more then one found */
wolfSSL 11:cee25a834751 6274 }
wolfSSL 11:cee25a834751 6275 else {
wolfSSL 11:cee25a834751 6276 *c = x509->subjAltNameCrit;
wolfSSL 11:cee25a834751 6277 }
wolfSSL 11:cee25a834751 6278 }
wolfSSL 11:cee25a834751 6279
wolfSSL 11:cee25a834751 6280 dns = x509->altNames;
wolfSSL 11:cee25a834751 6281 while (dns != NULL) {
wolfSSL 11:cee25a834751 6282 obj = wolfSSL_ASN1_OBJECT_new();
wolfSSL 11:cee25a834751 6283 obj->type = ALT_NAMES_OID;
wolfSSL 11:cee25a834751 6284 obj->obj = (byte*)dns->name;
wolfSSL 11:cee25a834751 6285 dns = dns->next;
wolfSSL 11:cee25a834751 6286 /* last dns in list add at end of function */
wolfSSL 11:cee25a834751 6287 if (dns != NULL) {
wolfSSL 11:cee25a834751 6288 if (wolfSSL_sk_ASN1_OBJECT_push(sk, obj) !=
wolfSSL 11:cee25a834751 6289 SSL_SUCCESS) {
wolfSSL 11:cee25a834751 6290 WOLFSSL_MSG("Error pushing ASN1 object onto stack");
wolfSSL 11:cee25a834751 6291 wolfSSL_ASN1_OBJECT_free(obj);
wolfSSL 11:cee25a834751 6292 wolfSSL_sk_ASN1_OBJECT_free(sk);
wolfSSL 11:cee25a834751 6293 sk = NULL;
wolfSSL 11:cee25a834751 6294 }
wolfSSL 11:cee25a834751 6295 }
wolfSSL 11:cee25a834751 6296 }
wolfSSL 11:cee25a834751 6297 }
wolfSSL 11:cee25a834751 6298 else {
wolfSSL 11:cee25a834751 6299 WOLFSSL_MSG("No Alt Names set");
wolfSSL 11:cee25a834751 6300 }
wolfSSL 11:cee25a834751 6301 }
wolfSSL 11:cee25a834751 6302 break;
wolfSSL 11:cee25a834751 6303
wolfSSL 11:cee25a834751 6304 case CRL_DIST_OID:
wolfSSL 11:cee25a834751 6305 if (x509->CRLdistSet && x509->CRLInfo != NULL) {
wolfSSL 11:cee25a834751 6306 if (c != NULL) {
wolfSSL 11:cee25a834751 6307 *c = x509->CRLdistCrit;
wolfSSL 11:cee25a834751 6308 }
wolfSSL 11:cee25a834751 6309 obj = wolfSSL_ASN1_OBJECT_new();
wolfSSL 11:cee25a834751 6310 obj->type = CRL_DIST_OID;
wolfSSL 11:cee25a834751 6311 obj->obj = x509->CRLInfo;
wolfSSL 11:cee25a834751 6312 obj->objSz = x509->CRLInfoSz;
wolfSSL 11:cee25a834751 6313 }
wolfSSL 11:cee25a834751 6314 else {
wolfSSL 11:cee25a834751 6315 WOLFSSL_MSG("No CRL dist set");
wolfSSL 11:cee25a834751 6316 }
wolfSSL 11:cee25a834751 6317 break;
wolfSSL 11:cee25a834751 6318
wolfSSL 11:cee25a834751 6319 case AUTH_INFO_OID:
wolfSSL 11:cee25a834751 6320 if (x509->authInfoSet && x509->authInfo != NULL) {
wolfSSL 11:cee25a834751 6321 if (c != NULL) {
wolfSSL 11:cee25a834751 6322 *c = x509->authInfoCrit;
wolfSSL 11:cee25a834751 6323 }
wolfSSL 11:cee25a834751 6324 obj = wolfSSL_ASN1_OBJECT_new();
wolfSSL 11:cee25a834751 6325 obj->type = AUTH_INFO_OID;
wolfSSL 11:cee25a834751 6326 obj->obj = x509->authInfo;
wolfSSL 11:cee25a834751 6327 obj->objSz = x509->authInfoSz;
wolfSSL 11:cee25a834751 6328 }
wolfSSL 11:cee25a834751 6329 else {
wolfSSL 11:cee25a834751 6330 WOLFSSL_MSG("No Auth Info set");
wolfSSL 11:cee25a834751 6331 }
wolfSSL 11:cee25a834751 6332 break;
wolfSSL 11:cee25a834751 6333
wolfSSL 11:cee25a834751 6334 case AUTH_KEY_OID:
wolfSSL 11:cee25a834751 6335 if (x509->authKeyIdSet) {
wolfSSL 11:cee25a834751 6336 if (c != NULL) {
wolfSSL 11:cee25a834751 6337 *c = x509->authKeyIdCrit;
wolfSSL 11:cee25a834751 6338 }
wolfSSL 11:cee25a834751 6339 obj = wolfSSL_ASN1_OBJECT_new();
wolfSSL 11:cee25a834751 6340 obj->type = AUTH_KEY_OID;
wolfSSL 11:cee25a834751 6341 obj->obj = x509->authKeyId;
wolfSSL 11:cee25a834751 6342 obj->objSz = x509->authKeyIdSz;
wolfSSL 11:cee25a834751 6343 }
wolfSSL 11:cee25a834751 6344 else {
wolfSSL 11:cee25a834751 6345 WOLFSSL_MSG("No Auth Key set");
wolfSSL 11:cee25a834751 6346 }
wolfSSL 11:cee25a834751 6347 break;
wolfSSL 11:cee25a834751 6348
wolfSSL 11:cee25a834751 6349 case SUBJ_KEY_OID:
wolfSSL 11:cee25a834751 6350 if (x509->subjKeyIdSet) {
wolfSSL 11:cee25a834751 6351 if (c != NULL) {
wolfSSL 11:cee25a834751 6352 *c = x509->subjKeyIdCrit;
wolfSSL 11:cee25a834751 6353 }
wolfSSL 11:cee25a834751 6354 obj = wolfSSL_ASN1_OBJECT_new();
wolfSSL 11:cee25a834751 6355 obj->type = SUBJ_KEY_OID;
wolfSSL 11:cee25a834751 6356 obj->obj = x509->subjKeyId;
wolfSSL 11:cee25a834751 6357 obj->objSz = x509->subjKeyIdSz;
wolfSSL 11:cee25a834751 6358 }
wolfSSL 11:cee25a834751 6359 else {
wolfSSL 11:cee25a834751 6360 WOLFSSL_MSG("No Subject Key set");
wolfSSL 11:cee25a834751 6361 }
wolfSSL 11:cee25a834751 6362 break;
wolfSSL 11:cee25a834751 6363
wolfSSL 11:cee25a834751 6364 case CERT_POLICY_OID:
wolfSSL 11:cee25a834751 6365 #ifdef WOLFSSL_CERT_EXT
wolfSSL 11:cee25a834751 6366 {
wolfSSL 11:cee25a834751 6367 int i;
wolfSSL 11:cee25a834751 6368
wolfSSL 11:cee25a834751 6369 if (x509->certPoliciesNb > 0) {
wolfSSL 11:cee25a834751 6370 if (c != NULL) {
wolfSSL 11:cee25a834751 6371 if (x509->certPoliciesNb > 1) {
wolfSSL 11:cee25a834751 6372 *c = -2;
wolfSSL 11:cee25a834751 6373 }
wolfSSL 11:cee25a834751 6374 else {
wolfSSL 11:cee25a834751 6375 *c = 0;
wolfSSL 11:cee25a834751 6376 }
wolfSSL 11:cee25a834751 6377 }
wolfSSL 11:cee25a834751 6378
wolfSSL 11:cee25a834751 6379 for (i = 0; i < x509->certPoliciesNb - 1; i++) {
wolfSSL 11:cee25a834751 6380 obj = wolfSSL_ASN1_OBJECT_new();
wolfSSL 11:cee25a834751 6381 obj->type = CERT_POLICY_OID;
wolfSSL 11:cee25a834751 6382 obj->obj = (byte*)(x509->certPolicies[i]);
wolfSSL 11:cee25a834751 6383 obj->objSz = MAX_CERTPOL_SZ;
wolfSSL 11:cee25a834751 6384 if (wolfSSL_sk_ASN1_OBJECT_push(sk, obj)
wolfSSL 11:cee25a834751 6385 != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 6386 WOLFSSL_MSG("Error pushing ASN1 object onto stack");
wolfSSL 11:cee25a834751 6387 wolfSSL_ASN1_OBJECT_free(obj);
wolfSSL 11:cee25a834751 6388 wolfSSL_sk_ASN1_OBJECT_free(sk);
wolfSSL 11:cee25a834751 6389 sk = NULL;
wolfSSL 11:cee25a834751 6390 }
wolfSSL 11:cee25a834751 6391 }
wolfSSL 11:cee25a834751 6392 obj = wolfSSL_ASN1_OBJECT_new();
wolfSSL 11:cee25a834751 6393 obj->type = CERT_POLICY_OID;
wolfSSL 11:cee25a834751 6394 obj->obj = (byte*)(x509->certPolicies[i]);
wolfSSL 11:cee25a834751 6395 obj->objSz = MAX_CERTPOL_SZ;
wolfSSL 11:cee25a834751 6396 }
wolfSSL 11:cee25a834751 6397 else {
wolfSSL 11:cee25a834751 6398 WOLFSSL_MSG("No Cert Policy set");
wolfSSL 11:cee25a834751 6399 }
wolfSSL 11:cee25a834751 6400 }
wolfSSL 11:cee25a834751 6401 #else
wolfSSL 11:cee25a834751 6402 #ifdef WOLFSSL_SEP
wolfSSL 11:cee25a834751 6403 if (x509->certPolicySet) {
wolfSSL 11:cee25a834751 6404 if (c != NULL) {
wolfSSL 11:cee25a834751 6405 *c = x509->certPolicyCrit;
wolfSSL 11:cee25a834751 6406 }
wolfSSL 11:cee25a834751 6407 obj = wolfSSL_ASN1_OBJECT_new();
wolfSSL 11:cee25a834751 6408 obj->type = CERT_POLICY_OID;
wolfSSL 11:cee25a834751 6409 }
wolfSSL 11:cee25a834751 6410 else {
wolfSSL 11:cee25a834751 6411 WOLFSSL_MSG("No Cert Policy set");
wolfSSL 11:cee25a834751 6412 }
wolfSSL 11:cee25a834751 6413 #else
wolfSSL 11:cee25a834751 6414 WOLFSSL_MSG("wolfSSL not built with WOLFSSL_SEP or WOLFSSL_CERT_EXT");
wolfSSL 11:cee25a834751 6415 #endif /* WOLFSSL_SEP */
wolfSSL 11:cee25a834751 6416 #endif /* WOLFSSL_CERT_EXT */
wolfSSL 11:cee25a834751 6417 break;
wolfSSL 11:cee25a834751 6418
wolfSSL 11:cee25a834751 6419 case KEY_USAGE_OID:
wolfSSL 11:cee25a834751 6420 if (x509->keyUsageSet) {
wolfSSL 11:cee25a834751 6421 if (c != NULL) {
wolfSSL 11:cee25a834751 6422 *c = x509->keyUsageCrit;
wolfSSL 11:cee25a834751 6423 }
wolfSSL 11:cee25a834751 6424 obj = wolfSSL_ASN1_OBJECT_new();
wolfSSL 11:cee25a834751 6425 obj->type = KEY_USAGE_OID;
wolfSSL 11:cee25a834751 6426 obj->obj = (byte*)&(x509->keyUsage);
wolfSSL 11:cee25a834751 6427 obj->objSz = sizeof(word16);
wolfSSL 11:cee25a834751 6428 }
wolfSSL 11:cee25a834751 6429 else {
wolfSSL 11:cee25a834751 6430 WOLFSSL_MSG("No Key Usage set");
wolfSSL 11:cee25a834751 6431 }
wolfSSL 11:cee25a834751 6432 break;
wolfSSL 11:cee25a834751 6433
wolfSSL 11:cee25a834751 6434 case INHIBIT_ANY_OID:
wolfSSL 11:cee25a834751 6435 WOLFSSL_MSG("INHIBIT ANY extension not supported");
wolfSSL 11:cee25a834751 6436 break;
wolfSSL 11:cee25a834751 6437
wolfSSL 11:cee25a834751 6438 case EXT_KEY_USAGE_OID:
wolfSSL 11:cee25a834751 6439 if (x509->extKeyUsageSrc != NULL) {
wolfSSL 11:cee25a834751 6440 if (c != NULL) {
wolfSSL 11:cee25a834751 6441 if (x509->extKeyUsageCount > 1) {
wolfSSL 11:cee25a834751 6442 *c = -2;
wolfSSL 11:cee25a834751 6443 }
wolfSSL 11:cee25a834751 6444 else {
wolfSSL 11:cee25a834751 6445 *c = x509->extKeyUsageCrit;
wolfSSL 11:cee25a834751 6446 }
wolfSSL 11:cee25a834751 6447 }
wolfSSL 11:cee25a834751 6448 obj = wolfSSL_ASN1_OBJECT_new();
wolfSSL 11:cee25a834751 6449 obj->type = EXT_KEY_USAGE_OID;
wolfSSL 11:cee25a834751 6450 obj->obj = x509->extKeyUsageSrc;
wolfSSL 11:cee25a834751 6451 obj->objSz = x509->extKeyUsageSz;
wolfSSL 11:cee25a834751 6452 }
wolfSSL 11:cee25a834751 6453 else {
wolfSSL 11:cee25a834751 6454 WOLFSSL_MSG("No Extended Key Usage set");
wolfSSL 11:cee25a834751 6455 }
wolfSSL 11:cee25a834751 6456 break;
wolfSSL 11:cee25a834751 6457
wolfSSL 11:cee25a834751 6458 case NAME_CONS_OID:
wolfSSL 11:cee25a834751 6459 WOLFSSL_MSG("Name Constraint OID extension not supported");
wolfSSL 11:cee25a834751 6460 break;
wolfSSL 11:cee25a834751 6461
wolfSSL 11:cee25a834751 6462 case PRIV_KEY_USAGE_PERIOD_OID:
wolfSSL 11:cee25a834751 6463 WOLFSSL_MSG("Private Key Usage Period extension not supported");
wolfSSL 11:cee25a834751 6464 break;
wolfSSL 11:cee25a834751 6465
wolfSSL 11:cee25a834751 6466 case SUBJECT_INFO_ACCESS:
wolfSSL 11:cee25a834751 6467 WOLFSSL_MSG("Subject Info Access extension not supported");
wolfSSL 11:cee25a834751 6468 break;
wolfSSL 11:cee25a834751 6469
wolfSSL 11:cee25a834751 6470 case POLICY_MAP_OID:
wolfSSL 11:cee25a834751 6471 WOLFSSL_MSG("Policy Map extension not supported");
wolfSSL 11:cee25a834751 6472 break;
wolfSSL 11:cee25a834751 6473
wolfSSL 11:cee25a834751 6474 case POLICY_CONST_OID:
wolfSSL 11:cee25a834751 6475 WOLFSSL_MSG("Policy Constraint extension not supported");
wolfSSL 11:cee25a834751 6476 break;
wolfSSL 11:cee25a834751 6477
wolfSSL 11:cee25a834751 6478 case ISSUE_ALT_NAMES_OID:
wolfSSL 11:cee25a834751 6479 WOLFSSL_MSG("Issue Alt Names extension not supported");
wolfSSL 11:cee25a834751 6480 break;
wolfSSL 11:cee25a834751 6481
wolfSSL 11:cee25a834751 6482 case TLS_FEATURE_OID:
wolfSSL 11:cee25a834751 6483 WOLFSSL_MSG("TLS Feature extension not supported");
wolfSSL 11:cee25a834751 6484 break;
wolfSSL 11:cee25a834751 6485
wolfSSL 11:cee25a834751 6486 default:
wolfSSL 11:cee25a834751 6487 WOLFSSL_MSG("Unsupported/Unknown extension OID");
wolfSSL 11:cee25a834751 6488 }
wolfSSL 11:cee25a834751 6489
wolfSSL 11:cee25a834751 6490 if (obj != NULL) {
wolfSSL 11:cee25a834751 6491 if (wolfSSL_sk_ASN1_OBJECT_push(sk, obj) != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 6492 WOLFSSL_MSG("Error pushing ASN1 object onto stack");
wolfSSL 11:cee25a834751 6493 wolfSSL_ASN1_OBJECT_free(obj);
wolfSSL 11:cee25a834751 6494 wolfSSL_sk_ASN1_OBJECT_free(sk);
wolfSSL 11:cee25a834751 6495 sk = NULL;
wolfSSL 11:cee25a834751 6496 }
wolfSSL 11:cee25a834751 6497 }
wolfSSL 11:cee25a834751 6498 else { /* no ASN1 object found for extension, free stack */
wolfSSL 11:cee25a834751 6499 wolfSSL_sk_ASN1_OBJECT_free(sk);
wolfSSL 11:cee25a834751 6500 sk = NULL;
wolfSSL 11:cee25a834751 6501 }
wolfSSL 11:cee25a834751 6502
wolfSSL 11:cee25a834751 6503 (void)idx;
wolfSSL 11:cee25a834751 6504
wolfSSL 11:cee25a834751 6505 return sk;
wolfSSL 11:cee25a834751 6506 }
wolfSSL 11:cee25a834751 6507
wolfSSL 11:cee25a834751 6508
wolfSSL 11:cee25a834751 6509 /* this function makes the assumption that out buffer is big enough for digest*/
wolfSSL 11:cee25a834751 6510 static int wolfSSL_EVP_Digest(unsigned char* in, int inSz, unsigned char* out,
wolfSSL 11:cee25a834751 6511 unsigned int* outSz, const WOLFSSL_EVP_MD* evp,
wolfSSL 11:cee25a834751 6512 WOLFSSL_ENGINE* eng)
wolfSSL 11:cee25a834751 6513 {
wolfSSL 11:cee25a834751 6514 enum wc_HashType hash = WC_HASH_TYPE_NONE;
wolfSSL 11:cee25a834751 6515 int hashSz;
wolfSSL 11:cee25a834751 6516
wolfSSL 11:cee25a834751 6517 if (XSTRLEN(evp) < 3) {
wolfSSL 11:cee25a834751 6518 /* do not try comparing strings if size is too small */
wolfSSL 11:cee25a834751 6519 return SSL_FAILURE;
wolfSSL 11:cee25a834751 6520 }
wolfSSL 11:cee25a834751 6521
wolfSSL 11:cee25a834751 6522 if (XSTRNCMP("SHA", evp, 3) == 0) {
wolfSSL 11:cee25a834751 6523 if (XSTRLEN(evp) > 3) {
wolfSSL 11:cee25a834751 6524 if (XSTRNCMP("SHA256", evp, 6) == 0) {
wolfSSL 11:cee25a834751 6525 hash = WC_HASH_TYPE_SHA256;
wolfSSL 11:cee25a834751 6526 }
wolfSSL 11:cee25a834751 6527 else if (XSTRNCMP("SHA384", evp, 6) == 0) {
wolfSSL 11:cee25a834751 6528 hash = WC_HASH_TYPE_SHA384;
wolfSSL 11:cee25a834751 6529 }
wolfSSL 11:cee25a834751 6530 else if (XSTRNCMP("SHA512", evp, 6) == 0) {
wolfSSL 11:cee25a834751 6531 hash = WC_HASH_TYPE_SHA512;
wolfSSL 11:cee25a834751 6532 }
wolfSSL 11:cee25a834751 6533 else {
wolfSSL 11:cee25a834751 6534 WOLFSSL_MSG("Unknown SHA hash");
wolfSSL 11:cee25a834751 6535 }
wolfSSL 11:cee25a834751 6536 }
wolfSSL 11:cee25a834751 6537 else {
wolfSSL 11:cee25a834751 6538 hash = WC_HASH_TYPE_SHA;
wolfSSL 11:cee25a834751 6539 }
wolfSSL 11:cee25a834751 6540 }
wolfSSL 11:cee25a834751 6541 else if (XSTRNCMP("MD2", evp, 3) == 0) {
wolfSSL 11:cee25a834751 6542 hash = WC_HASH_TYPE_MD2;
wolfSSL 11:cee25a834751 6543 }
wolfSSL 11:cee25a834751 6544 else if (XSTRNCMP("MD4", evp, 3) == 0) {
wolfSSL 11:cee25a834751 6545 hash = WC_HASH_TYPE_MD4;
wolfSSL 11:cee25a834751 6546 }
wolfSSL 11:cee25a834751 6547 else if (XSTRNCMP("MD5", evp, 3) == 0) {
wolfSSL 11:cee25a834751 6548 hash = WC_HASH_TYPE_MD5;
wolfSSL 11:cee25a834751 6549 }
wolfSSL 11:cee25a834751 6550
wolfSSL 11:cee25a834751 6551 hashSz = wc_HashGetDigestSize(hash);
wolfSSL 11:cee25a834751 6552 if (hashSz < 0) {
wolfSSL 11:cee25a834751 6553 WOLFSSL_LEAVE("wolfSSL_EVP_Digest", hashSz);
wolfSSL 11:cee25a834751 6554 return SSL_FAILURE;
wolfSSL 11:cee25a834751 6555 }
wolfSSL 11:cee25a834751 6556 *outSz = hashSz;
wolfSSL 11:cee25a834751 6557
wolfSSL 11:cee25a834751 6558 (void)eng;
wolfSSL 11:cee25a834751 6559 if (wc_Hash(hash, in, inSz, out, *outSz) == 0) {
wolfSSL 11:cee25a834751 6560 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 6561 }
wolfSSL 11:cee25a834751 6562 else {
wolfSSL 11:cee25a834751 6563 return SSL_FAILURE;
wolfSSL 11:cee25a834751 6564 }
wolfSSL 11:cee25a834751 6565 }
wolfSSL 11:cee25a834751 6566
wolfSSL 11:cee25a834751 6567
wolfSSL 11:cee25a834751 6568 int wolfSSL_X509_digest(const WOLFSSL_X509* x509, const WOLFSSL_EVP_MD* digest,
wolfSSL 11:cee25a834751 6569 unsigned char* buf, unsigned int* len)
wolfSSL 11:cee25a834751 6570 {
wolfSSL 11:cee25a834751 6571 WOLFSSL_ENTER("wolfSSL_X509_digest");
wolfSSL 11:cee25a834751 6572
wolfSSL 11:cee25a834751 6573 if (x509 == NULL || digest == NULL) {
wolfSSL 11:cee25a834751 6574 return SSL_FAILURE;
wolfSSL 11:cee25a834751 6575 }
wolfSSL 11:cee25a834751 6576
wolfSSL 11:cee25a834751 6577 return wolfSSL_EVP_Digest(x509->derCert->buffer, x509->derCert->length, buf,
wolfSSL 11:cee25a834751 6578 len, digest, NULL);
wolfSSL 11:cee25a834751 6579 }
wolfSSL 11:cee25a834751 6580
wolfSSL 11:cee25a834751 6581
wolfSSL 11:cee25a834751 6582 int wolfSSL_use_PrivateKey(WOLFSSL* ssl, WOLFSSL_EVP_PKEY* pkey)
wolfSSL 11:cee25a834751 6583 {
wolfSSL 11:cee25a834751 6584 WOLFSSL_ENTER("wolfSSL_use_PrivateKey");
wolfSSL 11:cee25a834751 6585 if (ssl == NULL || pkey == NULL ) {
wolfSSL 11:cee25a834751 6586 return SSL_FAILURE;
wolfSSL 11:cee25a834751 6587 }
wolfSSL 11:cee25a834751 6588
wolfSSL 11:cee25a834751 6589 return wolfSSL_use_PrivateKey_buffer(ssl, (unsigned char*)pkey->pkey.ptr,
wolfSSL 11:cee25a834751 6590 pkey->pkey_sz, SSL_FILETYPE_ASN1);
wolfSSL 11:cee25a834751 6591 }
wolfSSL 11:cee25a834751 6592
wolfSSL 11:cee25a834751 6593
wolfSSL 11:cee25a834751 6594 int wolfSSL_use_PrivateKey_ASN1(int pri, WOLFSSL* ssl, unsigned char* der,
wolfSSL 11:cee25a834751 6595 long derSz)
wolfSSL 11:cee25a834751 6596 {
wolfSSL 11:cee25a834751 6597 WOLFSSL_ENTER("wolfSSL_use_PrivateKey_ASN1");
wolfSSL 11:cee25a834751 6598 if (ssl == NULL || der == NULL ) {
wolfSSL 11:cee25a834751 6599 return SSL_FAILURE;
wolfSSL 11:cee25a834751 6600 }
wolfSSL 11:cee25a834751 6601
wolfSSL 11:cee25a834751 6602 (void)pri; /* type of private key */
wolfSSL 11:cee25a834751 6603 return wolfSSL_use_PrivateKey_buffer(ssl, der, derSz, SSL_FILETYPE_ASN1);
wolfSSL 11:cee25a834751 6604 }
wolfSSL 11:cee25a834751 6605
wolfSSL 11:cee25a834751 6606
wolfSSL 11:cee25a834751 6607 #ifndef NO_RSA
wolfSSL 11:cee25a834751 6608 int wolfSSL_use_RSAPrivateKey_ASN1(WOLFSSL* ssl, unsigned char* der, long derSz)
wolfSSL 11:cee25a834751 6609 {
wolfSSL 11:cee25a834751 6610 WOLFSSL_ENTER("wolfSSL_use_RSAPrivateKey_ASN1");
wolfSSL 11:cee25a834751 6611 if (ssl == NULL || der == NULL ) {
wolfSSL 11:cee25a834751 6612 return SSL_FAILURE;
wolfSSL 11:cee25a834751 6613 }
wolfSSL 11:cee25a834751 6614
wolfSSL 11:cee25a834751 6615 return wolfSSL_use_PrivateKey_buffer(ssl, der, derSz, SSL_FILETYPE_ASN1);
wolfSSL 11:cee25a834751 6616 }
wolfSSL 11:cee25a834751 6617 #endif
wolfSSL 11:cee25a834751 6618
wolfSSL 11:cee25a834751 6619 int wolfSSL_use_certificate_ASN1(WOLFSSL* ssl, unsigned char* der, int derSz)
wolfSSL 11:cee25a834751 6620 {
wolfSSL 11:cee25a834751 6621 long idx;
wolfSSL 11:cee25a834751 6622
wolfSSL 11:cee25a834751 6623 WOLFSSL_ENTER("wolfSSL_use_certificate_ASN1");
wolfSSL 11:cee25a834751 6624 if (der != NULL && ssl != NULL) {
wolfSSL 11:cee25a834751 6625 if (ProcessBuffer(NULL, der, derSz, SSL_FILETYPE_ASN1, CERT_TYPE, ssl,
wolfSSL 11:cee25a834751 6626 &idx, 0) == SSL_SUCCESS)
wolfSSL 11:cee25a834751 6627 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 6628 }
wolfSSL 11:cee25a834751 6629
wolfSSL 11:cee25a834751 6630 (void)idx;
wolfSSL 11:cee25a834751 6631 return SSL_FAILURE;
wolfSSL 11:cee25a834751 6632 }
wolfSSL 11:cee25a834751 6633
wolfSSL 11:cee25a834751 6634
wolfSSL 11:cee25a834751 6635 int wolfSSL_use_certificate(WOLFSSL* ssl, WOLFSSL_X509* x509)
wolfSSL 11:cee25a834751 6636 {
wolfSSL 11:cee25a834751 6637 long idx;
wolfSSL 11:cee25a834751 6638
wolfSSL 11:cee25a834751 6639 WOLFSSL_ENTER("wolfSSL_use_certificate");
wolfSSL 11:cee25a834751 6640 if (x509 != NULL && ssl != NULL && x509->derCert != NULL) {
wolfSSL 11:cee25a834751 6641 if (ProcessBuffer(NULL, x509->derCert->buffer, x509->derCert->length,
wolfSSL 11:cee25a834751 6642 SSL_FILETYPE_ASN1, CERT_TYPE, ssl, &idx, 0) == SSL_SUCCESS)
wolfSSL 11:cee25a834751 6643 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 6644 }
wolfSSL 11:cee25a834751 6645
wolfSSL 11:cee25a834751 6646 (void)idx;
wolfSSL 11:cee25a834751 6647 return SSL_FAILURE;
wolfSSL 11:cee25a834751 6648 }
wolfSSL 11:cee25a834751 6649 #endif /* NO_CERTS */
wolfSSL 11:cee25a834751 6650
wolfSSL 11:cee25a834751 6651
wolfSSL 11:cee25a834751 6652 int wolfSSL_use_certificate_file(WOLFSSL* ssl, const char* file, int format)
wolfSSL 11:cee25a834751 6653 {
wolfSSL 11:cee25a834751 6654 WOLFSSL_ENTER("wolfSSL_use_certificate_file");
wolfSSL 11:cee25a834751 6655 if (ProcessFile(ssl->ctx, file, format, CERT_TYPE,
wolfSSL 11:cee25a834751 6656 ssl, 0, NULL) == SSL_SUCCESS)
wolfSSL 11:cee25a834751 6657 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 6658
wolfSSL 11:cee25a834751 6659 return SSL_FAILURE;
wolfSSL 11:cee25a834751 6660 }
wolfSSL 11:cee25a834751 6661
wolfSSL 11:cee25a834751 6662
wolfSSL 11:cee25a834751 6663 int wolfSSL_use_PrivateKey_file(WOLFSSL* ssl, const char* file, int format)
wolfSSL 11:cee25a834751 6664 {
wolfSSL 11:cee25a834751 6665 WOLFSSL_ENTER("wolfSSL_use_PrivateKey_file");
wolfSSL 11:cee25a834751 6666 if (ProcessFile(ssl->ctx, file, format, PRIVATEKEY_TYPE,
wolfSSL 11:cee25a834751 6667 ssl, 0, NULL) == SSL_SUCCESS)
wolfSSL 11:cee25a834751 6668 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 6669
wolfSSL 11:cee25a834751 6670 return SSL_FAILURE;
wolfSSL 11:cee25a834751 6671 }
wolfSSL 11:cee25a834751 6672
wolfSSL 11:cee25a834751 6673
wolfSSL 11:cee25a834751 6674 int wolfSSL_use_certificate_chain_file(WOLFSSL* ssl, const char* file)
wolfSSL 11:cee25a834751 6675 {
wolfSSL 11:cee25a834751 6676 /* process up to MAX_CHAIN_DEPTH plus subject cert */
wolfSSL 11:cee25a834751 6677 WOLFSSL_ENTER("wolfSSL_use_certificate_chain_file");
wolfSSL 11:cee25a834751 6678 if (ProcessFile(ssl->ctx, file, SSL_FILETYPE_PEM, CERT_TYPE,
wolfSSL 11:cee25a834751 6679 ssl, 1, NULL) == SSL_SUCCESS)
wolfSSL 11:cee25a834751 6680 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 6681
wolfSSL 11:cee25a834751 6682 return SSL_FAILURE;
wolfSSL 11:cee25a834751 6683 }
wolfSSL 11:cee25a834751 6684
wolfSSL 11:cee25a834751 6685
wolfSSL 11:cee25a834751 6686 #ifdef HAVE_ECC
wolfSSL 11:cee25a834751 6687
wolfSSL 11:cee25a834751 6688 /* Set Temp CTX EC-DHE size in octets, should be 20 - 66 for 160 - 521 bit */
wolfSSL 11:cee25a834751 6689 int wolfSSL_CTX_SetTmpEC_DHE_Sz(WOLFSSL_CTX* ctx, word16 sz)
wolfSSL 11:cee25a834751 6690 {
wolfSSL 11:cee25a834751 6691 if (ctx == NULL || sz < ECC_MINSIZE || sz > ECC_MAXSIZE)
wolfSSL 11:cee25a834751 6692 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 6693
wolfSSL 11:cee25a834751 6694 ctx->eccTempKeySz = sz;
wolfSSL 11:cee25a834751 6695
wolfSSL 11:cee25a834751 6696 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 6697 }
wolfSSL 11:cee25a834751 6698
wolfSSL 11:cee25a834751 6699
wolfSSL 11:cee25a834751 6700 /* Set Temp SSL EC-DHE size in octets, should be 20 - 66 for 160 - 521 bit */
wolfSSL 11:cee25a834751 6701 int wolfSSL_SetTmpEC_DHE_Sz(WOLFSSL* ssl, word16 sz)
wolfSSL 11:cee25a834751 6702 {
wolfSSL 11:cee25a834751 6703 if (ssl == NULL || sz < ECC_MINSIZE || sz > ECC_MAXSIZE)
wolfSSL 11:cee25a834751 6704 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 6705
wolfSSL 11:cee25a834751 6706 ssl->eccTempKeySz = sz;
wolfSSL 11:cee25a834751 6707
wolfSSL 11:cee25a834751 6708 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 6709 }
wolfSSL 11:cee25a834751 6710
wolfSSL 11:cee25a834751 6711 #endif /* HAVE_ECC */
wolfSSL 11:cee25a834751 6712
wolfSSL 11:cee25a834751 6713
wolfSSL 11:cee25a834751 6714
wolfSSL 11:cee25a834751 6715
wolfSSL 11:cee25a834751 6716 int wolfSSL_CTX_use_RSAPrivateKey_file(WOLFSSL_CTX* ctx,const char* file,
wolfSSL 11:cee25a834751 6717 int format)
wolfSSL 11:cee25a834751 6718 {
wolfSSL 11:cee25a834751 6719 WOLFSSL_ENTER("SSL_CTX_use_RSAPrivateKey_file");
wolfSSL 11:cee25a834751 6720
wolfSSL 11:cee25a834751 6721 return wolfSSL_CTX_use_PrivateKey_file(ctx, file, format);
wolfSSL 11:cee25a834751 6722 }
wolfSSL 11:cee25a834751 6723
wolfSSL 11:cee25a834751 6724
wolfSSL 11:cee25a834751 6725 int wolfSSL_use_RSAPrivateKey_file(WOLFSSL* ssl, const char* file, int format)
wolfSSL 11:cee25a834751 6726 {
wolfSSL 11:cee25a834751 6727 WOLFSSL_ENTER("wolfSSL_use_RSAPrivateKey_file");
wolfSSL 11:cee25a834751 6728
wolfSSL 11:cee25a834751 6729 return wolfSSL_use_PrivateKey_file(ssl, file, format);
wolfSSL 11:cee25a834751 6730 }
wolfSSL 11:cee25a834751 6731
wolfSSL 11:cee25a834751 6732
wolfSSL 11:cee25a834751 6733 /* Copies the master secret over to out buffer. If outSz is 0 returns the size
wolfSSL 11:cee25a834751 6734 * of master secret.
wolfSSL 11:cee25a834751 6735 *
wolfSSL 11:cee25a834751 6736 * ses : a session from completed TLS/SSL handshake
wolfSSL 11:cee25a834751 6737 * out : buffer to hold copy of master secret
wolfSSL 11:cee25a834751 6738 * outSz : size of out buffer
wolfSSL 11:cee25a834751 6739 * returns : number of bytes copied into out buffer on success
wolfSSL 11:cee25a834751 6740 * less then or equal to 0 is considered a failure case
wolfSSL 11:cee25a834751 6741 */
wolfSSL 11:cee25a834751 6742 int wolfSSL_SESSION_get_master_key(const WOLFSSL_SESSION* ses,
wolfSSL 11:cee25a834751 6743 unsigned char* out, int outSz)
wolfSSL 11:cee25a834751 6744 {
wolfSSL 11:cee25a834751 6745 int size;
wolfSSL 11:cee25a834751 6746
wolfSSL 11:cee25a834751 6747 if (outSz == 0) {
wolfSSL 11:cee25a834751 6748 return SECRET_LEN;
wolfSSL 11:cee25a834751 6749 }
wolfSSL 11:cee25a834751 6750
wolfSSL 11:cee25a834751 6751 if (ses == NULL || out == NULL || outSz < 0) {
wolfSSL 11:cee25a834751 6752 return 0;
wolfSSL 11:cee25a834751 6753 }
wolfSSL 11:cee25a834751 6754
wolfSSL 11:cee25a834751 6755 if (outSz > SECRET_LEN) {
wolfSSL 11:cee25a834751 6756 size = SECRET_LEN;
wolfSSL 11:cee25a834751 6757 }
wolfSSL 11:cee25a834751 6758 else {
wolfSSL 11:cee25a834751 6759 size = outSz;
wolfSSL 11:cee25a834751 6760 }
wolfSSL 11:cee25a834751 6761
wolfSSL 11:cee25a834751 6762 XMEMCPY(out, ses->masterSecret, size);
wolfSSL 11:cee25a834751 6763 return size;
wolfSSL 11:cee25a834751 6764 }
wolfSSL 11:cee25a834751 6765
wolfSSL 11:cee25a834751 6766
wolfSSL 11:cee25a834751 6767 int wolfSSL_SESSION_get_master_key_length(const WOLFSSL_SESSION* ses)
wolfSSL 11:cee25a834751 6768 {
wolfSSL 11:cee25a834751 6769 (void)ses;
wolfSSL 11:cee25a834751 6770 return SECRET_LEN;
wolfSSL 11:cee25a834751 6771 }
wolfSSL 11:cee25a834751 6772
wolfSSL 11:cee25a834751 6773 #endif /* OPENSSL_EXTRA */
wolfSSL 11:cee25a834751 6774
wolfSSL 11:cee25a834751 6775 #ifdef HAVE_NTRU
wolfSSL 11:cee25a834751 6776
wolfSSL 11:cee25a834751 6777 int wolfSSL_CTX_use_NTRUPrivateKey_file(WOLFSSL_CTX* ctx, const char* file)
wolfSSL 11:cee25a834751 6778 {
wolfSSL 11:cee25a834751 6779 WOLFSSL_ENTER("wolfSSL_CTX_use_NTRUPrivateKey_file");
wolfSSL 11:cee25a834751 6780 if (ctx == NULL)
wolfSSL 11:cee25a834751 6781 return SSL_FAILURE;
wolfSSL 11:cee25a834751 6782
wolfSSL 11:cee25a834751 6783 if (ProcessFile(ctx, file, SSL_FILETYPE_RAW, PRIVATEKEY_TYPE, NULL, 0, NULL)
wolfSSL 11:cee25a834751 6784 == SSL_SUCCESS) {
wolfSSL 11:cee25a834751 6785 ctx->haveNTRU = 1;
wolfSSL 11:cee25a834751 6786 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 6787 }
wolfSSL 11:cee25a834751 6788
wolfSSL 11:cee25a834751 6789 return SSL_FAILURE;
wolfSSL 11:cee25a834751 6790 }
wolfSSL 11:cee25a834751 6791
wolfSSL 11:cee25a834751 6792 #endif /* HAVE_NTRU */
wolfSSL 11:cee25a834751 6793
wolfSSL 11:cee25a834751 6794
wolfSSL 11:cee25a834751 6795 #endif /* NO_FILESYSTEM */
wolfSSL 11:cee25a834751 6796
wolfSSL 11:cee25a834751 6797
wolfSSL 11:cee25a834751 6798 void wolfSSL_CTX_set_verify(WOLFSSL_CTX* ctx, int mode, VerifyCallback vc)
wolfSSL 11:cee25a834751 6799 {
wolfSSL 11:cee25a834751 6800 WOLFSSL_ENTER("wolfSSL_CTX_set_verify");
wolfSSL 11:cee25a834751 6801 if (mode & SSL_VERIFY_PEER) {
wolfSSL 11:cee25a834751 6802 ctx->verifyPeer = 1;
wolfSSL 11:cee25a834751 6803 ctx->verifyNone = 0; /* in case previously set */
wolfSSL 11:cee25a834751 6804 }
wolfSSL 11:cee25a834751 6805
wolfSSL 11:cee25a834751 6806 if (mode == SSL_VERIFY_NONE) {
wolfSSL 11:cee25a834751 6807 ctx->verifyNone = 1;
wolfSSL 11:cee25a834751 6808 ctx->verifyPeer = 0; /* in case previously set */
wolfSSL 11:cee25a834751 6809 }
wolfSSL 11:cee25a834751 6810
wolfSSL 11:cee25a834751 6811 if (mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)
wolfSSL 11:cee25a834751 6812 ctx->failNoCert = 1;
wolfSSL 11:cee25a834751 6813
wolfSSL 11:cee25a834751 6814 if (mode & SSL_VERIFY_FAIL_EXCEPT_PSK) {
wolfSSL 11:cee25a834751 6815 ctx->failNoCert = 0; /* fail on all is set to fail on PSK */
wolfSSL 11:cee25a834751 6816 ctx->failNoCertxPSK = 1;
wolfSSL 11:cee25a834751 6817 }
wolfSSL 11:cee25a834751 6818
wolfSSL 11:cee25a834751 6819 ctx->verifyCallback = vc;
wolfSSL 11:cee25a834751 6820 }
wolfSSL 11:cee25a834751 6821
wolfSSL 11:cee25a834751 6822
wolfSSL 11:cee25a834751 6823 void wolfSSL_set_verify(WOLFSSL* ssl, int mode, VerifyCallback vc)
wolfSSL 11:cee25a834751 6824 {
wolfSSL 11:cee25a834751 6825 WOLFSSL_ENTER("wolfSSL_set_verify");
wolfSSL 11:cee25a834751 6826 if (mode & SSL_VERIFY_PEER) {
wolfSSL 11:cee25a834751 6827 ssl->options.verifyPeer = 1;
wolfSSL 11:cee25a834751 6828 ssl->options.verifyNone = 0; /* in case previously set */
wolfSSL 11:cee25a834751 6829 }
wolfSSL 11:cee25a834751 6830
wolfSSL 11:cee25a834751 6831 if (mode == SSL_VERIFY_NONE) {
wolfSSL 11:cee25a834751 6832 ssl->options.verifyNone = 1;
wolfSSL 11:cee25a834751 6833 ssl->options.verifyPeer = 0; /* in case previously set */
wolfSSL 11:cee25a834751 6834 }
wolfSSL 11:cee25a834751 6835
wolfSSL 11:cee25a834751 6836 if (mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)
wolfSSL 11:cee25a834751 6837 ssl->options.failNoCert = 1;
wolfSSL 11:cee25a834751 6838
wolfSSL 11:cee25a834751 6839 if (mode & SSL_VERIFY_FAIL_EXCEPT_PSK) {
wolfSSL 11:cee25a834751 6840 ssl->options.failNoCert = 0; /* fail on all is set to fail on PSK */
wolfSSL 11:cee25a834751 6841 ssl->options.failNoCertxPSK = 1;
wolfSSL 11:cee25a834751 6842 }
wolfSSL 11:cee25a834751 6843
wolfSSL 11:cee25a834751 6844 ssl->verifyCallback = vc;
wolfSSL 11:cee25a834751 6845 }
wolfSSL 11:cee25a834751 6846
wolfSSL 11:cee25a834751 6847
wolfSSL 11:cee25a834751 6848 /* store user ctx for verify callback */
wolfSSL 11:cee25a834751 6849 void wolfSSL_SetCertCbCtx(WOLFSSL* ssl, void* ctx)
wolfSSL 11:cee25a834751 6850 {
wolfSSL 11:cee25a834751 6851 WOLFSSL_ENTER("wolfSSL_SetCertCbCtx");
wolfSSL 11:cee25a834751 6852 if (ssl)
wolfSSL 11:cee25a834751 6853 ssl->verifyCbCtx = ctx;
wolfSSL 11:cee25a834751 6854 }
wolfSSL 11:cee25a834751 6855
wolfSSL 11:cee25a834751 6856
wolfSSL 11:cee25a834751 6857 /* store context CA Cache addition callback */
wolfSSL 11:cee25a834751 6858 void wolfSSL_CTX_SetCACb(WOLFSSL_CTX* ctx, CallbackCACache cb)
wolfSSL 11:cee25a834751 6859 {
wolfSSL 11:cee25a834751 6860 if (ctx && ctx->cm)
wolfSSL 11:cee25a834751 6861 ctx->cm->caCacheCallback = cb;
wolfSSL 11:cee25a834751 6862 }
wolfSSL 11:cee25a834751 6863
wolfSSL 11:cee25a834751 6864
wolfSSL 11:cee25a834751 6865 #if defined(PERSIST_CERT_CACHE)
wolfSSL 11:cee25a834751 6866
wolfSSL 11:cee25a834751 6867 #if !defined(NO_FILESYSTEM)
wolfSSL 11:cee25a834751 6868
wolfSSL 11:cee25a834751 6869 /* Persist cert cache to file */
wolfSSL 11:cee25a834751 6870 int wolfSSL_CTX_save_cert_cache(WOLFSSL_CTX* ctx, const char* fname)
wolfSSL 11:cee25a834751 6871 {
wolfSSL 11:cee25a834751 6872 WOLFSSL_ENTER("wolfSSL_CTX_save_cert_cache");
wolfSSL 11:cee25a834751 6873
wolfSSL 11:cee25a834751 6874 if (ctx == NULL || fname == NULL)
wolfSSL 11:cee25a834751 6875 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 6876
wolfSSL 11:cee25a834751 6877 return CM_SaveCertCache(ctx->cm, fname);
wolfSSL 11:cee25a834751 6878 }
wolfSSL 11:cee25a834751 6879
wolfSSL 11:cee25a834751 6880
wolfSSL 11:cee25a834751 6881 /* Persist cert cache from file */
wolfSSL 11:cee25a834751 6882 int wolfSSL_CTX_restore_cert_cache(WOLFSSL_CTX* ctx, const char* fname)
wolfSSL 11:cee25a834751 6883 {
wolfSSL 11:cee25a834751 6884 WOLFSSL_ENTER("wolfSSL_CTX_restore_cert_cache");
wolfSSL 11:cee25a834751 6885
wolfSSL 11:cee25a834751 6886 if (ctx == NULL || fname == NULL)
wolfSSL 11:cee25a834751 6887 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 6888
wolfSSL 11:cee25a834751 6889 return CM_RestoreCertCache(ctx->cm, fname);
wolfSSL 11:cee25a834751 6890 }
wolfSSL 11:cee25a834751 6891
wolfSSL 11:cee25a834751 6892 #endif /* NO_FILESYSTEM */
wolfSSL 11:cee25a834751 6893
wolfSSL 11:cee25a834751 6894 /* Persist cert cache to memory */
wolfSSL 11:cee25a834751 6895 int wolfSSL_CTX_memsave_cert_cache(WOLFSSL_CTX* ctx, void* mem,
wolfSSL 11:cee25a834751 6896 int sz, int* used)
wolfSSL 11:cee25a834751 6897 {
wolfSSL 11:cee25a834751 6898 WOLFSSL_ENTER("wolfSSL_CTX_memsave_cert_cache");
wolfSSL 11:cee25a834751 6899
wolfSSL 11:cee25a834751 6900 if (ctx == NULL || mem == NULL || used == NULL || sz <= 0)
wolfSSL 11:cee25a834751 6901 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 6902
wolfSSL 11:cee25a834751 6903 return CM_MemSaveCertCache(ctx->cm, mem, sz, used);
wolfSSL 11:cee25a834751 6904 }
wolfSSL 11:cee25a834751 6905
wolfSSL 11:cee25a834751 6906
wolfSSL 11:cee25a834751 6907 /* Restore cert cache from memory */
wolfSSL 11:cee25a834751 6908 int wolfSSL_CTX_memrestore_cert_cache(WOLFSSL_CTX* ctx, const void* mem, int sz)
wolfSSL 11:cee25a834751 6909 {
wolfSSL 11:cee25a834751 6910 WOLFSSL_ENTER("wolfSSL_CTX_memrestore_cert_cache");
wolfSSL 11:cee25a834751 6911
wolfSSL 11:cee25a834751 6912 if (ctx == NULL || mem == NULL || sz <= 0)
wolfSSL 11:cee25a834751 6913 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 6914
wolfSSL 11:cee25a834751 6915 return CM_MemRestoreCertCache(ctx->cm, mem, sz);
wolfSSL 11:cee25a834751 6916 }
wolfSSL 11:cee25a834751 6917
wolfSSL 11:cee25a834751 6918
wolfSSL 11:cee25a834751 6919 /* get how big the the cert cache save buffer needs to be */
wolfSSL 11:cee25a834751 6920 int wolfSSL_CTX_get_cert_cache_memsize(WOLFSSL_CTX* ctx)
wolfSSL 11:cee25a834751 6921 {
wolfSSL 11:cee25a834751 6922 WOLFSSL_ENTER("wolfSSL_CTX_get_cert_cache_memsize");
wolfSSL 11:cee25a834751 6923
wolfSSL 11:cee25a834751 6924 if (ctx == NULL)
wolfSSL 11:cee25a834751 6925 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 6926
wolfSSL 11:cee25a834751 6927 return CM_GetCertCacheMemSize(ctx->cm);
wolfSSL 11:cee25a834751 6928 }
wolfSSL 11:cee25a834751 6929
wolfSSL 11:cee25a834751 6930 #endif /* PERSISTE_CERT_CACHE */
wolfSSL 11:cee25a834751 6931 #endif /* !NO_CERTS */
wolfSSL 11:cee25a834751 6932
wolfSSL 11:cee25a834751 6933
wolfSSL 11:cee25a834751 6934 #ifndef NO_SESSION_CACHE
wolfSSL 11:cee25a834751 6935
wolfSSL 11:cee25a834751 6936 WOLFSSL_SESSION* wolfSSL_get_session(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 6937 {
wolfSSL 11:cee25a834751 6938 WOLFSSL_ENTER("SSL_get_session");
wolfSSL 11:cee25a834751 6939 if (ssl)
wolfSSL 11:cee25a834751 6940 return GetSession(ssl, 0, 0);
wolfSSL 11:cee25a834751 6941
wolfSSL 11:cee25a834751 6942 return NULL;
wolfSSL 11:cee25a834751 6943 }
wolfSSL 11:cee25a834751 6944
wolfSSL 11:cee25a834751 6945
wolfSSL 11:cee25a834751 6946 int wolfSSL_set_session(WOLFSSL* ssl, WOLFSSL_SESSION* session)
wolfSSL 11:cee25a834751 6947 {
wolfSSL 11:cee25a834751 6948 WOLFSSL_ENTER("SSL_set_session");
wolfSSL 11:cee25a834751 6949 if (session)
wolfSSL 11:cee25a834751 6950 return SetSession(ssl, session);
wolfSSL 11:cee25a834751 6951
wolfSSL 11:cee25a834751 6952 return SSL_FAILURE;
wolfSSL 11:cee25a834751 6953 }
wolfSSL 11:cee25a834751 6954
wolfSSL 11:cee25a834751 6955
wolfSSL 11:cee25a834751 6956 #ifndef NO_CLIENT_CACHE
wolfSSL 11:cee25a834751 6957
wolfSSL 11:cee25a834751 6958 /* Associate client session with serverID, find existing or store for saving
wolfSSL 11:cee25a834751 6959 if newSession flag on, don't reuse existing session
wolfSSL 11:cee25a834751 6960 SSL_SUCCESS on ok */
wolfSSL 11:cee25a834751 6961 int wolfSSL_SetServerID(WOLFSSL* ssl, const byte* id, int len, int newSession)
wolfSSL 11:cee25a834751 6962 {
wolfSSL 11:cee25a834751 6963 WOLFSSL_SESSION* session = NULL;
wolfSSL 11:cee25a834751 6964
wolfSSL 11:cee25a834751 6965 WOLFSSL_ENTER("wolfSSL_SetServerID");
wolfSSL 11:cee25a834751 6966
wolfSSL 11:cee25a834751 6967 if (ssl == NULL || id == NULL || len <= 0)
wolfSSL 11:cee25a834751 6968 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 6969
wolfSSL 11:cee25a834751 6970 if (newSession == 0) {
wolfSSL 11:cee25a834751 6971 session = GetSessionClient(ssl, id, len);
wolfSSL 11:cee25a834751 6972 if (session) {
wolfSSL 11:cee25a834751 6973 if (SetSession(ssl, session) != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 6974 #ifdef HAVE_EXT_CACHE
wolfSSL 11:cee25a834751 6975 wolfSSL_SESSION_free(session);
wolfSSL 11:cee25a834751 6976 #endif
wolfSSL 11:cee25a834751 6977 WOLFSSL_MSG("SetSession failed");
wolfSSL 11:cee25a834751 6978 session = NULL;
wolfSSL 11:cee25a834751 6979 }
wolfSSL 11:cee25a834751 6980 }
wolfSSL 11:cee25a834751 6981 }
wolfSSL 11:cee25a834751 6982
wolfSSL 11:cee25a834751 6983 if (session == NULL) {
wolfSSL 11:cee25a834751 6984 WOLFSSL_MSG("Valid ServerID not cached already");
wolfSSL 11:cee25a834751 6985
wolfSSL 11:cee25a834751 6986 ssl->session.idLen = (word16)min(SERVER_ID_LEN, (word32)len);
wolfSSL 11:cee25a834751 6987 XMEMCPY(ssl->session.serverID, id, ssl->session.idLen);
wolfSSL 11:cee25a834751 6988 }
wolfSSL 11:cee25a834751 6989 #ifdef HAVE_EXT_CACHE
wolfSSL 11:cee25a834751 6990 else
wolfSSL 11:cee25a834751 6991 wolfSSL_SESSION_free(session);
wolfSSL 11:cee25a834751 6992 #endif
wolfSSL 11:cee25a834751 6993
wolfSSL 11:cee25a834751 6994 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 6995 }
wolfSSL 11:cee25a834751 6996
wolfSSL 11:cee25a834751 6997 #endif /* NO_CLIENT_CACHE */
wolfSSL 11:cee25a834751 6998
wolfSSL 11:cee25a834751 6999 #if defined(PERSIST_SESSION_CACHE)
wolfSSL 11:cee25a834751 7000
wolfSSL 11:cee25a834751 7001 /* for persistence, if changes to layout need to increment and modify
wolfSSL 11:cee25a834751 7002 save_session_cache() and restore_session_cache and memory versions too */
wolfSSL 11:cee25a834751 7003 #define WOLFSSL_CACHE_VERSION 2
wolfSSL 11:cee25a834751 7004
wolfSSL 11:cee25a834751 7005 /* Session Cache Header information */
wolfSSL 11:cee25a834751 7006 typedef struct {
wolfSSL 11:cee25a834751 7007 int version; /* cache layout version id */
wolfSSL 11:cee25a834751 7008 int rows; /* session rows */
wolfSSL 11:cee25a834751 7009 int columns; /* session columns */
wolfSSL 11:cee25a834751 7010 int sessionSz; /* sizeof WOLFSSL_SESSION */
wolfSSL 11:cee25a834751 7011 } cache_header_t;
wolfSSL 11:cee25a834751 7012
wolfSSL 11:cee25a834751 7013 /* current persistence layout is:
wolfSSL 11:cee25a834751 7014
wolfSSL 11:cee25a834751 7015 1) cache_header_t
wolfSSL 11:cee25a834751 7016 2) SessionCache
wolfSSL 11:cee25a834751 7017 3) ClientCache
wolfSSL 11:cee25a834751 7018
wolfSSL 11:cee25a834751 7019 update WOLFSSL_CACHE_VERSION if change layout for the following
wolfSSL 11:cee25a834751 7020 PERSISTENT_SESSION_CACHE functions
wolfSSL 11:cee25a834751 7021 */
wolfSSL 11:cee25a834751 7022
wolfSSL 11:cee25a834751 7023
wolfSSL 11:cee25a834751 7024 /* get how big the the session cache save buffer needs to be */
wolfSSL 11:cee25a834751 7025 int wolfSSL_get_session_cache_memsize(void)
wolfSSL 11:cee25a834751 7026 {
wolfSSL 11:cee25a834751 7027 int sz = (int)(sizeof(SessionCache) + sizeof(cache_header_t));
wolfSSL 11:cee25a834751 7028
wolfSSL 11:cee25a834751 7029 #ifndef NO_CLIENT_CACHE
wolfSSL 11:cee25a834751 7030 sz += (int)(sizeof(ClientCache));
wolfSSL 11:cee25a834751 7031 #endif
wolfSSL 11:cee25a834751 7032
wolfSSL 11:cee25a834751 7033 return sz;
wolfSSL 11:cee25a834751 7034 }
wolfSSL 11:cee25a834751 7035
wolfSSL 11:cee25a834751 7036
wolfSSL 11:cee25a834751 7037 /* Persist session cache to memory */
wolfSSL 11:cee25a834751 7038 int wolfSSL_memsave_session_cache(void* mem, int sz)
wolfSSL 11:cee25a834751 7039 {
wolfSSL 11:cee25a834751 7040 int i;
wolfSSL 11:cee25a834751 7041 cache_header_t cache_header;
wolfSSL 11:cee25a834751 7042 SessionRow* row = (SessionRow*)((byte*)mem + sizeof(cache_header));
wolfSSL 11:cee25a834751 7043 #ifndef NO_CLIENT_CACHE
wolfSSL 11:cee25a834751 7044 ClientRow* clRow;
wolfSSL 11:cee25a834751 7045 #endif
wolfSSL 11:cee25a834751 7046
wolfSSL 11:cee25a834751 7047 WOLFSSL_ENTER("wolfSSL_memsave_session_cache");
wolfSSL 11:cee25a834751 7048
wolfSSL 11:cee25a834751 7049 if (sz < wolfSSL_get_session_cache_memsize()) {
wolfSSL 11:cee25a834751 7050 WOLFSSL_MSG("Memory buffer too small");
wolfSSL 11:cee25a834751 7051 return BUFFER_E;
wolfSSL 11:cee25a834751 7052 }
wolfSSL 11:cee25a834751 7053
wolfSSL 11:cee25a834751 7054 cache_header.version = WOLFSSL_CACHE_VERSION;
wolfSSL 11:cee25a834751 7055 cache_header.rows = SESSION_ROWS;
wolfSSL 11:cee25a834751 7056 cache_header.columns = SESSIONS_PER_ROW;
wolfSSL 11:cee25a834751 7057 cache_header.sessionSz = (int)sizeof(WOLFSSL_SESSION);
wolfSSL 11:cee25a834751 7058 XMEMCPY(mem, &cache_header, sizeof(cache_header));
wolfSSL 11:cee25a834751 7059
wolfSSL 11:cee25a834751 7060 if (wc_LockMutex(&session_mutex) != 0) {
wolfSSL 11:cee25a834751 7061 WOLFSSL_MSG("Session cache mutex lock failed");
wolfSSL 11:cee25a834751 7062 return BAD_MUTEX_E;
wolfSSL 11:cee25a834751 7063 }
wolfSSL 11:cee25a834751 7064
wolfSSL 11:cee25a834751 7065 for (i = 0; i < cache_header.rows; ++i)
wolfSSL 11:cee25a834751 7066 XMEMCPY(row++, SessionCache + i, sizeof(SessionRow));
wolfSSL 11:cee25a834751 7067
wolfSSL 11:cee25a834751 7068 #ifndef NO_CLIENT_CACHE
wolfSSL 11:cee25a834751 7069 clRow = (ClientRow*)row;
wolfSSL 11:cee25a834751 7070 for (i = 0; i < cache_header.rows; ++i)
wolfSSL 11:cee25a834751 7071 XMEMCPY(clRow++, ClientCache + i, sizeof(ClientRow));
wolfSSL 11:cee25a834751 7072 #endif
wolfSSL 11:cee25a834751 7073
wolfSSL 11:cee25a834751 7074 wc_UnLockMutex(&session_mutex);
wolfSSL 11:cee25a834751 7075
wolfSSL 11:cee25a834751 7076 WOLFSSL_LEAVE("wolfSSL_memsave_session_cache", SSL_SUCCESS);
wolfSSL 11:cee25a834751 7077
wolfSSL 11:cee25a834751 7078 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 7079 }
wolfSSL 11:cee25a834751 7080
wolfSSL 11:cee25a834751 7081
wolfSSL 11:cee25a834751 7082 /* Restore the persistent session cache from memory */
wolfSSL 11:cee25a834751 7083 int wolfSSL_memrestore_session_cache(const void* mem, int sz)
wolfSSL 11:cee25a834751 7084 {
wolfSSL 11:cee25a834751 7085 int i;
wolfSSL 11:cee25a834751 7086 cache_header_t cache_header;
wolfSSL 11:cee25a834751 7087 SessionRow* row = (SessionRow*)((byte*)mem + sizeof(cache_header));
wolfSSL 11:cee25a834751 7088 #ifndef NO_CLIENT_CACHE
wolfSSL 11:cee25a834751 7089 ClientRow* clRow;
wolfSSL 11:cee25a834751 7090 #endif
wolfSSL 11:cee25a834751 7091
wolfSSL 11:cee25a834751 7092 WOLFSSL_ENTER("wolfSSL_memrestore_session_cache");
wolfSSL 11:cee25a834751 7093
wolfSSL 11:cee25a834751 7094 if (sz < wolfSSL_get_session_cache_memsize()) {
wolfSSL 11:cee25a834751 7095 WOLFSSL_MSG("Memory buffer too small");
wolfSSL 11:cee25a834751 7096 return BUFFER_E;
wolfSSL 11:cee25a834751 7097 }
wolfSSL 11:cee25a834751 7098
wolfSSL 11:cee25a834751 7099 XMEMCPY(&cache_header, mem, sizeof(cache_header));
wolfSSL 11:cee25a834751 7100 if (cache_header.version != WOLFSSL_CACHE_VERSION ||
wolfSSL 11:cee25a834751 7101 cache_header.rows != SESSION_ROWS ||
wolfSSL 11:cee25a834751 7102 cache_header.columns != SESSIONS_PER_ROW ||
wolfSSL 11:cee25a834751 7103 cache_header.sessionSz != (int)sizeof(WOLFSSL_SESSION)) {
wolfSSL 11:cee25a834751 7104
wolfSSL 11:cee25a834751 7105 WOLFSSL_MSG("Session cache header match failed");
wolfSSL 11:cee25a834751 7106 return CACHE_MATCH_ERROR;
wolfSSL 11:cee25a834751 7107 }
wolfSSL 11:cee25a834751 7108
wolfSSL 11:cee25a834751 7109 if (wc_LockMutex(&session_mutex) != 0) {
wolfSSL 11:cee25a834751 7110 WOLFSSL_MSG("Session cache mutex lock failed");
wolfSSL 11:cee25a834751 7111 return BAD_MUTEX_E;
wolfSSL 11:cee25a834751 7112 }
wolfSSL 11:cee25a834751 7113
wolfSSL 11:cee25a834751 7114 for (i = 0; i < cache_header.rows; ++i)
wolfSSL 11:cee25a834751 7115 XMEMCPY(SessionCache + i, row++, sizeof(SessionRow));
wolfSSL 11:cee25a834751 7116
wolfSSL 11:cee25a834751 7117 #ifndef NO_CLIENT_CACHE
wolfSSL 11:cee25a834751 7118 clRow = (ClientRow*)row;
wolfSSL 11:cee25a834751 7119 for (i = 0; i < cache_header.rows; ++i)
wolfSSL 11:cee25a834751 7120 XMEMCPY(ClientCache + i, clRow++, sizeof(ClientRow));
wolfSSL 11:cee25a834751 7121 #endif
wolfSSL 11:cee25a834751 7122
wolfSSL 11:cee25a834751 7123 wc_UnLockMutex(&session_mutex);
wolfSSL 11:cee25a834751 7124
wolfSSL 11:cee25a834751 7125 WOLFSSL_LEAVE("wolfSSL_memrestore_session_cache", SSL_SUCCESS);
wolfSSL 11:cee25a834751 7126
wolfSSL 11:cee25a834751 7127 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 7128 }
wolfSSL 11:cee25a834751 7129
wolfSSL 11:cee25a834751 7130 #if !defined(NO_FILESYSTEM)
wolfSSL 11:cee25a834751 7131
wolfSSL 11:cee25a834751 7132 /* Persist session cache to file */
wolfSSL 11:cee25a834751 7133 /* doesn't use memsave because of additional memory use */
wolfSSL 11:cee25a834751 7134 int wolfSSL_save_session_cache(const char *fname)
wolfSSL 11:cee25a834751 7135 {
wolfSSL 11:cee25a834751 7136 XFILE file;
wolfSSL 11:cee25a834751 7137 int ret;
wolfSSL 11:cee25a834751 7138 int rc = SSL_SUCCESS;
wolfSSL 11:cee25a834751 7139 int i;
wolfSSL 11:cee25a834751 7140 cache_header_t cache_header;
wolfSSL 11:cee25a834751 7141
wolfSSL 11:cee25a834751 7142 WOLFSSL_ENTER("wolfSSL_save_session_cache");
wolfSSL 11:cee25a834751 7143
wolfSSL 11:cee25a834751 7144 file = XFOPEN(fname, "w+b");
wolfSSL 11:cee25a834751 7145 if (file == XBADFILE) {
wolfSSL 11:cee25a834751 7146 WOLFSSL_MSG("Couldn't open session cache save file");
wolfSSL 11:cee25a834751 7147 return SSL_BAD_FILE;
wolfSSL 11:cee25a834751 7148 }
wolfSSL 11:cee25a834751 7149 cache_header.version = WOLFSSL_CACHE_VERSION;
wolfSSL 11:cee25a834751 7150 cache_header.rows = SESSION_ROWS;
wolfSSL 11:cee25a834751 7151 cache_header.columns = SESSIONS_PER_ROW;
wolfSSL 11:cee25a834751 7152 cache_header.sessionSz = (int)sizeof(WOLFSSL_SESSION);
wolfSSL 11:cee25a834751 7153
wolfSSL 11:cee25a834751 7154 /* cache header */
wolfSSL 11:cee25a834751 7155 ret = (int)XFWRITE(&cache_header, sizeof cache_header, 1, file);
wolfSSL 11:cee25a834751 7156 if (ret != 1) {
wolfSSL 11:cee25a834751 7157 WOLFSSL_MSG("Session cache header file write failed");
wolfSSL 11:cee25a834751 7158 XFCLOSE(file);
wolfSSL 11:cee25a834751 7159 return FWRITE_ERROR;
wolfSSL 11:cee25a834751 7160 }
wolfSSL 11:cee25a834751 7161
wolfSSL 11:cee25a834751 7162 if (wc_LockMutex(&session_mutex) != 0) {
wolfSSL 11:cee25a834751 7163 WOLFSSL_MSG("Session cache mutex lock failed");
wolfSSL 11:cee25a834751 7164 XFCLOSE(file);
wolfSSL 11:cee25a834751 7165 return BAD_MUTEX_E;
wolfSSL 11:cee25a834751 7166 }
wolfSSL 11:cee25a834751 7167
wolfSSL 11:cee25a834751 7168 /* session cache */
wolfSSL 11:cee25a834751 7169 for (i = 0; i < cache_header.rows; ++i) {
wolfSSL 11:cee25a834751 7170 ret = (int)XFWRITE(SessionCache + i, sizeof(SessionRow), 1, file);
wolfSSL 11:cee25a834751 7171 if (ret != 1) {
wolfSSL 11:cee25a834751 7172 WOLFSSL_MSG("Session cache member file write failed");
wolfSSL 11:cee25a834751 7173 rc = FWRITE_ERROR;
wolfSSL 11:cee25a834751 7174 break;
wolfSSL 11:cee25a834751 7175 }
wolfSSL 11:cee25a834751 7176 }
wolfSSL 11:cee25a834751 7177
wolfSSL 11:cee25a834751 7178 #ifndef NO_CLIENT_CACHE
wolfSSL 11:cee25a834751 7179 /* client cache */
wolfSSL 11:cee25a834751 7180 for (i = 0; i < cache_header.rows; ++i) {
wolfSSL 11:cee25a834751 7181 ret = (int)XFWRITE(ClientCache + i, sizeof(ClientRow), 1, file);
wolfSSL 11:cee25a834751 7182 if (ret != 1) {
wolfSSL 11:cee25a834751 7183 WOLFSSL_MSG("Client cache member file write failed");
wolfSSL 11:cee25a834751 7184 rc = FWRITE_ERROR;
wolfSSL 11:cee25a834751 7185 break;
wolfSSL 11:cee25a834751 7186 }
wolfSSL 11:cee25a834751 7187 }
wolfSSL 11:cee25a834751 7188 #endif /* NO_CLIENT_CACHE */
wolfSSL 11:cee25a834751 7189
wolfSSL 11:cee25a834751 7190 wc_UnLockMutex(&session_mutex);
wolfSSL 11:cee25a834751 7191
wolfSSL 11:cee25a834751 7192 XFCLOSE(file);
wolfSSL 11:cee25a834751 7193 WOLFSSL_LEAVE("wolfSSL_save_session_cache", rc);
wolfSSL 11:cee25a834751 7194
wolfSSL 11:cee25a834751 7195 return rc;
wolfSSL 11:cee25a834751 7196 }
wolfSSL 11:cee25a834751 7197
wolfSSL 11:cee25a834751 7198
wolfSSL 11:cee25a834751 7199 /* Restore the persistent session cache from file */
wolfSSL 11:cee25a834751 7200 /* doesn't use memstore because of additional memory use */
wolfSSL 11:cee25a834751 7201 int wolfSSL_restore_session_cache(const char *fname)
wolfSSL 11:cee25a834751 7202 {
wolfSSL 11:cee25a834751 7203 XFILE file;
wolfSSL 11:cee25a834751 7204 int rc = SSL_SUCCESS;
wolfSSL 11:cee25a834751 7205 int ret;
wolfSSL 11:cee25a834751 7206 int i;
wolfSSL 11:cee25a834751 7207 cache_header_t cache_header;
wolfSSL 11:cee25a834751 7208
wolfSSL 11:cee25a834751 7209 WOLFSSL_ENTER("wolfSSL_restore_session_cache");
wolfSSL 11:cee25a834751 7210
wolfSSL 11:cee25a834751 7211 file = XFOPEN(fname, "rb");
wolfSSL 11:cee25a834751 7212 if (file == XBADFILE) {
wolfSSL 11:cee25a834751 7213 WOLFSSL_MSG("Couldn't open session cache save file");
wolfSSL 11:cee25a834751 7214 return SSL_BAD_FILE;
wolfSSL 11:cee25a834751 7215 }
wolfSSL 11:cee25a834751 7216 /* cache header */
wolfSSL 11:cee25a834751 7217 ret = (int)XFREAD(&cache_header, sizeof cache_header, 1, file);
wolfSSL 11:cee25a834751 7218 if (ret != 1) {
wolfSSL 11:cee25a834751 7219 WOLFSSL_MSG("Session cache header file read failed");
wolfSSL 11:cee25a834751 7220 XFCLOSE(file);
wolfSSL 11:cee25a834751 7221 return FREAD_ERROR;
wolfSSL 11:cee25a834751 7222 }
wolfSSL 11:cee25a834751 7223 if (cache_header.version != WOLFSSL_CACHE_VERSION ||
wolfSSL 11:cee25a834751 7224 cache_header.rows != SESSION_ROWS ||
wolfSSL 11:cee25a834751 7225 cache_header.columns != SESSIONS_PER_ROW ||
wolfSSL 11:cee25a834751 7226 cache_header.sessionSz != (int)sizeof(WOLFSSL_SESSION)) {
wolfSSL 11:cee25a834751 7227
wolfSSL 11:cee25a834751 7228 WOLFSSL_MSG("Session cache header match failed");
wolfSSL 11:cee25a834751 7229 XFCLOSE(file);
wolfSSL 11:cee25a834751 7230 return CACHE_MATCH_ERROR;
wolfSSL 11:cee25a834751 7231 }
wolfSSL 11:cee25a834751 7232
wolfSSL 11:cee25a834751 7233 if (wc_LockMutex(&session_mutex) != 0) {
wolfSSL 11:cee25a834751 7234 WOLFSSL_MSG("Session cache mutex lock failed");
wolfSSL 11:cee25a834751 7235 XFCLOSE(file);
wolfSSL 11:cee25a834751 7236 return BAD_MUTEX_E;
wolfSSL 11:cee25a834751 7237 }
wolfSSL 11:cee25a834751 7238
wolfSSL 11:cee25a834751 7239 /* session cache */
wolfSSL 11:cee25a834751 7240 for (i = 0; i < cache_header.rows; ++i) {
wolfSSL 11:cee25a834751 7241 ret = (int)XFREAD(SessionCache + i, sizeof(SessionRow), 1, file);
wolfSSL 11:cee25a834751 7242 if (ret != 1) {
wolfSSL 11:cee25a834751 7243 WOLFSSL_MSG("Session cache member file read failed");
wolfSSL 11:cee25a834751 7244 XMEMSET(SessionCache, 0, sizeof SessionCache);
wolfSSL 11:cee25a834751 7245 rc = FREAD_ERROR;
wolfSSL 11:cee25a834751 7246 break;
wolfSSL 11:cee25a834751 7247 }
wolfSSL 11:cee25a834751 7248 }
wolfSSL 11:cee25a834751 7249
wolfSSL 11:cee25a834751 7250 #ifndef NO_CLIENT_CACHE
wolfSSL 11:cee25a834751 7251 /* client cache */
wolfSSL 11:cee25a834751 7252 for (i = 0; i < cache_header.rows; ++i) {
wolfSSL 11:cee25a834751 7253 ret = (int)XFREAD(ClientCache + i, sizeof(ClientRow), 1, file);
wolfSSL 11:cee25a834751 7254 if (ret != 1) {
wolfSSL 11:cee25a834751 7255 WOLFSSL_MSG("Client cache member file read failed");
wolfSSL 11:cee25a834751 7256 XMEMSET(ClientCache, 0, sizeof ClientCache);
wolfSSL 11:cee25a834751 7257 rc = FREAD_ERROR;
wolfSSL 11:cee25a834751 7258 break;
wolfSSL 11:cee25a834751 7259 }
wolfSSL 11:cee25a834751 7260 }
wolfSSL 11:cee25a834751 7261
wolfSSL 11:cee25a834751 7262 #endif /* NO_CLIENT_CACHE */
wolfSSL 11:cee25a834751 7263
wolfSSL 11:cee25a834751 7264 wc_UnLockMutex(&session_mutex);
wolfSSL 11:cee25a834751 7265
wolfSSL 11:cee25a834751 7266 XFCLOSE(file);
wolfSSL 11:cee25a834751 7267 WOLFSSL_LEAVE("wolfSSL_restore_session_cache", rc);
wolfSSL 11:cee25a834751 7268
wolfSSL 11:cee25a834751 7269 return rc;
wolfSSL 11:cee25a834751 7270 }
wolfSSL 11:cee25a834751 7271
wolfSSL 11:cee25a834751 7272 #endif /* !NO_FILESYSTEM */
wolfSSL 11:cee25a834751 7273 #endif /* PERSIST_SESSION_CACHE */
wolfSSL 11:cee25a834751 7274 #endif /* NO_SESSION_CACHE */
wolfSSL 11:cee25a834751 7275
wolfSSL 11:cee25a834751 7276
wolfSSL 11:cee25a834751 7277 void wolfSSL_load_error_strings(void) /* compatibility only */
wolfSSL 11:cee25a834751 7278 {}
wolfSSL 11:cee25a834751 7279
wolfSSL 11:cee25a834751 7280
wolfSSL 11:cee25a834751 7281 int wolfSSL_library_init(void)
wolfSSL 11:cee25a834751 7282 {
wolfSSL 11:cee25a834751 7283 WOLFSSL_ENTER("SSL_library_init");
wolfSSL 11:cee25a834751 7284 if (wolfSSL_Init() == SSL_SUCCESS)
wolfSSL 11:cee25a834751 7285 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 7286 else
wolfSSL 11:cee25a834751 7287 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 7288 }
wolfSSL 11:cee25a834751 7289
wolfSSL 11:cee25a834751 7290
wolfSSL 11:cee25a834751 7291 #ifdef HAVE_SECRET_CALLBACK
wolfSSL 11:cee25a834751 7292
wolfSSL 11:cee25a834751 7293 int wolfSSL_set_session_secret_cb(WOLFSSL* ssl, SessionSecretCb cb, void* ctx)
wolfSSL 11:cee25a834751 7294 {
wolfSSL 11:cee25a834751 7295 WOLFSSL_ENTER("wolfSSL_set_session_secret_cb");
wolfSSL 11:cee25a834751 7296 if (ssl == NULL)
wolfSSL 11:cee25a834751 7297 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 7298
wolfSSL 11:cee25a834751 7299 ssl->sessionSecretCb = cb;
wolfSSL 11:cee25a834751 7300 ssl->sessionSecretCtx = ctx;
wolfSSL 11:cee25a834751 7301 /* If using a pre-set key, assume session resumption. */
wolfSSL 11:cee25a834751 7302 ssl->session.sessionIDSz = 0;
wolfSSL 11:cee25a834751 7303 ssl->options.resuming = 1;
wolfSSL 11:cee25a834751 7304
wolfSSL 11:cee25a834751 7305 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 7306 }
wolfSSL 11:cee25a834751 7307
wolfSSL 11:cee25a834751 7308 #endif
wolfSSL 11:cee25a834751 7309
wolfSSL 11:cee25a834751 7310
wolfSSL 11:cee25a834751 7311 #ifndef NO_SESSION_CACHE
wolfSSL 11:cee25a834751 7312
wolfSSL 11:cee25a834751 7313 /* on by default if built in but allow user to turn off */
wolfSSL 11:cee25a834751 7314 long wolfSSL_CTX_set_session_cache_mode(WOLFSSL_CTX* ctx, long mode)
wolfSSL 11:cee25a834751 7315 {
wolfSSL 11:cee25a834751 7316 WOLFSSL_ENTER("SSL_CTX_set_session_cache_mode");
wolfSSL 11:cee25a834751 7317 if (mode == SSL_SESS_CACHE_OFF)
wolfSSL 11:cee25a834751 7318 ctx->sessionCacheOff = 1;
wolfSSL 11:cee25a834751 7319
wolfSSL 11:cee25a834751 7320 if ((mode & SSL_SESS_CACHE_NO_AUTO_CLEAR) != 0)
wolfSSL 11:cee25a834751 7321 ctx->sessionCacheFlushOff = 1;
wolfSSL 11:cee25a834751 7322
wolfSSL 11:cee25a834751 7323 #ifdef HAVE_EXT_CACHE
wolfSSL 11:cee25a834751 7324 if ((mode & SSL_SESS_CACHE_NO_INTERNAL_STORE) != 0)
wolfSSL 11:cee25a834751 7325 ctx->internalCacheOff = 1;
wolfSSL 11:cee25a834751 7326 #endif
wolfSSL 11:cee25a834751 7327
wolfSSL 11:cee25a834751 7328 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 7329 }
wolfSSL 11:cee25a834751 7330
wolfSSL 11:cee25a834751 7331 #endif /* NO_SESSION_CACHE */
wolfSSL 11:cee25a834751 7332
wolfSSL 11:cee25a834751 7333
wolfSSL 11:cee25a834751 7334 #if !defined(NO_CERTS)
wolfSSL 11:cee25a834751 7335 #if defined(PERSIST_CERT_CACHE)
wolfSSL 11:cee25a834751 7336
wolfSSL 11:cee25a834751 7337
wolfSSL 11:cee25a834751 7338 #define WOLFSSL_CACHE_CERT_VERSION 1
wolfSSL 11:cee25a834751 7339
wolfSSL 11:cee25a834751 7340 typedef struct {
wolfSSL 11:cee25a834751 7341 int version; /* cache cert layout version id */
wolfSSL 11:cee25a834751 7342 int rows; /* hash table rows, CA_TABLE_SIZE */
wolfSSL 11:cee25a834751 7343 int columns[CA_TABLE_SIZE]; /* columns per row on list */
wolfSSL 11:cee25a834751 7344 int signerSz; /* sizeof Signer object */
wolfSSL 11:cee25a834751 7345 } CertCacheHeader;
wolfSSL 11:cee25a834751 7346
wolfSSL 11:cee25a834751 7347 /* current cert persistence layout is:
wolfSSL 11:cee25a834751 7348
wolfSSL 11:cee25a834751 7349 1) CertCacheHeader
wolfSSL 11:cee25a834751 7350 2) caTable
wolfSSL 11:cee25a834751 7351
wolfSSL 11:cee25a834751 7352 update WOLFSSL_CERT_CACHE_VERSION if change layout for the following
wolfSSL 11:cee25a834751 7353 PERSIST_CERT_CACHE functions
wolfSSL 11:cee25a834751 7354 */
wolfSSL 11:cee25a834751 7355
wolfSSL 11:cee25a834751 7356
wolfSSL 11:cee25a834751 7357 /* Return memory needed to persist this signer, have lock */
wolfSSL 11:cee25a834751 7358 static INLINE int GetSignerMemory(Signer* signer)
wolfSSL 11:cee25a834751 7359 {
wolfSSL 11:cee25a834751 7360 int sz = sizeof(signer->pubKeySize) + sizeof(signer->keyOID)
wolfSSL 11:cee25a834751 7361 + sizeof(signer->nameLen) + sizeof(signer->subjectNameHash);
wolfSSL 11:cee25a834751 7362
wolfSSL 11:cee25a834751 7363 #if !defined(NO_SKID)
wolfSSL 11:cee25a834751 7364 sz += (int)sizeof(signer->subjectKeyIdHash);
wolfSSL 11:cee25a834751 7365 #endif
wolfSSL 11:cee25a834751 7366
wolfSSL 11:cee25a834751 7367 /* add dynamic bytes needed */
wolfSSL 11:cee25a834751 7368 sz += signer->pubKeySize;
wolfSSL 11:cee25a834751 7369 sz += signer->nameLen;
wolfSSL 11:cee25a834751 7370
wolfSSL 11:cee25a834751 7371 return sz;
wolfSSL 11:cee25a834751 7372 }
wolfSSL 11:cee25a834751 7373
wolfSSL 11:cee25a834751 7374
wolfSSL 11:cee25a834751 7375 /* Return memory needed to persist this row, have lock */
wolfSSL 11:cee25a834751 7376 static INLINE int GetCertCacheRowMemory(Signer* row)
wolfSSL 11:cee25a834751 7377 {
wolfSSL 11:cee25a834751 7378 int sz = 0;
wolfSSL 11:cee25a834751 7379
wolfSSL 11:cee25a834751 7380 while (row) {
wolfSSL 11:cee25a834751 7381 sz += GetSignerMemory(row);
wolfSSL 11:cee25a834751 7382 row = row->next;
wolfSSL 11:cee25a834751 7383 }
wolfSSL 11:cee25a834751 7384
wolfSSL 11:cee25a834751 7385 return sz;
wolfSSL 11:cee25a834751 7386 }
wolfSSL 11:cee25a834751 7387
wolfSSL 11:cee25a834751 7388
wolfSSL 11:cee25a834751 7389 /* get the size of persist cert cache, have lock */
wolfSSL 11:cee25a834751 7390 static INLINE int GetCertCacheMemSize(WOLFSSL_CERT_MANAGER* cm)
wolfSSL 11:cee25a834751 7391 {
wolfSSL 11:cee25a834751 7392 int sz;
wolfSSL 11:cee25a834751 7393 int i;
wolfSSL 11:cee25a834751 7394
wolfSSL 11:cee25a834751 7395 sz = sizeof(CertCacheHeader);
wolfSSL 11:cee25a834751 7396
wolfSSL 11:cee25a834751 7397 for (i = 0; i < CA_TABLE_SIZE; i++)
wolfSSL 11:cee25a834751 7398 sz += GetCertCacheRowMemory(cm->caTable[i]);
wolfSSL 11:cee25a834751 7399
wolfSSL 11:cee25a834751 7400 return sz;
wolfSSL 11:cee25a834751 7401 }
wolfSSL 11:cee25a834751 7402
wolfSSL 11:cee25a834751 7403
wolfSSL 11:cee25a834751 7404 /* Store cert cache header columns with number of items per list, have lock */
wolfSSL 11:cee25a834751 7405 static INLINE void SetCertHeaderColumns(WOLFSSL_CERT_MANAGER* cm, int* columns)
wolfSSL 11:cee25a834751 7406 {
wolfSSL 11:cee25a834751 7407 int i;
wolfSSL 11:cee25a834751 7408 Signer* row;
wolfSSL 11:cee25a834751 7409
wolfSSL 11:cee25a834751 7410 for (i = 0; i < CA_TABLE_SIZE; i++) {
wolfSSL 11:cee25a834751 7411 int count = 0;
wolfSSL 11:cee25a834751 7412 row = cm->caTable[i];
wolfSSL 11:cee25a834751 7413
wolfSSL 11:cee25a834751 7414 while (row) {
wolfSSL 11:cee25a834751 7415 ++count;
wolfSSL 11:cee25a834751 7416 row = row->next;
wolfSSL 11:cee25a834751 7417 }
wolfSSL 11:cee25a834751 7418 columns[i] = count;
wolfSSL 11:cee25a834751 7419 }
wolfSSL 11:cee25a834751 7420 }
wolfSSL 11:cee25a834751 7421
wolfSSL 11:cee25a834751 7422
wolfSSL 11:cee25a834751 7423 /* Restore whole cert row from memory, have lock, return bytes consumed,
wolfSSL 11:cee25a834751 7424 < 0 on error, have lock */
wolfSSL 11:cee25a834751 7425 static INLINE int RestoreCertRow(WOLFSSL_CERT_MANAGER* cm, byte* current,
wolfSSL 11:cee25a834751 7426 int row, int listSz, const byte* end)
wolfSSL 11:cee25a834751 7427 {
wolfSSL 11:cee25a834751 7428 int idx = 0;
wolfSSL 11:cee25a834751 7429
wolfSSL 11:cee25a834751 7430 if (listSz < 0) {
wolfSSL 11:cee25a834751 7431 WOLFSSL_MSG("Row header corrupted, negative value");
wolfSSL 11:cee25a834751 7432 return PARSE_ERROR;
wolfSSL 11:cee25a834751 7433 }
wolfSSL 11:cee25a834751 7434
wolfSSL 11:cee25a834751 7435 while (listSz) {
wolfSSL 11:cee25a834751 7436 Signer* signer;
wolfSSL 11:cee25a834751 7437 byte* start = current + idx; /* for end checks on this signer */
wolfSSL 11:cee25a834751 7438 int minSz = sizeof(signer->pubKeySize) + sizeof(signer->keyOID) +
wolfSSL 11:cee25a834751 7439 sizeof(signer->nameLen) + sizeof(signer->subjectNameHash);
wolfSSL 11:cee25a834751 7440 #ifndef NO_SKID
wolfSSL 11:cee25a834751 7441 minSz += (int)sizeof(signer->subjectKeyIdHash);
wolfSSL 11:cee25a834751 7442 #endif
wolfSSL 11:cee25a834751 7443
wolfSSL 11:cee25a834751 7444 if (start + minSz > end) {
wolfSSL 11:cee25a834751 7445 WOLFSSL_MSG("Would overread restore buffer");
wolfSSL 11:cee25a834751 7446 return BUFFER_E;
wolfSSL 11:cee25a834751 7447 }
wolfSSL 11:cee25a834751 7448 signer = MakeSigner(cm->heap);
wolfSSL 11:cee25a834751 7449 if (signer == NULL)
wolfSSL 11:cee25a834751 7450 return MEMORY_E;
wolfSSL 11:cee25a834751 7451
wolfSSL 11:cee25a834751 7452 /* pubKeySize */
wolfSSL 11:cee25a834751 7453 XMEMCPY(&signer->pubKeySize, current + idx, sizeof(signer->pubKeySize));
wolfSSL 11:cee25a834751 7454 idx += (int)sizeof(signer->pubKeySize);
wolfSSL 11:cee25a834751 7455
wolfSSL 11:cee25a834751 7456 /* keyOID */
wolfSSL 11:cee25a834751 7457 XMEMCPY(&signer->keyOID, current + idx, sizeof(signer->keyOID));
wolfSSL 11:cee25a834751 7458 idx += (int)sizeof(signer->keyOID);
wolfSSL 11:cee25a834751 7459
wolfSSL 11:cee25a834751 7460 /* pulicKey */
wolfSSL 11:cee25a834751 7461 if (start + minSz + signer->pubKeySize > end) {
wolfSSL 11:cee25a834751 7462 WOLFSSL_MSG("Would overread restore buffer");
wolfSSL 11:cee25a834751 7463 FreeSigner(signer, cm->heap);
wolfSSL 11:cee25a834751 7464 return BUFFER_E;
wolfSSL 11:cee25a834751 7465 }
wolfSSL 11:cee25a834751 7466 signer->publicKey = (byte*)XMALLOC(signer->pubKeySize, cm->heap,
wolfSSL 11:cee25a834751 7467 DYNAMIC_TYPE_KEY);
wolfSSL 11:cee25a834751 7468 if (signer->publicKey == NULL) {
wolfSSL 11:cee25a834751 7469 FreeSigner(signer, cm->heap);
wolfSSL 11:cee25a834751 7470 return MEMORY_E;
wolfSSL 11:cee25a834751 7471 }
wolfSSL 11:cee25a834751 7472
wolfSSL 11:cee25a834751 7473 XMEMCPY(signer->publicKey, current + idx, signer->pubKeySize);
wolfSSL 11:cee25a834751 7474 idx += signer->pubKeySize;
wolfSSL 11:cee25a834751 7475
wolfSSL 11:cee25a834751 7476 /* nameLen */
wolfSSL 11:cee25a834751 7477 XMEMCPY(&signer->nameLen, current + idx, sizeof(signer->nameLen));
wolfSSL 11:cee25a834751 7478 idx += (int)sizeof(signer->nameLen);
wolfSSL 11:cee25a834751 7479
wolfSSL 11:cee25a834751 7480 /* name */
wolfSSL 11:cee25a834751 7481 if (start + minSz + signer->pubKeySize + signer->nameLen > end) {
wolfSSL 11:cee25a834751 7482 WOLFSSL_MSG("Would overread restore buffer");
wolfSSL 11:cee25a834751 7483 FreeSigner(signer, cm->heap);
wolfSSL 11:cee25a834751 7484 return BUFFER_E;
wolfSSL 11:cee25a834751 7485 }
wolfSSL 11:cee25a834751 7486 signer->name = (char*)XMALLOC(signer->nameLen, cm->heap,
wolfSSL 11:cee25a834751 7487 DYNAMIC_TYPE_SUBJECT_CN);
wolfSSL 11:cee25a834751 7488 if (signer->name == NULL) {
wolfSSL 11:cee25a834751 7489 FreeSigner(signer, cm->heap);
wolfSSL 11:cee25a834751 7490 return MEMORY_E;
wolfSSL 11:cee25a834751 7491 }
wolfSSL 11:cee25a834751 7492
wolfSSL 11:cee25a834751 7493 XMEMCPY(signer->name, current + idx, signer->nameLen);
wolfSSL 11:cee25a834751 7494 idx += signer->nameLen;
wolfSSL 11:cee25a834751 7495
wolfSSL 11:cee25a834751 7496 /* subjectNameHash */
wolfSSL 11:cee25a834751 7497 XMEMCPY(signer->subjectNameHash, current + idx, SIGNER_DIGEST_SIZE);
wolfSSL 11:cee25a834751 7498 idx += SIGNER_DIGEST_SIZE;
wolfSSL 11:cee25a834751 7499
wolfSSL 11:cee25a834751 7500 #ifndef NO_SKID
wolfSSL 11:cee25a834751 7501 /* subjectKeyIdHash */
wolfSSL 11:cee25a834751 7502 XMEMCPY(signer->subjectKeyIdHash, current + idx,SIGNER_DIGEST_SIZE);
wolfSSL 11:cee25a834751 7503 idx += SIGNER_DIGEST_SIZE;
wolfSSL 11:cee25a834751 7504 #endif
wolfSSL 11:cee25a834751 7505
wolfSSL 11:cee25a834751 7506 signer->next = cm->caTable[row];
wolfSSL 11:cee25a834751 7507 cm->caTable[row] = signer;
wolfSSL 11:cee25a834751 7508
wolfSSL 11:cee25a834751 7509 --listSz;
wolfSSL 11:cee25a834751 7510 }
wolfSSL 11:cee25a834751 7511
wolfSSL 11:cee25a834751 7512 return idx;
wolfSSL 11:cee25a834751 7513 }
wolfSSL 11:cee25a834751 7514
wolfSSL 11:cee25a834751 7515
wolfSSL 11:cee25a834751 7516 /* Store whole cert row into memory, have lock, return bytes added */
wolfSSL 11:cee25a834751 7517 static INLINE int StoreCertRow(WOLFSSL_CERT_MANAGER* cm, byte* current, int row)
wolfSSL 11:cee25a834751 7518 {
wolfSSL 11:cee25a834751 7519 int added = 0;
wolfSSL 11:cee25a834751 7520 Signer* list = cm->caTable[row];
wolfSSL 11:cee25a834751 7521
wolfSSL 11:cee25a834751 7522 while (list) {
wolfSSL 11:cee25a834751 7523 XMEMCPY(current + added, &list->pubKeySize, sizeof(list->pubKeySize));
wolfSSL 11:cee25a834751 7524 added += (int)sizeof(list->pubKeySize);
wolfSSL 11:cee25a834751 7525
wolfSSL 11:cee25a834751 7526 XMEMCPY(current + added, &list->keyOID, sizeof(list->keyOID));
wolfSSL 11:cee25a834751 7527 added += (int)sizeof(list->keyOID);
wolfSSL 11:cee25a834751 7528
wolfSSL 11:cee25a834751 7529 XMEMCPY(current + added, list->publicKey, list->pubKeySize);
wolfSSL 11:cee25a834751 7530 added += list->pubKeySize;
wolfSSL 11:cee25a834751 7531
wolfSSL 11:cee25a834751 7532 XMEMCPY(current + added, &list->nameLen, sizeof(list->nameLen));
wolfSSL 11:cee25a834751 7533 added += (int)sizeof(list->nameLen);
wolfSSL 11:cee25a834751 7534
wolfSSL 11:cee25a834751 7535 XMEMCPY(current + added, list->name, list->nameLen);
wolfSSL 11:cee25a834751 7536 added += list->nameLen;
wolfSSL 11:cee25a834751 7537
wolfSSL 11:cee25a834751 7538 XMEMCPY(current + added, list->subjectNameHash, SIGNER_DIGEST_SIZE);
wolfSSL 11:cee25a834751 7539 added += SIGNER_DIGEST_SIZE;
wolfSSL 11:cee25a834751 7540
wolfSSL 11:cee25a834751 7541 #ifndef NO_SKID
wolfSSL 11:cee25a834751 7542 XMEMCPY(current + added, list->subjectKeyIdHash,SIGNER_DIGEST_SIZE);
wolfSSL 11:cee25a834751 7543 added += SIGNER_DIGEST_SIZE;
wolfSSL 11:cee25a834751 7544 #endif
wolfSSL 11:cee25a834751 7545
wolfSSL 11:cee25a834751 7546 list = list->next;
wolfSSL 11:cee25a834751 7547 }
wolfSSL 11:cee25a834751 7548
wolfSSL 11:cee25a834751 7549 return added;
wolfSSL 11:cee25a834751 7550 }
wolfSSL 11:cee25a834751 7551
wolfSSL 11:cee25a834751 7552
wolfSSL 11:cee25a834751 7553 /* Persist cert cache to memory, have lock */
wolfSSL 11:cee25a834751 7554 static INLINE int DoMemSaveCertCache(WOLFSSL_CERT_MANAGER* cm,
wolfSSL 11:cee25a834751 7555 void* mem, int sz)
wolfSSL 11:cee25a834751 7556 {
wolfSSL 11:cee25a834751 7557 int realSz;
wolfSSL 11:cee25a834751 7558 int ret = SSL_SUCCESS;
wolfSSL 11:cee25a834751 7559 int i;
wolfSSL 11:cee25a834751 7560
wolfSSL 11:cee25a834751 7561 WOLFSSL_ENTER("DoMemSaveCertCache");
wolfSSL 11:cee25a834751 7562
wolfSSL 11:cee25a834751 7563 realSz = GetCertCacheMemSize(cm);
wolfSSL 11:cee25a834751 7564 if (realSz > sz) {
wolfSSL 11:cee25a834751 7565 WOLFSSL_MSG("Mem output buffer too small");
wolfSSL 11:cee25a834751 7566 ret = BUFFER_E;
wolfSSL 11:cee25a834751 7567 }
wolfSSL 11:cee25a834751 7568 else {
wolfSSL 11:cee25a834751 7569 byte* current;
wolfSSL 11:cee25a834751 7570 CertCacheHeader hdr;
wolfSSL 11:cee25a834751 7571
wolfSSL 11:cee25a834751 7572 hdr.version = WOLFSSL_CACHE_CERT_VERSION;
wolfSSL 11:cee25a834751 7573 hdr.rows = CA_TABLE_SIZE;
wolfSSL 11:cee25a834751 7574 SetCertHeaderColumns(cm, hdr.columns);
wolfSSL 11:cee25a834751 7575 hdr.signerSz = (int)sizeof(Signer);
wolfSSL 11:cee25a834751 7576
wolfSSL 11:cee25a834751 7577 XMEMCPY(mem, &hdr, sizeof(CertCacheHeader));
wolfSSL 11:cee25a834751 7578 current = (byte*)mem + sizeof(CertCacheHeader);
wolfSSL 11:cee25a834751 7579
wolfSSL 11:cee25a834751 7580 for (i = 0; i < CA_TABLE_SIZE; ++i)
wolfSSL 11:cee25a834751 7581 current += StoreCertRow(cm, current, i);
wolfSSL 11:cee25a834751 7582 }
wolfSSL 11:cee25a834751 7583
wolfSSL 11:cee25a834751 7584 return ret;
wolfSSL 11:cee25a834751 7585 }
wolfSSL 11:cee25a834751 7586
wolfSSL 11:cee25a834751 7587
wolfSSL 11:cee25a834751 7588 #if !defined(NO_FILESYSTEM)
wolfSSL 11:cee25a834751 7589
wolfSSL 11:cee25a834751 7590 /* Persist cert cache to file */
wolfSSL 11:cee25a834751 7591 int CM_SaveCertCache(WOLFSSL_CERT_MANAGER* cm, const char* fname)
wolfSSL 11:cee25a834751 7592 {
wolfSSL 11:cee25a834751 7593 XFILE file;
wolfSSL 11:cee25a834751 7594 int rc = SSL_SUCCESS;
wolfSSL 11:cee25a834751 7595 int memSz;
wolfSSL 11:cee25a834751 7596 byte* mem;
wolfSSL 11:cee25a834751 7597
wolfSSL 11:cee25a834751 7598 WOLFSSL_ENTER("CM_SaveCertCache");
wolfSSL 11:cee25a834751 7599
wolfSSL 11:cee25a834751 7600 file = XFOPEN(fname, "w+b");
wolfSSL 11:cee25a834751 7601 if (file == XBADFILE) {
wolfSSL 11:cee25a834751 7602 WOLFSSL_MSG("Couldn't open cert cache save file");
wolfSSL 11:cee25a834751 7603 return SSL_BAD_FILE;
wolfSSL 11:cee25a834751 7604 }
wolfSSL 11:cee25a834751 7605
wolfSSL 11:cee25a834751 7606 if (wc_LockMutex(&cm->caLock) != 0) {
wolfSSL 11:cee25a834751 7607 WOLFSSL_MSG("wc_LockMutex on caLock failed");
wolfSSL 11:cee25a834751 7608 XFCLOSE(file);
wolfSSL 11:cee25a834751 7609 return BAD_MUTEX_E;
wolfSSL 11:cee25a834751 7610 }
wolfSSL 11:cee25a834751 7611
wolfSSL 11:cee25a834751 7612 memSz = GetCertCacheMemSize(cm);
wolfSSL 11:cee25a834751 7613 mem = (byte*)XMALLOC(memSz, cm->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 7614 if (mem == NULL) {
wolfSSL 11:cee25a834751 7615 WOLFSSL_MSG("Alloc for tmp buffer failed");
wolfSSL 11:cee25a834751 7616 rc = MEMORY_E;
wolfSSL 11:cee25a834751 7617 } else {
wolfSSL 11:cee25a834751 7618 rc = DoMemSaveCertCache(cm, mem, memSz);
wolfSSL 11:cee25a834751 7619 if (rc == SSL_SUCCESS) {
wolfSSL 11:cee25a834751 7620 int ret = (int)XFWRITE(mem, memSz, 1, file);
wolfSSL 11:cee25a834751 7621 if (ret != 1) {
wolfSSL 11:cee25a834751 7622 WOLFSSL_MSG("Cert cache file write failed");
wolfSSL 11:cee25a834751 7623 rc = FWRITE_ERROR;
wolfSSL 11:cee25a834751 7624 }
wolfSSL 11:cee25a834751 7625 }
wolfSSL 11:cee25a834751 7626 XFREE(mem, cm->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 7627 }
wolfSSL 11:cee25a834751 7628
wolfSSL 11:cee25a834751 7629 wc_UnLockMutex(&cm->caLock);
wolfSSL 11:cee25a834751 7630 XFCLOSE(file);
wolfSSL 11:cee25a834751 7631
wolfSSL 11:cee25a834751 7632 return rc;
wolfSSL 11:cee25a834751 7633 }
wolfSSL 11:cee25a834751 7634
wolfSSL 11:cee25a834751 7635
wolfSSL 11:cee25a834751 7636 /* Restore cert cache from file */
wolfSSL 11:cee25a834751 7637 int CM_RestoreCertCache(WOLFSSL_CERT_MANAGER* cm, const char* fname)
wolfSSL 11:cee25a834751 7638 {
wolfSSL 11:cee25a834751 7639 XFILE file;
wolfSSL 11:cee25a834751 7640 int rc = SSL_SUCCESS;
wolfSSL 11:cee25a834751 7641 int ret;
wolfSSL 11:cee25a834751 7642 int memSz;
wolfSSL 11:cee25a834751 7643 byte* mem;
wolfSSL 11:cee25a834751 7644
wolfSSL 11:cee25a834751 7645 WOLFSSL_ENTER("CM_RestoreCertCache");
wolfSSL 11:cee25a834751 7646
wolfSSL 11:cee25a834751 7647 file = XFOPEN(fname, "rb");
wolfSSL 11:cee25a834751 7648 if (file == XBADFILE) {
wolfSSL 11:cee25a834751 7649 WOLFSSL_MSG("Couldn't open cert cache save file");
wolfSSL 11:cee25a834751 7650 return SSL_BAD_FILE;
wolfSSL 11:cee25a834751 7651 }
wolfSSL 11:cee25a834751 7652
wolfSSL 11:cee25a834751 7653 XFSEEK(file, 0, XSEEK_END);
wolfSSL 11:cee25a834751 7654 memSz = (int)XFTELL(file);
wolfSSL 11:cee25a834751 7655 XREWIND(file);
wolfSSL 11:cee25a834751 7656
wolfSSL 11:cee25a834751 7657 if (memSz <= 0) {
wolfSSL 11:cee25a834751 7658 WOLFSSL_MSG("Bad file size");
wolfSSL 11:cee25a834751 7659 XFCLOSE(file);
wolfSSL 11:cee25a834751 7660 return SSL_BAD_FILE;
wolfSSL 11:cee25a834751 7661 }
wolfSSL 11:cee25a834751 7662
wolfSSL 11:cee25a834751 7663 mem = (byte*)XMALLOC(memSz, cm->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 7664 if (mem == NULL) {
wolfSSL 11:cee25a834751 7665 WOLFSSL_MSG("Alloc for tmp buffer failed");
wolfSSL 11:cee25a834751 7666 XFCLOSE(file);
wolfSSL 11:cee25a834751 7667 return MEMORY_E;
wolfSSL 11:cee25a834751 7668 }
wolfSSL 11:cee25a834751 7669
wolfSSL 11:cee25a834751 7670 ret = (int)XFREAD(mem, memSz, 1, file);
wolfSSL 11:cee25a834751 7671 if (ret != 1) {
wolfSSL 11:cee25a834751 7672 WOLFSSL_MSG("Cert file read error");
wolfSSL 11:cee25a834751 7673 rc = FREAD_ERROR;
wolfSSL 11:cee25a834751 7674 } else {
wolfSSL 11:cee25a834751 7675 rc = CM_MemRestoreCertCache(cm, mem, memSz);
wolfSSL 11:cee25a834751 7676 if (rc != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 7677 WOLFSSL_MSG("Mem restore cert cache failed");
wolfSSL 11:cee25a834751 7678 }
wolfSSL 11:cee25a834751 7679 }
wolfSSL 11:cee25a834751 7680
wolfSSL 11:cee25a834751 7681 XFREE(mem, cm->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 7682 XFCLOSE(file);
wolfSSL 11:cee25a834751 7683
wolfSSL 11:cee25a834751 7684 return rc;
wolfSSL 11:cee25a834751 7685 }
wolfSSL 11:cee25a834751 7686
wolfSSL 11:cee25a834751 7687 #endif /* NO_FILESYSTEM */
wolfSSL 11:cee25a834751 7688
wolfSSL 11:cee25a834751 7689
wolfSSL 11:cee25a834751 7690 /* Persist cert cache to memory */
wolfSSL 11:cee25a834751 7691 int CM_MemSaveCertCache(WOLFSSL_CERT_MANAGER* cm, void* mem, int sz, int* used)
wolfSSL 11:cee25a834751 7692 {
wolfSSL 11:cee25a834751 7693 int ret = SSL_SUCCESS;
wolfSSL 11:cee25a834751 7694
wolfSSL 11:cee25a834751 7695 WOLFSSL_ENTER("CM_MemSaveCertCache");
wolfSSL 11:cee25a834751 7696
wolfSSL 11:cee25a834751 7697 if (wc_LockMutex(&cm->caLock) != 0) {
wolfSSL 11:cee25a834751 7698 WOLFSSL_MSG("wc_LockMutex on caLock failed");
wolfSSL 11:cee25a834751 7699 return BAD_MUTEX_E;
wolfSSL 11:cee25a834751 7700 }
wolfSSL 11:cee25a834751 7701
wolfSSL 11:cee25a834751 7702 ret = DoMemSaveCertCache(cm, mem, sz);
wolfSSL 11:cee25a834751 7703 if (ret == SSL_SUCCESS)
wolfSSL 11:cee25a834751 7704 *used = GetCertCacheMemSize(cm);
wolfSSL 11:cee25a834751 7705
wolfSSL 11:cee25a834751 7706 wc_UnLockMutex(&cm->caLock);
wolfSSL 11:cee25a834751 7707
wolfSSL 11:cee25a834751 7708 return ret;
wolfSSL 11:cee25a834751 7709 }
wolfSSL 11:cee25a834751 7710
wolfSSL 11:cee25a834751 7711
wolfSSL 11:cee25a834751 7712 /* Restore cert cache from memory */
wolfSSL 11:cee25a834751 7713 int CM_MemRestoreCertCache(WOLFSSL_CERT_MANAGER* cm, const void* mem, int sz)
wolfSSL 11:cee25a834751 7714 {
wolfSSL 11:cee25a834751 7715 int ret = SSL_SUCCESS;
wolfSSL 11:cee25a834751 7716 int i;
wolfSSL 11:cee25a834751 7717 CertCacheHeader* hdr = (CertCacheHeader*)mem;
wolfSSL 11:cee25a834751 7718 byte* current = (byte*)mem + sizeof(CertCacheHeader);
wolfSSL 11:cee25a834751 7719 byte* end = (byte*)mem + sz; /* don't go over */
wolfSSL 11:cee25a834751 7720
wolfSSL 11:cee25a834751 7721 WOLFSSL_ENTER("CM_MemRestoreCertCache");
wolfSSL 11:cee25a834751 7722
wolfSSL 11:cee25a834751 7723 if (current > end) {
wolfSSL 11:cee25a834751 7724 WOLFSSL_MSG("Cert Cache Memory buffer too small");
wolfSSL 11:cee25a834751 7725 return BUFFER_E;
wolfSSL 11:cee25a834751 7726 }
wolfSSL 11:cee25a834751 7727
wolfSSL 11:cee25a834751 7728 if (hdr->version != WOLFSSL_CACHE_CERT_VERSION ||
wolfSSL 11:cee25a834751 7729 hdr->rows != CA_TABLE_SIZE ||
wolfSSL 11:cee25a834751 7730 hdr->signerSz != (int)sizeof(Signer)) {
wolfSSL 11:cee25a834751 7731
wolfSSL 11:cee25a834751 7732 WOLFSSL_MSG("Cert Cache Memory header mismatch");
wolfSSL 11:cee25a834751 7733 return CACHE_MATCH_ERROR;
wolfSSL 11:cee25a834751 7734 }
wolfSSL 11:cee25a834751 7735
wolfSSL 11:cee25a834751 7736 if (wc_LockMutex(&cm->caLock) != 0) {
wolfSSL 11:cee25a834751 7737 WOLFSSL_MSG("wc_LockMutex on caLock failed");
wolfSSL 11:cee25a834751 7738 return BAD_MUTEX_E;
wolfSSL 11:cee25a834751 7739 }
wolfSSL 11:cee25a834751 7740
wolfSSL 11:cee25a834751 7741 FreeSignerTable(cm->caTable, CA_TABLE_SIZE, cm->heap);
wolfSSL 11:cee25a834751 7742
wolfSSL 11:cee25a834751 7743 for (i = 0; i < CA_TABLE_SIZE; ++i) {
wolfSSL 11:cee25a834751 7744 int added = RestoreCertRow(cm, current, i, hdr->columns[i], end);
wolfSSL 11:cee25a834751 7745 if (added < 0) {
wolfSSL 11:cee25a834751 7746 WOLFSSL_MSG("RestoreCertRow error");
wolfSSL 11:cee25a834751 7747 ret = added;
wolfSSL 11:cee25a834751 7748 break;
wolfSSL 11:cee25a834751 7749 }
wolfSSL 11:cee25a834751 7750 current += added;
wolfSSL 11:cee25a834751 7751 }
wolfSSL 11:cee25a834751 7752
wolfSSL 11:cee25a834751 7753 wc_UnLockMutex(&cm->caLock);
wolfSSL 11:cee25a834751 7754
wolfSSL 11:cee25a834751 7755 return ret;
wolfSSL 11:cee25a834751 7756 }
wolfSSL 11:cee25a834751 7757
wolfSSL 11:cee25a834751 7758
wolfSSL 11:cee25a834751 7759 /* get how big the the cert cache save buffer needs to be */
wolfSSL 11:cee25a834751 7760 int CM_GetCertCacheMemSize(WOLFSSL_CERT_MANAGER* cm)
wolfSSL 11:cee25a834751 7761 {
wolfSSL 11:cee25a834751 7762 int sz;
wolfSSL 11:cee25a834751 7763
wolfSSL 11:cee25a834751 7764 WOLFSSL_ENTER("CM_GetCertCacheMemSize");
wolfSSL 11:cee25a834751 7765
wolfSSL 11:cee25a834751 7766 if (wc_LockMutex(&cm->caLock) != 0) {
wolfSSL 11:cee25a834751 7767 WOLFSSL_MSG("wc_LockMutex on caLock failed");
wolfSSL 11:cee25a834751 7768 return BAD_MUTEX_E;
wolfSSL 11:cee25a834751 7769 }
wolfSSL 11:cee25a834751 7770
wolfSSL 11:cee25a834751 7771 sz = GetCertCacheMemSize(cm);
wolfSSL 11:cee25a834751 7772
wolfSSL 11:cee25a834751 7773 wc_UnLockMutex(&cm->caLock);
wolfSSL 11:cee25a834751 7774
wolfSSL 11:cee25a834751 7775 return sz;
wolfSSL 11:cee25a834751 7776 }
wolfSSL 11:cee25a834751 7777
wolfSSL 11:cee25a834751 7778 #endif /* PERSIST_CERT_CACHE */
wolfSSL 11:cee25a834751 7779 #endif /* NO_CERTS */
wolfSSL 11:cee25a834751 7780
wolfSSL 11:cee25a834751 7781
wolfSSL 11:cee25a834751 7782 int wolfSSL_CTX_set_cipher_list(WOLFSSL_CTX* ctx, const char* list)
wolfSSL 11:cee25a834751 7783 {
wolfSSL 11:cee25a834751 7784 WOLFSSL_ENTER("wolfSSL_CTX_set_cipher_list");
wolfSSL 11:cee25a834751 7785
wolfSSL 11:cee25a834751 7786 /* alloc/init on demand only */
wolfSSL 11:cee25a834751 7787 if (ctx->suites == NULL) {
wolfSSL 11:cee25a834751 7788 ctx->suites = (Suites*)XMALLOC(sizeof(Suites), ctx->heap,
wolfSSL 11:cee25a834751 7789 DYNAMIC_TYPE_SUITES);
wolfSSL 11:cee25a834751 7790 if (ctx->suites == NULL) {
wolfSSL 11:cee25a834751 7791 WOLFSSL_MSG("Memory alloc for Suites failed");
wolfSSL 11:cee25a834751 7792 return SSL_FAILURE;
wolfSSL 11:cee25a834751 7793 }
wolfSSL 11:cee25a834751 7794 XMEMSET(ctx->suites, 0, sizeof(Suites));
wolfSSL 11:cee25a834751 7795 }
wolfSSL 11:cee25a834751 7796
wolfSSL 11:cee25a834751 7797 return (SetCipherList(ctx, ctx->suites, list)) ? SSL_SUCCESS : SSL_FAILURE;
wolfSSL 11:cee25a834751 7798 }
wolfSSL 11:cee25a834751 7799
wolfSSL 11:cee25a834751 7800
wolfSSL 11:cee25a834751 7801 int wolfSSL_set_cipher_list(WOLFSSL* ssl, const char* list)
wolfSSL 11:cee25a834751 7802 {
wolfSSL 11:cee25a834751 7803 WOLFSSL_ENTER("wolfSSL_set_cipher_list");
wolfSSL 11:cee25a834751 7804 return (SetCipherList(ssl->ctx, ssl->suites, list)) ? SSL_SUCCESS : SSL_FAILURE;
wolfSSL 11:cee25a834751 7805 }
wolfSSL 11:cee25a834751 7806
wolfSSL 11:cee25a834751 7807
wolfSSL 11:cee25a834751 7808 #ifndef WOLFSSL_LEANPSK
wolfSSL 11:cee25a834751 7809 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 7810
wolfSSL 11:cee25a834751 7811 int wolfSSL_dtls_get_current_timeout(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 7812 {
wolfSSL 11:cee25a834751 7813 (void)ssl;
wolfSSL 11:cee25a834751 7814
wolfSSL 11:cee25a834751 7815 return ssl->dtls_timeout;
wolfSSL 11:cee25a834751 7816 }
wolfSSL 11:cee25a834751 7817
wolfSSL 11:cee25a834751 7818
wolfSSL 11:cee25a834751 7819 /* user may need to alter init dtls recv timeout, SSL_SUCCESS on ok */
wolfSSL 11:cee25a834751 7820 int wolfSSL_dtls_set_timeout_init(WOLFSSL* ssl, int timeout)
wolfSSL 11:cee25a834751 7821 {
wolfSSL 11:cee25a834751 7822 if (ssl == NULL || timeout < 0)
wolfSSL 11:cee25a834751 7823 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 7824
wolfSSL 11:cee25a834751 7825 if (timeout > ssl->dtls_timeout_max) {
wolfSSL 11:cee25a834751 7826 WOLFSSL_MSG("Can't set dtls timeout init greater than dtls timeout max");
wolfSSL 11:cee25a834751 7827 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 7828 }
wolfSSL 11:cee25a834751 7829
wolfSSL 11:cee25a834751 7830 ssl->dtls_timeout_init = timeout;
wolfSSL 11:cee25a834751 7831 ssl->dtls_timeout = timeout;
wolfSSL 11:cee25a834751 7832
wolfSSL 11:cee25a834751 7833 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 7834 }
wolfSSL 11:cee25a834751 7835
wolfSSL 11:cee25a834751 7836
wolfSSL 11:cee25a834751 7837 /* user may need to alter max dtls recv timeout, SSL_SUCCESS on ok */
wolfSSL 11:cee25a834751 7838 int wolfSSL_dtls_set_timeout_max(WOLFSSL* ssl, int timeout)
wolfSSL 11:cee25a834751 7839 {
wolfSSL 11:cee25a834751 7840 if (ssl == NULL || timeout < 0)
wolfSSL 11:cee25a834751 7841 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 7842
wolfSSL 11:cee25a834751 7843 if (timeout < ssl->dtls_timeout_init) {
wolfSSL 11:cee25a834751 7844 WOLFSSL_MSG("Can't set dtls timeout max less than dtls timeout init");
wolfSSL 11:cee25a834751 7845 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 7846 }
wolfSSL 11:cee25a834751 7847
wolfSSL 11:cee25a834751 7848 ssl->dtls_timeout_max = timeout;
wolfSSL 11:cee25a834751 7849
wolfSSL 11:cee25a834751 7850 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 7851 }
wolfSSL 11:cee25a834751 7852
wolfSSL 11:cee25a834751 7853
wolfSSL 11:cee25a834751 7854 int wolfSSL_dtls_got_timeout(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 7855 {
wolfSSL 11:cee25a834751 7856 int result = SSL_SUCCESS;
wolfSSL 11:cee25a834751 7857
wolfSSL 11:cee25a834751 7858 if (!ssl->options.handShakeDone &&
wolfSSL 11:cee25a834751 7859 (DtlsMsgPoolTimeout(ssl) < 0 || DtlsMsgPoolSend(ssl, 0) < 0)) {
wolfSSL 11:cee25a834751 7860
wolfSSL 11:cee25a834751 7861 result = SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 7862 }
wolfSSL 11:cee25a834751 7863 return result;
wolfSSL 11:cee25a834751 7864 }
wolfSSL 11:cee25a834751 7865
wolfSSL 11:cee25a834751 7866 #endif /* DTLS */
wolfSSL 11:cee25a834751 7867 #endif /* LEANPSK */
wolfSSL 11:cee25a834751 7868
wolfSSL 11:cee25a834751 7869
wolfSSL 11:cee25a834751 7870 #if defined(WOLFSSL_DTLS) && !defined(NO_WOLFSSL_SERVER)
wolfSSL 11:cee25a834751 7871
wolfSSL 11:cee25a834751 7872 /* Not an SSL function, return 0 for success, error code otherwise */
wolfSSL 11:cee25a834751 7873 /* Prereq: ssl's RNG needs to be initialized. */
wolfSSL 11:cee25a834751 7874 int wolfSSL_DTLS_SetCookieSecret(WOLFSSL* ssl,
wolfSSL 11:cee25a834751 7875 const byte* secret, word32 secretSz)
wolfSSL 11:cee25a834751 7876 {
wolfSSL 11:cee25a834751 7877 int ret = 0;
wolfSSL 11:cee25a834751 7878
wolfSSL 11:cee25a834751 7879 WOLFSSL_ENTER("wolfSSL_DTLS_SetCookieSecret");
wolfSSL 11:cee25a834751 7880
wolfSSL 11:cee25a834751 7881 if (ssl == NULL) {
wolfSSL 11:cee25a834751 7882 WOLFSSL_MSG("need a SSL object");
wolfSSL 11:cee25a834751 7883 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 7884 }
wolfSSL 11:cee25a834751 7885
wolfSSL 11:cee25a834751 7886 if (secret != NULL && secretSz == 0) {
wolfSSL 11:cee25a834751 7887 WOLFSSL_MSG("can't have a new secret without a size");
wolfSSL 11:cee25a834751 7888 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 7889 }
wolfSSL 11:cee25a834751 7890
wolfSSL 11:cee25a834751 7891 /* If secretSz is 0, use the default size. */
wolfSSL 11:cee25a834751 7892 if (secretSz == 0)
wolfSSL 11:cee25a834751 7893 secretSz = COOKIE_SECRET_SZ;
wolfSSL 11:cee25a834751 7894
wolfSSL 11:cee25a834751 7895 if (secretSz != ssl->buffers.dtlsCookieSecret.length) {
wolfSSL 11:cee25a834751 7896 byte* newSecret;
wolfSSL 11:cee25a834751 7897
wolfSSL 11:cee25a834751 7898 if (ssl->buffers.dtlsCookieSecret.buffer != NULL) {
wolfSSL 11:cee25a834751 7899 ForceZero(ssl->buffers.dtlsCookieSecret.buffer,
wolfSSL 11:cee25a834751 7900 ssl->buffers.dtlsCookieSecret.length);
wolfSSL 11:cee25a834751 7901 XFREE(ssl->buffers.dtlsCookieSecret.buffer,
wolfSSL 11:cee25a834751 7902 ssl->heap, DYNAMIC_TYPE_NONE);
wolfSSL 11:cee25a834751 7903 }
wolfSSL 11:cee25a834751 7904
wolfSSL 11:cee25a834751 7905 newSecret = (byte*)XMALLOC(secretSz, ssl->heap,DYNAMIC_TYPE_COOKIE_PWD);
wolfSSL 11:cee25a834751 7906 if (newSecret == NULL) {
wolfSSL 11:cee25a834751 7907 ssl->buffers.dtlsCookieSecret.buffer = NULL;
wolfSSL 11:cee25a834751 7908 ssl->buffers.dtlsCookieSecret.length = 0;
wolfSSL 11:cee25a834751 7909 WOLFSSL_MSG("couldn't allocate new cookie secret");
wolfSSL 11:cee25a834751 7910 return MEMORY_ERROR;
wolfSSL 11:cee25a834751 7911 }
wolfSSL 11:cee25a834751 7912 ssl->buffers.dtlsCookieSecret.buffer = newSecret;
wolfSSL 11:cee25a834751 7913 ssl->buffers.dtlsCookieSecret.length = secretSz;
wolfSSL 11:cee25a834751 7914 }
wolfSSL 11:cee25a834751 7915
wolfSSL 11:cee25a834751 7916 /* If the supplied secret is NULL, randomly generate a new secret. */
wolfSSL 11:cee25a834751 7917 if (secret == NULL) {
wolfSSL 11:cee25a834751 7918 ret = wc_RNG_GenerateBlock(ssl->rng,
wolfSSL 11:cee25a834751 7919 ssl->buffers.dtlsCookieSecret.buffer, secretSz);
wolfSSL 11:cee25a834751 7920 }
wolfSSL 11:cee25a834751 7921 else
wolfSSL 11:cee25a834751 7922 XMEMCPY(ssl->buffers.dtlsCookieSecret.buffer, secret, secretSz);
wolfSSL 11:cee25a834751 7923
wolfSSL 11:cee25a834751 7924 WOLFSSL_LEAVE("wolfSSL_DTLS_SetCookieSecret", 0);
wolfSSL 11:cee25a834751 7925 return ret;
wolfSSL 11:cee25a834751 7926 }
wolfSSL 11:cee25a834751 7927
wolfSSL 11:cee25a834751 7928 #endif /* WOLFSSL_DTLS && !NO_WOLFSSL_SERVER */
wolfSSL 11:cee25a834751 7929
wolfSSL 11:cee25a834751 7930 #ifdef OPENSSL_EXTRA
wolfSSL 11:cee25a834751 7931 WOLFSSL_METHOD* wolfSSLv23_method(void) {
wolfSSL 11:cee25a834751 7932 WOLFSSL_METHOD* m;
wolfSSL 11:cee25a834751 7933 WOLFSSL_ENTER("wolfSSLv23_method");
wolfSSL 11:cee25a834751 7934 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 11:cee25a834751 7935 m = wolfSSLv23_client_method();
wolfSSL 11:cee25a834751 7936 #else
wolfSSL 11:cee25a834751 7937 m = wolfSSLv23_server_method();
wolfSSL 11:cee25a834751 7938 #endif
wolfSSL 11:cee25a834751 7939 if (m != NULL) {
wolfSSL 11:cee25a834751 7940 m->side = WOLFSSL_NEITHER_END;
wolfSSL 11:cee25a834751 7941 }
wolfSSL 11:cee25a834751 7942
wolfSSL 11:cee25a834751 7943 return m;
wolfSSL 11:cee25a834751 7944 }
wolfSSL 11:cee25a834751 7945 #endif /* OPENSSL_EXTRA */
wolfSSL 11:cee25a834751 7946
wolfSSL 11:cee25a834751 7947 /* client only parts */
wolfSSL 11:cee25a834751 7948 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 11:cee25a834751 7949
wolfSSL 11:cee25a834751 7950 #if defined(WOLFSSL_ALLOW_SSLV3) && !defined(NO_OLD_TLS)
wolfSSL 11:cee25a834751 7951 WOLFSSL_METHOD* wolfSSLv3_client_method(void)
wolfSSL 11:cee25a834751 7952 {
wolfSSL 11:cee25a834751 7953 WOLFSSL_ENTER("SSLv3_client_method");
wolfSSL 11:cee25a834751 7954 return wolfSSLv3_client_method_ex(NULL);
wolfSSL 11:cee25a834751 7955 }
wolfSSL 11:cee25a834751 7956 #endif
wolfSSL 11:cee25a834751 7957
wolfSSL 11:cee25a834751 7958 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 7959
wolfSSL 11:cee25a834751 7960 #ifndef NO_OLD_TLS
wolfSSL 11:cee25a834751 7961 WOLFSSL_METHOD* wolfDTLSv1_client_method(void)
wolfSSL 11:cee25a834751 7962 {
wolfSSL 11:cee25a834751 7963 WOLFSSL_ENTER("DTLSv1_client_method");
wolfSSL 11:cee25a834751 7964 return wolfDTLSv1_client_method_ex(NULL);
wolfSSL 11:cee25a834751 7965 }
wolfSSL 11:cee25a834751 7966 #endif /* NO_OLD_TLS */
wolfSSL 11:cee25a834751 7967
wolfSSL 11:cee25a834751 7968 WOLFSSL_METHOD* wolfDTLSv1_2_client_method(void)
wolfSSL 11:cee25a834751 7969 {
wolfSSL 11:cee25a834751 7970 WOLFSSL_ENTER("DTLSv1_2_client_method");
wolfSSL 11:cee25a834751 7971 return wolfDTLSv1_2_client_method_ex(NULL);
wolfSSL 11:cee25a834751 7972 }
wolfSSL 11:cee25a834751 7973 #endif
wolfSSL 11:cee25a834751 7974
wolfSSL 11:cee25a834751 7975 #if defined(WOLFSSL_ALLOW_SSLV3) && !defined(NO_OLD_TLS)
wolfSSL 11:cee25a834751 7976 WOLFSSL_METHOD* wolfSSLv3_client_method_ex(void* heap)
wolfSSL 11:cee25a834751 7977 {
wolfSSL 11:cee25a834751 7978 WOLFSSL_METHOD* method =
wolfSSL 11:cee25a834751 7979 (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD),
wolfSSL 11:cee25a834751 7980 heap, DYNAMIC_TYPE_METHOD);
wolfSSL 11:cee25a834751 7981 WOLFSSL_ENTER("SSLv3_client_method_ex");
wolfSSL 11:cee25a834751 7982 if (method)
wolfSSL 11:cee25a834751 7983 InitSSL_Method(method, MakeSSLv3());
wolfSSL 11:cee25a834751 7984 return method;
wolfSSL 11:cee25a834751 7985 }
wolfSSL 11:cee25a834751 7986 #endif
wolfSSL 11:cee25a834751 7987
wolfSSL 11:cee25a834751 7988 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 7989
wolfSSL 11:cee25a834751 7990 #ifndef NO_OLD_TLS
wolfSSL 11:cee25a834751 7991 WOLFSSL_METHOD* wolfDTLSv1_client_method_ex(void* heap)
wolfSSL 11:cee25a834751 7992 {
wolfSSL 11:cee25a834751 7993 WOLFSSL_METHOD* method =
wolfSSL 11:cee25a834751 7994 (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD),
wolfSSL 11:cee25a834751 7995 heap, DYNAMIC_TYPE_METHOD);
wolfSSL 11:cee25a834751 7996 WOLFSSL_ENTER("DTLSv1_client_method_ex");
wolfSSL 11:cee25a834751 7997 if (method)
wolfSSL 11:cee25a834751 7998 InitSSL_Method(method, MakeDTLSv1());
wolfSSL 11:cee25a834751 7999 return method;
wolfSSL 11:cee25a834751 8000 }
wolfSSL 11:cee25a834751 8001 #endif /* NO_OLD_TLS */
wolfSSL 11:cee25a834751 8002
wolfSSL 11:cee25a834751 8003 WOLFSSL_METHOD* wolfDTLSv1_2_client_method_ex(void* heap)
wolfSSL 11:cee25a834751 8004 {
wolfSSL 11:cee25a834751 8005 WOLFSSL_METHOD* method =
wolfSSL 11:cee25a834751 8006 (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD),
wolfSSL 11:cee25a834751 8007 heap, DYNAMIC_TYPE_METHOD);
wolfSSL 11:cee25a834751 8008 WOLFSSL_ENTER("DTLSv1_2_client_method_ex");
wolfSSL 11:cee25a834751 8009 if (method)
wolfSSL 11:cee25a834751 8010 InitSSL_Method(method, MakeDTLSv1_2());
wolfSSL 11:cee25a834751 8011 (void)heap;
wolfSSL 11:cee25a834751 8012 return method;
wolfSSL 11:cee25a834751 8013 }
wolfSSL 11:cee25a834751 8014 #endif
wolfSSL 11:cee25a834751 8015
wolfSSL 11:cee25a834751 8016 /* If SCTP is not enabled returns the state of the dtls option.
wolfSSL 11:cee25a834751 8017 * If SCTP is enabled returns dtls && !sctp. */
wolfSSL 11:cee25a834751 8018 static INLINE int IsDtlsNotSctpMode(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 8019 {
wolfSSL 11:cee25a834751 8020 int result = ssl->options.dtls;
wolfSSL 11:cee25a834751 8021
wolfSSL 11:cee25a834751 8022 if (result) {
wolfSSL 11:cee25a834751 8023 #ifdef WOLFSSL_SCTP
wolfSSL 11:cee25a834751 8024 result = !ssl->options.dtlsSctp;
wolfSSL 11:cee25a834751 8025 #endif
wolfSSL 11:cee25a834751 8026 }
wolfSSL 11:cee25a834751 8027
wolfSSL 11:cee25a834751 8028 return result;
wolfSSL 11:cee25a834751 8029 }
wolfSSL 11:cee25a834751 8030
wolfSSL 11:cee25a834751 8031 /* please see note at top of README if you get an error from connect */
wolfSSL 11:cee25a834751 8032 int wolfSSL_connect(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 8033 {
wolfSSL 11:cee25a834751 8034 int neededState;
wolfSSL 11:cee25a834751 8035
wolfSSL 11:cee25a834751 8036 WOLFSSL_ENTER("SSL_connect()");
wolfSSL 11:cee25a834751 8037
wolfSSL 11:cee25a834751 8038 #ifdef HAVE_ERRNO_H
wolfSSL 11:cee25a834751 8039 errno = 0;
wolfSSL 11:cee25a834751 8040 #endif
wolfSSL 11:cee25a834751 8041
wolfSSL 11:cee25a834751 8042 if (ssl == NULL)
wolfSSL 11:cee25a834751 8043 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 8044
wolfSSL 11:cee25a834751 8045 if (ssl->options.side != WOLFSSL_CLIENT_END) {
wolfSSL 11:cee25a834751 8046 WOLFSSL_ERROR(ssl->error = SIDE_ERROR);
wolfSSL 11:cee25a834751 8047 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 8048 }
wolfSSL 11:cee25a834751 8049
wolfSSL 11:cee25a834751 8050 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 8051 if (ssl->version.major == DTLS_MAJOR) {
wolfSSL 11:cee25a834751 8052 ssl->options.dtls = 1;
wolfSSL 11:cee25a834751 8053 ssl->options.tls = 1;
wolfSSL 11:cee25a834751 8054 ssl->options.tls1_1 = 1;
wolfSSL 11:cee25a834751 8055 }
wolfSSL 11:cee25a834751 8056 #endif
wolfSSL 11:cee25a834751 8057
wolfSSL 11:cee25a834751 8058 if (ssl->buffers.outputBuffer.length > 0) {
wolfSSL 11:cee25a834751 8059 if ( (ssl->error = SendBuffered(ssl)) == 0) {
wolfSSL 11:cee25a834751 8060 /* fragOffset is non-zero when sending fragments. On the last
wolfSSL 11:cee25a834751 8061 * fragment, fragOffset is zero again, and the state can be
wolfSSL 11:cee25a834751 8062 * advanced. */
wolfSSL 11:cee25a834751 8063 if (ssl->fragOffset == 0) {
wolfSSL 11:cee25a834751 8064 ssl->options.connectState++;
wolfSSL 11:cee25a834751 8065 WOLFSSL_MSG("connect state: "
wolfSSL 11:cee25a834751 8066 "Advanced from last buffered fragment send");
wolfSSL 11:cee25a834751 8067 }
wolfSSL 11:cee25a834751 8068 else {
wolfSSL 11:cee25a834751 8069 WOLFSSL_MSG("connect state: "
wolfSSL 11:cee25a834751 8070 "Not advanced, more fragments to send");
wolfSSL 11:cee25a834751 8071 }
wolfSSL 11:cee25a834751 8072 }
wolfSSL 11:cee25a834751 8073 else {
wolfSSL 11:cee25a834751 8074 WOLFSSL_ERROR(ssl->error);
wolfSSL 11:cee25a834751 8075 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 8076 }
wolfSSL 11:cee25a834751 8077 }
wolfSSL 11:cee25a834751 8078
wolfSSL 11:cee25a834751 8079 switch (ssl->options.connectState) {
wolfSSL 11:cee25a834751 8080
wolfSSL 11:cee25a834751 8081 case CONNECT_BEGIN :
wolfSSL 11:cee25a834751 8082 /* always send client hello first */
wolfSSL 11:cee25a834751 8083 if ( (ssl->error = SendClientHello(ssl)) != 0) {
wolfSSL 11:cee25a834751 8084 WOLFSSL_ERROR(ssl->error);
wolfSSL 11:cee25a834751 8085 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 8086 }
wolfSSL 11:cee25a834751 8087 ssl->options.connectState = CLIENT_HELLO_SENT;
wolfSSL 11:cee25a834751 8088 WOLFSSL_MSG("connect state: CLIENT_HELLO_SENT");
wolfSSL 11:cee25a834751 8089
wolfSSL 11:cee25a834751 8090 case CLIENT_HELLO_SENT :
wolfSSL 11:cee25a834751 8091 neededState = ssl->options.resuming ? SERVER_FINISHED_COMPLETE :
wolfSSL 11:cee25a834751 8092 SERVER_HELLODONE_COMPLETE;
wolfSSL 11:cee25a834751 8093 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 8094 /* In DTLS, when resuming, we can go straight to FINISHED,
wolfSSL 11:cee25a834751 8095 * or do a cookie exchange and then skip to FINISHED, assume
wolfSSL 11:cee25a834751 8096 * we need the cookie exchange first. */
wolfSSL 11:cee25a834751 8097 if (IsDtlsNotSctpMode(ssl))
wolfSSL 11:cee25a834751 8098 neededState = SERVER_HELLOVERIFYREQUEST_COMPLETE;
wolfSSL 11:cee25a834751 8099 #endif
wolfSSL 11:cee25a834751 8100 /* get response */
wolfSSL 11:cee25a834751 8101 while (ssl->options.serverState < neededState) {
wolfSSL 11:cee25a834751 8102 if ( (ssl->error = ProcessReply(ssl)) < 0) {
wolfSSL 11:cee25a834751 8103 WOLFSSL_ERROR(ssl->error);
wolfSSL 11:cee25a834751 8104 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 8105 }
wolfSSL 11:cee25a834751 8106 /* if resumption failed, reset needed state */
wolfSSL 11:cee25a834751 8107 else if (neededState == SERVER_FINISHED_COMPLETE)
wolfSSL 11:cee25a834751 8108 if (!ssl->options.resuming) {
wolfSSL 11:cee25a834751 8109 if (!IsDtlsNotSctpMode(ssl))
wolfSSL 11:cee25a834751 8110 neededState = SERVER_HELLODONE_COMPLETE;
wolfSSL 11:cee25a834751 8111 else
wolfSSL 11:cee25a834751 8112 neededState = SERVER_HELLOVERIFYREQUEST_COMPLETE;
wolfSSL 11:cee25a834751 8113 }
wolfSSL 11:cee25a834751 8114 }
wolfSSL 11:cee25a834751 8115
wolfSSL 11:cee25a834751 8116 ssl->options.connectState = HELLO_AGAIN;
wolfSSL 11:cee25a834751 8117 WOLFSSL_MSG("connect state: HELLO_AGAIN");
wolfSSL 11:cee25a834751 8118
wolfSSL 11:cee25a834751 8119 case HELLO_AGAIN :
wolfSSL 11:cee25a834751 8120 if (ssl->options.certOnly)
wolfSSL 11:cee25a834751 8121 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 8122
wolfSSL 11:cee25a834751 8123 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 8124 if (IsDtlsNotSctpMode(ssl)) {
wolfSSL 11:cee25a834751 8125 /* re-init hashes, exclude first hello and verify request */
wolfSSL 11:cee25a834751 8126 #ifndef NO_OLD_TLS
wolfSSL 11:cee25a834751 8127 if ( (ssl->error = wc_InitMd5_ex(&ssl->hsHashes->hashMd5,
wolfSSL 11:cee25a834751 8128 ssl->heap, ssl->devId)) != 0) {
wolfSSL 11:cee25a834751 8129 WOLFSSL_ERROR(ssl->error);
wolfSSL 11:cee25a834751 8130 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 8131 }
wolfSSL 11:cee25a834751 8132 if ( (ssl->error = wc_InitSha_ex(&ssl->hsHashes->hashSha,
wolfSSL 11:cee25a834751 8133 ssl->heap, ssl->devId)) != 0) {
wolfSSL 11:cee25a834751 8134 WOLFSSL_ERROR(ssl->error);
wolfSSL 11:cee25a834751 8135 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 8136 }
wolfSSL 11:cee25a834751 8137 #endif
wolfSSL 11:cee25a834751 8138 if (IsAtLeastTLSv1_2(ssl)) {
wolfSSL 11:cee25a834751 8139 #ifndef NO_SHA256
wolfSSL 11:cee25a834751 8140 if ( (ssl->error = wc_InitSha256_ex(
wolfSSL 11:cee25a834751 8141 &ssl->hsHashes->hashSha256,
wolfSSL 11:cee25a834751 8142 ssl->heap, ssl->devId)) != 0) {
wolfSSL 11:cee25a834751 8143 WOLFSSL_ERROR(ssl->error);
wolfSSL 11:cee25a834751 8144 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 8145 }
wolfSSL 11:cee25a834751 8146 #endif
wolfSSL 11:cee25a834751 8147 #ifdef WOLFSSL_SHA384
wolfSSL 11:cee25a834751 8148 if ( (ssl->error = wc_InitSha384_ex(
wolfSSL 11:cee25a834751 8149 &ssl->hsHashes->hashSha384,
wolfSSL 11:cee25a834751 8150 ssl->heap, ssl->devId)) != 0) {
wolfSSL 11:cee25a834751 8151 WOLFSSL_ERROR(ssl->error);
wolfSSL 11:cee25a834751 8152 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 8153 }
wolfSSL 11:cee25a834751 8154 #endif
wolfSSL 11:cee25a834751 8155 #ifdef WOLFSSL_SHA512
wolfSSL 11:cee25a834751 8156 if ( (ssl->error = wc_InitSha512_ex(
wolfSSL 11:cee25a834751 8157 &ssl->hsHashes->hashSha512,
wolfSSL 11:cee25a834751 8158 ssl->heap, ssl->devId)) != 0) {
wolfSSL 11:cee25a834751 8159 WOLFSSL_ERROR(ssl->error);
wolfSSL 11:cee25a834751 8160 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 8161 }
wolfSSL 11:cee25a834751 8162 #endif
wolfSSL 11:cee25a834751 8163 }
wolfSSL 11:cee25a834751 8164 if ( (ssl->error = SendClientHello(ssl)) != 0) {
wolfSSL 11:cee25a834751 8165 WOLFSSL_ERROR(ssl->error);
wolfSSL 11:cee25a834751 8166 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 8167 }
wolfSSL 11:cee25a834751 8168 }
wolfSSL 11:cee25a834751 8169 #endif
wolfSSL 11:cee25a834751 8170
wolfSSL 11:cee25a834751 8171 ssl->options.connectState = HELLO_AGAIN_REPLY;
wolfSSL 11:cee25a834751 8172 WOLFSSL_MSG("connect state: HELLO_AGAIN_REPLY");
wolfSSL 11:cee25a834751 8173
wolfSSL 11:cee25a834751 8174 case HELLO_AGAIN_REPLY :
wolfSSL 11:cee25a834751 8175 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 8176 if (IsDtlsNotSctpMode(ssl)) {
wolfSSL 11:cee25a834751 8177 neededState = ssl->options.resuming ?
wolfSSL 11:cee25a834751 8178 SERVER_FINISHED_COMPLETE : SERVER_HELLODONE_COMPLETE;
wolfSSL 11:cee25a834751 8179
wolfSSL 11:cee25a834751 8180 /* get response */
wolfSSL 11:cee25a834751 8181 while (ssl->options.serverState < neededState) {
wolfSSL 11:cee25a834751 8182 if ( (ssl->error = ProcessReply(ssl)) < 0) {
wolfSSL 11:cee25a834751 8183 WOLFSSL_ERROR(ssl->error);
wolfSSL 11:cee25a834751 8184 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 8185 }
wolfSSL 11:cee25a834751 8186 /* if resumption failed, reset needed state */
wolfSSL 11:cee25a834751 8187 else if (neededState == SERVER_FINISHED_COMPLETE)
wolfSSL 11:cee25a834751 8188 if (!ssl->options.resuming)
wolfSSL 11:cee25a834751 8189 neededState = SERVER_HELLODONE_COMPLETE;
wolfSSL 11:cee25a834751 8190 }
wolfSSL 11:cee25a834751 8191 }
wolfSSL 11:cee25a834751 8192 #endif
wolfSSL 11:cee25a834751 8193
wolfSSL 11:cee25a834751 8194 ssl->options.connectState = FIRST_REPLY_DONE;
wolfSSL 11:cee25a834751 8195 WOLFSSL_MSG("connect state: FIRST_REPLY_DONE");
wolfSSL 11:cee25a834751 8196
wolfSSL 11:cee25a834751 8197 case FIRST_REPLY_DONE :
wolfSSL 11:cee25a834751 8198 #ifndef NO_CERTS
wolfSSL 11:cee25a834751 8199 if (ssl->options.sendVerify) {
wolfSSL 11:cee25a834751 8200 if ( (ssl->error = SendCertificate(ssl)) != 0) {
wolfSSL 11:cee25a834751 8201 WOLFSSL_ERROR(ssl->error);
wolfSSL 11:cee25a834751 8202 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 8203 }
wolfSSL 11:cee25a834751 8204 WOLFSSL_MSG("sent: certificate");
wolfSSL 11:cee25a834751 8205 }
wolfSSL 11:cee25a834751 8206
wolfSSL 11:cee25a834751 8207 #endif
wolfSSL 11:cee25a834751 8208 ssl->options.connectState = FIRST_REPLY_FIRST;
wolfSSL 11:cee25a834751 8209 WOLFSSL_MSG("connect state: FIRST_REPLY_FIRST");
wolfSSL 11:cee25a834751 8210
wolfSSL 11:cee25a834751 8211 case FIRST_REPLY_FIRST :
wolfSSL 11:cee25a834751 8212 if (!ssl->options.resuming) {
wolfSSL 11:cee25a834751 8213 if ( (ssl->error = SendClientKeyExchange(ssl)) != 0) {
wolfSSL 11:cee25a834751 8214 WOLFSSL_ERROR(ssl->error);
wolfSSL 11:cee25a834751 8215 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 8216 }
wolfSSL 11:cee25a834751 8217 WOLFSSL_MSG("sent: client key exchange");
wolfSSL 11:cee25a834751 8218 }
wolfSSL 11:cee25a834751 8219
wolfSSL 11:cee25a834751 8220 ssl->options.connectState = FIRST_REPLY_SECOND;
wolfSSL 11:cee25a834751 8221 WOLFSSL_MSG("connect state: FIRST_REPLY_SECOND");
wolfSSL 11:cee25a834751 8222
wolfSSL 11:cee25a834751 8223 case FIRST_REPLY_SECOND :
wolfSSL 11:cee25a834751 8224 #ifndef NO_CERTS
wolfSSL 11:cee25a834751 8225 if (ssl->options.sendVerify) {
wolfSSL 11:cee25a834751 8226 if ( (ssl->error = SendCertificateVerify(ssl)) != 0) {
wolfSSL 11:cee25a834751 8227 WOLFSSL_ERROR(ssl->error);
wolfSSL 11:cee25a834751 8228 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 8229 }
wolfSSL 11:cee25a834751 8230 WOLFSSL_MSG("sent: certificate verify");
wolfSSL 11:cee25a834751 8231 }
wolfSSL 11:cee25a834751 8232 #endif
wolfSSL 11:cee25a834751 8233 ssl->options.connectState = FIRST_REPLY_THIRD;
wolfSSL 11:cee25a834751 8234 WOLFSSL_MSG("connect state: FIRST_REPLY_THIRD");
wolfSSL 11:cee25a834751 8235
wolfSSL 11:cee25a834751 8236 case FIRST_REPLY_THIRD :
wolfSSL 11:cee25a834751 8237 if ( (ssl->error = SendChangeCipher(ssl)) != 0) {
wolfSSL 11:cee25a834751 8238 WOLFSSL_ERROR(ssl->error);
wolfSSL 11:cee25a834751 8239 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 8240 }
wolfSSL 11:cee25a834751 8241 WOLFSSL_MSG("sent: change cipher spec");
wolfSSL 11:cee25a834751 8242 ssl->options.connectState = FIRST_REPLY_FOURTH;
wolfSSL 11:cee25a834751 8243 WOLFSSL_MSG("connect state: FIRST_REPLY_FOURTH");
wolfSSL 11:cee25a834751 8244
wolfSSL 11:cee25a834751 8245 case FIRST_REPLY_FOURTH :
wolfSSL 11:cee25a834751 8246 if ( (ssl->error = SendFinished(ssl)) != 0) {
wolfSSL 11:cee25a834751 8247 WOLFSSL_ERROR(ssl->error);
wolfSSL 11:cee25a834751 8248 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 8249 }
wolfSSL 11:cee25a834751 8250 WOLFSSL_MSG("sent: finished");
wolfSSL 11:cee25a834751 8251 ssl->options.connectState = FINISHED_DONE;
wolfSSL 11:cee25a834751 8252 WOLFSSL_MSG("connect state: FINISHED_DONE");
wolfSSL 11:cee25a834751 8253
wolfSSL 11:cee25a834751 8254 case FINISHED_DONE :
wolfSSL 11:cee25a834751 8255 /* get response */
wolfSSL 11:cee25a834751 8256 while (ssl->options.serverState < SERVER_FINISHED_COMPLETE)
wolfSSL 11:cee25a834751 8257 if ( (ssl->error = ProcessReply(ssl)) < 0) {
wolfSSL 11:cee25a834751 8258 WOLFSSL_ERROR(ssl->error);
wolfSSL 11:cee25a834751 8259 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 8260 }
wolfSSL 11:cee25a834751 8261
wolfSSL 11:cee25a834751 8262 ssl->options.connectState = SECOND_REPLY_DONE;
wolfSSL 11:cee25a834751 8263 WOLFSSL_MSG("connect state: SECOND_REPLY_DONE");
wolfSSL 11:cee25a834751 8264
wolfSSL 11:cee25a834751 8265 case SECOND_REPLY_DONE:
wolfSSL 11:cee25a834751 8266 #ifndef NO_HANDSHAKE_DONE_CB
wolfSSL 11:cee25a834751 8267 if (ssl->hsDoneCb) {
wolfSSL 11:cee25a834751 8268 int cbret = ssl->hsDoneCb(ssl, ssl->hsDoneCtx);
wolfSSL 11:cee25a834751 8269 if (cbret < 0) {
wolfSSL 11:cee25a834751 8270 ssl->error = cbret;
wolfSSL 11:cee25a834751 8271 WOLFSSL_MSG("HandShake Done Cb don't continue error");
wolfSSL 11:cee25a834751 8272 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 8273 }
wolfSSL 11:cee25a834751 8274 }
wolfSSL 11:cee25a834751 8275 #endif /* NO_HANDSHAKE_DONE_CB */
wolfSSL 11:cee25a834751 8276
wolfSSL 11:cee25a834751 8277 if (!ssl->options.dtls) {
wolfSSL 11:cee25a834751 8278 if (!ssl->options.keepResources) {
wolfSSL 11:cee25a834751 8279 FreeHandshakeResources(ssl);
wolfSSL 11:cee25a834751 8280 }
wolfSSL 11:cee25a834751 8281 }
wolfSSL 11:cee25a834751 8282 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 8283 else {
wolfSSL 11:cee25a834751 8284 ssl->options.dtlsHsRetain = 1;
wolfSSL 11:cee25a834751 8285 }
wolfSSL 11:cee25a834751 8286 #endif /* WOLFSSL_DTLS */
wolfSSL 11:cee25a834751 8287
wolfSSL 11:cee25a834751 8288 WOLFSSL_LEAVE("SSL_connect()", SSL_SUCCESS);
wolfSSL 11:cee25a834751 8289 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 8290
wolfSSL 11:cee25a834751 8291 default:
wolfSSL 11:cee25a834751 8292 WOLFSSL_MSG("Unknown connect state ERROR");
wolfSSL 11:cee25a834751 8293 return SSL_FATAL_ERROR; /* unknown connect state */
wolfSSL 11:cee25a834751 8294 }
wolfSSL 11:cee25a834751 8295 }
wolfSSL 11:cee25a834751 8296
wolfSSL 11:cee25a834751 8297 #endif /* NO_WOLFSSL_CLIENT */
wolfSSL 11:cee25a834751 8298
wolfSSL 11:cee25a834751 8299
wolfSSL 11:cee25a834751 8300 /* server only parts */
wolfSSL 11:cee25a834751 8301 #ifndef NO_WOLFSSL_SERVER
wolfSSL 11:cee25a834751 8302
wolfSSL 11:cee25a834751 8303 #if defined(WOLFSSL_ALLOW_SSLV3) && !defined(NO_OLD_TLS)
wolfSSL 11:cee25a834751 8304 WOLFSSL_METHOD* wolfSSLv3_server_method(void)
wolfSSL 11:cee25a834751 8305 {
wolfSSL 11:cee25a834751 8306 WOLFSSL_ENTER("SSLv3_server_method");
wolfSSL 11:cee25a834751 8307 return wolfSSLv3_server_method_ex(NULL);
wolfSSL 11:cee25a834751 8308 }
wolfSSL 11:cee25a834751 8309 #endif
wolfSSL 11:cee25a834751 8310
wolfSSL 11:cee25a834751 8311
wolfSSL 11:cee25a834751 8312 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 8313
wolfSSL 11:cee25a834751 8314 #ifndef NO_OLD_TLS
wolfSSL 11:cee25a834751 8315 WOLFSSL_METHOD* wolfDTLSv1_server_method(void)
wolfSSL 11:cee25a834751 8316 {
wolfSSL 11:cee25a834751 8317 WOLFSSL_ENTER("DTLSv1_server_method");
wolfSSL 11:cee25a834751 8318 return wolfDTLSv1_server_method_ex(NULL);
wolfSSL 11:cee25a834751 8319 }
wolfSSL 11:cee25a834751 8320 #endif /* NO_OLD_TLS */
wolfSSL 11:cee25a834751 8321
wolfSSL 11:cee25a834751 8322 WOLFSSL_METHOD* wolfDTLSv1_2_server_method(void)
wolfSSL 11:cee25a834751 8323 {
wolfSSL 11:cee25a834751 8324 WOLFSSL_ENTER("DTLSv1_2_server_method");
wolfSSL 11:cee25a834751 8325 return wolfDTLSv1_2_server_method_ex(NULL);
wolfSSL 11:cee25a834751 8326 }
wolfSSL 11:cee25a834751 8327 #endif
wolfSSL 11:cee25a834751 8328
wolfSSL 11:cee25a834751 8329 #if defined(WOLFSSL_ALLOW_SSLV3) && !defined(NO_OLD_TLS)
wolfSSL 11:cee25a834751 8330 WOLFSSL_METHOD* wolfSSLv3_server_method_ex(void* heap)
wolfSSL 11:cee25a834751 8331 {
wolfSSL 11:cee25a834751 8332 WOLFSSL_METHOD* method =
wolfSSL 11:cee25a834751 8333 (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD),
wolfSSL 11:cee25a834751 8334 heap, DYNAMIC_TYPE_METHOD);
wolfSSL 11:cee25a834751 8335 WOLFSSL_ENTER("SSLv3_server_method_ex");
wolfSSL 11:cee25a834751 8336 if (method) {
wolfSSL 11:cee25a834751 8337 InitSSL_Method(method, MakeSSLv3());
wolfSSL 11:cee25a834751 8338 method->side = WOLFSSL_SERVER_END;
wolfSSL 11:cee25a834751 8339 }
wolfSSL 11:cee25a834751 8340 return method;
wolfSSL 11:cee25a834751 8341 }
wolfSSL 11:cee25a834751 8342 #endif
wolfSSL 11:cee25a834751 8343
wolfSSL 11:cee25a834751 8344
wolfSSL 11:cee25a834751 8345 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 8346
wolfSSL 11:cee25a834751 8347 #ifndef NO_OLD_TLS
wolfSSL 11:cee25a834751 8348 WOLFSSL_METHOD* wolfDTLSv1_server_method_ex(void* heap)
wolfSSL 11:cee25a834751 8349 {
wolfSSL 11:cee25a834751 8350 WOLFSSL_METHOD* method =
wolfSSL 11:cee25a834751 8351 (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD),
wolfSSL 11:cee25a834751 8352 heap, DYNAMIC_TYPE_METHOD);
wolfSSL 11:cee25a834751 8353 WOLFSSL_ENTER("DTLSv1_server_method_ex");
wolfSSL 11:cee25a834751 8354 if (method) {
wolfSSL 11:cee25a834751 8355 InitSSL_Method(method, MakeDTLSv1());
wolfSSL 11:cee25a834751 8356 method->side = WOLFSSL_SERVER_END;
wolfSSL 11:cee25a834751 8357 }
wolfSSL 11:cee25a834751 8358 return method;
wolfSSL 11:cee25a834751 8359 }
wolfSSL 11:cee25a834751 8360 #endif /* NO_OLD_TLS */
wolfSSL 11:cee25a834751 8361
wolfSSL 11:cee25a834751 8362 WOLFSSL_METHOD* wolfDTLSv1_2_server_method_ex(void* heap)
wolfSSL 11:cee25a834751 8363 {
wolfSSL 11:cee25a834751 8364 WOLFSSL_METHOD* method =
wolfSSL 11:cee25a834751 8365 (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD),
wolfSSL 11:cee25a834751 8366 heap, DYNAMIC_TYPE_METHOD);
wolfSSL 11:cee25a834751 8367 WOLFSSL_ENTER("DTLSv1_2_server_method_ex");
wolfSSL 11:cee25a834751 8368 if (method) {
wolfSSL 11:cee25a834751 8369 InitSSL_Method(method, MakeDTLSv1_2());
wolfSSL 11:cee25a834751 8370 method->side = WOLFSSL_SERVER_END;
wolfSSL 11:cee25a834751 8371 }
wolfSSL 11:cee25a834751 8372 (void)heap;
wolfSSL 11:cee25a834751 8373 return method;
wolfSSL 11:cee25a834751 8374 }
wolfSSL 11:cee25a834751 8375 #endif
wolfSSL 11:cee25a834751 8376
wolfSSL 11:cee25a834751 8377 int wolfSSL_accept(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 8378 {
wolfSSL 11:cee25a834751 8379 word16 havePSK = 0;
wolfSSL 11:cee25a834751 8380 word16 haveAnon = 0;
wolfSSL 11:cee25a834751 8381 WOLFSSL_ENTER("SSL_accept()");
wolfSSL 11:cee25a834751 8382
wolfSSL 11:cee25a834751 8383 #ifdef HAVE_ERRNO_H
wolfSSL 11:cee25a834751 8384 errno = 0;
wolfSSL 11:cee25a834751 8385 #endif
wolfSSL 11:cee25a834751 8386
wolfSSL 11:cee25a834751 8387 #ifndef NO_PSK
wolfSSL 11:cee25a834751 8388 havePSK = ssl->options.havePSK;
wolfSSL 11:cee25a834751 8389 #endif
wolfSSL 11:cee25a834751 8390 (void)havePSK;
wolfSSL 11:cee25a834751 8391
wolfSSL 11:cee25a834751 8392 #ifdef HAVE_ANON
wolfSSL 11:cee25a834751 8393 haveAnon = ssl->options.haveAnon;
wolfSSL 11:cee25a834751 8394 #endif
wolfSSL 11:cee25a834751 8395 (void)haveAnon;
wolfSSL 11:cee25a834751 8396
wolfSSL 11:cee25a834751 8397 if (ssl->options.side != WOLFSSL_SERVER_END) {
wolfSSL 11:cee25a834751 8398 WOLFSSL_ERROR(ssl->error = SIDE_ERROR);
wolfSSL 11:cee25a834751 8399 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 8400 }
wolfSSL 11:cee25a834751 8401
wolfSSL 11:cee25a834751 8402 #ifndef NO_CERTS
wolfSSL 11:cee25a834751 8403 /* in case used set_accept_state after init */
wolfSSL 11:cee25a834751 8404 if (!havePSK && !haveAnon &&
wolfSSL 11:cee25a834751 8405 (!ssl->buffers.certificate ||
wolfSSL 11:cee25a834751 8406 !ssl->buffers.certificate->buffer ||
wolfSSL 11:cee25a834751 8407 !ssl->buffers.key ||
wolfSSL 11:cee25a834751 8408 !ssl->buffers.key->buffer)) {
wolfSSL 11:cee25a834751 8409 WOLFSSL_MSG("accept error: don't have server cert and key");
wolfSSL 11:cee25a834751 8410 ssl->error = NO_PRIVATE_KEY;
wolfSSL 11:cee25a834751 8411 WOLFSSL_ERROR(ssl->error);
wolfSSL 11:cee25a834751 8412 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 8413 }
wolfSSL 11:cee25a834751 8414 #endif
wolfSSL 11:cee25a834751 8415
wolfSSL 11:cee25a834751 8416 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 8417 if (ssl->version.major == DTLS_MAJOR) {
wolfSSL 11:cee25a834751 8418 ssl->options.dtls = 1;
wolfSSL 11:cee25a834751 8419 ssl->options.tls = 1;
wolfSSL 11:cee25a834751 8420 ssl->options.tls1_1 = 1;
wolfSSL 11:cee25a834751 8421 }
wolfSSL 11:cee25a834751 8422 #endif
wolfSSL 11:cee25a834751 8423
wolfSSL 11:cee25a834751 8424 if (ssl->buffers.outputBuffer.length > 0) {
wolfSSL 11:cee25a834751 8425 if ( (ssl->error = SendBuffered(ssl)) == 0) {
wolfSSL 11:cee25a834751 8426 /* fragOffset is non-zero when sending fragments. On the last
wolfSSL 11:cee25a834751 8427 * fragment, fragOffset is zero again, and the state can be
wolfSSL 11:cee25a834751 8428 * advanced. */
wolfSSL 11:cee25a834751 8429 if (ssl->fragOffset == 0) {
wolfSSL 11:cee25a834751 8430 ssl->options.acceptState++;
wolfSSL 11:cee25a834751 8431 WOLFSSL_MSG("accept state: "
wolfSSL 11:cee25a834751 8432 "Advanced from last buffered fragment send");
wolfSSL 11:cee25a834751 8433 }
wolfSSL 11:cee25a834751 8434 else {
wolfSSL 11:cee25a834751 8435 WOLFSSL_MSG("accept state: "
wolfSSL 11:cee25a834751 8436 "Not advanced, more fragments to send");
wolfSSL 11:cee25a834751 8437 }
wolfSSL 11:cee25a834751 8438 }
wolfSSL 11:cee25a834751 8439 else {
wolfSSL 11:cee25a834751 8440 WOLFSSL_ERROR(ssl->error);
wolfSSL 11:cee25a834751 8441 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 8442 }
wolfSSL 11:cee25a834751 8443 }
wolfSSL 11:cee25a834751 8444
wolfSSL 11:cee25a834751 8445 switch (ssl->options.acceptState) {
wolfSSL 11:cee25a834751 8446
wolfSSL 11:cee25a834751 8447 case ACCEPT_BEGIN :
wolfSSL 11:cee25a834751 8448 /* get response */
wolfSSL 11:cee25a834751 8449 while (ssl->options.clientState < CLIENT_HELLO_COMPLETE)
wolfSSL 11:cee25a834751 8450 if ( (ssl->error = ProcessReply(ssl)) < 0) {
wolfSSL 11:cee25a834751 8451 WOLFSSL_ERROR(ssl->error);
wolfSSL 11:cee25a834751 8452 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 8453 }
wolfSSL 11:cee25a834751 8454 ssl->options.acceptState = ACCEPT_CLIENT_HELLO_DONE;
wolfSSL 11:cee25a834751 8455 WOLFSSL_MSG("accept state ACCEPT_CLIENT_HELLO_DONE");
wolfSSL 11:cee25a834751 8456
wolfSSL 11:cee25a834751 8457 case ACCEPT_CLIENT_HELLO_DONE :
wolfSSL 11:cee25a834751 8458 ssl->options.acceptState = ACCEPT_FIRST_REPLY_DONE;
wolfSSL 11:cee25a834751 8459 WOLFSSL_MSG("accept state ACCEPT_FIRST_REPLY_DONE");
wolfSSL 11:cee25a834751 8460
wolfSSL 11:cee25a834751 8461 case ACCEPT_FIRST_REPLY_DONE :
wolfSSL 11:cee25a834751 8462 if ( (ssl->error = SendServerHello(ssl)) != 0) {
wolfSSL 11:cee25a834751 8463 WOLFSSL_ERROR(ssl->error);
wolfSSL 11:cee25a834751 8464 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 8465 }
wolfSSL 11:cee25a834751 8466 ssl->options.acceptState = SERVER_HELLO_SENT;
wolfSSL 11:cee25a834751 8467 WOLFSSL_MSG("accept state SERVER_HELLO_SENT");
wolfSSL 11:cee25a834751 8468
wolfSSL 11:cee25a834751 8469 case SERVER_HELLO_SENT :
wolfSSL 11:cee25a834751 8470 #ifndef NO_CERTS
wolfSSL 11:cee25a834751 8471 if (!ssl->options.resuming)
wolfSSL 11:cee25a834751 8472 if ( (ssl->error = SendCertificate(ssl)) != 0) {
wolfSSL 11:cee25a834751 8473 WOLFSSL_ERROR(ssl->error);
wolfSSL 11:cee25a834751 8474 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 8475 }
wolfSSL 11:cee25a834751 8476 #endif
wolfSSL 11:cee25a834751 8477 ssl->options.acceptState = CERT_SENT;
wolfSSL 11:cee25a834751 8478 WOLFSSL_MSG("accept state CERT_SENT");
wolfSSL 11:cee25a834751 8479
wolfSSL 11:cee25a834751 8480 case CERT_SENT :
wolfSSL 11:cee25a834751 8481 #ifndef NO_CERTS
wolfSSL 11:cee25a834751 8482 if (!ssl->options.resuming)
wolfSSL 11:cee25a834751 8483 if ( (ssl->error = SendCertificateStatus(ssl)) != 0) {
wolfSSL 11:cee25a834751 8484 WOLFSSL_ERROR(ssl->error);
wolfSSL 11:cee25a834751 8485 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 8486 }
wolfSSL 11:cee25a834751 8487 #endif
wolfSSL 11:cee25a834751 8488 ssl->options.acceptState = CERT_STATUS_SENT;
wolfSSL 11:cee25a834751 8489 WOLFSSL_MSG("accept state CERT_STATUS_SENT");
wolfSSL 11:cee25a834751 8490
wolfSSL 11:cee25a834751 8491 case CERT_STATUS_SENT :
wolfSSL 11:cee25a834751 8492 if (!ssl->options.resuming)
wolfSSL 11:cee25a834751 8493 if ( (ssl->error = SendServerKeyExchange(ssl)) != 0) {
wolfSSL 11:cee25a834751 8494 WOLFSSL_ERROR(ssl->error);
wolfSSL 11:cee25a834751 8495 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 8496 }
wolfSSL 11:cee25a834751 8497 ssl->options.acceptState = KEY_EXCHANGE_SENT;
wolfSSL 11:cee25a834751 8498 WOLFSSL_MSG("accept state KEY_EXCHANGE_SENT");
wolfSSL 11:cee25a834751 8499
wolfSSL 11:cee25a834751 8500 case KEY_EXCHANGE_SENT :
wolfSSL 11:cee25a834751 8501 #ifndef NO_CERTS
wolfSSL 11:cee25a834751 8502 if (!ssl->options.resuming)
wolfSSL 11:cee25a834751 8503 if (ssl->options.verifyPeer)
wolfSSL 11:cee25a834751 8504 if ( (ssl->error = SendCertificateRequest(ssl)) != 0) {
wolfSSL 11:cee25a834751 8505 WOLFSSL_ERROR(ssl->error);
wolfSSL 11:cee25a834751 8506 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 8507 }
wolfSSL 11:cee25a834751 8508 #endif
wolfSSL 11:cee25a834751 8509 ssl->options.acceptState = CERT_REQ_SENT;
wolfSSL 11:cee25a834751 8510 WOLFSSL_MSG("accept state CERT_REQ_SENT");
wolfSSL 11:cee25a834751 8511
wolfSSL 11:cee25a834751 8512 case CERT_REQ_SENT :
wolfSSL 11:cee25a834751 8513 if (!ssl->options.resuming)
wolfSSL 11:cee25a834751 8514 if ( (ssl->error = SendServerHelloDone(ssl)) != 0) {
wolfSSL 11:cee25a834751 8515 WOLFSSL_ERROR(ssl->error);
wolfSSL 11:cee25a834751 8516 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 8517 }
wolfSSL 11:cee25a834751 8518 ssl->options.acceptState = SERVER_HELLO_DONE;
wolfSSL 11:cee25a834751 8519 WOLFSSL_MSG("accept state SERVER_HELLO_DONE");
wolfSSL 11:cee25a834751 8520
wolfSSL 11:cee25a834751 8521 case SERVER_HELLO_DONE :
wolfSSL 11:cee25a834751 8522 if (!ssl->options.resuming) {
wolfSSL 11:cee25a834751 8523 while (ssl->options.clientState < CLIENT_FINISHED_COMPLETE)
wolfSSL 11:cee25a834751 8524 if ( (ssl->error = ProcessReply(ssl)) < 0) {
wolfSSL 11:cee25a834751 8525 WOLFSSL_ERROR(ssl->error);
wolfSSL 11:cee25a834751 8526 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 8527 }
wolfSSL 11:cee25a834751 8528 }
wolfSSL 11:cee25a834751 8529 ssl->options.acceptState = ACCEPT_SECOND_REPLY_DONE;
wolfSSL 11:cee25a834751 8530 WOLFSSL_MSG("accept state ACCEPT_SECOND_REPLY_DONE");
wolfSSL 11:cee25a834751 8531
wolfSSL 11:cee25a834751 8532 case ACCEPT_SECOND_REPLY_DONE :
wolfSSL 11:cee25a834751 8533 #ifdef HAVE_SESSION_TICKET
wolfSSL 11:cee25a834751 8534 if (ssl->options.createTicket) {
wolfSSL 11:cee25a834751 8535 if ( (ssl->error = SendTicket(ssl)) != 0) {
wolfSSL 11:cee25a834751 8536 WOLFSSL_ERROR(ssl->error);
wolfSSL 11:cee25a834751 8537 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 8538 }
wolfSSL 11:cee25a834751 8539 }
wolfSSL 11:cee25a834751 8540 #endif /* HAVE_SESSION_TICKET */
wolfSSL 11:cee25a834751 8541 ssl->options.acceptState = TICKET_SENT;
wolfSSL 11:cee25a834751 8542 WOLFSSL_MSG("accept state TICKET_SENT");
wolfSSL 11:cee25a834751 8543
wolfSSL 11:cee25a834751 8544 case TICKET_SENT:
wolfSSL 11:cee25a834751 8545 if ( (ssl->error = SendChangeCipher(ssl)) != 0) {
wolfSSL 11:cee25a834751 8546 WOLFSSL_ERROR(ssl->error);
wolfSSL 11:cee25a834751 8547 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 8548 }
wolfSSL 11:cee25a834751 8549 ssl->options.acceptState = CHANGE_CIPHER_SENT;
wolfSSL 11:cee25a834751 8550 WOLFSSL_MSG("accept state CHANGE_CIPHER_SENT");
wolfSSL 11:cee25a834751 8551
wolfSSL 11:cee25a834751 8552 case CHANGE_CIPHER_SENT :
wolfSSL 11:cee25a834751 8553 if ( (ssl->error = SendFinished(ssl)) != 0) {
wolfSSL 11:cee25a834751 8554 WOLFSSL_ERROR(ssl->error);
wolfSSL 11:cee25a834751 8555 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 8556 }
wolfSSL 11:cee25a834751 8557
wolfSSL 11:cee25a834751 8558 ssl->options.acceptState = ACCEPT_FINISHED_DONE;
wolfSSL 11:cee25a834751 8559 WOLFSSL_MSG("accept state ACCEPT_FINISHED_DONE");
wolfSSL 11:cee25a834751 8560
wolfSSL 11:cee25a834751 8561 case ACCEPT_FINISHED_DONE :
wolfSSL 11:cee25a834751 8562 if (ssl->options.resuming)
wolfSSL 11:cee25a834751 8563 while (ssl->options.clientState < CLIENT_FINISHED_COMPLETE)
wolfSSL 11:cee25a834751 8564 if ( (ssl->error = ProcessReply(ssl)) < 0) {
wolfSSL 11:cee25a834751 8565 WOLFSSL_ERROR(ssl->error);
wolfSSL 11:cee25a834751 8566 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 8567 }
wolfSSL 11:cee25a834751 8568
wolfSSL 11:cee25a834751 8569 ssl->options.acceptState = ACCEPT_THIRD_REPLY_DONE;
wolfSSL 11:cee25a834751 8570 WOLFSSL_MSG("accept state ACCEPT_THIRD_REPLY_DONE");
wolfSSL 11:cee25a834751 8571
wolfSSL 11:cee25a834751 8572 case ACCEPT_THIRD_REPLY_DONE :
wolfSSL 11:cee25a834751 8573 #ifndef NO_HANDSHAKE_DONE_CB
wolfSSL 11:cee25a834751 8574 if (ssl->hsDoneCb) {
wolfSSL 11:cee25a834751 8575 int cbret = ssl->hsDoneCb(ssl, ssl->hsDoneCtx);
wolfSSL 11:cee25a834751 8576 if (cbret < 0) {
wolfSSL 11:cee25a834751 8577 ssl->error = cbret;
wolfSSL 11:cee25a834751 8578 WOLFSSL_MSG("HandShake Done Cb don't continue error");
wolfSSL 11:cee25a834751 8579 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 8580 }
wolfSSL 11:cee25a834751 8581 }
wolfSSL 11:cee25a834751 8582 #endif /* NO_HANDSHAKE_DONE_CB */
wolfSSL 11:cee25a834751 8583
wolfSSL 11:cee25a834751 8584 if (!ssl->options.dtls) {
wolfSSL 11:cee25a834751 8585 if (!ssl->options.keepResources) {
wolfSSL 11:cee25a834751 8586 FreeHandshakeResources(ssl);
wolfSSL 11:cee25a834751 8587 }
wolfSSL 11:cee25a834751 8588 }
wolfSSL 11:cee25a834751 8589 #ifdef WOLFSSL_DTLS
wolfSSL 11:cee25a834751 8590 else {
wolfSSL 11:cee25a834751 8591 ssl->options.dtlsHsRetain = 1;
wolfSSL 11:cee25a834751 8592 }
wolfSSL 11:cee25a834751 8593 #endif /* WOLFSSL_DTLS */
wolfSSL 11:cee25a834751 8594
wolfSSL 11:cee25a834751 8595 #ifdef WOLFSSL_SESSION_EXPORT
wolfSSL 11:cee25a834751 8596 if (ssl->dtls_export) {
wolfSSL 11:cee25a834751 8597 if ((ssl->error = wolfSSL_send_session(ssl)) != 0) {
wolfSSL 11:cee25a834751 8598 WOLFSSL_MSG("Export DTLS session error");
wolfSSL 11:cee25a834751 8599 WOLFSSL_ERROR(ssl->error);
wolfSSL 11:cee25a834751 8600 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 8601 }
wolfSSL 11:cee25a834751 8602 }
wolfSSL 11:cee25a834751 8603 #endif
wolfSSL 11:cee25a834751 8604
wolfSSL 11:cee25a834751 8605 WOLFSSL_LEAVE("SSL_accept()", SSL_SUCCESS);
wolfSSL 11:cee25a834751 8606 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 8607
wolfSSL 11:cee25a834751 8608 default :
wolfSSL 11:cee25a834751 8609 WOLFSSL_MSG("Unknown accept state ERROR");
wolfSSL 11:cee25a834751 8610 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 8611 }
wolfSSL 11:cee25a834751 8612 }
wolfSSL 11:cee25a834751 8613
wolfSSL 11:cee25a834751 8614 #endif /* NO_WOLFSSL_SERVER */
wolfSSL 11:cee25a834751 8615
wolfSSL 11:cee25a834751 8616
wolfSSL 11:cee25a834751 8617 #ifndef NO_HANDSHAKE_DONE_CB
wolfSSL 11:cee25a834751 8618
wolfSSL 11:cee25a834751 8619 int wolfSSL_SetHsDoneCb(WOLFSSL* ssl, HandShakeDoneCb cb, void* user_ctx)
wolfSSL 11:cee25a834751 8620 {
wolfSSL 11:cee25a834751 8621 WOLFSSL_ENTER("wolfSSL_SetHsDoneCb");
wolfSSL 11:cee25a834751 8622
wolfSSL 11:cee25a834751 8623 if (ssl == NULL)
wolfSSL 11:cee25a834751 8624 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 8625
wolfSSL 11:cee25a834751 8626 ssl->hsDoneCb = cb;
wolfSSL 11:cee25a834751 8627 ssl->hsDoneCtx = user_ctx;
wolfSSL 11:cee25a834751 8628
wolfSSL 11:cee25a834751 8629
wolfSSL 11:cee25a834751 8630 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 8631 }
wolfSSL 11:cee25a834751 8632
wolfSSL 11:cee25a834751 8633 #endif /* NO_HANDSHAKE_DONE_CB */
wolfSSL 11:cee25a834751 8634
wolfSSL 11:cee25a834751 8635 int wolfSSL_Cleanup(void)
wolfSSL 11:cee25a834751 8636 {
wolfSSL 11:cee25a834751 8637 int ret = SSL_SUCCESS;
wolfSSL 11:cee25a834751 8638 int release = 0;
wolfSSL 11:cee25a834751 8639
wolfSSL 11:cee25a834751 8640 WOLFSSL_ENTER("wolfSSL_Cleanup");
wolfSSL 11:cee25a834751 8641
wolfSSL 11:cee25a834751 8642 if (initRefCount == 0)
wolfSSL 11:cee25a834751 8643 return ret; /* possibly no init yet, but not failure either way */
wolfSSL 11:cee25a834751 8644
wolfSSL 11:cee25a834751 8645 if (wc_LockMutex(&count_mutex) != 0) {
wolfSSL 11:cee25a834751 8646 WOLFSSL_MSG("Bad Lock Mutex count");
wolfSSL 11:cee25a834751 8647 return BAD_MUTEX_E;
wolfSSL 11:cee25a834751 8648 }
wolfSSL 11:cee25a834751 8649
wolfSSL 11:cee25a834751 8650 release = initRefCount-- == 1;
wolfSSL 11:cee25a834751 8651 if (initRefCount < 0)
wolfSSL 11:cee25a834751 8652 initRefCount = 0;
wolfSSL 11:cee25a834751 8653
wolfSSL 11:cee25a834751 8654 wc_UnLockMutex(&count_mutex);
wolfSSL 11:cee25a834751 8655
wolfSSL 11:cee25a834751 8656 if (!release)
wolfSSL 11:cee25a834751 8657 return ret;
wolfSSL 11:cee25a834751 8658
wolfSSL 11:cee25a834751 8659 #ifndef NO_SESSION_CACHE
wolfSSL 11:cee25a834751 8660 if (wc_FreeMutex(&session_mutex) != 0)
wolfSSL 11:cee25a834751 8661 ret = BAD_MUTEX_E;
wolfSSL 11:cee25a834751 8662 #endif
wolfSSL 11:cee25a834751 8663 if (wc_FreeMutex(&count_mutex) != 0)
wolfSSL 11:cee25a834751 8664 ret = BAD_MUTEX_E;
wolfSSL 11:cee25a834751 8665
wolfSSL 11:cee25a834751 8666 if (wolfCrypt_Cleanup() != 0) {
wolfSSL 11:cee25a834751 8667 WOLFSSL_MSG("Error with wolfCrypt_Cleanup call");
wolfSSL 11:cee25a834751 8668 ret = WC_CLEANUP_E;
wolfSSL 11:cee25a834751 8669 }
wolfSSL 11:cee25a834751 8670
wolfSSL 11:cee25a834751 8671 return ret;
wolfSSL 11:cee25a834751 8672 }
wolfSSL 11:cee25a834751 8673
wolfSSL 11:cee25a834751 8674
wolfSSL 11:cee25a834751 8675 #ifndef NO_SESSION_CACHE
wolfSSL 11:cee25a834751 8676
wolfSSL 11:cee25a834751 8677
wolfSSL 11:cee25a834751 8678 /* some session IDs aren't random after all, let's make them random */
wolfSSL 11:cee25a834751 8679 static INLINE word32 HashSession(const byte* sessionID, word32 len, int* error)
wolfSSL 11:cee25a834751 8680 {
wolfSSL 11:cee25a834751 8681 byte digest[MAX_DIGEST_SIZE];
wolfSSL 11:cee25a834751 8682
wolfSSL 11:cee25a834751 8683 #ifndef NO_MD5
wolfSSL 11:cee25a834751 8684 *error = wc_Md5Hash(sessionID, len, digest);
wolfSSL 11:cee25a834751 8685 #elif !defined(NO_SHA)
wolfSSL 11:cee25a834751 8686 *error = wc_ShaHash(sessionID, len, digest);
wolfSSL 11:cee25a834751 8687 #elif !defined(NO_SHA256)
wolfSSL 11:cee25a834751 8688 *error = wc_Sha256Hash(sessionID, len, digest);
wolfSSL 11:cee25a834751 8689 #else
wolfSSL 11:cee25a834751 8690 #error "We need a digest to hash the session IDs"
wolfSSL 11:cee25a834751 8691 #endif
wolfSSL 11:cee25a834751 8692
wolfSSL 11:cee25a834751 8693 return *error == 0 ? MakeWordFromHash(digest) : 0; /* 0 on failure */
wolfSSL 11:cee25a834751 8694 }
wolfSSL 11:cee25a834751 8695
wolfSSL 11:cee25a834751 8696
wolfSSL 11:cee25a834751 8697 void wolfSSL_flush_sessions(WOLFSSL_CTX* ctx, long tm)
wolfSSL 11:cee25a834751 8698 {
wolfSSL 11:cee25a834751 8699 /* static table now, no flushing needed */
wolfSSL 11:cee25a834751 8700 (void)ctx;
wolfSSL 11:cee25a834751 8701 (void)tm;
wolfSSL 11:cee25a834751 8702 }
wolfSSL 11:cee25a834751 8703
wolfSSL 11:cee25a834751 8704
wolfSSL 11:cee25a834751 8705 /* set ssl session timeout in seconds */
wolfSSL 11:cee25a834751 8706 int wolfSSL_set_timeout(WOLFSSL* ssl, unsigned int to)
wolfSSL 11:cee25a834751 8707 {
wolfSSL 11:cee25a834751 8708 if (ssl == NULL)
wolfSSL 11:cee25a834751 8709 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 8710
wolfSSL 11:cee25a834751 8711 if (to == 0)
wolfSSL 11:cee25a834751 8712 to = WOLFSSL_SESSION_TIMEOUT;
wolfSSL 11:cee25a834751 8713 ssl->timeout = to;
wolfSSL 11:cee25a834751 8714
wolfSSL 11:cee25a834751 8715 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 8716 }
wolfSSL 11:cee25a834751 8717
wolfSSL 11:cee25a834751 8718
wolfSSL 11:cee25a834751 8719 /* set ctx session timeout in seconds */
wolfSSL 11:cee25a834751 8720 int wolfSSL_CTX_set_timeout(WOLFSSL_CTX* ctx, unsigned int to)
wolfSSL 11:cee25a834751 8721 {
wolfSSL 11:cee25a834751 8722 if (ctx == NULL)
wolfSSL 11:cee25a834751 8723 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 8724
wolfSSL 11:cee25a834751 8725 if (to == 0)
wolfSSL 11:cee25a834751 8726 to = WOLFSSL_SESSION_TIMEOUT;
wolfSSL 11:cee25a834751 8727 ctx->timeout = to;
wolfSSL 11:cee25a834751 8728
wolfSSL 11:cee25a834751 8729 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 8730 }
wolfSSL 11:cee25a834751 8731
wolfSSL 11:cee25a834751 8732
wolfSSL 11:cee25a834751 8733 #ifndef NO_CLIENT_CACHE
wolfSSL 11:cee25a834751 8734
wolfSSL 11:cee25a834751 8735 /* Get Session from Client cache based on id/len, return NULL on failure */
wolfSSL 11:cee25a834751 8736 WOLFSSL_SESSION* GetSessionClient(WOLFSSL* ssl, const byte* id, int len)
wolfSSL 11:cee25a834751 8737 {
wolfSSL 11:cee25a834751 8738 WOLFSSL_SESSION* ret = NULL;
wolfSSL 11:cee25a834751 8739 word32 row;
wolfSSL 11:cee25a834751 8740 int idx;
wolfSSL 11:cee25a834751 8741 int count;
wolfSSL 11:cee25a834751 8742 int error = 0;
wolfSSL 11:cee25a834751 8743
wolfSSL 11:cee25a834751 8744 WOLFSSL_ENTER("GetSessionClient");
wolfSSL 11:cee25a834751 8745
wolfSSL 11:cee25a834751 8746 if (ssl->ctx->sessionCacheOff)
wolfSSL 11:cee25a834751 8747 return NULL;
wolfSSL 11:cee25a834751 8748
wolfSSL 11:cee25a834751 8749 if (ssl->options.side == WOLFSSL_SERVER_END)
wolfSSL 11:cee25a834751 8750 return NULL;
wolfSSL 11:cee25a834751 8751
wolfSSL 11:cee25a834751 8752 len = min(SERVER_ID_LEN, (word32)len);
wolfSSL 11:cee25a834751 8753
wolfSSL 11:cee25a834751 8754 #ifdef HAVE_EXT_CACHE
wolfSSL 11:cee25a834751 8755 if (ssl->ctx->get_sess_cb != NULL) {
wolfSSL 11:cee25a834751 8756 int copy = 0;
wolfSSL 11:cee25a834751 8757 ret = ssl->ctx->get_sess_cb(ssl, (byte*)id, len, &copy);
wolfSSL 11:cee25a834751 8758 if (ret != NULL)
wolfSSL 11:cee25a834751 8759 return ret;
wolfSSL 11:cee25a834751 8760 }
wolfSSL 11:cee25a834751 8761
wolfSSL 11:cee25a834751 8762 if (ssl->ctx->internalCacheOff)
wolfSSL 11:cee25a834751 8763 return NULL;
wolfSSL 11:cee25a834751 8764 #endif
wolfSSL 11:cee25a834751 8765
wolfSSL 11:cee25a834751 8766 row = HashSession(id, len, &error) % SESSION_ROWS;
wolfSSL 11:cee25a834751 8767 if (error != 0) {
wolfSSL 11:cee25a834751 8768 WOLFSSL_MSG("Hash session failed");
wolfSSL 11:cee25a834751 8769 return NULL;
wolfSSL 11:cee25a834751 8770 }
wolfSSL 11:cee25a834751 8771
wolfSSL 11:cee25a834751 8772 if (wc_LockMutex(&session_mutex) != 0) {
wolfSSL 11:cee25a834751 8773 WOLFSSL_MSG("Lock session mutex failed");
wolfSSL 11:cee25a834751 8774 return NULL;
wolfSSL 11:cee25a834751 8775 }
wolfSSL 11:cee25a834751 8776
wolfSSL 11:cee25a834751 8777 /* start from most recently used */
wolfSSL 11:cee25a834751 8778 count = min((word32)ClientCache[row].totalCount, SESSIONS_PER_ROW);
wolfSSL 11:cee25a834751 8779 idx = ClientCache[row].nextIdx - 1;
wolfSSL 11:cee25a834751 8780 if (idx < 0)
wolfSSL 11:cee25a834751 8781 idx = SESSIONS_PER_ROW - 1; /* if back to front, the previous was end */
wolfSSL 11:cee25a834751 8782
wolfSSL 11:cee25a834751 8783 for (; count > 0; --count, idx = idx ? idx - 1 : SESSIONS_PER_ROW - 1) {
wolfSSL 11:cee25a834751 8784 WOLFSSL_SESSION* current;
wolfSSL 11:cee25a834751 8785 ClientSession clSess;
wolfSSL 11:cee25a834751 8786
wolfSSL 11:cee25a834751 8787 if (idx >= SESSIONS_PER_ROW || idx < 0) { /* sanity check */
wolfSSL 11:cee25a834751 8788 WOLFSSL_MSG("Bad idx");
wolfSSL 11:cee25a834751 8789 break;
wolfSSL 11:cee25a834751 8790 }
wolfSSL 11:cee25a834751 8791
wolfSSL 11:cee25a834751 8792 clSess = ClientCache[row].Clients[idx];
wolfSSL 11:cee25a834751 8793
wolfSSL 11:cee25a834751 8794 current = &SessionCache[clSess.serverRow].Sessions[clSess.serverIdx];
wolfSSL 11:cee25a834751 8795 if (XMEMCMP(current->serverID, id, len) == 0) {
wolfSSL 11:cee25a834751 8796 WOLFSSL_MSG("Found a serverid match for client");
wolfSSL 11:cee25a834751 8797 if (LowResTimer() < (current->bornOn + current->timeout)) {
wolfSSL 11:cee25a834751 8798 WOLFSSL_MSG("Session valid");
wolfSSL 11:cee25a834751 8799 ret = current;
wolfSSL 11:cee25a834751 8800 break;
wolfSSL 11:cee25a834751 8801 } else {
wolfSSL 11:cee25a834751 8802 WOLFSSL_MSG("Session timed out"); /* could have more for id */
wolfSSL 11:cee25a834751 8803 }
wolfSSL 11:cee25a834751 8804 } else {
wolfSSL 11:cee25a834751 8805 WOLFSSL_MSG("ServerID not a match from client table");
wolfSSL 11:cee25a834751 8806 }
wolfSSL 11:cee25a834751 8807 }
wolfSSL 11:cee25a834751 8808
wolfSSL 11:cee25a834751 8809 wc_UnLockMutex(&session_mutex);
wolfSSL 11:cee25a834751 8810
wolfSSL 11:cee25a834751 8811 return ret;
wolfSSL 11:cee25a834751 8812 }
wolfSSL 11:cee25a834751 8813
wolfSSL 11:cee25a834751 8814 #endif /* NO_CLIENT_CACHE */
wolfSSL 11:cee25a834751 8815
wolfSSL 11:cee25a834751 8816 /* Restore the master secret and session information for certificates.
wolfSSL 11:cee25a834751 8817 *
wolfSSL 11:cee25a834751 8818 * ssl The SSL/TLS object.
wolfSSL 11:cee25a834751 8819 * session The cached session to restore.
wolfSSL 11:cee25a834751 8820 * masterSecret The master secret from the cached session.
wolfSSL 11:cee25a834751 8821 * restoreSessionCerts Restoring session certificates is required.
wolfSSL 11:cee25a834751 8822 */
wolfSSL 11:cee25a834751 8823 static INLINE void RestoreSession(WOLFSSL* ssl, WOLFSSL_SESSION* session,
wolfSSL 11:cee25a834751 8824 byte* masterSecret, byte restoreSessionCerts)
wolfSSL 11:cee25a834751 8825 {
wolfSSL 11:cee25a834751 8826 (void)ssl;
wolfSSL 11:cee25a834751 8827 (void)restoreSessionCerts;
wolfSSL 11:cee25a834751 8828
wolfSSL 11:cee25a834751 8829 if (masterSecret)
wolfSSL 11:cee25a834751 8830 XMEMCPY(masterSecret, session->masterSecret, SECRET_LEN);
wolfSSL 11:cee25a834751 8831 #ifdef SESSION_CERTS
wolfSSL 11:cee25a834751 8832 /* If set, we should copy the session certs into the ssl object
wolfSSL 11:cee25a834751 8833 * from the session we are returning so we can resume */
wolfSSL 11:cee25a834751 8834 if (restoreSessionCerts) {
wolfSSL 11:cee25a834751 8835 ssl->session.chain = session->chain;
wolfSSL 11:cee25a834751 8836 ssl->session.version = session->version;
wolfSSL 11:cee25a834751 8837 ssl->session.cipherSuite0 = session->cipherSuite0;
wolfSSL 11:cee25a834751 8838 ssl->session.cipherSuite = session->cipherSuite;
wolfSSL 11:cee25a834751 8839 }
wolfSSL 11:cee25a834751 8840 #endif /* SESSION_CERTS */
wolfSSL 11:cee25a834751 8841 }
wolfSSL 11:cee25a834751 8842
wolfSSL 11:cee25a834751 8843 WOLFSSL_SESSION* GetSession(WOLFSSL* ssl, byte* masterSecret,
wolfSSL 11:cee25a834751 8844 byte restoreSessionCerts)
wolfSSL 11:cee25a834751 8845 {
wolfSSL 11:cee25a834751 8846 WOLFSSL_SESSION* ret = 0;
wolfSSL 11:cee25a834751 8847 const byte* id = NULL;
wolfSSL 11:cee25a834751 8848 word32 row;
wolfSSL 11:cee25a834751 8849 int idx;
wolfSSL 11:cee25a834751 8850 int count;
wolfSSL 11:cee25a834751 8851 int error = 0;
wolfSSL 11:cee25a834751 8852
wolfSSL 11:cee25a834751 8853 (void) restoreSessionCerts;
wolfSSL 11:cee25a834751 8854
wolfSSL 11:cee25a834751 8855 if (ssl->options.sessionCacheOff)
wolfSSL 11:cee25a834751 8856 return NULL;
wolfSSL 11:cee25a834751 8857
wolfSSL 11:cee25a834751 8858 if (ssl->options.haveSessionId == 0)
wolfSSL 11:cee25a834751 8859 return NULL;
wolfSSL 11:cee25a834751 8860
wolfSSL 11:cee25a834751 8861 #ifdef HAVE_SESSION_TICKET
wolfSSL 11:cee25a834751 8862 if (ssl->options.side == WOLFSSL_SERVER_END && ssl->options.useTicket == 1)
wolfSSL 11:cee25a834751 8863 return NULL;
wolfSSL 11:cee25a834751 8864 #endif
wolfSSL 11:cee25a834751 8865
wolfSSL 11:cee25a834751 8866 if (ssl->arrays)
wolfSSL 11:cee25a834751 8867 id = ssl->arrays->sessionID;
wolfSSL 11:cee25a834751 8868 else
wolfSSL 11:cee25a834751 8869 id = ssl->session.sessionID;
wolfSSL 11:cee25a834751 8870
wolfSSL 11:cee25a834751 8871 #ifdef HAVE_EXT_CACHE
wolfSSL 11:cee25a834751 8872 if (ssl->ctx->get_sess_cb != NULL) {
wolfSSL 11:cee25a834751 8873 int copy = 0;
wolfSSL 11:cee25a834751 8874 /* Attempt to retrieve the session from the external cache. */
wolfSSL 11:cee25a834751 8875 ret = ssl->ctx->get_sess_cb(ssl, (byte*)id, ID_LEN, &copy);
wolfSSL 11:cee25a834751 8876 if (ret != NULL) {
wolfSSL 11:cee25a834751 8877 RestoreSession(ssl, ret, masterSecret, restoreSessionCerts);
wolfSSL 11:cee25a834751 8878 return ret;
wolfSSL 11:cee25a834751 8879 }
wolfSSL 11:cee25a834751 8880 }
wolfSSL 11:cee25a834751 8881
wolfSSL 11:cee25a834751 8882 if (ssl->ctx->internalCacheOff)
wolfSSL 11:cee25a834751 8883 return NULL;
wolfSSL 11:cee25a834751 8884 #endif
wolfSSL 11:cee25a834751 8885
wolfSSL 11:cee25a834751 8886 row = HashSession(id, ID_LEN, &error) % SESSION_ROWS;
wolfSSL 11:cee25a834751 8887 if (error != 0) {
wolfSSL 11:cee25a834751 8888 WOLFSSL_MSG("Hash session failed");
wolfSSL 11:cee25a834751 8889 return NULL;
wolfSSL 11:cee25a834751 8890 }
wolfSSL 11:cee25a834751 8891
wolfSSL 11:cee25a834751 8892 if (wc_LockMutex(&session_mutex) != 0)
wolfSSL 11:cee25a834751 8893 return 0;
wolfSSL 11:cee25a834751 8894
wolfSSL 11:cee25a834751 8895 /* start from most recently used */
wolfSSL 11:cee25a834751 8896 count = min((word32)SessionCache[row].totalCount, SESSIONS_PER_ROW);
wolfSSL 11:cee25a834751 8897 idx = SessionCache[row].nextIdx - 1;
wolfSSL 11:cee25a834751 8898 if (idx < 0)
wolfSSL 11:cee25a834751 8899 idx = SESSIONS_PER_ROW - 1; /* if back to front, the previous was end */
wolfSSL 11:cee25a834751 8900
wolfSSL 11:cee25a834751 8901 for (; count > 0; --count, idx = idx ? idx - 1 : SESSIONS_PER_ROW - 1) {
wolfSSL 11:cee25a834751 8902 WOLFSSL_SESSION* current;
wolfSSL 11:cee25a834751 8903
wolfSSL 11:cee25a834751 8904 if (idx >= SESSIONS_PER_ROW || idx < 0) { /* sanity check */
wolfSSL 11:cee25a834751 8905 WOLFSSL_MSG("Bad idx");
wolfSSL 11:cee25a834751 8906 break;
wolfSSL 11:cee25a834751 8907 }
wolfSSL 11:cee25a834751 8908
wolfSSL 11:cee25a834751 8909 current = &SessionCache[row].Sessions[idx];
wolfSSL 11:cee25a834751 8910 if (XMEMCMP(current->sessionID, id, ID_LEN) == 0) {
wolfSSL 11:cee25a834751 8911 WOLFSSL_MSG("Found a session match");
wolfSSL 11:cee25a834751 8912 if (LowResTimer() < (current->bornOn + current->timeout)) {
wolfSSL 11:cee25a834751 8913 WOLFSSL_MSG("Session valid");
wolfSSL 11:cee25a834751 8914 ret = current;
wolfSSL 11:cee25a834751 8915 RestoreSession(ssl, ret, masterSecret, restoreSessionCerts);
wolfSSL 11:cee25a834751 8916 } else {
wolfSSL 11:cee25a834751 8917 WOLFSSL_MSG("Session timed out");
wolfSSL 11:cee25a834751 8918 }
wolfSSL 11:cee25a834751 8919 break; /* no more sessionIDs whether valid or not that match */
wolfSSL 11:cee25a834751 8920 } else {
wolfSSL 11:cee25a834751 8921 WOLFSSL_MSG("SessionID not a match at this idx");
wolfSSL 11:cee25a834751 8922 }
wolfSSL 11:cee25a834751 8923 }
wolfSSL 11:cee25a834751 8924
wolfSSL 11:cee25a834751 8925 wc_UnLockMutex(&session_mutex);
wolfSSL 11:cee25a834751 8926
wolfSSL 11:cee25a834751 8927 return ret;
wolfSSL 11:cee25a834751 8928 }
wolfSSL 11:cee25a834751 8929
wolfSSL 11:cee25a834751 8930
wolfSSL 11:cee25a834751 8931 static int GetDeepCopySession(WOLFSSL* ssl, WOLFSSL_SESSION* copyFrom)
wolfSSL 11:cee25a834751 8932 {
wolfSSL 11:cee25a834751 8933 WOLFSSL_SESSION* copyInto = &ssl->session;
wolfSSL 11:cee25a834751 8934 void* tmpBuff = NULL;
wolfSSL 11:cee25a834751 8935 int ticketLen = 0;
wolfSSL 11:cee25a834751 8936 int doDynamicCopy = 0;
wolfSSL 11:cee25a834751 8937 int ret = SSL_SUCCESS;
wolfSSL 11:cee25a834751 8938
wolfSSL 11:cee25a834751 8939 (void)ticketLen;
wolfSSL 11:cee25a834751 8940 (void)doDynamicCopy;
wolfSSL 11:cee25a834751 8941 (void)tmpBuff;
wolfSSL 11:cee25a834751 8942
wolfSSL 11:cee25a834751 8943 if (!ssl || !copyFrom)
wolfSSL 11:cee25a834751 8944 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 8945
wolfSSL 11:cee25a834751 8946 #ifdef HAVE_SESSION_TICKET
wolfSSL 11:cee25a834751 8947 /* Free old dynamic ticket if we had one to avoid leak */
wolfSSL 11:cee25a834751 8948 if (copyInto->isDynamic) {
wolfSSL 11:cee25a834751 8949 XFREE(copyInto->ticket, ssl->heap, DYNAMIC_TYPE_SESSION_TICK);
wolfSSL 11:cee25a834751 8950 copyInto->ticket = copyInto->staticTicket;
wolfSSL 11:cee25a834751 8951 copyInto->isDynamic = 0;
wolfSSL 11:cee25a834751 8952 }
wolfSSL 11:cee25a834751 8953 #endif
wolfSSL 11:cee25a834751 8954
wolfSSL 11:cee25a834751 8955 if (wc_LockMutex(&session_mutex) != 0)
wolfSSL 11:cee25a834751 8956 return BAD_MUTEX_E;
wolfSSL 11:cee25a834751 8957
wolfSSL 11:cee25a834751 8958 #ifdef HAVE_SESSION_TICKET
wolfSSL 11:cee25a834751 8959 /* Size of ticket to alloc if needed; Use later for alloc outside lock */
wolfSSL 11:cee25a834751 8960 doDynamicCopy = copyFrom->isDynamic;
wolfSSL 11:cee25a834751 8961 ticketLen = copyFrom->ticketLen;
wolfSSL 11:cee25a834751 8962 #endif
wolfSSL 11:cee25a834751 8963
wolfSSL 11:cee25a834751 8964 *copyInto = *copyFrom;
wolfSSL 11:cee25a834751 8965
wolfSSL 11:cee25a834751 8966 /* Default ticket to non dynamic. This will avoid crash if we fail below */
wolfSSL 11:cee25a834751 8967 #ifdef HAVE_SESSION_TICKET
wolfSSL 11:cee25a834751 8968 copyInto->ticket = copyInto->staticTicket;
wolfSSL 11:cee25a834751 8969 copyInto->isDynamic = 0;
wolfSSL 11:cee25a834751 8970 #endif
wolfSSL 11:cee25a834751 8971
wolfSSL 11:cee25a834751 8972 if (wc_UnLockMutex(&session_mutex) != 0) {
wolfSSL 11:cee25a834751 8973 return BAD_MUTEX_E;
wolfSSL 11:cee25a834751 8974 }
wolfSSL 11:cee25a834751 8975
wolfSSL 11:cee25a834751 8976 #ifdef HAVE_SESSION_TICKET
wolfSSL 11:cee25a834751 8977 /* If doing dynamic copy, need to alloc outside lock, then inside a lock
wolfSSL 11:cee25a834751 8978 * confirm the size still matches and memcpy */
wolfSSL 11:cee25a834751 8979 if (doDynamicCopy) {
wolfSSL 11:cee25a834751 8980 tmpBuff = (byte*)XMALLOC(ticketLen, ssl->heap,
wolfSSL 11:cee25a834751 8981 DYNAMIC_TYPE_SESSION_TICK);
wolfSSL 11:cee25a834751 8982 if (!tmpBuff)
wolfSSL 11:cee25a834751 8983 return MEMORY_ERROR;
wolfSSL 11:cee25a834751 8984
wolfSSL 11:cee25a834751 8985 if (wc_LockMutex(&session_mutex) != 0) {
wolfSSL 11:cee25a834751 8986 XFREE(tmpBuff, ssl->heap, DYNAMIC_TYPE_SESSION_TICK);
wolfSSL 11:cee25a834751 8987 return BAD_MUTEX_E;
wolfSSL 11:cee25a834751 8988 }
wolfSSL 11:cee25a834751 8989
wolfSSL 11:cee25a834751 8990 if (ticketLen != copyFrom->ticketLen) {
wolfSSL 11:cee25a834751 8991 /* Another thread modified the ssl-> session ticket during alloc.
wolfSSL 11:cee25a834751 8992 * Treat as error, since ticket different than when copy requested */
wolfSSL 11:cee25a834751 8993 ret = VAR_STATE_CHANGE_E;
wolfSSL 11:cee25a834751 8994 }
wolfSSL 11:cee25a834751 8995
wolfSSL 11:cee25a834751 8996 if (ret == SSL_SUCCESS) {
wolfSSL 11:cee25a834751 8997 copyInto->ticket = (byte*)tmpBuff;
wolfSSL 11:cee25a834751 8998 copyInto->isDynamic = 1;
wolfSSL 11:cee25a834751 8999 XMEMCPY(copyInto->ticket, copyFrom->ticket, ticketLen);
wolfSSL 11:cee25a834751 9000 }
wolfSSL 11:cee25a834751 9001 } else {
wolfSSL 11:cee25a834751 9002 /* Need to ensure ticket pointer gets updated to own buffer
wolfSSL 11:cee25a834751 9003 * and is not pointing to buff of session copied from */
wolfSSL 11:cee25a834751 9004 copyInto->ticket = copyInto->staticTicket;
wolfSSL 11:cee25a834751 9005 }
wolfSSL 11:cee25a834751 9006
wolfSSL 11:cee25a834751 9007 if (doDynamicCopy) {
wolfSSL 11:cee25a834751 9008 if (wc_UnLockMutex(&session_mutex) != 0) {
wolfSSL 11:cee25a834751 9009 if (ret == SSL_SUCCESS)
wolfSSL 11:cee25a834751 9010 ret = BAD_MUTEX_E;
wolfSSL 11:cee25a834751 9011 }
wolfSSL 11:cee25a834751 9012 }
wolfSSL 11:cee25a834751 9013
wolfSSL 11:cee25a834751 9014 if (ret != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 9015 /* cleanup */
wolfSSL 11:cee25a834751 9016 if (tmpBuff)
wolfSSL 11:cee25a834751 9017 XFREE(tmpBuff, ssl->heap, DYNAMIC_TYPE_SESSION_TICK);
wolfSSL 11:cee25a834751 9018 copyInto->ticket = copyInto->staticTicket;
wolfSSL 11:cee25a834751 9019 copyInto->isDynamic = 0;
wolfSSL 11:cee25a834751 9020 }
wolfSSL 11:cee25a834751 9021 #endif /* HAVE_SESSION_TICKET */
wolfSSL 11:cee25a834751 9022 return ret;
wolfSSL 11:cee25a834751 9023 }
wolfSSL 11:cee25a834751 9024
wolfSSL 11:cee25a834751 9025
wolfSSL 11:cee25a834751 9026 int SetSession(WOLFSSL* ssl, WOLFSSL_SESSION* session)
wolfSSL 11:cee25a834751 9027 {
wolfSSL 11:cee25a834751 9028 if (ssl->options.sessionCacheOff)
wolfSSL 11:cee25a834751 9029 return SSL_FAILURE;
wolfSSL 11:cee25a834751 9030
wolfSSL 11:cee25a834751 9031 if (LowResTimer() < (session->bornOn + session->timeout)) {
wolfSSL 11:cee25a834751 9032 int ret = GetDeepCopySession(ssl, session);
wolfSSL 11:cee25a834751 9033 if (ret == SSL_SUCCESS) {
wolfSSL 11:cee25a834751 9034 ssl->options.resuming = 1;
wolfSSL 11:cee25a834751 9035
wolfSSL 11:cee25a834751 9036 #ifdef SESSION_CERTS
wolfSSL 11:cee25a834751 9037 ssl->version = session->version;
wolfSSL 11:cee25a834751 9038 ssl->options.cipherSuite0 = session->cipherSuite0;
wolfSSL 11:cee25a834751 9039 ssl->options.cipherSuite = session->cipherSuite;
wolfSSL 11:cee25a834751 9040 #endif
wolfSSL 11:cee25a834751 9041 }
wolfSSL 11:cee25a834751 9042
wolfSSL 11:cee25a834751 9043 return ret;
wolfSSL 11:cee25a834751 9044 }
wolfSSL 11:cee25a834751 9045 return SSL_FAILURE; /* session timed out */
wolfSSL 11:cee25a834751 9046 }
wolfSSL 11:cee25a834751 9047
wolfSSL 11:cee25a834751 9048
wolfSSL 11:cee25a834751 9049 #ifdef WOLFSSL_SESSION_STATS
wolfSSL 11:cee25a834751 9050 static int get_locked_session_stats(word32* active, word32* total,
wolfSSL 11:cee25a834751 9051 word32* peak);
wolfSSL 11:cee25a834751 9052 #endif
wolfSSL 11:cee25a834751 9053
wolfSSL 11:cee25a834751 9054 int AddSession(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 9055 {
wolfSSL 11:cee25a834751 9056 word32 row = 0;
wolfSSL 11:cee25a834751 9057 word32 idx = 0;
wolfSSL 11:cee25a834751 9058 int error = 0;
wolfSSL 11:cee25a834751 9059 #ifdef HAVE_SESSION_TICKET
wolfSSL 11:cee25a834751 9060 byte* tmpBuff = NULL;
wolfSSL 11:cee25a834751 9061 int ticLen = 0;
wolfSSL 11:cee25a834751 9062 #endif
wolfSSL 11:cee25a834751 9063 WOLFSSL_SESSION* session;
wolfSSL 11:cee25a834751 9064
wolfSSL 11:cee25a834751 9065 if (ssl->options.sessionCacheOff)
wolfSSL 11:cee25a834751 9066 return 0;
wolfSSL 11:cee25a834751 9067
wolfSSL 11:cee25a834751 9068 if (ssl->options.haveSessionId == 0)
wolfSSL 11:cee25a834751 9069 return 0;
wolfSSL 11:cee25a834751 9070
wolfSSL 11:cee25a834751 9071 #ifdef HAVE_SESSION_TICKET
wolfSSL 11:cee25a834751 9072 if (ssl->options.side == WOLFSSL_SERVER_END && ssl->options.useTicket == 1)
wolfSSL 11:cee25a834751 9073 return 0;
wolfSSL 11:cee25a834751 9074 #endif
wolfSSL 11:cee25a834751 9075
wolfSSL 11:cee25a834751 9076 #ifdef HAVE_SESSION_TICKET
wolfSSL 11:cee25a834751 9077 ticLen = ssl->session.ticketLen;
wolfSSL 11:cee25a834751 9078 /* Alloc Memory here so if Malloc fails can exit outside of lock */
wolfSSL 11:cee25a834751 9079 if(ticLen > SESSION_TICKET_LEN) {
wolfSSL 11:cee25a834751 9080 tmpBuff = (byte*)XMALLOC(ticLen, ssl->heap,
wolfSSL 11:cee25a834751 9081 DYNAMIC_TYPE_SESSION_TICK);
wolfSSL 11:cee25a834751 9082 if(!tmpBuff)
wolfSSL 11:cee25a834751 9083 return MEMORY_E;
wolfSSL 11:cee25a834751 9084 }
wolfSSL 11:cee25a834751 9085 #endif
wolfSSL 11:cee25a834751 9086
wolfSSL 11:cee25a834751 9087 #ifdef HAVE_EXT_CACHE
wolfSSL 11:cee25a834751 9088 if (ssl->options.internalCacheOff) {
wolfSSL 11:cee25a834751 9089 /* Create a new session object to be stored. */
wolfSSL 11:cee25a834751 9090 session = (WOLFSSL_SESSION*)XMALLOC(sizeof(WOLFSSL_SESSION), NULL,
wolfSSL 11:cee25a834751 9091 DYNAMIC_TYPE_OPENSSL);
wolfSSL 11:cee25a834751 9092 if (session == NULL) {
wolfSSL 11:cee25a834751 9093 #ifdef HAVE_SESSION_TICKET
wolfSSL 11:cee25a834751 9094 XFREE(tmpBuff, ssl->heap, DYNAMIC_TYPE_SESSION_TICK);
wolfSSL 11:cee25a834751 9095 #endif
wolfSSL 11:cee25a834751 9096 return MEMORY_E;
wolfSSL 11:cee25a834751 9097 }
wolfSSL 11:cee25a834751 9098 XMEMSET(session, 0, sizeof(WOLFSSL_SESSION));
wolfSSL 11:cee25a834751 9099 session->isAlloced = 1;
wolfSSL 11:cee25a834751 9100 }
wolfSSL 11:cee25a834751 9101 else
wolfSSL 11:cee25a834751 9102 #endif
wolfSSL 11:cee25a834751 9103 {
wolfSSL 11:cee25a834751 9104 /* Use the session object in the cache for external cache if required.
wolfSSL 11:cee25a834751 9105 */
wolfSSL 11:cee25a834751 9106 row = HashSession(ssl->arrays->sessionID, ID_LEN, &error) %
wolfSSL 11:cee25a834751 9107 SESSION_ROWS;
wolfSSL 11:cee25a834751 9108 if (error != 0) {
wolfSSL 11:cee25a834751 9109 WOLFSSL_MSG("Hash session failed");
wolfSSL 11:cee25a834751 9110 #ifdef HAVE_SESSION_TICKET
wolfSSL 11:cee25a834751 9111 XFREE(tmpBuff, ssl->heap, DYNAMIC_TYPE_SESSION_TICK);
wolfSSL 11:cee25a834751 9112 #endif
wolfSSL 11:cee25a834751 9113 return error;
wolfSSL 11:cee25a834751 9114 }
wolfSSL 11:cee25a834751 9115
wolfSSL 11:cee25a834751 9116 if (wc_LockMutex(&session_mutex) != 0) {
wolfSSL 11:cee25a834751 9117 #ifdef HAVE_SESSION_TICKET
wolfSSL 11:cee25a834751 9118 XFREE(tmpBuff, ssl->heap, DYNAMIC_TYPE_SESSION_TICK);
wolfSSL 11:cee25a834751 9119 #endif
wolfSSL 11:cee25a834751 9120 return BAD_MUTEX_E;
wolfSSL 11:cee25a834751 9121 }
wolfSSL 11:cee25a834751 9122
wolfSSL 11:cee25a834751 9123 idx = SessionCache[row].nextIdx++;
wolfSSL 11:cee25a834751 9124 #ifdef SESSION_INDEX
wolfSSL 11:cee25a834751 9125 ssl->sessionIndex = (row << SESSIDX_ROW_SHIFT) | idx;
wolfSSL 11:cee25a834751 9126 #endif
wolfSSL 11:cee25a834751 9127 session = &SessionCache[row].Sessions[idx];
wolfSSL 11:cee25a834751 9128 }
wolfSSL 11:cee25a834751 9129
wolfSSL 11:cee25a834751 9130 XMEMCPY(session->masterSecret, ssl->arrays->masterSecret, SECRET_LEN);
wolfSSL 11:cee25a834751 9131 session->haveEMS = ssl->options.haveEMS;
wolfSSL 11:cee25a834751 9132 XMEMCPY(session->sessionID, ssl->arrays->sessionID, ID_LEN);
wolfSSL 11:cee25a834751 9133 session->sessionIDSz = ssl->arrays->sessionIDSz;
wolfSSL 11:cee25a834751 9134
wolfSSL 11:cee25a834751 9135 session->timeout = ssl->timeout;
wolfSSL 11:cee25a834751 9136 session->bornOn = LowResTimer();
wolfSSL 11:cee25a834751 9137
wolfSSL 11:cee25a834751 9138 #ifdef HAVE_SESSION_TICKET
wolfSSL 11:cee25a834751 9139 /* Check if another thread modified ticket since alloc */
wolfSSL 11:cee25a834751 9140 if (ticLen != ssl->session.ticketLen) {
wolfSSL 11:cee25a834751 9141 error = VAR_STATE_CHANGE_E;
wolfSSL 11:cee25a834751 9142 }
wolfSSL 11:cee25a834751 9143
wolfSSL 11:cee25a834751 9144 if (error == 0) {
wolfSSL 11:cee25a834751 9145 /* Cleanup cache row's old Dynamic buff if exists */
wolfSSL 11:cee25a834751 9146 if(session->isDynamic) {
wolfSSL 11:cee25a834751 9147 XFREE(session->ticket, ssl->heap, DYNAMIC_TYPE_SESSION_TICK);
wolfSSL 11:cee25a834751 9148 session->ticket = NULL;
wolfSSL 11:cee25a834751 9149 }
wolfSSL 11:cee25a834751 9150
wolfSSL 11:cee25a834751 9151 /* If too large to store in static buffer, use dyn buffer */
wolfSSL 11:cee25a834751 9152 if (ticLen > SESSION_TICKET_LEN) {
wolfSSL 11:cee25a834751 9153 session->ticket = tmpBuff;
wolfSSL 11:cee25a834751 9154 session->isDynamic = 1;
wolfSSL 11:cee25a834751 9155 } else {
wolfSSL 11:cee25a834751 9156 session->ticket = session->staticTicket;
wolfSSL 11:cee25a834751 9157 session->isDynamic = 0;
wolfSSL 11:cee25a834751 9158 }
wolfSSL 11:cee25a834751 9159 }
wolfSSL 11:cee25a834751 9160
wolfSSL 11:cee25a834751 9161 if (error == 0) {
wolfSSL 11:cee25a834751 9162 session->ticketLen = ticLen;
wolfSSL 11:cee25a834751 9163 XMEMCPY(session->ticket, ssl->session.ticket, ticLen);
wolfSSL 11:cee25a834751 9164 } else { /* cleanup, reset state */
wolfSSL 11:cee25a834751 9165 session->ticket = session->staticTicket;
wolfSSL 11:cee25a834751 9166 session->isDynamic = 0;
wolfSSL 11:cee25a834751 9167 session->ticketLen = 0;
wolfSSL 11:cee25a834751 9168 if (tmpBuff) {
wolfSSL 11:cee25a834751 9169 XFREE(tmpBuff, ssl->heap, DYNAMIC_TYPE_SESSION_TICK);
wolfSSL 11:cee25a834751 9170 tmpBuff = NULL;
wolfSSL 11:cee25a834751 9171 }
wolfSSL 11:cee25a834751 9172 }
wolfSSL 11:cee25a834751 9173 #endif
wolfSSL 11:cee25a834751 9174
wolfSSL 11:cee25a834751 9175 #ifdef SESSION_CERTS
wolfSSL 11:cee25a834751 9176 if (error == 0) {
wolfSSL 11:cee25a834751 9177 session->chain.count = ssl->session.chain.count;
wolfSSL 11:cee25a834751 9178 XMEMCPY(session->chain.certs, ssl->session.chain.certs,
wolfSSL 11:cee25a834751 9179 sizeof(x509_buffer) * MAX_CHAIN_DEPTH);
wolfSSL 11:cee25a834751 9180
wolfSSL 11:cee25a834751 9181 session->version = ssl->version;
wolfSSL 11:cee25a834751 9182 session->cipherSuite0 = ssl->options.cipherSuite0;
wolfSSL 11:cee25a834751 9183 session->cipherSuite = ssl->options.cipherSuite;
wolfSSL 11:cee25a834751 9184 }
wolfSSL 11:cee25a834751 9185 #endif /* SESSION_CERTS */
wolfSSL 11:cee25a834751 9186 #ifdef HAVE_EXT_CACHE
wolfSSL 11:cee25a834751 9187 if (!ssl->options.internalCacheOff)
wolfSSL 11:cee25a834751 9188 #endif
wolfSSL 11:cee25a834751 9189 {
wolfSSL 11:cee25a834751 9190 if (error == 0) {
wolfSSL 11:cee25a834751 9191 SessionCache[row].totalCount++;
wolfSSL 11:cee25a834751 9192 if (SessionCache[row].nextIdx == SESSIONS_PER_ROW)
wolfSSL 11:cee25a834751 9193 SessionCache[row].nextIdx = 0;
wolfSSL 11:cee25a834751 9194 }
wolfSSL 11:cee25a834751 9195 }
wolfSSL 11:cee25a834751 9196 #ifndef NO_CLIENT_CACHE
wolfSSL 11:cee25a834751 9197 if (error == 0) {
wolfSSL 11:cee25a834751 9198 if (ssl->options.side == WOLFSSL_CLIENT_END && ssl->session.idLen) {
wolfSSL 11:cee25a834751 9199 word32 clientRow, clientIdx;
wolfSSL 11:cee25a834751 9200
wolfSSL 11:cee25a834751 9201 WOLFSSL_MSG("Adding client cache entry");
wolfSSL 11:cee25a834751 9202
wolfSSL 11:cee25a834751 9203 session->idLen = ssl->session.idLen;
wolfSSL 11:cee25a834751 9204 XMEMCPY(session->serverID, ssl->session.serverID,
wolfSSL 11:cee25a834751 9205 ssl->session.idLen);
wolfSSL 11:cee25a834751 9206
wolfSSL 11:cee25a834751 9207 #ifdef HAVE_EXT_CACHE
wolfSSL 11:cee25a834751 9208 if (!ssl->options.internalCacheOff)
wolfSSL 11:cee25a834751 9209 #endif
wolfSSL 11:cee25a834751 9210 {
wolfSSL 11:cee25a834751 9211 clientRow = HashSession(ssl->session.serverID,
wolfSSL 11:cee25a834751 9212 ssl->session.idLen, &error) % SESSION_ROWS;
wolfSSL 11:cee25a834751 9213 if (error != 0) {
wolfSSL 11:cee25a834751 9214 WOLFSSL_MSG("Hash session failed");
wolfSSL 11:cee25a834751 9215 } else {
wolfSSL 11:cee25a834751 9216 clientIdx = ClientCache[clientRow].nextIdx++;
wolfSSL 11:cee25a834751 9217
wolfSSL 11:cee25a834751 9218 ClientCache[clientRow].Clients[clientIdx].serverRow =
wolfSSL 11:cee25a834751 9219 (word16)row;
wolfSSL 11:cee25a834751 9220 ClientCache[clientRow].Clients[clientIdx].serverIdx =
wolfSSL 11:cee25a834751 9221 (word16)idx;
wolfSSL 11:cee25a834751 9222
wolfSSL 11:cee25a834751 9223 ClientCache[clientRow].totalCount++;
wolfSSL 11:cee25a834751 9224 if (ClientCache[clientRow].nextIdx == SESSIONS_PER_ROW)
wolfSSL 11:cee25a834751 9225 ClientCache[clientRow].nextIdx = 0;
wolfSSL 11:cee25a834751 9226 }
wolfSSL 11:cee25a834751 9227 }
wolfSSL 11:cee25a834751 9228 }
wolfSSL 11:cee25a834751 9229 else
wolfSSL 11:cee25a834751 9230 session->idLen = 0;
wolfSSL 11:cee25a834751 9231 }
wolfSSL 11:cee25a834751 9232 #endif /* NO_CLIENT_CACHE */
wolfSSL 11:cee25a834751 9233
wolfSSL 11:cee25a834751 9234 #if defined(WOLFSSL_SESSION_STATS) && defined(WOLFSSL_PEAK_SESSIONS)
wolfSSL 11:cee25a834751 9235 #ifdef HAVE_EXT_CACHE
wolfSSL 11:cee25a834751 9236 if (!ssl->options.internalCacheOff)
wolfSSL 11:cee25a834751 9237 #endif
wolfSSL 11:cee25a834751 9238 {
wolfSSL 11:cee25a834751 9239 if (error == 0) {
wolfSSL 11:cee25a834751 9240 word32 active = 0;
wolfSSL 11:cee25a834751 9241
wolfSSL 11:cee25a834751 9242 error = get_locked_session_stats(&active, NULL, NULL);
wolfSSL 11:cee25a834751 9243 if (error == SSL_SUCCESS) {
wolfSSL 11:cee25a834751 9244 error = 0; /* back to this function ok */
wolfSSL 11:cee25a834751 9245
wolfSSL 11:cee25a834751 9246 if (active > PeakSessions)
wolfSSL 11:cee25a834751 9247 PeakSessions = active;
wolfSSL 11:cee25a834751 9248 }
wolfSSL 11:cee25a834751 9249 }
wolfSSL 11:cee25a834751 9250 }
wolfSSL 11:cee25a834751 9251 #endif /* defined(WOLFSSL_SESSION_STATS) && defined(WOLFSSL_PEAK_SESSIONS) */
wolfSSL 11:cee25a834751 9252
wolfSSL 11:cee25a834751 9253 #ifdef HAVE_EXT_CACHE
wolfSSL 11:cee25a834751 9254 if (!ssl->options.internalCacheOff)
wolfSSL 11:cee25a834751 9255 #endif
wolfSSL 11:cee25a834751 9256 {
wolfSSL 11:cee25a834751 9257 if (wc_UnLockMutex(&session_mutex) != 0)
wolfSSL 11:cee25a834751 9258 return BAD_MUTEX_E;
wolfSSL 11:cee25a834751 9259 }
wolfSSL 11:cee25a834751 9260
wolfSSL 11:cee25a834751 9261 #ifdef HAVE_EXT_CACHE
wolfSSL 11:cee25a834751 9262 if (error == 0 && ssl->ctx->new_sess_cb != NULL)
wolfSSL 11:cee25a834751 9263 ssl->ctx->new_sess_cb(ssl, session);
wolfSSL 11:cee25a834751 9264 if (ssl->options.internalCacheOff)
wolfSSL 11:cee25a834751 9265 wolfSSL_SESSION_free(session);
wolfSSL 11:cee25a834751 9266 #endif
wolfSSL 11:cee25a834751 9267
wolfSSL 11:cee25a834751 9268 return error;
wolfSSL 11:cee25a834751 9269 }
wolfSSL 11:cee25a834751 9270
wolfSSL 11:cee25a834751 9271
wolfSSL 11:cee25a834751 9272 #ifdef SESSION_INDEX
wolfSSL 11:cee25a834751 9273
wolfSSL 11:cee25a834751 9274 int wolfSSL_GetSessionIndex(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 9275 {
wolfSSL 11:cee25a834751 9276 WOLFSSL_ENTER("wolfSSL_GetSessionIndex");
wolfSSL 11:cee25a834751 9277 WOLFSSL_LEAVE("wolfSSL_GetSessionIndex", ssl->sessionIndex);
wolfSSL 11:cee25a834751 9278 return ssl->sessionIndex;
wolfSSL 11:cee25a834751 9279 }
wolfSSL 11:cee25a834751 9280
wolfSSL 11:cee25a834751 9281
wolfSSL 11:cee25a834751 9282 int wolfSSL_GetSessionAtIndex(int idx, WOLFSSL_SESSION* session)
wolfSSL 11:cee25a834751 9283 {
wolfSSL 11:cee25a834751 9284 int row, col, result = SSL_FAILURE;
wolfSSL 11:cee25a834751 9285
wolfSSL 11:cee25a834751 9286 WOLFSSL_ENTER("wolfSSL_GetSessionAtIndex");
wolfSSL 11:cee25a834751 9287
wolfSSL 11:cee25a834751 9288 row = idx >> SESSIDX_ROW_SHIFT;
wolfSSL 11:cee25a834751 9289 col = idx & SESSIDX_IDX_MASK;
wolfSSL 11:cee25a834751 9290
wolfSSL 11:cee25a834751 9291 if (wc_LockMutex(&session_mutex) != 0) {
wolfSSL 11:cee25a834751 9292 return BAD_MUTEX_E;
wolfSSL 11:cee25a834751 9293 }
wolfSSL 11:cee25a834751 9294
wolfSSL 11:cee25a834751 9295 if (row < SESSION_ROWS &&
wolfSSL 11:cee25a834751 9296 col < (int)min(SessionCache[row].totalCount, SESSIONS_PER_ROW)) {
wolfSSL 11:cee25a834751 9297 XMEMCPY(session,
wolfSSL 11:cee25a834751 9298 &SessionCache[row].Sessions[col], sizeof(WOLFSSL_SESSION));
wolfSSL 11:cee25a834751 9299 result = SSL_SUCCESS;
wolfSSL 11:cee25a834751 9300 }
wolfSSL 11:cee25a834751 9301
wolfSSL 11:cee25a834751 9302 if (wc_UnLockMutex(&session_mutex) != 0)
wolfSSL 11:cee25a834751 9303 result = BAD_MUTEX_E;
wolfSSL 11:cee25a834751 9304
wolfSSL 11:cee25a834751 9305 WOLFSSL_LEAVE("wolfSSL_GetSessionAtIndex", result);
wolfSSL 11:cee25a834751 9306 return result;
wolfSSL 11:cee25a834751 9307 }
wolfSSL 11:cee25a834751 9308
wolfSSL 11:cee25a834751 9309 #endif /* SESSION_INDEX */
wolfSSL 11:cee25a834751 9310
wolfSSL 11:cee25a834751 9311 #if defined(SESSION_INDEX) && defined(SESSION_CERTS)
wolfSSL 11:cee25a834751 9312
wolfSSL 11:cee25a834751 9313 WOLFSSL_X509_CHAIN* wolfSSL_SESSION_get_peer_chain(WOLFSSL_SESSION* session)
wolfSSL 11:cee25a834751 9314 {
wolfSSL 11:cee25a834751 9315 WOLFSSL_X509_CHAIN* chain = NULL;
wolfSSL 11:cee25a834751 9316
wolfSSL 11:cee25a834751 9317 WOLFSSL_ENTER("wolfSSL_SESSION_get_peer_chain");
wolfSSL 11:cee25a834751 9318 if (session)
wolfSSL 11:cee25a834751 9319 chain = &session->chain;
wolfSSL 11:cee25a834751 9320
wolfSSL 11:cee25a834751 9321 WOLFSSL_LEAVE("wolfSSL_SESSION_get_peer_chain", chain ? 1 : 0);
wolfSSL 11:cee25a834751 9322 return chain;
wolfSSL 11:cee25a834751 9323 }
wolfSSL 11:cee25a834751 9324
wolfSSL 11:cee25a834751 9325 #endif /* SESSION_INDEX && SESSION_CERTS */
wolfSSL 11:cee25a834751 9326
wolfSSL 11:cee25a834751 9327
wolfSSL 11:cee25a834751 9328 #ifdef WOLFSSL_SESSION_STATS
wolfSSL 11:cee25a834751 9329
wolfSSL 11:cee25a834751 9330 /* requires session_mutex lock held, SSL_SUCCESS on ok */
wolfSSL 11:cee25a834751 9331 static int get_locked_session_stats(word32* active, word32* total, word32* peak)
wolfSSL 11:cee25a834751 9332 {
wolfSSL 11:cee25a834751 9333 int result = SSL_SUCCESS;
wolfSSL 11:cee25a834751 9334 int i;
wolfSSL 11:cee25a834751 9335 int count;
wolfSSL 11:cee25a834751 9336 int idx;
wolfSSL 11:cee25a834751 9337 word32 now = 0;
wolfSSL 11:cee25a834751 9338 word32 seen = 0;
wolfSSL 11:cee25a834751 9339 word32 ticks = LowResTimer();
wolfSSL 11:cee25a834751 9340
wolfSSL 11:cee25a834751 9341 (void)peak;
wolfSSL 11:cee25a834751 9342
wolfSSL 11:cee25a834751 9343 WOLFSSL_ENTER("get_locked_session_stats");
wolfSSL 11:cee25a834751 9344
wolfSSL 11:cee25a834751 9345 for (i = 0; i < SESSION_ROWS; i++) {
wolfSSL 11:cee25a834751 9346 seen += SessionCache[i].totalCount;
wolfSSL 11:cee25a834751 9347
wolfSSL 11:cee25a834751 9348 if (active == NULL)
wolfSSL 11:cee25a834751 9349 continue; /* no need to calculate what we can't set */
wolfSSL 11:cee25a834751 9350
wolfSSL 11:cee25a834751 9351 count = min((word32)SessionCache[i].totalCount, SESSIONS_PER_ROW);
wolfSSL 11:cee25a834751 9352 idx = SessionCache[i].nextIdx - 1;
wolfSSL 11:cee25a834751 9353 if (idx < 0)
wolfSSL 11:cee25a834751 9354 idx = SESSIONS_PER_ROW - 1; /* if back to front previous was end */
wolfSSL 11:cee25a834751 9355
wolfSSL 11:cee25a834751 9356 for (; count > 0; --count, idx = idx ? idx - 1 : SESSIONS_PER_ROW - 1) {
wolfSSL 11:cee25a834751 9357 if (idx >= SESSIONS_PER_ROW || idx < 0) { /* sanity check */
wolfSSL 11:cee25a834751 9358 WOLFSSL_MSG("Bad idx");
wolfSSL 11:cee25a834751 9359 break;
wolfSSL 11:cee25a834751 9360 }
wolfSSL 11:cee25a834751 9361
wolfSSL 11:cee25a834751 9362 /* if not expried then good */
wolfSSL 11:cee25a834751 9363 if (ticks < (SessionCache[i].Sessions[idx].bornOn +
wolfSSL 11:cee25a834751 9364 SessionCache[i].Sessions[idx].timeout) ) {
wolfSSL 11:cee25a834751 9365 now++;
wolfSSL 11:cee25a834751 9366 }
wolfSSL 11:cee25a834751 9367 }
wolfSSL 11:cee25a834751 9368 }
wolfSSL 11:cee25a834751 9369
wolfSSL 11:cee25a834751 9370 if (active)
wolfSSL 11:cee25a834751 9371 *active = now;
wolfSSL 11:cee25a834751 9372
wolfSSL 11:cee25a834751 9373 if (total)
wolfSSL 11:cee25a834751 9374 *total = seen;
wolfSSL 11:cee25a834751 9375
wolfSSL 11:cee25a834751 9376 #ifdef WOLFSSL_PEAK_SESSIONS
wolfSSL 11:cee25a834751 9377 if (peak)
wolfSSL 11:cee25a834751 9378 *peak = PeakSessions;
wolfSSL 11:cee25a834751 9379 #endif
wolfSSL 11:cee25a834751 9380
wolfSSL 11:cee25a834751 9381 WOLFSSL_LEAVE("get_locked_session_stats", result);
wolfSSL 11:cee25a834751 9382
wolfSSL 11:cee25a834751 9383 return result;
wolfSSL 11:cee25a834751 9384 }
wolfSSL 11:cee25a834751 9385
wolfSSL 11:cee25a834751 9386
wolfSSL 11:cee25a834751 9387 /* return SSL_SUCCESS on ok */
wolfSSL 11:cee25a834751 9388 int wolfSSL_get_session_stats(word32* active, word32* total, word32* peak,
wolfSSL 11:cee25a834751 9389 word32* maxSessions)
wolfSSL 11:cee25a834751 9390 {
wolfSSL 11:cee25a834751 9391 int result = SSL_SUCCESS;
wolfSSL 11:cee25a834751 9392
wolfSSL 11:cee25a834751 9393 WOLFSSL_ENTER("wolfSSL_get_session_stats");
wolfSSL 11:cee25a834751 9394
wolfSSL 11:cee25a834751 9395 if (maxSessions) {
wolfSSL 11:cee25a834751 9396 *maxSessions = SESSIONS_PER_ROW * SESSION_ROWS;
wolfSSL 11:cee25a834751 9397
wolfSSL 11:cee25a834751 9398 if (active == NULL && total == NULL && peak == NULL)
wolfSSL 11:cee25a834751 9399 return result; /* we're done */
wolfSSL 11:cee25a834751 9400 }
wolfSSL 11:cee25a834751 9401
wolfSSL 11:cee25a834751 9402 /* user must provide at least one query value */
wolfSSL 11:cee25a834751 9403 if (active == NULL && total == NULL && peak == NULL)
wolfSSL 11:cee25a834751 9404 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 9405
wolfSSL 11:cee25a834751 9406 if (wc_LockMutex(&session_mutex) != 0) {
wolfSSL 11:cee25a834751 9407 return BAD_MUTEX_E;
wolfSSL 11:cee25a834751 9408 }
wolfSSL 11:cee25a834751 9409
wolfSSL 11:cee25a834751 9410 result = get_locked_session_stats(active, total, peak);
wolfSSL 11:cee25a834751 9411
wolfSSL 11:cee25a834751 9412 if (wc_UnLockMutex(&session_mutex) != 0)
wolfSSL 11:cee25a834751 9413 result = BAD_MUTEX_E;
wolfSSL 11:cee25a834751 9414
wolfSSL 11:cee25a834751 9415 WOLFSSL_LEAVE("wolfSSL_get_session_stats", result);
wolfSSL 11:cee25a834751 9416
wolfSSL 11:cee25a834751 9417 return result;
wolfSSL 11:cee25a834751 9418 }
wolfSSL 11:cee25a834751 9419
wolfSSL 11:cee25a834751 9420 #endif /* WOLFSSL_SESSION_STATS */
wolfSSL 11:cee25a834751 9421
wolfSSL 11:cee25a834751 9422
wolfSSL 11:cee25a834751 9423 #ifdef PRINT_SESSION_STATS
wolfSSL 11:cee25a834751 9424
wolfSSL 11:cee25a834751 9425 /* SSL_SUCCESS on ok */
wolfSSL 11:cee25a834751 9426 int wolfSSL_PrintSessionStats(void)
wolfSSL 11:cee25a834751 9427 {
wolfSSL 11:cee25a834751 9428 word32 totalSessionsSeen = 0;
wolfSSL 11:cee25a834751 9429 word32 totalSessionsNow = 0;
wolfSSL 11:cee25a834751 9430 word32 peak = 0;
wolfSSL 11:cee25a834751 9431 word32 maxSessions = 0;
wolfSSL 11:cee25a834751 9432 int i;
wolfSSL 11:cee25a834751 9433 int ret;
wolfSSL 11:cee25a834751 9434 double E; /* expected freq */
wolfSSL 11:cee25a834751 9435 double chiSquare = 0;
wolfSSL 11:cee25a834751 9436
wolfSSL 11:cee25a834751 9437 ret = wolfSSL_get_session_stats(&totalSessionsNow, &totalSessionsSeen,
wolfSSL 11:cee25a834751 9438 &peak, &maxSessions);
wolfSSL 11:cee25a834751 9439 if (ret != SSL_SUCCESS)
wolfSSL 11:cee25a834751 9440 return ret;
wolfSSL 11:cee25a834751 9441 printf("Total Sessions Seen = %d\n", totalSessionsSeen);
wolfSSL 11:cee25a834751 9442 printf("Total Sessions Now = %d\n", totalSessionsNow);
wolfSSL 11:cee25a834751 9443 #ifdef WOLFSSL_PEAK_SESSIONS
wolfSSL 11:cee25a834751 9444 printf("Peak Sessions = %d\n", peak);
wolfSSL 11:cee25a834751 9445 #endif
wolfSSL 11:cee25a834751 9446 printf("Max Sessions = %d\n", maxSessions);
wolfSSL 11:cee25a834751 9447
wolfSSL 11:cee25a834751 9448 E = (double)totalSessionsSeen / SESSION_ROWS;
wolfSSL 11:cee25a834751 9449
wolfSSL 11:cee25a834751 9450 for (i = 0; i < SESSION_ROWS; i++) {
wolfSSL 11:cee25a834751 9451 double diff = SessionCache[i].totalCount - E;
wolfSSL 11:cee25a834751 9452 diff *= diff; /* square */
wolfSSL 11:cee25a834751 9453 diff /= E; /* normalize */
wolfSSL 11:cee25a834751 9454
wolfSSL 11:cee25a834751 9455 chiSquare += diff;
wolfSSL 11:cee25a834751 9456 }
wolfSSL 11:cee25a834751 9457 printf(" chi-square = %5.1f, d.f. = %d\n", chiSquare,
wolfSSL 11:cee25a834751 9458 SESSION_ROWS - 1);
wolfSSL 11:cee25a834751 9459 #if (SESSION_ROWS == 11)
wolfSSL 11:cee25a834751 9460 printf(" .05 p value = 18.3, chi-square should be less\n");
wolfSSL 11:cee25a834751 9461 #elif (SESSION_ROWS == 211)
wolfSSL 11:cee25a834751 9462 printf(".05 p value = 244.8, chi-square should be less\n");
wolfSSL 11:cee25a834751 9463 #elif (SESSION_ROWS == 5981)
wolfSSL 11:cee25a834751 9464 printf(".05 p value = 6161.0, chi-square should be less\n");
wolfSSL 11:cee25a834751 9465 #elif (SESSION_ROWS == 3)
wolfSSL 11:cee25a834751 9466 printf(".05 p value = 6.0, chi-square should be less\n");
wolfSSL 11:cee25a834751 9467 #elif (SESSION_ROWS == 2861)
wolfSSL 11:cee25a834751 9468 printf(".05 p value = 2985.5, chi-square should be less\n");
wolfSSL 11:cee25a834751 9469 #endif
wolfSSL 11:cee25a834751 9470 printf("\n");
wolfSSL 11:cee25a834751 9471
wolfSSL 11:cee25a834751 9472 return ret;
wolfSSL 11:cee25a834751 9473 }
wolfSSL 11:cee25a834751 9474
wolfSSL 11:cee25a834751 9475 #endif /* SESSION_STATS */
wolfSSL 11:cee25a834751 9476
wolfSSL 11:cee25a834751 9477 #else /* NO_SESSION_CACHE */
wolfSSL 11:cee25a834751 9478
wolfSSL 11:cee25a834751 9479 /* No session cache version */
wolfSSL 11:cee25a834751 9480 WOLFSSL_SESSION* GetSession(WOLFSSL* ssl, byte* masterSecret,
wolfSSL 11:cee25a834751 9481 byte restoreSessionCerts)
wolfSSL 11:cee25a834751 9482 {
wolfSSL 11:cee25a834751 9483 (void)ssl;
wolfSSL 11:cee25a834751 9484 (void)masterSecret;
wolfSSL 11:cee25a834751 9485 (void)restoreSessionCerts;
wolfSSL 11:cee25a834751 9486
wolfSSL 11:cee25a834751 9487 return NULL;
wolfSSL 11:cee25a834751 9488 }
wolfSSL 11:cee25a834751 9489
wolfSSL 11:cee25a834751 9490 #endif /* NO_SESSION_CACHE */
wolfSSL 11:cee25a834751 9491
wolfSSL 11:cee25a834751 9492
wolfSSL 11:cee25a834751 9493 /* call before SSL_connect, if verifying will add name check to
wolfSSL 11:cee25a834751 9494 date check and signature check */
wolfSSL 11:cee25a834751 9495 int wolfSSL_check_domain_name(WOLFSSL* ssl, const char* dn)
wolfSSL 11:cee25a834751 9496 {
wolfSSL 11:cee25a834751 9497 WOLFSSL_ENTER("wolfSSL_check_domain_name");
wolfSSL 11:cee25a834751 9498 if (ssl->buffers.domainName.buffer)
wolfSSL 11:cee25a834751 9499 XFREE(ssl->buffers.domainName.buffer, ssl->heap, DYNAMIC_TYPE_DOMAIN);
wolfSSL 11:cee25a834751 9500
wolfSSL 11:cee25a834751 9501 ssl->buffers.domainName.length = (word32)XSTRLEN(dn) + 1;
wolfSSL 11:cee25a834751 9502 ssl->buffers.domainName.buffer = (byte*) XMALLOC(
wolfSSL 11:cee25a834751 9503 ssl->buffers.domainName.length, ssl->heap, DYNAMIC_TYPE_DOMAIN);
wolfSSL 11:cee25a834751 9504
wolfSSL 11:cee25a834751 9505 if (ssl->buffers.domainName.buffer) {
wolfSSL 11:cee25a834751 9506 XSTRNCPY((char*)ssl->buffers.domainName.buffer, dn,
wolfSSL 11:cee25a834751 9507 ssl->buffers.domainName.length);
wolfSSL 11:cee25a834751 9508 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 9509 }
wolfSSL 11:cee25a834751 9510 else {
wolfSSL 11:cee25a834751 9511 ssl->error = MEMORY_ERROR;
wolfSSL 11:cee25a834751 9512 return SSL_FAILURE;
wolfSSL 11:cee25a834751 9513 }
wolfSSL 11:cee25a834751 9514 }
wolfSSL 11:cee25a834751 9515
wolfSSL 11:cee25a834751 9516
wolfSSL 11:cee25a834751 9517 /* turn on wolfSSL zlib compression
wolfSSL 11:cee25a834751 9518 returns SSL_SUCCESS for success, else error (not built in)
wolfSSL 11:cee25a834751 9519 */
wolfSSL 11:cee25a834751 9520 int wolfSSL_set_compression(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 9521 {
wolfSSL 11:cee25a834751 9522 WOLFSSL_ENTER("wolfSSL_set_compression");
wolfSSL 11:cee25a834751 9523 (void)ssl;
wolfSSL 11:cee25a834751 9524 #ifdef HAVE_LIBZ
wolfSSL 11:cee25a834751 9525 ssl->options.usingCompression = 1;
wolfSSL 11:cee25a834751 9526 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 9527 #else
wolfSSL 11:cee25a834751 9528 return NOT_COMPILED_IN;
wolfSSL 11:cee25a834751 9529 #endif
wolfSSL 11:cee25a834751 9530 }
wolfSSL 11:cee25a834751 9531
wolfSSL 11:cee25a834751 9532
wolfSSL 11:cee25a834751 9533 #ifndef USE_WINDOWS_API
wolfSSL 11:cee25a834751 9534 #ifndef NO_WRITEV
wolfSSL 11:cee25a834751 9535
wolfSSL 11:cee25a834751 9536 /* simulate writev semantics, doesn't actually do block at a time though
wolfSSL 11:cee25a834751 9537 because of SSL_write behavior and because front adds may be small */
wolfSSL 11:cee25a834751 9538 int wolfSSL_writev(WOLFSSL* ssl, const struct iovec* iov, int iovcnt)
wolfSSL 11:cee25a834751 9539 {
wolfSSL 11:cee25a834751 9540 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 9541 byte staticBuffer[1]; /* force heap usage */
wolfSSL 11:cee25a834751 9542 #else
wolfSSL 11:cee25a834751 9543 byte staticBuffer[FILE_BUFFER_SIZE];
wolfSSL 11:cee25a834751 9544 #endif
wolfSSL 11:cee25a834751 9545 byte* myBuffer = staticBuffer;
wolfSSL 11:cee25a834751 9546 int dynamic = 0;
wolfSSL 11:cee25a834751 9547 int sending = 0;
wolfSSL 11:cee25a834751 9548 int idx = 0;
wolfSSL 11:cee25a834751 9549 int i;
wolfSSL 11:cee25a834751 9550 int ret;
wolfSSL 11:cee25a834751 9551
wolfSSL 11:cee25a834751 9552 WOLFSSL_ENTER("wolfSSL_writev");
wolfSSL 11:cee25a834751 9553
wolfSSL 11:cee25a834751 9554 for (i = 0; i < iovcnt; i++)
wolfSSL 11:cee25a834751 9555 sending += (int)iov[i].iov_len;
wolfSSL 11:cee25a834751 9556
wolfSSL 11:cee25a834751 9557 if (sending > (int)sizeof(staticBuffer)) {
wolfSSL 11:cee25a834751 9558 myBuffer = (byte*)XMALLOC(sending, ssl->heap,
wolfSSL 11:cee25a834751 9559 DYNAMIC_TYPE_WRITEV);
wolfSSL 11:cee25a834751 9560 if (!myBuffer)
wolfSSL 11:cee25a834751 9561 return MEMORY_ERROR;
wolfSSL 11:cee25a834751 9562
wolfSSL 11:cee25a834751 9563 dynamic = 1;
wolfSSL 11:cee25a834751 9564 }
wolfSSL 11:cee25a834751 9565
wolfSSL 11:cee25a834751 9566 for (i = 0; i < iovcnt; i++) {
wolfSSL 11:cee25a834751 9567 XMEMCPY(&myBuffer[idx], iov[i].iov_base, iov[i].iov_len);
wolfSSL 11:cee25a834751 9568 idx += (int)iov[i].iov_len;
wolfSSL 11:cee25a834751 9569 }
wolfSSL 11:cee25a834751 9570
wolfSSL 11:cee25a834751 9571 ret = wolfSSL_write(ssl, myBuffer, sending);
wolfSSL 11:cee25a834751 9572
wolfSSL 11:cee25a834751 9573 if (dynamic)
wolfSSL 11:cee25a834751 9574 XFREE(myBuffer, ssl->heap, DYNAMIC_TYPE_WRITEV);
wolfSSL 11:cee25a834751 9575
wolfSSL 11:cee25a834751 9576 return ret;
wolfSSL 11:cee25a834751 9577 }
wolfSSL 11:cee25a834751 9578 #endif
wolfSSL 11:cee25a834751 9579 #endif
wolfSSL 11:cee25a834751 9580
wolfSSL 11:cee25a834751 9581
wolfSSL 11:cee25a834751 9582 #ifdef WOLFSSL_CALLBACKS
wolfSSL 11:cee25a834751 9583
wolfSSL 11:cee25a834751 9584 typedef struct itimerval Itimerval;
wolfSSL 11:cee25a834751 9585
wolfSSL 11:cee25a834751 9586 /* don't keep calling simple functions while setting up timer and signals
wolfSSL 11:cee25a834751 9587 if no inlining these are the next best */
wolfSSL 11:cee25a834751 9588
wolfSSL 11:cee25a834751 9589 #define AddTimes(a, b, c) \
wolfSSL 11:cee25a834751 9590 do { \
wolfSSL 11:cee25a834751 9591 c.tv_sec = a.tv_sec + b.tv_sec; \
wolfSSL 11:cee25a834751 9592 c.tv_usec = a.tv_usec + b.tv_usec; \
wolfSSL 11:cee25a834751 9593 if (c.tv_usec >= 1000000) { \
wolfSSL 11:cee25a834751 9594 c.tv_sec++; \
wolfSSL 11:cee25a834751 9595 c.tv_usec -= 1000000; \
wolfSSL 11:cee25a834751 9596 } \
wolfSSL 11:cee25a834751 9597 } while (0)
wolfSSL 11:cee25a834751 9598
wolfSSL 11:cee25a834751 9599
wolfSSL 11:cee25a834751 9600 #define SubtractTimes(a, b, c) \
wolfSSL 11:cee25a834751 9601 do { \
wolfSSL 11:cee25a834751 9602 c.tv_sec = a.tv_sec - b.tv_sec; \
wolfSSL 11:cee25a834751 9603 c.tv_usec = a.tv_usec - b.tv_usec; \
wolfSSL 11:cee25a834751 9604 if (c.tv_usec < 0) { \
wolfSSL 11:cee25a834751 9605 c.tv_sec--; \
wolfSSL 11:cee25a834751 9606 c.tv_usec += 1000000; \
wolfSSL 11:cee25a834751 9607 } \
wolfSSL 11:cee25a834751 9608 } while (0)
wolfSSL 11:cee25a834751 9609
wolfSSL 11:cee25a834751 9610 #define CmpTimes(a, b, cmp) \
wolfSSL 11:cee25a834751 9611 ((a.tv_sec == b.tv_sec) ? \
wolfSSL 11:cee25a834751 9612 (a.tv_usec cmp b.tv_usec) : \
wolfSSL 11:cee25a834751 9613 (a.tv_sec cmp b.tv_sec)) \
wolfSSL 11:cee25a834751 9614
wolfSSL 11:cee25a834751 9615
wolfSSL 11:cee25a834751 9616 /* do nothing handler */
wolfSSL 11:cee25a834751 9617 static void myHandler(int signo)
wolfSSL 11:cee25a834751 9618 {
wolfSSL 11:cee25a834751 9619 (void)signo;
wolfSSL 11:cee25a834751 9620 return;
wolfSSL 11:cee25a834751 9621 }
wolfSSL 11:cee25a834751 9622
wolfSSL 11:cee25a834751 9623
wolfSSL 11:cee25a834751 9624 static int wolfSSL_ex_wrapper(WOLFSSL* ssl, HandShakeCallBack hsCb,
wolfSSL 11:cee25a834751 9625 TimeoutCallBack toCb, Timeval timeout)
wolfSSL 11:cee25a834751 9626 {
wolfSSL 11:cee25a834751 9627 int ret = SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 9628 int oldTimerOn = 0; /* was timer already on */
wolfSSL 11:cee25a834751 9629 Timeval startTime;
wolfSSL 11:cee25a834751 9630 Timeval endTime;
wolfSSL 11:cee25a834751 9631 Timeval totalTime;
wolfSSL 11:cee25a834751 9632 Itimerval myTimeout;
wolfSSL 11:cee25a834751 9633 Itimerval oldTimeout; /* if old timer adjust from total time to reset */
wolfSSL 11:cee25a834751 9634 struct sigaction act, oact;
wolfSSL 11:cee25a834751 9635
wolfSSL 11:cee25a834751 9636 #define ERR_OUT(x) { ssl->hsInfoOn = 0; ssl->toInfoOn = 0; return x; }
wolfSSL 11:cee25a834751 9637
wolfSSL 11:cee25a834751 9638 if (hsCb) {
wolfSSL 11:cee25a834751 9639 ssl->hsInfoOn = 1;
wolfSSL 11:cee25a834751 9640 InitHandShakeInfo(&ssl->handShakeInfo, ssl);
wolfSSL 11:cee25a834751 9641 }
wolfSSL 11:cee25a834751 9642 if (toCb) {
wolfSSL 11:cee25a834751 9643 ssl->toInfoOn = 1;
wolfSSL 11:cee25a834751 9644 InitTimeoutInfo(&ssl->timeoutInfo);
wolfSSL 11:cee25a834751 9645
wolfSSL 11:cee25a834751 9646 if (gettimeofday(&startTime, 0) < 0)
wolfSSL 11:cee25a834751 9647 ERR_OUT(GETTIME_ERROR);
wolfSSL 11:cee25a834751 9648
wolfSSL 11:cee25a834751 9649 /* use setitimer to simulate getitimer, init 0 myTimeout */
wolfSSL 11:cee25a834751 9650 myTimeout.it_interval.tv_sec = 0;
wolfSSL 11:cee25a834751 9651 myTimeout.it_interval.tv_usec = 0;
wolfSSL 11:cee25a834751 9652 myTimeout.it_value.tv_sec = 0;
wolfSSL 11:cee25a834751 9653 myTimeout.it_value.tv_usec = 0;
wolfSSL 11:cee25a834751 9654 if (setitimer(ITIMER_REAL, &myTimeout, &oldTimeout) < 0)
wolfSSL 11:cee25a834751 9655 ERR_OUT(SETITIMER_ERROR);
wolfSSL 11:cee25a834751 9656
wolfSSL 11:cee25a834751 9657 if (oldTimeout.it_value.tv_sec || oldTimeout.it_value.tv_usec) {
wolfSSL 11:cee25a834751 9658 oldTimerOn = 1;
wolfSSL 11:cee25a834751 9659
wolfSSL 11:cee25a834751 9660 /* is old timer going to expire before ours */
wolfSSL 11:cee25a834751 9661 if (CmpTimes(oldTimeout.it_value, timeout, <)) {
wolfSSL 11:cee25a834751 9662 timeout.tv_sec = oldTimeout.it_value.tv_sec;
wolfSSL 11:cee25a834751 9663 timeout.tv_usec = oldTimeout.it_value.tv_usec;
wolfSSL 11:cee25a834751 9664 }
wolfSSL 11:cee25a834751 9665 }
wolfSSL 11:cee25a834751 9666 myTimeout.it_value.tv_sec = timeout.tv_sec;
wolfSSL 11:cee25a834751 9667 myTimeout.it_value.tv_usec = timeout.tv_usec;
wolfSSL 11:cee25a834751 9668
wolfSSL 11:cee25a834751 9669 /* set up signal handler, don't restart socket send/recv */
wolfSSL 11:cee25a834751 9670 act.sa_handler = myHandler;
wolfSSL 11:cee25a834751 9671 sigemptyset(&act.sa_mask);
wolfSSL 11:cee25a834751 9672 act.sa_flags = 0;
wolfSSL 11:cee25a834751 9673 #ifdef SA_INTERRUPT
wolfSSL 11:cee25a834751 9674 act.sa_flags |= SA_INTERRUPT;
wolfSSL 11:cee25a834751 9675 #endif
wolfSSL 11:cee25a834751 9676 if (sigaction(SIGALRM, &act, &oact) < 0)
wolfSSL 11:cee25a834751 9677 ERR_OUT(SIGACT_ERROR);
wolfSSL 11:cee25a834751 9678
wolfSSL 11:cee25a834751 9679 if (setitimer(ITIMER_REAL, &myTimeout, 0) < 0)
wolfSSL 11:cee25a834751 9680 ERR_OUT(SETITIMER_ERROR);
wolfSSL 11:cee25a834751 9681 }
wolfSSL 11:cee25a834751 9682
wolfSSL 11:cee25a834751 9683 /* do main work */
wolfSSL 11:cee25a834751 9684 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 11:cee25a834751 9685 if (ssl->options.side == WOLFSSL_CLIENT_END)
wolfSSL 11:cee25a834751 9686 ret = wolfSSL_connect(ssl);
wolfSSL 11:cee25a834751 9687 #endif
wolfSSL 11:cee25a834751 9688 #ifndef NO_WOLFSSL_SERVER
wolfSSL 11:cee25a834751 9689 if (ssl->options.side == WOLFSSL_SERVER_END)
wolfSSL 11:cee25a834751 9690 ret = wolfSSL_accept(ssl);
wolfSSL 11:cee25a834751 9691 #endif
wolfSSL 11:cee25a834751 9692
wolfSSL 11:cee25a834751 9693 /* do callbacks */
wolfSSL 11:cee25a834751 9694 if (toCb) {
wolfSSL 11:cee25a834751 9695 if (oldTimerOn) {
wolfSSL 11:cee25a834751 9696 gettimeofday(&endTime, 0);
wolfSSL 11:cee25a834751 9697 SubtractTimes(endTime, startTime, totalTime);
wolfSSL 11:cee25a834751 9698 /* adjust old timer for elapsed time */
wolfSSL 11:cee25a834751 9699 if (CmpTimes(totalTime, oldTimeout.it_value, <))
wolfSSL 11:cee25a834751 9700 SubtractTimes(oldTimeout.it_value, totalTime,
wolfSSL 11:cee25a834751 9701 oldTimeout.it_value);
wolfSSL 11:cee25a834751 9702 else {
wolfSSL 11:cee25a834751 9703 /* reset value to interval, may be off */
wolfSSL 11:cee25a834751 9704 oldTimeout.it_value.tv_sec = oldTimeout.it_interval.tv_sec;
wolfSSL 11:cee25a834751 9705 oldTimeout.it_value.tv_usec =oldTimeout.it_interval.tv_usec;
wolfSSL 11:cee25a834751 9706 }
wolfSSL 11:cee25a834751 9707 /* keep iter the same whether there or not */
wolfSSL 11:cee25a834751 9708 }
wolfSSL 11:cee25a834751 9709 /* restore old handler */
wolfSSL 11:cee25a834751 9710 if (sigaction(SIGALRM, &oact, 0) < 0)
wolfSSL 11:cee25a834751 9711 ret = SIGACT_ERROR; /* more pressing error, stomp */
wolfSSL 11:cee25a834751 9712 else
wolfSSL 11:cee25a834751 9713 /* use old settings which may turn off (expired or not there) */
wolfSSL 11:cee25a834751 9714 if (setitimer(ITIMER_REAL, &oldTimeout, 0) < 0)
wolfSSL 11:cee25a834751 9715 ret = SETITIMER_ERROR;
wolfSSL 11:cee25a834751 9716
wolfSSL 11:cee25a834751 9717 /* if we had a timeout call callback */
wolfSSL 11:cee25a834751 9718 if (ssl->timeoutInfo.timeoutName[0]) {
wolfSSL 11:cee25a834751 9719 ssl->timeoutInfo.timeoutValue.tv_sec = timeout.tv_sec;
wolfSSL 11:cee25a834751 9720 ssl->timeoutInfo.timeoutValue.tv_usec = timeout.tv_usec;
wolfSSL 11:cee25a834751 9721 (toCb)(&ssl->timeoutInfo);
wolfSSL 11:cee25a834751 9722 }
wolfSSL 11:cee25a834751 9723 /* clean up */
wolfSSL 11:cee25a834751 9724 FreeTimeoutInfo(&ssl->timeoutInfo, ssl->heap);
wolfSSL 11:cee25a834751 9725 ssl->toInfoOn = 0;
wolfSSL 11:cee25a834751 9726 }
wolfSSL 11:cee25a834751 9727 if (hsCb) {
wolfSSL 11:cee25a834751 9728 FinishHandShakeInfo(&ssl->handShakeInfo);
wolfSSL 11:cee25a834751 9729 (hsCb)(&ssl->handShakeInfo);
wolfSSL 11:cee25a834751 9730 ssl->hsInfoOn = 0;
wolfSSL 11:cee25a834751 9731 }
wolfSSL 11:cee25a834751 9732 return ret;
wolfSSL 11:cee25a834751 9733 }
wolfSSL 11:cee25a834751 9734
wolfSSL 11:cee25a834751 9735
wolfSSL 11:cee25a834751 9736 #ifndef NO_WOLFSSL_CLIENT
wolfSSL 11:cee25a834751 9737
wolfSSL 11:cee25a834751 9738 int wolfSSL_connect_ex(WOLFSSL* ssl, HandShakeCallBack hsCb,
wolfSSL 11:cee25a834751 9739 TimeoutCallBack toCb, Timeval timeout)
wolfSSL 11:cee25a834751 9740 {
wolfSSL 11:cee25a834751 9741 WOLFSSL_ENTER("wolfSSL_connect_ex");
wolfSSL 11:cee25a834751 9742 return wolfSSL_ex_wrapper(ssl, hsCb, toCb, timeout);
wolfSSL 11:cee25a834751 9743 }
wolfSSL 11:cee25a834751 9744
wolfSSL 11:cee25a834751 9745 #endif
wolfSSL 11:cee25a834751 9746
wolfSSL 11:cee25a834751 9747
wolfSSL 11:cee25a834751 9748 #ifndef NO_WOLFSSL_SERVER
wolfSSL 11:cee25a834751 9749
wolfSSL 11:cee25a834751 9750 int wolfSSL_accept_ex(WOLFSSL* ssl, HandShakeCallBack hsCb,
wolfSSL 11:cee25a834751 9751 TimeoutCallBack toCb,Timeval timeout)
wolfSSL 11:cee25a834751 9752 {
wolfSSL 11:cee25a834751 9753 WOLFSSL_ENTER("wolfSSL_accept_ex");
wolfSSL 11:cee25a834751 9754 return wolfSSL_ex_wrapper(ssl, hsCb, toCb, timeout);
wolfSSL 11:cee25a834751 9755 }
wolfSSL 11:cee25a834751 9756
wolfSSL 11:cee25a834751 9757 #endif
wolfSSL 11:cee25a834751 9758
wolfSSL 11:cee25a834751 9759 #endif /* WOLFSSL_CALLBACKS */
wolfSSL 11:cee25a834751 9760
wolfSSL 11:cee25a834751 9761
wolfSSL 11:cee25a834751 9762 #ifndef NO_PSK
wolfSSL 11:cee25a834751 9763
wolfSSL 11:cee25a834751 9764 void wolfSSL_CTX_set_psk_client_callback(WOLFSSL_CTX* ctx,
wolfSSL 11:cee25a834751 9765 wc_psk_client_callback cb)
wolfSSL 11:cee25a834751 9766 {
wolfSSL 11:cee25a834751 9767 WOLFSSL_ENTER("SSL_CTX_set_psk_client_callback");
wolfSSL 11:cee25a834751 9768 ctx->havePSK = 1;
wolfSSL 11:cee25a834751 9769 ctx->client_psk_cb = cb;
wolfSSL 11:cee25a834751 9770 }
wolfSSL 11:cee25a834751 9771
wolfSSL 11:cee25a834751 9772
wolfSSL 11:cee25a834751 9773 void wolfSSL_set_psk_client_callback(WOLFSSL* ssl,wc_psk_client_callback cb)
wolfSSL 11:cee25a834751 9774 {
wolfSSL 11:cee25a834751 9775 byte haveRSA = 1;
wolfSSL 11:cee25a834751 9776
wolfSSL 11:cee25a834751 9777 WOLFSSL_ENTER("SSL_set_psk_client_callback");
wolfSSL 11:cee25a834751 9778 ssl->options.havePSK = 1;
wolfSSL 11:cee25a834751 9779 ssl->options.client_psk_cb = cb;
wolfSSL 11:cee25a834751 9780
wolfSSL 11:cee25a834751 9781 #ifdef NO_RSA
wolfSSL 11:cee25a834751 9782 haveRSA = 0;
wolfSSL 11:cee25a834751 9783 #endif
wolfSSL 11:cee25a834751 9784 InitSuites(ssl->suites, ssl->version, haveRSA, TRUE,
wolfSSL 11:cee25a834751 9785 ssl->options.haveDH, ssl->options.haveNTRU,
wolfSSL 11:cee25a834751 9786 ssl->options.haveECDSAsig, ssl->options.haveECC,
wolfSSL 11:cee25a834751 9787 ssl->options.haveStaticECC, ssl->options.side);
wolfSSL 11:cee25a834751 9788 }
wolfSSL 11:cee25a834751 9789
wolfSSL 11:cee25a834751 9790
wolfSSL 11:cee25a834751 9791 void wolfSSL_CTX_set_psk_server_callback(WOLFSSL_CTX* ctx,
wolfSSL 11:cee25a834751 9792 wc_psk_server_callback cb)
wolfSSL 11:cee25a834751 9793 {
wolfSSL 11:cee25a834751 9794 WOLFSSL_ENTER("SSL_CTX_set_psk_server_callback");
wolfSSL 11:cee25a834751 9795 ctx->havePSK = 1;
wolfSSL 11:cee25a834751 9796 ctx->server_psk_cb = cb;
wolfSSL 11:cee25a834751 9797 }
wolfSSL 11:cee25a834751 9798
wolfSSL 11:cee25a834751 9799
wolfSSL 11:cee25a834751 9800 void wolfSSL_set_psk_server_callback(WOLFSSL* ssl,wc_psk_server_callback cb)
wolfSSL 11:cee25a834751 9801 {
wolfSSL 11:cee25a834751 9802 byte haveRSA = 1;
wolfSSL 11:cee25a834751 9803
wolfSSL 11:cee25a834751 9804 WOLFSSL_ENTER("SSL_set_psk_server_callback");
wolfSSL 11:cee25a834751 9805 ssl->options.havePSK = 1;
wolfSSL 11:cee25a834751 9806 ssl->options.server_psk_cb = cb;
wolfSSL 11:cee25a834751 9807
wolfSSL 11:cee25a834751 9808 #ifdef NO_RSA
wolfSSL 11:cee25a834751 9809 haveRSA = 0;
wolfSSL 11:cee25a834751 9810 #endif
wolfSSL 11:cee25a834751 9811 InitSuites(ssl->suites, ssl->version, haveRSA, TRUE,
wolfSSL 11:cee25a834751 9812 ssl->options.haveDH, ssl->options.haveNTRU,
wolfSSL 11:cee25a834751 9813 ssl->options.haveECDSAsig, ssl->options.haveECC,
wolfSSL 11:cee25a834751 9814 ssl->options.haveStaticECC, ssl->options.side);
wolfSSL 11:cee25a834751 9815 }
wolfSSL 11:cee25a834751 9816
wolfSSL 11:cee25a834751 9817
wolfSSL 11:cee25a834751 9818 const char* wolfSSL_get_psk_identity_hint(const WOLFSSL* ssl)
wolfSSL 11:cee25a834751 9819 {
wolfSSL 11:cee25a834751 9820 WOLFSSL_ENTER("SSL_get_psk_identity_hint");
wolfSSL 11:cee25a834751 9821
wolfSSL 11:cee25a834751 9822 if (ssl == NULL || ssl->arrays == NULL)
wolfSSL 11:cee25a834751 9823 return NULL;
wolfSSL 11:cee25a834751 9824
wolfSSL 11:cee25a834751 9825 return ssl->arrays->server_hint;
wolfSSL 11:cee25a834751 9826 }
wolfSSL 11:cee25a834751 9827
wolfSSL 11:cee25a834751 9828
wolfSSL 11:cee25a834751 9829 const char* wolfSSL_get_psk_identity(const WOLFSSL* ssl)
wolfSSL 11:cee25a834751 9830 {
wolfSSL 11:cee25a834751 9831 WOLFSSL_ENTER("SSL_get_psk_identity");
wolfSSL 11:cee25a834751 9832
wolfSSL 11:cee25a834751 9833 if (ssl == NULL || ssl->arrays == NULL)
wolfSSL 11:cee25a834751 9834 return NULL;
wolfSSL 11:cee25a834751 9835
wolfSSL 11:cee25a834751 9836 return ssl->arrays->client_identity;
wolfSSL 11:cee25a834751 9837 }
wolfSSL 11:cee25a834751 9838
wolfSSL 11:cee25a834751 9839
wolfSSL 11:cee25a834751 9840 int wolfSSL_CTX_use_psk_identity_hint(WOLFSSL_CTX* ctx, const char* hint)
wolfSSL 11:cee25a834751 9841 {
wolfSSL 11:cee25a834751 9842 WOLFSSL_ENTER("SSL_CTX_use_psk_identity_hint");
wolfSSL 11:cee25a834751 9843 if (hint == 0)
wolfSSL 11:cee25a834751 9844 ctx->server_hint[0] = 0;
wolfSSL 11:cee25a834751 9845 else {
wolfSSL 11:cee25a834751 9846 XSTRNCPY(ctx->server_hint, hint, sizeof(ctx->server_hint));
wolfSSL 11:cee25a834751 9847 ctx->server_hint[MAX_PSK_ID_LEN] = '\0'; /* null term */
wolfSSL 11:cee25a834751 9848 }
wolfSSL 11:cee25a834751 9849 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 9850 }
wolfSSL 11:cee25a834751 9851
wolfSSL 11:cee25a834751 9852
wolfSSL 11:cee25a834751 9853 int wolfSSL_use_psk_identity_hint(WOLFSSL* ssl, const char* hint)
wolfSSL 11:cee25a834751 9854 {
wolfSSL 11:cee25a834751 9855 WOLFSSL_ENTER("SSL_use_psk_identity_hint");
wolfSSL 11:cee25a834751 9856
wolfSSL 11:cee25a834751 9857 if (ssl == NULL || ssl->arrays == NULL)
wolfSSL 11:cee25a834751 9858 return SSL_FAILURE;
wolfSSL 11:cee25a834751 9859
wolfSSL 11:cee25a834751 9860 if (hint == 0)
wolfSSL 11:cee25a834751 9861 ssl->arrays->server_hint[0] = 0;
wolfSSL 11:cee25a834751 9862 else {
wolfSSL 11:cee25a834751 9863 XSTRNCPY(ssl->arrays->server_hint, hint,
wolfSSL 11:cee25a834751 9864 sizeof(ssl->arrays->server_hint));
wolfSSL 11:cee25a834751 9865 ssl->arrays->server_hint[MAX_PSK_ID_LEN] = '\0'; /* null term */
wolfSSL 11:cee25a834751 9866 }
wolfSSL 11:cee25a834751 9867 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 9868 }
wolfSSL 11:cee25a834751 9869
wolfSSL 11:cee25a834751 9870 #endif /* NO_PSK */
wolfSSL 11:cee25a834751 9871
wolfSSL 11:cee25a834751 9872
wolfSSL 11:cee25a834751 9873 #ifdef HAVE_ANON
wolfSSL 11:cee25a834751 9874
wolfSSL 11:cee25a834751 9875 int wolfSSL_CTX_allow_anon_cipher(WOLFSSL_CTX* ctx)
wolfSSL 11:cee25a834751 9876 {
wolfSSL 11:cee25a834751 9877 WOLFSSL_ENTER("wolfSSL_CTX_allow_anon_cipher");
wolfSSL 11:cee25a834751 9878
wolfSSL 11:cee25a834751 9879 if (ctx == NULL)
wolfSSL 11:cee25a834751 9880 return SSL_FAILURE;
wolfSSL 11:cee25a834751 9881
wolfSSL 11:cee25a834751 9882 ctx->haveAnon = 1;
wolfSSL 11:cee25a834751 9883
wolfSSL 11:cee25a834751 9884 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 9885 }
wolfSSL 11:cee25a834751 9886
wolfSSL 11:cee25a834751 9887 #endif /* HAVE_ANON */
wolfSSL 11:cee25a834751 9888
wolfSSL 11:cee25a834751 9889
wolfSSL 11:cee25a834751 9890 #ifndef NO_CERTS
wolfSSL 11:cee25a834751 9891 /* used to be defined on NO_FILESYSTEM only, but are generally useful */
wolfSSL 11:cee25a834751 9892
wolfSSL 11:cee25a834751 9893 /* wolfSSL extension allows DER files to be loaded from buffers as well */
wolfSSL 11:cee25a834751 9894 int wolfSSL_CTX_load_verify_buffer(WOLFSSL_CTX* ctx,
wolfSSL 11:cee25a834751 9895 const unsigned char* in,
wolfSSL 11:cee25a834751 9896 long sz, int format)
wolfSSL 11:cee25a834751 9897 {
wolfSSL 11:cee25a834751 9898 WOLFSSL_ENTER("wolfSSL_CTX_load_verify_buffer");
wolfSSL 11:cee25a834751 9899 if (format == SSL_FILETYPE_PEM)
wolfSSL 11:cee25a834751 9900 return ProcessChainBuffer(ctx, in, sz, format, CA_TYPE, NULL);
wolfSSL 11:cee25a834751 9901 else
wolfSSL 11:cee25a834751 9902 return ProcessBuffer(ctx, in, sz, format, CA_TYPE, NULL,NULL,0);
wolfSSL 11:cee25a834751 9903 }
wolfSSL 11:cee25a834751 9904
wolfSSL 11:cee25a834751 9905
wolfSSL 11:cee25a834751 9906 #ifdef WOLFSSL_TRUST_PEER_CERT
wolfSSL 11:cee25a834751 9907 int wolfSSL_CTX_trust_peer_buffer(WOLFSSL_CTX* ctx,
wolfSSL 11:cee25a834751 9908 const unsigned char* in,
wolfSSL 11:cee25a834751 9909 long sz, int format)
wolfSSL 11:cee25a834751 9910 {
wolfSSL 11:cee25a834751 9911 WOLFSSL_ENTER("wolfSSL_CTX_trust_peer_buffer");
wolfSSL 11:cee25a834751 9912
wolfSSL 11:cee25a834751 9913 /* sanity check on arguments */
wolfSSL 11:cee25a834751 9914 if (sz < 0 || in == NULL || ctx == NULL) {
wolfSSL 11:cee25a834751 9915 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 9916 }
wolfSSL 11:cee25a834751 9917
wolfSSL 11:cee25a834751 9918 if (format == SSL_FILETYPE_PEM)
wolfSSL 11:cee25a834751 9919 return ProcessChainBuffer(ctx, in, sz, format,
wolfSSL 11:cee25a834751 9920 TRUSTED_PEER_TYPE, NULL);
wolfSSL 11:cee25a834751 9921 else
wolfSSL 11:cee25a834751 9922 return ProcessBuffer(ctx, in, sz, format, TRUSTED_PEER_TYPE,
wolfSSL 11:cee25a834751 9923 NULL,NULL,0);
wolfSSL 11:cee25a834751 9924 }
wolfSSL 11:cee25a834751 9925 #endif /* WOLFSSL_TRUST_PEER_CERT */
wolfSSL 11:cee25a834751 9926
wolfSSL 11:cee25a834751 9927
wolfSSL 11:cee25a834751 9928 int wolfSSL_CTX_use_certificate_buffer(WOLFSSL_CTX* ctx,
wolfSSL 11:cee25a834751 9929 const unsigned char* in, long sz, int format)
wolfSSL 11:cee25a834751 9930 {
wolfSSL 11:cee25a834751 9931 WOLFSSL_ENTER("wolfSSL_CTX_use_certificate_buffer");
wolfSSL 11:cee25a834751 9932 return ProcessBuffer(ctx, in, sz, format, CERT_TYPE, NULL, NULL, 0);
wolfSSL 11:cee25a834751 9933 }
wolfSSL 11:cee25a834751 9934
wolfSSL 11:cee25a834751 9935
wolfSSL 11:cee25a834751 9936 int wolfSSL_CTX_use_PrivateKey_buffer(WOLFSSL_CTX* ctx,
wolfSSL 11:cee25a834751 9937 const unsigned char* in, long sz, int format)
wolfSSL 11:cee25a834751 9938 {
wolfSSL 11:cee25a834751 9939 WOLFSSL_ENTER("wolfSSL_CTX_use_PrivateKey_buffer");
wolfSSL 11:cee25a834751 9940 return ProcessBuffer(ctx, in, sz, format, PRIVATEKEY_TYPE, NULL,NULL,0);
wolfSSL 11:cee25a834751 9941 }
wolfSSL 11:cee25a834751 9942
wolfSSL 11:cee25a834751 9943
wolfSSL 11:cee25a834751 9944 int wolfSSL_CTX_use_certificate_chain_buffer_format(WOLFSSL_CTX* ctx,
wolfSSL 11:cee25a834751 9945 const unsigned char* in, long sz, int format)
wolfSSL 11:cee25a834751 9946 {
wolfSSL 11:cee25a834751 9947 WOLFSSL_ENTER("wolfSSL_CTX_use_certificate_chain_buffer_format");
wolfSSL 11:cee25a834751 9948 return ProcessBuffer(ctx, in, sz, format, CERT_TYPE, NULL, NULL, 1);
wolfSSL 11:cee25a834751 9949 }
wolfSSL 11:cee25a834751 9950
wolfSSL 11:cee25a834751 9951 int wolfSSL_CTX_use_certificate_chain_buffer(WOLFSSL_CTX* ctx,
wolfSSL 11:cee25a834751 9952 const unsigned char* in, long sz)
wolfSSL 11:cee25a834751 9953 {
wolfSSL 11:cee25a834751 9954 return wolfSSL_CTX_use_certificate_chain_buffer_format(ctx, in, sz,
wolfSSL 11:cee25a834751 9955 SSL_FILETYPE_PEM);
wolfSSL 11:cee25a834751 9956 }
wolfSSL 11:cee25a834751 9957
wolfSSL 11:cee25a834751 9958
wolfSSL 11:cee25a834751 9959 #ifndef NO_DH
wolfSSL 11:cee25a834751 9960
wolfSSL 11:cee25a834751 9961 /* server wrapper for ctx or ssl Diffie-Hellman parameters */
wolfSSL 11:cee25a834751 9962 static int wolfSSL_SetTmpDH_buffer_wrapper(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
wolfSSL 11:cee25a834751 9963 const unsigned char* buf,
wolfSSL 11:cee25a834751 9964 long sz, int format)
wolfSSL 11:cee25a834751 9965 {
wolfSSL 11:cee25a834751 9966 DerBuffer* der = NULL;
wolfSSL 11:cee25a834751 9967 int ret = 0;
wolfSSL 11:cee25a834751 9968 word32 pSz = MAX_DH_SIZE;
wolfSSL 11:cee25a834751 9969 word32 gSz = MAX_DH_SIZE;
wolfSSL 11:cee25a834751 9970 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 9971 byte* p = NULL;
wolfSSL 11:cee25a834751 9972 byte* g = NULL;
wolfSSL 11:cee25a834751 9973 #else
wolfSSL 11:cee25a834751 9974 byte p[MAX_DH_SIZE];
wolfSSL 11:cee25a834751 9975 byte g[MAX_DH_SIZE];
wolfSSL 11:cee25a834751 9976 #endif
wolfSSL 11:cee25a834751 9977
wolfSSL 11:cee25a834751 9978 if (ctx == NULL || buf == NULL)
wolfSSL 11:cee25a834751 9979 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 9980
wolfSSL 11:cee25a834751 9981 ret = AllocDer(&der, 0, DH_PARAM_TYPE, ctx->heap);
wolfSSL 11:cee25a834751 9982 if (ret != 0) {
wolfSSL 11:cee25a834751 9983 return ret;
wolfSSL 11:cee25a834751 9984 }
wolfSSL 11:cee25a834751 9985 der->buffer = (byte*)buf;
wolfSSL 11:cee25a834751 9986 der->length = (word32)sz;
wolfSSL 11:cee25a834751 9987
wolfSSL 11:cee25a834751 9988 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 9989 p = (byte*)XMALLOC(pSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 9990 g = (byte*)XMALLOC(gSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 9991
wolfSSL 11:cee25a834751 9992 if (p == NULL || g == NULL) {
wolfSSL 11:cee25a834751 9993 XFREE(p, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 9994 XFREE(g, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 9995 return MEMORY_E;
wolfSSL 11:cee25a834751 9996 }
wolfSSL 11:cee25a834751 9997 #endif
wolfSSL 11:cee25a834751 9998
wolfSSL 11:cee25a834751 9999 if (format != SSL_FILETYPE_ASN1 && format != SSL_FILETYPE_PEM)
wolfSSL 11:cee25a834751 10000 ret = SSL_BAD_FILETYPE;
wolfSSL 11:cee25a834751 10001 else {
wolfSSL 11:cee25a834751 10002 if (format == SSL_FILETYPE_PEM) {
wolfSSL 11:cee25a834751 10003 FreeDer(&der);
wolfSSL 11:cee25a834751 10004 ret = PemToDer(buf, sz, DH_PARAM_TYPE, &der, ctx->heap,
wolfSSL 11:cee25a834751 10005 NULL, NULL);
wolfSSL 11:cee25a834751 10006 #ifdef WOLFSSL_WPAS
wolfSSL 11:cee25a834751 10007 #ifndef NO_DSA
wolfSSL 11:cee25a834751 10008 if (ret < 0) {
wolfSSL 11:cee25a834751 10009 ret = PemToDer(buf, sz, DSA_PARAM_TYPE, &der, ctx->heap,
wolfSSL 11:cee25a834751 10010 NULL, NULL);
wolfSSL 11:cee25a834751 10011 }
wolfSSL 11:cee25a834751 10012 #endif
wolfSSL 11:cee25a834751 10013 #endif
wolfSSL 11:cee25a834751 10014 }
wolfSSL 11:cee25a834751 10015
wolfSSL 11:cee25a834751 10016 if (ret == 0) {
wolfSSL 11:cee25a834751 10017 if (wc_DhParamsLoad(der->buffer, der->length, p, &pSz, g, &gSz) < 0)
wolfSSL 11:cee25a834751 10018 ret = SSL_BAD_FILETYPE;
wolfSSL 11:cee25a834751 10019 else if (ssl)
wolfSSL 11:cee25a834751 10020 ret = wolfSSL_SetTmpDH(ssl, p, pSz, g, gSz);
wolfSSL 11:cee25a834751 10021 else
wolfSSL 11:cee25a834751 10022 ret = wolfSSL_CTX_SetTmpDH(ctx, p, pSz, g, gSz);
wolfSSL 11:cee25a834751 10023 }
wolfSSL 11:cee25a834751 10024 }
wolfSSL 11:cee25a834751 10025
wolfSSL 11:cee25a834751 10026 FreeDer(&der);
wolfSSL 11:cee25a834751 10027
wolfSSL 11:cee25a834751 10028 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 10029 XFREE(p, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 10030 XFREE(g, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 10031 #endif
wolfSSL 11:cee25a834751 10032
wolfSSL 11:cee25a834751 10033 return ret;
wolfSSL 11:cee25a834751 10034 }
wolfSSL 11:cee25a834751 10035
wolfSSL 11:cee25a834751 10036
wolfSSL 11:cee25a834751 10037 /* server Diffie-Hellman parameters, SSL_SUCCESS on ok */
wolfSSL 11:cee25a834751 10038 int wolfSSL_SetTmpDH_buffer(WOLFSSL* ssl, const unsigned char* buf, long sz,
wolfSSL 11:cee25a834751 10039 int format)
wolfSSL 11:cee25a834751 10040 {
wolfSSL 11:cee25a834751 10041 if (ssl == NULL)
wolfSSL 11:cee25a834751 10042 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 10043
wolfSSL 11:cee25a834751 10044 return wolfSSL_SetTmpDH_buffer_wrapper(ssl->ctx, ssl, buf, sz, format);
wolfSSL 11:cee25a834751 10045 }
wolfSSL 11:cee25a834751 10046
wolfSSL 11:cee25a834751 10047
wolfSSL 11:cee25a834751 10048 /* server ctx Diffie-Hellman parameters, SSL_SUCCESS on ok */
wolfSSL 11:cee25a834751 10049 int wolfSSL_CTX_SetTmpDH_buffer(WOLFSSL_CTX* ctx, const unsigned char* buf,
wolfSSL 11:cee25a834751 10050 long sz, int format)
wolfSSL 11:cee25a834751 10051 {
wolfSSL 11:cee25a834751 10052 return wolfSSL_SetTmpDH_buffer_wrapper(ctx, NULL, buf, sz, format);
wolfSSL 11:cee25a834751 10053 }
wolfSSL 11:cee25a834751 10054
wolfSSL 11:cee25a834751 10055 #endif /* NO_DH */
wolfSSL 11:cee25a834751 10056
wolfSSL 11:cee25a834751 10057
wolfSSL 11:cee25a834751 10058 int wolfSSL_use_certificate_buffer(WOLFSSL* ssl,
wolfSSL 11:cee25a834751 10059 const unsigned char* in, long sz, int format)
wolfSSL 11:cee25a834751 10060 {
wolfSSL 11:cee25a834751 10061 WOLFSSL_ENTER("wolfSSL_use_certificate_buffer");
wolfSSL 11:cee25a834751 10062 return ProcessBuffer(ssl->ctx, in, sz, format,CERT_TYPE,ssl,NULL,0);
wolfSSL 11:cee25a834751 10063 }
wolfSSL 11:cee25a834751 10064
wolfSSL 11:cee25a834751 10065
wolfSSL 11:cee25a834751 10066 int wolfSSL_use_PrivateKey_buffer(WOLFSSL* ssl,
wolfSSL 11:cee25a834751 10067 const unsigned char* in, long sz, int format)
wolfSSL 11:cee25a834751 10068 {
wolfSSL 11:cee25a834751 10069 WOLFSSL_ENTER("wolfSSL_use_PrivateKey_buffer");
wolfSSL 11:cee25a834751 10070 return ProcessBuffer(ssl->ctx, in, sz, format, PRIVATEKEY_TYPE,
wolfSSL 11:cee25a834751 10071 ssl, NULL, 0);
wolfSSL 11:cee25a834751 10072 }
wolfSSL 11:cee25a834751 10073
wolfSSL 11:cee25a834751 10074 int wolfSSL_use_certificate_chain_buffer_format(WOLFSSL* ssl,
wolfSSL 11:cee25a834751 10075 const unsigned char* in, long sz, int format)
wolfSSL 11:cee25a834751 10076 {
wolfSSL 11:cee25a834751 10077 WOLFSSL_ENTER("wolfSSL_use_certificate_chain_buffer_format");
wolfSSL 11:cee25a834751 10078 return ProcessBuffer(ssl->ctx, in, sz, format, CERT_TYPE,
wolfSSL 11:cee25a834751 10079 ssl, NULL, 1);
wolfSSL 11:cee25a834751 10080 }
wolfSSL 11:cee25a834751 10081
wolfSSL 11:cee25a834751 10082 int wolfSSL_use_certificate_chain_buffer(WOLFSSL* ssl,
wolfSSL 11:cee25a834751 10083 const unsigned char* in, long sz)
wolfSSL 11:cee25a834751 10084 {
wolfSSL 11:cee25a834751 10085 return wolfSSL_use_certificate_chain_buffer_format(ssl, in, sz,
wolfSSL 11:cee25a834751 10086 SSL_FILETYPE_PEM);
wolfSSL 11:cee25a834751 10087 }
wolfSSL 11:cee25a834751 10088
wolfSSL 11:cee25a834751 10089
wolfSSL 11:cee25a834751 10090 /* unload any certs or keys that SSL owns, leave CTX as is
wolfSSL 11:cee25a834751 10091 SSL_SUCCESS on ok */
wolfSSL 11:cee25a834751 10092 int wolfSSL_UnloadCertsKeys(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 10093 {
wolfSSL 11:cee25a834751 10094 if (ssl == NULL) {
wolfSSL 11:cee25a834751 10095 WOLFSSL_MSG("Null function arg");
wolfSSL 11:cee25a834751 10096 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 10097 }
wolfSSL 11:cee25a834751 10098
wolfSSL 11:cee25a834751 10099 if (ssl->buffers.weOwnCert && !ssl->keepCert) {
wolfSSL 11:cee25a834751 10100 WOLFSSL_MSG("Unloading cert");
wolfSSL 11:cee25a834751 10101 FreeDer(&ssl->buffers.certificate);
wolfSSL 11:cee25a834751 10102 #ifdef KEEP_OUR_CERT
wolfSSL 11:cee25a834751 10103 FreeX509(ssl->ourCert);
wolfSSL 11:cee25a834751 10104 if (ssl->ourCert) {
wolfSSL 11:cee25a834751 10105 XFREE(ssl->ourCert, ssl->heap, DYNAMIC_TYPE_X509);
wolfSSL 11:cee25a834751 10106 ssl->ourCert = NULL;
wolfSSL 11:cee25a834751 10107 }
wolfSSL 11:cee25a834751 10108 #endif
wolfSSL 11:cee25a834751 10109 ssl->buffers.weOwnCert = 0;
wolfSSL 11:cee25a834751 10110 }
wolfSSL 11:cee25a834751 10111
wolfSSL 11:cee25a834751 10112 if (ssl->buffers.weOwnCertChain) {
wolfSSL 11:cee25a834751 10113 WOLFSSL_MSG("Unloading cert chain");
wolfSSL 11:cee25a834751 10114 FreeDer(&ssl->buffers.certChain);
wolfSSL 11:cee25a834751 10115 ssl->buffers.weOwnCertChain = 0;
wolfSSL 11:cee25a834751 10116 }
wolfSSL 11:cee25a834751 10117
wolfSSL 11:cee25a834751 10118 if (ssl->buffers.weOwnKey) {
wolfSSL 11:cee25a834751 10119 WOLFSSL_MSG("Unloading key");
wolfSSL 11:cee25a834751 10120 FreeDer(&ssl->buffers.key);
wolfSSL 11:cee25a834751 10121 ssl->buffers.weOwnKey = 0;
wolfSSL 11:cee25a834751 10122 }
wolfSSL 11:cee25a834751 10123
wolfSSL 11:cee25a834751 10124 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 10125 }
wolfSSL 11:cee25a834751 10126
wolfSSL 11:cee25a834751 10127
wolfSSL 11:cee25a834751 10128 int wolfSSL_CTX_UnloadCAs(WOLFSSL_CTX* ctx)
wolfSSL 11:cee25a834751 10129 {
wolfSSL 11:cee25a834751 10130 WOLFSSL_ENTER("wolfSSL_CTX_UnloadCAs");
wolfSSL 11:cee25a834751 10131
wolfSSL 11:cee25a834751 10132 if (ctx == NULL)
wolfSSL 11:cee25a834751 10133 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 10134
wolfSSL 11:cee25a834751 10135 return wolfSSL_CertManagerUnloadCAs(ctx->cm);
wolfSSL 11:cee25a834751 10136 }
wolfSSL 11:cee25a834751 10137
wolfSSL 11:cee25a834751 10138
wolfSSL 11:cee25a834751 10139 #ifdef WOLFSSL_TRUST_PEER_CERT
wolfSSL 11:cee25a834751 10140 int wolfSSL_CTX_Unload_trust_peers(WOLFSSL_CTX* ctx)
wolfSSL 11:cee25a834751 10141 {
wolfSSL 11:cee25a834751 10142 WOLFSSL_ENTER("wolfSSL_CTX_Unload_trust_peers");
wolfSSL 11:cee25a834751 10143
wolfSSL 11:cee25a834751 10144 if (ctx == NULL)
wolfSSL 11:cee25a834751 10145 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 10146
wolfSSL 11:cee25a834751 10147 return wolfSSL_CertManagerUnload_trust_peers(ctx->cm);
wolfSSL 11:cee25a834751 10148 }
wolfSSL 11:cee25a834751 10149 #endif /* WOLFSSL_TRUST_PEER_CERT */
wolfSSL 11:cee25a834751 10150 /* old NO_FILESYSTEM end */
wolfSSL 11:cee25a834751 10151 #endif /* !NO_CERTS */
wolfSSL 11:cee25a834751 10152
wolfSSL 11:cee25a834751 10153
wolfSSL 11:cee25a834751 10154 #if defined(OPENSSL_EXTRA) || defined(GOAHEAD_WS)
wolfSSL 11:cee25a834751 10155
wolfSSL 11:cee25a834751 10156
wolfSSL 11:cee25a834751 10157 int wolfSSL_add_all_algorithms(void)
wolfSSL 11:cee25a834751 10158 {
wolfSSL 11:cee25a834751 10159 WOLFSSL_ENTER("wolfSSL_add_all_algorithms");
wolfSSL 11:cee25a834751 10160 if (wolfSSL_Init() == SSL_SUCCESS)
wolfSSL 11:cee25a834751 10161 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 10162 else
wolfSSL 11:cee25a834751 10163 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 10164 }
wolfSSL 11:cee25a834751 10165
wolfSSL 11:cee25a834751 10166
wolfSSL 11:cee25a834751 10167 /* returns previous set cache size which stays constant */
wolfSSL 11:cee25a834751 10168 long wolfSSL_CTX_sess_set_cache_size(WOLFSSL_CTX* ctx, long sz)
wolfSSL 11:cee25a834751 10169 {
wolfSSL 11:cee25a834751 10170 /* cache size fixed at compile time in wolfSSL */
wolfSSL 11:cee25a834751 10171 (void)ctx;
wolfSSL 11:cee25a834751 10172 (void)sz;
wolfSSL 11:cee25a834751 10173 WOLFSSL_MSG("session cache is set at compile time");
wolfSSL 11:cee25a834751 10174 #ifndef NO_SESSION_CACHE
wolfSSL 11:cee25a834751 10175 return SESSIONS_PER_ROW * SESSION_ROWS;
wolfSSL 11:cee25a834751 10176 #else
wolfSSL 11:cee25a834751 10177 return 0;
wolfSSL 11:cee25a834751 10178 #endif
wolfSSL 11:cee25a834751 10179 }
wolfSSL 11:cee25a834751 10180
wolfSSL 11:cee25a834751 10181
wolfSSL 11:cee25a834751 10182 void wolfSSL_CTX_set_quiet_shutdown(WOLFSSL_CTX* ctx, int mode)
wolfSSL 11:cee25a834751 10183 {
wolfSSL 11:cee25a834751 10184 WOLFSSL_ENTER("wolfSSL_CTX_set_quiet_shutdown");
wolfSSL 11:cee25a834751 10185 if (mode)
wolfSSL 11:cee25a834751 10186 ctx->quietShutdown = 1;
wolfSSL 11:cee25a834751 10187 }
wolfSSL 11:cee25a834751 10188
wolfSSL 11:cee25a834751 10189
wolfSSL 11:cee25a834751 10190 void wolfSSL_set_quiet_shutdown(WOLFSSL* ssl, int mode)
wolfSSL 11:cee25a834751 10191 {
wolfSSL 11:cee25a834751 10192 WOLFSSL_ENTER("wolfSSL_CTX_set_quiet_shutdown");
wolfSSL 11:cee25a834751 10193 if (mode)
wolfSSL 11:cee25a834751 10194 ssl->options.quietShutdown = 1;
wolfSSL 11:cee25a834751 10195 }
wolfSSL 11:cee25a834751 10196
wolfSSL 11:cee25a834751 10197
wolfSSL 11:cee25a834751 10198 void wolfSSL_set_bio(WOLFSSL* ssl, WOLFSSL_BIO* rd, WOLFSSL_BIO* wr)
wolfSSL 11:cee25a834751 10199 {
wolfSSL 11:cee25a834751 10200 WOLFSSL_ENTER("SSL_set_bio");
wolfSSL 11:cee25a834751 10201 wolfSSL_set_rfd(ssl, rd->fd);
wolfSSL 11:cee25a834751 10202 wolfSSL_set_wfd(ssl, wr->fd);
wolfSSL 11:cee25a834751 10203
wolfSSL 11:cee25a834751 10204 ssl->biord = rd;
wolfSSL 11:cee25a834751 10205 ssl->biowr = wr;
wolfSSL 11:cee25a834751 10206 }
wolfSSL 11:cee25a834751 10207
wolfSSL 11:cee25a834751 10208
wolfSSL 11:cee25a834751 10209 void wolfSSL_CTX_set_client_CA_list(WOLFSSL_CTX* ctx,
wolfSSL 11:cee25a834751 10210 STACK_OF(WOLFSSL_X509_NAME)* names)
wolfSSL 11:cee25a834751 10211 {
wolfSSL 11:cee25a834751 10212 WOLFSSL_ENTER("wolfSSL_SSL_CTX_set_client_CA_list");
wolfSSL 11:cee25a834751 10213
wolfSSL 11:cee25a834751 10214 if (ctx != NULL)
wolfSSL 11:cee25a834751 10215 ctx->ca_names = names;
wolfSSL 11:cee25a834751 10216 }
wolfSSL 11:cee25a834751 10217
wolfSSL 11:cee25a834751 10218 STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_SSL_CTX_get_client_CA_list(
wolfSSL 11:cee25a834751 10219 const WOLFSSL_CTX *s)
wolfSSL 11:cee25a834751 10220 {
wolfSSL 11:cee25a834751 10221 WOLFSSL_ENTER("wolfSSL_SSL_CTX_get_client_CA_list");
wolfSSL 11:cee25a834751 10222
wolfSSL 11:cee25a834751 10223 if (s == NULL)
wolfSSL 11:cee25a834751 10224 return NULL;
wolfSSL 11:cee25a834751 10225
wolfSSL 11:cee25a834751 10226 return s->ca_names;
wolfSSL 11:cee25a834751 10227 }
wolfSSL 11:cee25a834751 10228
wolfSSL 11:cee25a834751 10229 STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_load_client_CA_file(const char* fname)
wolfSSL 11:cee25a834751 10230 {
wolfSSL 11:cee25a834751 10231 WOLFSSL_STACK *list = NULL;
wolfSSL 11:cee25a834751 10232 WOLFSSL_STACK *node;
wolfSSL 11:cee25a834751 10233 WOLFSSL_BIO* bio;
wolfSSL 11:cee25a834751 10234 WOLFSSL_X509 *cert = NULL;
wolfSSL 11:cee25a834751 10235 WOLFSSL_X509_NAME *subjectName = NULL;
wolfSSL 11:cee25a834751 10236
wolfSSL 11:cee25a834751 10237 WOLFSSL_ENTER("wolfSSL_load_client_CA_file");
wolfSSL 11:cee25a834751 10238
wolfSSL 11:cee25a834751 10239 bio = wolfSSL_BIO_new_file(fname, "r");
wolfSSL 11:cee25a834751 10240 if (bio == NULL)
wolfSSL 11:cee25a834751 10241 return NULL;
wolfSSL 11:cee25a834751 10242
wolfSSL 11:cee25a834751 10243 /* Read each certificate in the chain out of the file. */
wolfSSL 11:cee25a834751 10244 while (wolfSSL_PEM_read_bio_X509(bio, &cert, NULL, NULL) != NULL) {
wolfSSL 11:cee25a834751 10245 subjectName = wolfSSL_X509_get_subject_name(cert);
wolfSSL 11:cee25a834751 10246 if (subjectName == NULL)
wolfSSL 11:cee25a834751 10247 break;
wolfSSL 11:cee25a834751 10248
wolfSSL 11:cee25a834751 10249 node = (WOLFSSL_STACK*)XMALLOC(sizeof(WOLFSSL_STACK), NULL,
wolfSSL 11:cee25a834751 10250 DYNAMIC_TYPE_OPENSSL);
wolfSSL 11:cee25a834751 10251 if (node == NULL)
wolfSSL 11:cee25a834751 10252 break;
wolfSSL 11:cee25a834751 10253
wolfSSL 11:cee25a834751 10254 /* Need a persistent copy of the subject name. */
wolfSSL 11:cee25a834751 10255 node->data.name = (WOLFSSL_X509_NAME*)XMALLOC(
wolfSSL 11:cee25a834751 10256 sizeof(WOLFSSL_X509_NAME), NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL 11:cee25a834751 10257 if (node->data.name == NULL) {
wolfSSL 11:cee25a834751 10258 XFREE(node, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL 11:cee25a834751 10259 break;
wolfSSL 11:cee25a834751 10260 }
wolfSSL 11:cee25a834751 10261 XMEMCPY(node->data.name, subjectName, sizeof(WOLFSSL_X509_NAME));
wolfSSL 11:cee25a834751 10262 /* Clear pointers so freeing certificate doesn't free memory. */
wolfSSL 11:cee25a834751 10263 XMEMSET(subjectName, 0, sizeof(WOLFSSL_X509_NAME));
wolfSSL 11:cee25a834751 10264
wolfSSL 11:cee25a834751 10265 /* Put node on the front of the list. */
wolfSSL 11:cee25a834751 10266 node->num = (list == NULL) ? 1 : list->num + 1;
wolfSSL 11:cee25a834751 10267 node->next = list;
wolfSSL 11:cee25a834751 10268 list = node;
wolfSSL 11:cee25a834751 10269
wolfSSL 11:cee25a834751 10270 wolfSSL_X509_free(cert);
wolfSSL 11:cee25a834751 10271 cert = NULL;
wolfSSL 11:cee25a834751 10272 }
wolfSSL 11:cee25a834751 10273
wolfSSL 11:cee25a834751 10274 wolfSSL_X509_free(cert);
wolfSSL 11:cee25a834751 10275 wolfSSL_BIO_free(bio);
wolfSSL 11:cee25a834751 10276 return list;
wolfSSL 11:cee25a834751 10277 }
wolfSSL 11:cee25a834751 10278
wolfSSL 11:cee25a834751 10279
wolfSSL 11:cee25a834751 10280 int wolfSSL_CTX_set_default_verify_paths(WOLFSSL_CTX* ctx)
wolfSSL 11:cee25a834751 10281 {
wolfSSL 11:cee25a834751 10282 /* TODO:, not needed in goahead */
wolfSSL 11:cee25a834751 10283 (void)ctx;
wolfSSL 11:cee25a834751 10284 return SSL_NOT_IMPLEMENTED;
wolfSSL 11:cee25a834751 10285 }
wolfSSL 11:cee25a834751 10286
wolfSSL 11:cee25a834751 10287
wolfSSL 11:cee25a834751 10288 /* keyblock size in bytes or -1 */
wolfSSL 11:cee25a834751 10289 int wolfSSL_get_keyblock_size(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 10290 {
wolfSSL 11:cee25a834751 10291 if (ssl == NULL)
wolfSSL 11:cee25a834751 10292 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 10293
wolfSSL 11:cee25a834751 10294 return 2 * (ssl->specs.key_size + ssl->specs.iv_size +
wolfSSL 11:cee25a834751 10295 ssl->specs.hash_size);
wolfSSL 11:cee25a834751 10296 }
wolfSSL 11:cee25a834751 10297
wolfSSL 11:cee25a834751 10298
wolfSSL 11:cee25a834751 10299 /* store keys returns SSL_SUCCESS or -1 on error */
wolfSSL 11:cee25a834751 10300 int wolfSSL_get_keys(WOLFSSL* ssl, unsigned char** ms, unsigned int* msLen,
wolfSSL 11:cee25a834751 10301 unsigned char** sr, unsigned int* srLen,
wolfSSL 11:cee25a834751 10302 unsigned char** cr, unsigned int* crLen)
wolfSSL 11:cee25a834751 10303 {
wolfSSL 11:cee25a834751 10304 if (ssl == NULL || ssl->arrays == NULL)
wolfSSL 11:cee25a834751 10305 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 10306
wolfSSL 11:cee25a834751 10307 *ms = ssl->arrays->masterSecret;
wolfSSL 11:cee25a834751 10308 *sr = ssl->arrays->serverRandom;
wolfSSL 11:cee25a834751 10309 *cr = ssl->arrays->clientRandom;
wolfSSL 11:cee25a834751 10310
wolfSSL 11:cee25a834751 10311 *msLen = SECRET_LEN;
wolfSSL 11:cee25a834751 10312 *srLen = RAN_LEN;
wolfSSL 11:cee25a834751 10313 *crLen = RAN_LEN;
wolfSSL 11:cee25a834751 10314
wolfSSL 11:cee25a834751 10315 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 10316 }
wolfSSL 11:cee25a834751 10317
wolfSSL 11:cee25a834751 10318
wolfSSL 11:cee25a834751 10319 void wolfSSL_set_accept_state(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 10320 {
wolfSSL 11:cee25a834751 10321 word16 haveRSA = 1;
wolfSSL 11:cee25a834751 10322 word16 havePSK = 0;
wolfSSL 11:cee25a834751 10323
wolfSSL 11:cee25a834751 10324 WOLFSSL_ENTER("SSL_set_accept_state");
wolfSSL 11:cee25a834751 10325 if (ssl->options.side == WOLFSSL_CLIENT_END) {
wolfSSL 11:cee25a834751 10326 #ifdef HAVE_ECC
wolfSSL 11:cee25a834751 10327 ecc_key key;
wolfSSL 11:cee25a834751 10328 word32 idx = 0;
wolfSSL 11:cee25a834751 10329
wolfSSL 11:cee25a834751 10330 if (ssl->options.haveStaticECC && ssl->buffers.key != NULL) {
wolfSSL 11:cee25a834751 10331 wc_ecc_init(&key);
wolfSSL 11:cee25a834751 10332 if (wc_EccPrivateKeyDecode(ssl->buffers.key->buffer, &idx, &key,
wolfSSL 11:cee25a834751 10333 ssl->buffers.key->length) != 0) {
wolfSSL 11:cee25a834751 10334 ssl->options.haveECDSAsig = 0;
wolfSSL 11:cee25a834751 10335 ssl->options.haveECC = 0;
wolfSSL 11:cee25a834751 10336 ssl->options.haveStaticECC = 0;
wolfSSL 11:cee25a834751 10337 }
wolfSSL 11:cee25a834751 10338 wc_ecc_free(&key);
wolfSSL 11:cee25a834751 10339 }
wolfSSL 11:cee25a834751 10340 #endif
wolfSSL 11:cee25a834751 10341
wolfSSL 11:cee25a834751 10342 #ifndef NO_DH
wolfSSL 11:cee25a834751 10343 if (!ssl->options.haveDH && ssl->ctx->haveDH) {
wolfSSL 11:cee25a834751 10344 ssl->buffers.serverDH_P = ssl->ctx->serverDH_P;
wolfSSL 11:cee25a834751 10345 ssl->buffers.serverDH_G = ssl->ctx->serverDH_G;
wolfSSL 11:cee25a834751 10346 ssl->options.haveDH = 1;
wolfSSL 11:cee25a834751 10347 }
wolfSSL 11:cee25a834751 10348 #endif
wolfSSL 11:cee25a834751 10349 }
wolfSSL 11:cee25a834751 10350 ssl->options.side = WOLFSSL_SERVER_END;
wolfSSL 11:cee25a834751 10351 /* reset suites in case user switched */
wolfSSL 11:cee25a834751 10352
wolfSSL 11:cee25a834751 10353 #ifdef NO_RSA
wolfSSL 11:cee25a834751 10354 haveRSA = 0;
wolfSSL 11:cee25a834751 10355 #endif
wolfSSL 11:cee25a834751 10356 #ifndef NO_PSK
wolfSSL 11:cee25a834751 10357 havePSK = ssl->options.havePSK;
wolfSSL 11:cee25a834751 10358 #endif
wolfSSL 11:cee25a834751 10359 InitSuites(ssl->suites, ssl->version, haveRSA, havePSK,
wolfSSL 11:cee25a834751 10360 ssl->options.haveDH, ssl->options.haveNTRU,
wolfSSL 11:cee25a834751 10361 ssl->options.haveECDSAsig, ssl->options.haveECC,
wolfSSL 11:cee25a834751 10362 ssl->options.haveStaticECC, ssl->options.side);
wolfSSL 11:cee25a834751 10363 }
wolfSSL 11:cee25a834751 10364 #endif
wolfSSL 11:cee25a834751 10365
wolfSSL 11:cee25a834751 10366 /* return true if connection established */
wolfSSL 11:cee25a834751 10367 int wolfSSL_is_init_finished(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 10368 {
wolfSSL 11:cee25a834751 10369 if (ssl == NULL)
wolfSSL 11:cee25a834751 10370 return 0;
wolfSSL 11:cee25a834751 10371
wolfSSL 11:cee25a834751 10372 if (ssl->options.handShakeState == HANDSHAKE_DONE)
wolfSSL 11:cee25a834751 10373 return 1;
wolfSSL 11:cee25a834751 10374
wolfSSL 11:cee25a834751 10375 return 0;
wolfSSL 11:cee25a834751 10376 }
wolfSSL 11:cee25a834751 10377
wolfSSL 11:cee25a834751 10378 #if defined(OPENSSL_EXTRA) || defined(GOAHEAD_WS)
wolfSSL 11:cee25a834751 10379 void wolfSSL_CTX_set_tmp_rsa_callback(WOLFSSL_CTX* ctx,
wolfSSL 11:cee25a834751 10380 WOLFSSL_RSA*(*f)(WOLFSSL*, int, int))
wolfSSL 11:cee25a834751 10381 {
wolfSSL 11:cee25a834751 10382 /* wolfSSL verifies all these internally */
wolfSSL 11:cee25a834751 10383 (void)ctx;
wolfSSL 11:cee25a834751 10384 (void)f;
wolfSSL 11:cee25a834751 10385 }
wolfSSL 11:cee25a834751 10386
wolfSSL 11:cee25a834751 10387
wolfSSL 11:cee25a834751 10388 void wolfSSL_set_shutdown(WOLFSSL* ssl, int opt)
wolfSSL 11:cee25a834751 10389 {
wolfSSL 11:cee25a834751 10390 WOLFSSL_ENTER("wolfSSL_set_shutdown");
wolfSSL 11:cee25a834751 10391 if(ssl==NULL) {
wolfSSL 11:cee25a834751 10392 WOLFSSL_MSG("Shutdown not set. ssl is null");
wolfSSL 11:cee25a834751 10393 return;
wolfSSL 11:cee25a834751 10394 }
wolfSSL 11:cee25a834751 10395
wolfSSL 11:cee25a834751 10396 ssl->options.sentNotify = (opt&SSL_SENT_SHUTDOWN) > 0;
wolfSSL 11:cee25a834751 10397 ssl->options.closeNotify = (opt&SSL_RECEIVED_SHUTDOWN) > 0;
wolfSSL 11:cee25a834751 10398 }
wolfSSL 11:cee25a834751 10399
wolfSSL 11:cee25a834751 10400
wolfSSL 11:cee25a834751 10401 long wolfSSL_CTX_get_options(WOLFSSL_CTX* ctx)
wolfSSL 11:cee25a834751 10402 {
wolfSSL 11:cee25a834751 10403 (void)ctx;
wolfSSL 11:cee25a834751 10404 WOLFSSL_ENTER("wolfSSL_CTX_get_options");
wolfSSL 11:cee25a834751 10405 WOLFSSL_MSG("wolfSSL options are set through API calls and macros");
wolfSSL 11:cee25a834751 10406
wolfSSL 11:cee25a834751 10407 return 0;
wolfSSL 11:cee25a834751 10408 }
wolfSSL 11:cee25a834751 10409
wolfSSL 11:cee25a834751 10410
wolfSSL 11:cee25a834751 10411 long wolfSSL_CTX_set_options(WOLFSSL_CTX* ctx, long opt)
wolfSSL 11:cee25a834751 10412 {
wolfSSL 11:cee25a834751 10413 WOLFSSL_ENTER("SSL_CTX_set_options");
wolfSSL 11:cee25a834751 10414 ctx->mask |= opt;
wolfSSL 11:cee25a834751 10415 return opt;
wolfSSL 11:cee25a834751 10416 }
wolfSSL 11:cee25a834751 10417
wolfSSL 11:cee25a834751 10418
wolfSSL 11:cee25a834751 10419 int wolfSSL_set_rfd(WOLFSSL* ssl, int rfd)
wolfSSL 11:cee25a834751 10420 {
wolfSSL 11:cee25a834751 10421 WOLFSSL_ENTER("SSL_set_rfd");
wolfSSL 11:cee25a834751 10422 ssl->rfd = rfd; /* not used directly to allow IO callbacks */
wolfSSL 11:cee25a834751 10423
wolfSSL 11:cee25a834751 10424 ssl->IOCB_ReadCtx = &ssl->rfd;
wolfSSL 11:cee25a834751 10425
wolfSSL 11:cee25a834751 10426 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 10427 }
wolfSSL 11:cee25a834751 10428
wolfSSL 11:cee25a834751 10429
wolfSSL 11:cee25a834751 10430 int wolfSSL_set_wfd(WOLFSSL* ssl, int wfd)
wolfSSL 11:cee25a834751 10431 {
wolfSSL 11:cee25a834751 10432 WOLFSSL_ENTER("SSL_set_wfd");
wolfSSL 11:cee25a834751 10433 ssl->wfd = wfd; /* not used directly to allow IO callbacks */
wolfSSL 11:cee25a834751 10434
wolfSSL 11:cee25a834751 10435 ssl->IOCB_WriteCtx = &ssl->wfd;
wolfSSL 11:cee25a834751 10436
wolfSSL 11:cee25a834751 10437 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 10438 }
wolfSSL 11:cee25a834751 10439
wolfSSL 11:cee25a834751 10440
wolfSSL 11:cee25a834751 10441 WOLFSSL_RSA* wolfSSL_RSA_generate_key(int len, unsigned long bits,
wolfSSL 11:cee25a834751 10442 void(*f)(int, int, void*), void* data)
wolfSSL 11:cee25a834751 10443 {
wolfSSL 11:cee25a834751 10444 /* no tmp key needed, actual generation not supported */
wolfSSL 11:cee25a834751 10445 WOLFSSL_ENTER("RSA_generate_key");
wolfSSL 11:cee25a834751 10446 (void)len;
wolfSSL 11:cee25a834751 10447 (void)bits;
wolfSSL 11:cee25a834751 10448 (void)f;
wolfSSL 11:cee25a834751 10449 (void)data;
wolfSSL 11:cee25a834751 10450 return NULL;
wolfSSL 11:cee25a834751 10451 }
wolfSSL 11:cee25a834751 10452
wolfSSL 11:cee25a834751 10453
wolfSSL 11:cee25a834751 10454 WOLFSSL_X509_STORE* wolfSSL_CTX_get_cert_store(WOLFSSL_CTX* ctx)
wolfSSL 11:cee25a834751 10455 {
wolfSSL 11:cee25a834751 10456 if (ctx == NULL) {
wolfSSL 11:cee25a834751 10457 return NULL;
wolfSSL 11:cee25a834751 10458 }
wolfSSL 11:cee25a834751 10459
wolfSSL 11:cee25a834751 10460 return &(ctx->x509_store);
wolfSSL 11:cee25a834751 10461 }
wolfSSL 11:cee25a834751 10462
wolfSSL 11:cee25a834751 10463
wolfSSL 11:cee25a834751 10464 #ifndef NO_CERTS
wolfSSL 11:cee25a834751 10465 void wolfSSL_CTX_set_cert_store(WOLFSSL_CTX* ctx, WOLFSSL_X509_STORE* str)
wolfSSL 11:cee25a834751 10466 {
wolfSSL 11:cee25a834751 10467 if (ctx == NULL || str == NULL) {
wolfSSL 11:cee25a834751 10468 return;
wolfSSL 11:cee25a834751 10469 }
wolfSSL 11:cee25a834751 10470
wolfSSL 11:cee25a834751 10471 /* free cert manager if have one */
wolfSSL 11:cee25a834751 10472 if (ctx->cm != NULL) {
wolfSSL 11:cee25a834751 10473 wolfSSL_CertManagerFree(ctx->cm);
wolfSSL 11:cee25a834751 10474 }
wolfSSL 11:cee25a834751 10475 ctx->cm = str->cm;
wolfSSL 11:cee25a834751 10476 ctx->x509_store.cache = str->cache;
wolfSSL 11:cee25a834751 10477 }
wolfSSL 11:cee25a834751 10478
wolfSSL 11:cee25a834751 10479
wolfSSL 11:cee25a834751 10480 WOLFSSL_X509* wolfSSL_X509_STORE_CTX_get_current_cert(
wolfSSL 11:cee25a834751 10481 WOLFSSL_X509_STORE_CTX* ctx)
wolfSSL 11:cee25a834751 10482 {
wolfSSL 11:cee25a834751 10483 WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_get_current_cert");
wolfSSL 11:cee25a834751 10484 if (ctx)
wolfSSL 11:cee25a834751 10485 return ctx->current_cert;
wolfSSL 11:cee25a834751 10486 return NULL;
wolfSSL 11:cee25a834751 10487 }
wolfSSL 11:cee25a834751 10488
wolfSSL 11:cee25a834751 10489
wolfSSL 11:cee25a834751 10490 int wolfSSL_X509_STORE_CTX_get_error(WOLFSSL_X509_STORE_CTX* ctx)
wolfSSL 11:cee25a834751 10491 {
wolfSSL 11:cee25a834751 10492 WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_get_error");
wolfSSL 11:cee25a834751 10493 if (ctx != NULL)
wolfSSL 11:cee25a834751 10494 return ctx->error;
wolfSSL 11:cee25a834751 10495 return 0;
wolfSSL 11:cee25a834751 10496 }
wolfSSL 11:cee25a834751 10497
wolfSSL 11:cee25a834751 10498
wolfSSL 11:cee25a834751 10499 int wolfSSL_X509_STORE_CTX_get_error_depth(WOLFSSL_X509_STORE_CTX* ctx)
wolfSSL 11:cee25a834751 10500 {
wolfSSL 11:cee25a834751 10501 WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_get_error_depth");
wolfSSL 11:cee25a834751 10502 if(ctx)
wolfSSL 11:cee25a834751 10503 return ctx->error_depth;
wolfSSL 11:cee25a834751 10504 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 10505 }
wolfSSL 11:cee25a834751 10506 #endif
wolfSSL 11:cee25a834751 10507
wolfSSL 11:cee25a834751 10508
wolfSSL 11:cee25a834751 10509 WOLFSSL_BIO_METHOD* wolfSSL_BIO_f_buffer(void)
wolfSSL 11:cee25a834751 10510 {
wolfSSL 11:cee25a834751 10511 static WOLFSSL_BIO_METHOD meth;
wolfSSL 11:cee25a834751 10512
wolfSSL 11:cee25a834751 10513 WOLFSSL_ENTER("BIO_f_buffer");
wolfSSL 11:cee25a834751 10514 meth.type = BIO_BUFFER;
wolfSSL 11:cee25a834751 10515
wolfSSL 11:cee25a834751 10516 return &meth;
wolfSSL 11:cee25a834751 10517 }
wolfSSL 11:cee25a834751 10518
wolfSSL 11:cee25a834751 10519
wolfSSL 11:cee25a834751 10520 long wolfSSL_BIO_set_write_buffer_size(WOLFSSL_BIO* bio, long size)
wolfSSL 11:cee25a834751 10521 {
wolfSSL 11:cee25a834751 10522 /* wolfSSL has internal buffer, compatibility only */
wolfSSL 11:cee25a834751 10523 WOLFSSL_ENTER("BIO_set_write_buffer_size");
wolfSSL 11:cee25a834751 10524 (void)bio;
wolfSSL 11:cee25a834751 10525 return size;
wolfSSL 11:cee25a834751 10526 }
wolfSSL 11:cee25a834751 10527
wolfSSL 11:cee25a834751 10528
wolfSSL 11:cee25a834751 10529 WOLFSSL_BIO_METHOD* wolfSSL_BIO_s_bio(void)
wolfSSL 11:cee25a834751 10530 {
wolfSSL 11:cee25a834751 10531 static WOLFSSL_BIO_METHOD bio_meth;
wolfSSL 11:cee25a834751 10532
wolfSSL 11:cee25a834751 10533 WOLFSSL_ENTER("wolfSSL_BIO_f_bio");
wolfSSL 11:cee25a834751 10534 bio_meth.type = BIO_BIO;
wolfSSL 11:cee25a834751 10535
wolfSSL 11:cee25a834751 10536 return &bio_meth;
wolfSSL 11:cee25a834751 10537 }
wolfSSL 11:cee25a834751 10538
wolfSSL 11:cee25a834751 10539
wolfSSL 11:cee25a834751 10540 #ifndef NO_FILESYSTEM
wolfSSL 11:cee25a834751 10541 WOLFSSL_BIO_METHOD* wolfSSL_BIO_s_file(void)
wolfSSL 11:cee25a834751 10542 {
wolfSSL 11:cee25a834751 10543 static WOLFSSL_BIO_METHOD file_meth;
wolfSSL 11:cee25a834751 10544
wolfSSL 11:cee25a834751 10545 WOLFSSL_ENTER("wolfSSL_BIO_f_file");
wolfSSL 11:cee25a834751 10546 file_meth.type = BIO_FILE;
wolfSSL 11:cee25a834751 10547
wolfSSL 11:cee25a834751 10548 return &file_meth;
wolfSSL 11:cee25a834751 10549 }
wolfSSL 11:cee25a834751 10550 #endif
wolfSSL 11:cee25a834751 10551
wolfSSL 11:cee25a834751 10552
wolfSSL 11:cee25a834751 10553 WOLFSSL_BIO_METHOD* wolfSSL_BIO_f_ssl(void)
wolfSSL 11:cee25a834751 10554 {
wolfSSL 11:cee25a834751 10555 static WOLFSSL_BIO_METHOD meth;
wolfSSL 11:cee25a834751 10556
wolfSSL 11:cee25a834751 10557 WOLFSSL_ENTER("BIO_f_ssl");
wolfSSL 11:cee25a834751 10558 meth.type = BIO_SSL;
wolfSSL 11:cee25a834751 10559
wolfSSL 11:cee25a834751 10560 return &meth;
wolfSSL 11:cee25a834751 10561 }
wolfSSL 11:cee25a834751 10562
wolfSSL 11:cee25a834751 10563
wolfSSL 11:cee25a834751 10564 WOLFSSL_BIO_METHOD *wolfSSL_BIO_s_socket(void)
wolfSSL 11:cee25a834751 10565 {
wolfSSL 11:cee25a834751 10566 static WOLFSSL_BIO_METHOD meth;
wolfSSL 11:cee25a834751 10567
wolfSSL 11:cee25a834751 10568 WOLFSSL_ENTER("BIO_s_socket");
wolfSSL 11:cee25a834751 10569 meth.type = BIO_SOCKET;
wolfSSL 11:cee25a834751 10570
wolfSSL 11:cee25a834751 10571 return &meth;
wolfSSL 11:cee25a834751 10572 }
wolfSSL 11:cee25a834751 10573
wolfSSL 11:cee25a834751 10574
wolfSSL 11:cee25a834751 10575 WOLFSSL_BIO* wolfSSL_BIO_new_socket(int sfd, int closeF)
wolfSSL 11:cee25a834751 10576 {
wolfSSL 11:cee25a834751 10577 WOLFSSL_BIO* bio = (WOLFSSL_BIO*) XMALLOC(sizeof(WOLFSSL_BIO), 0,
wolfSSL 11:cee25a834751 10578 DYNAMIC_TYPE_OPENSSL);
wolfSSL 11:cee25a834751 10579
wolfSSL 11:cee25a834751 10580 WOLFSSL_ENTER("BIO_new_socket");
wolfSSL 11:cee25a834751 10581 if (bio) {
wolfSSL 11:cee25a834751 10582 XMEMSET(bio, 0, sizeof(WOLFSSL_BIO));
wolfSSL 11:cee25a834751 10583 bio->type = BIO_SOCKET;
wolfSSL 11:cee25a834751 10584 bio->close = (byte)closeF;
wolfSSL 11:cee25a834751 10585 bio->fd = sfd;
wolfSSL 11:cee25a834751 10586 bio->mem = NULL;
wolfSSL 11:cee25a834751 10587 }
wolfSSL 11:cee25a834751 10588 return bio;
wolfSSL 11:cee25a834751 10589 }
wolfSSL 11:cee25a834751 10590
wolfSSL 11:cee25a834751 10591
wolfSSL 11:cee25a834751 10592 int wolfSSL_BIO_eof(WOLFSSL_BIO* b)
wolfSSL 11:cee25a834751 10593 {
wolfSSL 11:cee25a834751 10594 WOLFSSL_ENTER("BIO_eof");
wolfSSL 11:cee25a834751 10595 if (b->eof)
wolfSSL 11:cee25a834751 10596 return 1;
wolfSSL 11:cee25a834751 10597
wolfSSL 11:cee25a834751 10598 return 0;
wolfSSL 11:cee25a834751 10599 }
wolfSSL 11:cee25a834751 10600
wolfSSL 11:cee25a834751 10601
wolfSSL 11:cee25a834751 10602 long wolfSSL_BIO_set_ssl(WOLFSSL_BIO* b, WOLFSSL* ssl, int closeF)
wolfSSL 11:cee25a834751 10603 {
wolfSSL 11:cee25a834751 10604 WOLFSSL_ENTER("wolfSSL_BIO_set_ssl");
wolfSSL 11:cee25a834751 10605
wolfSSL 11:cee25a834751 10606 if (b != NULL) {
wolfSSL 11:cee25a834751 10607 b->ssl = ssl;
wolfSSL 11:cee25a834751 10608 b->close = (byte)closeF;
wolfSSL 11:cee25a834751 10609 /* add to ssl for bio free if SSL_free called before/instead of free_all? */
wolfSSL 11:cee25a834751 10610 }
wolfSSL 11:cee25a834751 10611
wolfSSL 11:cee25a834751 10612 return 0;
wolfSSL 11:cee25a834751 10613 }
wolfSSL 11:cee25a834751 10614
wolfSSL 11:cee25a834751 10615
wolfSSL 11:cee25a834751 10616 long wolfSSL_BIO_set_fd(WOLFSSL_BIO* b, int fd, int closeF)
wolfSSL 11:cee25a834751 10617 {
wolfSSL 11:cee25a834751 10618 WOLFSSL_ENTER("wolfSSL_BIO_set_fd");
wolfSSL 11:cee25a834751 10619
wolfSSL 11:cee25a834751 10620 if (b != NULL) {
wolfSSL 11:cee25a834751 10621 b->fd = fd;
wolfSSL 11:cee25a834751 10622 b->close = (byte)closeF;
wolfSSL 11:cee25a834751 10623 }
wolfSSL 11:cee25a834751 10624
wolfSSL 11:cee25a834751 10625 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 10626 }
wolfSSL 11:cee25a834751 10627
wolfSSL 11:cee25a834751 10628
wolfSSL 11:cee25a834751 10629 WOLFSSL_BIO* wolfSSL_BIO_new(WOLFSSL_BIO_METHOD* method)
wolfSSL 11:cee25a834751 10630 {
wolfSSL 11:cee25a834751 10631 WOLFSSL_BIO* bio = (WOLFSSL_BIO*) XMALLOC(sizeof(WOLFSSL_BIO), 0,
wolfSSL 11:cee25a834751 10632 DYNAMIC_TYPE_OPENSSL);
wolfSSL 11:cee25a834751 10633 WOLFSSL_ENTER("BIO_new");
wolfSSL 11:cee25a834751 10634 if (bio) {
wolfSSL 11:cee25a834751 10635 XMEMSET(bio, 0, sizeof(WOLFSSL_BIO));
wolfSSL 11:cee25a834751 10636 bio->type = method->type;
wolfSSL 11:cee25a834751 10637 bio->ssl = NULL;
wolfSSL 11:cee25a834751 10638 bio->mem = NULL;
wolfSSL 11:cee25a834751 10639 bio->prev = NULL;
wolfSSL 11:cee25a834751 10640 bio->next = NULL;
wolfSSL 11:cee25a834751 10641 }
wolfSSL 11:cee25a834751 10642 return bio;
wolfSSL 11:cee25a834751 10643 }
wolfSSL 11:cee25a834751 10644
wolfSSL 11:cee25a834751 10645
wolfSSL 11:cee25a834751 10646 int wolfSSL_BIO_get_mem_data(WOLFSSL_BIO* bio, void* p)
wolfSSL 11:cee25a834751 10647 {
wolfSSL 11:cee25a834751 10648 WOLFSSL_ENTER("wolfSSL_BIO_get_mem_data");
wolfSSL 11:cee25a834751 10649
wolfSSL 11:cee25a834751 10650 if (bio == NULL || p == NULL)
wolfSSL 11:cee25a834751 10651 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 10652
wolfSSL 11:cee25a834751 10653 *(byte **)p = bio->mem;
wolfSSL 11:cee25a834751 10654
wolfSSL 11:cee25a834751 10655 return bio->memLen;
wolfSSL 11:cee25a834751 10656 }
wolfSSL 11:cee25a834751 10657
wolfSSL 11:cee25a834751 10658
wolfSSL 11:cee25a834751 10659 WOLFSSL_BIO* wolfSSL_BIO_new_mem_buf(void* buf, int len)
wolfSSL 11:cee25a834751 10660 {
wolfSSL 11:cee25a834751 10661 WOLFSSL_BIO* bio = NULL;
wolfSSL 11:cee25a834751 10662 if (buf == NULL)
wolfSSL 11:cee25a834751 10663 return bio;
wolfSSL 11:cee25a834751 10664
wolfSSL 11:cee25a834751 10665 bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem());
wolfSSL 11:cee25a834751 10666 if (bio == NULL)
wolfSSL 11:cee25a834751 10667 return bio;
wolfSSL 11:cee25a834751 10668
wolfSSL 11:cee25a834751 10669 bio->memLen = len;
wolfSSL 11:cee25a834751 10670 bio->mem = (byte*)XMALLOC(len, 0, DYNAMIC_TYPE_OPENSSL);
wolfSSL 11:cee25a834751 10671 if (bio->mem == NULL) {
wolfSSL 11:cee25a834751 10672 XFREE(bio, 0, DYNAMIC_TYPE_OPENSSL);
wolfSSL 11:cee25a834751 10673 return NULL;
wolfSSL 11:cee25a834751 10674 }
wolfSSL 11:cee25a834751 10675
wolfSSL 11:cee25a834751 10676 XMEMCPY(bio->mem, buf, len);
wolfSSL 11:cee25a834751 10677
wolfSSL 11:cee25a834751 10678 return bio;
wolfSSL 11:cee25a834751 10679 }
wolfSSL 11:cee25a834751 10680
wolfSSL 11:cee25a834751 10681
wolfSSL 11:cee25a834751 10682 #ifdef USE_WINDOWS_API
wolfSSL 11:cee25a834751 10683 #define CloseSocket(s) closesocket(s)
wolfSSL 11:cee25a834751 10684 #elif defined(WOLFSSL_MDK_ARM) || defined(WOLFSSL_KEIL_TCP_NET)
wolfSSL 11:cee25a834751 10685 #define CloseSocket(s) closesocket(s)
wolfSSL 11:cee25a834751 10686 extern int closesocket(int) ;
wolfSSL 11:cee25a834751 10687 #else
wolfSSL 11:cee25a834751 10688 #define CloseSocket(s) close(s)
wolfSSL 11:cee25a834751 10689 #endif
wolfSSL 11:cee25a834751 10690
wolfSSL 11:cee25a834751 10691 int wolfSSL_BIO_free(WOLFSSL_BIO* bio)
wolfSSL 11:cee25a834751 10692 {
wolfSSL 11:cee25a834751 10693 /* unchain?, doesn't matter in goahead since from free all */
wolfSSL 11:cee25a834751 10694 WOLFSSL_ENTER("wolfSSL_BIO_free");
wolfSSL 11:cee25a834751 10695 if (bio) {
wolfSSL 11:cee25a834751 10696 /* remove from pair by setting the paired bios pair to NULL */
wolfSSL 11:cee25a834751 10697 if (bio->pair != NULL) {
wolfSSL 11:cee25a834751 10698 bio->pair->pair = NULL;
wolfSSL 11:cee25a834751 10699 }
wolfSSL 11:cee25a834751 10700
wolfSSL 11:cee25a834751 10701 if (bio->close) {
wolfSSL 11:cee25a834751 10702 if (bio->ssl)
wolfSSL 11:cee25a834751 10703 wolfSSL_free(bio->ssl);
wolfSSL 11:cee25a834751 10704 if (bio->fd)
wolfSSL 11:cee25a834751 10705 CloseSocket(bio->fd);
wolfSSL 11:cee25a834751 10706 }
wolfSSL 11:cee25a834751 10707
wolfSSL 11:cee25a834751 10708 #ifndef NO_FILESYSTEM
wolfSSL 11:cee25a834751 10709 if (bio->type == BIO_FILE && bio->close == BIO_CLOSE) {
wolfSSL 11:cee25a834751 10710 if (bio->file) {
wolfSSL 11:cee25a834751 10711 XFCLOSE(bio->file);
wolfSSL 11:cee25a834751 10712 }
wolfSSL 11:cee25a834751 10713 }
wolfSSL 11:cee25a834751 10714 #endif
wolfSSL 11:cee25a834751 10715
wolfSSL 11:cee25a834751 10716 if (bio->mem)
wolfSSL 11:cee25a834751 10717 XFREE(bio->mem, bio->heap, DYNAMIC_TYPE_OPENSSL);
wolfSSL 11:cee25a834751 10718 XFREE(bio, bio->heap, DYNAMIC_TYPE_OPENSSL);
wolfSSL 11:cee25a834751 10719 }
wolfSSL 11:cee25a834751 10720 return 0;
wolfSSL 11:cee25a834751 10721 }
wolfSSL 11:cee25a834751 10722
wolfSSL 11:cee25a834751 10723
wolfSSL 11:cee25a834751 10724 int wolfSSL_BIO_free_all(WOLFSSL_BIO* bio)
wolfSSL 11:cee25a834751 10725 {
wolfSSL 11:cee25a834751 10726 WOLFSSL_ENTER("BIO_free_all");
wolfSSL 11:cee25a834751 10727 while (bio) {
wolfSSL 11:cee25a834751 10728 WOLFSSL_BIO* next = bio->next;
wolfSSL 11:cee25a834751 10729 wolfSSL_BIO_free(bio);
wolfSSL 11:cee25a834751 10730 bio = next;
wolfSSL 11:cee25a834751 10731 }
wolfSSL 11:cee25a834751 10732 return 0;
wolfSSL 11:cee25a834751 10733 }
wolfSSL 11:cee25a834751 10734
wolfSSL 11:cee25a834751 10735
wolfSSL 11:cee25a834751 10736 static int wolfSSL_BIO_BIO_read(WOLFSSL_BIO* bio, void* buf, int len)
wolfSSL 11:cee25a834751 10737 {
wolfSSL 11:cee25a834751 10738 int sz;
wolfSSL 11:cee25a834751 10739 char* pt;
wolfSSL 11:cee25a834751 10740
wolfSSL 11:cee25a834751 10741 sz = wolfSSL_BIO_nread(bio, &pt, len);
wolfSSL 11:cee25a834751 10742
wolfSSL 11:cee25a834751 10743 if (sz > 0) {
wolfSSL 11:cee25a834751 10744 XMEMCPY(buf, pt, sz);
wolfSSL 11:cee25a834751 10745 }
wolfSSL 11:cee25a834751 10746
wolfSSL 11:cee25a834751 10747 return sz;
wolfSSL 11:cee25a834751 10748 }
wolfSSL 11:cee25a834751 10749
wolfSSL 11:cee25a834751 10750
wolfSSL 11:cee25a834751 10751 int wolfSSL_BIO_read(WOLFSSL_BIO* bio, void* buf, int len)
wolfSSL 11:cee25a834751 10752 {
wolfSSL 11:cee25a834751 10753 int ret;
wolfSSL 11:cee25a834751 10754 WOLFSSL* ssl = 0;
wolfSSL 11:cee25a834751 10755 WOLFSSL_BIO* front = bio;
wolfSSL 11:cee25a834751 10756
wolfSSL 11:cee25a834751 10757 WOLFSSL_ENTER("wolfSSL_BIO_read");
wolfSSL 11:cee25a834751 10758
wolfSSL 11:cee25a834751 10759 if (bio && bio->type == BIO_BIO) {
wolfSSL 11:cee25a834751 10760 return wolfSSL_BIO_BIO_read(bio, buf, len);
wolfSSL 11:cee25a834751 10761 }
wolfSSL 11:cee25a834751 10762
wolfSSL 11:cee25a834751 10763 #ifndef NO_FILESYSTEM
wolfSSL 11:cee25a834751 10764 if (bio && bio->type == BIO_FILE) {
wolfSSL 11:cee25a834751 10765 return (int)XFREAD(buf, 1, len, bio->file);
wolfSSL 11:cee25a834751 10766 }
wolfSSL 11:cee25a834751 10767 #endif
wolfSSL 11:cee25a834751 10768 if (bio && bio->type == BIO_MEMORY) {
wolfSSL 11:cee25a834751 10769 len = min(len, bio->memLen);
wolfSSL 11:cee25a834751 10770 XMEMCPY(buf, bio->mem, len);
wolfSSL 11:cee25a834751 10771 return len;
wolfSSL 11:cee25a834751 10772 }
wolfSSL 11:cee25a834751 10773
wolfSSL 11:cee25a834751 10774 /* already got eof, again is error */
wolfSSL 11:cee25a834751 10775 if (bio && front->eof)
wolfSSL 11:cee25a834751 10776 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 10777
wolfSSL 11:cee25a834751 10778 while(bio && ((ssl = bio->ssl) == 0) )
wolfSSL 11:cee25a834751 10779 bio = bio->next;
wolfSSL 11:cee25a834751 10780
wolfSSL 11:cee25a834751 10781 if (ssl == 0) return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 10782
wolfSSL 11:cee25a834751 10783 ret = wolfSSL_read(ssl, buf, len);
wolfSSL 11:cee25a834751 10784 if (ret == 0)
wolfSSL 11:cee25a834751 10785 front->eof = 1;
wolfSSL 11:cee25a834751 10786 else if (ret < 0) {
wolfSSL 11:cee25a834751 10787 int err = wolfSSL_get_error(ssl, 0);
wolfSSL 11:cee25a834751 10788 if ( !(err == SSL_ERROR_WANT_READ || err == SSL_ERROR_WANT_WRITE) )
wolfSSL 11:cee25a834751 10789 front->eof = 1;
wolfSSL 11:cee25a834751 10790 }
wolfSSL 11:cee25a834751 10791 return ret;
wolfSSL 11:cee25a834751 10792 }
wolfSSL 11:cee25a834751 10793
wolfSSL 11:cee25a834751 10794
wolfSSL 11:cee25a834751 10795 static int wolfSSL_BIO_BIO_write(WOLFSSL_BIO* bio, const void* data,
wolfSSL 11:cee25a834751 10796 int len)
wolfSSL 11:cee25a834751 10797 {
wolfSSL 11:cee25a834751 10798 /* internal function where arguments have already been sanity checked */
wolfSSL 11:cee25a834751 10799 int sz;
wolfSSL 11:cee25a834751 10800 char* buf;
wolfSSL 11:cee25a834751 10801
wolfSSL 11:cee25a834751 10802 sz = wolfSSL_BIO_nwrite(bio, &buf, len);
wolfSSL 11:cee25a834751 10803
wolfSSL 11:cee25a834751 10804 /* test space for write */
wolfSSL 11:cee25a834751 10805 if (sz <= 0) {
wolfSSL 11:cee25a834751 10806 WOLFSSL_MSG("No room left to write");
wolfSSL 11:cee25a834751 10807 return sz;
wolfSSL 11:cee25a834751 10808 }
wolfSSL 11:cee25a834751 10809
wolfSSL 11:cee25a834751 10810 XMEMCPY(buf, data, sz);
wolfSSL 11:cee25a834751 10811
wolfSSL 11:cee25a834751 10812 return sz;
wolfSSL 11:cee25a834751 10813 }
wolfSSL 11:cee25a834751 10814
wolfSSL 11:cee25a834751 10815
wolfSSL 11:cee25a834751 10816 int wolfSSL_BIO_write(WOLFSSL_BIO* bio, const void* data, int len)
wolfSSL 11:cee25a834751 10817 {
wolfSSL 11:cee25a834751 10818 int ret;
wolfSSL 11:cee25a834751 10819 WOLFSSL* ssl = 0;
wolfSSL 11:cee25a834751 10820 WOLFSSL_BIO* front = bio;
wolfSSL 11:cee25a834751 10821 byte* p;
wolfSSL 11:cee25a834751 10822
wolfSSL 11:cee25a834751 10823 WOLFSSL_ENTER("wolfSSL_BIO_write");
wolfSSL 11:cee25a834751 10824
wolfSSL 11:cee25a834751 10825 if (bio && bio->type == BIO_BIO) {
wolfSSL 11:cee25a834751 10826 return wolfSSL_BIO_BIO_write(bio, data, len);
wolfSSL 11:cee25a834751 10827 }
wolfSSL 11:cee25a834751 10828
wolfSSL 11:cee25a834751 10829 #ifndef NO_FILESYSTEM
wolfSSL 11:cee25a834751 10830 if (bio && bio->type == BIO_FILE) {
wolfSSL 11:cee25a834751 10831 return (int)XFWRITE(data, 1, len, bio->file);
wolfSSL 11:cee25a834751 10832 }
wolfSSL 11:cee25a834751 10833 #endif
wolfSSL 11:cee25a834751 10834
wolfSSL 11:cee25a834751 10835 if (bio && bio->type == BIO_MEMORY) {
wolfSSL 11:cee25a834751 10836 /* Make buffer big enough to hold new data. */
wolfSSL 11:cee25a834751 10837 if (bio->mem == NULL) {
wolfSSL 11:cee25a834751 10838 bio->mem = (byte*)XMALLOC(len, bio->heap, DYNAMIC_TYPE_OPENSSL);
wolfSSL 11:cee25a834751 10839 if (bio->mem == NULL)
wolfSSL 11:cee25a834751 10840 return -1;
wolfSSL 11:cee25a834751 10841 p = bio->mem;
wolfSSL 11:cee25a834751 10842 }
wolfSSL 11:cee25a834751 10843 else {
wolfSSL 11:cee25a834751 10844 p = (byte*)XMALLOC(len + bio->memLen, bio->heap,
wolfSSL 11:cee25a834751 10845 DYNAMIC_TYPE_OPENSSL);
wolfSSL 11:cee25a834751 10846 if (p == NULL)
wolfSSL 11:cee25a834751 10847 return -1;
wolfSSL 11:cee25a834751 10848 XMEMCPY(p, bio->mem, bio->memLen);
wolfSSL 11:cee25a834751 10849 XFREE(bio->mem, bio->heap, DYNAMIC_TYPE_OPENSSL);
wolfSSL 11:cee25a834751 10850 bio->mem = p;
wolfSSL 11:cee25a834751 10851 p += bio->memLen;
wolfSSL 11:cee25a834751 10852 }
wolfSSL 11:cee25a834751 10853
wolfSSL 11:cee25a834751 10854 /* Put data on the end of the buffer. */
wolfSSL 11:cee25a834751 10855 XMEMCPY(p, data, len);
wolfSSL 11:cee25a834751 10856 bio->memLen += len;
wolfSSL 11:cee25a834751 10857
wolfSSL 11:cee25a834751 10858 return len;
wolfSSL 11:cee25a834751 10859 }
wolfSSL 11:cee25a834751 10860
wolfSSL 11:cee25a834751 10861 /* already got eof, again is error */
wolfSSL 11:cee25a834751 10862 if (bio && front->eof)
wolfSSL 11:cee25a834751 10863 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 10864
wolfSSL 11:cee25a834751 10865 while(bio && ((ssl = bio->ssl) == 0) )
wolfSSL 11:cee25a834751 10866 bio = bio->next;
wolfSSL 11:cee25a834751 10867
wolfSSL 11:cee25a834751 10868 if (ssl == 0) return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 10869
wolfSSL 11:cee25a834751 10870 ret = wolfSSL_write(ssl, data, len);
wolfSSL 11:cee25a834751 10871 if (ret == 0)
wolfSSL 11:cee25a834751 10872 front->eof = 1;
wolfSSL 11:cee25a834751 10873 else if (ret < 0) {
wolfSSL 11:cee25a834751 10874 int err = wolfSSL_get_error(ssl, 0);
wolfSSL 11:cee25a834751 10875 if ( !(err == SSL_ERROR_WANT_READ || err == SSL_ERROR_WANT_WRITE) )
wolfSSL 11:cee25a834751 10876 front->eof = 1;
wolfSSL 11:cee25a834751 10877 }
wolfSSL 11:cee25a834751 10878
wolfSSL 11:cee25a834751 10879 return ret;
wolfSSL 11:cee25a834751 10880 }
wolfSSL 11:cee25a834751 10881
wolfSSL 11:cee25a834751 10882
wolfSSL 11:cee25a834751 10883 WOLFSSL_BIO* wolfSSL_BIO_push(WOLFSSL_BIO* top, WOLFSSL_BIO* append)
wolfSSL 11:cee25a834751 10884 {
wolfSSL 11:cee25a834751 10885 WOLFSSL_ENTER("BIO_push");
wolfSSL 11:cee25a834751 10886 top->next = append;
wolfSSL 11:cee25a834751 10887 append->prev = top;
wolfSSL 11:cee25a834751 10888
wolfSSL 11:cee25a834751 10889 return top;
wolfSSL 11:cee25a834751 10890 }
wolfSSL 11:cee25a834751 10891
wolfSSL 11:cee25a834751 10892
wolfSSL 11:cee25a834751 10893 int wolfSSL_BIO_flush(WOLFSSL_BIO* bio)
wolfSSL 11:cee25a834751 10894 {
wolfSSL 11:cee25a834751 10895 /* for wolfSSL no flushing needed */
wolfSSL 11:cee25a834751 10896 WOLFSSL_ENTER("BIO_flush");
wolfSSL 11:cee25a834751 10897 (void)bio;
wolfSSL 11:cee25a834751 10898 return 1;
wolfSSL 11:cee25a834751 10899 }
wolfSSL 11:cee25a834751 10900
wolfSSL 11:cee25a834751 10901
wolfSSL 11:cee25a834751 10902 #endif /* OPENSSL_EXTRA || GOAHEAD_WS */
wolfSSL 11:cee25a834751 10903
wolfSSL 11:cee25a834751 10904
wolfSSL 11:cee25a834751 10905 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
wolfSSL 11:cee25a834751 10906
wolfSSL 11:cee25a834751 10907 void wolfSSL_CTX_set_default_passwd_cb_userdata(WOLFSSL_CTX* ctx,
wolfSSL 11:cee25a834751 10908 void* userdata)
wolfSSL 11:cee25a834751 10909 {
wolfSSL 11:cee25a834751 10910 WOLFSSL_ENTER("SSL_CTX_set_default_passwd_cb_userdata");
wolfSSL 11:cee25a834751 10911 ctx->userdata = userdata;
wolfSSL 11:cee25a834751 10912 }
wolfSSL 11:cee25a834751 10913
wolfSSL 11:cee25a834751 10914
wolfSSL 11:cee25a834751 10915 void wolfSSL_CTX_set_default_passwd_cb(WOLFSSL_CTX* ctx,pem_password_cb* cb)
wolfSSL 11:cee25a834751 10916 {
wolfSSL 11:cee25a834751 10917 WOLFSSL_ENTER("SSL_CTX_set_default_passwd_cb");
wolfSSL 11:cee25a834751 10918 if (ctx != NULL) {
wolfSSL 11:cee25a834751 10919 ctx->passwd_cb = cb;
wolfSSL 11:cee25a834751 10920 }
wolfSSL 11:cee25a834751 10921 }
wolfSSL 11:cee25a834751 10922
wolfSSL 11:cee25a834751 10923 int wolfSSL_num_locks(void)
wolfSSL 11:cee25a834751 10924 {
wolfSSL 11:cee25a834751 10925 return 0;
wolfSSL 11:cee25a834751 10926 }
wolfSSL 11:cee25a834751 10927
wolfSSL 11:cee25a834751 10928 void wolfSSL_set_locking_callback(void (*f)(int, int, const char*, int))
wolfSSL 11:cee25a834751 10929 {
wolfSSL 11:cee25a834751 10930 (void)f;
wolfSSL 11:cee25a834751 10931 }
wolfSSL 11:cee25a834751 10932
wolfSSL 11:cee25a834751 10933 void wolfSSL_set_id_callback(unsigned long (*f)(void))
wolfSSL 11:cee25a834751 10934 {
wolfSSL 11:cee25a834751 10935 (void)f;
wolfSSL 11:cee25a834751 10936 }
wolfSSL 11:cee25a834751 10937
wolfSSL 11:cee25a834751 10938 unsigned long wolfSSL_ERR_get_error(void)
wolfSSL 11:cee25a834751 10939 {
wolfSSL 11:cee25a834751 10940 WOLFSSL_ENTER("wolfSSL_ERR_get_error");
wolfSSL 11:cee25a834751 10941
wolfSSL 11:cee25a834751 10942 #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
wolfSSL 11:cee25a834751 10943 {
wolfSSL 11:cee25a834751 10944 unsigned long ret = wolfSSL_ERR_peek_error_line_data(NULL, NULL,
wolfSSL 11:cee25a834751 10945 NULL, NULL);
wolfSSL 11:cee25a834751 10946 wc_RemoveErrorNode(-1);
wolfSSL 11:cee25a834751 10947 return ret;
wolfSSL 11:cee25a834751 10948 }
wolfSSL 11:cee25a834751 10949 #else
wolfSSL 11:cee25a834751 10950 return (unsigned long)(0 - NOT_COMPILED_IN);
wolfSSL 11:cee25a834751 10951 #endif
wolfSSL 11:cee25a834751 10952 }
wolfSSL 11:cee25a834751 10953
wolfSSL 11:cee25a834751 10954 #ifndef NO_MD5
wolfSSL 11:cee25a834751 10955
wolfSSL 11:cee25a834751 10956 int wolfSSL_EVP_BytesToKey(const WOLFSSL_EVP_CIPHER* type,
wolfSSL 11:cee25a834751 10957 const WOLFSSL_EVP_MD* md, const byte* salt,
wolfSSL 11:cee25a834751 10958 const byte* data, int sz, int count, byte* key, byte* iv)
wolfSSL 11:cee25a834751 10959 {
wolfSSL 11:cee25a834751 10960 int keyLen = 0;
wolfSSL 11:cee25a834751 10961 int ivLen = 0;
wolfSSL 11:cee25a834751 10962 int j;
wolfSSL 11:cee25a834751 10963 int keyLeft;
wolfSSL 11:cee25a834751 10964 int ivLeft;
wolfSSL 11:cee25a834751 10965 int keyOutput = 0;
wolfSSL 11:cee25a834751 10966 byte digest[MD5_DIGEST_SIZE];
wolfSSL 11:cee25a834751 10967 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 10968 Md5* md5 = NULL;
wolfSSL 11:cee25a834751 10969 #else
wolfSSL 11:cee25a834751 10970 Md5 md5[1];
wolfSSL 11:cee25a834751 10971 #endif
wolfSSL 11:cee25a834751 10972
wolfSSL 11:cee25a834751 10973 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 10974 md5 = (Md5*)XMALLOC(sizeof(Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 10975 if (md5 == NULL)
wolfSSL 11:cee25a834751 10976 return 0;
wolfSSL 11:cee25a834751 10977 #endif
wolfSSL 11:cee25a834751 10978
wolfSSL 11:cee25a834751 10979 (void)type;
wolfSSL 11:cee25a834751 10980
wolfSSL 11:cee25a834751 10981 WOLFSSL_ENTER("wolfSSL_EVP_BytesToKey");
wolfSSL 11:cee25a834751 10982
wolfSSL 11:cee25a834751 10983 if (wc_InitMd5(md5) != 0) {
wolfSSL 11:cee25a834751 10984 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 10985 XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 10986 #endif
wolfSSL 11:cee25a834751 10987 return 0;
wolfSSL 11:cee25a834751 10988 }
wolfSSL 11:cee25a834751 10989
wolfSSL 11:cee25a834751 10990 /* only support MD5 for now */
wolfSSL 11:cee25a834751 10991 if (XSTRNCMP(md, "MD5", 3) != 0) {
wolfSSL 11:cee25a834751 10992 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 10993 XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 10994 #endif
wolfSSL 11:cee25a834751 10995 return 0;
wolfSSL 11:cee25a834751 10996 }
wolfSSL 11:cee25a834751 10997
wolfSSL 11:cee25a834751 10998 /* only support CBC DES and AES for now */
wolfSSL 11:cee25a834751 10999 #ifndef NO_DES3
wolfSSL 11:cee25a834751 11000 if (XSTRNCMP(type, EVP_DES_CBC, EVP_DES_SIZE) == 0) {
wolfSSL 11:cee25a834751 11001 keyLen = DES_KEY_SIZE;
wolfSSL 11:cee25a834751 11002 ivLen = DES_IV_SIZE;
wolfSSL 11:cee25a834751 11003 }
wolfSSL 11:cee25a834751 11004 else if (XSTRNCMP(type, EVP_DES_EDE3_CBC, EVP_DES_EDE3_SIZE) == 0) {
wolfSSL 11:cee25a834751 11005 keyLen = DES3_KEY_SIZE;
wolfSSL 11:cee25a834751 11006 ivLen = DES_IV_SIZE;
wolfSSL 11:cee25a834751 11007 }
wolfSSL 11:cee25a834751 11008 else
wolfSSL 11:cee25a834751 11009 #endif /* NO_DES3 */
wolfSSL 11:cee25a834751 11010 #ifndef NO_AES
wolfSSL 11:cee25a834751 11011 if (XSTRNCMP(type, EVP_AES_128_CBC, EVP_AES_SIZE) == 0) {
wolfSSL 11:cee25a834751 11012 keyLen = AES_128_KEY_SIZE;
wolfSSL 11:cee25a834751 11013 ivLen = AES_IV_SIZE;
wolfSSL 11:cee25a834751 11014 }
wolfSSL 11:cee25a834751 11015 else if (XSTRNCMP(type, EVP_AES_192_CBC, EVP_AES_SIZE) == 0) {
wolfSSL 11:cee25a834751 11016 keyLen = AES_192_KEY_SIZE;
wolfSSL 11:cee25a834751 11017 ivLen = AES_IV_SIZE;
wolfSSL 11:cee25a834751 11018 }
wolfSSL 11:cee25a834751 11019 else if (XSTRNCMP(type, EVP_AES_256_CBC, EVP_AES_SIZE) == 0) {
wolfSSL 11:cee25a834751 11020 keyLen = AES_256_KEY_SIZE;
wolfSSL 11:cee25a834751 11021 ivLen = AES_IV_SIZE;
wolfSSL 11:cee25a834751 11022 }
wolfSSL 11:cee25a834751 11023 else
wolfSSL 11:cee25a834751 11024 #endif /* NO_AES */
wolfSSL 11:cee25a834751 11025 {
wolfSSL 11:cee25a834751 11026 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 11027 XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 11028 #endif
wolfSSL 11:cee25a834751 11029 return 0;
wolfSSL 11:cee25a834751 11030 }
wolfSSL 11:cee25a834751 11031
wolfSSL 11:cee25a834751 11032 keyLeft = keyLen;
wolfSSL 11:cee25a834751 11033 ivLeft = ivLen;
wolfSSL 11:cee25a834751 11034
wolfSSL 11:cee25a834751 11035 while (keyOutput < (keyLen + ivLen)) {
wolfSSL 11:cee25a834751 11036 int digestLeft = MD5_DIGEST_SIZE;
wolfSSL 11:cee25a834751 11037 /* D_(i - 1) */
wolfSSL 11:cee25a834751 11038 if (keyOutput) /* first time D_0 is empty */
wolfSSL 11:cee25a834751 11039 wc_Md5Update(md5, digest, MD5_DIGEST_SIZE);
wolfSSL 11:cee25a834751 11040 /* data */
wolfSSL 11:cee25a834751 11041 wc_Md5Update(md5, data, sz);
wolfSSL 11:cee25a834751 11042 /* salt */
wolfSSL 11:cee25a834751 11043 if (salt)
wolfSSL 11:cee25a834751 11044 wc_Md5Update(md5, salt, EVP_SALT_SIZE);
wolfSSL 11:cee25a834751 11045 wc_Md5Final(md5, digest);
wolfSSL 11:cee25a834751 11046 /* count */
wolfSSL 11:cee25a834751 11047 for (j = 1; j < count; j++) {
wolfSSL 11:cee25a834751 11048 wc_Md5Update(md5, digest, MD5_DIGEST_SIZE);
wolfSSL 11:cee25a834751 11049 wc_Md5Final(md5, digest);
wolfSSL 11:cee25a834751 11050 }
wolfSSL 11:cee25a834751 11051
wolfSSL 11:cee25a834751 11052 if (keyLeft) {
wolfSSL 11:cee25a834751 11053 int store = min(keyLeft, MD5_DIGEST_SIZE);
wolfSSL 11:cee25a834751 11054 XMEMCPY(&key[keyLen - keyLeft], digest, store);
wolfSSL 11:cee25a834751 11055
wolfSSL 11:cee25a834751 11056 keyOutput += store;
wolfSSL 11:cee25a834751 11057 keyLeft -= store;
wolfSSL 11:cee25a834751 11058 digestLeft -= store;
wolfSSL 11:cee25a834751 11059 }
wolfSSL 11:cee25a834751 11060
wolfSSL 11:cee25a834751 11061 if (ivLeft && digestLeft) {
wolfSSL 11:cee25a834751 11062 int store = min(ivLeft, digestLeft);
wolfSSL 11:cee25a834751 11063 if (iv != NULL)
wolfSSL 11:cee25a834751 11064 XMEMCPY(&iv[ivLen - ivLeft],
wolfSSL 11:cee25a834751 11065 &digest[MD5_DIGEST_SIZE - digestLeft], store);
wolfSSL 11:cee25a834751 11066 keyOutput += store;
wolfSSL 11:cee25a834751 11067 ivLeft -= store;
wolfSSL 11:cee25a834751 11068 }
wolfSSL 11:cee25a834751 11069 }
wolfSSL 11:cee25a834751 11070
wolfSSL 11:cee25a834751 11071 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 11072 XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 11073 #endif
wolfSSL 11:cee25a834751 11074
wolfSSL 11:cee25a834751 11075 return keyOutput == (keyLen + ivLen) ? keyOutput : 0;
wolfSSL 11:cee25a834751 11076 }
wolfSSL 11:cee25a834751 11077
wolfSSL 11:cee25a834751 11078 #endif /* NO_MD5 */
wolfSSL 11:cee25a834751 11079
wolfSSL 11:cee25a834751 11080 #endif /* OPENSSL_EXTRA || HAVE_WEBSERVER */
wolfSSL 11:cee25a834751 11081
wolfSSL 11:cee25a834751 11082
wolfSSL 11:cee25a834751 11083 #ifdef OPENSSL_EXTRA
wolfSSL 11:cee25a834751 11084
wolfSSL 11:cee25a834751 11085 #if !defined(NO_WOLFSSL_SERVER)
wolfSSL 11:cee25a834751 11086 size_t wolfSSL_get_server_random(const WOLFSSL *ssl, unsigned char *out,
wolfSSL 11:cee25a834751 11087 size_t outSz)
wolfSSL 11:cee25a834751 11088 {
wolfSSL 11:cee25a834751 11089 size_t size;
wolfSSL 11:cee25a834751 11090
wolfSSL 11:cee25a834751 11091 /* return max size of buffer */
wolfSSL 11:cee25a834751 11092 if (outSz == 0) {
wolfSSL 11:cee25a834751 11093 return RAN_LEN;
wolfSSL 11:cee25a834751 11094 }
wolfSSL 11:cee25a834751 11095
wolfSSL 11:cee25a834751 11096 if (ssl == NULL || out == NULL) {
wolfSSL 11:cee25a834751 11097 return 0;
wolfSSL 11:cee25a834751 11098 }
wolfSSL 11:cee25a834751 11099
wolfSSL 11:cee25a834751 11100 if (ssl->options.saveArrays == 0 || ssl->arrays == NULL) {
wolfSSL 11:cee25a834751 11101 WOLFSSL_MSG("Arrays struct not saved after handshake");
wolfSSL 11:cee25a834751 11102 return 0;
wolfSSL 11:cee25a834751 11103 }
wolfSSL 11:cee25a834751 11104
wolfSSL 11:cee25a834751 11105 if (outSz > RAN_LEN) {
wolfSSL 11:cee25a834751 11106 size = RAN_LEN;
wolfSSL 11:cee25a834751 11107 }
wolfSSL 11:cee25a834751 11108 else {
wolfSSL 11:cee25a834751 11109 size = outSz;
wolfSSL 11:cee25a834751 11110 }
wolfSSL 11:cee25a834751 11111
wolfSSL 11:cee25a834751 11112 XMEMCPY(out, ssl->arrays->serverRandom, size);
wolfSSL 11:cee25a834751 11113 return size;
wolfSSL 11:cee25a834751 11114 }
wolfSSL 11:cee25a834751 11115 #endif /* !defined(NO_WOLFSSL_SERVER) */
wolfSSL 11:cee25a834751 11116
wolfSSL 11:cee25a834751 11117
wolfSSL 11:cee25a834751 11118 #if !defined(NO_WOLFSSL_CLIENT)
wolfSSL 11:cee25a834751 11119 /* Return the amount of random bytes copied over or error case.
wolfSSL 11:cee25a834751 11120 * ssl : ssl struct after handshake
wolfSSL 11:cee25a834751 11121 * out : buffer to hold random bytes
wolfSSL 11:cee25a834751 11122 * outSz : either 0 (return max buffer sz) or size of out buffer
wolfSSL 11:cee25a834751 11123 *
wolfSSL 11:cee25a834751 11124 * NOTE: wolfSSL_KeepArrays(ssl) must be called to retain handshake information.
wolfSSL 11:cee25a834751 11125 */
wolfSSL 11:cee25a834751 11126 size_t wolfSSL_get_client_random(const WOLFSSL* ssl, unsigned char* out,
wolfSSL 11:cee25a834751 11127 size_t outSz)
wolfSSL 11:cee25a834751 11128 {
wolfSSL 11:cee25a834751 11129 size_t size;
wolfSSL 11:cee25a834751 11130
wolfSSL 11:cee25a834751 11131 /* return max size of buffer */
wolfSSL 11:cee25a834751 11132 if (outSz == 0) {
wolfSSL 11:cee25a834751 11133 return RAN_LEN;
wolfSSL 11:cee25a834751 11134 }
wolfSSL 11:cee25a834751 11135
wolfSSL 11:cee25a834751 11136 if (ssl == NULL || out == NULL) {
wolfSSL 11:cee25a834751 11137 return 0;
wolfSSL 11:cee25a834751 11138 }
wolfSSL 11:cee25a834751 11139
wolfSSL 11:cee25a834751 11140 if (ssl->options.saveArrays == 0 || ssl->arrays == NULL) {
wolfSSL 11:cee25a834751 11141 WOLFSSL_MSG("Arrays struct not saved after handshake");
wolfSSL 11:cee25a834751 11142 return 0;
wolfSSL 11:cee25a834751 11143 }
wolfSSL 11:cee25a834751 11144
wolfSSL 11:cee25a834751 11145 if (outSz > RAN_LEN) {
wolfSSL 11:cee25a834751 11146 size = RAN_LEN;
wolfSSL 11:cee25a834751 11147 }
wolfSSL 11:cee25a834751 11148 else {
wolfSSL 11:cee25a834751 11149 size = outSz;
wolfSSL 11:cee25a834751 11150 }
wolfSSL 11:cee25a834751 11151
wolfSSL 11:cee25a834751 11152 XMEMCPY(out, ssl->arrays->clientRandom, size);
wolfSSL 11:cee25a834751 11153 return size;
wolfSSL 11:cee25a834751 11154 }
wolfSSL 11:cee25a834751 11155 #endif /* !defined(NO_WOLFSSL_CLIENT) */
wolfSSL 11:cee25a834751 11156
wolfSSL 11:cee25a834751 11157
wolfSSL 11:cee25a834751 11158 unsigned long wolfSSLeay(void)
wolfSSL 11:cee25a834751 11159 {
wolfSSL 11:cee25a834751 11160 return SSLEAY_VERSION_NUMBER;
wolfSSL 11:cee25a834751 11161 }
wolfSSL 11:cee25a834751 11162
wolfSSL 11:cee25a834751 11163
wolfSSL 11:cee25a834751 11164 const char* wolfSSLeay_version(int type)
wolfSSL 11:cee25a834751 11165 {
wolfSSL 11:cee25a834751 11166 static const char* version = "SSLeay wolfSSL compatibility";
wolfSSL 11:cee25a834751 11167 (void)type;
wolfSSL 11:cee25a834751 11168 return version;
wolfSSL 11:cee25a834751 11169 }
wolfSSL 11:cee25a834751 11170
wolfSSL 11:cee25a834751 11171
wolfSSL 11:cee25a834751 11172 #ifndef NO_MD5
wolfSSL 11:cee25a834751 11173 void wolfSSL_MD5_Init(WOLFSSL_MD5_CTX* md5)
wolfSSL 11:cee25a834751 11174 {
wolfSSL 11:cee25a834751 11175 int ret;
wolfSSL 11:cee25a834751 11176 typedef char md5_test[sizeof(MD5_CTX) >= sizeof(Md5) ? 1 : -1];
wolfSSL 11:cee25a834751 11177 (void)sizeof(md5_test);
wolfSSL 11:cee25a834751 11178
wolfSSL 11:cee25a834751 11179 WOLFSSL_ENTER("MD5_Init");
wolfSSL 11:cee25a834751 11180 ret = wc_InitMd5((Md5*)md5);
wolfSSL 11:cee25a834751 11181 (void)ret;
wolfSSL 11:cee25a834751 11182 }
wolfSSL 11:cee25a834751 11183
wolfSSL 11:cee25a834751 11184
wolfSSL 11:cee25a834751 11185 void wolfSSL_MD5_Update(WOLFSSL_MD5_CTX* md5, const void* input,
wolfSSL 11:cee25a834751 11186 unsigned long sz)
wolfSSL 11:cee25a834751 11187 {
wolfSSL 11:cee25a834751 11188 WOLFSSL_ENTER("wolfSSL_MD5_Update");
wolfSSL 11:cee25a834751 11189 wc_Md5Update((Md5*)md5, (const byte*)input, (word32)sz);
wolfSSL 11:cee25a834751 11190 }
wolfSSL 11:cee25a834751 11191
wolfSSL 11:cee25a834751 11192
wolfSSL 11:cee25a834751 11193 void wolfSSL_MD5_Final(byte* input, WOLFSSL_MD5_CTX* md5)
wolfSSL 11:cee25a834751 11194 {
wolfSSL 11:cee25a834751 11195 WOLFSSL_ENTER("MD5_Final");
wolfSSL 11:cee25a834751 11196 wc_Md5Final((Md5*)md5, input);
wolfSSL 11:cee25a834751 11197 }
wolfSSL 11:cee25a834751 11198 #endif /* NO_MD5 */
wolfSSL 11:cee25a834751 11199
wolfSSL 11:cee25a834751 11200
wolfSSL 11:cee25a834751 11201 #ifndef NO_SHA
wolfSSL 11:cee25a834751 11202 void wolfSSL_SHA_Init(WOLFSSL_SHA_CTX* sha)
wolfSSL 11:cee25a834751 11203 {
wolfSSL 11:cee25a834751 11204 typedef char sha_test[sizeof(SHA_CTX) >= sizeof(Sha) ? 1 : -1];
wolfSSL 11:cee25a834751 11205 (void)sizeof(sha_test);
wolfSSL 11:cee25a834751 11206
wolfSSL 11:cee25a834751 11207 WOLFSSL_ENTER("SHA_Init");
wolfSSL 11:cee25a834751 11208 wc_InitSha((Sha*)sha); /* OpenSSL compat, no ret */
wolfSSL 11:cee25a834751 11209 }
wolfSSL 11:cee25a834751 11210
wolfSSL 11:cee25a834751 11211
wolfSSL 11:cee25a834751 11212 void wolfSSL_SHA_Update(WOLFSSL_SHA_CTX* sha, const void* input,
wolfSSL 11:cee25a834751 11213 unsigned long sz)
wolfSSL 11:cee25a834751 11214 {
wolfSSL 11:cee25a834751 11215 WOLFSSL_ENTER("SHA_Update");
wolfSSL 11:cee25a834751 11216 wc_ShaUpdate((Sha*)sha, (const byte*)input, (word32)sz);
wolfSSL 11:cee25a834751 11217 }
wolfSSL 11:cee25a834751 11218
wolfSSL 11:cee25a834751 11219
wolfSSL 11:cee25a834751 11220 void wolfSSL_SHA_Final(byte* input, WOLFSSL_SHA_CTX* sha)
wolfSSL 11:cee25a834751 11221 {
wolfSSL 11:cee25a834751 11222 WOLFSSL_ENTER("SHA_Final");
wolfSSL 11:cee25a834751 11223 wc_ShaFinal((Sha*)sha, input);
wolfSSL 11:cee25a834751 11224 }
wolfSSL 11:cee25a834751 11225
wolfSSL 11:cee25a834751 11226
wolfSSL 11:cee25a834751 11227 void wolfSSL_SHA1_Init(WOLFSSL_SHA_CTX* sha)
wolfSSL 11:cee25a834751 11228 {
wolfSSL 11:cee25a834751 11229 WOLFSSL_ENTER("SHA1_Init");
wolfSSL 11:cee25a834751 11230 SHA_Init(sha);
wolfSSL 11:cee25a834751 11231 }
wolfSSL 11:cee25a834751 11232
wolfSSL 11:cee25a834751 11233
wolfSSL 11:cee25a834751 11234 void wolfSSL_SHA1_Update(WOLFSSL_SHA_CTX* sha, const void* input,
wolfSSL 11:cee25a834751 11235 unsigned long sz)
wolfSSL 11:cee25a834751 11236 {
wolfSSL 11:cee25a834751 11237 WOLFSSL_ENTER("SHA1_Update");
wolfSSL 11:cee25a834751 11238 SHA_Update(sha, input, sz);
wolfSSL 11:cee25a834751 11239 }
wolfSSL 11:cee25a834751 11240
wolfSSL 11:cee25a834751 11241
wolfSSL 11:cee25a834751 11242 void wolfSSL_SHA1_Final(byte* input, WOLFSSL_SHA_CTX* sha)
wolfSSL 11:cee25a834751 11243 {
wolfSSL 11:cee25a834751 11244 WOLFSSL_ENTER("SHA1_Final");
wolfSSL 11:cee25a834751 11245 SHA_Final(input, sha);
wolfSSL 11:cee25a834751 11246 }
wolfSSL 11:cee25a834751 11247 #endif /* NO_SHA */
wolfSSL 11:cee25a834751 11248
wolfSSL 11:cee25a834751 11249 #ifdef WOLFSSL_SHA224
wolfSSL 11:cee25a834751 11250
wolfSSL 11:cee25a834751 11251 void wolfSSL_SHA224_Init(WOLFSSL_SHA224_CTX* sha)
wolfSSL 11:cee25a834751 11252 {
wolfSSL 11:cee25a834751 11253 typedef char sha_test[sizeof(SHA224_CTX) >= sizeof(Sha224) ? 1 : -1];
wolfSSL 11:cee25a834751 11254 (void)sizeof(sha_test);
wolfSSL 11:cee25a834751 11255
wolfSSL 11:cee25a834751 11256 WOLFSSL_ENTER("SHA224_Init");
wolfSSL 11:cee25a834751 11257 wc_InitSha224((Sha224*)sha); /* OpenSSL compat, no error */
wolfSSL 11:cee25a834751 11258 }
wolfSSL 11:cee25a834751 11259
wolfSSL 11:cee25a834751 11260
wolfSSL 11:cee25a834751 11261 void wolfSSL_SHA224_Update(WOLFSSL_SHA224_CTX* sha, const void* input,
wolfSSL 11:cee25a834751 11262 unsigned long sz)
wolfSSL 11:cee25a834751 11263 {
wolfSSL 11:cee25a834751 11264 WOLFSSL_ENTER("SHA224_Update");
wolfSSL 11:cee25a834751 11265 wc_Sha224Update((Sha224*)sha, (const byte*)input, (word32)sz);
wolfSSL 11:cee25a834751 11266 /* OpenSSL compat, no error */
wolfSSL 11:cee25a834751 11267 }
wolfSSL 11:cee25a834751 11268
wolfSSL 11:cee25a834751 11269
wolfSSL 11:cee25a834751 11270 void wolfSSL_SHA224_Final(byte* input, WOLFSSL_SHA224_CTX* sha)
wolfSSL 11:cee25a834751 11271 {
wolfSSL 11:cee25a834751 11272 WOLFSSL_ENTER("SHA224_Final");
wolfSSL 11:cee25a834751 11273 wc_Sha224Final((Sha224*)sha, input);
wolfSSL 11:cee25a834751 11274 /* OpenSSL compat, no error */
wolfSSL 11:cee25a834751 11275 }
wolfSSL 11:cee25a834751 11276
wolfSSL 11:cee25a834751 11277 #endif /* WOLFSSL_SHA224 */
wolfSSL 11:cee25a834751 11278
wolfSSL 11:cee25a834751 11279
wolfSSL 11:cee25a834751 11280 void wolfSSL_SHA256_Init(WOLFSSL_SHA256_CTX* sha256)
wolfSSL 11:cee25a834751 11281 {
wolfSSL 11:cee25a834751 11282 typedef char sha_test[sizeof(SHA256_CTX) >= sizeof(Sha256) ? 1 : -1];
wolfSSL 11:cee25a834751 11283 (void)sizeof(sha_test);
wolfSSL 11:cee25a834751 11284
wolfSSL 11:cee25a834751 11285 WOLFSSL_ENTER("SHA256_Init");
wolfSSL 11:cee25a834751 11286 wc_InitSha256((Sha256*)sha256); /* OpenSSL compat, no error */
wolfSSL 11:cee25a834751 11287 }
wolfSSL 11:cee25a834751 11288
wolfSSL 11:cee25a834751 11289
wolfSSL 11:cee25a834751 11290 void wolfSSL_SHA256_Update(WOLFSSL_SHA256_CTX* sha, const void* input,
wolfSSL 11:cee25a834751 11291 unsigned long sz)
wolfSSL 11:cee25a834751 11292 {
wolfSSL 11:cee25a834751 11293 WOLFSSL_ENTER("SHA256_Update");
wolfSSL 11:cee25a834751 11294 wc_Sha256Update((Sha256*)sha, (const byte*)input, (word32)sz);
wolfSSL 11:cee25a834751 11295 /* OpenSSL compat, no error */
wolfSSL 11:cee25a834751 11296 }
wolfSSL 11:cee25a834751 11297
wolfSSL 11:cee25a834751 11298
wolfSSL 11:cee25a834751 11299 void wolfSSL_SHA256_Final(byte* input, WOLFSSL_SHA256_CTX* sha)
wolfSSL 11:cee25a834751 11300 {
wolfSSL 11:cee25a834751 11301 WOLFSSL_ENTER("SHA256_Final");
wolfSSL 11:cee25a834751 11302 wc_Sha256Final((Sha256*)sha, input);
wolfSSL 11:cee25a834751 11303 /* OpenSSL compat, no error */
wolfSSL 11:cee25a834751 11304 }
wolfSSL 11:cee25a834751 11305
wolfSSL 11:cee25a834751 11306
wolfSSL 11:cee25a834751 11307 #ifdef WOLFSSL_SHA384
wolfSSL 11:cee25a834751 11308
wolfSSL 11:cee25a834751 11309 void wolfSSL_SHA384_Init(WOLFSSL_SHA384_CTX* sha)
wolfSSL 11:cee25a834751 11310 {
wolfSSL 11:cee25a834751 11311 typedef char sha_test[sizeof(SHA384_CTX) >= sizeof(Sha384) ? 1 : -1];
wolfSSL 11:cee25a834751 11312 (void)sizeof(sha_test);
wolfSSL 11:cee25a834751 11313
wolfSSL 11:cee25a834751 11314 WOLFSSL_ENTER("SHA384_Init");
wolfSSL 11:cee25a834751 11315 wc_InitSha384((Sha384*)sha); /* OpenSSL compat, no error */
wolfSSL 11:cee25a834751 11316 }
wolfSSL 11:cee25a834751 11317
wolfSSL 11:cee25a834751 11318
wolfSSL 11:cee25a834751 11319 void wolfSSL_SHA384_Update(WOLFSSL_SHA384_CTX* sha, const void* input,
wolfSSL 11:cee25a834751 11320 unsigned long sz)
wolfSSL 11:cee25a834751 11321 {
wolfSSL 11:cee25a834751 11322 WOLFSSL_ENTER("SHA384_Update");
wolfSSL 11:cee25a834751 11323 wc_Sha384Update((Sha384*)sha, (const byte*)input, (word32)sz);
wolfSSL 11:cee25a834751 11324 /* OpenSSL compat, no error */
wolfSSL 11:cee25a834751 11325 }
wolfSSL 11:cee25a834751 11326
wolfSSL 11:cee25a834751 11327
wolfSSL 11:cee25a834751 11328 void wolfSSL_SHA384_Final(byte* input, WOLFSSL_SHA384_CTX* sha)
wolfSSL 11:cee25a834751 11329 {
wolfSSL 11:cee25a834751 11330 WOLFSSL_ENTER("SHA384_Final");
wolfSSL 11:cee25a834751 11331 wc_Sha384Final((Sha384*)sha, input);
wolfSSL 11:cee25a834751 11332 /* OpenSSL compat, no error */
wolfSSL 11:cee25a834751 11333 }
wolfSSL 11:cee25a834751 11334
wolfSSL 11:cee25a834751 11335 #endif /* WOLFSSL_SHA384 */
wolfSSL 11:cee25a834751 11336
wolfSSL 11:cee25a834751 11337
wolfSSL 11:cee25a834751 11338 #ifdef WOLFSSL_SHA512
wolfSSL 11:cee25a834751 11339
wolfSSL 11:cee25a834751 11340 void wolfSSL_SHA512_Init(WOLFSSL_SHA512_CTX* sha)
wolfSSL 11:cee25a834751 11341 {
wolfSSL 11:cee25a834751 11342 typedef char sha_test[sizeof(SHA512_CTX) >= sizeof(Sha512) ? 1 : -1];
wolfSSL 11:cee25a834751 11343 (void)sizeof(sha_test);
wolfSSL 11:cee25a834751 11344
wolfSSL 11:cee25a834751 11345 WOLFSSL_ENTER("SHA512_Init");
wolfSSL 11:cee25a834751 11346 wc_InitSha512((Sha512*)sha); /* OpenSSL compat, no error */
wolfSSL 11:cee25a834751 11347 }
wolfSSL 11:cee25a834751 11348
wolfSSL 11:cee25a834751 11349
wolfSSL 11:cee25a834751 11350 void wolfSSL_SHA512_Update(WOLFSSL_SHA512_CTX* sha, const void* input,
wolfSSL 11:cee25a834751 11351 unsigned long sz)
wolfSSL 11:cee25a834751 11352 {
wolfSSL 11:cee25a834751 11353 WOLFSSL_ENTER("SHA512_Update");
wolfSSL 11:cee25a834751 11354 wc_Sha512Update((Sha512*)sha, (const byte*)input, (word32)sz);
wolfSSL 11:cee25a834751 11355 /* OpenSSL compat, no error */
wolfSSL 11:cee25a834751 11356 }
wolfSSL 11:cee25a834751 11357
wolfSSL 11:cee25a834751 11358
wolfSSL 11:cee25a834751 11359 void wolfSSL_SHA512_Final(byte* input, WOLFSSL_SHA512_CTX* sha)
wolfSSL 11:cee25a834751 11360 {
wolfSSL 11:cee25a834751 11361 WOLFSSL_ENTER("SHA512_Final");
wolfSSL 11:cee25a834751 11362 wc_Sha512Final((Sha512*)sha, input);
wolfSSL 11:cee25a834751 11363 /* OpenSSL compat, no error */
wolfSSL 11:cee25a834751 11364 }
wolfSSL 11:cee25a834751 11365
wolfSSL 11:cee25a834751 11366 #endif /* WOLFSSL_SHA512 */
wolfSSL 11:cee25a834751 11367
wolfSSL 11:cee25a834751 11368 static struct s_ent{
wolfSSL 11:cee25a834751 11369 const unsigned char macType;
wolfSSL 11:cee25a834751 11370 const char *name;
wolfSSL 11:cee25a834751 11371 } md_tbl[] = {
wolfSSL 11:cee25a834751 11372 #ifndef NO_MD5
wolfSSL 11:cee25a834751 11373 {MD5, "MD5"},
wolfSSL 11:cee25a834751 11374 #endif /* NO_MD5 */
wolfSSL 11:cee25a834751 11375
wolfSSL 11:cee25a834751 11376 #ifndef NO_SHA
wolfSSL 11:cee25a834751 11377 {SHA, "SHA"},
wolfSSL 11:cee25a834751 11378 #endif /* NO_SHA */
wolfSSL 11:cee25a834751 11379
wolfSSL 11:cee25a834751 11380 #ifdef WOLFSSL_SHA224
wolfSSL 11:cee25a834751 11381 {SHA224, "SHA224"},
wolfSSL 11:cee25a834751 11382 #endif /* WOLFSSL_SHA224 */
wolfSSL 11:cee25a834751 11383
wolfSSL 11:cee25a834751 11384 {SHA256, "SHA256"},
wolfSSL 11:cee25a834751 11385
wolfSSL 11:cee25a834751 11386 #ifdef WOLFSSL_SHA384
wolfSSL 11:cee25a834751 11387 {SHA384, "SHA384"},
wolfSSL 11:cee25a834751 11388 #endif /* WOLFSSL_SHA384 */
wolfSSL 11:cee25a834751 11389
wolfSSL 11:cee25a834751 11390 #ifdef WOLFSSL_SHA512
wolfSSL 11:cee25a834751 11391 {SHA512, "SHA512"},
wolfSSL 11:cee25a834751 11392 #endif /* WOLFSSL_SHA512 */
wolfSSL 11:cee25a834751 11393
wolfSSL 11:cee25a834751 11394 {0, NULL}
wolfSSL 11:cee25a834751 11395 } ;
wolfSSL 11:cee25a834751 11396
wolfSSL 11:cee25a834751 11397 const WOLFSSL_EVP_MD *wolfSSL_EVP_get_digestbyname(const char *name)
wolfSSL 11:cee25a834751 11398 {
wolfSSL 11:cee25a834751 11399 static const struct alias {
wolfSSL 11:cee25a834751 11400 const char *name;
wolfSSL 11:cee25a834751 11401 const char *alias;
wolfSSL 11:cee25a834751 11402 } alias_tbl[] =
wolfSSL 11:cee25a834751 11403 {
wolfSSL 11:cee25a834751 11404 {"MD5", "ssl3-md5"},
wolfSSL 11:cee25a834751 11405 {"SHA1", "ssl3-sha1"},
wolfSSL 11:cee25a834751 11406 { NULL, NULL}
wolfSSL 11:cee25a834751 11407 };
wolfSSL 11:cee25a834751 11408
wolfSSL 11:cee25a834751 11409 const struct alias *al ;
wolfSSL 11:cee25a834751 11410 const struct s_ent *ent ;
wolfSSL 11:cee25a834751 11411
wolfSSL 11:cee25a834751 11412 for( al = alias_tbl; al->name != NULL; al++)
wolfSSL 11:cee25a834751 11413 if(XSTRNCMP(name, al->alias, XSTRLEN(al->alias)+1) == 0) {
wolfSSL 11:cee25a834751 11414 name = al->name;
wolfSSL 11:cee25a834751 11415 break;
wolfSSL 11:cee25a834751 11416 }
wolfSSL 11:cee25a834751 11417
wolfSSL 11:cee25a834751 11418 for( ent = md_tbl; ent->name != NULL; ent++)
wolfSSL 11:cee25a834751 11419 if(XSTRNCMP(name, ent->name, XSTRLEN(ent->name)+1) == 0) {
wolfSSL 11:cee25a834751 11420 return (EVP_MD *)ent->name;
wolfSSL 11:cee25a834751 11421 }
wolfSSL 11:cee25a834751 11422 return NULL;
wolfSSL 11:cee25a834751 11423 }
wolfSSL 11:cee25a834751 11424
wolfSSL 11:cee25a834751 11425 static WOLFSSL_EVP_MD *wolfSSL_EVP_get_md(const unsigned char type)
wolfSSL 11:cee25a834751 11426 {
wolfSSL 11:cee25a834751 11427 const struct s_ent *ent ;
wolfSSL 11:cee25a834751 11428 for( ent = md_tbl; ent->macType != 0; ent++)
wolfSSL 11:cee25a834751 11429 if(type == ent->macType) {
wolfSSL 11:cee25a834751 11430 return (WOLFSSL_EVP_MD *)ent->name;
wolfSSL 11:cee25a834751 11431 }
wolfSSL 11:cee25a834751 11432 return 0;
wolfSSL 11:cee25a834751 11433 }
wolfSSL 11:cee25a834751 11434
wolfSSL 11:cee25a834751 11435 int wolfSSL_EVP_MD_type(const WOLFSSL_EVP_MD *md)
wolfSSL 11:cee25a834751 11436 {
wolfSSL 11:cee25a834751 11437 const struct s_ent *ent ;
wolfSSL 11:cee25a834751 11438 for( ent = md_tbl; ent->name != NULL; ent++)
wolfSSL 11:cee25a834751 11439 if(XSTRNCMP((const char *)md, ent->name, XSTRLEN(ent->name)+1) == 0) {
wolfSSL 11:cee25a834751 11440 return ent->macType;
wolfSSL 11:cee25a834751 11441 }
wolfSSL 11:cee25a834751 11442 return 0;
wolfSSL 11:cee25a834751 11443 }
wolfSSL 11:cee25a834751 11444
wolfSSL 11:cee25a834751 11445
wolfSSL 11:cee25a834751 11446 #ifndef NO_MD5
wolfSSL 11:cee25a834751 11447
wolfSSL 11:cee25a834751 11448 const WOLFSSL_EVP_MD* wolfSSL_EVP_md5(void)
wolfSSL 11:cee25a834751 11449 {
wolfSSL 11:cee25a834751 11450 const char* type = EVP_get_digestbyname("MD5");
wolfSSL 11:cee25a834751 11451 WOLFSSL_ENTER("EVP_md5");
wolfSSL 11:cee25a834751 11452 return type;
wolfSSL 11:cee25a834751 11453 }
wolfSSL 11:cee25a834751 11454
wolfSSL 11:cee25a834751 11455 #endif /* NO_MD5 */
wolfSSL 11:cee25a834751 11456
wolfSSL 11:cee25a834751 11457
wolfSSL 11:cee25a834751 11458 #ifndef NO_SHA
wolfSSL 11:cee25a834751 11459 const WOLFSSL_EVP_MD* wolfSSL_EVP_sha1(void)
wolfSSL 11:cee25a834751 11460 {
wolfSSL 11:cee25a834751 11461 const char* type = EVP_get_digestbyname("SHA");
wolfSSL 11:cee25a834751 11462 WOLFSSL_ENTER("EVP_sha1");
wolfSSL 11:cee25a834751 11463 return type;
wolfSSL 11:cee25a834751 11464 }
wolfSSL 11:cee25a834751 11465 #endif /* NO_SHA */
wolfSSL 11:cee25a834751 11466
wolfSSL 11:cee25a834751 11467 #ifdef WOLFSSL_SHA224
wolfSSL 11:cee25a834751 11468
wolfSSL 11:cee25a834751 11469 const WOLFSSL_EVP_MD* wolfSSL_EVP_sha224(void)
wolfSSL 11:cee25a834751 11470 {
wolfSSL 11:cee25a834751 11471 const char* type = EVP_get_digestbyname("SHA224");
wolfSSL 11:cee25a834751 11472 WOLFSSL_ENTER("EVP_sha224");
wolfSSL 11:cee25a834751 11473 return type;
wolfSSL 11:cee25a834751 11474 }
wolfSSL 11:cee25a834751 11475
wolfSSL 11:cee25a834751 11476 #endif /* WOLFSSL_SHA224 */
wolfSSL 11:cee25a834751 11477
wolfSSL 11:cee25a834751 11478
wolfSSL 11:cee25a834751 11479 const WOLFSSL_EVP_MD* wolfSSL_EVP_sha256(void)
wolfSSL 11:cee25a834751 11480 {
wolfSSL 11:cee25a834751 11481 const char* type = EVP_get_digestbyname("SHA256");
wolfSSL 11:cee25a834751 11482 WOLFSSL_ENTER("EVP_sha256");
wolfSSL 11:cee25a834751 11483 return type;
wolfSSL 11:cee25a834751 11484 }
wolfSSL 11:cee25a834751 11485
wolfSSL 11:cee25a834751 11486 #ifdef WOLFSSL_SHA384
wolfSSL 11:cee25a834751 11487
wolfSSL 11:cee25a834751 11488 const WOLFSSL_EVP_MD* wolfSSL_EVP_sha384(void)
wolfSSL 11:cee25a834751 11489 {
wolfSSL 11:cee25a834751 11490 const char* type = EVP_get_digestbyname("SHA384");
wolfSSL 11:cee25a834751 11491 WOLFSSL_ENTER("EVP_sha384");
wolfSSL 11:cee25a834751 11492 return type;
wolfSSL 11:cee25a834751 11493 }
wolfSSL 11:cee25a834751 11494
wolfSSL 11:cee25a834751 11495 #endif /* WOLFSSL_SHA384 */
wolfSSL 11:cee25a834751 11496
wolfSSL 11:cee25a834751 11497 #ifdef WOLFSSL_SHA512
wolfSSL 11:cee25a834751 11498
wolfSSL 11:cee25a834751 11499 const WOLFSSL_EVP_MD* wolfSSL_EVP_sha512(void)
wolfSSL 11:cee25a834751 11500 {
wolfSSL 11:cee25a834751 11501 const char* type = EVP_get_digestbyname("SHA512");
wolfSSL 11:cee25a834751 11502 WOLFSSL_ENTER("EVP_sha512");
wolfSSL 11:cee25a834751 11503 return type;
wolfSSL 11:cee25a834751 11504 }
wolfSSL 11:cee25a834751 11505
wolfSSL 11:cee25a834751 11506 #endif /* WOLFSSL_SHA512 */
wolfSSL 11:cee25a834751 11507
wolfSSL 11:cee25a834751 11508 WOLFSSL_EVP_MD_CTX *wolfSSL_EVP_MD_CTX_new(void)
wolfSSL 11:cee25a834751 11509 {
wolfSSL 11:cee25a834751 11510 WOLFSSL_EVP_MD_CTX* ctx;
wolfSSL 11:cee25a834751 11511 WOLFSSL_ENTER("EVP_MD_CTX_new");
wolfSSL 11:cee25a834751 11512 ctx = (WOLFSSL_EVP_MD_CTX*)XMALLOC(sizeof *ctx, NULL,
wolfSSL 11:cee25a834751 11513 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 11514 if (ctx){
wolfSSL 11:cee25a834751 11515 wolfSSL_EVP_MD_CTX_init(ctx);
wolfSSL 11:cee25a834751 11516 }
wolfSSL 11:cee25a834751 11517 return ctx;
wolfSSL 11:cee25a834751 11518 }
wolfSSL 11:cee25a834751 11519
wolfSSL 11:cee25a834751 11520 WOLFSSL_API void wolfSSL_EVP_MD_CTX_free(WOLFSSL_EVP_MD_CTX *ctx)
wolfSSL 11:cee25a834751 11521 {
wolfSSL 11:cee25a834751 11522 if (ctx) {
wolfSSL 11:cee25a834751 11523 WOLFSSL_ENTER("EVP_MD_CTX_free");
wolfSSL 11:cee25a834751 11524 wolfSSL_EVP_MD_CTX_cleanup(ctx);
wolfSSL 11:cee25a834751 11525 XFREE(ctx, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 11526 }
wolfSSL 11:cee25a834751 11527 }
wolfSSL 11:cee25a834751 11528
wolfSSL 11:cee25a834751 11529 void wolfSSL_EVP_MD_CTX_init(WOLFSSL_EVP_MD_CTX* ctx)
wolfSSL 11:cee25a834751 11530 {
wolfSSL 11:cee25a834751 11531 WOLFSSL_ENTER("EVP_CIPHER_MD_CTX_init");
wolfSSL 11:cee25a834751 11532 XMEMSET(ctx, 0, sizeof(WOLFSSL_EVP_MD_CTX));
wolfSSL 11:cee25a834751 11533 }
wolfSSL 11:cee25a834751 11534
wolfSSL 11:cee25a834751 11535 const WOLFSSL_EVP_MD *wolfSSL_EVP_MD_CTX_md(const WOLFSSL_EVP_MD_CTX *ctx)
wolfSSL 11:cee25a834751 11536 {
wolfSSL 11:cee25a834751 11537 if (!ctx)
wolfSSL 11:cee25a834751 11538 return NULL;
wolfSSL 11:cee25a834751 11539 return (const WOLFSSL_EVP_MD *)wolfSSL_EVP_get_md(ctx->macType);
wolfSSL 11:cee25a834751 11540 }
wolfSSL 11:cee25a834751 11541
wolfSSL 11:cee25a834751 11542 #ifndef NO_AES
wolfSSL 11:cee25a834751 11543
wolfSSL 11:cee25a834751 11544 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_cbc(void)
wolfSSL 11:cee25a834751 11545 {
wolfSSL 11:cee25a834751 11546 WOLFSSL_ENTER("wolfSSL_EVP_aes_128_cbc");
wolfSSL 11:cee25a834751 11547 return EVP_AES_128_CBC;
wolfSSL 11:cee25a834751 11548 }
wolfSSL 11:cee25a834751 11549
wolfSSL 11:cee25a834751 11550
wolfSSL 11:cee25a834751 11551 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_cbc(void)
wolfSSL 11:cee25a834751 11552 {
wolfSSL 11:cee25a834751 11553 WOLFSSL_ENTER("wolfSSL_EVP_aes_192_cbc");
wolfSSL 11:cee25a834751 11554 return EVP_AES_192_CBC;
wolfSSL 11:cee25a834751 11555 }
wolfSSL 11:cee25a834751 11556
wolfSSL 11:cee25a834751 11557
wolfSSL 11:cee25a834751 11558 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_cbc(void)
wolfSSL 11:cee25a834751 11559 {
wolfSSL 11:cee25a834751 11560 WOLFSSL_ENTER("wolfSSL_EVP_aes_256_cbc");
wolfSSL 11:cee25a834751 11561 return EVP_AES_256_CBC;
wolfSSL 11:cee25a834751 11562 }
wolfSSL 11:cee25a834751 11563
wolfSSL 11:cee25a834751 11564
wolfSSL 11:cee25a834751 11565 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_ctr(void)
wolfSSL 11:cee25a834751 11566 {
wolfSSL 11:cee25a834751 11567 WOLFSSL_ENTER("wolfSSL_EVP_aes_128_ctr");
wolfSSL 11:cee25a834751 11568 return EVP_AES_128_CTR;
wolfSSL 11:cee25a834751 11569 }
wolfSSL 11:cee25a834751 11570
wolfSSL 11:cee25a834751 11571
wolfSSL 11:cee25a834751 11572 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_ctr(void)
wolfSSL 11:cee25a834751 11573 {
wolfSSL 11:cee25a834751 11574 WOLFSSL_ENTER("wolfSSL_EVP_aes_192_ctr");
wolfSSL 11:cee25a834751 11575 return EVP_AES_192_CTR;
wolfSSL 11:cee25a834751 11576 }
wolfSSL 11:cee25a834751 11577
wolfSSL 11:cee25a834751 11578
wolfSSL 11:cee25a834751 11579 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_ctr(void)
wolfSSL 11:cee25a834751 11580 {
wolfSSL 11:cee25a834751 11581 WOLFSSL_ENTER("wolfSSL_EVP_aes_256_ctr");
wolfSSL 11:cee25a834751 11582 return EVP_AES_256_CTR;
wolfSSL 11:cee25a834751 11583 }
wolfSSL 11:cee25a834751 11584
wolfSSL 11:cee25a834751 11585 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_ecb(void)
wolfSSL 11:cee25a834751 11586 {
wolfSSL 11:cee25a834751 11587 WOLFSSL_ENTER("wolfSSL_EVP_aes_128_ecb");
wolfSSL 11:cee25a834751 11588 return EVP_AES_128_ECB;
wolfSSL 11:cee25a834751 11589 }
wolfSSL 11:cee25a834751 11590
wolfSSL 11:cee25a834751 11591
wolfSSL 11:cee25a834751 11592 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_ecb(void)
wolfSSL 11:cee25a834751 11593 {
wolfSSL 11:cee25a834751 11594 WOLFSSL_ENTER("wolfSSL_EVP_aes_192_ecb");
wolfSSL 11:cee25a834751 11595 return EVP_AES_192_ECB;
wolfSSL 11:cee25a834751 11596 }
wolfSSL 11:cee25a834751 11597
wolfSSL 11:cee25a834751 11598
wolfSSL 11:cee25a834751 11599 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_ecb(void)
wolfSSL 11:cee25a834751 11600 {
wolfSSL 11:cee25a834751 11601 WOLFSSL_ENTER("wolfSSL_EVP_aes_256_ecb");
wolfSSL 11:cee25a834751 11602 return EVP_AES_256_ECB;
wolfSSL 11:cee25a834751 11603 }
wolfSSL 11:cee25a834751 11604 #endif /* NO_AES */
wolfSSL 11:cee25a834751 11605
wolfSSL 11:cee25a834751 11606 #ifndef NO_DES3
wolfSSL 11:cee25a834751 11607 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_des_cbc(void)
wolfSSL 11:cee25a834751 11608 {
wolfSSL 11:cee25a834751 11609 WOLFSSL_ENTER("wolfSSL_EVP_des_cbc");
wolfSSL 11:cee25a834751 11610 return EVP_DES_CBC;
wolfSSL 11:cee25a834751 11611 }
wolfSSL 11:cee25a834751 11612 #ifdef WOLFSSL_DES_ECB
wolfSSL 11:cee25a834751 11613 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_des_ecb(void)
wolfSSL 11:cee25a834751 11614 {
wolfSSL 11:cee25a834751 11615 WOLFSSL_ENTER("wolfSSL_EVP_des_ecb");
wolfSSL 11:cee25a834751 11616 return EVP_DES_ECB;
wolfSSL 11:cee25a834751 11617 }
wolfSSL 11:cee25a834751 11618 #endif
wolfSSL 11:cee25a834751 11619 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_des_ede3_cbc(void)
wolfSSL 11:cee25a834751 11620 {
wolfSSL 11:cee25a834751 11621 WOLFSSL_ENTER("wolfSSL_EVP_des_ede3_cbc");
wolfSSL 11:cee25a834751 11622 return EVP_DES_EDE3_CBC;
wolfSSL 11:cee25a834751 11623 }
wolfSSL 11:cee25a834751 11624 #ifdef WOLFSSL_DES_ECB
wolfSSL 11:cee25a834751 11625 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_des_ede3_ecb(void)
wolfSSL 11:cee25a834751 11626 {
wolfSSL 11:cee25a834751 11627 WOLFSSL_ENTER("wolfSSL_EVP_des_ede3_ecb");
wolfSSL 11:cee25a834751 11628 return EVP_DES_EDE3_ECB;
wolfSSL 11:cee25a834751 11629 }
wolfSSL 11:cee25a834751 11630 #endif
wolfSSL 11:cee25a834751 11631 #endif /* NO_DES3 */
wolfSSL 11:cee25a834751 11632
wolfSSL 11:cee25a834751 11633 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_rc4(void)
wolfSSL 11:cee25a834751 11634 {
wolfSSL 11:cee25a834751 11635 static const char* type = "ARC4";
wolfSSL 11:cee25a834751 11636 WOLFSSL_ENTER("wolfSSL_EVP_rc4");
wolfSSL 11:cee25a834751 11637 return type;
wolfSSL 11:cee25a834751 11638 }
wolfSSL 11:cee25a834751 11639
wolfSSL 11:cee25a834751 11640 #ifdef HAVE_IDEA
wolfSSL 11:cee25a834751 11641 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_idea_cbc(void)
wolfSSL 11:cee25a834751 11642 {
wolfSSL 11:cee25a834751 11643 WOLFSSL_ENTER("wolfSSL_EVP_idea_cbc");
wolfSSL 11:cee25a834751 11644 return EVP_IDEA_CBC;
wolfSSL 11:cee25a834751 11645 }
wolfSSL 11:cee25a834751 11646 #endif
wolfSSL 11:cee25a834751 11647 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_enc_null(void)
wolfSSL 11:cee25a834751 11648 {
wolfSSL 11:cee25a834751 11649 static const char* type = "NULL";
wolfSSL 11:cee25a834751 11650 WOLFSSL_ENTER("wolfSSL_EVP_enc_null");
wolfSSL 11:cee25a834751 11651 return type;
wolfSSL 11:cee25a834751 11652 }
wolfSSL 11:cee25a834751 11653
wolfSSL 11:cee25a834751 11654
wolfSSL 11:cee25a834751 11655 int wolfSSL_EVP_MD_CTX_cleanup(WOLFSSL_EVP_MD_CTX* ctx)
wolfSSL 11:cee25a834751 11656 {
wolfSSL 11:cee25a834751 11657 WOLFSSL_ENTER("EVP_MD_CTX_cleanup");
wolfSSL 11:cee25a834751 11658 (void)ctx;
wolfSSL 11:cee25a834751 11659 return 0;
wolfSSL 11:cee25a834751 11660 }
wolfSSL 11:cee25a834751 11661
wolfSSL 11:cee25a834751 11662
wolfSSL 11:cee25a834751 11663
wolfSSL 11:cee25a834751 11664 void wolfSSL_EVP_CIPHER_CTX_init(WOLFSSL_EVP_CIPHER_CTX* ctx)
wolfSSL 11:cee25a834751 11665 {
wolfSSL 11:cee25a834751 11666 WOLFSSL_ENTER("EVP_CIPHER_CTX_init");
wolfSSL 11:cee25a834751 11667 if (ctx) {
wolfSSL 11:cee25a834751 11668 ctx->cipherType = 0xff; /* no init */
wolfSSL 11:cee25a834751 11669 ctx->keyLen = 0;
wolfSSL 11:cee25a834751 11670 ctx->enc = 1; /* start in encrypt mode */
wolfSSL 11:cee25a834751 11671 }
wolfSSL 11:cee25a834751 11672 }
wolfSSL 11:cee25a834751 11673
wolfSSL 11:cee25a834751 11674
wolfSSL 11:cee25a834751 11675 /* SSL_SUCCESS on ok */
wolfSSL 11:cee25a834751 11676 int wolfSSL_EVP_CIPHER_CTX_cleanup(WOLFSSL_EVP_CIPHER_CTX* ctx)
wolfSSL 11:cee25a834751 11677 {
wolfSSL 11:cee25a834751 11678 WOLFSSL_ENTER("EVP_CIPHER_CTX_cleanup");
wolfSSL 11:cee25a834751 11679 if (ctx) {
wolfSSL 11:cee25a834751 11680 ctx->cipherType = 0xff; /* no more init */
wolfSSL 11:cee25a834751 11681 ctx->keyLen = 0;
wolfSSL 11:cee25a834751 11682 }
wolfSSL 11:cee25a834751 11683
wolfSSL 11:cee25a834751 11684 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 11685 }
wolfSSL 11:cee25a834751 11686
wolfSSL 11:cee25a834751 11687
wolfSSL 11:cee25a834751 11688 /* return SSL_SUCCESS on ok, 0 on failure to match API compatibility */
wolfSSL 11:cee25a834751 11689 int wolfSSL_EVP_CipherInit(WOLFSSL_EVP_CIPHER_CTX* ctx,
wolfSSL 11:cee25a834751 11690 const WOLFSSL_EVP_CIPHER* type, byte* key,
wolfSSL 11:cee25a834751 11691 byte* iv, int enc)
wolfSSL 11:cee25a834751 11692 {
wolfSSL 11:cee25a834751 11693 int ret = -1; /* failure local, during function 0 means success
wolfSSL 11:cee25a834751 11694 because internal functions work that way */
wolfSSL 11:cee25a834751 11695 (void)key;
wolfSSL 11:cee25a834751 11696 (void)iv;
wolfSSL 11:cee25a834751 11697 (void)enc;
wolfSSL 11:cee25a834751 11698
wolfSSL 11:cee25a834751 11699 WOLFSSL_ENTER("wolfSSL_EVP_CipherInit");
wolfSSL 11:cee25a834751 11700 if (ctx == NULL) {
wolfSSL 11:cee25a834751 11701 WOLFSSL_MSG("no ctx");
wolfSSL 11:cee25a834751 11702 return 0; /* failure */
wolfSSL 11:cee25a834751 11703 }
wolfSSL 11:cee25a834751 11704
wolfSSL 11:cee25a834751 11705 if (type == NULL && ctx->cipherType == 0xff) {
wolfSSL 11:cee25a834751 11706 WOLFSSL_MSG("no type set");
wolfSSL 11:cee25a834751 11707 return 0; /* failure */
wolfSSL 11:cee25a834751 11708 }
wolfSSL 11:cee25a834751 11709 ctx->bufUsed = 0;
wolfSSL 11:cee25a834751 11710 ctx->lastUsed = 0;
wolfSSL 11:cee25a834751 11711 ctx->flags = 0;
wolfSSL 11:cee25a834751 11712
wolfSSL 11:cee25a834751 11713 #ifndef NO_AES
wolfSSL 11:cee25a834751 11714 /* printf("cipherType=%d\n", ctx->cipherType); */
wolfSSL 11:cee25a834751 11715 if (ctx->cipherType == AES_128_CBC_TYPE ||
wolfSSL 11:cee25a834751 11716 (type && XSTRNCMP(type, EVP_AES_128_CBC, EVP_AES_SIZE) == 0)) {
wolfSSL 11:cee25a834751 11717 WOLFSSL_MSG("EVP_AES_128_CBC");
wolfSSL 11:cee25a834751 11718 ctx->cipherType = AES_128_CBC_TYPE;
wolfSSL 11:cee25a834751 11719 ctx->flags = WOLFSSL_EVP_CIPH_CBC_MODE;
wolfSSL 11:cee25a834751 11720 ctx->keyLen = 16;
wolfSSL 11:cee25a834751 11721 ctx->block_size = AES_BLOCK_SIZE;
wolfSSL 11:cee25a834751 11722 if (enc == 0 || enc == 1)
wolfSSL 11:cee25a834751 11723 ctx->enc = enc ? 1 : 0;
wolfSSL 11:cee25a834751 11724 if (key) {
wolfSSL 11:cee25a834751 11725 ret = wc_AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv,
wolfSSL 11:cee25a834751 11726 ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION);
wolfSSL 11:cee25a834751 11727 if (ret != 0)
wolfSSL 11:cee25a834751 11728 return ret;
wolfSSL 11:cee25a834751 11729 }
wolfSSL 11:cee25a834751 11730 if (iv && key == NULL) {
wolfSSL 11:cee25a834751 11731 ret = wc_AesSetIV(&ctx->cipher.aes, iv);
wolfSSL 11:cee25a834751 11732 if (ret != 0)
wolfSSL 11:cee25a834751 11733 return ret;
wolfSSL 11:cee25a834751 11734 }
wolfSSL 11:cee25a834751 11735 }
wolfSSL 11:cee25a834751 11736 else if (ctx->cipherType == AES_192_CBC_TYPE ||
wolfSSL 11:cee25a834751 11737 (type && XSTRNCMP(type, EVP_AES_192_CBC, EVP_AES_SIZE) == 0)) {
wolfSSL 11:cee25a834751 11738 WOLFSSL_MSG("EVP_AES_192_CBC");
wolfSSL 11:cee25a834751 11739 ctx->cipherType = AES_192_CBC_TYPE;
wolfSSL 11:cee25a834751 11740 ctx->flags = WOLFSSL_EVP_CIPH_CBC_MODE;
wolfSSL 11:cee25a834751 11741 ctx->keyLen = 24;
wolfSSL 11:cee25a834751 11742 ctx->block_size = AES_BLOCK_SIZE;
wolfSSL 11:cee25a834751 11743 if (enc == 0 || enc == 1)
wolfSSL 11:cee25a834751 11744 ctx->enc = enc ? 1 : 0;
wolfSSL 11:cee25a834751 11745 if (key) {
wolfSSL 11:cee25a834751 11746 ret = wc_AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv,
wolfSSL 11:cee25a834751 11747 ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION);
wolfSSL 11:cee25a834751 11748 if (ret != 0)
wolfSSL 11:cee25a834751 11749 return ret;
wolfSSL 11:cee25a834751 11750 }
wolfSSL 11:cee25a834751 11751 if (iv && key == NULL) {
wolfSSL 11:cee25a834751 11752 ret = wc_AesSetIV(&ctx->cipher.aes, iv);
wolfSSL 11:cee25a834751 11753 if (ret != 0)
wolfSSL 11:cee25a834751 11754 return ret;
wolfSSL 11:cee25a834751 11755 }
wolfSSL 11:cee25a834751 11756 }
wolfSSL 11:cee25a834751 11757 else if (ctx->cipherType == AES_256_CBC_TYPE ||
wolfSSL 11:cee25a834751 11758 (type && XSTRNCMP(type, EVP_AES_256_CBC, EVP_AES_SIZE) == 0)) {
wolfSSL 11:cee25a834751 11759 WOLFSSL_MSG("EVP_AES_256_CBC");
wolfSSL 11:cee25a834751 11760 ctx->cipherType = AES_256_CBC_TYPE;
wolfSSL 11:cee25a834751 11761 ctx->flags = WOLFSSL_EVP_CIPH_CBC_MODE;
wolfSSL 11:cee25a834751 11762 ctx->keyLen = 32;
wolfSSL 11:cee25a834751 11763 ctx->block_size = AES_BLOCK_SIZE;
wolfSSL 11:cee25a834751 11764 if (enc == 0 || enc == 1)
wolfSSL 11:cee25a834751 11765 ctx->enc = enc ? 1 : 0;
wolfSSL 11:cee25a834751 11766 if (key) {
wolfSSL 11:cee25a834751 11767 ret = wc_AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv,
wolfSSL 11:cee25a834751 11768 ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION);
wolfSSL 11:cee25a834751 11769 if (ret != 0)
wolfSSL 11:cee25a834751 11770 return ret;
wolfSSL 11:cee25a834751 11771 }
wolfSSL 11:cee25a834751 11772 if (iv && key == NULL) {
wolfSSL 11:cee25a834751 11773 ret = wc_AesSetIV(&ctx->cipher.aes, iv);
wolfSSL 11:cee25a834751 11774 if (ret != 0)
wolfSSL 11:cee25a834751 11775 return ret;
wolfSSL 11:cee25a834751 11776 }
wolfSSL 11:cee25a834751 11777 }
wolfSSL 11:cee25a834751 11778 #ifdef WOLFSSL_AES_COUNTER
wolfSSL 11:cee25a834751 11779 else if (ctx->cipherType == AES_128_CTR_TYPE ||
wolfSSL 11:cee25a834751 11780 (type && XSTRNCMP(type, EVP_AES_128_CTR, EVP_AES_SIZE) == 0)) {
wolfSSL 11:cee25a834751 11781 WOLFSSL_MSG("EVP_AES_128_CTR");
wolfSSL 11:cee25a834751 11782 ctx->cipherType = AES_128_CTR_TYPE;
wolfSSL 11:cee25a834751 11783 ctx->flags = WOLFSSL_EVP_CIPH_CTR_MODE;
wolfSSL 11:cee25a834751 11784 ctx->keyLen = 16;
wolfSSL 11:cee25a834751 11785 ctx->block_size = AES_BLOCK_SIZE;
wolfSSL 11:cee25a834751 11786 if (enc == 0 || enc == 1)
wolfSSL 11:cee25a834751 11787 ctx->enc = enc ? 1 : 0;
wolfSSL 11:cee25a834751 11788 if (key) {
wolfSSL 11:cee25a834751 11789 ret = wc_AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv,
wolfSSL 11:cee25a834751 11790 AES_ENCRYPTION);
wolfSSL 11:cee25a834751 11791 if (ret != 0)
wolfSSL 11:cee25a834751 11792 return ret;
wolfSSL 11:cee25a834751 11793 }
wolfSSL 11:cee25a834751 11794 if (iv && key == NULL) {
wolfSSL 11:cee25a834751 11795 ret = wc_AesSetIV(&ctx->cipher.aes, iv);
wolfSSL 11:cee25a834751 11796 if (ret != 0)
wolfSSL 11:cee25a834751 11797 return ret;
wolfSSL 11:cee25a834751 11798 }
wolfSSL 11:cee25a834751 11799 }
wolfSSL 11:cee25a834751 11800 else if (ctx->cipherType == AES_192_CTR_TYPE ||
wolfSSL 11:cee25a834751 11801 (type && XSTRNCMP(type, EVP_AES_192_CTR, EVP_AES_SIZE) == 0)) {
wolfSSL 11:cee25a834751 11802 WOLFSSL_MSG("EVP_AES_192_CTR");
wolfSSL 11:cee25a834751 11803 ctx->cipherType = AES_192_CTR_TYPE;
wolfSSL 11:cee25a834751 11804 ctx->flags = WOLFSSL_EVP_CIPH_CTR_MODE;
wolfSSL 11:cee25a834751 11805 ctx->keyLen = 24;
wolfSSL 11:cee25a834751 11806 ctx->block_size = AES_BLOCK_SIZE;
wolfSSL 11:cee25a834751 11807 if (enc == 0 || enc == 1)
wolfSSL 11:cee25a834751 11808 ctx->enc = enc ? 1 : 0;
wolfSSL 11:cee25a834751 11809 if (key) {
wolfSSL 11:cee25a834751 11810 ret = wc_AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv,
wolfSSL 11:cee25a834751 11811 AES_ENCRYPTION);
wolfSSL 11:cee25a834751 11812 if (ret != 0)
wolfSSL 11:cee25a834751 11813 return ret;
wolfSSL 11:cee25a834751 11814 }
wolfSSL 11:cee25a834751 11815 if (iv && key == NULL) {
wolfSSL 11:cee25a834751 11816 ret = wc_AesSetIV(&ctx->cipher.aes, iv);
wolfSSL 11:cee25a834751 11817 if (ret != 0)
wolfSSL 11:cee25a834751 11818 return ret;
wolfSSL 11:cee25a834751 11819 }
wolfSSL 11:cee25a834751 11820 }
wolfSSL 11:cee25a834751 11821 else if (ctx->cipherType == AES_256_CTR_TYPE ||
wolfSSL 11:cee25a834751 11822 (type && XSTRNCMP(type, EVP_AES_256_CTR, EVP_AES_SIZE) == 0)) {
wolfSSL 11:cee25a834751 11823 WOLFSSL_MSG("EVP_AES_256_CTR");
wolfSSL 11:cee25a834751 11824 ctx->cipherType = AES_256_CTR_TYPE;
wolfSSL 11:cee25a834751 11825 ctx->flags = WOLFSSL_EVP_CIPH_CTR_MODE;
wolfSSL 11:cee25a834751 11826 ctx->keyLen = 32;
wolfSSL 11:cee25a834751 11827 ctx->block_size = AES_BLOCK_SIZE;
wolfSSL 11:cee25a834751 11828 if (enc == 0 || enc == 1)
wolfSSL 11:cee25a834751 11829 ctx->enc = enc ? 1 : 0;
wolfSSL 11:cee25a834751 11830 if (key) {
wolfSSL 11:cee25a834751 11831 ret = wc_AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv,
wolfSSL 11:cee25a834751 11832 AES_ENCRYPTION);
wolfSSL 11:cee25a834751 11833 if (ret != 0)
wolfSSL 11:cee25a834751 11834 return ret;
wolfSSL 11:cee25a834751 11835 }
wolfSSL 11:cee25a834751 11836 if (iv && key == NULL) {
wolfSSL 11:cee25a834751 11837 ret = wc_AesSetIV(&ctx->cipher.aes, iv);
wolfSSL 11:cee25a834751 11838 if (ret != 0)
wolfSSL 11:cee25a834751 11839 return ret;
wolfSSL 11:cee25a834751 11840 }
wolfSSL 11:cee25a834751 11841 }
wolfSSL 11:cee25a834751 11842 #endif /* WOLFSSL_AES_CTR */
wolfSSL 11:cee25a834751 11843 else if (ctx->cipherType == AES_128_ECB_TYPE ||
wolfSSL 11:cee25a834751 11844 (type && XSTRNCMP(type, EVP_AES_128_ECB, EVP_AES_SIZE) == 0)) {
wolfSSL 11:cee25a834751 11845 WOLFSSL_MSG("EVP_AES_128_ECB");
wolfSSL 11:cee25a834751 11846 ctx->cipherType = AES_128_ECB_TYPE;
wolfSSL 11:cee25a834751 11847 ctx->flags = WOLFSSL_EVP_CIPH_ECB_MODE;
wolfSSL 11:cee25a834751 11848 ctx->keyLen = 16;
wolfSSL 11:cee25a834751 11849 ctx->block_size = AES_BLOCK_SIZE;
wolfSSL 11:cee25a834751 11850 if (enc == 0 || enc == 1)
wolfSSL 11:cee25a834751 11851 ctx->enc = enc ? 1 : 0;
wolfSSL 11:cee25a834751 11852 if (key) {
wolfSSL 11:cee25a834751 11853 ret = wc_AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, NULL,
wolfSSL 11:cee25a834751 11854 ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION);
wolfSSL 11:cee25a834751 11855 }
wolfSSL 11:cee25a834751 11856 if (ret != 0)
wolfSSL 11:cee25a834751 11857 return ret;
wolfSSL 11:cee25a834751 11858 }
wolfSSL 11:cee25a834751 11859 else if (ctx->cipherType == AES_192_ECB_TYPE ||
wolfSSL 11:cee25a834751 11860 (type && XSTRNCMP(type, EVP_AES_192_ECB, EVP_AES_SIZE) == 0)) {
wolfSSL 11:cee25a834751 11861 WOLFSSL_MSG("EVP_AES_192_ECB");
wolfSSL 11:cee25a834751 11862 ctx->cipherType = AES_192_ECB_TYPE;
wolfSSL 11:cee25a834751 11863 ctx->flags = WOLFSSL_EVP_CIPH_ECB_MODE;
wolfSSL 11:cee25a834751 11864 ctx->keyLen = 24;
wolfSSL 11:cee25a834751 11865 ctx->block_size = AES_BLOCK_SIZE;
wolfSSL 11:cee25a834751 11866 if (enc == 0 || enc == 1)
wolfSSL 11:cee25a834751 11867 ctx->enc = enc ? 1 : 0;
wolfSSL 11:cee25a834751 11868 if (key) {
wolfSSL 11:cee25a834751 11869 if(ctx->enc)
wolfSSL 11:cee25a834751 11870 ret = wc_AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, NULL,
wolfSSL 11:cee25a834751 11871 ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION);
wolfSSL 11:cee25a834751 11872 }
wolfSSL 11:cee25a834751 11873 if (ret != 0)
wolfSSL 11:cee25a834751 11874 return ret;
wolfSSL 11:cee25a834751 11875 }
wolfSSL 11:cee25a834751 11876 else if (ctx->cipherType == AES_256_ECB_TYPE ||
wolfSSL 11:cee25a834751 11877 (type && XSTRNCMP(type, EVP_AES_256_ECB, EVP_AES_SIZE) == 0)) {
wolfSSL 11:cee25a834751 11878 WOLFSSL_MSG("EVP_AES_256_ECB");
wolfSSL 11:cee25a834751 11879 ctx->cipherType = AES_256_ECB_TYPE;
wolfSSL 11:cee25a834751 11880 ctx->flags = WOLFSSL_EVP_CIPH_ECB_MODE;
wolfSSL 11:cee25a834751 11881 ctx->keyLen = 32;
wolfSSL 11:cee25a834751 11882 ctx->block_size = AES_BLOCK_SIZE;
wolfSSL 11:cee25a834751 11883 if (enc == 0 || enc == 1)
wolfSSL 11:cee25a834751 11884 ctx->enc = enc ? 1 : 0;
wolfSSL 11:cee25a834751 11885 if (key) {
wolfSSL 11:cee25a834751 11886 ret = wc_AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, NULL,
wolfSSL 11:cee25a834751 11887 ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION);
wolfSSL 11:cee25a834751 11888 }
wolfSSL 11:cee25a834751 11889 if (ret != 0)
wolfSSL 11:cee25a834751 11890 return ret;
wolfSSL 11:cee25a834751 11891 }
wolfSSL 11:cee25a834751 11892 #endif /* NO_AES */
wolfSSL 11:cee25a834751 11893
wolfSSL 11:cee25a834751 11894 #ifndef NO_DES3
wolfSSL 11:cee25a834751 11895 if (ctx->cipherType == DES_CBC_TYPE ||
wolfSSL 11:cee25a834751 11896 (type && XSTRNCMP(type, EVP_DES_CBC, EVP_DES_SIZE) == 0)) {
wolfSSL 11:cee25a834751 11897 WOLFSSL_MSG("EVP_DES_CBC");
wolfSSL 11:cee25a834751 11898 ctx->cipherType = DES_CBC_TYPE;
wolfSSL 11:cee25a834751 11899 ctx->flags = WOLFSSL_EVP_CIPH_CBC_MODE;
wolfSSL 11:cee25a834751 11900 ctx->keyLen = 8;
wolfSSL 11:cee25a834751 11901 ctx->block_size = DES_BLOCK_SIZE;
wolfSSL 11:cee25a834751 11902 if (enc == 0 || enc == 1)
wolfSSL 11:cee25a834751 11903 ctx->enc = enc ? 1 : 0;
wolfSSL 11:cee25a834751 11904 if (key) {
wolfSSL 11:cee25a834751 11905 ret = wc_Des_SetKey(&ctx->cipher.des, key, iv,
wolfSSL 11:cee25a834751 11906 ctx->enc ? DES_ENCRYPTION : DES_DECRYPTION);
wolfSSL 11:cee25a834751 11907 if (ret != 0)
wolfSSL 11:cee25a834751 11908 return ret;
wolfSSL 11:cee25a834751 11909 }
wolfSSL 11:cee25a834751 11910
wolfSSL 11:cee25a834751 11911 if (iv && key == NULL)
wolfSSL 11:cee25a834751 11912 wc_Des_SetIV(&ctx->cipher.des, iv);
wolfSSL 11:cee25a834751 11913 }
wolfSSL 11:cee25a834751 11914 #ifdef WOLFSSL_DES_ECB
wolfSSL 11:cee25a834751 11915 else if (ctx->cipherType == DES_ECB_TYPE ||
wolfSSL 11:cee25a834751 11916 (type && XSTRNCMP(type, EVP_DES_ECB, EVP_DES_SIZE) == 0)) {
wolfSSL 11:cee25a834751 11917 WOLFSSL_MSG("EVP_DES_ECB");
wolfSSL 11:cee25a834751 11918 ctx->cipherType = DES_ECB_TYPE;
wolfSSL 11:cee25a834751 11919 ctx->flags = WOLFSSL_EVP_CIPH_ECB_MODE;
wolfSSL 11:cee25a834751 11920 ctx->keyLen = 8;
wolfSSL 11:cee25a834751 11921 ctx->block_size = DES_BLOCK_SIZE;
wolfSSL 11:cee25a834751 11922 if (enc == 0 || enc == 1)
wolfSSL 11:cee25a834751 11923 ctx->enc = enc ? 1 : 0;
wolfSSL 11:cee25a834751 11924 if (key) {
wolfSSL 11:cee25a834751 11925 ret = wc_Des_SetKey(&ctx->cipher.des, key, NULL,
wolfSSL 11:cee25a834751 11926 ctx->enc ? DES_ENCRYPTION : DES_DECRYPTION);
wolfSSL 11:cee25a834751 11927 if (ret != 0)
wolfSSL 11:cee25a834751 11928 return ret;
wolfSSL 11:cee25a834751 11929 }
wolfSSL 11:cee25a834751 11930 }
wolfSSL 11:cee25a834751 11931 #endif
wolfSSL 11:cee25a834751 11932 else if (ctx->cipherType == DES_EDE3_CBC_TYPE ||
wolfSSL 11:cee25a834751 11933 (type &&
wolfSSL 11:cee25a834751 11934 XSTRNCMP(type, EVP_DES_EDE3_CBC, EVP_DES_EDE3_SIZE) == 0)) {
wolfSSL 11:cee25a834751 11935 WOLFSSL_MSG("EVP_DES_EDE3_CBC");
wolfSSL 11:cee25a834751 11936 ctx->cipherType = DES_EDE3_CBC_TYPE;
wolfSSL 11:cee25a834751 11937 ctx->flags = WOLFSSL_EVP_CIPH_CBC_MODE;
wolfSSL 11:cee25a834751 11938 ctx->keyLen = 24;
wolfSSL 11:cee25a834751 11939 ctx->block_size = DES_BLOCK_SIZE;
wolfSSL 11:cee25a834751 11940 if (enc == 0 || enc == 1)
wolfSSL 11:cee25a834751 11941 ctx->enc = enc ? 1 : 0;
wolfSSL 11:cee25a834751 11942 if (key) {
wolfSSL 11:cee25a834751 11943 ret = wc_Des3_SetKey(&ctx->cipher.des3, key, iv,
wolfSSL 11:cee25a834751 11944 ctx->enc ? DES_ENCRYPTION : DES_DECRYPTION);
wolfSSL 11:cee25a834751 11945 if (ret != 0)
wolfSSL 11:cee25a834751 11946 return ret;
wolfSSL 11:cee25a834751 11947 }
wolfSSL 11:cee25a834751 11948
wolfSSL 11:cee25a834751 11949 if (iv && key == NULL) {
wolfSSL 11:cee25a834751 11950 ret = wc_Des3_SetIV(&ctx->cipher.des3, iv);
wolfSSL 11:cee25a834751 11951 if (ret != 0)
wolfSSL 11:cee25a834751 11952 return ret;
wolfSSL 11:cee25a834751 11953 }
wolfSSL 11:cee25a834751 11954 }
wolfSSL 11:cee25a834751 11955 else if (ctx->cipherType == DES_EDE3_ECB_TYPE ||
wolfSSL 11:cee25a834751 11956 (type &&
wolfSSL 11:cee25a834751 11957 XSTRNCMP(type, EVP_DES_EDE3_ECB, EVP_DES_EDE3_SIZE) == 0)) {
wolfSSL 11:cee25a834751 11958 WOLFSSL_MSG("EVP_DES_EDE3_ECB");
wolfSSL 11:cee25a834751 11959 ctx->cipherType = DES_EDE3_ECB_TYPE;
wolfSSL 11:cee25a834751 11960 ctx->flags = WOLFSSL_EVP_CIPH_ECB_MODE;
wolfSSL 11:cee25a834751 11961 ctx->keyLen = 24;
wolfSSL 11:cee25a834751 11962 ctx->block_size = DES_BLOCK_SIZE;
wolfSSL 11:cee25a834751 11963 if (enc == 0 || enc == 1)
wolfSSL 11:cee25a834751 11964 ctx->enc = enc ? 1 : 0;
wolfSSL 11:cee25a834751 11965 if (key) {
wolfSSL 11:cee25a834751 11966 ret = wc_Des3_SetKey(&ctx->cipher.des3, key, NULL,
wolfSSL 11:cee25a834751 11967 ctx->enc ? DES_ENCRYPTION : DES_DECRYPTION);
wolfSSL 11:cee25a834751 11968 if (ret != 0)
wolfSSL 11:cee25a834751 11969 return ret;
wolfSSL 11:cee25a834751 11970 }
wolfSSL 11:cee25a834751 11971 }
wolfSSL 11:cee25a834751 11972 #endif /* NO_DES3 */
wolfSSL 11:cee25a834751 11973 #ifndef NO_RC4
wolfSSL 11:cee25a834751 11974 if (ctx->cipherType == ARC4_TYPE || (type &&
wolfSSL 11:cee25a834751 11975 XSTRNCMP(type, "ARC4", 4) == 0)) {
wolfSSL 11:cee25a834751 11976 WOLFSSL_MSG("ARC4");
wolfSSL 11:cee25a834751 11977 ctx->cipherType = ARC4_TYPE;
wolfSSL 11:cee25a834751 11978 ctx->flags = WOLFSSL_EVP_CIPH_STREAM_CIPHER;
wolfSSL 11:cee25a834751 11979 if (ctx->keyLen == 0) /* user may have already set */
wolfSSL 11:cee25a834751 11980 ctx->keyLen = 16; /* default to 128 */
wolfSSL 11:cee25a834751 11981 if (key)
wolfSSL 11:cee25a834751 11982 wc_Arc4SetKey(&ctx->cipher.arc4, key, ctx->keyLen);
wolfSSL 11:cee25a834751 11983 ret = 0; /* success */
wolfSSL 11:cee25a834751 11984 }
wolfSSL 11:cee25a834751 11985 #endif /* NO_RC4 */
wolfSSL 11:cee25a834751 11986 #ifdef HAVE_IDEA
wolfSSL 11:cee25a834751 11987 if (ctx->cipherType == IDEA_CBC_TYPE ||
wolfSSL 11:cee25a834751 11988 (type && XSTRNCMP(type, EVP_IDEA_CBC, EVP_IDEA_SIZE) == 0)) {
wolfSSL 11:cee25a834751 11989 WOLFSSL_MSG("EVP_IDEA_CBC");
wolfSSL 11:cee25a834751 11990 ctx->cipherType = IDEA_CBC_TYPE;
wolfSSL 11:cee25a834751 11991 ctx->flags = WOLFSSL_EVP_CIPH_CBC_MODE;
wolfSSL 11:cee25a834751 11992 ctx->keyLen = IDEA_KEY_SIZE;
wolfSSL 11:cee25a834751 11993 if (enc == 0 || enc == 1)
wolfSSL 11:cee25a834751 11994 ctx->enc = enc ? 1 : 0;
wolfSSL 11:cee25a834751 11995 if (key) {
wolfSSL 11:cee25a834751 11996 ret = wc_IdeaSetKey(&ctx->cipher.idea, key, (word16)ctx->keyLen,
wolfSSL 11:cee25a834751 11997 iv, ctx->enc ? IDEA_ENCRYPTION :
wolfSSL 11:cee25a834751 11998 IDEA_DECRYPTION);
wolfSSL 11:cee25a834751 11999 if (ret != 0)
wolfSSL 11:cee25a834751 12000 return ret;
wolfSSL 11:cee25a834751 12001 }
wolfSSL 11:cee25a834751 12002
wolfSSL 11:cee25a834751 12003 if (iv && key == NULL)
wolfSSL 11:cee25a834751 12004 wc_IdeaSetIV(&ctx->cipher.idea, iv);
wolfSSL 11:cee25a834751 12005 }
wolfSSL 11:cee25a834751 12006 #endif /* HAVE_IDEA */
wolfSSL 11:cee25a834751 12007 if (ctx->cipherType == NULL_CIPHER_TYPE || (type &&
wolfSSL 11:cee25a834751 12008 XSTRNCMP(type, "NULL", 4) == 0)) {
wolfSSL 11:cee25a834751 12009 WOLFSSL_MSG("NULL cipher");
wolfSSL 11:cee25a834751 12010 ctx->cipherType = NULL_CIPHER_TYPE;
wolfSSL 11:cee25a834751 12011 ctx->keyLen = 0;
wolfSSL 11:cee25a834751 12012 ret = 0; /* success */
wolfSSL 11:cee25a834751 12013 }
wolfSSL 11:cee25a834751 12014
wolfSSL 11:cee25a834751 12015 if (ret == 0)
wolfSSL 11:cee25a834751 12016 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 12017 else
wolfSSL 11:cee25a834751 12018 return 0; /* overall failure */
wolfSSL 11:cee25a834751 12019 }
wolfSSL 11:cee25a834751 12020
wolfSSL 11:cee25a834751 12021
wolfSSL 11:cee25a834751 12022 /* SSL_SUCCESS on ok */
wolfSSL 11:cee25a834751 12023 int wolfSSL_EVP_CIPHER_CTX_key_length(WOLFSSL_EVP_CIPHER_CTX* ctx)
wolfSSL 11:cee25a834751 12024 {
wolfSSL 11:cee25a834751 12025 WOLFSSL_ENTER("wolfSSL_EVP_CIPHER_CTX_key_length");
wolfSSL 11:cee25a834751 12026 if (ctx)
wolfSSL 11:cee25a834751 12027 return ctx->keyLen;
wolfSSL 11:cee25a834751 12028
wolfSSL 11:cee25a834751 12029 return 0; /* failure */
wolfSSL 11:cee25a834751 12030 }
wolfSSL 11:cee25a834751 12031
wolfSSL 11:cee25a834751 12032
wolfSSL 11:cee25a834751 12033 /* SSL_SUCCESS on ok */
wolfSSL 11:cee25a834751 12034 int wolfSSL_EVP_CIPHER_CTX_set_key_length(WOLFSSL_EVP_CIPHER_CTX* ctx,
wolfSSL 11:cee25a834751 12035 int keylen)
wolfSSL 11:cee25a834751 12036 {
wolfSSL 11:cee25a834751 12037 WOLFSSL_ENTER("wolfSSL_EVP_CIPHER_CTX_set_key_length");
wolfSSL 11:cee25a834751 12038 if (ctx)
wolfSSL 11:cee25a834751 12039 ctx->keyLen = keylen;
wolfSSL 11:cee25a834751 12040 else
wolfSSL 11:cee25a834751 12041 return 0; /* failure */
wolfSSL 11:cee25a834751 12042
wolfSSL 11:cee25a834751 12043 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 12044 }
wolfSSL 11:cee25a834751 12045
wolfSSL 11:cee25a834751 12046
wolfSSL 11:cee25a834751 12047 /* SSL_SUCCESS on ok */
wolfSSL 11:cee25a834751 12048 int wolfSSL_EVP_Cipher(WOLFSSL_EVP_CIPHER_CTX* ctx, byte* dst, byte* src,
wolfSSL 11:cee25a834751 12049 word32 len)
wolfSSL 11:cee25a834751 12050 {
wolfSSL 11:cee25a834751 12051 int ret = 0;
wolfSSL 11:cee25a834751 12052 WOLFSSL_ENTER("wolfSSL_EVP_Cipher");
wolfSSL 11:cee25a834751 12053
wolfSSL 11:cee25a834751 12054 if (ctx == NULL || dst == NULL || src == NULL) {
wolfSSL 11:cee25a834751 12055 WOLFSSL_MSG("Bad function argument");
wolfSSL 11:cee25a834751 12056 return 0; /* failure */
wolfSSL 11:cee25a834751 12057 }
wolfSSL 11:cee25a834751 12058
wolfSSL 11:cee25a834751 12059 if (ctx->cipherType == 0xff) {
wolfSSL 11:cee25a834751 12060 WOLFSSL_MSG("no init");
wolfSSL 11:cee25a834751 12061 return 0; /* failure */
wolfSSL 11:cee25a834751 12062 }
wolfSSL 11:cee25a834751 12063
wolfSSL 11:cee25a834751 12064 switch (ctx->cipherType) {
wolfSSL 11:cee25a834751 12065
wolfSSL 11:cee25a834751 12066 #ifndef NO_AES
wolfSSL 11:cee25a834751 12067 #ifdef HAVE_AES_CBC
wolfSSL 11:cee25a834751 12068 case AES_128_CBC_TYPE :
wolfSSL 11:cee25a834751 12069 case AES_192_CBC_TYPE :
wolfSSL 11:cee25a834751 12070 case AES_256_CBC_TYPE :
wolfSSL 11:cee25a834751 12071 WOLFSSL_MSG("AES CBC");
wolfSSL 11:cee25a834751 12072 if (ctx->enc)
wolfSSL 11:cee25a834751 12073 ret = wc_AesCbcEncrypt(&ctx->cipher.aes, dst, src, len);
wolfSSL 11:cee25a834751 12074 else
wolfSSL 11:cee25a834751 12075 ret = wc_AesCbcDecrypt(&ctx->cipher.aes, dst, src, len);
wolfSSL 11:cee25a834751 12076 break;
wolfSSL 11:cee25a834751 12077 #endif /* HAVE_AES_CBC */
wolfSSL 11:cee25a834751 12078 #ifdef HAVE_AES_ECB
wolfSSL 11:cee25a834751 12079 case AES_128_ECB_TYPE :
wolfSSL 11:cee25a834751 12080 case AES_192_ECB_TYPE :
wolfSSL 11:cee25a834751 12081 case AES_256_ECB_TYPE :
wolfSSL 11:cee25a834751 12082 WOLFSSL_MSG("AES ECB");
wolfSSL 11:cee25a834751 12083 if (ctx->enc)
wolfSSL 11:cee25a834751 12084 ret = wc_AesEcbEncrypt(&ctx->cipher.aes, dst, src, len);
wolfSSL 11:cee25a834751 12085 else
wolfSSL 11:cee25a834751 12086 ret = wc_AesEcbDecrypt(&ctx->cipher.aes, dst, src, len);
wolfSSL 11:cee25a834751 12087 break;
wolfSSL 11:cee25a834751 12088 #endif
wolfSSL 11:cee25a834751 12089 #ifdef WOLFSSL_AES_COUNTER
wolfSSL 11:cee25a834751 12090 case AES_128_CTR_TYPE :
wolfSSL 11:cee25a834751 12091 case AES_192_CTR_TYPE :
wolfSSL 11:cee25a834751 12092 case AES_256_CTR_TYPE :
wolfSSL 11:cee25a834751 12093 WOLFSSL_MSG("AES CTR");
wolfSSL 11:cee25a834751 12094 wc_AesCtrEncrypt(&ctx->cipher.aes, dst, src, len);
wolfSSL 11:cee25a834751 12095 break;
wolfSSL 11:cee25a834751 12096 #endif /* WOLFSSL_AES_COUNTER */
wolfSSL 11:cee25a834751 12097 #endif /* NO_AES */
wolfSSL 11:cee25a834751 12098
wolfSSL 11:cee25a834751 12099 #ifndef NO_DES3
wolfSSL 11:cee25a834751 12100 case DES_CBC_TYPE :
wolfSSL 11:cee25a834751 12101 if (ctx->enc)
wolfSSL 11:cee25a834751 12102 wc_Des_CbcEncrypt(&ctx->cipher.des, dst, src, len);
wolfSSL 11:cee25a834751 12103 else
wolfSSL 11:cee25a834751 12104 wc_Des_CbcDecrypt(&ctx->cipher.des, dst, src, len);
wolfSSL 11:cee25a834751 12105 break;
wolfSSL 11:cee25a834751 12106 case DES_EDE3_CBC_TYPE :
wolfSSL 11:cee25a834751 12107 if (ctx->enc)
wolfSSL 11:cee25a834751 12108 ret = wc_Des3_CbcEncrypt(&ctx->cipher.des3, dst, src, len);
wolfSSL 11:cee25a834751 12109 else
wolfSSL 11:cee25a834751 12110 ret = wc_Des3_CbcDecrypt(&ctx->cipher.des3, dst, src, len);
wolfSSL 11:cee25a834751 12111 break;
wolfSSL 11:cee25a834751 12112 #ifdef WOLFSSL_DES_ECB
wolfSSL 11:cee25a834751 12113 case DES_ECB_TYPE :
wolfSSL 11:cee25a834751 12114 ret = wc_Des_EcbEncrypt(&ctx->cipher.des, dst, src, len);
wolfSSL 11:cee25a834751 12115 break;
wolfSSL 11:cee25a834751 12116 case DES_EDE3_ECB_TYPE :
wolfSSL 11:cee25a834751 12117 ret = wc_Des3_EcbEncrypt(&ctx->cipher.des3, dst, src, len);
wolfSSL 11:cee25a834751 12118 break;
wolfSSL 11:cee25a834751 12119 #endif
wolfSSL 11:cee25a834751 12120 #endif /* !NO_DES3 */
wolfSSL 11:cee25a834751 12121
wolfSSL 11:cee25a834751 12122 #ifndef NO_RC4
wolfSSL 11:cee25a834751 12123 case ARC4_TYPE :
wolfSSL 11:cee25a834751 12124 wc_Arc4Process(&ctx->cipher.arc4, dst, src, len);
wolfSSL 11:cee25a834751 12125 break;
wolfSSL 11:cee25a834751 12126 #endif
wolfSSL 11:cee25a834751 12127
wolfSSL 11:cee25a834751 12128 #ifdef HAVE_IDEA
wolfSSL 11:cee25a834751 12129 case IDEA_CBC_TYPE :
wolfSSL 11:cee25a834751 12130 if (ctx->enc)
wolfSSL 11:cee25a834751 12131 wc_IdeaCbcEncrypt(&ctx->cipher.idea, dst, src, len);
wolfSSL 11:cee25a834751 12132 else
wolfSSL 11:cee25a834751 12133 wc_IdeaCbcDecrypt(&ctx->cipher.idea, dst, src, len);
wolfSSL 11:cee25a834751 12134 break;
wolfSSL 11:cee25a834751 12135 #endif
wolfSSL 11:cee25a834751 12136 case NULL_CIPHER_TYPE :
wolfSSL 11:cee25a834751 12137 XMEMCPY(dst, src, len);
wolfSSL 11:cee25a834751 12138 break;
wolfSSL 11:cee25a834751 12139
wolfSSL 11:cee25a834751 12140 default: {
wolfSSL 11:cee25a834751 12141 WOLFSSL_MSG("bad type");
wolfSSL 11:cee25a834751 12142 return 0; /* failure */
wolfSSL 11:cee25a834751 12143 }
wolfSSL 11:cee25a834751 12144 }
wolfSSL 11:cee25a834751 12145
wolfSSL 11:cee25a834751 12146 if (ret != 0) {
wolfSSL 11:cee25a834751 12147 WOLFSSL_MSG("wolfSSL_EVP_Cipher failure");
wolfSSL 11:cee25a834751 12148 return 0; /* failure */
wolfSSL 11:cee25a834751 12149 }
wolfSSL 11:cee25a834751 12150
wolfSSL 11:cee25a834751 12151 WOLFSSL_MSG("wolfSSL_EVP_Cipher success");
wolfSSL 11:cee25a834751 12152 return SSL_SUCCESS; /* success */
wolfSSL 11:cee25a834751 12153 }
wolfSSL 11:cee25a834751 12154
wolfSSL 11:cee25a834751 12155 #include "wolfcrypt/src/evp.c"
wolfSSL 11:cee25a834751 12156
wolfSSL 11:cee25a834751 12157
wolfSSL 11:cee25a834751 12158 /* store for external read of iv, SSL_SUCCESS on success */
wolfSSL 11:cee25a834751 12159 int wolfSSL_StoreExternalIV(WOLFSSL_EVP_CIPHER_CTX* ctx)
wolfSSL 11:cee25a834751 12160 {
wolfSSL 11:cee25a834751 12161 WOLFSSL_ENTER("wolfSSL_StoreExternalIV");
wolfSSL 11:cee25a834751 12162
wolfSSL 11:cee25a834751 12163 if (ctx == NULL) {
wolfSSL 11:cee25a834751 12164 WOLFSSL_MSG("Bad function argument");
wolfSSL 11:cee25a834751 12165 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 12166 }
wolfSSL 11:cee25a834751 12167
wolfSSL 11:cee25a834751 12168 switch (ctx->cipherType) {
wolfSSL 11:cee25a834751 12169
wolfSSL 11:cee25a834751 12170 #ifndef NO_AES
wolfSSL 11:cee25a834751 12171 case AES_128_CBC_TYPE :
wolfSSL 11:cee25a834751 12172 case AES_192_CBC_TYPE :
wolfSSL 11:cee25a834751 12173 case AES_256_CBC_TYPE :
wolfSSL 11:cee25a834751 12174 WOLFSSL_MSG("AES CBC");
wolfSSL 11:cee25a834751 12175 XMEMCPY(ctx->iv, &ctx->cipher.aes.reg, AES_BLOCK_SIZE);
wolfSSL 11:cee25a834751 12176 break;
wolfSSL 11:cee25a834751 12177
wolfSSL 11:cee25a834751 12178 #ifdef WOLFSSL_AES_COUNTER
wolfSSL 11:cee25a834751 12179 case AES_128_CTR_TYPE :
wolfSSL 11:cee25a834751 12180 case AES_192_CTR_TYPE :
wolfSSL 11:cee25a834751 12181 case AES_256_CTR_TYPE :
wolfSSL 11:cee25a834751 12182 WOLFSSL_MSG("AES CTR");
wolfSSL 11:cee25a834751 12183 XMEMCPY(ctx->iv, &ctx->cipher.aes.reg, AES_BLOCK_SIZE);
wolfSSL 11:cee25a834751 12184 break;
wolfSSL 11:cee25a834751 12185 #endif /* WOLFSSL_AES_COUNTER */
wolfSSL 11:cee25a834751 12186
wolfSSL 11:cee25a834751 12187 #endif /* NO_AES */
wolfSSL 11:cee25a834751 12188
wolfSSL 11:cee25a834751 12189 #ifndef NO_DES3
wolfSSL 11:cee25a834751 12190 case DES_CBC_TYPE :
wolfSSL 11:cee25a834751 12191 WOLFSSL_MSG("DES CBC");
wolfSSL 11:cee25a834751 12192 XMEMCPY(ctx->iv, &ctx->cipher.des.reg, DES_BLOCK_SIZE);
wolfSSL 11:cee25a834751 12193 break;
wolfSSL 11:cee25a834751 12194
wolfSSL 11:cee25a834751 12195 case DES_EDE3_CBC_TYPE :
wolfSSL 11:cee25a834751 12196 WOLFSSL_MSG("DES EDE3 CBC");
wolfSSL 11:cee25a834751 12197 XMEMCPY(ctx->iv, &ctx->cipher.des3.reg, DES_BLOCK_SIZE);
wolfSSL 11:cee25a834751 12198 break;
wolfSSL 11:cee25a834751 12199 #endif
wolfSSL 11:cee25a834751 12200
wolfSSL 11:cee25a834751 12201 #ifdef HAVE_IDEA
wolfSSL 11:cee25a834751 12202 case IDEA_CBC_TYPE :
wolfSSL 11:cee25a834751 12203 WOLFSSL_MSG("IDEA CBC");
wolfSSL 11:cee25a834751 12204 XMEMCPY(ctx->iv, &ctx->cipher.idea.reg, IDEA_BLOCK_SIZE);
wolfSSL 11:cee25a834751 12205 break;
wolfSSL 11:cee25a834751 12206 #endif
wolfSSL 11:cee25a834751 12207 case ARC4_TYPE :
wolfSSL 11:cee25a834751 12208 WOLFSSL_MSG("ARC4");
wolfSSL 11:cee25a834751 12209 break;
wolfSSL 11:cee25a834751 12210
wolfSSL 11:cee25a834751 12211 case NULL_CIPHER_TYPE :
wolfSSL 11:cee25a834751 12212 WOLFSSL_MSG("NULL");
wolfSSL 11:cee25a834751 12213 break;
wolfSSL 11:cee25a834751 12214
wolfSSL 11:cee25a834751 12215 default: {
wolfSSL 11:cee25a834751 12216 WOLFSSL_MSG("bad type");
wolfSSL 11:cee25a834751 12217 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 12218 }
wolfSSL 11:cee25a834751 12219 }
wolfSSL 11:cee25a834751 12220 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 12221 }
wolfSSL 11:cee25a834751 12222
wolfSSL 11:cee25a834751 12223
wolfSSL 11:cee25a834751 12224 /* set internal IV from external, SSL_SUCCESS on success */
wolfSSL 11:cee25a834751 12225 int wolfSSL_SetInternalIV(WOLFSSL_EVP_CIPHER_CTX* ctx)
wolfSSL 11:cee25a834751 12226 {
wolfSSL 11:cee25a834751 12227
wolfSSL 11:cee25a834751 12228 WOLFSSL_ENTER("wolfSSL_SetInternalIV");
wolfSSL 11:cee25a834751 12229
wolfSSL 11:cee25a834751 12230 if (ctx == NULL) {
wolfSSL 11:cee25a834751 12231 WOLFSSL_MSG("Bad function argument");
wolfSSL 11:cee25a834751 12232 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 12233 }
wolfSSL 11:cee25a834751 12234
wolfSSL 11:cee25a834751 12235 switch (ctx->cipherType) {
wolfSSL 11:cee25a834751 12236
wolfSSL 11:cee25a834751 12237 #ifndef NO_AES
wolfSSL 11:cee25a834751 12238 case AES_128_CBC_TYPE :
wolfSSL 11:cee25a834751 12239 case AES_192_CBC_TYPE :
wolfSSL 11:cee25a834751 12240 case AES_256_CBC_TYPE :
wolfSSL 11:cee25a834751 12241 WOLFSSL_MSG("AES CBC");
wolfSSL 11:cee25a834751 12242 XMEMCPY(&ctx->cipher.aes.reg, ctx->iv, AES_BLOCK_SIZE);
wolfSSL 11:cee25a834751 12243 break;
wolfSSL 11:cee25a834751 12244
wolfSSL 11:cee25a834751 12245 #ifdef WOLFSSL_AES_COUNTER
wolfSSL 11:cee25a834751 12246 case AES_128_CTR_TYPE :
wolfSSL 11:cee25a834751 12247 case AES_192_CTR_TYPE :
wolfSSL 11:cee25a834751 12248 case AES_256_CTR_TYPE :
wolfSSL 11:cee25a834751 12249 WOLFSSL_MSG("AES CTR");
wolfSSL 11:cee25a834751 12250 XMEMCPY(&ctx->cipher.aes.reg, ctx->iv, AES_BLOCK_SIZE);
wolfSSL 11:cee25a834751 12251 break;
wolfSSL 11:cee25a834751 12252 #endif
wolfSSL 11:cee25a834751 12253
wolfSSL 11:cee25a834751 12254 #endif /* NO_AES */
wolfSSL 11:cee25a834751 12255
wolfSSL 11:cee25a834751 12256 #ifndef NO_DES3
wolfSSL 11:cee25a834751 12257 case DES_CBC_TYPE :
wolfSSL 11:cee25a834751 12258 WOLFSSL_MSG("DES CBC");
wolfSSL 11:cee25a834751 12259 XMEMCPY(&ctx->cipher.des.reg, ctx->iv, DES_BLOCK_SIZE);
wolfSSL 11:cee25a834751 12260 break;
wolfSSL 11:cee25a834751 12261
wolfSSL 11:cee25a834751 12262 case DES_EDE3_CBC_TYPE :
wolfSSL 11:cee25a834751 12263 WOLFSSL_MSG("DES EDE3 CBC");
wolfSSL 11:cee25a834751 12264 XMEMCPY(&ctx->cipher.des3.reg, ctx->iv, DES_BLOCK_SIZE);
wolfSSL 11:cee25a834751 12265 break;
wolfSSL 11:cee25a834751 12266 #endif
wolfSSL 11:cee25a834751 12267
wolfSSL 11:cee25a834751 12268 #ifdef HAVE_IDEA
wolfSSL 11:cee25a834751 12269 case IDEA_CBC_TYPE :
wolfSSL 11:cee25a834751 12270 WOLFSSL_MSG("IDEA CBC");
wolfSSL 11:cee25a834751 12271 XMEMCPY(&ctx->cipher.idea.reg, ctx->iv, IDEA_BLOCK_SIZE);
wolfSSL 11:cee25a834751 12272 break;
wolfSSL 11:cee25a834751 12273 #endif
wolfSSL 11:cee25a834751 12274 case ARC4_TYPE :
wolfSSL 11:cee25a834751 12275 WOLFSSL_MSG("ARC4");
wolfSSL 11:cee25a834751 12276 break;
wolfSSL 11:cee25a834751 12277
wolfSSL 11:cee25a834751 12278 case NULL_CIPHER_TYPE :
wolfSSL 11:cee25a834751 12279 WOLFSSL_MSG("NULL");
wolfSSL 11:cee25a834751 12280 break;
wolfSSL 11:cee25a834751 12281
wolfSSL 11:cee25a834751 12282 default: {
wolfSSL 11:cee25a834751 12283 WOLFSSL_MSG("bad type");
wolfSSL 11:cee25a834751 12284 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 12285 }
wolfSSL 11:cee25a834751 12286 }
wolfSSL 11:cee25a834751 12287 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 12288 }
wolfSSL 11:cee25a834751 12289
wolfSSL 11:cee25a834751 12290
wolfSSL 11:cee25a834751 12291 /* SSL_SUCCESS on ok */
wolfSSL 11:cee25a834751 12292 int wolfSSL_EVP_DigestInit(WOLFSSL_EVP_MD_CTX* ctx,
wolfSSL 11:cee25a834751 12293 const WOLFSSL_EVP_MD* type)
wolfSSL 11:cee25a834751 12294 {
wolfSSL 11:cee25a834751 12295 WOLFSSL_ENTER("EVP_DigestInit");
wolfSSL 11:cee25a834751 12296
wolfSSL 11:cee25a834751 12297 if (ctx == NULL || type == NULL) {
wolfSSL 11:cee25a834751 12298 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 12299 }
wolfSSL 11:cee25a834751 12300
wolfSSL 11:cee25a834751 12301
wolfSSL 11:cee25a834751 12302 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 11:cee25a834751 12303 /* compile-time validation of ASYNC_CTX_SIZE */
wolfSSL 11:cee25a834751 12304 typedef char async_test[WC_ASYNC_DEV_SIZE >= sizeof(WC_ASYNC_DEV) ?
wolfSSL 11:cee25a834751 12305 1 : -1];
wolfSSL 11:cee25a834751 12306 (void)sizeof(async_test);
wolfSSL 11:cee25a834751 12307 #endif
wolfSSL 11:cee25a834751 12308
wolfSSL 11:cee25a834751 12309 if (XSTRNCMP(type, "SHA256", 6) == 0) {
wolfSSL 11:cee25a834751 12310 ctx->macType = SHA256;
wolfSSL 11:cee25a834751 12311 wolfSSL_SHA256_Init(&(ctx->hash.sha256));
wolfSSL 11:cee25a834751 12312 }
wolfSSL 11:cee25a834751 12313 #ifdef WOLFSSL_SHA224
wolfSSL 11:cee25a834751 12314 else if (XSTRNCMP(type, "SHA224", 6) == 0) {
wolfSSL 11:cee25a834751 12315 ctx->macType = SHA224;
wolfSSL 11:cee25a834751 12316 wolfSSL_SHA224_Init(&(ctx->hash.sha224));
wolfSSL 11:cee25a834751 12317 }
wolfSSL 11:cee25a834751 12318 #endif
wolfSSL 11:cee25a834751 12319 #ifdef WOLFSSL_SHA384
wolfSSL 11:cee25a834751 12320 else if (XSTRNCMP(type, "SHA384", 6) == 0) {
wolfSSL 11:cee25a834751 12321 ctx->macType = SHA384;
wolfSSL 11:cee25a834751 12322 wolfSSL_SHA384_Init(&(ctx->hash.sha384));
wolfSSL 11:cee25a834751 12323 }
wolfSSL 11:cee25a834751 12324 #endif
wolfSSL 11:cee25a834751 12325 #ifdef WOLFSSL_SHA512
wolfSSL 11:cee25a834751 12326 else if (XSTRNCMP(type, "SHA512", 6) == 0) {
wolfSSL 11:cee25a834751 12327 ctx->macType = SHA512;
wolfSSL 11:cee25a834751 12328 wolfSSL_SHA512_Init(&(ctx->hash.sha512));
wolfSSL 11:cee25a834751 12329 }
wolfSSL 11:cee25a834751 12330 #endif
wolfSSL 11:cee25a834751 12331 #ifndef NO_MD5
wolfSSL 11:cee25a834751 12332 else if (XSTRNCMP(type, "MD5", 3) == 0) {
wolfSSL 11:cee25a834751 12333 ctx->macType = MD5;
wolfSSL 11:cee25a834751 12334 wolfSSL_MD5_Init(&(ctx->hash.md5));
wolfSSL 11:cee25a834751 12335 }
wolfSSL 11:cee25a834751 12336 #endif
wolfSSL 11:cee25a834751 12337 #ifndef NO_SHA
wolfSSL 11:cee25a834751 12338 /* has to be last since would pick or 224, 256, 384, or 512 too */
wolfSSL 11:cee25a834751 12339 else if (XSTRNCMP(type, "SHA", 3) == 0) {
wolfSSL 11:cee25a834751 12340 ctx->macType = SHA;
wolfSSL 11:cee25a834751 12341 wolfSSL_SHA_Init(&(ctx->hash.sha));
wolfSSL 11:cee25a834751 12342 }
wolfSSL 11:cee25a834751 12343 #endif /* NO_SHA */
wolfSSL 11:cee25a834751 12344 else
wolfSSL 11:cee25a834751 12345 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 12346
wolfSSL 11:cee25a834751 12347 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 12348 }
wolfSSL 11:cee25a834751 12349
wolfSSL 11:cee25a834751 12350
wolfSSL 11:cee25a834751 12351 /* SSL_SUCCESS on ok */
wolfSSL 11:cee25a834751 12352 int wolfSSL_EVP_DigestUpdate(WOLFSSL_EVP_MD_CTX* ctx, const void* data,
wolfSSL 11:cee25a834751 12353 unsigned long sz)
wolfSSL 11:cee25a834751 12354 {
wolfSSL 11:cee25a834751 12355 WOLFSSL_ENTER("EVP_DigestUpdate");
wolfSSL 11:cee25a834751 12356
wolfSSL 11:cee25a834751 12357 switch (ctx->macType) {
wolfSSL 11:cee25a834751 12358 #ifndef NO_MD5
wolfSSL 11:cee25a834751 12359 case MD5:
wolfSSL 11:cee25a834751 12360 wolfSSL_MD5_Update((MD5_CTX*)&ctx->hash, data,
wolfSSL 11:cee25a834751 12361 (unsigned long)sz);
wolfSSL 11:cee25a834751 12362 break;
wolfSSL 11:cee25a834751 12363 #endif
wolfSSL 11:cee25a834751 12364 #ifndef NO_SHA
wolfSSL 11:cee25a834751 12365 case SHA:
wolfSSL 11:cee25a834751 12366 wolfSSL_SHA_Update((SHA_CTX*)&ctx->hash, data,
wolfSSL 11:cee25a834751 12367 (unsigned long)sz);
wolfSSL 11:cee25a834751 12368 break;
wolfSSL 11:cee25a834751 12369 #endif
wolfSSL 11:cee25a834751 12370 #ifdef WOLFSSL_SHA224
wolfSSL 11:cee25a834751 12371 case SHA224:
wolfSSL 11:cee25a834751 12372 wolfSSL_SHA224_Update((SHA224_CTX*)&ctx->hash, data,
wolfSSL 11:cee25a834751 12373 (unsigned long)sz);
wolfSSL 11:cee25a834751 12374 break;
wolfSSL 11:cee25a834751 12375 #endif
wolfSSL 11:cee25a834751 12376 #ifndef NO_SHA256
wolfSSL 11:cee25a834751 12377 case SHA256:
wolfSSL 11:cee25a834751 12378 wolfSSL_SHA256_Update((SHA256_CTX*)&ctx->hash, data,
wolfSSL 11:cee25a834751 12379 (unsigned long)sz);
wolfSSL 11:cee25a834751 12380 break;
wolfSSL 11:cee25a834751 12381 #endif
wolfSSL 11:cee25a834751 12382 #ifdef WOLFSSL_SHA384
wolfSSL 11:cee25a834751 12383 case SHA384:
wolfSSL 11:cee25a834751 12384 wolfSSL_SHA384_Update((SHA384_CTX*)&ctx->hash, data,
wolfSSL 11:cee25a834751 12385 (unsigned long)sz);
wolfSSL 11:cee25a834751 12386 break;
wolfSSL 11:cee25a834751 12387 #endif
wolfSSL 11:cee25a834751 12388 #ifdef WOLFSSL_SHA512
wolfSSL 11:cee25a834751 12389 case SHA512:
wolfSSL 11:cee25a834751 12390 wolfSSL_SHA512_Update((SHA512_CTX*)&ctx->hash, data,
wolfSSL 11:cee25a834751 12391 (unsigned long)sz);
wolfSSL 11:cee25a834751 12392 break;
wolfSSL 11:cee25a834751 12393 #endif
wolfSSL 11:cee25a834751 12394 default:
wolfSSL 11:cee25a834751 12395 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 12396 }
wolfSSL 11:cee25a834751 12397
wolfSSL 11:cee25a834751 12398 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 12399 }
wolfSSL 11:cee25a834751 12400
wolfSSL 11:cee25a834751 12401
wolfSSL 11:cee25a834751 12402 /* SSL_SUCCESS on ok */
wolfSSL 11:cee25a834751 12403 int wolfSSL_EVP_DigestFinal(WOLFSSL_EVP_MD_CTX* ctx, unsigned char* md,
wolfSSL 11:cee25a834751 12404 unsigned int* s)
wolfSSL 11:cee25a834751 12405 {
wolfSSL 11:cee25a834751 12406 WOLFSSL_ENTER("EVP_DigestFinal");
wolfSSL 11:cee25a834751 12407 switch (ctx->macType) {
wolfSSL 11:cee25a834751 12408 #ifndef NO_MD5
wolfSSL 11:cee25a834751 12409 case MD5:
wolfSSL 11:cee25a834751 12410 wolfSSL_MD5_Final(md, (MD5_CTX*)&ctx->hash);
wolfSSL 11:cee25a834751 12411 if (s) *s = MD5_DIGEST_SIZE;
wolfSSL 11:cee25a834751 12412 break;
wolfSSL 11:cee25a834751 12413 #endif
wolfSSL 11:cee25a834751 12414 #ifndef NO_SHA
wolfSSL 11:cee25a834751 12415 case SHA:
wolfSSL 11:cee25a834751 12416 wolfSSL_SHA_Final(md, (SHA_CTX*)&ctx->hash);
wolfSSL 11:cee25a834751 12417 if (s) *s = SHA_DIGEST_SIZE;
wolfSSL 11:cee25a834751 12418 break;
wolfSSL 11:cee25a834751 12419 #endif
wolfSSL 11:cee25a834751 12420 #ifdef WOLFSSL_SHA224
wolfSSL 11:cee25a834751 12421 case SHA224:
wolfSSL 11:cee25a834751 12422 wolfSSL_SHA224_Final(md, (SHA224_CTX*)&ctx->hash);
wolfSSL 11:cee25a834751 12423 if (s) *s = SHA224_DIGEST_SIZE;
wolfSSL 11:cee25a834751 12424 break;
wolfSSL 11:cee25a834751 12425 #endif
wolfSSL 11:cee25a834751 12426 #ifndef NO_SHA256
wolfSSL 11:cee25a834751 12427 case SHA256:
wolfSSL 11:cee25a834751 12428 wolfSSL_SHA256_Final(md, (SHA256_CTX*)&ctx->hash);
wolfSSL 11:cee25a834751 12429 if (s) *s = SHA256_DIGEST_SIZE;
wolfSSL 11:cee25a834751 12430 break;
wolfSSL 11:cee25a834751 12431 #endif
wolfSSL 11:cee25a834751 12432 #ifdef WOLFSSL_SHA384
wolfSSL 11:cee25a834751 12433 case SHA384:
wolfSSL 11:cee25a834751 12434 wolfSSL_SHA384_Final(md, (SHA384_CTX*)&ctx->hash);
wolfSSL 11:cee25a834751 12435 if (s) *s = SHA384_DIGEST_SIZE;
wolfSSL 11:cee25a834751 12436 break;
wolfSSL 11:cee25a834751 12437 #endif
wolfSSL 11:cee25a834751 12438 #ifdef WOLFSSL_SHA512
wolfSSL 11:cee25a834751 12439 case SHA512:
wolfSSL 11:cee25a834751 12440 wolfSSL_SHA512_Final(md, (SHA512_CTX*)&ctx->hash);
wolfSSL 11:cee25a834751 12441 if (s) *s = SHA512_DIGEST_SIZE;
wolfSSL 11:cee25a834751 12442 break;
wolfSSL 11:cee25a834751 12443 #endif
wolfSSL 11:cee25a834751 12444 default:
wolfSSL 11:cee25a834751 12445 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 12446 }
wolfSSL 11:cee25a834751 12447
wolfSSL 11:cee25a834751 12448 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 12449 }
wolfSSL 11:cee25a834751 12450
wolfSSL 11:cee25a834751 12451
wolfSSL 11:cee25a834751 12452 /* SSL_SUCCESS on ok */
wolfSSL 11:cee25a834751 12453 int wolfSSL_EVP_DigestFinal_ex(WOLFSSL_EVP_MD_CTX* ctx, unsigned char* md,
wolfSSL 11:cee25a834751 12454 unsigned int* s)
wolfSSL 11:cee25a834751 12455 {
wolfSSL 11:cee25a834751 12456 WOLFSSL_ENTER("EVP_DigestFinal_ex");
wolfSSL 11:cee25a834751 12457 return EVP_DigestFinal(ctx, md, s);
wolfSSL 11:cee25a834751 12458 }
wolfSSL 11:cee25a834751 12459
wolfSSL 11:cee25a834751 12460
wolfSSL 11:cee25a834751 12461 unsigned char* wolfSSL_HMAC(const WOLFSSL_EVP_MD* evp_md, const void* key,
wolfSSL 11:cee25a834751 12462 int key_len, const unsigned char* d, int n,
wolfSSL 11:cee25a834751 12463 unsigned char* md, unsigned int* md_len)
wolfSSL 11:cee25a834751 12464 {
wolfSSL 11:cee25a834751 12465 int type;
wolfSSL 11:cee25a834751 12466 unsigned char* ret = NULL;
wolfSSL 11:cee25a834751 12467 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 12468 Hmac* hmac = NULL;
wolfSSL 11:cee25a834751 12469 #else
wolfSSL 11:cee25a834751 12470 Hmac hmac[1];
wolfSSL 11:cee25a834751 12471 #endif
wolfSSL 11:cee25a834751 12472 void* heap = NULL;
wolfSSL 11:cee25a834751 12473
wolfSSL 11:cee25a834751 12474 WOLFSSL_ENTER("HMAC");
wolfSSL 11:cee25a834751 12475 if (!md)
wolfSSL 11:cee25a834751 12476 return NULL; /* no static buffer support */
wolfSSL 11:cee25a834751 12477
wolfSSL 11:cee25a834751 12478 if (XSTRNCMP(evp_md, "MD5", 3) == 0)
wolfSSL 11:cee25a834751 12479 type = MD5;
wolfSSL 11:cee25a834751 12480 else if (XSTRNCMP(evp_md, "SHA", 3) == 0)
wolfSSL 11:cee25a834751 12481 type = SHA;
wolfSSL 11:cee25a834751 12482 else
wolfSSL 11:cee25a834751 12483 return NULL;
wolfSSL 11:cee25a834751 12484
wolfSSL 11:cee25a834751 12485 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 12486 hmac = (Hmac*)XMALLOC(sizeof(Hmac), heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 12487 if (hmac == NULL)
wolfSSL 11:cee25a834751 12488 return NULL;
wolfSSL 11:cee25a834751 12489 #endif
wolfSSL 11:cee25a834751 12490
wolfSSL 11:cee25a834751 12491 if (wc_HmacInit(hmac, heap, INVALID_DEVID) == 0) {
wolfSSL 11:cee25a834751 12492 if (wc_HmacSetKey(hmac, type, (const byte*)key, key_len) == 0) {
wolfSSL 11:cee25a834751 12493 if (wc_HmacUpdate(hmac, d, n) == 0) {
wolfSSL 11:cee25a834751 12494 if (wc_HmacFinal(hmac, md) == 0) {
wolfSSL 11:cee25a834751 12495 if (md_len)
wolfSSL 11:cee25a834751 12496 *md_len = (type == MD5) ? (int)MD5_DIGEST_SIZE
wolfSSL 11:cee25a834751 12497 : (int)SHA_DIGEST_SIZE;
wolfSSL 11:cee25a834751 12498 ret = md;
wolfSSL 11:cee25a834751 12499 }
wolfSSL 11:cee25a834751 12500 }
wolfSSL 11:cee25a834751 12501 }
wolfSSL 11:cee25a834751 12502 wc_HmacFree(hmac);
wolfSSL 11:cee25a834751 12503 }
wolfSSL 11:cee25a834751 12504
wolfSSL 11:cee25a834751 12505 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 12506 XFREE(hmac, heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 12507 #endif
wolfSSL 11:cee25a834751 12508
wolfSSL 11:cee25a834751 12509 return ret;
wolfSSL 11:cee25a834751 12510 }
wolfSSL 11:cee25a834751 12511
wolfSSL 11:cee25a834751 12512 void wolfSSL_ERR_clear_error(void)
wolfSSL 11:cee25a834751 12513 {
wolfSSL 11:cee25a834751 12514 WOLFSSL_ENTER("wolfSSL_ERR_clear_error");
wolfSSL 11:cee25a834751 12515
wolfSSL 11:cee25a834751 12516 #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
wolfSSL 11:cee25a834751 12517 wc_ClearErrorNodes();
wolfSSL 11:cee25a834751 12518 #endif
wolfSSL 11:cee25a834751 12519 }
wolfSSL 11:cee25a834751 12520
wolfSSL 11:cee25a834751 12521
wolfSSL 11:cee25a834751 12522 int wolfSSL_RAND_status(void)
wolfSSL 11:cee25a834751 12523 {
wolfSSL 11:cee25a834751 12524 return SSL_SUCCESS; /* wolfCrypt provides enough seed internally */
wolfSSL 11:cee25a834751 12525 }
wolfSSL 11:cee25a834751 12526
wolfSSL 11:cee25a834751 12527
wolfSSL 11:cee25a834751 12528
wolfSSL 11:cee25a834751 12529 void wolfSSL_RAND_add(const void* add, int len, double entropy)
wolfSSL 11:cee25a834751 12530 {
wolfSSL 11:cee25a834751 12531 (void)add;
wolfSSL 11:cee25a834751 12532 (void)len;
wolfSSL 11:cee25a834751 12533 (void)entropy;
wolfSSL 11:cee25a834751 12534
wolfSSL 11:cee25a834751 12535 /* wolfSSL seeds/adds internally, use explicit RNG if you want
wolfSSL 11:cee25a834751 12536 to take control */
wolfSSL 11:cee25a834751 12537 }
wolfSSL 11:cee25a834751 12538
wolfSSL 11:cee25a834751 12539
wolfSSL 11:cee25a834751 12540 #ifndef NO_DES3
wolfSSL 11:cee25a834751 12541 /* SSL_SUCCESS on ok */
wolfSSL 11:cee25a834751 12542 int wolfSSL_DES_key_sched(WOLFSSL_const_DES_cblock* key,
wolfSSL 11:cee25a834751 12543 WOLFSSL_DES_key_schedule* schedule)
wolfSSL 11:cee25a834751 12544 {
wolfSSL 11:cee25a834751 12545 WOLFSSL_ENTER("DES_key_sched");
wolfSSL 11:cee25a834751 12546 XMEMCPY(schedule, key, sizeof(const_DES_cblock));
wolfSSL 11:cee25a834751 12547 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 12548 }
wolfSSL 11:cee25a834751 12549
wolfSSL 11:cee25a834751 12550
wolfSSL 11:cee25a834751 12551 void wolfSSL_DES_cbc_encrypt(const unsigned char* input,
wolfSSL 11:cee25a834751 12552 unsigned char* output, long length,
wolfSSL 11:cee25a834751 12553 WOLFSSL_DES_key_schedule* schedule,
wolfSSL 11:cee25a834751 12554 WOLFSSL_DES_cblock* ivec, int enc)
wolfSSL 11:cee25a834751 12555 {
wolfSSL 11:cee25a834751 12556 Des myDes;
wolfSSL 11:cee25a834751 12557
wolfSSL 11:cee25a834751 12558 WOLFSSL_ENTER("DES_cbc_encrypt");
wolfSSL 11:cee25a834751 12559
wolfSSL 11:cee25a834751 12560 /* OpenSSL compat, no ret */
wolfSSL 11:cee25a834751 12561 wc_Des_SetKey(&myDes, (const byte*)schedule, (const byte*)ivec, !enc);
wolfSSL 11:cee25a834751 12562
wolfSSL 11:cee25a834751 12563 if (enc)
wolfSSL 11:cee25a834751 12564 wc_Des_CbcEncrypt(&myDes, output, input, (word32)length);
wolfSSL 11:cee25a834751 12565 else
wolfSSL 11:cee25a834751 12566 wc_Des_CbcDecrypt(&myDes, output, input, (word32)length);
wolfSSL 11:cee25a834751 12567 }
wolfSSL 11:cee25a834751 12568
wolfSSL 11:cee25a834751 12569
wolfSSL 11:cee25a834751 12570 /* WOLFSSL_DES_key_schedule is a unsigned char array of size 8 */
wolfSSL 11:cee25a834751 12571 void wolfSSL_DES_ede3_cbc_encrypt(const unsigned char* input,
wolfSSL 11:cee25a834751 12572 unsigned char* output, long sz,
wolfSSL 11:cee25a834751 12573 WOLFSSL_DES_key_schedule* ks1,
wolfSSL 11:cee25a834751 12574 WOLFSSL_DES_key_schedule* ks2,
wolfSSL 11:cee25a834751 12575 WOLFSSL_DES_key_schedule* ks3,
wolfSSL 11:cee25a834751 12576 WOLFSSL_DES_cblock* ivec, int enc)
wolfSSL 11:cee25a834751 12577 {
wolfSSL 11:cee25a834751 12578 Des3 des;
wolfSSL 11:cee25a834751 12579 byte key[24];/* EDE uses 24 size key */
wolfSSL 11:cee25a834751 12580
wolfSSL 11:cee25a834751 12581 WOLFSSL_ENTER("wolfSSL_DES_ede3_cbc_encrypt");
wolfSSL 11:cee25a834751 12582
wolfSSL 11:cee25a834751 12583 XMEMSET(key, 0, sizeof(key));
wolfSSL 11:cee25a834751 12584 XMEMCPY(key, *ks1, DES_BLOCK_SIZE);
wolfSSL 11:cee25a834751 12585 XMEMCPY(&key[DES_BLOCK_SIZE], *ks2, DES_BLOCK_SIZE);
wolfSSL 11:cee25a834751 12586 XMEMCPY(&key[DES_BLOCK_SIZE * 2], *ks3, DES_BLOCK_SIZE);
wolfSSL 11:cee25a834751 12587
wolfSSL 11:cee25a834751 12588 if (enc) {
wolfSSL 11:cee25a834751 12589 wc_Des3_SetKey(&des, key, (const byte*)ivec, DES_ENCRYPTION);
wolfSSL 11:cee25a834751 12590 wc_Des3_CbcEncrypt(&des, output, input, (word32)sz);
wolfSSL 11:cee25a834751 12591 }
wolfSSL 11:cee25a834751 12592 else {
wolfSSL 11:cee25a834751 12593 wc_Des3_SetKey(&des, key, (const byte*)ivec, DES_DECRYPTION);
wolfSSL 11:cee25a834751 12594 wc_Des3_CbcDecrypt(&des, output, input, (word32)sz);
wolfSSL 11:cee25a834751 12595 }
wolfSSL 11:cee25a834751 12596 }
wolfSSL 11:cee25a834751 12597
wolfSSL 11:cee25a834751 12598
wolfSSL 11:cee25a834751 12599 /* correctly sets ivec for next call */
wolfSSL 11:cee25a834751 12600 void wolfSSL_DES_ncbc_encrypt(const unsigned char* input,
wolfSSL 11:cee25a834751 12601 unsigned char* output, long length,
wolfSSL 11:cee25a834751 12602 WOLFSSL_DES_key_schedule* schedule, WOLFSSL_DES_cblock* ivec,
wolfSSL 11:cee25a834751 12603 int enc)
wolfSSL 11:cee25a834751 12604 {
wolfSSL 11:cee25a834751 12605 Des myDes;
wolfSSL 11:cee25a834751 12606
wolfSSL 11:cee25a834751 12607 WOLFSSL_ENTER("DES_ncbc_encrypt");
wolfSSL 11:cee25a834751 12608
wolfSSL 11:cee25a834751 12609 /* OpenSSL compat, no ret */
wolfSSL 11:cee25a834751 12610 wc_Des_SetKey(&myDes, (const byte*)schedule, (const byte*)ivec, !enc);
wolfSSL 11:cee25a834751 12611
wolfSSL 11:cee25a834751 12612 if (enc)
wolfSSL 11:cee25a834751 12613 wc_Des_CbcEncrypt(&myDes, output, input, (word32)length);
wolfSSL 11:cee25a834751 12614 else
wolfSSL 11:cee25a834751 12615 wc_Des_CbcDecrypt(&myDes, output, input, (word32)length);
wolfSSL 11:cee25a834751 12616
wolfSSL 11:cee25a834751 12617 XMEMCPY(ivec, output + length - sizeof(DES_cblock), sizeof(DES_cblock));
wolfSSL 11:cee25a834751 12618 }
wolfSSL 11:cee25a834751 12619
wolfSSL 11:cee25a834751 12620 #endif /* NO_DES3 */
wolfSSL 11:cee25a834751 12621
wolfSSL 11:cee25a834751 12622
wolfSSL 11:cee25a834751 12623 void wolfSSL_ERR_free_strings(void)
wolfSSL 11:cee25a834751 12624 {
wolfSSL 11:cee25a834751 12625 /* handled internally */
wolfSSL 11:cee25a834751 12626 }
wolfSSL 11:cee25a834751 12627
wolfSSL 11:cee25a834751 12628
wolfSSL 11:cee25a834751 12629 void wolfSSL_ERR_remove_state(unsigned long state)
wolfSSL 11:cee25a834751 12630 {
wolfSSL 11:cee25a834751 12631 /* TODO: GetErrors().Remove(); */
wolfSSL 11:cee25a834751 12632 (void)state;
wolfSSL 11:cee25a834751 12633 }
wolfSSL 11:cee25a834751 12634
wolfSSL 11:cee25a834751 12635
wolfSSL 11:cee25a834751 12636 void wolfSSL_EVP_cleanup(void)
wolfSSL 11:cee25a834751 12637 {
wolfSSL 11:cee25a834751 12638 /* nothing to do here */
wolfSSL 11:cee25a834751 12639 }
wolfSSL 11:cee25a834751 12640
wolfSSL 11:cee25a834751 12641
wolfSSL 11:cee25a834751 12642 void wolfSSL_cleanup_all_ex_data(void)
wolfSSL 11:cee25a834751 12643 {
wolfSSL 11:cee25a834751 12644 /* nothing to do here */
wolfSSL 11:cee25a834751 12645 }
wolfSSL 11:cee25a834751 12646
wolfSSL 11:cee25a834751 12647
wolfSSL 11:cee25a834751 12648 int wolfSSL_clear(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 12649 {
wolfSSL 11:cee25a834751 12650 ssl->options.isClosed = 0;
wolfSSL 11:cee25a834751 12651 ssl->options.connReset = 0;
wolfSSL 11:cee25a834751 12652 ssl->options.sentNotify = 0;
wolfSSL 11:cee25a834751 12653
wolfSSL 11:cee25a834751 12654 ssl->options.serverState = NULL_STATE;
wolfSSL 11:cee25a834751 12655 ssl->options.clientState = NULL_STATE;
wolfSSL 11:cee25a834751 12656 ssl->options.connectState = CONNECT_BEGIN;
wolfSSL 11:cee25a834751 12657 ssl->options.acceptState = ACCEPT_BEGIN;
wolfSSL 11:cee25a834751 12658 ssl->options.handShakeState = NULL_STATE;
wolfSSL 11:cee25a834751 12659 ssl->options.handShakeDone = 0;
wolfSSL 11:cee25a834751 12660 /* ssl->options.processReply = doProcessInit; */
wolfSSL 11:cee25a834751 12661
wolfSSL 11:cee25a834751 12662 ssl->keys.encryptionOn = 0;
wolfSSL 11:cee25a834751 12663 XMEMSET(&ssl->msgsReceived, 0, sizeof(ssl->msgsReceived));
wolfSSL 11:cee25a834751 12664
wolfSSL 11:cee25a834751 12665 #ifndef NO_OLD_TLS
wolfSSL 11:cee25a834751 12666 #ifndef NO_MD5
wolfSSL 11:cee25a834751 12667 wc_InitMd5(&ssl->hsHashes->hashMd5);
wolfSSL 11:cee25a834751 12668 #endif
wolfSSL 11:cee25a834751 12669 #ifndef NO_SHA
wolfSSL 11:cee25a834751 12670 if (wc_InitSha(&ssl->hsHashes->hashSha) != 0)
wolfSSL 11:cee25a834751 12671 return SSL_FAILURE;
wolfSSL 11:cee25a834751 12672 #endif
wolfSSL 11:cee25a834751 12673 #endif
wolfSSL 11:cee25a834751 12674 #ifndef NO_SHA256
wolfSSL 11:cee25a834751 12675 if (wc_InitSha256(&ssl->hsHashes->hashSha256) != 0)
wolfSSL 11:cee25a834751 12676 return SSL_FAILURE;
wolfSSL 11:cee25a834751 12677 #endif
wolfSSL 11:cee25a834751 12678 #ifdef WOLFSSL_SHA384
wolfSSL 11:cee25a834751 12679 if (wc_InitSha384(&ssl->hsHashes->hashSha384) != 0)
wolfSSL 11:cee25a834751 12680 return SSL_FAILURE;
wolfSSL 11:cee25a834751 12681 #endif
wolfSSL 11:cee25a834751 12682 #ifdef WOLFSSL_SHA512
wolfSSL 11:cee25a834751 12683 if (wc_InitSha512(&ssl->hsHashes->hashSha512) != 0)
wolfSSL 11:cee25a834751 12684 return SSL_FAILURE;
wolfSSL 11:cee25a834751 12685 #endif
wolfSSL 11:cee25a834751 12686
wolfSSL 11:cee25a834751 12687 #ifdef KEEP_PEER_CERT
wolfSSL 11:cee25a834751 12688 FreeX509(&ssl->peerCert);
wolfSSL 11:cee25a834751 12689 InitX509(&ssl->peerCert, 0, ssl->heap);
wolfSSL 11:cee25a834751 12690 #endif
wolfSSL 11:cee25a834751 12691
wolfSSL 11:cee25a834751 12692 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 12693 }
wolfSSL 11:cee25a834751 12694
wolfSSL 11:cee25a834751 12695
wolfSSL 11:cee25a834751 12696 long wolfSSL_SSL_SESSION_set_timeout(WOLFSSL_SESSION* ses, long t)
wolfSSL 11:cee25a834751 12697 {
wolfSSL 11:cee25a834751 12698 word32 tmptime;
wolfSSL 11:cee25a834751 12699 if (!ses || t < 0)
wolfSSL 11:cee25a834751 12700 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 12701
wolfSSL 11:cee25a834751 12702 tmptime = t & 0xFFFFFFFF;
wolfSSL 11:cee25a834751 12703
wolfSSL 11:cee25a834751 12704 ses->timeout = tmptime;
wolfSSL 11:cee25a834751 12705
wolfSSL 11:cee25a834751 12706 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 12707 }
wolfSSL 11:cee25a834751 12708
wolfSSL 11:cee25a834751 12709
wolfSSL 11:cee25a834751 12710 long wolfSSL_CTX_set_mode(WOLFSSL_CTX* ctx, long mode)
wolfSSL 11:cee25a834751 12711 {
wolfSSL 11:cee25a834751 12712 /* SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER is wolfSSL default mode */
wolfSSL 11:cee25a834751 12713
wolfSSL 11:cee25a834751 12714 WOLFSSL_ENTER("SSL_CTX_set_mode");
wolfSSL 11:cee25a834751 12715 if (mode == SSL_MODE_ENABLE_PARTIAL_WRITE)
wolfSSL 11:cee25a834751 12716 ctx->partialWrite = 1;
wolfSSL 11:cee25a834751 12717
wolfSSL 11:cee25a834751 12718 return mode;
wolfSSL 11:cee25a834751 12719 }
wolfSSL 11:cee25a834751 12720
wolfSSL 11:cee25a834751 12721
wolfSSL 11:cee25a834751 12722 long wolfSSL_SSL_get_mode(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 12723 {
wolfSSL 11:cee25a834751 12724 /* TODO: */
wolfSSL 11:cee25a834751 12725 (void)ssl;
wolfSSL 11:cee25a834751 12726 return 0;
wolfSSL 11:cee25a834751 12727 }
wolfSSL 11:cee25a834751 12728
wolfSSL 11:cee25a834751 12729
wolfSSL 11:cee25a834751 12730 long wolfSSL_CTX_get_mode(WOLFSSL_CTX* ctx)
wolfSSL 11:cee25a834751 12731 {
wolfSSL 11:cee25a834751 12732 /* TODO: */
wolfSSL 11:cee25a834751 12733 (void)ctx;
wolfSSL 11:cee25a834751 12734 return 0;
wolfSSL 11:cee25a834751 12735 }
wolfSSL 11:cee25a834751 12736
wolfSSL 11:cee25a834751 12737
wolfSSL 11:cee25a834751 12738 void wolfSSL_CTX_set_default_read_ahead(WOLFSSL_CTX* ctx, int m)
wolfSSL 11:cee25a834751 12739 {
wolfSSL 11:cee25a834751 12740 /* TODO: maybe? */
wolfSSL 11:cee25a834751 12741 (void)ctx;
wolfSSL 11:cee25a834751 12742 (void)m;
wolfSSL 11:cee25a834751 12743 }
wolfSSL 11:cee25a834751 12744
wolfSSL 11:cee25a834751 12745
wolfSSL 11:cee25a834751 12746 int wolfSSL_CTX_set_session_id_context(WOLFSSL_CTX* ctx,
wolfSSL 11:cee25a834751 12747 const unsigned char* sid_ctx,
wolfSSL 11:cee25a834751 12748 unsigned int sid_ctx_len)
wolfSSL 11:cee25a834751 12749 {
wolfSSL 11:cee25a834751 12750 /* No application specific context needed for wolfSSL */
wolfSSL 11:cee25a834751 12751 (void)ctx;
wolfSSL 11:cee25a834751 12752 (void)sid_ctx;
wolfSSL 11:cee25a834751 12753 (void)sid_ctx_len;
wolfSSL 11:cee25a834751 12754 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 12755 }
wolfSSL 11:cee25a834751 12756
wolfSSL 11:cee25a834751 12757
wolfSSL 11:cee25a834751 12758 long wolfSSL_CTX_sess_get_cache_size(WOLFSSL_CTX* ctx)
wolfSSL 11:cee25a834751 12759 {
wolfSSL 11:cee25a834751 12760 (void)ctx;
wolfSSL 11:cee25a834751 12761 #ifndef NO_SESSION_CACHE
wolfSSL 11:cee25a834751 12762 return SESSIONS_PER_ROW * SESSION_ROWS;
wolfSSL 11:cee25a834751 12763 #else
wolfSSL 11:cee25a834751 12764 return 0;
wolfSSL 11:cee25a834751 12765 #endif
wolfSSL 11:cee25a834751 12766 }
wolfSSL 11:cee25a834751 12767
wolfSSL 11:cee25a834751 12768 unsigned long wolfSSL_ERR_get_error_line_data(const char** file, int* line,
wolfSSL 11:cee25a834751 12769 const char** data, int *flags)
wolfSSL 11:cee25a834751 12770 {
wolfSSL 11:cee25a834751 12771 /* Not implemented */
wolfSSL 11:cee25a834751 12772 (void)file;
wolfSSL 11:cee25a834751 12773 (void)line;
wolfSSL 11:cee25a834751 12774 (void)data;
wolfSSL 11:cee25a834751 12775 (void)flags;
wolfSSL 11:cee25a834751 12776 return 0;
wolfSSL 11:cee25a834751 12777 }
wolfSSL 11:cee25a834751 12778
wolfSSL 11:cee25a834751 12779 WOLFSSL_API pem_password_cb* wolfSSL_CTX_get_default_passwd_cb(
wolfSSL 11:cee25a834751 12780 WOLFSSL_CTX *ctx)
wolfSSL 11:cee25a834751 12781 {
wolfSSL 11:cee25a834751 12782 if (ctx == NULL || ctx->passwd_cb == NULL) {
wolfSSL 11:cee25a834751 12783 return NULL;
wolfSSL 11:cee25a834751 12784 }
wolfSSL 11:cee25a834751 12785
wolfSSL 11:cee25a834751 12786 return ctx->passwd_cb;
wolfSSL 11:cee25a834751 12787 }
wolfSSL 11:cee25a834751 12788
wolfSSL 11:cee25a834751 12789
wolfSSL 11:cee25a834751 12790 WOLFSSL_API void *wolfSSL_CTX_get_default_passwd_cb_userdata(
wolfSSL 11:cee25a834751 12791 WOLFSSL_CTX *ctx)
wolfSSL 11:cee25a834751 12792 {
wolfSSL 11:cee25a834751 12793 if (ctx == NULL) {
wolfSSL 11:cee25a834751 12794 return NULL;
wolfSSL 11:cee25a834751 12795 }
wolfSSL 11:cee25a834751 12796
wolfSSL 11:cee25a834751 12797 return ctx->userdata;
wolfSSL 11:cee25a834751 12798 }
wolfSSL 11:cee25a834751 12799
wolfSSL 11:cee25a834751 12800 #endif /* OPENSSL_EXTRA */
wolfSSL 11:cee25a834751 12801
wolfSSL 11:cee25a834751 12802
wolfSSL 11:cee25a834751 12803 #if defined(KEEP_PEER_CERT)
wolfSSL 11:cee25a834751 12804 #ifdef SESSION_CERTS
wolfSSL 11:cee25a834751 12805 /* Decode the X509 DER encoded certificate into a WOLFSSL_X509 object.
wolfSSL 11:cee25a834751 12806 *
wolfSSL 11:cee25a834751 12807 * x509 WOLFSSL_X509 object to decode into.
wolfSSL 11:cee25a834751 12808 * in X509 DER data.
wolfSSL 11:cee25a834751 12809 * len Length of the X509 DER data.
wolfSSL 11:cee25a834751 12810 * returns the new certificate on success, otherwise NULL.
wolfSSL 11:cee25a834751 12811 */
wolfSSL 11:cee25a834751 12812 static int DecodeToX509(WOLFSSL_X509* x509, const byte* in, int len)
wolfSSL 11:cee25a834751 12813 {
wolfSSL 11:cee25a834751 12814 int ret;
wolfSSL 11:cee25a834751 12815 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 12816 DecodedCert* cert = NULL;
wolfSSL 11:cee25a834751 12817 #else
wolfSSL 11:cee25a834751 12818 DecodedCert cert[1];
wolfSSL 11:cee25a834751 12819 #endif
wolfSSL 11:cee25a834751 12820
wolfSSL 11:cee25a834751 12821 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 12822 cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL,
wolfSSL 11:cee25a834751 12823 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 12824 if (cert == NULL)
wolfSSL 11:cee25a834751 12825 return MEMORY_E;
wolfSSL 11:cee25a834751 12826 #endif
wolfSSL 11:cee25a834751 12827
wolfSSL 11:cee25a834751 12828 /* Create a DecodedCert object and copy fields into WOLFSSL_X509 object.
wolfSSL 11:cee25a834751 12829 */
wolfSSL 11:cee25a834751 12830 InitDecodedCert(cert, (byte*)in, len, NULL);
wolfSSL 11:cee25a834751 12831 if ((ret = ParseCertRelative(cert, CERT_TYPE, 0, NULL)) == 0) {
wolfSSL 11:cee25a834751 12832 InitX509(x509, 0, NULL);
wolfSSL 11:cee25a834751 12833 ret = CopyDecodedToX509(x509, cert);
wolfSSL 11:cee25a834751 12834 FreeDecodedCert(cert);
wolfSSL 11:cee25a834751 12835 }
wolfSSL 11:cee25a834751 12836 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 12837 XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 12838 #endif
wolfSSL 11:cee25a834751 12839
wolfSSL 11:cee25a834751 12840 return ret;
wolfSSL 11:cee25a834751 12841 }
wolfSSL 11:cee25a834751 12842 #endif
wolfSSL 11:cee25a834751 12843
wolfSSL 11:cee25a834751 12844
wolfSSL 11:cee25a834751 12845 WOLFSSL_X509* wolfSSL_get_peer_certificate(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 12846 {
wolfSSL 11:cee25a834751 12847 WOLFSSL_ENTER("SSL_get_peer_certificate");
wolfSSL 11:cee25a834751 12848 if (ssl->peerCert.issuer.sz)
wolfSSL 11:cee25a834751 12849 return &ssl->peerCert;
wolfSSL 11:cee25a834751 12850 #ifdef SESSION_CERTS
wolfSSL 11:cee25a834751 12851 else if (ssl->session.chain.count > 0) {
wolfSSL 11:cee25a834751 12852 if (DecodeToX509(&ssl->peerCert, ssl->session.chain.certs[0].buffer,
wolfSSL 11:cee25a834751 12853 ssl->session.chain.certs[0].length) == 0) {
wolfSSL 11:cee25a834751 12854 return &ssl->peerCert;
wolfSSL 11:cee25a834751 12855 }
wolfSSL 11:cee25a834751 12856 }
wolfSSL 11:cee25a834751 12857 #endif
wolfSSL 11:cee25a834751 12858 return 0;
wolfSSL 11:cee25a834751 12859 }
wolfSSL 11:cee25a834751 12860
wolfSSL 11:cee25a834751 12861 #endif /* KEEP_PEER_CERT */
wolfSSL 11:cee25a834751 12862
wolfSSL 11:cee25a834751 12863
wolfSSL 11:cee25a834751 12864 #ifndef NO_CERTS
wolfSSL 11:cee25a834751 12865 #if defined(KEEP_PEER_CERT) || defined(SESSION_CERTS) || defined(OPENSSL_EXTRA)
wolfSSL 11:cee25a834751 12866
wolfSSL 11:cee25a834751 12867 /* user externally called free X509, if dynamic go ahead with free, otherwise
wolfSSL 11:cee25a834751 12868 * don't */
wolfSSL 11:cee25a834751 12869 static void ExternalFreeX509(WOLFSSL_X509* x509)
wolfSSL 11:cee25a834751 12870 {
wolfSSL 11:cee25a834751 12871 WOLFSSL_ENTER("ExternalFreeX509");
wolfSSL 11:cee25a834751 12872 if (x509) {
wolfSSL 11:cee25a834751 12873 if (x509->dynamicMemory) {
wolfSSL 11:cee25a834751 12874 FreeX509(x509);
wolfSSL 11:cee25a834751 12875 XFREE(x509, x509->heap, DYNAMIC_TYPE_X509);
wolfSSL 11:cee25a834751 12876 } else {
wolfSSL 11:cee25a834751 12877 WOLFSSL_MSG("free called on non dynamic object, not freeing");
wolfSSL 11:cee25a834751 12878 }
wolfSSL 11:cee25a834751 12879 }
wolfSSL 11:cee25a834751 12880 }
wolfSSL 11:cee25a834751 12881
wolfSSL 11:cee25a834751 12882 #endif /* KEEP_PEER_CERT || SESSION_CERTS || OPENSSSL_EXTRA */
wolfSSL 11:cee25a834751 12883
wolfSSL 11:cee25a834751 12884 #if defined(KEEP_PEER_CERT) || defined(SESSION_CERTS)
wolfSSL 11:cee25a834751 12885
wolfSSL 11:cee25a834751 12886 void wolfSSL_FreeX509(WOLFSSL_X509* x509)
wolfSSL 11:cee25a834751 12887 {
wolfSSL 11:cee25a834751 12888 WOLFSSL_ENTER("wolfSSL_FreeX509");
wolfSSL 11:cee25a834751 12889 ExternalFreeX509(x509);
wolfSSL 11:cee25a834751 12890 }
wolfSSL 11:cee25a834751 12891
wolfSSL 11:cee25a834751 12892 /* return the next, if any, altname from the peer cert */
wolfSSL 11:cee25a834751 12893 char* wolfSSL_X509_get_next_altname(WOLFSSL_X509* cert)
wolfSSL 11:cee25a834751 12894 {
wolfSSL 11:cee25a834751 12895 char* ret = NULL;
wolfSSL 11:cee25a834751 12896 WOLFSSL_ENTER("wolfSSL_X509_get_next_altname");
wolfSSL 11:cee25a834751 12897
wolfSSL 11:cee25a834751 12898 /* don't have any to work with */
wolfSSL 11:cee25a834751 12899 if (cert == NULL || cert->altNames == NULL)
wolfSSL 11:cee25a834751 12900 return NULL;
wolfSSL 11:cee25a834751 12901
wolfSSL 11:cee25a834751 12902 /* already went through them */
wolfSSL 11:cee25a834751 12903 if (cert->altNamesNext == NULL)
wolfSSL 11:cee25a834751 12904 return NULL;
wolfSSL 11:cee25a834751 12905
wolfSSL 11:cee25a834751 12906 ret = cert->altNamesNext->name;
wolfSSL 11:cee25a834751 12907 cert->altNamesNext = cert->altNamesNext->next;
wolfSSL 11:cee25a834751 12908
wolfSSL 11:cee25a834751 12909 return ret;
wolfSSL 11:cee25a834751 12910 }
wolfSSL 11:cee25a834751 12911
wolfSSL 11:cee25a834751 12912
wolfSSL 11:cee25a834751 12913 WOLFSSL_X509_NAME* wolfSSL_X509_get_issuer_name(WOLFSSL_X509* cert)
wolfSSL 11:cee25a834751 12914 {
wolfSSL 11:cee25a834751 12915 WOLFSSL_ENTER("X509_get_issuer_name");
wolfSSL 11:cee25a834751 12916 if (cert && cert->issuer.sz != 0)
wolfSSL 11:cee25a834751 12917 return &cert->issuer;
wolfSSL 11:cee25a834751 12918 return NULL;
wolfSSL 11:cee25a834751 12919 }
wolfSSL 11:cee25a834751 12920
wolfSSL 11:cee25a834751 12921
wolfSSL 11:cee25a834751 12922 WOLFSSL_X509_NAME* wolfSSL_X509_get_subject_name(WOLFSSL_X509* cert)
wolfSSL 11:cee25a834751 12923 {
wolfSSL 11:cee25a834751 12924 WOLFSSL_ENTER("wolfSSL_X509_get_subject_name");
wolfSSL 11:cee25a834751 12925 if (cert && cert->subject.sz != 0)
wolfSSL 11:cee25a834751 12926 return &cert->subject;
wolfSSL 11:cee25a834751 12927 return NULL;
wolfSSL 11:cee25a834751 12928 }
wolfSSL 11:cee25a834751 12929
wolfSSL 11:cee25a834751 12930
wolfSSL 11:cee25a834751 12931 int wolfSSL_X509_get_isCA(WOLFSSL_X509* x509)
wolfSSL 11:cee25a834751 12932 {
wolfSSL 11:cee25a834751 12933 int isCA = 0;
wolfSSL 11:cee25a834751 12934
wolfSSL 11:cee25a834751 12935 WOLFSSL_ENTER("wolfSSL_X509_get_isCA");
wolfSSL 11:cee25a834751 12936
wolfSSL 11:cee25a834751 12937 if (x509 != NULL)
wolfSSL 11:cee25a834751 12938 isCA = x509->isCa;
wolfSSL 11:cee25a834751 12939
wolfSSL 11:cee25a834751 12940 WOLFSSL_LEAVE("wolfSSL_X509_get_isCA", isCA);
wolfSSL 11:cee25a834751 12941
wolfSSL 11:cee25a834751 12942 return isCA;
wolfSSL 11:cee25a834751 12943 }
wolfSSL 11:cee25a834751 12944
wolfSSL 11:cee25a834751 12945
wolfSSL 11:cee25a834751 12946 #ifdef OPENSSL_EXTRA
wolfSSL 11:cee25a834751 12947 int wolfSSL_X509_ext_isSet_by_NID(WOLFSSL_X509* x509, int nid)
wolfSSL 11:cee25a834751 12948 {
wolfSSL 11:cee25a834751 12949 int isSet = 0;
wolfSSL 11:cee25a834751 12950
wolfSSL 11:cee25a834751 12951 WOLFSSL_ENTER("wolfSSL_X509_ext_isSet_by_NID");
wolfSSL 11:cee25a834751 12952
wolfSSL 11:cee25a834751 12953 if (x509 != NULL) {
wolfSSL 11:cee25a834751 12954 switch (nid) {
wolfSSL 11:cee25a834751 12955 case BASIC_CA_OID: isSet = x509->basicConstSet; break;
wolfSSL 11:cee25a834751 12956 case ALT_NAMES_OID: isSet = x509->subjAltNameSet; break;
wolfSSL 11:cee25a834751 12957 case AUTH_KEY_OID: isSet = x509->authKeyIdSet; break;
wolfSSL 11:cee25a834751 12958 case SUBJ_KEY_OID: isSet = x509->subjKeyIdSet; break;
wolfSSL 11:cee25a834751 12959 case KEY_USAGE_OID: isSet = x509->keyUsageSet; break;
wolfSSL 11:cee25a834751 12960 #ifdef WOLFSSL_SEP
wolfSSL 11:cee25a834751 12961 case CERT_POLICY_OID: isSet = x509->certPolicySet; break;
wolfSSL 11:cee25a834751 12962 #endif /* WOLFSSL_SEP */
wolfSSL 11:cee25a834751 12963 }
wolfSSL 11:cee25a834751 12964 }
wolfSSL 11:cee25a834751 12965
wolfSSL 11:cee25a834751 12966 WOLFSSL_LEAVE("wolfSSL_X509_ext_isSet_by_NID", isSet);
wolfSSL 11:cee25a834751 12967
wolfSSL 11:cee25a834751 12968 return isSet;
wolfSSL 11:cee25a834751 12969 }
wolfSSL 11:cee25a834751 12970
wolfSSL 11:cee25a834751 12971
wolfSSL 11:cee25a834751 12972 int wolfSSL_X509_ext_get_critical_by_NID(WOLFSSL_X509* x509, int nid)
wolfSSL 11:cee25a834751 12973 {
wolfSSL 11:cee25a834751 12974 int crit = 0;
wolfSSL 11:cee25a834751 12975
wolfSSL 11:cee25a834751 12976 WOLFSSL_ENTER("wolfSSL_X509_ext_get_critical_by_NID");
wolfSSL 11:cee25a834751 12977
wolfSSL 11:cee25a834751 12978 if (x509 != NULL) {
wolfSSL 11:cee25a834751 12979 switch (nid) {
wolfSSL 11:cee25a834751 12980 case BASIC_CA_OID: crit = x509->basicConstCrit; break;
wolfSSL 11:cee25a834751 12981 case ALT_NAMES_OID: crit = x509->subjAltNameCrit; break;
wolfSSL 11:cee25a834751 12982 case AUTH_KEY_OID: crit = x509->authKeyIdCrit; break;
wolfSSL 11:cee25a834751 12983 case SUBJ_KEY_OID: crit = x509->subjKeyIdCrit; break;
wolfSSL 11:cee25a834751 12984 case KEY_USAGE_OID: crit = x509->keyUsageCrit; break;
wolfSSL 11:cee25a834751 12985 #ifdef WOLFSSL_SEP
wolfSSL 11:cee25a834751 12986 case CERT_POLICY_OID: crit = x509->certPolicyCrit; break;
wolfSSL 11:cee25a834751 12987 #endif /* WOLFSSL_SEP */
wolfSSL 11:cee25a834751 12988 }
wolfSSL 11:cee25a834751 12989 }
wolfSSL 11:cee25a834751 12990
wolfSSL 11:cee25a834751 12991 WOLFSSL_LEAVE("wolfSSL_X509_ext_get_critical_by_NID", crit);
wolfSSL 11:cee25a834751 12992
wolfSSL 11:cee25a834751 12993 return crit;
wolfSSL 11:cee25a834751 12994 }
wolfSSL 11:cee25a834751 12995
wolfSSL 11:cee25a834751 12996
wolfSSL 11:cee25a834751 12997 int wolfSSL_X509_get_isSet_pathLength(WOLFSSL_X509* x509)
wolfSSL 11:cee25a834751 12998 {
wolfSSL 11:cee25a834751 12999 int isSet = 0;
wolfSSL 11:cee25a834751 13000
wolfSSL 11:cee25a834751 13001 WOLFSSL_ENTER("wolfSSL_X509_get_isSet_pathLength");
wolfSSL 11:cee25a834751 13002
wolfSSL 11:cee25a834751 13003 if (x509 != NULL)
wolfSSL 11:cee25a834751 13004 isSet = x509->basicConstPlSet;
wolfSSL 11:cee25a834751 13005
wolfSSL 11:cee25a834751 13006 WOLFSSL_LEAVE("wolfSSL_X509_get_isSet_pathLength", isSet);
wolfSSL 11:cee25a834751 13007
wolfSSL 11:cee25a834751 13008 return isSet;
wolfSSL 11:cee25a834751 13009 }
wolfSSL 11:cee25a834751 13010
wolfSSL 11:cee25a834751 13011
wolfSSL 11:cee25a834751 13012 word32 wolfSSL_X509_get_pathLength(WOLFSSL_X509* x509)
wolfSSL 11:cee25a834751 13013 {
wolfSSL 11:cee25a834751 13014 word32 pathLength = 0;
wolfSSL 11:cee25a834751 13015
wolfSSL 11:cee25a834751 13016 WOLFSSL_ENTER("wolfSSL_X509_get_pathLength");
wolfSSL 11:cee25a834751 13017
wolfSSL 11:cee25a834751 13018 if (x509 != NULL)
wolfSSL 11:cee25a834751 13019 pathLength = x509->pathLength;
wolfSSL 11:cee25a834751 13020
wolfSSL 11:cee25a834751 13021 WOLFSSL_LEAVE("wolfSSL_X509_get_pathLength", pathLength);
wolfSSL 11:cee25a834751 13022
wolfSSL 11:cee25a834751 13023 return pathLength;
wolfSSL 11:cee25a834751 13024 }
wolfSSL 11:cee25a834751 13025
wolfSSL 11:cee25a834751 13026
wolfSSL 11:cee25a834751 13027 unsigned int wolfSSL_X509_get_keyUsage(WOLFSSL_X509* x509)
wolfSSL 11:cee25a834751 13028 {
wolfSSL 11:cee25a834751 13029 word16 usage = 0;
wolfSSL 11:cee25a834751 13030
wolfSSL 11:cee25a834751 13031 WOLFSSL_ENTER("wolfSSL_X509_get_keyUsage");
wolfSSL 11:cee25a834751 13032
wolfSSL 11:cee25a834751 13033 if (x509 != NULL)
wolfSSL 11:cee25a834751 13034 usage = x509->keyUsage;
wolfSSL 11:cee25a834751 13035
wolfSSL 11:cee25a834751 13036 WOLFSSL_LEAVE("wolfSSL_X509_get_keyUsage", usage);
wolfSSL 11:cee25a834751 13037
wolfSSL 11:cee25a834751 13038 return usage;
wolfSSL 11:cee25a834751 13039 }
wolfSSL 11:cee25a834751 13040
wolfSSL 11:cee25a834751 13041
wolfSSL 11:cee25a834751 13042 byte* wolfSSL_X509_get_authorityKeyID(WOLFSSL_X509* x509,
wolfSSL 11:cee25a834751 13043 byte* dst, int* dstLen)
wolfSSL 11:cee25a834751 13044 {
wolfSSL 11:cee25a834751 13045 byte *id = NULL;
wolfSSL 11:cee25a834751 13046 int copySz = 0;
wolfSSL 11:cee25a834751 13047
wolfSSL 11:cee25a834751 13048 WOLFSSL_ENTER("wolfSSL_X509_get_authorityKeyID");
wolfSSL 11:cee25a834751 13049
wolfSSL 11:cee25a834751 13050 if (x509 != NULL) {
wolfSSL 11:cee25a834751 13051 if (x509->authKeyIdSet) {
wolfSSL 11:cee25a834751 13052 copySz = min(dstLen != NULL ? *dstLen : 0,
wolfSSL 11:cee25a834751 13053 (int)x509->authKeyIdSz);
wolfSSL 11:cee25a834751 13054 id = x509->authKeyId;
wolfSSL 11:cee25a834751 13055 }
wolfSSL 11:cee25a834751 13056
wolfSSL 11:cee25a834751 13057 if (dst != NULL && dstLen != NULL && id != NULL && copySz > 0) {
wolfSSL 11:cee25a834751 13058 XMEMCPY(dst, id, copySz);
wolfSSL 11:cee25a834751 13059 id = dst;
wolfSSL 11:cee25a834751 13060 *dstLen = copySz;
wolfSSL 11:cee25a834751 13061 }
wolfSSL 11:cee25a834751 13062 }
wolfSSL 11:cee25a834751 13063
wolfSSL 11:cee25a834751 13064 WOLFSSL_LEAVE("wolfSSL_X509_get_authorityKeyID", copySz);
wolfSSL 11:cee25a834751 13065
wolfSSL 11:cee25a834751 13066 return id;
wolfSSL 11:cee25a834751 13067 }
wolfSSL 11:cee25a834751 13068
wolfSSL 11:cee25a834751 13069
wolfSSL 11:cee25a834751 13070 byte* wolfSSL_X509_get_subjectKeyID(WOLFSSL_X509* x509,
wolfSSL 11:cee25a834751 13071 byte* dst, int* dstLen)
wolfSSL 11:cee25a834751 13072 {
wolfSSL 11:cee25a834751 13073 byte *id = NULL;
wolfSSL 11:cee25a834751 13074 int copySz = 0;
wolfSSL 11:cee25a834751 13075
wolfSSL 11:cee25a834751 13076 WOLFSSL_ENTER("wolfSSL_X509_get_subjectKeyID");
wolfSSL 11:cee25a834751 13077
wolfSSL 11:cee25a834751 13078 if (x509 != NULL) {
wolfSSL 11:cee25a834751 13079 if (x509->subjKeyIdSet) {
wolfSSL 11:cee25a834751 13080 copySz = min(dstLen != NULL ? *dstLen : 0,
wolfSSL 11:cee25a834751 13081 (int)x509->subjKeyIdSz);
wolfSSL 11:cee25a834751 13082 id = x509->subjKeyId;
wolfSSL 11:cee25a834751 13083 }
wolfSSL 11:cee25a834751 13084
wolfSSL 11:cee25a834751 13085 if (dst != NULL && dstLen != NULL && id != NULL && copySz > 0) {
wolfSSL 11:cee25a834751 13086 XMEMCPY(dst, id, copySz);
wolfSSL 11:cee25a834751 13087 id = dst;
wolfSSL 11:cee25a834751 13088 *dstLen = copySz;
wolfSSL 11:cee25a834751 13089 }
wolfSSL 11:cee25a834751 13090 }
wolfSSL 11:cee25a834751 13091
wolfSSL 11:cee25a834751 13092 WOLFSSL_LEAVE("wolfSSL_X509_get_subjectKeyID", copySz);
wolfSSL 11:cee25a834751 13093
wolfSSL 11:cee25a834751 13094 return id;
wolfSSL 11:cee25a834751 13095 }
wolfSSL 11:cee25a834751 13096
wolfSSL 11:cee25a834751 13097
wolfSSL 11:cee25a834751 13098 int wolfSSL_X509_NAME_entry_count(WOLFSSL_X509_NAME* name)
wolfSSL 11:cee25a834751 13099 {
wolfSSL 11:cee25a834751 13100 int count = 0;
wolfSSL 11:cee25a834751 13101
wolfSSL 11:cee25a834751 13102 WOLFSSL_ENTER("wolfSSL_X509_NAME_entry_count");
wolfSSL 11:cee25a834751 13103
wolfSSL 11:cee25a834751 13104 if (name != NULL)
wolfSSL 11:cee25a834751 13105 count = name->fullName.entryCount;
wolfSSL 11:cee25a834751 13106
wolfSSL 11:cee25a834751 13107 WOLFSSL_LEAVE("wolfSSL_X509_NAME_entry_count", count);
wolfSSL 11:cee25a834751 13108 return count;
wolfSSL 11:cee25a834751 13109 }
wolfSSL 11:cee25a834751 13110
wolfSSL 11:cee25a834751 13111
wolfSSL 11:cee25a834751 13112 int wolfSSL_X509_NAME_get_text_by_NID(WOLFSSL_X509_NAME* name,
wolfSSL 11:cee25a834751 13113 int nid, char* buf, int len)
wolfSSL 11:cee25a834751 13114 {
wolfSSL 11:cee25a834751 13115 char *text = NULL;
wolfSSL 11:cee25a834751 13116 int textSz = 0;
wolfSSL 11:cee25a834751 13117
wolfSSL 11:cee25a834751 13118 WOLFSSL_ENTER("wolfSSL_X509_NAME_get_text_by_NID");
wolfSSL 11:cee25a834751 13119
wolfSSL 11:cee25a834751 13120 switch (nid) {
wolfSSL 11:cee25a834751 13121 case ASN_COMMON_NAME:
wolfSSL 11:cee25a834751 13122 text = name->fullName.fullName + name->fullName.cnIdx;
wolfSSL 11:cee25a834751 13123 textSz = name->fullName.cnLen;
wolfSSL 11:cee25a834751 13124 break;
wolfSSL 11:cee25a834751 13125 case ASN_SUR_NAME:
wolfSSL 11:cee25a834751 13126 text = name->fullName.fullName + name->fullName.snIdx;
wolfSSL 11:cee25a834751 13127 textSz = name->fullName.snLen;
wolfSSL 11:cee25a834751 13128 break;
wolfSSL 11:cee25a834751 13129 case ASN_SERIAL_NUMBER:
wolfSSL 11:cee25a834751 13130 text = name->fullName.fullName + name->fullName.serialIdx;
wolfSSL 11:cee25a834751 13131 textSz = name->fullName.serialLen;
wolfSSL 11:cee25a834751 13132 break;
wolfSSL 11:cee25a834751 13133 case ASN_COUNTRY_NAME:
wolfSSL 11:cee25a834751 13134 text = name->fullName.fullName + name->fullName.cIdx;
wolfSSL 11:cee25a834751 13135 textSz = name->fullName.cLen;
wolfSSL 11:cee25a834751 13136 break;
wolfSSL 11:cee25a834751 13137 case ASN_LOCALITY_NAME:
wolfSSL 11:cee25a834751 13138 text = name->fullName.fullName + name->fullName.lIdx;
wolfSSL 11:cee25a834751 13139 textSz = name->fullName.lLen;
wolfSSL 11:cee25a834751 13140 break;
wolfSSL 11:cee25a834751 13141 case ASN_STATE_NAME:
wolfSSL 11:cee25a834751 13142 text = name->fullName.fullName + name->fullName.stIdx;
wolfSSL 11:cee25a834751 13143 textSz = name->fullName.stLen;
wolfSSL 11:cee25a834751 13144 break;
wolfSSL 11:cee25a834751 13145 case ASN_ORG_NAME:
wolfSSL 11:cee25a834751 13146 text = name->fullName.fullName + name->fullName.oIdx;
wolfSSL 11:cee25a834751 13147 textSz = name->fullName.oLen;
wolfSSL 11:cee25a834751 13148 break;
wolfSSL 11:cee25a834751 13149 case ASN_ORGUNIT_NAME:
wolfSSL 11:cee25a834751 13150 text = name->fullName.fullName + name->fullName.ouIdx;
wolfSSL 11:cee25a834751 13151 textSz = name->fullName.ouLen;
wolfSSL 11:cee25a834751 13152 break;
wolfSSL 11:cee25a834751 13153 default:
wolfSSL 11:cee25a834751 13154 break;
wolfSSL 11:cee25a834751 13155 }
wolfSSL 11:cee25a834751 13156
wolfSSL 11:cee25a834751 13157 if (buf != NULL && text != NULL) {
wolfSSL 11:cee25a834751 13158 textSz = min(textSz, len);
wolfSSL 11:cee25a834751 13159 if (textSz > 0) {
wolfSSL 11:cee25a834751 13160 XMEMCPY(buf, text, textSz - 1);
wolfSSL 11:cee25a834751 13161 buf[textSz - 1] = '\0';
wolfSSL 11:cee25a834751 13162 }
wolfSSL 11:cee25a834751 13163 }
wolfSSL 11:cee25a834751 13164
wolfSSL 11:cee25a834751 13165 WOLFSSL_LEAVE("wolfSSL_X509_NAME_get_text_by_NID", textSz);
wolfSSL 11:cee25a834751 13166 return textSz;
wolfSSL 11:cee25a834751 13167 }
wolfSSL 11:cee25a834751 13168
wolfSSL 11:cee25a834751 13169 int wolfSSL_X509_NAME_get_index_by_NID(WOLFSSL_X509_NAME* name,
wolfSSL 11:cee25a834751 13170 int nid, int pos)
wolfSSL 11:cee25a834751 13171 {
wolfSSL 11:cee25a834751 13172 int ret = -1;
wolfSSL 11:cee25a834751 13173
wolfSSL 11:cee25a834751 13174 WOLFSSL_ENTER("wolfSSL_X509_NAME_get_index_by_NID");
wolfSSL 11:cee25a834751 13175
wolfSSL 11:cee25a834751 13176 if (name == NULL) {
wolfSSL 11:cee25a834751 13177 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 13178 }
wolfSSL 11:cee25a834751 13179
wolfSSL 11:cee25a834751 13180 /* these index values are already stored in DecodedName
wolfSSL 11:cee25a834751 13181 use those when available */
wolfSSL 11:cee25a834751 13182 if (name->fullName.fullName && name->fullName.fullNameLen > 0) {
wolfSSL 11:cee25a834751 13183 switch (nid) {
wolfSSL 11:cee25a834751 13184 case ASN_COMMON_NAME:
wolfSSL 11:cee25a834751 13185 if (pos != name->fullName.cnIdx)
wolfSSL 11:cee25a834751 13186 ret = name->fullName.cnIdx;
wolfSSL 11:cee25a834751 13187 break;
wolfSSL 11:cee25a834751 13188 default:
wolfSSL 11:cee25a834751 13189 WOLFSSL_MSG("NID not yet implemented");
wolfSSL 11:cee25a834751 13190 break;
wolfSSL 11:cee25a834751 13191 }
wolfSSL 11:cee25a834751 13192 }
wolfSSL 11:cee25a834751 13193
wolfSSL 11:cee25a834751 13194 WOLFSSL_LEAVE("wolfSSL_X509_NAME_get_index_by_NID", ret);
wolfSSL 11:cee25a834751 13195
wolfSSL 11:cee25a834751 13196 (void)pos;
wolfSSL 11:cee25a834751 13197 (void)nid;
wolfSSL 11:cee25a834751 13198
wolfSSL 11:cee25a834751 13199 return ret;
wolfSSL 11:cee25a834751 13200 }
wolfSSL 11:cee25a834751 13201
wolfSSL 11:cee25a834751 13202
wolfSSL 11:cee25a834751 13203 WOLFSSL_ASN1_STRING* wolfSSL_X509_NAME_ENTRY_get_data(
wolfSSL 11:cee25a834751 13204 WOLFSSL_X509_NAME_ENTRY* in)
wolfSSL 11:cee25a834751 13205 {
wolfSSL 11:cee25a834751 13206 WOLFSSL_ENTER("wolfSSL_X509_NAME_ENTRY_get_data");
wolfSSL 11:cee25a834751 13207 return in->value;
wolfSSL 11:cee25a834751 13208 }
wolfSSL 11:cee25a834751 13209
wolfSSL 11:cee25a834751 13210
wolfSSL 11:cee25a834751 13211 char* wolfSSL_ASN1_STRING_data(WOLFSSL_ASN1_STRING* asn)
wolfSSL 11:cee25a834751 13212 {
wolfSSL 11:cee25a834751 13213 WOLFSSL_ENTER("wolfSSL_ASN1_STRING_data");
wolfSSL 11:cee25a834751 13214
wolfSSL 11:cee25a834751 13215 if (asn) {
wolfSSL 11:cee25a834751 13216 return asn->data;
wolfSSL 11:cee25a834751 13217 }
wolfSSL 11:cee25a834751 13218 else {
wolfSSL 11:cee25a834751 13219 return NULL;
wolfSSL 11:cee25a834751 13220 }
wolfSSL 11:cee25a834751 13221 }
wolfSSL 11:cee25a834751 13222
wolfSSL 11:cee25a834751 13223
wolfSSL 11:cee25a834751 13224 int wolfSSL_ASN1_STRING_length(WOLFSSL_ASN1_STRING* asn)
wolfSSL 11:cee25a834751 13225 {
wolfSSL 11:cee25a834751 13226 WOLFSSL_ENTER("wolfSSL_ASN1_STRING_length");
wolfSSL 11:cee25a834751 13227
wolfSSL 11:cee25a834751 13228 if (asn) {
wolfSSL 11:cee25a834751 13229 return asn->length;
wolfSSL 11:cee25a834751 13230 }
wolfSSL 11:cee25a834751 13231 else {
wolfSSL 11:cee25a834751 13232 return 0;
wolfSSL 11:cee25a834751 13233 }
wolfSSL 11:cee25a834751 13234 }
wolfSSL 11:cee25a834751 13235 #endif
wolfSSL 11:cee25a834751 13236
wolfSSL 11:cee25a834751 13237
wolfSSL 11:cee25a834751 13238 /* copy name into in buffer, at most sz bytes, if buffer is null will
wolfSSL 11:cee25a834751 13239 malloc buffer, call responsible for freeing */
wolfSSL 11:cee25a834751 13240 char* wolfSSL_X509_NAME_oneline(WOLFSSL_X509_NAME* name, char* in, int sz)
wolfSSL 11:cee25a834751 13241 {
wolfSSL 11:cee25a834751 13242 int copySz = min(sz, name->sz);
wolfSSL 11:cee25a834751 13243
wolfSSL 11:cee25a834751 13244 WOLFSSL_ENTER("wolfSSL_X509_NAME_oneline");
wolfSSL 11:cee25a834751 13245 if (!name->sz) return in;
wolfSSL 11:cee25a834751 13246
wolfSSL 11:cee25a834751 13247 if (!in) {
wolfSSL 11:cee25a834751 13248 #ifdef WOLFSSL_STATIC_MEMORY
wolfSSL 11:cee25a834751 13249 WOLFSSL_MSG("Using static memory -- please pass in a buffer");
wolfSSL 11:cee25a834751 13250 return NULL;
wolfSSL 11:cee25a834751 13251 #else
wolfSSL 11:cee25a834751 13252 in = (char*)XMALLOC(name->sz, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL 11:cee25a834751 13253 if (!in ) return in;
wolfSSL 11:cee25a834751 13254 copySz = name->sz;
wolfSSL 11:cee25a834751 13255 #endif
wolfSSL 11:cee25a834751 13256 }
wolfSSL 11:cee25a834751 13257
wolfSSL 11:cee25a834751 13258 if (copySz == 0)
wolfSSL 11:cee25a834751 13259 return in;
wolfSSL 11:cee25a834751 13260
wolfSSL 11:cee25a834751 13261 XMEMCPY(in, name->name, copySz - 1);
wolfSSL 11:cee25a834751 13262 in[copySz - 1] = 0;
wolfSSL 11:cee25a834751 13263
wolfSSL 11:cee25a834751 13264 return in;
wolfSSL 11:cee25a834751 13265 }
wolfSSL 11:cee25a834751 13266
wolfSSL 11:cee25a834751 13267
wolfSSL 11:cee25a834751 13268 int wolfSSL_X509_get_signature_type(WOLFSSL_X509* x509)
wolfSSL 11:cee25a834751 13269 {
wolfSSL 11:cee25a834751 13270 int type = 0;
wolfSSL 11:cee25a834751 13271
wolfSSL 11:cee25a834751 13272 WOLFSSL_ENTER("wolfSSL_X509_get_signature_type");
wolfSSL 11:cee25a834751 13273
wolfSSL 11:cee25a834751 13274 if (x509 != NULL)
wolfSSL 11:cee25a834751 13275 type = x509->sigOID;
wolfSSL 11:cee25a834751 13276
wolfSSL 11:cee25a834751 13277 return type;
wolfSSL 11:cee25a834751 13278 }
wolfSSL 11:cee25a834751 13279
wolfSSL 11:cee25a834751 13280
wolfSSL 11:cee25a834751 13281 int wolfSSL_X509_get_signature(WOLFSSL_X509* x509,
wolfSSL 11:cee25a834751 13282 unsigned char* buf, int* bufSz)
wolfSSL 11:cee25a834751 13283 {
wolfSSL 11:cee25a834751 13284 WOLFSSL_ENTER("wolfSSL_X509_get_signature");
wolfSSL 11:cee25a834751 13285 if (x509 == NULL || bufSz == NULL || *bufSz < (int)x509->sig.length)
wolfSSL 11:cee25a834751 13286 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 13287
wolfSSL 11:cee25a834751 13288 if (buf != NULL)
wolfSSL 11:cee25a834751 13289 XMEMCPY(buf, x509->sig.buffer, x509->sig.length);
wolfSSL 11:cee25a834751 13290 *bufSz = x509->sig.length;
wolfSSL 11:cee25a834751 13291
wolfSSL 11:cee25a834751 13292 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 13293 }
wolfSSL 11:cee25a834751 13294
wolfSSL 11:cee25a834751 13295
wolfSSL 11:cee25a834751 13296 /* write X509 serial number in unsigned binary to buffer
wolfSSL 11:cee25a834751 13297 buffer needs to be at least EXTERNAL_SERIAL_SIZE (32) for all cases
wolfSSL 11:cee25a834751 13298 return SSL_SUCCESS on success */
wolfSSL 11:cee25a834751 13299 int wolfSSL_X509_get_serial_number(WOLFSSL_X509* x509,
wolfSSL 11:cee25a834751 13300 byte* in, int* inOutSz)
wolfSSL 11:cee25a834751 13301 {
wolfSSL 11:cee25a834751 13302 WOLFSSL_ENTER("wolfSSL_X509_get_serial_number");
wolfSSL 11:cee25a834751 13303 if (x509 == NULL || in == NULL ||
wolfSSL 11:cee25a834751 13304 inOutSz == NULL || *inOutSz < x509->serialSz)
wolfSSL 11:cee25a834751 13305 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 13306
wolfSSL 11:cee25a834751 13307 XMEMCPY(in, x509->serial, x509->serialSz);
wolfSSL 11:cee25a834751 13308 *inOutSz = x509->serialSz;
wolfSSL 11:cee25a834751 13309
wolfSSL 11:cee25a834751 13310 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 13311 }
wolfSSL 11:cee25a834751 13312
wolfSSL 11:cee25a834751 13313
wolfSSL 11:cee25a834751 13314 const byte* wolfSSL_X509_get_der(WOLFSSL_X509* x509, int* outSz)
wolfSSL 11:cee25a834751 13315 {
wolfSSL 11:cee25a834751 13316 WOLFSSL_ENTER("wolfSSL_X509_get_der");
wolfSSL 11:cee25a834751 13317
wolfSSL 11:cee25a834751 13318 if (x509 == NULL || outSz == NULL)
wolfSSL 11:cee25a834751 13319 return NULL;
wolfSSL 11:cee25a834751 13320
wolfSSL 11:cee25a834751 13321 *outSz = (int)x509->derCert->length;
wolfSSL 11:cee25a834751 13322 return x509->derCert->buffer;
wolfSSL 11:cee25a834751 13323 }
wolfSSL 11:cee25a834751 13324
wolfSSL 11:cee25a834751 13325
wolfSSL 11:cee25a834751 13326 int wolfSSL_X509_version(WOLFSSL_X509* x509)
wolfSSL 11:cee25a834751 13327 {
wolfSSL 11:cee25a834751 13328 WOLFSSL_ENTER("wolfSSL_X509_version");
wolfSSL 11:cee25a834751 13329
wolfSSL 11:cee25a834751 13330 if (x509 == NULL)
wolfSSL 11:cee25a834751 13331 return 0;
wolfSSL 11:cee25a834751 13332
wolfSSL 11:cee25a834751 13333 return x509->version;
wolfSSL 11:cee25a834751 13334 }
wolfSSL 11:cee25a834751 13335
wolfSSL 11:cee25a834751 13336
wolfSSL 11:cee25a834751 13337 const byte* wolfSSL_X509_notBefore(WOLFSSL_X509* x509)
wolfSSL 11:cee25a834751 13338 {
wolfSSL 11:cee25a834751 13339 WOLFSSL_ENTER("wolfSSL_X509_notBefore");
wolfSSL 11:cee25a834751 13340
wolfSSL 11:cee25a834751 13341 if (x509 == NULL)
wolfSSL 11:cee25a834751 13342 return NULL;
wolfSSL 11:cee25a834751 13343
wolfSSL 11:cee25a834751 13344 return x509->notBefore;
wolfSSL 11:cee25a834751 13345 }
wolfSSL 11:cee25a834751 13346
wolfSSL 11:cee25a834751 13347
wolfSSL 11:cee25a834751 13348 const byte* wolfSSL_X509_notAfter(WOLFSSL_X509* x509)
wolfSSL 11:cee25a834751 13349 {
wolfSSL 11:cee25a834751 13350 WOLFSSL_ENTER("wolfSSL_X509_notAfter");
wolfSSL 11:cee25a834751 13351
wolfSSL 11:cee25a834751 13352 if (x509 == NULL)
wolfSSL 11:cee25a834751 13353 return NULL;
wolfSSL 11:cee25a834751 13354
wolfSSL 11:cee25a834751 13355 return x509->notAfter;
wolfSSL 11:cee25a834751 13356 }
wolfSSL 11:cee25a834751 13357
wolfSSL 11:cee25a834751 13358
wolfSSL 11:cee25a834751 13359 #ifdef WOLFSSL_SEP
wolfSSL 11:cee25a834751 13360
wolfSSL 11:cee25a834751 13361 /* copy oid into in buffer, at most *inOutSz bytes, if buffer is null will
wolfSSL 11:cee25a834751 13362 malloc buffer, call responsible for freeing. Actual size returned in
wolfSSL 11:cee25a834751 13363 *inOutSz. Requires inOutSz be non-null */
wolfSSL 11:cee25a834751 13364 byte* wolfSSL_X509_get_device_type(WOLFSSL_X509* x509, byte* in, int *inOutSz)
wolfSSL 11:cee25a834751 13365 {
wolfSSL 11:cee25a834751 13366 int copySz;
wolfSSL 11:cee25a834751 13367
wolfSSL 11:cee25a834751 13368 WOLFSSL_ENTER("wolfSSL_X509_get_dev_type");
wolfSSL 11:cee25a834751 13369 if (inOutSz == NULL) return NULL;
wolfSSL 11:cee25a834751 13370 if (!x509->deviceTypeSz) return in;
wolfSSL 11:cee25a834751 13371
wolfSSL 11:cee25a834751 13372 copySz = min(*inOutSz, x509->deviceTypeSz);
wolfSSL 11:cee25a834751 13373
wolfSSL 11:cee25a834751 13374 if (!in) {
wolfSSL 11:cee25a834751 13375 #ifdef WOLFSSL_STATIC_MEMORY
wolfSSL 11:cee25a834751 13376 WOLFSSL_MSG("Using static memory -- please pass in a buffer");
wolfSSL 11:cee25a834751 13377 return NULL;
wolfSSL 11:cee25a834751 13378 #else
wolfSSL 11:cee25a834751 13379 in = (byte*)XMALLOC(x509->deviceTypeSz, 0, DYNAMIC_TYPE_OPENSSL);
wolfSSL 11:cee25a834751 13380 if (!in) return in;
wolfSSL 11:cee25a834751 13381 copySz = x509->deviceTypeSz;
wolfSSL 11:cee25a834751 13382 #endif
wolfSSL 11:cee25a834751 13383 }
wolfSSL 11:cee25a834751 13384
wolfSSL 11:cee25a834751 13385 XMEMCPY(in, x509->deviceType, copySz);
wolfSSL 11:cee25a834751 13386 *inOutSz = copySz;
wolfSSL 11:cee25a834751 13387
wolfSSL 11:cee25a834751 13388 return in;
wolfSSL 11:cee25a834751 13389 }
wolfSSL 11:cee25a834751 13390
wolfSSL 11:cee25a834751 13391
wolfSSL 11:cee25a834751 13392 byte* wolfSSL_X509_get_hw_type(WOLFSSL_X509* x509, byte* in, int* inOutSz)
wolfSSL 11:cee25a834751 13393 {
wolfSSL 11:cee25a834751 13394 int copySz;
wolfSSL 11:cee25a834751 13395
wolfSSL 11:cee25a834751 13396 WOLFSSL_ENTER("wolfSSL_X509_get_hw_type");
wolfSSL 11:cee25a834751 13397 if (inOutSz == NULL) return NULL;
wolfSSL 11:cee25a834751 13398 if (!x509->hwTypeSz) return in;
wolfSSL 11:cee25a834751 13399
wolfSSL 11:cee25a834751 13400 copySz = min(*inOutSz, x509->hwTypeSz);
wolfSSL 11:cee25a834751 13401
wolfSSL 11:cee25a834751 13402 if (!in) {
wolfSSL 11:cee25a834751 13403 #ifdef WOLFSSL_STATIC_MEMORY
wolfSSL 11:cee25a834751 13404 WOLFSSL_MSG("Using static memory -- please pass in a buffer");
wolfSSL 11:cee25a834751 13405 return NULL;
wolfSSL 11:cee25a834751 13406 #else
wolfSSL 11:cee25a834751 13407 in = (byte*)XMALLOC(x509->hwTypeSz, 0, DYNAMIC_TYPE_OPENSSL);
wolfSSL 11:cee25a834751 13408 if (!in) return in;
wolfSSL 11:cee25a834751 13409 copySz = x509->hwTypeSz;
wolfSSL 11:cee25a834751 13410 #endif
wolfSSL 11:cee25a834751 13411 }
wolfSSL 11:cee25a834751 13412
wolfSSL 11:cee25a834751 13413 XMEMCPY(in, x509->hwType, copySz);
wolfSSL 11:cee25a834751 13414 *inOutSz = copySz;
wolfSSL 11:cee25a834751 13415
wolfSSL 11:cee25a834751 13416 return in;
wolfSSL 11:cee25a834751 13417 }
wolfSSL 11:cee25a834751 13418
wolfSSL 11:cee25a834751 13419
wolfSSL 11:cee25a834751 13420 byte* wolfSSL_X509_get_hw_serial_number(WOLFSSL_X509* x509,byte* in,
wolfSSL 11:cee25a834751 13421 int* inOutSz)
wolfSSL 11:cee25a834751 13422 {
wolfSSL 11:cee25a834751 13423 int copySz;
wolfSSL 11:cee25a834751 13424
wolfSSL 11:cee25a834751 13425 WOLFSSL_ENTER("wolfSSL_X509_get_hw_serial_number");
wolfSSL 11:cee25a834751 13426 if (inOutSz == NULL) return NULL;
wolfSSL 11:cee25a834751 13427 if (!x509->hwTypeSz) return in;
wolfSSL 11:cee25a834751 13428
wolfSSL 11:cee25a834751 13429 copySz = min(*inOutSz, x509->hwSerialNumSz);
wolfSSL 11:cee25a834751 13430
wolfSSL 11:cee25a834751 13431 if (!in) {
wolfSSL 11:cee25a834751 13432 #ifdef WOLFSSL_STATIC_MEMORY
wolfSSL 11:cee25a834751 13433 WOLFSSL_MSG("Using static memory -- please pass in a buffer");
wolfSSL 11:cee25a834751 13434 return NULL;
wolfSSL 11:cee25a834751 13435 #else
wolfSSL 11:cee25a834751 13436 in = (byte*)XMALLOC(x509->hwSerialNumSz, 0, DYNAMIC_TYPE_OPENSSL);
wolfSSL 11:cee25a834751 13437 if (!in) return in;
wolfSSL 11:cee25a834751 13438 copySz = x509->hwSerialNumSz;
wolfSSL 11:cee25a834751 13439 #endif
wolfSSL 11:cee25a834751 13440 }
wolfSSL 11:cee25a834751 13441
wolfSSL 11:cee25a834751 13442 XMEMCPY(in, x509->hwSerialNum, copySz);
wolfSSL 11:cee25a834751 13443 *inOutSz = copySz;
wolfSSL 11:cee25a834751 13444
wolfSSL 11:cee25a834751 13445 return in;
wolfSSL 11:cee25a834751 13446 }
wolfSSL 11:cee25a834751 13447
wolfSSL 11:cee25a834751 13448 #endif /* WOLFSSL_SEP */
wolfSSL 11:cee25a834751 13449
wolfSSL 11:cee25a834751 13450 /* require OPENSSL_EXTRA since wolfSSL_X509_free is wrapped by OPENSSL_EXTRA */
wolfSSL 11:cee25a834751 13451 #if !defined(NO_CERTS) && defined(OPENSSL_EXTRA)
wolfSSL 11:cee25a834751 13452 /* return 1 on success 0 on fail */
wolfSSL 11:cee25a834751 13453 int wolfSSL_sk_X509_push(STACK_OF(WOLFSSL_X509_NAME)* sk, WOLFSSL_X509* x509)
wolfSSL 11:cee25a834751 13454 {
wolfSSL 11:cee25a834751 13455 WOLFSSL_STACK* node;
wolfSSL 11:cee25a834751 13456
wolfSSL 11:cee25a834751 13457 if (sk == NULL || x509 == NULL) {
wolfSSL 11:cee25a834751 13458 return SSL_FAILURE;
wolfSSL 11:cee25a834751 13459 }
wolfSSL 11:cee25a834751 13460
wolfSSL 11:cee25a834751 13461 /* no previous values in stack */
wolfSSL 11:cee25a834751 13462 if (sk->data.x509 == NULL) {
wolfSSL 11:cee25a834751 13463 sk->data.x509 = x509;
wolfSSL 11:cee25a834751 13464 sk->num += 1;
wolfSSL 11:cee25a834751 13465 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 13466 }
wolfSSL 11:cee25a834751 13467
wolfSSL 11:cee25a834751 13468 /* stack already has value(s) create a new node and add more */
wolfSSL 11:cee25a834751 13469 node = (WOLFSSL_STACK*)XMALLOC(sizeof(WOLFSSL_STACK), NULL,
wolfSSL 11:cee25a834751 13470 DYNAMIC_TYPE_X509);
wolfSSL 11:cee25a834751 13471 if (node == NULL) {
wolfSSL 11:cee25a834751 13472 WOLFSSL_MSG("Memory error");
wolfSSL 11:cee25a834751 13473 return SSL_FAILURE;
wolfSSL 11:cee25a834751 13474 }
wolfSSL 11:cee25a834751 13475 XMEMSET(node, 0, sizeof(WOLFSSL_STACK));
wolfSSL 11:cee25a834751 13476
wolfSSL 11:cee25a834751 13477 /* push new x509 onto head of stack */
wolfSSL 11:cee25a834751 13478 node->data.x509 = sk->data.x509;
wolfSSL 11:cee25a834751 13479 node->next = sk->next;
wolfSSL 11:cee25a834751 13480 sk->next = node;
wolfSSL 11:cee25a834751 13481 sk->data.x509 = x509;
wolfSSL 11:cee25a834751 13482 sk->num += 1;
wolfSSL 11:cee25a834751 13483
wolfSSL 11:cee25a834751 13484 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 13485 }
wolfSSL 11:cee25a834751 13486
wolfSSL 11:cee25a834751 13487
wolfSSL 11:cee25a834751 13488 WOLFSSL_X509* wolfSSL_sk_X509_pop(STACK_OF(WOLFSSL_X509_NAME)* sk) {
wolfSSL 11:cee25a834751 13489 WOLFSSL_STACK* node;
wolfSSL 11:cee25a834751 13490 WOLFSSL_X509* x509;
wolfSSL 11:cee25a834751 13491
wolfSSL 11:cee25a834751 13492 if (sk == NULL) {
wolfSSL 11:cee25a834751 13493 return NULL;
wolfSSL 11:cee25a834751 13494 }
wolfSSL 11:cee25a834751 13495
wolfSSL 11:cee25a834751 13496 node = sk->next;
wolfSSL 11:cee25a834751 13497 x509 = sk->data.x509;
wolfSSL 11:cee25a834751 13498
wolfSSL 11:cee25a834751 13499 if (node != NULL) { /* update sk and remove node from stack */
wolfSSL 11:cee25a834751 13500 sk->data.x509 = node->data.x509;
wolfSSL 11:cee25a834751 13501 sk->next = node->next;
wolfSSL 11:cee25a834751 13502 XFREE(node, NULL, DYNAMIC_TYPE_X509);
wolfSSL 11:cee25a834751 13503 }
wolfSSL 11:cee25a834751 13504 else { /* last x509 in stack */
wolfSSL 11:cee25a834751 13505 sk->data.x509 = NULL;
wolfSSL 11:cee25a834751 13506 }
wolfSSL 11:cee25a834751 13507
wolfSSL 11:cee25a834751 13508 if (sk->num > 0) {
wolfSSL 11:cee25a834751 13509 sk->num -= 1;
wolfSSL 11:cee25a834751 13510 }
wolfSSL 11:cee25a834751 13511
wolfSSL 11:cee25a834751 13512 return x509;
wolfSSL 11:cee25a834751 13513 }
wolfSSL 11:cee25a834751 13514
wolfSSL 11:cee25a834751 13515
wolfSSL 11:cee25a834751 13516 /* free structure for x509 stack */
wolfSSL 11:cee25a834751 13517 void wolfSSL_sk_X509_free(STACK_OF(WOLFSSL_X509_NAME)* sk) {
wolfSSL 11:cee25a834751 13518 WOLFSSL_STACK* node;
wolfSSL 11:cee25a834751 13519
wolfSSL 11:cee25a834751 13520 if (sk == NULL) {
wolfSSL 11:cee25a834751 13521 return;
wolfSSL 11:cee25a834751 13522 }
wolfSSL 11:cee25a834751 13523
wolfSSL 11:cee25a834751 13524 /* parse through stack freeing each node */
wolfSSL 11:cee25a834751 13525 node = sk->next;
wolfSSL 11:cee25a834751 13526 while (sk->num > 1) {
wolfSSL 11:cee25a834751 13527 WOLFSSL_STACK* tmp = node;
wolfSSL 11:cee25a834751 13528 node = node->next;
wolfSSL 11:cee25a834751 13529
wolfSSL 11:cee25a834751 13530 wolfSSL_X509_free(tmp->data.x509);
wolfSSL 11:cee25a834751 13531 XFREE(tmp, NULL, DYNAMIC_TYPE_X509);
wolfSSL 11:cee25a834751 13532 sk->num -= 1;
wolfSSL 11:cee25a834751 13533 }
wolfSSL 11:cee25a834751 13534
wolfSSL 11:cee25a834751 13535 /* free head of stack */
wolfSSL 11:cee25a834751 13536 if (sk->num == 1) {
wolfSSL 11:cee25a834751 13537 wolfSSL_X509_free(sk->data.x509);
wolfSSL 11:cee25a834751 13538 }
wolfSSL 11:cee25a834751 13539 XFREE(sk, NULL, DYNAMIC_TYPE_X509);
wolfSSL 11:cee25a834751 13540 }
wolfSSL 11:cee25a834751 13541 #endif /* NO_CERTS && OPENSSL_EXTRA */
wolfSSL 11:cee25a834751 13542
wolfSSL 11:cee25a834751 13543 WOLFSSL_X509* wolfSSL_X509_d2i(WOLFSSL_X509** x509, const byte* in, int len)
wolfSSL 11:cee25a834751 13544 {
wolfSSL 11:cee25a834751 13545 WOLFSSL_X509 *newX509 = NULL;
wolfSSL 11:cee25a834751 13546
wolfSSL 11:cee25a834751 13547 WOLFSSL_ENTER("wolfSSL_X509_d2i");
wolfSSL 11:cee25a834751 13548
wolfSSL 11:cee25a834751 13549 if (in != NULL && len != 0) {
wolfSSL 11:cee25a834751 13550 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 13551 DecodedCert* cert = NULL;
wolfSSL 11:cee25a834751 13552 #else
wolfSSL 11:cee25a834751 13553 DecodedCert cert[1];
wolfSSL 11:cee25a834751 13554 #endif
wolfSSL 11:cee25a834751 13555
wolfSSL 11:cee25a834751 13556 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 13557 cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL,
wolfSSL 11:cee25a834751 13558 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 13559 if (cert == NULL)
wolfSSL 11:cee25a834751 13560 return NULL;
wolfSSL 11:cee25a834751 13561 #endif
wolfSSL 11:cee25a834751 13562
wolfSSL 11:cee25a834751 13563 InitDecodedCert(cert, (byte*)in, len, NULL);
wolfSSL 11:cee25a834751 13564 if (ParseCertRelative(cert, CERT_TYPE, 0, NULL) == 0) {
wolfSSL 11:cee25a834751 13565 newX509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), NULL,
wolfSSL 11:cee25a834751 13566 DYNAMIC_TYPE_X509);
wolfSSL 11:cee25a834751 13567 if (newX509 != NULL) {
wolfSSL 11:cee25a834751 13568 InitX509(newX509, 1, NULL);
wolfSSL 11:cee25a834751 13569 if (CopyDecodedToX509(newX509, cert) != 0) {
wolfSSL 11:cee25a834751 13570 XFREE(newX509, NULL, DYNAMIC_TYPE_X509);
wolfSSL 11:cee25a834751 13571 newX509 = NULL;
wolfSSL 11:cee25a834751 13572 }
wolfSSL 11:cee25a834751 13573 }
wolfSSL 11:cee25a834751 13574 }
wolfSSL 11:cee25a834751 13575 FreeDecodedCert(cert);
wolfSSL 11:cee25a834751 13576 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 13577 XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 13578 #endif
wolfSSL 11:cee25a834751 13579 }
wolfSSL 11:cee25a834751 13580
wolfSSL 11:cee25a834751 13581 if (x509 != NULL)
wolfSSL 11:cee25a834751 13582 *x509 = newX509;
wolfSSL 11:cee25a834751 13583
wolfSSL 11:cee25a834751 13584 return newX509;
wolfSSL 11:cee25a834751 13585 }
wolfSSL 11:cee25a834751 13586
wolfSSL 11:cee25a834751 13587
wolfSSL 11:cee25a834751 13588 #ifndef NO_FILESYSTEM
wolfSSL 11:cee25a834751 13589
wolfSSL 11:cee25a834751 13590 #ifndef NO_STDIO_FILESYSTEM
wolfSSL 11:cee25a834751 13591
wolfSSL 11:cee25a834751 13592 WOLFSSL_X509* wolfSSL_X509_d2i_fp(WOLFSSL_X509** x509, XFILE file)
wolfSSL 11:cee25a834751 13593 {
wolfSSL 11:cee25a834751 13594 WOLFSSL_X509* newX509 = NULL;
wolfSSL 11:cee25a834751 13595
wolfSSL 11:cee25a834751 13596 WOLFSSL_ENTER("wolfSSL_X509_d2i_fp");
wolfSSL 11:cee25a834751 13597
wolfSSL 11:cee25a834751 13598 if (file != XBADFILE) {
wolfSSL 11:cee25a834751 13599 byte* fileBuffer = NULL;
wolfSSL 11:cee25a834751 13600 long sz = 0;
wolfSSL 11:cee25a834751 13601
wolfSSL 11:cee25a834751 13602 XFSEEK(file, 0, XSEEK_END);
wolfSSL 11:cee25a834751 13603 sz = XFTELL(file);
wolfSSL 11:cee25a834751 13604 XREWIND(file);
wolfSSL 11:cee25a834751 13605
wolfSSL 11:cee25a834751 13606 if (sz < 0) {
wolfSSL 11:cee25a834751 13607 WOLFSSL_MSG("Bad tell on FILE");
wolfSSL 11:cee25a834751 13608 return NULL;
wolfSSL 11:cee25a834751 13609 }
wolfSSL 11:cee25a834751 13610
wolfSSL 11:cee25a834751 13611 fileBuffer = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE);
wolfSSL 11:cee25a834751 13612 if (fileBuffer != NULL) {
wolfSSL 11:cee25a834751 13613 int ret = (int)XFREAD(fileBuffer, 1, sz, file);
wolfSSL 11:cee25a834751 13614 if (ret == sz) {
wolfSSL 11:cee25a834751 13615 newX509 = wolfSSL_X509_d2i(NULL, fileBuffer, (int)sz);
wolfSSL 11:cee25a834751 13616 }
wolfSSL 11:cee25a834751 13617 XFREE(fileBuffer, NULL, DYNAMIC_TYPE_FILE);
wolfSSL 11:cee25a834751 13618 }
wolfSSL 11:cee25a834751 13619 }
wolfSSL 11:cee25a834751 13620
wolfSSL 11:cee25a834751 13621 if (x509 != NULL)
wolfSSL 11:cee25a834751 13622 *x509 = newX509;
wolfSSL 11:cee25a834751 13623
wolfSSL 11:cee25a834751 13624 return newX509;
wolfSSL 11:cee25a834751 13625 }
wolfSSL 11:cee25a834751 13626
wolfSSL 11:cee25a834751 13627 #endif /* NO_STDIO_FILESYSTEM */
wolfSSL 11:cee25a834751 13628
wolfSSL 11:cee25a834751 13629 WOLFSSL_X509* wolfSSL_X509_load_certificate_file(const char* fname, int format)
wolfSSL 11:cee25a834751 13630 {
wolfSSL 11:cee25a834751 13631 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 13632 byte staticBuffer[1]; /* force heap usage */
wolfSSL 11:cee25a834751 13633 #else
wolfSSL 11:cee25a834751 13634 byte staticBuffer[FILE_BUFFER_SIZE];
wolfSSL 11:cee25a834751 13635 #endif
wolfSSL 11:cee25a834751 13636 byte* fileBuffer = staticBuffer;
wolfSSL 11:cee25a834751 13637 int dynamic = 0;
wolfSSL 11:cee25a834751 13638 int ret;
wolfSSL 11:cee25a834751 13639 long sz = 0;
wolfSSL 11:cee25a834751 13640 XFILE file;
wolfSSL 11:cee25a834751 13641
wolfSSL 11:cee25a834751 13642 WOLFSSL_X509* x509 = NULL;
wolfSSL 11:cee25a834751 13643
wolfSSL 11:cee25a834751 13644 /* Check the inputs */
wolfSSL 11:cee25a834751 13645 if ((fname == NULL) ||
wolfSSL 11:cee25a834751 13646 (format != SSL_FILETYPE_ASN1 && format != SSL_FILETYPE_PEM))
wolfSSL 11:cee25a834751 13647 return NULL;
wolfSSL 11:cee25a834751 13648
wolfSSL 11:cee25a834751 13649 file = XFOPEN(fname, "rb");
wolfSSL 11:cee25a834751 13650 if (file == XBADFILE)
wolfSSL 11:cee25a834751 13651 return NULL;
wolfSSL 11:cee25a834751 13652
wolfSSL 11:cee25a834751 13653 XFSEEK(file, 0, XSEEK_END);
wolfSSL 11:cee25a834751 13654 sz = XFTELL(file);
wolfSSL 11:cee25a834751 13655 XREWIND(file);
wolfSSL 11:cee25a834751 13656
wolfSSL 11:cee25a834751 13657 if (sz > (long)sizeof(staticBuffer)) {
wolfSSL 11:cee25a834751 13658 fileBuffer = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE);
wolfSSL 11:cee25a834751 13659 if (fileBuffer == NULL) {
wolfSSL 11:cee25a834751 13660 XFCLOSE(file);
wolfSSL 11:cee25a834751 13661 return NULL;
wolfSSL 11:cee25a834751 13662 }
wolfSSL 11:cee25a834751 13663 dynamic = 1;
wolfSSL 11:cee25a834751 13664 }
wolfSSL 11:cee25a834751 13665 else if (sz < 0) {
wolfSSL 11:cee25a834751 13666 XFCLOSE(file);
wolfSSL 11:cee25a834751 13667 return NULL;
wolfSSL 11:cee25a834751 13668 }
wolfSSL 11:cee25a834751 13669
wolfSSL 11:cee25a834751 13670 ret = (int)XFREAD(fileBuffer, 1, sz, file);
wolfSSL 11:cee25a834751 13671 if (ret != sz) {
wolfSSL 11:cee25a834751 13672 XFCLOSE(file);
wolfSSL 11:cee25a834751 13673 if (dynamic)
wolfSSL 11:cee25a834751 13674 XFREE(fileBuffer, NULL, DYNAMIC_TYPE_FILE);
wolfSSL 11:cee25a834751 13675 return NULL;
wolfSSL 11:cee25a834751 13676 }
wolfSSL 11:cee25a834751 13677
wolfSSL 11:cee25a834751 13678 XFCLOSE(file);
wolfSSL 11:cee25a834751 13679
wolfSSL 11:cee25a834751 13680 x509 = wolfSSL_X509_load_certificate_buffer(fileBuffer, (int)sz, format);
wolfSSL 11:cee25a834751 13681
wolfSSL 11:cee25a834751 13682 if (dynamic)
wolfSSL 11:cee25a834751 13683 XFREE(fileBuffer, NULL, DYNAMIC_TYPE_FILE);
wolfSSL 11:cee25a834751 13684
wolfSSL 11:cee25a834751 13685 return x509;
wolfSSL 11:cee25a834751 13686 }
wolfSSL 11:cee25a834751 13687
wolfSSL 11:cee25a834751 13688 #endif /* NO_FILESYSTEM */
wolfSSL 11:cee25a834751 13689
wolfSSL 11:cee25a834751 13690
wolfSSL 11:cee25a834751 13691 WOLFSSL_X509* wolfSSL_X509_load_certificate_buffer(
wolfSSL 11:cee25a834751 13692 const unsigned char* buf, int sz, int format)
wolfSSL 11:cee25a834751 13693 {
wolfSSL 11:cee25a834751 13694 int ret;
wolfSSL 11:cee25a834751 13695 WOLFSSL_X509* x509 = NULL;
wolfSSL 11:cee25a834751 13696 DerBuffer* der = NULL;
wolfSSL 11:cee25a834751 13697
wolfSSL 11:cee25a834751 13698 WOLFSSL_ENTER("wolfSSL_X509_load_certificate_ex");
wolfSSL 11:cee25a834751 13699
wolfSSL 11:cee25a834751 13700 if (format == SSL_FILETYPE_PEM) {
wolfSSL 11:cee25a834751 13701 int ecc = 0;
wolfSSL 11:cee25a834751 13702 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 13703 EncryptedInfo* info = NULL;
wolfSSL 11:cee25a834751 13704 #else
wolfSSL 11:cee25a834751 13705 EncryptedInfo info[1];
wolfSSL 11:cee25a834751 13706 #endif
wolfSSL 11:cee25a834751 13707
wolfSSL 11:cee25a834751 13708 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 13709 info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), NULL,
wolfSSL 11:cee25a834751 13710 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 13711 if (info == NULL) {
wolfSSL 11:cee25a834751 13712 return NULL;
wolfSSL 11:cee25a834751 13713 }
wolfSSL 11:cee25a834751 13714 #endif
wolfSSL 11:cee25a834751 13715
wolfSSL 11:cee25a834751 13716 info->set = 0;
wolfSSL 11:cee25a834751 13717 info->ctx = NULL;
wolfSSL 11:cee25a834751 13718 info->consumed = 0;
wolfSSL 11:cee25a834751 13719
wolfSSL 11:cee25a834751 13720 if (PemToDer(buf, sz, CERT_TYPE, &der, NULL, info, &ecc) != 0) {
wolfSSL 11:cee25a834751 13721 FreeDer(&der);
wolfSSL 11:cee25a834751 13722 }
wolfSSL 11:cee25a834751 13723
wolfSSL 11:cee25a834751 13724 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 13725 XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 13726 #endif
wolfSSL 11:cee25a834751 13727 }
wolfSSL 11:cee25a834751 13728 else {
wolfSSL 11:cee25a834751 13729 ret = AllocDer(&der, (word32)sz, CERT_TYPE, NULL);
wolfSSL 11:cee25a834751 13730 if (ret == 0) {
wolfSSL 11:cee25a834751 13731 XMEMCPY(der->buffer, buf, sz);
wolfSSL 11:cee25a834751 13732 }
wolfSSL 11:cee25a834751 13733 }
wolfSSL 11:cee25a834751 13734
wolfSSL 11:cee25a834751 13735 /* At this point we want `der` to have the certificate in DER format */
wolfSSL 11:cee25a834751 13736 /* ready to be decoded. */
wolfSSL 11:cee25a834751 13737 if (der != NULL && der->buffer != NULL) {
wolfSSL 11:cee25a834751 13738 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 13739 DecodedCert* cert = NULL;
wolfSSL 11:cee25a834751 13740 #else
wolfSSL 11:cee25a834751 13741 DecodedCert cert[1];
wolfSSL 11:cee25a834751 13742 #endif
wolfSSL 11:cee25a834751 13743
wolfSSL 11:cee25a834751 13744 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 13745 cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL,
wolfSSL 11:cee25a834751 13746 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 13747 if (cert != NULL)
wolfSSL 11:cee25a834751 13748 #endif
wolfSSL 11:cee25a834751 13749 {
wolfSSL 11:cee25a834751 13750 InitDecodedCert(cert, der->buffer, der->length, NULL);
wolfSSL 11:cee25a834751 13751 if (ParseCertRelative(cert, CERT_TYPE, 0, NULL) == 0) {
wolfSSL 11:cee25a834751 13752 x509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), NULL,
wolfSSL 11:cee25a834751 13753 DYNAMIC_TYPE_X509);
wolfSSL 11:cee25a834751 13754 if (x509 != NULL) {
wolfSSL 11:cee25a834751 13755 InitX509(x509, 1, NULL);
wolfSSL 11:cee25a834751 13756 if (CopyDecodedToX509(x509, cert) != 0) {
wolfSSL 11:cee25a834751 13757 XFREE(x509, NULL, DYNAMIC_TYPE_X509);
wolfSSL 11:cee25a834751 13758 x509 = NULL;
wolfSSL 11:cee25a834751 13759 }
wolfSSL 11:cee25a834751 13760 }
wolfSSL 11:cee25a834751 13761 }
wolfSSL 11:cee25a834751 13762
wolfSSL 11:cee25a834751 13763 FreeDecodedCert(cert);
wolfSSL 11:cee25a834751 13764 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 13765 XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 13766 #endif
wolfSSL 11:cee25a834751 13767 }
wolfSSL 11:cee25a834751 13768
wolfSSL 11:cee25a834751 13769 FreeDer(&der);
wolfSSL 11:cee25a834751 13770 }
wolfSSL 11:cee25a834751 13771
wolfSSL 11:cee25a834751 13772 return x509;
wolfSSL 11:cee25a834751 13773 }
wolfSSL 11:cee25a834751 13774
wolfSSL 11:cee25a834751 13775 #endif /* KEEP_PEER_CERT || SESSION_CERTS */
wolfSSL 11:cee25a834751 13776
wolfSSL 11:cee25a834751 13777 /* OPENSSL_EXTRA is needed for wolfSSL_X509_d21 function
wolfSSL 11:cee25a834751 13778 KEEP_OUR_CERT is to insure ability for returning ssl certificate */
wolfSSL 11:cee25a834751 13779 #if defined(OPENSSL_EXTRA) && defined(KEEP_OUR_CERT)
wolfSSL 11:cee25a834751 13780 WOLFSSL_X509* wolfSSL_get_certificate(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 13781 {
wolfSSL 11:cee25a834751 13782 if (ssl == NULL) {
wolfSSL 11:cee25a834751 13783 return NULL;
wolfSSL 11:cee25a834751 13784 }
wolfSSL 11:cee25a834751 13785
wolfSSL 11:cee25a834751 13786 if (ssl->buffers.weOwnCert) {
wolfSSL 11:cee25a834751 13787 if (ssl->ourCert == NULL) {
wolfSSL 11:cee25a834751 13788 if (ssl->buffers.certificate == NULL) {
wolfSSL 11:cee25a834751 13789 WOLFSSL_MSG("Certificate buffer not set!");
wolfSSL 11:cee25a834751 13790 return NULL;
wolfSSL 11:cee25a834751 13791 }
wolfSSL 11:cee25a834751 13792 ssl->ourCert = wolfSSL_X509_d2i(NULL,
wolfSSL 11:cee25a834751 13793 ssl->buffers.certificate->buffer,
wolfSSL 11:cee25a834751 13794 ssl->buffers.certificate->length);
wolfSSL 11:cee25a834751 13795 }
wolfSSL 11:cee25a834751 13796 return ssl->ourCert;
wolfSSL 11:cee25a834751 13797 }
wolfSSL 11:cee25a834751 13798 else { /* if cert not owned get parent ctx cert or return null */
wolfSSL 11:cee25a834751 13799 if (ssl->ctx) {
wolfSSL 11:cee25a834751 13800 if (ssl->ctx->ourCert == NULL) {
wolfSSL 11:cee25a834751 13801 if (ssl->ctx->certificate == NULL) {
wolfSSL 11:cee25a834751 13802 WOLFSSL_MSG("Ctx Certificate buffer not set!");
wolfSSL 11:cee25a834751 13803 return NULL;
wolfSSL 11:cee25a834751 13804 }
wolfSSL 11:cee25a834751 13805 ssl->ctx->ourCert = wolfSSL_X509_d2i(NULL,
wolfSSL 11:cee25a834751 13806 ssl->ctx->certificate->buffer,
wolfSSL 11:cee25a834751 13807 ssl->ctx->certificate->length);
wolfSSL 11:cee25a834751 13808 ssl->ctx->ownOurCert = 1;
wolfSSL 11:cee25a834751 13809 }
wolfSSL 11:cee25a834751 13810 return ssl->ctx->ourCert;
wolfSSL 11:cee25a834751 13811 }
wolfSSL 11:cee25a834751 13812 }
wolfSSL 11:cee25a834751 13813
wolfSSL 11:cee25a834751 13814 return NULL;
wolfSSL 11:cee25a834751 13815 }
wolfSSL 11:cee25a834751 13816 #endif /* OPENSSL_EXTRA && KEEP_OUR_CERT */
wolfSSL 11:cee25a834751 13817 #endif /* NO_CERTS */
wolfSSL 11:cee25a834751 13818
wolfSSL 11:cee25a834751 13819
wolfSSL 11:cee25a834751 13820 #ifdef OPENSSL_EXTRA
wolfSSL 11:cee25a834751 13821 /* return 1 on success 0 on fail */
wolfSSL 11:cee25a834751 13822 int wolfSSL_sk_ASN1_OBJECT_push(STACK_OF(WOLFSSL_ASN1_OBJEXT)* sk,
wolfSSL 11:cee25a834751 13823 WOLFSSL_ASN1_OBJECT* obj)
wolfSSL 11:cee25a834751 13824 {
wolfSSL 11:cee25a834751 13825 WOLFSSL_STACK* node;
wolfSSL 11:cee25a834751 13826
wolfSSL 11:cee25a834751 13827 if (sk == NULL || obj == NULL) {
wolfSSL 11:cee25a834751 13828 return SSL_FAILURE;
wolfSSL 11:cee25a834751 13829 }
wolfSSL 11:cee25a834751 13830
wolfSSL 11:cee25a834751 13831 /* no previous values in stack */
wolfSSL 11:cee25a834751 13832 if (sk->data.obj == NULL) {
wolfSSL 11:cee25a834751 13833 sk->data.obj = obj;
wolfSSL 11:cee25a834751 13834 sk->num += 1;
wolfSSL 11:cee25a834751 13835 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 13836 }
wolfSSL 11:cee25a834751 13837
wolfSSL 11:cee25a834751 13838 /* stack already has value(s) create a new node and add more */
wolfSSL 11:cee25a834751 13839 node = (WOLFSSL_STACK*)XMALLOC(sizeof(WOLFSSL_STACK), NULL,
wolfSSL 11:cee25a834751 13840 DYNAMIC_TYPE_ASN1);
wolfSSL 11:cee25a834751 13841 if (node == NULL) {
wolfSSL 11:cee25a834751 13842 WOLFSSL_MSG("Memory error");
wolfSSL 11:cee25a834751 13843 return SSL_FAILURE;
wolfSSL 11:cee25a834751 13844 }
wolfSSL 11:cee25a834751 13845 XMEMSET(node, 0, sizeof(WOLFSSL_STACK));
wolfSSL 11:cee25a834751 13846
wolfSSL 11:cee25a834751 13847 /* push new obj onto head of stack */
wolfSSL 11:cee25a834751 13848 node->data.obj = sk->data.obj;
wolfSSL 11:cee25a834751 13849 node->next = sk->next;
wolfSSL 11:cee25a834751 13850 sk->next = node;
wolfSSL 11:cee25a834751 13851 sk->data.obj = obj;
wolfSSL 11:cee25a834751 13852 sk->num += 1;
wolfSSL 11:cee25a834751 13853
wolfSSL 11:cee25a834751 13854 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 13855 }
wolfSSL 11:cee25a834751 13856
wolfSSL 11:cee25a834751 13857
wolfSSL 11:cee25a834751 13858 WOLFSSL_ASN1_OBJECT* wolfSSL_sk_ASN1_OBJCET_pop(
wolfSSL 11:cee25a834751 13859 STACK_OF(WOLFSSL_ASN1_OBJECT)* sk)
wolfSSL 11:cee25a834751 13860 {
wolfSSL 11:cee25a834751 13861 WOLFSSL_STACK* node;
wolfSSL 11:cee25a834751 13862 WOLFSSL_ASN1_OBJECT* obj;
wolfSSL 11:cee25a834751 13863
wolfSSL 11:cee25a834751 13864 if (sk == NULL) {
wolfSSL 11:cee25a834751 13865 return NULL;
wolfSSL 11:cee25a834751 13866 }
wolfSSL 11:cee25a834751 13867
wolfSSL 11:cee25a834751 13868 node = sk->next;
wolfSSL 11:cee25a834751 13869 obj = sk->data.obj;
wolfSSL 11:cee25a834751 13870
wolfSSL 11:cee25a834751 13871 if (node != NULL) { /* update sk and remove node from stack */
wolfSSL 11:cee25a834751 13872 sk->data.obj = node->data.obj;
wolfSSL 11:cee25a834751 13873 sk->next = node->next;
wolfSSL 11:cee25a834751 13874 XFREE(node, NULL, DYNAMIC_TYPE_ASN1);
wolfSSL 11:cee25a834751 13875 }
wolfSSL 11:cee25a834751 13876 else { /* last obj in stack */
wolfSSL 11:cee25a834751 13877 sk->data.obj = NULL;
wolfSSL 11:cee25a834751 13878 }
wolfSSL 11:cee25a834751 13879
wolfSSL 11:cee25a834751 13880 if (sk->num > 0) {
wolfSSL 11:cee25a834751 13881 sk->num -= 1;
wolfSSL 11:cee25a834751 13882 }
wolfSSL 11:cee25a834751 13883
wolfSSL 11:cee25a834751 13884 return obj;
wolfSSL 11:cee25a834751 13885 }
wolfSSL 11:cee25a834751 13886
wolfSSL 11:cee25a834751 13887
wolfSSL 11:cee25a834751 13888 #ifndef NO_ASN
wolfSSL 11:cee25a834751 13889 WOLFSSL_ASN1_OBJECT* wolfSSL_ASN1_OBJECT_new(void)
wolfSSL 11:cee25a834751 13890 {
wolfSSL 11:cee25a834751 13891 WOLFSSL_ASN1_OBJECT* obj;
wolfSSL 11:cee25a834751 13892
wolfSSL 11:cee25a834751 13893 obj = (WOLFSSL_ASN1_OBJECT*)XMALLOC(sizeof(WOLFSSL_ASN1_OBJECT), NULL,
wolfSSL 11:cee25a834751 13894 DYNAMIC_TYPE_ASN1);
wolfSSL 11:cee25a834751 13895 if (obj == NULL) {
wolfSSL 11:cee25a834751 13896 return NULL;
wolfSSL 11:cee25a834751 13897 }
wolfSSL 11:cee25a834751 13898
wolfSSL 11:cee25a834751 13899 XMEMSET(obj, 0, sizeof(WOLFSSL_ASN1_OBJECT));
wolfSSL 11:cee25a834751 13900 return obj;
wolfSSL 11:cee25a834751 13901 }
wolfSSL 11:cee25a834751 13902
wolfSSL 11:cee25a834751 13903
wolfSSL 11:cee25a834751 13904 void wolfSSL_ASN1_OBJECT_free(WOLFSSL_ASN1_OBJECT* obj)
wolfSSL 11:cee25a834751 13905 {
wolfSSL 11:cee25a834751 13906 if (obj == NULL) {
wolfSSL 11:cee25a834751 13907 return;
wolfSSL 11:cee25a834751 13908 }
wolfSSL 11:cee25a834751 13909
wolfSSL 11:cee25a834751 13910 if (obj->dynamic == 1) {
wolfSSL 11:cee25a834751 13911 if (obj->obj != NULL) {
wolfSSL 11:cee25a834751 13912 WOLFSSL_MSG("Freeing ASN1 OBJECT data");
wolfSSL 11:cee25a834751 13913 XFREE(obj->obj, obj->heap, DYNAMIC_TYPE_ASN1);
wolfSSL 11:cee25a834751 13914 }
wolfSSL 11:cee25a834751 13915 }
wolfSSL 11:cee25a834751 13916
wolfSSL 11:cee25a834751 13917 XFREE(obj, NULL, DYNAMIC_TYPE_ASN1);
wolfSSL 11:cee25a834751 13918 }
wolfSSL 11:cee25a834751 13919
wolfSSL 11:cee25a834751 13920
wolfSSL 11:cee25a834751 13921 /* free structure for x509 stack */
wolfSSL 11:cee25a834751 13922 void wolfSSL_sk_ASN1_OBJECT_free(STACK_OF(WOLFSSL_ASN1_OBJECT)* sk)
wolfSSL 11:cee25a834751 13923 {
wolfSSL 11:cee25a834751 13924 WOLFSSL_STACK* node;
wolfSSL 11:cee25a834751 13925
wolfSSL 11:cee25a834751 13926 if (sk == NULL) {
wolfSSL 11:cee25a834751 13927 return;
wolfSSL 11:cee25a834751 13928 }
wolfSSL 11:cee25a834751 13929
wolfSSL 11:cee25a834751 13930 /* parse through stack freeing each node */
wolfSSL 11:cee25a834751 13931 node = sk->next;
wolfSSL 11:cee25a834751 13932 while (sk->num > 1) {
wolfSSL 11:cee25a834751 13933 WOLFSSL_STACK* tmp = node;
wolfSSL 11:cee25a834751 13934 node = node->next;
wolfSSL 11:cee25a834751 13935
wolfSSL 11:cee25a834751 13936 wolfSSL_ASN1_OBJECT_free(tmp->data.obj);
wolfSSL 11:cee25a834751 13937 XFREE(tmp, NULL, DYNAMIC_TYPE_ASN1);
wolfSSL 11:cee25a834751 13938 sk->num -= 1;
wolfSSL 11:cee25a834751 13939 }
wolfSSL 11:cee25a834751 13940
wolfSSL 11:cee25a834751 13941 /* free head of stack */
wolfSSL 11:cee25a834751 13942 if (sk->num == 1) {
wolfSSL 11:cee25a834751 13943 wolfSSL_ASN1_OBJECT_free(sk->data.obj);
wolfSSL 11:cee25a834751 13944 }
wolfSSL 11:cee25a834751 13945 XFREE(sk, NULL, DYNAMIC_TYPE_ASN1);
wolfSSL 11:cee25a834751 13946 }
wolfSSL 11:cee25a834751 13947
wolfSSL 11:cee25a834751 13948 int wolfSSL_ASN1_STRING_to_UTF8(unsigned char **out, WOLFSSL_ASN1_STRING *in)
wolfSSL 11:cee25a834751 13949 {
wolfSSL 11:cee25a834751 13950 /*
wolfSSL 11:cee25a834751 13951 ASN1_STRING_to_UTF8() converts the string in to UTF8 format,
wolfSSL 11:cee25a834751 13952 the converted data is allocated in a buffer in *out.
wolfSSL 11:cee25a834751 13953 The length of out is returned or a negative error code.
wolfSSL 11:cee25a834751 13954 The buffer *out should be free using OPENSSL_free().
wolfSSL 11:cee25a834751 13955 */
wolfSSL 11:cee25a834751 13956 (void)out;
wolfSSL 11:cee25a834751 13957 (void)in;
wolfSSL 11:cee25a834751 13958 WOLFSSL_STUB("ASN1_STRING_to_UTF8");
wolfSSL 11:cee25a834751 13959 return -1;
wolfSSL 11:cee25a834751 13960 }
wolfSSL 11:cee25a834751 13961 #endif /* NO_ASN */
wolfSSL 11:cee25a834751 13962
wolfSSL 11:cee25a834751 13963
wolfSSL 11:cee25a834751 13964 int wolfSSL_set_session_id_context(WOLFSSL* ssl, const unsigned char* id,
wolfSSL 11:cee25a834751 13965 unsigned int len)
wolfSSL 11:cee25a834751 13966 {
wolfSSL 11:cee25a834751 13967 (void)ssl;
wolfSSL 11:cee25a834751 13968 (void)id;
wolfSSL 11:cee25a834751 13969 (void)len;
wolfSSL 11:cee25a834751 13970 return 0;
wolfSSL 11:cee25a834751 13971 }
wolfSSL 11:cee25a834751 13972
wolfSSL 11:cee25a834751 13973
wolfSSL 11:cee25a834751 13974 void wolfSSL_set_connect_state(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 13975 {
wolfSSL 11:cee25a834751 13976 word16 haveRSA = 1;
wolfSSL 11:cee25a834751 13977 word16 havePSK = 0;
wolfSSL 11:cee25a834751 13978
wolfSSL 11:cee25a834751 13979 if (ssl->options.side == WOLFSSL_SERVER_END) {
wolfSSL 11:cee25a834751 13980 ssl->options.side = WOLFSSL_CLIENT_END;
wolfSSL 11:cee25a834751 13981
wolfSSL 11:cee25a834751 13982 #ifdef NO_RSA
wolfSSL 11:cee25a834751 13983 haveRSA = 0;
wolfSSL 11:cee25a834751 13984 #endif
wolfSSL 11:cee25a834751 13985 #ifndef NO_PSK
wolfSSL 11:cee25a834751 13986 havePSK = ssl->options.havePSK;
wolfSSL 11:cee25a834751 13987 #endif
wolfSSL 11:cee25a834751 13988 InitSuites(ssl->suites, ssl->version, haveRSA, havePSK,
wolfSSL 11:cee25a834751 13989 ssl->options.haveDH, ssl->options.haveNTRU,
wolfSSL 11:cee25a834751 13990 ssl->options.haveECDSAsig, ssl->options.haveECC,
wolfSSL 11:cee25a834751 13991 ssl->options.haveStaticECC, ssl->options.side);
wolfSSL 11:cee25a834751 13992 }
wolfSSL 11:cee25a834751 13993 }
wolfSSL 11:cee25a834751 13994 #endif
wolfSSL 11:cee25a834751 13995
wolfSSL 11:cee25a834751 13996 int wolfSSL_get_shutdown(const WOLFSSL* ssl)
wolfSSL 11:cee25a834751 13997 {
wolfSSL 11:cee25a834751 13998 WOLFSSL_ENTER("wolfSSL_get_shutdown");
wolfSSL 11:cee25a834751 13999 /* in OpenSSL, SSL_SENT_SHUTDOWN = 1, when closeNotifySent *
wolfSSL 11:cee25a834751 14000 * SSL_RECEIVED_SHUTDOWN = 2, from close notify or fatal err */
wolfSSL 11:cee25a834751 14001 return ((ssl->options.closeNotify||ssl->options.connReset) << 1)
wolfSSL 11:cee25a834751 14002 | (ssl->options.sentNotify);
wolfSSL 11:cee25a834751 14003 }
wolfSSL 11:cee25a834751 14004
wolfSSL 11:cee25a834751 14005
wolfSSL 11:cee25a834751 14006 int wolfSSL_session_reused(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 14007 {
wolfSSL 11:cee25a834751 14008 return ssl->options.resuming;
wolfSSL 11:cee25a834751 14009 }
wolfSSL 11:cee25a834751 14010
wolfSSL 11:cee25a834751 14011 #ifdef OPENSSL_EXTRA
wolfSSL 11:cee25a834751 14012 void wolfSSL_SESSION_free(WOLFSSL_SESSION* session)
wolfSSL 11:cee25a834751 14013 {
wolfSSL 11:cee25a834751 14014 if (session == NULL)
wolfSSL 11:cee25a834751 14015 return;
wolfSSL 11:cee25a834751 14016
wolfSSL 11:cee25a834751 14017 #ifdef HAVE_EXT_CACHE
wolfSSL 11:cee25a834751 14018 if (session->isAlloced) {
wolfSSL 11:cee25a834751 14019 #ifdef HAVE_SESSION_TICKET
wolfSSL 11:cee25a834751 14020 if (session->isDynamic)
wolfSSL 11:cee25a834751 14021 XFREE(session->ticket, NULL, DYNAMIC_TYPE_SESSION_TICK);
wolfSSL 11:cee25a834751 14022 #endif
wolfSSL 11:cee25a834751 14023 XFREE(session, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL 11:cee25a834751 14024 }
wolfSSL 11:cee25a834751 14025 #else
wolfSSL 11:cee25a834751 14026 /* No need to free since cache is static */
wolfSSL 11:cee25a834751 14027 (void)session;
wolfSSL 11:cee25a834751 14028 #endif
wolfSSL 11:cee25a834751 14029 }
wolfSSL 11:cee25a834751 14030 #endif
wolfSSL 11:cee25a834751 14031
wolfSSL 11:cee25a834751 14032 const char* wolfSSL_get_version(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 14033 {
wolfSSL 11:cee25a834751 14034 WOLFSSL_ENTER("SSL_get_version");
wolfSSL 11:cee25a834751 14035 if (ssl->version.major == SSLv3_MAJOR) {
wolfSSL 11:cee25a834751 14036 switch (ssl->version.minor) {
wolfSSL 11:cee25a834751 14037 case SSLv3_MINOR :
wolfSSL 11:cee25a834751 14038 return "SSLv3";
wolfSSL 11:cee25a834751 14039 case TLSv1_MINOR :
wolfSSL 11:cee25a834751 14040 return "TLSv1";
wolfSSL 11:cee25a834751 14041 case TLSv1_1_MINOR :
wolfSSL 11:cee25a834751 14042 return "TLSv1.1";
wolfSSL 11:cee25a834751 14043 case TLSv1_2_MINOR :
wolfSSL 11:cee25a834751 14044 return "TLSv1.2";
wolfSSL 11:cee25a834751 14045 default:
wolfSSL 11:cee25a834751 14046 return "unknown";
wolfSSL 11:cee25a834751 14047 }
wolfSSL 11:cee25a834751 14048 }
wolfSSL 11:cee25a834751 14049 else if (ssl->version.major == DTLS_MAJOR) {
wolfSSL 11:cee25a834751 14050 switch (ssl->version.minor) {
wolfSSL 11:cee25a834751 14051 case DTLS_MINOR :
wolfSSL 11:cee25a834751 14052 return "DTLS";
wolfSSL 11:cee25a834751 14053 case DTLSv1_2_MINOR :
wolfSSL 11:cee25a834751 14054 return "DTLSv1.2";
wolfSSL 11:cee25a834751 14055 default:
wolfSSL 11:cee25a834751 14056 return "unknown";
wolfSSL 11:cee25a834751 14057 }
wolfSSL 11:cee25a834751 14058 }
wolfSSL 11:cee25a834751 14059 return "unknown";
wolfSSL 11:cee25a834751 14060 }
wolfSSL 11:cee25a834751 14061
wolfSSL 11:cee25a834751 14062
wolfSSL 11:cee25a834751 14063 /* current library version */
wolfSSL 11:cee25a834751 14064 const char* wolfSSL_lib_version(void)
wolfSSL 11:cee25a834751 14065 {
wolfSSL 11:cee25a834751 14066 return LIBWOLFSSL_VERSION_STRING;
wolfSSL 11:cee25a834751 14067 }
wolfSSL 11:cee25a834751 14068
wolfSSL 11:cee25a834751 14069
wolfSSL 11:cee25a834751 14070 /* current library version in hex */
wolfSSL 11:cee25a834751 14071 word32 wolfSSL_lib_version_hex(void)
wolfSSL 11:cee25a834751 14072 {
wolfSSL 11:cee25a834751 14073 return LIBWOLFSSL_VERSION_HEX;
wolfSSL 11:cee25a834751 14074 }
wolfSSL 11:cee25a834751 14075
wolfSSL 11:cee25a834751 14076
wolfSSL 11:cee25a834751 14077 int wolfSSL_get_current_cipher_suite(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 14078 {
wolfSSL 11:cee25a834751 14079 WOLFSSL_ENTER("SSL_get_current_cipher_suite");
wolfSSL 11:cee25a834751 14080 if (ssl)
wolfSSL 11:cee25a834751 14081 return (ssl->options.cipherSuite0 << 8) | ssl->options.cipherSuite;
wolfSSL 11:cee25a834751 14082 return 0;
wolfSSL 11:cee25a834751 14083 }
wolfSSL 11:cee25a834751 14084
wolfSSL 11:cee25a834751 14085 WOLFSSL_CIPHER* wolfSSL_get_current_cipher(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 14086 {
wolfSSL 11:cee25a834751 14087 WOLFSSL_ENTER("SSL_get_current_cipher");
wolfSSL 11:cee25a834751 14088 if (ssl)
wolfSSL 11:cee25a834751 14089 return &ssl->cipher;
wolfSSL 11:cee25a834751 14090 else
wolfSSL 11:cee25a834751 14091 return NULL;
wolfSSL 11:cee25a834751 14092 }
wolfSSL 11:cee25a834751 14093
wolfSSL 11:cee25a834751 14094
wolfSSL 11:cee25a834751 14095 const char* wolfSSL_CIPHER_get_name(const WOLFSSL_CIPHER* cipher)
wolfSSL 11:cee25a834751 14096 {
wolfSSL 11:cee25a834751 14097 WOLFSSL_ENTER("SSL_CIPHER_get_name");
wolfSSL 11:cee25a834751 14098
wolfSSL 11:cee25a834751 14099 if (cipher == NULL || cipher->ssl == NULL) {
wolfSSL 11:cee25a834751 14100 return NULL;
wolfSSL 11:cee25a834751 14101 }
wolfSSL 11:cee25a834751 14102
wolfSSL 11:cee25a834751 14103 return wolfSSL_get_cipher_name_from_suite(cipher->ssl->options.cipherSuite,
wolfSSL 11:cee25a834751 14104 cipher->ssl->options.cipherSuite0);
wolfSSL 11:cee25a834751 14105 }
wolfSSL 11:cee25a834751 14106
wolfSSL 11:cee25a834751 14107 const char* wolfSSL_SESSION_CIPHER_get_name(WOLFSSL_SESSION* session)
wolfSSL 11:cee25a834751 14108 {
wolfSSL 11:cee25a834751 14109 if (session == NULL) {
wolfSSL 11:cee25a834751 14110 return NULL;
wolfSSL 11:cee25a834751 14111 }
wolfSSL 11:cee25a834751 14112
wolfSSL 11:cee25a834751 14113 #ifdef SESSION_CERTS
wolfSSL 11:cee25a834751 14114 return wolfSSL_get_cipher_name_from_suite(session->cipherSuite,
wolfSSL 11:cee25a834751 14115 session->cipherSuite0);
wolfSSL 11:cee25a834751 14116 #else
wolfSSL 11:cee25a834751 14117 return NULL;
wolfSSL 11:cee25a834751 14118 #endif
wolfSSL 11:cee25a834751 14119 }
wolfSSL 11:cee25a834751 14120
wolfSSL 11:cee25a834751 14121 const char* wolfSSL_get_cipher(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 14122 {
wolfSSL 11:cee25a834751 14123 WOLFSSL_ENTER("wolfSSL_get_cipher");
wolfSSL 11:cee25a834751 14124 return wolfSSL_CIPHER_get_name(wolfSSL_get_current_cipher(ssl));
wolfSSL 11:cee25a834751 14125 }
wolfSSL 11:cee25a834751 14126
wolfSSL 11:cee25a834751 14127 /* gets cipher name in the format DHE-RSA-... rather then TLS_DHE... */
wolfSSL 11:cee25a834751 14128 const char* wolfSSL_get_cipher_name(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 14129 {
wolfSSL 11:cee25a834751 14130 /* get access to cipher_name_idx in internal.c */
wolfSSL 11:cee25a834751 14131 return wolfSSL_get_cipher_name_internal(ssl);
wolfSSL 11:cee25a834751 14132 }
wolfSSL 11:cee25a834751 14133
wolfSSL 11:cee25a834751 14134 #ifdef HAVE_ECC
wolfSSL 11:cee25a834751 14135 /* Return the name of the curve used for key exchange as a printable string.
wolfSSL 11:cee25a834751 14136 *
wolfSSL 11:cee25a834751 14137 * ssl The SSL/TLS object.
wolfSSL 11:cee25a834751 14138 * returns NULL if ECDH was not used, otherwise the name as a string.
wolfSSL 11:cee25a834751 14139 */
wolfSSL 11:cee25a834751 14140 const char* wolfSSL_get_curve_name(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 14141 {
wolfSSL 11:cee25a834751 14142 if (ssl == NULL)
wolfSSL 11:cee25a834751 14143 return NULL;
wolfSSL 11:cee25a834751 14144 if (ssl->specs.kea != ecdhe_psk_kea &&
wolfSSL 11:cee25a834751 14145 ssl->specs.kea != ecc_diffie_hellman_kea)
wolfSSL 11:cee25a834751 14146 return NULL;
wolfSSL 11:cee25a834751 14147 if (ssl->ecdhCurveOID == 0)
wolfSSL 11:cee25a834751 14148 return NULL;
wolfSSL 11:cee25a834751 14149 return wc_ecc_get_name(wc_ecc_get_oid(ssl->ecdhCurveOID, NULL, NULL));
wolfSSL 11:cee25a834751 14150 }
wolfSSL 11:cee25a834751 14151 #endif
wolfSSL 11:cee25a834751 14152
wolfSSL 11:cee25a834751 14153 #ifdef OPENSSL_EXTRA
wolfSSL 11:cee25a834751 14154
wolfSSL 11:cee25a834751 14155 char* wolfSSL_CIPHER_description(const WOLFSSL_CIPHER* cipher, char* in,
wolfSSL 11:cee25a834751 14156 int len)
wolfSSL 11:cee25a834751 14157 {
wolfSSL 11:cee25a834751 14158 char *ret = in;
wolfSSL 11:cee25a834751 14159 const char *keaStr, *authStr, *encStr, *macStr;
wolfSSL 11:cee25a834751 14160 size_t strLen;
wolfSSL 11:cee25a834751 14161
wolfSSL 11:cee25a834751 14162 if (cipher == NULL || in == NULL)
wolfSSL 11:cee25a834751 14163 return NULL;
wolfSSL 11:cee25a834751 14164
wolfSSL 11:cee25a834751 14165 switch (cipher->ssl->specs.kea) {
wolfSSL 11:cee25a834751 14166 case no_kea:
wolfSSL 11:cee25a834751 14167 keaStr = "None";
wolfSSL 11:cee25a834751 14168 break;
wolfSSL 11:cee25a834751 14169 #ifndef NO_RSA
wolfSSL 11:cee25a834751 14170 case rsa_kea:
wolfSSL 11:cee25a834751 14171 keaStr = "RSA";
wolfSSL 11:cee25a834751 14172 break;
wolfSSL 11:cee25a834751 14173 #endif
wolfSSL 11:cee25a834751 14174 #ifndef NO_DH
wolfSSL 11:cee25a834751 14175 case diffie_hellman_kea:
wolfSSL 11:cee25a834751 14176 keaStr = "DHE";
wolfSSL 11:cee25a834751 14177 break;
wolfSSL 11:cee25a834751 14178 #endif
wolfSSL 11:cee25a834751 14179 case fortezza_kea:
wolfSSL 11:cee25a834751 14180 keaStr = "FZ";
wolfSSL 11:cee25a834751 14181 break;
wolfSSL 11:cee25a834751 14182 #ifndef NO_PSK
wolfSSL 11:cee25a834751 14183 case psk_kea:
wolfSSL 11:cee25a834751 14184 keaStr = "PSK";
wolfSSL 11:cee25a834751 14185 break;
wolfSSL 11:cee25a834751 14186 #ifndef NO_DH
wolfSSL 11:cee25a834751 14187 case dhe_psk_kea:
wolfSSL 11:cee25a834751 14188 keaStr = "DHEPSK";
wolfSSL 11:cee25a834751 14189 break;
wolfSSL 11:cee25a834751 14190 #endif
wolfSSL 11:cee25a834751 14191 #ifdef HAVE_ECC
wolfSSL 11:cee25a834751 14192 case ecdhe_psk_kea:
wolfSSL 11:cee25a834751 14193 keaStr = "ECDHEPSK";
wolfSSL 11:cee25a834751 14194 break;
wolfSSL 11:cee25a834751 14195 #endif
wolfSSL 11:cee25a834751 14196 #endif
wolfSSL 11:cee25a834751 14197 #ifdef HAVE_NTRU
wolfSSL 11:cee25a834751 14198 case ntru_kea:
wolfSSL 11:cee25a834751 14199 keaStr = "NTRU";
wolfSSL 11:cee25a834751 14200 break;
wolfSSL 11:cee25a834751 14201 #endif
wolfSSL 11:cee25a834751 14202 #ifdef HAVE_ECC
wolfSSL 11:cee25a834751 14203 case ecc_diffie_hellman_kea:
wolfSSL 11:cee25a834751 14204 keaStr = "ECDHE";
wolfSSL 11:cee25a834751 14205 break;
wolfSSL 11:cee25a834751 14206 case ecc_static_diffie_hellman_kea:
wolfSSL 11:cee25a834751 14207 keaStr = "ECDH";
wolfSSL 11:cee25a834751 14208 break;
wolfSSL 11:cee25a834751 14209 #endif
wolfSSL 11:cee25a834751 14210 default:
wolfSSL 11:cee25a834751 14211 keaStr = "unknown";
wolfSSL 11:cee25a834751 14212 break;
wolfSSL 11:cee25a834751 14213 }
wolfSSL 11:cee25a834751 14214
wolfSSL 11:cee25a834751 14215 switch (cipher->ssl->specs.sig_algo) {
wolfSSL 11:cee25a834751 14216 case anonymous_sa_algo:
wolfSSL 11:cee25a834751 14217 authStr = "None";
wolfSSL 11:cee25a834751 14218 break;
wolfSSL 11:cee25a834751 14219 #ifndef NO_RSA
wolfSSL 11:cee25a834751 14220 case rsa_sa_algo:
wolfSSL 11:cee25a834751 14221 authStr = "RSA";
wolfSSL 11:cee25a834751 14222 break;
wolfSSL 11:cee25a834751 14223 #endif
wolfSSL 11:cee25a834751 14224 #ifndef NO_DSA
wolfSSL 11:cee25a834751 14225 case dsa_sa_algo:
wolfSSL 11:cee25a834751 14226 authStr = "DSA";
wolfSSL 11:cee25a834751 14227 break;
wolfSSL 11:cee25a834751 14228 #endif
wolfSSL 11:cee25a834751 14229 #ifdef HAVE_ECC
wolfSSL 11:cee25a834751 14230 case ecc_dsa_sa_algo:
wolfSSL 11:cee25a834751 14231 authStr = "ECDSA";
wolfSSL 11:cee25a834751 14232 break;
wolfSSL 11:cee25a834751 14233 #endif
wolfSSL 11:cee25a834751 14234 default:
wolfSSL 11:cee25a834751 14235 authStr = "unknown";
wolfSSL 11:cee25a834751 14236 break;
wolfSSL 11:cee25a834751 14237 }
wolfSSL 11:cee25a834751 14238
wolfSSL 11:cee25a834751 14239 switch (cipher->ssl->specs.bulk_cipher_algorithm) {
wolfSSL 11:cee25a834751 14240 case wolfssl_cipher_null:
wolfSSL 11:cee25a834751 14241 encStr = "None";
wolfSSL 11:cee25a834751 14242 break;
wolfSSL 11:cee25a834751 14243 #ifndef NO_RC4
wolfSSL 11:cee25a834751 14244 case wolfssl_rc4:
wolfSSL 11:cee25a834751 14245 encStr = "RC4(128)";
wolfSSL 11:cee25a834751 14246 break;
wolfSSL 11:cee25a834751 14247 #endif
wolfSSL 11:cee25a834751 14248 #ifndef NO_DES3
wolfSSL 11:cee25a834751 14249 case wolfssl_triple_des:
wolfSSL 11:cee25a834751 14250 encStr = "3DES(168)";
wolfSSL 11:cee25a834751 14251 break;
wolfSSL 11:cee25a834751 14252 #endif
wolfSSL 11:cee25a834751 14253 #ifdef HAVE_IDEA
wolfSSL 11:cee25a834751 14254 case wolfssl_idea:
wolfSSL 11:cee25a834751 14255 encStr = "IDEA(128)";
wolfSSL 11:cee25a834751 14256 break;
wolfSSL 11:cee25a834751 14257 #endif
wolfSSL 11:cee25a834751 14258 #ifndef NO_AES
wolfSSL 11:cee25a834751 14259 case wolfssl_aes:
wolfSSL 11:cee25a834751 14260 if (cipher->ssl->specs.key_size == 128)
wolfSSL 11:cee25a834751 14261 encStr = "AES(128)";
wolfSSL 11:cee25a834751 14262 else if (cipher->ssl->specs.key_size == 256)
wolfSSL 11:cee25a834751 14263 encStr = "AES(256)";
wolfSSL 11:cee25a834751 14264 else
wolfSSL 11:cee25a834751 14265 encStr = "AES(?)";
wolfSSL 11:cee25a834751 14266 break;
wolfSSL 11:cee25a834751 14267 #ifdef HAVE_AESGCM
wolfSSL 11:cee25a834751 14268 case wolfssl_aes_gcm:
wolfSSL 11:cee25a834751 14269 if (cipher->ssl->specs.key_size == 128)
wolfSSL 11:cee25a834751 14270 encStr = "AESGCM(128)";
wolfSSL 11:cee25a834751 14271 else if (cipher->ssl->specs.key_size == 256)
wolfSSL 11:cee25a834751 14272 encStr = "AESGCM(256)";
wolfSSL 11:cee25a834751 14273 else
wolfSSL 11:cee25a834751 14274 encStr = "AESGCM(?)";
wolfSSL 11:cee25a834751 14275 break;
wolfSSL 11:cee25a834751 14276 #endif
wolfSSL 11:cee25a834751 14277 #ifdef HAVE_AESCCM
wolfSSL 11:cee25a834751 14278 case wolfssl_aes_ccm:
wolfSSL 11:cee25a834751 14279 if (cipher->ssl->specs.key_size == 128)
wolfSSL 11:cee25a834751 14280 encStr = "AESCCM(128)";
wolfSSL 11:cee25a834751 14281 else if (cipher->ssl->specs.key_size == 256)
wolfSSL 11:cee25a834751 14282 encStr = "AESCCM(256)";
wolfSSL 11:cee25a834751 14283 else
wolfSSL 11:cee25a834751 14284 encStr = "AESCCM(?)";
wolfSSL 11:cee25a834751 14285 break;
wolfSSL 11:cee25a834751 14286 #endif
wolfSSL 11:cee25a834751 14287 #endif
wolfSSL 11:cee25a834751 14288 #ifdef HAVE_CHACHA
wolfSSL 11:cee25a834751 14289 case wolfssl_chacha:
wolfSSL 11:cee25a834751 14290 encStr = "CHACHA20/POLY1305(256)";
wolfSSL 11:cee25a834751 14291 break;
wolfSSL 11:cee25a834751 14292 #endif
wolfSSL 11:cee25a834751 14293 #ifdef HAVE_CAMELLIA
wolfSSL 11:cee25a834751 14294 case wolfssl_camellia:
wolfSSL 11:cee25a834751 14295 if (cipher->ssl->specs.key_size == 128)
wolfSSL 11:cee25a834751 14296 encStr = "Camellia(128)";
wolfSSL 11:cee25a834751 14297 else if (cipher->ssl->specs.key_size == 256)
wolfSSL 11:cee25a834751 14298 encStr = "Camellia(256)";
wolfSSL 11:cee25a834751 14299 else
wolfSSL 11:cee25a834751 14300 encStr = "Camellia(?)";
wolfSSL 11:cee25a834751 14301 break;
wolfSSL 11:cee25a834751 14302 #endif
wolfSSL 11:cee25a834751 14303 #if defined(HAVE_HC128) && !defined(NO_HC128)
wolfSSL 11:cee25a834751 14304 case wolfssl_hc128:
wolfSSL 11:cee25a834751 14305 encStr = "HC128(128)";
wolfSSL 11:cee25a834751 14306 break;
wolfSSL 11:cee25a834751 14307 #endif
wolfSSL 11:cee25a834751 14308 #if defined(HAVE_RABBIT) && !defined(NO_RABBIT)
wolfSSL 11:cee25a834751 14309 case wolfssl_rabbit:
wolfSSL 11:cee25a834751 14310 encStr = "RABBIT(128)";
wolfSSL 11:cee25a834751 14311 break;
wolfSSL 11:cee25a834751 14312 #endif
wolfSSL 11:cee25a834751 14313 default:
wolfSSL 11:cee25a834751 14314 encStr = "unknown";
wolfSSL 11:cee25a834751 14315 break;
wolfSSL 11:cee25a834751 14316 }
wolfSSL 11:cee25a834751 14317
wolfSSL 11:cee25a834751 14318 switch (cipher->ssl->specs.mac_algorithm) {
wolfSSL 11:cee25a834751 14319 case no_mac:
wolfSSL 11:cee25a834751 14320 macStr = "None";
wolfSSL 11:cee25a834751 14321 break;
wolfSSL 11:cee25a834751 14322 #ifndef NO_MD5
wolfSSL 11:cee25a834751 14323 case md5_mac:
wolfSSL 11:cee25a834751 14324 macStr = "MD5";
wolfSSL 11:cee25a834751 14325 break;
wolfSSL 11:cee25a834751 14326 #endif
wolfSSL 11:cee25a834751 14327 #ifndef NO_SHA
wolfSSL 11:cee25a834751 14328 case sha_mac:
wolfSSL 11:cee25a834751 14329 macStr = "SHA1";
wolfSSL 11:cee25a834751 14330 break;
wolfSSL 11:cee25a834751 14331 #endif
wolfSSL 11:cee25a834751 14332 #ifdef HAVE_SHA224
wolfSSL 11:cee25a834751 14333 case sha224_mac:
wolfSSL 11:cee25a834751 14334 macStr = "SHA224";
wolfSSL 11:cee25a834751 14335 break;
wolfSSL 11:cee25a834751 14336 #endif
wolfSSL 11:cee25a834751 14337 #ifndef NO_SHA256
wolfSSL 11:cee25a834751 14338 case sha256_mac:
wolfSSL 11:cee25a834751 14339 macStr = "SHA256";
wolfSSL 11:cee25a834751 14340 break;
wolfSSL 11:cee25a834751 14341 #endif
wolfSSL 11:cee25a834751 14342 #ifdef HAVE_SHA384
wolfSSL 11:cee25a834751 14343 case sha384_mac:
wolfSSL 11:cee25a834751 14344 macStr = "SHA384";
wolfSSL 11:cee25a834751 14345 break;
wolfSSL 11:cee25a834751 14346 #endif
wolfSSL 11:cee25a834751 14347 #ifdef HAVE_SHA512
wolfSSL 11:cee25a834751 14348 case sha512_mac:
wolfSSL 11:cee25a834751 14349 macStr = "SHA512";
wolfSSL 11:cee25a834751 14350 break;
wolfSSL 11:cee25a834751 14351 #endif
wolfSSL 11:cee25a834751 14352 #ifdef HAVE_BLAKE2
wolfSSL 11:cee25a834751 14353 case blake2b_mac:
wolfSSL 11:cee25a834751 14354 macStr = "BLAKE2b";
wolfSSL 11:cee25a834751 14355 break;
wolfSSL 11:cee25a834751 14356 #endif
wolfSSL 11:cee25a834751 14357 default:
wolfSSL 11:cee25a834751 14358 macStr = "unknown";
wolfSSL 11:cee25a834751 14359 break;
wolfSSL 11:cee25a834751 14360 }
wolfSSL 11:cee25a834751 14361
wolfSSL 11:cee25a834751 14362 /* Build up the string by copying onto the end. */
wolfSSL 11:cee25a834751 14363 XSTRNCPY(in, wolfSSL_CIPHER_get_name(cipher), len);
wolfSSL 11:cee25a834751 14364 in[len-1] = '\0'; strLen = XSTRLEN(in); len -= (int)strLen; in += strLen;
wolfSSL 11:cee25a834751 14365
wolfSSL 11:cee25a834751 14366 XSTRNCPY(in, " ", len);
wolfSSL 11:cee25a834751 14367 in[len-1] = '\0'; strLen = XSTRLEN(in); len -= (int)strLen; in += strLen;
wolfSSL 11:cee25a834751 14368 XSTRNCPY(in, wolfSSL_get_version(cipher->ssl), len);
wolfSSL 11:cee25a834751 14369 in[len-1] = '\0'; strLen = XSTRLEN(in); len -= (int)strLen; in += strLen;
wolfSSL 11:cee25a834751 14370
wolfSSL 11:cee25a834751 14371 XSTRNCPY(in, " Kx=", len);
wolfSSL 11:cee25a834751 14372 in[len-1] = '\0'; strLen = XSTRLEN(in); len -= (int)strLen; in += strLen;
wolfSSL 11:cee25a834751 14373 XSTRNCPY(in, keaStr, len);
wolfSSL 11:cee25a834751 14374 in[len-1] = '\0'; strLen = XSTRLEN(in); len -= (int)strLen; in += strLen;
wolfSSL 11:cee25a834751 14375
wolfSSL 11:cee25a834751 14376 XSTRNCPY(in, " Au=", len);
wolfSSL 11:cee25a834751 14377 in[len-1] = '\0'; strLen = XSTRLEN(in); len -= (int)strLen; in += strLen;
wolfSSL 11:cee25a834751 14378 XSTRNCPY(in, authStr, len);
wolfSSL 11:cee25a834751 14379 in[len-1] = '\0'; strLen = XSTRLEN(in); len -= (int)strLen; in += strLen;
wolfSSL 11:cee25a834751 14380
wolfSSL 11:cee25a834751 14381 XSTRNCPY(in, " Enc=", len);
wolfSSL 11:cee25a834751 14382 in[len-1] = '\0'; strLen = XSTRLEN(in); len -= (int)strLen; in += strLen;
wolfSSL 11:cee25a834751 14383 XSTRNCPY(in, encStr, len);
wolfSSL 11:cee25a834751 14384 in[len-1] = '\0'; strLen = XSTRLEN(in); len -= (int)strLen; in += strLen;
wolfSSL 11:cee25a834751 14385
wolfSSL 11:cee25a834751 14386 XSTRNCPY(in, " Mac=", len);
wolfSSL 11:cee25a834751 14387 in[len-1] = '\0'; strLen = XSTRLEN(in); len -= (int)strLen; in += strLen;
wolfSSL 11:cee25a834751 14388 XSTRNCPY(in, macStr, len);
wolfSSL 11:cee25a834751 14389 in[len-1] = '\0';
wolfSSL 11:cee25a834751 14390
wolfSSL 11:cee25a834751 14391 return ret;
wolfSSL 11:cee25a834751 14392 }
wolfSSL 11:cee25a834751 14393
wolfSSL 11:cee25a834751 14394
wolfSSL 11:cee25a834751 14395 #ifndef NO_SESSION_CACHE
wolfSSL 11:cee25a834751 14396
wolfSSL 11:cee25a834751 14397 WOLFSSL_SESSION* wolfSSL_get1_session(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 14398 {
wolfSSL 11:cee25a834751 14399 if (ssl == NULL) {
wolfSSL 11:cee25a834751 14400 return NULL;
wolfSSL 11:cee25a834751 14401 }
wolfSSL 11:cee25a834751 14402
wolfSSL 11:cee25a834751 14403 /* sessions are stored statically, no need for reference count */
wolfSSL 11:cee25a834751 14404 return wolfSSL_get_session(ssl);
wolfSSL 11:cee25a834751 14405 }
wolfSSL 11:cee25a834751 14406
wolfSSL 11:cee25a834751 14407 #endif /* NO_SESSION_CACHE */
wolfSSL 11:cee25a834751 14408
wolfSSL 11:cee25a834751 14409 #ifndef NO_CERTS
wolfSSL 11:cee25a834751 14410 void wolfSSL_X509_free(WOLFSSL_X509* x509)
wolfSSL 11:cee25a834751 14411 {
wolfSSL 11:cee25a834751 14412 WOLFSSL_ENTER("wolfSSL_X509_free");
wolfSSL 11:cee25a834751 14413 ExternalFreeX509(x509);
wolfSSL 11:cee25a834751 14414 }
wolfSSL 11:cee25a834751 14415 #endif /* NO_CERTS */
wolfSSL 11:cee25a834751 14416
wolfSSL 11:cee25a834751 14417
wolfSSL 11:cee25a834751 14418 int wolfSSL_OCSP_parse_url(char* url, char** host, char** port, char** path,
wolfSSL 11:cee25a834751 14419 int* ssl)
wolfSSL 11:cee25a834751 14420 {
wolfSSL 11:cee25a834751 14421 (void)url;
wolfSSL 11:cee25a834751 14422 (void)host;
wolfSSL 11:cee25a834751 14423 (void)port;
wolfSSL 11:cee25a834751 14424 (void)path;
wolfSSL 11:cee25a834751 14425 (void)ssl;
wolfSSL 11:cee25a834751 14426 return 0;
wolfSSL 11:cee25a834751 14427 }
wolfSSL 11:cee25a834751 14428
wolfSSL 11:cee25a834751 14429
wolfSSL 11:cee25a834751 14430 WOLFSSL_METHOD* wolfSSLv2_client_method(void)
wolfSSL 11:cee25a834751 14431 {
wolfSSL 11:cee25a834751 14432 return 0;
wolfSSL 11:cee25a834751 14433 }
wolfSSL 11:cee25a834751 14434
wolfSSL 11:cee25a834751 14435
wolfSSL 11:cee25a834751 14436 WOLFSSL_METHOD* wolfSSLv2_server_method(void)
wolfSSL 11:cee25a834751 14437 {
wolfSSL 11:cee25a834751 14438 return 0;
wolfSSL 11:cee25a834751 14439 }
wolfSSL 11:cee25a834751 14440
wolfSSL 11:cee25a834751 14441
wolfSSL 11:cee25a834751 14442 #ifndef NO_MD4
wolfSSL 11:cee25a834751 14443
wolfSSL 11:cee25a834751 14444 void wolfSSL_MD4_Init(WOLFSSL_MD4_CTX* md4)
wolfSSL 11:cee25a834751 14445 {
wolfSSL 11:cee25a834751 14446 /* make sure we have a big enough buffer */
wolfSSL 11:cee25a834751 14447 typedef char ok[sizeof(md4->buffer) >= sizeof(Md4) ? 1 : -1];
wolfSSL 11:cee25a834751 14448 (void) sizeof(ok);
wolfSSL 11:cee25a834751 14449
wolfSSL 11:cee25a834751 14450 WOLFSSL_ENTER("MD4_Init");
wolfSSL 11:cee25a834751 14451 wc_InitMd4((Md4*)md4);
wolfSSL 11:cee25a834751 14452 }
wolfSSL 11:cee25a834751 14453
wolfSSL 11:cee25a834751 14454
wolfSSL 11:cee25a834751 14455 void wolfSSL_MD4_Update(WOLFSSL_MD4_CTX* md4, const void* data,
wolfSSL 11:cee25a834751 14456 unsigned long len)
wolfSSL 11:cee25a834751 14457 {
wolfSSL 11:cee25a834751 14458 WOLFSSL_ENTER("MD4_Update");
wolfSSL 11:cee25a834751 14459 wc_Md4Update((Md4*)md4, (const byte*)data, (word32)len);
wolfSSL 11:cee25a834751 14460 }
wolfSSL 11:cee25a834751 14461
wolfSSL 11:cee25a834751 14462
wolfSSL 11:cee25a834751 14463 void wolfSSL_MD4_Final(unsigned char* digest, WOLFSSL_MD4_CTX* md4)
wolfSSL 11:cee25a834751 14464 {
wolfSSL 11:cee25a834751 14465 WOLFSSL_ENTER("MD4_Final");
wolfSSL 11:cee25a834751 14466 wc_Md4Final((Md4*)md4, digest);
wolfSSL 11:cee25a834751 14467 }
wolfSSL 11:cee25a834751 14468
wolfSSL 11:cee25a834751 14469 #endif /* NO_MD4 */
wolfSSL 11:cee25a834751 14470
wolfSSL 11:cee25a834751 14471
wolfSSL 11:cee25a834751 14472 WOLFSSL_BIO* wolfSSL_BIO_pop(WOLFSSL_BIO* top)
wolfSSL 11:cee25a834751 14473 {
wolfSSL 11:cee25a834751 14474 (void)top;
wolfSSL 11:cee25a834751 14475 return 0;
wolfSSL 11:cee25a834751 14476 }
wolfSSL 11:cee25a834751 14477
wolfSSL 11:cee25a834751 14478
wolfSSL 11:cee25a834751 14479 int wolfSSL_BIO_pending(WOLFSSL_BIO* bio)
wolfSSL 11:cee25a834751 14480 {
wolfSSL 11:cee25a834751 14481 if (bio && bio->type == BIO_MEMORY)
wolfSSL 11:cee25a834751 14482 return bio->memLen;
wolfSSL 11:cee25a834751 14483 return 0;
wolfSSL 11:cee25a834751 14484 }
wolfSSL 11:cee25a834751 14485
wolfSSL 11:cee25a834751 14486
wolfSSL 11:cee25a834751 14487
wolfSSL 11:cee25a834751 14488 WOLFSSL_BIO_METHOD* wolfSSL_BIO_s_mem(void)
wolfSSL 11:cee25a834751 14489 {
wolfSSL 11:cee25a834751 14490 static WOLFSSL_BIO_METHOD meth;
wolfSSL 11:cee25a834751 14491
wolfSSL 11:cee25a834751 14492 WOLFSSL_ENTER("BIO_s_mem");
wolfSSL 11:cee25a834751 14493 meth.type = BIO_MEMORY;
wolfSSL 11:cee25a834751 14494
wolfSSL 11:cee25a834751 14495 return &meth;
wolfSSL 11:cee25a834751 14496 }
wolfSSL 11:cee25a834751 14497
wolfSSL 11:cee25a834751 14498
wolfSSL 11:cee25a834751 14499 WOLFSSL_BIO_METHOD* wolfSSL_BIO_f_base64(void)
wolfSSL 11:cee25a834751 14500 {
wolfSSL 11:cee25a834751 14501 return 0;
wolfSSL 11:cee25a834751 14502 }
wolfSSL 11:cee25a834751 14503
wolfSSL 11:cee25a834751 14504
wolfSSL 11:cee25a834751 14505 void wolfSSL_BIO_set_flags(WOLFSSL_BIO* bio, int flags)
wolfSSL 11:cee25a834751 14506 {
wolfSSL 11:cee25a834751 14507 (void)bio;
wolfSSL 11:cee25a834751 14508 (void)flags;
wolfSSL 11:cee25a834751 14509 }
wolfSSL 11:cee25a834751 14510
wolfSSL 11:cee25a834751 14511
wolfSSL 11:cee25a834751 14512
wolfSSL 11:cee25a834751 14513 void wolfSSL_RAND_screen(void)
wolfSSL 11:cee25a834751 14514 {
wolfSSL 11:cee25a834751 14515
wolfSSL 11:cee25a834751 14516 }
wolfSSL 11:cee25a834751 14517
wolfSSL 11:cee25a834751 14518
wolfSSL 11:cee25a834751 14519 const char* wolfSSL_RAND_file_name(char* fname, unsigned long len)
wolfSSL 11:cee25a834751 14520 {
wolfSSL 11:cee25a834751 14521 (void)fname;
wolfSSL 11:cee25a834751 14522 (void)len;
wolfSSL 11:cee25a834751 14523 return 0;
wolfSSL 11:cee25a834751 14524 }
wolfSSL 11:cee25a834751 14525
wolfSSL 11:cee25a834751 14526
wolfSSL 11:cee25a834751 14527 int wolfSSL_RAND_write_file(const char* fname)
wolfSSL 11:cee25a834751 14528 {
wolfSSL 11:cee25a834751 14529 (void)fname;
wolfSSL 11:cee25a834751 14530 return 0;
wolfSSL 11:cee25a834751 14531 }
wolfSSL 11:cee25a834751 14532
wolfSSL 11:cee25a834751 14533
wolfSSL 11:cee25a834751 14534 int wolfSSL_RAND_load_file(const char* fname, long len)
wolfSSL 11:cee25a834751 14535 {
wolfSSL 11:cee25a834751 14536 (void)fname;
wolfSSL 11:cee25a834751 14537 /* wolfCrypt provides enough entropy internally or will report error */
wolfSSL 11:cee25a834751 14538 if (len == -1)
wolfSSL 11:cee25a834751 14539 return 1024;
wolfSSL 11:cee25a834751 14540 else
wolfSSL 11:cee25a834751 14541 return (int)len;
wolfSSL 11:cee25a834751 14542 }
wolfSSL 11:cee25a834751 14543
wolfSSL 11:cee25a834751 14544
wolfSSL 11:cee25a834751 14545 int wolfSSL_RAND_egd(const char* path)
wolfSSL 11:cee25a834751 14546 {
wolfSSL 11:cee25a834751 14547 (void)path;
wolfSSL 11:cee25a834751 14548 return 0;
wolfSSL 11:cee25a834751 14549 }
wolfSSL 11:cee25a834751 14550
wolfSSL 11:cee25a834751 14551
wolfSSL 11:cee25a834751 14552
wolfSSL 11:cee25a834751 14553 WOLFSSL_COMP_METHOD* wolfSSL_COMP_zlib(void)
wolfSSL 11:cee25a834751 14554 {
wolfSSL 11:cee25a834751 14555 return 0;
wolfSSL 11:cee25a834751 14556 }
wolfSSL 11:cee25a834751 14557
wolfSSL 11:cee25a834751 14558
wolfSSL 11:cee25a834751 14559 WOLFSSL_COMP_METHOD* wolfSSL_COMP_rle(void)
wolfSSL 11:cee25a834751 14560 {
wolfSSL 11:cee25a834751 14561 return 0;
wolfSSL 11:cee25a834751 14562 }
wolfSSL 11:cee25a834751 14563
wolfSSL 11:cee25a834751 14564 int wolfSSL_COMP_add_compression_method(int method, void* data)
wolfSSL 11:cee25a834751 14565 {
wolfSSL 11:cee25a834751 14566 (void)method;
wolfSSL 11:cee25a834751 14567 (void)data;
wolfSSL 11:cee25a834751 14568 return 0;
wolfSSL 11:cee25a834751 14569 }
wolfSSL 11:cee25a834751 14570
wolfSSL 11:cee25a834751 14571
wolfSSL 11:cee25a834751 14572 void wolfSSL_set_dynlock_create_callback(WOLFSSL_dynlock_value* (*f)(
wolfSSL 11:cee25a834751 14573 const char*, int))
wolfSSL 11:cee25a834751 14574 {
wolfSSL 11:cee25a834751 14575 (void)f;
wolfSSL 11:cee25a834751 14576 }
wolfSSL 11:cee25a834751 14577
wolfSSL 11:cee25a834751 14578
wolfSSL 11:cee25a834751 14579 void wolfSSL_set_dynlock_lock_callback(
wolfSSL 11:cee25a834751 14580 void (*f)(int, WOLFSSL_dynlock_value*, const char*, int))
wolfSSL 11:cee25a834751 14581 {
wolfSSL 11:cee25a834751 14582 (void)f;
wolfSSL 11:cee25a834751 14583 }
wolfSSL 11:cee25a834751 14584
wolfSSL 11:cee25a834751 14585
wolfSSL 11:cee25a834751 14586 void wolfSSL_set_dynlock_destroy_callback(
wolfSSL 11:cee25a834751 14587 void (*f)(WOLFSSL_dynlock_value*, const char*, int))
wolfSSL 11:cee25a834751 14588 {
wolfSSL 11:cee25a834751 14589 (void)f;
wolfSSL 11:cee25a834751 14590 }
wolfSSL 11:cee25a834751 14591
wolfSSL 11:cee25a834751 14592
wolfSSL 11:cee25a834751 14593
wolfSSL 11:cee25a834751 14594 const char* wolfSSL_X509_verify_cert_error_string(long err)
wolfSSL 11:cee25a834751 14595 {
wolfSSL 11:cee25a834751 14596 return wolfSSL_ERR_reason_error_string(err);
wolfSSL 11:cee25a834751 14597 }
wolfSSL 11:cee25a834751 14598
wolfSSL 11:cee25a834751 14599
wolfSSL 11:cee25a834751 14600
wolfSSL 11:cee25a834751 14601 int wolfSSL_X509_LOOKUP_add_dir(WOLFSSL_X509_LOOKUP* lookup, const char* dir,
wolfSSL 11:cee25a834751 14602 long len)
wolfSSL 11:cee25a834751 14603 {
wolfSSL 11:cee25a834751 14604 (void)lookup;
wolfSSL 11:cee25a834751 14605 (void)dir;
wolfSSL 11:cee25a834751 14606 (void)len;
wolfSSL 11:cee25a834751 14607 return 0;
wolfSSL 11:cee25a834751 14608 }
wolfSSL 11:cee25a834751 14609
wolfSSL 11:cee25a834751 14610
wolfSSL 11:cee25a834751 14611 int wolfSSL_X509_LOOKUP_load_file(WOLFSSL_X509_LOOKUP* lookup,
wolfSSL 11:cee25a834751 14612 const char* file, long type)
wolfSSL 11:cee25a834751 14613 {
wolfSSL 11:cee25a834751 14614 #ifndef NO_FILESYSTEM
wolfSSL 11:cee25a834751 14615 int ret = SSL_FAILURE;
wolfSSL 11:cee25a834751 14616 XFILE fp;
wolfSSL 11:cee25a834751 14617 long sz;
wolfSSL 11:cee25a834751 14618 byte* pem = NULL;
wolfSSL 11:cee25a834751 14619 WOLFSSL_X509* x509;
wolfSSL 11:cee25a834751 14620
wolfSSL 11:cee25a834751 14621 if (type != X509_FILETYPE_PEM)
wolfSSL 11:cee25a834751 14622 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 14623
wolfSSL 11:cee25a834751 14624 fp = XFOPEN(file, "r");
wolfSSL 11:cee25a834751 14625 if (fp == NULL)
wolfSSL 11:cee25a834751 14626 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 14627
wolfSSL 11:cee25a834751 14628 XFSEEK(fp, 0, XSEEK_END);
wolfSSL 11:cee25a834751 14629 sz = XFTELL(fp);
wolfSSL 11:cee25a834751 14630 XREWIND(fp);
wolfSSL 11:cee25a834751 14631
wolfSSL 11:cee25a834751 14632 if (sz <= 0)
wolfSSL 11:cee25a834751 14633 goto end;
wolfSSL 11:cee25a834751 14634
wolfSSL 11:cee25a834751 14635 pem = (byte*)XMALLOC(sz, 0, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 14636 if (pem == NULL) {
wolfSSL 11:cee25a834751 14637 ret = MEMORY_ERROR;
wolfSSL 11:cee25a834751 14638 goto end;
wolfSSL 11:cee25a834751 14639 }
wolfSSL 11:cee25a834751 14640
wolfSSL 11:cee25a834751 14641 /* Read in file which may be a CRL or certificate. */
wolfSSL 11:cee25a834751 14642 if (XFREAD(pem, (size_t)sz, 1, fp) != 1)
wolfSSL 11:cee25a834751 14643 goto end;
wolfSSL 11:cee25a834751 14644
wolfSSL 11:cee25a834751 14645 if (XSTRNSTR((char*)pem, BEGIN_X509_CRL, (unsigned int)sz) != NULL) {
wolfSSL 11:cee25a834751 14646 #ifdef HAVE_CRL
wolfSSL 11:cee25a834751 14647 ret = wolfSSL_CertManagerLoadCRLBuffer(lookup->store->cm, pem, sz,
wolfSSL 11:cee25a834751 14648 SSL_FILETYPE_PEM);
wolfSSL 11:cee25a834751 14649 #endif
wolfSSL 11:cee25a834751 14650 }
wolfSSL 11:cee25a834751 14651 else {
wolfSSL 11:cee25a834751 14652 x509 = wolfSSL_X509_load_certificate_buffer(pem, (int)sz,
wolfSSL 11:cee25a834751 14653 SSL_FILETYPE_PEM);
wolfSSL 11:cee25a834751 14654 if (x509 == NULL)
wolfSSL 11:cee25a834751 14655 goto end;
wolfSSL 11:cee25a834751 14656 ret = wolfSSL_X509_STORE_add_cert(lookup->store, x509);
wolfSSL 11:cee25a834751 14657 }
wolfSSL 11:cee25a834751 14658
wolfSSL 11:cee25a834751 14659 end:
wolfSSL 11:cee25a834751 14660 if (pem != NULL)
wolfSSL 11:cee25a834751 14661 XFREE(pem, 0, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 14662 XFCLOSE(fp);
wolfSSL 11:cee25a834751 14663 return ret;
wolfSSL 11:cee25a834751 14664 #else
wolfSSL 11:cee25a834751 14665 (void)lookup;
wolfSSL 11:cee25a834751 14666 (void)file;
wolfSSL 11:cee25a834751 14667 (void)type;
wolfSSL 11:cee25a834751 14668 return SSL_FAILURE;
wolfSSL 11:cee25a834751 14669 #endif
wolfSSL 11:cee25a834751 14670 }
wolfSSL 11:cee25a834751 14671
wolfSSL 11:cee25a834751 14672
wolfSSL 11:cee25a834751 14673 WOLFSSL_X509_LOOKUP_METHOD* wolfSSL_X509_LOOKUP_hash_dir(void)
wolfSSL 11:cee25a834751 14674 {
wolfSSL 11:cee25a834751 14675 /* Method implementation in functions. */
wolfSSL 11:cee25a834751 14676 static WOLFSSL_X509_LOOKUP_METHOD meth = { 1 };
wolfSSL 11:cee25a834751 14677 return &meth;
wolfSSL 11:cee25a834751 14678 }
wolfSSL 11:cee25a834751 14679
wolfSSL 11:cee25a834751 14680 WOLFSSL_X509_LOOKUP_METHOD* wolfSSL_X509_LOOKUP_file(void)
wolfSSL 11:cee25a834751 14681 {
wolfSSL 11:cee25a834751 14682 /* Method implementation in functions. */
wolfSSL 11:cee25a834751 14683 static WOLFSSL_X509_LOOKUP_METHOD meth = { 0 };
wolfSSL 11:cee25a834751 14684 return &meth;
wolfSSL 11:cee25a834751 14685 }
wolfSSL 11:cee25a834751 14686
wolfSSL 11:cee25a834751 14687
wolfSSL 11:cee25a834751 14688 WOLFSSL_X509_LOOKUP* wolfSSL_X509_STORE_add_lookup(WOLFSSL_X509_STORE* store,
wolfSSL 11:cee25a834751 14689 WOLFSSL_X509_LOOKUP_METHOD* m)
wolfSSL 11:cee25a834751 14690 {
wolfSSL 11:cee25a834751 14691 /* Method is a dummy value and is not needed. */
wolfSSL 11:cee25a834751 14692 (void)m;
wolfSSL 11:cee25a834751 14693 /* Make sure the lookup has a back reference to the store. */
wolfSSL 11:cee25a834751 14694 store->lookup.store = store;
wolfSSL 11:cee25a834751 14695 return &store->lookup;
wolfSSL 11:cee25a834751 14696 }
wolfSSL 11:cee25a834751 14697
wolfSSL 11:cee25a834751 14698
wolfSSL 11:cee25a834751 14699 #ifndef NO_CERTS
wolfSSL 11:cee25a834751 14700 WOLFSSL_X509* wolfSSL_d2i_X509_bio(WOLFSSL_BIO* bio, WOLFSSL_X509** x509)
wolfSSL 11:cee25a834751 14701 {
wolfSSL 11:cee25a834751 14702 WOLFSSL_X509* localX509 = NULL;
wolfSSL 11:cee25a834751 14703 unsigned char* mem = NULL;
wolfSSL 11:cee25a834751 14704 int ret;
wolfSSL 11:cee25a834751 14705 word32 size;
wolfSSL 11:cee25a834751 14706
wolfSSL 11:cee25a834751 14707 WOLFSSL_ENTER("wolfSSL_d2i_X509_bio");
wolfSSL 11:cee25a834751 14708
wolfSSL 11:cee25a834751 14709 if (bio == NULL) {
wolfSSL 11:cee25a834751 14710 WOLFSSL_MSG("Bad Function Argument bio is NULL");
wolfSSL 11:cee25a834751 14711 return NULL;
wolfSSL 11:cee25a834751 14712 }
wolfSSL 11:cee25a834751 14713
wolfSSL 11:cee25a834751 14714 ret = wolfSSL_BIO_get_mem_data(bio, &mem);
wolfSSL 11:cee25a834751 14715 if (mem == NULL || ret <= 0) {
wolfSSL 11:cee25a834751 14716 WOLFSSL_MSG("Failed to get data from bio struct");
wolfSSL 11:cee25a834751 14717 return NULL;
wolfSSL 11:cee25a834751 14718 }
wolfSSL 11:cee25a834751 14719 size = ret;
wolfSSL 11:cee25a834751 14720
wolfSSL 11:cee25a834751 14721 localX509 = wolfSSL_X509_d2i(NULL, mem, size);
wolfSSL 11:cee25a834751 14722 if (localX509 == NULL) {
wolfSSL 11:cee25a834751 14723 return NULL;
wolfSSL 11:cee25a834751 14724 }
wolfSSL 11:cee25a834751 14725
wolfSSL 11:cee25a834751 14726 if (x509 != NULL) {
wolfSSL 11:cee25a834751 14727 *x509 = localX509;
wolfSSL 11:cee25a834751 14728 }
wolfSSL 11:cee25a834751 14729
wolfSSL 11:cee25a834751 14730 return localX509;
wolfSSL 11:cee25a834751 14731 }
wolfSSL 11:cee25a834751 14732
wolfSSL 11:cee25a834751 14733
wolfSSL 11:cee25a834751 14734 #if !defined(NO_ASN) && !defined(NO_PWDBASED)
wolfSSL 11:cee25a834751 14735 WC_PKCS12* wolfSSL_d2i_PKCS12_bio(WOLFSSL_BIO* bio, WC_PKCS12** pkcs12)
wolfSSL 11:cee25a834751 14736 {
wolfSSL 11:cee25a834751 14737 WC_PKCS12* localPkcs12 = NULL;
wolfSSL 11:cee25a834751 14738 unsigned char* mem = NULL;
wolfSSL 11:cee25a834751 14739 int ret;
wolfSSL 11:cee25a834751 14740 word32 size;
wolfSSL 11:cee25a834751 14741
wolfSSL 11:cee25a834751 14742 WOLFSSL_ENTER("wolfSSL_d2i_PKCS12_bio");
wolfSSL 11:cee25a834751 14743
wolfSSL 11:cee25a834751 14744 if (bio == NULL) {
wolfSSL 11:cee25a834751 14745 WOLFSSL_MSG("Bad Function Argument bio is NULL");
wolfSSL 11:cee25a834751 14746 return NULL;
wolfSSL 11:cee25a834751 14747 }
wolfSSL 11:cee25a834751 14748
wolfSSL 11:cee25a834751 14749 localPkcs12 = wc_PKCS12_new();
wolfSSL 11:cee25a834751 14750 if (localPkcs12 == NULL) {
wolfSSL 11:cee25a834751 14751 WOLFSSL_MSG("Memory error");
wolfSSL 11:cee25a834751 14752 return NULL;
wolfSSL 11:cee25a834751 14753 }
wolfSSL 11:cee25a834751 14754
wolfSSL 11:cee25a834751 14755 if (pkcs12 != NULL) {
wolfSSL 11:cee25a834751 14756 *pkcs12 = localPkcs12;
wolfSSL 11:cee25a834751 14757 }
wolfSSL 11:cee25a834751 14758
wolfSSL 11:cee25a834751 14759 ret = wolfSSL_BIO_get_mem_data(bio, &mem);
wolfSSL 11:cee25a834751 14760 if (mem == NULL || ret <= 0) {
wolfSSL 11:cee25a834751 14761 WOLFSSL_MSG("Failed to get data from bio struct");
wolfSSL 11:cee25a834751 14762 wc_PKCS12_free(localPkcs12);
wolfSSL 11:cee25a834751 14763 if (pkcs12 != NULL) {
wolfSSL 11:cee25a834751 14764 *pkcs12 = NULL;
wolfSSL 11:cee25a834751 14765 }
wolfSSL 11:cee25a834751 14766 return NULL;
wolfSSL 11:cee25a834751 14767 }
wolfSSL 11:cee25a834751 14768 size = ret;
wolfSSL 11:cee25a834751 14769
wolfSSL 11:cee25a834751 14770 ret = wc_d2i_PKCS12(mem, size, localPkcs12);
wolfSSL 11:cee25a834751 14771 if (ret <= 0) {
wolfSSL 11:cee25a834751 14772 WOLFSSL_MSG("Failed to get PKCS12 sequence");
wolfSSL 11:cee25a834751 14773 wc_PKCS12_free(localPkcs12);
wolfSSL 11:cee25a834751 14774 if (pkcs12 != NULL) {
wolfSSL 11:cee25a834751 14775 *pkcs12 = NULL;
wolfSSL 11:cee25a834751 14776 }
wolfSSL 11:cee25a834751 14777 return NULL;
wolfSSL 11:cee25a834751 14778 }
wolfSSL 11:cee25a834751 14779
wolfSSL 11:cee25a834751 14780 return localPkcs12;
wolfSSL 11:cee25a834751 14781 }
wolfSSL 11:cee25a834751 14782
wolfSSL 11:cee25a834751 14783
wolfSSL 11:cee25a834751 14784 /* return 1 on success, 0 on failure */
wolfSSL 11:cee25a834751 14785 int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw,
wolfSSL 11:cee25a834751 14786 WOLFSSL_EVP_PKEY** pkey, WOLFSSL_X509** cert, STACK_OF(WOLFSSL_X509)** ca)
wolfSSL 11:cee25a834751 14787 {
wolfSSL 11:cee25a834751 14788 DecodedCert DeCert;
wolfSSL 11:cee25a834751 14789 void* heap = NULL;
wolfSSL 11:cee25a834751 14790 int ret;
wolfSSL 11:cee25a834751 14791 byte* certData = NULL;
wolfSSL 11:cee25a834751 14792 word32 certDataSz;
wolfSSL 11:cee25a834751 14793 byte* pk = NULL;
wolfSSL 11:cee25a834751 14794 word32 pkSz;
wolfSSL 11:cee25a834751 14795 WC_DerCertList* certList = NULL;
wolfSSL 11:cee25a834751 14796
wolfSSL 11:cee25a834751 14797 WOLFSSL_ENTER("wolfSSL_PKCS12_parse");
wolfSSL 11:cee25a834751 14798
wolfSSL 11:cee25a834751 14799 if (pkcs12 == NULL || psw == NULL || pkey == NULL || cert == NULL) {
wolfSSL 11:cee25a834751 14800 WOLFSSL_MSG("Bad argument value");
wolfSSL 11:cee25a834751 14801 return 0;
wolfSSL 11:cee25a834751 14802 }
wolfSSL 11:cee25a834751 14803
wolfSSL 11:cee25a834751 14804 heap = wc_PKCS12_GetHeap(pkcs12);
wolfSSL 11:cee25a834751 14805 *pkey = NULL;
wolfSSL 11:cee25a834751 14806 *cert = NULL;
wolfSSL 11:cee25a834751 14807
wolfSSL 11:cee25a834751 14808 if (ca == NULL) {
wolfSSL 11:cee25a834751 14809 ret = wc_PKCS12_parse(pkcs12, psw, &pk, &pkSz, &certData, &certDataSz,
wolfSSL 11:cee25a834751 14810 NULL);
wolfSSL 11:cee25a834751 14811 }
wolfSSL 11:cee25a834751 14812 else {
wolfSSL 11:cee25a834751 14813 *ca = NULL;
wolfSSL 11:cee25a834751 14814 ret = wc_PKCS12_parse(pkcs12, psw, &pk, &pkSz, &certData, &certDataSz,
wolfSSL 11:cee25a834751 14815 &certList);
wolfSSL 11:cee25a834751 14816 }
wolfSSL 11:cee25a834751 14817 if (ret < 0) {
wolfSSL 11:cee25a834751 14818 WOLFSSL_LEAVE("wolfSSL_PKCS12_parse", ret);
wolfSSL 11:cee25a834751 14819 return 0;
wolfSSL 11:cee25a834751 14820 }
wolfSSL 11:cee25a834751 14821
wolfSSL 11:cee25a834751 14822 /* Decode cert and place in X509 stack struct */
wolfSSL 11:cee25a834751 14823 if (certList != NULL) {
wolfSSL 11:cee25a834751 14824 WC_DerCertList* current = certList;
wolfSSL 11:cee25a834751 14825
wolfSSL 11:cee25a834751 14826 *ca = (STACK_OF(WOLFSSL_X509)*)XMALLOC(sizeof(STACK_OF(WOLFSSL_X509)),
wolfSSL 11:cee25a834751 14827 heap, DYNAMIC_TYPE_X509);
wolfSSL 11:cee25a834751 14828 if (*ca == NULL) {
wolfSSL 11:cee25a834751 14829 if (pk != NULL) {
wolfSSL 11:cee25a834751 14830 XFREE(pk, heap, DYNAMIC_TYPE_PKCS);
wolfSSL 11:cee25a834751 14831 }
wolfSSL 11:cee25a834751 14832 if (certData != NULL) {
wolfSSL 11:cee25a834751 14833 XFREE(*cert, heap, DYNAMIC_TYPE_PKCS); *cert = NULL;
wolfSSL 11:cee25a834751 14834 }
wolfSSL 11:cee25a834751 14835 /* Free up WC_DerCertList and move on */
wolfSSL 11:cee25a834751 14836 while (current != NULL) {
wolfSSL 11:cee25a834751 14837 WC_DerCertList* next = current->next;
wolfSSL 11:cee25a834751 14838
wolfSSL 11:cee25a834751 14839 XFREE(current->buffer, heap, DYNAMIC_TYPE_PKCS);
wolfSSL 11:cee25a834751 14840 XFREE(current, heap, DYNAMIC_TYPE_PKCS);
wolfSSL 11:cee25a834751 14841 current = next;
wolfSSL 11:cee25a834751 14842 }
wolfSSL 11:cee25a834751 14843 return 0;
wolfSSL 11:cee25a834751 14844 }
wolfSSL 11:cee25a834751 14845 XMEMSET(*ca, 0, sizeof(STACK_OF(WOLFSSL_X509)));
wolfSSL 11:cee25a834751 14846
wolfSSL 11:cee25a834751 14847 /* add list of DER certs as X509's to stack */
wolfSSL 11:cee25a834751 14848 while (current != NULL) {
wolfSSL 11:cee25a834751 14849 WC_DerCertList* toFree = current;
wolfSSL 11:cee25a834751 14850 WOLFSSL_X509* x509;
wolfSSL 11:cee25a834751 14851
wolfSSL 11:cee25a834751 14852 x509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), heap,
wolfSSL 11:cee25a834751 14853 DYNAMIC_TYPE_X509);
wolfSSL 11:cee25a834751 14854 InitX509(x509, 1, heap);
wolfSSL 11:cee25a834751 14855 InitDecodedCert(&DeCert, current->buffer, current->bufferSz, heap);
wolfSSL 11:cee25a834751 14856 if (ParseCertRelative(&DeCert, CERT_TYPE, NO_VERIFY, NULL) != 0) {
wolfSSL 11:cee25a834751 14857 WOLFSSL_MSG("Issue with parsing certificate");
wolfSSL 11:cee25a834751 14858 FreeDecodedCert(&DeCert);
wolfSSL 11:cee25a834751 14859 wolfSSL_X509_free(x509);
wolfSSL 11:cee25a834751 14860 }
wolfSSL 11:cee25a834751 14861 else {
wolfSSL 11:cee25a834751 14862 if ((ret = CopyDecodedToX509(x509, &DeCert)) != 0) {
wolfSSL 11:cee25a834751 14863 WOLFSSL_MSG("Failed to copy decoded cert");
wolfSSL 11:cee25a834751 14864 FreeDecodedCert(&DeCert);
wolfSSL 11:cee25a834751 14865 wolfSSL_X509_free(x509);
wolfSSL 11:cee25a834751 14866 wolfSSL_sk_X509_free(*ca); *ca = NULL;
wolfSSL 11:cee25a834751 14867 if (pk != NULL) {
wolfSSL 11:cee25a834751 14868 XFREE(pk, heap, DYNAMIC_TYPE_PKCS);
wolfSSL 11:cee25a834751 14869 }
wolfSSL 11:cee25a834751 14870 if (certData != NULL) {
wolfSSL 11:cee25a834751 14871 XFREE(certData, heap, DYNAMIC_TYPE_PKCS);
wolfSSL 11:cee25a834751 14872 }
wolfSSL 11:cee25a834751 14873 /* Free up WC_DerCertList */
wolfSSL 11:cee25a834751 14874 while (current != NULL) {
wolfSSL 11:cee25a834751 14875 WC_DerCertList* next = current->next;
wolfSSL 11:cee25a834751 14876
wolfSSL 11:cee25a834751 14877 XFREE(current->buffer, heap, DYNAMIC_TYPE_PKCS);
wolfSSL 11:cee25a834751 14878 XFREE(current, heap, DYNAMIC_TYPE_PKCS);
wolfSSL 11:cee25a834751 14879 current = next;
wolfSSL 11:cee25a834751 14880 }
wolfSSL 11:cee25a834751 14881 return 0;
wolfSSL 11:cee25a834751 14882 }
wolfSSL 11:cee25a834751 14883 FreeDecodedCert(&DeCert);
wolfSSL 11:cee25a834751 14884
wolfSSL 11:cee25a834751 14885 if (wolfSSL_sk_X509_push(*ca, x509) != 1) {
wolfSSL 11:cee25a834751 14886 WOLFSSL_MSG("Failed to push x509 onto stack");
wolfSSL 11:cee25a834751 14887 wolfSSL_X509_free(x509);
wolfSSL 11:cee25a834751 14888 wolfSSL_sk_X509_free(*ca); *ca = NULL;
wolfSSL 11:cee25a834751 14889 if (pk != NULL) {
wolfSSL 11:cee25a834751 14890 XFREE(pk, heap, DYNAMIC_TYPE_PKCS);
wolfSSL 11:cee25a834751 14891 }
wolfSSL 11:cee25a834751 14892 if (certData != NULL) {
wolfSSL 11:cee25a834751 14893 XFREE(certData, heap, DYNAMIC_TYPE_PKCS);
wolfSSL 11:cee25a834751 14894 }
wolfSSL 11:cee25a834751 14895
wolfSSL 11:cee25a834751 14896 /* Free up WC_DerCertList */
wolfSSL 11:cee25a834751 14897 while (current != NULL) {
wolfSSL 11:cee25a834751 14898 WC_DerCertList* next = current->next;
wolfSSL 11:cee25a834751 14899
wolfSSL 11:cee25a834751 14900 XFREE(current->buffer, heap, DYNAMIC_TYPE_PKCS);
wolfSSL 11:cee25a834751 14901 XFREE(current, heap, DYNAMIC_TYPE_PKCS);
wolfSSL 11:cee25a834751 14902 current = next;
wolfSSL 11:cee25a834751 14903 }
wolfSSL 11:cee25a834751 14904 return 0;
wolfSSL 11:cee25a834751 14905 }
wolfSSL 11:cee25a834751 14906 }
wolfSSL 11:cee25a834751 14907 current = current->next;
wolfSSL 11:cee25a834751 14908 XFREE(toFree->buffer, heap, DYNAMIC_TYPE_PKCS);
wolfSSL 11:cee25a834751 14909 XFREE(toFree, heap, DYNAMIC_TYPE_PKCS);
wolfSSL 11:cee25a834751 14910 }
wolfSSL 11:cee25a834751 14911 }
wolfSSL 11:cee25a834751 14912
wolfSSL 11:cee25a834751 14913
wolfSSL 11:cee25a834751 14914 /* Decode cert and place in X509 struct */
wolfSSL 11:cee25a834751 14915 if (certData != NULL) {
wolfSSL 11:cee25a834751 14916 *cert = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), heap,
wolfSSL 11:cee25a834751 14917 DYNAMIC_TYPE_X509);
wolfSSL 11:cee25a834751 14918 if (*cert == NULL) {
wolfSSL 11:cee25a834751 14919 if (pk != NULL) {
wolfSSL 11:cee25a834751 14920 XFREE(pk, heap, DYNAMIC_TYPE_PKCS);
wolfSSL 11:cee25a834751 14921 }
wolfSSL 11:cee25a834751 14922 if (ca != NULL) {
wolfSSL 11:cee25a834751 14923 wolfSSL_sk_X509_free(*ca); *ca = NULL;
wolfSSL 11:cee25a834751 14924 }
wolfSSL 11:cee25a834751 14925 XFREE(certData, heap, DYNAMIC_TYPE_PKCS);
wolfSSL 11:cee25a834751 14926 return 0;
wolfSSL 11:cee25a834751 14927 }
wolfSSL 11:cee25a834751 14928 InitX509(*cert, 1, heap);
wolfSSL 11:cee25a834751 14929 InitDecodedCert(&DeCert, certData, certDataSz, heap);
wolfSSL 11:cee25a834751 14930 if (ParseCertRelative(&DeCert, CERT_TYPE, NO_VERIFY, NULL) != 0) {
wolfSSL 11:cee25a834751 14931 WOLFSSL_MSG("Issue with parsing certificate");
wolfSSL 11:cee25a834751 14932 }
wolfSSL 11:cee25a834751 14933 if ((ret = CopyDecodedToX509(*cert, &DeCert)) != 0) {
wolfSSL 11:cee25a834751 14934 WOLFSSL_MSG("Failed to copy decoded cert");
wolfSSL 11:cee25a834751 14935 FreeDecodedCert(&DeCert);
wolfSSL 11:cee25a834751 14936 if (pk != NULL) {
wolfSSL 11:cee25a834751 14937 XFREE(pk, heap, DYNAMIC_TYPE_PKCS);
wolfSSL 11:cee25a834751 14938 }
wolfSSL 11:cee25a834751 14939 if (ca != NULL) {
wolfSSL 11:cee25a834751 14940 wolfSSL_sk_X509_free(*ca); *ca = NULL;
wolfSSL 11:cee25a834751 14941 }
wolfSSL 11:cee25a834751 14942 wolfSSL_X509_free(*cert); *cert = NULL;
wolfSSL 11:cee25a834751 14943 return 0;
wolfSSL 11:cee25a834751 14944 }
wolfSSL 11:cee25a834751 14945 FreeDecodedCert(&DeCert);
wolfSSL 11:cee25a834751 14946 XFREE(certData, heap, DYNAMIC_TYPE_PKCS);
wolfSSL 11:cee25a834751 14947 }
wolfSSL 11:cee25a834751 14948
wolfSSL 11:cee25a834751 14949
wolfSSL 11:cee25a834751 14950 /* get key type */
wolfSSL 11:cee25a834751 14951 ret = BAD_STATE_E;
wolfSSL 11:cee25a834751 14952 if (pk != NULL) { /* decode key if present */
wolfSSL 11:cee25a834751 14953 /* using dynamic type public key because of wolfSSL_EVP_PKEY_free */
wolfSSL 11:cee25a834751 14954 *pkey = (WOLFSSL_EVP_PKEY*)XMALLOC(sizeof(WOLFSSL_EVP_PKEY),
wolfSSL 11:cee25a834751 14955 heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 11:cee25a834751 14956 if (*pkey == NULL) {
wolfSSL 11:cee25a834751 14957 wolfSSL_X509_free(*cert); *cert = NULL;
wolfSSL 11:cee25a834751 14958 if (ca != NULL) {
wolfSSL 11:cee25a834751 14959 wolfSSL_sk_X509_free(*ca); *ca = NULL;
wolfSSL 11:cee25a834751 14960 }
wolfSSL 11:cee25a834751 14961 XFREE(pk, heap, DYNAMIC_TYPE_PKCS);
wolfSSL 11:cee25a834751 14962 return 0;
wolfSSL 11:cee25a834751 14963 }
wolfSSL 11:cee25a834751 14964 #ifndef NO_RSA
wolfSSL 11:cee25a834751 14965 {
wolfSSL 11:cee25a834751 14966 word32 keyIdx = 0;
wolfSSL 11:cee25a834751 14967 RsaKey key;
wolfSSL 11:cee25a834751 14968
wolfSSL 11:cee25a834751 14969 if (wc_InitRsaKey(&key, heap) != 0) {
wolfSSL 11:cee25a834751 14970 ret = BAD_STATE_E;
wolfSSL 11:cee25a834751 14971 }
wolfSSL 11:cee25a834751 14972 else {
wolfSSL 11:cee25a834751 14973 if ((ret = wc_RsaPrivateKeyDecode(pk, &keyIdx, &key, pkSz))
wolfSSL 11:cee25a834751 14974 == 0) {
wolfSSL 11:cee25a834751 14975 (*pkey)->type = RSAk;
wolfSSL 11:cee25a834751 14976 WOLFSSL_MSG("Found PKCS12 RSA key");
wolfSSL 11:cee25a834751 14977 }
wolfSSL 11:cee25a834751 14978 wc_FreeRsaKey(&key);
wolfSSL 11:cee25a834751 14979 }
wolfSSL 11:cee25a834751 14980 }
wolfSSL 11:cee25a834751 14981 #endif /* NO_RSA */
wolfSSL 11:cee25a834751 14982
wolfSSL 11:cee25a834751 14983 #ifdef HAVE_ECC
wolfSSL 11:cee25a834751 14984 {
wolfSSL 11:cee25a834751 14985 word32 keyIdx = 0;
wolfSSL 11:cee25a834751 14986 ecc_key key;
wolfSSL 11:cee25a834751 14987
wolfSSL 11:cee25a834751 14988 if (ret != 0) { /* if is in fail state check if ECC key */
wolfSSL 11:cee25a834751 14989 if (wc_ecc_init(&key) != 0) {
wolfSSL 11:cee25a834751 14990 wolfSSL_X509_free(*cert); *cert = NULL;
wolfSSL 11:cee25a834751 14991 if (ca != NULL) {
wolfSSL 11:cee25a834751 14992 wolfSSL_sk_X509_free(*ca); *ca = NULL;
wolfSSL 11:cee25a834751 14993 }
wolfSSL 11:cee25a834751 14994 XFREE(*pkey, heap, DYNAMIC_TYPE_PUBLIC_KEY); *pkey = NULL;
wolfSSL 11:cee25a834751 14995 XFREE(pk, heap, DYNAMIC_TYPE_PKCS);
wolfSSL 11:cee25a834751 14996 return 0;
wolfSSL 11:cee25a834751 14997 }
wolfSSL 11:cee25a834751 14998
wolfSSL 11:cee25a834751 14999 if ((ret = wc_EccPrivateKeyDecode(pk, &keyIdx, &key, pkSz))
wolfSSL 11:cee25a834751 15000 != 0) {
wolfSSL 11:cee25a834751 15001 wolfSSL_X509_free(*cert); *cert = NULL;
wolfSSL 11:cee25a834751 15002 if (ca != NULL) {
wolfSSL 11:cee25a834751 15003 wolfSSL_sk_X509_free(*ca); *ca = NULL;
wolfSSL 11:cee25a834751 15004 }
wolfSSL 11:cee25a834751 15005 XFREE(*pkey, heap, DYNAMIC_TYPE_PUBLIC_KEY); *pkey = NULL;
wolfSSL 11:cee25a834751 15006 XFREE(pk, heap, DYNAMIC_TYPE_PKCS);
wolfSSL 11:cee25a834751 15007 WOLFSSL_MSG("Bad PKCS12 key format");
wolfSSL 11:cee25a834751 15008 return 0;
wolfSSL 11:cee25a834751 15009 }
wolfSSL 11:cee25a834751 15010 (*pkey)->type = ECDSAk;
wolfSSL 11:cee25a834751 15011 (*pkey)->pkey_curve = key.dp->oidSum;
wolfSSL 11:cee25a834751 15012 wc_ecc_free(&key);
wolfSSL 11:cee25a834751 15013 WOLFSSL_MSG("Found PKCS12 ECC key");
wolfSSL 11:cee25a834751 15014 }
wolfSSL 11:cee25a834751 15015 }
wolfSSL 11:cee25a834751 15016 #else
wolfSSL 11:cee25a834751 15017 if (ret != 0) { /* if is in fail state and no ECC then fail */
wolfSSL 11:cee25a834751 15018 wolfSSL_X509_free(*cert); *cert = NULL;
wolfSSL 11:cee25a834751 15019 if (ca != NULL) {
wolfSSL 11:cee25a834751 15020 wolfSSL_sk_X509_free(*ca); *ca = NULL;
wolfSSL 11:cee25a834751 15021 }
wolfSSL 11:cee25a834751 15022 XFREE(*pkey, heap, DYNAMIC_TYPE_PUBLIC_KEY); *pkey = NULL;
wolfSSL 11:cee25a834751 15023 XFREE(pk, heap, DYNAMIC_TYPE_PKCS);
wolfSSL 11:cee25a834751 15024 WOLFSSL_MSG("Bad PKCS12 key format");
wolfSSL 11:cee25a834751 15025 return 0;
wolfSSL 11:cee25a834751 15026 }
wolfSSL 11:cee25a834751 15027 #endif /* HAVE_ECC */
wolfSSL 11:cee25a834751 15028
wolfSSL 11:cee25a834751 15029 (*pkey)->save_type = 0;
wolfSSL 11:cee25a834751 15030 (*pkey)->pkey_sz = pkSz;
wolfSSL 11:cee25a834751 15031 (*pkey)->pkey.ptr = (char*)pk;
wolfSSL 11:cee25a834751 15032 }
wolfSSL 11:cee25a834751 15033
wolfSSL 11:cee25a834751 15034 (void)ret;
wolfSSL 11:cee25a834751 15035 (void)ca;
wolfSSL 11:cee25a834751 15036
wolfSSL 11:cee25a834751 15037 return 1;
wolfSSL 11:cee25a834751 15038 }
wolfSSL 11:cee25a834751 15039 #endif /* !defined(NO_ASN) && !defined(NO_PWDBASED) */
wolfSSL 11:cee25a834751 15040
wolfSSL 11:cee25a834751 15041
wolfSSL 11:cee25a834751 15042 /* no-op function. Was initially used for adding encryption algorithms available
wolfSSL 11:cee25a834751 15043 * for PKCS12 */
wolfSSL 11:cee25a834751 15044 void wolfSSL_PKCS12_PBE_add(void)
wolfSSL 11:cee25a834751 15045 {
wolfSSL 11:cee25a834751 15046 WOLFSSL_ENTER("wolfSSL_PKCS12_PBE_add");
wolfSSL 11:cee25a834751 15047 }
wolfSSL 11:cee25a834751 15048
wolfSSL 11:cee25a834751 15049
wolfSSL 11:cee25a834751 15050
wolfSSL 11:cee25a834751 15051 WOLFSSL_STACK* wolfSSL_X509_STORE_CTX_get_chain(WOLFSSL_X509_STORE_CTX* ctx)
wolfSSL 11:cee25a834751 15052 {
wolfSSL 11:cee25a834751 15053 if (ctx == NULL) {
wolfSSL 11:cee25a834751 15054 return NULL;
wolfSSL 11:cee25a834751 15055 }
wolfSSL 11:cee25a834751 15056
wolfSSL 11:cee25a834751 15057 return ctx->chain;
wolfSSL 11:cee25a834751 15058 }
wolfSSL 11:cee25a834751 15059
wolfSSL 11:cee25a834751 15060
wolfSSL 11:cee25a834751 15061 int wolfSSL_X509_STORE_add_cert(WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509)
wolfSSL 11:cee25a834751 15062 {
wolfSSL 11:cee25a834751 15063 int result = SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 15064
wolfSSL 11:cee25a834751 15065 WOLFSSL_ENTER("wolfSSL_X509_STORE_add_cert");
wolfSSL 11:cee25a834751 15066 if (store != NULL && store->cm != NULL && x509 != NULL
wolfSSL 11:cee25a834751 15067 && x509->derCert != NULL) {
wolfSSL 11:cee25a834751 15068 DerBuffer* derCert = NULL;
wolfSSL 11:cee25a834751 15069
wolfSSL 11:cee25a834751 15070 result = AllocDer(&derCert, x509->derCert->length,
wolfSSL 11:cee25a834751 15071 x509->derCert->type, NULL);
wolfSSL 11:cee25a834751 15072 if (result == 0) {
wolfSSL 11:cee25a834751 15073 /* AddCA() frees the buffer. */
wolfSSL 11:cee25a834751 15074 XMEMCPY(derCert->buffer,
wolfSSL 11:cee25a834751 15075 x509->derCert->buffer, x509->derCert->length);
wolfSSL 11:cee25a834751 15076 result = AddCA(store->cm, &derCert, WOLFSSL_USER_CA, 1);
wolfSSL 11:cee25a834751 15077 }
wolfSSL 11:cee25a834751 15078 }
wolfSSL 11:cee25a834751 15079
wolfSSL 11:cee25a834751 15080 WOLFSSL_LEAVE("wolfSSL_X509_STORE_add_cert", result);
wolfSSL 11:cee25a834751 15081
wolfSSL 11:cee25a834751 15082 if (result != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 15083 result = SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 15084 }
wolfSSL 11:cee25a834751 15085
wolfSSL 11:cee25a834751 15086 return result;
wolfSSL 11:cee25a834751 15087 }
wolfSSL 11:cee25a834751 15088
wolfSSL 11:cee25a834751 15089
wolfSSL 11:cee25a834751 15090 WOLFSSL_X509_STORE* wolfSSL_X509_STORE_new(void)
wolfSSL 11:cee25a834751 15091 {
wolfSSL 11:cee25a834751 15092 WOLFSSL_X509_STORE* store = NULL;
wolfSSL 11:cee25a834751 15093
wolfSSL 11:cee25a834751 15094 store = (WOLFSSL_X509_STORE*)XMALLOC(sizeof(WOLFSSL_X509_STORE), NULL,
wolfSSL 11:cee25a834751 15095 DYNAMIC_TYPE_X509_STORE);
wolfSSL 11:cee25a834751 15096 if (store != NULL) {
wolfSSL 11:cee25a834751 15097 store->cm = wolfSSL_CertManagerNew();
wolfSSL 11:cee25a834751 15098 if (store->cm == NULL) {
wolfSSL 11:cee25a834751 15099 XFREE(store, NULL, DYNAMIC_TYPE_X509_STORE);
wolfSSL 11:cee25a834751 15100 store = NULL;
wolfSSL 11:cee25a834751 15101 }
wolfSSL 11:cee25a834751 15102 else
wolfSSL 11:cee25a834751 15103 store->isDynamic = 1;
wolfSSL 11:cee25a834751 15104 }
wolfSSL 11:cee25a834751 15105
wolfSSL 11:cee25a834751 15106 return store;
wolfSSL 11:cee25a834751 15107 }
wolfSSL 11:cee25a834751 15108
wolfSSL 11:cee25a834751 15109
wolfSSL 11:cee25a834751 15110 void wolfSSL_X509_STORE_free(WOLFSSL_X509_STORE* store)
wolfSSL 11:cee25a834751 15111 {
wolfSSL 11:cee25a834751 15112 if (store != NULL && store->isDynamic) {
wolfSSL 11:cee25a834751 15113 if (store->cm != NULL)
wolfSSL 11:cee25a834751 15114 wolfSSL_CertManagerFree(store->cm);
wolfSSL 11:cee25a834751 15115 XFREE(store, NULL, DYNAMIC_TYPE_X509_STORE);
wolfSSL 11:cee25a834751 15116 }
wolfSSL 11:cee25a834751 15117 }
wolfSSL 11:cee25a834751 15118
wolfSSL 11:cee25a834751 15119
wolfSSL 11:cee25a834751 15120 int wolfSSL_X509_STORE_set_flags(WOLFSSL_X509_STORE* store, unsigned long flag)
wolfSSL 11:cee25a834751 15121 {
wolfSSL 11:cee25a834751 15122 int ret = SSL_SUCCESS;
wolfSSL 11:cee25a834751 15123
wolfSSL 11:cee25a834751 15124 WOLFSSL_ENTER("wolfSSL_X509_STORE_set_flags");
wolfSSL 11:cee25a834751 15125
wolfSSL 11:cee25a834751 15126 if ((flag & WOLFSSL_CRL_CHECKALL) || (flag & WOLFSSL_CRL_CHECK)) {
wolfSSL 11:cee25a834751 15127 ret = wolfSSL_CertManagerEnableCRL(store->cm, (int)flag);
wolfSSL 11:cee25a834751 15128 }
wolfSSL 11:cee25a834751 15129
wolfSSL 11:cee25a834751 15130 (void)store;
wolfSSL 11:cee25a834751 15131 (void)flag;
wolfSSL 11:cee25a834751 15132
wolfSSL 11:cee25a834751 15133 return ret;
wolfSSL 11:cee25a834751 15134 }
wolfSSL 11:cee25a834751 15135
wolfSSL 11:cee25a834751 15136
wolfSSL 11:cee25a834751 15137 int wolfSSL_X509_STORE_set_default_paths(WOLFSSL_X509_STORE* store)
wolfSSL 11:cee25a834751 15138 {
wolfSSL 11:cee25a834751 15139 (void)store;
wolfSSL 11:cee25a834751 15140 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 15141 }
wolfSSL 11:cee25a834751 15142
wolfSSL 11:cee25a834751 15143
wolfSSL 11:cee25a834751 15144 int wolfSSL_X509_STORE_get_by_subject(WOLFSSL_X509_STORE_CTX* ctx, int idx,
wolfSSL 11:cee25a834751 15145 WOLFSSL_X509_NAME* name, WOLFSSL_X509_OBJECT* obj)
wolfSSL 11:cee25a834751 15146 {
wolfSSL 11:cee25a834751 15147 (void)ctx;
wolfSSL 11:cee25a834751 15148 (void)idx;
wolfSSL 11:cee25a834751 15149 (void)name;
wolfSSL 11:cee25a834751 15150 (void)obj;
wolfSSL 11:cee25a834751 15151 return 0;
wolfSSL 11:cee25a834751 15152 }
wolfSSL 11:cee25a834751 15153
wolfSSL 11:cee25a834751 15154
wolfSSL 11:cee25a834751 15155 WOLFSSL_X509_STORE_CTX* wolfSSL_X509_STORE_CTX_new(void)
wolfSSL 11:cee25a834751 15156 {
wolfSSL 11:cee25a834751 15157 WOLFSSL_X509_STORE_CTX* ctx = (WOLFSSL_X509_STORE_CTX*)XMALLOC(
wolfSSL 11:cee25a834751 15158 sizeof(WOLFSSL_X509_STORE_CTX), NULL,
wolfSSL 11:cee25a834751 15159 DYNAMIC_TYPE_X509_CTX);
wolfSSL 11:cee25a834751 15160 if (ctx != NULL)
wolfSSL 11:cee25a834751 15161 wolfSSL_X509_STORE_CTX_init(ctx, NULL, NULL, NULL);
wolfSSL 11:cee25a834751 15162
wolfSSL 11:cee25a834751 15163 return ctx;
wolfSSL 11:cee25a834751 15164 }
wolfSSL 11:cee25a834751 15165
wolfSSL 11:cee25a834751 15166
wolfSSL 11:cee25a834751 15167 int wolfSSL_X509_STORE_CTX_init(WOLFSSL_X509_STORE_CTX* ctx,
wolfSSL 11:cee25a834751 15168 WOLFSSL_X509_STORE* store, WOLFSSL_X509* x509, STACK_OF(WOLFSSL_X509)* sk)
wolfSSL 11:cee25a834751 15169 {
wolfSSL 11:cee25a834751 15170 (void)sk;
wolfSSL 11:cee25a834751 15171 WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_init");
wolfSSL 11:cee25a834751 15172 if (ctx != NULL) {
wolfSSL 11:cee25a834751 15173 ctx->store = store;
wolfSSL 11:cee25a834751 15174 ctx->current_cert = x509;
wolfSSL 11:cee25a834751 15175 ctx->chain = sk;
wolfSSL 11:cee25a834751 15176 ctx->domain = NULL;
wolfSSL 11:cee25a834751 15177 #ifdef HAVE_EX_DATA
wolfSSL 11:cee25a834751 15178 ctx->ex_data = NULL;
wolfSSL 11:cee25a834751 15179 #endif
wolfSSL 11:cee25a834751 15180 ctx->userCtx = NULL;
wolfSSL 11:cee25a834751 15181 ctx->error = 0;
wolfSSL 11:cee25a834751 15182 ctx->error_depth = 0;
wolfSSL 11:cee25a834751 15183 ctx->discardSessionCerts = 0;
wolfSSL 11:cee25a834751 15184 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 15185 }
wolfSSL 11:cee25a834751 15186 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 15187 }
wolfSSL 11:cee25a834751 15188
wolfSSL 11:cee25a834751 15189
wolfSSL 11:cee25a834751 15190 void wolfSSL_X509_STORE_CTX_free(WOLFSSL_X509_STORE_CTX* ctx)
wolfSSL 11:cee25a834751 15191 {
wolfSSL 11:cee25a834751 15192 if (ctx != NULL) {
wolfSSL 11:cee25a834751 15193 if (ctx->store != NULL)
wolfSSL 11:cee25a834751 15194 wolfSSL_X509_STORE_free(ctx->store);
wolfSSL 11:cee25a834751 15195 if (ctx->current_cert != NULL)
wolfSSL 11:cee25a834751 15196 wolfSSL_FreeX509(ctx->current_cert);
wolfSSL 11:cee25a834751 15197 if (ctx->chain != NULL)
wolfSSL 11:cee25a834751 15198 wolfSSL_sk_X509_free(ctx->chain);
wolfSSL 11:cee25a834751 15199 XFREE(ctx, NULL, DYNAMIC_TYPE_X509_CTX);
wolfSSL 11:cee25a834751 15200 }
wolfSSL 11:cee25a834751 15201 }
wolfSSL 11:cee25a834751 15202
wolfSSL 11:cee25a834751 15203
wolfSSL 11:cee25a834751 15204 void wolfSSL_X509_STORE_CTX_cleanup(WOLFSSL_X509_STORE_CTX* ctx)
wolfSSL 11:cee25a834751 15205 {
wolfSSL 11:cee25a834751 15206 (void)ctx;
wolfSSL 11:cee25a834751 15207 }
wolfSSL 11:cee25a834751 15208
wolfSSL 11:cee25a834751 15209
wolfSSL 11:cee25a834751 15210 int wolfSSL_X509_verify_cert(WOLFSSL_X509_STORE_CTX* ctx)
wolfSSL 11:cee25a834751 15211 {
wolfSSL 11:cee25a834751 15212 if (ctx != NULL && ctx->store != NULL && ctx->store->cm != NULL
wolfSSL 11:cee25a834751 15213 && ctx->current_cert != NULL && ctx->current_cert->derCert != NULL) {
wolfSSL 11:cee25a834751 15214 return wolfSSL_CertManagerVerifyBuffer(ctx->store->cm,
wolfSSL 11:cee25a834751 15215 ctx->current_cert->derCert->buffer,
wolfSSL 11:cee25a834751 15216 ctx->current_cert->derCert->length,
wolfSSL 11:cee25a834751 15217 SSL_FILETYPE_ASN1);
wolfSSL 11:cee25a834751 15218 }
wolfSSL 11:cee25a834751 15219 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 15220 }
wolfSSL 11:cee25a834751 15221 #endif /* NO_CERTS */
wolfSSL 11:cee25a834751 15222
wolfSSL 11:cee25a834751 15223
wolfSSL 11:cee25a834751 15224 WOLFSSL_ASN1_TIME* wolfSSL_X509_CRL_get_lastUpdate(WOLFSSL_X509_CRL* crl)
wolfSSL 11:cee25a834751 15225 {
wolfSSL 11:cee25a834751 15226 (void)crl;
wolfSSL 11:cee25a834751 15227 return 0;
wolfSSL 11:cee25a834751 15228 }
wolfSSL 11:cee25a834751 15229
wolfSSL 11:cee25a834751 15230
wolfSSL 11:cee25a834751 15231 WOLFSSL_ASN1_TIME* wolfSSL_X509_CRL_get_nextUpdate(WOLFSSL_X509_CRL* crl)
wolfSSL 11:cee25a834751 15232 {
wolfSSL 11:cee25a834751 15233 (void)crl;
wolfSSL 11:cee25a834751 15234 return 0;
wolfSSL 11:cee25a834751 15235 }
wolfSSL 11:cee25a834751 15236
wolfSSL 11:cee25a834751 15237
wolfSSL 11:cee25a834751 15238
wolfSSL 11:cee25a834751 15239 WOLFSSL_EVP_PKEY* wolfSSL_X509_get_pubkey(WOLFSSL_X509* x509)
wolfSSL 11:cee25a834751 15240 {
wolfSSL 11:cee25a834751 15241 WOLFSSL_EVP_PKEY* key = NULL;
wolfSSL 11:cee25a834751 15242 if (x509 != NULL) {
wolfSSL 11:cee25a834751 15243 key = (WOLFSSL_EVP_PKEY*)XMALLOC(
wolfSSL 11:cee25a834751 15244 sizeof(WOLFSSL_EVP_PKEY), x509->heap,
wolfSSL 11:cee25a834751 15245 DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 11:cee25a834751 15246 if (key != NULL) {
wolfSSL 11:cee25a834751 15247 key->type = x509->pubKeyOID;
wolfSSL 11:cee25a834751 15248 key->save_type = 0;
wolfSSL 11:cee25a834751 15249 key->pkey.ptr = (char*)XMALLOC(
wolfSSL 11:cee25a834751 15250 x509->pubKey.length, x509->heap,
wolfSSL 11:cee25a834751 15251 DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 11:cee25a834751 15252 if (key->pkey.ptr == NULL) {
wolfSSL 11:cee25a834751 15253 XFREE(key, x509->heap, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 11:cee25a834751 15254 return NULL;
wolfSSL 11:cee25a834751 15255 }
wolfSSL 11:cee25a834751 15256 XMEMCPY(key->pkey.ptr,
wolfSSL 11:cee25a834751 15257 x509->pubKey.buffer, x509->pubKey.length);
wolfSSL 11:cee25a834751 15258 key->pkey_sz = x509->pubKey.length;
wolfSSL 11:cee25a834751 15259 #ifdef HAVE_ECC
wolfSSL 11:cee25a834751 15260 key->pkey_curve = (int)x509->pkCurveOID;
wolfSSL 11:cee25a834751 15261 #endif /* HAVE_ECC */
wolfSSL 11:cee25a834751 15262 }
wolfSSL 11:cee25a834751 15263 }
wolfSSL 11:cee25a834751 15264 return key;
wolfSSL 11:cee25a834751 15265 }
wolfSSL 11:cee25a834751 15266
wolfSSL 11:cee25a834751 15267
wolfSSL 11:cee25a834751 15268 int wolfSSL_X509_CRL_verify(WOLFSSL_X509_CRL* crl, WOLFSSL_EVP_PKEY* key)
wolfSSL 11:cee25a834751 15269 {
wolfSSL 11:cee25a834751 15270 (void)crl;
wolfSSL 11:cee25a834751 15271 (void)key;
wolfSSL 11:cee25a834751 15272 return 0;
wolfSSL 11:cee25a834751 15273 }
wolfSSL 11:cee25a834751 15274
wolfSSL 11:cee25a834751 15275
wolfSSL 11:cee25a834751 15276 void wolfSSL_X509_STORE_CTX_set_error(WOLFSSL_X509_STORE_CTX* ctx, int err)
wolfSSL 11:cee25a834751 15277 {
wolfSSL 11:cee25a834751 15278 (void)ctx;
wolfSSL 11:cee25a834751 15279 (void)err;
wolfSSL 11:cee25a834751 15280 }
wolfSSL 11:cee25a834751 15281
wolfSSL 11:cee25a834751 15282
wolfSSL 11:cee25a834751 15283 void wolfSSL_X509_OBJECT_free_contents(WOLFSSL_X509_OBJECT* obj)
wolfSSL 11:cee25a834751 15284 {
wolfSSL 11:cee25a834751 15285 (void)obj;
wolfSSL 11:cee25a834751 15286 }
wolfSSL 11:cee25a834751 15287
wolfSSL 11:cee25a834751 15288
wolfSSL 11:cee25a834751 15289 WOLFSSL_EVP_PKEY* wolfSSL_PKEY_new()
wolfSSL 11:cee25a834751 15290 {
wolfSSL 11:cee25a834751 15291 WOLFSSL_EVP_PKEY* pkey;
wolfSSL 11:cee25a834751 15292
wolfSSL 11:cee25a834751 15293 pkey = (WOLFSSL_EVP_PKEY*)XMALLOC(sizeof(WOLFSSL_EVP_PKEY), NULL,
wolfSSL 11:cee25a834751 15294 DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 11:cee25a834751 15295 if (pkey != NULL) {
wolfSSL 11:cee25a834751 15296 XMEMSET(pkey, 0, sizeof(WOLFSSL_EVP_PKEY));
wolfSSL 11:cee25a834751 15297 }
wolfSSL 11:cee25a834751 15298
wolfSSL 11:cee25a834751 15299 return pkey;
wolfSSL 11:cee25a834751 15300 }
wolfSSL 11:cee25a834751 15301
wolfSSL 11:cee25a834751 15302
wolfSSL 11:cee25a834751 15303 void wolfSSL_EVP_PKEY_free(WOLFSSL_EVP_PKEY* key)
wolfSSL 11:cee25a834751 15304 {
wolfSSL 11:cee25a834751 15305 if (key != NULL) {
wolfSSL 11:cee25a834751 15306 if (key->pkey.ptr != NULL)
wolfSSL 11:cee25a834751 15307 XFREE(key->pkey.ptr, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 11:cee25a834751 15308 XFREE(key, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
wolfSSL 11:cee25a834751 15309 }
wolfSSL 11:cee25a834751 15310 }
wolfSSL 11:cee25a834751 15311
wolfSSL 11:cee25a834751 15312
wolfSSL 11:cee25a834751 15313 int wolfSSL_X509_cmp_current_time(const WOLFSSL_ASN1_TIME* asnTime)
wolfSSL 11:cee25a834751 15314 {
wolfSSL 11:cee25a834751 15315 (void)asnTime;
wolfSSL 11:cee25a834751 15316 return 0;
wolfSSL 11:cee25a834751 15317 }
wolfSSL 11:cee25a834751 15318
wolfSSL 11:cee25a834751 15319
wolfSSL 11:cee25a834751 15320 int wolfSSL_sk_X509_REVOKED_num(WOLFSSL_X509_REVOKED* revoked)
wolfSSL 11:cee25a834751 15321 {
wolfSSL 11:cee25a834751 15322 (void)revoked;
wolfSSL 11:cee25a834751 15323 return 0;
wolfSSL 11:cee25a834751 15324 }
wolfSSL 11:cee25a834751 15325
wolfSSL 11:cee25a834751 15326
wolfSSL 11:cee25a834751 15327
wolfSSL 11:cee25a834751 15328 WOLFSSL_X509_REVOKED* wolfSSL_X509_CRL_get_REVOKED(WOLFSSL_X509_CRL* crl)
wolfSSL 11:cee25a834751 15329 {
wolfSSL 11:cee25a834751 15330 (void)crl;
wolfSSL 11:cee25a834751 15331 return 0;
wolfSSL 11:cee25a834751 15332 }
wolfSSL 11:cee25a834751 15333
wolfSSL 11:cee25a834751 15334
wolfSSL 11:cee25a834751 15335 WOLFSSL_X509_REVOKED* wolfSSL_sk_X509_REVOKED_value(
wolfSSL 11:cee25a834751 15336 WOLFSSL_X509_REVOKED* revoked, int value)
wolfSSL 11:cee25a834751 15337 {
wolfSSL 11:cee25a834751 15338 (void)revoked;
wolfSSL 11:cee25a834751 15339 (void)value;
wolfSSL 11:cee25a834751 15340 return 0;
wolfSSL 11:cee25a834751 15341 }
wolfSSL 11:cee25a834751 15342
wolfSSL 11:cee25a834751 15343
wolfSSL 11:cee25a834751 15344
wolfSSL 11:cee25a834751 15345 WOLFSSL_ASN1_INTEGER* wolfSSL_X509_get_serialNumber(WOLFSSL_X509* x509)
wolfSSL 11:cee25a834751 15346 {
wolfSSL 11:cee25a834751 15347 WOLFSSL_ASN1_INTEGER* a;
wolfSSL 11:cee25a834751 15348 int i = 0;
wolfSSL 11:cee25a834751 15349
wolfSSL 11:cee25a834751 15350 WOLFSSL_ENTER("wolfSSL_X509_get_serialNumber");
wolfSSL 11:cee25a834751 15351
wolfSSL 11:cee25a834751 15352 a = (WOLFSSL_ASN1_INTEGER*)XMALLOC(sizeof(WOLFSSL_ASN1_INTEGER), NULL,
wolfSSL 11:cee25a834751 15353 DYNAMIC_TYPE_OPENSSL);
wolfSSL 11:cee25a834751 15354 if (a == NULL)
wolfSSL 11:cee25a834751 15355 return NULL;
wolfSSL 11:cee25a834751 15356
wolfSSL 11:cee25a834751 15357 /* Make sure there is space for the data, ASN.1 type and length. */
wolfSSL 11:cee25a834751 15358 if (x509->serialSz > (int)(sizeof(WOLFSSL_ASN1_INTEGER) - 2)) {
wolfSSL 11:cee25a834751 15359 XFREE(a, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL 11:cee25a834751 15360 return NULL;
wolfSSL 11:cee25a834751 15361 }
wolfSSL 11:cee25a834751 15362
wolfSSL 11:cee25a834751 15363 a->data[i++] = ASN_INTEGER;
wolfSSL 11:cee25a834751 15364 a->data[i++] = (unsigned char)x509->serialSz;
wolfSSL 11:cee25a834751 15365 XMEMCPY(&a->data[i], x509->serial, x509->serialSz);
wolfSSL 11:cee25a834751 15366
wolfSSL 11:cee25a834751 15367 return a;
wolfSSL 11:cee25a834751 15368 }
wolfSSL 11:cee25a834751 15369
wolfSSL 11:cee25a834751 15370
wolfSSL 11:cee25a834751 15371 #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
wolfSSL 11:cee25a834751 15372 int wolfSSL_ASN1_TIME_print(WOLFSSL_BIO* bio, const WOLFSSL_ASN1_TIME* asnTime)
wolfSSL 11:cee25a834751 15373 {
wolfSSL 11:cee25a834751 15374 char buf[MAX_TIME_STRING_SZ];
wolfSSL 11:cee25a834751 15375
wolfSSL 11:cee25a834751 15376 WOLFSSL_ENTER("wolfSSL_ASN1_TIME_print");
wolfSSL 11:cee25a834751 15377
wolfSSL 11:cee25a834751 15378 if (bio == NULL || asnTime == NULL)
wolfSSL 11:cee25a834751 15379 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 15380
wolfSSL 11:cee25a834751 15381 wolfSSL_ASN1_TIME_to_string((WOLFSSL_ASN1_TIME*)asnTime, buf, sizeof(buf));
wolfSSL 11:cee25a834751 15382 wolfSSL_BIO_write(bio, buf, (int)XSTRLEN(buf));
wolfSSL 11:cee25a834751 15383
wolfSSL 11:cee25a834751 15384 return 0;
wolfSSL 11:cee25a834751 15385 }
wolfSSL 11:cee25a834751 15386 #endif
wolfSSL 11:cee25a834751 15387
wolfSSL 11:cee25a834751 15388
wolfSSL 11:cee25a834751 15389 #if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
wolfSSL 11:cee25a834751 15390 char* wolfSSL_ASN1_TIME_to_string(WOLFSSL_ASN1_TIME* t, char* buf, int len)
wolfSSL 11:cee25a834751 15391 {
wolfSSL 11:cee25a834751 15392 int format;
wolfSSL 11:cee25a834751 15393 int dateLen;
wolfSSL 11:cee25a834751 15394 byte* date = (byte*)t;
wolfSSL 11:cee25a834751 15395
wolfSSL 11:cee25a834751 15396 WOLFSSL_ENTER("wolfSSL_ASN1_TIME_to_string");
wolfSSL 11:cee25a834751 15397
wolfSSL 11:cee25a834751 15398 if (t == NULL || buf == NULL || len < 5) {
wolfSSL 11:cee25a834751 15399 WOLFSSL_MSG("Bad argument");
wolfSSL 11:cee25a834751 15400 return NULL;
wolfSSL 11:cee25a834751 15401 }
wolfSSL 11:cee25a834751 15402
wolfSSL 11:cee25a834751 15403 format = *date; date++;
wolfSSL 11:cee25a834751 15404 dateLen = *date; date++;
wolfSSL 11:cee25a834751 15405 if (dateLen > len) {
wolfSSL 11:cee25a834751 15406 WOLFSSL_MSG("Length of date is longer then buffer");
wolfSSL 11:cee25a834751 15407 return NULL;
wolfSSL 11:cee25a834751 15408 }
wolfSSL 11:cee25a834751 15409
wolfSSL 11:cee25a834751 15410 if (!GetTimeString(date, format, buf, len)) {
wolfSSL 11:cee25a834751 15411 return NULL;
wolfSSL 11:cee25a834751 15412 }
wolfSSL 11:cee25a834751 15413
wolfSSL 11:cee25a834751 15414 return buf;
wolfSSL 11:cee25a834751 15415 }
wolfSSL 11:cee25a834751 15416 #endif /* WOLFSSL_MYSQL_COMPATIBLE */
wolfSSL 11:cee25a834751 15417
wolfSSL 11:cee25a834751 15418
wolfSSL 11:cee25a834751 15419 int wolfSSL_ASN1_INTEGER_cmp(const WOLFSSL_ASN1_INTEGER* a,
wolfSSL 11:cee25a834751 15420 const WOLFSSL_ASN1_INTEGER* b)
wolfSSL 11:cee25a834751 15421 {
wolfSSL 11:cee25a834751 15422 (void)a;
wolfSSL 11:cee25a834751 15423 (void)b;
wolfSSL 11:cee25a834751 15424 return 0;
wolfSSL 11:cee25a834751 15425 }
wolfSSL 11:cee25a834751 15426
wolfSSL 11:cee25a834751 15427
wolfSSL 11:cee25a834751 15428 long wolfSSL_ASN1_INTEGER_get(const WOLFSSL_ASN1_INTEGER* i)
wolfSSL 11:cee25a834751 15429 {
wolfSSL 11:cee25a834751 15430 (void)i;
wolfSSL 11:cee25a834751 15431 return 0;
wolfSSL 11:cee25a834751 15432 }
wolfSSL 11:cee25a834751 15433
wolfSSL 11:cee25a834751 15434
wolfSSL 11:cee25a834751 15435 void* wolfSSL_X509_STORE_CTX_get_ex_data(WOLFSSL_X509_STORE_CTX* ctx, int idx)
wolfSSL 11:cee25a834751 15436 {
wolfSSL 11:cee25a834751 15437 WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_get_ex_data");
wolfSSL 11:cee25a834751 15438 #if defined(HAVE_EX_DATA) || defined(FORTRESS)
wolfSSL 11:cee25a834751 15439 if (ctx != NULL && idx == 0)
wolfSSL 11:cee25a834751 15440 return ctx->ex_data;
wolfSSL 11:cee25a834751 15441 #else
wolfSSL 11:cee25a834751 15442 (void)ctx;
wolfSSL 11:cee25a834751 15443 (void)idx;
wolfSSL 11:cee25a834751 15444 #endif
wolfSSL 11:cee25a834751 15445 return 0;
wolfSSL 11:cee25a834751 15446 }
wolfSSL 11:cee25a834751 15447
wolfSSL 11:cee25a834751 15448
wolfSSL 11:cee25a834751 15449 int wolfSSL_get_ex_data_X509_STORE_CTX_idx(void)
wolfSSL 11:cee25a834751 15450 {
wolfSSL 11:cee25a834751 15451 WOLFSSL_ENTER("wolfSSL_get_ex_data_X509_STORE_CTX_idx");
wolfSSL 11:cee25a834751 15452 return 0;
wolfSSL 11:cee25a834751 15453 }
wolfSSL 11:cee25a834751 15454
wolfSSL 11:cee25a834751 15455
wolfSSL 11:cee25a834751 15456 void wolfSSL_CTX_set_info_callback(WOLFSSL_CTX* ctx,
wolfSSL 11:cee25a834751 15457 void (*f)(const WOLFSSL* ssl, int type, int val))
wolfSSL 11:cee25a834751 15458 {
wolfSSL 11:cee25a834751 15459 (void)ctx;
wolfSSL 11:cee25a834751 15460 (void)f;
wolfSSL 11:cee25a834751 15461 }
wolfSSL 11:cee25a834751 15462
wolfSSL 11:cee25a834751 15463
wolfSSL 11:cee25a834751 15464 unsigned long wolfSSL_ERR_peek_error(void)
wolfSSL 11:cee25a834751 15465 {
wolfSSL 11:cee25a834751 15466 WOLFSSL_ENTER("wolfSSL_ERR_peek_error");
wolfSSL 11:cee25a834751 15467
wolfSSL 11:cee25a834751 15468 #ifdef OPENSSL_EXTRA
wolfSSL 11:cee25a834751 15469 return wolfSSL_ERR_peek_error_line_data(NULL, NULL, NULL, NULL);
wolfSSL 11:cee25a834751 15470 #else
wolfSSL 11:cee25a834751 15471 return 0;
wolfSSL 11:cee25a834751 15472 #endif
wolfSSL 11:cee25a834751 15473 }
wolfSSL 11:cee25a834751 15474
wolfSSL 11:cee25a834751 15475
wolfSSL 11:cee25a834751 15476 int wolfSSL_ERR_GET_REASON(unsigned long err)
wolfSSL 11:cee25a834751 15477 {
wolfSSL 11:cee25a834751 15478 #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
wolfSSL 11:cee25a834751 15479 /* Nginx looks for this error to know to stop parsing certificates. */
wolfSSL 11:cee25a834751 15480 if (err == ((ERR_LIB_PEM << 24) | PEM_R_NO_START_LINE))
wolfSSL 11:cee25a834751 15481 return PEM_R_NO_START_LINE;
wolfSSL 11:cee25a834751 15482 #endif
wolfSSL 11:cee25a834751 15483 (void)err;
wolfSSL 11:cee25a834751 15484 return 0;
wolfSSL 11:cee25a834751 15485 }
wolfSSL 11:cee25a834751 15486
wolfSSL 11:cee25a834751 15487
wolfSSL 11:cee25a834751 15488 char* wolfSSL_alert_type_string_long(int alertID)
wolfSSL 11:cee25a834751 15489 {
wolfSSL 11:cee25a834751 15490 (void)alertID;
wolfSSL 11:cee25a834751 15491 return 0;
wolfSSL 11:cee25a834751 15492 }
wolfSSL 11:cee25a834751 15493
wolfSSL 11:cee25a834751 15494
wolfSSL 11:cee25a834751 15495 char* wolfSSL_alert_desc_string_long(int alertID)
wolfSSL 11:cee25a834751 15496 {
wolfSSL 11:cee25a834751 15497 (void)alertID;
wolfSSL 11:cee25a834751 15498 return 0;
wolfSSL 11:cee25a834751 15499 }
wolfSSL 11:cee25a834751 15500
wolfSSL 11:cee25a834751 15501
wolfSSL 11:cee25a834751 15502 char* wolfSSL_state_string_long(const WOLFSSL* ssl)
wolfSSL 11:cee25a834751 15503 {
wolfSSL 11:cee25a834751 15504 (void)ssl;
wolfSSL 11:cee25a834751 15505 return 0;
wolfSSL 11:cee25a834751 15506 }
wolfSSL 11:cee25a834751 15507
wolfSSL 11:cee25a834751 15508
wolfSSL 11:cee25a834751 15509 int wolfSSL_PEM_def_callback(char* name, int num, int w, void* key)
wolfSSL 11:cee25a834751 15510 {
wolfSSL 11:cee25a834751 15511 (void)name;
wolfSSL 11:cee25a834751 15512 (void)num;
wolfSSL 11:cee25a834751 15513 (void)w;
wolfSSL 11:cee25a834751 15514 (void)key;
wolfSSL 11:cee25a834751 15515 return 0;
wolfSSL 11:cee25a834751 15516 }
wolfSSL 11:cee25a834751 15517
wolfSSL 11:cee25a834751 15518
wolfSSL 11:cee25a834751 15519 unsigned long wolfSSL_set_options(WOLFSSL* ssl, unsigned long op)
wolfSSL 11:cee25a834751 15520 {
wolfSSL 11:cee25a834751 15521 WOLFSSL_ENTER("wolfSSL_set_options");
wolfSSL 11:cee25a834751 15522
wolfSSL 11:cee25a834751 15523 if (ssl == NULL) {
wolfSSL 11:cee25a834751 15524 return 0;
wolfSSL 11:cee25a834751 15525 }
wolfSSL 11:cee25a834751 15526
wolfSSL 11:cee25a834751 15527 /* if SSL_OP_ALL then turn all bug workarounds one */
wolfSSL 11:cee25a834751 15528 if ((op & SSL_OP_ALL) == SSL_OP_ALL) {
wolfSSL 11:cee25a834751 15529 WOLFSSL_MSG("\tSSL_OP_ALL");
wolfSSL 11:cee25a834751 15530
wolfSSL 11:cee25a834751 15531 op |= SSL_OP_MICROSOFT_SESS_ID_BUG;
wolfSSL 11:cee25a834751 15532 op |= SSL_OP_NETSCAPE_CHALLENGE_BUG;
wolfSSL 11:cee25a834751 15533 op |= SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG;
wolfSSL 11:cee25a834751 15534 op |= SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG;
wolfSSL 11:cee25a834751 15535 op |= SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER;
wolfSSL 11:cee25a834751 15536 op |= SSL_OP_MSIE_SSLV2_RSA_PADDING;
wolfSSL 11:cee25a834751 15537 op |= SSL_OP_SSLEAY_080_CLIENT_DH_BUG;
wolfSSL 11:cee25a834751 15538 op |= SSL_OP_TLS_D5_BUG;
wolfSSL 11:cee25a834751 15539 op |= SSL_OP_TLS_BLOCK_PADDING_BUG;
wolfSSL 11:cee25a834751 15540 op |= SSL_OP_TLS_ROLLBACK_BUG;
wolfSSL 11:cee25a834751 15541 op |= SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
wolfSSL 11:cee25a834751 15542 }
wolfSSL 11:cee25a834751 15543
wolfSSL 11:cee25a834751 15544 ssl->options.mask |= op;
wolfSSL 11:cee25a834751 15545
wolfSSL 11:cee25a834751 15546 /* by default cookie exchange is on with DTLS */
wolfSSL 11:cee25a834751 15547 if ((ssl->options.mask & SSL_OP_COOKIE_EXCHANGE) == SSL_OP_COOKIE_EXCHANGE) {
wolfSSL 11:cee25a834751 15548 WOLFSSL_MSG("\tSSL_OP_COOKIE_EXCHANGE : on by default");
wolfSSL 11:cee25a834751 15549 }
wolfSSL 11:cee25a834751 15550
wolfSSL 11:cee25a834751 15551 if ((ssl->options.mask & SSL_OP_NO_SSLv2) == SSL_OP_NO_SSLv2) {
wolfSSL 11:cee25a834751 15552 WOLFSSL_MSG("\tSSL_OP_NO_SSLv2 : wolfSSL does not support SSLv2");
wolfSSL 11:cee25a834751 15553 }
wolfSSL 11:cee25a834751 15554
wolfSSL 11:cee25a834751 15555 if ((ssl->options.mask & SSL_OP_NO_TLSv1_2) == SSL_OP_NO_TLSv1_2) {
wolfSSL 11:cee25a834751 15556 WOLFSSL_MSG("\tSSL_OP_NO_TLSv1_2");
wolfSSL 11:cee25a834751 15557 if (ssl->version.minor == TLSv1_2_MINOR)
wolfSSL 11:cee25a834751 15558 ssl->version.minor = TLSv1_1_MINOR;
wolfSSL 11:cee25a834751 15559 }
wolfSSL 11:cee25a834751 15560
wolfSSL 11:cee25a834751 15561 if ((ssl->options.mask & SSL_OP_NO_TLSv1_1) == SSL_OP_NO_TLSv1_1) {
wolfSSL 11:cee25a834751 15562 WOLFSSL_MSG("\tSSL_OP_NO_TLSv1_1");
wolfSSL 11:cee25a834751 15563 if (ssl->version.minor == TLSv1_1_MINOR)
wolfSSL 11:cee25a834751 15564 ssl->version.minor = TLSv1_MINOR;
wolfSSL 11:cee25a834751 15565 }
wolfSSL 11:cee25a834751 15566
wolfSSL 11:cee25a834751 15567 if ((ssl->options.mask & SSL_OP_NO_TLSv1) == SSL_OP_NO_TLSv1) {
wolfSSL 11:cee25a834751 15568 WOLFSSL_MSG("\tSSL_OP_NO_TLSv1");
wolfSSL 11:cee25a834751 15569 if (ssl->version.minor == TLSv1_MINOR)
wolfSSL 11:cee25a834751 15570 ssl->version.minor = SSLv3_MINOR;
wolfSSL 11:cee25a834751 15571 }
wolfSSL 11:cee25a834751 15572
wolfSSL 11:cee25a834751 15573 if ((ssl->options.mask & SSL_OP_NO_SSLv3) == SSL_OP_NO_SSLv3) {
wolfSSL 11:cee25a834751 15574 WOLFSSL_MSG("\tSSL_OP_NO_SSLv3");
wolfSSL 11:cee25a834751 15575 }
wolfSSL 11:cee25a834751 15576
wolfSSL 11:cee25a834751 15577 if ((ssl->options.mask & SSL_OP_NO_COMPRESSION) == SSL_OP_NO_COMPRESSION) {
wolfSSL 11:cee25a834751 15578 #ifdef HAVE_LIBZ
wolfSSL 11:cee25a834751 15579 WOLFSSL_MSG("SSL_OP_NO_COMPRESSION");
wolfSSL 11:cee25a834751 15580 ssl->options.usingCompression = 0;
wolfSSL 11:cee25a834751 15581 #else
wolfSSL 11:cee25a834751 15582 WOLFSSL_MSG("SSL_OP_NO_COMPRESSION: compression not compiled in");
wolfSSL 11:cee25a834751 15583 #endif
wolfSSL 11:cee25a834751 15584 }
wolfSSL 11:cee25a834751 15585
wolfSSL 11:cee25a834751 15586 return ssl->options.mask;
wolfSSL 11:cee25a834751 15587 }
wolfSSL 11:cee25a834751 15588
wolfSSL 11:cee25a834751 15589
wolfSSL 11:cee25a834751 15590 unsigned long wolfSSL_get_options(const WOLFSSL* ssl)
wolfSSL 11:cee25a834751 15591 {
wolfSSL 11:cee25a834751 15592 WOLFSSL_ENTER("wolfSSL_get_options");
wolfSSL 11:cee25a834751 15593
wolfSSL 11:cee25a834751 15594 return ssl->options.mask;
wolfSSL 11:cee25a834751 15595 }
wolfSSL 11:cee25a834751 15596
wolfSSL 11:cee25a834751 15597 /*** TBD ***/
wolfSSL 11:cee25a834751 15598 WOLFSSL_API long wolfSSL_clear_num_renegotiations(WOLFSSL *s)
wolfSSL 11:cee25a834751 15599 {
wolfSSL 11:cee25a834751 15600 (void)s;
wolfSSL 11:cee25a834751 15601 return 0;
wolfSSL 11:cee25a834751 15602 }
wolfSSL 11:cee25a834751 15603
wolfSSL 11:cee25a834751 15604 /*** TBD ***/
wolfSSL 11:cee25a834751 15605 WOLFSSL_API long wolfSSL_total_renegotiations(WOLFSSL *s)
wolfSSL 11:cee25a834751 15606 {
wolfSSL 11:cee25a834751 15607 (void)s;
wolfSSL 11:cee25a834751 15608 return 0;
wolfSSL 11:cee25a834751 15609 }
wolfSSL 11:cee25a834751 15610
wolfSSL 11:cee25a834751 15611
wolfSSL 11:cee25a834751 15612 #ifndef NO_DH
wolfSSL 11:cee25a834751 15613 long wolfSSL_set_tmp_dh(WOLFSSL *ssl, WOLFSSL_DH *dh)
wolfSSL 11:cee25a834751 15614 {
wolfSSL 11:cee25a834751 15615 int pSz, gSz;
wolfSSL 11:cee25a834751 15616 byte *p, *g;
wolfSSL 11:cee25a834751 15617 int ret = 0;
wolfSSL 11:cee25a834751 15618
wolfSSL 11:cee25a834751 15619 WOLFSSL_ENTER("wolfSSL_set_tmp_dh");
wolfSSL 11:cee25a834751 15620
wolfSSL 11:cee25a834751 15621 if (!ssl || !dh)
wolfSSL 11:cee25a834751 15622 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 15623
wolfSSL 11:cee25a834751 15624 /* Get needed size for p and g */
wolfSSL 11:cee25a834751 15625 pSz = wolfSSL_BN_bn2bin(dh->p, NULL);
wolfSSL 11:cee25a834751 15626 gSz = wolfSSL_BN_bn2bin(dh->g, NULL);
wolfSSL 11:cee25a834751 15627
wolfSSL 11:cee25a834751 15628 if (pSz <= 0 || gSz <= 0)
wolfSSL 11:cee25a834751 15629 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 15630
wolfSSL 11:cee25a834751 15631 p = (byte*)XMALLOC(pSz, ssl->heap, DYNAMIC_TYPE_DH_BUFFER);
wolfSSL 11:cee25a834751 15632 if (!p)
wolfSSL 11:cee25a834751 15633 return MEMORY_E;
wolfSSL 11:cee25a834751 15634
wolfSSL 11:cee25a834751 15635 g = (byte*)XMALLOC(gSz, ssl->heap, DYNAMIC_TYPE_DH_BUFFER);
wolfSSL 11:cee25a834751 15636 if (!g) {
wolfSSL 11:cee25a834751 15637 XFREE(p, ssl->heap, DYNAMIC_TYPE_DH_BUFFER);
wolfSSL 11:cee25a834751 15638 return MEMORY_E;
wolfSSL 11:cee25a834751 15639 }
wolfSSL 11:cee25a834751 15640
wolfSSL 11:cee25a834751 15641 pSz = wolfSSL_BN_bn2bin(dh->p, p);
wolfSSL 11:cee25a834751 15642 gSz = wolfSSL_BN_bn2bin(dh->g, g);
wolfSSL 11:cee25a834751 15643
wolfSSL 11:cee25a834751 15644 if (pSz >= 0 && gSz >= 0) /* Conversion successful */
wolfSSL 11:cee25a834751 15645 ret = wolfSSL_SetTmpDH(ssl, p, pSz, g, gSz);
wolfSSL 11:cee25a834751 15646
wolfSSL 11:cee25a834751 15647 XFREE(p, ssl->heap, DYNAMIC_TYPE_DH_BUFFER);
wolfSSL 11:cee25a834751 15648 XFREE(g, ssl->heap, DYNAMIC_TYPE_DH_BUFFER);
wolfSSL 11:cee25a834751 15649
wolfSSL 11:cee25a834751 15650 return pSz > 0 && gSz > 0 ? ret : SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 15651 }
wolfSSL 11:cee25a834751 15652 #endif /* !NO_DH */
wolfSSL 11:cee25a834751 15653
wolfSSL 11:cee25a834751 15654
wolfSSL 11:cee25a834751 15655 #ifdef HAVE_PK_CALLBACKS
wolfSSL 11:cee25a834751 15656 long wolfSSL_set_tlsext_debug_arg(WOLFSSL* ssl, void *arg)
wolfSSL 11:cee25a834751 15657 {
wolfSSL 11:cee25a834751 15658 if (ssl == NULL) {
wolfSSL 11:cee25a834751 15659 return SSL_FAILURE;
wolfSSL 11:cee25a834751 15660 }
wolfSSL 11:cee25a834751 15661
wolfSSL 11:cee25a834751 15662 ssl->loggingCtx = arg;
wolfSSL 11:cee25a834751 15663 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 15664 }
wolfSSL 11:cee25a834751 15665 #endif /* HAVE_PK_CALLBACKS */
wolfSSL 11:cee25a834751 15666
wolfSSL 11:cee25a834751 15667 #ifdef WOLFSSL_HAPROXY
wolfSSL 11:cee25a834751 15668 const unsigned char *SSL_SESSION_get0_id_context(const SSL_SESSION *sess, unsigned int *sid_ctx_length)
wolfSSL 11:cee25a834751 15669 {
wolfSSL 11:cee25a834751 15670 const byte *c = wolfSSL_SESSION_get_id((SSL_SESSION *)sess, sid_ctx_length);
wolfSSL 11:cee25a834751 15671 return c;
wolfSSL 11:cee25a834751 15672 }
wolfSSL 11:cee25a834751 15673 #endif
wolfSSL 11:cee25a834751 15674
wolfSSL 11:cee25a834751 15675 /*** TBD ***/
wolfSSL 11:cee25a834751 15676 WOLFSSL_API int wolfSSL_sk_SSL_COMP_zero(WOLFSSL_STACK* st)
wolfSSL 11:cee25a834751 15677 {
wolfSSL 11:cee25a834751 15678 (void)st;
wolfSSL 11:cee25a834751 15679 WOLFSSL_STUB("wolfSSL_sk_SSL_COMP_zero");
wolfSSL 11:cee25a834751 15680 //wolfSSL_set_options(ssl, SSL_OP_NO_COMPRESSION);
wolfSSL 11:cee25a834751 15681 return SSL_FAILURE;
wolfSSL 11:cee25a834751 15682 }
wolfSSL 11:cee25a834751 15683
wolfSSL 11:cee25a834751 15684
wolfSSL 11:cee25a834751 15685 /*** TBD ***/
wolfSSL 11:cee25a834751 15686 WOLFSSL_API long wolfSSL_set_tlsext_status_type(WOLFSSL *s, int type)
wolfSSL 11:cee25a834751 15687 {
wolfSSL 11:cee25a834751 15688 (void)s;
wolfSSL 11:cee25a834751 15689 (void)type;
wolfSSL 11:cee25a834751 15690 WOLFSSL_STUB("wolfSSL_set_tlsext_status_type");
wolfSSL 11:cee25a834751 15691 return SSL_FAILURE;
wolfSSL 11:cee25a834751 15692 }
wolfSSL 11:cee25a834751 15693
wolfSSL 11:cee25a834751 15694 /*** TBD ***/
wolfSSL 11:cee25a834751 15695 WOLFSSL_API long wolfSSL_get_tlsext_status_exts(WOLFSSL *s, void *arg)
wolfSSL 11:cee25a834751 15696 {
wolfSSL 11:cee25a834751 15697 (void)s;
wolfSSL 11:cee25a834751 15698 (void)arg;
wolfSSL 11:cee25a834751 15699 WOLFSSL_STUB("wolfSSL_get_tlsext_status_exts");
wolfSSL 11:cee25a834751 15700 return SSL_FAILURE;
wolfSSL 11:cee25a834751 15701 }
wolfSSL 11:cee25a834751 15702
wolfSSL 11:cee25a834751 15703 /*** TBD ***/
wolfSSL 11:cee25a834751 15704 WOLFSSL_API long wolfSSL_set_tlsext_status_exts(WOLFSSL *s, void *arg)
wolfSSL 11:cee25a834751 15705 {
wolfSSL 11:cee25a834751 15706 (void)s;
wolfSSL 11:cee25a834751 15707 (void)arg;
wolfSSL 11:cee25a834751 15708 WOLFSSL_STUB("wolfSSL_set_tlsext_status_exts");
wolfSSL 11:cee25a834751 15709 return SSL_FAILURE;
wolfSSL 11:cee25a834751 15710 }
wolfSSL 11:cee25a834751 15711
wolfSSL 11:cee25a834751 15712 /*** TBD ***/
wolfSSL 11:cee25a834751 15713 WOLFSSL_API long wolfSSL_get_tlsext_status_ids(WOLFSSL *s, void *arg)
wolfSSL 11:cee25a834751 15714 {
wolfSSL 11:cee25a834751 15715 (void)s;
wolfSSL 11:cee25a834751 15716 (void)arg;
wolfSSL 11:cee25a834751 15717 WOLFSSL_STUB("wolfSSL_get_tlsext_status_ids");
wolfSSL 11:cee25a834751 15718 return SSL_FAILURE;
wolfSSL 11:cee25a834751 15719 }
wolfSSL 11:cee25a834751 15720
wolfSSL 11:cee25a834751 15721 /*** TBD ***/
wolfSSL 11:cee25a834751 15722 WOLFSSL_API long wolfSSL_set_tlsext_status_ids(WOLFSSL *s, void *arg)
wolfSSL 11:cee25a834751 15723 {
wolfSSL 11:cee25a834751 15724 (void)s;
wolfSSL 11:cee25a834751 15725 (void)arg;
wolfSSL 11:cee25a834751 15726 WOLFSSL_STUB("wolfSSL_set_tlsext_status_ids");
wolfSSL 11:cee25a834751 15727 return SSL_FAILURE;
wolfSSL 11:cee25a834751 15728 }
wolfSSL 11:cee25a834751 15729
wolfSSL 11:cee25a834751 15730 /*** TBD ***/
wolfSSL 11:cee25a834751 15731 WOLFSSL_API int SSL_SESSION_set1_id(WOLFSSL_SESSION *s, const unsigned char *sid, unsigned int sid_len)
wolfSSL 11:cee25a834751 15732 {
wolfSSL 11:cee25a834751 15733 (void)s;
wolfSSL 11:cee25a834751 15734 (void)sid;
wolfSSL 11:cee25a834751 15735 (void)sid_len;
wolfSSL 11:cee25a834751 15736 WOLFSSL_STUB("SSL_SESSION_set1_id");
wolfSSL 11:cee25a834751 15737 return SSL_FAILURE;
wolfSSL 11:cee25a834751 15738 }
wolfSSL 11:cee25a834751 15739
wolfSSL 11:cee25a834751 15740 /*** TBD ***/
wolfSSL 11:cee25a834751 15741 WOLFSSL_API int SSL_SESSION_set1_id_context(WOLFSSL_SESSION *s, const unsigned char *sid_ctx, unsigned int sid_ctx_len)
wolfSSL 11:cee25a834751 15742 {
wolfSSL 11:cee25a834751 15743 (void)s;
wolfSSL 11:cee25a834751 15744 (void)sid_ctx;
wolfSSL 11:cee25a834751 15745 (void)sid_ctx_len;
wolfSSL 11:cee25a834751 15746 WOLFSSL_STUB("SSL_SESSION_set1_id_context");
wolfSSL 11:cee25a834751 15747 return SSL_FAILURE;
wolfSSL 11:cee25a834751 15748 }
wolfSSL 11:cee25a834751 15749
wolfSSL 11:cee25a834751 15750 /*** TBD ***/
wolfSSL 11:cee25a834751 15751 WOLFSSL_API void *X509_get0_tbs_sigalg(const WOLFSSL_X509 *x)
wolfSSL 11:cee25a834751 15752 {
wolfSSL 11:cee25a834751 15753 (void)x;
wolfSSL 11:cee25a834751 15754 WOLFSSL_STUB("X509_get0_tbs_sigalg");
wolfSSL 11:cee25a834751 15755 return NULL;
wolfSSL 11:cee25a834751 15756 }
wolfSSL 11:cee25a834751 15757
wolfSSL 11:cee25a834751 15758 /*** TBD ***/
wolfSSL 11:cee25a834751 15759 WOLFSSL_API void X509_ALGOR_get0(WOLFSSL_ASN1_OBJECT **paobj, int *pptype, const void **ppval, const void *algor)
wolfSSL 11:cee25a834751 15760 {
wolfSSL 11:cee25a834751 15761 (void)paobj;
wolfSSL 11:cee25a834751 15762 (void)pptype;
wolfSSL 11:cee25a834751 15763 (void)ppval;
wolfSSL 11:cee25a834751 15764 (void)algor;
wolfSSL 11:cee25a834751 15765 WOLFSSL_STUB("X509_ALGOR_get0");
wolfSSL 11:cee25a834751 15766 }
wolfSSL 11:cee25a834751 15767
wolfSSL 11:cee25a834751 15768 /*** TBD ***/
wolfSSL 11:cee25a834751 15769 WOLFSSL_API void *X509_get_X509_PUBKEY(void * x)
wolfSSL 11:cee25a834751 15770 {
wolfSSL 11:cee25a834751 15771 (void)x;
wolfSSL 11:cee25a834751 15772 WOLFSSL_STUB("X509_get_X509_PUBKEY");
wolfSSL 11:cee25a834751 15773 return NULL;
wolfSSL 11:cee25a834751 15774 }
wolfSSL 11:cee25a834751 15775
wolfSSL 11:cee25a834751 15776 /*** TBD ***/
wolfSSL 11:cee25a834751 15777 WOLFSSL_API int X509_PUBKEY_get0_param(WOLFSSL_ASN1_OBJECT **ppkalg, const unsigned char **pk, int *ppklen, void **pa, WOLFSSL_EVP_PKEY *pub)
wolfSSL 11:cee25a834751 15778 {
wolfSSL 11:cee25a834751 15779 (void)ppkalg;
wolfSSL 11:cee25a834751 15780 (void)pk;
wolfSSL 11:cee25a834751 15781 (void)ppklen;
wolfSSL 11:cee25a834751 15782 (void)pa;
wolfSSL 11:cee25a834751 15783 (void)pub;
wolfSSL 11:cee25a834751 15784 WOLFSSL_STUB("X509_PUBKEY_get0_param");
wolfSSL 11:cee25a834751 15785 return SSL_FAILURE;
wolfSSL 11:cee25a834751 15786 }
wolfSSL 11:cee25a834751 15787
wolfSSL 11:cee25a834751 15788 /*** TBD ***/
wolfSSL 11:cee25a834751 15789 WOLFSSL_API WOLFSSL_EVP_PKEY *wolfSSL_get_privatekey(const WOLFSSL *ssl)
wolfSSL 11:cee25a834751 15790 {
wolfSSL 11:cee25a834751 15791 (void)ssl;
wolfSSL 11:cee25a834751 15792 WOLFSSL_STUB("SSL_get_privatekey");
wolfSSL 11:cee25a834751 15793 return NULL;
wolfSSL 11:cee25a834751 15794 }
wolfSSL 11:cee25a834751 15795
wolfSSL 11:cee25a834751 15796 /*** TBD ***/
wolfSSL 11:cee25a834751 15797 WOLFSSL_API int EVP_PKEY_bits(WOLFSSL_EVP_PKEY *pkey)
wolfSSL 11:cee25a834751 15798 {
wolfSSL 11:cee25a834751 15799 (void)pkey;
wolfSSL 11:cee25a834751 15800 WOLFSSL_STUB("EVP_PKEY_bits");
wolfSSL 11:cee25a834751 15801 return SSL_FAILURE;
wolfSSL 11:cee25a834751 15802 }
wolfSSL 11:cee25a834751 15803
wolfSSL 11:cee25a834751 15804 /*** TBD ***/
wolfSSL 11:cee25a834751 15805 WOLFSSL_API int i2d_X509(WOLFSSL_X509 *x, unsigned char **out)
wolfSSL 11:cee25a834751 15806 {
wolfSSL 11:cee25a834751 15807 (void)x;
wolfSSL 11:cee25a834751 15808 (void)out;
wolfSSL 11:cee25a834751 15809 WOLFSSL_STUB("i2d_X509");
wolfSSL 11:cee25a834751 15810 return -1;
wolfSSL 11:cee25a834751 15811 }
wolfSSL 11:cee25a834751 15812
wolfSSL 11:cee25a834751 15813 /*** TBD ***/
wolfSSL 11:cee25a834751 15814 WOLFSSL_API int i2t_ASN1_OBJECT(char *buf, int buf_len, WOLFSSL_ASN1_OBJECT *a)
wolfSSL 11:cee25a834751 15815 {
wolfSSL 11:cee25a834751 15816 (void)buf;
wolfSSL 11:cee25a834751 15817 (void)buf_len;
wolfSSL 11:cee25a834751 15818 (void)a;
wolfSSL 11:cee25a834751 15819 WOLFSSL_STUB("i2t_ASN1_OBJECT");
wolfSSL 11:cee25a834751 15820 return -1;
wolfSSL 11:cee25a834751 15821 }
wolfSSL 11:cee25a834751 15822
wolfSSL 11:cee25a834751 15823 /*** TBD ***/
wolfSSL 11:cee25a834751 15824 WOLFSSL_API size_t SSL_get_finished(const WOLFSSL *s, void *buf, size_t count)
wolfSSL 11:cee25a834751 15825 {
wolfSSL 11:cee25a834751 15826 (void)s;
wolfSSL 11:cee25a834751 15827 (void)buf;
wolfSSL 11:cee25a834751 15828 (void)count;
wolfSSL 11:cee25a834751 15829 WOLFSSL_STUB("SSL_get_finished");
wolfSSL 11:cee25a834751 15830 return SSL_FAILURE;
wolfSSL 11:cee25a834751 15831 }
wolfSSL 11:cee25a834751 15832
wolfSSL 11:cee25a834751 15833 /*** TBD ***/
wolfSSL 11:cee25a834751 15834 WOLFSSL_API size_t SSL_get_peer_finished(const WOLFSSL *s, void *buf, size_t count)
wolfSSL 11:cee25a834751 15835 {
wolfSSL 11:cee25a834751 15836 (void)s;
wolfSSL 11:cee25a834751 15837 (void)buf;
wolfSSL 11:cee25a834751 15838 (void)count;
wolfSSL 11:cee25a834751 15839 WOLFSSL_STUB("SSL_get_peer_finished");
wolfSSL 11:cee25a834751 15840 return SSL_FAILURE;
wolfSSL 11:cee25a834751 15841 }
wolfSSL 11:cee25a834751 15842
wolfSSL 11:cee25a834751 15843 /*** TBD ***/
wolfSSL 11:cee25a834751 15844 WOLFSSL_API void SSL_CTX_set_tmp_dh_callback(WOLFSSL_CTX *ctx, WOLFSSL_DH *(*dh) (WOLFSSL *ssl, int is_export, int keylength))
wolfSSL 11:cee25a834751 15845 {
wolfSSL 11:cee25a834751 15846 (void)ctx;
wolfSSL 11:cee25a834751 15847 (void)dh;
wolfSSL 11:cee25a834751 15848 WOLFSSL_STUB("SSL_CTX_set_tmp_dh_callback");
wolfSSL 11:cee25a834751 15849 }
wolfSSL 11:cee25a834751 15850
wolfSSL 11:cee25a834751 15851 /*** TBD ***/
wolfSSL 11:cee25a834751 15852 WOLFSSL_API STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void)
wolfSSL 11:cee25a834751 15853 {
wolfSSL 11:cee25a834751 15854 WOLFSSL_STUB("SSL_COMP_get_compression_methods");
wolfSSL 11:cee25a834751 15855 return NULL;
wolfSSL 11:cee25a834751 15856 }
wolfSSL 11:cee25a834751 15857
wolfSSL 11:cee25a834751 15858 /*** TBD ***/
wolfSSL 11:cee25a834751 15859 WOLFSSL_API int wolfSSL_sk_SSL_CIPHER_num(const void * p)
wolfSSL 11:cee25a834751 15860 {
wolfSSL 11:cee25a834751 15861 (void)p;
wolfSSL 11:cee25a834751 15862 WOLFSSL_STUB("wolfSSL_sk_SSL_CIPHER_num");
wolfSSL 11:cee25a834751 15863 return -1;
wolfSSL 11:cee25a834751 15864 }
wolfSSL 11:cee25a834751 15865
wolfSSL 11:cee25a834751 15866 #if !defined(NO_FILESYSTEM)
wolfSSL 11:cee25a834751 15867 /*** TBD ***/
wolfSSL 11:cee25a834751 15868 WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_X509(FILE *fp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u)
wolfSSL 11:cee25a834751 15869 {
wolfSSL 11:cee25a834751 15870 (void)fp;
wolfSSL 11:cee25a834751 15871 (void)x;
wolfSSL 11:cee25a834751 15872 (void)cb;
wolfSSL 11:cee25a834751 15873 (void)u;
wolfSSL 11:cee25a834751 15874 WOLFSSL_STUB("PEM_read_X509");
wolfSSL 11:cee25a834751 15875 return NULL;
wolfSSL 11:cee25a834751 15876 }
wolfSSL 11:cee25a834751 15877
wolfSSL 11:cee25a834751 15878 /*** TBD ***/
wolfSSL 11:cee25a834751 15879 WOLFSSL_API WOLFSSL_EVP_PKEY *wolfSSL_PEM_read_PrivateKey(FILE *fp, WOLFSSL_EVP_PKEY **x, pem_password_cb *cb, void *u)
wolfSSL 11:cee25a834751 15880 {
wolfSSL 11:cee25a834751 15881 (void)fp;
wolfSSL 11:cee25a834751 15882 (void)x;
wolfSSL 11:cee25a834751 15883 (void)cb;
wolfSSL 11:cee25a834751 15884 (void)u;
wolfSSL 11:cee25a834751 15885 WOLFSSL_STUB("PEM_read_PrivateKey");
wolfSSL 11:cee25a834751 15886 return NULL;
wolfSSL 11:cee25a834751 15887 }
wolfSSL 11:cee25a834751 15888 #endif
wolfSSL 11:cee25a834751 15889
wolfSSL 11:cee25a834751 15890 /*** TBD ***/
wolfSSL 11:cee25a834751 15891 WOLFSSL_API int X509_STORE_load_locations(WOLFSSL_X509_STORE *ctx, const char *file, const char *dir)
wolfSSL 11:cee25a834751 15892 {
wolfSSL 11:cee25a834751 15893 (void)ctx;
wolfSSL 11:cee25a834751 15894 (void)file;
wolfSSL 11:cee25a834751 15895 (void)dir;
wolfSSL 11:cee25a834751 15896 WOLFSSL_STUB("X509_STORE_load_locations");
wolfSSL 11:cee25a834751 15897 return SSL_FAILURE;
wolfSSL 11:cee25a834751 15898 }
wolfSSL 11:cee25a834751 15899
wolfSSL 11:cee25a834751 15900 /*** TBD ***/
wolfSSL 11:cee25a834751 15901 WOLFSSL_API WOLFSSL_CIPHER* wolfSSL_sk_SSL_CIPHER_value(void *ciphers, int idx)
wolfSSL 11:cee25a834751 15902 {
wolfSSL 11:cee25a834751 15903 (void)ciphers;
wolfSSL 11:cee25a834751 15904 (void)idx;
wolfSSL 11:cee25a834751 15905 WOLFSSL_STUB("wolfSSL_sk_SSL_CIPHER_value");
wolfSSL 11:cee25a834751 15906 return NULL;
wolfSSL 11:cee25a834751 15907 }
wolfSSL 11:cee25a834751 15908
wolfSSL 11:cee25a834751 15909 WOLFSSL_API void ERR_load_SSL_strings(void)
wolfSSL 11:cee25a834751 15910 {
wolfSSL 11:cee25a834751 15911
wolfSSL 11:cee25a834751 15912 }
wolfSSL 11:cee25a834751 15913
wolfSSL 11:cee25a834751 15914 WOLFSSL_API long wolfSSL_get_tlsext_status_ocsp_resp(WOLFSSL *s, unsigned char **resp)
wolfSSL 11:cee25a834751 15915 {
wolfSSL 11:cee25a834751 15916 if (s == NULL || resp == NULL)
wolfSSL 11:cee25a834751 15917 return 0;
wolfSSL 11:cee25a834751 15918
wolfSSL 11:cee25a834751 15919 *resp = s->ocspResp;
wolfSSL 11:cee25a834751 15920 return s->ocspRespSz;
wolfSSL 11:cee25a834751 15921 }
wolfSSL 11:cee25a834751 15922
wolfSSL 11:cee25a834751 15923 WOLFSSL_API long wolfSSL_set_tlsext_status_ocsp_resp(WOLFSSL *s,
wolfSSL 11:cee25a834751 15924 unsigned char *resp, int len)
wolfSSL 11:cee25a834751 15925 {
wolfSSL 11:cee25a834751 15926 if (s == NULL)
wolfSSL 11:cee25a834751 15927 return SSL_FAILURE;
wolfSSL 11:cee25a834751 15928
wolfSSL 11:cee25a834751 15929 s->ocspResp = resp;
wolfSSL 11:cee25a834751 15930 s->ocspRespSz = len;
wolfSSL 11:cee25a834751 15931
wolfSSL 11:cee25a834751 15932 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 15933 }
wolfSSL 11:cee25a834751 15934
wolfSSL 11:cee25a834751 15935
wolfSSL 11:cee25a834751 15936 long wolfSSL_get_verify_result(const WOLFSSL *ssl)
wolfSSL 11:cee25a834751 15937 {
wolfSSL 11:cee25a834751 15938 if (ssl == NULL) {
wolfSSL 11:cee25a834751 15939 return SSL_FAILURE;
wolfSSL 11:cee25a834751 15940 }
wolfSSL 11:cee25a834751 15941
wolfSSL 11:cee25a834751 15942 return ssl->peerVerifyRet;
wolfSSL 11:cee25a834751 15943 }
wolfSSL 11:cee25a834751 15944
wolfSSL 11:cee25a834751 15945
wolfSSL 11:cee25a834751 15946 long wolfSSL_CTX_sess_accept(WOLFSSL_CTX* ctx)
wolfSSL 11:cee25a834751 15947 {
wolfSSL 11:cee25a834751 15948 (void)ctx;
wolfSSL 11:cee25a834751 15949 return 0;
wolfSSL 11:cee25a834751 15950 }
wolfSSL 11:cee25a834751 15951
wolfSSL 11:cee25a834751 15952 long wolfSSL_CTX_sess_connect(WOLFSSL_CTX* ctx)
wolfSSL 11:cee25a834751 15953 {
wolfSSL 11:cee25a834751 15954 (void)ctx;
wolfSSL 11:cee25a834751 15955 return 0;
wolfSSL 11:cee25a834751 15956 }
wolfSSL 11:cee25a834751 15957
wolfSSL 11:cee25a834751 15958
wolfSSL 11:cee25a834751 15959 long wolfSSL_CTX_sess_accept_good(WOLFSSL_CTX* ctx)
wolfSSL 11:cee25a834751 15960 {
wolfSSL 11:cee25a834751 15961 (void)ctx;
wolfSSL 11:cee25a834751 15962 return 0;
wolfSSL 11:cee25a834751 15963 }
wolfSSL 11:cee25a834751 15964
wolfSSL 11:cee25a834751 15965
wolfSSL 11:cee25a834751 15966 long wolfSSL_CTX_sess_connect_good(WOLFSSL_CTX* ctx)
wolfSSL 11:cee25a834751 15967 {
wolfSSL 11:cee25a834751 15968 (void)ctx;
wolfSSL 11:cee25a834751 15969 return 0;
wolfSSL 11:cee25a834751 15970 }
wolfSSL 11:cee25a834751 15971
wolfSSL 11:cee25a834751 15972
wolfSSL 11:cee25a834751 15973 long wolfSSL_CTX_sess_accept_renegotiate(WOLFSSL_CTX* ctx)
wolfSSL 11:cee25a834751 15974 {
wolfSSL 11:cee25a834751 15975 (void)ctx;
wolfSSL 11:cee25a834751 15976 return 0;
wolfSSL 11:cee25a834751 15977 }
wolfSSL 11:cee25a834751 15978
wolfSSL 11:cee25a834751 15979
wolfSSL 11:cee25a834751 15980 long wolfSSL_CTX_sess_connect_renegotiate(WOLFSSL_CTX* ctx)
wolfSSL 11:cee25a834751 15981 {
wolfSSL 11:cee25a834751 15982 (void)ctx;
wolfSSL 11:cee25a834751 15983 return 0;
wolfSSL 11:cee25a834751 15984 }
wolfSSL 11:cee25a834751 15985
wolfSSL 11:cee25a834751 15986
wolfSSL 11:cee25a834751 15987 long wolfSSL_CTX_sess_hits(WOLFSSL_CTX* ctx)
wolfSSL 11:cee25a834751 15988 {
wolfSSL 11:cee25a834751 15989 (void)ctx;
wolfSSL 11:cee25a834751 15990 return 0;
wolfSSL 11:cee25a834751 15991 }
wolfSSL 11:cee25a834751 15992
wolfSSL 11:cee25a834751 15993
wolfSSL 11:cee25a834751 15994 long wolfSSL_CTX_sess_cb_hits(WOLFSSL_CTX* ctx)
wolfSSL 11:cee25a834751 15995 {
wolfSSL 11:cee25a834751 15996 (void)ctx;
wolfSSL 11:cee25a834751 15997 return 0;
wolfSSL 11:cee25a834751 15998 }
wolfSSL 11:cee25a834751 15999
wolfSSL 11:cee25a834751 16000
wolfSSL 11:cee25a834751 16001 long wolfSSL_CTX_sess_cache_full(WOLFSSL_CTX* ctx)
wolfSSL 11:cee25a834751 16002 {
wolfSSL 11:cee25a834751 16003 (void)ctx;
wolfSSL 11:cee25a834751 16004 return 0;
wolfSSL 11:cee25a834751 16005 }
wolfSSL 11:cee25a834751 16006
wolfSSL 11:cee25a834751 16007
wolfSSL 11:cee25a834751 16008 long wolfSSL_CTX_sess_misses(WOLFSSL_CTX* ctx)
wolfSSL 11:cee25a834751 16009 {
wolfSSL 11:cee25a834751 16010 (void)ctx;
wolfSSL 11:cee25a834751 16011 return 0;
wolfSSL 11:cee25a834751 16012 }
wolfSSL 11:cee25a834751 16013
wolfSSL 11:cee25a834751 16014
wolfSSL 11:cee25a834751 16015 long wolfSSL_CTX_sess_timeouts(WOLFSSL_CTX* ctx)
wolfSSL 11:cee25a834751 16016 {
wolfSSL 11:cee25a834751 16017 (void)ctx;
wolfSSL 11:cee25a834751 16018 return 0;
wolfSSL 11:cee25a834751 16019 }
wolfSSL 11:cee25a834751 16020
wolfSSL 11:cee25a834751 16021
wolfSSL 11:cee25a834751 16022 long wolfSSL_CTX_sess_number(WOLFSSL_CTX* ctx)
wolfSSL 11:cee25a834751 16023 {
wolfSSL 11:cee25a834751 16024 (void)ctx;
wolfSSL 11:cee25a834751 16025 return 0;
wolfSSL 11:cee25a834751 16026 }
wolfSSL 11:cee25a834751 16027
wolfSSL 11:cee25a834751 16028
wolfSSL 11:cee25a834751 16029 #ifndef NO_CERTS
wolfSSL 11:cee25a834751 16030 long wolfSSL_CTX_add_extra_chain_cert(WOLFSSL_CTX* ctx, WOLFSSL_X509* x509)
wolfSSL 11:cee25a834751 16031 {
wolfSSL 11:cee25a834751 16032 byte* chain = NULL;
wolfSSL 11:cee25a834751 16033 long chainSz = 0;
wolfSSL 11:cee25a834751 16034 int derSz;
wolfSSL 11:cee25a834751 16035 const byte* der;
wolfSSL 11:cee25a834751 16036 int ret;
wolfSSL 11:cee25a834751 16037 int idx = 0;
wolfSSL 11:cee25a834751 16038 DerBuffer *derBuffer = NULL;
wolfSSL 11:cee25a834751 16039
wolfSSL 11:cee25a834751 16040 WOLFSSL_ENTER("wolfSSL_CTX_add_extra_chain_cert");
wolfSSL 11:cee25a834751 16041
wolfSSL 11:cee25a834751 16042 if (ctx == NULL || x509 == NULL) {
wolfSSL 11:cee25a834751 16043 WOLFSSL_MSG("Bad Argument");
wolfSSL 11:cee25a834751 16044 return SSL_FAILURE;
wolfSSL 11:cee25a834751 16045 }
wolfSSL 11:cee25a834751 16046
wolfSSL 11:cee25a834751 16047 der = wolfSSL_X509_get_der(x509, &derSz);
wolfSSL 11:cee25a834751 16048 if (der == NULL || derSz <= 0) {
wolfSSL 11:cee25a834751 16049 WOLFSSL_MSG("Error getting X509 DER");
wolfSSL 11:cee25a834751 16050 return SSL_FAILURE;
wolfSSL 11:cee25a834751 16051 }
wolfSSL 11:cee25a834751 16052
wolfSSL 11:cee25a834751 16053 if (ctx->certificate == NULL) {
wolfSSL 11:cee25a834751 16054 /* Process buffer makes first certificate the leaf. */
wolfSSL 11:cee25a834751 16055 ret = ProcessBuffer(ctx, der, derSz, SSL_FILETYPE_ASN1, CERT_TYPE,
wolfSSL 11:cee25a834751 16056 NULL, NULL, 1);
wolfSSL 11:cee25a834751 16057 if (ret != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 16058 WOLFSSL_LEAVE("wolfSSL_CTX_add_extra_chain_cert", ret);
wolfSSL 11:cee25a834751 16059 return SSL_FAILURE;
wolfSSL 11:cee25a834751 16060 }
wolfSSL 11:cee25a834751 16061 }
wolfSSL 11:cee25a834751 16062 else {
wolfSSL 11:cee25a834751 16063 /* TODO: Do this elsewhere. */
wolfSSL 11:cee25a834751 16064 ret = AllocDer(&derBuffer, derSz, CERT_TYPE, ctx->heap);
wolfSSL 11:cee25a834751 16065 if (ret != 0) {
wolfSSL 11:cee25a834751 16066 WOLFSSL_MSG("Memory Error");
wolfSSL 11:cee25a834751 16067 return SSL_FAILURE;
wolfSSL 11:cee25a834751 16068 }
wolfSSL 11:cee25a834751 16069 XMEMCPY(derBuffer->buffer, der, derSz);
wolfSSL 11:cee25a834751 16070 ret = AddCA(ctx->cm, &derBuffer, WOLFSSL_USER_CA, !ctx->verifyNone);
wolfSSL 11:cee25a834751 16071 if (ret != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 16072 WOLFSSL_LEAVE("wolfSSL_CTX_add_extra_chain_cert", ret);
wolfSSL 11:cee25a834751 16073 return SSL_FAILURE;
wolfSSL 11:cee25a834751 16074 }
wolfSSL 11:cee25a834751 16075
wolfSSL 11:cee25a834751 16076 /* adding cert to existing chain */
wolfSSL 11:cee25a834751 16077 if (ctx->certChain != NULL && ctx->certChain->length > 0) {
wolfSSL 11:cee25a834751 16078 chainSz += ctx->certChain->length;
wolfSSL 11:cee25a834751 16079 }
wolfSSL 11:cee25a834751 16080 chainSz += OPAQUE24_LEN + derSz;
wolfSSL 11:cee25a834751 16081
wolfSSL 11:cee25a834751 16082 chain = (byte*)XMALLOC(chainSz, ctx->heap, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 16083 if (chain == NULL) {
wolfSSL 11:cee25a834751 16084 WOLFSSL_MSG("Memory Error");
wolfSSL 11:cee25a834751 16085 return SSL_FAILURE;
wolfSSL 11:cee25a834751 16086 }
wolfSSL 11:cee25a834751 16087
wolfSSL 11:cee25a834751 16088 if (ctx->certChain != NULL && ctx->certChain->length > 0) {
wolfSSL 11:cee25a834751 16089 XMEMCPY(chain, ctx->certChain->buffer, ctx->certChain->length);
wolfSSL 11:cee25a834751 16090 idx = ctx->certChain->length;
wolfSSL 11:cee25a834751 16091 }
wolfSSL 11:cee25a834751 16092 c32to24(derSz, chain + idx);
wolfSSL 11:cee25a834751 16093 idx += OPAQUE24_LEN,
wolfSSL 11:cee25a834751 16094 XMEMCPY(chain + idx, der, derSz);
wolfSSL 11:cee25a834751 16095 idx += derSz;
wolfSSL 11:cee25a834751 16096
wolfSSL 11:cee25a834751 16097 FreeDer(&ctx->certChain);
wolfSSL 11:cee25a834751 16098 ret = AllocDer(&ctx->certChain, idx, CERT_TYPE, ctx->heap);
wolfSSL 11:cee25a834751 16099 if (ret == 0) {
wolfSSL 11:cee25a834751 16100 XMEMCPY(ctx->certChain->buffer, chain, idx);
wolfSSL 11:cee25a834751 16101 }
wolfSSL 11:cee25a834751 16102 }
wolfSSL 11:cee25a834751 16103
wolfSSL 11:cee25a834751 16104 /* on success WOLFSSL_X509 memory is responsibility of ctx */
wolfSSL 11:cee25a834751 16105 wolfSSL_X509_free(x509);
wolfSSL 11:cee25a834751 16106 if (chain != NULL)
wolfSSL 11:cee25a834751 16107 XFREE(chain, ctx->heap, CERT_TYPE);
wolfSSL 11:cee25a834751 16108
wolfSSL 11:cee25a834751 16109 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 16110 }
wolfSSL 11:cee25a834751 16111
wolfSSL 11:cee25a834751 16112
wolfSSL 11:cee25a834751 16113 long wolfSSL_CTX_set_tlsext_status_arg(WOLFSSL_CTX* ctx, void* arg)
wolfSSL 11:cee25a834751 16114 {
wolfSSL 11:cee25a834751 16115 if (ctx == NULL || ctx->cm == NULL) {
wolfSSL 11:cee25a834751 16116 return SSL_FAILURE;
wolfSSL 11:cee25a834751 16117 }
wolfSSL 11:cee25a834751 16118
wolfSSL 11:cee25a834751 16119 ctx->cm->ocspIOCtx = arg;
wolfSSL 11:cee25a834751 16120 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 16121 }
wolfSSL 11:cee25a834751 16122
wolfSSL 11:cee25a834751 16123 #endif /* NO_CERTS */
wolfSSL 11:cee25a834751 16124
wolfSSL 11:cee25a834751 16125
wolfSSL 11:cee25a834751 16126 /*** TBC ***/
wolfSSL 11:cee25a834751 16127 WOLFSSL_API long wolfSSL_CTX_get_session_cache_mode(WOLFSSL_CTX* ctx)
wolfSSL 11:cee25a834751 16128 {
wolfSSL 11:cee25a834751 16129 (void)ctx;
wolfSSL 11:cee25a834751 16130 return 0;
wolfSSL 11:cee25a834751 16131 }
wolfSSL 11:cee25a834751 16132
wolfSSL 11:cee25a834751 16133
wolfSSL 11:cee25a834751 16134 int wolfSSL_CTX_get_read_ahead(WOLFSSL_CTX* ctx)
wolfSSL 11:cee25a834751 16135 {
wolfSSL 11:cee25a834751 16136 if (ctx == NULL) {
wolfSSL 11:cee25a834751 16137 return SSL_FAILURE;
wolfSSL 11:cee25a834751 16138 }
wolfSSL 11:cee25a834751 16139
wolfSSL 11:cee25a834751 16140 return ctx->readAhead;
wolfSSL 11:cee25a834751 16141 }
wolfSSL 11:cee25a834751 16142
wolfSSL 11:cee25a834751 16143
wolfSSL 11:cee25a834751 16144 int wolfSSL_CTX_set_read_ahead(WOLFSSL_CTX* ctx, int v)
wolfSSL 11:cee25a834751 16145 {
wolfSSL 11:cee25a834751 16146 if (ctx == NULL) {
wolfSSL 11:cee25a834751 16147 return SSL_FAILURE;
wolfSSL 11:cee25a834751 16148 }
wolfSSL 11:cee25a834751 16149
wolfSSL 11:cee25a834751 16150 ctx->readAhead = (byte)v;
wolfSSL 11:cee25a834751 16151
wolfSSL 11:cee25a834751 16152 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 16153 }
wolfSSL 11:cee25a834751 16154
wolfSSL 11:cee25a834751 16155
wolfSSL 11:cee25a834751 16156 long wolfSSL_CTX_set_tlsext_opaque_prf_input_callback_arg(WOLFSSL_CTX* ctx,
wolfSSL 11:cee25a834751 16157 void* arg)
wolfSSL 11:cee25a834751 16158 {
wolfSSL 11:cee25a834751 16159 if (ctx == NULL) {
wolfSSL 11:cee25a834751 16160 return SSL_FAILURE;
wolfSSL 11:cee25a834751 16161 }
wolfSSL 11:cee25a834751 16162
wolfSSL 11:cee25a834751 16163 ctx->userPRFArg = arg;
wolfSSL 11:cee25a834751 16164 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 16165 }
wolfSSL 11:cee25a834751 16166
wolfSSL 11:cee25a834751 16167
wolfSSL 11:cee25a834751 16168 #ifndef NO_DES3
wolfSSL 11:cee25a834751 16169 /* 0 on success */
wolfSSL 11:cee25a834751 16170 int wolfSSL_DES_set_key(WOLFSSL_const_DES_cblock* myDes,
wolfSSL 11:cee25a834751 16171 WOLFSSL_DES_key_schedule* key)
wolfSSL 11:cee25a834751 16172 {
wolfSSL 11:cee25a834751 16173 #ifdef WOLFSSL_CHECK_DESKEY
wolfSSL 11:cee25a834751 16174 return wolfSSL_DES_set_key_checked(myDes, key);
wolfSSL 11:cee25a834751 16175 #else
wolfSSL 11:cee25a834751 16176 wolfSSL_DES_set_key_unchecked(myDes, key);
wolfSSL 11:cee25a834751 16177 return 0;
wolfSSL 11:cee25a834751 16178 #endif
wolfSSL 11:cee25a834751 16179 }
wolfSSL 11:cee25a834751 16180
wolfSSL 11:cee25a834751 16181
wolfSSL 11:cee25a834751 16182
wolfSSL 11:cee25a834751 16183 /* return true in fail case (1) */
wolfSSL 11:cee25a834751 16184 static int DES_check(word32 mask, word32 mask2, unsigned char* key)
wolfSSL 11:cee25a834751 16185 {
wolfSSL 11:cee25a834751 16186 word32 value[2];
wolfSSL 11:cee25a834751 16187
wolfSSL 11:cee25a834751 16188 /* sanity check on length made in wolfSSL_DES_set_key_checked */
wolfSSL 11:cee25a834751 16189 value[0] = mask;
wolfSSL 11:cee25a834751 16190 value[1] = mask2;
wolfSSL 11:cee25a834751 16191 return (XMEMCMP(value, key, sizeof(value)) == 0)? 1: 0;
wolfSSL 11:cee25a834751 16192 }
wolfSSL 11:cee25a834751 16193
wolfSSL 11:cee25a834751 16194
wolfSSL 11:cee25a834751 16195 /* check that the key is odd parity and is not a weak key
wolfSSL 11:cee25a834751 16196 * returns -1 if parity is wrong, -2 if weak/null key and 0 on success */
wolfSSL 11:cee25a834751 16197 int wolfSSL_DES_set_key_checked(WOLFSSL_const_DES_cblock* myDes,
wolfSSL 11:cee25a834751 16198 WOLFSSL_DES_key_schedule* key)
wolfSSL 11:cee25a834751 16199 {
wolfSSL 11:cee25a834751 16200 if (myDes == NULL || key == NULL) {
wolfSSL 11:cee25a834751 16201 WOLFSSL_MSG("Bad argument passed to wolfSSL_DES_set_key_checked");
wolfSSL 11:cee25a834751 16202 return -2;
wolfSSL 11:cee25a834751 16203 }
wolfSSL 11:cee25a834751 16204 else {
wolfSSL 11:cee25a834751 16205 word32 i, mask, mask2;
wolfSSL 11:cee25a834751 16206 word32 sz = sizeof(WOLFSSL_DES_key_schedule);
wolfSSL 11:cee25a834751 16207
wolfSSL 11:cee25a834751 16208 /* sanity check before call to DES_check */
wolfSSL 11:cee25a834751 16209 if (sz != (sizeof(word32) * 2)) {
wolfSSL 11:cee25a834751 16210 WOLFSSL_MSG("Unexpected WOLFSSL_DES_key_schedule size");
wolfSSL 11:cee25a834751 16211 return -2;
wolfSSL 11:cee25a834751 16212 }
wolfSSL 11:cee25a834751 16213
wolfSSL 11:cee25a834751 16214 /* check odd parity */
wolfSSL 11:cee25a834751 16215 for (i = 0; i < sz; i++) {
wolfSSL 11:cee25a834751 16216 unsigned char c = *((unsigned char*)key + i);
wolfSSL 11:cee25a834751 16217 if (((c & 0x01) ^
wolfSSL 11:cee25a834751 16218 ((c >> 1) & 0x01) ^
wolfSSL 11:cee25a834751 16219 ((c >> 2) & 0x01) ^
wolfSSL 11:cee25a834751 16220 ((c >> 3) & 0x01) ^
wolfSSL 11:cee25a834751 16221 ((c >> 4) & 0x01) ^
wolfSSL 11:cee25a834751 16222 ((c >> 5) & 0x01) ^
wolfSSL 11:cee25a834751 16223 ((c >> 6) & 0x01) ^
wolfSSL 11:cee25a834751 16224 ((c >> 7) & 0x01)) != 1) {
wolfSSL 11:cee25a834751 16225 WOLFSSL_MSG("Odd parity test fail");
wolfSSL 11:cee25a834751 16226 return -1;
wolfSSL 11:cee25a834751 16227 }
wolfSSL 11:cee25a834751 16228 }
wolfSSL 11:cee25a834751 16229
wolfSSL 11:cee25a834751 16230 /* check is not weak. Weak key list from Nist
wolfSSL 11:cee25a834751 16231 "Recommendation for the Triple
wolfSSL 11:cee25a834751 16232 Data Encryption Algorithm
wolfSSL 11:cee25a834751 16233 (TDEA) Block Cipher" */
wolfSSL 11:cee25a834751 16234 mask = 0x01010101; mask2 = 0x01010101;
wolfSSL 11:cee25a834751 16235 if (DES_check(mask, mask2, *key)) {
wolfSSL 11:cee25a834751 16236 WOLFSSL_MSG("Weak key found");
wolfSSL 11:cee25a834751 16237 return -2;
wolfSSL 11:cee25a834751 16238 }
wolfSSL 11:cee25a834751 16239
wolfSSL 11:cee25a834751 16240 mask = 0xFEFEFEFE; mask2 = 0xFEFEFEFE;
wolfSSL 11:cee25a834751 16241 if (DES_check(mask, mask2, *key)) {
wolfSSL 11:cee25a834751 16242 WOLFSSL_MSG("Weak key found");
wolfSSL 11:cee25a834751 16243 return -2;
wolfSSL 11:cee25a834751 16244 }
wolfSSL 11:cee25a834751 16245
wolfSSL 11:cee25a834751 16246 mask = 0xE0E0E0E0; mask2 = 0xF1F1F1F1;
wolfSSL 11:cee25a834751 16247 if (DES_check(mask, mask2, *key)) {
wolfSSL 11:cee25a834751 16248 WOLFSSL_MSG("Weak key found");
wolfSSL 11:cee25a834751 16249 return -2;
wolfSSL 11:cee25a834751 16250 }
wolfSSL 11:cee25a834751 16251
wolfSSL 11:cee25a834751 16252 mask = 0x1F1F1F1F; mask2 = 0x0E0E0E0E;
wolfSSL 11:cee25a834751 16253 if (DES_check(mask, mask2, *key)) {
wolfSSL 11:cee25a834751 16254 WOLFSSL_MSG("Weak key found");
wolfSSL 11:cee25a834751 16255 return -2;
wolfSSL 11:cee25a834751 16256 }
wolfSSL 11:cee25a834751 16257
wolfSSL 11:cee25a834751 16258 /* semi-weak *key check (list from same Nist paper) */
wolfSSL 11:cee25a834751 16259 mask = 0x011F011F; mask2 = 0x010E010E;
wolfSSL 11:cee25a834751 16260 if (DES_check(mask, mask2, *key) ||
wolfSSL 11:cee25a834751 16261 DES_check(ByteReverseWord32(mask), ByteReverseWord32(mask2), *key)) {
wolfSSL 11:cee25a834751 16262 WOLFSSL_MSG("Weak key found");
wolfSSL 11:cee25a834751 16263 return -2;
wolfSSL 11:cee25a834751 16264 }
wolfSSL 11:cee25a834751 16265
wolfSSL 11:cee25a834751 16266 mask = 0x01E001E0; mask2 = 0x01F101F1;
wolfSSL 11:cee25a834751 16267 if (DES_check(mask, mask2, *key) ||
wolfSSL 11:cee25a834751 16268 DES_check(ByteReverseWord32(mask), ByteReverseWord32(mask2), *key)) {
wolfSSL 11:cee25a834751 16269 WOLFSSL_MSG("Weak key found");
wolfSSL 11:cee25a834751 16270 return -2;
wolfSSL 11:cee25a834751 16271 }
wolfSSL 11:cee25a834751 16272
wolfSSL 11:cee25a834751 16273 mask = 0x01FE01FE; mask2 = 0x01FE01FE;
wolfSSL 11:cee25a834751 16274 if (DES_check(mask, mask2, *key) ||
wolfSSL 11:cee25a834751 16275 DES_check(ByteReverseWord32(mask), ByteReverseWord32(mask2), *key)) {
wolfSSL 11:cee25a834751 16276 WOLFSSL_MSG("Weak key found");
wolfSSL 11:cee25a834751 16277 return -2;
wolfSSL 11:cee25a834751 16278 }
wolfSSL 11:cee25a834751 16279
wolfSSL 11:cee25a834751 16280 mask = 0x1FE01FE0; mask2 = 0x0EF10EF1;
wolfSSL 11:cee25a834751 16281 if (DES_check(mask, mask2, *key) ||
wolfSSL 11:cee25a834751 16282 DES_check(ByteReverseWord32(mask), ByteReverseWord32(mask2), *key)) {
wolfSSL 11:cee25a834751 16283 WOLFSSL_MSG("Weak key found");
wolfSSL 11:cee25a834751 16284 return -2;
wolfSSL 11:cee25a834751 16285 }
wolfSSL 11:cee25a834751 16286
wolfSSL 11:cee25a834751 16287 mask = 0x1FFE1FFE; mask2 = 0x0EFE0EFE;
wolfSSL 11:cee25a834751 16288 if (DES_check(mask, mask2, *key) ||
wolfSSL 11:cee25a834751 16289 DES_check(ByteReverseWord32(mask), ByteReverseWord32(mask2), *key)) {
wolfSSL 11:cee25a834751 16290 WOLFSSL_MSG("Weak key found");
wolfSSL 11:cee25a834751 16291 return -2;
wolfSSL 11:cee25a834751 16292 }
wolfSSL 11:cee25a834751 16293
wolfSSL 11:cee25a834751 16294 /* passed tests, now copy over key */
wolfSSL 11:cee25a834751 16295 XMEMCPY(key, myDes, sizeof(WOLFSSL_const_DES_cblock));
wolfSSL 11:cee25a834751 16296
wolfSSL 11:cee25a834751 16297 return 0;
wolfSSL 11:cee25a834751 16298 }
wolfSSL 11:cee25a834751 16299 }
wolfSSL 11:cee25a834751 16300
wolfSSL 11:cee25a834751 16301
wolfSSL 11:cee25a834751 16302 void wolfSSL_DES_set_key_unchecked(WOLFSSL_const_DES_cblock* myDes,
wolfSSL 11:cee25a834751 16303 WOLFSSL_DES_key_schedule* key)
wolfSSL 11:cee25a834751 16304 {
wolfSSL 11:cee25a834751 16305 if (myDes != NULL && key != NULL) {
wolfSSL 11:cee25a834751 16306 XMEMCPY(key, myDes, sizeof(WOLFSSL_const_DES_cblock));
wolfSSL 11:cee25a834751 16307 }
wolfSSL 11:cee25a834751 16308 }
wolfSSL 11:cee25a834751 16309
wolfSSL 11:cee25a834751 16310
wolfSSL 11:cee25a834751 16311 void wolfSSL_DES_set_odd_parity(WOLFSSL_DES_cblock* myDes)
wolfSSL 11:cee25a834751 16312 {
wolfSSL 11:cee25a834751 16313 (void)myDes;
wolfSSL 11:cee25a834751 16314 WOLFSSL_STUB("wolfSSL_DES_set_odd_parity");
wolfSSL 11:cee25a834751 16315 }
wolfSSL 11:cee25a834751 16316
wolfSSL 11:cee25a834751 16317
wolfSSL 11:cee25a834751 16318 #ifdef WOLFSSL_DES_ECB
wolfSSL 11:cee25a834751 16319 /* Encrpyt or decrypt input message desa with key and get output in desb.
wolfSSL 11:cee25a834751 16320 * if enc is DES_ENCRYPT,input message is encrypted or
wolfSSL 11:cee25a834751 16321 * if enc is DES_DECRYPT,input message is decrypted.
wolfSSL 11:cee25a834751 16322 * */
wolfSSL 11:cee25a834751 16323 void wolfSSL_DES_ecb_encrypt(WOLFSSL_DES_cblock* desa,
wolfSSL 11:cee25a834751 16324 WOLFSSL_DES_cblock* desb, WOLFSSL_DES_key_schedule* key, int enc)
wolfSSL 11:cee25a834751 16325 {
wolfSSL 11:cee25a834751 16326 Des myDes;
wolfSSL 11:cee25a834751 16327
wolfSSL 11:cee25a834751 16328 WOLFSSL_ENTER("wolfSSL_DES_ecb_encrypt");
wolfSSL 11:cee25a834751 16329
wolfSSL 11:cee25a834751 16330 if (desa == NULL || key == NULL || desb == NULL ||
wolfSSL 11:cee25a834751 16331 (enc != DES_ENCRYPT && enc != DES_DECRYPT)) {
wolfSSL 11:cee25a834751 16332 WOLFSSL_MSG("Bad argument passed to wolfSSL_DES_ecb_encrypt");
wolfSSL 11:cee25a834751 16333 } else {
wolfSSL 11:cee25a834751 16334 if (wc_Des_SetKey(&myDes, (const byte*) key,
wolfSSL 11:cee25a834751 16335 (const byte*) NULL, !enc) != 0) {
wolfSSL 11:cee25a834751 16336 WOLFSSL_MSG("wc_Des_SetKey return error.");
wolfSSL 11:cee25a834751 16337 return;
wolfSSL 11:cee25a834751 16338 }
wolfSSL 11:cee25a834751 16339 if (wc_Des_EcbEncrypt(&myDes, (byte*) desb,
wolfSSL 11:cee25a834751 16340 (const byte*)desa, sizeof(WOLFSSL_DES_cblock)) != 0){
wolfSSL 11:cee25a834751 16341 WOLFSSL_MSG("wc_Des_EcbEncrypt return error.");
wolfSSL 11:cee25a834751 16342 }
wolfSSL 11:cee25a834751 16343 }
wolfSSL 11:cee25a834751 16344 }
wolfSSL 11:cee25a834751 16345 #endif
wolfSSL 11:cee25a834751 16346
wolfSSL 11:cee25a834751 16347 #endif /* NO_DES3 */
wolfSSL 11:cee25a834751 16348
wolfSSL 11:cee25a834751 16349 int wolfSSL_BIO_printf(WOLFSSL_BIO* bio, const char* format, ...)
wolfSSL 11:cee25a834751 16350 {
wolfSSL 11:cee25a834751 16351 (void)bio;
wolfSSL 11:cee25a834751 16352 (void)format;
wolfSSL 11:cee25a834751 16353 return 0;
wolfSSL 11:cee25a834751 16354 }
wolfSSL 11:cee25a834751 16355
wolfSSL 11:cee25a834751 16356
wolfSSL 11:cee25a834751 16357 int wolfSSL_ASN1_UTCTIME_print(WOLFSSL_BIO* bio, const WOLFSSL_ASN1_UTCTIME* a)
wolfSSL 11:cee25a834751 16358 {
wolfSSL 11:cee25a834751 16359 (void)bio;
wolfSSL 11:cee25a834751 16360 (void)a;
wolfSSL 11:cee25a834751 16361 return 0;
wolfSSL 11:cee25a834751 16362 }
wolfSSL 11:cee25a834751 16363
wolfSSL 11:cee25a834751 16364 /* Return the month as a string.
wolfSSL 11:cee25a834751 16365 *
wolfSSL 11:cee25a834751 16366 * n The number of the month as a two characters (1 based).
wolfSSL 11:cee25a834751 16367 * returns the month as a string.
wolfSSL 11:cee25a834751 16368 */
wolfSSL 11:cee25a834751 16369 static INLINE const char* MonthStr(const char* n)
wolfSSL 11:cee25a834751 16370 {
wolfSSL 11:cee25a834751 16371 static const char monthStr[12][4] = {
wolfSSL 11:cee25a834751 16372 "Jan", "Feb", "Mar", "Apr", "May", "Jun",
wolfSSL 11:cee25a834751 16373 "Jul", "Aug", "Sep", "Oct", "Nov", "Dec" };
wolfSSL 11:cee25a834751 16374 return monthStr[(n[0] - '0') * 10 + (n[1] - '0') - 1];
wolfSSL 11:cee25a834751 16375 }
wolfSSL 11:cee25a834751 16376
wolfSSL 11:cee25a834751 16377 int wolfSSL_ASN1_GENERALIZEDTIME_print(WOLFSSL_BIO* bio,
wolfSSL 11:cee25a834751 16378 const WOLFSSL_ASN1_GENERALIZEDTIME* asnTime)
wolfSSL 11:cee25a834751 16379 {
wolfSSL 11:cee25a834751 16380 const char* p = (const char *)(asnTime->data + 2);
wolfSSL 11:cee25a834751 16381 WOLFSSL_ENTER("wolfSSL_ASN1_GENERALIZEDTIME_print");
wolfSSL 11:cee25a834751 16382
wolfSSL 11:cee25a834751 16383 if (bio == NULL || asnTime == NULL)
wolfSSL 11:cee25a834751 16384 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 16385
wolfSSL 11:cee25a834751 16386 /* GetTimeString not always available. */
wolfSSL 11:cee25a834751 16387 wolfSSL_BIO_write(bio, MonthStr(p + 4), 3);
wolfSSL 11:cee25a834751 16388 wolfSSL_BIO_write(bio, " ", 1);
wolfSSL 11:cee25a834751 16389 /* Day */
wolfSSL 11:cee25a834751 16390 wolfSSL_BIO_write(bio, p + 6, 2);
wolfSSL 11:cee25a834751 16391 wolfSSL_BIO_write(bio, " ", 1);
wolfSSL 11:cee25a834751 16392 /* Hour */
wolfSSL 11:cee25a834751 16393 wolfSSL_BIO_write(bio, p + 8, 2);
wolfSSL 11:cee25a834751 16394 wolfSSL_BIO_write(bio, ":", 1);
wolfSSL 11:cee25a834751 16395 /* Min */
wolfSSL 11:cee25a834751 16396 wolfSSL_BIO_write(bio, p + 10, 2);
wolfSSL 11:cee25a834751 16397 wolfSSL_BIO_write(bio, ":", 1);
wolfSSL 11:cee25a834751 16398 /* Secs */
wolfSSL 11:cee25a834751 16399 wolfSSL_BIO_write(bio, p + 12, 2);
wolfSSL 11:cee25a834751 16400 wolfSSL_BIO_write(bio, " ", 1);
wolfSSL 11:cee25a834751 16401 wolfSSL_BIO_write(bio, p, 4);
wolfSSL 11:cee25a834751 16402
wolfSSL 11:cee25a834751 16403 return 0;
wolfSSL 11:cee25a834751 16404 }
wolfSSL 11:cee25a834751 16405
wolfSSL 11:cee25a834751 16406 int wolfSSL_sk_num(WOLFSSL_X509_REVOKED* rev)
wolfSSL 11:cee25a834751 16407 {
wolfSSL 11:cee25a834751 16408 (void)rev;
wolfSSL 11:cee25a834751 16409 return 0;
wolfSSL 11:cee25a834751 16410 }
wolfSSL 11:cee25a834751 16411
wolfSSL 11:cee25a834751 16412
wolfSSL 11:cee25a834751 16413 void* wolfSSL_sk_value(WOLFSSL_X509_REVOKED* rev, int i)
wolfSSL 11:cee25a834751 16414 {
wolfSSL 11:cee25a834751 16415 (void)rev;
wolfSSL 11:cee25a834751 16416 (void)i;
wolfSSL 11:cee25a834751 16417 return 0;
wolfSSL 11:cee25a834751 16418 }
wolfSSL 11:cee25a834751 16419
wolfSSL 11:cee25a834751 16420
wolfSSL 11:cee25a834751 16421 /* stunnel 4.28 needs */
wolfSSL 11:cee25a834751 16422 void wolfSSL_CTX_sess_set_get_cb(WOLFSSL_CTX* ctx,
wolfSSL 11:cee25a834751 16423 WOLFSSL_SESSION*(*f)(WOLFSSL*, unsigned char*, int, int*))
wolfSSL 11:cee25a834751 16424 {
wolfSSL 11:cee25a834751 16425 #ifdef HAVE_EXT_CACHE
wolfSSL 11:cee25a834751 16426 ctx->get_sess_cb = f;
wolfSSL 11:cee25a834751 16427 #else
wolfSSL 11:cee25a834751 16428 (void)ctx;
wolfSSL 11:cee25a834751 16429 (void)f;
wolfSSL 11:cee25a834751 16430 #endif
wolfSSL 11:cee25a834751 16431 }
wolfSSL 11:cee25a834751 16432
wolfSSL 11:cee25a834751 16433
wolfSSL 11:cee25a834751 16434 void wolfSSL_CTX_sess_set_new_cb(WOLFSSL_CTX* ctx,
wolfSSL 11:cee25a834751 16435 int (*f)(WOLFSSL*, WOLFSSL_SESSION*))
wolfSSL 11:cee25a834751 16436 {
wolfSSL 11:cee25a834751 16437 #ifdef HAVE_EXT_CACHE
wolfSSL 11:cee25a834751 16438 ctx->new_sess_cb = f;
wolfSSL 11:cee25a834751 16439 #else
wolfSSL 11:cee25a834751 16440 (void)ctx;
wolfSSL 11:cee25a834751 16441 (void)f;
wolfSSL 11:cee25a834751 16442 #endif
wolfSSL 11:cee25a834751 16443 }
wolfSSL 11:cee25a834751 16444
wolfSSL 11:cee25a834751 16445
wolfSSL 11:cee25a834751 16446 void wolfSSL_CTX_sess_set_remove_cb(WOLFSSL_CTX* ctx, void (*f)(WOLFSSL_CTX*,
wolfSSL 11:cee25a834751 16447 WOLFSSL_SESSION*))
wolfSSL 11:cee25a834751 16448 {
wolfSSL 11:cee25a834751 16449 #ifdef HAVE_EXT_CACHE
wolfSSL 11:cee25a834751 16450 ctx->rem_sess_cb = f;
wolfSSL 11:cee25a834751 16451 #else
wolfSSL 11:cee25a834751 16452 (void)ctx;
wolfSSL 11:cee25a834751 16453 (void)f;
wolfSSL 11:cee25a834751 16454 #endif
wolfSSL 11:cee25a834751 16455 }
wolfSSL 11:cee25a834751 16456
wolfSSL 11:cee25a834751 16457 #ifdef HAVE_EXT_CACHE
wolfSSL 11:cee25a834751 16458 /* convert 32 bit integer to opaque */
wolfSSL 11:cee25a834751 16459 static INLINE void c32toa(word32 u32, byte* c)
wolfSSL 11:cee25a834751 16460 {
wolfSSL 11:cee25a834751 16461 c[0] = (u32 >> 24) & 0xff;
wolfSSL 11:cee25a834751 16462 c[1] = (u32 >> 16) & 0xff;
wolfSSL 11:cee25a834751 16463 c[2] = (u32 >> 8) & 0xff;
wolfSSL 11:cee25a834751 16464 c[3] = u32 & 0xff;
wolfSSL 11:cee25a834751 16465 }
wolfSSL 11:cee25a834751 16466
wolfSSL 11:cee25a834751 16467 static INLINE void c16toa(word16 u16, byte* c)
wolfSSL 11:cee25a834751 16468 {
wolfSSL 11:cee25a834751 16469 c[0] = (u16 >> 8) & 0xff;
wolfSSL 11:cee25a834751 16470 c[1] = u16 & 0xff;
wolfSSL 11:cee25a834751 16471 }
wolfSSL 11:cee25a834751 16472 #endif
wolfSSL 11:cee25a834751 16473
wolfSSL 11:cee25a834751 16474 int wolfSSL_i2d_SSL_SESSION(WOLFSSL_SESSION* sess, unsigned char** p)
wolfSSL 11:cee25a834751 16475 {
wolfSSL 11:cee25a834751 16476 int size = 0;
wolfSSL 11:cee25a834751 16477 #ifdef HAVE_EXT_CACHE
wolfSSL 11:cee25a834751 16478 int idx = 0;
wolfSSL 11:cee25a834751 16479 #ifdef SESSION_CERTS
wolfSSL 11:cee25a834751 16480 int i;
wolfSSL 11:cee25a834751 16481 #endif
wolfSSL 11:cee25a834751 16482 unsigned char *data;
wolfSSL 11:cee25a834751 16483
wolfSSL 11:cee25a834751 16484 /* bornOn | timeout | sessionID len | sessionID | masterSecret | haveEMS */
wolfSSL 11:cee25a834751 16485 size += OPAQUE32_LEN + OPAQUE32_LEN + OPAQUE8_LEN + sess->sessionIDSz +
wolfSSL 11:cee25a834751 16486 SECRET_LEN + OPAQUE8_LEN;
wolfSSL 11:cee25a834751 16487 #ifdef SESSION_CERTS
wolfSSL 11:cee25a834751 16488 /* Peer chain */
wolfSSL 11:cee25a834751 16489 size += OPAQUE8_LEN;
wolfSSL 11:cee25a834751 16490 for (i = 0; i < sess->chain.count; i++)
wolfSSL 11:cee25a834751 16491 size += OPAQUE16_LEN + sess->chain.certs[i].length;
wolfSSL 11:cee25a834751 16492 /* Protocol version + cipher suite */
wolfSSL 11:cee25a834751 16493 size += OPAQUE16_LEN + OPAQUE16_LEN;
wolfSSL 11:cee25a834751 16494 #endif
wolfSSL 11:cee25a834751 16495 #ifndef NO_CLIENT_CACHE
wolfSSL 11:cee25a834751 16496 /* ServerID len | ServerID */
wolfSSL 11:cee25a834751 16497 size += OPAQUE16_LEN + sess->idLen;
wolfSSL 11:cee25a834751 16498 #endif
wolfSSL 11:cee25a834751 16499 #ifdef HAVE_SESSION_TICKET
wolfSSL 11:cee25a834751 16500 /* ticket len | ticket */
wolfSSL 11:cee25a834751 16501 size += OPAQUE16_LEN + sess->ticketLen;
wolfSSL 11:cee25a834751 16502 #endif
wolfSSL 11:cee25a834751 16503
wolfSSL 11:cee25a834751 16504 if (p != NULL) {
wolfSSL 11:cee25a834751 16505 if (*p == NULL)
wolfSSL 11:cee25a834751 16506 *p = (unsigned char*)XMALLOC(size, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL 11:cee25a834751 16507 if (*p == NULL)
wolfSSL 11:cee25a834751 16508 return 0;
wolfSSL 11:cee25a834751 16509 data = *p;
wolfSSL 11:cee25a834751 16510
wolfSSL 11:cee25a834751 16511 c32toa(sess->bornOn, data + idx); idx += OPAQUE32_LEN;
wolfSSL 11:cee25a834751 16512 c32toa(sess->timeout, data + idx); idx += OPAQUE32_LEN;
wolfSSL 11:cee25a834751 16513 data[idx++] = sess->sessionIDSz;
wolfSSL 11:cee25a834751 16514 XMEMCPY(data + idx, sess->sessionID, sess->sessionIDSz);
wolfSSL 11:cee25a834751 16515 idx += sess->sessionIDSz;
wolfSSL 11:cee25a834751 16516 XMEMCPY(data + idx, sess->masterSecret, SECRET_LEN); idx += SECRET_LEN;
wolfSSL 11:cee25a834751 16517 data[idx++] = sess->haveEMS;
wolfSSL 11:cee25a834751 16518 #ifdef SESSION_CERTS
wolfSSL 11:cee25a834751 16519 data[idx++] = sess->chain.count;
wolfSSL 11:cee25a834751 16520 for (i = 0; i < sess->chain.count; i++) {
wolfSSL 11:cee25a834751 16521 c16toa(sess->chain.certs[i].length, data + idx);
wolfSSL 11:cee25a834751 16522 idx += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 16523 XMEMCPY(data + idx, sess->chain.certs[i].buffer,
wolfSSL 11:cee25a834751 16524 sess->chain.certs[i].length);
wolfSSL 11:cee25a834751 16525 idx += sess->chain.certs[i].length;
wolfSSL 11:cee25a834751 16526 }
wolfSSL 11:cee25a834751 16527 data[idx++] = sess->version.major;
wolfSSL 11:cee25a834751 16528 data[idx++] = sess->version.minor;
wolfSSL 11:cee25a834751 16529 data[idx++] = sess->cipherSuite0;
wolfSSL 11:cee25a834751 16530 data[idx++] = sess->cipherSuite;
wolfSSL 11:cee25a834751 16531 #endif
wolfSSL 11:cee25a834751 16532 #ifndef NO_CLIENT_CACHE
wolfSSL 11:cee25a834751 16533 c16toa(sess->idLen, data + idx); idx += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 16534 XMEMCPY(data + idx, sess->serverID, sess->idLen);
wolfSSL 11:cee25a834751 16535 idx += sess->idLen;
wolfSSL 11:cee25a834751 16536 #endif
wolfSSL 11:cee25a834751 16537 #ifdef HAVE_SESSION_TICKET
wolfSSL 11:cee25a834751 16538 c16toa(sess->ticketLen, data + idx); idx += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 16539 XMEMCPY(data + idx, sess->ticket, sess->ticketLen);
wolfSSL 11:cee25a834751 16540 idx += sess->ticketLen;
wolfSSL 11:cee25a834751 16541 #endif
wolfSSL 11:cee25a834751 16542 }
wolfSSL 11:cee25a834751 16543 #endif
wolfSSL 11:cee25a834751 16544
wolfSSL 11:cee25a834751 16545 (void)sess;
wolfSSL 11:cee25a834751 16546 (void)p;
wolfSSL 11:cee25a834751 16547 #ifdef HAVE_EXT_CACHE
wolfSSL 11:cee25a834751 16548 (void)idx;
wolfSSL 11:cee25a834751 16549 #endif
wolfSSL 11:cee25a834751 16550
wolfSSL 11:cee25a834751 16551 return size;
wolfSSL 11:cee25a834751 16552 }
wolfSSL 11:cee25a834751 16553
wolfSSL 11:cee25a834751 16554 #ifdef HAVE_EXT_CACHE
wolfSSL 11:cee25a834751 16555 /* convert opaque to 16 bit integer */
wolfSSL 11:cee25a834751 16556 static INLINE void ato16(const byte* c, word16* u16)
wolfSSL 11:cee25a834751 16557 {
wolfSSL 11:cee25a834751 16558 *u16 = (word16) ((c[0] << 8) | (c[1]));
wolfSSL 11:cee25a834751 16559 }
wolfSSL 11:cee25a834751 16560
wolfSSL 11:cee25a834751 16561 /* convert opaque to 32 bit integer */
wolfSSL 11:cee25a834751 16562 static INLINE void ato32(const byte* c, word32* u32)
wolfSSL 11:cee25a834751 16563 {
wolfSSL 11:cee25a834751 16564 *u32 = (c[0] << 24) | (c[1] << 16) | (c[2] << 8) | c[3];
wolfSSL 11:cee25a834751 16565 }
wolfSSL 11:cee25a834751 16566 #endif
wolfSSL 11:cee25a834751 16567
wolfSSL 11:cee25a834751 16568 /* TODO: no function to free new session. */
wolfSSL 11:cee25a834751 16569 WOLFSSL_SESSION* wolfSSL_d2i_SSL_SESSION(WOLFSSL_SESSION** sess,
wolfSSL 11:cee25a834751 16570 const unsigned char** p, long i)
wolfSSL 11:cee25a834751 16571 {
wolfSSL 11:cee25a834751 16572 WOLFSSL_SESSION* s = NULL;
wolfSSL 11:cee25a834751 16573 int ret = 0;
wolfSSL 11:cee25a834751 16574 #if defined(HAVE_EXT_CACHE)
wolfSSL 11:cee25a834751 16575 int idx;
wolfSSL 11:cee25a834751 16576 byte* data;
wolfSSL 11:cee25a834751 16577 #ifdef SESSION_CERTS
wolfSSL 11:cee25a834751 16578 int j;
wolfSSL 11:cee25a834751 16579 word16 length;
wolfSSL 11:cee25a834751 16580 #endif
wolfSSL 11:cee25a834751 16581 #endif
wolfSSL 11:cee25a834751 16582
wolfSSL 11:cee25a834751 16583 (void)p;
wolfSSL 11:cee25a834751 16584 (void)i;
wolfSSL 11:cee25a834751 16585 (void)ret;
wolfSSL 11:cee25a834751 16586
wolfSSL 11:cee25a834751 16587 if (sess != NULL)
wolfSSL 11:cee25a834751 16588 s = *sess;
wolfSSL 11:cee25a834751 16589
wolfSSL 11:cee25a834751 16590 #ifdef HAVE_EXT_CACHE
wolfSSL 11:cee25a834751 16591 if (p == NULL || *p == NULL)
wolfSSL 11:cee25a834751 16592 return NULL;
wolfSSL 11:cee25a834751 16593
wolfSSL 11:cee25a834751 16594 if (s == NULL) {
wolfSSL 11:cee25a834751 16595 s = (WOLFSSL_SESSION*)XMALLOC(sizeof(WOLFSSL_SESSION), NULL,
wolfSSL 11:cee25a834751 16596 DYNAMIC_TYPE_OPENSSL);
wolfSSL 11:cee25a834751 16597 if (s == NULL)
wolfSSL 11:cee25a834751 16598 return NULL;
wolfSSL 11:cee25a834751 16599 s->isAlloced = 1;
wolfSSL 11:cee25a834751 16600 s->isDynamic = 0;
wolfSSL 11:cee25a834751 16601 }
wolfSSL 11:cee25a834751 16602
wolfSSL 11:cee25a834751 16603 idx = 0;
wolfSSL 11:cee25a834751 16604 data = (byte*)*p;
wolfSSL 11:cee25a834751 16605
wolfSSL 11:cee25a834751 16606 /* bornOn | timeout | sessionID len */
wolfSSL 11:cee25a834751 16607 if (i < OPAQUE32_LEN + OPAQUE32_LEN + OPAQUE8_LEN) {
wolfSSL 11:cee25a834751 16608 ret = BUFFER_ERROR;
wolfSSL 11:cee25a834751 16609 goto end;
wolfSSL 11:cee25a834751 16610 }
wolfSSL 11:cee25a834751 16611 ato32(data + idx, &s->bornOn); idx += OPAQUE32_LEN;
wolfSSL 11:cee25a834751 16612 ato32(data + idx, &s->timeout); idx += OPAQUE32_LEN;
wolfSSL 11:cee25a834751 16613 s->sessionIDSz = data[idx++];
wolfSSL 11:cee25a834751 16614
wolfSSL 11:cee25a834751 16615 /* sessionID | secret | haveEMS */
wolfSSL 11:cee25a834751 16616 if (i - idx < s->sessionIDSz + SECRET_LEN + OPAQUE8_LEN) {
wolfSSL 11:cee25a834751 16617 ret = BUFFER_ERROR;
wolfSSL 11:cee25a834751 16618 goto end;
wolfSSL 11:cee25a834751 16619 }
wolfSSL 11:cee25a834751 16620 XMEMCPY(s->sessionID, data + idx, s->sessionIDSz);
wolfSSL 11:cee25a834751 16621 idx += s->sessionIDSz;
wolfSSL 11:cee25a834751 16622 XMEMCPY(s->masterSecret, data + idx, SECRET_LEN); idx += SECRET_LEN;
wolfSSL 11:cee25a834751 16623 s->haveEMS = data[idx++];
wolfSSL 11:cee25a834751 16624
wolfSSL 11:cee25a834751 16625 #ifdef SESSION_CERTS
wolfSSL 11:cee25a834751 16626 /* Certificate chain */
wolfSSL 11:cee25a834751 16627 if (i - idx == 0) {
wolfSSL 11:cee25a834751 16628 ret = BUFFER_ERROR;
wolfSSL 11:cee25a834751 16629 goto end;
wolfSSL 11:cee25a834751 16630 }
wolfSSL 11:cee25a834751 16631 s->chain.count = data[idx++];
wolfSSL 11:cee25a834751 16632 for (j = 0; j < s->chain.count; j++) {
wolfSSL 11:cee25a834751 16633 if (i - idx < OPAQUE16_LEN) {
wolfSSL 11:cee25a834751 16634 ret = BUFFER_ERROR;
wolfSSL 11:cee25a834751 16635 goto end;
wolfSSL 11:cee25a834751 16636 }
wolfSSL 11:cee25a834751 16637 ato16(data + idx, &length); idx += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 16638 s->chain.certs[j].length = length;
wolfSSL 11:cee25a834751 16639 if (i - idx < length) {
wolfSSL 11:cee25a834751 16640 ret = BUFFER_ERROR;
wolfSSL 11:cee25a834751 16641 goto end;
wolfSSL 11:cee25a834751 16642 }
wolfSSL 11:cee25a834751 16643 XMEMCPY(s->chain.certs[j].buffer, data + idx, length);
wolfSSL 11:cee25a834751 16644 idx += length;
wolfSSL 11:cee25a834751 16645 }
wolfSSL 11:cee25a834751 16646
wolfSSL 11:cee25a834751 16647 /* Protocol Version | Cipher suite */
wolfSSL 11:cee25a834751 16648 if (i - idx < OPAQUE16_LEN + OPAQUE16_LEN) {
wolfSSL 11:cee25a834751 16649 ret = BUFFER_ERROR;
wolfSSL 11:cee25a834751 16650 goto end;
wolfSSL 11:cee25a834751 16651 }
wolfSSL 11:cee25a834751 16652 s->version.major = data[idx++];
wolfSSL 11:cee25a834751 16653 s->version.minor = data[idx++];
wolfSSL 11:cee25a834751 16654 s->cipherSuite0 = data[idx++];
wolfSSL 11:cee25a834751 16655 s->cipherSuite = data[idx++];
wolfSSL 11:cee25a834751 16656 #endif
wolfSSL 11:cee25a834751 16657 #ifndef NO_CLIENT_CACHE
wolfSSL 11:cee25a834751 16658 /* ServerID len */
wolfSSL 11:cee25a834751 16659 if (i - idx < OPAQUE16_LEN) {
wolfSSL 11:cee25a834751 16660 ret = BUFFER_ERROR;
wolfSSL 11:cee25a834751 16661 goto end;
wolfSSL 11:cee25a834751 16662 }
wolfSSL 11:cee25a834751 16663 ato16(data + idx, &s->idLen); idx += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 16664
wolfSSL 11:cee25a834751 16665 /* ServerID */
wolfSSL 11:cee25a834751 16666 if (i - idx < s->idLen) {
wolfSSL 11:cee25a834751 16667 ret = BUFFER_ERROR;
wolfSSL 11:cee25a834751 16668 goto end;
wolfSSL 11:cee25a834751 16669 }
wolfSSL 11:cee25a834751 16670 XMEMCPY(s->serverID, data + idx, s->idLen); idx += s->idLen;
wolfSSL 11:cee25a834751 16671 #endif
wolfSSL 11:cee25a834751 16672 #ifdef HAVE_SESSION_TICKET
wolfSSL 11:cee25a834751 16673 /* ticket len */
wolfSSL 11:cee25a834751 16674 if (i - idx < OPAQUE16_LEN) {
wolfSSL 11:cee25a834751 16675 ret = BUFFER_ERROR;
wolfSSL 11:cee25a834751 16676 goto end;
wolfSSL 11:cee25a834751 16677 }
wolfSSL 11:cee25a834751 16678 ato16(data + idx, &s->ticketLen); idx += OPAQUE16_LEN;
wolfSSL 11:cee25a834751 16679
wolfSSL 11:cee25a834751 16680 /* Dispose of ol dynamic ticket and ensure space for new ticket. */
wolfSSL 11:cee25a834751 16681 if (s->isDynamic)
wolfSSL 11:cee25a834751 16682 XFREE(s->ticket, NULL, DYNAMIC_TYPE_SESSION_TICK);
wolfSSL 11:cee25a834751 16683 if (s->ticketLen <= SESSION_TICKET_LEN)
wolfSSL 11:cee25a834751 16684 s->ticket = s->staticTicket;
wolfSSL 11:cee25a834751 16685 else {
wolfSSL 11:cee25a834751 16686 s->ticket = (byte*)XMALLOC(s->ticketLen, NULL,
wolfSSL 11:cee25a834751 16687 DYNAMIC_TYPE_SESSION_TICK);
wolfSSL 11:cee25a834751 16688 if (s->ticket == NULL) {
wolfSSL 11:cee25a834751 16689 ret = MEMORY_ERROR;
wolfSSL 11:cee25a834751 16690 goto end;
wolfSSL 11:cee25a834751 16691 }
wolfSSL 11:cee25a834751 16692 s->isDynamic = 1;
wolfSSL 11:cee25a834751 16693 }
wolfSSL 11:cee25a834751 16694
wolfSSL 11:cee25a834751 16695 /* ticket */
wolfSSL 11:cee25a834751 16696 if (i - idx < s->ticketLen) {
wolfSSL 11:cee25a834751 16697 ret = BUFFER_ERROR;
wolfSSL 11:cee25a834751 16698 goto end;
wolfSSL 11:cee25a834751 16699 }
wolfSSL 11:cee25a834751 16700 XMEMCPY(s->ticket, data + idx, s->ticketLen); idx += s->ticketLen;
wolfSSL 11:cee25a834751 16701 #endif
wolfSSL 11:cee25a834751 16702 (void)idx;
wolfSSL 11:cee25a834751 16703
wolfSSL 11:cee25a834751 16704 if (sess != NULL)
wolfSSL 11:cee25a834751 16705 *sess = s;
wolfSSL 11:cee25a834751 16706
wolfSSL 11:cee25a834751 16707 *p += idx;
wolfSSL 11:cee25a834751 16708
wolfSSL 11:cee25a834751 16709 end:
wolfSSL 11:cee25a834751 16710 if (ret != 0 && (sess == NULL || *sess != s))
wolfSSL 11:cee25a834751 16711 wolfSSL_SESSION_free(s);
wolfSSL 11:cee25a834751 16712 #endif
wolfSSL 11:cee25a834751 16713 return s;
wolfSSL 11:cee25a834751 16714 }
wolfSSL 11:cee25a834751 16715
wolfSSL 11:cee25a834751 16716
wolfSSL 11:cee25a834751 16717 long wolfSSL_SESSION_get_timeout(const WOLFSSL_SESSION* sess)
wolfSSL 11:cee25a834751 16718 {
wolfSSL 11:cee25a834751 16719 WOLFSSL_ENTER("wolfSSL_SESSION_get_timeout");
wolfSSL 11:cee25a834751 16720 return sess->timeout;
wolfSSL 11:cee25a834751 16721 }
wolfSSL 11:cee25a834751 16722
wolfSSL 11:cee25a834751 16723
wolfSSL 11:cee25a834751 16724 long wolfSSL_SESSION_get_time(const WOLFSSL_SESSION* sess)
wolfSSL 11:cee25a834751 16725 {
wolfSSL 11:cee25a834751 16726 WOLFSSL_ENTER("wolfSSL_SESSION_get_time");
wolfSSL 11:cee25a834751 16727 return sess->bornOn;
wolfSSL 11:cee25a834751 16728 }
wolfSSL 11:cee25a834751 16729
wolfSSL 11:cee25a834751 16730
wolfSSL 11:cee25a834751 16731 #endif /* OPENSSL_EXTRA */
wolfSSL 11:cee25a834751 16732
wolfSSL 11:cee25a834751 16733
wolfSSL 11:cee25a834751 16734 #ifdef KEEP_PEER_CERT
wolfSSL 11:cee25a834751 16735 char* wolfSSL_X509_get_subjectCN(WOLFSSL_X509* x509)
wolfSSL 11:cee25a834751 16736 {
wolfSSL 11:cee25a834751 16737 if (x509 == NULL)
wolfSSL 11:cee25a834751 16738 return NULL;
wolfSSL 11:cee25a834751 16739
wolfSSL 11:cee25a834751 16740 return x509->subjectCN;
wolfSSL 11:cee25a834751 16741 }
wolfSSL 11:cee25a834751 16742 #endif /* KEEP_PEER_CERT */
wolfSSL 11:cee25a834751 16743
wolfSSL 11:cee25a834751 16744 #ifdef OPENSSL_EXTRA
wolfSSL 11:cee25a834751 16745
wolfSSL 11:cee25a834751 16746 #ifdef FORTRESS
wolfSSL 11:cee25a834751 16747 int wolfSSL_cmp_peer_cert_to_file(WOLFSSL* ssl, const char *fname)
wolfSSL 11:cee25a834751 16748 {
wolfSSL 11:cee25a834751 16749 int ret = SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 16750
wolfSSL 11:cee25a834751 16751 WOLFSSL_ENTER("wolfSSL_cmp_peer_cert_to_file");
wolfSSL 11:cee25a834751 16752 if (ssl != NULL && fname != NULL)
wolfSSL 11:cee25a834751 16753 {
wolfSSL 11:cee25a834751 16754 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 16755 EncryptedInfo* info = NULL;
wolfSSL 11:cee25a834751 16756 byte staticBuffer[1]; /* force heap usage */
wolfSSL 11:cee25a834751 16757 #else
wolfSSL 11:cee25a834751 16758 EncryptedInfo info[1];
wolfSSL 11:cee25a834751 16759 byte staticBuffer[FILE_BUFFER_SIZE];
wolfSSL 11:cee25a834751 16760 #endif
wolfSSL 11:cee25a834751 16761 byte* myBuffer = staticBuffer;
wolfSSL 11:cee25a834751 16762 int dynamic = 0;
wolfSSL 11:cee25a834751 16763 XFILE file = XBADFILE;
wolfSSL 11:cee25a834751 16764 size_t sz = 0;
wolfSSL 11:cee25a834751 16765 int eccKey = 0;
wolfSSL 11:cee25a834751 16766 WOLFSSL_CTX* ctx = ssl->ctx;
wolfSSL 11:cee25a834751 16767 WOLFSSL_X509* peer_cert = &ssl->peerCert;
wolfSSL 11:cee25a834751 16768 DerBuffer* fileDer = NULL;
wolfSSL 11:cee25a834751 16769
wolfSSL 11:cee25a834751 16770 file = XFOPEN(fname, "rb");
wolfSSL 11:cee25a834751 16771 if (file == XBADFILE)
wolfSSL 11:cee25a834751 16772 return SSL_BAD_FILE;
wolfSSL 11:cee25a834751 16773
wolfSSL 11:cee25a834751 16774 XFSEEK(file, 0, XSEEK_END);
wolfSSL 11:cee25a834751 16775 sz = XFTELL(file);
wolfSSL 11:cee25a834751 16776 XREWIND(file);
wolfSSL 11:cee25a834751 16777
wolfSSL 11:cee25a834751 16778 if (sz > (long)sizeof(staticBuffer)) {
wolfSSL 11:cee25a834751 16779 WOLFSSL_MSG("Getting dynamic buffer");
wolfSSL 11:cee25a834751 16780 myBuffer = (byte*)XMALLOC(sz, ctx->heap, DYNAMIC_TYPE_FILE);
wolfSSL 11:cee25a834751 16781 dynamic = 1;
wolfSSL 11:cee25a834751 16782 }
wolfSSL 11:cee25a834751 16783
wolfSSL 11:cee25a834751 16784 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 16785 info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), NULL,
wolfSSL 11:cee25a834751 16786 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 16787 if (info == NULL)
wolfSSL 11:cee25a834751 16788 ret = MEMORY_E;
wolfSSL 11:cee25a834751 16789 else
wolfSSL 11:cee25a834751 16790 #endif
wolfSSL 11:cee25a834751 16791 {
wolfSSL 11:cee25a834751 16792 info->set = 0;
wolfSSL 11:cee25a834751 16793 info->ctx = ctx;
wolfSSL 11:cee25a834751 16794 info->consumed = 0;
wolfSSL 11:cee25a834751 16795
wolfSSL 11:cee25a834751 16796 if ((myBuffer != NULL) &&
wolfSSL 11:cee25a834751 16797 (sz > 0) &&
wolfSSL 11:cee25a834751 16798 (XFREAD(myBuffer, 1, sz, file) == sz) &&
wolfSSL 11:cee25a834751 16799 (PemToDer(myBuffer, sz, CERT_TYPE,
wolfSSL 11:cee25a834751 16800 &fileDer, ctx->heap, info, &eccKey) == 0) &&
wolfSSL 11:cee25a834751 16801 (fileDer->length != 0) &&
wolfSSL 11:cee25a834751 16802 (fileDer->length == peer_cert->derCert->length) &&
wolfSSL 11:cee25a834751 16803 (XMEMCMP(peer_cert->derCert->buffer, fileDer->buffer,
wolfSSL 11:cee25a834751 16804 fileDer->length) == 0))
wolfSSL 11:cee25a834751 16805 {
wolfSSL 11:cee25a834751 16806 ret = 0;
wolfSSL 11:cee25a834751 16807 }
wolfSSL 11:cee25a834751 16808
wolfSSL 11:cee25a834751 16809 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 16810 XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 16811 #endif
wolfSSL 11:cee25a834751 16812 }
wolfSSL 11:cee25a834751 16813
wolfSSL 11:cee25a834751 16814 FreeDer(&fileDer);
wolfSSL 11:cee25a834751 16815
wolfSSL 11:cee25a834751 16816 if (dynamic)
wolfSSL 11:cee25a834751 16817 XFREE(myBuffer, ctx->heap, DYNAMIC_TYPE_FILE);
wolfSSL 11:cee25a834751 16818
wolfSSL 11:cee25a834751 16819 XFCLOSE(file);
wolfSSL 11:cee25a834751 16820 }
wolfSSL 11:cee25a834751 16821
wolfSSL 11:cee25a834751 16822 return ret;
wolfSSL 11:cee25a834751 16823 }
wolfSSL 11:cee25a834751 16824 #endif
wolfSSL 11:cee25a834751 16825
wolfSSL 11:cee25a834751 16826
wolfSSL 11:cee25a834751 16827 static WC_RNG globalRNG;
wolfSSL 11:cee25a834751 16828 static int initGlobalRNG = 0;
wolfSSL 11:cee25a834751 16829
wolfSSL 11:cee25a834751 16830 /* SSL_SUCCESS on ok */
wolfSSL 11:cee25a834751 16831 int wolfSSL_RAND_seed(const void* seed, int len)
wolfSSL 11:cee25a834751 16832 {
wolfSSL 11:cee25a834751 16833
wolfSSL 11:cee25a834751 16834 WOLFSSL_MSG("wolfSSL_RAND_seed");
wolfSSL 11:cee25a834751 16835
wolfSSL 11:cee25a834751 16836 (void)seed;
wolfSSL 11:cee25a834751 16837 (void)len;
wolfSSL 11:cee25a834751 16838
wolfSSL 11:cee25a834751 16839 if (initGlobalRNG == 0) {
wolfSSL 11:cee25a834751 16840 if (wc_InitRng(&globalRNG) < 0) {
wolfSSL 11:cee25a834751 16841 WOLFSSL_MSG("wolfSSL Init Global RNG failed");
wolfSSL 11:cee25a834751 16842 return 0;
wolfSSL 11:cee25a834751 16843 }
wolfSSL 11:cee25a834751 16844 initGlobalRNG = 1;
wolfSSL 11:cee25a834751 16845 }
wolfSSL 11:cee25a834751 16846
wolfSSL 11:cee25a834751 16847 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 16848 }
wolfSSL 11:cee25a834751 16849
wolfSSL 11:cee25a834751 16850
wolfSSL 11:cee25a834751 16851 /* SSL_SUCCESS on ok */
wolfSSL 11:cee25a834751 16852 int wolfSSL_RAND_bytes(unsigned char* buf, int num)
wolfSSL 11:cee25a834751 16853 {
wolfSSL 11:cee25a834751 16854 int ret = 0;
wolfSSL 11:cee25a834751 16855 int initTmpRng = 0;
wolfSSL 11:cee25a834751 16856 WC_RNG* rng = NULL;
wolfSSL 11:cee25a834751 16857 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 16858 WC_RNG* tmpRNG = NULL;
wolfSSL 11:cee25a834751 16859 #else
wolfSSL 11:cee25a834751 16860 WC_RNG tmpRNG[1];
wolfSSL 11:cee25a834751 16861 #endif
wolfSSL 11:cee25a834751 16862
wolfSSL 11:cee25a834751 16863 WOLFSSL_ENTER("wolfSSL_RAND_bytes");
wolfSSL 11:cee25a834751 16864
wolfSSL 11:cee25a834751 16865 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 16866 tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 16867 if (tmpRNG == NULL)
wolfSSL 11:cee25a834751 16868 return ret;
wolfSSL 11:cee25a834751 16869 #endif
wolfSSL 11:cee25a834751 16870
wolfSSL 11:cee25a834751 16871 if (wc_InitRng(tmpRNG) == 0) {
wolfSSL 11:cee25a834751 16872 rng = tmpRNG;
wolfSSL 11:cee25a834751 16873 initTmpRng = 1;
wolfSSL 11:cee25a834751 16874 }
wolfSSL 11:cee25a834751 16875 else if (initGlobalRNG)
wolfSSL 11:cee25a834751 16876 rng = &globalRNG;
wolfSSL 11:cee25a834751 16877
wolfSSL 11:cee25a834751 16878 if (rng) {
wolfSSL 11:cee25a834751 16879 if (wc_RNG_GenerateBlock(rng, buf, num) != 0)
wolfSSL 11:cee25a834751 16880 WOLFSSL_MSG("Bad wc_RNG_GenerateBlock");
wolfSSL 11:cee25a834751 16881 else
wolfSSL 11:cee25a834751 16882 ret = SSL_SUCCESS;
wolfSSL 11:cee25a834751 16883 }
wolfSSL 11:cee25a834751 16884
wolfSSL 11:cee25a834751 16885 if (initTmpRng)
wolfSSL 11:cee25a834751 16886 wc_FreeRng(tmpRNG);
wolfSSL 11:cee25a834751 16887
wolfSSL 11:cee25a834751 16888 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 16889 XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 16890 #endif
wolfSSL 11:cee25a834751 16891
wolfSSL 11:cee25a834751 16892 return ret;
wolfSSL 11:cee25a834751 16893 }
wolfSSL 11:cee25a834751 16894
wolfSSL 11:cee25a834751 16895 WOLFSSL_BN_CTX* wolfSSL_BN_CTX_new(void)
wolfSSL 11:cee25a834751 16896 {
wolfSSL 11:cee25a834751 16897 static int ctx; /* wolfcrypt doesn't now need ctx */
wolfSSL 11:cee25a834751 16898
wolfSSL 11:cee25a834751 16899 WOLFSSL_MSG("wolfSSL_BN_CTX_new");
wolfSSL 11:cee25a834751 16900
wolfSSL 11:cee25a834751 16901 return (WOLFSSL_BN_CTX*)&ctx;
wolfSSL 11:cee25a834751 16902 }
wolfSSL 11:cee25a834751 16903
wolfSSL 11:cee25a834751 16904 void wolfSSL_BN_CTX_init(WOLFSSL_BN_CTX* ctx)
wolfSSL 11:cee25a834751 16905 {
wolfSSL 11:cee25a834751 16906 (void)ctx;
wolfSSL 11:cee25a834751 16907 WOLFSSL_MSG("wolfSSL_BN_CTX_init");
wolfSSL 11:cee25a834751 16908 }
wolfSSL 11:cee25a834751 16909
wolfSSL 11:cee25a834751 16910
wolfSSL 11:cee25a834751 16911 void wolfSSL_BN_CTX_free(WOLFSSL_BN_CTX* ctx)
wolfSSL 11:cee25a834751 16912 {
wolfSSL 11:cee25a834751 16913 (void)ctx;
wolfSSL 11:cee25a834751 16914 WOLFSSL_MSG("wolfSSL_BN_CTX_free");
wolfSSL 11:cee25a834751 16915
wolfSSL 11:cee25a834751 16916 /* do free since static ctx that does nothing */
wolfSSL 11:cee25a834751 16917 }
wolfSSL 11:cee25a834751 16918
wolfSSL 11:cee25a834751 16919
wolfSSL 11:cee25a834751 16920 static void InitwolfSSL_BigNum(WOLFSSL_BIGNUM* bn)
wolfSSL 11:cee25a834751 16921 {
wolfSSL 11:cee25a834751 16922 WOLFSSL_MSG("InitwolfSSL_BigNum");
wolfSSL 11:cee25a834751 16923 if (bn) {
wolfSSL 11:cee25a834751 16924 bn->neg = 0;
wolfSSL 11:cee25a834751 16925 bn->internal = NULL;
wolfSSL 11:cee25a834751 16926 }
wolfSSL 11:cee25a834751 16927 }
wolfSSL 11:cee25a834751 16928
wolfSSL 11:cee25a834751 16929
wolfSSL 11:cee25a834751 16930 WOLFSSL_BIGNUM* wolfSSL_BN_new(void)
wolfSSL 11:cee25a834751 16931 {
wolfSSL 11:cee25a834751 16932 WOLFSSL_BIGNUM* external;
wolfSSL 11:cee25a834751 16933 mp_int* mpi;
wolfSSL 11:cee25a834751 16934
wolfSSL 11:cee25a834751 16935 WOLFSSL_MSG("wolfSSL_BN_new");
wolfSSL 11:cee25a834751 16936
wolfSSL 11:cee25a834751 16937 mpi = (mp_int*) XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_BIGINT);
wolfSSL 11:cee25a834751 16938 if (mpi == NULL) {
wolfSSL 11:cee25a834751 16939 WOLFSSL_MSG("wolfSSL_BN_new malloc mpi failure");
wolfSSL 11:cee25a834751 16940 return NULL;
wolfSSL 11:cee25a834751 16941 }
wolfSSL 11:cee25a834751 16942
wolfSSL 11:cee25a834751 16943 external = (WOLFSSL_BIGNUM*) XMALLOC(sizeof(WOLFSSL_BIGNUM), NULL,
wolfSSL 11:cee25a834751 16944 DYNAMIC_TYPE_BIGINT);
wolfSSL 11:cee25a834751 16945 if (external == NULL) {
wolfSSL 11:cee25a834751 16946 WOLFSSL_MSG("wolfSSL_BN_new malloc WOLFSSL_BIGNUM failure");
wolfSSL 11:cee25a834751 16947 XFREE(mpi, NULL, DYNAMIC_TYPE_BIGINT);
wolfSSL 11:cee25a834751 16948 return NULL;
wolfSSL 11:cee25a834751 16949 }
wolfSSL 11:cee25a834751 16950
wolfSSL 11:cee25a834751 16951 InitwolfSSL_BigNum(external);
wolfSSL 11:cee25a834751 16952 external->internal = mpi;
wolfSSL 11:cee25a834751 16953 if (mp_init(mpi) != MP_OKAY) {
wolfSSL 11:cee25a834751 16954 wolfSSL_BN_free(external);
wolfSSL 11:cee25a834751 16955 return NULL;
wolfSSL 11:cee25a834751 16956 }
wolfSSL 11:cee25a834751 16957
wolfSSL 11:cee25a834751 16958 return external;
wolfSSL 11:cee25a834751 16959 }
wolfSSL 11:cee25a834751 16960
wolfSSL 11:cee25a834751 16961
wolfSSL 11:cee25a834751 16962 void wolfSSL_BN_free(WOLFSSL_BIGNUM* bn)
wolfSSL 11:cee25a834751 16963 {
wolfSSL 11:cee25a834751 16964 WOLFSSL_MSG("wolfSSL_BN_free");
wolfSSL 11:cee25a834751 16965 if (bn) {
wolfSSL 11:cee25a834751 16966 if (bn->internal) {
wolfSSL 11:cee25a834751 16967 mp_forcezero((mp_int*)bn->internal);
wolfSSL 11:cee25a834751 16968 XFREE(bn->internal, NULL, DYNAMIC_TYPE_BIGINT);
wolfSSL 11:cee25a834751 16969 bn->internal = NULL;
wolfSSL 11:cee25a834751 16970 }
wolfSSL 11:cee25a834751 16971 XFREE(bn, NULL, DYNAMIC_TYPE_BIGINT);
wolfSSL 11:cee25a834751 16972 bn = NULL;
wolfSSL 11:cee25a834751 16973 }
wolfSSL 11:cee25a834751 16974 }
wolfSSL 11:cee25a834751 16975
wolfSSL 11:cee25a834751 16976
wolfSSL 11:cee25a834751 16977 void wolfSSL_BN_clear_free(WOLFSSL_BIGNUM* bn)
wolfSSL 11:cee25a834751 16978 {
wolfSSL 11:cee25a834751 16979 WOLFSSL_MSG("wolfSSL_BN_clear_free");
wolfSSL 11:cee25a834751 16980
wolfSSL 11:cee25a834751 16981 wolfSSL_BN_free(bn);
wolfSSL 11:cee25a834751 16982 }
wolfSSL 11:cee25a834751 16983
wolfSSL 11:cee25a834751 16984
wolfSSL 11:cee25a834751 16985 /* SSL_SUCCESS on ok */
wolfSSL 11:cee25a834751 16986 int wolfSSL_BN_sub(WOLFSSL_BIGNUM* r, const WOLFSSL_BIGNUM* a,
wolfSSL 11:cee25a834751 16987 const WOLFSSL_BIGNUM* b)
wolfSSL 11:cee25a834751 16988 {
wolfSSL 11:cee25a834751 16989 WOLFSSL_MSG("wolfSSL_BN_sub");
wolfSSL 11:cee25a834751 16990
wolfSSL 11:cee25a834751 16991 if (r == NULL || a == NULL || b == NULL)
wolfSSL 11:cee25a834751 16992 return 0;
wolfSSL 11:cee25a834751 16993
wolfSSL 11:cee25a834751 16994 if (mp_sub((mp_int*)a->internal,(mp_int*)b->internal,
wolfSSL 11:cee25a834751 16995 (mp_int*)r->internal) == MP_OKAY)
wolfSSL 11:cee25a834751 16996 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 16997
wolfSSL 11:cee25a834751 16998 WOLFSSL_MSG("wolfSSL_BN_sub mp_sub failed");
wolfSSL 11:cee25a834751 16999 return 0;
wolfSSL 11:cee25a834751 17000 }
wolfSSL 11:cee25a834751 17001
wolfSSL 11:cee25a834751 17002
wolfSSL 11:cee25a834751 17003 /* SSL_SUCCESS on ok */
wolfSSL 11:cee25a834751 17004 int wolfSSL_BN_mod(WOLFSSL_BIGNUM* r, const WOLFSSL_BIGNUM* a,
wolfSSL 11:cee25a834751 17005 const WOLFSSL_BIGNUM* b, const WOLFSSL_BN_CTX* c)
wolfSSL 11:cee25a834751 17006 {
wolfSSL 11:cee25a834751 17007 (void)c;
wolfSSL 11:cee25a834751 17008 WOLFSSL_MSG("wolfSSL_BN_mod");
wolfSSL 11:cee25a834751 17009
wolfSSL 11:cee25a834751 17010 if (r == NULL || a == NULL || b == NULL)
wolfSSL 11:cee25a834751 17011 return 0;
wolfSSL 11:cee25a834751 17012
wolfSSL 11:cee25a834751 17013 if (mp_mod((mp_int*)a->internal,(mp_int*)b->internal,
wolfSSL 11:cee25a834751 17014 (mp_int*)r->internal) == MP_OKAY)
wolfSSL 11:cee25a834751 17015 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 17016
wolfSSL 11:cee25a834751 17017 WOLFSSL_MSG("wolfSSL_BN_mod mp_mod failed");
wolfSSL 11:cee25a834751 17018 return 0;
wolfSSL 11:cee25a834751 17019 }
wolfSSL 11:cee25a834751 17020
wolfSSL 11:cee25a834751 17021
wolfSSL 11:cee25a834751 17022 /* r = (a^p) % m */
wolfSSL 11:cee25a834751 17023 int wolfSSL_BN_mod_exp(WOLFSSL_BIGNUM *r, const WOLFSSL_BIGNUM *a,
wolfSSL 11:cee25a834751 17024 const WOLFSSL_BIGNUM *p, const WOLFSSL_BIGNUM *m, WOLFSSL_BN_CTX *ctx)
wolfSSL 11:cee25a834751 17025 {
wolfSSL 11:cee25a834751 17026 int ret;
wolfSSL 11:cee25a834751 17027
wolfSSL 11:cee25a834751 17028 WOLFSSL_ENTER("wolfSSL_BN_mod_exp");
wolfSSL 11:cee25a834751 17029
wolfSSL 11:cee25a834751 17030 (void) ctx;
wolfSSL 11:cee25a834751 17031 if (r == NULL || a == NULL || p == NULL || m == NULL) {
wolfSSL 11:cee25a834751 17032 WOLFSSL_MSG("Bad Argument");
wolfSSL 11:cee25a834751 17033 return SSL_FAILURE;
wolfSSL 11:cee25a834751 17034 }
wolfSSL 11:cee25a834751 17035
wolfSSL 11:cee25a834751 17036 if ((ret = mp_exptmod((mp_int*)a->internal,(mp_int*)p->internal,
wolfSSL 11:cee25a834751 17037 (mp_int*)m->internal, (mp_int*)r->internal)) == MP_OKAY) {
wolfSSL 11:cee25a834751 17038 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 17039 }
wolfSSL 11:cee25a834751 17040
wolfSSL 11:cee25a834751 17041 WOLFSSL_LEAVE("wolfSSL_BN_mod_exp", ret);
wolfSSL 11:cee25a834751 17042 (void)ret;
wolfSSL 11:cee25a834751 17043
wolfSSL 11:cee25a834751 17044 return SSL_FAILURE;
wolfSSL 11:cee25a834751 17045 }
wolfSSL 11:cee25a834751 17046
wolfSSL 11:cee25a834751 17047 const WOLFSSL_BIGNUM* wolfSSL_BN_value_one(void)
wolfSSL 11:cee25a834751 17048 {
wolfSSL 11:cee25a834751 17049 static WOLFSSL_BIGNUM* bn_one = NULL;
wolfSSL 11:cee25a834751 17050
wolfSSL 11:cee25a834751 17051 WOLFSSL_MSG("wolfSSL_BN_value_one");
wolfSSL 11:cee25a834751 17052
wolfSSL 11:cee25a834751 17053 if (bn_one == NULL) {
wolfSSL 11:cee25a834751 17054 bn_one = wolfSSL_BN_new();
wolfSSL 11:cee25a834751 17055 if (bn_one) {
wolfSSL 11:cee25a834751 17056 if (mp_set_int((mp_int*)bn_one->internal, 1) != MP_OKAY) {
wolfSSL 11:cee25a834751 17057 /* handle error by freeing BN and returning NULL */
wolfSSL 11:cee25a834751 17058 wolfSSL_BN_free(bn_one);
wolfSSL 11:cee25a834751 17059 bn_one = NULL;
wolfSSL 11:cee25a834751 17060 }
wolfSSL 11:cee25a834751 17061 }
wolfSSL 11:cee25a834751 17062 }
wolfSSL 11:cee25a834751 17063
wolfSSL 11:cee25a834751 17064 return bn_one;
wolfSSL 11:cee25a834751 17065 }
wolfSSL 11:cee25a834751 17066
wolfSSL 11:cee25a834751 17067 /* return compliant with OpenSSL
wolfSSL 11:cee25a834751 17068 * size of BIGNUM in bytes, 0 if error */
wolfSSL 11:cee25a834751 17069 int wolfSSL_BN_num_bytes(const WOLFSSL_BIGNUM* bn)
wolfSSL 11:cee25a834751 17070 {
wolfSSL 11:cee25a834751 17071 WOLFSSL_MSG("wolfSSL_BN_num_bytes");
wolfSSL 11:cee25a834751 17072
wolfSSL 11:cee25a834751 17073 if (bn == NULL || bn->internal == NULL)
wolfSSL 11:cee25a834751 17074 return SSL_FAILURE;
wolfSSL 11:cee25a834751 17075
wolfSSL 11:cee25a834751 17076 return mp_unsigned_bin_size((mp_int*)bn->internal);
wolfSSL 11:cee25a834751 17077 }
wolfSSL 11:cee25a834751 17078
wolfSSL 11:cee25a834751 17079 /* return compliant with OpenSSL
wolfSSL 11:cee25a834751 17080 * size of BIGNUM in bits, 0 if error */
wolfSSL 11:cee25a834751 17081 int wolfSSL_BN_num_bits(const WOLFSSL_BIGNUM* bn)
wolfSSL 11:cee25a834751 17082 {
wolfSSL 11:cee25a834751 17083 WOLFSSL_MSG("wolfSSL_BN_num_bits");
wolfSSL 11:cee25a834751 17084
wolfSSL 11:cee25a834751 17085 if (bn == NULL || bn->internal == NULL)
wolfSSL 11:cee25a834751 17086 return SSL_FAILURE;
wolfSSL 11:cee25a834751 17087
wolfSSL 11:cee25a834751 17088 return mp_count_bits((mp_int*)bn->internal);
wolfSSL 11:cee25a834751 17089 }
wolfSSL 11:cee25a834751 17090
wolfSSL 11:cee25a834751 17091 /* return compliant with OpenSSL
wolfSSL 11:cee25a834751 17092 * 1 if BIGNUM is zero, 0 else */
wolfSSL 11:cee25a834751 17093 int wolfSSL_BN_is_zero(const WOLFSSL_BIGNUM* bn)
wolfSSL 11:cee25a834751 17094 {
wolfSSL 11:cee25a834751 17095 WOLFSSL_MSG("wolfSSL_BN_is_zero");
wolfSSL 11:cee25a834751 17096
wolfSSL 11:cee25a834751 17097 if (bn == NULL || bn->internal == NULL)
wolfSSL 11:cee25a834751 17098 return SSL_FAILURE;
wolfSSL 11:cee25a834751 17099
wolfSSL 11:cee25a834751 17100 if (mp_iszero((mp_int*)bn->internal) == MP_YES)
wolfSSL 11:cee25a834751 17101 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 17102
wolfSSL 11:cee25a834751 17103 return SSL_FAILURE;
wolfSSL 11:cee25a834751 17104 }
wolfSSL 11:cee25a834751 17105
wolfSSL 11:cee25a834751 17106 /* return compliant with OpenSSL
wolfSSL 11:cee25a834751 17107 * 1 if BIGNUM is one, 0 else */
wolfSSL 11:cee25a834751 17108 int wolfSSL_BN_is_one(const WOLFSSL_BIGNUM* bn)
wolfSSL 11:cee25a834751 17109 {
wolfSSL 11:cee25a834751 17110 WOLFSSL_MSG("wolfSSL_BN_is_one");
wolfSSL 11:cee25a834751 17111
wolfSSL 11:cee25a834751 17112 if (bn == NULL || bn->internal == NULL)
wolfSSL 11:cee25a834751 17113 return SSL_FAILURE;
wolfSSL 11:cee25a834751 17114
wolfSSL 11:cee25a834751 17115 if (mp_cmp_d((mp_int*)bn->internal, 1) == MP_EQ)
wolfSSL 11:cee25a834751 17116 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 17117
wolfSSL 11:cee25a834751 17118 return SSL_FAILURE;
wolfSSL 11:cee25a834751 17119 }
wolfSSL 11:cee25a834751 17120
wolfSSL 11:cee25a834751 17121 /* return compliant with OpenSSL
wolfSSL 11:cee25a834751 17122 * 1 if BIGNUM is odd, 0 else */
wolfSSL 11:cee25a834751 17123 int wolfSSL_BN_is_odd(const WOLFSSL_BIGNUM* bn)
wolfSSL 11:cee25a834751 17124 {
wolfSSL 11:cee25a834751 17125 WOLFSSL_MSG("wolfSSL_BN_is_odd");
wolfSSL 11:cee25a834751 17126
wolfSSL 11:cee25a834751 17127 if (bn == NULL || bn->internal == NULL)
wolfSSL 11:cee25a834751 17128 return SSL_FAILURE;
wolfSSL 11:cee25a834751 17129
wolfSSL 11:cee25a834751 17130 if (mp_isodd((mp_int*)bn->internal) == MP_YES)
wolfSSL 11:cee25a834751 17131 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 17132
wolfSSL 11:cee25a834751 17133 return SSL_FAILURE;
wolfSSL 11:cee25a834751 17134 }
wolfSSL 11:cee25a834751 17135
wolfSSL 11:cee25a834751 17136 /* return compliant with OpenSSL
wolfSSL 11:cee25a834751 17137 * -1 if a < b, 0 if a == b and 1 if a > b
wolfSSL 11:cee25a834751 17138 */
wolfSSL 11:cee25a834751 17139 int wolfSSL_BN_cmp(const WOLFSSL_BIGNUM* a, const WOLFSSL_BIGNUM* b)
wolfSSL 11:cee25a834751 17140 {
wolfSSL 11:cee25a834751 17141 int ret;
wolfSSL 11:cee25a834751 17142
wolfSSL 11:cee25a834751 17143 WOLFSSL_MSG("wolfSSL_BN_cmp");
wolfSSL 11:cee25a834751 17144
wolfSSL 11:cee25a834751 17145 if (a == NULL || a->internal == NULL || b == NULL || b->internal == NULL)
wolfSSL 11:cee25a834751 17146 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 17147
wolfSSL 11:cee25a834751 17148 ret = mp_cmp((mp_int*)a->internal, (mp_int*)b->internal);
wolfSSL 11:cee25a834751 17149
wolfSSL 11:cee25a834751 17150 return (ret == MP_EQ ? 0 : (ret == MP_GT ? 1 : -1));
wolfSSL 11:cee25a834751 17151 }
wolfSSL 11:cee25a834751 17152
wolfSSL 11:cee25a834751 17153 /* return compliant with OpenSSL
wolfSSL 11:cee25a834751 17154 * length of BIGNUM in bytes, -1 if error */
wolfSSL 11:cee25a834751 17155 int wolfSSL_BN_bn2bin(const WOLFSSL_BIGNUM* bn, unsigned char* r)
wolfSSL 11:cee25a834751 17156 {
wolfSSL 11:cee25a834751 17157 WOLFSSL_MSG("wolfSSL_BN_bn2bin");
wolfSSL 11:cee25a834751 17158
wolfSSL 11:cee25a834751 17159 if (bn == NULL || bn->internal == NULL) {
wolfSSL 11:cee25a834751 17160 WOLFSSL_MSG("NULL bn error");
wolfSSL 11:cee25a834751 17161 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 17162 }
wolfSSL 11:cee25a834751 17163
wolfSSL 11:cee25a834751 17164 if (r == NULL)
wolfSSL 11:cee25a834751 17165 return mp_unsigned_bin_size((mp_int*)bn->internal);
wolfSSL 11:cee25a834751 17166
wolfSSL 11:cee25a834751 17167 if (mp_to_unsigned_bin((mp_int*)bn->internal, r) != MP_OKAY) {
wolfSSL 11:cee25a834751 17168 WOLFSSL_MSG("mp_to_unsigned_bin error");
wolfSSL 11:cee25a834751 17169 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 17170 }
wolfSSL 11:cee25a834751 17171
wolfSSL 11:cee25a834751 17172 return mp_unsigned_bin_size((mp_int*)bn->internal);
wolfSSL 11:cee25a834751 17173 }
wolfSSL 11:cee25a834751 17174
wolfSSL 11:cee25a834751 17175
wolfSSL 11:cee25a834751 17176 WOLFSSL_BIGNUM* wolfSSL_BN_bin2bn(const unsigned char* str, int len,
wolfSSL 11:cee25a834751 17177 WOLFSSL_BIGNUM* ret)
wolfSSL 11:cee25a834751 17178 {
wolfSSL 11:cee25a834751 17179 int weOwn = 0;
wolfSSL 11:cee25a834751 17180
wolfSSL 11:cee25a834751 17181 WOLFSSL_MSG("wolfSSL_BN_bin2bn");
wolfSSL 11:cee25a834751 17182
wolfSSL 11:cee25a834751 17183 /* if ret is null create a BN */
wolfSSL 11:cee25a834751 17184 if (ret == NULL) {
wolfSSL 11:cee25a834751 17185 ret = wolfSSL_BN_new();
wolfSSL 11:cee25a834751 17186 weOwn = 1;
wolfSSL 11:cee25a834751 17187 if (ret == NULL)
wolfSSL 11:cee25a834751 17188 return NULL;
wolfSSL 11:cee25a834751 17189 }
wolfSSL 11:cee25a834751 17190
wolfSSL 11:cee25a834751 17191 /* check ret and ret->internal then read in value */
wolfSSL 11:cee25a834751 17192 if (ret && ret->internal) {
wolfSSL 11:cee25a834751 17193 if (mp_read_unsigned_bin((mp_int*)ret->internal, str, len) != 0) {
wolfSSL 11:cee25a834751 17194 WOLFSSL_MSG("mp_read_unsigned_bin failure");
wolfSSL 11:cee25a834751 17195 if (weOwn)
wolfSSL 11:cee25a834751 17196 wolfSSL_BN_free(ret);
wolfSSL 11:cee25a834751 17197 return NULL;
wolfSSL 11:cee25a834751 17198 }
wolfSSL 11:cee25a834751 17199 }
wolfSSL 11:cee25a834751 17200
wolfSSL 11:cee25a834751 17201 return ret;
wolfSSL 11:cee25a834751 17202 }
wolfSSL 11:cee25a834751 17203
wolfSSL 11:cee25a834751 17204 /* return compliant with OpenSSL
wolfSSL 11:cee25a834751 17205 * 1 if success, 0 if error */
wolfSSL 11:cee25a834751 17206 int wolfSSL_mask_bits(WOLFSSL_BIGNUM* bn, int n)
wolfSSL 11:cee25a834751 17207 {
wolfSSL 11:cee25a834751 17208 (void)bn;
wolfSSL 11:cee25a834751 17209 (void)n;
wolfSSL 11:cee25a834751 17210 WOLFSSL_MSG("wolfSSL_BN_mask_bits");
wolfSSL 11:cee25a834751 17211
wolfSSL 11:cee25a834751 17212 return SSL_FAILURE;
wolfSSL 11:cee25a834751 17213 }
wolfSSL 11:cee25a834751 17214
wolfSSL 11:cee25a834751 17215
wolfSSL 11:cee25a834751 17216 /* SSL_SUCCESS on ok */
wolfSSL 11:cee25a834751 17217 int wolfSSL_BN_rand(WOLFSSL_BIGNUM* bn, int bits, int top, int bottom)
wolfSSL 11:cee25a834751 17218 {
wolfSSL 11:cee25a834751 17219 int ret = 0;
wolfSSL 11:cee25a834751 17220 int len = bits / 8;
wolfSSL 11:cee25a834751 17221 int initTmpRng = 0;
wolfSSL 11:cee25a834751 17222 WC_RNG* rng = NULL;
wolfSSL 11:cee25a834751 17223 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 17224 WC_RNG* tmpRNG = NULL;
wolfSSL 11:cee25a834751 17225 byte* buff = NULL;
wolfSSL 11:cee25a834751 17226 #else
wolfSSL 11:cee25a834751 17227 WC_RNG tmpRNG[1];
wolfSSL 11:cee25a834751 17228 byte buff[1024];
wolfSSL 11:cee25a834751 17229 #endif
wolfSSL 11:cee25a834751 17230
wolfSSL 11:cee25a834751 17231 (void)top;
wolfSSL 11:cee25a834751 17232 (void)bottom;
wolfSSL 11:cee25a834751 17233 WOLFSSL_MSG("wolfSSL_BN_rand");
wolfSSL 11:cee25a834751 17234
wolfSSL 11:cee25a834751 17235 if (bits % 8)
wolfSSL 11:cee25a834751 17236 len++;
wolfSSL 11:cee25a834751 17237
wolfSSL 11:cee25a834751 17238 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 17239 buff = (byte*)XMALLOC(1024, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 17240 tmpRNG = (WC_RNG*) XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 17241 if (buff == NULL || tmpRNG == NULL) {
wolfSSL 11:cee25a834751 17242 XFREE(buff, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 17243 XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 17244 return ret;
wolfSSL 11:cee25a834751 17245 }
wolfSSL 11:cee25a834751 17246 #endif
wolfSSL 11:cee25a834751 17247
wolfSSL 11:cee25a834751 17248 if (bn == NULL || bn->internal == NULL)
wolfSSL 11:cee25a834751 17249 WOLFSSL_MSG("Bad function arguments");
wolfSSL 11:cee25a834751 17250 else if (wc_InitRng(tmpRNG) == 0) {
wolfSSL 11:cee25a834751 17251 rng = tmpRNG;
wolfSSL 11:cee25a834751 17252 initTmpRng = 1;
wolfSSL 11:cee25a834751 17253 }
wolfSSL 11:cee25a834751 17254 else if (initGlobalRNG)
wolfSSL 11:cee25a834751 17255 rng = &globalRNG;
wolfSSL 11:cee25a834751 17256
wolfSSL 11:cee25a834751 17257 if (rng) {
wolfSSL 11:cee25a834751 17258 if (wc_RNG_GenerateBlock(rng, buff, len) != 0)
wolfSSL 11:cee25a834751 17259 WOLFSSL_MSG("Bad wc_RNG_GenerateBlock");
wolfSSL 11:cee25a834751 17260 else {
wolfSSL 11:cee25a834751 17261 buff[0] |= 0x80 | 0x40;
wolfSSL 11:cee25a834751 17262 buff[len-1] |= 0x01;
wolfSSL 11:cee25a834751 17263
wolfSSL 11:cee25a834751 17264 if (mp_read_unsigned_bin((mp_int*)bn->internal,buff,len) != MP_OKAY)
wolfSSL 11:cee25a834751 17265 WOLFSSL_MSG("mp read bin failed");
wolfSSL 11:cee25a834751 17266 else
wolfSSL 11:cee25a834751 17267 ret = SSL_SUCCESS;
wolfSSL 11:cee25a834751 17268 }
wolfSSL 11:cee25a834751 17269 }
wolfSSL 11:cee25a834751 17270
wolfSSL 11:cee25a834751 17271 if (initTmpRng)
wolfSSL 11:cee25a834751 17272 wc_FreeRng(tmpRNG);
wolfSSL 11:cee25a834751 17273
wolfSSL 11:cee25a834751 17274 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 17275 XFREE(buff, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 17276 XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 17277 #endif
wolfSSL 11:cee25a834751 17278
wolfSSL 11:cee25a834751 17279 return ret;
wolfSSL 11:cee25a834751 17280 }
wolfSSL 11:cee25a834751 17281
wolfSSL 11:cee25a834751 17282 /* return code compliant with OpenSSL :
wolfSSL 11:cee25a834751 17283 * 1 if bit set, 0 else
wolfSSL 11:cee25a834751 17284 */
wolfSSL 11:cee25a834751 17285 int wolfSSL_BN_is_bit_set(const WOLFSSL_BIGNUM* bn, int n)
wolfSSL 11:cee25a834751 17286 {
wolfSSL 11:cee25a834751 17287 if (bn == NULL || bn->internal == NULL) {
wolfSSL 11:cee25a834751 17288 WOLFSSL_MSG("bn NULL error");
wolfSSL 11:cee25a834751 17289 return SSL_FAILURE;
wolfSSL 11:cee25a834751 17290 }
wolfSSL 11:cee25a834751 17291
wolfSSL 11:cee25a834751 17292 if (n > DIGIT_BIT) {
wolfSSL 11:cee25a834751 17293 WOLFSSL_MSG("input bit count too large");
wolfSSL 11:cee25a834751 17294 return SSL_FAILURE;
wolfSSL 11:cee25a834751 17295 }
wolfSSL 11:cee25a834751 17296
wolfSSL 11:cee25a834751 17297 return mp_is_bit_set((mp_int*)bn->internal, (mp_digit)n);
wolfSSL 11:cee25a834751 17298 }
wolfSSL 11:cee25a834751 17299
wolfSSL 11:cee25a834751 17300 /* return code compliant with OpenSSL :
wolfSSL 11:cee25a834751 17301 * 1 if success, 0 else
wolfSSL 11:cee25a834751 17302 */
wolfSSL 11:cee25a834751 17303 int wolfSSL_BN_set_bit(WOLFSSL_BIGNUM* bn, int n)
wolfSSL 11:cee25a834751 17304 {
wolfSSL 11:cee25a834751 17305 if (bn == NULL || bn->internal == NULL) {
wolfSSL 11:cee25a834751 17306 WOLFSSL_MSG("bn NULL error");
wolfSSL 11:cee25a834751 17307 return SSL_FAILURE;
wolfSSL 11:cee25a834751 17308 }
wolfSSL 11:cee25a834751 17309
wolfSSL 11:cee25a834751 17310 if (mp_set_bit((mp_int*)bn->internal, n) != MP_OKAY) {
wolfSSL 11:cee25a834751 17311 WOLFSSL_MSG("mp_set_int error");
wolfSSL 11:cee25a834751 17312 return SSL_FAILURE;
wolfSSL 11:cee25a834751 17313 }
wolfSSL 11:cee25a834751 17314
wolfSSL 11:cee25a834751 17315 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 17316 }
wolfSSL 11:cee25a834751 17317
wolfSSL 11:cee25a834751 17318
wolfSSL 11:cee25a834751 17319 /* SSL_SUCCESS on ok */
wolfSSL 11:cee25a834751 17320 int wolfSSL_BN_hex2bn(WOLFSSL_BIGNUM** bn, const char* str)
wolfSSL 11:cee25a834751 17321 {
wolfSSL 11:cee25a834751 17322 int ret = 0;
wolfSSL 11:cee25a834751 17323 word32 decSz = 1024;
wolfSSL 11:cee25a834751 17324 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 17325 byte* decoded = NULL;
wolfSSL 11:cee25a834751 17326 #else
wolfSSL 11:cee25a834751 17327 byte decoded[1024];
wolfSSL 11:cee25a834751 17328 #endif
wolfSSL 11:cee25a834751 17329
wolfSSL 11:cee25a834751 17330 WOLFSSL_MSG("wolfSSL_BN_hex2bn");
wolfSSL 11:cee25a834751 17331
wolfSSL 11:cee25a834751 17332 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 17333 decoded = (byte*)XMALLOC(decSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 17334 if (decoded == NULL)
wolfSSL 11:cee25a834751 17335 return ret;
wolfSSL 11:cee25a834751 17336 #endif
wolfSSL 11:cee25a834751 17337
wolfSSL 11:cee25a834751 17338 if (str == NULL)
wolfSSL 11:cee25a834751 17339 WOLFSSL_MSG("Bad function argument");
wolfSSL 11:cee25a834751 17340 else if (Base16_Decode((byte*)str, (int)XSTRLEN(str), decoded, &decSz) < 0)
wolfSSL 11:cee25a834751 17341 WOLFSSL_MSG("Bad Base16_Decode error");
wolfSSL 11:cee25a834751 17342 else if (bn == NULL)
wolfSSL 11:cee25a834751 17343 ret = decSz;
wolfSSL 11:cee25a834751 17344 else {
wolfSSL 11:cee25a834751 17345 if (*bn == NULL)
wolfSSL 11:cee25a834751 17346 *bn = wolfSSL_BN_new();
wolfSSL 11:cee25a834751 17347
wolfSSL 11:cee25a834751 17348 if (*bn == NULL)
wolfSSL 11:cee25a834751 17349 WOLFSSL_MSG("BN new failed");
wolfSSL 11:cee25a834751 17350 else if (wolfSSL_BN_bin2bn(decoded, decSz, *bn) == NULL)
wolfSSL 11:cee25a834751 17351 WOLFSSL_MSG("Bad bin2bn error");
wolfSSL 11:cee25a834751 17352 else
wolfSSL 11:cee25a834751 17353 ret = SSL_SUCCESS;
wolfSSL 11:cee25a834751 17354 }
wolfSSL 11:cee25a834751 17355
wolfSSL 11:cee25a834751 17356 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 17357 XFREE(decoded, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 17358 #endif
wolfSSL 11:cee25a834751 17359
wolfSSL 11:cee25a834751 17360 return ret;
wolfSSL 11:cee25a834751 17361 }
wolfSSL 11:cee25a834751 17362
wolfSSL 11:cee25a834751 17363
wolfSSL 11:cee25a834751 17364 WOLFSSL_BIGNUM* wolfSSL_BN_dup(const WOLFSSL_BIGNUM* bn)
wolfSSL 11:cee25a834751 17365 {
wolfSSL 11:cee25a834751 17366 WOLFSSL_BIGNUM* ret;
wolfSSL 11:cee25a834751 17367
wolfSSL 11:cee25a834751 17368 WOLFSSL_MSG("wolfSSL_BN_dup");
wolfSSL 11:cee25a834751 17369
wolfSSL 11:cee25a834751 17370 if (bn == NULL || bn->internal == NULL) {
wolfSSL 11:cee25a834751 17371 WOLFSSL_MSG("bn NULL error");
wolfSSL 11:cee25a834751 17372 return NULL;
wolfSSL 11:cee25a834751 17373 }
wolfSSL 11:cee25a834751 17374
wolfSSL 11:cee25a834751 17375 ret = wolfSSL_BN_new();
wolfSSL 11:cee25a834751 17376 if (ret == NULL) {
wolfSSL 11:cee25a834751 17377 WOLFSSL_MSG("bn new error");
wolfSSL 11:cee25a834751 17378 return NULL;
wolfSSL 11:cee25a834751 17379 }
wolfSSL 11:cee25a834751 17380
wolfSSL 11:cee25a834751 17381 if (mp_copy((mp_int*)bn->internal, (mp_int*)ret->internal) != MP_OKAY) {
wolfSSL 11:cee25a834751 17382 WOLFSSL_MSG("mp_copy error");
wolfSSL 11:cee25a834751 17383 wolfSSL_BN_free(ret);
wolfSSL 11:cee25a834751 17384 return NULL;
wolfSSL 11:cee25a834751 17385 }
wolfSSL 11:cee25a834751 17386
wolfSSL 11:cee25a834751 17387 ret->neg = bn->neg;
wolfSSL 11:cee25a834751 17388
wolfSSL 11:cee25a834751 17389 return ret;
wolfSSL 11:cee25a834751 17390 }
wolfSSL 11:cee25a834751 17391
wolfSSL 11:cee25a834751 17392
wolfSSL 11:cee25a834751 17393 WOLFSSL_BIGNUM* wolfSSL_BN_copy(WOLFSSL_BIGNUM* r, const WOLFSSL_BIGNUM* bn)
wolfSSL 11:cee25a834751 17394 {
wolfSSL 11:cee25a834751 17395 WOLFSSL_MSG("wolfSSL_BN_copy");
wolfSSL 11:cee25a834751 17396
wolfSSL 11:cee25a834751 17397 if (mp_copy((mp_int*)bn->internal, (mp_int*)r->internal) != MP_OKAY) {
wolfSSL 11:cee25a834751 17398 WOLFSSL_MSG("mp_copy error");
wolfSSL 11:cee25a834751 17399 return NULL;
wolfSSL 11:cee25a834751 17400 }
wolfSSL 11:cee25a834751 17401
wolfSSL 11:cee25a834751 17402 r->neg = bn->neg;
wolfSSL 11:cee25a834751 17403
wolfSSL 11:cee25a834751 17404 return r;
wolfSSL 11:cee25a834751 17405 }
wolfSSL 11:cee25a834751 17406
wolfSSL 11:cee25a834751 17407 /* return code compliant with OpenSSL :
wolfSSL 11:cee25a834751 17408 * 1 if success, 0 else
wolfSSL 11:cee25a834751 17409 */
wolfSSL 11:cee25a834751 17410 int wolfSSL_BN_set_word(WOLFSSL_BIGNUM* bn, WOLFSSL_BN_ULONG w)
wolfSSL 11:cee25a834751 17411 {
wolfSSL 11:cee25a834751 17412 WOLFSSL_MSG("wolfSSL_BN_set_word");
wolfSSL 11:cee25a834751 17413
wolfSSL 11:cee25a834751 17414 if (mp_set_int((mp_int*)bn->internal, w) != MP_OKAY) {
wolfSSL 11:cee25a834751 17415 WOLFSSL_MSG("mp_init_set_int error");
wolfSSL 11:cee25a834751 17416 return SSL_FAILURE;
wolfSSL 11:cee25a834751 17417 }
wolfSSL 11:cee25a834751 17418
wolfSSL 11:cee25a834751 17419 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 17420 }
wolfSSL 11:cee25a834751 17421
wolfSSL 11:cee25a834751 17422 /* return code compliant with OpenSSL :
wolfSSL 11:cee25a834751 17423 * number length in decimal if success, 0 if error
wolfSSL 11:cee25a834751 17424 */
wolfSSL 11:cee25a834751 17425 int wolfSSL_BN_dec2bn(WOLFSSL_BIGNUM** bn, const char* str)
wolfSSL 11:cee25a834751 17426 {
wolfSSL 11:cee25a834751 17427 (void)bn;
wolfSSL 11:cee25a834751 17428 (void)str;
wolfSSL 11:cee25a834751 17429
wolfSSL 11:cee25a834751 17430 WOLFSSL_MSG("wolfSSL_BN_dec2bn");
wolfSSL 11:cee25a834751 17431
wolfSSL 11:cee25a834751 17432 return SSL_FAILURE;
wolfSSL 11:cee25a834751 17433 }
wolfSSL 11:cee25a834751 17434
wolfSSL 11:cee25a834751 17435
wolfSSL 11:cee25a834751 17436 #if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)
wolfSSL 11:cee25a834751 17437 char *wolfSSL_BN_bn2dec(const WOLFSSL_BIGNUM *bn)
wolfSSL 11:cee25a834751 17438 {
wolfSSL 11:cee25a834751 17439 int len = 0;
wolfSSL 11:cee25a834751 17440 char *buf;
wolfSSL 11:cee25a834751 17441
wolfSSL 11:cee25a834751 17442 WOLFSSL_MSG("wolfSSL_BN_bn2dec");
wolfSSL 11:cee25a834751 17443
wolfSSL 11:cee25a834751 17444 if (bn == NULL || bn->internal == NULL) {
wolfSSL 11:cee25a834751 17445 WOLFSSL_MSG("bn NULL error");
wolfSSL 11:cee25a834751 17446 return NULL;
wolfSSL 11:cee25a834751 17447 }
wolfSSL 11:cee25a834751 17448
wolfSSL 11:cee25a834751 17449 if (mp_radix_size((mp_int*)bn->internal, 10, &len) != MP_OKAY) {
wolfSSL 11:cee25a834751 17450 WOLFSSL_MSG("mp_radix_size failure");
wolfSSL 11:cee25a834751 17451 return NULL;
wolfSSL 11:cee25a834751 17452 }
wolfSSL 11:cee25a834751 17453
wolfSSL 11:cee25a834751 17454 buf = (char*) XMALLOC(len, NULL, DYNAMIC_TYPE_ECC);
wolfSSL 11:cee25a834751 17455 if (buf == NULL) {
wolfSSL 11:cee25a834751 17456 WOLFSSL_MSG("wolfSSL_BN_bn2hex malloc buffer failure");
wolfSSL 11:cee25a834751 17457 return NULL;
wolfSSL 11:cee25a834751 17458 }
wolfSSL 11:cee25a834751 17459
wolfSSL 11:cee25a834751 17460 if (mp_toradix((mp_int*)bn->internal, buf, 10) != MP_OKAY) {
wolfSSL 11:cee25a834751 17461 XFREE(buf, NULL, DYNAMIC_TYPE_ECC);
wolfSSL 11:cee25a834751 17462 return NULL;
wolfSSL 11:cee25a834751 17463 }
wolfSSL 11:cee25a834751 17464
wolfSSL 11:cee25a834751 17465 return buf;
wolfSSL 11:cee25a834751 17466 }
wolfSSL 11:cee25a834751 17467 #else
wolfSSL 11:cee25a834751 17468 char* wolfSSL_BN_bn2dec(const WOLFSSL_BIGNUM* bn)
wolfSSL 11:cee25a834751 17469 {
wolfSSL 11:cee25a834751 17470 (void)bn;
wolfSSL 11:cee25a834751 17471
wolfSSL 11:cee25a834751 17472 WOLFSSL_MSG("wolfSSL_BN_bn2dec");
wolfSSL 11:cee25a834751 17473
wolfSSL 11:cee25a834751 17474 return NULL;
wolfSSL 11:cee25a834751 17475 }
wolfSSL 11:cee25a834751 17476 #endif /* defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) */
wolfSSL 11:cee25a834751 17477
wolfSSL 11:cee25a834751 17478 /* return code compliant with OpenSSL :
wolfSSL 11:cee25a834751 17479 * 1 if success, 0 else
wolfSSL 11:cee25a834751 17480 */
wolfSSL 11:cee25a834751 17481 int wolfSSL_BN_lshift(WOLFSSL_BIGNUM *r, const WOLFSSL_BIGNUM *bn, int n)
wolfSSL 11:cee25a834751 17482 {
wolfSSL 11:cee25a834751 17483 WOLFSSL_MSG("wolfSSL_BN_lshift");
wolfSSL 11:cee25a834751 17484
wolfSSL 11:cee25a834751 17485 if (r == NULL || r->internal == NULL || bn == NULL || bn->internal == NULL){
wolfSSL 11:cee25a834751 17486 WOLFSSL_MSG("bn NULL error");
wolfSSL 11:cee25a834751 17487 return SSL_FAILURE;
wolfSSL 11:cee25a834751 17488 }
wolfSSL 11:cee25a834751 17489
wolfSSL 11:cee25a834751 17490 if (mp_mul_2d((mp_int*)bn->internal, n, (mp_int*)r->internal) != MP_OKAY) {
wolfSSL 11:cee25a834751 17491 WOLFSSL_MSG("mp_mul_2d error");
wolfSSL 11:cee25a834751 17492 return SSL_FAILURE;
wolfSSL 11:cee25a834751 17493 }
wolfSSL 11:cee25a834751 17494
wolfSSL 11:cee25a834751 17495 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 17496 }
wolfSSL 11:cee25a834751 17497
wolfSSL 11:cee25a834751 17498 /* return code compliant with OpenSSL :
wolfSSL 11:cee25a834751 17499 * 1 if success, 0 else
wolfSSL 11:cee25a834751 17500 */
wolfSSL 11:cee25a834751 17501 int wolfSSL_BN_rshift(WOLFSSL_BIGNUM *r, const WOLFSSL_BIGNUM *bn, int n)
wolfSSL 11:cee25a834751 17502 {
wolfSSL 11:cee25a834751 17503 WOLFSSL_MSG("wolfSSL_BN_rshift");
wolfSSL 11:cee25a834751 17504
wolfSSL 11:cee25a834751 17505 if (r == NULL || r->internal == NULL || bn == NULL || bn->internal == NULL){
wolfSSL 11:cee25a834751 17506 WOLFSSL_MSG("bn NULL error");
wolfSSL 11:cee25a834751 17507 return SSL_FAILURE;
wolfSSL 11:cee25a834751 17508 }
wolfSSL 11:cee25a834751 17509
wolfSSL 11:cee25a834751 17510 if (mp_div_2d((mp_int*)bn->internal, n,
wolfSSL 11:cee25a834751 17511 (mp_int*)r->internal, NULL) != MP_OKAY) {
wolfSSL 11:cee25a834751 17512 WOLFSSL_MSG("mp_mul_2d error");
wolfSSL 11:cee25a834751 17513 return SSL_FAILURE;
wolfSSL 11:cee25a834751 17514 }
wolfSSL 11:cee25a834751 17515
wolfSSL 11:cee25a834751 17516 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 17517 }
wolfSSL 11:cee25a834751 17518
wolfSSL 11:cee25a834751 17519 /* return code compliant with OpenSSL :
wolfSSL 11:cee25a834751 17520 * 1 if success, 0 else
wolfSSL 11:cee25a834751 17521 */
wolfSSL 11:cee25a834751 17522 int wolfSSL_BN_add_word(WOLFSSL_BIGNUM *bn, WOLFSSL_BN_ULONG w)
wolfSSL 11:cee25a834751 17523 {
wolfSSL 11:cee25a834751 17524 WOLFSSL_MSG("wolfSSL_BN_add_word");
wolfSSL 11:cee25a834751 17525
wolfSSL 11:cee25a834751 17526 if (bn == NULL || bn->internal == NULL) {
wolfSSL 11:cee25a834751 17527 WOLFSSL_MSG("bn NULL error");
wolfSSL 11:cee25a834751 17528 return SSL_FAILURE;
wolfSSL 11:cee25a834751 17529 }
wolfSSL 11:cee25a834751 17530
wolfSSL 11:cee25a834751 17531 if (mp_add_d((mp_int*)bn->internal, w, (mp_int*)bn->internal) != MP_OKAY) {
wolfSSL 11:cee25a834751 17532 WOLFSSL_MSG("mp_add_d error");
wolfSSL 11:cee25a834751 17533 return SSL_FAILURE;
wolfSSL 11:cee25a834751 17534 }
wolfSSL 11:cee25a834751 17535
wolfSSL 11:cee25a834751 17536 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 17537 }
wolfSSL 11:cee25a834751 17538
wolfSSL 11:cee25a834751 17539 /* return code compliant with OpenSSL :
wolfSSL 11:cee25a834751 17540 * 1 if success, 0 else
wolfSSL 11:cee25a834751 17541 */
wolfSSL 11:cee25a834751 17542 int wolfSSL_BN_add(WOLFSSL_BIGNUM *r, WOLFSSL_BIGNUM *a, WOLFSSL_BIGNUM *b)
wolfSSL 11:cee25a834751 17543 {
wolfSSL 11:cee25a834751 17544 WOLFSSL_MSG("wolfSSL_BN_add");
wolfSSL 11:cee25a834751 17545
wolfSSL 11:cee25a834751 17546 if (r == NULL || r->internal == NULL || a == NULL || a->internal == NULL ||
wolfSSL 11:cee25a834751 17547 b == NULL || b->internal == NULL) {
wolfSSL 11:cee25a834751 17548 WOLFSSL_MSG("bn NULL error");
wolfSSL 11:cee25a834751 17549 return SSL_FAILURE;
wolfSSL 11:cee25a834751 17550 }
wolfSSL 11:cee25a834751 17551
wolfSSL 11:cee25a834751 17552 if (mp_add((mp_int*)a->internal, (mp_int*)b->internal,
wolfSSL 11:cee25a834751 17553 (mp_int*)r->internal) != MP_OKAY) {
wolfSSL 11:cee25a834751 17554 WOLFSSL_MSG("mp_add_d error");
wolfSSL 11:cee25a834751 17555 return SSL_FAILURE;
wolfSSL 11:cee25a834751 17556 }
wolfSSL 11:cee25a834751 17557
wolfSSL 11:cee25a834751 17558 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 17559 }
wolfSSL 11:cee25a834751 17560
wolfSSL 11:cee25a834751 17561 #ifdef WOLFSSL_KEY_GEN
wolfSSL 11:cee25a834751 17562
wolfSSL 11:cee25a834751 17563 /* return code compliant with OpenSSL :
wolfSSL 11:cee25a834751 17564 * 1 if prime, 0 if not, -1 if error
wolfSSL 11:cee25a834751 17565 */
wolfSSL 11:cee25a834751 17566 int wolfSSL_BN_is_prime_ex(const WOLFSSL_BIGNUM *bn, int nbchecks,
wolfSSL 11:cee25a834751 17567 WOLFSSL_BN_CTX *ctx, WOLFSSL_BN_GENCB *cb)
wolfSSL 11:cee25a834751 17568 {
wolfSSL 11:cee25a834751 17569 int res;
wolfSSL 11:cee25a834751 17570
wolfSSL 11:cee25a834751 17571 (void)ctx;
wolfSSL 11:cee25a834751 17572 (void)cb;
wolfSSL 11:cee25a834751 17573
wolfSSL 11:cee25a834751 17574 WOLFSSL_MSG("wolfSSL_BN_is_prime_ex");
wolfSSL 11:cee25a834751 17575
wolfSSL 11:cee25a834751 17576 if (bn == NULL || bn->internal == NULL) {
wolfSSL 11:cee25a834751 17577 WOLFSSL_MSG("bn NULL error");
wolfSSL 11:cee25a834751 17578 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 17579 }
wolfSSL 11:cee25a834751 17580
wolfSSL 11:cee25a834751 17581 if (mp_prime_is_prime((mp_int*)bn->internal, nbchecks, &res) != MP_OKAY) {
wolfSSL 11:cee25a834751 17582 WOLFSSL_MSG("mp_prime_is_prime error");
wolfSSL 11:cee25a834751 17583 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 17584 }
wolfSSL 11:cee25a834751 17585
wolfSSL 11:cee25a834751 17586 if (res != MP_YES) {
wolfSSL 11:cee25a834751 17587 WOLFSSL_MSG("mp_prime_is_prime not prime");
wolfSSL 11:cee25a834751 17588 return SSL_FAILURE;
wolfSSL 11:cee25a834751 17589 }
wolfSSL 11:cee25a834751 17590
wolfSSL 11:cee25a834751 17591 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 17592 }
wolfSSL 11:cee25a834751 17593
wolfSSL 11:cee25a834751 17594 /* return code compliant with OpenSSL :
wolfSSL 11:cee25a834751 17595 * (bn mod w) if success, -1 if error
wolfSSL 11:cee25a834751 17596 */
wolfSSL 11:cee25a834751 17597 WOLFSSL_BN_ULONG wolfSSL_BN_mod_word(const WOLFSSL_BIGNUM *bn,
wolfSSL 11:cee25a834751 17598 WOLFSSL_BN_ULONG w)
wolfSSL 11:cee25a834751 17599 {
wolfSSL 11:cee25a834751 17600 WOLFSSL_BN_ULONG ret = 0;
wolfSSL 11:cee25a834751 17601
wolfSSL 11:cee25a834751 17602 WOLFSSL_MSG("wolfSSL_BN_mod_word");
wolfSSL 11:cee25a834751 17603
wolfSSL 11:cee25a834751 17604 if (bn == NULL || bn->internal == NULL) {
wolfSSL 11:cee25a834751 17605 WOLFSSL_MSG("bn NULL error");
wolfSSL 11:cee25a834751 17606 return (WOLFSSL_BN_ULONG)SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 17607 }
wolfSSL 11:cee25a834751 17608
wolfSSL 11:cee25a834751 17609 if (mp_mod_d((mp_int*)bn->internal, w, &ret) != MP_OKAY) {
wolfSSL 11:cee25a834751 17610 WOLFSSL_MSG("mp_add_d error");
wolfSSL 11:cee25a834751 17611 return (WOLFSSL_BN_ULONG)SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 17612 }
wolfSSL 11:cee25a834751 17613
wolfSSL 11:cee25a834751 17614 return ret;
wolfSSL 11:cee25a834751 17615 }
wolfSSL 11:cee25a834751 17616 #endif /* #ifdef WOLFSSL_KEY_GEN */
wolfSSL 11:cee25a834751 17617
wolfSSL 11:cee25a834751 17618 #if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)
wolfSSL 11:cee25a834751 17619 char *wolfSSL_BN_bn2hex(const WOLFSSL_BIGNUM *bn)
wolfSSL 11:cee25a834751 17620 {
wolfSSL 11:cee25a834751 17621 int len = 0;
wolfSSL 11:cee25a834751 17622 char *buf;
wolfSSL 11:cee25a834751 17623
wolfSSL 11:cee25a834751 17624 WOLFSSL_MSG("wolfSSL_BN_bn2hex");
wolfSSL 11:cee25a834751 17625
wolfSSL 11:cee25a834751 17626 if (bn == NULL || bn->internal == NULL) {
wolfSSL 11:cee25a834751 17627 WOLFSSL_MSG("bn NULL error");
wolfSSL 11:cee25a834751 17628 return NULL;
wolfSSL 11:cee25a834751 17629 }
wolfSSL 11:cee25a834751 17630
wolfSSL 11:cee25a834751 17631 if (mp_radix_size((mp_int*)bn->internal, 16, &len) != MP_OKAY) {
wolfSSL 11:cee25a834751 17632 WOLFSSL_MSG("mp_radix_size failure");
wolfSSL 11:cee25a834751 17633 return NULL;
wolfSSL 11:cee25a834751 17634 }
wolfSSL 11:cee25a834751 17635
wolfSSL 11:cee25a834751 17636 buf = (char*) XMALLOC(len, NULL, DYNAMIC_TYPE_ECC);
wolfSSL 11:cee25a834751 17637 if (buf == NULL) {
wolfSSL 11:cee25a834751 17638 WOLFSSL_MSG("wolfSSL_BN_bn2hex malloc buffer failure");
wolfSSL 11:cee25a834751 17639 return NULL;
wolfSSL 11:cee25a834751 17640 }
wolfSSL 11:cee25a834751 17641
wolfSSL 11:cee25a834751 17642 if (mp_toradix((mp_int*)bn->internal, buf, 16) != MP_OKAY) {
wolfSSL 11:cee25a834751 17643 XFREE(buf, NULL, DYNAMIC_TYPE_ECC);
wolfSSL 11:cee25a834751 17644 return NULL;
wolfSSL 11:cee25a834751 17645 }
wolfSSL 11:cee25a834751 17646
wolfSSL 11:cee25a834751 17647 return buf;
wolfSSL 11:cee25a834751 17648 }
wolfSSL 11:cee25a834751 17649
wolfSSL 11:cee25a834751 17650 #ifndef NO_FILESYSTEM
wolfSSL 11:cee25a834751 17651 /* return code compliant with OpenSSL :
wolfSSL 11:cee25a834751 17652 * 1 if success, 0 if error
wolfSSL 11:cee25a834751 17653 */
wolfSSL 11:cee25a834751 17654 int wolfSSL_BN_print_fp(FILE *fp, const WOLFSSL_BIGNUM *bn)
wolfSSL 11:cee25a834751 17655 {
wolfSSL 11:cee25a834751 17656 char *buf;
wolfSSL 11:cee25a834751 17657
wolfSSL 11:cee25a834751 17658 WOLFSSL_MSG("wolfSSL_BN_print_fp");
wolfSSL 11:cee25a834751 17659
wolfSSL 11:cee25a834751 17660 if (fp == NULL || bn == NULL || bn->internal == NULL) {
wolfSSL 11:cee25a834751 17661 WOLFSSL_MSG("bn NULL error");
wolfSSL 11:cee25a834751 17662 return SSL_FAILURE;
wolfSSL 11:cee25a834751 17663 }
wolfSSL 11:cee25a834751 17664
wolfSSL 11:cee25a834751 17665 buf = wolfSSL_BN_bn2hex(bn);
wolfSSL 11:cee25a834751 17666 if (buf == NULL) {
wolfSSL 11:cee25a834751 17667 WOLFSSL_MSG("wolfSSL_BN_bn2hex failure");
wolfSSL 11:cee25a834751 17668 return SSL_FAILURE;
wolfSSL 11:cee25a834751 17669 }
wolfSSL 11:cee25a834751 17670
wolfSSL 11:cee25a834751 17671 fprintf(fp, "%s", buf);
wolfSSL 11:cee25a834751 17672 XFREE(buf, NULL, DYNAMIC_TYPE_ECC);
wolfSSL 11:cee25a834751 17673
wolfSSL 11:cee25a834751 17674 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 17675 }
wolfSSL 11:cee25a834751 17676 #endif /* !defined(NO_FILESYSTEM) */
wolfSSL 11:cee25a834751 17677
wolfSSL 11:cee25a834751 17678 #else /* defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) */
wolfSSL 11:cee25a834751 17679
wolfSSL 11:cee25a834751 17680 char *wolfSSL_BN_bn2hex(const WOLFSSL_BIGNUM *bn)
wolfSSL 11:cee25a834751 17681 {
wolfSSL 11:cee25a834751 17682 (void)bn;
wolfSSL 11:cee25a834751 17683
wolfSSL 11:cee25a834751 17684 WOLFSSL_MSG("wolfSSL_BN_bn2hex need WOLFSSL_KEY_GEN or HAVE_COMP_KEY");
wolfSSL 11:cee25a834751 17685
wolfSSL 11:cee25a834751 17686 return (char*)"";
wolfSSL 11:cee25a834751 17687 }
wolfSSL 11:cee25a834751 17688
wolfSSL 11:cee25a834751 17689 #ifndef NO_FILESYSTEM
wolfSSL 11:cee25a834751 17690 /* return code compliant with OpenSSL :
wolfSSL 11:cee25a834751 17691 * 1 if success, 0 if error
wolfSSL 11:cee25a834751 17692 */
wolfSSL 11:cee25a834751 17693 int wolfSSL_BN_print_fp(FILE *fp, const WOLFSSL_BIGNUM *bn)
wolfSSL 11:cee25a834751 17694 {
wolfSSL 11:cee25a834751 17695 (void)fp;
wolfSSL 11:cee25a834751 17696 (void)bn;
wolfSSL 11:cee25a834751 17697
wolfSSL 11:cee25a834751 17698 WOLFSSL_MSG("wolfSSL_BN_print_fp not implemented");
wolfSSL 11:cee25a834751 17699
wolfSSL 11:cee25a834751 17700 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 17701 }
wolfSSL 11:cee25a834751 17702 #endif /* !defined(NO_FILESYSTEM) */
wolfSSL 11:cee25a834751 17703
wolfSSL 11:cee25a834751 17704 #endif /* defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) */
wolfSSL 11:cee25a834751 17705
wolfSSL 11:cee25a834751 17706 WOLFSSL_BIGNUM *wolfSSL_BN_CTX_get(WOLFSSL_BN_CTX *ctx)
wolfSSL 11:cee25a834751 17707 {
wolfSSL 11:cee25a834751 17708 /* ctx is not used, return new Bignum */
wolfSSL 11:cee25a834751 17709 (void)ctx;
wolfSSL 11:cee25a834751 17710
wolfSSL 11:cee25a834751 17711 WOLFSSL_ENTER("wolfSSL_BN_CTX_get");
wolfSSL 11:cee25a834751 17712
wolfSSL 11:cee25a834751 17713 return wolfSSL_BN_new();
wolfSSL 11:cee25a834751 17714 }
wolfSSL 11:cee25a834751 17715
wolfSSL 11:cee25a834751 17716 void wolfSSL_BN_CTX_start(WOLFSSL_BN_CTX *ctx)
wolfSSL 11:cee25a834751 17717 {
wolfSSL 11:cee25a834751 17718 (void)ctx;
wolfSSL 11:cee25a834751 17719
wolfSSL 11:cee25a834751 17720 WOLFSSL_ENTER("wolfSSL_BN_CTX_start");
wolfSSL 11:cee25a834751 17721 WOLFSSL_MSG("wolfSSL_BN_CTX_start TBD");
wolfSSL 11:cee25a834751 17722 }
wolfSSL 11:cee25a834751 17723
wolfSSL 11:cee25a834751 17724 #ifndef NO_DH
wolfSSL 11:cee25a834751 17725
wolfSSL 11:cee25a834751 17726 static void InitwolfSSL_DH(WOLFSSL_DH* dh)
wolfSSL 11:cee25a834751 17727 {
wolfSSL 11:cee25a834751 17728 if (dh) {
wolfSSL 11:cee25a834751 17729 dh->p = NULL;
wolfSSL 11:cee25a834751 17730 dh->g = NULL;
wolfSSL 11:cee25a834751 17731 dh->q = NULL;
wolfSSL 11:cee25a834751 17732 dh->pub_key = NULL;
wolfSSL 11:cee25a834751 17733 dh->priv_key = NULL;
wolfSSL 11:cee25a834751 17734 dh->internal = NULL;
wolfSSL 11:cee25a834751 17735 dh->inSet = 0;
wolfSSL 11:cee25a834751 17736 dh->exSet = 0;
wolfSSL 11:cee25a834751 17737 }
wolfSSL 11:cee25a834751 17738 }
wolfSSL 11:cee25a834751 17739
wolfSSL 11:cee25a834751 17740
wolfSSL 11:cee25a834751 17741 WOLFSSL_DH* wolfSSL_DH_new(void)
wolfSSL 11:cee25a834751 17742 {
wolfSSL 11:cee25a834751 17743 WOLFSSL_DH* external;
wolfSSL 11:cee25a834751 17744 DhKey* key;
wolfSSL 11:cee25a834751 17745
wolfSSL 11:cee25a834751 17746 WOLFSSL_MSG("wolfSSL_DH_new");
wolfSSL 11:cee25a834751 17747
wolfSSL 11:cee25a834751 17748 key = (DhKey*) XMALLOC(sizeof(DhKey), NULL, DYNAMIC_TYPE_DH);
wolfSSL 11:cee25a834751 17749 if (key == NULL) {
wolfSSL 11:cee25a834751 17750 WOLFSSL_MSG("wolfSSL_DH_new malloc DhKey failure");
wolfSSL 11:cee25a834751 17751 return NULL;
wolfSSL 11:cee25a834751 17752 }
wolfSSL 11:cee25a834751 17753
wolfSSL 11:cee25a834751 17754 external = (WOLFSSL_DH*) XMALLOC(sizeof(WOLFSSL_DH), NULL,
wolfSSL 11:cee25a834751 17755 DYNAMIC_TYPE_DH);
wolfSSL 11:cee25a834751 17756 if (external == NULL) {
wolfSSL 11:cee25a834751 17757 WOLFSSL_MSG("wolfSSL_DH_new malloc WOLFSSL_DH failure");
wolfSSL 11:cee25a834751 17758 XFREE(key, NULL, DYNAMIC_TYPE_DH);
wolfSSL 11:cee25a834751 17759 return NULL;
wolfSSL 11:cee25a834751 17760 }
wolfSSL 11:cee25a834751 17761
wolfSSL 11:cee25a834751 17762 InitwolfSSL_DH(external);
wolfSSL 11:cee25a834751 17763 if (wc_InitDhKey(key) != 0) {
wolfSSL 11:cee25a834751 17764 WOLFSSL_MSG("wolfSSL_DH_new InitDhKey failure");
wolfSSL 11:cee25a834751 17765 XFREE(key, NULL, DYNAMIC_TYPE_DH);
wolfSSL 11:cee25a834751 17766 XFREE(external, NULL, DYNAMIC_TYPE_DH);
wolfSSL 11:cee25a834751 17767 return NULL;
wolfSSL 11:cee25a834751 17768 }
wolfSSL 11:cee25a834751 17769 external->internal = key;
wolfSSL 11:cee25a834751 17770
wolfSSL 11:cee25a834751 17771 return external;
wolfSSL 11:cee25a834751 17772 }
wolfSSL 11:cee25a834751 17773
wolfSSL 11:cee25a834751 17774
wolfSSL 11:cee25a834751 17775 void wolfSSL_DH_free(WOLFSSL_DH* dh)
wolfSSL 11:cee25a834751 17776 {
wolfSSL 11:cee25a834751 17777 WOLFSSL_MSG("wolfSSL_DH_free");
wolfSSL 11:cee25a834751 17778
wolfSSL 11:cee25a834751 17779 if (dh) {
wolfSSL 11:cee25a834751 17780 if (dh->internal) {
wolfSSL 11:cee25a834751 17781 wc_FreeDhKey((DhKey*)dh->internal);
wolfSSL 11:cee25a834751 17782 XFREE(dh->internal, NULL, DYNAMIC_TYPE_DH);
wolfSSL 11:cee25a834751 17783 dh->internal = NULL;
wolfSSL 11:cee25a834751 17784 }
wolfSSL 11:cee25a834751 17785 wolfSSL_BN_free(dh->priv_key);
wolfSSL 11:cee25a834751 17786 wolfSSL_BN_free(dh->pub_key);
wolfSSL 11:cee25a834751 17787 wolfSSL_BN_free(dh->g);
wolfSSL 11:cee25a834751 17788 wolfSSL_BN_free(dh->p);
wolfSSL 11:cee25a834751 17789 wolfSSL_BN_free(dh->q);
wolfSSL 11:cee25a834751 17790 InitwolfSSL_DH(dh); /* set back to NULLs for safety */
wolfSSL 11:cee25a834751 17791
wolfSSL 11:cee25a834751 17792 XFREE(dh, NULL, DYNAMIC_TYPE_DH);
wolfSSL 11:cee25a834751 17793 }
wolfSSL 11:cee25a834751 17794 }
wolfSSL 11:cee25a834751 17795
wolfSSL 11:cee25a834751 17796
wolfSSL 11:cee25a834751 17797 static int SetDhInternal(WOLFSSL_DH* dh)
wolfSSL 11:cee25a834751 17798 {
wolfSSL 11:cee25a834751 17799 int ret = SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 17800 int pSz = 1024;
wolfSSL 11:cee25a834751 17801 int gSz = 1024;
wolfSSL 11:cee25a834751 17802 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 17803 unsigned char* p = NULL;
wolfSSL 11:cee25a834751 17804 unsigned char* g = NULL;
wolfSSL 11:cee25a834751 17805 #else
wolfSSL 11:cee25a834751 17806 unsigned char p[1024];
wolfSSL 11:cee25a834751 17807 unsigned char g[1024];
wolfSSL 11:cee25a834751 17808 #endif
wolfSSL 11:cee25a834751 17809
wolfSSL 11:cee25a834751 17810 WOLFSSL_ENTER("SetDhInternal");
wolfSSL 11:cee25a834751 17811
wolfSSL 11:cee25a834751 17812 if (dh == NULL || dh->p == NULL || dh->g == NULL)
wolfSSL 11:cee25a834751 17813 WOLFSSL_MSG("Bad function arguments");
wolfSSL 11:cee25a834751 17814 else if (wolfSSL_BN_bn2bin(dh->p, NULL) > pSz)
wolfSSL 11:cee25a834751 17815 WOLFSSL_MSG("Bad p internal size");
wolfSSL 11:cee25a834751 17816 else if (wolfSSL_BN_bn2bin(dh->g, NULL) > gSz)
wolfSSL 11:cee25a834751 17817 WOLFSSL_MSG("Bad g internal size");
wolfSSL 11:cee25a834751 17818 else {
wolfSSL 11:cee25a834751 17819 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 17820 p = (unsigned char*)XMALLOC(pSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 17821 g = (unsigned char*)XMALLOC(gSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 17822
wolfSSL 11:cee25a834751 17823 if (p == NULL || g == NULL) {
wolfSSL 11:cee25a834751 17824 XFREE(p, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 17825 XFREE(g, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 17826 return ret;
wolfSSL 11:cee25a834751 17827 }
wolfSSL 11:cee25a834751 17828 #endif
wolfSSL 11:cee25a834751 17829
wolfSSL 11:cee25a834751 17830 pSz = wolfSSL_BN_bn2bin(dh->p, p);
wolfSSL 11:cee25a834751 17831 gSz = wolfSSL_BN_bn2bin(dh->g, g);
wolfSSL 11:cee25a834751 17832
wolfSSL 11:cee25a834751 17833 if (pSz <= 0 || gSz <= 0)
wolfSSL 11:cee25a834751 17834 WOLFSSL_MSG("Bad BN2bin set");
wolfSSL 11:cee25a834751 17835 else if (wc_DhSetKey((DhKey*)dh->internal, p, pSz, g, gSz) < 0)
wolfSSL 11:cee25a834751 17836 WOLFSSL_MSG("Bad DH SetKey");
wolfSSL 11:cee25a834751 17837 else {
wolfSSL 11:cee25a834751 17838 dh->inSet = 1;
wolfSSL 11:cee25a834751 17839 ret = SSL_SUCCESS;
wolfSSL 11:cee25a834751 17840 }
wolfSSL 11:cee25a834751 17841
wolfSSL 11:cee25a834751 17842 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 17843 XFREE(p, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 17844 XFREE(g, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 17845 #endif
wolfSSL 11:cee25a834751 17846 }
wolfSSL 11:cee25a834751 17847
wolfSSL 11:cee25a834751 17848
wolfSSL 11:cee25a834751 17849 return ret;
wolfSSL 11:cee25a834751 17850 }
wolfSSL 11:cee25a834751 17851
wolfSSL 11:cee25a834751 17852 /* return code compliant with OpenSSL :
wolfSSL 11:cee25a834751 17853 * DH prime size in bytes if success, 0 if error
wolfSSL 11:cee25a834751 17854 */
wolfSSL 11:cee25a834751 17855 int wolfSSL_DH_size(WOLFSSL_DH* dh)
wolfSSL 11:cee25a834751 17856 {
wolfSSL 11:cee25a834751 17857 WOLFSSL_MSG("wolfSSL_DH_size");
wolfSSL 11:cee25a834751 17858
wolfSSL 11:cee25a834751 17859 if (dh == NULL)
wolfSSL 11:cee25a834751 17860 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 17861
wolfSSL 11:cee25a834751 17862 return wolfSSL_BN_num_bytes(dh->p);
wolfSSL 11:cee25a834751 17863 }
wolfSSL 11:cee25a834751 17864
wolfSSL 11:cee25a834751 17865
wolfSSL 11:cee25a834751 17866 /* return code compliant with OpenSSL :
wolfSSL 11:cee25a834751 17867 * 1 if success, 0 if error
wolfSSL 11:cee25a834751 17868 */
wolfSSL 11:cee25a834751 17869 int wolfSSL_DH_generate_key(WOLFSSL_DH* dh)
wolfSSL 11:cee25a834751 17870 {
wolfSSL 11:cee25a834751 17871 int ret = SSL_FAILURE;
wolfSSL 11:cee25a834751 17872 word32 pubSz = 768;
wolfSSL 11:cee25a834751 17873 word32 privSz = 768;
wolfSSL 11:cee25a834751 17874 int initTmpRng = 0;
wolfSSL 11:cee25a834751 17875 WC_RNG* rng = NULL;
wolfSSL 11:cee25a834751 17876 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 17877 unsigned char* pub = NULL;
wolfSSL 11:cee25a834751 17878 unsigned char* priv = NULL;
wolfSSL 11:cee25a834751 17879 WC_RNG* tmpRNG = NULL;
wolfSSL 11:cee25a834751 17880 #else
wolfSSL 11:cee25a834751 17881 unsigned char pub [768];
wolfSSL 11:cee25a834751 17882 unsigned char priv[768];
wolfSSL 11:cee25a834751 17883 WC_RNG tmpRNG[1];
wolfSSL 11:cee25a834751 17884 #endif
wolfSSL 11:cee25a834751 17885
wolfSSL 11:cee25a834751 17886 WOLFSSL_MSG("wolfSSL_DH_generate_key");
wolfSSL 11:cee25a834751 17887
wolfSSL 11:cee25a834751 17888 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 17889 tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 17890 pub = (unsigned char*)XMALLOC(pubSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 17891 priv = (unsigned char*)XMALLOC(privSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 17892
wolfSSL 11:cee25a834751 17893 if (tmpRNG == NULL || pub == NULL || priv == NULL) {
wolfSSL 11:cee25a834751 17894 XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 17895 XFREE(pub, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 17896 XFREE(priv, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 17897 return ret;
wolfSSL 11:cee25a834751 17898 }
wolfSSL 11:cee25a834751 17899 #endif
wolfSSL 11:cee25a834751 17900
wolfSSL 11:cee25a834751 17901 if (dh == NULL || dh->p == NULL || dh->g == NULL)
wolfSSL 11:cee25a834751 17902 WOLFSSL_MSG("Bad function arguments");
wolfSSL 11:cee25a834751 17903 else if (dh->inSet == 0 && SetDhInternal(dh) != SSL_SUCCESS)
wolfSSL 11:cee25a834751 17904 WOLFSSL_MSG("Bad DH set internal");
wolfSSL 11:cee25a834751 17905 else if (wc_InitRng(tmpRNG) == 0) {
wolfSSL 11:cee25a834751 17906 rng = tmpRNG;
wolfSSL 11:cee25a834751 17907 initTmpRng = 1;
wolfSSL 11:cee25a834751 17908 }
wolfSSL 11:cee25a834751 17909 else {
wolfSSL 11:cee25a834751 17910 WOLFSSL_MSG("Bad RNG Init, trying global");
wolfSSL 11:cee25a834751 17911 if (initGlobalRNG == 0)
wolfSSL 11:cee25a834751 17912 WOLFSSL_MSG("Global RNG no Init");
wolfSSL 11:cee25a834751 17913 else
wolfSSL 11:cee25a834751 17914 rng = &globalRNG;
wolfSSL 11:cee25a834751 17915 }
wolfSSL 11:cee25a834751 17916
wolfSSL 11:cee25a834751 17917 if (rng) {
wolfSSL 11:cee25a834751 17918 if (wc_DhGenerateKeyPair((DhKey*)dh->internal, rng, priv, &privSz,
wolfSSL 11:cee25a834751 17919 pub, &pubSz) < 0)
wolfSSL 11:cee25a834751 17920 WOLFSSL_MSG("Bad wc_DhGenerateKeyPair");
wolfSSL 11:cee25a834751 17921 else {
wolfSSL 11:cee25a834751 17922 if (dh->pub_key)
wolfSSL 11:cee25a834751 17923 wolfSSL_BN_free(dh->pub_key);
wolfSSL 11:cee25a834751 17924
wolfSSL 11:cee25a834751 17925 dh->pub_key = wolfSSL_BN_new();
wolfSSL 11:cee25a834751 17926 if (dh->pub_key == NULL) {
wolfSSL 11:cee25a834751 17927 WOLFSSL_MSG("Bad DH new pub");
wolfSSL 11:cee25a834751 17928 }
wolfSSL 11:cee25a834751 17929 if (dh->priv_key)
wolfSSL 11:cee25a834751 17930 wolfSSL_BN_free(dh->priv_key);
wolfSSL 11:cee25a834751 17931
wolfSSL 11:cee25a834751 17932 dh->priv_key = wolfSSL_BN_new();
wolfSSL 11:cee25a834751 17933
wolfSSL 11:cee25a834751 17934 if (dh->priv_key == NULL) {
wolfSSL 11:cee25a834751 17935 WOLFSSL_MSG("Bad DH new priv");
wolfSSL 11:cee25a834751 17936 }
wolfSSL 11:cee25a834751 17937
wolfSSL 11:cee25a834751 17938 if (dh->pub_key && dh->priv_key) {
wolfSSL 11:cee25a834751 17939 if (wolfSSL_BN_bin2bn(pub, pubSz, dh->pub_key) == NULL)
wolfSSL 11:cee25a834751 17940 WOLFSSL_MSG("Bad DH bn2bin error pub");
wolfSSL 11:cee25a834751 17941 else if (wolfSSL_BN_bin2bn(priv, privSz, dh->priv_key) == NULL)
wolfSSL 11:cee25a834751 17942 WOLFSSL_MSG("Bad DH bn2bin error priv");
wolfSSL 11:cee25a834751 17943 else
wolfSSL 11:cee25a834751 17944 ret = SSL_SUCCESS;
wolfSSL 11:cee25a834751 17945 }
wolfSSL 11:cee25a834751 17946 }
wolfSSL 11:cee25a834751 17947 }
wolfSSL 11:cee25a834751 17948
wolfSSL 11:cee25a834751 17949 if (initTmpRng)
wolfSSL 11:cee25a834751 17950 wc_FreeRng(tmpRNG);
wolfSSL 11:cee25a834751 17951
wolfSSL 11:cee25a834751 17952 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 17953 XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 17954 XFREE(pub, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 17955 XFREE(priv, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 17956 #endif
wolfSSL 11:cee25a834751 17957
wolfSSL 11:cee25a834751 17958 return ret;
wolfSSL 11:cee25a834751 17959 }
wolfSSL 11:cee25a834751 17960
wolfSSL 11:cee25a834751 17961
wolfSSL 11:cee25a834751 17962 /* return code compliant with OpenSSL :
wolfSSL 11:cee25a834751 17963 * size of shared secret if success, -1 if error
wolfSSL 11:cee25a834751 17964 */
wolfSSL 11:cee25a834751 17965 int wolfSSL_DH_compute_key(unsigned char* key, WOLFSSL_BIGNUM* otherPub,
wolfSSL 11:cee25a834751 17966 WOLFSSL_DH* dh)
wolfSSL 11:cee25a834751 17967 {
wolfSSL 11:cee25a834751 17968 int ret = SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 17969 word32 keySz = 0;
wolfSSL 11:cee25a834751 17970 word32 pubSz = 1024;
wolfSSL 11:cee25a834751 17971 word32 privSz = 1024;
wolfSSL 11:cee25a834751 17972 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 17973 unsigned char* pub = NULL;
wolfSSL 11:cee25a834751 17974 unsigned char* priv = NULL;
wolfSSL 11:cee25a834751 17975 #else
wolfSSL 11:cee25a834751 17976 unsigned char pub [1024];
wolfSSL 11:cee25a834751 17977 unsigned char priv[1024];
wolfSSL 11:cee25a834751 17978 #endif
wolfSSL 11:cee25a834751 17979
wolfSSL 11:cee25a834751 17980 WOLFSSL_MSG("wolfSSL_DH_compute_key");
wolfSSL 11:cee25a834751 17981
wolfSSL 11:cee25a834751 17982 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 17983 pub = (unsigned char*)XMALLOC(pubSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 17984 if (pub == NULL)
wolfSSL 11:cee25a834751 17985 return ret;
wolfSSL 11:cee25a834751 17986
wolfSSL 11:cee25a834751 17987 priv = (unsigned char*)XMALLOC(privSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 17988 if (priv == NULL) {
wolfSSL 11:cee25a834751 17989 XFREE(pub, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 17990 return ret;
wolfSSL 11:cee25a834751 17991 }
wolfSSL 11:cee25a834751 17992 #endif
wolfSSL 11:cee25a834751 17993
wolfSSL 11:cee25a834751 17994 if (dh == NULL || dh->priv_key == NULL || otherPub == NULL)
wolfSSL 11:cee25a834751 17995 WOLFSSL_MSG("Bad function arguments");
wolfSSL 11:cee25a834751 17996 else if ((keySz = (word32)DH_size(dh)) == 0)
wolfSSL 11:cee25a834751 17997 WOLFSSL_MSG("Bad DH_size");
wolfSSL 11:cee25a834751 17998 else if (wolfSSL_BN_bn2bin(dh->priv_key, NULL) > (int)privSz)
wolfSSL 11:cee25a834751 17999 WOLFSSL_MSG("Bad priv internal size");
wolfSSL 11:cee25a834751 18000 else if (wolfSSL_BN_bn2bin(otherPub, NULL) > (int)pubSz)
wolfSSL 11:cee25a834751 18001 WOLFSSL_MSG("Bad otherPub size");
wolfSSL 11:cee25a834751 18002 else {
wolfSSL 11:cee25a834751 18003 privSz = wolfSSL_BN_bn2bin(dh->priv_key, priv);
wolfSSL 11:cee25a834751 18004 pubSz = wolfSSL_BN_bn2bin(otherPub, pub);
wolfSSL 11:cee25a834751 18005
wolfSSL 11:cee25a834751 18006 if (privSz <= 0 || pubSz <= 0)
wolfSSL 11:cee25a834751 18007 WOLFSSL_MSG("Bad BN2bin set");
wolfSSL 11:cee25a834751 18008 else if (wc_DhAgree((DhKey*)dh->internal, key, &keySz,
wolfSSL 11:cee25a834751 18009 priv, privSz, pub, pubSz) < 0)
wolfSSL 11:cee25a834751 18010 WOLFSSL_MSG("wc_DhAgree failed");
wolfSSL 11:cee25a834751 18011 else
wolfSSL 11:cee25a834751 18012 ret = (int)keySz;
wolfSSL 11:cee25a834751 18013 }
wolfSSL 11:cee25a834751 18014
wolfSSL 11:cee25a834751 18015 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 18016 XFREE(pub, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 18017 XFREE(priv, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 18018 #endif
wolfSSL 11:cee25a834751 18019
wolfSSL 11:cee25a834751 18020 return ret;
wolfSSL 11:cee25a834751 18021 }
wolfSSL 11:cee25a834751 18022 #endif /* NO_DH */
wolfSSL 11:cee25a834751 18023
wolfSSL 11:cee25a834751 18024
wolfSSL 11:cee25a834751 18025 #ifndef NO_DSA
wolfSSL 11:cee25a834751 18026 static void InitwolfSSL_DSA(WOLFSSL_DSA* dsa)
wolfSSL 11:cee25a834751 18027 {
wolfSSL 11:cee25a834751 18028 if (dsa) {
wolfSSL 11:cee25a834751 18029 dsa->p = NULL;
wolfSSL 11:cee25a834751 18030 dsa->q = NULL;
wolfSSL 11:cee25a834751 18031 dsa->g = NULL;
wolfSSL 11:cee25a834751 18032 dsa->pub_key = NULL;
wolfSSL 11:cee25a834751 18033 dsa->priv_key = NULL;
wolfSSL 11:cee25a834751 18034 dsa->internal = NULL;
wolfSSL 11:cee25a834751 18035 dsa->inSet = 0;
wolfSSL 11:cee25a834751 18036 dsa->exSet = 0;
wolfSSL 11:cee25a834751 18037 }
wolfSSL 11:cee25a834751 18038 }
wolfSSL 11:cee25a834751 18039
wolfSSL 11:cee25a834751 18040
wolfSSL 11:cee25a834751 18041 WOLFSSL_DSA* wolfSSL_DSA_new(void)
wolfSSL 11:cee25a834751 18042 {
wolfSSL 11:cee25a834751 18043 WOLFSSL_DSA* external;
wolfSSL 11:cee25a834751 18044 DsaKey* key;
wolfSSL 11:cee25a834751 18045
wolfSSL 11:cee25a834751 18046 WOLFSSL_MSG("wolfSSL_DSA_new");
wolfSSL 11:cee25a834751 18047
wolfSSL 11:cee25a834751 18048 key = (DsaKey*) XMALLOC(sizeof(DsaKey), NULL, DYNAMIC_TYPE_DSA);
wolfSSL 11:cee25a834751 18049 if (key == NULL) {
wolfSSL 11:cee25a834751 18050 WOLFSSL_MSG("wolfSSL_DSA_new malloc DsaKey failure");
wolfSSL 11:cee25a834751 18051 return NULL;
wolfSSL 11:cee25a834751 18052 }
wolfSSL 11:cee25a834751 18053
wolfSSL 11:cee25a834751 18054 external = (WOLFSSL_DSA*) XMALLOC(sizeof(WOLFSSL_DSA), NULL,
wolfSSL 11:cee25a834751 18055 DYNAMIC_TYPE_DSA);
wolfSSL 11:cee25a834751 18056 if (external == NULL) {
wolfSSL 11:cee25a834751 18057 WOLFSSL_MSG("wolfSSL_DSA_new malloc WOLFSSL_DSA failure");
wolfSSL 11:cee25a834751 18058 XFREE(key, NULL, DYNAMIC_TYPE_DSA);
wolfSSL 11:cee25a834751 18059 return NULL;
wolfSSL 11:cee25a834751 18060 }
wolfSSL 11:cee25a834751 18061
wolfSSL 11:cee25a834751 18062 InitwolfSSL_DSA(external);
wolfSSL 11:cee25a834751 18063 if (wc_InitDsaKey(key) != 0) {
wolfSSL 11:cee25a834751 18064 WOLFSSL_MSG("wolfSSL_DSA_new InitDsaKey failure");
wolfSSL 11:cee25a834751 18065 XFREE(key, NULL, DYNAMIC_TYPE_DSA);
wolfSSL 11:cee25a834751 18066 return NULL;
wolfSSL 11:cee25a834751 18067 }
wolfSSL 11:cee25a834751 18068 external->internal = key;
wolfSSL 11:cee25a834751 18069
wolfSSL 11:cee25a834751 18070 return external;
wolfSSL 11:cee25a834751 18071 }
wolfSSL 11:cee25a834751 18072
wolfSSL 11:cee25a834751 18073
wolfSSL 11:cee25a834751 18074 void wolfSSL_DSA_free(WOLFSSL_DSA* dsa)
wolfSSL 11:cee25a834751 18075 {
wolfSSL 11:cee25a834751 18076 WOLFSSL_MSG("wolfSSL_DSA_free");
wolfSSL 11:cee25a834751 18077
wolfSSL 11:cee25a834751 18078 if (dsa) {
wolfSSL 11:cee25a834751 18079 if (dsa->internal) {
wolfSSL 11:cee25a834751 18080 FreeDsaKey((DsaKey*)dsa->internal);
wolfSSL 11:cee25a834751 18081 XFREE(dsa->internal, NULL, DYNAMIC_TYPE_DSA);
wolfSSL 11:cee25a834751 18082 dsa->internal = NULL;
wolfSSL 11:cee25a834751 18083 }
wolfSSL 11:cee25a834751 18084 wolfSSL_BN_free(dsa->priv_key);
wolfSSL 11:cee25a834751 18085 wolfSSL_BN_free(dsa->pub_key);
wolfSSL 11:cee25a834751 18086 wolfSSL_BN_free(dsa->g);
wolfSSL 11:cee25a834751 18087 wolfSSL_BN_free(dsa->q);
wolfSSL 11:cee25a834751 18088 wolfSSL_BN_free(dsa->p);
wolfSSL 11:cee25a834751 18089 InitwolfSSL_DSA(dsa); /* set back to NULLs for safety */
wolfSSL 11:cee25a834751 18090
wolfSSL 11:cee25a834751 18091 XFREE(dsa, NULL, DYNAMIC_TYPE_DSA);
wolfSSL 11:cee25a834751 18092 dsa = NULL;
wolfSSL 11:cee25a834751 18093 }
wolfSSL 11:cee25a834751 18094 }
wolfSSL 11:cee25a834751 18095
wolfSSL 11:cee25a834751 18096 #endif /* NO_DSA */
wolfSSL 11:cee25a834751 18097
wolfSSL 11:cee25a834751 18098 #ifndef NO_RSA
wolfSSL 11:cee25a834751 18099 static void InitwolfSSL_Rsa(WOLFSSL_RSA* rsa)
wolfSSL 11:cee25a834751 18100 {
wolfSSL 11:cee25a834751 18101 if (rsa) {
wolfSSL 11:cee25a834751 18102 rsa->n = NULL;
wolfSSL 11:cee25a834751 18103 rsa->e = NULL;
wolfSSL 11:cee25a834751 18104 rsa->d = NULL;
wolfSSL 11:cee25a834751 18105 rsa->p = NULL;
wolfSSL 11:cee25a834751 18106 rsa->q = NULL;
wolfSSL 11:cee25a834751 18107 rsa->dmp1 = NULL;
wolfSSL 11:cee25a834751 18108 rsa->dmq1 = NULL;
wolfSSL 11:cee25a834751 18109 rsa->iqmp = NULL;
wolfSSL 11:cee25a834751 18110 rsa->internal = NULL;
wolfSSL 11:cee25a834751 18111 rsa->inSet = 0;
wolfSSL 11:cee25a834751 18112 rsa->exSet = 0;
wolfSSL 11:cee25a834751 18113 }
wolfSSL 11:cee25a834751 18114 }
wolfSSL 11:cee25a834751 18115
wolfSSL 11:cee25a834751 18116
wolfSSL 11:cee25a834751 18117 WOLFSSL_RSA* wolfSSL_RSA_new(void)
wolfSSL 11:cee25a834751 18118 {
wolfSSL 11:cee25a834751 18119 WOLFSSL_RSA* external;
wolfSSL 11:cee25a834751 18120 RsaKey* key;
wolfSSL 11:cee25a834751 18121
wolfSSL 11:cee25a834751 18122 WOLFSSL_MSG("wolfSSL_RSA_new");
wolfSSL 11:cee25a834751 18123
wolfSSL 11:cee25a834751 18124 key = (RsaKey*) XMALLOC(sizeof(RsaKey), NULL, DYNAMIC_TYPE_RSA);
wolfSSL 11:cee25a834751 18125 if (key == NULL) {
wolfSSL 11:cee25a834751 18126 WOLFSSL_MSG("wolfSSL_RSA_new malloc RsaKey failure");
wolfSSL 11:cee25a834751 18127 return NULL;
wolfSSL 11:cee25a834751 18128 }
wolfSSL 11:cee25a834751 18129
wolfSSL 11:cee25a834751 18130 external = (WOLFSSL_RSA*) XMALLOC(sizeof(WOLFSSL_RSA), NULL,
wolfSSL 11:cee25a834751 18131 DYNAMIC_TYPE_RSA);
wolfSSL 11:cee25a834751 18132 if (external == NULL) {
wolfSSL 11:cee25a834751 18133 WOLFSSL_MSG("wolfSSL_RSA_new malloc WOLFSSL_RSA failure");
wolfSSL 11:cee25a834751 18134 XFREE(key, NULL, DYNAMIC_TYPE_RSA);
wolfSSL 11:cee25a834751 18135 return NULL;
wolfSSL 11:cee25a834751 18136 }
wolfSSL 11:cee25a834751 18137
wolfSSL 11:cee25a834751 18138 InitwolfSSL_Rsa(external);
wolfSSL 11:cee25a834751 18139 if (wc_InitRsaKey(key, NULL) != 0) {
wolfSSL 11:cee25a834751 18140 WOLFSSL_MSG("InitRsaKey WOLFSSL_RSA failure");
wolfSSL 11:cee25a834751 18141 XFREE(external, NULL, DYNAMIC_TYPE_RSA);
wolfSSL 11:cee25a834751 18142 XFREE(key, NULL, DYNAMIC_TYPE_RSA);
wolfSSL 11:cee25a834751 18143 return NULL;
wolfSSL 11:cee25a834751 18144 }
wolfSSL 11:cee25a834751 18145 external->internal = key;
wolfSSL 11:cee25a834751 18146
wolfSSL 11:cee25a834751 18147 return external;
wolfSSL 11:cee25a834751 18148 }
wolfSSL 11:cee25a834751 18149
wolfSSL 11:cee25a834751 18150
wolfSSL 11:cee25a834751 18151 void wolfSSL_RSA_free(WOLFSSL_RSA* rsa)
wolfSSL 11:cee25a834751 18152 {
wolfSSL 11:cee25a834751 18153 WOLFSSL_MSG("wolfSSL_RSA_free");
wolfSSL 11:cee25a834751 18154
wolfSSL 11:cee25a834751 18155 if (rsa) {
wolfSSL 11:cee25a834751 18156 if (rsa->internal) {
wolfSSL 11:cee25a834751 18157 wc_FreeRsaKey((RsaKey*)rsa->internal);
wolfSSL 11:cee25a834751 18158 XFREE(rsa->internal, NULL, DYNAMIC_TYPE_RSA);
wolfSSL 11:cee25a834751 18159 rsa->internal = NULL;
wolfSSL 11:cee25a834751 18160 }
wolfSSL 11:cee25a834751 18161 wolfSSL_BN_free(rsa->iqmp);
wolfSSL 11:cee25a834751 18162 wolfSSL_BN_free(rsa->dmq1);
wolfSSL 11:cee25a834751 18163 wolfSSL_BN_free(rsa->dmp1);
wolfSSL 11:cee25a834751 18164 wolfSSL_BN_free(rsa->q);
wolfSSL 11:cee25a834751 18165 wolfSSL_BN_free(rsa->p);
wolfSSL 11:cee25a834751 18166 wolfSSL_BN_free(rsa->d);
wolfSSL 11:cee25a834751 18167 wolfSSL_BN_free(rsa->e);
wolfSSL 11:cee25a834751 18168 wolfSSL_BN_free(rsa->n);
wolfSSL 11:cee25a834751 18169 InitwolfSSL_Rsa(rsa); /* set back to NULLs for safety */
wolfSSL 11:cee25a834751 18170
wolfSSL 11:cee25a834751 18171 XFREE(rsa, NULL, DYNAMIC_TYPE_RSA);
wolfSSL 11:cee25a834751 18172 rsa = NULL;
wolfSSL 11:cee25a834751 18173 }
wolfSSL 11:cee25a834751 18174 }
wolfSSL 11:cee25a834751 18175 #endif /* NO_RSA */
wolfSSL 11:cee25a834751 18176
wolfSSL 11:cee25a834751 18177
wolfSSL 11:cee25a834751 18178 /* these defines are to make sure the functions SetIndividualExternal is not
wolfSSL 11:cee25a834751 18179 * declared and then not used. */
wolfSSL 11:cee25a834751 18180 #if !defined(NO_ASN) || !defined(NO_DSA) || defined(HAVE_ECC) || \
wolfSSL 11:cee25a834751 18181 (!defined(NO_RSA) && !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA))
wolfSSL 11:cee25a834751 18182 /* when calling SetIndividualExternal, mpi should be cleared by caller if no
wolfSSL 11:cee25a834751 18183 * longer used. ie mp_clear(mpi). This is to free data when fastmath is
wolfSSL 11:cee25a834751 18184 * disabled since a copy of mpi is made by this function and placed into bn.
wolfSSL 11:cee25a834751 18185 */
wolfSSL 11:cee25a834751 18186 static int SetIndividualExternal(WOLFSSL_BIGNUM** bn, mp_int* mpi)
wolfSSL 11:cee25a834751 18187 {
wolfSSL 11:cee25a834751 18188 byte dynamic = 0;
wolfSSL 11:cee25a834751 18189
wolfSSL 11:cee25a834751 18190 WOLFSSL_MSG("Entering SetIndividualExternal");
wolfSSL 11:cee25a834751 18191
wolfSSL 11:cee25a834751 18192 if (mpi == NULL || bn == NULL) {
wolfSSL 11:cee25a834751 18193 WOLFSSL_MSG("mpi NULL error");
wolfSSL 11:cee25a834751 18194 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 18195 }
wolfSSL 11:cee25a834751 18196
wolfSSL 11:cee25a834751 18197 if (*bn == NULL) {
wolfSSL 11:cee25a834751 18198 *bn = wolfSSL_BN_new();
wolfSSL 11:cee25a834751 18199 if (*bn == NULL) {
wolfSSL 11:cee25a834751 18200 WOLFSSL_MSG("SetIndividualExternal alloc failed");
wolfSSL 11:cee25a834751 18201 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 18202 }
wolfSSL 11:cee25a834751 18203 dynamic = 1;
wolfSSL 11:cee25a834751 18204 }
wolfSSL 11:cee25a834751 18205
wolfSSL 11:cee25a834751 18206 if (mp_copy(mpi, (mp_int*)((*bn)->internal)) != MP_OKAY) {
wolfSSL 11:cee25a834751 18207 WOLFSSL_MSG("mp_copy error");
wolfSSL 11:cee25a834751 18208 if (dynamic == 1) {
wolfSSL 11:cee25a834751 18209 wolfSSL_BN_free(*bn);
wolfSSL 11:cee25a834751 18210 }
wolfSSL 11:cee25a834751 18211 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 18212 }
wolfSSL 11:cee25a834751 18213
wolfSSL 11:cee25a834751 18214 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 18215 }
wolfSSL 11:cee25a834751 18216
wolfSSL 11:cee25a834751 18217 static int SetIndividualInternal(WOLFSSL_BIGNUM* bn, mp_int* mpi)
wolfSSL 11:cee25a834751 18218 {
wolfSSL 11:cee25a834751 18219 WOLFSSL_MSG("Entering SetIndividualInternal");
wolfSSL 11:cee25a834751 18220
wolfSSL 11:cee25a834751 18221 if (bn == NULL || bn->internal == NULL) {
wolfSSL 11:cee25a834751 18222 WOLFSSL_MSG("bn NULL error");
wolfSSL 11:cee25a834751 18223 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 18224 }
wolfSSL 11:cee25a834751 18225
wolfSSL 11:cee25a834751 18226 if (mpi == NULL || (mp_init(mpi) != MP_OKAY)) {
wolfSSL 11:cee25a834751 18227 WOLFSSL_MSG("mpi NULL error");
wolfSSL 11:cee25a834751 18228 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 18229 }
wolfSSL 11:cee25a834751 18230
wolfSSL 11:cee25a834751 18231 if (mp_copy((mp_int*)bn->internal, mpi) != MP_OKAY) {
wolfSSL 11:cee25a834751 18232 WOLFSSL_MSG("mp_copy error");
wolfSSL 11:cee25a834751 18233 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 18234 }
wolfSSL 11:cee25a834751 18235
wolfSSL 11:cee25a834751 18236 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 18237 }
wolfSSL 11:cee25a834751 18238
wolfSSL 11:cee25a834751 18239
wolfSSL 11:cee25a834751 18240 #ifndef NO_ASN
wolfSSL 11:cee25a834751 18241 WOLFSSL_BIGNUM *wolfSSL_ASN1_INTEGER_to_BN(const WOLFSSL_ASN1_INTEGER *ai,
wolfSSL 11:cee25a834751 18242 WOLFSSL_BIGNUM *bn)
wolfSSL 11:cee25a834751 18243 {
wolfSSL 11:cee25a834751 18244 mp_int mpi;
wolfSSL 11:cee25a834751 18245 word32 idx = 0;
wolfSSL 11:cee25a834751 18246 int ret;
wolfSSL 11:cee25a834751 18247
wolfSSL 11:cee25a834751 18248 WOLFSSL_ENTER("wolfSSL_ASN1_INTEGER_to_BN");
wolfSSL 11:cee25a834751 18249
wolfSSL 11:cee25a834751 18250 if (ai == NULL) {
wolfSSL 11:cee25a834751 18251 return NULL;
wolfSSL 11:cee25a834751 18252 }
wolfSSL 11:cee25a834751 18253
wolfSSL 11:cee25a834751 18254 if ((ret = GetInt(&mpi, ai->data, &idx, sizeof(ai->data))) != 0) {
wolfSSL 11:cee25a834751 18255 /* expecting ASN1 format for INTEGER */
wolfSSL 11:cee25a834751 18256 WOLFSSL_LEAVE("wolfSSL_ASN1_INTEGER_to_BN", ret);
wolfSSL 11:cee25a834751 18257 return NULL;
wolfSSL 11:cee25a834751 18258 }
wolfSSL 11:cee25a834751 18259
wolfSSL 11:cee25a834751 18260 /* mp_clear needs called because mpi is copied and causes memory leak with
wolfSSL 11:cee25a834751 18261 * --disable-fastmath */
wolfSSL 11:cee25a834751 18262 ret = SetIndividualExternal(&bn, &mpi);
wolfSSL 11:cee25a834751 18263 mp_clear(&mpi);
wolfSSL 11:cee25a834751 18264
wolfSSL 11:cee25a834751 18265 if (ret != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 18266 return NULL;
wolfSSL 11:cee25a834751 18267 }
wolfSSL 11:cee25a834751 18268 return bn;
wolfSSL 11:cee25a834751 18269 }
wolfSSL 11:cee25a834751 18270 #endif /* !NO_ASN */
wolfSSL 11:cee25a834751 18271
wolfSSL 11:cee25a834751 18272 #if !defined(NO_DSA) && !defined(NO_DH)
wolfSSL 11:cee25a834751 18273 WOLFSSL_DH *wolfSSL_DSA_dup_DH(const WOLFSSL_DSA *dsa)
wolfSSL 11:cee25a834751 18274 {
wolfSSL 11:cee25a834751 18275 WOLFSSL_DH* dh;
wolfSSL 11:cee25a834751 18276 DhKey* key;
wolfSSL 11:cee25a834751 18277
wolfSSL 11:cee25a834751 18278 WOLFSSL_ENTER("wolfSSL_DSA_dup_DH");
wolfSSL 11:cee25a834751 18279
wolfSSL 11:cee25a834751 18280 if (dsa == NULL) {
wolfSSL 11:cee25a834751 18281 return NULL;
wolfSSL 11:cee25a834751 18282 }
wolfSSL 11:cee25a834751 18283
wolfSSL 11:cee25a834751 18284 dh = wolfSSL_DH_new();
wolfSSL 11:cee25a834751 18285 if (dh == NULL) {
wolfSSL 11:cee25a834751 18286 return NULL;
wolfSSL 11:cee25a834751 18287 }
wolfSSL 11:cee25a834751 18288 key = (DhKey*)dh->internal;
wolfSSL 11:cee25a834751 18289
wolfSSL 11:cee25a834751 18290 if (dsa->p != NULL &&
wolfSSL 11:cee25a834751 18291 SetIndividualInternal(((WOLFSSL_DSA*)dsa)->p, &key->p) != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 18292 WOLFSSL_MSG("rsa p key error");
wolfSSL 11:cee25a834751 18293 wolfSSL_DH_free(dh);
wolfSSL 11:cee25a834751 18294 return NULL;
wolfSSL 11:cee25a834751 18295 }
wolfSSL 11:cee25a834751 18296 if (dsa->g != NULL &&
wolfSSL 11:cee25a834751 18297 SetIndividualInternal(((WOLFSSL_DSA*)dsa)->g, &key->g) != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 18298 WOLFSSL_MSG("rsa g key error");
wolfSSL 11:cee25a834751 18299 wolfSSL_DH_free(dh);
wolfSSL 11:cee25a834751 18300 return NULL;
wolfSSL 11:cee25a834751 18301 }
wolfSSL 11:cee25a834751 18302
wolfSSL 11:cee25a834751 18303 if (SetIndividualExternal(&dh->p, &key->p) != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 18304 WOLFSSL_MSG("dsa p key error");
wolfSSL 11:cee25a834751 18305 wolfSSL_DH_free(dh);
wolfSSL 11:cee25a834751 18306 return NULL;
wolfSSL 11:cee25a834751 18307 }
wolfSSL 11:cee25a834751 18308 if (SetIndividualExternal(&dh->g, &key->g) != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 18309 WOLFSSL_MSG("dsa g key error");
wolfSSL 11:cee25a834751 18310 wolfSSL_DH_free(dh);
wolfSSL 11:cee25a834751 18311 return NULL;
wolfSSL 11:cee25a834751 18312 }
wolfSSL 11:cee25a834751 18313
wolfSSL 11:cee25a834751 18314 return dh;
wolfSSL 11:cee25a834751 18315 }
wolfSSL 11:cee25a834751 18316 #endif /* !defined(NO_DSA) && !defined(NO_DH) */
wolfSSL 11:cee25a834751 18317
wolfSSL 11:cee25a834751 18318 #endif /* !NO_RSA && !NO_DSA */
wolfSSL 11:cee25a834751 18319
wolfSSL 11:cee25a834751 18320
wolfSSL 11:cee25a834751 18321 #ifndef NO_DSA
wolfSSL 11:cee25a834751 18322 /* wolfSSL -> OpenSSL */
wolfSSL 11:cee25a834751 18323 static int SetDsaExternal(WOLFSSL_DSA* dsa)
wolfSSL 11:cee25a834751 18324 {
wolfSSL 11:cee25a834751 18325 DsaKey* key;
wolfSSL 11:cee25a834751 18326 WOLFSSL_MSG("Entering SetDsaExternal");
wolfSSL 11:cee25a834751 18327
wolfSSL 11:cee25a834751 18328 if (dsa == NULL || dsa->internal == NULL) {
wolfSSL 11:cee25a834751 18329 WOLFSSL_MSG("dsa key NULL error");
wolfSSL 11:cee25a834751 18330 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 18331 }
wolfSSL 11:cee25a834751 18332
wolfSSL 11:cee25a834751 18333 key = (DsaKey*)dsa->internal;
wolfSSL 11:cee25a834751 18334
wolfSSL 11:cee25a834751 18335 if (SetIndividualExternal(&dsa->p, &key->p) != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 18336 WOLFSSL_MSG("dsa p key error");
wolfSSL 11:cee25a834751 18337 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 18338 }
wolfSSL 11:cee25a834751 18339
wolfSSL 11:cee25a834751 18340 if (SetIndividualExternal(&dsa->q, &key->q) != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 18341 WOLFSSL_MSG("dsa q key error");
wolfSSL 11:cee25a834751 18342 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 18343 }
wolfSSL 11:cee25a834751 18344
wolfSSL 11:cee25a834751 18345 if (SetIndividualExternal(&dsa->g, &key->g) != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 18346 WOLFSSL_MSG("dsa g key error");
wolfSSL 11:cee25a834751 18347 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 18348 }
wolfSSL 11:cee25a834751 18349
wolfSSL 11:cee25a834751 18350 if (SetIndividualExternal(&dsa->pub_key, &key->y) != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 18351 WOLFSSL_MSG("dsa y key error");
wolfSSL 11:cee25a834751 18352 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 18353 }
wolfSSL 11:cee25a834751 18354
wolfSSL 11:cee25a834751 18355 if (SetIndividualExternal(&dsa->priv_key, &key->x) != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 18356 WOLFSSL_MSG("dsa x key error");
wolfSSL 11:cee25a834751 18357 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 18358 }
wolfSSL 11:cee25a834751 18359
wolfSSL 11:cee25a834751 18360 dsa->exSet = 1;
wolfSSL 11:cee25a834751 18361
wolfSSL 11:cee25a834751 18362 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 18363 }
wolfSSL 11:cee25a834751 18364
wolfSSL 11:cee25a834751 18365 /* Openssl -> WolfSSL */
wolfSSL 11:cee25a834751 18366 static int SetDsaInternal(WOLFSSL_DSA* dsa)
wolfSSL 11:cee25a834751 18367 {
wolfSSL 11:cee25a834751 18368 DsaKey* key;
wolfSSL 11:cee25a834751 18369 WOLFSSL_MSG("Entering SetDsaInternal");
wolfSSL 11:cee25a834751 18370
wolfSSL 11:cee25a834751 18371 if (dsa == NULL || dsa->internal == NULL) {
wolfSSL 11:cee25a834751 18372 WOLFSSL_MSG("dsa key NULL error");
wolfSSL 11:cee25a834751 18373 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 18374 }
wolfSSL 11:cee25a834751 18375
wolfSSL 11:cee25a834751 18376 key = (DsaKey*)dsa->internal;
wolfSSL 11:cee25a834751 18377
wolfSSL 11:cee25a834751 18378 if (dsa->p != NULL &&
wolfSSL 11:cee25a834751 18379 SetIndividualInternal(dsa->p, &key->p) != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 18380 WOLFSSL_MSG("rsa p key error");
wolfSSL 11:cee25a834751 18381 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 18382 }
wolfSSL 11:cee25a834751 18383
wolfSSL 11:cee25a834751 18384 if (dsa->q != NULL &&
wolfSSL 11:cee25a834751 18385 SetIndividualInternal(dsa->q, &key->q) != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 18386 WOLFSSL_MSG("rsa q key error");
wolfSSL 11:cee25a834751 18387 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 18388 }
wolfSSL 11:cee25a834751 18389
wolfSSL 11:cee25a834751 18390 if (dsa->g != NULL &&
wolfSSL 11:cee25a834751 18391 SetIndividualInternal(dsa->g, &key->g) != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 18392 WOLFSSL_MSG("rsa g key error");
wolfSSL 11:cee25a834751 18393 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 18394 }
wolfSSL 11:cee25a834751 18395
wolfSSL 11:cee25a834751 18396 if (dsa->pub_key != NULL) {
wolfSSL 11:cee25a834751 18397 if (SetIndividualInternal(dsa->pub_key, &key->y) != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 18398 WOLFSSL_MSG("rsa pub_key error");
wolfSSL 11:cee25a834751 18399 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 18400 }
wolfSSL 11:cee25a834751 18401
wolfSSL 11:cee25a834751 18402 /* public key */
wolfSSL 11:cee25a834751 18403 key->type = DSA_PUBLIC;
wolfSSL 11:cee25a834751 18404 }
wolfSSL 11:cee25a834751 18405
wolfSSL 11:cee25a834751 18406 if (dsa->priv_key != NULL) {
wolfSSL 11:cee25a834751 18407 if (SetIndividualInternal(dsa->priv_key, &key->x) != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 18408 WOLFSSL_MSG("rsa priv_key error");
wolfSSL 11:cee25a834751 18409 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 18410 }
wolfSSL 11:cee25a834751 18411
wolfSSL 11:cee25a834751 18412 /* private key */
wolfSSL 11:cee25a834751 18413 key->type = DSA_PRIVATE;
wolfSSL 11:cee25a834751 18414 }
wolfSSL 11:cee25a834751 18415
wolfSSL 11:cee25a834751 18416 dsa->inSet = 1;
wolfSSL 11:cee25a834751 18417
wolfSSL 11:cee25a834751 18418 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 18419 }
wolfSSL 11:cee25a834751 18420 #endif /* NO_DSA */
wolfSSL 11:cee25a834751 18421
wolfSSL 11:cee25a834751 18422
wolfSSL 11:cee25a834751 18423 #if !defined(NO_RSA)
wolfSSL 11:cee25a834751 18424 #if !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA)
wolfSSL 11:cee25a834751 18425 /* WolfSSL -> OpenSSL */
wolfSSL 11:cee25a834751 18426 static int SetRsaExternal(WOLFSSL_RSA* rsa)
wolfSSL 11:cee25a834751 18427 {
wolfSSL 11:cee25a834751 18428 RsaKey* key;
wolfSSL 11:cee25a834751 18429 WOLFSSL_MSG("Entering SetRsaExternal");
wolfSSL 11:cee25a834751 18430
wolfSSL 11:cee25a834751 18431 if (rsa == NULL || rsa->internal == NULL) {
wolfSSL 11:cee25a834751 18432 WOLFSSL_MSG("rsa key NULL error");
wolfSSL 11:cee25a834751 18433 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 18434 }
wolfSSL 11:cee25a834751 18435
wolfSSL 11:cee25a834751 18436 key = (RsaKey*)rsa->internal;
wolfSSL 11:cee25a834751 18437
wolfSSL 11:cee25a834751 18438 if (SetIndividualExternal(&rsa->n, &key->n) != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 18439 WOLFSSL_MSG("rsa n key error");
wolfSSL 11:cee25a834751 18440 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 18441 }
wolfSSL 11:cee25a834751 18442
wolfSSL 11:cee25a834751 18443 if (SetIndividualExternal(&rsa->e, &key->e) != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 18444 WOLFSSL_MSG("rsa e key error");
wolfSSL 11:cee25a834751 18445 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 18446 }
wolfSSL 11:cee25a834751 18447
wolfSSL 11:cee25a834751 18448 if (SetIndividualExternal(&rsa->d, &key->d) != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 18449 WOLFSSL_MSG("rsa d key error");
wolfSSL 11:cee25a834751 18450 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 18451 }
wolfSSL 11:cee25a834751 18452
wolfSSL 11:cee25a834751 18453 if (SetIndividualExternal(&rsa->p, &key->p) != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 18454 WOLFSSL_MSG("rsa p key error");
wolfSSL 11:cee25a834751 18455 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 18456 }
wolfSSL 11:cee25a834751 18457
wolfSSL 11:cee25a834751 18458 if (SetIndividualExternal(&rsa->q, &key->q) != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 18459 WOLFSSL_MSG("rsa q key error");
wolfSSL 11:cee25a834751 18460 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 18461 }
wolfSSL 11:cee25a834751 18462
wolfSSL 11:cee25a834751 18463 if (SetIndividualExternal(&rsa->dmp1, &key->dP) != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 18464 WOLFSSL_MSG("rsa dP key error");
wolfSSL 11:cee25a834751 18465 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 18466 }
wolfSSL 11:cee25a834751 18467
wolfSSL 11:cee25a834751 18468 if (SetIndividualExternal(&rsa->dmq1, &key->dQ) != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 18469 WOLFSSL_MSG("rsa dQ key error");
wolfSSL 11:cee25a834751 18470 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 18471 }
wolfSSL 11:cee25a834751 18472
wolfSSL 11:cee25a834751 18473 if (SetIndividualExternal(&rsa->iqmp, &key->u) != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 18474 WOLFSSL_MSG("rsa u key error");
wolfSSL 11:cee25a834751 18475 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 18476 }
wolfSSL 11:cee25a834751 18477
wolfSSL 11:cee25a834751 18478 rsa->exSet = 1;
wolfSSL 11:cee25a834751 18479
wolfSSL 11:cee25a834751 18480 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 18481 }
wolfSSL 11:cee25a834751 18482
wolfSSL 11:cee25a834751 18483 /* Openssl -> WolfSSL */
wolfSSL 11:cee25a834751 18484 static int SetRsaInternal(WOLFSSL_RSA* rsa)
wolfSSL 11:cee25a834751 18485 {
wolfSSL 11:cee25a834751 18486 RsaKey* key;
wolfSSL 11:cee25a834751 18487 WOLFSSL_MSG("Entering SetRsaInternal");
wolfSSL 11:cee25a834751 18488
wolfSSL 11:cee25a834751 18489 if (rsa == NULL || rsa->internal == NULL) {
wolfSSL 11:cee25a834751 18490 WOLFSSL_MSG("rsa key NULL error");
wolfSSL 11:cee25a834751 18491 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 18492 }
wolfSSL 11:cee25a834751 18493
wolfSSL 11:cee25a834751 18494 key = (RsaKey*)rsa->internal;
wolfSSL 11:cee25a834751 18495
wolfSSL 11:cee25a834751 18496 if (SetIndividualInternal(rsa->n, &key->n) != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 18497 WOLFSSL_MSG("rsa n key error");
wolfSSL 11:cee25a834751 18498 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 18499 }
wolfSSL 11:cee25a834751 18500
wolfSSL 11:cee25a834751 18501 if (SetIndividualInternal(rsa->e, &key->e) != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 18502 WOLFSSL_MSG("rsa e key error");
wolfSSL 11:cee25a834751 18503 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 18504 }
wolfSSL 11:cee25a834751 18505
wolfSSL 11:cee25a834751 18506 /* public key */
wolfSSL 11:cee25a834751 18507 key->type = RSA_PUBLIC;
wolfSSL 11:cee25a834751 18508
wolfSSL 11:cee25a834751 18509 if (rsa->d != NULL) {
wolfSSL 11:cee25a834751 18510 if (SetIndividualInternal(rsa->d, &key->d) != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 18511 WOLFSSL_MSG("rsa d key error");
wolfSSL 11:cee25a834751 18512 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 18513 }
wolfSSL 11:cee25a834751 18514
wolfSSL 11:cee25a834751 18515 /* private key */
wolfSSL 11:cee25a834751 18516 key->type = RSA_PRIVATE;
wolfSSL 11:cee25a834751 18517 }
wolfSSL 11:cee25a834751 18518
wolfSSL 11:cee25a834751 18519 if (rsa->p != NULL &&
wolfSSL 11:cee25a834751 18520 SetIndividualInternal(rsa->p, &key->p) != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 18521 WOLFSSL_MSG("rsa p key error");
wolfSSL 11:cee25a834751 18522 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 18523 }
wolfSSL 11:cee25a834751 18524
wolfSSL 11:cee25a834751 18525 if (rsa->q != NULL &&
wolfSSL 11:cee25a834751 18526 SetIndividualInternal(rsa->q, &key->q) != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 18527 WOLFSSL_MSG("rsa q key error");
wolfSSL 11:cee25a834751 18528 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 18529 }
wolfSSL 11:cee25a834751 18530
wolfSSL 11:cee25a834751 18531 if (rsa->dmp1 != NULL &&
wolfSSL 11:cee25a834751 18532 SetIndividualInternal(rsa->dmp1, &key->dP) != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 18533 WOLFSSL_MSG("rsa dP key error");
wolfSSL 11:cee25a834751 18534 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 18535 }
wolfSSL 11:cee25a834751 18536
wolfSSL 11:cee25a834751 18537 if (rsa->dmq1 != NULL &&
wolfSSL 11:cee25a834751 18538 SetIndividualInternal(rsa->dmq1, &key->dQ) != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 18539 WOLFSSL_MSG("rsa dQ key error");
wolfSSL 11:cee25a834751 18540 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 18541 }
wolfSSL 11:cee25a834751 18542
wolfSSL 11:cee25a834751 18543 if (rsa->iqmp != NULL &&
wolfSSL 11:cee25a834751 18544 SetIndividualInternal(rsa->iqmp, &key->u) != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 18545 WOLFSSL_MSG("rsa u key error");
wolfSSL 11:cee25a834751 18546 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 18547 }
wolfSSL 11:cee25a834751 18548
wolfSSL 11:cee25a834751 18549 rsa->inSet = 1;
wolfSSL 11:cee25a834751 18550
wolfSSL 11:cee25a834751 18551 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 18552 }
wolfSSL 11:cee25a834751 18553 #endif /* HAVE_USER_RSA */
wolfSSL 11:cee25a834751 18554
wolfSSL 11:cee25a834751 18555 /* return compliant with OpenSSL
wolfSSL 11:cee25a834751 18556 * 1 if success, 0 if error
wolfSSL 11:cee25a834751 18557 */
wolfSSL 11:cee25a834751 18558 int wolfSSL_RSA_generate_key_ex(WOLFSSL_RSA* rsa, int bits, WOLFSSL_BIGNUM* bn,
wolfSSL 11:cee25a834751 18559 void* cb)
wolfSSL 11:cee25a834751 18560 {
wolfSSL 11:cee25a834751 18561 int ret = SSL_FAILURE;
wolfSSL 11:cee25a834751 18562
wolfSSL 11:cee25a834751 18563 (void)cb;
wolfSSL 11:cee25a834751 18564 (void)bn;
wolfSSL 11:cee25a834751 18565 (void)bits;
wolfSSL 11:cee25a834751 18566
wolfSSL 11:cee25a834751 18567 WOLFSSL_ENTER("wolfSSL_RSA_generate_key_ex");
wolfSSL 11:cee25a834751 18568
wolfSSL 11:cee25a834751 18569 if (rsa == NULL || rsa->internal == NULL) {
wolfSSL 11:cee25a834751 18570 /* bit size checked during make key call */
wolfSSL 11:cee25a834751 18571 WOLFSSL_MSG("bad arguments");
wolfSSL 11:cee25a834751 18572 return SSL_FAILURE;
wolfSSL 11:cee25a834751 18573 }
wolfSSL 11:cee25a834751 18574
wolfSSL 11:cee25a834751 18575 #ifdef WOLFSSL_KEY_GEN
wolfSSL 11:cee25a834751 18576 {
wolfSSL 11:cee25a834751 18577 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 18578 WC_RNG* rng = NULL;
wolfSSL 11:cee25a834751 18579 #else
wolfSSL 11:cee25a834751 18580 WC_RNG rng[1];
wolfSSL 11:cee25a834751 18581 #endif
wolfSSL 11:cee25a834751 18582
wolfSSL 11:cee25a834751 18583 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 18584 rng = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 18585 if (rng == NULL)
wolfSSL 11:cee25a834751 18586 return SSL_FAILURE;
wolfSSL 11:cee25a834751 18587 #endif
wolfSSL 11:cee25a834751 18588
wolfSSL 11:cee25a834751 18589 if (wc_InitRng(rng) < 0)
wolfSSL 11:cee25a834751 18590 WOLFSSL_MSG("RNG init failed");
wolfSSL 11:cee25a834751 18591 else if (wc_MakeRsaKey((RsaKey*)rsa->internal,
wolfSSL 11:cee25a834751 18592 bits, 65537, rng) != MP_OKAY)
wolfSSL 11:cee25a834751 18593 WOLFSSL_MSG("wc_MakeRsaKey failed");
wolfSSL 11:cee25a834751 18594 else if (SetRsaExternal(rsa) != SSL_SUCCESS)
wolfSSL 11:cee25a834751 18595 WOLFSSL_MSG("SetRsaExternal failed");
wolfSSL 11:cee25a834751 18596 else {
wolfSSL 11:cee25a834751 18597 rsa->inSet = 1;
wolfSSL 11:cee25a834751 18598 ret = SSL_SUCCESS;
wolfSSL 11:cee25a834751 18599 }
wolfSSL 11:cee25a834751 18600
wolfSSL 11:cee25a834751 18601 wc_FreeRng(rng);
wolfSSL 11:cee25a834751 18602 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 18603 XFREE(rng, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 18604 #endif
wolfSSL 11:cee25a834751 18605 }
wolfSSL 11:cee25a834751 18606 #else
wolfSSL 11:cee25a834751 18607 WOLFSSL_MSG("No Key Gen built in");
wolfSSL 11:cee25a834751 18608 #endif
wolfSSL 11:cee25a834751 18609 return ret;
wolfSSL 11:cee25a834751 18610 }
wolfSSL 11:cee25a834751 18611
wolfSSL 11:cee25a834751 18612
wolfSSL 11:cee25a834751 18613 /* SSL_SUCCESS on ok */
wolfSSL 11:cee25a834751 18614 int wolfSSL_RSA_blinding_on(WOLFSSL_RSA* rsa, WOLFSSL_BN_CTX* bn)
wolfSSL 11:cee25a834751 18615 {
wolfSSL 11:cee25a834751 18616 (void)rsa;
wolfSSL 11:cee25a834751 18617 (void)bn;
wolfSSL 11:cee25a834751 18618
wolfSSL 11:cee25a834751 18619 WOLFSSL_MSG("wolfSSL_RSA_blinding_on");
wolfSSL 11:cee25a834751 18620
wolfSSL 11:cee25a834751 18621 return SSL_SUCCESS; /* on by default */
wolfSSL 11:cee25a834751 18622 }
wolfSSL 11:cee25a834751 18623
wolfSSL 11:cee25a834751 18624 /* return compliant with OpenSSL
wolfSSL 11:cee25a834751 18625 * size of encrypted data if success , -1 if error
wolfSSL 11:cee25a834751 18626 */
wolfSSL 11:cee25a834751 18627 int wolfSSL_RSA_public_encrypt(int len, unsigned char* fr,
wolfSSL 11:cee25a834751 18628 unsigned char* to, WOLFSSL_RSA* rsa, int padding)
wolfSSL 11:cee25a834751 18629 {
wolfSSL 11:cee25a834751 18630 (void)len;
wolfSSL 11:cee25a834751 18631 (void)fr;
wolfSSL 11:cee25a834751 18632 (void)to;
wolfSSL 11:cee25a834751 18633 (void)rsa;
wolfSSL 11:cee25a834751 18634 (void)padding;
wolfSSL 11:cee25a834751 18635
wolfSSL 11:cee25a834751 18636 WOLFSSL_MSG("wolfSSL_RSA_public_encrypt");
wolfSSL 11:cee25a834751 18637
wolfSSL 11:cee25a834751 18638 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 18639 }
wolfSSL 11:cee25a834751 18640
wolfSSL 11:cee25a834751 18641 /* return compliant with OpenSSL
wolfSSL 11:cee25a834751 18642 * size of plain recovered data if success , -1 if error
wolfSSL 11:cee25a834751 18643 */
wolfSSL 11:cee25a834751 18644 int wolfSSL_RSA_private_decrypt(int len, unsigned char* fr,
wolfSSL 11:cee25a834751 18645 unsigned char* to, WOLFSSL_RSA* rsa, int padding)
wolfSSL 11:cee25a834751 18646 {
wolfSSL 11:cee25a834751 18647 (void)len;
wolfSSL 11:cee25a834751 18648 (void)fr;
wolfSSL 11:cee25a834751 18649 (void)to;
wolfSSL 11:cee25a834751 18650 (void)rsa;
wolfSSL 11:cee25a834751 18651 (void)padding;
wolfSSL 11:cee25a834751 18652
wolfSSL 11:cee25a834751 18653 WOLFSSL_MSG("wolfSSL_RSA_private_decrypt");
wolfSSL 11:cee25a834751 18654
wolfSSL 11:cee25a834751 18655 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 18656 }
wolfSSL 11:cee25a834751 18657
wolfSSL 11:cee25a834751 18658 /* return compliant with OpenSSL
wolfSSL 11:cee25a834751 18659 * RSA modulus size in bytes, -1 if error
wolfSSL 11:cee25a834751 18660 */
wolfSSL 11:cee25a834751 18661 int wolfSSL_RSA_size(const WOLFSSL_RSA* rsa)
wolfSSL 11:cee25a834751 18662 {
wolfSSL 11:cee25a834751 18663 WOLFSSL_MSG("wolfSSL_RSA_size");
wolfSSL 11:cee25a834751 18664
wolfSSL 11:cee25a834751 18665 if (rsa == NULL)
wolfSSL 11:cee25a834751 18666 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 18667
wolfSSL 11:cee25a834751 18668 return wolfSSL_BN_num_bytes(rsa->n);
wolfSSL 11:cee25a834751 18669 }
wolfSSL 11:cee25a834751 18670 #endif /* NO_RSA */
wolfSSL 11:cee25a834751 18671
wolfSSL 11:cee25a834751 18672 #ifndef NO_DSA
wolfSSL 11:cee25a834751 18673 /* return code compliant with OpenSSL :
wolfSSL 11:cee25a834751 18674 * 1 if success, 0 if error
wolfSSL 11:cee25a834751 18675 */
wolfSSL 11:cee25a834751 18676 int wolfSSL_DSA_generate_key(WOLFSSL_DSA* dsa)
wolfSSL 11:cee25a834751 18677 {
wolfSSL 11:cee25a834751 18678 int ret = SSL_FAILURE;
wolfSSL 11:cee25a834751 18679
wolfSSL 11:cee25a834751 18680 WOLFSSL_ENTER("wolfSSL_DSA_generate_key");
wolfSSL 11:cee25a834751 18681
wolfSSL 11:cee25a834751 18682 if (dsa == NULL || dsa->internal == NULL) {
wolfSSL 11:cee25a834751 18683 WOLFSSL_MSG("Bad arguments");
wolfSSL 11:cee25a834751 18684 return SSL_FAILURE;
wolfSSL 11:cee25a834751 18685 }
wolfSSL 11:cee25a834751 18686
wolfSSL 11:cee25a834751 18687 if (dsa->inSet == 0) {
wolfSSL 11:cee25a834751 18688 WOLFSSL_MSG("No DSA internal set, do it");
wolfSSL 11:cee25a834751 18689
wolfSSL 11:cee25a834751 18690 if (SetDsaInternal(dsa) != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 18691 WOLFSSL_MSG("SetDsaInternal failed");
wolfSSL 11:cee25a834751 18692 return ret;
wolfSSL 11:cee25a834751 18693 }
wolfSSL 11:cee25a834751 18694 }
wolfSSL 11:cee25a834751 18695
wolfSSL 11:cee25a834751 18696 #ifdef WOLFSSL_KEY_GEN
wolfSSL 11:cee25a834751 18697 {
wolfSSL 11:cee25a834751 18698 int initTmpRng = 0;
wolfSSL 11:cee25a834751 18699 WC_RNG *rng = NULL;
wolfSSL 11:cee25a834751 18700 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 18701 WC_RNG *tmpRNG = NULL;
wolfSSL 11:cee25a834751 18702 #else
wolfSSL 11:cee25a834751 18703 WC_RNG tmpRNG[1];
wolfSSL 11:cee25a834751 18704 #endif
wolfSSL 11:cee25a834751 18705
wolfSSL 11:cee25a834751 18706 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 18707 tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 18708 if (tmpRNG == NULL)
wolfSSL 11:cee25a834751 18709 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 18710 #endif
wolfSSL 11:cee25a834751 18711 if (wc_InitRng(tmpRNG) == 0) {
wolfSSL 11:cee25a834751 18712 rng = tmpRNG;
wolfSSL 11:cee25a834751 18713 initTmpRng = 1;
wolfSSL 11:cee25a834751 18714 }
wolfSSL 11:cee25a834751 18715 else {
wolfSSL 11:cee25a834751 18716 WOLFSSL_MSG("Bad RNG Init, trying global");
wolfSSL 11:cee25a834751 18717 if (initGlobalRNG == 0)
wolfSSL 11:cee25a834751 18718 WOLFSSL_MSG("Global RNG no Init");
wolfSSL 11:cee25a834751 18719 else
wolfSSL 11:cee25a834751 18720 rng = &globalRNG;
wolfSSL 11:cee25a834751 18721 }
wolfSSL 11:cee25a834751 18722
wolfSSL 11:cee25a834751 18723 if (rng) {
wolfSSL 11:cee25a834751 18724 if (wc_MakeDsaKey(rng, (DsaKey*)dsa->internal) != MP_OKAY)
wolfSSL 11:cee25a834751 18725 WOLFSSL_MSG("wc_MakeDsaKey failed");
wolfSSL 11:cee25a834751 18726 else if (SetDsaExternal(dsa) != SSL_SUCCESS)
wolfSSL 11:cee25a834751 18727 WOLFSSL_MSG("SetDsaExternal failed");
wolfSSL 11:cee25a834751 18728 else
wolfSSL 11:cee25a834751 18729 ret = SSL_SUCCESS;
wolfSSL 11:cee25a834751 18730 }
wolfSSL 11:cee25a834751 18731
wolfSSL 11:cee25a834751 18732 if (initTmpRng)
wolfSSL 11:cee25a834751 18733 wc_FreeRng(tmpRNG);
wolfSSL 11:cee25a834751 18734
wolfSSL 11:cee25a834751 18735 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 18736 XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 18737 #endif
wolfSSL 11:cee25a834751 18738 }
wolfSSL 11:cee25a834751 18739 #else /* WOLFSSL_KEY_GEN */
wolfSSL 11:cee25a834751 18740 WOLFSSL_MSG("No Key Gen built in");
wolfSSL 11:cee25a834751 18741 #endif
wolfSSL 11:cee25a834751 18742 return ret;
wolfSSL 11:cee25a834751 18743 }
wolfSSL 11:cee25a834751 18744
wolfSSL 11:cee25a834751 18745 /* return code compliant with OpenSSL :
wolfSSL 11:cee25a834751 18746 * 1 if success, 0 if error
wolfSSL 11:cee25a834751 18747 */
wolfSSL 11:cee25a834751 18748 int wolfSSL_DSA_generate_parameters_ex(WOLFSSL_DSA* dsa, int bits,
wolfSSL 11:cee25a834751 18749 unsigned char* seed, int seedLen,
wolfSSL 11:cee25a834751 18750 int* counterRet,
wolfSSL 11:cee25a834751 18751 unsigned long* hRet, void* cb)
wolfSSL 11:cee25a834751 18752 {
wolfSSL 11:cee25a834751 18753 int ret = SSL_FAILURE;
wolfSSL 11:cee25a834751 18754
wolfSSL 11:cee25a834751 18755 (void)bits;
wolfSSL 11:cee25a834751 18756 (void)seed;
wolfSSL 11:cee25a834751 18757 (void)seedLen;
wolfSSL 11:cee25a834751 18758 (void)counterRet;
wolfSSL 11:cee25a834751 18759 (void)hRet;
wolfSSL 11:cee25a834751 18760 (void)cb;
wolfSSL 11:cee25a834751 18761
wolfSSL 11:cee25a834751 18762 WOLFSSL_ENTER("wolfSSL_DSA_generate_parameters_ex");
wolfSSL 11:cee25a834751 18763
wolfSSL 11:cee25a834751 18764 if (dsa == NULL || dsa->internal == NULL) {
wolfSSL 11:cee25a834751 18765 WOLFSSL_MSG("Bad arguments");
wolfSSL 11:cee25a834751 18766 return SSL_FAILURE;
wolfSSL 11:cee25a834751 18767 }
wolfSSL 11:cee25a834751 18768
wolfSSL 11:cee25a834751 18769 #ifdef WOLFSSL_KEY_GEN
wolfSSL 11:cee25a834751 18770 {
wolfSSL 11:cee25a834751 18771 int initTmpRng = 0;
wolfSSL 11:cee25a834751 18772 WC_RNG *rng = NULL;
wolfSSL 11:cee25a834751 18773 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 18774 WC_RNG *tmpRNG = NULL;
wolfSSL 11:cee25a834751 18775 #else
wolfSSL 11:cee25a834751 18776 WC_RNG tmpRNG[1];
wolfSSL 11:cee25a834751 18777 #endif
wolfSSL 11:cee25a834751 18778
wolfSSL 11:cee25a834751 18779 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 18780 tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 18781 if (tmpRNG == NULL)
wolfSSL 11:cee25a834751 18782 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 18783 #endif
wolfSSL 11:cee25a834751 18784 if (wc_InitRng(tmpRNG) == 0) {
wolfSSL 11:cee25a834751 18785 rng = tmpRNG;
wolfSSL 11:cee25a834751 18786 initTmpRng = 1;
wolfSSL 11:cee25a834751 18787 }
wolfSSL 11:cee25a834751 18788 else {
wolfSSL 11:cee25a834751 18789 WOLFSSL_MSG("Bad RNG Init, trying global");
wolfSSL 11:cee25a834751 18790 if (initGlobalRNG == 0)
wolfSSL 11:cee25a834751 18791 WOLFSSL_MSG("Global RNG no Init");
wolfSSL 11:cee25a834751 18792 else
wolfSSL 11:cee25a834751 18793 rng = &globalRNG;
wolfSSL 11:cee25a834751 18794 }
wolfSSL 11:cee25a834751 18795
wolfSSL 11:cee25a834751 18796 if (rng) {
wolfSSL 11:cee25a834751 18797 if (wc_MakeDsaParameters(rng, bits,
wolfSSL 11:cee25a834751 18798 (DsaKey*)dsa->internal) != MP_OKAY)
wolfSSL 11:cee25a834751 18799 WOLFSSL_MSG("wc_MakeDsaParameters failed");
wolfSSL 11:cee25a834751 18800 else if (SetDsaExternal(dsa) != SSL_SUCCESS)
wolfSSL 11:cee25a834751 18801 WOLFSSL_MSG("SetDsaExternal failed");
wolfSSL 11:cee25a834751 18802 else
wolfSSL 11:cee25a834751 18803 ret = SSL_SUCCESS;
wolfSSL 11:cee25a834751 18804 }
wolfSSL 11:cee25a834751 18805
wolfSSL 11:cee25a834751 18806 if (initTmpRng)
wolfSSL 11:cee25a834751 18807 wc_FreeRng(tmpRNG);
wolfSSL 11:cee25a834751 18808
wolfSSL 11:cee25a834751 18809 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 18810 XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 18811 #endif
wolfSSL 11:cee25a834751 18812 }
wolfSSL 11:cee25a834751 18813 #else /* WOLFSSL_KEY_GEN */
wolfSSL 11:cee25a834751 18814 WOLFSSL_MSG("No Key Gen built in");
wolfSSL 11:cee25a834751 18815 #endif
wolfSSL 11:cee25a834751 18816
wolfSSL 11:cee25a834751 18817 return ret;
wolfSSL 11:cee25a834751 18818 }
wolfSSL 11:cee25a834751 18819
wolfSSL 11:cee25a834751 18820 /* return SSL_SUCCESS on success, < 0 otherwise */
wolfSSL 11:cee25a834751 18821 int wolfSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet,
wolfSSL 11:cee25a834751 18822 WOLFSSL_DSA* dsa)
wolfSSL 11:cee25a834751 18823 {
wolfSSL 11:cee25a834751 18824 int ret = SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 18825 int initTmpRng = 0;
wolfSSL 11:cee25a834751 18826 WC_RNG* rng = NULL;
wolfSSL 11:cee25a834751 18827 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 18828 WC_RNG* tmpRNG = NULL;
wolfSSL 11:cee25a834751 18829 #else
wolfSSL 11:cee25a834751 18830 WC_RNG tmpRNG[1];
wolfSSL 11:cee25a834751 18831 #endif
wolfSSL 11:cee25a834751 18832
wolfSSL 11:cee25a834751 18833 WOLFSSL_ENTER("wolfSSL_DSA_do_sign");
wolfSSL 11:cee25a834751 18834
wolfSSL 11:cee25a834751 18835 if (d == NULL || sigRet == NULL || dsa == NULL) {
wolfSSL 11:cee25a834751 18836 WOLFSSL_MSG("Bad function arguments");
wolfSSL 11:cee25a834751 18837 return ret;
wolfSSL 11:cee25a834751 18838 }
wolfSSL 11:cee25a834751 18839
wolfSSL 11:cee25a834751 18840 if (dsa->inSet == 0)
wolfSSL 11:cee25a834751 18841 {
wolfSSL 11:cee25a834751 18842 WOLFSSL_MSG("No DSA internal set, do it");
wolfSSL 11:cee25a834751 18843
wolfSSL 11:cee25a834751 18844 if (SetDsaInternal(dsa) != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 18845 WOLFSSL_MSG("SetDsaInternal failed");
wolfSSL 11:cee25a834751 18846 return ret;
wolfSSL 11:cee25a834751 18847 }
wolfSSL 11:cee25a834751 18848 }
wolfSSL 11:cee25a834751 18849
wolfSSL 11:cee25a834751 18850 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 18851 tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 18852 if (tmpRNG == NULL)
wolfSSL 11:cee25a834751 18853 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 18854 #endif
wolfSSL 11:cee25a834751 18855
wolfSSL 11:cee25a834751 18856 if (wc_InitRng(tmpRNG) == 0) {
wolfSSL 11:cee25a834751 18857 rng = tmpRNG;
wolfSSL 11:cee25a834751 18858 initTmpRng = 1;
wolfSSL 11:cee25a834751 18859 }
wolfSSL 11:cee25a834751 18860 else {
wolfSSL 11:cee25a834751 18861 WOLFSSL_MSG("Bad RNG Init, trying global");
wolfSSL 11:cee25a834751 18862 if (initGlobalRNG == 0)
wolfSSL 11:cee25a834751 18863 WOLFSSL_MSG("Global RNG no Init");
wolfSSL 11:cee25a834751 18864 else
wolfSSL 11:cee25a834751 18865 rng = &globalRNG;
wolfSSL 11:cee25a834751 18866 }
wolfSSL 11:cee25a834751 18867
wolfSSL 11:cee25a834751 18868 if (rng) {
wolfSSL 11:cee25a834751 18869 if (DsaSign(d, sigRet, (DsaKey*)dsa->internal, rng) < 0)
wolfSSL 11:cee25a834751 18870 WOLFSSL_MSG("DsaSign failed");
wolfSSL 11:cee25a834751 18871 else
wolfSSL 11:cee25a834751 18872 ret = SSL_SUCCESS;
wolfSSL 11:cee25a834751 18873 }
wolfSSL 11:cee25a834751 18874
wolfSSL 11:cee25a834751 18875 if (initTmpRng)
wolfSSL 11:cee25a834751 18876 wc_FreeRng(tmpRNG);
wolfSSL 11:cee25a834751 18877 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 18878 XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 18879 #endif
wolfSSL 11:cee25a834751 18880
wolfSSL 11:cee25a834751 18881 return ret;
wolfSSL 11:cee25a834751 18882 }
wolfSSL 11:cee25a834751 18883
wolfSSL 11:cee25a834751 18884
wolfSSL 11:cee25a834751 18885 int wolfSSL_DSA_do_verify(const unsigned char* d, unsigned char* sig,
wolfSSL 11:cee25a834751 18886 WOLFSSL_DSA* dsa, int *dsacheck)
wolfSSL 11:cee25a834751 18887 {
wolfSSL 11:cee25a834751 18888 int ret = SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 18889
wolfSSL 11:cee25a834751 18890 WOLFSSL_ENTER("wolfSSL_DSA_do_verify");
wolfSSL 11:cee25a834751 18891
wolfSSL 11:cee25a834751 18892 if (d == NULL || sig == NULL || dsa == NULL) {
wolfSSL 11:cee25a834751 18893 WOLFSSL_MSG("Bad function arguments");
wolfSSL 11:cee25a834751 18894 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 18895 }
wolfSSL 11:cee25a834751 18896 if (dsa->inSet == 0)
wolfSSL 11:cee25a834751 18897 {
wolfSSL 11:cee25a834751 18898 WOLFSSL_MSG("No DSA internal set, do it");
wolfSSL 11:cee25a834751 18899
wolfSSL 11:cee25a834751 18900 if (SetDsaInternal(dsa) != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 18901 WOLFSSL_MSG("SetDsaInternal failed");
wolfSSL 11:cee25a834751 18902 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 18903 }
wolfSSL 11:cee25a834751 18904 }
wolfSSL 11:cee25a834751 18905
wolfSSL 11:cee25a834751 18906 ret = DsaVerify(d, sig, (DsaKey*)dsa->internal, dsacheck);
wolfSSL 11:cee25a834751 18907 if (ret != 0 || *dsacheck != 1) {
wolfSSL 11:cee25a834751 18908 WOLFSSL_MSG("DsaVerify failed");
wolfSSL 11:cee25a834751 18909 return ret;
wolfSSL 11:cee25a834751 18910 }
wolfSSL 11:cee25a834751 18911
wolfSSL 11:cee25a834751 18912 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 18913 }
wolfSSL 11:cee25a834751 18914 #endif /* NO_DSA */
wolfSSL 11:cee25a834751 18915
wolfSSL 11:cee25a834751 18916
wolfSSL 11:cee25a834751 18917 #ifndef NO_RSA
wolfSSL 11:cee25a834751 18918 /* return SSL_SUCCES on ok, 0 otherwise */
wolfSSL 11:cee25a834751 18919 int wolfSSL_RSA_sign(int type, const unsigned char* m,
wolfSSL 11:cee25a834751 18920 unsigned int mLen, unsigned char* sigRet,
wolfSSL 11:cee25a834751 18921 unsigned int* sigLen, WOLFSSL_RSA* rsa)
wolfSSL 11:cee25a834751 18922 {
wolfSSL 11:cee25a834751 18923 word32 outLen;
wolfSSL 11:cee25a834751 18924 word32 signSz;
wolfSSL 11:cee25a834751 18925 int initTmpRng = 0;
wolfSSL 11:cee25a834751 18926 WC_RNG* rng = NULL;
wolfSSL 11:cee25a834751 18927 int ret = 0;
wolfSSL 11:cee25a834751 18928 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 18929 WC_RNG* tmpRNG = NULL;
wolfSSL 11:cee25a834751 18930 byte* encodedSig = NULL;
wolfSSL 11:cee25a834751 18931 #else
wolfSSL 11:cee25a834751 18932 WC_RNG tmpRNG[1];
wolfSSL 11:cee25a834751 18933 byte encodedSig[MAX_ENCODED_SIG_SZ];
wolfSSL 11:cee25a834751 18934 #endif
wolfSSL 11:cee25a834751 18935
wolfSSL 11:cee25a834751 18936 WOLFSSL_MSG("wolfSSL_RSA_sign");
wolfSSL 11:cee25a834751 18937
wolfSSL 11:cee25a834751 18938 if (m == NULL || sigRet == NULL || sigLen == NULL || rsa == NULL) {
wolfSSL 11:cee25a834751 18939 WOLFSSL_MSG("Bad function arguments");
wolfSSL 11:cee25a834751 18940 return 0;
wolfSSL 11:cee25a834751 18941 }
wolfSSL 11:cee25a834751 18942
wolfSSL 11:cee25a834751 18943 switch (type) {
wolfSSL 11:cee25a834751 18944 #ifdef WOLFSSL_MD2
wolfSSL 11:cee25a834751 18945 case NID_md2: type = MD2h; break;
wolfSSL 11:cee25a834751 18946 #endif
wolfSSL 11:cee25a834751 18947 #ifndef NO_MD5
wolfSSL 11:cee25a834751 18948 case NID_md5: type = MD5h; break;
wolfSSL 11:cee25a834751 18949 #endif
wolfSSL 11:cee25a834751 18950 #ifndef NO_SHA
wolfSSL 11:cee25a834751 18951 case NID_sha1: type = SHAh; break;
wolfSSL 11:cee25a834751 18952 #endif
wolfSSL 11:cee25a834751 18953 #ifndef NO_SHA256
wolfSSL 11:cee25a834751 18954 case NID_sha256: type = SHA256h; break;
wolfSSL 11:cee25a834751 18955 #endif
wolfSSL 11:cee25a834751 18956 #ifdef WOLFSSL_SHA384
wolfSSL 11:cee25a834751 18957 case NID_sha384: type = SHA384h; break;
wolfSSL 11:cee25a834751 18958 #endif
wolfSSL 11:cee25a834751 18959 #ifdef WOLFSSL_SHA512
wolfSSL 11:cee25a834751 18960 case NID_sha512: type = SHA512h; break;
wolfSSL 11:cee25a834751 18961 #endif
wolfSSL 11:cee25a834751 18962 default:
wolfSSL 11:cee25a834751 18963 WOLFSSL_MSG("This NID (md type) not configured or not implemented");
wolfSSL 11:cee25a834751 18964 return 0;
wolfSSL 11:cee25a834751 18965 }
wolfSSL 11:cee25a834751 18966
wolfSSL 11:cee25a834751 18967 if (rsa->inSet == 0)
wolfSSL 11:cee25a834751 18968 {
wolfSSL 11:cee25a834751 18969 WOLFSSL_MSG("No RSA internal set, do it");
wolfSSL 11:cee25a834751 18970
wolfSSL 11:cee25a834751 18971 if (SetRsaInternal(rsa) != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 18972 WOLFSSL_MSG("SetRsaInternal failed");
wolfSSL 11:cee25a834751 18973 return 0;
wolfSSL 11:cee25a834751 18974 }
wolfSSL 11:cee25a834751 18975 }
wolfSSL 11:cee25a834751 18976
wolfSSL 11:cee25a834751 18977 outLen = (word32)wolfSSL_BN_num_bytes(rsa->n);
wolfSSL 11:cee25a834751 18978
wolfSSL 11:cee25a834751 18979 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 18980 tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 18981 if (tmpRNG == NULL)
wolfSSL 11:cee25a834751 18982 return 0;
wolfSSL 11:cee25a834751 18983
wolfSSL 11:cee25a834751 18984 encodedSig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ, NULL,
wolfSSL 11:cee25a834751 18985 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 18986 if (encodedSig == NULL) {
wolfSSL 11:cee25a834751 18987 XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 18988 return 0;
wolfSSL 11:cee25a834751 18989 }
wolfSSL 11:cee25a834751 18990 #endif
wolfSSL 11:cee25a834751 18991
wolfSSL 11:cee25a834751 18992 if (outLen == 0)
wolfSSL 11:cee25a834751 18993 WOLFSSL_MSG("Bad RSA size");
wolfSSL 11:cee25a834751 18994 else if (wc_InitRng(tmpRNG) == 0) {
wolfSSL 11:cee25a834751 18995 rng = tmpRNG;
wolfSSL 11:cee25a834751 18996 initTmpRng = 1;
wolfSSL 11:cee25a834751 18997 }
wolfSSL 11:cee25a834751 18998 else {
wolfSSL 11:cee25a834751 18999 WOLFSSL_MSG("Bad RNG Init, trying global");
wolfSSL 11:cee25a834751 19000
wolfSSL 11:cee25a834751 19001 if (initGlobalRNG == 0)
wolfSSL 11:cee25a834751 19002 WOLFSSL_MSG("Global RNG no Init");
wolfSSL 11:cee25a834751 19003 else
wolfSSL 11:cee25a834751 19004 rng = &globalRNG;
wolfSSL 11:cee25a834751 19005 }
wolfSSL 11:cee25a834751 19006
wolfSSL 11:cee25a834751 19007 if (rng) {
wolfSSL 11:cee25a834751 19008
wolfSSL 11:cee25a834751 19009 signSz = wc_EncodeSignature(encodedSig, m, mLen, type);
wolfSSL 11:cee25a834751 19010 if (signSz == 0) {
wolfSSL 11:cee25a834751 19011 WOLFSSL_MSG("Bad Encode Signature");
wolfSSL 11:cee25a834751 19012 }
wolfSSL 11:cee25a834751 19013 else {
wolfSSL 11:cee25a834751 19014 ret = wc_RsaSSL_Sign(encodedSig, signSz, sigRet, outLen,
wolfSSL 11:cee25a834751 19015 (RsaKey*)rsa->internal, rng);
wolfSSL 11:cee25a834751 19016 if (ret <= 0) {
wolfSSL 11:cee25a834751 19017 WOLFSSL_MSG("Bad Rsa Sign");
wolfSSL 11:cee25a834751 19018 ret = 0;
wolfSSL 11:cee25a834751 19019 }
wolfSSL 11:cee25a834751 19020 else {
wolfSSL 11:cee25a834751 19021 ret = SSL_SUCCESS;
wolfSSL 11:cee25a834751 19022 *sigLen = ret;
wolfSSL 11:cee25a834751 19023 }
wolfSSL 11:cee25a834751 19024 }
wolfSSL 11:cee25a834751 19025
wolfSSL 11:cee25a834751 19026 }
wolfSSL 11:cee25a834751 19027
wolfSSL 11:cee25a834751 19028 if (initTmpRng)
wolfSSL 11:cee25a834751 19029 wc_FreeRng(tmpRNG);
wolfSSL 11:cee25a834751 19030
wolfSSL 11:cee25a834751 19031 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 19032 XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 19033 XFREE(encodedSig, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 19034 #endif
wolfSSL 11:cee25a834751 19035
wolfSSL 11:cee25a834751 19036 if (ret == SSL_SUCCESS)
wolfSSL 11:cee25a834751 19037 WOLFSSL_MSG("wolfSSL_RSA_sign success");
wolfSSL 11:cee25a834751 19038 else {
wolfSSL 11:cee25a834751 19039 WOLFSSL_MSG("wolfSSL_RSA_sign failed");
wolfSSL 11:cee25a834751 19040 }
wolfSSL 11:cee25a834751 19041 return ret;
wolfSSL 11:cee25a834751 19042 }
wolfSSL 11:cee25a834751 19043
wolfSSL 11:cee25a834751 19044
wolfSSL 11:cee25a834751 19045 int wolfSSL_RSA_public_decrypt(int flen, unsigned char* from,
wolfSSL 11:cee25a834751 19046 unsigned char* to, WOLFSSL_RSA* rsa, int padding)
wolfSSL 11:cee25a834751 19047 {
wolfSSL 11:cee25a834751 19048 int tlen = 0;
wolfSSL 11:cee25a834751 19049
wolfSSL 11:cee25a834751 19050 WOLFSSL_MSG("wolfSSL_RSA_public_decrypt");
wolfSSL 11:cee25a834751 19051
wolfSSL 11:cee25a834751 19052 if (rsa == NULL || rsa->internal == NULL || from == NULL) {
wolfSSL 11:cee25a834751 19053 WOLFSSL_MSG("Bad function arguments");
wolfSSL 11:cee25a834751 19054 return 0;
wolfSSL 11:cee25a834751 19055 }
wolfSSL 11:cee25a834751 19056
wolfSSL 11:cee25a834751 19057 if (padding != RSA_PKCS1_PADDING) {
wolfSSL 11:cee25a834751 19058 WOLFSSL_MSG("wolfSSL_RSA_public_decrypt unsupported padding");
wolfSSL 11:cee25a834751 19059 return 0;
wolfSSL 11:cee25a834751 19060 }
wolfSSL 11:cee25a834751 19061
wolfSSL 11:cee25a834751 19062 if (rsa->inSet == 0)
wolfSSL 11:cee25a834751 19063 {
wolfSSL 11:cee25a834751 19064 WOLFSSL_MSG("No RSA internal set, do it");
wolfSSL 11:cee25a834751 19065
wolfSSL 11:cee25a834751 19066 if (SetRsaInternal(rsa) != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 19067 WOLFSSL_MSG("SetRsaInternal failed");
wolfSSL 11:cee25a834751 19068 return 0;
wolfSSL 11:cee25a834751 19069 }
wolfSSL 11:cee25a834751 19070 }
wolfSSL 11:cee25a834751 19071
wolfSSL 11:cee25a834751 19072 /* size of 'to' buffer must be size of RSA key */
wolfSSL 11:cee25a834751 19073 tlen = wc_RsaSSL_Verify(from, flen, to, wolfSSL_RSA_size(rsa),
wolfSSL 11:cee25a834751 19074 (RsaKey*)rsa->internal);
wolfSSL 11:cee25a834751 19075 if (tlen <= 0)
wolfSSL 11:cee25a834751 19076 WOLFSSL_MSG("wolfSSL_RSA_public_decrypt failed");
wolfSSL 11:cee25a834751 19077 else {
wolfSSL 11:cee25a834751 19078 WOLFSSL_MSG("wolfSSL_RSA_public_decrypt success");
wolfSSL 11:cee25a834751 19079 }
wolfSSL 11:cee25a834751 19080 return tlen;
wolfSSL 11:cee25a834751 19081 }
wolfSSL 11:cee25a834751 19082
wolfSSL 11:cee25a834751 19083
wolfSSL 11:cee25a834751 19084 /* generate p-1 and q-1, SSL_SUCCESS on ok */
wolfSSL 11:cee25a834751 19085 int wolfSSL_RSA_GenAdd(WOLFSSL_RSA* rsa)
wolfSSL 11:cee25a834751 19086 {
wolfSSL 11:cee25a834751 19087 int err;
wolfSSL 11:cee25a834751 19088 mp_int tmp;
wolfSSL 11:cee25a834751 19089
wolfSSL 11:cee25a834751 19090 WOLFSSL_MSG("wolfSSL_RsaGenAdd");
wolfSSL 11:cee25a834751 19091
wolfSSL 11:cee25a834751 19092 if (rsa == NULL || rsa->p == NULL || rsa->q == NULL || rsa->d == NULL ||
wolfSSL 11:cee25a834751 19093 rsa->dmp1 == NULL || rsa->dmq1 == NULL) {
wolfSSL 11:cee25a834751 19094 WOLFSSL_MSG("rsa no init error");
wolfSSL 11:cee25a834751 19095 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 19096 }
wolfSSL 11:cee25a834751 19097
wolfSSL 11:cee25a834751 19098 if (mp_init(&tmp) != MP_OKAY) {
wolfSSL 11:cee25a834751 19099 WOLFSSL_MSG("mp_init error");
wolfSSL 11:cee25a834751 19100 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 19101 }
wolfSSL 11:cee25a834751 19102
wolfSSL 11:cee25a834751 19103 err = mp_sub_d((mp_int*)rsa->p->internal, 1, &tmp);
wolfSSL 11:cee25a834751 19104 if (err != MP_OKAY) {
wolfSSL 11:cee25a834751 19105 WOLFSSL_MSG("mp_sub_d error");
wolfSSL 11:cee25a834751 19106 }
wolfSSL 11:cee25a834751 19107 else
wolfSSL 11:cee25a834751 19108 err = mp_mod((mp_int*)rsa->d->internal, &tmp,
wolfSSL 11:cee25a834751 19109 (mp_int*)rsa->dmp1->internal);
wolfSSL 11:cee25a834751 19110
wolfSSL 11:cee25a834751 19111 if (err != MP_OKAY) {
wolfSSL 11:cee25a834751 19112 WOLFSSL_MSG("mp_mod error");
wolfSSL 11:cee25a834751 19113 }
wolfSSL 11:cee25a834751 19114 else
wolfSSL 11:cee25a834751 19115 err = mp_sub_d((mp_int*)rsa->q->internal, 1, &tmp);
wolfSSL 11:cee25a834751 19116 if (err != MP_OKAY) {
wolfSSL 11:cee25a834751 19117 WOLFSSL_MSG("mp_sub_d error");
wolfSSL 11:cee25a834751 19118 }
wolfSSL 11:cee25a834751 19119 else
wolfSSL 11:cee25a834751 19120 err = mp_mod((mp_int*)rsa->d->internal, &tmp,
wolfSSL 11:cee25a834751 19121 (mp_int*)rsa->dmq1->internal);
wolfSSL 11:cee25a834751 19122
wolfSSL 11:cee25a834751 19123 mp_clear(&tmp);
wolfSSL 11:cee25a834751 19124
wolfSSL 11:cee25a834751 19125 if (err == MP_OKAY)
wolfSSL 11:cee25a834751 19126 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 19127 else
wolfSSL 11:cee25a834751 19128 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 19129 }
wolfSSL 11:cee25a834751 19130 #endif /* NO_RSA */
wolfSSL 11:cee25a834751 19131
wolfSSL 11:cee25a834751 19132
wolfSSL 11:cee25a834751 19133 void wolfSSL_HMAC_Init(WOLFSSL_HMAC_CTX* ctx, const void* key, int keylen,
wolfSSL 11:cee25a834751 19134 const EVP_MD* type)
wolfSSL 11:cee25a834751 19135 {
wolfSSL 11:cee25a834751 19136 WOLFSSL_MSG("wolfSSL_HMAC_Init");
wolfSSL 11:cee25a834751 19137
wolfSSL 11:cee25a834751 19138 if (ctx == NULL) {
wolfSSL 11:cee25a834751 19139 WOLFSSL_MSG("no ctx on init");
wolfSSL 11:cee25a834751 19140 return;
wolfSSL 11:cee25a834751 19141 }
wolfSSL 11:cee25a834751 19142
wolfSSL 11:cee25a834751 19143 if (type) {
wolfSSL 11:cee25a834751 19144 WOLFSSL_MSG("init has type");
wolfSSL 11:cee25a834751 19145
wolfSSL 11:cee25a834751 19146 if (XSTRNCMP(type, "MD5", 3) == 0) {
wolfSSL 11:cee25a834751 19147 WOLFSSL_MSG("md5 hmac");
wolfSSL 11:cee25a834751 19148 ctx->type = MD5;
wolfSSL 11:cee25a834751 19149 }
wolfSSL 11:cee25a834751 19150 else if (XSTRNCMP(type, "SHA256", 6) == 0) {
wolfSSL 11:cee25a834751 19151 WOLFSSL_MSG("sha256 hmac");
wolfSSL 11:cee25a834751 19152 ctx->type = SHA256;
wolfSSL 11:cee25a834751 19153 }
wolfSSL 11:cee25a834751 19154
wolfSSL 11:cee25a834751 19155 /* has to be last since would pick or 256, 384, or 512 too */
wolfSSL 11:cee25a834751 19156 else if (XSTRNCMP(type, "SHA", 3) == 0) {
wolfSSL 11:cee25a834751 19157 WOLFSSL_MSG("sha hmac");
wolfSSL 11:cee25a834751 19158 ctx->type = SHA;
wolfSSL 11:cee25a834751 19159 }
wolfSSL 11:cee25a834751 19160 else {
wolfSSL 11:cee25a834751 19161 WOLFSSL_MSG("bad init type");
wolfSSL 11:cee25a834751 19162 }
wolfSSL 11:cee25a834751 19163 }
wolfSSL 11:cee25a834751 19164
wolfSSL 11:cee25a834751 19165 if (key && keylen) {
wolfSSL 11:cee25a834751 19166 WOLFSSL_MSG("keying hmac");
wolfSSL 11:cee25a834751 19167
wolfSSL 11:cee25a834751 19168 if (wc_HmacInit(&ctx->hmac, NULL, INVALID_DEVID) == 0) {
wolfSSL 11:cee25a834751 19169 wc_HmacSetKey(&ctx->hmac, ctx->type, (const byte*)key,
wolfSSL 11:cee25a834751 19170 (word32)keylen);
wolfSSL 11:cee25a834751 19171 }
wolfSSL 11:cee25a834751 19172 /* OpenSSL compat, no error */
wolfSSL 11:cee25a834751 19173 }
wolfSSL 11:cee25a834751 19174 }
wolfSSL 11:cee25a834751 19175
wolfSSL 11:cee25a834751 19176 int wolfSSL_HMAC_Init_ex(WOLFSSL_HMAC_CTX* ctx, const void* key, int len,
wolfSSL 11:cee25a834751 19177 const EVP_MD* md, void* impl)
wolfSSL 11:cee25a834751 19178 {
wolfSSL 11:cee25a834751 19179 (void)impl;
wolfSSL 11:cee25a834751 19180 wolfSSL_HMAC_Init(ctx, key, len, md);
wolfSSL 11:cee25a834751 19181 return 1;
wolfSSL 11:cee25a834751 19182 }
wolfSSL 11:cee25a834751 19183
wolfSSL 11:cee25a834751 19184
wolfSSL 11:cee25a834751 19185 void wolfSSL_HMAC_Update(WOLFSSL_HMAC_CTX* ctx, const unsigned char* data,
wolfSSL 11:cee25a834751 19186 int len)
wolfSSL 11:cee25a834751 19187 {
wolfSSL 11:cee25a834751 19188 WOLFSSL_MSG("wolfSSL_HMAC_Update");
wolfSSL 11:cee25a834751 19189
wolfSSL 11:cee25a834751 19190 if (ctx && data) {
wolfSSL 11:cee25a834751 19191 WOLFSSL_MSG("updating hmac");
wolfSSL 11:cee25a834751 19192 wc_HmacUpdate(&ctx->hmac, data, (word32)len);
wolfSSL 11:cee25a834751 19193 /* OpenSSL compat, no error */
wolfSSL 11:cee25a834751 19194 }
wolfSSL 11:cee25a834751 19195 }
wolfSSL 11:cee25a834751 19196
wolfSSL 11:cee25a834751 19197
wolfSSL 11:cee25a834751 19198 void wolfSSL_HMAC_Final(WOLFSSL_HMAC_CTX* ctx, unsigned char* hash,
wolfSSL 11:cee25a834751 19199 unsigned int* len)
wolfSSL 11:cee25a834751 19200 {
wolfSSL 11:cee25a834751 19201 WOLFSSL_MSG("wolfSSL_HMAC_Final");
wolfSSL 11:cee25a834751 19202
wolfSSL 11:cee25a834751 19203 if (ctx && hash) {
wolfSSL 11:cee25a834751 19204 WOLFSSL_MSG("final hmac");
wolfSSL 11:cee25a834751 19205 wc_HmacFinal(&ctx->hmac, hash);
wolfSSL 11:cee25a834751 19206 /* OpenSSL compat, no error */
wolfSSL 11:cee25a834751 19207
wolfSSL 11:cee25a834751 19208 if (len) {
wolfSSL 11:cee25a834751 19209 WOLFSSL_MSG("setting output len");
wolfSSL 11:cee25a834751 19210 switch (ctx->type) {
wolfSSL 11:cee25a834751 19211 case MD5:
wolfSSL 11:cee25a834751 19212 *len = MD5_DIGEST_SIZE;
wolfSSL 11:cee25a834751 19213 break;
wolfSSL 11:cee25a834751 19214
wolfSSL 11:cee25a834751 19215 case SHA:
wolfSSL 11:cee25a834751 19216 *len = SHA_DIGEST_SIZE;
wolfSSL 11:cee25a834751 19217 break;
wolfSSL 11:cee25a834751 19218
wolfSSL 11:cee25a834751 19219 case SHA256:
wolfSSL 11:cee25a834751 19220 *len = SHA256_DIGEST_SIZE;
wolfSSL 11:cee25a834751 19221 break;
wolfSSL 11:cee25a834751 19222
wolfSSL 11:cee25a834751 19223 default:
wolfSSL 11:cee25a834751 19224 WOLFSSL_MSG("bad hmac type");
wolfSSL 11:cee25a834751 19225 }
wolfSSL 11:cee25a834751 19226 }
wolfSSL 11:cee25a834751 19227 }
wolfSSL 11:cee25a834751 19228 }
wolfSSL 11:cee25a834751 19229
wolfSSL 11:cee25a834751 19230
wolfSSL 11:cee25a834751 19231 void wolfSSL_HMAC_cleanup(WOLFSSL_HMAC_CTX* ctx)
wolfSSL 11:cee25a834751 19232 {
wolfSSL 11:cee25a834751 19233 WOLFSSL_MSG("wolfSSL_HMAC_cleanup");
wolfSSL 11:cee25a834751 19234
wolfSSL 11:cee25a834751 19235 if (ctx)
wolfSSL 11:cee25a834751 19236 wc_HmacFree(&ctx->hmac);
wolfSSL 11:cee25a834751 19237 }
wolfSSL 11:cee25a834751 19238
wolfSSL 11:cee25a834751 19239
wolfSSL 11:cee25a834751 19240 const WOLFSSL_EVP_MD* wolfSSL_EVP_get_digestbynid(int id)
wolfSSL 11:cee25a834751 19241 {
wolfSSL 11:cee25a834751 19242 WOLFSSL_MSG("wolfSSL_get_digestbynid");
wolfSSL 11:cee25a834751 19243
wolfSSL 11:cee25a834751 19244 switch(id) {
wolfSSL 11:cee25a834751 19245 #ifndef NO_MD5
wolfSSL 11:cee25a834751 19246 case NID_md5:
wolfSSL 11:cee25a834751 19247 return wolfSSL_EVP_md5();
wolfSSL 11:cee25a834751 19248 #endif
wolfSSL 11:cee25a834751 19249 #ifndef NO_SHA
wolfSSL 11:cee25a834751 19250 case NID_sha1:
wolfSSL 11:cee25a834751 19251 return wolfSSL_EVP_sha1();
wolfSSL 11:cee25a834751 19252 #endif
wolfSSL 11:cee25a834751 19253 default:
wolfSSL 11:cee25a834751 19254 WOLFSSL_MSG("Bad digest id value");
wolfSSL 11:cee25a834751 19255 }
wolfSSL 11:cee25a834751 19256
wolfSSL 11:cee25a834751 19257 return NULL;
wolfSSL 11:cee25a834751 19258 }
wolfSSL 11:cee25a834751 19259
wolfSSL 11:cee25a834751 19260
wolfSSL 11:cee25a834751 19261 WOLFSSL_RSA* wolfSSL_EVP_PKEY_get1_RSA(WOLFSSL_EVP_PKEY* key)
wolfSSL 11:cee25a834751 19262 {
wolfSSL 11:cee25a834751 19263 (void)key;
wolfSSL 11:cee25a834751 19264 WOLFSSL_MSG("wolfSSL_EVP_PKEY_get1_RSA not implemented");
wolfSSL 11:cee25a834751 19265
wolfSSL 11:cee25a834751 19266 return NULL;
wolfSSL 11:cee25a834751 19267 }
wolfSSL 11:cee25a834751 19268
wolfSSL 11:cee25a834751 19269
wolfSSL 11:cee25a834751 19270 WOLFSSL_DSA* wolfSSL_EVP_PKEY_get1_DSA(WOLFSSL_EVP_PKEY* key)
wolfSSL 11:cee25a834751 19271 {
wolfSSL 11:cee25a834751 19272 (void)key;
wolfSSL 11:cee25a834751 19273 WOLFSSL_MSG("wolfSSL_EVP_PKEY_get1_DSA not implemented");
wolfSSL 11:cee25a834751 19274
wolfSSL 11:cee25a834751 19275 return NULL;
wolfSSL 11:cee25a834751 19276 }
wolfSSL 11:cee25a834751 19277
wolfSSL 11:cee25a834751 19278
wolfSSL 11:cee25a834751 19279 WOLFSSL_EC_KEY* wolfSSL_EVP_PKEY_get1_EC_KEY(WOLFSSL_EVP_PKEY* key)
wolfSSL 11:cee25a834751 19280 {
wolfSSL 11:cee25a834751 19281 (void)key;
wolfSSL 11:cee25a834751 19282 WOLFSSL_MSG("wolfSSL_EVP_PKEY_get1_EC_KEY not implemented");
wolfSSL 11:cee25a834751 19283
wolfSSL 11:cee25a834751 19284 return NULL;
wolfSSL 11:cee25a834751 19285 }
wolfSSL 11:cee25a834751 19286
wolfSSL 11:cee25a834751 19287
wolfSSL 11:cee25a834751 19288 void* wolfSSL_EVP_X_STATE(const WOLFSSL_EVP_CIPHER_CTX* ctx)
wolfSSL 11:cee25a834751 19289 {
wolfSSL 11:cee25a834751 19290 WOLFSSL_MSG("wolfSSL_EVP_X_STATE");
wolfSSL 11:cee25a834751 19291
wolfSSL 11:cee25a834751 19292 if (ctx) {
wolfSSL 11:cee25a834751 19293 switch (ctx->cipherType) {
wolfSSL 11:cee25a834751 19294 case ARC4_TYPE:
wolfSSL 11:cee25a834751 19295 WOLFSSL_MSG("returning arc4 state");
wolfSSL 11:cee25a834751 19296 return (void*)&ctx->cipher.arc4.x;
wolfSSL 11:cee25a834751 19297
wolfSSL 11:cee25a834751 19298 default:
wolfSSL 11:cee25a834751 19299 WOLFSSL_MSG("bad x state type");
wolfSSL 11:cee25a834751 19300 return 0;
wolfSSL 11:cee25a834751 19301 }
wolfSSL 11:cee25a834751 19302 }
wolfSSL 11:cee25a834751 19303
wolfSSL 11:cee25a834751 19304 return NULL;
wolfSSL 11:cee25a834751 19305 }
wolfSSL 11:cee25a834751 19306
wolfSSL 11:cee25a834751 19307
wolfSSL 11:cee25a834751 19308 int wolfSSL_EVP_X_STATE_LEN(const WOLFSSL_EVP_CIPHER_CTX* ctx)
wolfSSL 11:cee25a834751 19309 {
wolfSSL 11:cee25a834751 19310 WOLFSSL_MSG("wolfSSL_EVP_X_STATE_LEN");
wolfSSL 11:cee25a834751 19311
wolfSSL 11:cee25a834751 19312 if (ctx) {
wolfSSL 11:cee25a834751 19313 switch (ctx->cipherType) {
wolfSSL 11:cee25a834751 19314 case ARC4_TYPE:
wolfSSL 11:cee25a834751 19315 WOLFSSL_MSG("returning arc4 state size");
wolfSSL 11:cee25a834751 19316 return sizeof(Arc4);
wolfSSL 11:cee25a834751 19317
wolfSSL 11:cee25a834751 19318 default:
wolfSSL 11:cee25a834751 19319 WOLFSSL_MSG("bad x state type");
wolfSSL 11:cee25a834751 19320 return 0;
wolfSSL 11:cee25a834751 19321 }
wolfSSL 11:cee25a834751 19322 }
wolfSSL 11:cee25a834751 19323
wolfSSL 11:cee25a834751 19324 return 0;
wolfSSL 11:cee25a834751 19325 }
wolfSSL 11:cee25a834751 19326
wolfSSL 11:cee25a834751 19327
wolfSSL 11:cee25a834751 19328 #ifndef NO_DES3
wolfSSL 11:cee25a834751 19329
wolfSSL 11:cee25a834751 19330 void wolfSSL_3des_iv(WOLFSSL_EVP_CIPHER_CTX* ctx, int doset,
wolfSSL 11:cee25a834751 19331 unsigned char* iv, int len)
wolfSSL 11:cee25a834751 19332 {
wolfSSL 11:cee25a834751 19333 (void)len;
wolfSSL 11:cee25a834751 19334
wolfSSL 11:cee25a834751 19335 WOLFSSL_MSG("wolfSSL_3des_iv");
wolfSSL 11:cee25a834751 19336
wolfSSL 11:cee25a834751 19337 if (ctx == NULL || iv == NULL) {
wolfSSL 11:cee25a834751 19338 WOLFSSL_MSG("Bad function argument");
wolfSSL 11:cee25a834751 19339 return;
wolfSSL 11:cee25a834751 19340 }
wolfSSL 11:cee25a834751 19341
wolfSSL 11:cee25a834751 19342 if (doset)
wolfSSL 11:cee25a834751 19343 wc_Des3_SetIV(&ctx->cipher.des3, iv); /* OpenSSL compat, no ret */
wolfSSL 11:cee25a834751 19344 else
wolfSSL 11:cee25a834751 19345 XMEMCPY(iv, &ctx->cipher.des3.reg, DES_BLOCK_SIZE);
wolfSSL 11:cee25a834751 19346 }
wolfSSL 11:cee25a834751 19347
wolfSSL 11:cee25a834751 19348 #endif /* NO_DES3 */
wolfSSL 11:cee25a834751 19349
wolfSSL 11:cee25a834751 19350
wolfSSL 11:cee25a834751 19351 #ifndef NO_AES
wolfSSL 11:cee25a834751 19352
wolfSSL 11:cee25a834751 19353 void wolfSSL_aes_ctr_iv(WOLFSSL_EVP_CIPHER_CTX* ctx, int doset,
wolfSSL 11:cee25a834751 19354 unsigned char* iv, int len)
wolfSSL 11:cee25a834751 19355 {
wolfSSL 11:cee25a834751 19356 (void)len;
wolfSSL 11:cee25a834751 19357
wolfSSL 11:cee25a834751 19358 WOLFSSL_MSG("wolfSSL_aes_ctr_iv");
wolfSSL 11:cee25a834751 19359
wolfSSL 11:cee25a834751 19360 if (ctx == NULL || iv == NULL) {
wolfSSL 11:cee25a834751 19361 WOLFSSL_MSG("Bad function argument");
wolfSSL 11:cee25a834751 19362 return;
wolfSSL 11:cee25a834751 19363 }
wolfSSL 11:cee25a834751 19364
wolfSSL 11:cee25a834751 19365 if (doset)
wolfSSL 11:cee25a834751 19366 wc_AesSetIV(&ctx->cipher.aes, iv); /* OpenSSL compat, no ret */
wolfSSL 11:cee25a834751 19367 else
wolfSSL 11:cee25a834751 19368 XMEMCPY(iv, &ctx->cipher.aes.reg, AES_BLOCK_SIZE);
wolfSSL 11:cee25a834751 19369 }
wolfSSL 11:cee25a834751 19370
wolfSSL 11:cee25a834751 19371 #endif /* NO_AES */
wolfSSL 11:cee25a834751 19372
wolfSSL 11:cee25a834751 19373
wolfSSL 11:cee25a834751 19374 const WOLFSSL_EVP_MD* wolfSSL_EVP_ripemd160(void)
wolfSSL 11:cee25a834751 19375 {
wolfSSL 11:cee25a834751 19376 WOLFSSL_MSG("wolfSSL_ripemd160");
wolfSSL 11:cee25a834751 19377
wolfSSL 11:cee25a834751 19378 return NULL;
wolfSSL 11:cee25a834751 19379 }
wolfSSL 11:cee25a834751 19380
wolfSSL 11:cee25a834751 19381
wolfSSL 11:cee25a834751 19382 int wolfSSL_EVP_MD_size(const WOLFSSL_EVP_MD* type)
wolfSSL 11:cee25a834751 19383 {
wolfSSL 11:cee25a834751 19384 WOLFSSL_MSG("wolfSSL_EVP_MD_size");
wolfSSL 11:cee25a834751 19385
wolfSSL 11:cee25a834751 19386 if (type == NULL) {
wolfSSL 11:cee25a834751 19387 WOLFSSL_MSG("No md type arg");
wolfSSL 11:cee25a834751 19388 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 19389 }
wolfSSL 11:cee25a834751 19390
wolfSSL 11:cee25a834751 19391 if (XSTRNCMP(type, "SHA256", 6) == 0) {
wolfSSL 11:cee25a834751 19392 return SHA256_DIGEST_SIZE;
wolfSSL 11:cee25a834751 19393 }
wolfSSL 11:cee25a834751 19394 #ifndef NO_MD5
wolfSSL 11:cee25a834751 19395 else if (XSTRNCMP(type, "MD5", 3) == 0) {
wolfSSL 11:cee25a834751 19396 return MD5_DIGEST_SIZE;
wolfSSL 11:cee25a834751 19397 }
wolfSSL 11:cee25a834751 19398 #endif
wolfSSL 11:cee25a834751 19399 #ifdef WOLFSSL_SHA224
wolfSSL 11:cee25a834751 19400 else if (XSTRNCMP(type, "SHA224", 6) == 0) {
wolfSSL 11:cee25a834751 19401 return SHA224_DIGEST_SIZE;
wolfSSL 11:cee25a834751 19402 }
wolfSSL 11:cee25a834751 19403 #endif
wolfSSL 11:cee25a834751 19404 #ifdef WOLFSSL_SHA384
wolfSSL 11:cee25a834751 19405 else if (XSTRNCMP(type, "SHA384", 6) == 0) {
wolfSSL 11:cee25a834751 19406 return SHA384_DIGEST_SIZE;
wolfSSL 11:cee25a834751 19407 }
wolfSSL 11:cee25a834751 19408 #endif
wolfSSL 11:cee25a834751 19409 #ifdef WOLFSSL_SHA512
wolfSSL 11:cee25a834751 19410 else if (XSTRNCMP(type, "SHA512", 6) == 0) {
wolfSSL 11:cee25a834751 19411 return SHA512_DIGEST_SIZE;
wolfSSL 11:cee25a834751 19412 }
wolfSSL 11:cee25a834751 19413 #endif
wolfSSL 11:cee25a834751 19414 #ifndef NO_SHA
wolfSSL 11:cee25a834751 19415 /* has to be last since would pick or 256, 384, or 512 too */
wolfSSL 11:cee25a834751 19416 else if (XSTRNCMP(type, "SHA", 3) == 0) {
wolfSSL 11:cee25a834751 19417 return SHA_DIGEST_SIZE;
wolfSSL 11:cee25a834751 19418 }
wolfSSL 11:cee25a834751 19419 #endif
wolfSSL 11:cee25a834751 19420
wolfSSL 11:cee25a834751 19421 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 19422 }
wolfSSL 11:cee25a834751 19423
wolfSSL 11:cee25a834751 19424
wolfSSL 11:cee25a834751 19425 int wolfSSL_EVP_CIPHER_CTX_iv_length(const WOLFSSL_EVP_CIPHER_CTX* ctx)
wolfSSL 11:cee25a834751 19426 {
wolfSSL 11:cee25a834751 19427 WOLFSSL_MSG("wolfSSL_EVP_CIPHER_CTX_iv_length");
wolfSSL 11:cee25a834751 19428
wolfSSL 11:cee25a834751 19429 switch (ctx->cipherType) {
wolfSSL 11:cee25a834751 19430
wolfSSL 11:cee25a834751 19431 case AES_128_CBC_TYPE :
wolfSSL 11:cee25a834751 19432 case AES_192_CBC_TYPE :
wolfSSL 11:cee25a834751 19433 case AES_256_CBC_TYPE :
wolfSSL 11:cee25a834751 19434 WOLFSSL_MSG("AES CBC");
wolfSSL 11:cee25a834751 19435 return AES_BLOCK_SIZE;
wolfSSL 11:cee25a834751 19436
wolfSSL 11:cee25a834751 19437 #ifdef WOLFSSL_AES_COUNTER
wolfSSL 11:cee25a834751 19438 case AES_128_CTR_TYPE :
wolfSSL 11:cee25a834751 19439 case AES_192_CTR_TYPE :
wolfSSL 11:cee25a834751 19440 case AES_256_CTR_TYPE :
wolfSSL 11:cee25a834751 19441 WOLFSSL_MSG("AES CTR");
wolfSSL 11:cee25a834751 19442 return AES_BLOCK_SIZE;
wolfSSL 11:cee25a834751 19443 #endif
wolfSSL 11:cee25a834751 19444
wolfSSL 11:cee25a834751 19445 case DES_CBC_TYPE :
wolfSSL 11:cee25a834751 19446 WOLFSSL_MSG("DES CBC");
wolfSSL 11:cee25a834751 19447 return DES_BLOCK_SIZE;
wolfSSL 11:cee25a834751 19448
wolfSSL 11:cee25a834751 19449 case DES_EDE3_CBC_TYPE :
wolfSSL 11:cee25a834751 19450 WOLFSSL_MSG("DES EDE3 CBC");
wolfSSL 11:cee25a834751 19451 return DES_BLOCK_SIZE;
wolfSSL 11:cee25a834751 19452 #ifdef HAVE_IDEA
wolfSSL 11:cee25a834751 19453 case IDEA_CBC_TYPE :
wolfSSL 11:cee25a834751 19454 WOLFSSL_MSG("IDEA CBC");
wolfSSL 11:cee25a834751 19455 return IDEA_BLOCK_SIZE;
wolfSSL 11:cee25a834751 19456 #endif
wolfSSL 11:cee25a834751 19457 case ARC4_TYPE :
wolfSSL 11:cee25a834751 19458 WOLFSSL_MSG("ARC4");
wolfSSL 11:cee25a834751 19459 return 0;
wolfSSL 11:cee25a834751 19460
wolfSSL 11:cee25a834751 19461 case NULL_CIPHER_TYPE :
wolfSSL 11:cee25a834751 19462 WOLFSSL_MSG("NULL");
wolfSSL 11:cee25a834751 19463 return 0;
wolfSSL 11:cee25a834751 19464
wolfSSL 11:cee25a834751 19465 default: {
wolfSSL 11:cee25a834751 19466 WOLFSSL_MSG("bad type");
wolfSSL 11:cee25a834751 19467 }
wolfSSL 11:cee25a834751 19468 }
wolfSSL 11:cee25a834751 19469 return 0;
wolfSSL 11:cee25a834751 19470 }
wolfSSL 11:cee25a834751 19471
wolfSSL 11:cee25a834751 19472 int wolfSSL_EVP_CIPHER_iv_length(const WOLFSSL_EVP_CIPHER* cipher)
wolfSSL 11:cee25a834751 19473 {
wolfSSL 11:cee25a834751 19474 const char *name = (const char *)cipher;
wolfSSL 11:cee25a834751 19475 WOLFSSL_MSG("wolfSSL_EVP_CIPHER_iv_length");
wolfSSL 11:cee25a834751 19476
wolfSSL 11:cee25a834751 19477 #ifndef NO_AES
wolfSSL 11:cee25a834751 19478 if ((XSTRNCMP(name, EVP_AES_128_CBC, XSTRLEN(EVP_AES_128_CBC)) == 0) ||
wolfSSL 11:cee25a834751 19479 (XSTRNCMP(name, EVP_AES_192_CBC, XSTRLEN(EVP_AES_192_CBC)) == 0) ||
wolfSSL 11:cee25a834751 19480 (XSTRNCMP(name, EVP_AES_256_CBC, XSTRLEN(EVP_AES_256_CBC)) == 0)) {
wolfSSL 11:cee25a834751 19481 return AES_BLOCK_SIZE;
wolfSSL 11:cee25a834751 19482 }
wolfSSL 11:cee25a834751 19483 #ifdef WOLFSSL_AES_COUNTER
wolfSSL 11:cee25a834751 19484 if ((XSTRNCMP(name, EVP_AES_128_CTR, XSTRLEN(EVP_AES_128_CTR)) == 0) ||
wolfSSL 11:cee25a834751 19485 (XSTRNCMP(name, EVP_AES_192_CTR, XSTRLEN(EVP_AES_192_CTR)) == 0) ||
wolfSSL 11:cee25a834751 19486 (XSTRNCMP(name, EVP_AES_256_CTR, XSTRLEN(EVP_AES_256_CTR)) == 0)) {
wolfSSL 11:cee25a834751 19487 return AES_BLOCK_SIZE;
wolfSSL 11:cee25a834751 19488 }
wolfSSL 11:cee25a834751 19489 #endif
wolfSSL 11:cee25a834751 19490 #endif
wolfSSL 11:cee25a834751 19491
wolfSSL 11:cee25a834751 19492 #ifndef NO_DES3
wolfSSL 11:cee25a834751 19493 if ((XSTRNCMP(name, EVP_DES_CBC, XSTRLEN(EVP_DES_CBC)) == 0) ||
wolfSSL 11:cee25a834751 19494 (XSTRNCMP(name, EVP_DES_EDE3_CBC, XSTRLEN(EVP_DES_EDE3_CBC)) == 0)) {
wolfSSL 11:cee25a834751 19495 return DES_BLOCK_SIZE;
wolfSSL 11:cee25a834751 19496 }
wolfSSL 11:cee25a834751 19497 #endif
wolfSSL 11:cee25a834751 19498
wolfSSL 11:cee25a834751 19499 #ifdef HAVE_IDEA
wolfSSL 11:cee25a834751 19500 if (XSTRNCMP(name, EVP_IDEA_CBC, XSTRLEN(EVP_IDEA_CBC)) == 0)
wolfSSL 11:cee25a834751 19501 return IDEA_BLOCK_SIZE;
wolfSSL 11:cee25a834751 19502 #endif
wolfSSL 11:cee25a834751 19503
wolfSSL 11:cee25a834751 19504 (void)name;
wolfSSL 11:cee25a834751 19505
wolfSSL 11:cee25a834751 19506 return 0;
wolfSSL 11:cee25a834751 19507 }
wolfSSL 11:cee25a834751 19508
wolfSSL 11:cee25a834751 19509 /* Free the dynamically allocated data.
wolfSSL 11:cee25a834751 19510 *
wolfSSL 11:cee25a834751 19511 * p Pointer to dynamically allocated memory.
wolfSSL 11:cee25a834751 19512 */
wolfSSL 11:cee25a834751 19513 void wolfSSL_OPENSSL_free(void* p)
wolfSSL 11:cee25a834751 19514 {
wolfSSL 11:cee25a834751 19515 WOLFSSL_MSG("wolfSSL_OPENSSL_free");
wolfSSL 11:cee25a834751 19516
wolfSSL 11:cee25a834751 19517 XFREE(p, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL 11:cee25a834751 19518 }
wolfSSL 11:cee25a834751 19519
wolfSSL 11:cee25a834751 19520 #if defined(WOLFSSL_KEY_GEN)
wolfSSL 11:cee25a834751 19521
wolfSSL 11:cee25a834751 19522 static int EncryptDerKey(byte *der, int *derSz, const EVP_CIPHER* cipher,
wolfSSL 11:cee25a834751 19523 unsigned char* passwd, int passwdSz, byte **cipherInfo)
wolfSSL 11:cee25a834751 19524 {
wolfSSL 11:cee25a834751 19525 int ret, paddingSz;
wolfSSL 11:cee25a834751 19526 word32 idx, cipherInfoSz;
wolfSSL 11:cee25a834751 19527 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 19528 EncryptedInfo* info = NULL;
wolfSSL 11:cee25a834751 19529 #else
wolfSSL 11:cee25a834751 19530 EncryptedInfo info[1];
wolfSSL 11:cee25a834751 19531 #endif
wolfSSL 11:cee25a834751 19532
wolfSSL 11:cee25a834751 19533 WOLFSSL_ENTER("EncryptDerKey");
wolfSSL 11:cee25a834751 19534
wolfSSL 11:cee25a834751 19535 if (der == NULL || derSz == NULL || cipher == NULL ||
wolfSSL 11:cee25a834751 19536 passwd == NULL || cipherInfo == NULL)
wolfSSL 11:cee25a834751 19537 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 19538
wolfSSL 11:cee25a834751 19539 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 19540 info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), NULL,
wolfSSL 11:cee25a834751 19541 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 19542 if (info == NULL) {
wolfSSL 11:cee25a834751 19543 WOLFSSL_MSG("malloc failed");
wolfSSL 11:cee25a834751 19544 return SSL_FAILURE;
wolfSSL 11:cee25a834751 19545 }
wolfSSL 11:cee25a834751 19546 #endif
wolfSSL 11:cee25a834751 19547 info->set = 0;
wolfSSL 11:cee25a834751 19548 info->ctx = NULL;
wolfSSL 11:cee25a834751 19549 info->consumed = 0;
wolfSSL 11:cee25a834751 19550
wolfSSL 11:cee25a834751 19551 /* set iv size */
wolfSSL 11:cee25a834751 19552 if (XSTRNCMP(cipher, "DES", 3) == 0)
wolfSSL 11:cee25a834751 19553 info->ivSz = DES_IV_SIZE;
wolfSSL 11:cee25a834751 19554 else if (XSTRNCMP(cipher, "AES", 3) == 0)
wolfSSL 11:cee25a834751 19555 info->ivSz = AES_IV_SIZE;
wolfSSL 11:cee25a834751 19556 else {
wolfSSL 11:cee25a834751 19557 WOLFSSL_MSG("unsupported cipher");
wolfSSL 11:cee25a834751 19558 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 19559 XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 19560 #endif
wolfSSL 11:cee25a834751 19561 return SSL_FAILURE;
wolfSSL 11:cee25a834751 19562 }
wolfSSL 11:cee25a834751 19563
wolfSSL 11:cee25a834751 19564 /* set the cipher name on info */
wolfSSL 11:cee25a834751 19565 XSTRNCPY(info->name, cipher, NAME_SZ);
wolfSSL 11:cee25a834751 19566 info->name[NAME_SZ-1] = '\0'; /* null term */
wolfSSL 11:cee25a834751 19567
wolfSSL 11:cee25a834751 19568 /* Generate a random salt */
wolfSSL 11:cee25a834751 19569 if (wolfSSL_RAND_bytes(info->iv, info->ivSz) != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 19570 WOLFSSL_MSG("generate iv failed");
wolfSSL 11:cee25a834751 19571 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 19572 XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 19573 #endif
wolfSSL 11:cee25a834751 19574 return SSL_FAILURE;
wolfSSL 11:cee25a834751 19575 }
wolfSSL 11:cee25a834751 19576
wolfSSL 11:cee25a834751 19577 /* add the padding before encryption */
wolfSSL 11:cee25a834751 19578 paddingSz = ((*derSz)/info->ivSz + 1) * info->ivSz - (*derSz);
wolfSSL 11:cee25a834751 19579 if (paddingSz == 0)
wolfSSL 11:cee25a834751 19580 paddingSz = info->ivSz;
wolfSSL 11:cee25a834751 19581 XMEMSET(der+(*derSz), (byte)paddingSz, paddingSz);
wolfSSL 11:cee25a834751 19582 (*derSz) += paddingSz;
wolfSSL 11:cee25a834751 19583
wolfSSL 11:cee25a834751 19584 /* encrypt buffer */
wolfSSL 11:cee25a834751 19585 if (wolfssl_encrypt_buffer_key(der, *derSz,
wolfSSL 11:cee25a834751 19586 passwd, passwdSz, info) != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 19587 WOLFSSL_MSG("encrypt key failed");
wolfSSL 11:cee25a834751 19588 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 19589 XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 19590 #endif
wolfSSL 11:cee25a834751 19591 return SSL_FAILURE;
wolfSSL 11:cee25a834751 19592 }
wolfSSL 11:cee25a834751 19593
wolfSSL 11:cee25a834751 19594 /* create cipher info : 'cipher_name,Salt(hex)' */
wolfSSL 11:cee25a834751 19595 cipherInfoSz = (word32)(2*info->ivSz + XSTRLEN(info->name) + 2);
wolfSSL 11:cee25a834751 19596 *cipherInfo = (byte*)XMALLOC(cipherInfoSz, NULL,
wolfSSL 11:cee25a834751 19597 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 19598 if (*cipherInfo == NULL) {
wolfSSL 11:cee25a834751 19599 WOLFSSL_MSG("malloc failed");
wolfSSL 11:cee25a834751 19600 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 19601 XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 19602 #endif
wolfSSL 11:cee25a834751 19603 return SSL_FAILURE;
wolfSSL 11:cee25a834751 19604 }
wolfSSL 11:cee25a834751 19605 XSTRNCPY((char*)*cipherInfo, info->name, cipherInfoSz);
wolfSSL 11:cee25a834751 19606 XSTRNCAT((char*)*cipherInfo, ",", 1);
wolfSSL 11:cee25a834751 19607
wolfSSL 11:cee25a834751 19608 idx = (word32)XSTRLEN((char*)*cipherInfo);
wolfSSL 11:cee25a834751 19609 cipherInfoSz -= idx;
wolfSSL 11:cee25a834751 19610 ret = Base16_Encode(info->iv, info->ivSz, *cipherInfo+idx, &cipherInfoSz);
wolfSSL 11:cee25a834751 19611
wolfSSL 11:cee25a834751 19612 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 19613 XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 19614 #endif
wolfSSL 11:cee25a834751 19615 if (ret != 0) {
wolfSSL 11:cee25a834751 19616 WOLFSSL_MSG("Base16_Encode failed");
wolfSSL 11:cee25a834751 19617 XFREE(*cipherInfo, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 19618 return SSL_FAILURE;
wolfSSL 11:cee25a834751 19619 }
wolfSSL 11:cee25a834751 19620
wolfSSL 11:cee25a834751 19621 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 19622 }
wolfSSL 11:cee25a834751 19623 #endif /* defined(WOLFSSL_KEY_GEN) */
wolfSSL 11:cee25a834751 19624
wolfSSL 11:cee25a834751 19625 #if defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN)
wolfSSL 11:cee25a834751 19626
wolfSSL 11:cee25a834751 19627 int wolfSSL_PEM_write_bio_PrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key,
wolfSSL 11:cee25a834751 19628 const WOLFSSL_EVP_CIPHER* cipher,
wolfSSL 11:cee25a834751 19629 unsigned char* passwd, int len,
wolfSSL 11:cee25a834751 19630 pem_password_cb* cb, void* arg)
wolfSSL 11:cee25a834751 19631 {
wolfSSL 11:cee25a834751 19632 byte* keyDer;
wolfSSL 11:cee25a834751 19633 int pemSz;
wolfSSL 11:cee25a834751 19634 int type;
wolfSSL 11:cee25a834751 19635 int ret;
wolfSSL 11:cee25a834751 19636
wolfSSL 11:cee25a834751 19637 (void)cipher;
wolfSSL 11:cee25a834751 19638 (void)passwd;
wolfSSL 11:cee25a834751 19639 (void)len;
wolfSSL 11:cee25a834751 19640 (void)cb;
wolfSSL 11:cee25a834751 19641 (void)arg;
wolfSSL 11:cee25a834751 19642
wolfSSL 11:cee25a834751 19643 WOLFSSL_ENTER("wolfSSL_PEM_write_bio_PrivateKey");
wolfSSL 11:cee25a834751 19644
wolfSSL 11:cee25a834751 19645 if (bio == NULL || key == NULL) {
wolfSSL 11:cee25a834751 19646 return SSL_FAILURE;
wolfSSL 11:cee25a834751 19647 }
wolfSSL 11:cee25a834751 19648
wolfSSL 11:cee25a834751 19649 keyDer = (byte*)key->pkey.ptr;
wolfSSL 11:cee25a834751 19650
wolfSSL 11:cee25a834751 19651 switch (key->type) {
wolfSSL 11:cee25a834751 19652 case EVP_PKEY_RSA:
wolfSSL 11:cee25a834751 19653 type = PRIVATEKEY_TYPE;
wolfSSL 11:cee25a834751 19654 break;
wolfSSL 11:cee25a834751 19655
wolfSSL 11:cee25a834751 19656 #ifndef NO_DSA
wolfSSL 11:cee25a834751 19657 case EVP_PKEY_DSA:
wolfSSL 11:cee25a834751 19658 type = DSA_PRIVATEKEY_TYPE;
wolfSSL 11:cee25a834751 19659 break;
wolfSSL 11:cee25a834751 19660 #endif
wolfSSL 11:cee25a834751 19661
wolfSSL 11:cee25a834751 19662 case EVP_PKEY_EC:
wolfSSL 11:cee25a834751 19663 type = ECC_PRIVATEKEY_TYPE;
wolfSSL 11:cee25a834751 19664 break;
wolfSSL 11:cee25a834751 19665
wolfSSL 11:cee25a834751 19666 default:
wolfSSL 11:cee25a834751 19667 WOLFSSL_MSG("Unknown Key type!");
wolfSSL 11:cee25a834751 19668 type = PRIVATEKEY_TYPE;
wolfSSL 11:cee25a834751 19669 }
wolfSSL 11:cee25a834751 19670
wolfSSL 11:cee25a834751 19671 pemSz = wc_DerToPem(keyDer, key->pkey_sz, NULL, 0, type);
wolfSSL 11:cee25a834751 19672 if (pemSz < 0) {
wolfSSL 11:cee25a834751 19673 WOLFSSL_LEAVE("wolfSSL_PEM_write_bio_PrivateKey", pemSz);
wolfSSL 11:cee25a834751 19674 return SSL_FAILURE;
wolfSSL 11:cee25a834751 19675 }
wolfSSL 11:cee25a834751 19676 if (bio->mem != NULL) {
wolfSSL 11:cee25a834751 19677 XFREE(bio->mem, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL 11:cee25a834751 19678 }
wolfSSL 11:cee25a834751 19679 bio->mem = (byte*)XMALLOC(pemSz, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL 11:cee25a834751 19680 bio->memLen = pemSz;
wolfSSL 11:cee25a834751 19681
wolfSSL 11:cee25a834751 19682 ret = wc_DerToPemEx(keyDer, key->pkey_sz, bio->mem, bio->memLen,
wolfSSL 11:cee25a834751 19683 NULL, type);
wolfSSL 11:cee25a834751 19684 if (ret < 0) {
wolfSSL 11:cee25a834751 19685 WOLFSSL_LEAVE("wolfSSL_PEM_write_bio_PrivateKey", ret);
wolfSSL 11:cee25a834751 19686 return SSL_FAILURE;
wolfSSL 11:cee25a834751 19687 }
wolfSSL 11:cee25a834751 19688
wolfSSL 11:cee25a834751 19689 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 19690 }
wolfSSL 11:cee25a834751 19691 #endif /* defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN) */
wolfSSL 11:cee25a834751 19692
wolfSSL 11:cee25a834751 19693 #if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA)
wolfSSL 11:cee25a834751 19694
wolfSSL 11:cee25a834751 19695 /* return code compliant with OpenSSL :
wolfSSL 11:cee25a834751 19696 * 1 if success, 0 if error
wolfSSL 11:cee25a834751 19697 */
wolfSSL 11:cee25a834751 19698 int wolfSSL_PEM_write_mem_RSAPrivateKey(RSA* rsa, const EVP_CIPHER* cipher,
wolfSSL 11:cee25a834751 19699 unsigned char* passwd, int passwdSz,
wolfSSL 11:cee25a834751 19700 unsigned char **pem, int *plen)
wolfSSL 11:cee25a834751 19701 {
wolfSSL 11:cee25a834751 19702 byte *derBuf, *tmp, *cipherInfo = NULL;
wolfSSL 11:cee25a834751 19703 int der_max_len = 0, derSz = 0;
wolfSSL 11:cee25a834751 19704
wolfSSL 11:cee25a834751 19705 WOLFSSL_ENTER("wolfSSL_PEM_write_mem_RSAPrivateKey");
wolfSSL 11:cee25a834751 19706
wolfSSL 11:cee25a834751 19707 if (pem == NULL || plen == NULL || rsa == NULL || rsa->internal == NULL) {
wolfSSL 11:cee25a834751 19708 WOLFSSL_MSG("Bad function arguments");
wolfSSL 11:cee25a834751 19709 return SSL_FAILURE;
wolfSSL 11:cee25a834751 19710 }
wolfSSL 11:cee25a834751 19711
wolfSSL 11:cee25a834751 19712 if (rsa->inSet == 0) {
wolfSSL 11:cee25a834751 19713 WOLFSSL_MSG("No RSA internal set, do it");
wolfSSL 11:cee25a834751 19714
wolfSSL 11:cee25a834751 19715 if (SetRsaInternal(rsa) != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 19716 WOLFSSL_MSG("SetRsaInternal failed");
wolfSSL 11:cee25a834751 19717 return SSL_FAILURE;
wolfSSL 11:cee25a834751 19718 }
wolfSSL 11:cee25a834751 19719 }
wolfSSL 11:cee25a834751 19720
wolfSSL 11:cee25a834751 19721 /* 5 > size of n, d, p, q, d%(p-1), d(q-1), 1/q%p, e + ASN.1 additional
wolfSSL 11:cee25a834751 19722 * informations
wolfSSL 11:cee25a834751 19723 */
wolfSSL 11:cee25a834751 19724 der_max_len = 5 * wolfSSL_RSA_size(rsa) + AES_BLOCK_SIZE;
wolfSSL 11:cee25a834751 19725
wolfSSL 11:cee25a834751 19726 derBuf = (byte*)XMALLOC(der_max_len, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 19727 if (derBuf == NULL) {
wolfSSL 11:cee25a834751 19728 WOLFSSL_MSG("malloc failed");
wolfSSL 11:cee25a834751 19729 return SSL_FAILURE;
wolfSSL 11:cee25a834751 19730 }
wolfSSL 11:cee25a834751 19731
wolfSSL 11:cee25a834751 19732 /* Key to DER */
wolfSSL 11:cee25a834751 19733 derSz = wc_RsaKeyToDer((RsaKey*)rsa->internal, derBuf, der_max_len);
wolfSSL 11:cee25a834751 19734 if (derSz < 0) {
wolfSSL 11:cee25a834751 19735 WOLFSSL_MSG("wc_RsaKeyToDer failed");
wolfSSL 11:cee25a834751 19736 XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 19737 return SSL_FAILURE;
wolfSSL 11:cee25a834751 19738 }
wolfSSL 11:cee25a834751 19739
wolfSSL 11:cee25a834751 19740 /* encrypt DER buffer if required */
wolfSSL 11:cee25a834751 19741 if (passwd != NULL && passwdSz > 0 && cipher != NULL) {
wolfSSL 11:cee25a834751 19742 int ret;
wolfSSL 11:cee25a834751 19743
wolfSSL 11:cee25a834751 19744 ret = EncryptDerKey(derBuf, &derSz, cipher,
wolfSSL 11:cee25a834751 19745 passwd, passwdSz, &cipherInfo);
wolfSSL 11:cee25a834751 19746 if (ret != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 19747 WOLFSSL_MSG("EncryptDerKey failed");
wolfSSL 11:cee25a834751 19748 XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 19749 return ret;
wolfSSL 11:cee25a834751 19750 }
wolfSSL 11:cee25a834751 19751
wolfSSL 11:cee25a834751 19752 /* tmp buffer with a max size */
wolfSSL 11:cee25a834751 19753 *plen = (derSz * 2) + sizeof(BEGIN_RSA_PRIV) +
wolfSSL 11:cee25a834751 19754 sizeof(END_RSA_PRIV) + HEADER_ENCRYPTED_KEY_SIZE;
wolfSSL 11:cee25a834751 19755 }
wolfSSL 11:cee25a834751 19756 else /* tmp buffer with a max size */
wolfSSL 11:cee25a834751 19757 *plen = (derSz * 2) + sizeof(BEGIN_RSA_PRIV) + sizeof(END_RSA_PRIV);
wolfSSL 11:cee25a834751 19758
wolfSSL 11:cee25a834751 19759 tmp = (byte*)XMALLOC(*plen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 19760 if (tmp == NULL) {
wolfSSL 11:cee25a834751 19761 WOLFSSL_MSG("malloc failed");
wolfSSL 11:cee25a834751 19762 XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 19763 if (cipherInfo != NULL)
wolfSSL 11:cee25a834751 19764 XFREE(cipherInfo, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 19765 return SSL_FAILURE;
wolfSSL 11:cee25a834751 19766 }
wolfSSL 11:cee25a834751 19767
wolfSSL 11:cee25a834751 19768 /* DER to PEM */
wolfSSL 11:cee25a834751 19769 *plen = wc_DerToPemEx(derBuf, derSz, tmp, *plen, cipherInfo, PRIVATEKEY_TYPE);
wolfSSL 11:cee25a834751 19770 if (*plen <= 0) {
wolfSSL 11:cee25a834751 19771 WOLFSSL_MSG("wc_DerToPemEx failed");
wolfSSL 11:cee25a834751 19772 XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 19773 XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 19774 if (cipherInfo != NULL)
wolfSSL 11:cee25a834751 19775 XFREE(cipherInfo, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 19776 return SSL_FAILURE;
wolfSSL 11:cee25a834751 19777 }
wolfSSL 11:cee25a834751 19778 XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 19779 if (cipherInfo != NULL)
wolfSSL 11:cee25a834751 19780 XFREE(cipherInfo, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 19781
wolfSSL 11:cee25a834751 19782 *pem = (byte*)XMALLOC((*plen)+1, NULL, DYNAMIC_TYPE_KEY);
wolfSSL 11:cee25a834751 19783 if (*pem == NULL) {
wolfSSL 11:cee25a834751 19784 WOLFSSL_MSG("malloc failed");
wolfSSL 11:cee25a834751 19785 XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 19786 return SSL_FAILURE;
wolfSSL 11:cee25a834751 19787 }
wolfSSL 11:cee25a834751 19788 XMEMSET(*pem, 0, (*plen)+1);
wolfSSL 11:cee25a834751 19789
wolfSSL 11:cee25a834751 19790 if (XMEMCPY(*pem, tmp, *plen) == NULL) {
wolfSSL 11:cee25a834751 19791 WOLFSSL_MSG("XMEMCPY failed");
wolfSSL 11:cee25a834751 19792 XFREE(pem, NULL, DYNAMIC_TYPE_KEY);
wolfSSL 11:cee25a834751 19793 XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 19794 return SSL_FAILURE;
wolfSSL 11:cee25a834751 19795 }
wolfSSL 11:cee25a834751 19796 XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 19797
wolfSSL 11:cee25a834751 19798 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 19799 }
wolfSSL 11:cee25a834751 19800
wolfSSL 11:cee25a834751 19801
wolfSSL 11:cee25a834751 19802 #ifndef NO_FILESYSTEM
wolfSSL 11:cee25a834751 19803 /* return code compliant with OpenSSL :
wolfSSL 11:cee25a834751 19804 * 1 if success, 0 if error
wolfSSL 11:cee25a834751 19805 */
wolfSSL 11:cee25a834751 19806 int wolfSSL_PEM_write_RSAPrivateKey(FILE *fp, WOLFSSL_RSA *rsa,
wolfSSL 11:cee25a834751 19807 const EVP_CIPHER *enc,
wolfSSL 11:cee25a834751 19808 unsigned char *kstr, int klen,
wolfSSL 11:cee25a834751 19809 pem_password_cb *cb, void *u)
wolfSSL 11:cee25a834751 19810 {
wolfSSL 11:cee25a834751 19811 byte *pem;
wolfSSL 11:cee25a834751 19812 int plen, ret;
wolfSSL 11:cee25a834751 19813
wolfSSL 11:cee25a834751 19814 (void)cb;
wolfSSL 11:cee25a834751 19815 (void)u;
wolfSSL 11:cee25a834751 19816
wolfSSL 11:cee25a834751 19817 WOLFSSL_MSG("wolfSSL_PEM_write_RSAPrivateKey");
wolfSSL 11:cee25a834751 19818
wolfSSL 11:cee25a834751 19819 if (fp == NULL || rsa == NULL || rsa->internal == NULL) {
wolfSSL 11:cee25a834751 19820 WOLFSSL_MSG("Bad function arguments");
wolfSSL 11:cee25a834751 19821 return SSL_FAILURE;
wolfSSL 11:cee25a834751 19822 }
wolfSSL 11:cee25a834751 19823
wolfSSL 11:cee25a834751 19824 ret = wolfSSL_PEM_write_mem_RSAPrivateKey(rsa, enc, kstr, klen, &pem, &plen);
wolfSSL 11:cee25a834751 19825 if (ret != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 19826 WOLFSSL_MSG("wolfSSL_PEM_write_mem_RSAPrivateKey failed");
wolfSSL 11:cee25a834751 19827 return SSL_FAILURE;
wolfSSL 11:cee25a834751 19828 }
wolfSSL 11:cee25a834751 19829
wolfSSL 11:cee25a834751 19830 ret = (int)XFWRITE(pem, plen, 1, fp);
wolfSSL 11:cee25a834751 19831 if (ret != 1) {
wolfSSL 11:cee25a834751 19832 WOLFSSL_MSG("RSA private key file write failed");
wolfSSL 11:cee25a834751 19833 return SSL_FAILURE;
wolfSSL 11:cee25a834751 19834 }
wolfSSL 11:cee25a834751 19835
wolfSSL 11:cee25a834751 19836 XFREE(pem, NULL, DYNAMIC_TYPE_KEY);
wolfSSL 11:cee25a834751 19837 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 19838 }
wolfSSL 11:cee25a834751 19839 #endif /* NO_FILESYSTEM */
wolfSSL 11:cee25a834751 19840
wolfSSL 11:cee25a834751 19841 int wolfSSL_PEM_write_bio_RSAPrivateKey(WOLFSSL_BIO* bio, RSA* rsa,
wolfSSL 11:cee25a834751 19842 const EVP_CIPHER* cipher,
wolfSSL 11:cee25a834751 19843 unsigned char* passwd, int len,
wolfSSL 11:cee25a834751 19844 pem_password_cb* cb, void* arg)
wolfSSL 11:cee25a834751 19845 {
wolfSSL 11:cee25a834751 19846 (void)bio;
wolfSSL 11:cee25a834751 19847 (void)rsa;
wolfSSL 11:cee25a834751 19848 (void)cipher;
wolfSSL 11:cee25a834751 19849 (void)passwd;
wolfSSL 11:cee25a834751 19850 (void)len;
wolfSSL 11:cee25a834751 19851 (void)cb;
wolfSSL 11:cee25a834751 19852 (void)arg;
wolfSSL 11:cee25a834751 19853
wolfSSL 11:cee25a834751 19854 WOLFSSL_MSG("wolfSSL_PEM_write_bio_RSAPrivateKey not implemented");
wolfSSL 11:cee25a834751 19855
wolfSSL 11:cee25a834751 19856 return SSL_FAILURE;
wolfSSL 11:cee25a834751 19857 }
wolfSSL 11:cee25a834751 19858 #endif /* defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) */
wolfSSL 11:cee25a834751 19859
wolfSSL 11:cee25a834751 19860 #ifdef HAVE_ECC
wolfSSL 11:cee25a834751 19861
wolfSSL 11:cee25a834751 19862 /* EC_POINT Openssl -> WolfSSL */
wolfSSL 11:cee25a834751 19863 static int SetECPointInternal(WOLFSSL_EC_POINT *p)
wolfSSL 11:cee25a834751 19864 {
wolfSSL 11:cee25a834751 19865 ecc_point* point;
wolfSSL 11:cee25a834751 19866 WOLFSSL_ENTER("SetECPointInternal");
wolfSSL 11:cee25a834751 19867
wolfSSL 11:cee25a834751 19868 if (p == NULL || p->internal == NULL) {
wolfSSL 11:cee25a834751 19869 WOLFSSL_MSG("ECPoint NULL error");
wolfSSL 11:cee25a834751 19870 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 19871 }
wolfSSL 11:cee25a834751 19872
wolfSSL 11:cee25a834751 19873 point = (ecc_point*)p->internal;
wolfSSL 11:cee25a834751 19874
wolfSSL 11:cee25a834751 19875 if (p->X != NULL && SetIndividualInternal(p->X, point->x) != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 19876 WOLFSSL_MSG("ecc point X error");
wolfSSL 11:cee25a834751 19877 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 19878 }
wolfSSL 11:cee25a834751 19879
wolfSSL 11:cee25a834751 19880 if (p->Y != NULL && SetIndividualInternal(p->Y, point->y) != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 19881 WOLFSSL_MSG("ecc point Y error");
wolfSSL 11:cee25a834751 19882 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 19883 }
wolfSSL 11:cee25a834751 19884
wolfSSL 11:cee25a834751 19885 if (p->Z != NULL && SetIndividualInternal(p->Z, point->z) != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 19886 WOLFSSL_MSG("ecc point Z error");
wolfSSL 11:cee25a834751 19887 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 19888 }
wolfSSL 11:cee25a834751 19889
wolfSSL 11:cee25a834751 19890 p->inSet = 1;
wolfSSL 11:cee25a834751 19891
wolfSSL 11:cee25a834751 19892 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 19893 }
wolfSSL 11:cee25a834751 19894
wolfSSL 11:cee25a834751 19895 /* EC_POINT WolfSSL -> OpenSSL */
wolfSSL 11:cee25a834751 19896 static int SetECPointExternal(WOLFSSL_EC_POINT *p)
wolfSSL 11:cee25a834751 19897 {
wolfSSL 11:cee25a834751 19898 ecc_point* point;
wolfSSL 11:cee25a834751 19899
wolfSSL 11:cee25a834751 19900 WOLFSSL_ENTER("SetECPointExternal");
wolfSSL 11:cee25a834751 19901
wolfSSL 11:cee25a834751 19902 if (p == NULL || p->internal == NULL) {
wolfSSL 11:cee25a834751 19903 WOLFSSL_MSG("ECPoint NULL error");
wolfSSL 11:cee25a834751 19904 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 19905 }
wolfSSL 11:cee25a834751 19906
wolfSSL 11:cee25a834751 19907 point = (ecc_point*)p->internal;
wolfSSL 11:cee25a834751 19908
wolfSSL 11:cee25a834751 19909 if (SetIndividualExternal(&p->X, point->x) != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 19910 WOLFSSL_MSG("ecc point X error");
wolfSSL 11:cee25a834751 19911 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 19912 }
wolfSSL 11:cee25a834751 19913
wolfSSL 11:cee25a834751 19914 if (SetIndividualExternal(&p->Y, point->y) != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 19915 WOLFSSL_MSG("ecc point Y error");
wolfSSL 11:cee25a834751 19916 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 19917 }
wolfSSL 11:cee25a834751 19918
wolfSSL 11:cee25a834751 19919 if (SetIndividualExternal(&p->Z, point->z) != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 19920 WOLFSSL_MSG("ecc point Z error");
wolfSSL 11:cee25a834751 19921 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 19922 }
wolfSSL 11:cee25a834751 19923
wolfSSL 11:cee25a834751 19924 p->exSet = 1;
wolfSSL 11:cee25a834751 19925
wolfSSL 11:cee25a834751 19926 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 19927 }
wolfSSL 11:cee25a834751 19928
wolfSSL 11:cee25a834751 19929 /* EC_KEY wolfSSL -> OpenSSL */
wolfSSL 11:cee25a834751 19930 static int SetECKeyExternal(WOLFSSL_EC_KEY* eckey)
wolfSSL 11:cee25a834751 19931 {
wolfSSL 11:cee25a834751 19932 ecc_key* key;
wolfSSL 11:cee25a834751 19933
wolfSSL 11:cee25a834751 19934 WOLFSSL_ENTER("SetECKeyExternal");
wolfSSL 11:cee25a834751 19935
wolfSSL 11:cee25a834751 19936 if (eckey == NULL || eckey->internal == NULL) {
wolfSSL 11:cee25a834751 19937 WOLFSSL_MSG("ec key NULL error");
wolfSSL 11:cee25a834751 19938 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 19939 }
wolfSSL 11:cee25a834751 19940
wolfSSL 11:cee25a834751 19941 key = (ecc_key*)eckey->internal;
wolfSSL 11:cee25a834751 19942
wolfSSL 11:cee25a834751 19943 /* set group (OID, nid and idx) */
wolfSSL 11:cee25a834751 19944 eckey->group->curve_oid = ecc_sets[key->idx].oidSum;
wolfSSL 11:cee25a834751 19945 eckey->group->curve_nid = ecc_sets[key->idx].id;
wolfSSL 11:cee25a834751 19946 eckey->group->curve_idx = key->idx;
wolfSSL 11:cee25a834751 19947
wolfSSL 11:cee25a834751 19948 if (eckey->pub_key->internal != NULL) {
wolfSSL 11:cee25a834751 19949 /* set the internal public key */
wolfSSL 11:cee25a834751 19950 if (wc_ecc_copy_point(&key->pubkey,
wolfSSL 11:cee25a834751 19951 (ecc_point*)eckey->pub_key->internal) != MP_OKAY) {
wolfSSL 11:cee25a834751 19952 WOLFSSL_MSG("SetECKeyExternal ecc_copy_point failed");
wolfSSL 11:cee25a834751 19953 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 19954 }
wolfSSL 11:cee25a834751 19955
wolfSSL 11:cee25a834751 19956 /* set the external pubkey (point) */
wolfSSL 11:cee25a834751 19957 if (SetECPointExternal(eckey->pub_key) != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 19958 WOLFSSL_MSG("SetECKeyExternal SetECPointExternal failed");
wolfSSL 11:cee25a834751 19959 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 19960 }
wolfSSL 11:cee25a834751 19961 }
wolfSSL 11:cee25a834751 19962
wolfSSL 11:cee25a834751 19963 /* set the external privkey */
wolfSSL 11:cee25a834751 19964 if (key->type == ECC_PRIVATEKEY) {
wolfSSL 11:cee25a834751 19965 if (SetIndividualExternal(&eckey->priv_key, &key->k) != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 19966 WOLFSSL_MSG("ec priv key error");
wolfSSL 11:cee25a834751 19967 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 19968 }
wolfSSL 11:cee25a834751 19969 }
wolfSSL 11:cee25a834751 19970
wolfSSL 11:cee25a834751 19971 eckey->exSet = 1;
wolfSSL 11:cee25a834751 19972
wolfSSL 11:cee25a834751 19973 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 19974 }
wolfSSL 11:cee25a834751 19975
wolfSSL 11:cee25a834751 19976 /* EC_KEY Openssl -> WolfSSL */
wolfSSL 11:cee25a834751 19977 static int SetECKeyInternal(WOLFSSL_EC_KEY* eckey)
wolfSSL 11:cee25a834751 19978 {
wolfSSL 11:cee25a834751 19979 ecc_key* key;
wolfSSL 11:cee25a834751 19980
wolfSSL 11:cee25a834751 19981 WOLFSSL_ENTER("SetECKeyInternal");
wolfSSL 11:cee25a834751 19982
wolfSSL 11:cee25a834751 19983 if (eckey == NULL || eckey->internal == NULL) {
wolfSSL 11:cee25a834751 19984 WOLFSSL_MSG("ec key NULL error");
wolfSSL 11:cee25a834751 19985 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 19986 }
wolfSSL 11:cee25a834751 19987
wolfSSL 11:cee25a834751 19988 key = (ecc_key*)eckey->internal;
wolfSSL 11:cee25a834751 19989
wolfSSL 11:cee25a834751 19990 /* validate group */
wolfSSL 11:cee25a834751 19991 if ((eckey->group->curve_idx < 0) ||
wolfSSL 11:cee25a834751 19992 (wc_ecc_is_valid_idx(eckey->group->curve_idx) == 0)) {
wolfSSL 11:cee25a834751 19993 WOLFSSL_MSG("invalid curve idx");
wolfSSL 11:cee25a834751 19994 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 19995 }
wolfSSL 11:cee25a834751 19996
wolfSSL 11:cee25a834751 19997 /* set group (idx of curve and corresponding domain parameters) */
wolfSSL 11:cee25a834751 19998 key->idx = eckey->group->curve_idx;
wolfSSL 11:cee25a834751 19999 key->dp = &ecc_sets[key->idx];
wolfSSL 11:cee25a834751 20000
wolfSSL 11:cee25a834751 20001 /* set pubkey (point) */
wolfSSL 11:cee25a834751 20002 if (eckey->pub_key != NULL) {
wolfSSL 11:cee25a834751 20003 if (SetECPointInternal(eckey->pub_key) != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 20004 WOLFSSL_MSG("ec key pub error");
wolfSSL 11:cee25a834751 20005 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 20006 }
wolfSSL 11:cee25a834751 20007
wolfSSL 11:cee25a834751 20008 /* public key */
wolfSSL 11:cee25a834751 20009 key->type = ECC_PUBLICKEY;
wolfSSL 11:cee25a834751 20010 }
wolfSSL 11:cee25a834751 20011
wolfSSL 11:cee25a834751 20012 /* set privkey */
wolfSSL 11:cee25a834751 20013 if (eckey->priv_key != NULL) {
wolfSSL 11:cee25a834751 20014 if (SetIndividualInternal(eckey->priv_key, &key->k) != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 20015 WOLFSSL_MSG("ec key priv error");
wolfSSL 11:cee25a834751 20016 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 20017 }
wolfSSL 11:cee25a834751 20018
wolfSSL 11:cee25a834751 20019 /* private key */
wolfSSL 11:cee25a834751 20020 key->type = ECC_PRIVATEKEY;
wolfSSL 11:cee25a834751 20021 }
wolfSSL 11:cee25a834751 20022
wolfSSL 11:cee25a834751 20023 eckey->inSet = 1;
wolfSSL 11:cee25a834751 20024
wolfSSL 11:cee25a834751 20025 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 20026 }
wolfSSL 11:cee25a834751 20027
wolfSSL 11:cee25a834751 20028 WOLFSSL_EC_POINT *wolfSSL_EC_KEY_get0_public_key(const WOLFSSL_EC_KEY *key)
wolfSSL 11:cee25a834751 20029 {
wolfSSL 11:cee25a834751 20030 WOLFSSL_ENTER("wolfSSL_EC_KEY_get0_public_key");
wolfSSL 11:cee25a834751 20031
wolfSSL 11:cee25a834751 20032 if (key == NULL) {
wolfSSL 11:cee25a834751 20033 WOLFSSL_MSG("wolfSSL_EC_KEY_get0_group Bad arguments");
wolfSSL 11:cee25a834751 20034 return NULL;
wolfSSL 11:cee25a834751 20035 }
wolfSSL 11:cee25a834751 20036
wolfSSL 11:cee25a834751 20037 return key->pub_key;
wolfSSL 11:cee25a834751 20038 }
wolfSSL 11:cee25a834751 20039
wolfSSL 11:cee25a834751 20040 const WOLFSSL_EC_GROUP *wolfSSL_EC_KEY_get0_group(const WOLFSSL_EC_KEY *key)
wolfSSL 11:cee25a834751 20041 {
wolfSSL 11:cee25a834751 20042 WOLFSSL_ENTER("wolfSSL_EC_KEY_get0_group");
wolfSSL 11:cee25a834751 20043
wolfSSL 11:cee25a834751 20044 if (key == NULL) {
wolfSSL 11:cee25a834751 20045 WOLFSSL_MSG("wolfSSL_EC_KEY_get0_group Bad arguments");
wolfSSL 11:cee25a834751 20046 return NULL;
wolfSSL 11:cee25a834751 20047 }
wolfSSL 11:cee25a834751 20048
wolfSSL 11:cee25a834751 20049 return key->group;
wolfSSL 11:cee25a834751 20050 }
wolfSSL 11:cee25a834751 20051
wolfSSL 11:cee25a834751 20052
wolfSSL 11:cee25a834751 20053 /* return code compliant with OpenSSL :
wolfSSL 11:cee25a834751 20054 * 1 if success, 0 if error
wolfSSL 11:cee25a834751 20055 */
wolfSSL 11:cee25a834751 20056 int wolfSSL_EC_KEY_set_private_key(WOLFSSL_EC_KEY *key,
wolfSSL 11:cee25a834751 20057 const WOLFSSL_BIGNUM *priv_key)
wolfSSL 11:cee25a834751 20058 {
wolfSSL 11:cee25a834751 20059 WOLFSSL_ENTER("wolfSSL_EC_KEY_set_private_key");
wolfSSL 11:cee25a834751 20060
wolfSSL 11:cee25a834751 20061 if (key == NULL || priv_key == NULL) {
wolfSSL 11:cee25a834751 20062 WOLFSSL_MSG("Bad arguments");
wolfSSL 11:cee25a834751 20063 return SSL_FAILURE;
wolfSSL 11:cee25a834751 20064 }
wolfSSL 11:cee25a834751 20065
wolfSSL 11:cee25a834751 20066 /* free key if previously set */
wolfSSL 11:cee25a834751 20067 if (key->priv_key != NULL)
wolfSSL 11:cee25a834751 20068 wolfSSL_BN_free(key->priv_key);
wolfSSL 11:cee25a834751 20069
wolfSSL 11:cee25a834751 20070 key->priv_key = wolfSSL_BN_dup(priv_key);
wolfSSL 11:cee25a834751 20071 if (key->priv_key == NULL) {
wolfSSL 11:cee25a834751 20072 WOLFSSL_MSG("key ecc priv key NULL");
wolfSSL 11:cee25a834751 20073 return SSL_FAILURE;
wolfSSL 11:cee25a834751 20074 }
wolfSSL 11:cee25a834751 20075
wolfSSL 11:cee25a834751 20076 if (SetECKeyInternal(key) != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 20077 WOLFSSL_MSG("SetECKeyInternal failed");
wolfSSL 11:cee25a834751 20078 wolfSSL_BN_free(key->priv_key);
wolfSSL 11:cee25a834751 20079 return SSL_FAILURE;
wolfSSL 11:cee25a834751 20080 }
wolfSSL 11:cee25a834751 20081
wolfSSL 11:cee25a834751 20082 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 20083 }
wolfSSL 11:cee25a834751 20084
wolfSSL 11:cee25a834751 20085
wolfSSL 11:cee25a834751 20086 WOLFSSL_BIGNUM *wolfSSL_EC_KEY_get0_private_key(const WOLFSSL_EC_KEY *key)
wolfSSL 11:cee25a834751 20087 {
wolfSSL 11:cee25a834751 20088 WOLFSSL_ENTER("wolfSSL_EC_KEY_get0_private_key");
wolfSSL 11:cee25a834751 20089
wolfSSL 11:cee25a834751 20090 if (key == NULL) {
wolfSSL 11:cee25a834751 20091 WOLFSSL_MSG("wolfSSL_EC_KEY_get0_private_key Bad arguments");
wolfSSL 11:cee25a834751 20092 return NULL;
wolfSSL 11:cee25a834751 20093 }
wolfSSL 11:cee25a834751 20094
wolfSSL 11:cee25a834751 20095 return key->priv_key;
wolfSSL 11:cee25a834751 20096 }
wolfSSL 11:cee25a834751 20097
wolfSSL 11:cee25a834751 20098 WOLFSSL_EC_KEY *wolfSSL_EC_KEY_new_by_curve_name(int nid)
wolfSSL 11:cee25a834751 20099 {
wolfSSL 11:cee25a834751 20100 WOLFSSL_EC_KEY *key;
wolfSSL 11:cee25a834751 20101 int x;
wolfSSL 11:cee25a834751 20102
wolfSSL 11:cee25a834751 20103 WOLFSSL_ENTER("wolfSSL_EC_KEY_new_by_curve_name");
wolfSSL 11:cee25a834751 20104
wolfSSL 11:cee25a834751 20105 key = wolfSSL_EC_KEY_new();
wolfSSL 11:cee25a834751 20106 if (key == NULL) {
wolfSSL 11:cee25a834751 20107 WOLFSSL_MSG("wolfSSL_EC_KEY_new failure");
wolfSSL 11:cee25a834751 20108 return NULL;
wolfSSL 11:cee25a834751 20109 }
wolfSSL 11:cee25a834751 20110
wolfSSL 11:cee25a834751 20111 /* set the nid of the curve */
wolfSSL 11:cee25a834751 20112 key->group->curve_nid = nid;
wolfSSL 11:cee25a834751 20113
wolfSSL 11:cee25a834751 20114 /* search and set the corresponding internal curve idx */
wolfSSL 11:cee25a834751 20115 for (x = 0; ecc_sets[x].size != 0; x++)
wolfSSL 11:cee25a834751 20116 if (ecc_sets[x].id == key->group->curve_nid) {
wolfSSL 11:cee25a834751 20117 key->group->curve_idx = x;
wolfSSL 11:cee25a834751 20118 key->group->curve_oid = ecc_sets[x].oidSum;
wolfSSL 11:cee25a834751 20119 break;
wolfSSL 11:cee25a834751 20120 }
wolfSSL 11:cee25a834751 20121
wolfSSL 11:cee25a834751 20122 return key;
wolfSSL 11:cee25a834751 20123 }
wolfSSL 11:cee25a834751 20124
wolfSSL 11:cee25a834751 20125 static void InitwolfSSL_ECKey(WOLFSSL_EC_KEY* key)
wolfSSL 11:cee25a834751 20126 {
wolfSSL 11:cee25a834751 20127 if (key) {
wolfSSL 11:cee25a834751 20128 key->group = NULL;
wolfSSL 11:cee25a834751 20129 key->pub_key = NULL;
wolfSSL 11:cee25a834751 20130 key->priv_key = NULL;
wolfSSL 11:cee25a834751 20131 key->internal = NULL;
wolfSSL 11:cee25a834751 20132 key->inSet = 0;
wolfSSL 11:cee25a834751 20133 key->exSet = 0;
wolfSSL 11:cee25a834751 20134 }
wolfSSL 11:cee25a834751 20135 }
wolfSSL 11:cee25a834751 20136
wolfSSL 11:cee25a834751 20137 WOLFSSL_EC_KEY *wolfSSL_EC_KEY_new(void)
wolfSSL 11:cee25a834751 20138 {
wolfSSL 11:cee25a834751 20139 WOLFSSL_EC_KEY *external;
wolfSSL 11:cee25a834751 20140 ecc_key* key;
wolfSSL 11:cee25a834751 20141
wolfSSL 11:cee25a834751 20142 WOLFSSL_ENTER("wolfSSL_EC_KEY_new");
wolfSSL 11:cee25a834751 20143
wolfSSL 11:cee25a834751 20144 external = (WOLFSSL_EC_KEY*)XMALLOC(sizeof(WOLFSSL_EC_KEY), NULL,
wolfSSL 11:cee25a834751 20145 DYNAMIC_TYPE_ECC);
wolfSSL 11:cee25a834751 20146 if (external == NULL) {
wolfSSL 11:cee25a834751 20147 WOLFSSL_MSG("wolfSSL_EC_KEY_new malloc WOLFSSL_EC_KEY failure");
wolfSSL 11:cee25a834751 20148 return NULL;
wolfSSL 11:cee25a834751 20149 }
wolfSSL 11:cee25a834751 20150 XMEMSET(external, 0, sizeof(WOLFSSL_EC_KEY));
wolfSSL 11:cee25a834751 20151
wolfSSL 11:cee25a834751 20152 InitwolfSSL_ECKey(external);
wolfSSL 11:cee25a834751 20153
wolfSSL 11:cee25a834751 20154 external->internal = (ecc_key*)XMALLOC(sizeof(ecc_key), NULL,
wolfSSL 11:cee25a834751 20155 DYNAMIC_TYPE_ECC);
wolfSSL 11:cee25a834751 20156 if (external->internal == NULL) {
wolfSSL 11:cee25a834751 20157 WOLFSSL_MSG("wolfSSL_EC_KEY_new malloc ecc key failure");
wolfSSL 11:cee25a834751 20158 wolfSSL_EC_KEY_free(external);
wolfSSL 11:cee25a834751 20159 return NULL;
wolfSSL 11:cee25a834751 20160 }
wolfSSL 11:cee25a834751 20161 XMEMSET(external->internal, 0, sizeof(ecc_key));
wolfSSL 11:cee25a834751 20162
wolfSSL 11:cee25a834751 20163 wc_ecc_init((ecc_key*)external->internal);
wolfSSL 11:cee25a834751 20164
wolfSSL 11:cee25a834751 20165 /* public key */
wolfSSL 11:cee25a834751 20166 external->pub_key = (WOLFSSL_EC_POINT*)XMALLOC(sizeof(WOLFSSL_EC_POINT),
wolfSSL 11:cee25a834751 20167 NULL, DYNAMIC_TYPE_ECC);
wolfSSL 11:cee25a834751 20168 if (external->pub_key == NULL) {
wolfSSL 11:cee25a834751 20169 WOLFSSL_MSG("wolfSSL_EC_KEY_new malloc WOLFSSL_EC_POINT failure");
wolfSSL 11:cee25a834751 20170 wolfSSL_EC_KEY_free(external);
wolfSSL 11:cee25a834751 20171 return NULL;
wolfSSL 11:cee25a834751 20172 }
wolfSSL 11:cee25a834751 20173 XMEMSET(external->pub_key, 0, sizeof(WOLFSSL_EC_POINT));
wolfSSL 11:cee25a834751 20174
wolfSSL 11:cee25a834751 20175 key = (ecc_key*)external->internal;
wolfSSL 11:cee25a834751 20176 external->pub_key->internal = (ecc_point*)&key->pubkey;
wolfSSL 11:cee25a834751 20177
wolfSSL 11:cee25a834751 20178 /* curve group */
wolfSSL 11:cee25a834751 20179 external->group = (WOLFSSL_EC_GROUP*)XMALLOC(sizeof(WOLFSSL_EC_GROUP), NULL,
wolfSSL 11:cee25a834751 20180 DYNAMIC_TYPE_ECC);
wolfSSL 11:cee25a834751 20181 if (external->group == NULL) {
wolfSSL 11:cee25a834751 20182 WOLFSSL_MSG("wolfSSL_EC_KEY_new malloc WOLFSSL_EC_GROUP failure");
wolfSSL 11:cee25a834751 20183 wolfSSL_EC_KEY_free(external);
wolfSSL 11:cee25a834751 20184 return NULL;
wolfSSL 11:cee25a834751 20185 }
wolfSSL 11:cee25a834751 20186 XMEMSET(external->group, 0, sizeof(WOLFSSL_EC_GROUP));
wolfSSL 11:cee25a834751 20187
wolfSSL 11:cee25a834751 20188 /* private key */
wolfSSL 11:cee25a834751 20189 external->priv_key = wolfSSL_BN_new();
wolfSSL 11:cee25a834751 20190 if (external->priv_key == NULL) {
wolfSSL 11:cee25a834751 20191 WOLFSSL_MSG("wolfSSL_BN_new failure");
wolfSSL 11:cee25a834751 20192 wolfSSL_EC_KEY_free(external);
wolfSSL 11:cee25a834751 20193 return NULL;
wolfSSL 11:cee25a834751 20194 }
wolfSSL 11:cee25a834751 20195
wolfSSL 11:cee25a834751 20196 return external;
wolfSSL 11:cee25a834751 20197 }
wolfSSL 11:cee25a834751 20198
wolfSSL 11:cee25a834751 20199 void wolfSSL_EC_KEY_free(WOLFSSL_EC_KEY *key)
wolfSSL 11:cee25a834751 20200 {
wolfSSL 11:cee25a834751 20201 WOLFSSL_ENTER("wolfSSL_EC_KEY_free");
wolfSSL 11:cee25a834751 20202
wolfSSL 11:cee25a834751 20203 if (key != NULL) {
wolfSSL 11:cee25a834751 20204 if (key->internal != NULL) {
wolfSSL 11:cee25a834751 20205 wc_ecc_free((ecc_key*)key->internal);
wolfSSL 11:cee25a834751 20206 XFREE(key->internal, NULL, DYNAMIC_TYPE_ECC);
wolfSSL 11:cee25a834751 20207 }
wolfSSL 11:cee25a834751 20208 wolfSSL_BN_free(key->priv_key);
wolfSSL 11:cee25a834751 20209 wolfSSL_EC_POINT_free(key->pub_key);
wolfSSL 11:cee25a834751 20210 wolfSSL_EC_GROUP_free(key->group);
wolfSSL 11:cee25a834751 20211 InitwolfSSL_ECKey(key); /* set back to NULLs for safety */
wolfSSL 11:cee25a834751 20212
wolfSSL 11:cee25a834751 20213 XFREE(key, NULL, DYNAMIC_TYPE_ECC);
wolfSSL 11:cee25a834751 20214 key = NULL;
wolfSSL 11:cee25a834751 20215 }
wolfSSL 11:cee25a834751 20216 }
wolfSSL 11:cee25a834751 20217
wolfSSL 11:cee25a834751 20218 int wolfSSL_EC_KEY_set_group(WOLFSSL_EC_KEY *key, WOLFSSL_EC_GROUP *group)
wolfSSL 11:cee25a834751 20219 {
wolfSSL 11:cee25a834751 20220 (void)key;
wolfSSL 11:cee25a834751 20221 (void)group;
wolfSSL 11:cee25a834751 20222
wolfSSL 11:cee25a834751 20223 WOLFSSL_ENTER("wolfSSL_EC_KEY_set_group");
wolfSSL 11:cee25a834751 20224 WOLFSSL_MSG("wolfSSL_EC_KEY_set_group TBD");
wolfSSL 11:cee25a834751 20225
wolfSSL 11:cee25a834751 20226 return -1;
wolfSSL 11:cee25a834751 20227 }
wolfSSL 11:cee25a834751 20228
wolfSSL 11:cee25a834751 20229 int wolfSSL_EC_KEY_generate_key(WOLFSSL_EC_KEY *key)
wolfSSL 11:cee25a834751 20230 {
wolfSSL 11:cee25a834751 20231 int initTmpRng = 0;
wolfSSL 11:cee25a834751 20232 WC_RNG* rng = NULL;
wolfSSL 11:cee25a834751 20233 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 20234 WC_RNG* tmpRNG = NULL;
wolfSSL 11:cee25a834751 20235 #else
wolfSSL 11:cee25a834751 20236 WC_RNG tmpRNG[1];
wolfSSL 11:cee25a834751 20237 #endif
wolfSSL 11:cee25a834751 20238
wolfSSL 11:cee25a834751 20239 WOLFSSL_ENTER("wolfSSL_EC_KEY_generate_key");
wolfSSL 11:cee25a834751 20240
wolfSSL 11:cee25a834751 20241 if (key == NULL || key->internal == NULL ||
wolfSSL 11:cee25a834751 20242 key->group == NULL || key->group->curve_idx < 0) {
wolfSSL 11:cee25a834751 20243 WOLFSSL_MSG("wolfSSL_EC_KEY_generate_key Bad arguments");
wolfSSL 11:cee25a834751 20244 return 0;
wolfSSL 11:cee25a834751 20245 }
wolfSSL 11:cee25a834751 20246
wolfSSL 11:cee25a834751 20247 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 20248 tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 20249 if (tmpRNG == NULL)
wolfSSL 11:cee25a834751 20250 return 0;
wolfSSL 11:cee25a834751 20251 #endif
wolfSSL 11:cee25a834751 20252
wolfSSL 11:cee25a834751 20253 if (wc_InitRng(tmpRNG) == 0) {
wolfSSL 11:cee25a834751 20254 rng = tmpRNG;
wolfSSL 11:cee25a834751 20255 initTmpRng = 1;
wolfSSL 11:cee25a834751 20256 }
wolfSSL 11:cee25a834751 20257 else {
wolfSSL 11:cee25a834751 20258 WOLFSSL_MSG("Bad RNG Init, trying global");
wolfSSL 11:cee25a834751 20259 if (initGlobalRNG == 0)
wolfSSL 11:cee25a834751 20260 WOLFSSL_MSG("Global RNG no Init");
wolfSSL 11:cee25a834751 20261 else
wolfSSL 11:cee25a834751 20262 rng = &globalRNG;
wolfSSL 11:cee25a834751 20263 }
wolfSSL 11:cee25a834751 20264
wolfSSL 11:cee25a834751 20265 if (rng == NULL) {
wolfSSL 11:cee25a834751 20266 WOLFSSL_MSG("wolfSSL_EC_KEY_generate_key failed to set RNG");
wolfSSL 11:cee25a834751 20267 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 20268 XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 20269 #endif
wolfSSL 11:cee25a834751 20270 return 0;
wolfSSL 11:cee25a834751 20271 }
wolfSSL 11:cee25a834751 20272
wolfSSL 11:cee25a834751 20273 if (wc_ecc_make_key_ex(rng, 0, (ecc_key*)key->internal,
wolfSSL 11:cee25a834751 20274 key->group->curve_nid) != MP_OKAY) {
wolfSSL 11:cee25a834751 20275 WOLFSSL_MSG("wolfSSL_EC_KEY_generate_key wc_ecc_make_key failed");
wolfSSL 11:cee25a834751 20276 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 20277 XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 20278 #endif
wolfSSL 11:cee25a834751 20279 return 0;
wolfSSL 11:cee25a834751 20280 }
wolfSSL 11:cee25a834751 20281
wolfSSL 11:cee25a834751 20282 if (initTmpRng)
wolfSSL 11:cee25a834751 20283 wc_FreeRng(tmpRNG);
wolfSSL 11:cee25a834751 20284 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 20285 XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 20286 #endif
wolfSSL 11:cee25a834751 20287
wolfSSL 11:cee25a834751 20288 if (SetECKeyExternal(key) != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 20289 WOLFSSL_MSG("wolfSSL_EC_KEY_generate_key SetECKeyExternal failed");
wolfSSL 11:cee25a834751 20290 return 0;
wolfSSL 11:cee25a834751 20291 }
wolfSSL 11:cee25a834751 20292
wolfSSL 11:cee25a834751 20293 return 1;
wolfSSL 11:cee25a834751 20294 }
wolfSSL 11:cee25a834751 20295
wolfSSL 11:cee25a834751 20296 void wolfSSL_EC_KEY_set_asn1_flag(WOLFSSL_EC_KEY *key, int asn1_flag)
wolfSSL 11:cee25a834751 20297 {
wolfSSL 11:cee25a834751 20298 (void)key;
wolfSSL 11:cee25a834751 20299 (void)asn1_flag;
wolfSSL 11:cee25a834751 20300
wolfSSL 11:cee25a834751 20301 WOLFSSL_ENTER("wolfSSL_EC_KEY_set_asn1_flag");
wolfSSL 11:cee25a834751 20302 WOLFSSL_MSG("wolfSSL_EC_KEY_set_asn1_flag TBD");
wolfSSL 11:cee25a834751 20303 }
wolfSSL 11:cee25a834751 20304
wolfSSL 11:cee25a834751 20305 /* return code compliant with OpenSSL :
wolfSSL 11:cee25a834751 20306 * 1 if success, 0 if error
wolfSSL 11:cee25a834751 20307 */
wolfSSL 11:cee25a834751 20308 int wolfSSL_EC_KEY_set_public_key(WOLFSSL_EC_KEY *key,
wolfSSL 11:cee25a834751 20309 const WOLFSSL_EC_POINT *pub)
wolfSSL 11:cee25a834751 20310 {
wolfSSL 11:cee25a834751 20311 ecc_point *pub_p, *key_p;
wolfSSL 11:cee25a834751 20312
wolfSSL 11:cee25a834751 20313 WOLFSSL_ENTER("wolfSSL_EC_KEY_set_public_key");
wolfSSL 11:cee25a834751 20314
wolfSSL 11:cee25a834751 20315 if (key == NULL || key->internal == NULL ||
wolfSSL 11:cee25a834751 20316 pub == NULL || pub->internal == NULL) {
wolfSSL 11:cee25a834751 20317 WOLFSSL_MSG("wolfSSL_EC_GROUP_get_order Bad arguments");
wolfSSL 11:cee25a834751 20318 return SSL_FAILURE;
wolfSSL 11:cee25a834751 20319 }
wolfSSL 11:cee25a834751 20320
wolfSSL 11:cee25a834751 20321 if (key->inSet == 0) {
wolfSSL 11:cee25a834751 20322 if (SetECKeyInternal(key) != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 20323 WOLFSSL_MSG("SetECKeyInternal failed");
wolfSSL 11:cee25a834751 20324 return SSL_FAILURE;
wolfSSL 11:cee25a834751 20325 }
wolfSSL 11:cee25a834751 20326 }
wolfSSL 11:cee25a834751 20327
wolfSSL 11:cee25a834751 20328 if (pub->inSet == 0) {
wolfSSL 11:cee25a834751 20329 if (SetECPointInternal((WOLFSSL_EC_POINT *)pub) != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 20330 WOLFSSL_MSG("SetECPointInternal failed");
wolfSSL 11:cee25a834751 20331 return SSL_FAILURE;
wolfSSL 11:cee25a834751 20332 }
wolfSSL 11:cee25a834751 20333 }
wolfSSL 11:cee25a834751 20334
wolfSSL 11:cee25a834751 20335 pub_p = (ecc_point*)pub->internal;
wolfSSL 11:cee25a834751 20336 key_p = (ecc_point*)key->pub_key->internal;
wolfSSL 11:cee25a834751 20337
wolfSSL 11:cee25a834751 20338 /* create new point if required */
wolfSSL 11:cee25a834751 20339 if (key_p == NULL)
wolfSSL 11:cee25a834751 20340 key_p = wc_ecc_new_point();
wolfSSL 11:cee25a834751 20341
wolfSSL 11:cee25a834751 20342 if (key_p == NULL) {
wolfSSL 11:cee25a834751 20343 WOLFSSL_MSG("key ecc point NULL");
wolfSSL 11:cee25a834751 20344 return SSL_FAILURE;
wolfSSL 11:cee25a834751 20345 }
wolfSSL 11:cee25a834751 20346
wolfSSL 11:cee25a834751 20347 if (wc_ecc_copy_point(pub_p, key_p) != MP_OKAY) {
wolfSSL 11:cee25a834751 20348 WOLFSSL_MSG("ecc_copy_point failure");
wolfSSL 11:cee25a834751 20349 return SSL_FAILURE;
wolfSSL 11:cee25a834751 20350 }
wolfSSL 11:cee25a834751 20351
wolfSSL 11:cee25a834751 20352 if (SetECKeyExternal(key) != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 20353 WOLFSSL_MSG("SetECKeyInternal failed");
wolfSSL 11:cee25a834751 20354 return SSL_FAILURE;
wolfSSL 11:cee25a834751 20355 }
wolfSSL 11:cee25a834751 20356
wolfSSL 11:cee25a834751 20357 #if defined(DEBUG_WOLFSSL) && !defined(NO_FILESYSTEM)
wolfSSL 11:cee25a834751 20358 wolfssl_EC_POINT_dump("pub", pub);
wolfSSL 11:cee25a834751 20359 wolfssl_EC_POINT_dump("key->pub_key", key->pub_key);
wolfSSL 11:cee25a834751 20360 #endif
wolfSSL 11:cee25a834751 20361 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 20362 }
wolfSSL 11:cee25a834751 20363 /* End EC_KEY */
wolfSSL 11:cee25a834751 20364
wolfSSL 11:cee25a834751 20365 #if defined(DEBUG_WOLFSSL) && !defined(NO_FILESYSTEM)
wolfSSL 11:cee25a834751 20366 void wolfssl_EC_POINT_dump(const char *msg, const WOLFSSL_EC_POINT *p)
wolfSSL 11:cee25a834751 20367 {
wolfSSL 11:cee25a834751 20368 char *num;
wolfSSL 11:cee25a834751 20369
wolfSSL 11:cee25a834751 20370 WOLFSSL_ENTER("wolfssl_EC_POINT_dump");
wolfSSL 11:cee25a834751 20371
wolfSSL 11:cee25a834751 20372 if (p == NULL) {
wolfSSL 11:cee25a834751 20373 fprintf(stderr, "%s = NULL", msg);
wolfSSL 11:cee25a834751 20374 return ;
wolfSSL 11:cee25a834751 20375 }
wolfSSL 11:cee25a834751 20376
wolfSSL 11:cee25a834751 20377 fprintf(stderr, "%s:\n\tinSet=%d, exSet=%d\n", msg, p->inSet, p->exSet);
wolfSSL 11:cee25a834751 20378 num = wolfSSL_BN_bn2hex(p->X);
wolfSSL 11:cee25a834751 20379 fprintf(stderr, "\tX = %s\n", num);
wolfSSL 11:cee25a834751 20380 XFREE(num, NULL, DYNAMIC_TYPE_ECC);
wolfSSL 11:cee25a834751 20381 num = wolfSSL_BN_bn2hex(p->Y);
wolfSSL 11:cee25a834751 20382 fprintf(stderr, "\tY = %s\n", num);
wolfSSL 11:cee25a834751 20383 XFREE(num, NULL, DYNAMIC_TYPE_ECC);
wolfSSL 11:cee25a834751 20384 }
wolfSSL 11:cee25a834751 20385 #endif
wolfSSL 11:cee25a834751 20386
wolfSSL 11:cee25a834751 20387 /* Start EC_GROUP */
wolfSSL 11:cee25a834751 20388
wolfSSL 11:cee25a834751 20389 /* return code compliant with OpenSSL :
wolfSSL 11:cee25a834751 20390 * 0 if equal, 1 if not and -1 in case of error
wolfSSL 11:cee25a834751 20391 */
wolfSSL 11:cee25a834751 20392 int wolfSSL_EC_GROUP_cmp(const WOLFSSL_EC_GROUP *a, const WOLFSSL_EC_GROUP *b,
wolfSSL 11:cee25a834751 20393 WOLFSSL_BN_CTX *ctx)
wolfSSL 11:cee25a834751 20394 {
wolfSSL 11:cee25a834751 20395 (void)ctx;
wolfSSL 11:cee25a834751 20396
wolfSSL 11:cee25a834751 20397 WOLFSSL_ENTER("wolfSSL_EC_GROUP_cmp");
wolfSSL 11:cee25a834751 20398
wolfSSL 11:cee25a834751 20399 if (a == NULL || b == NULL) {
wolfSSL 11:cee25a834751 20400 WOLFSSL_MSG("wolfSSL_EC_GROUP_cmp Bad arguments");
wolfSSL 11:cee25a834751 20401 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 20402 }
wolfSSL 11:cee25a834751 20403
wolfSSL 11:cee25a834751 20404 /* ok */
wolfSSL 11:cee25a834751 20405 if ((a->curve_idx == b->curve_idx) && (a->curve_nid == b->curve_nid))
wolfSSL 11:cee25a834751 20406 return 0;
wolfSSL 11:cee25a834751 20407
wolfSSL 11:cee25a834751 20408 /* ko */
wolfSSL 11:cee25a834751 20409 return 1;
wolfSSL 11:cee25a834751 20410 }
wolfSSL 11:cee25a834751 20411
wolfSSL 11:cee25a834751 20412 void wolfSSL_EC_GROUP_free(WOLFSSL_EC_GROUP *group)
wolfSSL 11:cee25a834751 20413 {
wolfSSL 11:cee25a834751 20414 WOLFSSL_ENTER("wolfSSL_EC_GROUP_free");
wolfSSL 11:cee25a834751 20415
wolfSSL 11:cee25a834751 20416 XFREE(group, NULL, DYNAMIC_TYPE_ECC);
wolfSSL 11:cee25a834751 20417 group = NULL;
wolfSSL 11:cee25a834751 20418 }
wolfSSL 11:cee25a834751 20419
wolfSSL 11:cee25a834751 20420 void wolfSSL_EC_GROUP_set_asn1_flag(WOLFSSL_EC_GROUP *group, int flag)
wolfSSL 11:cee25a834751 20421 {
wolfSSL 11:cee25a834751 20422 (void)group;
wolfSSL 11:cee25a834751 20423 (void)flag;
wolfSSL 11:cee25a834751 20424
wolfSSL 11:cee25a834751 20425 WOLFSSL_ENTER("wolfSSL_EC_GROUP_set_asn1_flag");
wolfSSL 11:cee25a834751 20426 WOLFSSL_MSG("wolfSSL_EC_GROUP_set_asn1_flag TBD");
wolfSSL 11:cee25a834751 20427 }
wolfSSL 11:cee25a834751 20428
wolfSSL 11:cee25a834751 20429 WOLFSSL_EC_GROUP *wolfSSL_EC_GROUP_new_by_curve_name(int nid)
wolfSSL 11:cee25a834751 20430 {
wolfSSL 11:cee25a834751 20431 WOLFSSL_EC_GROUP *g;
wolfSSL 11:cee25a834751 20432 int x;
wolfSSL 11:cee25a834751 20433
wolfSSL 11:cee25a834751 20434 WOLFSSL_ENTER("wolfSSL_EC_GROUP_new_by_curve_name");
wolfSSL 11:cee25a834751 20435
wolfSSL 11:cee25a834751 20436 /* curve group */
wolfSSL 11:cee25a834751 20437 g = (WOLFSSL_EC_GROUP*) XMALLOC(sizeof(WOLFSSL_EC_GROUP), NULL,
wolfSSL 11:cee25a834751 20438 DYNAMIC_TYPE_ECC);
wolfSSL 11:cee25a834751 20439 if (g == NULL) {
wolfSSL 11:cee25a834751 20440 WOLFSSL_MSG("wolfSSL_EC_GROUP_new_by_curve_name malloc failure");
wolfSSL 11:cee25a834751 20441 return NULL;
wolfSSL 11:cee25a834751 20442 }
wolfSSL 11:cee25a834751 20443 XMEMSET(g, 0, sizeof(WOLFSSL_EC_GROUP));
wolfSSL 11:cee25a834751 20444
wolfSSL 11:cee25a834751 20445 /* set the nid of the curve */
wolfSSL 11:cee25a834751 20446 g->curve_nid = nid;
wolfSSL 11:cee25a834751 20447
wolfSSL 11:cee25a834751 20448 /* search and set the corresponding internal curve idx */
wolfSSL 11:cee25a834751 20449 for (x = 0; ecc_sets[x].size != 0; x++)
wolfSSL 11:cee25a834751 20450 if (ecc_sets[x].id == g->curve_nid) {
wolfSSL 11:cee25a834751 20451 g->curve_idx = x;
wolfSSL 11:cee25a834751 20452 g->curve_oid = ecc_sets[x].oidSum;
wolfSSL 11:cee25a834751 20453 break;
wolfSSL 11:cee25a834751 20454 }
wolfSSL 11:cee25a834751 20455
wolfSSL 11:cee25a834751 20456 return g;
wolfSSL 11:cee25a834751 20457 }
wolfSSL 11:cee25a834751 20458
wolfSSL 11:cee25a834751 20459 /* return code compliant with OpenSSL :
wolfSSL 11:cee25a834751 20460 * the curve nid if success, 0 if error
wolfSSL 11:cee25a834751 20461 */
wolfSSL 11:cee25a834751 20462 int wolfSSL_EC_GROUP_get_curve_name(const WOLFSSL_EC_GROUP *group)
wolfSSL 11:cee25a834751 20463 {
wolfSSL 11:cee25a834751 20464 WOLFSSL_ENTER("wolfSSL_EC_GROUP_get_curve_name");
wolfSSL 11:cee25a834751 20465
wolfSSL 11:cee25a834751 20466 if (group == NULL) {
wolfSSL 11:cee25a834751 20467 WOLFSSL_MSG("wolfSSL_EC_GROUP_get_curve_name Bad arguments");
wolfSSL 11:cee25a834751 20468 return SSL_FAILURE;
wolfSSL 11:cee25a834751 20469 }
wolfSSL 11:cee25a834751 20470
wolfSSL 11:cee25a834751 20471 return group->curve_nid;
wolfSSL 11:cee25a834751 20472 }
wolfSSL 11:cee25a834751 20473
wolfSSL 11:cee25a834751 20474 /* return code compliant with OpenSSL :
wolfSSL 11:cee25a834751 20475 * the degree of the curve if success, 0 if error
wolfSSL 11:cee25a834751 20476 */
wolfSSL 11:cee25a834751 20477 int wolfSSL_EC_GROUP_get_degree(const WOLFSSL_EC_GROUP *group)
wolfSSL 11:cee25a834751 20478 {
wolfSSL 11:cee25a834751 20479 WOLFSSL_ENTER("wolfSSL_EC_GROUP_get_degree");
wolfSSL 11:cee25a834751 20480
wolfSSL 11:cee25a834751 20481 if (group == NULL || group->curve_idx < 0) {
wolfSSL 11:cee25a834751 20482 WOLFSSL_MSG("wolfSSL_EC_GROUP_get_degree Bad arguments");
wolfSSL 11:cee25a834751 20483 return SSL_FAILURE;
wolfSSL 11:cee25a834751 20484 }
wolfSSL 11:cee25a834751 20485
wolfSSL 11:cee25a834751 20486 switch(group->curve_nid) {
wolfSSL 11:cee25a834751 20487 case NID_secp112r1:
wolfSSL 11:cee25a834751 20488 case NID_secp112r2:
wolfSSL 11:cee25a834751 20489 return 112;
wolfSSL 11:cee25a834751 20490 case NID_secp128r1:
wolfSSL 11:cee25a834751 20491 case NID_secp128r2:
wolfSSL 11:cee25a834751 20492 return 128;
wolfSSL 11:cee25a834751 20493 case NID_secp160k1:
wolfSSL 11:cee25a834751 20494 case NID_secp160r1:
wolfSSL 11:cee25a834751 20495 case NID_secp160r2:
wolfSSL 11:cee25a834751 20496 case NID_brainpoolP160r1:
wolfSSL 11:cee25a834751 20497 return 160;
wolfSSL 11:cee25a834751 20498 case NID_secp192k1:
wolfSSL 11:cee25a834751 20499 case NID_brainpoolP192r1:
wolfSSL 11:cee25a834751 20500 case NID_X9_62_prime192v1:
wolfSSL 11:cee25a834751 20501 return 192;
wolfSSL 11:cee25a834751 20502 case NID_secp224k1:
wolfSSL 11:cee25a834751 20503 case NID_secp224r1:
wolfSSL 11:cee25a834751 20504 case NID_brainpoolP224r1:
wolfSSL 11:cee25a834751 20505 return 224;
wolfSSL 11:cee25a834751 20506 case NID_secp256k1:
wolfSSL 11:cee25a834751 20507 case NID_brainpoolP256r1:
wolfSSL 11:cee25a834751 20508 case NID_X9_62_prime256v1:
wolfSSL 11:cee25a834751 20509 return 256;
wolfSSL 11:cee25a834751 20510 case NID_brainpoolP320r1:
wolfSSL 11:cee25a834751 20511 return 320;
wolfSSL 11:cee25a834751 20512 case NID_secp384r1:
wolfSSL 11:cee25a834751 20513 case NID_brainpoolP384r1:
wolfSSL 11:cee25a834751 20514 return 384;
wolfSSL 11:cee25a834751 20515 case NID_secp521r1:
wolfSSL 11:cee25a834751 20516 case NID_brainpoolP512r1:
wolfSSL 11:cee25a834751 20517 return 521;
wolfSSL 11:cee25a834751 20518 default:
wolfSSL 11:cee25a834751 20519 return SSL_FAILURE;
wolfSSL 11:cee25a834751 20520 }
wolfSSL 11:cee25a834751 20521 }
wolfSSL 11:cee25a834751 20522
wolfSSL 11:cee25a834751 20523 /* return code compliant with OpenSSL :
wolfSSL 11:cee25a834751 20524 * 1 if success, 0 if error
wolfSSL 11:cee25a834751 20525 */
wolfSSL 11:cee25a834751 20526 int wolfSSL_EC_GROUP_get_order(const WOLFSSL_EC_GROUP *group,
wolfSSL 11:cee25a834751 20527 WOLFSSL_BIGNUM *order, WOLFSSL_BN_CTX *ctx)
wolfSSL 11:cee25a834751 20528 {
wolfSSL 11:cee25a834751 20529 (void)ctx;
wolfSSL 11:cee25a834751 20530
wolfSSL 11:cee25a834751 20531 if (group == NULL || order == NULL || order->internal == NULL) {
wolfSSL 11:cee25a834751 20532 WOLFSSL_MSG("wolfSSL_EC_GROUP_get_order NULL error");
wolfSSL 11:cee25a834751 20533 return SSL_FAILURE;
wolfSSL 11:cee25a834751 20534 }
wolfSSL 11:cee25a834751 20535
wolfSSL 11:cee25a834751 20536 if (mp_init((mp_int*)order->internal) != MP_OKAY) {
wolfSSL 11:cee25a834751 20537 WOLFSSL_MSG("wolfSSL_EC_GROUP_get_order mp_init failure");
wolfSSL 11:cee25a834751 20538 return SSL_FAILURE;
wolfSSL 11:cee25a834751 20539 }
wolfSSL 11:cee25a834751 20540
wolfSSL 11:cee25a834751 20541 if (mp_read_radix((mp_int*)order->internal,
wolfSSL 11:cee25a834751 20542 ecc_sets[group->curve_idx].order, 16) != MP_OKAY) {
wolfSSL 11:cee25a834751 20543 WOLFSSL_MSG("wolfSSL_EC_GROUP_get_order mp_read order failure");
wolfSSL 11:cee25a834751 20544 mp_clear((mp_int*)order->internal);
wolfSSL 11:cee25a834751 20545 return SSL_FAILURE;
wolfSSL 11:cee25a834751 20546 }
wolfSSL 11:cee25a834751 20547
wolfSSL 11:cee25a834751 20548 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 20549 }
wolfSSL 11:cee25a834751 20550 /* End EC_GROUP */
wolfSSL 11:cee25a834751 20551
wolfSSL 11:cee25a834751 20552 /* Start EC_POINT */
wolfSSL 11:cee25a834751 20553
wolfSSL 11:cee25a834751 20554 /* return code compliant with OpenSSL :
wolfSSL 11:cee25a834751 20555 * 1 if success, 0 if error
wolfSSL 11:cee25a834751 20556 */
wolfSSL 11:cee25a834751 20557 int wolfSSL_ECPoint_i2d(const WOLFSSL_EC_GROUP *group,
wolfSSL 11:cee25a834751 20558 const WOLFSSL_EC_POINT *p,
wolfSSL 11:cee25a834751 20559 unsigned char *out, unsigned int *len)
wolfSSL 11:cee25a834751 20560 {
wolfSSL 11:cee25a834751 20561 int err;
wolfSSL 11:cee25a834751 20562
wolfSSL 11:cee25a834751 20563 WOLFSSL_ENTER("wolfSSL_ECPoint_i2d");
wolfSSL 11:cee25a834751 20564
wolfSSL 11:cee25a834751 20565 if (group == NULL || p == NULL || len == NULL) {
wolfSSL 11:cee25a834751 20566 WOLFSSL_MSG("wolfSSL_ECPoint_i2d NULL error");
wolfSSL 11:cee25a834751 20567 return SSL_FAILURE;
wolfSSL 11:cee25a834751 20568 }
wolfSSL 11:cee25a834751 20569
wolfSSL 11:cee25a834751 20570 if (p->inSet == 0) {
wolfSSL 11:cee25a834751 20571 WOLFSSL_MSG("No ECPoint internal set, do it");
wolfSSL 11:cee25a834751 20572
wolfSSL 11:cee25a834751 20573 if (SetECPointInternal((WOLFSSL_EC_POINT *)p) != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 20574 WOLFSSL_MSG("SetECPointInternal SetECPointInternal failed");
wolfSSL 11:cee25a834751 20575 return SSL_FAILURE;
wolfSSL 11:cee25a834751 20576 }
wolfSSL 11:cee25a834751 20577 }
wolfSSL 11:cee25a834751 20578
wolfSSL 11:cee25a834751 20579 #if defined(DEBUG_WOLFSSL) && !defined(NO_FILESYSTEM)
wolfSSL 11:cee25a834751 20580 if (out != NULL) {
wolfSSL 11:cee25a834751 20581 wolfssl_EC_POINT_dump("i2d p", p);
wolfSSL 11:cee25a834751 20582 }
wolfSSL 11:cee25a834751 20583 #endif
wolfSSL 11:cee25a834751 20584 err = wc_ecc_export_point_der(group->curve_idx, (ecc_point*)p->internal,
wolfSSL 11:cee25a834751 20585 out, len);
wolfSSL 11:cee25a834751 20586 if (err != MP_OKAY && !(out == NULL && err == LENGTH_ONLY_E)) {
wolfSSL 11:cee25a834751 20587 WOLFSSL_MSG("wolfSSL_ECPoint_i2d wc_ecc_export_point_der failed");
wolfSSL 11:cee25a834751 20588 return SSL_FAILURE;
wolfSSL 11:cee25a834751 20589 }
wolfSSL 11:cee25a834751 20590
wolfSSL 11:cee25a834751 20591 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 20592 }
wolfSSL 11:cee25a834751 20593
wolfSSL 11:cee25a834751 20594 /* return code compliant with OpenSSL :
wolfSSL 11:cee25a834751 20595 * 1 if success, 0 if error
wolfSSL 11:cee25a834751 20596 */
wolfSSL 11:cee25a834751 20597 int wolfSSL_ECPoint_d2i(unsigned char *in, unsigned int len,
wolfSSL 11:cee25a834751 20598 const WOLFSSL_EC_GROUP *group, WOLFSSL_EC_POINT *p)
wolfSSL 11:cee25a834751 20599 {
wolfSSL 11:cee25a834751 20600 WOLFSSL_ENTER("wolfSSL_ECPoint_d2i");
wolfSSL 11:cee25a834751 20601
wolfSSL 11:cee25a834751 20602 if (group == NULL || p == NULL || p->internal == NULL || in == NULL) {
wolfSSL 11:cee25a834751 20603 WOLFSSL_MSG("wolfSSL_ECPoint_d2i NULL error");
wolfSSL 11:cee25a834751 20604 return SSL_FAILURE;
wolfSSL 11:cee25a834751 20605 }
wolfSSL 11:cee25a834751 20606
wolfSSL 11:cee25a834751 20607 if (wc_ecc_import_point_der(in, len, group->curve_idx,
wolfSSL 11:cee25a834751 20608 (ecc_point*)p->internal) != MP_OKAY) {
wolfSSL 11:cee25a834751 20609 WOLFSSL_MSG("wc_ecc_import_point_der failed");
wolfSSL 11:cee25a834751 20610 return SSL_FAILURE;
wolfSSL 11:cee25a834751 20611 }
wolfSSL 11:cee25a834751 20612
wolfSSL 11:cee25a834751 20613 if (p->exSet == 0) {
wolfSSL 11:cee25a834751 20614 WOLFSSL_MSG("No ECPoint external set, do it");
wolfSSL 11:cee25a834751 20615
wolfSSL 11:cee25a834751 20616 if (SetECPointExternal(p) != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 20617 WOLFSSL_MSG("SetECPointExternal failed");
wolfSSL 11:cee25a834751 20618 return SSL_FAILURE;
wolfSSL 11:cee25a834751 20619 }
wolfSSL 11:cee25a834751 20620 }
wolfSSL 11:cee25a834751 20621
wolfSSL 11:cee25a834751 20622 #if defined(DEBUG_WOLFSSL) && !defined(NO_FILESYSTEM)
wolfSSL 11:cee25a834751 20623 wolfssl_EC_POINT_dump("d2i p", p);
wolfSSL 11:cee25a834751 20624 #endif
wolfSSL 11:cee25a834751 20625 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 20626 }
wolfSSL 11:cee25a834751 20627
wolfSSL 11:cee25a834751 20628 WOLFSSL_EC_POINT *wolfSSL_EC_POINT_new(const WOLFSSL_EC_GROUP *group)
wolfSSL 11:cee25a834751 20629 {
wolfSSL 11:cee25a834751 20630 WOLFSSL_EC_POINT *p;
wolfSSL 11:cee25a834751 20631
wolfSSL 11:cee25a834751 20632 WOLFSSL_ENTER("wolfSSL_EC_POINT_new");
wolfSSL 11:cee25a834751 20633
wolfSSL 11:cee25a834751 20634 if (group == NULL) {
wolfSSL 11:cee25a834751 20635 WOLFSSL_MSG("wolfSSL_EC_POINT_new NULL error");
wolfSSL 11:cee25a834751 20636 return NULL;
wolfSSL 11:cee25a834751 20637 }
wolfSSL 11:cee25a834751 20638
wolfSSL 11:cee25a834751 20639 p = (WOLFSSL_EC_POINT *)XMALLOC(sizeof(WOLFSSL_EC_POINT), NULL,
wolfSSL 11:cee25a834751 20640 DYNAMIC_TYPE_ECC);
wolfSSL 11:cee25a834751 20641 if (p == NULL) {
wolfSSL 11:cee25a834751 20642 WOLFSSL_MSG("wolfSSL_EC_POINT_new malloc ecc point failure");
wolfSSL 11:cee25a834751 20643 return NULL;
wolfSSL 11:cee25a834751 20644 }
wolfSSL 11:cee25a834751 20645 XMEMSET(p, 0, sizeof(WOLFSSL_EC_POINT));
wolfSSL 11:cee25a834751 20646
wolfSSL 11:cee25a834751 20647 p->internal = wc_ecc_new_point();
wolfSSL 11:cee25a834751 20648 if (p->internal == NULL) {
wolfSSL 11:cee25a834751 20649 WOLFSSL_MSG("ecc_new_point failure");
wolfSSL 11:cee25a834751 20650 XFREE(p, NULL, DYNAMIC_TYPE_ECC);
wolfSSL 11:cee25a834751 20651 return NULL;
wolfSSL 11:cee25a834751 20652 }
wolfSSL 11:cee25a834751 20653
wolfSSL 11:cee25a834751 20654 return p;
wolfSSL 11:cee25a834751 20655 }
wolfSSL 11:cee25a834751 20656
wolfSSL 11:cee25a834751 20657 /* return code compliant with OpenSSL :
wolfSSL 11:cee25a834751 20658 * 1 if success, 0 if error
wolfSSL 11:cee25a834751 20659 */
wolfSSL 11:cee25a834751 20660 int wolfSSL_EC_POINT_get_affine_coordinates_GFp(const WOLFSSL_EC_GROUP *group,
wolfSSL 11:cee25a834751 20661 const WOLFSSL_EC_POINT *point,
wolfSSL 11:cee25a834751 20662 WOLFSSL_BIGNUM *x,
wolfSSL 11:cee25a834751 20663 WOLFSSL_BIGNUM *y,
wolfSSL 11:cee25a834751 20664 WOLFSSL_BN_CTX *ctx)
wolfSSL 11:cee25a834751 20665 {
wolfSSL 11:cee25a834751 20666 (void)ctx;
wolfSSL 11:cee25a834751 20667
wolfSSL 11:cee25a834751 20668 WOLFSSL_ENTER("wolfSSL_EC_POINT_get_affine_coordinates_GFp");
wolfSSL 11:cee25a834751 20669
wolfSSL 11:cee25a834751 20670 if (group == NULL || point == NULL || point->internal == NULL ||
wolfSSL 11:cee25a834751 20671 x == NULL || y == NULL) {
wolfSSL 11:cee25a834751 20672 WOLFSSL_MSG("wolfSSL_EC_POINT_get_affine_coordinates_GFp NULL error");
wolfSSL 11:cee25a834751 20673 return SSL_FAILURE;
wolfSSL 11:cee25a834751 20674 }
wolfSSL 11:cee25a834751 20675
wolfSSL 11:cee25a834751 20676 if (point->inSet == 0) {
wolfSSL 11:cee25a834751 20677 WOLFSSL_MSG("No ECPoint internal set, do it");
wolfSSL 11:cee25a834751 20678
wolfSSL 11:cee25a834751 20679 if (SetECPointInternal((WOLFSSL_EC_POINT *)point) != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 20680 WOLFSSL_MSG("SetECPointInternal failed");
wolfSSL 11:cee25a834751 20681 return SSL_FAILURE;
wolfSSL 11:cee25a834751 20682 }
wolfSSL 11:cee25a834751 20683 }
wolfSSL 11:cee25a834751 20684
wolfSSL 11:cee25a834751 20685 BN_copy(x, point->X);
wolfSSL 11:cee25a834751 20686 BN_copy(y, point->Y);
wolfSSL 11:cee25a834751 20687
wolfSSL 11:cee25a834751 20688 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 20689 }
wolfSSL 11:cee25a834751 20690
wolfSSL 11:cee25a834751 20691 /* return code compliant with OpenSSL :
wolfSSL 11:cee25a834751 20692 * 1 if success, 0 if error
wolfSSL 11:cee25a834751 20693 */
wolfSSL 11:cee25a834751 20694 int wolfSSL_EC_POINT_mul(const WOLFSSL_EC_GROUP *group, WOLFSSL_EC_POINT *r,
wolfSSL 11:cee25a834751 20695 const WOLFSSL_BIGNUM *n, const WOLFSSL_EC_POINT *q,
wolfSSL 11:cee25a834751 20696 const WOLFSSL_BIGNUM *m, WOLFSSL_BN_CTX *ctx)
wolfSSL 11:cee25a834751 20697 {
wolfSSL 11:cee25a834751 20698 mp_int a, prime;
wolfSSL 11:cee25a834751 20699 int ret;
wolfSSL 11:cee25a834751 20700
wolfSSL 11:cee25a834751 20701 (void)ctx;
wolfSSL 11:cee25a834751 20702 (void)n;
wolfSSL 11:cee25a834751 20703
wolfSSL 11:cee25a834751 20704 WOLFSSL_ENTER("wolfSSL_EC_POINT_mul");
wolfSSL 11:cee25a834751 20705
wolfSSL 11:cee25a834751 20706 if (group == NULL || r == NULL || r->internal == NULL ||
wolfSSL 11:cee25a834751 20707 q == NULL || q->internal == NULL || m == NULL) {
wolfSSL 11:cee25a834751 20708 WOLFSSL_MSG("wolfSSL_EC_POINT_mul NULL error");
wolfSSL 11:cee25a834751 20709 return SSL_FAILURE;
wolfSSL 11:cee25a834751 20710 }
wolfSSL 11:cee25a834751 20711
wolfSSL 11:cee25a834751 20712 if (q->inSet == 0) {
wolfSSL 11:cee25a834751 20713 WOLFSSL_MSG("No ECPoint internal set, do it");
wolfSSL 11:cee25a834751 20714
wolfSSL 11:cee25a834751 20715 if (SetECPointInternal((WOLFSSL_EC_POINT *)q) != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 20716 WOLFSSL_MSG("SetECPointInternal q failed");
wolfSSL 11:cee25a834751 20717 return SSL_FAILURE;
wolfSSL 11:cee25a834751 20718 }
wolfSSL 11:cee25a834751 20719 }
wolfSSL 11:cee25a834751 20720
wolfSSL 11:cee25a834751 20721 /* read the curve prime and a */
wolfSSL 11:cee25a834751 20722 if (mp_init_multi(&prime, &a, NULL, NULL, NULL, NULL) != MP_OKAY) {
wolfSSL 11:cee25a834751 20723 return SSL_FAILURE;
wolfSSL 11:cee25a834751 20724 }
wolfSSL 11:cee25a834751 20725
wolfSSL 11:cee25a834751 20726 ret = mp_read_radix(&prime, ecc_sets[group->curve_idx].prime, 16);
wolfSSL 11:cee25a834751 20727 if (ret == MP_OKAY)
wolfSSL 11:cee25a834751 20728 ret = mp_read_radix(&a, ecc_sets[group->curve_idx].Af, 16);
wolfSSL 11:cee25a834751 20729
wolfSSL 11:cee25a834751 20730 /* r = q * m % prime */
wolfSSL 11:cee25a834751 20731 if (ret == MP_OKAY)
wolfSSL 11:cee25a834751 20732 ret = wc_ecc_mulmod((mp_int*)m->internal, (ecc_point*)q->internal,
wolfSSL 11:cee25a834751 20733 (ecc_point*)r->internal, &a, &prime, 1);
wolfSSL 11:cee25a834751 20734
wolfSSL 11:cee25a834751 20735 mp_clear(&a);
wolfSSL 11:cee25a834751 20736 mp_clear(&prime);
wolfSSL 11:cee25a834751 20737
wolfSSL 11:cee25a834751 20738 if (ret == MP_OKAY) {
wolfSSL 11:cee25a834751 20739 /* set the external value for the computed point */
wolfSSL 11:cee25a834751 20740 ret = SetECPointInternal(r);
wolfSSL 11:cee25a834751 20741 if (ret != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 20742 WOLFSSL_MSG("SetECPointInternal r failed");
wolfSSL 11:cee25a834751 20743 }
wolfSSL 11:cee25a834751 20744 }
wolfSSL 11:cee25a834751 20745 else {
wolfSSL 11:cee25a834751 20746 ret = SSL_FAILURE;
wolfSSL 11:cee25a834751 20747 }
wolfSSL 11:cee25a834751 20748
wolfSSL 11:cee25a834751 20749 return ret;
wolfSSL 11:cee25a834751 20750 }
wolfSSL 11:cee25a834751 20751
wolfSSL 11:cee25a834751 20752 void wolfSSL_EC_POINT_clear_free(WOLFSSL_EC_POINT *p)
wolfSSL 11:cee25a834751 20753 {
wolfSSL 11:cee25a834751 20754 WOLFSSL_ENTER("wolfSSL_EC_POINT_clear_free");
wolfSSL 11:cee25a834751 20755
wolfSSL 11:cee25a834751 20756 wolfSSL_EC_POINT_free(p);
wolfSSL 11:cee25a834751 20757 }
wolfSSL 11:cee25a834751 20758
wolfSSL 11:cee25a834751 20759 /* return code compliant with OpenSSL :
wolfSSL 11:cee25a834751 20760 * 0 if equal, 1 if not and -1 in case of error
wolfSSL 11:cee25a834751 20761 */
wolfSSL 11:cee25a834751 20762 int wolfSSL_EC_POINT_cmp(const WOLFSSL_EC_GROUP *group,
wolfSSL 11:cee25a834751 20763 const WOLFSSL_EC_POINT *a, const WOLFSSL_EC_POINT *b,
wolfSSL 11:cee25a834751 20764 WOLFSSL_BN_CTX *ctx)
wolfSSL 11:cee25a834751 20765 {
wolfSSL 11:cee25a834751 20766 int ret;
wolfSSL 11:cee25a834751 20767
wolfSSL 11:cee25a834751 20768 (void)ctx;
wolfSSL 11:cee25a834751 20769
wolfSSL 11:cee25a834751 20770 WOLFSSL_ENTER("wolfSSL_EC_POINT_cmp");
wolfSSL 11:cee25a834751 20771
wolfSSL 11:cee25a834751 20772 if (group == NULL || a == NULL || a->internal == NULL || b == NULL ||
wolfSSL 11:cee25a834751 20773 b->internal == NULL) {
wolfSSL 11:cee25a834751 20774 WOLFSSL_MSG("wolfSSL_EC_POINT_cmp Bad arguments");
wolfSSL 11:cee25a834751 20775 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 20776 }
wolfSSL 11:cee25a834751 20777
wolfSSL 11:cee25a834751 20778 ret = wc_ecc_cmp_point((ecc_point*)a->internal, (ecc_point*)b->internal);
wolfSSL 11:cee25a834751 20779 if (ret == MP_EQ)
wolfSSL 11:cee25a834751 20780 return 0;
wolfSSL 11:cee25a834751 20781 else if (ret == MP_LT || ret == MP_GT)
wolfSSL 11:cee25a834751 20782 return 1;
wolfSSL 11:cee25a834751 20783
wolfSSL 11:cee25a834751 20784 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 20785 }
wolfSSL 11:cee25a834751 20786
wolfSSL 11:cee25a834751 20787 void wolfSSL_EC_POINT_free(WOLFSSL_EC_POINT *p)
wolfSSL 11:cee25a834751 20788 {
wolfSSL 11:cee25a834751 20789 WOLFSSL_ENTER("wolfSSL_EC_POINT_free");
wolfSSL 11:cee25a834751 20790
wolfSSL 11:cee25a834751 20791 if (p != NULL) {
wolfSSL 11:cee25a834751 20792 if (p->internal == NULL) {
wolfSSL 11:cee25a834751 20793 wc_ecc_del_point((ecc_point*)p->internal);
wolfSSL 11:cee25a834751 20794 XFREE(p->internal, NULL, DYNAMIC_TYPE_ECC);
wolfSSL 11:cee25a834751 20795 p->internal = NULL;
wolfSSL 11:cee25a834751 20796 }
wolfSSL 11:cee25a834751 20797
wolfSSL 11:cee25a834751 20798 wolfSSL_BN_free(p->X);
wolfSSL 11:cee25a834751 20799 wolfSSL_BN_free(p->Y);
wolfSSL 11:cee25a834751 20800 wolfSSL_BN_free(p->Z);
wolfSSL 11:cee25a834751 20801 p->X = NULL;
wolfSSL 11:cee25a834751 20802 p->Y = NULL;
wolfSSL 11:cee25a834751 20803 p->Z = NULL;
wolfSSL 11:cee25a834751 20804 p->inSet = p->exSet = 0;
wolfSSL 11:cee25a834751 20805
wolfSSL 11:cee25a834751 20806 XFREE(p, NULL, DYNAMIC_TYPE_ECC);
wolfSSL 11:cee25a834751 20807 p = NULL;
wolfSSL 11:cee25a834751 20808 }
wolfSSL 11:cee25a834751 20809 }
wolfSSL 11:cee25a834751 20810
wolfSSL 11:cee25a834751 20811 /* return code compliant with OpenSSL :
wolfSSL 11:cee25a834751 20812 * 1 if point at infinity, 0 else
wolfSSL 11:cee25a834751 20813 */
wolfSSL 11:cee25a834751 20814 int wolfSSL_EC_POINT_is_at_infinity(const WOLFSSL_EC_GROUP *group,
wolfSSL 11:cee25a834751 20815 const WOLFSSL_EC_POINT *point)
wolfSSL 11:cee25a834751 20816 {
wolfSSL 11:cee25a834751 20817 int ret;
wolfSSL 11:cee25a834751 20818
wolfSSL 11:cee25a834751 20819 WOLFSSL_ENTER("wolfSSL_EC_POINT_is_at_infinity");
wolfSSL 11:cee25a834751 20820
wolfSSL 11:cee25a834751 20821 if (group == NULL || point == NULL || point->internal == NULL) {
wolfSSL 11:cee25a834751 20822 WOLFSSL_MSG("wolfSSL_EC_POINT_is_at_infinity NULL error");
wolfSSL 11:cee25a834751 20823 return SSL_FAILURE;
wolfSSL 11:cee25a834751 20824 }
wolfSSL 11:cee25a834751 20825 if (point->inSet == 0) {
wolfSSL 11:cee25a834751 20826 WOLFSSL_MSG("No ECPoint internal set, do it");
wolfSSL 11:cee25a834751 20827
wolfSSL 11:cee25a834751 20828 if (SetECPointInternal((WOLFSSL_EC_POINT *)point) != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 20829 WOLFSSL_MSG("SetECPointInternal failed");
wolfSSL 11:cee25a834751 20830 return SSL_FAILURE;
wolfSSL 11:cee25a834751 20831 }
wolfSSL 11:cee25a834751 20832 }
wolfSSL 11:cee25a834751 20833
wolfSSL 11:cee25a834751 20834 ret = wc_ecc_point_is_at_infinity((ecc_point*)point->internal);
wolfSSL 11:cee25a834751 20835 if (ret <= 0) {
wolfSSL 11:cee25a834751 20836 WOLFSSL_MSG("ecc_point_is_at_infinity failure");
wolfSSL 11:cee25a834751 20837 return SSL_FAILURE;
wolfSSL 11:cee25a834751 20838 }
wolfSSL 11:cee25a834751 20839
wolfSSL 11:cee25a834751 20840 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 20841 }
wolfSSL 11:cee25a834751 20842
wolfSSL 11:cee25a834751 20843 /* End EC_POINT */
wolfSSL 11:cee25a834751 20844
wolfSSL 11:cee25a834751 20845 /* Start ECDSA_SIG */
wolfSSL 11:cee25a834751 20846 void wolfSSL_ECDSA_SIG_free(WOLFSSL_ECDSA_SIG *sig)
wolfSSL 11:cee25a834751 20847 {
wolfSSL 11:cee25a834751 20848 WOLFSSL_ENTER("wolfSSL_ECDSA_SIG_free");
wolfSSL 11:cee25a834751 20849
wolfSSL 11:cee25a834751 20850 if (sig) {
wolfSSL 11:cee25a834751 20851 wolfSSL_BN_free(sig->r);
wolfSSL 11:cee25a834751 20852 wolfSSL_BN_free(sig->s);
wolfSSL 11:cee25a834751 20853
wolfSSL 11:cee25a834751 20854 XFREE(sig, NULL, DYNAMIC_TYPE_ECC);
wolfSSL 11:cee25a834751 20855 }
wolfSSL 11:cee25a834751 20856 }
wolfSSL 11:cee25a834751 20857
wolfSSL 11:cee25a834751 20858 WOLFSSL_ECDSA_SIG *wolfSSL_ECDSA_SIG_new(void)
wolfSSL 11:cee25a834751 20859 {
wolfSSL 11:cee25a834751 20860 WOLFSSL_ECDSA_SIG *sig;
wolfSSL 11:cee25a834751 20861
wolfSSL 11:cee25a834751 20862 WOLFSSL_ENTER("wolfSSL_ECDSA_SIG_new");
wolfSSL 11:cee25a834751 20863
wolfSSL 11:cee25a834751 20864 sig = (WOLFSSL_ECDSA_SIG*) XMALLOC(sizeof(WOLFSSL_ECDSA_SIG), NULL,
wolfSSL 11:cee25a834751 20865 DYNAMIC_TYPE_ECC);
wolfSSL 11:cee25a834751 20866 if (sig == NULL) {
wolfSSL 11:cee25a834751 20867 WOLFSSL_MSG("wolfSSL_ECDSA_SIG_new malloc ECDSA signature failure");
wolfSSL 11:cee25a834751 20868 return NULL;
wolfSSL 11:cee25a834751 20869 }
wolfSSL 11:cee25a834751 20870
wolfSSL 11:cee25a834751 20871 sig->s = NULL;
wolfSSL 11:cee25a834751 20872 sig->r = wolfSSL_BN_new();
wolfSSL 11:cee25a834751 20873 if (sig->r == NULL) {
wolfSSL 11:cee25a834751 20874 WOLFSSL_MSG("wolfSSL_ECDSA_SIG_new malloc ECDSA r failure");
wolfSSL 11:cee25a834751 20875 wolfSSL_ECDSA_SIG_free(sig);
wolfSSL 11:cee25a834751 20876 return NULL;
wolfSSL 11:cee25a834751 20877 }
wolfSSL 11:cee25a834751 20878
wolfSSL 11:cee25a834751 20879 sig->s = wolfSSL_BN_new();
wolfSSL 11:cee25a834751 20880 if (sig->s == NULL) {
wolfSSL 11:cee25a834751 20881 WOLFSSL_MSG("wolfSSL_ECDSA_SIG_new malloc ECDSA s failure");
wolfSSL 11:cee25a834751 20882 wolfSSL_ECDSA_SIG_free(sig);
wolfSSL 11:cee25a834751 20883 return NULL;
wolfSSL 11:cee25a834751 20884 }
wolfSSL 11:cee25a834751 20885
wolfSSL 11:cee25a834751 20886 return sig;
wolfSSL 11:cee25a834751 20887 }
wolfSSL 11:cee25a834751 20888
wolfSSL 11:cee25a834751 20889 /* return signature structure on success, NULL otherwise */
wolfSSL 11:cee25a834751 20890 WOLFSSL_ECDSA_SIG *wolfSSL_ECDSA_do_sign(const unsigned char *d, int dlen,
wolfSSL 11:cee25a834751 20891 WOLFSSL_EC_KEY *key)
wolfSSL 11:cee25a834751 20892 {
wolfSSL 11:cee25a834751 20893 WOLFSSL_ECDSA_SIG *sig = NULL;
wolfSSL 11:cee25a834751 20894 int initTmpRng = 0;
wolfSSL 11:cee25a834751 20895 WC_RNG* rng = NULL;
wolfSSL 11:cee25a834751 20896 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 20897 WC_RNG* tmpRNG = NULL;
wolfSSL 11:cee25a834751 20898 #else
wolfSSL 11:cee25a834751 20899 WC_RNG tmpRNG[1];
wolfSSL 11:cee25a834751 20900 #endif
wolfSSL 11:cee25a834751 20901
wolfSSL 11:cee25a834751 20902 WOLFSSL_ENTER("wolfSSL_ECDSA_do_sign");
wolfSSL 11:cee25a834751 20903
wolfSSL 11:cee25a834751 20904 if (d == NULL || key == NULL || key->internal == NULL) {
wolfSSL 11:cee25a834751 20905 WOLFSSL_MSG("wolfSSL_ECDSA_do_sign Bad arguments");
wolfSSL 11:cee25a834751 20906 return NULL;
wolfSSL 11:cee25a834751 20907 }
wolfSSL 11:cee25a834751 20908
wolfSSL 11:cee25a834751 20909 /* set internal key if not done */
wolfSSL 11:cee25a834751 20910 if (key->inSet == 0)
wolfSSL 11:cee25a834751 20911 {
wolfSSL 11:cee25a834751 20912 WOLFSSL_MSG("wolfSSL_ECDSA_do_sign No EC key internal set, do it");
wolfSSL 11:cee25a834751 20913
wolfSSL 11:cee25a834751 20914 if (SetECKeyInternal(key) != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 20915 WOLFSSL_MSG("wolfSSL_ECDSA_do_sign SetECKeyInternal failed");
wolfSSL 11:cee25a834751 20916 return NULL;
wolfSSL 11:cee25a834751 20917 }
wolfSSL 11:cee25a834751 20918 }
wolfSSL 11:cee25a834751 20919
wolfSSL 11:cee25a834751 20920 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 20921 tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 20922 if (tmpRNG == NULL)
wolfSSL 11:cee25a834751 20923 return NULL;
wolfSSL 11:cee25a834751 20924 #endif
wolfSSL 11:cee25a834751 20925
wolfSSL 11:cee25a834751 20926 if (wc_InitRng(tmpRNG) == 0) {
wolfSSL 11:cee25a834751 20927 rng = tmpRNG;
wolfSSL 11:cee25a834751 20928 initTmpRng = 1;
wolfSSL 11:cee25a834751 20929 }
wolfSSL 11:cee25a834751 20930 else {
wolfSSL 11:cee25a834751 20931 WOLFSSL_MSG("wolfSSL_ECDSA_do_sign Bad RNG Init, trying global");
wolfSSL 11:cee25a834751 20932 if (initGlobalRNG == 0)
wolfSSL 11:cee25a834751 20933 WOLFSSL_MSG("wolfSSL_ECDSA_do_sign Global RNG no Init");
wolfSSL 11:cee25a834751 20934 else
wolfSSL 11:cee25a834751 20935 rng = &globalRNG;
wolfSSL 11:cee25a834751 20936 }
wolfSSL 11:cee25a834751 20937
wolfSSL 11:cee25a834751 20938 if (rng) {
wolfSSL 11:cee25a834751 20939 mp_int sig_r, sig_s;
wolfSSL 11:cee25a834751 20940
wolfSSL 11:cee25a834751 20941 if (mp_init_multi(&sig_r, &sig_s, NULL, NULL, NULL, NULL) == MP_OKAY) {
wolfSSL 11:cee25a834751 20942 if (wc_ecc_sign_hash_ex(d, dlen, rng, (ecc_key*)key->internal,
wolfSSL 11:cee25a834751 20943 &sig_r, &sig_s) != MP_OKAY) {
wolfSSL 11:cee25a834751 20944 WOLFSSL_MSG("wc_ecc_sign_hash_ex failed");
wolfSSL 11:cee25a834751 20945 }
wolfSSL 11:cee25a834751 20946 else {
wolfSSL 11:cee25a834751 20947 /* put signature blob in ECDSA structure */
wolfSSL 11:cee25a834751 20948 sig = wolfSSL_ECDSA_SIG_new();
wolfSSL 11:cee25a834751 20949 if (sig == NULL)
wolfSSL 11:cee25a834751 20950 WOLFSSL_MSG("wolfSSL_ECDSA_SIG_new failed");
wolfSSL 11:cee25a834751 20951 else if (SetIndividualExternal(&(sig->r), &sig_r)!=SSL_SUCCESS){
wolfSSL 11:cee25a834751 20952 WOLFSSL_MSG("ecdsa r key error");
wolfSSL 11:cee25a834751 20953 wolfSSL_ECDSA_SIG_free(sig);
wolfSSL 11:cee25a834751 20954 sig = NULL;
wolfSSL 11:cee25a834751 20955 }
wolfSSL 11:cee25a834751 20956 else if (SetIndividualExternal(&(sig->s), &sig_s)!=SSL_SUCCESS){
wolfSSL 11:cee25a834751 20957 WOLFSSL_MSG("ecdsa s key error");
wolfSSL 11:cee25a834751 20958 wolfSSL_ECDSA_SIG_free(sig);
wolfSSL 11:cee25a834751 20959 sig = NULL;
wolfSSL 11:cee25a834751 20960 }
wolfSSL 11:cee25a834751 20961
wolfSSL 11:cee25a834751 20962 }
wolfSSL 11:cee25a834751 20963 mp_free(&sig_r);
wolfSSL 11:cee25a834751 20964 mp_free(&sig_s);
wolfSSL 11:cee25a834751 20965 }
wolfSSL 11:cee25a834751 20966 }
wolfSSL 11:cee25a834751 20967
wolfSSL 11:cee25a834751 20968 if (initTmpRng)
wolfSSL 11:cee25a834751 20969 wc_FreeRng(tmpRNG);
wolfSSL 11:cee25a834751 20970 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 20971 XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 20972 #endif
wolfSSL 11:cee25a834751 20973
wolfSSL 11:cee25a834751 20974 return sig;
wolfSSL 11:cee25a834751 20975 }
wolfSSL 11:cee25a834751 20976
wolfSSL 11:cee25a834751 20977 /* return code compliant with OpenSSL :
wolfSSL 11:cee25a834751 20978 * 1 for a valid signature, 0 for an invalid signature and -1 on error
wolfSSL 11:cee25a834751 20979 */
wolfSSL 11:cee25a834751 20980 int wolfSSL_ECDSA_do_verify(const unsigned char *d, int dlen,
wolfSSL 11:cee25a834751 20981 const WOLFSSL_ECDSA_SIG *sig, WOLFSSL_EC_KEY *key)
wolfSSL 11:cee25a834751 20982 {
wolfSSL 11:cee25a834751 20983 int check_sign = 0;
wolfSSL 11:cee25a834751 20984
wolfSSL 11:cee25a834751 20985 WOLFSSL_ENTER("wolfSSL_ECDSA_do_verify");
wolfSSL 11:cee25a834751 20986
wolfSSL 11:cee25a834751 20987 if (d == NULL || sig == NULL || key == NULL || key->internal == NULL) {
wolfSSL 11:cee25a834751 20988 WOLFSSL_MSG("wolfSSL_ECDSA_do_verify Bad arguments");
wolfSSL 11:cee25a834751 20989 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 20990 }
wolfSSL 11:cee25a834751 20991
wolfSSL 11:cee25a834751 20992 /* set internal key if not done */
wolfSSL 11:cee25a834751 20993 if (key->inSet == 0)
wolfSSL 11:cee25a834751 20994 {
wolfSSL 11:cee25a834751 20995 WOLFSSL_MSG("No EC key internal set, do it");
wolfSSL 11:cee25a834751 20996
wolfSSL 11:cee25a834751 20997 if (SetECKeyInternal(key) != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 20998 WOLFSSL_MSG("SetECKeyInternal failed");
wolfSSL 11:cee25a834751 20999 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 21000 }
wolfSSL 11:cee25a834751 21001 }
wolfSSL 11:cee25a834751 21002
wolfSSL 11:cee25a834751 21003 if (wc_ecc_verify_hash_ex((mp_int*)sig->r->internal,
wolfSSL 11:cee25a834751 21004 (mp_int*)sig->s->internal, d, dlen, &check_sign,
wolfSSL 11:cee25a834751 21005 (ecc_key *)key->internal) != MP_OKAY) {
wolfSSL 11:cee25a834751 21006 WOLFSSL_MSG("wc_ecc_verify_hash failed");
wolfSSL 11:cee25a834751 21007 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 21008 }
wolfSSL 11:cee25a834751 21009 else if (check_sign == 0) {
wolfSSL 11:cee25a834751 21010 WOLFSSL_MSG("wc_ecc_verify_hash incorrect signature detected");
wolfSSL 11:cee25a834751 21011 return SSL_FAILURE;
wolfSSL 11:cee25a834751 21012 }
wolfSSL 11:cee25a834751 21013
wolfSSL 11:cee25a834751 21014 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 21015 }
wolfSSL 11:cee25a834751 21016 /* End ECDSA_SIG */
wolfSSL 11:cee25a834751 21017
wolfSSL 11:cee25a834751 21018 /* Start ECDH */
wolfSSL 11:cee25a834751 21019 /* return code compliant with OpenSSL :
wolfSSL 11:cee25a834751 21020 * length of computed key if success, -1 if error
wolfSSL 11:cee25a834751 21021 */
wolfSSL 11:cee25a834751 21022 int wolfSSL_ECDH_compute_key(void *out, size_t outlen,
wolfSSL 11:cee25a834751 21023 const WOLFSSL_EC_POINT *pub_key,
wolfSSL 11:cee25a834751 21024 WOLFSSL_EC_KEY *ecdh,
wolfSSL 11:cee25a834751 21025 void *(*KDF) (const void *in, size_t inlen,
wolfSSL 11:cee25a834751 21026 void *out, size_t *outlen))
wolfSSL 11:cee25a834751 21027 {
wolfSSL 11:cee25a834751 21028 word32 len;
wolfSSL 11:cee25a834751 21029 (void)KDF;
wolfSSL 11:cee25a834751 21030
wolfSSL 11:cee25a834751 21031 (void)KDF;
wolfSSL 11:cee25a834751 21032
wolfSSL 11:cee25a834751 21033 WOLFSSL_ENTER("wolfSSL_ECDH_compute_key");
wolfSSL 11:cee25a834751 21034
wolfSSL 11:cee25a834751 21035 if (out == NULL || pub_key == NULL || pub_key->internal == NULL ||
wolfSSL 11:cee25a834751 21036 ecdh == NULL || ecdh->internal == NULL) {
wolfSSL 11:cee25a834751 21037 WOLFSSL_MSG("Bad function arguments");
wolfSSL 11:cee25a834751 21038 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 21039 }
wolfSSL 11:cee25a834751 21040
wolfSSL 11:cee25a834751 21041 /* set internal key if not done */
wolfSSL 11:cee25a834751 21042 if (ecdh->inSet == 0)
wolfSSL 11:cee25a834751 21043 {
wolfSSL 11:cee25a834751 21044 WOLFSSL_MSG("No EC key internal set, do it");
wolfSSL 11:cee25a834751 21045
wolfSSL 11:cee25a834751 21046 if (SetECKeyInternal(ecdh) != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 21047 WOLFSSL_MSG("SetECKeyInternal failed");
wolfSSL 11:cee25a834751 21048 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 21049 }
wolfSSL 11:cee25a834751 21050 }
wolfSSL 11:cee25a834751 21051
wolfSSL 11:cee25a834751 21052 len = (word32)outlen;
wolfSSL 11:cee25a834751 21053
wolfSSL 11:cee25a834751 21054 if (wc_ecc_shared_secret_ssh((ecc_key*)ecdh->internal,
wolfSSL 11:cee25a834751 21055 (ecc_point*)pub_key->internal,
wolfSSL 11:cee25a834751 21056 (byte *)out, &len) != MP_OKAY) {
wolfSSL 11:cee25a834751 21057 WOLFSSL_MSG("wc_ecc_shared_secret failed");
wolfSSL 11:cee25a834751 21058 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 21059 }
wolfSSL 11:cee25a834751 21060
wolfSSL 11:cee25a834751 21061 return len;
wolfSSL 11:cee25a834751 21062 }
wolfSSL 11:cee25a834751 21063 /* End ECDH */
wolfSSL 11:cee25a834751 21064
wolfSSL 11:cee25a834751 21065 #if !defined(NO_FILESYSTEM)
wolfSSL 11:cee25a834751 21066 /* return code compliant with OpenSSL :
wolfSSL 11:cee25a834751 21067 * 1 if success, 0 if error
wolfSSL 11:cee25a834751 21068 */
wolfSSL 11:cee25a834751 21069 int wolfSSL_PEM_write_EC_PUBKEY(FILE *fp, WOLFSSL_EC_KEY *x)
wolfSSL 11:cee25a834751 21070 {
wolfSSL 11:cee25a834751 21071 (void)fp;
wolfSSL 11:cee25a834751 21072 (void)x;
wolfSSL 11:cee25a834751 21073
wolfSSL 11:cee25a834751 21074 WOLFSSL_MSG("wolfSSL_PEM_write_EC_PUBKEY not implemented");
wolfSSL 11:cee25a834751 21075
wolfSSL 11:cee25a834751 21076 return SSL_FAILURE;
wolfSSL 11:cee25a834751 21077 }
wolfSSL 11:cee25a834751 21078 #endif /* NO_FILESYSTEM */
wolfSSL 11:cee25a834751 21079
wolfSSL 11:cee25a834751 21080 #if defined(WOLFSSL_KEY_GEN)
wolfSSL 11:cee25a834751 21081
wolfSSL 11:cee25a834751 21082 /* return code compliant with OpenSSL :
wolfSSL 11:cee25a834751 21083 * 1 if success, 0 if error
wolfSSL 11:cee25a834751 21084 */
wolfSSL 11:cee25a834751 21085 int wolfSSL_PEM_write_bio_ECPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EC_KEY* ecc,
wolfSSL 11:cee25a834751 21086 const EVP_CIPHER* cipher,
wolfSSL 11:cee25a834751 21087 unsigned char* passwd, int len,
wolfSSL 11:cee25a834751 21088 pem_password_cb* cb, void* arg)
wolfSSL 11:cee25a834751 21089 {
wolfSSL 11:cee25a834751 21090 (void)bio;
wolfSSL 11:cee25a834751 21091 (void)ecc;
wolfSSL 11:cee25a834751 21092 (void)cipher;
wolfSSL 11:cee25a834751 21093 (void)passwd;
wolfSSL 11:cee25a834751 21094 (void)len;
wolfSSL 11:cee25a834751 21095 (void)cb;
wolfSSL 11:cee25a834751 21096 (void)arg;
wolfSSL 11:cee25a834751 21097
wolfSSL 11:cee25a834751 21098 WOLFSSL_MSG("wolfSSL_PEM_write_bio_ECPrivateKey not implemented");
wolfSSL 11:cee25a834751 21099
wolfSSL 11:cee25a834751 21100 return SSL_FAILURE;
wolfSSL 11:cee25a834751 21101 }
wolfSSL 11:cee25a834751 21102
wolfSSL 11:cee25a834751 21103 /* return code compliant with OpenSSL :
wolfSSL 11:cee25a834751 21104 * 1 if success, 0 if error
wolfSSL 11:cee25a834751 21105 */
wolfSSL 11:cee25a834751 21106 int wolfSSL_PEM_write_mem_ECPrivateKey(WOLFSSL_EC_KEY* ecc,
wolfSSL 11:cee25a834751 21107 const EVP_CIPHER* cipher,
wolfSSL 11:cee25a834751 21108 unsigned char* passwd, int passwdSz,
wolfSSL 11:cee25a834751 21109 unsigned char **pem, int *plen)
wolfSSL 11:cee25a834751 21110 {
wolfSSL 11:cee25a834751 21111 byte *derBuf, *tmp, *cipherInfo = NULL;
wolfSSL 11:cee25a834751 21112 int der_max_len = 0, derSz = 0;
wolfSSL 11:cee25a834751 21113
wolfSSL 11:cee25a834751 21114 WOLFSSL_MSG("wolfSSL_PEM_write_mem_ECPrivateKey");
wolfSSL 11:cee25a834751 21115
wolfSSL 11:cee25a834751 21116 if (pem == NULL || plen == NULL || ecc == NULL || ecc->internal == NULL) {
wolfSSL 11:cee25a834751 21117 WOLFSSL_MSG("Bad function arguments");
wolfSSL 11:cee25a834751 21118 return SSL_FAILURE;
wolfSSL 11:cee25a834751 21119 }
wolfSSL 11:cee25a834751 21120
wolfSSL 11:cee25a834751 21121 if (ecc->inSet == 0) {
wolfSSL 11:cee25a834751 21122 WOLFSSL_MSG("No ECC internal set, do it");
wolfSSL 11:cee25a834751 21123
wolfSSL 11:cee25a834751 21124 if (SetECKeyInternal(ecc) != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 21125 WOLFSSL_MSG("SetDsaInternal failed");
wolfSSL 11:cee25a834751 21126 return SSL_FAILURE;
wolfSSL 11:cee25a834751 21127 }
wolfSSL 11:cee25a834751 21128 }
wolfSSL 11:cee25a834751 21129
wolfSSL 11:cee25a834751 21130 /* 4 > size of pub, priv + ASN.1 additional informations
wolfSSL 11:cee25a834751 21131 */
wolfSSL 11:cee25a834751 21132 der_max_len = 4 * wc_ecc_size((ecc_key*)ecc->internal) + AES_BLOCK_SIZE;
wolfSSL 11:cee25a834751 21133
wolfSSL 11:cee25a834751 21134 derBuf = (byte*)XMALLOC(der_max_len, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 21135 if (derBuf == NULL) {
wolfSSL 11:cee25a834751 21136 WOLFSSL_MSG("malloc failed");
wolfSSL 11:cee25a834751 21137 return SSL_FAILURE;
wolfSSL 11:cee25a834751 21138 }
wolfSSL 11:cee25a834751 21139
wolfSSL 11:cee25a834751 21140 /* Key to DER */
wolfSSL 11:cee25a834751 21141 derSz = wc_EccKeyToDer((ecc_key*)ecc->internal, derBuf, der_max_len);
wolfSSL 11:cee25a834751 21142 if (derSz < 0) {
wolfSSL 11:cee25a834751 21143 WOLFSSL_MSG("wc_DsaKeyToDer failed");
wolfSSL 11:cee25a834751 21144 XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 21145 return SSL_FAILURE;
wolfSSL 11:cee25a834751 21146 }
wolfSSL 11:cee25a834751 21147
wolfSSL 11:cee25a834751 21148 /* encrypt DER buffer if required */
wolfSSL 11:cee25a834751 21149 if (passwd != NULL && passwdSz > 0 && cipher != NULL) {
wolfSSL 11:cee25a834751 21150 int ret;
wolfSSL 11:cee25a834751 21151
wolfSSL 11:cee25a834751 21152 ret = EncryptDerKey(derBuf, &derSz, cipher,
wolfSSL 11:cee25a834751 21153 passwd, passwdSz, &cipherInfo);
wolfSSL 11:cee25a834751 21154 if (ret != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 21155 WOLFSSL_MSG("EncryptDerKey failed");
wolfSSL 11:cee25a834751 21156 XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 21157 return ret;
wolfSSL 11:cee25a834751 21158 }
wolfSSL 11:cee25a834751 21159
wolfSSL 11:cee25a834751 21160 /* tmp buffer with a max size */
wolfSSL 11:cee25a834751 21161 *plen = (derSz * 2) + sizeof(BEGIN_EC_PRIV) +
wolfSSL 11:cee25a834751 21162 sizeof(END_EC_PRIV) + HEADER_ENCRYPTED_KEY_SIZE;
wolfSSL 11:cee25a834751 21163 }
wolfSSL 11:cee25a834751 21164 else /* tmp buffer with a max size */
wolfSSL 11:cee25a834751 21165 *plen = (derSz * 2) + sizeof(BEGIN_EC_PRIV) + sizeof(END_EC_PRIV);
wolfSSL 11:cee25a834751 21166
wolfSSL 11:cee25a834751 21167 tmp = (byte*)XMALLOC(*plen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 21168 if (tmp == NULL) {
wolfSSL 11:cee25a834751 21169 WOLFSSL_MSG("malloc failed");
wolfSSL 11:cee25a834751 21170 XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 21171 if (cipherInfo != NULL)
wolfSSL 11:cee25a834751 21172 XFREE(cipherInfo, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 21173 return SSL_FAILURE;
wolfSSL 11:cee25a834751 21174 }
wolfSSL 11:cee25a834751 21175
wolfSSL 11:cee25a834751 21176 /* DER to PEM */
wolfSSL 11:cee25a834751 21177 *plen = wc_DerToPemEx(derBuf, derSz, tmp, *plen, cipherInfo, ECC_PRIVATEKEY_TYPE);
wolfSSL 11:cee25a834751 21178 if (*plen <= 0) {
wolfSSL 11:cee25a834751 21179 WOLFSSL_MSG("wc_DerToPemEx failed");
wolfSSL 11:cee25a834751 21180 XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 21181 XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 21182 if (cipherInfo != NULL)
wolfSSL 11:cee25a834751 21183 XFREE(cipherInfo, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 21184 return SSL_FAILURE;
wolfSSL 11:cee25a834751 21185 }
wolfSSL 11:cee25a834751 21186 XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 21187 if (cipherInfo != NULL)
wolfSSL 11:cee25a834751 21188 XFREE(cipherInfo, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 21189
wolfSSL 11:cee25a834751 21190 *pem = (byte*)XMALLOC((*plen)+1, NULL, DYNAMIC_TYPE_KEY);
wolfSSL 11:cee25a834751 21191 if (*pem == NULL) {
wolfSSL 11:cee25a834751 21192 WOLFSSL_MSG("malloc failed");
wolfSSL 11:cee25a834751 21193 XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 21194 return SSL_FAILURE;
wolfSSL 11:cee25a834751 21195 }
wolfSSL 11:cee25a834751 21196 XMEMSET(*pem, 0, (*plen)+1);
wolfSSL 11:cee25a834751 21197
wolfSSL 11:cee25a834751 21198 if (XMEMCPY(*pem, tmp, *plen) == NULL) {
wolfSSL 11:cee25a834751 21199 WOLFSSL_MSG("XMEMCPY failed");
wolfSSL 11:cee25a834751 21200 XFREE(pem, NULL, DYNAMIC_TYPE_KEY);
wolfSSL 11:cee25a834751 21201 XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 21202 return SSL_FAILURE;
wolfSSL 11:cee25a834751 21203 }
wolfSSL 11:cee25a834751 21204 XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 21205
wolfSSL 11:cee25a834751 21206 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 21207 }
wolfSSL 11:cee25a834751 21208
wolfSSL 11:cee25a834751 21209 #ifndef NO_FILESYSTEM
wolfSSL 11:cee25a834751 21210 /* return code compliant with OpenSSL :
wolfSSL 11:cee25a834751 21211 * 1 if success, 0 if error
wolfSSL 11:cee25a834751 21212 */
wolfSSL 11:cee25a834751 21213 int wolfSSL_PEM_write_ECPrivateKey(FILE *fp, WOLFSSL_EC_KEY *ecc,
wolfSSL 11:cee25a834751 21214 const EVP_CIPHER *enc,
wolfSSL 11:cee25a834751 21215 unsigned char *kstr, int klen,
wolfSSL 11:cee25a834751 21216 pem_password_cb *cb, void *u)
wolfSSL 11:cee25a834751 21217 {
wolfSSL 11:cee25a834751 21218 byte *pem;
wolfSSL 11:cee25a834751 21219 int plen, ret;
wolfSSL 11:cee25a834751 21220
wolfSSL 11:cee25a834751 21221 (void)cb;
wolfSSL 11:cee25a834751 21222 (void)u;
wolfSSL 11:cee25a834751 21223
wolfSSL 11:cee25a834751 21224 WOLFSSL_MSG("wolfSSL_PEM_write_ECPrivateKey");
wolfSSL 11:cee25a834751 21225
wolfSSL 11:cee25a834751 21226 if (fp == NULL || ecc == NULL || ecc->internal == NULL) {
wolfSSL 11:cee25a834751 21227 WOLFSSL_MSG("Bad function arguments");
wolfSSL 11:cee25a834751 21228 return SSL_FAILURE;
wolfSSL 11:cee25a834751 21229 }
wolfSSL 11:cee25a834751 21230
wolfSSL 11:cee25a834751 21231 ret = wolfSSL_PEM_write_mem_ECPrivateKey(ecc, enc, kstr, klen, &pem, &plen);
wolfSSL 11:cee25a834751 21232 if (ret != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 21233 WOLFSSL_MSG("wolfSSL_PEM_write_mem_ECPrivateKey failed");
wolfSSL 11:cee25a834751 21234 return SSL_FAILURE;
wolfSSL 11:cee25a834751 21235 }
wolfSSL 11:cee25a834751 21236
wolfSSL 11:cee25a834751 21237 ret = (int)XFWRITE(pem, plen, 1, fp);
wolfSSL 11:cee25a834751 21238 if (ret != 1) {
wolfSSL 11:cee25a834751 21239 WOLFSSL_MSG("ECC private key file write failed");
wolfSSL 11:cee25a834751 21240 return SSL_FAILURE;
wolfSSL 11:cee25a834751 21241 }
wolfSSL 11:cee25a834751 21242
wolfSSL 11:cee25a834751 21243 XFREE(pem, NULL, DYNAMIC_TYPE_KEY);
wolfSSL 11:cee25a834751 21244 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 21245 }
wolfSSL 11:cee25a834751 21246
wolfSSL 11:cee25a834751 21247 #endif /* NO_FILESYSTEM */
wolfSSL 11:cee25a834751 21248 #endif /* defined(WOLFSSL_KEY_GEN) */
wolfSSL 11:cee25a834751 21249
wolfSSL 11:cee25a834751 21250 #endif /* HAVE_ECC */
wolfSSL 11:cee25a834751 21251
wolfSSL 11:cee25a834751 21252
wolfSSL 11:cee25a834751 21253 #ifndef NO_DSA
wolfSSL 11:cee25a834751 21254
wolfSSL 11:cee25a834751 21255 #if defined(WOLFSSL_KEY_GEN)
wolfSSL 11:cee25a834751 21256
wolfSSL 11:cee25a834751 21257 /* return code compliant with OpenSSL :
wolfSSL 11:cee25a834751 21258 * 1 if success, 0 if error
wolfSSL 11:cee25a834751 21259 */
wolfSSL 11:cee25a834751 21260 int wolfSSL_PEM_write_bio_DSAPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_DSA* dsa,
wolfSSL 11:cee25a834751 21261 const EVP_CIPHER* cipher,
wolfSSL 11:cee25a834751 21262 unsigned char* passwd, int len,
wolfSSL 11:cee25a834751 21263 pem_password_cb* cb, void* arg)
wolfSSL 11:cee25a834751 21264 {
wolfSSL 11:cee25a834751 21265 (void)bio;
wolfSSL 11:cee25a834751 21266 (void)dsa;
wolfSSL 11:cee25a834751 21267 (void)cipher;
wolfSSL 11:cee25a834751 21268 (void)passwd;
wolfSSL 11:cee25a834751 21269 (void)len;
wolfSSL 11:cee25a834751 21270 (void)cb;
wolfSSL 11:cee25a834751 21271 (void)arg;
wolfSSL 11:cee25a834751 21272
wolfSSL 11:cee25a834751 21273 WOLFSSL_MSG("wolfSSL_PEM_write_bio_DSAPrivateKey not implemented");
wolfSSL 11:cee25a834751 21274
wolfSSL 11:cee25a834751 21275 return SSL_FAILURE;
wolfSSL 11:cee25a834751 21276 }
wolfSSL 11:cee25a834751 21277
wolfSSL 11:cee25a834751 21278 /* return code compliant with OpenSSL :
wolfSSL 11:cee25a834751 21279 * 1 if success, 0 if error
wolfSSL 11:cee25a834751 21280 */
wolfSSL 11:cee25a834751 21281 int wolfSSL_PEM_write_mem_DSAPrivateKey(WOLFSSL_DSA* dsa,
wolfSSL 11:cee25a834751 21282 const EVP_CIPHER* cipher,
wolfSSL 11:cee25a834751 21283 unsigned char* passwd, int passwdSz,
wolfSSL 11:cee25a834751 21284 unsigned char **pem, int *plen)
wolfSSL 11:cee25a834751 21285 {
wolfSSL 11:cee25a834751 21286 byte *derBuf, *tmp, *cipherInfo = NULL;
wolfSSL 11:cee25a834751 21287 int der_max_len = 0, derSz = 0;
wolfSSL 11:cee25a834751 21288
wolfSSL 11:cee25a834751 21289 WOLFSSL_MSG("wolfSSL_PEM_write_mem_DSAPrivateKey");
wolfSSL 11:cee25a834751 21290
wolfSSL 11:cee25a834751 21291 if (pem == NULL || plen == NULL || dsa == NULL || dsa->internal == NULL) {
wolfSSL 11:cee25a834751 21292 WOLFSSL_MSG("Bad function arguments");
wolfSSL 11:cee25a834751 21293 return SSL_FAILURE;
wolfSSL 11:cee25a834751 21294 }
wolfSSL 11:cee25a834751 21295
wolfSSL 11:cee25a834751 21296 if (dsa->inSet == 0) {
wolfSSL 11:cee25a834751 21297 WOLFSSL_MSG("No DSA internal set, do it");
wolfSSL 11:cee25a834751 21298
wolfSSL 11:cee25a834751 21299 if (SetDsaInternal(dsa) != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 21300 WOLFSSL_MSG("SetDsaInternal failed");
wolfSSL 11:cee25a834751 21301 return SSL_FAILURE;
wolfSSL 11:cee25a834751 21302 }
wolfSSL 11:cee25a834751 21303 }
wolfSSL 11:cee25a834751 21304
wolfSSL 11:cee25a834751 21305 /* 4 > size of pub, priv, p, q, g + ASN.1 additional informations
wolfSSL 11:cee25a834751 21306 */
wolfSSL 11:cee25a834751 21307 der_max_len = 4 * wolfSSL_BN_num_bytes(dsa->g) + AES_BLOCK_SIZE;
wolfSSL 11:cee25a834751 21308
wolfSSL 11:cee25a834751 21309 derBuf = (byte*)XMALLOC(der_max_len, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 21310 if (derBuf == NULL) {
wolfSSL 11:cee25a834751 21311 WOLFSSL_MSG("malloc failed");
wolfSSL 11:cee25a834751 21312 return SSL_FAILURE;
wolfSSL 11:cee25a834751 21313 }
wolfSSL 11:cee25a834751 21314
wolfSSL 11:cee25a834751 21315 /* Key to DER */
wolfSSL 11:cee25a834751 21316 derSz = wc_DsaKeyToDer((DsaKey*)dsa->internal, derBuf, der_max_len);
wolfSSL 11:cee25a834751 21317 if (derSz < 0) {
wolfSSL 11:cee25a834751 21318 WOLFSSL_MSG("wc_DsaKeyToDer failed");
wolfSSL 11:cee25a834751 21319 XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 21320 return SSL_FAILURE;
wolfSSL 11:cee25a834751 21321 }
wolfSSL 11:cee25a834751 21322
wolfSSL 11:cee25a834751 21323 /* encrypt DER buffer if required */
wolfSSL 11:cee25a834751 21324 if (passwd != NULL && passwdSz > 0 && cipher != NULL) {
wolfSSL 11:cee25a834751 21325 int ret;
wolfSSL 11:cee25a834751 21326
wolfSSL 11:cee25a834751 21327 ret = EncryptDerKey(derBuf, &derSz, cipher,
wolfSSL 11:cee25a834751 21328 passwd, passwdSz, &cipherInfo);
wolfSSL 11:cee25a834751 21329 if (ret != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 21330 WOLFSSL_MSG("EncryptDerKey failed");
wolfSSL 11:cee25a834751 21331 XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 21332 return ret;
wolfSSL 11:cee25a834751 21333 }
wolfSSL 11:cee25a834751 21334
wolfSSL 11:cee25a834751 21335 /* tmp buffer with a max size */
wolfSSL 11:cee25a834751 21336 *plen = (derSz * 2) + sizeof(BEGIN_DSA_PRIV) +
wolfSSL 11:cee25a834751 21337 sizeof(END_DSA_PRIV) + HEADER_ENCRYPTED_KEY_SIZE;
wolfSSL 11:cee25a834751 21338 }
wolfSSL 11:cee25a834751 21339 else /* tmp buffer with a max size */
wolfSSL 11:cee25a834751 21340 *plen = (derSz * 2) + sizeof(BEGIN_DSA_PRIV) + sizeof(END_DSA_PRIV);
wolfSSL 11:cee25a834751 21341
wolfSSL 11:cee25a834751 21342 tmp = (byte*)XMALLOC(*plen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 21343 if (tmp == NULL) {
wolfSSL 11:cee25a834751 21344 WOLFSSL_MSG("malloc failed");
wolfSSL 11:cee25a834751 21345 XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 21346 if (cipherInfo != NULL)
wolfSSL 11:cee25a834751 21347 XFREE(cipherInfo, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 21348 return SSL_FAILURE;
wolfSSL 11:cee25a834751 21349 }
wolfSSL 11:cee25a834751 21350
wolfSSL 11:cee25a834751 21351 /* DER to PEM */
wolfSSL 11:cee25a834751 21352 *plen = wc_DerToPemEx(derBuf, derSz, tmp, *plen, cipherInfo, DSA_PRIVATEKEY_TYPE);
wolfSSL 11:cee25a834751 21353 if (*plen <= 0) {
wolfSSL 11:cee25a834751 21354 WOLFSSL_MSG("wc_DerToPemEx failed");
wolfSSL 11:cee25a834751 21355 XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 21356 XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 21357 if (cipherInfo != NULL)
wolfSSL 11:cee25a834751 21358 XFREE(cipherInfo, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 21359 return SSL_FAILURE;
wolfSSL 11:cee25a834751 21360 }
wolfSSL 11:cee25a834751 21361 XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 21362 if (cipherInfo != NULL)
wolfSSL 11:cee25a834751 21363 XFREE(cipherInfo, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 21364
wolfSSL 11:cee25a834751 21365 *pem = (byte*)XMALLOC((*plen)+1, NULL, DYNAMIC_TYPE_KEY);
wolfSSL 11:cee25a834751 21366 if (*pem == NULL) {
wolfSSL 11:cee25a834751 21367 WOLFSSL_MSG("malloc failed");
wolfSSL 11:cee25a834751 21368 XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 21369 return SSL_FAILURE;
wolfSSL 11:cee25a834751 21370 }
wolfSSL 11:cee25a834751 21371 XMEMSET(*pem, 0, (*plen)+1);
wolfSSL 11:cee25a834751 21372
wolfSSL 11:cee25a834751 21373 if (XMEMCPY(*pem, tmp, *plen) == NULL) {
wolfSSL 11:cee25a834751 21374 WOLFSSL_MSG("XMEMCPY failed");
wolfSSL 11:cee25a834751 21375 XFREE(pem, NULL, DYNAMIC_TYPE_KEY);
wolfSSL 11:cee25a834751 21376 XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 21377 return SSL_FAILURE;
wolfSSL 11:cee25a834751 21378 }
wolfSSL 11:cee25a834751 21379 XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 21380
wolfSSL 11:cee25a834751 21381 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 21382 }
wolfSSL 11:cee25a834751 21383
wolfSSL 11:cee25a834751 21384 #ifndef NO_FILESYSTEM
wolfSSL 11:cee25a834751 21385 /* return code compliant with OpenSSL :
wolfSSL 11:cee25a834751 21386 * 1 if success, 0 if error
wolfSSL 11:cee25a834751 21387 */
wolfSSL 11:cee25a834751 21388 int wolfSSL_PEM_write_DSAPrivateKey(FILE *fp, WOLFSSL_DSA *dsa,
wolfSSL 11:cee25a834751 21389 const EVP_CIPHER *enc,
wolfSSL 11:cee25a834751 21390 unsigned char *kstr, int klen,
wolfSSL 11:cee25a834751 21391 pem_password_cb *cb, void *u)
wolfSSL 11:cee25a834751 21392 {
wolfSSL 11:cee25a834751 21393 byte *pem;
wolfSSL 11:cee25a834751 21394 int plen, ret;
wolfSSL 11:cee25a834751 21395
wolfSSL 11:cee25a834751 21396 (void)cb;
wolfSSL 11:cee25a834751 21397 (void)u;
wolfSSL 11:cee25a834751 21398
wolfSSL 11:cee25a834751 21399 WOLFSSL_MSG("wolfSSL_PEM_write_DSAPrivateKey");
wolfSSL 11:cee25a834751 21400
wolfSSL 11:cee25a834751 21401 if (fp == NULL || dsa == NULL || dsa->internal == NULL) {
wolfSSL 11:cee25a834751 21402 WOLFSSL_MSG("Bad function arguments");
wolfSSL 11:cee25a834751 21403 return SSL_FAILURE;
wolfSSL 11:cee25a834751 21404 }
wolfSSL 11:cee25a834751 21405
wolfSSL 11:cee25a834751 21406 ret = wolfSSL_PEM_write_mem_DSAPrivateKey(dsa, enc, kstr, klen, &pem, &plen);
wolfSSL 11:cee25a834751 21407 if (ret != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 21408 WOLFSSL_MSG("wolfSSL_PEM_write_mem_DSAPrivateKey failed");
wolfSSL 11:cee25a834751 21409 return SSL_FAILURE;
wolfSSL 11:cee25a834751 21410 }
wolfSSL 11:cee25a834751 21411
wolfSSL 11:cee25a834751 21412 ret = (int)XFWRITE(pem, plen, 1, fp);
wolfSSL 11:cee25a834751 21413 if (ret != 1) {
wolfSSL 11:cee25a834751 21414 WOLFSSL_MSG("DSA private key file write failed");
wolfSSL 11:cee25a834751 21415 return SSL_FAILURE;
wolfSSL 11:cee25a834751 21416 }
wolfSSL 11:cee25a834751 21417
wolfSSL 11:cee25a834751 21418 XFREE(pem, NULL, DYNAMIC_TYPE_KEY);
wolfSSL 11:cee25a834751 21419 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 21420 }
wolfSSL 11:cee25a834751 21421
wolfSSL 11:cee25a834751 21422 #endif /* NO_FILESYSTEM */
wolfSSL 11:cee25a834751 21423 #endif /* defined(WOLFSSL_KEY_GEN) */
wolfSSL 11:cee25a834751 21424
wolfSSL 11:cee25a834751 21425 #ifndef NO_FILESYSTEM
wolfSSL 11:cee25a834751 21426 /* return code compliant with OpenSSL :
wolfSSL 11:cee25a834751 21427 * 1 if success, 0 if error
wolfSSL 11:cee25a834751 21428 */
wolfSSL 11:cee25a834751 21429 int wolfSSL_PEM_write_DSA_PUBKEY(FILE *fp, WOLFSSL_DSA *x)
wolfSSL 11:cee25a834751 21430 {
wolfSSL 11:cee25a834751 21431 (void)fp;
wolfSSL 11:cee25a834751 21432 (void)x;
wolfSSL 11:cee25a834751 21433
wolfSSL 11:cee25a834751 21434 WOLFSSL_MSG("wolfSSL_PEM_write_DSA_PUBKEY not implemented");
wolfSSL 11:cee25a834751 21435
wolfSSL 11:cee25a834751 21436 return SSL_FAILURE;
wolfSSL 11:cee25a834751 21437 }
wolfSSL 11:cee25a834751 21438 #endif /* NO_FILESYSTEM */
wolfSSL 11:cee25a834751 21439
wolfSSL 11:cee25a834751 21440 #endif /* #ifndef NO_DSA */
wolfSSL 11:cee25a834751 21441
wolfSSL 11:cee25a834751 21442 WOLFSSL_EVP_PKEY* wolfSSL_PEM_read_bio_PrivateKey(WOLFSSL_BIO* bio,
wolfSSL 11:cee25a834751 21443 WOLFSSL_EVP_PKEY** key, pem_password_cb* cb, void* arg)
wolfSSL 11:cee25a834751 21444 {
wolfSSL 11:cee25a834751 21445 (void)bio;
wolfSSL 11:cee25a834751 21446 (void)key;
wolfSSL 11:cee25a834751 21447 (void)cb;
wolfSSL 11:cee25a834751 21448 (void)arg;
wolfSSL 11:cee25a834751 21449
wolfSSL 11:cee25a834751 21450 WOLFSSL_MSG("wolfSSL_PEM_read_bio_PrivateKey not implemented");
wolfSSL 11:cee25a834751 21451
wolfSSL 11:cee25a834751 21452 return NULL;
wolfSSL 11:cee25a834751 21453 }
wolfSSL 11:cee25a834751 21454
wolfSSL 11:cee25a834751 21455
wolfSSL 11:cee25a834751 21456 int wolfSSL_EVP_PKEY_type(int type)
wolfSSL 11:cee25a834751 21457 {
wolfSSL 11:cee25a834751 21458 (void) type;
wolfSSL 11:cee25a834751 21459 WOLFSSL_MSG("wolfSSL_EVP_PKEY_type always returns EVP_PKEY_RSA");
wolfSSL 11:cee25a834751 21460 return EVP_PKEY_RSA;
wolfSSL 11:cee25a834751 21461 }
wolfSSL 11:cee25a834751 21462
wolfSSL 11:cee25a834751 21463 int wolfSSL_EVP_PKEY_base_id(const EVP_PKEY *pkey)
wolfSSL 11:cee25a834751 21464 {
wolfSSL 11:cee25a834751 21465 return EVP_PKEY_type(pkey->type);
wolfSSL 11:cee25a834751 21466 }
wolfSSL 11:cee25a834751 21467
wolfSSL 11:cee25a834751 21468
wolfSSL 11:cee25a834751 21469 #if !defined(NO_FILESYSTEM)
wolfSSL 11:cee25a834751 21470 WOLFSSL_EVP_PKEY *wolfSSL_PEM_read_PUBKEY(FILE *fp, EVP_PKEY **x,
wolfSSL 11:cee25a834751 21471 pem_password_cb *cb, void *u)
wolfSSL 11:cee25a834751 21472 {
wolfSSL 11:cee25a834751 21473 (void)fp;
wolfSSL 11:cee25a834751 21474 (void)x;
wolfSSL 11:cee25a834751 21475 (void)cb;
wolfSSL 11:cee25a834751 21476 (void)u;
wolfSSL 11:cee25a834751 21477
wolfSSL 11:cee25a834751 21478 WOLFSSL_MSG("wolfSSL_PEM_read_PUBKEY not implemented");
wolfSSL 11:cee25a834751 21479
wolfSSL 11:cee25a834751 21480 return NULL;
wolfSSL 11:cee25a834751 21481 }
wolfSSL 11:cee25a834751 21482 #endif /* NO_FILESYSTEM */
wolfSSL 11:cee25a834751 21483
wolfSSL 11:cee25a834751 21484 #ifndef NO_RSA
wolfSSL 11:cee25a834751 21485
wolfSSL 11:cee25a834751 21486 #if !defined(NO_FILESYSTEM)
wolfSSL 11:cee25a834751 21487 WOLFSSL_RSA *wolfSSL_PEM_read_RSAPublicKey(FILE *fp, WOLFSSL_RSA **x,
wolfSSL 11:cee25a834751 21488 pem_password_cb *cb, void *u)
wolfSSL 11:cee25a834751 21489 {
wolfSSL 11:cee25a834751 21490 (void)fp;
wolfSSL 11:cee25a834751 21491 (void)x;
wolfSSL 11:cee25a834751 21492 (void)cb;
wolfSSL 11:cee25a834751 21493 (void)u;
wolfSSL 11:cee25a834751 21494
wolfSSL 11:cee25a834751 21495 WOLFSSL_MSG("wolfSSL_PEM_read_RSAPublicKey not implemented");
wolfSSL 11:cee25a834751 21496
wolfSSL 11:cee25a834751 21497 return NULL;
wolfSSL 11:cee25a834751 21498 }
wolfSSL 11:cee25a834751 21499
wolfSSL 11:cee25a834751 21500 /* return code compliant with OpenSSL :
wolfSSL 11:cee25a834751 21501 * 1 if success, 0 if error
wolfSSL 11:cee25a834751 21502 */
wolfSSL 11:cee25a834751 21503 int wolfSSL_PEM_write_RSAPublicKey(FILE *fp, WOLFSSL_RSA *x)
wolfSSL 11:cee25a834751 21504 {
wolfSSL 11:cee25a834751 21505 (void)fp;
wolfSSL 11:cee25a834751 21506 (void)x;
wolfSSL 11:cee25a834751 21507
wolfSSL 11:cee25a834751 21508 WOLFSSL_MSG("wolfSSL_PEM_write_RSAPublicKey not implemented");
wolfSSL 11:cee25a834751 21509
wolfSSL 11:cee25a834751 21510 return SSL_FAILURE;
wolfSSL 11:cee25a834751 21511 }
wolfSSL 11:cee25a834751 21512
wolfSSL 11:cee25a834751 21513 /* return code compliant with OpenSSL :
wolfSSL 11:cee25a834751 21514 * 1 if success, 0 if error
wolfSSL 11:cee25a834751 21515 */
wolfSSL 11:cee25a834751 21516 int wolfSSL_PEM_write_RSA_PUBKEY(FILE *fp, WOLFSSL_RSA *x)
wolfSSL 11:cee25a834751 21517 {
wolfSSL 11:cee25a834751 21518 (void)fp;
wolfSSL 11:cee25a834751 21519 (void)x;
wolfSSL 11:cee25a834751 21520
wolfSSL 11:cee25a834751 21521 WOLFSSL_MSG("wolfSSL_PEM_write_RSA_PUBKEY not implemented");
wolfSSL 11:cee25a834751 21522
wolfSSL 11:cee25a834751 21523 return SSL_FAILURE;
wolfSSL 11:cee25a834751 21524 }
wolfSSL 11:cee25a834751 21525 #endif /* NO_FILESYSTEM */
wolfSSL 11:cee25a834751 21526
wolfSSL 11:cee25a834751 21527 /* return SSL_SUCCESS if success, SSL_FATAL_ERROR if error */
wolfSSL 11:cee25a834751 21528 int wolfSSL_RSA_LoadDer(WOLFSSL_RSA* rsa, const unsigned char* derBuf, int derSz)
wolfSSL 11:cee25a834751 21529 {
wolfSSL 11:cee25a834751 21530 word32 idx = 0;
wolfSSL 11:cee25a834751 21531 int ret;
wolfSSL 11:cee25a834751 21532
wolfSSL 11:cee25a834751 21533 WOLFSSL_ENTER("wolfSSL_RSA_LoadDer");
wolfSSL 11:cee25a834751 21534
wolfSSL 11:cee25a834751 21535 if (rsa == NULL || rsa->internal == NULL || derBuf == NULL || derSz <= 0) {
wolfSSL 11:cee25a834751 21536 WOLFSSL_MSG("Bad function arguments");
wolfSSL 11:cee25a834751 21537 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 21538 }
wolfSSL 11:cee25a834751 21539
wolfSSL 11:cee25a834751 21540 ret = wc_RsaPrivateKeyDecode(derBuf, &idx, (RsaKey*)rsa->internal, derSz);
wolfSSL 11:cee25a834751 21541 if (ret < 0) {
wolfSSL 11:cee25a834751 21542 WOLFSSL_MSG("RsaPrivateKeyDecode failed");
wolfSSL 11:cee25a834751 21543 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 21544 }
wolfSSL 11:cee25a834751 21545
wolfSSL 11:cee25a834751 21546 if (SetRsaExternal(rsa) != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 21547 WOLFSSL_MSG("SetRsaExternal failed");
wolfSSL 11:cee25a834751 21548 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 21549 }
wolfSSL 11:cee25a834751 21550
wolfSSL 11:cee25a834751 21551 rsa->inSet = 1;
wolfSSL 11:cee25a834751 21552
wolfSSL 11:cee25a834751 21553 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 21554 }
wolfSSL 11:cee25a834751 21555 #endif /* NO_RSA */
wolfSSL 11:cee25a834751 21556
wolfSSL 11:cee25a834751 21557
wolfSSL 11:cee25a834751 21558 #ifndef NO_DSA
wolfSSL 11:cee25a834751 21559 /* return SSL_SUCCESS if success, SSL_FATAL_ERROR if error */
wolfSSL 11:cee25a834751 21560 int wolfSSL_DSA_LoadDer(WOLFSSL_DSA* dsa, const unsigned char* derBuf, int derSz)
wolfSSL 11:cee25a834751 21561 {
wolfSSL 11:cee25a834751 21562 word32 idx = 0;
wolfSSL 11:cee25a834751 21563 int ret;
wolfSSL 11:cee25a834751 21564
wolfSSL 11:cee25a834751 21565 WOLFSSL_ENTER("wolfSSL_DSA_LoadDer");
wolfSSL 11:cee25a834751 21566
wolfSSL 11:cee25a834751 21567 if (dsa == NULL || dsa->internal == NULL || derBuf == NULL || derSz <= 0) {
wolfSSL 11:cee25a834751 21568 WOLFSSL_MSG("Bad function arguments");
wolfSSL 11:cee25a834751 21569 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 21570 }
wolfSSL 11:cee25a834751 21571
wolfSSL 11:cee25a834751 21572 ret = DsaPrivateKeyDecode(derBuf, &idx, (DsaKey*)dsa->internal, derSz);
wolfSSL 11:cee25a834751 21573 if (ret < 0) {
wolfSSL 11:cee25a834751 21574 WOLFSSL_MSG("DsaPrivateKeyDecode failed");
wolfSSL 11:cee25a834751 21575 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 21576 }
wolfSSL 11:cee25a834751 21577
wolfSSL 11:cee25a834751 21578 if (SetDsaExternal(dsa) != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 21579 WOLFSSL_MSG("SetDsaExternal failed");
wolfSSL 11:cee25a834751 21580 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 21581 }
wolfSSL 11:cee25a834751 21582
wolfSSL 11:cee25a834751 21583 dsa->inSet = 1;
wolfSSL 11:cee25a834751 21584
wolfSSL 11:cee25a834751 21585 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 21586 }
wolfSSL 11:cee25a834751 21587 #endif /* NO_DSA */
wolfSSL 11:cee25a834751 21588
wolfSSL 11:cee25a834751 21589 #ifdef HAVE_ECC
wolfSSL 11:cee25a834751 21590 /* return SSL_SUCCESS if success, SSL_FATAL_ERROR if error */
wolfSSL 11:cee25a834751 21591 int wolfSSL_EC_KEY_LoadDer(WOLFSSL_EC_KEY* key,
wolfSSL 11:cee25a834751 21592 const unsigned char* derBuf, int derSz)
wolfSSL 11:cee25a834751 21593 {
wolfSSL 11:cee25a834751 21594 word32 idx = 0;
wolfSSL 11:cee25a834751 21595 int ret;
wolfSSL 11:cee25a834751 21596
wolfSSL 11:cee25a834751 21597 WOLFSSL_ENTER("wolfSSL_EC_KEY_LoadDer");
wolfSSL 11:cee25a834751 21598
wolfSSL 11:cee25a834751 21599 if (key == NULL || key->internal == NULL || derBuf == NULL || derSz <= 0) {
wolfSSL 11:cee25a834751 21600 WOLFSSL_MSG("Bad function arguments");
wolfSSL 11:cee25a834751 21601 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 21602 }
wolfSSL 11:cee25a834751 21603
wolfSSL 11:cee25a834751 21604 ret = wc_EccPrivateKeyDecode(derBuf, &idx, (ecc_key*)key->internal, derSz);
wolfSSL 11:cee25a834751 21605 if (ret < 0) {
wolfSSL 11:cee25a834751 21606 WOLFSSL_MSG("wc_EccPrivateKeyDecode failed");
wolfSSL 11:cee25a834751 21607 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 21608 }
wolfSSL 11:cee25a834751 21609
wolfSSL 11:cee25a834751 21610 if (SetECKeyExternal(key) != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 21611 WOLFSSL_MSG("SetECKeyExternal failed");
wolfSSL 11:cee25a834751 21612 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 21613 }
wolfSSL 11:cee25a834751 21614
wolfSSL 11:cee25a834751 21615 key->inSet = 1;
wolfSSL 11:cee25a834751 21616
wolfSSL 11:cee25a834751 21617 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 21618 }
wolfSSL 11:cee25a834751 21619 #endif /* HAVE_ECC */
wolfSSL 11:cee25a834751 21620
wolfSSL 11:cee25a834751 21621 #endif /* OPENSSL_EXTRA */
wolfSSL 11:cee25a834751 21622
wolfSSL 11:cee25a834751 21623
wolfSSL 11:cee25a834751 21624 #ifdef SESSION_CERTS
wolfSSL 11:cee25a834751 21625
wolfSSL 11:cee25a834751 21626
wolfSSL 11:cee25a834751 21627 /* Get peer's certificate chain */
wolfSSL 11:cee25a834751 21628 WOLFSSL_X509_CHAIN* wolfSSL_get_peer_chain(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 21629 {
wolfSSL 11:cee25a834751 21630 WOLFSSL_ENTER("wolfSSL_get_peer_chain");
wolfSSL 11:cee25a834751 21631 if (ssl)
wolfSSL 11:cee25a834751 21632 return &ssl->session.chain;
wolfSSL 11:cee25a834751 21633
wolfSSL 11:cee25a834751 21634 return 0;
wolfSSL 11:cee25a834751 21635 }
wolfSSL 11:cee25a834751 21636
wolfSSL 11:cee25a834751 21637
wolfSSL 11:cee25a834751 21638 /* Get peer's certificate chain total count */
wolfSSL 11:cee25a834751 21639 int wolfSSL_get_chain_count(WOLFSSL_X509_CHAIN* chain)
wolfSSL 11:cee25a834751 21640 {
wolfSSL 11:cee25a834751 21641 WOLFSSL_ENTER("wolfSSL_get_chain_count");
wolfSSL 11:cee25a834751 21642 if (chain)
wolfSSL 11:cee25a834751 21643 return chain->count;
wolfSSL 11:cee25a834751 21644
wolfSSL 11:cee25a834751 21645 return 0;
wolfSSL 11:cee25a834751 21646 }
wolfSSL 11:cee25a834751 21647
wolfSSL 11:cee25a834751 21648
wolfSSL 11:cee25a834751 21649 /* Get peer's ASN.1 DER certificate at index (idx) length in bytes */
wolfSSL 11:cee25a834751 21650 int wolfSSL_get_chain_length(WOLFSSL_X509_CHAIN* chain, int idx)
wolfSSL 11:cee25a834751 21651 {
wolfSSL 11:cee25a834751 21652 WOLFSSL_ENTER("wolfSSL_get_chain_length");
wolfSSL 11:cee25a834751 21653 if (chain)
wolfSSL 11:cee25a834751 21654 return chain->certs[idx].length;
wolfSSL 11:cee25a834751 21655
wolfSSL 11:cee25a834751 21656 return 0;
wolfSSL 11:cee25a834751 21657 }
wolfSSL 11:cee25a834751 21658
wolfSSL 11:cee25a834751 21659
wolfSSL 11:cee25a834751 21660 /* Get peer's ASN.1 DER certificate at index (idx) */
wolfSSL 11:cee25a834751 21661 byte* wolfSSL_get_chain_cert(WOLFSSL_X509_CHAIN* chain, int idx)
wolfSSL 11:cee25a834751 21662 {
wolfSSL 11:cee25a834751 21663 WOLFSSL_ENTER("wolfSSL_get_chain_cert");
wolfSSL 11:cee25a834751 21664 if (chain)
wolfSSL 11:cee25a834751 21665 return chain->certs[idx].buffer;
wolfSSL 11:cee25a834751 21666
wolfSSL 11:cee25a834751 21667 return 0;
wolfSSL 11:cee25a834751 21668 }
wolfSSL 11:cee25a834751 21669
wolfSSL 11:cee25a834751 21670
wolfSSL 11:cee25a834751 21671 /* Get peer's wolfSSL X509 certificate at index (idx) */
wolfSSL 11:cee25a834751 21672 WOLFSSL_X509* wolfSSL_get_chain_X509(WOLFSSL_X509_CHAIN* chain, int idx)
wolfSSL 11:cee25a834751 21673 {
wolfSSL 11:cee25a834751 21674 int ret;
wolfSSL 11:cee25a834751 21675 WOLFSSL_X509* x509 = NULL;
wolfSSL 11:cee25a834751 21676 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 21677 DecodedCert* cert = NULL;
wolfSSL 11:cee25a834751 21678 #else
wolfSSL 11:cee25a834751 21679 DecodedCert cert[1];
wolfSSL 11:cee25a834751 21680 #endif
wolfSSL 11:cee25a834751 21681
wolfSSL 11:cee25a834751 21682 WOLFSSL_ENTER("wolfSSL_get_chain_X509");
wolfSSL 11:cee25a834751 21683 if (chain != NULL) {
wolfSSL 11:cee25a834751 21684 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 21685 cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL,
wolfSSL 11:cee25a834751 21686 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 21687 if (cert != NULL)
wolfSSL 11:cee25a834751 21688 #endif
wolfSSL 11:cee25a834751 21689 {
wolfSSL 11:cee25a834751 21690 InitDecodedCert(cert, chain->certs[idx].buffer,
wolfSSL 11:cee25a834751 21691 chain->certs[idx].length, NULL);
wolfSSL 11:cee25a834751 21692
wolfSSL 11:cee25a834751 21693 if ((ret = ParseCertRelative(cert, CERT_TYPE, 0, NULL)) != 0) {
wolfSSL 11:cee25a834751 21694 WOLFSSL_MSG("Failed to parse cert");
wolfSSL 11:cee25a834751 21695 }
wolfSSL 11:cee25a834751 21696 else {
wolfSSL 11:cee25a834751 21697 x509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), NULL,
wolfSSL 11:cee25a834751 21698 DYNAMIC_TYPE_X509);
wolfSSL 11:cee25a834751 21699 if (x509 == NULL) {
wolfSSL 11:cee25a834751 21700 WOLFSSL_MSG("Failed alloc X509");
wolfSSL 11:cee25a834751 21701 }
wolfSSL 11:cee25a834751 21702 else {
wolfSSL 11:cee25a834751 21703 InitX509(x509, 1, NULL);
wolfSSL 11:cee25a834751 21704
wolfSSL 11:cee25a834751 21705 if ((ret = CopyDecodedToX509(x509, cert)) != 0) {
wolfSSL 11:cee25a834751 21706 WOLFSSL_MSG("Failed to copy decoded");
wolfSSL 11:cee25a834751 21707 XFREE(x509, NULL, DYNAMIC_TYPE_X509);
wolfSSL 11:cee25a834751 21708 x509 = NULL;
wolfSSL 11:cee25a834751 21709 }
wolfSSL 11:cee25a834751 21710 }
wolfSSL 11:cee25a834751 21711 }
wolfSSL 11:cee25a834751 21712
wolfSSL 11:cee25a834751 21713 FreeDecodedCert(cert);
wolfSSL 11:cee25a834751 21714 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 21715 XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 21716 #endif
wolfSSL 11:cee25a834751 21717 }
wolfSSL 11:cee25a834751 21718 }
wolfSSL 11:cee25a834751 21719 (void)ret;
wolfSSL 11:cee25a834751 21720
wolfSSL 11:cee25a834751 21721 return x509;
wolfSSL 11:cee25a834751 21722 }
wolfSSL 11:cee25a834751 21723
wolfSSL 11:cee25a834751 21724
wolfSSL 11:cee25a834751 21725 /* Get peer's PEM certificate at index (idx), output to buffer if inLen big
wolfSSL 11:cee25a834751 21726 enough else return error (-1). If buffer is NULL only calculate
wolfSSL 11:cee25a834751 21727 outLen. Output length is in *outLen SSL_SUCCESS on ok */
wolfSSL 11:cee25a834751 21728 int wolfSSL_get_chain_cert_pem(WOLFSSL_X509_CHAIN* chain, int idx,
wolfSSL 11:cee25a834751 21729 unsigned char* buf, int inLen, int* outLen)
wolfSSL 11:cee25a834751 21730 {
wolfSSL 11:cee25a834751 21731 const char header[] = "-----BEGIN CERTIFICATE-----\n";
wolfSSL 11:cee25a834751 21732 const char footer[] = "-----END CERTIFICATE-----\n";
wolfSSL 11:cee25a834751 21733
wolfSSL 11:cee25a834751 21734 int headerLen = sizeof(header) - 1;
wolfSSL 11:cee25a834751 21735 int footerLen = sizeof(footer) - 1;
wolfSSL 11:cee25a834751 21736 int i;
wolfSSL 11:cee25a834751 21737 int err;
wolfSSL 11:cee25a834751 21738 word32 szNeeded = 0;
wolfSSL 11:cee25a834751 21739
wolfSSL 11:cee25a834751 21740 WOLFSSL_ENTER("wolfSSL_get_chain_cert_pem");
wolfSSL 11:cee25a834751 21741 if (!chain || !outLen || idx < 0 || idx >= wolfSSL_get_chain_count(chain))
wolfSSL 11:cee25a834751 21742 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 21743
wolfSSL 11:cee25a834751 21744 /* Null output buffer return size needed in outLen */
wolfSSL 11:cee25a834751 21745 if(!buf) {
wolfSSL 11:cee25a834751 21746 if(Base64_Encode(chain->certs[idx].buffer, chain->certs[idx].length,
wolfSSL 11:cee25a834751 21747 NULL, &szNeeded) != LENGTH_ONLY_E)
wolfSSL 11:cee25a834751 21748 return SSL_FAILURE;
wolfSSL 11:cee25a834751 21749 *outLen = szNeeded + headerLen + footerLen;
wolfSSL 11:cee25a834751 21750 return LENGTH_ONLY_E;
wolfSSL 11:cee25a834751 21751 }
wolfSSL 11:cee25a834751 21752
wolfSSL 11:cee25a834751 21753 /* don't even try if inLen too short */
wolfSSL 11:cee25a834751 21754 if (inLen < headerLen + footerLen + chain->certs[idx].length)
wolfSSL 11:cee25a834751 21755 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 21756
wolfSSL 11:cee25a834751 21757 /* header */
wolfSSL 11:cee25a834751 21758 if (XMEMCPY(buf, header, headerLen) == NULL)
wolfSSL 11:cee25a834751 21759 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 21760
wolfSSL 11:cee25a834751 21761 i = headerLen;
wolfSSL 11:cee25a834751 21762
wolfSSL 11:cee25a834751 21763 /* body */
wolfSSL 11:cee25a834751 21764 *outLen = inLen; /* input to Base64_Encode */
wolfSSL 11:cee25a834751 21765 if ( (err = Base64_Encode(chain->certs[idx].buffer,
wolfSSL 11:cee25a834751 21766 chain->certs[idx].length, buf + i, (word32*)outLen)) < 0)
wolfSSL 11:cee25a834751 21767 return err;
wolfSSL 11:cee25a834751 21768 i += *outLen;
wolfSSL 11:cee25a834751 21769
wolfSSL 11:cee25a834751 21770 /* footer */
wolfSSL 11:cee25a834751 21771 if ( (i + footerLen) > inLen)
wolfSSL 11:cee25a834751 21772 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 21773 if (XMEMCPY(buf + i, footer, footerLen) == NULL)
wolfSSL 11:cee25a834751 21774 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 21775 *outLen += headerLen + footerLen;
wolfSSL 11:cee25a834751 21776
wolfSSL 11:cee25a834751 21777 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 21778 }
wolfSSL 11:cee25a834751 21779
wolfSSL 11:cee25a834751 21780
wolfSSL 11:cee25a834751 21781 /* get session ID */
wolfSSL 11:cee25a834751 21782 const byte* wolfSSL_get_sessionID(const WOLFSSL_SESSION* session)
wolfSSL 11:cee25a834751 21783 {
wolfSSL 11:cee25a834751 21784 WOLFSSL_ENTER("wolfSSL_get_sessionID");
wolfSSL 11:cee25a834751 21785 if (session)
wolfSSL 11:cee25a834751 21786 return session->sessionID;
wolfSSL 11:cee25a834751 21787
wolfSSL 11:cee25a834751 21788 return NULL;
wolfSSL 11:cee25a834751 21789 }
wolfSSL 11:cee25a834751 21790
wolfSSL 11:cee25a834751 21791
wolfSSL 11:cee25a834751 21792 #endif /* SESSION_CERTS */
wolfSSL 11:cee25a834751 21793
wolfSSL 11:cee25a834751 21794 #ifdef HAVE_FUZZER
wolfSSL 11:cee25a834751 21795 void wolfSSL_SetFuzzerCb(WOLFSSL* ssl, CallbackFuzzer cbf, void* fCtx)
wolfSSL 11:cee25a834751 21796 {
wolfSSL 11:cee25a834751 21797 if (ssl) {
wolfSSL 11:cee25a834751 21798 ssl->fuzzerCb = cbf;
wolfSSL 11:cee25a834751 21799 ssl->fuzzerCtx = fCtx;
wolfSSL 11:cee25a834751 21800 }
wolfSSL 11:cee25a834751 21801 }
wolfSSL 11:cee25a834751 21802 #endif
wolfSSL 11:cee25a834751 21803
wolfSSL 11:cee25a834751 21804 #ifndef NO_CERTS
wolfSSL 11:cee25a834751 21805 #ifdef HAVE_PK_CALLBACKS
wolfSSL 11:cee25a834751 21806
wolfSSL 11:cee25a834751 21807 #ifdef HAVE_ECC
wolfSSL 11:cee25a834751 21808
wolfSSL 11:cee25a834751 21809 void wolfSSL_CTX_SetEccSignCb(WOLFSSL_CTX* ctx, CallbackEccSign cb)
wolfSSL 11:cee25a834751 21810 {
wolfSSL 11:cee25a834751 21811 if (ctx)
wolfSSL 11:cee25a834751 21812 ctx->EccSignCb = cb;
wolfSSL 11:cee25a834751 21813 }
wolfSSL 11:cee25a834751 21814
wolfSSL 11:cee25a834751 21815
wolfSSL 11:cee25a834751 21816 void wolfSSL_SetEccSignCtx(WOLFSSL* ssl, void *ctx)
wolfSSL 11:cee25a834751 21817 {
wolfSSL 11:cee25a834751 21818 if (ssl)
wolfSSL 11:cee25a834751 21819 ssl->EccSignCtx = ctx;
wolfSSL 11:cee25a834751 21820 }
wolfSSL 11:cee25a834751 21821
wolfSSL 11:cee25a834751 21822
wolfSSL 11:cee25a834751 21823 void* wolfSSL_GetEccSignCtx(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 21824 {
wolfSSL 11:cee25a834751 21825 if (ssl)
wolfSSL 11:cee25a834751 21826 return ssl->EccSignCtx;
wolfSSL 11:cee25a834751 21827
wolfSSL 11:cee25a834751 21828 return NULL;
wolfSSL 11:cee25a834751 21829 }
wolfSSL 11:cee25a834751 21830
wolfSSL 11:cee25a834751 21831
wolfSSL 11:cee25a834751 21832 void wolfSSL_CTX_SetEccVerifyCb(WOLFSSL_CTX* ctx, CallbackEccVerify cb)
wolfSSL 11:cee25a834751 21833 {
wolfSSL 11:cee25a834751 21834 if (ctx)
wolfSSL 11:cee25a834751 21835 ctx->EccVerifyCb = cb;
wolfSSL 11:cee25a834751 21836 }
wolfSSL 11:cee25a834751 21837
wolfSSL 11:cee25a834751 21838
wolfSSL 11:cee25a834751 21839 void wolfSSL_SetEccVerifyCtx(WOLFSSL* ssl, void *ctx)
wolfSSL 11:cee25a834751 21840 {
wolfSSL 11:cee25a834751 21841 if (ssl)
wolfSSL 11:cee25a834751 21842 ssl->EccVerifyCtx = ctx;
wolfSSL 11:cee25a834751 21843 }
wolfSSL 11:cee25a834751 21844
wolfSSL 11:cee25a834751 21845
wolfSSL 11:cee25a834751 21846 void* wolfSSL_GetEccVerifyCtx(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 21847 {
wolfSSL 11:cee25a834751 21848 if (ssl)
wolfSSL 11:cee25a834751 21849 return ssl->EccVerifyCtx;
wolfSSL 11:cee25a834751 21850
wolfSSL 11:cee25a834751 21851 return NULL;
wolfSSL 11:cee25a834751 21852 }
wolfSSL 11:cee25a834751 21853
wolfSSL 11:cee25a834751 21854 void wolfSSL_CTX_SetEccSharedSecretCb(WOLFSSL_CTX* ctx, CallbackEccSharedSecret cb)
wolfSSL 11:cee25a834751 21855 {
wolfSSL 11:cee25a834751 21856 if (ctx)
wolfSSL 11:cee25a834751 21857 ctx->EccSharedSecretCb = cb;
wolfSSL 11:cee25a834751 21858 }
wolfSSL 11:cee25a834751 21859
wolfSSL 11:cee25a834751 21860 void wolfSSL_SetEccSharedSecretCtx(WOLFSSL* ssl, void *ctx)
wolfSSL 11:cee25a834751 21861 {
wolfSSL 11:cee25a834751 21862 if (ssl)
wolfSSL 11:cee25a834751 21863 ssl->EccSharedSecretCtx = ctx;
wolfSSL 11:cee25a834751 21864 }
wolfSSL 11:cee25a834751 21865
wolfSSL 11:cee25a834751 21866
wolfSSL 11:cee25a834751 21867 void* wolfSSL_GetEccSharedSecretCtx(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 21868 {
wolfSSL 11:cee25a834751 21869 if (ssl)
wolfSSL 11:cee25a834751 21870 return ssl->EccSharedSecretCtx;
wolfSSL 11:cee25a834751 21871
wolfSSL 11:cee25a834751 21872 return NULL;
wolfSSL 11:cee25a834751 21873 }
wolfSSL 11:cee25a834751 21874 #endif /* HAVE_ECC */
wolfSSL 11:cee25a834751 21875
wolfSSL 11:cee25a834751 21876 #ifndef NO_RSA
wolfSSL 11:cee25a834751 21877
wolfSSL 11:cee25a834751 21878 void wolfSSL_CTX_SetRsaSignCb(WOLFSSL_CTX* ctx, CallbackRsaSign cb)
wolfSSL 11:cee25a834751 21879 {
wolfSSL 11:cee25a834751 21880 if (ctx)
wolfSSL 11:cee25a834751 21881 ctx->RsaSignCb = cb;
wolfSSL 11:cee25a834751 21882 }
wolfSSL 11:cee25a834751 21883
wolfSSL 11:cee25a834751 21884
wolfSSL 11:cee25a834751 21885 void wolfSSL_SetRsaSignCtx(WOLFSSL* ssl, void *ctx)
wolfSSL 11:cee25a834751 21886 {
wolfSSL 11:cee25a834751 21887 if (ssl)
wolfSSL 11:cee25a834751 21888 ssl->RsaSignCtx = ctx;
wolfSSL 11:cee25a834751 21889 }
wolfSSL 11:cee25a834751 21890
wolfSSL 11:cee25a834751 21891
wolfSSL 11:cee25a834751 21892 void* wolfSSL_GetRsaSignCtx(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 21893 {
wolfSSL 11:cee25a834751 21894 if (ssl)
wolfSSL 11:cee25a834751 21895 return ssl->RsaSignCtx;
wolfSSL 11:cee25a834751 21896
wolfSSL 11:cee25a834751 21897 return NULL;
wolfSSL 11:cee25a834751 21898 }
wolfSSL 11:cee25a834751 21899
wolfSSL 11:cee25a834751 21900
wolfSSL 11:cee25a834751 21901 void wolfSSL_CTX_SetRsaVerifyCb(WOLFSSL_CTX* ctx, CallbackRsaVerify cb)
wolfSSL 11:cee25a834751 21902 {
wolfSSL 11:cee25a834751 21903 if (ctx)
wolfSSL 11:cee25a834751 21904 ctx->RsaVerifyCb = cb;
wolfSSL 11:cee25a834751 21905 }
wolfSSL 11:cee25a834751 21906
wolfSSL 11:cee25a834751 21907
wolfSSL 11:cee25a834751 21908 void wolfSSL_SetRsaVerifyCtx(WOLFSSL* ssl, void *ctx)
wolfSSL 11:cee25a834751 21909 {
wolfSSL 11:cee25a834751 21910 if (ssl)
wolfSSL 11:cee25a834751 21911 ssl->RsaVerifyCtx = ctx;
wolfSSL 11:cee25a834751 21912 }
wolfSSL 11:cee25a834751 21913
wolfSSL 11:cee25a834751 21914
wolfSSL 11:cee25a834751 21915 void* wolfSSL_GetRsaVerifyCtx(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 21916 {
wolfSSL 11:cee25a834751 21917 if (ssl)
wolfSSL 11:cee25a834751 21918 return ssl->RsaVerifyCtx;
wolfSSL 11:cee25a834751 21919
wolfSSL 11:cee25a834751 21920 return NULL;
wolfSSL 11:cee25a834751 21921 }
wolfSSL 11:cee25a834751 21922
wolfSSL 11:cee25a834751 21923 void wolfSSL_CTX_SetRsaEncCb(WOLFSSL_CTX* ctx, CallbackRsaEnc cb)
wolfSSL 11:cee25a834751 21924 {
wolfSSL 11:cee25a834751 21925 if (ctx)
wolfSSL 11:cee25a834751 21926 ctx->RsaEncCb = cb;
wolfSSL 11:cee25a834751 21927 }
wolfSSL 11:cee25a834751 21928
wolfSSL 11:cee25a834751 21929
wolfSSL 11:cee25a834751 21930 void wolfSSL_SetRsaEncCtx(WOLFSSL* ssl, void *ctx)
wolfSSL 11:cee25a834751 21931 {
wolfSSL 11:cee25a834751 21932 if (ssl)
wolfSSL 11:cee25a834751 21933 ssl->RsaEncCtx = ctx;
wolfSSL 11:cee25a834751 21934 }
wolfSSL 11:cee25a834751 21935
wolfSSL 11:cee25a834751 21936
wolfSSL 11:cee25a834751 21937 void* wolfSSL_GetRsaEncCtx(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 21938 {
wolfSSL 11:cee25a834751 21939 if (ssl)
wolfSSL 11:cee25a834751 21940 return ssl->RsaEncCtx;
wolfSSL 11:cee25a834751 21941
wolfSSL 11:cee25a834751 21942 return NULL;
wolfSSL 11:cee25a834751 21943 }
wolfSSL 11:cee25a834751 21944
wolfSSL 11:cee25a834751 21945 void wolfSSL_CTX_SetRsaDecCb(WOLFSSL_CTX* ctx, CallbackRsaDec cb)
wolfSSL 11:cee25a834751 21946 {
wolfSSL 11:cee25a834751 21947 if (ctx)
wolfSSL 11:cee25a834751 21948 ctx->RsaDecCb = cb;
wolfSSL 11:cee25a834751 21949 }
wolfSSL 11:cee25a834751 21950
wolfSSL 11:cee25a834751 21951
wolfSSL 11:cee25a834751 21952 void wolfSSL_SetRsaDecCtx(WOLFSSL* ssl, void *ctx)
wolfSSL 11:cee25a834751 21953 {
wolfSSL 11:cee25a834751 21954 if (ssl)
wolfSSL 11:cee25a834751 21955 ssl->RsaDecCtx = ctx;
wolfSSL 11:cee25a834751 21956 }
wolfSSL 11:cee25a834751 21957
wolfSSL 11:cee25a834751 21958
wolfSSL 11:cee25a834751 21959 void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 21960 {
wolfSSL 11:cee25a834751 21961 if (ssl)
wolfSSL 11:cee25a834751 21962 return ssl->RsaDecCtx;
wolfSSL 11:cee25a834751 21963
wolfSSL 11:cee25a834751 21964 return NULL;
wolfSSL 11:cee25a834751 21965 }
wolfSSL 11:cee25a834751 21966
wolfSSL 11:cee25a834751 21967
wolfSSL 11:cee25a834751 21968 #endif /* NO_RSA */
wolfSSL 11:cee25a834751 21969
wolfSSL 11:cee25a834751 21970 #endif /* HAVE_PK_CALLBACKS */
wolfSSL 11:cee25a834751 21971 #endif /* NO_CERTS */
wolfSSL 11:cee25a834751 21972
wolfSSL 11:cee25a834751 21973
wolfSSL 11:cee25a834751 21974 #ifdef WOLFSSL_HAVE_WOLFSCEP
wolfSSL 11:cee25a834751 21975 /* Used by autoconf to see if wolfSCEP is available */
wolfSSL 11:cee25a834751 21976 void wolfSSL_wolfSCEP(void) {}
wolfSSL 11:cee25a834751 21977 #endif
wolfSSL 11:cee25a834751 21978
wolfSSL 11:cee25a834751 21979
wolfSSL 11:cee25a834751 21980 #ifdef WOLFSSL_HAVE_CERT_SERVICE
wolfSSL 11:cee25a834751 21981 /* Used by autoconf to see if cert service is available */
wolfSSL 11:cee25a834751 21982 void wolfSSL_cert_service(void) {}
wolfSSL 11:cee25a834751 21983 #endif
wolfSSL 11:cee25a834751 21984
wolfSSL 11:cee25a834751 21985
wolfSSL 11:cee25a834751 21986 #ifdef OPENSSL_EXTRA /*Lighttp compatibility*/
wolfSSL 11:cee25a834751 21987
wolfSSL 11:cee25a834751 21988 #ifndef NO_CERTS
wolfSSL 11:cee25a834751 21989 WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 **x,
wolfSSL 11:cee25a834751 21990 pem_password_cb *cb, void *u)
wolfSSL 11:cee25a834751 21991 {
wolfSSL 11:cee25a834751 21992 #ifndef NO_FILESYSTEM
wolfSSL 11:cee25a834751 21993 WOLFSSL_X509* x509 = NULL;
wolfSSL 11:cee25a834751 21994 unsigned char* pem = NULL;
wolfSSL 11:cee25a834751 21995 int pemSz;
wolfSSL 11:cee25a834751 21996 int pemAlloced = 0;
wolfSSL 11:cee25a834751 21997
wolfSSL 11:cee25a834751 21998 WOLFSSL_ENTER("wolfSSL_PEM_read_bio_X509");
wolfSSL 11:cee25a834751 21999
wolfSSL 11:cee25a834751 22000 if (bp == NULL) {
wolfSSL 11:cee25a834751 22001 WOLFSSL_LEAVE("wolfSSL_PEM_read_bio_X509", BAD_FUNC_ARG);
wolfSSL 11:cee25a834751 22002 return NULL;
wolfSSL 11:cee25a834751 22003 }
wolfSSL 11:cee25a834751 22004
wolfSSL 11:cee25a834751 22005 if (bp->type == BIO_MEMORY) {
wolfSSL 11:cee25a834751 22006 pemSz = wolfSSL_BIO_get_mem_data(bp, &pem);
wolfSSL 11:cee25a834751 22007 if (pemSz <= 0 || pem == NULL) {
wolfSSL 11:cee25a834751 22008 WOLFSSL_MSG("Issue getting WOLFSSL_BIO mem");
wolfSSL 11:cee25a834751 22009 WOLFSSL_LEAVE("wolfSSL_PEM_read_bio_X509", pemSz);
wolfSSL 11:cee25a834751 22010 return NULL;
wolfSSL 11:cee25a834751 22011 }
wolfSSL 11:cee25a834751 22012 }
wolfSSL 11:cee25a834751 22013 else if (bp->type == BIO_FILE) {
wolfSSL 11:cee25a834751 22014 long i;
wolfSSL 11:cee25a834751 22015 long l;
wolfSSL 11:cee25a834751 22016
wolfSSL 11:cee25a834751 22017 /* Read in next certificate from file but no more. */
wolfSSL 11:cee25a834751 22018 i = XFTELL(bp->file);
wolfSSL 11:cee25a834751 22019 if (i < 0)
wolfSSL 11:cee25a834751 22020 return NULL;
wolfSSL 11:cee25a834751 22021 XFSEEK(bp->file, 0, SEEK_END);
wolfSSL 11:cee25a834751 22022 l = XFTELL(bp->file);
wolfSSL 11:cee25a834751 22023 if (l < 0)
wolfSSL 11:cee25a834751 22024 return NULL;
wolfSSL 11:cee25a834751 22025 XFSEEK(bp->file, i, SEEK_SET);
wolfSSL 11:cee25a834751 22026
wolfSSL 11:cee25a834751 22027 /* check calulated length */
wolfSSL 11:cee25a834751 22028 if (l - i <= 0)
wolfSSL 11:cee25a834751 22029 return NULL;
wolfSSL 11:cee25a834751 22030
wolfSSL 11:cee25a834751 22031 pem = (unsigned char*)XMALLOC(l - i, 0, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 22032 if (pem == NULL)
wolfSSL 11:cee25a834751 22033 return NULL;
wolfSSL 11:cee25a834751 22034 pemAlloced = 1;
wolfSSL 11:cee25a834751 22035
wolfSSL 11:cee25a834751 22036 i = 0;
wolfSSL 11:cee25a834751 22037 /* TODO: Inefficient
wolfSSL 11:cee25a834751 22038 * reading in one byte at a time until see END_CERT
wolfSSL 11:cee25a834751 22039 */
wolfSSL 11:cee25a834751 22040 while ((l = wolfSSL_BIO_read(bp, (char *)&pem[i], 1)) == 1) {
wolfSSL 11:cee25a834751 22041 i++;
wolfSSL 11:cee25a834751 22042 if (i > 26 && XMEMCMP((char *)&pem[i-26], END_CERT, 25) == 0)
wolfSSL 11:cee25a834751 22043 break;
wolfSSL 11:cee25a834751 22044 }
wolfSSL 11:cee25a834751 22045 #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
wolfSSL 11:cee25a834751 22046 if (l == 0)
wolfSSL 11:cee25a834751 22047 WOLFSSL_ERROR(SSL_NO_PEM_HEADER);
wolfSSL 11:cee25a834751 22048 #endif
wolfSSL 11:cee25a834751 22049 pemSz = (int)i;
wolfSSL 11:cee25a834751 22050 }
wolfSSL 11:cee25a834751 22051 else
wolfSSL 11:cee25a834751 22052 return NULL;
wolfSSL 11:cee25a834751 22053
wolfSSL 11:cee25a834751 22054 x509 = wolfSSL_X509_load_certificate_buffer(pem, pemSz,
wolfSSL 11:cee25a834751 22055 SSL_FILETYPE_PEM);
wolfSSL 11:cee25a834751 22056
wolfSSL 11:cee25a834751 22057 if (x != NULL) {
wolfSSL 11:cee25a834751 22058 *x = x509;
wolfSSL 11:cee25a834751 22059 }
wolfSSL 11:cee25a834751 22060
wolfSSL 11:cee25a834751 22061 if (pemAlloced)
wolfSSL 11:cee25a834751 22062 XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 22063
wolfSSL 11:cee25a834751 22064 (void)cb;
wolfSSL 11:cee25a834751 22065 (void)u;
wolfSSL 11:cee25a834751 22066
wolfSSL 11:cee25a834751 22067 return x509;
wolfSSL 11:cee25a834751 22068 #else
wolfSSL 11:cee25a834751 22069 (void)bp;
wolfSSL 11:cee25a834751 22070 (void)x;
wolfSSL 11:cee25a834751 22071 (void)cb;
wolfSSL 11:cee25a834751 22072 (void)u;
wolfSSL 11:cee25a834751 22073 return NULL;
wolfSSL 11:cee25a834751 22074 #endif
wolfSSL 11:cee25a834751 22075 }
wolfSSL 11:cee25a834751 22076
wolfSSL 11:cee25a834751 22077
wolfSSL 11:cee25a834751 22078 /*
wolfSSL 11:cee25a834751 22079 * bp : bio to read X509 from
wolfSSL 11:cee25a834751 22080 * x : x509 to write to
wolfSSL 11:cee25a834751 22081 * cb : password call back for reading PEM
wolfSSL 11:cee25a834751 22082 * u : password
wolfSSL 11:cee25a834751 22083 * _AUX is for working with a trusted X509 certificate
wolfSSL 11:cee25a834751 22084 */
wolfSSL 11:cee25a834751 22085 WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509_AUX(WOLFSSL_BIO *bp,
wolfSSL 11:cee25a834751 22086 WOLFSSL_X509 **x, pem_password_cb *cb, void *u) {
wolfSSL 11:cee25a834751 22087 WOLFSSL_ENTER("wolfSSL_PEM_read_bio_X509");
wolfSSL 11:cee25a834751 22088
wolfSSL 11:cee25a834751 22089 /* AUX info is; trusted/rejected uses, friendly name, private key id,
wolfSSL 11:cee25a834751 22090 * and potentially a stack of "other" info. wolfSSL does not store
wolfSSL 11:cee25a834751 22091 * friendly name or private key id yet in WOLFSSL_X509 for human
wolfSSL 11:cee25a834751 22092 * readibility and does not support extra trusted/rejected uses for
wolfSSL 11:cee25a834751 22093 * root CA. */
wolfSSL 11:cee25a834751 22094 return wolfSSL_PEM_read_bio_X509(bp, x, cb, u);
wolfSSL 11:cee25a834751 22095 }
wolfSSL 11:cee25a834751 22096 #endif /* ifndef NO_CERTS */
wolfSSL 11:cee25a834751 22097
wolfSSL 11:cee25a834751 22098 #ifndef NO_CERTS
wolfSSL 11:cee25a834751 22099 void wolfSSL_X509_NAME_free(WOLFSSL_X509_NAME *name){
wolfSSL 11:cee25a834751 22100 FreeX509Name(name, NULL);
wolfSSL 11:cee25a834751 22101 WOLFSSL_ENTER("wolfSSL_X509_NAME_free");
wolfSSL 11:cee25a834751 22102 }
wolfSSL 11:cee25a834751 22103 #endif /* NO_CERTS */
wolfSSL 11:cee25a834751 22104
wolfSSL 11:cee25a834751 22105 #if defined(HAVE_LIGHTY) || defined(WOLFSSL_MYSQL_COMPATIBLE) || \
wolfSSL 11:cee25a834751 22106 defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \
wolfSSL 11:cee25a834751 22107 defined(HAVE_POCO_LIB) || defined (WOLFSSL_HAPROXY)
wolfSSL 11:cee25a834751 22108
wolfSSL 11:cee25a834751 22109 unsigned char *wolfSSL_SHA1(const unsigned char *d, size_t n, unsigned char *md)
wolfSSL 11:cee25a834751 22110 {
wolfSSL 11:cee25a834751 22111 (void) *d; (void) n; (void) *md;
wolfSSL 11:cee25a834751 22112 WOLFSSL_ENTER("wolfSSL_SHA1");
wolfSSL 11:cee25a834751 22113 WOLFSSL_STUB("wolfssl_SHA1");
wolfSSL 11:cee25a834751 22114
wolfSSL 11:cee25a834751 22115 return NULL;
wolfSSL 11:cee25a834751 22116 }
wolfSSL 11:cee25a834751 22117
wolfSSL 11:cee25a834751 22118 char wolfSSL_CTX_use_certificate(WOLFSSL_CTX *ctx, WOLFSSL_X509 *x)
wolfSSL 11:cee25a834751 22119 {
wolfSSL 11:cee25a834751 22120 int ret;
wolfSSL 11:cee25a834751 22121
wolfSSL 11:cee25a834751 22122 WOLFSSL_ENTER("wolfSSL_CTX_use_certificate");
wolfSSL 11:cee25a834751 22123
wolfSSL 11:cee25a834751 22124 FreeDer(&ctx->certificate); /* Make sure previous is free'd */
wolfSSL 11:cee25a834751 22125 ret = AllocDer(&ctx->certificate, x->derCert->length, CERT_TYPE,
wolfSSL 11:cee25a834751 22126 ctx->heap);
wolfSSL 11:cee25a834751 22127 if (ret != 0)
wolfSSL 11:cee25a834751 22128 return 0;
wolfSSL 11:cee25a834751 22129
wolfSSL 11:cee25a834751 22130 XMEMCPY(ctx->certificate->buffer, x->derCert->buffer,
wolfSSL 11:cee25a834751 22131 x->derCert->length);
wolfSSL 11:cee25a834751 22132 #ifdef KEEP_OUR_CERT
wolfSSL 11:cee25a834751 22133 if (ctx->ourCert != NULL && ctx->ownOurCert) {
wolfSSL 11:cee25a834751 22134 FreeX509(ctx->ourCert);
wolfSSL 11:cee25a834751 22135 XFREE(ctx->ourCert, ctx->heap, DYNAMIC_TYPE_X509);
wolfSSL 11:cee25a834751 22136 }
wolfSSL 11:cee25a834751 22137 ctx->ourCert = x;
wolfSSL 11:cee25a834751 22138 ctx->ownOurCert = 0;
wolfSSL 11:cee25a834751 22139 #endif
wolfSSL 11:cee25a834751 22140
wolfSSL 11:cee25a834751 22141 /* Update the available options with public keys. */
wolfSSL 11:cee25a834751 22142 switch (x->pubKeyOID) {
wolfSSL 11:cee25a834751 22143 case RSAk:
wolfSSL 11:cee25a834751 22144 ctx->haveRSA = 1;
wolfSSL 11:cee25a834751 22145 break;
wolfSSL 11:cee25a834751 22146 case ECDSAk:
wolfSSL 11:cee25a834751 22147 ctx->haveECC = 1;
wolfSSL 11:cee25a834751 22148 ctx->pkCurveOID = x->pkCurveOID;
wolfSSL 11:cee25a834751 22149 break;
wolfSSL 11:cee25a834751 22150 }
wolfSSL 11:cee25a834751 22151
wolfSSL 11:cee25a834751 22152 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 22153 }
wolfSSL 11:cee25a834751 22154
wolfSSL 11:cee25a834751 22155 int wolfSSL_BIO_read_filename(WOLFSSL_BIO *b, const char *name) {
wolfSSL 11:cee25a834751 22156 #ifndef NO_FILESYSTEM
wolfSSL 11:cee25a834751 22157 XFILE fp;
wolfSSL 11:cee25a834751 22158
wolfSSL 11:cee25a834751 22159 WOLFSSL_ENTER("wolfSSL_BIO_new_file");
wolfSSL 11:cee25a834751 22160
wolfSSL 11:cee25a834751 22161 if ((wolfSSL_BIO_get_fp(b, &fp) == SSL_SUCCESS) && (fp != NULL))
wolfSSL 11:cee25a834751 22162 {
wolfSSL 11:cee25a834751 22163 XFCLOSE(fp);
wolfSSL 11:cee25a834751 22164 }
wolfSSL 11:cee25a834751 22165
wolfSSL 11:cee25a834751 22166 fp = XFOPEN(name, "r");
wolfSSL 11:cee25a834751 22167 if (fp == NULL)
wolfSSL 11:cee25a834751 22168 return SSL_BAD_FILE;
wolfSSL 11:cee25a834751 22169
wolfSSL 11:cee25a834751 22170 if (wolfSSL_BIO_set_fp(b, fp, BIO_CLOSE) != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 22171 XFCLOSE(fp);
wolfSSL 11:cee25a834751 22172 return SSL_BAD_FILE;
wolfSSL 11:cee25a834751 22173 }
wolfSSL 11:cee25a834751 22174
wolfSSL 11:cee25a834751 22175 /* file is closed when bio is free'd */
wolfSSL 11:cee25a834751 22176 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 22177 #else
wolfSSL 11:cee25a834751 22178 (void)name;
wolfSSL 11:cee25a834751 22179 (void)b;
wolfSSL 11:cee25a834751 22180 return SSL_NOT_IMPLEMENTED;
wolfSSL 11:cee25a834751 22181 #endif
wolfSSL 11:cee25a834751 22182 }
wolfSSL 11:cee25a834751 22183
wolfSSL 11:cee25a834751 22184 #ifdef HAVE_ECC
wolfSSL 11:cee25a834751 22185 const char * wolfSSL_OBJ_nid2sn(int n) {
wolfSSL 11:cee25a834751 22186 int i;
wolfSSL 11:cee25a834751 22187 WOLFSSL_ENTER("wolfSSL_OBJ_nid2sn");
wolfSSL 11:cee25a834751 22188
wolfSSL 11:cee25a834751 22189 /* find based on NID and return name */
wolfSSL 11:cee25a834751 22190 for (i = 0; i < ecc_sets[i].size; i++) {
wolfSSL 11:cee25a834751 22191 if (n == ecc_sets[i].id) {
wolfSSL 11:cee25a834751 22192 return ecc_sets[i].name;
wolfSSL 11:cee25a834751 22193 }
wolfSSL 11:cee25a834751 22194 }
wolfSSL 11:cee25a834751 22195 return NULL;
wolfSSL 11:cee25a834751 22196 }
wolfSSL 11:cee25a834751 22197
wolfSSL 11:cee25a834751 22198 int wolfSSL_OBJ_obj2nid(const WOLFSSL_ASN1_OBJECT *o) {
wolfSSL 11:cee25a834751 22199 (void)o;
wolfSSL 11:cee25a834751 22200 WOLFSSL_ENTER("wolfSSL_OBJ_obj2nid");
wolfSSL 11:cee25a834751 22201 WOLFSSL_STUB("wolfSSL_OBJ_obj2nid");
wolfSSL 11:cee25a834751 22202
wolfSSL 11:cee25a834751 22203 return 0;
wolfSSL 11:cee25a834751 22204 }
wolfSSL 11:cee25a834751 22205
wolfSSL 11:cee25a834751 22206 int wolfSSL_OBJ_sn2nid(const char *sn) {
wolfSSL 11:cee25a834751 22207 int i;
wolfSSL 11:cee25a834751 22208 WOLFSSL_ENTER("wolfSSL_OBJ_osn2nid");
wolfSSL 11:cee25a834751 22209
wolfSSL 11:cee25a834751 22210 /* Nginx uses this OpenSSL string. */
wolfSSL 11:cee25a834751 22211 if (XSTRNCMP(sn, "prime256v1", 10) == 0)
wolfSSL 11:cee25a834751 22212 sn = "SECP256R1";
wolfSSL 11:cee25a834751 22213 if (XSTRNCMP(sn, "secp384r1", 10) == 0)
wolfSSL 11:cee25a834751 22214 sn = "SECP384R1";
wolfSSL 11:cee25a834751 22215 /* find based on name and return NID */
wolfSSL 11:cee25a834751 22216 for (i = 0; i < ecc_sets[i].size; i++) {
wolfSSL 11:cee25a834751 22217 if (XSTRNCMP(sn, ecc_sets[i].name, ECC_MAXNAME) == 0) {
wolfSSL 11:cee25a834751 22218 return ecc_sets[i].id;
wolfSSL 11:cee25a834751 22219 }
wolfSSL 11:cee25a834751 22220 }
wolfSSL 11:cee25a834751 22221 return -1;
wolfSSL 11:cee25a834751 22222 }
wolfSSL 11:cee25a834751 22223 #endif /* HAVE_ECC */
wolfSSL 11:cee25a834751 22224
wolfSSL 11:cee25a834751 22225
wolfSSL 11:cee25a834751 22226 void wolfSSL_CTX_set_verify_depth(WOLFSSL_CTX *ctx, int depth) {
wolfSSL 11:cee25a834751 22227 (void)ctx;
wolfSSL 11:cee25a834751 22228 (void)depth;
wolfSSL 11:cee25a834751 22229 WOLFSSL_ENTER("wolfSSL_CTX_set_verify_depth");
wolfSSL 11:cee25a834751 22230 WOLFSSL_STUB("wolfSSL_CTX_set_verify_depth");
wolfSSL 11:cee25a834751 22231
wolfSSL 11:cee25a834751 22232 }
wolfSSL 11:cee25a834751 22233
wolfSSL 11:cee25a834751 22234 void wolfSSL_set_verify_depth(WOLFSSL *ssl, int depth) {
wolfSSL 11:cee25a834751 22235 (void)ssl;
wolfSSL 11:cee25a834751 22236 (void)depth;
wolfSSL 11:cee25a834751 22237 WOLFSSL_ENTER("wolfSSL_set_verify_depth");
wolfSSL 11:cee25a834751 22238 WOLFSSL_STUB("wolfSSL_set_verify_depth");
wolfSSL 11:cee25a834751 22239
wolfSSL 11:cee25a834751 22240 }
wolfSSL 11:cee25a834751 22241
wolfSSL 11:cee25a834751 22242 void* wolfSSL_get_app_data( const WOLFSSL *ssl) {
wolfSSL 11:cee25a834751 22243 /* checkout exdata stuff... */
wolfSSL 11:cee25a834751 22244 return wolfSSL_get_ex_data(ssl,0);
wolfSSL 11:cee25a834751 22245 }
wolfSSL 11:cee25a834751 22246
wolfSSL 11:cee25a834751 22247 int wolfSSL_set_app_data(WOLFSSL *ssl, void *arg) {
wolfSSL 11:cee25a834751 22248 return wolfSSL_set_ex_data(ssl,0,(char *)arg);
wolfSSL 11:cee25a834751 22249 }
wolfSSL 11:cee25a834751 22250
wolfSSL 11:cee25a834751 22251 WOLFSSL_ASN1_OBJECT * wolfSSL_X509_NAME_ENTRY_get_object(WOLFSSL_X509_NAME_ENTRY *ne) {
wolfSSL 11:cee25a834751 22252 (void)ne;
wolfSSL 11:cee25a834751 22253 WOLFSSL_ENTER("wolfSSL_X509_NAME_ENTRY_get_object");
wolfSSL 11:cee25a834751 22254 WOLFSSL_STUB("wolfSSL_X509_NAME_ENTRY_get_object");
wolfSSL 11:cee25a834751 22255
wolfSSL 11:cee25a834751 22256 return NULL;
wolfSSL 11:cee25a834751 22257 }
wolfSSL 11:cee25a834751 22258
wolfSSL 11:cee25a834751 22259 WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_get_entry(
wolfSSL 11:cee25a834751 22260 WOLFSSL_X509_NAME *name, int loc) {
wolfSSL 11:cee25a834751 22261
wolfSSL 11:cee25a834751 22262 int maxLoc = name->fullName.fullNameLen;
wolfSSL 11:cee25a834751 22263
wolfSSL 11:cee25a834751 22264 WOLFSSL_ENTER("wolfSSL_X509_NAME_get_entry");
wolfSSL 11:cee25a834751 22265
wolfSSL 11:cee25a834751 22266 if (loc < 0 || loc > maxLoc) {
wolfSSL 11:cee25a834751 22267 WOLFSSL_MSG("Bad argument");
wolfSSL 11:cee25a834751 22268 return NULL;
wolfSSL 11:cee25a834751 22269 }
wolfSSL 11:cee25a834751 22270
wolfSSL 11:cee25a834751 22271 /* common name index case */
wolfSSL 11:cee25a834751 22272 if (loc == name->fullName.cnIdx) {
wolfSSL 11:cee25a834751 22273 /* get CN shortcut from x509 since it has null terminator */
wolfSSL 11:cee25a834751 22274 name->cnEntry.data.data = name->x509->subjectCN;
wolfSSL 11:cee25a834751 22275 name->cnEntry.data.length = name->fullName.cnLen;
wolfSSL 11:cee25a834751 22276 name->cnEntry.data.type = ASN_COMMON_NAME;
wolfSSL 11:cee25a834751 22277 name->cnEntry.set = 1;
wolfSSL 11:cee25a834751 22278 return &(name->cnEntry);
wolfSSL 11:cee25a834751 22279 }
wolfSSL 11:cee25a834751 22280
wolfSSL 11:cee25a834751 22281 /* additionall cases to check for go here */
wolfSSL 11:cee25a834751 22282
wolfSSL 11:cee25a834751 22283 WOLFSSL_MSG("Entry not found or implemented");
wolfSSL 11:cee25a834751 22284 (void)name;
wolfSSL 11:cee25a834751 22285 (void)loc;
wolfSSL 11:cee25a834751 22286
wolfSSL 11:cee25a834751 22287 return NULL;
wolfSSL 11:cee25a834751 22288 }
wolfSSL 11:cee25a834751 22289
wolfSSL 11:cee25a834751 22290 void wolfSSL_sk_X509_NAME_pop_free(STACK_OF(WOLFSSL_X509_NAME)* sk, void f (WOLFSSL_X509_NAME*)){
wolfSSL 11:cee25a834751 22291 (void) sk;
wolfSSL 11:cee25a834751 22292 (void) f;
wolfSSL 11:cee25a834751 22293 WOLFSSL_ENTER("wolfSSL_sk_X509_NAME_pop_free");
wolfSSL 11:cee25a834751 22294 WOLFSSL_STUB("wolfSSL_sk_X509_NAME_pop_free");
wolfSSL 11:cee25a834751 22295 }
wolfSSL 11:cee25a834751 22296
wolfSSL 11:cee25a834751 22297 int wolfSSL_X509_check_private_key(WOLFSSL_X509 *x509, WOLFSSL_EVP_PKEY *key){
wolfSSL 11:cee25a834751 22298 (void) x509;
wolfSSL 11:cee25a834751 22299 (void) key;
wolfSSL 11:cee25a834751 22300 WOLFSSL_ENTER("wolfSSL_X509_check_private_key");
wolfSSL 11:cee25a834751 22301 WOLFSSL_STUB("wolfSSL_X509_check_private_key");
wolfSSL 11:cee25a834751 22302
wolfSSL 11:cee25a834751 22303 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 22304 }
wolfSSL 11:cee25a834751 22305
wolfSSL 11:cee25a834751 22306 STACK_OF(WOLFSSL_X509_NAME) *wolfSSL_dup_CA_list( STACK_OF(WOLFSSL_X509_NAME) *sk ){
wolfSSL 11:cee25a834751 22307 (void) sk;
wolfSSL 11:cee25a834751 22308 WOLFSSL_ENTER("wolfSSL_dup_CA_list");
wolfSSL 11:cee25a834751 22309 WOLFSSL_STUB("wolfSSL_dup_CA_list");
wolfSSL 11:cee25a834751 22310
wolfSSL 11:cee25a834751 22311 return NULL;
wolfSSL 11:cee25a834751 22312 }
wolfSSL 11:cee25a834751 22313
wolfSSL 11:cee25a834751 22314 #endif /* HAVE_LIGHTY || WOLFSSL_MYSQL_COMPATIBLE || HAVE_STUNNEL || WOLFSSL_NGINX || HAVE_POCO_LIB || WOLFSSL_HAPROXY */
wolfSSL 11:cee25a834751 22315 #endif /* OPENSSL_EXTRA */
wolfSSL 11:cee25a834751 22316
wolfSSL 11:cee25a834751 22317
wolfSSL 11:cee25a834751 22318 #ifdef OPENSSL_EXTRA
wolfSSL 11:cee25a834751 22319
wolfSSL 11:cee25a834751 22320 /* wolfSSL uses negative values for error states. This function returns an
wolfSSL 11:cee25a834751 22321 * unsigned type so the value returned is the absolute value of the error.
wolfSSL 11:cee25a834751 22322 */
wolfSSL 11:cee25a834751 22323 unsigned long wolfSSL_ERR_peek_last_error_line(const char **file, int *line)
wolfSSL 11:cee25a834751 22324 {
wolfSSL 11:cee25a834751 22325 WOLFSSL_ENTER("wolfSSL_ERR_peek_last_error");
wolfSSL 11:cee25a834751 22326
wolfSSL 11:cee25a834751 22327 (void)line;
wolfSSL 11:cee25a834751 22328 (void)file;
wolfSSL 11:cee25a834751 22329 #if defined(WOLFSSL_NGINX) || defined(DEBUG_WOLFSSL) || defined(WOLFSSL_HAPROXY)
wolfSSL 11:cee25a834751 22330 {
wolfSSL 11:cee25a834751 22331 int ret;
wolfSSL 11:cee25a834751 22332
wolfSSL 11:cee25a834751 22333 if ((ret = wc_PeekErrorNode(-1, file, NULL, line)) < 0) {
wolfSSL 11:cee25a834751 22334 WOLFSSL_MSG("Issue peeking at error node in queue");
wolfSSL 11:cee25a834751 22335 return 0;
wolfSSL 11:cee25a834751 22336 }
wolfSSL 11:cee25a834751 22337 #ifdef WOLFSSL_NGINX
wolfSSL 11:cee25a834751 22338 if (ret == -SSL_NO_PEM_HEADER)
wolfSSL 11:cee25a834751 22339 return (ERR_LIB_PEM << 24) | PEM_R_NO_START_LINE;
wolfSSL 11:cee25a834751 22340 #endif
wolfSSL 11:cee25a834751 22341 return (unsigned long)ret;
wolfSSL 11:cee25a834751 22342 }
wolfSSL 11:cee25a834751 22343 #else
wolfSSL 11:cee25a834751 22344 return (unsigned long)(0 - NOT_COMPILED_IN);
wolfSSL 11:cee25a834751 22345 #endif
wolfSSL 11:cee25a834751 22346 }
wolfSSL 11:cee25a834751 22347
wolfSSL 11:cee25a834751 22348
wolfSSL 11:cee25a834751 22349 #ifndef NO_CERTS
wolfSSL 11:cee25a834751 22350 int wolfSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, WOLFSSL_EVP_PKEY *pkey)
wolfSSL 11:cee25a834751 22351 {
wolfSSL 11:cee25a834751 22352 WOLFSSL_ENTER("wolfSSL_CTX_use_PrivateKey");
wolfSSL 11:cee25a834751 22353
wolfSSL 11:cee25a834751 22354 if (ctx == NULL || pkey == NULL) {
wolfSSL 11:cee25a834751 22355 return SSL_FAILURE;
wolfSSL 11:cee25a834751 22356 }
wolfSSL 11:cee25a834751 22357
wolfSSL 11:cee25a834751 22358 return wolfSSL_CTX_use_PrivateKey_buffer(ctx,
wolfSSL 11:cee25a834751 22359 (const unsigned char*)pkey->pkey.ptr,
wolfSSL 11:cee25a834751 22360 pkey->pkey_sz, PRIVATEKEY_TYPE);
wolfSSL 11:cee25a834751 22361 }
wolfSSL 11:cee25a834751 22362 #endif /* !NO_CERTS */
wolfSSL 11:cee25a834751 22363
wolfSSL 11:cee25a834751 22364
wolfSSL 11:cee25a834751 22365 void* wolfSSL_CTX_get_ex_data(const WOLFSSL_CTX* ctx, int idx)
wolfSSL 11:cee25a834751 22366 {
wolfSSL 11:cee25a834751 22367 WOLFSSL_ENTER("wolfSSL_CTX_get_ex_data");
wolfSSL 11:cee25a834751 22368 #ifdef HAVE_EX_DATA
wolfSSL 11:cee25a834751 22369 if(ctx != NULL && idx < MAX_EX_DATA && idx >= 0) {
wolfSSL 11:cee25a834751 22370 return ctx->ex_data[idx];
wolfSSL 11:cee25a834751 22371 }
wolfSSL 11:cee25a834751 22372 #else
wolfSSL 11:cee25a834751 22373 (void)ctx;
wolfSSL 11:cee25a834751 22374 (void)idx;
wolfSSL 11:cee25a834751 22375 #endif
wolfSSL 11:cee25a834751 22376 return NULL;
wolfSSL 11:cee25a834751 22377 }
wolfSSL 11:cee25a834751 22378
wolfSSL 11:cee25a834751 22379 int wolfSSL_CTX_get_ex_new_index(long idx, void* arg, void* a, void* b,
wolfSSL 11:cee25a834751 22380 void* c)
wolfSSL 11:cee25a834751 22381 {
wolfSSL 11:cee25a834751 22382 static int ctx_idx = 0;
wolfSSL 11:cee25a834751 22383
wolfSSL 11:cee25a834751 22384 WOLFSSL_ENTER("wolfSSL_CTX_get_ex_new_index");
wolfSSL 11:cee25a834751 22385 (void)idx;
wolfSSL 11:cee25a834751 22386 (void)arg;
wolfSSL 11:cee25a834751 22387 (void)a;
wolfSSL 11:cee25a834751 22388 (void)b;
wolfSSL 11:cee25a834751 22389 (void)c;
wolfSSL 11:cee25a834751 22390
wolfSSL 11:cee25a834751 22391 return ctx_idx++;
wolfSSL 11:cee25a834751 22392 }
wolfSSL 11:cee25a834751 22393
wolfSSL 11:cee25a834751 22394
wolfSSL 11:cee25a834751 22395 int wolfSSL_CTX_set_ex_data(WOLFSSL_CTX* ctx, int idx, void* data)
wolfSSL 11:cee25a834751 22396 {
wolfSSL 11:cee25a834751 22397 WOLFSSL_ENTER("wolfSSL_CTX_set_ex_data");
wolfSSL 11:cee25a834751 22398 #ifdef HAVE_EX_DATA
wolfSSL 11:cee25a834751 22399 if (ctx != NULL && idx < MAX_EX_DATA)
wolfSSL 11:cee25a834751 22400 {
wolfSSL 11:cee25a834751 22401 ctx->ex_data[idx] = data;
wolfSSL 11:cee25a834751 22402 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 22403 }
wolfSSL 11:cee25a834751 22404 #else
wolfSSL 11:cee25a834751 22405 (void)ctx;
wolfSSL 11:cee25a834751 22406 (void)idx;
wolfSSL 11:cee25a834751 22407 (void)data;
wolfSSL 11:cee25a834751 22408 #endif
wolfSSL 11:cee25a834751 22409 return SSL_FAILURE;
wolfSSL 11:cee25a834751 22410 }
wolfSSL 11:cee25a834751 22411
wolfSSL 11:cee25a834751 22412
wolfSSL 11:cee25a834751 22413 int wolfSSL_set_ex_data(WOLFSSL* ssl, int idx, void* data)
wolfSSL 11:cee25a834751 22414 {
wolfSSL 11:cee25a834751 22415 WOLFSSL_ENTER("wolfSSL_set_ex_data");
wolfSSL 11:cee25a834751 22416 #if defined(HAVE_EX_DATA) || defined(FORTRESS)
wolfSSL 11:cee25a834751 22417 if (ssl != NULL && idx < MAX_EX_DATA)
wolfSSL 11:cee25a834751 22418 {
wolfSSL 11:cee25a834751 22419 ssl->ex_data[idx] = data;
wolfSSL 11:cee25a834751 22420 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 22421 }
wolfSSL 11:cee25a834751 22422 #else
wolfSSL 11:cee25a834751 22423 (void)ssl;
wolfSSL 11:cee25a834751 22424 (void)idx;
wolfSSL 11:cee25a834751 22425 (void)data;
wolfSSL 11:cee25a834751 22426 #endif
wolfSSL 11:cee25a834751 22427 return SSL_FAILURE;
wolfSSL 11:cee25a834751 22428 }
wolfSSL 11:cee25a834751 22429
wolfSSL 11:cee25a834751 22430
wolfSSL 11:cee25a834751 22431 int wolfSSL_get_ex_new_index(long idx, void* data, void* cb1, void* cb2,
wolfSSL 11:cee25a834751 22432 void* cb3)
wolfSSL 11:cee25a834751 22433 {
wolfSSL 11:cee25a834751 22434 static int ssl_idx = 0;
wolfSSL 11:cee25a834751 22435
wolfSSL 11:cee25a834751 22436 WOLFSSL_ENTER("wolfSSL_get_ex_new_index");
wolfSSL 11:cee25a834751 22437 (void)idx;
wolfSSL 11:cee25a834751 22438 (void)data;
wolfSSL 11:cee25a834751 22439 (void)cb1;
wolfSSL 11:cee25a834751 22440 (void)cb2;
wolfSSL 11:cee25a834751 22441 (void)cb3;
wolfSSL 11:cee25a834751 22442
wolfSSL 11:cee25a834751 22443 return ssl_idx++;
wolfSSL 11:cee25a834751 22444 }
wolfSSL 11:cee25a834751 22445
wolfSSL 11:cee25a834751 22446
wolfSSL 11:cee25a834751 22447 void* wolfSSL_get_ex_data(const WOLFSSL* ssl, int idx)
wolfSSL 11:cee25a834751 22448 {
wolfSSL 11:cee25a834751 22449 WOLFSSL_ENTER("wolfSSL_get_ex_data");
wolfSSL 11:cee25a834751 22450 #if defined(HAVE_EX_DATA) || defined(FORTRESS)
wolfSSL 11:cee25a834751 22451 if (ssl != NULL && idx < MAX_EX_DATA && idx >= 0)
wolfSSL 11:cee25a834751 22452 return ssl->ex_data[idx];
wolfSSL 11:cee25a834751 22453 #else
wolfSSL 11:cee25a834751 22454 (void)ssl;
wolfSSL 11:cee25a834751 22455 (void)idx;
wolfSSL 11:cee25a834751 22456 #endif
wolfSSL 11:cee25a834751 22457 return 0;
wolfSSL 11:cee25a834751 22458 }
wolfSSL 11:cee25a834751 22459
wolfSSL 11:cee25a834751 22460 #ifndef NO_DSA
wolfSSL 11:cee25a834751 22461 WOLFSSL_DSA *wolfSSL_PEM_read_bio_DSAparams(WOLFSSL_BIO *bp, WOLFSSL_DSA **x,
wolfSSL 11:cee25a834751 22462 pem_password_cb *cb, void *u)
wolfSSL 11:cee25a834751 22463 {
wolfSSL 11:cee25a834751 22464 WOLFSSL_DSA* dsa;
wolfSSL 11:cee25a834751 22465 DsaKey* key;
wolfSSL 11:cee25a834751 22466 int length;
wolfSSL 11:cee25a834751 22467 unsigned char* buf;
wolfSSL 11:cee25a834751 22468 word32 bufSz;
wolfSSL 11:cee25a834751 22469 int ret;
wolfSSL 11:cee25a834751 22470 word32 idx = 0;
wolfSSL 11:cee25a834751 22471 DerBuffer* pDer;
wolfSSL 11:cee25a834751 22472
wolfSSL 11:cee25a834751 22473 WOLFSSL_ENTER("wolfSSL_PEM_read_bio_DSAparams");
wolfSSL 11:cee25a834751 22474
wolfSSL 11:cee25a834751 22475 ret = wolfSSL_BIO_get_mem_data(bp, &buf);
wolfSSL 11:cee25a834751 22476 if (ret <= 0) {
wolfSSL 11:cee25a834751 22477 WOLFSSL_LEAVE("wolfSSL_PEM_read_bio_DSAparams", ret);
wolfSSL 11:cee25a834751 22478 return NULL;
wolfSSL 11:cee25a834751 22479 }
wolfSSL 11:cee25a834751 22480
wolfSSL 11:cee25a834751 22481 bufSz = (word32)ret;
wolfSSL 11:cee25a834751 22482
wolfSSL 11:cee25a834751 22483 if (cb != NULL || u != NULL) {
wolfSSL 11:cee25a834751 22484 /*
wolfSSL 11:cee25a834751 22485 * cb is for a call back when encountering encrypted PEM files
wolfSSL 11:cee25a834751 22486 * if cb == NULL and u != NULL then u = null terminated password string
wolfSSL 11:cee25a834751 22487 */
wolfSSL 11:cee25a834751 22488 WOLFSSL_MSG("Not yet supporting call back or password for encrypted PEM");
wolfSSL 11:cee25a834751 22489 }
wolfSSL 11:cee25a834751 22490
wolfSSL 11:cee25a834751 22491 if ((ret = PemToDer(buf, (long)bufSz, DSA_PARAM_TYPE, &pDer, NULL, NULL,
wolfSSL 11:cee25a834751 22492 NULL)) < 0 ) {
wolfSSL 11:cee25a834751 22493 WOLFSSL_MSG("Issue converting from PEM to DER");
wolfSSL 11:cee25a834751 22494 return NULL;
wolfSSL 11:cee25a834751 22495 }
wolfSSL 11:cee25a834751 22496
wolfSSL 11:cee25a834751 22497 if ((ret = GetSequence(pDer->buffer, &idx, &length, pDer->length)) < 0) {
wolfSSL 11:cee25a834751 22498 WOLFSSL_LEAVE("wolfSSL_PEM_read_bio_DSAparams", ret);
wolfSSL 11:cee25a834751 22499 FreeDer(&pDer);
wolfSSL 11:cee25a834751 22500 return NULL;
wolfSSL 11:cee25a834751 22501 }
wolfSSL 11:cee25a834751 22502
wolfSSL 11:cee25a834751 22503 dsa = wolfSSL_DSA_new();
wolfSSL 11:cee25a834751 22504 if (dsa == NULL) {
wolfSSL 11:cee25a834751 22505 FreeDer(&pDer);
wolfSSL 11:cee25a834751 22506 WOLFSSL_MSG("Error creating DSA struct");
wolfSSL 11:cee25a834751 22507 return NULL;
wolfSSL 11:cee25a834751 22508 }
wolfSSL 11:cee25a834751 22509
wolfSSL 11:cee25a834751 22510 key = (DsaKey*)dsa->internal;
wolfSSL 11:cee25a834751 22511 if (key == NULL) {
wolfSSL 11:cee25a834751 22512 FreeDer(&pDer);
wolfSSL 11:cee25a834751 22513 wolfSSL_DSA_free(dsa);
wolfSSL 11:cee25a834751 22514 WOLFSSL_MSG("Error finding DSA key struct");
wolfSSL 11:cee25a834751 22515 return NULL;
wolfSSL 11:cee25a834751 22516 }
wolfSSL 11:cee25a834751 22517
wolfSSL 11:cee25a834751 22518 if (GetInt(&key->p, pDer->buffer, &idx, pDer->length) < 0 ||
wolfSSL 11:cee25a834751 22519 GetInt(&key->q, pDer->buffer, &idx, pDer->length) < 0 ||
wolfSSL 11:cee25a834751 22520 GetInt(&key->g, pDer->buffer, &idx, pDer->length) < 0 ) {
wolfSSL 11:cee25a834751 22521 WOLFSSL_MSG("dsa key error");
wolfSSL 11:cee25a834751 22522 FreeDer(&pDer);
wolfSSL 11:cee25a834751 22523 wolfSSL_DSA_free(dsa);
wolfSSL 11:cee25a834751 22524 return NULL;
wolfSSL 11:cee25a834751 22525 }
wolfSSL 11:cee25a834751 22526
wolfSSL 11:cee25a834751 22527 if (SetIndividualExternal(&dsa->p, &key->p) != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 22528 WOLFSSL_MSG("dsa p key error");
wolfSSL 11:cee25a834751 22529 FreeDer(&pDer);
wolfSSL 11:cee25a834751 22530 wolfSSL_DSA_free(dsa);
wolfSSL 11:cee25a834751 22531 return NULL;
wolfSSL 11:cee25a834751 22532 }
wolfSSL 11:cee25a834751 22533
wolfSSL 11:cee25a834751 22534 if (SetIndividualExternal(&dsa->q, &key->q) != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 22535 WOLFSSL_MSG("dsa q key error");
wolfSSL 11:cee25a834751 22536 FreeDer(&pDer);
wolfSSL 11:cee25a834751 22537 wolfSSL_DSA_free(dsa);
wolfSSL 11:cee25a834751 22538 return NULL;
wolfSSL 11:cee25a834751 22539 }
wolfSSL 11:cee25a834751 22540
wolfSSL 11:cee25a834751 22541 if (SetIndividualExternal(&dsa->g, &key->g) != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 22542 WOLFSSL_MSG("dsa g key error");
wolfSSL 11:cee25a834751 22543 FreeDer(&pDer);
wolfSSL 11:cee25a834751 22544 wolfSSL_DSA_free(dsa);
wolfSSL 11:cee25a834751 22545 return NULL;
wolfSSL 11:cee25a834751 22546 }
wolfSSL 11:cee25a834751 22547
wolfSSL 11:cee25a834751 22548 if (x != NULL) {
wolfSSL 11:cee25a834751 22549 *x = dsa;
wolfSSL 11:cee25a834751 22550 }
wolfSSL 11:cee25a834751 22551
wolfSSL 11:cee25a834751 22552 FreeDer(&pDer);
wolfSSL 11:cee25a834751 22553 return dsa;
wolfSSL 11:cee25a834751 22554 }
wolfSSL 11:cee25a834751 22555 #endif /* NO_DSA */
wolfSSL 11:cee25a834751 22556
wolfSSL 11:cee25a834751 22557 #include "src/bio.c"
wolfSSL 11:cee25a834751 22558
wolfSSL 11:cee25a834751 22559 #endif /* OPENSSL_EXTRA */
wolfSSL 11:cee25a834751 22560
wolfSSL 11:cee25a834751 22561
wolfSSL 11:cee25a834751 22562 #if defined(HAVE_LIGHTY) || defined(HAVE_STUNNEL) \
wolfSSL 11:cee25a834751 22563 || defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(OPENSSL_EXTRA) || defined(WOLFSSL_HAPROXY)
wolfSSL 11:cee25a834751 22564 char * wolfSSL_OBJ_nid2ln(int n) {
wolfSSL 11:cee25a834751 22565 (void)n;
wolfSSL 11:cee25a834751 22566 WOLFSSL_ENTER("wolfSSL_OBJ_nid2ln");
wolfSSL 11:cee25a834751 22567 WOLFSSL_STUB("wolfSSL_OBJ_nid2ln");
wolfSSL 11:cee25a834751 22568
wolfSSL 11:cee25a834751 22569 return NULL;
wolfSSL 11:cee25a834751 22570 }
wolfSSL 11:cee25a834751 22571
wolfSSL 11:cee25a834751 22572 int wolfSSL_OBJ_txt2nid(const char* s) {
wolfSSL 11:cee25a834751 22573 (void)s;
wolfSSL 11:cee25a834751 22574 WOLFSSL_ENTER("wolfSSL_OBJ_txt2nid");
wolfSSL 11:cee25a834751 22575 WOLFSSL_STUB("wolfSSL_OBJ_txt2nid");
wolfSSL 11:cee25a834751 22576
wolfSSL 11:cee25a834751 22577 return 0;
wolfSSL 11:cee25a834751 22578 }
wolfSSL 11:cee25a834751 22579
wolfSSL 11:cee25a834751 22580
wolfSSL 11:cee25a834751 22581 WOLFSSL_BIO *wolfSSL_BIO_new_file(const char *filename, const char *mode)
wolfSSL 11:cee25a834751 22582 {
wolfSSL 11:cee25a834751 22583 #ifndef NO_FILESYSTEM
wolfSSL 11:cee25a834751 22584 WOLFSSL_BIO* bio;
wolfSSL 11:cee25a834751 22585 XFILE fp;
wolfSSL 11:cee25a834751 22586
wolfSSL 11:cee25a834751 22587 WOLFSSL_ENTER("wolfSSL_BIO_new_file");
wolfSSL 11:cee25a834751 22588
wolfSSL 11:cee25a834751 22589 fp = XFOPEN(filename, mode);
wolfSSL 11:cee25a834751 22590 if (fp == NULL)
wolfSSL 11:cee25a834751 22591 return NULL;
wolfSSL 11:cee25a834751 22592
wolfSSL 11:cee25a834751 22593 bio = wolfSSL_BIO_new(wolfSSL_BIO_s_file());
wolfSSL 11:cee25a834751 22594 if (bio == NULL) {
wolfSSL 11:cee25a834751 22595 XFCLOSE(fp);
wolfSSL 11:cee25a834751 22596 return bio;
wolfSSL 11:cee25a834751 22597 }
wolfSSL 11:cee25a834751 22598
wolfSSL 11:cee25a834751 22599 if (wolfSSL_BIO_set_fp(bio, fp, BIO_CLOSE) != SSL_SUCCESS) {
wolfSSL 11:cee25a834751 22600 XFCLOSE(fp);
wolfSSL 11:cee25a834751 22601 wolfSSL_BIO_free(bio);
wolfSSL 11:cee25a834751 22602 bio = NULL;
wolfSSL 11:cee25a834751 22603 }
wolfSSL 11:cee25a834751 22604
wolfSSL 11:cee25a834751 22605 /* file is closed when BIO is free'd */
wolfSSL 11:cee25a834751 22606 return bio;
wolfSSL 11:cee25a834751 22607 #else
wolfSSL 11:cee25a834751 22608 (void)filename;
wolfSSL 11:cee25a834751 22609 (void)mode;
wolfSSL 11:cee25a834751 22610 return NULL;
wolfSSL 11:cee25a834751 22611 #endif
wolfSSL 11:cee25a834751 22612 }
wolfSSL 11:cee25a834751 22613
wolfSSL 11:cee25a834751 22614
wolfSSL 11:cee25a834751 22615 #ifndef NO_DH
wolfSSL 11:cee25a834751 22616 WOLFSSL_DH *wolfSSL_PEM_read_bio_DHparams(WOLFSSL_BIO *bio, WOLFSSL_DH **x,
wolfSSL 11:cee25a834751 22617 pem_password_cb *cb, void *u)
wolfSSL 11:cee25a834751 22618 {
wolfSSL 11:cee25a834751 22619 #ifndef NO_FILESYSTEM
wolfSSL 11:cee25a834751 22620 WOLFSSL_DH* localDh = NULL;
wolfSSL 11:cee25a834751 22621 unsigned char* mem = NULL;
wolfSSL 11:cee25a834751 22622 word32 size;
wolfSSL 11:cee25a834751 22623 long sz;
wolfSSL 11:cee25a834751 22624 int ret;
wolfSSL 11:cee25a834751 22625 DerBuffer *der = NULL;
wolfSSL 11:cee25a834751 22626 byte* p = NULL;
wolfSSL 11:cee25a834751 22627 byte* g = NULL;
wolfSSL 11:cee25a834751 22628 word32 pSz = MAX_DH_SIZE;
wolfSSL 11:cee25a834751 22629 word32 gSz = MAX_DH_SIZE;
wolfSSL 11:cee25a834751 22630 int memAlloced = 0;
wolfSSL 11:cee25a834751 22631
wolfSSL 11:cee25a834751 22632 WOLFSSL_ENTER("wolfSSL_PEM_read_bio_DHparams");
wolfSSL 11:cee25a834751 22633 (void)cb;
wolfSSL 11:cee25a834751 22634 (void)u;
wolfSSL 11:cee25a834751 22635
wolfSSL 11:cee25a834751 22636 if (bio == NULL) {
wolfSSL 11:cee25a834751 22637 WOLFSSL_MSG("Bad Function Argument bio is NULL");
wolfSSL 11:cee25a834751 22638 return NULL;
wolfSSL 11:cee25a834751 22639 }
wolfSSL 11:cee25a834751 22640
wolfSSL 11:cee25a834751 22641 if (bio->type == BIO_MEMORY) {
wolfSSL 11:cee25a834751 22642 /* Use the buffer directly. */
wolfSSL 11:cee25a834751 22643 ret = wolfSSL_BIO_get_mem_data(bio, &mem);
wolfSSL 11:cee25a834751 22644 if (mem == NULL || ret <= 0) {
wolfSSL 11:cee25a834751 22645 WOLFSSL_MSG("Failed to get data from bio struct");
wolfSSL 11:cee25a834751 22646 goto end;
wolfSSL 11:cee25a834751 22647 }
wolfSSL 11:cee25a834751 22648 size = ret;
wolfSSL 11:cee25a834751 22649 }
wolfSSL 11:cee25a834751 22650 else if (bio->type == BIO_FILE) {
wolfSSL 11:cee25a834751 22651 /* Read whole file into a new buffer. */
wolfSSL 11:cee25a834751 22652 XFSEEK(bio->file, 0, SEEK_END);
wolfSSL 11:cee25a834751 22653 sz = XFTELL(bio->file);
wolfSSL 11:cee25a834751 22654 XFSEEK(bio->file, 0, SEEK_SET);
wolfSSL 11:cee25a834751 22655 if (sz <= 0L)
wolfSSL 11:cee25a834751 22656 goto end;
wolfSSL 11:cee25a834751 22657 mem = (unsigned char*)XMALLOC(sz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 22658 if (mem == NULL)
wolfSSL 11:cee25a834751 22659 goto end;
wolfSSL 11:cee25a834751 22660 memAlloced = 1;
wolfSSL 11:cee25a834751 22661
wolfSSL 11:cee25a834751 22662 if (wolfSSL_BIO_read(bio, (char *)mem, (int)sz) <= 0)
wolfSSL 11:cee25a834751 22663 goto end;
wolfSSL 11:cee25a834751 22664 size = (word32)sz;
wolfSSL 11:cee25a834751 22665 }
wolfSSL 11:cee25a834751 22666 else {
wolfSSL 11:cee25a834751 22667 WOLFSSL_MSG("BIO type not supported for reading DH parameters");
wolfSSL 11:cee25a834751 22668 goto end;
wolfSSL 11:cee25a834751 22669 }
wolfSSL 11:cee25a834751 22670
wolfSSL 11:cee25a834751 22671 ret = PemToDer(mem, size, DH_PARAM_TYPE, &der, NULL, NULL, NULL);
wolfSSL 11:cee25a834751 22672 if (ret != 0)
wolfSSL 11:cee25a834751 22673 goto end;
wolfSSL 11:cee25a834751 22674
wolfSSL 11:cee25a834751 22675 /* Use the object passed in, otherwise allocate a new object */
wolfSSL 11:cee25a834751 22676 if (x != NULL)
wolfSSL 11:cee25a834751 22677 localDh = *x;
wolfSSL 11:cee25a834751 22678 if (localDh == NULL) {
wolfSSL 11:cee25a834751 22679 localDh = (WOLFSSL_DH*)XMALLOC(sizeof(WOLFSSL_DH), NULL,
wolfSSL 11:cee25a834751 22680 DYNAMIC_TYPE_OPENSSL);
wolfSSL 11:cee25a834751 22681 if (localDh == NULL)
wolfSSL 11:cee25a834751 22682 goto end;
wolfSSL 11:cee25a834751 22683 XMEMSET(localDh, 0, sizeof(WOLFSSL_DH));
wolfSSL 11:cee25a834751 22684 }
wolfSSL 11:cee25a834751 22685
wolfSSL 11:cee25a834751 22686 /* Load data in manually */
wolfSSL 11:cee25a834751 22687 p = (byte*)XMALLOC(pSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 22688 g = (byte*)XMALLOC(gSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 22689 if (p == NULL || g == NULL)
wolfSSL 11:cee25a834751 22690 goto end;
wolfSSL 11:cee25a834751 22691
wolfSSL 11:cee25a834751 22692 /* Extract the p and g as data from the DER encoded DH parameters. */
wolfSSL 11:cee25a834751 22693 ret = wc_DhParamsLoad(der->buffer, der->length, p, &pSz, g, &gSz);
wolfSSL 11:cee25a834751 22694 if (ret != 0) {
wolfSSL 11:cee25a834751 22695 if (x != NULL && localDh != *x)
wolfSSL 11:cee25a834751 22696 XFREE(localDh, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL 11:cee25a834751 22697 localDh = NULL;
wolfSSL 11:cee25a834751 22698 goto end;
wolfSSL 11:cee25a834751 22699 }
wolfSSL 11:cee25a834751 22700
wolfSSL 11:cee25a834751 22701 if (x != NULL)
wolfSSL 11:cee25a834751 22702 *x = localDh;
wolfSSL 11:cee25a834751 22703
wolfSSL 11:cee25a834751 22704 /* Put p and g in as big numbers. */
wolfSSL 11:cee25a834751 22705 if (localDh->p != NULL) {
wolfSSL 11:cee25a834751 22706 wolfSSL_BN_free(localDh->p);
wolfSSL 11:cee25a834751 22707 localDh->p = NULL;
wolfSSL 11:cee25a834751 22708 }
wolfSSL 11:cee25a834751 22709 if (localDh->g != NULL) {
wolfSSL 11:cee25a834751 22710 wolfSSL_BN_free(localDh->g);
wolfSSL 11:cee25a834751 22711 localDh->g = NULL;
wolfSSL 11:cee25a834751 22712 }
wolfSSL 11:cee25a834751 22713 localDh->p = wolfSSL_BN_bin2bn(p, pSz, NULL);
wolfSSL 11:cee25a834751 22714 localDh->g = wolfSSL_BN_bin2bn(g, gSz, NULL);
wolfSSL 11:cee25a834751 22715 if (localDh->p == NULL || localDh->g == NULL) {
wolfSSL 11:cee25a834751 22716 if (x != NULL && localDh != *x)
wolfSSL 11:cee25a834751 22717 wolfSSL_DH_free(localDh);
wolfSSL 11:cee25a834751 22718 localDh = NULL;
wolfSSL 11:cee25a834751 22719 }
wolfSSL 11:cee25a834751 22720
wolfSSL 11:cee25a834751 22721 end:
wolfSSL 11:cee25a834751 22722 if (memAlloced) XFREE(mem, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 22723 if (der != NULL) FreeDer(&der);
wolfSSL 11:cee25a834751 22724 XFREE(p, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 22725 XFREE(g, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 22726 return localDh;
wolfSSL 11:cee25a834751 22727 #else
wolfSSL 11:cee25a834751 22728 (void)bio;
wolfSSL 11:cee25a834751 22729 (void)x;
wolfSSL 11:cee25a834751 22730 (void)cb;
wolfSSL 11:cee25a834751 22731 (void)u;
wolfSSL 11:cee25a834751 22732 return NULL;
wolfSSL 11:cee25a834751 22733 #endif
wolfSSL 11:cee25a834751 22734 }
wolfSSL 11:cee25a834751 22735 #endif
wolfSSL 11:cee25a834751 22736
wolfSSL 11:cee25a834751 22737
wolfSSL 11:cee25a834751 22738 int wolfSSL_PEM_write_bio_X509(WOLFSSL_BIO *bio, WOLFSSL_X509 *cert)
wolfSSL 11:cee25a834751 22739 {
wolfSSL 11:cee25a834751 22740 byte* certDer;
wolfSSL 11:cee25a834751 22741 int derSz;
wolfSSL 11:cee25a834751 22742 int pemSz;
wolfSSL 11:cee25a834751 22743 int ret;
wolfSSL 11:cee25a834751 22744
wolfSSL 11:cee25a834751 22745 WOLFSSL_ENTER("wolfSSL_PEM_write_bio_X509");
wolfSSL 11:cee25a834751 22746
wolfSSL 11:cee25a834751 22747 if (bio == NULL || cert == NULL) {
wolfSSL 11:cee25a834751 22748 return SSL_FAILURE;
wolfSSL 11:cee25a834751 22749 }
wolfSSL 11:cee25a834751 22750
wolfSSL 11:cee25a834751 22751 if (bio->type != BIO_MEMORY) {
wolfSSL 11:cee25a834751 22752 WOLFSSL_MSG("BIO type not supported for writing X509 as PEM");
wolfSSL 11:cee25a834751 22753 return SSL_FAILURE;
wolfSSL 11:cee25a834751 22754 }
wolfSSL 11:cee25a834751 22755
wolfSSL 11:cee25a834751 22756 certDer = cert->derCert->buffer;
wolfSSL 11:cee25a834751 22757 derSz = cert->derCert->length;
wolfSSL 11:cee25a834751 22758
wolfSSL 11:cee25a834751 22759 /* Get PEM encoded length and allocate memory for it. */
wolfSSL 11:cee25a834751 22760 pemSz = wc_DerToPem(certDer, derSz, NULL, 0, CERT_TYPE);
wolfSSL 11:cee25a834751 22761 if (pemSz < 0) {
wolfSSL 11:cee25a834751 22762 WOLFSSL_LEAVE("wolfSSL_PEM_write_bio_X509", pemSz);
wolfSSL 11:cee25a834751 22763 return SSL_FAILURE;
wolfSSL 11:cee25a834751 22764 }
wolfSSL 11:cee25a834751 22765 if (bio->mem != NULL) {
wolfSSL 11:cee25a834751 22766 XFREE(bio->mem, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL 11:cee25a834751 22767 }
wolfSSL 11:cee25a834751 22768 bio->mem = (byte*)XMALLOC(pemSz, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL 11:cee25a834751 22769 if (bio->mem == NULL) {
wolfSSL 11:cee25a834751 22770 return SSL_FAILURE;
wolfSSL 11:cee25a834751 22771 }
wolfSSL 11:cee25a834751 22772 bio->memLen = pemSz;
wolfSSL 11:cee25a834751 22773
wolfSSL 11:cee25a834751 22774 ret = wc_DerToPemEx(certDer, derSz, bio->mem, bio->memLen, NULL, CERT_TYPE);
wolfSSL 11:cee25a834751 22775 if (ret < 0) {
wolfSSL 11:cee25a834751 22776 WOLFSSL_LEAVE("wolfSSL_PEM_write_bio_X509", ret);
wolfSSL 11:cee25a834751 22777 return SSL_FAILURE;
wolfSSL 11:cee25a834751 22778 }
wolfSSL 11:cee25a834751 22779
wolfSSL 11:cee25a834751 22780 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 22781 }
wolfSSL 11:cee25a834751 22782
wolfSSL 11:cee25a834751 22783
wolfSSL 11:cee25a834751 22784 #if defined(OPENSSL_EXTRA) && !defined(NO_DH)
wolfSSL 11:cee25a834751 22785 /* Intialize ctx->dh with dh's params. Return SSL_SUCCESS on ok */
wolfSSL 11:cee25a834751 22786 long wolfSSL_CTX_set_tmp_dh(WOLFSSL_CTX* ctx, WOLFSSL_DH* dh)
wolfSSL 11:cee25a834751 22787 {
wolfSSL 11:cee25a834751 22788 int pSz, gSz;
wolfSSL 11:cee25a834751 22789 byte *p, *g;
wolfSSL 11:cee25a834751 22790 int ret=0;
wolfSSL 11:cee25a834751 22791
wolfSSL 11:cee25a834751 22792 WOLFSSL_ENTER("wolfSSL_CTX_set_tmp_dh");
wolfSSL 11:cee25a834751 22793
wolfSSL 11:cee25a834751 22794 if(!ctx || !dh)
wolfSSL 11:cee25a834751 22795 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 22796
wolfSSL 11:cee25a834751 22797 /* Get needed size for p and g */
wolfSSL 11:cee25a834751 22798 pSz = wolfSSL_BN_bn2bin(dh->p, NULL);
wolfSSL 11:cee25a834751 22799 gSz = wolfSSL_BN_bn2bin(dh->g, NULL);
wolfSSL 11:cee25a834751 22800
wolfSSL 11:cee25a834751 22801 if(pSz <= 0 || gSz <= 0)
wolfSSL 11:cee25a834751 22802 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 22803
wolfSSL 11:cee25a834751 22804 p = (byte*)XMALLOC(pSz, ctx->heap, DYNAMIC_TYPE_DH_BUFFER);
wolfSSL 11:cee25a834751 22805 if(!p)
wolfSSL 11:cee25a834751 22806 return MEMORY_E;
wolfSSL 11:cee25a834751 22807
wolfSSL 11:cee25a834751 22808 g = (byte*)XMALLOC(gSz, ctx->heap, DYNAMIC_TYPE_DH_BUFFER);
wolfSSL 11:cee25a834751 22809 if(!g) {
wolfSSL 11:cee25a834751 22810 XFREE(p, ctx->heap, DYNAMIC_TYPE_DH_BUFFER);
wolfSSL 11:cee25a834751 22811 return MEMORY_E;
wolfSSL 11:cee25a834751 22812 }
wolfSSL 11:cee25a834751 22813
wolfSSL 11:cee25a834751 22814 pSz = wolfSSL_BN_bn2bin(dh->p, p);
wolfSSL 11:cee25a834751 22815 gSz = wolfSSL_BN_bn2bin(dh->g, g);
wolfSSL 11:cee25a834751 22816
wolfSSL 11:cee25a834751 22817 if(pSz >= 0 && gSz >= 0) /* Conversion successful */
wolfSSL 11:cee25a834751 22818 ret = wolfSSL_CTX_SetTmpDH(ctx, p, pSz, g, gSz);
wolfSSL 11:cee25a834751 22819
wolfSSL 11:cee25a834751 22820 XFREE(p, ctx->heap, DYNAMIC_TYPE_DH_BUFFER);
wolfSSL 11:cee25a834751 22821 XFREE(g, ctx->heap, DYNAMIC_TYPE_DH_BUFFER);
wolfSSL 11:cee25a834751 22822
wolfSSL 11:cee25a834751 22823 return pSz > 0 && gSz > 0 ? ret : SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 22824 }
wolfSSL 11:cee25a834751 22825 #endif /* OPENSSL_EXTRA && !NO_DH */
wolfSSL 11:cee25a834751 22826 #endif /* HAVE_LIGHTY || HAVE_STUNNEL || WOLFSSL_MYSQL_COMPATIBLE || WOLFSSL_HAPROXY */
wolfSSL 11:cee25a834751 22827
wolfSSL 11:cee25a834751 22828
wolfSSL 11:cee25a834751 22829 /* stunnel compatibility functions*/
wolfSSL 11:cee25a834751 22830 #if defined(OPENSSL_EXTRA) && (defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX))
wolfSSL 11:cee25a834751 22831 void WOLFSSL_ERR_remove_thread_state(void* pid)
wolfSSL 11:cee25a834751 22832 {
wolfSSL 11:cee25a834751 22833 (void) pid;
wolfSSL 11:cee25a834751 22834 return;
wolfSSL 11:cee25a834751 22835 }
wolfSSL 11:cee25a834751 22836
wolfSSL 11:cee25a834751 22837 /***TBD ***/
wolfSSL 11:cee25a834751 22838 void wolfSSL_print_all_errors_fp(XFILE *fp)
wolfSSL 11:cee25a834751 22839 {
wolfSSL 11:cee25a834751 22840 (void)fp;
wolfSSL 11:cee25a834751 22841 }
wolfSSL 11:cee25a834751 22842
wolfSSL 11:cee25a834751 22843 int wolfSSL_SESSION_set_ex_data(WOLFSSL_SESSION* session, int idx, void* data)
wolfSSL 11:cee25a834751 22844 {
wolfSSL 11:cee25a834751 22845 WOLFSSL_ENTER("wolfSSL_SESSION_set_ex_data");
wolfSSL 11:cee25a834751 22846 #ifdef HAVE_EX_DATA
wolfSSL 11:cee25a834751 22847 if(session != NULL && idx < MAX_EX_DATA) {
wolfSSL 11:cee25a834751 22848 session->ex_data[idx] = data;
wolfSSL 11:cee25a834751 22849 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 22850 }
wolfSSL 11:cee25a834751 22851 #endif
wolfSSL 11:cee25a834751 22852 return SSL_FAILURE;
wolfSSL 11:cee25a834751 22853 }
wolfSSL 11:cee25a834751 22854
wolfSSL 11:cee25a834751 22855
wolfSSL 11:cee25a834751 22856 int wolfSSL_SESSION_get_ex_new_index(long idx, void* data, void* cb1,
wolfSSL 11:cee25a834751 22857 void* cb2, CRYPTO_free_func* cb3)
wolfSSL 11:cee25a834751 22858 {
wolfSSL 11:cee25a834751 22859 WOLFSSL_ENTER("wolfSSL_SESSION_get_ex_new_index");
wolfSSL 11:cee25a834751 22860 (void)idx;
wolfSSL 11:cee25a834751 22861 (void)cb1;
wolfSSL 11:cee25a834751 22862 (void)cb2;
wolfSSL 11:cee25a834751 22863 (void)cb3;
wolfSSL 11:cee25a834751 22864 if(XSTRNCMP((const char*)data, "redirect index", 14) == 0) {
wolfSSL 11:cee25a834751 22865 return 0;
wolfSSL 11:cee25a834751 22866 }
wolfSSL 11:cee25a834751 22867 else if(XSTRNCMP((const char*)data, "addr index", 10) == 0) {
wolfSSL 11:cee25a834751 22868 return 1;
wolfSSL 11:cee25a834751 22869 }
wolfSSL 11:cee25a834751 22870 return SSL_FAILURE;
wolfSSL 11:cee25a834751 22871 }
wolfSSL 11:cee25a834751 22872
wolfSSL 11:cee25a834751 22873
wolfSSL 11:cee25a834751 22874 void* wolfSSL_SESSION_get_ex_data(const WOLFSSL_SESSION* session, int idx)
wolfSSL 11:cee25a834751 22875 {
wolfSSL 11:cee25a834751 22876 WOLFSSL_ENTER("wolfSSL_SESSION_get_ex_data");
wolfSSL 11:cee25a834751 22877 #ifdef HAVE_EX_DATA
wolfSSL 11:cee25a834751 22878 if (session != NULL && idx < MAX_EX_DATA && idx >= 0)
wolfSSL 11:cee25a834751 22879 return session->ex_data[idx];
wolfSSL 11:cee25a834751 22880 #endif
wolfSSL 11:cee25a834751 22881 return NULL;
wolfSSL 11:cee25a834751 22882 }
wolfSSL 11:cee25a834751 22883
wolfSSL 11:cee25a834751 22884
wolfSSL 11:cee25a834751 22885 int wolfSSL_CRYPTO_set_mem_ex_functions(void *(*m) (size_t, const char *, int),
wolfSSL 11:cee25a834751 22886 void *(*r) (void *, size_t, const char *,
wolfSSL 11:cee25a834751 22887 int), void (*f) (void *))
wolfSSL 11:cee25a834751 22888 {
wolfSSL 11:cee25a834751 22889 (void) m;
wolfSSL 11:cee25a834751 22890 (void) r;
wolfSSL 11:cee25a834751 22891 (void) f;
wolfSSL 11:cee25a834751 22892 WOLFSSL_ENTER("wolfSSL_CRYPTO_set_mem_ex_functions");
wolfSSL 11:cee25a834751 22893 WOLFSSL_STUB("wolfSSL_CRYPTO_set_mem_ex_functions");
wolfSSL 11:cee25a834751 22894
wolfSSL 11:cee25a834751 22895 return SSL_FAILURE;
wolfSSL 11:cee25a834751 22896 }
wolfSSL 11:cee25a834751 22897
wolfSSL 11:cee25a834751 22898
wolfSSL 11:cee25a834751 22899 WOLFSSL_DH *wolfSSL_DH_generate_parameters(int prime_len, int generator,
wolfSSL 11:cee25a834751 22900 void (*callback) (int, int, void *), void *cb_arg)
wolfSSL 11:cee25a834751 22901 {
wolfSSL 11:cee25a834751 22902 (void)prime_len;
wolfSSL 11:cee25a834751 22903 (void)generator;
wolfSSL 11:cee25a834751 22904 (void)callback;
wolfSSL 11:cee25a834751 22905 (void)cb_arg;
wolfSSL 11:cee25a834751 22906 WOLFSSL_ENTER("wolfSSL_DH_generate_parameters");
wolfSSL 11:cee25a834751 22907 WOLFSSL_STUB("wolfSSL_DH_generate_parameters");
wolfSSL 11:cee25a834751 22908
wolfSSL 11:cee25a834751 22909 return NULL;
wolfSSL 11:cee25a834751 22910 }
wolfSSL 11:cee25a834751 22911
wolfSSL 11:cee25a834751 22912 int wolfSSL_DH_generate_parameters_ex(WOLFSSL_DH* dh, int prime_len, int generator,
wolfSSL 11:cee25a834751 22913 void (*callback) (int, int, void *))
wolfSSL 11:cee25a834751 22914 {
wolfSSL 11:cee25a834751 22915 (void)prime_len;
wolfSSL 11:cee25a834751 22916 (void)generator;
wolfSSL 11:cee25a834751 22917 (void)callback;
wolfSSL 11:cee25a834751 22918 (void)dh;
wolfSSL 11:cee25a834751 22919 WOLFSSL_ENTER("wolfSSL_DH_generate_parameters_ex");
wolfSSL 11:cee25a834751 22920 WOLFSSL_STUB("wolfSSL_DH_generate_parameters_ex");
wolfSSL 11:cee25a834751 22921
wolfSSL 11:cee25a834751 22922 return -1;
wolfSSL 11:cee25a834751 22923 }
wolfSSL 11:cee25a834751 22924
wolfSSL 11:cee25a834751 22925
wolfSSL 11:cee25a834751 22926 void wolfSSL_ERR_load_crypto_strings(void)
wolfSSL 11:cee25a834751 22927 {
wolfSSL 11:cee25a834751 22928 WOLFSSL_ENTER("wolfSSL_ERR_load_crypto_strings");
wolfSSL 11:cee25a834751 22929 WOLFSSL_ENTER("wolfSSL_ERR_load_crypto_strings");
wolfSSL 11:cee25a834751 22930 return;
wolfSSL 11:cee25a834751 22931 }
wolfSSL 11:cee25a834751 22932
wolfSSL 11:cee25a834751 22933
wolfSSL 11:cee25a834751 22934 unsigned long wolfSSL_ERR_peek_last_error(void)
wolfSSL 11:cee25a834751 22935 {
wolfSSL 11:cee25a834751 22936 WOLFSSL_ENTER("wolfSSL_ERR_peek_last_error");
wolfSSL 11:cee25a834751 22937
wolfSSL 11:cee25a834751 22938 #ifdef WOLFSSL_NGINX
wolfSSL 11:cee25a834751 22939 {
wolfSSL 11:cee25a834751 22940 int ret;
wolfSSL 11:cee25a834751 22941
wolfSSL 11:cee25a834751 22942 if ((ret = wc_PeekErrorNode(-1, NULL, NULL, NULL)) < 0) {
wolfSSL 11:cee25a834751 22943 WOLFSSL_MSG("Issue peeking at error node in queue");
wolfSSL 11:cee25a834751 22944 return 0;
wolfSSL 11:cee25a834751 22945 }
wolfSSL 11:cee25a834751 22946 if (ret == -SSL_NO_PEM_HEADER)
wolfSSL 11:cee25a834751 22947 return (ERR_LIB_PEM << 24) | PEM_R_NO_START_LINE;
wolfSSL 11:cee25a834751 22948 return (unsigned long)ret;
wolfSSL 11:cee25a834751 22949 }
wolfSSL 11:cee25a834751 22950 #else
wolfSSL 11:cee25a834751 22951 return (unsigned long)(0 - NOT_COMPILED_IN);
wolfSSL 11:cee25a834751 22952 #endif
wolfSSL 11:cee25a834751 22953 }
wolfSSL 11:cee25a834751 22954
wolfSSL 11:cee25a834751 22955
wolfSSL 11:cee25a834751 22956 int wolfSSL_FIPS_mode(void)
wolfSSL 11:cee25a834751 22957 {
wolfSSL 11:cee25a834751 22958 WOLFSSL_ENTER("wolfSSL_FIPS_mode");
wolfSSL 11:cee25a834751 22959 WOLFSSL_STUB("wolfSSL_FIPS_mode");
wolfSSL 11:cee25a834751 22960
wolfSSL 11:cee25a834751 22961 return SSL_FAILURE;
wolfSSL 11:cee25a834751 22962 }
wolfSSL 11:cee25a834751 22963
wolfSSL 11:cee25a834751 22964 int wolfSSL_FIPS_mode_set(int r)
wolfSSL 11:cee25a834751 22965 {
wolfSSL 11:cee25a834751 22966 (void)r;
wolfSSL 11:cee25a834751 22967 WOLFSSL_ENTER("wolfSSL_FIPS_mode_set");
wolfSSL 11:cee25a834751 22968 WOLFSSL_STUB("wolfSSL_FIPS_mode_set");
wolfSSL 11:cee25a834751 22969
wolfSSL 11:cee25a834751 22970 return SSL_FAILURE;
wolfSSL 11:cee25a834751 22971 }
wolfSSL 11:cee25a834751 22972
wolfSSL 11:cee25a834751 22973
wolfSSL 11:cee25a834751 22974 int wolfSSL_RAND_set_rand_method(const void *meth)
wolfSSL 11:cee25a834751 22975 {
wolfSSL 11:cee25a834751 22976 (void) meth;
wolfSSL 11:cee25a834751 22977 WOLFSSL_ENTER("wolfSSL_RAND_set_rand_method");
wolfSSL 11:cee25a834751 22978 WOLFSSL_STUB("wolfSSL_RAND_set_rand_method");
wolfSSL 11:cee25a834751 22979
wolfSSL 11:cee25a834751 22980 return SSL_FAILURE;
wolfSSL 11:cee25a834751 22981 }
wolfSSL 11:cee25a834751 22982
wolfSSL 11:cee25a834751 22983
wolfSSL 11:cee25a834751 22984 int wolfSSL_CIPHER_get_bits(const WOLFSSL_CIPHER *c, int *alg_bits)
wolfSSL 11:cee25a834751 22985 {
wolfSSL 11:cee25a834751 22986 int ret = SSL_FAILURE;
wolfSSL 11:cee25a834751 22987 WOLFSSL_ENTER("wolfSSL_CIPHER_get_bits");
wolfSSL 11:cee25a834751 22988 if(c != NULL && c->ssl != NULL) {
wolfSSL 11:cee25a834751 22989 ret = 8 * c->ssl->specs.key_size;
wolfSSL 11:cee25a834751 22990 if(alg_bits != NULL) {
wolfSSL 11:cee25a834751 22991 *alg_bits = ret;
wolfSSL 11:cee25a834751 22992 }
wolfSSL 11:cee25a834751 22993 }
wolfSSL 11:cee25a834751 22994 return ret;
wolfSSL 11:cee25a834751 22995 }
wolfSSL 11:cee25a834751 22996
wolfSSL 11:cee25a834751 22997
wolfSSL 11:cee25a834751 22998 int wolfSSL_sk_X509_NAME_num(const STACK_OF(WOLFSSL_X509_NAME) *s)
wolfSSL 11:cee25a834751 22999 {
wolfSSL 11:cee25a834751 23000 WOLFSSL_ENTER("wolfSSL_sk_X509_NAME_num");
wolfSSL 11:cee25a834751 23001
wolfSSL 11:cee25a834751 23002 if (s == NULL)
wolfSSL 11:cee25a834751 23003 return -1;
wolfSSL 11:cee25a834751 23004 return (int)s->num;
wolfSSL 11:cee25a834751 23005 }
wolfSSL 11:cee25a834751 23006
wolfSSL 11:cee25a834751 23007
wolfSSL 11:cee25a834751 23008 int wolfSSL_sk_X509_num(const STACK_OF(WOLFSSL_X509) *s)
wolfSSL 11:cee25a834751 23009 {
wolfSSL 11:cee25a834751 23010 WOLFSSL_ENTER("wolfSSL_sk_X509_num");
wolfSSL 11:cee25a834751 23011
wolfSSL 11:cee25a834751 23012 if (s == NULL)
wolfSSL 11:cee25a834751 23013 return -1;
wolfSSL 11:cee25a834751 23014 return (int)s->num;
wolfSSL 11:cee25a834751 23015 }
wolfSSL 11:cee25a834751 23016
wolfSSL 11:cee25a834751 23017
wolfSSL 11:cee25a834751 23018 int wolfSSL_X509_NAME_print_ex(WOLFSSL_BIO* bio, WOLFSSL_X509_NAME* name,
wolfSSL 11:cee25a834751 23019 int indent, unsigned long flags)
wolfSSL 11:cee25a834751 23020 {
wolfSSL 11:cee25a834751 23021 int i;
wolfSSL 11:cee25a834751 23022 (void)flags;
wolfSSL 11:cee25a834751 23023 WOLFSSL_ENTER("wolfSSL_X509_NAME_print_ex");
wolfSSL 11:cee25a834751 23024
wolfSSL 11:cee25a834751 23025 for (i = 0; i < indent; i++) {
wolfSSL 11:cee25a834751 23026 if (wolfSSL_BIO_write(bio, " ", 1) != 1)
wolfSSL 11:cee25a834751 23027 return SSL_FAILURE;
wolfSSL 11:cee25a834751 23028 }
wolfSSL 11:cee25a834751 23029
wolfSSL 11:cee25a834751 23030 if (flags == XN_FLAG_RFC2253) {
wolfSSL 11:cee25a834751 23031 if (wolfSSL_BIO_write(bio, name->name + 1, name->sz - 2)
wolfSSL 11:cee25a834751 23032 != name->sz - 2)
wolfSSL 11:cee25a834751 23033 return SSL_FAILURE;
wolfSSL 11:cee25a834751 23034 }
wolfSSL 11:cee25a834751 23035 else if (wolfSSL_BIO_write(bio, name->name, name->sz) != name->sz)
wolfSSL 11:cee25a834751 23036 return SSL_FAILURE;
wolfSSL 11:cee25a834751 23037
wolfSSL 11:cee25a834751 23038 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 23039 }
wolfSSL 11:cee25a834751 23040
wolfSSL 11:cee25a834751 23041
wolfSSL 11:cee25a834751 23042 WOLFSSL_ASN1_BIT_STRING* wolfSSL_X509_get0_pubkey_bitstr(const WOLFSSL_X509* x)
wolfSSL 11:cee25a834751 23043 {
wolfSSL 11:cee25a834751 23044 (void)x;
wolfSSL 11:cee25a834751 23045 WOLFSSL_ENTER("wolfSSL_X509_get0_pubkey_bitstr");
wolfSSL 11:cee25a834751 23046 WOLFSSL_STUB("wolfSSL_X509_get0_pubkey_bitstr");
wolfSSL 11:cee25a834751 23047
wolfSSL 11:cee25a834751 23048 return NULL;
wolfSSL 11:cee25a834751 23049 }
wolfSSL 11:cee25a834751 23050
wolfSSL 11:cee25a834751 23051
wolfSSL 11:cee25a834751 23052 int wolfSSL_CTX_add_session(WOLFSSL_CTX* ctx, WOLFSSL_SESSION* session)
wolfSSL 11:cee25a834751 23053 {
wolfSSL 11:cee25a834751 23054 (void)ctx;
wolfSSL 11:cee25a834751 23055 (void)session;
wolfSSL 11:cee25a834751 23056 WOLFSSL_ENTER("wolfSSL_CTX_add_session");
wolfSSL 11:cee25a834751 23057 WOLFSSL_STUB("wolfSSL_CTX_add_session");
wolfSSL 11:cee25a834751 23058
wolfSSL 11:cee25a834751 23059 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 23060 }
wolfSSL 11:cee25a834751 23061
wolfSSL 11:cee25a834751 23062
wolfSSL 11:cee25a834751 23063 int wolfSSL_get_state(const WOLFSSL* ssl)
wolfSSL 11:cee25a834751 23064 {
wolfSSL 11:cee25a834751 23065 (void)ssl;
wolfSSL 11:cee25a834751 23066 WOLFSSL_ENTER("wolfSSL_get_state");
wolfSSL 11:cee25a834751 23067 WOLFSSL_STUB("wolfSSL_get_state");
wolfSSL 11:cee25a834751 23068
wolfSSL 11:cee25a834751 23069 return SSL_FAILURE;
wolfSSL 11:cee25a834751 23070 }
wolfSSL 11:cee25a834751 23071
wolfSSL 11:cee25a834751 23072
wolfSSL 11:cee25a834751 23073 void* wolfSSL_sk_X509_NAME_value(const STACK_OF(WOLFSSL_X509_NAME)* sk, int i)
wolfSSL 11:cee25a834751 23074 {
wolfSSL 11:cee25a834751 23075 WOLFSSL_ENTER("wolfSSL_sk_X509_NAME_value");
wolfSSL 11:cee25a834751 23076
wolfSSL 11:cee25a834751 23077 for (; sk != NULL && i > 0; i--)
wolfSSL 11:cee25a834751 23078 sk = sk->next;
wolfSSL 11:cee25a834751 23079
wolfSSL 11:cee25a834751 23080 if (i != 0 || sk == NULL)
wolfSSL 11:cee25a834751 23081 return NULL;
wolfSSL 11:cee25a834751 23082 return sk->data.name;
wolfSSL 11:cee25a834751 23083 }
wolfSSL 11:cee25a834751 23084
wolfSSL 11:cee25a834751 23085
wolfSSL 11:cee25a834751 23086 void* wolfSSL_sk_X509_value(STACK_OF(WOLFSSL_X509)* sk, int i)
wolfSSL 11:cee25a834751 23087 {
wolfSSL 11:cee25a834751 23088 WOLFSSL_ENTER("wolfSSL_sk_X509_value");
wolfSSL 11:cee25a834751 23089
wolfSSL 11:cee25a834751 23090 for (; sk != NULL && i > 0; i--)
wolfSSL 11:cee25a834751 23091 sk = sk->next;
wolfSSL 11:cee25a834751 23092
wolfSSL 11:cee25a834751 23093 if (i != 0 || sk == NULL)
wolfSSL 11:cee25a834751 23094 return NULL;
wolfSSL 11:cee25a834751 23095 return sk->data.x509;
wolfSSL 11:cee25a834751 23096 }
wolfSSL 11:cee25a834751 23097
wolfSSL 11:cee25a834751 23098
wolfSSL 11:cee25a834751 23099 int wolfSSL_version(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 23100 {
wolfSSL 11:cee25a834751 23101 WOLFSSL_ENTER("wolfSSL_version");
wolfSSL 11:cee25a834751 23102 if (ssl->version.major == SSLv3_MAJOR) {
wolfSSL 11:cee25a834751 23103 switch (ssl->version.minor) {
wolfSSL 11:cee25a834751 23104 case SSLv3_MINOR :
wolfSSL 11:cee25a834751 23105 return SSL3_VERSION;
wolfSSL 11:cee25a834751 23106 case TLSv1_MINOR :
wolfSSL 11:cee25a834751 23107 case TLSv1_1_MINOR :
wolfSSL 11:cee25a834751 23108 case TLSv1_2_MINOR :
wolfSSL 11:cee25a834751 23109 return TLS1_VERSION;
wolfSSL 11:cee25a834751 23110 default:
wolfSSL 11:cee25a834751 23111 return SSL_FAILURE;
wolfSSL 11:cee25a834751 23112 }
wolfSSL 11:cee25a834751 23113 }
wolfSSL 11:cee25a834751 23114 else if (ssl->version.major == DTLS_MAJOR) {
wolfSSL 11:cee25a834751 23115 switch (ssl->version.minor) {
wolfSSL 11:cee25a834751 23116 case DTLS_MINOR :
wolfSSL 11:cee25a834751 23117 case DTLSv1_2_MINOR :
wolfSSL 11:cee25a834751 23118 return DTLS1_VERSION;
wolfSSL 11:cee25a834751 23119 default:
wolfSSL 11:cee25a834751 23120 return SSL_FAILURE;
wolfSSL 11:cee25a834751 23121 }
wolfSSL 11:cee25a834751 23122 }
wolfSSL 11:cee25a834751 23123 return SSL_FAILURE;
wolfSSL 11:cee25a834751 23124 }
wolfSSL 11:cee25a834751 23125
wolfSSL 11:cee25a834751 23126
wolfSSL 11:cee25a834751 23127 STACK_OF(WOLFSSL_X509)* wolfSSL_get_peer_cert_chain(const WOLFSSL* ssl)
wolfSSL 11:cee25a834751 23128 {
wolfSSL 11:cee25a834751 23129 (void)ssl;
wolfSSL 11:cee25a834751 23130 WOLFSSL_ENTER("wolfSSL_get_peer_cert_chain");
wolfSSL 11:cee25a834751 23131 WOLFSSL_STUB("wolfSSL_get_peer_cert_chain");
wolfSSL 11:cee25a834751 23132
wolfSSL 11:cee25a834751 23133 return NULL;
wolfSSL 11:cee25a834751 23134 }
wolfSSL 11:cee25a834751 23135
wolfSSL 11:cee25a834751 23136
wolfSSL 11:cee25a834751 23137 WOLFSSL_CTX* wolfSSL_get_SSL_CTX(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 23138 {
wolfSSL 11:cee25a834751 23139 WOLFSSL_ENTER("wolfSSL_get_SSL_CTX");
wolfSSL 11:cee25a834751 23140 return ssl->ctx;
wolfSSL 11:cee25a834751 23141 }
wolfSSL 11:cee25a834751 23142
wolfSSL 11:cee25a834751 23143 int wolfSSL_X509_NAME_get_sz(WOLFSSL_X509_NAME* name)
wolfSSL 11:cee25a834751 23144 {
wolfSSL 11:cee25a834751 23145 WOLFSSL_ENTER("wolfSSL_X509_NAME_get_sz");
wolfSSL 11:cee25a834751 23146 if(!name)
wolfSSL 11:cee25a834751 23147 return -1;
wolfSSL 11:cee25a834751 23148 return name->sz;
wolfSSL 11:cee25a834751 23149 }
wolfSSL 11:cee25a834751 23150
wolfSSL 11:cee25a834751 23151
wolfSSL 11:cee25a834751 23152 #ifdef HAVE_SNI
wolfSSL 11:cee25a834751 23153 int wolfSSL_set_tlsext_host_name(WOLFSSL* ssl, const char* host_name)
wolfSSL 11:cee25a834751 23154 {
wolfSSL 11:cee25a834751 23155 int ret;
wolfSSL 11:cee25a834751 23156 WOLFSSL_ENTER("wolfSSL_set_tlsext_host_name");
wolfSSL 11:cee25a834751 23157 ret = wolfSSL_UseSNI(ssl, WOLFSSL_SNI_HOST_NAME,
wolfSSL 11:cee25a834751 23158 host_name, XSTRLEN(host_name));
wolfSSL 11:cee25a834751 23159 WOLFSSL_LEAVE("wolfSSL_set_tlsext_host_name", ret);
wolfSSL 11:cee25a834751 23160 return ret;
wolfSSL 11:cee25a834751 23161 }
wolfSSL 11:cee25a834751 23162
wolfSSL 11:cee25a834751 23163
wolfSSL 11:cee25a834751 23164 #ifndef NO_WOLFSSL_SERVER
wolfSSL 11:cee25a834751 23165 const char * wolfSSL_get_servername(WOLFSSL* ssl, byte type)
wolfSSL 11:cee25a834751 23166 {
wolfSSL 11:cee25a834751 23167 void * serverName = NULL;
wolfSSL 11:cee25a834751 23168 if (ssl == NULL)
wolfSSL 11:cee25a834751 23169 return NULL;
wolfSSL 11:cee25a834751 23170 TLSX_SNI_GetRequest(ssl->extensions, type, &serverName);
wolfSSL 11:cee25a834751 23171 return (const char *)serverName;
wolfSSL 11:cee25a834751 23172 }
wolfSSL 11:cee25a834751 23173 #endif /* NO_WOLFSSL_SERVER */
wolfSSL 11:cee25a834751 23174 #endif /* HAVE_SNI */
wolfSSL 11:cee25a834751 23175
wolfSSL 11:cee25a834751 23176 WOLFSSL_CTX* wolfSSL_set_SSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx)
wolfSSL 11:cee25a834751 23177 {
wolfSSL 11:cee25a834751 23178 if (ssl && ctx && SetSSL_CTX(ssl, ctx, 0) == SSL_SUCCESS)
wolfSSL 11:cee25a834751 23179 return ssl->ctx;
wolfSSL 11:cee25a834751 23180 return NULL;
wolfSSL 11:cee25a834751 23181 }
wolfSSL 11:cee25a834751 23182
wolfSSL 11:cee25a834751 23183
wolfSSL 11:cee25a834751 23184 VerifyCallback wolfSSL_CTX_get_verify_callback(WOLFSSL_CTX* ctx)
wolfSSL 11:cee25a834751 23185 {
wolfSSL 11:cee25a834751 23186 WOLFSSL_ENTER("wolfSSL_CTX_get_verify_callback");
wolfSSL 11:cee25a834751 23187 if(ctx)
wolfSSL 11:cee25a834751 23188 return ctx->verifyCallback;
wolfSSL 11:cee25a834751 23189 return NULL;
wolfSSL 11:cee25a834751 23190 }
wolfSSL 11:cee25a834751 23191
wolfSSL 11:cee25a834751 23192
wolfSSL 11:cee25a834751 23193 void wolfSSL_CTX_set_servername_callback(WOLFSSL_CTX* ctx, CallbackSniRecv cb)
wolfSSL 11:cee25a834751 23194 {
wolfSSL 11:cee25a834751 23195 WOLFSSL_ENTER("wolfSSL_CTX_set_servername_callback");
wolfSSL 11:cee25a834751 23196 if (ctx)
wolfSSL 11:cee25a834751 23197 ctx->sniRecvCb = cb;
wolfSSL 11:cee25a834751 23198 }
wolfSSL 11:cee25a834751 23199
wolfSSL 11:cee25a834751 23200 int wolfSSL_CTX_set_tlsext_servername_callback(WOLFSSL_CTX* ctx,
wolfSSL 11:cee25a834751 23201 CallbackSniRecv cb)
wolfSSL 11:cee25a834751 23202 {
wolfSSL 11:cee25a834751 23203 WOLFSSL_ENTER("wolfSSL_CTX_set_tlsext_servername_callback");
wolfSSL 11:cee25a834751 23204 if (ctx) {
wolfSSL 11:cee25a834751 23205 ctx->sniRecvCb = cb;
wolfSSL 11:cee25a834751 23206 return 1;
wolfSSL 11:cee25a834751 23207 }
wolfSSL 11:cee25a834751 23208 return 0;
wolfSSL 11:cee25a834751 23209 }
wolfSSL 11:cee25a834751 23210
wolfSSL 11:cee25a834751 23211 void wolfSSL_CTX_set_servername_arg(WOLFSSL_CTX* ctx, void* arg)
wolfSSL 11:cee25a834751 23212 {
wolfSSL 11:cee25a834751 23213 WOLFSSL_ENTER("wolfSSL_CTX_set_servername_arg");
wolfSSL 11:cee25a834751 23214 if (ctx)
wolfSSL 11:cee25a834751 23215 ctx->sniRecvCbArg = arg;
wolfSSL 11:cee25a834751 23216 }
wolfSSL 11:cee25a834751 23217
wolfSSL 11:cee25a834751 23218
wolfSSL 11:cee25a834751 23219 long wolfSSL_CTX_clear_options(WOLFSSL_CTX* ctx, long opt)
wolfSSL 11:cee25a834751 23220 {
wolfSSL 11:cee25a834751 23221 WOLFSSL_ENTER("SSL_CTX_clear_options");
wolfSSL 11:cee25a834751 23222 WOLFSSL_STUB("SSL_CTX_clear_options");
wolfSSL 11:cee25a834751 23223 (void)ctx;
wolfSSL 11:cee25a834751 23224 (void)opt;
wolfSSL 11:cee25a834751 23225 return opt;
wolfSSL 11:cee25a834751 23226 }
wolfSSL 11:cee25a834751 23227
wolfSSL 11:cee25a834751 23228 void wolfSSL_THREADID_set_callback(void(*threadid_func)(void*))
wolfSSL 11:cee25a834751 23229 {
wolfSSL 11:cee25a834751 23230 WOLFSSL_ENTER("wolfSSL_THREADID_set_callback");
wolfSSL 11:cee25a834751 23231 WOLFSSL_STUB("wolfSSL_THREADID_set_callback");
wolfSSL 11:cee25a834751 23232 (void)threadid_func;
wolfSSL 11:cee25a834751 23233 return;
wolfSSL 11:cee25a834751 23234 }
wolfSSL 11:cee25a834751 23235
wolfSSL 11:cee25a834751 23236 void wolfSSL_THREADID_set_numeric(void* id, unsigned long val)
wolfSSL 11:cee25a834751 23237 {
wolfSSL 11:cee25a834751 23238 WOLFSSL_ENTER("wolfSSL_THREADID_set_numeric");
wolfSSL 11:cee25a834751 23239 WOLFSSL_STUB("wolfSSL_THREADID_set_numeric");
wolfSSL 11:cee25a834751 23240 (void)id;
wolfSSL 11:cee25a834751 23241 (void)val;
wolfSSL 11:cee25a834751 23242 return;
wolfSSL 11:cee25a834751 23243 }
wolfSSL 11:cee25a834751 23244
wolfSSL 11:cee25a834751 23245
wolfSSL 11:cee25a834751 23246 STACK_OF(WOLFSSL_X509)* wolfSSL_X509_STORE_get1_certs(WOLFSSL_X509_STORE_CTX* ctx,
wolfSSL 11:cee25a834751 23247 WOLFSSL_X509_NAME* name)
wolfSSL 11:cee25a834751 23248 {
wolfSSL 11:cee25a834751 23249 WOLFSSL_ENTER("wolfSSL_X509_STORE_get1_certs");
wolfSSL 11:cee25a834751 23250 WOLFSSL_STUB("wolfSSL_X509_STORE_get1_certs");
wolfSSL 11:cee25a834751 23251 (void)ctx;
wolfSSL 11:cee25a834751 23252 (void)name;
wolfSSL 11:cee25a834751 23253 return NULL;
wolfSSL 11:cee25a834751 23254 }
wolfSSL 11:cee25a834751 23255
wolfSSL 11:cee25a834751 23256 void wolfSSL_sk_X509_pop_free(STACK_OF(WOLFSSL_X509)* sk, void f (WOLFSSL_X509*)){
wolfSSL 11:cee25a834751 23257 (void) sk;
wolfSSL 11:cee25a834751 23258 (void) f;
wolfSSL 11:cee25a834751 23259 WOLFSSL_ENTER("wolfSSL_sk_X509_pop_free");
wolfSSL 11:cee25a834751 23260 WOLFSSL_STUB("wolfSSL_sk_X509_pop_free");
wolfSSL 11:cee25a834751 23261 }
wolfSSL 11:cee25a834751 23262
wolfSSL 11:cee25a834751 23263 #endif /* OPENSSL_EXTRA and HAVE_STUNNEL */
wolfSSL 11:cee25a834751 23264 #if defined(OPENSSL_EXTRA) && (defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX))\
wolfSSL 11:cee25a834751 23265 || defined(WOLFSSL_HAPROXY)
wolfSSL 11:cee25a834751 23266
wolfSSL 11:cee25a834751 23267
wolfSSL 11:cee25a834751 23268 const byte* wolfSSL_SESSION_get_id(WOLFSSL_SESSION* sess, unsigned int* idLen)
wolfSSL 11:cee25a834751 23269 {
wolfSSL 11:cee25a834751 23270 WOLFSSL_ENTER("wolfSSL_SESSION_get_id");
wolfSSL 11:cee25a834751 23271 if(!sess || !idLen) {
wolfSSL 11:cee25a834751 23272 WOLFSSL_MSG("Bad func args. Please provide idLen");
wolfSSL 11:cee25a834751 23273 return NULL;
wolfSSL 11:cee25a834751 23274 }
wolfSSL 11:cee25a834751 23275 *idLen = sess->sessionIDSz;
wolfSSL 11:cee25a834751 23276 return sess->sessionID;
wolfSSL 11:cee25a834751 23277 }
wolfSSL 11:cee25a834751 23278 #endif
wolfSSL 11:cee25a834751 23279
wolfSSL 11:cee25a834751 23280 #if (defined(OPENSSL_EXTRA) && defined(HAVE_STUNNEL)) \
wolfSSL 11:cee25a834751 23281 || defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX)
wolfSSL 11:cee25a834751 23282 int wolfSSL_CTX_get_verify_mode(WOLFSSL_CTX* ctx)
wolfSSL 11:cee25a834751 23283 {
wolfSSL 11:cee25a834751 23284 int mode = 0;
wolfSSL 11:cee25a834751 23285 WOLFSSL_ENTER("wolfSSL_CTX_get_verify_mode");
wolfSSL 11:cee25a834751 23286
wolfSSL 11:cee25a834751 23287 if(!ctx)
wolfSSL 11:cee25a834751 23288 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 23289
wolfSSL 11:cee25a834751 23290 if (ctx->verifyPeer)
wolfSSL 11:cee25a834751 23291 mode |= SSL_VERIFY_PEER;
wolfSSL 11:cee25a834751 23292 else if (ctx->verifyNone)
wolfSSL 11:cee25a834751 23293 mode |= SSL_VERIFY_NONE;
wolfSSL 11:cee25a834751 23294
wolfSSL 11:cee25a834751 23295 if (ctx->failNoCert)
wolfSSL 11:cee25a834751 23296 mode |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
wolfSSL 11:cee25a834751 23297
wolfSSL 11:cee25a834751 23298 if (ctx->failNoCertxPSK)
wolfSSL 11:cee25a834751 23299 mode |= SSL_VERIFY_FAIL_EXCEPT_PSK;
wolfSSL 11:cee25a834751 23300
wolfSSL 11:cee25a834751 23301 WOLFSSL_LEAVE("wolfSSL_CTX_get_verify_mode", mode);
wolfSSL 11:cee25a834751 23302 return mode;
wolfSSL 11:cee25a834751 23303 }
wolfSSL 11:cee25a834751 23304 #endif
wolfSSL 11:cee25a834751 23305
wolfSSL 11:cee25a834751 23306 #if defined(OPENSSL_EXTRA) && defined(HAVE_CURVE25519)
wolfSSL 11:cee25a834751 23307 /* return 1 if success, 0 if error
wolfSSL 11:cee25a834751 23308 * output keys are little endian format
wolfSSL 11:cee25a834751 23309 */
wolfSSL 11:cee25a834751 23310 int wolfSSL_EC25519_generate_key(unsigned char *priv, unsigned int *privSz,
wolfSSL 11:cee25a834751 23311 unsigned char *pub, unsigned int *pubSz)
wolfSSL 11:cee25a834751 23312 {
wolfSSL 11:cee25a834751 23313 #ifndef WOLFSSL_KEY_GEN
wolfSSL 11:cee25a834751 23314 WOLFSSL_MSG("No Key Gen built in");
wolfSSL 11:cee25a834751 23315 (void) priv;
wolfSSL 11:cee25a834751 23316 (void) privSz;
wolfSSL 11:cee25a834751 23317 (void) pub;
wolfSSL 11:cee25a834751 23318 (void) pubSz;
wolfSSL 11:cee25a834751 23319 return SSL_FAILURE;
wolfSSL 11:cee25a834751 23320 #else /* WOLFSSL_KEY_GEN */
wolfSSL 11:cee25a834751 23321 int ret = SSL_FAILURE;
wolfSSL 11:cee25a834751 23322 int initTmpRng = 0;
wolfSSL 11:cee25a834751 23323 WC_RNG *rng = NULL;
wolfSSL 11:cee25a834751 23324 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 23325 WC_RNG *tmpRNG = NULL;
wolfSSL 11:cee25a834751 23326 #else
wolfSSL 11:cee25a834751 23327 WC_RNG tmpRNG[1];
wolfSSL 11:cee25a834751 23328 #endif
wolfSSL 11:cee25a834751 23329
wolfSSL 11:cee25a834751 23330 WOLFSSL_ENTER("wolfSSL_EC25519_generate_key");
wolfSSL 11:cee25a834751 23331
wolfSSL 11:cee25a834751 23332 if (priv == NULL || privSz == NULL || *privSz < CURVE25519_KEYSIZE ||
wolfSSL 11:cee25a834751 23333 pub == NULL || pubSz == NULL || *pubSz < CURVE25519_KEYSIZE) {
wolfSSL 11:cee25a834751 23334 WOLFSSL_MSG("Bad arguments");
wolfSSL 11:cee25a834751 23335 return SSL_FAILURE;
wolfSSL 11:cee25a834751 23336 }
wolfSSL 11:cee25a834751 23337
wolfSSL 11:cee25a834751 23338 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 23339 tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 23340 if (tmpRNG == NULL)
wolfSSL 11:cee25a834751 23341 return SSL_FAILURE;
wolfSSL 11:cee25a834751 23342 #endif
wolfSSL 11:cee25a834751 23343 if (wc_InitRng(tmpRNG) == 0) {
wolfSSL 11:cee25a834751 23344 rng = tmpRNG;
wolfSSL 11:cee25a834751 23345 initTmpRng = 1;
wolfSSL 11:cee25a834751 23346 }
wolfSSL 11:cee25a834751 23347 else {
wolfSSL 11:cee25a834751 23348 WOLFSSL_MSG("Bad RNG Init, trying global");
wolfSSL 11:cee25a834751 23349 if (initGlobalRNG == 0)
wolfSSL 11:cee25a834751 23350 WOLFSSL_MSG("Global RNG no Init");
wolfSSL 11:cee25a834751 23351 else
wolfSSL 11:cee25a834751 23352 rng = &globalRNG;
wolfSSL 11:cee25a834751 23353 }
wolfSSL 11:cee25a834751 23354
wolfSSL 11:cee25a834751 23355 if (rng) {
wolfSSL 11:cee25a834751 23356 curve25519_key key;
wolfSSL 11:cee25a834751 23357
wolfSSL 11:cee25a834751 23358 if (wc_curve25519_init(&key) != MP_OKAY)
wolfSSL 11:cee25a834751 23359 WOLFSSL_MSG("wc_curve25519_init failed");
wolfSSL 11:cee25a834751 23360 else if (wc_curve25519_make_key(rng, CURVE25519_KEYSIZE, &key)!=MP_OKAY)
wolfSSL 11:cee25a834751 23361 WOLFSSL_MSG("wc_curve25519_make_key failed");
wolfSSL 11:cee25a834751 23362 /* export key pair */
wolfSSL 11:cee25a834751 23363 else if (wc_curve25519_export_key_raw_ex(&key, priv, privSz, pub,
wolfSSL 11:cee25a834751 23364 pubSz, EC25519_LITTLE_ENDIAN)
wolfSSL 11:cee25a834751 23365 != MP_OKAY)
wolfSSL 11:cee25a834751 23366 WOLFSSL_MSG("wc_curve25519_export_key_raw_ex failed");
wolfSSL 11:cee25a834751 23367 else
wolfSSL 11:cee25a834751 23368 ret = SSL_SUCCESS;
wolfSSL 11:cee25a834751 23369
wolfSSL 11:cee25a834751 23370 wc_curve25519_free(&key);
wolfSSL 11:cee25a834751 23371 }
wolfSSL 11:cee25a834751 23372
wolfSSL 11:cee25a834751 23373 if (initTmpRng)
wolfSSL 11:cee25a834751 23374 wc_FreeRng(tmpRNG);
wolfSSL 11:cee25a834751 23375
wolfSSL 11:cee25a834751 23376 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 23377 XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 23378 #endif
wolfSSL 11:cee25a834751 23379
wolfSSL 11:cee25a834751 23380 return ret;
wolfSSL 11:cee25a834751 23381 #endif /* WOLFSSL_KEY_GEN */
wolfSSL 11:cee25a834751 23382 }
wolfSSL 11:cee25a834751 23383
wolfSSL 11:cee25a834751 23384 /* return 1 if success, 0 if error
wolfSSL 11:cee25a834751 23385 * input and output keys are little endian format
wolfSSL 11:cee25a834751 23386 */
wolfSSL 11:cee25a834751 23387 int wolfSSL_EC25519_shared_key(unsigned char *shared, unsigned int *sharedSz,
wolfSSL 11:cee25a834751 23388 const unsigned char *priv, unsigned int privSz,
wolfSSL 11:cee25a834751 23389 const unsigned char *pub, unsigned int pubSz)
wolfSSL 11:cee25a834751 23390 {
wolfSSL 11:cee25a834751 23391 #ifndef WOLFSSL_KEY_GEN
wolfSSL 11:cee25a834751 23392 WOLFSSL_MSG("No Key Gen built in");
wolfSSL 11:cee25a834751 23393 (void) shared;
wolfSSL 11:cee25a834751 23394 (void) sharedSz;
wolfSSL 11:cee25a834751 23395 (void) priv;
wolfSSL 11:cee25a834751 23396 (void) privSz;
wolfSSL 11:cee25a834751 23397 (void) pub;
wolfSSL 11:cee25a834751 23398 (void) pubSz;
wolfSSL 11:cee25a834751 23399 return SSL_FAILURE;
wolfSSL 11:cee25a834751 23400 #else /* WOLFSSL_KEY_GEN */
wolfSSL 11:cee25a834751 23401 int ret = SSL_FAILURE;
wolfSSL 11:cee25a834751 23402 curve25519_key privkey, pubkey;
wolfSSL 11:cee25a834751 23403
wolfSSL 11:cee25a834751 23404 WOLFSSL_ENTER("wolfSSL_EC25519_shared_key");
wolfSSL 11:cee25a834751 23405
wolfSSL 11:cee25a834751 23406 if (shared == NULL || sharedSz == NULL || *sharedSz < CURVE25519_KEYSIZE ||
wolfSSL 11:cee25a834751 23407 priv == NULL || privSz < CURVE25519_KEYSIZE ||
wolfSSL 11:cee25a834751 23408 pub == NULL || pubSz < CURVE25519_KEYSIZE) {
wolfSSL 11:cee25a834751 23409 WOLFSSL_MSG("Bad arguments");
wolfSSL 11:cee25a834751 23410 return SSL_FAILURE;
wolfSSL 11:cee25a834751 23411 }
wolfSSL 11:cee25a834751 23412
wolfSSL 11:cee25a834751 23413 /* import private key */
wolfSSL 11:cee25a834751 23414 if (wc_curve25519_init(&privkey) != MP_OKAY) {
wolfSSL 11:cee25a834751 23415 WOLFSSL_MSG("wc_curve25519_init privkey failed");
wolfSSL 11:cee25a834751 23416 return ret;
wolfSSL 11:cee25a834751 23417 }
wolfSSL 11:cee25a834751 23418 if (wc_curve25519_import_private_ex(priv, privSz, &privkey,
wolfSSL 11:cee25a834751 23419 EC25519_LITTLE_ENDIAN) != MP_OKAY) {
wolfSSL 11:cee25a834751 23420 WOLFSSL_MSG("wc_curve25519_import_private_ex failed");
wolfSSL 11:cee25a834751 23421 wc_curve25519_free(&privkey);
wolfSSL 11:cee25a834751 23422 return ret;
wolfSSL 11:cee25a834751 23423 }
wolfSSL 11:cee25a834751 23424
wolfSSL 11:cee25a834751 23425 /* import public key */
wolfSSL 11:cee25a834751 23426 if (wc_curve25519_init(&pubkey) != MP_OKAY) {
wolfSSL 11:cee25a834751 23427 WOLFSSL_MSG("wc_curve25519_init pubkey failed");
wolfSSL 11:cee25a834751 23428 wc_curve25519_free(&privkey);
wolfSSL 11:cee25a834751 23429 return ret;
wolfSSL 11:cee25a834751 23430 }
wolfSSL 11:cee25a834751 23431 if (wc_curve25519_import_public_ex(pub, pubSz, &pubkey,
wolfSSL 11:cee25a834751 23432 EC25519_LITTLE_ENDIAN) != MP_OKAY) {
wolfSSL 11:cee25a834751 23433 WOLFSSL_MSG("wc_curve25519_import_public_ex failed");
wolfSSL 11:cee25a834751 23434 wc_curve25519_free(&privkey);
wolfSSL 11:cee25a834751 23435 wc_curve25519_free(&pubkey);
wolfSSL 11:cee25a834751 23436 return ret;
wolfSSL 11:cee25a834751 23437 }
wolfSSL 11:cee25a834751 23438
wolfSSL 11:cee25a834751 23439 if (wc_curve25519_shared_secret_ex(&privkey, &pubkey,
wolfSSL 11:cee25a834751 23440 shared, sharedSz,
wolfSSL 11:cee25a834751 23441 EC25519_LITTLE_ENDIAN) != MP_OKAY)
wolfSSL 11:cee25a834751 23442 WOLFSSL_MSG("wc_curve25519_shared_secret_ex failed");
wolfSSL 11:cee25a834751 23443 else
wolfSSL 11:cee25a834751 23444 ret = SSL_SUCCESS;
wolfSSL 11:cee25a834751 23445
wolfSSL 11:cee25a834751 23446 wc_curve25519_free(&privkey);
wolfSSL 11:cee25a834751 23447 wc_curve25519_free(&pubkey);
wolfSSL 11:cee25a834751 23448
wolfSSL 11:cee25a834751 23449 return ret;
wolfSSL 11:cee25a834751 23450 #endif /* WOLFSSL_KEY_GEN */
wolfSSL 11:cee25a834751 23451 }
wolfSSL 11:cee25a834751 23452 #endif /* OPENSSL_EXTRA && HAVE_CURVE25519 */
wolfSSL 11:cee25a834751 23453
wolfSSL 11:cee25a834751 23454 #if defined(OPENSSL_EXTRA) && defined(HAVE_ED25519)
wolfSSL 11:cee25a834751 23455 /* return 1 if success, 0 if error
wolfSSL 11:cee25a834751 23456 * output keys are little endian format
wolfSSL 11:cee25a834751 23457 */
wolfSSL 11:cee25a834751 23458 int wolfSSL_ED25519_generate_key(unsigned char *priv, unsigned int *privSz,
wolfSSL 11:cee25a834751 23459 unsigned char *pub, unsigned int *pubSz)
wolfSSL 11:cee25a834751 23460 {
wolfSSL 11:cee25a834751 23461 #ifndef WOLFSSL_KEY_GEN
wolfSSL 11:cee25a834751 23462 WOLFSSL_MSG("No Key Gen built in");
wolfSSL 11:cee25a834751 23463 (void) priv;
wolfSSL 11:cee25a834751 23464 (void) privSz;
wolfSSL 11:cee25a834751 23465 (void) pub;
wolfSSL 11:cee25a834751 23466 (void) pubSz;
wolfSSL 11:cee25a834751 23467 return SSL_FAILURE;
wolfSSL 11:cee25a834751 23468 #else /* WOLFSSL_KEY_GEN */
wolfSSL 11:cee25a834751 23469 int ret = SSL_FAILURE;
wolfSSL 11:cee25a834751 23470 int initTmpRng = 0;
wolfSSL 11:cee25a834751 23471 WC_RNG *rng = NULL;
wolfSSL 11:cee25a834751 23472 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 23473 WC_RNG *tmpRNG = NULL;
wolfSSL 11:cee25a834751 23474 #else
wolfSSL 11:cee25a834751 23475 WC_RNG tmpRNG[1];
wolfSSL 11:cee25a834751 23476 #endif
wolfSSL 11:cee25a834751 23477
wolfSSL 11:cee25a834751 23478 WOLFSSL_ENTER("wolfSSL_ED25519_generate_key");
wolfSSL 11:cee25a834751 23479
wolfSSL 11:cee25a834751 23480 if (priv == NULL || privSz == NULL || *privSz < ED25519_PRV_KEY_SIZE ||
wolfSSL 11:cee25a834751 23481 pub == NULL || pubSz == NULL || *pubSz < ED25519_PUB_KEY_SIZE) {
wolfSSL 11:cee25a834751 23482 WOLFSSL_MSG("Bad arguments");
wolfSSL 11:cee25a834751 23483 return SSL_FAILURE;
wolfSSL 11:cee25a834751 23484 }
wolfSSL 11:cee25a834751 23485
wolfSSL 11:cee25a834751 23486 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 23487 tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 23488 if (tmpRNG == NULL)
wolfSSL 11:cee25a834751 23489 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 23490 #endif
wolfSSL 11:cee25a834751 23491 if (wc_InitRng(tmpRNG) == 0) {
wolfSSL 11:cee25a834751 23492 rng = tmpRNG;
wolfSSL 11:cee25a834751 23493 initTmpRng = 1;
wolfSSL 11:cee25a834751 23494 }
wolfSSL 11:cee25a834751 23495 else {
wolfSSL 11:cee25a834751 23496 WOLFSSL_MSG("Bad RNG Init, trying global");
wolfSSL 11:cee25a834751 23497 if (initGlobalRNG == 0)
wolfSSL 11:cee25a834751 23498 WOLFSSL_MSG("Global RNG no Init");
wolfSSL 11:cee25a834751 23499 else
wolfSSL 11:cee25a834751 23500 rng = &globalRNG;
wolfSSL 11:cee25a834751 23501 }
wolfSSL 11:cee25a834751 23502
wolfSSL 11:cee25a834751 23503 if (rng) {
wolfSSL 11:cee25a834751 23504 ed25519_key key;
wolfSSL 11:cee25a834751 23505
wolfSSL 11:cee25a834751 23506 if (wc_ed25519_init(&key) != MP_OKAY)
wolfSSL 11:cee25a834751 23507 WOLFSSL_MSG("wc_ed25519_init failed");
wolfSSL 11:cee25a834751 23508 else if (wc_ed25519_make_key(rng, ED25519_KEY_SIZE, &key)!=MP_OKAY)
wolfSSL 11:cee25a834751 23509 WOLFSSL_MSG("wc_ed25519_make_key failed");
wolfSSL 11:cee25a834751 23510 /* export private key */
wolfSSL 11:cee25a834751 23511 else if (wc_ed25519_export_key(&key, priv, privSz, pub, pubSz)!=MP_OKAY)
wolfSSL 11:cee25a834751 23512 WOLFSSL_MSG("wc_ed25519_export_key failed");
wolfSSL 11:cee25a834751 23513 else
wolfSSL 11:cee25a834751 23514 ret = SSL_SUCCESS;
wolfSSL 11:cee25a834751 23515
wolfSSL 11:cee25a834751 23516 wc_ed25519_free(&key);
wolfSSL 11:cee25a834751 23517 }
wolfSSL 11:cee25a834751 23518
wolfSSL 11:cee25a834751 23519 if (initTmpRng)
wolfSSL 11:cee25a834751 23520 wc_FreeRng(tmpRNG);
wolfSSL 11:cee25a834751 23521
wolfSSL 11:cee25a834751 23522 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 23523 XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 23524 #endif
wolfSSL 11:cee25a834751 23525
wolfSSL 11:cee25a834751 23526 return ret;
wolfSSL 11:cee25a834751 23527 #endif /* WOLFSSL_KEY_GEN */
wolfSSL 11:cee25a834751 23528 }
wolfSSL 11:cee25a834751 23529
wolfSSL 11:cee25a834751 23530 /* return 1 if success, 0 if error
wolfSSL 11:cee25a834751 23531 * input and output keys are little endian format
wolfSSL 11:cee25a834751 23532 * priv is a buffer containing private and public part of key
wolfSSL 11:cee25a834751 23533 */
wolfSSL 11:cee25a834751 23534 int wolfSSL_ED25519_sign(const unsigned char *msg, unsigned int msgSz,
wolfSSL 11:cee25a834751 23535 const unsigned char *priv, unsigned int privSz,
wolfSSL 11:cee25a834751 23536 unsigned char *sig, unsigned int *sigSz)
wolfSSL 11:cee25a834751 23537 {
wolfSSL 11:cee25a834751 23538 #ifndef WOLFSSL_KEY_GEN
wolfSSL 11:cee25a834751 23539 WOLFSSL_MSG("No Key Gen built in");
wolfSSL 11:cee25a834751 23540 (void) msg;
wolfSSL 11:cee25a834751 23541 (void) msgSz;
wolfSSL 11:cee25a834751 23542 (void) priv;
wolfSSL 11:cee25a834751 23543 (void) privSz;
wolfSSL 11:cee25a834751 23544 (void) sig;
wolfSSL 11:cee25a834751 23545 (void) sigSz;
wolfSSL 11:cee25a834751 23546 return SSL_FAILURE;
wolfSSL 11:cee25a834751 23547 #else /* WOLFSSL_KEY_GEN */
wolfSSL 11:cee25a834751 23548 ed25519_key key;
wolfSSL 11:cee25a834751 23549 int ret = SSL_FAILURE;
wolfSSL 11:cee25a834751 23550
wolfSSL 11:cee25a834751 23551 WOLFSSL_ENTER("wolfSSL_ED25519_sign");
wolfSSL 11:cee25a834751 23552
wolfSSL 11:cee25a834751 23553 if (priv == NULL || privSz != ED25519_PRV_KEY_SIZE ||
wolfSSL 11:cee25a834751 23554 msg == NULL || sig == NULL || *sigSz < ED25519_SIG_SIZE) {
wolfSSL 11:cee25a834751 23555 WOLFSSL_MSG("Bad arguments");
wolfSSL 11:cee25a834751 23556 return SSL_FAILURE;
wolfSSL 11:cee25a834751 23557 }
wolfSSL 11:cee25a834751 23558
wolfSSL 11:cee25a834751 23559 /* import key */
wolfSSL 11:cee25a834751 23560 if (wc_ed25519_init(&key) != MP_OKAY) {
wolfSSL 11:cee25a834751 23561 WOLFSSL_MSG("wc_curve25519_init failed");
wolfSSL 11:cee25a834751 23562 return ret;
wolfSSL 11:cee25a834751 23563 }
wolfSSL 11:cee25a834751 23564 if (wc_ed25519_import_private_key(priv, privSz/2,
wolfSSL 11:cee25a834751 23565 priv+(privSz/2), ED25519_PUB_KEY_SIZE,
wolfSSL 11:cee25a834751 23566 &key) != MP_OKAY){
wolfSSL 11:cee25a834751 23567 WOLFSSL_MSG("wc_ed25519_import_private failed");
wolfSSL 11:cee25a834751 23568 wc_ed25519_free(&key);
wolfSSL 11:cee25a834751 23569 return ret;
wolfSSL 11:cee25a834751 23570 }
wolfSSL 11:cee25a834751 23571
wolfSSL 11:cee25a834751 23572 if (wc_ed25519_sign_msg(msg, msgSz, sig, sigSz, &key) != MP_OKAY)
wolfSSL 11:cee25a834751 23573 WOLFSSL_MSG("wc_curve25519_shared_secret_ex failed");
wolfSSL 11:cee25a834751 23574 else
wolfSSL 11:cee25a834751 23575 ret = SSL_SUCCESS;
wolfSSL 11:cee25a834751 23576
wolfSSL 11:cee25a834751 23577 wc_ed25519_free(&key);
wolfSSL 11:cee25a834751 23578
wolfSSL 11:cee25a834751 23579 return ret;
wolfSSL 11:cee25a834751 23580 #endif /* WOLFSSL_KEY_GEN */
wolfSSL 11:cee25a834751 23581 }
wolfSSL 11:cee25a834751 23582
wolfSSL 11:cee25a834751 23583 /* return 1 if success, 0 if error
wolfSSL 11:cee25a834751 23584 * input and output keys are little endian format
wolfSSL 11:cee25a834751 23585 * pub is a buffer containing public part of key
wolfSSL 11:cee25a834751 23586 */
wolfSSL 11:cee25a834751 23587 int wolfSSL_ED25519_verify(const unsigned char *msg, unsigned int msgSz,
wolfSSL 11:cee25a834751 23588 const unsigned char *pub, unsigned int pubSz,
wolfSSL 11:cee25a834751 23589 const unsigned char *sig, unsigned int sigSz)
wolfSSL 11:cee25a834751 23590 {
wolfSSL 11:cee25a834751 23591 #ifndef WOLFSSL_KEY_GEN
wolfSSL 11:cee25a834751 23592 WOLFSSL_MSG("No Key Gen built in");
wolfSSL 11:cee25a834751 23593 (void) msg;
wolfSSL 11:cee25a834751 23594 (void) msgSz;
wolfSSL 11:cee25a834751 23595 (void) pub;
wolfSSL 11:cee25a834751 23596 (void) pubSz;
wolfSSL 11:cee25a834751 23597 (void) sig;
wolfSSL 11:cee25a834751 23598 (void) sigSz;
wolfSSL 11:cee25a834751 23599 return SSL_FAILURE;
wolfSSL 11:cee25a834751 23600 #else /* WOLFSSL_KEY_GEN */
wolfSSL 11:cee25a834751 23601 ed25519_key key;
wolfSSL 11:cee25a834751 23602 int ret = SSL_FAILURE, check = 0;
wolfSSL 11:cee25a834751 23603
wolfSSL 11:cee25a834751 23604 WOLFSSL_ENTER("wolfSSL_ED25519_verify");
wolfSSL 11:cee25a834751 23605
wolfSSL 11:cee25a834751 23606 if (pub == NULL || pubSz != ED25519_PUB_KEY_SIZE ||
wolfSSL 11:cee25a834751 23607 msg == NULL || sig == NULL || sigSz != ED25519_SIG_SIZE) {
wolfSSL 11:cee25a834751 23608 WOLFSSL_MSG("Bad arguments");
wolfSSL 11:cee25a834751 23609 return SSL_FAILURE;
wolfSSL 11:cee25a834751 23610 }
wolfSSL 11:cee25a834751 23611
wolfSSL 11:cee25a834751 23612 /* import key */
wolfSSL 11:cee25a834751 23613 if (wc_ed25519_init(&key) != MP_OKAY) {
wolfSSL 11:cee25a834751 23614 WOLFSSL_MSG("wc_curve25519_init failed");
wolfSSL 11:cee25a834751 23615 return ret;
wolfSSL 11:cee25a834751 23616 }
wolfSSL 11:cee25a834751 23617 if (wc_ed25519_import_public(pub, pubSz, &key) != MP_OKAY){
wolfSSL 11:cee25a834751 23618 WOLFSSL_MSG("wc_ed25519_import_public failed");
wolfSSL 11:cee25a834751 23619 wc_ed25519_free(&key);
wolfSSL 11:cee25a834751 23620 return ret;
wolfSSL 11:cee25a834751 23621 }
wolfSSL 11:cee25a834751 23622
wolfSSL 11:cee25a834751 23623 if ((ret = wc_ed25519_verify_msg((byte*)sig, sigSz, msg, msgSz,
wolfSSL 11:cee25a834751 23624 &check, &key)) != MP_OKAY) {
wolfSSL 11:cee25a834751 23625 WOLFSSL_MSG("wc_ed25519_verify_msg failed");
wolfSSL 11:cee25a834751 23626 }
wolfSSL 11:cee25a834751 23627 else if (!check)
wolfSSL 11:cee25a834751 23628 WOLFSSL_MSG("wc_ed25519_verify_msg failed (signature invalid)");
wolfSSL 11:cee25a834751 23629 else
wolfSSL 11:cee25a834751 23630 ret = SSL_SUCCESS;
wolfSSL 11:cee25a834751 23631
wolfSSL 11:cee25a834751 23632 wc_ed25519_free(&key);
wolfSSL 11:cee25a834751 23633
wolfSSL 11:cee25a834751 23634 return ret;
wolfSSL 11:cee25a834751 23635 #endif /* WOLFSSL_KEY_GEN */
wolfSSL 11:cee25a834751 23636 }
wolfSSL 11:cee25a834751 23637
wolfSSL 11:cee25a834751 23638 #endif /* OPENSSL_EXTRA && HAVE_ED25519 */
wolfSSL 11:cee25a834751 23639
wolfSSL 11:cee25a834751 23640 #ifdef WOLFSSL_JNI
wolfSSL 11:cee25a834751 23641
wolfSSL 11:cee25a834751 23642 int wolfSSL_set_jobject(WOLFSSL* ssl, void* objPtr)
wolfSSL 11:cee25a834751 23643 {
wolfSSL 11:cee25a834751 23644 WOLFSSL_ENTER("wolfSSL_set_jobject");
wolfSSL 11:cee25a834751 23645 if (ssl != NULL)
wolfSSL 11:cee25a834751 23646 {
wolfSSL 11:cee25a834751 23647 ssl->jObjectRef = objPtr;
wolfSSL 11:cee25a834751 23648 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 23649 }
wolfSSL 11:cee25a834751 23650 return SSL_FAILURE;
wolfSSL 11:cee25a834751 23651 }
wolfSSL 11:cee25a834751 23652
wolfSSL 11:cee25a834751 23653 void* wolfSSL_get_jobject(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 23654 {
wolfSSL 11:cee25a834751 23655 WOLFSSL_ENTER("wolfSSL_get_jobject");
wolfSSL 11:cee25a834751 23656 if (ssl != NULL)
wolfSSL 11:cee25a834751 23657 return ssl->jObjectRef;
wolfSSL 11:cee25a834751 23658 return NULL;
wolfSSL 11:cee25a834751 23659 }
wolfSSL 11:cee25a834751 23660
wolfSSL 11:cee25a834751 23661 #endif /* WOLFSSL_JNI */
wolfSSL 11:cee25a834751 23662
wolfSSL 11:cee25a834751 23663
wolfSSL 11:cee25a834751 23664 #ifdef WOLFSSL_ASYNC_CRYPT
wolfSSL 11:cee25a834751 23665 int wolfSSL_CTX_AsyncPoll(WOLFSSL_CTX* ctx, WOLF_EVENT** events, int maxEvents,
wolfSSL 11:cee25a834751 23666 WOLF_EVENT_FLAG flags, int* eventCount)
wolfSSL 11:cee25a834751 23667 {
wolfSSL 11:cee25a834751 23668 if (ctx == NULL) {
wolfSSL 11:cee25a834751 23669 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 23670 }
wolfSSL 11:cee25a834751 23671
wolfSSL 11:cee25a834751 23672 return wolfAsync_EventQueuePoll(&ctx->event_queue, NULL,
wolfSSL 11:cee25a834751 23673 events, maxEvents, flags, eventCount);
wolfSSL 11:cee25a834751 23674 }
wolfSSL 11:cee25a834751 23675
wolfSSL 11:cee25a834751 23676 int wolfSSL_AsyncPoll(WOLFSSL* ssl, WOLF_EVENT_FLAG flags)
wolfSSL 11:cee25a834751 23677 {
wolfSSL 11:cee25a834751 23678 int ret, eventCount = 0;
wolfSSL 11:cee25a834751 23679 WOLF_EVENT* events[1];
wolfSSL 11:cee25a834751 23680
wolfSSL 11:cee25a834751 23681 if (ssl == NULL) {
wolfSSL 11:cee25a834751 23682 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 23683 }
wolfSSL 11:cee25a834751 23684
wolfSSL 11:cee25a834751 23685 ret = wolfAsync_EventQueuePoll(&ssl->ctx->event_queue, ssl,
wolfSSL 11:cee25a834751 23686 events, sizeof(events)/sizeof(events), flags, &eventCount);
wolfSSL 11:cee25a834751 23687 if (ret == 0) {
wolfSSL 11:cee25a834751 23688 ret = eventCount;
wolfSSL 11:cee25a834751 23689 }
wolfSSL 11:cee25a834751 23690
wolfSSL 11:cee25a834751 23691 return ret;
wolfSSL 11:cee25a834751 23692 }
wolfSSL 11:cee25a834751 23693
wolfSSL 11:cee25a834751 23694 #endif /* WOLFSSL_ASYNC_CRYPT */
wolfSSL 11:cee25a834751 23695
wolfSSL 11:cee25a834751 23696 #ifdef OPENSSL_EXTRA
wolfSSL 11:cee25a834751 23697 unsigned long wolfSSL_ERR_peek_error_line_data(const char **file, int *line,
wolfSSL 11:cee25a834751 23698 const char **data, int *flags)
wolfSSL 11:cee25a834751 23699 {
wolfSSL 11:cee25a834751 23700 WOLFSSL_ENTER("wolfSSL_ERR_peek_error_line_data");
wolfSSL 11:cee25a834751 23701
wolfSSL 11:cee25a834751 23702 (void)line;
wolfSSL 11:cee25a834751 23703 (void)file;
wolfSSL 11:cee25a834751 23704
wolfSSL 11:cee25a834751 23705 /* No data or flags stored - error display only in Nginx. */
wolfSSL 11:cee25a834751 23706 if (data != NULL) {
wolfSSL 11:cee25a834751 23707 *data = "";
wolfSSL 11:cee25a834751 23708 }
wolfSSL 11:cee25a834751 23709 if (flags != NULL) {
wolfSSL 11:cee25a834751 23710 *flags = 0;
wolfSSL 11:cee25a834751 23711 }
wolfSSL 11:cee25a834751 23712
wolfSSL 11:cee25a834751 23713 #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
wolfSSL 11:cee25a834751 23714 {
wolfSSL 11:cee25a834751 23715 int ret = 0;
wolfSSL 11:cee25a834751 23716
wolfSSL 11:cee25a834751 23717 while (1) {
wolfSSL 11:cee25a834751 23718 if ((ret = wc_PeekErrorNode(-1, file, NULL, line)) < 0) {
wolfSSL 11:cee25a834751 23719 WOLFSSL_MSG("Issue peeking at error node in queue");
wolfSSL 11:cee25a834751 23720 return 0;
wolfSSL 11:cee25a834751 23721 }
wolfSSL 11:cee25a834751 23722 ret = -ret;
wolfSSL 11:cee25a834751 23723
wolfSSL 11:cee25a834751 23724 if (ret == SSL_NO_PEM_HEADER)
wolfSSL 11:cee25a834751 23725 return (ERR_LIB_PEM << 24) | PEM_R_NO_START_LINE;
wolfSSL 11:cee25a834751 23726 if (ret != WANT_READ && ret != WANT_WRITE &&
wolfSSL 11:cee25a834751 23727 ret != ZERO_RETURN && ret != SSL_ERROR_ZERO_RETURN &&
wolfSSL 11:cee25a834751 23728 ret != SOCKET_PEER_CLOSED_E && ret != SOCKET_ERROR_E)
wolfSSL 11:cee25a834751 23729 break;
wolfSSL 11:cee25a834751 23730
wolfSSL 11:cee25a834751 23731 wc_RemoveErrorNode(-1);
wolfSSL 11:cee25a834751 23732 }
wolfSSL 11:cee25a834751 23733
wolfSSL 11:cee25a834751 23734 return (unsigned long)ret;
wolfSSL 11:cee25a834751 23735 }
wolfSSL 11:cee25a834751 23736 #else
wolfSSL 11:cee25a834751 23737 return (unsigned long)(0 - NOT_COMPILED_IN);
wolfSSL 11:cee25a834751 23738 #endif
wolfSSL 11:cee25a834751 23739 }
wolfSSL 11:cee25a834751 23740 #endif
wolfSSL 11:cee25a834751 23741
wolfSSL 11:cee25a834751 23742 #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
wolfSSL 11:cee25a834751 23743
wolfSSL 11:cee25a834751 23744 STACK_OF(WOLFSSL_CIPHER) *wolfSSL_get_ciphers_compat(const WOLFSSL *ssl)
wolfSSL 11:cee25a834751 23745 {
wolfSSL 11:cee25a834751 23746 (void)ssl;
wolfSSL 11:cee25a834751 23747 WOLFSSL_STUB("wolfSSL_get_ciphers_compat");
wolfSSL 11:cee25a834751 23748 return NULL;
wolfSSL 11:cee25a834751 23749 }
wolfSSL 11:cee25a834751 23750
wolfSSL 11:cee25a834751 23751 void wolfSSL_OPENSSL_config(char *config_name)
wolfSSL 11:cee25a834751 23752 {
wolfSSL 11:cee25a834751 23753 WOLFSSL_STUB("wolfSSL_OPENSSL_config");
wolfSSL 11:cee25a834751 23754 (void)config_name;
wolfSSL 11:cee25a834751 23755 }
wolfSSL 11:cee25a834751 23756
wolfSSL 11:cee25a834751 23757 int wolfSSL_X509_get_ex_new_index(int idx, void *arg, void *a, void *b, void *c)
wolfSSL 11:cee25a834751 23758 {
wolfSSL 11:cee25a834751 23759 static int x509_idx = 0;
wolfSSL 11:cee25a834751 23760
wolfSSL 11:cee25a834751 23761 WOLFSSL_ENTER("wolfSSL_X509_get_ex_new_index");
wolfSSL 11:cee25a834751 23762 (void)idx;
wolfSSL 11:cee25a834751 23763 (void)arg;
wolfSSL 11:cee25a834751 23764 (void)a;
wolfSSL 11:cee25a834751 23765 (void)b;
wolfSSL 11:cee25a834751 23766 (void)c;
wolfSSL 11:cee25a834751 23767
wolfSSL 11:cee25a834751 23768 return x509_idx++;
wolfSSL 11:cee25a834751 23769 }
wolfSSL 11:cee25a834751 23770
wolfSSL 11:cee25a834751 23771 void *wolfSSL_X509_get_ex_data(X509 *x509, int idx)
wolfSSL 11:cee25a834751 23772 {
wolfSSL 11:cee25a834751 23773 WOLFSSL_ENTER("wolfSSL_X509_get_ex_data");
wolfSSL 11:cee25a834751 23774 #ifdef HAVE_EX_DATA
wolfSSL 11:cee25a834751 23775 if (x509 != NULL && idx < MAX_EX_DATA && idx >= 0) {
wolfSSL 11:cee25a834751 23776 return x509->ex_data[idx];
wolfSSL 11:cee25a834751 23777 }
wolfSSL 11:cee25a834751 23778 #else
wolfSSL 11:cee25a834751 23779 (void)x509;
wolfSSL 11:cee25a834751 23780 (void)idx;
wolfSSL 11:cee25a834751 23781 #endif
wolfSSL 11:cee25a834751 23782 return NULL;
wolfSSL 11:cee25a834751 23783 }
wolfSSL 11:cee25a834751 23784 int wolfSSL_X509_set_ex_data(X509 *x509, int idx, void *data)
wolfSSL 11:cee25a834751 23785 {
wolfSSL 11:cee25a834751 23786 WOLFSSL_ENTER("wolfSSL_X509_set_ex_data");
wolfSSL 11:cee25a834751 23787 #ifdef HAVE_EX_DATA
wolfSSL 11:cee25a834751 23788 if (x509 != NULL && idx < MAX_EX_DATA)
wolfSSL 11:cee25a834751 23789 {
wolfSSL 11:cee25a834751 23790 x509->ex_data[idx] = data;
wolfSSL 11:cee25a834751 23791 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 23792 }
wolfSSL 11:cee25a834751 23793 #else
wolfSSL 11:cee25a834751 23794 (void)x509;
wolfSSL 11:cee25a834751 23795 (void)idx;
wolfSSL 11:cee25a834751 23796 (void)data;
wolfSSL 11:cee25a834751 23797 #endif
wolfSSL 11:cee25a834751 23798 return SSL_FAILURE;
wolfSSL 11:cee25a834751 23799 }
wolfSSL 11:cee25a834751 23800 int wolfSSL_X509_NAME_digest(const WOLFSSL_X509_NAME *name,
wolfSSL 11:cee25a834751 23801 const WOLFSSL_EVP_MD *type, unsigned char *md, unsigned int *len)
wolfSSL 11:cee25a834751 23802 {
wolfSSL 11:cee25a834751 23803 WOLFSSL_ENTER("wolfSSL_X509_NAME_digest");
wolfSSL 11:cee25a834751 23804
wolfSSL 11:cee25a834751 23805 if (name == NULL || type == NULL)
wolfSSL 11:cee25a834751 23806 return SSL_FAILURE;
wolfSSL 11:cee25a834751 23807
wolfSSL 11:cee25a834751 23808 return wolfSSL_EVP_Digest((unsigned char*)name->fullName.fullName,
wolfSSL 11:cee25a834751 23809 name->fullName.fullNameLen, md, len, type, NULL);
wolfSSL 11:cee25a834751 23810 }
wolfSSL 11:cee25a834751 23811
wolfSSL 11:cee25a834751 23812 long wolfSSL_SSL_CTX_get_timeout(const WOLFSSL_CTX *ctx)
wolfSSL 11:cee25a834751 23813 {
wolfSSL 11:cee25a834751 23814 WOLFSSL_ENTER("wolfSSL_SSL_CTX_get_timeout");
wolfSSL 11:cee25a834751 23815
wolfSSL 11:cee25a834751 23816 if (ctx == NULL)
wolfSSL 11:cee25a834751 23817 return 0;
wolfSSL 11:cee25a834751 23818
wolfSSL 11:cee25a834751 23819 return ctx->timeout;
wolfSSL 11:cee25a834751 23820 }
wolfSSL 11:cee25a834751 23821
wolfSSL 11:cee25a834751 23822 #ifdef HAVE_ECC
wolfSSL 11:cee25a834751 23823 int wolfSSL_SSL_CTX_set_tmp_ecdh(WOLFSSL_CTX *ctx, WOLFSSL_EC_KEY *ecdh)
wolfSSL 11:cee25a834751 23824 {
wolfSSL 11:cee25a834751 23825 WOLFSSL_ENTER("wolfSSL_SSL_CTX_set_tmp_ecdh");
wolfSSL 11:cee25a834751 23826
wolfSSL 11:cee25a834751 23827 if (ctx == NULL || ecdh == NULL)
wolfSSL 11:cee25a834751 23828 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 23829
wolfSSL 11:cee25a834751 23830 ctx->ecdhCurveOID = ecdh->group->curve_oid;
wolfSSL 11:cee25a834751 23831
wolfSSL 11:cee25a834751 23832 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 23833 }
wolfSSL 11:cee25a834751 23834 #endif
wolfSSL 11:cee25a834751 23835
wolfSSL 11:cee25a834751 23836 /* Assumes that the session passed in is from the cache. */
wolfSSL 11:cee25a834751 23837 int wolfSSL_SSL_CTX_remove_session(WOLFSSL_CTX *ctx, WOLFSSL_SESSION *s)
wolfSSL 11:cee25a834751 23838 {
wolfSSL 11:cee25a834751 23839 WOLFSSL_ENTER("wolfSSL_SSL_CTX_remove_session");
wolfSSL 11:cee25a834751 23840
wolfSSL 11:cee25a834751 23841 if (ctx == NULL || s == NULL)
wolfSSL 11:cee25a834751 23842 return BAD_FUNC_ARG;
wolfSSL 11:cee25a834751 23843
wolfSSL 11:cee25a834751 23844 #ifdef HAVE_EXT_CACHE
wolfSSL 11:cee25a834751 23845 if (!ctx->internalCacheOff)
wolfSSL 11:cee25a834751 23846 #endif
wolfSSL 11:cee25a834751 23847 {
wolfSSL 11:cee25a834751 23848 /* Don't remove session just timeout session. */
wolfSSL 11:cee25a834751 23849 s->timeout = 0;
wolfSSL 11:cee25a834751 23850 }
wolfSSL 11:cee25a834751 23851
wolfSSL 11:cee25a834751 23852 #ifdef HAVE_EXT_CACHE
wolfSSL 11:cee25a834751 23853 if (ctx->rem_sess_cb != NULL)
wolfSSL 11:cee25a834751 23854 ctx->rem_sess_cb(ctx, s);
wolfSSL 11:cee25a834751 23855 #endif
wolfSSL 11:cee25a834751 23856
wolfSSL 11:cee25a834751 23857 return 0;
wolfSSL 11:cee25a834751 23858 }
wolfSSL 11:cee25a834751 23859
wolfSSL 11:cee25a834751 23860 BIO *wolfSSL_SSL_get_rbio(const WOLFSSL *s)
wolfSSL 11:cee25a834751 23861 {
wolfSSL 11:cee25a834751 23862 WOLFSSL_ENTER("wolfSSL_SSL_get_rbio");
wolfSSL 11:cee25a834751 23863 (void)s;
wolfSSL 11:cee25a834751 23864 /* Nginx sets the buffer size if the read BIO is different to write BIO.
wolfSSL 11:cee25a834751 23865 * The setting buffer size doesn't do anything so return NULL for both.
wolfSSL 11:cee25a834751 23866 */
wolfSSL 11:cee25a834751 23867 return NULL;
wolfSSL 11:cee25a834751 23868 }
wolfSSL 11:cee25a834751 23869 BIO *wolfSSL_SSL_get_wbio(const WOLFSSL *s)
wolfSSL 11:cee25a834751 23870 {
wolfSSL 11:cee25a834751 23871 WOLFSSL_ENTER("wolfSSL_SSL_get_wbio");
wolfSSL 11:cee25a834751 23872 (void)s;
wolfSSL 11:cee25a834751 23873 /* Nginx sets the buffer size if the read BIO is different to write BIO.
wolfSSL 11:cee25a834751 23874 * The setting buffer size doesn't do anything so return NULL for both.
wolfSSL 11:cee25a834751 23875 */
wolfSSL 11:cee25a834751 23876 return NULL;
wolfSSL 11:cee25a834751 23877 }
wolfSSL 11:cee25a834751 23878
wolfSSL 11:cee25a834751 23879 int wolfSSL_SSL_do_handshake(WOLFSSL *s)
wolfSSL 11:cee25a834751 23880 {
wolfSSL 11:cee25a834751 23881 WOLFSSL_ENTER("wolfSSL_SSL_do_handshake");
wolfSSL 11:cee25a834751 23882
wolfSSL 11:cee25a834751 23883 if (s == NULL)
wolfSSL 11:cee25a834751 23884 return SSL_FAILURE;
wolfSSL 11:cee25a834751 23885
wolfSSL 11:cee25a834751 23886 if (s->options.side == WOLFSSL_CLIENT_END)
wolfSSL 11:cee25a834751 23887 return wolfSSL_connect(s);
wolfSSL 11:cee25a834751 23888 return wolfSSL_accept(s);
wolfSSL 11:cee25a834751 23889 }
wolfSSL 11:cee25a834751 23890
wolfSSL 11:cee25a834751 23891 int wolfSSL_SSL_in_init(WOLFSSL *s)
wolfSSL 11:cee25a834751 23892 {
wolfSSL 11:cee25a834751 23893 WOLFSSL_ENTER("wolfSSL_SSL_in_init");
wolfSSL 11:cee25a834751 23894
wolfSSL 11:cee25a834751 23895 if (s == NULL)
wolfSSL 11:cee25a834751 23896 return SSL_FAILURE;
wolfSSL 11:cee25a834751 23897
wolfSSL 11:cee25a834751 23898 if (s->options.side == WOLFSSL_CLIENT_END)
wolfSSL 11:cee25a834751 23899 return s->options.connectState < SECOND_REPLY_DONE;
wolfSSL 11:cee25a834751 23900 return s->options.acceptState < ACCEPT_THIRD_REPLY_DONE;
wolfSSL 11:cee25a834751 23901 }
wolfSSL 11:cee25a834751 23902
wolfSSL 11:cee25a834751 23903 WOLFSSL_SESSION *wolfSSL_SSL_get0_session(const WOLFSSL *ssl)
wolfSSL 11:cee25a834751 23904 {
wolfSSL 11:cee25a834751 23905 WOLFSSL_SESSION *session;
wolfSSL 11:cee25a834751 23906
wolfSSL 11:cee25a834751 23907 WOLFSSL_ENTER("wolfSSL_SSL_get0_session");
wolfSSL 11:cee25a834751 23908
wolfSSL 11:cee25a834751 23909 if (ssl == NULL) {
wolfSSL 11:cee25a834751 23910 return NULL;
wolfSSL 11:cee25a834751 23911 }
wolfSSL 11:cee25a834751 23912
wolfSSL 11:cee25a834751 23913 session = wolfSSL_get_session((WOLFSSL*)ssl);
wolfSSL 11:cee25a834751 23914
wolfSSL 11:cee25a834751 23915 #ifdef HAVE_EXT_CACHE
wolfSSL 11:cee25a834751 23916 ((WOLFSSL*)ssl)->extSession = session;
wolfSSL 11:cee25a834751 23917 #endif
wolfSSL 11:cee25a834751 23918
wolfSSL 11:cee25a834751 23919 return session;
wolfSSL 11:cee25a834751 23920 }
wolfSSL 11:cee25a834751 23921
wolfSSL 11:cee25a834751 23922 int wolfSSL_X509_check_host(X509 *x, const char *chk, size_t chklen,
wolfSSL 11:cee25a834751 23923 unsigned int flags, char **peername)
wolfSSL 11:cee25a834751 23924 {
wolfSSL 11:cee25a834751 23925 int ret;
wolfSSL 11:cee25a834751 23926 DecodedCert dCert;
wolfSSL 11:cee25a834751 23927
wolfSSL 11:cee25a834751 23928 WOLFSSL_ENTER("wolfSSL_X509_check_host");
wolfSSL 11:cee25a834751 23929
wolfSSL 11:cee25a834751 23930 /* flags and peername not needed for Nginx. */
wolfSSL 11:cee25a834751 23931 (void)flags;
wolfSSL 11:cee25a834751 23932 (void)peername;
wolfSSL 11:cee25a834751 23933
wolfSSL 11:cee25a834751 23934 InitDecodedCert(&dCert, x->derCert->buffer, x->derCert->length, NULL);
wolfSSL 11:cee25a834751 23935 ret = ParseCertRelative(&dCert, CERT_TYPE, 0, NULL);
wolfSSL 11:cee25a834751 23936 if (ret != 0)
wolfSSL 11:cee25a834751 23937 return SSL_FAILURE;
wolfSSL 11:cee25a834751 23938
wolfSSL 11:cee25a834751 23939 ret = CheckHostName(&dCert, (char *)chk, chklen);
wolfSSL 11:cee25a834751 23940 FreeDecodedCert(&dCert);
wolfSSL 11:cee25a834751 23941 if (ret != 0)
wolfSSL 11:cee25a834751 23942 return SSL_FAILURE;
wolfSSL 11:cee25a834751 23943 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 23944 }
wolfSSL 11:cee25a834751 23945
wolfSSL 11:cee25a834751 23946 int wolfSSL_i2a_ASN1_INTEGER(BIO *bp, const WOLFSSL_ASN1_INTEGER *a)
wolfSSL 11:cee25a834751 23947 {
wolfSSL 11:cee25a834751 23948 static char num[16] = { '0', '1', '2', '3', '4', '5', '6', '7',
wolfSSL 11:cee25a834751 23949 '8', '9', 'a', 'b', 'c', 'd', 'e', 'f' };
wolfSSL 11:cee25a834751 23950 int i;
wolfSSL 11:cee25a834751 23951 word32 j;
wolfSSL 11:cee25a834751 23952 word32 len = 0;
wolfSSL 11:cee25a834751 23953
wolfSSL 11:cee25a834751 23954 WOLFSSL_ENTER("wolfSSL_i2a_ASN1_INTEGER");
wolfSSL 11:cee25a834751 23955
wolfSSL 11:cee25a834751 23956 if (bp == NULL || a == NULL)
wolfSSL 11:cee25a834751 23957 return SSL_FAILURE;
wolfSSL 11:cee25a834751 23958
wolfSSL 11:cee25a834751 23959 /* Skip ASN.1 INTEGER (type) byte. */
wolfSSL 11:cee25a834751 23960 i = 1;
wolfSSL 11:cee25a834751 23961 /* When indefinte length, can't determine length with data available. */
wolfSSL 11:cee25a834751 23962 if (a->data[i] == 0x80)
wolfSSL 11:cee25a834751 23963 return 0;
wolfSSL 11:cee25a834751 23964 /* One length byte if less than 0x80. */
wolfSSL 11:cee25a834751 23965 if (a->data[i] < 0x80)
wolfSSL 11:cee25a834751 23966 len = a->data[i++];
wolfSSL 11:cee25a834751 23967 /* Multiple length byte if greater than 0x80. */
wolfSSL 11:cee25a834751 23968 else if (a->data[i] > 0x80) {
wolfSSL 11:cee25a834751 23969 switch (a->data[i++] - 0x80) {
wolfSSL 11:cee25a834751 23970 case 4:
wolfSSL 11:cee25a834751 23971 len |= a->data[i++] << 24;
wolfSSL 11:cee25a834751 23972 case 3:
wolfSSL 11:cee25a834751 23973 len |= a->data[i++] << 16;
wolfSSL 11:cee25a834751 23974 case 2:
wolfSSL 11:cee25a834751 23975 len |= a->data[i++] << 8;
wolfSSL 11:cee25a834751 23976 case 1:
wolfSSL 11:cee25a834751 23977 len |= a->data[i++];
wolfSSL 11:cee25a834751 23978 break;
wolfSSL 11:cee25a834751 23979 default:
wolfSSL 11:cee25a834751 23980 /* Not supporting greater than 4 bytes of length. */
wolfSSL 11:cee25a834751 23981 return 0;
wolfSSL 11:cee25a834751 23982 }
wolfSSL 11:cee25a834751 23983 }
wolfSSL 11:cee25a834751 23984
wolfSSL 11:cee25a834751 23985 /* Zero length integer is the value zero. */
wolfSSL 11:cee25a834751 23986 if (len == 0) {
wolfSSL 11:cee25a834751 23987 wolfSSL_BIO_write(bp, "00", 2);
wolfSSL 11:cee25a834751 23988 return 2;
wolfSSL 11:cee25a834751 23989 }
wolfSSL 11:cee25a834751 23990
wolfSSL 11:cee25a834751 23991 /* Don't do negative - just write out every byte. */
wolfSSL 11:cee25a834751 23992 for (j = 0; j < len; i++,j++) {
wolfSSL 11:cee25a834751 23993 wolfSSL_BIO_write(bp, &num[a->data[i] >> 4], 1);
wolfSSL 11:cee25a834751 23994 wolfSSL_BIO_write(bp, &num[a->data[i] & 0xf], 1);
wolfSSL 11:cee25a834751 23995 }
wolfSSL 11:cee25a834751 23996
wolfSSL 11:cee25a834751 23997 /* Two nibbles written for each byte. */
wolfSSL 11:cee25a834751 23998 return len * 2;
wolfSSL 11:cee25a834751 23999 }
wolfSSL 11:cee25a834751 24000
wolfSSL 11:cee25a834751 24001
wolfSSL 11:cee25a834751 24002 #ifdef HAVE_SESSION_TICKET
wolfSSL 11:cee25a834751 24003 /* Expected return values from implementations of OpenSSL ticket key callback.
wolfSSL 11:cee25a834751 24004 */
wolfSSL 11:cee25a834751 24005 #define TICKET_KEY_CB_RET_FAILURE -1
wolfSSL 11:cee25a834751 24006 #define TICKET_KEY_CB_RET_NOT_FOUND 0
wolfSSL 11:cee25a834751 24007 #define TICKET_KEY_CB_RET_OK 1
wolfSSL 11:cee25a834751 24008 #define TICKET_KEY_CB_RET_RENEW 2
wolfSSL 11:cee25a834751 24009
wolfSSL 11:cee25a834751 24010 /* The ticket key callback as used in OpenSSL is stored here. */
wolfSSL 11:cee25a834751 24011 static int (*ticketKeyCb)(WOLFSSL *ssl, unsigned char *name, unsigned char *iv,
wolfSSL 11:cee25a834751 24012 WOLFSSL_EVP_CIPHER_CTX *ectx, WOLFSSL_HMAC_CTX *hctx, int enc) = NULL;
wolfSSL 11:cee25a834751 24013
wolfSSL 11:cee25a834751 24014 /* Implementation of session ticket encryption/decryption using OpenSSL
wolfSSL 11:cee25a834751 24015 * callback to initialize the cipher and HMAC.
wolfSSL 11:cee25a834751 24016 *
wolfSSL 11:cee25a834751 24017 * ssl The SSL/TLS object.
wolfSSL 11:cee25a834751 24018 * keyName The key name - used to identify the key to be used.
wolfSSL 11:cee25a834751 24019 * iv The IV to use.
wolfSSL 11:cee25a834751 24020 * mac The MAC of the encrypted data.
wolfSSL 11:cee25a834751 24021 * enc Encrypt ticket.
wolfSSL 11:cee25a834751 24022 * encTicket The ticket data.
wolfSSL 11:cee25a834751 24023 * encTicketLen The length of the ticket data.
wolfSSL 11:cee25a834751 24024 * encLen The encrypted/decrypted ticket length - output length.
wolfSSL 11:cee25a834751 24025 * ctx Ignored. Application specific data.
wolfSSL 11:cee25a834751 24026 * returns WOLFSSL_TICKET_RET_OK to indicate success,
wolfSSL 11:cee25a834751 24027 * WOLFSSL_TICKET_RET_CREATE if a new ticket is required and
wolfSSL 11:cee25a834751 24028 * WOLFSSL_TICKET_RET_FATAL on error.
wolfSSL 11:cee25a834751 24029 */
wolfSSL 11:cee25a834751 24030 static int wolfSSL_TicketKeyCb(WOLFSSL* ssl,
wolfSSL 11:cee25a834751 24031 unsigned char keyName[WOLFSSL_TICKET_NAME_SZ],
wolfSSL 11:cee25a834751 24032 unsigned char iv[WOLFSSL_TICKET_IV_SZ],
wolfSSL 11:cee25a834751 24033 unsigned char mac[WOLFSSL_TICKET_MAC_SZ],
wolfSSL 11:cee25a834751 24034 int enc, unsigned char* encTicket,
wolfSSL 11:cee25a834751 24035 int encTicketLen, int* encLen, void* ctx)
wolfSSL 11:cee25a834751 24036 {
wolfSSL 11:cee25a834751 24037 byte digest[MAX_DIGEST_SIZE];
wolfSSL 11:cee25a834751 24038 WOLFSSL_EVP_CIPHER_CTX evpCtx;
wolfSSL 11:cee25a834751 24039 WOLFSSL_HMAC_CTX hmacCtx;
wolfSSL 11:cee25a834751 24040 unsigned int mdSz = 0;
wolfSSL 11:cee25a834751 24041 int len = 0;
wolfSSL 11:cee25a834751 24042 int ret = WOLFSSL_TICKET_RET_FATAL;
wolfSSL 11:cee25a834751 24043 int res;
wolfSSL 11:cee25a834751 24044
wolfSSL 11:cee25a834751 24045 (void)ctx;
wolfSSL 11:cee25a834751 24046
wolfSSL 11:cee25a834751 24047 if (ticketKeyCb == NULL)
wolfSSL 11:cee25a834751 24048 return WOLFSSL_TICKET_RET_FATAL;
wolfSSL 11:cee25a834751 24049
wolfSSL 11:cee25a834751 24050 wolfSSL_EVP_CIPHER_CTX_init(&evpCtx);
wolfSSL 11:cee25a834751 24051 /* Initialize the cipher and HMAC. */
wolfSSL 11:cee25a834751 24052 res = ticketKeyCb(ssl, keyName, iv, &evpCtx, &hmacCtx, enc);
wolfSSL 11:cee25a834751 24053 if (res != TICKET_KEY_CB_RET_OK && res != TICKET_KEY_CB_RET_RENEW)
wolfSSL 11:cee25a834751 24054 return WOLFSSL_TICKET_RET_FATAL;
wolfSSL 11:cee25a834751 24055
wolfSSL 11:cee25a834751 24056 if (enc)
wolfSSL 11:cee25a834751 24057 {
wolfSSL 11:cee25a834751 24058 /* Encrypt in place. */
wolfSSL 11:cee25a834751 24059 if (!wolfSSL_EVP_CipherUpdate(&evpCtx, encTicket, &len,
wolfSSL 11:cee25a834751 24060 encTicket, encTicketLen))
wolfSSL 11:cee25a834751 24061 goto end;
wolfSSL 11:cee25a834751 24062 encTicketLen = len;
wolfSSL 11:cee25a834751 24063 if (!wolfSSL_EVP_EncryptFinal(&evpCtx, &encTicket[encTicketLen], &len))
wolfSSL 11:cee25a834751 24064 goto end;
wolfSSL 11:cee25a834751 24065 /* Total length of encrypted data. */
wolfSSL 11:cee25a834751 24066 encTicketLen += len;
wolfSSL 11:cee25a834751 24067 *encLen = encTicketLen;
wolfSSL 11:cee25a834751 24068
wolfSSL 11:cee25a834751 24069 /* HMAC the encrypted data into the parameter 'mac'. */
wolfSSL 11:cee25a834751 24070 wolfSSL_HMAC_Update(&hmacCtx, encTicket, encTicketLen);
wolfSSL 11:cee25a834751 24071 wolfSSL_HMAC_Final(&hmacCtx, mac, &mdSz);
wolfSSL 11:cee25a834751 24072 }
wolfSSL 11:cee25a834751 24073 else
wolfSSL 11:cee25a834751 24074 {
wolfSSL 11:cee25a834751 24075 /* HMAC the encrypted data and compare it to the passed in data. */
wolfSSL 11:cee25a834751 24076 wolfSSL_HMAC_Update(&hmacCtx, encTicket, encTicketLen);
wolfSSL 11:cee25a834751 24077 wolfSSL_HMAC_Final(&hmacCtx, digest, &mdSz);
wolfSSL 11:cee25a834751 24078 if (XMEMCMP(mac, digest, mdSz) != 0)
wolfSSL 11:cee25a834751 24079 goto end;
wolfSSL 11:cee25a834751 24080
wolfSSL 11:cee25a834751 24081 /* Decrypt the ticket data in place. */
wolfSSL 11:cee25a834751 24082 if (!wolfSSL_EVP_CipherUpdate(&evpCtx, encTicket, &len,
wolfSSL 11:cee25a834751 24083 encTicket, encTicketLen))
wolfSSL 11:cee25a834751 24084 goto end;
wolfSSL 11:cee25a834751 24085 encTicketLen = len;
wolfSSL 11:cee25a834751 24086 if (!wolfSSL_EVP_DecryptFinal(&evpCtx, &encTicket[encTicketLen], &len))
wolfSSL 11:cee25a834751 24087 goto end;
wolfSSL 11:cee25a834751 24088 /* Total length of decrypted data. */
wolfSSL 11:cee25a834751 24089 *encLen = encTicketLen + len;
wolfSSL 11:cee25a834751 24090 }
wolfSSL 11:cee25a834751 24091
wolfSSL 11:cee25a834751 24092 ret = (res == TICKET_KEY_CB_RET_RENEW) ? WOLFSSL_TICKET_RET_CREATE :
wolfSSL 11:cee25a834751 24093 WOLFSSL_TICKET_RET_OK;
wolfSSL 11:cee25a834751 24094 end:
wolfSSL 11:cee25a834751 24095 return ret;
wolfSSL 11:cee25a834751 24096 }
wolfSSL 11:cee25a834751 24097
wolfSSL 11:cee25a834751 24098 /* Set the callback to use when encrypting/decrypting tickets.
wolfSSL 11:cee25a834751 24099 *
wolfSSL 11:cee25a834751 24100 * ctx The SSL/TLS context object.
wolfSSL 11:cee25a834751 24101 * cb The OpenSSL session ticket callback.
wolfSSL 11:cee25a834751 24102 * returns SSL_SUCCESS to indicate success.
wolfSSL 11:cee25a834751 24103 */
wolfSSL 11:cee25a834751 24104 int wolfSSL_CTX_set_tlsext_ticket_key_cb(WOLFSSL_CTX *ctx, int (*cb)(
wolfSSL 11:cee25a834751 24105 WOLFSSL *ssl, unsigned char *name, unsigned char *iv,
wolfSSL 11:cee25a834751 24106 WOLFSSL_EVP_CIPHER_CTX *ectx, WOLFSSL_HMAC_CTX *hctx, int enc))
wolfSSL 11:cee25a834751 24107 {
wolfSSL 11:cee25a834751 24108 /* Store callback in a global. */
wolfSSL 11:cee25a834751 24109 ticketKeyCb = cb;
wolfSSL 11:cee25a834751 24110 /* Set the ticket encryption callback to be a wrapper around OpenSSL
wolfSSL 11:cee25a834751 24111 * callback.
wolfSSL 11:cee25a834751 24112 */
wolfSSL 11:cee25a834751 24113 ctx->ticketEncCb = wolfSSL_TicketKeyCb;
wolfSSL 11:cee25a834751 24114
wolfSSL 11:cee25a834751 24115 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 24116 }
wolfSSL 11:cee25a834751 24117 #endif /* HAVE_SESSION_TICKET */
wolfSSL 11:cee25a834751 24118
wolfSSL 11:cee25a834751 24119 #ifdef HAVE_OCSP
wolfSSL 11:cee25a834751 24120 /* Not an OpenSSL API. */
wolfSSL 11:cee25a834751 24121 int wolfSSL_get_ocsp_response(WOLFSSL* ssl, byte** response)
wolfSSL 11:cee25a834751 24122 {
wolfSSL 11:cee25a834751 24123 *response = ssl->ocspResp;
wolfSSL 11:cee25a834751 24124 return ssl->ocspRespSz;
wolfSSL 11:cee25a834751 24125 }
wolfSSL 11:cee25a834751 24126
wolfSSL 11:cee25a834751 24127 /* Not an OpenSSL API. */
wolfSSL 11:cee25a834751 24128 char* wolfSSL_get_ocsp_url(WOLFSSL* ssl)
wolfSSL 11:cee25a834751 24129 {
wolfSSL 11:cee25a834751 24130 return ssl->url;
wolfSSL 11:cee25a834751 24131 }
wolfSSL 11:cee25a834751 24132
wolfSSL 11:cee25a834751 24133 /* Not an OpenSSL API. */
wolfSSL 11:cee25a834751 24134 int wolfSSL_set_ocsp_url(WOLFSSL* ssl, char* url)
wolfSSL 11:cee25a834751 24135 {
wolfSSL 11:cee25a834751 24136 if (ssl == NULL)
wolfSSL 11:cee25a834751 24137 return SSL_FAILURE;
wolfSSL 11:cee25a834751 24138
wolfSSL 11:cee25a834751 24139 ssl->url = url;
wolfSSL 11:cee25a834751 24140 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 24141 }
wolfSSL 11:cee25a834751 24142
wolfSSL 11:cee25a834751 24143 static INLINE void ato24(const byte* c, word32* u24)
wolfSSL 11:cee25a834751 24144 {
wolfSSL 11:cee25a834751 24145 *u24 = (c[0] << 16) | (c[1] << 8) | c[2];
wolfSSL 11:cee25a834751 24146 }
wolfSSL 11:cee25a834751 24147
wolfSSL 11:cee25a834751 24148 int wolfSSL_CTX_get_extra_chain_certs(WOLFSSL_CTX* ctx, STACK_OF(X509)** chain)
wolfSSL 11:cee25a834751 24149 {
wolfSSL 11:cee25a834751 24150 word32 idx;
wolfSSL 11:cee25a834751 24151 word32 length;
wolfSSL 11:cee25a834751 24152 WOLFSSL_STACK* node;
wolfSSL 11:cee25a834751 24153 WOLFSSL_STACK* last = NULL;
wolfSSL 11:cee25a834751 24154
wolfSSL 11:cee25a834751 24155 if (ctx == NULL || chain == NULL) {
wolfSSL 11:cee25a834751 24156 chain = NULL;
wolfSSL 11:cee25a834751 24157 return SSL_FAILURE;
wolfSSL 11:cee25a834751 24158 }
wolfSSL 11:cee25a834751 24159 if (ctx->x509Chain != NULL) {
wolfSSL 11:cee25a834751 24160 *chain = ctx->x509Chain;
wolfSSL 11:cee25a834751 24161 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 24162 }
wolfSSL 11:cee25a834751 24163
wolfSSL 11:cee25a834751 24164 /* If there are no chains then success! */
wolfSSL 11:cee25a834751 24165 *chain = NULL;
wolfSSL 11:cee25a834751 24166 if (ctx->certChain == NULL || ctx->certChain->length == 0) {
wolfSSL 11:cee25a834751 24167 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 24168 }
wolfSSL 11:cee25a834751 24169
wolfSSL 11:cee25a834751 24170 /* Create a new stack of WOLFSSL_X509 object from chain buffer. */
wolfSSL 11:cee25a834751 24171 for (idx = 0; idx < ctx->certChain->length; ) {
wolfSSL 11:cee25a834751 24172 node = (WOLFSSL_STACK*)XMALLOC(sizeof(WOLFSSL_STACK), NULL,
wolfSSL 11:cee25a834751 24173 DYNAMIC_TYPE_OPENSSL);
wolfSSL 11:cee25a834751 24174 if (node == NULL)
wolfSSL 11:cee25a834751 24175 return SSL_FAILURE;
wolfSSL 11:cee25a834751 24176 node->next = NULL;
wolfSSL 11:cee25a834751 24177
wolfSSL 11:cee25a834751 24178 /* 3 byte length | X509 DER data */
wolfSSL 11:cee25a834751 24179 ato24(ctx->certChain->buffer + idx, &length);
wolfSSL 11:cee25a834751 24180 idx += 3;
wolfSSL 11:cee25a834751 24181
wolfSSL 11:cee25a834751 24182 /* Create a new X509 from DER encoded data. */
wolfSSL 11:cee25a834751 24183 node->data.x509 = wolfSSL_X509_d2i(NULL, ctx->certChain->buffer + idx,
wolfSSL 11:cee25a834751 24184 length);
wolfSSL 11:cee25a834751 24185 if (node->data.x509 == NULL) {
wolfSSL 11:cee25a834751 24186 XFREE(node, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL 11:cee25a834751 24187 /* Return as much of the chain as we created. */
wolfSSL 11:cee25a834751 24188 ctx->x509Chain = *chain;
wolfSSL 11:cee25a834751 24189 return SSL_FAILURE;
wolfSSL 11:cee25a834751 24190 }
wolfSSL 11:cee25a834751 24191 idx += length;
wolfSSL 11:cee25a834751 24192
wolfSSL 11:cee25a834751 24193 /* Add object to the end of the stack. */
wolfSSL 11:cee25a834751 24194 if (last == NULL) {
wolfSSL 11:cee25a834751 24195 node->num = 1;
wolfSSL 11:cee25a834751 24196 *chain = node;
wolfSSL 11:cee25a834751 24197 }
wolfSSL 11:cee25a834751 24198 else {
wolfSSL 11:cee25a834751 24199 (*chain)->num++;
wolfSSL 11:cee25a834751 24200 last->next = node;
wolfSSL 11:cee25a834751 24201 }
wolfSSL 11:cee25a834751 24202
wolfSSL 11:cee25a834751 24203 last = node;
wolfSSL 11:cee25a834751 24204 }
wolfSSL 11:cee25a834751 24205
wolfSSL 11:cee25a834751 24206 ctx->x509Chain = *chain;
wolfSSL 11:cee25a834751 24207
wolfSSL 11:cee25a834751 24208 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 24209 }
wolfSSL 11:cee25a834751 24210
wolfSSL 11:cee25a834751 24211 int wolfSSL_CTX_set_tlsext_status_cb(WOLFSSL_CTX* ctx,
wolfSSL 11:cee25a834751 24212 int(*cb)(WOLFSSL*, void*))
wolfSSL 11:cee25a834751 24213 {
wolfSSL 11:cee25a834751 24214 if (ctx == NULL || ctx->cm == NULL)
wolfSSL 11:cee25a834751 24215 return SSL_FAILURE;
wolfSSL 11:cee25a834751 24216
wolfSSL 11:cee25a834751 24217 /* Ensure stapling is on for callback to be used. */
wolfSSL 11:cee25a834751 24218 wolfSSL_CTX_EnableOCSPStapling(ctx);
wolfSSL 11:cee25a834751 24219
wolfSSL 11:cee25a834751 24220 if (ctx->cm->ocsp_stapling == NULL)
wolfSSL 11:cee25a834751 24221 return SSL_FAILURE;
wolfSSL 11:cee25a834751 24222
wolfSSL 11:cee25a834751 24223 ctx->cm->ocsp_stapling->statusCb = cb;
wolfSSL 11:cee25a834751 24224 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 24225 }
wolfSSL 11:cee25a834751 24226
wolfSSL 11:cee25a834751 24227 int wolfSSL_X509_STORE_CTX_get1_issuer(WOLFSSL_X509 **issuer,
wolfSSL 11:cee25a834751 24228 WOLFSSL_X509_STORE_CTX *ctx, WOLFSSL_X509 *x)
wolfSSL 11:cee25a834751 24229 {
wolfSSL 11:cee25a834751 24230 WOLFSSL_STACK* node;
wolfSSL 11:cee25a834751 24231 Signer* ca = NULL;
wolfSSL 11:cee25a834751 24232 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 24233 DecodedCert* cert = NULL;
wolfSSL 11:cee25a834751 24234 #else
wolfSSL 11:cee25a834751 24235 DecodedCert cert[1];
wolfSSL 11:cee25a834751 24236 #endif
wolfSSL 11:cee25a834751 24237
wolfSSL 11:cee25a834751 24238 if (issuer == NULL || ctx == NULL || x == NULL)
wolfSSL 11:cee25a834751 24239 return SSL_FATAL_ERROR;
wolfSSL 11:cee25a834751 24240
wolfSSL 11:cee25a834751 24241 if (ctx->chain != NULL) {
wolfSSL 11:cee25a834751 24242 for (node = ctx->chain; node != NULL; node = node->next) {
wolfSSL 11:cee25a834751 24243 if (wolfSSL_X509_check_issued(node->data.x509, x) == X509_V_OK) {
wolfSSL 11:cee25a834751 24244 *issuer = x;
wolfSSL 11:cee25a834751 24245 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 24246 }
wolfSSL 11:cee25a834751 24247 }
wolfSSL 11:cee25a834751 24248 }
wolfSSL 11:cee25a834751 24249
wolfSSL 11:cee25a834751 24250
wolfSSL 11:cee25a834751 24251 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 24252 cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL,
wolfSSL 11:cee25a834751 24253 DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 24254 if (cert == NULL)
wolfSSL 11:cee25a834751 24255 return SSL_FAILURE;
wolfSSL 11:cee25a834751 24256 #endif
wolfSSL 11:cee25a834751 24257
wolfSSL 11:cee25a834751 24258 /* Use existing CA retrieval APIs that use DecodedCert. */
wolfSSL 11:cee25a834751 24259 InitDecodedCert(cert, x->derCert->buffer, x->derCert->length, NULL);
wolfSSL 11:cee25a834751 24260 if (ParseCertRelative(cert, CERT_TYPE, 0, NULL) == 0) {
wolfSSL 11:cee25a834751 24261 #ifndef NO_SKID
wolfSSL 11:cee25a834751 24262 if (cert->extAuthKeyIdSet)
wolfSSL 11:cee25a834751 24263 ca = GetCA(ctx->store->cm, cert->extAuthKeyId);
wolfSSL 11:cee25a834751 24264 if (ca == NULL)
wolfSSL 11:cee25a834751 24265 ca = GetCAByName(ctx->store->cm, cert->issuerHash);
wolfSSL 11:cee25a834751 24266 #else /* NO_SKID */
wolfSSL 11:cee25a834751 24267 ca = GetCA(ctx->store->cm, cert->issuerHash);
wolfSSL 11:cee25a834751 24268 #endif /* NO SKID */
wolfSSL 11:cee25a834751 24269 }
wolfSSL 11:cee25a834751 24270 FreeDecodedCert(cert);
wolfSSL 11:cee25a834751 24271 #ifdef WOLFSSL_SMALL_STACK
wolfSSL 11:cee25a834751 24272 XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER);
wolfSSL 11:cee25a834751 24273 #endif
wolfSSL 11:cee25a834751 24274
wolfSSL 11:cee25a834751 24275 if (ca == NULL)
wolfSSL 11:cee25a834751 24276 return SSL_FAILURE;
wolfSSL 11:cee25a834751 24277
wolfSSL 11:cee25a834751 24278 *issuer = (WOLFSSL_X509 *)XMALLOC(sizeof(WOLFSSL_X509), 0,
wolfSSL 11:cee25a834751 24279 DYNAMIC_TYPE_OPENSSL);
wolfSSL 11:cee25a834751 24280 if (*issuer == NULL)
wolfSSL 11:cee25a834751 24281 return SSL_FAILURE;
wolfSSL 11:cee25a834751 24282
wolfSSL 11:cee25a834751 24283 /* Create an empty certificate as CA doesn't have a certificate. */
wolfSSL 11:cee25a834751 24284 XMEMSET(*issuer, 0, sizeof(WOLFSSL_X509));
wolfSSL 11:cee25a834751 24285 /* TODO: store the full certificate and dup when required. */
wolfSSL 11:cee25a834751 24286
wolfSSL 11:cee25a834751 24287 /* Result is ignored when passed to wolfSSL_OCSP_cert_to_id(). */
wolfSSL 11:cee25a834751 24288
wolfSSL 11:cee25a834751 24289 return SSL_SUCCESS;
wolfSSL 11:cee25a834751 24290 }
wolfSSL 11:cee25a834751 24291
wolfSSL 11:cee25a834751 24292 void wolfSSL_X509_email_free(STACK_OF(WOLFSSL_STRING) *sk)
wolfSSL 11:cee25a834751 24293 {
wolfSSL 11:cee25a834751 24294 WOLFSSL_STACK *curr;
wolfSSL 11:cee25a834751 24295
wolfSSL 11:cee25a834751 24296 while (sk != NULL) {
wolfSSL 11:cee25a834751 24297 curr = sk;
wolfSSL 11:cee25a834751 24298 sk = sk->next;
wolfSSL 11:cee25a834751 24299
wolfSSL 11:cee25a834751 24300 XFREE(curr, NULL, DYNAMIC_TYPE_OPENSSL);
wolfSSL 11:cee25a834751 24301 }
wolfSSL 11:cee25a834751 24302 }
wolfSSL 11:cee25a834751 24303
wolfSSL 11:cee25a834751 24304 STACK_OF(WOLFSSL_STRING) *wolfSSL_X509_get1_ocsp(WOLFSSL_X509 *x)
wolfSSL 11:cee25a834751 24305 {
wolfSSL 11:cee25a834751 24306 WOLFSSL_STACK *list = NULL;
wolfSSL 11:cee25a834751 24307
wolfSSL 11:cee25a834751 24308 if (x->authInfoSz == 0)
wolfSSL 11:cee25a834751 24309 return NULL;
wolfSSL 11:cee25a834751 24310
wolfSSL 11:cee25a834751 24311 list = (WOLFSSL_STACK*)XMALLOC(sizeof(WOLFSSL_STACK), NULL,
wolfSSL 11:cee25a834751 24312 DYNAMIC_TYPE_OPENSSL);
wolfSSL 11:cee25a834751 24313 if (list == NULL)
wolfSSL 11:cee25a834751 24314 return NULL;
wolfSSL 11:cee25a834751 24315
wolfSSL 11:cee25a834751 24316 list->data.string = (char*)x->authInfo;
wolfSSL 11:cee25a834751 24317 list->next = NULL;
wolfSSL 11:cee25a834751 24318
wolfSSL 11:cee25a834751 24319 return list;
wolfSSL 11:cee25a834751 24320 }
wolfSSL 11:cee25a834751 24321
wolfSSL 11:cee25a834751 24322 int wolfSSL_X509_check_issued(WOLFSSL_X509 *issuer, WOLFSSL_X509 *subject)
wolfSSL 11:cee25a834751 24323 {
wolfSSL 11:cee25a834751 24324 WOLFSSL_X509_NAME *issuerName = wolfSSL_X509_get_issuer_name(subject);
wolfSSL 11:cee25a834751 24325 WOLFSSL_X509_NAME *subjectName = wolfSSL_X509_get_subject_name(issuer);
wolfSSL 11:cee25a834751 24326
wolfSSL 11:cee25a834751 24327 if (issuerName == NULL || subjectName == NULL)
wolfSSL 11:cee25a834751 24328 return X509_V_ERR_SUBJECT_ISSUER_MISMATCH;
wolfSSL 11:cee25a834751 24329
wolfSSL 11:cee25a834751 24330 /* Literal matching of encoded names and key ids. */
wolfSSL 11:cee25a834751 24331 if (issuerName->sz != subjectName->sz ||
wolfSSL 11:cee25a834751 24332 XMEMCMP(issuerName->name, subjectName->name, subjectName->sz) != 0) {
wolfSSL 11:cee25a834751 24333 return X509_V_ERR_SUBJECT_ISSUER_MISMATCH;
wolfSSL 11:cee25a834751 24334 }
wolfSSL 11:cee25a834751 24335
wolfSSL 11:cee25a834751 24336 if (subject->authKeyId != NULL && issuer->subjKeyId != NULL) {
wolfSSL 11:cee25a834751 24337 if (subject->authKeyIdSz != issuer->subjKeyIdSz ||
wolfSSL 11:cee25a834751 24338 XMEMCMP(subject->authKeyId, issuer->subjKeyId,
wolfSSL 11:cee25a834751 24339 issuer->subjKeyIdSz) != 0) {
wolfSSL 11:cee25a834751 24340 return X509_V_ERR_SUBJECT_ISSUER_MISMATCH;
wolfSSL 11:cee25a834751 24341 }
wolfSSL 11:cee25a834751 24342 }
wolfSSL 11:cee25a834751 24343
wolfSSL 11:cee25a834751 24344 return X509_V_OK;
wolfSSL 11:cee25a834751 24345 }
wolfSSL 11:cee25a834751 24346
wolfSSL 11:cee25a834751 24347 WOLFSSL_X509* wolfSSL_X509_dup(WOLFSSL_X509 *x)
wolfSSL 11:cee25a834751 24348 {
wolfSSL 11:cee25a834751 24349 return wolfSSL_X509_d2i(NULL, x->derCert->buffer, x->derCert->length);
wolfSSL 11:cee25a834751 24350 }
wolfSSL 11:cee25a834751 24351
wolfSSL 11:cee25a834751 24352 char* wolfSSL_sk_WOLFSSL_STRING_value(STACK_OF(WOLFSSL_STRING)* strings,
wolfSSL 11:cee25a834751 24353 int idx)
wolfSSL 11:cee25a834751 24354 {
wolfSSL 11:cee25a834751 24355 for (; idx > 0 && strings != NULL; idx--)
wolfSSL 11:cee25a834751 24356 strings = strings->next;
wolfSSL 11:cee25a834751 24357 if (strings == NULL)
wolfSSL 11:cee25a834751 24358 return NULL;
wolfSSL 11:cee25a834751 24359 return strings->data.string;
wolfSSL 11:cee25a834751 24360 }
wolfSSL 11:cee25a834751 24361 #endif /* HAVE_OCSP */
wolfSSL 11:cee25a834751 24362
wolfSSL 11:cee25a834751 24363 #ifdef HAVE_ALPN
wolfSSL 11:cee25a834751 24364 void wolfSSL_get0_alpn_selected(const WOLFSSL *ssl, const unsigned char **data,
wolfSSL 11:cee25a834751 24365 unsigned int *len)
wolfSSL 11:cee25a834751 24366 {
wolfSSL 11:cee25a834751 24367 word16 nameLen;
wolfSSL 11:cee25a834751 24368
wolfSSL 11:cee25a834751 24369 if (ssl != NULL && data != NULL && len != NULL) {
wolfSSL 11:cee25a834751 24370 TLSX_ALPN_GetRequest(ssl->extensions, (void **)data, &nameLen);
wolfSSL 11:cee25a834751 24371 *len = nameLen;
wolfSSL 11:cee25a834751 24372 }
wolfSSL 11:cee25a834751 24373 }
wolfSSL 11:cee25a834751 24374
wolfSSL 11:cee25a834751 24375 int wolfSSL_select_next_proto(unsigned char **out, unsigned char *outLen,
wolfSSL 11:cee25a834751 24376 const unsigned char *in, unsigned int inLen,
wolfSSL 11:cee25a834751 24377 const unsigned char *clientNames,
wolfSSL 11:cee25a834751 24378 unsigned int clientLen)
wolfSSL 11:cee25a834751 24379 {
wolfSSL 11:cee25a834751 24380 unsigned int i, j;
wolfSSL 11:cee25a834751 24381 byte lenIn, lenClient;
wolfSSL 11:cee25a834751 24382
wolfSSL 11:cee25a834751 24383 if (out == NULL || outLen == NULL || in == NULL || clientNames == NULL)
wolfSSL 11:cee25a834751 24384 return OPENSSL_NPN_UNSUPPORTED;
wolfSSL 11:cee25a834751 24385
wolfSSL 11:cee25a834751 24386 for (i = 0; i < inLen; i += lenIn) {
wolfSSL 11:cee25a834751 24387 lenIn = in[i++];
wolfSSL 11:cee25a834751 24388 for (j = 0; j < clientLen; j += lenClient) {
wolfSSL 11:cee25a834751 24389 lenClient = clientNames[j++];
wolfSSL 11:cee25a834751 24390
wolfSSL 11:cee25a834751 24391 if (lenIn != lenClient)
wolfSSL 11:cee25a834751 24392 continue;
wolfSSL 11:cee25a834751 24393
wolfSSL 11:cee25a834751 24394 if (XMEMCMP(in + i, clientNames + j, lenIn) == 0) {
wolfSSL 11:cee25a834751 24395 *out = (unsigned char *)(in + i);
wolfSSL 11:cee25a834751 24396 *outLen = lenIn;
wolfSSL 11:cee25a834751 24397 return OPENSSL_NPN_NEGOTIATED;
wolfSSL 11:cee25a834751 24398 }
wolfSSL 11:cee25a834751 24399 }
wolfSSL 11:cee25a834751 24400 }
wolfSSL 11:cee25a834751 24401
wolfSSL 11:cee25a834751 24402 *out = (unsigned char *)clientNames + 1;
wolfSSL 11:cee25a834751 24403 *outLen = clientNames[0];
wolfSSL 11:cee25a834751 24404 return OPENSSL_NPN_NO_OVERLAP;
wolfSSL 11:cee25a834751 24405 }
wolfSSL 11:cee25a834751 24406
wolfSSL 11:cee25a834751 24407 void wolfSSL_CTX_set_alpn_select_cb(WOLFSSL_CTX *ctx,
wolfSSL 11:cee25a834751 24408 int (*cb) (WOLFSSL *ssl,
wolfSSL 11:cee25a834751 24409 const unsigned char **out,
wolfSSL 11:cee25a834751 24410 unsigned char *outlen,
wolfSSL 11:cee25a834751 24411 const unsigned char *in,
wolfSSL 11:cee25a834751 24412 unsigned int inlen,
wolfSSL 11:cee25a834751 24413 void *arg), void *arg)
wolfSSL 11:cee25a834751 24414 {
wolfSSL 11:cee25a834751 24415 if (ctx != NULL) {
wolfSSL 11:cee25a834751 24416 ctx->alpnSelect = cb;
wolfSSL 11:cee25a834751 24417 ctx->alpnSelectArg = arg;
wolfSSL 11:cee25a834751 24418 }
wolfSSL 11:cee25a834751 24419 }
wolfSSL 11:cee25a834751 24420
wolfSSL 11:cee25a834751 24421 void wolfSSL_CTX_set_next_protos_advertised_cb(WOLFSSL_CTX *s,
wolfSSL 11:cee25a834751 24422 int (*cb) (WOLFSSL *ssl,
wolfSSL 11:cee25a834751 24423 const unsigned char
wolfSSL 11:cee25a834751 24424 **out,
wolfSSL 11:cee25a834751 24425 unsigned int *outlen,
wolfSSL 11:cee25a834751 24426 void *arg), void *arg)
wolfSSL 11:cee25a834751 24427 {
wolfSSL 11:cee25a834751 24428 (void)s;
wolfSSL 11:cee25a834751 24429 (void)cb;
wolfSSL 11:cee25a834751 24430 (void)arg;
wolfSSL 11:cee25a834751 24431 WOLFSSL_STUB("wolfSSL_CTX_set_next_protos_advertised_cb");
wolfSSL 11:cee25a834751 24432 }
wolfSSL 11:cee25a834751 24433
wolfSSL 11:cee25a834751 24434 void wolfSSL_CTX_set_next_proto_select_cb(WOLFSSL_CTX *s,
wolfSSL 11:cee25a834751 24435 int (*cb) (WOLFSSL *ssl,
wolfSSL 11:cee25a834751 24436 unsigned char **out,
wolfSSL 11:cee25a834751 24437 unsigned char *outlen,
wolfSSL 11:cee25a834751 24438 const unsigned char *in,
wolfSSL 11:cee25a834751 24439 unsigned int inlen,
wolfSSL 11:cee25a834751 24440 void *arg), void *arg)
wolfSSL 11:cee25a834751 24441 {
wolfSSL 11:cee25a834751 24442 (void)s;
wolfSSL 11:cee25a834751 24443 (void)cb;
wolfSSL 11:cee25a834751 24444 (void)arg;
wolfSSL 11:cee25a834751 24445 WOLFSSL_STUB("wolfSSL_CTX_set_next_proto_select_cb");
wolfSSL 11:cee25a834751 24446 }
wolfSSL 11:cee25a834751 24447
wolfSSL 11:cee25a834751 24448 void wolfSSL_get0_next_proto_negotiated(const WOLFSSL *s, const unsigned char **data,
wolfSSL 11:cee25a834751 24449 unsigned *len)
wolfSSL 11:cee25a834751 24450 {
wolfSSL 11:cee25a834751 24451 (void)s;
wolfSSL 11:cee25a834751 24452 (void)data;
wolfSSL 11:cee25a834751 24453 (void)len;
wolfSSL 11:cee25a834751 24454 WOLFSSL_STUB("wolfSSL_get0_next_proto_negotiated");
wolfSSL 11:cee25a834751 24455 }
wolfSSL 11:cee25a834751 24456 #endif /* HAVE_ALPN */
wolfSSL 11:cee25a834751 24457
wolfSSL 11:cee25a834751 24458 #endif /* WOLFSSL_NGINX / WOLFSSL_HAPROXY */
wolfSSL 11:cee25a834751 24459
wolfSSL 11:cee25a834751 24460 #ifdef OPENSSL_EXTRA
wolfSSL 11:cee25a834751 24461 int wolfSSL_CTX_set_msg_callback(WOLFSSL_CTX *ctx, SSL_Msg_Cb cb)
wolfSSL 11:cee25a834751 24462 {
wolfSSL 11:cee25a834751 24463 WOLFSSL_STUB("SSL_CTX_set_msg_callback");
wolfSSL 11:cee25a834751 24464 (void)ctx;
wolfSSL 11:cee25a834751 24465 (void)cb;
wolfSSL 11:cee25a834751 24466 return SSL_FAILURE;
wolfSSL 11:cee25a834751 24467 }
wolfSSL 11:cee25a834751 24468 int wolfSSL_set_msg_callback(WOLFSSL *ssl, SSL_Msg_Cb cb)
wolfSSL 11:cee25a834751 24469 {
wolfSSL 11:cee25a834751 24470 WOLFSSL_STUB("SSL_set_msg_callback");
wolfSSL 11:cee25a834751 24471 (void)ssl;
wolfSSL 11:cee25a834751 24472 (void)cb;
wolfSSL 11:cee25a834751 24473 return SSL_FAILURE;
wolfSSL 11:cee25a834751 24474 }
wolfSSL 11:cee25a834751 24475 int wolfSSL_CTX_set_msg_callback_arg(WOLFSSL_CTX *ctx, void* arg)
wolfSSL 11:cee25a834751 24476 {
wolfSSL 11:cee25a834751 24477 WOLFSSL_STUB("SSL_CTX_set_msg_callback_arg");
wolfSSL 11:cee25a834751 24478 (void)ctx;
wolfSSL 11:cee25a834751 24479 (void)arg;
wolfSSL 11:cee25a834751 24480 return SSL_FAILURE;
wolfSSL 11:cee25a834751 24481 }
wolfSSL 11:cee25a834751 24482 int wolfSSL_set_msg_callback_arg(WOLFSSL *ssl, void* arg)
wolfSSL 11:cee25a834751 24483 {
wolfSSL 11:cee25a834751 24484 WOLFSSL_STUB("SSL_set_msg_callback_arg");
wolfSSL 11:cee25a834751 24485 (void)ssl;
wolfSSL 11:cee25a834751 24486 (void)arg;
wolfSSL 11:cee25a834751 24487 return SSL_FAILURE;
wolfSSL 11:cee25a834751 24488 }
wolfSSL 11:cee25a834751 24489 #endif
wolfSSL 11:cee25a834751 24490
wolfSSL 11:cee25a834751 24491
wolfSSL 11:cee25a834751 24492 #endif /* WOLFCRYPT_ONLY */
wolfSSL 11:cee25a834751 24493