Changeset 372 for asp3_tinet_ecnl_arm/trunk/wolfssl-3.12.2/src/internal.c
- Timestamp:
- Feb 7, 2019, 8:36:33 AM (5 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
asp3_tinet_ecnl_arm/trunk/wolfssl-3.12.2/src/internal.c
r364 r372 28 28 #include <wolfssl/wolfcrypt/settings.h> 29 29 30 /* 31 * WOLFSSL_SMALL_CERT_VERIFY: 32 * Verify the certificate signature without using DecodedCert. Doubles up 33 * on some code but allows smaller dynamic memory usage. 34 */ 35 30 36 #ifndef WOLFCRYPT_ONLY 31 37 … … 39 45 #define WOLFSSL_MISC_INCLUDED 40 46 #include <wolfcrypt/src/misc.c> 47 #endif 48 #if defined(OPENSSL_EXTRA) && defined(WOLFCRYPT_HAVE_SRP) && !defined(NO_SHA) 49 #include <wolfssl/wolfcrypt/srp.h> 41 50 #endif 42 51 … … 82 91 #error Cannot use both secure-renegotiation and renegotiation-indication 83 92 #endif 93 94 #ifndef WOLFSSL_NO_TLS12 84 95 85 96 #ifndef NO_WOLFSSL_CLIENT … … 101 112 #ifndef NO_WOLFSSL_SERVER 102 113 static int DoClientKeyExchange(WOLFSSL* ssl, byte* input, word32*, word32); 103 #if !defined(NO_RSA) || defined(HAVE_ECC) 114 #if (!defined(NO_RSA) || defined(HAVE_ECC) || defined(HAVE_ED25519)) && \ 115 !defined(WOLFSSL_NO_CLIENT_AUTH) 104 116 static int DoCertificateVerify(WOLFSSL* ssl, byte*, word32*, word32); 105 117 #endif … … 109 121 #endif 110 122 123 #endif /* !WOLFSSL_NO_TLS12 */ 111 124 112 125 #ifdef WOLFSSL_DTLS 113 static INLINE int DtlsCheckWindow(WOLFSSL* ssl);114 static INLINE int DtlsUpdateWindow(WOLFSSL* ssl);126 static WC_INLINE int DtlsCheckWindow(WOLFSSL* ssl); 127 static WC_INLINE int DtlsUpdateWindow(WOLFSSL* ssl); 115 128 #endif 116 129 … … 129 142 130 143 144 #ifndef WOLFSSL_NO_TLS12 145 #if !defined(NO_WOLFSSL_SERVER) || !defined(NO_WOLFSSL_CLIENT) 146 131 147 /* Server random bytes for TLS v1.3 described downgrade protection mechanism. */ 132 148 static const byte tls13Downgrade[7] = { … … 135 151 #define TLS13_DOWNGRADE_SZ sizeof(tls13Downgrade) 136 152 137 138 #ifndef NO_OLD_TLS 153 #endif /* !NO_WOLFSSL_SERVER || !NO_WOLFSSL_CLIENT */ 154 155 #if !defined(NO_OLD_TLS) && !defined(WOLFSSL_AEAD_ONLY) 139 156 static int SSL_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, 140 int content, int verify); 141 142 #endif 157 int padSz, int content, int verify); 158 159 #endif 160 161 #endif /* !WOLFSSL_NO_TLS12 */ 143 162 144 163 #ifdef HAVE_QSH … … 160 179 if (ssl->version.major == SSLv3_MAJOR && ssl->version.minor >=TLSv1_2_MINOR) 161 180 return 1; 181 #ifdef WOLFSSL_DTLS 162 182 if (ssl->version.major == DTLS_MAJOR && ssl->version.minor <= DTLSv1_2_MINOR) 163 183 return 1; 184 #endif 164 185 165 186 return 0; … … 171 192 } 172 193 173 174 static INLINE int IsEncryptionOn(WOLFSSL* ssl, int isSend) 194 static WC_INLINE int IsEncryptionOn(WOLFSSL* ssl, int isSend) 175 195 { 176 196 (void)isSend; … … 186 206 187 207 208 #if defined(WOLFSSL_DTLS) || !defined(WOLFSSL_NO_TLS12) 188 209 /* If SCTP is not enabled returns the state of the dtls option. 189 210 * If SCTP is enabled returns dtls && !sctp. */ 190 static INLINE int IsDtlsNotSctpMode(WOLFSSL* ssl)211 static WC_INLINE int IsDtlsNotSctpMode(WOLFSSL* ssl) 191 212 { 192 213 int result = ssl->options.dtls; … … 200 221 return result; 201 222 } 223 #endif /* DTLS || !WOLFSSL_NO_TLS12 */ 202 224 203 225 … … 524 546 #endif 525 547 exp[idx++] = sz; 548 #ifndef WOLFSSL_AEAD_ONLY 526 549 XMEMCPY(exp + idx, keys->client_write_MAC_secret, sz); idx += sz; 527 550 XMEMCPY(exp + idx, keys->server_write_MAC_secret, sz); idx += sz; 551 #else 552 XMEMSET(exp + idx, 0, sz); idx += sz; 553 XMEMSET(exp + idx, 0, sz); idx += sz; 554 #endif 528 555 529 556 sz = ssl->specs.key_size; … … 682 709 #endif 683 710 sz = exp[idx++]; 684 if (sz > MAX_DIGEST_SIZE || sz + idx > len) { 711 #ifndef WOLFSSL_AEAD_ONLY 712 if (sz > sizeof(keys->client_write_MAC_secret) || sz + idx > len) { 685 713 return BUFFER_E; 686 714 } 687 715 XMEMCPY(keys->client_write_MAC_secret, exp + idx, sz); idx += sz; 688 716 XMEMCPY(keys->server_write_MAC_secret, exp + idx, sz); idx += sz; 717 #else 718 if (sz + idx > len) { 719 return BUFFER_E; 720 } 721 idx += sz; idx += sz; 722 #endif 689 723 690 724 sz = exp[idx++]; 691 if (sz > AES_256_KEY_SIZE|| sz + idx > len) {725 if (sz > sizeof(keys->client_write_key) || sz + idx > len) { 692 726 return BUFFER_E; 693 727 } … … 696 730 697 731 sz = exp[idx++]; 698 if (sz > MAX_WRITE_IV_SZ|| sz + idx > len) {732 if (sz > sizeof(keys->client_write_IV) || sz + idx > len) { 699 733 return BUFFER_E; 700 734 } … … 705 739 706 740 sz = exp[idx++]; 707 if (sz > AEAD_MAX_IMP_SZ|| sz + idx > len) {741 if (sz > sizeof(keys->aead_enc_imp_IV) || sz + idx > len) { 708 742 return BUFFER_E; 709 743 } … … 741 775 #ifndef NO_DH 742 776 c16toa(options->minDhKeySz, exp + idx); idx += OPAQUE16_LEN; 777 c16toa(options->maxDhKeySz, exp + idx); idx += OPAQUE16_LEN; 743 778 c16toa(options->dhKeySz, exp + idx); idx += OPAQUE16_LEN; 744 779 #else 780 c16toa(zero, exp + idx); idx += OPAQUE16_LEN; 745 781 c16toa(zero, exp + idx); idx += OPAQUE16_LEN; 746 782 c16toa(zero, exp + idx); idx += OPAQUE16_LEN; … … 904 940 #ifndef NO_DH 905 941 ato16(exp + idx, &(options->minDhKeySz)); idx += OPAQUE16_LEN; 942 ato16(exp + idx, &(options->maxDhKeySz)); idx += OPAQUE16_LEN; 906 943 ato16(exp + idx, &(options->dhKeySz)); idx += OPAQUE16_LEN; 907 944 #else 945 idx += OPAQUE16_LEN; 908 946 idx += OPAQUE16_LEN; 909 947 idx += OPAQUE16_LEN; … … 1312 1350 } 1313 1351 1314 /* do not allow stream ciphers with DTLS */ 1315 if (ssl->specs.cipher_type == stream) { 1352 /* do not allow stream ciphers with DTLS, except for NULL cipher */ 1353 if (ssl->specs.cipher_type == stream && 1354 ssl->specs.bulk_cipher_algorithm != wolfssl_cipher_null) { 1316 1355 WOLFSSL_MSG("Can not import stream ciphers for DTLS"); 1317 1356 return SANITY_CIPHER_E; … … 1331 1370 } 1332 1371 1372 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE) 1373 int InitSSL_Side(WOLFSSL* ssl, word16 side) 1374 { 1375 if (ssl == NULL) 1376 return BAD_FUNC_ARG; 1377 1378 /* set side */ 1379 ssl->options.side = side; 1380 1381 /* reset options that are side specific */ 1382 #ifdef HAVE_NTRU 1383 if (ssl->options.side == WOLFSSL_CLIENT_END) { 1384 ssl->options.haveNTRU = 1; /* always on client side */ 1385 /* server can turn on by loading key */ 1386 } 1387 #endif 1388 #ifdef HAVE_ECC 1389 if (ssl->options.side == WOLFSSL_CLIENT_END) { 1390 ssl->options.haveECDSAsig = 1; /* always on client side */ 1391 ssl->options.haveECC = 1; /* server turns on with ECC key cert */ 1392 ssl->options.haveStaticECC = 1; /* server can turn on by loading key */ 1393 } 1394 #elif defined(HAVE_ED25519) 1395 if (ssl->options.side == WOLFSSL_CLIENT_END) { 1396 ssl->options.haveECDSAsig = 1; /* always on client side */ 1397 ssl->options.haveECC = 1; /* server turns on with ECC key cert */ 1398 } 1399 #endif 1400 1401 #if defined(HAVE_EXTENDED_MASTER) && !defined(NO_WOLFSSL_CLIENT) 1402 if (ssl->options.side == WOLFSSL_CLIENT_END) { 1403 if ((ssl->ctx->method->version.major == SSLv3_MAJOR) && 1404 (ssl->ctx->method->version.minor >= TLSv1_MINOR)) { 1405 ssl->options.haveEMS = 1; 1406 } 1407 #ifdef WOLFSSL_DTLS 1408 if (ssl->ctx->method->version.major == DTLS_MAJOR) 1409 ssl->options.haveEMS = 1; 1410 #endif /* WOLFSSL_DTLS */ 1411 } 1412 #endif /* HAVE_EXTENDED_MASTER && !NO_WOLFSSL_CLIENT */ 1413 1414 return InitSSL_Suites(ssl); 1415 } 1416 #endif /* OPENSSL_EXTRA || WOLFSSL_EITHER_SIDE */ 1333 1417 1334 1418 /* Initialize SSL context, return 0 on success */ … … 1343 1427 ctx->heap = ctx; /* defaults to self */ 1344 1428 ctx->timeout = WOLFSSL_SESSION_TIMEOUT; 1345 ctx->minDowngrade = TLSv1_MINOR; /* current default*/1429 ctx->minDowngrade = WOLFSSL_MIN_DOWNGRADE; /* current default: TLSv1_MINOR */ 1346 1430 1347 1431 if (wc_InitMutex(&ctx->countMutex) < 0) { … … 1353 1437 #ifndef NO_DH 1354 1438 ctx->minDhKeySz = MIN_DHKEY_SZ; 1439 ctx->maxDhKeySz = MAX_DHKEY_SZ; 1355 1440 #endif 1356 1441 #ifndef NO_RSA … … 1363 1448 #ifdef OPENSSL_EXTRA 1364 1449 ctx->verifyDepth = MAX_CHAIN_DEPTH; 1450 ctx->cbioFlag = WOLFSSL_CBIO_NONE; 1365 1451 #endif 1366 1452 … … 1378 1464 #endif 1379 1465 #endif 1466 #elif defined WOLFSSL_UIP 1467 ctx->CBIORecv = uIPReceive; 1468 ctx->CBIOSend = uIPSend; 1469 #ifdef WOLFSSL_DTLS 1470 if (method->version.major == DTLS_MAJOR) { 1471 ctx->CBIOSendTo = uIPSendTo; 1472 ctx->CBIORecvFrom = uIPRecvFrom; 1473 } 1474 #endif 1380 1475 #else 1381 1476 ctx->CBIORecv = EmbedReceive; … … 1397 1492 ctx->CBIORecv = NetX_Receive; 1398 1493 ctx->CBIOSend = NetX_Send; 1494 #elif defined(WOLFSSL_APACHE_MYNEWT) && !defined(WOLFSSL_LWIP) 1495 ctx->CBIORecv = Mynewt_Receive; 1496 ctx->CBIOSend = Mynewt_Send; 1399 1497 #endif 1400 1498 1401 1499 #ifdef HAVE_NTRU 1402 1500 if (method->side == WOLFSSL_CLIENT_END) 1403 ctx->haveNTRU = 1; /* always on clie t side */1501 ctx->haveNTRU = 1; /* always on client side */ 1404 1502 /* server can turn on by loading key */ 1405 1503 #endif 1406 1504 #ifdef HAVE_ECC 1407 1505 if (method->side == WOLFSSL_CLIENT_END) { 1408 ctx->haveECDSAsig = 1; /* always on clie t side */1506 ctx->haveECDSAsig = 1; /* always on client side */ 1409 1507 ctx->haveECC = 1; /* server turns on with ECC key cert */ 1410 1508 ctx->haveStaticECC = 1; /* server can turn on by loading key */ 1509 } 1510 #elif defined(HAVE_ED25519) 1511 if (method->side == WOLFSSL_CLIENT_END) { 1512 ctx->haveECDSAsig = 1; /* always on client side */ 1513 ctx->haveECC = 1; /* server turns on with ECC key cert */ 1411 1514 } 1412 1515 #endif … … 1457 1560 1458 1561 ctx->heap = heap; /* wolfSSL_CTX_load_static_memory sets */ 1562 ctx->verifyDepth = MAX_CHAIN_DEPTH; 1459 1563 1460 1564 return ret; … … 1474 1578 1475 1579 XFREE(ctx->method, ctx->heap, DYNAMIC_TYPE_METHOD); 1476 if (ctx->suites) 1580 ctx->method = NULL; 1581 if (ctx->suites) { 1477 1582 XFREE(ctx->suites, ctx->heap, DYNAMIC_TYPE_SUITES); 1583 ctx->suites = NULL; 1584 } 1478 1585 1479 1586 #ifndef NO_DH 1480 1587 XFREE(ctx->serverDH_G.buffer, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY); 1588 ctx->serverDH_G.buffer = NULL; 1481 1589 XFREE(ctx->serverDH_P.buffer, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY); 1590 ctx->serverDH_P.buffer = NULL; 1482 1591 #endif /* !NO_DH */ 1483 1592 … … 1486 1595 wc_FreeRng(ctx->rng); 1487 1596 XFREE(ctx->rng, ctx->heap, DYNAMIC_TYPE_RNG); 1597 ctx->rng = NULL; 1488 1598 } 1489 1599 #endif /* SINGLE_THREADED */ … … 1496 1606 FreeX509(ctx->ourCert); 1497 1607 XFREE(ctx->ourCert, ctx->heap, DYNAMIC_TYPE_X509); 1608 ctx->ourCert = NULL; 1498 1609 } 1499 1610 #endif /* KEEP_OUR_CERT */ 1500 1611 FreeDer(&ctx->certChain); 1501 1612 wolfSSL_CertManagerFree(ctx->cm); 1613 ctx->cm = NULL; 1502 1614 #ifdef OPENSSL_EXTRA 1615 /* ctx->cm was free'd so cm of x509 store should now be NULL */ 1616 if (ctx->x509_store_pt != NULL) { 1617 ctx->x509_store_pt->cm = NULL; 1618 } 1619 wolfSSL_X509_STORE_free(ctx->x509_store_pt); 1503 1620 while (ctx->ca_names != NULL) { 1504 1621 WOLFSSL_STACK *next = ctx->ca_names->next; 1505 1622 wolfSSL_X509_NAME_free(ctx->ca_names->data.name); 1506 XFREE(ctx->ca_names->data.name, NULL, DYNAMIC_TYPE_OPENSSL);1507 1623 XFREE(ctx->ca_names, NULL, DYNAMIC_TYPE_OPENSSL); 1508 1624 ctx->ca_names = next; 1509 1625 } 1510 1626 #endif 1511 #if defined( WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)1627 #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) 1512 1628 while (ctx->x509Chain != NULL) { 1513 1629 WOLFSSL_STACK *next = ctx->x509Chain->next; … … 1536 1652 FreeOcspRequest(ctx->chainOcspRequest[i]); 1537 1653 XFREE(ctx->chainOcspRequest[i], ctx->heap, DYNAMIC_TYPE_OCSP_REQUEST); 1654 ctx->chainOcspRequest[i] = NULL; 1538 1655 } 1539 1656 } … … 1542 1659 1543 1660 #endif /* HAVE_TLS_EXTENSIONS */ 1544 1661 #ifdef OPENSSL_EXTRA 1662 if(ctx->alpn_cli_protos) { 1663 XFREE((void *)ctx->alpn_cli_protos, NULL, DYNAMIC_TYPE_OPENSSL); 1664 ctx->alpn_cli_protos = NULL; 1665 } 1666 #endif 1545 1667 #ifdef WOLFSSL_STATIC_MEMORY 1546 1668 if (ctx->heap != NULL) { … … 1622 1744 ssl->decrypt.chacha = NULL; 1623 1745 #endif 1624 #if def HAVE_POLY13051746 #if defined(HAVE_POLY1305) && defined(HAVE_ONE_TIME_AUTH) 1625 1747 ssl->auth.poly1305 = NULL; 1626 1748 #endif … … 1681 1803 XFREE(ssl->decrypt.chacha, ssl->heap, DYNAMIC_TYPE_CIPHER); 1682 1804 #endif 1683 #if def HAVE_POLY13051805 #if defined(HAVE_POLY1305) && defined(HAVE_ONE_TIME_AUTH) 1684 1806 XFREE(ssl->auth.poly1305, ssl->heap, DYNAMIC_TYPE_CIPHER); 1685 1807 #endif … … 1693 1815 void InitCipherSpecs(CipherSpecs* cs) 1694 1816 { 1817 XMEMSET(cs, 0, sizeof(CipherSpecs)); 1818 1695 1819 cs->bulk_cipher_algorithm = INVALID_BYTE; 1696 1820 cs->cipher_type = INVALID_BYTE; … … 1698 1822 cs->kea = INVALID_BYTE; 1699 1823 cs->sig_algo = INVALID_BYTE; 1700 1701 cs->hash_size = 0;1702 cs->static_ecdh = 0;1703 cs->key_size = 0;1704 cs->iv_size = 0;1705 cs->block_size = 0;1706 1824 } 1707 1825 … … 1714 1832 (void)keySz; 1715 1833 1834 #if defined(HAVE_ECC) || defined(HAVE_ED25519) 1716 1835 if (haveECDSAsig) { 1836 #ifdef HAVE_ECC 1717 1837 #ifdef WOLFSSL_SHA512 1718 1838 suites->hashSigAlgo[idx++] = sha512_mac; … … 1732 1852 suites->hashSigAlgo[idx++] = ecc_dsa_sa_algo; 1733 1853 #endif 1854 #endif 1734 1855 #ifdef HAVE_ED25519 1735 1856 suites->hashSigAlgo[idx++] = ED25519_SA_MAJOR; … … 1737 1858 #endif 1738 1859 } 1860 #endif /* HAVE_ECC || HAVE_ED25519 */ 1739 1861 1740 1862 if (haveRSAsig) { … … 1742 1864 if (tls1_2) { 1743 1865 #ifdef WOLFSSL_SHA512 1744 if (keySz >= MIN_RSA_SHA512_PSS_BITS) {1745 1866 suites->hashSigAlgo[idx++] = rsa_pss_sa_algo; 1746 1867 suites->hashSigAlgo[idx++] = sha512_mac; 1747 }1748 1868 #endif 1749 1869 #ifdef WOLFSSL_SHA384 1750 if (keySz >= MIN_RSA_SHA384_PSS_BITS) {1751 1870 suites->hashSigAlgo[idx++] = rsa_pss_sa_algo; 1752 1871 suites->hashSigAlgo[idx++] = sha384_mac; 1753 }1754 1872 #endif 1755 1873 #ifndef NO_SHA256 … … 1778 1896 } 1779 1897 1898 #ifdef HAVE_ANON 1780 1899 if (haveAnon) { 1781 #ifdef HAVE_ANON1782 1900 suites->hashSigAlgo[idx++] = sha_mac; 1783 1901 suites->hashSigAlgo[idx++] = anonymous_sa_algo; 1784 #endif 1785 } 1786 1902 } 1903 #endif 1904 1905 (void)haveAnon; 1906 (void)haveECDSAsig; 1787 1907 suites->hashSigAlgoSz = (word16)idx; 1788 1908 } … … 1810 1930 (void)haveStaticECC; 1811 1931 (void)haveECC; 1932 (void)side; 1933 (void)haveRSA; /* some builds won't read */ 1934 (void)haveRSAsig; /* non ecc builds won't read */ 1812 1935 1813 1936 if (suites == NULL) { … … 1819 1942 return; /* trust user settings, don't override */ 1820 1943 1944 #ifdef WOLFSSL_TLS13 1945 #ifdef BUILD_TLS_AES_128_GCM_SHA256 1946 if (tls1_3) { 1947 suites->suites[idx++] = TLS13_BYTE; 1948 suites->suites[idx++] = TLS_AES_128_GCM_SHA256; 1949 } 1950 #endif 1951 1952 #ifdef BUILD_TLS_AES_256_GCM_SHA384 1953 if (tls1_3) { 1954 suites->suites[idx++] = TLS13_BYTE; 1955 suites->suites[idx++] = TLS_AES_256_GCM_SHA384; 1956 } 1957 #endif 1958 1959 #ifdef BUILD_TLS_CHACHA20_POLY1305_SHA256 1960 if (tls1_3) { 1961 suites->suites[idx++] = TLS13_BYTE; 1962 suites->suites[idx++] = TLS_CHACHA20_POLY1305_SHA256; 1963 } 1964 #endif 1965 1966 #ifdef BUILD_TLS_AES_128_CCM_SHA256 1967 if (tls1_3) { 1968 suites->suites[idx++] = TLS13_BYTE; 1969 suites->suites[idx++] = TLS_AES_128_CCM_SHA256; 1970 } 1971 #endif 1972 1973 #ifdef BUILD_TLS_AES_128_CCM_8_SHA256 1974 if (tls1_3) { 1975 suites->suites[idx++] = TLS13_BYTE; 1976 suites->suites[idx++] = TLS_AES_128_CCM_8_SHA256; 1977 } 1978 #endif 1979 #endif /* WOLFSSL_TLS13 */ 1980 1981 #ifndef WOLFSSL_NO_TLS12 1982 1983 #if !defined(NO_WOLFSSL_SERVER) && !defined(NO_RSA) 1821 1984 if (side == WOLFSSL_SERVER_END && haveStaticECC) { 1822 1985 haveRSA = 0; /* can't do RSA with ECDSA key */ 1823 (void)haveRSA; /* some builds won't read */1824 1986 } 1825 1987 1826 1988 if (side == WOLFSSL_SERVER_END && haveECDSAsig) { 1827 1989 haveRSAsig = 0; /* can't have RSA sig if signed by ECDSA */ 1828 (void)haveRSAsig; /* non ecc builds won't read */1829 } 1990 } 1991 #endif /* !NO_WOLFSSL_SERVER */ 1830 1992 1831 1993 #ifdef WOLFSSL_DTLS … … 1842 2004 #ifdef HAVE_RENEGOTIATION_INDICATION 1843 2005 if (side == WOLFSSL_CLIENT_END) { 1844 suites->suites[idx++] = 0;2006 suites->suites[idx++] = CIPHER_BYTE; 1845 2007 suites->suites[idx++] = TLS_EMPTY_RENEGOTIATION_INFO_SCSV; 1846 2008 } … … 1856 2018 #ifdef BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA 1857 2019 if (tls && haveNTRU && haveRSA) { 1858 suites->suites[idx++] = 0;2020 suites->suites[idx++] = CIPHER_BYTE; 1859 2021 suites->suites[idx++] = TLS_NTRU_RSA_WITH_AES_256_CBC_SHA; 1860 2022 } … … 1863 2025 #ifdef BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA 1864 2026 if (tls && haveNTRU && haveRSA) { 1865 suites->suites[idx++] = 0;2027 suites->suites[idx++] = CIPHER_BYTE; 1866 2028 suites->suites[idx++] = TLS_NTRU_RSA_WITH_AES_128_CBC_SHA; 1867 2029 } … … 1870 2032 #ifdef BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA 1871 2033 if (!dtls && tls && haveNTRU && haveRSA) { 1872 suites->suites[idx++] = 0;2034 suites->suites[idx++] = CIPHER_BYTE; 1873 2035 suites->suites[idx++] = TLS_NTRU_RSA_WITH_RC4_128_SHA; 1874 2036 } … … 1877 2039 #ifdef BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA 1878 2040 if (tls && haveNTRU && haveRSA) { 1879 suites->suites[idx++] = 0;2041 suites->suites[idx++] = CIPHER_BYTE; 1880 2042 suites->suites[idx++] = TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA; 1881 2043 } 1882 2044 #endif 1883 1884 #ifdef WOLFSSL_TLS131885 #ifdef BUILD_TLS_AES_128_GCM_SHA2561886 if (tls1_3) {1887 suites->suites[idx++] = TLS13_BYTE;1888 suites->suites[idx++] = TLS_AES_128_GCM_SHA256;1889 }1890 #endif1891 1892 #ifdef BUILD_TLS_AES_256_GCM_SHA3841893 if (tls1_3) {1894 suites->suites[idx++] = TLS13_BYTE;1895 suites->suites[idx++] = TLS_AES_256_GCM_SHA384;1896 }1897 #endif1898 1899 #ifdef BUILD_TLS_CHACHA20_POLY1305_SHA2561900 if (tls1_3) {1901 suites->suites[idx++] = TLS13_BYTE;1902 suites->suites[idx++] = TLS_CHACHA20_POLY1305_SHA256;1903 }1904 #endif1905 1906 #ifdef BUILD_TLS_AES_128_CCM_SHA2561907 if (tls1_3) {1908 suites->suites[idx++] = TLS13_BYTE;1909 suites->suites[idx++] = TLS_AES_128_CCM_SHA256;1910 }1911 #endif1912 1913 #ifdef BUILD_TLS_AES_128_CCM_8_SHA2561914 if (tls1_3) {1915 suites->suites[idx++] = TLS13_BYTE;1916 suites->suites[idx++] = TLS_AES_128_CCM_8_SHA256;1917 }1918 #endif1919 #endif /* WOLFSSL_TLS13 */1920 2045 1921 2046 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 … … 1949 2074 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 1950 2075 if (tls1_2 && haveDH && haveRSA) { 1951 suites->suites[idx++] = 0;2076 suites->suites[idx++] = CIPHER_BYTE; 1952 2077 suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_256_GCM_SHA384; 1953 2078 } … … 1956 2081 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 1957 2082 if (tls1_2 && haveDH && haveRSA) { 1958 suites->suites[idx++] = 0;2083 suites->suites[idx++] = CIPHER_BYTE; 1959 2084 suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_128_GCM_SHA256; 1960 2085 } … … 1963 2088 #ifdef BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384 1964 2089 if (tls1_2 && haveRSA) { 1965 suites->suites[idx++] = 0;2090 suites->suites[idx++] = CIPHER_BYTE; 1966 2091 suites->suites[idx++] = TLS_RSA_WITH_AES_256_GCM_SHA384; 1967 2092 } … … 1970 2095 #ifdef BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256 1971 2096 if (tls1_2 && haveRSA) { 1972 suites->suites[idx++] = 0;2097 suites->suites[idx++] = CIPHER_BYTE; 1973 2098 suites->suites[idx++] = TLS_RSA_WITH_AES_128_GCM_SHA256; 1974 2099 } … … 2005 2130 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 2006 2131 if (tls1_2 && haveDH && havePSK) { 2007 suites->suites[idx++] = 0;2132 suites->suites[idx++] = CIPHER_BYTE; 2008 2133 suites->suites[idx++] = TLS_DHE_PSK_WITH_AES_256_GCM_SHA384; 2134 } 2135 #endif 2136 2137 #ifdef BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA 2138 if (tls1_2 && haveDH) { 2139 suites->suites[idx++] = CIPHER_BYTE; 2140 suites->suites[idx++] = TLS_DH_anon_WITH_AES_128_CBC_SHA; 2141 } 2142 #endif 2143 2144 #ifdef BUILD_TLS_DH_anon_WITH_AES_256_GCM_SHA384 2145 if (tls1_2 && haveDH) { 2146 suites->suites[idx++] = CIPHER_BYTE; 2147 suites->suites[idx++] = TLS_DH_anon_WITH_AES_256_GCM_SHA384; 2009 2148 } 2010 2149 #endif … … 2012 2151 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 2013 2152 if (tls1_2 && haveDH && havePSK) { 2014 suites->suites[idx++] = 0;2153 suites->suites[idx++] = CIPHER_BYTE; 2015 2154 suites->suites[idx++] = TLS_DHE_PSK_WITH_AES_128_GCM_SHA256; 2016 2155 } … … 2019 2158 #ifdef BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384 2020 2159 if (tls1_2 && havePSK) { 2021 suites->suites[idx++] = 0;2160 suites->suites[idx++] = CIPHER_BYTE; 2022 2161 suites->suites[idx++] = TLS_PSK_WITH_AES_256_GCM_SHA384; 2023 2162 } … … 2026 2165 #ifdef BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256 2027 2166 if (tls1_2 && havePSK) { 2028 suites->suites[idx++] = 0;2167 suites->suites[idx++] = CIPHER_BYTE; 2029 2168 suites->suites[idx++] = TLS_PSK_WITH_AES_128_GCM_SHA256; 2030 2169 } … … 2056 2195 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA 2057 2196 if (tls && haveDH && haveRSA) { 2058 suites->suites[idx++] = 0;2197 suites->suites[idx++] = CIPHER_BYTE; 2059 2198 suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_256_CBC_SHA; 2060 2199 } … … 2267 2406 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 2268 2407 if (tls && haveDH && haveRSA) { 2269 suites->suites[idx++] = 0;2408 suites->suites[idx++] = CIPHER_BYTE; 2270 2409 suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_256_CBC_SHA256; 2271 2410 } … … 2274 2413 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 2275 2414 if (tls && haveDH && haveRSA) { 2276 suites->suites[idx++] = 0;2415 suites->suites[idx++] = CIPHER_BYTE; 2277 2416 suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_128_CBC_SHA256; 2278 2417 } … … 2283 2422 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA 2284 2423 if (tls && haveDH && haveRSA) { 2285 suites->suites[idx++] = 0;2424 suites->suites[idx++] = CIPHER_BYTE; 2286 2425 suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_256_CBC_SHA; 2287 2426 } … … 2291 2430 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA 2292 2431 if (tls && haveDH && haveRSA) { 2293 suites->suites[idx++] = 0;2432 suites->suites[idx++] = CIPHER_BYTE; 2294 2433 suites->suites[idx++] = TLS_DHE_RSA_WITH_AES_128_CBC_SHA; 2295 2434 } … … 2298 2437 #ifdef BUILD_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 2299 2438 if (tls && haveDH && haveRSA) { 2300 suites->suites[idx++] = 0;2439 suites->suites[idx++] = CIPHER_BYTE; 2301 2440 suites->suites[idx++] = TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA; 2302 2441 } … … 2305 2444 #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256 2306 2445 if (tls && haveRSA) { 2307 suites->suites[idx++] = 0;2446 suites->suites[idx++] = CIPHER_BYTE; 2308 2447 suites->suites[idx++] = TLS_RSA_WITH_AES_256_CBC_SHA256; 2309 2448 } … … 2312 2451 #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256 2313 2452 if (tls && haveRSA) { 2314 suites->suites[idx++] = 0;2453 suites->suites[idx++] = CIPHER_BYTE; 2315 2454 suites->suites[idx++] = TLS_RSA_WITH_AES_128_CBC_SHA256; 2316 2455 } … … 2319 2458 #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA 2320 2459 if (tls && haveRSA) { 2321 suites->suites[idx++] = 0;2460 suites->suites[idx++] = CIPHER_BYTE; 2322 2461 suites->suites[idx++] = TLS_RSA_WITH_AES_256_CBC_SHA; 2323 2462 } … … 2326 2465 #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA 2327 2466 if (tls && haveRSA) { 2328 suites->suites[idx++] = 0;2467 suites->suites[idx++] = CIPHER_BYTE; 2329 2468 suites->suites[idx++] = TLS_RSA_WITH_AES_128_CBC_SHA; 2330 2469 } … … 2362 2501 #ifdef BUILD_TLS_RSA_WITH_NULL_SHA 2363 2502 if (tls && haveRSA) { 2364 suites->suites[idx++] = 0;2503 suites->suites[idx++] = CIPHER_BYTE; 2365 2504 suites->suites[idx++] = TLS_RSA_WITH_NULL_SHA; 2366 2505 } … … 2369 2508 #ifdef BUILD_TLS_RSA_WITH_NULL_SHA256 2370 2509 if (tls && haveRSA) { 2371 suites->suites[idx++] = 0;2510 suites->suites[idx++] = CIPHER_BYTE; 2372 2511 suites->suites[idx++] = TLS_RSA_WITH_NULL_SHA256; 2373 2512 } … … 2376 2515 #ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA 2377 2516 if (tls && havePSK) { 2378 suites->suites[idx++] = 0;2517 suites->suites[idx++] = CIPHER_BYTE; 2379 2518 suites->suites[idx++] = TLS_PSK_WITH_AES_256_CBC_SHA; 2380 2519 } … … 2383 2522 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 2384 2523 if (tls && haveDH && havePSK) { 2385 suites->suites[idx++] = 0;2524 suites->suites[idx++] = CIPHER_BYTE; 2386 2525 suites->suites[idx++] = TLS_DHE_PSK_WITH_AES_256_CBC_SHA384; 2387 2526 } … … 2390 2529 #ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384 2391 2530 if (tls && havePSK) { 2392 suites->suites[idx++] = 0;2531 suites->suites[idx++] = CIPHER_BYTE; 2393 2532 suites->suites[idx++] = TLS_PSK_WITH_AES_256_CBC_SHA384; 2394 2533 } … … 2397 2536 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 2398 2537 if (tls && haveDH && havePSK) { 2399 suites->suites[idx++] = 0;2538 suites->suites[idx++] = CIPHER_BYTE; 2400 2539 suites->suites[idx++] = TLS_DHE_PSK_WITH_AES_128_CBC_SHA256; 2401 2540 } … … 2404 2543 #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256 2405 2544 if (tls && havePSK) { 2406 suites->suites[idx++] = 0;2545 suites->suites[idx++] = CIPHER_BYTE; 2407 2546 suites->suites[idx++] = TLS_PSK_WITH_AES_128_CBC_SHA256; 2408 2547 } … … 2411 2550 #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA 2412 2551 if (tls && havePSK) { 2413 suites->suites[idx++] = 0;2552 suites->suites[idx++] = CIPHER_BYTE; 2414 2553 suites->suites[idx++] = TLS_PSK_WITH_AES_128_CBC_SHA; 2415 2554 } … … 2488 2627 #ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA384 2489 2628 if (tls && haveDH && havePSK) { 2490 suites->suites[idx++] = 0;2629 suites->suites[idx++] = CIPHER_BYTE; 2491 2630 suites->suites[idx++] = TLS_DHE_PSK_WITH_NULL_SHA384; 2492 2631 } … … 2495 2634 #ifdef BUILD_TLS_PSK_WITH_NULL_SHA384 2496 2635 if (tls && havePSK) { 2497 suites->suites[idx++] = 0;2636 suites->suites[idx++] = CIPHER_BYTE; 2498 2637 suites->suites[idx++] = TLS_PSK_WITH_NULL_SHA384; 2499 2638 } … … 2509 2648 #ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA256 2510 2649 if (tls && haveDH && havePSK) { 2511 suites->suites[idx++] = 0;2650 suites->suites[idx++] = CIPHER_BYTE; 2512 2651 suites->suites[idx++] = TLS_DHE_PSK_WITH_NULL_SHA256; 2513 2652 } … … 2516 2655 #ifdef BUILD_TLS_PSK_WITH_NULL_SHA256 2517 2656 if (tls && havePSK) { 2518 suites->suites[idx++] = 0;2657 suites->suites[idx++] = CIPHER_BYTE; 2519 2658 suites->suites[idx++] = TLS_PSK_WITH_NULL_SHA256; 2520 2659 } … … 2523 2662 #ifdef BUILD_TLS_PSK_WITH_NULL_SHA 2524 2663 if (tls && havePSK) { 2525 suites->suites[idx++] = 0;2664 suites->suites[idx++] = CIPHER_BYTE; 2526 2665 suites->suites[idx++] = TLS_PSK_WITH_NULL_SHA; 2527 2666 } … … 2530 2669 #ifdef BUILD_SSL_RSA_WITH_RC4_128_SHA 2531 2670 if (!dtls && haveRSA) { 2532 suites->suites[idx++] = 0;2671 suites->suites[idx++] = CIPHER_BYTE; 2533 2672 suites->suites[idx++] = SSL_RSA_WITH_RC4_128_SHA; 2534 2673 } … … 2537 2676 #ifdef BUILD_SSL_RSA_WITH_RC4_128_MD5 2538 2677 if (!dtls && haveRSA) { 2539 suites->suites[idx++] = 0;2678 suites->suites[idx++] = CIPHER_BYTE; 2540 2679 suites->suites[idx++] = SSL_RSA_WITH_RC4_128_MD5; 2541 2680 } … … 2544 2683 #ifdef BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA 2545 2684 if (haveRSA ) { 2546 suites->suites[idx++] = 0;2685 suites->suites[idx++] = CIPHER_BYTE; 2547 2686 suites->suites[idx++] = SSL_RSA_WITH_3DES_EDE_CBC_SHA; 2548 2687 } … … 2551 2690 #ifdef BUILD_TLS_RSA_WITH_HC_128_MD5 2552 2691 if (!dtls && tls && haveRSA) { 2553 suites->suites[idx++] = 0;2692 suites->suites[idx++] = CIPHER_BYTE; 2554 2693 suites->suites[idx++] = TLS_RSA_WITH_HC_128_MD5; 2555 2694 } … … 2558 2697 #ifdef BUILD_TLS_RSA_WITH_HC_128_SHA 2559 2698 if (!dtls && tls && haveRSA) { 2560 suites->suites[idx++] = 0;2699 suites->suites[idx++] = CIPHER_BYTE; 2561 2700 suites->suites[idx++] = TLS_RSA_WITH_HC_128_SHA; 2562 2701 } … … 2565 2704 #ifdef BUILD_TLS_RSA_WITH_HC_128_B2B256 2566 2705 if (!dtls && tls && haveRSA) { 2567 suites->suites[idx++] = 0;2706 suites->suites[idx++] = CIPHER_BYTE; 2568 2707 suites->suites[idx++] = TLS_RSA_WITH_HC_128_B2B256; 2569 2708 } … … 2572 2711 #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256 2573 2712 if (tls && haveRSA) { 2574 suites->suites[idx++] = 0;2713 suites->suites[idx++] = CIPHER_BYTE; 2575 2714 suites->suites[idx++] = TLS_RSA_WITH_AES_128_CBC_B2B256; 2576 2715 } … … 2579 2718 #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256 2580 2719 if (tls && haveRSA) { 2581 suites->suites[idx++] = 0;2720 suites->suites[idx++] = CIPHER_BYTE; 2582 2721 suites->suites[idx++] = TLS_RSA_WITH_AES_256_CBC_B2B256; 2583 2722 } … … 2586 2725 #ifdef BUILD_TLS_RSA_WITH_RABBIT_SHA 2587 2726 if (!dtls && tls && haveRSA) { 2588 suites->suites[idx++] = 0;2727 suites->suites[idx++] = CIPHER_BYTE; 2589 2728 suites->suites[idx++] = TLS_RSA_WITH_RABBIT_SHA; 2590 2729 } … … 2593 2732 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 2594 2733 if (tls && haveRSA) { 2595 suites->suites[idx++] = 0;2734 suites->suites[idx++] = CIPHER_BYTE; 2596 2735 suites->suites[idx++] = TLS_RSA_WITH_CAMELLIA_128_CBC_SHA; 2597 2736 } … … 2600 2739 #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 2601 2740 if (tls && haveDH && haveRSA) { 2602 suites->suites[idx++] = 0;2741 suites->suites[idx++] = CIPHER_BYTE; 2603 2742 suites->suites[idx++] = TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA; 2604 2743 } … … 2607 2746 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 2608 2747 if (tls && haveRSA) { 2609 suites->suites[idx++] = 0;2748 suites->suites[idx++] = CIPHER_BYTE; 2610 2749 suites->suites[idx++] = TLS_RSA_WITH_CAMELLIA_256_CBC_SHA; 2611 2750 } … … 2614 2753 #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 2615 2754 if (tls && haveDH && haveRSA) { 2616 suites->suites[idx++] = 0;2755 suites->suites[idx++] = CIPHER_BYTE; 2617 2756 suites->suites[idx++] = TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA; 2618 2757 } … … 2621 2760 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 2622 2761 if (tls && haveRSA) { 2623 suites->suites[idx++] = 0;2762 suites->suites[idx++] = CIPHER_BYTE; 2624 2763 suites->suites[idx++] = TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256; 2625 2764 } … … 2628 2767 #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 2629 2768 if (tls && haveDH && haveRSA) { 2630 suites->suites[idx++] = 0;2769 suites->suites[idx++] = CIPHER_BYTE; 2631 2770 suites->suites[idx++] = TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256; 2632 2771 } … … 2635 2774 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 2636 2775 if (tls && haveRSA) { 2637 suites->suites[idx++] = 0;2776 suites->suites[idx++] = CIPHER_BYTE; 2638 2777 suites->suites[idx++] = TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256; 2639 2778 } … … 2642 2781 #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 2643 2782 if (tls && haveDH && haveRSA) { 2644 suites->suites[idx++] = 0;2783 suites->suites[idx++] = CIPHER_BYTE; 2645 2784 suites->suites[idx++] = TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256; 2646 2785 } … … 2649 2788 #ifdef BUILD_SSL_RSA_WITH_IDEA_CBC_SHA 2650 2789 if (haveRSA) { 2651 suites->suites[idx++] = 0;2790 suites->suites[idx++] = CIPHER_BYTE; 2652 2791 suites->suites[idx++] = SSL_RSA_WITH_IDEA_CBC_SHA; 2653 2792 } 2654 2793 #endif 2794 2795 #endif /* !WOLFSSL_NO_TLS12 */ 2655 2796 2656 2797 suites->suiteSz = idx; … … 2668 2809 * hsType The signature type. 2669 2810 */ 2670 static INLINE void DecodeSigAlg(const byte* input, byte* hashAlgo, byte* hsType)2811 static WC_INLINE void DecodeSigAlg(const byte* input, byte* hashAlgo, byte* hsType) 2671 2812 { 2672 2813 switch (input[0]) { … … 2697 2838 #endif /* !NO_WOLFSSL_SERVER || !NO_CERTS */ 2698 2839 2699 #if !defined(NO_DH) || defined(HAVE_ECC) 2840 #ifndef WOLFSSL_NO_TLS12 2841 #if !defined(NO_WOLFSSL_SERVER) || !defined(NO_WOLFSSL_CLIENT) 2842 #if !defined(NO_DH) || defined(HAVE_ECC) || defined(HAVE_CURVE25519) || \ 2843 (!defined(NO_RSA) && defined(WC_RSA_PSS)) 2700 2844 2701 2845 static enum wc_HashType HashAlgoToType(int hashAlgo) … … 2726 2870 return WC_HASH_TYPE_NONE; 2727 2871 } 2872 #endif /* !NO_DH || HAVE_ECC || (!NO_RSA && WC_RSA_PSS) */ 2873 #endif /* !NO_WOLFSSL_SERVER || !NO_WOLFSSL_CLIENT */ 2874 #endif /* !WOLFSSL_NO_TLS12 */ 2728 2875 2729 2876 #ifndef NO_CERTS 2730 2731 2877 2732 2878 void InitX509Name(WOLFSSL_X509_NAME* name, int dynamicFlag) … … 2737 2883 name->name = name->staticName; 2738 2884 name->dynamicName = 0; 2739 #ifdef OPENSSL_EXTRA 2885 name->sz = 0; 2886 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) 2740 2887 XMEMSET(&name->fullName, 0, sizeof(DecodedName)); 2741 2888 XMEMSET(&name->cnEntry, 0, sizeof(WOLFSSL_X509_NAME_ENTRY)); 2889 XMEMSET(&name->extra, 0, sizeof(name->extra)); 2742 2890 name->cnEntry.value = &(name->cnEntry.data); /* point to internal data*/ 2891 name->cnEntry.nid = ASN_COMMON_NAME; 2743 2892 name->x509 = NULL; 2744 2893 #endif /* OPENSSL_EXTRA */ … … 2752 2901 if (name->dynamicName) 2753 2902 XFREE(name->name, heap, DYNAMIC_TYPE_SUBJECT_CN); 2754 #ifdef OPENSSL_EXTRA 2755 if (name->fullName.fullName != NULL) 2903 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) 2904 { 2905 int i; 2906 if (name->fullName.fullName != NULL) { 2756 2907 XFREE(name->fullName.fullName, heap, DYNAMIC_TYPE_X509); 2757 #endif /* OPENSSL_EXTRA */ 2908 name->fullName.fullName = NULL; 2909 } 2910 for (i = 0; i < MAX_NAME_ENTRIES; i++) { 2911 /* free ASN1 string data */ 2912 if (name->extra[i].set && name->extra[i].data.data != NULL) { 2913 XFREE(name->extra[i].data.data, heap, DYNAMIC_TYPE_OPENSSL); 2914 } 2915 } 2916 wolfSSL_ASN1_OBJECT_free(&name->cnEntry.object); 2917 } 2918 #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ 2758 2919 } 2759 2920 (void)heap; … … 2774 2935 InitX509Name(&x509->issuer, 0); 2775 2936 InitX509Name(&x509->subject, 0); 2776 x509->version = 0;2777 x509->pubKey.buffer = NULL;2778 x509->sig.buffer = NULL;2779 x509->derCert = NULL;2780 x509->altNames = NULL;2781 x509->altNamesNext = NULL;2782 2937 x509->dynamicMemory = (byte)dynamicFlag; 2783 x509->isCa = 0;2784 #ifdef HAVE_ECC2785 x509->pkCurveOID = 0;2786 #endif /* HAVE_ECC */2787 #ifdef OPENSSL_EXTRA2788 x509->pathLength = 0;2789 x509->basicConstSet = 0;2790 x509->basicConstCrit = 0;2791 x509->basicConstPlSet = 0;2792 x509->subjAltNameSet = 0;2793 x509->subjAltNameCrit = 0;2794 x509->authKeyIdSet = 0;2795 x509->authKeyIdCrit = 0;2796 x509->authKeyId = NULL;2797 x509->authKeyIdSz = 0;2798 x509->subjKeyIdSet = 0;2799 x509->subjKeyIdCrit = 0;2800 x509->subjKeyId = NULL;2801 x509->subjKeyIdSz = 0;2802 x509->keyUsageSet = 0;2803 x509->keyUsageCrit = 0;2804 x509->keyUsage = 0;2805 #ifdef WOLFSSL_SEP2806 x509->certPolicySet = 0;2807 x509->certPolicyCrit = 0;2808 #endif /* WOLFSSL_SEP */2809 #endif /* OPENSSL_EXTRA */2810 2938 } 2811 2939 … … 2823 2951 FreeDer(&x509->derCert); 2824 2952 XFREE(x509->sig.buffer, x509->heap, DYNAMIC_TYPE_SIGNATURE); 2825 #if def OPENSSL_EXTRA2953 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) 2826 2954 XFREE(x509->authKeyId, x509->heap, DYNAMIC_TYPE_X509_EXT); 2827 2955 XFREE(x509->subjKeyId, x509->heap, DYNAMIC_TYPE_X509_EXT); … … 2832 2960 XFREE(x509->extKeyUsageSrc, x509->heap, DYNAMIC_TYPE_X509_EXT); 2833 2961 } 2834 #endif /* OPENSSL_EXTRA */2962 #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ 2835 2963 if (x509->altNames) 2836 FreeAltNames(x509->altNames, NULL);2964 FreeAltNames(x509->altNames, x509->heap); 2837 2965 } 2838 2966 2839 #endif /* !NO_DH || HAVE_ECC */ 2840 2841 #if !defined( NO_RSA) || defined(HAVE_ECC) || defined(HAVE_ED25519)2967 2968 #if !defined(NO_WOLFSSL_SERVER) || !defined(NO_WOLFSSL_CLIENT) 2969 #if !defined(WOLFSSL_NO_TLS12) && !defined(WOLFSSL_NO_CLIENT_AUTH) 2842 2970 /* Encode the signature algorithm into buffer. 2843 2971 * … … 2846 2974 * output The buffer to encode into. 2847 2975 */ 2848 static INLINE void EncodeSigAlg(byte hashAlgo, byte hsType, byte* output)2976 static WC_INLINE void EncodeSigAlg(byte hashAlgo, byte hsType, byte* output) 2849 2977 { 2850 2978 switch (hsType) { … … 2877 3005 /* ED448: 0x0808 */ 2878 3006 } 3007 (void)hashAlgo; 3008 (void)output; 2879 3009 } 3010 2880 3011 static void SetDigest(WOLFSSL* ssl, int hashAlgo) 2881 3012 { … … 2907 3038 } /* switch */ 2908 3039 } 2909 #endif 3040 #endif /* !WOLFSSL_NO_TLS12 && !WOLFSSL_NO_CLIENT_AUTH */ 3041 #endif /* !NO_WOLFSSL_SERVER || !NO_WOLFSSL_CLIENT */ 3042 #endif /* !NO_CERTS */ 2910 3043 2911 3044 #ifndef NO_RSA 3045 #ifndef WOLFSSL_NO_TLS12 3046 #if !defined(NO_WOLFSSL_SERVER) || !defined(NO_WOLFSSL_CLIENT) 2912 3047 static int TypeHash(int hashAlgo) 2913 3048 { … … 2933 3068 return 0; 2934 3069 } 3070 #endif /* !NO_WOLFSSL_SERVER && !NO_WOLFSSL_CLIENT */ 3071 #endif /* !WOLFSSL_NO_TLS12 */ 2935 3072 2936 3073 #if defined(WC_RSA_PSS) … … 2969 3106 int RsaSign(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out, 2970 3107 word32* outSz, int sigAlgo, int hashAlgo, RsaKey* key, 2971 const byte* keyBuf, word32 keySz, void* ctx)3108 DerBuffer* keyBufInfo) 2972 3109 { 2973 3110 int ret; 3111 #ifdef HAVE_PK_CALLBACKS 3112 const byte* keyBuf = NULL; 3113 word32 keySz = 0; 3114 3115 if (keyBufInfo) { 3116 keyBuf = keyBufInfo->buffer; 3117 keySz = keyBufInfo->length; 3118 } 3119 #endif 2974 3120 2975 3121 (void)ssl; 2976 (void)keyBuf; 2977 (void)keySz; 2978 (void)ctx; 3122 (void)keyBufInfo; 2979 3123 (void)sigAlgo; 2980 3124 (void)hashAlgo; … … 2983 3127 2984 3128 #ifdef WOLFSSL_ASYNC_CRYPT 2985 /* in tialize event */3129 /* initialize event */ 2986 3130 ret = wolfSSL_AsyncInit(ssl, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); 2987 3131 if (ret != 0) … … 3000 3144 #if defined(HAVE_PK_CALLBACKS) 3001 3145 if (ssl->ctx->RsaPssSignCb) { 3146 void* ctx = wolfSSL_GetRsaPssSignCtx(ssl); 3002 3147 ret = ssl->ctx->RsaPssSignCb(ssl, in, inSz, out, outSz, 3003 3148 TypeHash(hashAlgo), mgf, … … 3015 3160 #if defined(HAVE_PK_CALLBACKS) 3016 3161 if (ssl->ctx->RsaSignCb) { 3162 void* ctx = wolfSSL_GetRsaSignCtx(ssl); 3017 3163 ret = ssl->ctx->RsaSignCb(ssl, in, inSz, out, outSz, keyBuf, keySz, 3018 3164 ctx); … … 3041 3187 3042 3188 int RsaVerify(WOLFSSL* ssl, byte* in, word32 inSz, byte** out, int sigAlgo, 3043 int hashAlgo, RsaKey* key, const byte* keyBuf, word32 keySz, 3044 void* ctx) 3189 int hashAlgo, RsaKey* key, buffer* keyBufInfo) 3045 3190 { 3046 3191 int ret; 3192 #ifdef HAVE_PK_CALLBACKS 3193 const byte* keyBuf = NULL; 3194 word32 keySz = 0; 3195 3196 if (keyBufInfo) { 3197 keyBuf = keyBufInfo->buffer; 3198 keySz = keyBufInfo->length; 3199 } 3200 #endif 3047 3201 3048 3202 (void)ssl; 3049 (void)keyBuf; 3050 (void)keySz; 3051 (void)ctx; 3203 (void)keyBufInfo; 3052 3204 (void)sigAlgo; 3053 3205 (void)hashAlgo; … … 3056 3208 3057 3209 #ifdef WOLFSSL_ASYNC_CRYPT 3058 /* in tialize event */3210 /* initialize event */ 3059 3211 ret = wolfSSL_AsyncInit(ssl, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); 3060 3212 if (ret != 0) … … 3072 3224 #ifdef HAVE_PK_CALLBACKS 3073 3225 if (ssl->ctx->RsaPssVerifyCb) { 3226 void* ctx = wolfSSL_GetRsaPssVerifyCtx(ssl); 3074 3227 ret = ssl->ctx->RsaPssVerifyCb(ssl, in, inSz, out, 3075 3228 TypeHash(hashAlgo), mgf, … … 3084 3237 #ifdef HAVE_PK_CALLBACKS 3085 3238 if (ssl->ctx->RsaVerifyCb) { 3239 void* ctx = wolfSSL_GetRsaVerifyCtx(ssl); 3086 3240 ret = ssl->ctx->RsaVerifyCb(ssl, in, inSz, out, keyBuf, keySz, ctx); 3087 3241 } … … 3105 3259 3106 3260 /* Verify RSA signature, 0 on success */ 3261 /* This function is used to check the sign result */ 3107 3262 int VerifyRsaSign(WOLFSSL* ssl, byte* verifySig, word32 sigSz, 3108 const byte* plain, word32 plainSz, int sigAlgo, int hashAlgo, RsaKey* key) 3263 const byte* plain, word32 plainSz, int sigAlgo, int hashAlgo, RsaKey* key, 3264 DerBuffer* keyBufInfo) 3109 3265 { 3110 3266 byte* out = NULL; /* inline result */ 3111 3267 int ret; 3268 #ifdef HAVE_PK_CALLBACKS 3269 const byte* keyBuf = NULL; 3270 word32 keySz = 0; 3271 3272 if (keyBufInfo) { 3273 keyBuf = keyBufInfo->buffer; 3274 keySz = keyBufInfo->length; 3275 } 3276 #endif 3112 3277 3113 3278 (void)ssl; 3279 (void)keyBufInfo; 3114 3280 (void)sigAlgo; 3115 3281 (void)hashAlgo; … … 3117 3283 WOLFSSL_ENTER("VerifyRsaSign"); 3118 3284 3119 if (verifySig == NULL || plain == NULL || key == NULL) {3285 if (verifySig == NULL || plain == NULL) { 3120 3286 return BAD_FUNC_ARG; 3121 3287 } … … 3127 3293 3128 3294 #ifdef WOLFSSL_ASYNC_CRYPT 3129 /* intialize event */ 3295 /* initialize event */ 3296 if (key) { 3130 3297 ret = wolfSSL_AsyncInit(ssl, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); 3131 3298 if (ret != 0) 3132 3299 return ret; 3300 } 3133 3301 #endif 3134 3302 … … 3141 3309 if (ret != 0) 3142 3310 return ret; 3311 #ifdef HAVE_PK_CALLBACKS 3312 if (ssl->ctx->RsaPssSignCheckCb) { 3313 /* The key buffer includes private/public portion, 3314 but only public is used */ 3315 /* If HSM hardware is checking the signature result you can 3316 optionally skip the sign check and return 0 */ 3317 /* The ctx here is the RsaSignCtx set using wolfSSL_SetRsaSignCtx */ 3318 void* ctx = wolfSSL_GetRsaPssSignCtx(ssl); 3319 ret = ssl->ctx->RsaPssSignCheckCb(ssl, verifySig, sigSz, &out, 3320 TypeHash(hashAlgo), mgf, 3321 keyBuf, keySz, ctx); 3322 } 3323 else 3324 #endif /* HAVE_PK_CALLBACKS */ 3325 { 3143 3326 ret = wc_RsaPSS_VerifyInline(verifySig, sigSz, &out, hashType, mgf, 3144 3327 key); 3328 } 3329 3145 3330 if (ret > 0) { 3146 3331 ret = wc_RsaPSS_CheckPadding(plain, plainSz, out, ret, hashType); … … 3150 3335 } 3151 3336 else 3152 #endif 3337 #endif /* WC_RSA_PSS */ 3338 { 3339 #ifdef HAVE_PK_CALLBACKS 3340 if (ssl->ctx->RsaSignCheckCb) { 3341 /* The key buffer includes private/public portion, 3342 but only public is used */ 3343 /* If HSM hardware is checking the signature result you can 3344 optionally skip the sign check and return 0 */ 3345 /* The ctx here is the RsaSignCtx set using wolfSSL_SetRsaSignCtx */ 3346 void* ctx = wolfSSL_GetRsaSignCtx(ssl); 3347 ret = ssl->ctx->RsaSignCheckCb(ssl, verifySig, sigSz, &out, 3348 keyBuf, keySz, ctx); 3349 } 3350 else 3351 #endif /* HAVE_PK_CALLBACKS */ 3153 3352 { 3154 3353 ret = wc_RsaSSL_VerifyInline(verifySig, sigSz, &out, key); 3354 } 3355 3155 3356 if (ret > 0) { 3156 3357 if (ret != (int)plainSz || !out || … … 3166 3367 /* Handle async pending response */ 3167 3368 #ifdef WOLFSSL_ASYNC_CRYPT 3168 if ( ret == WC_PENDING_E) {3369 if (key && ret == WC_PENDING_E) { 3169 3370 ret = wolfSSL_AsyncPush(ssl, &key->asyncDev); 3170 3371 } … … 3176 3377 } 3177 3378 3379 #ifndef WOLFSSL_NO_TLS12 3380 3178 3381 int RsaDec(WOLFSSL* ssl, byte* in, word32 inSz, byte** out, word32* outSz, 3179 RsaKey* key, const byte* keyBuf, word32 keySz, void* ctx)3382 RsaKey* key, DerBuffer* keyBufInfo) 3180 3383 { 3181 3384 int ret; 3385 #ifdef HAVE_PK_CALLBACKS 3386 const byte* keyBuf = NULL; 3387 word32 keySz = 0; 3388 3389 if (keyBufInfo) { 3390 keyBuf = keyBufInfo->buffer; 3391 keySz = keyBufInfo->length; 3392 } 3393 #endif 3182 3394 3183 3395 (void)ssl; 3184 (void)keyBuf; 3185 (void)keySz; 3186 (void)ctx; 3396 (void)keyBufInfo; 3187 3397 3188 3398 WOLFSSL_ENTER("RsaDec"); 3189 3399 3190 3400 #ifdef WOLFSSL_ASYNC_CRYPT 3191 /* in tialize event */3401 /* initialize event */ 3192 3402 ret = wolfSSL_AsyncInit(ssl, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); 3193 3403 if (ret != 0) … … 3197 3407 #ifdef HAVE_PK_CALLBACKS 3198 3408 if (ssl->ctx->RsaDecCb) { 3199 ret = ssl->ctx->RsaDecCb(ssl, in, inSz, out, keyBuf, keySz,3200 3409 void* ctx = wolfSSL_GetRsaDecCtx(ssl); 3410 ret = ssl->ctx->RsaDecCb(ssl, in, inSz, out, keyBuf, keySz, ctx); 3201 3411 } 3202 3412 else … … 3230 3440 3231 3441 int RsaEnc(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out, word32* outSz, 3232 RsaKey* key, const byte* keyBuf, word32 keySz, void* ctx)3442 RsaKey* key, buffer* keyBufInfo) 3233 3443 { 3234 3444 int ret; 3445 #ifdef HAVE_PK_CALLBACKS 3446 const byte* keyBuf = NULL; 3447 word32 keySz = 0; 3448 3449 if (keyBufInfo) { 3450 keyBuf = keyBufInfo->buffer; 3451 keySz = keyBufInfo->length; 3452 } 3453 #endif 3235 3454 3236 3455 (void)ssl; 3237 (void)keyBuf; 3238 (void)keySz; 3239 (void)ctx; 3456 (void)keyBufInfo; 3240 3457 3241 3458 WOLFSSL_ENTER("RsaEnc"); 3242 3459 3243 3460 #ifdef WOLFSSL_ASYNC_CRYPT 3244 /* in tialize event */3461 /* initialize event */ 3245 3462 ret = wolfSSL_AsyncInit(ssl, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); 3246 3463 if (ret != 0) … … 3250 3467 #ifdef HAVE_PK_CALLBACKS 3251 3468 if (ssl->ctx->RsaEncCb) { 3252 ret = ssl->ctx->RsaEncCb(ssl, in, inSz, out, outSz, keyBuf, keySz,3253 3469 void* ctx = wolfSSL_GetRsaEncCtx(ssl); 3470 ret = ssl->ctx->RsaEncCb(ssl, in, inSz, out, outSz, keyBuf, keySz, ctx); 3254 3471 } 3255 3472 else … … 3277 3494 } 3278 3495 3496 #endif /* !WOLFSSL_NO_TLS12 */ 3497 3279 3498 #endif /* NO_RSA */ 3280 3499 … … 3282 3501 3283 3502 int EccSign(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out, 3284 word32* outSz, ecc_key* key, byte* keyBuf, word32 keySz, void* ctx)3503 word32* outSz, ecc_key* key, DerBuffer* keyBufInfo) 3285 3504 { 3286 3505 int ret; 3506 #ifdef HAVE_PK_CALLBACKS 3507 const byte* keyBuf = NULL; 3508 word32 keySz = 0; 3509 3510 if (keyBufInfo) { 3511 keyBuf = keyBufInfo->buffer; 3512 keySz = keyBufInfo->length; 3513 } 3514 #endif 3287 3515 3288 3516 (void)ssl; 3289 (void)keyBuf; 3290 (void)keySz; 3291 (void)ctx; 3517 (void)keyBufInfo; 3292 3518 3293 3519 WOLFSSL_ENTER("EccSign"); 3294 3520 3295 3521 #ifdef WOLFSSL_ASYNC_CRYPT 3296 /* in tialize event */3522 /* initialize event */ 3297 3523 ret = wolfSSL_AsyncInit(ssl, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); 3298 3524 if (ret != 0) … … 3302 3528 #if defined(HAVE_PK_CALLBACKS) 3303 3529 if (ssl->ctx->EccSignCb) { 3530 void* ctx = wolfSSL_GetEccSignCtx(ssl); 3304 3531 ret = ssl->ctx->EccSignCb(ssl, in, inSz, out, outSz, keyBuf, 3305 3532 keySz, ctx); … … 3324 3551 3325 3552 int EccVerify(WOLFSSL* ssl, const byte* in, word32 inSz, const byte* out, 3326 word32 outSz, ecc_key* key, byte* keyBuf, word32 keySz, 3327 void* ctx) 3553 word32 outSz, ecc_key* key, buffer* keyBufInfo) 3328 3554 { 3329 3555 int ret; 3556 #ifdef HAVE_PK_CALLBACKS 3557 const byte* keyBuf = NULL; 3558 word32 keySz = 0; 3559 3560 if (keyBufInfo) { 3561 keyBuf = keyBufInfo->buffer; 3562 keySz = keyBufInfo->length; 3563 } 3564 #endif 3330 3565 3331 3566 (void)ssl; 3332 (void)keyBuf; 3333 (void)keySz; 3334 (void)ctx; 3567 (void)keyBufInfo; 3335 3568 3336 3569 WOLFSSL_ENTER("EccVerify"); 3337 3570 3338 3571 #ifdef WOLFSSL_ASYNC_CRYPT 3339 /* in tialize event */3572 /* initialize event */ 3340 3573 ret = wolfSSL_AsyncInit(ssl, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); 3341 3574 if (ret != 0) … … 3345 3578 #ifdef HAVE_PK_CALLBACKS 3346 3579 if (ssl->ctx->EccVerifyCb) { 3580 void* ctx = wolfSSL_GetEccVerifyCtx(ssl); 3347 3581 ret = ssl->ctx->EccVerifyCb(ssl, in, inSz, out, outSz, keyBuf, keySz, 3348 3582 &ssl->eccVerifyRes, ctx); … … 3426 3660 int EccSharedSecret(WOLFSSL* ssl, ecc_key* priv_key, ecc_key* pub_key, 3427 3661 byte* pubKeyDer, word32* pubKeySz, byte* out, word32* outlen, 3428 int side , void* ctx)3662 int side) 3429 3663 { 3430 3664 int ret; … … 3440 3674 (void)pubKeySz; 3441 3675 (void)side; 3442 (void)ctx;3443 3676 3444 3677 WOLFSSL_ENTER("EccSharedSecret"); … … 3456 3689 3457 3690 #ifdef WOLFSSL_ASYNC_CRYPT 3458 /* in tialize event */3691 /* initialize event */ 3459 3692 ret = wolfSSL_AsyncInit(ssl, asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); 3460 3693 if (ret != 0) … … 3464 3697 #ifdef HAVE_PK_CALLBACKS 3465 3698 if (ssl->ctx->EccSharedSecretCb) { 3699 void* ctx = wolfSSL_GetEccSharedSecretCtx(ssl); 3466 3700 ret = ssl->ctx->EccSharedSecretCb(ssl, otherKey, pubKeyDer, 3467 3701 pubKeySz, out, outlen, side, ctx); … … 3489 3723 int ret = 0; 3490 3724 int keySz = 0; 3725 int ecc_curve = ECC_CURVE_DEF; 3491 3726 3492 3727 WOLFSSL_ENTER("EccMakeKey"); 3493 3728 3494 3729 #ifdef WOLFSSL_ASYNC_CRYPT 3495 /* in tialize event */3730 /* initialize event */ 3496 3731 ret = wolfSSL_AsyncInit(ssl, &key->asyncDev, WC_ASYNC_FLAG_NONE); 3497 3732 if (ret != 0) … … 3499 3734 #endif 3500 3735 3736 /* get key size */ 3501 3737 if (peer == NULL) { 3502 3738 keySz = ssl->eccTempKeySz; … … 3506 3742 } 3507 3743 3744 /* get curve type */ 3508 3745 if (ssl->ecdhCurveOID > 0) { 3509 ret = wc_ecc_make_key_ex(ssl->rng, keySz, key, 3510 wc_ecc_get_oid(ssl->ecdhCurveOID, NULL, NULL)); 3511 } 3512 else { 3513 ret = wc_ecc_make_key(ssl->rng, keySz, key); 3514 if (ret == 0) 3746 ecc_curve = wc_ecc_get_oid(ssl->ecdhCurveOID, NULL, NULL); 3747 } 3748 3749 #ifdef HAVE_PK_CALLBACKS 3750 if (ssl->ctx->EccKeyGenCb) { 3751 void* ctx = wolfSSL_GetEccKeyGenCtx(ssl); 3752 ret = ssl->ctx->EccKeyGenCb(ssl, key, keySz, ecc_curve, ctx); 3753 } 3754 else 3755 #endif 3756 { 3757 ret = wc_ecc_make_key_ex(ssl->rng, keySz, key, ecc_curve); 3758 } 3759 3760 /* make sure the curve is set for TLS */ 3761 if (ret == 0 && key->dp) { 3515 3762 ssl->ecdhCurveOID = key->dp->oidSum; 3516 3763 } … … 3530 3777 3531 3778 #ifdef HAVE_ED25519 3779 /* Check whether the key contains a public key. 3780 * If not then pull it out of the leaf certificate. 3781 * 3782 * ssl SSL/TLS object. 3783 * returns MEMORY_E when unable to allocate memory, a parsing error, otherwise 3784 * 0 on success. 3785 */ 3786 int Ed25519CheckPubKey(WOLFSSL* ssl) 3787 { 3788 ed25519_key* key = (ed25519_key*)ssl->hsKey; 3789 int ret = 0; 3790 3791 /* Public key required for signing. */ 3792 if (!key->pubKeySet) { 3793 DerBuffer* leaf = ssl->buffers.certificate; 3794 DecodedCert* cert = (DecodedCert*)XMALLOC(sizeof(*cert), 3795 ssl->heap, DYNAMIC_TYPE_DCERT); 3796 if (cert == NULL) 3797 ret = MEMORY_E; 3798 3799 if (ret == 0) { 3800 InitDecodedCert(cert, leaf->buffer, leaf->length, ssl->heap); 3801 ret = DecodeToKey(cert, 0); 3802 } 3803 if (ret == 0) { 3804 ret = wc_ed25519_import_public(cert->publicKey, cert->pubKeySize, 3805 key); 3806 } 3807 if (cert != NULL) { 3808 FreeDecodedCert(cert); 3809 XFREE(cert, ssl->heap, DYNAMIC_TYPE_DCERT); 3810 } 3811 } 3812 3813 return ret; 3814 } 3815 3532 3816 /* Sign the data using EdDSA and key using X25519. 3533 3817 * … … 3540 3824 * keySz The length of the private key data in bytes. 3541 3825 * ctx The callback context. 3542 * returns 0 on succes , otherwise the valusis an error.3826 * returns 0 on success, otherwise the value is an error. 3543 3827 */ 3544 3828 int Ed25519Sign(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out, 3545 word32* outSz, ed25519_key* key, byte* keyBuf, word32 keySz, 3546 void* ctx) 3829 word32* outSz, ed25519_key* key, DerBuffer* keyBufInfo) 3547 3830 { 3548 3831 int ret; 3832 #ifdef HAVE_PK_CALLBACKS 3833 const byte* keyBuf = NULL; 3834 word32 keySz = 0; 3835 3836 if (keyBufInfo) { 3837 keyBuf = keyBufInfo->buffer; 3838 keySz = keyBufInfo->length; 3839 } 3840 #endif 3549 3841 3550 3842 (void)ssl; 3551 (void)keyBuf; 3552 (void)keySz; 3553 (void)ctx; 3843 (void)keyBufInfo; 3554 3844 3555 3845 WOLFSSL_ENTER("Ed25519Sign"); 3556 3846 3557 3847 #ifdef WOLFSSL_ASYNC_CRYPT 3558 /* in tialize event */3848 /* initialize event */ 3559 3849 ret = wolfSSL_AsyncInit(ssl, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); 3560 3850 if (ret != 0) … … 3564 3854 #if defined(HAVE_PK_CALLBACKS) 3565 3855 if (ssl->ctx->Ed25519SignCb) { 3856 void* ctx = wolfSSL_GetEd25519SignCtx(ssl); 3566 3857 ret = ssl->ctx->Ed25519SignCb(ssl, in, inSz, out, outSz, keyBuf, 3567 3858 keySz, ctx); … … 3595 3886 * keySz The length of the private key data in bytes. 3596 3887 * ctx The callback context. 3597 * returns 0 on succes , otherwise the valusis an error.3888 * returns 0 on success, otherwise the value is an error. 3598 3889 */ 3599 3890 int Ed25519Verify(WOLFSSL* ssl, const byte* in, word32 inSz, const byte* msg, 3600 word32 msgSz, ed25519_key* key, byte* keyBuf, word32 keySz, 3601 void* ctx) 3891 word32 msgSz, ed25519_key* key, buffer* keyBufInfo) 3602 3892 { 3603 3893 int ret; 3894 #ifdef HAVE_PK_CALLBACKS 3895 const byte* keyBuf = NULL; 3896 word32 keySz = 0; 3897 3898 if (keyBufInfo) { 3899 keyBuf = keyBufInfo->buffer; 3900 keySz = keyBufInfo->length; 3901 } 3902 #endif 3604 3903 3605 3904 (void)ssl; 3606 (void)keyBuf; 3607 (void)keySz; 3608 (void)ctx; 3905 (void)keyBufInfo; 3609 3906 3610 3907 WOLFSSL_ENTER("Ed25519Verify"); 3611 3908 3612 3909 #ifdef WOLFSSL_ASYNC_CRYPT 3613 /* in tialize event */3910 /* initialize event */ 3614 3911 ret = wolfSSL_AsyncInit(ssl, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); 3615 3912 if (ret != 0) … … 3619 3916 #ifdef HAVE_PK_CALLBACKS 3620 3917 if (ssl->ctx->Ed25519VerifyCb) { 3918 void* ctx = wolfSSL_GetEd25519VerifyCtx(ssl); 3621 3919 ret = ssl->ctx->Ed25519VerifyCb(ssl, in, inSz, msg, msgSz, keyBuf, 3622 3920 keySz, &ssl->eccVerifyRes, ctx); … … 3645 3943 } 3646 3944 #endif /* HAVE_ED25519 */ 3945 3946 #ifndef WOLFSSL_NO_TLS12 3647 3947 3648 3948 #ifdef HAVE_CURVE25519 … … 3686 3986 static int X25519SharedSecret(WOLFSSL* ssl, curve25519_key* priv_key, 3687 3987 curve25519_key* pub_key, byte* pubKeyDer, word32* pubKeySz, 3688 byte* out, word32* outlen, int side , void* ctx)3988 byte* out, word32* outlen, int side) 3689 3989 { 3690 3990 int ret; … … 3694 3994 (void)pubKeySz; 3695 3995 (void)side; 3696 (void)ctx;3697 3996 3698 3997 WOLFSSL_ENTER("X25519SharedSecret"); 3699 3998 3700 3999 #ifdef WOLFSSL_ASYNC_CRYPT 3701 /* in tialize event */4000 /* initialize event */ 3702 4001 ret = wolfSSL_AsyncInit(ssl, &priv_key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); 3703 4002 if (ret != 0) … … 3711 4010 ret = X25519GetKey(ssl, &otherKey); 3712 4011 if (ret == 0) { 4012 void* ctx = wolfSSL_GetX25519SharedSecretCtx(ssl); 3713 4013 ret = ssl->ctx->X25519SharedSecretCb(ssl, otherKey, pubKeyDer, 3714 4014 pubKeySz, out, outlen, side, ctx); … … 3744 4044 3745 4045 #ifdef WOLFSSL_ASYNC_CRYPT 3746 /* in tialize event */4046 /* initialize event */ 3747 4047 ret = wolfSSL_AsyncInit(ssl, &key->asyncDev, WC_ASYNC_FLAG_NONE); 3748 4048 if (ret != 0) … … 3750 4050 #endif 3751 4051 4052 #ifdef HAVE_PK_CALLBACKS 4053 if (ssl->ctx->X25519KeyGenCb) { 4054 void* ctx = wolfSSL_GetX25519KeyGenCtx(ssl); 4055 ret = ssl->ctx->X25519KeyGenCb(ssl, key, CURVE25519_KEYSIZE, ctx); 4056 } 4057 else 4058 #endif 4059 { 3752 4060 ret = wc_curve25519_make_key(ssl->rng, CURVE25519_KEYSIZE, key); 3753 if (ret == 0) 4061 } 4062 4063 if (ret == 0) { 3754 4064 ssl->ecdhCurveOID = ECC_X25519_OID; 4065 } 3755 4066 3756 4067 /* Handle async pending response */ … … 3766 4077 } 3767 4078 #endif /* HAVE_CURVE25519 */ 3768 3769 #endif /* !NO_CERTS */3770 4079 3771 4080 #if !defined(NO_CERTS) || !defined(NO_PSK) … … 3781 4090 3782 4091 #ifdef WOLFSSL_ASYNC_CRYPT 3783 /* in tialize event */4092 /* initialize event */ 3784 4093 ret = wolfSSL_AsyncInit(ssl, &dhKey->asyncDev, WC_ASYNC_FLAG_NONE); 3785 4094 if (ret != 0) … … 3813 4122 3814 4123 #ifdef WOLFSSL_ASYNC_CRYPT 3815 /* in tialize event */4124 /* initialize event */ 3816 4125 ret = wolfSSL_AsyncInit(ssl, &dhKey->asyncDev, WC_ASYNC_FLAG_NONE); 3817 4126 if (ret != 0) … … 3819 4128 #endif 3820 4129 3821 ret = wc_DhAgree(dhKey, agree, agreeSz, priv, privSz, otherPub, otherPubSz); 4130 #ifdef HAVE_PK_CALLBACKS 4131 if (ssl->ctx->DhAgreeCb) { 4132 void* ctx = wolfSSL_GetDhAgreeCtx(ssl); 4133 4134 WOLFSSL_MSG("Calling DhAgree Callback Function"); 4135 ret = ssl->ctx->DhAgreeCb(ssl, dhKey, priv, privSz, 4136 otherPub, otherPubSz, agree, agreeSz, ctx); 4137 } 4138 else 4139 #endif 4140 { 4141 ret = wc_DhAgree(dhKey, agree, agreeSz, priv, privSz, otherPub, 4142 otherPubSz); 4143 } 3822 4144 3823 4145 /* Handle async pending response */ … … 3835 4157 #endif /* !NO_CERTS || !NO_PSK */ 3836 4158 4159 #endif /* !WOLFSSL_NO_TLS12 */ 4160 4161 4162 #ifdef HAVE_PK_CALLBACKS 4163 int wolfSSL_CTX_IsPrivatePkSet(WOLFSSL_CTX* ctx) 4164 { 4165 int pkcbset = 0; 4166 (void)ctx; 4167 #if defined(HAVE_ECC) || defined(HAVE_ED25519) || !defined(NO_RSA) 4168 if (0 4169 #ifdef HAVE_ECC 4170 || ctx->EccSignCb != NULL 4171 #endif 4172 #ifdef HAVE_ED25519 4173 || ctx->Ed25519SignCb != NULL 4174 #endif 4175 #ifndef NO_RSA 4176 || ctx->RsaSignCb != NULL 4177 || ctx->RsaDecCb != NULL 4178 #ifdef WC_RSA_PSS 4179 || ctx->RsaPssSignCb != NULL 4180 #endif 4181 #endif 4182 ) { 4183 pkcbset = 1; 4184 } 4185 #endif 4186 return pkcbset; 4187 } 4188 #endif /* HAVE_PK_CALLBACKS */ 4189 4190 4191 int InitSSL_Suites(WOLFSSL* ssl) 4192 { 4193 int keySz = 0; 4194 byte havePSK = 0; 4195 byte haveAnon = 0; 4196 byte haveRSA = 0; 4197 byte haveMcast = 0; 4198 4199 (void)haveAnon; /* Squash unused var warnings */ 4200 (void)haveMcast; 4201 4202 if (!ssl) 4203 return BAD_FUNC_ARG; 4204 4205 #ifndef NO_RSA 4206 haveRSA = 1; 4207 #endif 4208 #ifndef NO_PSK 4209 havePSK = (byte)ssl->options.havePSK; 4210 #endif /* NO_PSK */ 4211 #ifdef HAVE_ANON 4212 haveAnon = ssl->options.haveAnon; 4213 #endif /* HAVE_ANON*/ 4214 #ifdef WOLFSSL_MULTICAST 4215 haveMcast = ssl->options.haveMcast; 4216 #endif /* WOLFSSL_MULTICAST */ 4217 4218 #ifdef WOLFSSL_EARLY_DATA 4219 if (ssl->options.side == WOLFSSL_SERVER_END) 4220 ssl->options.maxEarlyDataSz = ssl->ctx->maxEarlyDataSz; 4221 #endif 4222 #if !defined(WOLFSSL_NO_CLIENT_AUTH) && defined(HAVE_ED25519) && \ 4223 !defined(NO_ED25519_CLIENT_AUTH) 4224 ssl->options.cacheMessages = ssl->options.side == WOLFSSL_SERVER_END || 4225 ssl->buffers.keyType == ed25519_sa_algo; 4226 #endif 4227 4228 #ifndef NO_CERTS 4229 keySz = ssl->buffers.keySz; 4230 #endif 4231 4232 /* make sure server has DH parms, and add PSK if there, add NTRU too */ 4233 if (ssl->options.side == WOLFSSL_SERVER_END) { 4234 InitSuites(ssl->suites, ssl->version, keySz, haveRSA, havePSK, 4235 ssl->options.haveDH, ssl->options.haveNTRU, 4236 ssl->options.haveECDSAsig, ssl->options.haveECC, 4237 ssl->options.haveStaticECC, ssl->options.side); 4238 } 4239 else { 4240 InitSuites(ssl->suites, ssl->version, keySz, haveRSA, havePSK, 4241 TRUE, ssl->options.haveNTRU, 4242 ssl->options.haveECDSAsig, ssl->options.haveECC, 4243 ssl->options.haveStaticECC, ssl->options.side); 4244 } 4245 4246 #if !defined(NO_CERTS) && !defined(WOLFSSL_SESSION_EXPORT) 4247 /* make sure server has cert and key unless using PSK, Anon, or 4248 * Multicast. This should be true even if just switching ssl ctx */ 4249 if (ssl->options.side == WOLFSSL_SERVER_END && 4250 !havePSK && !haveAnon && !haveMcast) { 4251 4252 /* server certificate must be loaded */ 4253 if (!ssl->buffers.certificate || !ssl->buffers.certificate->buffer) { 4254 WOLFSSL_MSG("Server missing certificate"); 4255 return NO_PRIVATE_KEY; 4256 } 4257 4258 /* allow no private key if using PK callbacks and CB is set */ 4259 #ifdef HAVE_PK_CALLBACKS 4260 if (wolfSSL_CTX_IsPrivatePkSet(ssl->ctx)) { 4261 WOLFSSL_MSG("Using PK for server private key"); 4262 } 4263 else 4264 #endif 4265 if (!ssl->buffers.key || !ssl->buffers.key->buffer) { 4266 WOLFSSL_MSG("Server missing private key"); 4267 return NO_PRIVATE_KEY; 4268 } 4269 } 4270 #endif 4271 4272 return WOLFSSL_SUCCESS; 4273 } 3837 4274 3838 4275 /* This function inherits a WOLFSSL_CTX's fields into an SSL object. … … 3848 4285 int SetSSL_CTX(WOLFSSL* ssl, WOLFSSL_CTX* ctx, int writeDup) 3849 4286 { 3850 byte havePSK = 0; 3851 byte haveAnon = 0; 4287 int ret = WOLFSSL_SUCCESS; 3852 4288 byte newSSL; 3853 byte haveRSA = 0;3854 byte haveMcast = 0;3855 3856 (void)haveAnon; /* Squash unused var warnings */3857 (void)haveMcast;3858 4289 3859 4290 if (!ssl || !ctx) 3860 4291 return BAD_FUNC_ARG; 3861 4292 4293 #ifndef SINGLE_THREADED 3862 4294 if (ssl->suites == NULL && !writeDup) 3863 4295 return BAD_FUNC_ARG; 4296 #endif 3864 4297 3865 4298 newSSL = ssl->ctx == NULL; /* Assign after null check */ … … 3870 4303 } 3871 4304 #endif 3872 3873 3874 #ifndef NO_RSA3875 haveRSA = 1;3876 #endif3877 #ifndef NO_PSK3878 havePSK = ctx->havePSK;3879 #endif /* NO_PSK */3880 #ifdef HAVE_ANON3881 haveAnon = ctx->haveAnon;3882 #endif /* HAVE_ANON*/3883 #ifdef WOLFSSL_MULTICAST3884 haveMcast = ctx->haveMcast;3885 #endif /* WOLFSSL_MULTICAST */3886 4305 3887 4306 /* decrement previous CTX reference count if exists. … … 3904 4323 #ifdef HAVE_ECC 3905 4324 ssl->eccTempKeySz = ctx->eccTempKeySz; 4325 ssl->ecdhCurveOID = ctx->ecdhCurveOID; 4326 #endif 4327 #if defined(HAVE_ECC) || defined(HAVE_ED25519) 3906 4328 ssl->pkCurveOID = ctx->pkCurveOID; 3907 ssl->ecdhCurveOID = ctx->ecdhCurveOID;3908 4329 #endif 3909 4330 3910 4331 #ifdef OPENSSL_EXTRA 3911 4332 ssl->options.mask = ctx->mask; 4333 ssl->CBIS = ctx->CBIS; 3912 4334 #endif 3913 4335 ssl->timeout = ctx->timeout; … … 3927 4349 ssl->options.client_psk_cb = ctx->client_psk_cb; 3928 4350 ssl->options.server_psk_cb = ctx->server_psk_cb; 4351 #ifdef WOLFSSL_TLS13 4352 ssl->options.client_psk_tls13_cb = ctx->client_psk_tls13_cb; 4353 ssl->options.server_psk_tls13_cb = ctx->server_psk_tls13_cb; 4354 #endif 3929 4355 #endif /* NO_PSK */ 3930 4356 #ifdef WOLFSSL_EARLY_DATA … … 3938 4364 #ifndef NO_DH 3939 4365 ssl->options.minDhKeySz = ctx->minDhKeySz; 4366 ssl->options.maxDhKeySz = ctx->maxDhKeySz; 3940 4367 #endif 3941 4368 #ifndef NO_RSA … … 3966 4393 3967 4394 #ifndef NO_DH 4395 #if !defined(WOLFSSL_OLD_PRIME_CHECK) && !defined(HAVE_FIPS) && \ 4396 !defined(HAVE_SELFTEST) 4397 ssl->options.dhKeyTested = ctx->dhKeyTested; 4398 #endif 3968 4399 ssl->buffers.serverDH_P = ctx->serverDH_P; 3969 4400 ssl->buffers.serverDH_G = ctx->serverDH_G; … … 3981 4412 ssl->buffers.keySz = ctx->privateKeySz; 3982 4413 #endif 4414 #if !defined(WOLFSSL_NO_CLIENT_AUTH) && defined(HAVE_ED25519) && \ 4415 !defined(NO_ED25519_CLIENT_AUTH) 4416 ssl->options.cacheMessages = ssl->options.side == WOLFSSL_SERVER_END || 4417 ssl->buffers.keyType == ed25519_sa_algo; 4418 #endif 4419 3983 4420 3984 4421 #ifdef WOLFSSL_ASYNC_CRYPT … … 3987 4424 3988 4425 if (writeDup == 0) { 3989 int keySz = 0;3990 #ifndef NO_CERTS3991 keySz = ssl->buffers.keySz;3992 #endif3993 3994 4426 #ifndef NO_PSK 3995 4427 if (ctx->server_hint[0]) { /* set in CTX */ … … 4000 4432 #endif /* NO_PSK */ 4001 4433 4002 if (ctx->suites) 4434 if (ctx->suites) { 4435 #ifndef SINGLE_THREADED 4003 4436 *ssl->suites = *ctx->suites; 4004 else 4437 #else 4438 ssl->suites = ctx->suites; 4439 #endif 4440 } 4441 else { 4005 4442 XMEMSET(ssl->suites, 0, sizeof(Suites)); 4006 4007 /* make sure server has DH parms, and add PSK if there, add NTRU too */ 4008 if (ssl->options.side == WOLFSSL_SERVER_END) 4009 InitSuites(ssl->suites, ssl->version, keySz, haveRSA, havePSK, 4010 ssl->options.haveDH, ssl->options.haveNTRU, 4011 ssl->options.haveECDSAsig, ssl->options.haveECC, 4012 ssl->options.haveStaticECC, ssl->options.side); 4013 else 4014 InitSuites(ssl->suites, ssl->version, keySz, haveRSA, havePSK, 4015 TRUE, ssl->options.haveNTRU, 4016 ssl->options.haveECDSAsig, ssl->options.haveECC, 4017 ssl->options.haveStaticECC, ssl->options.side); 4018 4019 #if !defined(NO_CERTS) && !defined(WOLFSSL_SESSION_EXPORT) 4020 /* make sure server has cert and key unless using PSK, Anon, or 4021 * Multicast. This should be true even if just switching ssl ctx */ 4022 if (ssl->options.side == WOLFSSL_SERVER_END && 4023 !havePSK && !haveAnon && !haveMcast) 4024 if (!ssl->buffers.certificate || !ssl->buffers.certificate->buffer 4025 || !ssl->buffers.key || !ssl->buffers.key->buffer) { 4026 WOLFSSL_MSG("Server missing certificate and/or private key"); 4027 return NO_PRIVATE_KEY; 4028 } 4029 #endif 4030 4443 } 4444 4445 if (ssl->options.side != WOLFSSL_NEITHER_END) { 4446 /* Defer initializing suites until accept or connect */ 4447 ret = InitSSL_Suites(ssl); 4448 } 4031 4449 } /* writeDup check */ 4032 4450 … … 4037 4455 #endif 4038 4456 4457 ssl->CBIORecv = ctx->CBIORecv; 4458 ssl->CBIOSend = ctx->CBIOSend; 4039 4459 #ifdef OPENSSL_EXTRA 4040 4460 ssl->readAhead = ctx->readAhead; 4041 4461 #endif 4042 4043 return WOLFSSL_SUCCESS; 4462 ssl->verifyDepth = ctx->verifyDepth; 4463 4464 return ret; 4044 4465 } 4045 4466 … … 4113 4534 wc_Sha512Free(&ssl->hsHashes->hashSha512); 4114 4535 #endif 4536 #if defined(HAVE_ED25519) && !defined(WOLFSSL_NO_CLIENT_AUTH) 4537 if (ssl->hsHashes->messages != NULL) { 4538 XFREE(ssl->hsHashes->messages, ssl->heap, DYNAMIC_TYPE_HASHES); 4539 ssl->hsHashes->messages = NULL; 4540 } 4541 #endif 4115 4542 4116 4543 XFREE(ssl->hsHashes, ssl->heap, DYNAMIC_TYPE_HASHES); … … 4233 4660 ssl->buffers.outputBuffer.bufferSize = STATIC_BUFFER_LEN; 4234 4661 4235 #if defined(KEEP_PEER_CERT) || defined(GOAHEAD_WS)4662 #ifdef KEEP_PEER_CERT 4236 4663 InitX509(&ssl->peerCert, 0, ssl->heap); 4237 4664 #endif … … 4247 4674 ssl->IOCB_ReadCtx = &ssl->nxCtx; /* default NetX IO ctx, same for read */ 4248 4675 ssl->IOCB_WriteCtx = &ssl->nxCtx; /* and write */ 4676 #elif defined(WOLFSSL_APACHE_MYNEWT) && !defined(WOLFSSL_LWIP) 4677 ssl->mnCtx = mynewt_ctx_new(); 4678 if(!ssl->mnCtx) { 4679 return MEMORY_E; 4680 } 4681 ssl->IOCB_ReadCtx = ssl->mnCtx; /* default Mynewt IO ctx, same for read */ 4682 ssl->IOCB_WriteCtx = ssl->mnCtx; /* and write */ 4249 4683 #endif 4250 4684 … … 4260 4694 ssl->encrypt.state = CIPHER_STATE_BEGIN; 4261 4695 ssl->decrypt.state = CIPHER_STATE_BEGIN; 4696 #ifndef NO_DH 4697 #if !defined(WOLFSSL_OLD_PRIME_CHECK) && !defined(HAVE_FIPS) && \ 4698 !defined(HAVE_SELFTEST) 4699 ssl->options.dhDoKeyTest = 1; 4700 #endif 4701 #endif 4262 4702 4263 4703 #ifdef WOLFSSL_DTLS … … 4276 4716 #endif 4277 4717 4718 #ifndef WOLFSSL_AEAD_ONLY 4278 4719 #ifndef NO_OLD_TLS 4279 4720 ssl->hmac = SSL_hmac; /* default to SSLv3 */ 4280 #el se4721 #elif !defined(WOLFSSL_NO_TLS12) 4281 4722 ssl->hmac = TLS_hmac; 4282 4723 #endif 4724 #endif 4283 4725 4284 4726 … … 4298 4740 ssl->options.postHandshakeAuth = ctx->postHandshakeAuth; 4299 4741 #endif 4742 4743 if (ctx->numGroups > 0) { 4744 XMEMCPY(ssl->group, ctx->group, sizeof(*ctx->group) * ctx->numGroups); 4745 ssl->numGroups = ctx->numGroups; 4746 } 4300 4747 #endif 4301 4748 … … 4306 4753 #ifdef HAVE_ALPN 4307 4754 ssl->alpn_client_list = NULL; 4308 #if defined( WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)4755 #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) 4309 4756 ssl->alpnSelect = ctx->alpnSelect; 4310 4757 ssl->alpnSelectArg = ctx->alpnSelectArg; … … 4321 4768 ssl->alert_history.last_tx.code = -1; 4322 4769 ssl->alert_history.last_tx.level = -1; 4770 4771 #ifdef OPENSSL_EXTRA 4772 /* copy over application session context ID */ 4773 ssl->sessionCtxSz = ctx->sessionCtxSz; 4774 XMEMCPY(ssl->sessionCtx, ctx->sessionCtx, ctx->sessionCtxSz); 4775 ssl->cbioFlag = ctx->cbioFlag; 4776 #endif 4323 4777 4324 4778 InitCiphers(ssl); … … 4336 4790 } 4337 4791 XMEMSET(ssl->arrays, 0, sizeof(Arrays)); 4792 #if defined(WOLFSSL_TLS13) || defined(WOLFSSL_SNIFFER) 4338 4793 ssl->arrays->preMasterSecret = (byte*)XMALLOC(ENCRYPT_LEN, ssl->heap, 4339 4794 DYNAMIC_TYPE_SECRET); … … 4342 4797 } 4343 4798 XMEMSET(ssl->arrays->preMasterSecret, 0, ENCRYPT_LEN); 4344 4799 #endif 4800 4801 #ifdef SINGLE_THREADED 4802 if (ctx->suites == NULL) 4803 #endif 4804 { 4345 4805 /* suites */ 4346 4806 ssl->suites = (Suites*)XMALLOC(sizeof(Suites), ssl->heap, … … 4351 4811 } 4352 4812 } 4813 } 4353 4814 4354 4815 /* Initialize SSL with the appropriate fields from it's ctx */ … … 4387 4848 } 4388 4849 4850 #ifdef HAVE_WRITE_DUP 4389 4851 if (writeDup) { 4390 4852 /* all done */ 4391 4853 return 0; 4392 4854 } 4855 #endif 4393 4856 4394 4857 /* hsHashes */ … … 4434 4897 for (i = 0; i < WOLFSSL_DTLS_PEERSEQ_SZ; i++) 4435 4898 ssl->keys.peerSeq[i].peerId = INVALID_PEER_ID; 4899 } 4900 #endif 4901 4902 #ifdef HAVE_SECURE_RENEGOTIATION 4903 if (ssl->options.side == WOLFSSL_CLIENT_END) { 4904 /* use secure renegotiation by default (not recommend) */ 4905 #ifdef WOLFSSL_SECURE_RENEGOTIATION_ON_BY_DEFAULT 4906 ret = wolfSSL_UseSecureRenegotiation(ssl); 4907 if (ret != WOLFSSL_SUCCESS) 4908 return ret; 4909 #endif 4436 4910 } 4437 4911 #endif … … 4598 5072 } 4599 5073 4600 #if !defined(NO_RSA) || defined(HAVE_ECC) || defined(HAVE_CURVE25519) 5074 #if !defined(NO_RSA) || defined(HAVE_ECC) || defined(HAVE_ED25519) || \ 5075 defined(HAVE_CURVE25519) 4601 5076 static int ReuseKey(WOLFSSL* ssl, int type, void* pKey) 4602 5077 { 4603 5078 int ret = 0; 5079 5080 (void)ssl; 4604 5081 4605 5082 switch (type) { … … 4691 5168 XFREE(ssl->rng, ssl->heap, DYNAMIC_TYPE_RNG); 4692 5169 } 5170 #ifdef SINGLE_THREADED 5171 if (ssl->suites != ssl->ctx->suites) 5172 #endif 4693 5173 XFREE(ssl->suites, ssl->heap, DYNAMIC_TYPE_SUITES); 4694 5174 FreeHandshakeHashes(ssl); … … 4697 5177 /* clear keys struct after session */ 4698 5178 ForceZero(&ssl->keys, sizeof(Keys)); 5179 5180 #ifdef WOLFSSL_TLS13 5181 if (ssl->options.tls1_3) { 5182 ForceZero(&ssl->clientSecret, sizeof(ssl->clientSecret)); 5183 ForceZero(&ssl->serverSecret, sizeof(ssl->serverSecret)); 5184 } 5185 #endif 4699 5186 4700 5187 #ifndef NO_DH … … 4706 5193 XFREE(ssl->buffers.serverDH_Pub.buffer, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); 4707 5194 /* parameters (p,g) may be owned by ctx */ 4708 if (ssl->buffers.weOwnDH || ssl->options.side == WOLFSSL_CLIENT_END) {5195 if (ssl->buffers.weOwnDH) { 4709 5196 XFREE(ssl->buffers.serverDH_G.buffer, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); 4710 5197 XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); … … 4741 5228 #endif 4742 5229 #endif /* WOLFSSL_DTLS */ 4743 #if defined(OPENSSL_EXTRA) || defined(GOAHEAD_WS)5230 #ifdef OPENSSL_EXTRA 4744 5231 if (ssl->biord != ssl->biowr) /* only free write if different */ 4745 5232 wolfSSL_BIO_free(ssl->biowr); … … 4754 5241 FreeKey(ssl, DYNAMIC_TYPE_ECC, (void**)&ssl->peerEccDsaKey); 4755 5242 ssl->peerEccDsaKeyPresent = 0; 5243 #endif 5244 #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) 5245 { 5246 int dtype; 5247 #ifdef HAVE_ECC 5248 dtype = DYNAMIC_TYPE_ECC; 5249 #endif 4756 5250 #ifdef HAVE_CURVE25519 4757 if (!ssl->peerX25519KeyPresent && 4758 ssl->eccTempKeyPresent != DYNAMIC_TYPE_CURVE25519) 4759 #endif /* HAVE_CURVE25519 */ 5251 #ifdef HAVE_ECC 5252 if (ssl->peerX25519KeyPresent || 5253 ssl->eccTempKeyPresent == DYNAMIC_TYPE_CURVE25519) 5254 #endif /* HAVE_ECC */ 4760 5255 { 4761 FreeKey(ssl, DYNAMIC_TYPE_ECC, (void**)&ssl->eccTempKey); 5256 dtype = DYNAMIC_TYPE_CURVE25519; 5257 } 5258 #endif /* HAVE_CURVE25519 */ 5259 FreeKey(ssl, dtype, (void**)&ssl->eccTempKey); 4762 5260 ssl->eccTempKeyPresent = 0; 4763 5261 } 5262 #endif /* HAVE_ECC || HAVE_CURVE25519 */ 4764 5263 #ifdef HAVE_CURVE25519 4765 else {4766 FreeKey(ssl, DYNAMIC_TYPE_CURVE25519, (void**)&ssl->eccTempKey);4767 ssl->eccTempKeyPresent = 0;4768 }4769 5264 FreeKey(ssl, DYNAMIC_TYPE_CURVE25519, (void**)&ssl->peerX25519Key); 4770 5265 ssl->peerX25519KeyPresent = 0; 4771 5266 #endif 4772 #endif /* HAVE_ECC */4773 5267 #ifdef HAVE_ED25519 4774 5268 FreeKey(ssl, DYNAMIC_TYPE_ED25519, (void**)&ssl->peerEd25519Key); … … 4800 5294 #endif 4801 5295 #endif /* HAVE_TLS_EXTENSIONS */ 5296 #if defined(WOLFSSL_APACHE_MYNEWT) && !defined(WOLFSSL_LWIP) 5297 if (ssl->mnCtx) { 5298 mynewt_ctx_clear(ssl->mnCtx); 5299 ssl->mnCtx = NULL; 5300 } 5301 #endif 4802 5302 #ifdef HAVE_NETX 4803 5303 if (ssl->nxCtx.nxPacket) 4804 5304 nx_packet_release(ssl->nxCtx.nxPacket); 4805 5305 #endif 4806 #if defined(KEEP_PEER_CERT) || defined(GOAHEAD_WS)5306 #ifdef KEEP_PEER_CERT 4807 5307 FreeX509(&ssl->peerCert); 4808 5308 #endif … … 4842 5342 WOLFSSL_HEAP_HINT* ssl_hint = (WOLFSSL_HEAP_HINT*)ssl->heap; 4843 5343 WOLFSSL_HEAP* ctx_heap; 5344 void* heap = ssl->ctx ? ssl->ctx->heap : ssl->heap; 4844 5345 4845 5346 ctx_heap = ssl_hint->memory; … … 4861 5362 /* check if tracking stats */ 4862 5363 if (ctx_heap->flag & WOLFMEM_TRACK_STATS) { 4863 XFREE(ssl_hint->stats, ssl->ctx->heap, DYNAMIC_TYPE_SSL);4864 } 4865 XFREE(ssl->heap, ssl->ctx->heap, DYNAMIC_TYPE_SSL);5364 XFREE(ssl_hint->stats, heap, DYNAMIC_TYPE_SSL); 5365 } 5366 XFREE(ssl->heap, heap, DYNAMIC_TYPE_SSL); 4866 5367 #ifdef WOLFSSL_HEAP_TEST 4867 5368 } … … 4886 5387 ShrinkInputBuffer(ssl, NO_FORCED_FREE); 4887 5388 5389 #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) 5390 if (!ssl->options.tls1_3) 5391 #endif 5392 { 4888 5393 /* suites */ 5394 #ifdef SINGLE_THREADED 5395 if (ssl->suites != ssl->ctx->suites) 5396 #endif 4889 5397 XFREE(ssl->suites, ssl->heap, DYNAMIC_TYPE_SUITES); 4890 5398 ssl->suites = NULL; … … 4892 5400 /* hsHashes */ 4893 5401 FreeHandshakeHashes(ssl); 5402 } 4894 5403 4895 5404 /* RNG */ 4896 if (ssl->specs.cipher_type == stream || ssl->options.tls1_1 == 0) { 5405 if (ssl->options.tls1_1 == 0 5406 #ifndef WOLFSSL_AEAD_ONLY 5407 || ssl->specs.cipher_type == stream 5408 #endif 5409 #if defined(WOLFSSL_TLS13) 5410 #if !defined(WOLFSSL_POST_HANDSHAKE_AUTH) 5411 || ssl->options.tls1_3 5412 #elif !defined(HAVE_SESSION_TICKET) 5413 || (ssl->options.tls1_3 && ssl->options.side == WOLFSSL_SERVER_END) 5414 #endif 5415 #endif 5416 ) { 4897 5417 if (ssl->options.weOwnRng) { 4898 5418 wc_FreeRng(ssl->rng); … … 4913 5433 #endif 4914 5434 5435 #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) && \ 5436 defined(HAVE_SESSION_TICKET) 5437 if (!ssl->options.tls1_3) 5438 #endif 4915 5439 /* arrays */ 4916 5440 if (ssl->options.saveArrays == 0) 4917 5441 FreeArrays(ssl, 1); 4918 5442 5443 #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) 5444 if (!ssl->options.tls1_3 || ssl->options.side == WOLFSSL_CLIENT_END) 5445 #endif 5446 { 4919 5447 #ifndef NO_RSA 4920 5448 /* peerRsaKey */ … … 4922 5450 ssl->peerRsaKeyPresent = 0; 4923 5451 #endif 5452 #ifdef HAVE_ECC 5453 FreeKey(ssl, DYNAMIC_TYPE_ECC, (void**)&ssl->peerEccDsaKey); 5454 ssl->peerEccDsaKeyPresent = 0; 5455 #endif /* HAVE_ECC */ 5456 #ifdef HAVE_ED25519 5457 FreeKey(ssl, DYNAMIC_TYPE_ED25519, (void**)&ssl->peerEd25519Key); 5458 ssl->peerEd25519KeyPresent = 0; 5459 #endif /* HAVE_ED25519 */ 5460 } 4924 5461 4925 5462 #ifdef HAVE_ECC 4926 5463 FreeKey(ssl, DYNAMIC_TYPE_ECC, (void**)&ssl->peerEccKey); 4927 5464 ssl->peerEccKeyPresent = 0; 4928 FreeKey(ssl, DYNAMIC_TYPE_ECC, (void**)&ssl->peerEccDsaKey); 4929 ssl->peerEccDsaKeyPresent = 0; 5465 #endif 5466 #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) 5467 { 5468 int dtype; 5469 #ifdef HAVE_ECC 5470 dtype = DYNAMIC_TYPE_ECC; 5471 #endif 4930 5472 #ifdef HAVE_CURVE25519 4931 if (ssl->ecdhCurveOID != ECC_X25519_OID) 4932 #endif /* HAVE_CURVE25519 */ 5473 #ifdef HAVE_ECC 5474 if (ssl->peerX25519KeyPresent || 5475 ssl->eccTempKeyPresent == DYNAMIC_TYPE_CURVE25519) 5476 #endif /* HAVE_ECC */ 4933 5477 { 4934 FreeKey(ssl, DYNAMIC_TYPE_ECC, (void**)&ssl->eccTempKey); 5478 dtype = DYNAMIC_TYPE_CURVE25519; 5479 } 5480 #endif /* HAVE_CURVE25519 */ 5481 FreeKey(ssl, dtype, (void**)&ssl->eccTempKey); 4935 5482 ssl->eccTempKeyPresent = 0; 4936 5483 } 5484 #endif /* HAVE_ECC || HAVE_CURVE25519 */ 4937 5485 #ifdef HAVE_CURVE25519 4938 else {4939 FreeKey(ssl, DYNAMIC_TYPE_CURVE25519, (void**)&ssl->eccTempKey);4940 ssl->eccTempKeyPresent = 0;4941 }4942 5486 FreeKey(ssl, DYNAMIC_TYPE_CURVE25519, (void**)&ssl->peerX25519Key); 4943 5487 ssl->peerX25519KeyPresent = 0; 4944 #endif /* HAVE_CURVE25519 */4945 #endif /* HAVE_ECC */ 5488 #endif 5489 4946 5490 #ifndef NO_DH 4947 5491 if (ssl->buffers.serverDH_Priv.buffer) { … … 4954 5498 ssl->buffers.serverDH_Pub.buffer = NULL; 4955 5499 /* parameters (p,g) may be owned by ctx */ 4956 if (ssl->buffers.weOwnDH || ssl->options.side == WOLFSSL_CLIENT_END) {5500 if (ssl->buffers.weOwnDH) { 4957 5501 XFREE(ssl->buffers.serverDH_G.buffer, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY); 4958 5502 ssl->buffers.serverDH_G.buffer = NULL; … … 4961 5505 } 4962 5506 #endif /* !NO_DH */ 5507 4963 5508 #ifndef NO_CERTS 4964 5509 wolfSSL_UnloadCertsKeys(ssl); 4965 5510 #endif 4966 5511 #ifdef HAVE_PK_CALLBACKS 5512 #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) 5513 if (!ssl->options.tls1_3 || ssl->options.side == WOLFSSL_CLIENT_END) 5514 #endif 5515 { 4967 5516 #ifdef HAVE_ECC 4968 5517 XFREE(ssl->buffers.peerEccDsaKey.buffer, ssl->heap, DYNAMIC_TYPE_ECC); … … 4978 5527 ssl->buffers.peerEd25519Key.buffer = NULL; 4979 5528 #endif 5529 } 4980 5530 #endif /* HAVE_PK_CALLBACKS */ 4981 5531 … … 4991 5541 ssl->session.ticketLen = 0; 4992 5542 } 5543 #endif 5544 5545 #if defined(HAVE_TLS_EXTENSIONS) && !defined(HAVE_SNI) && \ 5546 !defined(HAVE_ALPN) && !defined(WOLFSSL_POST_HANDSHAKE_AUTH) 5547 /* Some extensions need to be kept for post-handshake querying. */ 5548 TLSX_FreeAll(ssl->extensions, ssl->heap); 5549 ssl->extensions = NULL; 4993 5550 #endif 4994 5551 … … 5022 5579 { 5023 5580 if (ssl->ctx) { 5024 FreeSSL_Ctx(ssl->ctx); /* will decrement and free under yling CTX if 0 */5581 FreeSSL_Ctx(ssl->ctx); /* will decrement and free underlying CTX if 0 */ 5025 5582 } 5026 5583 SSL_ResourceFree(ssl); … … 5029 5586 } 5030 5587 5031 5032 #if !defined(NO_OLD_TLS) || defined(HAVE_CHACHA) || defined(HAVE_AESCCM) \ 5033 || defined(HAVE_AESGCM) || defined(WOLFSSL_DTLS) 5034 static INLINE void GetSEQIncrement(WOLFSSL* ssl, int verify, word32 seq[2]) 5588 #if !defined(NO_OLD_TLS) || defined(WOLFSSL_DTLS) || \ 5589 ((defined(HAVE_CHACHA) || defined(HAVE_AESCCM) || defined(HAVE_AESGCM)) \ 5590 && defined(HAVE_AEAD)) 5591 5592 #if defined(WOLFSSL_DTLS) || !defined(WOLFSSL_NO_TLS12) 5593 static WC_INLINE void GetSEQIncrement(WOLFSSL* ssl, int verify, word32 seq[2]) 5035 5594 { 5036 5595 if (verify) { … … 5051 5610 } 5052 5611 } 5612 #endif /* WOLFSSL_DTLS || !WOLFSSL_NO_TLS12 */ 5053 5613 5054 5614 5055 5615 #ifdef WOLFSSL_DTLS 5056 static INLINE void DtlsGetSEQ(WOLFSSL* ssl, int order, word32 seq[2])5616 static WC_INLINE void DtlsGetSEQ(WOLFSSL* ssl, int order, word32 seq[2]) 5057 5617 { 5058 5618 if (order == PREV_ORDER) { … … 5098 5658 } 5099 5659 5100 static INLINE void DtlsSEQIncrement(WOLFSSL* ssl, int order)5660 static WC_INLINE void DtlsSEQIncrement(WOLFSSL* ssl, int order) 5101 5661 { 5102 5662 word32 seq; … … 5126 5686 #endif /* WOLFSSL_DTLS */ 5127 5687 5128 5129 static INLINE void WriteSEQ(WOLFSSL* ssl, int verifyOrder, byte* out)5688 #if defined(WOLFSSL_DTLS) || !defined(WOLFSSL_NO_TLS12) 5689 static WC_INLINE void WriteSEQ(WOLFSSL* ssl, int verifyOrder, byte* out) 5130 5690 { 5131 5691 word32 seq[2] = {0, 0}; … … 5143 5703 c32toa(seq[1], out + OPAQUE32_LEN); 5144 5704 } 5145 #endif 5146 5705 #endif /* WOLFSSL_DTLS || !WOLFSSL_NO_TLS12 */ 5706 #endif /* !NO_OLD_TLS || WOLFSSL_DTLS || 5707 * ((HAVE_CHACHA || HAVE_AESCCM || HAVE_AESGCM) && HAVE_AEAD) */ 5147 5708 5148 5709 #ifdef WOLFSSL_DTLS … … 5254 5815 } 5255 5816 5256 /* if no mes age data, just return */5817 /* if no message data, just return */ 5257 5818 if (fragSz == 0) 5258 5819 return 0; … … 5615 6176 } 5616 6177 6178 #ifndef WOLFSSL_NO_TLS12 6179 5617 6180 ProtocolVersion MakeDTLSv1_2(void) 5618 6181 { … … 5623 6186 return pv; 5624 6187 } 6188 6189 #endif /* !WOLFSSL_NO_TLS12 */ 5625 6190 5626 6191 #endif /* WOLFSSL_DTLS */ … … 5786 6351 } 5787 6352 6353 #elif defined(WOLFSSL_NUCLEUS_1_2) 6354 6355 #define NU_TICKS_PER_SECOND 100 6356 6357 word32 LowResTimer(void) 6358 { 6359 /* returns number of 10ms ticks, so 100 ticks/sec */ 6360 return NU_Retrieve_Clock() / NU_TICKS_PER_SECOND; 6361 } 6362 #elif defined(WOLFSSL_APACHE_MYNEWT) 6363 6364 #include "os/os_time.h" 6365 word32 LowResTimer(void) 6366 { 6367 word32 now; 6368 struct os_timeval tv; 6369 os_gettimeofday(&tv, NULL); 6370 now = (word32)tv.tv_sec; 6371 return now; 6372 } 6373 5788 6374 #else 5789 6375 /* Posix style time */ 6376 #ifndef USER_TIME 5790 6377 #include <time.h> 6378 #endif 5791 6379 5792 6380 word32 LowResTimer(void) 5793 6381 { 5794 return (word32)time(0); 5795 } 5796 5797 5798 #endif 5799 6382 return (word32)XTIME(0); 6383 } 6384 #endif 6385 #if !defined(WOLFSSL_NO_CLIENT_AUTH) && defined(HAVE_ED25519) && \ 6386 !defined(NO_ED25519_CLIENT_AUTH) 6387 /* Store the message for use with CertificateVerify using Ed25519. 6388 * 6389 * ssl SSL/TLS object. 6390 * data Message to store. 6391 * sz Size of message to store. 6392 * returns MEMORY_E if not able to reallocate, otherwise 0. 6393 */ 6394 static int Ed25519Update(WOLFSSL* ssl, const byte* data, int sz) 6395 { 6396 int ret = 0; 6397 byte* msgs; 6398 6399 if (ssl->options.cacheMessages) { 6400 msgs = (byte*)XREALLOC(ssl->hsHashes->messages, 6401 ssl->hsHashes->length + sz, 6402 ssl->heap, DYNAMIC_TYPE_HASHES); 6403 if (msgs == NULL) 6404 ret = MEMORY_E; 6405 if (ret == 0) { 6406 ssl->hsHashes->messages = msgs; 6407 XMEMCPY(msgs + ssl->hsHashes->length, data, sz); 6408 ssl->hsHashes->prevLen = ssl->hsHashes->length; 6409 ssl->hsHashes->length += sz; 6410 } 6411 } 6412 6413 return ret; 6414 } 6415 #endif /* HAVE_ED25519 && !WOLFSSL_NO_CLIENT_AUTH */ 5800 6416 5801 6417 #ifndef NO_CERTS … … 5839 6455 return ret; 5840 6456 #endif 6457 #if !defined(WOLFSSL_NO_CLIENT_AUTH) && defined(HAVE_ED25519) && \ 6458 !defined(NO_ED25519_CLIENT_AUTH) 6459 ret = Ed25519Update(ssl, output, sz); 6460 if (ret != 0) 6461 return ret; 6462 #endif 5841 6463 } 5842 6464 … … 5890 6512 return ret; 5891 6513 #endif 6514 #if !defined(WOLFSSL_NO_CLIENT_AUTH) && defined(HAVE_ED25519) && \ 6515 !defined(NO_ED25519_CLIENT_AUTH) 6516 ret = Ed25519Update(ssl, adj, sz); 6517 if (ret != 0) 6518 return ret; 6519 #endif 5892 6520 } 5893 6521 … … 5943 6571 return ret; 5944 6572 #endif 6573 #if !defined(WOLFSSL_NO_CLIENT_AUTH) && defined(HAVE_ED25519) && \ 6574 !defined(NO_ED25519_CLIENT_AUTH) 6575 ret = Ed25519Update(ssl, adj, sz); 6576 if (ret != 0) 6577 return ret; 6578 #endif 5945 6579 } 5946 6580 … … 5962 6596 rl->pvMajor = ssl->version.major; /* type and version same in each */ 5963 6597 #ifdef WOLFSSL_TLS13 5964 if (IsAtLeastTLSv1_3(ssl->version)) 6598 if (IsAtLeastTLSv1_3(ssl->version)) { 6599 #ifdef WOLFSSL_TLS13_DRAFT_18 5965 6600 rl->pvMinor = TLSv1_MINOR; 6601 #else 6602 rl->pvMinor = TLSv1_2_MINOR; 6603 #endif 6604 } 5966 6605 else 5967 6606 #endif … … 5993 6632 5994 6633 6634 #if !defined(WOLFSSL_NO_TLS12) || (defined(HAVE_SESSION_TICKET) && \ 6635 !defined(NO_WOLFSSL_SERVER)) 5995 6636 /* add handshake header for message */ 5996 6637 static void AddHandShakeHeader(byte* output, word32 length, … … 6005 6646 /* handshake header */ 6006 6647 hs = (HandShakeHeader*)output; 6648 if (hs == NULL) 6649 return; 6650 6007 6651 hs->type = type; 6008 6652 c32to24(length, hs->length); /* type and length same for each */ … … 6020 6664 } 6021 6665 6022 6023 6666 /* add both headers for handshake message */ 6024 6667 static void AddHeaders(byte* output, word32 length, byte type, WOLFSSL* ssl) … … 6037 6680 AddHandShakeHeader(output + outputAdj, length, 0, length, type, ssl); 6038 6681 } 6039 6040 6682 #endif /* !WOLFSSL_NO_TLS12 || (HAVE_SESSION_TICKET && !NO_WOLFSSL_SERVER) */ 6683 6684 6685 #ifndef WOLFSSL_NO_TLS12 6041 6686 #ifndef NO_CERTS 6042 6687 static void AddFragHeaders(byte* output, word32 fragSz, word32 fragOffset, … … 6058 6703 } 6059 6704 #endif /* NO_CERTS */ 6705 #endif /* !WOLFSSL_NO_TLS12 */ 6060 6706 6061 6707 6062 6708 /* return bytes received, -1 on error */ 6063 static int Receive(WOLFSSL* ssl, byte* buf, word32 sz)6709 static int wolfSSLReceive(WOLFSSL* ssl, byte* buf, word32 sz) 6064 6710 { 6065 6711 int recvd; 6066 6712 6067 if (ssl-> ctx->CBIORecv == NULL) {6713 if (ssl->CBIORecv == NULL) { 6068 6714 WOLFSSL_MSG("Your IO Recv callback is null, please set"); 6069 6715 return -1; … … 6071 6717 6072 6718 retry: 6073 recvd = ssl-> ctx->CBIORecv(ssl, (char *)buf, (int)sz, ssl->IOCB_ReadCtx);6719 recvd = ssl->CBIORecv(ssl, (char *)buf, (int)sz, ssl->IOCB_ReadCtx); 6074 6720 if (recvd < 0) 6075 6721 switch (recvd) { … … 6099 6745 XSTRNCPY(ssl->timeoutInfo.timeoutName, 6100 6746 "recv() timeout", MAX_TIMEOUT_NAME_SZ); 6747 ssl->timeoutInfo.timeoutName[ 6748 MAX_TIMEOUT_NAME_SZ] = '\0'; 6749 6101 6750 WOLFSSL_MSG("Got our timeout"); 6102 6751 return WANT_READ; … … 6110 6759 return -1; 6111 6760 6761 #ifdef WOLFSSL_DTLS 6112 6762 case WOLFSSL_CBIO_ERR_TIMEOUT: 6113 #ifdef WOLFSSL_DTLS6114 6763 if (IsDtlsNotSctpMode(ssl) && 6115 6764 !ssl->options.handShakeDone && … … 6119 6768 goto retry; 6120 6769 } 6121 #endif6122 6770 return -1; 6771 #endif 6123 6772 6124 6773 default: … … 6171 6820 int SendBuffered(WOLFSSL* ssl) 6172 6821 { 6173 if (ssl-> ctx->CBIOSend == NULL) {6822 if (ssl->CBIOSend == NULL) { 6174 6823 WOLFSSL_MSG("Your IO Send callback is null, please set"); 6175 6824 return SOCKET_ERROR_E; … … 6185 6834 6186 6835 while (ssl->buffers.outputBuffer.length > 0) { 6187 int sent = ssl-> ctx->CBIOSend(ssl,6836 int sent = ssl->CBIOSend(ssl, 6188 6837 (char*)ssl->buffers.outputBuffer.buffer + 6189 6838 ssl->buffers.outputBuffer.idx, … … 6210 6859 XSTRNCPY(ssl->timeoutInfo.timeoutName, 6211 6860 "send() timeout", MAX_TIMEOUT_NAME_SZ); 6861 ssl->timeoutInfo.timeoutName[ 6862 MAX_TIMEOUT_NAME_SZ] = '\0'; 6863 6212 6864 WOLFSSL_MSG("Got our timeout"); 6213 6865 return WANT_WRITE; … … 6247 6899 6248 6900 /* Grow the output buffer */ 6249 static INLINE int GrowOutputBuffer(WOLFSSL* ssl, int size)6901 static WC_INLINE int GrowOutputBuffer(WOLFSSL* ssl, int size) 6250 6902 { 6251 6903 byte* tmp; … … 6444 7096 if (rh->pvMajor != ssl->version.major || 6445 7097 (rh->pvMinor != ssl->version.minor && 6446 (!IsAtLeastTLSv1_3(ssl->version) || rh->pvMinor != TLSv1_MINOR))) 7098 #ifdef WOLFSSL_TLS13_DRAFT_18 7099 (!IsAtLeastTLSv1_3(ssl->version) || rh->pvMinor != TLSv1_MINOR) 7100 #else 7101 (!IsAtLeastTLSv1_3(ssl->version) || rh->pvMinor != TLSv1_2_MINOR) 7102 #endif 7103 )) 6447 7104 #endif 6448 7105 { … … 6494 7151 } 6495 7152 6496 7153 #ifndef WOLFSSL_NO_TLS12 6497 7154 static int GetHandShakeHeader(WOLFSSL* ssl, const byte* input, word32* inOutIdx, 6498 7155 byte *type, word32 *size, word32 totalSz) … … 6510 7167 return 0; 6511 7168 } 6512 7169 #endif 6513 7170 6514 7171 #ifdef WOLFSSL_DTLS … … 6669 7326 #endif 6670 7327 7328 #ifndef WOLFSSL_NO_TLS12 7329 6671 7330 /* Finished doesn't support SHA512, not SHA512 cipher suites yet */ 6672 7331 static int BuildFinished(WOLFSSL* ssl, Hashes* hashes, const byte* sender) 6673 7332 { 6674 7333 int ret = 0; 6675 #ifdef WOLFSSL_SHA3846676 #ifdef WOLFSSL_SMALL_STACK6677 wc_Sha384* sha384;6678 #else6679 wc_Sha384 sha384[1];6680 #endif /* WOLFSSL_SMALL_STACK */6681 #endif /* WOLFSSL_SHA384 */6682 7334 6683 7335 if (ssl == NULL) 6684 7336 return BAD_FUNC_ARG; 6685 6686 #ifdef WOLFSSL_SHA3846687 #ifdef WOLFSSL_SMALL_STACK6688 sha384 = (wc_Sha384*)XMALLOC(sizeof(wc_Sha384), ssl->heap, DYNAMIC_TYPE_HASHCTX);6689 if (sha384 == NULL)6690 return MEMORY_E;6691 #endif /* WOLFSSL_SMALL_STACK */6692 #endif /* WOLFSSL_SHA384 */6693 6694 /* store current states, building requires get_digest which resets state */6695 #ifdef WOLFSSL_SHA3846696 sha384[0] = ssl->hsHashes->hashSha384;6697 #endif6698 7337 6699 7338 #ifndef NO_TLS … … 6711 7350 #endif 6712 7351 6713 /* restore */6714 if (IsAtLeastTLSv1_2(ssl)) {6715 #ifdef WOLFSSL_SHA3846716 ssl->hsHashes->hashSha384 = sha384[0];6717 #endif6718 }6719 6720 #ifdef WOLFSSL_SHA3846721 #ifdef WOLFSSL_SMALL_STACK6722 XFREE(sha384, ssl->heap, DYNAMIC_TYPE_HASHCTX);6723 #endif6724 #endif6725 6726 7352 return ret; 6727 7353 } 6728 7354 6729 7355 #endif /* WOLFSSL_NO_TLS12 */ 7356 7357 #if !defined(NO_WOLFSSL_SERVER) || !defined(NO_WOLFSSL_CLIENT) 6730 7358 /* cipher requirements */ 6731 7359 enum { … … 6747 7375 { 6748 7376 7377 (void)requirement; 7378 7379 #ifndef WOLFSSL_NO_TLS12 7380 7381 #ifdef HAVE_CHACHA 6749 7382 if (first == CHACHA_BYTE) { 6750 7383 6751 7384 switch (second) { 6752 6753 7385 case TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 : 6754 7386 if (requirement == REQUIRES_RSA) … … 6804 7436 } 6805 7437 } 7438 #endif /* HAVE_CHACHA */ 6806 7439 6807 7440 /* ECC extensions */ … … 6809 7442 6810 7443 switch (second) { 6811 7444 #ifdef HAVE_ECC 6812 7445 #ifndef NO_RSA 6813 7446 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA : … … 6835 7468 return 1; 6836 7469 break; 6837 #endif 7470 #endif /* !NO_DES3 */ 6838 7471 6839 7472 #ifndef NO_RC4 … … 6849 7482 return 1; 6850 7483 break; 6851 #endif 7484 #endif /* !NO_RC4 */ 6852 7485 #endif /* NO_RSA */ 6853 7486 … … 6862 7495 return 1; 6863 7496 break; 6864 #endif 7497 #endif /* !NO_DES3 */ 6865 7498 #ifndef NO_RC4 6866 7499 case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA : … … 6873 7506 return 1; 6874 7507 break; 6875 #endif 7508 #endif /* !NO_RC4 */ 6876 7509 #ifndef NO_RSA 6877 7510 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA : … … 6886 7519 return 1; 6887 7520 break; 6888 #endif 7521 #endif /* !NO_RSA */ 6889 7522 6890 7523 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA : … … 6927 7560 return 1; 6928 7561 break; 7562 #endif /* HAVE_ECC */ 6929 7563 6930 7564 #ifndef NO_RSA 7565 #ifdef HAVE_ECC 6931 7566 case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 : 6932 7567 if (requirement == REQUIRES_RSA) … … 6952 7587 return 1; 6953 7588 break; 6954 7589 #endif /* HAVE_ECC */ 7590 #ifdef HAVE_AESCCM 6955 7591 case TLS_RSA_WITH_AES_128_CCM_8 : 6956 7592 case TLS_RSA_WITH_AES_256_CCM_8 : … … 6960 7596 return 1; 6961 7597 break; 7598 #endif /* HAVE_AESCCM */ 7599 #ifdef HAVE_ECC 6962 7600 6963 7601 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 : … … 6974 7612 return 1; 6975 7613 break; 6976 #endif 6977 7614 #endif /* HAVE_ECC */ 7615 #endif /* !NO_RSA */ 7616 7617 #ifdef HAVE_ECC 6978 7618 case TLS_ECDHE_ECDSA_WITH_AES_128_CCM : 6979 7619 case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 : … … 6996 7636 return 1; 6997 7637 break; 6998 7638 #endif /* HAVE_ECC */ 7639 7640 #ifndef NO_PSK 6999 7641 case TLS_PSK_WITH_AES_128_CCM: 7000 7642 case TLS_PSK_WITH_AES_256_CCM: … … 7012 7654 return 1; 7013 7655 break; 7014 7656 #endif /* !NO_PSK */ 7657 #ifdef HAVE_ECC 7015 7658 case TLS_ECDHE_ECDSA_WITH_NULL_SHA : 7016 7659 if (requirement == REQUIRES_ECC) … … 7027 7670 return 1; 7028 7671 break; 7029 7672 #endif /* HAVE_ECC */ 7030 7673 default: 7031 7674 WOLFSSL_MSG("Unsupported cipher suite, CipherRequires ECC"); … … 7033 7676 } /* switch */ 7034 7677 } /* if */ 7678 7679 #endif /* !WOLFSSL_NO_TLS12 */ 7035 7680 7036 7681 /* Distinct TLS v1.3 cipher suites with cipher and digest only. */ … … 7054 7699 } 7055 7700 7701 #ifndef WOLFSSL_NO_TLS12 7702 7056 7703 if (first != ECC_BYTE && first != CHACHA_BYTE && 7057 7704 first != TLS13_BYTE) { /* normal suites */ … … 7059 7706 7060 7707 #ifndef NO_RSA 7708 #ifndef NO_RC4 7061 7709 case SSL_RSA_WITH_RC4_128_SHA : 7062 7710 if (requirement == REQUIRES_RSA) … … 7068 7716 return 1; 7069 7717 break; 7718 #endif /* NO_RC4 */ 7070 7719 7071 7720 case SSL_RSA_WITH_3DES_EDE_CBC_SHA : … … 7074 7723 break; 7075 7724 7725 #ifdef HAVE_NTRU 7076 7726 case TLS_NTRU_RSA_WITH_RC4_128_SHA : 7077 7727 if (requirement == REQUIRES_NTRU) 7078 7728 return 1; 7079 7729 break; 7730 #endif /* HAVE_NTRU */ 7080 7731 7081 7732 case TLS_RSA_WITH_AES_128_CBC_SHA : … … 7089 7740 break; 7090 7741 7742 #ifdef HAVE_NTRU 7091 7743 case TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA : 7092 7744 if (requirement == REQUIRES_NTRU) 7093 7745 return 1; 7094 7746 break; 7747 #endif /* HAVE_NTRU */ 7095 7748 7096 7749 case TLS_RSA_WITH_AES_256_CBC_SHA : … … 7099 7752 break; 7100 7753 7754 #ifdef HAVE_NTRU 7101 7755 case TLS_NTRU_RSA_WITH_AES_128_CBC_SHA : 7102 7756 if (requirement == REQUIRES_NTRU) 7103 7757 return 1; 7104 7758 break; 7759 #endif /* HAVE_NTRU */ 7105 7760 7106 7761 case TLS_RSA_WITH_AES_256_CBC_SHA256 : … … 7115 7770 break; 7116 7771 7772 #ifdef HAVE_NTRU 7117 7773 case TLS_NTRU_RSA_WITH_AES_256_CBC_SHA : 7118 7774 if (requirement == REQUIRES_NTRU) 7119 7775 return 1; 7120 7776 break; 7121 7777 #endif /* HAVE_NTRU */ 7778 7779 #ifdef HAVE_IDEA 7122 7780 case SSL_RSA_WITH_IDEA_CBC_SHA : 7123 7781 if (requirement == REQUIRES_RSA) 7124 7782 return 1; 7125 7783 break; 7126 #endif 7127 7784 #endif /* HAVE_IDEA */ 7785 #endif /* !NO_RSA */ 7786 7787 #ifndef NO_PSK 7128 7788 case TLS_PSK_WITH_AES_128_GCM_SHA256 : 7129 7789 case TLS_PSK_WITH_AES_256_GCM_SHA384 : … … 7150 7810 return 1; 7151 7811 break; 7812 #endif /* NO_PSK */ 7152 7813 7153 7814 #ifndef NO_RSA … … 7180 7841 break; 7181 7842 7843 #ifndef NO_HC128 7182 7844 case TLS_RSA_WITH_HC_128_MD5 : 7183 7845 if (requirement == REQUIRES_RSA) … … 7194 7856 return 1; 7195 7857 break; 7196 7858 #endif /* NO_HC128 */ 7859 7860 #ifdef HAVE_BLAKE2 7197 7861 case TLS_RSA_WITH_AES_128_CBC_B2B256: 7198 7862 case TLS_RSA_WITH_AES_256_CBC_B2B256: … … 7200 7864 return 1; 7201 7865 break; 7202 7866 #endif /* HAVE_BLAKE2 */ 7867 7868 #ifndef NO_RABBIT 7203 7869 case TLS_RSA_WITH_RABBIT_SHA : 7204 7870 if (requirement == REQUIRES_RSA) 7205 7871 return 1; 7206 7872 break; 7873 #endif /* !NO_RABBIT */ 7207 7874 7208 7875 case TLS_RSA_WITH_AES_128_GCM_SHA256 : … … 7220 7887 break; 7221 7888 7889 #ifdef HAVE_CAMELLIA 7222 7890 case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA : 7223 7891 case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA : … … 7239 7907 return 1; 7240 7908 break; 7909 #endif /* HAVE_CAMELLIA */ 7241 7910 7242 7911 case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA: … … 7254 7923 return 1; 7255 7924 break; 7925 case TLS_DH_anon_WITH_AES_256_GCM_SHA384: 7926 if (requirement == REQUIRES_DHE) 7927 return 1; 7928 break; 7256 7929 #endif 7257 7930 #ifdef WOLFSSL_MULTICAST … … 7266 7939 } /* if ECC / Normal suites else */ 7267 7940 7941 #endif /* !WOLFSSL_NO_TLS12 */ 7942 7268 7943 return 0; 7269 7944 } 7945 7946 #endif /* !NO_WOLFSSL_SERVER && !NO_WOLFSSL_CLIENT */ 7270 7947 7271 7948 … … 7280 7957 int MatchDomainName(const char* pattern, int len, const char* str) 7281 7958 { 7959 int ret = 0; 7282 7960 char p, s; 7283 7961 … … 7288 7966 7289 7967 p = (char)XTOLOWER((unsigned char)*pattern++); 7290 if (p == 0)7968 if (p == '\0') 7291 7969 break; 7292 7970 … … 7312 7990 } 7313 7991 7314 if (*str != '\0') 7992 7993 if (len > 0) { 7315 7994 str++; 7316 7317 if (len > 0)7318 7995 len--; 7319 7996 } 7320 7321 return *str == '\0'; 7997 } 7998 7999 if (*str == '\0' && len == 0) { 8000 ret = 1; /* success */ 8001 } 8002 8003 return ret; 7322 8004 } 7323 8005 … … 7337 8019 WOLFSSL_MSG("\tindividual AltName check"); 7338 8020 7339 if (MatchDomainName(altName->name, (int)XSTRLEN(altName->name), domain)){8021 if (MatchDomainName(altName->name, altName->len, domain)){ 7340 8022 match = 1; 7341 8023 break; … … 7374 8056 WOLFSSL_MSG("\tindividual AltName check"); 7375 8057 7376 if (MatchDomainName(altName->name, (int)XSTRLEN(altName->name), 7377 domain)) { 8058 if (MatchDomainName(altName->name, altName->len, domain)) { 7378 8059 match = 1; 7379 8060 *checkCN = 0; … … 7437 8118 #endif 7438 8119 7439 #if defined(KEEP_PEER_CERT) || defined(SESSION_CERTS) 8120 #if defined(KEEP_PEER_CERT) || defined(SESSION_CERTS) || \ 8121 defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) 7440 8122 /* Copy parts X509 needs from Decoded cert, 0 on success */ 8123 /* The same DecodedCert cannot be copied to WOLFSSL_X509 twice otherwise the 8124 * altNames pointers could be free'd by second x509 still active by first */ 7441 8125 int CopyDecodedToX509(WOLFSSL_X509* x509, DecodedCert* dCert) 7442 8126 { … … 7452 8136 x509->issuer.name[ASN_NAME_MAX - 1] = '\0'; 7453 8137 x509->issuer.sz = (int)XSTRLEN(x509->issuer.name) + 1; 7454 #if def OPENSSL_EXTRA8138 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) 7455 8139 if (dCert->issuerName.fullName != NULL) { 7456 8140 XMEMCPY(&x509->issuer.fullName, … … 7464 8148 } 7465 8149 x509->issuer.x509 = x509; 7466 #endif /* OPENSSL_EXTRA */8150 #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ 7467 8151 7468 8152 XSTRNCPY(x509->subject.name, dCert->subject, ASN_NAME_MAX); 7469 8153 x509->subject.name[ASN_NAME_MAX - 1] = '\0'; 7470 8154 x509->subject.sz = (int)XSTRLEN(x509->subject.name) + 1; 7471 #if def OPENSSL_EXTRA8155 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) 7472 8156 if (dCert->subjectName.fullName != NULL) { 7473 8157 XMEMCPY(&x509->subject.fullName, … … 7480 8164 } 7481 8165 x509->subject.x509 = x509; 7482 #endif /* OPENSSL_EXTRA */ 7483 #ifdef WOLFSSL_NGINX 7484 XMEMCPY(x509->subject.raw, dCert->subjectRaw, dCert->subjectRawLen); 7485 x509->subject.rawLen = dCert->subjectRawLen; 8166 #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ 8167 #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) 8168 x509->subject.rawLen = min(dCert->subjectRawLen, sizeof(x509->subject.raw)); 8169 XMEMCPY(x509->subject.raw, dCert->subjectRaw, x509->subject.rawLen); 8170 #ifdef WOLFSSL_CERT_EXT 8171 x509->issuer.rawLen = min(dCert->issuerRawLen, sizeof(x509->issuer.raw)); 8172 XMEMCPY(x509->issuer.raw, dCert->issuerRaw, x509->issuer.rawLen); 8173 #endif 7486 8174 #endif 7487 8175 7488 8176 XMEMCPY(x509->serial, dCert->serial, EXTERNAL_SERIAL_SIZE); 7489 8177 x509->serialSz = dCert->serialSz; 7490 if (dCert->subjectCN Len < ASN_NAME_MAX) {8178 if (dCert->subjectCN && dCert->subjectCNLen < ASN_NAME_MAX) { 7491 8179 XMEMCPY(x509->subjectCN, dCert->subjectCN, dCert->subjectCNLen); 7492 8180 x509->subjectCN[dCert->subjectCNLen] = '\0'; … … 7575 8263 x509->altNamesNext = x509->altNames; /* index hint */ 7576 8264 8265 #if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ 8266 !defined(IGNORE_NAME_CONSTRAINTS) 8267 /* add copies of alternate emails from dCert to X509 */ 8268 if (dCert->altEmailNames != NULL) { 8269 DNS_entry* cur = dCert->altEmailNames; 8270 8271 while (cur != NULL) { 8272 if (cur->type == ASN_RFC822_TYPE) { 8273 DNS_entry* dnsEntry; 8274 int strLen = cur->len; 8275 8276 dnsEntry = (DNS_entry*)XMALLOC(sizeof(DNS_entry), x509->heap, 8277 DYNAMIC_TYPE_ALTNAME); 8278 if (dnsEntry == NULL) { 8279 WOLFSSL_MSG("\tOut of Memory"); 8280 return MEMORY_E; 8281 } 8282 8283 dnsEntry->type = ASN_RFC822_TYPE; 8284 dnsEntry->name = (char*)XMALLOC(strLen + 1, x509->heap, 8285 DYNAMIC_TYPE_ALTNAME); 8286 if (dnsEntry->name == NULL) { 8287 WOLFSSL_MSG("\tOut of Memory"); 8288 XFREE(dnsEntry, x509->heap, DYNAMIC_TYPE_ALTNAME); 8289 return MEMORY_E; 8290 } 8291 dnsEntry->len = strLen; 8292 XMEMCPY(dnsEntry->name, cur->name, strLen); 8293 dnsEntry->name[strLen] = '\0'; 8294 8295 dnsEntry->next = x509->altNames; 8296 x509->altNames = dnsEntry; 8297 } 8298 cur = cur->next; 8299 } 8300 } 8301 #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ 8302 7577 8303 x509->isCa = dCert->isCA; 7578 #if def OPENSSL_EXTRA8304 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) 7579 8305 x509->pathLength = dCert->pathLength; 7580 8306 x509->keyUsage = dCert->extKeyUsage; … … 7657 8383 } 7658 8384 #endif /* WOLFSSL_CERT_EXT */ 7659 #endif /* OPENSSL_EXTRA */7660 #if def HAVE_ECC8385 #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ 8386 #if defined(HAVE_ECC) || defined(HAVE_ED25519) 7661 8387 x509->pkCurveOID = dCert->pkCurveOID; 7662 8388 #endif /* HAVE_ECC */ … … 7666 8392 7667 8393 #endif /* KEEP_PEER_CERT || SESSION_CERTS */ 8394 8395 #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) || \ 8396 (defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) && !defined(WOLFSSL_NO_TLS12)) 8397 static int ProcessCSR(WOLFSSL* ssl, byte* input, word32* inOutIdx, 8398 word32 status_length) 8399 { 8400 int ret = 0; 8401 OcspRequest* request; 8402 8403 #ifdef WOLFSSL_SMALL_STACK 8404 CertStatus* status; 8405 OcspResponse* response; 8406 #else 8407 CertStatus status[1]; 8408 OcspResponse response[1]; 8409 #endif 8410 8411 do { 8412 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST 8413 if (ssl->status_request) { 8414 request = (OcspRequest*)TLSX_CSR_GetRequest(ssl->extensions); 8415 ssl->status_request = 0; 8416 break; 8417 } 8418 #endif 8419 8420 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 8421 if (ssl->status_request_v2) { 8422 request = (OcspRequest*)TLSX_CSR2_GetRequest(ssl->extensions, 8423 WOLFSSL_CSR2_OCSP, 0); 8424 ssl->status_request_v2 = 0; 8425 break; 8426 } 8427 #endif 8428 8429 return BUFFER_ERROR; 8430 } while(0); 8431 8432 if (request == NULL) 8433 return BAD_CERTIFICATE_STATUS_ERROR; /* not expected */ 8434 8435 #ifdef WOLFSSL_SMALL_STACK 8436 status = (CertStatus*)XMALLOC(sizeof(CertStatus), ssl->heap, 8437 DYNAMIC_TYPE_OCSP_STATUS); 8438 response = (OcspResponse*)XMALLOC(sizeof(OcspResponse), ssl->heap, 8439 DYNAMIC_TYPE_OCSP_REQUEST); 8440 8441 if (status == NULL || response == NULL) { 8442 if (status) 8443 XFREE(status, NULL, DYNAMIC_TYPE_OCSP_STATUS); 8444 if (response) 8445 XFREE(response, NULL, DYNAMIC_TYPE_OCSP_REQUEST); 8446 8447 return MEMORY_ERROR; 8448 } 8449 #endif 8450 8451 InitOcspResponse(response, status, input +*inOutIdx, status_length); 8452 8453 if (OcspResponseDecode(response, ssl->ctx->cm, ssl->heap, 0) != 0) 8454 ret = BAD_CERTIFICATE_STATUS_ERROR; 8455 else if (CompareOcspReqResp(request, response) != 0) 8456 ret = BAD_CERTIFICATE_STATUS_ERROR; 8457 else if (response->responseStatus != OCSP_SUCCESSFUL) 8458 ret = BAD_CERTIFICATE_STATUS_ERROR; 8459 else if (response->status->status == CERT_REVOKED) 8460 ret = OCSP_CERT_REVOKED; 8461 else if (response->status->status != CERT_GOOD) 8462 ret = BAD_CERTIFICATE_STATUS_ERROR; 8463 8464 *inOutIdx += status_length; 8465 8466 #ifdef WOLFSSL_SMALL_STACK 8467 XFREE(status, ssl->heap, DYNAMIC_TYPE_OCSP_STATUS); 8468 XFREE(response, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST); 8469 #endif 8470 8471 return ret; 8472 } 8473 #endif 8474 8475 8476 8477 #ifdef HAVE_PK_CALLBACKS 8478 8479 #ifdef HAVE_ECC 8480 static int SigPkCbEccVerify(const unsigned char* sig, unsigned int sigSz, 8481 const unsigned char* hash, unsigned int hashSz, 8482 const unsigned char* keyDer, unsigned int keySz, 8483 int* result, void* ctx) 8484 { 8485 int ret = NOT_COMPILED_IN; 8486 WOLFSSL* ssl = (WOLFSSL*)ctx; 8487 8488 if (ssl && ssl->ctx->EccVerifyCb) { 8489 ret = ssl->ctx->EccVerifyCb(ssl, sig, sigSz, hash, hashSz, 8490 keyDer, keySz, result, ssl->EccVerifyCtx); 8491 } 8492 return ret; 8493 } 8494 #endif 8495 #ifndef NO_RSA 8496 static int SigPkCbRsaVerify(unsigned char* sig, unsigned int sigSz, 8497 unsigned char** out, const unsigned char* keyDer, unsigned int keySz, 8498 void* ctx) 8499 { 8500 int ret = NOT_COMPILED_IN; 8501 WOLFSSL* ssl = (WOLFSSL*)ctx; 8502 8503 if (ssl && ssl->ctx->RsaVerifyCb) { 8504 ret = ssl->ctx->RsaVerifyCb(ssl, sig, sigSz, out, keyDer, keySz, 8505 ssl->RsaVerifyCtx); 8506 } 8507 return ret; 8508 } 8509 #endif 8510 8511 int InitSigPkCb(WOLFSSL* ssl, SignatureCtx* sigCtx) 8512 { 8513 if (ssl == NULL || sigCtx == NULL) 8514 return BAD_FUNC_ARG; 8515 8516 /* only setup the verify callback if a PK is set */ 8517 #ifdef HAVE_ECC 8518 if (ssl->ctx->EccVerifyCb) { 8519 sigCtx->pkCbEcc = SigPkCbEccVerify; 8520 sigCtx->pkCtxEcc = ssl; 8521 } 8522 #endif 8523 #ifndef NO_RSA 8524 /* only setup the verify callback if a PK is set */ 8525 if (ssl->ctx->RsaVerifyCb) { 8526 sigCtx->pkCbRsa = SigPkCbRsaVerify; 8527 sigCtx->pkCtxRsa = ssl; 8528 } 8529 #endif 8530 8531 return 0; 8532 } 8533 8534 #endif /* HAVE_PK_CALLBACKS */ 8535 7668 8536 7669 8537 typedef struct ProcPeerCertArgs { 7670 8538 buffer* certs; 7671 8539 #ifdef WOLFSSL_TLS13 7672 buffer* exts; /* exten tions */8540 buffer* exts; /* extensions */ 7673 8541 #endif 7674 8542 DecodedCert* dCert; 7675 char* domain;7676 8543 word32 idx; 7677 8544 word32 begin; 7678 8545 int totalCerts; /* number of certs in certs buffer */ 7679 8546 int count; 7680 int dCertInit;7681 8547 int certIdx; 7682 int fatal;7683 8548 int lastErr; 7684 8549 #ifdef WOLFSSL_ALT_CERT_CHAINS … … 7688 8553 byte ctxSz; 7689 8554 #endif 8555 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) 8556 char untrustedDepth; 8557 #endif 8558 word16 fatal:1; 8559 word16 verifyErr:1; 8560 word16 dCertInit:1; 7690 8561 #ifdef WOLFSSL_TRUST_PEER_CERT 7691 byte haveTrustPeer; /* was cert verified by loaded trusted peer cert */ 7692 #endif 7693 #ifdef OPENSSL_EXTRA 7694 char untrustedDepth; 8562 word16 haveTrustPeer:1; /* was cert verified by loaded trusted peer cert */ 7695 8563 #endif 7696 8564 } ProcPeerCertArgs; 8565 8566 /* WOLFSSL_ALWAYS_VERIFY_CB: Use verify callback for success or failure cases */ 8567 /* WOLFSSL_VERIFY_CB_ALL_CERTS: Issue callback for all intermediate certificates */ 8568 8569 /* Callback is issued for certificate presented in TLS Certificate (11) packet. 8570 * The intermediates are done first then peer leaf cert last. Use the 8571 * store->error_depth member to determine index (0=peer, >1 intermediates) 8572 */ 8573 8574 static int DoVerifyCallback(WOLFSSL* ssl, int ret, ProcPeerCertArgs* args) 8575 { 8576 int verify_ok = 0, alertWhy = 0, use_cb = 0; 8577 8578 /* Determine return code and alert reason */ 8579 if (ret != 0) { 8580 alertWhy = bad_certificate; 8581 if (ret == ASN_AFTER_DATE_E || 8582 ret == ASN_BEFORE_DATE_E) { 8583 alertWhy = certificate_expired; 8584 } 8585 } 8586 else { 8587 verify_ok = 1; 8588 } 8589 8590 /* Determine if verify callback should be used */ 8591 if (ret != 0) { 8592 if (!ssl->options.verifyNone) { 8593 use_cb = 1; /* always report errors */ 8594 } 8595 } 8596 #ifdef WOLFSSL_ALWAYS_VERIFY_CB 8597 /* always use verify callback on peer leaf cert */ 8598 if (args->certIdx == 0) { 8599 use_cb = 1; 8600 } 8601 #endif 8602 #ifdef WOLFSSL_VERIFY_CB_ALL_CERTS 8603 /* perform verify callback on other intermediate certs (not just peer) */ 8604 if (args->certIdx > 0) { 8605 use_cb = 1; 8606 } 8607 #endif 8608 8609 /* if verify callback has been set */ 8610 if (use_cb && ssl->verifyCallback) { 8611 #ifdef WOLFSSL_SMALL_STACK 8612 WOLFSSL_X509_STORE_CTX* store; 8613 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) 8614 WOLFSSL_X509* x509; 8615 #endif 8616 char* domain = NULL; 8617 #else 8618 WOLFSSL_X509_STORE_CTX store[1]; 8619 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) 8620 WOLFSSL_X509 x509[1]; 8621 #endif 8622 char domain[ASN_NAME_MAX]; 8623 #endif 8624 8625 #ifdef WOLFSSL_SMALL_STACK 8626 store = (WOLFSSL_X509_STORE_CTX*)XMALLOC( 8627 sizeof(WOLFSSL_X509_STORE_CTX), ssl->heap, DYNAMIC_TYPE_X509_STORE); 8628 if (store == NULL) { 8629 return MEMORY_E; 8630 } 8631 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) 8632 x509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), ssl->heap, 8633 DYNAMIC_TYPE_X509); 8634 if (x509 == NULL) { 8635 XFREE(store, ssl->heap, DYNAMIC_TYPE_X509); 8636 return MEMORY_E; 8637 } 8638 #endif 8639 domain = (char*)XMALLOC(ASN_NAME_MAX, ssl->heap, DYNAMIC_TYPE_STRING); 8640 if (domain == NULL) { 8641 XFREE(store, ssl->heap, DYNAMIC_TYPE_X509); 8642 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) 8643 XFREE(x509, ssl->heap, DYNAMIC_TYPE_X509); 8644 #endif 8645 return MEMORY_E; 8646 } 8647 #endif /* WOLFSSL_SMALL_STACK */ 8648 8649 XMEMSET(store, 0, sizeof(WOLFSSL_X509_STORE_CTX)); 8650 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) 8651 XMEMSET(x509, 0, sizeof(WOLFSSL_X509)); 8652 #endif 8653 domain[0] = '\0'; 8654 8655 /* build subject CN as string to return in store */ 8656 if (args->dCertInit && args->dCert && args->dCert->subjectCN) { 8657 int subjectCNLen = args->dCert->subjectCNLen; 8658 if (subjectCNLen > ASN_NAME_MAX-1) 8659 subjectCNLen = ASN_NAME_MAX-1; 8660 if (subjectCNLen > 0) { 8661 XMEMCPY(domain, args->dCert->subjectCN, subjectCNLen); 8662 domain[subjectCNLen] = '\0'; 8663 } 8664 } 8665 8666 store->error = ret; 8667 store->error_depth = args->certIdx; 8668 store->discardSessionCerts = 0; 8669 store->domain = domain; 8670 store->userCtx = ssl->verifyCbCtx; 8671 store->certs = args->certs; 8672 store->totalCerts = args->totalCerts; 8673 store->ex_data = ssl; 8674 8675 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) 8676 if (ssl->ctx->x509_store_pt != NULL) { 8677 store->store = ssl->ctx->x509_store_pt; 8678 } 8679 else { 8680 store->store = &ssl->ctx->x509_store; 8681 } 8682 #endif 8683 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) 8684 #ifdef KEEP_PEER_CERT 8685 if (args->certIdx == 0) { 8686 store->current_cert = &ssl->peerCert; /* use existing X509 */ 8687 } 8688 else 8689 #endif 8690 { 8691 InitX509(x509, 0, ssl->heap); 8692 if (CopyDecodedToX509(x509, args->dCert) == 0) { 8693 store->current_cert = x509; 8694 } 8695 } 8696 #endif 8697 #ifdef SESSION_CERTS 8698 store->sesChain = &ssl->session.chain; 8699 #endif 8700 /* non-zero return code indicates failure override */ 8701 if (ssl->verifyCallback(verify_ok, store)) { 8702 if (ret != 0) { 8703 WOLFSSL_MSG("Verify callback overriding error!"); 8704 ret = 0; 8705 } 8706 } 8707 else { 8708 /* induce error if one not present */ 8709 if (ret == 0) { 8710 ret = VERIFY_CERT_ERROR; 8711 } 8712 8713 /* mark as verify error */ 8714 args->verifyErr = 1; 8715 } 8716 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) 8717 if (args->certIdx > 0) 8718 FreeX509(x509); 8719 #endif 8720 #if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA) 8721 wolfSSL_sk_X509_free(store->chain); 8722 store->chain = NULL; 8723 #endif 8724 #ifdef SESSION_CERTS 8725 if (store->discardSessionCerts) { 8726 WOLFSSL_MSG("Verify callback requested discard sess certs"); 8727 ssl->session.chain.count = 0; 8728 #ifdef WOLFSSL_ALT_CERT_CHAINS 8729 ssl->session.altChain.count = 0; 8730 #endif 8731 } 8732 #endif /* SESSION_CERTS */ 8733 #ifdef WOLFSSL_SMALL_STACK 8734 XFREE(domain, ssl->heap, DYNAMIC_TYPE_STRING); 8735 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) 8736 XFREE(x509, ssl->heap, DYNAMIC_TYPE_X509); 8737 #endif 8738 XFREE(store, ssl->heap, DYNAMIC_TYPE_X509_STORE); 8739 #endif 8740 } 8741 8742 if (ret != 0) { 8743 if (!ssl->options.verifyNone) { 8744 /* handle failure */ 8745 SendAlert(ssl, alert_fatal, alertWhy); /* try to send */ 8746 ssl->options.isClosed = 1; 8747 } 8748 8749 /* Report SSL error */ 8750 ssl->error = ret; 8751 } 8752 8753 return ret; 8754 } 7697 8755 7698 8756 static void FreeProcPeerCertArgs(WOLFSSL* ssl, void* pArgs) … … 7702 8760 (void)ssl; 7703 8761 7704 if (args->domain) {7705 XFREE(args->domain, ssl->heap, DYNAMIC_TYPE_STRING);7706 args->domain = NULL;7707 }7708 8762 if (args->certs) { 7709 8763 XFREE(args->certs, ssl->heap, DYNAMIC_TYPE_DER); … … 7729 8783 word32 totalSz) 7730 8784 { 7731 int ret = 0 ;8785 int ret = 0, sigRet = 0; 7732 8786 #ifdef WOLFSSL_ASYNC_CRYPT 7733 8787 ProcPeerCertArgs* args = (ProcPeerCertArgs*)ssl->async.args; 7734 8788 typedef char args_test[sizeof(ssl->async.args) >= sizeof(*args) ? 1 : -1]; 7735 8789 (void)sizeof(args_test); 8790 #elif defined(WOLFSSL_NONBLOCK_OCSP) 8791 ProcPeerCertArgs* args = ssl->nonblockarg; 8792 #elif defined(WOLFSSL_SMALL_STACK) 8793 ProcPeerCertArgs* args = NULL; 7736 8794 #else 7737 8795 ProcPeerCertArgs args[1]; … … 7753 8811 } 7754 8812 else 8813 #elif defined(WOLFSSL_NONBLOCK_OCSP) 8814 if (args == NULL) { 8815 args = (ProcPeerCertArgs*)XMALLOC( 8816 sizeof(ProcPeerCertArgs), ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); 8817 if (args == NULL) { 8818 ERROR_OUT(MEMORY_E, exit_ppc); 8819 } 8820 } 8821 if (ssl->nonblockarg == NULL) /* new args */ 8822 #elif defined(WOLFSSL_SMALL_STACK) 8823 args = (ProcPeerCertArgs*)XMALLOC( 8824 sizeof(ProcPeerCertArgs), ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); 8825 if (args == NULL) { 8826 ERROR_OUT(MEMORY_E, exit_ppc); 8827 } 7755 8828 #endif 7756 8829 { … … 7763 8836 #ifdef WOLFSSL_ASYNC_CRYPT 7764 8837 ssl->async.freeArgs = FreeProcPeerCertArgs; 8838 #elif defined(WOLFSSL_NONBLOCK_OCSP) 8839 ssl->nonblockarg = args; 7765 8840 #endif 7766 8841 } … … 7774 8849 #ifdef WOLFSSL_CALLBACKS 7775 8850 if (ssl->hsInfoOn) 7776 AddPacketName( "Certificate", &ssl->handShakeInfo);8851 AddPacketName(ssl, "Certificate"); 7777 8852 if (ssl->toInfoOn) 7778 8853 AddLateName("Certificate", &ssl->timeoutInfo); … … 7842 8917 7843 8918 /* allocate buffer for certs */ 8919 #ifdef OPENSSL_EXTRA 8920 args->certs = (buffer*)XMALLOC(sizeof(buffer) * 8921 (ssl->verifyDepth + 1), ssl->heap, DYNAMIC_TYPE_DER); 8922 if (args->certs == NULL) { 8923 ERROR_OUT(MEMORY_E, exit_ppc); 8924 } 8925 XMEMSET(args->certs, 0, sizeof(buffer) * (ssl->verifyDepth + 1)); 8926 #else 7844 8927 args->certs = (buffer*)XMALLOC(sizeof(buffer) * MAX_CHAIN_DEPTH, 7845 8928 ssl->heap, DYNAMIC_TYPE_DER); … … 7848 8931 } 7849 8932 XMEMSET(args->certs, 0, sizeof(buffer) * MAX_CHAIN_DEPTH); 7850 8933 #endif /* OPENSSL_EXTRA */ 7851 8934 /* Certificate List */ 7852 8935 if ((args->idx - args->begin) + OPAQUE24_LEN > totalSz) { … … 7855 8938 c24to32(input + args->idx, &listSz); 7856 8939 args->idx += OPAQUE24_LEN; 7857 if (listSz > MAX_ RECORD_SIZE) {8940 if (listSz > MAX_CERTIFICATE_SZ) { 7858 8941 ERROR_OUT(BUFFER_ERROR, exit_ppc); 7859 8942 } … … 7868 8951 word32 certSz; 7869 8952 7870 if (args->totalCerts >= MAX_CHAIN_DEPTH) {7871 8953 #ifdef OPENSSL_EXTRA 8954 if (args->totalCerts > ssl->verifyDepth) { 7872 8955 ssl->peerVerifyRet = X509_V_ERR_CERT_CHAIN_TOO_LONG; 7873 #endif7874 8956 ERROR_OUT(MAX_CHAIN_ERROR, exit_ppc); 7875 8957 } 8958 #else 8959 if (args->totalCerts >= ssl->verifyDepth || 8960 args->totalCerts >= MAX_CHAIN_DEPTH) { 8961 ERROR_OUT(MAX_CHAIN_ERROR, exit_ppc); 8962 } 8963 #endif 7876 8964 7877 8965 if ((args->idx - args->begin) + OPAQUE24_LEN > totalSz) { … … 7913 9001 args->idx += extSz; 7914 9002 listSz -= extSz + OPAQUE16_LEN; 9003 ret = TLSX_Parse(ssl, args->exts[args->totalCerts].buffer, 9004 args->exts[args->totalCerts].length, certificate, NULL); 9005 if (ret < 0) 9006 return ret; 7915 9007 } 7916 9008 #endif … … 7924 9016 7925 9017 args->dCertInit = 0; 9018 #ifndef WOLFSSL_SMALL_CERT_VERIFY 7926 9019 args->dCert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), ssl->heap, 7927 9020 DYNAMIC_TYPE_DCERT); … … 7929 9022 ERROR_OUT(MEMORY_E, exit_ppc); 7930 9023 } 9024 #endif 7931 9025 7932 9026 /* Advance state and proceed */ … … 7947 9041 7948 9042 if (!args->dCertInit) { 9043 #ifdef WOLFSSL_SMALL_CERT_VERIFY 9044 if (args->dCert == NULL) { 9045 args->dCert = (DecodedCert*)XMALLOC( 9046 sizeof(DecodedCert), ssl->heap, 9047 DYNAMIC_TYPE_DCERT); 9048 if (args->dCert == NULL) { 9049 ERROR_OUT(MEMORY_E, exit_ppc); 9050 } 9051 } 9052 #endif 9053 7949 9054 InitDecodedCert(args->dCert, 7950 9055 cert->buffer, cert->length, ssl->heap); … … 7954 9059 #endif 7955 9060 args->dCertInit = 1; 9061 #ifdef HAVE_PK_CALLBACKS 9062 ret = InitSigPkCb(ssl, &args->dCert->sigCtx); 9063 if (ret != 0) 9064 goto exit_ppc; 9065 #endif 7956 9066 } 7957 9067 7958 9068 ret = ParseCertRelative(args->dCert, CERT_TYPE, 0, 7959 9069 ssl->ctx->cm); 7960 if (ret != 0 && ret != WC_PENDING_E)7961 goto exit_ppc;7962 7963 9070 #ifdef WOLFSSL_ASYNC_CRYPT 7964 9071 if (ret == WC_PENDING_E) { … … 7968 9075 } 7969 9076 #endif 9077 if (ret != 0) 9078 goto exit_ppc; 7970 9079 7971 9080 #ifndef NO_SKID … … 8015 9124 8016 9125 if (!args->dCertInit) { 9126 #ifdef WOLFSSL_SMALL_CERT_VERIFY 9127 if (args->dCert == NULL) { 9128 args->dCert = (DecodedCert*)XMALLOC( 9129 sizeof(DecodedCert), ssl->heap, 9130 DYNAMIC_TYPE_DCERT); 9131 if (args->dCert == NULL) { 9132 ERROR_OUT(MEMORY_E, exit_ppc); 9133 } 9134 } 9135 #endif 9136 8017 9137 InitDecodedCert(args->dCert, 8018 9138 cert->buffer, cert->length, ssl->heap); … … 8022 9142 #endif 8023 9143 args->dCertInit = 1; 9144 #ifdef HAVE_PK_CALLBACKS 9145 ret = InitSigPkCb(ssl, &args->dCert->sigCtx); 9146 if (ret != 0) 9147 goto exit_ppc; 9148 #endif 8024 9149 } 8025 9150 8026 9151 ret = ParseCertRelative(args->dCert, CERT_TYPE, 0, 8027 9152 ssl->ctx->cm); 8028 if (ret != 0 && ret != WC_PENDING_E) {8029 goto exit_ppc;8030 }8031 9153 #ifdef WOLFSSL_ASYNC_CRYPT 8032 9154 if (ret == WC_PENDING_E) { … … 8036 9158 } 8037 9159 #endif 9160 if (ret != 0) { 9161 goto exit_ppc; 9162 } 8038 9163 8039 9164 #ifndef NO_SKID … … 8044 9169 if (!AlreadySigner(ssl->ctx->cm, subjectHash)) 8045 9170 args->untrustedDepth = 1; 9171 8046 9172 FreeDecodedCert(args->dCert); 8047 9173 args->dCertInit = 0; … … 8061 9187 cert = &args->certs[args->certIdx]; 8062 9188 9189 #ifdef WOLFSSL_SMALL_CERT_VERIFY 9190 sigRet = 0; 9191 9192 if (!ssl->options.verifyNone) { 9193 if (args->dCert != NULL) { 9194 if (args->dCertInit) { 9195 FreeDecodedCert(args->dCert); 9196 args->dCertInit = 0; 9197 } 9198 XFREE(args->dCert, ssl->heap, DYNAMIC_TYPE_DCERT); 9199 args->dCert = NULL; 9200 } 9201 sigRet = CheckCertSignature(cert->buffer, cert->length, 9202 ssl->heap, ssl->ctx->cm); 9203 } 9204 #endif 8063 9205 if (!args->dCertInit) { 9206 #ifdef WOLFSSL_SMALL_CERT_VERIFY 9207 if (args->dCert == NULL) { 9208 args->dCert = (DecodedCert*)XMALLOC( 9209 sizeof(DecodedCert), ssl->heap, 9210 DYNAMIC_TYPE_DCERT); 9211 if (args->dCert == NULL) { 9212 ERROR_OUT(MEMORY_E, exit_ppc); 9213 } 9214 } 9215 #endif 9216 8064 9217 InitDecodedCert(args->dCert, 8065 9218 cert->buffer, cert->length, ssl->heap); … … 8069 9222 #endif 8070 9223 args->dCertInit = 1; 9224 #ifdef HAVE_PK_CALLBACKS 9225 ret = InitSigPkCb(ssl, &args->dCert->sigCtx); 9226 if (ret != 0) 9227 goto exit_ppc; 9228 #endif 8071 9229 } 8072 9230 9231 /* check if returning from non-blocking OCSP */ 9232 #ifdef WOLFSSL_NONBLOCK_OCSP 9233 if (args->lastErr != OCSP_WANT_READ) 9234 { 9235 #endif 9236 9237 #ifndef WOLFSSL_SMALL_CERT_VERIFY 9238 sigRet = ParseCertRelative(args->dCert, CERT_TYPE, 9239 !ssl->options.verifyNone, ssl->ctx->cm); 9240 #else 8073 9241 ret = ParseCertRelative(args->dCert, CERT_TYPE, 8074 !ssl->options.verifyNone, ssl->ctx->cm); 9242 !ssl->options.verifyNone ? VERIFY_NAME : NO_VERIFY, 9243 ssl->ctx->cm); 9244 if (ret != 0) { 9245 sigRet = ret; 9246 ret = 0; 9247 } 9248 #endif 8075 9249 #ifdef WOLFSSL_ASYNC_CRYPT 8076 if ( ret == WC_PENDING_E) {9250 if (sigRet == WC_PENDING_E) { 8077 9251 ret = wolfSSL_AsyncPush(ssl, 8078 9252 args->dCert->sigCtx.asyncDev); … … 8098 9272 WOLFSSL_MSG( 8099 9273 "RSA key size in cert chain error"); 8100 ret = RSA_KEY_SIZE_E;9274 sigRet = RSA_KEY_SIZE_E; 8101 9275 } 8102 9276 break; … … 8109 9283 WOLFSSL_MSG( 8110 9284 "ECC key size in cert chain error"); 8111 ret = ECC_KEY_SIZE_E;9285 sigRet = ECC_KEY_SIZE_E; 8112 9286 } 8113 9287 break; … … 8120 9294 WOLFSSL_MSG( 8121 9295 "ECC key size in cert chain error"); 8122 ret = ECC_KEY_SIZE_E;9296 sigRet = ECC_KEY_SIZE_E; 8123 9297 } 8124 9298 break; … … 8132 9306 } /* if (!ssl->options.verifyNone) */ 8133 9307 8134 if ( ret == 0 && args->dCert->isCA == 0) {9308 if (sigRet == 0 && args->dCert->isCA == 0) { 8135 9309 WOLFSSL_MSG("Chain cert is not a CA, not adding as one"); 8136 9310 } 8137 else if ( ret == 0 && ssl->options.verifyNone) {9311 else if (sigRet == 0 && ssl->options.verifyNone) { 8138 9312 WOLFSSL_MSG("Chain cert not verified by option, not adding as CA"); 8139 9313 } 8140 else if ( ret == 0 && !AlreadySigner(ssl->ctx->cm, subjectHash)) {9314 else if (sigRet == 0 && !AlreadySigner(ssl->ctx->cm, subjectHash)) { 8141 9315 DerBuffer* add = NULL; 8142 9316 ret = AllocDer(&add, cert->length, CA_TYPE, ssl->heap); … … 8148 9322 XMEMCPY(add->buffer, cert->buffer, cert->length); 8149 9323 8150 #if def WOLFSSL_NGINX9324 #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) 8151 9325 if (args->certIdx > args->untrustedDepth) 8152 args->untrustedDepth = args->certIdx + 1;9326 args->untrustedDepth = (char)args->certIdx + 1; 8153 9327 #endif 8154 9328 … … 8166 9340 8167 9341 /* clear last CA fail since CA cert was validated */ 9342 if (!args->verifyErr) 8168 9343 args->lastCaErr = 0; 8169 9344 … … 8175 9350 #endif 8176 9351 } 8177 else if ( ret != 0) {9352 else if (sigRet != 0) { 8178 9353 WOLFSSL_MSG("Failed to verify CA from chain"); 8179 #ifdef WOLFSSL_ALT_CERT_CHAINS8180 if (args->lastCaErr == 0) {8181 /* store CA error and proceed to next cert */8182 args->lastCaErr = ret;8183 ret = 0;8184 }8185 else {8186 args->lastErr = args->lastCaErr;8187 }8188 #endif8189 9354 #ifdef OPENSSL_EXTRA 8190 9355 ssl->peerVerifyRet = X509_V_ERR_INVALID_CA; … … 8195 9360 } 8196 9361 9362 #ifdef WOLFSSL_NONBLOCK_OCSP 9363 } 9364 else { 9365 args->lastErr = 0; /* clear last error */ 9366 } 9367 #endif 9368 8197 9369 #if defined(HAVE_OCSP) || defined(HAVE_CRL) 8198 if (ret == 0 ) {9370 if (ret == 0 && sigRet == 0) { 8199 9371 int doCrlLookup = 1; 8200 9372 #ifdef HAVE_OCSP … … 8211 9383 ret = CheckCertOCSP_ex(ssl->ctx->cm->ocsp, 8212 9384 args->dCert, NULL, ssl); 8213 #ifdef WOLFSSL_ ASYNC_CRYPT8214 /* non-blocking socket re-entry requires async */8215 if (ret == WANT_READ) {9385 #ifdef WOLFSSL_NONBLOCK_OCSP 9386 if (ret == OCSP_WANT_READ) { 9387 args->lastErr = ret; 8216 9388 goto exit_ppc; 8217 9389 } … … 8231 9403 WOLFSSL_MSG("Doing Non Leaf CRL check"); 8232 9404 ret = CheckCertCRL(ssl->ctx->cm->crl, args->dCert); 8233 #ifdef WOLFSSL_ ASYNC_CRYPT8234 /* non-blocking socket re-entry requires async */8235 if (ret == WANT_READ) {9405 #ifdef WOLFSSL_NONBLOCK_OCSP 9406 if (ret == OCSP_WANT_READ) { 9407 args->lastErr = ret; 8236 9408 goto exit_ppc; 8237 9409 } … … 8243 9415 #endif /* HAVE_CRL */ 8244 9416 (void)doCrlLookup; 9417 9418 if (ret != 0) 9419 sigRet = ret; 8245 9420 } 8246 9421 #endif /* HAVE_OCSP || HAVE_CRL */ 8247 9422 8248 if (ret != 0 && args->lastErr == 0) { 8249 args->lastErr = ret; /* save error from last time */ 8250 ret = 0; /* reset error */ 9423 /* Do verify callback */ 9424 sigRet = DoVerifyCallback(ssl, sigRet, args); 9425 9426 /* Handle error codes */ 9427 #ifdef WOLFSSL_ALT_CERT_CHAINS 9428 if (args->lastCaErr == 0) { 9429 /* capture CA error and proceed to next cert */ 9430 args->lastCaErr = sigRet; 9431 sigRet = 0; 9432 } 9433 else { 9434 args->lastErr = args->lastCaErr; 9435 } 9436 #endif 9437 if (sigRet != 0 && args->lastErr == 0) { 9438 args->lastErr = sigRet; /* save error from last time */ 9439 sigRet = 0; /* reset error */ 8251 9440 } 8252 9441 … … 8257 9446 } /* if (count > 0) */ 8258 9447 9448 if (sigRet != 0) 9449 ret = sigRet; 8259 9450 /* Check for error */ 8260 9451 if (ret != 0) { … … 8276 9467 cert = &args->certs[args->certIdx]; 8277 9468 9469 #ifdef WOLFSSL_SMALL_CERT_VERIFY 9470 sigRet = 0; 9471 9472 if (!ssl->options.verifyNone) { 9473 if (args->dCert != NULL) { 9474 if (args->dCertInit) { 9475 FreeDecodedCert(args->dCert); 9476 args->dCertInit = 0; 9477 } 9478 XFREE(args->dCert, ssl->heap, DYNAMIC_TYPE_DCERT); 9479 args->dCert = NULL; 9480 } 9481 sigRet = CheckCertSignature(cert->buffer, cert->length, 9482 ssl->heap, ssl->ctx->cm); 9483 } 9484 #endif 8278 9485 if (!args->dCertInit) { 9486 if (args->dCert == NULL) { 9487 args->dCert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), 9488 ssl->heap, DYNAMIC_TYPE_DCERT); 9489 if (args->dCert == NULL) { 9490 ERROR_OUT(MEMORY_E, exit_ppc); 9491 } 9492 } 9493 8279 9494 InitDecodedCert(args->dCert, 8280 9495 cert->buffer, cert->length, ssl->heap); … … 8284 9499 #endif 8285 9500 args->dCertInit = 1; 9501 #ifdef HAVE_PK_CALLBACKS 9502 ret = InitSigPkCb(ssl, &args->dCert->sigCtx); 9503 if (ret != 0) 9504 goto exit_ppc; 9505 #endif 8286 9506 } 8287 9507 … … 8291 9511 { 8292 9512 /* only parse if not already present in dCert from above */ 9513 #ifndef WOLFSSL_SMALL_CERT_VERIFY 9514 sigRet = ParseCertRelative(args->dCert, CERT_TYPE, 9515 !ssl->options.verifyNone, ssl->ctx->cm); 9516 #else 8293 9517 ret = ParseCertRelative(args->dCert, CERT_TYPE, 8294 !ssl->options.verifyNone, ssl->ctx->cm); 9518 !ssl->options.verifyNone ? VERIFY_NAME : NO_VERIFY, 9519 ssl->ctx->cm); 9520 if (ret != 0) { 9521 sigRet = ret; 9522 ret = 0; 9523 } 9524 #endif 8295 9525 #ifdef WOLFSSL_ASYNC_CRYPT 8296 if ( ret == WC_PENDING_E) {9526 if (sigRet == WC_PENDING_E) { 8297 9527 ret = wolfSSL_AsyncPush(ssl, 8298 9528 args->dCert->sigCtx.asyncDev); … … 8302 9532 } 8303 9533 8304 if ( ret == 0) {9534 if (sigRet == 0) { 8305 9535 WOLFSSL_MSG("Verified Peer's cert"); 8306 9536 #ifdef OPENSSL_EXTRA … … 8313 9543 } 8314 9544 #endif /* SESSION_CERTS && WOLFSSL_ALT_CERT_CHAINS */ 9545 9546 /* check if fatal error */ 9547 if (args->verifyErr) { 9548 args->fatal = 1; 9549 if (sigRet == 0) { 9550 sigRet = args->lastErr; 9551 } 9552 #ifdef WOLFSSL_ALT_CERT_CHAINS 9553 if (sigRet == 0) { 9554 sigRet = args->lastCaErr; 9555 } 9556 #endif 9557 } 9558 else { 8315 9559 args->fatal = 0; 8316 9560 } 8317 else if (ret == ASN_PARSE_E || ret == BUFFER_E) { 9561 } 9562 else if (sigRet == ASN_PARSE_E || sigRet == BUFFER_E) { 8318 9563 WOLFSSL_MSG("Got Peer cert ASN PARSE or BUFFER ERROR"); 8319 9564 #ifdef OPENSSL_EXTRA 9565 SendAlert(ssl, alert_fatal, bad_certificate); 8320 9566 ssl->peerVerifyRet = X509_V_ERR_CERT_REJECTED; 8321 9567 #endif … … 8330 9576 WOLFSSL_MSG( 8331 9577 "\tCallback override available, will continue"); 8332 args->fatal = 0; 9578 /* check if fatal error */ 9579 args->fatal = (args->verifyErr) ? 1 : 0; 8333 9580 } 8334 9581 else { 8335 9582 WOLFSSL_MSG("\tNo callback override available, fatal"); 8336 9583 args->fatal = 1; 9584 #ifdef OPENSSL_EXTRA 9585 SendAlert(ssl, alert_fatal, bad_certificate); 9586 #endif 8337 9587 } 8338 9588 } … … 8350 9600 "Peer sent different cert during scr, fatal"); 8351 9601 args->fatal = 1; 8352 ret = SCR_DIFFERENT_CERT_E;9602 sigRet = SCR_DIFFERENT_CERT_E; 8353 9603 } 8354 9604 } … … 8361 9611 } 8362 9612 #endif /* HAVE_SECURE_RENEGOTIATION */ 8363 9613 } /* if (count > 0) */ 9614 9615 if (sigRet != 0) 9616 ret = sigRet; 9617 /* Check for error */ 9618 if (args->fatal && ret != 0) { 9619 goto exit_ppc; 9620 } 9621 9622 /* Advance state and proceed */ 9623 ssl->options.asyncState = TLS_ASYNC_VERIFY; 9624 } /* case TLS_ASYNC_DO */ 9625 FALL_THROUGH; 9626 9627 case TLS_ASYNC_VERIFY: 9628 { 9629 if (args->count > 0) { 8364 9630 #if defined(HAVE_OCSP) || defined(HAVE_CRL) 8365 9631 if (args->fatal == 0) { … … 8372 9638 args->dCert, ssl->heap); 8373 9639 doLookup = 0; 9640 #ifdef WOLFSSL_TLS13 9641 if (ssl->options.tls1_3) { 9642 TLSX* ext = TLSX_Find(ssl->extensions, 9643 TLSX_STATUS_REQUEST); 9644 if (ext != NULL) { 9645 word32 idx = 0; 9646 CertificateStatusRequest* csr = 9647 (CertificateStatusRequest*)ext->data; 9648 ret = ProcessCSR(ssl, csr->response.buffer, 9649 &idx, csr->response.length); 9650 if (ret < 0) 9651 goto exit_ppc; 9652 } 9653 } 9654 #endif 8374 9655 } 8375 9656 #endif /* HAVE_CERTIFICATE_STATUS_REQUEST */ … … 8388 9669 ret = CheckCertOCSP_ex(ssl->ctx->cm->ocsp, 8389 9670 args->dCert, NULL, ssl); 8390 #ifdef WOLFSSL_ASYNC_CRYPT 8391 /* non-blocking socket re-entry requires async */ 8392 if (ret == WANT_READ) { 9671 #ifdef WOLFSSL_NONBLOCK_OCSP 9672 if (ret == OCSP_WANT_READ) { 8393 9673 goto exit_ppc; 8394 9674 } … … 8409 9689 WOLFSSL_MSG("Doing Leaf CRL check"); 8410 9690 ret = CheckCertCRL(ssl->ctx->cm->crl, args->dCert); 8411 #ifdef WOLFSSL_ASYNC_CRYPT 8412 /* non-blocking socket re-entry requires async */ 8413 if (ret == WANT_READ) { 9691 #ifdef WOLFSSL_NONBLOCK_OCSP 9692 if (ret == OCSP_WANT_READ) { 8414 9693 goto exit_ppc; 8415 9694 } … … 8433 9712 int copyRet = CopyDecodedToX509(&ssl->peerCert, 8434 9713 args->dCert); 8435 if (copyRet == MEMORY_E) 9714 if (copyRet == MEMORY_E) { 8436 9715 args->fatal = 1; 8437 9716 } 9717 } 8438 9718 #endif /* KEEP_PEER_CERT */ 8439 9719 8440 9720 #ifndef IGNORE_KEY_EXTENSIONS 9721 #if defined(OPENSSL_EXTRA) 9722 /* when compatibility layer is turned on and no verify is 9723 * set then ignore the certificate key extension */ 9724 if (args->dCert->extKeyUsageSet && 9725 args->dCert->extKeyUsageCrit == 0 && 9726 ssl->options.verifyNone) { 9727 WOLFSSL_MSG("Not verifying certificate key usage"); 9728 } 9729 else 9730 #endif 8441 9731 if (args->dCert->extKeyUsageSet) { 8442 9732 if ((ssl->specs.kea == rsa_kea) && … … 8454 9744 } 8455 9745 9746 #if defined(OPENSSL_EXTRA) 9747 /* when compatibility layer is turned on and no verify is 9748 * set then ignore the certificate key extension */ 9749 if (args->dCert->extExtKeyUsageSet && 9750 args->dCert->extExtKeyUsageCrit == 0 && 9751 ssl->options.verifyNone) { 9752 WOLFSSL_MSG("Not verifying certificate ext key usage"); 9753 } 9754 else 9755 #endif 8456 9756 if (args->dCert->extExtKeyUsageSet) { 8457 9757 if (ssl->options.side == WOLFSSL_CLIENT_END) { … … 8475 9775 ssl->error = ret; 8476 9776 #ifdef OPENSSL_EXTRA 9777 SendAlert(ssl, alert_fatal, bad_certificate); 8477 9778 ssl->peerVerifyRet = X509_V_ERR_CERT_REJECTED; 8478 9779 #endif … … 8481 9782 8482 9783 ssl->options.havePeerCert = 1; 8483 } /* if (count > 0) */ 8484 8485 /* Check for error */ 8486 if (args->fatal && ret != 0) { 8487 goto exit_ppc; 8488 } 8489 8490 /* Advance state and proceed */ 8491 ssl->options.asyncState = TLS_ASYNC_VERIFY; 8492 } /* case TLS_ASYNC_DO */ 8493 FALL_THROUGH; 8494 8495 case TLS_ASYNC_VERIFY: 8496 { 8497 if (args->count > 0) { 8498 args->domain = (char*)XMALLOC(ASN_NAME_MAX, ssl->heap, 8499 DYNAMIC_TYPE_STRING); 8500 if (args->domain == NULL) { 8501 ERROR_OUT(MEMORY_E, exit_ppc); 9784 9785 if (!ssl->options.verifyNone && ssl->buffers.domainName.buffer) { 9786 #ifndef WOLFSSL_ALLOW_NO_CN_IN_SAN 9787 /* Per RFC 5280 section 4.2.1.6, "Whenever such identities 9788 * are to be bound into a certificate, the subject 9789 * alternative name extension MUST be used." */ 9790 if (args->dCert->altNames) { 9791 if (CheckAltNames(args->dCert, 9792 (char*)ssl->buffers.domainName.buffer) == 0 ) { 9793 WOLFSSL_MSG("DomainName match on alt names failed"); 9794 /* try to get peer key still */ 9795 ret = DOMAIN_NAME_MISMATCH; 8502 9796 } 8503 8504 /* store for callback use */8505 if (args->dCert->subjectCNLen < ASN_NAME_MAX) {8506 XMEMCPY(args->domain, args->dCert->subjectCN, args->dCert->subjectCNLen);8507 args->domain[args->dCert->subjectCNLen] = '\0';8508 9797 } 8509 9798 else { 8510 args->domain[0] = '\0'; 9799 if (MatchDomainName( 9800 args->dCert->subjectCN, 9801 args->dCert->subjectCNLen, 9802 (char*)ssl->buffers.domainName.buffer) == 0) { 9803 WOLFSSL_MSG("DomainName match on common name failed"); 9804 ret = DOMAIN_NAME_MISMATCH; 8511 9805 } 8512 8513 if (!ssl->options.verifyNone && ssl->buffers.domainName.buffer) { 9806 } 9807 #else /* WOLFSSL_ALL_NO_CN_IN_SAN */ 9808 /* Old behavior. */ 8514 9809 if (MatchDomainName(args->dCert->subjectCN, 8515 9810 args->dCert->subjectCNLen, … … 8524 9819 } 8525 9820 } 9821 #endif /* WOLFSSL_ALL_NO_CN_IN_SAN */ 8526 9822 } 8527 9823 … … 8599 9895 case ECDSAk: 8600 9896 { 8601 int curveId;8602 9897 int keyRet = 0; 9898 word32 idx = 0; 9899 8603 9900 if (ssl->peerEccDsaKey == NULL) { 8604 9901 /* alloc/init on demand */ … … 8611 9908 } 8612 9909 8613 curveId = wc_ecc_get_oid(args->dCert->keyOID, NULL, NULL);8614 9910 if (keyRet != 0 || 8615 wc_ ecc_import_x963_ex(args->dCert->publicKey,8616 args->dCert->pubKeySize,ssl->peerEccDsaKey,8617 curveId) != 0) {9911 wc_EccPublicKeyDecode(args->dCert->publicKey, &idx, 9912 ssl->peerEccDsaKey, 9913 args->dCert->pubKeySize) != 0) { 8618 9914 ret = PEER_KEY_ERROR; 8619 9915 } … … 8697 9993 break; 8698 9994 } 8699 #endif /* HAVE_E CC*/9995 #endif /* HAVE_ED25519 */ 8700 9996 default: 8701 9997 break; 8702 9998 } 8703 9999 8704 FreeDecodedCert(args->dCert); 8705 args->dCertInit = 0; 8706 8707 /* release since we don't need it anymore */ 8708 if (args->dCert) { 8709 XFREE(args->dCert, ssl->heap, DYNAMIC_TYPE_DCERT); 8710 args->dCert = NULL; 8711 } 10000 /* args->dCert free'd in function cleanup after callback */ 8712 10001 } /* if (count > 0) */ 8713 10002 … … 8724 10013 case TLS_ASYNC_FINALIZE: 8725 10014 { 8726 #ifdef WOLFSSL_SMALL_STACK8727 WOLFSSL_X509_STORE_CTX* store = (WOLFSSL_X509_STORE_CTX*)XMALLOC(8728 sizeof(WOLFSSL_X509_STORE_CTX), ssl->heap,8729 DYNAMIC_TYPE_X509_STORE);8730 if (store == NULL) {8731 ERROR_OUT(MEMORY_E, exit_ppc);8732 }8733 #else8734 WOLFSSL_X509_STORE_CTX store[1];8735 #endif8736 8737 XMEMSET(store, 0, sizeof(WOLFSSL_X509_STORE_CTX));8738 8739 10015 /* load last error */ 8740 10016 if (args->lastErr != 0 && ret == 0) { … … 8748 10024 } 8749 10025 #endif 8750 if (ret != 0) { 8751 if (!ssl->options.verifyNone) { 8752 int why = bad_certificate; 8753 8754 if (ret == ASN_AFTER_DATE_E || ret == ASN_BEFORE_DATE_E) { 8755 why = certificate_expired; 8756 } 8757 if (ssl->verifyCallback) { 8758 int ok; 8759 8760 store->error = ret; 8761 store->error_depth = args->totalCerts; 8762 store->discardSessionCerts = 0; 8763 store->domain = args->domain; 8764 store->userCtx = ssl->verifyCbCtx; 8765 store->certs = args->certs; 8766 store->totalCerts = args->totalCerts; 8767 #ifdef KEEP_PEER_CERT 8768 if (ssl->peerCert.subject.sz > 0) 8769 store->current_cert = &ssl->peerCert; 8770 else 8771 store->current_cert = NULL; 8772 #else 8773 store->current_cert = NULL; 8774 #endif /* KEEP_PEER_CERT */ 8775 #if defined(HAVE_EX_DATA) || defined(HAVE_FORTRESS) 8776 store->ex_data = ssl; 8777 #endif 8778 ok = ssl->verifyCallback(0, store); 8779 if (ok) { 8780 WOLFSSL_MSG("Verify callback overriding error!"); 8781 ret = 0; 8782 } 8783 #ifdef SESSION_CERTS 8784 if (store->discardSessionCerts) { 8785 WOLFSSL_MSG("Verify callback requested discard sess certs"); 8786 ssl->session.chain.count = 0; 8787 #ifdef WOLFSSL_ALT_CERT_CHAINS 8788 ssl->session.altChain.count = 0; 8789 #endif 8790 } 8791 #endif /* SESSION_CERTS */ 8792 } 8793 if (ret != 0) { 8794 SendAlert(ssl, alert_fatal, why); /* try to send */ 8795 ssl->options.isClosed = 1; 8796 } 8797 } 8798 ssl->error = ret; 8799 } 8800 #ifdef WOLFSSL_ALWAYS_VERIFY_CB 8801 else { 8802 if (ssl->verifyCallback) { 8803 int ok; 8804 8805 store->error = ret; 8806 #ifdef WOLFSSL_WPAS 8807 store->error_depth = 0; 8808 #else 8809 store->error_depth = args->totalCerts; 8810 #endif 8811 store->discardSessionCerts = 0; 8812 store->domain = args->domain; 8813 store->userCtx = ssl->verifyCbCtx; 8814 store->certs = args->certs; 8815 store->totalCerts = args->totalCerts; 8816 #ifdef KEEP_PEER_CERT 8817 if (ssl->peerCert.subject.sz > 0) 8818 store->current_cert = &ssl->peerCert; 8819 else 8820 store->current_cert = NULL; 8821 #endif 8822 store->ex_data = ssl; 8823 8824 ok = ssl->verifyCallback(1, store); 8825 if (!ok) { 8826 WOLFSSL_MSG("Verify callback overriding valid certificate!"); 8827 ret = -1; 8828 SendAlert(ssl, alert_fatal, bad_certificate); 8829 ssl->options.isClosed = 1; 8830 } 8831 #ifdef SESSION_CERTS 8832 if (store->discardSessionCerts) { 8833 WOLFSSL_MSG("Verify callback requested discard sess certs"); 8834 ssl->session.chain.count = 0; 8835 #ifdef WOLFSSL_ALT_CERT_CHAINS 8836 ssl->session.altChain.count = 0; 8837 #endif 8838 } 8839 #endif /* SESSION_CERTS */ 8840 } 8841 } 8842 #endif /* WOLFSSL_ALWAYS_VERIFY_CB */ 10026 10027 /* Do verify callback */ 10028 ret = DoVerifyCallback(ssl, ret, args); 8843 10029 8844 10030 if (ssl->options.verifyNone && … … 8856 10042 } 8857 10043 8858 #ifdef WOLFSSL_SMALL_STACK8859 XFREE(store, ssl->heap, DYNAMIC_TYPE_X509_STORE);8860 #endif8861 10044 /* Advance state and proceed */ 8862 10045 ssl->options.asyncState = TLS_ASYNC_END; … … 8880 10063 WOLFSSL_LEAVE("ProcessPeerCerts", ret); 8881 10064 8882 #ifdef WOLFSSL_ASYNC_CRYPT 8883 if (ret == WC_PENDING_E || ret == WANT_READ) { 8884 /* Mark message as not recevied so it can process again */ 10065 10066 #if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLFSSL_NONBLOCK_OCSP) 10067 if (ret == WC_PENDING_E || ret == OCSP_WANT_READ) { 10068 /* Mark message as not received so it can process again */ 8885 10069 ssl->msgsReceived.got_certificate = 0; 8886 10070 8887 10071 return ret; 8888 10072 } 8889 #endif /* WOLFSSL_ASYNC_CRYPT */10073 #endif /* WOLFSSL_ASYNC_CRYPT || WOLFSSL_NONBLOCK_OCSP */ 8890 10074 8891 10075 FreeProcPeerCertArgs(ssl, args); 10076 10077 #if defined(WOLFSSL_ASYNC_CRYPT) 10078 #elif defined(WOLFSSL_NONBLOCK_OCSP) 10079 XFREE(args, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); 10080 ssl->nonblockarg = NULL; 10081 #elif defined(WOLFSSL_SMALL_STACK) 10082 XFREE(args, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER); 10083 #endif 10084 8892 10085 FreeKeyExchange(ssl); 8893 10086 … … 8895 10088 } 8896 10089 10090 #ifndef WOLFSSL_NO_TLS12 10091 10092 /* handle processing of certificate (11) */ 8897 10093 static int DoCertificate(WOLFSSL* ssl, byte* input, word32* inOutIdx, 8898 10094 word32 size) 8899 10095 { 8900 return ProcessPeerCerts(ssl, input, inOutIdx, size); 10096 int ret; 10097 10098 WOLFSSL_START(WC_FUNC_CERTIFICATE_DO); 10099 WOLFSSL_ENTER("DoCertificate"); 10100 10101 #ifdef SESSION_CERTS 10102 /* Reset the session cert chain count in case the session resume failed. */ 10103 ssl->session.chain.count = 0; 10104 #ifdef WOLFSSL_ALT_CERT_CHAINS 10105 ssl->session.altChain.count = 0; 10106 #endif 10107 #endif /* SESSION_CERTS */ 10108 10109 ret = ProcessPeerCerts(ssl, input, inOutIdx, size); 10110 10111 #ifdef OPENSSL_EXTRA 10112 ssl->options.serverState = SERVER_CERT_COMPLETE; 10113 #endif 10114 10115 WOLFSSL_LEAVE("DoCertificate", ret); 10116 WOLFSSL_END(WC_FUNC_CERTIFICATE_DO); 10117 10118 return ret; 8901 10119 } 8902 10120 10121 /* handle processing of certificate_status (22) */ 8903 10122 static int DoCertificateStatus(WOLFSSL* ssl, byte* input, word32* inOutIdx, 8904 10123 word32 size) … … 8908 10127 word32 status_length; 8909 10128 10129 WOLFSSL_START(WC_FUNC_CERTIFICATE_STATUS_DO); 10130 WOLFSSL_ENTER("DoCertificateStatus"); 10131 8910 10132 if (size < ENUM_LEN + OPAQUE24_LEN) 8911 10133 return BUFFER_ERROR; … … 8925 10147 8926 10148 /* WOLFSSL_CSR_OCSP overlaps with WOLFSSL_CSR2_OCSP */ 8927 case WOLFSSL_CSR2_OCSP: { 10149 case WOLFSSL_CSR2_OCSP: 10150 ret = ProcessCSR(ssl, input, inOutIdx, status_length); 10151 break; 10152 10153 #endif 10154 10155 #if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) 10156 10157 case WOLFSSL_CSR2_OCSP_MULTI: { 8928 10158 OcspRequest* request; 10159 word32 list_length = status_length; 10160 byte idx = 0; 8929 10161 8930 10162 #ifdef WOLFSSL_SMALL_STACK … … 8937 10169 8938 10170 do { 8939 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST8940 if (ssl->status_request) {8941 request = (OcspRequest*)TLSX_CSR_GetRequest(8942 ssl->extensions);8943 ssl->status_request = 0;8944 break;8945 }8946 #endif8947 8948 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V28949 if (ssl->status_request_v2) {8950 request = (OcspRequest*)TLSX_CSR2_GetRequest(8951 ssl->extensions, status_type, 0);8952 ssl->status_request_v2 = 0;8953 break;8954 }8955 #endif8956 8957 return BUFFER_ERROR;8958 } while(0);8959 8960 if (request == NULL)8961 return BAD_CERTIFICATE_STATUS_ERROR; /* not expected */8962 8963 #ifdef WOLFSSL_SMALL_STACK8964 status = (CertStatus*)XMALLOC(sizeof(CertStatus), ssl->heap,8965 DYNAMIC_TYPE_OCSP_STATUS);8966 response = (OcspResponse*)XMALLOC(sizeof(OcspResponse), ssl->heap,8967 DYNAMIC_TYPE_OCSP_REQUEST);8968 8969 if (status == NULL || response == NULL) {8970 if (status)8971 XFREE(status, NULL, DYNAMIC_TYPE_OCSP_STATUS);8972 if (response)8973 XFREE(response, NULL, DYNAMIC_TYPE_OCSP_REQUEST);8974 8975 return MEMORY_ERROR;8976 }8977 #endif8978 8979 InitOcspResponse(response, status, input +*inOutIdx, status_length);8980 8981 if (OcspResponseDecode(response, ssl->ctx->cm, ssl->heap, 0) != 0)8982 ret = BAD_CERTIFICATE_STATUS_ERROR;8983 else if (CompareOcspReqResp(request, response) != 0)8984 ret = BAD_CERTIFICATE_STATUS_ERROR;8985 else if (response->responseStatus != OCSP_SUCCESSFUL)8986 ret = BAD_CERTIFICATE_STATUS_ERROR;8987 else if (response->status->status == CERT_REVOKED)8988 ret = OCSP_CERT_REVOKED;8989 else if (response->status->status != CERT_GOOD)8990 ret = BAD_CERTIFICATE_STATUS_ERROR;8991 8992 *inOutIdx += status_length;8993 8994 #ifdef WOLFSSL_SMALL_STACK8995 XFREE(status, ssl->heap, DYNAMIC_TYPE_OCSP_STATUS);8996 XFREE(response, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);8997 #endif8998 8999 }9000 break;9001 9002 #endif9003 9004 #if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)9005 9006 case WOLFSSL_CSR2_OCSP_MULTI: {9007 OcspRequest* request;9008 word32 list_length = status_length;9009 byte idx = 0;9010 9011 #ifdef WOLFSSL_SMALL_STACK9012 CertStatus* status;9013 OcspResponse* response;9014 #else9015 CertStatus status[1];9016 OcspResponse response[1];9017 #endif9018 9019 do {9020 10171 if (ssl->status_request_v2) { 9021 10172 ssl->status_request_v2 = 0; … … 9105 10256 SendAlert(ssl, alert_fatal, bad_certificate_status_response); 9106 10257 10258 if (IsEncryptionOn(ssl, 0)) { 10259 if (*inOutIdx + ssl->keys.padSz > size) 10260 return BUFFER_E; 10261 *inOutIdx += ssl->keys.padSz; 10262 } 10263 10264 WOLFSSL_LEAVE("DoCertificateStatus", ret); 10265 WOLFSSL_END(WC_FUNC_CERTIFICATE_STATUS_DO); 10266 9107 10267 return ret; 9108 10268 } 9109 10269 10270 #endif /* !WOLFSSL_NO_TLS12 */ 10271 9110 10272 #endif /* !NO_CERTS */ 9111 10273 10274 #ifndef WOLFSSL_NO_TLS12 9112 10275 9113 10276 static int DoHelloRequest(WOLFSSL* ssl, const byte* input, word32* inOutIdx, … … 9116 10279 (void)input; 9117 10280 10281 WOLFSSL_START(WC_FUNC_HELLO_REQUEST_DO); 10282 WOLFSSL_ENTER("DoHelloRequest"); 10283 9118 10284 if (size) /* must be 0 */ 9119 10285 return BUFFER_ERROR; … … 9134 10300 else if (ssl->secure_renegotiation && ssl->secure_renegotiation->enabled) { 9135 10301 ssl->secure_renegotiation->startScr = 1; 10302 WOLFSSL_LEAVE("DoHelloRequest", 0); 10303 WOLFSSL_END(WC_FUNC_HELLO_REQUEST_DO); 9136 10304 return 0; 9137 10305 } … … 9148 10316 word32 finishedSz = (ssl->options.tls ? TLS_FINISHED_SZ : FINISHED_SZ); 9149 10317 10318 WOLFSSL_START(WC_FUNC_FINISHED_DO); 10319 WOLFSSL_ENTER("DoFinished"); 10320 9150 10321 if (finishedSz != size) 9151 10322 return BUFFER_ERROR; … … 9156 10327 9157 10328 #ifdef WOLFSSL_CALLBACKS 9158 if (ssl->hsInfoOn) AddPacketName( "Finished", &ssl->handShakeInfo);10329 if (ssl->hsInfoOn) AddPacketName(ssl, "Finished"); 9159 10330 if (ssl->toInfoOn) AddLateName("Finished", &ssl->timeoutInfo); 9160 10331 #endif … … 9176 10347 XMEMCPY(ssl->secure_renegotiation->client_verify_data, 9177 10348 input + *inOutIdx, TLS_FINISHED_SZ); 10349 ssl->secure_renegotiation->verifySet = 1; 9178 10350 } 9179 10351 #endif … … 9184 10356 if (ssl->options.side == WOLFSSL_CLIENT_END) { 9185 10357 ssl->options.serverState = SERVER_FINISHED_COMPLETE; 10358 #ifdef OPENSSL_EXTRA 10359 ssl->cbmode = SSL_CB_MODE_WRITE; 10360 ssl->options.clientState = CLIENT_FINISHED_COMPLETE; 10361 #endif 9186 10362 if (!ssl->options.resuming) { 10363 #ifdef OPENSSL_EXTRA 10364 if (ssl->CBIS != NULL) { 10365 ssl->CBIS(ssl, SSL_CB_CONNECT_LOOP, SSL_SUCCESS); 10366 } 10367 #endif 9187 10368 ssl->options.handShakeState = HANDSHAKE_DONE; 9188 10369 ssl->options.handShakeDone = 1; … … 9191 10372 else { 9192 10373 ssl->options.clientState = CLIENT_FINISHED_COMPLETE; 10374 #ifdef OPENSSL_EXTRA 10375 ssl->cbmode = SSL_CB_MODE_READ; 10376 ssl->options.serverState = SERVER_FINISHED_COMPLETE; 10377 #endif 9193 10378 if (ssl->options.resuming) { 10379 #ifdef OPENSSL_EXTRA 10380 if (ssl->CBIS != NULL) { 10381 ssl->CBIS(ssl, SSL_CB_ACCEPT_LOOP, SSL_SUCCESS); 10382 } 10383 #endif 9194 10384 ssl->options.handShakeState = HANDSHAKE_DONE; 9195 10385 ssl->options.handShakeDone = 1; 9196 10386 } 9197 10387 } 10388 10389 WOLFSSL_LEAVE("DoFinished", 0); 10390 WOLFSSL_END(WC_FUNC_FINISHED_DO); 9198 10391 9199 10392 return 0; … … 9524 10717 (ssl->keys.encryptionOn ? ssl->keys.padSz : 0); 9525 10718 10719 #if !defined(WOLFSSL_NO_SERVER) && \ 10720 defined(HAVE_SECURE_RENEGOTIATION) && \ 10721 defined(HAVE_SERVER_RENEGOTIATION_INFO) 10722 if (ssl->options.handShakeDone && type == client_hello && 10723 ssl->secure_renegotiation && 10724 ssl->secure_renegotiation->enabled) 10725 { 10726 WOLFSSL_MSG("Reset handshake state"); 10727 XMEMSET(&ssl->msgsReceived, 0, sizeof(MsgsReceived)); 10728 ssl->options.serverState = NULL_STATE; 10729 ssl->options.clientState = NULL_STATE; 10730 ssl->options.connectState = CONNECT_BEGIN; 10731 ssl->options.acceptState = ACCEPT_FIRST_REPLY_DONE; 10732 ssl->options.handShakeState = NULL_STATE; 10733 ssl->secure_renegotiation->cache_status = SCR_CACHE_NEEDED; 10734 10735 ret = InitHandshakeHashes(ssl); 10736 if (ret != 0) 10737 return ret; 10738 } 10739 #endif 10740 9526 10741 /* sanity check msg received */ 9527 10742 if ( (ret = SanityCheckMsgReceived(ssl, type)) != 0) { … … 9530 10745 } 9531 10746 9532 #if def WOLFSSL_CALLBACKS10747 #if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA) 9533 10748 /* add name later, add on record and handshake header part back on */ 9534 10749 if (ssl->toInfoOn) { 9535 10750 int add = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ; 9536 AddPacketInfo(0, &ssl->timeoutInfo, input + *inOutIdx - add, 9537 size + add, ssl->heap); 10751 AddPacketInfo(ssl, 0, handshake, input + *inOutIdx - add, 10752 size + add, READ_PROTO, ssl->heap); 10753 #ifdef WOLFSSL_CALLBACKS 9538 10754 AddLateRecordHeader(&ssl->curRL, &ssl->timeoutInfo); 10755 #endif 9539 10756 } 9540 10757 #endif … … 9573 10790 * hashed later if the DTLS cookie is correct. */ 9574 10791 if (type != hello_request && 9575 !(IsDtlsNotSctpMode(ssl) && type == client_hello) && 9576 ssl->error != WC_PENDING_E) { 10792 !(IsDtlsNotSctpMode(ssl) && type == client_hello) 10793 #ifdef WOLFSSL_ASYNC_CRYPT 10794 && ssl->error != WC_PENDING_E 10795 #endif 10796 #ifdef WOLFSSL_NONBLOCK_OCSP 10797 && ssl->error != OCSP_WANT_READ 10798 #endif 10799 ) { 9577 10800 ret = HashInput(ssl, input + *inOutIdx, size); 9578 10801 if (ret != 0) return ret; 9579 10802 } 10803 10804 #ifdef OPENSSL_EXTRA 10805 if (ssl->CBIS != NULL){ 10806 ssl->cbmode = SSL_CB_MODE_READ; 10807 ssl->cbtype = type; 10808 ssl->CBIS(ssl, SSL_CB_ACCEPT_LOOP, SSL_SUCCESS); 10809 } 10810 #endif 9580 10811 9581 10812 switch (type) { … … 9595 10826 WOLFSSL_MSG("processing server hello"); 9596 10827 ret = DoServerHello(ssl, input, inOutIdx, size); 10828 #if !defined(WOLFSSL_NO_CLIENT_AUTH) && defined(HAVE_ED25519) && \ 10829 !defined(NO_ED25519_CLIENT_AUTH) 10830 if (ssl->options.resuming || !IsAtLeastTLSv1_2(ssl) || 10831 IsAtLeastTLSv1_3(ssl->version)) { 10832 10833 #if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLFSSL_NONBLOCK_OCSP) 10834 if (ret != WC_PENDING_E && ret != OCSP_WANT_READ) 10835 #endif 10836 { 10837 ssl->options.cacheMessages = 0; 10838 if (ssl->hsHashes->messages != NULL) { 10839 XFREE(ssl->hsHashes->messages, ssl->heap, 10840 DYNAMIC_TYPE_HASHES); 10841 ssl->hsHashes->messages = NULL; 10842 } 10843 } 10844 } 10845 #endif 9597 10846 break; 9598 10847 … … 9633 10882 #ifdef WOLFSSL_CALLBACKS 9634 10883 if (ssl->hsInfoOn) 9635 AddPacketName( "ServerHelloDone", &ssl->handShakeInfo);10884 AddPacketName(ssl, "ServerHelloDone"); 9636 10885 if (ssl->toInfoOn) 9637 10886 AddLateName("ServerHelloDone", &ssl->timeoutInfo); … … 9656 10905 WOLFSSL_MSG("processing client hello"); 9657 10906 ret = DoClientHello(ssl, input, inOutIdx, size); 10907 #if !defined(WOLFSSL_NO_CLIENT_AUTH) && defined(HAVE_ED25519) && \ 10908 !defined(NO_ED25519_CLIENT_AUTH) 10909 if (ssl->options.resuming || !ssl->options.verifyPeer || \ 10910 !IsAtLeastTLSv1_2(ssl) || IsAtLeastTLSv1_3(ssl->version)) { 10911 #if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLFSSL_NONBLOCK_OCSP) 10912 if (ret != WC_PENDING_E && ret != OCSP_WANT_READ) 10913 #endif 10914 { 10915 ssl->options.cacheMessages = 0; 10916 if (ssl->hsHashes->messages != NULL) { 10917 XFREE(ssl->hsHashes->messages, ssl->heap, DYNAMIC_TYPE_HASHES); 10918 ssl->hsHashes->messages = NULL; 10919 } 10920 } 10921 } 10922 #endif 10923 if (IsEncryptionOn(ssl, 0)) { 10924 /* access beyond input + size should be checked against totalSz */ 10925 if (*inOutIdx + ssl->keys.padSz > totalSz) 10926 return BUFFER_E; 10927 10928 *inOutIdx += ssl->keys.padSz; 10929 } 9658 10930 break; 9659 10931 … … 9663 10935 break; 9664 10936 9665 #if !defined(NO_RSA) || defined(HAVE_ECC) 10937 #if (!defined(NO_RSA) || defined(HAVE_ECC) || defined(HAVE_ED25519)) && \ 10938 !defined(WOLFSSL_NO_CLIENT_AUTH) 9666 10939 case certificate_verify: 9667 10940 WOLFSSL_MSG("processing certificate verify"); 9668 10941 ret = DoCertificateVerify(ssl, input, inOutIdx, size); 9669 10942 break; 9670 #endif /* !NO_RSA || HAVE_ECC*/10943 #endif /* (!NO_RSA || HAVE_ECC || HAVE_ED25519) && !WOLFSSL_NO_CLIENT_AUTH */ 9671 10944 9672 10945 #endif /* !NO_WOLFSSL_SERVER */ … … 9677 10950 break; 9678 10951 } 9679 9680 10952 if (ret == 0 && expectedIdx != *inOutIdx) { 9681 10953 WOLFSSL_MSG("Extra data in handshake message"); … … 9684 10956 ret = DECODE_E; 9685 10957 } 9686 9687 #ifdef WOLFSSL_ASYNC_CRYPT 10958 if (ret == 0 && ssl->buffers.inputBuffer.dynamicFlag) { 10959 ShrinkInputBuffer(ssl, NO_FORCED_FREE); 10960 } 10961 10962 #if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLFSSL_NONBLOCK_OCSP) 9688 10963 /* if async, offset index so this msg will be processed again */ 9689 if ( ret == WC_PENDING_E&& *inOutIdx > 0) {10964 if ((ret == WC_PENDING_E || ret == OCSP_WANT_READ) && *inOutIdx > 0) { 9690 10965 *inOutIdx -= HANDSHAKE_HEADER_SZ; 9691 10966 #ifdef WOLFSSL_DTLS … … 9695 10970 #endif 9696 10971 } 9697 #endif 10972 10973 /* make sure async error is cleared */ 10974 if (ret == 0 && (ssl->error == WC_PENDING_E || ssl->error == OCSP_WANT_READ)) { 10975 ssl->error = 0; 10976 } 10977 #endif /* WOLFSSL_ASYNC_CRYPT || WOLFSSL_NONBLOCK_OCSP */ 9698 10978 9699 10979 WOLFSSL_LEAVE("DoHandShakeMsgType()", ret); … … 9716 10996 if (GetHandShakeHeader(ssl,input,inOutIdx,&type, &size, totalSz) != 0) 9717 10997 return PARSE_ERROR; 10998 10999 ssl->options.handShakeState = type; 9718 11000 9719 11001 return DoHandShakeMsgType(ssl, input, inOutIdx, type, size, totalSz); … … 9800 11082 } 9801 11083 11084 #endif /* !WOLFSSL_NO_TLS12 */ 11085 9802 11086 #ifdef WOLFSSL_DTLS 9803 11087 9804 static INLINE int DtlsCheckWindow(WOLFSSL* ssl)11088 static WC_INLINE int DtlsCheckWindow(WOLFSSL* ssl) 9805 11089 { 9806 11090 word32* window; … … 9903 11187 9904 11188 #ifdef WOLFSSL_MULTICAST 9905 static INLINE word32 UpdateHighwaterMark(word32 cur, word32 first,11189 static WC_INLINE word32 UpdateHighwaterMark(word32 cur, word32 first, 9906 11190 word32 second, word32 max) 9907 11191 { … … 9920 11204 9921 11205 9922 static INLINE int DtlsUpdateWindow(WOLFSSL* ssl)11206 static WC_INLINE int DtlsUpdateWindow(WOLFSSL* ssl) 9923 11207 { 9924 11208 word32* window; … … 10042 11326 /* While there is an item in the store list, and it is the expected 10043 11327 * message, and it is complete, and there hasn't been an error in the 10044 * last mess ge... */11328 * last message... */ 10045 11329 while (item != NULL && 10046 11330 ssl->keys.dtls_expected_peer_handshake_number == item->seq && … … 10051 11335 ret = DoHandShakeMsgType(ssl, item->msg, 10052 11336 &idx, item->type, item->sz, item->sz); 11337 #ifdef WOLFSSL_ASYNC_CRYPT 10053 11338 if (ret == WC_PENDING_E) { 10054 11339 ssl->keys.dtls_expected_peer_handshake_number--; 10055 11340 break; 10056 11341 } 11342 #endif 10057 11343 ssl->dtls_rx_msg_list = item->next; 10058 11344 DtlsMsgDelete(item, ssl->heap); … … 10180 11466 #endif 10181 11467 11468 #ifndef WOLFSSL_NO_TLS12 10182 11469 10183 11470 #ifdef HAVE_AEAD 10184 static INLINE void AeadIncrementExpIV(WOLFSSL* ssl)11471 static WC_INLINE void AeadIncrementExpIV(WOLFSSL* ssl) 10185 11472 { 10186 11473 int i; … … 10246 11533 10247 11534 /* When the flag oldPoly is not set this follows RFC7905. When oldPoly is set 10248 * the impl mentation follows an older draft for creating the nonce and MAC.10249 * The flag oldPoly gets set automatic lly depending on what cipher suite was11535 * the implementation follows an older draft for creating the nonce and MAC. 11536 * The flag oldPoly gets set automatically depending on what cipher suite was 10250 11537 * negotiated in the handshake. This is able to be done because the IDs for the 10251 11538 * cipher suites was updated in RFC7905 giving unique values for the older 10252 * draft in comparis ion to the more recent RFC.11539 * draft in comparison to the more recent RFC. 10253 11540 * 10254 11541 * ssl WOLFSSL structure to get cipher and TLS state from … … 10397 11684 10398 11685 /* When the flag oldPoly is not set this follows RFC7905. When oldPoly is set 10399 * the impl mentation follows an older draft for creating the nonce and MAC.10400 * The flag oldPoly gets set automatic lly depending on what cipher suite was11686 * the implementation follows an older draft for creating the nonce and MAC. 11687 * The flag oldPoly gets set automatically depending on what cipher suite was 10401 11688 * negotiated in the handshake. This is able to be done because the IDs for the 10402 11689 * cipher suites was updated in RFC7905 giving unique values for the older 10403 * draft in comparis ion to the more recent RFC.11690 * draft in comparison to the more recent RFC. 10404 11691 * 10405 11692 * ssl WOLFSSL structure to get cipher and TLS state from … … 10538 11825 10539 11826 10540 static INLINE int EncryptDo(WOLFSSL* ssl, byte* out, const byte* input,11827 static WC_INLINE int EncryptDo(WOLFSSL* ssl, byte* out, const byte* input, 10541 11828 word16 sz, int asyncOkay) 10542 11829 { … … 10563 11850 case wolfssl_triple_des: 10564 11851 #ifdef WOLFSSL_ASYNC_CRYPT 10565 /* in tialize event */11852 /* initialize event */ 10566 11853 asyncDev = &ssl->encrypt.des3->asyncDev; 10567 11854 ret = wolfSSL_AsyncInit(ssl, asyncDev, event_flags); … … 10579 11866 #endif 10580 11867 10581 #if def BUILD_AES11868 #if defined(BUILD_AES) && defined(HAVE_AES_CBC) 10582 11869 case wolfssl_aes: 10583 11870 #ifdef WOLFSSL_ASYNC_CRYPT 10584 /* in tialize event */11871 /* initialize event */ 10585 11872 asyncDev = &ssl->encrypt.aes->asyncDev; 10586 11873 ret = wolfSSL_AsyncInit(ssl, asyncDev, event_flags); … … 10606 11893 10607 11894 #ifdef WOLFSSL_ASYNC_CRYPT 10608 /* in tialize event */11895 /* initialize event */ 10609 11896 asyncDev = &ssl->encrypt.aes->asyncDev; 10610 11897 ret = wolfSSL_AsyncInit(ssl, asyncDev, event_flags); … … 10715 12002 } 10716 12003 10717 static INLINE int Encrypt(WOLFSSL* ssl, byte* out, const byte* input, word16 sz,12004 static WC_INLINE int Encrypt(WOLFSSL* ssl, byte* out, const byte* input, word16 sz, 10718 12005 int asyncOkay) 10719 12006 { … … 10807 12094 } 10808 12095 10809 static INLINE int DecryptDo(WOLFSSL* ssl, byte* plain, const byte* input,12096 static WC_INLINE int DecryptDo(WOLFSSL* ssl, byte* plain, const byte* input, 10810 12097 word16 sz) 10811 12098 { … … 10827 12114 case wolfssl_triple_des: 10828 12115 #ifdef WOLFSSL_ASYNC_CRYPT 10829 /* in tialize event */12116 /* initialize event */ 10830 12117 ret = wolfSSL_AsyncInit(ssl, &ssl->decrypt.des3->asyncDev, 10831 12118 WC_ASYNC_FLAG_CALL_AGAIN); … … 10843 12130 #endif 10844 12131 10845 #if def BUILD_AES12132 #if defined(BUILD_AES) && defined(HAVE_AES_CBC) 10846 12133 case wolfssl_aes: 10847 12134 #ifdef WOLFSSL_ASYNC_CRYPT 10848 /* in tialize event */12135 /* initialize event */ 10849 12136 ret = wolfSSL_AsyncInit(ssl, &ssl->decrypt.aes->asyncDev, 10850 12137 WC_ASYNC_FLAG_CALL_AGAIN); … … 10869 12156 10870 12157 #ifdef WOLFSSL_ASYNC_CRYPT 10871 /* in tialize event */12158 /* initialize event */ 10872 12159 ret = wolfSSL_AsyncInit(ssl, &ssl->decrypt.aes->asyncDev, 10873 12160 WC_ASYNC_FLAG_CALL_AGAIN); … … 10964 12251 } 10965 12252 10966 static INLINE int Decrypt(WOLFSSL* ssl, byte* plain, const byte* input,12253 static WC_INLINE int Decrypt(WOLFSSL* ssl, byte* plain, const byte* input, 10967 12254 word16 sz) 10968 12255 { … … 11067 12354 } 11068 12355 12356 #endif /* !WOLFSSL_NO_TLS12 */ 12357 11069 12358 /* Check conditions for a cipher to have an explicit IV. 11070 12359 * … … 11072 12361 * returns 1 if the cipher in use has an explicit IV and 0 otherwise. 11073 12362 */ 11074 static INLINE int CipherHasExpIV(WOLFSSL *ssl)12363 static WC_INLINE int CipherHasExpIV(WOLFSSL *ssl) 11075 12364 { 11076 12365 #ifdef WOLFSSL_TLS13 … … 11092 12381 #endif 11093 12382 12383 #ifndef WOLFSSL_AEAD_ONLY 11094 12384 if (ssl->specs.cipher_type == block) { 11095 12385 if (encryptSz % ssl->specs.block_size) { … … 11106 12396 minLength += ssl->specs.block_size; /* explicit IV */ 11107 12397 } 11108 else if (ssl->specs.cipher_type == aead) { 12398 else 12399 #endif 12400 if (ssl->specs.cipher_type == aead) { 11109 12401 minLength = ssl->specs.aead_mac_size; /* authTag size */ 11110 12402 if (CipherHasExpIV(ssl)) … … 11121 12413 11122 12414 11123 #ifndef NO_OLD_TLS 11124 11125 static INLINE void Md5Rounds(int rounds, const byte* data, int sz) 11126 { 11127 wc_Md5 md5; 11128 int i; 11129 11130 wc_InitMd5(&md5); /* no error check on purpose, dummy round */ 11131 11132 for (i = 0; i < rounds; i++) 11133 wc_Md5Update(&md5, data, sz); 11134 wc_Md5Free(&md5); /* in case needed to release resources */ 11135 } 11136 11137 11138 11139 /* do a dummy sha round */ 11140 static INLINE void ShaRounds(int rounds, const byte* data, int sz) 11141 { 11142 wc_Sha sha; 11143 int i; 11144 11145 wc_InitSha(&sha); /* no error check on purpose, dummy round */ 11146 11147 for (i = 0; i < rounds; i++) 11148 wc_ShaUpdate(&sha, data, sz); 11149 wc_ShaFree(&sha); /* in case needed to release resources */ 11150 } 11151 #endif 11152 11153 11154 #ifndef NO_SHA256 11155 11156 static INLINE void Sha256Rounds(int rounds, const byte* data, int sz) 11157 { 11158 wc_Sha256 sha256; 11159 int i; 11160 11161 wc_InitSha256(&sha256); /* no error check on purpose, dummy round */ 11162 11163 for (i = 0; i < rounds; i++) { 11164 wc_Sha256Update(&sha256, data, sz); 11165 /* no error check on purpose, dummy round */ 11166 } 11167 wc_Sha256Free(&sha256); /* in case needed to release resources */ 11168 } 11169 11170 #endif 11171 11172 11173 #ifdef WOLFSSL_SHA384 11174 11175 static INLINE void Sha384Rounds(int rounds, const byte* data, int sz) 11176 { 11177 wc_Sha384 sha384; 11178 int i; 11179 11180 wc_InitSha384(&sha384); /* no error check on purpose, dummy round */ 11181 11182 for (i = 0; i < rounds; i++) { 11183 wc_Sha384Update(&sha384, data, sz); 11184 /* no error check on purpose, dummy round */ 11185 } 11186 wc_Sha384Free(&sha384); /* in case needed to release resources */ 11187 } 11188 11189 #endif 11190 11191 11192 #ifdef WOLFSSL_SHA512 11193 11194 static INLINE void Sha512Rounds(int rounds, const byte* data, int sz) 11195 { 11196 wc_Sha512 sha512; 11197 int i; 11198 11199 wc_InitSha512(&sha512); /* no error check on purpose, dummy round */ 11200 11201 for (i = 0; i < rounds; i++) { 11202 wc_Sha512Update(&sha512, data, sz); 11203 /* no error check on purpose, dummy round */ 11204 } 11205 wc_Sha512Free(&sha512); /* in case needed to release resources */ 11206 } 11207 11208 #endif 11209 11210 11211 #ifdef WOLFSSL_RIPEMD 11212 11213 static INLINE void RmdRounds(int rounds, const byte* data, int sz) 11214 { 11215 RipeMd ripemd; 11216 int i; 11217 11218 wc_InitRipeMd(&ripemd); 11219 11220 for (i = 0; i < rounds; i++) 11221 wc_RipeMdUpdate(&ripemd, data, sz); 11222 } 11223 11224 #endif 11225 11226 11227 /* Do dummy rounds */ 11228 static INLINE void DoRounds(int type, int rounds, const byte* data, int sz) 11229 { 11230 (void)rounds; 11231 (void)data; 11232 (void)sz; 11233 11234 switch (type) { 11235 case no_mac : 11236 break; 11237 11238 #ifndef NO_OLD_TLS 11239 #ifndef NO_MD5 11240 case md5_mac : 11241 Md5Rounds(rounds, data, sz); 11242 break; 11243 #endif 11244 11245 #ifndef NO_SHA 11246 case sha_mac : 11247 ShaRounds(rounds, data, sz); 11248 break; 11249 #endif 11250 #endif 11251 11252 #ifndef NO_SHA256 11253 case sha256_mac : 11254 Sha256Rounds(rounds, data, sz); 11255 break; 11256 #endif 11257 11258 #ifdef WOLFSSL_SHA384 11259 case sha384_mac : 11260 Sha384Rounds(rounds, data, sz); 11261 break; 11262 #endif 11263 11264 #ifdef WOLFSSL_SHA512 11265 case sha512_mac : 11266 Sha512Rounds(rounds, data, sz); 11267 break; 11268 #endif 11269 11270 #ifdef WOLFSSL_RIPEMD 11271 case rmd_mac : 11272 RmdRounds(rounds, data, sz); 11273 break; 11274 #endif 11275 11276 default: 11277 WOLFSSL_MSG("Bad round type"); 11278 break; 11279 } 11280 } 11281 11282 11283 /* do number of compression rounds on dummy data */ 11284 static INLINE void CompressRounds(WOLFSSL* ssl, int rounds, const byte* dummy) 11285 { 11286 if (rounds) 11287 DoRounds(ssl->specs.mac_algorithm, rounds, dummy, COMPRESS_LOWER); 11288 } 11289 11290 12415 #ifndef WOLFSSL_AEAD_ONLY 11291 12416 /* check all length bytes for the pad value, return 0 on success */ 11292 12417 static int PadCheck(const byte* a, byte pad, int length) … … 11297 12422 for (i = 0; i < length; i++) { 11298 12423 compareSum |= a[i] ^ pad; 11299 12424 } 11300 12425 11301 12426 return compareSum; … … 11303 12428 11304 12429 11305 /* get compression extra rounds */ 11306 static INLINE int GetRounds(int pLen, int padLen, int t) 12430 /* Mask the padding bytes with the expected values. 12431 * Constant time implementation - does maximum pad size possible. 12432 * 12433 * data Message data. 12434 * sz Size of the message including MAC and padding and padding length. 12435 * macSz Size of the MAC. 12436 * returns 0 on success, otherwise failure. 12437 */ 12438 static byte MaskPadding(const byte* data, int sz, int macSz) 11307 12439 { 11308 int roundL1 = 1; /* round up flags */ 11309 int roundL2 = 1; 11310 11311 int L1 = COMPRESS_CONSTANT + pLen - t; 11312 int L2 = COMPRESS_CONSTANT + pLen - padLen - 1 - t; 11313 11314 L1 -= COMPRESS_UPPER; 11315 L2 -= COMPRESS_UPPER; 11316 11317 if ( (L1 % COMPRESS_LOWER) == 0) 11318 roundL1 = 0; 11319 if ( (L2 % COMPRESS_LOWER) == 0) 11320 roundL2 = 0; 11321 11322 L1 /= COMPRESS_LOWER; 11323 L2 /= COMPRESS_LOWER; 11324 11325 L1 += roundL1; 11326 L2 += roundL2; 11327 11328 return L1 - L2; 12440 int i; 12441 int checkSz = sz - 1; 12442 byte paddingSz = data[sz - 1]; 12443 byte mask; 12444 byte good = ctMaskGT(paddingSz, sz - 1 - macSz); 12445 12446 if (checkSz > TLS_MAX_PAD_SZ) 12447 checkSz = TLS_MAX_PAD_SZ; 12448 12449 for (i = 0; i < checkSz; i++) { 12450 mask = ctMaskLTE(i, paddingSz); 12451 good |= mask & (data[sz - 1 - i] ^ paddingSz); 11329 12452 } 11330 12453 12454 return good; 12455 } 12456 12457 /* Mask the MAC in the message with the MAC calculated. 12458 * Constant time implementation - starts looking for MAC where maximum padding 12459 * size has it. 12460 * 12461 * data Message data. 12462 * sz Size of the message including MAC and padding and padding length. 12463 * macSz Size of the MAC data. 12464 * expMac Expected MAC value. 12465 * returns 0 on success, otherwise failure. 12466 */ 12467 static byte MaskMac(const byte* data, int sz, int macSz, byte* expMac) 12468 { 12469 int i, j; 12470 unsigned char mac[WC_MAX_DIGEST_SIZE]; 12471 int scanStart = sz - 1 - TLS_MAX_PAD_SZ - macSz; 12472 int macEnd = sz - 1 - data[sz - 1]; 12473 int macStart = macEnd - macSz; 12474 int r = 0; 12475 unsigned char started, notEnded; 12476 unsigned char good = 0; 12477 12478 scanStart &= (~scanStart) >> (sizeof(int) * 8 - 1); 12479 macStart &= (~macStart) >> (sizeof(int) * 8 - 1); 12480 12481 /* Div on Intel has different speeds depending on value. 12482 * Use a bitwise AND or mod a specific value (converted to mul). */ 12483 if ((macSz & (macSz - 1)) == 0) 12484 r = (macSz - (scanStart - macStart)) & (macSz - 1); 12485 #ifndef NO_SHA 12486 else if (macSz == WC_SHA_DIGEST_SIZE) 12487 r = (macSz - (scanStart - macStart)) % WC_SHA_DIGEST_SIZE; 12488 #endif 12489 #ifdef WOLFSSL_SHA384 12490 else if (macSz == WC_SHA384_DIGEST_SIZE) 12491 r = (macSz - (scanStart - macStart)) % WC_SHA384_DIGEST_SIZE; 12492 #endif 12493 12494 XMEMSET(mac, 0, macSz); 12495 for (i = scanStart; i < sz; i += macSz) { 12496 for (j = 0; j < macSz && j + i < sz; j++) { 12497 started = ctMaskGTE(i + j, macStart); 12498 notEnded = ctMaskLT(i + j, macEnd); 12499 mac[j] |= started & notEnded & data[i + j]; 12500 } 12501 } 12502 12503 if ((macSz & (macSz - 1)) == 0) { 12504 for (i = 0; i < macSz; i++) 12505 good |= expMac[i] ^ mac[(i + r) & (macSz - 1)]; 12506 } 12507 #ifndef NO_SHA 12508 else if (macSz == WC_SHA_DIGEST_SIZE) { 12509 for (i = 0; i < macSz; i++) 12510 good |= expMac[i] ^ mac[(i + r) % WC_SHA_DIGEST_SIZE]; 12511 } 12512 #endif 12513 #ifdef WOLFSSL_SHA384 12514 else if (macSz == WC_SHA384_DIGEST_SIZE) { 12515 for (i = 0; i < macSz; i++) 12516 good |= expMac[i] ^ mac[(i + r) % WC_SHA384_DIGEST_SIZE]; 12517 } 12518 #endif 12519 12520 return good; 12521 } 11331 12522 11332 12523 /* timing resistant pad/verify check, return 0 on success */ 11333 static int TimingPadVerify(WOLFSSL* ssl, const byte* input, int padLen, int t,11334 12524 int TimingPadVerify(WOLFSSL* ssl, const byte* input, int padLen, int macSz, 12525 int pLen, int content) 11335 12526 { 11336 byte verify[MAX_DIGEST_SIZE]; 11337 byte dmy[sizeof(WOLFSSL) >= MAX_PAD_SIZE ? 1 : MAX_PAD_SIZE] = {0}; 11338 byte* dummy = sizeof(dmy) < MAX_PAD_SIZE ? (byte*) ssl : dmy; 12527 byte verify[WC_MAX_DIGEST_SIZE]; 12528 byte good; 11339 12529 int ret = 0; 11340 12530 11341 (void)dmy; 11342 11343 if ( (t + padLen + 1) > pLen) { 11344 WOLFSSL_MSG("Plain Len not long enough for pad/mac"); 11345 PadCheck(dummy, (byte)padLen, MAX_PAD_SIZE); 11346 ssl->hmac(ssl, verify, input, pLen - t, content, 1); /* still compare */ 11347 ConstantCompare(verify, input + pLen - t, t); 11348 11349 return VERIFY_MAC_ERROR; 11350 } 11351 11352 if (PadCheck(input + pLen - (padLen + 1), (byte)padLen, padLen + 1) != 0) { 11353 WOLFSSL_MSG("PadCheck failed"); 11354 PadCheck(dummy, (byte)padLen, MAX_PAD_SIZE - padLen - 1); 11355 ssl->hmac(ssl, verify, input, pLen - t, content, 1); /* still compare */ 11356 ConstantCompare(verify, input + pLen - t, t); 11357 11358 return VERIFY_MAC_ERROR; 11359 } 11360 11361 PadCheck(dummy, (byte)padLen, MAX_PAD_SIZE - padLen - 1); 11362 ret = ssl->hmac(ssl, verify, input, pLen - padLen - 1 - t, content, 1); 11363 11364 CompressRounds(ssl, GetRounds(pLen, padLen, t), dummy); 11365 11366 if (ConstantCompare(verify, input + (pLen - padLen - 1 - t), t) != 0) { 11367 WOLFSSL_MSG("Verify MAC compare failed"); 11368 return VERIFY_MAC_ERROR; 11369 } 11370 11371 /* treat any faulure as verify MAC error */ 12531 good = MaskPadding(input, pLen, macSz); 12532 /* 4th argument has potential to underflow, ssl->hmac function should 12533 * either increment the size by (macSz + padLen + 1) before use or check on 12534 * the size to make sure is valid. */ 12535 ret = ssl->hmac(ssl, verify, input, pLen - macSz - padLen - 1, padLen, 12536 content, 1); 12537 good |= MaskMac(input, pLen, ssl->specs.hash_size, verify); 12538 12539 /* Non-zero on failure. */ 12540 good = (byte)~(word32)good; 12541 good &= good >> 4; 12542 good &= good >> 2; 12543 good &= good >> 1; 12544 /* Make ret negative on masking failure. */ 12545 ret -= 1 - good; 12546 12547 /* Treat any faulure as verify MAC error. */ 11372 12548 if (ret != 0) 11373 12549 ret = VERIFY_MAC_ERROR; … … 11375 12551 return ret; 11376 12552 } 12553 #endif 11377 12554 11378 12555 … … 11389 12566 11390 12567 #ifdef WOLFSSL_EARLY_DATA 11391 if (ssl->earlyData ) {12568 if (ssl->earlyData != no_early_data) { 11392 12569 } 11393 12570 else … … 11399 12576 } 11400 12577 12578 #ifndef WOLFSSL_AEAD_ONLY 11401 12579 if (ssl->specs.cipher_type == block) { 11402 12580 if (ssl->options.tls1_1) 11403 12581 ivExtra = ssl->specs.block_size; 11404 12582 } 11405 else if (ssl->specs.cipher_type == aead) { 12583 else 12584 #endif 12585 if (ssl->specs.cipher_type == aead) { 11406 12586 if (CipherHasExpIV(ssl)) 11407 12587 ivExtra = AESGCM_EXP_IV_SZ; … … 11414 12594 } 11415 12595 #ifdef WOLFSSL_EARLY_DATA 11416 if (ssl->earlyData ) {12596 if (ssl->earlyData != no_early_data) { 11417 12597 if (ssl->earlyDataSz + dataSz > ssl->options.maxEarlyDataSz) { 11418 12598 SendAlert(ssl, alert_fatal, unexpected_message); … … 11459 12639 byte code; 11460 12640 11461 #if def WOLFSSL_CALLBACKS12641 #if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA) 11462 12642 if (ssl->hsInfoOn) 11463 AddPacketName( "Alert", &ssl->handShakeInfo);12643 AddPacketName(ssl, "Alert"); 11464 12644 if (ssl->toInfoOn) 11465 12645 /* add record header back on to info + alert bytes level/code */ 11466 AddPacketInfo( "Alert", &ssl->timeoutInfo, input + *inOutIdx -12646 AddPacketInfo(ssl, "Alert", alert, input + *inOutIdx - 11467 12647 RECORD_HEADER_SZ, RECORD_HEADER_SZ + ALERT_SIZE, 11468 ssl->heap);12648 READ_PROTO, ssl->heap); 11469 12649 #endif 11470 12650 … … 11554 12734 /* read data from network */ 11555 12735 do { 11556 in = Receive(ssl,12736 in = wolfSSLReceive(ssl, 11557 12737 ssl->buffers.inputBuffer.buffer + 11558 12738 ssl->buffers.inputBuffer.length, … … 11584 12764 11585 12765 11586 static INLINE int VerifyMac(WOLFSSL* ssl, const byte* input, word32 msgSz,12766 static WC_INLINE int VerifyMac(WOLFSSL* ssl, const byte* input, word32 msgSz, 11587 12767 int content, word32* padSz) 11588 12768 { 12769 #if !defined(WOLFSSL_NO_TLS12) && !defined(WOLFSSL_AEAD_ONLY) 11589 12770 int ivExtra = 0; 11590 12771 int ret; … … 11597 12778 word32 digestSz = ssl->specs.hash_size; 11598 12779 #endif 11599 byte verify[MAX_DIGEST_SIZE]; 12780 byte verify[WC_MAX_DIGEST_SIZE]; 12781 11600 12782 11601 12783 if (ssl->specs.cipher_type == block) { … … 11625 12807 } 11626 12808 PadCheck(dummy, (byte)pad, MAX_PAD_SIZE); /* timing only */ 11627 ret = ssl->hmac(ssl, verify, input, msgSz - digestSz - pad - 1, 12809 ret = ssl->hmac(ssl, verify, input, msgSz - digestSz - pad - 1, pad, 11628 12810 content, 1); 11629 12811 if (ConstantCompare(verify, input + msgSz - digestSz - pad - 1, … … 11635 12817 } 11636 12818 else if (ssl->specs.cipher_type == stream) { 11637 ret = ssl->hmac(ssl, verify, input, msgSz - digestSz, content, 1);12819 ret = ssl->hmac(ssl, verify, input, msgSz - digestSz, -1, content, 1); 11638 12820 if (ConstantCompare(verify, input + msgSz - digestSz, digestSz) != 0){ 11639 12821 return VERIFY_MAC_ERROR; … … 11642 12824 return VERIFY_MAC_ERROR; 11643 12825 } 12826 #endif /* !WOLFSSL_NO_TLS12 && !WOLFSSL_AEAD_ONLY */ 11644 12827 11645 12828 if (ssl->specs.cipher_type == aead) { 11646 12829 *padSz = ssl->specs.aead_mac_size; 11647 12830 } 12831 #if !defined(WOLFSSL_NO_TLS12) && !defined(WOLFSSL_AEAD_ONLY) 11648 12832 else { 11649 12833 *padSz = digestSz + pad + padByte; 11650 12834 } 12835 #endif /* !WOLFSSL_NO_TLS12 && !WOLFSSL_AEAD_ONLY */ 12836 12837 (void)input; 12838 (void)msgSz; 12839 (void)content; 11651 12840 11652 12841 return 0; … … 11670 12859 #endif 11671 12860 11672 if (ssl->error != 0 && ssl->error != WANT_READ && 11673 ssl->error != WANT_WRITE && ssl->error != WC_PENDING_E) { 12861 if (ssl->error != 0 && ssl->error != WANT_READ && ssl->error != WANT_WRITE 12862 #ifdef WOLFSSL_ASYNC_CRYPT 12863 && ssl->error != WC_PENDING_E 12864 #endif 12865 #ifdef WOLFSSL_NONBLOCK_OCSP 12866 && ssl->error != OCSP_WANT_READ 12867 #endif 12868 ) { 11674 12869 WOLFSSL_MSG("ProcessReply retry in error state, not allowed"); 11675 12870 return ssl->error; … … 11836 13031 case decryptMessage: 11837 13032 11838 if (IsEncryptionOn(ssl, 0) && ssl->keys.decryptedCur == 0) { 13033 #if !defined(WOLFSSL_TLS13) || defined(WOLFSSL_TLS13_DRAFT_18) 13034 if (IsEncryptionOn(ssl, 0) && ssl->keys.decryptedCur == 0) 13035 #else 13036 if (IsEncryptionOn(ssl, 0) && ssl->keys.decryptedCur == 0 && 13037 (!IsAtLeastTLSv1_3(ssl->version) || 13038 ssl->curRL.type != change_cipher_spec)) 13039 #endif 13040 { 11839 13041 bufferStatic* in = &ssl->buffers.inputBuffer; 11840 13042 … … 11854 13056 else { 11855 13057 if (!ssl->options.tls1_3) { 13058 #ifndef WOLFSSL_NO_TLS12 11856 13059 ret = Decrypt(ssl, 11857 13060 in->buffer + in->idx, 11858 13061 in->buffer + in->idx, 11859 13062 ssl->curSize); 13063 #else 13064 ret = DECRYPT_ERROR; 13065 #endif 11860 13066 } 11861 else { 13067 else 13068 { 11862 13069 #ifdef WOLFSSL_TLS13 13070 #if defined(WOLFSSL_TLS13_DRAFT_18) || \ 13071 defined(WOLFSSL_TLS13_DRAFT_22) || \ 13072 defined(WOLFSSL_TLS13_DRAFT_23) 11863 13073 ret = DecryptTls13(ssl, 11864 13074 in->buffer + in->idx, 11865 13075 in->buffer + in->idx, 11866 ssl->curSize); 13076 ssl->curSize, NULL, 0); 13077 #else 13078 ret = DecryptTls13(ssl, 13079 in->buffer + in->idx, 13080 in->buffer + in->idx, 13081 ssl->curSize, 13082 (byte*)&ssl->curRL, RECORD_HEADER_SZ); 13083 #endif 11867 13084 #else 11868 13085 ret = DECRYPT_ERROR; … … 11877 13094 11878 13095 if (ret >= 0) { 13096 #ifndef WOLFSSL_NO_TLS12 11879 13097 /* handle success */ 13098 #ifndef WOLFSSL_AEAD_ONLY 11880 13099 if (ssl->options.tls1_1 && ssl->specs.cipher_type == block) 11881 13100 ssl->buffers.inputBuffer.idx += ssl->specs.block_size; 13101 #endif 11882 13102 /* go past TLSv1.1 IV */ 11883 13103 if (CipherHasExpIV(ssl)) 11884 13104 ssl->buffers.inputBuffer.idx += AESGCM_EXP_IV_SZ; 13105 #endif 11885 13106 } 11886 13107 else { … … 11923 13144 case verifyMessage: 11924 13145 11925 if (IsEncryptionOn(ssl, 0) && ssl->keys.decryptedCur == 0) { 13146 #if !defined(WOLFSSL_TLS13) || defined(WOLFSSL_TLS13_DRAFT_18) 13147 if (IsEncryptionOn(ssl, 0) && ssl->keys.decryptedCur == 0) 13148 #else 13149 if (IsEncryptionOn(ssl, 0) && ssl->keys.decryptedCur == 0 && 13150 (!IsAtLeastTLSv1_3(ssl->version) || 13151 ssl->curRL.type != change_cipher_spec)) 13152 #endif 13153 { 11926 13154 if (!atomicUser) { 11927 13155 ret = VerifyMac(ssl, ssl->buffers.inputBuffer.buffer + … … 11956 13184 #ifdef WOLFSSL_TLS13 11957 13185 if (ssl->options.tls1_3) { 13186 word16 i = (word16)(ssl->buffers.inputBuffer.length - 13187 ssl->keys.padSz); 13188 /* Remove padding from end of plain text. */ 13189 for (--i; i > ssl->buffers.inputBuffer.idx; i--) { 13190 if (ssl->buffers.inputBuffer.buffer[i] != 0) 13191 break; 13192 } 11958 13193 /* Get the real content type from the end of the data. */ 11959 ssl->keys.padSz++; 11960 ssl->curRL.type = ssl->buffers.inputBuffer.buffer[ 11961 ssl->buffers.inputBuffer.length - ssl->keys.padSz]; 13194 ssl->curRL.type = ssl->buffers.inputBuffer.buffer[i]; 13195 ssl->keys.padSz = ssl->buffers.inputBuffer.length - i; 11962 13196 } 11963 13197 #endif … … 11990 13224 } 11991 13225 else if (!IsAtLeastTLSv1_3(ssl->version)) { 13226 #ifndef WOLFSSL_NO_TLS12 11992 13227 ret = DoHandShakeMsg(ssl, 11993 13228 ssl->buffers.inputBuffer.buffer, 11994 13229 &ssl->buffers.inputBuffer.idx, 11995 13230 ssl->buffers.inputBuffer.length); 13231 #else 13232 ret = BUFFER_ERROR; 13233 #endif 11996 13234 } 11997 13235 else { … … 12007 13245 ssl->earlyData && 12008 13246 ssl->options.handShakeState == HANDSHAKE_DONE) { 12009 ssl->earlyData = 0;13247 ssl->earlyData = no_early_data; 12010 13248 ssl->options.processReply = doProcessInit; 12011 13249 return ZERO_RETURN; … … 12022 13260 case change_cipher_spec: 12023 13261 WOLFSSL_MSG("got CHANGE CIPHER SPEC"); 12024 #if def WOLFSSL_CALLBACKS13262 #if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA) 12025 13263 if (ssl->hsInfoOn) 12026 AddPacketName( "ChangeCipher", &ssl->handShakeInfo);13264 AddPacketName(ssl, "ChangeCipher"); 12027 13265 /* add record header back on info */ 12028 13266 if (ssl->toInfoOn) { 12029 AddPacketInfo("ChangeCipher", &ssl->timeoutInfo, 13267 AddPacketInfo(ssl, "ChangeCipher", 13268 change_cipher_spec, 12030 13269 ssl->buffers.inputBuffer.buffer + 12031 13270 ssl->buffers.inputBuffer.idx - RECORD_HEADER_SZ, 12032 1 + RECORD_HEADER_SZ, ssl->heap); 13271 1 + RECORD_HEADER_SZ, READ_PROTO, ssl->heap); 13272 #ifdef WOLFSSL_CALLBACKS 12033 13273 AddLateRecordHeader(&ssl->curRL, &ssl->timeoutInfo); 13274 #endif 12034 13275 } 12035 13276 #endif 12036 13277 13278 #ifdef WOLFSSL_TLS13 13279 #ifdef WOLFSSL_TLS13_DRAFT_18 13280 if (IsAtLeastTLSv1_3(ssl->version)) { 13281 SendAlert(ssl, alert_fatal, illegal_parameter); 13282 return UNKNOWN_RECORD_TYPE; 13283 } 13284 #else 13285 if (IsAtLeastTLSv1_3(ssl->version)) { 13286 word32 i = ssl->buffers.inputBuffer.idx; 13287 if (ssl->curSize != 1 || 13288 ssl->buffers.inputBuffer.buffer[i] != 1) { 13289 SendAlert(ssl, alert_fatal, illegal_parameter); 13290 return UNKNOWN_RECORD_TYPE; 13291 } 13292 ssl->buffers.inputBuffer.idx++; 13293 break; 13294 } 13295 #endif 13296 #endif 13297 13298 #ifndef WOLFSSL_NO_TLS12 12037 13299 ret = SanityCheckMsgReceived(ssl, change_cipher_hs); 12038 13300 if (ret != 0) { … … 12119 13381 if (ret != 0) 12120 13382 return ret; 13383 #endif /* !WOLFSSL_NO_TLS12 */ 12121 13384 break; 12122 13385 … … 12214 13477 int ret; 12215 13478 13479 #ifdef OPENSSL_EXTRA 13480 ssl->cbmode = SSL_CB_MODE_WRITE; 13481 if (ssl->options.side == WOLFSSL_SERVER_END){ 13482 ssl->options.serverState = SERVER_CHANGECIPHERSPEC_COMPLETE; 13483 if (ssl->CBIS != NULL) 13484 ssl->CBIS(ssl, SSL_CB_ACCEPT_LOOP, SSL_SUCCESS); 13485 } 13486 else{ 13487 ssl->options.clientState = 13488 CLIENT_CHANGECIPHERSPEC_COMPLETE; 13489 if (ssl->CBIS != NULL) 13490 ssl->CBIS(ssl, SSL_CB_CONNECT_LOOP, SSL_SUCCESS); 13491 } 13492 #endif 13493 12216 13494 #ifdef WOLFSSL_DTLS 12217 13495 if (ssl->options.dtls) { … … 12226 13504 } 12227 13505 12228 /* check for ava laible size */13506 /* check for available size */ 12229 13507 if ((ret = CheckAvailableSize(ssl, sendSz)) != 0) 12230 13508 return ret; … … 12256 13534 } 12257 13535 #endif 12258 #if def WOLFSSL_CALLBACKS12259 if (ssl->hsInfoOn) AddPacketName( "ChangeCipher", &ssl->handShakeInfo);13536 #if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA) 13537 if (ssl->hsInfoOn) AddPacketName(ssl, "ChangeCipher"); 12260 13538 if (ssl->toInfoOn) 12261 AddPacketInfo( "ChangeCipher", &ssl->timeoutInfo, output, sendSz,12262 13539 AddPacketInfo(ssl, "ChangeCipher", change_cipher_spec, output, 13540 sendSz, WRITE_PROTO, ssl->heap); 12263 13541 #endif 12264 13542 ssl->buffers.outputBuffer.length += sendSz; … … 12278 13556 12279 13557 12280 #if ndef NO_OLD_TLS13558 #if !defined(NO_OLD_TLS) && !defined(WOLFSSL_AEAD_ONLY) 12281 13559 static int SSL_hmac(WOLFSSL* ssl, byte* digest, const byte* in, word32 sz, 12282 int content, int verify)13560 int padLen, int content, int verify) 12283 13561 { 12284 byte result[ MAX_DIGEST_SIZE];13562 byte result[WC_MAX_DIGEST_SIZE]; 12285 13563 word32 digestSz = ssl->specs.hash_size; /* actual sizes */ 12286 13564 word32 padSz = ssl->specs.pad_size; … … 12294 13572 byte conLen[ENUM_LEN + LENGTH_SZ]; /* content & length */ 12295 13573 const byte* macSecret = wolfSSL_GetMacSecret(ssl, verify); 13574 13575 (void)padLen; 12296 13576 12297 13577 #ifdef HAVE_FUZZER … … 12391 13671 return 0; 12392 13672 } 12393 #endif /* NO_OLD_TLS*/13673 #endif /* !NO_OLD_TLS && !WOLFSSL_AEAD_ONLY */ 12394 13674 12395 13675 … … 12538 13818 } 12539 13819 12540 #endif /* WOLFSSL_LEANPSK */ 12541 13820 #endif /* !NO_CERTS */ 13821 13822 #ifndef WOLFSSL_NO_TLS12 12542 13823 /* Persistable BuildMessage arguments */ 12543 13824 typedef struct BuildMsgArgs { … … 12549 13830 word16 size; 12550 13831 word32 ivSz; /* TLSv1.1 IV */ 12551 byte iv[AES_BLOCK_SIZE]; /* max size */13832 byte* iv; 12552 13833 } BuildMsgArgs; 12553 13834 … … 12559 13840 (void)args; 12560 13841 12561 /* no allocations in BuildMessage */ 13842 if (args->iv) { 13843 XFREE(args->iv, ssl->heap, DYNAMIC_TYPE_SALT); 13844 args->iv = NULL; 12562 13845 } 13846 } 13847 #endif 12563 13848 12564 13849 /* Build SSL Message, encrypted */ … … 12566 13851 int inSz, int type, int hashOutput, int sizeOnly, int asyncOkay) 12567 13852 { 13853 #ifndef WOLFSSL_NO_TLS12 12568 13854 int ret = 0; 12569 13855 BuildMsgArgs* args; … … 12574 13860 (void)sizeof(args_test); 12575 13861 #endif 13862 #endif 12576 13863 12577 13864 WOLFSSL_ENTER("BuildMessage"); … … 12581 13868 } 12582 13869 13870 #ifdef WOLFSSL_NO_TLS12 13871 return BuildTls13Message(ssl, output, outSz, input, inSz, type, 13872 hashOutput, sizeOnly, asyncOkay); 13873 #else 12583 13874 #ifdef WOLFSSL_TLS13 12584 13875 if (ssl->options.tls1_3) { … … 12623 13914 /* catch mistaken sizeOnly parameter */ 12624 13915 if (!sizeOnly && (output == NULL || input == NULL) ) { 12625 return BAD_FUNC_ARG;13916 ERROR_OUT(BAD_FUNC_ARG, exit_buildmsg); 12626 13917 } 12627 13918 if (sizeOnly && (output || input) ) { 12628 13919 WOLFSSL_MSG("BuildMessage w/sizeOnly doesn't need input/output"); 12629 return BAD_FUNC_ARG;13920 ERROR_OUT(BAD_FUNC_ARG, exit_buildmsg); 12630 13921 } 12631 13922 … … 12650 13941 #endif 12651 13942 13943 #ifndef WOLFSSL_AEAD_ONLY 12652 13944 if (ssl->specs.cipher_type == block) { 12653 13945 word32 blockSz = ssl->specs.block_size; … … 12656 13948 args->sz += args->ivSz; 12657 13949 12658 if (args->ivSz > (word32)sizeof(args->iv))13950 if (args->ivSz > MAX_IV_SZ) 12659 13951 ERROR_OUT(BUFFER_E, exit_buildmsg); 12660 13952 } 12661 13953 args->sz += 1; /* pad byte */ 12662 13954 args->pad = (args->sz - args->headerSz) % blockSz; 13955 #ifdef OPENSSL_EXTRA 13956 if(args->pad != 0) 13957 #endif 12663 13958 args->pad = blockSz - args->pad; 12664 13959 args->sz += args->pad; 12665 13960 } 13961 #endif /* WOLFSSL_AEAD_ONLY */ 12666 13962 12667 13963 #ifdef HAVE_AEAD … … 12684 13980 12685 13981 if (args->ivSz > 0) { 13982 args->iv = (byte*)XMALLOC(args->ivSz, ssl->heap, DYNAMIC_TYPE_SALT); 13983 if (args->iv == NULL) 13984 ERROR_OUT(MEMORY_E, exit_buildmsg); 13985 12686 13986 ret = wc_RNG_GenerateBlock(ssl->rng, args->iv, args->ivSz); 12687 13987 if (ret != 0) … … 12701 14001 12702 14002 /* write to output */ 12703 if (args->ivSz ) {14003 if (args->ivSz > 0) { 12704 14004 XMEMCPY(output + args->idx, args->iv, 12705 min(args->ivSz, sizeof(args->iv)));14005 min(args->ivSz, MAX_IV_SZ)); 12706 14006 args->idx += args->ivSz; 12707 14007 } … … 12714 14014 case BUILD_MSG_HASH: 12715 14015 { 12716 word32 i;12717 12718 14016 if (type == handshake && hashOutput) { 12719 14017 ret = HashOutput(ssl, output, args->headerSz + inSz, args->ivSz); … … 12721 14019 goto exit_buildmsg; 12722 14020 } 14021 #ifndef WOLFSSL_AEAD_ONLY 12723 14022 if (ssl->specs.cipher_type == block) { 12724 14023 word32 tmpIdx = args->idx + args->digestSz; 14024 word32 i; 12725 14025 12726 14026 for (i = 0; i <= args->pad; i++) 12727 14027 output[tmpIdx++] = (byte)args->pad; /* pad byte gets pad value */ 12728 14028 } 14029 #endif 12729 14030 12730 14031 ssl->options.buildMsgState = BUILD_MSG_VERIFY_MAC; … … 12744 14045 #endif 12745 14046 14047 #ifndef WOLFSSL_AEAD_ONLY 12746 14048 if (ssl->specs.cipher_type != aead) { 12747 14049 #ifdef HAVE_TRUNCATED_HMAC 12748 if (ssl->truncated_hmac && ssl->specs.hash_size > args->digestSz) { 14050 if (ssl->truncated_hmac && 14051 ssl->specs.hash_size > args->digestSz) { 12749 14052 #ifdef WOLFSSL_SMALL_STACK 12750 14053 byte* hmac = NULL; 12751 14054 #else 12752 byte hmac[MAX_DIGEST_SIZE];14055 byte hmac[WC_MAX_DIGEST_SIZE]; 12753 14056 #endif 12754 14057 12755 14058 #ifdef WOLFSSL_SMALL_STACK 12756 hmac = (byte*)XMALLOC(MAX_DIGEST_SIZE, ssl->heap,14059 hmac = (byte*)XMALLOC(WC_MAX_DIGEST_SIZE, ssl->heap, 12757 14060 DYNAMIC_TYPE_DIGEST); 12758 14061 if (hmac == NULL) … … 12760 14063 #endif 12761 14064 12762 ret = ssl->hmac(ssl, hmac, output + args->headerSz + args->ivSz, inSz, 12763 type, 0); 14065 ret = ssl->hmac(ssl, hmac, 14066 output + args->headerSz + args->ivSz, inSz, 14067 -1, type, 0); 12764 14068 XMEMCPY(output + args->idx, hmac, args->digestSz); 12765 14069 … … 12770 14074 else 12771 14075 #endif 12772 ret = ssl->hmac(ssl, output + args->idx, output + args->headerSz + args->ivSz, 12773 inSz, type, 0); 12774 #ifdef WOLFSSL_DTLS 12775 if (ssl->options.dtls) 12776 DtlsSEQIncrement(ssl, CUR_ORDER); 12777 #endif 12778 } 14076 { 14077 ret = ssl->hmac(ssl, output + args->idx, output + 14078 args->headerSz + args->ivSz, inSz, -1, type, 0); 14079 } 14080 } 14081 #endif /* WOLFSSL_AEAD_ONLY */ 12779 14082 if (ret != 0) 12780 14083 goto exit_buildmsg; … … 12804 14107 ssl->options.buildMsgState = BUILD_MSG_BEGIN; 12805 14108 14109 #ifdef WOLFSSL_DTLS 14110 if (ret == 0 && ssl->options.dtls) 14111 DtlsSEQIncrement(ssl, CUR_ORDER); 14112 #endif 14113 12806 14114 /* return sz on success */ 12807 14115 if (ret == 0) … … 12810 14118 /* Final cleanup */ 12811 14119 FreeBuildMsgArgs(ssl, args); 14120 #ifdef WOLFSSL_ASYNC_CRYPT 14121 ssl->async.freeArgs = NULL; 14122 #endif 12812 14123 12813 14124 return ret; 14125 #endif /* !WOLFSSL_NO_TLS12 */ 12814 14126 } 12815 14127 14128 #ifndef WOLFSSL_NO_TLS12 12816 14129 12817 14130 int SendFinished(WOLFSSL* ssl) … … 12827 14140 int outputSz; 12828 14141 14142 WOLFSSL_START(WC_FUNC_FINISHED_SEND); 14143 WOLFSSL_ENTER("SendFinished"); 14144 12829 14145 /* setup encrypt keys */ 12830 14146 if ((ret = SetKeysSide(ssl, ENCRYPT_SIDE_ONLY)) != 0) … … 12889 14205 #endif 12890 14206 if (ssl->options.side == WOLFSSL_SERVER_END) { 14207 #ifdef OPENSSL_EXTRA 14208 ssl->options.serverState = SERVER_FINISHED_COMPLETE; 14209 ssl->cbmode = SSL_CB_MODE_WRITE; 14210 if (ssl->CBIS != NULL) 14211 ssl->CBIS(ssl, SSL_CB_HANDSHAKE_DONE, SSL_SUCCESS); 14212 #endif 12891 14213 ssl->options.handShakeState = HANDSHAKE_DONE; 12892 14214 ssl->options.handShakeDone = 1; … … 12895 14217 else { 12896 14218 if (ssl->options.side == WOLFSSL_CLIENT_END) { 14219 #ifdef OPENSSL_EXTRA 14220 ssl->options.clientState = CLIENT_FINISHED_COMPLETE; 14221 ssl->cbmode = SSL_CB_MODE_WRITE; 14222 if (ssl->CBIS != NULL) 14223 ssl->CBIS(ssl, SSL_CB_HANDSHAKE_DONE, SSL_SUCCESS); 14224 #endif 12897 14225 ssl->options.handShakeState = HANDSHAKE_DONE; 12898 14226 ssl->options.handShakeDone = 1; … … 12900 14228 } 12901 14229 12902 #if def WOLFSSL_CALLBACKS12903 if (ssl->hsInfoOn) AddPacketName( "Finished", &ssl->handShakeInfo);14230 #if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA) 14231 if (ssl->hsInfoOn) AddPacketName(ssl, "Finished"); 12904 14232 if (ssl->toInfoOn) 12905 AddPacketInfo( "Finished", &ssl->timeoutInfo, output, sendSz,12906 ssl->heap);14233 AddPacketInfo(ssl, "Finished", handshake, output, sendSz, 14234 WRITE_PROTO, ssl->heap); 12907 14235 #endif 12908 14236 12909 14237 ssl->buffers.outputBuffer.length += sendSz; 12910 14238 12911 return SendBuffered(ssl); 14239 ret = SendBuffered(ssl); 14240 14241 WOLFSSL_LEAVE("SendFinished", ret); 14242 WOLFSSL_END(WC_FUNC_FINISHED_SEND); 14243 14244 return ret; 12912 14245 } 12913 14246 #endif /* WOLFSSL_NO_TLS12 */ 14247 14248 #ifndef NO_WOLFSSL_SERVER 14249 #if (!defined(WOLFSSL_NO_TLS12) && \ 14250 (defined(HAVE_CERTIFICATE_STATUS_REQUEST) || \ 14251 defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2))) || \ 14252 (defined(WOLFSSL_TLS13) && defined(HAVE_CERTIFICATE_STATUS_REQUEST)) 14253 static int CreateOcspRequest(WOLFSSL* ssl, OcspRequest* request, 14254 DecodedCert* cert, byte* certData, word32 length) 14255 { 14256 int ret; 14257 14258 InitDecodedCert(cert, certData, length, ssl->heap); 14259 /* TODO: Setup async support here */ 14260 ret = ParseCertRelative(cert, CERT_TYPE, VERIFY, ssl->ctx->cm); 14261 if (ret != 0) { 14262 WOLFSSL_MSG("ParseCert failed"); 14263 } 14264 if (ret == 0) 14265 ret = InitOcspRequest(request, cert, 0, ssl->heap); 14266 if (ret == 0) { 14267 /* make sure ctx OCSP request is updated */ 14268 if (!ssl->buffers.weOwnCert) { 14269 wolfSSL_Mutex* ocspLock = &ssl->ctx->cm->ocsp_stapling->ocspLock; 14270 if (wc_LockMutex(ocspLock) == 0) { 14271 if (ssl->ctx->certOcspRequest == NULL) 14272 ssl->ctx->certOcspRequest = request; 14273 wc_UnLockMutex(ocspLock); 14274 } 14275 } 14276 } 14277 14278 FreeDecodedCert(cert); 14279 14280 return ret; 14281 } 14282 14283 14284 int CreateOcspResponse(WOLFSSL* ssl, OcspRequest** ocspRequest, 14285 buffer* response) 14286 { 14287 int ret = 0; 14288 OcspRequest* request; 14289 14290 if (ssl == NULL || ocspRequest == NULL || response == NULL) 14291 return BAD_FUNC_ARG; 14292 14293 request = *ocspRequest; 14294 14295 XMEMSET(response, 0, sizeof(*response)); 14296 14297 /* unable to fetch status. skip. */ 14298 if (ssl->ctx->cm == NULL || ssl->ctx->cm->ocspStaplingEnabled == 0) 14299 return 0; 14300 14301 if (request == NULL || ssl->buffers.weOwnCert) { 14302 DerBuffer* der = ssl->buffers.certificate; 14303 #ifdef WOLFSSL_SMALL_STACK 14304 DecodedCert* cert = NULL; 14305 #else 14306 DecodedCert cert[1]; 14307 #endif 14308 14309 /* unable to fetch status. skip. */ 14310 if (der->buffer == NULL || der->length == 0) 14311 return 0; 14312 14313 #ifdef WOLFSSL_SMALL_STACK 14314 cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), ssl->heap, 14315 DYNAMIC_TYPE_DCERT); 14316 if (cert == NULL) 14317 return MEMORY_E; 14318 #endif 14319 request = (OcspRequest*)XMALLOC(sizeof(OcspRequest), ssl->heap, 14320 DYNAMIC_TYPE_OCSP_REQUEST); 14321 if (request == NULL) 14322 ret = MEMORY_E; 14323 14324 if (ret == 0) { 14325 ret = CreateOcspRequest(ssl, request, cert, der->buffer, 14326 der->length); 14327 } 14328 14329 if (request != NULL && ret != 0) { 14330 FreeOcspRequest(request); 14331 XFREE(request, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST); 14332 request = NULL; 14333 } 14334 #ifdef WOLFSSL_SMALL_STACK 14335 XFREE(cert, ssl->heap, DYNAMIC_TYPE_DCERT); 14336 #endif 14337 } 14338 14339 if (ret == 0) { 14340 request->ssl = ssl; 14341 ret = CheckOcspRequest(ssl->ctx->cm->ocsp_stapling, request, response); 14342 14343 /* Suppressing, not critical */ 14344 if (ret == OCSP_CERT_REVOKED || 14345 ret == OCSP_CERT_UNKNOWN || 14346 ret == OCSP_LOOKUP_FAIL) { 14347 ret = 0; 14348 } 14349 } 14350 14351 *ocspRequest = request; 14352 14353 return ret; 14354 } 14355 #endif 14356 #endif /* !NO_WOLFSSL_SERVER */ 14357 14358 #ifndef WOLFSSL_NO_TLS12 12914 14359 12915 14360 #ifndef NO_CERTS 14361 #if !defined(NO_WOLFSSL_SERVER) || !defined(WOLFSSL_NO_CLIENT_AUTH) 14362 /* handle generation of certificate (11) */ 12916 14363 int SendCertificate(WOLFSSL* ssl) 12917 14364 { … … 12920 14367 word32 length, maxFragment; 12921 14368 14369 WOLFSSL_START(WC_FUNC_CERTIFICATE_SEND); 14370 WOLFSSL_ENTER("SendCertificate"); 14371 12922 14372 if (ssl->options.usingPSK_cipher || ssl->options.usingAnon_cipher) 12923 14373 return 0; /* not needed */ 12924 14374 12925 14375 if (ssl->options.sendVerify == SEND_BLANK_CERT) { 14376 #ifdef OPENSSL_EXTRA 14377 if (ssl->version.major == SSLv3_MAJOR 14378 && ssl->version.minor == SSLv3_MINOR){ 14379 SendAlert(ssl, alert_warning, no_certificate); 14380 return 0; 14381 } else { 14382 #endif 12926 14383 certSz = 0; 12927 14384 certChainSz = 0; … … 12929 14386 length = CERT_HEADER_SZ; 12930 14387 listSz = 0; 14388 #ifdef OPENSSL_EXTRA 14389 } 14390 #endif 12931 14391 } 12932 14392 else { … … 12957 14417 12958 14418 maxFragment = MAX_RECORD_SIZE; 14419 12959 14420 if (ssl->options.dtls) { 12960 14421 #ifdef WOLFSSL_DTLS 14422 /* The 100 bytes is used to account for the UDP and IP headers. 14423 It can also include the record padding and MAC if the 14424 SendCertificate is called for a secure renegotiation. */ 12961 14425 maxFragment = MAX_MTU - DTLS_RECORD_HEADER_SZ 12962 14426 - DTLS_HANDSHAKE_HEADER_SZ - 100; … … 12964 14428 } 12965 14429 12966 #ifdef HAVE_MAX_FRAGMENT 12967 if (ssl->max_fragment != 0 && maxFragment >= ssl->max_fragment) 12968 maxFragment = ssl->max_fragment; 12969 #endif /* HAVE_MAX_FRAGMENT */ 14430 maxFragment = wolfSSL_GetMaxRecordSize(ssl, maxFragment); 12970 14431 12971 14432 while (length > 0 && ret == 0) { … … 13132 14593 #endif 13133 14594 13134 #if def WOLFSSL_CALLBACKS14595 #if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA) 13135 14596 if (ssl->hsInfoOn) 13136 AddPacketName( "Certificate", &ssl->handShakeInfo);14597 AddPacketName(ssl, "Certificate"); 13137 14598 if (ssl->toInfoOn) 13138 AddPacketInfo( "Certificate", &ssl->timeoutInfo, output, sendSz,13139 ssl->heap);14599 AddPacketInfo(ssl, "Certificate", handshake, output, sendSz, 14600 WRITE_PROTO, ssl->heap); 13140 14601 #endif 13141 14602 … … 13152 14613 ssl->keys.dtls_handshake_number++; 13153 14614 #endif 13154 if (ssl->options.side == WOLFSSL_SERVER_END) 14615 if (ssl->options.side == WOLFSSL_SERVER_END){ 13155 14616 ssl->options.serverState = SERVER_CERT_COMPLETE; 13156 14617 } 14618 } 14619 14620 WOLFSSL_LEAVE("SendCertificate", ret); 14621 WOLFSSL_END(WC_FUNC_CERTIFICATE_SEND); 13157 14622 13158 14623 return ret; 13159 14624 } 13160 13161 14625 #endif /* !NO_WOLFSSL_SERVER || !WOLFSSL_NO_CLIENT_AUTH */ 14626 14627 /* handle generation of certificate_request (13) */ 13162 14628 int SendCertificateRequest(WOLFSSL* ssl) 13163 14629 { … … 13167 14633 word32 i = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ; 13168 14634 word32 dnLen = 0; 13169 #if def WOLFSSL_NGINX14635 #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) 13170 14636 WOLF_STACK_OF(WOLFSSL_X509_NAME)* names; 13171 14637 #endif … … 13174 14640 int reqSz = ENUM_LEN + typeTotal + REQ_HEADER_SZ; /* add auth later */ 13175 14641 14642 WOLFSSL_START(WC_FUNC_CERTIFICATE_REQUEST_SEND); 14643 WOLFSSL_ENTER("SendCertificateRequest"); 14644 13176 14645 if (IsAtLeastTLSv1_2(ssl)) 13177 14646 reqSz += LENGTH_SZ + ssl->suites->hashSigAlgoSz; 13178 14647 13179 #if def WOLFSSL_NGINX14648 #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) 13180 14649 /* Certificate Authorities */ 13181 14650 names = ssl->ctx->ca_names; … … 13196 14665 sendSz = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ + reqSz; 13197 14666 14667 if (!ssl->options.dtls) { 14668 if (IsEncryptionOn(ssl, 1)) 14669 sendSz += MAX_MSG_EXTRA; 14670 } 14671 else { 13198 14672 #ifdef WOLFSSL_DTLS 13199 if (ssl->options.dtls) {13200 14673 sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA; 13201 14674 i += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA; 13202 }13203 14675 #endif 14676 } 13204 14677 /* check for available size */ 13205 14678 if ((ret = CheckAvailableSize(ssl, sendSz)) != 0) … … 13228 14701 if (IsAtLeastTLSv1_2(ssl)) { 13229 14702 c16toa(ssl->suites->hashSigAlgoSz, &output[i]); 13230 i += LENGTH_SZ;14703 i += OPAQUE16_LEN; 13231 14704 13232 14705 XMEMCPY(&output[i], … … 13238 14711 c16toa((word16)dnLen, &output[i]); /* auth's */ 13239 14712 i += REQ_HEADER_SZ; 13240 #if def WOLFSSL_NGINX14713 #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) 13241 14714 names = ssl->ctx->ca_names; 13242 14715 while (names != NULL) { 13243 14716 byte seq[MAX_SEQ_SZ]; 13244 14717 13245 c16toa( names->data.name->rawLen +14718 c16toa((word16)names->data.name->rawLen + 13246 14719 SetSequence(names->data.name->rawLen, seq), &output[i]); 13247 14720 i += OPAQUE16_LEN; … … 13254 14727 (void)i; 13255 14728 14729 if (IsEncryptionOn(ssl, 1)) { 14730 byte* input; 14731 int inputSz = i - RECORD_HEADER_SZ; /* build msg adds rec hdr */ 14732 14733 input = (byte*)XMALLOC(inputSz, ssl->heap, DYNAMIC_TYPE_IN_BUFFER); 14734 if (input == NULL) 14735 return MEMORY_E; 14736 14737 XMEMCPY(input, output + RECORD_HEADER_SZ, inputSz); 14738 sendSz = BuildMessage(ssl, output, sendSz, input, inputSz, 14739 handshake, 1, 0, 0); 14740 XFREE(input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER); 14741 14742 if (sendSz < 0) 14743 return sendSz; 14744 } else { 13256 14745 #ifdef WOLFSSL_DTLS 14746 if (ssl->options.dtls) 14747 DtlsSEQIncrement(ssl, CUR_ORDER); 13257 14748 if (IsDtlsNotSctpMode(ssl)) { 13258 14749 if ((ret = DtlsMsgPoolSave(ssl, output, sendSz)) != 0) 13259 14750 return ret; 13260 14751 } 13261 if (ssl->options.dtls)13262 DtlsSEQIncrement(ssl, CUR_ORDER);13263 14752 #endif 13264 13265 14753 ret = HashOutput(ssl, output, sendSz, 0); 13266 14754 if (ret != 0) 13267 14755 return ret; 13268 13269 #ifdef WOLFSSL_CALLBACKS 14756 } 14757 14758 #if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA) 13270 14759 if (ssl->hsInfoOn) 13271 AddPacketName( "CertificateRequest", &ssl->handShakeInfo);14760 AddPacketName(ssl, "CertificateRequest"); 13272 14761 if (ssl->toInfoOn) 13273 AddPacketInfo( "CertificateRequest", &ssl->timeoutInfo, output,13274 sendSz, ssl->heap);14762 AddPacketInfo(ssl, "CertificateRequest", handshake, output, sendSz, 14763 WRITE_PROTO, ssl->heap); 13275 14764 #endif 13276 14765 ssl->buffers.outputBuffer.length += sendSz; 13277 14766 if (ssl->options.groupMessages) 13278 ret urn0;14767 ret = 0; 13279 14768 else 13280 return SendBuffered(ssl); 14769 ret = SendBuffered(ssl); 14770 14771 WOLFSSL_LEAVE("SendCertificateRequest", ret); 14772 WOLFSSL_END(WC_FUNC_CERTIFICATE_REQUEST_SEND); 14773 14774 return ret; 13281 14775 } 13282 14776 … … 13365 14859 #endif 13366 14860 13367 #if def WOLFSSL_CALLBACKS14861 #if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA) 13368 14862 if (ret == 0 && ssl->hsInfoOn) 13369 AddPacketName( "CertificateStatus", &ssl->handShakeInfo);14863 AddPacketName(ssl, "CertificateStatus"); 13370 14864 if (ret == 0 && ssl->toInfoOn) 13371 AddPacketInfo( "CertificateStatus", &ssl->timeoutInfo, output,13372 sendSz, ssl->heap);14865 AddPacketInfo(ssl, "CertificateStatus", handshake, output, sendSz, 14866 WRITE_PROTO, ssl->heap); 13373 14867 #endif 13374 14868 … … 13386 14880 #endif /* NO_WOLFSSL_SERVER */ 13387 14881 13388 14882 /* handle generation of certificate_status (22) */ 13389 14883 int SendCertificateStatus(WOLFSSL* ssl) 13390 14884 { … … 13392 14886 byte status_type = 0; 13393 14887 14888 WOLFSSL_START(WC_FUNC_CERTIFICATE_STATUS_SEND); 13394 14889 WOLFSSL_ENTER("SendCertificateStatus"); 13395 14890 … … 13415 14910 buffer response; 13416 14911 13417 XMEMSET(&response, 0, sizeof(response)); 13418 13419 /* unable to fetch status. skip. */ 13420 if (ssl->ctx->cm == NULL || ssl->ctx->cm->ocspStaplingEnabled == 0) 13421 return 0; 13422 13423 if (request == NULL || ssl->buffers.weOwnCert) { 13424 DerBuffer* der = ssl->buffers.certificate; 14912 ret = CreateOcspResponse(ssl, &request, &response); 14913 if (ret == 0 && response.buffer) { 14914 ret = BuildCertificateStatus(ssl, status_type, &response, 1); 14915 14916 XFREE(response.buffer, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST); 14917 response.buffer = NULL; 14918 } 14919 14920 break; 14921 } 14922 14923 #endif /* HAVE_CERTIFICATE_STATUS_REQUEST */ 14924 /* HAVE_CERTIFICATE_STATUS_REQUEST_V2 */ 14925 14926 #if defined HAVE_CERTIFICATE_STATUS_REQUEST_V2 14927 case WOLFSSL_CSR2_OCSP_MULTI: 14928 { 14929 OcspRequest* request = ssl->ctx->certOcspRequest; 14930 buffer responses[1 + MAX_CHAIN_DEPTH]; 14931 int i = 0; 14932 14933 XMEMSET(responses, 0, sizeof(responses)); 14934 14935 ret = CreateOcspResponse(ssl, &request, &responses[0]); 14936 if (ret == 0 && (!ssl->ctx->chainOcspRequest[0] 14937 || ssl->buffers.weOwnCertChain)) { 14938 buffer der; 14939 word32 idx = 0; 13425 14940 #ifdef WOLFSSL_SMALL_STACK 13426 14941 DecodedCert* cert = NULL; … … 13428 14943 DecodedCert cert[1]; 13429 14944 #endif 13430 13431 /* unable to fetch status. skip. */13432 if (der->buffer == NULL || der->length == 0)13433 return 0;13434 14945 13435 14946 #ifdef WOLFSSL_SMALL_STACK … … 13439 14950 return MEMORY_E; 13440 14951 #endif 13441 13442 InitDecodedCert(cert, der->buffer, der->length, ssl->heap); 13443 /* TODO: Setup async support here */ 13444 if ((ret = ParseCertRelative(cert, CERT_TYPE, VERIFY, 13445 ssl->ctx->cm)) != 0) { 13446 WOLFSSL_MSG("ParseCert failed"); 13447 } 13448 else { 13449 request = (OcspRequest*)XMALLOC(sizeof(OcspRequest), 13450 ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST); 13451 if (request) { 13452 ret = InitOcspRequest(request, cert, 0, ssl->heap); 13453 if (ret == 0) { 13454 /* make sure ctx OCSP request is updated */ 13455 if (!ssl->buffers.weOwnCert) { 13456 wolfSSL_Mutex* ocspLock = 13457 &ssl->ctx->cm->ocsp_stapling->ocspLock; 13458 if (wc_LockMutex(ocspLock) == 0) { 13459 if (ssl->ctx->certOcspRequest == NULL) 13460 ssl->ctx->certOcspRequest = request; 13461 wc_UnLockMutex(ocspLock); 13462 } 13463 } 13464 } 13465 else { 13466 XFREE(request, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST); 13467 request = NULL; 13468 } 13469 } 13470 else { 13471 ret = MEMORY_E; 13472 } 13473 } 13474 13475 FreeDecodedCert(cert); 13476 14952 request = (OcspRequest*)XMALLOC(sizeof(OcspRequest), ssl->heap, 14953 DYNAMIC_TYPE_OCSP_REQUEST); 14954 if (request == NULL) { 13477 14955 #ifdef WOLFSSL_SMALL_STACK 13478 14956 XFREE(cert, ssl->heap, DYNAMIC_TYPE_DCERT); 13479 14957 #endif 13480 } 13481 14958 return MEMORY_E; 14959 } 14960 14961 while (idx + OPAQUE24_LEN < ssl->buffers.certChain->length) { 14962 c24to32(ssl->buffers.certChain->buffer + idx, &der.length); 14963 idx += OPAQUE24_LEN; 14964 14965 der.buffer = ssl->buffers.certChain->buffer + idx; 14966 idx += der.length; 14967 14968 if (idx > ssl->buffers.certChain->length) 14969 break; 14970 14971 ret = CreateOcspRequest(ssl, request, cert, der.buffer, 14972 der.length); 13482 14973 if (ret == 0) { 13483 14974 request->ssl = ssl; 13484 ret = CheckOcspRequest(ssl->ctx->cm->ocsp_stapling, request,13485 &response);14975 ret = CheckOcspRequest(ssl->ctx->cm->ocsp_stapling, 14976 request, &responses[i + 1]); 13486 14977 13487 14978 /* Suppressing, not critical */ … … 13492 14983 } 13493 14984 13494 if (response.buffer) { 13495 if (ret == 0) 13496 ret = BuildCertificateStatus(ssl, status_type, 13497 &response, 1); 13498 13499 XFREE(response.buffer, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST); 13500 response.buffer = NULL; 14985 14986 i++; 14987 FreeOcspRequest(request); 13501 14988 } 13502 13503 } 13504 13505 if (request != ssl->ctx->certOcspRequest) 14989 } 14990 13506 14991 XFREE(request, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST); 13507 13508 break;13509 }13510 13511 #endif /* HAVE_CERTIFICATE_STATUS_REQUEST */13512 /* HAVE_CERTIFICATE_STATUS_REQUEST_V2 */13513 13514 #if defined HAVE_CERTIFICATE_STATUS_REQUEST_V213515 case WOLFSSL_CSR2_OCSP_MULTI:13516 {13517 OcspRequest* request = ssl->ctx->certOcspRequest;13518 buffer responses[1 + MAX_CHAIN_DEPTH];13519 int i = 0;13520 13521 XMEMSET(responses, 0, sizeof(responses));13522 13523 /* unable to fetch status. skip. */13524 if (ssl->ctx->cm == NULL || ssl->ctx->cm->ocspStaplingEnabled == 0)13525 return 0;13526 13527 if (!request || ssl->buffers.weOwnCert) {13528 DerBuffer* der = ssl->buffers.certificate;13529 #ifdef WOLFSSL_SMALL_STACK13530 DecodedCert* cert = NULL;13531 #else13532 DecodedCert cert[1];13533 #endif13534 13535 /* unable to fetch status. skip. */13536 if (der->buffer == NULL || der->length == 0)13537 return 0;13538 13539 #ifdef WOLFSSL_SMALL_STACK13540 cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), ssl->heap,13541 DYNAMIC_TYPE_DCERT);13542 if (cert == NULL)13543 return MEMORY_E;13544 #endif13545 13546 InitDecodedCert(cert, der->buffer, der->length, ssl->heap);13547 /* TODO: Setup async support here */13548 if ((ret = ParseCertRelative(cert, CERT_TYPE, VERIFY,13549 ssl->ctx->cm)) != 0) {13550 WOLFSSL_MSG("ParseCert failed");13551 }13552 else {13553 request = (OcspRequest*)XMALLOC(sizeof(OcspRequest),13554 ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);13555 if (request) {13556 ret = InitOcspRequest(request, cert, 0, ssl->heap);13557 if (ret == 0) {13558 /* make sure ctx OCSP request is updated */13559 if (!ssl->buffers.weOwnCert) {13560 wolfSSL_Mutex* ocspLock =13561 &ssl->ctx->cm->ocsp_stapling->ocspLock;13562 if (wc_LockMutex(ocspLock) == 0) {13563 if (ssl->ctx->certOcspRequest == NULL)13564 ssl->ctx->certOcspRequest = request;13565 wc_UnLockMutex(ocspLock);13566 }13567 }13568 }13569 else {13570 XFREE(request, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);13571 request = NULL;13572 }13573 }13574 else {13575 ret = MEMORY_E;13576 }13577 }13578 13579 FreeDecodedCert(cert);13580 13581 14992 #ifdef WOLFSSL_SMALL_STACK 13582 14993 XFREE(cert, ssl->heap, DYNAMIC_TYPE_DCERT); 13583 14994 #endif 13584 } 13585 13586 if (ret == 0) { 13587 request->ssl = ssl; 13588 ret = CheckOcspRequest(ssl->ctx->cm->ocsp_stapling, request, 13589 &responses[0]); 14995 } 14996 else { 14997 while (ret == 0 && 14998 NULL != (request = ssl->ctx->chainOcspRequest[i])) { 14999 request->ssl = ssl; 15000 ret = CheckOcspRequest(ssl->ctx->cm->ocsp_stapling, 15001 request, &responses[++i]); 13590 15002 13591 15003 /* Suppressing, not critical */ … … 13596 15008 } 13597 15009 } 13598 13599 if (request != ssl->ctx->certOcspRequest)13600 XFREE(request, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);13601 13602 if (ret == 0 && (!ssl->ctx->chainOcspRequest[0]13603 || ssl->buffers.weOwnCertChain)) {13604 buffer der;13605 word32 idx = 0;13606 #ifdef WOLFSSL_SMALL_STACK13607 DecodedCert* cert = NULL;13608 #else13609 DecodedCert cert[1];13610 #endif13611 13612 XMEMSET(&der, 0, sizeof(buffer));13613 13614 #ifdef WOLFSSL_SMALL_STACK13615 cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), ssl->heap,13616 DYNAMIC_TYPE_DCERT);13617 if (cert == NULL)13618 return MEMORY_E;13619 #endif13620 13621 while (idx + OPAQUE24_LEN < ssl->buffers.certChain->length) {13622 c24to32(ssl->buffers.certChain->buffer + idx, &der.length);13623 idx += OPAQUE24_LEN;13624 13625 der.buffer = ssl->buffers.certChain->buffer + idx;13626 idx += der.length;13627 13628 if (idx > ssl->buffers.certChain->length)13629 break;13630 13631 InitDecodedCert(cert, der.buffer, der.length, ssl->heap);13632 /* TODO: Setup async support here */13633 if ((ret = ParseCertRelative(cert, CERT_TYPE, VERIFY,13634 ssl->ctx->cm)) != 0) {13635 WOLFSSL_MSG("ParseCert failed");13636 break;13637 }13638 else {13639 request = (OcspRequest*)XMALLOC(sizeof(OcspRequest),13640 ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST);13641 if (request == NULL) {13642 FreeDecodedCert(cert);13643 13644 ret = MEMORY_E;13645 break;13646 15010 } 13647 15011 13648 ret = InitOcspRequest(request, cert, 0, ssl->heap);15012 if (responses[0].buffer) { 13649 15013 if (ret == 0) { 13650 /* make sure ctx OCSP request is updated */ 13651 if (!ssl->buffers.weOwnCertChain) { 13652 wolfSSL_Mutex* ocspLock = 13653 &ssl->ctx->cm->ocsp_stapling->ocspLock; 13654 if (wc_LockMutex(ocspLock) == 0) { 13655 if (ssl->ctx->chainOcspRequest[i] == NULL) 13656 ssl->ctx->chainOcspRequest[i] = request; 13657 wc_UnLockMutex(ocspLock); 13658 } 13659 } 13660 } 13661 else { 13662 FreeDecodedCert(cert); 13663 XFREE(request, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST); 13664 request = NULL; 13665 break; 13666 } 13667 13668 request->ssl = ssl; 13669 ret = CheckOcspRequest(ssl->ctx->cm->ocsp_stapling, 13670 request, &responses[i + 1]); 13671 13672 /* Suppressing, not critical */ 13673 if (ret == OCSP_CERT_REVOKED || 13674 ret == OCSP_CERT_UNKNOWN || 13675 ret == OCSP_LOOKUP_FAIL) { 13676 ret = 0; 13677 } 13678 13679 if (request != ssl->ctx->chainOcspRequest[i]) 13680 XFREE(request, ssl->heap, DYNAMIC_TYPE_OCSP_REQUEST); 13681 13682 i++; 13683 } 13684 13685 FreeDecodedCert(cert); 13686 } 13687 13688 #ifdef WOLFSSL_SMALL_STACK 13689 XFREE(cert, ssl->heap, DYNAMIC_TYPE_DCERT); 13690 #endif 13691 } 13692 else { 13693 while (ret == 0 && 13694 NULL != (request = ssl->ctx->chainOcspRequest[i])) { 13695 request->ssl = ssl; 13696 ret = CheckOcspRequest(ssl->ctx->cm->ocsp_stapling, 13697 request, &responses[++i]); 13698 13699 /* Suppressing, not critical */ 13700 if (ret == OCSP_CERT_REVOKED || 13701 ret == OCSP_CERT_UNKNOWN || 13702 ret == OCSP_LOOKUP_FAIL) { 13703 ret = 0; 13704 } 13705 } 13706 } 13707 13708 if (responses[0].buffer) { 13709 if (ret == 0) 13710 ret = BuildCertificateStatus(ssl, status_type, 13711 responses, (byte)i + 1); 13712 13713 for (i = 0; i < 1 + MAX_CHAIN_DEPTH; i++) 13714 if (responses[i].buffer) 15014 ret = BuildCertificateStatus(ssl, status_type, responses, 15015 (byte)i + 1); 15016 } 15017 15018 for (i = 0; i < 1 + MAX_CHAIN_DEPTH; i++) { 15019 if (responses[i].buffer) { 13715 15020 XFREE(responses[i].buffer, ssl->heap, 13716 15021 DYNAMIC_TYPE_OCSP_REQUEST); 13717 15022 } 15023 } 15024 } 13718 15025 13719 15026 break; … … 13726 15033 } 13727 15034 15035 WOLFSSL_LEAVE("SendCertificateStatus", ret); 15036 WOLFSSL_END(WC_FUNC_CERTIFICATE_STATUS_SEND); 15037 13728 15038 return ret; 13729 15039 } … … 13731 15041 #endif /* !NO_CERTS */ 13732 15042 15043 #endif /* WOLFSSL_NO_TLS12 */ 13733 15044 13734 15045 int SendData(WOLFSSL* ssl, const void* data, int sz) … … 13738 15049 ret, 13739 15050 dtlsExtra = 0; 13740 13741 if (ssl->error == WANT_WRITE || ssl->error == WC_PENDING_E) 15051 int groupMsgs = 0; 15052 15053 if (ssl->error == WANT_WRITE 15054 #ifdef WOLFSSL_ASYNC_CRYPT 15055 || ssl->error == WC_PENDING_E 15056 #endif 15057 ) { 13742 15058 ssl->error = 0; 15059 } 13743 15060 13744 15061 #ifdef WOLFSSL_DTLS … … 13752 15069 13753 15070 #ifdef WOLFSSL_EARLY_DATA 13754 if (ssl->earlyData ) {15071 if (ssl->earlyData != no_early_data) { 13755 15072 if (ssl->options.handShakeState == HANDSHAKE_DONE) { 13756 15073 WOLFSSL_MSG("handshake complete, trying to send early data"); 13757 15074 return BUILD_MSG_ERROR; 13758 15075 } 15076 #ifdef WOLFSSL_EARLY_DATA_GROUP 15077 groupMsgs = 1; 15078 #endif 13759 15079 } 13760 15080 else … … 13764 15084 WOLFSSL_MSG("handshake not complete, trying to finish"); 13765 15085 if ( (err = wolfSSL_negotiate(ssl)) != WOLFSSL_SUCCESS) { 15086 #ifdef WOLFSSL_ASYNC_CRYPT 13766 15087 /* if async would block return WANT_WRITE */ 13767 15088 if (ssl->error == WC_PENDING_E) { 13768 15089 return WOLFSSL_CBIO_ERR_WANT_WRITE; 13769 15090 } 15091 #endif 13770 15092 return err; 13771 15093 } … … 13773 15095 13774 15096 /* last time system socket output buffer was full, try again to send */ 13775 if ( ssl->buffers.outputBuffer.length > 0) {15097 if (!groupMsgs && ssl->buffers.outputBuffer.length > 0) { 13776 15098 WOLFSSL_MSG("output buffer was full, trying to send again"); 13777 15099 if ( (ssl->error = SendBuffered(ssl)) < 0) { 13778 15100 WOLFSSL_ERROR(ssl->error); 13779 if (ssl->error == SOCKET_ERROR_E && ssl->options.connReset) 13780 return 0; /* peer reset */ 15101 if (ssl->error == SOCKET_ERROR_E && (ssl->options.connReset || 15102 ssl->options.isClosed)) { 15103 ssl->error = SOCKET_PEER_CLOSED_E; 15104 WOLFSSL_ERROR(ssl->error); 15105 return 0; /* peer reset or closed */ 15106 } 13781 15107 return ssl->error; 13782 15108 } … … 13811 15137 if (sent == sz) break; 13812 15138 13813 len = min(sz - sent, OUTPUT_RECORD_SIZE); 13814 #ifdef HAVE_MAX_FRAGMENT 13815 len = min(len, ssl->max_fragment); 13816 #endif 15139 len = wolfSSL_GetMaxRecordSize(ssl, sz - sent); 13817 15140 13818 15141 #ifdef WOLFSSL_DTLS … … 13863 15186 ssl->buffers.outputBuffer.length += sendSz; 13864 15187 13865 if ( ( ret= SendBuffered(ssl)) < 0) {13866 WOLFSSL_ERROR( ret);15188 if ( (ssl->error = SendBuffered(ssl)) < 0) { 15189 WOLFSSL_ERROR(ssl->error); 13867 15190 /* store for next call if WANT_WRITE or user embedSend() that 13868 15191 doesn't present like WANT_WRITE */ 13869 15192 ssl->buffers.plainSz = len; 13870 15193 ssl->buffers.prevSent = sent; 13871 if (ret == SOCKET_ERROR_E && ssl->options.connReset) 13872 return 0; /* peer reset */ 13873 return ssl->error = ret; 15194 if (ssl->error == SOCKET_ERROR_E && (ssl->options.connReset || 15195 ssl->options.isClosed)) { 15196 ssl->error = SOCKET_PEER_CLOSED_E; 15197 WOLFSSL_ERROR(ssl->error); 15198 return 0; /* peer reset or closed */ 15199 } 15200 return ssl->error; 13874 15201 } 13875 15202 … … 13878 15205 /* only one message per attempt */ 13879 15206 if (ssl->options.partialWrite == 1) { 13880 WOLFSSL_MSG("Par itial Write on, only sending one record");15207 WOLFSSL_MSG("Partial Write on, only sending one record"); 13881 15208 break; 13882 15209 } … … 13894 15221 13895 15222 /* reset error state */ 13896 if (ssl->error == WANT_READ || ssl->error == WC_PENDING_E) { 15223 if (ssl->error == WANT_READ 15224 #ifdef WOLFSSL_ASYNC_CRYPT 15225 || ssl->error == WC_PENDING_E 15226 #endif 15227 ) { 13897 15228 ssl->error = 0; 13898 15229 } … … 13913 15244 13914 15245 #ifdef WOLFSSL_EARLY_DATA 13915 if (ssl->earlyData ) {15246 if (ssl->earlyData != no_early_data) { 13916 15247 } 13917 15248 else … … 13935 15266 if (ssl->secure_renegotiation && ssl->secure_renegotiation->startScr) { 13936 15267 int err; 13937 ssl->secure_renegotiation->startScr = 0; /* only start once */13938 15268 WOLFSSL_MSG("Need to start scr, server requested"); 13939 15269 if ( (err = wolfSSL_Rehandshake(ssl)) != WOLFSSL_SUCCESS) 13940 15270 return err; 15271 ssl->secure_renegotiation->startScr = 0; /* only start once */ 13941 15272 } 13942 15273 #endif … … 14026 15357 } 14027 15358 15359 #ifdef OPENSSL_EXTRA 15360 if (ssl->CBIS != NULL) { 15361 ssl->CBIS(ssl, SSL_CB_ALERT, type); 15362 } 15363 #endif 14028 15364 #ifdef WOLFSSL_DTLS 14029 15365 if (ssl->options.dtls) … … 14035 15371 if ((ret = CheckAvailableSize(ssl, outputSz)) != 0) 14036 15372 return ret; 15373 15374 /* Check output buffer */ 15375 if (ssl->buffers.outputBuffer.buffer == NULL) 15376 return BUFFER_E; 14037 15377 14038 15378 /* get output buffer */ … … 14072 15412 return BUILD_MSG_ERROR; 14073 15413 14074 #if def WOLFSSL_CALLBACKS15414 #if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA) 14075 15415 if (ssl->hsInfoOn) 14076 AddPacketName( "Alert", &ssl->handShakeInfo);15416 AddPacketName(ssl, "Alert"); 14077 15417 if (ssl->toInfoOn) 14078 AddPacketInfo("Alert", &ssl->timeoutInfo, output, sendSz,ssl->heap); 15418 AddPacketInfo(ssl, "Alert", alert, output, sendSz, WRITE_PROTO, 15419 ssl->heap); 14079 15420 #endif 14080 15421 … … 14103 15444 switch (error) { 14104 15445 15446 #ifdef WOLFSSL_WPAS 15447 case 0 : 15448 return "ok"; 15449 #endif 15450 14105 15451 case UNSUPPORTED_SUITE : 14106 15452 return "unsupported cipher suite"; … … 14191 15537 return "handshake layer not ready yet, complete first"; 14192 15538 14193 case PMS_VERSION_ERROR :14194 return "premaster secret version mismatch error";14195 14196 15539 case VERSION_ERROR : 14197 15540 return "record layer version error"; … … 14231 15574 return "NTRU decrypt error"; 14232 15575 14233 case ZLIB_INIT_ERROR:14234 return "zlib init error";14235 14236 case ZLIB_COMPRESS_ERROR:14237 return "zlib compress error";14238 14239 case ZLIB_DECOMPRESS_ERROR:14240 return "zlib decompress error";14241 14242 15576 case GETTIME_ERROR: 14243 15577 return "gettimeofday() error"; … … 14325 15659 return "Suites Pointer Error"; 14326 15660 14327 case SSL_NO_PEM_HEADER:14328 return "No PEM Header Error";14329 14330 15661 case OUT_OF_ORDER_E: 14331 15662 return "Out of order message, fatal"; … … 14430 15761 return "Invalid OCSP Status Error"; 14431 15762 15763 case OCSP_WANT_READ: 15764 return "OCSP nonblock wants read"; 15765 14432 15766 case RSA_KEY_SIZE_E: 14433 15767 return "RSA key too small"; … … 14464 15798 14465 15799 case BAD_KEY_SHARE_DATA: 14466 return "The Key Share data contains group that was in Client Hello";15800 return "The Key Share data contains group that wasn't in Client Hello"; 14467 15801 14468 15802 case MISSING_HANDSHAKE_DATA: … … 14477 15811 case INVALID_PARAMETER: 14478 15812 return "The security parameter is invalid"; 15813 15814 case UNSUPPORTED_EXTENSION: 15815 return "TLS Extension not requested by the client"; 14479 15816 14480 15817 case KEY_SHARE_ERROR: … … 14508 15845 } 14509 15846 14510 14511 /* be sure to add to cipher_name_idx too !!!! */ 14512 static const char* const cipher_names[] = 15847 #ifndef NO_ERROR_STRINGS 15848 #define SUITE_INFO(x,y,z,w) {(x),(y),(z),(w)} 15849 #else 15850 #define SUITE_INFO(x,y,z,w) {(x),(z),(w)} 15851 #endif 15852 15853 static const CipherSuiteInfo cipher_names[] = 14513 15854 { 15855 #ifndef WOLFSSL_NO_TLS12 15856 14514 15857 #ifdef BUILD_SSL_RSA_WITH_RC4_128_SHA 14515 "RC4-SHA",15858 SUITE_INFO("RC4-SHA","SSL_RSA_WITH_RC4_128_SHA",CIPHER_BYTE,SSL_RSA_WITH_RC4_128_SHA), 14516 15859 #endif 14517 15860 14518 15861 #ifdef BUILD_SSL_RSA_WITH_RC4_128_MD5 14519 "RC4-MD5",15862 SUITE_INFO("RC4-MD5","SSL_RSA_WITH_RC4_128_MD5",CIPHER_BYTE,SSL_RSA_WITH_RC4_128_MD5), 14520 15863 #endif 14521 15864 14522 15865 #ifdef BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA 14523 "DES-CBC3-SHA",15866 SUITE_INFO("DES-CBC3-SHA","SSL_RSA_WITH_3DES_EDE_CBC_SHA",CIPHER_BYTE,SSL_RSA_WITH_3DES_EDE_CBC_SHA), 14524 15867 #endif 14525 15868 14526 15869 #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA 14527 "AES128-SHA",15870 SUITE_INFO("AES128-SHA","TLS_RSA_WITH_AES_128_CBC_SHA",CIPHER_BYTE,TLS_RSA_WITH_AES_128_CBC_SHA), 14528 15871 #endif 14529 15872 14530 15873 #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA 14531 "AES256-SHA",15874 SUITE_INFO("AES256-SHA","TLS_RSA_WITH_AES_256_CBC_SHA",CIPHER_BYTE,TLS_RSA_WITH_AES_256_CBC_SHA), 14532 15875 #endif 14533 15876 14534 15877 #ifdef BUILD_TLS_RSA_WITH_NULL_SHA 14535 "NULL-SHA",15878 SUITE_INFO("NULL-SHA","TLS_RSA_WITH_NULL_SHA",CIPHER_BYTE,TLS_RSA_WITH_NULL_SHA), 14536 15879 #endif 14537 15880 14538 15881 #ifdef BUILD_TLS_RSA_WITH_NULL_SHA256 14539 "NULL-SHA256",15882 SUITE_INFO("NULL-SHA256","TLS_RSA_WITH_NULL_SHA256",CIPHER_BYTE,TLS_RSA_WITH_NULL_SHA256), 14540 15883 #endif 14541 15884 14542 15885 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA 14543 "DHE-RSA-AES128-SHA",15886 SUITE_INFO("DHE-RSA-AES128-SHA","TLS_DHE_RSA_WITH_AES_128_CBC_SHA",CIPHER_BYTE,TLS_DHE_RSA_WITH_AES_128_CBC_SHA), 14544 15887 #endif 14545 15888 14546 15889 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA 14547 "DHE-RSA-AES256-SHA",15890 SUITE_INFO("DHE-RSA-AES256-SHA","TLS_DHE_RSA_WITH_AES_256_CBC_SHA",CIPHER_BYTE,TLS_DHE_RSA_WITH_AES_256_CBC_SHA), 14548 15891 #endif 14549 15892 14550 15893 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 14551 "DHE-PSK-AES256-GCM-SHA384",15894 SUITE_INFO("DHE-PSK-AES256-GCM-SHA384","TLS_DHE_PSK_WITH_AES_256_GCM_SHA384",CIPHER_BYTE,TLS_DHE_PSK_WITH_AES_256_GCM_SHA384), 14552 15895 #endif 14553 15896 14554 15897 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 14555 "DHE-PSK-AES128-GCM-SHA256",15898 SUITE_INFO("DHE-PSK-AES128-GCM-SHA256","TLS_DHE_PSK_WITH_AES_128_GCM_SHA256",CIPHER_BYTE,TLS_DHE_PSK_WITH_AES_128_GCM_SHA256), 14556 15899 #endif 14557 15900 14558 15901 #ifdef BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384 14559 "PSK-AES256-GCM-SHA384",15902 SUITE_INFO("PSK-AES256-GCM-SHA384","TLS_PSK_WITH_AES_256_GCM_SHA384",CIPHER_BYTE,TLS_PSK_WITH_AES_256_GCM_SHA384), 14560 15903 #endif 14561 15904 14562 15905 #ifdef BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256 14563 "PSK-AES128-GCM-SHA256",15906 SUITE_INFO("PSK-AES128-GCM-SHA256","TLS_PSK_WITH_AES_128_GCM_SHA256",CIPHER_BYTE,TLS_PSK_WITH_AES_128_GCM_SHA256), 14564 15907 #endif 14565 15908 14566 15909 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 14567 "DHE-PSK-AES256-CBC-SHA384",15910 SUITE_INFO("DHE-PSK-AES256-CBC-SHA384","TLS_DHE_PSK_WITH_AES_256_CBC_SHA384",CIPHER_BYTE,TLS_DHE_PSK_WITH_AES_256_CBC_SHA384), 14568 15911 #endif 14569 15912 14570 15913 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 14571 "DHE-PSK-AES128-CBC-SHA256",15914 SUITE_INFO("DHE-PSK-AES128-CBC-SHA256","TLS_DHE_PSK_WITH_AES_128_CBC_SHA256",CIPHER_BYTE,TLS_DHE_PSK_WITH_AES_128_CBC_SHA256), 14572 15915 #endif 14573 15916 14574 15917 #ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384 14575 "PSK-AES256-CBC-SHA384",15918 SUITE_INFO("PSK-AES256-CBC-SHA384","TLS_PSK_WITH_AES_256_CBC_SHA384",CIPHER_BYTE,TLS_PSK_WITH_AES_256_CBC_SHA384), 14576 15919 #endif 14577 15920 14578 15921 #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256 14579 "PSK-AES128-CBC-SHA256",15922 SUITE_INFO("PSK-AES128-CBC-SHA256","TLS_PSK_WITH_AES_128_CBC_SHA256",CIPHER_BYTE,TLS_PSK_WITH_AES_128_CBC_SHA256), 14580 15923 #endif 14581 15924 14582 15925 #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA 14583 "PSK-AES128-CBC-SHA",15926 SUITE_INFO("PSK-AES128-CBC-SHA","TLS_PSK_WITH_AES_128_CBC_SHA",CIPHER_BYTE,TLS_PSK_WITH_AES_128_CBC_SHA), 14584 15927 #endif 14585 15928 14586 15929 #ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA 14587 "PSK-AES256-CBC-SHA",15930 SUITE_INFO("PSK-AES256-CBC-SHA","TLS_PSK_WITH_AES_256_CBC_SHA",CIPHER_BYTE,TLS_PSK_WITH_AES_256_CBC_SHA), 14588 15931 #endif 14589 15932 14590 15933 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CCM 14591 "DHE-PSK-AES128-CCM",15934 SUITE_INFO("DHE-PSK-AES128-CCM","TLS_DHE_PSK_WITH_AES_128_CCM",ECC_BYTE,TLS_DHE_PSK_WITH_AES_128_CCM), 14592 15935 #endif 14593 15936 14594 15937 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CCM 14595 "DHE-PSK-AES256-CCM",15938 SUITE_INFO("DHE-PSK-AES256-CCM","TLS_DHE_PSK_WITH_AES_256_CCM",ECC_BYTE,TLS_DHE_PSK_WITH_AES_256_CCM), 14596 15939 #endif 14597 15940 14598 15941 #ifdef BUILD_TLS_PSK_WITH_AES_128_CCM 14599 "PSK-AES128-CCM",15942 SUITE_INFO("PSK-AES128-CCM","TLS_PSK_WITH_AES_128_CCM",ECC_BYTE,TLS_PSK_WITH_AES_128_CCM), 14600 15943 #endif 14601 15944 14602 15945 #ifdef BUILD_TLS_PSK_WITH_AES_256_CCM 14603 "PSK-AES256-CCM",15946 SUITE_INFO("PSK-AES256-CCM","TLS_PSK_WITH_AES_256_CCM",ECC_BYTE,TLS_PSK_WITH_AES_256_CCM), 14604 15947 #endif 14605 15948 14606 15949 #ifdef BUILD_TLS_PSK_WITH_AES_128_CCM_8 14607 "PSK-AES128-CCM-8",15950 SUITE_INFO("PSK-AES128-CCM-8","TLS_PSK_WITH_AES_128_CCM_8",ECC_BYTE,TLS_PSK_WITH_AES_128_CCM_8), 14608 15951 #endif 14609 15952 14610 15953 #ifdef BUILD_TLS_PSK_WITH_AES_256_CCM_8 14611 "PSK-AES256-CCM-8",15954 SUITE_INFO("PSK-AES256-CCM-8","TLS_PSK_WITH_AES_256_CCM_8",ECC_BYTE,TLS_PSK_WITH_AES_256_CCM_8), 14612 15955 #endif 14613 15956 14614 15957 #ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA384 14615 "DHE-PSK-NULL-SHA384",15958 SUITE_INFO("DHE-PSK-NULL-SHA384","TLS_DHE_PSK_WITH_NULL_SHA384",CIPHER_BYTE,TLS_DHE_PSK_WITH_NULL_SHA384), 14616 15959 #endif 14617 15960 14618 15961 #ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA256 14619 "DHE-PSK-NULL-SHA256",15962 SUITE_INFO("DHE-PSK-NULL-SHA256","TLS_DHE_PSK_WITH_NULL_SHA256",CIPHER_BYTE,TLS_DHE_PSK_WITH_NULL_SHA256), 14620 15963 #endif 14621 15964 14622 15965 #ifdef BUILD_TLS_PSK_WITH_NULL_SHA384 14623 "PSK-NULL-SHA384",15966 SUITE_INFO("PSK-NULL-SHA384","TLS_PSK_WITH_NULL_SHA384",CIPHER_BYTE,TLS_PSK_WITH_NULL_SHA384), 14624 15967 #endif 14625 15968 14626 15969 #ifdef BUILD_TLS_PSK_WITH_NULL_SHA256 14627 "PSK-NULL-SHA256",15970 SUITE_INFO("PSK-NULL-SHA256","TLS_PSK_WITH_NULL_SHA256",CIPHER_BYTE,TLS_PSK_WITH_NULL_SHA256), 14628 15971 #endif 14629 15972 14630 15973 #ifdef BUILD_TLS_PSK_WITH_NULL_SHA 14631 "PSK-NULL-SHA",15974 SUITE_INFO("PSK-NULL-SHA","TLS_PSK_WITH_NULL_SHA",CIPHER_BYTE,TLS_PSK_WITH_NULL_SHA), 14632 15975 #endif 14633 15976 14634 15977 #ifdef BUILD_TLS_RSA_WITH_HC_128_MD5 14635 "HC128-MD5",15978 SUITE_INFO("HC128-MD5","TLS_RSA_WITH_HC_128_MD5",CIPHER_BYTE,TLS_RSA_WITH_HC_128_MD5), 14636 15979 #endif 14637 15980 14638 15981 #ifdef BUILD_TLS_RSA_WITH_HC_128_SHA 14639 "HC128-SHA",15982 SUITE_INFO("HC128-SHA","TLS_RSA_WITH_HC_128_SHA",CIPHER_BYTE,TLS_RSA_WITH_HC_128_SHA), 14640 15983 #endif 14641 15984 14642 15985 #ifdef BUILD_TLS_RSA_WITH_HC_128_B2B256 14643 "HC128-B2B256",15986 SUITE_INFO("HC128-B2B256","TLS_RSA_WITH_HC_128_B2B256",CIPHER_BYTE,TLS_RSA_WITH_HC_128_B2B256), 14644 15987 #endif 14645 15988 14646 15989 #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256 14647 "AES128-B2B256",15990 SUITE_INFO("AES128-B2B256","TLS_RSA_WITH_AES_128_CBC_B2B256",CIPHER_BYTE,TLS_RSA_WITH_AES_128_CBC_B2B256), 14648 15991 #endif 14649 15992 14650 15993 #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256 14651 "AES256-B2B256",15994 SUITE_INFO("AES256-B2B256","TLS_RSA_WITH_AES_256_CBC_B2B256",CIPHER_BYTE,TLS_RSA_WITH_AES_256_CBC_B2B256), 14652 15995 #endif 14653 15996 14654 15997 #ifdef BUILD_TLS_RSA_WITH_RABBIT_SHA 14655 "RABBIT-SHA",15998 SUITE_INFO("RABBIT-SHA","TLS_RSA_WITH_RABBIT_SHA",CIPHER_BYTE,TLS_RSA_WITH_RABBIT_SHA), 14656 15999 #endif 14657 16000 14658 16001 #ifdef BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA 14659 "NTRU-RC4-SHA",16002 SUITE_INFO("NTRU-RC4-SHA","TLS_NTRU_RSA_WITH_RC4_128_SHA",CIPHER_BYTE,TLS_NTRU_RSA_WITH_RC4_128_SHA), 14660 16003 #endif 14661 16004 14662 16005 #ifdef BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA 14663 "NTRU-DES-CBC3-SHA",16006 SUITE_INFO("NTRU-DES-CBC3-SHA","TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA",CIPHER_BYTE,TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA), 14664 16007 #endif 14665 16008 14666 16009 #ifdef BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA 14667 "NTRU-AES128-SHA",16010 SUITE_INFO("NTRU-AES128-SHA","TLS_NTRU_RSA_WITH_AES_128_CBC_SHA",CIPHER_BYTE,TLS_NTRU_RSA_WITH_AES_128_CBC_SHA), 14668 16011 #endif 14669 16012 14670 16013 #ifdef BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA 14671 "NTRU-AES256-SHA",16014 SUITE_INFO("NTRU-AES256-SHA","TLS_NTRU_RSA_WITH_AES_256_CBC_SHA",CIPHER_BYTE,TLS_NTRU_RSA_WITH_AES_256_CBC_SHA), 14672 16015 #endif 14673 16016 14674 16017 #ifdef BUILD_TLS_RSA_WITH_AES_128_CCM_8 14675 "AES128-CCM-8",16018 SUITE_INFO("AES128-CCM-8","TLS_RSA_WITH_AES_128_CCM_8",ECC_BYTE,TLS_RSA_WITH_AES_128_CCM_8), 14676 16019 #endif 14677 16020 14678 16021 #ifdef BUILD_TLS_RSA_WITH_AES_256_CCM_8 14679 "AES256-CCM-8",16022 SUITE_INFO("AES256-CCM-8","TLS_RSA_WITH_AES_256_CCM_8",ECC_BYTE,TLS_RSA_WITH_AES_256_CCM_8), 14680 16023 #endif 14681 16024 14682 16025 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM 14683 "ECDHE-ECDSA-AES128-CCM",16026 SUITE_INFO("ECDHE-ECDSA-AES128-CCM","TLS_ECDHE_ECDSA_WITH_AES_128_CCM",ECC_BYTE,TLS_ECDHE_ECDSA_WITH_AES_128_CCM), 14684 16027 #endif 14685 16028 14686 16029 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 14687 "ECDHE-ECDSA-AES128-CCM-8",16030 SUITE_INFO("ECDHE-ECDSA-AES128-CCM-8","TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8",ECC_BYTE,TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8), 14688 16031 #endif 14689 16032 14690 16033 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 14691 "ECDHE-ECDSA-AES256-CCM-8",16034 SUITE_INFO("ECDHE-ECDSA-AES256-CCM-8","TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8",ECC_BYTE,TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8), 14692 16035 #endif 14693 16036 14694 16037 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA 14695 "ECDHE-RSA-AES128-SHA",16038 SUITE_INFO("ECDHE-RSA-AES128-SHA","TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",ECC_BYTE,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA), 14696 16039 #endif 14697 16040 14698 16041 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 14699 "ECDHE-RSA-AES256-SHA",16042 SUITE_INFO("ECDHE-RSA-AES256-SHA","TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",ECC_BYTE,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA), 14700 16043 #endif 14701 16044 14702 16045 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA 14703 "ECDHE-ECDSA-AES128-SHA",16046 SUITE_INFO("ECDHE-ECDSA-AES128-SHA","TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",ECC_BYTE,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA), 14704 16047 #endif 14705 16048 14706 16049 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA 14707 "ECDHE-ECDSA-AES256-SHA",16050 SUITE_INFO("ECDHE-ECDSA-AES256-SHA","TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",ECC_BYTE,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA), 14708 16051 #endif 14709 16052 14710 16053 #ifdef BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA 14711 "ECDHE-RSA-RC4-SHA",16054 SUITE_INFO("ECDHE-RSA-RC4-SHA","TLS_ECDHE_RSA_WITH_RC4_128_SHA",ECC_BYTE,TLS_ECDHE_RSA_WITH_RC4_128_SHA), 14712 16055 #endif 14713 16056 14714 16057 #ifdef BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA 14715 "ECDHE-RSA-DES-CBC3-SHA",16058 SUITE_INFO("ECDHE-RSA-DES-CBC3-SHA","TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA",ECC_BYTE,TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA), 14716 16059 #endif 14717 16060 14718 16061 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA 14719 "ECDHE-ECDSA-RC4-SHA",16062 SUITE_INFO("ECDHE-ECDSA-RC4-SHA","TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",ECC_BYTE,TLS_ECDHE_ECDSA_WITH_RC4_128_SHA), 14720 16063 #endif 14721 16064 14722 16065 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA 14723 "ECDHE-ECDSA-DES-CBC3-SHA",16066 SUITE_INFO("ECDHE-ECDSA-DES-CBC3-SHA","TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA",ECC_BYTE,TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA), 14724 16067 #endif 14725 16068 14726 16069 #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256 14727 "AES128-SHA256",16070 SUITE_INFO("AES128-SHA256","TLS_RSA_WITH_AES_128_CBC_SHA256",CIPHER_BYTE,TLS_RSA_WITH_AES_128_CBC_SHA256), 14728 16071 #endif 14729 16072 14730 16073 #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256 14731 "AES256-SHA256",16074 SUITE_INFO("AES256-SHA256","TLS_RSA_WITH_AES_256_CBC_SHA256",CIPHER_BYTE,TLS_RSA_WITH_AES_256_CBC_SHA256), 14732 16075 #endif 14733 16076 14734 16077 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 14735 "DHE-RSA-AES128-SHA256",16078 SUITE_INFO("DHE-RSA-AES128-SHA256","TLS_DHE_RSA_WITH_AES_128_CBC_SHA256",CIPHER_BYTE,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256), 14736 16079 #endif 14737 16080 14738 16081 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 14739 "DHE-RSA-AES256-SHA256",16082 SUITE_INFO("DHE-RSA-AES256-SHA256","TLS_DHE_RSA_WITH_AES_256_CBC_SHA256",CIPHER_BYTE,TLS_DHE_RSA_WITH_AES_256_CBC_SHA256), 14740 16083 #endif 14741 16084 14742 16085 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA 14743 "ECDH-RSA-AES128-SHA",16086 SUITE_INFO("ECDH-RSA-AES128-SHA","TLS_ECDH_RSA_WITH_AES_128_CBC_SHA",ECC_BYTE,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA), 14744 16087 #endif 14745 16088 14746 16089 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA 14747 "ECDH-RSA-AES256-SHA",16090 SUITE_INFO("ECDH-RSA-AES256-SHA","TLS_ECDH_RSA_WITH_AES_256_CBC_SHA",ECC_BYTE,TLS_ECDH_RSA_WITH_AES_256_CBC_SHA), 14748 16091 #endif 14749 16092 14750 16093 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA 14751 "ECDH-ECDSA-AES128-SHA",16094 SUITE_INFO("ECDH-ECDSA-AES128-SHA","TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA",ECC_BYTE,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA), 14752 16095 #endif 14753 16096 14754 16097 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA 14755 "ECDH-ECDSA-AES256-SHA",16098 SUITE_INFO("ECDH-ECDSA-AES256-SHA","TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA",ECC_BYTE,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA), 14756 16099 #endif 14757 16100 14758 16101 #ifdef BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA 14759 "ECDH-RSA-RC4-SHA",16102 SUITE_INFO("ECDH-RSA-RC4-SHA","TLS_ECDH_RSA_WITH_RC4_128_SHA",ECC_BYTE,TLS_ECDH_RSA_WITH_RC4_128_SHA), 14760 16103 #endif 14761 16104 14762 16105 #ifdef BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA 14763 "ECDH-RSA-DES-CBC3-SHA",16106 SUITE_INFO("ECDH-RSA-DES-CBC3-SHA","TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA",ECC_BYTE,TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA), 14764 16107 #endif 14765 16108 14766 16109 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA 14767 "ECDH-ECDSA-RC4-SHA",16110 SUITE_INFO("ECDH-ECDSA-RC4-SHA","TLS_ECDH_ECDSA_WITH_RC4_128_SHA",ECC_BYTE,TLS_ECDH_ECDSA_WITH_RC4_128_SHA), 14768 16111 #endif 14769 16112 14770 16113 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA 14771 "ECDH-ECDSA-DES-CBC3-SHA",16114 SUITE_INFO("ECDH-ECDSA-DES-CBC3-SHA","TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA",ECC_BYTE,TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA), 14772 16115 #endif 14773 16116 14774 16117 #ifdef BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256 14775 "AES128-GCM-SHA256",16118 SUITE_INFO("AES128-GCM-SHA256","TLS_RSA_WITH_AES_128_GCM_SHA256",CIPHER_BYTE,TLS_RSA_WITH_AES_128_GCM_SHA256), 14776 16119 #endif 14777 16120 14778 16121 #ifdef BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384 14779 "AES256-GCM-SHA384",16122 SUITE_INFO("AES256-GCM-SHA384","TLS_RSA_WITH_AES_256_GCM_SHA384",CIPHER_BYTE,TLS_RSA_WITH_AES_256_GCM_SHA384), 14780 16123 #endif 14781 16124 14782 16125 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 14783 "DHE-RSA-AES128-GCM-SHA256",16126 SUITE_INFO("DHE-RSA-AES128-GCM-SHA256","TLS_DHE_RSA_WITH_AES_128_GCM_SHA256",CIPHER_BYTE,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256), 14784 16127 #endif 14785 16128 14786 16129 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 14787 "DHE-RSA-AES256-GCM-SHA384",16130 SUITE_INFO("DHE-RSA-AES256-GCM-SHA384","TLS_DHE_RSA_WITH_AES_256_GCM_SHA384",CIPHER_BYTE,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384), 14788 16131 #endif 14789 16132 14790 16133 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 14791 "ECDHE-RSA-AES128-GCM-SHA256",16134 SUITE_INFO("ECDHE-RSA-AES128-GCM-SHA256","TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",ECC_BYTE,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256), 14792 16135 #endif 14793 16136 14794 16137 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 14795 "ECDHE-RSA-AES256-GCM-SHA384",16138 SUITE_INFO("ECDHE-RSA-AES256-GCM-SHA384","TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",ECC_BYTE,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384), 14796 16139 #endif 14797 16140 14798 16141 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 14799 "ECDHE-ECDSA-AES128-GCM-SHA256",16142 SUITE_INFO("ECDHE-ECDSA-AES128-GCM-SHA256","TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",ECC_BYTE,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256), 14800 16143 #endif 14801 16144 14802 16145 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 14803 "ECDHE-ECDSA-AES256-GCM-SHA384",16146 SUITE_INFO("ECDHE-ECDSA-AES256-GCM-SHA384","TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",ECC_BYTE,TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384), 14804 16147 #endif 14805 16148 14806 16149 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 14807 "ECDH-RSA-AES128-GCM-SHA256",16150 SUITE_INFO("ECDH-RSA-AES128-GCM-SHA256","TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256",ECC_BYTE,TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256), 14808 16151 #endif 14809 16152 14810 16153 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 14811 "ECDH-RSA-AES256-GCM-SHA384",16154 SUITE_INFO("ECDH-RSA-AES256-GCM-SHA384","TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384",ECC_BYTE,TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384), 14812 16155 #endif 14813 16156 14814 16157 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 14815 "ECDH-ECDSA-AES128-GCM-SHA256",16158 SUITE_INFO("ECDH-ECDSA-AES128-GCM-SHA256","TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256",ECC_BYTE,TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256), 14816 16159 #endif 14817 16160 14818 16161 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 14819 "ECDH-ECDSA-AES256-GCM-SHA384",16162 SUITE_INFO("ECDH-ECDSA-AES256-GCM-SHA384","TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384",ECC_BYTE,TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384), 14820 16163 #endif 14821 16164 14822 16165 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 14823 "CAMELLIA128-SHA",16166 SUITE_INFO("CAMELLIA128-SHA","TLS_RSA_WITH_CAMELLIA_128_CBC_SHA",CIPHER_BYTE,TLS_RSA_WITH_CAMELLIA_128_CBC_SHA), 14824 16167 #endif 14825 16168 14826 16169 #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 14827 "DHE-RSA-CAMELLIA128-SHA",16170 SUITE_INFO("DHE-RSA-CAMELLIA128-SHA","TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA",CIPHER_BYTE,TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA), 14828 16171 #endif 14829 16172 14830 16173 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 14831 "CAMELLIA256-SHA",16174 SUITE_INFO("CAMELLIA256-SHA","TLS_RSA_WITH_CAMELLIA_256_CBC_SHA",CIPHER_BYTE,TLS_RSA_WITH_CAMELLIA_256_CBC_SHA), 14832 16175 #endif 14833 16176 14834 16177 #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 14835 "DHE-RSA-CAMELLIA256-SHA",16178 SUITE_INFO("DHE-RSA-CAMELLIA256-SHA","TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA",CIPHER_BYTE,TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA), 14836 16179 #endif 14837 16180 14838 16181 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 14839 "CAMELLIA128-SHA256",16182 SUITE_INFO("CAMELLIA128-SHA256","TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256",CIPHER_BYTE,TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256), 14840 16183 #endif 14841 16184 14842 16185 #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 14843 "DHE-RSA-CAMELLIA128-SHA256",16186 SUITE_INFO("DHE-RSA-CAMELLIA128-SHA256","TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256",CIPHER_BYTE,TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256), 14844 16187 #endif 14845 16188 14846 16189 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 14847 "CAMELLIA256-SHA256",16190 SUITE_INFO("CAMELLIA256-SHA256","TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256",CIPHER_BYTE,TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256), 14848 16191 #endif 14849 16192 14850 16193 #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 14851 "DHE-RSA-CAMELLIA256-SHA256",16194 SUITE_INFO("DHE-RSA-CAMELLIA256-SHA256","TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256",CIPHER_BYTE,TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256), 14852 16195 #endif 14853 16196 14854 16197 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 14855 "ECDHE-RSA-AES128-SHA256",16198 SUITE_INFO("ECDHE-RSA-AES128-SHA256","TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",ECC_BYTE,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256), 14856 16199 #endif 14857 16200 14858 16201 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 14859 "ECDHE-ECDSA-AES128-SHA256",16202 SUITE_INFO("ECDHE-ECDSA-AES128-SHA256","TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",ECC_BYTE,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256), 14860 16203 #endif 14861 16204 14862 16205 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 14863 "ECDH-RSA-AES128-SHA256",16206 SUITE_INFO("ECDH-RSA-AES128-SHA256","TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256",ECC_BYTE,TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256), 14864 16207 #endif 14865 16208 14866 16209 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 14867 "ECDH-ECDSA-AES128-SHA256",16210 SUITE_INFO("ECDH-ECDSA-AES128-SHA256","TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256",ECC_BYTE,TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256), 14868 16211 #endif 14869 16212 14870 16213 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 14871 "ECDHE-RSA-AES256-SHA384",16214 SUITE_INFO("ECDHE-RSA-AES256-SHA384","TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",ECC_BYTE,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384), 14872 16215 #endif 14873 16216 14874 16217 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 14875 "ECDHE-ECDSA-AES256-SHA384",16218 SUITE_INFO("ECDHE-ECDSA-AES256-SHA384","TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384",ECC_BYTE,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384), 14876 16219 #endif 14877 16220 14878 16221 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 14879 "ECDH-RSA-AES256-SHA384",16222 SUITE_INFO("ECDH-RSA-AES256-SHA384","TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384",ECC_BYTE,TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384), 14880 16223 #endif 14881 16224 14882 16225 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 14883 "ECDH-ECDSA-AES256-SHA384",16226 SUITE_INFO("ECDH-ECDSA-AES256-SHA384","TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384",ECC_BYTE,TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384), 14884 16227 #endif 14885 16228 14886 16229 #ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 14887 "ECDHE-RSA-CHACHA20-POLY1305",16230 SUITE_INFO("ECDHE-RSA-CHACHA20-POLY1305","TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",CHACHA_BYTE,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256), 14888 16231 #endif 14889 16232 14890 16233 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 14891 "ECDHE-ECDSA-CHACHA20-POLY1305",16234 SUITE_INFO("ECDHE-ECDSA-CHACHA20-POLY1305","TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",CHACHA_BYTE,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256), 14892 16235 #endif 14893 16236 14894 16237 #ifdef BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 14895 "DHE-RSA-CHACHA20-POLY1305",16238 SUITE_INFO("DHE-RSA-CHACHA20-POLY1305","TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256",CHACHA_BYTE,TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256), 14896 16239 #endif 14897 16240 14898 16241 #ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 14899 "ECDHE-RSA-CHACHA20-POLY1305-OLD",16242 SUITE_INFO("ECDHE-RSA-CHACHA20-POLY1305-OLD","TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256",CHACHA_BYTE,TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256), 14900 16243 #endif 14901 16244 14902 16245 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256 14903 "ECDHE-ECDSA-CHACHA20-POLY1305-OLD",16246 SUITE_INFO("ECDHE-ECDSA-CHACHA20-POLY1305-OLD","TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256",CHACHA_BYTE,TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256), 14904 16247 #endif 14905 16248 14906 16249 #ifdef BUILD_TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 14907 "DHE-RSA-CHACHA20-POLY1305-OLD",16250 SUITE_INFO("DHE-RSA-CHACHA20-POLY1305-OLD","TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256",CHACHA_BYTE,TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256), 14908 16251 #endif 14909 16252 14910 16253 #ifdef BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA 14911 "ADH-AES128-SHA", 16254 SUITE_INFO("ADH-AES128-SHA","TLS_DH_anon_WITH_AES_128_CBC_SHA",CIPHER_BYTE,TLS_DH_anon_WITH_AES_128_CBC_SHA), 16255 #endif 16256 16257 #ifdef BUILD_TLS_DH_anon_WITH_AES_256_GCM_SHA384 16258 SUITE_INFO("ADH-AES256-GCM-SHA384","TLS_DH_anon_WITH_AES_256_GCM_SHA384",CIPHER_BYTE,TLS_DH_anon_WITH_AES_256_GCM_SHA384), 14912 16259 #endif 14913 16260 14914 16261 #ifdef BUILD_TLS_QSH 14915 "QSH",16262 SUITE_INFO("QSH","TLS_QSH",QSH_BYTE,TLS_QSH), 14916 16263 #endif 14917 16264 14918 16265 #ifdef HAVE_RENEGOTIATION_INDICATION 14919 "RENEGOTIATION-INFO",16266 SUITE_INFO("RENEGOTIATION-INFO","TLS_EMPTY_RENEGOTIATION_INFO_SCSV",CIPHER_BYTE,TLS_EMPTY_RENEGOTIATION_INFO_SCSV), 14920 16267 #endif 14921 16268 14922 16269 #ifdef BUILD_SSL_RSA_WITH_IDEA_CBC_SHA 14923 "IDEA-CBC-SHA",16270 SUITE_INFO("IDEA-CBC-SHA","SSL_RSA_WITH_IDEA_CBC_SHA",CIPHER_BYTE,SSL_RSA_WITH_IDEA_CBC_SHA), 14924 16271 #endif 14925 16272 14926 16273 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_NULL_SHA 14927 "ECDHE-ECDSA-NULL-SHA",16274 SUITE_INFO("ECDHE-ECDSA-NULL-SHA","TLS_ECDHE_ECDSA_WITH_NULL_SHA",ECC_BYTE,TLS_ECDHE_ECDSA_WITH_NULL_SHA), 14928 16275 #endif 14929 16276 14930 16277 #ifdef BUILD_TLS_ECDHE_PSK_WITH_NULL_SHA256 14931 "ECDHE-PSK-NULL-SHA256",16278 SUITE_INFO("ECDHE-PSK-NULL-SHA256","TLS_ECDHE_PSK_WITH_NULL_SHA256",ECC_BYTE,TLS_ECDHE_PSK_WITH_NULL_SHA256), 14932 16279 #endif 14933 16280 14934 16281 #ifdef BUILD_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 14935 "ECDHE-PSK-AES128-CBC-SHA256",16282 SUITE_INFO("ECDHE-PSK-AES128-CBC-SHA256","TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256",ECC_BYTE,TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256), 14936 16283 #endif 14937 16284 14938 16285 #ifdef BUILD_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 14939 "PSK-CHACHA20-POLY1305",16286 SUITE_INFO("PSK-CHACHA20-POLY1305","TLS_PSK_WITH_CHACHA20_POLY1305_SHA256",CHACHA_BYTE,TLS_PSK_WITH_CHACHA20_POLY1305_SHA256), 14940 16287 #endif 14941 16288 14942 16289 #ifdef BUILD_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 14943 "ECDHE-PSK-CHACHA20-POLY1305",16290 SUITE_INFO("ECDHE-PSK-CHACHA20-POLY1305","TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256",CHACHA_BYTE,TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256), 14944 16291 #endif 14945 16292 14946 16293 #ifdef BUILD_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 14947 "DHE-PSK-CHACHA20-POLY1305",16294 SUITE_INFO("DHE-PSK-CHACHA20-POLY1305","TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256",CHACHA_BYTE,TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256), 14948 16295 #endif 14949 16296 14950 16297 #ifdef BUILD_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 14951 "EDH-RSA-DES-CBC3-SHA", 14952 #endif 16298 SUITE_INFO("EDH-RSA-DES-CBC3-SHA","TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA",CIPHER_BYTE,TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA), 16299 #endif 16300 16301 #ifdef BUILD_WDM_WITH_NULL_SHA256 16302 SUITE_INFO("WDM-NULL-SHA256","WDM_WITH_NULL_SHA256",CIPHER_BYTE,WDM_WITH_NULL_SHA256), 16303 #endif 16304 16305 #endif /* WOLFSSL_NO_TLS12 */ 14953 16306 14954 16307 #ifdef BUILD_TLS_AES_128_GCM_SHA256 14955 "TLS13-AES128-GCM-SHA256",16308 SUITE_INFO("TLS13-AES128-GCM-SHA256","TLS_AES_128_GCM_SHA256",TLS13_BYTE,TLS_AES_128_GCM_SHA256), 14956 16309 #endif 14957 16310 14958 16311 #ifdef BUILD_TLS_AES_256_GCM_SHA384 14959 "TLS13-AES256-GCM-SHA384",16312 SUITE_INFO("TLS13-AES256-GCM-SHA384","TLS_AES_256_GCM_SHA384",TLS13_BYTE,TLS_AES_256_GCM_SHA384), 14960 16313 #endif 14961 16314 14962 16315 #ifdef BUILD_TLS_CHACHA20_POLY1305_SHA256 14963 "TLS13-CHACHA20-POLY1305-SHA256",16316 SUITE_INFO("TLS13-CHACHA20-POLY1305-SHA256","TLS_CHACHA20_POLY1305_SHA256",TLS13_BYTE,TLS_CHACHA20_POLY1305_SHA256), 14964 16317 #endif 14965 16318 14966 16319 #ifdef BUILD_TLS_AES_128_CCM_SHA256 14967 "TLS13-AES128-CCM-SHA256",16320 SUITE_INFO("TLS13-AES128-CCM-SHA256","TLS_AES_128_CCM_SHA256",TLS13_BYTE,TLS_AES_128_CCM_SHA256), 14968 16321 #endif 14969 16322 14970 16323 #ifdef BUILD_TLS_AES_128_CCM_8_SHA256 14971 "TLS13-AES128-CCM-8-SHA256", 14972 #endif 14973 14974 #ifdef BUILD_WDM_WITH_NULL_SHA256 14975 "WDM-NULL-SHA256", 16324 SUITE_INFO("TLS13-AES128-CCM-8-SHA256","TLS_AES_128_CCM_8_SHA256",TLS13_BYTE,TLS_AES_128_CCM_8_SHA256), 14976 16325 #endif 14977 16326 }; 14978 16327 14979 16328 14980 /* cipher suite number that matches above name table */14981 static int cipher_name_idx[] =14982 {14983 14984 #ifdef BUILD_SSL_RSA_WITH_RC4_128_SHA14985 SSL_RSA_WITH_RC4_128_SHA,14986 #endif14987 14988 #ifdef BUILD_SSL_RSA_WITH_RC4_128_MD514989 SSL_RSA_WITH_RC4_128_MD5,14990 #endif14991 14992 #ifdef BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA14993 SSL_RSA_WITH_3DES_EDE_CBC_SHA,14994 #endif14995 14996 #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA14997 TLS_RSA_WITH_AES_128_CBC_SHA,14998 #endif14999 15000 #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA15001 TLS_RSA_WITH_AES_256_CBC_SHA,15002 #endif15003 15004 #ifdef BUILD_TLS_RSA_WITH_NULL_SHA15005 TLS_RSA_WITH_NULL_SHA,15006 #endif15007 15008 #ifdef BUILD_TLS_RSA_WITH_NULL_SHA25615009 TLS_RSA_WITH_NULL_SHA256,15010 #endif15011 15012 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA15013 TLS_DHE_RSA_WITH_AES_128_CBC_SHA,15014 #endif15015 15016 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA15017 TLS_DHE_RSA_WITH_AES_256_CBC_SHA,15018 #endif15019 15020 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA38415021 TLS_DHE_PSK_WITH_AES_256_GCM_SHA384,15022 #endif15023 15024 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA25615025 TLS_DHE_PSK_WITH_AES_128_GCM_SHA256,15026 #endif15027 15028 #ifdef BUILD_TLS_PSK_WITH_AES_256_GCM_SHA38415029 TLS_PSK_WITH_AES_256_GCM_SHA384,15030 #endif15031 15032 #ifdef BUILD_TLS_PSK_WITH_AES_128_GCM_SHA25615033 TLS_PSK_WITH_AES_128_GCM_SHA256,15034 #endif15035 15036 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA38415037 TLS_DHE_PSK_WITH_AES_256_CBC_SHA384,15038 #endif15039 15040 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA25615041 TLS_DHE_PSK_WITH_AES_128_CBC_SHA256,15042 #endif15043 15044 #ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA38415045 TLS_PSK_WITH_AES_256_CBC_SHA384,15046 #endif15047 15048 #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA25615049 TLS_PSK_WITH_AES_128_CBC_SHA256,15050 #endif15051 15052 #ifdef BUILD_TLS_PSK_WITH_AES_128_CBC_SHA15053 TLS_PSK_WITH_AES_128_CBC_SHA,15054 #endif15055 15056 #ifdef BUILD_TLS_PSK_WITH_AES_256_CBC_SHA15057 TLS_PSK_WITH_AES_256_CBC_SHA,15058 #endif15059 15060 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_128_CCM15061 TLS_DHE_PSK_WITH_AES_128_CCM,15062 #endif15063 15064 #ifdef BUILD_TLS_DHE_PSK_WITH_AES_256_CCM15065 TLS_DHE_PSK_WITH_AES_256_CCM,15066 #endif15067 15068 #ifdef BUILD_TLS_PSK_WITH_AES_128_CCM15069 TLS_PSK_WITH_AES_128_CCM,15070 #endif15071 15072 #ifdef BUILD_TLS_PSK_WITH_AES_256_CCM15073 TLS_PSK_WITH_AES_256_CCM,15074 #endif15075 15076 #ifdef BUILD_TLS_PSK_WITH_AES_128_CCM_815077 TLS_PSK_WITH_AES_128_CCM_8,15078 #endif15079 15080 #ifdef BUILD_TLS_PSK_WITH_AES_256_CCM_815081 TLS_PSK_WITH_AES_256_CCM_8,15082 #endif15083 15084 #ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA38415085 TLS_DHE_PSK_WITH_NULL_SHA384,15086 #endif15087 15088 #ifdef BUILD_TLS_DHE_PSK_WITH_NULL_SHA25615089 TLS_DHE_PSK_WITH_NULL_SHA256,15090 #endif15091 15092 #ifdef BUILD_TLS_PSK_WITH_NULL_SHA38415093 TLS_PSK_WITH_NULL_SHA384,15094 #endif15095 15096 #ifdef BUILD_TLS_PSK_WITH_NULL_SHA25615097 TLS_PSK_WITH_NULL_SHA256,15098 #endif15099 15100 #ifdef BUILD_TLS_PSK_WITH_NULL_SHA15101 TLS_PSK_WITH_NULL_SHA,15102 #endif15103 15104 #ifdef BUILD_TLS_RSA_WITH_HC_128_MD515105 TLS_RSA_WITH_HC_128_MD5,15106 #endif15107 15108 #ifdef BUILD_TLS_RSA_WITH_HC_128_SHA15109 TLS_RSA_WITH_HC_128_SHA,15110 #endif15111 15112 #ifdef BUILD_TLS_RSA_WITH_HC_128_B2B25615113 TLS_RSA_WITH_HC_128_B2B256,15114 #endif15115 15116 #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_B2B25615117 TLS_RSA_WITH_AES_128_CBC_B2B256,15118 #endif15119 15120 #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_B2B25615121 TLS_RSA_WITH_AES_256_CBC_B2B256,15122 #endif15123 15124 #ifdef BUILD_TLS_RSA_WITH_RABBIT_SHA15125 TLS_RSA_WITH_RABBIT_SHA,15126 #endif15127 15128 #ifdef BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA15129 TLS_NTRU_RSA_WITH_RC4_128_SHA,15130 #endif15131 15132 #ifdef BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA15133 TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA,15134 #endif15135 15136 #ifdef BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA15137 TLS_NTRU_RSA_WITH_AES_128_CBC_SHA,15138 #endif15139 15140 #ifdef BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA15141 TLS_NTRU_RSA_WITH_AES_256_CBC_SHA,15142 #endif15143 15144 #ifdef BUILD_TLS_RSA_WITH_AES_128_CCM_815145 TLS_RSA_WITH_AES_128_CCM_8,15146 #endif15147 15148 #ifdef BUILD_TLS_RSA_WITH_AES_256_CCM_815149 TLS_RSA_WITH_AES_256_CCM_8,15150 #endif15151 15152 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM15153 TLS_ECDHE_ECDSA_WITH_AES_128_CCM,15154 #endif15155 15156 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_815157 TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8,15158 #endif15159 15160 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_815161 TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8,15162 #endif15163 15164 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA15165 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,15166 #endif15167 15168 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA15169 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,15170 #endif15171 15172 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA15173 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,15174 #endif15175 15176 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA15177 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,15178 #endif15179 15180 #ifdef BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA15181 TLS_ECDHE_RSA_WITH_RC4_128_SHA,15182 #endif15183 15184 #ifdef BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA15185 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,15186 #endif15187 15188 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA15189 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,15190 #endif15191 15192 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA15193 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,15194 #endif15195 15196 #ifdef BUILD_TLS_RSA_WITH_AES_128_CBC_SHA25615197 TLS_RSA_WITH_AES_128_CBC_SHA256,15198 #endif15199 15200 #ifdef BUILD_TLS_RSA_WITH_AES_256_CBC_SHA25615201 TLS_RSA_WITH_AES_256_CBC_SHA256,15202 #endif15203 15204 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA25615205 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,15206 #endif15207 15208 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA25615209 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,15210 #endif15211 15212 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA15213 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA,15214 #endif15215 15216 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA15217 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,15218 #endif15219 15220 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA15221 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA,15222 #endif15223 15224 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA15225 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,15226 #endif15227 15228 #ifdef BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA15229 TLS_ECDH_RSA_WITH_RC4_128_SHA,15230 #endif15231 15232 #ifdef BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA15233 TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,15234 #endif15235 15236 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA15237 TLS_ECDH_ECDSA_WITH_RC4_128_SHA,15238 #endif15239 15240 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA15241 TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,15242 #endif15243 15244 #ifdef BUILD_TLS_RSA_WITH_AES_128_GCM_SHA25615245 TLS_RSA_WITH_AES_128_GCM_SHA256,15246 #endif15247 15248 #ifdef BUILD_TLS_RSA_WITH_AES_256_GCM_SHA38415249 TLS_RSA_WITH_AES_256_GCM_SHA384,15250 #endif15251 15252 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA25615253 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,15254 #endif15255 15256 #ifdef BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA38415257 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,15258 #endif15259 15260 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA25615261 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,15262 #endif15263 15264 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA38415265 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,15266 #endif15267 15268 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA25615269 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,15270 #endif15271 15272 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA38415273 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,15274 #endif15275 15276 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA25615277 TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256,15278 #endif15279 15280 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA38415281 TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384,15282 #endif15283 15284 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA25615285 TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,15286 #endif15287 15288 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA38415289 TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,15290 #endif15291 15292 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA15293 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,15294 #endif15295 15296 #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA15297 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,15298 #endif15299 15300 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA15301 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,15302 #endif15303 15304 #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA15305 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,15306 #endif15307 15308 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA25615309 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256,15310 #endif15311 15312 #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA25615313 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256,15314 #endif15315 15316 #ifdef BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA25615317 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256,15318 #endif15319 15320 #ifdef BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA25615321 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256,15322 #endif15323 15324 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA25615325 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,15326 #endif15327 15328 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA25615329 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,15330 #endif15331 15332 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA25615333 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256,15334 #endif15335 15336 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA25615337 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,15338 #endif15339 15340 #ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA38415341 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,15342 #endif15343 15344 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA38415345 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,15346 #endif15347 15348 #ifdef BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA38415349 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384,15350 #endif15351 15352 #ifdef BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA38415353 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,15354 #endif15355 15356 #ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA25615357 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,15358 #endif15359 15360 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA25615361 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,15362 #endif15363 15364 #ifdef BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA25615365 TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,15366 #endif15367 15368 #ifdef BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA25615369 TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256,15370 #endif15371 15372 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA25615373 TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256,15374 #endif15375 15376 #ifdef BUILD_TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA25615377 TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256,15378 #endif15379 15380 #ifdef BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA15381 TLS_DH_anon_WITH_AES_128_CBC_SHA,15382 #endif15383 15384 #ifdef BUILD_TLS_QSH15385 TLS_QSH,15386 #endif15387 15388 #ifdef HAVE_RENEGOTIATION_INDICATION15389 TLS_EMPTY_RENEGOTIATION_INFO_SCSV,15390 #endif15391 15392 #ifdef BUILD_SSL_RSA_WITH_IDEA_CBC_SHA15393 SSL_RSA_WITH_IDEA_CBC_SHA,15394 #endif15395 15396 #ifdef BUILD_TLS_ECDHE_ECDSA_WITH_NULL_SHA15397 TLS_ECDHE_ECDSA_WITH_NULL_SHA,15398 #endif15399 15400 #ifdef BUILD_TLS_ECDHE_PSK_WITH_NULL_SHA25615401 TLS_ECDHE_PSK_WITH_NULL_SHA256,15402 #endif15403 15404 #ifdef BUILD_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA25615405 TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256,15406 #endif15407 15408 #ifdef BUILD_TLS_PSK_WITH_CHACHA20_POLY1305_SHA25615409 TLS_PSK_WITH_CHACHA20_POLY1305_SHA256,15410 #endif15411 15412 #ifdef BUILD_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA25615413 TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256,15414 #endif15415 15416 #ifdef BUILD_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA25615417 TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256,15418 #endif15419 15420 #ifdef BUILD_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA15421 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,15422 #endif15423 15424 #ifdef BUILD_TLS_AES_128_GCM_SHA25615425 TLS_AES_128_GCM_SHA256,15426 #endif15427 15428 #ifdef BUILD_TLS_AES_256_GCM_SHA38415429 TLS_AES_256_GCM_SHA384,15430 #endif15431 15432 #ifdef BUILD_TLS_CHACHA20_POLY1305_SHA25615433 TLS_CHACHA20_POLY1305_SHA256,15434 #endif15435 15436 #ifdef BUILD_TLS_AES_128_CCM_SHA25615437 TLS_AES_128_CCM_SHA256,15438 #endif15439 15440 #ifdef BUILD_TLS_AES_128_CCM_8_SHA25615441 TLS_AES_128_CCM_8_SHA256,15442 #endif15443 15444 #ifdef BUILD_WDM_WITH_NULL_SHA25615445 WDM_WITH_NULL_SHA256,15446 #endif15447 };15448 15449 15450 16329 /* returns the cipher_names array */ 15451 const char* const* GetCipherNames(void)16330 const CipherSuiteInfo* GetCipherNames(void) 15452 16331 { 15453 16332 return cipher_names; … … 15455 16334 15456 16335 15457 /* returns the size ofthe cipher_names array */16336 /* returns the number of elements in the cipher_names array */ 15458 16337 int GetCipherNamesSize(void) 15459 16338 { 15460 return (int)(sizeof(cipher_names) / sizeof( char*));16339 return (int)(sizeof(cipher_names) / sizeof(CipherSuiteInfo)); 15461 16340 } 15462 16341 15463 /* gets cipher name in the format DHE-RSA-... rather then TLS_DHE... */ 15464 const char* GetCipherNameInternal(const char* cipherName, intcipherSuite)16342 16343 const char* GetCipherNameInternal(const byte cipherSuite0, const byte cipherSuite) 15465 16344 { 15466 const char* result = NULL;15467 const char* first;15468 16345 int i; 15469 15470 if (cipherName == NULL) { 15471 WOLFSSL_MSG("Bad argument"); 15472 return NULL; 15473 } 15474 15475 first = (XSTRSTR(cipherName, "CHACHA")) ? "CHACHA" 15476 : (XSTRSTR(cipherName, "EC")) ? "EC" 15477 : (XSTRSTR(cipherName, "CCM")) ? "CCM" 15478 : NULL; /* normal */ 15479 15480 for (i = 0; i < (int)(sizeof(cipher_name_idx)/sizeof(int)); i++) { 15481 if (cipher_name_idx[i] == cipherSuite) { 15482 const char* nameFound = cipher_names[i]; 15483 15484 /* extra sanity check on returned cipher name */ 15485 if (nameFound == NULL) { 15486 continue; 15487 } 15488 15489 /* if first is null then not any */ 15490 if (first == NULL) { 15491 if ( !XSTRSTR(nameFound, "CHACHA") && 15492 !XSTRSTR(nameFound, "EC") && 15493 !XSTRSTR(nameFound, "CCM")) { 15494 result = nameFound; 15495 break; 15496 } 15497 } 15498 else if (XSTRSTR(nameFound, first)) { 15499 result = nameFound; 15500 break; 15501 } 15502 } 15503 } 15504 15505 return result; 16346 const char* nameInternal = NULL; 16347 16348 for (i = 0; i < GetCipherNamesSize(); i++) { 16349 if ((cipher_names[i].cipherSuite0 == cipherSuite0) && 16350 (cipher_names[i].cipherSuite == cipherSuite)) { 16351 nameInternal = cipher_names[i].name; 16352 break; 16353 } 16354 } 16355 return nameInternal; 16356 } 16357 16358 const char* GetCipherNameIana(const byte cipherSuite0, const byte cipherSuite) 16359 { 16360 #ifndef NO_ERROR_STRINGS 16361 int i; 16362 const char* nameIana = "NONE"; 16363 16364 for (i = 0; i < GetCipherNamesSize(); i++) { 16365 if ((cipher_names[i].cipherSuite0 == cipherSuite0) && 16366 (cipher_names[i].cipherSuite == cipherSuite)) { 16367 nameIana = cipher_names[i].name_iana; 16368 break; 16369 } 16370 } 16371 return nameIana; 16372 #else 16373 (void)cipherSuite0; 16374 (void)cipherSuite; 16375 return NULL; 16376 #endif 15506 16377 } 15507 16378 … … 15509 16380 { 15510 16381 if (ssl == NULL) { 15511 WOLFSSL_MSG("Bad argument");15512 16382 return NULL; 15513 16383 } 15514 16384 15515 return GetCipherNameInternal( 15516 wolfSSL_CIPHER_get_name(&ssl->cipher), 15517 ssl->options.cipherSuite); 16385 return GetCipherNameInternal(ssl->options.cipherSuite0, ssl->options.cipherSuite); 15518 16386 } 15519 16387 15520 15521 const char* wolfSSL_get_cipher_name_from_suite(const unsigned char cipherSuite, 15522 const unsigned char cipherSuite0) 16388 const char* wolfSSL_get_cipher_name_iana(WOLFSSL* ssl) 15523 16389 { 15524 15525 WOLFSSL_ENTER("wolfSSL_get_cipher_name_from_suite"); 15526 15527 (void)cipherSuite; 15528 (void)cipherSuite0; 15529 15530 #ifndef NO_ERROR_STRINGS 15531 15532 #if defined(HAVE_CHACHA) 15533 if (cipherSuite0 == CHACHA_BYTE) { 15534 /* ChaCha suites */ 15535 switch (cipherSuite) { 15536 #ifdef HAVE_POLY1305 15537 #ifndef NO_RSA 15538 case TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 : 15539 return "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256"; 15540 15541 case TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 : 15542 return "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256"; 15543 15544 case TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 : 15545 return "TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256"; 15546 15547 case TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 : 15548 return "TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256"; 15549 #endif 15550 case TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 : 15551 return "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256"; 15552 15553 case TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256 : 15554 return "TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256"; 15555 #ifndef NO_PSK 15556 case TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 : 15557 return "TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256"; 15558 case TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 : 15559 return "TLS_PSK_WITH_CHACHA20_POLY1305_SHA256"; 15560 case TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 : 15561 return "TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256"; 15562 #endif /* NO_PSK */ 15563 #endif /* HAVE_POLY1305 */ 15564 } /* switch */ 15565 } /* chacha */ 15566 #endif /* HAVE_CHACHA */ 15567 15568 #if defined(HAVE_ECC) || defined(HAVE_AESCCM) 15569 /* Awkwardly, the ECC cipher suites use the ECC_BYTE as expected, 15570 * but the AES-CCM cipher suites also use it, even the ones that 15571 * aren't ECC. */ 15572 if (cipherSuite0 == ECC_BYTE) { 15573 /* ECC suites */ 15574 switch (cipherSuite) { 15575 #ifdef HAVE_ECC 15576 #ifndef NO_RSA 15577 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 : 15578 return "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"; 15579 #endif /* !NO_RSA */ 15580 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 : 15581 return "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256"; 15582 #ifndef NO_RSA 15583 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 : 15584 return "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256"; 15585 #endif /* !NO_RSA */ 15586 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 : 15587 return "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256"; 15588 #ifndef NO_RSA 15589 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 : 15590 return "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384"; 15591 #endif /* !NO_RSA */ 15592 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 : 15593 return "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384"; 15594 #ifndef NO_RSA 15595 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 : 15596 return "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384"; 15597 #endif /* !NO_RSA */ 15598 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 : 15599 return "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384"; 15600 #ifndef NO_SHA 15601 #ifndef NO_RSA 15602 case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA : 15603 return "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA"; 15604 case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA : 15605 return "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA"; 15606 #endif /* !NO_RSA */ 15607 case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA : 15608 return "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA"; 15609 case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA : 15610 return "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA"; 15611 #ifndef NO_RC4 15612 #ifndef NO_RSA 15613 case TLS_ECDHE_RSA_WITH_RC4_128_SHA : 15614 return "TLS_ECDHE_RSA_WITH_RC4_128_SHA"; 15615 #endif /* !NO_RSA */ 15616 case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA : 15617 return "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"; 15618 #endif /* !NO_RC4 */ 15619 #ifndef NO_DES3 15620 #ifndef NO_RSA 15621 case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA : 15622 return "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA"; 15623 #endif /* !NO_RSA */ 15624 case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA : 15625 return "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA"; 15626 #endif /* !NO_DES3 */ 15627 15628 #ifndef NO_RSA 15629 case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA : 15630 return "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA"; 15631 case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA : 15632 return "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA"; 15633 #endif /* !NO_RSA */ 15634 case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA : 15635 return "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA"; 15636 case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA : 15637 return "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA"; 15638 #ifndef NO_RC4 15639 #ifndef NO_RSA 15640 case TLS_ECDH_RSA_WITH_RC4_128_SHA : 15641 return "TLS_ECDH_RSA_WITH_RC4_128_SHA"; 15642 #endif /* !NO_RSA */ 15643 case TLS_ECDH_ECDSA_WITH_RC4_128_SHA : 15644 return "TLS_ECDH_ECDSA_WITH_RC4_128_SHA"; 15645 #endif /* !NO_RC4 */ 15646 #ifndef NO_DES3 15647 #ifndef NO_RSA 15648 case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA : 15649 return "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA"; 15650 #endif /* !NO_RSA */ 15651 case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA : 15652 return "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA"; 15653 #endif /* !NO_DES3 */ 15654 #endif /* HAVE_ECC */ 15655 15656 #ifdef HAVE_AESGCM 15657 #ifndef NO_RSA 15658 case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 : 15659 return "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"; 15660 case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 : 15661 return "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"; 15662 #endif /* !NO_RSA */ 15663 case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 : 15664 return "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"; 15665 case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 : 15666 return "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384"; 15667 #ifndef NO_RSA 15668 case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 : 15669 return "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256"; 15670 case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 : 15671 return "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384"; 15672 #endif /* !NO_RSA */ 15673 case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 : 15674 return "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256"; 15675 case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 : 15676 return "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384"; 15677 #endif /* HAVE_AESGCM */ 15678 15679 case TLS_ECDHE_ECDSA_WITH_NULL_SHA : 15680 return "TLS_ECDHE_ECDSA_WITH_NULL_SHA"; 15681 #ifndef NO_PSK 15682 case TLS_ECDHE_PSK_WITH_NULL_SHA256 : 15683 return "TLS_ECDHE_PSK_WITH_NULL_SHA256"; 15684 case TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 : 15685 return "TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256"; 15686 #endif /* !NO_PSK */ 15687 #ifndef NO_RSA 15688 case TLS_RSA_WITH_AES_128_CCM_8 : 15689 return "TLS_RSA_WITH_AES_128_CCM_8"; 15690 case TLS_RSA_WITH_AES_256_CCM_8 : 15691 return "TLS_RSA_WITH_AES_256_CCM_8"; 15692 #endif /* !NO_RSA */ 15693 #ifndef NO_PSK 15694 case TLS_PSK_WITH_AES_128_CCM_8 : 15695 return "TLS_PSK_WITH_AES_128_CCM_8"; 15696 case TLS_PSK_WITH_AES_256_CCM_8 : 15697 return "TLS_PSK_WITH_AES_256_CCM_8"; 15698 case TLS_PSK_WITH_AES_128_CCM : 15699 return "TLS_PSK_WITH_AES_128_CCM"; 15700 case TLS_PSK_WITH_AES_256_CCM : 15701 return "TLS_PSK_WITH_AES_256_CCM"; 15702 case TLS_DHE_PSK_WITH_AES_128_CCM : 15703 return "TLS_DHE_PSK_WITH_AES_128_CCM"; 15704 case TLS_DHE_PSK_WITH_AES_256_CCM : 15705 return "TLS_DHE_PSK_WITH_AES_256_CCM"; 15706 #endif /* !NO_PSK */ 15707 #ifdef HAVE_ECC 15708 case TLS_ECDHE_ECDSA_WITH_AES_128_CCM: 15709 return "TLS_ECDHE_ECDSA_WITH_AES_128_CCM"; 15710 case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8: 15711 return "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8"; 15712 case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 : 15713 return "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8"; 15714 #endif /* HAVE_ECC */ 15715 #endif /* HAVE_AESGCM */ 15716 15717 default: 15718 return "NONE"; 15719 } /* switch */ 15720 } /* ECC and AES CCM/GCM */ 15721 #endif /* HAVE_ECC || HAVE_AESCCM*/ 15722 15723 if (cipherSuite0 == TLS13_BYTE) { 15724 /* TLS v1.3 suites */ 15725 switch (cipherSuite) { 15726 #ifdef WOLFSSL_TLS13 15727 #ifdef HAVE_AESGCM 15728 case TLS_AES_128_GCM_SHA256 : 15729 return "TLS_AES_128_GCM_SHA256"; 15730 case TLS_AES_256_GCM_SHA384 : 15731 return "TLS_AES_256_GCM_SHA384"; 15732 #endif 15733 15734 #ifdef HAVE_CHACHA 15735 case TLS_CHACHA20_POLY1305_SHA256 : 15736 return "TLS_CHACHA20_POLY1305_SHA256"; 15737 #endif 15738 15739 #ifdef HAVE_AESCCM 15740 case TLS_AES_128_CCM_SHA256 : 15741 return "TLS_AES_128_CCM_SHA256"; 15742 case TLS_AES_128_CCM_8_SHA256 : 15743 return "TLS_AES_256_CCM_8_SHA256"; 15744 #endif 15745 #endif 15746 15747 default: 15748 return "NONE"; 15749 } 15750 } 15751 15752 if (cipherSuite0 != ECC_BYTE && 15753 cipherSuite0 != CHACHA_BYTE && 15754 cipherSuite0 != TLS13_BYTE) { 15755 15756 /* normal suites */ 15757 switch (cipherSuite) { 15758 #ifndef NO_RSA 15759 #ifndef NO_RC4 15760 #ifndef NO_SHA 15761 case SSL_RSA_WITH_RC4_128_SHA : 15762 return "SSL_RSA_WITH_RC4_128_SHA"; 15763 #endif /* !NO_SHA */ 15764 #ifndef NO_MD5 15765 case SSL_RSA_WITH_RC4_128_MD5 : 15766 return "SSL_RSA_WITH_RC4_128_MD5"; 15767 #endif /* !NO_MD5 */ 15768 #endif /* !NO_RC4 */ 15769 #ifndef NO_SHA 15770 #ifndef NO_DES3 15771 case SSL_RSA_WITH_3DES_EDE_CBC_SHA : 15772 return "SSL_RSA_WITH_3DES_EDE_CBC_SHA"; 15773 #endif /* !NO_DES3 */ 15774 #ifdef HAVE_IDEA 15775 case SSL_RSA_WITH_IDEA_CBC_SHA : 15776 return "SSL_RSA_WITH_IDEA_CBC_SHA"; 15777 #endif /* HAVE_IDEA */ 15778 15779 case TLS_RSA_WITH_AES_128_CBC_SHA : 15780 return "TLS_RSA_WITH_AES_128_CBC_SHA"; 15781 case TLS_RSA_WITH_AES_256_CBC_SHA : 15782 return "TLS_RSA_WITH_AES_256_CBC_SHA"; 15783 #endif /* !NO_SHA */ 15784 case TLS_RSA_WITH_AES_128_CBC_SHA256 : 15785 return "TLS_RSA_WITH_AES_128_CBC_SHA256"; 15786 case TLS_RSA_WITH_AES_256_CBC_SHA256 : 15787 return "TLS_RSA_WITH_AES_256_CBC_SHA256"; 15788 #ifdef HAVE_BLAKE2 15789 case TLS_RSA_WITH_AES_128_CBC_B2B256: 15790 return "TLS_RSA_WITH_AES_128_CBC_B2B256"; 15791 case TLS_RSA_WITH_AES_256_CBC_B2B256: 15792 return "TLS_RSA_WITH_AES_256_CBC_B2B256"; 15793 #endif /* HAVE_BLAKE2 */ 15794 #ifndef NO_SHA 15795 case TLS_RSA_WITH_NULL_SHA : 15796 return "TLS_RSA_WITH_NULL_SHA"; 15797 #endif /* !NO_SHA */ 15798 case TLS_RSA_WITH_NULL_SHA256 : 15799 return "TLS_RSA_WITH_NULL_SHA256"; 15800 #endif /* NO_RSA */ 15801 15802 #ifndef NO_PSK 15803 #ifndef NO_SHA 15804 case TLS_PSK_WITH_AES_128_CBC_SHA : 15805 return "TLS_PSK_WITH_AES_128_CBC_SHA"; 15806 case TLS_PSK_WITH_AES_256_CBC_SHA : 15807 return "TLS_PSK_WITH_AES_256_CBC_SHA"; 15808 #endif /* !NO_SHA */ 15809 #ifndef NO_SHA256 15810 case TLS_PSK_WITH_AES_128_CBC_SHA256 : 15811 return "TLS_PSK_WITH_AES_128_CBC_SHA256"; 15812 case TLS_PSK_WITH_NULL_SHA256 : 15813 return "TLS_PSK_WITH_NULL_SHA256"; 15814 case TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 : 15815 return "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256"; 15816 case TLS_DHE_PSK_WITH_NULL_SHA256 : 15817 return "TLS_DHE_PSK_WITH_NULL_SHA256"; 15818 #ifdef HAVE_AESGCM 15819 case TLS_PSK_WITH_AES_128_GCM_SHA256 : 15820 return "TLS_PSK_WITH_AES_128_GCM_SHA256"; 15821 case TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 : 15822 return "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256"; 15823 #endif /* HAVE_AESGCM */ 15824 #endif /* !NO_SHA256 */ 15825 #ifdef WOLFSSL_SHA384 15826 case TLS_PSK_WITH_AES_256_CBC_SHA384 : 15827 return "TLS_PSK_WITH_AES_256_CBC_SHA384"; 15828 case TLS_PSK_WITH_NULL_SHA384 : 15829 return "TLS_PSK_WITH_NULL_SHA384"; 15830 case TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 : 15831 return "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384"; 15832 case TLS_DHE_PSK_WITH_NULL_SHA384 : 15833 return "TLS_DHE_PSK_WITH_NULL_SHA384"; 15834 #ifdef HAVE_AESGCM 15835 case TLS_PSK_WITH_AES_256_GCM_SHA384 : 15836 return "TLS_PSK_WITH_AES_256_GCM_SHA384"; 15837 case TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 : 15838 return "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384"; 15839 #endif /* HAVE_AESGCM */ 15840 #endif /* WOLFSSL_SHA384 */ 15841 #ifndef NO_SHA 15842 case TLS_PSK_WITH_NULL_SHA : 15843 return "TLS_PSK_WITH_NULL_SHA"; 15844 #endif /* !NO_SHA */ 15845 #endif /* NO_PSK */ 15846 15847 #ifndef NO_RSA 15848 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 : 15849 return "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256"; 15850 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 : 15851 return "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256"; 15852 #ifndef NO_SHA 15853 case TLS_DHE_RSA_WITH_AES_128_CBC_SHA : 15854 return "TLS_DHE_RSA_WITH_AES_128_CBC_SHA"; 15855 case TLS_DHE_RSA_WITH_AES_256_CBC_SHA : 15856 return "TLS_DHE_RSA_WITH_AES_256_CBC_SHA"; 15857 #ifndef NO_DES3 15858 case TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA: 15859 return "TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA"; 15860 #endif 15861 #endif /* !NO_RSA */ 15862 #ifndef NO_HC128 15863 #ifndef NO_MD5 15864 case TLS_RSA_WITH_HC_128_MD5 : 15865 return "TLS_RSA_WITH_HC_128_MD5"; 15866 #endif /* !NO_MD5 */ 15867 #ifndef NO_SHA 15868 case TLS_RSA_WITH_HC_128_SHA : 15869 return "TLS_RSA_WITH_HC_128_SHA"; 15870 #endif /* !NO_SHA */ 15871 #ifdef HAVE_BLAKE2 15872 case TLS_RSA_WITH_HC_128_B2B256: 15873 return "TLS_RSA_WITH_HC_128_B2B256"; 15874 #endif /* HAVE_BLAKE2 */ 15875 #endif /* !NO_HC128 */ 15876 #ifndef NO_SHA 15877 #ifndef NO_RABBIT 15878 case TLS_RSA_WITH_RABBIT_SHA : 15879 return "TLS_RSA_WITH_RABBIT_SHA"; 15880 #endif /* !NO_RABBIT */ 15881 #ifdef HAVE_NTRU 15882 #ifndef NO_RC4 15883 case TLS_NTRU_RSA_WITH_RC4_128_SHA : 15884 return "TLS_NTRU_RSA_WITH_RC4_128_SHA"; 15885 #endif /* !NO_RC4 */ 15886 #ifndef NO_DES3 15887 case TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA : 15888 return "TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA"; 15889 #endif /* !NO_DES3 */ 15890 case TLS_NTRU_RSA_WITH_AES_128_CBC_SHA : 15891 return "TLS_NTRU_RSA_WITH_AES_128_CBC_SHA"; 15892 case TLS_NTRU_RSA_WITH_AES_256_CBC_SHA : 15893 return "TLS_NTRU_RSA_WITH_AES_256_CBC_SHA"; 15894 #endif /* HAVE_NTRU */ 15895 15896 #ifdef HAVE_QSH 15897 case TLS_QSH : 15898 return "TLS_QSH"; 15899 #endif /* HAVE_QSH */ 15900 #endif /* !NO_SHA */ 15901 15902 case TLS_RSA_WITH_AES_128_GCM_SHA256 : 15903 return "TLS_RSA_WITH_AES_128_GCM_SHA256"; 15904 case TLS_RSA_WITH_AES_256_GCM_SHA384 : 15905 return "TLS_RSA_WITH_AES_256_GCM_SHA384"; 15906 case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 : 15907 return "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256"; 15908 case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 : 15909 return "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384"; 15910 #ifndef NO_SHA 15911 case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA : 15912 return "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA"; 15913 case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA : 15914 return "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA"; 15915 #endif /* !NO_SHA */ 15916 case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 : 15917 return "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256"; 15918 case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 : 15919 return "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256"; 15920 #ifndef NO_SHA 15921 case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA : 15922 return "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA"; 15923 case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA : 15924 return "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA"; 15925 #endif /* !NO_SHA */ 15926 case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 : 15927 return "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256"; 15928 case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 : 15929 return "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256"; 15930 #endif /* !NO_PSK */ 15931 15932 #ifdef BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA 15933 case TLS_DH_anon_WITH_AES_128_CBC_SHA : 15934 return "TLS_DH_anon_WITH_AES_128_CBC_SHA"; 15935 #endif 15936 #ifdef BUILD_WDM_WITH_NULL_SHA256 15937 case WDM_WITH_NULL_SHA256 : 15938 return "WDM_WITH_NULL_SHA256"; 15939 #endif 15940 default: 15941 return "NONE"; 15942 } /* switch */ 15943 } /* normal / PSK */ 15944 #endif /* NO_ERROR_STRINGS */ 15945 15946 return "NONE"; 16390 if (ssl == NULL) { 16391 return NULL; 16392 } 16393 16394 return GetCipherNameIana(ssl->options.cipherSuite0, ssl->options.cipherSuite); 15947 16395 } 15948 16396 16397 int GetCipherSuiteFromName(const char* name, byte* cipherSuite0, 16398 byte* cipherSuite) 16399 { 16400 int ret = BAD_FUNC_ARG; 16401 int i; 16402 unsigned long len = (unsigned long)XSTRLEN(name); 16403 16404 for (i = 0; i < GetCipherNamesSize(); i++) { 16405 if (XSTRNCMP(name, cipher_names[i].name, len) == 0) { 16406 *cipherSuite0 = cipher_names[i].cipherSuite0; 16407 *cipherSuite = cipher_names[i].cipherSuite; 16408 ret = 0; 16409 break; 16410 } 16411 } 16412 16413 return ret; 16414 } 15949 16415 15950 16416 /** … … 15974 16440 if (next[0] == 0 || XSTRNCMP(next, "ALL", 3) == 0 || 15975 16441 XSTRNCMP(next, "DEFAULT", 7) == 0) 15976 return 1; /* wolfSSL def ualt */16442 return 1; /* wolfSSL default */ 15977 16443 15978 16444 do { … … 15990 16456 15991 16457 for (i = 0; i < suiteSz; i++) { 15992 if (XSTRNCMP(name, cipher_names[i] , sizeof(name)) == 0) {16458 if (XSTRNCMP(name, cipher_names[i].name, sizeof(name)) == 0) { 15993 16459 #ifdef WOLFSSL_DTLS 15994 16460 /* don't allow stream ciphers with DTLS */ … … 16010 16476 } 16011 16477 16012 suites->suites[idx++] = (XSTRSTR(name, "TLS13")) ? TLS13_BYTE 16013 : (XSTRSTR(name, "CHACHA")) ? CHACHA_BYTE 16014 : (XSTRSTR(name, "QSH")) ? QSH_BYTE 16015 : (XSTRSTR(name, "EC")) ? ECC_BYTE 16016 : (XSTRSTR(name, "CCM")) ? ECC_BYTE 16017 : 0x00; /* normal */ 16018 suites->suites[idx++] = (byte)cipher_name_idx[i]; 16019 16478 suites->suites[idx++] = 16479 #ifdef WOLFSSL_TLS13 16480 (XSTRSTR(name, "TLS13")) ? TLS13_BYTE : 16481 #endif 16482 #ifdef HAVE_CHACHA 16483 (XSTRSTR(name, "CHACHA")) ? CHACHA_BYTE : 16484 #endif 16485 #ifdef HAVE_QSH 16486 (XSTRSTR(name, "QSH")) ? QSH_BYTE : 16487 #endif 16488 #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) 16489 (XSTRSTR(name, "EC")) ? ECC_BYTE : 16490 #endif 16491 #ifdef HAVE_AESCCM 16492 (XSTRSTR(name, "CCM")) ? ECC_BYTE : 16493 #endif 16494 CIPHER_BYTE; /* normal */ 16495 16496 suites->suites[idx++] = cipher_names[i].cipherSuite; 16020 16497 /* The suites are either ECDSA, RSA, PSK, or Anon. The RSA 16021 16498 * suites don't necessarily have RSA in the name. */ 16499 #ifdef WOLFSSL_TLS13 16022 16500 if (XSTRSTR(name, "TLS13")) { 16501 #ifndef NO_RSA 16023 16502 haveRSAsig = 1; 16503 #endif 16504 #if defined(HAVE_ECC) || defined(HAVE_ED25519) 16024 16505 haveECDSAsig = 1; 16506 #endif 16025 16507 } 16026 else if ((haveECDSAsig == 0) && XSTRSTR(name, "ECDSA")) 16508 else 16509 #endif 16510 #if defined(HAVE_ECC) || defined(HAVE_ED25519) 16511 if ((haveECDSAsig == 0) && XSTRSTR(name, "ECDSA")) 16027 16512 haveECDSAsig = 1; 16028 else if (XSTRSTR(name, "ADH")) 16513 else 16514 #endif 16515 #ifdef HAVE_ANON 16516 if (XSTRSTR(name, "ADH")) 16029 16517 haveAnon = 1; 16030 else if ((haveRSAsig == 0) && (XSTRSTR(name, "PSK") == NULL)) 16518 else 16519 #endif 16520 if (haveRSAsig == 0 16521 #ifndef NO_PSK 16522 && (XSTRSTR(name, "PSK") == NULL) 16523 #endif 16524 ) { 16031 16525 haveRSAsig = 1; 16526 } 16032 16527 16033 16528 ret = 1; /* found at least one */ … … 16054 16549 } 16055 16550 16551 16056 16552 #if !defined(NO_WOLFSSL_SERVER) || !defined(NO_CERTS) 16057 16553 void PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo, … … 16069 16565 #endif 16070 16566 } 16567 #ifndef WOLFSSL_NO_TLS12 16071 16568 else if (IsAtLeastTLSv1_2(ssl)) { 16072 16569 #ifdef WOLFSSL_ALLOW_TLS_SHA1 … … 16079 16576 ssl->suites->hashAlgo = sha_mac; 16080 16577 } 16578 #endif 16081 16579 16082 16580 /* i+1 since peek a byte ahead for type */ … … 16085 16583 16086 16584 DecodeSigAlg(&hashSigAlgo[i], &hashAlgo, &sigAlgo); 16087 #ifdef HAVE_E CC16585 #ifdef HAVE_ED25519 16088 16586 if (ssl->pkCurveOID == ECC_ED25519_OID && sigAlgo != ed25519_sa_algo) 16089 16587 continue; … … 16096 16594 } 16097 16595 #endif 16596 /* For ECDSA the `USE_ECDSA_KEYSZ_HASH_ALGO` build option will choose a hash 16597 * algorithm that matches the ephemeral ECDHE key size or the next higest 16598 * available. This workaround resolves issue with some peer's that do not 16599 * properly support scenarios such as a P-256 key hashed with SHA512. 16600 */ 16601 #if defined(HAVE_ECC) && defined(USE_ECDSA_KEYSZ_HASH_ALGO) 16602 if (sigAlgo == ssl->suites->sigAlgo && sigAlgo == ecc_dsa_sa_algo) { 16603 word32 digestSz = 0; 16604 switch (hashAlgo) { 16605 #ifndef NO_SHA 16606 case sha_mac: 16607 digestSz = WC_SHA_DIGEST_SIZE; 16608 break; 16609 #endif 16610 #ifndef NO_SHA256 16611 case sha256_mac: 16612 digestSz = WC_SHA256_DIGEST_SIZE; 16613 break; 16614 #endif 16615 #ifdef WOLFSSL_SHA384 16616 case sha384_mac: 16617 digestSz = WC_SHA384_DIGEST_SIZE; 16618 break; 16619 #endif 16620 #ifdef WOLFSSL_SHA512 16621 case sha512_mac: 16622 digestSz = WC_SHA512_DIGEST_SIZE; 16623 break; 16624 #endif 16625 default: 16626 continue; 16627 } 16628 16629 /* For ecc_dsa_sa_algo, pick hash algo that is curve size unless 16630 algorithm in not compiled in, then choose next highest */ 16631 if (digestSz == ssl->eccTempKeySz) { 16632 ssl->suites->hashAlgo = hashAlgo; 16633 ssl->suites->sigAlgo = sigAlgo; 16634 return; /* done selected sig/hash algorithms */ 16635 } 16636 /* not strong enough, so keep checking hashSigAlso list */ 16637 if (digestSz < ssl->eccTempKeySz) 16638 continue; 16639 16640 /* mark as highest and check remainder of hashSigAlgo list */ 16641 ssl->suites->hashAlgo = hashAlgo; 16642 ssl->suites->sigAlgo = sigAlgo; 16643 } 16644 else 16645 #endif 16098 16646 if (sigAlgo == ssl->suites->sigAlgo || (sigAlgo == rsa_pss_sa_algo && 16099 16647 ssl->suites->sigAlgo == rsa_sa_algo)) { 16100 if (hashAlgo == sha_mac) { 16648 /* pick highest available between both server and client */ 16649 switch (hashAlgo) { 16650 case sha_mac: 16651 #ifndef NO_SHA256 16652 case sha256_mac: 16653 #endif 16654 #ifdef WOLFSSL_SHA384 16655 case sha384_mac: 16656 #endif 16657 #ifdef WOLFSSL_SHA512 16658 case sha512_mac: 16659 #endif 16660 /* not strong enough, so keep checking hashSigAlso list */ 16661 if (hashAlgo < ssl->suites->hashAlgo) 16662 continue; 16663 /* mark as highest and check remainder of hashSigAlgo list */ 16664 ssl->suites->hashAlgo = hashAlgo; 16101 16665 ssl->suites->sigAlgo = sigAlgo; 16102 16666 break; 16103 } 16104 #ifndef NO_SHA256 16105 else if (hashAlgo == sha256_mac) { 16106 ssl->suites->hashAlgo = sha256_mac; 16107 ssl->suites->sigAlgo = sigAlgo; 16108 break; 16109 } 16110 #endif 16111 #ifdef WOLFSSL_SHA384 16112 else if (hashAlgo == sha384_mac) { 16113 ssl->suites->hashAlgo = sha384_mac; 16114 ssl->suites->sigAlgo = sigAlgo; 16115 break; 16116 } 16117 #endif 16118 #ifdef WOLFSSL_SHA512 16119 else if (hashAlgo == sha512_mac) { 16120 ssl->suites->hashAlgo = sha512_mac; 16121 ssl->suites->sigAlgo = sigAlgo; 16122 break; 16123 } 16124 #endif 16667 default: 16668 continue; 16669 } 16670 break; 16125 16671 } 16126 16672 else if (ssl->specs.sig_algo == 0) { … … 16128 16674 } 16129 16675 } 16130 16131 16676 } 16132 16677 #endif /* !defined(NO_WOLFSSL_SERVER) || !defined(NO_CERTS) */ 16133 16678 16134 #if def WOLFSSL_CALLBACKS16135 16136 /* Initiali sze HandShakeInfo */16679 #if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA) 16680 16681 /* Initialize HandShakeInfo */ 16137 16682 void InitHandShakeInfo(HandShakeInfo* info, WOLFSSL* ssl) 16138 16683 { … … 16151 16696 { 16152 16697 int i; 16153 int sz = sizeof(cipher_name_idx)/sizeof(int);16698 int sz = GetCipherNamesSize(); 16154 16699 16155 16700 for (i = 0; i < sz; i++) 16156 if (info->ssl->options.cipherSuite == (byte)cipher_name_idx[i]) { 16701 if (info->ssl->options.cipherSuite == 16702 (byte)cipher_names[i].cipherSuite) { 16157 16703 if (info->ssl->options.cipherSuite0 == ECC_BYTE) 16158 16704 continue; /* ECC suites at end */ 16159 XSTRNCPY(info->cipherName, cipher_names[i], MAX_CIPHERNAME_SZ); 16705 XSTRNCPY(info->cipherName, cipher_names[i].name, MAX_CIPHERNAME_SZ); 16706 info->cipherName[MAX_CIPHERNAME_SZ] = '\0'; 16160 16707 break; 16161 16708 } … … 16168 16715 16169 16716 /* Add name to info packet names, increase packet name count */ 16170 void AddPacketName( const char* name, HandShakeInfo* info)16717 void AddPacketName(WOLFSSL* ssl, const char* name) 16171 16718 { 16719 #ifdef WOLFSSL_CALLBACKS 16720 HandShakeInfo* info = &ssl->handShakeInfo; 16172 16721 if (info->numberPackets < MAX_PACKETS_HANDSHAKE) { 16173 XSTRNCPY(info->packetNames[info->numberPackets++], name, 16174 MAX_PACKETNAME_SZ); 16175 } 16176 } 16177 16178 16179 /* Initialisze TimeoutInfo */ 16722 char* packetName = info->packetNames[info->numberPackets]; 16723 XSTRNCPY(packetName, name, MAX_PACKETNAME_SZ); 16724 packetName[MAX_PACKETNAME_SZ] = '\0'; 16725 info->numberPackets++; 16726 } 16727 #endif 16728 (void)ssl; 16729 (void)name; 16730 } 16731 16732 16733 #ifdef WOLFSSL_CALLBACKS 16734 /* Initialize TimeoutInfo */ 16180 16735 void InitTimeoutInfo(TimeoutInfo* info) 16181 16736 { … … 16211 16766 } 16212 16767 16213 16214 /* Add PacketInfo to TimeoutInfo */ 16215 void AddPacketInfo(const char* name, TimeoutInfo* info, const byte* data, 16216 int sz, void* heap) 16768 /* Add packet name to previsouly added packet info */ 16769 void AddLateName(const char* name, TimeoutInfo* info) 16217 16770 { 16771 /* make sure we have a valid previous one */ 16772 if (info->numberPackets > 0 && info->numberPackets < 16773 MAX_PACKETS_HANDSHAKE) { 16774 char* packetName = info->packets[info->numberPackets-1].packetName; 16775 XSTRNCPY(packetName, name, MAX_PACKETNAME_SZ); 16776 packetName[MAX_PACKETNAME_SZ] = '\0'; 16777 } 16778 } 16779 16780 /* Add record header to previsouly added packet info */ 16781 void AddLateRecordHeader(const RecordLayerHeader* rl, TimeoutInfo* info) 16782 { 16783 /* make sure we have a valid previous one */ 16784 if (info->numberPackets > 0 && info->numberPackets < 16785 MAX_PACKETS_HANDSHAKE) { 16786 if (info->packets[info->numberPackets - 1].bufferValue) 16787 XMEMCPY(info->packets[info->numberPackets - 1].bufferValue, rl, 16788 RECORD_HEADER_SZ); 16789 else 16790 XMEMCPY(info->packets[info->numberPackets - 1].value, rl, 16791 RECORD_HEADER_SZ); 16792 } 16793 } 16794 16795 #endif /* WOLFSSL_CALLBACKS */ 16796 16797 16798 /* Add PacketInfo to TimeoutInfo 16799 * 16800 * ssl WOLFSSL structure sending or receiving packet 16801 * name name of packet being sent 16802 * type type of packet being sent 16803 * data data bing sent with packet 16804 * sz size of data buffer 16805 * written 1 if this packet is being written to wire, 0 if being read 16806 * heap custom heap to use for mallocs/frees 16807 */ 16808 void AddPacketInfo(WOLFSSL* ssl, const char* name, int type, 16809 const byte* data, int sz, int written, void* heap) 16810 { 16811 #ifdef WOLFSSL_CALLBACKS 16812 TimeoutInfo* info = &ssl->timeoutInfo; 16813 16218 16814 if (info->numberPackets < (MAX_PACKETS_HANDSHAKE - 1)) { 16219 16815 Timeval currTime; 16220 16816 16221 16817 /* may add name after */ 16222 if (name) 16223 XSTRNCPY(info->packets[info->numberPackets].packetName, name, 16224 MAX_PACKETNAME_SZ); 16818 if (name) { 16819 char* packetName = info->packets[info->numberPackets].packetName; 16820 XSTRNCPY(packetName, name, MAX_PACKETNAME_SZ); 16821 packetName[MAX_PACKETNAME_SZ] = '\0'; 16822 } 16225 16823 16226 16824 /* add data, put in buffer if bigger than static buffer */ … … 16245 16843 info->numberPackets++; 16246 16844 } 16247 } 16248 16249 16250 /* Add packet name to previsouly added packet info */ 16251 void AddLateName(const char* name, TimeoutInfo* info) 16252 { 16253 /* make sure we have a valid previous one */ 16254 if (info->numberPackets > 0 && info->numberPackets < 16255 MAX_PACKETS_HANDSHAKE) { 16256 XSTRNCPY(info->packets[info->numberPackets - 1].packetName, name, 16257 MAX_PACKETNAME_SZ); 16258 } 16259 } 16260 16261 /* Add record header to previsouly added packet info */ 16262 void AddLateRecordHeader(const RecordLayerHeader* rl, TimeoutInfo* info) 16263 { 16264 /* make sure we have a valid previous one */ 16265 if (info->numberPackets > 0 && info->numberPackets < 16266 MAX_PACKETS_HANDSHAKE) { 16267 if (info->packets[info->numberPackets - 1].bufferValue) 16268 XMEMCPY(info->packets[info->numberPackets - 1].bufferValue, rl, 16269 RECORD_HEADER_SZ); 16270 else 16271 XMEMCPY(info->packets[info->numberPackets - 1].value, rl, 16272 RECORD_HEADER_SZ); 16273 } 16845 #endif /* WOLFSSL_CALLBACKS */ 16846 #ifdef OPENSSL_EXTRA 16847 if (ssl->protoMsgCb != NULL && sz > RECORD_HEADER_SZ) { 16848 /* version from hex to dec 16 is 16^1, 256 from 16^2 and 16849 4096 from 16^3 */ 16850 int version = (ssl->version.minor & 0X0F) + 16851 (ssl->version.minor & 0xF0) * 16 + 16852 (ssl->version.major & 0X0F) * 256 + 16853 (ssl->version.major & 0xF0) * 4096; 16854 16855 ssl->protoMsgCb(written, version, type, 16856 (const void *)(data + RECORD_HEADER_SZ), 16857 (size_t)(sz - RECORD_HEADER_SZ), 16858 ssl, ssl->protoMsgCtx); 16859 } 16860 #endif /* OPENSSL_EXTRA */ 16861 (void)written; 16862 (void)name; 16863 (void)heap; 16864 (void)type; 16865 (void)ssl; 16274 16866 } 16275 16867 16276 16868 #endif /* WOLFSSL_CALLBACKS */ 16277 16869 16278 16870 #if !defined(NO_CERTS) && (defined(WOLFSSL_TLS13) || \ 16871 !defined(NO_WOLFSSL_CLIENT)) 16872 16873 /* Decode the private key - RSA, ECC, or Ed25519 - and creates a key object. 16874 * The signature type is set as well. 16875 * The maximum length of a signature is returned. 16876 * 16877 * ssl The SSL/TLS object. 16878 * length The length of a signature. 16879 * returns 0 on success, otherwise failure. 16880 */ 16881 int DecodePrivateKey(WOLFSSL *ssl, word16* length) 16882 { 16883 int ret = BAD_FUNC_ARG; 16884 int keySz; 16885 word32 idx; 16886 16887 /* make sure private key exists */ 16888 if (ssl->buffers.key == NULL || ssl->buffers.key->buffer == NULL) { 16889 WOLFSSL_MSG("Private key missing!"); 16890 ERROR_OUT(NO_PRIVATE_KEY, exit_dpk); 16891 } 16892 16893 #ifndef NO_RSA 16894 if (ssl->buffers.keyType == rsa_sa_algo || ssl->buffers.keyType == 0) { 16895 ssl->hsType = DYNAMIC_TYPE_RSA; 16896 ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey); 16897 if (ret != 0) { 16898 goto exit_dpk; 16899 } 16900 16901 WOLFSSL_MSG("Trying RSA private key"); 16902 16903 /* Set start of data to beginning of buffer. */ 16904 idx = 0; 16905 /* Decode the key assuming it is an RSA private key. */ 16906 ret = wc_RsaPrivateKeyDecode(ssl->buffers.key->buffer, &idx, 16907 (RsaKey*)ssl->hsKey, ssl->buffers.key->length); 16908 if (ret == 0) { 16909 WOLFSSL_MSG("Using RSA private key"); 16910 16911 /* It worked so check it meets minimum key size requirements. */ 16912 keySz = wc_RsaEncryptSize((RsaKey*)ssl->hsKey); 16913 if (keySz < 0) { /* check if keySz has error case */ 16914 ERROR_OUT(keySz, exit_dpk); 16915 } 16916 16917 if (keySz < ssl->options.minRsaKeySz) { 16918 WOLFSSL_MSG("RSA key size too small"); 16919 ERROR_OUT(RSA_KEY_SIZE_E, exit_dpk); 16920 } 16921 16922 /* Return the maximum signature length. */ 16923 *length = (word16)keySz; 16924 16925 goto exit_dpk; 16926 } 16927 } 16928 #endif /* !NO_RSA */ 16929 16930 #ifdef HAVE_ECC 16931 #ifndef NO_RSA 16932 FreeKey(ssl, ssl->hsType, (void**)&ssl->hsKey); 16933 #endif /* !NO_RSA */ 16934 16935 if (ssl->buffers.keyType == ecc_dsa_sa_algo || ssl->buffers.keyType == 0) { 16936 ssl->hsType = DYNAMIC_TYPE_ECC; 16937 ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey); 16938 if (ret != 0) { 16939 goto exit_dpk; 16940 } 16941 16942 #ifndef NO_RSA 16943 WOLFSSL_MSG("Trying ECC private key, RSA didn't work"); 16944 #else 16945 WOLFSSL_MSG("Trying ECC private key"); 16946 #endif 16947 16948 /* Set start of data to beginning of buffer. */ 16949 idx = 0; 16950 /* Decode the key assuming it is an ECC private key. */ 16951 ret = wc_EccPrivateKeyDecode(ssl->buffers.key->buffer, &idx, 16952 (ecc_key*)ssl->hsKey, 16953 ssl->buffers.key->length); 16954 if (ret == 0) { 16955 WOLFSSL_MSG("Using ECC private key"); 16956 16957 /* Check it meets the minimum ECC key size requirements. */ 16958 keySz = wc_ecc_size((ecc_key*)ssl->hsKey); 16959 if (keySz < ssl->options.minEccKeySz) { 16960 WOLFSSL_MSG("ECC key size too small"); 16961 ERROR_OUT(ECC_KEY_SIZE_E, exit_dpk); 16962 } 16963 16964 /* Return the maximum signature length. */ 16965 *length = (word16)wc_ecc_sig_size((ecc_key*)ssl->hsKey); 16966 16967 goto exit_dpk; 16968 } 16969 } 16970 #endif 16971 #ifdef HAVE_ED25519 16972 #if !defined(NO_RSA) || defined(HAVE_ECC) 16973 FreeKey(ssl, ssl->hsType, (void**)&ssl->hsKey); 16974 #endif 16975 16976 if (ssl->buffers.keyType == ed25519_sa_algo || ssl->buffers.keyType == 0) { 16977 ssl->hsType = DYNAMIC_TYPE_ED25519; 16978 ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey); 16979 if (ret != 0) { 16980 goto exit_dpk; 16981 } 16982 16983 #ifdef HAVE_ECC 16984 WOLFSSL_MSG("Trying ED25519 private key, ECC didn't work"); 16985 #elif !defined(NO_RSA) 16986 WOLFSSL_MSG("Trying ED25519 private key, RSA didn't work"); 16987 #else 16988 WOLFSSL_MSG("Trying ED25519 private key"); 16989 #endif 16990 16991 /* Set start of data to beginning of buffer. */ 16992 idx = 0; 16993 /* Decode the key assuming it is an ED25519 private key. */ 16994 ret = wc_Ed25519PrivateKeyDecode(ssl->buffers.key->buffer, &idx, 16995 (ed25519_key*)ssl->hsKey, 16996 ssl->buffers.key->length); 16997 if (ret == 0) { 16998 WOLFSSL_MSG("Using ED25519 private key"); 16999 17000 /* Check it meets the minimum ECC key size requirements. */ 17001 if (ED25519_KEY_SIZE < ssl->options.minEccKeySz) { 17002 WOLFSSL_MSG("ED25519 key size too small"); 17003 ERROR_OUT(ECC_KEY_SIZE_E, exit_dpk); 17004 } 17005 17006 /* Return the maximum signature length. */ 17007 *length = ED25519_SIG_SIZE; 17008 17009 goto exit_dpk; 17010 } 17011 } 17012 #endif /* HAVE_ED25519 */ 17013 17014 (void)idx; 17015 (void)keySz; 17016 (void)length; 17017 exit_dpk: 17018 return ret; 17019 } 17020 17021 #endif /* WOLFSSL_TLS13 || !NO_WOLFSSL_CLIENT */ 16279 17022 16280 17023 /* client only parts */ 16281 17024 #ifndef NO_WOLFSSL_CLIENT 16282 17025 17026 #ifndef WOLFSSL_NO_TLS12 17027 17028 /* handle generation of client_hello (1) */ 16283 17029 int SendClientHello(WOLFSSL* ssl) 16284 17030 { … … 16292 17038 word16 extSz = 0; 16293 17039 16294 16295 17040 #ifdef WOLFSSL_TLS13 16296 17041 if (IsAtLeastTLSv1_3(ssl->version)) … … 16298 17043 #endif 16299 17044 17045 WOLFSSL_START(WC_FUNC_CLIENT_HELLO_SEND); 17046 WOLFSSL_ENTER("SendClientHello"); 17047 16300 17048 if (ssl->suites == NULL) { 16301 17049 WOLFSSL_MSG("Bad suites pointer in SendClientHello"); … … 16312 17060 16313 17061 ret = TLSX_UseSessionTicket(&ssl->extensions, ticket, ssl->heap); 16314 if (ret != WOLFSSL_SUCCESS) return ret; 17062 if (ret != WOLFSSL_SUCCESS) { 17063 TLSX_SessionTicket_Free(ticket, ssl->heap); 17064 return ret; 17065 } 16315 17066 16316 17067 idSz = 0; … … 16330 17081 return MEMORY_E; 16331 17082 #endif 16332 extSz = TLSX_GetRequestSize(ssl, client_hello); 16333 if (extSz != 0) 17083 extSz = 0; 17084 ret = TLSX_GetRequestSize(ssl, client_hello, &extSz); 17085 if (ret != 0) 17086 return ret; 16334 17087 length += extSz; 16335 17088 #else … … 16427 17180 16428 17181 #ifdef HAVE_TLS_EXTENSIONS 16429 idx += TLSX_WriteRequest(ssl, output + idx, client_hello); 17182 extSz = 0; 17183 ret = TLSX_WriteRequest(ssl, output + idx, client_hello, &extSz); 17184 if (ret != 0) 17185 return ret; 17186 idx += extSz; 16430 17187 16431 17188 (void)idx; /* suppress analyzer warning, keep idx current */ … … 16481 17238 } else { 16482 17239 #ifdef WOLFSSL_DTLS 17240 if (IsDtlsNotSctpMode(ssl)) { 17241 if ((ret = DtlsMsgPoolSave(ssl, output, sendSz)) != 0) 17242 return ret; 17243 } 16483 17244 if (ssl->options.dtls) 16484 17245 DtlsSEQIncrement(ssl, CUR_ORDER); … … 16489 17250 } 16490 17251 16491 #ifdef WOLFSSL_DTLS16492 if (IsDtlsNotSctpMode(ssl)) {16493 if ((ret = DtlsMsgPoolSave(ssl, output, sendSz)) != 0)16494 return ret;16495 }16496 #endif16497 16498 17252 ssl->options.clientState = CLIENT_HELLO_COMPLETE; 16499 16500 #ifdef WOLFSSL_CALLBACKS 16501 if (ssl->hsInfoOn) AddPacketName("ClientHello", &ssl->handShakeInfo); 17253 #ifdef OPENSSL_EXTRA 17254 ssl->cbmode = SSL_CB_MODE_WRITE; 17255 if (ssl->CBIS != NULL) 17256 ssl->CBIS(ssl, SSL_CB_CONNECT_LOOP, SSL_SUCCESS); 17257 #endif 17258 17259 #if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA) 17260 if (ssl->hsInfoOn) AddPacketName(ssl, "ClientHello"); 16502 17261 if (ssl->toInfoOn) 16503 AddPacketInfo( "ClientHello", &ssl->timeoutInfo, output, sendSz,16504 ssl->heap);17262 AddPacketInfo(ssl, "ClientHello", handshake, output, sendSz, 17263 WRITE_PROTO, ssl->heap); 16505 17264 #endif 16506 17265 16507 17266 ssl->buffers.outputBuffer.length += sendSz; 16508 17267 16509 return SendBuffered(ssl); 16510 } 16511 16512 17268 ret = SendBuffered(ssl); 17269 17270 WOLFSSL_LEAVE("SendClientHello", ret); 17271 WOLFSSL_END(WC_FUNC_CLIENT_HELLO_SEND); 17272 17273 return ret; 17274 } 17275 17276 17277 /* handle processing of DTLS hello_verify_request (3) */ 16513 17278 static int DoHelloVerifyRequest(WOLFSSL* ssl, const byte* input, 16514 17279 word32* inOutIdx, word32 size) … … 16519 17284 16520 17285 #ifdef WOLFSSL_CALLBACKS 16521 if (ssl->hsInfoOn) AddPacketName("HelloVerifyRequest", 16522 &ssl->handShakeInfo); 17286 if (ssl->hsInfoOn) AddPacketName(ssl, "HelloVerifyRequest"); 16523 17287 if (ssl->toInfoOn) AddLateName("HelloVerifyRequest", &ssl->timeoutInfo); 16524 17288 #endif … … 16560 17324 16561 17325 16562 static INLINE int DSH_CheckSessionId(WOLFSSL* ssl)17326 static WC_INLINE int DSH_CheckSessionId(WOLFSSL* ssl) 16563 17327 { 16564 17328 int ret = 0; … … 16592 17356 int CheckVersion(WOLFSSL *ssl, ProtocolVersion pv) 16593 17357 { 16594 #ifdef WOLFSSL_TLS13 16595 /* TODO: [TLS13] Remove this. 16596 * Translate the draft TLS v1.3 version to final version. 16597 */ 17358 #ifdef WOLFSSL_TLS13_DRAFT 16598 17359 if (pv.major == TLS_DRAFT_MAJOR) { 16599 17360 pv.major = SSLv3_MAJOR; … … 16602 17363 #endif 16603 17364 16604 /* Check for upgrade attack. */ 17365 #ifdef OPENSSL_EXTRA 17366 if (ssl->CBIS != NULL) { 17367 ssl->CBIS(ssl, SSL_CB_HANDSHAKE_START, SSL_SUCCESS); 17368 } 17369 #endif 17370 16605 17371 if (pv.minor > ssl->version.minor) { 16606 17372 WOLFSSL_MSG("Server using higher version, fatal error"); … … 16692 17458 } 16693 17459 17460 /* handle processing of server_hello (2) */ 16694 17461 int DoServerHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, 16695 17462 word32 helloSz) … … 16703 17470 int ret; 16704 17471 17472 WOLFSSL_START(WC_FUNC_SERVER_HELLO_DO); 17473 WOLFSSL_ENTER("DoServerHello"); 17474 16705 17475 #ifdef WOLFSSL_CALLBACKS 16706 if (ssl->hsInfoOn) AddPacketName( "ServerHello", &ssl->handShakeInfo);17476 if (ssl->hsInfoOn) AddPacketName(ssl, "ServerHello"); 16707 17477 if (ssl->toInfoOn) AddLateName("ServerHello", &ssl->timeoutInfo); 16708 17478 #endif … … 16721 17491 16722 17492 #ifdef WOLFSSL_TLS13 16723 if (IsAtLeastTLSv1_3(pv)) 16724 return DoTls13ServerHello(ssl, input, inOutIdx, helloSz); 17493 if (IsAtLeastTLSv1_3(pv)) { 17494 byte type = server_hello; 17495 return DoTls13ServerHello(ssl, input, inOutIdx, helloSz, &type); 17496 } 16725 17497 #endif 16726 17498 … … 16728 17500 XMEMCPY(ssl->arrays->serverRandom, input + i, RAN_LEN); 16729 17501 i += RAN_LEN; 16730 16731 #ifdef WOLFSSL_TLS1316732 if (IsAtLeastTLSv1_3(ssl->ctx->method->version)) {16733 /* TLS v1.3 capable client not allowed to downgrade when connecting16734 * to TLS v1.3 capable server.16735 */16736 if (XMEMCMP(input + i - (TLS13_DOWNGRADE_SZ + 1),16737 tls13Downgrade, TLS13_DOWNGRADE_SZ) == 0 &&16738 (*(input + i - 1) == 0 || *(input + i - 1) == 1)) {16739 SendAlert(ssl, alert_fatal, illegal_parameter);16740 return VERSION_ERROR;16741 }16742 }16743 else16744 #endif16745 if (ssl->ctx->method->version.major == SSLv3_MAJOR &&16746 ssl->ctx->method->version.minor == TLSv1_2_MINOR) {16747 /* TLS v1.2 capable client not allowed to downgrade when connecting16748 * to TLS v1.2 capable server.16749 */16750 if (XMEMCMP(input + i - (TLS13_DOWNGRADE_SZ + 1),16751 tls13Downgrade, TLS13_DOWNGRADE_SZ) == 0 &&16752 *(input + i - 1) == 0) {16753 SendAlert(ssl, alert_fatal, illegal_parameter);16754 return VERSION_ERROR;16755 }16756 }16757 17502 16758 17503 /* session id */ … … 16823 17568 return BUFFER_ERROR; 16824 17569 16825 if ((ret = TLSX_Parse(ssl, (byte *) input + i, 16826 totalExtSz, 0, NULL)))17570 if ((ret = TLSX_Parse(ssl, (byte *) input + i, totalExtSz, 17571 server_hello, NULL))) 16827 17572 return ret; 16828 17573 … … 16912 17657 #endif /* HAVE_SECRET_CALLBACK */ 16913 17658 16914 if (ssl->options.resuming) { 17659 ret = CompleteServerHello(ssl); 17660 17661 WOLFSSL_LEAVE("DoServerHello", ret); 17662 WOLFSSL_END(WC_FUNC_SERVER_HELLO_DO); 17663 17664 return ret; 17665 } 17666 17667 int CompleteServerHello(WOLFSSL* ssl) 17668 { 17669 int ret; 17670 17671 if (!ssl->options.resuming) { 17672 byte* down = ssl->arrays->serverRandom + RAN_LEN - 17673 TLS13_DOWNGRADE_SZ - 1; 17674 byte vers = ssl->arrays->serverRandom[RAN_LEN - 1]; 17675 #ifdef WOLFSSL_TLS13 17676 if (IsAtLeastTLSv1_3(ssl->ctx->method->version)) { 17677 /* TLS v1.3 capable client not allowed to downgrade when 17678 * connecting to TLS v1.3 capable server unless cipher suite 17679 * demands it. 17680 */ 17681 if (XMEMCMP(down, tls13Downgrade, TLS13_DOWNGRADE_SZ) == 0 && 17682 (vers == 0 || vers == 1)) { 17683 SendAlert(ssl, alert_fatal, illegal_parameter); 17684 return VERSION_ERROR; 17685 } 17686 } 17687 else 17688 #endif 17689 if (ssl->ctx->method->version.major == SSLv3_MAJOR && 17690 ssl->ctx->method->version.minor == TLSv1_2_MINOR) { 17691 /* TLS v1.2 capable client not allowed to downgrade when 17692 * connecting to TLS v1.2 capable server. 17693 */ 17694 if (XMEMCMP(down, tls13Downgrade, TLS13_DOWNGRADE_SZ) == 0 && 17695 vers == 0) { 17696 SendAlert(ssl, alert_fatal, illegal_parameter); 17697 return VERSION_ERROR; 17698 } 17699 } 17700 } 17701 else { 16915 17702 if (DSH_CheckSessionId(ssl)) { 16916 17703 if (SetCipherSpecs(ssl) == 0) { … … 16952 17739 } 16953 17740 17741 #endif /* WOLFSSL_NO_TLS12 */ 17742 16954 17743 16955 17744 /* Make sure client setup is valid for this suite, true on success */ … … 16977 17766 } 16978 17767 17768 #ifndef WOLFSSL_NO_TLS12 16979 17769 16980 17770 #ifndef NO_CERTS 16981 /* just read in and ignore for now TODO:*/17771 /* handle processing of certificate_request (13) */ 16982 17772 static int DoCertificateRequest(WOLFSSL* ssl, const byte* input, word32* 16983 17773 inOutIdx, word32 size) … … 16986 17776 word32 begin = *inOutIdx; 16987 17777 17778 WOLFSSL_START(WC_FUNC_CERTIFICATE_REQUEST_DO); 17779 WOLFSSL_ENTER("DoCertificateRequest"); 17780 16988 17781 #ifdef WOLFSSL_CALLBACKS 16989 17782 if (ssl->hsInfoOn) 16990 AddPacketName( "CertificateRequest", &ssl->handShakeInfo);17783 AddPacketName(ssl, "CertificateRequest"); 16991 17784 if (ssl->toInfoOn) 16992 17785 AddLateName("CertificateRequest", &ssl->timeoutInfo); … … 17052 17845 /* don't send client cert or cert verify if user hasn't provided 17053 17846 cert and private key */ 17054 if (ssl->buffers.certificate && ssl->buffers.certificate->buffer && 17055 ssl->buffers.key && ssl->buffers.key->buffer) 17847 if (ssl->buffers.certificate && ssl->buffers.certificate->buffer) { 17848 #ifdef HAVE_PK_CALLBACKS 17849 if (wolfSSL_CTX_IsPrivatePkSet(ssl->ctx)) { 17850 WOLFSSL_MSG("Using PK for client private key"); 17851 ssl->options.sendVerify = SEND_CERT; 17852 } 17853 #endif 17854 if (ssl->buffers.key && ssl->buffers.key->buffer) { 17056 17855 ssl->options.sendVerify = SEND_CERT; 17856 } 17857 } 17858 #ifdef OPENSSL_EXTRA 17859 else 17860 #else 17057 17861 else if (IsTLS(ssl)) 17862 #endif 17863 { 17058 17864 ssl->options.sendVerify = SEND_BLANK_CERT; 17865 } 17059 17866 17060 17867 if (IsEncryptionOn(ssl, 0)) 17061 17868 *inOutIdx += ssl->keys.padSz; 17062 17869 17870 WOLFSSL_LEAVE("DoCertificateRequest", 0); 17871 WOLFSSL_END(WC_FUNC_CERTIFICATE_REQUEST_DO); 17872 17063 17873 return 0; 17064 17874 } … … 17066 17876 17067 17877 17068 #if def HAVE_ECC17878 #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) 17069 17879 17070 17880 static int CheckCurveId(int tlsCurveId) … … 17143 17953 typedef struct DskeArgs { 17144 17954 byte* output; /* not allocated */ 17145 #if !defined(NO_DH) || defined(HAVE_ECC) 17955 #if !defined(NO_DH) || defined(HAVE_ECC) || defined(HAVE_ED25519) 17146 17956 byte* verifySig; 17147 17957 #endif 17148 17958 word32 idx; 17149 17959 word32 begin; 17150 #if !defined(NO_DH) || defined(HAVE_ECC) 17960 #if !defined(NO_DH) || defined(HAVE_ECC) || defined(HAVE_ED25519) 17151 17961 word16 verifySigSz; 17152 17962 #endif … … 17163 17973 (void)args; 17164 17974 17165 #if !defined(NO_DH) || defined(HAVE_ECC) 17975 #if !defined(NO_DH) || defined(HAVE_ECC) || defined(HAVE_ED25519) 17166 17976 if (args->verifySig) { 17167 17977 XFREE(args->verifySig, ssl->heap, DYNAMIC_TYPE_SIGNATURE); … … 17171 17981 } 17172 17982 17983 /* handle processing of server_key_exchange (12) */ 17173 17984 static int DoServerKeyExchange(WOLFSSL* ssl, const byte* input, 17174 17985 word32* inOutIdx, word32 size) … … 17183 17994 #endif 17184 17995 17996 (void)input; 17997 (void)size; 17998 17999 WOLFSSL_START(WC_FUNC_SERVER_KEY_EXCHANGE_DO); 17185 18000 WOLFSSL_ENTER("DoServerKeyExchange"); 17186 18001 … … 17214 18029 #ifdef WOLFSSL_CALLBACKS 17215 18030 if (ssl->hsInfoOn) 17216 AddPacketName( "ServerKeyExchange", &ssl->handShakeInfo);18031 AddPacketName(ssl, "ServerKeyExchange"); 17217 18032 if (ssl->toInfoOn) 17218 18033 AddLateName("ServerKeyExchange", &ssl->timeoutInfo); … … 17269 18084 ERROR_OUT(DH_KEY_SIZE_E, exit_dske); 17270 18085 } 18086 if (length > ssl->options.maxDhKeySz) { 18087 WOLFSSL_MSG("Server using a DH key that is too big"); 18088 SendAlert(ssl, alert_fatal, handshake_failure); 18089 ERROR_OUT(DH_KEY_SIZE_E, exit_dske); 18090 } 17271 18091 17272 18092 ssl->buffers.serverDH_P.buffer = … … 17310 18130 args->idx += length; 17311 18131 18132 ssl->buffers.weOwnDH = 1; 18133 17312 18134 /* pub */ 17313 18135 if ((args->idx - args->begin) + OPAQUE16_LEN > size) { … … 17337 18159 } 17338 18160 #endif /* !NO_DH */ 17339 #if def HAVE_ECC18161 #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) 17340 18162 case ecc_diffie_hellman_kea: 17341 18163 { 17342 18164 byte b; 17343 int curveId, curveOid; 18165 #ifdef HAVE_ECC 18166 int curveId; 18167 #endif 18168 int curveOid; 17344 18169 word16 length; 17345 18170 … … 17374 18199 goto exit_dske; 17375 18200 } 17376 } else if (ssl->peer EccKeyPresent) {18201 } else if (ssl->peerX25519KeyPresent) { 17377 18202 ret = ReuseKey(ssl, DYNAMIC_TYPE_CURVE25519, 17378 18203 ssl->peerX25519Key); … … 17394 18219 } 17395 18220 #endif 18221 #ifdef HAVE_ECC 17396 18222 if (ssl->peerEccKey == NULL) { 17397 18223 ret = AllocKey(ssl, DYNAMIC_TYPE_ECC, … … 17417 18243 ssl->peerEccKeyPresent = 1; 17418 18244 break; 18245 #endif 17419 18246 } 17420 #endif /* HAVE_ECC */18247 #endif /* HAVE_ECC || HAVE_CURVE25519 */ 17421 18248 #if !defined(NO_DH) && !defined(NO_PSK) 17422 18249 case dhe_psk_kea: … … 17457 18284 if (length < ssl->options.minDhKeySz) { 17458 18285 WOLFSSL_MSG("Server using a DH key that is too small"); 18286 SendAlert(ssl, alert_fatal, handshake_failure); 18287 ERROR_OUT(DH_KEY_SIZE_E, exit_dske); 18288 } 18289 if (length > ssl->options.maxDhKeySz) { 18290 WOLFSSL_MSG("Server using a DH key that is too big"); 17459 18291 SendAlert(ssl, alert_fatal, handshake_failure); 17460 18292 ERROR_OUT(DH_KEY_SIZE_E, exit_dske); … … 17501 18333 args->idx += length; 17502 18334 18335 ssl->buffers.weOwnDH = 1; 18336 17503 18337 /* pub */ 17504 18338 if ((args->idx - args->begin) + OPAQUE16_LEN > size) { … … 17528 18362 } 17529 18363 #endif /* !NO_DH || !NO_PSK */ 17530 #if defined(HAVE_ECC) && !defined(NO_PSK) 18364 #if (defined(HAVE_ECC) || defined(HAVE_CURVE25519)) && \ 18365 !defined(NO_PSK) 17531 18366 case ecdhe_psk_kea: 17532 18367 { … … 17607 18442 17608 18443 if (ssl->peerEccKey == NULL) { 17609 AllocKey(ssl, DYNAMIC_TYPE_ECC,18444 ret = AllocKey(ssl, DYNAMIC_TYPE_ECC, 17610 18445 (void**)&ssl->peerEccKey); 17611 18446 if (ret != 0) { … … 17630 18465 break; 17631 18466 } 17632 #endif /* HAVE_ECC ||!NO_PSK */18467 #endif /* (HAVE_ECC || HAVE_CURVE25519) && !NO_PSK */ 17633 18468 default: 17634 18469 ret = BAD_KEA_TYPE_E; … … 17660 18495 case ecc_diffie_hellman_kea: 17661 18496 { 17662 #if defined(NO_DH) && !defined(HAVE_ECC) 18497 #if defined(NO_DH) && !defined(HAVE_ECC) && !defined(HAVE_ED25519) 17663 18498 ERROR_OUT(NOT_COMPILED_IN, exit_dske); 17664 18499 #else … … 17729 18564 17730 18565 if (args->sigAlgo != ed25519_sa_algo) { 18566 int digest_sz = wc_HashGetDigestSize(hashType); 18567 if (digest_sz <= 0) { 18568 ERROR_OUT(BUFFER_ERROR, exit_dske); 18569 } 18570 ssl->buffers.digest.length = (unsigned int)digest_sz; 18571 17731 18572 /* buffer for hash */ 17732 ssl->buffers.digest.length =17733 wc_HashGetDigestSize(hashType);17734 18573 ssl->buffers.digest.buffer = (byte*)XMALLOC( 17735 18574 ssl->buffers.digest.length, ssl->heap, … … 17773 18612 } 17774 18613 #endif /* HAVE_ECC */ 17775 #if def HAVE_ED2551918614 #if defined(HAVE_ED25519) 17776 18615 case ed25519_sa_algo: 17777 18616 { … … 17781 18620 break; 17782 18621 } 17783 #endif /* HAVE_E CC*/18622 #endif /* HAVE_ED25519 */ 17784 18623 17785 18624 default: … … 17787 18626 } /* switch (args->sigAlgo) */ 17788 18627 17789 #endif /* NO_DH && !HAVE_ECC */18628 #endif /* NO_DH && !HAVE_ECC && !HAVE_ED25519 */ 17790 18629 break; 17791 18630 } … … 17819 18658 case ecc_diffie_hellman_kea: 17820 18659 { 17821 #if defined(NO_DH) && !defined(HAVE_ECC) 18660 #if defined(NO_DH) && !defined(HAVE_ECC) && !defined(HAVE_ED25519) 17822 18661 ERROR_OUT(NOT_COMPILED_IN, exit_dske); 17823 18662 #else … … 17850 18689 ssl->peerRsaKey, 17851 18690 #ifdef HAVE_PK_CALLBACKS 17852 ssl->buffers.peerRsaKey.buffer, 17853 ssl->buffers.peerRsaKey.length, 17854 ssl->RsaVerifyCtx 18691 &ssl->buffers.peerRsaKey 17855 18692 #else 17856 NULL , 0, NULL18693 NULL 17857 18694 #endif 17858 18695 ); … … 17861 18698 args->sigSz = (word16)ret; 17862 18699 ret = 0; 18700 } 18701 #ifdef WOLFSSL_ASYNC_CRYPT 18702 if (ret != WC_PENDING_E) 18703 #endif 18704 { 18705 /* peerRsaKey */ 18706 FreeKey(ssl, DYNAMIC_TYPE_RSA, 18707 (void**)&ssl->peerRsaKey); 18708 ssl->peerRsaKeyPresent = 0; 17863 18709 } 17864 18710 break; … … 17874 18720 ssl->peerEccDsaKey, 17875 18721 #ifdef HAVE_PK_CALLBACKS 17876 ssl->buffers.peerEccDsaKey.buffer, 17877 ssl->buffers.peerEccDsaKey.length, 17878 ssl->EccVerifyCtx 18722 &ssl->buffers.peerEccDsaKey 17879 18723 #else 17880 NULL , 0, NULL18724 NULL 17881 18725 #endif 17882 18726 ); 17883 18727 18728 #ifdef WOLFSSL_ASYNC_CRYPT 18729 if (ret != WC_PENDING_E) 18730 #endif 18731 { 18732 /* peerEccDsaKey */ 18733 FreeKey(ssl, DYNAMIC_TYPE_ECC, 18734 (void**)&ssl->peerEccDsaKey); 18735 ssl->peerEccDsaKeyPresent = 0; 18736 } 17884 18737 break; 17885 18738 } 17886 18739 #endif /* HAVE_ECC */ 17887 #if def HAVE_ED2551918740 #if defined(HAVE_ED25519) 17888 18741 case ed25519_sa_algo: 17889 18742 { … … 17894 18747 ssl->peerEd25519Key, 17895 18748 #ifdef HAVE_PK_CALLBACKS 17896 ssl->buffers.peerEccDsaKey.buffer, 17897 ssl->buffers.peerEccDsaKey.length, 17898 ssl->Ed25519VerifyCtx 18749 &ssl->buffers.peerEd25519Key 17899 18750 #else 17900 NULL , 0, NULL18751 NULL 17901 18752 #endif 17902 18753 ); 17903 18754 18755 #ifdef WOLFSSL_ASYNC_CRYPT 18756 if (ret != WC_PENDING_E) 18757 #endif 18758 { 18759 /* peerEccDsaKey */ 18760 FreeKey(ssl, DYNAMIC_TYPE_ED25519, 18761 (void**)&ssl->peerEd25519Key); 18762 ssl->peerEd25519KeyPresent = 0; 18763 } 17904 18764 break; 17905 18765 } 17906 #endif /* HAVE_E CC*/18766 #endif /* HAVE_ED25519 */ 17907 18767 17908 18768 default: 17909 18769 ret = ALGO_ID_E; 17910 18770 } /* switch (sigAlgo) */ 17911 #endif /* NO_DH && !HAVE_ECC */18771 #endif /* NO_DH && !HAVE_ECC && !HAVE_ED25519 */ 17912 18772 break; 17913 18773 } … … 17941 18801 case ecc_diffie_hellman_kea: 17942 18802 { 17943 #if defined(NO_DH) && !defined(HAVE_ECC) 18803 #if defined(NO_DH) && !defined(HAVE_ECC) && !defined(HAVE_ED25519) 17944 18804 ERROR_OUT(NOT_COMPILED_IN, exit_dske); 17945 18805 #else … … 18014 18874 break; 18015 18875 #endif /* HAVE_ECC */ 18016 #if def HAVE_ED2551918876 #if defined(HAVE_ED25519) 18017 18877 case ed25519_sa_algo: 18018 18878 /* Nothing to do in this algo */ 18019 18879 break; 18020 #endif /* HAVE_E CC*/18880 #endif /* HAVE_ED25519 */ 18021 18881 default: 18022 18882 ret = ALGO_ID_E; 18023 18883 } /* switch (sigAlgo) */ 18024 #endif /* NO_DH && !HAVE_ECC */18884 #endif /* NO_DH && !HAVE_ECC && !HAVE_ED25519 */ 18025 18885 break; 18026 18886 } … … 18091 18951 18092 18952 WOLFSSL_LEAVE("DoServerKeyExchange", ret); 18953 WOLFSSL_END(WC_FUNC_SERVER_KEY_EXCHANGE_DO); 18093 18954 18094 18955 #ifdef WOLFSSL_ASYNC_CRYPT 18095 18956 /* Handle async operation */ 18096 18957 if (ret == WC_PENDING_E) { 18097 /* Mark message as not rece vied so it can process again */18958 /* Mark message as not received so it can process again */ 18098 18959 ssl->msgsReceived.got_server_key_exchange = 0; 18099 18960 … … 18518 19379 } 18519 19380 19381 /* handle generation client_key_exchange (16) */ 18520 19382 int SendClientKeyExchange(WOLFSSL* ssl) 18521 19383 { … … 18529 19391 #endif 18530 19392 19393 WOLFSSL_START(WC_FUNC_CLIENT_KEY_EXCHANGE_SEND); 18531 19394 WOLFSSL_ENTER("SendClientKeyExchange"); 19395 19396 #ifdef OPENSSL_EXTRA 19397 ssl->options.clientState = CLIENT_KEYEXCHANGE_COMPLETE; 19398 ssl->cbmode = SSL_CB_MODE_WRITE; 19399 if (ssl->CBIS != NULL) 19400 ssl->CBIS(ssl, SSL_CB_CONNECT_LOOP, SSL_SUCCESS); 19401 #endif 18532 19402 18533 19403 #ifdef WOLFSSL_ASYNC_CRYPT … … 18596 19466 break; 18597 19467 #endif /* !NO_DH && !NO_PSK */ 18598 #if (defined(HAVE_ECC) || defined(HAVE_CURVE25519)) && !defined(NO_PSK) 19468 #if (defined(HAVE_ECC) || defined(HAVE_CURVE25519)) && \ 19469 !defined(NO_PSK) 18599 19470 case ecdhe_psk_kea: 18600 19471 /* sanity check that PSK client callback has been set */ … … 18643 19514 #endif 18644 19515 18645 /* create private key */19516 /* create ephemeral private key */ 18646 19517 ssl->hsType = DYNAMIC_TYPE_ECC; 18647 19518 ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey); … … 18702 19573 #ifdef HAVE_ECC 18703 19574 if (ssl->specs.static_ecdh) { 18704 /* TODO: EccDsa is really fixed Ecc change naming */ 18705 if (!ssl->peerEccDsaKey || 18706 !ssl->peerEccDsaKeyPresent || 19575 /* Note: EccDsa is really fixed Ecc key here */ 19576 if (!ssl->peerEccDsaKey || !ssl->peerEccDsaKeyPresent || 18707 19577 !ssl->peerEccDsaKey->dp) { 18708 19578 ERROR_OUT(NO_PEER_KEY, exit_scke); … … 18721 19591 } 18722 19592 18723 /* create private key */19593 /* create ephemeral private key */ 18724 19594 ssl->hsType = DYNAMIC_TYPE_ECC; 18725 19595 ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey); … … 18757 19627 ERROR_OUT(MEMORY_E, exit_scke); 18758 19628 } 19629 if (ssl->arrays->preMasterSecret == NULL) { 19630 ssl->arrays->preMasterSecret = (byte*)XMALLOC(ENCRYPT_LEN, 19631 ssl->heap, DYNAMIC_TYPE_SECRET); 19632 if (ssl->arrays->preMasterSecret == NULL) { 19633 ERROR_OUT(MEMORY_E, exit_scke); 19634 } 19635 XMEMSET(ssl->arrays->preMasterSecret, 0, ENCRYPT_LEN); 19636 } 18759 19637 18760 19638 switch(ssl->specs.kea) … … 18763 19641 case rsa_kea: 18764 19642 { 19643 /* build PreMasterSecret with RNG data */ 18765 19644 ret = wc_RNG_GenerateBlock(ssl->rng, 18766 ssl->arrays->preMasterSecret, SECRET_LEN); 19645 &ssl->arrays->preMasterSecret[VERSION_SZ], 19646 SECRET_LEN - VERSION_SZ); 18767 19647 if (ret != 0) { 18768 19648 goto exit_scke; … … 18791 19671 } 18792 19672 19673 #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \ 19674 !defined(WOLFSSL_OLD_PRIME_CHECK) 19675 if (ssl->options.dhDoKeyTest && 19676 !ssl->options.dhKeyTested) 19677 { 19678 ret = wc_DhSetCheckKey(ssl->buffers.serverDH_Key, 19679 ssl->buffers.serverDH_P.buffer, 19680 ssl->buffers.serverDH_P.length, 19681 ssl->buffers.serverDH_G.buffer, 19682 ssl->buffers.serverDH_G.length, 19683 NULL, 0, 0, ssl->rng); 19684 if (ret != 0) { 19685 goto exit_scke; 19686 } 19687 ssl->options.dhKeyTested = 1; 19688 } 19689 else 19690 #endif 19691 { 18793 19692 ret = wc_DhSetKey(ssl->buffers.serverDH_Key, 18794 19693 ssl->buffers.serverDH_P.buffer, … … 18798 19697 if (ret != 0) { 18799 19698 goto exit_scke; 19699 } 18800 19700 } 18801 19701 … … 18886 19786 } 18887 19787 19788 #if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \ 19789 !defined(WOLFSSL_OLD_PRIME_CHECK) 19790 if (ssl->options.dhDoKeyTest && 19791 !ssl->options.dhKeyTested) 19792 { 19793 ret = wc_DhSetCheckKey(ssl->buffers.serverDH_Key, 19794 ssl->buffers.serverDH_P.buffer, 19795 ssl->buffers.serverDH_P.length, 19796 ssl->buffers.serverDH_G.buffer, 19797 ssl->buffers.serverDH_G.length, 19798 NULL, 0, 0, ssl->rng); 19799 if (ret != 0) { 19800 goto exit_scke; 19801 } 19802 ssl->options.dhKeyTested = 1; 19803 } 19804 else 19805 #endif 19806 { 18888 19807 ret = wc_DhSetKey(ssl->buffers.serverDH_Key, 18889 19808 ssl->buffers.serverDH_P.buffer, … … 18894 19813 goto exit_scke; 18895 19814 } 19815 } 18896 19816 18897 19817 /* for DH, encSecret is Yc, agree is pre-master */ … … 18902 19822 } 18903 19823 #endif /* !NO_DH && !NO_PSK */ 18904 #if (defined(HAVE_ECC) || defined(HAVE_CURVE25519)) && !defined(NO_PSK) 19824 #if (defined(HAVE_ECC) || defined(HAVE_CURVE25519)) && \ 19825 !defined(NO_PSK) 18905 19826 case ecdhe_psk_kea: 18906 19827 { … … 18972 19893 break; 18973 19894 } 18974 #endif /* HAVE_ECC&& !NO_PSK */19895 #endif /* (HAVE_ECC || HAVE_CURVE25519) && !NO_PSK */ 18975 19896 #ifdef HAVE_NTRU 18976 19897 case ntru_kea: … … 19012 19933 } 19013 19934 #endif 19014 #if def HAVE_ECC19935 #if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) 19015 19936 #ifdef HAVE_PK_CALLBACKS 19016 19937 /* if callback then use it for shared secret */ … … 19057 19978 ssl->peerRsaKey, 19058 19979 #if defined(HAVE_PK_CALLBACKS) 19059 ssl->buffers.peerRsaKey.buffer, 19060 ssl->buffers.peerRsaKey.length, 19061 ssl->RsaEncCtx 19980 &ssl->buffers.peerRsaKey 19062 19981 #else 19063 NULL , 0, NULL19982 NULL 19064 19983 #endif 19065 19984 ); … … 19098 20017 } 19099 20018 #endif /* !NO_DH && !NO_PSK */ 19100 #if (defined(HAVE_ECC) || defined(HAVE_CURVE25519)) && !defined(NO_PSK) 20019 #if (defined(HAVE_ECC) || defined(HAVE_CURVE25519)) && \ 20020 !defined(NO_PSK) 19101 20021 case ecdhe_psk_kea: 19102 20022 { … … 19108 20028 ssl->arrays->preMasterSecret + OPAQUE16_LEN, 19109 20029 &ssl->arrays->preMasterSz, 19110 WOLFSSL_CLIENT_END ,19111 #ifdef HAVE_PK_CALLBACKS19112 ssl->EccSharedSecretCtx19113 # else19114 NULL20030 WOLFSSL_CLIENT_END 20031 ); 20032 if (!ssl->specs.static_ecdh 20033 #ifdef WOLFSSL_ASYNC_CRYPT 20034 && ret != WC_PENDING_E 19115 20035 #endif 19116 ); 20036 ) { 20037 FreeKey(ssl, DYNAMIC_TYPE_CURVE25519, 20038 (void**)&ssl->peerX25519Key); 20039 ssl->peerX25519KeyPresent = 0; 20040 } 19117 20041 break; 19118 20042 } … … 19123 20047 ssl->arrays->preMasterSecret + OPAQUE16_LEN, 19124 20048 &ssl->arrays->preMasterSz, 19125 WOLFSSL_CLIENT_END, 19126 #ifdef HAVE_PK_CALLBACKS 19127 ssl->EccSharedSecretCtx 19128 #else 19129 NULL 19130 #endif 20049 WOLFSSL_CLIENT_END 19131 20050 ); 20051 #ifdef WOLFSSL_ASYNC_CRYPT 20052 if (ret != WC_PENDING_E) 20053 #endif 20054 { 20055 FreeKey(ssl, DYNAMIC_TYPE_ECC, 20056 (void**)&ssl->peerEccKey); 20057 ssl->peerEccKeyPresent = 0; 20058 } 19132 20059 break; 19133 20060 } … … 19173 20100 ssl->arrays->preMasterSecret, 19174 20101 &ssl->arrays->preMasterSz, 19175 WOLFSSL_CLIENT_END ,19176 #ifdef HAVE_PK_CALLBACKS19177 ssl->EccSharedSecretCtx19178 # else19179 NULL20102 WOLFSSL_CLIENT_END 20103 ); 20104 if (!ssl->specs.static_ecdh 20105 #ifdef WOLFSSL_ASYNC_CRYPT 20106 && ret != WC_PENDING_E 19180 20107 #endif 19181 ); 20108 ) { 20109 FreeKey(ssl, DYNAMIC_TYPE_CURVE25519, 20110 (void**)&ssl->peerX25519Key); 20111 ssl->peerX25519KeyPresent = 0; 20112 } 19182 20113 break; 19183 20114 } … … 19192 20123 ssl->arrays->preMasterSecret, 19193 20124 &ssl->arrays->preMasterSz, 19194 WOLFSSL_CLIENT_END, 19195 #ifdef HAVE_PK_CALLBACKS 19196 ssl->EccSharedSecretCtx 19197 #else 19198 NULL 19199 #endif 20125 WOLFSSL_CLIENT_END 19200 20126 ); 20127 if (!ssl->specs.static_ecdh 20128 #ifdef WOLFSSL_ASYNC_CRYPT 20129 && ret != WC_PENDING_E 20130 #endif 20131 ) { 20132 FreeKey(ssl, DYNAMIC_TYPE_ECC, 20133 (void**)&ssl->peerEccKey); 20134 ssl->peerEccKeyPresent = 0; 20135 } 19201 20136 #endif 19202 20137 … … 19269 20204 } 19270 20205 #endif /* !NO_DH && !NO_PSK */ 19271 #if defined(HAVE_ECC) && !defined(NO_PSK) 20206 #if (defined(HAVE_ECC) || defined(HAVE_CURVE25519)) && \ 20207 !defined(NO_PSK) 19272 20208 case ecdhe_psk_kea: 19273 20209 { … … 19283 20219 args->encSz += args->length + OPAQUE8_LEN; 19284 20220 19285 /* Create pre master secret is the concat ination of20221 /* Create pre master secret is the concatenation of 19286 20222 eccSize + eccSharedKey + pskSize + pskKey */ 19287 20223 c16toa((word16)ssl->arrays->preMasterSz, pms); … … 19299 20235 break; 19300 20236 } 19301 #endif /* HAVE_ECC&& !NO_PSK */20237 #endif /* (HAVE_ECC || HAVE_CURVE25519) && !NO_PSK */ 19302 20238 #ifdef HAVE_NTRU 19303 20239 case ntru_kea: … … 19306 20242 } 19307 20243 #endif /* HAVE_NTRU */ 19308 #if def HAVE_ECC20244 #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) 19309 20245 case ecc_diffie_hellman_kea: 19310 20246 { … … 19314 20250 break; 19315 20251 } 19316 #endif /* HAVE_ECC */20252 #endif /* HAVE_ECC || HAVE_CURVE25519 */ 19317 20253 19318 20254 default: … … 19467 20403 #endif 19468 20404 19469 #if def WOLFSSL_CALLBACKS20405 #if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA) 19470 20406 if (ssl->hsInfoOn) 19471 AddPacketName( "ClientKeyExchange", &ssl->handShakeInfo);20407 AddPacketName(ssl, "ClientKeyExchange"); 19472 20408 if (ssl->toInfoOn) 19473 AddPacketInfo( "ClientKeyExchange", &ssl->timeoutInfo,19474 args->output, args->sendSz, ssl->heap);20409 AddPacketInfo(ssl, "ClientKeyExchange", handshake, 20410 args->output, args->sendSz, WRITE_PROTO, ssl->heap); 19475 20411 #endif 19476 20412 … … 19496 20432 19497 20433 WOLFSSL_LEAVE("SendClientKeyExchange", ret); 20434 WOLFSSL_END(WC_FUNC_CLIENT_KEY_EXCHANGE_SEND); 19498 20435 19499 20436 #ifdef WOLFSSL_ASYNC_CRYPT … … 19504 20441 19505 20442 /* No further need for PMS */ 20443 if (ssl->arrays->preMasterSecret != NULL) { 19506 20444 ForceZero(ssl->arrays->preMasterSecret, ssl->arrays->preMasterSz); 20445 } 19507 20446 ssl->arrays->preMasterSz = 0; 19508 20447 … … 19514 20453 } 19515 20454 20455 #endif /* !WOLFSSL_NO_TLS12 */ 19516 20456 19517 20457 #ifndef NO_CERTS 19518 /* Decode the private key - RSA, ECC, or Ed25519 - and creates a key object. 19519 * The signature type is set as well. 19520 * The maximum length of a signature is returned. 19521 * 19522 * ssl The SSL/TLS object. 19523 * length The length of a signature. 19524 * returns 0 on success, otherwise failure. 19525 */ 19526 int DecodePrivateKey(WOLFSSL *ssl, word16* length) 19527 { 19528 int ret; 19529 int keySz; 19530 word32 idx; 19531 19532 /* make sure private key exists */ 19533 if (ssl->buffers.key == NULL || ssl->buffers.key->buffer == NULL) { 19534 WOLFSSL_MSG("Private key missing!"); 19535 ERROR_OUT(NO_PRIVATE_KEY, exit_dpk); 19536 } 19537 20458 20459 #ifdef HAVE_PK_CALLBACKS 20460 int GetPrivateKeySigSize(WOLFSSL* ssl) 20461 { 20462 int sigSz = 0; 20463 20464 if (ssl == NULL) 20465 return 0; 20466 20467 switch (ssl->buffers.keyType) { 19538 20468 #ifndef NO_RSA 19539 ssl->hsType = DYNAMIC_TYPE_RSA; 19540 ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey); 19541 if (ret != 0) { 19542 goto exit_dpk; 19543 } 19544 19545 WOLFSSL_MSG("Trying RSA private key"); 19546 19547 /* Set start of data to beginning of buffer. */ 19548 idx = 0; 19549 /* Decode the key assuming it is an RSA private key. */ 19550 ret = wc_RsaPrivateKeyDecode(ssl->buffers.key->buffer, &idx, 19551 (RsaKey*)ssl->hsKey, ssl->buffers.key->length); 19552 if (ret == 0) { 19553 WOLFSSL_MSG("Using RSA private key"); 19554 19555 /* It worked so check it meets minimum key size requirements. */ 19556 keySz = wc_RsaEncryptSize((RsaKey*)ssl->hsKey); 19557 if (keySz < 0) { /* check if keySz has error case */ 19558 ERROR_OUT(keySz, exit_dpk); 19559 } 19560 19561 if (keySz < ssl->options.minRsaKeySz) { 19562 WOLFSSL_MSG("RSA key size too small"); 19563 ERROR_OUT(RSA_KEY_SIZE_E, exit_dpk); 19564 } 19565 19566 /* Return the maximum signature length. */ 19567 *length = (word16)keySz; 19568 19569 goto exit_dpk; 19570 } 19571 #endif /* !NO_RSA */ 19572 19573 #ifdef HAVE_ECC 19574 #ifndef NO_RSA 19575 FreeKey(ssl, ssl->hsType, (void**)&ssl->hsKey); 19576 #endif /* !NO_RSA */ 19577 19578 ssl->hsType = DYNAMIC_TYPE_ECC; 19579 ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey); 19580 if (ret != 0) { 19581 goto exit_dpk; 19582 } 19583 19584 #ifndef NO_RSA 19585 WOLFSSL_MSG("Trying ECC private key, RSA didn't work"); 19586 #else 19587 WOLFSSL_MSG("Trying ECC private key"); 19588 #endif 19589 19590 /* Set start of data to beginning of buffer. */ 19591 idx = 0; 19592 /* Decode the key assuming it is an ECC private key. */ 19593 ret = wc_EccPrivateKeyDecode(ssl->buffers.key->buffer, &idx, 19594 (ecc_key*)ssl->hsKey, 19595 ssl->buffers.key->length); 19596 if (ret == 0) { 19597 WOLFSSL_MSG("Using ECC private key"); 19598 19599 /* Check it meets the minimum ECC key size requirements. */ 19600 keySz = wc_ecc_size((ecc_key*)ssl->hsKey); 19601 if (keySz < ssl->options.minEccKeySz) { 19602 WOLFSSL_MSG("ECC key size too small"); 19603 ERROR_OUT(ECC_KEY_SIZE_E, exit_dpk); 19604 } 19605 19606 /* Return the maximum signature length. */ 19607 *length = (word16)wc_ecc_sig_size((ecc_key*)ssl->hsKey); 19608 19609 goto exit_dpk; 19610 } 19611 #endif 19612 #ifdef HAVE_ED25519 19613 #if !defined(NO_RSA) || defined(HAVE_ECC) 19614 FreeKey(ssl, ssl->hsType, (void**)&ssl->hsKey); 19615 #endif 19616 19617 ssl->hsType = DYNAMIC_TYPE_ED25519; 19618 ret = AllocKey(ssl, ssl->hsType, &ssl->hsKey); 19619 if (ret != 0) { 19620 goto exit_dpk; 19621 } 19622 19623 #ifdef HAVE_ECC 19624 WOLFSSL_MSG("Trying ED25519 private key, ECC didn't work"); 19625 #elif !defined(NO_RSA) 19626 WOLFSSL_MSG("Trying ED25519 private key, RSA didn't work"); 19627 #else 19628 WOLFSSL_MSG("Trying ED25519 private key"); 19629 #endif 19630 19631 /* Set start of data to beginning of buffer. */ 19632 idx = 0; 19633 /* Decode the key assuming it is an ED25519 private key. */ 19634 ret = wc_Ed25519PrivateKeyDecode(ssl->buffers.key->buffer, &idx, 19635 (ed25519_key*)ssl->hsKey, 19636 ssl->buffers.key->length); 19637 if (ret == 0) { 19638 WOLFSSL_MSG("Using ED25519 private key"); 19639 19640 /* Check it meets the minimum ECC key size requirements. */ 19641 (void)keySz; 19642 if (ED25519_KEY_SIZE < ssl->options.minEccKeySz) { 19643 WOLFSSL_MSG("ED25519 key size too small"); 19644 ERROR_OUT(ECC_KEY_SIZE_E, exit_dpk); 19645 } 19646 19647 /* Return the maximum signature length. */ 19648 *length = ED25519_SIG_SIZE; 19649 19650 goto exit_dpk; 19651 } 19652 #endif 19653 19654 exit_dpk: 19655 return ret; 20469 #ifdef WC_RSA_PSS 20470 case rsa_pss_sa_algo: 20471 #endif 20472 case rsa_sa_algo: 20473 sigSz = ssl->buffers.keySz; 20474 ssl->hsType = DYNAMIC_TYPE_RSA; 20475 break; 20476 #endif 20477 #ifdef HAVE_ECC 20478 case ecc_dsa_sa_algo: 20479 sigSz = wc_ecc_sig_size_calc(ssl->buffers.keySz); 20480 ssl->hsType = DYNAMIC_TYPE_ECC; 20481 break; 20482 #endif 20483 #ifdef HAVE_ED25519 20484 case ed25519_sa_algo: 20485 sigSz = ED25519_SIG_SIZE; /* fixed known value */ 20486 ssl->hsType = DYNAMIC_TYPE_ED25519; 20487 break; 20488 #endif 20489 default: 20490 break; 19656 20491 } 19657 19658 20492 return sigSz; 20493 } 20494 #endif /* HAVE_PK_CALLBACKS */ 20495 20496 #ifndef WOLFSSL_NO_TLS12 20497 20498 #ifndef WOLFSSL_NO_CLIENT_AUTH 19659 20499 typedef struct ScvArgs { 19660 20500 byte* output; /* not allocated */ … … 19691 20531 } 19692 20532 20533 /* handle generation of certificate_verify (15) */ 19693 20534 int SendCertificateVerify(WOLFSSL* ssl) 19694 20535 { … … 19702 20543 #endif 19703 20544 20545 WOLFSSL_START(WC_FUNC_CERTIFICATE_VERIFY_SEND); 19704 20546 WOLFSSL_ENTER("SendCertificateVerify"); 19705 20547 … … 19731 20573 } 19732 20574 19733 args->sendSz = MAX_CERT_VERIFY_SZ ;20575 args->sendSz = MAX_CERT_VERIFY_SZ + MAX_MSG_EXTRA; 19734 20576 if (IsEncryptionOn(ssl, 1)) { 19735 20577 args->sendSz += MAX_MSG_EXTRA; … … 19757 20599 } 19758 20600 20601 if (ssl->buffers.key == NULL) { 20602 #ifdef HAVE_PK_CALLBACKS 20603 if (wolfSSL_CTX_IsPrivatePkSet(ssl->ctx)) 20604 args->length = GetPrivateKeySigSize(ssl); 20605 else 20606 #endif 20607 ERROR_OUT(NO_PRIVATE_KEY, exit_scv); 20608 } 20609 else { 19759 20610 /* Decode private key. */ 19760 20611 ret = DecodePrivateKey(ssl, &args->length); 19761 20612 if (ret != 0) { 19762 20613 goto exit_scv; 20614 } 20615 } 20616 20617 if (args->length <= 0) { 20618 ERROR_OUT(NO_PRIVATE_KEY, exit_scv); 19763 20619 } 19764 20620 … … 19849 20705 } 19850 20706 #endif /* !NO_RSA */ 20707 #if defined(HAVE_ED25519) && !defined(NO_ED25519_CLIENT_AUTH) 20708 if (args->sigAlgo == ed25519_sa_algo) { 20709 ret = Ed25519CheckPubKey(ssl); 20710 if (ret != 0) 20711 goto exit_scv; 20712 } 20713 #endif /* HAVE_ED25519 && !NO_ED25519_CLIENT_AUTH */ 19851 20714 19852 20715 /* Advance state and proceed */ … … 19865 20728 ssl->buffers.sig.buffer, &ssl->buffers.sig.length, 19866 20729 key, 19867 #if defined(HAVE_PK_CALLBACKS) 19868 ssl->buffers.key->buffer, 19869 ssl->buffers.key->length, 19870 ssl->EccSignCtx 20730 #ifdef HAVE_PK_CALLBACKS 20731 ssl->buffers.key 19871 20732 #else 19872 NULL , 0, NULL20733 NULL 19873 20734 #endif 19874 20735 ); 19875 20736 } 19876 20737 #endif /* HAVE_ECC */ 19877 #if def HAVE_ED2551920738 #if defined(HAVE_ED25519) && !defined(NO_ED25519_CLIENT_AUTH) 19878 20739 if (ssl->hsType == DYNAMIC_TYPE_ED25519) { 19879 20740 ed25519_key* key = (ed25519_key*)ssl->hsKey; 19880 20741 19881 20742 ret = Ed25519Sign(ssl, 19882 ssl-> buffers.digest.buffer, ssl->buffers.digest.length,20743 ssl->hsHashes->messages, ssl->hsHashes->length, 19883 20744 ssl->buffers.sig.buffer, &ssl->buffers.sig.length, 19884 20745 key, 19885 #if defined(HAVE_PK_CALLBACKS) 19886 ssl->buffers.key->buffer, 19887 ssl->buffers.key->length, 19888 ssl->Ed25519SignCtx 20746 #ifdef HAVE_PK_CALLBACKS 20747 ssl->buffers.key 19889 20748 #else 19890 NULL , 0, NULL20749 NULL 19891 20750 #endif 19892 20751 ); 19893 20752 } 19894 #endif /* HAVE_E CC*/20753 #endif /* HAVE_ED25519 && !NO_ED25519_CLIENT_AUTH */ 19895 20754 #ifndef NO_RSA 19896 20755 if (ssl->hsType == DYNAMIC_TYPE_RSA) { … … 19904 20763 args->verify + args->extraSz + VERIFY_HEADER, &args->sigSz, 19905 20764 args->sigAlgo, ssl->suites->hashAlgo, key, 19906 ssl->buffers.key->buffer, ssl->buffers.key->length, 19907 #ifdef HAVE_PK_CALLBACKS 19908 ssl->RsaSignCtx 19909 #else 19910 NULL 19911 #endif 20765 ssl->buffers.key 19912 20766 ); 19913 20767 } … … 19938 20792 } 19939 20793 #endif /* HAVE_ECC */ 19940 #ifdef HAVE_E CC20794 #ifdef HAVE_ED25519 19941 20795 if (ssl->hsType == DYNAMIC_TYPE_ED25519) { 19942 20796 args->length = (word16)ssl->buffers.sig.length; … … 19946 20800 ssl->buffers.sig.buffer, ssl->buffers.sig.length); 19947 20801 } 19948 #endif /* HAVE_E CC*/20802 #endif /* HAVE_ED25519 */ 19949 20803 #ifndef NO_RSA 19950 20804 if (ssl->hsType == DYNAMIC_TYPE_RSA) { … … 19965 20819 args->verifySig, args->sigSz, 19966 20820 ssl->buffers.sig.buffer, ssl->buffers.sig.length, 19967 args->sigAlgo, ssl->suites->hashAlgo, key 20821 args->sigAlgo, ssl->suites->hashAlgo, key, 20822 ssl->buffers.key 19968 20823 ); 19969 20824 } … … 20054 20909 20055 20910 20056 #if def WOLFSSL_CALLBACKS20911 #if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA) 20057 20912 if (ssl->hsInfoOn) 20058 AddPacketName( "CertificateVerify", &ssl->handShakeInfo);20913 AddPacketName(ssl, "CertificateVerify"); 20059 20914 if (ssl->toInfoOn) 20060 AddPacketInfo( "CertificateVerify", &ssl->timeoutInfo,20061 args->output, args->sendSz, ssl->heap);20915 AddPacketInfo(ssl, "CertificateVerify", handshake, 20916 args->output, args->sendSz, WRITE_PROTO, ssl->heap); 20062 20917 #endif 20063 20918 … … 20076 20931 20077 20932 WOLFSSL_LEAVE("SendCertificateVerify", ret); 20933 WOLFSSL_END(WC_FUNC_CERTIFICATE_VERIFY_SEND); 20078 20934 20079 20935 #ifdef WOLFSSL_ASYNC_CRYPT … … 20094 20950 return ret; 20095 20951 } 20952 #endif /* WOLFSSL_NO_CLIENT_AUTH */ 20953 20954 #endif /* WOLFSSL_NO_TLS12 */ 20096 20955 20097 20956 #endif /* NO_CERTS */ … … 20116 20975 ssl->session.isDynamic = 1; 20117 20976 } 20118 ssl->session.ticketLen = length;20977 ssl->session.ticketLen = (word16)length; 20119 20978 20120 20979 if (length > 0) { … … 20128 20987 * supercede the existing session cache info. */ 20129 20988 ssl->options.haveSessionId = 1; 20989 #ifdef WOLFSSL_TLS13 20990 if (ssl->options.tls1_3) { 20991 XMEMCPY(ssl->session.sessionID, 20992 ssl->session.ticket + length - ID_LEN, ID_LEN); 20993 } 20994 else 20995 #endif 20130 20996 XMEMCPY(ssl->arrays->sessionID, 20131 20997 ssl->session.ticket + length - ID_LEN, ID_LEN); … … 20135 21001 } 20136 21002 21003 #ifndef WOLFSSL_NO_TLS12 21004 21005 /* handle processing of session_ticket (4) */ 20137 21006 static int DoSessionTicket(WOLFSSL* ssl, const byte* input, word32* inOutIdx, 20138 21007 word32 size) … … 20181 21050 return 0; 20182 21051 } 21052 21053 #endif /* !WOLFSSL_NO_TLS12 */ 21054 20183 21055 #endif /* HAVE_SESSION_TICKET */ 20184 21056 … … 20187 21059 #ifndef NO_WOLFSSL_SERVER 20188 21060 21061 #ifndef WOLFSSL_NO_TLS12 21062 21063 /* handle generation of server_hello (2) */ 20189 21064 int SendServerHello(WOLFSSL* ssl) 20190 21065 { 21066 int ret; 20191 21067 byte *output; 20192 word32 length, idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ; 21068 word16 length; 21069 word32 idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ; 20193 21070 int sendSz; 20194 int ret;20195 21071 byte sessIdSz = ID_LEN; 20196 21072 byte echoId = 0; /* ticket echo id flag */ 20197 21073 byte cacheOff = 0; /* session cache off flag */ 21074 21075 WOLFSSL_START(WC_FUNC_SERVER_HELLO_SEND); 21076 WOLFSSL_ENTER("SendServerHello"); 20198 21077 20199 21078 length = VERSION_SZ + RAN_LEN … … 20203 21082 20204 21083 #ifdef HAVE_TLS_EXTENSIONS 20205 length += TLSX_GetResponseSize(ssl, server_hello); 21084 ret = TLSX_GetResponseSize(ssl, server_hello, &length); 21085 if (ret != 0) 21086 return ret; 20206 21087 #ifdef HAVE_SESSION_TICKET 20207 21088 if (ssl->options.useTicket) { … … 20223 21104 #endif 20224 21105 20225 /* is the session ca hce off at build or runtime */21106 /* is the session cache off at build or runtime */ 20226 21107 #ifdef NO_SESSION_CACHE 20227 21108 cacheOff = 1; … … 20238 21119 sessIdSz = 0; 20239 21120 } 20240 20241 /* check for avalaible size */20242 if ((ret = CheckAvailableSize(ssl, MAX_HELLO_SZ)) != 0)20243 return ret;20244 20245 /* get output buffer */20246 output = ssl->buffers.outputBuffer.buffer +20247 ssl->buffers.outputBuffer.length;20248 21121 20249 21122 sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ; … … 20258 21131 } 20259 21132 #endif /* WOLFSSL_DTLS */ 21133 21134 if (IsEncryptionOn(ssl, 1)) 21135 sendSz += MAX_MSG_EXTRA; 21136 21137 /* check for available size */ 21138 if ((ret = CheckAvailableSize(ssl, sendSz)) != 0) 21139 return ret; 21140 21141 /* get output buffer */ 21142 output = ssl->buffers.outputBuffer.buffer + 21143 ssl->buffers.outputBuffer.length; 21144 20260 21145 AddHeaders(output, length, server_hello, ssl); 20261 21146 20262 21147 /* now write to output */ 20263 21148 /* first version */ 20264 output[idx++] = ssl->version.major;20265 output[idx++] = ssl->version.minor;21149 output[idx++] = (byte)ssl->version.major; 21150 output[idx++] = (byte)ssl->version.minor; 20266 21151 20267 21152 /* then random and session id */ … … 20278 21163 XMEMCPY(output + idx + RAN_LEN - (TLS13_DOWNGRADE_SZ + 1), 20279 21164 tls13Downgrade, TLS13_DOWNGRADE_SZ); 20280 output[idx + RAN_LEN - 1] = IsAtLeastTLSv1_2(ssl);21165 output[idx + RAN_LEN - 1] = (byte)IsAtLeastTLSv1_2(ssl); 20281 21166 } 20282 21167 else … … 20329 21214 /* last, extensions */ 20330 21215 #ifdef HAVE_TLS_EXTENSIONS 20331 TLSX_WriteResponse(ssl, output + idx, server_hello); 21216 { 21217 word16 offset = 0; 21218 ret = TLSX_WriteResponse(ssl, output + idx, server_hello, &offset); 21219 if (ret != 0) 21220 return ret; 21221 idx += offset; 21222 } 20332 21223 #else 20333 21224 #ifdef HAVE_EXTENDED_MASTER … … 20341 21232 /*idx += HELLO_EXT_SZ_SZ;*/ 20342 21233 /* idx is not used after this point. uncomment the line above 20343 * if adding any more extentions in the future. */ 20344 } 20345 #endif 20346 #endif 20347 20348 ssl->buffers.outputBuffer.length += sendSz; 20349 #ifdef WOLFSSL_DTLS 20350 if (IsDtlsNotSctpMode(ssl)) { 20351 if ((ret = DtlsMsgPoolSave(ssl, output, sendSz)) != 0) 20352 return ret; 20353 } 20354 20355 if (ssl->options.dtls) { 21234 * if adding any more extensions in the future. */ 21235 } 21236 #endif 21237 #endif 21238 21239 if (IsEncryptionOn(ssl, 1)) { 21240 byte* input; 21241 int inputSz = idx - RECORD_HEADER_SZ; /* build msg adds rec hdr */ 21242 21243 input = (byte*)XMALLOC(inputSz, ssl->heap, DYNAMIC_TYPE_IN_BUFFER); 21244 if (input == NULL) 21245 return MEMORY_E; 21246 21247 XMEMCPY(input, output + RECORD_HEADER_SZ, inputSz); 21248 sendSz = BuildMessage(ssl, output, sendSz, input, inputSz, 21249 handshake, 1, 0, 0); 21250 XFREE(input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER); 21251 21252 if (sendSz < 0) 21253 return sendSz; 21254 } else { 21255 #ifdef WOLFSSL_DTLS 21256 if (ssl->options.dtls) 20356 21257 DtlsSEQIncrement(ssl, CUR_ORDER); 20357 }20358 21258 #endif 20359 20360 21259 ret = HashOutput(ssl, output, sendSz, 0); 20361 21260 if (ret != 0) 20362 21261 return ret; 20363 20364 20365 #if def WOLFSSL_CALLBACKS21262 } 21263 21264 #if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA) 20366 21265 if (ssl->hsInfoOn) 20367 AddPacketName( "ServerHello", &ssl->handShakeInfo);21266 AddPacketName(ssl, "ServerHello"); 20368 21267 if (ssl->toInfoOn) 20369 AddPacketInfo( "ServerHello", &ssl->timeoutInfo, output, sendSz,20370 ssl->heap);21268 AddPacketInfo(ssl, "ServerHello", handshake, output, sendSz, 21269 WRITE_PROTO, ssl->heap); 20371 21270 #endif 20372 21271 20373 21272 ssl->options.serverState = SERVER_HELLO_COMPLETE; 21273 ssl->buffers.outputBuffer.length += sendSz; 21274 21275 #ifdef WOLFSSL_DTLS 21276 if (IsDtlsNotSctpMode(ssl)) { 21277 if ((ret = DtlsMsgPoolSave(ssl, output, sendSz)) != 0) 21278 return ret; 21279 } 21280 21281 if (ssl->options.dtls) { 21282 DtlsSEQIncrement(ssl, CUR_ORDER); 21283 } 21284 #endif 20374 21285 20375 21286 if (ssl->options.groupMessages) 20376 ret urn0;21287 ret = 0; 20377 21288 else 20378 return SendBuffered(ssl); 20379 } 20380 20381 20382 #ifdef HAVE_ECC 21289 ret = SendBuffered(ssl); 21290 21291 WOLFSSL_LEAVE("SendServerHello", ret); 21292 WOLFSSL_END(WC_FUNC_SERVER_HELLO_SEND); 21293 21294 return ret; 21295 } 21296 21297 21298 #if defined(HAVE_ECC) 20383 21299 20384 21300 static byte SetCurveId(ecc_key* key) … … 20439 21355 #endif 20440 21356 #if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES) 20441 #ifdef HAVE_CURVE2551920442 case ECC_X25519_OID:20443 return WOLFSSL_ECC_X25519;20444 #endif20445 21357 #ifndef NO_ECC_SECP 20446 21358 case ECC_SECP384R1_OID: … … 20469 21381 } 20470 21382 20471 #endif /* HAVE_ECC */21383 #endif /* HAVE_ECC || HAVE_CURVE25519 */ 20472 21384 20473 21385 typedef struct SskeArgs { 20474 21386 byte* output; /* not allocated */ 20475 #if defined(HAVE_ECC) || (!defined(NO_DH) && !defined(NO_RSA)) 21387 #if defined(HAVE_ECC) || defined(HAVE_ED25519) || \ 21388 (!defined(NO_DH) && !defined(NO_RSA)) 20476 21389 byte* sigDataBuf; 20477 21390 #endif 20478 #if defined(HAVE_ECC) 21391 #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) 20479 21392 byte* exportBuf; 20480 21393 #endif … … 20482 21395 byte* verifySig; 20483 21396 #endif 21397 byte* input; 20484 21398 word32 idx; 20485 21399 word32 tmpSigSz; 20486 21400 word32 length; 20487 21401 word32 sigSz; 20488 #if defined(HAVE_ECC) || (!defined(NO_DH) && !defined(NO_RSA)) 21402 #if defined(HAVE_ECC) || defined(HAVE_ED25519) || \ 21403 (!defined(NO_DH) && !defined(NO_RSA)) 20489 21404 word32 sigDataSz; 20490 21405 #endif 20491 #if defined(HAVE_ECC) 21406 #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) 20492 21407 word32 exportSz; 20493 21408 #endif … … 20496 21411 #endif 20497 21412 int sendSz; 21413 int inputSz; 20498 21414 } SskeArgs; 20499 21415 … … 20504 21420 (void)ssl; 20505 21421 20506 #if defined(HAVE_ECC) 21422 #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) 20507 21423 if (args->exportBuf) { 20508 21424 XFREE(args->exportBuf, ssl->heap, DYNAMIC_TYPE_DER); … … 20510 21426 } 20511 21427 #endif 20512 #if defined(HAVE_ECC) || (!defined(NO_DH) && !defined(NO_RSA)) 21428 #if defined(HAVE_ECC) || defined(HAVE_ED25519) || \ 21429 (!defined(NO_DH) && !defined(NO_RSA)) 20513 21430 if (args->sigDataBuf) { 20514 21431 XFREE(args->sigDataBuf, ssl->heap, DYNAMIC_TYPE_SIGNATURE); … … 20525 21442 } 20526 21443 21444 /* handle generation of server_key_exchange (12) */ 20527 21445 int SendServerKeyExchange(WOLFSSL* ssl) 20528 21446 { … … 20536 21454 #endif 20537 21455 21456 WOLFSSL_START(WC_FUNC_SERVER_KEY_EXCHANGE_SEND); 20538 21457 WOLFSSL_ENTER("SendServerKeyExchange"); 20539 21458 … … 20570 21489 switch(ssl->specs.kea) 20571 21490 { 20572 #if defined(HAVE_ECC) && !defined(NO_PSK) 21491 #if (defined(HAVE_ECC) || defined(HAVE_CURVE25519)) && \ 21492 !defined(NO_PSK) 20573 21493 case ecdhe_psk_kea: 20574 21494 { … … 20576 21496 break; 20577 21497 } 20578 #endif /* HAVE_ECC&& !NO_PSK */20579 #if def HAVE_ECC21498 #endif /* (HAVE_ECC || CURVE25519) && !NO_PSK */ 21499 #if defined(HAVE_ECC) 20580 21500 case ecc_diffie_hellman_kea: 20581 21501 { … … 20583 21503 WOLFSSL_MSG("Using Static ECDH, not sending ServerKeyExchange"); 20584 21504 ERROR_OUT(0, exit_sske); 20585 }20586 20587 /* make sure private key exists */20588 if (ssl->buffers.key == NULL ||20589 ssl->buffers.key->buffer == NULL) {20590 ERROR_OUT(NO_PRIVATE_KEY, exit_sske);20591 21505 } 20592 21506 … … 20650 21564 } 20651 21565 21566 #if !defined(WOLFSSL_OLD_PRIME_CHECK) && \ 21567 !defined(HAVE_FIPS) && \ 21568 !defined(HAVE_SELFTEST) 21569 if (ssl->options.dhDoKeyTest && 21570 !ssl->options.dhKeyTested) 21571 { 21572 ret = wc_DhSetCheckKey( 21573 ssl->buffers.serverDH_Key, 21574 ssl->buffers.serverDH_P.buffer, 21575 ssl->buffers.serverDH_P.length, 21576 ssl->buffers.serverDH_G.buffer, 21577 ssl->buffers.serverDH_G.length, 21578 NULL, 0, 0, ssl->rng); 21579 if (ret != 0) { 21580 goto exit_sske; 21581 } 21582 ssl->options.dhKeyTested = 1; 21583 } 21584 else 21585 #endif 21586 { 20652 21587 ret = wc_DhSetKey(ssl->buffers.serverDH_Key, 20653 21588 ssl->buffers.serverDH_P.buffer, … … 20658 21593 goto exit_sske; 20659 21594 } 21595 } 20660 21596 20661 21597 ret = DhGenKeyPair(ssl, ssl->buffers.serverDH_Key, … … 20667 21603 } 20668 21604 #endif /* !NO_DH && (!NO_PSK || !NO_RSA) */ 20669 #if defined(HAVE_ECC) && !defined(NO_PSK) 21605 #if (defined(HAVE_ECC) || defined(HAVE_CURVE25519)) && \ 21606 !defined(NO_PSK) 20670 21607 case ecdhe_psk_kea: 20671 21608 /* Fall through to create temp ECC key */ 20672 #endif /* HAVE_ECC&& !NO_PSK */21609 #endif /* (HAVE_ECC || CURVE25519) && !NO_PSK */ 20673 21610 #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) 20674 21611 case ecc_diffie_hellman_kea: … … 20709 21646 20710 21647 if (ssl->eccTempKeyPresent == 0) { 20711 /* TODO: Need to first do wc_EccPrivateKeyDecode,20712 then we know curve dp */20713 21648 ret = EccMakeKey(ssl, ssl->eccTempKey, NULL); 20714 21649 if (ret == 0 || ret == WC_PENDING_E) { … … 20737 21672 case TLS_ASYNC_BUILD: 20738 21673 { 20739 #if (!defined(NO_DH) && !defined(NO_RSA)) || defined(HAVE_ECC) 21674 #if (!defined(NO_DH) && !defined(NO_RSA)) || (defined(HAVE_ECC) || \ 21675 defined(HAVE_CURVE25519)) 20740 21676 word32 preSigSz, preSigIdx; 20741 21677 #endif … … 20773 21709 } 20774 21710 #endif 21711 21712 if (IsEncryptionOn(ssl, 1)) { 21713 args->sendSz += MAX_MSG_EXTRA; 21714 } 21715 20775 21716 /* check for available size */ 20776 21717 if ((ret = CheckAvailableSize(ssl, args->sendSz)) != 0) { … … 20831 21772 } 20832 21773 #endif 21774 21775 if (IsEncryptionOn(ssl, 1)) { 21776 args->sendSz += MAX_MSG_EXTRA; 21777 } 20833 21778 20834 21779 /* check for available size */ … … 20881 21826 } 20882 21827 #endif /* !defined(NO_DH) && !defined(NO_PSK) */ 20883 #if defined(HAVE_ECC) && !defined(NO_PSK) 21828 #if (defined(HAVE_ECC) || defined(HAVE_CURVE25519)) && \ 21829 !defined(NO_PSK) 20884 21830 case ecdhe_psk_kea: 20885 21831 { … … 20933 21879 } 20934 21880 #endif 21881 21882 if (IsEncryptionOn(ssl, 1)) { 21883 args->sendSz += MAX_MSG_EXTRA; 21884 } 21885 20935 21886 /* check for available size */ 20936 21887 if ((ret = CheckAvailableSize(ssl, args->sendSz)) != 0) { … … 20958 21909 #endif 20959 21910 { 21911 #ifdef HAVE_ECC 20960 21912 args->output[args->idx++] = 20961 21913 SetCurveId(ssl->eccTempKey); 21914 #endif 20962 21915 } 20963 21916 args->output[args->idx++] = (byte)args->exportSz; … … 20966 21919 break; 20967 21920 } 20968 #endif /* HAVE_ECC&& !NO_PSK */20969 #if def HAVE_ECC21921 #endif /* (HAVE_ECC || HAVE_CURVE25519) && !NO_PSK */ 21922 #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) 20970 21923 case ecc_diffie_hellman_kea: 20971 21924 { … … 20995 21948 #endif 20996 21949 { 21950 #if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) 20997 21951 if (wc_ecc_export_x963(ssl->eccTempKey, 20998 21952 args->exportBuf, &args->exportSz) != 0) { 20999 21953 ERROR_OUT(ECC_EXPORT_ERROR, exit_sske); 21000 21954 } 21955 #endif 21001 21956 } 21002 21957 args->length += args->exportSz; … … 21005 21960 preSigIdx = args->idx; 21006 21961 21007 switch(ssl->suites->sigAlgo) 21008 { 21962 if (ssl->buffers.key == NULL) { 21963 #ifdef HAVE_PK_CALLBACKS 21964 if (wolfSSL_CTX_IsPrivatePkSet(ssl->ctx)) { 21965 args->tmpSigSz = GetPrivateKeySigSize(ssl); 21966 if (args->tmpSigSz <= 0) { 21967 ERROR_OUT(NO_PRIVATE_KEY, exit_sske); 21968 } 21969 } 21970 else 21971 #endif 21972 ERROR_OUT(NO_PRIVATE_KEY, exit_sske); 21973 } 21974 else { 21975 switch(ssl->suites->sigAlgo) { 21009 21976 #ifndef NO_RSA 21010 21977 #ifdef WC_RSA_PSS … … 21043 22010 } 21044 22011 #endif /* !NO_RSA */ 22012 #ifdef HAVE_ECC 21045 22013 case ecc_dsa_sa_algo: 21046 22014 { … … 21069 22037 ssl->options.minEccKeySz) { 21070 22038 WOLFSSL_MSG("ECC key size too small"); 21071 ret = ECC_KEY_SIZE_E; 21072 goto exit_sske; 22039 ERROR_OUT(ECC_KEY_SIZE_E, exit_sske); 21073 22040 } 21074 22041 break; 21075 22042 } 22043 #endif 21076 22044 #ifdef HAVE_ED25519 21077 22045 case ed25519_sa_algo: … … 21093 22061 goto exit_sske; 21094 22062 } 22063 21095 22064 /* worst case estimate */ 21096 22065 args->tmpSigSz = ED25519_SIG_SIZE; … … 21100 22069 ssl->options.minEccKeySz) { 21101 22070 WOLFSSL_MSG("Ed25519 key size too small"); 21102 ret = ECC_KEY_SIZE_E; 21103 goto exit_sske; 22071 ERROR_OUT(ECC_KEY_SIZE_E, exit_sske); 21104 22072 } 21105 22073 break; 21106 22074 } 21107 #endif 22075 #endif /* HAVE_ED25519 */ 21108 22076 default: 21109 22077 ERROR_OUT(ALGO_ID_E, exit_sske); /* unsupported type */ 21110 22078 } /* switch(ssl->specs.sig_algo) */ 22079 } 21111 22080 21112 22081 /* sig length */ … … 21131 22100 } 21132 22101 #endif 22102 if (IsEncryptionOn(ssl, 1)) { 22103 args->sendSz += MAX_MSG_EXTRA; 22104 } 22105 21133 22106 /* check for available size */ 21134 22107 if ((ret = CheckAvailableSize(ssl, args->sendSz)) != 0) { … … 21152 22125 #endif 21153 22126 { 22127 #ifdef HAVE_ECC 21154 22128 args->output[args->idx++] = 21155 22129 SetCurveId(ssl->eccTempKey); 22130 #endif 21156 22131 } 21157 22132 args->output[args->idx++] = (byte)args->exportSz; … … 21270 22245 #endif 21271 22246 #endif /* !NO_RSA */ 21272 #ifdef HAVE_ED2551921273 case ed25519_sa_algo:21274 #endif21275 22247 case ecc_dsa_sa_algo: 21276 22248 { 21277 22249 break; 21278 22250 } 22251 #ifdef HAVE_ED25519 22252 case ed25519_sa_algo: 22253 ret = Ed25519CheckPubKey(ssl); 22254 if (ret != 0) 22255 goto exit_sske; 22256 break; 22257 #endif /* HAVE_ED25519 */ 21279 22258 } /* switch(ssl->specs.sig_algo) */ 21280 22259 break; 21281 22260 } 21282 #endif /* HAVE_ECC */22261 #endif /* HAVE_ECC || HAVE_CURVE25519 */ 21283 22262 #if !defined(NO_DH) && !defined(NO_RSA) 21284 22263 case diffie_hellman_kea: … … 21296 22275 21297 22276 if (!ssl->options.usingAnon_cipher) { 21298 word32 i = 0;21299 22277 int keySz; 21300 22278 21301 /* make sure private key exists */ 21302 if (ssl->buffers.key == NULL || 21303 ssl->buffers.key->buffer == NULL) { 22279 /* sig length */ 22280 args->length += LENGTH_SZ; 22281 22282 if (ssl->buffers.key == NULL) { 22283 #ifdef HAVE_PK_CALLBACKS 22284 if (wolfSSL_CTX_IsPrivatePkSet(ssl->ctx)) 22285 keySz = (word32)GetPrivateKeySigSize(ssl); 22286 else 22287 #endif 21304 22288 ERROR_OUT(NO_PRIVATE_KEY, exit_sske); 21305 22289 } 22290 else 22291 { 22292 word32 i = 0; 21306 22293 21307 22294 ssl->hsType = DYNAMIC_TYPE_RSA; … … 21311 22298 } 21312 22299 21313 /* sig length */21314 args->length += LENGTH_SZ;21315 21316 22300 ret = wc_RsaPrivateKeyDecode( 21317 22301 ssl->buffers.key->buffer, &i, 21318 (RsaKey*)ssl->hsKey, ssl->buffers.key->length); 22302 (RsaKey*)ssl->hsKey, 22303 ssl->buffers.key->length); 21319 22304 if (ret != 0) { 21320 22305 goto exit_sske; 21321 22306 } 21322 22307 keySz = wc_RsaEncryptSize((RsaKey*)ssl->hsKey); 21323 if (keySz < 0) { /* test if keySz has error */ 22308 } 22309 22310 if (keySz <= 0) { /* test if keySz has error */ 21324 22311 ERROR_OUT(keySz, exit_sske); 21325 22312 } 22313 21326 22314 args->tmpSigSz = (word32)keySz; 21327 22315 args->length += args->tmpSigSz; … … 21351 22339 } 21352 22340 #endif 22341 22342 if (IsEncryptionOn(ssl, 1)) { 22343 args->sendSz += MAX_MSG_EXTRA; 22344 } 21353 22345 21354 22346 /* check for available size */ … … 21526 22518 } 21527 22519 #endif /* !defined(NO_DH) && !defined(NO_PSK) */ 21528 #if defined(HAVE_ECC) && !defined(NO_PSK) 22520 #if (defined(HAVE_ECC) || defined(HAVE_CURVE25519)) && \ 22521 !defined(NO_PSK) 21529 22522 case ecdhe_psk_kea: 21530 22523 { 21531 22524 break; 21532 22525 } 21533 #endif /* HAVE_ECC&& !NO_PSK */21534 #if def HAVE_ECC22526 #endif /* (HAVE_ECC || HAVE_CURVE25519) && !NO_PSK */ 22527 #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) 21535 22528 case ecc_diffie_hellman_kea: 21536 22529 { … … 21553 22546 ssl->suites->sigAlgo, ssl->suites->hashAlgo, 21554 22547 key, 21555 ssl->buffers.key->buffer, 21556 ssl->buffers.key->length, 22548 ssl->buffers.key 22549 ); 22550 break; 22551 } 22552 #endif /* !NO_RSA */ 22553 #ifdef HAVE_ECC 22554 case ecc_dsa_sa_algo: 22555 { 22556 ecc_key* key = (ecc_key*)ssl->hsKey; 22557 22558 ret = EccSign(ssl, 22559 ssl->buffers.sig.buffer, 22560 ssl->buffers.sig.length, 22561 args->output + LENGTH_SZ + args->idx, 22562 &args->sigSz, 22563 key, 21557 22564 #ifdef HAVE_PK_CALLBACKS 21558 ssl-> RsaSignCtx22565 ssl->buffers.key 21559 22566 #else 21560 22567 NULL … … 21563 22570 break; 21564 22571 } 21565 #endif /* !NO_RSA */ 21566 case ecc_dsa_sa_algo: 21567 { 21568 ecc_key* key = (ecc_key*)ssl->hsKey; 21569 21570 ret = EccSign(ssl, 21571 ssl->buffers.sig.buffer, 21572 ssl->buffers.sig.length, 21573 args->output + LENGTH_SZ + args->idx, 21574 &args->sigSz, 21575 key, 21576 #if defined(HAVE_PK_CALLBACKS) 21577 ssl->buffers.key->buffer, 21578 ssl->buffers.key->length, 21579 ssl->EccSignCtx 21580 #else 21581 NULL, 0, NULL 21582 #endif 21583 ); 21584 break; 21585 } 22572 #endif /* HAVE_ECC */ 21586 22573 #ifdef HAVE_ED25519 21587 22574 case ed25519_sa_algo: … … 21594 22581 &args->sigSz, 21595 22582 key, 21596 #if defined(HAVE_PK_CALLBACKS) 21597 ssl->buffers.key->buffer, 21598 ssl->buffers.key->length, 21599 ssl->Ed25519SignCtx 22583 #ifdef HAVE_PK_CALLBACKS 22584 ssl->buffers.key 21600 22585 #else 21601 NULL , 0, NULL22586 NULL 21602 22587 #endif 21603 22588 ); … … 21608 22593 break; 21609 22594 } 21610 #endif /* HAVE_ECC */22595 #endif /* HAVE_ECC || HAVE_CURVE25519 */ 21611 22596 #if !defined(NO_DH) && !defined(NO_RSA) 21612 22597 case diffie_hellman_kea: … … 21634 22619 ssl->suites->sigAlgo, ssl->suites->hashAlgo, 21635 22620 key, 21636 ssl->buffers.key->buffer, 21637 ssl->buffers.key->length, 21638 #ifdef HAVE_PK_CALLBACKS 21639 ssl->RsaSignCtx 21640 #else 21641 NULL 21642 #endif 22621 ssl->buffers.key 21643 22622 ); 21644 22623 break; … … 21680 22659 } 21681 22660 #endif /* !defined(NO_DH) && !defined(NO_PSK) */ 21682 #if defined(HAVE_ECC) && !defined(NO_PSK) 22661 #if (defined(HAVE_ECC) || defined(HAVE_CURVE25519)) && \ 22662 !defined(NO_PSK) 21683 22663 case ecdhe_psk_kea: 21684 22664 { … … 21686 22666 break; 21687 22667 } 21688 #endif /* HAVE_ECC&& !NO_PSK */21689 #if def HAVE_ECC22668 #endif /* (HAVE_ECC || HAVE_CURVE25519) && !NO_PSK */ 22669 #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) 21690 22670 case ecc_diffie_hellman_kea: 21691 22671 { … … 21720 22700 ssl->buffers.sig.length, 21721 22701 ssl->suites->sigAlgo, ssl->suites->hashAlgo, 21722 key 22702 key, ssl->buffers.key 21723 22703 ); 21724 22704 break; … … 21726 22706 #endif 21727 22707 case ecc_dsa_sa_algo: 22708 #ifdef HAVE_ED25519 22709 case ed25519_sa_algo: 22710 #endif 21728 22711 { 21729 22712 /* Now that we know the real sig size, write it. */ … … 21736 22719 break; 21737 22720 } 21738 #ifdef HAVE_ED2551921739 case ed25519_sa_algo:21740 {21741 /* Now that we know the real sig size, write it. */21742 c16toa((word16)args->sigSz,21743 args->output + args->idx);21744 21745 /* And adjust length and sendSz from estimates */21746 args->length += args->sigSz - args->tmpSigSz;21747 args->sendSz += args->sigSz - args->tmpSigSz;21748 break;21749 }21750 #endif21751 22721 default: 21752 22722 ERROR_OUT(ALGO_ID_E, exit_sske); /* unsupported type */ … … 21754 22724 break; 21755 22725 } 21756 #endif /* HAVE_ECC */22726 #endif /* HAVE_ECC || HAVE_CURVE25519 */ 21757 22727 #if !defined(NO_DH) && !defined(NO_RSA) 21758 22728 case diffie_hellman_kea: … … 21792 22762 ssl->buffers.sig.length, 21793 22763 ssl->suites->sigAlgo, ssl->suites->hashAlgo, 21794 key 22764 key, ssl->buffers.key 21795 22765 ); 21796 22766 break; … … 21838 22808 #endif 21839 22809 21840 #if defined(HAVE_ECC) 22810 #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) 21841 22811 if (ssl->specs.kea == ecdhe_psk_kea || 21842 22812 ssl->specs.kea == ecc_diffie_hellman_kea) { … … 21850 22820 } 21851 22821 } 21852 #endif /* HAVE_ECC */ 21853 22822 #endif /* HAVE_ECC || HAVE_CURVE25519 */ 22823 22824 if (IsEncryptionOn(ssl, 1)) { 22825 args->inputSz = args->length + HANDSHAKE_HEADER_SZ; 22826 /* buildmsg adds rechdr */ 22827 args->input = (byte*)XMALLOC(args->inputSz, ssl->heap, 22828 DYNAMIC_TYPE_IN_BUFFER); 22829 if (args->input == NULL) { 22830 ERROR_OUT(MEMORY_E, exit_sske); 22831 } 22832 22833 XMEMCPY(args->input, args->output + RECORD_HEADER_SZ, 22834 args->inputSz); 22835 ret = BuildMessage(ssl, args->output, args->sendSz, 22836 args->input, args->inputSz, handshake, 1, 0, 0); 22837 XFREE(args->input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER); 22838 args->input = NULL; 22839 /* make sure its not double free'd on cleanup */ 22840 22841 if (ret >= 0) { 22842 args->sendSz = ret; 22843 ret = 0; 22844 } 22845 } 22846 else { 21854 22847 #ifdef WOLFSSL_DTLS 21855 22848 if (IsDtlsNotSctpMode(ssl)) { 21856 if ((ret = DtlsMsgPoolSave(ssl, args->output, args->sendSz)) != 0) { 22849 if ((ret = DtlsMsgPoolSave(ssl, 22850 args->output, args->sendSz)) != 0) { 21857 22851 goto exit_sske; 21858 22852 } … … 21867 22861 goto exit_sske; 21868 22862 } 21869 21870 #ifdef WOLFSSL_CALLBACKS 22863 } 22864 22865 #if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA) 21871 22866 if (ssl->hsInfoOn) { 21872 AddPacketName( "ServerKeyExchange", &ssl->handShakeInfo);22867 AddPacketName(ssl, "ServerKeyExchange"); 21873 22868 } 21874 22869 if (ssl->toInfoOn) { 21875 AddPacketInfo( "ServerKeyExchange", &ssl->timeoutInfo,21876 args->output, args->sendSz, ssl->heap);22870 AddPacketInfo(ssl, "ServerKeyExchange", handshake, 22871 args->output, args->sendSz, WRITE_PROTO, ssl->heap); 21877 22872 } 21878 22873 #endif … … 21900 22895 21901 22896 WOLFSSL_LEAVE("SendServerKeyExchange", ret); 22897 WOLFSSL_END(WC_FUNC_SERVER_KEY_EXCHANGE_SEND); 21902 22898 21903 22899 #ifdef WOLFSSL_ASYNC_CRYPT … … 21936 22932 21937 22933 #endif 22934 22935 #endif /* !WOLFSSL_NO_TLS12 */ 21938 22936 21939 22937 /* Make sure server cert/key are valid for this suite, true on success */ … … 22019 23017 } 22020 23018 22021 #ifdef HAVE_SUPPORTED_CURVES 23019 #if (defined(HAVE_ECC) || defined(HAVE_CURVE25519)) && \ 23020 defined(HAVE_SUPPORTED_CURVES) 22022 23021 if (!TLSX_ValidateSupportedCurves(ssl, first, second)) { 22023 23022 WOLFSSL_MSG("Don't have matching curves"); … … 22035 23034 } 22036 23035 else { 22037 WOLFSSL_MSG("Version of SSL connection does not support TLS_QSH"); 23036 WOLFSSL_MSG("Version of SSL connection does not support " 23037 "TLS_QSH"); 22038 23038 } 22039 23039 return 0; … … 22047 23047 int ret = TLSX_KeyShare_Establish(ssl); 22048 23048 if (ret == KEY_SHARE_ERROR) 22049 ssl->options.serverState = SERVER_HELLO_RETRY_REQUEST ;23049 ssl->options.serverState = SERVER_HELLO_RETRY_REQUEST_COMPLETE; 22050 23050 else if (ret != 0) 22051 23051 return 0; 23052 } 23053 else if (first == TLS13_BYTE) { 23054 /* Can't negotiate TLS 1.3 cipher suites with lower protocol 23055 * version. */ 23056 return 0; 22052 23057 } 22053 23058 #endif … … 22133 23138 ProtocolVersion pv; 22134 23139 Suites clSuites; 23140 int ret = -1; 22135 23141 22136 23142 (void)inSz; … … 22138 23144 #ifdef WOLFSSL_CALLBACKS 22139 23145 if (ssl->hsInfoOn) 22140 AddPacketName( "ClientHello", &ssl->handShakeInfo);23146 AddPacketName(ssl, "ClientHello"); 22141 23147 if (ssl->toInfoOn) 22142 23148 AddLateName("ClientHello", &ssl->timeoutInfo); … … 22172 23178 byte haveRSA = 0; 22173 23179 byte havePSK = 0; 23180 int keySz = 0; 23181 22174 23182 if (!ssl->options.downgrade) { 22175 23183 WOLFSSL_MSG("Client trying to connect with lesser version"); … … 22207 23215 havePSK = ssl->options.havePSK; 22208 23216 #endif 22209 22210 InitSuites(ssl->suites, ssl->version, ssl->keySz, haveRSA, havePSK, 23217 #ifndef NO_CERTS 23218 keySz = ssl->buffers.keySz; 23219 #endif 23220 23221 InitSuites(ssl->suites, ssl->version, keySz, haveRSA, havePSK, 22211 23222 ssl->options.haveDH, ssl->options.haveNTRU, 22212 23223 ssl->options.haveECDSAsig, ssl->options.haveECC, … … 22266 23277 22267 23278 ssl->options.clientState = CLIENT_HELLO_COMPLETE; 23279 ssl->cbmode = SSL_CB_MODE_WRITE; 22268 23280 *inOutIdx = idx; 22269 23281 … … 22271 23283 /* DoClientHello uses same resume code */ 22272 23284 if (ssl->options.resuming) { /* let's try */ 22273 int ret = -1;22274 23285 WOLFSSL_SESSION* session = GetSession(ssl, 22275 23286 ssl->arrays->masterSecret, 1); … … 22313 23324 } 22314 23325 22315 return MatchSuite(ssl, &clSuites); 23326 ret = MatchSuite(ssl, &clSuites); 23327 if (ret != 0)return ret; 23328 return SanityCheckMsgReceived(ssl, client_hello); 22316 23329 } 22317 23330 22318 23331 #endif /* OLD_HELLO_ALLOWED */ 22319 23332 22320 23333 #ifndef WOLFSSL_NO_TLS12 23334 23335 int HandleTlsResumption(WOLFSSL* ssl, int bogusID, Suites* clSuites) 23336 { 23337 int ret = 0; 23338 WOLFSSL_SESSION* session = GetSession(ssl, 23339 ssl->arrays->masterSecret, 1); 23340 23341 (void)bogusID; 23342 23343 #ifdef HAVE_SESSION_TICKET 23344 if (ssl->options.useTicket == 1) { 23345 session = &ssl->session; 23346 } else if (bogusID == 1 && ssl->options.rejectTicket == 0) { 23347 WOLFSSL_MSG("Bogus session ID without session ticket"); 23348 return BUFFER_ERROR; 23349 } 23350 #endif 23351 23352 if (!session) { 23353 WOLFSSL_MSG("Session lookup for resume failed"); 23354 ssl->options.resuming = 0; 23355 } 23356 else if (session->haveEMS != ssl->options.haveEMS) { 23357 /* RFC 7627, 5.3, server-side */ 23358 /* if old sess didn't have EMS, but new does, full handshake */ 23359 if (!session->haveEMS && ssl->options.haveEMS) { 23360 WOLFSSL_MSG("Attempting to resume a session that didn't " 23361 "use EMS with a new session with EMS. Do full " 23362 "handshake."); 23363 ssl->options.resuming = 0; 23364 } 23365 /* if old sess used EMS, but new doesn't, MUST abort */ 23366 else if (session->haveEMS && !ssl->options.haveEMS) { 23367 WOLFSSL_MSG("Trying to resume a session with EMS without " 23368 "using EMS"); 23369 return EXT_MASTER_SECRET_NEEDED_E; 23370 } 23371 #ifdef HAVE_EXT_CACHE 23372 wolfSSL_SESSION_free(session); 23373 #endif 23374 } 23375 else { 23376 #ifdef HAVE_EXT_CACHE 23377 wolfSSL_SESSION_free(session); 23378 #endif 23379 if (MatchSuite(ssl, clSuites) < 0) { 23380 WOLFSSL_MSG("Unsupported cipher suite, ClientHello"); 23381 return UNSUPPORTED_SUITE; 23382 } 23383 23384 ret = wc_RNG_GenerateBlock(ssl->rng, ssl->arrays->serverRandom, 23385 RAN_LEN); 23386 if (ret != 0) 23387 return ret; 23388 23389 #ifdef NO_OLD_TLS 23390 ret = DeriveTlsKeys(ssl); 23391 #else 23392 #ifndef NO_TLS 23393 if (ssl->options.tls) 23394 ret = DeriveTlsKeys(ssl); 23395 #endif 23396 if (!ssl->options.tls) 23397 ret = DeriveKeys(ssl); 23398 #endif 23399 ssl->options.clientState = CLIENT_KEYEXCHANGE_COMPLETE; 23400 } 23401 23402 return ret; 23403 } 23404 23405 23406 /* handle processing of client_hello (1) */ 22321 23407 int DoClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx, 22322 23408 word32 helloSz) … … 22328 23414 word32 i = *inOutIdx; 22329 23415 word32 begin = i; 23416 int ret = 0; 22330 23417 #ifdef WOLFSSL_DTLS 22331 23418 Hmac cookieHmac; … … 22338 23425 #endif /* WOLFSSL_DTLS */ 22339 23426 23427 WOLFSSL_START(WC_FUNC_CLIENT_HELLO_DO); 23428 WOLFSSL_ENTER("DoClientHello"); 23429 22340 23430 #ifdef WOLFSSL_CALLBACKS 22341 if (ssl->hsInfoOn) AddPacketName( "ClientHello", &ssl->handShakeInfo);23431 if (ssl->hsInfoOn) AddPacketName(ssl, "ClientHello"); 22342 23432 if (ssl->toInfoOn) AddLateName("ClientHello", &ssl->timeoutInfo); 22343 23433 #endif 22344 22345 23434 /* protocol version, random and session id length check */ 22346 23435 if ((i - begin) + OPAQUE16_LEN + RAN_LEN + OPAQUE8_LEN > helloSz) … … 22352 23441 #ifdef WOLFSSL_DTLS 22353 23442 if (IsDtlsNotSctpMode(ssl)) { 22354 int ret;22355 23443 #if defined(NO_SHA) && defined(NO_SHA256) 22356 23444 #error "DTLS needs either SHA or SHA-256" … … 22379 23467 i += OPAQUE16_LEN; 22380 23468 23469 /* Legacy protocol version cannot negotiate TLS 1.3 or higher. */ 23470 if (pv.major == SSLv3_MAJOR && pv.minor >= TLSv1_3_MINOR) 23471 pv.minor = TLSv1_2_MINOR; 23472 22381 23473 if ((!ssl->options.dtls && ssl->version.minor > pv.minor) || 22382 23474 (ssl->options.dtls && ssl->version.minor != DTLS_MINOR … … 22499 23591 #ifdef WOLFSSL_DTLS 22500 23592 if (IsDtlsNotSctpMode(ssl)) { 22501 intret = wc_HmacUpdate(&cookieHmac, input + i, RAN_LEN);23593 ret = wc_HmacUpdate(&cookieHmac, input + i, RAN_LEN); 22502 23594 if (ret != 0) return ret; 22503 23595 } … … 22532 23624 #ifdef WOLFSSL_DTLS 22533 23625 if (IsDtlsNotSctpMode(ssl)) { 22534 intret = wc_HmacUpdate(&cookieHmac, input + i - 1, b + 1);23626 ret = wc_HmacUpdate(&cookieHmac, input + i - 1, b + 1); 22535 23627 if (ret != 0) return ret; 22536 23628 } … … 22588 23680 /* check for TLS_EMPTY_RENEGOTIATION_INFO_SCSV suite */ 22589 23681 if (FindSuite(&clSuites, 0, TLS_EMPTY_RENEGOTIATION_INFO_SCSV) >= 0) { 22590 int ret = 0; 22591 22592 ret = TLSX_AddEmptyRenegotiationInfo(&ssl->extensions, ssl->heap); 23682 ret = TLSX_AddEmptyRenegotiationInfo(&ssl->extensions); 22593 23683 if (ret != WOLFSSL_SUCCESS) 22594 23684 return ret; 23685 ssl->secure_renegotiation->enabled = 1; 22595 23686 } 22596 23687 #endif /* HAVE_SERVER_RENEGOTIATION_INFO */ … … 22598 23689 #ifdef WOLFSSL_DTLS 22599 23690 if (IsDtlsNotSctpMode(ssl)) { 22600 intret = wc_HmacUpdate(&cookieHmac,23691 ret = wc_HmacUpdate(&cookieHmac, 22601 23692 input + i - OPAQUE16_LEN, 22602 23693 clSuites.suiteSz + OPAQUE16_LEN); … … 22621 23712 if (IsDtlsNotSctpMode(ssl)) { 22622 23713 byte newCookie[MAX_COOKIE_LEN]; 22623 int ret;22624 23714 22625 23715 ret = wc_HmacUpdate(&cookieHmac, input + i - 1, b + 1); … … 22658 23748 22659 23749 { 22660 /* co pmression match types */23750 /* compression match types */ 22661 23751 int matchNo = 0; 22662 23752 int matchZlib = 0; … … 22694 23784 QSH_Init(ssl); 22695 23785 #endif 22696 if (TLSX_SupportExtensions(ssl)) { 22697 int ret = 0; 23786 if (TLSX_SupportExtensions(ssl)) 22698 23787 #else 22699 if (IsAtLeastTLSv1_2(ssl)) { 22700 #endif 23788 if (IsAtLeastTLSv1_2(ssl)) 23789 #endif 23790 { 22701 23791 /* Process the hello extension. Skip unsupported. */ 22702 23792 word16 totalExtSz; … … 22730 23820 } 22731 23821 #endif 22732 #ifdefined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)23822 #if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) 22733 23823 if((ret=SNI_Callback(ssl))) 22734 23824 return ret; 22735 23825 ssl->options.side = WOLFSSL_SERVER_END; 22736 #endif /*HAVE_STUNNEL*/ 23826 #endif 22737 23827 22738 23828 i += totalExtSz; … … 22753 23843 22754 23844 if (extId == HELLO_EXT_SIG_ALGO) { 22755 ato16(&input[i], &clSuites.hashSigAlgoSz); 23845 word16 hashSigAlgoSz; 23846 23847 ato16(&input[i], &hashSigAlgoSz); 22756 23848 i += OPAQUE16_LEN; 22757 23849 22758 if (OPAQUE16_LEN + clSuites.hashSigAlgoSz > extSz)23850 if (OPAQUE16_LEN + hashSigAlgoSz > extSz) 22759 23851 return BUFFER_ERROR; 22760 23852 23853 clSuites.hashSigAlgoSz = hashSigAlgoSz; 23854 if (clSuites.hashSigAlgoSz > WOLFSSL_MAX_SIGALGO) { 23855 WOLFSSL_MSG("ClientHello SigAlgo list exceeds max, " 23856 "truncating"); 23857 clSuites.hashSigAlgoSz = WOLFSSL_MAX_SIGALGO; 23858 } 23859 22761 23860 XMEMCPY(clSuites.hashSigAlgo, &input[i], 22762 min(clSuites.hashSigAlgoSz, HELLO_EXT_SIGALGO_MAX)); 22763 i += clSuites.hashSigAlgoSz; 22764 22765 if (clSuites.hashSigAlgoSz > HELLO_EXT_SIGALGO_MAX) 22766 clSuites.hashSigAlgoSz = HELLO_EXT_SIGALGO_MAX; 23861 clSuites.hashSigAlgoSz); 23862 23863 i += hashSigAlgoSz; 22767 23864 } 22768 23865 #ifdef HAVE_EXTENDED_MASTER … … 22787 23884 /* ProcessOld uses same resume code */ 22788 23885 if (ssl->options.resuming) { 22789 int ret = -1;22790 WOLFSSL_SESSION* session = GetSession(ssl,22791 ssl->arrays->masterSecret, 1);22792 #ifdef HAVE_SESSION_TICKET22793 if (ssl->options.useTicket == 1) {22794 session = &ssl->session;22795 } else if (bogusID == 1 && ssl->options.rejectTicket == 0) { 22796 WOLFSSL_MSG("Bogus session ID without session ticket");22797 return BUFFER_ERROR;23886 ret = HandleTlsResumption(ssl, bogusID, &clSuites); 23887 if (ret != 0) 23888 return ret; 23889 if (ssl->options.clientState == CLIENT_KEYEXCHANGE_COMPLETE) { 23890 WOLFSSL_LEAVE("DoClientHello", ret); 23891 WOLFSSL_END(WC_FUNC_CLIENT_HELLO_DO); 23892 23893 return ret; 23894 } 22798 23895 } 22799 #endif 22800 22801 if (!session) { 22802 WOLFSSL_MSG("Session lookup for resume failed"); 22803 ssl->options.resuming = 0; 22804 } 22805 else if (session->haveEMS != ssl->options.haveEMS) { 22806 /* RFC 7627, 5.3, server-side */ 22807 /* if old sess didn't have EMS, but new does, full handshake */ 22808 if (!session->haveEMS && ssl->options.haveEMS) { 22809 WOLFSSL_MSG("Attempting to resume a session that didn't " 22810 "use EMS with a new session with EMS. Do full " 22811 "handshake."); 22812 ssl->options.resuming = 0; 22813 } 22814 /* if old sess used EMS, but new doesn't, MUST abort */ 22815 else if (session->haveEMS && !ssl->options.haveEMS) { 22816 WOLFSSL_MSG("Trying to resume a session with EMS without " 22817 "using EMS"); 22818 return EXT_MASTER_SECRET_NEEDED_E; 22819 } 22820 #ifdef HAVE_EXT_CACHE 22821 wolfSSL_SESSION_free(session); 22822 #endif 22823 } 22824 else { 22825 #ifdef HAVE_EXT_CACHE 22826 wolfSSL_SESSION_free(session); 22827 #endif 22828 if (MatchSuite(ssl, &clSuites) < 0) { 22829 WOLFSSL_MSG("Unsupported cipher suite, ClientHello"); 22830 return UNSUPPORTED_SUITE; 22831 } 22832 22833 ret = wc_RNG_GenerateBlock(ssl->rng, ssl->arrays->serverRandom, 22834 RAN_LEN); 22835 if (ret != 0) 22836 return ret; 22837 22838 #ifdef NO_OLD_TLS 22839 ret = DeriveTlsKeys(ssl); 22840 #else 22841 #ifndef NO_TLS 22842 if (ssl->options.tls) 22843 ret = DeriveTlsKeys(ssl); 22844 #endif 22845 if (!ssl->options.tls) 22846 ret = DeriveKeys(ssl); 23896 ret = MatchSuite(ssl, &clSuites); 23897 23898 #ifdef HAVE_SECURE_RENEGOTIATION 23899 if (ssl->secure_renegotiation && ssl->secure_renegotiation->enabled && 23900 IsEncryptionOn(ssl, 0)) { 23901 ssl->secure_renegotiation->startScr = 1; 23902 } 22847 23903 #endif 22848 ssl->options.clientState = CLIENT_KEYEXCHANGE_COMPLETE; 23904 WOLFSSL_LEAVE("DoClientHello", ret); 23905 WOLFSSL_END(WC_FUNC_CLIENT_HELLO_DO); 22849 23906 22850 23907 return ret; 22851 23908 } 22852 } 22853 return MatchSuite(ssl, &clSuites); 22854 } 22855 22856 22857 #if !defined(NO_RSA) || defined(HAVE_ECC) 23909 23910 23911 #if (!defined(NO_RSA) || defined(HAVE_ECC) || defined(HAVE_ED25519)) && \ 23912 !defined(WOLFSSL_NO_CLIENT_AUTH) 22858 23913 22859 23914 typedef struct DcvArgs { … … 22876 23931 } 22877 23932 23933 /* handle processing of certificate_verify (15) */ 22878 23934 static int DoCertificateVerify(WOLFSSL* ssl, byte* input, 22879 23935 word32* inOutIdx, word32 size) … … 22888 23944 #endif 22889 23945 23946 WOLFSSL_START(WC_FUNC_CERTIFICATE_VERIFY_DO); 22890 23947 WOLFSSL_ENTER("DoCertificateVerify"); 22891 23948 … … 22919 23976 #ifdef WOLFSSL_CALLBACKS 22920 23977 if (ssl->hsInfoOn) 22921 AddPacketName( "CertificateVerify", &ssl->handShakeInfo);23978 AddPacketName(ssl, "CertificateVerify"); 22922 23979 if (ssl->toInfoOn) 22923 23980 AddLateName("CertificateVerify", &ssl->timeoutInfo); … … 22948 24005 args->sigAlgo = ecc_dsa_sa_algo; 22949 24006 #endif 22950 #if def HAVE_ED2551924007 #if defined(HAVE_ED25519) && !defined(NO_ED25519_CLIENT_AUTH) 22951 24008 else if (ssl->peerEd25519KeyPresent) 22952 24009 args->sigAlgo = ed25519_sa_algo; 22953 #endif 24010 #endif /* HAVE_ED25519 && !NO_ED25519_CLIENT_AUTH */ 22954 24011 22955 24012 if ((args->idx - args->begin) + OPAQUE16_LEN > size) { … … 22992 24049 } 22993 24050 #endif /* HAVE_ECC */ 22994 #if def HAVE_ED2551924051 #if defined(HAVE_ED25519) && !defined(NO_ED25519_CLIENT_AUTH) 22995 24052 if (ssl->peerEd25519KeyPresent) { 22996 24053 WOLFSSL_MSG("Doing ED25519 peer cert verify"); … … 23001 24058 } 23002 24059 } 23003 #endif /* HAVE_ED25519 */24060 #endif /* HAVE_ED25519 && !NO_ED25519_CLIENT_AUTH */ 23004 24061 23005 24062 /* Advance state and proceed */ … … 23021 24078 ssl->peerRsaKey, 23022 24079 #ifdef HAVE_PK_CALLBACKS 23023 ssl->buffers.peerRsaKey.buffer, 23024 ssl->buffers.peerRsaKey.length, 23025 ssl->RsaVerifyCtx 24080 &ssl->buffers.peerRsaKey 23026 24081 #else 23027 NULL , 0, NULL24082 NULL 23028 24083 #endif 23029 24084 ); … … 23048 24103 ssl->peerEccDsaKey, 23049 24104 #ifdef HAVE_PK_CALLBACKS 23050 ssl->buffers.peerEccDsaKey.buffer, 23051 ssl->buffers.peerEccDsaKey.length, 23052 ssl->EccVerifyCtx 24105 &ssl->buffers.peerEccDsaKey 23053 24106 #else 23054 NULL , 0, NULL24107 NULL 23055 24108 #endif 23056 24109 ); 23057 24110 } 23058 24111 #endif /* HAVE_ECC */ 24112 #if defined(HAVE_ED25519) && !defined(NO_ED25519_CLIENT_AUTH) 24113 if (ssl->peerEd25519KeyPresent) { 24114 WOLFSSL_MSG("Doing Ed25519 peer cert verify"); 24115 24116 ret = Ed25519Verify(ssl, 24117 input + args->idx, args->sz, 24118 ssl->hsHashes->messages, ssl->hsHashes->prevLen, 24119 ssl->peerEd25519Key, 24120 #ifdef HAVE_PK_CALLBACKS 24121 &ssl->buffers.peerEd25519Key 24122 #else 24123 NULL 24124 #endif 24125 ); 24126 } 24127 #endif /* HAVE_ED25519 && !NO_ED25519_CLIENT_AUTH */ 23059 24128 23060 24129 /* Check for error */ … … 23083 24152 HashAlgoToType(args->hashAlgo)); 23084 24153 if (ret != 0) 23085 return ret;24154 goto exit_dcv; 23086 24155 } 23087 24156 else … … 23141 24210 case TLS_ASYNC_FINALIZE: 23142 24211 { 24212 if (IsEncryptionOn(ssl, 0)) { 24213 args->idx += ssl->keys.padSz; 24214 } 24215 23143 24216 ssl->options.havePeerVerify = 1; 23144 24217 … … 23162 24235 23163 24236 WOLFSSL_LEAVE("DoCertificateVerify", ret); 24237 WOLFSSL_END(WC_FUNC_CERTIFICATE_VERIFY_DO); 23164 24238 23165 24239 #ifdef WOLFSSL_ASYNC_CRYPT 23166 24240 /* Handle async operation */ 23167 24241 if (ret == WC_PENDING_E) { 23168 /* Mark message as not rece vied so it can process again */24242 /* Mark message as not received so it can process again */ 23169 24243 ssl->msgsReceived.got_certificate_verify = 0; 23170 24244 … … 23172 24246 } 23173 24247 #endif /* WOLFSSL_ASYNC_CRYPT */ 23174 24248 #ifdef OPENSSL_EXTRA 24249 if (ret != 0){ 24250 SendAlert(ssl, alert_fatal, bad_certificate); 24251 } 24252 #endif 23175 24253 /* Digest is not allocated, so do this to prevent free */ 23176 24254 ssl->buffers.digest.buffer = NULL; … … 23184 24262 } 23185 24263 23186 #endif /* !NO_RSA || HAVE_ECC */ 23187 24264 #endif /* (!NO_RSA || HAVE_ECC || HAVE_ED25519) && !WOLFSSL_NO_CLIENT_AUTH */ 24265 24266 /* handle generation of server_hello_done (14) */ 23188 24267 int SendServerHelloDone(WOLFSSL* ssl) 23189 24268 { … … 23192 24271 int ret; 23193 24272 24273 WOLFSSL_START(WC_FUNC_SERVER_HELLO_DONE_SEND); 24274 WOLFSSL_ENTER("SendServerHelloDone"); 24275 23194 24276 #ifdef WOLFSSL_DTLS 23195 24277 if (ssl->options.dtls) … … 23197 24279 #endif 23198 24280 24281 if (IsEncryptionOn(ssl, 1)) 24282 sendSz += MAX_MSG_EXTRA; 24283 23199 24284 /* check for available size */ 23200 24285 if ((ret = CheckAvailableSize(ssl, sendSz)) != 0) … … 23207 24292 AddHeaders(output, 0, server_hello_done, ssl); 23208 24293 24294 if (IsEncryptionOn(ssl, 1)) { 24295 byte* input; 24296 int inputSz = HANDSHAKE_HEADER_SZ; /* build msg adds rec hdr */ 24297 24298 input = (byte*)XMALLOC(inputSz, ssl->heap, DYNAMIC_TYPE_IN_BUFFER); 24299 if (input == NULL) 24300 return MEMORY_E; 24301 24302 XMEMCPY(input, output + RECORD_HEADER_SZ, inputSz); 24303 sendSz = BuildMessage(ssl, output, sendSz, input, inputSz, 24304 handshake, 1, 0, 0); 24305 XFREE(input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER); 24306 24307 if (sendSz < 0) 24308 return sendSz; 24309 } else { 23209 24310 #ifdef WOLFSSL_DTLS 23210 24311 if (IsDtlsNotSctpMode(ssl)) { 23211 24312 if ((ret = DtlsMsgPoolSave(ssl, output, sendSz)) != 0) 23212 return 0; 23213 } 23214 24313 return ret; 24314 } 23215 24315 if (ssl->options.dtls) 23216 24316 DtlsSEQIncrement(ssl, CUR_ORDER); 23217 24317 #endif 23218 23219 24318 ret = HashOutput(ssl, output, sendSz, 0); 23220 24319 if (ret != 0) 23221 24320 return ret; 23222 23223 #ifdef WOLFSSL_CALLBACKS 24321 } 24322 24323 #if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA) 23224 24324 if (ssl->hsInfoOn) 23225 AddPacketName( "ServerHelloDone", &ssl->handShakeInfo);24325 AddPacketName(ssl, "ServerHelloDone"); 23226 24326 if (ssl->toInfoOn) 23227 AddPacketInfo( "ServerHelloDone", &ssl->timeoutInfo, output, sendSz,23228 24327 AddPacketInfo(ssl, "ServerHelloDone", handshake, output, sendSz, 24328 WRITE_PROTO, ssl->heap); 23229 24329 #endif 23230 24330 ssl->options.serverState = SERVER_HELLODONE_COMPLETE; … … 23232 24332 ssl->buffers.outputBuffer.length += sendSz; 23233 24333 23234 return SendBuffered(ssl); 23235 } 23236 24334 ret = SendBuffered(ssl); 24335 24336 WOLFSSL_LEAVE("SendServerHelloDone", ret); 24337 WOLFSSL_END(WC_FUNC_SERVER_HELLO_DONE_SEND); 24338 24339 return ret; 24340 } 24341 24342 #endif /* !WOLFSSL_NO_TLS12 */ 23237 24343 23238 24344 #ifdef HAVE_SESSION_TICKET … … 23251 24357 #ifdef WOLFSSL_TLS13 23252 24358 word32 ageAdd; /* Obfuscation of age */ 23253 byte namedGroup; /* Named group used */ 24359 word16 namedGroup; /* Named group used */ 24360 #ifndef WOLFSSL_TLS13_DRAFT_18 24361 TicketNonce ticketNonce; /* Ticket nonce */ 24362 #endif 23254 24363 #ifdef WOLFSSL_EARLY_DATA 23255 24364 word32 maxEarlyDataSz; /* Max size of early data */ … … 23307 24416 /* Resumption master secret. */ 23308 24417 XMEMCPY(it.msecret, ssl->session.masterSecret, SECRET_LEN); 24418 #ifndef WOLFSSL_TLS13_DRAFT_18 24419 XMEMCPY(&it.ticketNonce, &ssl->session.ticketNonce, 24420 sizeof(TicketNonce)); 24421 #endif 23309 24422 #endif 23310 24423 } … … 23375 24488 word16 inLen; 23376 24489 24490 WOLFSSL_START(WC_FUNC_TICKET_DO); 24491 WOLFSSL_ENTER("DoClientTicket"); 24492 23377 24493 if (len > SESSION_TICKET_LEN || 23378 24494 len < (word32)(sizeof(InternalTicket) + WOLFSSL_TICKET_FIXED_SZ)) { … … 23401 24517 /* get master secret */ 23402 24518 if (ret == WOLFSSL_TICKET_RET_OK || ret == WOLFSSL_TICKET_RET_CREATE) { 24519 if (ssl->version.minor < it->pv.minor) { 24520 WOLFSSL_MSG("Ticket has greater version"); 24521 return VERSION_ERROR; 24522 } 24523 else if (ssl->version.minor > it->pv.minor) { 24524 if (!ssl->options.downgrade) { 24525 WOLFSSL_MSG("Ticket has lesser version"); 24526 return VERSION_ERROR; 24527 } 24528 24529 WOLFSSL_MSG("Downgrading protocol due to ticket"); 24530 24531 if (it->pv.minor < ssl->options.minDowngrade) 24532 return VERSION_ERROR; 24533 ssl->version.minor = it->pv.minor; 24534 } 24535 23403 24536 if (!IsAtLeastTLSv1_3(ssl->version)) { 23404 24537 XMEMCPY(ssl->arrays->masterSecret, it->msecret, SECRET_LEN); … … 23419 24552 /* Resumption master secret. */ 23420 24553 XMEMCPY(ssl->session.masterSecret, it->msecret, SECRET_LEN); 24554 #ifndef WOLFSSL_TLS13_DRAFT_18 24555 XMEMCPY(&ssl->session.ticketNonce, &it->ticketNonce, 24556 sizeof(TicketNonce)); 24557 #endif 23421 24558 ssl->session.namedGroup = it->namedGroup; 23422 24559 #endif 23423 24560 } 23424 24561 } 24562 24563 WOLFSSL_LEAVE("DoClientTicket", ret); 24564 WOLFSSL_END(WC_FUNC_TICKET_DO); 23425 24565 23426 24566 return ret; … … 23437 24577 word32 idx = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ; 23438 24578 24579 WOLFSSL_START(WC_FUNC_TICKET_SEND); 24580 WOLFSSL_ENTER("SendTicket"); 24581 23439 24582 if (ssl->options.createTicket) { 23440 24583 ret = CreateTicket(ssl); … … 23445 24588 sendSz = length + HANDSHAKE_HEADER_SZ + RECORD_HEADER_SZ; 23446 24589 24590 if (!ssl->options.dtls) { 24591 if (IsEncryptionOn(ssl, 1) && ssl->options.handShakeDone) 24592 sendSz += MAX_MSG_EXTRA; 24593 } 24594 else { 23447 24595 #ifdef WOLFSSL_DTLS 23448 if (ssl->options.dtls) {23449 24596 sendSz += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA; 23450 24597 idx += DTLS_RECORD_EXTRA + DTLS_HANDSHAKE_EXTRA; 23451 }23452 24598 #endif 24599 } 23453 24600 /* check for available size */ 23454 24601 if ((ret = CheckAvailableSize(ssl, sendSz)) != 0) … … 23471 24618 /* ticket */ 23472 24619 XMEMCPY(output + idx, ssl->session.ticket, ssl->session.ticketLen); 23473 /* idx += ssl->session.ticketLen; */ 23474 24620 idx += ssl->session.ticketLen; 24621 24622 if (IsEncryptionOn(ssl, 1) && ssl->options.handShakeDone) { 24623 byte* input; 24624 int inputSz = idx - RECORD_HEADER_SZ; /* build msg adds rec hdr */ 24625 24626 input = (byte*)XMALLOC(inputSz, ssl->heap, DYNAMIC_TYPE_IN_BUFFER); 24627 if (input == NULL) 24628 return MEMORY_E; 24629 24630 XMEMCPY(input, output + RECORD_HEADER_SZ, inputSz); 24631 sendSz = BuildMessage(ssl, output, sendSz, input, inputSz, 24632 handshake, 1, 0, 0); 24633 XFREE(input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER); 24634 24635 if (sendSz < 0) 24636 return sendSz; 24637 } 24638 else { 23475 24639 #ifdef WOLFSSL_DTLS 23476 24640 if (ssl->options.dtls) { … … 23481 24645 } 23482 24646 #endif 23483 23484 24647 ret = HashOutput(ssl, output, sendSz, 0); 23485 if (ret != 0) return ret; 24648 if (ret != 0) 24649 return ret; 24650 } 24651 23486 24652 ssl->buffers.outputBuffer.length += sendSz; 23487 24653 23488 return SendBuffered(ssl); 24654 ret = SendBuffered(ssl); 24655 24656 WOLFSSL_LEAVE("SendTicket", ret); 24657 WOLFSSL_END(WC_FUNC_TICKET_SEND); 24658 24659 return ret; 23489 24660 } 23490 24661 23491 24662 #endif /* HAVE_SESSION_TICKET */ 23492 24663 24664 #ifndef WOLFSSL_NO_TLS12 24665 24666 #if defined(HAVE_SECURE_RENEGOTIATION) && \ 24667 defined(HAVE_SERVER_RENEGOTIATION_INFO) && \ 24668 !defined(WOLFSSL_NO_SERVER) 24669 24670 /* handle generation of server's hello_request (0) */ 24671 int SendHelloRequest(WOLFSSL* ssl) 24672 { 24673 byte* output; 24674 int sendSz = RECORD_HEADER_SZ + HANDSHAKE_HEADER_SZ; 24675 int ret; 24676 24677 WOLFSSL_START(WC_FUNC_HELLO_REQUEST_SEND); 24678 WOLFSSL_ENTER("SendHelloRequest"); 24679 24680 if (IsEncryptionOn(ssl, 1)) 24681 sendSz += MAX_MSG_EXTRA; 24682 24683 /* check for available size */ 24684 if ((ret = CheckAvailableSize(ssl, sendSz)) != 0) 24685 return ret; 24686 24687 /* get output buffer */ 24688 output = ssl->buffers.outputBuffer.buffer + 24689 ssl->buffers.outputBuffer.length; 24690 24691 AddHeaders(output, 0, hello_request, ssl); 24692 24693 if (IsEncryptionOn(ssl, 1)) { 24694 byte* input; 24695 int inputSz = HANDSHAKE_HEADER_SZ; /* build msg adds rec hdr */ 24696 24697 input = (byte*)XMALLOC(inputSz, ssl->heap, DYNAMIC_TYPE_IN_BUFFER); 24698 if (input == NULL) 24699 return MEMORY_E; 24700 24701 XMEMCPY(input, output + RECORD_HEADER_SZ, inputSz); 24702 sendSz = BuildMessage(ssl, output, sendSz, input, inputSz, 24703 handshake, 0, 0, 0); 24704 XFREE(input, ssl->heap, DYNAMIC_TYPE_IN_BUFFER); 24705 24706 if (sendSz < 0) 24707 return sendSz; 24708 } 24709 24710 ssl->buffers.outputBuffer.length += sendSz; 24711 24712 ret = SendBuffered(ssl); 24713 24714 WOLFSSL_LEAVE("SendHelloRequest", ret); 24715 WOLFSSL_END(WC_FUNC_HELLO_REQUEST_SEND); 24716 24717 return ret; 24718 } 24719 24720 #endif /* HAVE_SECURE_RENEGOTIATION && HAVE_SERVER_RENEGOTIATION_INFO */ 23493 24721 23494 24722 #ifdef WOLFSSL_DTLS 24723 /* handle generation of DTLS hello_verify_request (3) */ 23495 24724 static int SendHelloVerifyRequest(WOLFSSL* ssl, 23496 24725 const byte* cookie, byte cookieSz) … … 23530 24759 XMEMCPY(output + idx, cookie, cookieSz); 23531 24760 23532 #if def WOLFSSL_CALLBACKS24761 #if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA) 23533 24762 if (ssl->hsInfoOn) 23534 AddPacketName( "HelloVerifyRequest", &ssl->handShakeInfo);24763 AddPacketName(ssl, "HelloVerifyRequest"); 23535 24764 if (ssl->toInfoOn) 23536 AddPacketInfo( "HelloVerifyRequest", &ssl->timeoutInfo, output,23537 sendSz, ssl->heap);24765 AddPacketInfo(ssl, "HelloVerifyRequest", handshake, output, 24766 sendSz, WRITE_PROTO, ssl->heap); 23538 24767 #endif 23539 24768 … … 23550 24779 word32 begin; 23551 24780 word32 sigSz; 24781 #ifndef NO_RSA 24782 int lastErr; 24783 #endif 23552 24784 } DckeArgs; 23553 24785 … … 23560 24792 } 23561 24793 24794 /* handle processing client_key_exchange (16) */ 23562 24795 static int DoClientKeyExchange(WOLFSSL* ssl, byte* input, word32* inOutIdx, 23563 24796 word32 size) … … 23572 24805 #endif 23573 24806 24807 (void)size; 24808 (void)input; 24809 24810 WOLFSSL_START(WC_FUNC_CLIENT_KEY_EXCHANGE_DO); 23574 24811 WOLFSSL_ENTER("DoClientKeyExchange"); 23575 24812 … … 23630 24867 #endif /* !NO_CERTS */ 23631 24868 23632 #if def WOLFSSL_CALLBACKS24869 #if defined(WOLFSSL_CALLBACKS) 23633 24870 if (ssl->hsInfoOn) { 23634 AddPacketName( "ClientKeyExchange", &ssl->handShakeInfo);24871 AddPacketName(ssl, "ClientKeyExchange"); 23635 24872 } 23636 24873 if (ssl->toInfoOn) { … … 23639 24876 #endif 23640 24877 24878 if (ssl->arrays->preMasterSecret == NULL) { 24879 ssl->arrays->preMasterSecret = (byte*)XMALLOC(ENCRYPT_LEN, 24880 ssl->heap, DYNAMIC_TYPE_SECRET); 24881 if (ssl->arrays->preMasterSecret == NULL) { 24882 ERROR_OUT(MEMORY_E, exit_dcke); 24883 } 24884 XMEMSET(ssl->arrays->preMasterSecret, 0, ENCRYPT_LEN); 24885 } 24886 23641 24887 switch (ssl->specs.kea) { 23642 24888 #ifndef NO_RSA 23643 24889 case rsa_kea: 23644 24890 { 23645 /* make sure private key exists */23646 if (ssl->buffers.key == NULL ||23647 ssl->buffers.key->buffer == NULL) {23648 ERROR_OUT(NO_PRIVATE_KEY, exit_dcke);23649 }23650 24891 break; 23651 24892 } /* rsa_kea */ … … 23673 24914 } 23674 24915 #endif /* HAVE_NTRU */ 23675 #if def HAVE_ECC24916 #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) 23676 24917 case ecc_diffie_hellman_kea: 23677 24918 { 23678 24919 break; 23679 24920 } 23680 #endif /* HAVE_ECC */24921 #endif /* HAVE_ECC || HAVE_CURVE25519 */ 23681 24922 #ifndef NO_DH 23682 24923 case diffie_hellman_kea: … … 23696 24937 } 23697 24938 #endif /* !NO_DH && !NO_PSK */ 23698 #if defined(HAVE_ECC) && !defined(NO_PSK) 24939 #if (defined(HAVE_ECC) || defined(HAVE_CURVE25519)) && \ 24940 !defined(NO_PSK) 23699 24941 case ecdhe_psk_kea: 23700 24942 { … … 23706 24948 break; 23707 24949 } 23708 #endif /* HAVE_ECC&& !NO_PSK */24950 #endif /* (HAVE_ECC || HAVE_CURVE25519) && !NO_PSK */ 23709 24951 default: 23710 24952 WOLFSSL_MSG("Bad kea type"); … … 23773 25015 WOLFSSL_MSG("RSA message too big"); 23774 25016 ERROR_OUT(BUFFER_ERROR, exit_dcke); 25017 } 25018 25019 /* pre-load PreMasterSecret with RNG data */ 25020 ret = wc_RNG_GenerateBlock(ssl->rng, 25021 &ssl->arrays->preMasterSecret[VERSION_SZ], 25022 SECRET_LEN - VERSION_SZ); 25023 if (ret != 0) { 25024 goto exit_dcke; 23775 25025 } 23776 25026 … … 24087 25337 } 24088 25338 #endif /* !NO_DH && !NO_PSK */ 24089 #if (defined(HAVE_ECC) || defined(HAVE_CURVE25519)) && !defined(NO_PSK) 25339 #if (defined(HAVE_ECC) || defined(HAVE_CURVE25519)) && \ 25340 !defined(NO_PSK) 24090 25341 case ecdhe_psk_kea: 24091 25342 { … … 24225 25476 { 24226 25477 RsaKey* key = (RsaKey*)ssl->hsKey; 25478 24227 25479 ret = RsaDec(ssl, 24228 25480 input + args->idx, … … 24231 25483 &args->sigSz, 24232 25484 key, 24233 #if defined(HAVE_PK_CALLBACKS) 24234 ssl->buffers.key->buffer, 24235 ssl->buffers.key->length, 24236 ssl->RsaDecCtx 25485 #ifdef HAVE_PK_CALLBACKS 25486 ssl->buffers.key 24237 25487 #else 24238 NULL , 0, NULL25488 NULL 24239 25489 #endif 24240 25490 ); 25491 25492 /* Errors that can occur here that should be 25493 * indistinguishable: 25494 * RSA_BUFFER_E, RSA_PAD_E and RSA_PRIVATE_ERROR 25495 */ 25496 if (ret < 0 && ret != BAD_FUNC_ARG) { 25497 #ifdef WOLFSSL_ASYNC_CRYPT 25498 if (ret == WC_PENDING_E) 25499 goto exit_dcke; 25500 #endif 25501 /* store error code for handling below */ 25502 args->lastErr = ret; 25503 ret = 0; 25504 } 24241 25505 break; 24242 25506 } /* rsa_kea */ … … 24258 25522 { 24259 25523 void* private_key = ssl->eccTempKey; 25524 (void)private_key; 24260 25525 24261 25526 #ifdef HAVE_CURVE25519 … … 24267 25532 ssl->arrays->preMasterSecret, 24268 25533 &ssl->arrays->preMasterSz, 24269 WOLFSSL_SERVER_END, 24270 #ifdef HAVE_PK_CALLBACKS 24271 ssl->EccSharedSecretCtx 24272 #else 24273 NULL 24274 #endif 25534 WOLFSSL_SERVER_END 24275 25535 ); 24276 25536 break; … … 24288 25548 ssl->arrays->preMasterSecret, 24289 25549 &ssl->arrays->preMasterSz, 24290 WOLFSSL_SERVER_END, 24291 #ifdef HAVE_PK_CALLBACKS 24292 ssl->EccSharedSecretCtx 24293 #else 24294 NULL 24295 #endif 25550 WOLFSSL_SERVER_END 24296 25551 ); 25552 #ifdef WOLFSSL_ASYNC_CRYPT 25553 if (ret != WC_PENDING_E) 25554 #endif 25555 { 25556 FreeKey(ssl, DYNAMIC_TYPE_ECC, 25557 (void**)&ssl->peerEccKey); 25558 ssl->peerEccKeyPresent = 0; 25559 } 24297 25560 #endif 24298 25561 break; … … 24325 25588 } 24326 25589 #endif /* !NO_DH && !NO_PSK */ 24327 #if (defined(HAVE_ECC) || defined(HAVE_CURVE25519)) && !defined(NO_PSK) 25590 #if (defined(HAVE_ECC) || defined(HAVE_CURVE25519)) && \ 25591 !defined(NO_PSK) 24328 25592 case ecdhe_psk_kea: 24329 25593 { … … 24336 25600 ssl->arrays->preMasterSecret + OPAQUE16_LEN, 24337 25601 &args->sigSz, 24338 WOLFSSL_SERVER_END, 24339 #ifdef HAVE_PK_CALLBACKS 24340 ssl->EccSharedSecretCtx 24341 #else 24342 NULL 24343 #endif 25602 WOLFSSL_SERVER_END 24344 25603 ); 25604 #ifdef WOLFSSL_ASYNC_CRYPT 25605 if (ret != WC_PENDING_E) 25606 #endif 25607 { 25608 FreeKey(ssl, DYNAMIC_TYPE_CURVE25519, 25609 (void**)&ssl->peerX25519Key); 25610 ssl->peerX25519KeyPresent = 0; 25611 } 24345 25612 break; 24346 25613 } … … 24352 25619 ssl->arrays->preMasterSecret + OPAQUE16_LEN, 24353 25620 &args->sigSz, 24354 WOLFSSL_SERVER_END, 24355 #ifdef HAVE_PK_CALLBACKS 24356 ssl->EccSharedSecretCtx 24357 #else 24358 NULL 24359 #endif 25621 WOLFSSL_SERVER_END 24360 25622 ); 25623 if (!ssl->specs.static_ecdh 25624 #ifdef WOLFSSL_ASYNC_CRYPT 25625 && ret != WC_PENDING_E 25626 #endif 25627 ) { 25628 FreeKey(ssl, DYNAMIC_TYPE_ECC, 25629 (void**)&ssl->peerEccKey); 25630 ssl->peerEccKeyPresent = 0; 25631 } 24361 25632 break; 24362 25633 } … … 24385 25656 args->idx += args->length; 24386 25657 24387 if (args->sigSz == SECRET_LEN && args->output != NULL) {24388 XMEMCPY(ssl->arrays->preMasterSecret, args->output, SECRET_LEN);24389 if (ssl->arrays->preMasterSecret[0] != ssl->chVersion.major ||24390 ssl->arrays->preMasterSecret[1] != ssl->chVersion.minor) {24391 ERROR_OUT(PMS_VERSION_ERROR, exit_dcke);24392 }25658 #ifdef DEBUG_WOLFSSL 25659 /* check version (debug warning message only) */ 25660 if (args->output != NULL) { 25661 if (args->output[0] != ssl->chVersion.major || 25662 args->output[1] != ssl->chVersion.minor) { 25663 WOLFSSL_MSG("preMasterSecret version mismatch"); 24393 25664 } 24394 else {24395 ERROR_OUT(RSA_PRIVATE_ERROR, exit_dcke);24396 25665 } 25666 #endif 25667 25668 /* RFC5246 7.4.7.1: 25669 * Treat incorrectly formatted message blocks and/or 25670 * mismatched version numbers in a manner 25671 * indistinguishable from correctly formatted RSA blocks 25672 */ 25673 25674 args->lastErr = 0; /* reset */ 25675 25676 /* build PreMasterSecret */ 25677 ssl->arrays->preMasterSecret[0] = ssl->chVersion.major; 25678 ssl->arrays->preMasterSecret[1] = ssl->chVersion.minor; 25679 if (args->output != NULL) { 25680 XMEMCPY(&ssl->arrays->preMasterSecret[VERSION_SZ], 25681 &args->output[VERSION_SZ], 25682 SECRET_LEN - VERSION_SZ); 25683 } 25684 /* preMasterSecret has RNG and version set 25685 * return proper length and ignore error 25686 * error will be caught as decryption error 25687 */ 25688 args->sigSz = SECRET_LEN; 25689 ret = 0; 24397 25690 break; 24398 25691 } /* rsa_kea */ … … 24410 25703 } 24411 25704 #endif /* HAVE_NTRU */ 24412 #if def HAVE_ECC25705 #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) 24413 25706 case ecc_diffie_hellman_kea: 24414 25707 { … … 24417 25710 break; 24418 25711 } 24419 #endif /* HAVE_ECC */25712 #endif /* HAVE_ECC || HAVE_CURVE25519 */ 24420 25713 #ifndef NO_DH 24421 25714 case diffie_hellman_kea: … … 24457 25750 } 24458 25751 #endif /* !NO_DH && !NO_PSK */ 24459 #if defined(HAVE_ECC) && !defined(NO_PSK) 25752 #if (defined(HAVE_ECC) || defined(HAVE_CURVE25519)) && \ 25753 !defined(NO_PSK) 24460 25754 case ecdhe_psk_kea: 24461 25755 { … … 24490 25784 break; 24491 25785 } 24492 #endif /* HAVE_ECC&& !NO_PSK */25786 #endif /* (HAVE_ECC || HAVE_CURVE25519) && !NO_PSK */ 24493 25787 default: 24494 25788 ret = BAD_KEA_TYPE_E; … … 24507 25801 case TLS_ASYNC_FINALIZE: 24508 25802 { 25803 if (IsEncryptionOn(ssl, 0)) { 25804 args->idx += ssl->keys.padSz; 25805 } 25806 24509 25807 #ifdef HAVE_QSH 24510 25808 word16 name; … … 24564 25862 24565 25863 WOLFSSL_LEAVE("DoClientKeyExchange", ret); 25864 WOLFSSL_END(WC_FUNC_CLIENT_KEY_EXCHANGE_DO); 24566 25865 24567 25866 #ifdef WOLFSSL_ASYNC_CRYPT 24568 25867 /* Handle async operation */ 24569 25868 if (ret == WC_PENDING_E) { 24570 /* Mark message as not rece vied so it can process again */25869 /* Mark message as not received so it can process again */ 24571 25870 ssl->msgsReceived.got_client_key_exchange = 0; 24572 25871 … … 24576 25875 24577 25876 /* Cleanup PMS */ 25877 if (ssl->arrays->preMasterSecret != NULL) { 24578 25878 ForceZero(ssl->arrays->preMasterSecret, ssl->arrays->preMasterSz); 25879 } 24579 25880 ssl->arrays->preMasterSz = 0; 24580 25881 … … 24586 25887 } 24587 25888 24588 24589 #if defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) 25889 #endif /* !WOLFSSL_NO_TLS12 */ 25890 25891 #if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \ 25892 defined(WOLFSSL_HAPROXY) 24590 25893 int SNI_Callback(WOLFSSL* ssl) 24591 25894 { … … 24603 25906 return 0; 24604 25907 } 24605 #endif /* HAVE_STUNNEL || WOLGSSL_NGINX */ 25908 #endif /* OPENSSL_ALL || HAVE_STUNNEL || WOLFSSL_NGINX || WOLFSSL_HAPROXY */ 25909 24606 25910 #endif /* NO_WOLFSSL_SERVER */ 24607 25911 … … 24699 26003 24700 26004 26005 /* return the max record size */ 26006 int wolfSSL_GetMaxRecordSize(WOLFSSL* ssl, int maxFragment) 26007 { 26008 (void) ssl; /* Avoid compiler warnings */ 26009 26010 if (maxFragment > MAX_RECORD_SIZE) { 26011 maxFragment = MAX_RECORD_SIZE; 26012 } 26013 26014 #ifdef HAVE_MAX_FRAGMENT 26015 if ((ssl->max_fragment != 0) && (maxFragment > ssl->max_fragment)) { 26016 maxFragment = ssl->max_fragment; 26017 } 26018 #endif /* HAVE_MAX_FRAGMENT */ 26019 #ifdef WOLFSSL_DTLS 26020 if ((ssl->options.dtls) && (maxFragment > MAX_UDP_SIZE)) { 26021 maxFragment = MAX_UDP_SIZE; 26022 } 26023 #endif 26024 26025 return maxFragment; 26026 } 26027 26028 24701 26029 #undef ERROR_OUT 24702 26030
Note:
See TracChangeset
for help on using the changeset viewer.