Changeset 372 for asp3_tinet_ecnl_arm/trunk/wolfssl-3.12.2/src/ssl.c
- Timestamp:
- Feb 7, 2019, 8:36:33 AM (5 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
asp3_tinet_ecnl_arm/trunk/wolfssl-3.12.2/src/ssl.c
r352 r372 46 46 #ifndef WOLFSSL_ALLOW_NO_SUITES 47 47 #if defined(NO_DH) && !defined(HAVE_ECC) && !defined(WOLFSSL_STATIC_RSA) \ 48 && !defined(WOLFSSL_STATIC_DH) && !defined(WOLFSSL_STATIC_PSK) 48 && !defined(WOLFSSL_STATIC_DH) && !defined(WOLFSSL_STATIC_PSK) \ 49 && !defined(HAVE_ED25519) 49 50 #error "No cipher suites defined because DH disabled, ECC disabled, and no static suites defined. Please see top of README" 50 51 #endif 51 52 #endif 52 53 53 #if defined(OPENSSL_EXTRA) || defined( HAVE_WEBSERVER) || \54 54 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \ 55 defined(HAVE_WEBSERVER) || defined(WOLFSSL_KEY_GEN) 55 56 #include <wolfssl/openssl/evp.h> 56 57 /* openssl headers end, wolfssl internal headers next */ 57 #include <wolfssl/wolfcrypt/wc_encrypt.h> 58 #endif 58 #endif 59 60 #include <wolfssl/wolfcrypt/wc_encrypt.h> 59 61 60 62 #ifdef OPENSSL_EXTRA 61 63 /* openssl headers begin */ 64 #include <wolfssl/openssl/aes.h> 62 65 #include <wolfssl/openssl/hmac.h> 63 66 #include <wolfssl/openssl/crypto.h> 64 67 #include <wolfssl/openssl/des.h> 65 68 #include <wolfssl/openssl/bn.h> 69 #include <wolfssl/openssl/buffer.h> 66 70 #include <wolfssl/openssl/dh.h> 67 71 #include <wolfssl/openssl/rsa.h> … … 72 76 #include <wolfssl/openssl/ecdsa.h> 73 77 #include <wolfssl/openssl/ecdh.h> 78 #include <wolfssl/openssl/rc4.h> 74 79 /* openssl headers end, wolfssl internal headers next */ 75 80 #include <wolfssl/wolfcrypt/hmac.h> … … 82 87 #include <wolfssl/wolfcrypt/curve25519.h> 83 88 #include <wolfssl/wolfcrypt/ed25519.h> 84 #if def HAVE_STUNNEL89 #if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) 85 90 #include <wolfssl/openssl/ocsp.h> 86 91 #endif /* WITH_STUNNEL */ 87 #if def WOLFSSL_SHA51292 #if defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384) 88 93 #include <wolfssl/wolfcrypt/sha512.h> 89 94 #endif 95 #if defined(WOLFCRYPT_HAVE_SRP) && !defined(NO_SHA256) \ 96 && !defined(WC_NO_RNG) 97 #include <wolfssl/wolfcrypt/srp.h> 98 #endif 99 #if defined(OPENSSL_ALL) && defined(HAVE_PKCS7) 100 #include <wolfssl/openssl/pkcs7.h> 101 #endif /* OPENSSL_ALL && HAVE_PKCS7 */ 90 102 #endif 91 103 … … 94 106 #endif 95 107 96 97 #ifndef WOLFSSL_LEANPSK98 char* mystrnstr(const char* s1, const char* s2, unsigned int n)99 {100 unsigned int s2_len = (unsigned int)XSTRLEN(s2);101 102 if (s2_len == 0)103 return (char*)s1;104 105 while (n >= s2_len && s1[0]) {106 if (s1[0] == s2[0])107 if (XMEMCMP(s1, s2, s2_len) == 0)108 return (char*)s1;109 s1++;110 n--;111 }112 113 return NULL;114 }115 #endif116 108 117 109 #ifdef WOLFSSL_SESSION_EXPORT … … 250 242 static wolfSSL_Mutex count_mutex; /* init ref count mutex */ 251 243 252 253 244 /* Create a new WOLFSSL_CTX struct and return the pointer to created struct. 254 245 WOLFSSL_METHOD pointer passed in is given to ctx to manage. … … 260 251 WOLFSSL_CTX* ctx = NULL; 261 252 262 WOLFSSL_ENTER(" WOLFSSL_CTX_new_ex");253 WOLFSSL_ENTER("wolfSSL_CTX_new_ex"); 263 254 264 255 if (initRefCount == 0) { … … 285 276 ctx = NULL; 286 277 } 278 #if defined(OPENSSL_EXTRA) && defined(WOLFCRYPT_HAVE_SRP) \ 279 && !defined(NO_SHA256) && !defined(WC_NO_RNG) 280 else { 281 ctx->srp = (Srp*) XMALLOC(sizeof(Srp), heap, DYNAMIC_TYPE_SRP); 282 if (ctx->srp == NULL){ 283 WOLFSSL_MSG("Init CTX failed"); 284 wolfSSL_CTX_free(ctx); 285 return NULL; 286 } 287 XMEMSET(ctx->srp, 0, sizeof(Srp)); 288 } 289 #endif 287 290 } 288 291 else { … … 290 293 XFREE(method, heap, DYNAMIC_TYPE_METHOD); 291 294 } 295 292 296 293 297 WOLFSSL_LEAVE("WOLFSSL_CTX_new", 0); … … 310 314 { 311 315 WOLFSSL_ENTER("SSL_CTX_free"); 312 if (ctx) 316 if (ctx) { 317 #if defined(OPENSSL_EXTRA) && defined(WOLFCRYPT_HAVE_SRP) \ 318 && !defined(NO_SHA256) && !defined(WC_NO_RNG) 319 if (ctx->srp != NULL){ 320 if (ctx->srp_password != NULL){ 321 XFREE(ctx->srp_password, ctx->heap, DYNAMIC_TYPE_SRP); 322 ctx->srp_password = NULL; 323 } 324 wc_SrpTerm(ctx->srp); 325 XFREE(ctx->srp, ctx->heap, DYNAMIC_TYPE_SRP); 326 ctx->srp = NULL; 327 } 328 #endif 313 329 FreeSSL_Ctx(ctx); 330 } 331 314 332 WOLFSSL_LEAVE("SSL_CTX_free", 0); 315 333 } … … 552 570 int wolfSSL_use_old_poly(WOLFSSL* ssl, int value) 553 571 { 572 (void)ssl; 573 (void)value; 574 575 #ifndef WOLFSSL_NO_TLS12 554 576 WOLFSSL_ENTER("SSL_use_old_poly"); 555 577 WOLFSSL_MSG("Warning SSL connection auto detects old/new and this function" … … 557 579 ssl->options.oldPoly = (word16)value; 558 580 WOLFSSL_LEAVE("SSL_use_old_poly", 0); 581 #endif 559 582 return 0; 560 583 } … … 632 655 char* wolfSSL_get_cipher_list(int priority) 633 656 { 634 const char* const* ciphers = GetCipherNames();657 const CipherSuiteInfo* ciphers = GetCipherNames(); 635 658 636 659 if (priority >= GetCipherNamesSize() || priority < 0) { … … 638 661 } 639 662 640 return (char*)ciphers[priority] ;663 return (char*)ciphers[priority].name; 641 664 } 642 665 … … 671 694 int wolfSSL_get_ciphers(char* buf, int len) 672 695 { 673 const char* const* ciphers = GetCipherNames(); 674 int totalInc = 0; 675 int step = 0; 676 char delim = ':'; 677 int size = GetCipherNamesSize(); 696 const CipherSuiteInfo* ciphers = GetCipherNames(); 697 int ciphersSz = GetCipherNamesSize(); 678 698 int i; 699 int cipherNameSz; 679 700 680 701 if (buf == NULL || len <= 0) … … 682 703 683 704 /* Add each member to the buffer delimited by a : */ 684 for (i = 0; i < size; i++) { 685 step = (int)(XSTRLEN(ciphers[i]) + 1); /* delimiter */ 686 totalInc += step; 687 688 /* Check to make sure buf is large enough and will not overflow */ 689 if (totalInc < len) { 690 XSTRNCPY(buf, ciphers[i], XSTRLEN(ciphers[i])); 691 buf += XSTRLEN(ciphers[i]); 692 693 if (i < size - 1) 694 *buf++ = delim; 695 else 696 *buf++ = '\0'; 705 for (i = 0; i < ciphersSz; i++) { 706 cipherNameSz = (int)XSTRLEN(ciphers[i].name); 707 if (cipherNameSz + 1 < len) { 708 XSTRNCPY(buf, ciphers[i].name, len); 709 buf += cipherNameSz; 710 711 if (i < ciphersSz - 1) 712 *buf++ = ':'; 713 *buf = 0; 714 715 len -= cipherNameSz + 1; 697 716 } 698 717 else … … 709 728 return NULL; 710 729 711 cipher = wolfSSL_get_cipher_name_from_suite(ssl->options.cipherSuite, 712 ssl->options.cipherSuite0); 730 cipher = wolfSSL_get_cipher_name_iana(ssl); 713 731 len = min(len, (int)(XSTRLEN(cipher) + 1)); 714 732 XMEMCPY(buf, cipher, len); … … 718 736 int wolfSSL_get_fd(const WOLFSSL* ssl) 719 737 { 738 int fd = -1; 720 739 WOLFSSL_ENTER("SSL_get_fd"); 721 WOLFSSL_LEAVE("SSL_get_fd", ssl->rfd); 722 return ssl->rfd; 723 } 724 725 726 int wolfSSL_get_using_nonblock(WOLFSSL* ssl) 727 { 728 WOLFSSL_ENTER("wolfSSL_get_using_nonblock"); 729 WOLFSSL_LEAVE("wolfSSL_get_using_nonblock", ssl->options.usingNonblock); 730 return ssl->options.usingNonblock; 740 if (ssl) { 741 fd = ssl->rfd; 742 } 743 WOLFSSL_LEAVE("SSL_get_fd", fd); 744 return fd; 731 745 } 732 746 … … 734 748 int wolfSSL_dtls(WOLFSSL* ssl) 735 749 { 736 return ssl->options.dtls; 750 int dtlsOpt = 0; 751 if (ssl) 752 dtlsOpt = ssl->options.dtls; 753 return dtlsOpt; 737 754 } 738 755 739 756 740 757 #ifndef WOLFSSL_LEANPSK 741 void wolfSSL_set_using_nonblock(WOLFSSL* ssl, int nonblock)742 {743 WOLFSSL_ENTER("wolfSSL_set_using_nonblock");744 ssl->options.usingNonblock = (nonblock != 0);745 }746 747 748 758 int wolfSSL_dtls_set_peer(WOLFSSL* ssl, void* peer, unsigned int peerSz) 749 759 { 750 760 #ifdef WOLFSSL_DTLS 751 void* sa = (void*)XMALLOC(peerSz, ssl->heap, DYNAMIC_TYPE_SOCKADDR); 761 void* sa; 762 763 if (ssl == NULL) 764 return WOLFSSL_FAILURE; 765 766 sa = (void*)XMALLOC(peerSz, ssl->heap, DYNAMIC_TYPE_SOCKADDR); 752 767 if (sa != NULL) { 753 if (ssl->buffers.dtlsCtx.peer.sa != NULL) 768 if (ssl->buffers.dtlsCtx.peer.sa != NULL) { 754 769 XFREE(ssl->buffers.dtlsCtx.peer.sa,ssl->heap,DYNAMIC_TYPE_SOCKADDR); 770 ssl->buffers.dtlsCtx.peer.sa = NULL; 771 } 755 772 XMEMCPY(sa, peer, peerSz); 756 773 ssl->buffers.dtlsCtx.peer.sa = sa; … … 903 920 904 921 #ifdef WOLFSSL_DTLS 905 static INLINE word32 UpdateHighwaterMark(word32 cur, word32 first,922 static WC_INLINE word32 UpdateHighwaterMark(word32 cur, word32 first, 906 923 word32 second, word32 max) 907 924 { … … 1145 1162 #endif 1146 1163 1164 (void)ssl; 1165 1147 1166 WOLFSSL_LEAVE("wolfSSL_negotiate", err); 1148 1167 … … 1354 1373 int wolfSSL_GetMaxOutputSize(WOLFSSL* ssl) 1355 1374 { 1356 int maxSize = OUTPUT_RECORD_SIZE;1357 1358 1375 WOLFSSL_ENTER("wolfSSL_GetMaxOutputSize"); 1359 1376 … … 1366 1383 } 1367 1384 1368 #ifdef HAVE_MAX_FRAGMENT 1369 maxSize = min(maxSize, ssl->max_fragment); 1370 #endif 1371 1372 #ifdef WOLFSSL_DTLS 1373 if (ssl->options.dtls) { 1374 maxSize = min(maxSize, MAX_UDP_SIZE); 1375 } 1376 #endif 1377 1378 return maxSize; 1385 return wolfSSL_GetMaxRecordSize(ssl, OUTPUT_RECORD_SIZE); 1379 1386 } 1380 1387 … … 1460 1467 const unsigned char* g, int gSz) 1461 1468 { 1462 word16 havePSK = 0;1463 word16 haveRSA = 1;1464 int keySz = 0;1465 1466 1469 WOLFSSL_ENTER("wolfSSL_SetTmpDH"); 1467 if (ssl == NULL || p == NULL || g == NULL) return BAD_FUNC_ARG; 1470 1471 if (ssl == NULL || p == NULL || g == NULL) 1472 return BAD_FUNC_ARG; 1468 1473 1469 1474 if (pSz < ssl->options.minDhKeySz) 1470 1475 return DH_KEY_SIZE_E; 1471 1472 if (ssl->options.side != WOLFSSL_SERVER_END) 1476 if (pSz > ssl->options.maxDhKeySz) 1477 return DH_KEY_SIZE_E; 1478 1479 /* this function is for server only */ 1480 if (ssl->options.side == WOLFSSL_CLIENT_END) 1473 1481 return SIDE_ERROR; 1482 1483 #if !defined(WOLFSSL_OLD_PRIME_CHECK) && !defined(HAVE_FIPS) && \ 1484 !defined(HAVE_SELFTEST) 1485 ssl->options.dhKeyTested = 0; 1486 ssl->options.dhDoKeyTest = 1; 1487 #endif 1474 1488 1475 1489 if (ssl->buffers.serverDH_P.buffer && ssl->buffers.weOwnDH) { … … 1503 1517 1504 1518 ssl->options.haveDH = 1; 1519 1520 if (ssl->options.side != WOLFSSL_NEITHER_END) { 1521 word16 havePSK = 0; 1522 word16 haveRSA = 1; 1523 int keySz = 0; 1524 1505 1525 #ifndef NO_PSK 1506 1526 havePSK = ssl->options.havePSK; … … 1516 1536 ssl->options.haveECDSAsig, ssl->options.haveECC, 1517 1537 ssl->options.haveStaticECC, ssl->options.side); 1538 } 1518 1539 1519 1540 WOLFSSL_LEAVE("wolfSSL_SetTmpDH", 0); 1541 1520 1542 return WOLFSSL_SUCCESS; 1521 1543 } 1544 1545 1546 #if !defined(WOLFSSL_OLD_PRIME_CHECK) && !defined(HAVE_FIPS) && \ 1547 !defined(HAVE_SELFTEST) 1548 /* Enables or disables the session's DH key prime test. */ 1549 int wolfSSL_SetEnableDhKeyTest(WOLFSSL* ssl, int enable) 1550 { 1551 WOLFSSL_ENTER("wolfSSL_SetEnableDhKeyTest"); 1552 1553 if (ssl == NULL) 1554 return BAD_FUNC_ARG; 1555 1556 if (!enable) 1557 ssl->options.dhDoKeyTest = 0; 1558 else 1559 ssl->options.dhDoKeyTest = 1; 1560 1561 WOLFSSL_LEAVE("wolfSSL_SetEnableDhKeyTest", WOLFSSL_SUCCESS); 1562 return WOLFSSL_SUCCESS; 1563 } 1564 #endif 1565 1522 1566 1523 1567 /* server ctx Diffie-Hellman parameters, WOLFSSL_SUCCESS on ok */ … … 1530 1574 if (pSz < ctx->minDhKeySz) 1531 1575 return DH_KEY_SIZE_E; 1576 if (pSz > ctx->maxDhKeySz) 1577 return DH_KEY_SIZE_E; 1578 1579 #if !defined(WOLFSSL_OLD_PRIME_CHECK) && !defined(HAVE_FIPS) && \ 1580 !defined(HAVE_SELFTEST) 1581 { 1582 DhKey checkKey; 1583 WC_RNG rng; 1584 int error, freeKey = 0; 1585 1586 error = wc_InitRng(&rng); 1587 if (!error) 1588 error = wc_InitDhKey(&checkKey); 1589 if (!error) { 1590 freeKey = 1; 1591 error = wc_DhSetCheckKey(&checkKey, 1592 p, pSz, g, gSz, NULL, 0, 0, &rng); 1593 } 1594 if (freeKey) 1595 wc_FreeDhKey(&checkKey); 1596 wc_FreeRng(&rng); 1597 if (error) 1598 return error; 1599 1600 ctx->dhKeyTested = 1; 1601 } 1602 #endif 1532 1603 1533 1604 XFREE(ctx->serverDH_P.buffer, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY); 1605 ctx->serverDH_P.buffer = NULL; 1534 1606 XFREE(ctx->serverDH_G.buffer, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY); 1607 ctx->serverDH_G.buffer = NULL; 1535 1608 1536 1609 ctx->serverDH_P.buffer = (byte*)XMALLOC(pSz, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY); … … 1541 1614 if (ctx->serverDH_G.buffer == NULL) { 1542 1615 XFREE(ctx->serverDH_P.buffer, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY); 1616 ctx->serverDH_P.buffer = NULL; 1543 1617 return MEMORY_E; 1544 1618 } … … 1577 1651 1578 1652 1653 int wolfSSL_CTX_SetMaxDhKey_Sz(WOLFSSL_CTX* ctx, word16 keySz) 1654 { 1655 if (ctx == NULL || keySz > 16000 || keySz % 8 != 0) 1656 return BAD_FUNC_ARG; 1657 1658 ctx->maxDhKeySz = keySz / 8; 1659 return WOLFSSL_SUCCESS; 1660 } 1661 1662 1663 int wolfSSL_SetMaxDhKey_Sz(WOLFSSL* ssl, word16 keySz) 1664 { 1665 if (ssl == NULL || keySz > 16000 || keySz % 8 != 0) 1666 return BAD_FUNC_ARG; 1667 1668 ssl->options.maxDhKeySz = keySz / 8; 1669 return WOLFSSL_SUCCESS; 1670 } 1671 1672 1579 1673 int wolfSSL_GetDhKey_Sz(WOLFSSL* ssl) 1580 1674 { … … 1598 1692 1599 1693 #ifdef WOLFSSL_EARLY_DATA 1600 if (ssl->earlyData && (ret = wolfSSL_negotiate(ssl)) < 0) {1694 if (ssl->earlyData != no_early_data && (ret = wolfSSL_negotiate(ssl)) < 0) { 1601 1695 ssl->error = ret; 1602 1696 return WOLFSSL_FATAL_ERROR; 1603 1697 } 1604 ssl->earlyData = 0;1698 ssl->earlyData = no_early_data; 1605 1699 #endif 1606 1700 … … 1639 1733 #endif 1640 1734 1735 #ifdef OPENSSL_EXTRA 1736 if (ssl->CBIS != NULL) { 1737 ssl->CBIS(ssl, SSL_CB_WRITE, SSL_SUCCESS); 1738 ssl->cbmode = SSL_CB_WRITE; 1739 } 1740 #endif 1641 1741 ret = SendData(ssl, data, sz); 1642 1742 … … 1679 1779 #endif 1680 1780 1681 sz = min(sz, OUTPUT_RECORD_SIZE); 1682 #ifdef HAVE_MAX_FRAGMENT 1683 sz = min(sz, ssl->max_fragment); 1684 #endif 1781 sz = wolfSSL_GetMaxRecordSize(ssl, sz); 1782 1685 1783 ret = ReceiveData(ssl, (byte*)data, sz, peek); 1686 1784 1687 1785 #ifdef HAVE_WRITE_DUP 1688 1786 if (ssl->dupWrite) { 1689 if (ssl->error != 0 && ssl->error != WANT_READ && 1690 ssl->error != WC_PENDING_E) { 1787 if (ssl->error != 0 && ssl->error != WANT_READ 1788 #ifdef WOLFSSL_ASYNC_CRYPT 1789 && ssl->error != WC_PENDING_E 1790 #endif 1791 ) { 1691 1792 int notifyErr; 1692 1793 … … 1721 1822 WOLFSSL_ENTER("wolfSSL_read()"); 1722 1823 1824 #ifdef OPENSSL_EXTRA 1825 if (ssl->CBIS != NULL) { 1826 ssl->CBIS(ssl, SSL_CB_READ, SSL_SUCCESS); 1827 ssl->cbmode = SSL_CB_READ; 1828 } 1829 #endif 1723 1830 return wolfSSL_read_internal(ssl, data, sz, FALSE); 1724 1831 } … … 1744 1851 #endif /* WOLFSSL_MULTICAST */ 1745 1852 1746 #ifdef WOLFSSL_ASYNC_CRYPT 1747 1748 /* let's use async hardware, WOLFSSL_SUCCESS on ok */ 1749 int wolfSSL_UseAsync(WOLFSSL* ssl, int devId) 1853 1854 /* helpers to set the device id, WOLFSSL_SUCCESS on ok */ 1855 int wolfSSL_SetDevId(WOLFSSL* ssl, int devId) 1750 1856 { 1751 1857 if (ssl == NULL) … … 1756 1862 return WOLFSSL_SUCCESS; 1757 1863 } 1758 1759 1760 /* let's use async hardware, WOLFSSL_SUCCESS on ok */ 1761 int wolfSSL_CTX_UseAsync(WOLFSSL_CTX* ctx, int devId) 1864 int wolfSSL_CTX_SetDevId(WOLFSSL_CTX* ctx, int devId) 1762 1865 { 1763 1866 if (ctx == NULL) … … 1768 1871 return WOLFSSL_SUCCESS; 1769 1872 } 1770 1771 #endif /* WOLFSSL_ASYNC_CRYPT */1772 1873 1773 1874 /* helpers to get device id and heap */ … … 1868 1969 return BAD_FUNC_ARG; 1869 1970 1971 #ifdef WOLFSSL_ALLOW_MAX_FRAGMENT_ADJUST 1972 /* The following is a non-standard way to reconfigure the max packet size 1973 post-handshake for wolfSSL_write/woflSSL_read */ 1974 if (ssl->options.handShakeState == HANDSHAKE_DONE) { 1975 switch (mfl) { 1976 case WOLFSSL_MFL_2_8 : ssl->max_fragment = 256; break; 1977 case WOLFSSL_MFL_2_9 : ssl->max_fragment = 512; break; 1978 case WOLFSSL_MFL_2_10: ssl->max_fragment = 1024; break; 1979 case WOLFSSL_MFL_2_11: ssl->max_fragment = 2048; break; 1980 case WOLFSSL_MFL_2_12: ssl->max_fragment = 4096; break; 1981 case WOLFSSL_MFL_2_13: ssl->max_fragment = 8192; break; 1982 default: ssl->max_fragment = MAX_RECORD_SIZE; break; 1983 } 1984 return WOLFSSL_SUCCESS; 1985 } 1986 #endif /* WOLFSSL_MAX_FRAGMENT_ADJUST */ 1987 1988 /* This call sets the max fragment TLS extension, which gets sent to server. 1989 The server_hello response is what sets the `ssl->max_fragment` in 1990 TLSX_MFL_Parse */ 1870 1991 return TLSX_UseMaxFragment(&ssl->extensions, mfl, ssl->heap); 1871 1992 } … … 1914 2035 1915 2036 return TLSX_UseCertificateStatusRequest(&ssl->extensions, status_type, 1916 options, ssl->heap, ssl->devId);2037 options, NULL, ssl->heap, ssl->devId); 1917 2038 } 1918 2039 … … 1925 2046 1926 2047 return TLSX_UseCertificateStatusRequest(&ctx->extensions, status_type, 1927 options, ctx->heap, ctx->devId);2048 options, NULL, ctx->heap, ctx->devId); 1928 2049 } 1929 2050 … … 1942 2063 1943 2064 1944 int wolfSSL_CTX_UseOCSPStaplingV2(WOLFSSL_CTX* ctx, 1945 byte status_type,byte options)2065 int wolfSSL_CTX_UseOCSPStaplingV2(WOLFSSL_CTX* ctx, byte status_type, 2066 byte options) 1946 2067 { 1947 2068 if (ctx == NULL || ctx->method->side != WOLFSSL_CLIENT_END) … … 2135 2256 } 2136 2257 2137 XMEMSET(list, 0, protocol_name_listSz+1);2138 2258 XSTRNCPY(list, protocol_name_list, protocol_name_listSz); 2259 list[protocol_name_listSz] = '\0'; 2139 2260 2140 2261 /* read all protocol name from the list */ … … 2243 2364 return SECURE_RENEGOTIATION_E; 2244 2365 } 2366 2367 /* If the client started the renegotiation, the server will already 2368 * have processed the client's hello. */ 2369 if (ssl->options.side != WOLFSSL_SERVER_END || 2370 ssl->options.acceptState != ACCEPT_FIRST_REPLY_DONE) { 2245 2371 2246 2372 if (ssl->options.handShakeState != HANDSHAKE_DONE) { … … 2270 2396 ssl->secure_renegotiation->cache_status = SCR_CACHE_NEEDED; 2271 2397 2272 ret = InitHandshakeHashes(ssl); 2398 #if !defined(NO_WOLFSSL_SERVER) && defined(HAVE_SERVER_RENEGOTIATION_INFO) 2399 if (ssl->options.side == WOLFSSL_SERVER_END) { 2400 ret = SendHelloRequest(ssl); 2273 2401 if (ret !=0) 2274 2402 return ret; 2275 2403 } 2404 #endif /* NO_WOLFSSL_SERVER && HAVE_SERVER_RENEGOTIATION_INFO */ 2405 2406 ret = InitHandshakeHashes(ssl); 2407 if (ret !=0) 2408 return ret; 2409 } 2276 2410 ret = wolfSSL_negotiate(ssl); 2277 2411 return ret; … … 2519 2653 ssl->error = WOLFSSL_ERROR_SYSCALL; /* simulate OpenSSL behavior */ 2520 2654 ret = WOLFSSL_SUCCESS; 2655 } else if ((ssl->error == WOLFSSL_ERROR_NONE) && 2656 (ret < WOLFSSL_SUCCESS)) { 2657 ret = WOLFSSL_SHUTDOWN_NOT_DONE; 2521 2658 } 2522 2659 } … … 2606 2743 char* wolfSSL_ERR_error_string(unsigned long errNumber, char* data) 2607 2744 { 2608 static const char* msg = "Please supply a buffer for error string";2745 static const char* const msg = "Please supply a buffer for error string"; 2609 2746 2610 2747 WOLFSSL_ENTER("ERR_error_string"); … … 2716 2853 const byte* wolfSSL_GetMacSecret(WOLFSSL* ssl, int verify) 2717 2854 { 2855 #ifndef WOLFSSL_AEAD_ONLY 2718 2856 if (ssl == NULL) 2719 2857 return NULL; … … 2724 2862 else 2725 2863 return ssl->keys.server_write_MAC_secret; 2864 #else 2865 (void)ssl; 2866 (void)verify; 2867 2868 return NULL; 2869 #endif 2726 2870 } 2727 2871 … … 2904 3048 2905 3049 #ifndef NO_CERTS 2906 int AllocDer(DerBuffer** pDer, word32 length, int type, void* heap)2907 {2908 int ret = BAD_FUNC_ARG;2909 if (pDer) {2910 int dynType = 0;2911 DerBuffer* der;2912 2913 /* Determine dynamic type */2914 switch (type) {2915 case CA_TYPE: dynType = DYNAMIC_TYPE_CA; break;2916 case CERT_TYPE: dynType = DYNAMIC_TYPE_CERT; break;2917 case CRL_TYPE: dynType = DYNAMIC_TYPE_CRL; break;2918 case DSA_TYPE: dynType = DYNAMIC_TYPE_DSA; break;2919 case ECC_TYPE: dynType = DYNAMIC_TYPE_ECC; break;2920 case RSA_TYPE: dynType = DYNAMIC_TYPE_RSA; break;2921 default: dynType = DYNAMIC_TYPE_KEY; break;2922 }2923 2924 /* Setup new buffer */2925 *pDer = (DerBuffer*)XMALLOC(sizeof(DerBuffer) + length, heap, dynType);2926 if (*pDer == NULL) {2927 return MEMORY_ERROR;2928 }2929 XMEMSET(*pDer, 0, sizeof(DerBuffer) + length);2930 2931 der = *pDer;2932 der->type = type;2933 der->dynType = dynType; /* Cache this for FreeDer */2934 der->heap = heap;2935 der->buffer = (byte*)der + sizeof(DerBuffer);2936 der->length = length;2937 ret = 0; /* Success */2938 }2939 return ret;2940 }2941 2942 void FreeDer(DerBuffer** pDer)2943 {2944 if (pDer && *pDer)2945 {2946 DerBuffer* der = (DerBuffer*)*pDer;2947 2948 /* ForceZero private keys */2949 if (der->type == PRIVATEKEY_TYPE) {2950 ForceZero(der->buffer, der->length);2951 }2952 der->buffer = NULL;2953 der->length = 0;2954 XFREE(der, der->heap, der->dynType);2955 2956 *pDer = NULL;2957 }2958 }2959 3050 2960 3051 WOLFSSL_CERT_MANAGER* wolfSSL_CTX_GetCertManager(WOLFSSL_CTX* ctx) … … 3024 3115 FreeOCSP(cm->ocsp, 1); 3025 3116 XFREE(cm->ocspOverrideURL, cm->heap, DYNAMIC_TYPE_URL); 3026 #if defined(HAVE_CERTIFICATE_STATUS_REQUEST)\3027 || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)\3028 || defined(WOLFSSL_HAPROXY)3117 #if !defined(NO_WOLFSSL_SERVER) && \ 3118 (defined(HAVE_CERTIFICATE_STATUS_REQUEST) || \ 3119 defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)) 3029 3120 if (cm->ocsp_stapling) 3030 3121 FreeOCSP(cm->ocsp_stapling, 1); … … 3056 3147 return BAD_MUTEX_E; 3057 3148 3058 FreeSignerTable(cm->caTable, CA_TABLE_SIZE, NULL);3149 FreeSignerTable(cm->caTable, CA_TABLE_SIZE, cm->heap); 3059 3150 3060 3151 wc_UnLockMutex(&cm->caLock); … … 3076 3167 return BAD_MUTEX_E; 3077 3168 3078 FreeTrustedPeerTable(cm->tpTable, TP_TABLE_SIZE, NULL);3169 FreeTrustedPeerTable(cm->tpTable, TP_TABLE_SIZE, cm->heap); 3079 3170 3080 3171 wc_UnLockMutex(&cm->tpLock); … … 3085 3176 #endif /* WOLFSSL_TRUST_PEER_CERT */ 3086 3177 3087 3088 /* Return bytes written to buff or < 0 for error */3089 int wolfSSL_CertPemToDer(const unsigned char* pem, int pemSz,3090 unsigned char* buff, int buffSz, int type)3091 {3092 int eccKey = 0;3093 int ret;3094 DerBuffer* der = NULL;3095 #ifdef WOLFSSL_SMALL_STACK3096 EncryptedInfo* info = NULL;3097 #else3098 EncryptedInfo info[1];3099 #endif3100 3101 WOLFSSL_ENTER("wolfSSL_CertPemToDer");3102 3103 if (pem == NULL || buff == NULL || buffSz <= 0) {3104 WOLFSSL_MSG("Bad pem der args");3105 return BAD_FUNC_ARG;3106 }3107 3108 if (type != CERT_TYPE && type != CA_TYPE && type != CERTREQ_TYPE) {3109 WOLFSSL_MSG("Bad cert type");3110 return BAD_FUNC_ARG;3111 }3112 3113 #ifdef WOLFSSL_SMALL_STACK3114 info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), NULL,3115 DYNAMIC_TYPE_ENCRYPTEDINFO);3116 if (info == NULL)3117 return MEMORY_E;3118 #endif3119 3120 info->set = 0;3121 info->ctx = NULL;3122 info->consumed = 0;3123 3124 ret = PemToDer(pem, pemSz, type, &der, NULL, info, &eccKey);3125 3126 #ifdef WOLFSSL_SMALL_STACK3127 XFREE(info, NULL, DYNAMIC_TYPE_ENCRYPTEDINFO);3128 #endif3129 3130 if (ret < 0) {3131 WOLFSSL_MSG("Bad Pem To Der");3132 }3133 else {3134 if (der->length <= (word32)buffSz) {3135 XMEMCPY(buff, der->buffer, der->length);3136 ret = der->length;3137 }3138 else {3139 WOLFSSL_MSG("Bad der length");3140 ret = BAD_FUNC_ARG;3141 }3142 }3143 3144 FreeDer(&der);3145 return ret;3146 }3147 3148 3178 #endif /* NO_CERTS */ 3149 3179 3150 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) 3151 3152 static struct cipher{ 3180 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \ 3181 defined(HAVE_WEBSERVER) 3182 3183 static const struct cipher{ 3153 3184 unsigned char type; 3154 3185 const char *name; … … 3156 3187 3157 3188 #ifndef NO_AES 3189 #ifdef WOLFSSL_AES_128 3158 3190 {AES_128_CBC_TYPE, "AES-128-CBC"}, 3191 #endif 3192 #ifdef WOLFSSL_AES_192 3159 3193 {AES_192_CBC_TYPE, "AES-192-CBC"}, 3194 #endif 3195 #ifdef WOLFSSL_AES_256 3160 3196 {AES_256_CBC_TYPE, "AES-256-CBC"}, 3197 #endif 3161 3198 #if defined(OPENSSL_EXTRA) 3199 #ifdef WOLFSSL_AES_128 3162 3200 {AES_128_CTR_TYPE, "AES-128-CTR"}, 3201 #endif 3202 #ifdef WOLFSSL_AES_192 3163 3203 {AES_192_CTR_TYPE, "AES-192-CTR"}, 3204 #endif 3205 #ifdef WOLFSSL_AES_256 3164 3206 {AES_256_CTR_TYPE, "AES-256-CTR"}, 3165 3207 #endif 3208 3209 #ifdef WOLFSSL_AES_128 3166 3210 {AES_128_ECB_TYPE, "AES-128-ECB"}, 3211 #endif 3212 #ifdef WOLFSSL_AES_192 3167 3213 {AES_192_ECB_TYPE, "AES-192-ECB"}, 3214 #endif 3215 #ifdef WOLFSSL_AES_256 3168 3216 {AES_256_ECB_TYPE, "AES-256-ECB"}, 3217 #endif 3169 3218 #endif 3170 3219 … … 3177 3226 {DES_EDE3_CBC_TYPE, "DES-EDE3-CBC"}, 3178 3227 {DES_EDE3_ECB_TYPE, "DES-EDE3-ECB"}, 3228 #endif 3229 3230 #ifndef NO_RC4 3231 {ARC4_TYPE, "ARC4"}, 3179 3232 #endif 3180 3233 … … 3193 3246 } alias_tbl[] = 3194 3247 { 3248 #ifndef NO_DES3 3195 3249 {"DES-CBC", "DES"}, 3196 3250 {"DES-CBC", "des"}, 3251 {"DES-ECB", "DES-ECB"}, 3252 {"DES-ECB", "des-ecb"}, 3197 3253 {"DES-EDE3-CBC", "DES3"}, 3198 3254 {"DES-EDE3-CBC", "des3"}, 3255 {"DES-EDE3-ECB", "DES-EDE3"}, 3256 {"DES-EDE3-ECB", "des-ede3"}, 3199 3257 {"DES-EDE3-ECB", "des-ede3-ecb"}, 3258 #endif 3259 #ifdef HAVE_IDEA 3200 3260 {"IDEA-CBC", "IDEA"}, 3201 3261 {"IDEA-CBC", "idea"}, 3202 {"AES-128-CBC", "AES128"}, 3203 {"AES-128-CBC", "aes128"}, 3204 {"AES-192-CBC", "AES192"}, 3205 {"AES-192-CBC", "aes192"}, 3206 {"AES-256-CBC", "AES256"}, 3207 {"AES-256-CBC", "aes256"}, 3262 #endif 3263 #ifndef NO_AES 3264 #ifdef HAVE_AES_CBC 3265 #ifdef WOLFSSL_AES_128 3266 {"AES-128-CBC", "AES128-CBC"}, 3267 {"AES-128-CBC", "aes128-cbc"}, 3268 #endif 3269 #ifdef WOLFSSL_AES_192 3270 {"AES-192-CBC", "AES192-CBC"}, 3271 {"AES-192-CBC", "aes192-cbc"}, 3272 #endif 3273 #ifdef WOLFSSL_AES_256 3274 {"AES-256-CBC", "AES256-CBC"}, 3275 {"AES-256-CBC", "aes256-cbc"}, 3276 #endif 3277 #endif 3278 #ifdef WOLFSSL_AES_128 3279 {"AES-128-ECB", "AES128-ECB"}, 3280 {"AES-128-ECB", "aes128-ecb"}, 3281 #endif 3282 #ifdef WOLFSSL_AES_192 3283 {"AES-192-ECB", "AES192-ECB"}, 3284 {"AES-192-ECB", "aes192-ecb"}, 3285 #endif 3286 #ifdef WOLFSSL_AES_256 3287 {"AES-256-ECB", "AES256-ECB"}, 3288 {"AES-256-EBC", "aes256-ecb"}, 3289 #endif 3290 #endif 3291 #ifndef NO_RC4 3292 {"ARC4", "RC4"}, 3293 #endif 3208 3294 { NULL, NULL} 3209 3295 }; … … 3243 3329 #if defined(OPENSSL_EXTRA) 3244 3330 #ifndef NO_AES 3331 #ifdef HAVE_AES_CBC 3332 #ifdef WOLFSSL_AES_128 3245 3333 case NID_aes_128_cbc: 3246 3334 return wolfSSL_EVP_aes_128_cbc(); 3335 #endif 3336 #ifdef WOLFSSL_AES_192 3247 3337 case NID_aes_192_cbc: 3248 3338 return wolfSSL_EVP_aes_192_cbc(); 3339 #endif 3340 #ifdef WOLFSSL_AES_256 3249 3341 case NID_aes_256_cbc: 3250 3342 return wolfSSL_EVP_aes_256_cbc(); 3343 #endif 3344 #endif 3345 #ifdef WOLFSSL_AES_COUNTER 3346 #ifdef WOLFSSL_AES_128 3251 3347 case NID_aes_128_ctr: 3252 3348 return wolfSSL_EVP_aes_128_ctr(); 3349 #endif 3350 #ifdef WOLFSSL_AES_192 3253 3351 case NID_aes_192_ctr: 3254 3352 return wolfSSL_EVP_aes_192_ctr(); 3353 #endif 3354 #ifdef WOLFSSL_AES_256 3255 3355 case NID_aes_256_ctr: 3256 3356 return wolfSSL_EVP_aes_256_ctr(); 3357 #endif 3358 #endif /* WOLFSSL_AES_COUNTER */ 3359 #ifdef HAVE_AES_ECB 3360 #ifdef WOLFSSL_AES_128 3257 3361 case NID_aes_128_ecb: 3258 3362 return wolfSSL_EVP_aes_128_ecb(); 3363 #endif 3364 #ifdef WOLFSSL_AES_192 3259 3365 case NID_aes_192_ecb: 3260 3366 return wolfSSL_EVP_aes_192_ecb(); 3367 #endif 3368 #ifdef WOLFSSL_AES_256 3261 3369 case NID_aes_256_ecb: 3262 3370 return wolfSSL_EVP_aes_256_ecb(); 3371 #endif 3372 #endif /* HAVE_AES_ECB */ 3263 3373 #endif 3264 3374 … … 3292 3402 3293 3403 #ifndef NO_AES 3404 #ifdef HAVE_AES_CBC 3405 #ifdef WOLFSSL_AES_128 3294 3406 static char *EVP_AES_128_CBC; 3407 #endif 3408 #ifdef WOLFSSL_AES_192 3295 3409 static char *EVP_AES_192_CBC; 3410 #endif 3411 #ifdef WOLFSSL_AES_256 3296 3412 static char *EVP_AES_256_CBC; 3413 #endif 3414 #endif /* HAVE_AES_CBC */ 3297 3415 #if defined(OPENSSL_EXTRA) 3416 #ifdef WOLFSSL_AES_128 3298 3417 static char *EVP_AES_128_CTR; 3418 #endif 3419 #ifdef WOLFSSL_AES_192 3299 3420 static char *EVP_AES_192_CTR; 3421 #endif 3422 #ifdef WOLFSSL_AES_256 3300 3423 static char *EVP_AES_256_CTR; 3301 3424 #endif 3425 3426 #ifdef WOLFSSL_AES_128 3302 3427 static char *EVP_AES_128_ECB; 3428 #endif 3429 #ifdef WOLFSSL_AES_192 3303 3430 static char *EVP_AES_192_ECB; 3431 #endif 3432 #ifdef WOLFSSL_AES_256 3304 3433 static char *EVP_AES_256_ECB; 3305 3434 #endif 3306 3435 static const int EVP_AES_SIZE = 11; 3436 #endif 3307 3437 #endif 3308 3438 … … 3310 3440 static char *EVP_DES_CBC; 3311 3441 static char *EVP_DES_ECB; 3312 static const int EVP_DES_SIZE = 7;3313 3442 3314 3443 static char *EVP_DES_EDE3_CBC; 3315 3444 static char *EVP_DES_EDE3_ECB; 3445 3446 #ifdef OPENSSL_EXTRA 3447 static const int EVP_DES_SIZE = 7; 3316 3448 static const int EVP_DES_EDE3_SIZE = 12; 3449 #endif 3450 3317 3451 #endif 3318 3452 … … 3327 3461 { 3328 3462 #ifndef NO_AES 3463 #ifdef HAVE_AES_CBC 3464 #ifdef WOLFSSL_AES_128 3329 3465 EVP_AES_128_CBC = (char *)EVP_get_cipherbyname("AES-128-CBC"); 3466 #endif 3467 #ifdef WOLFSSL_AES_192 3330 3468 EVP_AES_192_CBC = (char *)EVP_get_cipherbyname("AES-192-CBC"); 3469 #endif 3470 #ifdef WOLFSSL_AES_256 3331 3471 EVP_AES_256_CBC = (char *)EVP_get_cipherbyname("AES-256-CBC"); 3472 #endif 3473 #endif /* HAVE_AES_CBC */ 3332 3474 3333 3475 #if defined(OPENSSL_EXTRA) 3476 #ifdef WOLFSSL_AES_128 3334 3477 EVP_AES_128_CTR = (char *)EVP_get_cipherbyname("AES-128-CTR"); 3478 #endif 3479 #ifdef WOLFSSL_AES_192 3335 3480 EVP_AES_192_CTR = (char *)EVP_get_cipherbyname("AES-192-CTR"); 3481 #endif 3482 #ifdef WOLFSSL_AES_256 3336 3483 EVP_AES_256_CTR = (char *)EVP_get_cipherbyname("AES-256-CTR"); 3337 3484 #endif 3485 3486 #ifdef WOLFSSL_AES_128 3338 3487 EVP_AES_128_ECB = (char *)EVP_get_cipherbyname("AES-128-ECB"); 3488 #endif 3489 #ifdef WOLFSSL_AES_192 3339 3490 EVP_AES_192_ECB = (char *)EVP_get_cipherbyname("AES-192-ECB"); 3491 #endif 3492 #ifdef WOLFSSL_AES_256 3340 3493 EVP_AES_256_ECB = (char *)EVP_get_cipherbyname("AES-256-ECB"); 3494 #endif 3341 3495 #endif 3342 3496 #endif … … 3355 3509 } 3356 3510 3357 /* our KeyPemToDer password callback, password in userData */ 3358 static INLINE int OurPasswordCb(char* passwd, int sz, int rw, void* userdata) 3359 { 3360 (void)rw; 3361 3362 if (userdata == NULL) 3363 return 0; 3364 3365 XSTRNCPY(passwd, (char*)userdata, sz); 3366 return min((word32)sz, (word32)XSTRLEN((char*)userdata)); 3367 } 3368 3369 #endif /* OPENSSL_EXTRA || HAVE_WEBSERVER */ 3370 3371 #ifndef NO_CERTS 3372 3373 /* Return bytes written to buff or < 0 for error */ 3374 int wolfSSL_KeyPemToDer(const unsigned char* pem, int pemSz, 3375 unsigned char* buff, int buffSz, const char* pass) 3376 { 3377 int eccKey = 0; 3378 int ret; 3379 DerBuffer* der = NULL; 3380 #ifdef WOLFSSL_SMALL_STACK 3381 EncryptedInfo* info = NULL; 3382 #else 3383 EncryptedInfo info[1]; 3384 #endif 3385 3386 WOLFSSL_ENTER("wolfSSL_KeyPemToDer"); 3387 3388 if (pem == NULL || buff == NULL || buffSz <= 0) { 3389 WOLFSSL_MSG("Bad pem der args"); 3390 return BAD_FUNC_ARG; 3391 } 3392 3393 #ifdef WOLFSSL_SMALL_STACK 3394 info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), NULL, 3395 DYNAMIC_TYPE_ENCRYPTEDINFO); 3396 if (info == NULL) 3397 return MEMORY_E; 3398 #endif 3399 3400 info->set = 0; 3401 info->ctx = NULL; 3402 info->consumed = 0; 3403 3404 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) 3405 if (pass) { 3406 info->ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); 3407 if (info->ctx == NULL) { 3408 #ifdef WOLFSSL_SMALL_STACK 3409 XFREE(info, NULL, DYNAMIC_TYPE_ENCRYPTEDINFO); 3410 #endif 3411 return MEMORY_E; 3412 } 3413 3414 wolfSSL_CTX_set_default_passwd_cb(info->ctx, OurPasswordCb); 3415 wolfSSL_CTX_set_default_passwd_cb_userdata(info->ctx, (void*)pass); 3416 } 3417 #else 3418 (void)pass; 3419 #endif 3420 3421 ret = PemToDer(pem, pemSz, PRIVATEKEY_TYPE, &der, NULL, info, &eccKey); 3422 3423 if (info->ctx) 3424 wolfSSL_CTX_free(info->ctx); 3425 3426 #ifdef WOLFSSL_SMALL_STACK 3427 XFREE(info, NULL, DYNAMIC_TYPE_ENCRYPTEDINFO); 3428 #endif 3429 3430 if (ret < 0) { 3431 WOLFSSL_MSG("Bad Pem To Der"); 3432 } 3433 else { 3434 if (der->length <= (word32)buffSz) { 3435 XMEMCPY(buff, der->buffer, der->length); 3436 ret = der->length; 3437 } 3438 else { 3439 WOLFSSL_MSG("Bad der length"); 3440 ret = BAD_FUNC_ARG; 3441 } 3442 } 3443 3444 FreeDer(&der); 3445 return ret; 3446 } 3447 3448 #endif /* !NO_CERTS */ 3449 3511 #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL || HAVE_WEBSERVER */ 3450 3512 3451 3513 3452 3514 #if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) 3453 3515 3454 void wolfSSL_ERR_print_errors_fp( FILE*fp, int err)3516 void wolfSSL_ERR_print_errors_fp(XFILE fp, int err) 3455 3517 { 3456 3518 char data[WOLFSSL_MAX_ERROR_SZ + 1]; … … 3462 3524 3463 3525 #if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE) 3464 void wolfSSL_ERR_dump_errors_fp( FILE*fp)3526 void wolfSSL_ERR_dump_errors_fp(XFILE fp) 3465 3527 { 3466 3528 wc_ERR_print_errors_fp(fp); … … 3546 3608 break; 3547 3609 #endif 3610 #ifndef WOLFSSL_NO_TLS12 3548 3611 case WOLFSSL_TLSV1_2: 3549 3612 *minVersion = TLSv1_2_MINOR; 3550 3613 break; 3551 3614 #endif 3615 #endif 3616 #ifdef WOLFSSL_TLS13 3617 case WOLFSSL_TLSV1_3: 3618 *minVersion = TLSv1_3_MINOR; 3619 break; 3620 #endif 3552 3621 3553 3622 default: … … 3587 3656 } 3588 3657 3658 3659 /* Function to get version as WOLFSSL_ enum value for wolfSSL_SetVersion */ 3660 int wolfSSL_GetVersion(WOLFSSL* ssl) 3661 { 3662 if (ssl == NULL) 3663 return BAD_FUNC_ARG; 3664 3665 if (ssl->version.major == SSLv3_MAJOR) { 3666 switch (ssl->version.minor) { 3667 case SSLv3_MINOR : 3668 return WOLFSSL_SSLV3; 3669 case TLSv1_MINOR : 3670 return WOLFSSL_TLSV1; 3671 case TLSv1_1_MINOR : 3672 return WOLFSSL_TLSV1_1; 3673 case TLSv1_2_MINOR : 3674 return WOLFSSL_TLSV1_2; 3675 case TLSv1_3_MINOR : 3676 return WOLFSSL_TLSV1_3; 3677 default: 3678 break; 3679 } 3680 } 3681 3682 return VERSION_ERROR; 3683 } 3589 3684 3590 3685 int wolfSSL_SetVersion(WOLFSSL* ssl, int version) … … 3610 3705 #ifndef NO_TLS 3611 3706 #ifndef NO_OLD_TLS 3707 #ifdef WOLFSSL_ALLOW_TLSV10 3612 3708 case WOLFSSL_TLSV1: 3613 3709 ssl->version = MakeTLSv1(); 3614 3710 break; 3711 #endif 3615 3712 3616 3713 case WOLFSSL_TLSV1_1: … … 3618 3715 break; 3619 3716 #endif 3717 #ifndef WOLFSSL_NO_TLS12 3620 3718 case WOLFSSL_TLSV1_2: 3621 3719 ssl->version = MakeTLSv1_2(); 3622 3720 break; 3721 #endif 3722 #endif 3723 #ifdef WOLFSSL_TLS13 3724 case WOLFSSL_TLSV1_3: 3725 ssl->version = MakeTLSv1_3(); 3726 break; 3727 3623 3728 #endif 3624 3729 … … 3651 3756 3652 3757 /* Make a work from the front of random hash */ 3653 static INLINE word32 MakeWordFromHash(const byte* hashID)3654 { 3655 return ( hashID[0] << 24) | (hashID[1] << 16) | (hashID[2] << 8) |3656 3758 static WC_INLINE word32 MakeWordFromHash(const byte* hashID) 3759 { 3760 return ((word32)hashID[0] << 24) | (hashID[1] << 16) | 3761 (hashID[2] << 8) | hashID[3]; 3657 3762 } 3658 3763 … … 3663 3768 3664 3769 /* hash is the SHA digest of name, just use first 32 bits as hash */ 3665 static INLINE word32 HashSigner(const byte* hash)3770 static WC_INLINE word32 HashSigner(const byte* hash) 3666 3771 { 3667 3772 return MakeWordFromHash(hash) % CA_TABLE_SIZE; … … 3709 3814 #ifdef WOLFSSL_TRUST_PEER_CERT 3710 3815 /* hash is the SHA digest of name, just use first 32 bits as hash */ 3711 static INLINE word32 TrustedPeerHashSigner(const byte* hash)3816 static WC_INLINE word32 TrustedPeerHashSigner(const byte* hash) 3712 3817 { 3713 3818 return MakeWordFromHash(hash) % TP_TABLE_SIZE; … … 4013 4118 { 4014 4119 int ret; 4015 Signer* signer = 0;4120 Signer* signer = NULL; 4016 4121 word32 row; 4017 4122 byte* subjectHash; … … 4024 4129 4025 4130 WOLFSSL_MSG("Adding a CA"); 4131 4132 if (cm == NULL) 4133 return BAD_FUNC_ARG; 4026 4134 4027 4135 #ifdef WOLFSSL_SMALL_STACK … … 4101 4209 if (!signer) 4102 4210 ret = MEMORY_ERROR; 4103 else { 4211 } 4212 if (ret == 0 && signer != NULL) { 4213 #ifdef WOLFSSL_SIGNER_DER_CERT 4214 ret = AllocDer(&signer->derCert, der->length, der->type, NULL); 4215 } 4216 if (ret == 0 && signer != NULL) { 4217 XMEMCPY(signer->derCert->buffer, der->buffer, der->length); 4218 #endif 4104 4219 signer->keyOID = cert->keyOID; 4105 4220 if (cert->pubKeyStored) { … … 4152 4267 } 4153 4268 } 4154 }4155 4269 4156 4270 WOLFSSL_MSG("\tFreeing Parsed CA"); … … 4275 4389 4276 4390 4277 #if (defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)) && !defined(NO_CERTS)4278 4279 /* WOLFSSL_SUCCESS if ok, <= 0 else */4280 static int wolfssl_decrypt_buffer_key(DerBuffer* der, byte* password,4281 int passwordSz, EncryptedInfo* info)4282 {4283 int ret = WOLFSSL_BAD_FILE;4284 4285 #ifdef WOLFSSL_SMALL_STACK4286 byte* key = NULL;4287 #else4288 byte key[AES_256_KEY_SIZE];4289 #endif4290 4291 (void)passwordSz;4292 (void)key;4293 4294 WOLFSSL_ENTER("wolfssl_decrypt_buffer_key");4295 4296 if (der == NULL || password == NULL || info == NULL) {4297 WOLFSSL_MSG("bad arguments");4298 return WOLFSSL_FATAL_ERROR;4299 }4300 4301 /* use file's salt for key derivation, hex decode first */4302 if (Base16_Decode(info->iv, info->ivSz, info->iv, &info->ivSz) != 0) {4303 WOLFSSL_MSG("base16 decode failed");4304 return WOLFSSL_FATAL_ERROR;4305 }4306 4307 #ifndef NO_MD54308 4309 #ifdef WOLFSSL_SMALL_STACK4310 key = (byte*)XMALLOC(AES_256_KEY_SIZE, NULL, DYNAMIC_TYPE_SYMETRIC_KEY);4311 if (key == NULL) {4312 WOLFSSL_MSG("memory failure");4313 return WOLFSSL_FATAL_ERROR;4314 }4315 #endif /* WOLFSSL_SMALL_STACK */4316 4317 if ((ret = wolfSSL_EVP_BytesToKey(info->name, "MD5", info->iv,4318 password, passwordSz, 1, key, NULL)) <= 0) {4319 WOLFSSL_MSG("bytes to key failure");4320 #ifdef WOLFSSL_SMALL_STACK4321 XFREE(key, NULL, DYNAMIC_TYPE_SYMETRIC_KEY);4322 #endif4323 return WOLFSSL_FATAL_ERROR;4324 }4325 4326 #endif /* NO_MD5 */4327 4328 #ifndef NO_DES34329 if (XSTRNCMP(info->name, EVP_DES_CBC, EVP_DES_SIZE) == 0)4330 ret = wc_Des_CbcDecryptWithKey(der->buffer, der->buffer, der->length,4331 key, info->iv);4332 else if (XSTRNCMP(info->name, EVP_DES_EDE3_CBC, EVP_DES_EDE3_SIZE) == 0)4333 ret = wc_Des3_CbcDecryptWithKey(der->buffer, der->buffer, der->length,4334 key, info->iv);4335 #endif /* NO_DES3 */4336 #if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(HAVE_AES_DECRYPT)4337 if (XSTRNCMP(info->name, EVP_AES_128_CBC, EVP_AES_SIZE) == 0)4338 ret = wc_AesCbcDecryptWithKey(der->buffer, der->buffer, der->length,4339 key, AES_128_KEY_SIZE, info->iv);4340 else if (XSTRNCMP(info->name, EVP_AES_192_CBC, EVP_AES_SIZE) == 0)4341 ret = wc_AesCbcDecryptWithKey(der->buffer, der->buffer, der->length,4342 key, AES_192_KEY_SIZE, info->iv);4343 else if (XSTRNCMP(info->name, EVP_AES_256_CBC, EVP_AES_SIZE) == 0)4344 ret = wc_AesCbcDecryptWithKey(der->buffer, der->buffer, der->length,4345 key, AES_256_KEY_SIZE, info->iv);4346 #endif /* !NO_AES && HAVE_AES_CBC && HAVE_AES_DECRYPT */4347 4348 #ifdef WOLFSSL_SMALL_STACK4349 XFREE(key, NULL, DYNAMIC_TYPE_SYMETRIC_KEY);4350 #endif4351 4352 if (ret == MP_OKAY)4353 return WOLFSSL_SUCCESS;4354 else if (ret == WOLFSSL_BAD_FILE)4355 return WOLFSSL_BAD_FILE;4356 4357 return WOLFSSL_FATAL_ERROR;4358 }4359 #endif /* defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) */4360 4361 4362 #if defined(WOLFSSL_KEY_GEN) && defined(OPENSSL_EXTRA)4363 static int wolfssl_encrypt_buffer_key(byte* der, word32 derSz, byte* password,4364 int passwordSz, EncryptedInfo* info)4365 {4366 int ret = WOLFSSL_BAD_FILE;4367 4368 #ifdef WOLFSSL_SMALL_STACK4369 byte* key = NULL;4370 #else4371 byte key[AES_256_KEY_SIZE];4372 #endif4373 4374 (void)derSz;4375 (void)passwordSz;4376 (void)key;4377 4378 WOLFSSL_ENTER("wolfssl_encrypt_buffer_key");4379 4380 if (der == NULL || password == NULL || info == NULL || info->ivSz == 0) {4381 WOLFSSL_MSG("bad arguments");4382 return WOLFSSL_FATAL_ERROR;4383 }4384 4385 #ifndef NO_MD54386 4387 #ifdef WOLFSSL_SMALL_STACK4388 key = (byte*)XMALLOC(AES_256_KEY_SIZE, NULL, DYNAMIC_TYPE_SYMETRIC_KEY);4389 if (key == NULL) {4390 WOLFSSL_MSG("memory failure");4391 return WOLFSSL_FATAL_ERROR;4392 }4393 #endif /* WOLFSSL_SMALL_STACK */4394 4395 if ((ret = wolfSSL_EVP_BytesToKey(info->name, "MD5", info->iv,4396 password, passwordSz, 1, key, NULL)) <= 0) {4397 WOLFSSL_MSG("bytes to key failure");4398 #ifdef WOLFSSL_SMALL_STACK4399 XFREE(key, NULL, DYNAMIC_TYPE_SYMETRIC_KEY);4400 #endif4401 return WOLFSSL_FATAL_ERROR;4402 }4403 4404 #endif /* NO_MD5 */4405 4406 if (ret > 0) {4407 ret = WOLFSSL_BAD_FILE; /* Reset error return */4408 #ifndef NO_DES34409 if (XSTRNCMP(info->name, EVP_DES_CBC, EVP_DES_SIZE) == 0)4410 ret = wc_Des_CbcEncryptWithKey(der, der, derSz, key, info->iv);4411 else if (XSTRNCMP(info->name, EVP_DES_EDE3_CBC, EVP_DES_EDE3_SIZE) == 0)4412 ret = wc_Des3_CbcEncryptWithKey(der, der, derSz, key, info->iv);4413 #endif /* NO_DES3 */4414 #ifndef NO_AES4415 if (XSTRNCMP(info->name, EVP_AES_128_CBC, EVP_AES_SIZE) == 0)4416 ret = wc_AesCbcEncryptWithKey(der, der, derSz,4417 key, AES_128_KEY_SIZE, info->iv);4418 else if (XSTRNCMP(info->name, EVP_AES_192_CBC, EVP_AES_SIZE) == 0)4419 ret = wc_AesCbcEncryptWithKey(der, der, derSz,4420 key, AES_192_KEY_SIZE, info->iv);4421 else if (XSTRNCMP(info->name, EVP_AES_256_CBC, EVP_AES_SIZE) == 0)4422 ret = wc_AesCbcEncryptWithKey(der, der, derSz,4423 key, AES_256_KEY_SIZE, info->iv);4424 #endif /* NO_AES */4425 }4426 4427 #ifdef WOLFSSL_SMALL_STACK4428 XFREE(key, NULL, DYNAMIC_TYPE_SYMETRIC_KEY);4429 #endif4430 4431 if (ret == MP_OKAY)4432 return WOLFSSL_SUCCESS;4433 else if (ret == WOLFSSL_BAD_FILE)4434 return WOLFSSL_BAD_FILE;4435 4436 return WOLFSSL_FATAL_ERROR;4437 }4438 #endif /* defined(WOLFSSL_KEY_GEN) */4439 4440 4391 4441 4392 #ifndef NO_CERTS 4442 4443 /* Remove PEM header/footer, convert to ASN1, store any encrypted data4444 info->consumed tracks of PEM bytes consumed in case multiple parts */4445 int PemToDer(const unsigned char* buff, long longSz, int type,4446 DerBuffer** pDer, void* heap, EncryptedInfo* info, int* eccKey)4447 {4448 const char* header = NULL;4449 const char* footer = NULL;4450 char* headerEnd;4451 char* footerEnd;4452 char* consumedEnd;4453 char* bufferEnd = (char*)(buff + longSz);4454 long neededSz;4455 int ret = 0;4456 int sz = (int)longSz;4457 int encrypted_key = 0;4458 DerBuffer* der;4459 4460 WOLFSSL_ENTER("PemToDer");4461 4462 switch (type) {4463 case CA_TYPE: /* same as below */4464 case TRUSTED_PEER_TYPE:4465 case CERT_TYPE: header=BEGIN_CERT; footer=END_CERT;4466 break;4467 case CRL_TYPE: header=BEGIN_X509_CRL; footer=END_X509_CRL;4468 break;4469 case DH_PARAM_TYPE: header=BEGIN_DH_PARAM; footer=END_DH_PARAM;4470 break;4471 case DSA_PARAM_TYPE: header=BEGIN_DSA_PARAM; footer=END_DSA_PARAM;4472 break;4473 case CERTREQ_TYPE: header=BEGIN_CERT_REQ; footer=END_CERT_REQ;4474 break;4475 case DSA_TYPE: header=BEGIN_DSA_PRIV; footer=END_DSA_PRIV;4476 break;4477 case ECC_TYPE: header=BEGIN_EC_PRIV; footer=END_EC_PRIV;4478 break;4479 case RSA_TYPE: header=BEGIN_RSA_PRIV; footer=END_RSA_PRIV;4480 break;4481 case ED25519_TYPE: header=BEGIN_EDDSA_PRIV; footer=END_EDDSA_PRIV;4482 break;4483 case PUBLICKEY_TYPE: header=BEGIN_PUB_KEY; footer=END_PUB_KEY;4484 break;4485 default: header=BEGIN_RSA_PRIV; footer=END_RSA_PRIV;4486 break;4487 }4488 4489 /* find header */4490 for (;;) {4491 headerEnd = XSTRNSTR((char*)buff, header, sz);4492 4493 if (headerEnd || type != PRIVATEKEY_TYPE) {4494 break;4495 } else if (header == BEGIN_RSA_PRIV) {4496 header = BEGIN_PRIV_KEY; footer = END_PRIV_KEY;4497 } else if (header == BEGIN_PRIV_KEY) {4498 header = BEGIN_ENC_PRIV_KEY; footer = END_ENC_PRIV_KEY;4499 } else if (header == BEGIN_ENC_PRIV_KEY) {4500 header = BEGIN_EC_PRIV; footer = END_EC_PRIV;4501 } else if (header == BEGIN_EC_PRIV) {4502 header = BEGIN_DSA_PRIV; footer = END_DSA_PRIV;4503 } else if (header == BEGIN_DSA_PRIV) {4504 header = BEGIN_EDDSA_PRIV; footer = END_EDDSA_PRIV;4505 } else4506 break;4507 }4508 4509 if (!headerEnd) {4510 WOLFSSL_MSG("Couldn't find PEM header");4511 return SSL_NO_PEM_HEADER;4512 }4513 4514 headerEnd += XSTRLEN(header);4515 4516 if ((headerEnd + 1) >= bufferEnd)4517 return WOLFSSL_BAD_FILE;4518 4519 /* eat end of line */4520 if (headerEnd[0] == '\n')4521 headerEnd++;4522 else if (headerEnd[1] == '\n')4523 headerEnd += 2;4524 else {4525 if (info)4526 info->consumed = (long)(headerEnd+2 - (char*)buff);4527 return WOLFSSL_BAD_FILE;4528 }4529 4530 if (type == PRIVATEKEY_TYPE) {4531 if (eccKey)4532 *eccKey = header == BEGIN_EC_PRIV;4533 }4534 4535 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)4536 {4537 /* remove encrypted header if there */4538 char encHeader[] = "Proc-Type";4539 word32 headerEndSz = (word32)(bufferEnd - headerEnd);4540 char* line = XSTRNSTR(headerEnd, encHeader, min(headerEndSz,4541 PEM_LINE_LEN));4542 if (line != NULL) {4543 word32 lineSz;4544 char* finish;4545 word32 finishSz;4546 char* start;4547 word32 startSz;4548 char* newline;4549 4550 if (line >= bufferEnd) {4551 return WOLFSSL_BAD_FILE;4552 }4553 4554 lineSz = (word32)(bufferEnd - line);4555 start = XSTRNSTR(line, "DES", min(lineSz, PEM_LINE_LEN));4556 4557 if (start == NULL) {4558 start = XSTRNSTR(line, "AES", min(lineSz, PEM_LINE_LEN));4559 }4560 4561 if (start == NULL) return WOLFSSL_BAD_FILE;4562 if (info == NULL) return WOLFSSL_BAD_FILE;4563 4564 if (start >= bufferEnd) {4565 return WOLFSSL_BAD_FILE;4566 }4567 4568 startSz = (word32)(bufferEnd - start);4569 finish = XSTRNSTR(start, ",", min(startSz, PEM_LINE_LEN));4570 4571 if ((start != NULL) && (finish != NULL) && (start < finish)) {4572 if (finish >= bufferEnd) {4573 return WOLFSSL_BAD_FILE;4574 }4575 4576 finishSz = (word32)(bufferEnd - finish);4577 newline = XSTRNSTR(finish, "\r", min(finishSz, PEM_LINE_LEN));4578 4579 if (NAME_SZ < (finish - start)) /* buffer size of info->name*/4580 return BUFFER_E;4581 if (XMEMCPY(info->name, start, finish - start) == NULL)4582 return WOLFSSL_FATAL_ERROR;4583 info->name[finish - start] = 0;4584 if (finishSz < sizeof(info->iv) + 1)4585 return BUFFER_E;4586 if (XMEMCPY(info->iv, finish + 1, sizeof(info->iv)) == NULL)4587 return WOLFSSL_FATAL_ERROR;4588 4589 if (newline == NULL)4590 newline = XSTRNSTR(finish, "\n", min(finishSz,4591 PEM_LINE_LEN));4592 if ((newline != NULL) && (newline > finish)) {4593 info->ivSz = (word32)(newline - (finish + 1));4594 info->set = 1;4595 }4596 else4597 return WOLFSSL_BAD_FILE;4598 }4599 else4600 return WOLFSSL_BAD_FILE;4601 4602 /* eat blank line */4603 while (*newline == '\r' || *newline == '\n')4604 newline++;4605 headerEnd = newline;4606 4607 encrypted_key = 1;4608 }4609 }4610 #endif /* OPENSSL_EXTRA || HAVE_WEBSERVER */4611 4612 /* find footer */4613 footerEnd = XSTRNSTR((char*)buff, footer, sz);4614 if (!footerEnd) {4615 if (info)4616 info->consumed = longSz; /* No more certs if no footer */4617 return WOLFSSL_BAD_FILE;4618 }4619 4620 consumedEnd = footerEnd + XSTRLEN(footer);4621 4622 if (consumedEnd < bufferEnd) { /* handle no end of line on last line */4623 /* eat end of line */4624 if (consumedEnd[0] == '\n')4625 consumedEnd++;4626 else if ((consumedEnd + 1 < bufferEnd) && consumedEnd[1] == '\n')4627 consumedEnd += 2;4628 else {4629 if (info)4630 info->consumed = (long)(consumedEnd+2 - (char*)buff);4631 return WOLFSSL_BAD_FILE;4632 }4633 }4634 4635 if (info)4636 info->consumed = (long)(consumedEnd - (char*)buff);4637 4638 /* set up der buffer */4639 neededSz = (long)(footerEnd - headerEnd);4640 if (neededSz > sz || neededSz <= 0)4641 return WOLFSSL_BAD_FILE;4642 4643 ret = AllocDer(pDer, (word32)neededSz, type, heap);4644 if (ret < 0) {4645 return ret;4646 }4647 der = *pDer;4648 4649 if (Base64_Decode((byte*)headerEnd, (word32)neededSz,4650 der->buffer, &der->length) < 0)4651 return WOLFSSL_BAD_FILE;4652 4653 if (header == BEGIN_PRIV_KEY && !encrypted_key) {4654 /* pkcs8 key, convert and adjust length */4655 if ((ret = ToTraditional(der->buffer, der->length)) < 0)4656 return ret;4657 4658 der->length = ret;4659 return 0;4660 }4661 4662 #if (defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)) && !defined(NO_PWDBASED)4663 if (encrypted_key || header == BEGIN_ENC_PRIV_KEY) {4664 int passwordSz;4665 #ifdef WOLFSSL_SMALL_STACK4666 char* password = NULL;4667 #else4668 char password[80];4669 #endif4670 4671 if (!info || !info->ctx || !info->ctx->passwd_cb)4672 return WOLFSSL_BAD_FILE; /* no callback error */4673 4674 #ifdef WOLFSSL_SMALL_STACK4675 password = (char*)XMALLOC(80, heap, DYNAMIC_TYPE_STRING);4676 if (password == NULL)4677 return MEMORY_E;4678 #endif4679 passwordSz = info->ctx->passwd_cb(password, sizeof(password), 0,4680 info->ctx->userdata);4681 /* convert and adjust length */4682 if (header == BEGIN_ENC_PRIV_KEY) {4683 ret = ToTraditionalEnc(der->buffer, der->length,4684 password, passwordSz);4685 #ifdef WOLFSSL_SMALL_STACK4686 XFREE(password, NULL, DYNAMIC_TYPE_STRING);4687 #endif4688 if (ret < 0) {4689 return ret;4690 }4691 4692 der->length = ret;4693 }4694 /* decrypt the key */4695 else {4696 ret = wolfssl_decrypt_buffer_key(der, (byte*)password,4697 passwordSz, info);4698 #ifdef WOLFSSL_SMALL_STACK4699 XFREE(password, heap, DYNAMIC_TYPE_STRING);4700 #endif4701 if (ret != WOLFSSL_SUCCESS) {4702 return ret;4703 }4704 }4705 }4706 #endif /* OPENSSL_EXTRA || HAVE_WEBSERVER || NO_PWDBASED */4707 4708 return 0;4709 }4710 4711 4712 4393 4713 4394 /* process user cert chain to pass during the handshake */ … … 4722 4403 #endif 4723 4404 4405 if ((type == CA_TYPE) && (ctx == NULL)) { 4406 WOLFSSL_MSG("Need context for CA load"); 4407 return BAD_FUNC_ARG; 4408 } 4409 4724 4410 /* we may have a user cert chain, try to consume */ 4725 if ( type == CERT_TYPE && info->consumed < sz) {4726 4411 if ((type == CERT_TYPE || type == CA_TYPE) && (info->consumed < sz)) { 4412 #ifdef WOLFSSL_SMALL_STACK 4727 4413 byte staticBuffer[1]; /* force heap usage */ 4728 4414 #else 4729 4415 byte staticBuffer[FILE_BUFFER_SIZE]; /* tmp chain buffer */ 4730 4416 #endif 4731 4417 byte* chainBuffer = staticBuffer; 4732 4418 int dynamicBuffer = 0; 4733 word32 bufferSz = sizeof(staticBuffer);4419 word32 bufferSz; 4734 4420 long consumed = info->consumed; 4735 4421 word32 idx = 0; 4736 4422 int gotOne = 0; 4737 4423 4738 if ( (sz - consumed) > (int)bufferSz) { 4424 /* Calculate max possible size, including max headers */ 4425 bufferSz = (word32)(sz - consumed) + (CERT_HEADER_SZ * MAX_CHAIN_DEPTH); 4426 if (bufferSz > sizeof(staticBuffer)) { 4739 4427 WOLFSSL_MSG("Growing Tmp Chain Buffer"); 4740 bufferSz = (word32)(sz - consumed); 4741 /* will shrink to actual size */ 4428 /* will shrink to actual size */ 4742 4429 chainBuffer = (byte*)XMALLOC(bufferSz, heap, DYNAMIC_TYPE_FILE); 4743 4430 if (chainBuffer == NULL) { 4744 4431 return MEMORY_E; 4745 4432 } 4746 4433 dynamicBuffer = 1; 4747 4434 } 4748 4435 4749 4436 WOLFSSL_MSG("Processing Cert Chain"); 4750 4437 while (consumed < sz) { 4751 int eccKey = 0;4752 4438 DerBuffer* part = NULL; 4753 4439 word32 remain = (word32)(sz - consumed); … … 4755 4441 4756 4442 if (format == WOLFSSL_FILETYPE_PEM) { 4443 #ifdef WOLFSSL_PEM_TO_DER 4757 4444 ret = PemToDer(buff + consumed, remain, type, &part, 4758 heap, info, &eccKey); 4759 } 4445 heap, info, NULL); 4446 #else 4447 ret = NOT_COMPILED_IN; 4448 #endif 4449 } 4760 4450 else { 4761 4451 int length = remain; … … 4763 4453 /* get length of der (read sequence) */ 4764 4454 word32 inOutIdx = 0; 4765 if (GetSequence(buff + consumed, &inOutIdx, &length, remain) < 0) { 4766 ret = SSL_NO_PEM_HEADER; 4455 if (GetSequence(buff + consumed, &inOutIdx, &length, 4456 remain) < 0) { 4457 ret = ASN_NO_PEM_HEADER; 4767 4458 } 4768 length += inOutIdx; /* include leading s quence */4459 length += inOutIdx; /* include leading sequence */ 4769 4460 } 4770 4461 info->consumed = length; … … 4781 4472 cnt++; 4782 4473 #endif 4783 if ((idx + part->length ) > bufferSz) {4474 if ((idx + part->length + CERT_HEADER_SZ) > bufferSz) { 4784 4475 WOLFSSL_MSG(" Cert Chain bigger than buffer"); 4785 4476 ret = BUFFER_E; … … 4793 4484 if (used) 4794 4485 *used += info->consumed; 4486 } 4487 4488 /* add CA's to certificate manager */ 4489 if (type == CA_TYPE) { 4490 /* verify CA unless user set to no verify */ 4491 ret = AddCA(ctx->cm, &part, WOLFSSL_USER_CA, 4492 !ctx->verifyNone); 4493 gotOne = 0; /* don't exit loop for CA type */ 4795 4494 } 4796 4495 } 4496 4797 4497 FreeDer(&part); 4798 4498 4799 if (ret == SSL_NO_PEM_HEADER && gotOne) {4499 if (ret == ASN_NO_PEM_HEADER && gotOne) { 4800 4500 WOLFSSL_MSG("We got one good cert, so stuff at end ok"); 4801 4501 break; 4802 4502 } 4803 4503 4804 4504 if (ret < 0) { … … 4818 4518 if (ssl->buffers.weOwnCertChain) { 4819 4519 FreeDer(&ssl->buffers.certChain); 4820 4520 } 4821 4521 ret = AllocDer(&ssl->buffers.certChain, idx, type, heap); 4822 4522 if (ret == 0) { 4823 XMEMCPY(ssl->buffers.certChain->buffer, chainBuffer, idx); 4523 XMEMCPY(ssl->buffers.certChain->buffer, chainBuffer, 4524 idx); 4824 4525 ssl->buffers.weOwnCertChain = 1; 4825 4826 #ifdef WOLFSSL_TLS134526 } 4527 #ifdef WOLFSSL_TLS13 4827 4528 ssl->buffers.certChainCnt = cnt; 4828 4529 #endif … … 4833 4534 XMEMCPY(ctx->certChain->buffer, chainBuffer, idx); 4834 4535 } 4835 #ifdef WOLFSSL_TLS134536 #ifdef WOLFSSL_TLS13 4836 4537 ctx->certChainCnt = cnt; 4837 #endif4838 } 4839 4538 #endif 4539 } 4540 } 4840 4541 4841 4542 if (dynamicBuffer) … … 4860 4561 void* heap = wolfSSL_CTX_GetHeap(ctx, ssl); 4861 4562 int devId = wolfSSL_CTX_GetDevId(ctx, ssl); 4563 word32 idx; 4564 int keySz = 0; 4862 4565 #ifdef WOLFSSL_SMALL_STACK 4863 4566 EncryptedInfo* info = NULL; … … 4867 4570 4868 4571 (void)rsaKey; 4572 (void)devId; 4573 (void)idx; 4574 (void)keySz; 4869 4575 4870 4576 if (used) … … 4887 4593 4888 4594 XMEMSET(info, 0, sizeof(EncryptedInfo)); 4889 info->set = 0; 4890 info->ctx = ctx; 4891 info->consumed = 0; 4595 #ifdef WOLFSSL_ENCRYPTED_KEYS 4596 if (ctx) { 4597 info->passwd_cb = ctx->passwd_cb; 4598 info->passwd_userdata = ctx->passwd_userdata; 4599 } 4600 #endif 4892 4601 4893 4602 if (format == WOLFSSL_FILETYPE_PEM) { 4603 #ifdef WOLFSSL_PEM_TO_DER 4894 4604 ret = PemToDer(buff, sz, type, &der, heap, info, &eccKey); 4895 } 4896 else { /* ASN1 (DER) or RAW (NTRU) */ 4605 #else 4606 ret = NOT_COMPILED_IN; 4607 #endif 4608 } 4609 else { 4610 /* ASN1 (DER) or RAW (NTRU) */ 4897 4611 int length = (int)sz; 4898 4612 if (format == WOLFSSL_FILETYPE_ASN1) { … … 4901 4615 if (GetSequence(buff, &inOutIdx, &length, (word32)sz) < 0) { 4902 4616 ret = ASN_PARSE_E; 4903 } 4904 length += inOutIdx; /* include leading squence */ 4905 } 4617 } 4618 length += inOutIdx; /* include leading sequence */ 4619 } 4620 4906 4621 info->consumed = length; 4622 4907 4623 if (ret == 0) { 4908 4624 ret = AllocDer(&der, (word32)length, type, heap); … … 4910 4626 XMEMCPY(der->buffer, buff, length); 4911 4627 } 4912 }4913 }4628 } 4629 } 4914 4630 4915 4631 if (used) { 4916 4632 *used = info->consumed; 4917 }4633 } 4918 4634 4919 4635 /* process user chain */ 4920 4636 if (ret >= 0) { 4637 /* Chain should have server cert first, then intermediates, then root. 4638 * First certificate in chain is processed below after ProcessUserChain 4639 * and is loaded into ssl->buffers.certificate. 4640 * Remainder are processed using ProcessUserChain and are loaded into 4641 * ssl->buffers.certChain. */ 4921 4642 if (userChain) { 4922 4643 ret = ProcessUserChain(ctx, buff, sz, format, type, ssl, used, info); 4923 } 4924 } 4925 4926 /* check for error */ 4927 if (ret < 0) { 4928 #ifdef WOLFSSL_SMALL_STACK 4929 XFREE(info, heap, DYNAMIC_TYPE_ENCRYPTEDINFO); 4930 #endif 4931 FreeDer(&der); 4932 return ret; 4933 } 4934 4935 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) 4644 } 4645 } 4646 4647 #ifdef WOLFSSL_ENCRYPTED_KEYS 4936 4648 /* for WOLFSSL_FILETYPE_PEM, PemToDer manage the decryption if required */ 4937 if ( info->set && (format != WOLFSSL_FILETYPE_PEM)) {4649 if (ret >= 0 && info->set && format != WOLFSSL_FILETYPE_PEM) { 4938 4650 /* decrypt */ 4939 int passwordSz ;4651 int passwordSz = NAME_SZ; 4940 4652 #ifdef WOLFSSL_SMALL_STACK 4941 4653 char* password = NULL; 4942 4654 #else 4943 char password[ 80];4655 char password[NAME_SZ]; 4944 4656 #endif 4945 4657 4946 4658 #ifdef WOLFSSL_SMALL_STACK 4947 password = (char*)XMALLOC( 80, heap, DYNAMIC_TYPE_STRING);4659 password = (char*)XMALLOC(passwordSz, heap, DYNAMIC_TYPE_STRING); 4948 4660 if (password == NULL) 4949 4661 ret = MEMORY_E; 4950 4662 else 4951 4663 #endif 4952 if (!ctx || !ctx->passwd_cb) { 4664 if (info->passwd_cb == NULL) { 4665 WOLFSSL_MSG("No password callback set"); 4953 4666 ret = NO_PASSWORD; 4954 4667 } 4955 4668 else { 4956 passwordSz = ctx->passwd_cb(password, sizeof(password), 4957 0, ctx->userdata); 4958 4959 /* decrypt the key */ 4960 ret = wolfssl_decrypt_buffer_key(der, (byte*)password, 4961 passwordSz, info); 4962 } 4669 ret = info->passwd_cb(password, passwordSz, PEM_PASS_READ, 4670 info->passwd_userdata); 4671 if (ret >= 0) { 4672 passwordSz = ret; 4673 4674 /* decrypt the key */ 4675 ret = wc_BufferKeyDecrypt(info, der->buffer, der->length, 4676 (byte*)password, passwordSz, WC_MD5); 4677 4678 ForceZero(password, passwordSz); 4679 } 4680 } 4963 4681 4964 4682 #ifdef WOLFSSL_SMALL_STACK 4965 4683 XFREE(password, heap, DYNAMIC_TYPE_STRING); 4966 4684 #endif 4967 4968 if (ret != WOLFSSL_SUCCESS) { 4969 #ifdef WOLFSSL_SMALL_STACK 4970 XFREE(info, heap, DYNAMIC_TYPE_ENCRYPTEDINFO); 4971 #endif 4972 FreeDer(&der); 4973 return ret; 4974 } 4975 } 4976 #endif /* OPENSSL_EXTRA || HAVE_WEBSERVER */ 4977 4978 #ifdef WOLFSSL_SMALL_STACK 4685 } 4686 #endif /* WOLFSSL_ENCRYPTED_KEYS */ 4687 4688 #ifdef WOLFSSL_SMALL_STACK 4979 4689 XFREE(info, heap, DYNAMIC_TYPE_ENCRYPTEDINFO); 4980 #endif 4690 #endif 4691 4692 /* check for error */ 4693 if (ret < 0) { 4694 FreeDer(&der); 4695 return ret; 4696 } 4981 4697 4982 4698 /* Handle DER owner */ … … 4989 4705 /* verify CA unless user set to no verify */ 4990 4706 return AddCA(ctx->cm, &der, WOLFSSL_USER_CA, !ctx->verifyNone); 4991 }4707 } 4992 4708 #ifdef WOLFSSL_TRUST_PEER_CERT 4993 4709 else if (type == TRUSTED_PEER_TYPE) { … … 5006 4722 if (ssl->buffers.weOwnCert) { 5007 4723 FreeDer(&ssl->buffers.certificate); 5008 5009 5010 5011 5012 5013 5014 4724 #ifdef KEEP_OUR_CERT 4725 FreeX509(ssl->ourCert); 4726 if (ssl->ourCert) { 4727 XFREE(ssl->ourCert, ssl->heap, DYNAMIC_TYPE_X509); 4728 ssl->ourCert = NULL; 4729 } 4730 #endif 5015 4731 } 5016 4732 ssl->buffers.certificate = der; 5017 5018 5019 4733 #ifdef KEEP_OUR_CERT 4734 ssl->keepCert = 1; /* hold cert for ssl lifetime */ 4735 #endif 5020 4736 ssl->buffers.weOwnCert = 1; 5021 }4737 } 5022 4738 else if (ctx) { 5023 4739 FreeDer(&ctx->certificate); /* Make sure previous is free'd */ … … 5027 4743 FreeX509(ctx->ourCert); 5028 4744 XFREE(ctx->ourCert, ctx->heap, DYNAMIC_TYPE_X509); 5029 4745 } 5030 4746 ctx->ourCert = NULL; 5031 4747 } 5032 4748 #endif 5033 4749 ctx->certificate = der; 5034 }5035 }4750 } 4751 } 5036 4752 else if (type == PRIVATEKEY_TYPE) { 5037 4753 if (ssl) { … … 5039 4755 if (ssl->buffers.weOwnKey) { 5040 4756 FreeDer(&ssl->buffers.key); 5041 }4757 } 5042 4758 ssl->buffers.key = der; 5043 4759 ssl->buffers.weOwnKey = 1; 5044 }4760 } 5045 4761 else if (ctx) { 5046 4762 FreeDer(&ctx->privateKey); 5047 4763 ctx->privateKey = der; 5048 }5049 }5050 else {4764 } 4765 } 4766 else { 5051 4767 FreeDer(&der); 5052 4768 return WOLFSSL_BAD_CERTTYPE; 5053 }4769 } 5054 4770 5055 4771 if (type == PRIVATEKEY_TYPE && format != WOLFSSL_FILETYPE_RAW) { … … 5057 4773 if (!eccKey && !ed25519Key) { 5058 4774 /* make sure RSA key can be used */ 5059 word32 idx = 0;5060 4775 #ifdef WOLFSSL_SMALL_STACK 5061 4776 RsaKey* key = NULL; … … 5072 4787 ret = wc_InitRsaKey_ex(key, heap, devId); 5073 4788 if (ret == 0) { 4789 idx = 0; 5074 4790 if (wc_RsaPrivateKeyDecode(der->buffer, &idx, key, der->length) 5075 4791 != 0) { 5076 4792 #ifdef HAVE_ECC 5077 4793 /* could have DER ECC (or pkcs8 ecc), no easy way to tell */ 5078 eccKey = 1; /* so try it out */ 4794 eccKey = 1; /* try it next */ 4795 #elif defined(HAVE_ED25519) 4796 ed25519Key = 1; /* try it next */ 5079 4797 #else 5080 4798 WOLFSSL_MSG("RSA decode failed and ECC not enabled to try"); 5081 4799 ret = WOLFSSL_BAD_FILE; 5082 4800 #endif 5083 } else { 4801 } 4802 else { 5084 4803 /* check that the size of the RSA key is enough */ 5085 int rsaSz = wc_RsaEncryptSize((RsaKey*)key); 5086 5087 if (ssl) { 5088 if (rsaSz < ssl->options.minRsaKeySz) { 5089 ret = RSA_KEY_SIZE_E; 5090 WOLFSSL_MSG("Private Key size too small"); 5091 } 4804 int minRsaSz = ssl ? ssl->options.minRsaKeySz : 4805 ctx->minRsaKeySz; 4806 keySz = wc_RsaEncryptSize((RsaKey*)key); 4807 if (keySz < minRsaSz) { 4808 ret = RSA_KEY_SIZE_E; 4809 WOLFSSL_MSG("Private Key size too small"); 4810 } 4811 4812 if (ssl) { 5092 4813 ssl->buffers.keyType = rsa_sa_algo; 5093 #ifdef WC_RSA_PSS 5094 ssl->buffers.keySz = rsaSz; 5095 #endif 5096 } 4814 ssl->buffers.keySz = keySz; 4815 } 5097 4816 else if(ctx) { 5098 if (rsaSz < ctx->minRsaKeySz) {5099 ret = RSA_KEY_SIZE_E;5100 WOLFSSL_MSG("Private Key size too small");5101 }5102 4817 ctx->privateKeyType = rsa_sa_algo; 5103 #ifdef WC_RSA_PSS 5104 ctx->privateKeySz = rsaSz; 5105 #endif 5106 } 4818 ctx->privateKeySz = keySz; 4819 } 4820 5107 4821 rsaKey = 1; 5108 4822 (void)rsaKey; /* for no ecc builds */ … … 5111 4825 ssl->options.haveStaticECC = 0; 5112 4826 resetSuites = 1; 5113 5114 4827 } 4828 } 5115 4829 5116 4830 wc_FreeRsaKey(key); 5117 4831 } 5118 4832 5119 4833 #ifdef WOLFSSL_SMALL_STACK … … 5122 4836 5123 4837 if (ret != 0) 5124 5125 4838 return ret; 4839 } 5126 4840 #endif 5127 4841 #ifdef HAVE_ECC 5128 4842 if (!rsaKey && !ed25519Key) { 5129 4843 /* make sure ECC key can be used */ 5130 word32 idx = 0; 5131 ecc_key key; 5132 5133 if (wc_ecc_init_ex(&key, heap, devId) == 0) { 5134 if (wc_EccPrivateKeyDecode(der->buffer, &idx, &key, 4844 #ifdef WOLFSSL_SMALL_STACK 4845 ecc_key* key = NULL; 4846 #else 4847 ecc_key key[1]; 4848 #endif 4849 4850 #ifdef WOLFSSL_SMALL_STACK 4851 key = (ecc_key*)XMALLOC(sizeof(ecc_key), heap, DYNAMIC_TYPE_ECC); 4852 if (key == NULL) 4853 return MEMORY_E; 4854 #endif 4855 4856 if (wc_ecc_init_ex(key, heap, devId) == 0) { 4857 idx = 0; 4858 if (wc_EccPrivateKeyDecode(der->buffer, &idx, key, 5135 4859 der->length) == 0) { 5136 5137 4860 /* check for minimum ECC key size and then free */ 5138 if (ssl) { 5139 if (wc_ecc_size(&key) < ssl->options.minEccKeySz) { 5140 wc_ecc_free(&key); 5141 WOLFSSL_MSG("ECC private key too small"); 5142 return ECC_KEY_SIZE_E; 5143 } 5144 } 5145 else if (ctx) { 5146 if (wc_ecc_size(&key) < ctx->minEccKeySz) { 5147 wc_ecc_free(&key); 5148 WOLFSSL_MSG("ECC private key too small"); 5149 return ECC_KEY_SIZE_E; 5150 } 5151 } 4861 int minKeySz = ssl ? ssl->options.minEccKeySz : 4862 ctx->minEccKeySz; 4863 keySz = wc_ecc_size(key); 4864 if (keySz < minKeySz) { 4865 WOLFSSL_MSG("ECC private key too small"); 4866 ret = ECC_KEY_SIZE_E; 4867 } 5152 4868 5153 4869 eccKey = 1; … … 5155 4871 ssl->options.haveStaticECC = 1; 5156 4872 ssl->buffers.keyType = ecc_dsa_sa_algo; 5157 } 4873 ssl->buffers.keySz = keySz; 4874 } 5158 4875 else if (ctx) { 5159 4876 ctx->haveStaticECC = 1; 5160 4877 ctx->privateKeyType = ecc_dsa_sa_algo; 4878 ctx->privateKeySz = keySz; 4879 } 4880 4881 if (ssl && ssl->options.side == WOLFSSL_SERVER_END) { 4882 resetSuites = 1; 4883 } 4884 } 4885 else 4886 eccKey = 0; 4887 4888 wc_ecc_free(key); 4889 } 4890 4891 #ifdef WOLFSSL_SMALL_STACK 4892 XFREE(key, heap, DYNAMIC_TYPE_ECC); 4893 #endif 4894 4895 if (ret != 0) 4896 return ret; 4897 } 4898 #endif /* HAVE_ECC */ 4899 #ifdef HAVE_ED25519 4900 if (!rsaKey && !eccKey) { 4901 /* make sure Ed25519 key can be used */ 4902 #ifdef WOLFSSL_SMALL_STACK 4903 ed25519_key* key = NULL; 4904 #else 4905 ed25519_key key[1]; 4906 #endif 4907 4908 #ifdef WOLFSSL_SMALL_STACK 4909 key = (ed25519_key*)XMALLOC(sizeof(ed25519_key), heap, 4910 DYNAMIC_TYPE_ED25519); 4911 if (key == NULL) 4912 return MEMORY_E; 4913 #endif 4914 4915 ret = wc_ed25519_init(key); 4916 if (ret == 0) { 4917 idx = 0; 4918 if (wc_Ed25519PrivateKeyDecode(der->buffer, &idx, key, 4919 der->length) != 0) { 4920 ret = WOLFSSL_BAD_FILE; 4921 } 4922 4923 if (ret == 0) { 4924 /* check for minimum key size and then free */ 4925 int minKeySz = ssl ? ssl->options.minEccKeySz : 4926 ctx->minEccKeySz; 4927 keySz = ED25519_KEY_SIZE; 4928 if (keySz < minKeySz) { 4929 WOLFSSL_MSG("ED25519 private key too small"); 4930 ret = ECC_KEY_SIZE_E; 4931 } 5161 4932 } 5162 4933 if (ret == 0) { 4934 if (ssl) { 4935 ssl->buffers.keyType = ed25519_sa_algo; 4936 ssl->buffers.keySz = keySz; 4937 } 4938 else if (ctx) { 4939 ctx->privateKeyType = ed25519_sa_algo; 4940 ctx->privateKeySz = keySz; 4941 } 4942 4943 ed25519Key = 1; 5163 4944 if (ssl && ssl->options.side == WOLFSSL_SERVER_END) { 5164 4945 resetSuites = 1; 5165 4946 } 5166 4947 } 5167 else 5168 eccKey = 0; 5169 5170 wc_ecc_free(&key); 5171 } 5172 } 5173 #endif /* HAVE_ECC */ 5174 #ifdef HAVE_ED25519 5175 if (!rsaKey && !eccKey) { 5176 /* make sure Ed25519 key can be used */ 5177 word32 idx = 0; 5178 ed25519_key key; 5179 5180 ret = wc_ed25519_init(&key); 5181 if (ret != 0) { 4948 4949 wc_ed25519_free(key); 4950 } 4951 4952 #ifdef WOLFSSL_SMALL_STACK 4953 XFREE(key, heap, DYNAMIC_TYPE_ED25519); 4954 #endif 4955 if (ret != 0) 5182 4956 return ret; 5183 4957 } 5184 5185 if (wc_Ed25519PrivateKeyDecode(der->buffer, &idx, &key, 5186 der->length) != 0) { 5187 wc_ed25519_free(&key); 5188 return WOLFSSL_BAD_FILE; 5189 } 5190 5191 /* check for minimum key size and then free */ 5192 if (ssl) { 5193 if (ED25519_KEY_SIZE < ssl->options.minEccKeySz) { 5194 wc_ed25519_free(&key); 5195 WOLFSSL_MSG("ED25519 private key too small"); 5196 return ECC_KEY_SIZE_E; 5197 } 5198 ssl->buffers.keyType = ed25519_sa_algo; 5199 } 5200 else if (ctx) { 5201 if (ED25519_KEY_SIZE < ctx->minEccKeySz) { 5202 wc_ed25519_free(&key); 5203 WOLFSSL_MSG("ED25519 private key too small"); 5204 return ECC_KEY_SIZE_E; 5205 } 5206 ctx->privateKeyType = ed25519_sa_algo; 5207 } 5208 5209 wc_ed25519_free(&key); 5210 ed25519Key = 1; 5211 5212 if (ssl && ssl->options.side == WOLFSSL_SERVER_END) { 5213 resetSuites = 1; 5214 } 5215 } 5216 #endif 5217 4958 #else 5218 4959 if (!rsaKey && !eccKey && !ed25519Key) 5219 4960 return WOLFSSL_BAD_FILE; 5220 4961 #endif 5221 4962 (void)ed25519Key; 5222 4963 (void)devId; … … 5227 4968 #else 5228 4969 DecodedCert cert[1]; 4970 #endif 4971 #ifdef HAVE_PK_CALLBACKS 4972 int keyType = 0; 5229 4973 #endif 5230 4974 … … 5279 5023 } 5280 5024 5281 #if def HAVE_ECC5025 #if defined(HAVE_ECC) || defined(HAVE_ED25519) 5282 5026 if (ssl) { 5283 5027 ssl->pkCurveOID = cert->pkCurveOID; … … 5316 5060 #ifndef NO_RSA 5317 5061 case RSAk: 5062 #ifdef HAVE_PK_CALLBACKS 5063 keyType = rsa_sa_algo; 5064 #endif 5065 /* Determine RSA key size by parsing public key */ 5066 idx = 0; 5067 ret = wc_RsaPublicKeyDecode_ex(cert->publicKey, &idx, 5068 cert->pubKeySize, NULL, (word32*)&keySz, NULL, NULL); 5069 if (ret < 0) 5070 break; 5071 5318 5072 if (ssl && !ssl->options.verifyNone) { 5319 5073 if (ssl->options.minRsaKeySz < 0 || 5320 cert->pubKeySize < (word16)ssl->options.minRsaKeySz) {5074 keySz < (int)ssl->options.minRsaKeySz) { 5321 5075 ret = RSA_KEY_SIZE_E; 5322 5076 WOLFSSL_MSG("Certificate RSA key size too small"); … … 5325 5079 else if (ctx && !ctx->verifyNone) { 5326 5080 if (ctx->minRsaKeySz < 0 || 5327 cert->pubKeySize < (word16)ctx->minRsaKeySz) {5081 keySz < (int)ctx->minRsaKeySz) { 5328 5082 ret = RSA_KEY_SIZE_E; 5329 5083 WOLFSSL_MSG("Certificate RSA key size too small"); … … 5334 5088 #ifdef HAVE_ECC 5335 5089 case ECDSAk: 5090 #ifdef HAVE_PK_CALLBACKS 5091 keyType = ecc_dsa_sa_algo; 5092 #endif 5093 /* Determine ECC key size based on curve */ 5094 keySz = wc_ecc_get_curve_size_from_id( 5095 wc_ecc_get_oid(cert->pkCurveOID, NULL, NULL)); 5096 5336 5097 if (ssl && !ssl->options.verifyNone) { 5337 5098 if (ssl->options.minEccKeySz < 0 || 5338 cert->pubKeySize < (word16)ssl->options.minEccKeySz) {5099 keySz < (int)ssl->options.minEccKeySz) { 5339 5100 ret = ECC_KEY_SIZE_E; 5340 5101 WOLFSSL_MSG("Certificate ECC key size error"); … … 5343 5104 else if (ctx && !ctx->verifyNone) { 5344 5105 if (ctx->minEccKeySz < 0 || 5345 cert->pubKeySize < (word16)ctx->minEccKeySz) {5106 keySz < (int)ctx->minEccKeySz) { 5346 5107 ret = ECC_KEY_SIZE_E; 5347 5108 WOLFSSL_MSG("Certificate ECC key size error"); … … 5352 5113 #ifdef HAVE_ED25519 5353 5114 case ED25519k: 5115 #ifdef HAVE_PK_CALLBACKS 5116 keyType = ed25519_sa_algo; 5117 #endif 5118 /* ED25519 is fixed key size */ 5119 keySz = ED25519_KEY_SIZE; 5354 5120 if (ssl && !ssl->options.verifyNone) { 5355 5121 if (ssl->options.minEccKeySz < 0 || 5356 ED25519_KEY_SIZE < (word16)ssl->options.minEccKeySz) {5122 keySz < (int)ssl->options.minEccKeySz) { 5357 5123 ret = ECC_KEY_SIZE_E; 5358 5124 WOLFSSL_MSG("Certificate Ed key size error"); … … 5361 5127 else if (ctx && !ctx->verifyNone) { 5362 5128 if (ctx->minEccKeySz < 0 || 5363 ED25519_KEY_SIZE < (word16)ctx->minEccKeySz) {5129 keySz < (int)ctx->minEccKeySz) { 5364 5130 ret = ECC_KEY_SIZE_E; 5365 5131 WOLFSSL_MSG("Certificate ECC key size error"); … … 5374 5140 } 5375 5141 5142 #ifdef HAVE_PK_CALLBACKS 5143 if (ssl && ssl->buffers.keyType == 0) { 5144 ssl->buffers.keyType = keyType; 5145 ssl->buffers.keySz = keySz; 5146 } 5147 else if (ctx && ctx->privateKeyType == 0) { 5148 ctx->privateKeyType = keyType; 5149 ctx->privateKeySz = keySz; 5150 } 5151 #endif 5152 5376 5153 FreeDecodedCert(cert); 5377 5154 #ifdef WOLFSSL_SMALL_STACK … … 5396 5173 haveRSA = 1; 5397 5174 #endif 5175 #ifndef NO_CERTS 5176 keySz = ssl->buffers.keySz; 5177 #endif 5398 5178 5399 5179 /* let's reset suites */ 5400 InitSuites(ssl->suites, ssl->version, ssl->buffers.keySz, haveRSA,5180 InitSuites(ssl->suites, ssl->version, keySz, haveRSA, 5401 5181 havePSK, ssl->options.haveDH, ssl->options.haveNTRU, 5402 5182 ssl->options.haveECDSAsig, ssl->options.haveECC, … … 5432 5212 if (PemToDer(buff + used, sz - used, CRL_TYPE, &der, NULL, &info, 5433 5213 NULL) == 0) { 5434 WOLFSSL_MSG(" Proc cessed a CRL");5214 WOLFSSL_MSG(" Processed a CRL"); 5435 5215 wolfSSL_CertManagerLoadCRLBuffer(ctx->cm, der->buffer, 5436 5216 der->length, WOLFSSL_FILETYPE_ASN1); … … 5442 5222 #endif 5443 5223 #endif 5444 if (ret < 0) 5445 { 5224 if (ret < 0) { 5446 5225 if(consumed > 0) { /* Made progress in file */ 5447 5226 WOLFSSL_ERROR(ret); 5448 5227 WOLFSSL_MSG("CA Parse failed, with progress in file."); 5449 5228 WOLFSSL_MSG("Search for other certs in file"); 5450 } else { 5229 } 5230 else { 5451 5231 WOLFSSL_MSG("CA Parse failed, no progress in file."); 5452 5232 WOLFSSL_MSG("Do not continue search for other certs in file"); 5453 5233 break; 5454 5234 } 5455 } else { 5235 } 5236 else { 5456 5237 WOLFSSL_MSG(" Processed a CA"); 5457 5238 gotOne = 1; … … 5460 5241 } 5461 5242 5462 if(gotOne) 5463 { 5243 if (gotOne) { 5464 5244 WOLFSSL_MSG("Processed at least one valid CA. Other stuff OK"); 5465 5245 return WOLFSSL_SUCCESS; … … 5469 5249 5470 5250 5471 static INLINE WOLFSSL_METHOD* cm_pick_method(void)5251 static WC_INLINE WOLFSSL_METHOD* cm_pick_method(void) 5472 5252 { 5473 5253 #ifndef NO_WOLFSSL_CLIENT 5474 #if defined(WOLFSSL_ALLOW_SSLV3) && !defined(NO_OLD_TLS)5254 #if !defined(NO_OLD_TLS) && defined(WOLFSSL_ALLOW_SSLV3) 5475 5255 return wolfSSLv3_client_method(); 5256 #elif !defined(NO_OLD_TLS) && defined(WOLFSSL_ALLOW_TLSV10) 5257 return wolfTLSv1_client_method(); 5258 #elif !defined(NO_OLD_TLS) 5259 return wolfTLSv1_1_client_method(); 5260 #elif !defined(WOLFSSL_NO_TLS12) 5261 return wolfTLSv1_2_client_method(); 5262 #elif defined(WOLFSSL_TLS13) 5263 return wolfTLSv1_3_client_method(); 5476 5264 #else 5477 return wolfTLSv1_2_client_method();5265 return NULL; 5478 5266 #endif 5479 5267 #elif !defined(NO_WOLFSSL_SERVER) 5480 #if defined(WOLFSSL_ALLOW_SSLV3) && !defined(NO_OLD_TLS)5268 #if !defined(NO_OLD_TLS) && defined(WOLFSSL_ALLOW_SSLV3) 5481 5269 return wolfSSLv3_server_method(); 5270 #elif !defined(NO_OLD_TLS) && defined(WOLFSSL_ALLOW_TLSV10) 5271 return wolfTLSv1_server_method(); 5272 #elif !defined(NO_OLD_TLS) 5273 return wolfTLSv1_1_server_method(); 5274 #elif !defined(WOLFSSL_NO_TLS12) 5275 return wolfTLSv1_2_server_method(); 5276 #elif defined(WOLFSSL_TLS13) 5277 return wolfTLSv1_3_server_method(); 5482 5278 #else 5483 return wolfTLSv1_2_server_method();5279 return NULL; 5484 5280 #endif 5485 5281 #else … … 5641 5437 5642 5438 if (format == WOLFSSL_FILETYPE_PEM) { 5643 int eccKey = 0; /* not used */ 5644 #ifdef WOLFSSL_SMALL_STACK 5645 EncryptedInfo* info = NULL; 5646 #else 5647 EncryptedInfo info[1]; 5648 #endif 5649 5650 #ifdef WOLFSSL_SMALL_STACK 5651 info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), cm->heap, 5652 DYNAMIC_TYPE_ENCRYPTEDINFO); 5653 if (info == NULL) { 5654 XFREE(cert, cm->heap, DYNAMIC_TYPE_DCERT); 5655 return MEMORY_E; 5656 } 5657 #endif 5658 5659 info->set = 0; 5660 info->ctx = NULL; 5661 info->consumed = 0; 5662 5663 ret = PemToDer(buff, sz, CERT_TYPE, &der, cm->heap, info, &eccKey); 5439 #ifdef WOLFSSL_PEM_TO_DER 5440 ret = PemToDer(buff, sz, CERT_TYPE, &der, cm->heap, NULL, NULL); 5664 5441 if (ret != 0) { 5665 5442 FreeDer(&der); 5666 5443 #ifdef WOLFSSL_SMALL_STACK 5667 5444 XFREE(cert, cm->heap, DYNAMIC_TYPE_DCERT); 5668 XFREE(info, cm->heap, DYNAMIC_TYPE_ENCRYPTEDINFO);5669 5445 #endif 5670 5446 return ret; 5671 5447 } 5672 5448 InitDecodedCert(cert, der->buffer, der->length, cm->heap); 5673 5674 #ifdef WOLFSSL_SMALL_STACK 5675 XFREE(info, cm->heap, DYNAMIC_TYPE_ENCRYPTEDINFO); 5449 #else 5450 ret = NOT_COMPILED_IN; 5676 5451 #endif 5677 5452 } 5678 else 5453 else { 5679 5454 InitDecodedCert(cert, (byte*)buff, (word32)sz, cm->heap); 5455 } 5680 5456 5681 5457 if (ret == 0) … … 5767 5543 #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ 5768 5544 || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) 5545 #ifndef NO_WOLFSSL_SERVER 5769 5546 if (cm->ocsp_stapling == NULL) { 5770 5547 cm->ocsp_stapling = (WOLFSSL_OCSP*)XMALLOC(sizeof(WOLFSSL_OCSP), … … 5780 5557 } 5781 5558 } 5782 cm->ocspStaplingEnabled = 1;5783 5559 5784 5560 #ifndef WOLFSSL_USER_IO … … 5787 5563 cm->ocspIOCtx = cm->heap; 5788 5564 #endif /* WOLFSSL_USER_IO */ 5565 #endif /* NO_WOLFSSL_SERVER */ 5566 cm->ocspStaplingEnabled = 1; 5789 5567 #else 5790 5568 ret = NOT_COMPILED_IN; … … 5811 5589 return ret; 5812 5590 } 5813 5814 5591 #if defined(SESSION_CERTS) 5592 WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_get_peer_cert_chain(const WOLFSSL* ssl) 5593 { 5594 WOLFSSL_ENTER("wolfSSL_get_peer_cert_chain"); 5595 if ((ssl == NULL) || (ssl->session.chain.count == 0)) 5596 return NULL; 5597 else 5598 return (WOLF_STACK_OF(WOLFSSL_X509)* )&ssl->session.chain; 5599 } 5600 #endif 5815 5601 #ifdef HAVE_OCSP 5816 5817 5602 5818 5603 /* check CRL if enabled, WOLFSSL_SUCCESS */ … … 6049 5834 file = XFOPEN(fname, "rb"); 6050 5835 if (file == XBADFILE) return WOLFSSL_BAD_FILE; 6051 XFSEEK(file, 0, XSEEK_END); 5836 if (XFSEEK(file, 0, XSEEK_END) != 0) { 5837 XFCLOSE(file); 5838 return WOLFSSL_BAD_FILE; 5839 } 6052 5840 sz = XFTELL(file); 6053 5841 XREWIND(file); … … 6089 5877 } 6090 5878 6091 6092 5879 /* loads file then loads each file in path, no c_rehash */ 6093 int wolfSSL_CTX_load_verify_locations (WOLFSSL_CTX* ctx, const char* file,6094 const char* path )5880 int wolfSSL_CTX_load_verify_locations_ex(WOLFSSL_CTX* ctx, const char* file, 5881 const char* path, word32 flags) 6095 5882 { 6096 5883 int ret = WOLFSSL_SUCCESS; 6097 5884 #ifndef NO_WOLFSSL_DIR 6098 5885 int fileRet; 6099 #endif 6100 6101 WOLFSSL_ENTER("wolfSSL_CTX_load_verify_locations"); 5886 int successCount = 0; 5887 int failCount = 0; 5888 #endif 5889 5890 WOLFSSL_MSG("wolfSSL_CTX_load_verify_locations_ex"); 6102 5891 6103 5892 if (ctx == NULL || (file == NULL && path == NULL) ) … … 6123 5912 fileRet = wc_ReadDirFirst(readCtx, path, &name); 6124 5913 while (fileRet == 0 && name) { 5914 WOLFSSL_MSG(name); /* log file name */ 6125 5915 ret = ProcessFile(ctx, name, WOLFSSL_FILETYPE_PEM, CA_TYPE, 6126 5916 NULL, 0, NULL); 6127 if (ret != WOLFSSL_SUCCESS) 6128 break; 5917 if (ret != WOLFSSL_SUCCESS) { 5918 /* handle flags for ignoring errors, skipping expired certs or 5919 by PEM certificate header error */ 5920 if ( (flags & WOLFSSL_LOAD_FLAG_IGNORE_ERR) || 5921 ((flags & WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY) && 5922 (ret == ASN_BEFORE_DATE_E || ret == ASN_AFTER_DATE_E)) || 5923 ((flags & WOLFSSL_LOAD_FLAG_PEM_CA_ONLY) && 5924 (ret == ASN_NO_PEM_HEADER))) { 5925 /* Do not fail here if a certificate fails to load, 5926 continue to next file */ 5927 ret = WOLFSSL_SUCCESS; 5928 } 5929 else { 5930 WOLFSSL_ERROR(ret); 5931 WOLFSSL_MSG("Load CA file failed, continuing"); 5932 failCount++; 5933 } 5934 } 5935 else { 5936 successCount++; 5937 } 6129 5938 fileRet = wc_ReadDirNext(readCtx, path, &name); 6130 5939 } … … 6132 5941 6133 5942 /* pass directory read failure to response code */ 6134 if ( ret == WOLFSSL_SUCCESS && fileRet != -1) {5943 if (fileRet != WC_READDIR_NOFILE) { 6135 5944 ret = fileRet; 5945 } 5946 /* report failure if no files were loaded or there were failures */ 5947 else if (successCount == 0 || failCount > 0) { 5948 /* use existing error code if exists */ 5949 if (ret == WOLFSSL_SUCCESS) 5950 ret = WOLFSSL_FAILURE; 5951 } 5952 else { 5953 ret = WOLFSSL_SUCCESS; 6136 5954 } 6137 5955 … … 6141 5959 #else 6142 5960 ret = NOT_COMPILED_IN; 5961 (void)flags; 6143 5962 #endif 6144 5963 } 6145 5964 6146 5965 return ret; 5966 } 5967 5968 #ifndef WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS 5969 #define WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS WOLFSSL_LOAD_FLAG_NONE 5970 #endif 5971 int wolfSSL_CTX_load_verify_locations(WOLFSSL_CTX* ctx, const char* file, 5972 const char* path) 5973 { 5974 return wolfSSL_CTX_load_verify_locations_ex(ctx, file, path, 5975 WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS); 6147 5976 } 6148 5977 … … 6185 6014 6186 6015 if (file == XBADFILE) return WOLFSSL_BAD_FILE; 6187 XFSEEK(file, 0, XSEEK_END); 6016 if(XFSEEK(file, 0, XSEEK_END) != 0) { 6017 XFCLOSE(file); 6018 return WOLFSSL_BAD_FILE; 6019 } 6188 6020 sz = XFTELL(file); 6189 6021 XREWIND(file); … … 6252 6084 6253 6085 6254 6255 6256 int wolfSSL_CTX_check_private_key(WOLFSSL_CTX* ctx) 6257 { 6258 /* TODO: check private against public for RSA match */ 6259 (void)ctx; 6260 WOLFSSL_ENTER("SSL_CTX_check_private_key"); 6261 return WOLFSSL_SUCCESS; 6262 } 6263 6086 /* Check private against public in certificate for match 6087 * 6088 * ctx WOLFSSL_CTX structure to check private key in 6089 * 6090 * Returns SSL_SUCCESS on good private key and SSL_FAILURE if miss matched. */ 6091 int wolfSSL_CTX_check_private_key(const WOLFSSL_CTX* ctx) 6092 { 6093 #ifdef WOLFSSL_SMALL_STACK 6094 DecodedCert* der = NULL; 6095 #else 6096 DecodedCert der[1]; 6097 #endif 6098 word32 size; 6099 byte* buff; 6100 int ret; 6101 6102 WOLFSSL_ENTER("wolfSSL_CTX_check_private_key"); 6103 6104 if (ctx == NULL) { 6105 return WOLFSSL_FAILURE; 6106 } 6107 6108 #ifndef NO_CERTS 6109 #ifdef WOLFSSL_SMALL_STACK 6110 der = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, DYNAMIC_TYPE_DCERT); 6111 if (der == NULL) 6112 return MEMORY_E; 6113 #endif 6114 6115 size = ctx->certificate->length; 6116 buff = ctx->certificate->buffer; 6117 InitDecodedCert(der, buff, size, ctx->heap); 6118 if (ParseCertRelative(der, CERT_TYPE, NO_VERIFY, NULL) != 0) { 6119 FreeDecodedCert(der); 6120 #ifdef WOLFSSL_SMALL_STACK 6121 XFREE(der, NULL, DYNAMIC_TYPE_DCERT); 6122 #endif 6123 return WOLFSSL_FAILURE; 6124 } 6125 6126 size = ctx->privateKey->length; 6127 buff = ctx->privateKey->buffer; 6128 ret = wc_CheckPrivateKey(buff, size, der); 6129 FreeDecodedCert(der); 6130 #ifdef WOLFSSL_SMALL_STACK 6131 XFREE(der, NULL, DYNAMIC_TYPE_DCERT); 6132 #endif 6133 6134 if (ret == 1) { 6135 return WOLFSSL_SUCCESS; 6136 } 6137 else { 6138 return WOLFSSL_FAILURE; 6139 } 6140 #else 6141 WOLFSSL_MSG("NO_CERTS is defined, can not check private key"); 6142 return WOLFSSL_FAILURE; 6143 #endif 6144 } 6264 6145 6265 6146 #ifdef HAVE_CRL … … 6473 6354 6474 6355 6475 #ifdef WOLFSSL_CERT_GEN6476 6477 /* load pem cert from file into der buffer, return der size or error */6478 int wolfSSL_PemCertToDer(const char* fileName, unsigned char* derBuf, int derSz)6479 {6480 #ifdef WOLFSSL_SMALL_STACK6481 EncryptedInfo* info = NULL;6482 byte staticBuffer[1]; /* force XMALLOC */6483 #else6484 EncryptedInfo info[1];6485 byte staticBuffer[FILE_BUFFER_SIZE];6486 #endif6487 byte* fileBuf = staticBuffer;6488 int dynamic = 0;6489 int ret = 0;6490 int ecc = 0;6491 long sz = 0;6492 XFILE file = XFOPEN(fileName, "rb");6493 DerBuffer* converted = NULL;6494 6495 WOLFSSL_ENTER("wolfSSL_PemCertToDer");6496 6497 if (file == XBADFILE) {6498 ret = WOLFSSL_BAD_FILE;6499 }6500 else {6501 XFSEEK(file, 0, XSEEK_END);6502 sz = XFTELL(file);6503 XREWIND(file);6504 6505 if (sz <= 0) {6506 ret = WOLFSSL_BAD_FILE;6507 }6508 else if (sz > (long)sizeof(staticBuffer)) {6509 #ifdef WOLFSSL_STATIC_MEMORY6510 WOLFSSL_MSG("File was larger then static buffer");6511 return MEMORY_E;6512 #endif6513 fileBuf = (byte*)XMALLOC(sz, 0, DYNAMIC_TYPE_FILE);6514 if (fileBuf == NULL)6515 ret = MEMORY_E;6516 else6517 dynamic = 1;6518 }6519 6520 if (ret == 0) {6521 if ( (ret = (int)XFREAD(fileBuf, 1, sz, file)) != sz) {6522 ret = WOLFSSL_BAD_FILE;6523 }6524 else {6525 #ifdef WOLFSSL_SMALL_STACK6526 info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), NULL,6527 DYNAMIC_TYPE_ENCRYPTEDINFO);6528 if (info == NULL)6529 ret = MEMORY_E;6530 else6531 #endif6532 {6533 ret = PemToDer(fileBuf, sz, CA_TYPE, &converted,6534 0, info, &ecc);6535 #ifdef WOLFSSL_SMALL_STACK6536 XFREE(info, NULL, DYNAMIC_TYPE_ENCRYPTEDINFO);6537 #endif6538 }6539 }6540 6541 if (ret == 0) {6542 if (converted->length < (word32)derSz) {6543 XMEMCPY(derBuf, converted->buffer, converted->length);6544 ret = converted->length;6545 }6546 else6547 ret = BUFFER_E;6548 }6549 6550 FreeDer(&converted);6551 }6552 6553 XFCLOSE(file);6554 if (dynamic)6555 XFREE(fileBuf, 0, DYNAMIC_TYPE_FILE);6556 }6557 6558 return ret;6559 }6560 6561 #endif /* WOLFSSL_CERT_GEN */6562 6563 #ifdef WOLFSSL_CERT_EXT6564 #ifndef NO_FILESYSTEM6565 /* load pem public key from file into der buffer, return der size or error */6566 int wolfSSL_PemPubKeyToDer(const char* fileName,6567 unsigned char* derBuf, int derSz)6568 {6569 #ifdef WOLFSSL_SMALL_STACK6570 byte staticBuffer[1]; /* force XMALLOC */6571 #else6572 byte staticBuffer[FILE_BUFFER_SIZE];6573 #endif6574 byte* fileBuf = staticBuffer;6575 int dynamic = 0;6576 int ret = 0;6577 long sz = 0;6578 XFILE file = XFOPEN(fileName, "rb");6579 DerBuffer* converted = NULL;6580 6581 WOLFSSL_ENTER("wolfSSL_PemPubKeyToDer");6582 6583 if (file == XBADFILE) {6584 ret = WOLFSSL_BAD_FILE;6585 }6586 else {6587 XFSEEK(file, 0, XSEEK_END);6588 sz = XFTELL(file);6589 XREWIND(file);6590 6591 if (sz <= 0) {6592 ret = WOLFSSL_BAD_FILE;6593 }6594 else if (sz > (long)sizeof(staticBuffer)) {6595 #ifdef WOLFSSL_STATIC_MEMORY6596 WOLFSSL_MSG("File was larger then static buffer");6597 return MEMORY_E;6598 #endif6599 fileBuf = (byte*)XMALLOC(sz, 0, DYNAMIC_TYPE_FILE);6600 if (fileBuf == NULL)6601 ret = MEMORY_E;6602 else6603 dynamic = 1;6604 }6605 if (ret == 0) {6606 if ( (ret = (int)XFREAD(fileBuf, 1, sz, file)) != sz)6607 ret = WOLFSSL_BAD_FILE;6608 else6609 ret = PemToDer(fileBuf, sz, PUBLICKEY_TYPE, &converted,6610 0, NULL, NULL);6611 6612 if (ret == 0) {6613 if (converted->length < (word32)derSz) {6614 XMEMCPY(derBuf, converted->buffer, converted->length);6615 ret = converted->length;6616 }6617 else6618 ret = BUFFER_E;6619 }6620 6621 FreeDer(&converted);6622 }6623 6624 XFCLOSE(file);6625 if (dynamic)6626 XFREE(fileBuf, 0, DYNAMIC_TYPE_FILE);6627 }6628 6629 return ret;6630 }6631 #endif /* NO_FILESYSTEM */6632 6633 /* Return bytes written to buff or < 0 for error */6634 int wolfSSL_PubKeyPemToDer(const unsigned char* pem, int pemSz,6635 unsigned char* buff, int buffSz)6636 {6637 int ret;6638 DerBuffer* der = NULL;6639 6640 WOLFSSL_ENTER("wolfSSL_PubKeyPemToDer");6641 6642 if (pem == NULL || buff == NULL || buffSz <= 0) {6643 WOLFSSL_MSG("Bad pem der args");6644 return BAD_FUNC_ARG;6645 }6646 6647 ret = PemToDer(pem, pemSz, PUBLICKEY_TYPE, &der, NULL, NULL, NULL);6648 if (ret < 0) {6649 WOLFSSL_MSG("Bad Pem To Der");6650 }6651 else {6652 if (der->length <= (word32)buffSz) {6653 XMEMCPY(buff, der->buffer, der->length);6654 ret = der->length;6655 }6656 else {6657 WOLFSSL_MSG("Bad der length");6658 ret = BAD_FUNC_ARG;6659 }6660 }6661 6662 FreeDer(&der);6663 return ret;6664 }6665 6666 #endif /* WOLFSSL_CERT_EXT */6667 6356 6668 6357 int wolfSSL_CTX_use_certificate_file(WOLFSSL_CTX* ctx, const char* file, … … 6674 6363 6675 6364 return WOLFSSL_FAILURE; 6676 }6365 } 6677 6366 6678 6367 6679 6368 int wolfSSL_CTX_use_PrivateKey_file(WOLFSSL_CTX* ctx, const char* file, 6680 6369 int format) 6681 {6370 { 6682 6371 WOLFSSL_ENTER("wolfSSL_CTX_use_PrivateKey_file"); 6683 6372 if (ProcessFile(ctx, file, format, PRIVATEKEY_TYPE, NULL, 0, NULL) … … 6686 6375 6687 6376 return WOLFSSL_FAILURE; 6377 } 6378 6379 6380 /* Sets the max chain depth when verifying a certificate chain. Default depth 6381 * is set to MAX_CHAIN_DEPTH. 6382 * 6383 * ctx WOLFSSL_CTX structure to set depth in 6384 * depth max depth 6385 */ 6386 void wolfSSL_CTX_set_verify_depth(WOLFSSL_CTX *ctx, int depth) { 6387 WOLFSSL_ENTER("wolfSSL_CTX_set_verify_depth"); 6388 6389 if (ctx == NULL || depth < 0 || depth > MAX_CHAIN_DEPTH) { 6390 WOLFSSL_MSG("Bad depth argument, too large or less than 0"); 6391 return; 6392 } 6393 6394 ctx->verifyDepth = (byte)depth; 6688 6395 } 6689 6396 … … 6700 6407 return ssl->options.verifyDepth; 6701 6408 #endif 6702 }6409 } 6703 6410 6704 6411 … … 6708 6415 if(ctx == NULL) { 6709 6416 return BAD_FUNC_ARG; 6710 }6417 } 6711 6418 #ifndef OPENSSL_EXTRA 6712 6419 return MAX_CHAIN_DEPTH; 6713 6420 #else 6714 6421 return ctx->verifyDepth; 6715 #endif6716 }6422 #endif 6423 } 6717 6424 6718 6425 … … 6722 6429 WOLFSSL_ENTER("wolfSSL_CTX_use_certificate_chain_file"); 6723 6430 if (ProcessFile(ctx, file, WOLFSSL_FILETYPE_PEM,CERT_TYPE,NULL,1, NULL) 6431 == WOLFSSL_SUCCESS) 6432 return WOLFSSL_SUCCESS; 6433 6434 return WOLFSSL_FAILURE; 6435 } 6436 6437 6438 int wolfSSL_CTX_use_certificate_chain_file_format(WOLFSSL_CTX* ctx, 6439 const char* file, int format) 6440 { 6441 /* process up to MAX_CHAIN_DEPTH plus subject cert */ 6442 WOLFSSL_ENTER("wolfSSL_CTX_use_certificate_chain_file_format"); 6443 if (ProcessFile(ctx, file, format, CERT_TYPE, NULL, 1, NULL) 6724 6444 == WOLFSSL_SUCCESS) 6725 6445 return WOLFSSL_SUCCESS; … … 6751 6471 file = XFOPEN(fname, "rb"); 6752 6472 if (file == XBADFILE) return WOLFSSL_BAD_FILE; 6753 XFSEEK(file, 0, XSEEK_END); 6473 if(XFSEEK(file, 0, XSEEK_END) != 0) { 6474 XFCLOSE(file); 6475 return WOLFSSL_BAD_FILE; 6476 } 6754 6477 sz = XFTELL(file); 6755 6478 XREWIND(file); … … 6803 6526 #endif /* NO_DH */ 6804 6527 6528 #endif /* NO_FILESYSTEM */ 6529 6530 6531 #if defined(OPENSSL_EXTRA) || !defined(NO_PWDBASED) && \ 6532 (defined(OPENSSL_EXTRA_X509_SMALL) || defined(HAVE_WEBSERVER)) 6533 6534 static int wolfSSL_EVP_get_hashinfo(const WOLFSSL_EVP_MD* evp, 6535 int* pHash, int* pHashSz) 6536 { 6537 enum wc_HashType hash = WC_HASH_TYPE_NONE; 6538 int hashSz; 6539 6540 if (XSTRLEN(evp) < 3) { 6541 /* do not try comparing strings if size is too small */ 6542 return WOLFSSL_FAILURE; 6543 } 6544 6545 if (XSTRNCMP("SHA", evp, 3) == 0) { 6546 if (XSTRLEN(evp) > 3) { 6547 #ifndef NO_SHA256 6548 if (XSTRNCMP("SHA256", evp, 6) == 0) { 6549 hash = WC_HASH_TYPE_SHA256; 6550 } 6551 else 6552 #endif 6553 #ifdef WOLFSSL_SHA384 6554 if (XSTRNCMP("SHA384", evp, 6) == 0) { 6555 hash = WC_HASH_TYPE_SHA384; 6556 } 6557 else 6558 #endif 6559 #ifdef WOLFSSL_SHA512 6560 if (XSTRNCMP("SHA512", evp, 6) == 0) { 6561 hash = WC_HASH_TYPE_SHA512; 6562 } 6563 else 6564 #endif 6565 { 6566 WOLFSSL_MSG("Unknown SHA hash"); 6567 } 6568 } 6569 else { 6570 hash = WC_HASH_TYPE_SHA; 6571 } 6572 } 6573 #ifdef WOLFSSL_MD2 6574 else if (XSTRNCMP("MD2", evp, 3) == 0) { 6575 hash = WC_HASH_TYPE_MD2; 6576 } 6577 #endif 6578 #ifndef NO_MD4 6579 else if (XSTRNCMP("MD4", evp, 3) == 0) { 6580 hash = WC_HASH_TYPE_MD4; 6581 } 6582 #endif 6583 #ifndef NO_MD5 6584 else if (XSTRNCMP("MD5", evp, 3) == 0) { 6585 hash = WC_HASH_TYPE_MD5; 6586 } 6587 #endif 6588 6589 if (pHash) 6590 *pHash = hash; 6591 6592 hashSz = wc_HashGetDigestSize(hash); 6593 if (pHashSz) 6594 *pHashSz = hashSz; 6595 6596 if (hashSz < 0) { 6597 return WOLFSSL_FAILURE; 6598 } 6599 6600 return WOLFSSL_SUCCESS; 6601 } 6602 6603 #endif 6604 6805 6605 6806 6606 #ifdef OPENSSL_EXTRA 6807 6607 /* put SSL type in extra for now, not very common */ 6808 6608 6809 WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey(int type, WOLFSSL_EVP_PKEY** out, 6810 const unsigned char **in, long inSz) 6811 { 6812 WOLFSSL_EVP_PKEY* local; 6813 6814 WOLFSSL_ENTER("wolfSSL_d2i_PrivateKey"); 6609 /* Converts a DER format key read from "bio" to a PKCS8 structure. 6610 * 6611 * bio input bio to read DER from 6612 * pkey If not NULL then this pointer will be overwritten with a new PKCS8 6613 * structure. 6614 * 6615 * returns a WOLFSSL_PKCS8_PRIV_KEY_INFO pointer on success and NULL in fail 6616 * case. 6617 */ 6618 WOLFSSL_PKCS8_PRIV_KEY_INFO* wolfSSL_d2i_PKCS8_PKEY_bio(WOLFSSL_BIO* bio, 6619 WOLFSSL_PKCS8_PRIV_KEY_INFO** pkey) 6620 { 6621 WOLFSSL_PKCS8_PRIV_KEY_INFO* pkcs8 = NULL; 6622 #ifdef WOLFSSL_PEM_TO_DER 6623 unsigned char* mem; 6624 int memSz; 6625 int keySz; 6626 word32 algId; 6627 6628 WOLFSSL_MSG("wolfSSL_d2i_PKCS8_PKEY_bio()"); 6629 6630 if (bio == NULL) { 6631 return NULL; 6632 } 6633 6634 if ((memSz = wolfSSL_BIO_get_mem_data(bio, &mem)) < 0) { 6635 return NULL; 6636 } 6637 6638 if ((keySz = wc_KeyPemToDer(mem, memSz, mem, memSz, NULL)) < 0) { 6639 WOLFSSL_MSG("Not PEM format"); 6640 keySz = memSz; 6641 if ((keySz = ToTraditional_ex((byte*)mem, (word32)keySz, &algId)) < 0) { 6642 return NULL; 6643 } 6644 } 6645 6646 pkcs8 = wolfSSL_PKEY_new(); 6647 if (pkcs8 == NULL) { 6648 return NULL; 6649 } 6650 6651 pkcs8->pkey.ptr = (char*)XMALLOC(keySz, NULL, DYNAMIC_TYPE_PUBLIC_KEY); 6652 if (pkcs8->pkey.ptr == NULL) { 6653 wolfSSL_EVP_PKEY_free(pkcs8); 6654 return NULL; 6655 } 6656 XMEMCPY(pkcs8->pkey.ptr, mem, keySz); 6657 pkcs8->pkey_sz = keySz; 6658 6659 if (pkey != NULL) { 6660 *pkey = pkcs8; 6661 } 6662 #else 6663 (void)bio; 6664 (void)pkey; 6665 #endif /* WOLFSSL_PEM_TO_DER */ 6666 6667 return pkcs8; 6668 } 6669 6670 6671 /* expecting DER format public key 6672 * 6673 * bio input bio to read DER from 6674 * out If not NULL then this pointer will be overwritten with a new 6675 * WOLFSSL_EVP_PKEY pointer 6676 * 6677 * returns a WOLFSSL_EVP_PKEY pointer on success and NULL in fail case. 6678 */ 6679 WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY_bio(WOLFSSL_BIO* bio, 6680 WOLFSSL_EVP_PKEY** out) 6681 { 6682 unsigned char* mem; 6683 long memSz; 6684 WOLFSSL_EVP_PKEY* pkey = NULL; 6685 6686 WOLFSSL_ENTER("wolfSSL_d2i_PUBKEY_bio()"); 6687 6688 if (bio == NULL) { 6689 return NULL; 6690 } 6691 (void)out; 6692 6693 memSz = wolfSSL_BIO_pending(bio); 6694 if (memSz <= 0) { 6695 return NULL; 6696 } 6697 6698 mem = (unsigned char*)XMALLOC(memSz, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); 6699 if (mem == NULL) { 6700 return NULL; 6701 } 6702 6703 if (wolfSSL_BIO_read(bio, mem, (int)memSz) == memSz) { 6704 pkey = wolfSSL_d2i_PUBKEY(NULL, &mem, memSz); 6705 if (out != NULL && pkey != NULL) { 6706 *out = pkey; 6707 } 6708 } 6709 6710 XFREE(mem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); 6711 return pkey; 6712 } 6713 6714 6715 6716 /* Converts a DER encoded public key to a WOLFSSL_EVP_PKEY structure. 6717 * 6718 * out pointer to new WOLFSSL_EVP_PKEY structure. Can be NULL 6719 * in DER buffer to convert 6720 * inSz size of in buffer 6721 * 6722 * returns a pointer to a new WOLFSSL_EVP_PKEY structure on success and NULL 6723 * on fail 6724 */ 6725 WOLFSSL_EVP_PKEY* wolfSSL_d2i_PUBKEY(WOLFSSL_EVP_PKEY** out, unsigned char** in, 6726 long inSz) 6727 { 6728 WOLFSSL_EVP_PKEY* pkey = NULL; 6729 const unsigned char* mem; 6730 long memSz = inSz; 6731 6732 WOLFSSL_ENTER("wolfSSL_d2i_PUBKEY"); 6815 6733 6816 6734 if (in == NULL || inSz < 0) { 6817 6735 WOLFSSL_MSG("Bad argument"); 6818 6736 return NULL; 6819 } 6820 6737 } 6738 mem = *in; 6739 6740 #if !defined(NO_RSA) 6741 { 6742 RsaKey rsa; 6743 word32 keyIdx = 0; 6744 6745 /* test if RSA key */ 6746 if (wc_InitRsaKey(&rsa, NULL) == 0 && 6747 wc_RsaPublicKeyDecode(mem, &keyIdx, &rsa, (word32)memSz) == 0) { 6748 wc_FreeRsaKey(&rsa); 6749 pkey = wolfSSL_PKEY_new(); 6750 if (pkey != NULL) { 6751 pkey->pkey_sz = keyIdx; 6752 pkey->pkey.ptr = (char*)XMALLOC(memSz, NULL, 6753 DYNAMIC_TYPE_PUBLIC_KEY); 6754 if (pkey->pkey.ptr == NULL) { 6755 wolfSSL_EVP_PKEY_free(pkey); 6756 return NULL; 6757 } 6758 XMEMCPY(pkey->pkey.ptr, mem, keyIdx); 6759 pkey->type = EVP_PKEY_RSA; 6760 if (out != NULL) { 6761 *out = pkey; 6762 } 6763 6764 pkey->ownRsa = 1; 6765 pkey->rsa = wolfSSL_RSA_new(); 6766 if (pkey->rsa == NULL) { 6767 wolfSSL_EVP_PKEY_free(pkey); 6768 return NULL; 6769 } 6770 6771 if (wolfSSL_RSA_LoadDer_ex(pkey->rsa, 6772 (const unsigned char*)pkey->pkey.ptr, 6773 pkey->pkey_sz, WOLFSSL_RSA_LOAD_PUBLIC) != 1) { 6774 wolfSSL_EVP_PKEY_free(pkey); 6775 return NULL; 6776 } 6777 6778 return pkey; 6779 } 6780 } 6781 wc_FreeRsaKey(&rsa); 6782 } 6783 #endif /* NO_RSA */ 6784 6785 #ifdef HAVE_ECC 6786 { 6787 word32 keyIdx = 0; 6788 ecc_key ecc; 6789 6790 if (wc_ecc_init(&ecc) == 0 && 6791 wc_EccPublicKeyDecode(mem, &keyIdx, &ecc, (word32)memSz) == 0) { 6792 wc_ecc_free(&ecc); 6793 pkey = wolfSSL_PKEY_new(); 6794 if (pkey != NULL) { 6795 pkey->pkey_sz = keyIdx; 6796 pkey->pkey.ptr = (char*)XMALLOC(keyIdx, NULL, 6797 DYNAMIC_TYPE_PUBLIC_KEY); 6798 if (pkey->pkey.ptr == NULL) { 6799 wolfSSL_EVP_PKEY_free(pkey); 6800 return NULL; 6801 } 6802 XMEMCPY(pkey->pkey.ptr, mem, keyIdx); 6803 pkey->type = EVP_PKEY_EC; 6804 if (out != NULL) { 6805 *out = pkey; 6806 } 6807 6808 pkey->ownEcc = 1; 6809 pkey->ecc = wolfSSL_EC_KEY_new(); 6810 if (pkey->ecc == NULL) { 6811 wolfSSL_EVP_PKEY_free(pkey); 6812 return NULL; 6813 } 6814 6815 if (wolfSSL_EC_KEY_LoadDer_ex(pkey->ecc, 6816 (const unsigned char*)pkey->pkey.ptr, 6817 pkey->pkey_sz, WOLFSSL_EC_KEY_LOAD_PUBLIC) != 1) { 6818 wolfSSL_EVP_PKEY_free(pkey); 6819 return NULL; 6820 } 6821 6822 return pkey; 6823 } 6824 } 6825 wc_ecc_free(&ecc); 6826 } 6827 #endif /* HAVE_ECC */ 6828 6829 return pkey; 6830 6831 } 6832 6833 6834 /* Reads in a DER format key. If PKCS8 headers are found they are stripped off. 6835 * 6836 * type type of key 6837 * out newly created WOLFSSL_EVP_PKEY structure 6838 * in pointer to input key DER 6839 * inSz size of in buffer 6840 * 6841 * On success a non null pointer is returned and the pointer in is advanced the 6842 * same number of bytes read. 6843 */ 6844 WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey(int type, WOLFSSL_EVP_PKEY** out, 6845 const unsigned char **in, long inSz) 6846 { 6847 WOLFSSL_EVP_PKEY* local; 6848 word32 idx = 0; 6849 int ret; 6850 word32 algId; 6851 6852 WOLFSSL_ENTER("wolfSSL_d2i_PrivateKey"); 6853 6854 if (in == NULL || inSz < 0) { 6855 WOLFSSL_MSG("Bad argument"); 6856 return NULL; 6857 } 6858 6859 /* Check if input buffer has PKCS8 header. In the case that it does not 6860 * have a PKCS8 header then do not error out. */ 6861 if ((ret = ToTraditionalInline_ex((const byte*)(*in), &idx, (word32)inSz, 6862 &algId)) > 0) { 6863 WOLFSSL_MSG("Found and removed PKCS8 header"); 6864 } 6865 else { 6866 if (ret != ASN_PARSE_E) { 6867 WOLFSSL_MSG("Unexpected error with trying to remove PKCS8 header"); 6868 return NULL; 6869 } 6870 } 6871 6872 if (out != NULL && *out != NULL) { 6873 wolfSSL_EVP_PKEY_free(*out); 6874 *out = NULL; 6875 } 6821 6876 local = wolfSSL_PKEY_new(); 6822 6877 if (local == NULL) { 6823 6878 return NULL; 6824 } 6879 } 6880 6881 /* sanity check on idx before use */ 6882 if ((int)idx > inSz) { 6883 WOLFSSL_MSG("Issue with index pointer"); 6884 wolfSSL_EVP_PKEY_free(local); 6885 local = NULL; 6886 return NULL; 6887 } 6825 6888 6826 6889 local->type = type; 6827 local->pkey_sz = (int)inSz ;6828 local->pkey.ptr = (char*)XMALLOC(inSz , NULL, DYNAMIC_TYPE_PUBLIC_KEY);6890 local->pkey_sz = (int)inSz - idx; 6891 local->pkey.ptr = (char*)XMALLOC(inSz - idx, NULL, DYNAMIC_TYPE_PUBLIC_KEY); 6829 6892 if (local->pkey.ptr == NULL) { 6830 6893 wolfSSL_EVP_PKEY_free(local); 6831 6894 local = NULL; 6832 } 6833 else { 6834 XMEMCPY(local->pkey.ptr, *in, inSz); 6835 } 6836 6837 if (out != NULL) { 6838 *out = local; 6839 } 6895 return NULL; 6896 } 6897 else { 6898 XMEMCPY(local->pkey.ptr, *in + idx, inSz - idx); 6899 } 6900 6901 switch (type) { 6902 #ifndef NO_RSA 6903 case EVP_PKEY_RSA: 6904 local->ownRsa = 1; 6905 local->rsa = wolfSSL_RSA_new(); 6906 if (local->rsa == NULL) { 6907 wolfSSL_EVP_PKEY_free(local); 6908 return NULL; 6909 } 6910 if (wolfSSL_RSA_LoadDer_ex(local->rsa, 6911 (const unsigned char*)local->pkey.ptr, local->pkey_sz, 6912 WOLFSSL_RSA_LOAD_PRIVATE) != SSL_SUCCESS) { 6913 wolfSSL_EVP_PKEY_free(local); 6914 return NULL; 6915 } 6916 break; 6917 #endif /* NO_RSA */ 6918 #ifdef HAVE_ECC 6919 case EVP_PKEY_EC: 6920 local->ownEcc = 1; 6921 local->ecc = wolfSSL_EC_KEY_new(); 6922 if (local->ecc == NULL) { 6923 wolfSSL_EVP_PKEY_free(local); 6924 return NULL; 6925 } 6926 if (wolfSSL_EC_KEY_LoadDer(local->ecc, 6927 (const unsigned char*)local->pkey.ptr, local->pkey_sz) 6928 != SSL_SUCCESS) { 6929 wolfSSL_EVP_PKEY_free(local); 6930 return NULL; 6931 } 6932 break; 6933 #endif /* HAVE_ECC */ 6934 6935 default: 6936 WOLFSSL_MSG("Unsupported key type"); 6937 wolfSSL_EVP_PKEY_free(local); 6938 return NULL; 6939 } 6940 6941 /* advance pointer with success */ 6942 if (local != NULL) { 6943 if ((idx + local->pkey_sz) <= (word32)inSz) { 6944 *in = *in + idx + local->pkey_sz; 6945 } 6946 6947 if (out != NULL) { 6948 *out = local; 6949 } 6950 } 6840 6951 6841 6952 return local; 6842 }6843 6844 6953 } 6954 6955 #ifndef NO_WOLFSSL_STUB 6845 6956 long wolfSSL_ctrl(WOLFSSL* ssl, int cmd, long opt, void* pt) 6846 6957 { 6847 WOLFSSL_STUB(" wolfSSL_ctrl");6958 WOLFSSL_STUB("SSL_ctrl"); 6848 6959 (void)ssl; 6849 6960 (void)cmd; … … 6852 6963 return WOLFSSL_FAILURE; 6853 6964 } 6854 6855 6965 #endif 6966 6967 #ifndef NO_WOLFSSL_STUB 6856 6968 long wolfSSL_CTX_ctrl(WOLFSSL_CTX* ctx, int cmd, long opt, void* pt) 6857 6969 { 6858 WOLFSSL_STUB(" wolfSSL_CTX_ctrl");6970 WOLFSSL_STUB("SSL_CTX_ctrl"); 6859 6971 (void)ctx; 6860 6972 (void)cmd; … … 6863 6975 return WOLFSSL_FAILURE; 6864 6976 } 6977 #endif 6865 6978 6866 6979 #ifndef NO_CERTS 6980 6867 6981 int wolfSSL_check_private_key(const WOLFSSL* ssl) 6868 6982 { … … 6879 6993 buff = ssl->buffers.certificate->buffer; 6880 6994 InitDecodedCert(&der, buff, size, ssl->heap); 6995 #ifdef HAVE_PK_CALLBACKS 6996 ret = InitSigPkCb((WOLFSSL*)ssl, &der.sigCtx); 6997 if (ret != 0) { 6998 FreeDecodedCert(&der); 6999 return ret; 7000 } 7001 #endif 7002 6881 7003 if (ParseCertRelative(&der, CERT_TYPE, NO_VERIFY, NULL) != 0) { 6882 7004 FreeDecodedCert(&der); … … 6920 7042 if (c != NULL) { 6921 7043 *c = -1; /* default to not found */ 6922 }7044 } 6923 7045 6924 7046 sk = (WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)*)XMALLOC( … … 6926 7048 if (sk == NULL) { 6927 7049 return NULL; 6928 }7050 } 6929 7051 XMEMSET(sk, 0, sizeof(WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT))); 6930 7052 … … 6933 7055 if (x509->basicConstSet) { 6934 7056 obj = wolfSSL_ASN1_OBJECT_new(); 7057 if (obj == NULL) { 7058 WOLFSSL_MSG("Issue creating WOLFSSL_ASN1_OBJECT struct"); 7059 wolfSSL_sk_ASN1_OBJECT_free(sk); 7060 return NULL; 7061 } 6935 7062 if (c != NULL) { 6936 7063 *c = x509->basicConstCrit; 6937 7064 } 6938 7065 obj->type = BASIC_CA_OID; 6939 } 6940 else { 7066 obj->grp = oidCertExtType; 7067 obj->dynamic |= WOLFSSL_ASN1_DYNAMIC; 7068 } 7069 else { 6941 7070 WOLFSSL_MSG("No Basic Constraint set"); 6942 7071 } 6943 7072 break; 6944 7073 6945 7074 case ALT_NAMES_OID: 6946 7075 { 6947 DNS_entry* dns ;7076 DNS_entry* dns = NULL; 6948 7077 6949 7078 if (x509->subjAltNameSet && x509->altNames != NULL) { … … 6952 7081 if (x509->altNames->next != NULL) { 6953 7082 *c = -2; /* more then one found */ 6954 6955 7083 } 7084 else { 6956 7085 *c = x509->subjAltNameCrit; 6957 6958 7086 } 7087 } 6959 7088 6960 7089 dns = x509->altNames; 6961 7090 while (dns != NULL) { 6962 7091 obj = wolfSSL_ASN1_OBJECT_new(); 6963 obj->type = ALT_NAMES_OID; 7092 if (obj == NULL) { 7093 WOLFSSL_MSG("Issue creating WOLFSSL_ASN1_OBJECT struct"); 7094 wolfSSL_sk_ASN1_OBJECT_free(sk); 7095 return NULL; 7096 } 7097 obj->type = dns->type; 7098 obj->grp = oidCertExtType; 6964 7099 obj->obj = (byte*)dns->name; 7100 obj->dynamic |= WOLFSSL_ASN1_DYNAMIC; 7101 obj->dynamic &= ~WOLFSSL_ASN1_DYNAMIC_DATA ; 7102 7103 /* set app derefrenced pointers */ 7104 obj->d.ia5_internal.data = dns->name; 7105 obj->d.ia5_internal.length = (int)XSTRLEN(dns->name); 6965 7106 dns = dns->next; 6966 7107 /* last dns in list add at end of function */ … … 6972 7113 wolfSSL_sk_ASN1_OBJECT_free(sk); 6973 7114 sk = NULL; 6974 6975 6976 6977 7115 } 7116 } 7117 } 7118 } 6978 7119 else { 6979 7120 WOLFSSL_MSG("No Alt Names set"); 6980 6981 7121 } 7122 } 6982 7123 break; 6983 7124 … … 6986 7127 if (c != NULL) { 6987 7128 *c = x509->CRLdistCrit; 6988 7129 } 6989 7130 obj = wolfSSL_ASN1_OBJECT_new(); 7131 if (obj == NULL) { 7132 WOLFSSL_MSG("Issue creating WOLFSSL_ASN1_OBJECT struct"); 7133 wolfSSL_sk_ASN1_OBJECT_free(sk); 7134 return NULL; 7135 } 6990 7136 obj->type = CRL_DIST_OID; 7137 obj->grp = oidCertExtType; 6991 7138 obj->obj = x509->CRLInfo; 6992 7139 obj->objSz = x509->CRLInfoSz; 6993 } 7140 obj->dynamic |= WOLFSSL_ASN1_DYNAMIC; 7141 obj->dynamic &= ~WOLFSSL_ASN1_DYNAMIC_DATA ; 7142 } 6994 7143 else { 6995 7144 WOLFSSL_MSG("No CRL dist set"); 6996 7145 } 6997 7146 break; 6998 7147 … … 7003 7152 } 7004 7153 obj = wolfSSL_ASN1_OBJECT_new(); 7154 if (obj == NULL) { 7155 WOLFSSL_MSG("Issue creating WOLFSSL_ASN1_OBJECT struct"); 7156 wolfSSL_sk_ASN1_OBJECT_free(sk); 7157 return NULL; 7158 } 7005 7159 obj->type = AUTH_INFO_OID; 7160 obj->grp = oidCertExtType; 7006 7161 obj->obj = x509->authInfo; 7007 7162 obj->objSz = x509->authInfoSz; 7163 obj->dynamic |= WOLFSSL_ASN1_DYNAMIC; 7164 obj->dynamic &= ~WOLFSSL_ASN1_DYNAMIC_DATA; 7008 7165 } 7009 7166 else { … … 7018 7175 } 7019 7176 obj = wolfSSL_ASN1_OBJECT_new(); 7177 if (obj == NULL) { 7178 WOLFSSL_MSG("Issue creating WOLFSSL_ASN1_OBJECT struct"); 7179 wolfSSL_sk_ASN1_OBJECT_free(sk); 7180 return NULL; 7181 } 7020 7182 obj->type = AUTH_KEY_OID; 7183 obj->grp = oidCertExtType; 7021 7184 obj->obj = x509->authKeyId; 7022 7185 obj->objSz = x509->authKeyIdSz; 7186 obj->dynamic |= WOLFSSL_ASN1_DYNAMIC; 7187 obj->dynamic &= ~WOLFSSL_ASN1_DYNAMIC_DATA; 7023 7188 } 7024 7189 else { … … 7033 7198 } 7034 7199 obj = wolfSSL_ASN1_OBJECT_new(); 7200 if (obj == NULL) { 7201 WOLFSSL_MSG("Issue creating WOLFSSL_ASN1_OBJECT struct"); 7202 wolfSSL_sk_ASN1_OBJECT_free(sk); 7203 return NULL; 7204 } 7035 7205 obj->type = SUBJ_KEY_OID; 7206 obj->grp = oidCertExtType; 7036 7207 obj->obj = x509->subjKeyId; 7037 7208 obj->objSz = x509->subjKeyIdSz; 7209 obj->dynamic |= WOLFSSL_ASN1_DYNAMIC; 7210 obj->dynamic &= ~WOLFSSL_ASN1_DYNAMIC_DATA; 7038 7211 } 7039 7212 else { … … 7044 7217 case CERT_POLICY_OID: 7045 7218 #ifdef WOLFSSL_CERT_EXT 7046 7219 { 7047 7220 int i; 7048 7221 … … 7055 7228 *c = 0; 7056 7229 } 7057 7230 } 7058 7231 7059 7232 for (i = 0; i < x509->certPoliciesNb - 1; i++) { 7060 7233 obj = wolfSSL_ASN1_OBJECT_new(); 7234 if (obj == NULL) { 7235 WOLFSSL_MSG("Issue creating WOLFSSL_ASN1_OBJECT struct"); 7236 wolfSSL_sk_ASN1_OBJECT_free(sk); 7237 return NULL; 7238 } 7061 7239 obj->type = CERT_POLICY_OID; 7240 obj->grp = oidCertExtType; 7062 7241 obj->obj = (byte*)(x509->certPolicies[i]); 7063 7242 obj->objSz = MAX_CERTPOL_SZ; 7243 obj->dynamic |= WOLFSSL_ASN1_DYNAMIC; 7244 obj->dynamic &= ~WOLFSSL_ASN1_DYNAMIC_DATA; 7064 7245 if (wolfSSL_sk_ASN1_OBJECT_push(sk, obj) 7065 7246 != WOLFSSL_SUCCESS) { … … 7071 7252 } 7072 7253 obj = wolfSSL_ASN1_OBJECT_new(); 7254 if (obj == NULL) { 7255 WOLFSSL_MSG("Issue creating WOLFSSL_ASN1_OBJECT struct"); 7256 wolfSSL_sk_ASN1_OBJECT_free(sk); 7257 return NULL; 7258 } 7073 7259 obj->type = CERT_POLICY_OID; 7260 obj->grp = oidCertExtType; 7074 7261 obj->obj = (byte*)(x509->certPolicies[i]); 7075 7262 obj->objSz = MAX_CERTPOL_SZ; 7263 obj->dynamic |= WOLFSSL_ASN1_DYNAMIC; 7264 obj->dynamic &= ~WOLFSSL_ASN1_DYNAMIC_DATA; 7076 7265 } 7077 7266 else { … … 7086 7275 } 7087 7276 obj = wolfSSL_ASN1_OBJECT_new(); 7277 if (obj == NULL) { 7278 WOLFSSL_MSG("Issue creating WOLFSSL_ASN1_OBJECT struct"); 7279 wolfSSL_sk_ASN1_OBJECT_free(sk); 7280 return NULL; 7281 } 7088 7282 obj->type = CERT_POLICY_OID; 7283 obj->grp = oidCertExtType; 7284 obj->dynamic |= WOLFSSL_ASN1_DYNAMIC; 7089 7285 } 7090 7286 else { … … 7103 7299 } 7104 7300 obj = wolfSSL_ASN1_OBJECT_new(); 7301 if (obj == NULL) { 7302 WOLFSSL_MSG("Issue creating WOLFSSL_ASN1_OBJECT struct"); 7303 wolfSSL_sk_ASN1_OBJECT_free(sk); 7304 return NULL; 7305 } 7105 7306 obj->type = KEY_USAGE_OID; 7307 obj->grp = oidCertExtType; 7106 7308 obj->obj = (byte*)&(x509->keyUsage); 7107 7309 obj->objSz = sizeof(word16); 7310 obj->dynamic |= WOLFSSL_ASN1_DYNAMIC; 7311 obj->dynamic &= ~WOLFSSL_ASN1_DYNAMIC_DATA; 7108 7312 } 7109 7313 else { … … 7127 7331 } 7128 7332 obj = wolfSSL_ASN1_OBJECT_new(); 7333 if (obj == NULL) { 7334 WOLFSSL_MSG("Issue creating WOLFSSL_ASN1_OBJECT struct"); 7335 wolfSSL_sk_ASN1_OBJECT_free(sk); 7336 return NULL; 7337 } 7129 7338 obj->type = EXT_KEY_USAGE_OID; 7339 obj->grp = oidCertExtType; 7130 7340 obj->obj = x509->extKeyUsageSrc; 7131 7341 obj->objSz = x509->extKeyUsageSz; 7342 obj->dynamic |= WOLFSSL_ASN1_DYNAMIC; 7343 obj->dynamic &= ~WOLFSSL_ASN1_DYNAMIC_DATA; 7132 7344 } 7133 7345 else { 7134 7346 WOLFSSL_MSG("No Extended Key Usage set"); 7135 7347 } 7136 7348 break; 7137 7349 … … 7166 7378 default: 7167 7379 WOLFSSL_MSG("Unsupported/Unknown extension OID"); 7168 7380 } 7169 7381 7170 7382 if (obj != NULL) { … … 7192 7404 WOLFSSL_ENGINE* eng) 7193 7405 { 7194 enum wc_HashType hash = WC_HASH_TYPE_NONE; 7195 int hashSz; 7196 7197 if (XSTRLEN(evp) < 3) { 7198 /* do not try comparing strings if size is too small */ 7406 int err; 7407 int hashType = WC_HASH_TYPE_NONE; 7408 int hashSz; 7409 7410 (void)eng; 7411 7412 err = wolfSSL_EVP_get_hashinfo(evp, &hashType, &hashSz); 7413 if (err != WOLFSSL_SUCCESS) 7414 return err; 7415 7416 *outSz = hashSz; 7417 7418 if (wc_Hash((enum wc_HashType)hashType, in, inSz, out, *outSz) != 0) { 7199 7419 return WOLFSSL_FAILURE; 7200 } 7201 7202 if (XSTRNCMP("SHA", evp, 3) == 0) { 7203 if (XSTRLEN(evp) > 3) { 7204 if (XSTRNCMP("SHA256", evp, 6) == 0) { 7205 hash = WC_HASH_TYPE_SHA256; 7206 } 7207 else if (XSTRNCMP("SHA384", evp, 6) == 0) { 7208 hash = WC_HASH_TYPE_SHA384; 7209 } 7210 else if (XSTRNCMP("SHA512", evp, 6) == 0) { 7211 hash = WC_HASH_TYPE_SHA512; 7212 } 7213 else { 7214 WOLFSSL_MSG("Unknown SHA hash"); 7215 } 7216 } 7217 else { 7218 hash = WC_HASH_TYPE_SHA; 7219 } 7220 } 7221 else if (XSTRNCMP("MD2", evp, 3) == 0) { 7222 hash = WC_HASH_TYPE_MD2; 7223 } 7224 else if (XSTRNCMP("MD4", evp, 3) == 0) { 7225 hash = WC_HASH_TYPE_MD4; 7226 } 7227 else if (XSTRNCMP("MD5", evp, 3) == 0) { 7228 hash = WC_HASH_TYPE_MD5; 7229 } 7230 7231 hashSz = wc_HashGetDigestSize(hash); 7232 if (hashSz < 0) { 7233 WOLFSSL_LEAVE("wolfSSL_EVP_Digest", hashSz); 7234 return WOLFSSL_FAILURE; 7235 } 7236 *outSz = hashSz; 7237 7238 (void)eng; 7239 if (wc_Hash(hash, in, inSz, out, *outSz) == 0) { 7240 return WOLFSSL_SUCCESS; 7241 } 7242 else { 7243 return WOLFSSL_FAILURE; 7244 } 7420 } 7421 7422 return WOLFSSL_SUCCESS; 7245 7423 } 7246 7424 … … 7297 7475 #endif 7298 7476 7299 int wolfSSL_use_certificate_ASN1(WOLFSSL* ssl, unsigned char* der, int derSz)7300 {7301 long idx;7302 7303 WOLFSSL_ENTER("wolfSSL_use_certificate_ASN1");7304 if (der != NULL && ssl != NULL) {7305 if (ProcessBuffer(NULL, der, derSz, WOLFSSL_FILETYPE_ASN1, CERT_TYPE, ssl,7306 &idx, 0) == WOLFSSL_SUCCESS)7307 return WOLFSSL_SUCCESS;7308 }7309 7310 (void)idx;7311 return WOLFSSL_FAILURE;7312 }7313 7314 7315 7477 int wolfSSL_use_certificate(WOLFSSL* ssl, WOLFSSL_X509* x509) 7316 7478 { … … 7320 7482 if (x509 != NULL && ssl != NULL && x509->derCert != NULL) { 7321 7483 if (ProcessBuffer(NULL, x509->derCert->buffer, x509->derCert->length, 7322 WOLFSSL_FILETYPE_ASN1, CERT_TYPE, ssl, &idx, 0) == WOLFSSL_SUCCESS)7484 WOLFSSL_FILETYPE_ASN1, CERT_TYPE, ssl, &idx, 0) == WOLFSSL_SUCCESS) { 7323 7485 return WOLFSSL_SUCCESS; 7486 } 7324 7487 } 7325 7488 … … 7327 7490 return WOLFSSL_FAILURE; 7328 7491 } 7492 7329 7493 #endif /* NO_CERTS */ 7330 7494 7495 #endif /* OPENSSL_EXTRA */ 7496 7497 #ifndef NO_CERTS 7498 int wolfSSL_use_certificate_ASN1(WOLFSSL* ssl, unsigned char* der, int derSz) 7499 { 7500 long idx; 7501 7502 WOLFSSL_ENTER("wolfSSL_use_certificate_ASN1"); 7503 if (der != NULL && ssl != NULL) { 7504 if (ProcessBuffer(NULL, der, derSz, WOLFSSL_FILETYPE_ASN1, CERT_TYPE, 7505 ssl, &idx, 0) == WOLFSSL_SUCCESS) { 7506 return WOLFSSL_SUCCESS; 7507 } 7508 } 7509 7510 (void)idx; 7511 return WOLFSSL_FAILURE; 7512 } 7513 7514 #ifndef NO_FILESYSTEM 7331 7515 7332 7516 int wolfSSL_use_certificate_file(WOLFSSL* ssl, const char* file, int format) … … 7363 7547 } 7364 7548 7549 int wolfSSL_use_certificate_chain_file_format(WOLFSSL* ssl, const char* file, 7550 int format) 7551 { 7552 /* process up to MAX_CHAIN_DEPTH plus subject cert */ 7553 WOLFSSL_ENTER("wolfSSL_use_certificate_chain_file_format"); 7554 if (ProcessFile(ssl->ctx, file, format, CERT_TYPE, ssl, 1, 7555 NULL) == WOLFSSL_SUCCESS) 7556 return WOLFSSL_SUCCESS; 7557 7558 return WOLFSSL_FAILURE; 7559 } 7560 7561 #endif /* !NO_FILESYSTEM */ 7562 #endif /* !NO_CERTS */ 7365 7563 7366 7564 #ifdef HAVE_ECC … … 7369 7567 int wolfSSL_CTX_SetTmpEC_DHE_Sz(WOLFSSL_CTX* ctx, word16 sz) 7370 7568 { 7371 if (ctx == NULL || sz < ECC_MINSIZE || sz > ECC_MAXSIZE) 7569 if (ctx == NULL) 7570 return BAD_FUNC_ARG; 7571 7572 if (sz == 0) { 7573 /* applies only to ECDSA */ 7574 if (ctx->privateKeyType != ecc_dsa_sa_algo) 7575 return WOLFSSL_SUCCESS; 7576 7577 if (ctx->privateKeySz == 0) { 7578 WOLFSSL_MSG("Must set private key/cert first"); 7579 return BAD_FUNC_ARG; 7580 } 7581 7582 sz = (word16)ctx->privateKeySz; 7583 } 7584 7585 /* check size */ 7586 if (sz < ECC_MINSIZE || sz > ECC_MAXSIZE) 7372 7587 return BAD_FUNC_ARG; 7373 7588 … … 7392 7607 7393 7608 7394 7395 7609 #ifdef OPENSSL_EXTRA 7610 7611 #ifndef NO_FILESYSTEM 7396 7612 int wolfSSL_CTX_use_RSAPrivateKey_file(WOLFSSL_CTX* ctx,const char* file, 7397 7613 int format) … … 7409 7625 return wolfSSL_use_PrivateKey_file(ssl, file, format); 7410 7626 } 7627 #endif /* NO_FILESYSTEM */ 7411 7628 7412 7629 … … 7453 7670 #endif /* OPENSSL_EXTRA */ 7454 7671 7672 #ifndef NO_FILESYSTEM 7455 7673 #ifdef HAVE_NTRU 7456 7674 … … 7479 7697 { 7480 7698 WOLFSSL_ENTER("wolfSSL_CTX_set_verify"); 7699 if (ctx == NULL) 7700 return; 7701 7481 7702 if (mode & WOLFSSL_VERIFY_PEER) { 7482 7703 ctx->verifyPeer = 1; … … 7504 7725 { 7505 7726 WOLFSSL_ENTER("wolfSSL_set_verify"); 7727 if (ssl == NULL) 7728 return; 7729 7506 7730 if (mode & WOLFSSL_VERIFY_PEER) { 7507 7731 ssl->options.verifyPeer = 1; … … 8036 8260 8037 8261 /* Return memory needed to persist this signer, have lock */ 8038 static INLINE int GetSignerMemory(Signer* signer)8262 static WC_INLINE int GetSignerMemory(Signer* signer) 8039 8263 { 8040 8264 int sz = sizeof(signer->pubKeySize) + sizeof(signer->keyOID) … … 8054 8278 8055 8279 /* Return memory needed to persist this row, have lock */ 8056 static INLINE int GetCertCacheRowMemory(Signer* row)8280 static WC_INLINE int GetCertCacheRowMemory(Signer* row) 8057 8281 { 8058 8282 int sz = 0; … … 8068 8292 8069 8293 /* get the size of persist cert cache, have lock */ 8070 static INLINE int GetCertCacheMemSize(WOLFSSL_CERT_MANAGER* cm)8294 static WC_INLINE int GetCertCacheMemSize(WOLFSSL_CERT_MANAGER* cm) 8071 8295 { 8072 8296 int sz; … … 8083 8307 8084 8308 /* Store cert cache header columns with number of items per list, have lock */ 8085 static INLINE void SetCertHeaderColumns(WOLFSSL_CERT_MANAGER* cm, int* columns)8309 static WC_INLINE void SetCertHeaderColumns(WOLFSSL_CERT_MANAGER* cm, int* columns) 8086 8310 { 8087 8311 int i; … … 8103 8327 /* Restore whole cert row from memory, have lock, return bytes consumed, 8104 8328 < 0 on error, have lock */ 8105 static INLINE int RestoreCertRow(WOLFSSL_CERT_MANAGER* cm, byte* current,8329 static WC_INLINE int RestoreCertRow(WOLFSSL_CERT_MANAGER* cm, byte* current, 8106 8330 int row, int listSz, const byte* end) 8107 8331 { … … 8115 8339 while (listSz) { 8116 8340 Signer* signer; 8341 byte* publicKey; 8117 8342 byte* start = current + idx; /* for end checks on this signer */ 8118 8343 int minSz = sizeof(signer->pubKeySize) + sizeof(signer->keyOID) + … … 8144 8369 return BUFFER_E; 8145 8370 } 8146 signer->publicKey = (byte*)XMALLOC(signer->pubKeySize, cm->heap,8371 publicKey = (byte*)XMALLOC(signer->pubKeySize, cm->heap, 8147 8372 DYNAMIC_TYPE_KEY); 8148 if ( signer->publicKey == NULL) {8373 if (publicKey == NULL) { 8149 8374 FreeSigner(signer, cm->heap); 8150 8375 return MEMORY_E; 8151 8376 } 8152 8377 8153 XMEMCPY(signer->publicKey, current + idx, signer->pubKeySize); 8378 XMEMCPY(publicKey, current + idx, signer->pubKeySize); 8379 signer->publicKey = publicKey; 8154 8380 idx += signer->pubKeySize; 8155 8381 … … 8195 8421 8196 8422 /* Store whole cert row into memory, have lock, return bytes added */ 8197 static INLINE int StoreCertRow(WOLFSSL_CERT_MANAGER* cm, byte* current, int row)8423 static WC_INLINE int StoreCertRow(WOLFSSL_CERT_MANAGER* cm, byte* current, int row) 8198 8424 { 8199 8425 int added = 0; … … 8232 8458 8233 8459 /* Persist cert cache to memory, have lock */ 8234 static INLINE int DoMemSaveCertCache(WOLFSSL_CERT_MANAGER* cm,8460 static WC_INLINE int DoMemSaveCertCache(WOLFSSL_CERT_MANAGER* cm, 8235 8461 void* mem, int sz) 8236 8462 { … … 8331 8557 } 8332 8558 8333 XFSEEK(file, 0, XSEEK_END); 8559 if(XFSEEK(file, 0, XSEEK_END) != 0) { 8560 XFCLOSE(file); 8561 return WOLFSSL_BAD_FILE; 8562 } 8334 8563 memSz = (int)XFTELL(file); 8335 8564 XREWIND(file); … … 8464 8693 WOLFSSL_ENTER("wolfSSL_CTX_set_cipher_list"); 8465 8694 8695 if (ctx == NULL) 8696 return WOLFSSL_FAILURE; 8697 8466 8698 /* alloc/init on demand only */ 8467 8699 if (ctx->suites == NULL) { … … 8486 8718 8487 8719 8720 int wolfSSL_dtls_get_using_nonblock(WOLFSSL* ssl) 8721 { 8722 int useNb = 0; 8723 8724 if (ssl == NULL) 8725 return WOLFSSL_FAILURE; 8726 8727 WOLFSSL_ENTER("wolfSSL_dtls_get_using_nonblock"); 8728 if (ssl->options.dtls) { 8729 #ifdef WOLFSSL_DTLS 8730 useNb = ssl->options.dtlsUseNonblock; 8731 #endif 8732 } 8733 else { 8734 WOLFSSL_MSG("wolfSSL_dtls_get_using_nonblock() is " 8735 "DEPRECATED for non-DTLS use."); 8736 } 8737 return useNb; 8738 } 8739 8740 8488 8741 #ifndef WOLFSSL_LEANPSK 8742 8743 void wolfSSL_dtls_set_using_nonblock(WOLFSSL* ssl, int nonblock) 8744 { 8745 (void)nonblock; 8746 8747 WOLFSSL_ENTER("wolfSSL_dtls_set_using_nonblock"); 8748 8749 if (ssl == NULL) 8750 return; 8751 8752 if (ssl->options.dtls) { 8489 8753 #ifdef WOLFSSL_DTLS 8754 ssl->options.dtlsUseNonblock = (nonblock != 0); 8755 #endif 8756 } 8757 else { 8758 WOLFSSL_MSG("wolfSSL_dtls_set_using_nonblock() is " 8759 "DEPRECATED for non-DTLS use."); 8760 } 8761 } 8762 8763 8764 #ifdef WOLFSSL_DTLS 8490 8765 8491 8766 int wolfSSL_dtls_get_current_timeout(WOLFSSL* ssl) 8492 8767 { 8493 (void)ssl; 8494 8495 return ssl->dtls_timeout; 8768 int timeout = 0; 8769 if (ssl) 8770 timeout = ssl->dtls_timeout; 8771 return timeout; 8496 8772 } 8497 8773 … … 8535 8811 { 8536 8812 int result = WOLFSSL_SUCCESS; 8813 8814 if (ssl == NULL) 8815 return WOLFSSL_FATAL_ERROR; 8537 8816 8538 8817 if (!ssl->options.handShakeDone && … … 8608 8887 #endif /* WOLFSSL_DTLS && !NO_WOLFSSL_SERVER */ 8609 8888 8610 #ifdef OPENSSL_EXTRA 8611 WOLFSSL_METHOD* wolfSSLv23_method(void) { 8612 WOLFSSL_METHOD* m; 8613 WOLFSSL_ENTER("wolfSSLv23_method"); 8614 #ifndef NO_WOLFSSL_CLIENT 8615 m = wolfSSLv23_client_method(); 8616 #else 8617 m = wolfSSLv23_server_method(); 8889 8890 /* EITHER SIDE METHODS */ 8891 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE) 8892 WOLFSSL_METHOD* wolfSSLv23_method(void) 8893 { 8894 return wolfSSLv23_method_ex(NULL); 8895 } 8896 WOLFSSL_METHOD* wolfSSLv23_method_ex(void* heap) 8897 { 8898 WOLFSSL_METHOD* m = NULL; 8899 WOLFSSL_ENTER("SSLv23_method"); 8900 #if !defined(NO_WOLFSSL_CLIENT) 8901 m = wolfSSLv23_client_method_ex(heap); 8902 #elif !defined(NO_WOLFSSL_SERVER) 8903 m = wolfSSLv23_server_method_ex(heap); 8618 8904 #endif 8619 8905 if (m != NULL) { … … 8623 8909 return m; 8624 8910 } 8625 #endif /* OPENSSL_EXTRA */8911 #endif /* OPENSSL_EXTRA || WOLFSSL_EITHER_SIDE */ 8626 8912 8627 8913 /* client only parts */ 8628 8914 #ifndef NO_WOLFSSL_CLIENT 8629 8915 8630 #if defined(WOLFSSL_ALLOW_SSLV3) && !defined(NO_OLD_TLS) 8916 #ifdef OPENSSL_EXTRA 8917 WOLFSSL_METHOD* wolfSSLv2_client_method(void) 8918 { 8919 WOLFSSL_STUB("wolfSSLv2_client_method"); 8920 return NULL; 8921 } 8922 #endif 8923 8924 #ifdef WOLFSSL_ALLOW_SSLV3 8631 8925 WOLFSSL_METHOD* wolfSSLv3_client_method(void) 8632 { 8633 WOLFSSL_ENTER("SSLv3_client_method"); 8926 { 8634 8927 return wolfSSLv3_client_method_ex(NULL); 8635 } 8636 #endif 8637 8638 #ifdef WOLFSSL_DTLS 8639 8640 #ifndef NO_OLD_TLS 8641 WOLFSSL_METHOD* wolfDTLSv1_client_method(void) 8642 { 8643 WOLFSSL_ENTER("DTLSv1_client_method"); 8644 return wolfDTLSv1_client_method_ex(NULL); 8645 } 8646 #endif /* NO_OLD_TLS */ 8647 8648 WOLFSSL_METHOD* wolfDTLSv1_2_client_method(void) 8649 { 8650 WOLFSSL_ENTER("DTLSv1_2_client_method"); 8651 return wolfDTLSv1_2_client_method_ex(NULL); 8652 } 8653 #endif 8654 8655 #if defined(WOLFSSL_ALLOW_SSLV3) && !defined(NO_OLD_TLS) 8928 } 8656 8929 WOLFSSL_METHOD* wolfSSLv3_client_method_ex(void* heap) 8657 8930 { … … 8659 8932 (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), 8660 8933 heap, DYNAMIC_TYPE_METHOD); 8934 (void)heap; 8661 8935 WOLFSSL_ENTER("SSLv3_client_method_ex"); 8662 8936 if (method) … … 8664 8938 return method; 8665 8939 } 8666 #endif 8667 8668 #ifdef WOLFSSL_DTLS 8669 8670 #ifndef NO_OLD_TLS 8671 WOLFSSL_METHOD* wolfDTLSv1_client_method_ex(void* heap) 8940 #endif /* WOLFSSL_ALLOW_SSLV3 */ 8941 8942 8943 WOLFSSL_METHOD* wolfSSLv23_client_method(void) 8944 { 8945 return wolfSSLv23_client_method_ex(NULL); 8946 } 8947 WOLFSSL_METHOD* wolfSSLv23_client_method_ex(void* heap) 8672 8948 { 8673 8949 WOLFSSL_METHOD* method = 8674 8950 (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), 8675 8951 heap, DYNAMIC_TYPE_METHOD); 8676 WOLFSSL_ENTER("DTLSv1_client_method_ex"); 8677 if (method) 8678 InitSSL_Method(method, MakeDTLSv1()); 8952 (void)heap; 8953 WOLFSSL_ENTER("SSLv23_client_method_ex"); 8954 if (method) { 8955 #if !defined(NO_SHA256) || defined(WOLFSSL_SHA384) || defined(WOLFSSL_SHA512) 8956 #if defined(WOLFSSL_TLS13) 8957 InitSSL_Method(method, MakeTLSv1_3()); 8958 #elif !defined(WOLFSSL_NO_TLS12) 8959 InitSSL_Method(method, MakeTLSv1_2()); 8960 #elif !defined(NO_OLD_TLS) 8961 InitSSL_Method(method, MakeTLSv1_1()); 8962 #endif 8963 #else 8964 #ifndef NO_OLD_TLS 8965 InitSSL_Method(method, MakeTLSv1_1()); 8966 #endif 8967 #endif 8968 #if !defined(NO_OLD_TLS) || defined(WOLFSSL_TLS13) 8969 method->downgrade = 1; 8970 #endif 8971 } 8679 8972 return method; 8680 8973 } 8681 #endif /* NO_OLD_TLS */ 8682 8683 WOLFSSL_METHOD* wolfDTLSv1_2_client_method_ex(void* heap) 8684 { 8685 WOLFSSL_METHOD* method = 8686 (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), 8687 heap, DYNAMIC_TYPE_METHOD); 8688 WOLFSSL_ENTER("DTLSv1_2_client_method_ex"); 8689 if (method) 8690 InitSSL_Method(method, MakeDTLSv1_2()); 8691 (void)heap; 8692 return method; 8693 } 8694 #endif 8695 8974 8975 8976 #if defined(WOLFSSL_DTLS) || !defined(WOLFSSL_NO_TLS12) || !defined(NO_OLD_TLS) || \ 8977 defined(WOLFSSL_ALLOW_SSLV3) 8696 8978 /* If SCTP is not enabled returns the state of the dtls option. 8697 8979 * If SCTP is enabled returns dtls && !sctp. */ 8698 static INLINE int IsDtlsNotSctpMode(WOLFSSL* ssl)8980 static WC_INLINE int IsDtlsNotSctpMode(WOLFSSL* ssl) 8699 8981 { 8700 8982 int result = ssl->options.dtls; … … 8708 8990 return result; 8709 8991 } 8992 #endif /* WOLFSSL_DTLS || !WOLFSSL_NO_TLS12 || !NO_OLD_TLS */ 8710 8993 8711 8994 … … 8713 8996 int wolfSSL_connect(WOLFSSL* ssl) 8714 8997 { 8998 #if !(defined(WOLFSSL_NO_TLS12) && defined(NO_OLD_TLS) && defined(WOLFSSL_TLS13)) 8715 8999 int neededState; 9000 #endif 8716 9001 8717 9002 WOLFSSL_ENTER("SSL_connect()"); … … 8724 9009 return BAD_FUNC_ARG; 8725 9010 8726 if (ssl->options.side != WOLFSSL_CLIENT_END) { 8727 WOLFSSL_ERROR(ssl->error = SIDE_ERROR); 9011 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE) 9012 if (ssl->options.side == WOLFSSL_NEITHER_END) { 9013 ssl->error = InitSSL_Side(ssl, WOLFSSL_CLIENT_END); 9014 if (ssl->error != WOLFSSL_SUCCESS) { 9015 WOLFSSL_ERROR(ssl->error); 8728 9016 return WOLFSSL_FATAL_ERROR; 8729 9017 } 8730 9018 ssl->error = 0; /* expected to be zero here */ 9019 } 9020 9021 #ifdef OPENSSL_EXTRA 9022 if (ssl->CBIS != NULL) { 9023 ssl->CBIS(ssl, SSL_ST_CONNECT, SSL_SUCCESS); 9024 ssl->cbmode = SSL_CB_WRITE; 9025 } 9026 #endif 9027 #endif /* OPENSSL_EXTRA || WOLFSSL_EITHER_SIDE */ 9028 9029 #if defined(WOLFSSL_NO_TLS12) && defined(NO_OLD_TLS) && defined(WOLFSSL_TLS13) 9030 return wolfSSL_connect_TLSv13(ssl); 9031 #else 8731 9032 #ifdef WOLFSSL_TLS13 8732 9033 if (ssl->options.tls1_3) 8733 9034 return wolfSSL_connect_TLSv13(ssl); 8734 9035 #endif 9036 9037 if (ssl->options.side != WOLFSSL_CLIENT_END) { 9038 WOLFSSL_ERROR(ssl->error = SIDE_ERROR); 9039 return WOLFSSL_FATAL_ERROR; 9040 } 8735 9041 8736 9042 #ifdef WOLFSSL_DTLS … … 8763 9069 } 8764 9070 8765 #ifdef WOLFSSL_TLS138766 if (ssl->options.tls1_3)8767 return wolfSSL_connect_TLSv13(ssl);8768 #endif8769 8770 9071 switch (ssl->options.connectState) { 8771 9072 … … 8792 9093 /* get response */ 8793 9094 while (ssl->options.serverState < neededState) { 9095 #ifdef WOLFSSL_TLS13 9096 if (ssl->options.tls1_3) 9097 return wolfSSL_connect_TLSv13(ssl); 9098 #endif 8794 9099 if ( (ssl->error = ProcessReply(ssl)) < 0) { 8795 9100 WOLFSSL_ERROR(ssl->error); … … 8850 9155 } 8851 9156 /* if resumption failed, reset needed state */ 8852 else if (neededState == SERVER_FINISHED_COMPLETE)9157 if (neededState == SERVER_FINISHED_COMPLETE) { 8853 9158 if (!ssl->options.resuming) 8854 9159 neededState = SERVER_HELLODONE_COMPLETE; 8855 9160 } 8856 9161 } 9162 } 8857 9163 #endif 8858 9164 … … 8862 9168 8863 9169 case FIRST_REPLY_DONE : 9170 #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_CLIENT_AUTH) 8864 9171 #ifdef WOLFSSL_TLS13 8865 9172 if (ssl->options.tls1_3) 8866 9173 return wolfSSL_connect_TLSv13(ssl); 8867 9174 #endif 8868 #ifndef NO_CERTS8869 9175 if (ssl->options.sendVerify) { 8870 9176 if ( (ssl->error = SendCertificate(ssl)) != 0) { … … 8898 9204 8899 9205 case FIRST_REPLY_SECOND : 8900 #if ndef NO_CERTS9206 #if !defined(NO_CERTS) && !defined(WOLFSSL_NO_CLIENT_AUTH) 8901 9207 if (ssl->options.sendVerify) { 8902 9208 if ( (ssl->error = SendCertificateVerify(ssl)) != 0) { … … 8906 9212 WOLFSSL_MSG("sent: certificate verify"); 8907 9213 } 8908 #endif 9214 #endif /* !NO_CERTS && !WOLFSSL_NO_CLIENT_AUTH */ 8909 9215 ssl->options.connectState = FIRST_REPLY_THIRD; 8910 9216 WOLFSSL_MSG("connect state: FIRST_REPLY_THIRD"); … … 8973 9279 return WOLFSSL_FATAL_ERROR; /* unknown connect state */ 8974 9280 } 9281 #endif /* !WOLFSSL_NO_TLS12 */ 8975 9282 } 8976 9283 … … 8981 9288 #ifndef NO_WOLFSSL_SERVER 8982 9289 8983 #if defined(WOLFSSL_ALLOW_SSLV3) && !defined(NO_OLD_TLS) 9290 #ifdef OPENSSL_EXTRA 9291 WOLFSSL_METHOD* wolfSSLv2_server_method(void) 9292 { 9293 WOLFSSL_STUB("wolfSSLv2_server_method"); 9294 return 0; 9295 } 9296 #endif 9297 9298 #ifdef WOLFSSL_ALLOW_SSLV3 8984 9299 WOLFSSL_METHOD* wolfSSLv3_server_method(void) 8985 { 8986 WOLFSSL_ENTER("SSLv3_server_method"); 9300 { 8987 9301 return wolfSSLv3_server_method_ex(NULL); 8988 } 8989 #endif 8990 8991 8992 #ifdef WOLFSSL_DTLS 8993 8994 #ifndef NO_OLD_TLS 8995 WOLFSSL_METHOD* wolfDTLSv1_server_method(void) 8996 { 8997 WOLFSSL_ENTER("DTLSv1_server_method"); 8998 return wolfDTLSv1_server_method_ex(NULL); 8999 } 9000 #endif /* NO_OLD_TLS */ 9001 9002 WOLFSSL_METHOD* wolfDTLSv1_2_server_method(void) 9003 { 9004 WOLFSSL_ENTER("DTLSv1_2_server_method"); 9005 return wolfDTLSv1_2_server_method_ex(NULL); 9006 } 9007 #endif 9008 9009 #if defined(WOLFSSL_ALLOW_SSLV3) && !defined(NO_OLD_TLS) 9302 } 9010 9303 WOLFSSL_METHOD* wolfSSLv3_server_method_ex(void* heap) 9011 9304 { … … 9013 9306 (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), 9014 9307 heap, DYNAMIC_TYPE_METHOD); 9308 (void)heap; 9015 9309 WOLFSSL_ENTER("SSLv3_server_method_ex"); 9016 9310 if (method) { … … 9020 9314 return method; 9021 9315 } 9022 #endif 9023 9024 9025 #ifdef WOLFSSL_DTLS 9026 9027 #ifndef NO_OLD_TLS 9028 WOLFSSL_METHOD* wolfDTLSv1_server_method_ex(void* heap) 9316 #endif /* WOLFSSL_ALLOW_SSLV3 */ 9317 9318 WOLFSSL_METHOD* wolfSSLv23_server_method(void) 9319 { 9320 return wolfSSLv23_server_method_ex(NULL); 9321 } 9322 9323 WOLFSSL_METHOD* wolfSSLv23_server_method_ex(void* heap) 9029 9324 { 9030 9325 WOLFSSL_METHOD* method = 9031 9326 (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD), 9032 9327 heap, DYNAMIC_TYPE_METHOD); 9033 WOLFSSL_ENTER("DTLSv1_server_method_ex"); 9328 (void)heap; 9329 WOLFSSL_ENTER("SSLv23_server_method_ex"); 9034 9330 if (method) { 9035 InitSSL_Method(method, MakeDTLSv1()); 9331 #if !defined(NO_SHA256) || defined(WOLFSSL_SHA384) || defined(WOLFSSL_SHA512) 9332 #ifdef WOLFSSL_TLS13 9333 InitSSL_Method(method, MakeTLSv1_3()); 9334 #elif !defined(WOLFSSL_NO_TLS12) 9335 InitSSL_Method(method, MakeTLSv1_2()); 9336 #elif !defined(NO_OLD_TLS) 9337 InitSSL_Method(method, MakeTLSv1_1()); 9338 #endif 9339 #else 9340 #ifndef NO_OLD_TLS 9341 InitSSL_Method(method, MakeTLSv1_1()); 9342 #else 9343 #error Must have SHA256, SHA384 or SHA512 enabled for TLS 1.2 9344 #endif 9345 #endif 9346 #if !defined(NO_OLD_TLS) || defined(WOLFSSL_TLS13) 9347 method->downgrade = 1; 9348 #endif 9036 9349 method->side = WOLFSSL_SERVER_END; 9037 9350 } 9038 9351 return method; 9039 9352 } 9040 #endif /* NO_OLD_TLS */9041 9042 WOLFSSL_METHOD* wolfDTLSv1_2_server_method_ex(void* heap)9043 {9044 WOLFSSL_METHOD* method =9045 (WOLFSSL_METHOD*) XMALLOC(sizeof(WOLFSSL_METHOD),9046 heap, DYNAMIC_TYPE_METHOD);9047 WOLFSSL_ENTER("DTLSv1_2_server_method_ex");9048 if (method) {9049 InitSSL_Method(method, MakeDTLSv1_2());9050 method->side = WOLFSSL_SERVER_END;9051 }9052 (void)heap;9053 return method;9054 }9055 #endif9056 9353 9057 9354 9058 9355 int wolfSSL_accept(WOLFSSL* ssl) 9059 9356 { 9357 #if !(defined(WOLFSSL_NO_TLS12) && defined(NO_OLD_TLS) && defined(WOLFSSL_TLS13)) 9060 9358 word16 havePSK = 0; 9061 9359 word16 haveAnon = 0; 9062 9360 word16 haveMcast = 0; 9063 9361 #endif 9362 9363 if (ssl == NULL) 9364 return WOLFSSL_FATAL_ERROR; 9365 9366 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE) 9367 if (ssl->options.side == WOLFSSL_NEITHER_END) { 9368 ssl->error = InitSSL_Side(ssl, WOLFSSL_SERVER_END); 9369 if (ssl->error != WOLFSSL_SUCCESS) { 9370 WOLFSSL_ERROR(ssl->error); 9371 return WOLFSSL_FATAL_ERROR; 9372 } 9373 ssl->error = 0; /* expected to be zero here */ 9374 } 9375 #endif /* OPENSSL_EXTRA || WOLFSSL_EITHER_SIDE */ 9376 9377 #if defined(WOLFSSL_NO_TLS12) && defined(NO_OLD_TLS) && defined(WOLFSSL_TLS13) 9378 return wolfSSL_accept_TLSv13(ssl); 9379 #else 9064 9380 #ifdef WOLFSSL_TLS13 9065 9381 if (ssl->options.tls1_3) … … 9094 9410 #ifndef NO_CERTS 9095 9411 /* in case used set_accept_state after init */ 9096 if (!havePSK && !haveAnon && !haveMcast && 9097 (!ssl->buffers.certificate || 9098 !ssl->buffers.certificate->buffer || 9099 !ssl->buffers.key || 9100 !ssl->buffers.key->buffer)) { 9101 WOLFSSL_MSG("accept error: don't have server cert and key"); 9102 ssl->error = NO_PRIVATE_KEY; 9103 WOLFSSL_ERROR(ssl->error); 9412 /* allow no private key if using PK callbacks and CB is set */ 9413 if (!havePSK && !haveAnon && !haveMcast) { 9414 if (!ssl->buffers.certificate || 9415 !ssl->buffers.certificate->buffer) { 9416 9417 WOLFSSL_MSG("accept error: server cert required"); 9418 WOLFSSL_ERROR(ssl->error = NO_PRIVATE_KEY); 9104 9419 return WOLFSSL_FATAL_ERROR; 9105 9420 } 9421 9422 #ifdef HAVE_PK_CALLBACKS 9423 if (wolfSSL_CTX_IsPrivatePkSet(ssl->ctx)) { 9424 WOLFSSL_MSG("Using PK for server private key"); 9425 } 9426 else 9427 #endif 9428 if (!ssl->buffers.key || !ssl->buffers.key->buffer) { 9429 WOLFSSL_MSG("accept error: server key required"); 9430 WOLFSSL_ERROR(ssl->error = NO_PRIVATE_KEY); 9431 return WOLFSSL_FATAL_ERROR; 9432 } 9433 } 9106 9434 #endif 9107 9435 … … 9150 9478 9151 9479 case ACCEPT_CLIENT_HELLO_DONE : 9152 if (ssl->options.serverState == SERVER_HELLO_RETRY_REQUEST) { 9153 if ((ssl->error = SendTls13HelloRetryRequest(ssl)) != 0) { 9154 WOLFSSL_ERROR(ssl->error); 9155 return WOLFSSL_FATAL_ERROR; 9156 } 9157 } 9158 ssl->options.acceptState = ACCEPT_HELLO_RETRY_REQUEST_DONE; 9159 WOLFSSL_MSG("accept state ACCEPT_HELLO_RETRY_REQUEST_DONE"); 9160 FALL_THROUGH; 9161 9162 case ACCEPT_HELLO_RETRY_REQUEST_DONE : 9163 if (ssl->options.serverState == SERVER_HELLO_RETRY_REQUEST) { 9164 if ( (ssl->error = ProcessReply(ssl)) < 0) { 9165 WOLFSSL_ERROR(ssl->error); 9166 return WOLFSSL_FATAL_ERROR; 9167 } 9480 if (ssl->options.tls1_3) { 9481 return wolfSSL_accept_TLSv13(ssl); 9168 9482 } 9169 9483 #endif … … 9173 9487 9174 9488 case ACCEPT_FIRST_REPLY_DONE : 9175 #ifdef WOLFSSL_TLS139176 if (ssl->options.tls1_3) {9177 return wolfSSL_accept_TLSv13(ssl);9178 }9179 #endif9180 9489 if ( (ssl->error = SendServerHello(ssl)) != 0) { 9181 9490 WOLFSSL_ERROR(ssl->error); … … 9351 9660 return WOLFSSL_FATAL_ERROR; 9352 9661 } 9662 #endif /* !WOLFSSL_NO_TLS12 */ 9353 9663 } 9354 9664 … … 9418 9728 9419 9729 /* some session IDs aren't random after all, let's make them random */ 9420 static INLINE word32 HashSession(const byte* sessionID, word32 len, int* error)9421 { 9422 byte digest[ MAX_DIGEST_SIZE];9730 static WC_INLINE word32 HashSession(const byte* sessionID, word32 len, int* error) 9731 { 9732 byte digest[WC_MAX_DIGEST_SIZE]; 9423 9733 9424 9734 #ifndef NO_MD5 … … 9562 9872 * restoreSessionCerts Restoring session certificates is required. 9563 9873 */ 9564 static INLINE void RestoreSession(WOLFSSL* ssl, WOLFSSL_SESSION* session,9874 static WC_INLINE void RestoreSession(WOLFSSL* ssl, WOLFSSL_SESSION* session, 9565 9875 byte* masterSecret, byte restoreSessionCerts) 9566 9876 { … … 9605 9915 #endif 9606 9916 9607 if ( ssl->arrays)9917 if (!ssl->options.tls1_3 && ssl->arrays != NULL) 9608 9918 id = ssl->arrays->sessionID; 9609 9919 else … … 9727 10037 copyInto->ticketSeen = copyFrom->ticketSeen; 9728 10038 copyInto->ticketAdd = copyFrom->ticketAdd; 10039 #ifndef WOLFSSL_TLS13_DRAFT_18 10040 XMEMCPY(©Into->ticketNonce, ©From->ticketNonce, 10041 sizeof(TicketNonce)); 10042 #endif 9729 10043 #ifdef WOLFSSL_EARLY_DATA 9730 10044 copyInto->maxEarlyDataSz = copyFrom->maxEarlyDataSz; … … 9790 10104 if (ssl->options.sessionCacheOff) 9791 10105 return WOLFSSL_FAILURE; 10106 10107 #ifdef OPENSSL_EXTRA 10108 /* check for application context id */ 10109 if (ssl->sessionCtxSz > 0) { 10110 if (XMEMCMP(ssl->sessionCtx, session->sessionCtx, ssl->sessionCtxSz)) { 10111 /* context id did not match! */ 10112 WOLFSSL_MSG("Session context did not match"); 10113 return SSL_FAILURE; 10114 } 10115 } 10116 #endif /* OPENSSL_EXTRA */ 9792 10117 9793 10118 if (LowResTimer() < (session->bornOn + session->timeout)) { … … 9867 10192 /* Use the session object in the cache for external cache if required. 9868 10193 */ 10194 #if defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET) 10195 if (ssl->options.tls1_3) { 10196 row = HashSession(ssl->session.sessionID, ID_LEN, &error) % 10197 SESSION_ROWS; 10198 } 10199 else 10200 #endif 10201 { 9869 10202 row = HashSession(ssl->arrays->sessionID, ID_LEN, &error) % 9870 10203 SESSION_ROWS; 10204 } 9871 10205 if (error != 0) { 9872 10206 WOLFSSL_MSG("Hash session failed"); … … 9896 10230 XMEMCPY(session->masterSecret, ssl->session.masterSecret, SECRET_LEN); 9897 10231 session->haveEMS = ssl->options.haveEMS; 10232 #if defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET) 10233 if (ssl->options.tls1_3) { 10234 XMEMCPY(session->sessionID, ssl->session.sessionID, ID_LEN); 10235 session->sessionIDSz = ID_LEN; 10236 } 10237 else 10238 #endif 10239 { 9898 10240 XMEMCPY(session->sessionID, ssl->arrays->sessionID, ID_LEN); 9899 10241 session->sessionIDSz = ssl->arrays->sessionIDSz; 10242 } 10243 10244 #ifdef OPENSSL_EXTRA 10245 /* If using compatibilty layer then check for and copy over session context 10246 * id. */ 10247 if (ssl->sessionCtxSz > 0 && ssl->sessionCtxSz < ID_LEN) { 10248 XMEMCPY(session->sessionCtx, ssl->sessionCtx, ssl->sessionCtxSz); 10249 } 10250 #endif 9900 10251 9901 10252 session->timeout = ssl->timeout; … … 9926 10277 9927 10278 if (error == 0) { 9928 session->ticketLen = ticLen;10279 session->ticketLen = (word16)ticLen; 9929 10280 XMEMCPY(session->ticket, ssl->session.ticket, ticLen); 9930 10281 } else { /* cleanup, reset state */ … … 9954 10305 } 9955 10306 #endif /* SESSION_CERTS || (WOLFSSL_TLS13 & HAVE_SESSION_TICKET) */ 10307 #if defined(WOLFSSL_TLS13) 10308 if (error == 0) { 10309 session->namedGroup = ssl->session.namedGroup; 10310 } 10311 #endif 9956 10312 #if defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET) 9957 10313 if (error == 0) { 9958 session->namedGroup = ssl->session.namedGroup;9959 10314 session->ticketSeen = ssl->session.ticketSeen; 9960 10315 session->ticketAdd = ssl->session.ticketAdd; 10316 #ifndef WOLFSSL_TLS13_DRAFT_18 10317 XMEMCPY(&session->ticketNonce, &ssl->session.ticketNonce, 10318 sizeof(TicketNonce)); 10319 #endif 9961 10320 #ifdef WOLFSSL_EARLY_DATA 9962 10321 session->maxEarlyDataSz = ssl->session.maxEarlyDataSz; … … 10285 10644 XFREE(ssl->buffers.domainName.buffer, ssl->heap, DYNAMIC_TYPE_DOMAIN); 10286 10645 10287 ssl->buffers.domainName.length = (word32)XSTRLEN(dn) + 1;10646 ssl->buffers.domainName.length = (word32)XSTRLEN(dn); 10288 10647 ssl->buffers.domainName.buffer = (byte*) XMALLOC( 10289 ssl->buffers.domainName.length, ssl->heap, DYNAMIC_TYPE_DOMAIN);10648 ssl->buffers.domainName.length + 1, ssl->heap, DYNAMIC_TYPE_DOMAIN); 10290 10649 10291 10650 if (ssl->buffers.domainName.buffer) { 10292 XSTRNCPY((char*)ssl->buffers.domainName.buffer, dn, 10293 ssl->buffers.domainName.length); 10651 unsigned char* domainName = ssl->buffers.domainName.buffer; 10652 XMEMCPY(domainName, dn, ssl->buffers.domainName.length); 10653 domainName[ssl->buffers.domainName.length] = '\0'; 10294 10654 return WOLFSSL_SUCCESS; 10295 10655 } … … 10552 10912 { 10553 10913 WOLFSSL_ENTER("SSL_CTX_set_psk_client_callback"); 10914 10915 if (ctx == NULL) 10916 return; 10917 10554 10918 ctx->havePSK = 1; 10555 10919 ctx->client_psk_cb = cb; … … 10563 10927 10564 10928 WOLFSSL_ENTER("SSL_set_psk_client_callback"); 10929 10930 if (ssl == NULL) 10931 return; 10932 10565 10933 ssl->options.havePSK = 1; 10566 10934 ssl->options.client_psk_cb = cb; … … 10583 10951 { 10584 10952 WOLFSSL_ENTER("SSL_CTX_set_psk_server_callback"); 10953 if (ctx == NULL) 10954 return; 10585 10955 ctx->havePSK = 1; 10586 10956 ctx->server_psk_cb = cb; … … 10594 10964 10595 10965 WOLFSSL_ENTER("SSL_set_psk_server_callback"); 10966 if (ssl == NULL) 10967 return; 10968 10596 10969 ssl->options.havePSK = 1; 10597 10970 ssl->options.server_psk_cb = cb; … … 10636 11009 WOLFSSL_ENTER("SSL_CTX_use_psk_identity_hint"); 10637 11010 if (hint == 0) 10638 ctx->server_hint[0] = 0;11011 ctx->server_hint[0] = '\0'; 10639 11012 else { 10640 11013 XSTRNCPY(ctx->server_hint, hint, sizeof(ctx->server_hint)); … … 10656 11029 else { 10657 11030 XSTRNCPY(ssl->arrays->server_hint, hint, 10658 sizeof(ssl->arrays->server_hint) );10659 ssl->arrays->server_hint[ MAX_PSK_ID_LEN] = '\0'; /* null term */11031 sizeof(ssl->arrays->server_hint)-1); 11032 ssl->arrays->server_hint[sizeof(ssl->arrays->server_hint)-1] = '\0'; 10660 11033 } 10661 11034 return WOLFSSL_SUCCESS; … … 10695 11068 else 10696 11069 return ProcessBuffer(ctx, in, sz, format, CA_TYPE, NULL,NULL,0); 11070 } 11071 11072 11073 int wolfSSL_CTX_load_verify_chain_buffer_format(WOLFSSL_CTX* ctx, 11074 const unsigned char* in, 11075 long sz, int format) 11076 { 11077 WOLFSSL_ENTER("wolfSSL_CTX_load_verify_chain_buffer_format"); 11078 if (format == WOLFSSL_FILETYPE_PEM) 11079 return ProcessChainBuffer(ctx, in, sz, format, CA_TYPE, NULL); 11080 else 11081 return ProcessBuffer(ctx, in, sz, format, CA_TYPE, NULL,NULL,1); 10697 11082 } 10698 11083 … … 10795 11180 else { 10796 11181 if (format == WOLFSSL_FILETYPE_PEM) { 11182 #ifdef WOLFSSL_PEM_TO_DER 10797 11183 FreeDer(&der); 10798 11184 ret = PemToDer(buf, sz, DH_PARAM_TYPE, &der, ctx->heap, … … 10805 11191 } 10806 11192 #endif 10807 #endif 11193 #endif /* WOLFSSL_WPAS */ 11194 #else 11195 ret = NOT_COMPILED_IN; 11196 #endif /* WOLFSSL_PEM_TO_DER */ 10808 11197 } 10809 11198 … … 10946 11335 10947 11336 10948 #if defined(OPENSSL_EXTRA) || defined(GOAHEAD_WS) 10949 11337 #ifdef OPENSSL_EXTRA 10950 11338 10951 11339 int wolfSSL_add_all_algorithms(void) … … 10958 11346 } 10959 11347 11348 int wolfSSL_OpenSSL_add_all_algorithms_noconf(void) 11349 { 11350 WOLFSSL_ENTER("wolfSSL_OpenSSL_add_all_algorithms_noconf"); 11351 11352 if (wolfSSL_add_all_algorithms() == WOLFSSL_FATAL_ERROR) 11353 return WOLFSSL_FATAL_ERROR; 11354 11355 return WOLFSSL_SUCCESS; 11356 } 10960 11357 10961 11358 /* returns previous set cache size which stays constant */ … … 10973 11370 } 10974 11371 10975 11372 #endif 11373 11374 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EXTRA) 10976 11375 void wolfSSL_CTX_set_quiet_shutdown(WOLFSSL_CTX* ctx, int mode) 10977 11376 { … … 10988 11387 ssl->options.quietShutdown = 1; 10989 11388 } 10990 10991 11389 #endif 11390 11391 #ifdef OPENSSL_EXTRA 10992 11392 void wolfSSL_set_bio(WOLFSSL* ssl, WOLFSSL_BIO* rd, WOLFSSL_BIO* wr) 10993 11393 { 10994 WOLFSSL_ENTER("SSL_set_bio"); 11394 WOLFSSL_ENTER("wolfSSL_set_bio"); 11395 11396 if (ssl == NULL) { 11397 WOLFSSL_MSG("Bad argument, ssl was NULL"); 11398 return; 11399 } 11400 11401 /* if WOLFSSL_BIO is socket type then set WOLFSSL socket to use */ 11402 if (rd != NULL && rd->type == WOLFSSL_BIO_SOCKET) { 10995 11403 wolfSSL_set_rfd(ssl, rd->fd); 11404 } 11405 if (wr != NULL && wr->type == WOLFSSL_BIO_SOCKET) { 10996 11406 wolfSSL_set_wfd(ssl, wr->fd); 11407 } 11408 11409 /* free any existing WOLFSSL_BIOs in use */ 11410 if (ssl->biord != NULL) { 11411 if (ssl->biord != ssl->biowr) { 11412 if (ssl->biowr != NULL) { 11413 wolfSSL_BIO_free(ssl->biowr); 11414 ssl->biowr = NULL; 11415 } 11416 } 11417 wolfSSL_BIO_free(ssl->biord); 11418 ssl->biord = NULL; 11419 } 11420 10997 11421 10998 11422 ssl->biord = rd; 10999 11423 ssl->biowr = wr; 11000 } 11001 11002 11424 11425 /* set SSL to use BIO callbacks instead */ 11426 if (((ssl->cbioFlag & WOLFSSL_CBIO_RECV) == 0) && 11427 (rd != NULL && rd->type != WOLFSSL_BIO_SOCKET)) { 11428 ssl->CBIORecv = BioReceive; 11429 } 11430 if (((ssl->cbioFlag & WOLFSSL_CBIO_SEND) == 0) && 11431 (wr != NULL && wr->type != WOLFSSL_BIO_SOCKET)) { 11432 ssl->CBIOSend = BioSend; 11433 } 11434 } 11435 #endif 11436 11437 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EXTRA) || defined(HAVE_WEBSERVER) 11003 11438 void wolfSSL_CTX_set_client_CA_list(WOLFSSL_CTX* ctx, 11004 11439 WOLF_STACK_OF(WOLFSSL_X509_NAME)* names) 11005 11440 { 11006 11441 WOLFSSL_ENTER("wolfSSL_SSL_CTX_set_client_CA_list"); 11007 11442 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EXTRA) 11008 11443 if (ctx != NULL) 11009 11444 ctx->ca_names = names; 11010 } 11011 11445 #else 11446 (void)ctx; 11447 (void)names; 11448 #endif 11449 } 11450 #endif 11451 11452 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EXTRA) 11012 11453 WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_SSL_CTX_get_client_CA_list( 11013 11454 const WOLFSSL_CTX *s) … … 11020 11461 return s->ca_names; 11021 11462 } 11022 11463 #endif 11464 11465 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) 11466 #if !defined(NO_RSA) && !defined(NO_CERTS) 11023 11467 WOLF_STACK_OF(WOLFSSL_X509_NAME)* wolfSSL_load_client_CA_file(const char* fname) 11024 11468 { 11469 /* The webserver build is using this to load a CA into the server 11470 * for client authentication as an option. Have this return NULL in 11471 * that case. If OPENSSL_EXTRA is enabled, go ahead and include 11472 * the function. */ 11473 #ifdef OPENSSL_EXTRA 11025 11474 WOLFSSL_STACK *list = NULL; 11026 11475 WOLFSSL_STACK *node; … … 11069 11518 wolfSSL_BIO_free(bio); 11070 11519 return list; 11071 } 11072 11073 11520 #else 11521 (void)fname; 11522 return NULL; 11523 #endif 11524 } 11525 #endif 11526 #endif 11527 11528 #ifdef OPENSSL_EXTRA 11529 #if !defined(NO_RSA) && !defined(NO_CERTS) 11530 int wolfSSL_CTX_add_client_CA(WOLFSSL_CTX* ctx, WOLFSSL_X509* x509) 11531 { 11532 WOLFSSL_STACK *node = NULL; 11533 WOLFSSL_X509_NAME *subjectName = NULL; 11534 11535 WOLFSSL_ENTER("wolfSSL_CTX_add_client_CA"); 11536 11537 if (ctx == NULL || x509 == NULL){ 11538 WOLFSSL_MSG("Bad argument"); 11539 return SSL_FAILURE; 11540 } 11541 11542 subjectName = wolfSSL_X509_get_subject_name(x509); 11543 if (subjectName == NULL){ 11544 WOLFSSL_MSG("invalid x509 data"); 11545 return SSL_FAILURE; 11546 } 11547 11548 /* Alloc stack struct */ 11549 node = (WOLF_STACK_OF(WOLFSSL_X509_NAME)*)XMALLOC( 11550 sizeof(WOLF_STACK_OF(WOLFSSL_X509_NAME)), 11551 NULL, DYNAMIC_TYPE_OPENSSL); 11552 if (node == NULL){ 11553 WOLFSSL_MSG("memory allocation error"); 11554 return SSL_FAILURE; 11555 } 11556 XMEMSET(node, 0, sizeof(WOLF_STACK_OF(WOLFSSL_X509_NAME))); 11557 11558 /* Alloc and copy WOLFSSL_X509_NAME */ 11559 node->data.name = (WOLFSSL_X509_NAME*)XMALLOC( 11560 sizeof(WOLFSSL_X509_NAME), 11561 NULL, DYNAMIC_TYPE_OPENSSL); 11562 if (node->data.name == NULL) { 11563 XFREE(node, NULL, DYNAMIC_TYPE_OPENSSL); 11564 WOLFSSL_MSG("memory allocation error"); 11565 return SSL_FAILURE; 11566 } 11567 XMEMCPY(node->data.name, subjectName, sizeof(WOLFSSL_X509_NAME)); 11568 XMEMSET(subjectName, 0, sizeof(WOLFSSL_X509_NAME)); 11569 11570 /* push new node onto head of stack */ 11571 node->num = (ctx->ca_names == NULL) ? 1 : ctx->ca_names->num + 1; 11572 node->next = ctx->ca_names; 11573 ctx->ca_names = node; 11574 return SSL_SUCCESS; 11575 } 11576 #endif 11577 11578 #ifndef NO_WOLFSSL_STUB 11074 11579 int wolfSSL_CTX_set_default_verify_paths(WOLFSSL_CTX* ctx) 11075 11580 { 11076 11581 /* TODO:, not needed in goahead */ 11077 11582 (void)ctx; 11078 return WOLFSSL_NOT_IMPLEMENTED; 11079 } 11080 11583 WOLFSSL_STUB("SSL_CTX_set_default_verify_paths"); 11584 return SSL_NOT_IMPLEMENTED; 11585 } 11586 #endif 11587 11588 #if defined(WOLFCRYPT_HAVE_SRP) && !defined(NO_SHA256) \ 11589 && !defined(WC_NO_RNG) 11590 static const byte srp_N[] = { 11591 0xEE, 0xAF, 0x0A, 0xB9, 0xAD, 0xB3, 0x8D, 0xD6, 0x9C, 0x33, 0xF8, 11592 0x0A, 0xFA, 0x8F, 0xC5, 0xE8, 0x60, 0x72, 0x61, 0x87, 0x75, 0xFF, 11593 0x3C, 0x0B, 0x9E, 0xA2, 0x31, 0x4C, 0x9C, 0x25, 0x65, 0x76, 0xD6, 11594 0x74, 0xDF, 0x74, 0x96, 0xEA, 0x81, 0xD3, 0x38, 0x3B, 0x48, 0x13, 11595 0xD6, 0x92, 0xC6, 0xE0, 0xE0, 0xD5, 0xD8, 0xE2, 0x50, 0xB9, 0x8B, 11596 0xE4, 0x8E, 0x49, 0x5C, 0x1D, 0x60, 0x89, 0xDA, 0xD1, 0x5D, 0xC7, 11597 0xD7, 0xB4, 0x61, 0x54, 0xD6, 0xB6, 0xCE, 0x8E, 0xF4, 0xAD, 0x69, 11598 0xB1, 0x5D, 0x49, 0x82, 0x55, 0x9B, 0x29, 0x7B, 0xCF, 0x18, 0x85, 11599 0xC5, 0x29, 0xF5, 0x66, 0x66, 0x0E, 0x57, 0xEC, 0x68, 0xED, 0xBC, 11600 0x3C, 0x05, 0x72, 0x6C, 0xC0, 0x2F, 0xD4, 0xCB, 0xF4, 0x97, 0x6E, 11601 0xAA, 0x9A, 0xFD, 0x51, 0x38, 0xFE, 0x83, 0x76, 0x43, 0x5B, 0x9F, 11602 0xC6, 0x1D, 0x2F, 0xC0, 0xEB, 0x06, 0xE3 11603 }; 11604 static const byte srp_g[] = { 11605 0x02 11606 }; 11607 11608 int wolfSSL_CTX_set_srp_username(WOLFSSL_CTX* ctx, char* username) 11609 { 11610 int r = 0; 11611 SrpSide srp_side = SRP_CLIENT_SIDE; 11612 WC_RNG rng; 11613 byte salt[SRP_SALT_SIZE]; 11614 11615 WOLFSSL_ENTER("wolfSSL_CTX_set_srp_username"); 11616 if (ctx == NULL || ctx->srp == NULL || username==NULL) 11617 return SSL_FAILURE; 11618 11619 if (ctx->method->side == WOLFSSL_SERVER_END){ 11620 srp_side = SRP_SERVER_SIDE; 11621 } else if (ctx->method->side == WOLFSSL_CLIENT_END){ 11622 srp_side = SRP_CLIENT_SIDE; 11623 } else { 11624 WOLFSSL_MSG("Init CTX failed"); 11625 return SSL_FAILURE; 11626 } 11627 11628 if (wc_SrpInit(ctx->srp, SRP_TYPE_SHA256, srp_side) < 0){ 11629 WOLFSSL_MSG("Init CTX failed"); 11630 XFREE(ctx->srp, ctx->heap, DYNAMIC_TYPE_SRP); 11631 wolfSSL_CTX_free(ctx); 11632 return SSL_FAILURE; 11633 } 11634 r = wc_SrpSetUsername(ctx->srp, (const byte*)username, 11635 (word32)XSTRLEN(username)); 11636 if (r < 0) { 11637 WOLFSSL_MSG("fail to set srp username."); 11638 return SSL_FAILURE; 11639 } 11640 11641 /* if wolfSSL_CTX_set_srp_password has already been called, */ 11642 /* execute wc_SrpSetPassword here */ 11643 if (ctx->srp_password != NULL){ 11644 if (wc_InitRng(&rng) < 0){ 11645 WOLFSSL_MSG("wc_InitRng failed"); 11646 return SSL_FAILURE; 11647 } 11648 XMEMSET(salt, 0, sizeof(salt)/sizeof(salt[0])); 11649 if (wc_RNG_GenerateBlock(&rng, salt, 11650 sizeof(salt)/sizeof(salt[0])) < 0){ 11651 WOLFSSL_MSG("wc_RNG_GenerateBlock failed"); 11652 wc_FreeRng(&rng); 11653 return SSL_FAILURE; 11654 } 11655 if (wc_SrpSetParams(ctx->srp, srp_N, sizeof(srp_N)/sizeof(srp_N[0]), 11656 srp_g, sizeof(srp_g)/sizeof(srp_g[0]), 11657 salt, sizeof(salt)/sizeof(salt[0])) < 0){ 11658 WOLFSSL_MSG("wc_SrpSetParam failed"); 11659 wc_FreeRng(&rng); 11660 return SSL_FAILURE; 11661 } 11662 r = wc_SrpSetPassword(ctx->srp, 11663 (const byte*)ctx->srp_password, 11664 (word32)XSTRLEN((char *)ctx->srp_password)); 11665 if (r < 0) { 11666 WOLFSSL_MSG("fail to set srp password."); 11667 return SSL_FAILURE; 11668 } 11669 wc_FreeRng(&rng); 11670 XFREE(ctx->srp_password, ctx->heap, DYNAMIC_TYPE_SRP); 11671 ctx->srp_password = NULL; 11672 } 11673 11674 return SSL_SUCCESS; 11675 } 11676 11677 int wolfSSL_CTX_set_srp_password(WOLFSSL_CTX* ctx, char* password) 11678 { 11679 int r; 11680 WC_RNG rng; 11681 byte salt[SRP_SALT_SIZE]; 11682 11683 WOLFSSL_ENTER("wolfSSL_CTX_set_srp_password"); 11684 if (ctx == NULL || ctx->srp == NULL || password == NULL) 11685 return SSL_FAILURE; 11686 11687 if (ctx->srp->user != NULL){ 11688 if (wc_InitRng(&rng) < 0){ 11689 WOLFSSL_MSG("wc_InitRng failed"); 11690 return SSL_FAILURE; 11691 } 11692 XMEMSET(salt, 0, sizeof(salt)/sizeof(salt[0])); 11693 if (wc_RNG_GenerateBlock(&rng, salt, 11694 sizeof(salt)/sizeof(salt[0])) < 0){ 11695 WOLFSSL_MSG("wc_RNG_GenerateBlock failed"); 11696 wc_FreeRng(&rng); 11697 return SSL_FAILURE; 11698 } 11699 if (wc_SrpSetParams(ctx->srp, srp_N, sizeof(srp_N)/sizeof(srp_N[0]), 11700 srp_g, sizeof(srp_g)/sizeof(srp_g[0]), 11701 salt, sizeof(salt)/sizeof(salt[0])) < 0){ 11702 WOLFSSL_MSG("wc_SrpSetParam failed"); 11703 wc_FreeRng(&rng); 11704 return SSL_FAILURE; 11705 } 11706 r = wc_SrpSetPassword(ctx->srp, (const byte*)password, 11707 (word32)XSTRLEN(password)); 11708 if (r < 0) { 11709 WOLFSSL_MSG("wc_SrpSetPassword failed."); 11710 wc_FreeRng(&rng); 11711 return SSL_FAILURE; 11712 } 11713 if (ctx->srp_password != NULL){ 11714 XFREE(ctx->srp_password,NULL, 11715 DYNAMIC_TYPE_SRP); 11716 ctx->srp_password = NULL; 11717 } 11718 wc_FreeRng(&rng); 11719 } else { 11720 /* save password for wolfSSL_set_srp_username */ 11721 if (ctx->srp_password != NULL) 11722 XFREE(ctx->srp_password,ctx->heap, DYNAMIC_TYPE_SRP); 11723 11724 ctx->srp_password = (byte*)XMALLOC(XSTRLEN(password) + 1, ctx->heap, 11725 DYNAMIC_TYPE_SRP); 11726 if (ctx->srp_password == NULL){ 11727 WOLFSSL_MSG("memory allocation error"); 11728 return SSL_FAILURE; 11729 } 11730 XMEMCPY(ctx->srp_password, password, XSTRLEN(password) + 1); 11731 } 11732 return SSL_SUCCESS; 11733 } 11734 #endif /* WOLFCRYPT_HAVE_SRP && !NO_SHA256 && !WC_NO_RNG */ 11081 11735 11082 11736 /* keyblock size in bytes or -1 */ … … 11110 11764 } 11111 11765 11112 11766 #endif /* OPENSSL_EXTRA */ 11767 11768 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EXTRA) 11113 11769 void wolfSSL_set_accept_state(WOLFSSL* ssl) 11114 11770 { 11115 word16 haveRSA = 1; 11116 word16 havePSK = 0; 11117 11118 WOLFSSL_ENTER("SSL_set_accept_state"); 11771 WOLFSSL_ENTER("wolfSSL_set_accept_state"); 11119 11772 if (ssl->options.side == WOLFSSL_CLIENT_END) { 11120 11773 #ifdef HAVE_ECC … … 11142 11795 #endif 11143 11796 } 11144 ssl->options.side = WOLFSSL_SERVER_END; 11145 /* reset suites in case user switched */ 11146 11147 #ifdef NO_RSA 11148 haveRSA = 0; 11149 #endif 11150 #ifndef NO_PSK 11151 havePSK = ssl->options.havePSK; 11152 #endif 11153 InitSuites(ssl->suites, ssl->version, ssl->buffers.keySz, haveRSA, 11154 havePSK, ssl->options.haveDH, ssl->options.haveNTRU, 11155 ssl->options.haveECDSAsig, ssl->options.haveECC, 11156 ssl->options.haveStaticECC, ssl->options.side); 11157 } 11158 #endif 11797 11798 if (InitSSL_Side(ssl, WOLFSSL_SERVER_END) != WOLFSSL_SUCCESS) { 11799 WOLFSSL_MSG("Error initializing server side"); 11800 } 11801 } 11802 11803 #endif /* OPENSSL_EXTRA || WOLFSSL_EXTRA */ 11159 11804 11160 11805 /* return true if connection established */ … … 11170 11815 } 11171 11816 11172 #if defined(OPENSSL_EXTRA) || defined(GOAHEAD_WS) 11817 #ifdef OPENSSL_EXTRA 11818 11173 11819 void wolfSSL_CTX_set_tmp_rsa_callback(WOLFSSL_CTX* ctx, 11174 11820 WOLFSSL_RSA*(*f)(WOLFSSL*, int, int)) … … 11195 11841 long wolfSSL_CTX_get_options(WOLFSSL_CTX* ctx) 11196 11842 { 11197 (void)ctx;11198 11843 WOLFSSL_ENTER("wolfSSL_CTX_get_options"); 11199 11844 WOLFSSL_MSG("wolfSSL options are set through API calls and macros"); 11200 11201 return 0; 11202 } 11203 11204 11845 if(ctx == NULL) 11846 return BAD_FUNC_ARG; 11847 return ctx->mask; 11848 } 11849 11850 #endif 11851 11852 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) 11853 11854 static long wolf_set_options(long old_op, long op); 11205 11855 long wolfSSL_CTX_set_options(WOLFSSL_CTX* ctx, long opt) 11206 11856 { 11207 11857 WOLFSSL_ENTER("SSL_CTX_set_options"); 11208 ctx->mask |= opt; 11209 return opt; 11210 } 11211 11858 11859 if (ctx == NULL) 11860 return BAD_FUNC_ARG; 11861 11862 ctx->mask = wolf_set_options(ctx->mask, opt); 11863 11864 return ctx->mask; 11865 } 11866 11867 #endif 11868 11869 #ifdef OPENSSL_EXTRA 11870 11871 long wolfSSL_CTX_clear_options(WOLFSSL_CTX* ctx, long opt) 11872 { 11873 WOLFSSL_ENTER("SSL_CTX_clear_options"); 11874 if(ctx == NULL) 11875 return BAD_FUNC_ARG; 11876 ctx->mask &= ~opt; 11877 return ctx->mask; 11878 } 11212 11879 11213 11880 int wolfSSL_set_rfd(WOLFSSL* ssl, int rfd) … … 11233 11900 11234 11901 11235 WOLFSSL_RSA* wolfSSL_RSA_generate_key(int len, unsigned long bits, 11236 void(*f)(int, int, void*), void* data) 11237 { 11238 /* no tmp key needed, actual generation not supported */ 11239 WOLFSSL_ENTER("RSA_generate_key"); 11240 (void)len; 11241 (void)bits; 11242 (void)f; 11243 (void)data; 11244 return NULL; 11245 } 11246 11247 11902 11903 11904 #ifndef NO_CERTS 11248 11905 WOLFSSL_X509_STORE* wolfSSL_CTX_get_cert_store(WOLFSSL_CTX* ctx) 11249 11906 { … … 11252 11909 } 11253 11910 11254 return &(ctx->x509_store); 11255 } 11256 11257 11258 #ifndef NO_CERTS 11911 return &ctx->x509_store; 11912 } 11913 11914 11259 11915 void wolfSSL_CTX_set_cert_store(WOLFSSL_CTX* ctx, WOLFSSL_X509_STORE* str) 11260 11916 { … … 11269 11925 ctx->cm = str->cm; 11270 11926 ctx->x509_store.cache = str->cache; 11927 ctx->x509_store_pt = str; /* take ownership of store and free it 11928 with CTX free */ 11271 11929 } 11272 11930 … … 11298 11956 return WOLFSSL_FATAL_ERROR; 11299 11957 } 11300 #endif 11301 11958 11959 void wolfSSL_X509_STORE_CTX_set_verify_cb(WOLFSSL_X509_STORE_CTX *ctx, 11960 WOLFSSL_X509_STORE_CTX_verify_cb verify_cb) 11961 { 11962 WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_set_verify_cb"); 11963 if(ctx == NULL) 11964 return; 11965 ctx->verify_cb = verify_cb; 11966 } 11967 #endif /* !NO_CERTS */ 11302 11968 11303 11969 WOLFSSL_BIO_METHOD* wolfSSL_BIO_f_buffer(void) … … 11306 11972 11307 11973 WOLFSSL_ENTER("BIO_f_buffer"); 11308 meth.type = BIO_BUFFER;11974 meth.type = WOLFSSL_BIO_BUFFER; 11309 11975 11310 11976 return &meth; 11311 11977 } 11312 11978 11313 11979 #ifndef NO_WOLFSSL_STUB 11314 11980 long wolfSSL_BIO_set_write_buffer_size(WOLFSSL_BIO* bio, long size) 11315 11981 { 11316 11982 /* wolfSSL has internal buffer, compatibility only */ 11317 11983 WOLFSSL_ENTER("BIO_set_write_buffer_size"); 11984 WOLFSSL_STUB("BIO_set_write_buffer_size"); 11318 11985 (void)bio; 11319 11986 return size; 11320 11987 } 11321 11988 #endif 11322 11989 11323 11990 WOLFSSL_BIO_METHOD* wolfSSL_BIO_s_bio(void) … … 11326 11993 11327 11994 WOLFSSL_ENTER("wolfSSL_BIO_f_bio"); 11328 bio_meth.type = BIO_BIO;11995 bio_meth.type = WOLFSSL_BIO_BIO; 11329 11996 11330 11997 return &bio_meth; … … 11338 12005 11339 12006 WOLFSSL_ENTER("wolfSSL_BIO_f_file"); 11340 file_meth.type = BIO_FILE;12007 file_meth.type = WOLFSSL_BIO_FILE; 11341 12008 11342 12009 return &file_meth; … … 11350 12017 11351 12018 WOLFSSL_ENTER("BIO_f_ssl"); 11352 meth.type = BIO_SSL;12019 meth.type = WOLFSSL_BIO_SSL; 11353 12020 11354 12021 return &meth; … … 11361 12028 11362 12029 WOLFSSL_ENTER("BIO_s_socket"); 11363 meth.type = BIO_SOCKET;12030 meth.type = WOLFSSL_BIO_SOCKET; 11364 12031 11365 12032 return &meth; … … 11369 12036 WOLFSSL_BIO* wolfSSL_BIO_new_socket(int sfd, int closeF) 11370 12037 { 11371 WOLFSSL_BIO* bio = (WOLFSSL_BIO*) XMALLOC(sizeof(WOLFSSL_BIO), 0, 11372 DYNAMIC_TYPE_OPENSSL); 12038 WOLFSSL_BIO* bio = wolfSSL_BIO_new(wolfSSL_BIO_s_socket()); 11373 12039 11374 12040 WOLFSSL_ENTER("BIO_new_socket"); 11375 12041 if (bio) { 11376 XMEMSET(bio, 0, sizeof(WOLFSSL_BIO)); 11377 bio->type = BIO_SOCKET; 12042 bio->type = WOLFSSL_BIO_SOCKET; 11378 12043 bio->close = (byte)closeF; 11379 12044 bio->fd = sfd; 11380 bio->mem = NULL;11381 12045 } 11382 12046 return bio; … … 11425 12089 WOLFSSL_BIO* bio = (WOLFSSL_BIO*) XMALLOC(sizeof(WOLFSSL_BIO), 0, 11426 12090 DYNAMIC_TYPE_OPENSSL); 11427 WOLFSSL_ENTER(" BIO_new");12091 WOLFSSL_ENTER("wolfSSL_BIO_new"); 11428 12092 if (bio) { 11429 12093 XMEMSET(bio, 0, sizeof(WOLFSSL_BIO)); 11430 12094 bio->type = method->type; 11431 bio->ssl = NULL; 11432 bio->mem = NULL; 11433 bio->prev = NULL; 11434 bio->next = NULL; 12095 bio->close = BIO_CLOSE; /* default to close things */ 12096 if (method->type != WOLFSSL_BIO_FILE && 12097 method->type != WOLFSSL_BIO_SOCKET) { 12098 bio->mem_buf =(WOLFSSL_BUF_MEM*)XMALLOC(sizeof(WOLFSSL_BUF_MEM), 12099 0, DYNAMIC_TYPE_OPENSSL); 12100 if (bio->mem_buf == NULL) { 12101 WOLFSSL_MSG("Memory error"); 12102 wolfSSL_BIO_free(bio); 12103 return NULL; 12104 } 12105 bio->mem_buf->data = (char*)bio->mem; 12106 } 11435 12107 } 11436 12108 return bio; … … 11454 12126 { 11455 12127 WOLFSSL_BIO* bio = NULL; 11456 if (buf == NULL) 12128 12129 if (buf == NULL || len < 0) { 11457 12130 return bio; 12131 } 11458 12132 11459 12133 bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()); 11460 if (bio == NULL) 12134 if (bio == NULL) { 11461 12135 return bio; 11462 11463 bio->memLen = len; 12136 } 12137 12138 bio->memLen = bio->wrSz = len; 11464 12139 bio->mem = (byte*)XMALLOC(len, 0, DYNAMIC_TYPE_OPENSSL); 11465 12140 if (bio->mem == NULL) { 11466 XFREE(bio, 0, DYNAMIC_TYPE_OPENSSL);12141 wolfSSL_BIO_free(bio); 11467 12142 return NULL; 11468 12143 } 12144 if (bio->mem_buf != NULL) { 12145 bio->mem_buf->data = (char*)bio->mem; 12146 bio->mem_buf->length = bio->memLen; 12147 } 11469 12148 11470 12149 XMEMCPY(bio->mem, buf, len); … … 11473 12152 } 11474 12153 11475 11476 #ifdef USE_WINDOWS_API 11477 #define CloseSocket(s) closesocket(s) 11478 #elif defined(WOLFSSL_MDK_ARM) || defined(WOLFSSL_KEIL_TCP_NET) 11479 #define CloseSocket(s) closesocket(s) 11480 extern int closesocket(int); 11481 #else 11482 #define CloseSocket(s) close(s) 11483 #endif 11484 12154 /* 12155 * Note : If the flag BIO_NOCLOSE is set then freeing memory buffers is up 12156 * to the application. 12157 */ 11485 12158 int wolfSSL_BIO_free(WOLFSSL_BIO* bio) 11486 12159 { … … 11501 12174 11502 12175 #ifndef NO_FILESYSTEM 11503 if (bio->type == BIO_FILE && bio->close == BIO_CLOSE) {12176 if (bio->type == WOLFSSL_BIO_FILE && bio->close == BIO_CLOSE) { 11504 12177 if (bio->file) { 11505 12178 XFCLOSE(bio->file); … … 11508 12181 #endif 11509 12182 11510 if (bio->mem) 12183 if (bio->close != BIO_NOCLOSE) { 12184 if (bio->mem != NULL) { 12185 if (bio->mem_buf != NULL) { 12186 if (bio->mem_buf->data != (char*)bio->mem) { 12187 XFREE(bio->mem, bio->heap, DYNAMIC_TYPE_OPENSSL); 12188 bio->mem = NULL; 12189 } 12190 } 12191 else { 11511 12192 XFREE(bio->mem, bio->heap, DYNAMIC_TYPE_OPENSSL); 11512 XFREE(bio, bio->heap, DYNAMIC_TYPE_OPENSSL); 12193 bio->mem = NULL; 12194 } 12195 } 12196 if (bio->mem_buf != NULL) { 12197 wolfSSL_BUF_MEM_free(bio->mem_buf); 12198 bio->mem_buf = NULL; 12199 } 12200 } 12201 12202 XFREE(bio, 0, DYNAMIC_TYPE_OPENSSL); 11513 12203 } 11514 12204 return 0; … … 11528 12218 11529 12219 11530 static int wolfSSL_BIO_BIO_read(WOLFSSL_BIO* bio, void* buf, int len)11531 {11532 int sz;11533 char* pt;11534 11535 sz = wolfSSL_BIO_nread(bio, &pt, len);11536 11537 if (sz > 0) {11538 XMEMCPY(buf, pt, sz);11539 }11540 11541 return sz;11542 }11543 11544 /* Handles reading from a memory type BIO and advancing the state.11545 *11546 * bio WOLFSSL_BIO to read from11547 * buf buffer to put data from bio in11548 * len amount of data to be read11549 *11550 * returns size read on success11551 */11552 static int wolfSSL_BIO_MEMORY_read(WOLFSSL_BIO* bio, void* buf, int len)11553 {11554 int sz;11555 11556 sz = (int)wolfSSL_BIO_ctrl_pending(bio);11557 if (sz > 0) {11558 byte* pt = NULL;11559 int memSz;11560 11561 if (sz > len) {11562 sz = len;11563 }11564 memSz = wolfSSL_BIO_get_mem_data(bio, (void*)&pt);11565 if (memSz >= sz && pt != NULL) {11566 byte* tmp;11567 11568 XMEMCPY(buf, pt, sz);11569 if (memSz - sz > 0) {11570 tmp = (byte*)XMALLOC(memSz-sz, bio->heap,11571 DYNAMIC_TYPE_OPENSSL);11572 if (tmp == NULL) {11573 WOLFSSL_MSG("Memory error");11574 return WOLFSSL_BIO_ERROR;11575 }11576 XMEMCPY(tmp, pt + sz, memSz - sz);11577 11578 /* reset internal bio->mem, tmp gets free'd with11579 * wolfSSL_BIO_free */11580 XFREE(bio->mem, bio->heap, DYNAMIC_TYPE_OPENSSL);11581 bio->mem = tmp;11582 }11583 bio->wrSz -= sz;11584 bio->memLen = memSz - sz;11585 }11586 else {11587 WOLFSSL_MSG("Issue with getting bio mem pointer");11588 return 0;11589 }11590 }11591 else {11592 return WOLFSSL_BIO_ERROR;11593 }11594 11595 return sz;11596 }11597 11598 11599 int wolfSSL_BIO_read(WOLFSSL_BIO* bio, void* buf, int len)11600 {11601 int ret;11602 WOLFSSL* ssl = 0;11603 WOLFSSL_BIO* front = bio;11604 11605 WOLFSSL_ENTER("wolfSSL_BIO_read");11606 11607 if (bio && bio->type == BIO_BIO) {11608 return wolfSSL_BIO_BIO_read(bio, buf, len);11609 }11610 11611 #ifndef NO_FILESYSTEM11612 if (bio && bio->type == BIO_FILE) {11613 return (int)XFREAD(buf, 1, len, bio->file);11614 }11615 #endif11616 if (bio && bio->type == BIO_MEMORY) {11617 return wolfSSL_BIO_MEMORY_read(bio, buf, len);11618 }11619 11620 /* already got eof, again is error */11621 if (bio && front->eof)11622 return WOLFSSL_FATAL_ERROR;11623 11624 while(bio && ((ssl = bio->ssl) == 0) )11625 bio = bio->next;11626 11627 if (ssl == 0) return BAD_FUNC_ARG;11628 11629 ret = wolfSSL_read(ssl, buf, len);11630 if (ret == 0)11631 front->eof = 1;11632 else if (ret < 0) {11633 int err = wolfSSL_get_error(ssl, 0);11634 if ( !(err == WOLFSSL_ERROR_WANT_READ || err == WOLFSSL_ERROR_WANT_WRITE) )11635 front->eof = 1;11636 }11637 return ret;11638 }11639 11640 11641 static int wolfSSL_BIO_BIO_write(WOLFSSL_BIO* bio, const void* data,11642 int len)11643 {11644 /* internal function where arguments have already been sanity checked */11645 int sz;11646 char* buf;11647 11648 sz = wolfSSL_BIO_nwrite(bio, &buf, len);11649 11650 /* test space for write */11651 if (sz <= 0) {11652 WOLFSSL_MSG("No room left to write");11653 return sz;11654 }11655 11656 XMEMCPY(buf, data, sz);11657 11658 return sz;11659 }11660 11661 11662 int wolfSSL_BIO_write(WOLFSSL_BIO* bio, const void* data, int len)11663 {11664 int ret;11665 WOLFSSL* ssl = 0;11666 WOLFSSL_BIO* front = bio;11667 byte* p;11668 11669 WOLFSSL_ENTER("wolfSSL_BIO_write");11670 11671 if (bio && bio->type == BIO_BIO) {11672 return wolfSSL_BIO_BIO_write(bio, data, len);11673 }11674 11675 #ifndef NO_FILESYSTEM11676 if (bio && bio->type == BIO_FILE) {11677 return (int)XFWRITE(data, 1, len, bio->file);11678 }11679 #endif11680 11681 if (bio && bio->type == BIO_MEMORY) {11682 /* Make buffer big enough to hold new data. */11683 if (bio->mem == NULL) {11684 bio->mem = (byte*)XMALLOC(len, bio->heap, DYNAMIC_TYPE_OPENSSL);11685 if (bio->mem == NULL)11686 return -1;11687 p = bio->mem;11688 }11689 else {11690 p = (byte*)XMALLOC(len + bio->memLen, bio->heap,11691 DYNAMIC_TYPE_OPENSSL);11692 if (p == NULL)11693 return -1;11694 XMEMCPY(p, bio->mem, bio->memLen);11695 XFREE(bio->mem, bio->heap, DYNAMIC_TYPE_OPENSSL);11696 bio->mem = p;11697 p += bio->memLen;11698 }11699 11700 /* Put data on the end of the buffer. */11701 XMEMCPY(p, data, len);11702 bio->memLen += len;11703 11704 return len;11705 }11706 11707 /* already got eof, again is error */11708 if (bio && front->eof)11709 return WOLFSSL_FATAL_ERROR;11710 11711 while(bio && ((ssl = bio->ssl) == 0) )11712 bio = bio->next;11713 11714 if (ssl == 0) return BAD_FUNC_ARG;11715 11716 ret = wolfSSL_write(ssl, data, len);11717 if (ret == 0)11718 front->eof = 1;11719 else if (ret < 0) {11720 int err = wolfSSL_get_error(ssl, 0);11721 if ( !(err == WOLFSSL_ERROR_WANT_READ || err == WOLFSSL_ERROR_WANT_WRITE) )11722 front->eof = 1;11723 }11724 11725 return ret;11726 }11727 11728 11729 12220 WOLFSSL_BIO* wolfSSL_BIO_push(WOLFSSL_BIO* top, WOLFSSL_BIO* append) 11730 12221 { … … 11734 12225 11735 12226 return top; 11736 }12227 } 11737 12228 11738 12229 … … 11744 12235 return 1; 11745 12236 } 11746 11747 11748 #endif /* OPENSSL_EXTRA || GOAHEAD_WS */ 11749 11750 11751 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) 12237 #endif /* OPENSSL_EXTRA */ 12238 12239 #ifdef WOLFSSL_ENCRYPTED_KEYS 11752 12240 11753 12241 void wolfSSL_CTX_set_default_passwd_cb_userdata(WOLFSSL_CTX* ctx, … … 11755 12243 { 11756 12244 WOLFSSL_ENTER("SSL_CTX_set_default_passwd_cb_userdata"); 11757 ctx->userdata = userdata; 11758 } 12245 if (ctx) 12246 ctx->passwd_userdata = userdata; 12247 } 11759 12248 11760 12249 … … 11762 12251 { 11763 12252 WOLFSSL_ENTER("SSL_CTX_set_default_passwd_cb"); 11764 if (ctx != NULL) {12253 if (ctx) 11765 12254 ctx->passwd_cb = cb; 11766 } 11767 } 11768 12255 } 12256 12257 pem_password_cb* wolfSSL_CTX_get_default_passwd_cb(WOLFSSL_CTX *ctx) 12258 { 12259 if (ctx == NULL || ctx->passwd_cb == NULL) { 12260 return NULL; 12261 } 12262 12263 return ctx->passwd_cb; 12264 } 12265 12266 12267 void* wolfSSL_CTX_get_default_passwd_cb_userdata(WOLFSSL_CTX *ctx) 12268 { 12269 if (ctx == NULL) { 12270 return NULL; 12271 } 12272 12273 return ctx->passwd_userdata; 12274 } 12275 12276 #if !defined(NO_PWDBASED) && (defined(OPENSSL_EXTRA) || \ 12277 defined(OPENSSL_EXTRA_X509_SMALL) || defined(HAVE_WEBSERVER)) 12278 12279 int wolfSSL_EVP_BytesToKey(const WOLFSSL_EVP_CIPHER* type, 12280 const WOLFSSL_EVP_MD* md, const byte* salt, 12281 const byte* data, int sz, int count, byte* key, byte* iv) 12282 { 12283 int ret; 12284 int hashType = WC_HASH_TYPE_NONE; 12285 #ifdef WOLFSSL_SMALL_STACK 12286 EncryptedInfo* info = NULL; 12287 #else 12288 EncryptedInfo info[1]; 12289 #endif 12290 12291 #ifdef WOLFSSL_SMALL_STACK 12292 info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), NULL, 12293 DYNAMIC_TYPE_ENCRYPTEDINFO); 12294 if (info == NULL) { 12295 WOLFSSL_MSG("malloc failed"); 12296 return WOLFSSL_FAILURE; 12297 } 12298 #endif 12299 12300 XMEMSET(info, 0, sizeof(EncryptedInfo)); 12301 info->ivSz = EVP_SALT_SIZE; 12302 12303 ret = wolfSSL_EVP_get_hashinfo(md, &hashType, NULL); 12304 if (ret == 0) 12305 ret = wc_EncryptedInfoGet(info, type); 12306 if (ret == 0) 12307 ret = wc_PBKDF1_ex(key, info->keySz, iv, info->ivSz, data, sz, salt, 12308 EVP_SALT_SIZE, count, hashType, NULL); 12309 12310 #ifdef WOLFSSL_SMALL_STACK 12311 XFREE(info, NULL, DYNAMIC_TYPE_ENCRYPTEDINFO); 12312 #endif 12313 12314 if (ret <= 0) 12315 return 0; /* failure - for compatibility */ 12316 12317 return ret; 12318 } 12319 12320 #endif /* !NO_PWDBASED && (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL || HAVE_WEBSERVER) */ 12321 #endif /* WOLFSSL_ENCRYPTED_KEYS */ 12322 12323 12324 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) 11769 12325 int wolfSSL_num_locks(void) 11770 12326 { 11771 12327 return 0; 11772 }12328 } 11773 12329 11774 12330 void wolfSSL_set_locking_callback(void (*f)(int, int, const char*, int)) 11775 12331 { 11776 (void)f; 11777 } 12332 WOLFSSL_ENTER("wolfSSL_set_locking_callback"); 12333 12334 if (wc_SetMutexCb(f) != 0) { 12335 WOLFSSL_MSG("Error when setting mutex call back"); 12336 } 12337 } 12338 12339 12340 typedef unsigned long (idCb)(void); 12341 static idCb* inner_idCb = NULL; 12342 12343 unsigned long wolfSSL_thread_id(void) 12344 { 12345 if (inner_idCb != NULL) { 12346 return inner_idCb(); 12347 } 12348 else { 12349 return 0; 12350 } 12351 } 12352 11778 12353 11779 12354 void wolfSSL_set_id_callback(unsigned long (*f)(void)) 11780 12355 { 11781 (void)f;12356 inner_idCb = f; 11782 12357 } 11783 12358 … … 11786 12361 WOLFSSL_ENTER("wolfSSL_ERR_get_error"); 11787 12362 11788 #if defined( WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)12363 #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) 11789 12364 { 11790 12365 unsigned long ret = wolfSSL_ERR_peek_error_line_data(NULL, NULL, … … 11793 12368 return ret; 11794 12369 } 12370 #elif (defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)) 12371 { 12372 int ret = wc_PullErrorNode(NULL, NULL, NULL); 12373 12374 if (ret < 0) { 12375 if (ret == BAD_STATE_E) return 0; /* no errors in queue */ 12376 WOLFSSL_MSG("Error with pulling error node!"); 12377 WOLFSSL_LEAVE("wolfSSL_ERR_get_error", ret); 12378 ret = 0 - ret; /* return absolute value of error */ 12379 12380 /* panic and try to clear out nodes */ 12381 wc_ClearErrorNodes(); 12382 } 12383 12384 return (unsigned long)ret; 12385 } 11795 12386 #else 11796 12387 return (unsigned long)(0 - NOT_COMPILED_IN); 11797 #endif11798 }11799 11800 #ifndef NO_MD511801 11802 int wolfSSL_EVP_BytesToKey(const WOLFSSL_EVP_CIPHER* type,11803 const WOLFSSL_EVP_MD* md, const byte* salt,11804 const byte* data, int sz, int count, byte* key, byte* iv)11805 {11806 int keyLen = 0;11807 int ivLen = 0;11808 int j;11809 int keyLeft;11810 int ivLeft;11811 int keyOutput = 0;11812 byte digest[WC_MD5_DIGEST_SIZE];11813 #ifdef WOLFSSL_SMALL_STACK11814 wc_Md5* md5 = NULL;11815 #else11816 wc_Md5 md5[1];11817 12388 #endif 11818 11819 #ifdef WOLFSSL_SMALL_STACK 11820 md5 = (wc_Md5*)XMALLOC(sizeof(wc_Md5), NULL, DYNAMIC_TYPE_HASHCTX); 11821 if (md5 == NULL) 11822 return 0; 11823 #endif 11824 11825 (void)type; 11826 11827 WOLFSSL_ENTER("wolfSSL_EVP_BytesToKey"); 11828 11829 if (wc_InitMd5(md5) != 0) { 11830 #ifdef WOLFSSL_SMALL_STACK 11831 XFREE(md5, NULL, DYNAMIC_TYPE_HASHCTX); 11832 #endif 11833 return 0; 11834 } 11835 11836 /* only support MD5 for now */ 11837 if (XSTRNCMP(md, "MD5", 3) != 0) { 11838 #ifdef WOLFSSL_SMALL_STACK 11839 XFREE(md5, NULL, DYNAMIC_TYPE_HASHCTX); 11840 #endif 11841 return 0; 11842 } 11843 11844 /* only support CBC DES and AES for now */ 11845 #ifndef NO_DES3 11846 if (XSTRNCMP(type, EVP_DES_CBC, EVP_DES_SIZE) == 0) { 11847 keyLen = DES_KEY_SIZE; 11848 ivLen = DES_IV_SIZE; 11849 } 11850 else if (XSTRNCMP(type, EVP_DES_EDE3_CBC, EVP_DES_EDE3_SIZE) == 0) { 11851 keyLen = DES3_KEY_SIZE; 11852 ivLen = DES_IV_SIZE; 11853 } 11854 else 11855 #endif /* NO_DES3 */ 11856 #ifndef NO_AES 11857 if (XSTRNCMP(type, EVP_AES_128_CBC, EVP_AES_SIZE) == 0) { 11858 keyLen = AES_128_KEY_SIZE; 11859 ivLen = AES_IV_SIZE; 11860 } 11861 else if (XSTRNCMP(type, EVP_AES_192_CBC, EVP_AES_SIZE) == 0) { 11862 keyLen = AES_192_KEY_SIZE; 11863 ivLen = AES_IV_SIZE; 11864 } 11865 else if (XSTRNCMP(type, EVP_AES_256_CBC, EVP_AES_SIZE) == 0) { 11866 keyLen = AES_256_KEY_SIZE; 11867 ivLen = AES_IV_SIZE; 11868 } 11869 else 11870 #endif /* NO_AES */ 11871 { 11872 #ifdef WOLFSSL_SMALL_STACK 11873 XFREE(md5, NULL, DYNAMIC_TYPE_HASHCTX); 11874 #endif 11875 return 0; 11876 } 11877 11878 keyLeft = keyLen; 11879 ivLeft = ivLen; 11880 11881 while (keyOutput < (keyLen + ivLen)) { 11882 int digestLeft = WC_MD5_DIGEST_SIZE; 11883 /* D_(i - 1) */ 11884 if (keyOutput) /* first time D_0 is empty */ 11885 wc_Md5Update(md5, digest, WC_MD5_DIGEST_SIZE); 11886 /* data */ 11887 wc_Md5Update(md5, data, sz); 11888 /* salt */ 11889 if (salt) 11890 wc_Md5Update(md5, salt, EVP_SALT_SIZE); 11891 wc_Md5Final(md5, digest); 11892 /* count */ 11893 for (j = 1; j < count; j++) { 11894 wc_Md5Update(md5, digest, WC_MD5_DIGEST_SIZE); 11895 wc_Md5Final(md5, digest); 11896 } 11897 11898 if (keyLeft) { 11899 int store = min(keyLeft, WC_MD5_DIGEST_SIZE); 11900 XMEMCPY(&key[keyLen - keyLeft], digest, store); 11901 11902 keyOutput += store; 11903 keyLeft -= store; 11904 digestLeft -= store; 11905 } 11906 11907 if (ivLeft && digestLeft) { 11908 int store = min(ivLeft, digestLeft); 11909 if (iv != NULL) 11910 XMEMCPY(&iv[ivLen - ivLeft], 11911 &digest[WC_MD5_DIGEST_SIZE - digestLeft], store); 11912 keyOutput += store; 11913 ivLeft -= store; 11914 } 11915 } 11916 11917 #ifdef WOLFSSL_SMALL_STACK 11918 XFREE(md5, NULL, DYNAMIC_TYPE_HASHCTX); 11919 #endif 11920 11921 return keyOutput == (keyLen + ivLen) ? keyOutput : 0; 11922 } 11923 11924 #endif /* NO_MD5 */ 12389 } 11925 12390 11926 12391 #endif /* OPENSSL_EXTRA || HAVE_WEBSERVER */ … … 11999 12464 return size; 12000 12465 } 12001 #endif /* ! defined(NO_WOLFSSL_CLIENT)*/12466 #endif /* !NO_WOLFSSL_CLIENT */ 12002 12467 12003 12468 … … 12063 12528 return 0; 12064 12529 } 12065 #endif /* NO_MD5 */12530 #endif /* !NO_MD5 */ 12066 12531 12067 12532 … … 12136 12601 return SHA_Final(input, sha); 12137 12602 } 12138 #endif /* NO_SHA */12603 #endif /* !NO_SHA */ 12139 12604 12140 12605 #ifdef WOLFSSL_SHA224 … … 12349 12814 const char *name; 12350 12815 } md_tbl[] = { 12816 #ifndef NO_MD4 12817 {WC_HASH_TYPE_MD4, "MD4"}, 12818 #endif /* NO_MD4 */ 12819 12351 12820 #ifndef NO_MD5 12352 {WC_ MD5, "MD5"},12821 {WC_HASH_TYPE_MD5, "MD5"}, 12353 12822 #endif /* NO_MD5 */ 12354 12823 12355 12824 #ifndef NO_SHA 12356 {WC_ SHA, "SHA"},12825 {WC_HASH_TYPE_SHA, "SHA"}, 12357 12826 #endif /* NO_SHA */ 12358 12827 12359 12828 #ifdef WOLFSSL_SHA224 12360 {WC_ SHA224, "SHA224"},12829 {WC_HASH_TYPE_SHA224, "SHA224"}, 12361 12830 #endif /* WOLFSSL_SHA224 */ 12362 12831 #ifndef NO_SHA256 12363 {WC_ SHA256, "SHA256"},12832 {WC_HASH_TYPE_SHA256, "SHA256"}, 12364 12833 #endif 12365 12834 12366 12835 #ifdef WOLFSSL_SHA384 12367 {WC_ SHA384, "SHA384"},12836 {WC_HASH_TYPE_SHA384, "SHA384"}, 12368 12837 #endif /* WOLFSSL_SHA384 */ 12369 12838 #ifdef WOLFSSL_SHA512 12370 {WC_ SHA512, "SHA512"},12839 {WC_HASH_TYPE_SHA512, "SHA512"}, 12371 12840 #endif /* WOLFSSL_SHA512 */ 12372 12841 {0, NULL} … … 12378 12847 const char *name; 12379 12848 const char *alias; 12380 } alias_tbl[] = { 12849 } alias_tbl[] = 12850 { 12851 {"MD4", "ssl3-md4"}, 12381 12852 {"MD5", "ssl3-md5"}, 12382 12853 {"SHA", "ssl3-sha1"}, … … 12404 12875 { 12405 12876 const struct s_ent *ent; 12406 for( ent = md_tbl; ent->macType != 0; ent++) 12877 WOLFSSL_ENTER("EVP_get_md"); 12878 for( ent = md_tbl; ent->name != NULL; ent++){ 12407 12879 if(type == ent->macType) { 12408 12880 return (WOLFSSL_EVP_MD *)ent->name; 12409 12881 } 12410 return 0; 12882 } 12883 return (WOLFSSL_EVP_MD *)""; 12411 12884 } 12412 12885 … … 12414 12887 { 12415 12888 const struct s_ent *ent; 12416 for( ent = md_tbl; ent->name != NULL; ent++) 12889 WOLFSSL_ENTER("EVP_MD_type"); 12890 for( ent = md_tbl; ent->name != NULL; ent++){ 12417 12891 if(XSTRNCMP((const char *)md, ent->name, XSTRLEN(ent->name)+1) == 0) { 12418 12892 return ent->macType; 12419 12893 } 12894 } 12420 12895 return 0; 12421 12896 } 12897 12898 12899 #ifndef NO_MD4 12900 12901 /* return a pointer to MD4 EVP type */ 12902 const WOLFSSL_EVP_MD* wolfSSL_EVP_md4(void) 12903 { 12904 WOLFSSL_ENTER("wolfSSL_EVP_md4"); 12905 return EVP_get_digestbyname("MD4"); 12906 } 12907 12908 #endif /* !NO_MD4 */ 12422 12909 12423 12910 … … 12426 12913 const WOLFSSL_EVP_MD* wolfSSL_EVP_md5(void) 12427 12914 { 12428 const char* type = EVP_get_digestbyname("MD5");12429 12915 WOLFSSL_ENTER("EVP_md5"); 12430 return type;12431 } 12432 12433 #endif /*NO_MD5 */12916 return EVP_get_digestbyname("MD5"); 12917 } 12918 12919 #endif /* !NO_MD5 */ 12434 12920 12435 12921 … … 12437 12923 const WOLFSSL_EVP_MD* wolfSSL_EVP_sha1(void) 12438 12924 { 12439 const char* type = EVP_get_digestbyname("SHA");12440 12925 WOLFSSL_ENTER("EVP_sha1"); 12441 return type;12926 return EVP_get_digestbyname("SHA"); 12442 12927 } 12443 12928 #endif /* NO_SHA */ … … 12447 12932 const WOLFSSL_EVP_MD* wolfSSL_EVP_sha224(void) 12448 12933 { 12449 const char* type = EVP_get_digestbyname("SHA224");12450 12934 WOLFSSL_ENTER("EVP_sha224"); 12451 return type;12935 return EVP_get_digestbyname("SHA224"); 12452 12936 } 12453 12937 … … 12457 12941 const WOLFSSL_EVP_MD* wolfSSL_EVP_sha256(void) 12458 12942 { 12459 const char* type = EVP_get_digestbyname("SHA256");12460 12943 WOLFSSL_ENTER("EVP_sha256"); 12461 return type;12944 return EVP_get_digestbyname("SHA256"); 12462 12945 } 12463 12946 … … 12466 12949 const WOLFSSL_EVP_MD* wolfSSL_EVP_sha384(void) 12467 12950 { 12468 const char* type = EVP_get_digestbyname("SHA384");12469 12951 WOLFSSL_ENTER("EVP_sha384"); 12470 return type;12952 return EVP_get_digestbyname("SHA384"); 12471 12953 } 12472 12954 … … 12477 12959 const WOLFSSL_EVP_MD* wolfSSL_EVP_sha512(void) 12478 12960 { 12479 const char* type = EVP_get_digestbyname("SHA512");12480 12961 WOLFSSL_ENTER("EVP_sha512"); 12481 return type;12962 return EVP_get_digestbyname("SHA512"); 12482 12963 } 12483 12964 12484 12965 #endif /* WOLFSSL_SHA512 */ 12966 12485 12967 12486 12968 WOLFSSL_EVP_MD_CTX *wolfSSL_EVP_MD_CTX_new(void) … … 12505 12987 } 12506 12988 12989 12990 /* returns the type of message digest used by the ctx */ 12991 int wolfSSL_EVP_MD_CTX_type(const WOLFSSL_EVP_MD_CTX *ctx) { 12992 WOLFSSL_ENTER("EVP_MD_CTX_type"); 12993 return ctx->macType; 12994 } 12995 12996 12997 /* returns WOLFSSL_SUCCESS on success */ 12998 int wolfSSL_EVP_MD_CTX_copy(WOLFSSL_EVP_MD_CTX *out, const WOLFSSL_EVP_MD_CTX *in) 12999 { 13000 return wolfSSL_EVP_MD_CTX_copy_ex(out, in); 13001 } 13002 13003 13004 /* Deep copy of EVP_MD hasher 13005 * return WOLFSSL_SUCCESS on success */ 13006 static int wolfSSL_EVP_MD_Copy_Hasher(WOLFSSL_EVP_MD_CTX* des, 13007 const WOLFSSL_EVP_MD_CTX* src) 13008 { 13009 if (src->macType == (NID_hmac & 0xFF)) { 13010 wolfSSL_HmacCopy(&des->hash.hmac, (Hmac*)&src->hash.hmac); 13011 } 13012 else { 13013 switch (src->macType) { 13014 #ifndef NO_MD5 13015 case WC_HASH_TYPE_MD5: 13016 wc_Md5Copy((wc_Md5*)&src->hash.digest, 13017 (wc_Md5*)&des->hash.digest); 13018 break; 13019 #endif /* !NO_MD5 */ 13020 13021 #ifndef NO_SHA 13022 case WC_HASH_TYPE_SHA: 13023 wc_ShaCopy((wc_Sha*)&src->hash.digest, 13024 (wc_Sha*)&des->hash.digest); 13025 break; 13026 #endif /* !NO_SHA */ 13027 13028 #ifdef WOLFSSL_SHA224 13029 case WC_HASH_TYPE_SHA224: 13030 wc_Sha224Copy((wc_Sha224*)&src->hash.digest, 13031 (wc_Sha224*)&des->hash.digest); 13032 break; 13033 #endif /* WOLFSSL_SHA224 */ 13034 13035 #ifndef NO_SHA256 13036 case WC_HASH_TYPE_SHA256: 13037 wc_Sha256Copy((wc_Sha256*)&src->hash.digest, 13038 (wc_Sha256*)&des->hash.digest); 13039 break; 13040 #endif /* !NO_SHA256 */ 13041 13042 #ifdef WOLFSSL_SHA384 13043 case WC_HASH_TYPE_SHA384: 13044 wc_Sha384Copy((wc_Sha384*)&src->hash.digest, 13045 (wc_Sha384*)&des->hash.digest); 13046 break; 13047 #endif /* WOLFSSL_SHA384 */ 13048 #ifdef WOLFSSL_SHA512 13049 case WC_HASH_TYPE_SHA512: 13050 wc_Sha512Copy((wc_Sha512*)&src->hash.digest, 13051 (wc_Sha512*)&des->hash.digest); 13052 break; 13053 #endif /* WOLFSSL_SHA512 */ 13054 13055 default: 13056 return WOLFSSL_FAILURE; 13057 } 13058 } 13059 return WOLFSSL_SUCCESS; 13060 } 13061 13062 13063 /* copies structure in to the structure out 13064 * 13065 * returns WOLFSSL_SUCCESS on success */ 13066 int wolfSSL_EVP_MD_CTX_copy_ex(WOLFSSL_EVP_MD_CTX *out, const WOLFSSL_EVP_MD_CTX *in) 13067 { 13068 if ((out == NULL) || (in == NULL)) return WOLFSSL_FAILURE; 13069 WOLFSSL_ENTER("EVP_CIPHER_MD_CTX_copy_ex"); 13070 XMEMCPY(out, in, sizeof(WOLFSSL_EVP_MD_CTX)); 13071 if (in->pctx != NULL) { 13072 out->pctx = wolfSSL_EVP_PKEY_CTX_new(in->pctx->pkey, NULL); 13073 if (out->pctx == NULL) 13074 return WOLFSSL_FAILURE; 13075 } 13076 return wolfSSL_EVP_MD_Copy_Hasher(out, (WOLFSSL_EVP_MD_CTX*)in); 13077 } 13078 12507 13079 void wolfSSL_EVP_MD_CTX_init(WOLFSSL_EVP_MD_CTX* ctx) 12508 13080 { … … 12513 13085 const WOLFSSL_EVP_MD *wolfSSL_EVP_MD_CTX_md(const WOLFSSL_EVP_MD_CTX *ctx) 12514 13086 { 12515 if ( !ctx)13087 if (ctx == NULL) 12516 13088 return NULL; 13089 WOLFSSL_ENTER("EVP_MD_CTX_md"); 12517 13090 return (const WOLFSSL_EVP_MD *)wolfSSL_EVP_get_md(ctx->macType); 12518 13091 } … … 12520 13093 #ifndef NO_AES 12521 13094 13095 #ifdef HAVE_AES_CBC 13096 #ifdef WOLFSSL_AES_128 12522 13097 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_cbc(void) 12523 13098 { 12524 13099 WOLFSSL_ENTER("wolfSSL_EVP_aes_128_cbc"); 13100 if (EVP_AES_128_CBC == NULL) 13101 wolfSSL_EVP_init(); 12525 13102 return EVP_AES_128_CBC; 12526 13103 } 12527 12528 13104 #endif /* WOLFSSL_AES_128 */ 13105 13106 13107 #ifdef WOLFSSL_AES_192 12529 13108 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_cbc(void) 12530 13109 { 12531 13110 WOLFSSL_ENTER("wolfSSL_EVP_aes_192_cbc"); 13111 if (EVP_AES_192_CBC == NULL) 13112 wolfSSL_EVP_init(); 12532 13113 return EVP_AES_192_CBC; 12533 13114 } 12534 12535 13115 #endif /* WOLFSSL_AES_192 */ 13116 13117 13118 #ifdef WOLFSSL_AES_256 12536 13119 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_cbc(void) 12537 13120 { 12538 13121 WOLFSSL_ENTER("wolfSSL_EVP_aes_256_cbc"); 13122 if (EVP_AES_256_CBC == NULL) 13123 wolfSSL_EVP_init(); 12539 13124 return EVP_AES_256_CBC; 12540 13125 } 12541 12542 13126 #endif /* WOLFSSL_AES_256 */ 13127 #endif /* HAVE_AES_CBC */ 13128 13129 13130 #ifdef WOLFSSL_AES_128 12543 13131 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_ctr(void) 12544 13132 { 12545 13133 WOLFSSL_ENTER("wolfSSL_EVP_aes_128_ctr"); 13134 if (EVP_AES_128_CTR == NULL) 13135 wolfSSL_EVP_init(); 12546 13136 return EVP_AES_128_CTR; 12547 13137 } 12548 12549 13138 #endif /* WOLFSSL_AES_2128 */ 13139 13140 13141 #ifdef WOLFSSL_AES_192 12550 13142 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_ctr(void) 12551 13143 { 12552 13144 WOLFSSL_ENTER("wolfSSL_EVP_aes_192_ctr"); 13145 if (EVP_AES_192_CTR == NULL) 13146 wolfSSL_EVP_init(); 12553 13147 return EVP_AES_192_CTR; 12554 13148 } 12555 12556 13149 #endif /* WOLFSSL_AES_192 */ 13150 13151 13152 #ifdef WOLFSSL_AES_256 12557 13153 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_ctr(void) 12558 13154 { 12559 13155 WOLFSSL_ENTER("wolfSSL_EVP_aes_256_ctr"); 13156 if (EVP_AES_256_CTR == NULL) 13157 wolfSSL_EVP_init(); 12560 13158 return EVP_AES_256_CTR; 12561 13159 } 12562 13160 #endif /* WOLFSSL_AES_256 */ 13161 13162 #ifdef WOLFSSL_AES_128 12563 13163 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_128_ecb(void) 12564 13164 { 12565 13165 WOLFSSL_ENTER("wolfSSL_EVP_aes_128_ecb"); 13166 if (EVP_AES_128_ECB == NULL) 13167 wolfSSL_EVP_init(); 12566 13168 return EVP_AES_128_ECB; 12567 13169 } 12568 12569 13170 #endif /* WOLFSSL_AES_128 */ 13171 13172 13173 #ifdef WOLFSSL_AES_192 12570 13174 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_192_ecb(void) 12571 13175 { 12572 13176 WOLFSSL_ENTER("wolfSSL_EVP_aes_192_ecb"); 13177 if (EVP_AES_192_ECB == NULL) 13178 wolfSSL_EVP_init(); 12573 13179 return EVP_AES_192_ECB; 12574 13180 } 12575 12576 13181 #endif /* WOLFSSL_AES_192*/ 13182 13183 13184 #ifdef WOLFSSL_AES_256 12577 13185 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_aes_256_ecb(void) 12578 13186 { 12579 13187 WOLFSSL_ENTER("wolfSSL_EVP_aes_256_ecb"); 13188 if (EVP_AES_256_ECB == NULL) 13189 wolfSSL_EVP_init(); 12580 13190 return EVP_AES_256_ECB; 12581 13191 } 13192 #endif /* WOLFSSL_AES_256 */ 12582 13193 #endif /* NO_AES */ 12583 13194 … … 12586 13197 { 12587 13198 WOLFSSL_ENTER("wolfSSL_EVP_des_cbc"); 13199 if (EVP_DES_CBC == NULL) 13200 wolfSSL_EVP_init(); 12588 13201 return EVP_DES_CBC; 12589 13202 } … … 12592 13205 { 12593 13206 WOLFSSL_ENTER("wolfSSL_EVP_des_ecb"); 13207 if (EVP_DES_ECB == NULL) 13208 wolfSSL_EVP_init(); 12594 13209 return EVP_DES_ECB; 12595 13210 } … … 12598 13213 { 12599 13214 WOLFSSL_ENTER("wolfSSL_EVP_des_ede3_cbc"); 13215 if (EVP_DES_EDE3_CBC == NULL) 13216 wolfSSL_EVP_init(); 12600 13217 return EVP_DES_EDE3_CBC; 12601 13218 } … … 12604 13221 { 12605 13222 WOLFSSL_ENTER("wolfSSL_EVP_des_ede3_ecb"); 13223 if (EVP_DES_EDE3_ECB == NULL) 13224 wolfSSL_EVP_init(); 12606 13225 return EVP_DES_EDE3_ECB; 12607 13226 } … … 12609 13228 #endif /* NO_DES3 */ 12610 13229 13230 #ifndef NO_RC4 12611 13231 const WOLFSSL_EVP_CIPHER* wolfSSL_EVP_rc4(void) 12612 13232 { … … 12615 13235 return type; 12616 13236 } 13237 #endif 12617 13238 12618 13239 #ifdef HAVE_IDEA … … 12620 13241 { 12621 13242 WOLFSSL_ENTER("wolfSSL_EVP_idea_cbc"); 13243 if (EVP_IDEA_CBC == NULL) 13244 wolfSSL_EVP_init(); 12622 13245 return EVP_IDEA_CBC; 12623 13246 } … … 12634 13257 { 12635 13258 WOLFSSL_ENTER("EVP_MD_CTX_cleanup"); 13259 if (ctx->pctx != NULL) 13260 wolfSSL_EVP_PKEY_CTX_free(ctx->pctx); 13261 13262 if (ctx->macType == (NID_hmac & 0xFF)) { 13263 wc_HmacFree(&ctx->hash.hmac); 13264 } 13265 else { 13266 switch (ctx->macType) { 13267 #ifndef NO_MD5 13268 case WC_HASH_TYPE_MD5: 13269 wc_Md5Free((wc_Md5*)&ctx->hash.digest); 13270 break; 13271 #endif /* !NO_MD5 */ 13272 13273 #ifndef NO_SHA 13274 case WC_HASH_TYPE_SHA: 13275 wc_ShaFree((wc_Sha*)&ctx->hash.digest); 13276 break; 13277 #endif /* !NO_SHA */ 13278 13279 #ifdef WOLFSSL_SHA224 13280 case WC_HASH_TYPE_SHA224: 13281 wc_Sha224Free((wc_Sha224*)&ctx->hash.digest); 13282 break; 13283 #endif /* WOLFSSL_SHA224 */ 13284 13285 #ifndef NO_SHA256 13286 case WC_HASH_TYPE_SHA256: 13287 wc_Sha256Free((wc_Sha256*)&ctx->hash.digest); 13288 break; 13289 #endif /* !NO_SHA256 */ 13290 13291 #ifdef WOLFSSL_SHA384 13292 case WC_HASH_TYPE_SHA384: 13293 wc_Sha384Free((wc_Sha384*)&ctx->hash.digest); 13294 break; 13295 #endif /* WOLFSSL_SHA384 */ 13296 #ifdef WOLFSSL_SHA512 13297 case WC_HASH_TYPE_SHA512: 13298 wc_Sha512Free((wc_Sha512*)&ctx->hash.digest); 13299 break; 13300 #endif /* WOLFSSL_SHA512 */ 13301 13302 default: 13303 return WOLFSSL_FAILURE; 13304 } 13305 } 12636 13306 ForceZero(ctx, sizeof(*ctx)); 12637 13307 ctx->macType = 0xFF; … … 12667 13337 /* return WOLFSSL_SUCCESS on ok, 0 on failure to match API compatibility */ 12668 13338 int wolfSSL_EVP_CipherInit(WOLFSSL_EVP_CIPHER_CTX* ctx, 12669 const WOLFSSL_EVP_CIPHER* type, byte* key,12670 byte* iv, int enc)13339 const WOLFSSL_EVP_CIPHER* type, const byte* key, 13340 const byte* iv, int enc) 12671 13341 { 12672 int ret = -1; /* failure local, during function 0 means success 12673 because internal functions work that way */ 13342 int ret = 0; 12674 13343 (void)key; 12675 13344 (void)iv; … … 12682 13351 } 12683 13352 12684 if (type == NULL && ctx->cipherType == 0xff) {13353 if (type == NULL && ctx->cipherType == WOLFSSL_EVP_CIPH_TYPE_INIT) { 12685 13354 WOLFSSL_MSG("no type set"); 12686 13355 return 0; /* failure */ 12687 13356 } 13357 if (ctx->cipherType == WOLFSSL_EVP_CIPH_TYPE_INIT){ 12688 13358 ctx->bufUsed = 0; 12689 13359 ctx->lastUsed = 0; 12690 13360 ctx->flags = 0; 13361 } 13362 13363 XMEMSET(&ctx->cipher, 0, sizeof(ctx->cipher)); 12691 13364 12692 13365 #ifndef NO_AES 12693 /* printf("cipherType=%d\n", ctx->cipherType); */ 13366 #ifdef HAVE_AES_CBC 13367 #ifdef WOLFSSL_AES_128 12694 13368 if (ctx->cipherType == AES_128_CBC_TYPE || 12695 13369 (type && XSTRNCMP(type, EVP_AES_128_CBC, EVP_AES_SIZE) == 0)) { 12696 13370 WOLFSSL_MSG("EVP_AES_128_CBC"); 12697 13371 ctx->cipherType = AES_128_CBC_TYPE; 12698 ctx->flags = WOLFSSL_EVP_CIPH_CBC_MODE; 13372 ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; 13373 ctx->flags |= WOLFSSL_EVP_CIPH_CBC_MODE; 12699 13374 ctx->keyLen = 16; 12700 13375 ctx->block_size = AES_BLOCK_SIZE; … … 12713 13388 } 12714 13389 } 12715 else if (ctx->cipherType == AES_192_CBC_TYPE || 13390 #endif /* WOLFSSL_AES_128 */ 13391 #ifdef WOLFSSL_AES_192 13392 if (ctx->cipherType == AES_192_CBC_TYPE || 12716 13393 (type && XSTRNCMP(type, EVP_AES_192_CBC, EVP_AES_SIZE) == 0)) { 12717 13394 WOLFSSL_MSG("EVP_AES_192_CBC"); 12718 13395 ctx->cipherType = AES_192_CBC_TYPE; 12719 ctx->flags = WOLFSSL_EVP_CIPH_CBC_MODE; 13396 ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; 13397 ctx->flags |= WOLFSSL_EVP_CIPH_CBC_MODE; 12720 13398 ctx->keyLen = 24; 12721 13399 ctx->block_size = AES_BLOCK_SIZE; … … 12734 13412 } 12735 13413 } 12736 else if (ctx->cipherType == AES_256_CBC_TYPE || 13414 #endif /* WOLFSSL_AES_192 */ 13415 #ifdef WOLFSSL_AES_256 13416 if (ctx->cipherType == AES_256_CBC_TYPE || 12737 13417 (type && XSTRNCMP(type, EVP_AES_256_CBC, EVP_AES_SIZE) == 0)) { 12738 13418 WOLFSSL_MSG("EVP_AES_256_CBC"); 12739 13419 ctx->cipherType = AES_256_CBC_TYPE; 12740 ctx->flags = WOLFSSL_EVP_CIPH_CBC_MODE; 13420 ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; 13421 ctx->flags |= WOLFSSL_EVP_CIPH_CBC_MODE; 12741 13422 ctx->keyLen = 32; 12742 13423 ctx->block_size = AES_BLOCK_SIZE; … … 12746 13427 ret = wc_AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv, 12747 13428 ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION); 12748 if (ret != 0) 13429 if (ret != 0){ 13430 WOLFSSL_MSG("wc_AesSetKey() failed"); 12749 13431 return ret; 13432 } 12750 13433 } 12751 13434 if (iv && key == NULL) { 12752 13435 ret = wc_AesSetIV(&ctx->cipher.aes, iv); 12753 if (ret != 0) 13436 if (ret != 0){ 13437 WOLFSSL_MSG("wc_AesSetIV() failed"); 12754 13438 return ret; 12755 13439 } 12756 13440 } 13441 } 13442 #endif /* WOLFSSL_AES_256 */ 13443 #endif /* HAVE_AES_CBC */ 12757 13444 #ifdef WOLFSSL_AES_COUNTER 12758 else if (ctx->cipherType == AES_128_CTR_TYPE || 13445 #ifdef WOLFSSL_AES_128 13446 if (ctx->cipherType == AES_128_CTR_TYPE || 12759 13447 (type && XSTRNCMP(type, EVP_AES_128_CTR, EVP_AES_SIZE) == 0)) { 12760 13448 WOLFSSL_MSG("EVP_AES_128_CTR"); 13449 ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; 12761 13450 ctx->cipherType = AES_128_CTR_TYPE; 12762 ctx->flags 13451 ctx->flags |= WOLFSSL_EVP_CIPH_CTR_MODE; 12763 13452 ctx->keyLen = 16; 12764 13453 ctx->block_size = AES_BLOCK_SIZE; … … 12777 13466 } 12778 13467 } 12779 else if (ctx->cipherType == AES_192_CTR_TYPE || 13468 #endif /* WOLFSSL_AES_128 */ 13469 #ifdef WOLFSSL_AES_192 13470 if (ctx->cipherType == AES_192_CTR_TYPE || 12780 13471 (type && XSTRNCMP(type, EVP_AES_192_CTR, EVP_AES_SIZE) == 0)) { 12781 13472 WOLFSSL_MSG("EVP_AES_192_CTR"); 12782 13473 ctx->cipherType = AES_192_CTR_TYPE; 12783 ctx->flags = WOLFSSL_EVP_CIPH_CTR_MODE; 13474 ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; 13475 ctx->flags |= WOLFSSL_EVP_CIPH_CTR_MODE; 12784 13476 ctx->keyLen = 24; 12785 13477 ctx->block_size = AES_BLOCK_SIZE; … … 12798 13490 } 12799 13491 } 12800 else if (ctx->cipherType == AES_256_CTR_TYPE || 13492 #endif /* WOLFSSL_AES_192 */ 13493 #ifdef WOLFSSL_AES_256 13494 if (ctx->cipherType == AES_256_CTR_TYPE || 12801 13495 (type && XSTRNCMP(type, EVP_AES_256_CTR, EVP_AES_SIZE) == 0)) { 12802 13496 WOLFSSL_MSG("EVP_AES_256_CTR"); 12803 13497 ctx->cipherType = AES_256_CTR_TYPE; 12804 ctx->flags = WOLFSSL_EVP_CIPH_CTR_MODE; 13498 ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; 13499 ctx->flags |= WOLFSSL_EVP_CIPH_CTR_MODE; 12805 13500 ctx->keyLen = 32; 12806 13501 ctx->block_size = AES_BLOCK_SIZE; … … 12819 13514 } 12820 13515 } 12821 #endif /* WOLFSSL_AES_CTR */ 12822 else if (ctx->cipherType == AES_128_ECB_TYPE || 13516 #endif /* WOLFSSL_AES_256 */ 13517 #endif /* WOLFSSL_AES_COUNTER */ 13518 #ifdef WOLFSSL_AES_128 13519 if (ctx->cipherType == AES_128_ECB_TYPE || 12823 13520 (type && XSTRNCMP(type, EVP_AES_128_ECB, EVP_AES_SIZE) == 0)) { 12824 13521 WOLFSSL_MSG("EVP_AES_128_ECB"); 12825 13522 ctx->cipherType = AES_128_ECB_TYPE; 12826 ctx->flags = WOLFSSL_EVP_CIPH_ECB_MODE; 13523 ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; 13524 ctx->flags |= WOLFSSL_EVP_CIPH_ECB_MODE; 12827 13525 ctx->keyLen = 16; 12828 13526 ctx->block_size = AES_BLOCK_SIZE; … … 12836 13534 return ret; 12837 13535 } 12838 else if (ctx->cipherType == AES_192_ECB_TYPE || 13536 #endif /* WOLFSSL_AES_128 */ 13537 #ifdef WOLFSSL_AES_192 13538 if (ctx->cipherType == AES_192_ECB_TYPE || 12839 13539 (type && XSTRNCMP(type, EVP_AES_192_ECB, EVP_AES_SIZE) == 0)) { 12840 13540 WOLFSSL_MSG("EVP_AES_192_ECB"); 12841 13541 ctx->cipherType = AES_192_ECB_TYPE; 12842 ctx->flags = WOLFSSL_EVP_CIPH_ECB_MODE; 13542 ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; 13543 ctx->flags |= WOLFSSL_EVP_CIPH_ECB_MODE; 12843 13544 ctx->keyLen = 24; 12844 13545 ctx->block_size = AES_BLOCK_SIZE; … … 12846 13547 ctx->enc = enc ? 1 : 0; 12847 13548 if (key) { 12848 if(ctx->enc)12849 13549 ret = wc_AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, NULL, 12850 13550 ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION); … … 12853 13553 return ret; 12854 13554 } 12855 else if (ctx->cipherType == AES_256_ECB_TYPE || 13555 #endif /* WOLFSSL_AES_192 */ 13556 #ifdef WOLFSSL_AES_256 13557 if (ctx->cipherType == AES_256_ECB_TYPE || 12856 13558 (type && XSTRNCMP(type, EVP_AES_256_ECB, EVP_AES_SIZE) == 0)) { 12857 13559 WOLFSSL_MSG("EVP_AES_256_ECB"); 12858 13560 ctx->cipherType = AES_256_ECB_TYPE; 12859 ctx->flags = WOLFSSL_EVP_CIPH_ECB_MODE; 13561 ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; 13562 ctx->flags |= WOLFSSL_EVP_CIPH_ECB_MODE; 12860 13563 ctx->keyLen = 32; 12861 13564 ctx->block_size = AES_BLOCK_SIZE; … … 12869 13572 return ret; 12870 13573 } 13574 #endif /* WOLFSSL_AES_256 */ 12871 13575 #endif /* NO_AES */ 12872 13576 … … 12876 13580 WOLFSSL_MSG("EVP_DES_CBC"); 12877 13581 ctx->cipherType = DES_CBC_TYPE; 12878 ctx->flags = WOLFSSL_EVP_CIPH_CBC_MODE; 13582 ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; 13583 ctx->flags |= WOLFSSL_EVP_CIPH_CBC_MODE; 12879 13584 ctx->keyLen = 8; 12880 13585 ctx->block_size = DES_BLOCK_SIZE; … … 12896 13601 WOLFSSL_MSG("EVP_DES_ECB"); 12897 13602 ctx->cipherType = DES_ECB_TYPE; 12898 ctx->flags = WOLFSSL_EVP_CIPH_ECB_MODE; 13603 ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; 13604 ctx->flags |= WOLFSSL_EVP_CIPH_ECB_MODE; 12899 13605 ctx->keyLen = 8; 12900 13606 ctx->block_size = DES_BLOCK_SIZE; … … 12902 13608 ctx->enc = enc ? 1 : 0; 12903 13609 if (key) { 13610 WOLFSSL_MSG("Des_SetKey"); 12904 13611 ret = wc_Des_SetKey(&ctx->cipher.des, key, NULL, 12905 13612 ctx->enc ? DES_ENCRYPTION : DES_DECRYPTION); … … 12914 13621 WOLFSSL_MSG("EVP_DES_EDE3_CBC"); 12915 13622 ctx->cipherType = DES_EDE3_CBC_TYPE; 12916 ctx->flags = WOLFSSL_EVP_CIPH_CBC_MODE; 13623 ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; 13624 ctx->flags |= WOLFSSL_EVP_CIPH_CBC_MODE; 12917 13625 ctx->keyLen = 24; 12918 13626 ctx->block_size = DES_BLOCK_SIZE; … … 12937 13645 WOLFSSL_MSG("EVP_DES_EDE3_ECB"); 12938 13646 ctx->cipherType = DES_EDE3_ECB_TYPE; 12939 ctx->flags = WOLFSSL_EVP_CIPH_ECB_MODE; 13647 ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; 13648 ctx->flags |= WOLFSSL_EVP_CIPH_ECB_MODE; 12940 13649 ctx->keyLen = 24; 12941 13650 ctx->block_size = DES_BLOCK_SIZE; … … 12955 13664 WOLFSSL_MSG("ARC4"); 12956 13665 ctx->cipherType = ARC4_TYPE; 12957 ctx->flags = WOLFSSL_EVP_CIPH_STREAM_CIPHER; 13666 ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; 13667 ctx->flags |= WOLFSSL_EVP_CIPH_STREAM_CIPHER; 13668 ctx->block_size = 1; 12958 13669 if (ctx->keyLen == 0) /* user may have already set */ 12959 13670 ctx->keyLen = 16; /* default to 128 */ 12960 13671 if (key) 12961 13672 wc_Arc4SetKey(&ctx->cipher.arc4, key, ctx->keyLen); 12962 ret = 0; /* success */12963 13673 } 12964 13674 #endif /* NO_RC4 */ … … 12968 13678 WOLFSSL_MSG("EVP_IDEA_CBC"); 12969 13679 ctx->cipherType = IDEA_CBC_TYPE; 12970 ctx->flags = WOLFSSL_EVP_CIPH_CBC_MODE; 13680 ctx->flags &= ~WOLFSSL_EVP_CIPH_MODE; 13681 ctx->flags |= WOLFSSL_EVP_CIPH_CBC_MODE; 12971 13682 ctx->keyLen = IDEA_KEY_SIZE; 13683 ctx->block_size = 8; 12972 13684 if (enc == 0 || enc == 1) 12973 13685 ctx->enc = enc ? 1 : 0; … … 12989 13701 ctx->cipherType = NULL_CIPHER_TYPE; 12990 13702 ctx->keyLen = 0; 12991 ret = 0; /* success */ 12992 } 12993 12994 if (ret == 0) 13703 ctx->block_size = 16; 13704 } 13705 (void)ret; /* remove warning. If execution reaches this point, ret=0 */ 12995 13706 return WOLFSSL_SUCCESS; 12996 else12997 return 0; /* overall failure */12998 13707 } 12999 13708 … … 13071 13780 case AES_256_CTR_TYPE : 13072 13781 WOLFSSL_MSG("AES CTR"); 13073 wc_AesCtrEncrypt(&ctx->cipher.aes, dst, src, len);13782 ret = wc_AesCtrEncrypt(&ctx->cipher.aes, dst, src, len); 13074 13783 break; 13075 13784 #endif /* WOLFSSL_AES_COUNTER */ … … 13290 13999 13291 14000 if (XSTRNCMP(type, "SHA256", 6) == 0) { 13292 ctx->macType = WC_ SHA256;14001 ctx->macType = WC_HASH_TYPE_SHA256; 13293 14002 ret = wolfSSL_SHA256_Init(&(ctx->hash.digest.sha256)); 13294 14003 } 13295 14004 #ifdef WOLFSSL_SHA224 13296 14005 else if (XSTRNCMP(type, "SHA224", 6) == 0) { 13297 ctx->macType = WC_ SHA224;14006 ctx->macType = WC_HASH_TYPE_SHA224; 13298 14007 ret = wolfSSL_SHA224_Init(&(ctx->hash.digest.sha224)); 13299 14008 } … … 13301 14010 #ifdef WOLFSSL_SHA384 13302 14011 else if (XSTRNCMP(type, "SHA384", 6) == 0) { 13303 ctx->macType = WC_ SHA384;14012 ctx->macType = WC_HASH_TYPE_SHA384; 13304 14013 ret = wolfSSL_SHA384_Init(&(ctx->hash.digest.sha384)); 13305 14014 } … … 13307 14016 #ifdef WOLFSSL_SHA512 13308 14017 else if (XSTRNCMP(type, "SHA512", 6) == 0) { 13309 ctx->macType = WC_ SHA512;14018 ctx->macType = WC_HASH_TYPE_SHA512; 13310 14019 ret = wolfSSL_SHA512_Init(&(ctx->hash.digest.sha512)); 14020 } 14021 #endif 14022 #ifndef NO_MD4 14023 else if (XSTRNCMP(type, "MD4", 3) == 0) { 14024 ctx->macType = WC_HASH_TYPE_MD4; 14025 wolfSSL_MD4_Init(&(ctx->hash.digest.md4)); 13311 14026 } 13312 14027 #endif 13313 14028 #ifndef NO_MD5 13314 14029 else if (XSTRNCMP(type, "MD5", 3) == 0) { 13315 ctx->macType = WC_ MD5;14030 ctx->macType = WC_HASH_TYPE_MD5; 13316 14031 ret = wolfSSL_MD5_Init(&(ctx->hash.digest.md5)); 13317 14032 } … … 13320 14035 /* has to be last since would pick or 224, 256, 384, or 512 too */ 13321 14036 else if (XSTRNCMP(type, "SHA", 3) == 0) { 13322 ctx->macType = WC_ SHA;14037 ctx->macType = WC_HASH_TYPE_SHA; 13323 14038 ret = wolfSSL_SHA_Init(&(ctx->hash.digest.sha)); 13324 14039 } … … 13331 14046 13332 14047 13333 /* WOLFSSL_SUCCESS on ok */14048 /* WOLFSSL_SUCCESS on ok, WOLFSSL_FAILURE on failure */ 13334 14049 int wolfSSL_EVP_DigestUpdate(WOLFSSL_EVP_MD_CTX* ctx, const void* data, 13335 unsigned longsz)14050 size_t sz) 13336 14051 { 13337 14052 WOLFSSL_ENTER("EVP_DigestUpdate"); 13338 14053 13339 14054 switch (ctx->macType) { 14055 #ifndef NO_MD4 14056 case WC_HASH_TYPE_MD4: 14057 wolfSSL_MD4_Update((MD4_CTX*)&ctx->hash, data, 14058 (unsigned long)sz); 14059 break; 14060 #endif 13340 14061 #ifndef NO_MD5 13341 case WC_ MD5:14062 case WC_HASH_TYPE_MD5: 13342 14063 wolfSSL_MD5_Update((MD5_CTX*)&ctx->hash, data, 13343 14064 (unsigned long)sz); … … 13345 14066 #endif 13346 14067 #ifndef NO_SHA 13347 case WC_ SHA:14068 case WC_HASH_TYPE_SHA: 13348 14069 wolfSSL_SHA_Update((SHA_CTX*)&ctx->hash, data, 13349 14070 (unsigned long)sz); … … 13351 14072 #endif 13352 14073 #ifdef WOLFSSL_SHA224 13353 case WC_ SHA224:14074 case WC_HASH_TYPE_SHA224: 13354 14075 wolfSSL_SHA224_Update((SHA224_CTX*)&ctx->hash, data, 13355 14076 (unsigned long)sz); … … 13357 14078 #endif 13358 14079 #ifndef NO_SHA256 13359 case WC_ SHA256:14080 case WC_HASH_TYPE_SHA256: 13360 14081 wolfSSL_SHA256_Update((SHA256_CTX*)&ctx->hash, data, 13361 14082 (unsigned long)sz); … … 13363 14084 #endif /* !NO_SHA256 */ 13364 14085 #ifdef WOLFSSL_SHA384 13365 case WC_ SHA384:14086 case WC_HASH_TYPE_SHA384: 13366 14087 wolfSSL_SHA384_Update((SHA384_CTX*)&ctx->hash, data, 13367 14088 (unsigned long)sz); … … 13369 14090 #endif 13370 14091 #ifdef WOLFSSL_SHA512 13371 case WC_ SHA512:14092 case WC_HASH_TYPE_SHA512: 13372 14093 wolfSSL_SHA512_Update((SHA512_CTX*)&ctx->hash, data, 13373 14094 (unsigned long)sz); … … 13375 14096 #endif /* WOLFSSL_SHA512 */ 13376 14097 default: 13377 return BAD_FUNC_ARG;14098 return WOLFSSL_FAILURE; 13378 14099 } 13379 14100 … … 13388 14109 WOLFSSL_ENTER("EVP_DigestFinal"); 13389 14110 switch (ctx->macType) { 14111 #ifndef NO_MD4 14112 case WC_HASH_TYPE_MD4: 14113 wolfSSL_MD4_Final(md, (MD4_CTX*)&ctx->hash); 14114 if (s) *s = MD4_DIGEST_SIZE; 14115 break; 14116 #endif 13390 14117 #ifndef NO_MD5 13391 case WC_ MD5:14118 case WC_HASH_TYPE_MD5: 13392 14119 wolfSSL_MD5_Final(md, (MD5_CTX*)&ctx->hash); 13393 14120 if (s) *s = WC_MD5_DIGEST_SIZE; … … 13395 14122 #endif 13396 14123 #ifndef NO_SHA 13397 case WC_ SHA:14124 case WC_HASH_TYPE_SHA: 13398 14125 wolfSSL_SHA_Final(md, (SHA_CTX*)&ctx->hash); 13399 14126 if (s) *s = WC_SHA_DIGEST_SIZE; … … 13401 14128 #endif 13402 14129 #ifdef WOLFSSL_SHA224 13403 case WC_ SHA224:14130 case WC_HASH_TYPE_SHA224: 13404 14131 wolfSSL_SHA224_Final(md, (SHA224_CTX*)&ctx->hash); 13405 14132 if (s) *s = WC_SHA224_DIGEST_SIZE; … … 13407 14134 #endif 13408 14135 #ifndef NO_SHA256 13409 case WC_ SHA256:14136 case WC_HASH_TYPE_SHA256: 13410 14137 wolfSSL_SHA256_Final(md, (SHA256_CTX*)&ctx->hash); 13411 14138 if (s) *s = WC_SHA256_DIGEST_SIZE; … … 13413 14140 #endif /* !NO_SHA256 */ 13414 14141 #ifdef WOLFSSL_SHA384 13415 case WC_ SHA384:14142 case WC_HASH_TYPE_SHA384: 13416 14143 wolfSSL_SHA384_Final(md, (SHA384_CTX*)&ctx->hash); 13417 14144 if (s) *s = WC_SHA384_DIGEST_SIZE; … … 13419 14146 #endif 13420 14147 #ifdef WOLFSSL_SHA512 13421 case WC_ SHA512:14148 case WC_HASH_TYPE_SHA512: 13422 14149 wolfSSL_SHA512_Final(md, (SHA512_CTX*)&ctx->hash); 13423 14150 if (s) *s = WC_SHA512_DIGEST_SIZE; … … 13425 14152 #endif /* WOLFSSL_SHA512 */ 13426 14153 default: 13427 return BAD_FUNC_ARG;14154 return WOLFSSL_FAILURE; 13428 14155 } 13429 14156 … … 13446 14173 { 13447 14174 int type; 14175 int mdlen; 13448 14176 unsigned char* ret = NULL; 13449 14177 #ifdef WOLFSSL_SMALL_STACK … … 13454 14182 void* heap = NULL; 13455 14183 13456 WOLFSSL_ENTER("HMAC"); 13457 if (!md) 14184 WOLFSSL_ENTER("wolfSSL_HMAC"); 14185 if (!md) { 14186 WOLFSSL_MSG("Static buffer not supported, pass in md buffer"); 13458 14187 return NULL; /* no static buffer support */ 13459 13460 if (XSTRNCMP(evp_md, "MD5", 3) == 0) 14188 } 14189 14190 #ifndef NO_MD5 14191 if (XSTRNCMP(evp_md, "MD5", 3) == 0) { 13461 14192 type = WC_MD5; 13462 else if (XSTRNCMP(evp_md, "SHA", 3) == 0) 14193 mdlen = WC_MD5_DIGEST_SIZE; 14194 } else 14195 #endif 14196 #ifdef WOLFSSL_SHA224 14197 if (XSTRNCMP(evp_md, "SHA224", 6) == 0) { 14198 type = WC_SHA224; 14199 mdlen = WC_SHA224_DIGEST_SIZE; 14200 } else 14201 #endif 14202 #ifndef NO_SHA256 14203 if (XSTRNCMP(evp_md, "SHA256", 6) == 0) { 14204 type = WC_SHA256; 14205 mdlen = WC_SHA256_DIGEST_SIZE; 14206 } else 14207 #endif 14208 #ifdef WOLFSSL_SHA384 14209 if (XSTRNCMP(evp_md, "SHA384", 6) == 0) { 14210 type = WC_SHA384; 14211 mdlen = WC_SHA384_DIGEST_SIZE; 14212 } else 14213 #endif 14214 #ifdef WOLFSSL_SHA512 14215 if (XSTRNCMP(evp_md, "SHA512", 6) == 0) { 14216 type = WC_SHA512; 14217 mdlen = WC_SHA512_DIGEST_SIZE; 14218 } else 14219 #endif 14220 #ifndef NO_SHA 14221 if (XSTRNCMP(evp_md, "SHA", 3) == 0) { 13463 14222 type = WC_SHA; 13464 else 14223 mdlen = WC_SHA_DIGEST_SIZE; 14224 } else 14225 #endif 14226 { 13465 14227 return NULL; 14228 } 13466 14229 13467 14230 #ifdef WOLFSSL_SMALL_STACK … … 13476 14239 if (wc_HmacFinal(hmac, md) == 0) { 13477 14240 if (md_len) 13478 *md_len = (type == WC_MD5) ? (int)WC_MD5_DIGEST_SIZE 13479 : (int)WC_SHA_DIGEST_SIZE; 14241 *md_len = mdlen; 13480 14242 ret = md; 13481 14243 } … … 13489 14251 #endif 13490 14252 14253 (void)evp_md; 13491 14254 return ret; 13492 14255 } … … 13496 14259 WOLFSSL_ENTER("wolfSSL_ERR_clear_error"); 13497 14260 13498 #if defined( WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)14261 #if defined(DEBUG_WOLFSSL) || defined(WOLFSSL_NGINX) 13499 14262 wc_ClearErrorNodes(); 13500 14263 #endif 14264 } 14265 14266 14267 /* frees all nodes in the current threads error queue 14268 * 14269 * id thread id. ERR_remove_state is depriciated and id is ignored. The 14270 * current threads queue will be free'd. 14271 */ 14272 void wolfSSL_ERR_remove_state(unsigned long id) 14273 { 14274 WOLFSSL_ENTER("wolfSSL_ERR_remove_state"); 14275 (void)id; 14276 if (wc_ERR_remove_state() != 0) { 14277 WOLFSSL_MSG("Error with removing the state"); 14278 } 13501 14279 } 13502 14280 … … 13508 14286 13509 14287 13510 14288 #ifndef NO_WOLFSSL_STUB 13511 14289 void wolfSSL_RAND_add(const void* add, int len, double entropy) 13512 14290 { … … 13514 14292 (void)len; 13515 14293 (void)entropy; 13516 14294 WOLFSSL_STUB("RAND_add"); 13517 14295 /* wolfSSL seeds/adds internally, use explicit RNG if you want 13518 14296 to take control */ 13519 14297 } 13520 14298 #endif 13521 14299 13522 14300 #ifndef NO_DES3 13523 /* WOLFSSL_SUCCESSon ok */14301 /* 0 on ok */ 13524 14302 int wolfSSL_DES_key_sched(WOLFSSL_const_DES_cblock* key, 13525 14303 WOLFSSL_DES_key_schedule* schedule) 13526 14304 { 13527 WOLFSSL_ENTER("DES_key_sched"); 13528 XMEMCPY(schedule, key, sizeof(const_DES_cblock)); 13529 return WOLFSSL_SUCCESS; 14305 WOLFSSL_ENTER("wolfSSL_DES_key_sched"); 14306 14307 if (key == NULL || schedule == NULL) { 14308 WOLFSSL_MSG("Null argument passed in"); 14309 } 14310 else { 14311 XMEMCPY(schedule, key, sizeof(WOLFSSL_const_DES_cblock)); 14312 } 14313 14314 return 0; 14315 } 14316 14317 14318 /* intended to behave similar to Kerberos mit_des_cbc_cksum 14319 * return the last 4 bytes of cipher text */ 14320 WOLFSSL_DES_LONG wolfSSL_DES_cbc_cksum(const unsigned char* in, 14321 WOLFSSL_DES_cblock* out, long length, WOLFSSL_DES_key_schedule* sc, 14322 WOLFSSL_const_DES_cblock* iv) 14323 { 14324 WOLFSSL_DES_LONG ret; 14325 unsigned char* tmp; 14326 unsigned char* data = (unsigned char*)in; 14327 long dataSz = length; 14328 byte dynamicFlag = 0; /* when padding the buffer created needs free'd */ 14329 14330 WOLFSSL_ENTER("wolfSSL_DES_cbc_cksum"); 14331 14332 if (in == NULL || out == NULL || sc == NULL || iv == NULL) { 14333 WOLFSSL_MSG("Bad argument passed in"); 14334 return 0; 14335 } 14336 14337 /* if input length is not a multiple of DES_BLOCK_SIZE pad with 0s */ 14338 if (dataSz % DES_BLOCK_SIZE) { 14339 dataSz += DES_BLOCK_SIZE - (dataSz % DES_BLOCK_SIZE); 14340 data = (unsigned char*)XMALLOC(dataSz, NULL, 14341 DYNAMIC_TYPE_TMP_BUFFER); 14342 if (data == NULL) { 14343 WOLFSSL_MSG("Issue creating temporary buffer"); 14344 return 0; 14345 } 14346 dynamicFlag = 1; /* set to free buffer at end */ 14347 XMEMCPY(data, in, length); 14348 XMEMSET(data + length, 0, dataSz - length); /* padding */ 14349 } 14350 14351 tmp = (unsigned char*)XMALLOC(dataSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); 14352 if (tmp == NULL) { 14353 WOLFSSL_MSG("Issue creating temporary buffer"); 14354 if (dynamicFlag == 1) { 14355 XFREE(data, NULL, DYNAMIC_TYPE_TMP_BUFFER); 14356 } 14357 return 0; 14358 } 14359 14360 wolfSSL_DES_cbc_encrypt(data, tmp, dataSz, sc, 14361 (WOLFSSL_DES_cblock*)iv, 1); 14362 XMEMCPY((unsigned char*)out, tmp + (dataSz - DES_BLOCK_SIZE), 14363 DES_BLOCK_SIZE); 14364 14365 ret = (((*((unsigned char*)out + 4) & 0xFF) << 24)| 14366 ((*((unsigned char*)out + 5) & 0xFF) << 16)| 14367 ((*((unsigned char*)out + 6) & 0xFF) << 8) | 14368 (*((unsigned char*)out + 7) & 0xFF)); 14369 14370 XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); 14371 if (dynamicFlag == 1) { 14372 XFREE(data, NULL, DYNAMIC_TYPE_TMP_BUFFER); 14373 } 14374 14375 return ret; 13530 14376 } 13531 14377 … … 13537 14383 { 13538 14384 Des myDes; 14385 byte lastblock[DES_BLOCK_SIZE]; 14386 int lb_sz; 14387 long blk; 13539 14388 13540 14389 WOLFSSL_ENTER("DES_cbc_encrypt"); … … 13542 14391 /* OpenSSL compat, no ret */ 13543 14392 wc_Des_SetKey(&myDes, (const byte*)schedule, (const byte*)ivec, !enc); 13544 13545 if (enc) 13546 wc_Des_CbcEncrypt(&myDes, output, input, (word32)length); 13547 else 13548 wc_Des_CbcDecrypt(&myDes, output, input, (word32)length); 14393 lb_sz = length%DES_BLOCK_SIZE; 14394 blk = length/DES_BLOCK_SIZE; 14395 14396 if (enc){ 14397 wc_Des_CbcEncrypt(&myDes, output, input, (word32)blk*DES_BLOCK_SIZE); 14398 if(lb_sz){ 14399 XMEMSET(lastblock, 0, DES_BLOCK_SIZE); 14400 XMEMCPY(lastblock, input+length-lb_sz, lb_sz); 14401 wc_Des_CbcEncrypt(&myDes, output+blk*DES_BLOCK_SIZE, 14402 lastblock, (word32)DES_BLOCK_SIZE); 14403 } 14404 } 14405 else { 14406 wc_Des_CbcDecrypt(&myDes, output, input, (word32)blk*DES_BLOCK_SIZE); 14407 if(lb_sz){ 14408 wc_Des_CbcDecrypt(&myDes, lastblock, input+length-lb_sz, (word32)DES_BLOCK_SIZE); 14409 XMEMCPY(output+length-lb_sz, lastblock, lb_sz); 14410 } 14411 } 13549 14412 } 13550 14413 … … 13560 14423 Des3 des; 13561 14424 byte key[24];/* EDE uses 24 size key */ 14425 byte lastblock[DES_BLOCK_SIZE]; 14426 int lb_sz; 14427 long blk; 13562 14428 13563 14429 WOLFSSL_ENTER("wolfSSL_DES_ede3_cbc_encrypt"); … … 13567 14433 XMEMCPY(&key[DES_BLOCK_SIZE], *ks2, DES_BLOCK_SIZE); 13568 14434 XMEMCPY(&key[DES_BLOCK_SIZE * 2], *ks3, DES_BLOCK_SIZE); 14435 lb_sz = sz%DES_BLOCK_SIZE; 14436 blk = sz/DES_BLOCK_SIZE; 14437 14438 /* OpenSSL compat, no ret */ 14439 wc_Des3Init(&des, NULL, INVALID_DEVID); 13569 14440 13570 14441 if (enc) { 13571 14442 wc_Des3_SetKey(&des, key, (const byte*)ivec, DES_ENCRYPTION); 13572 wc_Des3_CbcEncrypt(&des, output, input, (word32)sz); 14443 wc_Des3_CbcEncrypt(&des, output, input, (word32)blk*DES_BLOCK_SIZE); 14444 if(lb_sz){ 14445 XMEMSET(lastblock, 0, DES_BLOCK_SIZE); 14446 XMEMCPY(lastblock, input+sz-lb_sz, lb_sz); 14447 wc_Des3_CbcEncrypt(&des, output+blk*DES_BLOCK_SIZE, 14448 lastblock, (word32)DES_BLOCK_SIZE); 14449 } 13573 14450 } 13574 14451 else { 13575 14452 wc_Des3_SetKey(&des, key, (const byte*)ivec, DES_DECRYPTION); 13576 wc_Des3_CbcDecrypt(&des, output, input, (word32)sz); 13577 } 14453 wc_Des3_CbcDecrypt(&des, output, input, (word32)blk*DES_BLOCK_SIZE); 14454 if(lb_sz){ 14455 wc_Des3_CbcDecrypt(&des, lastblock, input+sz-lb_sz, (word32)DES_BLOCK_SIZE); 14456 XMEMCPY(output+sz-lb_sz, lastblock, lb_sz); 14457 } 14458 } 14459 wc_Des3Free(&des); 13578 14460 } 13579 14461 … … 13586 14468 { 13587 14469 Des myDes; 14470 byte lastblock[DES_BLOCK_SIZE]; 14471 int lb_sz; 14472 long idx = length; 14473 long blk; 13588 14474 13589 14475 WOLFSSL_ENTER("DES_ncbc_encrypt"); … … 13591 14477 /* OpenSSL compat, no ret */ 13592 14478 wc_Des_SetKey(&myDes, (const byte*)schedule, (const byte*)ivec, !enc); 13593 13594 if (enc) 13595 wc_Des_CbcEncrypt(&myDes, output, input, (word32)length); 13596 else 13597 wc_Des_CbcDecrypt(&myDes, output, input, (word32)length); 13598 13599 XMEMCPY(ivec, output + length - sizeof(DES_cblock), sizeof(DES_cblock)); 14479 lb_sz = length%DES_BLOCK_SIZE; 14480 blk = length/DES_BLOCK_SIZE; 14481 idx -= sizeof(DES_cblock); 14482 if (lb_sz) { 14483 idx += DES_BLOCK_SIZE - lb_sz; 14484 } 14485 if (enc){ 14486 wc_Des_CbcEncrypt(&myDes, output, input, 14487 (word32)blk * DES_BLOCK_SIZE); 14488 if (lb_sz){ 14489 XMEMSET(lastblock, 0, DES_BLOCK_SIZE); 14490 XMEMCPY(lastblock, input+length-lb_sz, lb_sz); 14491 wc_Des_CbcEncrypt(&myDes, output + blk * DES_BLOCK_SIZE, 14492 lastblock, (word32)DES_BLOCK_SIZE); 14493 } 14494 XMEMCPY(ivec, output + idx, sizeof(DES_cblock)); 14495 } else { 14496 WOLFSSL_DES_cblock tmp; 14497 XMEMCPY(tmp, input + idx, sizeof(DES_cblock)); 14498 wc_Des_CbcDecrypt(&myDes, output, input, 14499 (word32)blk * DES_BLOCK_SIZE); 14500 if (lb_sz){ 14501 wc_Des_CbcDecrypt(&myDes, lastblock, input + length - lb_sz, 14502 (word32)DES_BLOCK_SIZE); 14503 XMEMCPY(output+length-lb_sz, lastblock, lb_sz); 14504 } 14505 XMEMCPY(ivec, tmp, sizeof(WOLFSSL_DES_cblock)); 14506 } 14507 13600 14508 } 13601 14509 … … 13609 14517 13610 14518 13611 void wolfSSL_ERR_remove_state(unsigned long state)13612 {13613 /* TODO: GetErrors().Remove(); */13614 (void)state;13615 }13616 13617 13618 14519 void wolfSSL_EVP_cleanup(void) 13619 14520 { … … 13626 14527 /* nothing to do here */ 13627 14528 } 13628 13629 14529 13630 14530 int wolfSSL_clear(WOLFSSL* ssl) … … 13672 14572 #endif 13673 14573 } 13674 14574 #ifdef SESSION_CERTS 14575 ssl->session.chain.count = 0; 14576 #endif 13675 14577 #ifdef KEEP_PEER_CERT 13676 14578 FreeX509(&ssl->peerCert); … … 13680 14582 return WOLFSSL_SUCCESS; 13681 14583 } 13682 13683 14584 13684 14585 long wolfSSL_SSL_SESSION_set_timeout(WOLFSSL_SESSION* ses, long t) … … 13695 14596 } 13696 14597 13697 14598 #endif 14599 14600 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) 13698 14601 long wolfSSL_CTX_set_mode(WOLFSSL_CTX* ctx, long mode) 13699 14602 { … … 13706 14609 return mode; 13707 14610 } 13708 13709 14611 #endif 14612 14613 #ifdef OPENSSL_EXTRA 14614 14615 #ifndef NO_WOLFSSL_STUB 13710 14616 long wolfSSL_SSL_get_mode(WOLFSSL* ssl) 13711 14617 { 13712 14618 /* TODO: */ 13713 14619 (void)ssl; 14620 WOLFSSL_STUB("SSL_get_mode"); 13714 14621 return 0; 13715 14622 } 13716 13717 14623 #endif 14624 14625 #ifndef NO_WOLFSSL_STUB 13718 14626 long wolfSSL_CTX_get_mode(WOLFSSL_CTX* ctx) 13719 14627 { 13720 14628 /* TODO: */ 13721 14629 (void)ctx; 14630 WOLFSSL_STUB("SSL_CTX_get_mode"); 13722 14631 return 0; 13723 14632 } 13724 13725 14633 #endif 14634 14635 #ifndef NO_WOLFSSL_STUB 13726 14636 void wolfSSL_CTX_set_default_read_ahead(WOLFSSL_CTX* ctx, int m) 13727 14637 { … … 13729 14639 (void)ctx; 13730 14640 (void)m; 13731 } 13732 13733 14641 WOLFSSL_STUB("SSL_CTX_set_default_read_ahead"); 14642 } 14643 #endif 14644 14645 14646 /* Storing app session context id, this value is inherited by WOLFSSL 14647 * objects created from WOLFSSL_CTX. Any session that is imported with a 14648 * different session context id will be rejected. 14649 * 14650 * ctx structure to set context in 14651 * sid_ctx value of context to set 14652 * sid_ctx_len length of sid_ctx buffer 14653 * 14654 * Returns SSL_SUCCESS in success case and SSL_FAILURE when failing 14655 */ 13734 14656 int wolfSSL_CTX_set_session_id_context(WOLFSSL_CTX* ctx, 13735 14657 const unsigned char* sid_ctx, 13736 14658 unsigned int sid_ctx_len) 13737 14659 { 14660 WOLFSSL_ENTER("SSL_CTX_set_session_id_context"); 14661 13738 14662 /* No application specific context needed for wolfSSL */ 13739 (void)ctx; 13740 (void)sid_ctx; 13741 (void)sid_ctx_len; 13742 return WOLFSSL_SUCCESS; 14663 if (sid_ctx_len > ID_LEN || ctx == NULL || sid_ctx == NULL) { 14664 return SSL_FAILURE; 14665 } 14666 XMEMCPY(ctx->sessionCtx, sid_ctx, sid_ctx_len); 14667 ctx->sessionCtxSz = (byte)sid_ctx_len; 14668 14669 return SSL_SUCCESS; 14670 } 14671 14672 14673 14674 /* Storing app session context id. Any session that is imported with a 14675 * different session context id will be rejected. 14676 * 14677 * ssl structure to set context in 14678 * id value of context to set 14679 * len length of sid_ctx buffer 14680 * 14681 * Returns SSL_SUCCESS in success case and SSL_FAILURE when failing 14682 */ 14683 int wolfSSL_set_session_id_context(WOLFSSL* ssl, const unsigned char* id, 14684 unsigned int len) 14685 { 14686 WOLFSSL_STUB("wolfSSL_set_session_id_context"); 14687 14688 if (len > ID_LEN || ssl == NULL || id == NULL) { 14689 return SSL_FAILURE; 14690 } 14691 XMEMCPY(ssl->sessionCtx, id, len); 14692 ssl->sessionCtxSz = (byte)len; 14693 14694 return SSL_SUCCESS; 13743 14695 } 13744 14696 … … 13754 14706 } 13755 14707 14708 14709 /* returns the unsigned error value and increments the pointer into the 14710 * error queue. 14711 * 14712 * file pointer to file name 14713 * line gets set to line number of error when not NULL 14714 */ 14715 unsigned long wolfSSL_ERR_get_error_line(const char** file, int* line) 14716 { 14717 #ifdef DEBUG_WOLFSSL 14718 int ret = wc_PullErrorNode(file, NULL, line); 14719 if (ret < 0) { 14720 if (ret == BAD_STATE_E) return 0; /* no errors in queue */ 14721 WOLFSSL_MSG("Issue getting error node"); 14722 WOLFSSL_LEAVE("wolfSSL_ERR_get_error_line", ret); 14723 ret = 0 - ret; /* return absolute value of error */ 14724 14725 /* panic and try to clear out nodes */ 14726 wc_ClearErrorNodes(); 14727 } 14728 return (unsigned long)ret; 14729 #else 14730 (void)file; 14731 (void)line; 14732 14733 return 0; 14734 #endif 14735 } 14736 14737 14738 #ifdef DEBUG_WOLFSSL 14739 static const char WOLFSSL_SYS_ACCEPT_T[] = "accept"; 14740 static const char WOLFSSL_SYS_BIND_T[] = "bind"; 14741 static const char WOLFSSL_SYS_CONNECT_T[] = "connect"; 14742 static const char WOLFSSL_SYS_FOPEN_T[] = "fopen"; 14743 static const char WOLFSSL_SYS_FREAD_T[] = "fread"; 14744 static const char WOLFSSL_SYS_GETADDRINFO_T[] = "getaddrinfo"; 14745 static const char WOLFSSL_SYS_GETSOCKOPT_T[] = "getsockopt"; 14746 static const char WOLFSSL_SYS_GETSOCKNAME_T[] = "getsockname"; 14747 static const char WOLFSSL_SYS_GETHOSTBYNAME_T[] = "gethostbyname"; 14748 static const char WOLFSSL_SYS_GETNAMEINFO_T[] = "getnameinfo"; 14749 static const char WOLFSSL_SYS_GETSERVBYNAME_T[] = "getservbyname"; 14750 static const char WOLFSSL_SYS_IOCTLSOCKET_T[] = "ioctlsocket"; 14751 static const char WOLFSSL_SYS_LISTEN_T[] = "listen"; 14752 static const char WOLFSSL_SYS_OPENDIR_T[] = "opendir"; 14753 static const char WOLFSSL_SYS_SETSOCKOPT_T[] = "setsockopt"; 14754 static const char WOLFSSL_SYS_SOCKET_T[] = "socket"; 14755 14756 /* switch with int mapped to function name for compatibility */ 14757 static const char* wolfSSL_ERR_sys_func(int fun) 14758 { 14759 switch (fun) { 14760 case WOLFSSL_SYS_ACCEPT: return WOLFSSL_SYS_ACCEPT_T; 14761 case WOLFSSL_SYS_BIND: return WOLFSSL_SYS_BIND_T; 14762 case WOLFSSL_SYS_CONNECT: return WOLFSSL_SYS_CONNECT_T; 14763 case WOLFSSL_SYS_FOPEN: return WOLFSSL_SYS_FOPEN_T; 14764 case WOLFSSL_SYS_FREAD: return WOLFSSL_SYS_FREAD_T; 14765 case WOLFSSL_SYS_GETADDRINFO: return WOLFSSL_SYS_GETADDRINFO_T; 14766 case WOLFSSL_SYS_GETSOCKOPT: return WOLFSSL_SYS_GETSOCKOPT_T; 14767 case WOLFSSL_SYS_GETSOCKNAME: return WOLFSSL_SYS_GETSOCKNAME_T; 14768 case WOLFSSL_SYS_GETHOSTBYNAME: return WOLFSSL_SYS_GETHOSTBYNAME_T; 14769 case WOLFSSL_SYS_GETNAMEINFO: return WOLFSSL_SYS_GETNAMEINFO_T; 14770 case WOLFSSL_SYS_GETSERVBYNAME: return WOLFSSL_SYS_GETSERVBYNAME_T; 14771 case WOLFSSL_SYS_IOCTLSOCKET: return WOLFSSL_SYS_IOCTLSOCKET_T; 14772 case WOLFSSL_SYS_LISTEN: return WOLFSSL_SYS_LISTEN_T; 14773 case WOLFSSL_SYS_OPENDIR: return WOLFSSL_SYS_OPENDIR_T; 14774 case WOLFSSL_SYS_SETSOCKOPT: return WOLFSSL_SYS_SETSOCKOPT_T; 14775 case WOLFSSL_SYS_SOCKET: return WOLFSSL_SYS_SOCKET_T; 14776 default: 14777 return "NULL"; 14778 } 14779 } 14780 #endif /* DEBUG_WOLFSSL */ 14781 14782 14783 /* @TODO when having an error queue this needs to push to the queue */ 14784 void wolfSSL_ERR_put_error(int lib, int fun, int err, const char* file, 14785 int line) 14786 { 14787 WOLFSSL_ENTER("wolfSSL_ERR_put_error"); 14788 14789 #ifndef DEBUG_WOLFSSL 14790 (void)fun; 14791 (void)err; 14792 (void)file; 14793 (void)line; 14794 WOLFSSL_MSG("Not compiled in debug mode"); 14795 #else 14796 WOLFSSL_ERROR_LINE(err, wolfSSL_ERR_sys_func(fun), (unsigned int)line, 14797 file, NULL); 14798 #endif 14799 (void)lib; 14800 } 14801 14802 14803 /* Similar to wolfSSL_ERR_get_error_line but takes in a flags argument for 14804 * more flexability. 14805 * 14806 * file output pointer to file where error happened 14807 * line output to line number of error 14808 * data output data. Is a string if ERR_TXT_STRING flag is used 14809 * flags bit flag to adjust data output 14810 * 14811 * Returns the error value or 0 if no errors are in the queue 14812 */ 13756 14813 unsigned long wolfSSL_ERR_get_error_line_data(const char** file, int* line, 13757 14814 const char** data, int *flags) 13758 14815 { 13759 /* Not implemented */ 13760 (void)file; 13761 (void)line; 13762 (void)data; 13763 (void)flags; 13764 return 0; 13765 } 13766 13767 WOLFSSL_API pem_password_cb* wolfSSL_CTX_get_default_passwd_cb( 13768 WOLFSSL_CTX *ctx) 13769 { 13770 if (ctx == NULL || ctx->passwd_cb == NULL) { 13771 return NULL; 13772 } 13773 13774 return ctx->passwd_cb; 13775 } 13776 13777 13778 WOLFSSL_API void *wolfSSL_CTX_get_default_passwd_cb_userdata( 13779 WOLFSSL_CTX *ctx) 13780 { 13781 if (ctx == NULL) { 13782 return NULL; 13783 } 13784 13785 return ctx->userdata; 14816 int ret; 14817 14818 WOLFSSL_STUB("wolfSSL_ERR_get_error_line_data"); 14819 14820 if (flags != NULL) { 14821 if ((*flags & ERR_TXT_STRING) == ERR_TXT_STRING) { 14822 ret = wc_PullErrorNode(file, data, line); 14823 if (ret < 0) { 14824 if (ret == BAD_STATE_E) return 0; /* no errors in queue */ 14825 WOLFSSL_MSG("Error with pulling error node!"); 14826 WOLFSSL_LEAVE("wolfSSL_ERR_get_error_line_data", ret); 14827 ret = 0 - ret; /* return absolute value of error */ 14828 14829 /* panic and try to clear out nodes */ 14830 wc_ClearErrorNodes(); 14831 } 14832 14833 return (unsigned long)ret; 14834 } 14835 } 14836 14837 ret = wc_PullErrorNode(file, NULL, line); 14838 if (ret < 0) { 14839 if (ret == BAD_STATE_E) return 0; /* no errors in queue */ 14840 WOLFSSL_MSG("Error with pulling error node!"); 14841 WOLFSSL_LEAVE("wolfSSL_ERR_get_error_line_data", ret); 14842 ret = 0 - ret; /* return absolute value of error */ 14843 14844 /* panic and try to clear out nodes */ 14845 wc_ClearErrorNodes(); 14846 } 14847 14848 return (unsigned long)ret; 13786 14849 } 13787 14850 … … 13789 14852 13790 14853 13791 #if defined(KEEP_PEER_CERT)13792 #ifdef SESSION_CERTS14854 #if (defined(KEEP_PEER_CERT) && defined(SESSION_CERTS)) || \ 14855 (defined(OPENSSL_ALL) && defined(HAVE_PKCS7)) 13793 14856 /* Decode the X509 DER encoded certificate into a WOLFSSL_X509 object. 13794 14857 * … … 13828 14891 return ret; 13829 14892 } 13830 #endif 13831 13832 14893 #endif /* (KEEP_PEER_CERT && SESSION_CERTS) || (OPENSSL_ALL && HAVE_PKCS7) */ 14894 14895 14896 #ifdef KEEP_PEER_CERT 13833 14897 WOLFSSL_X509* wolfSSL_get_peer_certificate(WOLFSSL* ssl) 13834 14898 { 13835 14899 WOLFSSL_ENTER("SSL_get_peer_certificate"); 14900 if (ssl == NULL) 14901 return NULL; 14902 13836 14903 if (ssl->peerCert.issuer.sz) 13837 14904 return &ssl->peerCert; … … 13851 14918 13852 14919 #ifndef NO_CERTS 13853 #if defined(KEEP_PEER_CERT) || defined(SESSION_CERTS) || defined(OPENSSL_EXTRA) 14920 #if defined(KEEP_PEER_CERT) || defined(SESSION_CERTS) || \ 14921 defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) 13854 14922 13855 14923 /* user externally called free X509, if dynamic go ahead with free, otherwise … … 13868 14936 } 13869 14937 13870 #endif /* KEEP_PEER_CERT || SESSION_CERTS || OPENSSSL_EXTRA */ 13871 13872 #if defined(KEEP_PEER_CERT) || defined(SESSION_CERTS) 13873 13874 void wolfSSL_FreeX509(WOLFSSL_X509* x509) 14938 /* Frees an external WOLFSSL_X509 structure */ 14939 void wolfSSL_X509_free(WOLFSSL_X509* x509) 13875 14940 { 13876 14941 WOLFSSL_ENTER("wolfSSL_FreeX509"); … … 13878 14943 } 13879 14944 14945 14946 /* copy name into in buffer, at most sz bytes, if buffer is null will 14947 malloc buffer, call responsible for freeing */ 14948 char* wolfSSL_X509_NAME_oneline(WOLFSSL_X509_NAME* name, char* in, int sz) 14949 { 14950 int copySz; 14951 14952 if (name == NULL) { 14953 WOLFSSL_MSG("WOLFSSL_X509_NAME pointer was NULL"); 14954 return NULL; 14955 } 14956 14957 copySz = min(sz, name->sz); 14958 14959 WOLFSSL_ENTER("wolfSSL_X509_NAME_oneline"); 14960 if (!name->sz) return in; 14961 14962 if (!in) { 14963 #ifdef WOLFSSL_STATIC_MEMORY 14964 WOLFSSL_MSG("Using static memory -- please pass in a buffer"); 14965 return NULL; 14966 #else 14967 in = (char*)XMALLOC(name->sz, NULL, DYNAMIC_TYPE_OPENSSL); 14968 if (!in ) return in; 14969 copySz = name->sz; 14970 #endif 14971 } 14972 14973 if (copySz <= 0) 14974 return in; 14975 14976 XMEMCPY(in, name->name, copySz - 1); 14977 in[copySz - 1] = 0; 14978 14979 return in; 14980 } 14981 14982 14983 /* Wraps wolfSSL_X509_d2i 14984 * 14985 * returns a WOLFSSL_X509 structure pointer on success and NULL on fail 14986 */ 14987 WOLFSSL_X509* wolfSSL_d2i_X509(WOLFSSL_X509** x509, const unsigned char** in, 14988 int len) 14989 { 14990 return wolfSSL_X509_d2i(x509, *in, len); 14991 } 14992 14993 14994 WOLFSSL_X509* wolfSSL_X509_d2i(WOLFSSL_X509** x509, const byte* in, int len) 14995 { 14996 WOLFSSL_X509 *newX509 = NULL; 14997 14998 WOLFSSL_ENTER("wolfSSL_X509_d2i"); 14999 15000 if (in != NULL && len != 0) { 15001 #ifdef WOLFSSL_SMALL_STACK 15002 DecodedCert* cert = NULL; 15003 #else 15004 DecodedCert cert[1]; 15005 #endif 15006 15007 #ifdef WOLFSSL_SMALL_STACK 15008 cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, 15009 DYNAMIC_TYPE_DCERT); 15010 if (cert == NULL) 15011 return NULL; 15012 #endif 15013 15014 InitDecodedCert(cert, (byte*)in, len, NULL); 15015 if (ParseCertRelative(cert, CERT_TYPE, 0, NULL) == 0) { 15016 newX509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), NULL, 15017 DYNAMIC_TYPE_X509); 15018 if (newX509 != NULL) { 15019 InitX509(newX509, 1, NULL); 15020 if (CopyDecodedToX509(newX509, cert) != 0) { 15021 wolfSSL_X509_free(newX509); 15022 newX509 = NULL; 15023 } 15024 } 15025 } 15026 FreeDecodedCert(cert); 15027 #ifdef WOLFSSL_SMALL_STACK 15028 XFREE(cert, NULL, DYNAMIC_TYPE_DCERT); 15029 #endif 15030 } 15031 15032 if (x509 != NULL) 15033 *x509 = newX509; 15034 15035 return newX509; 15036 } 15037 #endif /* KEEP_PEER_CERT || SESSION_CERTS || OPENSSL_EXTRA || 15038 OPENSSL_EXTRA_X509_SMALL */ 15039 15040 #if defined(OPENSSL_ALL) || defined(KEEP_PEER_CERT) || defined(SESSION_CERTS) 13880 15041 /* return the next, if any, altname from the peer cert */ 13881 15042 char* wolfSSL_X509_get_next_altname(WOLFSSL_X509* cert) … … 13899 15060 13900 15061 13901 WOLFSSL_X509_NAME* wolfSSL_X509_get_issuer_name(WOLFSSL_X509* cert)13902 {13903 WOLFSSL_ENTER("X509_get_issuer_name");13904 if (cert && cert->issuer.sz != 0)13905 return &cert->issuer;13906 return NULL;13907 }13908 13909 13910 WOLFSSL_X509_NAME* wolfSSL_X509_get_subject_name(WOLFSSL_X509* cert)13911 {13912 WOLFSSL_ENTER("wolfSSL_X509_get_subject_name");13913 if (cert && cert->subject.sz != 0)13914 return &cert->subject;13915 return NULL;13916 }13917 13918 13919 15062 int wolfSSL_X509_get_isCA(WOLFSSL_X509* x509) 13920 15063 { … … 13930 15073 return isCA; 13931 15074 } 13932 13933 13934 #ifdef OPENSSL_EXTRA13935 int wolfSSL_X509_ext_isSet_by_NID(WOLFSSL_X509* x509, int nid)13936 {13937 int isSet = 0;13938 13939 WOLFSSL_ENTER("wolfSSL_X509_ext_isSet_by_NID");13940 13941 if (x509 != NULL) {13942 switch (nid) {13943 case BASIC_CA_OID: isSet = x509->basicConstSet; break;13944 case ALT_NAMES_OID: isSet = x509->subjAltNameSet; break;13945 case AUTH_KEY_OID: isSet = x509->authKeyIdSet; break;13946 case SUBJ_KEY_OID: isSet = x509->subjKeyIdSet; break;13947 case KEY_USAGE_OID: isSet = x509->keyUsageSet; break;13948 #ifdef WOLFSSL_SEP13949 case CERT_POLICY_OID: isSet = x509->certPolicySet; break;13950 #endif /* WOLFSSL_SEP */13951 }13952 }13953 13954 WOLFSSL_LEAVE("wolfSSL_X509_ext_isSet_by_NID", isSet);13955 13956 return isSet;13957 }13958 13959 13960 int wolfSSL_X509_ext_get_critical_by_NID(WOLFSSL_X509* x509, int nid)13961 {13962 int crit = 0;13963 13964 WOLFSSL_ENTER("wolfSSL_X509_ext_get_critical_by_NID");13965 13966 if (x509 != NULL) {13967 switch (nid) {13968 case BASIC_CA_OID: crit = x509->basicConstCrit; break;13969 case ALT_NAMES_OID: crit = x509->subjAltNameCrit; break;13970 case AUTH_KEY_OID: crit = x509->authKeyIdCrit; break;13971 case SUBJ_KEY_OID: crit = x509->subjKeyIdCrit; break;13972 case KEY_USAGE_OID: crit = x509->keyUsageCrit; break;13973 #ifdef WOLFSSL_SEP13974 case CERT_POLICY_OID: crit = x509->certPolicyCrit; break;13975 #endif /* WOLFSSL_SEP */13976 }13977 }13978 13979 WOLFSSL_LEAVE("wolfSSL_X509_ext_get_critical_by_NID", crit);13980 13981 return crit;13982 }13983 13984 13985 int wolfSSL_X509_get_isSet_pathLength(WOLFSSL_X509* x509)13986 {13987 int isSet = 0;13988 13989 WOLFSSL_ENTER("wolfSSL_X509_get_isSet_pathLength");13990 13991 if (x509 != NULL)13992 isSet = x509->basicConstPlSet;13993 13994 WOLFSSL_LEAVE("wolfSSL_X509_get_isSet_pathLength", isSet);13995 13996 return isSet;13997 }13998 13999 14000 word32 wolfSSL_X509_get_pathLength(WOLFSSL_X509* x509)14001 {14002 word32 pathLength = 0;14003 14004 WOLFSSL_ENTER("wolfSSL_X509_get_pathLength");14005 14006 if (x509 != NULL)14007 pathLength = x509->pathLength;14008 14009 WOLFSSL_LEAVE("wolfSSL_X509_get_pathLength", pathLength);14010 14011 return pathLength;14012 }14013 14014 14015 unsigned int wolfSSL_X509_get_keyUsage(WOLFSSL_X509* x509)14016 {14017 word16 usage = 0;14018 14019 WOLFSSL_ENTER("wolfSSL_X509_get_keyUsage");14020 14021 if (x509 != NULL)14022 usage = x509->keyUsage;14023 14024 WOLFSSL_LEAVE("wolfSSL_X509_get_keyUsage", usage);14025 14026 return usage;14027 }14028 14029 14030 byte* wolfSSL_X509_get_authorityKeyID(WOLFSSL_X509* x509,14031 byte* dst, int* dstLen)14032 {14033 byte *id = NULL;14034 int copySz = 0;14035 14036 WOLFSSL_ENTER("wolfSSL_X509_get_authorityKeyID");14037 14038 if (x509 != NULL) {14039 if (x509->authKeyIdSet) {14040 copySz = min(dstLen != NULL ? *dstLen : 0,14041 (int)x509->authKeyIdSz);14042 id = x509->authKeyId;14043 }14044 14045 if (dst != NULL && dstLen != NULL && id != NULL && copySz > 0) {14046 XMEMCPY(dst, id, copySz);14047 id = dst;14048 *dstLen = copySz;14049 }14050 }14051 14052 WOLFSSL_LEAVE("wolfSSL_X509_get_authorityKeyID", copySz);14053 14054 return id;14055 }14056 14057 14058 byte* wolfSSL_X509_get_subjectKeyID(WOLFSSL_X509* x509,14059 byte* dst, int* dstLen)14060 {14061 byte *id = NULL;14062 int copySz = 0;14063 14064 WOLFSSL_ENTER("wolfSSL_X509_get_subjectKeyID");14065 14066 if (x509 != NULL) {14067 if (x509->subjKeyIdSet) {14068 copySz = min(dstLen != NULL ? *dstLen : 0,14069 (int)x509->subjKeyIdSz);14070 id = x509->subjKeyId;14071 }14072 14073 if (dst != NULL && dstLen != NULL && id != NULL && copySz > 0) {14074 XMEMCPY(dst, id, copySz);14075 id = dst;14076 *dstLen = copySz;14077 }14078 }14079 14080 WOLFSSL_LEAVE("wolfSSL_X509_get_subjectKeyID", copySz);14081 14082 return id;14083 }14084 14085 14086 int wolfSSL_X509_NAME_entry_count(WOLFSSL_X509_NAME* name)14087 {14088 int count = 0;14089 14090 WOLFSSL_ENTER("wolfSSL_X509_NAME_entry_count");14091 14092 if (name != NULL)14093 count = name->fullName.entryCount;14094 14095 WOLFSSL_LEAVE("wolfSSL_X509_NAME_entry_count", count);14096 return count;14097 }14098 14099 14100 /* Used to get a string from the WOLFSSL_X509_NAME structure that14101 * corresponds with the NID value passed in.14102 *14103 * name structure to get string from14104 * nid NID value to search for14105 * buf [out] buffer to hold results. If NULL then the buffer size minus the14106 * null char is returned.14107 * len size of "buf" passed in14108 *14109 * returns the length of string found, not including the NULL terminator.14110 * It's possible the function could return a negative value in the14111 * case that len is less than or equal to 0. A negative value is14112 * considered an error case.14113 */14114 int wolfSSL_X509_NAME_get_text_by_NID(WOLFSSL_X509_NAME* name,14115 int nid, char* buf, int len)14116 {14117 char *text = NULL;14118 int textSz = 0;14119 14120 WOLFSSL_ENTER("wolfSSL_X509_NAME_get_text_by_NID");14121 14122 switch (nid) {14123 case ASN_COMMON_NAME:14124 text = name->fullName.fullName + name->fullName.cnIdx;14125 textSz = name->fullName.cnLen;14126 break;14127 case ASN_SUR_NAME:14128 text = name->fullName.fullName + name->fullName.snIdx;14129 textSz = name->fullName.snLen;14130 break;14131 case ASN_SERIAL_NUMBER:14132 text = name->fullName.fullName + name->fullName.serialIdx;14133 textSz = name->fullName.serialLen;14134 break;14135 case ASN_COUNTRY_NAME:14136 text = name->fullName.fullName + name->fullName.cIdx;14137 textSz = name->fullName.cLen;14138 break;14139 case ASN_LOCALITY_NAME:14140 text = name->fullName.fullName + name->fullName.lIdx;14141 textSz = name->fullName.lLen;14142 break;14143 case ASN_STATE_NAME:14144 text = name->fullName.fullName + name->fullName.stIdx;14145 textSz = name->fullName.stLen;14146 break;14147 case ASN_ORG_NAME:14148 text = name->fullName.fullName + name->fullName.oIdx;14149 textSz = name->fullName.oLen;14150 break;14151 case ASN_ORGUNIT_NAME:14152 text = name->fullName.fullName + name->fullName.ouIdx;14153 textSz = name->fullName.ouLen;14154 break;14155 default:14156 WOLFSSL_MSG("Unknown NID value");14157 return -1;14158 }14159 14160 /* if buf is NULL return size of buffer needed (minus null char) */14161 if (buf == NULL) {14162 return textSz;14163 }14164 14165 if (buf != NULL && text != NULL) {14166 textSz = min(textSz + 1, len); /* + 1 to account for null char */14167 if (textSz > 0) {14168 XMEMCPY(buf, text, textSz - 1);14169 buf[textSz - 1] = '\0';14170 }14171 }14172 14173 WOLFSSL_LEAVE("wolfSSL_X509_NAME_get_text_by_NID", textSz);14174 return (textSz - 1); /* do not include null character in size */14175 }14176 14177 int wolfSSL_X509_NAME_get_index_by_NID(WOLFSSL_X509_NAME* name,14178 int nid, int pos)14179 {14180 int ret = -1;14181 14182 WOLFSSL_ENTER("wolfSSL_X509_NAME_get_index_by_NID");14183 14184 if (name == NULL) {14185 return BAD_FUNC_ARG;14186 }14187 14188 /* these index values are already stored in DecodedName14189 use those when available */14190 if (name->fullName.fullName && name->fullName.fullNameLen > 0) {14191 switch (nid) {14192 case ASN_COMMON_NAME:14193 if (pos != name->fullName.cnIdx)14194 ret = name->fullName.cnIdx;14195 break;14196 default:14197 WOLFSSL_MSG("NID not yet implemented");14198 break;14199 }14200 }14201 14202 WOLFSSL_LEAVE("wolfSSL_X509_NAME_get_index_by_NID", ret);14203 14204 (void)pos;14205 (void)nid;14206 14207 return ret;14208 }14209 14210 14211 WOLFSSL_ASN1_STRING* wolfSSL_X509_NAME_ENTRY_get_data(14212 WOLFSSL_X509_NAME_ENTRY* in)14213 {14214 WOLFSSL_ENTER("wolfSSL_X509_NAME_ENTRY_get_data");14215 return in->value;14216 }14217 14218 14219 char* wolfSSL_ASN1_STRING_data(WOLFSSL_ASN1_STRING* asn)14220 {14221 WOLFSSL_ENTER("wolfSSL_ASN1_STRING_data");14222 14223 if (asn) {14224 return asn->data;14225 }14226 else {14227 return NULL;14228 }14229 }14230 14231 14232 int wolfSSL_ASN1_STRING_length(WOLFSSL_ASN1_STRING* asn)14233 {14234 WOLFSSL_ENTER("wolfSSL_ASN1_STRING_length");14235 14236 if (asn) {14237 return asn->length;14238 }14239 else {14240 return 0;14241 }14242 }14243 #endif14244 14245 14246 /* copy name into in buffer, at most sz bytes, if buffer is null will14247 malloc buffer, call responsible for freeing */14248 char* wolfSSL_X509_NAME_oneline(WOLFSSL_X509_NAME* name, char* in, int sz)14249 {14250 int copySz;14251 14252 if (name == NULL) {14253 WOLFSSL_MSG("WOLFSSL_X509_NAME pointer was NULL");14254 return NULL;14255 }14256 14257 copySz = min(sz, name->sz);14258 14259 WOLFSSL_ENTER("wolfSSL_X509_NAME_oneline");14260 if (!name->sz) return in;14261 14262 if (!in) {14263 #ifdef WOLFSSL_STATIC_MEMORY14264 WOLFSSL_MSG("Using static memory -- please pass in a buffer");14265 return NULL;14266 #else14267 in = (char*)XMALLOC(name->sz, NULL, DYNAMIC_TYPE_OPENSSL);14268 if (!in ) return in;14269 copySz = name->sz;14270 #endif14271 }14272 14273 if (copySz <= 0)14274 return in;14275 14276 XMEMCPY(in, name->name, copySz - 1);14277 in[copySz - 1] = 0;14278 14279 return in;14280 }14281 14282 14283 int wolfSSL_X509_get_signature_type(WOLFSSL_X509* x509)14284 {14285 int type = 0;14286 14287 WOLFSSL_ENTER("wolfSSL_X509_get_signature_type");14288 14289 if (x509 != NULL)14290 type = x509->sigOID;14291 14292 return type;14293 }14294 14295 15075 14296 15076 int wolfSSL_X509_get_signature(WOLFSSL_X509* x509, … … 14331 15111 WOLFSSL_ENTER("wolfSSL_X509_get_der"); 14332 15112 14333 if (x509 == NULL || outSz == NULL)15113 if (x509 == NULL || x509->derCert == NULL || outSz == NULL) 14334 15114 return NULL; 14335 15115 … … 14358 15138 14359 15139 return x509->notBefore; 14360 }15140 } 14361 15141 14362 15142 … … 14378 15158 *inOutSz. Requires inOutSz be non-null */ 14379 15159 byte* wolfSSL_X509_get_device_type(WOLFSSL_X509* x509, byte* in, int *inOutSz) 14380 {15160 { 14381 15161 int copySz; 14382 15162 … … 14396 15176 copySz = x509->deviceTypeSz; 14397 15177 #endif 14398 }15178 } 14399 15179 14400 15180 XMEMCPY(in, x509->deviceType, copySz); … … 14402 15182 14403 15183 return in; 14404 }15184 } 14405 15185 14406 15186 14407 15187 byte* wolfSSL_X509_get_hw_type(WOLFSSL_X509* x509, byte* in, int* inOutSz) 14408 {15188 { 14409 15189 int copySz; 14410 15190 … … 14435 15215 byte* wolfSSL_X509_get_hw_serial_number(WOLFSSL_X509* x509,byte* in, 14436 15216 int* inOutSz) 14437 {15217 { 14438 15218 int copySz; 14439 15219 … … 14453 15233 copySz = x509->hwSerialNumSz; 14454 15234 #endif 14455 }15235 } 14456 15236 14457 15237 XMEMCPY(in, x509->hwSerialNum, copySz); … … 14459 15239 14460 15240 return in; 14461 }15241 } 14462 15242 14463 15243 #endif /* WOLFSSL_SEP */ … … 14472 15252 if (sk == NULL || x509 == NULL) { 14473 15253 return WOLFSSL_FAILURE; 14474 }15254 } 14475 15255 14476 15256 /* no previous values in stack */ … … 14479 15259 sk->num += 1; 14480 15260 return WOLFSSL_SUCCESS; 14481 }15261 } 14482 15262 14483 15263 /* stack already has value(s) create a new node and add more */ … … 14498 15278 14499 15279 return WOLFSSL_SUCCESS; 14500 }15280 } 14501 15281 14502 15282 … … 14506 15286 14507 15287 if (sk == NULL) { 14508 return NULL;14509 }15288 return NULL; 15289 } 14510 15290 14511 15291 node = sk->next; … … 14516 15296 sk->next = node->next; 14517 15297 XFREE(node, NULL, DYNAMIC_TYPE_X509); 14518 }15298 } 14519 15299 else { /* last x509 in stack */ 14520 15300 sk->data.x509 = NULL; 14521 }15301 } 14522 15302 14523 15303 if (sk->num > 0) { … … 14526 15306 14527 15307 return x509; 14528 } 14529 14530 14531 /* free structure for x509 stack */ 14532 void wolfSSL_sk_X509_free(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk) { 15308 } 15309 15310 15311 /* Getter function for WOLFSSL_X509_NAME pointer 15312 * 15313 * sk is the stack to retrieve pointer from 15314 * i is the index value in stack 15315 * 15316 * returns a pointer to a WOLFSSL_X509_NAME structure on success and NULL on 15317 * fail 15318 */ 15319 void* wolfSSL_sk_X509_NAME_value(const STACK_OF(WOLFSSL_X509_NAME)* sk, int i) 15320 { 15321 WOLFSSL_ENTER("wolfSSL_sk_X509_NAME_value"); 15322 15323 for (; sk != NULL && i > 0; i--) 15324 sk = sk->next; 15325 15326 if (i != 0 || sk == NULL) 15327 return NULL; 15328 return sk->data.name; 15329 } 15330 15331 15332 /* Getter function for WOLFSSL_X509 pointer 15333 * 15334 * sk is the stack to retrieve pointer from 15335 * i is the index value in stack 15336 * 15337 * returns a pointer to a WOLFSSL_X509 structure on success and NULL on 15338 * fail 15339 */ 15340 void* wolfSSL_sk_X509_value(STACK_OF(WOLFSSL_X509)* sk, int i) 15341 { 15342 WOLFSSL_ENTER("wolfSSL_sk_X509_value"); 15343 15344 for (; sk != NULL && i > 0; i--) 15345 sk = sk->next; 15346 15347 if (i != 0 || sk == NULL) 15348 return NULL; 15349 return sk->data.x509; 15350 } 15351 15352 15353 /* Free's all nodes in X509 stack. This is different then wolfSSL_sk_X509_free 15354 * in that it allows for choosing the function to use when freeing an X509s. 15355 * 15356 * sk stack to free nodes in 15357 * f X509 free function 15358 */ 15359 void wolfSSL_sk_X509_pop_free(STACK_OF(WOLFSSL_X509)* sk, void f (WOLFSSL_X509*)){ 14533 15360 WOLFSSL_STACK* node; 15361 15362 WOLFSSL_ENTER("wolfSSL_sk_X509_pop_free"); 14534 15363 14535 15364 if (sk == NULL) { … … 14543 15372 node = node->next; 14544 15373 14545 wolfSSL_X509_free(tmp->data.x509);15374 f(tmp->data.x509); 14546 15375 XFREE(tmp, NULL, DYNAMIC_TYPE_X509); 14547 15376 sk->num -= 1; … … 14550 15379 /* free head of stack */ 14551 15380 if (sk->num == 1) { 14552 wolfSSL_X509_free(sk->data.x509);15381 f(sk->data.x509); 14553 15382 } 14554 15383 XFREE(sk, NULL, DYNAMIC_TYPE_X509); 14555 } 15384 } 15385 15386 15387 /* free structure for x509 stack */ 15388 void wolfSSL_sk_X509_free(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk) { 15389 WOLFSSL_STACK* node; 15390 15391 if (sk == NULL) { 15392 return; 15393 } 15394 15395 /* parse through stack freeing each node */ 15396 node = sk->next; 15397 while (sk->num > 1) { 15398 WOLFSSL_STACK* tmp = node; 15399 node = node->next; 15400 15401 wolfSSL_X509_free(tmp->data.x509); 15402 tmp->data.x509 = NULL; 15403 XFREE(tmp, NULL, DYNAMIC_TYPE_X509); 15404 sk->num -= 1; 15405 } 15406 15407 /* free head of stack */ 15408 if (sk->num == 1) { 15409 wolfSSL_X509_free(sk->data.x509); 15410 sk->data.x509 = NULL; 15411 } 15412 XFREE(sk, NULL, DYNAMIC_TYPE_X509); 15413 } 15414 14556 15415 #endif /* NO_CERTS && OPENSSL_EXTRA */ 14557 15416 14558 WOLFSSL_X509* wolfSSL_X509_d2i(WOLFSSL_X509** x509, const byte* in, int len) 14559 { 14560 WOLFSSL_X509 *newX509 = NULL; 14561 14562 WOLFSSL_ENTER("wolfSSL_X509_d2i"); 14563 14564 if (in != NULL && len != 0) { 14565 #ifdef WOLFSSL_SMALL_STACK 14566 DecodedCert* cert = NULL; 14567 #else 14568 DecodedCert cert[1]; 14569 #endif 14570 14571 #ifdef WOLFSSL_SMALL_STACK 14572 cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, 14573 DYNAMIC_TYPE_DCERT); 14574 if (cert == NULL) 15417 #ifdef OPENSSL_EXTRA 15418 15419 /* Returns the general name at index i from the stack 15420 * 15421 * sk stack to get general name from 15422 * i index to get 15423 * 15424 * return a pointer to the internal node of the stack 15425 */ 15426 WOLFSSL_ASN1_OBJECT* wolfSSL_sk_GENERAL_NAME_value(WOLFSSL_STACK* sk, int i) 15427 { 15428 WOLFSSL_STACK* cur; 15429 int j; 15430 15431 WOLFSSL_ENTER("wolfSSL_sk_GENERAL_NAME_value"); 15432 15433 if (i < 0 || sk == NULL) { 15434 return NULL; 15435 } 15436 15437 cur = sk; 15438 for (j = 0; j < i && cur != NULL; j++) { 15439 cur = cur->next; 15440 } 15441 15442 if (cur == NULL) { 14575 15443 return NULL; 14576 #endif 14577 14578 InitDecodedCert(cert, (byte*)in, len, NULL); 14579 if (ParseCertRelative(cert, CERT_TYPE, 0, NULL) == 0) { 14580 newX509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), NULL, 14581 DYNAMIC_TYPE_X509); 14582 if (newX509 != NULL) { 14583 InitX509(newX509, 1, NULL); 14584 if (CopyDecodedToX509(newX509, cert) != 0) { 14585 XFREE(newX509, NULL, DYNAMIC_TYPE_X509); 14586 newX509 = NULL; 14587 } 14588 } 14589 } 14590 FreeDecodedCert(cert); 14591 #ifdef WOLFSSL_SMALL_STACK 14592 XFREE(cert, NULL, DYNAMIC_TYPE_DCERT); 14593 #endif 14594 } 14595 14596 if (x509 != NULL) 14597 *x509 = newX509; 14598 14599 return newX509; 14600 } 14601 15444 } 15445 15446 return cur->data.obj; 15447 } 15448 15449 15450 /* Gets the number of nodes in the stack 15451 * 15452 * sk stack to get the number of nodes from 15453 * 15454 * returns the number of nodes, -1 if no nodes 15455 */ 15456 int wolfSSL_sk_GENERAL_NAME_num(WOLFSSL_STACK* sk) 15457 { 15458 WOLFSSL_ENTER("wolfSSL_sk_GENERAL_NAME_num"); 15459 15460 if (sk == NULL) { 15461 return -1; 15462 } 15463 15464 return (int)sk->num; 15465 } 15466 15467 /* Frees all nodes in a GENERAL NAME stack 15468 * 15469 * sk stack of nodes to free 15470 * f free function to use, not called with wolfSSL 15471 */ 15472 void wolfSSL_sk_GENERAL_NAME_pop_free(WOLFSSL_STACK* sk, 15473 void f (WOLFSSL_ASN1_OBJECT*)) 15474 { 15475 WOLFSSL_STACK* node; 15476 15477 WOLFSSL_ENTER("wolfSSL_sk_GENERAL_NAME_pop_free"); 15478 15479 (void)f; 15480 if (sk == NULL) { 15481 return; 15482 } 15483 15484 /* parse through stack freeing each node */ 15485 node = sk->next; 15486 while (sk->num > 1) { 15487 WOLFSSL_STACK* tmp = node; 15488 node = node->next; 15489 15490 wolfSSL_ASN1_OBJECT_free(tmp->data.obj); 15491 XFREE(tmp, NULL, DYNAMIC_TYPE_ASN1); 15492 sk->num -= 1; 15493 } 15494 15495 /* free head of stack */ 15496 if (sk->num == 1) { 15497 wolfSSL_ASN1_OBJECT_free(sk->data.obj); 15498 } 15499 XFREE(sk, NULL, DYNAMIC_TYPE_ASN1); 15500 15501 15502 } 15503 #endif /* OPENSSL_EXTRA */ 14602 15504 14603 15505 #ifndef NO_FILESYSTEM … … 14615 15517 long sz = 0; 14616 15518 14617 XFSEEK(file, 0, XSEEK_END); 15519 if(XFSEEK(file, 0, XSEEK_END) != 0) 15520 return NULL; 14618 15521 sz = XFTELL(file); 14619 15522 XREWIND(file); … … 14621 15524 if (sz < 0) { 14622 15525 WOLFSSL_MSG("Bad tell on FILE"); 14623 14624 15526 return NULL; 15527 } 14625 15528 14626 15529 fileBuffer = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE); … … 14666 15569 return NULL; 14667 15570 14668 XFSEEK(file, 0, XSEEK_END); 15571 if(XFSEEK(file, 0, XSEEK_END) != 0){ 15572 XFCLOSE(file); 15573 return NULL; 15574 } 14669 15575 sz = XFTELL(file); 14670 15576 XREWIND(file); … … 14681 15587 XFCLOSE(file); 14682 15588 return NULL; 14683 15589 } 14684 15590 14685 15591 ret = (int)XFREAD(fileBuffer, 1, sz, file); … … 14699 15605 14700 15606 return x509; 14701 }15607 } 14702 15608 14703 15609 #endif /* NO_FILESYSTEM */ … … 14714 15620 14715 15621 if (format == WOLFSSL_FILETYPE_PEM) { 14716 int ecc = 0; 14717 #ifdef WOLFSSL_SMALL_STACK 14718 EncryptedInfo* info = NULL; 15622 #ifdef WOLFSSL_PEM_TO_DER 15623 if (PemToDer(buf, sz, CERT_TYPE, &der, NULL, NULL, NULL) != 0) { 15624 FreeDer(&der); 15625 } 14719 15626 #else 14720 EncryptedInfo info[1]; 14721 #endif 14722 14723 #ifdef WOLFSSL_SMALL_STACK 14724 info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), NULL, 14725 DYNAMIC_TYPE_ENCRYPTEDINFO); 14726 if (info == NULL) { 14727 return NULL; 14728 } 14729 #endif 14730 14731 info->set = 0; 14732 info->ctx = NULL; 14733 info->consumed = 0; 14734 14735 if (PemToDer(buf, sz, CERT_TYPE, &der, NULL, info, &ecc) != 0) { 14736 FreeDer(&der); 14737 } 14738 14739 #ifdef WOLFSSL_SMALL_STACK 14740 XFREE(info, NULL, DYNAMIC_TYPE_ENCRYPTEDINFO); 15627 ret = NOT_COMPILED_IN; 14741 15628 #endif 14742 15629 } … … 14770 15657 InitX509(x509, 1, NULL); 14771 15658 if (CopyDecodedToX509(x509, cert) != 0) { 14772 XFREE(x509, NULL, DYNAMIC_TYPE_X509);15659 wolfSSL_X509_free(x509); 14773 15660 x509 = NULL; 14774 15661 } … … 14805 15692 return NULL; 14806 15693 } 15694 #ifndef WOLFSSL_X509_STORE_CERTS 14807 15695 ssl->ourCert = wolfSSL_X509_d2i(NULL, 14808 15696 ssl->buffers.certificate->buffer, 14809 15697 ssl->buffers.certificate->length); 15698 #endif 14810 15699 } 14811 15700 return ssl->ourCert; … … 14818 15707 return NULL; 14819 15708 } 15709 #ifndef WOLFSSL_X509_STORE_CERTS 14820 15710 ssl->ctx->ourCert = wolfSSL_X509_d2i(NULL, 14821 15711 ssl->ctx->certificate->buffer, 14822 15712 ssl->ctx->certificate->length); 15713 #endif 14823 15714 ssl->ctx->ownOurCert = 1; 14824 15715 } … … 14833 15724 14834 15725 15726 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) 15727 #ifndef NO_ASN 15728 void wolfSSL_ASN1_OBJECT_free(WOLFSSL_ASN1_OBJECT* obj) 15729 { 15730 if (obj == NULL) { 15731 return; 15732 } 15733 15734 if ((obj->obj != NULL) && ((obj->dynamic & WOLFSSL_ASN1_DYNAMIC_DATA) != 0)) { 15735 WOLFSSL_MSG("Freeing ASN1 data"); 15736 XFREE((void*)obj->obj, obj->heap, DYNAMIC_TYPE_ASN1); 15737 obj->obj = NULL; 15738 15739 } 15740 if ((obj->dynamic & WOLFSSL_ASN1_DYNAMIC) != 0) { 15741 WOLFSSL_MSG("Freeing ASN1 OBJECT"); 15742 XFREE(obj, NULL, DYNAMIC_TYPE_ASN1); 15743 } 15744 } 15745 #endif /* NO_ASN */ 15746 #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ 15747 14835 15748 #ifdef OPENSSL_EXTRA 15749 #ifndef NO_ASN 15750 WOLFSSL_ASN1_OBJECT* wolfSSL_ASN1_OBJECT_new(void) 15751 { 15752 WOLFSSL_ASN1_OBJECT* obj; 15753 15754 obj = (WOLFSSL_ASN1_OBJECT*)XMALLOC(sizeof(WOLFSSL_ASN1_OBJECT), NULL, 15755 DYNAMIC_TYPE_ASN1); 15756 if (obj == NULL) { 15757 return NULL; 15758 } 15759 15760 XMEMSET(obj, 0, sizeof(WOLFSSL_ASN1_OBJECT)); 15761 obj->d.ia5 = &(obj->d.ia5_internal); 15762 obj->dynamic |= WOLFSSL_ASN1_DYNAMIC; 15763 return obj; 15764 } 15765 #endif /* NO_ASN */ 15766 15767 14836 15768 /* return 1 on success 0 on fail */ 14837 15769 int wolfSSL_sk_ASN1_OBJECT_push(WOLF_STACK_OF(WOLFSSL_ASN1_OBJEXT)* sk, … … 14902 15834 14903 15835 #ifndef NO_ASN 14904 WOLFSSL_ASN1_OBJECT* wolfSSL_ASN1_OBJECT_new(void)14905 {14906 WOLFSSL_ASN1_OBJECT* obj;14907 14908 obj = (WOLFSSL_ASN1_OBJECT*)XMALLOC(sizeof(WOLFSSL_ASN1_OBJECT), NULL,14909 DYNAMIC_TYPE_ASN1);14910 if (obj == NULL) {14911 return NULL;14912 }14913 14914 XMEMSET(obj, 0, sizeof(WOLFSSL_ASN1_OBJECT));14915 return obj;14916 }14917 14918 14919 void wolfSSL_ASN1_OBJECT_free(WOLFSSL_ASN1_OBJECT* obj)14920 {14921 if (obj == NULL) {14922 return;14923 }14924 14925 if (obj->dynamic == 1) {14926 if (obj->obj != NULL) {14927 WOLFSSL_MSG("Freeing ASN1 OBJECT data");14928 XFREE(obj->obj, obj->heap, DYNAMIC_TYPE_ASN1);14929 }14930 }14931 14932 XFREE(obj, NULL, DYNAMIC_TYPE_ASN1);14933 }14934 14935 14936 15836 /* free structure for x509 stack */ 14937 15837 void wolfSSL_sk_ASN1_OBJECT_free(WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)* sk) … … 14956 15856 /* free head of stack */ 14957 15857 if (sk->num == 1) { 14958 15858 wolfSSL_ASN1_OBJECT_free(sk->data.obj); 14959 15859 } 14960 15860 XFREE(sk, NULL, DYNAMIC_TYPE_ASN1); … … 14976 15876 #endif /* NO_ASN */ 14977 15877 14978 14979 int wolfSSL_set_session_id_context(WOLFSSL* ssl, const unsigned char* id,14980 unsigned int len)14981 {14982 (void)ssl;14983 (void)id;14984 (void)len;14985 return 0;14986 }14987 14988 14989 15878 void wolfSSL_set_connect_state(WOLFSSL* ssl) 14990 15879 { 14991 word16 haveRSA = 1; 14992 word16 havePSK = 0; 14993 14994 if (ssl->options.side == WOLFSSL_SERVER_END) { 14995 ssl->options.side = WOLFSSL_CLIENT_END; 14996 14997 #ifdef NO_RSA 14998 haveRSA = 0; 14999 #endif 15000 #ifndef NO_PSK 15001 havePSK = ssl->options.havePSK; 15002 #endif 15003 InitSuites(ssl->suites, ssl->version, ssl->buffers.keySz, haveRSA, 15004 havePSK, ssl->options.haveDH, ssl->options.haveNTRU, 15005 ssl->options.haveECDSAsig, ssl->options.haveECC, 15006 ssl->options.haveStaticECC, ssl->options.side); 15007 } 15008 } 15009 #endif 15880 if (ssl == NULL) { 15881 WOLFSSL_MSG("WOLFSSL struct pointer passed in was null"); 15882 return; 15883 } 15884 15885 #ifndef NO_DH 15886 /* client creates its own DH parameters on handshake */ 15887 if (ssl->buffers.serverDH_P.buffer && ssl->buffers.weOwnDH) { 15888 XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap, 15889 DYNAMIC_TYPE_PUBLIC_KEY); 15890 } 15891 ssl->buffers.serverDH_P.buffer = NULL; 15892 if (ssl->buffers.serverDH_G.buffer && ssl->buffers.weOwnDH) { 15893 XFREE(ssl->buffers.serverDH_G.buffer, ssl->heap, 15894 DYNAMIC_TYPE_PUBLIC_KEY); 15895 } 15896 ssl->buffers.serverDH_G.buffer = NULL; 15897 #endif 15898 15899 if (InitSSL_Side(ssl, WOLFSSL_CLIENT_END) != WOLFSSL_SUCCESS) { 15900 WOLFSSL_MSG("Error initializing client side"); 15901 } 15902 } 15903 #endif /* OPENSSL_EXTRA */ 15904 15010 15905 15011 15906 int wolfSSL_get_shutdown(const WOLFSSL* ssl) 15012 15907 { 15908 int isShutdown = 0; 15909 15013 15910 WOLFSSL_ENTER("wolfSSL_get_shutdown"); 15014 /* in OpenSSL, WOLFSSL_SENT_SHUTDOWN = 1, when closeNotifySent * 15015 * WOLFSSL_RECEIVED_SHUTDOWN = 2, from close notify or fatal err */ 15016 return ((ssl->options.closeNotify||ssl->options.connReset) << 1) 15017 | (ssl->options.sentNotify); 15018 } 15911 15912 if (ssl) { 15913 /* in OpenSSL, WOLFSSL_SENT_SHUTDOWN = 1, when closeNotifySent * 15914 * WOLFSSL_RECEIVED_SHUTDOWN = 2, from close notify or fatal err */ 15915 isShutdown = ((ssl->options.closeNotify||ssl->options.connReset) << 1) 15916 | (ssl->options.sentNotify); 15917 } 15918 return isShutdown; 15919 } 15019 15920 15020 15921 15021 15922 int wolfSSL_session_reused(WOLFSSL* ssl) 15022 15923 { 15023 return ssl->options.resuming; 15024 } 15025 15026 #ifdef OPENSSL_EXTRA 15924 int resuming = 0; 15925 if (ssl) 15926 resuming = ssl->options.resuming; 15927 return resuming; 15928 } 15929 15930 #if defined(OPENSSL_EXTRA) || defined(HAVE_EXT_CACHE) 15027 15931 void wolfSSL_SESSION_free(WOLFSSL_SESSION* session) 15028 15932 { … … 15050 15954 if (ssl->version.major == SSLv3_MAJOR) { 15051 15955 switch (ssl->version.minor) { 15956 #ifndef NO_OLD_TLS 15957 #ifdef WOLFSSL_ALLOW_SSLV3 15052 15958 case SSLv3_MINOR : 15053 15959 return "SSLv3"; 15960 #endif 15961 #ifdef WOLFSSL_ALLOW_TLSV10 15054 15962 case TLSv1_MINOR : 15055 15963 return "TLSv1"; 15964 #endif 15056 15965 case TLSv1_1_MINOR : 15057 15966 return "TLSv1.1"; 15967 #endif 15058 15968 case TLSv1_2_MINOR : 15059 15969 return "TLSv1.2"; 15970 #ifdef WOLFSSL_TLS13 15060 15971 case TLSv1_3_MINOR : 15972 #ifdef WOLFSSL_TLS13_DRAFT 15973 #ifdef WOLFSSL_TLS13_DRAFT_18 15974 return "TLSv1.3 (Draft 18)"; 15975 #elif defined(WOLFSSL_TLS13_DRAFT_22) 15976 return "TLSv1.3 (Draft 22)"; 15977 #elif defined(WOLFSSL_TLS13_DRAFT_23) 15978 return "TLSv1.3 (Draft 23)"; 15979 #elif defined(WOLFSSL_TLS13_DRAFT_26) 15980 return "TLSv1.3 (Draft 26)"; 15981 #else 15982 return "TLSv1.3 (Draft 28)"; 15983 #endif 15984 #else 15061 15985 return "TLSv1.3"; 15986 #endif 15987 #endif 15062 15988 default: 15063 15989 return "unknown"; 15064 15990 } 15065 15991 } 15992 #ifdef WOLFSSL_DTLS 15066 15993 else if (ssl->version.major == DTLS_MAJOR) { 15067 15994 switch (ssl->version.minor) { … … 15074 16001 } 15075 16002 } 16003 #endif /* WOLFSSL_DTLS */ 15076 16004 return "unknown"; 15077 }16005 } 15078 16006 15079 16007 … … 15082 16010 { 15083 16011 return LIBWOLFSSL_VERSION_STRING; 15084 }16012 } 15085 16013 15086 16014 … … 15118 16046 } 15119 16047 15120 return wolfSSL_get_cipher_name_from_suite(cipher->ssl->options.cipherSuite, 15121 cipher->ssl->options.cipherSuite0); 16048 #ifndef WOLFSSL_CIPHER_INTERNALNAME 16049 return wolfSSL_get_cipher_name_iana(cipher->ssl); 16050 #else 16051 return wolfSSL_get_cipher_name_internal(cipher->ssl); 16052 #endif 15122 16053 } 15123 16054 … … 15125 16056 { 15126 16057 if (session == NULL) { 15127 return NULL;15128 }16058 return NULL; 16059 } 15129 16060 15130 16061 #ifdef SESSION_CERTS 15131 return wolfSSL_get_cipher_name_from_suite(session->cipherSuite, 15132 session->cipherSuite0); 16062 #ifndef WOLFSSL_CIPHER_INTERNALNAME 16063 return GetCipherNameIana(session->cipherSuite0, session->cipherSuite); 16064 #else 16065 if return GetCipherNameInternal(ession->cipherSuite0, session->cipherSuite); 16066 #endif 15133 16067 #else 15134 16068 return NULL; 15135 16069 #endif 15136 }16070 } 15137 16071 15138 16072 const char* wolfSSL_get_cipher(WOLFSSL* ssl) … … 15140 16074 WOLFSSL_ENTER("wolfSSL_get_cipher"); 15141 16075 return wolfSSL_CIPHER_get_name(wolfSSL_get_current_cipher(ssl)); 15142 }16076 } 15143 16077 15144 16078 /* gets cipher name in the format DHE-RSA-... rather then TLS_DHE... */ … … 15147 16081 /* get access to cipher_name_idx in internal.c */ 15148 16082 return wolfSSL_get_cipher_name_internal(ssl); 15149 } 16083 } 16084 16085 const char* wolfSSL_get_cipher_name_from_suite(const byte cipherSuite0, 16086 const byte cipherSuite) 16087 { 16088 return GetCipherNameInternal(cipherSuite0, cipherSuite); 16089 } 16090 15150 16091 15151 16092 #ifdef HAVE_ECC … … 15168 16109 return wc_ecc_get_name(wc_ecc_get_oid(ssl->ecdhCurveOID, NULL, NULL)); 15169 16110 } 15170 #endif 15171 15172 #ifdef OPENSSL_EXTRA 16111 #endif 16112 16113 16114 #if defined(OPENSSL_EXTRA_X509_SMALL) || defined(KEEP_PEER_CERT) || \ 16115 defined(SESSION_CERTS) 16116 /* Smaller subset of X509 compatibility functions. Avoid increasing the size of 16117 * this subset and its memory usage */ 16118 16119 #if !defined(NO_CERTS) 16120 /* returns a pointer to a new WOLFSSL_X509 structure on success and NULL on 16121 * fail 16122 */ 16123 WOLFSSL_X509* wolfSSL_X509_new(void) 16124 { 16125 WOLFSSL_X509* x509; 16126 16127 x509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), NULL, 16128 DYNAMIC_TYPE_X509); 16129 if (x509 != NULL) { 16130 InitX509(x509, 1, NULL); 16131 } 16132 16133 return x509; 16134 } 16135 16136 WOLFSSL_X509_NAME* wolfSSL_X509_get_subject_name(WOLFSSL_X509* cert) 16137 { 16138 WOLFSSL_ENTER("wolfSSL_X509_get_subject_name"); 16139 if (cert && cert->subject.sz != 0) 16140 return &cert->subject; 16141 return NULL; 16142 } 16143 16144 16145 16146 WOLFSSL_X509_NAME* wolfSSL_X509_get_issuer_name(WOLFSSL_X509* cert) 16147 { 16148 WOLFSSL_ENTER("X509_get_issuer_name"); 16149 if (cert && cert->issuer.sz != 0) 16150 return &cert->issuer; 16151 return NULL; 16152 } 16153 16154 16155 int wolfSSL_X509_get_signature_type(WOLFSSL_X509* x509) 16156 { 16157 int type = 0; 16158 16159 WOLFSSL_ENTER("wolfSSL_X509_get_signature_type"); 16160 16161 if (x509 != NULL) 16162 type = x509->sigOID; 16163 16164 return type; 16165 } 16166 16167 #if defined(OPENSSL_EXTRA_X509_SMALL) 16168 #ifdef HAVE_ECC 16169 static int SetECKeyExternal(WOLFSSL_EC_KEY* eckey); 16170 #endif 16171 16172 /* Used to get a string from the WOLFSSL_X509_NAME structure that 16173 * corresponds with the NID value passed in. 16174 * 16175 * name structure to get string from 16176 * nid NID value to search for 16177 * buf [out] buffer to hold results. If NULL then the buffer size minus the 16178 * null char is returned. 16179 * len size of "buf" passed in 16180 * 16181 * returns the length of string found, not including the NULL terminator. 16182 * It's possible the function could return a negative value in the 16183 * case that len is less than or equal to 0. A negative value is 16184 * considered an error case. 16185 */ 16186 int wolfSSL_X509_NAME_get_text_by_NID(WOLFSSL_X509_NAME* name, 16187 int nid, char* buf, int len) 16188 { 16189 char *text = NULL; 16190 int textSz = 0; 16191 16192 WOLFSSL_ENTER("wolfSSL_X509_NAME_get_text_by_NID"); 16193 16194 switch (nid) { 16195 case ASN_COMMON_NAME: 16196 text = name->fullName.fullName + name->fullName.cnIdx; 16197 textSz = name->fullName.cnLen; 16198 break; 16199 case ASN_SUR_NAME: 16200 text = name->fullName.fullName + name->fullName.snIdx; 16201 textSz = name->fullName.snLen; 16202 break; 16203 case ASN_SERIAL_NUMBER: 16204 text = name->fullName.fullName + name->fullName.serialIdx; 16205 textSz = name->fullName.serialLen; 16206 break; 16207 case ASN_COUNTRY_NAME: 16208 text = name->fullName.fullName + name->fullName.cIdx; 16209 textSz = name->fullName.cLen; 16210 break; 16211 case ASN_LOCALITY_NAME: 16212 text = name->fullName.fullName + name->fullName.lIdx; 16213 textSz = name->fullName.lLen; 16214 break; 16215 case ASN_STATE_NAME: 16216 text = name->fullName.fullName + name->fullName.stIdx; 16217 textSz = name->fullName.stLen; 16218 break; 16219 case ASN_ORG_NAME: 16220 text = name->fullName.fullName + name->fullName.oIdx; 16221 textSz = name->fullName.oLen; 16222 break; 16223 case ASN_ORGUNIT_NAME: 16224 text = name->fullName.fullName + name->fullName.ouIdx; 16225 textSz = name->fullName.ouLen; 16226 break; 16227 case ASN_DOMAIN_COMPONENT: 16228 text = name->fullName.fullName + name->fullName.dcIdx[0]; 16229 textSz = name->fullName.dcLen[0]; 16230 break; 16231 #ifdef WOLFSSL_CERT_EXT 16232 case ASN_BUS_CAT: 16233 text = name->fullName.fullName + name->fullName.bcIdx; 16234 textSz = name->fullName.bcLen; 16235 break; 16236 #endif 16237 default: 16238 WOLFSSL_MSG("Entry type not found"); 16239 return SSL_FATAL_ERROR; 16240 } 16241 16242 /* if buf is NULL return size of buffer needed (minus null char) */ 16243 if (buf == NULL) { 16244 return textSz; 16245 } 16246 16247 if (buf != NULL && text != NULL) { 16248 textSz = min(textSz + 1, len); /* + 1 to account for null char */ 16249 if (textSz > 0) { 16250 XMEMCPY(buf, text, textSz - 1); 16251 buf[textSz - 1] = '\0'; 16252 } 16253 } 16254 16255 WOLFSSL_LEAVE("wolfSSL_X509_NAME_get_text_by_NID", textSz); 16256 return (textSz - 1); /* do not include null character in size */ 16257 } 16258 16259 16260 /* Creates a new WOLFSSL_EVP_PKEY structure that has the public key from x509 16261 * 16262 * returns a pointer to the created WOLFSSL_EVP_PKEY on success and NULL on fail 16263 */ 16264 WOLFSSL_EVP_PKEY* wolfSSL_X509_get_pubkey(WOLFSSL_X509* x509) 16265 { 16266 WOLFSSL_EVP_PKEY* key = NULL; 16267 WOLFSSL_ENTER("X509_get_pubkey"); 16268 if (x509 != NULL) { 16269 key = (WOLFSSL_EVP_PKEY*)XMALLOC( 16270 sizeof(WOLFSSL_EVP_PKEY), x509->heap, 16271 DYNAMIC_TYPE_PUBLIC_KEY); 16272 if (key != NULL) { 16273 XMEMSET(key, 0, sizeof(WOLFSSL_EVP_PKEY)); 16274 if (x509->pubKeyOID == RSAk) { 16275 key->type = EVP_PKEY_RSA; 16276 } 16277 else { 16278 key->type = EVP_PKEY_EC; 16279 } 16280 key->save_type = 0; 16281 key->pkey.ptr = (char*)XMALLOC( 16282 x509->pubKey.length, x509->heap, 16283 DYNAMIC_TYPE_PUBLIC_KEY); 16284 if (key->pkey.ptr == NULL) { 16285 XFREE(key, x509->heap, DYNAMIC_TYPE_PUBLIC_KEY); 16286 return NULL; 16287 } 16288 XMEMCPY(key->pkey.ptr, x509->pubKey.buffer, x509->pubKey.length); 16289 key->pkey_sz = x509->pubKey.length; 16290 16291 #ifdef HAVE_ECC 16292 key->pkey_curve = (int)x509->pkCurveOID; 16293 #endif /* HAVE_ECC */ 16294 16295 /* decode RSA key */ 16296 #ifndef NO_RSA 16297 if (key->type == EVP_PKEY_RSA) { 16298 key->ownRsa = 1; 16299 key->rsa = wolfSSL_RSA_new(); 16300 if (key->rsa == NULL) { 16301 XFREE(key, x509->heap, DYNAMIC_TYPE_PUBLIC_KEY); 16302 return NULL; 16303 } 16304 16305 if (wolfSSL_RSA_LoadDer_ex(key->rsa, 16306 (const unsigned char*)key->pkey.ptr, key->pkey_sz, 16307 WOLFSSL_RSA_LOAD_PUBLIC) != SSL_SUCCESS) { 16308 wolfSSL_RSA_free(key->rsa); 16309 key->rsa = NULL; 16310 XFREE(key, x509->heap, DYNAMIC_TYPE_PUBLIC_KEY); 16311 return NULL; 16312 } 16313 } 16314 #endif /* NO_RSA */ 16315 16316 /* decode ECC key */ 16317 #ifdef HAVE_ECC 16318 if (key->type == EVP_PKEY_EC) { 16319 word32 idx = 0; 16320 16321 key->ownEcc = 1; 16322 key->ecc = wolfSSL_EC_KEY_new(); 16323 if (key->ecc == NULL || key->ecc->internal == NULL) { 16324 XFREE(key, x509->heap, DYNAMIC_TYPE_PUBLIC_KEY); 16325 return NULL; 16326 } 16327 16328 /* not using wolfSSL_EC_KEY_LoadDer because public key in x509 16329 * is in the format of x963 (no sequence at start of buffer) */ 16330 if (wc_EccPublicKeyDecode((const unsigned char*)key->pkey.ptr, 16331 &idx, (ecc_key*)key->ecc->internal, key->pkey_sz) < 0) { 16332 WOLFSSL_MSG("wc_EccPublicKeyDecode failed"); 16333 XFREE(key, x509->heap, DYNAMIC_TYPE_PUBLIC_KEY); 16334 wolfSSL_EC_KEY_free(key->ecc); 16335 key->ecc = NULL; 16336 return NULL; 16337 } 16338 16339 if (SetECKeyExternal(key->ecc) != SSL_SUCCESS) { 16340 WOLFSSL_MSG("SetECKeyExternal failed"); 16341 XFREE(key, x509->heap, DYNAMIC_TYPE_PUBLIC_KEY); 16342 wolfSSL_EC_KEY_free(key->ecc); 16343 key->ecc = NULL; 16344 return NULL; 16345 } 16346 16347 key->ecc->inSet = 1; 16348 } 16349 #endif /* HAVE_ECC */ 16350 } 16351 } 16352 return key; 16353 } 16354 #endif /* OPENSSL_EXTRA_X509_SMALL */ 16355 #endif /* !NO_CERTS */ 16356 16357 /* End of smaller subset of X509 compatibility functions. Avoid increasing the 16358 * size of this subset and its memory usage */ 16359 #endif /* OPENSSL_EXTRA_X509_SMALL */ 16360 16361 #if defined(OPENSSL_EXTRA) 16362 #if !defined(NO_CERTS) 16363 int wolfSSL_X509_ext_isSet_by_NID(WOLFSSL_X509* x509, int nid) 16364 { 16365 int isSet = 0; 16366 16367 WOLFSSL_ENTER("wolfSSL_X509_ext_isSet_by_NID"); 16368 16369 if (x509 != NULL) { 16370 switch (nid) { 16371 case BASIC_CA_OID: isSet = x509->basicConstSet; break; 16372 case ALT_NAMES_OID: isSet = x509->subjAltNameSet; break; 16373 case AUTH_KEY_OID: isSet = x509->authKeyIdSet; break; 16374 case SUBJ_KEY_OID: isSet = x509->subjKeyIdSet; break; 16375 case KEY_USAGE_OID: isSet = x509->keyUsageSet; break; 16376 #ifdef WOLFSSL_SEP 16377 case CERT_POLICY_OID: isSet = x509->certPolicySet; break; 16378 #endif /* WOLFSSL_SEP */ 16379 } 16380 } 16381 16382 WOLFSSL_LEAVE("wolfSSL_X509_ext_isSet_by_NID", isSet); 16383 16384 return isSet; 16385 } 16386 16387 16388 int wolfSSL_X509_ext_get_critical_by_NID(WOLFSSL_X509* x509, int nid) 16389 { 16390 int crit = 0; 16391 16392 WOLFSSL_ENTER("wolfSSL_X509_ext_get_critical_by_NID"); 16393 16394 if (x509 != NULL) { 16395 switch (nid) { 16396 case BASIC_CA_OID: crit = x509->basicConstCrit; break; 16397 case ALT_NAMES_OID: crit = x509->subjAltNameCrit; break; 16398 case AUTH_KEY_OID: crit = x509->authKeyIdCrit; break; 16399 case SUBJ_KEY_OID: crit = x509->subjKeyIdCrit; break; 16400 case KEY_USAGE_OID: crit = x509->keyUsageCrit; break; 16401 #ifdef WOLFSSL_SEP 16402 case CERT_POLICY_OID: crit = x509->certPolicyCrit; break; 16403 #endif /* WOLFSSL_SEP */ 16404 } 16405 } 16406 16407 WOLFSSL_LEAVE("wolfSSL_X509_ext_get_critical_by_NID", crit); 16408 16409 return crit; 16410 } 16411 16412 16413 int wolfSSL_X509_get_isSet_pathLength(WOLFSSL_X509* x509) 16414 { 16415 int isSet = 0; 16416 16417 WOLFSSL_ENTER("wolfSSL_X509_get_isSet_pathLength"); 16418 16419 if (x509 != NULL) 16420 isSet = x509->basicConstPlSet; 16421 16422 WOLFSSL_LEAVE("wolfSSL_X509_get_isSet_pathLength", isSet); 16423 16424 return isSet; 16425 } 16426 16427 16428 word32 wolfSSL_X509_get_pathLength(WOLFSSL_X509* x509) 16429 { 16430 word32 pathLength = 0; 16431 16432 WOLFSSL_ENTER("wolfSSL_X509_get_pathLength"); 16433 16434 if (x509 != NULL) 16435 pathLength = x509->pathLength; 16436 16437 WOLFSSL_LEAVE("wolfSSL_X509_get_pathLength", pathLength); 16438 16439 return pathLength; 16440 } 16441 16442 16443 unsigned int wolfSSL_X509_get_keyUsage(WOLFSSL_X509* x509) 16444 { 16445 word16 usage = 0; 16446 16447 WOLFSSL_ENTER("wolfSSL_X509_get_keyUsage"); 16448 16449 if (x509 != NULL) 16450 usage = x509->keyUsage; 16451 16452 WOLFSSL_LEAVE("wolfSSL_X509_get_keyUsage", usage); 16453 16454 return usage; 16455 } 16456 16457 16458 byte* wolfSSL_X509_get_authorityKeyID(WOLFSSL_X509* x509, 16459 byte* dst, int* dstLen) 16460 { 16461 byte *id = NULL; 16462 int copySz = 0; 16463 16464 WOLFSSL_ENTER("wolfSSL_X509_get_authorityKeyID"); 16465 16466 if (x509 != NULL) { 16467 if (x509->authKeyIdSet) { 16468 copySz = min(dstLen != NULL ? *dstLen : 0, 16469 (int)x509->authKeyIdSz); 16470 id = x509->authKeyId; 16471 } 16472 16473 if (dst != NULL && dstLen != NULL && id != NULL && copySz > 0) { 16474 XMEMCPY(dst, id, copySz); 16475 id = dst; 16476 *dstLen = copySz; 16477 } 16478 } 16479 16480 WOLFSSL_LEAVE("wolfSSL_X509_get_authorityKeyID", copySz); 16481 16482 return id; 16483 } 16484 16485 16486 byte* wolfSSL_X509_get_subjectKeyID(WOLFSSL_X509* x509, 16487 byte* dst, int* dstLen) 16488 { 16489 byte *id = NULL; 16490 int copySz = 0; 16491 16492 WOLFSSL_ENTER("wolfSSL_X509_get_subjectKeyID"); 16493 16494 if (x509 != NULL) { 16495 if (x509->subjKeyIdSet) { 16496 copySz = min(dstLen != NULL ? *dstLen : 0, 16497 (int)x509->subjKeyIdSz); 16498 id = x509->subjKeyId; 16499 } 16500 16501 if (dst != NULL && dstLen != NULL && id != NULL && copySz > 0) { 16502 XMEMCPY(dst, id, copySz); 16503 id = dst; 16504 *dstLen = copySz; 16505 } 16506 } 16507 16508 WOLFSSL_LEAVE("wolfSSL_X509_get_subjectKeyID", copySz); 16509 16510 return id; 16511 } 16512 16513 16514 int wolfSSL_X509_NAME_entry_count(WOLFSSL_X509_NAME* name) 16515 { 16516 int count = 0; 16517 16518 WOLFSSL_ENTER("wolfSSL_X509_NAME_entry_count"); 16519 16520 if (name != NULL) 16521 count = name->fullName.entryCount; 16522 16523 WOLFSSL_LEAVE("wolfSSL_X509_NAME_entry_count", count); 16524 return count; 16525 } 16526 16527 16528 16529 int wolfSSL_X509_NAME_get_index_by_NID(WOLFSSL_X509_NAME* name, 16530 int nid, int pos) 16531 { 16532 int ret = -1; 16533 16534 WOLFSSL_ENTER("wolfSSL_X509_NAME_get_index_by_NID"); 16535 16536 if (name == NULL) { 16537 return BAD_FUNC_ARG; 16538 } 16539 16540 /* these index values are already stored in DecodedName 16541 use those when available */ 16542 if (name->fullName.fullName && name->fullName.fullNameLen > 0) { 16543 name->fullName.dcMode = 0; 16544 switch (nid) { 16545 case ASN_COMMON_NAME: 16546 if (pos != name->fullName.cnIdx) 16547 ret = name->fullName.cnIdx; 16548 break; 16549 case ASN_DOMAIN_COMPONENT: 16550 name->fullName.dcMode = 1; 16551 if (pos < name->fullName.dcNum - 1){ 16552 ret = pos + 1; 16553 } else { 16554 ret = -1; 16555 } 16556 break; 16557 default: 16558 WOLFSSL_MSG("NID not yet implemented"); 16559 break; 16560 } 16561 } 16562 16563 WOLFSSL_LEAVE("wolfSSL_X509_NAME_get_index_by_NID", ret); 16564 16565 (void)pos; 16566 (void)nid; 16567 16568 return ret; 16569 } 16570 16571 16572 WOLFSSL_ASN1_STRING* wolfSSL_X509_NAME_ENTRY_get_data( 16573 WOLFSSL_X509_NAME_ENTRY* in) 16574 { 16575 WOLFSSL_ENTER("wolfSSL_X509_NAME_ENTRY_get_data"); 16576 if (in == NULL) 16577 return NULL; 16578 16579 return in->value; 16580 } 16581 16582 16583 /* Creates a new WOLFSSL_ASN1_STRING structure. 16584 * 16585 * returns a pointer to the new structure created on success or NULL if fail 16586 */ 16587 WOLFSSL_ASN1_STRING* wolfSSL_ASN1_STRING_new(void) 16588 { 16589 WOLFSSL_ASN1_STRING* asn1; 16590 16591 WOLFSSL_ENTER("wolfSSL_ASN1_STRING_new"); 16592 16593 asn1 = (WOLFSSL_ASN1_STRING*)XMALLOC(sizeof(WOLFSSL_ASN1_STRING), NULL, 16594 DYNAMIC_TYPE_OPENSSL); 16595 if (asn1 != NULL) { 16596 XMEMSET(asn1, 0, sizeof(WOLFSSL_ASN1_STRING)); 16597 } 16598 16599 return asn1; /* no check for null because error case is returning null*/ 16600 } 16601 16602 16603 /* used to free a WOLFSSL_ASN1_STRING structure */ 16604 void wolfSSL_ASN1_STRING_free(WOLFSSL_ASN1_STRING* asn1) 16605 { 16606 WOLFSSL_ENTER("wolfSSL_ASN1_STRING_free"); 16607 16608 if (asn1 != NULL) { 16609 if (asn1->length > 0 && asn1->data != NULL) { 16610 XFREE(asn1->data, NULL, DYNAMIC_TYPE_OPENSSL); 16611 } 16612 XFREE(asn1, NULL, DYNAMIC_TYPE_OPENSSL); 16613 } 16614 } 16615 16616 16617 /* Creates a new WOLFSSL_ASN1_STRING structure given the input type. 16618 * 16619 * type is the type of set when WOLFSSL_ASN1_STRING is created 16620 * 16621 * returns a pointer to the new structure created on success or NULL if fail 16622 */ 16623 WOLFSSL_ASN1_STRING* wolfSSL_ASN1_STRING_type_new(int type) 16624 { 16625 WOLFSSL_ASN1_STRING* asn1; 16626 16627 WOLFSSL_ENTER("wolfSSL_ASN1_STRING_type_new"); 16628 16629 asn1 = wolfSSL_ASN1_STRING_new(); 16630 if (asn1 == NULL) { 16631 return NULL; 16632 } 16633 asn1->type = type; 16634 16635 return asn1; 16636 } 16637 16638 16639 /* if dataSz is negative then use XSTRLEN to find length of data 16640 * return WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on failure */ 16641 int wolfSSL_ASN1_STRING_set(WOLFSSL_ASN1_STRING* asn1, const void* data, 16642 int dataSz) 16643 { 16644 int sz; 16645 16646 WOLFSSL_ENTER("wolfSSL_ASN1_STRING_set"); 16647 16648 if (data == NULL || asn1 == NULL) { 16649 return WOLFSSL_FAILURE; 16650 } 16651 16652 if (dataSz < 0) { 16653 sz = (int)XSTRLEN((const char*)data) + 1; /* +1 for null */ 16654 } 16655 else { 16656 sz = dataSz; 16657 } 16658 16659 if (sz < 0) { 16660 return WOLFSSL_FAILURE; 16661 } 16662 16663 /* free any existing data before copying */ 16664 if (asn1->data != NULL) { 16665 XFREE(asn1->data, NULL, DYNAMIC_TYPE_OPENSSL); 16666 } 16667 16668 /* create new data buffer and copy over */ 16669 asn1->data = (char*)XMALLOC(sz, NULL, DYNAMIC_TYPE_OPENSSL); 16670 if (asn1->data == NULL) { 16671 return WOLFSSL_FAILURE; 16672 } 16673 XMEMCPY(asn1->data, data, sz); 16674 asn1->length = sz; 16675 16676 return WOLFSSL_SUCCESS; 16677 } 16678 16679 16680 unsigned char* wolfSSL_ASN1_STRING_data(WOLFSSL_ASN1_STRING* asn) 16681 { 16682 WOLFSSL_ENTER("wolfSSL_ASN1_STRING_data"); 16683 16684 if (asn) { 16685 return (unsigned char*)asn->data; 16686 } 16687 else { 16688 return NULL; 16689 } 16690 } 16691 16692 16693 int wolfSSL_ASN1_STRING_length(WOLFSSL_ASN1_STRING* asn) 16694 { 16695 WOLFSSL_ENTER("wolfSSL_ASN1_STRING_length"); 16696 16697 if (asn) { 16698 return asn->length; 16699 } 16700 else { 16701 return 0; 16702 } 16703 } 16704 16705 16706 #ifdef XSNPRINTF /* a snprintf function needs to be available */ 16707 /* Writes the human readable form of x509 to bio. 16708 * 16709 * bio WOLFSSL_BIO to write to. 16710 * x509 Certificate to write. 16711 * 16712 * returns WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on failure 16713 */ 16714 int wolfSSL_X509_print(WOLFSSL_BIO* bio, WOLFSSL_X509* x509) 16715 { 16716 WOLFSSL_ENTER("wolfSSL_X509_print"); 16717 16718 if (bio == NULL || x509 == NULL) { 16719 return WOLFSSL_FAILURE; 16720 } 16721 16722 if (wolfSSL_BIO_write(bio, "Certificate:\n", 16723 sizeof("Certificate:\n")) <= 0) { 16724 return WOLFSSL_FAILURE; 16725 } 16726 16727 if (wolfSSL_BIO_write(bio, " Data:\n", 16728 sizeof(" Data:\n")) <= 0) { 16729 return WOLFSSL_FAILURE; 16730 } 16731 16732 /* print version of cert */ 16733 { 16734 int version; 16735 char tmp[17]; 16736 16737 if ((version = wolfSSL_X509_version(x509)) <= 0) { 16738 WOLFSSL_MSG("Error getting X509 version"); 16739 return WOLFSSL_FAILURE; 16740 } 16741 if (wolfSSL_BIO_write(bio, " Version: ", 16742 sizeof(" Version: ")) <= 0) { 16743 return WOLFSSL_FAILURE; 16744 } 16745 XSNPRINTF(tmp, sizeof(tmp), "%d\n", version); 16746 if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) { 16747 return WOLFSSL_FAILURE; 16748 } 16749 } 16750 16751 /* print serial number out */ 16752 { 16753 unsigned char serial[32]; 16754 int sz = sizeof(serial); 16755 16756 XMEMSET(serial, 0, sz); 16757 if (wolfSSL_X509_get_serial_number(x509, serial, &sz) 16758 != WOLFSSL_SUCCESS) { 16759 WOLFSSL_MSG("Error getting x509 serial number"); 16760 return WOLFSSL_FAILURE; 16761 } 16762 if (wolfSSL_BIO_write(bio, " Serial Number: ", 16763 sizeof(" Serial Number: ")) <= 0) { 16764 return WOLFSSL_FAILURE; 16765 } 16766 16767 /* if serial can fit into byte than print on the same line */ 16768 if (sz <= (int)sizeof(byte)) { 16769 char tmp[17]; 16770 XSNPRINTF(tmp, sizeof(tmp), "%d (0x%x)\n", serial[0],serial[0]); 16771 if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) { 16772 return WOLFSSL_FAILURE; 16773 } 16774 } 16775 else { 16776 int i; 16777 char tmp[100]; 16778 int tmpSz = 100; 16779 char val[5]; 16780 int valSz = 5; 16781 16782 /* serial is larger than int size so print off hex values */ 16783 if (wolfSSL_BIO_write(bio, "\n ", 16784 sizeof("\n ")) <= 0) { 16785 return WOLFSSL_FAILURE; 16786 } 16787 tmp[0] = '\0'; 16788 for (i = 0; i < sz - 1 && (3 * i) < tmpSz - valSz; i++) { 16789 XSNPRINTF(val, sizeof(val) - 1, "%02x:", serial[i]); 16790 val[3] = '\0'; /* make sure is null terminated */ 16791 XSTRNCAT(tmp, val, valSz); 16792 } 16793 XSNPRINTF(val, sizeof(val) - 1, "%02x\n", serial[i]); 16794 val[3] = '\0'; /* make sure is null terminated */ 16795 XSTRNCAT(tmp, val, valSz); 16796 if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) { 16797 return WOLFSSL_FAILURE; 16798 } 16799 } 16800 } 16801 16802 /* print signature algo */ 16803 { 16804 int oid; 16805 char* sig; 16806 16807 if ((oid = wolfSSL_X509_get_signature_type(x509)) <= 0) { 16808 WOLFSSL_MSG("Error getting x509 signature type"); 16809 return WOLFSSL_FAILURE; 16810 } 16811 if (wolfSSL_BIO_write(bio, " Signature Algorithm: ", 16812 sizeof(" Signature Algorithm: ")) <= 0) { 16813 return WOLFSSL_FAILURE; 16814 } 16815 sig = GetSigName(oid); 16816 if (wolfSSL_BIO_write(bio, sig, (int)XSTRLEN(sig)) <= 0) { 16817 return WOLFSSL_FAILURE; 16818 } 16819 if (wolfSSL_BIO_write(bio, "\n", sizeof("\n")) <= 0) { 16820 return WOLFSSL_FAILURE; 16821 } 16822 } 16823 16824 /* print issuer */ 16825 { 16826 char* issuer; 16827 #ifdef WOLFSSL_SMALL_STACK 16828 char* buff = NULL; 16829 int issSz = 0; 16830 #else 16831 char buff[256]; 16832 int issSz = 256; 16833 #endif 16834 16835 issuer = wolfSSL_X509_NAME_oneline( 16836 wolfSSL_X509_get_issuer_name(x509), buff, issSz); 16837 16838 if (wolfSSL_BIO_write(bio, " Issuer: ", 16839 sizeof(" Issuer: ")) <= 0) { 16840 #ifdef WOLFSSL_SMALL_STACK 16841 XFREE(issuer, NULL, DYNAMIC_TYPE_OPENSSL); 16842 #endif 16843 return WOLFSSL_FAILURE; 16844 } 16845 if (issuer != NULL) { 16846 if (wolfSSL_BIO_write(bio, issuer, (int)XSTRLEN(issuer)) <= 0) { 16847 #ifdef WOLFSSL_SMALL_STACK 16848 XFREE(issuer, NULL, DYNAMIC_TYPE_OPENSSL); 16849 #endif 16850 return WOLFSSL_FAILURE; 16851 } 16852 } 16853 #ifdef WOLFSSL_SMALL_STACK 16854 XFREE(issuer, NULL, DYNAMIC_TYPE_OPENSSL); 16855 #endif 16856 if (wolfSSL_BIO_write(bio, "\n", sizeof("\n")) <= 0) { 16857 return WOLFSSL_FAILURE; 16858 } 16859 } 16860 16861 /* print validity */ 16862 { 16863 char tmp[80]; 16864 16865 if (wolfSSL_BIO_write(bio, " Validity\n", 16866 sizeof(" Validity\n")) <= 0) { 16867 return WOLFSSL_FAILURE; 16868 } 16869 if (wolfSSL_BIO_write(bio, " Not Before: ", 16870 sizeof(" Not Before: ")) <= 0) { 16871 return WOLFSSL_FAILURE; 16872 } 16873 if (GetTimeString(x509->notBefore + 2, ASN_UTC_TIME, 16874 tmp, sizeof(tmp)) != WOLFSSL_SUCCESS) { 16875 if (GetTimeString(x509->notBefore + 2, ASN_GENERALIZED_TIME, 16876 tmp, sizeof(tmp)) != WOLFSSL_SUCCESS) { 16877 WOLFSSL_MSG("Error getting not before date"); 16878 return WOLFSSL_FAILURE; 16879 } 16880 } 16881 tmp[sizeof(tmp) - 1] = '\0'; /* make sure null terminated */ 16882 if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) { 16883 return WOLFSSL_FAILURE; 16884 } 16885 if (wolfSSL_BIO_write(bio, "\n Not After : ", 16886 sizeof("\n Not After : ")) <= 0) { 16887 return WOLFSSL_FAILURE; 16888 } 16889 if (GetTimeString(x509->notAfter + 2,ASN_UTC_TIME, 16890 tmp, sizeof(tmp)) != WOLFSSL_SUCCESS) { 16891 if (GetTimeString(x509->notAfter + 2,ASN_GENERALIZED_TIME, 16892 tmp, sizeof(tmp)) != WOLFSSL_SUCCESS) { 16893 WOLFSSL_MSG("Error getting not before date"); 16894 return WOLFSSL_FAILURE; 16895 } 16896 } 16897 tmp[sizeof(tmp) - 1] = '\0'; /* make sure null terminated */ 16898 if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) { 16899 return WOLFSSL_FAILURE; 16900 } 16901 } 16902 16903 /* print subject */ 16904 { 16905 char* subject; 16906 #ifdef WOLFSSL_SMALL_STACK 16907 char* buff = NULL; 16908 int subSz = 0; 16909 #else 16910 char buff[256]; 16911 int subSz = 256; 16912 #endif 16913 16914 subject = wolfSSL_X509_NAME_oneline( 16915 wolfSSL_X509_get_subject_name(x509), buff, subSz); 16916 16917 if (wolfSSL_BIO_write(bio, "\n Subject: ", 16918 sizeof("\n Subject: ")) <= 0) { 16919 #ifdef WOLFSSL_SMALL_STACK 16920 XFREE(subject, NULL, DYNAMIC_TYPE_OPENSSL); 16921 #endif 16922 return WOLFSSL_FAILURE; 16923 } 16924 if (subject != NULL) { 16925 if (wolfSSL_BIO_write(bio, subject, (int)XSTRLEN(subject)) <= 0) { 16926 #ifdef WOLFSSL_SMALL_STACK 16927 XFREE(subject, NULL, DYNAMIC_TYPE_OPENSSL); 16928 #endif 16929 return WOLFSSL_FAILURE; 16930 } 16931 } 16932 #ifdef WOLFSSL_SMALL_STACK 16933 XFREE(subject, NULL, DYNAMIC_TYPE_OPENSSL); 16934 #endif 16935 } 16936 16937 /* get and print public key */ 16938 if (wolfSSL_BIO_write(bio, "\n Subject Public Key Info:\n", 16939 sizeof("\n Subject Public Key Info:\n")) <= 0) { 16940 return WOLFSSL_FAILURE; 16941 } 16942 { 16943 char tmp[100]; 16944 16945 switch (x509->pubKeyOID) { 16946 #ifndef NO_RSA 16947 case RSAk: 16948 if (wolfSSL_BIO_write(bio, 16949 " Public Key Algorithm: RSA\n", 16950 sizeof(" Public Key Algorithm: RSA\n")) <= 0) { 16951 return WOLFSSL_FAILURE; 16952 } 16953 #ifdef HAVE_USER_RSA 16954 if (wolfSSL_BIO_write(bio, 16955 " Build without user RSA to print key\n", 16956 sizeof(" Build without user RSA to print key\n")) 16957 <= 0) { 16958 return WOLFSSL_FAILURE; 16959 } 16960 #else 16961 { 16962 RsaKey rsa; 16963 word32 idx = 0; 16964 int sz; 16965 byte lbit = 0; 16966 int rawLen; 16967 unsigned char* rawKey; 16968 16969 if (wc_InitRsaKey(&rsa, NULL) != 0) { 16970 WOLFSSL_MSG("wc_InitRsaKey failure"); 16971 return WOLFSSL_FAILURE; 16972 } 16973 if (wc_RsaPublicKeyDecode(x509->pubKey.buffer, 16974 &idx, &rsa, x509->pubKey.length) != 0) { 16975 WOLFSSL_MSG("Error decoding RSA key"); 16976 wc_FreeRsaKey(&rsa); 16977 return WOLFSSL_FAILURE; 16978 } 16979 if ((sz = wc_RsaEncryptSize(&rsa)) < 0) { 16980 WOLFSSL_MSG("Error getting RSA key size"); 16981 wc_FreeRsaKey(&rsa); 16982 return WOLFSSL_FAILURE; 16983 } 16984 XSNPRINTF(tmp, sizeof(tmp) - 1, "%s%s: (%d bit)\n%s\n", 16985 " ", "Public-Key", 8 * sz, 16986 " Modulus:"); 16987 tmp[sizeof(tmp) - 1] = '\0'; 16988 if (wolfSSL_BIO_write(bio, tmp, 16989 (int)XSTRLEN(tmp)) <= 0) { 16990 wc_FreeRsaKey(&rsa); 16991 return WOLFSSL_FAILURE; 16992 } 16993 16994 /* print out modulus */ 16995 XSNPRINTF(tmp, sizeof(tmp) - 1," "); 16996 tmp[sizeof(tmp) - 1] = '\0'; 16997 if (mp_leading_bit(&rsa.n)) { 16998 lbit = 1; 16999 XSTRNCAT(tmp, "00", 3); 17000 } 17001 17002 rawLen = mp_unsigned_bin_size(&rsa.n); 17003 rawKey = (unsigned char*)XMALLOC(rawLen, NULL, 17004 DYNAMIC_TYPE_TMP_BUFFER); 17005 if (rawKey == NULL) { 17006 WOLFSSL_MSG("Memory error"); 17007 wc_FreeRsaKey(&rsa); 17008 return WOLFSSL_FAILURE; 17009 } 17010 mp_to_unsigned_bin(&rsa.n, rawKey); 17011 for (idx = 0; idx < (word32)rawLen; idx++) { 17012 char val[5]; 17013 int valSz = 5; 17014 17015 if ((idx == 0) && !lbit) { 17016 XSNPRINTF(val, valSz - 1, "%02x", rawKey[idx]); 17017 } 17018 else if ((idx != 0) && (((idx + lbit) % 15) == 0)) { 17019 tmp[sizeof(tmp) - 1] = '\0'; 17020 if (wolfSSL_BIO_write(bio, tmp, 17021 (int)XSTRLEN(tmp)) <= 0) { 17022 XFREE(rawKey, NULL, 17023 DYNAMIC_TYPE_TMP_BUFFER); 17024 wc_FreeRsaKey(&rsa); 17025 return WOLFSSL_FAILURE; 17026 } 17027 XSNPRINTF(tmp, sizeof(tmp) - 1, 17028 ":\n "); 17029 XSNPRINTF(val, valSz - 1, "%02x", rawKey[idx]); 17030 } 17031 else { 17032 XSNPRINTF(val, valSz - 1, ":%02x", rawKey[idx]); 17033 } 17034 XSTRNCAT(tmp, val, valSz); 17035 } 17036 XFREE(rawKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); 17037 17038 /* print out remaning modulus values */ 17039 if ((idx > 0) && (((idx - 1 + lbit) % 15) != 0)) { 17040 tmp[sizeof(tmp) - 1] = '\0'; 17041 if (wolfSSL_BIO_write(bio, tmp, 17042 (int)XSTRLEN(tmp)) <= 0) { 17043 return WOLFSSL_FAILURE; 17044 } 17045 } 17046 17047 /* print out exponent values */ 17048 rawLen = mp_unsigned_bin_size(&rsa.e); 17049 if (rawLen < 0) { 17050 WOLFSSL_MSG("Error getting exponent size"); 17051 wc_FreeRsaKey(&rsa); 17052 return WOLFSSL_FAILURE; 17053 } 17054 17055 if ((word32)rawLen < sizeof(word32)) { 17056 rawLen = sizeof(word32); 17057 } 17058 rawKey = (unsigned char*)XMALLOC(rawLen, NULL, 17059 DYNAMIC_TYPE_TMP_BUFFER); 17060 if (rawKey == NULL) { 17061 WOLFSSL_MSG("Memory error"); 17062 wc_FreeRsaKey(&rsa); 17063 return WOLFSSL_FAILURE; 17064 } 17065 XMEMSET(rawKey, 0, rawLen); 17066 mp_to_unsigned_bin(&rsa.e, rawKey); 17067 if ((word32)rawLen <= sizeof(word32)) { 17068 idx = *(word32*)rawKey; 17069 } 17070 XSNPRINTF(tmp, sizeof(tmp) - 1, 17071 "\n Exponent: %d\n", idx); 17072 if (wolfSSL_BIO_write(bio, tmp, 17073 (int)XSTRLEN(tmp)) <= 0) { 17074 XFREE(rawKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); 17075 wc_FreeRsaKey(&rsa); 17076 return WOLFSSL_FAILURE; 17077 } 17078 XFREE(rawKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); 17079 wc_FreeRsaKey(&rsa); 17080 } 17081 #endif /* HAVE_USER_RSA */ 17082 break; 17083 #endif /* NO_RSA */ 17084 17085 #ifdef HAVE_ECC 17086 case ECDSAk: 17087 { 17088 word32 i; 17089 ecc_key ecc; 17090 17091 if (wolfSSL_BIO_write(bio, 17092 " Public Key Algorithm: EC\n", 17093 sizeof(" Public Key Algorithm: EC\n")) <= 0) { 17094 return WOLFSSL_FAILURE; 17095 } 17096 if (wc_ecc_init_ex(&ecc, x509->heap, INVALID_DEVID) 17097 != 0) { 17098 return WOLFSSL_FAILURE; 17099 } 17100 17101 i = 0; 17102 if (wc_EccPublicKeyDecode(x509->pubKey.buffer, &i, 17103 &ecc, x509->pubKey.length) != 0) { 17104 wc_ecc_free(&ecc); 17105 return WOLFSSL_FAILURE; 17106 } 17107 XSNPRINTF(tmp, sizeof(tmp) - 1, "%s%s: (%d bit)\n%s\n", 17108 " ", "Public-Key", 17109 8 * wc_ecc_size(&ecc), 17110 " pub:"); 17111 tmp[sizeof(tmp) - 1] = '\0'; 17112 if (wolfSSL_BIO_write(bio, tmp, 17113 (int)XSTRLEN(tmp)) <= 0) { 17114 wc_ecc_free(&ecc); 17115 return WOLFSSL_FAILURE; 17116 } 17117 XSNPRINTF(tmp, sizeof(tmp) - 1," "); 17118 { 17119 word32 derSz; 17120 byte* der; 17121 17122 derSz = wc_ecc_size(&ecc) * WOLFSSL_BIT_SIZE; 17123 der = (byte*)XMALLOC(derSz, x509->heap, 17124 DYNAMIC_TYPE_TMP_BUFFER); 17125 if (der == NULL) { 17126 wc_ecc_free(&ecc); 17127 return WOLFSSL_FAILURE; 17128 } 17129 17130 if (wc_ecc_export_x963(&ecc, der, &derSz) != 0) { 17131 wc_ecc_free(&ecc); 17132 XFREE(der, x509->heap, DYNAMIC_TYPE_TMP_BUFFER); 17133 return WOLFSSL_FAILURE; 17134 } 17135 for (i = 0; i < derSz; i++) { 17136 char val[5]; 17137 int valSz = 5; 17138 17139 if (i == 0) { 17140 XSNPRINTF(val, valSz - 1, "%02x", der[i]); 17141 } 17142 else if ((i % 15) == 0) { 17143 tmp[sizeof(tmp) - 1] = '\0'; 17144 if (wolfSSL_BIO_write(bio, tmp, 17145 (int)XSTRLEN(tmp)) <= 0) { 17146 wc_ecc_free(&ecc); 17147 XFREE(der, x509->heap, 17148 DYNAMIC_TYPE_TMP_BUFFER); 17149 return WOLFSSL_FAILURE; 17150 } 17151 XSNPRINTF(tmp, sizeof(tmp) - 1, 17152 ":\n "); 17153 XSNPRINTF(val, valSz - 1, "%02x", der[i]); 17154 } 17155 else { 17156 XSNPRINTF(val, valSz - 1, ":%02x", der[i]); 17157 } 17158 XSTRNCAT(tmp, val, valSz); 17159 } 17160 17161 /* print out remaning modulus values */ 17162 if ((i > 0) && (((i - 1) % 15) != 0)) { 17163 tmp[sizeof(tmp) - 1] = '\0'; 17164 if (wolfSSL_BIO_write(bio, tmp, 17165 (int)XSTRLEN(tmp)) <= 0) { 17166 wc_ecc_free(&ecc); 17167 XFREE(der, x509->heap, 17168 DYNAMIC_TYPE_TMP_BUFFER); 17169 return WOLFSSL_FAILURE; 17170 } 17171 } 17172 17173 XFREE(der, x509->heap, DYNAMIC_TYPE_TMP_BUFFER); 17174 } 17175 XSNPRINTF(tmp, sizeof(tmp) - 1, "\n%s%s: %s\n", 17176 " ", "ASN1 OID", 17177 ecc.dp->name); 17178 if (wolfSSL_BIO_write(bio, tmp, 17179 (int)XSTRLEN(tmp)) <= 0) { 17180 wc_ecc_free(&ecc); 17181 return WOLFSSL_FAILURE; 17182 } 17183 wc_ecc_free(&ecc); 17184 } 17185 break; 17186 #endif /* HAVE_ECC */ 17187 default: 17188 WOLFSSL_MSG("Unknown key type"); 17189 return WOLFSSL_FAILURE; 17190 } 17191 } 17192 17193 /* print out extensions */ 17194 if (wolfSSL_BIO_write(bio, " X509v3 extensions:\n", 17195 sizeof(" X509v3 extensions:\n")) <= 0) { 17196 return WOLFSSL_FAILURE; 17197 } 17198 17199 /* print subject key id */ 17200 if (x509->subjKeyIdSet && x509->subjKeyId != NULL && 17201 x509->subjKeyIdSz > 0) { 17202 char tmp[100]; 17203 word32 i; 17204 char val[5]; 17205 int valSz = 5; 17206 17207 17208 if (wolfSSL_BIO_write(bio, 17209 " X509v3 Subject Key Identifier:\n", 17210 sizeof(" X509v3 Subject Key Identifier:\n")) 17211 <= 0) { 17212 return WOLFSSL_FAILURE; 17213 } 17214 17215 XSNPRINTF(tmp, sizeof(tmp) - 1, " "); 17216 for (i = 0; i < sizeof(tmp) && i < (x509->subjKeyIdSz - 1); i++) { 17217 XSNPRINTF(val, valSz - 1, "%02X:", x509->subjKeyId[i]); 17218 XSTRNCAT(tmp, val, valSz); 17219 } 17220 XSNPRINTF(val, valSz - 1, "%02X\n", x509->subjKeyId[i]); 17221 XSTRNCAT(tmp, val, valSz); 17222 if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) { 17223 return WOLFSSL_FAILURE; 17224 } 17225 } 17226 17227 /* printf out authority key id */ 17228 if (x509->authKeyIdSet && x509->authKeyId != NULL && 17229 x509->authKeyIdSz > 0) { 17230 char tmp[100]; 17231 word32 i; 17232 char val[5]; 17233 int valSz = 5; 17234 17235 if (wolfSSL_BIO_write(bio, 17236 " X509v3 Authority Key Identifier:\n", 17237 sizeof(" X509v3 Authority Key Identifier:\n")) 17238 <= 0) { 17239 return WOLFSSL_FAILURE; 17240 } 17241 17242 XSNPRINTF(tmp, sizeof(tmp) - 1, " keyid"); 17243 for (i = 0; i < x509->authKeyIdSz; i++) { 17244 /* check if buffer is almost full */ 17245 if (XSTRLEN(tmp) >= sizeof(tmp) - valSz) { 17246 if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) { 17247 return WOLFSSL_FAILURE; 17248 } 17249 tmp[0] = '\0'; 17250 } 17251 XSNPRINTF(val, valSz - 1, ":%02X", x509->authKeyId[i]); 17252 XSTRNCAT(tmp, val, valSz); 17253 } 17254 if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) { 17255 return WOLFSSL_FAILURE; 17256 } 17257 17258 /* print issuer */ 17259 { 17260 char* issuer; 17261 #ifdef WOLFSSL_SMALL_STACK 17262 char* buff = NULL; 17263 int issSz = 0; 17264 #else 17265 char buff[256]; 17266 int issSz = 256; 17267 #endif 17268 17269 issuer = wolfSSL_X509_NAME_oneline( 17270 wolfSSL_X509_get_issuer_name(x509), buff, issSz); 17271 17272 if (wolfSSL_BIO_write(bio, "\n DirName:", 17273 sizeof("\n DirName:")) <= 0) { 17274 #ifdef WOLFSSL_SMALL_STACK 17275 XFREE(issuer, NULL, DYNAMIC_TYPE_OPENSSL); 17276 #endif 17277 return WOLFSSL_FAILURE; 17278 } 17279 if (issuer != NULL) { 17280 if (wolfSSL_BIO_write(bio, issuer, (int)XSTRLEN(issuer)) <= 0) { 17281 #ifdef WOLFSSL_SMALL_STACK 17282 XFREE(issuer, NULL, DYNAMIC_TYPE_OPENSSL); 17283 #endif 17284 return WOLFSSL_FAILURE; 17285 } 17286 } 17287 #ifdef WOLFSSL_SMALL_STACK 17288 XFREE(issuer, NULL, DYNAMIC_TYPE_OPENSSL); 17289 #endif 17290 if (wolfSSL_BIO_write(bio, "\n", sizeof("\n")) <= 0) { 17291 return WOLFSSL_FAILURE; 17292 } 17293 } 17294 } 17295 17296 /* print basic constraint */ 17297 if (x509->basicConstSet) { 17298 char tmp[100]; 17299 17300 if (wolfSSL_BIO_write(bio, 17301 "\n X509v3 Basic Constraints:\n", 17302 sizeof("\n X509v3 Basic Constraints:\n")) 17303 <= 0) { 17304 return WOLFSSL_FAILURE; 17305 } 17306 XSNPRINTF(tmp, sizeof(tmp), 17307 " CA:%s\n", 17308 (x509->isCa)? "TRUE": "FALSE"); 17309 if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) { 17310 return WOLFSSL_FAILURE; 17311 } 17312 } 17313 17314 /* print out signature */ 17315 { 17316 unsigned char* sig; 17317 int sigSz; 17318 int i; 17319 char tmp[100]; 17320 int sigOid = wolfSSL_X509_get_signature_type(x509); 17321 17322 if (wolfSSL_BIO_write(bio, 17323 " Signature Algorithm: ", 17324 sizeof(" Signature Algorithm: ")) <= 0) { 17325 return WOLFSSL_FAILURE; 17326 } 17327 XSNPRINTF(tmp, sizeof(tmp) - 1,"%s\n", GetSigName(sigOid)); 17328 tmp[sizeof(tmp) - 1] = '\0'; 17329 if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) <= 0) { 17330 return WOLFSSL_FAILURE; 17331 } 17332 17333 sigSz = (int)x509->sig.length; 17334 if (sigSz <= 0) { 17335 /* if sigSz invalid return here to avoid overhead of malloc */ 17336 return WOLFSSL_FAILURE; 17337 } 17338 17339 sig = (unsigned char*)XMALLOC(sigSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); 17340 if (sig == NULL) { 17341 return WOLFSSL_FAILURE; 17342 } 17343 17344 if (wolfSSL_X509_get_signature(x509, sig, &sigSz) <= 0) { 17345 XFREE(sig, NULL, DYNAMIC_TYPE_TMP_BUFFER); 17346 return WOLFSSL_FAILURE; 17347 } 17348 XSNPRINTF(tmp, sizeof(tmp) - 1," "); 17349 tmp[sizeof(tmp) - 1] = '\0'; 17350 for (i = 0; i < sigSz; i++) { 17351 char val[5]; 17352 int valSz = 5; 17353 17354 if (i == 0) { 17355 XSNPRINTF(val, valSz - 1, "%02x", sig[i]); 17356 } 17357 else if (((i % 18) == 0)) { 17358 tmp[sizeof(tmp) - 1] = '\0'; 17359 if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) 17360 <= 0) { 17361 XFREE(sig, NULL, DYNAMIC_TYPE_TMP_BUFFER); 17362 return WOLFSSL_FAILURE; 17363 } 17364 XSNPRINTF(tmp, sizeof(tmp) - 1, 17365 ":\n "); 17366 XSNPRINTF(val, valSz - 1, "%02x", sig[i]); 17367 } 17368 else { 17369 XSNPRINTF(val, valSz - 1, ":%02x", sig[i]); 17370 } 17371 XSTRNCAT(tmp, val, valSz); 17372 } 17373 XFREE(sig, NULL, DYNAMIC_TYPE_TMP_BUFFER); 17374 17375 /* print out remaning sig values */ 17376 if ((i > 0) && (((i - 1) % 18) != 0)) { 17377 tmp[sizeof(tmp) - 1] = '\0'; 17378 if (wolfSSL_BIO_write(bio, tmp, (int)XSTRLEN(tmp)) 17379 <= 0) { 17380 return WOLFSSL_FAILURE; 17381 } 17382 } 17383 } 17384 17385 /* done with print out */ 17386 if (wolfSSL_BIO_write(bio, "\n", sizeof("\n")) <= 0) { 17387 return WOLFSSL_FAILURE; 17388 } 17389 17390 return WOLFSSL_SUCCESS; 17391 } 17392 #endif /* XSNPRINTF */ 17393 17394 #endif /* NO_CERTS */ 15173 17395 15174 17396 char* wolfSSL_CIPHER_description(const WOLFSSL_CIPHER* cipher, char* in, … … 15426 17648 #endif /* NO_SESSION_CACHE */ 15427 17649 15428 #ifndef NO_CERTS 15429 void wolfSSL_X509_free(WOLFSSL_X509* x509) 15430 { 15431 WOLFSSL_ENTER("wolfSSL_X509_free"); 15432 ExternalFreeX509(x509); 15433 } 15434 #endif /* NO_CERTS */ 15435 15436 17650 17651 17652 /* was do nothing */ 17653 /* 17654 void OPENSSL_free(void* buf) 17655 { 17656 (void)buf; 17657 } 17658 */ 17659 17660 #ifndef NO_WOLFSSL_STUB 15437 17661 int wolfSSL_OCSP_parse_url(char* url, char** host, char** port, char** path, 15438 17662 int* ssl) … … 15443 17667 (void)path; 15444 17668 (void)ssl; 17669 WOLFSSL_STUB("OCSP_parse_url"); 15445 17670 return 0; 15446 17671 } 15447 15448 15449 WOLFSSL_METHOD* wolfSSLv2_client_method(void) 15450 { 15451 return 0; 15452 } 15453 15454 15455 WOLFSSL_METHOD* wolfSSLv2_server_method(void) 15456 { 15457 return 0; 15458 } 15459 17672 #endif 15460 17673 15461 17674 #ifndef NO_MD4 … … 15489 17702 15490 17703 15491 WOLFSSL_BIO* wolfSSL_BIO_pop(WOLFSSL_BIO* top) 15492 { 15493 (void)top; 15494 return 0; 17704 /* Removes a WOLFSSL_BIO struct from the WOLFSSL_BIO linked list. 17705 * 17706 * bio is the WOLFSSL_BIO struct in the list and removed. 17707 * 17708 * The return WOLFSSL_BIO struct is the next WOLFSSL_BIO in the list or NULL if 17709 * there is none. 17710 */ 17711 WOLFSSL_BIO* wolfSSL_BIO_pop(WOLFSSL_BIO* bio) 17712 { 17713 if (bio == NULL) { 17714 WOLFSSL_MSG("Bad argument passed in"); 17715 return NULL; 17716 } 17717 17718 if (bio->prev != NULL) { 17719 bio->prev->next = bio->next; 17720 } 17721 17722 if (bio->next != NULL) { 17723 bio->next->prev = bio->prev; 17724 } 17725 17726 return bio->next; 15495 17727 } 15496 17728 … … 15498 17730 int wolfSSL_BIO_pending(WOLFSSL_BIO* bio) 15499 17731 { 15500 if (bio && bio->type == BIO_MEMORY) 15501 return bio->memLen; 15502 return 0; 17732 return (int)wolfSSL_BIO_ctrl_pending(bio); 15503 17733 } 15504 17734 … … 15510 17740 15511 17741 WOLFSSL_ENTER("BIO_s_mem"); 15512 meth.type = BIO_MEMORY;17742 meth.type = WOLFSSL_BIO_MEMORY; 15513 17743 15514 17744 return &meth; … … 15518 17748 WOLFSSL_BIO_METHOD* wolfSSL_BIO_f_base64(void) 15519 17749 { 15520 return 0; 15521 } 15522 15523 17750 static WOLFSSL_BIO_METHOD meth; 17751 17752 WOLFSSL_ENTER("wolfSSL_BIO_f_base64"); 17753 meth.type = WOLFSSL_BIO_BASE64; 17754 17755 return &meth; 17756 } 17757 17758 17759 /* Set the flag for the bio. 17760 * 17761 * bio the structre to set the flag in 17762 * flags the flag to use 17763 */ 15524 17764 void wolfSSL_BIO_set_flags(WOLFSSL_BIO* bio, int flags) 15525 17765 { 15526 (void)bio; 15527 (void)flags; 15528 } 15529 15530 15531 17766 WOLFSSL_ENTER("wolfSSL_BIO_set_flags"); 17767 17768 if (bio != NULL) { 17769 bio->flags |= flags; 17770 } 17771 } 17772 17773 17774 #ifndef NO_WOLFSSL_STUB 15532 17775 void wolfSSL_RAND_screen(void) 15533 17776 { 15534 15535 } 15536 15537 15538 const char* wolfSSL_RAND_file_name(char* fname, unsigned long len) 15539 { 15540 (void)fname; 15541 (void)len; 15542 return 0; 15543 } 15544 15545 15546 int wolfSSL_RAND_write_file(const char* fname) 15547 { 15548 (void)fname; 15549 return 0; 15550 } 17777 WOLFSSL_STUB("RAND_screen"); 17778 } 17779 #endif 17780 15551 17781 15552 17782 … … 15562 17792 15563 17793 15564 int wolfSSL_RAND_egd(const char* path) 15565 { 15566 (void)path; 17794 #ifndef NO_WOLFSSL_STUB 17795 WOLFSSL_COMP_METHOD* wolfSSL_COMP_zlib(void) 17796 { 17797 WOLFSSL_STUB("COMP_zlib"); 15567 17798 return 0; 15568 17799 } 15569 15570 15571 15572 WOLFSSL_COMP_METHOD* wolfSSL_COMP_zlib(void) 15573 { 17800 #endif 17801 17802 #ifndef NO_WOLFSSL_STUB 17803 WOLFSSL_COMP_METHOD* wolfSSL_COMP_rle(void) 17804 { 17805 WOLFSSL_STUB("COMP_rle"); 15574 17806 return 0; 15575 17807 } 15576 15577 15578 WOLFSSL_COMP_METHOD* wolfSSL_COMP_rle(void) 15579 { 15580 return 0; 15581 } 15582 17808 #endif 17809 17810 #ifndef NO_WOLFSSL_STUB 15583 17811 int wolfSSL_COMP_add_compression_method(int method, void* data) 15584 17812 { 15585 17813 (void)method; 15586 17814 (void)data; 17815 WOLFSSL_STUB("COMP_add_compression_method"); 15587 17816 return 0; 15588 17817 } 15589 15590 17818 #endif 17819 17820 #ifndef NO_WOLFSSL_STUB 15591 17821 void wolfSSL_set_dynlock_create_callback(WOLFSSL_dynlock_value* (*f)( 15592 17822 const char*, int)) 15593 17823 { 17824 WOLFSSL_STUB("CRYPTO_set_dynlock_create_callback"); 15594 17825 (void)f; 15595 17826 } 15596 15597 17827 #endif 17828 17829 #ifndef NO_WOLFSSL_STUB 15598 17830 void wolfSSL_set_dynlock_lock_callback( 15599 17831 void (*f)(int, WOLFSSL_dynlock_value*, const char*, int)) 15600 17832 { 17833 WOLFSSL_STUB("CRYPTO_set_set_dynlock_lock_callback"); 15601 17834 (void)f; 15602 17835 } 15603 15604 17836 #endif 17837 17838 #ifndef NO_WOLFSSL_STUB 15605 17839 void wolfSSL_set_dynlock_destroy_callback( 15606 17840 void (*f)(WOLFSSL_dynlock_value*, const char*, int)) 15607 17841 { 17842 WOLFSSL_STUB("CRYPTO_set_set_dynlock_destroy_callback"); 15608 17843 (void)f; 15609 17844 } 15610 17845 #endif 15611 17846 15612 17847 … … 15617 17852 15618 17853 15619 17854 #ifndef NO_WOLFSSL_STUB 15620 17855 int wolfSSL_X509_LOOKUP_add_dir(WOLFSSL_X509_LOOKUP* lookup, const char* dir, 15621 17856 long len) … … 15624 17859 (void)dir; 15625 17860 (void)len; 17861 WOLFSSL_STUB("X509_LOOKUP_add_dir"); 15626 17862 return 0; 15627 17863 } 15628 17864 #endif 15629 17865 15630 17866 int wolfSSL_X509_LOOKUP_load_file(WOLFSSL_X509_LOOKUP* lookup, 15631 17867 const char* file, long type) 15632 17868 { 15633 #ifndef NO_FILESYSTEM 17869 #if !defined(NO_FILESYSTEM) && \ 17870 (defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM)) 15634 17871 int ret = WOLFSSL_FAILURE; 15635 17872 XFILE fp; … … 15639 17876 byte* prev = NULL; 15640 17877 WOLFSSL_X509* x509; 17878 const char* header = NULL; 17879 const char* footer = NULL; 15641 17880 15642 17881 if (type != X509_FILETYPE_PEM) … … 15644 17883 15645 17884 fp = XFOPEN(file, "r"); 15646 if (fp == NULL)17885 if (fp == XBADFILE) 15647 17886 return BAD_FUNC_ARG; 15648 17887 15649 XFSEEK(fp, 0, XSEEK_END); 17888 if(XFSEEK(fp, 0, XSEEK_END) != 0) { 17889 XFCLOSE(fp); 17890 return WOLFSSL_BAD_FILE; 17891 } 15650 17892 sz = XFTELL(fp); 15651 17893 XREWIND(fp); … … 15666 17908 prev = curr = pem; 15667 17909 do { 15668 if (XSTRNSTR((char*)curr, BEGIN_X509_CRL, (unsigned int)sz) != NULL) { 17910 /* get PEM header and footer based on type */ 17911 if (wc_PemGetHeaderFooter(CRL_TYPE, &header, &footer) == 0 && 17912 XSTRNSTR((char*)curr, header, (unsigned int)sz) != NULL) { 15669 17913 #ifdef HAVE_CRL 15670 17914 WOLFSSL_CERT_MANAGER* cm = lookup->store->cm; … … 15681 17925 goto end; 15682 17926 #endif 15683 curr = (byte*)XSTRNSTR((char*)curr, END_X509_CRL, (unsigned int)sz); 15684 } 15685 else if (XSTRNSTR((char*)curr, BEGIN_CERT, (unsigned int)sz) != NULL) { 17927 curr = (byte*)XSTRNSTR((char*)curr, footer, (unsigned int)sz); 17928 } 17929 else if (wc_PemGetHeaderFooter(CERT_TYPE, &header, &footer) == 0 && 17930 XSTRNSTR((char*)curr, header, (unsigned int)sz) != NULL) { 15686 17931 x509 = wolfSSL_X509_load_certificate_buffer(curr, (int)sz, 15687 17932 WOLFSSL_FILETYPE_PEM); … … 15692 17937 if (ret != WOLFSSL_SUCCESS) 15693 17938 goto end; 15694 curr = (byte*)XSTRNSTR((char*)curr, END_CERT, (unsigned int)sz);17939 curr = (byte*)XSTRNSTR((char*)curr, footer, (unsigned int)sz); 15695 17940 } 15696 17941 else … … 15719 17964 } 15720 17965 15721 15722 17966 WOLFSSL_X509_LOOKUP_METHOD* wolfSSL_X509_LOOKUP_hash_dir(void) 15723 17967 { … … 15738 17982 WOLFSSL_X509_LOOKUP_METHOD* m) 15739 17983 { 17984 if (store == NULL) 17985 return NULL; 17986 15740 17987 /* Method is a dummy value and is not needed. */ 15741 17988 (void)m; … … 15747 17994 15748 17995 #ifndef NO_CERTS 17996 /* Converts the X509 to DER format and outputs it into bio. 17997 * 17998 * bio is the structure to hold output DER 17999 * x509 certificate to create DER from 18000 * 18001 * returns WOLFSSL_SUCCESS on success 18002 */ 18003 int wolfSSL_i2d_X509_bio(WOLFSSL_BIO* bio, WOLFSSL_X509* x509) 18004 { 18005 WOLFSSL_ENTER("wolfSSL_i2d_X509_bio"); 18006 18007 if (bio == NULL || x509 == NULL) { 18008 return WOLFSSL_FAILURE; 18009 } 18010 18011 if (x509->derCert != NULL) { 18012 word32 len = x509->derCert->length; 18013 byte* der = x509->derCert->buffer; 18014 18015 if (wolfSSL_BIO_write(bio, der, len) == (int)len) { 18016 return SSL_SUCCESS; 18017 } 18018 } 18019 18020 return WOLFSSL_FAILURE; 18021 } 18022 18023 18024 /* Converts an internal structure to a DER buffer 18025 * 18026 * x509 structure to get DER buffer from 18027 * out buffer to hold result. If NULL then *out is NULL then a new buffer is 18028 * created. 18029 * 18030 * returns the size of the DER result on success 18031 */ 18032 int wolfSSL_i2d_X509(WOLFSSL_X509* x509, unsigned char** out) 18033 { 18034 const unsigned char* der; 18035 int derSz = 0; 18036 18037 if (x509 == NULL || out == NULL) { 18038 return BAD_FUNC_ARG; 18039 } 18040 18041 der = wolfSSL_X509_get_der(x509, &derSz); 18042 if (der == NULL) { 18043 return MEMORY_E; 18044 } 18045 18046 if (*out == NULL) { 18047 *out = (unsigned char*)XMALLOC(derSz, NULL, DYNAMIC_TYPE_OPENSSL); 18048 if (*out == NULL) { 18049 return MEMORY_E; 18050 } 18051 } 18052 18053 XMEMCPY(*out, der, derSz); 18054 18055 return derSz; 18056 } 18057 18058 18059 /* Converts the DER from bio and creates a WOLFSSL_X509 structure from it. 18060 * 18061 * bio is the structure holding DER 18062 * x509 certificate to create from DER. Can be NULL 18063 * 18064 * returns pointer to WOLFSSL_X509 structure on success and NULL on fail 18065 */ 15749 18066 WOLFSSL_X509* wolfSSL_d2i_X509_bio(WOLFSSL_BIO* bio, WOLFSSL_X509** x509) 15750 18067 { … … 15831 18148 15832 18149 15833 /* return 1 on success, 0 on failure */ 18150 /* helper function to get DER buffer from WOLFSSL_EVP_PKEY */ 18151 static int wolfSSL_i2d_PrivateKey(WOLFSSL_EVP_PKEY* key, unsigned char** der) 18152 { 18153 *der = (unsigned char*)key->pkey.ptr; 18154 18155 return key->pkey_sz; 18156 } 18157 18158 18159 18160 /* Creates a new WC_PKCS12 structure 18161 * 18162 * pass password to use 18163 * name friendlyName to use 18164 * pkey private key to go into PKCS12 bundle 18165 * cert certificate to go into PKCS12 bundle 18166 * ca extra certificates that can be added to bundle. Can be NULL 18167 * keyNID type of encryption to use on the key (-1 means no encryption) 18168 * certNID type of ecnryption to use on the certificate 18169 * itt number of iterations with encryption 18170 * macItt number of iterations with mac creation 18171 * keyType flag for signature and/or encryption key 18172 * 18173 * returns a pointer to a new WC_PKCS12 structure on success and NULL on fail 18174 */ 18175 WC_PKCS12* wolfSSL_PKCS12_create(char* pass, char* name, 18176 WOLFSSL_EVP_PKEY* pkey, WOLFSSL_X509* cert, 18177 WOLF_STACK_OF(WOLFSSL_X509)* ca, 18178 int keyNID, int certNID, int itt, int macItt, int keyType) 18179 { 18180 WC_PKCS12* pkcs12; 18181 WC_DerCertList* list = NULL; 18182 word32 passSz; 18183 byte* keyDer; 18184 word32 keyDerSz; 18185 byte* certDer; 18186 int certDerSz; 18187 18188 int ret; 18189 18190 WOLFSSL_ENTER("wolfSSL_PKCS12_create()"); 18191 18192 if (pass == NULL || pkey == NULL || cert == NULL) { 18193 WOLFSSL_LEAVE("wolfSSL_PKCS12_create()", BAD_FUNC_ARG); 18194 return NULL; 18195 } 18196 passSz = (word32)XSTRLEN(pass); 18197 18198 if ((ret = wolfSSL_i2d_PrivateKey(pkey, &keyDer)) < 0) { 18199 WOLFSSL_LEAVE("wolfSSL_PKCS12_create", ret); 18200 return NULL; 18201 } 18202 keyDerSz = ret; 18203 18204 certDer = (byte*)wolfSSL_X509_get_der(cert, &certDerSz); 18205 if (certDer == NULL) { 18206 return NULL; 18207 } 18208 18209 if (ca != NULL) { 18210 WC_DerCertList* cur; 18211 unsigned long numCerts = ca->num; 18212 byte* curDer; 18213 int curDerSz = 0; 18214 WOLFSSL_STACK* sk = ca; 18215 18216 while (numCerts > 0 && sk != NULL) { 18217 cur = (WC_DerCertList*)XMALLOC(sizeof(WC_DerCertList), NULL, 18218 DYNAMIC_TYPE_PKCS); 18219 if (cur == NULL) { 18220 wc_FreeCertList(list, NULL); 18221 return NULL; 18222 } 18223 18224 curDer = (byte*)wolfSSL_X509_get_der(sk->data.x509, &curDerSz); 18225 if (curDer == NULL || curDerSz < 0) { 18226 XFREE(cur, NULL, DYNAMIC_TYPE_PKCS); 18227 wc_FreeCertList(list, NULL); 18228 return NULL; 18229 } 18230 18231 cur->buffer = (byte*)XMALLOC(curDerSz, NULL, DYNAMIC_TYPE_PKCS); 18232 if (cur->buffer == NULL) { 18233 XFREE(cur, NULL, DYNAMIC_TYPE_PKCS); 18234 wc_FreeCertList(list, NULL); 18235 return NULL; 18236 } 18237 XMEMCPY(cur->buffer, curDer, curDerSz); 18238 cur->bufferSz = curDerSz; 18239 cur->next = list; 18240 list = cur; 18241 18242 sk = sk->next; 18243 numCerts--; 18244 } 18245 } 18246 18247 pkcs12 = wc_PKCS12_create(pass, passSz, name, keyDer, keyDerSz, 18248 certDer, certDerSz, list, keyNID, certNID, itt, macItt, 18249 keyType, NULL); 18250 18251 if (ca != NULL) { 18252 wc_FreeCertList(list, NULL); 18253 } 18254 18255 return pkcs12; 18256 } 18257 18258 18259 /* return WOLFSSL_SUCCESS on success, WOLFSSL_FAILURE on failure */ 15834 18260 int wolfSSL_PKCS12_parse(WC_PKCS12* pkcs12, const char* psw, 15835 18261 WOLFSSL_EVP_PKEY** pkey, WOLFSSL_X509** cert, WOLF_STACK_OF(WOLFSSL_X509)** ca) … … 15846 18272 WOLFSSL_ENTER("wolfSSL_PKCS12_parse"); 15847 18273 18274 /* make sure we init return args */ 18275 if (pkey) *pkey = NULL; 18276 if (cert) *cert = NULL; 18277 if (ca) *ca = NULL; 18278 15848 18279 if (pkcs12 == NULL || psw == NULL || pkey == NULL || cert == NULL) { 15849 18280 WOLFSSL_MSG("Bad argument value"); 15850 return 0;18281 return WOLFSSL_FAILURE; 15851 18282 } 15852 18283 15853 18284 heap = wc_PKCS12_GetHeap(pkcs12); 15854 *pkey = NULL;15855 *cert = NULL;15856 18285 15857 18286 if (ca == NULL) { … … 15860 18289 } 15861 18290 else { 15862 *ca = NULL;15863 18291 ret = wc_PKCS12_parse(pkcs12, psw, &pk, &pkSz, &certData, &certDataSz, 15864 18292 &certList); … … 15866 18294 if (ret < 0) { 15867 18295 WOLFSSL_LEAVE("wolfSSL_PKCS12_parse", ret); 15868 return 0;18296 return WOLFSSL_FAILURE; 15869 18297 } 15870 18298 … … 15890 18318 current = next; 15891 18319 } 15892 return 0;18320 return WOLFSSL_FAILURE; 15893 18321 } 15894 18322 XMEMSET(*ca, 0, sizeof(WOLF_STACK_OF(WOLFSSL_X509))); … … 15928 18356 current = next; 15929 18357 } 15930 return 0;18358 return WOLFSSL_FAILURE; 15931 18359 } 15932 18360 FreeDecodedCert(&DeCert); … … 15951 18379 current = next; 15952 18380 } 15953 return 0;18381 return WOLFSSL_FAILURE; 15954 18382 } 15955 18383 } … … 15973 18401 } 15974 18402 XFREE(certData, heap, DYNAMIC_TYPE_PKCS); 15975 return 0;18403 return WOLFSSL_FAILURE; 15976 18404 } 15977 18405 InitX509(*cert, 1, heap); … … 15990 18418 } 15991 18419 wolfSSL_X509_free(*cert); *cert = NULL; 15992 return 0;18420 return WOLFSSL_FAILURE; 15993 18421 } 15994 18422 FreeDecodedCert(&DeCert); … … 16000 18428 ret = BAD_STATE_E; 16001 18429 if (pk != NULL) { /* decode key if present */ 16002 /* using dynamic type public key because of wolfSSL_EVP_PKEY_free */ 16003 *pkey = (WOLFSSL_EVP_PKEY*)XMALLOC(sizeof(WOLFSSL_EVP_PKEY), 16004 heap, DYNAMIC_TYPE_PUBLIC_KEY); 18430 *pkey = wolfSSL_PKEY_new_ex(heap); 16005 18431 if (*pkey == NULL) { 16006 18432 wolfSSL_X509_free(*cert); *cert = NULL; … … 16009 18435 } 16010 18436 XFREE(pk, heap, DYNAMIC_TYPE_PUBLIC_KEY); 16011 return 0;18437 return WOLFSSL_FAILURE; 16012 18438 } 16013 18439 #ifndef NO_RSA … … 16022 18448 if ((ret = wc_RsaPrivateKeyDecode(pk, &keyIdx, &key, pkSz)) 16023 18449 == 0) { 16024 (*pkey)->type = RSAk; 18450 (*pkey)->type = EVP_PKEY_RSA; 18451 (*pkey)->rsa = wolfSSL_RSA_new(); 18452 (*pkey)->ownRsa = 1; /* we own RSA */ 18453 if ((*pkey)->rsa == NULL) { 18454 WOLFSSL_MSG("issue creating EVP RSA key"); 18455 wolfSSL_X509_free(*cert); *cert = NULL; 18456 if (ca != NULL) { 18457 wolfSSL_sk_X509_free(*ca); *ca = NULL; 18458 } 18459 wolfSSL_EVP_PKEY_free(*pkey); *pkey = NULL; 18460 XFREE(pk, heap, DYNAMIC_TYPE_PKCS); 18461 return WOLFSSL_FAILURE; 18462 } 18463 if ((ret = wolfSSL_RSA_LoadDer_ex((*pkey)->rsa, pk, pkSz, 18464 WOLFSSL_RSA_LOAD_PRIVATE)) != SSL_SUCCESS) { 18465 WOLFSSL_MSG("issue loading RSA key"); 18466 wolfSSL_X509_free(*cert); *cert = NULL; 18467 if (ca != NULL) { 18468 wolfSSL_sk_X509_free(*ca); *ca = NULL; 18469 } 18470 wolfSSL_EVP_PKEY_free(*pkey); *pkey = NULL; 18471 XFREE(pk, heap, DYNAMIC_TYPE_PKCS); 18472 return WOLFSSL_FAILURE; 18473 } 18474 16025 18475 WOLFSSL_MSG("Found PKCS12 RSA key"); 18476 ret = 0; /* set in success state for upcoming ECC check */ 16026 18477 } 16027 18478 wc_FreeRsaKey(&key); … … 16041 18492 wolfSSL_sk_X509_free(*ca); *ca = NULL; 16042 18493 } 16043 XFREE(*pkey, heap, DYNAMIC_TYPE_PUBLIC_KEY); *pkey = NULL;16044 XFREE(pk, heap, DYNAMIC_TYPE_P UBLIC_KEY);16045 return 0;18494 wolfSSL_EVP_PKEY_free(*pkey); *pkey = NULL; 18495 XFREE(pk, heap, DYNAMIC_TYPE_PKCS); 18496 return WOLFSSL_FAILURE; 16046 18497 } 16047 18498 … … 16052 18503 wolfSSL_sk_X509_free(*ca); *ca = NULL; 16053 18504 } 16054 XFREE(*pkey, heap, DYNAMIC_TYPE_PUBLIC_KEY); *pkey = NULL;16055 XFREE(pk, heap, DYNAMIC_TYPE_P UBLIC_KEY);18505 wolfSSL_EVP_PKEY_free(*pkey); *pkey = NULL; 18506 XFREE(pk, heap, DYNAMIC_TYPE_PKCS); 16056 18507 WOLFSSL_MSG("Bad PKCS12 key format"); 16057 return 0;18508 return WOLFSSL_FAILURE; 16058 18509 } 16059 (*pkey)->type = E CDSAk;18510 (*pkey)->type = EVP_PKEY_EC; 16060 18511 (*pkey)->pkey_curve = key.dp->oidSum; 16061 18512 wc_ecc_free(&key); … … 16069 18520 wolfSSL_sk_X509_free(*ca); *ca = NULL; 16070 18521 } 16071 XFREE(*pkey, heap, DYNAMIC_TYPE_PUBLIC_KEY); *pkey = NULL;16072 XFREE(pk, heap, DYNAMIC_TYPE_P UBLIC_KEY);18522 wolfSSL_EVP_PKEY_free(*pkey); *pkey = NULL; 18523 XFREE(pk, heap, DYNAMIC_TYPE_PKCS); 16073 18524 WOLFSSL_MSG("Bad PKCS12 key format"); 16074 return 0;18525 return WOLFSSL_FAILURE; 16075 18526 } 16076 18527 #endif /* HAVE_ECC */ … … 16084 18535 (void)ca; 16085 18536 16086 return 1;18537 return WOLFSSL_SUCCESS; 16087 18538 } 16088 18539 #endif /* !defined(NO_ASN) && !defined(NO_PWDBASED) */ … … 16100 18551 WOLFSSL_STACK* wolfSSL_X509_STORE_CTX_get_chain(WOLFSSL_X509_STORE_CTX* ctx) 16101 18552 { 18553 WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_get_chain"); 18554 16102 18555 if (ctx == NULL) { 16103 18556 return NULL; 16104 18557 } 18558 18559 #ifdef SESSION_CERTS 18560 /* if chain is null but sesChain is available then populate stack */ 18561 if (ctx->chain == NULL && ctx->sesChain != NULL) { 18562 int i; 18563 WOLFSSL_X509_CHAIN* c = ctx->sesChain; 18564 WOLFSSL_STACK* sk = (WOLFSSL_STACK*)XMALLOC(sizeof(WOLFSSL_STACK), 18565 NULL, DYNAMIC_TYPE_X509); 18566 18567 if (sk == NULL) { 18568 return NULL; 18569 } 18570 18571 XMEMSET(sk, 0, sizeof(WOLFSSL_STACK)); 18572 ctx->chain = sk; 18573 18574 for (i = 0; i < c->count && i < MAX_CHAIN_DEPTH; i++) { 18575 WOLFSSL_X509* x509 = wolfSSL_get_chain_X509(c, i); 18576 18577 if (x509 == NULL) { 18578 WOLFSSL_MSG("Unable to get x509 from chain"); 18579 wolfSSL_sk_X509_free(sk); 18580 return NULL; 18581 } 18582 18583 if (wolfSSL_sk_X509_push(sk, x509) != SSL_SUCCESS) { 18584 WOLFSSL_MSG("Unable to load x509 into stack"); 18585 wolfSSL_sk_X509_free(sk); 18586 wolfSSL_X509_free(x509); 18587 return NULL; 18588 } 18589 } 18590 18591 #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) 18592 /* add CA used to verify top of chain to the list */ 18593 if (c->count > 0) { 18594 WOLFSSL_X509* x509 = wolfSSL_get_chain_X509(c, c->count - 1); 18595 if (x509 != NULL) { 18596 WOLFSSL_X509* issuer = NULL; 18597 if (wolfSSL_X509_STORE_CTX_get1_issuer(&issuer, ctx, x509) 18598 == WOLFSSL_SUCCESS) { 18599 /* check that the certificate being looked up is not self 18600 * signed and that a issuer was found */ 18601 if (issuer != NULL && wolfSSL_X509_NAME_cmp(&x509->issuer, 18602 &x509->subject) != 0) { 18603 if (wolfSSL_sk_X509_push(sk, issuer) != SSL_SUCCESS) { 18604 WOLFSSL_MSG("Unable to load CA x509 into stack"); 18605 wolfSSL_sk_X509_free(sk); 18606 wolfSSL_X509_free(issuer); 18607 return NULL; 18608 } 18609 } 18610 else { 18611 WOLFSSL_MSG("Certificate is self signed"); 18612 } 18613 } 18614 else { 18615 WOLFSSL_MSG("Could not find CA for certificate"); 18616 } 18617 } 18618 } 18619 #endif 18620 18621 } 18622 #endif /* SESSION_CERTS */ 16105 18623 16106 18624 return ctx->chain; … … 16136 18654 } 16137 18655 16138 16139 18656 WOLFSSL_X509_STORE* wolfSSL_X509_STORE_new(void) 16140 18657 { 16141 18658 WOLFSSL_X509_STORE* store = NULL; 16142 18659 16143 store = (WOLFSSL_X509_STORE*)XMALLOC(sizeof(WOLFSSL_X509_STORE), NULL, 16144 DYNAMIC_TYPE_X509_STORE); 16145 if (store != NULL) { 16146 store->cm = wolfSSL_CertManagerNew(); 16147 if (store->cm == NULL) { 16148 XFREE(store, NULL, DYNAMIC_TYPE_X509_STORE); 16149 store = NULL; 16150 } 16151 else 16152 store->isDynamic = 1; 16153 } 18660 if((store = (WOLFSSL_X509_STORE*)XMALLOC(sizeof(WOLFSSL_X509_STORE), NULL, 18661 DYNAMIC_TYPE_X509_STORE)) == NULL) 18662 goto err_exit; 18663 18664 if((store->cm = wolfSSL_CertManagerNew()) == NULL) 18665 goto err_exit; 18666 18667 store->isDynamic = 1; 18668 18669 #ifdef HAVE_CRL 18670 store->crl = NULL; 18671 if((store->crl = (WOLFSSL_X509_CRL *)XMALLOC(sizeof(WOLFSSL_X509_CRL), 18672 NULL, DYNAMIC_TYPE_TMP_BUFFER)) == NULL) 18673 goto err_exit; 18674 if(InitCRL(store->crl, NULL) < 0) 18675 goto err_exit; 18676 #endif 16154 18677 16155 18678 return store; 18679 18680 err_exit: 18681 if(store == NULL) 18682 return NULL; 18683 if(store->cm != NULL) 18684 wolfSSL_CertManagerFree(store->cm); 18685 #ifdef HAVE_CRL 18686 if(store->crl != NULL) 18687 wolfSSL_X509_CRL_free(store->crl); 18688 #endif 18689 wolfSSL_X509_STORE_free(store); 18690 18691 return NULL; 16156 18692 } 16157 18693 … … 16161 18697 if (store != NULL && store->isDynamic) { 16162 18698 if (store->cm != NULL) 16163 wolfSSL_CertManagerFree(store->cm); 18699 wolfSSL_CertManagerFree(store->cm); 18700 #ifdef HAVE_CRL 18701 if (store->crl != NULL) 18702 wolfSSL_X509_CRL_free(store->crl); 18703 #endif 16164 18704 XFREE(store, NULL, DYNAMIC_TYPE_X509_STORE); 16165 18705 } … … 16172 18712 16173 18713 WOLFSSL_ENTER("wolfSSL_X509_STORE_set_flags"); 18714 18715 if (store == NULL) 18716 return WOLFSSL_FAILURE; 16174 18717 16175 18718 if ((flag & WOLFSSL_CRL_CHECKALL) || (flag & WOLFSSL_CRL_CHECK)) { … … 16190 18733 } 16191 18734 16192 18735 #ifndef NO_WOLFSSL_STUB 16193 18736 int wolfSSL_X509_STORE_get_by_subject(WOLFSSL_X509_STORE_CTX* ctx, int idx, 16194 18737 WOLFSSL_X509_NAME* name, WOLFSSL_X509_OBJECT* obj) … … 16198 18741 (void)name; 16199 18742 (void)obj; 18743 WOLFSSL_STUB("X509_STORE_get_by_subject"); 16200 18744 return 0; 16201 18745 } 16202 18746 #endif 16203 18747 16204 18748 WOLFSSL_X509_STORE_CTX* wolfSSL_X509_STORE_CTX_new(void) … … 16207 18751 sizeof(WOLFSSL_X509_STORE_CTX), NULL, 16208 18752 DYNAMIC_TYPE_X509_CTX); 16209 if (ctx != NULL) 18753 if (ctx != NULL) { 18754 ctx->param = NULL; 16210 18755 wolfSSL_X509_STORE_CTX_init(ctx, NULL, NULL, NULL); 18756 } 16211 18757 16212 18758 return ctx; … … 16221 18767 if (ctx != NULL) { 16222 18768 ctx->store = store; 18769 #ifndef WOLFSSL_X509_STORE_CERTS 16223 18770 ctx->current_cert = x509; 18771 #else 18772 if(x509 != NULL){ 18773 ctx->current_cert = wolfSSL_X509_d2i(NULL, x509->derCert->buffer,x509->derCert->length); 18774 if(ctx->current_cert == NULL) 18775 return WOLFSSL_FATAL_ERROR; 18776 } else 18777 ctx->current_cert = NULL; 18778 #endif 18779 16224 18780 ctx->chain = sk; 16225 18781 ctx->domain = NULL; … … 16231 18787 ctx->error_depth = 0; 16232 18788 ctx->discardSessionCerts = 0; 16233 return WOLFSSL_SUCCESS; 18789 #ifdef OPENSSL_EXTRA 18790 if (ctx->param == NULL) { 18791 ctx->param = (WOLFSSL_X509_VERIFY_PARAM*)XMALLOC( 18792 sizeof(WOLFSSL_X509_VERIFY_PARAM), 18793 NULL,DYNAMIC_TYPE_OPENSSL); 18794 if (ctx->param == NULL){ 18795 WOLFSSL_MSG("wolfSSL_X509_STORE_CTX_init failed"); 18796 return SSL_FATAL_ERROR; 18797 } 18798 } 18799 #endif 18800 return SSL_SUCCESS; 16234 18801 } 16235 18802 return WOLFSSL_FATAL_ERROR; … … 16242 18809 if (ctx->store != NULL) 16243 18810 wolfSSL_X509_STORE_free(ctx->store); 18811 #ifndef WOLFSSL_KEEP_STORE_CERTS 16244 18812 if (ctx->current_cert != NULL) 16245 18813 wolfSSL_FreeX509(ctx->current_cert); 18814 #endif 16246 18815 if (ctx->chain != NULL) 16247 18816 wolfSSL_sk_X509_free(ctx->chain); 18817 #ifdef OPENSSL_EXTRA 18818 if (ctx->param != NULL){ 18819 XFREE(ctx->param,NULL,DYNAMIC_TYPE_OPENSSL); 18820 } 18821 #endif 16248 18822 XFREE(ctx, NULL, DYNAMIC_TYPE_X509_CTX); 16249 18823 } … … 16254 18828 { 16255 18829 (void)ctx; 18830 /* Do nothing */ 16256 18831 } 16257 18832 … … 16270 18845 #endif /* NO_CERTS */ 16271 18846 16272 18847 #if !defined(NO_FILESYSTEM) 18848 static void *wolfSSL_d2i_X509_fp_ex(XFILE file, void **x509, int type) 18849 { 18850 void *newx509 = NULL; 18851 DerBuffer* der = NULL; 18852 byte *fileBuffer = NULL; 18853 18854 if (file != XBADFILE) 18855 { 18856 long sz = 0; 18857 18858 if(XFSEEK(file, 0, XSEEK_END) != 0) 18859 return NULL; 18860 sz = XFTELL(file); 18861 XREWIND(file); 18862 18863 if (sz < 0) 18864 { 18865 WOLFSSL_MSG("Bad tell on FILE"); 18866 return NULL; 18867 } 18868 18869 fileBuffer = (byte *)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE); 18870 if (fileBuffer != NULL) 18871 { 18872 if((long)XFREAD(fileBuffer, 1, sz, file) != sz) 18873 { 18874 WOLFSSL_MSG("File read failed"); 18875 goto err_exit; 18876 } 18877 if(type == CERT_TYPE) 18878 newx509 = (void *)wolfSSL_X509_d2i(NULL, fileBuffer, (int)sz); 18879 #ifdef HAVE_CRL 18880 else if(type == CRL_TYPE) 18881 newx509 = (void *)wolfSSL_d2i_X509_CRL(NULL, fileBuffer, (int)sz); 18882 #endif 18883 #if !defined(NO_ASN) && !defined(NO_PWDBASED) 18884 else if(type == PKCS12_TYPE){ 18885 if((newx509 = wc_PKCS12_new()) == NULL) 18886 goto err_exit; 18887 if(wc_d2i_PKCS12(fileBuffer, (int)sz, (WC_PKCS12*)newx509) < 0) 18888 goto err_exit; 18889 } 18890 #endif 18891 else goto err_exit; 18892 if(newx509 == NULL) 18893 { 18894 WOLFSSL_MSG("X509 failed"); 18895 goto err_exit; 18896 } 18897 } 18898 } 18899 if (x509 != NULL) 18900 *x509 = newx509; 18901 18902 goto _exit; 18903 18904 err_exit: 18905 if(newx509 != NULL){ 18906 if(type == CERT_TYPE) 18907 wolfSSL_X509_free((WOLFSSL_X509*)newx509); 18908 #ifdef HAVE_CRL 18909 else { 18910 if(type == CRL_TYPE) 18911 wolfSSL_X509_CRL_free((WOLFSSL_X509_CRL*)newx509); 18912 } 18913 #endif 18914 } 18915 _exit: 18916 if(der != NULL) 18917 FreeDer(&der); 18918 if(fileBuffer != NULL) 18919 XFREE(fileBuffer, NULL, DYNAMIC_TYPE_FILE); 18920 return newx509; 18921 } 18922 18923 WOLFSSL_X509_PKCS12 *wolfSSL_d2i_PKCS12_fp(XFILE fp, WOLFSSL_X509_PKCS12 **pkcs12) 18924 { 18925 WOLFSSL_ENTER("wolfSSL_d2i_PKCS12_fp"); 18926 return (WOLFSSL_X509_PKCS12 *)wolfSSL_d2i_X509_fp_ex(fp, (void **)pkcs12, PKCS12_TYPE); 18927 } 18928 18929 WOLFSSL_X509 *wolfSSL_d2i_X509_fp(XFILE fp, WOLFSSL_X509 **x509) 18930 { 18931 WOLFSSL_ENTER("wolfSSL_d2i_X509_fp"); 18932 return (WOLFSSL_X509 *)wolfSSL_d2i_X509_fp_ex(fp, (void **)x509, CERT_TYPE); 18933 } 18934 #endif /* !NO_FILESYSTEM */ 18935 18936 18937 #ifdef HAVE_CRL 18938 #ifndef NO_FILESYSTEM 18939 WOLFSSL_X509_CRL *wolfSSL_d2i_X509_CRL_fp(XFILE fp, WOLFSSL_X509_CRL **crl) 18940 { 18941 WOLFSSL_ENTER("wolfSSL_d2i_X509_CRL_fp"); 18942 return (WOLFSSL_X509_CRL *)wolfSSL_d2i_X509_fp_ex(fp, (void **)crl, CRL_TYPE); 18943 } 18944 #endif /* !NO_FILESYSTEM */ 18945 18946 18947 WOLFSSL_X509_CRL* wolfSSL_d2i_X509_CRL(WOLFSSL_X509_CRL** crl, const unsigned char* in, int len) 18948 { 18949 WOLFSSL_X509_CRL *newcrl = NULL; 18950 int ret ; 18951 18952 WOLFSSL_ENTER("wolfSSL_d2i_X509_CRL"); 18953 18954 if(in == NULL){ 18955 WOLFSSL_MSG("Bad argument value"); 18956 return NULL; 18957 } 18958 18959 newcrl = (WOLFSSL_X509_CRL*)XMALLOC(sizeof(WOLFSSL_X509_CRL), NULL, DYNAMIC_TYPE_TMP_BUFFER); 18960 if (newcrl == NULL){ 18961 WOLFSSL_MSG("New CRL allocation failed"); 18962 return NULL; 18963 } 18964 if (InitCRL(newcrl, NULL) < 0) { 18965 WOLFSSL_MSG("Init tmp CRL failed"); 18966 goto err_exit; 18967 } 18968 ret = BufferLoadCRL(newcrl, in, len, WOLFSSL_FILETYPE_ASN1, 1); 18969 if (ret != WOLFSSL_SUCCESS){ 18970 WOLFSSL_MSG("Buffer Load CRL failed"); 18971 goto err_exit; 18972 } 18973 if(crl){ 18974 *crl = newcrl; 18975 } 18976 goto _exit; 18977 18978 err_exit: 18979 if(newcrl != NULL) 18980 wolfSSL_X509_CRL_free(newcrl); 18981 newcrl = NULL; 18982 _exit: 18983 return newcrl; 18984 } 18985 18986 void wolfSSL_X509_CRL_free(WOLFSSL_X509_CRL *crl) 18987 { 18988 WOLFSSL_ENTER("wolfSSL_X509_CRL_free"); 18989 18990 FreeCRL(crl, 1); 18991 return; 18992 } 18993 #endif /* HAVE_CRL */ 18994 18995 #ifndef NO_WOLFSSL_STUB 16273 18996 WOLFSSL_ASN1_TIME* wolfSSL_X509_CRL_get_lastUpdate(WOLFSSL_X509_CRL* crl) 16274 18997 { 16275 18998 (void)crl; 18999 WOLFSSL_STUB("X509_CRL_get_lastUpdate"); 16276 19000 return 0; 16277 19001 } 16278 16279 19002 #endif 19003 #ifndef NO_WOLFSSL_STUB 16280 19004 WOLFSSL_ASN1_TIME* wolfSSL_X509_CRL_get_nextUpdate(WOLFSSL_X509_CRL* crl) 16281 19005 { 16282 19006 (void)crl; 19007 WOLFSSL_STUB("X509_CRL_get_nextUpdate"); 16283 19008 return 0; 16284 19009 } 16285 16286 16287 16288 WOLFSSL_EVP_PKEY* wolfSSL_X509_get_pubkey(WOLFSSL_X509* x509) 16289 { 16290 WOLFSSL_EVP_PKEY* key = NULL; 16291 if (x509 != NULL) { 16292 key = (WOLFSSL_EVP_PKEY*)XMALLOC( 16293 sizeof(WOLFSSL_EVP_PKEY), x509->heap, 16294 DYNAMIC_TYPE_PUBLIC_KEY); 16295 if (key != NULL) { 16296 key->type = x509->pubKeyOID; 16297 key->save_type = 0; 16298 key->pkey.ptr = (char*)XMALLOC( 16299 x509->pubKey.length, x509->heap, 16300 DYNAMIC_TYPE_PUBLIC_KEY); 16301 if (key->pkey.ptr == NULL) { 16302 XFREE(key, x509->heap, DYNAMIC_TYPE_PUBLIC_KEY); 16303 return NULL; 16304 } 16305 XMEMCPY(key->pkey.ptr, 16306 x509->pubKey.buffer, x509->pubKey.length); 16307 key->pkey_sz = x509->pubKey.length; 16308 #ifdef HAVE_ECC 16309 key->pkey_curve = (int)x509->pkCurveOID; 16310 #endif /* HAVE_ECC */ 16311 } 16312 } 16313 return key; 16314 } 16315 16316 19010 #endif 19011 19012 19013 #ifndef NO_WOLFSSL_STUB 16317 19014 int wolfSSL_X509_CRL_verify(WOLFSSL_X509_CRL* crl, WOLFSSL_EVP_PKEY* key) 16318 19015 { 16319 19016 (void)crl; 16320 19017 (void)key; 19018 WOLFSSL_STUB("X509_CRL_verify"); 16321 19019 return 0; 16322 19020 } 16323 16324 16325 void wolfSSL_X509_STORE_CTX_set_error(WOLFSSL_X509_STORE_CTX* ctx, int err) 16326 { 16327 (void)ctx; 16328 (void)err; 16329 } 16330 16331 16332 void wolfSSL_X509_OBJECT_free_contents(WOLFSSL_X509_OBJECT* obj) 16333 { 16334 (void)obj; 16335 } 16336 16337 16338 WOLFSSL_EVP_PKEY* wolfSSL_PKEY_new() 19021 #endif 19022 #endif /* OPENSSL_EXTRA */ 19023 19024 #if defined(OPENSSL_EXTRA_X509_SMALL) 19025 /* Subset of OPENSSL_EXTRA for PKEY operations PKEY free is needed by the 19026 * subset of X509 API */ 19027 19028 WOLFSSL_EVP_PKEY* wolfSSL_PKEY_new(void){ 19029 return wolfSSL_PKEY_new_ex(NULL); 19030 } 19031 19032 19033 WOLFSSL_EVP_PKEY* wolfSSL_PKEY_new_ex(void* heap) 16339 19034 { 16340 19035 WOLFSSL_EVP_PKEY* pkey; 16341 16342 pkey = (WOLFSSL_EVP_PKEY*)XMALLOC(sizeof(WOLFSSL_EVP_PKEY), NULL, 19036 int ret; 19037 WOLFSSL_ENTER("wolfSSL_PKEY_new"); 19038 pkey = (WOLFSSL_EVP_PKEY*)XMALLOC(sizeof(WOLFSSL_EVP_PKEY), heap, 16343 19039 DYNAMIC_TYPE_PUBLIC_KEY); 16344 19040 if (pkey != NULL) { 16345 19041 XMEMSET(pkey, 0, sizeof(WOLFSSL_EVP_PKEY)); 19042 pkey->heap = heap; 19043 pkey->type = WOLFSSL_EVP_PKEY_DEFAULT; 19044 #ifndef HAVE_FIPS 19045 ret = wc_InitRng_ex(&pkey->rng, heap, INVALID_DEVID); 19046 #else 19047 ret = wc_InitRng(&pkey->rng); 19048 #endif 19049 if (ret != 0){ 19050 wolfSSL_EVP_PKEY_free(pkey); 19051 WOLFSSL_MSG("memory falure"); 19052 return NULL; 19053 } 19054 } 19055 else { 19056 WOLFSSL_MSG("memory failure"); 16346 19057 } 16347 19058 … … 16352 19063 void wolfSSL_EVP_PKEY_free(WOLFSSL_EVP_PKEY* key) 16353 19064 { 19065 WOLFSSL_ENTER("wolfSSL_EVP_PKEY_free"); 16354 19066 if (key != NULL) { 16355 if (key->pkey.ptr != NULL) 16356 XFREE(key->pkey.ptr, NULL, DYNAMIC_TYPE_PUBLIC_KEY); 16357 XFREE(key, NULL, DYNAMIC_TYPE_PUBLIC_KEY); 16358 } 16359 } 16360 16361 19067 wc_FreeRng(&key->rng); 19068 19069 if (key->pkey.ptr != NULL) { 19070 XFREE(key->pkey.ptr, key->heap, DYNAMIC_TYPE_PUBLIC_KEY); 19071 key->pkey.ptr = NULL; 19072 } 19073 switch(key->type) 19074 { 19075 #ifndef NO_RSA 19076 case EVP_PKEY_RSA: 19077 if (key->rsa != NULL && key->ownRsa == 1) { 19078 wolfSSL_RSA_free(key->rsa); 19079 key->rsa = NULL; 19080 } 19081 break; 19082 #endif /* NO_RSA */ 19083 19084 #ifdef HAVE_ECC 19085 case EVP_PKEY_EC: 19086 if (key->ecc != NULL && key->ownEcc == 1) { 19087 wolfSSL_EC_KEY_free(key->ecc); 19088 key->ecc = NULL; 19089 } 19090 break; 19091 #endif /* HAVE_ECC */ 19092 19093 default: 19094 break; 19095 } 19096 XFREE(key, key->heap, DYNAMIC_TYPE_PUBLIC_KEY); 19097 } 19098 } 19099 #endif /* OPENSSL_EXTRA_X509_SMALL */ 19100 19101 19102 #ifdef OPENSSL_EXTRA 19103 19104 void wolfSSL_X509_STORE_CTX_set_time(WOLFSSL_X509_STORE_CTX* ctx, 19105 unsigned long flags, 19106 time_t t) 19107 { 19108 (void)flags; 19109 19110 if (ctx == NULL || ctx->param == NULL) 19111 return; 19112 19113 ctx->param->check_time = t; 19114 ctx->param->flags |= WOLFSSL_USE_CHECK_TIME; 19115 } 19116 19117 #ifndef NO_WOLFSSL_STUB 19118 void wolfSSL_X509_OBJECT_free_contents(WOLFSSL_X509_OBJECT* obj) 19119 { 19120 (void)obj; 19121 WOLFSSL_STUB("X509_OBJECT_free_contents"); 19122 } 19123 #endif 19124 19125 #ifndef NO_WOLFSSL_STUB 16362 19126 int wolfSSL_X509_cmp_current_time(const WOLFSSL_ASN1_TIME* asnTime) 16363 19127 { 16364 19128 (void)asnTime; 19129 WOLFSSL_STUB("X509_cmp_current_time"); 16365 19130 return 0; 16366 19131 } 16367 16368 19132 #endif 19133 19134 #ifndef NO_WOLFSSL_STUB 16369 19135 int wolfSSL_sk_X509_REVOKED_num(WOLFSSL_X509_REVOKED* revoked) 16370 19136 { 16371 19137 (void)revoked; 19138 WOLFSSL_STUB("sk_X509_REVOKED_num"); 16372 19139 return 0; 16373 19140 } 16374 16375 16376 19141 #endif 19142 19143 #ifndef NO_WOLFSSL_STUB 16377 19144 WOLFSSL_X509_REVOKED* wolfSSL_X509_CRL_get_REVOKED(WOLFSSL_X509_CRL* crl) 16378 19145 { 16379 19146 (void)crl; 19147 WOLFSSL_STUB("X509_CRL_get_REVOKED"); 16380 19148 return 0; 16381 19149 } 16382 16383 19150 #endif 19151 19152 #ifndef NO_WOLFSSL_STUB 16384 19153 WOLFSSL_X509_REVOKED* wolfSSL_sk_X509_REVOKED_value( 16385 19154 WOLFSSL_X509_REVOKED* revoked, int value) … … 16387 19156 (void)revoked; 16388 19157 (void)value; 19158 WOLFSSL_STUB("sk_X509_REVOKED_value"); 16389 19159 return 0; 16390 19160 } 16391 19161 #endif 19162 19163 /* Used to create a new WOLFSSL_ASN1_INTEGER structure. 19164 * returns a pointer to new structure on success and NULL on failure 19165 */ 19166 WOLFSSL_ASN1_INTEGER* wolfSSL_ASN1_INTEGER_new(void) 19167 { 19168 WOLFSSL_ASN1_INTEGER* a; 19169 19170 a = (WOLFSSL_ASN1_INTEGER*)XMALLOC(sizeof(WOLFSSL_ASN1_INTEGER), NULL, 19171 DYNAMIC_TYPE_OPENSSL); 19172 if (a == NULL) { 19173 return NULL; 19174 } 19175 19176 XMEMSET(a, 0, sizeof(WOLFSSL_ASN1_INTEGER)); 19177 a->data = a->intData; 19178 a->dataMax = WOLFSSL_ASN1_INTEGER_MAX; 19179 return a; 19180 } 19181 19182 19183 /* free's internal elements of WOLFSSL_ASN1_INTEGER and free's "in" itself */ 19184 void wolfSSL_ASN1_INTEGER_free(WOLFSSL_ASN1_INTEGER* in) 19185 { 19186 if (in != NULL) { 19187 if (in->isDynamic) { 19188 XFREE(in->data, NULL, DYNAMIC_TYPE_OPENSSL); 19189 } 19190 XFREE(in, NULL, DYNAMIC_TYPE_OPENSSL); 19191 } 19192 } 16392 19193 16393 19194 … … 16399 19200 WOLFSSL_ENTER("wolfSSL_X509_get_serialNumber"); 16400 19201 16401 a = (WOLFSSL_ASN1_INTEGER*)XMALLOC(sizeof(WOLFSSL_ASN1_INTEGER), NULL, 16402 DYNAMIC_TYPE_OPENSSL); 19202 a = wolfSSL_ASN1_INTEGER_new(); 16403 19203 if (a == NULL) 16404 19204 return NULL; 16405 19205 16406 19206 /* Make sure there is space for the data, ASN.1 type and length. */ 16407 if (x509->serialSz > (int)(sizeof(WOLFSSL_ASN1_INTEGER) - 2)) { 16408 XFREE(a, NULL, DYNAMIC_TYPE_OPENSSL); 16409 return NULL; 19207 if (x509->serialSz > (WOLFSSL_ASN1_INTEGER_MAX - 2)) { 19208 /* dynamicly create data buffer, +2 for type and length */ 19209 a->data = (unsigned char*)XMALLOC(x509->serialSz + 2, NULL, 19210 DYNAMIC_TYPE_OPENSSL); 19211 if (a->data == NULL) { 19212 wolfSSL_ASN1_INTEGER_free(a); 19213 return NULL; 19214 } 19215 a->dataMax = x509->serialSz + 2; 19216 a->isDynamic = 1; 16410 19217 } 16411 19218 16412 19219 a->data[i++] = ASN_INTEGER; 16413 a->data[i++] = (unsigned char)x509->serialSz;19220 i += SetLength(x509->serialSz, a->data + i); 16414 19221 XMEMCPY(&a->data[i], x509->serial, x509->serialSz); 16415 19222 … … 16417 19224 } 16418 19225 19226 #endif /* OPENSSL_EXTRA */ 16419 19227 16420 19228 #if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || \ 16421 defined(WOLFSSL_HAPROXY) 19229 defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) 16422 19230 int wolfSSL_ASN1_TIME_print(WOLFSSL_BIO* bio, const WOLFSSL_ASN1_TIME* asnTime) 16423 19231 { … … 16474 19282 return buf; 16475 19283 } 16476 #endif /* WOLFSSL_MYSQL_COMPATIBLE */ 16477 16478 19284 #endif /* WOLFSSL_MYSQL_COMPATIBLE || WOLFSSL_NGINX || WOLFSSL_HAPROXY || 19285 OPENSSL_EXTRA*/ 19286 19287 19288 #ifdef OPENSSL_EXTRA 19289 19290 #if !defined(NO_ASN_TIME) && !defined(USER_TIME) && \ 19291 !defined(TIME_OVERRIDES) && !defined(NO_FILESYSTEM) 19292 19293 WOLFSSL_ASN1_TIME* wolfSSL_ASN1_TIME_adj(WOLFSSL_ASN1_TIME *s, time_t t, 19294 int offset_day, long offset_sec) 19295 { 19296 const time_t sec_per_day = 24*60*60; 19297 struct tm* ts = NULL; 19298 struct tm* tmpTime = NULL; 19299 time_t t_adj = 0; 19300 time_t offset_day_sec = 0; 19301 19302 #if defined(NEED_TMP_TIME) 19303 struct tm tmpTimeStorage; 19304 tmpTime = &tmpTimeStorage; 19305 #else 19306 (void)tmpTime; 19307 #endif 19308 19309 WOLFSSL_ENTER("wolfSSL_ASN1_TIME_adj"); 19310 19311 if (s == NULL){ 19312 s = (WOLFSSL_ASN1_TIME*)XMALLOC(sizeof(WOLFSSL_ASN1_TIME), NULL, 19313 DYNAMIC_TYPE_OPENSSL); 19314 if (s == NULL){ 19315 return NULL; 19316 } 19317 } 19318 19319 /* compute GMT time with offset */ 19320 offset_day_sec = offset_day * sec_per_day; 19321 t_adj = t + offset_day_sec + offset_sec; 19322 ts = (struct tm *)XGMTIME(&t_adj, tmpTime); 19323 if (ts == NULL){ 19324 WOLFSSL_MSG("failed to get time data."); 19325 XFREE(s, NULL, DYNAMIC_TYPE_OPENSSL); 19326 return NULL; 19327 } 19328 19329 /* create ASN1 time notation */ 19330 /* UTC Time */ 19331 if (ts->tm_year >= 50 && ts->tm_year < 150){ 19332 char utc_str[ASN_UTC_TIME_SIZE]; 19333 int utc_year = 0,utc_mon,utc_day,utc_hour,utc_min,utc_sec; 19334 byte *data_ptr = NULL; 19335 19336 if (ts->tm_year >= 50 && ts->tm_year < 100){ 19337 utc_year = ts->tm_year; 19338 } else if (ts->tm_year >= 100 && ts->tm_year < 150){ 19339 utc_year = ts->tm_year - 100; 19340 } 19341 utc_mon = ts->tm_mon + 1; 19342 utc_day = ts->tm_mday; 19343 utc_hour = ts->tm_hour; 19344 utc_min = ts->tm_min; 19345 utc_sec = ts->tm_sec; 19346 XSNPRINTF((char *)utc_str, ASN_UTC_TIME_SIZE, 19347 "%02d%02d%02d%02d%02d%02dZ", 19348 utc_year, utc_mon, utc_day, utc_hour, utc_min, utc_sec); 19349 data_ptr = s->data; 19350 *data_ptr = (byte) ASN_UTC_TIME; data_ptr++; 19351 *data_ptr = (byte) ASN_UTC_TIME_SIZE; data_ptr++; 19352 XMEMCPY(data_ptr,(byte *)utc_str, ASN_UTC_TIME_SIZE); 19353 /* GeneralizedTime */ 19354 } else { 19355 char gt_str[ASN_GENERALIZED_TIME_MAX]; 19356 int gt_year,gt_mon,gt_day,gt_hour,gt_min,gt_sec; 19357 byte *data_ptr = NULL; 19358 19359 gt_year = ts->tm_year + 1900; 19360 gt_mon = ts->tm_mon + 1; 19361 gt_day = ts->tm_mday; 19362 gt_hour = ts->tm_hour; 19363 gt_min = ts->tm_min; 19364 gt_sec = ts->tm_sec; 19365 XSNPRINTF((char *)gt_str, ASN_GENERALIZED_TIME_MAX, 19366 "%4d%02d%02d%02d%02d%02dZ", 19367 gt_year, gt_mon, gt_day, gt_hour, gt_min,gt_sec); 19368 data_ptr = s->data; 19369 *data_ptr = (byte) ASN_GENERALIZED_TIME; data_ptr++; 19370 *data_ptr = (byte) ASN_GENERALIZED_TIME_SIZE; data_ptr++; 19371 XMEMCPY(data_ptr,(byte *)gt_str, ASN_GENERALIZED_TIME_SIZE); 19372 } 19373 19374 return s; 19375 } 19376 #endif /* !NO_ASN_TIME && !USER_TIME && !TIME_OVERRIDES && !NO_FILESYSTEM */ 19377 19378 #ifndef NO_WOLFSSL_STUB 16479 19379 int wolfSSL_ASN1_INTEGER_cmp(const WOLFSSL_ASN1_INTEGER* a, 16480 19380 const WOLFSSL_ASN1_INTEGER* b) … … 16482 19382 (void)a; 16483 19383 (void)b; 19384 WOLFSSL_STUB("ASN1_INTEGER_cmp"); 16484 19385 return 0; 16485 19386 } 16486 16487 19387 #endif 19388 19389 #ifndef NO_WOLFSSL_STUB 16488 19390 long wolfSSL_ASN1_INTEGER_get(const WOLFSSL_ASN1_INTEGER* i) 16489 19391 { 16490 19392 (void)i; 19393 WOLFSSL_STUB("ASN1_INTEGER_get"); 16491 19394 return 0; 16492 19395 } 19396 #endif 16493 19397 16494 19398 … … 16507 19411 16508 19412 19413 /* Gets an index to store SSL structure at. 19414 * 19415 * Returns positive index on success and negative values on failure 19416 */ 16509 19417 int wolfSSL_get_ex_data_X509_STORE_CTX_idx(void) 16510 19418 { 16511 19419 WOLFSSL_ENTER("wolfSSL_get_ex_data_X509_STORE_CTX_idx"); 19420 19421 /* store SSL at index 0 */ 16512 19422 return 0; 16513 19423 } 16514 19424 16515 19425 19426 /* Set an error stat in the X509 STORE CTX 19427 * 19428 */ 19429 void wolfSSL_X509_STORE_CTX_set_error(WOLFSSL_X509_STORE_CTX* ctx, int er) 19430 { 19431 WOLFSSL_ENTER("wolfSSL_X509_STORE_CTX_set_error"); 19432 19433 if (ctx != NULL) { 19434 ctx->error = er; 19435 } 19436 } 19437 19438 19439 /* Sets a function callback that will send information about the state of all 19440 * WOLFSSL objects that have been created by the WOLFSSL_CTX structure passed 19441 * in. 19442 * 19443 * ctx WOLFSSL_CTX structre to set callback function in 19444 * f callback function to use 19445 */ 16516 19446 void wolfSSL_CTX_set_info_callback(WOLFSSL_CTX* ctx, 16517 19447 void (*f)(const WOLFSSL* ssl, int type, int val)) 16518 19448 { 16519 (void)ctx; 16520 (void)f; 19449 WOLFSSL_ENTER("wolfSSL_CTX_set_info_callback"); 19450 if (ctx == NULL) { 19451 WOLFSSL_MSG("Bad function argument"); 19452 } 19453 else { 19454 ctx->CBIS = f; 19455 } 16521 19456 } 16522 19457 … … 16526 19461 WOLFSSL_ENTER("wolfSSL_ERR_peek_error"); 16527 19462 16528 #ifdef OPENSSL_EXTRA16529 19463 return wolfSSL_ERR_peek_error_line_data(NULL, NULL, NULL, NULL); 16530 #else 16531 return 0; 16532 #endif 16533 } 16534 16535 19464 } 19465 19466 19467 /* This function is to find global error values that are the same through out 19468 * all library version. With wolfSSL having only one set of error codes the 19469 * return value is pretty straight forward. The only thing needed is all wolfSSL 19470 * error values are typically negative. 19471 * 19472 * Returns the error reason 19473 */ 16536 19474 int wolfSSL_ERR_GET_REASON(unsigned long err) 16537 19475 { 16538 #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) 19476 int ret = (int)err; 19477 19478 WOLFSSL_ENTER("wolfSSL_ERR_GET_REASON"); 19479 19480 #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) 16539 19481 /* Nginx looks for this error to know to stop parsing certificates. */ 16540 19482 if (err == ((ERR_LIB_PEM << 24) | PEM_R_NO_START_LINE)) 16541 19483 return PEM_R_NO_START_LINE; 16542 19484 #endif 16543 (void)err; 16544 return 0; 16545 } 16546 16547 16548 char* wolfSSL_alert_type_string_long(int alertID) 16549 { 16550 (void)alertID; 16551 return 0; 16552 } 16553 16554 16555 char* wolfSSL_alert_desc_string_long(int alertID) 16556 { 16557 (void)alertID; 16558 return 0; 16559 } 16560 16561 16562 char* wolfSSL_state_string_long(const WOLFSSL* ssl) 16563 { 16564 (void)ssl; 16565 return 0; 16566 } 16567 16568 19485 19486 /* check if error value is in range of wolfSSL errors */ 19487 ret = 0 - ret; /* setting as negative value */ 19488 /* wolfCrypt range is less than MAX (-100) 19489 wolfSSL range is MIN (-300) and lower */ 19490 if (ret < MAX_CODE_E) { 19491 return ret; 19492 } 19493 else { 19494 WOLFSSL_MSG("Not in range of typical error values"); 19495 ret = (int)err; 19496 } 19497 19498 return ret; 19499 } 19500 19501 19502 /* returns a string that describes the alert 19503 * 19504 * alertID the alert value to look up 19505 */ 19506 const char* wolfSSL_alert_type_string_long(int alertID) 19507 { 19508 WOLFSSL_ENTER("wolfSSL_aalert_type_string_long"); 19509 19510 switch (alertID) { 19511 case close_notify: 19512 { 19513 static const char close_notify_str[] = 19514 "close_notify"; 19515 return close_notify_str; 19516 } 19517 19518 case unexpected_message: 19519 { 19520 static const char unexpected_message_str[] = 19521 "unexpected_message"; 19522 return unexpected_message_str; 19523 } 19524 19525 case bad_record_mac: 19526 { 19527 static const char bad_record_mac_str[] = 19528 "bad_record_mac"; 19529 return bad_record_mac_str; 19530 } 19531 19532 case record_overflow: 19533 { 19534 static const char record_overflow_str[] = 19535 "record_overflow"; 19536 return record_overflow_str; 19537 } 19538 19539 case decompression_failure: 19540 { 19541 static const char decompression_failure_str[] = 19542 "decompression_failure"; 19543 return decompression_failure_str; 19544 } 19545 19546 case handshake_failure: 19547 { 19548 static const char handshake_failure_str[] = 19549 "handshake_failure"; 19550 return handshake_failure_str; 19551 } 19552 19553 case no_certificate: 19554 { 19555 static const char no_certificate_str[] = 19556 "no_certificate"; 19557 return no_certificate_str; 19558 } 19559 19560 case bad_certificate: 19561 { 19562 static const char bad_certificate_str[] = 19563 "bad_certificate"; 19564 return bad_certificate_str; 19565 } 19566 19567 case unsupported_certificate: 19568 { 19569 static const char unsupported_certificate_str[] = 19570 "unsupported_certificate"; 19571 return unsupported_certificate_str; 19572 } 19573 19574 case certificate_revoked: 19575 { 19576 static const char certificate_revoked_str[] = 19577 "certificate_revoked"; 19578 return certificate_revoked_str; 19579 } 19580 19581 case certificate_expired: 19582 { 19583 static const char certificate_expired_str[] = 19584 "certificate_expired"; 19585 return certificate_expired_str; 19586 } 19587 19588 case certificate_unknown: 19589 { 19590 static const char certificate_unknown_str[] = 19591 "certificate_unknown"; 19592 return certificate_unknown_str; 19593 } 19594 19595 case illegal_parameter: 19596 { 19597 static const char illegal_parameter_str[] = 19598 "illegal_parameter"; 19599 return illegal_parameter_str; 19600 } 19601 19602 case decode_error: 19603 { 19604 static const char decode_error_str[] = 19605 "decode_error"; 19606 return decode_error_str; 19607 } 19608 19609 case decrypt_error: 19610 { 19611 static const char decrypt_error_str[] = 19612 "decrypt_error"; 19613 return decrypt_error_str; 19614 } 19615 19616 #ifdef WOLFSSL_MYSQL_COMPATIBLE 19617 /* catch name conflict for enum protocol with MYSQL build */ 19618 case wc_protocol_version: 19619 { 19620 static const char wc_protocol_version_str[] = 19621 "wc_protocol_version"; 19622 return wc_protocol_version_str; 19623 } 19624 19625 #else 19626 case protocol_version: 19627 { 19628 static const char protocol_version_str[] = 19629 "protocol_version"; 19630 return protocol_version_str; 19631 } 19632 19633 #endif 19634 case no_renegotiation: 19635 { 19636 static const char no_renegotiation_str[] = 19637 "no_renegotiation"; 19638 return no_renegotiation_str; 19639 } 19640 19641 case unrecognized_name: 19642 { 19643 static const char unrecognized_name_str[] = 19644 "unrecognized_name"; 19645 return unrecognized_name_str; 19646 } 19647 19648 case bad_certificate_status_response: 19649 { 19650 static const char bad_certificate_status_response_str[] = 19651 "bad_certificate_status_response"; 19652 return bad_certificate_status_response_str; 19653 } 19654 19655 case no_application_protocol: 19656 { 19657 static const char no_application_protocol_str[] = 19658 "no_application_protocol"; 19659 return no_application_protocol_str; 19660 } 19661 19662 default: 19663 WOLFSSL_MSG("Unknown Alert"); 19664 return NULL; 19665 } 19666 } 19667 19668 19669 const char* wolfSSL_alert_desc_string_long(int alertID) 19670 { 19671 WOLFSSL_ENTER("wolfSSL_alert_desc_string_long"); 19672 return wolfSSL_alert_type_string_long(alertID); 19673 } 19674 19675 19676 /* Gets the current state of the WOLFSSL structure 19677 * 19678 * ssl WOLFSSL structure to get state of 19679 * 19680 * Returns a human readable string of the WOLFSSL structure state 19681 */ 19682 const char* wolfSSL_state_string_long(const WOLFSSL* ssl) 19683 { 19684 19685 static const char* OUTPUT_STR[14][6][3] = { 19686 { 19687 {"SSLv3 Initialization","SSLv3 Initialization","SSLv3 Initialization"}, 19688 {"TLSv1 Initialization","TLSv2 Initialization","TLSv2 Initialization"}, 19689 {"TLSv1_1 Initialization","TLSv1_1 Initialization","TLSv1_1 Initialization"}, 19690 {"TLSv1_2 Initialization","TLSv1_2 Initialization","TLSv1_2 Initialization"}, 19691 {"DTLSv1 Initialization","DTLSv1 Initialization","DTLSv1 Initialization"}, 19692 {"DTLSv1_2 Initialization","DTLSv1_2 Initialization","DTLSv1_2 Initialization"}, 19693 }, 19694 { 19695 {"SSLv3 read Server Hello Verify Request", 19696 "SSLv3 write Server Hello Verify Request", 19697 "SSLv3 Server Hello Verify Request"}, 19698 {"TLSv1 read Server Hello Verify Request", 19699 "TLSv1 write Server Hello Verify Request", 19700 "TLSv1 Server Hello Verify Request"}, 19701 {"TLSv1_1 read Server Hello Verify Request", 19702 "TLSv1_1 write Server Hello Verify Request", 19703 "TLSv1_1 Server Hello Verify Request"}, 19704 {"TLSv1_2 read Server Hello Verify Request", 19705 "TLSv1_2 write Server Hello Verify Request", 19706 "TLSv1_2 Server Hello Verify Request"}, 19707 {"DTLSv1 read Server Hello Verify Request", 19708 "DTLSv1 write Server Hello Verify Request", 19709 "DTLSv1 Server Hello Verify Request"}, 19710 {"DTLSv1_2 read Server Hello Verify Request", 19711 "DTLSv1_2 write Server Hello Verify Request", 19712 "DTLSv1_2 Server Hello Verify Request"}, 19713 }, 19714 { 19715 {"SSLv3 read Server Hello", 19716 "SSLv3 write Server Hello", 19717 "SSLv3 Server Hello"}, 19718 {"TLSv1 read Server Hello", 19719 "TLSv1 write Server Hello", 19720 "TLSv1 Server Hello"}, 19721 {"TLSv1_1 read Server Hello", 19722 "TLSv1_1 write Server Hello", 19723 "TLSv1_1 Server Hello"}, 19724 {"TLSv1_2 read Server Hello", 19725 "TLSv1_2 write Server Hello", 19726 "TLSv1_2 Server Hello"}, 19727 {"DTLSv1 read Server Hello", 19728 "DTLSv1 write Server Hello", 19729 "DTLSv1 Server Hello"}, 19730 {"DTLSv1_2 read Server Hello" 19731 "DTLSv1_2 write Server Hello", 19732 "DTLSv1_2 Server Hello", 19733 }, 19734 }, 19735 { 19736 {"SSLv3 read Server Session Ticket", 19737 "SSLv3 write Server Session Ticket", 19738 "SSLv3 Server Session Ticket"}, 19739 {"TLSv1 read Server Session Ticket", 19740 "TLSv1 write Server Session Ticket", 19741 "TLSv1 Server Session Ticket"}, 19742 {"TLSv1_1 read Server Session Ticket", 19743 "TLSv1_1 write Server Session Ticket", 19744 "TLSv1_1 Server Session Ticket"}, 19745 {"TLSv1_2 read Server Session Ticket", 19746 "TLSv1_2 write Server Session Ticket", 19747 "TLSv1_2 Server Session Ticket"}, 19748 {"DTLSv1 read Server Session Ticket", 19749 "DTLSv1 write Server Session Ticket", 19750 "DTLSv1 Server Session Ticket"}, 19751 {"DTLSv1_2 read Server Session Ticket", 19752 "DTLSv1_2 write Server Session Ticket", 19753 "DTLSv1_2 Server Session Ticket"}, 19754 }, 19755 { 19756 {"SSLv3 read Server Cert", 19757 "SSLv3 write Server Cert", 19758 "SSLv3 Server Cert"}, 19759 {"TLSv1 read Server Cert", 19760 "TLSv1 write Server Cert", 19761 "TLSv1 Server Cert"}, 19762 {"TLSv1_1 read Server Cert", 19763 "TLSv1_1 write Server Cert", 19764 "TLSv1_1 Server Cert"}, 19765 {"TLSv1_2 read Server Cert", 19766 "TLSv1_2 write Server Cert", 19767 "TLSv1_2 Server Cert"}, 19768 {"DTLSv1 read Server Cert", 19769 "DTLSv1 write Server Cert", 19770 "DTLSv1 Server Cert"}, 19771 {"DTLSv1_2 read Server Cert", 19772 "DTLSv1_2 write Server Cert", 19773 "DTLSv1_2 Server Cert"}, 19774 }, 19775 { 19776 {"SSLv3 read Server Key Exchange", 19777 "SSLv3 write Server Key Exchange", 19778 "SSLv3 Server Key Exchange"}, 19779 {"TLSv1 read Server Key Exchange", 19780 "TLSv1 write Server Key Exchange", 19781 "TLSv1 Server Key Exchange"}, 19782 {"TLSv1_1 read Server Key Exchange", 19783 "TLSv1_1 write Server Key Exchange", 19784 "TLSv1_1 Server Key Exchange"}, 19785 {"TLSv1_2 read Server Key Exchange", 19786 "TLSv1_2 write Server Key Exchange", 19787 "TLSv1_2 Server Key Exchange"}, 19788 {"DTLSv1 read Server Key Exchange", 19789 "DTLSv1 write Server Key Exchange", 19790 "DTLSv1 Server Key Exchange"}, 19791 {"DTLSv1_2 read Server Key Exchange", 19792 "DTLSv1_2 write Server Key Exchange", 19793 "DTLSv1_2 Server Key Exchange"}, 19794 }, 19795 { 19796 {"SSLv3 read Server Hello Done", 19797 "SSLv3 write Server Hello Done", 19798 "SSLv3 Server Hello Done"}, 19799 {"TLSv1 read Server Hello Done", 19800 "TLSv1 write Server Hello Done", 19801 "TLSv1 Server Hello Done"}, 19802 {"TLSv1_1 read Server Hello Done", 19803 "TLSv1_1 write Server Hello Done", 19804 "TLSv1_1 Server Hello Done"}, 19805 {"TLSv1_2 read Server Hello Done", 19806 "TLSv1_2 write Server Hello Done", 19807 "TLSv1_2 Server Hello Done"}, 19808 {"DTLSv1 read Server Hello Done", 19809 "DTLSv1 write Server Hello Done", 19810 "DTLSv1 Server Hello Done"}, 19811 {"DTLSv1_2 read Server Hello Done", 19812 "DTLSv1_2 write Server Hello Done", 19813 "DTLSv1_2 Server Hello Done"}, 19814 }, 19815 { 19816 {"SSLv3 read Server Change CipherSpec", 19817 "SSLv3 write Server Change CipherSpec", 19818 "SSLv3 Server Change CipherSpec"}, 19819 {"TLSv1 read Server Change CipherSpec", 19820 "TLSv1 write Server Change CipherSpec", 19821 "TLSv1 Server Change CipherSpec"}, 19822 {"TLSv1_1 read Server Change CipherSpec", 19823 "TLSv1_1 write Server Change CipherSpec", 19824 "TLSv1_1 Server Change CipherSpec"}, 19825 {"TLSv1_2 read Server Change CipherSpec", 19826 "TLSv1_2 write Server Change CipherSpec", 19827 "TLSv1_2 Server Change CipherSpec"}, 19828 {"DTLSv1 read Server Change CipherSpec", 19829 "DTLSv1 write Server Change CipherSpec", 19830 "DTLSv1 Server Change CipherSpec"}, 19831 {"DTLSv1_2 read Server Change CipherSpec", 19832 "DTLSv1_2 write Server Change CipherSpec", 19833 "DTLSv1_2 Server Change CipherSpec"}, 19834 }, 19835 { 19836 {"SSLv3 read Server Finished", 19837 "SSLv3 write Server Finished", 19838 "SSLv3 Server Finished"}, 19839 {"TLSv1 read Server Finished", 19840 "TLSv1 write Server Finished", 19841 "TLSv1 Server Finished"}, 19842 {"TLSv1_1 read Server Finished", 19843 "TLSv1_1 write Server Finished", 19844 "TLSv1_1 Server Finished"}, 19845 {"TLSv1_2 read Server Finished", 19846 "TLSv1_2 write Server Finished", 19847 "TLSv1_2 Server Finished"}, 19848 {"DTLSv1 read Server Finished", 19849 "DTLSv1 write Server Finished", 19850 "DTLSv1 Server Finished"}, 19851 {"DTLSv1_2 read Server Finished", 19852 "DTLSv1_2 write Server Finished", 19853 "DTLSv1_2 Server Finished"}, 19854 }, 19855 { 19856 {"SSLv3 read Client Hello", 19857 "SSLv3 write Client Hello", 19858 "SSLv3 Client Hello"}, 19859 {"TLSv1 read Client Hello", 19860 "TLSv1 write Client Hello", 19861 "TLSv1 Client Hello"}, 19862 {"TLSv1_1 read Client Hello", 19863 "TLSv1_1 write Client Hello", 19864 "TLSv1_1 Client Hello"}, 19865 {"TLSv1_2 read Client Hello", 19866 "TLSv1_2 write Client Hello", 19867 "TLSv1_2 Client Hello"}, 19868 {"DTLSv1 read Client Hello", 19869 "DTLSv1 write Client Hello", 19870 "DTLSv1 Client Hello"}, 19871 {"DTLSv1_2 read Client Hello", 19872 "DTLSv1_2 write Client Hello", 19873 "DTLSv1_2 Client Hello"}, 19874 }, 19875 { 19876 {"SSLv3 read Client Key Exchange", 19877 "SSLv3 write Client Key Exchange", 19878 "SSLv3 Client Key Exchange"}, 19879 {"TLSv1 read Client Key Exchange", 19880 "TLSv1 write Client Key Exchange", 19881 "TLSv1 Client Key Exchange"}, 19882 {"TLSv1_1 read Client Key Exchange", 19883 "TLSv1_1 write Client Key Exchange", 19884 "TLSv1_1 Client Key Exchange"}, 19885 {"TLSv1_2 read Client Key Exchange", 19886 "TLSv1_2 write Client Key Exchange", 19887 "TLSv1_2 Client Key Exchange"}, 19888 {"DTLSv1 read Client Key Exchange", 19889 "DTLSv1 write Client Key Exchange", 19890 "DTLSv1 Client Key Exchange"}, 19891 {"DTLSv1_2 read Client Key Exchange", 19892 "DTLSv1_2 write Client Key Exchange", 19893 "DTLSv1_2 Client Key Exchange"}, 19894 }, 19895 { 19896 {"SSLv3 read Client Change CipherSpec", 19897 "SSLv3 write Client Change CipherSpec", 19898 "SSLv3 Client Change CipherSpec"}, 19899 {"TLSv1 read Client Change CipherSpec", 19900 "TLSv1 write Client Change CipherSpec", 19901 "TLSv1 Client Change CipherSpec"}, 19902 {"TLSv1_1 read Client Change CipherSpec", 19903 "TLSv1_1 write Client Change CipherSpec", 19904 "TLSv1_1 Client Change CipherSpec"}, 19905 {"TLSv1_2 read Client Change CipherSpec", 19906 "TLSv1_2 write Client Change CipherSpec", 19907 "TLSv1_2 Client Change CipherSpec"}, 19908 {"DTLSv1 read Client Change CipherSpec", 19909 "DTLSv1 write Client Change CipherSpec", 19910 "DTLSv1 Client Change CipherSpec"}, 19911 {"DTLSv1_2 read Client Change CipherSpec", 19912 "DTLSv1_2 write Client Change CipherSpec", 19913 "DTLSv1_2 Client Change CipherSpec"}, 19914 }, 19915 { 19916 {"SSLv3 read Client Finished", 19917 "SSLv3 write Client Finished", 19918 "SSLv3 Client Finished"}, 19919 {"TLSv1 read Client Finished", 19920 "TLSv1 write Client Finished", 19921 "TLSv1 Client Finished"}, 19922 {"TLSv1_1 read Client Finished", 19923 "TLSv1_1 write Client Finished", 19924 "TLSv1_1 Client Finished"}, 19925 {"TLSv1_2 read Client Finished", 19926 "TLSv1_2 write Client Finished", 19927 "TLSv1_2 Client Finished"}, 19928 {"DTLSv1 read Client Finished", 19929 "DTLSv1 write Client Finished", 19930 "DTLSv1 Client Finished"}, 19931 {"DTLSv1_2 read Client Finished", 19932 "DTLSv1_2 write Client Finished", 19933 "DTLSv1_2 Client Finished"}, 19934 }, 19935 { 19936 {"SSLv3 Handshake Done", 19937 "SSLv3 Handshake Done", 19938 "SSLv3 Handshake Done"}, 19939 {"TLSv1 Handshake Done", 19940 "TLSv1 Handshake Done", 19941 "TLSv1 Handshake Done"}, 19942 {"TLSv1_1 Handshake Done", 19943 "TLSv1_1 Handshake Done", 19944 "TLSv1_1 Handshake Done"}, 19945 {"TLSv1_2 Handshake Done", 19946 "TLSv1_2 Handshake Done", 19947 "TLSv1_2 Handshake Done"}, 19948 {"DTLSv1 Handshake Done", 19949 "DTLSv1 Handshake Done", 19950 "DTLSv1 Handshake Done"}, 19951 {"DTLSv1_2 Handshake Done" 19952 "DTLSv1_2 Handshake Done" 19953 "DTLSv1_2 Handshake Done"} 19954 } 19955 }; 19956 enum ProtocolVer { 19957 SSL_V3 = 0, 19958 TLS_V1, 19959 TLS_V1_1, 19960 TLS_V1_2, 19961 DTLS_V1, 19962 DTLS_V1_2, 19963 UNKNOWN = 100 19964 }; 19965 19966 enum IOMode { 19967 SS_READ = 0, 19968 SS_WRITE, 19969 SS_NEITHER 19970 }; 19971 19972 enum SslState { 19973 ss_null_state = 0, 19974 ss_server_helloverify, 19975 ss_server_hello, 19976 ss_sessionticket, 19977 ss_server_cert, 19978 ss_server_keyexchange, 19979 ss_server_hellodone, 19980 ss_server_changecipherspec, 19981 ss_server_finished, 19982 ss_client_hello, 19983 ss_client_keyexchange, 19984 ss_client_changecipherspec, 19985 ss_client_finished, 19986 ss_handshake_done 19987 }; 19988 19989 int protocol = 0; 19990 int cbmode = 0; 19991 int state = 0; 19992 19993 WOLFSSL_ENTER("wolfSSL_state_string_long"); 19994 if (ssl == NULL) { 19995 WOLFSSL_MSG("Null argument passed in"); 19996 return NULL; 19997 } 19998 19999 /* Get state of callback */ 20000 if (ssl->cbmode == SSL_CB_MODE_WRITE){ 20001 cbmode = SS_WRITE; 20002 } else if (ssl->cbmode == SSL_CB_MODE_READ){ 20003 cbmode = SS_READ; 20004 } else { 20005 cbmode = SS_NEITHER; 20006 } 20007 20008 /* Get protocol version */ 20009 switch (ssl->version.major){ 20010 case SSLv3_MAJOR: 20011 switch (ssl->version.minor){ 20012 case TLSv1_MINOR: 20013 protocol = TLS_V1; 20014 break; 20015 case TLSv1_1_MINOR: 20016 protocol = TLS_V1_1; 20017 break; 20018 case TLSv1_2_MINOR: 20019 protocol = TLS_V1_2; 20020 break; 20021 case SSLv3_MINOR: 20022 protocol = SSL_V3; 20023 break; 20024 default: 20025 protocol = UNKNOWN; 20026 } 20027 break; 20028 case DTLS_MAJOR: 20029 switch (ssl->version.minor){ 20030 case DTLS_MINOR: 20031 protocol = DTLS_V1; 20032 break; 20033 case DTLSv1_2_MINOR: 20034 protocol = DTLS_V1_2; 20035 break; 20036 default: 20037 protocol = UNKNOWN; 20038 } 20039 break; 20040 default: 20041 protocol = UNKNOWN; 20042 } 20043 20044 /* accept process */ 20045 if (ssl->cbmode == SSL_CB_MODE_READ){ 20046 state = ssl->cbtype; 20047 switch (state) { 20048 case hello_verify_request: 20049 state = ss_server_helloverify; 20050 break; 20051 case session_ticket: 20052 state = ss_sessionticket; 20053 break; 20054 case server_hello: 20055 state = ss_server_hello; 20056 break; 20057 case server_hello_done: 20058 state = ss_server_hellodone; 20059 break; 20060 case certificate: 20061 state = ss_server_cert; 20062 break; 20063 case server_key_exchange: 20064 state = ss_server_keyexchange; 20065 break; 20066 case client_hello: 20067 state = ss_client_hello; 20068 break; 20069 case client_key_exchange: 20070 state = ss_client_keyexchange; 20071 break; 20072 case finished: 20073 if (ssl->options.side == WOLFSSL_SERVER_END) 20074 state = ss_client_finished; 20075 else if (ssl->options.side == WOLFSSL_CLIENT_END) 20076 state = ss_server_finished; 20077 break; 20078 default: 20079 WOLFSSL_MSG("Unknown State"); 20080 state = ss_null_state; 20081 } 20082 } else { 20083 /* Send process */ 20084 if (ssl->options.side == WOLFSSL_SERVER_END) 20085 state = ssl->options.serverState; 20086 else 20087 state = ssl->options.clientState; 20088 20089 switch(state){ 20090 case SERVER_HELLOVERIFYREQUEST_COMPLETE: 20091 state = ss_server_helloverify; 20092 break; 20093 case SERVER_HELLO_COMPLETE: 20094 state = ss_server_hello; 20095 break; 20096 case SERVER_CERT_COMPLETE: 20097 state = ss_server_cert; 20098 break; 20099 case SERVER_KEYEXCHANGE_COMPLETE: 20100 state = ss_server_keyexchange; 20101 break; 20102 case SERVER_HELLODONE_COMPLETE: 20103 state = ss_server_hellodone; 20104 break; 20105 case SERVER_CHANGECIPHERSPEC_COMPLETE: 20106 state = ss_server_changecipherspec; 20107 break; 20108 case SERVER_FINISHED_COMPLETE: 20109 state = ss_server_finished; 20110 break; 20111 case CLIENT_HELLO_COMPLETE: 20112 state = ss_client_hello; 20113 break; 20114 case CLIENT_KEYEXCHANGE_COMPLETE: 20115 state = ss_client_keyexchange; 20116 break; 20117 case CLIENT_CHANGECIPHERSPEC_COMPLETE: 20118 state = ss_client_changecipherspec; 20119 break; 20120 case CLIENT_FINISHED_COMPLETE: 20121 state = ss_client_finished; 20122 break; 20123 case HANDSHAKE_DONE: 20124 state = ss_handshake_done; 20125 break; 20126 default: 20127 WOLFSSL_MSG("Unknown State"); 20128 state = ss_null_state; 20129 } 20130 } 20131 20132 if (protocol == UNKNOWN) 20133 return NULL; 20134 else 20135 return OUTPUT_STR[state][protocol][cbmode]; 20136 } 20137 20138 #ifndef NO_WOLFSSL_STUB 16569 20139 int wolfSSL_PEM_def_callback(char* name, int num, int w, void* key) 16570 20140 { … … 16573 20143 (void)w; 16574 20144 (void)key; 20145 WOLFSSL_STUB("PEM_def_callback"); 16575 20146 return 0; 16576 20147 } 16577 16578 16579 unsigned long wolfSSL_set_options(WOLFSSL* ssl, unsigned long op) 16580 { 16581 word16 haveRSA = 1; 16582 word16 havePSK = 0; 16583 int keySz = 0; 16584 16585 WOLFSSL_ENTER("wolfSSL_set_options"); 16586 16587 if (ssl == NULL) { 16588 return 0; 16589 } 16590 16591 /* if SSL_OP_ALL then turn all bug workarounds one */ 20148 #endif 20149 20150 #endif 20151 20152 #if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) 20153 static long wolf_set_options(long old_op, long op) 20154 { 20155 /* if SSL_OP_ALL then turn all bug workarounds on */ 16592 20156 if ((op & SSL_OP_ALL) == SSL_OP_ALL) { 16593 20157 WOLFSSL_MSG("\tSSL_OP_ALL"); … … 16606 20170 } 16607 20171 16608 ssl->options.mask |= op;16609 16610 20172 /* by default cookie exchange is on with DTLS */ 16611 if (( ssl->options.mask& SSL_OP_COOKIE_EXCHANGE) == SSL_OP_COOKIE_EXCHANGE) {20173 if ((op & SSL_OP_COOKIE_EXCHANGE) == SSL_OP_COOKIE_EXCHANGE) { 16612 20174 WOLFSSL_MSG("\tSSL_OP_COOKIE_EXCHANGE : on by default"); 16613 20175 } 16614 20176 16615 if (( ssl->options.mask& WOLFSSL_OP_NO_SSLv2) == WOLFSSL_OP_NO_SSLv2) {20177 if ((op & WOLFSSL_OP_NO_SSLv2) == WOLFSSL_OP_NO_SSLv2) { 16616 20178 WOLFSSL_MSG("\tWOLFSSL_OP_NO_SSLv2 : wolfSSL does not support SSLv2"); 16617 20179 } 16618 20180 16619 if (( ssl->options.mask& SSL_OP_NO_TLSv1_3) == SSL_OP_NO_TLSv1_3) {20181 if ((op & SSL_OP_NO_TLSv1_3) == SSL_OP_NO_TLSv1_3) { 16620 20182 WOLFSSL_MSG("\tSSL_OP_NO_TLSv1_3"); 16621 if (ssl->version.minor == TLSv1_3_MINOR) 16622 ssl->version.minor = TLSv1_2_MINOR; 16623 } 16624 16625 if ((ssl->options.mask & SSL_OP_NO_TLSv1_2) == SSL_OP_NO_TLSv1_2) { 20183 } 20184 20185 if ((op & SSL_OP_NO_TLSv1_2) == SSL_OP_NO_TLSv1_2) { 16626 20186 WOLFSSL_MSG("\tSSL_OP_NO_TLSv1_2"); 16627 if (ssl->version.minor == TLSv1_2_MINOR) 16628 ssl->version.minor = TLSv1_1_MINOR; 16629 } 16630 16631 if ((ssl->options.mask & SSL_OP_NO_TLSv1_1) == SSL_OP_NO_TLSv1_1) { 20187 } 20188 20189 if ((op & SSL_OP_NO_TLSv1_1) == SSL_OP_NO_TLSv1_1) { 16632 20190 WOLFSSL_MSG("\tSSL_OP_NO_TLSv1_1"); 16633 if (ssl->version.minor == TLSv1_1_MINOR) 16634 ssl->version.minor = TLSv1_MINOR; 16635 } 16636 16637 if ((ssl->options.mask & SSL_OP_NO_TLSv1) == SSL_OP_NO_TLSv1) { 20191 } 20192 20193 if ((op & SSL_OP_NO_TLSv1) == SSL_OP_NO_TLSv1) { 16638 20194 WOLFSSL_MSG("\tSSL_OP_NO_TLSv1"); 16639 if (ssl->version.minor == TLSv1_MINOR) 16640 ssl->version.minor = SSLv3_MINOR; 16641 } 16642 16643 if ((ssl->options.mask & SSL_OP_NO_SSLv3) == SSL_OP_NO_SSLv3) { 20195 } 20196 20197 if ((op & SSL_OP_NO_SSLv3) == SSL_OP_NO_SSLv3) { 16644 20198 WOLFSSL_MSG("\tSSL_OP_NO_SSLv3"); 16645 20199 } 16646 20200 16647 if (( ssl->options.mask& SSL_OP_NO_COMPRESSION) == SSL_OP_NO_COMPRESSION) {20201 if ((op & SSL_OP_NO_COMPRESSION) == SSL_OP_NO_COMPRESSION) { 16648 20202 #ifdef HAVE_LIBZ 16649 20203 WOLFSSL_MSG("SSL_OP_NO_COMPRESSION"); 16650 ssl->options.usingCompression = 0;16651 20204 #else 16652 20205 WOLFSSL_MSG("SSL_OP_NO_COMPRESSION: compression not compiled in"); … … 16654 20207 } 16655 20208 20209 return old_op | op; 20210 } 20211 #endif 20212 20213 #ifdef OPENSSL_EXTRA 20214 long wolfSSL_set_options(WOLFSSL* ssl, long op) 20215 { 20216 word16 haveRSA = 1; 20217 word16 havePSK = 0; 20218 int keySz = 0; 20219 20220 WOLFSSL_ENTER("wolfSSL_set_options"); 20221 20222 if (ssl == NULL) { 20223 return 0; 20224 } 20225 20226 ssl->options.mask = wolf_set_options(ssl->options.mask, op); 20227 20228 if ((ssl->options.mask & SSL_OP_NO_TLSv1_3) == SSL_OP_NO_TLSv1_3) { 20229 if (ssl->version.minor == TLSv1_3_MINOR) 20230 ssl->version.minor = TLSv1_2_MINOR; 20231 } 20232 20233 if ((ssl->options.mask & SSL_OP_NO_TLSv1_2) == SSL_OP_NO_TLSv1_2) { 20234 if (ssl->version.minor == TLSv1_2_MINOR) 20235 ssl->version.minor = TLSv1_1_MINOR; 20236 } 20237 20238 if ((ssl->options.mask & SSL_OP_NO_TLSv1_1) == SSL_OP_NO_TLSv1_1) { 20239 if (ssl->version.minor == TLSv1_1_MINOR) 20240 ssl->version.minor = TLSv1_MINOR; 20241 } 20242 20243 if ((ssl->options.mask & SSL_OP_NO_TLSv1) == SSL_OP_NO_TLSv1) { 20244 if (ssl->version.minor == TLSv1_MINOR) 20245 ssl->version.minor = SSLv3_MINOR; 20246 } 20247 20248 if ((ssl->options.mask & SSL_OP_NO_COMPRESSION) == SSL_OP_NO_COMPRESSION) { 20249 #ifdef HAVE_LIBZ 20250 ssl->options.usingCompression = 0; 20251 #endif 20252 } 20253 16656 20254 /* in the case of a version change the cipher suites should be reset */ 16657 #ifndef NO_PSK 16658 havePSK = ssl->options.havePSK; 16659 #endif 16660 #ifdef NO_RSA 16661 haveRSA = 0; 16662 #endif 16663 #ifndef NO_CERTS 16664 keySz = ssl->buffers.keySz; 16665 #endif 20255 #ifndef NO_PSK 20256 havePSK = ssl->options.havePSK; 20257 #endif 20258 #ifdef NO_RSA 20259 haveRSA = 0; 20260 #endif 20261 #ifndef NO_CERTS 20262 keySz = ssl->buffers.keySz; 20263 #endif 20264 16666 20265 InitSuites(ssl->suites, ssl->version, keySz, haveRSA, havePSK, 16667 20266 ssl->options.haveDH, ssl->options.haveNTRU, … … 16673 20272 16674 20273 16675 unsignedlong wolfSSL_get_options(const WOLFSSL* ssl)20274 long wolfSSL_get_options(const WOLFSSL* ssl) 16676 20275 { 16677 20276 WOLFSSL_ENTER("wolfSSL_get_options"); 16678 20277 if(ssl == NULL) 20278 return WOLFSSL_FAILURE; 16679 20279 return ssl->options.mask; 16680 20280 } 16681 20281 20282 long wolfSSL_clear_options(WOLFSSL* ssl, long opt) 20283 { 20284 WOLFSSL_ENTER("SSL_clear_options"); 20285 if(ssl == NULL) 20286 return WOLFSSL_FAILURE; 20287 ssl->options.mask &= ~opt; 20288 return ssl->options.mask; 20289 } 20290 16682 20291 /*** TBD ***/ 20292 #ifndef NO_WOLFSSL_STUB 16683 20293 WOLFSSL_API long wolfSSL_clear_num_renegotiations(WOLFSSL *s) 16684 20294 { 16685 20295 (void)s; 20296 WOLFSSL_STUB("SSL_clear_num_renegotiations"); 16686 20297 return 0; 16687 20298 } 20299 #endif 16688 20300 16689 20301 /*** TBD ***/ 20302 #ifndef NO_WOLFSSL_STUB 16690 20303 WOLFSSL_API long wolfSSL_total_renegotiations(WOLFSSL *s) 16691 20304 { 16692 20305 (void)s; 20306 WOLFSSL_STUB("SSL_total_renegotiations"); 16693 20307 return 0; 16694 20308 } 16695 20309 #endif 16696 20310 16697 20311 #ifndef NO_DH … … 16750 20364 #endif /* HAVE_PK_CALLBACKS */ 16751 20365 16752 #if def WOLFSSL_HAPROXY20366 #if defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY) 16753 20367 const unsigned char *SSL_SESSION_get0_id_context(const SSL_SESSION *sess, unsigned int *sid_ctx_length) 16754 20368 { … … 16759 20373 16760 20374 /*** TBD ***/ 20375 #ifndef NO_WOLFSSL_STUB 16761 20376 WOLFSSL_API int wolfSSL_sk_SSL_COMP_zero(WOLFSSL_STACK* st) 16762 20377 { 16763 20378 (void)st; 16764 20379 WOLFSSL_STUB("wolfSSL_sk_SSL_COMP_zero"); 16765 / /wolfSSL_set_options(ssl, SSL_OP_NO_COMPRESSION);20380 /* wolfSSL_set_options(ssl, SSL_OP_NO_COMPRESSION); */ 16766 20381 return WOLFSSL_FAILURE; 16767 20382 } 16768 16769 16770 /*** TBD ***/ 16771 WOLFSSL_API long wolfSSL_set_tlsext_status_type(WOLFSSL *s, int type) 16772 { 16773 (void)s; 16774 (void)type; 16775 WOLFSSL_STUB("wolfSSL_set_tlsext_status_type"); 16776 return WOLFSSL_FAILURE; 16777 } 16778 16779 /*** TBD ***/ 20383 #endif 20384 20385 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST 20386 long wolfSSL_set_tlsext_status_type(WOLFSSL *s, int type) 20387 { 20388 WOLFSSL_ENTER("wolfSSL_set_tlsext_status_type"); 20389 20390 if (s == NULL){ 20391 return BAD_FUNC_ARG; 20392 } 20393 20394 if (type == TLSEXT_STATUSTYPE_ocsp){ 20395 int r = 0; 20396 r = TLSX_UseCertificateStatusRequest(&s->extensions, type, 0, s, 20397 s->heap, s->devId); 20398 return (long)r; 20399 } else { 20400 WOLFSSL_MSG( 20401 "SSL_set_tlsext_status_type only supports TLSEXT_STATUSTYPE_ocsp type."); 20402 return SSL_FAILURE; 20403 } 20404 20405 } 20406 #endif /* HAVE_CERTIFICATE_STATUS_REQUEST */ 20407 20408 #ifndef NO_WOLFSSL_STUB 16780 20409 WOLFSSL_API long wolfSSL_get_tlsext_status_exts(WOLFSSL *s, void *arg) 16781 20410 { … … 16785 20414 return WOLFSSL_FAILURE; 16786 20415 } 20416 #endif 16787 20417 16788 20418 /*** TBD ***/ 20419 #ifndef NO_WOLFSSL_STUB 16789 20420 WOLFSSL_API long wolfSSL_set_tlsext_status_exts(WOLFSSL *s, void *arg) 16790 20421 { … … 16794 20425 return WOLFSSL_FAILURE; 16795 20426 } 20427 #endif 16796 20428 16797 20429 /*** TBD ***/ 20430 #ifndef NO_WOLFSSL_STUB 16798 20431 WOLFSSL_API long wolfSSL_get_tlsext_status_ids(WOLFSSL *s, void *arg) 16799 20432 { … … 16803 20436 return WOLFSSL_FAILURE; 16804 20437 } 20438 #endif 16805 20439 16806 20440 /*** TBD ***/ 20441 #ifndef NO_WOLFSSL_STUB 16807 20442 WOLFSSL_API long wolfSSL_set_tlsext_status_ids(WOLFSSL *s, void *arg) 16808 20443 { … … 16812 20447 return WOLFSSL_FAILURE; 16813 20448 } 20449 #endif 16814 20450 16815 20451 /*** TBD ***/ 20452 #ifndef NO_WOLFSSL_STUB 16816 20453 WOLFSSL_API int SSL_SESSION_set1_id(WOLFSSL_SESSION *s, const unsigned char *sid, unsigned int sid_len) 16817 20454 { … … 16822 20459 return WOLFSSL_FAILURE; 16823 20460 } 16824 20461 #endif 20462 20463 #ifndef NO_WOLFSSL_STUB 16825 20464 /*** TBD ***/ 16826 20465 WOLFSSL_API int SSL_SESSION_set1_id_context(WOLFSSL_SESSION *s, const unsigned char *sid_ctx, unsigned int sid_ctx_len) … … 16832 20471 return WOLFSSL_FAILURE; 16833 20472 } 16834 20473 #endif 20474 20475 #ifndef NO_WOLFSSL_STUB 16835 20476 /*** TBD ***/ 16836 20477 WOLFSSL_API void *X509_get0_tbs_sigalg(const WOLFSSL_X509 *x) … … 16840 20481 return NULL; 16841 20482 } 16842 20483 #endif 20484 20485 #ifndef NO_WOLFSSL_STUB 16843 20486 /*** TBD ***/ 16844 20487 WOLFSSL_API void X509_ALGOR_get0(WOLFSSL_ASN1_OBJECT **paobj, int *pptype, const void **ppval, const void *algor) … … 16850 20493 WOLFSSL_STUB("X509_ALGOR_get0"); 16851 20494 } 16852 20495 #endif 20496 20497 #ifndef NO_WOLFSSL_STUB 16853 20498 /*** TBD ***/ 16854 20499 WOLFSSL_API void *X509_get_X509_PUBKEY(void * x) … … 16858 20503 return NULL; 16859 20504 } 16860 20505 #endif 20506 20507 #ifndef NO_WOLFSSL_STUB 16861 20508 /*** TBD ***/ 16862 20509 WOLFSSL_API int X509_PUBKEY_get0_param(WOLFSSL_ASN1_OBJECT **ppkalg, const unsigned char **pk, int *ppklen, void **pa, WOLFSSL_EVP_PKEY *pub) … … 16870 20517 return WOLFSSL_FAILURE; 16871 20518 } 16872 20519 #endif 20520 20521 #ifndef NO_WOLFSSL_STUB 16873 20522 /*** TBD ***/ 16874 20523 WOLFSSL_API WOLFSSL_EVP_PKEY *wolfSSL_get_privatekey(const WOLFSSL *ssl) … … 16878 20527 return NULL; 16879 20528 } 16880 16881 /*** TBD ***/ 16882 WOLFSSL_API int EVP_PKEY_bits(WOLFSSL_EVP_PKEY *pkey) 16883 { 16884 (void)pkey; 16885 WOLFSSL_STUB("EVP_PKEY_bits"); 16886 return WOLFSSL_FAILURE; 16887 } 16888 16889 /*** TBD ***/ 16890 WOLFSSL_API int i2d_X509(WOLFSSL_X509 *x, unsigned char **out) 16891 { 16892 (void)x; 16893 (void)out; 16894 WOLFSSL_STUB("i2d_X509"); 16895 return -1; 16896 } 16897 20529 #endif 20530 20531 #ifndef NO_WOLFSSL_STUB 16898 20532 /*** TBD ***/ 16899 20533 WOLFSSL_API int i2t_ASN1_OBJECT(char *buf, int buf_len, WOLFSSL_ASN1_OBJECT *a) … … 16905 20539 return -1; 16906 20540 } 16907 16908 #ifdef WOLFSSL_HAPROXY 20541 #endif 20542 20543 #if defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY) 20544 #ifndef NO_WOLFSSL_STUB 16909 20545 /*** TBD ***/ 16910 20546 WOLFSSL_API size_t SSL_get_finished(const WOLFSSL *s, void *buf, size_t count) … … 16916 20552 return WOLFSSL_FAILURE; 16917 20553 } 16918 20554 #endif 20555 20556 #ifndef NO_WOLFSSL_STUB 16919 20557 /*** TBD ***/ 16920 20558 WOLFSSL_API size_t SSL_get_peer_finished(const WOLFSSL *s, void *buf, size_t count) … … 16926 20564 return WOLFSSL_FAILURE; 16927 20565 } 20566 #endif 16928 20567 #endif /* WOLFSSL_HAPROXY */ 16929 20568 20569 #ifndef NO_WOLFSSL_STUB 16930 20570 /*** TBD ***/ 16931 20571 WOLFSSL_API void SSL_CTX_set_tmp_dh_callback(WOLFSSL_CTX *ctx, WOLFSSL_DH *(*dh) (WOLFSSL *ssl, int is_export, int keylength)) … … 16935 20575 WOLFSSL_STUB("SSL_CTX_set_tmp_dh_callback"); 16936 20576 } 16937 20577 #endif 20578 20579 #ifndef NO_WOLFSSL_STUB 16938 20580 /*** TBD ***/ 16939 20581 WOLFSSL_API WOLF_STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void) … … 16942 20584 return NULL; 16943 20585 } 16944 20586 #endif 20587 20588 #ifndef NO_WOLFSSL_STUB 16945 20589 /*** TBD ***/ 16946 20590 WOLFSSL_API int wolfSSL_sk_SSL_CIPHER_num(const void * p) … … 16950 20594 return -1; 16951 20595 } 20596 #endif 16952 20597 16953 20598 #if !defined(NO_FILESYSTEM) 20599 #ifndef NO_WOLFSSL_STUB 16954 20600 /*** TBD ***/ 16955 WOLFSSL_API WOLFSSL_X509 *wolfSSL_PEM_read_X509(FILE *fp, WOLFSSL_X509 **x, pem_password_cb *cb, void *u) 16956 { 16957 (void)fp; 16958 (void)x; 16959 (void)cb; 16960 (void)u; 16961 WOLFSSL_STUB("PEM_read_X509"); 16962 return NULL; 16963 } 16964 16965 /*** TBD ***/ 16966 WOLFSSL_API WOLFSSL_EVP_PKEY *wolfSSL_PEM_read_PrivateKey(FILE *fp, WOLFSSL_EVP_PKEY **x, pem_password_cb *cb, void *u) 20601 WOLFSSL_API WOLFSSL_EVP_PKEY *wolfSSL_PEM_read_PrivateKey(XFILE fp, WOLFSSL_EVP_PKEY **x, pem_password_cb *cb, void *u) 16967 20602 { 16968 20603 (void)fp; … … 16974 20609 } 16975 20610 #endif 16976 20611 #endif 20612 20613 #ifndef NO_WOLFSSL_STUB 16977 20614 /*** TBD ***/ 16978 20615 WOLFSSL_API int X509_STORE_load_locations(WOLFSSL_X509_STORE *ctx, const char *file, const char *dir) … … 16984 20621 return WOLFSSL_FAILURE; 16985 20622 } 16986 20623 #endif 20624 20625 #ifndef NO_WOLFSSL_STUB 16987 20626 /*** TBD ***/ 16988 20627 WOLFSSL_API WOLFSSL_CIPHER* wolfSSL_sk_SSL_CIPHER_value(void *ciphers, int idx) … … 16993 20632 return NULL; 16994 20633 } 20634 #endif 16995 20635 16996 20636 WOLFSSL_API void ERR_load_SSL_strings(void) … … 17009 20649 } 17010 20650 17011 WOLFSSL_API long wolfSSL_set_tlsext_status_ocsp_resp(WOLFSSL *s, 17012 unsigned char *resp, int len) 20651 WOLFSSL_API long wolfSSL_set_tlsext_status_ocsp_resp(WOLFSSL *s, unsigned char *resp, int len) 17013 20652 { 17014 20653 if (s == NULL) … … 17020 20659 return WOLFSSL_SUCCESS; 17021 20660 } 17022 #endif 20661 #endif /* HAVE_OCSP */ 17023 20662 17024 20663 long wolfSSL_get_verify_result(const WOLFSSL *ssl) … … 17032 20671 17033 20672 20673 #ifndef NO_WOLFSSL_STUB 20674 /* shows the number of accepts attempted by CTX in it's lifetime */ 17034 20675 long wolfSSL_CTX_sess_accept(WOLFSSL_CTX* ctx) 17035 20676 { 20677 WOLFSSL_STUB("wolfSSL_CTX_sess_accept"); 17036 20678 (void)ctx; 17037 20679 return 0; 17038 20680 } 17039 20681 #endif 20682 20683 #ifndef NO_WOLFSSL_STUB 20684 /* shows the number of connects attempted CTX in it's lifetime */ 17040 20685 long wolfSSL_CTX_sess_connect(WOLFSSL_CTX* ctx) 17041 20686 { 20687 WOLFSSL_STUB("wolfSSL_CTX_sess_connect"); 17042 20688 (void)ctx; 17043 20689 return 0; 17044 20690 } 17045 17046 20691 #endif 20692 20693 20694 #ifndef NO_WOLFSSL_STUB 20695 /* shows the number of accepts completed by CTX in it's lifetime */ 17047 20696 long wolfSSL_CTX_sess_accept_good(WOLFSSL_CTX* ctx) 17048 20697 { 20698 WOLFSSL_STUB("wolfSSL_CTX_sess_accept_good"); 17049 20699 (void)ctx; 17050 20700 return 0; 17051 20701 } 17052 17053 20702 #endif 20703 20704 20705 #ifndef NO_WOLFSSL_STUB 20706 /* shows the number of connects completed by CTX in it's lifetime */ 17054 20707 long wolfSSL_CTX_sess_connect_good(WOLFSSL_CTX* ctx) 17055 20708 { 20709 WOLFSSL_STUB("wolfSSL_CTX_sess_connect_good"); 17056 20710 (void)ctx; 17057 20711 return 0; 17058 20712 } 17059 17060 20713 #endif 20714 20715 20716 #ifndef NO_WOLFSSL_STUB 20717 /* shows the number of renegotiation accepts attempted by CTX */ 17061 20718 long wolfSSL_CTX_sess_accept_renegotiate(WOLFSSL_CTX* ctx) 17062 20719 { 20720 WOLFSSL_STUB("wolfSSL_CTX_sess_accept_renegotiate"); 17063 20721 (void)ctx; 17064 20722 return 0; 17065 20723 } 17066 17067 20724 #endif 20725 20726 20727 #ifndef NO_WOLFSSL_STUB 20728 /* shows the number of renegotiation accepts attempted by CTX */ 17068 20729 long wolfSSL_CTX_sess_connect_renegotiate(WOLFSSL_CTX* ctx) 17069 20730 { 20731 WOLFSSL_STUB("wolfSSL_CTX_sess_connect_renegotiate"); 17070 20732 (void)ctx; 17071 20733 return 0; 17072 20734 } 17073 17074 20735 #endif 20736 20737 20738 #ifndef NO_WOLFSSL_STUB 17075 20739 long wolfSSL_CTX_sess_hits(WOLFSSL_CTX* ctx) 17076 20740 { 20741 WOLFSSL_STUB("wolfSSL_CTX_sess_hits"); 17077 20742 (void)ctx; 17078 20743 return 0; 17079 20744 } 17080 17081 20745 #endif 20746 20747 20748 #ifndef NO_WOLFSSL_STUB 17082 20749 long wolfSSL_CTX_sess_cb_hits(WOLFSSL_CTX* ctx) 17083 20750 { 20751 WOLFSSL_STUB("wolfSSL_CTX_sess_cb_hits"); 17084 20752 (void)ctx; 17085 20753 return 0; 17086 20754 } 17087 17088 20755 #endif 20756 20757 20758 #ifndef NO_WOLFSSL_STUB 17089 20759 long wolfSSL_CTX_sess_cache_full(WOLFSSL_CTX* ctx) 17090 20760 { 20761 WOLFSSL_STUB("wolfSSL_CTX_sess_cache_full"); 17091 20762 (void)ctx; 17092 20763 return 0; 17093 20764 } 17094 17095 20765 #endif 20766 20767 20768 #ifndef NO_WOLFSSL_STUB 17096 20769 long wolfSSL_CTX_sess_misses(WOLFSSL_CTX* ctx) 17097 20770 { 20771 WOLFSSL_STUB("wolfSSL_CTX_sess_misses"); 17098 20772 (void)ctx; 17099 20773 return 0; 17100 20774 } 17101 17102 20775 #endif 20776 20777 20778 #ifndef NO_WOLFSSL_STUB 17103 20779 long wolfSSL_CTX_sess_timeouts(WOLFSSL_CTX* ctx) 17104 20780 { 20781 WOLFSSL_STUB("wolfSSL_CTX_sess_timeouts"); 17105 20782 (void)ctx; 17106 20783 return 0; 17107 20784 } 17108 17109 20785 #endif 20786 20787 20788 /* Return the total number of sessions */ 17110 20789 long wolfSSL_CTX_sess_number(WOLFSSL_CTX* ctx) 17111 20790 { 20791 word32 total = 0; 20792 20793 WOLFSSL_ENTER("wolfSSL_CTX_sess_number"); 17112 20794 (void)ctx; 17113 return 0; 20795 20796 #ifdef WOLFSSL_SESSION_STATS 20797 if (wolfSSL_get_session_stats(NULL, &total, NULL, NULL) != SSL_SUCCESS) { 20798 WOLFSSL_MSG("Error getting session stats"); 20799 } 20800 #else 20801 WOLFSSL_MSG("Please use macro WOLFSSL_SESSION_STATS for session stats"); 20802 #endif 20803 20804 return (long)total; 17114 20805 } 17115 20806 … … 17215 20906 17216 20907 17217 /*** TBC ***/ 20908 /* Get the session cache mode for CTX 20909 * 20910 * ctx WOLFSSL_CTX struct to get cache mode from 20911 * 20912 * Returns a bit mask that has the session cache mode */ 17218 20913 WOLFSSL_API long wolfSSL_CTX_get_session_cache_mode(WOLFSSL_CTX* ctx) 17219 20914 { 17220 (void)ctx; 17221 return 0; 20915 long m = 0; 20916 20917 WOLFSSL_ENTER("SSL_CTX_set_session_cache_mode"); 20918 20919 if (ctx == NULL) { 20920 return m; 20921 } 20922 20923 if (ctx->sessionCacheOff != 1) { 20924 m |= SSL_SESS_CACHE_SERVER; 20925 } 20926 20927 if (ctx->sessionCacheFlushOff == 1) { 20928 m |= SSL_SESS_CACHE_NO_AUTO_CLEAR; 20929 } 20930 20931 #ifdef HAVE_EXT_CACHE 20932 if (ctx->internalCacheOff == 1) { 20933 m |= SSL_SESS_CACHE_NO_INTERNAL_STORE; 20934 } 20935 #endif 20936 20937 return m; 17222 20938 } 17223 20939 … … 17294 21010 } 17295 21011 else { 17296 word32 i , mask, mask2;21012 word32 i; 17297 21013 word32 sz = sizeof(WOLFSSL_DES_key_schedule); 17298 21014 … … 17305 21021 /* check odd parity */ 17306 21022 for (i = 0; i < sz; i++) { 17307 unsigned char c = *((unsigned char*) key+ i);21023 unsigned char c = *((unsigned char*)myDes + i); 17308 21024 if (((c & 0x01) ^ 17309 21025 ((c >> 1) & 0x01) ^ … … 17319 21035 } 17320 21036 17321 /* check is not weak. Weak key list from Nist 17322 "Recommendation for the Triple 17323 Data Encryption Algorithm 17324 (TDEA) Block Cipher" */ 17325 mask = 0x01010101; mask2 = 0x01010101; 17326 if (DES_check(mask, mask2, *key)) { 21037 if (wolfSSL_DES_is_weak_key(myDes) == 1) { 17327 21038 WOLFSSL_MSG("Weak key found"); 17328 21039 return -2; 17329 21040 } 17330 21041 17331 mask = 0xFEFEFEFE; mask2 = 0xFEFEFEFE;17332 if (DES_check(mask, mask2, *key)) {17333 WOLFSSL_MSG("Weak key found");17334 return -2;17335 }17336 17337 mask = 0xE0E0E0E0; mask2 = 0xF1F1F1F1;17338 if (DES_check(mask, mask2, *key)) {17339 WOLFSSL_MSG("Weak key found");17340 return -2;17341 }17342 17343 mask = 0x1F1F1F1F; mask2 = 0x0E0E0E0E;17344 if (DES_check(mask, mask2, *key)) {17345 WOLFSSL_MSG("Weak key found");17346 return -2;17347 }17348 17349 /* semi-weak *key check (list from same Nist paper) */17350 mask = 0x011F011F; mask2 = 0x010E010E;17351 if (DES_check(mask, mask2, *key) ||17352 DES_check(ByteReverseWord32(mask), ByteReverseWord32(mask2), *key)) {17353 WOLFSSL_MSG("Weak key found");17354 return -2;17355 }17356 17357 mask = 0x01E001E0; mask2 = 0x01F101F1;17358 if (DES_check(mask, mask2, *key) ||17359 DES_check(ByteReverseWord32(mask), ByteReverseWord32(mask2), *key)) {17360 WOLFSSL_MSG("Weak key found");17361 return -2;17362 }17363 17364 mask = 0x01FE01FE; mask2 = 0x01FE01FE;17365 if (DES_check(mask, mask2, *key) ||17366 DES_check(ByteReverseWord32(mask), ByteReverseWord32(mask2), *key)) {17367 WOLFSSL_MSG("Weak key found");17368 return -2;17369 }17370 17371 mask = 0x1FE01FE0; mask2 = 0x0EF10EF1;17372 if (DES_check(mask, mask2, *key) ||17373 DES_check(ByteReverseWord32(mask), ByteReverseWord32(mask2), *key)) {17374 WOLFSSL_MSG("Weak key found");17375 return -2;17376 }17377 17378 mask = 0x1FFE1FFE; mask2 = 0x0EFE0EFE;17379 if (DES_check(mask, mask2, *key) ||17380 DES_check(ByteReverseWord32(mask), ByteReverseWord32(mask2), *key)) {17381 WOLFSSL_MSG("Weak key found");17382 return -2;17383 }17384 17385 21042 /* passed tests, now copy over key */ 17386 21043 XMEMCPY(key, myDes, sizeof(WOLFSSL_const_DES_cblock)); … … 17391 21048 17392 21049 21050 /* check is not weak. Weak key list from Nist "Recommendation for the Triple 21051 * Data Encryption Algorithm (TDEA) Block Cipher" 21052 * 21053 * returns 1 if is weak 0 if not 21054 */ 21055 int wolfSSL_DES_is_weak_key(WOLFSSL_const_DES_cblock* key) 21056 { 21057 word32 mask, mask2; 21058 21059 WOLFSSL_ENTER("wolfSSL_DES_is_weak_key"); 21060 21061 if (key == NULL) { 21062 WOLFSSL_MSG("NULL key passed in"); 21063 return 1; 21064 } 21065 21066 mask = 0x01010101; mask2 = 0x01010101; 21067 if (DES_check(mask, mask2, *key)) { 21068 WOLFSSL_MSG("Weak key found"); 21069 return 1; 21070 } 21071 21072 mask = 0xFEFEFEFE; mask2 = 0xFEFEFEFE; 21073 if (DES_check(mask, mask2, *key)) { 21074 WOLFSSL_MSG("Weak key found"); 21075 return 1; 21076 } 21077 21078 mask = 0xE0E0E0E0; mask2 = 0xF1F1F1F1; 21079 if (DES_check(mask, mask2, *key)) { 21080 WOLFSSL_MSG("Weak key found"); 21081 return 1; 21082 } 21083 21084 mask = 0x1F1F1F1F; mask2 = 0x0E0E0E0E; 21085 if (DES_check(mask, mask2, *key)) { 21086 WOLFSSL_MSG("Weak key found"); 21087 return 1; 21088 } 21089 21090 /* semi-weak *key check (list from same Nist paper) */ 21091 mask = 0x011F011F; mask2 = 0x010E010E; 21092 if (DES_check(mask, mask2, *key) || 21093 DES_check(ByteReverseWord32(mask), ByteReverseWord32(mask2), *key)) { 21094 WOLFSSL_MSG("Weak key found"); 21095 return 1; 21096 } 21097 21098 mask = 0x01E001E0; mask2 = 0x01F101F1; 21099 if (DES_check(mask, mask2, *key) || 21100 DES_check(ByteReverseWord32(mask), ByteReverseWord32(mask2), *key)) { 21101 WOLFSSL_MSG("Weak key found"); 21102 return 1; 21103 } 21104 21105 mask = 0x01FE01FE; mask2 = 0x01FE01FE; 21106 if (DES_check(mask, mask2, *key) || 21107 DES_check(ByteReverseWord32(mask), ByteReverseWord32(mask2), *key)) { 21108 WOLFSSL_MSG("Weak key found"); 21109 return 1; 21110 } 21111 21112 mask = 0x1FE01FE0; mask2 = 0x0EF10EF1; 21113 if (DES_check(mask, mask2, *key) || 21114 DES_check(ByteReverseWord32(mask), ByteReverseWord32(mask2), *key)) { 21115 WOLFSSL_MSG("Weak key found"); 21116 return 1; 21117 } 21118 21119 mask = 0x1FFE1FFE; mask2 = 0x0EFE0EFE; 21120 if (DES_check(mask, mask2, *key) || 21121 DES_check(ByteReverseWord32(mask), ByteReverseWord32(mask2), *key)) { 21122 WOLFSSL_MSG("Weak key found"); 21123 return 1; 21124 } 21125 21126 return 0; 21127 } 21128 21129 17393 21130 void wolfSSL_DES_set_key_unchecked(WOLFSSL_const_DES_cblock* myDes, 17394 21131 WOLFSSL_DES_key_schedule* key) … … 17400 21137 17401 21138 21139 /* Sets the parity of the DES key for use */ 17402 21140 void wolfSSL_DES_set_odd_parity(WOLFSSL_DES_cblock* myDes) 17403 21141 { 17404 (void)myDes; 17405 WOLFSSL_STUB("wolfSSL_DES_set_odd_parity"); 21142 word32 i; 21143 word32 sz = sizeof(WOLFSSL_DES_cblock); 21144 21145 WOLFSSL_ENTER("wolfSSL_DES_set_odd_parity"); 21146 21147 for (i = 0; i < sz; i++) { 21148 unsigned char c = *((unsigned char*)myDes + i); 21149 if (( 21150 ((c >> 1) & 0x01) ^ 21151 ((c >> 2) & 0x01) ^ 21152 ((c >> 3) & 0x01) ^ 21153 ((c >> 4) & 0x01) ^ 21154 ((c >> 5) & 0x01) ^ 21155 ((c >> 6) & 0x01) ^ 21156 ((c >> 7) & 0x01)) != 1) { 21157 WOLFSSL_MSG("Setting odd parity bit"); 21158 *((unsigned char*)myDes + i) = *((unsigned char*)myDes + i) | 0x01; 21159 } 21160 } 17406 21161 } 17407 21162 … … 17428 21183 return; 17429 21184 } 17430 if (wc_Des_EcbEncrypt(&myDes, (byte*) desb, 17431 (const byte*)desa, sizeof(WOLFSSL_DES_cblock)) != 0){ 17432 WOLFSSL_MSG("wc_Des_EcbEncrypt return error."); 21185 if (enc){ 21186 if (wc_Des_EcbEncrypt(&myDes, (byte*) desb, (const byte*) desa, 21187 sizeof(WOLFSSL_DES_cblock)) != 0){ 21188 WOLFSSL_MSG("wc_Des_EcbEncrpyt return error."); 21189 } 21190 } else { 21191 if (wc_Des_EcbDecrypt(&myDes, (byte*) desb, (const byte*) desa, 21192 sizeof(WOLFSSL_DES_cblock)) != 0){ 21193 WOLFSSL_MSG("wc_Des_EcbDecrpyt return error."); 21194 } 17433 21195 } 17434 21196 } … … 17438 21200 #endif /* NO_DES3 */ 17439 21201 21202 #ifndef NO_RC4 21203 /* Set the key state for Arc4 structure. 21204 * 21205 * key Arc4 structure to use 21206 * len length of data buffer 21207 * data initial state to set Arc4 structure 21208 */ 21209 void wolfSSL_RC4_set_key(WOLFSSL_RC4_KEY* key, int len, 21210 const unsigned char* data) 21211 { 21212 typedef char rc4_test[sizeof(WOLFSSL_RC4_KEY) >= sizeof(Arc4) ? 1 : -1]; 21213 (void)sizeof(rc4_test); 21214 21215 WOLFSSL_ENTER("wolfSSL_RC4_set_key"); 21216 21217 if (key == NULL || len < 0) { 21218 WOLFSSL_MSG("bad argument passed in"); 21219 return; 21220 } 21221 21222 XMEMSET(key, 0, sizeof(WOLFSSL_RC4_KEY)); 21223 wc_Arc4SetKey((Arc4*)key, data, (word32)len); 21224 } 21225 21226 21227 /* Encrypt/decrypt with Arc4 structure. 21228 * 21229 * len length of buffer to encrypt/decrypt (in/out) 21230 * in buffer to encrypt/decrypt 21231 * out results of encryption/decryption 21232 */ 21233 void wolfSSL_RC4(WOLFSSL_RC4_KEY* key, size_t len, 21234 const unsigned char* in, unsigned char* out) 21235 { 21236 WOLFSSL_ENTER("wolfSSL_RC4"); 21237 21238 if (key == NULL || in == NULL || out == NULL) { 21239 WOLFSSL_MSG("Bad argument passed in"); 21240 return; 21241 } 21242 21243 wc_Arc4Process((Arc4*)key, out, in, (word32)len); 21244 } 21245 #endif /* NO_RC4 */ 21246 21247 #ifndef NO_AES 21248 21249 #ifdef WOLFSSL_AES_DIRECT 21250 /* AES encrypt direct, it is expected to be blocks of AES_BLOCK_SIZE for input. 21251 * 21252 * input Data to encrypt 21253 * output Encrypted data after done 21254 * key AES key to use for encryption 21255 */ 21256 void wolfSSL_AES_encrypt(const unsigned char* input, unsigned char* output, 21257 AES_KEY *key) 21258 { 21259 WOLFSSL_ENTER("wolfSSL_AES_encrypt"); 21260 21261 if (input == NULL || output == NULL || key == NULL) { 21262 WOLFSSL_MSG("Null argument passed in"); 21263 return; 21264 } 21265 21266 wc_AesEncryptDirect((Aes*)key, output, input); 21267 } 21268 21269 21270 /* AES decrypt direct, it is expected to be blocks of AES_BLOCK_SIZE for input. 21271 * 21272 * input Data to decrypt 21273 * output Decrypted data after done 21274 * key AES key to use for encryption 21275 */ 21276 void wolfSSL_AES_decrypt(const unsigned char* input, unsigned char* output, 21277 AES_KEY *key) 21278 { 21279 WOLFSSL_ENTER("wolfSSL_AES_decrypt"); 21280 21281 if (input == NULL || output == NULL || key == NULL) { 21282 WOLFSSL_MSG("Null argument passed in"); 21283 return; 21284 } 21285 21286 wc_AesDecryptDirect((Aes*)key, output, input); 21287 } 21288 #endif /* WOLFSSL_AES_DIRECT */ 21289 21290 /* Setup of an AES key to use for encryption. 21291 * 21292 * key key in bytes to use for encryption 21293 * bits size of key in bits 21294 * aes AES structure to initialize 21295 */ 21296 int wolfSSL_AES_set_encrypt_key(const unsigned char *key, const int bits, 21297 AES_KEY *aes) 21298 { 21299 typedef char aes_test[sizeof(AES_KEY) >= sizeof(Aes) ? 1 : -1]; 21300 (void)sizeof(aes_test); 21301 21302 WOLFSSL_ENTER("wolfSSL_AES_set_encrypt_key"); 21303 21304 if (key == NULL || aes == NULL) { 21305 WOLFSSL_MSG("Null argument passed in"); 21306 return -1; 21307 } 21308 21309 XMEMSET(aes, 0, sizeof(AES_KEY)); 21310 if (wc_AesSetKey((Aes*)aes, key, ((bits)/8), NULL, AES_ENCRYPTION) != 0) { 21311 WOLFSSL_MSG("Error in setting AES key"); 21312 return -1; 21313 } 21314 return 0; 21315 } 21316 21317 21318 /* Setup of an AES key to use for decryption. 21319 * 21320 * key key in bytes to use for decryption 21321 * bits size of key in bits 21322 * aes AES structure to initialize 21323 */ 21324 int wolfSSL_AES_set_decrypt_key(const unsigned char *key, const int bits, 21325 AES_KEY *aes) 21326 { 21327 typedef char aes_test[sizeof(AES_KEY) >= sizeof(Aes) ? 1 : -1]; 21328 (void)sizeof(aes_test); 21329 21330 WOLFSSL_ENTER("wolfSSL_AES_set_decrypt_key"); 21331 21332 if (key == NULL || aes == NULL) { 21333 WOLFSSL_MSG("Null argument passed in"); 21334 return -1; 21335 } 21336 21337 XMEMSET(aes, 0, sizeof(AES_KEY)); 21338 if (wc_AesSetKey((Aes*)aes, key, ((bits)/8), NULL, AES_DECRYPTION) != 0) { 21339 WOLFSSL_MSG("Error in setting AES key"); 21340 return -1; 21341 } 21342 return 0; 21343 } 21344 21345 21346 #ifdef HAVE_AES_ECB 21347 /* Encrypt/decrypt a 16 byte block of data using the key passed in. 21348 * 21349 * in buffer to encrypt/decyrpt 21350 * out buffer to hold result of encryption/decryption 21351 * key AES structure to use with encryption/decryption 21352 * enc AES_ENCRPT for encryption and AES_DECRYPT for decryption 21353 */ 21354 void wolfSSL_AES_ecb_encrypt(const unsigned char *in, unsigned char* out, 21355 AES_KEY *key, const int enc) 21356 { 21357 Aes* aes; 21358 21359 WOLFSSL_ENTER("wolfSSL_AES_ecb_encrypt"); 21360 21361 if (key == NULL || in == NULL || out == NULL) { 21362 WOLFSSL_MSG("Error, Null argument passed in"); 21363 return; 21364 } 21365 21366 aes = (Aes*)key; 21367 if (enc == AES_ENCRYPT) { 21368 if (wc_AesEcbEncrypt(aes, out, in, AES_BLOCK_SIZE) != 0) { 21369 WOLFSSL_MSG("Error with AES CBC encrypt"); 21370 } 21371 } 21372 else { 21373 #ifdef HAVE_AES_DECRYPT 21374 if (wc_AesEcbDecrypt(aes, out, in, AES_BLOCK_SIZE) != 0) { 21375 WOLFSSL_MSG("Error with AES CBC decrypt"); 21376 } 21377 #else 21378 WOLFSSL_MSG("AES decryption not compiled in"); 21379 #endif 21380 } 21381 } 21382 #endif /* HAVE_AES_ECB */ 21383 21384 #ifdef HAVE_AES_CBC 21385 /* Encrypt data using key and iv passed in. iv gets updated to most recent iv 21386 * state after encryptiond/decryption. 21387 * 21388 * in buffer to encrypt/decyrpt 21389 * out buffer to hold result of encryption/decryption 21390 * len length of input buffer 21391 * key AES structure to use with encryption/decryption 21392 * iv iv to use with operation 21393 * enc AES_ENCRPT for encryption and AES_DECRYPT for decryption 21394 */ 21395 void wolfSSL_AES_cbc_encrypt(const unsigned char *in, unsigned char* out, 21396 size_t len, AES_KEY *key, unsigned char* iv, const int enc) 21397 { 21398 Aes* aes; 21399 21400 WOLFSSL_ENTER("wolfSSL_AES_cbc_encrypt"); 21401 21402 if (key == NULL || in == NULL || out == NULL || iv == NULL || len == 0) { 21403 WOLFSSL_MSG("Error, Null argument passed in"); 21404 return; 21405 } 21406 21407 aes = (Aes*)key; 21408 if (wc_AesSetIV(aes, (const byte*)iv) != 0) { 21409 WOLFSSL_MSG("Error with setting iv"); 21410 return; 21411 } 21412 21413 if (enc == AES_ENCRYPT) { 21414 if (wc_AesCbcEncrypt(aes, out, in, (word32)len) != 0) { 21415 WOLFSSL_MSG("Error with AES CBC encrypt"); 21416 } 21417 } 21418 else { 21419 if (wc_AesCbcDecrypt(aes, out, in, (word32)len) != 0) { 21420 WOLFSSL_MSG("Error with AES CBC decrypt"); 21421 } 21422 } 21423 21424 /* to be compatible copy iv to iv buffer after completing operation */ 21425 XMEMCPY(iv, (byte*)(aes->reg), AES_BLOCK_SIZE); 21426 } 21427 #endif /* HAVE_AES_CBC */ 21428 21429 21430 /* Encrypt data using CFB mode with key and iv passed in. iv gets updated to 21431 * most recent iv state after encryptiond/decryption. 21432 * 21433 * in buffer to encrypt/decyrpt 21434 * out buffer to hold result of encryption/decryption 21435 * len length of input buffer 21436 * key AES structure to use with encryption/decryption 21437 * iv iv to use with operation 21438 * num contains the amount of block used 21439 * enc AES_ENCRPT for encryption and AES_DECRYPT for decryption 21440 */ 21441 void wolfSSL_AES_cfb128_encrypt(const unsigned char *in, unsigned char* out, 21442 size_t len, AES_KEY *key, unsigned char* iv, int* num, 21443 const int enc) 21444 { 21445 #ifndef WOLFSSL_AES_CFB 21446 WOLFSSL_MSG("CFB mode not enabled please use macro WOLFSSL_AES_CFB"); 21447 (void)in; 21448 (void)out; 21449 (void)len; 21450 (void)key; 21451 (void)iv; 21452 (void)num; 21453 (void)enc; 21454 21455 return; 21456 #else 21457 Aes* aes; 21458 21459 WOLFSSL_ENTER("wolfSSL_AES_cbc_encrypt"); 21460 if (key == NULL || in == NULL || out == NULL || iv == NULL) { 21461 WOLFSSL_MSG("Error, Null argument passed in"); 21462 return; 21463 } 21464 21465 aes = (Aes*)key; 21466 if (wc_AesSetIV(aes, (const byte*)iv) != 0) { 21467 WOLFSSL_MSG("Error with setting iv"); 21468 return; 21469 } 21470 21471 if (enc == AES_ENCRYPT) { 21472 if (wc_AesCfbEncrypt(aes, out, in, (word32)len) != 0) { 21473 WOLFSSL_MSG("Error with AES CBC encrypt"); 21474 } 21475 } 21476 else { 21477 if (wc_AesCfbDecrypt(aes, out, in, (word32)len) != 0) { 21478 WOLFSSL_MSG("Error with AES CBC decrypt"); 21479 } 21480 } 21481 21482 /* to be compatible copy iv to iv buffer after completing operation */ 21483 XMEMCPY(iv, (byte*)(aes->reg), AES_BLOCK_SIZE); 21484 21485 /* store number of left over bytes to num */ 21486 *num = (aes->left)? AES_BLOCK_SIZE - aes->left : 0; 21487 #endif /* WOLFSSL_AES_CFB */ 21488 } 21489 #endif /* NO_AES */ 21490 21491 #ifndef NO_WOLFSSL_STUB 17440 21492 int wolfSSL_BIO_printf(WOLFSSL_BIO* bio, const char* format, ...) 17441 21493 { 17442 21494 (void)bio; 17443 21495 (void)format; 21496 WOLFSSL_STUB("BIO_printf"); 17444 21497 return 0; 17445 21498 } 17446 17447 21499 #endif 21500 21501 #ifndef NO_WOLFSSL_STUB 17448 21502 int wolfSSL_ASN1_UTCTIME_print(WOLFSSL_BIO* bio, const WOLFSSL_ASN1_UTCTIME* a) 17449 21503 { 17450 21504 (void)bio; 17451 21505 (void)a; 21506 WOLFSSL_STUB("ASN1_UTCTIME_print"); 17452 21507 return 0; 17453 21508 } 21509 #endif 17454 21510 17455 21511 /* Return the month as a string. … … 17458 21514 * returns the month as a string. 17459 21515 */ 17460 static INLINE const char* MonthStr(const char* n)21516 static WC_INLINE const char* MonthStr(const char* n) 17461 21517 { 17462 21518 static const char monthStr[12][4] = { … … 17495 21551 } 17496 21552 17497 int wolfSSL_sk_num(WOLFSSL_X509_REVOKED* rev) 17498 { 17499 (void)rev; 17500 return 0; 17501 } 17502 17503 17504 void* wolfSSL_sk_value(WOLFSSL_X509_REVOKED* rev, int i) 17505 { 17506 (void)rev; 17507 (void)i; 17508 return 0; 17509 } 17510 17511 21553 void wolfSSL_ASN1_GENERALIZEDTIME_free(WOLFSSL_ASN1_TIME* asn1Time) 21554 { 21555 WOLFSSL_ENTER("wolfSSL_ASN1_GENERALIZEDTIME_free"); 21556 if (asn1Time == NULL) 21557 return; 21558 XMEMSET(asn1Time->data, 0, sizeof(asn1Time->data)); 21559 } 21560 21561 int wolfSSL_sk_num(WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)* sk) 21562 { 21563 if (sk == NULL) 21564 return 0; 21565 return (int)sk->num; 21566 } 21567 21568 void* wolfSSL_sk_value(WOLF_STACK_OF(WOLFSSL_ASN1_OBJECT)* sk, int i) 21569 { 21570 for (; sk != NULL && i > 0; i--) 21571 sk = sk->next; 21572 if (sk == NULL) 21573 return NULL; 21574 return (void*)sk->data.obj; 21575 } 21576 21577 #endif /* OPENSSL_EXTRA */ 21578 21579 #if defined(OPENSSL_EXTRA) || defined(HAVE_EXT_CACHE) 17512 21580 /* stunnel 4.28 needs */ 17513 21581 void wolfSSL_CTX_sess_set_get_cb(WOLFSSL_CTX* ctx, 17514 21582 WOLFSSL_SESSION*(*f)(WOLFSSL*, unsigned char*, int, int*)) 17515 21583 { 21584 if (ctx == NULL) 21585 return; 21586 17516 21587 #ifdef HAVE_EXT_CACHE 17517 21588 ctx->get_sess_cb = f; 17518 21589 #else 17519 (void)ctx;17520 21590 (void)f; 17521 21591 #endif 17522 21592 } 17523 17524 21593 17525 21594 void wolfSSL_CTX_sess_set_new_cb(WOLFSSL_CTX* ctx, 17526 21595 int (*f)(WOLFSSL*, WOLFSSL_SESSION*)) 17527 21596 { 21597 if (ctx == NULL) 21598 return; 21599 17528 21600 #ifdef HAVE_EXT_CACHE 17529 21601 ctx->new_sess_cb = f; 17530 21602 #else 17531 (void)ctx;17532 21603 (void)f; 17533 21604 #endif 17534 21605 } 17535 17536 21606 17537 21607 void wolfSSL_CTX_sess_set_remove_cb(WOLFSSL_CTX* ctx, void (*f)(WOLFSSL_CTX*, 17538 21608 WOLFSSL_SESSION*)) 17539 21609 { 21610 if (ctx == NULL) 21611 return; 21612 17540 21613 #ifdef HAVE_EXT_CACHE 17541 21614 ctx->rem_sess_cb = f; 17542 21615 #else 17543 (void)ctx;17544 21616 (void)f; 17545 21617 #endif 17546 21618 } 17547 21619 #endif /* OPENSSL_EXTRA || HAVE_EXT_CACHE */ 21620 21621 #ifdef OPENSSL_EXTRA 21622 21623 /* 21624 * 21625 * Note: It is expected that the importing and exporting function have been 21626 * built with the same settings. For example if session tickets was 21627 * enabled with the wolfSSL library exporting a session then it is 21628 * expected to be turned on with the wolfSSL library importing the session. 21629 */ 17548 21630 int wolfSSL_i2d_SSL_SESSION(WOLFSSL_SESSION* sess, unsigned char** p) 17549 21631 { … … 17555 21637 #endif 17556 21638 unsigned char *data; 21639 21640 if (sess == NULL) { 21641 return BAD_FUNC_ARG; 21642 } 17557 21643 17558 21644 /* bornOn | timeout | sessionID len | sessionID | masterSecret | haveEMS */ … … 17575 21661 size += OPAQUE16_LEN + sess->ticketLen; 17576 21662 #endif 21663 #ifdef OPENSSL_EXTRA 21664 /* session context ID len | session context ID */ 21665 size += OPAQUE8_LEN + sess->sessionCtxSz; 21666 #endif 17577 21667 17578 21668 if (p != NULL) { … … 17589 21679 idx += sess->sessionIDSz; 17590 21680 XMEMCPY(data + idx, sess->masterSecret, SECRET_LEN); idx += SECRET_LEN; 17591 data[idx++] = sess->haveEMS;21681 data[idx++] = (byte)sess->haveEMS; 17592 21682 #ifdef SESSION_CERTS 17593 data[idx++] = sess->chain.count;21683 data[idx++] = (byte)sess->chain.count; 17594 21684 for (i = 0; i < sess->chain.count; i++) { 17595 c16toa( sess->chain.certs[i].length, data + idx);21685 c16toa((word16)sess->chain.certs[i].length, data + idx); 17596 21686 idx += OPAQUE16_LEN; 17597 21687 XMEMCPY(data + idx, sess->chain.certs[i].buffer, … … 17614 21704 idx += sess->ticketLen; 17615 21705 #endif 21706 #ifdef OPENSSL_EXTRA 21707 data[idx++] = sess->sessionCtxSz; 21708 XMEMCPY(data + idx, sess->sessionCtx, sess->sessionCtxSz); 21709 idx += sess->sessionCtxSz; 21710 #endif 17616 21711 } 17617 21712 #endif … … 17626 21721 } 17627 21722 17628 /* TODO: no function to free new session. */ 21723 21724 /* TODO: no function to free new session. 21725 * 21726 * Note: It is expected that the importing and exporting function have been 21727 * built with the same settings. For example if session tickets was 21728 * enabled with the wolfSSL library exporting a session then it is 21729 * expected to be turned on with the wolfSSL library importing the session. 21730 */ 17629 21731 WOLFSSL_SESSION* wolfSSL_d2i_SSL_SESSION(WOLFSSL_SESSION** sess, 17630 21732 const unsigned char** p, long i) … … 17657 21759 if (s == NULL) 17658 21760 return NULL; 21761 XMEMSET(s, 0, sizeof(WOLFSSL_SESSION)); 17659 21762 s->isAlloced = 1; 21763 #ifdef HAVE_SESSION_TICKET 17660 21764 s->isDynamic = 0; 21765 #endif 17661 21766 } 17662 21767 … … 17760 21865 XMEMCPY(s->ticket, data + idx, s->ticketLen); idx += s->ticketLen; 17761 21866 #endif 21867 #ifdef OPENSSL_EXTRA 21868 /* byte for length of session context ID */ 21869 if (i - idx < OPAQUE8_LEN) { 21870 ret = BUFFER_ERROR; 21871 goto end; 21872 } 21873 s->sessionCtxSz = data[idx++]; 21874 21875 /* app session context ID */ 21876 if (i - idx < s->sessionCtxSz) { 21877 ret = BUFFER_ERROR; 21878 goto end; 21879 } 21880 XMEMCPY(s->sessionCtx, data + idx, s->sessionCtxSz); idx += s->sessionCtxSz; 21881 #endif 17762 21882 (void)idx; 17763 21883 … … 17777 21897 long wolfSSL_SESSION_get_timeout(const WOLFSSL_SESSION* sess) 17778 21898 { 21899 long timeout = 0; 17779 21900 WOLFSSL_ENTER("wolfSSL_SESSION_get_timeout"); 17780 return sess->timeout; 21901 if (sess) 21902 timeout = sess->timeout; 21903 return timeout; 17781 21904 } 17782 21905 … … 17784 21907 long wolfSSL_SESSION_get_time(const WOLFSSL_SESSION* sess) 17785 21908 { 21909 long bornOn = 0; 17786 21910 WOLFSSL_ENTER("wolfSSL_SESSION_get_time"); 17787 return sess->bornOn; 21911 if (sess) 21912 bornOn = sess->bornOn; 21913 return bornOn; 17788 21914 } 17789 21915 … … 17804 21930 #ifdef OPENSSL_EXTRA 17805 21931 17806 #if def FORTRESS21932 #if defined(FORTRESS) && !defined(NO_FILESYSTEM) 17807 21933 int wolfSSL_cmp_peer_cert_to_file(WOLFSSL* ssl, const char *fname) 17808 21934 { … … 17813 21939 { 17814 21940 #ifdef WOLFSSL_SMALL_STACK 17815 EncryptedInfo* info = NULL;17816 21941 byte staticBuffer[1]; /* force heap usage */ 17817 21942 #else 17818 EncryptedInfo info[1];17819 21943 byte staticBuffer[FILE_BUFFER_SIZE]; 17820 21944 #endif … … 17823 21947 XFILE file = XBADFILE; 17824 21948 size_t sz = 0; 17825 int eccKey = 0;17826 21949 WOLFSSL_CTX* ctx = ssl->ctx; 17827 21950 WOLFSSL_X509* peer_cert = &ssl->peerCert; … … 17832 21955 return WOLFSSL_BAD_FILE; 17833 21956 17834 XFSEEK(file, 0, XSEEK_END); 21957 if(XFSEEK(file, 0, XSEEK_END) != 0) { 21958 XFCLOSE(file); 21959 return WOLFSSL_BAD_FILE; 21960 } 17835 21961 sz = XFTELL(file); 17836 21962 XREWIND(file); … … 17842 21968 } 17843 21969 17844 #ifdef WOLFSSL_SMALL_STACK 17845 info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), NULL, 17846 DYNAMIC_TYPE_ENCRYPTEDINFO); 17847 if (info == NULL) 17848 ret = MEMORY_E; 17849 else 17850 #endif 21970 21971 if ((myBuffer != NULL) && 21972 (sz > 0) && 21973 (XFREAD(myBuffer, 1, sz, file) == sz) && 21974 (PemToDer(myBuffer, (long)sz, CERT_TYPE, 21975 &fileDer, ctx->heap, NULL, NULL) == 0) && 21976 (fileDer->length != 0) && 21977 (fileDer->length == peer_cert->derCert->length) && 21978 (XMEMCMP(peer_cert->derCert->buffer, fileDer->buffer, 21979 fileDer->length) == 0)) 17851 21980 { 17852 info->set = 0; 17853 info->ctx = ctx; 17854 info->consumed = 0; 17855 17856 if ((myBuffer != NULL) && 17857 (sz > 0) && 17858 (XFREAD(myBuffer, 1, sz, file) == sz) && 17859 (PemToDer(myBuffer, sz, CERT_TYPE, 17860 &fileDer, ctx->heap, info, &eccKey) == 0) && 17861 (fileDer->length != 0) && 17862 (fileDer->length == peer_cert->derCert->length) && 17863 (XMEMCMP(peer_cert->derCert->buffer, fileDer->buffer, 17864 fileDer->length) == 0)) 17865 { 17866 ret = 0; 17867 } 17868 17869 #ifdef WOLFSSL_SMALL_STACK 17870 XFREE(info, NULL, DYNAMIC_TYPE_ENCRYPTEDINFO); 17871 #endif 21981 ret = 0; 17872 21982 } 17873 21983 … … 17883 21993 } 17884 21994 #endif 17885 17886 21995 #endif /* OPENSSL_EXTRA */ 21996 21997 #if defined(OPENSSL_EXTRA) || \ 21998 (defined(OPENSSL_EXTRA_X509_SMALL) && !defined(NO_RSA)) 17887 21999 static WC_RNG globalRNG; 17888 22000 static int initGlobalRNG = 0; 17889 17890 /* WOLFSSL_SUCCESS on ok */ 17891 int wolfSSL_RAND_seed(const void* seed, int len) 17892 { 17893 17894 WOLFSSL_MSG("wolfSSL_RAND_seed"); 17895 17896 (void)seed; 17897 (void)len; 17898 22001 #endif 22002 22003 #ifdef OPENSSL_EXTRA 22004 22005 /* Not thread safe! Can be called multiple times. 22006 * Checks if the global RNG has been created. If not then one is created. 22007 * 22008 * Returns SSL_SUCCESS when no error is encountered. 22009 */ 22010 static int wolfSSL_RAND_Init(void) 22011 { 17899 22012 if (initGlobalRNG == 0) { 17900 22013 if (wc_InitRng(&globalRNG) < 0) { … … 17905 22018 } 17906 22019 17907 return WOLFSSL_SUCCESS; 17908 } 17909 17910 17911 /* WOLFSSL_SUCCESS on ok */ 22020 return SSL_SUCCESS; 22021 } 22022 22023 22024 /* SSL_SUCCESS on ok */ 22025 int wolfSSL_RAND_seed(const void* seed, int len) 22026 { 22027 22028 WOLFSSL_MSG("wolfSSL_RAND_seed"); 22029 22030 (void)seed; 22031 (void)len; 22032 22033 return wolfSSL_RAND_Init(); 22034 } 22035 22036 22037 /* Returns the path for reading seed data from. 22038 * Uses the env variable $RANDFILE first if set, if not then used $HOME/.rnd 22039 * 22040 * Note uses stdlib by default unless XGETENV macro is overwritten 22041 * 22042 * fname buffer to hold path 22043 * len length of fname buffer 22044 * 22045 * Returns a pointer to fname on success and NULL on failure 22046 */ 22047 const char* wolfSSL_RAND_file_name(char* fname, unsigned long len) 22048 { 22049 #ifndef NO_FILESYSTEM 22050 char* rt; 22051 char ap[] = "/.rnd"; 22052 22053 WOLFSSL_ENTER("wolfSSL_RAND_file_name"); 22054 22055 if (fname == NULL) { 22056 return NULL; 22057 } 22058 22059 XMEMSET(fname, 0, len); 22060 /* if access to stdlib.h */ 22061 if ((rt = XGETENV("RANDFILE")) != NULL) { 22062 if (len > XSTRLEN(rt)) { 22063 XMEMCPY(fname, rt, XSTRLEN(rt)); 22064 } 22065 else { 22066 WOLFSSL_MSG("RANDFILE too large for buffer"); 22067 rt = NULL; 22068 } 22069 } 22070 22071 /* $RANDFILE was not set or is too large, check $HOME */ 22072 if (rt == NULL) { 22073 WOLFSSL_MSG("Environment variable RANDFILE not set"); 22074 if ((rt = XGETENV("HOME")) == NULL) { 22075 WOLFSSL_MSG("Environment variable HOME not set"); 22076 return NULL; 22077 } 22078 22079 if (len > XSTRLEN(rt) + XSTRLEN(ap)) { 22080 fname[0] = '\0'; 22081 XSTRNCAT(fname, rt, len); 22082 XSTRNCAT(fname, ap, len - XSTRLEN(rt)); 22083 return fname; 22084 } 22085 else { 22086 WOLFSSL_MSG("HOME too large for buffer"); 22087 return NULL; 22088 } 22089 } 22090 22091 return fname; 22092 #else 22093 /* no filesystem defined */ 22094 WOLFSSL_ENTER("wolfSSL_RAND_file_name"); 22095 WOLFSSL_MSG("No filesystem feature enabled, not compiled in"); 22096 (void)fname; 22097 (void)len; 22098 return NULL; 22099 #endif 22100 } 22101 22102 22103 /* Writes 1024 bytes from the RNG to the given file name. 22104 * 22105 * fname name of file to write to 22106 * 22107 * Returns the number of bytes writen 22108 */ 22109 int wolfSSL_RAND_write_file(const char* fname) 22110 { 22111 int bytes = 0; 22112 22113 WOLFSSL_ENTER("RAND_write_file"); 22114 22115 if (fname == NULL) { 22116 return SSL_FAILURE; 22117 } 22118 22119 #ifndef NO_FILESYSTEM 22120 { 22121 #ifndef WOLFSSL_SMALL_STACK 22122 unsigned char buf[1024]; 22123 #else 22124 unsigned char* buf = (unsigned char *)XMALLOC(1024, NULL, 22125 DYNAMIC_TYPE_TMP_BUFFER); 22126 if (buf == NULL) { 22127 WOLFSSL_MSG("malloc failed"); 22128 return SSL_FAILURE; 22129 } 22130 #endif 22131 bytes = 1024; /* default size of buf */ 22132 22133 if (initGlobalRNG == 0 && wolfSSL_RAND_Init() != SSL_SUCCESS) { 22134 WOLFSSL_MSG("No RNG to use"); 22135 #ifdef WOLFSSL_SMALL_STACK 22136 XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); 22137 #endif 22138 return 0; 22139 } 22140 22141 if (wc_RNG_GenerateBlock(&globalRNG, buf, bytes) != 0) { 22142 WOLFSSL_MSG("Error generating random buffer"); 22143 bytes = 0; 22144 } 22145 else { 22146 XFILE f; 22147 22148 f = XFOPEN(fname, "wb"); 22149 if (f == XBADFILE) { 22150 WOLFSSL_MSG("Error opening the file"); 22151 bytes = 0; 22152 } 22153 else { 22154 XFWRITE(buf, 1, bytes, f); 22155 XFCLOSE(f); 22156 } 22157 } 22158 ForceZero(buf, bytes); 22159 #ifdef WOLFSSL_SMALL_STACK 22160 XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); 22161 #endif 22162 } 22163 #endif 22164 22165 return bytes; 22166 } 22167 22168 #ifndef FREERTOS_TCP 22169 22170 /* These constant values are protocol values made by egd */ 22171 #if defined(USE_WOLFSSL_IO) && !defined(USE_WINDOWS_API) 22172 #define WOLFSSL_EGD_NBLOCK 0x01 22173 #include <sys/un.h> 22174 #endif 22175 22176 /* This collects entropy from the path nm and seeds the global PRNG with it. 22177 * Makes a call to wolfSSL_RAND_Init which is not thread safe. 22178 * 22179 * nm is the file path to the egd server 22180 * 22181 * Returns the number of bytes read. 22182 */ 22183 int wolfSSL_RAND_egd(const char* nm) 22184 { 22185 #if defined(USE_WOLFSSL_IO) && !defined(USE_WINDOWS_API) && !defined(HAVE_FIPS) && \ 22186 defined(HAVE_HASHDRBG) 22187 struct sockaddr_un rem; 22188 int fd; 22189 int ret = WOLFSSL_SUCCESS; 22190 word32 bytes = 0; 22191 word32 idx = 0; 22192 #ifndef WOLFSSL_SMALL_STACK 22193 unsigned char buf[256]; 22194 #else 22195 unsigned char* buf; 22196 buf = (unsigned char*)XMALLOC(256, NULL, DYNAMIC_TYPE_TMP_BUFFER); 22197 if (buf == NULL) { 22198 WOLFSSL_MSG("Not enough memory"); 22199 return WOLFSSL_FATAL_ERROR; 22200 } 22201 #endif 22202 22203 if (nm == NULL) { 22204 #ifdef WOLFSSL_SMALL_STACK 22205 XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); 22206 #endif 22207 return WOLFSSL_FATAL_ERROR; 22208 } 22209 22210 fd = socket(AF_UNIX, SOCK_STREAM, 0); 22211 if (fd < 0) { 22212 WOLFSSL_MSG("Error creating socket"); 22213 #ifdef WOLFSSL_SMALL_STACK 22214 XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); 22215 #endif 22216 return WOLFSSL_FATAL_ERROR; 22217 } 22218 if (ret == WOLFSSL_SUCCESS) { 22219 rem.sun_family = AF_UNIX; 22220 XSTRNCPY(rem.sun_path, nm, sizeof(rem.sun_path)); 22221 rem.sun_path[sizeof(rem.sun_path)-1] = '\0'; 22222 } 22223 22224 /* connect to egd server */ 22225 if (ret == WOLFSSL_SUCCESS) { 22226 if (connect(fd, (struct sockaddr*)&rem, sizeof(struct sockaddr_un)) 22227 == -1) { 22228 WOLFSSL_MSG("error connecting to egd server"); 22229 ret = WOLFSSL_FATAL_ERROR; 22230 } 22231 } 22232 22233 while (ret == WOLFSSL_SUCCESS && bytes < 255 && idx + 2 < 256) { 22234 if (ret == WOLFSSL_SUCCESS) { 22235 buf[idx] = WOLFSSL_EGD_NBLOCK; 22236 buf[idx + 1] = 255 - bytes; /* request 255 bytes from server */ 22237 ret = (int)write(fd, buf + idx, 2); 22238 if (ret <= 0 || ret != 2) { 22239 if (errno == EAGAIN) { 22240 ret = WOLFSSL_SUCCESS; 22241 continue; 22242 } 22243 WOLFSSL_MSG("error requesting entropy from egd server"); 22244 ret = WOLFSSL_FATAL_ERROR; 22245 break; 22246 } 22247 } 22248 22249 /* attempting to read */ 22250 buf[idx] = 0; 22251 ret = (int)read(fd, buf + idx, 256 - bytes); 22252 if (ret == 0) { 22253 WOLFSSL_MSG("error reading entropy from egd server"); 22254 ret = WOLFSSL_FATAL_ERROR; 22255 break; 22256 } 22257 if (ret > 0 && buf[idx] > 0) { 22258 bytes += buf[idx]; /* egd stores amount sent in first byte */ 22259 if (bytes + idx > 255 || buf[idx] > ret) { 22260 WOLFSSL_MSG("Buffer error"); 22261 ret = WOLFSSL_FATAL_ERROR; 22262 break; 22263 } 22264 XMEMMOVE(buf + idx, buf + idx + 1, buf[idx]); 22265 idx = bytes; 22266 ret = WOLFSSL_SUCCESS; 22267 if (bytes >= 255) { 22268 break; 22269 } 22270 } 22271 else { 22272 if (errno == EAGAIN || errno == EINTR) { 22273 WOLFSSL_MSG("EGD would read"); 22274 ret = WOLFSSL_SUCCESS; /* try again */ 22275 } 22276 else if (buf[idx] == 0) { 22277 /* if egd returned 0 then there is no more entropy to be had. 22278 Do not try more reads. */ 22279 ret = WOLFSSL_SUCCESS; 22280 break; 22281 } 22282 else { 22283 WOLFSSL_MSG("Error with read"); 22284 ret = WOLFSSL_FATAL_ERROR; 22285 } 22286 } 22287 } 22288 22289 if (bytes > 0 && ret == WOLFSSL_SUCCESS) { 22290 wolfSSL_RAND_Init(); /* call to check global RNG is created */ 22291 if (wc_RNG_DRBG_Reseed(&globalRNG, (const byte*) buf, bytes) 22292 != 0) { 22293 WOLFSSL_MSG("Error with reseeding DRBG structure"); 22294 ret = WOLFSSL_FATAL_ERROR; 22295 } 22296 #ifdef SHOW_SECRETS 22297 { /* print out entropy found */ 22298 word32 i; 22299 printf("EGD Entropy = "); 22300 for (i = 0; i < bytes; i++) { 22301 printf("%02X", buf[i]); 22302 } 22303 printf("\n"); 22304 } 22305 #endif 22306 } 22307 22308 ForceZero(buf, bytes); 22309 #ifdef WOLFSSL_SMALL_STACK 22310 XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); 22311 #endif 22312 close(fd); 22313 22314 if (ret == WOLFSSL_SUCCESS) { 22315 return bytes; 22316 } 22317 else { 22318 return ret; 22319 } 22320 #else 22321 WOLFSSL_MSG("Type of socket needed is not available"); 22322 WOLFSSL_MSG("\tor using mode where DRBG API is not available"); 22323 (void)nm; 22324 22325 return WOLFSSL_FATAL_ERROR; 22326 #endif /* USE_WOLFSSL_IO && !USE_WINDOWS_API && !HAVE_FIPS && HAVE_HASHDRBG */ 22327 } 22328 22329 #endif /* !FREERTOS_TCP */ 22330 22331 void wolfSSL_RAND_Cleanup(void) 22332 { 22333 WOLFSSL_ENTER("wolfSSL_RAND_Cleanup()"); 22334 22335 if (initGlobalRNG != 0) { 22336 wc_FreeRng(&globalRNG); 22337 initGlobalRNG = 0; 22338 } 22339 } 22340 22341 22342 int wolfSSL_RAND_pseudo_bytes(unsigned char* buf, int num) 22343 { 22344 return wolfSSL_RAND_bytes(buf, num); 22345 } 22346 22347 22348 /* SSL_SUCCESS on ok */ 17912 22349 int wolfSSL_RAND_bytes(unsigned char* buf, int num) 17913 22350 { … … 17953 22390 } 17954 22391 22392 22393 int wolfSSL_RAND_poll(void) 22394 { 22395 byte entropy[16]; 22396 int ret = 0; 22397 word32 entropy_sz = 16; 22398 22399 WOLFSSL_ENTER("wolfSSL_RAND_poll"); 22400 if (initGlobalRNG == 0){ 22401 WOLFSSL_MSG("Global RNG no Init"); 22402 return WOLFSSL_FAILURE; 22403 } 22404 ret = wc_GenerateSeed(&globalRNG.seed, entropy, entropy_sz); 22405 if (ret != 0){ 22406 WOLFSSL_MSG("Bad wc_RNG_GenerateBlock"); 22407 ret = WOLFSSL_FAILURE; 22408 }else 22409 ret = WOLFSSL_SUCCESS; 22410 22411 return ret; 22412 } 22413 17955 22414 WOLFSSL_BN_CTX* wolfSSL_BN_CTX_new(void) 17956 22415 { … … 17958 22417 17959 22418 WOLFSSL_MSG("wolfSSL_BN_CTX_new"); 17960 17961 22419 return (WOLFSSL_BN_CTX*)&ctx; 22420 17962 22421 } 17963 22422 … … 17973 22432 (void)ctx; 17974 22433 WOLFSSL_MSG("wolfSSL_BN_CTX_free"); 17975 17976 22434 /* do free since static ctx that does nothing */ 17977 22435 } 17978 17979 22436 #endif /* OPENSSL_EXTRA */ 22437 22438 22439 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) 17980 22440 static void InitwolfSSL_BigNum(WOLFSSL_BIGNUM* bn) 17981 22441 { 17982 WOLFSSL_MSG("InitwolfSSL_BigNum");17983 22442 if (bn) { 22443 XMEMSET(bn, 0, sizeof(WOLFSSL_BIGNUM)); 17984 22444 bn->neg = 0; 17985 22445 bn->internal = NULL; 17986 22446 } 17987 22447 } 17988 17989 22448 17990 22449 WOLFSSL_BIGNUM* wolfSSL_BN_new(void) … … 18010 22469 18011 22470 InitwolfSSL_BigNum(external); 18012 external->internal = mpi;18013 22471 if (mp_init(mpi) != MP_OKAY) { 18014 22472 wolfSSL_BN_free(external); 18015 22473 return NULL; 18016 22474 } 22475 external->internal = mpi; 18017 22476 18018 22477 return external; … … 18025 22484 if (bn) { 18026 22485 if (bn->internal) { 18027 mp_forcezero((mp_int*)bn->internal); 22486 mp_int* bni = (mp_int*)bn->internal; 22487 mp_forcezero(bni); 22488 mp_free(bni); 18028 22489 XFREE(bn->internal, NULL, DYNAMIC_TYPE_BIGINT); 18029 22490 bn->internal = NULL; … … 18033 22494 } 18034 22495 } 18035 22496 #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ 22497 22498 #ifdef OPENSSL_EXTRA 18036 22499 18037 22500 void wolfSSL_BN_clear_free(WOLFSSL_BIGNUM* bn) … … 18096 22559 (mp_int*)m->internal, (mp_int*)r->internal)) == MP_OKAY) { 18097 22560 return WOLFSSL_SUCCESS; 18098 22561 } 18099 22562 18100 22563 WOLFSSL_LEAVE("wolfSSL_BN_mod_exp", ret); … … 18102 22565 18103 22566 return WOLFSSL_FAILURE; 22567 } 22568 22569 /* r = (a * p) % m */ 22570 int wolfSSL_BN_mod_mul(WOLFSSL_BIGNUM *r, const WOLFSSL_BIGNUM *a, 22571 const WOLFSSL_BIGNUM *p, const WOLFSSL_BIGNUM *m, WOLFSSL_BN_CTX *ctx) 22572 { 22573 int ret; 22574 22575 WOLFSSL_ENTER("wolfSSL_BN_mod_mul"); 22576 22577 (void) ctx; 22578 if (r == NULL || a == NULL || p == NULL || m == NULL) { 22579 WOLFSSL_MSG("Bad Argument"); 22580 return SSL_FAILURE; 22581 } 22582 22583 if ((ret = mp_mulmod((mp_int*)a->internal,(mp_int*)p->internal, 22584 (mp_int*)m->internal, (mp_int*)r->internal)) == MP_OKAY) { 22585 return SSL_SUCCESS; 22586 } 22587 22588 WOLFSSL_LEAVE("wolfSSL_BN_mod_mul", ret); 22589 (void)ret; 22590 22591 return SSL_FAILURE; 18104 22592 } 18105 22593 … … 18119 22607 } 18120 22608 } 18121 22609 } 18122 22610 18123 22611 return bn_one; … … 18128 22616 int wolfSSL_BN_num_bytes(const WOLFSSL_BIGNUM* bn) 18129 22617 { 18130 WOLFSSL_ MSG("wolfSSL_BN_num_bytes");22618 WOLFSSL_ENTER("wolfSSL_BN_num_bytes"); 18131 22619 18132 22620 if (bn == NULL || bn->internal == NULL) … … 18140 22628 int wolfSSL_BN_num_bits(const WOLFSSL_BIGNUM* bn) 18141 22629 { 18142 WOLFSSL_ MSG("wolfSSL_BN_num_bits");22630 WOLFSSL_ENTER("wolfSSL_BN_num_bits"); 18143 22631 18144 22632 if (bn == NULL || bn->internal == NULL) … … 18219 22707 WOLFSSL_MSG("NULL bn error"); 18220 22708 return WOLFSSL_FATAL_ERROR; 18221 22709 } 18222 22710 18223 22711 if (r == NULL) … … 18227 22715 WOLFSSL_MSG("mp_to_unsigned_bin error"); 18228 22716 return WOLFSSL_FATAL_ERROR; 18229 22717 } 18230 22718 18231 22719 return mp_unsigned_bin_size((mp_int*)bn->internal); … … 18246 22734 if (ret == NULL) 18247 22735 return NULL; 18248 22736 } 18249 22737 18250 22738 /* check ret and ret->internal then read in value */ … … 18256 22744 return NULL; 18257 22745 } 18258 22746 } 18259 22747 18260 22748 return ret; … … 18263 22751 /* return compliant with OpenSSL 18264 22752 * 1 if success, 0 if error */ 22753 #ifndef NO_WOLFSSL_STUB 18265 22754 int wolfSSL_mask_bits(WOLFSSL_BIGNUM* bn, int n) 18266 22755 { 18267 22756 (void)bn; 18268 22757 (void)n; 18269 WOLFSSL_MSG("wolfSSL_BN_mask_bits"); 18270 18271 return WOLFSSL_FAILURE; 18272 } 22758 WOLFSSL_ENTER("wolfSSL_BN_mask_bits"); 22759 WOLFSSL_STUB("BN_mask_bits"); 22760 return SSL_FAILURE; 22761 } 22762 #endif 18273 22763 18274 22764 … … 18302 22792 XFREE(tmpRNG, NULL, DYNAMIC_TYPE_RNG); 18303 22793 return ret; 18304 22794 } 18305 22795 #endif 18306 22796 … … 18310 22800 rng = tmpRNG; 18311 22801 initTmpRng = 1; 18312 22802 } 18313 22803 else if (initGlobalRNG) 18314 22804 rng = &globalRNG; … … 18323 22813 if (mp_read_unsigned_bin((mp_int*)bn->internal,buff,len) != MP_OKAY) 18324 22814 WOLFSSL_MSG("mp read bin failed"); 18325 22815 else 18326 22816 ret = WOLFSSL_SUCCESS; 18327 18328 22817 } 22818 } 18329 22819 18330 22820 if (initTmpRng) … … 18334 22824 XFREE(buff, NULL, DYNAMIC_TYPE_TMP_BUFFER); 18335 22825 XFREE(tmpRNG, NULL, DYNAMIC_TYPE_RNG); 22826 #endif 22827 22828 return ret; 22829 } 22830 22831 22832 /* WOLFSSL_SUCCESS on ok 22833 * code is same as wolfSSL_BN_rand except for how top and bottom is handled. 22834 * top -1 then leave most sig bit alone 22835 * top 0 then most sig is set to 1 22836 * top is 1 then first two most sig bits are 1 22837 * 22838 * bottom is hot then odd number */ 22839 int wolfSSL_BN_pseudo_rand(WOLFSSL_BIGNUM* bn, int bits, int top, int bottom) 22840 { 22841 int ret = 0; 22842 int len = bits / 8; 22843 int initTmpRng = 0; 22844 WC_RNG* rng = NULL; 22845 #ifdef WOLFSSL_SMALL_STACK 22846 WC_RNG* tmpRNG = NULL; 22847 byte* buff = NULL; 22848 #else 22849 WC_RNG tmpRNG[1]; 22850 byte buff[1024]; 22851 #endif 22852 22853 WOLFSSL_MSG("wolfSSL_BN_rand"); 22854 22855 if (bits % 8) 22856 len++; 22857 22858 #ifdef WOLFSSL_SMALL_STACK 22859 buff = (byte*)XMALLOC(1024, NULL, DYNAMIC_TYPE_TMP_BUFFER); 22860 tmpRNG = (WC_RNG*) XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER); 22861 if (buff == NULL || tmpRNG == NULL) { 22862 XFREE(buff, NULL, DYNAMIC_TYPE_TMP_BUFFER); 22863 XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER); 22864 return ret; 22865 } 22866 #endif 22867 22868 if (bn == NULL || bn->internal == NULL) 22869 WOLFSSL_MSG("Bad function arguments"); 22870 else if (wc_InitRng(tmpRNG) == 0) { 22871 rng = tmpRNG; 22872 initTmpRng = 1; 22873 } 22874 else if (initGlobalRNG) 22875 rng = &globalRNG; 22876 22877 if (rng) { 22878 if (wc_RNG_GenerateBlock(rng, buff, len) != 0) 22879 WOLFSSL_MSG("Bad wc_RNG_GenerateBlock"); 22880 else { 22881 switch (top) { 22882 case -1: 22883 break; 22884 22885 case 0: 22886 buff[0] |= 0x80; 22887 break; 22888 22889 case 1: 22890 buff[0] |= 0x80 | 0x40; 22891 break; 22892 } 22893 22894 if (bottom == 1) { 22895 buff[len-1] |= 0x01; 22896 } 22897 22898 if (mp_read_unsigned_bin((mp_int*)bn->internal,buff,len) != MP_OKAY) 22899 WOLFSSL_MSG("mp read bin failed"); 22900 else 22901 ret = WOLFSSL_SUCCESS; 22902 } 22903 } 22904 22905 if (initTmpRng) 22906 wc_FreeRng(tmpRNG); 22907 22908 #ifdef WOLFSSL_SMALL_STACK 22909 XFREE(buff, NULL, DYNAMIC_TYPE_TMP_BUFFER); 22910 XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER); 18336 22911 #endif 18337 22912 … … 18392 22967 byte decoded[1024]; 18393 22968 #endif 22969 int weOwn = 0; 18394 22970 18395 22971 WOLFSSL_MSG("wolfSSL_BN_hex2bn"); … … 18408 22984 ret = decSz; 18409 22985 else { 18410 if (*bn == NULL) 22986 if (*bn == NULL) { 18411 22987 *bn = wolfSSL_BN_new(); 22988 if (*bn != NULL) { 22989 weOwn = 1; 22990 } 22991 } 18412 22992 18413 22993 if (*bn == NULL) 18414 22994 WOLFSSL_MSG("BN new failed"); 18415 else if (wolfSSL_BN_bin2bn(decoded, decSz, *bn) == NULL) 22995 else if (wolfSSL_BN_bin2bn(decoded, decSz, *bn) == NULL) { 18416 22996 WOLFSSL_MSG("Bad bin2bn error"); 22997 if (weOwn == 1) { 22998 wolfSSL_BN_free(*bn); /* Free new BN */ 22999 } 23000 } 18417 23001 else 18418 23002 ret = WOLFSSL_SUCCESS; … … 18436 23020 WOLFSSL_MSG("bn NULL error"); 18437 23021 return NULL; 18438 23022 } 18439 23023 18440 23024 ret = wolfSSL_BN_new(); … … 18448 23032 wolfSSL_BN_free(ret); 18449 23033 return NULL; 18450 23034 } 18451 23035 18452 23036 ret->neg = bn->neg; … … 18459 23043 { 18460 23044 WOLFSSL_MSG("wolfSSL_BN_copy"); 23045 23046 if (r == NULL || bn == NULL) { 23047 WOLFSSL_MSG("r or bn NULL error"); 23048 return NULL; 23049 } 18461 23050 18462 23051 if (mp_copy((mp_int*)bn->internal, (mp_int*)r->internal) != MP_OKAY) { … … 18468 23057 18469 23058 return r; 18470 }23059 } 18471 23060 18472 23061 /* return code compliant with OpenSSL : … … 18477 23066 WOLFSSL_MSG("wolfSSL_BN_set_word"); 18478 23067 23068 if (bn == NULL) { 23069 WOLFSSL_MSG("bn NULL error"); 23070 return WOLFSSL_FAILURE; 23071 } 23072 18479 23073 if (mp_set_int((mp_int*)bn->internal, w) != MP_OKAY) { 18480 23074 WOLFSSL_MSG("mp_init_set_int error"); … … 18485 23079 } 18486 23080 23081 23082 /* Returns the big number as an unsigned long if possible. 23083 * 23084 * bn big number structure to get value from 23085 * 23086 * Returns value or 0xFFFFFFFFL if bigger than unsigned long. 23087 */ 23088 unsigned long wolfSSL_BN_get_word(const WOLFSSL_BIGNUM* bn) 23089 { 23090 mp_int* mp; 23091 23092 WOLFSSL_MSG("wolfSSL_BN_get_word"); 23093 23094 if (bn == NULL) { 23095 WOLFSSL_MSG("Invalid argument"); 23096 return 0; 23097 } 23098 23099 if (wolfSSL_BN_num_bytes(bn) > (int)sizeof(unsigned long)) { 23100 WOLFSSL_MSG("bignum is larger than unsigned long"); 23101 return 0xFFFFFFFFL; 23102 } 23103 mp = (mp_int*)bn->internal; 23104 23105 return (unsigned long)(mp->dp[0]); 23106 } 23107 18487 23108 /* return code compliant with OpenSSL : 18488 23109 * number length in decimal if success, 0 if error 18489 23110 */ 23111 #ifndef NO_WOLFSSL_STUB 18490 23112 int wolfSSL_BN_dec2bn(WOLFSSL_BIGNUM** bn, const char* str) 18491 23113 { … … 18494 23116 18495 23117 WOLFSSL_MSG("wolfSSL_BN_dec2bn"); 18496 18497 return WOLFSSL_FAILURE;18498 }18499 23118 WOLFSSL_STUB("BN_dec2bn"); 23119 return SSL_FAILURE; 23120 } 23121 #endif 18500 23122 18501 23123 #if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) … … 18510 23132 WOLFSSL_MSG("bn NULL error"); 18511 23133 return NULL; 18512 }18513 18514 if (mp_radix_size((mp_int*)bn->internal, 10, &len) != MP_OKAY) {23134 } 23135 23136 if (mp_radix_size((mp_int*)bn->internal, MP_RADIX_DEC, &len) != MP_OKAY) { 18515 23137 WOLFSSL_MSG("mp_radix_size failure"); 18516 23138 return NULL; 18517 23139 } 18518 23140 18519 buf = (char*) XMALLOC(len, NULL, DYNAMIC_TYPE_ ECC);23141 buf = (char*) XMALLOC(len, NULL, DYNAMIC_TYPE_OPENSSL); 18520 23142 if (buf == NULL) { 18521 WOLFSSL_MSG(" wolfSSL_BN_bn2hexmalloc buffer failure");23143 WOLFSSL_MSG("BN_bn2dec malloc buffer failure"); 18522 23144 return NULL; 18523 18524 18525 if (mp_to radix((mp_int*)bn->internal, buf, 10) != MP_OKAY) {23145 } 23146 23147 if (mp_todecimal((mp_int*)bn->internal, buf) != MP_OKAY) { 18526 23148 XFREE(buf, NULL, DYNAMIC_TYPE_ECC); 18527 23149 return NULL; … … 18538 23160 18539 23161 return NULL; 18540 }23162 } 18541 23163 #endif /* defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) */ 18542 23164 … … 18559 23181 18560 23182 return WOLFSSL_SUCCESS; 18561 }23183 } 18562 23184 18563 23185 /* return code compliant with OpenSSL : … … 18571 23193 WOLFSSL_MSG("bn NULL error"); 18572 23194 return WOLFSSL_FAILURE; 18573 }23195 } 18574 23196 18575 23197 if (mp_div_2d((mp_int*)bn->internal, n, … … 18577 23199 WOLFSSL_MSG("mp_mul_2d error"); 18578 23200 return WOLFSSL_FAILURE; 18579 }23201 } 18580 23202 18581 23203 return WOLFSSL_SUCCESS; 18582 }23204 } 18583 23205 18584 23206 /* return code compliant with OpenSSL : … … 18592 23214 WOLFSSL_MSG("bn NULL error"); 18593 23215 return WOLFSSL_FAILURE; 18594 }23216 } 18595 23217 18596 23218 if (mp_add_d((mp_int*)bn->internal, w, (mp_int*)bn->internal) != MP_OKAY) { 18597 23219 WOLFSSL_MSG("mp_add_d error"); 18598 23220 return WOLFSSL_FAILURE; 18599 }23221 } 18600 23222 18601 23223 return WOLFSSL_SUCCESS; 18602 }23224 } 18603 23225 18604 23226 /* return code compliant with OpenSSL : … … 18613 23235 WOLFSSL_MSG("bn NULL error"); 18614 23236 return WOLFSSL_FAILURE; 18615 }23237 } 18616 23238 18617 23239 if (mp_add((mp_int*)a->internal, (mp_int*)b->internal, … … 18619 23241 WOLFSSL_MSG("mp_add_d error"); 18620 23242 return WOLFSSL_FAILURE; 18621 }23243 } 18622 23244 18623 23245 return WOLFSSL_SUCCESS; 18624 }23246 } 18625 23247 18626 23248 #ifdef WOLFSSL_KEY_GEN … … 18632 23254 WOLFSSL_BN_CTX *ctx, WOLFSSL_BN_GENCB *cb) 18633 23255 { 18634 int res; 23256 WC_RNG* rng = NULL; 23257 #ifdef WOLFSSL_SMALL_STACK 23258 WC_RNG* tmpRNG = NULL; 23259 #else 23260 WC_RNG tmpRNG[1]; 23261 #endif 23262 int initTmpRng = 0; 23263 int res = MP_NO; 18635 23264 18636 23265 (void)ctx; … … 18642 23271 WOLFSSL_MSG("bn NULL error"); 18643 23272 return WOLFSSL_FATAL_ERROR; 18644 } 18645 18646 if (mp_prime_is_prime((mp_int*)bn->internal, nbchecks, &res) != MP_OKAY) { 18647 WOLFSSL_MSG("mp_prime_is_prime error"); 18648 return WOLFSSL_FATAL_ERROR; 18649 } 23273 } 23274 23275 #ifdef WOLFSSL_SMALL_STACK 23276 tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG); 23277 if (tmpRNG == NULL) 23278 return WOLFSSL_FAILURE; 23279 #endif 23280 if (wc_InitRng(tmpRNG) == 0) { 23281 rng = tmpRNG; 23282 initTmpRng = 1; 23283 } 23284 else { 23285 WOLFSSL_MSG("Bad RNG Init, trying global"); 23286 if (initGlobalRNG == 0) { 23287 WOLFSSL_MSG("Global RNG no Init"); 23288 } 23289 else 23290 rng = &globalRNG; 23291 } 23292 23293 if (rng) { 23294 if (mp_prime_is_prime_ex((mp_int*)bn->internal, 23295 nbchecks, &res, rng) != MP_OKAY) { 23296 WOLFSSL_MSG("mp_prime_is_prime_ex error"); 23297 res = MP_NO; 23298 } 23299 } 23300 23301 if (initTmpRng) 23302 wc_FreeRng(tmpRNG); 23303 #ifdef WOLFSSL_SMALL_STACK 23304 XFREE(tmpRNG, NULL, DYNAMIC_TYPE_RNG); 23305 #endif 18650 23306 18651 23307 if (res != MP_YES) { 18652 WOLFSSL_MSG("mp_prime_is_prime not prime");23308 WOLFSSL_MSG("mp_prime_is_prime_ex not prime"); 18653 23309 return WOLFSSL_FAILURE; 18654 }23310 } 18655 23311 18656 23312 return WOLFSSL_SUCCESS; 18657 }23313 } 18658 23314 18659 23315 /* return code compliant with OpenSSL : … … 18670 23326 WOLFSSL_MSG("bn NULL error"); 18671 23327 return (WOLFSSL_BN_ULONG)WOLFSSL_FATAL_ERROR; 18672 }23328 } 18673 23329 18674 23330 if (mp_mod_d((mp_int*)bn->internal, w, &ret) != MP_OKAY) { 18675 23331 WOLFSSL_MSG("mp_add_d error"); 18676 23332 return (WOLFSSL_BN_ULONG)WOLFSSL_FATAL_ERROR; 18677 }23333 } 18678 23334 18679 23335 return ret; 18680 }23336 } 18681 23337 #endif /* #ifdef WOLFSSL_KEY_GEN */ 18682 23338 18683 #if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY)18684 23339 char *wolfSSL_BN_bn2hex(const WOLFSSL_BIGNUM *bn) 18685 23340 { … … 18687 23342 char *buf; 18688 23343 18689 WOLFSSL_ MSG("wolfSSL_BN_bn2hex");23344 WOLFSSL_ENTER("wolfSSL_BN_bn2hex"); 18690 23345 18691 23346 if (bn == NULL || bn->internal == NULL) { 18692 23347 WOLFSSL_MSG("bn NULL error"); 18693 23348 return NULL; 18694 }18695 18696 if (mp_radix_size((mp_int*)bn->internal, 16, &len) != MP_OKAY) {23349 } 23350 23351 if (mp_radix_size((mp_int*)bn->internal, MP_RADIX_HEX, &len) != MP_OKAY) { 18697 23352 WOLFSSL_MSG("mp_radix_size failure"); 18698 23353 return NULL; 18699 23354 } 18700 18701 buf = (char*) XMALLOC(len, NULL, DYNAMIC_TYPE_ECC); 23355 len += 1; /* add one for null terminator */ 23356 23357 buf = (char*)XMALLOC(len, NULL, DYNAMIC_TYPE_OPENSSL); 18702 23358 if (buf == NULL) { 18703 WOLFSSL_MSG(" wolfSSL_BN_bn2hex malloc buffer failure");23359 WOLFSSL_MSG("BN_bn2hex malloc buffer failure"); 18704 23360 return NULL; 18705 23361 } 18706 23362 18707 if (mp_to radix((mp_int*)bn->internal, buf, 16) != MP_OKAY) {18708 XFREE(buf, NULL, DYNAMIC_TYPE_ ECC);23363 if (mp_tohex((mp_int*)bn->internal, buf) != MP_OKAY) { 23364 XFREE(buf, NULL, DYNAMIC_TYPE_OPENSSL); 18709 23365 return NULL; 18710 }23366 } 18711 23367 18712 23368 return buf; 18713 }23369 } 18714 23370 18715 23371 #ifndef NO_FILESYSTEM … … 18717 23373 * 1 if success, 0 if error 18718 23374 */ 18719 int wolfSSL_BN_print_fp( FILE *fp, const WOLFSSL_BIGNUM *bn)18720 {23375 int wolfSSL_BN_print_fp(XFILE fp, const WOLFSSL_BIGNUM *bn) 23376 { 18721 23377 char *buf; 18722 23378 18723 WOLFSSL_ MSG("wolfSSL_BN_print_fp");18724 18725 if (fp == NULL|| bn == NULL || bn->internal == NULL) {23379 WOLFSSL_ENTER("wolfSSL_BN_print_fp"); 23380 23381 if (fp == XBADFILE || bn == NULL || bn->internal == NULL) { 18726 23382 WOLFSSL_MSG("bn NULL error"); 18727 23383 return WOLFSSL_FAILURE; 18728 }23384 } 18729 23385 18730 23386 buf = wolfSSL_BN_bn2hex(bn); … … 18732 23388 WOLFSSL_MSG("wolfSSL_BN_bn2hex failure"); 18733 23389 return WOLFSSL_FAILURE; 18734 }23390 } 18735 23391 18736 23392 fprintf(fp, "%s", buf); 18737 XFREE(buf, NULL, DYNAMIC_TYPE_ ECC);23393 XFREE(buf, NULL, DYNAMIC_TYPE_OPENSSL); 18738 23394 18739 23395 return WOLFSSL_SUCCESS; 18740 } 18741 #endif /* !defined(NO_FILESYSTEM) */ 18742 18743 #else /* defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) */ 18744 18745 char *wolfSSL_BN_bn2hex(const WOLFSSL_BIGNUM *bn) 18746 { 18747 (void)bn; 18748 18749 WOLFSSL_MSG("wolfSSL_BN_bn2hex need WOLFSSL_KEY_GEN or HAVE_COMP_KEY"); 18750 18751 return (char*)""; 18752 } 18753 18754 #ifndef NO_FILESYSTEM 18755 /* return code compliant with OpenSSL : 18756 * 1 if success, 0 if error 18757 */ 18758 int wolfSSL_BN_print_fp(FILE *fp, const WOLFSSL_BIGNUM *bn) 18759 { 18760 (void)fp; 18761 (void)bn; 18762 18763 WOLFSSL_MSG("wolfSSL_BN_print_fp not implemented"); 18764 18765 return WOLFSSL_SUCCESS; 18766 } 18767 #endif /* !defined(NO_FILESYSTEM) */ 18768 18769 #endif /* defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) */ 23396 } 23397 #endif /* !NO_FILESYSTEM */ 23398 18770 23399 18771 23400 WOLFSSL_BIGNUM *wolfSSL_BN_CTX_get(WOLFSSL_BN_CTX *ctx) … … 18777 23406 18778 23407 return wolfSSL_BN_new(); 18779 } 18780 23408 } 23409 23410 #ifndef NO_WOLFSSL_STUB 18781 23411 void wolfSSL_BN_CTX_start(WOLFSSL_BN_CTX *ctx) 18782 {23412 { 18783 23413 (void)ctx; 18784 23414 18785 23415 WOLFSSL_ENTER("wolfSSL_BN_CTX_start"); 23416 WOLFSSL_STUB("BN_CTX_start"); 18786 23417 WOLFSSL_MSG("wolfSSL_BN_CTX_start TBD"); 18787 } 23418 } 23419 #endif 23420 23421 23422 WOLFSSL_BIGNUM *wolfSSL_BN_mod_inverse(WOLFSSL_BIGNUM *r, 23423 WOLFSSL_BIGNUM *a, 23424 const WOLFSSL_BIGNUM *n, 23425 WOLFSSL_BN_CTX *ctx) 23426 { 23427 int dynamic = 0; 23428 23429 /* ctx is not used */ 23430 (void)ctx; 23431 23432 WOLFSSL_ENTER("wolfSSL_BN_mod_inverse"); 23433 23434 /* check parameter */ 23435 if (r == NULL) { 23436 r = wolfSSL_BN_new(); 23437 if (r == NULL){ 23438 WOLFSSL_MSG("WolfSSL_BN_new() failed"); 23439 return NULL; 23440 } 23441 dynamic = 1; 23442 } 23443 23444 if (a == NULL) { 23445 WOLFSSL_MSG("a NULL error"); 23446 if (dynamic == 1) { 23447 wolfSSL_BN_free(r); 23448 } 23449 return NULL; 23450 } 23451 23452 if (n == NULL) { 23453 WOLFSSL_MSG("n NULL error"); 23454 if (dynamic == 1) { 23455 wolfSSL_BN_free(r); 23456 } 23457 return NULL; 23458 } 23459 23460 /* Compute inverse of a modulo n and return r */ 23461 if (mp_invmod((mp_int *)a->internal,(mp_int *)n->internal, 23462 (mp_int*)r->internal) == MP_VAL){ 23463 WOLFSSL_MSG("mp_invmod() error"); 23464 if (dynamic == 1) { 23465 wolfSSL_BN_free(r); 23466 } 23467 return NULL; 23468 } 23469 23470 return r; 23471 } 18788 23472 18789 23473 #ifndef NO_DH … … 18831 23515 XFREE(external, NULL, DYNAMIC_TYPE_DH); 18832 23516 return NULL; 18833 23517 } 18834 23518 external->internal = key; 18835 23519 … … 18847 23531 XFREE(dh->internal, NULL, DYNAMIC_TYPE_DH); 18848 23532 dh->internal = NULL; 18849 23533 } 18850 23534 wolfSSL_BN_free(dh->priv_key); 18851 23535 wolfSSL_BN_free(dh->pub_key); … … 18903 23587 dh->inSet = 1; 18904 23588 ret = WOLFSSL_SUCCESS; 18905 23589 } 18906 23590 18907 23591 #ifdef WOLFSSL_SMALL_STACK … … 18909 23593 XFREE(g, NULL, DYNAMIC_TYPE_PUBLIC_KEY); 18910 23594 #endif 18911 23595 } 18912 23596 18913 23597 … … 18926 23610 18927 23611 return wolfSSL_BN_num_bytes(dh->p); 23612 } 23613 23614 23615 /* This sets a big number with the 1536-bit prime from RFC 3526. 23616 * 23617 * bn if not NULL then the big number structure is used. If NULL then a new 23618 * big number structure is created. 23619 * 23620 * Returns a WOLFSSL_BIGNUM structure on success and NULL with failure. 23621 */ 23622 WOLFSSL_BIGNUM* wolfSSL_DH_1536_prime(WOLFSSL_BIGNUM* bn) 23623 { 23624 const char prm[] = { 23625 "FFFFFFFFFFFFFFFFC90FDAA22168C234" 23626 "C4C6628B80DC1CD129024E088A67CC74" 23627 "020BBEA63B139B22514A08798E3404DD" 23628 "EF9519B3CD3A431B302B0A6DF25F1437" 23629 "4FE1356D6D51C245E485B576625E7EC6" 23630 "F44C42E9A637ED6B0BFF5CB6F406B7ED" 23631 "EE386BFB5A899FA5AE9F24117C4B1FE6" 23632 "49286651ECE45B3DC2007CB8A163BF05" 23633 "98DA48361C55D39A69163FA8FD24CF5F" 23634 "83655D23DCA3AD961C62F356208552BB" 23635 "9ED529077096966D670C354E4ABC9804" 23636 "F1746C08CA237327FFFFFFFFFFFFFFFF" 23637 }; 23638 23639 WOLFSSL_ENTER("wolfSSL_DH_1536_prime"); 23640 23641 if (wolfSSL_BN_hex2bn(&bn, prm) != SSL_SUCCESS) { 23642 WOLFSSL_MSG("Error converting DH 1536 prime to big number"); 23643 return NULL; 23644 } 23645 23646 return bn; 18928 23647 } 18929 23648 … … 18935 23654 { 18936 23655 int ret = WOLFSSL_FAILURE; 18937 word32 pubSz = 768;18938 word32 privSz = 768;23656 word32 pubSz = 0; 23657 word32 privSz = 0; 18939 23658 int initTmpRng = 0; 18940 23659 WC_RNG* rng = NULL; 18941 23660 #ifdef WOLFSSL_SMALL_STACK 23661 WC_RNG* tmpRNG = NULL; 23662 #else 23663 WC_RNG tmpRNG[1]; 23664 #endif 18942 23665 unsigned char* pub = NULL; 18943 23666 unsigned char* priv = NULL; 18944 WC_RNG* tmpRNG = NULL;18945 #else18946 unsigned char pub [768];18947 unsigned char priv[768];18948 WC_RNG tmpRNG[1];18949 #endif18950 23667 18951 23668 WOLFSSL_MSG("wolfSSL_DH_generate_key"); … … 18953 23670 #ifdef WOLFSSL_SMALL_STACK 18954 23671 tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG); 18955 pub = (unsigned char*)XMALLOC(pubSz, NULL, DYNAMIC_TYPE_PUBLIC_KEY);18956 priv = (unsigned char*)XMALLOC(privSz, NULL, DYNAMIC_TYPE_PRIVATE_KEY);18957 23672 18958 23673 if (tmpRNG == NULL || pub == NULL || priv == NULL) { 18959 23674 XFREE(tmpRNG, NULL, DYNAMIC_TYPE_RNG); 18960 XFREE(pub, NULL, DYNAMIC_TYPE_PUBLIC_KEY);18961 XFREE(priv, NULL, DYNAMIC_TYPE_PRIVATE_KEY);18962 23675 return ret; 18963 23676 } … … 18978 23691 else 18979 23692 rng = &globalRNG; 18980 23693 } 18981 23694 18982 23695 if (rng) { 18983 if (wc_DhGenerateKeyPair((DhKey*)dh->internal, rng, priv, &privSz, 23696 pubSz = privSz = wolfSSL_BN_num_bytes(dh->p); 23697 pub = (unsigned char*)XMALLOC(pubSz, NULL, DYNAMIC_TYPE_PUBLIC_KEY); 23698 priv = (unsigned char*)XMALLOC(privSz, NULL, DYNAMIC_TYPE_PRIVATE_KEY); 23699 if (pub == NULL || priv == NULL) { 23700 WOLFSSL_MSG("Unable to malloc memory"); 23701 } 23702 else if (wc_DhGenerateKeyPair((DhKey*)dh->internal, rng, priv, &privSz, 18984 23703 pub, &pubSz) < 0) 18985 23704 WOLFSSL_MSG("Bad wc_DhGenerateKeyPair"); 18986 else {23705 else { 18987 23706 if (dh->pub_key) 18988 23707 wolfSSL_BN_free(dh->pub_key); … … 18991 23710 if (dh->pub_key == NULL) { 18992 23711 WOLFSSL_MSG("Bad DH new pub"); 18993 23712 } 18994 23713 if (dh->priv_key) 18995 23714 wolfSSL_BN_free(dh->priv_key); … … 18999 23718 if (dh->priv_key == NULL) { 19000 23719 WOLFSSL_MSG("Bad DH new priv"); 19001 23720 } 19002 23721 19003 23722 if (dh->pub_key && dh->priv_key) { … … 19009 23728 ret = WOLFSSL_SUCCESS; 19010 23729 } 19011 19012 23730 } 23731 } 19013 23732 19014 23733 if (initTmpRng) … … 19017 23736 #ifdef WOLFSSL_SMALL_STACK 19018 23737 XFREE(tmpRNG, NULL, DYNAMIC_TYPE_RNG); 23738 #endif 19019 23739 XFREE(pub, NULL, DYNAMIC_TYPE_PUBLIC_KEY); 19020 23740 XFREE(priv, NULL, DYNAMIC_TYPE_PRIVATE_KEY); 19021 #endif19022 23741 19023 23742 return ret; … … 19054 23773 XFREE(pub, NULL, DYNAMIC_TYPE_PUBLIC_KEY); 19055 23774 return ret; 19056 }23775 } 19057 23776 #endif 19058 23777 … … 19068 23787 privSz = wolfSSL_BN_bn2bin(dh->priv_key, priv); 19069 23788 pubSz = wolfSSL_BN_bn2bin(otherPub, pub); 19070 23789 if (dh->inSet == 0 && SetDhInternal(dh) != SSL_SUCCESS){ 23790 WOLFSSL_MSG("Bad DH set internal"); 23791 } 19071 23792 if (privSz <= 0 || pubSz <= 0) 19072 23793 WOLFSSL_MSG("Bad BN2bin set"); … … 19076 23797 else 19077 23798 ret = (int)keySz; 19078 23799 } 19079 23800 19080 23801 #ifdef WOLFSSL_SMALL_STACK … … 19100 23821 dsa->inSet = 0; 19101 23822 dsa->exSet = 0; 19102 23823 } 19103 23824 } 19104 23825 … … 19115 23836 WOLFSSL_MSG("wolfSSL_DSA_new malloc DsaKey failure"); 19116 23837 return NULL; 19117 23838 } 19118 23839 19119 23840 external = (WOLFSSL_DSA*) XMALLOC(sizeof(WOLFSSL_DSA), NULL, … … 19123 23844 XFREE(key, NULL, DYNAMIC_TYPE_DSA); 19124 23845 return NULL; 19125 23846 } 19126 23847 19127 23848 InitwolfSSL_DSA(external); … … 19131 23852 wolfSSL_DSA_free(external); 19132 23853 return NULL; 19133 23854 } 19134 23855 external->internal = key; 19135 23856 … … 19147 23868 XFREE(dsa->internal, NULL, DYNAMIC_TYPE_DSA); 19148 23869 dsa->internal = NULL; 19149 23870 } 19150 23871 wolfSSL_BN_free(dsa->priv_key); 19151 23872 wolfSSL_BN_free(dsa->pub_key); … … 19162 23883 #endif /* NO_DSA */ 19163 23884 19164 #ifndef NO_RSA 23885 #endif /* OPENSSL_EXTRA */ 23886 #if !defined(NO_RSA) && defined(OPENSSL_EXTRA_X509_SMALL) 19165 23887 static void InitwolfSSL_Rsa(WOLFSSL_RSA* rsa) 19166 23888 { 19167 23889 if (rsa) { 19168 rsa->n = NULL; 19169 rsa->e = NULL; 19170 rsa->d = NULL; 19171 rsa->p = NULL; 19172 rsa->q = NULL; 19173 rsa->dmp1 = NULL; 19174 rsa->dmq1 = NULL; 19175 rsa->iqmp = NULL; 19176 rsa->internal = NULL; 19177 rsa->inSet = 0; 19178 rsa->exSet = 0; 19179 } 19180 } 19181 19182 19183 WOLFSSL_RSA* wolfSSL_RSA_new(void) 19184 { 19185 WOLFSSL_RSA* external; 19186 RsaKey* key; 19187 19188 WOLFSSL_MSG("wolfSSL_RSA_new"); 19189 19190 key = (RsaKey*) XMALLOC(sizeof(RsaKey), NULL, DYNAMIC_TYPE_RSA); 19191 if (key == NULL) { 19192 WOLFSSL_MSG("wolfSSL_RSA_new malloc RsaKey failure"); 19193 return NULL; 19194 } 19195 19196 external = (WOLFSSL_RSA*) XMALLOC(sizeof(WOLFSSL_RSA), NULL, 19197 DYNAMIC_TYPE_RSA); 19198 if (external == NULL) { 19199 WOLFSSL_MSG("wolfSSL_RSA_new malloc WOLFSSL_RSA failure"); 19200 XFREE(key, NULL, DYNAMIC_TYPE_RSA); 19201 return NULL; 19202 } 19203 19204 InitwolfSSL_Rsa(external); 19205 if (wc_InitRsaKey(key, NULL) != 0) { 19206 WOLFSSL_MSG("InitRsaKey WOLFSSL_RSA failure"); 19207 XFREE(external, NULL, DYNAMIC_TYPE_RSA); 19208 XFREE(key, NULL, DYNAMIC_TYPE_RSA); 19209 return NULL; 19210 } 19211 19212 #if !defined(HAVE_FIPS) && !defined(HAVE_USER_RSA) && \ 19213 !defined(HAVE_FAST_RSA) && defined(WC_RSA_BLINDING) 19214 { 19215 WC_RNG* rng = NULL; 19216 19217 rng = (WC_RNG*) XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG); 19218 if (rng != NULL && wc_InitRng(rng) != 0) { 19219 WOLFSSL_MSG("InitRng failure, attempting to use global RNG"); 19220 XFREE(rng, NULL, DYNAMIC_TYPE_RNG); 19221 rng = NULL; 19222 } 19223 19224 if (initGlobalRNG) 19225 rng = &globalRNG; 19226 19227 if (rng == NULL) { 19228 WOLFSSL_MSG("wolfSSL_RSA_new no WC_RNG for blinding"); 19229 XFREE(external, NULL, DYNAMIC_TYPE_RSA); 19230 XFREE(key, NULL, DYNAMIC_TYPE_RSA); 19231 return NULL; 19232 } 19233 19234 wc_RsaSetRNG(key, rng); 19235 } 19236 #endif /* WC_RSA_BLINDING */ 19237 19238 external->internal = key; 19239 19240 return external; 19241 } 19242 23890 XMEMSET(rsa, 0, sizeof(WOLFSSL_RSA)); 23891 } 23892 } 19243 23893 19244 23894 void wolfSSL_RSA_free(WOLFSSL_RSA* rsa) 19245 23895 { 19246 WOLFSSL_ MSG("wolfSSL_RSA_free");23896 WOLFSSL_ENTER("wolfSSL_RSA_free"); 19247 23897 19248 23898 if (rsa) { … … 19250 23900 #if !defined(HAVE_FIPS) && !defined(HAVE_USER_RSA) && \ 19251 23901 !defined(HAVE_FAST_RSA) && defined(WC_RSA_BLINDING) 19252 WC_RNG* rng = ((RsaKey*)rsa->internal)->rng; 19253 if (rng != NULL && rng != &globalRNG) { 19254 wc_FreeRng(rng); 19255 XFREE(rng, NULL, DYNAMIC_TYPE_RNG); 19256 } 23902 WC_RNG* rng; 23903 23904 /* check if RNG is owned before freeing it */ 23905 if (rsa->ownRng) { 23906 rng = ((RsaKey*)rsa->internal)->rng; 23907 if (rng != NULL && rng != &globalRNG) { 23908 wc_FreeRng(rng); 23909 XFREE(rng, NULL, DYNAMIC_TYPE_RNG); 23910 } 23911 } 19257 23912 #endif /* WC_RSA_BLINDING */ 19258 23913 wc_FreeRsaKey((RsaKey*)rsa->internal); 19259 23914 XFREE(rsa->internal, NULL, DYNAMIC_TYPE_RSA); 19260 23915 rsa->internal = NULL; 19261 23916 } 19262 23917 wolfSSL_BN_free(rsa->iqmp); 19263 23918 wolfSSL_BN_free(rsa->dmq1); … … 19268 23923 wolfSSL_BN_free(rsa->e); 19269 23924 wolfSSL_BN_free(rsa->n); 23925 23926 #ifdef WC_RSA_BLINDING 23927 if (wc_FreeRng(rsa->rng) != 0) { 23928 WOLFSSL_MSG("Issue freeing rng"); 23929 } 23930 XFREE(rsa->rng, NULL, DYNAMIC_TYPE_RNG); 23931 #endif 23932 19270 23933 InitwolfSSL_Rsa(rsa); /* set back to NULLs for safety */ 19271 23934 … … 19274 23937 } 19275 23938 } 19276 #endif /* NO_RSA */ 19277 23939 23940 WOLFSSL_RSA* wolfSSL_RSA_new(void) 23941 { 23942 WOLFSSL_RSA* external; 23943 RsaKey* key; 23944 23945 WOLFSSL_ENTER("wolfSSL_RSA_new"); 23946 23947 key = (RsaKey*) XMALLOC(sizeof(RsaKey), NULL, DYNAMIC_TYPE_RSA); 23948 if (key == NULL) { 23949 WOLFSSL_MSG("wolfSSL_RSA_new malloc RsaKey failure"); 23950 return NULL; 23951 } 23952 23953 external = (WOLFSSL_RSA*) XMALLOC(sizeof(WOLFSSL_RSA), NULL, 23954 DYNAMIC_TYPE_RSA); 23955 if (external == NULL) { 23956 WOLFSSL_MSG("wolfSSL_RSA_new malloc WOLFSSL_RSA failure"); 23957 XFREE(key, NULL, DYNAMIC_TYPE_RSA); 23958 return NULL; 23959 } 23960 23961 InitwolfSSL_Rsa(external); 23962 if (wc_InitRsaKey(key, NULL) != 0) { 23963 WOLFSSL_MSG("InitRsaKey WOLFSSL_RSA failure"); 23964 XFREE(external, NULL, DYNAMIC_TYPE_RSA); 23965 XFREE(key, NULL, DYNAMIC_TYPE_RSA); 23966 return NULL; 23967 } 23968 23969 #if !defined(HAVE_FIPS) && !defined(HAVE_USER_RSA) && \ 23970 !defined(HAVE_FAST_RSA) && defined(WC_RSA_BLINDING) 23971 { 23972 WC_RNG* rng = NULL; 23973 23974 rng = (WC_RNG*) XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG); 23975 if (rng != NULL && wc_InitRng(rng) != 0) { 23976 WOLFSSL_MSG("InitRng failure, attempting to use global RNG"); 23977 XFREE(rng, NULL, DYNAMIC_TYPE_RNG); 23978 rng = NULL; 23979 } 23980 23981 external->ownRng = 1; 23982 if (rng == NULL && initGlobalRNG) { 23983 external->ownRng = 0; 23984 rng = &globalRNG; 23985 } 23986 23987 if (rng == NULL) { 23988 WOLFSSL_MSG("wolfSSL_RSA_new no WC_RNG for blinding"); 23989 XFREE(external, NULL, DYNAMIC_TYPE_RSA); 23990 XFREE(key, NULL, DYNAMIC_TYPE_RSA); 23991 return NULL; 23992 } 23993 23994 wc_RsaSetRNG(key, rng); 23995 } 23996 #endif /* WC_RSA_BLINDING */ 23997 23998 external->internal = key; 23999 external->inSet = 0; 24000 return external; 24001 } 24002 #endif /* !NO_RSA && OPENSSL_EXTRA_X509_SMALL */ 19278 24003 19279 24004 /* these defines are to make sure the functions SetIndividualExternal is not … … 19281 24006 #if !defined(NO_ASN) || !defined(NO_DSA) || defined(HAVE_ECC) || \ 19282 24007 (!defined(NO_RSA) && !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA)) 24008 24009 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) 19283 24010 /* when calling SetIndividualExternal, mpi should be cleared by caller if no 19284 * longer used. ie mp_ clear(mpi). This is to free data when fastmath is24011 * longer used. ie mp_free(mpi). This is to free data when fastmath is 19285 24012 * disabled since a copy of mpi is made by this function and placed into bn. 19286 24013 */ … … 19294 24021 WOLFSSL_MSG("mpi NULL error"); 19295 24022 return WOLFSSL_FATAL_ERROR; 19296 24023 } 19297 24024 19298 24025 if (*bn == NULL) { … … 19311 24038 } 19312 24039 return WOLFSSL_FATAL_ERROR; 19313 24040 } 19314 24041 19315 24042 return WOLFSSL_SUCCESS; 19316 24043 } 19317 24044 #endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */ 24045 24046 #ifdef OPENSSL_EXTRA /* only without X509_SMALL */ 24047 /* when calling SetIndividualInternal, mpi should be cleared by caller if no 24048 * longer used. ie mp_free(mpi). This is to free data when fastmath is 24049 * disabled since a copy of mpi is made by this function and placed into bn. 24050 */ 19318 24051 static int SetIndividualInternal(WOLFSSL_BIGNUM* bn, mp_int* mpi) 19319 24052 { … … 19323 24056 WOLFSSL_MSG("bn NULL error"); 19324 24057 return WOLFSSL_FATAL_ERROR; 19325 24058 } 19326 24059 19327 24060 if (mpi == NULL || (mp_init(mpi) != MP_OKAY)) { … … 19333 24066 WOLFSSL_MSG("mp_copy error"); 19334 24067 return WOLFSSL_FATAL_ERROR; 19335 24068 } 19336 24069 19337 24070 return WOLFSSL_SUCCESS; 19338 24071 } 19339 19340 24072 19341 24073 #ifndef NO_ASN … … 19353 24085 } 19354 24086 19355 if ((ret = GetInt(&mpi, ai->data, &idx, sizeof(ai->data))) != 0) {24087 if ((ret = GetInt(&mpi, ai->data, &idx, ai->dataMax)) != 0) { 19356 24088 /* expecting ASN1 format for INTEGER */ 19357 24089 WOLFSSL_LEAVE("wolfSSL_ASN1_INTEGER_to_BN", ret); … … 19368 24100 } 19369 24101 return bn; 19370 }24102 } 19371 24103 #endif /* !NO_ASN */ 19372 24104 … … 19406 24138 wolfSSL_DH_free(dh); 19407 24139 return NULL; 19408 24140 } 19409 24141 if (SetIndividualExternal(&dh->g, &key->g) != WOLFSSL_SUCCESS) { 19410 24142 WOLFSSL_MSG("dsa g key error"); 19411 24143 wolfSSL_DH_free(dh); 19412 24144 return NULL; 19413 24145 } 19414 24146 19415 24147 return dh; … … 19417 24149 #endif /* !defined(NO_DSA) && !defined(NO_DH) */ 19418 24150 24151 #endif /* OPENSSL_EXTRA */ 19419 24152 #endif /* !NO_RSA && !NO_DSA */ 19420 24153 24154 #ifdef OPENSSL_EXTRA 19421 24155 19422 24156 #ifndef NO_DSA … … 19473 24207 WOLFSSL_MSG("dsa key NULL error"); 19474 24208 return WOLFSSL_FATAL_ERROR; 19475 24209 } 19476 24210 19477 24211 key = (DsaKey*)dsa->internal; … … 19487 24221 WOLFSSL_MSG("rsa q key error"); 19488 24222 return WOLFSSL_FATAL_ERROR; 19489 24223 } 19490 24224 19491 24225 if (dsa->g != NULL && … … 19493 24227 WOLFSSL_MSG("rsa g key error"); 19494 24228 return WOLFSSL_FATAL_ERROR; 19495 24229 } 19496 24230 19497 24231 if (dsa->pub_key != NULL) { … … 19499 24233 WOLFSSL_MSG("rsa pub_key error"); 19500 24234 return WOLFSSL_FATAL_ERROR; 19501 24235 } 19502 24236 19503 24237 /* public key */ 19504 24238 key->type = DSA_PUBLIC; 19505 24239 } 19506 24240 19507 24241 if (dsa->priv_key != NULL) { … … 19509 24243 WOLFSSL_MSG("rsa priv_key error"); 19510 24244 return WOLFSSL_FATAL_ERROR; 19511 24245 } 19512 24246 19513 24247 /* private key */ 19514 24248 key->type = DSA_PRIVATE; 19515 24249 } 19516 24250 19517 24251 dsa->inSet = 1; … … 19520 24254 } 19521 24255 #endif /* NO_DSA */ 19522 19523 19524 #if !defined( NO_RSA)19525 #if !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA)24256 #endif /* OPENSSL_EXTRA */ 24257 24258 #if !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA) && \ 24259 !defined(NO_RSA) && (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) 19526 24260 /* WolfSSL -> OpenSSL */ 19527 24261 static int SetRsaExternal(WOLFSSL_RSA* rsa) … … 19533 24267 WOLFSSL_MSG("rsa key NULL error"); 19534 24268 return WOLFSSL_FATAL_ERROR; 19535 24269 } 19536 24270 19537 24271 key = (RsaKey*)rsa->internal; … … 19540 24274 WOLFSSL_MSG("rsa n key error"); 19541 24275 return WOLFSSL_FATAL_ERROR; 19542 24276 } 19543 24277 19544 24278 if (SetIndividualExternal(&rsa->e, &key->e) != WOLFSSL_SUCCESS) { 19545 24279 WOLFSSL_MSG("rsa e key error"); 19546 24280 return WOLFSSL_FATAL_ERROR; 19547 } 19548 19549 if (SetIndividualExternal(&rsa->d, &key->d) != WOLFSSL_SUCCESS) { 19550 WOLFSSL_MSG("rsa d key error"); 19551 return WOLFSSL_FATAL_ERROR; 19552 } 19553 19554 if (SetIndividualExternal(&rsa->p, &key->p) != WOLFSSL_SUCCESS) { 19555 WOLFSSL_MSG("rsa p key error"); 19556 return WOLFSSL_FATAL_ERROR; 19557 } 19558 19559 if (SetIndividualExternal(&rsa->q, &key->q) != WOLFSSL_SUCCESS) { 19560 WOLFSSL_MSG("rsa q key error"); 19561 return WOLFSSL_FATAL_ERROR; 19562 } 19563 19564 if (SetIndividualExternal(&rsa->dmp1, &key->dP) != WOLFSSL_SUCCESS) { 19565 WOLFSSL_MSG("rsa dP key error"); 19566 return WOLFSSL_FATAL_ERROR; 19567 } 19568 19569 if (SetIndividualExternal(&rsa->dmq1, &key->dQ) != WOLFSSL_SUCCESS) { 19570 WOLFSSL_MSG("rsa dQ key error"); 19571 return WOLFSSL_FATAL_ERROR; 19572 } 19573 19574 if (SetIndividualExternal(&rsa->iqmp, &key->u) != WOLFSSL_SUCCESS) { 19575 WOLFSSL_MSG("rsa u key error"); 19576 return WOLFSSL_FATAL_ERROR; 19577 } 19578 24281 } 24282 24283 if (key->type == RSA_PRIVATE) { 24284 if (SetIndividualExternal(&rsa->d, &key->d) != WOLFSSL_SUCCESS) { 24285 WOLFSSL_MSG("rsa d key error"); 24286 return WOLFSSL_FATAL_ERROR; 24287 } 24288 24289 if (SetIndividualExternal(&rsa->p, &key->p) != WOLFSSL_SUCCESS) { 24290 WOLFSSL_MSG("rsa p key error"); 24291 return WOLFSSL_FATAL_ERROR; 24292 } 24293 24294 if (SetIndividualExternal(&rsa->q, &key->q) != WOLFSSL_SUCCESS) { 24295 WOLFSSL_MSG("rsa q key error"); 24296 return WOLFSSL_FATAL_ERROR; 24297 } 24298 24299 #ifndef RSA_LOW_MEM 24300 if (SetIndividualExternal(&rsa->dmp1, &key->dP) != WOLFSSL_SUCCESS) { 24301 WOLFSSL_MSG("rsa dP key error"); 24302 return WOLFSSL_FATAL_ERROR; 24303 } 24304 24305 if (SetIndividualExternal(&rsa->dmq1, &key->dQ) != WOLFSSL_SUCCESS) { 24306 WOLFSSL_MSG("rsa dQ key error"); 24307 return WOLFSSL_FATAL_ERROR; 24308 } 24309 24310 if (SetIndividualExternal(&rsa->iqmp, &key->u) != WOLFSSL_SUCCESS) { 24311 WOLFSSL_MSG("rsa u key error"); 24312 return WOLFSSL_FATAL_ERROR; 24313 } 24314 #endif /* !RSA_LOW_MEM */ 24315 } 19579 24316 rsa->exSet = 1; 19580 24317 19581 24318 return WOLFSSL_SUCCESS; 19582 24319 } 19583 24320 #endif 24321 24322 #ifdef OPENSSL_EXTRA 24323 #if !defined(NO_RSA) 24324 #if !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA) 19584 24325 /* Openssl -> WolfSSL */ 19585 24326 static int SetRsaInternal(WOLFSSL_RSA* rsa) … … 19591 24332 WOLFSSL_MSG("rsa key NULL error"); 19592 24333 return WOLFSSL_FATAL_ERROR; 19593 24334 } 19594 24335 19595 24336 key = (RsaKey*)rsa->internal; … … 19598 24339 WOLFSSL_MSG("rsa n key error"); 19599 24340 return WOLFSSL_FATAL_ERROR; 19600 24341 } 19601 24342 19602 24343 if (SetIndividualInternal(rsa->e, &key->e) != WOLFSSL_SUCCESS) { 19603 24344 WOLFSSL_MSG("rsa e key error"); 19604 24345 return WOLFSSL_FATAL_ERROR; 19605 24346 } 19606 24347 19607 24348 /* public key */ … … 19612 24353 WOLFSSL_MSG("rsa d key error"); 19613 24354 return WOLFSSL_FATAL_ERROR; 19614 24355 } 19615 24356 19616 24357 /* private key */ 19617 24358 key->type = RSA_PRIVATE; 19618 24359 } 19619 24360 19620 24361 if (rsa->p != NULL && … … 19622 24363 WOLFSSL_MSG("rsa p key error"); 19623 24364 return WOLFSSL_FATAL_ERROR; 19624 24365 } 19625 24366 19626 24367 if (rsa->q != NULL && … … 19628 24369 WOLFSSL_MSG("rsa q key error"); 19629 24370 return WOLFSSL_FATAL_ERROR; 19630 } 19631 24371 } 24372 24373 #ifndef RSA_LOW_MEM 19632 24374 if (rsa->dmp1 != NULL && 19633 24375 SetIndividualInternal(rsa->dmp1, &key->dP) != WOLFSSL_SUCCESS) { 19634 24376 WOLFSSL_MSG("rsa dP key error"); 19635 24377 return WOLFSSL_FATAL_ERROR; 19636 24378 } 19637 24379 19638 24380 if (rsa->dmq1 != NULL && … … 19640 24382 WOLFSSL_MSG("rsa dQ key error"); 19641 24383 return WOLFSSL_FATAL_ERROR; 19642 24384 } 19643 24385 19644 24386 if (rsa->iqmp != NULL && … … 19646 24388 WOLFSSL_MSG("rsa u key error"); 19647 24389 return WOLFSSL_FATAL_ERROR; 19648 } 24390 } 24391 #endif /* !RSA_LOW_MEM */ 19649 24392 19650 24393 rsa->inSet = 1; … … 19652 24395 return WOLFSSL_SUCCESS; 19653 24396 } 19654 #endif /* HAVE_USER_RSA */ 19655 19656 /* return compliant with OpenSSL 19657 * 1 if success, 0 if error 19658 */ 19659 int wolfSSL_RSA_generate_key_ex(WOLFSSL_RSA* rsa, int bits, WOLFSSL_BIGNUM* bn, 19660 void* cb) 19661 { 19662 int ret = WOLFSSL_FAILURE; 19663 19664 (void)cb; 19665 (void)bn; 19666 (void)bits; 19667 19668 WOLFSSL_ENTER("wolfSSL_RSA_generate_key_ex"); 19669 19670 if (rsa == NULL || rsa->internal == NULL) { 19671 /* bit size checked during make key call */ 19672 WOLFSSL_MSG("bad arguments"); 19673 return WOLFSSL_FAILURE; 19674 } 19675 19676 #ifdef WOLFSSL_KEY_GEN 19677 { 19678 #ifdef WOLFSSL_SMALL_STACK 19679 WC_RNG* rng = NULL; 19680 #else 19681 WC_RNG rng[1]; 19682 #endif 19683 19684 #ifdef WOLFSSL_SMALL_STACK 19685 rng = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG); 19686 if (rng == NULL) 19687 return WOLFSSL_FAILURE; 19688 #endif 19689 19690 if (wc_InitRng(rng) < 0) 19691 WOLFSSL_MSG("RNG init failed"); 19692 else if (wc_MakeRsaKey((RsaKey*)rsa->internal, 19693 bits, 65537, rng) != MP_OKAY) 19694 WOLFSSL_MSG("wc_MakeRsaKey failed"); 19695 else if (SetRsaExternal(rsa) != WOLFSSL_SUCCESS) 19696 WOLFSSL_MSG("SetRsaExternal failed"); 19697 else { 19698 rsa->inSet = 1; 19699 ret = WOLFSSL_SUCCESS; 19700 } 19701 19702 wc_FreeRng(rng); 19703 #ifdef WOLFSSL_SMALL_STACK 19704 XFREE(rng, NULL, DYNAMIC_TYPE_RNG); 19705 #endif 19706 } 19707 #else 19708 WOLFSSL_MSG("No Key Gen built in"); 19709 #endif 19710 return ret; 19711 } 19712 19713 19714 /* WOLFSSL_SUCCESS on ok */ 24397 24398 24399 /* SSL_SUCCESS on ok */ 24400 #ifndef NO_WOLFSSL_STUB 19715 24401 int wolfSSL_RSA_blinding_on(WOLFSSL_RSA* rsa, WOLFSSL_BN_CTX* bn) 19716 24402 { 19717 24403 (void)rsa; 19718 24404 (void)bn; 19719 24405 WOLFSSL_STUB("RSA_blinding_on"); 19720 24406 WOLFSSL_MSG("wolfSSL_RSA_blinding_on"); 19721 24407 19722 24408 return WOLFSSL_SUCCESS; /* on by default */ 19723 24409 } 24410 #endif 19724 24411 19725 24412 /* return compliant with OpenSSL … … 19729 24416 unsigned char* to, WOLFSSL_RSA* rsa, int padding) 19730 24417 { 19731 int tlen = 0; 19732 int initTmpRng = 0; 19733 WC_RNG* rng = NULL; 24418 int initTmpRng = 0; 24419 WC_RNG *rng = NULL; 24420 int outLen; 24421 int ret = 0; 19734 24422 #ifdef WOLFSSL_SMALL_STACK 19735 24423 WC_RNG* tmpRNG = NULL; … … 19738 24426 #endif 19739 24427 #if !defined(HAVE_FIPS) && !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA) 19740 int mgf = WC_MGF1NONE;24428 int mgf = WC_MGF1NONE; 19741 24429 enum wc_HashType hash = WC_HASH_TYPE_NONE; 19742 24430 #endif 19743 24431 19744 24432 WOLFSSL_MSG("wolfSSL_RSA_public_encrypt"); 19745 19746 if (rsa == NULL || rsa->internal == NULL || fr == NULL) {19747 WOLFSSL_MSG("Bad function arguments");19748 return 0;19749 }19750 24433 19751 24434 /* Check and remap the padding to internal values, if needed. */ … … 19757 24440 hash = WC_HASH_TYPE_SHA; 19758 24441 mgf = WC_MGF1SHA1; 19759 24442 } 19760 24443 #else 19761 24444 if (padding == RSA_PKCS1_PADDING) … … 19768 24451 19769 24452 if (rsa->inSet == 0) 19770 { 19771 WOLFSSL_MSG("No RSA internal set, do it"); 19772 19773 if (SetRsaInternal(rsa) != WOLFSSL_SUCCESS) { 24453 { 24454 if (SetRsaInternal(rsa) != SSL_SUCCESS) { 19774 24455 WOLFSSL_MSG("SetRsaInternal failed"); 19775 24456 return 0; 19776 } 19777 } 24457 } 24458 } 24459 24460 outLen = wolfSSL_RSA_size(rsa); 19778 24461 19779 24462 #if !defined(HAVE_FIPS) && !defined(HAVE_USER_RSA) && \ … … 19783 24466 if (rng == NULL) { 19784 24467 #ifdef WOLFSSL_SMALL_STACK 19785 tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_ RNG);24468 tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER); 19786 24469 if (tmpRNG == NULL) 19787 return WOLFSSL_FATAL_ERROR;24470 return 0; 19788 24471 #endif 19789 24472 … … 19799 24482 rng = &globalRNG; 19800 24483 } 19801 } 19802 19803 /* size of 'to' buffer must be size of RSA key */ 24484 } 24485 24486 if (outLen == 0) { 24487 WOLFSSL_MSG("Bad RSA size"); 24488 } 24489 19804 24490 if (rng) { 19805 24491 #if !defined(HAVE_FIPS) && !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA) 19806 tlen = wc_RsaPublicEncrypt_ex(fr, len, to, wolfSSL_RSA_size(rsa),24492 ret = wc_RsaPublicEncrypt_ex(fr, len, to, outLen, 19807 24493 (RsaKey*)rsa->internal, rng, padding, 19808 24494 hash, mgf, NULL, 0); 19809 24495 #else 19810 tlen = wc_RsaPublicEncrypt(fr, len, to, wolfSSL_RSA_size(rsa),24496 ret = wc_RsaPublicEncrypt(fr, len, to, outLen, 19811 24497 (RsaKey*)rsa->internal, rng); 19812 24498 #endif 19813 if (tlen <= 0) { 19814 WOLFSSL_MSG("wolfSSL_RSA_public_encrypt failed"); 19815 } 19816 else { 19817 WOLFSSL_MSG("wolfSSL_RSA_public_encrypt success"); 19818 } 19819 } 24499 if (ret <= 0) { 24500 WOLFSSL_MSG("Bad Rsa Encrypt"); 24501 } 24502 if (len <= 0) { 24503 WOLFSSL_MSG("Bad Rsa Encrypt"); 24504 } 24505 } 24506 19820 24507 if (initTmpRng) 19821 24508 wc_FreeRng(tmpRNG); 19822 24509 19823 24510 #ifdef WOLFSSL_SMALL_STACK 19824 XFREE(tmpRNG, NULL, DYNAMIC_TYPE_RNG); 19825 #endif 19826 return tlen; 24511 XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER); 24512 #endif 24513 24514 if (ret >= 0) 24515 WOLFSSL_MSG("wolfSSL_RSA_public_encrypt success"); 24516 else { 24517 WOLFSSL_MSG("wolfSSL_RSA_public_encrypt failed"); 24518 ret = WOLFSSL_FATAL_ERROR; /* return -1 on error case */ 24519 } 24520 return ret; 19827 24521 } 19828 24522 … … 19833 24527 unsigned char* to, WOLFSSL_RSA* rsa, int padding) 19834 24528 { 19835 int tlen = 0; 19836 #if !defined(HAVE_FIPS) && !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA) 24529 int outLen; 24530 int ret = 0; 24531 #if !defined(HAVE_FIPS) && !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA) 19837 24532 int mgf = WC_MGF1NONE; 19838 24533 enum wc_HashType hash = WC_HASH_TYPE_NONE; 19839 #endif24534 #endif 19840 24535 19841 24536 WOLFSSL_MSG("wolfSSL_RSA_private_decrypt"); 19842 24537 19843 if (rsa == NULL || rsa->internal == NULL || fr == NULL) {19844 WOLFSSL_MSG("Bad function arguments");19845 return 0;19846 }19847 19848 /* Check and remap the padding to internal values, if needed. */19849 24538 #if !defined(HAVE_FIPS) && !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA) 19850 24539 if (padding == RSA_PKCS1_PADDING) … … 19861 24550 else { 19862 24551 WOLFSSL_MSG("wolfSSL_RSA_private_decrypt unsupported padding"); 19863 19864 24552 return 0; 24553 } 19865 24554 19866 24555 if (rsa->inSet == 0) 19867 { 19868 WOLFSSL_MSG("No RSA internal set, do it"); 19869 19870 if (SetRsaInternal(rsa) != WOLFSSL_SUCCESS) { 24556 { 24557 if (SetRsaInternal(rsa) != SSL_SUCCESS) { 19871 24558 WOLFSSL_MSG("SetRsaInternal failed"); 19872 return 0; 19873 } 24559 return 0; 24560 } 24561 } 24562 24563 outLen = wolfSSL_RSA_size(rsa); 24564 if (outLen == 0) { 24565 WOLFSSL_MSG("Bad RSA size"); 19874 24566 } 19875 24567 19876 24568 /* size of 'to' buffer must be size of RSA key */ 19877 24569 #if !defined(HAVE_FIPS) && !defined(HAVE_USER_RSA) && !defined(HAVE_FAST_RSA) 19878 tlen = wc_RsaPrivateDecrypt_ex(fr, len, to, wolfSSL_RSA_size(rsa),24570 ret = wc_RsaPrivateDecrypt_ex(fr, len, to, outLen, 19879 24571 (RsaKey*)rsa->internal, padding, 19880 24572 hash, mgf, NULL, 0); 19881 24573 #else 19882 tlen = wc_RsaPrivateDecrypt(fr, len, to, wolfSSL_RSA_size(rsa),24574 ret = wc_RsaPrivateDecrypt(fr, len, to, outLen, 19883 24575 (RsaKey*)rsa->internal); 19884 24576 #endif 19885 if (tlen <= 0) { 24577 24578 if (len <= 0) { 24579 WOLFSSL_MSG("Bad Rsa Decrypt"); 24580 } 24581 24582 if (ret > 0) 24583 WOLFSSL_MSG("wolfSSL_RSA_private_decrypt success"); 24584 else { 19886 24585 WOLFSSL_MSG("wolfSSL_RSA_private_decrypt failed"); 19887 } 19888 else { 19889 WOLFSSL_MSG("wolfSSL_RSA_private_decrypt success"); 19890 } 19891 return tlen; 19892 } 24586 ret = WOLFSSL_FATAL_ERROR; 24587 } 24588 return ret; 24589 } 24590 24591 24592 /* RSA private encrypt calls wc_RsaSSL_Sign. Similar function set up as RSA 24593 * public decrypt. 24594 * 24595 * len Length of input buffer 24596 * in Input buffer to sign 24597 * out Output buffer (expected to be greater than or equal to RSA key size) 24598 * rsa Key to use for encryption 24599 * padding Type of RSA padding to use. 24600 */ 24601 int wolfSSL_RSA_private_encrypt(int len, unsigned char* in, 24602 unsigned char* out, WOLFSSL_RSA* rsa, int padding) 24603 { 24604 int sz = 0; 24605 WC_RNG* rng = NULL; 24606 RsaKey* key; 24607 24608 WOLFSSL_MSG("wolfSSL_RSA_private_encrypt"); 24609 24610 if (len < 0 || rsa == NULL || rsa->internal == NULL || in == NULL) { 24611 WOLFSSL_MSG("Bad function arguments"); 24612 return 0; 24613 } 24614 24615 if (padding != RSA_PKCS1_PADDING) { 24616 WOLFSSL_MSG("wolfSSL_RSA_private_encrypt unsupported padding"); 24617 return 0; 24618 } 24619 24620 if (rsa->inSet == 0) 24621 { 24622 WOLFSSL_MSG("Setting internal RSA structure"); 24623 24624 if (SetRsaInternal(rsa) != SSL_SUCCESS) { 24625 WOLFSSL_MSG("SetRsaInternal failed"); 24626 return 0; 24627 } 24628 } 24629 24630 key = (RsaKey*)rsa->internal; 24631 #if defined(WC_RSA_BLINDING) && !defined(HAVE_USER_RSA) 24632 rng = key->rng; 24633 #else 24634 #ifndef HAVE_FIPS 24635 if (wc_InitRng_ex(rng, key->heap, INVALID_DEVID) != 0) { 24636 #else 24637 if (wc_InitRng(rng) != 0) { 24638 #endif 24639 WOLFSSL_MSG("Error with random number"); 24640 return SSL_FATAL_ERROR; 24641 } 24642 #endif 24643 24644 /* size of output buffer must be size of RSA key */ 24645 sz = wc_RsaSSL_Sign(in, (word32)len, out, wolfSSL_RSA_size(rsa), key, rng); 24646 #if !defined(WC_RSA_BLINDING) || defined(HAVE_USER_RSA) 24647 if (wc_FreeRng(rng) != 0) { 24648 WOLFSSL_MSG("Error freeing random number generator"); 24649 return SSL_FATAL_ERROR; 24650 } 24651 #endif 24652 if (sz <= 0) { 24653 WOLFSSL_LEAVE("wolfSSL_RSA_private_encrypt", sz); 24654 return 0; 24655 } 24656 24657 return sz; 24658 } 24659 #endif /* HAVE_USER_RSA */ 19893 24660 19894 24661 /* return compliant with OpenSSL … … 19897 24664 int wolfSSL_RSA_size(const WOLFSSL_RSA* rsa) 19898 24665 { 19899 WOLFSSL_ MSG("wolfSSL_RSA_size");24666 WOLFSSL_ENTER("wolfSSL_RSA_size"); 19900 24667 19901 24668 if (rsa == NULL) 19902 24669 return WOLFSSL_FATAL_ERROR; 19903 19904 return wolfSSL_BN_num_bytes(rsa->n); 24670 if (rsa->inSet == 0) 24671 { 24672 if (SetRsaInternal((WOLFSSL_RSA*)rsa) != SSL_SUCCESS) { 24673 WOLFSSL_MSG("SetRsaInternal failed"); 24674 return 0; 24675 } 24676 } 24677 return wc_RsaEncryptSize((RsaKey*)rsa->internal); 24678 } 24679 24680 24681 /* Generates a RSA key of length len 24682 * 24683 * len length of RSA key i.e. 2048 24684 * e e to use when generating RSA key 24685 * f callback function for generation details 24686 * data user callback argument 24687 * 24688 * Note: Because of wc_MakeRsaKey an RSA key size generated can be slightly 24689 * rounded down. For example generating a key of size 2999 with e = 24690 * 65537 will make a key of size 374 instead of 375. 24691 * Returns a new RSA key on success and NULL on failure 24692 */ 24693 WOLFSSL_RSA* wolfSSL_RSA_generate_key(int len, unsigned long e, 24694 void(*f)(int, int, void*), void* data) 24695 { 24696 WOLFSSL_RSA* rsa = NULL; 24697 WOLFSSL_BIGNUM* bn = NULL; 24698 24699 WOLFSSL_ENTER("wolfSSL_RSA_generate_key"); 24700 24701 (void)f; 24702 (void)data; 24703 24704 if (len < 0) { 24705 WOLFSSL_MSG("Bad argument: length was less than 0"); 24706 return NULL; 24707 } 24708 24709 bn = wolfSSL_BN_new(); 24710 if (bn == NULL) { 24711 WOLFSSL_MSG("Error creating big number"); 24712 return NULL; 24713 } 24714 24715 if (wolfSSL_BN_set_word(bn, (WOLFSSL_BN_ULONG)e) != SSL_SUCCESS) { 24716 WOLFSSL_MSG("Error using e value"); 24717 wolfSSL_BN_free(bn); 24718 return NULL; 24719 } 24720 24721 rsa = wolfSSL_RSA_new(); 24722 if (rsa == NULL) { 24723 WOLFSSL_MSG("memory error"); 24724 } 24725 else { 24726 if (wolfSSL_RSA_generate_key_ex(rsa, len, bn, NULL) != SSL_SUCCESS){ 24727 wolfSSL_RSA_free(rsa); 24728 rsa = NULL; 24729 } 24730 } 24731 wolfSSL_BN_free(bn); 24732 24733 return rsa; 24734 } 24735 24736 24737 /* return compliant with OpenSSL 24738 * 1 if success, 0 if error 24739 */ 24740 int wolfSSL_RSA_generate_key_ex(WOLFSSL_RSA* rsa, int bits, WOLFSSL_BIGNUM* bn, 24741 void* cb) 24742 { 24743 int ret = WOLFSSL_FAILURE; 24744 24745 (void)cb; 24746 (void)bn; 24747 (void)bits; 24748 24749 WOLFSSL_ENTER("wolfSSL_RSA_generate_key_ex"); 24750 24751 if (rsa == NULL || rsa->internal == NULL) { 24752 /* bit size checked during make key call */ 24753 WOLFSSL_MSG("bad arguments"); 24754 return WOLFSSL_FAILURE; 24755 } 24756 24757 #ifdef WOLFSSL_KEY_GEN 24758 { 24759 #ifdef WOLFSSL_SMALL_STACK 24760 WC_RNG* rng = NULL; 24761 #else 24762 WC_RNG rng[1]; 24763 #endif 24764 24765 #ifdef WOLFSSL_SMALL_STACK 24766 rng = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG); 24767 if (rng == NULL) 24768 return WOLFSSL_FAILURE; 24769 #endif 24770 24771 if (wc_InitRng(rng) < 0) 24772 WOLFSSL_MSG("RNG init failed"); 24773 else if (wc_MakeRsaKey((RsaKey*)rsa->internal, bits, 24774 wolfSSL_BN_get_word(bn), rng) != MP_OKAY) 24775 WOLFSSL_MSG("wc_MakeRsaKey failed"); 24776 else if (SetRsaExternal(rsa) != WOLFSSL_SUCCESS) 24777 WOLFSSL_MSG("SetRsaExternal failed"); 24778 else { 24779 rsa->inSet = 1; 24780 ret = WOLFSSL_SUCCESS; 24781 } 24782 24783 wc_FreeRng(rng); 24784 #ifdef WOLFSSL_SMALL_STACK 24785 XFREE(rng, NULL, DYNAMIC_TYPE_RNG); 24786 #endif 24787 } 24788 #else 24789 WOLFSSL_MSG("No Key Gen built in"); 24790 #endif 24791 return ret; 19905 24792 } 19906 24793 #endif /* NO_RSA */ … … 19928 24815 return ret; 19929 24816 } 19930 24817 } 19931 24818 19932 24819 #ifdef WOLFSSL_KEY_GEN … … 19964 24851 else 19965 24852 ret = WOLFSSL_SUCCESS; 19966 24853 } 19967 24854 19968 24855 if (initTmpRng) … … 19978 24865 return ret; 19979 24866 } 24867 24868 24869 /* Returns a pointer to a new WOLFSSL_DSA structure on success and NULL on fail 24870 */ 24871 WOLFSSL_DSA* wolfSSL_DSA_generate_parameters(int bits, unsigned char* seed, 24872 int seedLen, int* counterRet, unsigned long* hRet, 24873 WOLFSSL_BN_CB cb, void* CBArg) 24874 { 24875 WOLFSSL_DSA* dsa; 24876 24877 WOLFSSL_ENTER("wolfSSL_DSA_generate_parameters()"); 24878 24879 (void)cb; 24880 (void)CBArg; 24881 dsa = wolfSSL_DSA_new(); 24882 if (dsa == NULL) { 24883 return NULL; 24884 } 24885 24886 if (wolfSSL_DSA_generate_parameters_ex(dsa, bits, seed, seedLen, 24887 counterRet, hRet, NULL) != SSL_SUCCESS) { 24888 wolfSSL_DSA_free(dsa); 24889 return NULL; 24890 } 24891 24892 return dsa; 24893 } 24894 19980 24895 19981 24896 /* return code compliant with OpenSSL : … … 20001 24916 WOLFSSL_MSG("Bad arguments"); 20002 24917 return WOLFSSL_FAILURE; 20003 24918 } 20004 24919 20005 24920 #ifdef WOLFSSL_KEY_GEN 20006 24921 { 20007 24922 int initTmpRng = 0; 20008 24923 WC_RNG *rng = NULL; … … 20021 24936 rng = tmpRNG; 20022 24937 initTmpRng = 1; 20023 20024 24938 } 24939 else { 20025 24940 WOLFSSL_MSG("Bad RNG Init, trying global"); 20026 24941 if (initGlobalRNG == 0) … … 20046 24961 XFREE(tmpRNG, NULL, DYNAMIC_TYPE_RNG); 20047 24962 #endif 20048 }24963 } 20049 24964 #else /* WOLFSSL_KEY_GEN */ 20050 24965 WOLFSSL_MSG("No Key Gen built in"); … … 20052 24967 20053 24968 return ret; 20054 }24969 } 20055 24970 20056 24971 /* return WOLFSSL_SUCCESS on success, < 0 otherwise */ … … 20072 24987 WOLFSSL_MSG("Bad function arguments"); 20073 24988 return ret; 20074 }24989 } 20075 24990 20076 24991 if (dsa->inSet == 0) … … 20082 24997 return ret; 20083 24998 } 20084 }24999 } 20085 25000 20086 25001 #ifdef WOLFSSL_SMALL_STACK … … 20100 25015 else 20101 25016 rng = &globalRNG; 20102 25017 } 20103 25018 20104 25019 if (rng) { … … 20107 25022 else 20108 25023 ret = WOLFSSL_SUCCESS; 20109 25024 } 20110 25025 20111 25026 if (initTmpRng) … … 20129 25044 WOLFSSL_MSG("Bad function arguments"); 20130 25045 return WOLFSSL_FATAL_ERROR; 20131 }25046 } 20132 25047 if (dsa->inSet == 0) 20133 25048 { … … 20137 25052 WOLFSSL_MSG("SetDsaInternal failed"); 20138 25053 return WOLFSSL_FATAL_ERROR; 20139 20140 25054 } 25055 } 20141 25056 20142 25057 ret = DsaVerify(d, sig, (DsaKey*)dsa->internal, dsacheck); … … 20151 25066 20152 25067 20153 #ifndef NO_RSA 25068 #if !defined(NO_RSA) && !defined(HAVE_USER_RSA) 25069 25070 #ifdef DEBUG_SIGN 25071 static void show(const char *title, const unsigned char *out, unsigned int outlen) 25072 { 25073 const unsigned char *pt; 25074 printf("%s[%d] = \n", title, (int)outlen); 25075 outlen = outlen>100?100:outlen; 25076 for (pt = out; pt < out + outlen; 25077 printf("%c", ((*pt)&0x6f)>='A'?((*pt)&0x6f):'.'), pt++); 25078 printf("\n"); 25079 } 25080 #else 25081 #define show(a,b,c) 25082 #endif 25083 20154 25084 /* return SSL_SUCCES on ok, 0 otherwise */ 20155 25085 int wolfSSL_RSA_sign(int type, const unsigned char* m, 20156 25086 unsigned int mLen, unsigned char* sigRet, 20157 25087 unsigned int* sigLen, WOLFSSL_RSA* rsa) 25088 { 25089 return wolfSSL_RSA_sign_ex(type, m, mLen, sigRet, sigLen, rsa, 1); 25090 } 25091 25092 int wolfSSL_RSA_sign_ex(int type, const unsigned char* m, 25093 unsigned int mLen, unsigned char* sigRet, 25094 unsigned int* sigLen, WOLFSSL_RSA* rsa, int flag) 20158 25095 { 20159 25096 word32 outLen; … … 20170 25107 #endif 20171 25108 20172 WOLFSSL_ MSG("wolfSSL_RSA_sign");25109 WOLFSSL_ENTER("wolfSSL_RSA_sign"); 20173 25110 20174 25111 if (m == NULL || sigRet == NULL || sigLen == NULL || rsa == NULL) { … … 20176 25113 return 0; 20177 25114 } 25115 show("Message to Sign", m, mLen); 20178 25116 20179 25117 switch (type) { … … 20198 25136 default: 20199 25137 WOLFSSL_MSG("This NID (md type) not configured or not implemented"); 20200 20201 25138 return 0; 25139 } 20202 25140 20203 25141 if (rsa->inSet == 0) 20204 25142 { 20205 25143 WOLFSSL_MSG("No RSA internal set, do it"); 20206 25144 20207 25145 if (SetRsaInternal(rsa) != WOLFSSL_SUCCESS) { 20208 25146 WOLFSSL_MSG("SetRsaInternal failed"); 20209 20210 25147 return 0; 25148 } 20211 25149 } 20212 25150 … … 20222 25160 if (encodedSig == NULL) { 20223 25161 XFREE(tmpRNG, NULL, DYNAMIC_TYPE_RNG); 20224 20225 25162 return 0; 25163 } 20226 25164 #endif 20227 25165 … … 20239 25177 else 20240 25178 rng = &globalRNG; 20241 25179 } 20242 25180 20243 25181 if (rng) { … … 20248 25186 } 20249 25187 else { 20250 ret = wc_RsaSSL_Sign(encodedSig, signSz, sigRet, outLen, 20251 (RsaKey*)rsa->internal, rng); 20252 if (ret <= 0) { 20253 WOLFSSL_MSG("Bad Rsa Sign"); 20254 ret = 0; 20255 } 20256 else { 20257 ret = WOLFSSL_SUCCESS; 20258 *sigLen = ret; 20259 } 20260 } 20261 20262 } 25188 show("Encoded Message", encodedSig, signSz); 25189 if (flag != 0) { 25190 ret = wc_RsaSSL_Sign(encodedSig, signSz, sigRet, outLen, 25191 (RsaKey*)rsa->internal, rng); 25192 if (ret <= 0) { 25193 WOLFSSL_MSG("Bad Rsa Sign"); 25194 ret = 0; 25195 } 25196 else { 25197 *sigLen = (unsigned int)ret; 25198 ret = SSL_SUCCESS; 25199 show("Signature", sigRet, *sigLen); 25200 } 25201 } else { 25202 ret = SSL_SUCCESS; 25203 XMEMCPY(sigRet, encodedSig, signSz); 25204 *sigLen = signSz; 25205 } 25206 } 25207 25208 } 20263 25209 20264 25210 if (initTmpRng) … … 20274 25220 else { 20275 25221 WOLFSSL_MSG("wolfSSL_RSA_sign failed"); 20276 }25222 } 20277 25223 return ret; 20278 25224 } 20279 25225 25226 25227 /* returns WOLFSSL_SUCCESS on successful verify and WOLFSSL_FAILURE on fail */ 25228 int wolfSSL_RSA_verify(int type, const unsigned char* m, 25229 unsigned int mLen, const unsigned char* sig, 25230 unsigned int sigLen, WOLFSSL_RSA* rsa) 25231 { 25232 int ret; 25233 unsigned char *sigRet ; 25234 unsigned char *sigDec ; 25235 unsigned int len; 25236 25237 WOLFSSL_ENTER("wolfSSL_RSA_verify"); 25238 if ((m == NULL) || (sig == NULL)) { 25239 WOLFSSL_MSG("Bad function arguments"); 25240 return WOLFSSL_FAILURE; 25241 } 25242 25243 sigRet = (unsigned char *)XMALLOC(sigLen, NULL, DYNAMIC_TYPE_TMP_BUFFER); 25244 if (sigRet == NULL) { 25245 WOLFSSL_MSG("Memory failure"); 25246 return WOLFSSL_FAILURE; 25247 } 25248 sigDec = (unsigned char *)XMALLOC(sigLen, NULL, DYNAMIC_TYPE_TMP_BUFFER); 25249 if (sigDec == NULL) { 25250 WOLFSSL_MSG("Memory failure"); 25251 XFREE(sigRet, NULL, DYNAMIC_TYPE_TMP_BUFFER); 25252 return WOLFSSL_FAILURE; 25253 } 25254 /* get non-encrypted signature to be compared with decrypted sugnature*/ 25255 ret = wolfSSL_RSA_sign_ex(type, m, mLen, sigRet, &len, rsa, 0); 25256 if (ret <= 0) { 25257 WOLFSSL_MSG("Message Digest Error"); 25258 XFREE(sigRet, NULL, DYNAMIC_TYPE_TMP_BUFFER); 25259 XFREE(sigDec, NULL, DYNAMIC_TYPE_TMP_BUFFER); 25260 return WOLFSSL_FAILURE; 25261 } 25262 show("Encoded Message", sigRet, len); 25263 /* decrypt signature */ 25264 ret = wc_RsaSSL_Verify(sig, sigLen, (unsigned char *)sigDec, sigLen, 25265 (RsaKey*)rsa->internal); 25266 if (ret <= 0) { 25267 WOLFSSL_MSG("RSA Decrypt error"); 25268 XFREE(sigRet, NULL, DYNAMIC_TYPE_TMP_BUFFER); 25269 XFREE(sigDec, NULL, DYNAMIC_TYPE_TMP_BUFFER); 25270 return WOLFSSL_FAILURE; 25271 } 25272 show("Decrypted Signature", sigDec, ret); 25273 25274 if ((int)len == ret && XMEMCMP(sigRet, sigDec, ret) == 0) { 25275 WOLFSSL_MSG("wolfSSL_RSA_verify success"); 25276 XFREE(sigRet, NULL, DYNAMIC_TYPE_TMP_BUFFER); 25277 XFREE(sigDec, NULL, DYNAMIC_TYPE_TMP_BUFFER); 25278 return WOLFSSL_SUCCESS; 25279 } 25280 else { 25281 WOLFSSL_MSG("wolfSSL_RSA_verify failed"); 25282 XFREE(sigRet, NULL, DYNAMIC_TYPE_TMP_BUFFER); 25283 XFREE(sigDec, NULL, DYNAMIC_TYPE_TMP_BUFFER); 25284 return WOLFSSL_FAILURE; 25285 } 25286 } 20280 25287 20281 25288 int wolfSSL_RSA_public_decrypt(int flen, const unsigned char* from, … … 20284 25291 int tlen = 0; 20285 25292 20286 WOLFSSL_ MSG("wolfSSL_RSA_public_decrypt");25293 WOLFSSL_ENTER("wolfSSL_RSA_public_decrypt"); 20287 25294 20288 25295 if (rsa == NULL || rsa->internal == NULL || from == NULL) { … … 20347 25354 if (err != MP_OKAY) { 20348 25355 WOLFSSL_MSG("mp_mod error"); 20349 }25356 } 20350 25357 else 20351 25358 err = mp_sub_d((mp_int*)rsa->q->internal, 1, &tmp); 20352 25359 if (err != MP_OKAY) { 20353 25360 WOLFSSL_MSG("mp_sub_d error"); 20354 }25361 } 20355 25362 else 20356 25363 err = mp_mod((mp_int*)rsa->d->internal, &tmp, … … 20363 25370 else 20364 25371 return WOLFSSL_FATAL_ERROR; 20365 }25372 } 20366 25373 #endif /* NO_RSA */ 20367 25374 20368 20369 void wolfSSL_HMAC_Init(WOLFSSL_HMAC_CTX* ctx, const void* key, int keylen, 25375 int wolfSSL_HMAC_CTX_Init(WOLFSSL_HMAC_CTX* ctx) 25376 { 25377 WOLFSSL_MSG("wolfSSL_HMAC_CTX_Init"); 25378 25379 if (ctx != NULL) { 25380 /* wc_HmacSetKey sets up ctx->hmac */ 25381 XMEMSET(ctx, 0, sizeof(WOLFSSL_HMAC_CTX)); 25382 } 25383 25384 return WOLFSSL_SUCCESS; 25385 } 25386 25387 25388 int wolfSSL_HMAC_Init_ex(WOLFSSL_HMAC_CTX* ctx, const void* key, 25389 int keylen, const EVP_MD* type, WOLFSSL_ENGINE* e) 25390 { 25391 WOLFSSL_ENTER("wolfSSL_HMAC_Init_ex"); 25392 25393 /* WOLFSSL_ENGINE not used, call wolfSSL_HMAC_Init */ 25394 (void)e; 25395 return wolfSSL_HMAC_Init(ctx, key, keylen, type); 25396 } 25397 25398 25399 /* helper function for Deep copy of internal wolfSSL hmac structure 25400 * returns WOLFSSL_SUCCESS on success */ 25401 int wolfSSL_HmacCopy(Hmac* des, Hmac* src) 25402 { 25403 int ret = 0; 25404 void* heap = NULL; 25405 25406 #ifndef HAVE_FIPS 25407 heap = src->heap; 25408 #endif 25409 if ((ret = wc_HmacInit(des, heap, 0)) != 0) { 25410 return WOLFSSL_FAILURE; 25411 } 25412 25413 /* requires that hash structures have no dynamic parts to them */ 25414 switch (src->macType) { 25415 #ifndef NO_MD5 25416 case WC_MD5: 25417 wc_Md5Copy(&src->hash.md5, &des->hash.md5); 25418 break; 25419 #endif /* !NO_MD5 */ 25420 25421 #ifndef NO_SHA 25422 case WC_SHA: 25423 wc_ShaCopy(&src->hash.sha, &des->hash.sha); 25424 break; 25425 #endif /* !NO_SHA */ 25426 25427 #ifdef WOLFSSL_SHA224 25428 case WC_SHA224: 25429 wc_Sha224Copy(&src->hash.sha224, &des->hash.sha224); 25430 break; 25431 #endif /* WOLFSSL_SHA224 */ 25432 25433 #ifndef NO_SHA256 25434 case WC_SHA256: 25435 wc_Sha256Copy(&src->hash.sha256, &des->hash.sha256); 25436 break; 25437 #endif /* !NO_SHA256 */ 25438 25439 #ifdef WOLFSSL_SHA384 25440 case WC_SHA384: 25441 wc_Sha384Copy(&src->hash.sha384, &des->hash.sha384); 25442 break; 25443 #endif /* WOLFSSL_SHA384 */ 25444 #ifdef WOLFSSL_SHA512 25445 case WC_SHA512: 25446 wc_Sha512Copy(&src->hash.sha512, &des->hash.sha512); 25447 break; 25448 #endif /* WOLFSSL_SHA512 */ 25449 25450 default: 25451 return WOLFSSL_FAILURE; 25452 } 25453 25454 XMEMCPY((byte*)des->ipad, (byte*)src->ipad, WC_HMAC_BLOCK_SIZE); 25455 XMEMCPY((byte*)des->opad, (byte*)src->opad, WC_HMAC_BLOCK_SIZE); 25456 XMEMCPY((byte*)des->innerHash, (byte*)src->innerHash, WC_MAX_DIGEST_SIZE); 25457 #ifndef HAVE_FIPS 25458 des->heap = heap; 25459 #endif 25460 des->macType = src->macType; 25461 des->innerHashKeyed = src->innerHashKeyed; 25462 25463 #ifdef WOLFSSL_ASYNC_CRYPT 25464 XMEMCPY(&des->asyncDev, &src->asyncDev, sizeof(WC_ASYNC_DEV)); 25465 des->keyLen = src->keyLen; 25466 #ifdef HAVE_CAVIUM 25467 des->data = (byte*)XMALLOC(src->dataLen, des->heap, 25468 DYNAMIC_TYPE_HMAC); 25469 if (des->data == NULL) { 25470 return BUFFER_E; 25471 } 25472 XMEMCPY(des->data, src->data, src->dataLen); 25473 des->dataLen = src->dataLen; 25474 #endif /* HAVE_CAVIUM */ 25475 #endif /* WOLFSSL_ASYNC_CRYPT */ 25476 return WOLFSSL_SUCCESS; 25477 } 25478 25479 25480 /* Deep copy of information from src to des structure 25481 * 25482 * des destination to copy information to 25483 * src structure to get infromation from 25484 * 25485 * Returns WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on error 25486 */ 25487 int wolfSSL_HMAC_CTX_copy(WOLFSSL_HMAC_CTX* des, WOLFSSL_HMAC_CTX* src) 25488 { 25489 WOLFSSL_ENTER("wolfSSL_HMAC_CTX_copy"); 25490 25491 if (des == NULL || src == NULL) { 25492 return WOLFSSL_FAILURE; 25493 } 25494 25495 des->type = src->type; 25496 XMEMCPY((byte *)&des->save_ipad, (byte *)&src->hmac.ipad, 25497 WC_HMAC_BLOCK_SIZE); 25498 XMEMCPY((byte *)&des->save_opad, (byte *)&src->hmac.opad, 25499 WC_HMAC_BLOCK_SIZE); 25500 25501 return wolfSSL_HmacCopy(&des->hmac, &src->hmac); 25502 } 25503 25504 25505 #if defined(HAVE_FIPS) && \ 25506 (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2)) 25507 25508 static int _HMAC_Init(Hmac* hmac, int type, void* heap) 25509 { 25510 int ret = 0; 25511 25512 switch (type) { 25513 #ifndef NO_MD5 25514 case WC_MD5: 25515 ret = wc_InitMd5(&hmac->hash.md5); 25516 break; 25517 #endif /* !NO_MD5 */ 25518 25519 #ifndef NO_SHA 25520 case WC_SHA: 25521 ret = wc_InitSha(&hmac->hash.sha); 25522 break; 25523 #endif /* !NO_SHA */ 25524 25525 #ifdef WOLFSSL_SHA224 25526 case WC_SHA224: 25527 ret = wc_InitSha224(&hmac->hash.sha224); 25528 break; 25529 #endif /* WOLFSSL_SHA224 */ 25530 25531 #ifndef NO_SHA256 25532 case WC_SHA256: 25533 ret = wc_InitSha256(&hmac->hash.sha256); 25534 break; 25535 #endif /* !NO_SHA256 */ 25536 25537 #ifdef WOLFSSL_SHA384 25538 case WC_SHA384: 25539 ret = wc_InitSha384(&hmac->hash.sha384); 25540 break; 25541 #endif /* WOLFSSL_SHA384 */ 25542 #ifdef WOLFSSL_SHA512 25543 case WC_SHA512: 25544 ret = wc_InitSha512(&hmac->hash.sha512); 25545 break; 25546 #endif /* WOLFSSL_SHA512 */ 25547 25548 #ifdef HAVE_BLAKE2 25549 case BLAKE2B_ID: 25550 ret = wc_InitBlake2b(&hmac->hash.blake2b, BLAKE2B_256); 25551 break; 25552 #endif /* HAVE_BLAKE2 */ 25553 25554 #ifdef WOLFSSL_SHA3 25555 case WC_SHA3_224: 25556 ret = wc_InitSha3_224(&hmac->hash.sha3, heap, INVALID_DEVID); 25557 break; 25558 case WC_SHA3_256: 25559 ret = wc_InitSha3_256(&hmac->hash.sha3, heap, INVALID_DEVID); 25560 break; 25561 case WC_SHA3_384: 25562 ret = wc_InitSha3_384(&hmac->hash.sha3, heap, INVALID_DEVID); 25563 break; 25564 case WC_SHA3_512: 25565 ret = wc_InitSha3_512(&hmac->hash.sha3, heap, INVALID_DEVID); 25566 break; 25567 #endif 25568 25569 default: 25570 ret = BAD_FUNC_ARG; 25571 break; 25572 } 25573 25574 (void)heap; 25575 25576 return ret; 25577 } 25578 25579 #else 25580 #define _HMAC_Init _InitHmac 25581 #endif 25582 25583 25584 int wolfSSL_HMAC_Init(WOLFSSL_HMAC_CTX* ctx, const void* key, int keylen, 20370 25585 const EVP_MD* type) 20371 25586 { 25587 int hmac_error = 0; 25588 void* heap = NULL; 25589 20372 25590 WOLFSSL_MSG("wolfSSL_HMAC_Init"); 20373 25591 20374 25592 if (ctx == NULL) { 20375 25593 WOLFSSL_MSG("no ctx on init"); 20376 return; 20377 } 25594 return WOLFSSL_FAILURE; 25595 } 25596 25597 #ifndef HAVE_FIPS 25598 heap = ctx->hmac.heap; 25599 #endif 20378 25600 20379 25601 if (type) { 20380 25602 WOLFSSL_MSG("init has type"); 20381 25603 25604 #ifndef NO_MD5 20382 25605 if (XSTRNCMP(type, "MD5", 3) == 0) { 20383 25606 WOLFSSL_MSG("md5 hmac"); 20384 25607 ctx->type = WC_MD5; 20385 25608 } 20386 else if (XSTRNCMP(type, "SHA256", 6) == 0) { 25609 else 25610 #endif 25611 #ifdef WOLFSSL_SHA224 25612 if (XSTRNCMP(type, "SHA224", 6) == 0) { 25613 WOLFSSL_MSG("sha224 hmac"); 25614 ctx->type = WC_SHA224; 25615 } 25616 else 25617 #endif 25618 #ifndef NO_SHA256 25619 if (XSTRNCMP(type, "SHA256", 6) == 0) { 20387 25620 WOLFSSL_MSG("sha256 hmac"); 20388 25621 ctx->type = WC_SHA256; 20389 25622 } 20390 25623 else 25624 #endif 25625 #ifdef WOLFSSL_SHA384 25626 if (XSTRNCMP(type, "SHA384", 6) == 0) { 25627 WOLFSSL_MSG("sha384 hmac"); 25628 ctx->type = WC_SHA384; 25629 } 25630 else 25631 #endif 25632 #ifdef WOLFSSL_SHA512 25633 if (XSTRNCMP(type, "SHA512", 6) == 0) { 25634 WOLFSSL_MSG("sha512 hmac"); 25635 ctx->type = WC_SHA512; 25636 } 25637 else 25638 #endif 25639 25640 #ifndef NO_SHA 20391 25641 /* has to be last since would pick or 256, 384, or 512 too */ 20392 elseif (XSTRNCMP(type, "SHA", 3) == 0) {25642 if (XSTRNCMP(type, "SHA", 3) == 0) { 20393 25643 WOLFSSL_MSG("sha hmac"); 20394 25644 ctx->type = WC_SHA; 20395 25645 } 20396 else { 25646 else 25647 #endif 25648 { 20397 25649 WOLFSSL_MSG("bad init type"); 25650 return WOLFSSL_FAILURE; 20398 25651 } 20399 25652 } … … 20403 25656 20404 25657 if (wc_HmacInit(&ctx->hmac, NULL, INVALID_DEVID) == 0) { 20405 wc_HmacSetKey(&ctx->hmac, ctx->type, (const byte*)key, 20406 (word32)keylen); 25658 hmac_error = wc_HmacSetKey(&ctx->hmac, ctx->type, (const byte*)key, 25659 (word32)keylen); 25660 if (hmac_error < 0){ 25661 wc_HmacFree(&ctx->hmac); 25662 return WOLFSSL_FAILURE; 25663 } 25664 XMEMCPY((byte *)&ctx->save_ipad, (byte *)&ctx->hmac.ipad, 25665 WC_HMAC_BLOCK_SIZE); 25666 XMEMCPY((byte *)&ctx->save_opad, (byte *)&ctx->hmac.opad, 25667 WC_HMAC_BLOCK_SIZE); 20407 25668 } 20408 25669 /* OpenSSL compat, no error */ 20409 } 20410 } 20411 20412 int wolfSSL_HMAC_Init_ex(WOLFSSL_HMAC_CTX* ctx, const void* key, int len, 20413 const EVP_MD* md, void* impl) 20414 { 20415 (void)impl; 20416 wolfSSL_HMAC_Init(ctx, key, len, md); 20417 return 1; 20418 } 20419 20420 20421 void wolfSSL_HMAC_Update(WOLFSSL_HMAC_CTX* ctx, const unsigned char* data, 25670 } else if(ctx->type >= 0) { /* MD5 == 0 */ 25671 WOLFSSL_MSG("recover hmac"); 25672 wc_HmacFree(&ctx->hmac); 25673 if (wc_HmacInit(&ctx->hmac, NULL, INVALID_DEVID) == 0) { 25674 ctx->hmac.macType = (byte)ctx->type; 25675 ctx->hmac.innerHashKeyed = 0; 25676 XMEMCPY((byte *)&ctx->hmac.ipad, (byte *)&ctx->save_ipad, 25677 WC_HMAC_BLOCK_SIZE); 25678 XMEMCPY((byte *)&ctx->hmac.opad, (byte *)&ctx->save_opad, 25679 WC_HMAC_BLOCK_SIZE); 25680 if ((hmac_error = _HMAC_Init(&ctx->hmac, ctx->hmac.macType, heap)) 25681 !=0) { 25682 return hmac_error; 25683 } 25684 } 25685 } 25686 25687 (void)hmac_error; 25688 25689 return WOLFSSL_SUCCESS; 25690 } 25691 25692 25693 int wolfSSL_HMAC_Update(WOLFSSL_HMAC_CTX* ctx, const unsigned char* data, 20422 25694 int len) 20423 { 25695 { 25696 int hmac_error = 0; 25697 20424 25698 WOLFSSL_MSG("wolfSSL_HMAC_Update"); 20425 25699 20426 if (ctx && data) { 25700 if (ctx == NULL) { 25701 WOLFSSL_MSG("no ctx"); 25702 return WOLFSSL_FAILURE; 25703 } 25704 25705 if (data) { 20427 25706 WOLFSSL_MSG("updating hmac"); 20428 wc_HmacUpdate(&ctx->hmac, data, (word32)len); 20429 /* OpenSSL compat, no error */ 20430 } 20431 } 20432 20433 20434 void wolfSSL_HMAC_Final(WOLFSSL_HMAC_CTX* ctx, unsigned char* hash, 25707 hmac_error = wc_HmacUpdate(&ctx->hmac, data, (word32)len); 25708 if (hmac_error < 0){ 25709 WOLFSSL_MSG("hmac update error"); 25710 return WOLFSSL_FAILURE; 25711 } 25712 } 25713 25714 return WOLFSSL_SUCCESS; 25715 } 25716 25717 25718 int wolfSSL_HMAC_Final(WOLFSSL_HMAC_CTX* ctx, unsigned char* hash, 20435 25719 unsigned int* len) 20436 25720 { 25721 int hmac_error; 25722 20437 25723 WOLFSSL_MSG("wolfSSL_HMAC_Final"); 20438 25724 20439 if (ctx && hash) { 20440 WOLFSSL_MSG("final hmac"); 20441 wc_HmacFinal(&ctx->hmac, hash); 20442 /* OpenSSL compat, no error */ 20443 20444 if (len) { 20445 WOLFSSL_MSG("setting output len"); 20446 switch (ctx->type) { 20447 case WC_MD5: 20448 *len = WC_MD5_DIGEST_SIZE; 20449 break; 20450 20451 case WC_SHA: 20452 *len = WC_SHA_DIGEST_SIZE; 20453 break; 20454 20455 case WC_SHA256: 20456 *len = WC_SHA256_DIGEST_SIZE; 20457 break; 20458 20459 default: 20460 WOLFSSL_MSG("bad hmac type"); 20461 } 20462 } 20463 } 20464 } 20465 20466 20467 void wolfSSL_HMAC_cleanup(WOLFSSL_HMAC_CTX* ctx) 25725 /* "len" parameter is optional. */ 25726 if (ctx == NULL || hash == NULL) { 25727 WOLFSSL_MSG("invalid parameter"); 25728 return WOLFSSL_FAILURE; 25729 } 25730 25731 WOLFSSL_MSG("final hmac"); 25732 hmac_error = wc_HmacFinal(&ctx->hmac, hash); 25733 if (hmac_error < 0){ 25734 WOLFSSL_MSG("final hmac error"); 25735 return WOLFSSL_FAILURE; 25736 } 25737 25738 if (len) { 25739 WOLFSSL_MSG("setting output len"); 25740 switch (ctx->type) { 25741 #ifndef NO_MD5 25742 case WC_MD5: 25743 *len = WC_MD5_DIGEST_SIZE; 25744 break; 25745 #endif 25746 25747 #ifndef NO_SHA 25748 case WC_SHA: 25749 *len = WC_SHA_DIGEST_SIZE; 25750 break; 25751 #endif 25752 25753 #ifdef WOLFSSL_SHA224 25754 case WC_SHA224: 25755 *len = WC_SHA224_DIGEST_SIZE; 25756 break; 25757 #endif 25758 25759 #ifndef NO_SHA256 25760 case WC_SHA256: 25761 *len = WC_SHA256_DIGEST_SIZE; 25762 break; 25763 #endif 25764 25765 #ifdef WOLFSSL_SHA384 25766 case WC_SHA384: 25767 *len = WC_SHA384_DIGEST_SIZE; 25768 break; 25769 #endif 25770 25771 #ifdef WOLFSSL_SHA512 25772 case WC_SHA512: 25773 *len = WC_SHA512_DIGEST_SIZE; 25774 break; 25775 #endif 25776 25777 default: 25778 WOLFSSL_MSG("bad hmac type"); 25779 return WOLFSSL_FAILURE; 25780 } 25781 } 25782 25783 return WOLFSSL_SUCCESS; 25784 } 25785 25786 25787 int wolfSSL_HMAC_cleanup(WOLFSSL_HMAC_CTX* ctx) 20468 25788 { 20469 25789 WOLFSSL_MSG("wolfSSL_HMAC_cleanup"); … … 20471 25791 if (ctx) 20472 25792 wc_HmacFree(&ctx->hmac); 20473 } 25793 25794 return SSL_SUCCESS; 25795 } 20474 25796 20475 25797 … … 20495 25817 20496 25818 25819 #ifndef NO_RSA 20497 25820 WOLFSSL_RSA* wolfSSL_EVP_PKEY_get1_RSA(WOLFSSL_EVP_PKEY* key) 20498 25821 { 20499 (void)key; 20500 WOLFSSL_MSG("wolfSSL_EVP_PKEY_get1_RSA not implemented"); 20501 20502 return NULL; 20503 } 20504 20505 25822 WOLFSSL_RSA* local; 25823 25824 WOLFSSL_MSG("wolfSSL_EVP_PKEY_get1_RSA"); 25825 25826 if (key == NULL) { 25827 return NULL; 25828 } 25829 25830 local = wolfSSL_RSA_new(); 25831 if (local == NULL) { 25832 WOLFSSL_MSG("Error creating a new WOLFSSL_RSA structure"); 25833 return NULL; 25834 } 25835 25836 if (key->type == EVP_PKEY_RSA) { 25837 if (wolfSSL_RSA_LoadDer(local, (const unsigned char*)key->pkey.ptr, 25838 key->pkey_sz) != SSL_SUCCESS) { 25839 /* now try public key */ 25840 if (wolfSSL_RSA_LoadDer_ex(local, 25841 (const unsigned char*)key->pkey.ptr, key->pkey_sz, 25842 WOLFSSL_RSA_LOAD_PUBLIC) != SSL_SUCCESS) { 25843 wolfSSL_RSA_free(local); 25844 local = NULL; 25845 } 25846 } 25847 } 25848 else { 25849 WOLFSSL_MSG("WOLFSSL_EVP_PKEY does not hold an RSA key"); 25850 wolfSSL_RSA_free(local); 25851 local = NULL; 25852 } 25853 return local; 25854 } 25855 25856 25857 /* with set1 functions the pkey struct does not own the RSA structure 25858 * 25859 * returns WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on failure 25860 */ 25861 int wolfSSL_EVP_PKEY_set1_RSA(WOLFSSL_EVP_PKEY *pkey, WOLFSSL_RSA *key) 25862 { 25863 if((pkey == NULL) || (key ==NULL))return WOLFSSL_FAILURE; 25864 WOLFSSL_ENTER("wolfSSL_EVP_PKEY_set1_RSA"); 25865 if (pkey->rsa != NULL && pkey->ownRsa == 1) { 25866 wolfSSL_RSA_free(pkey->rsa); 25867 } 25868 pkey->rsa = key; 25869 pkey->ownRsa = 0; /* pkey does not own RSA */ 25870 pkey->type = EVP_PKEY_RSA; 25871 #ifdef WC_RSA_BLINDING 25872 if (key->ownRng == 0) { 25873 if (wc_RsaSetRNG((RsaKey*)(pkey->rsa->internal), &(pkey->rng)) != 0) { 25874 WOLFSSL_MSG("Error setting RSA rng"); 25875 return SSL_FAILURE; 25876 } 25877 } 25878 #endif 25879 return WOLFSSL_SUCCESS; 25880 } 25881 #endif /* NO_RSA */ 25882 25883 #ifndef NO_WOLFSSL_STUB 20506 25884 WOLFSSL_DSA* wolfSSL_EVP_PKEY_get1_DSA(WOLFSSL_EVP_PKEY* key) 20507 25885 { 20508 25886 (void)key; 20509 25887 WOLFSSL_MSG("wolfSSL_EVP_PKEY_get1_DSA not implemented"); 20510 20511 return NULL; 20512 } 20513 20514 25888 WOLFSSL_STUB("EVP_PKEY_get1_DSA"); 25889 return NULL; 25890 } 25891 #endif 25892 25893 #ifndef NO_WOLFSSL_STUB 20515 25894 WOLFSSL_EC_KEY* wolfSSL_EVP_PKEY_get1_EC_KEY(WOLFSSL_EVP_PKEY* key) 20516 25895 { 20517 25896 (void)key; 25897 WOLFSSL_STUB("EVP_PKEY_get1_EC_KEY"); 20518 25898 WOLFSSL_MSG("wolfSSL_EVP_PKEY_get1_EC_KEY not implemented"); 20519 25899 20520 return NULL;20521 }20522 25900 return NULL; 25901 } 25902 #endif 20523 25903 20524 25904 void* wolfSSL_EVP_X_STATE(const WOLFSSL_EVP_CIPHER_CTX* ctx) … … 20600 25980 20601 25981 if (doset) 20602 25982 (void)wc_AesSetIV(&ctx->cipher.aes, iv); /* OpenSSL compat, no ret */ 20603 25983 else 20604 25984 XMEMCPY(iv, &ctx->cipher.aes.reg, AES_BLOCK_SIZE); … … 20607 25987 #endif /* NO_AES */ 20608 25988 20609 25989 #ifndef NO_WOLFSSL_STUB 20610 25990 const WOLFSSL_EVP_MD* wolfSSL_EVP_ripemd160(void) 20611 25991 { 20612 25992 WOLFSSL_MSG("wolfSSL_ripemd160"); 20613 25993 WOLFSSL_STUB("EVP_ripemd160"); 20614 25994 return NULL; 20615 25995 } 20616 25996 #endif 20617 25997 20618 25998 int wolfSSL_EVP_MD_size(const WOLFSSL_EVP_MD* type) … … 20665 26045 switch (ctx->cipherType) { 20666 26046 26047 #ifdef HAVE_AES_CBC 20667 26048 case AES_128_CBC_TYPE : 20668 26049 case AES_192_CBC_TYPE : … … 20670 26051 WOLFSSL_MSG("AES CBC"); 20671 26052 return AES_BLOCK_SIZE; 20672 26053 #endif 20673 26054 #ifdef WOLFSSL_AES_COUNTER 20674 26055 case AES_128_CTR_TYPE : … … 20678 26059 return AES_BLOCK_SIZE; 20679 26060 #endif 20680 26061 #ifndef NO_DES3 20681 26062 case DES_CBC_TYPE : 20682 26063 WOLFSSL_MSG("DES CBC"); … … 20686 26067 WOLFSSL_MSG("DES EDE3 CBC"); 20687 26068 return DES_BLOCK_SIZE; 26069 #endif 20688 26070 #ifdef HAVE_IDEA 20689 26071 case IDEA_CBC_TYPE : … … 20691 26073 return IDEA_BLOCK_SIZE; 20692 26074 #endif 26075 #ifndef NO_RC4 20693 26076 case ARC4_TYPE : 20694 26077 WOLFSSL_MSG("ARC4"); 20695 26078 return 0; 26079 #endif 20696 26080 20697 26081 case NULL_CIPHER_TYPE : … … 20712 26096 20713 26097 #ifndef NO_AES 20714 if ((XSTRNCMP(name, EVP_AES_128_CBC, XSTRLEN(EVP_AES_128_CBC)) == 0) || 20715 (XSTRNCMP(name, EVP_AES_192_CBC, XSTRLEN(EVP_AES_192_CBC)) == 0) ||20716 (XSTRNCMP(name, EVP_AES_256_CBC, XSTRLEN(EVP_AES_256_CBC)) == 0)) {26098 #ifdef HAVE_AES_CBC 26099 #ifdef WOLFSSL_AES_128 26100 if (XSTRNCMP(name, EVP_AES_128_CBC, XSTRLEN(EVP_AES_128_CBC)) == 0) 20717 26101 return AES_BLOCK_SIZE; 20718 } 26102 #endif 26103 #ifdef WOLFSSL_AES_192 26104 if (XSTRNCMP(name, EVP_AES_192_CBC, XSTRLEN(EVP_AES_192_CBC)) == 0) 26105 return AES_BLOCK_SIZE; 26106 #endif 26107 #ifdef WOLFSSL_AES_256 26108 if (XSTRNCMP(name, EVP_AES_256_CBC, XSTRLEN(EVP_AES_256_CBC)) == 0) 26109 return AES_BLOCK_SIZE; 26110 #endif 26111 #endif /* HAVE_AES_CBC */ 20719 26112 #ifdef WOLFSSL_AES_COUNTER 20720 if ((XSTRNCMP(name, EVP_AES_128_CTR, XSTRLEN(EVP_AES_128_CTR)) == 0) || 20721 (XSTRNCMP(name, EVP_AES_192_CTR, XSTRLEN(EVP_AES_192_CTR)) == 0) || 20722 (XSTRNCMP(name, EVP_AES_256_CTR, XSTRLEN(EVP_AES_256_CTR)) == 0)) { 26113 #ifdef WOLFSSL_AES_128 26114 if (XSTRNCMP(name, EVP_AES_128_CTR, XSTRLEN(EVP_AES_128_CTR)) == 0) 20723 26115 return AES_BLOCK_SIZE; 20724 } 26116 #endif 26117 #ifdef WOLFSSL_AES_192 26118 if (XSTRNCMP(name, EVP_AES_192_CTR, XSTRLEN(EVP_AES_192_CTR)) == 0) 26119 return AES_BLOCK_SIZE; 26120 #endif 26121 #ifdef WOLFSSL_AES_256 26122 if (XSTRNCMP(name, EVP_AES_256_CTR, XSTRLEN(EVP_AES_256_CTR)) == 0) 26123 return AES_BLOCK_SIZE; 26124 #endif 20725 26125 #endif 20726 26126 #endif … … 20730 26130 (XSTRNCMP(name, EVP_DES_EDE3_CBC, XSTRLEN(EVP_DES_EDE3_CBC)) == 0)) { 20731 26131 return DES_BLOCK_SIZE; 20732 26132 } 20733 26133 #endif 20734 26134 … … 20754 26154 } 20755 26155 20756 #if defined(WOLFSSL_KEY_GEN) 26156 void *wolfSSL_OPENSSL_malloc(size_t a) 26157 { 26158 return XMALLOC(a, NULL, DYNAMIC_TYPE_OPENSSL); 26159 } 26160 26161 #if defined(WOLFSSL_KEY_GEN) && defined(WOLFSSL_PEM_TO_DER) 20757 26162 20758 26163 static int EncryptDerKey(byte *der, int *derSz, const EVP_CIPHER* cipher, … … 20778 26183 if (info == NULL) { 20779 26184 WOLFSSL_MSG("malloc failed"); 26185 return WOLFSSL_FAILURE; 26186 } 26187 #endif 26188 26189 XMEMSET(info, 0, sizeof(EncryptedInfo)); 26190 26191 /* set the cipher name on info */ 26192 XSTRNCPY(info->name, cipher, NAME_SZ-1); 26193 info->name[NAME_SZ-1] = '\0'; /* null term */ 26194 26195 ret = wc_EncryptedInfoGet(info, info->name); 26196 if (ret != 0) { 26197 WOLFSSL_MSG("unsupported cipher"); 26198 #ifdef WOLFSSL_SMALL_STACK 26199 XFREE(info, NULL, DYNAMIC_TYPE_ENCRYPTEDINFO); 26200 #endif 20780 26201 return WOLFSSL_FAILURE; 20781 26202 } 20782 #endif20783 info->set = 0;20784 info->ctx = NULL;20785 info->consumed = 0;20786 20787 /* set iv size */20788 if (XSTRNCMP(cipher, "DES", 3) == 0)20789 info->ivSz = DES_IV_SIZE;20790 else if (XSTRNCMP(cipher, "AES", 3) == 0)20791 info->ivSz = AES_IV_SIZE;20792 else {20793 WOLFSSL_MSG("unsupported cipher");20794 #ifdef WOLFSSL_SMALL_STACK20795 XFREE(info, NULL, DYNAMIC_TYPE_ENCRYPTEDINFO);20796 #endif20797 return WOLFSSL_FAILURE;20798 }20799 20800 /* set the cipher name on info */20801 XSTRNCPY(info->name, cipher, NAME_SZ);20802 info->name[NAME_SZ-1] = '\0'; /* null term */20803 26203 20804 26204 /* Generate a random salt */ … … 20809 26209 #endif 20810 26210 return WOLFSSL_FAILURE; 20811 26211 } 20812 26212 20813 26213 /* add the padding before encryption */ … … 20819 26219 20820 26220 /* encrypt buffer */ 20821 if (wolfssl_encrypt_buffer_key(der, *derSz, 20822 passwd, passwdSz, info) != WOLFSSL_SUCCESS) { 26221 if (wc_BufferKeyEncrypt(info, der, *derSz, passwd, passwdSz, WC_MD5) != 0) { 20823 26222 WOLFSSL_MSG("encrypt key failed"); 20824 26223 #ifdef WOLFSSL_SMALL_STACK … … 20840 26239 } 20841 26240 XSTRNCPY((char*)*cipherInfo, info->name, cipherInfoSz); 20842 XSTRNCAT((char*)*cipherInfo, ",", 1);26241 XSTRNCAT((char*)*cipherInfo, ",", 2); 20843 26242 20844 26243 idx = (word32)XSTRLEN((char*)*cipherInfo); … … 20853 26252 XFREE(*cipherInfo, NULL, DYNAMIC_TYPE_STRING); 20854 26253 return WOLFSSL_FAILURE; 20855 26254 } 20856 26255 20857 26256 return WOLFSSL_SUCCESS; 20858 26257 } 20859 #endif /* defined(WOLFSSL_KEY_GEN)*/26258 #endif /* WOLFSSL_KEY_GEN || WOLFSSL_PEM_TO_DER */ 20860 26259 20861 26260 #if defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN) 26261 /* Takes a WOLFSSL_RSA key and writes it out to a WOLFSSL_BIO 26262 * 26263 * bio the WOLFSSL_BIO to write to 26264 * key the WOLFSSL_RSA key to write out 26265 * cipher cipher used 26266 * passwd password string if used 26267 * len length of password string 26268 * cb password callback to use 26269 * arg null terminated string for passphrase 26270 */ 26271 int wolfSSL_PEM_write_bio_RSAPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_RSA* key, 26272 const WOLFSSL_EVP_CIPHER* cipher, 26273 unsigned char* passwd, int len, 26274 pem_password_cb* cb, void* arg) 26275 { 26276 int ret; 26277 WOLFSSL_EVP_PKEY* pkey; 26278 26279 WOLFSSL_ENTER("wolfSSL_PEM_write_bio_RSAPrivateKey"); 26280 26281 26282 pkey = wolfSSL_PKEY_new_ex(bio->heap); 26283 if (pkey == NULL) { 26284 WOLFSSL_MSG("wolfSSL_PKEY_new_ex failed"); 26285 return SSL_FAILURE; 26286 } 26287 26288 pkey->type = EVP_PKEY_RSA; 26289 pkey->rsa = key; 26290 pkey->ownRsa = 0; 26291 #ifdef WOLFSSL_KEY_GEN 26292 /* similar to how wolfSSL_PEM_write_mem_RSAPrivateKey finds DER of key */ 26293 { 26294 int derMax; 26295 int derSz; 26296 byte* derBuf; 26297 26298 /* 5 > size of n, d, p, q, d%(p-1), d(q-1), 1/q%p, e + ASN.1 additional 26299 * informations 26300 */ 26301 derMax = 5 * wolfSSL_RSA_size(key) + AES_BLOCK_SIZE; 26302 26303 derBuf = (byte*)XMALLOC(derMax, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); 26304 if (derBuf == NULL) { 26305 WOLFSSL_MSG("malloc failed"); 26306 wolfSSL_EVP_PKEY_free(pkey); 26307 return SSL_FAILURE; 26308 } 26309 26310 /* Key to DER */ 26311 derSz = wc_RsaKeyToDer((RsaKey*)key->internal, derBuf, derMax); 26312 if (derSz < 0) { 26313 WOLFSSL_MSG("wc_RsaKeyToDer failed"); 26314 XFREE(derBuf, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); 26315 wolfSSL_EVP_PKEY_free(pkey); 26316 return SSL_FAILURE; 26317 } 26318 26319 pkey->pkey.ptr = (char*)XMALLOC(derSz, bio->heap, 26320 DYNAMIC_TYPE_TMP_BUFFER); 26321 if (pkey->pkey.ptr == NULL) { 26322 WOLFSSL_MSG("key malloc failed"); 26323 XFREE(derBuf, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); 26324 wolfSSL_EVP_PKEY_free(pkey); 26325 return SSL_FAILURE; 26326 } 26327 pkey->pkey_sz = derSz; 26328 XMEMCPY(pkey->pkey.ptr, derBuf, derSz); 26329 XFREE(derBuf, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); 26330 } 26331 #endif 26332 26333 ret = wolfSSL_PEM_write_bio_PrivateKey(bio, pkey, cipher, passwd, len, 26334 cb, arg); 26335 26336 wolfSSL_EVP_PKEY_free(pkey); 26337 26338 return ret; 26339 } 26340 20862 26341 20863 26342 int wolfSSL_PEM_write_bio_PrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EVP_PKEY* key, … … 20870 26349 int type; 20871 26350 int ret; 26351 byte* tmp; 20872 26352 20873 26353 (void)cipher; … … 20910 26390 return WOLFSSL_FAILURE; 20911 26391 } 20912 if (bio->mem != NULL) { 20913 XFREE(bio->mem, NULL, DYNAMIC_TYPE_OPENSSL); 20914 } 20915 bio->mem = (byte*)XMALLOC(pemSz, NULL, DYNAMIC_TYPE_OPENSSL); 20916 bio->memLen = pemSz; 20917 20918 ret = wc_DerToPemEx(keyDer, key->pkey_sz, bio->mem, bio->memLen, 26392 tmp = (byte*)XMALLOC(pemSz, bio->heap, DYNAMIC_TYPE_OPENSSL); 26393 if (tmp == NULL) { 26394 return MEMORY_E; 26395 } 26396 26397 ret = wc_DerToPemEx(keyDer, key->pkey_sz, tmp, pemSz, 20919 26398 NULL, type); 20920 26399 if (ret < 0) { 20921 26400 WOLFSSL_LEAVE("wolfSSL_PEM_write_bio_PrivateKey", ret); 20922 return WOLFSSL_FAILURE; 20923 } 20924 20925 return WOLFSSL_SUCCESS; 26401 XFREE(tmp, bio->heap, DYNAMIC_TYPE_OPENSSL); 26402 return SSL_FAILURE; 26403 } 26404 26405 ret = wolfSSL_BIO_write(bio, tmp, pemSz); 26406 XFREE(tmp, bio->heap, DYNAMIC_TYPE_OPENSSL); 26407 if (ret != pemSz) { 26408 WOLFSSL_MSG("Unable to write full PEM to BIO"); 26409 return SSL_FAILURE; 26410 } 26411 26412 return SSL_SUCCESS; 20926 26413 } 20927 26414 #endif /* defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN) */ 20928 26415 20929 #if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) 26416 #if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) && !defined(HAVE_USER_RSA) && \ 26417 (defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM)) 20930 26418 20931 26419 /* return code compliant with OpenSSL : … … 20938 26426 byte *derBuf, *tmp, *cipherInfo = NULL; 20939 26427 int der_max_len = 0, derSz = 0; 26428 const int type = PRIVATEKEY_TYPE; 26429 const char* header = NULL; 26430 const char* footer = NULL; 20940 26431 20941 26432 WOLFSSL_ENTER("wolfSSL_PEM_write_mem_RSAPrivateKey"); … … 20944 26435 WOLFSSL_MSG("Bad function arguments"); 20945 26436 return WOLFSSL_FAILURE; 20946 } 26437 } 26438 26439 if (wc_PemGetHeaderFooter(type, &header, &footer) != 0) 26440 return WOLFSSL_FAILURE; 20947 26441 20948 26442 if (rsa->inSet == 0) { … … 20983 26477 WOLFSSL_MSG("EncryptDerKey failed"); 20984 26478 XFREE(derBuf, NULL, DYNAMIC_TYPE_DER); 20985 20986 26479 return ret; 26480 } 20987 26481 20988 26482 /* tmp buffer with a max size */ 20989 *plen = (derSz * 2) + sizeof(BEGIN_RSA_PRIV) + 20990 sizeof(END_RSA_PRIV) + HEADER_ENCRYPTED_KEY_SIZE; 20991 } 20992 else /* tmp buffer with a max size */ 20993 *plen = (derSz * 2) + sizeof(BEGIN_RSA_PRIV) + sizeof(END_RSA_PRIV); 26483 *plen = (derSz * 2) + (int)XSTRLEN(header) + 1 + 26484 (int)XSTRLEN(footer) + 1 + HEADER_ENCRYPTED_KEY_SIZE; 26485 } 26486 else { 26487 /* tmp buffer with a max size */ 26488 *plen = (derSz * 2) + (int)XSTRLEN(header) + 1 + 26489 (int)XSTRLEN(footer) + 1; 26490 } 20994 26491 20995 26492 tmp = (byte*)XMALLOC(*plen, NULL, DYNAMIC_TYPE_PEM); … … 21003 26500 21004 26501 /* DER to PEM */ 21005 *plen = wc_DerToPemEx(derBuf, derSz, tmp, *plen, cipherInfo, PRIVATEKEY_TYPE);26502 *plen = wc_DerToPemEx(derBuf, derSz, tmp, *plen, cipherInfo, type); 21006 26503 if (*plen <= 0) { 21007 26504 WOLFSSL_MSG("wc_DerToPemEx failed"); … … 21011 26508 XFREE(cipherInfo, NULL, DYNAMIC_TYPE_STRING); 21012 26509 return WOLFSSL_FAILURE; 21013 26510 } 21014 26511 XFREE(derBuf, NULL, DYNAMIC_TYPE_DER); 21015 26512 if (cipherInfo != NULL) … … 21040 26537 * 1 if success, 0 if error 21041 26538 */ 21042 int wolfSSL_PEM_write_RSAPrivateKey( FILE *fp, WOLFSSL_RSA *rsa,26539 int wolfSSL_PEM_write_RSAPrivateKey(XFILE fp, WOLFSSL_RSA *rsa, 21043 26540 const EVP_CIPHER *enc, 21044 26541 unsigned char *kstr, int klen, … … 21053 26550 WOLFSSL_MSG("wolfSSL_PEM_write_RSAPrivateKey"); 21054 26551 21055 if (fp == NULL || rsa == NULL || rsa->internal == NULL) { 26552 if (fp == XBADFILE || rsa == NULL || rsa->internal == NULL) 26553 { 21056 26554 WOLFSSL_MSG("Bad function arguments"); 21057 21058 26555 return WOLFSSL_FAILURE; 26556 } 21059 26557 21060 26558 ret = wolfSSL_PEM_write_mem_RSAPrivateKey(rsa, enc, kstr, klen, &pem, &plen); … … 21074 26572 } 21075 26573 #endif /* NO_FILESYSTEM */ 21076 21077 int wolfSSL_PEM_write_bio_RSAPrivateKey(WOLFSSL_BIO* bio, RSA* rsa, 21078 const EVP_CIPHER* cipher, 21079 unsigned char* passwd, int len, 21080 pem_password_cb* cb, void* arg) 21081 { 21082 (void)bio; 21083 (void)rsa; 21084 (void)cipher; 21085 (void)passwd; 21086 (void)len; 21087 (void)cb; 21088 (void)arg; 21089 21090 WOLFSSL_MSG("wolfSSL_PEM_write_bio_RSAPrivateKey not implemented"); 21091 21092 return WOLFSSL_FAILURE; 21093 } 21094 #endif /* defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) */ 26574 #endif /* WOLFSSL_KEY_GEN && !NO_RSA && !HAVE_USER_RSA && WOLFSSL_PEM_TO_DER */ 26575 21095 26576 21096 26577 #ifdef HAVE_ECC 26578 26579 #ifdef ALT_ECC_SIZE 26580 static int SetIndividualInternalEcc(WOLFSSL_BIGNUM* bn, mp_int* mpi) 26581 { 26582 WOLFSSL_MSG("Entering SetIndividualInternal"); 26583 26584 if (bn == NULL || bn->internal == NULL) { 26585 WOLFSSL_MSG("bn NULL error"); 26586 return WOLFSSL_FATAL_ERROR; 26587 } 26588 26589 if (mpi == NULL) { 26590 WOLFSSL_MSG("mpi NULL error"); 26591 return WOLFSSL_FATAL_ERROR; 26592 } 26593 26594 if (mp_copy((mp_int*)bn->internal, mpi) != MP_OKAY) { 26595 WOLFSSL_MSG("mp_copy error"); 26596 return WOLFSSL_FATAL_ERROR; 26597 } 26598 26599 return WOLFSSL_SUCCESS; 26600 } 26601 #endif /* ALT_ECC_SIZE */ 21097 26602 21098 26603 /* EC_POINT Openssl -> WolfSSL */ … … 21105 26610 WOLFSSL_MSG("ECPoint NULL error"); 21106 26611 return WOLFSSL_FATAL_ERROR; 21107 26612 } 21108 26613 21109 26614 point = (ecc_point*)p->internal; 21110 26615 26616 #ifndef ALT_ECC_SIZE 21111 26617 if (p->X != NULL && SetIndividualInternal(p->X, point->x) != WOLFSSL_SUCCESS) { 21112 26618 WOLFSSL_MSG("ecc point X error"); … … 21123 26629 return WOLFSSL_FATAL_ERROR; 21124 26630 } 26631 #else 26632 if (p->X != NULL && SetIndividualInternalEcc(p->X, point->x) != WOLFSSL_SUCCESS) { 26633 WOLFSSL_MSG("ecc point X error"); 26634 return WOLFSSL_FATAL_ERROR; 26635 } 26636 26637 if (p->Y != NULL && SetIndividualInternalEcc(p->Y, point->y) != WOLFSSL_SUCCESS) { 26638 WOLFSSL_MSG("ecc point Y error"); 26639 return WOLFSSL_FATAL_ERROR; 26640 } 26641 26642 if (p->Z != NULL && SetIndividualInternalEcc(p->Z, point->z) != WOLFSSL_SUCCESS) { 26643 WOLFSSL_MSG("ecc point Z error"); 26644 return WOLFSSL_FATAL_ERROR; 26645 } 26646 #endif 21125 26647 21126 26648 p->inSet = 1; … … 21128 26650 return WOLFSSL_SUCCESS; 21129 26651 } 26652 #endif /* HAVE_ECC */ 26653 #endif /* OPENSSL_EXTRA */ 26654 26655 #if defined(HAVE_ECC) && defined(OPENSSL_EXTRA_X509_SMALL) 21130 26656 21131 26657 /* EC_POINT WolfSSL -> OpenSSL */ … … 21162 26688 return WOLFSSL_SUCCESS; 21163 26689 } 26690 21164 26691 21165 26692 /* EC_KEY wolfSSL -> OpenSSL */ … … 21187 26714 (ecc_point*)eckey->pub_key->internal) != MP_OKAY) { 21188 26715 WOLFSSL_MSG("SetECKeyExternal ecc_copy_point failed"); 21189 21190 26716 return WOLFSSL_FATAL_ERROR; 26717 } 21191 26718 21192 26719 /* set the external pubkey (point) */ 21193 26720 if (SetECPointExternal(eckey->pub_key) != WOLFSSL_SUCCESS) { 21194 26721 WOLFSSL_MSG("SetECKeyExternal SetECPointExternal failed"); 21195 21196 26722 return WOLFSSL_FATAL_ERROR; 26723 } 21197 26724 } 21198 26725 … … 21209 26736 return WOLFSSL_SUCCESS; 21210 26737 } 21211 26738 #endif /* HAVE_ECC && OPENSSL_EXTRA_X509_SMALL */ 26739 26740 #ifdef OPENSSL_EXTRA 26741 #ifdef HAVE_ECC 21212 26742 /* EC_KEY Openssl -> WolfSSL */ 21213 26743 static int SetECKeyInternal(WOLFSSL_EC_KEY* eckey) … … 21240 26770 WOLFSSL_MSG("ec key pub error"); 21241 26771 return WOLFSSL_FATAL_ERROR; 21242 26772 } 21243 26773 21244 26774 /* public key */ … … 21260 26790 21261 26791 return WOLFSSL_SUCCESS; 21262 }26792 } 21263 26793 21264 26794 WOLFSSL_EC_POINT *wolfSSL_EC_KEY_get0_public_key(const WOLFSSL_EC_KEY *key) … … 21272 26802 21273 26803 return key->pub_key; 21274 }26804 } 21275 26805 21276 26806 const WOLFSSL_EC_GROUP *wolfSSL_EC_KEY_get0_group(const WOLFSSL_EC_KEY *key) … … 21343 26873 WOLFSSL_MSG("wolfSSL_EC_KEY_new failure"); 21344 26874 return NULL; 21345 26875 } 21346 26876 21347 26877 /* set the nid of the curve */ … … 21359 26889 } 21360 26890 26891 #endif /* HAVE_ECC */ 26892 #endif /* OPENSSL_EXTRA */ 26893 26894 #if defined(HAVE_ECC) && (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) 21361 26895 static void InitwolfSSL_ECKey(WOLFSSL_EC_KEY* key) 21362 26896 { … … 21383 26917 WOLFSSL_MSG("wolfSSL_EC_KEY_new malloc WOLFSSL_EC_KEY failure"); 21384 26918 return NULL; 21385 26919 } 21386 26920 XMEMSET(external, 0, sizeof(WOLFSSL_EC_KEY)); 21387 26921 … … 21394 26928 wolfSSL_EC_KEY_free(external); 21395 26929 return NULL; 21396 26930 } 21397 26931 XMEMSET(external->internal, 0, sizeof(ecc_key)); 21398 26932 … … 21410 26944 21411 26945 key = (ecc_key*)external->internal; 21412 external->pub_key->internal = (ecc_point*)&key->pubkey; 26946 external->pub_key->internal = wc_ecc_new_point(); 26947 if (wc_ecc_copy_point((ecc_point*)&key->pubkey, 26948 (ecc_point*)external->pub_key->internal) != MP_OKAY) { 26949 WOLFSSL_MSG("wc_ecc_copy_point failure"); 26950 wolfSSL_EC_KEY_free(external); 26951 return NULL; 26952 } 21413 26953 21414 26954 /* curve group */ … … 21451 26991 } 21452 26992 } 21453 26993 #endif /* HAVE_ECC && (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */ 26994 26995 #ifdef OPENSSL_EXTRA 26996 #ifdef HAVE_ECC 26997 26998 #ifndef NO_WOLFSSL_STUB 21454 26999 int wolfSSL_EC_KEY_set_group(WOLFSSL_EC_KEY *key, WOLFSSL_EC_GROUP *group) 21455 27000 { … … 21458 27003 21459 27004 WOLFSSL_ENTER("wolfSSL_EC_KEY_set_group"); 21460 WOLFSSL_ MSG("wolfSSL_EC_KEY_set_group TBD");27005 WOLFSSL_STUB("EC_KEY_set_group"); 21461 27006 21462 27007 return -1; 21463 27008 } 27009 #endif 21464 27010 21465 27011 int wolfSSL_EC_KEY_generate_key(WOLFSSL_EC_KEY *key) … … 21481 27027 } 21482 27028 21483 #ifdef WOLFSSL_SMALL_STACK27029 #ifdef WOLFSSL_SMALL_STACK 21484 27030 tmpRNG = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG); 21485 27031 if (tmpRNG == NULL) … … 21497 27043 else 21498 27044 rng = &globalRNG; 21499 }27045 } 21500 27046 21501 27047 if (rng == NULL) { … … 21514 27060 #endif 21515 27061 return 0; 21516 }27062 } 21517 27063 21518 27064 if (initTmpRng) 21519 27065 wc_FreeRng(tmpRNG); 21520 #ifdef WOLFSSL_SMALL_STACK27066 #ifdef WOLFSSL_SMALL_STACK 21521 27067 XFREE(tmpRNG, NULL, DYNAMIC_TYPE_RNG); 21522 #endif27068 #endif 21523 27069 21524 27070 if (SetECKeyExternal(key) != WOLFSSL_SUCCESS) { … … 21530 27076 } 21531 27077 27078 #ifndef NO_WOLFSSL_STUB 21532 27079 void wolfSSL_EC_KEY_set_asn1_flag(WOLFSSL_EC_KEY *key, int asn1_flag) 21533 27080 { … … 21536 27083 21537 27084 WOLFSSL_ENTER("wolfSSL_EC_KEY_set_asn1_flag"); 21538 WOLFSSL_MSG("wolfSSL_EC_KEY_set_asn1_flag TBD"); 21539 } 27085 WOLFSSL_STUB("EC_KEY_set_asn1_flag"); 27086 } 27087 #endif 21540 27088 21541 27089 /* return code compliant with OpenSSL : … … 21553 27101 WOLFSSL_MSG("wolfSSL_EC_GROUP_get_order Bad arguments"); 21554 27102 return WOLFSSL_FAILURE; 21555 27103 } 21556 27104 21557 27105 if (key->inSet == 0) { … … 21591 27139 } 21592 27140 21593 #if defined(DEBUG_WOLFSSL) && !defined(NO_FILESYSTEM) 21594 wolfssl_EC_POINT_dump("pub", pub); 21595 wolfssl_EC_POINT_dump("key->pub_key", key->pub_key); 21596 #endif 27141 wolfSSL_EC_POINT_dump("pub", pub); 27142 wolfSSL_EC_POINT_dump("key->pub_key", key->pub_key); 27143 21597 27144 return WOLFSSL_SUCCESS; 21598 27145 } 21599 27146 /* End EC_KEY */ 21600 27147 21601 #if defined(DEBUG_WOLFSSL) && !defined(NO_FILESYSTEM) 21602 void wolfssl_EC_POINT_dump(const char *msg, const WOLFSSL_EC_POINT *p) 21603 { 27148 27149 #ifndef HAVE_SELFTEST 27150 /* ECC point compression types were not included in selftest ecc.h */ 27151 27152 char* wolfSSL_EC_POINT_point2hex(const WOLFSSL_EC_GROUP* group, 27153 const WOLFSSL_EC_POINT* point, int form, 27154 WOLFSSL_BN_CTX* ctx) 27155 { 27156 static const char* hexDigit = "0123456789ABCDEF"; 27157 char* hex = NULL; 27158 int id = wc_ecc_get_curve_id(group->curve_idx); 27159 int i, sz, len; 27160 27161 (void)ctx; 27162 27163 if (group == NULL || point == NULL) 27164 return NULL; 27165 27166 if ((sz = wc_ecc_get_curve_size_from_id(id)) < 0) 27167 return NULL; 27168 27169 len = sz + 1; 27170 if (form == POINT_CONVERSION_UNCOMPRESSED) 27171 len += sz; 27172 27173 hex = (char*)XMALLOC(2 * len + 1, NULL, DYNAMIC_TYPE_ECC); 27174 if (hex == NULL) 27175 return NULL; 27176 XMEMSET(hex, 0, 2 * len + 1); 27177 27178 /* Put in x-ordinate after format byte. */ 27179 i = sz - mp_unsigned_bin_size((mp_int*)point->X->internal) + 1; 27180 if (mp_to_unsigned_bin((mp_int*)point->X->internal, (byte*)(hex + i)) < 0) { 27181 XFREE(hex, NULL, DYNAMIC_TYPE_ECC); 27182 return NULL; 27183 } 27184 27185 if (form == POINT_CONVERSION_COMPRESSED) { 27186 hex[0] = mp_isodd((mp_int*)point->Y->internal) ? ECC_POINT_COMP_ODD : 27187 ECC_POINT_COMP_EVEN; 27188 } 27189 else { 27190 hex[0] = ECC_POINT_UNCOMP; 27191 /* Put in y-ordinate after x-ordinate */ 27192 i = 1 + 2 * sz - mp_unsigned_bin_size((mp_int*)point->Y->internal); 27193 if (mp_to_unsigned_bin((mp_int*)point->Y->internal, 27194 (byte*)(hex + i)) < 0) { 27195 XFREE(hex, NULL, DYNAMIC_TYPE_ECC); 27196 return NULL; 27197 } 27198 } 27199 27200 for (i = len-1; i >= 0; i--) { 27201 byte b = hex[i]; 27202 hex[i * 2 + 1] = hexDigit[b & 0xf]; 27203 hex[i * 2 ] = hexDigit[b >> 4]; 27204 } 27205 27206 return hex; 27207 } 27208 27209 #endif /* HAVE_SELFTEST */ 27210 27211 void wolfSSL_EC_POINT_dump(const char *msg, const WOLFSSL_EC_POINT *p) 27212 { 27213 #if defined(DEBUG_WOLFSSL) 21604 27214 char *num; 21605 27215 21606 WOLFSSL_ENTER("wolf ssl_EC_POINT_dump");27216 WOLFSSL_ENTER("wolfSSL_EC_POINT_dump"); 21607 27217 21608 27218 if (p == NULL) { 21609 fprintf(stderr,"%s = NULL", msg);27219 printf("%s = NULL", msg); 21610 27220 return; 21611 27221 } 21612 27222 21613 fprintf(stderr,"%s:\n\tinSet=%d, exSet=%d\n", msg, p->inSet, p->exSet);27223 printf("%s:\n\tinSet=%d, exSet=%d\n", msg, p->inSet, p->exSet); 21614 27224 num = wolfSSL_BN_bn2hex(p->X); 21615 fprintf(stderr,"\tX = %s\n", num);27225 printf("\tX = %s\n", num); 21616 27226 XFREE(num, NULL, DYNAMIC_TYPE_ECC); 21617 27227 num = wolfSSL_BN_bn2hex(p->Y); 21618 fprintf(stderr,"\tY = %s\n", num);27228 printf("\tY = %s\n", num); 21619 27229 XFREE(num, NULL, DYNAMIC_TYPE_ECC); 21620 } 21621 #endif 27230 num = wolfSSL_BN_bn2hex(p->Z); 27231 printf("\tZ = %s\n", num); 27232 XFREE(num, NULL, DYNAMIC_TYPE_ECC); 27233 #else 27234 (void)msg; 27235 (void)p; 27236 #endif 27237 } 21622 27238 21623 27239 /* Start EC_GROUP */ … … 21644 27260 /* ko */ 21645 27261 return 1; 21646 } 21647 27262 } 27263 27264 #endif /* HAVE_ECC */ 27265 #endif /* OPENSSL_EXTRA */ 27266 27267 #if defined(HAVE_ECC) && (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) 21648 27268 void wolfSSL_EC_GROUP_free(WOLFSSL_EC_GROUP *group) 21649 27269 { … … 21653 27273 group = NULL; 21654 27274 } 21655 27275 #endif 27276 27277 #ifdef OPENSSL_EXTRA 27278 #ifdef HAVE_ECC 27279 #ifndef NO_WOLFSSL_STUB 21656 27280 void wolfSSL_EC_GROUP_set_asn1_flag(WOLFSSL_EC_GROUP *group, int flag) 21657 27281 { … … 21660 27284 21661 27285 WOLFSSL_ENTER("wolfSSL_EC_GROUP_set_asn1_flag"); 21662 WOLFSSL_MSG("wolfSSL_EC_GROUP_set_asn1_flag TBD"); 21663 } 27286 WOLFSSL_STUB("EC_GROUP_set_asn1_flag"); 27287 } 27288 #endif 21664 27289 21665 27290 WOLFSSL_EC_GROUP *wolfSSL_EC_GROUP_new_by_curve_name(int nid) … … 21688 27313 g->curve_oid = ecc_sets[x].oidSum; 21689 27314 break; 21690 27315 } 21691 27316 21692 27317 return g; … … 21703 27328 WOLFSSL_MSG("wolfSSL_EC_GROUP_get_curve_name Bad arguments"); 21704 27329 return WOLFSSL_FAILURE; 21705 }27330 } 21706 27331 21707 27332 return group->curve_nid; … … 21776 27401 21777 27402 if (mp_read_radix((mp_int*)order->internal, 21778 ecc_sets[group->curve_idx].order, 16) != MP_OKAY) {27403 ecc_sets[group->curve_idx].order, MP_RADIX_HEX) != MP_OKAY) { 21779 27404 WOLFSSL_MSG("wolfSSL_EC_GROUP_get_order mp_read order failure"); 21780 27405 mp_clear((mp_int*)order->internal); … … 21783 27408 21784 27409 return WOLFSSL_SUCCESS; 21785 }27410 } 21786 27411 /* End EC_GROUP */ 21787 27412 … … 21802 27427 WOLFSSL_MSG("wolfSSL_ECPoint_i2d NULL error"); 21803 27428 return WOLFSSL_FAILURE; 21804 27429 } 21805 27430 21806 27431 if (p->inSet == 0) { … … 21810 27435 WOLFSSL_MSG("SetECPointInternal SetECPointInternal failed"); 21811 27436 return WOLFSSL_FAILURE; 21812 } 21813 } 21814 21815 #if defined(DEBUG_WOLFSSL) && !defined(NO_FILESYSTEM) 27437 } 27438 } 27439 21816 27440 if (out != NULL) { 21817 wolf ssl_EC_POINT_dump("i2d p", p);21818 } 21819 #endif 27441 wolfSSL_EC_POINT_dump("i2d p", p); 27442 } 27443 21820 27444 err = wc_ecc_export_point_der(group->curve_idx, (ecc_point*)p->internal, 21821 27445 out, len); … … 21823 27447 WOLFSSL_MSG("wolfSSL_ECPoint_i2d wc_ecc_export_point_der failed"); 21824 27448 return WOLFSSL_FAILURE; 21825 27449 } 21826 27450 21827 27451 return WOLFSSL_SUCCESS; … … 21856 27480 } 21857 27481 21858 #if defined(DEBUG_WOLFSSL) && !defined(NO_FILESYSTEM) 21859 wolfssl_EC_POINT_dump("d2i p", p); 21860 #endif 27482 wolfSSL_EC_POINT_dump("d2i p", p); 27483 21861 27484 return WOLFSSL_SUCCESS; 21862 27485 } … … 21886 27509 XFREE(p, NULL, DYNAMIC_TYPE_ECC); 21887 27510 return NULL; 21888 27511 } 21889 27512 21890 27513 return p; … … 21925 27548 } 21926 27549 27550 #ifndef WOLFSSL_ATECC508A 21927 27551 /* return code compliant with OpenSSL : 21928 27552 * 1 if success, 0 if error … … 21952 27576 WOLFSSL_MSG("SetECPointInternal q failed"); 21953 27577 return WOLFSSL_FAILURE; 21954 27578 } 21955 27579 } 21956 27580 … … 21960 27584 } 21961 27585 21962 ret = mp_read_radix(&prime, ecc_sets[group->curve_idx].prime, 16); 21963 if (ret == MP_OKAY) 21964 ret = mp_read_radix(&a, ecc_sets[group->curve_idx].Af, 16); 27586 ret = mp_read_radix(&prime, ecc_sets[group->curve_idx].prime, MP_RADIX_HEX); 27587 if (ret == MP_OKAY) { 27588 ret = mp_read_radix(&a, ecc_sets[group->curve_idx].Af, MP_RADIX_HEX); 27589 } 21965 27590 21966 27591 /* r = q * m % prime */ 21967 if (ret == MP_OKAY) 27592 if (ret == MP_OKAY) { 21968 27593 ret = wc_ecc_mulmod((mp_int*)m->internal, (ecc_point*)q->internal, 21969 27594 (ecc_point*)r->internal, &a, &prime, 1); 27595 } 21970 27596 21971 27597 mp_clear(&a); … … 21973 27599 21974 27600 if (ret == MP_OKAY) { 27601 r->inSet = 1; /* mark internal set */ 27602 21975 27603 /* set the external value for the computed point */ 21976 ret = SetECPoint Internal(r);27604 ret = SetECPointExternal(r); 21977 27605 if (ret != WOLFSSL_SUCCESS) { 21978 27606 WOLFSSL_MSG("SetECPointInternal r failed"); … … 21984 27612 21985 27613 return ret; 21986 } 27614 } 27615 #endif 21987 27616 21988 27617 void wolfSSL_EC_POINT_clear_free(WOLFSSL_EC_POINT *p) … … 21991 27620 21992 27621 wolfSSL_EC_POINT_free(p); 21993 }27622 } 21994 27623 21995 27624 /* return code compliant with OpenSSL : … … 22002 27631 int ret; 22003 27632 22004 27633 (void)ctx; 22005 27634 22006 27635 WOLFSSL_ENTER("wolfSSL_EC_POINT_cmp"); … … 22020 27649 return WOLFSSL_FATAL_ERROR; 22021 27650 } 22022 27651 #endif /* HAVE_ECC */ 27652 #endif /* OPENSSL_EXTRA */ 27653 27654 #if defined(HAVE_ECC) && (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) 22023 27655 void wolfSSL_EC_POINT_free(WOLFSSL_EC_POINT *p) 22024 27656 { … … 22026 27658 22027 27659 if (p != NULL) { 22028 if (p->internal == NULL) {27660 if (p->internal != NULL) { 22029 27661 wc_ecc_del_point((ecc_point*)p->internal); 22030 XFREE(p->internal, NULL, DYNAMIC_TYPE_ECC);22031 27662 p->internal = NULL; 22032 27663 } 22033 27664 22034 27665 wolfSSL_BN_free(p->X); … … 22043 27674 p = NULL; 22044 27675 } 22045 } 22046 27676 } 27677 #endif 27678 27679 #ifdef OPENSSL_EXTRA 27680 #ifdef HAVE_ECC 22047 27681 /* return code compliant with OpenSSL : 22048 27682 * 1 if point at infinity, 0 else … … 22090 27724 XFREE(sig, NULL, DYNAMIC_TYPE_ECC); 22091 27725 } 22092 }27726 } 22093 27727 22094 27728 WOLFSSL_ECDSA_SIG *wolfSSL_ECDSA_SIG_new(void) … … 22151 27785 WOLFSSL_MSG("wolfSSL_ECDSA_do_sign SetECKeyInternal failed"); 22152 27786 return NULL; 22153 27787 } 22154 27788 } 22155 27789 … … 22163 27797 rng = tmpRNG; 22164 27798 initTmpRng = 1; 22165 }27799 } 22166 27800 else { 22167 27801 WOLFSSL_MSG("wolfSSL_ECDSA_do_sign Bad RNG Init, trying global"); … … 22179 27813 &sig_r, &sig_s) != MP_OKAY) { 22180 27814 WOLFSSL_MSG("wc_ecc_sign_hash_ex failed"); 22181 27815 } 22182 27816 else { 22183 27817 /* put signature blob in ECDSA structure */ … … 22189 27823 wolfSSL_ECDSA_SIG_free(sig); 22190 27824 sig = NULL; 22191 27825 } 22192 27826 else if (SetIndividualExternal(&(sig->s), &sig_s)!=WOLFSSL_SUCCESS){ 22193 27827 WOLFSSL_MSG("ecdsa s key error"); 22194 27828 wolfSSL_ECDSA_SIG_free(sig); 22195 27829 sig = NULL; 22196 27830 } 22197 27831 22198 27832 } … … 22235 27869 return WOLFSSL_FATAL_ERROR; 22236 27870 } 22237 }27871 } 22238 27872 22239 27873 if (wc_ecc_verify_hash_ex((mp_int*)sig->r->internal, … … 22246 27880 WOLFSSL_MSG("wc_ecc_verify_hash incorrect signature detected"); 22247 27881 return WOLFSSL_FAILURE; 22248 27882 } 22249 27883 22250 27884 return WOLFSSL_SUCCESS; 27885 } 27886 27887 WOLFSSL_ECDSA_SIG *wolfSSL_d2i_ECDSA_SIG(WOLFSSL_ECDSA_SIG **sig, 27888 const unsigned char **pp, long len) 27889 { 27890 WOLFSSL_ECDSA_SIG *s = NULL; 27891 27892 if (pp == NULL) 27893 return NULL; 27894 27895 if (sig != NULL) 27896 s = *sig; 27897 if (s == NULL) { 27898 s = wolfSSL_ECDSA_SIG_new(); 27899 if (s == NULL) 27900 return NULL; 27901 } 27902 27903 /* DecodeECC_DSA_Sig calls mp_init, so free these */ 27904 mp_free((mp_int*)s->r->internal); 27905 mp_free((mp_int*)s->s->internal); 27906 27907 if (DecodeECC_DSA_Sig(*pp, (word32)len, (mp_int*)s->r->internal, 27908 (mp_int*)s->s->internal) != MP_OKAY) { 27909 if (sig == NULL || *sig == NULL) 27910 wolfSSL_ECDSA_SIG_free(s); 27911 return NULL; 27912 } 27913 27914 *pp += len; 27915 if (sig != NULL) 27916 *sig = s; 27917 return s; 27918 } 27919 27920 int wolfSSL_i2d_ECDSA_SIG(const WOLFSSL_ECDSA_SIG *sig, unsigned char **pp) 27921 { 27922 word32 len; 27923 27924 if (sig == NULL) 27925 return 0; 27926 27927 /* ASN.1: SEQ + INT + INT 27928 * ASN.1 Integer must be a positive value - prepend zero if number has 27929 * top bit set. 27930 */ 27931 len = 2 + mp_leading_bit((mp_int*)sig->r->internal) + 27932 mp_unsigned_bin_size((mp_int*)sig->r->internal) + 27933 2 + mp_leading_bit((mp_int*)sig->s->internal) + 27934 mp_unsigned_bin_size((mp_int*)sig->s->internal); 27935 /* Two bytes required for length if ASN.1 SEQ data greater than 127 bytes 27936 * and less than 256 bytes. 27937 */ 27938 len = 1 + ((len > 127) ? 2 : 1) + len; 27939 if (pp != NULL && *pp != NULL) { 27940 if (StoreECC_DSA_Sig(*pp, &len, (mp_int*)sig->r->internal, 27941 (mp_int*)sig->s->internal) != MP_OKAY) { 27942 len = 0; 27943 } 27944 else 27945 *pp += len; 27946 } 27947 27948 return (int)len; 22251 27949 } 22252 27950 /* End ECDSA_SIG */ … … 22267 27965 (void)KDF; 22268 27966 22269 27967 WOLFSSL_ENTER("wolfSSL_ECDH_compute_key"); 22270 27968 22271 27969 if (out == NULL || pub_key == NULL || pub_key->internal == NULL || … … 22273 27971 WOLFSSL_MSG("Bad function arguments"); 22274 27972 return WOLFSSL_FATAL_ERROR; 22275 }27973 } 22276 27974 22277 27975 /* set internal key if not done */ … … 22293 27991 WOLFSSL_MSG("wc_ecc_shared_secret failed"); 22294 27992 return WOLFSSL_FATAL_ERROR; 22295 }27993 } 22296 27994 22297 27995 return len; 22298 }27996 } 22299 27997 /* End ECDH */ 22300 27998 … … 22303 28001 * 1 if success, 0 if error 22304 28002 */ 22305 int wolfSSL_PEM_write_EC_PUBKEY(FILE *fp, WOLFSSL_EC_KEY *x) 28003 #ifndef NO_WOLFSSL_STUB 28004 int wolfSSL_PEM_write_EC_PUBKEY(XFILE fp, WOLFSSL_EC_KEY *x) 22306 28005 { 22307 28006 (void)fp; 22308 28007 (void)x; 22309 28008 WOLFSSL_STUB("PEM_write_EC_PUBKEY"); 22310 28009 WOLFSSL_MSG("wolfSSL_PEM_write_EC_PUBKEY not implemented"); 22311 28010 22312 28011 return WOLFSSL_FAILURE; 22313 28012 } 28013 #endif 28014 22314 28015 #endif /* NO_FILESYSTEM */ 22315 28016 … … 22319 28020 * 1 if success, 0 if error 22320 28021 */ 28022 #ifndef NO_WOLFSSL_STUB 22321 28023 int wolfSSL_PEM_write_bio_ECPrivateKey(WOLFSSL_BIO* bio, WOLFSSL_EC_KEY* ecc, 22322 28024 const EVP_CIPHER* cipher, … … 22331 28033 (void)cb; 22332 28034 (void)arg; 22333 28035 WOLFSSL_STUB("PEM_write_bio_ECPrivateKey"); 22334 28036 WOLFSSL_MSG("wolfSSL_PEM_write_bio_ECPrivateKey not implemented"); 22335 28037 22336 28038 return WOLFSSL_FAILURE; 22337 28039 } 28040 #endif 22338 28041 22339 28042 /* return code compliant with OpenSSL : … … 22345 28048 unsigned char **pem, int *plen) 22346 28049 { 28050 #if defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM) 22347 28051 byte *derBuf, *tmp, *cipherInfo = NULL; 22348 28052 int der_max_len = 0, derSz = 0; 28053 const int type = ECC_PRIVATEKEY_TYPE; 28054 const char* header = NULL; 28055 const char* footer = NULL; 22349 28056 22350 28057 WOLFSSL_MSG("wolfSSL_PEM_write_mem_ECPrivateKey"); … … 22355 28062 } 22356 28063 28064 if (wc_PemGetHeaderFooter(type, &header, &footer) != 0) 28065 return WOLFSSL_FAILURE; 28066 22357 28067 if (ecc->inSet == 0) { 22358 28068 WOLFSSL_MSG("No ECC internal set, do it"); … … 22361 28071 WOLFSSL_MSG("SetDsaInternal failed"); 22362 28072 return WOLFSSL_FAILURE; 22363 28073 } 22364 28074 } 22365 28075 … … 22380 28090 XFREE(derBuf, NULL, DYNAMIC_TYPE_DER); 22381 28091 return WOLFSSL_FAILURE; 22382 }28092 } 22383 28093 22384 28094 /* encrypt DER buffer if required */ … … 22392 28102 XFREE(derBuf, NULL, DYNAMIC_TYPE_DER); 22393 28103 return ret; 22394 28104 } 22395 28105 22396 28106 /* tmp buffer with a max size */ 22397 *plen = (derSz * 2) + sizeof(BEGIN_EC_PRIV) + 22398 sizeof(END_EC_PRIV) + HEADER_ENCRYPTED_KEY_SIZE; 22399 } 22400 else /* tmp buffer with a max size */ 22401 *plen = (derSz * 2) + sizeof(BEGIN_EC_PRIV) + sizeof(END_EC_PRIV); 28107 *plen = (derSz * 2) + (int)XSTRLEN(header) + 1 + 28108 (int)XSTRLEN(footer) + 1 + HEADER_ENCRYPTED_KEY_SIZE; 28109 } 28110 else { /* tmp buffer with a max size */ 28111 *plen = (derSz * 2) + (int)XSTRLEN(header) + 1 + 28112 (int)XSTRLEN(footer) + 1; 28113 } 22402 28114 22403 28115 tmp = (byte*)XMALLOC(*plen, NULL, DYNAMIC_TYPE_PEM); … … 22408 28120 XFREE(cipherInfo, NULL, DYNAMIC_TYPE_STRING); 22409 28121 return WOLFSSL_FAILURE; 22410 28122 } 22411 28123 22412 28124 /* DER to PEM */ 22413 *plen = wc_DerToPemEx(derBuf, derSz, tmp, *plen, cipherInfo, ECC_PRIVATEKEY_TYPE);28125 *plen = wc_DerToPemEx(derBuf, derSz, tmp, *plen, cipherInfo, type); 22414 28126 if (*plen <= 0) { 22415 28127 WOLFSSL_MSG("wc_DerToPemEx failed"); … … 22441 28153 22442 28154 return WOLFSSL_SUCCESS; 28155 #else 28156 (void)ecc; 28157 (void)cipher; 28158 (void)passwd; 28159 (void)passwdSz; 28160 (void)pem; 28161 (void)plen; 28162 return WOLFSSL_FAILURE; 28163 #endif /* WOLFSSL_PEM_TO_DER || WOLFSSL_DER_TO_PEM */ 22443 28164 } 22444 28165 … … 22447 28168 * 1 if success, 0 if error 22448 28169 */ 22449 int wolfSSL_PEM_write_ECPrivateKey( FILE *fp, WOLFSSL_EC_KEY *ecc,28170 int wolfSSL_PEM_write_ECPrivateKey(XFILE fp, WOLFSSL_EC_KEY *ecc, 22450 28171 const EVP_CIPHER *enc, 22451 28172 unsigned char *kstr, int klen, … … 22460 28181 WOLFSSL_MSG("wolfSSL_PEM_write_ECPrivateKey"); 22461 28182 22462 if (fp == NULL|| ecc == NULL || ecc->internal == NULL) {28183 if (fp == XBADFILE || ecc == NULL || ecc->internal == NULL) { 22463 28184 WOLFSSL_MSG("Bad function arguments"); 22464 28185 return WOLFSSL_FAILURE; … … 22475 28196 WOLFSSL_MSG("ECC private key file write failed"); 22476 28197 return WOLFSSL_FAILURE; 22477 }28198 } 22478 28199 22479 28200 XFREE(pem, NULL, DYNAMIC_TYPE_KEY); 22480 28201 return WOLFSSL_SUCCESS; 22481 }28202 } 22482 28203 22483 28204 #endif /* NO_FILESYSTEM */ … … 22509 28230 WOLFSSL_MSG("wolfSSL_PEM_write_bio_DSAPrivateKey not implemented"); 22510 28231 22511 return WOLFSSL_FAILURE;22512 }28232 return WOLFSSL_FAILURE; 28233 } 22513 28234 22514 28235 /* return code compliant with OpenSSL : … … 22519 28240 unsigned char* passwd, int passwdSz, 22520 28241 unsigned char **pem, int *plen) 22521 { 28242 { 28243 #if defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM) 22522 28244 byte *derBuf, *tmp, *cipherInfo = NULL; 22523 28245 int der_max_len = 0, derSz = 0; 28246 const int type = DSA_PRIVATEKEY_TYPE; 28247 const char* header = NULL; 28248 const char* footer = NULL; 22524 28249 22525 28250 WOLFSSL_MSG("wolfSSL_PEM_write_mem_DSAPrivateKey"); … … 22528 28253 WOLFSSL_MSG("Bad function arguments"); 22529 28254 return WOLFSSL_FAILURE; 22530 } 28255 } 28256 28257 if (wc_PemGetHeaderFooter(type, &header, &footer) != 0) 28258 return WOLFSSL_FAILURE; 22531 28259 22532 28260 if (dsa->inSet == 0) { … … 22537 28265 return WOLFSSL_FAILURE; 22538 28266 } 22539 28267 } 22540 28268 22541 28269 /* 4 > size of pub, priv, p, q, g + ASN.1 additional informations … … 22570 28298 22571 28299 /* tmp buffer with a max size */ 22572 *plen = (derSz * 2) + sizeof(BEGIN_DSA_PRIV) + 22573 sizeof(END_DSA_PRIV) + HEADER_ENCRYPTED_KEY_SIZE; 22574 } 22575 else /* tmp buffer with a max size */ 22576 *plen = (derSz * 2) + sizeof(BEGIN_DSA_PRIV) + sizeof(END_DSA_PRIV); 28300 *plen = (derSz * 2) + (int)XSTRLEN(header) + 1 + 28301 (int)XSTRLEN(footer) + 1 + HEADER_ENCRYPTED_KEY_SIZE; 28302 } 28303 else { /* tmp buffer with a max size */ 28304 *plen = (derSz * 2) + (int)XSTRLEN(header) + 1 + 28305 (int)XSTRLEN(footer) + 1; 28306 } 22577 28307 22578 28308 tmp = (byte*)XMALLOC(*plen, NULL, DYNAMIC_TYPE_PEM); … … 22586 28316 22587 28317 /* DER to PEM */ 22588 *plen = wc_DerToPemEx(derBuf, derSz, tmp, *plen, cipherInfo, DSA_PRIVATEKEY_TYPE);28318 *plen = wc_DerToPemEx(derBuf, derSz, tmp, *plen, cipherInfo, type); 22589 28319 if (*plen <= 0) { 22590 28320 WOLFSSL_MSG("wc_DerToPemEx failed"); … … 22612 28342 XFREE(tmp, NULL, DYNAMIC_TYPE_PEM); 22613 28343 return WOLFSSL_FAILURE; 22614 28344 } 22615 28345 XFREE(tmp, NULL, DYNAMIC_TYPE_PEM); 22616 28346 22617 28347 return WOLFSSL_SUCCESS; 28348 #else 28349 (void)dsa; 28350 (void)cipher; 28351 (void)passwd; 28352 (void)passwdSz; 28353 (void)pem; 28354 (void)plen; 28355 return WOLFSSL_FAILURE; 28356 #endif /* WOLFSSL_PEM_TO_DER || WOLFSSL_DER_TO_PEM */ 22618 28357 } 22619 28358 … … 22622 28361 * 1 if success, 0 if error 22623 28362 */ 22624 int wolfSSL_PEM_write_DSAPrivateKey( FILE *fp, WOLFSSL_DSA *dsa,28363 int wolfSSL_PEM_write_DSAPrivateKey(XFILE fp, WOLFSSL_DSA *dsa, 22625 28364 const EVP_CIPHER *enc, 22626 28365 unsigned char *kstr, int klen, … … 22635 28374 WOLFSSL_MSG("wolfSSL_PEM_write_DSAPrivateKey"); 22636 28375 22637 if (fp == NULL|| dsa == NULL || dsa->internal == NULL) {28376 if (fp == XBADFILE || dsa == NULL || dsa->internal == NULL) { 22638 28377 WOLFSSL_MSG("Bad function arguments"); 22639 28378 return WOLFSSL_FAILURE; … … 22663 28402 * 1 if success, 0 if error 22664 28403 */ 22665 int wolfSSL_PEM_write_DSA_PUBKEY(FILE *fp, WOLFSSL_DSA *x) 28404 #ifndef NO_WOLFSSL_STUB 28405 int wolfSSL_PEM_write_DSA_PUBKEY(XFILE fp, WOLFSSL_DSA *x) 22666 28406 { 22667 28407 (void)fp; 22668 28408 (void)x; 22669 28409 WOLFSSL_STUB("PEM_write_DSA_PUBKEY"); 22670 28410 WOLFSSL_MSG("wolfSSL_PEM_write_DSA_PUBKEY not implemented"); 22671 28411 22672 28412 return WOLFSSL_FAILURE; 22673 } 28413 } 28414 #endif 22674 28415 #endif /* NO_FILESYSTEM */ 22675 28416 22676 28417 #endif /* #ifndef NO_DSA */ 22677 28418 28419 static int pem_read_bio_key(WOLFSSL_BIO* bio, pem_password_cb* cb, void* pass, 28420 int keyType, int* eccFlag, DerBuffer** der) 28421 { 28422 #ifdef WOLFSSL_SMALL_STACK 28423 EncryptedInfo* info = NULL; 28424 #else 28425 EncryptedInfo info[1]; 28426 #endif /* WOLFSSL_SMALL_STACK */ 28427 pem_password_cb* localCb = cb; 28428 28429 char* mem = NULL; 28430 int memSz; 28431 int ret; 28432 28433 if ((ret = wolfSSL_BIO_pending(bio)) > 0) { 28434 memSz = ret; 28435 mem = (char*)XMALLOC(memSz, bio->heap, DYNAMIC_TYPE_OPENSSL); 28436 if (mem == NULL) { 28437 WOLFSSL_MSG("Memory error"); 28438 ret = MEMORY_E; 28439 } 28440 if (ret >= 0) { 28441 if ((ret = wolfSSL_BIO_read(bio, mem, memSz)) <= 0) { 28442 XFREE(mem, bio->heap, DYNAMIC_TYPE_OPENSSL); 28443 ret = MEMORY_E; 28444 } 28445 } 28446 } 28447 else if (bio->type == WOLFSSL_BIO_FILE) { 28448 int sz = 100; /* read from file by 100 byte chuncks */ 28449 int idx = 0; 28450 char* tmp = (char*)XMALLOC(sz, bio->heap, DYNAMIC_TYPE_OPENSSL); 28451 28452 memSz = 0; 28453 if (tmp == NULL) { 28454 WOLFSSL_MSG("Memory error"); 28455 ret = MEMORY_E; 28456 } 28457 28458 while (ret >= 0 && (sz = wolfSSL_BIO_read(bio, tmp, sz)) > 0) { 28459 if (memSz + sz < 0) { 28460 /* sanity check */ 28461 break; 28462 } 28463 mem = (char*)XREALLOC(mem, memSz + sz, bio->heap, 28464 DYNAMIC_TYPE_OPENSSL); 28465 if (mem == NULL) { 28466 WOLFSSL_MSG("Memory error"); 28467 XFREE(tmp, bio->heap, DYNAMIC_TYPE_OPENSSL); 28468 tmp = NULL; 28469 ret = MEMORY_E; 28470 break; 28471 } 28472 XMEMCPY(mem + idx, tmp, sz); 28473 memSz += sz; 28474 idx += sz; 28475 sz = 100; /* read another 100 byte chunck from file */ 28476 } 28477 XFREE(tmp, bio->heap, DYNAMIC_TYPE_OPENSSL); 28478 if (memSz <= 0) { 28479 WOLFSSL_MSG("No data to read from bio"); 28480 if (mem != NULL) { 28481 XFREE(mem, bio->heap, DYNAMIC_TYPE_OPENSSL); 28482 mem = NULL; 28483 } 28484 ret = BUFFER_E; 28485 } 28486 } 28487 else { 28488 WOLFSSL_MSG("No data to read from bio"); 28489 ret = NOT_COMPILED_IN; 28490 } 28491 28492 #ifdef WOLFSSL_SMALL_STACK 28493 if (ret >= 0) { 28494 info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), NULL, 28495 DYNAMIC_TYPE_TMP_BUFFER); 28496 if (info == NULL) { 28497 WOLFSSL_MSG("Error getting memory for EncryptedInfo structure"); 28498 XFREE(mem, bio->heap, DYNAMIC_TYPE_OPENSSL); 28499 mem = NULL; 28500 ret = MEMORY_E; 28501 } 28502 } 28503 #endif 28504 28505 if (ret >= 0) { 28506 XMEMSET(info, 0, sizeof(EncryptedInfo)); 28507 info->passwd_cb = localCb; 28508 info->passwd_userdata = pass; 28509 ret = PemToDer((const unsigned char*)mem, memSz, keyType, der, 28510 NULL, info, eccFlag); 28511 28512 if (ret < 0) { 28513 WOLFSSL_MSG("Bad Pem To Der"); 28514 } 28515 else { 28516 /* write left over data back to bio */ 28517 if ((memSz - (int)info->consumed) > 0 && 28518 bio->type != WOLFSSL_BIO_FILE) { 28519 if (wolfSSL_BIO_write(bio, mem + (int)info->consumed, 28520 memSz - (int)info->consumed) <= 0) { 28521 WOLFSSL_MSG("Unable to advance bio read pointer"); 28522 } 28523 } 28524 } 28525 } 28526 28527 #ifdef WOLFSSL_SMALL_STACK 28528 XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER); 28529 #endif 28530 XFREE(mem, bio->heap, DYNAMIC_TYPE_OPENSSL); 28531 28532 return ret; 28533 } 28534 22678 28535 WOLFSSL_EVP_PKEY* wolfSSL_PEM_read_bio_PrivateKey(WOLFSSL_BIO* bio, 22679 WOLFSSL_EVP_PKEY** key, pem_password_cb* cb, void* arg) 22680 { 22681 (void)bio; 22682 (void)key; 22683 (void)cb; 22684 (void)arg; 22685 22686 WOLFSSL_MSG("wolfSSL_PEM_read_bio_PrivateKey not implemented"); 22687 22688 return NULL; 22689 } 22690 22691 28536 WOLFSSL_EVP_PKEY** key, 28537 pem_password_cb* cb, 28538 void* pass) 28539 { 28540 WOLFSSL_EVP_PKEY* pkey = NULL; 28541 DerBuffer* der = NULL; 28542 int eccFlag = 0; 28543 28544 WOLFSSL_ENTER("wolfSSL_PEM_read_bio_PrivateKey"); 28545 28546 if (bio == NULL) 28547 return pkey; 28548 28549 if (pem_read_bio_key(bio, cb, pass, PRIVATEKEY_TYPE, &eccFlag, &der) >= 0) { 28550 int type; 28551 const unsigned char* ptr = der->buffer; 28552 28553 if (eccFlag) 28554 type = EVP_PKEY_EC; 28555 else 28556 type = EVP_PKEY_RSA; 28557 28558 /* handle case where reuse is attempted */ 28559 if (key != NULL && *key != NULL) 28560 pkey = *key; 28561 28562 wolfSSL_d2i_PrivateKey(type, &pkey, &ptr, der->length); 28563 if (pkey == NULL) { 28564 WOLFSSL_MSG("Error loading DER buffer into WOLFSSL_EVP_PKEY"); 28565 } 28566 } 28567 28568 FreeDer(&der); 28569 28570 if (key != NULL && pkey != NULL) 28571 *key = pkey; 28572 28573 WOLFSSL_LEAVE("wolfSSL_PEM_read_bio_PrivateKey", 0); 28574 28575 return pkey; 28576 } 28577 28578 WOLFSSL_EVP_PKEY *wolfSSL_PEM_read_bio_PUBKEY(WOLFSSL_BIO* bio, 28579 WOLFSSL_EVP_PKEY **key, 28580 pem_password_cb *cb, void *pass) 28581 { 28582 WOLFSSL_EVP_PKEY* pkey = NULL; 28583 DerBuffer* der = NULL; 28584 int eccFlag = 0; 28585 28586 WOLFSSL_ENTER("wolfSSL_PEM_read_bio_PUBKEY"); 28587 28588 if (bio == NULL) 28589 return pkey; 28590 28591 if (pem_read_bio_key(bio, cb, pass, PUBLICKEY_TYPE, &eccFlag, &der) >= 0) { 28592 unsigned char* ptr = der->buffer; 28593 28594 /* handle case where reuse is attempted */ 28595 if (key != NULL && *key != NULL) 28596 pkey = *key; 28597 28598 wolfSSL_d2i_PUBKEY(&pkey, &ptr, der->length); 28599 if (pkey == NULL) { 28600 WOLFSSL_MSG("Error loading DER buffer into WOLFSSL_EVP_PKEY"); 28601 } 28602 } 28603 28604 FreeDer(&der); 28605 28606 if (key != NULL && pkey != NULL) 28607 *key = pkey; 28608 28609 WOLFSSL_LEAVE("wolfSSL_PEM_read_bio_PrivateKey", 0); 28610 28611 return pkey; 28612 } 28613 28614 28615 #ifndef NO_RSA 28616 /* Uses the same format of input as wolfSSL_PEM_read_bio_PrivateKey but expects 28617 * the results to be an RSA key. 28618 * 28619 * bio structure to read RSA private key from 28620 * rsa if not null is then set to the result 28621 * cb password callback for reading PEM 28622 * pass password string 28623 * 28624 * returns a pointer to a new WOLFSSL_RSA structure on success and NULL on fail 28625 */ 28626 WOLFSSL_RSA* wolfSSL_PEM_read_bio_RSAPrivateKey(WOLFSSL_BIO* bio, 28627 WOLFSSL_RSA** rsa, pem_password_cb* cb, void* pass) 28628 { 28629 WOLFSSL_EVP_PKEY* pkey; 28630 WOLFSSL_RSA* local; 28631 28632 pkey = wolfSSL_PEM_read_bio_PrivateKey(bio, NULL, cb, pass); 28633 if (pkey == NULL) { 28634 return NULL; 28635 } 28636 28637 /* Since the WOLFSSL_RSA structure is being taken from WOLFSSL_EVP_PEKY the 28638 * flag indicating that the WOLFSSL_RSA structure is owned should be FALSE 28639 * to avoid having it free'd */ 28640 pkey->ownRsa = 0; 28641 local = pkey->rsa; 28642 if (rsa != NULL) { 28643 *rsa = local; 28644 } 28645 28646 wolfSSL_EVP_PKEY_free(pkey); 28647 return local; 28648 } 28649 #endif /* !NO_RSA */ 28650 28651 28652 /* return of pkey->type which will be EVP_PKEY_RSA for example. 28653 * 28654 * type type of EVP_PKEY 28655 * 28656 * returns type or if type is not found then NID_undef 28657 */ 22692 28658 int wolfSSL_EVP_PKEY_type(int type) 22693 28659 { 22694 (void) type; 22695 WOLFSSL_MSG("wolfSSL_EVP_PKEY_type always returns EVP_PKEY_RSA"); 22696 return EVP_PKEY_RSA; 22697 } 28660 WOLFSSL_MSG("wolfSSL_EVP_PKEY_type"); 28661 28662 switch (type) { 28663 #ifdef OPENSSL_EXTRA 28664 case EVP_PKEY_RSA: 28665 return EVP_PKEY_RSA; 28666 case EVP_PKEY_DSA: 28667 return EVP_PKEY_DSA; 28668 case EVP_PKEY_EC: 28669 return EVP_PKEY_EC; 28670 #endif 28671 default: 28672 return NID_undef; 28673 } 28674 } 28675 28676 28677 int wolfSSL_EVP_PKEY_id(const EVP_PKEY *pkey) 28678 { 28679 if (pkey != NULL) 28680 return pkey->type; 28681 return 0; 28682 } 28683 22698 28684 22699 28685 int wolfSSL_EVP_PKEY_base_id(const EVP_PKEY *pkey) 22700 28686 { 22701 return EVP_PKEY_type(pkey->type); 28687 if (pkey == NULL) 28688 return NID_undef; 28689 return wolfSSL_EVP_PKEY_type(pkey->type); 22702 28690 } 22703 28691 22704 28692 22705 28693 #if !defined(NO_FILESYSTEM) 22706 WOLFSSL_EVP_PKEY *wolfSSL_PEM_read_PUBKEY( FILE *fp, EVP_PKEY **x,28694 WOLFSSL_EVP_PKEY *wolfSSL_PEM_read_PUBKEY(XFILE fp, EVP_PKEY **x, 22707 28695 pem_password_cb *cb, void *u) 22708 28696 { … … 22721 28709 22722 28710 #if !defined(NO_FILESYSTEM) 22723 WOLFSSL_RSA *wolfSSL_PEM_read_RSAPublicKey(FILE *fp, WOLFSSL_RSA **x, 28711 #ifndef NO_WOLFSSL_STUB 28712 WOLFSSL_RSA *wolfSSL_PEM_read_RSAPublicKey(XFILE fp, WOLFSSL_RSA **x, 22724 28713 pem_password_cb *cb, void *u) 22725 28714 { … … 22728 28717 (void)cb; 22729 28718 (void)u; 22730 28719 WOLFSSL_STUB("PEM_read_RSAPublicKey"); 22731 28720 WOLFSSL_MSG("wolfSSL_PEM_read_RSAPublicKey not implemented"); 22732 28721 22733 28722 return NULL; 22734 28723 } 22735 28724 #endif 22736 28725 /* return code compliant with OpenSSL : 22737 28726 * 1 if success, 0 if error 22738 28727 */ 22739 int wolfSSL_PEM_write_RSAPublicKey(FILE *fp, WOLFSSL_RSA *x) 28728 #ifndef NO_WOLFSSL_STUB 28729 int wolfSSL_PEM_write_RSAPublicKey(XFILE fp, WOLFSSL_RSA *x) 22740 28730 { 22741 28731 (void)fp; 22742 28732 (void)x; 22743 28733 WOLFSSL_STUB("PEM_write_RSAPublicKey"); 22744 28734 WOLFSSL_MSG("wolfSSL_PEM_write_RSAPublicKey not implemented"); 22745 28735 22746 28736 return WOLFSSL_FAILURE; 22747 } 28737 } 28738 #endif 22748 28739 22749 28740 /* return code compliant with OpenSSL : 22750 28741 * 1 if success, 0 if error 22751 28742 */ 22752 int wolfSSL_PEM_write_RSA_PUBKEY(FILE *fp, WOLFSSL_RSA *x) 28743 #ifndef NO_WOLFSSL_STUB 28744 int wolfSSL_PEM_write_RSA_PUBKEY(XFILE fp, WOLFSSL_RSA *x) 22753 28745 { 22754 28746 (void)fp; 22755 28747 (void)x; 22756 28748 WOLFSSL_STUB("PEM_write_RSA_PUBKEY"); 22757 28749 WOLFSSL_MSG("wolfSSL_PEM_write_RSA_PUBKEY not implemented"); 22758 28750 22759 28751 return WOLFSSL_FAILURE; 22760 28752 } 28753 #endif 28754 22761 28755 #endif /* NO_FILESYSTEM */ 22762 28756 28757 WOLFSSL_RSA *wolfSSL_d2i_RSAPublicKey(WOLFSSL_RSA **r, const unsigned char **pp, 28758 long len) 28759 { 28760 WOLFSSL_RSA *rsa = NULL; 28761 28762 WOLFSSL_ENTER("d2i_RSAPublicKey"); 28763 28764 if (pp == NULL) { 28765 WOLFSSL_MSG("Bad argument"); 28766 return NULL; 28767 } 28768 if ((rsa = wolfSSL_RSA_new()) == NULL) { 28769 WOLFSSL_MSG("RSA_new failed"); 28770 return NULL; 28771 } 28772 28773 if (wolfSSL_RSA_LoadDer_ex(rsa, *pp, (int)len, WOLFSSL_RSA_LOAD_PUBLIC) 28774 != WOLFSSL_SUCCESS) { 28775 WOLFSSL_MSG("RSA_LoadDer failed"); 28776 wolfSSL_RSA_free(rsa); 28777 rsa = NULL; 28778 } 28779 if (r != NULL) 28780 *r = rsa; 28781 28782 return rsa; 28783 } 28784 28785 /* Converts an RSA private key from DER format to an RSA structure. 28786 Returns pointer to the RSA structure on success and NULL if error. */ 28787 WOLFSSL_RSA *wolfSSL_d2i_RSAPrivateKey(WOLFSSL_RSA **r, 28788 const unsigned char **derBuf, long derSz) 28789 { 28790 WOLFSSL_RSA *rsa = NULL; 28791 28792 WOLFSSL_ENTER("wolfSSL_d2i_RSAPrivateKey"); 28793 28794 /* check for bad functions arguments */ 28795 if (derBuf == NULL) { 28796 WOLFSSL_MSG("Bad argument"); 28797 return NULL; 28798 } 28799 if ((rsa = wolfSSL_RSA_new()) == NULL) { 28800 WOLFSSL_MSG("RSA_new failed"); 28801 return NULL; 28802 } 28803 28804 if (wolfSSL_RSA_LoadDer_ex(rsa, *derBuf, (int)derSz, 28805 WOLFSSL_RSA_LOAD_PRIVATE) != WOLFSSL_SUCCESS) { 28806 WOLFSSL_MSG("RSA_LoadDer failed"); 28807 wolfSSL_RSA_free(rsa); 28808 rsa = NULL; 28809 } 28810 if (r != NULL) 28811 *r = rsa; 28812 28813 return rsa; 28814 } 28815 28816 #if !defined(HAVE_FAST_RSA) 28817 /* Converts an internal RSA structure to DER format. 28818 Returns size of DER on success and WOLFSSL_FAILURE if error */ 28819 int wolfSSL_i2d_RSAPrivateKey(WOLFSSL_RSA *rsa, unsigned char **pp) 28820 { 28821 #if defined(WOLFSSL_KEY_GEN) 28822 byte* der = NULL; 28823 int derMax; 28824 int ret; 28825 int i; 28826 28827 WOLFSSL_ENTER("wolfSSL_i2d_RSAPrivateKey"); 28828 28829 /* check for bad functions arguments */ 28830 if ((rsa == NULL) || (pp == NULL)) { 28831 WOLFSSL_MSG("Bad Function Arguments"); 28832 return BAD_FUNC_ARG; 28833 } 28834 28835 if (rsa->inSet == 0) { 28836 if ((ret = SetRsaInternal(rsa)) != WOLFSSL_SUCCESS) { 28837 WOLFSSL_MSG("SetRsaInternal() Failed"); 28838 return ret; 28839 } 28840 } 28841 28842 /* 5 > size of n, d, p, q, d%(p-1), d(q-1), 1/q%p, e + ASN.1 additional 28843 * informations 28844 */ 28845 derMax = 5 * wolfSSL_RSA_size(rsa) + AES_BLOCK_SIZE; 28846 28847 der = (byte*)XMALLOC(derMax, NULL, DYNAMIC_TYPE_TMP_BUFFER); 28848 if (der == NULL) { 28849 WOLFSSL_MSG("Malloc failed"); 28850 return WOLFSSL_FAILURE; 28851 } 28852 28853 /* RSA key to DER */ 28854 if ((ret = wc_RsaKeyToDer((RsaKey *)rsa->internal, der, derMax)) < 0) { 28855 WOLFSSL_MSG("wc_RsaKeyToDer() failed"); 28856 XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); 28857 der = NULL; 28858 return ret; 28859 } 28860 28861 /* ret is the size of the DER buffer */ 28862 for (i = 0; i < ret; i++) { 28863 *(*pp + i) = *(der + i); 28864 } 28865 *pp += ret; 28866 28867 XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); 28868 return ret; /* returns size of DER if successful */ 28869 #else 28870 (void)rsa; 28871 (void)pp; 28872 WOLFSSL_MSG("Error, WOLFSSL_KEY_GEN not defined"); 28873 return WOLFSSL_FAILURE; 28874 #endif /* WOLFSSL_KEY_GEN */ 28875 } 28876 28877 28878 int wolfSSL_i2d_RSAPublicKey(WOLFSSL_RSA *rsa, const unsigned char **pp) 28879 { 28880 byte *der; 28881 int derLen; 28882 int ret; 28883 28884 WOLFSSL_ENTER("i2d_RSAPublicKey"); 28885 if (rsa == NULL) 28886 return WOLFSSL_FATAL_ERROR; 28887 28888 if (rsa->inSet == 0) { 28889 if ((ret = SetRsaInternal(rsa)) != WOLFSSL_SUCCESS) { 28890 WOLFSSL_MSG("SetRsaInternal Failed"); 28891 return ret; 28892 } 28893 } 28894 if ((derLen = RsaPublicKeyDerSize((RsaKey *)rsa->internal, 1)) < 0) 28895 return WOLFSSL_FATAL_ERROR; 28896 der = (byte*)XMALLOC(derLen, NULL, DYNAMIC_TYPE_TMP_BUFFER); 28897 if (der == NULL) { 28898 return WOLFSSL_FATAL_ERROR; 28899 } 28900 if ((ret = wc_RsaKeyToPublicDer((RsaKey *)rsa->internal, der, derLen)) < 0){ 28901 WOLFSSL_MSG("RsaKeyToPublicDer failed"); 28902 if(der != NULL) 28903 XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); 28904 return ret; 28905 } 28906 if ((pp != NULL) && (ret >= 0)) 28907 *pp = der; 28908 else 28909 XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); 28910 28911 return ret; 28912 } 28913 #endif /* #if !defined(HAVE_FAST_RSA) */ 28914 28915 #endif /* !NO_RSA */ 28916 #endif /* OPENSSL_EXTRA */ 28917 28918 #if !defined(NO_RSA) && (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) 22763 28919 /* return WOLFSSL_SUCCESS if success, WOLFSSL_FATAL_ERROR if error */ 22764 28920 int wolfSSL_RSA_LoadDer(WOLFSSL_RSA* rsa, const unsigned char* derBuf, int derSz) 22765 28921 { 28922 return wolfSSL_RSA_LoadDer_ex(rsa, derBuf, derSz, WOLFSSL_RSA_LOAD_PRIVATE); 28923 } 28924 28925 28926 int wolfSSL_RSA_LoadDer_ex(WOLFSSL_RSA* rsa, const unsigned char* derBuf, 28927 int derSz, int opt) 28928 { 28929 22766 28930 word32 idx = 0; 22767 28931 int ret; … … 22774 28938 } 22775 28939 22776 ret = wc_RsaPrivateKeyDecode(derBuf, &idx, (RsaKey*)rsa->internal, derSz); 28940 if (opt == WOLFSSL_RSA_LOAD_PRIVATE) { 28941 ret = wc_RsaPrivateKeyDecode(derBuf, &idx, (RsaKey*)rsa->internal, derSz); 28942 } 28943 else { 28944 ret = wc_RsaPublicKeyDecode(derBuf, &idx, (RsaKey*)rsa->internal, derSz); 28945 } 28946 22777 28947 if (ret < 0) { 22778 WOLFSSL_MSG("RsaPrivateKeyDecode failed"); 22779 return WOLFSSL_FATAL_ERROR; 28948 if (opt == WOLFSSL_RSA_LOAD_PRIVATE) { 28949 WOLFSSL_MSG("RsaPrivateKeyDecode failed"); 28950 } 28951 else { 28952 WOLFSSL_MSG("RsaPublicKeyDecode failed"); 28953 } 28954 return SSL_FATAL_ERROR; 22780 28955 } 22781 28956 … … 22791 28966 #endif /* NO_RSA */ 22792 28967 22793 28968 #ifdef OPENSSL_EXTRA 22794 28969 #ifndef NO_DSA 22795 28970 /* return WOLFSSL_SUCCESS if success, WOLFSSL_FATAL_ERROR if error */ … … 22810 28985 WOLFSSL_MSG("DsaPrivateKeyDecode failed"); 22811 28986 return WOLFSSL_FATAL_ERROR; 22812 28987 } 22813 28988 22814 28989 if (SetDsaExternal(dsa) != WOLFSSL_SUCCESS) { … … 22825 29000 #ifdef HAVE_ECC 22826 29001 /* return WOLFSSL_SUCCESS if success, WOLFSSL_FATAL_ERROR if error */ 22827 int wolfSSL_EC_KEY_LoadDer(WOLFSSL_EC_KEY* key, 22828 const unsigned char* derBuf, int derSz) 29002 int wolfSSL_EC_KEY_LoadDer(WOLFSSL_EC_KEY* key, const unsigned char* derBuf, 29003 int derSz) 29004 { 29005 return wolfSSL_EC_KEY_LoadDer_ex(key, derBuf, derSz, 29006 WOLFSSL_EC_KEY_LOAD_PRIVATE); 29007 } 29008 29009 int wolfSSL_EC_KEY_LoadDer_ex(WOLFSSL_EC_KEY* key, const unsigned char* derBuf, 29010 int derSz, int opt) 22829 29011 { 22830 29012 word32 idx = 0; … … 22838 29020 } 22839 29021 22840 ret = wc_EccPrivateKeyDecode(derBuf, &idx, (ecc_key*)key->internal, derSz); 29022 if (opt == WOLFSSL_EC_KEY_LOAD_PRIVATE) { 29023 ret = wc_EccPrivateKeyDecode(derBuf, &idx, (ecc_key*)key->internal, 29024 derSz); 29025 } 29026 else { 29027 ret = wc_EccPublicKeyDecode(derBuf, &idx, (ecc_key*)key->internal, 29028 derSz); 29029 } 22841 29030 if (ret < 0) { 22842 WOLFSSL_MSG("wc_EccPrivateKeyDecode failed"); 29031 if (opt == WOLFSSL_RSA_LOAD_PRIVATE) { 29032 WOLFSSL_MSG("wc_EccPrivateKeyDecode failed"); 29033 } 29034 else { 29035 WOLFSSL_MSG("wc_EccPublicKeyDecode failed"); 29036 } 22843 29037 return WOLFSSL_FATAL_ERROR; 22844 29038 } … … 22847 29041 WOLFSSL_MSG("SetECKeyExternal failed"); 22848 29042 return WOLFSSL_FATAL_ERROR; 22849 29043 } 22850 29044 22851 29045 key->inSet = 1; … … 22854 29048 } 22855 29049 #endif /* HAVE_ECC */ 29050 22856 29051 22857 29052 #endif /* OPENSSL_EXTRA */ … … 22892 29087 22893 29088 return 0; 22894 }29089 } 22895 29090 22896 29091 … … 22903 29098 22904 29099 return 0; 22905 }29100 } 22906 29101 22907 29102 … … 22941 29136 WOLFSSL_ENTER("wolfSSL_get_chain_X509"); 22942 29137 if (chain != NULL) { 22943 29138 #ifdef WOLFSSL_SMALL_STACK 22944 29139 cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL, 22945 29140 DYNAMIC_TYPE_DCERT); 22946 29141 if (cert != NULL) 22947 29142 #endif 22948 29143 { 22949 29144 InitDecodedCert(cert, chain->certs[idx].buffer, … … 22953 29148 WOLFSSL_MSG("Failed to parse cert"); 22954 29149 } 22955 29150 else { 22956 29151 x509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), NULL, 22957 29152 DYNAMIC_TYPE_X509); 22958 29153 if (x509 == NULL) { 22959 29154 WOLFSSL_MSG("Failed alloc X509"); 22960 29155 } 22961 29156 else { 22962 29157 InitX509(x509, 1, NULL); … … 22964 29159 if ((ret = CopyDecodedToX509(x509, cert)) != 0) { 22965 29160 WOLFSSL_MSG("Failed to copy decoded"); 22966 XFREE(x509, NULL, DYNAMIC_TYPE_X509);29161 wolfSSL_X509_free(x509); 22967 29162 x509 = NULL; 22968 22969 22970 29163 } 29164 } 29165 } 22971 29166 22972 29167 FreeDecodedCert(cert); 22973 29168 #ifdef WOLFSSL_SMALL_STACK 22974 29169 XFREE(cert, NULL, DYNAMIC_TYPE_DCERT); 22975 22976 29170 #endif 29171 } 22977 29172 } 22978 29173 (void)ret; … … 22988 29183 unsigned char* buf, int inLen, int* outLen) 22989 29184 { 22990 const char header[] = "-----BEGIN CERTIFICATE-----\n"; 22991 const char footer[] = "-----END CERTIFICATE-----\n";22992 22993 int headerLen = sizeof(header) - 1;22994 int footerLen = sizeof(footer) - 1;29185 #if defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM) 29186 const char* header = NULL; 29187 const char* footer = NULL; 29188 int headerLen; 29189 int footerLen; 22995 29190 int i; 22996 29191 int err; … … 23000 29195 if (!chain || !outLen || idx < 0 || idx >= wolfSSL_get_chain_count(chain)) 23001 29196 return BAD_FUNC_ARG; 29197 29198 err = wc_PemGetHeaderFooter(CERT_TYPE, &header, &footer); 29199 if (err != 0) 29200 return err; 29201 29202 headerLen = (int)XSTRLEN(header); 29203 footerLen = (int)XSTRLEN(footer); 23002 29204 23003 29205 /* Null output buffer return size needed in outLen */ … … 23005 29207 if(Base64_Encode(chain->certs[idx].buffer, chain->certs[idx].length, 23006 29208 NULL, &szNeeded) != LENGTH_ONLY_E) 23007 29209 return WOLFSSL_FAILURE; 23008 29210 *outLen = szNeeded + headerLen + footerLen; 23009 29211 return LENGTH_ONLY_E; … … 23035 29237 23036 29238 return WOLFSSL_SUCCESS; 29239 #else 29240 (void)chain; 29241 (void)idx; 29242 (void)buf; 29243 (void)inLen; 29244 (void)outLen; 29245 return WOLFSSL_FAILURE; 29246 #endif /* WOLFSSL_PEM_TO_DER || WOLFSSL_DER_TO_PEM */ 23037 29247 } 23038 29248 … … 23046 29256 23047 29257 return NULL; 23048 }29258 } 23049 29259 23050 29260 … … 23057 29267 ssl->fuzzerCb = cbf; 23058 29268 ssl->fuzzerCtx = fCtx; 23059 }23060 }29269 } 29270 } 23061 29271 #endif 23062 29272 … … 23065 29275 23066 29276 #ifdef HAVE_ECC 29277 void wolfSSL_CTX_SetEccKeyGenCb(WOLFSSL_CTX* ctx, CallbackEccKeyGen cb) 29278 { 29279 if (ctx) 29280 ctx->EccKeyGenCb = cb; 29281 } 29282 void wolfSSL_SetEccKeyGenCtx(WOLFSSL* ssl, void *ctx) 29283 { 29284 if (ssl) 29285 ssl->EccKeyGenCtx = ctx; 29286 } 29287 void* wolfSSL_GetEccKeyGenCtx(WOLFSSL* ssl) 29288 { 29289 if (ssl) 29290 return ssl->EccKeyGenCtx; 29291 29292 return NULL; 29293 } 23067 29294 23068 29295 void wolfSSL_CTX_SetEccSignCb(WOLFSSL_CTX* ctx, CallbackEccSign cb) … … 23070 29297 if (ctx) 23071 29298 ctx->EccSignCb = cb; 23072 } 23073 23074 29299 } 23075 29300 void wolfSSL_SetEccSignCtx(WOLFSSL* ssl, void *ctx) 23076 29301 { 23077 29302 if (ssl) 23078 29303 ssl->EccSignCtx = ctx; 23079 } 23080 23081 29304 } 23082 29305 void* wolfSSL_GetEccSignCtx(WOLFSSL* ssl) 23083 29306 { … … 23086 29309 23087 29310 return NULL; 23088 } 23089 29311 } 23090 29312 23091 29313 void wolfSSL_CTX_SetEccVerifyCb(WOLFSSL_CTX* ctx, CallbackEccVerify cb) … … 23093 29315 if (ctx) 23094 29316 ctx->EccVerifyCb = cb; 23095 } 23096 23097 29317 } 23098 29318 void wolfSSL_SetEccVerifyCtx(WOLFSSL* ssl, void *ctx) 23099 29319 { 23100 29320 if (ssl) 23101 29321 ssl->EccVerifyCtx = ctx; 23102 } 23103 23104 29322 } 23105 29323 void* wolfSSL_GetEccVerifyCtx(WOLFSSL* ssl) 23106 29324 { … … 23115 29333 if (ctx) 23116 29334 ctx->EccSharedSecretCb = cb; 23117 } 23118 29335 } 23119 29336 void wolfSSL_SetEccSharedSecretCtx(WOLFSSL* ssl, void *ctx) 23120 29337 { 23121 29338 if (ssl) 23122 29339 ssl->EccSharedSecretCtx = ctx; 23123 } 23124 23125 29340 } 23126 29341 void* wolfSSL_GetEccSharedSecretCtx(WOLFSSL* ssl) 23127 29342 { … … 23130 29345 23131 29346 return NULL; 23132 }29347 } 23133 29348 #endif /* HAVE_ECC */ 23134 29349 … … 23139 29354 ctx->Ed25519SignCb = cb; 23140 29355 } 23141 23142 23143 29356 void wolfSSL_SetEd25519SignCtx(WOLFSSL* ssl, void *ctx) 23144 29357 { … … 23146 29359 ssl->Ed25519SignCtx = ctx; 23147 29360 } 23148 23149 23150 29361 void* wolfSSL_GetEd25519SignCtx(WOLFSSL* ssl) 23151 29362 { … … 23154 29365 23155 29366 return NULL; 23156 } 23157 29367 } 23158 29368 23159 29369 void wolfSSL_CTX_SetEd25519VerifyCb(WOLFSSL_CTX* ctx, CallbackEd25519Verify cb) … … 23161 29371 if (ctx) 23162 29372 ctx->Ed25519VerifyCb = cb; 23163 } 23164 23165 29373 } 23166 29374 void wolfSSL_SetEd25519VerifyCtx(WOLFSSL* ssl, void *ctx) 23167 29375 { 23168 29376 if (ssl) 23169 29377 ssl->Ed25519VerifyCtx = ctx; 23170 } 23171 23172 29378 } 23173 29379 void* wolfSSL_GetEd25519VerifyCtx(WOLFSSL* ssl) 23174 29380 { … … 23177 29383 23178 29384 return NULL; 23179 }23180 #endif 29385 } 29386 #endif /* HAVE_ED25519 */ 23181 29387 23182 29388 #ifdef HAVE_CURVE25519 29389 void wolfSSL_CTX_SetX25519KeyGenCb(WOLFSSL_CTX* ctx, 29390 CallbackX25519KeyGen cb) 29391 { 29392 if (ctx) 29393 ctx->X25519KeyGenCb = cb; 29394 } 29395 void wolfSSL_SetX25519KeyGenCtx(WOLFSSL* ssl, void *ctx) 29396 { 29397 if (ssl) 29398 ssl->X25519KeyGenCtx = ctx; 29399 } 29400 void* wolfSSL_GetX25519KeyGenCtx(WOLFSSL* ssl) 29401 { 29402 if (ssl) 29403 return ssl->X25519KeyGenCtx; 29404 29405 return NULL; 29406 } 29407 23183 29408 void wolfSSL_CTX_SetX25519SharedSecretCb(WOLFSSL_CTX* ctx, 23184 29409 CallbackX25519SharedSecret cb) … … 23187 29412 ctx->X25519SharedSecretCb = cb; 23188 29413 } 23189 23190 29414 void wolfSSL_SetX25519SharedSecretCtx(WOLFSSL* ssl, void *ctx) 23191 29415 { … … 23193 29417 ssl->X25519SharedSecretCtx = ctx; 23194 29418 } 23195 23196 23197 29419 void* wolfSSL_GetX25519SharedSecretCtx(WOLFSSL* ssl) 23198 29420 { … … 23201 29423 23202 29424 return NULL; 23203 }23204 #endif 29425 } 29426 #endif /* HAVE_CURVE25519 */ 23205 29427 23206 29428 #ifndef NO_RSA 23207 23208 29429 void wolfSSL_CTX_SetRsaSignCb(WOLFSSL_CTX* ctx, CallbackRsaSign cb) 23209 29430 { … … 23211 29432 ctx->RsaSignCb = cb; 23212 29433 } 23213 23214 29434 void wolfSSL_CTX_SetRsaSignCheckCb(WOLFSSL_CTX* ctx, CallbackRsaVerify cb) 29435 { 29436 if (ctx) 29437 ctx->RsaSignCheckCb = cb; 29438 } 23215 29439 void wolfSSL_SetRsaSignCtx(WOLFSSL* ssl, void *ctx) 23216 29440 { 23217 29441 if (ssl) 23218 29442 ssl->RsaSignCtx = ctx; 23219 } 23220 23221 29443 } 23222 29444 void* wolfSSL_GetRsaSignCtx(WOLFSSL* ssl) 23223 29445 { … … 23226 29448 23227 29449 return NULL; 23228 }29450 } 23229 29451 23230 29452 … … 23234 29456 ctx->RsaVerifyCb = cb; 23235 29457 } 23236 23237 23238 29458 void wolfSSL_SetRsaVerifyCtx(WOLFSSL* ssl, void *ctx) 23239 29459 { 23240 29460 if (ssl) 23241 29461 ssl->RsaVerifyCtx = ctx; 23242 } 23243 23244 29462 } 23245 29463 void* wolfSSL_GetRsaVerifyCtx(WOLFSSL* ssl) 23246 29464 { … … 23249 29467 23250 29468 return NULL; 23251 }29469 } 23252 29470 23253 29471 #ifdef WC_RSA_PSS … … 23256 29474 if (ctx) 23257 29475 ctx->RsaPssSignCb = cb; 23258 } 23259 23260 29476 } 29477 void wolfSSL_CTX_SetRsaPssSignCheckCb(WOLFSSL_CTX* ctx, CallbackRsaPssVerify cb) 29478 { 29479 if (ctx) 29480 ctx->RsaPssSignCheckCb = cb; 29481 } 23261 29482 void wolfSSL_SetRsaPssSignCtx(WOLFSSL* ssl, void *ctx) 23262 29483 { 23263 29484 if (ssl) 23264 29485 ssl->RsaPssSignCtx = ctx; 23265 } 23266 23267 29486 } 23268 29487 void* wolfSSL_GetRsaPssSignCtx(WOLFSSL* ssl) 23269 29488 { … … 23274 29493 } 23275 29494 23276 23277 29495 void wolfSSL_CTX_SetRsaPssVerifyCb(WOLFSSL_CTX* ctx, CallbackRsaPssVerify cb) 23278 29496 { 23279 29497 if (ctx) 23280 29498 ctx->RsaPssVerifyCb = cb; 23281 } 23282 23283 29499 } 23284 29500 void wolfSSL_SetRsaPssVerifyCtx(WOLFSSL* ssl, void *ctx) 23285 29501 { 23286 29502 if (ssl) 23287 29503 ssl->RsaPssVerifyCtx = ctx; 23288 } 23289 23290 29504 } 23291 29505 void* wolfSSL_GetRsaPssVerifyCtx(WOLFSSL* ssl) 23292 29506 { … … 23295 29509 23296 29510 return NULL; 23297 }23298 #endif 29511 } 29512 #endif /* WC_RSA_PSS */ 23299 29513 23300 29514 void wolfSSL_CTX_SetRsaEncCb(WOLFSSL_CTX* ctx, CallbackRsaEnc cb) … … 23302 29516 if (ctx) 23303 29517 ctx->RsaEncCb = cb; 23304 } 23305 23306 29518 } 23307 29519 void wolfSSL_SetRsaEncCtx(WOLFSSL* ssl, void *ctx) 23308 29520 { 23309 29521 if (ssl) 23310 29522 ssl->RsaEncCtx = ctx; 23311 } 23312 23313 29523 } 23314 29524 void* wolfSSL_GetRsaEncCtx(WOLFSSL* ssl) 23315 29525 { … … 23318 29528 23319 29529 return NULL; 23320 }29530 } 23321 29531 23322 29532 void wolfSSL_CTX_SetRsaDecCb(WOLFSSL_CTX* ctx, CallbackRsaDec cb) … … 23325 29535 ctx->RsaDecCb = cb; 23326 29536 } 23327 23328 23329 29537 void wolfSSL_SetRsaDecCtx(WOLFSSL* ssl, void *ctx) 23330 29538 { … … 23332 29540 ssl->RsaDecCtx = ctx; 23333 29541 } 23334 23335 23336 29542 void* wolfSSL_GetRsaDecCtx(WOLFSSL* ssl) 23337 29543 { … … 23339 29545 return ssl->RsaDecCtx; 23340 29546 23341 return NULL; 23342 } 23343 23344 29547 return NULL; 29548 } 23345 29549 #endif /* NO_RSA */ 23346 29550 23347 29551 #endif /* HAVE_PK_CALLBACKS */ 23348 29552 #endif /* NO_CERTS */ 29553 29554 #if defined(HAVE_PK_CALLBACKS) && !defined(NO_DH) 29555 void wolfSSL_CTX_SetDhAgreeCb(WOLFSSL_CTX* ctx, CallbackDhAgree cb) 29556 { 29557 if (ctx) 29558 ctx->DhAgreeCb = cb; 29559 } 29560 void wolfSSL_SetDhAgreeCtx(WOLFSSL* ssl, void *ctx) 29561 { 29562 if (ssl) 29563 ssl->DhAgreeCtx = ctx; 29564 } 29565 void* wolfSSL_GetDhAgreeCtx(WOLFSSL* ssl) 29566 { 29567 if (ssl) 29568 return ssl->DhAgreeCtx; 29569 29570 return NULL; 29571 } 29572 #endif /* HAVE_PK_CALLBACKS && !NO_DH */ 23349 29573 23350 29574 … … 23364 29588 23365 29589 #ifndef NO_CERTS 29590 void wolfSSL_X509_NAME_free(WOLFSSL_X509_NAME *name){ 29591 WOLFSSL_ENTER("wolfSSL_X509_NAME_free"); 29592 FreeX509Name(name, NULL); 29593 XFREE(name, NULL, DYNAMIC_TYPE_X509); 29594 } 29595 29596 29597 /* Malloc's a new WOLFSSL_X509_NAME structure 29598 * 29599 * returns NULL on failure, otherwise returns a new structure. 29600 */ 29601 WOLFSSL_X509_NAME* wolfSSL_X509_NAME_new(void) 29602 { 29603 WOLFSSL_X509_NAME* name; 29604 29605 WOLFSSL_ENTER("wolfSSL_X509_NAME_new"); 29606 29607 name = (WOLFSSL_X509_NAME*)XMALLOC(sizeof(WOLFSSL_X509_NAME), NULL, 29608 DYNAMIC_TYPE_X509); 29609 if (name != NULL) { 29610 InitX509Name(name, 1); 29611 } 29612 return name; 29613 } 29614 29615 29616 #if defined(WOLFSSL_CERT_GEN) && !defined(NO_RSA) 29617 /* needed SetName function from asn.c is wrapped by NO_RSA */ 29618 /* helper function for CopyX509NameToCertName() 29619 * 29620 * returns WOLFSSL_SUCCESS on success 29621 */ 29622 static int CopyX509NameEntry(char* out, int mx, char* in, int inLen) 29623 { 29624 if (inLen > mx) { 29625 WOLFSSL_MSG("Name too long"); 29626 XMEMCPY(out, in, mx); 29627 } 29628 else { 29629 XMEMCPY(out, in, inLen); 29630 out[inLen] = '\0'; 29631 } 29632 29633 /* make sure is null terminated */ 29634 out[mx-1] = '\0'; 29635 29636 return WOLFSSL_SUCCESS; 29637 } 29638 29639 29640 /* Helper function to copy cert name from a WOLFSSL_X509_NAME structure to 29641 * a CertName structure. 29642 * 29643 * returns WOLFSSL_SUCCESS on success and a negative error value on failure 29644 */ 29645 static int CopyX509NameToCertName(WOLFSSL_X509_NAME* n, CertName* cName) 29646 { 29647 DecodedName* dn = NULL; 29648 29649 if (n == NULL || cName == NULL) { 29650 return BAD_FUNC_ARG; 29651 } 29652 29653 dn = &(n->fullName); 29654 29655 /* initialize cert name */ 29656 cName->country[0] = '\0'; 29657 cName->countryEnc = CTC_PRINTABLE; 29658 cName->state[0] = '\0'; 29659 cName->stateEnc = CTC_UTF8; 29660 cName->locality[0] = '\0'; 29661 cName->localityEnc = CTC_UTF8; 29662 cName->sur[0] = '\0'; 29663 cName->surEnc = CTC_UTF8; 29664 cName->org[0] = '\0'; 29665 cName->orgEnc = CTC_UTF8; 29666 cName->unit[0] = '\0'; 29667 cName->unitEnc = CTC_UTF8; 29668 cName->commonName[0] = '\0'; 29669 cName->commonNameEnc = CTC_UTF8; 29670 cName->serialDev[0] = '\0'; 29671 cName->serialDevEnc = CTC_PRINTABLE; 29672 #ifdef WOLFSSL_CERT_EXT 29673 cName->busCat[0] = '\0'; 29674 cName->busCatEnc = CTC_UTF8; 29675 cName->serialDev[0] = '\0'; 29676 cName->serialDevEnc = CTC_PRINTABLE; 29677 cName->joiC[0] = '\0'; 29678 cName->joiCEnc = CTC_PRINTABLE; 29679 cName->joiSt[0] = '\0'; 29680 cName->joiStEnc = CTC_PRINTABLE; 29681 #endif 29682 cName->email[0] = '\0'; 29683 29684 29685 /* ASN_COUNTRY_NAME */ 29686 WOLFSSL_MSG("Copy Country Name"); 29687 if (CopyX509NameEntry(cName->country, CTC_NAME_SIZE, dn->fullName + dn->cIdx, 29688 dn->cLen) != SSL_SUCCESS) { 29689 return BUFFER_E; 29690 } 29691 29692 /* ASN_ORGUNIT_NAME */ 29693 WOLFSSL_MSG("Copy Org Unit Name"); 29694 if (CopyX509NameEntry(cName->unit, CTC_NAME_SIZE, dn->fullName + dn->ouIdx, 29695 dn->ouLen) != SSL_SUCCESS) { 29696 return BUFFER_E; 29697 } 29698 29699 /* ASN_ORG_NAME */ 29700 WOLFSSL_MSG("Copy Org Name"); 29701 if (CopyX509NameEntry(cName->org, CTC_NAME_SIZE, dn->fullName + dn->oIdx, 29702 dn->oLen) != SSL_SUCCESS) { 29703 return BUFFER_E; 29704 } 29705 29706 /* ASN_STATE_NAME */ 29707 WOLFSSL_MSG("Copy State Name"); 29708 if (CopyX509NameEntry(cName->state, CTC_NAME_SIZE, dn->fullName + dn->stIdx, 29709 dn->stLen) != SSL_SUCCESS) { 29710 return BUFFER_E; 29711 } 29712 29713 /* ASN_LOCALITY_NAME */ 29714 WOLFSSL_MSG("Copy Locality Name"); 29715 if (CopyX509NameEntry(cName->locality, CTC_NAME_SIZE, 29716 dn->fullName + dn->lIdx, dn->lLen) 29717 != SSL_SUCCESS) { 29718 return BUFFER_E; 29719 } 29720 29721 /* ASN_SUR_NAME */ 29722 WOLFSSL_MSG("Copy Sur Name"); 29723 if (CopyX509NameEntry(cName->sur, CTC_NAME_SIZE, dn->fullName + dn->snIdx, 29724 dn->snLen) != SSL_SUCCESS) { 29725 return BUFFER_E; 29726 } 29727 29728 /* ASN_COMMON_NAME */ 29729 WOLFSSL_MSG("Copy Common Name"); 29730 if (CopyX509NameEntry(cName->commonName, CTC_NAME_SIZE, 29731 dn->fullName + dn->cnIdx, dn->cnLen) 29732 != SSL_SUCCESS) { 29733 return BUFFER_E; 29734 } 29735 29736 /* ASN_SERIAL_NUMBER */ 29737 WOLFSSL_MSG("Copy Serial Number of Device"); 29738 if (CopyX509NameEntry(cName->serialDev, CTC_NAME_SIZE, 29739 dn->fullName + dn->serialIdx, dn->serialLen) 29740 != SSL_SUCCESS) { 29741 return BUFFER_E; 29742 } 29743 29744 #ifdef WOLFSSL_CERT_EXT 29745 /* ASN_BUS_CAT */ 29746 WOLFSSL_MSG("Copy Business Category"); 29747 if (CopyX509NameEntry(cName->busCat, CTC_NAME_SIZE, 29748 dn->fullName + dn->bcIdx, dn->bcLen) 29749 != SSL_SUCCESS) { 29750 return BUFFER_E; 29751 } 29752 29753 /* JoI Country */ 29754 WOLFSSL_MSG("Copy Jurisdiction of Incorporation Country"); 29755 if (CopyX509NameEntry(cName->joiC, CTC_NAME_SIZE, 29756 dn->fullName + dn->jcIdx, dn->jcLen) 29757 != SSL_SUCCESS) { 29758 return BUFFER_E; 29759 } 29760 29761 /* JoI State */ 29762 WOLFSSL_MSG("Copy Jurisdiction of Incorporation State"); 29763 if (CopyX509NameEntry(cName->joiSt, CTC_NAME_SIZE, 29764 dn->fullName + dn->jsIdx, dn->jsLen) 29765 != SSL_SUCCESS) { 29766 return BUFFER_E; 29767 } 29768 #endif 29769 29770 WOLFSSL_MSG("Copy Email"); 29771 if (CopyX509NameEntry(cName->email, CTC_NAME_SIZE, 29772 dn->fullName + dn->emailIdx, dn->emailLen) 29773 != SSL_SUCCESS) { 29774 return BUFFER_E; 29775 } 29776 29777 return WOLFSSL_SUCCESS; 29778 } 29779 29780 29781 /* Converts the x509 name structure into DER format. 29782 * 29783 * out pointer to either a pre setup buffer or a pointer to null for 29784 * creating a dynamic buffer. In the case that a pre-existing buffer is 29785 * used out will be incremented the size of the DER buffer on success. 29786 * 29787 * returns the size of the buffer on success, or negative value with failure 29788 */ 29789 int wolfSSL_i2d_X509_NAME(WOLFSSL_X509_NAME* name, unsigned char** out) 29790 { 29791 CertName cName; 29792 unsigned char buf[256]; /* ASN_MAX_NAME */ 29793 int sz; 29794 29795 if (out == NULL || name == NULL) { 29796 return BAD_FUNC_ARG; 29797 } 29798 29799 if (CopyX509NameToCertName(name, &cName) != SSL_SUCCESS) { 29800 WOLFSSL_MSG("Error converting x509 name to internal CertName"); 29801 return SSL_FATAL_ERROR; 29802 } 29803 29804 sz = SetName(buf, sizeof(buf), &cName); 29805 if (sz < 0) { 29806 return sz; 29807 } 29808 29809 /* using buffer passed in */ 29810 if (*out != NULL) { 29811 XMEMCPY(*out, buf, sz); 29812 *out += sz; 29813 } 29814 else { 29815 *out = (unsigned char*)XMALLOC(sz, NULL, DYNAMIC_TYPE_OPENSSL); 29816 if (*out == NULL) { 29817 return MEMORY_E; 29818 } 29819 XMEMCPY(*out, buf, sz); 29820 } 29821 29822 return sz; 29823 } 29824 #endif /* WOLFSSL_CERT_GEN */ 29825 29826 29827 /* Compares the two X509 names. If the size of x is larger then y then a 29828 * positive value is returned if x is smaller a negative value is returned. 29829 * In the case that the sizes are equal a the value of memcmp between the 29830 * two names is returned. 29831 * 29832 * x First name for comparison 29833 * y Second name to compare with x 29834 */ 29835 int wolfSSL_X509_NAME_cmp(const WOLFSSL_X509_NAME* x, 29836 const WOLFSSL_X509_NAME* y) 29837 { 29838 WOLFSSL_STUB("wolfSSL_X509_NAME_cmp"); 29839 29840 if (x == NULL || y == NULL) { 29841 WOLFSSL_MSG("Bad argument passed in"); 29842 return -2; 29843 } 29844 29845 if ((x->sz - y->sz) != 0) { 29846 return x->sz - y->sz; 29847 } 29848 else { 29849 return XMEMCMP(x->name, y->name, x->sz); /* y sz is the same */ 29850 } 29851 } 29852 29853 23366 29854 WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509(WOLFSSL_BIO *bp, WOLFSSL_X509 **x, 23367 29855 pem_password_cb *cb, void *u) 23368 29856 { 23369 29857 WOLFSSL_X509* x509 = NULL; 29858 #if defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM) 23370 29859 unsigned char* pem = NULL; 23371 29860 int pemSz; 23372 29861 long i = 0, l; 29862 const char* footer = NULL; 23373 29863 23374 29864 WOLFSSL_ENTER("wolfSSL_PEM_read_bio_X509"); … … 23377 29867 WOLFSSL_LEAVE("wolfSSL_PEM_read_bio_X509", BAD_FUNC_ARG); 23378 29868 return NULL; 23379 23380 23381 if (bp->type == BIO_MEMORY) {29869 } 29870 29871 if (bp->type == WOLFSSL_BIO_MEMORY) { 23382 29872 l = (long)wolfSSL_BIO_ctrl_pending(bp); 23383 29873 if (l <= 0) { … … 23385 29875 return NULL; 23386 29876 } 23387 23388 else if (bp->type == BIO_FILE) {29877 } 29878 else if (bp->type == WOLFSSL_BIO_FILE) { 23389 29879 #ifndef NO_FILESYSTEM 23390 29880 /* Read in next certificate from file but no more. */ … … 23392 29882 if (i < 0) 23393 29883 return NULL; 23394 XFSEEK(bp->file, 0, SEEK_END); 29884 if (XFSEEK(bp->file, 0, XSEEK_END) != 0) 29885 return NULL; 23395 29886 l = XFTELL(bp->file); 23396 29887 if (l < 0) 23397 29888 return NULL; 23398 XFSEEK(bp->file, i, SEEK_SET); 29889 if (XFSEEK(bp->file, i, SEEK_SET) != 0) 29890 return NULL; 29891 29892 /* check calculated length */ 29893 if (l - i < 0) 29894 return NULL; 29895 29896 l -= i; 23399 29897 #else 23400 29898 WOLFSSL_MSG("Unable to read file with NO_FILESYSTEM defined"); 23401 29899 return NULL; 23402 #endif 23403 29900 #endif /* !NO_FILESYSTEM */ 29901 } 23404 29902 else 23405 29903 return NULL; 23406 29904 23407 /* check calulated length */ 23408 if (l - i < 0) 23409 return NULL; 23410 pem = (unsigned char*)XMALLOC(l - i, 0, DYNAMIC_TYPE_PEM); 29905 pem = (unsigned char*)XMALLOC(l, 0, DYNAMIC_TYPE_PEM); 23411 29906 if (pem == NULL) 23412 29907 return NULL; 23413 29908 23414 29909 i = 0; 29910 if (wc_PemGetHeaderFooter(CERT_TYPE, NULL, &footer) != 0) { 29911 XFREE(pem, 0, DYNAMIC_TYPE_PEM); 29912 return NULL; 29913 } 29914 23415 29915 /* TODO: Inefficient 23416 * reading in one byte at a time until see END_CERT29916 * reading in one byte at a time until see "END CERTIFICATE" 23417 29917 */ 23418 29918 while ((l = wolfSSL_BIO_read(bp, (char *)&pem[i], 1)) == 1) { 23419 29919 i++; 23420 if (i > 26 && XMEMCMP((char *)&pem[i-26], END_CERT, 25) == 0) {29920 if (i > 26 && XMEMCMP((char *)&pem[i-26], footer, 25) == 0) { 23421 29921 if (pem[i-1] == '\r') { 23422 29922 /* found \r , Windows line ending is \r\n so try to read one 23423 * more byte for \n */23424 wolfSSL_BIO_read(bp, (char *)&pem[i++], 1);29923 * more byte for \n, ignoring return value */ 29924 (void)wolfSSL_BIO_read(bp, (char *)&pem[i++], 1); 23425 29925 } 23426 29926 break; 23427 29927 } 23428 23429 #if def WOLFSSL_NGINX29928 } 29929 #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) 23430 29930 if (l == 0) 23431 WOLFSSL_ERROR( SSL_NO_PEM_HEADER);29931 WOLFSSL_ERROR(ASN_NO_PEM_HEADER); 23432 29932 #endif 23433 29933 pemSz = (int)i; … … 23441 29941 XFREE(pem, NULL, DYNAMIC_TYPE_PEM); 23442 29942 29943 #endif /* WOLFSSL_PEM_TO_DER || WOLFSSL_DER_TO_PEM */ 29944 (void)bp; 29945 (void)x; 23443 29946 (void)cb; 23444 29947 (void)u; … … 23447 29950 } 23448 29951 29952 #if defined(HAVE_CRL) && !defined(NO_FILESYSTEM) 29953 static void* wolfSSL_PEM_read_X509_ex(XFILE fp, void **x, 29954 pem_password_cb *cb, void *u, int type) 29955 { 29956 unsigned char* pem = NULL; 29957 int pemSz; 29958 long i = 0, l; 29959 void *newx509; 29960 29961 WOLFSSL_ENTER("wolfSSL_PEM_read_X509"); 29962 29963 if (fp == XBADFILE) { 29964 WOLFSSL_LEAVE("wolfSSL_PEM_read_X509", BAD_FUNC_ARG); 29965 return NULL; 29966 } 29967 /* Read cert from file */ 29968 i = XFTELL(fp); 29969 if (i < 0) { 29970 WOLFSSL_LEAVE("wolfSSL_PEM_read_X509", BAD_FUNC_ARG); 29971 return NULL; 29972 } 29973 29974 if (XFSEEK(fp, 0, XSEEK_END) != 0) 29975 return NULL; 29976 l = XFTELL(fp); 29977 if (l < 0) 29978 return NULL; 29979 if (XFSEEK(fp, i, SEEK_SET) != 0) 29980 return NULL; 29981 pemSz = (int)(l - i); 29982 /* check calculated length */ 29983 if (pemSz < 0) 29984 return NULL; 29985 if((pem = (unsigned char*)XMALLOC(pemSz, 0, DYNAMIC_TYPE_PEM)) == NULL) 29986 return NULL; 29987 29988 if((int)XFREAD((char *)pem, 1, pemSz, fp) != pemSz) 29989 goto err_exit; 29990 29991 switch(type){ 29992 case CERT_TYPE: 29993 newx509 = (void *)wolfSSL_X509_load_certificate_buffer(pem, pemSz, 29994 WOLFSSL_FILETYPE_PEM); 29995 break; 29996 #ifdef HAVE_CRL 29997 case CRL_TYPE: 29998 { 29999 int derSz; 30000 DerBuffer* der = NULL; 30001 if((PemToDer(pem, pemSz, CRL_TYPE, &der, NULL, NULL, NULL)) < 0) 30002 goto err_exit; 30003 derSz = der->length; 30004 if((newx509 = (void *)wolfSSL_d2i_X509_CRL( 30005 (WOLFSSL_X509_CRL **)x, (const unsigned char *)der->buffer, derSz)) == NULL) 30006 goto err_exit; 30007 FreeDer(&der); 30008 break; 30009 } 30010 #endif 30011 30012 default: 30013 goto err_exit; 30014 } 30015 if (x != NULL) { 30016 *x = newx509; 30017 } 30018 XFREE(pem, 0, DYNAMIC_TYPE_PEM); 30019 return newx509; 30020 30021 err_exit: 30022 if(pem != NULL) 30023 XFREE(pem, 0, DYNAMIC_TYPE_PEM); 30024 return NULL; 30025 30026 (void)cb; 30027 (void)u; 30028 30029 } 30030 30031 WOLFSSL_API WOLFSSL_X509* wolfSSL_PEM_read_X509(XFILE fp, WOLFSSL_X509 **x, 30032 pem_password_cb *cb, void *u) 30033 { 30034 return (WOLFSSL_X509* )wolfSSL_PEM_read_X509_ex(fp, (void **)x, cb, u, CERT_TYPE); 30035 } 30036 30037 #if defined(HAVE_CRL) 30038 WOLFSSL_API WOLFSSL_X509_CRL* wolfSSL_PEM_read_X509_CRL(XFILE fp, WOLFSSL_X509_CRL **crl, 30039 pem_password_cb *cb, void *u) 30040 { 30041 return (WOLFSSL_X509_CRL* )wolfSSL_PEM_read_X509_ex(fp, (void **)crl, cb, u, CRL_TYPE); 30042 } 30043 #endif 30044 30045 int wolfSSL_PEM_write_X509(XFILE fp, WOLFSSL_X509* x) 30046 { 30047 int ret; 30048 WOLFSSL_BIO* bio; 30049 30050 if (x == NULL) 30051 return 0; 30052 30053 bio = wolfSSL_BIO_new(wolfSSL_BIO_s_file()); 30054 if (bio == NULL) 30055 return 0; 30056 30057 if (wolfSSL_BIO_set_fp(bio, fp, BIO_NOCLOSE) != WOLFSSL_SUCCESS) { 30058 wolfSSL_BIO_free(bio); 30059 bio = NULL; 30060 } 30061 30062 ret = wolfSSL_PEM_write_bio_X509(bio, x); 30063 30064 if (bio != NULL) 30065 wolfSSL_BIO_free(bio); 30066 30067 return ret; 30068 } 30069 #endif 30070 30071 #define PEM_BEGIN "-----BEGIN " 30072 #define PEM_BEGIN_SZ 11 30073 #define PEM_END "-----END " 30074 #define PEM_END_SZ 9 30075 #define PEM_HDR_FIN "-----" 30076 #define PEM_HDR_FIN_SZ 5 30077 #define PEM_HDR_FIN_EOL "-----\n" 30078 #define PEM_HDR_FIN_EOL_SZ 6 30079 30080 int wolfSSL_PEM_read_bio(WOLFSSL_BIO* bio, char **name, char **header, 30081 unsigned char **data, long *len) 30082 { 30083 int ret = WOLFSSL_SUCCESS; 30084 char pem[256]; 30085 int pemLen; 30086 char* p; 30087 char* nameStr = NULL; 30088 int nameLen = 0; 30089 char* headerStr = NULL; 30090 int headerLen; 30091 int headerFound = 0; 30092 unsigned char* der = NULL; 30093 word32 derLen; 30094 30095 if (bio == NULL || name == NULL || header == NULL || data == NULL || 30096 len == NULL) { 30097 return WOLFSSL_FAILURE; 30098 } 30099 30100 /* Find header line. */ 30101 pem[sizeof(pem) - 1] = '\0'; 30102 while ((pemLen = wolfSSL_BIO_gets(bio, pem, sizeof(pem) - 1)) > 0) { 30103 if (XSTRNCMP(pem, PEM_BEGIN, PEM_BEGIN_SZ) == 0) 30104 break; 30105 } 30106 if (pemLen <= 0) 30107 ret = WOLFSSL_FAILURE; 30108 /* Have a header line. */ 30109 if (ret == WOLFSSL_SUCCESS) { 30110 while (pem[pemLen - 1] == '\r' || pem[pemLen - 1] == '\n') 30111 pemLen--; 30112 pem[pemLen] = '\0'; 30113 if (XSTRNCMP(pem + pemLen - PEM_HDR_FIN_SZ, PEM_HDR_FIN, 30114 PEM_HDR_FIN_SZ) != 0) { 30115 ret = WOLFSSL_FAILURE; 30116 } 30117 } 30118 30119 /* Get out name. */ 30120 if (ret == WOLFSSL_SUCCESS) { 30121 nameLen = pemLen - PEM_BEGIN_SZ - PEM_HDR_FIN_SZ; 30122 nameStr = (char*)XMALLOC(nameLen + 1, NULL, 30123 DYNAMIC_TYPE_TMP_BUFFER); 30124 if (nameStr == NULL) 30125 ret = WOLFSSL_FAILURE; 30126 } 30127 if (ret == WOLFSSL_SUCCESS) { 30128 XSTRNCPY(nameStr, pem + PEM_BEGIN_SZ, nameLen); 30129 nameStr[nameLen] = '\0'; 30130 } 30131 30132 /* Get header of PEM - encryption header. */ 30133 if (ret == WOLFSSL_SUCCESS) { 30134 headerLen = 0; 30135 while ((pemLen = wolfSSL_BIO_gets(bio, pem, sizeof(pem) - 1)) > 0) { 30136 while (pemLen > 0 && (pem[pemLen - 1] == '\r' || 30137 pem[pemLen - 1] == '\n')) { 30138 pemLen--; 30139 } 30140 pem[pemLen++] = '\n'; 30141 pem[pemLen] = '\0'; 30142 30143 /* Header separator is a blank line. */ 30144 if (pem[0] == '\n') { 30145 headerFound = 1; 30146 break; 30147 } 30148 30149 /* Didn't find a blank line - no header. */ 30150 if (XSTRNCMP(pem, PEM_END, PEM_END_SZ) == 0) { 30151 der = (unsigned char*)headerStr; 30152 derLen = headerLen; 30153 /* Empty header - empty string. */ 30154 headerStr = (char*)XMALLOC(1, NULL, 30155 DYNAMIC_TYPE_TMP_BUFFER); 30156 if (headerStr == NULL) 30157 ret = WOLFSSL_FAILURE; 30158 else 30159 headerStr[0] = '\0'; 30160 break; 30161 } 30162 30163 p = (char*)XREALLOC(headerStr, headerLen + pemLen + 1, NULL, 30164 DYNAMIC_TYPE_TMP_BUFFER); 30165 if (p == NULL) { 30166 ret = WOLFSSL_FAILURE; 30167 break; 30168 } 30169 30170 headerStr = p; 30171 XMEMCPY(headerStr + headerLen, pem, pemLen + 1); 30172 headerLen += pemLen; 30173 } 30174 if (pemLen <= 0) 30175 ret = WOLFSSL_FAILURE; 30176 } 30177 30178 /* Get body of PEM - if there was a header */ 30179 if (ret == WOLFSSL_SUCCESS && headerFound) { 30180 derLen = 0; 30181 while ((pemLen = wolfSSL_BIO_gets(bio, pem, sizeof(pem) - 1)) > 0) { 30182 while (pemLen > 0 && (pem[pemLen - 1] == '\r' || 30183 pem[pemLen - 1] == '\n')) { 30184 pemLen--; 30185 } 30186 pem[pemLen++] = '\n'; 30187 pem[pemLen] = '\0'; 30188 30189 if (XSTRNCMP(pem, PEM_END, PEM_END_SZ) == 0) 30190 break; 30191 30192 p = (char*)XREALLOC(der, derLen + pemLen + 1, NULL, 30193 DYNAMIC_TYPE_TMP_BUFFER); 30194 if (p == NULL) { 30195 ret = WOLFSSL_FAILURE; 30196 break; 30197 } 30198 30199 der = (unsigned char*)p; 30200 XMEMCPY(der + derLen, pem, pemLen + 1); 30201 derLen += pemLen; 30202 } 30203 if (pemLen <= 0) 30204 ret = WOLFSSL_FAILURE; 30205 } 30206 30207 /* Check trailer. */ 30208 if (ret == WOLFSSL_SUCCESS) { 30209 if (XSTRNCMP(pem + PEM_END_SZ, nameStr, nameLen) != 0) 30210 ret = WOLFSSL_FAILURE; 30211 } 30212 if (ret == WOLFSSL_SUCCESS) { 30213 if (XSTRNCMP(pem + PEM_END_SZ + nameLen, PEM_HDR_FIN_EOL, 30214 PEM_HDR_FIN_EOL_SZ) != 0) { 30215 ret = WOLFSSL_FAILURE; 30216 } 30217 } 30218 30219 /* Base64 decode body. */ 30220 if (ret == WOLFSSL_SUCCESS) { 30221 if (Base64_Decode(der, derLen, der, &derLen) != 0) 30222 ret = WOLFSSL_FAILURE; 30223 } 30224 30225 if (ret == WOLFSSL_SUCCESS) { 30226 *name = nameStr; 30227 *header = headerStr; 30228 *data = der; 30229 *len = derLen; 30230 nameStr = NULL; 30231 headerStr = NULL; 30232 der = NULL; 30233 } 30234 30235 if (nameStr != NULL) 30236 XFREE(nameStr, NULL, DYNAMIC_TYPE_TMP_BUFFER); 30237 if (headerStr != NULL) 30238 XFREE(headerStr, NULL, DYNAMIC_TYPE_TMP_BUFFER); 30239 if (der != NULL) 30240 XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); 30241 30242 return ret; 30243 } 30244 30245 int wolfSSL_PEM_write_bio(WOLFSSL_BIO* bio, const char *name, 30246 const char *header, const unsigned char *data, 30247 long len) 30248 { 30249 int err = 0; 30250 int outSz = 0; 30251 int nameLen; 30252 int headerLen; 30253 byte* pem = NULL; 30254 word32 pemLen; 30255 word32 derLen = (word32)len; 30256 30257 if (bio == NULL || name == NULL || header == NULL || data == NULL) 30258 return 0; 30259 30260 nameLen = (int)XSTRLEN(name); 30261 headerLen = (int)XSTRLEN(header); 30262 30263 pemLen = (derLen + 2) / 3 * 4; 30264 pemLen += (pemLen + 63) / 64; 30265 30266 pem = (byte*)XMALLOC(pemLen, NULL, DYNAMIC_TYPE_TMP_BUFFER); 30267 err = pem == NULL; 30268 if (!err) 30269 err = Base64_Encode(data, derLen, pem, &pemLen) != 0; 30270 30271 if (!err) { 30272 err = wolfSSL_BIO_write(bio, PEM_BEGIN, PEM_BEGIN_SZ) != 30273 (int)PEM_BEGIN_SZ; 30274 } 30275 if (!err) 30276 err = wolfSSL_BIO_write(bio, name, nameLen) != nameLen; 30277 if (!err) { 30278 err = wolfSSL_BIO_write(bio, PEM_HDR_FIN_EOL, PEM_HDR_FIN_EOL_SZ) != 30279 (int)PEM_HDR_FIN_EOL_SZ; 30280 } 30281 if (!err && headerLen > 0) { 30282 err = wolfSSL_BIO_write(bio, header, headerLen) != headerLen; 30283 /* Blank line after a header and before body. */ 30284 if (!err) 30285 err = wolfSSL_BIO_write(bio, "\n", 1) != 1; 30286 headerLen++; 30287 } 30288 if (!err) 30289 err = wolfSSL_BIO_write(bio, pem, pemLen) != (int)pemLen; 30290 if (!err) 30291 err = wolfSSL_BIO_write(bio, PEM_END, PEM_END_SZ) != 30292 (int)PEM_END_SZ; 30293 if (!err) 30294 err = wolfSSL_BIO_write(bio, name, nameLen) != nameLen; 30295 if (!err) { 30296 err = wolfSSL_BIO_write(bio, PEM_HDR_FIN_EOL, PEM_HDR_FIN_EOL_SZ) != 30297 (int)PEM_HDR_FIN_EOL_SZ; 30298 } 30299 30300 if (!err) { 30301 outSz = PEM_BEGIN_SZ + nameLen + PEM_HDR_FIN_EOL_SZ + headerLen + 30302 pemLen + PEM_END_SZ + nameLen + PEM_HDR_FIN_EOL_SZ; 30303 } 30304 30305 if (pem != NULL) 30306 XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); 30307 30308 return outSz; 30309 } 30310 30311 #if !defined(NO_FILESYSTEM) 30312 int wolfSSL_PEM_read(XFILE fp, char **name, char **header, 30313 unsigned char **data, long *len) 30314 { 30315 int ret; 30316 WOLFSSL_BIO* bio; 30317 30318 if (name == NULL || header == NULL || data == NULL || len == NULL) 30319 return WOLFSSL_FAILURE; 30320 30321 bio = wolfSSL_BIO_new(wolfSSL_BIO_s_file()); 30322 if (bio == NULL) 30323 return 0; 30324 30325 if (wolfSSL_BIO_set_fp(bio, fp, BIO_NOCLOSE) != WOLFSSL_SUCCESS) { 30326 wolfSSL_BIO_free(bio); 30327 bio = NULL; 30328 } 30329 30330 ret = wolfSSL_PEM_read_bio(bio, name, header, data, len); 30331 30332 if (bio != NULL) 30333 wolfSSL_BIO_free(bio); 30334 30335 return ret; 30336 } 30337 30338 int wolfSSL_PEM_write(XFILE fp, const char *name, const char *header, 30339 const unsigned char *data, long len) 30340 { 30341 int ret; 30342 WOLFSSL_BIO* bio; 30343 30344 if (name == NULL || header == NULL || data == NULL) 30345 return 0; 30346 30347 bio = wolfSSL_BIO_new(wolfSSL_BIO_s_file()); 30348 if (bio == NULL) 30349 return 0; 30350 30351 if (wolfSSL_BIO_set_fp(bio, fp, BIO_NOCLOSE) != WOLFSSL_SUCCESS) { 30352 wolfSSL_BIO_free(bio); 30353 bio = NULL; 30354 } 30355 30356 ret = wolfSSL_PEM_write_bio(bio, name, header, data, len); 30357 30358 if (bio != NULL) 30359 wolfSSL_BIO_free(bio); 30360 30361 return ret; 30362 } 30363 #endif 30364 30365 int wolfSSL_PEM_get_EVP_CIPHER_INFO(char* header, EncryptedInfo* cipher) 30366 { 30367 if (header == NULL || cipher == NULL) 30368 return WOLFSSL_FAILURE; 30369 30370 XMEMSET(cipher, 0, sizeof(*cipher)); 30371 30372 if (wc_EncryptedInfoParse(cipher, &header, XSTRLEN(header)) != 0) 30373 return WOLFSSL_FAILURE; 30374 30375 return WOLFSSL_SUCCESS; 30376 } 30377 30378 int wolfSSL_PEM_do_header(EncryptedInfo* cipher, unsigned char* data, 30379 long* len, pem_password_cb* callback, void* ctx) 30380 { 30381 int ret = WOLFSSL_SUCCESS; 30382 char password[NAME_SZ]; 30383 int passwordSz; 30384 30385 if (cipher == NULL || data == NULL || len == NULL || callback == NULL) 30386 return WOLFSSL_FAILURE; 30387 30388 passwordSz = callback(password, sizeof(password), PEM_PASS_READ, ctx); 30389 if (passwordSz < 0) 30390 ret = WOLFSSL_FAILURE; 30391 30392 if (ret == WOLFSSL_SUCCESS) { 30393 if (wc_BufferKeyDecrypt(cipher, data, (word32)*len, (byte*)password, 30394 passwordSz, WC_MD5) != 0) { 30395 ret = WOLFSSL_FAILURE; 30396 } 30397 } 30398 30399 if (passwordSz > 0) 30400 XMEMSET(password, 0, passwordSz); 30401 30402 return ret; 30403 } 23449 30404 23450 30405 /* … … 23454 30409 * u : password 23455 30410 * _AUX is for working with a trusted X509 certificate 23456 30411 */ 23457 30412 WOLFSSL_X509 *wolfSSL_PEM_read_bio_X509_AUX(WOLFSSL_BIO *bp, 23458 30413 WOLFSSL_X509 **x, pem_password_cb *cb, void *u) { … … 23466 30421 return wolfSSL_PEM_read_bio_X509(bp, x, cb, u); 23467 30422 } 30423 30424 void wolfSSL_X509_NAME_ENTRY_free(WOLFSSL_X509_NAME_ENTRY* ne) 30425 { 30426 if (ne != NULL) { 30427 if (ne->value != NULL && ne->value != &(ne->data)) { 30428 wolfSSL_ASN1_STRING_free(ne->value); 30429 } 30430 XFREE(ne, NULL, DYNAMIC_TYPE_NAME_ENTRY); 30431 } 30432 } 30433 30434 30435 WOLFSSL_X509_NAME_ENTRY* wolfSSL_X509_NAME_ENTRY_new(void) 30436 { 30437 WOLFSSL_X509_NAME_ENTRY* ne = NULL; 30438 30439 ne = (WOLFSSL_X509_NAME_ENTRY*)XMALLOC(sizeof(WOLFSSL_X509_NAME_ENTRY), 30440 NULL, DYNAMIC_TYPE_NAME_ENTRY); 30441 if (ne != NULL) { 30442 XMEMSET(ne, 0, sizeof(WOLFSSL_X509_NAME_ENTRY)); 30443 ne->value = &(ne->data); 30444 } 30445 30446 return ne; 30447 } 30448 30449 30450 WOLFSSL_X509_NAME_ENTRY* wolfSSL_X509_NAME_ENTRY_create_by_NID( 30451 WOLFSSL_X509_NAME_ENTRY** out, int nid, int type, 30452 unsigned char* data, int dataSz) 30453 { 30454 WOLFSSL_X509_NAME_ENTRY* ne = NULL; 30455 30456 WOLFSSL_ENTER("wolfSSL_X509_NAME_ENTRY_create_by_NID()"); 30457 30458 ne = wolfSSL_X509_NAME_ENTRY_new(); 30459 if (ne == NULL) { 30460 return NULL; 30461 } 30462 30463 ne->nid = nid; 30464 ne->value = wolfSSL_ASN1_STRING_type_new(type); 30465 wolfSSL_ASN1_STRING_set(ne->value, (const void*)data, dataSz); 30466 ne->set = 1; 30467 30468 if (out != NULL) { 30469 *out = ne; 30470 } 30471 30472 return ne; 30473 } 30474 30475 static int RebuildFullNameAdd(DecodedName* dName, char* data) 30476 { 30477 int totalLen = 0; 30478 int i; 30479 char* fullName; 30480 int idx; 30481 30482 if (dName->cnLen != 0) 30483 totalLen += dName->cnLen + 4; 30484 if (dName->snLen != 0) 30485 totalLen += dName->snLen + 4; 30486 if (dName->cLen != 0) 30487 totalLen += dName->cLen + 3; 30488 if (dName->lLen != 0) 30489 totalLen += dName->lLen + 3; 30490 if (dName->stLen != 0) 30491 totalLen += dName->stLen + 4; 30492 if (dName->oLen != 0) 30493 totalLen += dName->oLen + 3; 30494 if (dName->ouLen != 0) 30495 totalLen += dName->ouLen + 4; 30496 if (dName->emailLen != 0) 30497 totalLen += dName->emailLen + 14; 30498 if (dName->uidLen != 0) 30499 totalLen += dName->uidLen + 5; 30500 if (dName->serialLen != 0) 30501 totalLen += dName->serialLen + 14; 30502 if (dName->dcNum != 0) { 30503 for (i = 0; i < dName->dcNum; i++) 30504 totalLen += dName->dcLen[i] + 4; 30505 } 30506 30507 fullName = (char*)XMALLOC(totalLen + 1, NULL, DYNAMIC_TYPE_X509); 30508 if (fullName == NULL) 30509 return MEMORY_E; 30510 30511 idx = 0; 30512 dName->entryCount = 0; 30513 if (dName->cnLen != 0) { 30514 dName->entryCount++; 30515 XMEMCPY(fullName + idx, WOLFSSL_COMMON_NAME, 4); 30516 idx += 4; 30517 if (dName->cnIdx == -1) 30518 XMEMCPY(fullName + idx, data, dName->cnLen); 30519 else { 30520 XMEMCPY(fullName + idx, dName->fullName + dName->cnIdx, 30521 dName->cnLen); 30522 } 30523 dName->cnIdx = idx; 30524 idx += dName->cnLen; 30525 } 30526 if (dName->snLen != 0) { 30527 dName->entryCount++; 30528 XMEMCPY(fullName + idx, WOLFSSL_SUR_NAME, 4); 30529 idx += 4; 30530 if (dName->snIdx == -1) 30531 XMEMCPY(fullName + idx, data, dName->snLen); 30532 else { 30533 XMEMCPY(fullName + idx, dName->fullName + dName->snIdx, 30534 dName->snLen); 30535 } 30536 dName->snIdx = idx; 30537 idx += dName->snLen; 30538 } 30539 if (dName->cLen != 0) { 30540 dName->entryCount++; 30541 XMEMCPY(fullName + idx, WOLFSSL_COUNTRY_NAME, 3); 30542 idx += 3; 30543 if (dName->cIdx == -1) 30544 XMEMCPY(fullName + idx, data, dName->cLen); 30545 else { 30546 XMEMCPY(fullName + idx, dName->fullName + dName->cIdx, 30547 dName->cLen); 30548 } 30549 dName->cIdx = idx; 30550 idx += dName->cLen; 30551 } 30552 if (dName->lLen != 0) { 30553 dName->entryCount++; 30554 XMEMCPY(fullName + idx, WOLFSSL_LOCALITY_NAME, 3); 30555 idx += 3; 30556 if (dName->lIdx == -1) 30557 XMEMCPY(fullName + idx, data, dName->lLen); 30558 else { 30559 XMEMCPY(fullName + idx, dName->fullName + dName->lIdx, 30560 dName->lLen); 30561 } 30562 dName->lIdx = idx; 30563 idx += dName->lLen; 30564 } 30565 if (dName->stLen != 0) { 30566 dName->entryCount++; 30567 XMEMCPY(fullName + idx, WOLFSSL_STATE_NAME, 4); 30568 idx += 4; 30569 if (dName->stIdx == -1) 30570 XMEMCPY(fullName + idx, data, dName->stLen); 30571 else { 30572 XMEMCPY(fullName + idx, dName->fullName + dName->stIdx, 30573 dName->stLen); 30574 } 30575 dName->stIdx = idx; 30576 idx += dName->stLen; 30577 } 30578 if (dName->oLen != 0) { 30579 dName->entryCount++; 30580 XMEMCPY(fullName + idx, WOLFSSL_ORG_NAME, 3); 30581 idx += 3; 30582 if (dName->oIdx == -1) 30583 XMEMCPY(fullName + idx, data, dName->oLen); 30584 else { 30585 XMEMCPY(fullName + idx, dName->fullName + dName->oIdx, 30586 dName->oLen); 30587 } 30588 dName->oIdx = idx; 30589 idx += dName->oLen; 30590 } 30591 if (dName->ouLen != 0) { 30592 dName->entryCount++; 30593 XMEMCPY(fullName + idx, WOLFSSL_ORGUNIT_NAME, 4); 30594 idx += 4; 30595 if (dName->ouIdx == -1) 30596 XMEMCPY(fullName + idx, data, dName->ouLen); 30597 else { 30598 XMEMCPY(fullName + idx, dName->fullName + dName->ouIdx, 30599 dName->ouLen); 30600 } 30601 dName->ouIdx = idx; 30602 idx += dName->ouLen; 30603 } 30604 if (dName->emailLen != 0) { 30605 dName->entryCount++; 30606 XMEMCPY(fullName + idx, "/emailAddress=", 14); 30607 idx += 14; 30608 if (dName->emailIdx == -1) 30609 XMEMCPY(fullName + idx, data, dName->emailLen); 30610 else { 30611 XMEMCPY(fullName + idx, dName->fullName + dName->emailIdx, 30612 dName->emailLen); 30613 } 30614 dName->emailIdx = idx; 30615 idx += dName->emailLen; 30616 } 30617 if (dName->dcNum != 0) { 30618 for (i = 0; i < dName->dcNum; i++) { 30619 dName->entryCount++; 30620 XMEMCPY(fullName + idx, WOLFSSL_DOMAIN_COMPONENT, 4); 30621 idx += 4; 30622 XMEMCPY(fullName + idx, dName->fullName + dName->dcIdx[i], 30623 dName->dcLen[i]); 30624 dName->dcIdx[i] = idx; 30625 idx += dName->dcLen[i]; 30626 } 30627 } 30628 if (dName->uidLen != 0) { 30629 dName->entryCount++; 30630 XMEMCPY(fullName + idx, "/UID=", 5); 30631 idx += 5; 30632 if (dName->uidIdx == -1) 30633 XMEMCPY(fullName + idx, data, dName->uidLen); 30634 else { 30635 XMEMCPY(fullName + idx, dName->fullName + dName->uidIdx, 30636 dName->uidLen); 30637 } 30638 dName->uidIdx = idx; 30639 idx += dName->uidLen; 30640 } 30641 if (dName->serialLen != 0) { 30642 dName->entryCount++; 30643 XMEMCPY(fullName + idx, WOLFSSL_SERIAL_NUMBER, 14); 30644 idx += 14; 30645 if (dName->serialIdx == -1) 30646 XMEMCPY(fullName + idx, data, dName->serialLen); 30647 else { 30648 XMEMCPY(fullName + idx, dName->fullName + dName->serialIdx, 30649 dName->serialLen); 30650 } 30651 dName->serialIdx = idx; 30652 idx += dName->serialLen; 30653 } 30654 30655 if (dName->fullName != NULL) 30656 XFREE(dName->fullName, NULL, DYNAMIC_TYPE_X509); 30657 dName->fullName = fullName; 30658 dName->fullNameLen = idx; 30659 30660 return 0; 30661 } 30662 30663 /* Copies entry into name. With it being copied freeing entry becomes the 30664 * callers responsibility. 30665 * returns 1 for success and 0 for error */ 30666 int wolfSSL_X509_NAME_add_entry(WOLFSSL_X509_NAME* name, 30667 WOLFSSL_X509_NAME_ENTRY* entry, int idx, int set) 30668 { 30669 int i; 30670 int fullName = 1; 30671 30672 WOLFSSL_ENTER("wolfSSL_X509_NAME_add_entry()"); 30673 30674 switch (entry->nid) { 30675 case ASN_COMMON_NAME: 30676 name->fullName.cnIdx = -1; 30677 name->fullName.cnLen = entry->value->length; 30678 name->fullName.cnNid = entry->nid; 30679 break; 30680 case ASN_SUR_NAME: 30681 name->fullName.snIdx = -1; 30682 name->fullName.snLen = entry->value->length; 30683 name->fullName.snNid = entry->nid; 30684 break; 30685 case ASN_SERIAL_NUMBER: 30686 name->fullName.serialIdx = -1; 30687 name->fullName.serialLen = entry->value->length; 30688 name->fullName.serialNid = entry->nid; 30689 break; 30690 case ASN_COUNTRY_NAME: 30691 name->fullName.cIdx = -1; 30692 name->fullName.cLen = entry->value->length; 30693 name->fullName.cNid = entry->nid; 30694 break; 30695 case ASN_LOCALITY_NAME: 30696 name->fullName.lIdx = -1; 30697 name->fullName.lLen = entry->value->length; 30698 name->fullName.lNid = entry->nid; 30699 break; 30700 case ASN_STATE_NAME: 30701 name->fullName.stIdx = -1; 30702 name->fullName.stLen = entry->value->length; 30703 name->fullName.stNid = entry->nid; 30704 break; 30705 case ASN_ORG_NAME: 30706 name->fullName.oIdx = -1; 30707 name->fullName.oLen = entry->value->length; 30708 name->fullName.oNid = entry->nid; 30709 break; 30710 case ASN_ORGUNIT_NAME: 30711 name->fullName.ouIdx = -1; 30712 name->fullName.ouLen = entry->value->length; 30713 name->fullName.ouNid = entry->nid; 30714 break; 30715 case NID_emailAddress: 30716 name->fullName.emailIdx = -1; 30717 name->fullName.emailLen = entry->value->length; 30718 name->fullName.emailNid = entry->nid; 30719 break; 30720 case ASN_USER_ID: 30721 name->fullName.uidIdx = -1; 30722 name->fullName.uidLen = entry->value->length; 30723 name->fullName.uidNid = entry->nid; 30724 break; 30725 case ASN_DOMAIN_COMPONENT: 30726 name->fullName.dcIdx[0] = -1; 30727 name->fullName.dcLen[0] = entry->value->length; 30728 break; 30729 default: 30730 fullName = 0; 30731 break; 30732 } 30733 30734 if (fullName) { 30735 if (RebuildFullNameAdd(&name->fullName, entry->value->data) != 0) 30736 return WOLFSSL_FAILURE; 30737 } 30738 else { 30739 for (i = 0; i < MAX_NAME_ENTRIES; i++) { 30740 if (name->extra[i].set != 1) { /* not set so overwrited */ 30741 WOLFSSL_X509_NAME_ENTRY* current = &(name->extra[i]); 30742 WOLFSSL_ASN1_STRING* str; 30743 30744 WOLFSSL_MSG("Found place for name entry"); 30745 30746 XMEMCPY(current, entry, sizeof(WOLFSSL_X509_NAME_ENTRY)); 30747 str = entry->value; 30748 XMEMCPY(&(current->data), str, sizeof(WOLFSSL_ASN1_STRING)); 30749 current->value = &(current->data); 30750 current->data.data = (char*)XMALLOC(str->length, 30751 name->x509->heap, DYNAMIC_TYPE_OPENSSL); 30752 30753 if (current->data.data == NULL) { 30754 return SSL_FAILURE; 30755 } 30756 XMEMCPY(current->data.data, str->data, str->length); 30757 30758 /* make sure is null terminated */ 30759 current->data.data[str->length - 1] = '\0'; 30760 30761 current->set = 1; /* make sure now listed as set */ 30762 break; 30763 } 30764 } 30765 30766 if (i == MAX_NAME_ENTRIES) { 30767 WOLFSSL_MSG("No spot found for name entry"); 30768 return SSL_FAILURE; 30769 } 30770 } 30771 30772 (void)idx; 30773 (void)set; 30774 return SSL_SUCCESS; 30775 } 30776 30777 typedef struct WOLFSSL_ObjectInfo { 30778 int nid; 30779 int id; 30780 word32 type; 30781 const char* sName; 30782 } WOLFSSL_ObjectInfo; 30783 30784 static WOLFSSL_ObjectInfo wolfssl_object_info[] = { 30785 /* oidHashType */ 30786 #ifdef WOLFSSL_MD2 30787 { NID_md2, MD2h, oidHashType, "md2" }, 30788 #endif 30789 #ifdef WOLFSSL_MD5 30790 { NID_md5, MD5h, oidHashType, "md5" }, 30791 #endif 30792 #ifndef NO_SHA 30793 { NID_sha1, SHAh, oidHashType, "sha" }, 30794 #endif 30795 #ifdef WOLFSSL_SHA224 30796 { NID_sha224, SHA224h, oidHashType, "sha224" }, 30797 #endif 30798 #ifndef NO_SHA256 30799 { NID_sha256, SHA256h, oidHashType, "sha256" }, 30800 #endif 30801 #ifdef WOLFSSL_SHA384 30802 { NID_sha384, SHA384h, oidHashType, "sha384" }, 30803 #endif 30804 #ifdef WOLFSSL_SHA512 30805 { NID_sha512, SHA512h, oidHashType, "sha512" }, 30806 #endif 30807 30808 /* oidSigType */ 30809 #ifndef NO_DSA 30810 #ifndef NO_SHA 30811 { CTC_SHAwDSA, CTC_SHAwDSA, oidSigType, "shaWithDSA" }, 30812 #endif 30813 #endif /* NO_DSA */ 30814 #ifndef NO_RSA 30815 #ifdef WOLFSSL_MD2 30816 { CTC_MD2wRSA, CTC_MD2wRSA, oidSigType, "md2WithRSA" }, 30817 #endif 30818 #ifndef NO_MD5 30819 { CTC_MD5wRSA, CTC_MD5wRSA, oidSigType, "md5WithRSA" }, 30820 #endif 30821 #ifndef NO_SHA 30822 { CTC_SHAwRSA, CTC_SHAwRSA, oidSigType, "shaWithRSA" }, 30823 #endif 30824 #ifdef WOLFSSL_SHA224 30825 { CTC_SHA224wRSA, CTC_SHA224wRSA, oidSigType, "sha224WithRSA" }, 30826 #endif 30827 #ifndef NO_SHA256 30828 { CTC_SHA256wRSA, CTC_SHA256wRSA, oidSigType, "sha256WithRSA" }, 30829 #endif 30830 #ifdef WOLFSSL_SHA384 30831 { CTC_SHA384wRSA, CTC_SHA384wRSA, oidSigType, "sha384WithRSA" }, 30832 #endif 30833 #ifdef WOLFSSL_SHA512 30834 { CTC_SHA512wRSA, CTC_SHA512wRSA, oidSigType, "sha512WithRSA" }, 30835 #endif 30836 #endif /* NO_RSA */ 30837 #ifdef HAVE_ECC 30838 #ifndef NO_SHA 30839 { CTC_SHAwECDSA, CTC_SHAwECDSA, oidSigType, "shaWithECDSA" }, 30840 #endif 30841 #ifdef WOLFSSL_SHA224 30842 { CTC_SHA224wECDSA, CTC_SHA224wECDSA, oidSigType, "sha224WithECDSA" }, 30843 #endif 30844 #ifndef NO_SHA256 30845 { CTC_SHA256wECDSA, CTC_SHA256wECDSA, oidSigType, "sha256WithECDSA" }, 30846 #endif 30847 #ifdef WOLFSSL_SHA384 30848 { CTC_SHA384wECDSA, CTC_SHA384wECDSA, oidSigType, "sha384WithECDSA" }, 30849 #endif 30850 #ifdef WOLFSSL_SHA512 30851 { CTC_SHA512wECDSA, CTC_SHA512wECDSA, oidSigType, "sha512WithECDSA" }, 30852 #endif 30853 #endif /* HAVE_ECC */ 30854 30855 /* oidKeyType */ 30856 #ifndef NO_DSA 30857 { DSAk, DSAk, oidKeyType, "DSA key" }, 30858 #endif /* NO_DSA */ 30859 #ifndef NO_RSA 30860 { RSAk, RSAk, oidKeyType, "RSA key" }, 30861 #endif /* NO_RSA */ 30862 #ifdef HAVE_NTRU 30863 { NTRUk, NTRUk, oidKeyType, "NTRU key" }, 30864 #endif /* HAVE_NTRU */ 30865 #ifdef HAVE_ECC 30866 { ECDSAk, ECDSAk, oidKeyType, "ECDSA key" }, 30867 #endif /* HAVE_ECC */ 30868 30869 /* oidBlkType */ 30870 #ifdef WOLFSSL_AES_128 30871 { AES128CBCb, AES128CBCb, oidBlkType, "AES-128-CBC" }, 30872 #endif 30873 #ifdef WOLFSSL_AES_192 30874 { AES192CBCb, AES192CBCb, oidBlkType, "AES-192-CBC" }, 30875 #endif 30876 #ifdef WOLFSSL_AES_256 30877 { AES256CBCb, AES256CBCb, oidBlkType, "AES-256-CBC" }, 30878 #endif 30879 #ifndef NO_DES3 30880 { NID_des, DESb, oidBlkType, "DES-CBC" }, 30881 { NID_des3, DES3b, oidBlkType, "DES3-CBC" }, 30882 #endif /* !NO_DES3 */ 30883 30884 /* oidOcspType */ 30885 #ifdef HAVE_OCSP 30886 { NID_id_pkix_OCSP_basic, OCSP_BASIC_OID, oidOcspType, "OCSP_basic" }, 30887 { OCSP_NONCE_OID, OCSP_NONCE_OID, oidOcspType, "OCSP_nonce" }, 30888 #endif /* HAVE_OCSP */ 30889 30890 #ifndef NO_CERT 30891 /* oidCertExtType */ 30892 { BASIC_CA_OID, BASIC_CA_OID, oidCertExtType, "X509 basic ca" }, 30893 { ALT_NAMES_OID, ALT_NAMES_OID, oidCertExtType, "X509 alt names" }, 30894 { CRL_DIST_OID, CRL_DIST_OID, oidCertExtType, "X509 crl" }, 30895 { AUTH_INFO_OID, AUTH_INFO_OID, oidCertExtType, "X509 auth info" }, 30896 { AUTH_KEY_OID, AUTH_KEY_OID, oidCertExtType, "X509 auth key" }, 30897 { SUBJ_KEY_OID, SUBJ_KEY_OID, oidCertExtType, "X509 subject key" }, 30898 { KEY_USAGE_OID, KEY_USAGE_OID, oidCertExtType, "X509 key usage" }, 30899 { INHIBIT_ANY_OID, INHIBIT_ANY_OID, oidCertExtType, 30900 "X509 inhibit any" }, 30901 { NID_ext_key_usage, KEY_USAGE_OID, oidCertExtType, 30902 "X509 ext key usage" }, 30903 { NID_name_constraints, NAME_CONS_OID, oidCertExtType, 30904 "X509 name constraints" }, 30905 { NID_certificate_policies, CERT_POLICY_OID, oidCertExtType, 30906 "X509 certificate policies" }, 30907 30908 /* oidCertAuthInfoType */ 30909 { AIA_OCSP_OID, AIA_OCSP_OID, oidCertAuthInfoType, "Cert Auth OCSP" }, 30910 { AIA_CA_ISSUER_OID, AIA_CA_ISSUER_OID, oidCertAuthInfoType, 30911 "Cert Auth CA Issuer" }, 30912 30913 /* oidCertPolicyType */ 30914 { NID_any_policy, CP_ANY_OID, oidCertPolicyType, "Cert any policy" }, 30915 30916 /* oidCertAltNameType */ 30917 { NID_hw_name_oid, HW_NAME_OID, oidCertAltNameType, "Hardware name" }, 30918 30919 /* oidCertKeyUseType */ 30920 { NID_anyExtendedKeyUsage, EKU_ANY_OID, oidCertKeyUseType, 30921 "Cert any extended key" }, 30922 { EKU_SERVER_AUTH_OID, EKU_SERVER_AUTH_OID, oidCertKeyUseType, 30923 "Cert server auth key" }, 30924 { EKU_CLIENT_AUTH_OID, EKU_CLIENT_AUTH_OID, oidCertKeyUseType, 30925 "Cert client auth key" }, 30926 { EKU_OCSP_SIGN_OID, EKU_OCSP_SIGN_OID, oidCertKeyUseType, 30927 "Cert OCSP sign key" }, 30928 30929 /* oidCertNameType */ 30930 { NID_commonName, NID_commonName, oidCertNameType, "commonName" }, 30931 { NID_surname, NID_surname, oidCertNameType, "surname" }, 30932 { NID_serialNumber, NID_serialNumber, oidCertNameType, "serialNumber" }, 30933 { NID_countryName, NID_countryName, oidCertNameType, "countryName" }, 30934 { NID_localityName, NID_localityName, oidCertNameType, "localityName" }, 30935 { NID_stateOrProvinceName, NID_stateOrProvinceName, oidCertNameType, 30936 "stateOrProvinceName" }, 30937 { NID_organizationName, NID_organizationName, oidCertNameType, 30938 "organizationName" }, 30939 { NID_organizationalUnitName, NID_organizationalUnitName, 30940 oidCertNameType, "organizationalUnitName" }, 30941 { NID_emailAddress, NID_emailAddress, oidCertNameType, "emailAddress" }, 30942 #endif 30943 30944 #ifndef NO_PWDBASED 30945 /* oidKdfType */ 30946 { PBKDF2_OID, PBKDF2_OID, oidKdfType, "PBKDFv2" }, 30947 30948 /* oidPBEType */ 30949 { PBE_SHA1_RC4_128, PBE_SHA1_RC4_128, oidPBEType, 30950 "PBE shaWithRC4-128" }, 30951 { PBE_SHA1_DES, PBE_SHA1_DES, oidPBEType, "PBE shaWithDES" }, 30952 { PBE_SHA1_DES3, PBE_SHA1_DES3, oidPBEType, "PBE shaWithDES3" }, 30953 #endif 30954 30955 /* oidKeyWrapType */ 30956 #ifdef WOLFSSL_AES_128 30957 { AES128_WRAP, AES128_WRAP, oidKeyWrapType, "AES-128 wrap" }, 30958 #endif 30959 #ifdef WOLFSSL_AES_192 30960 { AES192_WRAP, AES192_WRAP, oidKeyWrapType, "AES-192 wrap" }, 30961 #endif 30962 #ifdef WOLFSSL_AES_256 30963 { AES256_WRAP, AES256_WRAP, oidKeyWrapType, "AES-256 wrap" }, 30964 #endif 30965 30966 #ifndef NO_PKCS7 30967 #ifndef NO_DH 30968 /* oidCmsKeyAgreeType */ 30969 #ifndef NO_SHA 30970 { dhSinglePass_stdDH_sha1kdf_scheme, dhSinglePass_stdDH_sha1kdf_scheme, 30971 oidCmsKeyAgreeType, "DH-SHA kdf" }, 30972 #endif 30973 #ifdef WOLFSSL_SHA224 30974 { dhSinglePass_stdDH_sha224kdf_scheme, 30975 dhSinglePass_stdDH_sha224kdf_scheme, oidCmsKeyAgreeType, 30976 "DH-SHA224 kdf" }, 30977 #endif 30978 #ifndef NO_SHA256 30979 { dhSinglePass_stdDH_sha256kdf_scheme, 30980 dhSinglePass_stdDH_sha256kdf_scheme, oidCmsKeyAgreeType, 30981 "DH-SHA256 kdf" }, 30982 #endif 30983 #ifdef WOLFSSL_SHA384 30984 { dhSinglePass_stdDH_sha384kdf_scheme, 30985 dhSinglePass_stdDH_sha384kdf_scheme, oidCmsKeyAgreeType, 30986 "DH-SHA384 kdf" }, 30987 #endif 30988 #ifdef WOLFSSL_SHA512 30989 { dhSinglePass_stdDH_sha512kdf_scheme, 30990 dhSinglePass_stdDH_sha512kdf_scheme, oidCmsKeyAgreeType, 30991 "DH-SHA512 kdf" }, 30992 #endif 30993 #endif 30994 #endif 30995 }; 30996 30997 #define WOLFSSL_OBJECT_INFO_SZ \ 30998 (sizeof(wolfssl_object_info) / sizeof(*wolfssl_object_info)) 30999 31000 int wolfSSL_X509_NAME_add_entry_by_txt(WOLFSSL_X509_NAME *name, 31001 const char *field, int type, 31002 const unsigned char *bytes, int len, 31003 int loc, int set) 31004 { 31005 int ret; 31006 int i; 31007 WOLFSSL_X509_NAME_ENTRY* entry; 31008 size_t fieldSz; 31009 31010 (void)type; 31011 31012 if (name == NULL || field == NULL) 31013 return WOLFSSL_FAILURE; 31014 31015 fieldSz = XSTRLEN(field); 31016 for (i = 0; i < (int)WOLFSSL_OBJECT_INFO_SZ; i++) { 31017 if (XSTRNCMP(field, wolfssl_object_info[i].sName, fieldSz) == 0) 31018 break; 31019 } 31020 31021 if (i == WOLFSSL_OBJECT_INFO_SZ) 31022 return WOLFSSL_FAILURE; 31023 31024 entry = wolfSSL_X509_NAME_ENTRY_create_by_NID(NULL, 31025 wolfssl_object_info[i].nid, type, (unsigned char*)bytes, len); 31026 if (entry == NULL) 31027 return WOLFSSL_FAILURE; 31028 31029 ret = wolfSSL_X509_NAME_add_entry(name, entry, loc, set); 31030 wolfSSL_X509_NAME_ENTRY_free(entry); 31031 return ret; 31032 } 23468 31033 #endif /* ifndef NO_CERTS */ 23469 31034 23470 #ifndef NO_CERTS 23471 void wolfSSL_X509_NAME_free(WOLFSSL_X509_NAME *name){ 23472 FreeX509Name(name, NULL); 23473 WOLFSSL_ENTER("wolfSSL_X509_NAME_free"); 23474 } 23475 #endif /* NO_CERTS */ 23476 23477 #if defined(HAVE_LIGHTY) || defined(WOLFSSL_MYSQL_COMPATIBLE) || \ 23478 defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \ 23479 defined(HAVE_POCO_LIB) || defined (WOLFSSL_HAPROXY) 23480 23481 unsigned char *wolfSSL_SHA1(const unsigned char *d, size_t n, unsigned char *md) 31035 31036 /* NID variables are dependent on compatibility header files currently 31037 * 31038 * returns a pointer to a new WOLFSSL_ASN1_OBJECT struct on success and NULL 31039 * on fail 31040 */ 31041 31042 WOLFSSL_ASN1_OBJECT* wolfSSL_OBJ_nid2obj(int id) 23482 31043 { 23483 (void) *d; (void) n; (void) *md; 31044 return wolfSSL_OBJ_nid2obj_ex(id, NULL); 31045 } 31046 31047 31048 WOLFSSL_LOCAL WOLFSSL_ASN1_OBJECT* wolfSSL_OBJ_nid2obj_ex(int id, 31049 WOLFSSL_ASN1_OBJECT* arg_obj) 31050 { 31051 word32 oidSz = 0; 31052 const byte* oid; 31053 word32 type = 0; 31054 WOLFSSL_ASN1_OBJECT* obj = arg_obj; 31055 byte objBuf[MAX_OID_SZ + MAX_LENGTH_SZ + 1]; /* +1 for object tag */ 31056 word32 objSz = 0; 31057 const char* sName = NULL; 31058 int i; 31059 31060 WOLFSSL_ENTER("wolfSSL_OBJ_nid2obj()"); 31061 31062 for (i = 0; i < (int)WOLFSSL_OBJECT_INFO_SZ; i++) { 31063 if (wolfssl_object_info[i].nid == id) { 31064 id = wolfssl_object_info[i].id; 31065 sName = wolfssl_object_info[i].sName; 31066 type = wolfssl_object_info[i].type; 31067 break; 31068 } 31069 } 31070 if (i == (int)WOLFSSL_OBJECT_INFO_SZ) { 31071 WOLFSSL_MSG("NID not in table"); 31072 return NULL; 31073 } 31074 31075 #ifdef HAVE_ECC 31076 if (type == 0 && wc_ecc_get_oid(id, &oid, &oidSz) > 0) { 31077 type = oidCurveType; 31078 } 31079 #endif /* HAVE_ECC */ 31080 31081 if (sName != NULL) { 31082 if (XSTRLEN(sName) > WOLFSSL_MAX_SNAME - 1) { 31083 WOLFSSL_MSG("Attempted short name is too large"); 31084 return NULL; 31085 } 31086 } 31087 31088 oid = OidFromId(id, type, &oidSz); 31089 31090 /* set object ID to buffer */ 31091 if (obj == NULL){ 31092 obj = wolfSSL_ASN1_OBJECT_new(); 31093 if (obj == NULL) { 31094 WOLFSSL_MSG("Issue creating WOLFSSL_ASN1_OBJECT struct"); 31095 return NULL; 31096 } 31097 obj->dynamic |= WOLFSSL_ASN1_DYNAMIC; 31098 } else { 31099 obj->dynamic &= ~WOLFSSL_ASN1_DYNAMIC; 31100 } 31101 obj->type = id; 31102 obj->grp = type; 31103 31104 obj->sName[0] = '\0'; 31105 if (sName != NULL) { 31106 XMEMCPY(obj->sName, (char*)sName, XSTRLEN((char*)sName)); 31107 } 31108 31109 objBuf[0] = ASN_OBJECT_ID; objSz++; 31110 objSz += SetLength(oidSz, objBuf + 1); 31111 XMEMCPY(objBuf + objSz, oid, oidSz); 31112 objSz += oidSz; 31113 obj->objSz = objSz; 31114 if(((obj->dynamic & WOLFSSL_ASN1_DYNAMIC_DATA) != 0) || 31115 (((obj->dynamic & WOLFSSL_ASN1_DYNAMIC_DATA) == 0) && 31116 (obj->obj == NULL))) { 31117 obj->obj = (byte*)XREALLOC((byte*)obj->obj, obj->objSz, NULL, 31118 DYNAMIC_TYPE_ASN1); 31119 if (obj->obj == NULL) { 31120 wolfSSL_ASN1_OBJECT_free(obj); 31121 return NULL; 31122 } 31123 obj->dynamic |= WOLFSSL_ASN1_DYNAMIC_DATA ; 31124 } else { 31125 obj->dynamic &= ~WOLFSSL_ASN1_DYNAMIC_DATA ; 31126 } 31127 XMEMCPY((byte*)obj->obj, objBuf, obj->objSz); 31128 31129 (void)type; 31130 31131 return obj; 31132 } 31133 31134 31135 /* if no_name is one than use numerical form otherwise can be short name. 31136 * 31137 * returns the buffer size on success 31138 */ 31139 int wolfSSL_OBJ_obj2txt(char *buf, int bufLen, WOLFSSL_ASN1_OBJECT *a, int no_name) 31140 { 31141 int bufSz; 31142 31143 WOLFSSL_ENTER("wolfSSL_OBJ_obj2txt()"); 31144 31145 if (buf == NULL || bufLen <= 1 || a == NULL) { 31146 WOLFSSL_MSG("Bad input argument"); 31147 return WOLFSSL_FAILURE; 31148 } 31149 31150 if (no_name == 1) { 31151 int length; 31152 word32 idx = 0; 31153 31154 if (a->obj[idx++] != ASN_OBJECT_ID) { 31155 WOLFSSL_MSG("Bad ASN1 Object"); 31156 return WOLFSSL_FAILURE; 31157 } 31158 31159 if (GetLength((const byte*)a->obj, &idx, &length, 31160 a->objSz) < 0 || length < 0) { 31161 return ASN_PARSE_E; 31162 } 31163 31164 if (bufLen < MAX_OID_STRING_SZ) { 31165 bufSz = bufLen - 1; 31166 } 31167 else { 31168 bufSz = MAX_OID_STRING_SZ; 31169 } 31170 31171 if ((bufSz = DecodePolicyOID(buf, (word32)bufSz, a->obj + idx, 31172 (word32)length)) <= 0) { 31173 WOLFSSL_MSG("Error decoding OID"); 31174 return WOLFSSL_FAILURE; 31175 } 31176 31177 } 31178 else { /* return short name */ 31179 if (XSTRLEN(a->sName) + 1 < (word32)bufLen - 1) { 31180 bufSz = (int)XSTRLEN(a->sName); 31181 } 31182 else { 31183 bufSz = bufLen - 1; 31184 } 31185 XMEMCPY(buf, a->sName, bufSz); 31186 } 31187 31188 buf[bufSz] = '\0'; 31189 return bufSz; 31190 } 31191 31192 #if defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY) || \ 31193 defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(HAVE_STUNNEL) || \ 31194 defined(WOLFSSL_NGINX) || defined(HAVE_POCO_LIB) || \ 31195 defined(WOLFSSL_HAPROXY) 31196 31197 #ifndef NO_SHA 31198 /* One shot SHA1 hash of message. 31199 * 31200 * d message to hash 31201 * n size of d buffer 31202 * md buffer to hold digest. Should be SHA_DIGEST_SIZE. 31203 * 31204 * Note: if md is null then a static buffer of SHA_DIGEST_SIZE is used. 31205 * When the static buffer is used this function is not thread safe. 31206 * 31207 * Returns a pointer to the message digest on success and NULL on failure. 31208 */ 31209 unsigned char *wolfSSL_SHA1(const unsigned char *d, size_t n, 31210 unsigned char *md) 31211 { 31212 static byte dig[WC_SHA_DIGEST_SIZE]; 31213 wc_Sha sha; 31214 23484 31215 WOLFSSL_ENTER("wolfSSL_SHA1"); 23485 WOLFSSL_STUB("wolfssl_SHA1"); 23486 23487 return NULL; 23488 } 31216 31217 if (wc_InitSha_ex(&sha, NULL, 0) != 0) { 31218 WOLFSSL_MSG("SHA1 Init failed"); 31219 return NULL; 31220 } 31221 31222 if (wc_ShaUpdate(&sha, (const byte*)d, (word32)n) != 0) { 31223 WOLFSSL_MSG("SHA1 Update failed"); 31224 return NULL; 31225 } 31226 31227 if (wc_ShaFinal(&sha, dig) != 0) { 31228 WOLFSSL_MSG("SHA1 Final failed"); 31229 return NULL; 31230 } 31231 31232 wc_ShaFree(&sha); 31233 31234 if (md != NULL) { 31235 XMEMCPY(md, dig, WC_SHA_DIGEST_SIZE); 31236 return md; 31237 } 31238 else { 31239 return (unsigned char*)dig; 31240 } 31241 } 31242 #endif /* ! NO_SHA */ 31243 31244 #ifndef NO_SHA256 31245 /* One shot SHA256 hash of message. 31246 * 31247 * d message to hash 31248 * n size of d buffer 31249 * md buffer to hold digest. Should be WC_SHA256_DIGEST_SIZE. 31250 * 31251 * Note: if md is null then a static buffer of WC_SHA256_DIGEST_SIZE is used. 31252 * When the static buffer is used this function is not thread safe. 31253 * 31254 * Returns a pointer to the message digest on success and NULL on failure. 31255 */ 31256 unsigned char *wolfSSL_SHA256(const unsigned char *d, size_t n, 31257 unsigned char *md) 31258 { 31259 static byte dig[WC_SHA256_DIGEST_SIZE]; 31260 wc_Sha256 sha; 31261 31262 WOLFSSL_ENTER("wolfSSL_SHA256"); 31263 31264 if (wc_InitSha256_ex(&sha, NULL, 0) != 0) { 31265 WOLFSSL_MSG("SHA256 Init failed"); 31266 return NULL; 31267 } 31268 31269 if (wc_Sha256Update(&sha, (const byte*)d, (word32)n) != 0) { 31270 WOLFSSL_MSG("SHA256 Update failed"); 31271 return NULL; 31272 } 31273 31274 if (wc_Sha256Final(&sha, dig) != 0) { 31275 WOLFSSL_MSG("SHA256 Final failed"); 31276 return NULL; 31277 } 31278 31279 wc_Sha256Free(&sha); 31280 31281 if (md != NULL) { 31282 XMEMCPY(md, dig, WC_SHA256_DIGEST_SIZE); 31283 return md; 31284 } 31285 else { 31286 return (unsigned char*)dig; 31287 } 31288 } 31289 #endif /* ! NO_SHA256 */ 31290 31291 #ifdef WOLFSSL_SHA384 31292 /* One shot SHA384 hash of message. 31293 * 31294 * d message to hash 31295 * n size of d buffer 31296 * md buffer to hold digest. Should be WC_SHA256_DIGEST_SIZE. 31297 * 31298 * Note: if md is null then a static buffer of WC_SHA256_DIGEST_SIZE is used. 31299 * When the static buffer is used this function is not thread safe. 31300 * 31301 * Returns a pointer to the message digest on success and NULL on failure. 31302 */ 31303 unsigned char *wolfSSL_SHA384(const unsigned char *d, size_t n, 31304 unsigned char *md) 31305 { 31306 static byte dig[WC_SHA384_DIGEST_SIZE]; 31307 wc_Sha384 sha; 31308 31309 WOLFSSL_ENTER("wolfSSL_SHA384"); 31310 31311 if (wc_InitSha384_ex(&sha, NULL, 0) != 0) { 31312 WOLFSSL_MSG("SHA384 Init failed"); 31313 return NULL; 31314 } 31315 31316 if (wc_Sha384Update(&sha, (const byte*)d, (word32)n) != 0) { 31317 WOLFSSL_MSG("SHA384 Update failed"); 31318 return NULL; 31319 } 31320 31321 if (wc_Sha384Final(&sha, dig) != 0) { 31322 WOLFSSL_MSG("SHA384 Final failed"); 31323 return NULL; 31324 } 31325 31326 wc_Sha384Free(&sha); 31327 31328 if (md != NULL) { 31329 XMEMCPY(md, dig, WC_SHA384_DIGEST_SIZE); 31330 return md; 31331 } 31332 else { 31333 return (unsigned char*)dig; 31334 } 31335 } 31336 #endif /* WOLFSSL_SHA384 */ 31337 31338 31339 #if defined(WOLFSSL_SHA512) 31340 /* One shot SHA512 hash of message. 31341 * 31342 * d message to hash 31343 * n size of d buffer 31344 * md buffer to hold digest. Should be WC_SHA256_DIGEST_SIZE. 31345 * 31346 * Note: if md is null then a static buffer of WC_SHA256_DIGEST_SIZE is used. 31347 * When the static buffer is used this function is not thread safe. 31348 * 31349 * Returns a pointer to the message digest on success and NULL on failure. 31350 */ 31351 unsigned char *wolfSSL_SHA512(const unsigned char *d, size_t n, 31352 unsigned char *md) 31353 { 31354 static byte dig[WC_SHA512_DIGEST_SIZE]; 31355 wc_Sha512 sha; 31356 31357 WOLFSSL_ENTER("wolfSSL_SHA512"); 31358 31359 if (wc_InitSha512_ex(&sha, NULL, 0) != 0) { 31360 WOLFSSL_MSG("SHA512 Init failed"); 31361 return NULL; 31362 } 31363 31364 if (wc_Sha512Update(&sha, (const byte*)d, (word32)n) != 0) { 31365 WOLFSSL_MSG("SHA512 Update failed"); 31366 return NULL; 31367 } 31368 31369 if (wc_Sha512Final(&sha, dig) != 0) { 31370 WOLFSSL_MSG("SHA512 Final failed"); 31371 return NULL; 31372 } 31373 31374 wc_Sha512Free(&sha); 31375 31376 if (md != NULL) { 31377 XMEMCPY(md, dig, WC_SHA512_DIGEST_SIZE); 31378 return md; 31379 } 31380 else { 31381 return (unsigned char*)dig; 31382 } 31383 } 31384 #endif /* defined(WOLFSSL_SHA512) */ 23489 31385 23490 31386 char wolfSSL_CTX_use_certificate(WOLFSSL_CTX *ctx, WOLFSSL_X509 *x) 23491 31387 { 23492 31388 int ret; 23493 31389 … … 23506 31402 FreeX509(ctx->ourCert); 23507 31403 XFREE(ctx->ourCert, ctx->heap, DYNAMIC_TYPE_X509); 23508 } 31404 } 31405 #ifndef WOLFSSL_X509_STORE_CERTS 23509 31406 ctx->ourCert = x; 31407 #else 31408 ctx->ourCert = wolfSSL_X509_d2i(NULL, x->derCert->buffer,x->derCert->length); 31409 if(ctx->ourCert == NULL){ 31410 return 0; 31411 } 31412 #endif 31413 23510 31414 ctx->ownOurCert = 0; 23511 31415 #endif … … 23521 31425 case ECDSAk: 23522 31426 ctx->haveECC = 1; 23523 #if def HAVE_ECC31427 #if defined(HAVE_ECC) || defined(HAVE_ED25519) 23524 31428 ctx->pkCurveOID = x->pkCurveOID; 23525 31429 #endif 23526 31430 break; 23527 } 23528 23529 return WOLFSSL_SUCCESS; 23530 } 23531 31431 } 31432 31433 return WOLFSSL_SUCCESS; 31434 } 31435 31436 #ifndef NO_WOLFSSL_STUB 23532 31437 int wolfSSL_BIO_read_filename(WOLFSSL_BIO *b, const char *name) { 23533 31438 #ifndef NO_FILESYSTEM … … 23536 31441 WOLFSSL_ENTER("wolfSSL_BIO_new_file"); 23537 31442 23538 if ((wolfSSL_BIO_get_fp(b, &fp) == WOLFSSL_SUCCESS) && (fp != NULL))23539 31443 if ((wolfSSL_BIO_get_fp(b, &fp) == WOLFSSL_SUCCESS) && (fp != XBADFILE)) 31444 { 23540 31445 XFCLOSE(fp); 23541 31446 } 23542 31447 23543 31448 fp = XFOPEN(name, "r"); 23544 if (fp == NULL)31449 if (fp == XBADFILE) 23545 31450 return WOLFSSL_BAD_FILE; 23546 31451 … … 23558 31463 #endif 23559 31464 } 31465 #endif 23560 31466 23561 31467 #ifdef HAVE_ECC … … 23568 31474 if (n == ecc_sets[i].id) { 23569 31475 return ecc_sets[i].name; 23570 23571 31476 } 31477 } 23572 31478 return NULL; 23573 31479 } 23574 31480 23575 int wolfSSL_OBJ_obj2nid(const WOLFSSL_ASN1_OBJECT *o) { 23576 (void)o; 31481 #endif /* HAVE_ECC */ 31482 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) 31483 int wolfSSL_OBJ_sn2nid(const char *sn) { 31484 31485 WOLFSSL_ENTER("wolfSSL_OBJ_sn2nid"); 31486 return OBJ_sn2nid(sn); 31487 } 31488 #endif 31489 31490 static int oid2nid(word32 oid, int grp) 31491 { 31492 /* get OID type */ 31493 switch (grp) { 31494 /* oidHashType */ 31495 case oidHashType: 31496 switch (oid) { 31497 #ifdef WOLFSSL_MD2 31498 case MD2h: 31499 return NID_md2; 31500 #endif 31501 #ifndef NO_MD5 31502 case MD5h: 31503 return NID_md5; 31504 #endif 31505 #ifndef NO_SHA 31506 case SHAh: 31507 return NID_sha1; 31508 #endif 31509 case SHA224h: 31510 return NID_sha224; 31511 #ifndef NO_SHA256 31512 case SHA256h: 31513 return NID_sha256; 31514 #endif 31515 #ifdef WOLFSSL_SHA384 31516 case SHA384h: 31517 return NID_sha384; 31518 #endif 31519 #ifdef WOLFSSL_SHA512 31520 case SHA512h: 31521 return NID_sha512; 31522 #endif 31523 } 31524 break; 31525 31526 /* oidSigType */ 31527 case oidSigType: 31528 switch (oid) { 31529 #ifndef NO_DSA 31530 case CTC_SHAwDSA: 31531 return CTC_SHAwDSA; 31532 #endif /* NO_DSA */ 31533 #ifndef NO_RSA 31534 case CTC_MD2wRSA: 31535 return CTC_MD2wRSA; 31536 case CTC_MD5wRSA: 31537 return CTC_MD5wRSA; 31538 case CTC_SHAwRSA: 31539 return CTC_SHAwRSA; 31540 case CTC_SHA224wRSA: 31541 return CTC_SHA224wRSA; 31542 case CTC_SHA256wRSA: 31543 return CTC_SHA256wRSA; 31544 case CTC_SHA384wRSA: 31545 return CTC_SHA384wRSA; 31546 case CTC_SHA512wRSA: 31547 return CTC_SHA512wRSA; 31548 #endif /* NO_RSA */ 31549 #ifdef HAVE_ECC 31550 case CTC_SHAwECDSA: 31551 return CTC_SHAwECDSA; 31552 case CTC_SHA224wECDSA: 31553 return CTC_SHA224wECDSA; 31554 case CTC_SHA256wECDSA: 31555 return CTC_SHA256wECDSA; 31556 case CTC_SHA384wECDSA: 31557 return CTC_SHA384wECDSA; 31558 case CTC_SHA512wECDSA: 31559 return CTC_SHA512wECDSA; 31560 #endif /* HAVE_ECC */ 31561 } 31562 break; 31563 31564 /* oidKeyType */ 31565 case oidKeyType: 31566 switch (oid) { 31567 #ifndef NO_DSA 31568 case DSAk: 31569 return DSAk; 31570 #endif /* NO_DSA */ 31571 #ifndef NO_RSA 31572 case RSAk: 31573 return RSAk; 31574 #endif /* NO_RSA */ 31575 #ifdef HAVE_NTRU 31576 case NTRUk: 31577 return NTRUk; 31578 #endif /* HAVE_NTRU */ 31579 #ifdef HAVE_ECC 31580 case ECDSAk: 31581 return ECDSAk; 31582 #endif /* HAVE_ECC */ 31583 } 31584 break; 31585 31586 /* oidBlkType */ 31587 case oidBlkType: 31588 switch (oid) { 31589 #ifdef WOLFSSL_AES_128 31590 case AES128CBCb: 31591 return AES128CBCb; 31592 #endif 31593 #ifdef WOLFSSL_AES_192 31594 case AES192CBCb: 31595 return AES192CBCb; 31596 #endif 31597 #ifdef WOLFSSL_AES_256 31598 case AES256CBCb: 31599 return AES256CBCb; 31600 #endif 31601 #ifndef NO_DES3 31602 case DESb: 31603 return NID_des; 31604 case DES3b: 31605 return NID_des3; 31606 #endif 31607 } 31608 break; 31609 31610 #ifdef HAVE_OCSP 31611 case oidOcspType: 31612 switch (oid) { 31613 case OCSP_BASIC_OID: 31614 return NID_id_pkix_OCSP_basic; 31615 case OCSP_NONCE_OID: 31616 return OCSP_NONCE_OID; 31617 } 31618 break; 31619 #endif /* HAVE_OCSP */ 31620 31621 /* oidCertExtType */ 31622 case oidCertExtType: 31623 switch (oid) { 31624 case BASIC_CA_OID: 31625 return BASIC_CA_OID; 31626 case ALT_NAMES_OID: 31627 return ALT_NAMES_OID; 31628 case CRL_DIST_OID: 31629 return CRL_DIST_OID; 31630 case AUTH_INFO_OID: 31631 return AUTH_INFO_OID; 31632 case AUTH_KEY_OID: 31633 return AUTH_KEY_OID; 31634 case SUBJ_KEY_OID: 31635 return SUBJ_KEY_OID; 31636 case INHIBIT_ANY_OID: 31637 return INHIBIT_ANY_OID; 31638 case KEY_USAGE_OID: 31639 return NID_ext_key_usage; 31640 case NAME_CONS_OID: 31641 return NID_name_constraints; 31642 case CERT_POLICY_OID: 31643 return NID_certificate_policies; 31644 } 31645 break; 31646 31647 /* oidCertAuthInfoType */ 31648 case oidCertAuthInfoType: 31649 switch (oid) { 31650 case AIA_OCSP_OID: 31651 return AIA_OCSP_OID; 31652 case AIA_CA_ISSUER_OID: 31653 return AIA_CA_ISSUER_OID; 31654 } 31655 break; 31656 31657 /* oidCertPolicyType */ 31658 case oidCertPolicyType: 31659 switch (oid) { 31660 case CP_ANY_OID: 31661 return NID_any_policy; 31662 } 31663 break; 31664 31665 /* oidCertAltNameType */ 31666 case oidCertAltNameType: 31667 switch (oid) { 31668 case HW_NAME_OID: 31669 return NID_hw_name_oid; 31670 } 31671 break; 31672 31673 /* oidCertKeyUseType */ 31674 case oidCertKeyUseType: 31675 switch (oid) { 31676 case EKU_ANY_OID: 31677 return NID_anyExtendedKeyUsage; 31678 case EKU_SERVER_AUTH_OID: 31679 return EKU_SERVER_AUTH_OID; 31680 case EKU_CLIENT_AUTH_OID: 31681 return EKU_CLIENT_AUTH_OID; 31682 case EKU_OCSP_SIGN_OID: 31683 return EKU_OCSP_SIGN_OID; 31684 } 31685 break; 31686 31687 /* oidKdfType */ 31688 case oidKdfType: 31689 switch (oid) { 31690 case PBKDF2_OID: 31691 return PBKDF2_OID; 31692 } 31693 break; 31694 31695 /* oidPBEType */ 31696 case oidPBEType: 31697 switch (oid) { 31698 case PBE_SHA1_RC4_128: 31699 return PBE_SHA1_RC4_128; 31700 case PBE_SHA1_DES: 31701 return PBE_SHA1_DES; 31702 case PBE_SHA1_DES3: 31703 return PBE_SHA1_DES3; 31704 } 31705 break; 31706 31707 /* oidKeyWrapType */ 31708 case oidKeyWrapType: 31709 switch (oid) { 31710 #ifdef WOLFSSL_AES_128 31711 case AES128_WRAP: 31712 return AES128_WRAP; 31713 #endif 31714 #ifdef WOLFSSL_AES_192 31715 case AES192_WRAP: 31716 return AES192_WRAP; 31717 #endif 31718 #ifdef WOLFSSL_AES_256 31719 case AES256_WRAP: 31720 return AES256_WRAP; 31721 #endif 31722 } 31723 break; 31724 31725 /* oidCmsKeyAgreeType */ 31726 case oidCmsKeyAgreeType: 31727 switch (oid) { 31728 #ifndef NO_SHA 31729 case dhSinglePass_stdDH_sha1kdf_scheme: 31730 return dhSinglePass_stdDH_sha1kdf_scheme; 31731 #endif 31732 #ifdef WOLFSSL_SHA224 31733 case dhSinglePass_stdDH_sha224kdf_scheme: 31734 return dhSinglePass_stdDH_sha224kdf_scheme; 31735 #endif 31736 #ifndef NO_SHA256 31737 case dhSinglePass_stdDH_sha256kdf_scheme: 31738 return dhSinglePass_stdDH_sha256kdf_scheme; 31739 #endif 31740 #ifdef WOLFSSL_SHA384 31741 case dhSinglePass_stdDH_sha384kdf_scheme: 31742 return dhSinglePass_stdDH_sha384kdf_scheme; 31743 #endif 31744 #ifdef WOLFSSL_SHA512 31745 case dhSinglePass_stdDH_sha512kdf_scheme: 31746 return dhSinglePass_stdDH_sha512kdf_scheme; 31747 #endif 31748 } 31749 break; 31750 31751 default: 31752 WOLFSSL_MSG("NID not in table"); 31753 return -1; 31754 } 31755 31756 return -1; 31757 } 31758 31759 /* Gets the NID value that corresponds with the ASN1 object. 31760 * 31761 * o ASN1 object to get NID of 31762 * 31763 * Return NID on success and a negative value on failure 31764 */ 31765 int wolfSSL_OBJ_obj2nid(const WOLFSSL_ASN1_OBJECT *o) 31766 { 31767 word32 oid = 0; 31768 word32 idx = 0; 31769 int id; 31770 23577 31771 WOLFSSL_ENTER("wolfSSL_OBJ_obj2nid"); 23578 WOLFSSL_STUB("wolfSSL_OBJ_obj2nid"); 31772 31773 if (o == NULL) { 31774 return -1; 31775 } 31776 if (o->nid > 0) 31777 return o->nid; 31778 if ((id = GetObjectId(o->obj, &idx, &oid, o->grp, o->objSz)) < 0) { 31779 WOLFSSL_MSG("Issue getting OID of object"); 31780 return -1; 31781 } 31782 31783 return oid2nid(oid, o->grp); 31784 } 31785 31786 #ifndef NO_WOLFSSL_STUB 31787 char * wolfSSL_OBJ_nid2ln(int n) 31788 { 31789 (void)n; 31790 WOLFSSL_ENTER("wolfSSL_OBJ_nid2ln"); 31791 WOLFSSL_STUB("OBJ_nid2ln"); 31792 31793 return NULL; 31794 } 31795 #endif 31796 31797 #ifndef NO_WOLFSSL_STUB 31798 int wolfSSL_OBJ_txt2nid(const char* s) 31799 { 31800 (void)s; 31801 WOLFSSL_STUB("OBJ_txt2nid"); 23579 31802 23580 31803 return 0; 23581 } 23582 23583 int wolfSSL_OBJ_sn2nid(const char *sn) { 23584 int i; 23585 WOLFSSL_ENTER("wolfSSL_OBJ_osn2nid"); 23586 23587 /* Nginx uses this OpenSSL string. */ 23588 if (XSTRNCMP(sn, "prime256v1", 10) == 0) 23589 sn = "SECP256R1"; 23590 if (XSTRNCMP(sn, "secp384r1", 10) == 0) 23591 sn = "SECP384R1"; 23592 /* find based on name and return NID */ 23593 for (i = 0; i < ecc_sets[i].size; i++) { 23594 if (XSTRNCMP(sn, ecc_sets[i].name, ECC_MAXNAME) == 0) { 23595 return ecc_sets[i].id; 23596 } 23597 } 23598 return -1; 23599 } 23600 #endif /* HAVE_ECC */ 23601 23602 23603 void wolfSSL_CTX_set_verify_depth(WOLFSSL_CTX *ctx, int depth) { 23604 WOLFSSL_ENTER("wolfSSL_CTX_set_verify_depth"); 23605 #ifndef OPENSSL_EXTRA 23606 (void)ctx; 23607 (void)depth; 23608 WOLFSSL_STUB("wolfSSL_CTX_set_verify_depth"); 23609 #else 23610 ctx->verifyDepth = depth; 23611 #endif 23612 } 23613 31804 } 31805 #endif 31806 31807 /* compatibility function. It's intended use is to remove OID's from an 31808 * internal table that have been added with OBJ_create. wolfSSL manages it's 31809 * own interenal OID values and does not currently support OBJ_create. */ 31810 void wolfSSL_OBJ_cleanup(void) 31811 { 31812 WOLFSSL_ENTER("wolfSSL_OBJ_cleanup()"); 31813 } 31814 31815 31816 #ifndef NO_WOLFSSL_STUB 23614 31817 void wolfSSL_set_verify_depth(WOLFSSL *ssl, int depth) { 23615 31818 WOLFSSL_ENTER("wolfSSL_set_verify_depth"); … … 23619 31822 WOLFSSL_STUB("wolfSSL_set_verify_depth"); 23620 31823 #else 23621 ssl->options.verifyDepth = depth; 23622 #endif 23623 } 23624 23625 void* wolfSSL_get_app_data( const WOLFSSL *ssl) { 23626 /* checkout exdata stuff... */ 23627 return wolfSSL_get_ex_data(ssl,0); 23628 } 23629 23630 int wolfSSL_set_app_data(WOLFSSL *ssl, void *arg) { 23631 return wolfSSL_set_ex_data(ssl,0,(char *)arg); 23632 } 31824 ssl->options.verifyDepth = (byte)depth; 31825 #endif 31826 } 31827 #endif 31828 23633 31829 23634 31830 WOLFSSL_ASN1_OBJECT * wolfSSL_X509_NAME_ENTRY_get_object(WOLFSSL_X509_NAME_ENTRY *ne) { 23635 (void)ne;23636 31831 WOLFSSL_ENTER("wolfSSL_X509_NAME_ENTRY_get_object"); 23637 WOLFSSL_STUB("wolfSSL_X509_NAME_ENTRY_get_object"); 23638 23639 return NULL; 23640 } 31832 if (ne == NULL) return NULL; 31833 wolfSSL_OBJ_nid2obj_ex(ne->nid, &ne->object); 31834 ne->object.nid = ne->nid; 31835 return &ne->object; 31836 } 31837 31838 static WOLFSSL_X509_NAME *get_nameByLoc( WOLFSSL_X509_NAME *name, int loc) 31839 { 31840 switch (loc) 31841 { 31842 case 0: 31843 name->cnEntry.value->length = name->fullName.cnLen; 31844 name->cnEntry.value->data = &name->fullName.fullName[name->fullName.cnIdx]; 31845 name->cnEntry.nid = name->fullName.cnNid; 31846 break; 31847 case 1: 31848 name->cnEntry.value->length = name->fullName.cLen; 31849 name->cnEntry.value->data = &name->fullName.fullName[name->fullName.cIdx]; 31850 name->cnEntry.nid = name->fullName.cNid; 31851 break; 31852 case 2: 31853 name->cnEntry.value->length = name->fullName.lLen; 31854 name->cnEntry.value->data = &name->fullName.fullName[name->fullName.lIdx]; 31855 name->cnEntry.nid = name->fullName.lNid; 31856 break; 31857 case 3: 31858 name->cnEntry.value->length = name->fullName.stLen; 31859 name->cnEntry.value->data = &name->fullName.fullName[name->fullName.stIdx]; 31860 name->cnEntry.nid = name->fullName.stNid; 31861 break; 31862 case 4: 31863 name->cnEntry.value->length = name->fullName.oLen; 31864 name->cnEntry.value->data = &name->fullName.fullName[name->fullName.oIdx]; 31865 name->cnEntry.nid = name->fullName.oNid; 31866 break; 31867 case 5: 31868 name->cnEntry.value->length = name->fullName.ouLen; 31869 name->cnEntry.value->data = &name->fullName.fullName[name->fullName.ouIdx]; 31870 name->cnEntry.nid = name->fullName.ouNid; 31871 break; 31872 case 6: 31873 name->cnEntry.value->length = name->fullName.emailLen; 31874 name->cnEntry.value->data = &name->fullName.fullName[name->fullName.emailIdx]; 31875 name->cnEntry.nid = name->fullName.emailNid; 31876 break; 31877 case 7: 31878 name->cnEntry.value->length = name->fullName.snLen; 31879 name->cnEntry.value->data = &name->fullName.fullName[name->fullName.snIdx]; 31880 name->cnEntry.nid = name->fullName.snNid; 31881 break; 31882 case 8: 31883 name->cnEntry.value->length = name->fullName.uidLen; 31884 name->cnEntry.value->data = &name->fullName.fullName[name->fullName.uidIdx]; 31885 name->cnEntry.nid = name->fullName.uidNid; 31886 break; 31887 case 9: 31888 name->cnEntry.value->length = name->fullName.serialLen; 31889 name->cnEntry.value->data = &name->fullName.fullName[name->fullName.serialIdx]; 31890 name->cnEntry.nid = name->fullName.serialNid; 31891 break; 31892 default: 31893 return NULL; 31894 } 31895 if (name->cnEntry.value->length == 0) 31896 return NULL; 31897 name->cnEntry.value->type = CTC_UTF8; 31898 return name; 31899 } 31900 23641 31901 23642 31902 WOLFSSL_X509_NAME_ENTRY *wolfSSL_X509_NAME_get_entry( 23643 WOLFSSL_X509_NAME *name, int loc) { 23644 23645 int maxLoc = name->fullName.fullNameLen; 23646 31903 WOLFSSL_X509_NAME *name, int loc) 31904 { 23647 31905 WOLFSSL_ENTER("wolfSSL_X509_NAME_get_entry"); 23648 31906 23649 if (loc < 0 || loc > maxLoc) { 31907 if (name == NULL) { 31908 return NULL; 31909 } 31910 31911 if (loc < 0 || loc > 9 + name->fullName.dcNum) { 23650 31912 WOLFSSL_MSG("Bad argument"); 23651 31913 return NULL; 23652 31914 } 23653 31915 23654 /* common name index case */ 23655 if (loc == name->fullName.cnIdx) { 31916 if (loc >= 0 && loc <= 9){ 31917 if (get_nameByLoc(name, loc) != NULL) 31918 return &name->cnEntry; 31919 } 31920 31921 /* DC component */ 31922 if (name->fullName.dcMode){ 31923 if (name->fullName.fullName != NULL){ 31924 if (loc == name->fullName.dcNum){ 31925 name->cnEntry.data.data = &name->fullName.fullName[name->fullName.cIdx]; 31926 name->cnEntry.data.length = name->fullName.cLen; 31927 name->cnEntry.nid = ASN_COUNTRY_NAME; 31928 } else { 31929 name->cnEntry.data.data = &name->fullName.fullName[name->fullName.dcIdx[loc]]; 31930 name->cnEntry.data.length = name->fullName.dcLen[loc]; 31931 name->cnEntry.nid = ASN_DOMAIN_COMPONENT; 31932 } 31933 } 31934 name->cnEntry.data.type = CTC_UTF8; 31935 name->cnEntry.set = 1; 31936 31937 /* common name index case */ 31938 } else if (loc == name->fullName.cnIdx && name->x509 != NULL) { 23656 31939 /* get CN shortcut from x509 since it has null terminator */ 23657 31940 name->cnEntry.data.data = name->x509->subjectCN; 23658 31941 name->cnEntry.data.length = name->fullName.cnLen; 23659 name->cnEntry.data.type = ASN_COMMON_NAME; 23660 name->cnEntry.set = 1; 23661 return &(name->cnEntry); 23662 } 23663 23664 /* additionall cases to check for go here */ 23665 23666 WOLFSSL_MSG("Entry not found or implemented"); 23667 (void)name; 23668 (void)loc; 23669 23670 return NULL; 23671 } 23672 31942 name->cnEntry.data.type = CTC_UTF8; 31943 name->cnEntry.nid = ASN_COMMON_NAME; 31944 name->cnEntry.set = 1; 31945 } 31946 else 31947 return NULL; 31948 31949 return &name->cnEntry; 31950 } 31951 31952 #ifndef NO_WOLFSSL_STUB 23673 31953 void wolfSSL_sk_X509_NAME_pop_free(WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk, void f (WOLFSSL_X509_NAME*)){ 23674 31954 (void) sk; 23675 31955 (void) f; 23676 31956 WOLFSSL_ENTER("wolfSSL_sk_X509_NAME_pop_free"); 23677 WOLFSSL_STUB("wolfSSL_sk_X509_NAME_pop_free"); 23678 } 23679 31957 WOLFSSL_STUB("sk_X509_NAME_pop_free"); 31958 } 31959 #endif 31960 #ifndef NO_WOLFSSL_STUB 23680 31961 int wolfSSL_X509_check_private_key(WOLFSSL_X509 *x509, WOLFSSL_EVP_PKEY *key){ 23681 31962 (void) x509; 23682 31963 (void) key; 23683 31964 WOLFSSL_ENTER("wolfSSL_X509_check_private_key"); 23684 WOLFSSL_STUB(" wolfSSL_X509_check_private_key");31965 WOLFSSL_STUB("X509_check_private_key"); 23685 31966 23686 31967 return WOLFSSL_SUCCESS; … … 23690 31971 (void) sk; 23691 31972 WOLFSSL_ENTER("wolfSSL_dup_CA_list"); 23692 WOLFSSL_STUB(" wolfSSL_dup_CA_list");31973 WOLFSSL_STUB("SSL_dup_CA_list"); 23693 31974 23694 31975 return NULL; 23695 } 23696 23697 #endif /* HAVE_LIGHTY || WOLFSSL_MYSQL_COMPATIBLE || HAVE_STUNNEL || WOLFSSL_NGINX || HAVE_POCO_LIB || WOLFSSL_HAPROXY */ 31976 } 31977 #endif 31978 31979 #endif /* OPENSSL_ALL || HAVE_LIGHTY || WOLFSSL_MYSQL_COMPATIBLE || HAVE_STUNNEL || WOLFSSL_NGINX || HAVE_POCO_LIB || WOLFSSL_HAPROXY */ 23698 31980 #endif /* OPENSSL_EXTRA */ 23699 23700 31981 23701 31982 #ifdef OPENSSL_EXTRA … … 23710 31991 (void)line; 23711 31992 (void)file; 23712 #if defined( WOLFSSL_NGINX) || defined(DEBUG_WOLFSSL) || defined(WOLFSSL_HAPROXY)31993 #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(DEBUG_WOLFSSL) || defined(WOLFSSL_HAPROXY) 23713 31994 { 23714 31995 int ret; … … 23717 31998 WOLFSSL_MSG("Issue peeking at error node in queue"); 23718 31999 return 0; 23719 23720 #if def WOLFSSL_NGINX23721 if (ret == - SSL_NO_PEM_HEADER)32000 } 32001 #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) 32002 if (ret == -ASN_NO_PEM_HEADER) 23722 32003 return (ERR_LIB_PEM << 24) | PEM_R_NO_START_LINE; 23723 32004 #endif … … 23727 32008 return (unsigned long)(0 - NOT_COMPILED_IN); 23728 32009 #endif 23729 }32010 } 23730 32011 23731 32012 … … 23739 32020 } 23740 32021 23741 return wolfSSL_CTX_use_PrivateKey_buffer(ctx, 32022 if (pkey->pkey.ptr != NULL) { 32023 /* ptr for WOLFSSL_EVP_PKEY struct is expected to be DER format */ 32024 return wolfSSL_CTX_use_PrivateKey_buffer(ctx, 23742 32025 (const unsigned char*)pkey->pkey.ptr, 23743 pkey->pkey_sz, PRIVATEKEY_TYPE); 23744 } 32026 pkey->pkey_sz, SSL_FILETYPE_ASN1); 32027 } 32028 32029 WOLFSSL_MSG("wolfSSL private key not set"); 32030 return BAD_FUNC_ARG; 32031 } 23745 32032 #endif /* !NO_CERTS */ 23746 32033 … … 23752 32039 if(ctx != NULL && idx < MAX_EX_DATA && idx >= 0) { 23753 32040 return ctx->ex_data[idx]; 23754 32041 } 23755 32042 #else 23756 32043 (void)ctx; … … 23776 32063 23777 32064 32065 /* Return the index that can be used for the WOLFSSL structure to store 32066 * application data. 32067 * 32068 */ 32069 int wolfSSL_get_ex_new_index(long argValue, void* arg, 32070 WOLFSSL_CRYPTO_EX_new* cb1, WOLFSSL_CRYPTO_EX_dup* cb2, 32071 WOLFSSL_CRYPTO_EX_free* cb3) 32072 { 32073 static int ssl_idx = 0; 32074 32075 WOLFSSL_ENTER("wolfSSL_get_ex_new_index"); 32076 32077 (void)argValue; 32078 (void)arg; 32079 (void)cb1; 32080 (void)cb2; 32081 (void)cb3; 32082 32083 return ssl_idx++; 32084 } 32085 32086 23778 32087 int wolfSSL_CTX_set_ex_data(WOLFSSL_CTX* ctx, int idx, void* data) 23779 32088 { … … 23794 32103 23795 32104 32105 /* Returns char* to app data stored in ex[0]. 32106 * 32107 * ssl WOLFSSL structure to get app data from 32108 */ 32109 void* wolfSSL_get_app_data(const WOLFSSL *ssl) 32110 { 32111 /* checkout exdata stuff... */ 32112 WOLFSSL_ENTER("wolfSSL_get_app_data"); 32113 32114 return wolfSSL_get_ex_data(ssl, 0); 32115 } 32116 32117 32118 /* Set ex array 0 to have app data 32119 * 32120 * ssl WOLFSSL struct to set app data in 32121 * arg data to be stored 32122 * 32123 * Returns SSL_SUCCESS on sucess and SSL_FAILURE on failure 32124 */ 32125 int wolfSSL_set_app_data(WOLFSSL *ssl, void* arg) { 32126 WOLFSSL_ENTER("wolfSSL_set_app_data"); 32127 32128 return wolfSSL_set_ex_data(ssl, 0, arg); 32129 } 32130 32131 23796 32132 int wolfSSL_set_ex_data(WOLFSSL* ssl, int idx, void* data) 23797 32133 { … … 23804 32140 } 23805 32141 #else 32142 WOLFSSL_MSG("HAVE_EX_DATA macro is not defined"); 23806 32143 (void)ssl; 23807 32144 (void)idx; … … 23811 32148 } 23812 32149 23813 23814 int wolfSSL_get_ex_new_index(long idx, void* data, void* cb1, void* cb2,23815 void* cb3)23816 {23817 static int ssl_idx = 0;23818 23819 WOLFSSL_ENTER("wolfSSL_get_ex_new_index");23820 (void)idx;23821 (void)data;23822 (void)cb1;23823 (void)cb2;23824 (void)cb3;23825 23826 return ssl_idx++;23827 }23828 32150 23829 32151 … … 23835 32157 return ssl->ex_data[idx]; 23836 32158 #else 32159 WOLFSSL_MSG("HAVE_EX_DATA macro is not defined"); 23837 32160 (void)ssl; 23838 32161 (void)idx; … … 23844 32167 WOLFSSL_DSA *wolfSSL_PEM_read_bio_DSAparams(WOLFSSL_BIO *bp, WOLFSSL_DSA **x, 23845 32168 pem_password_cb *cb, void *u) 23846 {32169 { 23847 32170 WOLFSSL_DSA* dsa; 23848 32171 DsaKey* key; … … 23860 32183 WOLFSSL_LEAVE("wolfSSL_PEM_read_bio_DSAparams", ret); 23861 32184 return NULL; 23862 }32185 } 23863 32186 23864 32187 bufSz = (word32)ret; … … 23870 32193 */ 23871 32194 WOLFSSL_MSG("Not yet supporting call back or password for encrypted PEM"); 23872 32195 } 23873 32196 23874 32197 if ((ret = PemToDer(buf, (long)bufSz, DSA_PARAM_TYPE, &pDer, NULL, NULL, … … 23906 32229 wolfSSL_DSA_free(dsa); 23907 32230 return NULL; 23908 32231 } 23909 32232 23910 32233 if (SetIndividualExternal(&dsa->p, &key->p) != WOLFSSL_SUCCESS) { … … 23926 32249 FreeDer(&pDer); 23927 32250 wolfSSL_DSA_free(dsa); 23928 23929 32251 return NULL; 32252 } 23930 32253 23931 32254 if (x != NULL) { … … 23941 32264 #include "src/bio.c" 23942 32265 32266 /* Begin functions for openssl/buffer.h */ 32267 WOLFSSL_BUF_MEM* wolfSSL_BUF_MEM_new(void) 32268 { 32269 WOLFSSL_BUF_MEM* buf; 32270 buf = (WOLFSSL_BUF_MEM*)XMALLOC(sizeof(WOLFSSL_BUF_MEM), NULL, 32271 DYNAMIC_TYPE_OPENSSL); 32272 if (buf) { 32273 XMEMSET(buf, 0, sizeof(WOLFSSL_BUF_MEM)); 32274 } 32275 return buf; 32276 } 32277 32278 32279 /* returns length of buffer on success */ 32280 int wolfSSL_BUF_MEM_grow(WOLFSSL_BUF_MEM* buf, size_t len) 32281 { 32282 int len_int = (int)len; 32283 int mx; 32284 32285 /* verify provided arguments */ 32286 if (buf == NULL || len_int < 0) { 32287 return 0; /* BAD_FUNC_ARG; */ 32288 } 32289 32290 /* check to see if fits in existing length */ 32291 if (buf->length > len) { 32292 buf->length = len; 32293 return len_int; 32294 } 32295 32296 /* check to see if fits in max buffer */ 32297 if (buf->max >= len) { 32298 if (buf->data != NULL) { 32299 XMEMSET(&buf->data[buf->length], 0, len - buf->length); 32300 } 32301 buf->length = len; 32302 return len_int; 32303 } 32304 32305 /* expand size, to handle growth */ 32306 mx = (len_int + 3) / 3 * 4; 32307 32308 /* use realloc */ 32309 buf->data = (char*)XREALLOC(buf->data, mx, NULL, DYNAMIC_TYPE_TMP_BUFFER); 32310 if (buf->data == NULL) { 32311 return 0; /* ERR_R_MALLOC_FAILURE; */ 32312 } 32313 32314 buf->max = mx; 32315 XMEMSET(&buf->data[buf->length], 0, len - buf->length); 32316 buf->length = len; 32317 32318 return len_int; 32319 } 32320 32321 void wolfSSL_BUF_MEM_free(WOLFSSL_BUF_MEM* buf) 32322 { 32323 if (buf) { 32324 if (buf->data) { 32325 XFREE(buf->data, NULL, DYNAMIC_TYPE_TMP_BUFFER); 32326 buf->data = NULL; 32327 } 32328 buf->max = 0; 32329 buf->length = 0; 32330 XFREE(buf, NULL, DYNAMIC_TYPE_OPENSSL); 32331 } 32332 } 32333 /* End Functions for openssl/buffer.h */ 32334 23943 32335 #endif /* OPENSSL_EXTRA */ 23944 32336 23945 32337 23946 32338 #if defined(HAVE_LIGHTY) || defined(HAVE_STUNNEL) \ 23947 || defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(OPENSSL_EXTRA) || defined(WOLFSSL_HAPROXY) 23948 char * wolfSSL_OBJ_nid2ln(int n) { 23949 (void)n; 23950 WOLFSSL_ENTER("wolfSSL_OBJ_nid2ln"); 23951 WOLFSSL_STUB("wolfSSL_OBJ_nid2ln"); 23952 23953 return NULL; 23954 } 23955 23956 int wolfSSL_OBJ_txt2nid(const char* s) { 23957 (void)s; 23958 WOLFSSL_ENTER("wolfSSL_OBJ_txt2nid"); 23959 WOLFSSL_STUB("wolfSSL_OBJ_txt2nid"); 23960 23961 return 0; 23962 } 23963 32339 || defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(OPENSSL_EXTRA) 23964 32340 23965 32341 WOLFSSL_BIO *wolfSSL_BIO_new_file(const char *filename, const char *mode) … … 23972 32348 23973 32349 fp = XFOPEN(filename, mode); 23974 if (fp == NULL)23975 32350 if (fp == XBADFILE) 32351 return NULL; 23976 32352 23977 32353 bio = wolfSSL_BIO_new(wolfSSL_BIO_s_file()); … … 23979 32355 XFCLOSE(fp); 23980 32356 return bio; 23981 32357 } 23982 32358 23983 32359 if (wolfSSL_BIO_set_fp(bio, fp, BIO_CLOSE) != WOLFSSL_SUCCESS) { … … 23985 32361 wolfSSL_BIO_free(bio); 23986 32362 bio = NULL; 23987 32363 } 23988 32364 23989 32365 /* file is closed when BIO is free'd */ … … 23993 32369 (void)mode; 23994 32370 return NULL; 23995 #endif 32371 #endif /* NO_FILESYSTEM */ 23996 32372 } 23997 32373 … … 24020 32396 if (bio == NULL) { 24021 32397 WOLFSSL_MSG("Bad Function Argument bio is NULL"); 24022 24023 24024 24025 if (bio->type == BIO_MEMORY) {32398 return NULL; 32399 } 32400 32401 if (bio->type == WOLFSSL_BIO_MEMORY) { 24026 32402 /* Use the buffer directly. */ 24027 32403 ret = wolfSSL_BIO_get_mem_data(bio, &mem); … … 24032 32408 size = ret; 24033 32409 } 24034 else if (bio->type == BIO_FILE) {32410 else if (bio->type == WOLFSSL_BIO_FILE) { 24035 32411 /* Read whole file into a new buffer. */ 24036 XFSEEK(bio->file, 0, SEEK_END); 32412 if(XFSEEK(bio->file, 0, SEEK_END) != 0) 32413 goto end; 24037 32414 sz = XFTELL(bio->file); 24038 XFSEEK(bio->file, 0, SEEK_SET); 32415 if(XFSEEK(bio->file, 0, SEEK_SET) != 0) 32416 goto end; 24039 32417 if (sz <= 0L) 24040 32418 goto end; … … 24051 32429 WOLFSSL_MSG("BIO type not supported for reading DH parameters"); 24052 32430 goto end; 24053 32431 } 24054 32432 24055 32433 ret = PemToDer(mem, size, DH_PARAM_TYPE, &der, NULL, NULL, NULL); … … 24066 32444 goto end; 24067 32445 XMEMSET(localDh, 0, sizeof(WOLFSSL_DH)); 24068 32446 } 24069 32447 24070 32448 /* Load data in manually */ … … 24119 32497 #endif 24120 32498 32499 #ifdef WOLFSSL_CERT_GEN 32500 32501 #ifdef WOLFSSL_CERT_REQ 32502 /* writes the x509 from x to the WOLFSSL_BIO bp 32503 * 32504 * returns WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on fail 32505 */ 32506 int wolfSSL_PEM_write_bio_X509_REQ(WOLFSSL_BIO *bp, WOLFSSL_X509 *x) 32507 { 32508 byte* pem; 32509 int pemSz = 0; 32510 const unsigned char* der; 32511 int derSz; 32512 int ret; 32513 32514 WOLFSSL_ENTER("wolfSSL_PEM_write_bio_X509_REQ()"); 32515 32516 if (x == NULL || bp == NULL) { 32517 return WOLFSSL_FAILURE; 32518 } 32519 32520 der = wolfSSL_X509_get_der(x, &derSz); 32521 if (der == NULL) { 32522 return WOLFSSL_FAILURE; 32523 } 32524 32525 /* get PEM size */ 32526 pemSz = wc_DerToPemEx(der, derSz, NULL, 0, NULL, CERTREQ_TYPE); 32527 if (pemSz < 0) { 32528 return WOLFSSL_FAILURE; 32529 } 32530 32531 /* create PEM buffer and convert from DER */ 32532 pem = (byte*)XMALLOC(pemSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); 32533 if (pem == NULL) { 32534 return WOLFSSL_FAILURE; 32535 } 32536 if (wc_DerToPemEx(der, derSz, pem, pemSz, NULL, CERTREQ_TYPE) < 0) { 32537 XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); 32538 return WOLFSSL_FAILURE; 32539 } 32540 32541 /* write the PEM to BIO */ 32542 ret = wolfSSL_BIO_write(bp, pem, pemSz); 32543 XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); 32544 32545 if (ret <= 0) return WOLFSSL_FAILURE; 32546 return WOLFSSL_SUCCESS; 32547 } 32548 #endif /* WOLFSSL_CERT_REQ */ 32549 32550 32551 /* writes the x509 from x to the WOLFSSL_BIO bp 32552 * 32553 * returns WOLFSSL_SUCCESS on success and WOLFSSL_FAILURE on fail 32554 */ 32555 int wolfSSL_PEM_write_bio_X509_AUX(WOLFSSL_BIO *bp, WOLFSSL_X509 *x) 32556 { 32557 byte* pem; 32558 int pemSz = 0; 32559 const unsigned char* der; 32560 int derSz; 32561 int ret; 32562 32563 WOLFSSL_ENTER("wolfSSL_PEM_write_bio_X509_AUX()"); 32564 32565 if (bp == NULL || x == NULL) { 32566 WOLFSSL_MSG("NULL argument passed in"); 32567 return WOLFSSL_FAILURE; 32568 } 32569 32570 der = wolfSSL_X509_get_der(x, &derSz); 32571 if (der == NULL) { 32572 return WOLFSSL_FAILURE; 32573 } 32574 32575 /* get PEM size */ 32576 pemSz = wc_DerToPemEx(der, derSz, NULL, 0, NULL, CERT_TYPE); 32577 if (pemSz < 0) { 32578 return WOLFSSL_FAILURE; 32579 } 32580 32581 /* create PEM buffer and convert from DER */ 32582 pem = (byte*)XMALLOC(pemSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); 32583 if (pem == NULL) { 32584 return WOLFSSL_FAILURE; 32585 } 32586 if (wc_DerToPemEx(der, derSz, pem, pemSz, NULL, CERT_TYPE) < 0) { 32587 XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); 32588 return WOLFSSL_FAILURE; 32589 } 32590 32591 /* write the PEM to BIO */ 32592 ret = wolfSSL_BIO_write(bp, pem, pemSz); 32593 XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); 32594 32595 if (ret <= 0) return WOLFSSL_FAILURE; 32596 return WOLFSSL_SUCCESS; 32597 } 32598 #endif /* WOLFSSL_CERT_GEN */ 24121 32599 24122 32600 int wolfSSL_PEM_write_bio_X509(WOLFSSL_BIO *bio, WOLFSSL_X509 *cert) 24123 32601 { 24124 byte* certDer; 32602 byte* pem; 32603 int pemSz = 0; 32604 const unsigned char* der; 24125 32605 int derSz; 24126 int pemSz;24127 32606 int ret; 24128 32607 24129 WOLFSSL_ENTER("wolfSSL_PEM_write_bio_X509 ");32608 WOLFSSL_ENTER("wolfSSL_PEM_write_bio_X509_AUX()"); 24130 32609 24131 32610 if (bio == NULL || cert == NULL) { 32611 WOLFSSL_MSG("NULL argument passed in"); 24132 32612 return WOLFSSL_FAILURE; 24133 24134 24135 if (bio->type != BIO_MEMORY) {24136 WOLFSSL_MSG("BIO type not supported for writing X509 as PEM");32613 } 32614 32615 der = wolfSSL_X509_get_der(cert, &derSz); 32616 if (der == NULL) { 24137 32617 return WOLFSSL_FAILURE; 24138 32618 } 24139 32619 24140 certDer = cert->derCert->buffer; 24141 derSz = cert->derCert->length; 24142 24143 /* Get PEM encoded length and allocate memory for it. */ 24144 pemSz = wc_DerToPem(certDer, derSz, NULL, 0, CERT_TYPE); 32620 /* get PEM size */ 32621 pemSz = wc_DerToPemEx(der, derSz, NULL, 0, NULL, CERT_TYPE); 24145 32622 if (pemSz < 0) { 24146 WOLFSSL_LEAVE("wolfSSL_PEM_write_bio_X509", pemSz);24147 32623 return WOLFSSL_FAILURE; 24148 32624 } 24149 if (bio->mem != NULL) { 24150 XFREE(bio->mem, NULL, DYNAMIC_TYPE_OPENSSL); 24151 } 24152 bio->mem = (byte*)XMALLOC(pemSz, NULL, DYNAMIC_TYPE_OPENSSL); 24153 if (bio->mem == NULL) { 32625 32626 /* create PEM buffer and convert from DER */ 32627 pem = (byte*)XMALLOC(pemSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); 32628 if (pem == NULL) { 24154 32629 return WOLFSSL_FAILURE; 24155 32630 } 24156 bio->memLen = pemSz; 24157 24158 ret = wc_DerToPemEx(certDer, derSz, bio->mem, bio->memLen, NULL, CERT_TYPE); 24159 if (ret < 0) { 24160 WOLFSSL_LEAVE("wolfSSL_PEM_write_bio_X509", ret); 32631 if (wc_DerToPemEx(der, derSz, pem, pemSz, NULL, CERT_TYPE) < 0) { 32632 XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); 24161 32633 return WOLFSSL_FAILURE; 24162 } 24163 32634 } 32635 32636 /* write the PEM to BIO */ 32637 ret = wolfSSL_BIO_write(bio, pem, pemSz); 32638 XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); 32639 32640 if (ret <= 0) return WOLFSSL_FAILURE; 24164 32641 return WOLFSSL_SUCCESS; 24165 32642 } … … 24194 32671 XFREE(p, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY); 24195 32672 return MEMORY_E; 24196 32673 } 24197 32674 24198 32675 pSz = wolfSSL_BN_bn2bin(dh->p, p); … … 24208 32685 } 24209 32686 #endif /* OPENSSL_EXTRA && !NO_DH */ 24210 #endif /* HAVE_LIGHTY || HAVE_STUNNEL || WOLFSSL_MYSQL_COMPATIBLE || WOLFSSL_HAPROXY */ 32687 32688 32689 /* returns the enum value associated with handshake state 32690 * 32691 * ssl the WOLFSSL structure to get state of 32692 */ 32693 int wolfSSL_get_state(const WOLFSSL* ssl) 32694 { 32695 WOLFSSL_ENTER("wolfSSL_get_state"); 32696 32697 if (ssl == NULL) { 32698 WOLFSSL_MSG("Null argument passed in"); 32699 return SSL_FAILURE; 32700 } 32701 32702 return ssl->options.handShakeState; 32703 } 32704 #endif /* HAVE_LIGHTY || HAVE_STUNNEL || WOLFSSL_MYSQL_COMPATIBLE */ 32705 32706 #if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) 32707 32708 /* Returns the verifyCallback from the ssl structure if successful. 32709 Returns NULL otherwise. */ 32710 VerifyCallback wolfSSL_get_verify_callback(WOLFSSL* ssl) 32711 { 32712 WOLFSSL_ENTER("wolfSSL_get_verify_callback()"); 32713 if (ssl) { 32714 return ssl->verifyCallback; 32715 } 32716 return NULL; 32717 } 32718 32719 /* Creates a new bio pair. 32720 Returns WOLFSSL_SUCCESS if no error, WOLFSSL_FAILURE otherwise.*/ 32721 int wolfSSL_BIO_new_bio_pair(WOLFSSL_BIO **bio1_p, size_t writebuf1, 32722 WOLFSSL_BIO **bio2_p, size_t writebuf2) 32723 { 32724 WOLFSSL_BIO *bio1 = NULL, *bio2 = NULL; 32725 int ret = 1; 32726 32727 WOLFSSL_ENTER("wolfSSL_BIO_new_bio_pair()"); 32728 32729 if (bio1_p == NULL || bio2_p == NULL) { 32730 WOLFSSL_MSG("Bad Function Argument"); 32731 return BAD_FUNC_ARG; 32732 } 32733 32734 /* set up the new bio structures and write buf sizes */ 32735 if ((bio1 = wolfSSL_BIO_new(wolfSSL_BIO_s_bio())) == NULL) { 32736 WOLFSSL_MSG("Bio allocation failed"); 32737 ret = WOLFSSL_FAILURE; 32738 } 32739 if (ret) { 32740 if ((bio2 = wolfSSL_BIO_new(wolfSSL_BIO_s_bio())) == NULL) { 32741 WOLFSSL_MSG("Bio allocation failed"); 32742 ret = WOLFSSL_FAILURE; 32743 } 32744 } 32745 if (ret && writebuf1) { 32746 if (!(ret = wolfSSL_BIO_set_write_buf_size(bio1, writebuf1))) { 32747 WOLFSSL_MSG("wolfSSL_BIO_set_write_buf() failure"); 32748 } 32749 } 32750 if (ret && writebuf2) { 32751 if (!(ret = wolfSSL_BIO_set_write_buf_size(bio2, writebuf2))) { 32752 WOLFSSL_MSG("wolfSSL_BIO_set_write_buf() failure"); 32753 } 32754 } 32755 32756 if (ret) { 32757 if ((ret = wolfSSL_BIO_make_bio_pair(bio1, bio2))) { 32758 *bio1_p = bio1; 32759 *bio2_p = bio2; 32760 } 32761 } 32762 if (!ret) { 32763 wolfSSL_BIO_free(bio1); 32764 bio1 = NULL; 32765 wolfSSL_BIO_free(bio2); 32766 bio2 = NULL; 32767 } 32768 return ret; 32769 } 32770 32771 32772 #if !defined(NO_RSA) 32773 /* Converts an rsa key from a bio buffer into an internal rsa structure. 32774 Returns a pointer to the new WOLFSSL_RSA structure. */ 32775 WOLFSSL_RSA* wolfSSL_d2i_RSAPrivateKey_bio(WOLFSSL_BIO *bio, WOLFSSL_RSA **out) 32776 { 32777 const unsigned char* bioMem = NULL; 32778 int bioMemSz = 0; 32779 WOLFSSL_RSA* key = NULL; 32780 unsigned char maxKeyBuf[4096]; 32781 unsigned char* bufPtr = NULL; 32782 unsigned char* extraBioMem = NULL; 32783 int extraBioMemSz = 0; 32784 int derLength = 0; 32785 int j = 0, i = 0; 32786 32787 WOLFSSL_ENTER("wolfSSL_d2i_RSAPrivateKey_bio()"); 32788 32789 if (bio == NULL) { 32790 WOLFSSL_MSG("Bad Function Argument"); 32791 return NULL; 32792 } 32793 (void)out; 32794 32795 bioMemSz = wolfSSL_BIO_pending(bio); 32796 if (bioMemSz <= 0) { 32797 WOLFSSL_MSG("wolfSSL_BIO_pending() failure"); 32798 return NULL; 32799 } 32800 32801 bioMem = (unsigned char*)XMALLOC(bioMemSz, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); 32802 if (bioMem == NULL) { 32803 WOLFSSL_MSG("Malloc failure"); 32804 return NULL; 32805 } 32806 32807 bufPtr = maxKeyBuf; 32808 if (wolfSSL_BIO_read(bio, (unsigned char*)bioMem, (int)bioMemSz) == bioMemSz) { 32809 const byte* bioMemPt = bioMem; /* leave bioMem pointer unaltered */ 32810 if ((key = wolfSSL_d2i_RSAPrivateKey(NULL, &bioMemPt, bioMemSz)) == NULL) { 32811 XFREE((unsigned char*)bioMem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); 32812 return NULL; 32813 } 32814 32815 /* This function is used to get the total length of the rsa key. */ 32816 derLength = wolfSSL_i2d_RSAPrivateKey(key, &bufPtr); 32817 32818 /* Write extra data back into bio object if necessary. */ 32819 extraBioMemSz = (bioMemSz - derLength); 32820 if (extraBioMemSz > 0) { 32821 extraBioMem = (unsigned char *)XMALLOC(extraBioMemSz, NULL, 32822 DYNAMIC_TYPE_TMP_BUFFER); 32823 if (extraBioMem == NULL) { 32824 WOLFSSL_MSG("Malloc failure"); 32825 XFREE((unsigned char*)extraBioMem, bio->heap, 32826 DYNAMIC_TYPE_TMP_BUFFER); 32827 XFREE((unsigned char*)bioMem, bio->heap, 32828 DYNAMIC_TYPE_TMP_BUFFER); 32829 return NULL; 32830 } 32831 32832 for (i = derLength; i < bioMemSz; i++) { 32833 *(extraBioMem + j) = *(bioMem + i); 32834 j++; 32835 } 32836 32837 wolfSSL_BIO_write(bio, extraBioMem, extraBioMemSz); 32838 if (wolfSSL_BIO_pending(bio) <= 0) { 32839 WOLFSSL_MSG("Failed to write memory to bio"); 32840 XFREE((unsigned char*)extraBioMem, bio->heap, 32841 DYNAMIC_TYPE_TMP_BUFFER); 32842 XFREE((unsigned char*)bioMem, bio->heap, 32843 DYNAMIC_TYPE_TMP_BUFFER); 32844 return NULL; 32845 } 32846 XFREE((unsigned char*)extraBioMem, bio->heap, 32847 DYNAMIC_TYPE_TMP_BUFFER); 32848 } 32849 32850 if (out != NULL && key != NULL) { 32851 *out = key; 32852 } 32853 } 32854 XFREE((unsigned char*)bioMem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); 32855 return key; 32856 } 32857 #endif 32858 32859 32860 /* Adds the ASN1 certificate to the user ctx. 32861 Returns WOLFSSL_SUCCESS if no error, returns WOLFSSL_FAILURE otherwise.*/ 32862 int wolfSSL_CTX_use_certificate_ASN1(WOLFSSL_CTX *ctx, int derSz, 32863 const unsigned char *der) 32864 { 32865 WOLFSSL_ENTER("wolfSSL_CTX_use_certificate_ASN1()"); 32866 if (der != NULL && ctx != NULL) { 32867 if (wolfSSL_CTX_use_certificate_buffer(ctx, der, derSz, 32868 WOLFSSL_FILETYPE_ASN1) == WOLFSSL_SUCCESS) { 32869 return WOLFSSL_SUCCESS; 32870 } 32871 32872 } 32873 return WOLFSSL_FAILURE; 32874 } 32875 32876 32877 #if !defined(NO_RSA) && !defined(HAVE_FAST_RSA) 32878 /* Adds the rsa private key to the user ctx. 32879 Returns WOLFSSL_SUCCESS if no error, returns WOLFSSL_FAILURE otherwise.*/ 32880 int wolfSSL_CTX_use_RSAPrivateKey(WOLFSSL_CTX* ctx, WOLFSSL_RSA* rsa) 32881 { 32882 int ret; 32883 int derSize; 32884 unsigned char maxDerBuf[4096]; 32885 unsigned char* key = NULL; 32886 32887 WOLFSSL_ENTER("wolfSSL_CTX_use_RSAPrivateKey()"); 32888 32889 if (ctx == NULL || rsa == NULL) { 32890 WOLFSSL_MSG("one or more inputs were NULL"); 32891 return BAD_FUNC_ARG; 32892 } 32893 key = maxDerBuf; 32894 /* convert RSA struct to der encoded buffer and get the size */ 32895 if ((derSize = wolfSSL_i2d_RSAPrivateKey(rsa, &key)) <= 0) { 32896 WOLFSSL_MSG("wolfSSL_i2d_RSAPrivateKey() failure"); 32897 return WOLFSSL_FAILURE; 32898 } 32899 ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx, (const unsigned char*)maxDerBuf, 32900 derSize, SSL_FILETYPE_ASN1); 32901 if (ret != WOLFSSL_SUCCESS) { 32902 WOLFSSL_MSG("wolfSSL_CTX_USE_PrivateKey_buffer() failure"); 32903 return WOLFSSL_FAILURE; 32904 } 32905 return ret; 32906 } 32907 #endif /* NO_RSA && !HAVE_FAST_RSA */ 32908 32909 32910 /* Converts EVP_PKEY data from a bio buffer to a WOLFSSL_EVP_PKEY structure. 32911 Returns pointer to private EVP_PKEY struct upon success, NULL if there 32912 is a failure.*/ 32913 WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_bio(WOLFSSL_BIO* bio, 32914 WOLFSSL_EVP_PKEY** out) 32915 { 32916 unsigned char* mem = NULL; 32917 int memSz = 0; 32918 WOLFSSL_EVP_PKEY* key = NULL; 32919 int i = 0, j = 0; 32920 unsigned char* extraBioMem = NULL; 32921 int extraBioMemSz = 0; 32922 int derLength = 0; 32923 32924 WOLFSSL_ENTER("wolfSSL_d2i_PrivateKey_bio()"); 32925 32926 if (bio == NULL) { 32927 return NULL; 32928 } 32929 (void)out; 32930 32931 memSz = wolfSSL_BIO_pending(bio); 32932 if (memSz <= 0) { 32933 WOLFSSL_MSG("wolfSSL_BIO_pending() failure"); 32934 return NULL; 32935 } 32936 32937 mem = (unsigned char*)XMALLOC(memSz, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); 32938 if (mem == NULL) { 32939 WOLFSSL_MSG("Malloc failure"); 32940 return NULL; 32941 } 32942 32943 if (wolfSSL_BIO_read(bio, (unsigned char*)mem, memSz) == memSz) { 32944 /* Determines key type and returns the new private EVP_PKEY object */ 32945 if ((key = wolfSSL_d2i_PrivateKey_EVP(NULL, &mem, (long)memSz)) == NULL) { 32946 WOLFSSL_MSG("wolfSSL_d2i_PrivateKey_EVP() failure"); 32947 XFREE(mem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); 32948 return NULL; 32949 } 32950 32951 /* Write extra data back into bio object if necessary. */ 32952 derLength = key->pkey_sz; 32953 extraBioMemSz = (memSz - derLength); 32954 if (extraBioMemSz > 0) { 32955 extraBioMem = (unsigned char *)XMALLOC(extraBioMemSz, NULL, 32956 DYNAMIC_TYPE_TMP_BUFFER); 32957 if (extraBioMem == NULL) { 32958 WOLFSSL_MSG("Malloc failure"); 32959 XFREE((unsigned char*)extraBioMem, bio->heap, 32960 DYNAMIC_TYPE_TMP_BUFFER); 32961 XFREE(mem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); 32962 return NULL; 32963 } 32964 32965 for (i = derLength; i < memSz; i++) { 32966 *(extraBioMem + j) = *(mem + i); 32967 j++; 32968 } 32969 32970 wolfSSL_BIO_write(bio, extraBioMem, extraBioMemSz); 32971 if (wolfSSL_BIO_pending(bio) <= 0) { 32972 WOLFSSL_MSG("Failed to write memory to bio"); 32973 XFREE((unsigned char*)extraBioMem, bio->heap, 32974 DYNAMIC_TYPE_TMP_BUFFER); 32975 XFREE(mem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); 32976 return NULL; 32977 } 32978 XFREE((unsigned char*)extraBioMem, bio->heap, 32979 DYNAMIC_TYPE_TMP_BUFFER); 32980 } 32981 32982 if (out != NULL && key != NULL) { 32983 *out = key; 32984 } 32985 } 32986 XFREE(mem, bio->heap, DYNAMIC_TYPE_TMP_BUFFER); 32987 return key; 32988 } 32989 32990 32991 /* Converts a DER encoded private key to a WOLFSSL_EVP_PKEY structure. 32992 * returns a pointer to a new WOLFSSL_EVP_PKEY structure on success and NULL 32993 * on fail */ 32994 WOLFSSL_EVP_PKEY* wolfSSL_d2i_PrivateKey_EVP(WOLFSSL_EVP_PKEY** out, 32995 unsigned char** in, long inSz) 32996 { 32997 WOLFSSL_EVP_PKEY* pkey = NULL; 32998 const unsigned char* mem; 32999 long memSz = inSz; 33000 33001 WOLFSSL_ENTER("wolfSSL_d2i_PrivateKey_EVP()"); 33002 33003 if (in == NULL || *in == NULL || inSz < 0) { 33004 WOLFSSL_MSG("Bad argument"); 33005 return NULL; 33006 } 33007 mem = *in; 33008 33009 #if !defined(NO_RSA) 33010 { 33011 RsaKey rsa; 33012 word32 keyIdx = 0; 33013 33014 /* test if RSA key */ 33015 if (wc_InitRsaKey(&rsa, NULL) == 0 && 33016 wc_RsaPrivateKeyDecode(mem, &keyIdx, &rsa, (word32)memSz) == 0) { 33017 wc_FreeRsaKey(&rsa); 33018 pkey = wolfSSL_PKEY_new(); 33019 if (pkey != NULL) { 33020 pkey->pkey_sz = keyIdx; 33021 pkey->pkey.ptr = (char*)XMALLOC(memSz, NULL, 33022 DYNAMIC_TYPE_PRIVATE_KEY); 33023 if (pkey->pkey.ptr == NULL) { 33024 wolfSSL_EVP_PKEY_free(pkey); 33025 return NULL; 33026 } 33027 XMEMCPY(pkey->pkey.ptr, mem, keyIdx); 33028 pkey->type = EVP_PKEY_RSA; 33029 if (out != NULL) { 33030 *out = pkey; 33031 } 33032 33033 pkey->ownRsa = 1; 33034 pkey->rsa = wolfSSL_RSA_new(); 33035 if (pkey->rsa == NULL) { 33036 wolfSSL_EVP_PKEY_free(pkey); 33037 return NULL; 33038 } 33039 33040 if (wolfSSL_RSA_LoadDer_ex(pkey->rsa, 33041 (const unsigned char*)pkey->pkey.ptr, 33042 pkey->pkey_sz, WOLFSSL_RSA_LOAD_PRIVATE) != 1) { 33043 wolfSSL_EVP_PKEY_free(pkey); 33044 return NULL; 33045 } 33046 33047 return pkey; 33048 } 33049 } 33050 wc_FreeRsaKey(&rsa); 33051 } 33052 #endif /* NO_RSA */ 33053 33054 #ifdef HAVE_ECC 33055 { 33056 word32 keyIdx = 0; 33057 ecc_key ecc; 33058 33059 /* test if ecc key */ 33060 if (wc_ecc_init(&ecc) == 0 && 33061 wc_EccPrivateKeyDecode(mem, &keyIdx, &ecc, (word32)memSz) == 0) { 33062 wc_ecc_free(&ecc); 33063 pkey = wolfSSL_PKEY_new(); 33064 if (pkey != NULL) { 33065 pkey->pkey_sz = keyIdx; 33066 pkey->pkey.ptr = (char*)XMALLOC(keyIdx, NULL, 33067 DYNAMIC_TYPE_PRIVATE_KEY); 33068 if (pkey->pkey.ptr == NULL) { 33069 wolfSSL_EVP_PKEY_free(pkey); 33070 return NULL; 33071 } 33072 XMEMCPY(pkey->pkey.ptr, mem, keyIdx); 33073 pkey->type = EVP_PKEY_EC; 33074 if (out != NULL) { 33075 *out = pkey; 33076 } 33077 return pkey; 33078 } 33079 } 33080 wc_ecc_free(&ecc); 33081 } 33082 #endif /* HAVE_ECC */ 33083 return pkey; 33084 } 33085 #endif /* OPENSSL_ALL || WOLFSSL_ASIO */ 24211 33086 24212 33087 24213 33088 /* stunnel compatibility functions*/ 24214 #if defined(OPENSSL_EXTRA) && (defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX)) 24215 void WOLFSSL_ERR_remove_thread_state(void* pid) 24216 { 33089 #if defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && (defined(HAVE_STUNNEL) || \ 33090 defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY) || \ 33091 defined(WOLFSSL_HAPROXY))) 33092 void wolfSSL_ERR_remove_thread_state(void* pid) 33093 { 24217 33094 (void) pid; 24218 33095 return; 24219 } 24220 33096 } 33097 33098 #ifndef NO_FILESYSTEM 24221 33099 /***TBD ***/ 24222 void wolfSSL_print_all_errors_fp(XFILE *fp)33100 void wolfSSL_print_all_errors_fp(XFILE fp) 24223 33101 { 24224 33102 (void)fp; 24225 } 33103 } 33104 #endif 24226 33105 24227 33106 int wolfSSL_SESSION_set_ex_data(WOLFSSL_SESSION* session, int idx, void* data) … … 24233 33112 return WOLFSSL_SUCCESS; 24234 33113 } 24235 #endif 33114 #else 33115 (void)session; 33116 (void)idx; 33117 (void)data; 33118 #endif 24236 33119 return WOLFSSL_FAILURE; 24237 }33120 } 24238 33121 24239 33122 … … 24246 33129 (void)cb2; 24247 33130 (void)cb3; 24248 if (XSTRNCMP((const char*)data, "redirect index", 14) == 0) {33131 if (XSTRNCMP((const char*)data, "redirect index", 14) == 0) { 24249 33132 return 0; 24250 }24251 else if (XSTRNCMP((const char*)data, "addr index", 10) == 0) {33133 } 33134 else if (XSTRNCMP((const char*)data, "addr index", 10) == 0) { 24252 33135 return 1; 24253 }33136 } 24254 33137 return WOLFSSL_FAILURE; 24255 }33138 } 24256 33139 24257 33140 … … 24262 33145 if (session != NULL && idx < MAX_EX_DATA && idx >= 0) 24263 33146 return session->ex_data[idx]; 33147 #else 33148 (void)session; 33149 (void)idx; 24264 33150 #endif 24265 33151 return NULL; 24266 }24267 24268 33152 } 33153 33154 #ifndef NO_WOLFSSL_STUB 24269 33155 int wolfSSL_CRYPTO_set_mem_ex_functions(void *(*m) (size_t, const char *, int), 24270 33156 void *(*r) (void *, size_t, const char *, … … 24275 33161 (void) f; 24276 33162 WOLFSSL_ENTER("wolfSSL_CRYPTO_set_mem_ex_functions"); 24277 WOLFSSL_STUB(" wolfSSL_CRYPTO_set_mem_ex_functions");33163 WOLFSSL_STUB("CRYPTO_set_mem_ex_functions"); 24278 33164 24279 33165 return WOLFSSL_FAILURE; 24280 } 24281 24282 33166 } 33167 #endif 33168 33169 33170 void wolfSSL_CRYPTO_cleanup_all_ex_data(void){ 33171 WOLFSSL_ENTER("CRYPTO_cleanup_all_ex_data"); 33172 } 33173 33174 33175 #ifndef NO_WOLFSSL_STUB 24283 33176 WOLFSSL_DH *wolfSSL_DH_generate_parameters(int prime_len, int generator, 24284 33177 void (*callback) (int, int, void *), void *cb_arg) … … 24289 33182 (void)cb_arg; 24290 33183 WOLFSSL_ENTER("wolfSSL_DH_generate_parameters"); 24291 WOLFSSL_STUB(" wolfSSL_DH_generate_parameters");33184 WOLFSSL_STUB("DH_generate_parameters"); 24292 33185 24293 33186 return NULL; 24294 } 24295 33187 } 33188 #endif 33189 33190 #ifndef NO_WOLFSSL_STUB 24296 33191 int wolfSSL_DH_generate_parameters_ex(WOLFSSL_DH* dh, int prime_len, int generator, 24297 33192 void (*callback) (int, int, void *)) … … 24302 33197 (void)dh; 24303 33198 WOLFSSL_ENTER("wolfSSL_DH_generate_parameters_ex"); 24304 WOLFSSL_STUB(" wolfSSL_DH_generate_parameters_ex");33199 WOLFSSL_STUB("DH_generate_parameters_ex"); 24305 33200 24306 33201 return -1; 24307 }24308 33202 } 33203 #endif 24309 33204 24310 33205 void wolfSSL_ERR_load_crypto_strings(void) 24311 33206 { 24312 33207 WOLFSSL_ENTER("wolfSSL_ERR_load_crypto_strings"); 24313 WOLFSSL_ENTER("wolfSSL_ERR_load_crypto_strings");33208 /* Do nothing */ 24314 33209 return; 24315 } 24316 24317 24318 unsigned long wolfSSL_ERR_peek_last_error(void) 24319 { 24320 WOLFSSL_ENTER("wolfSSL_ERR_peek_last_error"); 24321 24322 #ifdef WOLFSSL_NGINX 24323 { 24324 int ret; 24325 24326 if ((ret = wc_PeekErrorNode(-1, NULL, NULL, NULL)) < 0) { 24327 WOLFSSL_MSG("Issue peeking at error node in queue"); 24328 return 0; 24329 } 24330 if (ret == -SSL_NO_PEM_HEADER) 24331 return (ERR_LIB_PEM << 24) | PEM_R_NO_START_LINE; 24332 return (unsigned long)ret; 24333 } 24334 #else 24335 return (unsigned long)(0 - NOT_COMPILED_IN); 24336 #endif 24337 } 24338 24339 33210 } 33211 33212 #ifndef NO_WOLFSSL_STUB 24340 33213 int wolfSSL_FIPS_mode(void) 24341 33214 { 24342 33215 WOLFSSL_ENTER("wolfSSL_FIPS_mode"); 24343 WOLFSSL_STUB(" wolfSSL_FIPS_mode");33216 WOLFSSL_STUB("FIPS_mode"); 24344 33217 24345 33218 return WOLFSSL_FAILURE; 24346 } 24347 33219 } 33220 #endif 33221 33222 #ifndef NO_WOLFSSL_STUB 24348 33223 int wolfSSL_FIPS_mode_set(int r) 24349 33224 { 24350 33225 (void)r; 24351 33226 WOLFSSL_ENTER("wolfSSL_FIPS_mode_set"); 24352 WOLFSSL_STUB(" wolfSSL_FIPS_mode_set");33227 WOLFSSL_STUB("FIPS_mode_set"); 24353 33228 24354 33229 return WOLFSSL_FAILURE; 24355 33230 } 24356 24357 33231 #endif 33232 33233 #ifndef NO_WOLFSSL_STUB 24358 33234 int wolfSSL_RAND_set_rand_method(const void *meth) 24359 33235 { 24360 33236 (void) meth; 24361 33237 WOLFSSL_ENTER("wolfSSL_RAND_set_rand_method"); 24362 WOLFSSL_STUB("wolfSSL_RAND_set_rand_method"); 24363 24364 return WOLFSSL_FAILURE; 24365 } 24366 33238 WOLFSSL_STUB("RAND_set_rand_method"); 33239 33240 /* if implemented RAND_bytes and RAND_pseudo_bytes need updated 33241 * those two functions will call the respective functions from meth */ 33242 return SSL_FAILURE; 33243 } 33244 #endif 24367 33245 24368 33246 int wolfSSL_CIPHER_get_bits(const WOLFSSL_CIPHER *c, int *alg_bits) … … 24377 33255 } 24378 33256 return ret; 24379 } 24380 33257 } 24381 33258 24382 33259 int wolfSSL_sk_X509_NAME_num(const WOLF_STACK_OF(WOLFSSL_X509_NAME) *s) … … 24389 33266 } 24390 33267 24391 24392 33268 int wolfSSL_sk_X509_num(const WOLF_STACK_OF(WOLFSSL_X509) *s) 24393 33269 { … … 24397 33273 return -1; 24398 33274 return (int)s->num; 24399 } 24400 33275 } 24401 33276 24402 33277 int wolfSSL_X509_NAME_print_ex(WOLFSSL_BIO* bio, WOLFSSL_X509_NAME* name, … … 24420 33295 return WOLFSSL_FAILURE; 24421 33296 24422 return WOLFSSL_SUCCESS;24423 }24424 24425 33297 return WOLFSSL_SUCCESS; 33298 } 33299 33300 #ifndef NO_WOLFSSL_STUB 24426 33301 WOLFSSL_ASN1_BIT_STRING* wolfSSL_X509_get0_pubkey_bitstr(const WOLFSSL_X509* x) 24427 33302 { 24428 33303 (void)x; 24429 33304 WOLFSSL_ENTER("wolfSSL_X509_get0_pubkey_bitstr"); 24430 WOLFSSL_STUB("wolfSSL_X509_get0_pubkey_bitstr"); 24431 24432 return NULL; 24433 } 24434 24435 33305 WOLFSSL_STUB("X509_get0_pubkey_bitstr"); 33306 33307 return NULL; 33308 } 33309 #endif 33310 33311 #ifndef NO_WOLFSSL_STUB 24436 33312 int wolfSSL_CTX_add_session(WOLFSSL_CTX* ctx, WOLFSSL_SESSION* session) 24437 33313 { … … 24439 33315 (void)session; 24440 33316 WOLFSSL_ENTER("wolfSSL_CTX_add_session"); 24441 WOLFSSL_STUB(" wolfSSL_CTX_add_session");33317 WOLFSSL_STUB("SSL_CTX_add_session"); 24442 33318 24443 33319 return WOLFSSL_SUCCESS; 24444 33320 } 24445 24446 24447 int wolfSSL_get_state(const WOLFSSL* ssl) 24448 { 24449 (void)ssl; 24450 WOLFSSL_ENTER("wolfSSL_get_state"); 24451 WOLFSSL_STUB("wolfSSL_get_state"); 24452 24453 return WOLFSSL_FAILURE; 24454 } 24455 24456 24457 void* wolfSSL_sk_X509_NAME_value(const WOLF_STACK_OF(WOLFSSL_X509_NAME)* sk, int i) 24458 { 24459 WOLFSSL_ENTER("wolfSSL_sk_X509_NAME_value"); 24460 24461 for (; sk != NULL && i > 0; i--) 24462 sk = sk->next; 24463 24464 if (i != 0 || sk == NULL) 24465 return NULL; 24466 return sk->data.name; 24467 } 24468 24469 24470 void* wolfSSL_sk_X509_value(WOLF_STACK_OF(WOLFSSL_X509)* sk, int i) 24471 { 24472 WOLFSSL_ENTER("wolfSSL_sk_X509_value"); 24473 24474 for (; sk != NULL && i > 0; i--) 24475 sk = sk->next; 24476 24477 if (i != 0 || sk == NULL) 24478 return NULL; 24479 return sk->data.x509; 24480 } 33321 #endif 24481 33322 24482 33323 24483 33324 int wolfSSL_version(WOLFSSL* ssl) 24484 {33325 { 24485 33326 WOLFSSL_ENTER("wolfSSL_version"); 24486 33327 if (ssl->version.major == SSLv3_MAJOR) { … … 24510 33351 24511 33352 24512 WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_get_peer_cert_chain(const WOLFSSL* ssl)24513 {24514 (void)ssl;24515 WOLFSSL_ENTER("wolfSSL_get_peer_cert_chain");24516 WOLFSSL_STUB("wolfSSL_get_peer_cert_chain");24517 24518 return NULL;24519 }24520 24521 24522 WOLFSSL_CTX* wolfSSL_get_SSL_CTX(WOLFSSL* ssl)24523 {24524 WOLFSSL_ENTER("wolfSSL_get_SSL_CTX");24525 return ssl->ctx;24526 }24527 24528 33353 int wolfSSL_X509_NAME_get_sz(WOLFSSL_X509_NAME* name) 24529 33354 { … … 24532 33357 return -1; 24533 33358 return name->sz; 24534 } 24535 33359 } 24536 33360 24537 33361 #ifdef HAVE_SNI … … 24541 33365 WOLFSSL_ENTER("wolfSSL_set_tlsext_host_name"); 24542 33366 ret = wolfSSL_UseSNI(ssl, WOLFSSL_SNI_HOST_NAME, 24543 host_name, XSTRLEN(host_name));33367 host_name, (word16)XSTRLEN(host_name)); 24544 33368 WOLFSSL_LEAVE("wolfSSL_set_tlsext_host_name", ret); 24545 33369 return ret; … … 24552 33376 void * serverName = NULL; 24553 33377 if (ssl == NULL) 24554 33378 return NULL; 24555 33379 TLSX_SNI_GetRequest(ssl->extensions, type, &serverName); 24556 33380 return (const char *)serverName; … … 24585 33409 int wolfSSL_CTX_set_tlsext_servername_callback(WOLFSSL_CTX* ctx, 24586 33410 CallbackSniRecv cb) 24587 {33411 { 24588 33412 WOLFSSL_ENTER("wolfSSL_CTX_set_tlsext_servername_callback"); 24589 33413 if (ctx) { … … 24601 33425 } 24602 33426 24603 24604 long wolfSSL_CTX_clear_options(WOLFSSL_CTX* ctx, long opt) 24605 { 24606 WOLFSSL_ENTER("SSL_CTX_clear_options"); 24607 WOLFSSL_STUB("SSL_CTX_clear_options"); 24608 (void)ctx; 24609 (void)opt; 24610 return opt; 24611 } 24612 33427 void wolfSSL_ERR_load_BIO_strings(void) { 33428 WOLFSSL_ENTER("ERR_load_BIO_strings"); 33429 /* do nothing */ 33430 } 33431 33432 #ifndef NO_WOLFSSL_STUB 24613 33433 void wolfSSL_THREADID_set_callback(void(*threadid_func)(void*)) 24614 {33434 { 24615 33435 WOLFSSL_ENTER("wolfSSL_THREADID_set_callback"); 24616 WOLFSSL_STUB(" wolfSSL_THREADID_set_callback");33436 WOLFSSL_STUB("CRYPTO_THREADID_set_callback"); 24617 33437 (void)threadid_func; 24618 33438 return; 24619 } 24620 33439 } 33440 #endif 33441 33442 #ifndef NO_WOLFSSL_STUB 24621 33443 void wolfSSL_THREADID_set_numeric(void* id, unsigned long val) 24622 33444 { 24623 33445 WOLFSSL_ENTER("wolfSSL_THREADID_set_numeric"); 24624 WOLFSSL_STUB(" wolfSSL_THREADID_set_numeric");33446 WOLFSSL_STUB("CRYPTO_THREADID_set_numeric"); 24625 33447 (void)id; 24626 33448 (void)val; 24627 33449 return; 24628 33450 } 24629 24630 33451 #endif 33452 33453 33454 #ifndef NO_WOLFSSL_STUB 24631 33455 WOLF_STACK_OF(WOLFSSL_X509)* wolfSSL_X509_STORE_get1_certs(WOLFSSL_X509_STORE_CTX* ctx, 24632 33456 WOLFSSL_X509_NAME* name) 24633 33457 { 24634 33458 WOLFSSL_ENTER("wolfSSL_X509_STORE_get1_certs"); 24635 WOLFSSL_STUB(" wolfSSL_X509_STORE_get1_certs");33459 WOLFSSL_STUB("X509_STORE_get1_certs"); 24636 33460 (void)ctx; 24637 33461 (void)name; 24638 33462 return NULL; 24639 33463 } 24640 24641 void wolfSSL_sk_X509_pop_free(WOLF_STACK_OF(WOLFSSL_X509)* sk, void f (WOLFSSL_X509*)){ 24642 (void) sk; 24643 (void) f; 24644 WOLFSSL_ENTER("wolfSSL_sk_X509_pop_free"); 24645 WOLFSSL_STUB("wolfSSL_sk_X509_pop_free"); 24646 } 24647 24648 #endif /* OPENSSL_EXTRA and HAVE_STUNNEL */ 24649 #if defined(OPENSSL_EXTRA) && (defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX))\ 24650 || defined(WOLFSSL_HAPROXY) 24651 33464 #endif 33465 33466 #endif /* OPENSSL_ALL || (OPENSSL_EXTRA && (HAVE_STUNNEL || WOLFSSL_NGINX || HAVE_LIGHTY)) */ 33467 33468 33469 #if defined(OPENSSL_EXTRA) 33470 unsigned long wolfSSL_ERR_peek_last_error(void) 33471 { 33472 WOLFSSL_ENTER("wolfSSL_ERR_peek_last_error"); 33473 33474 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_NGINX) 33475 { 33476 int ret; 33477 33478 if ((ret = wc_PeekErrorNode(-1, NULL, NULL, NULL)) < 0) { 33479 WOLFSSL_MSG("Issue peeking at error node in queue"); 33480 return 0; 33481 } 33482 if (ret == -ASN_NO_PEM_HEADER) 33483 return (ERR_LIB_PEM << 24) | PEM_R_NO_START_LINE; 33484 return (unsigned long)ret; 33485 } 33486 #else 33487 return (unsigned long)(0 - NOT_COMPILED_IN); 33488 #endif 33489 } 33490 33491 #endif /* OPENSSL_EXTRA */ 33492 33493 WOLFSSL_CTX* wolfSSL_get_SSL_CTX(WOLFSSL* ssl) 33494 { 33495 WOLFSSL_ENTER("wolfSSL_get_SSL_CTX"); 33496 return ssl->ctx; 33497 } 33498 33499 #if defined(OPENSSL_ALL) || \ 33500 (defined(OPENSSL_EXTRA) && (defined(HAVE_STUNNEL) || \ 33501 defined(WOLFSSL_NGINX)) || defined(WOLFSSL_HAPROXY)) 24652 33502 24653 33503 const byte* wolfSSL_SESSION_get_id(WOLFSSL_SESSION* sess, unsigned int* idLen) … … 24663 33513 #endif 24664 33514 24665 #if (defined(OPENSSL_EXTRA) && defined(HAVE_STUNNEL)) \33515 #if defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && defined(HAVE_STUNNEL)) \ 24666 33516 || defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) 33517 24667 33518 int wolfSSL_CTX_get_verify_mode(WOLFSSL_CTX* ctx) 24668 33519 { … … 24686 33537 WOLFSSL_LEAVE("wolfSSL_CTX_get_verify_mode", mode); 24687 33538 return mode; 24688 }33539 } 24689 33540 #endif 24690 33541 … … 24736 33587 else 24737 33588 rng = &globalRNG; 24738 33589 } 24739 33590 24740 33591 if (rng) { … … 24754 33605 24755 33606 wc_curve25519_free(&key); 24756 33607 } 24757 33608 24758 33609 if (initTmpRng) … … 24806 33657 wc_curve25519_free(&privkey); 24807 33658 return ret; 24808 33659 } 24809 33660 24810 33661 /* import public key */ … … 24834 33685 return ret; 24835 33686 #endif /* WOLFSSL_KEY_GEN */ 24836 }33687 } 24837 33688 #endif /* OPENSSL_EXTRA && HAVE_CURVE25519 */ 24838 33689 … … 24911 33762 return ret; 24912 33763 #endif /* WOLFSSL_KEY_GEN */ 24913 }33764 } 24914 33765 24915 33766 /* return 1 if success, 0 if error … … 24940 33791 WOLFSSL_MSG("Bad arguments"); 24941 33792 return WOLFSSL_FAILURE; 24942 33793 } 24943 33794 24944 33795 /* import key */ … … 24964 33815 return ret; 24965 33816 #endif /* WOLFSSL_KEY_GEN */ 24966 }33817 } 24967 33818 24968 33819 /* return 1 if success, 0 if error … … 24982 33833 (void) sig; 24983 33834 (void) sigSz; 24984 return WOLFSSL_FAILURE;33835 return WOLFSSL_FAILURE; 24985 33836 #else /* WOLFSSL_KEY_GEN */ 24986 33837 ed25519_key key; … … 25057 33908 return wolfAsync_EventQueuePoll(&ctx->event_queue, NULL, 25058 33909 events, maxEvents, flags, eventCount); 25059 }33910 } 25060 33911 25061 33912 int wolfSSL_AsyncPoll(WOLFSSL* ssl, WOLF_EVENT_FLAG flags) … … 25094 33945 if (flags != NULL) { 25095 33946 *flags = 0; 25096 25097 25098 #if defined( WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \25099 defined(WOLFSSL_ MYSQL_COMPATIBLE)25100 33947 } 33948 33949 #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \ 33950 defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_MYSQL_COMPATIBLE) 33951 { 25101 33952 int ret = 0; 25102 33953 … … 25104 33955 if ((ret = wc_PeekErrorNode(-1, file, NULL, line)) < 0) { 25105 33956 WOLFSSL_MSG("Issue peeking at error node in queue"); 25106 25107 33957 return 0; 33958 } 25108 33959 ret = -ret; 25109 33960 25110 if (ret == SSL_NO_PEM_HEADER)33961 if (ret == ASN_NO_PEM_HEADER) 25111 33962 return (ERR_LIB_PEM << 24) | PEM_R_NO_START_LINE; 25112 33963 if (ret != WANT_READ && ret != WANT_WRITE && … … 25116 33967 25117 33968 wc_RemoveErrorNode(-1); 25118 33969 } 25119 33970 25120 33971 return (unsigned long)ret; … … 25126 33977 #endif 25127 33978 25128 #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) 25129 33979 #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) 33980 33981 #ifndef NO_WOLFSSL_STUB 25130 33982 WOLF_STACK_OF(WOLFSSL_CIPHER) *wolfSSL_get_ciphers_compat(const WOLFSSL *ssl) 25131 33983 { … … 25134 33986 return NULL; 25135 33987 } 25136 33988 #endif 33989 33990 #ifndef NO_WOLFSSL_STUB 25137 33991 void wolfSSL_OPENSSL_config(char *config_name) 25138 33992 { 25139 WOLFSSL_STUB("wolfSSL_OPENSSL_config");25140 33993 (void)config_name; 25141 } 25142 33994 WOLFSSL_STUB("OPENSSL_config"); 33995 } 33996 #endif 33997 #endif 33998 33999 #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) \ 34000 || defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY) 25143 34001 int wolfSSL_X509_get_ex_new_index(int idx, void *arg, void *a, void *b, void *c) 25144 34002 { … … 25156 34014 25157 34015 void *wolfSSL_X509_get_ex_data(X509 *x509, int idx) 25158 {34016 { 25159 34017 WOLFSSL_ENTER("wolfSSL_X509_get_ex_data"); 25160 34018 #ifdef HAVE_EX_DATA 25161 34019 if (x509 != NULL && idx < MAX_EX_DATA && idx >= 0) { 25162 34020 return x509->ex_data[idx]; 25163 }34021 } 25164 34022 #else 25165 34023 (void)x509; … … 25177 34035 return WOLFSSL_SUCCESS; 25178 34036 } 25179 34037 #else 25180 34038 (void)x509; 25181 34039 (void)idx; 25182 34040 (void)data; 25183 34041 #endif 25184 34042 return WOLFSSL_FAILURE; 25185 34043 } … … 25190 34048 25191 34049 if (name == NULL || type == NULL) 25192 return WOLFSSL_FAILURE; 25193 34050 return WOLFSSL_FAILURE; 34051 34052 #ifndef NO_FILESYSTEM 25194 34053 return wolfSSL_EVP_Digest((unsigned char*)name->fullName.fullName, 25195 34054 name->fullName.fullNameLen, md, len, type, NULL); 34055 #else 34056 (void)md; 34057 (void)len; 34058 return NOT_COMPILED_IN; 34059 #endif 25196 34060 } 25197 34061 … … 25234 34098 /* Don't remove session just timeout session. */ 25235 34099 s->timeout = 0; 25236 34100 } 25237 34101 25238 34102 #ifdef HAVE_EXT_CACHE … … 25247 34111 { 25248 34112 WOLFSSL_ENTER("wolfSSL_SSL_get_rbio"); 25249 (void)s;25250 34113 /* Nginx sets the buffer size if the read BIO is different to write BIO. 25251 34114 * The setting buffer size doesn't do anything so return NULL for both. 25252 34115 */ 25253 return NULL; 34116 if (s == NULL) 34117 return NULL; 34118 34119 return s->biord; 25254 34120 } 25255 34121 BIO *wolfSSL_SSL_get_wbio(const WOLFSSL *s) … … 25260 34126 * The setting buffer size doesn't do anything so return NULL for both. 25261 34127 */ 25262 return NULL; 34128 if (s == NULL) 34129 return NULL; 34130 34131 return s->biowr; 25263 34132 } 25264 34133 … … 25270 34139 return WOLFSSL_FAILURE; 25271 34140 25272 if (s->options.side == WOLFSSL_CLIENT_END) 34141 if (s->options.side == WOLFSSL_CLIENT_END) { 34142 #ifndef NO_WOLFSSL_CLIENT 25273 34143 return wolfSSL_connect(s); 34144 #else 34145 WOLFSSL_MSG("Client not compiled in"); 34146 return WOLFSSL_FAILURE; 34147 #endif 34148 } 34149 34150 #ifndef NO_WOLFSSL_SERVER 25274 34151 return wolfSSL_accept(s); 25275 } 34152 #else 34153 WOLFSSL_MSG("Server not compiled in"); 34154 return WOLFSSL_FAILURE; 34155 #endif 34156 } 25276 34157 25277 34158 int wolfSSL_SSL_in_init(WOLFSSL *s) … … 25296 34177 25297 34178 if (ssl == NULL) { 25298 25299 34179 return NULL; 34180 } 25300 34181 25301 34182 session = wolfSSL_get_session((WOLFSSL*)ssl); … … 25321 34202 (void)flags; 25322 34203 (void)peername; 34204 34205 if (flags == WOLFSSL_NO_WILDCARDS) { 34206 WOLFSSL_MSG("X509_CHECK_FLAG_NO_WILDCARDS not yet implemented"); 34207 return WOLFSSL_FAILURE; 34208 } 25323 34209 25324 34210 InitDecodedCert(&dCert, x->derCert->buffer, x->derCert->length, NULL); … … 25380 34266 wolfSSL_BIO_write(bp, "00", 2); 25381 34267 return 2; 25382 }34268 } 25383 34269 25384 34270 /* Don't do negative - just write out every byte. */ … … 25393 34279 25394 34280 25395 #if def HAVE_SESSION_TICKET34281 #if defined(HAVE_SESSION_TICKET) && !defined(NO_WOLFSSL_SERVER) 25396 34282 /* Expected return values from implementations of OpenSSL ticket key callback. 25397 34283 */ … … 25428 34314 int encTicketLen, int* encLen, void* ctx) 25429 34315 { 25430 byte digest[ MAX_DIGEST_SIZE];34316 byte digest[WC_MAX_DIGEST_SIZE]; 25431 34317 WOLFSSL_EVP_CIPHER_CTX evpCtx; 25432 34318 WOLFSSL_HMAC_CTX hmacCtx; … … 25448 34334 25449 34335 if (enc) 25450 34336 { 25451 34337 /* Encrypt in place. */ 25452 34338 if (!wolfSSL_EVP_CipherUpdate(&evpCtx, encTicket, &len, … … 25461 34347 25462 34348 /* HMAC the encrypted data into the parameter 'mac'. */ 25463 wolfSSL_HMAC_Update(&hmacCtx, encTicket, encTicketLen); 25464 wolfSSL_HMAC_Final(&hmacCtx, mac, &mdSz); 25465 } 34349 if (!wolfSSL_HMAC_Update(&hmacCtx, encTicket, encTicketLen)) 34350 goto end; 34351 #ifdef WOLFSSL_SHA512 34352 /* Check for SHA512, which would overrun the mac buffer */ 34353 if (hmacCtx.hmac.macType == WC_SHA512) 34354 goto end; 34355 #endif 34356 if (!wolfSSL_HMAC_Final(&hmacCtx, mac, &mdSz)) 34357 goto end; 34358 } 25466 34359 else 25467 34360 { 25468 34361 /* HMAC the encrypted data and compare it to the passed in data. */ 25469 wolfSSL_HMAC_Update(&hmacCtx, encTicket, encTicketLen); 25470 wolfSSL_HMAC_Final(&hmacCtx, digest, &mdSz); 34362 if (!wolfSSL_HMAC_Update(&hmacCtx, encTicket, encTicketLen)) 34363 goto end; 34364 if (!wolfSSL_HMAC_Final(&hmacCtx, digest, &mdSz)) 34365 goto end; 25471 34366 if (XMEMCMP(mac, digest, mdSz) != 0) 25472 34367 goto end; … … 25510 34405 #endif /* HAVE_SESSION_TICKET */ 25511 34406 34407 #endif /* OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY || 34408 OPENSSL_EXTRA || HAVE_LIGHTY */ 34409 34410 #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) 25512 34411 #ifdef HAVE_OCSP 25513 34412 /* Not an OpenSSL API. */ … … 25533 34432 return WOLFSSL_SUCCESS; 25534 34433 } 25535 34434 #endif /* OCSP */ 34435 #endif /* OPENSSL_ALL / WOLFSSL_NGINX / WOLFSSL_HAPROXY */ 34436 34437 #if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \ 34438 defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) 25536 34439 int wolfSSL_CTX_get_extra_chain_certs(WOLFSSL_CTX* ctx, WOLF_STACK_OF(X509)** chain) 25537 34440 { … … 25548 34451 *chain = ctx->x509Chain; 25549 34452 return WOLFSSL_SUCCESS; 25550 34453 } 25551 34454 25552 34455 /* If there are no chains then success! */ … … 25554 34457 if (ctx->certChain == NULL || ctx->certChain->length == 0) { 25555 34458 return WOLFSSL_SUCCESS; 25556 34459 } 25557 34460 25558 34461 /* Create a new stack of WOLFSSL_X509 object from chain buffer. */ … … 25576 34479 ctx->x509Chain = *chain; 25577 34480 return WOLFSSL_FAILURE; 25578 34481 } 25579 34482 idx += length; 25580 34483 … … 25587 34490 (*chain)->num++; 25588 34491 last->next = node; 25589 34492 } 25590 34493 25591 34494 last = node; … … 25603 34506 return WOLFSSL_FAILURE; 25604 34507 34508 #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ 34509 || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) 25605 34510 /* Ensure stapling is on for callback to be used. */ 25606 34511 wolfSSL_CTX_EnableOCSPStapling(ctx); … … 25610 34515 25611 34516 ctx->cm->ocsp_stapling->statusCb = cb; 34517 #else 34518 (void)cb; 34519 #endif 34520 25612 34521 return WOLFSSL_SUCCESS; 25613 34522 } … … 25632 34541 *issuer = x; 25633 34542 return WOLFSSL_SUCCESS; 25634 25635 34543 } 34544 } 25636 34545 } 25637 34546 … … 25654 34563 ca = GetCA(ctx->store->cm, cert->issuerHash); 25655 34564 #endif /* NO SKID */ 25656 34565 } 25657 34566 FreeDecodedCert(cert); 25658 34567 #ifdef WOLFSSL_SMALL_STACK … … 25661 34570 25662 34571 if (ca == NULL) 25663 34572 return WOLFSSL_FAILURE; 25664 34573 25665 34574 *issuer = (WOLFSSL_X509 *)XMALLOC(sizeof(WOLFSSL_X509), 0, … … 25670 34579 /* Create an empty certificate as CA doesn't have a certificate. */ 25671 34580 XMEMSET(*issuer, 0, sizeof(WOLFSSL_X509)); 25672 /* TODO: store the full certificate and dup when required. */ 34581 (*issuer)->dynamicMemory = 1; 34582 #ifdef WOLFSSL_SIGNER_DER_CERT 34583 if (AllocDer(&(*issuer)->derCert, ca->derCert->length, ca->derCert->type, 34584 NULL) == 0) { 34585 XMEMCPY((*issuer)->derCert->buffer, ca->derCert->buffer, 34586 ca->derCert->length); 34587 } 34588 else { 34589 XFREE(*issuer, 0, DYNAMIC_TYPE_OPENSSL); 34590 return WOLFSSL_FAILURE; 34591 } 34592 #endif 25673 34593 25674 34594 /* Result is ignored when passed to wolfSSL_OCSP_cert_to_id(). */ 25675 34595 25676 34596 return WOLFSSL_SUCCESS; 25677 }34597 } 25678 34598 25679 34599 void wolfSSL_X509_email_free(WOLF_STACK_OF(WOLFSSL_STRING) *sk) … … 25687 34607 XFREE(curr, NULL, DYNAMIC_TYPE_OPENSSL); 25688 34608 } 25689 }34609 } 25690 34610 25691 34611 WOLF_STACK_OF(WOLFSSL_STRING) *wolfSSL_X509_get1_ocsp(WOLFSSL_X509 *x) 25692 34612 { 25693 WOLFSSL_STACK *list = NULL; 34613 WOLFSSL_STACK* list = NULL; 34614 char* url; 25694 34615 25695 34616 if (x->authInfoSz == 0) 25696 34617 return NULL; 25697 34618 25698 list = (WOLFSSL_STACK*)XMALLOC(sizeof(WOLFSSL_STACK) , NULL,25699 DYNAMIC_TYPE_OPENSSL);34619 list = (WOLFSSL_STACK*)XMALLOC(sizeof(WOLFSSL_STACK) + x->authInfoSz + 1, 34620 NULL, DYNAMIC_TYPE_OPENSSL); 25700 34621 if (list == NULL) 25701 34622 return NULL; 25702 34623 25703 list->data.string = (char*)x->authInfo; 34624 url = (char*)list; 34625 url += sizeof(WOLFSSL_STACK); 34626 XMEMCPY(url, x->authInfo, x->authInfoSz); 34627 url[x->authInfoSz] = '\0'; 34628 34629 list->data.string = url; 25704 34630 list->next = NULL; 25705 34631 … … 25726 34652 issuer->subjKeyIdSz) != 0) { 25727 34653 return X509_V_ERR_SUBJECT_ISSUER_MISMATCH; 25728 34654 } 25729 34655 } 25730 34656 … … 25735 34661 { 25736 34662 return wolfSSL_X509_d2i(NULL, x->derCert->buffer, x->derCert->length); 25737 }34663 } 25738 34664 25739 34665 char* wolfSSL_sk_WOLFSSL_STRING_value(WOLF_STACK_OF(WOLFSSL_STRING)* strings, … … 25746 34672 return strings->data.string; 25747 34673 } 25748 #endif /* HAVE_OCSP */ 25749 34674 #endif /* WOLFSSL_NGINX || WOLFSSL_HAPROXY || OPENSSL_EXTRA || OPENSSL_ALL */ 34675 34676 #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) 25750 34677 #ifdef HAVE_ALPN 25751 34678 void wolfSSL_get0_alpn_selected(const WOLFSSL *ssl, const unsigned char **data, … … 25804 34731 ctx->alpnSelectArg = arg; 25805 34732 } 25806 }34733 } 25807 34734 25808 34735 void wolfSSL_CTX_set_next_protos_advertised_cb(WOLFSSL_CTX *s, … … 25860 34787 len = idx - 1 - start; 25861 34788 if (len > MAX_CURVE_NAME_SZ - 1) 25862 34789 return WOLFSSL_FAILURE; 25863 34790 25864 34791 XMEMCPY(name, names + start, len); … … 25869 34796 (XSTRNCMP(name, "P-256", len) == 0)) { 25870 34797 curve = WOLFSSL_ECC_SECP256R1; 25871 34798 } 25872 34799 else if ((XSTRNCMP(name, "secp384r1", len) == 0) || 25873 34800 (XSTRNCMP(name, "P-384", len) == 0)) { 25874 34801 curve = WOLFSSL_ECC_SECP384R1; 25875 34802 } 25876 34803 else if ((XSTRNCMP(name, "secp521r1", len) == 0) || 25877 34804 (XSTRNCMP(name, "P-521", len) == 0)) { 25878 34805 curve = WOLFSSL_ECC_SECP521R1; 25879 34806 } 25880 34807 else if (XSTRNCMP(name, "X25519", len) == 0) 25881 34808 curve = WOLFSSL_ECC_X25519; … … 25886 34813 ctx->disabledCurves &= ~(1 << curve); 25887 34814 start = idx + 1; 25888 25889 25890 return WOLFSSL_SUCCESS;25891 }34815 } 34816 34817 return WOLFSSL_SUCCESS; 34818 } 25892 34819 #endif 25893 34820 25894 34821 #ifdef OPENSSL_EXTRA 34822 #ifndef NO_WOLFSSL_STUB 25895 34823 int wolfSSL_CTX_set_msg_callback(WOLFSSL_CTX *ctx, SSL_Msg_Cb cb) 25896 34824 { … … 25900 34828 return WOLFSSL_FAILURE; 25901 34829 } 34830 #endif 34831 34832 34833 /* Sets a callback for when sending and receiving protocol messages. 34834 * 34835 * ssl WOLFSSL structure to set callback in 34836 * cb callback to use 34837 * 34838 * return SSL_SUCCESS on success and SSL_FAILURE with error case 34839 */ 25902 34840 int wolfSSL_set_msg_callback(WOLFSSL *ssl, SSL_Msg_Cb cb) 25903 34841 { 25904 WOLFSSL_STUB("SSL_set_msg_callback"); 25905 (void)ssl; 25906 (void)cb; 25907 return WOLFSSL_FAILURE; 25908 } 34842 WOLFSSL_ENTER("wolfSSL_set_msg_callback"); 34843 34844 if (ssl == NULL) { 34845 return SSL_FAILURE; 34846 } 34847 34848 if (cb != NULL) { 34849 ssl->toInfoOn = 1; 34850 } 34851 34852 ssl->protoMsgCb = cb; 34853 return SSL_SUCCESS; 34854 } 34855 #ifndef NO_WOLFSSL_STUB 25909 34856 int wolfSSL_CTX_set_msg_callback_arg(WOLFSSL_CTX *ctx, void* arg) 25910 34857 { … … 25913 34860 (void)arg; 25914 34861 return WOLFSSL_FAILURE; 25915 } 34862 } 34863 #endif 34864 25916 34865 int wolfSSL_set_msg_callback_arg(WOLFSSL *ssl, void* arg) 25917 34866 { 25918 WOLFSSL_STUB("SSL_set_msg_callback_arg"); 25919 (void)ssl; 25920 (void)arg; 34867 WOLFSSL_ENTER("wolfSSL_set_msg_callback_arg"); 34868 if (ssl == NULL) 34869 return WOLFSSL_FAILURE; 34870 34871 ssl->protoMsgCtx = arg; 34872 return WOLFSSL_SUCCESS; 34873 } 34874 34875 void *wolfSSL_OPENSSL_memdup(const void *data, size_t siz, const char* file, int line) 34876 { 34877 void *ret; 34878 (void)file; 34879 (void)line; 34880 34881 if (data == NULL || siz >= INT_MAX) 34882 return NULL; 34883 34884 ret = OPENSSL_malloc(siz); 34885 if (ret == NULL) { 34886 return NULL; 34887 } 34888 return XMEMCPY(ret, data, siz); 34889 } 34890 34891 int wolfSSL_CTX_set_alpn_protos(WOLFSSL_CTX *ctx, const unsigned char *p, 34892 unsigned int p_len) 34893 { 34894 WOLFSSL_ENTER("wolfSSL_CTX_set_alpn_protos"); 34895 if(ctx == NULL) 34896 return BAD_FUNC_ARG; 34897 if((void *)ctx->alpn_cli_protos != NULL) 34898 wolfSSL_OPENSSL_free((void *)ctx->alpn_cli_protos); 34899 ctx->alpn_cli_protos = 34900 (const unsigned char *)wolfSSL_OPENSSL_memdup(p, p_len, NULL, 0); 34901 if (ctx->alpn_cli_protos == NULL) { 34902 return SSL_FAILURE; 34903 } 34904 ctx->alpn_cli_protos_len = p_len; 34905 34906 return SSL_SUCCESS; 34907 } 34908 34909 #endif 34910 34911 #endif /* WOLFCRYPT_ONLY */ 34912 34913 #if defined(OPENSSL_EXTRA) 34914 int wolfSSL_X509_check_ca(WOLFSSL_X509 *x509) 34915 { 34916 WOLFSSL_ENTER("X509_check_ca"); 34917 34918 if (x509 == NULL) 34919 return WOLFSSL_FAILURE; 34920 if (x509->isCa) 34921 return 1; 34922 if (x509->extKeyUsageCrit) 34923 return 4; 34924 34925 return 0; 34926 } 34927 34928 34929 const char *wolfSSL_ASN1_tag2str(int tag) 34930 { 34931 static const char *const tag_label[31] = { 34932 "EOC", "BOOLEAN", "INTEGER", "BIT STRING", "OCTET STRING", "NULL", 34933 "OBJECT", "OBJECT DESCRIPTOR", "EXTERNAL", "REAL", "ENUMERATED", 34934 "<ASN1 11>", "UTF8STRING", "<ASN1 13>", "<ASN1 14>", "<ASN1 15>", 34935 "SEQUENCE", "SET", "NUMERICSTRING", "PRINTABLESTRING", "T61STRING", 34936 "VIDEOTEXTSTRING", "IA5STRING", "UTCTIME", "GENERALIZEDTIME", 34937 "GRAPHICSTRING", "VISIBLESTRING", "GENERALSTRING", "UNIVERSALSTRING", 34938 "<ASN1 29>", "BMPSTRING" 34939 }; 34940 34941 if ((tag == V_ASN1_NEG_INTEGER) || (tag == V_ASN1_NEG_ENUMERATED)) 34942 tag &= ~0x100; 34943 if (tag < 0 || tag > 30) 34944 return "(unknown)"; 34945 return tag_label[tag]; 34946 } 34947 34948 static int check_esc_char(char c, char *esc) 34949 { 34950 char *ptr = NULL; 34951 34952 ptr = esc; 34953 while(*ptr != 0){ 34954 if (c == *ptr) 34955 return 1; 34956 ptr++; 34957 } 34958 return 0; 34959 } 34960 34961 int wolfSSL_ASN1_STRING_print_ex(WOLFSSL_BIO *out, WOLFSSL_ASN1_STRING *str, 34962 unsigned long flags) 34963 { 34964 size_t str_len = 0, type_len = 0; 34965 unsigned char *typebuf = NULL; 34966 const char *hash="#"; 34967 34968 WOLFSSL_ENTER("wolfSSL_ASN1_STRING_PRINT_ex"); 34969 if (out == NULL || str == NULL) 34970 return WOLFSSL_FAILURE; 34971 34972 /* add ASN1 type tag */ 34973 if (flags & ASN1_STRFLGS_SHOW_TYPE){ 34974 const char *tag = wolfSSL_ASN1_tag2str(str->type); 34975 /* colon len + tag len + null*/ 34976 type_len = XSTRLEN(tag) + 2; 34977 typebuf = (unsigned char *)XMALLOC(type_len , NULL, DYNAMIC_TYPE_TMP_BUFFER); 34978 if (typebuf == NULL){ 34979 WOLFSSL_MSG("memory alloc failed."); 34980 return WOLFSSL_FAILURE; 34981 } 34982 XMEMSET(typebuf, 0, type_len); 34983 XSNPRINTF((char*)typebuf, (size_t)type_len , "%s:", tag); 34984 type_len--; 34985 } 34986 34987 /* dump hex */ 34988 if (flags & ASN1_STRFLGS_DUMP_ALL){ 34989 static const char hex_char[] = { '0', '1', '2', '3', '4', '5', '6', 34990 '7','8', '9', 'A', 'B', 'C', 'D', 34991 'E', 'F' }; 34992 char hex_tmp[4]; 34993 char *str_ptr, *str_end; 34994 34995 if (type_len > 0){ 34996 if (wolfSSL_BIO_write(out, typebuf, (int)type_len) != (int)type_len){ 34997 XFREE(typebuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); 34998 return WOLFSSL_FAILURE; 34999 } 35000 str_len += type_len; 35001 } 35002 if (wolfSSL_BIO_write(out, hash, 1) != 1){ 35003 goto err_exit; 35004 } 35005 str_len++; 35006 if (flags & ASN1_STRFLGS_DUMP_DER){ 35007 hex_tmp[0] = hex_char[str->type >> 4]; 35008 hex_tmp[1] = hex_char[str->type & 0xf]; 35009 hex_tmp[2] = hex_char[str->length >> 4]; 35010 hex_tmp[3] = hex_char[str->length & 0xf]; 35011 if (wolfSSL_BIO_write(out, hex_tmp, 4) != 4){ 35012 goto err_exit; 35013 } 35014 str_len += 4; 35015 XMEMSET(hex_tmp, 0, 4); 35016 } 35017 35018 str_ptr = str->data; 35019 str_end = str->data + str->length; 35020 while (str_ptr < str_end){ 35021 hex_tmp[0] = hex_char[*str_ptr >> 4]; 35022 hex_tmp[1] = hex_char[*str_ptr & 0xf]; 35023 if (wolfSSL_BIO_write(out, hex_tmp, 2) != 2){ 35024 goto err_exit; 35025 } 35026 str_ptr++; 35027 str_len += 2; 35028 } 35029 if (type_len > 0) 35030 XFREE(typebuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); 35031 35032 return (int)str_len; 35033 } 35034 35035 if (type_len > 0){ 35036 if (wolfSSL_BIO_write(out, typebuf, (int)type_len) != (int)type_len){ 35037 XFREE(typebuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); 35038 return WOLFSSL_FAILURE; 35039 } 35040 str_len += type_len; 35041 } 35042 35043 if (flags & ASN1_STRFLGS_ESC_2253){ 35044 char esc_ch[] = "+;<>\\"; 35045 char* esc_ptr = NULL; 35046 35047 esc_ptr = str->data; 35048 while (*esc_ptr != 0){ 35049 if (check_esc_char(*esc_ptr, esc_ch)){ 35050 if (wolfSSL_BIO_write(out,"\\", 1) != 1) 35051 goto err_exit; 35052 str_len++; 35053 } 35054 if (wolfSSL_BIO_write(out, esc_ptr, 1) != 1) 35055 goto err_exit; 35056 str_len++; 35057 esc_ptr++; 35058 } 35059 if (type_len > 0) 35060 XFREE(typebuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); 35061 return (int)str_len; 35062 } 35063 35064 if (wolfSSL_BIO_write(out, str->data, str->length) != str->length){ 35065 goto err_exit; 35066 } 35067 str_len += str->length; 35068 if (type_len > 0) 35069 XFREE(typebuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); 35070 35071 return (int)str_len; 35072 35073 err_exit: 35074 if (type_len > 0) 35075 XFREE(typebuf, NULL, DYNAMIC_TYPE_TMP_BUFFER); 25921 35076 return WOLFSSL_FAILURE; 25922 } 25923 #endif 25924 25925 25926 #endif /* WOLFCRYPT_ONLY */ 35077 } 35078 35079 #ifndef NO_ASN_TIME 35080 int wolfSSL_ASN1_TIME_get_length(WOLFSSL_ASN1_TIME *t) 35081 { 35082 WOLFSSL_ENTER("wolfSSL_ASN1_TIME_get_length"); 35083 if (t == NULL) 35084 return WOLFSSL_FAILURE; 35085 35086 return (int)t->data[1]; 35087 } 35088 35089 unsigned char* wolfSSL_ASN1_TIME_get_data(WOLFSSL_ASN1_TIME *t) 35090 { 35091 unsigned char *dptr = NULL; 35092 35093 WOLFSSL_ENTER("wolfSSL_ASN1_TIME_get_data"); 35094 if (t == NULL) 35095 return NULL; 35096 35097 dptr = t->data + 2; 35098 return dptr; 35099 } 35100 35101 WOLFSSL_ASN1_TIME *wolfSSL_ASN1_TIME_to_generalizedtime(WOLFSSL_ASN1_TIME *t, 35102 WOLFSSL_ASN1_TIME **out) 35103 { 35104 unsigned char time_type; 35105 WOLFSSL_ASN1_TIME *ret = NULL; 35106 unsigned char *data_ptr = NULL; 35107 35108 WOLFSSL_ENTER("wolfSSL_ASN1_TIME_to_generalizedtime"); 35109 if (t == NULL) 35110 return NULL; 35111 35112 time_type = t->data[0]; 35113 if (time_type != ASN_UTC_TIME && time_type != ASN_GENERALIZED_TIME){ 35114 WOLFSSL_MSG("Invalid ASN_TIME type."); 35115 return NULL; 35116 } 35117 if (out == NULL || *out == NULL){ 35118 ret = (WOLFSSL_ASN1_TIME*)XMALLOC(sizeof(WOLFSSL_ASN1_TIME), NULL, 35119 DYNAMIC_TYPE_TMP_BUFFER); 35120 if (ret == NULL){ 35121 WOLFSSL_MSG("memory alloc failed."); 35122 return NULL; 35123 } 35124 XMEMSET(ret, 0, sizeof(WOLFSSL_ASN1_TIME)); 35125 } else 35126 ret = *out; 35127 35128 if (time_type == ASN_GENERALIZED_TIME){ 35129 XMEMCPY(ret->data, t->data, ASN_GENERALIZED_TIME_SIZE); 35130 return ret; 35131 } else if (time_type == ASN_UTC_TIME){ 35132 ret->data[0] = ASN_GENERALIZED_TIME; 35133 ret->data[1] = ASN_GENERALIZED_TIME_SIZE; 35134 data_ptr = ret->data + 2; 35135 if (t->data[2] >= '5') 35136 XSNPRINTF((char*)data_ptr, ASN_UTC_TIME_SIZE + 2, "19%s", t->data + 2); 35137 else 35138 XSNPRINTF((char*)data_ptr, ASN_UTC_TIME_SIZE + 2, "20%s", t->data + 2); 35139 35140 return ret; 35141 } 35142 35143 WOLFSSL_MSG("Invalid ASN_TIME value"); 35144 return NULL; 35145 } 35146 #endif /* !NO_ASN_TIME */ 35147 35148 35149 #ifndef NO_ASN 35150 int wolfSSL_i2c_ASN1_INTEGER(WOLFSSL_ASN1_INTEGER *a, unsigned char **pp) 35151 { 35152 unsigned char *pptr = NULL; 35153 char pad = 0 ; 35154 unsigned char pad_val = 0; 35155 int ret_size = 0; 35156 unsigned char data1 = 0; 35157 unsigned char neg = 0; 35158 int i = 0; 35159 35160 WOLFSSL_ENTER("wolfSSL_i2c_ASN1_INTEGER"); 35161 if (a == NULL) 35162 return WOLFSSL_FAILURE; 35163 35164 ret_size = a->intData[1]; 35165 if (ret_size == 0) 35166 ret_size = 1; 35167 else{ 35168 ret_size = (int)a->intData[1]; 35169 neg = a->negative; 35170 data1 = a->intData[2]; 35171 if (ret_size == 1 && data1 == 0) 35172 neg = 0; 35173 /* 0x80 or greater positive number in first byte */ 35174 if (!neg && (data1 > 127)){ 35175 pad = 1; 35176 pad_val = 0; 35177 } else if (neg){ 35178 /* negative number */ 35179 if (data1 > 128){ 35180 pad = 1; 35181 pad_val = 0xff; 35182 } else if (data1 == 128){ 35183 for (i = 3; i < a->intData[1] + 2; i++){ 35184 if (a->intData[i]){ 35185 pad = 1; 35186 pad_val = 0xff; 35187 break; 35188 } 35189 } 35190 } 35191 } 35192 ret_size += (int)pad; 35193 } 35194 if (pp == NULL) 35195 return ret_size; 35196 35197 pptr = *pp; 35198 if (pad) 35199 *(pptr++) = pad_val; 35200 if (a->intData[1] == 0) 35201 *(pptr++) = 0; 35202 else if (!neg){ 35203 /* positive number */ 35204 for (i=0; i < a->intData[1]; i++){ 35205 *pptr = a->intData[i+2]; 35206 pptr++; 35207 } 35208 } else { 35209 /* negative number */ 35210 int str_len = 0; 35211 35212 /* 0 padding from end of buffer */ 35213 str_len = (int)a->intData[1]; 35214 pptr += a->intData[1] - 1; 35215 while (!a->intData[str_len + 2] && str_len > 1){ 35216 *(pptr--) = 0; 35217 str_len--; 35218 } 35219 /* 2's complement next octet */ 35220 *(pptr--) = ((a->intData[str_len + 1]) ^ 0xff) + 1; 35221 str_len--; 35222 /* Complement any octets left */ 35223 while (str_len > 0){ 35224 *(pptr--) = a->intData[str_len + 1] ^ 0xff; 35225 str_len--; 35226 } 35227 } 35228 *pp += ret_size; 35229 return ret_size; 35230 } 35231 #endif /* !NO_ASN */ 35232 35233 #ifndef NO_CERTS 35234 int wolfSSL_X509_CA_num(WOLFSSL_X509_STORE* store) 35235 { 35236 int i = 0; 35237 int cnt_ret = 0; 35238 Signer **table; 35239 35240 WOLFSSL_ENTER("wolfSSL_X509_CA_num"); 35241 if (store == NULL || store->cm == NULL){ 35242 WOLFSSL_MSG("invalid parameter"); 35243 return WOLFSSL_FAILURE; 35244 } 35245 35246 table = store->cm->caTable; 35247 if (table){ 35248 if (wc_LockMutex(&store->cm->caLock) == 0){ 35249 for (i = 0; i < CA_TABLE_SIZE; i++) { 35250 Signer* signer = table[i]; 35251 while (signer) { 35252 Signer* next = signer->next; 35253 cnt_ret++; 35254 signer = next; 35255 } 35256 } 35257 wc_UnLockMutex(&store->cm->caLock); 35258 } 35259 } 35260 35261 return cnt_ret; 35262 } 35263 #endif /* !NO_CERTS */ 35264 35265 long wolfSSL_X509_get_version(const WOLFSSL_X509 *x509) 35266 { 35267 int version = 0; 35268 35269 WOLFSSL_ENTER("wolfSSL_X509_get_version"); 35270 35271 if (x509 == NULL){ 35272 WOLFSSL_MSG("invalid parameter"); 35273 return 0L; 35274 } 35275 version = x509->version; 35276 if (version != 0) 35277 return (long)version - 1L; 35278 35279 return 0L; 35280 } 35281 35282 int wolfSSL_X509_get_signature_nid(const WOLFSSL_X509 *x) 35283 { 35284 if (x == NULL) 35285 return 0; 35286 35287 return oid2nid(x->sigOID, oidSigType); 35288 } 35289 #endif /* OPENSSL_EXTRA */ 35290 35291 #if defined(OPENSSL_ALL) 35292 int wolfSSL_EVP_PKEY_assign_RSA(EVP_PKEY* pkey, WOLFSSL_RSA* key) 35293 { 35294 if (pkey == NULL || key == NULL) 35295 return WOLFSSL_FAILURE; 35296 35297 pkey->type = EVP_PKEY_RSA; 35298 pkey->rsa = key; 35299 pkey->ownRsa = 1; 35300 35301 return WOLFSSL_SUCCESS; 35302 } 35303 35304 int wolfSSL_EVP_PKEY_assign_EC_KEY(EVP_PKEY* pkey, WOLFSSL_EC_KEY* key) 35305 { 35306 if (pkey == NULL || key == NULL) 35307 return WOLFSSL_FAILURE; 35308 35309 pkey->type = EVP_PKEY_EC; 35310 pkey->ecc = key; 35311 pkey->ownEcc = 1; 35312 35313 return WOLFSSL_SUCCESS; 35314 } 35315 #endif 35316 35317 #if defined(OPENSSL_ALL) && defined(HAVE_PKCS7) 35318 PKCS7* wolfSSL_PKCS7_new(void) 35319 { 35320 WOLFSSL_PKCS7* pkcs7; 35321 int ret = 0; 35322 35323 pkcs7 = (WOLFSSL_PKCS7*)XMALLOC(sizeof(*pkcs7), NULL, DYNAMIC_TYPE_PKCS7); 35324 if (pkcs7 != NULL) { 35325 XMEMSET(pkcs7, 0, sizeof(*pkcs7)); 35326 ret = wc_PKCS7_Init(&pkcs7->pkcs7, NULL, INVALID_DEVID); 35327 } 35328 35329 if (ret != 0 && pkcs7 != NULL) 35330 XFREE(pkcs7, NULL, DYNAMIC_TYPE_PKCS7); 35331 35332 return (PKCS7*)pkcs7; 35333 } 35334 35335 void wolfSSL_PKCS7_free(PKCS7* pkcs7) 35336 { 35337 WOLFSSL_PKCS7* p7 = (WOLFSSL_PKCS7*)pkcs7; 35338 35339 if (p7 != NULL) { 35340 if (p7->data != NULL) 35341 XFREE(p7->data, NULL, DYNAMIC_TYPE_PKCS7); 35342 wc_PKCS7_Free(&p7->pkcs7); 35343 XFREE(p7, NULL, DYNAMIC_TYPE_PKCS7); 35344 } 35345 } 35346 35347 PKCS7* wolfSSL_d2i_PKCS7(PKCS7** p7, const unsigned char** in, int len) 35348 { 35349 WOLFSSL_PKCS7* pkcs7 = NULL; 35350 word32 idx = 0; 35351 35352 if (in == NULL) 35353 return NULL; 35354 35355 if ((pkcs7 = (WOLFSSL_PKCS7*)wolfSSL_PKCS7_new()) == NULL) 35356 return NULL; 35357 35358 if (GetSequence(*in, &idx, &pkcs7->len, len) < 0) { 35359 wolfSSL_PKCS7_free((PKCS7*)pkcs7); 35360 return NULL; 35361 } 35362 pkcs7->len += idx; 35363 35364 pkcs7->data = (byte*)XMALLOC(pkcs7->len, NULL, DYNAMIC_TYPE_PKCS7); 35365 if (pkcs7->data == NULL) { 35366 wolfSSL_PKCS7_free((PKCS7*)pkcs7); 35367 return NULL; 35368 } 35369 XMEMCPY(pkcs7->data, *in, pkcs7->len); 35370 *in += pkcs7->len; 35371 35372 if (p7 != NULL) 35373 *p7 = (PKCS7*)pkcs7; 35374 return (PKCS7*)pkcs7; 35375 } 35376 35377 PKCS7* wolfSSL_d2i_PKCS7_bio(WOLFSSL_BIO* bio, PKCS7** p7) 35378 { 35379 WOLFSSL_PKCS7* pkcs7; 35380 35381 if (bio == NULL) 35382 return NULL; 35383 35384 if ((pkcs7 = (WOLFSSL_PKCS7*)wolfSSL_PKCS7_new()) == NULL) 35385 return NULL; 35386 35387 pkcs7->len = wolfSSL_BIO_pending(bio); 35388 pkcs7->data = (byte*)XMALLOC(pkcs7->len, NULL, DYNAMIC_TYPE_PKCS7); 35389 if (pkcs7->data == NULL) { 35390 wolfSSL_PKCS7_free((PKCS7*)pkcs7); 35391 return NULL; 35392 } 35393 35394 if (wolfSSL_BIO_read(bio, pkcs7->data, pkcs7->len) != pkcs7->len) { 35395 wolfSSL_PKCS7_free((PKCS7*)pkcs7); 35396 return NULL; 35397 } 35398 35399 if (p7 != NULL) 35400 *p7 = (PKCS7*)pkcs7; 35401 return (PKCS7*)pkcs7; 35402 } 35403 35404 int wolfSSL_PKCS7_verify(PKCS7* pkcs7, WOLFSSL_STACK* certs, 35405 WOLFSSL_X509_STORE* store, WOLFSSL_BIO* in, 35406 WOLFSSL_BIO* out, int flags) 35407 { 35408 int ret = 0; 35409 unsigned char* mem = NULL; 35410 int memSz = 0; 35411 WOLFSSL_PKCS7* p7 = (WOLFSSL_PKCS7*)pkcs7; 35412 35413 if (pkcs7 == NULL) 35414 return WOLFSSL_FAILURE; 35415 35416 if (in != NULL) { 35417 if ((memSz = wolfSSL_BIO_get_mem_data(in, &mem)) < 0) 35418 return WOLFSSL_FAILURE; 35419 35420 p7->pkcs7.content = mem; 35421 p7->pkcs7.contentSz = memSz; 35422 } 35423 if (ret != 0) 35424 return WOLFSSL_FAILURE; 35425 35426 /* certs is the list of certificates to find the cert with issuer/serial. */ 35427 (void)certs; 35428 /* store is the certificate store to use to verify signer certificate 35429 * associated with the signers. 35430 */ 35431 (void)store; 35432 35433 ret = wc_PKCS7_VerifySignedData_ex(&p7->pkcs7, NULL, 0, p7->data, p7->len, 35434 NULL, 0); 35435 if (ret != 0) 35436 return WOLFSSL_FAILURE; 35437 35438 if ((flags & PKCS7_NOVERIFY) != PKCS7_NOVERIFY) { 35439 /* All signer certificates are verified. */ 35440 return WOLFSSL_FAILURE; 35441 } 35442 35443 if (out != NULL) 35444 wolfSSL_BIO_write(out, p7->pkcs7.content, p7->pkcs7.contentSz); 35445 35446 return WOLFSSL_SUCCESS; 35447 } 35448 35449 WOLFSSL_STACK* wolfSSL_PKCS7_get0_signers(PKCS7* pkcs7, WOLFSSL_STACK* certs, 35450 int flags) 35451 { 35452 WOLFSSL_STACK* signers = NULL; 35453 WOLFSSL_PKCS7* p7 = (WOLFSSL_PKCS7*)pkcs7; 35454 35455 if (p7 == NULL) 35456 return NULL; 35457 /* Only PKCS#7 messages with a single cert that is the verifying certificate 35458 * is supported. 35459 */ 35460 if ((flags | PKCS7_NOINTERN) == PKCS7_NOINTERN) 35461 return NULL; 35462 35463 signers = (WOLFSSL_STACK*)XMALLOC(sizeof(WOLFSSL_STACK), NULL, 35464 DYNAMIC_TYPE_X509); 35465 if (signers == NULL) 35466 return NULL; 35467 35468 signers->num = 1; 35469 signers->data.x509 = (WOLFSSL_X509*)XMALLOC(sizeof(WOLFSSL_X509), NULL, 35470 DYNAMIC_TYPE_X509); 35471 if (signers->data.x509 == NULL) { 35472 XFREE(signers, NULL, DYNAMIC_TYPE_X509); 35473 return NULL; 35474 } 35475 35476 if (DecodeToX509(signers->data.x509, p7->pkcs7.singleCert, 35477 p7->pkcs7.singleCertSz) != 0) { 35478 XFREE(signers->data.x509, NULL, DYNAMIC_TYPE_X509); 35479 XFREE(signers, NULL, DYNAMIC_TYPE_X509); 35480 return NULL; 35481 } 35482 35483 (void)certs; 35484 35485 return signers; 35486 } 35487 #endif 35488 35489 #ifdef OPENSSL_ALL 35490 WOLFSSL_STACK* wolfSSL_sk_X509_new(void) 35491 { 35492 WOLFSSL_STACK* s = (WOLFSSL_STACK*)XMALLOC(sizeof(WOLFSSL_STACK), NULL, 35493 DYNAMIC_TYPE_X509); 35494 if (s != NULL) 35495 XMEMSET(s, 0, sizeof(*s)); 35496 35497 return s; 35498 } 35499 #endif 35500 35501 #ifdef OPENSSL_ALL 35502 int wolfSSL_PEM_write_bio_PKCS8PrivateKey(WOLFSSL_BIO* bio, 35503 WOLFSSL_EVP_PKEY* pkey, 35504 const WOLFSSL_EVP_CIPHER* enc, 35505 char* passwd, int passwdSz, 35506 pem_password_cb* cb, void* ctx) 35507 { 35508 int ret = 0; 35509 char password[NAME_SZ]; 35510 byte* key = NULL; 35511 word32 keySz; 35512 byte* pem = NULL; 35513 int pemSz; 35514 int type = PKCS8_PRIVATEKEY_TYPE; 35515 int algId; 35516 const byte* curveOid; 35517 word32 oidSz; 35518 int encAlgId; 35519 35520 if (bio == NULL || pkey == NULL) 35521 return -1; 35522 35523 keySz = pkey->pkey_sz + 128; 35524 key = (byte*)XMALLOC(keySz, NULL, DYNAMIC_TYPE_TMP_BUFFER); 35525 if (key == NULL) 35526 ret = MEMORY_E; 35527 35528 if (ret == 0 && enc != NULL && passwd == NULL) { 35529 passwdSz = cb(password, sizeof(password), 1, ctx); 35530 if (passwdSz < 0) 35531 ret = WOLFSSL_FAILURE; 35532 passwd = password; 35533 } 35534 35535 if (ret == 0 && enc != NULL) { 35536 WC_RNG rng; 35537 ret = wc_InitRng(&rng); 35538 if (ret == 0) { 35539 #ifndef NO_DES3 35540 if (enc == EVP_DES_CBC) 35541 encAlgId = DESb; 35542 else if (enc == EVP_DES_EDE3_CBC) 35543 encAlgId = DES3b; 35544 else 35545 #endif 35546 #if !defined(NO_AES) && defined(HAVE_AES_CBC) 35547 #ifdef WOLFSSL_AES_256 35548 if (enc == EVP_AES_256_CBC) 35549 encAlgId = AES256CBCb; 35550 else 35551 #endif 35552 #endif 35553 ret = -1; 35554 if (ret == 0) { 35555 ret = TraditionalEnc((byte*)pkey->pkey.ptr, pkey->pkey_sz, key, 35556 &keySz, passwd, passwdSz, PKCS5, PBES2, 35557 encAlgId, NULL, 0, WC_PKCS12_ITT_DEFAULT, 35558 &rng, NULL); 35559 if (ret > 0) { 35560 keySz = ret; 35561 ret = 0; 35562 } 35563 } 35564 wc_FreeRng(&rng); 35565 } 35566 type = PKCS8_ENC_PRIVATEKEY_TYPE; 35567 } 35568 if (ret == 0 && enc == NULL) { 35569 type = PKCS8_PRIVATEKEY_TYPE; 35570 if (pkey->type == EVP_PKEY_EC) { 35571 algId = ECDSAk; 35572 ret = wc_ecc_get_oid(pkey->ecc->group->curve_oid, &curveOid, 35573 &oidSz); 35574 } 35575 else { 35576 algId = RSAk; 35577 curveOid = NULL; 35578 oidSz = 0; 35579 } 35580 35581 if (ret >= 0) { 35582 ret = wc_CreatePKCS8Key(key, &keySz, (byte*)pkey->pkey.ptr, 35583 pkey->pkey_sz, algId, curveOid, oidSz); 35584 keySz = ret; 35585 } 35586 } 35587 35588 if (password == passwd) 35589 XMEMSET(password, 0, passwdSz); 35590 35591 if (ret >= 0) { 35592 pemSz = 2 * keySz + 2 * 64; 35593 pem = (byte*)XMALLOC(pemSz, NULL, DYNAMIC_TYPE_TMP_BUFFER); 35594 if (pem == NULL) 35595 ret = MEMORY_E; 35596 } 35597 35598 if (ret >= 0) 35599 ret = wc_DerToPemEx(key, keySz, pem, pemSz, NULL, type); 35600 35601 if (key != NULL) 35602 XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); 35603 35604 if (ret >= 0) { 35605 if (wolfSSL_BIO_write(bio, pem, ret) != ret) 35606 ret = -1; 35607 } 35608 35609 if (pem != NULL) 35610 XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); 35611 35612 return ret < 0 ? 0 : ret; 35613 35614 } 35615 35616 static int bio_get_data(WOLFSSL_BIO* bio, byte** data) 35617 { 35618 int ret = 0; 35619 byte* mem = NULL; 35620 #ifndef NO_FILESYSTEM 35621 long memSz; 35622 XFILE file; 35623 long curr; 35624 #endif 35625 35626 if ((ret = wolfSSL_BIO_pending(bio)) > 0) { 35627 } 35628 #ifndef NO_FILESYSTEM 35629 else if (bio->type == WOLFSSL_BIO_FILE) { 35630 if (wolfSSL_BIO_get_fp(bio, &file) != WOLFSSL_SUCCESS) 35631 ret = BAD_FUNC_ARG; 35632 if (ret == 0) { 35633 curr = XFTELL(file); 35634 if (XFSEEK(file, 0, XSEEK_END) != 0) 35635 ret = WOLFSSL_BAD_FILE; 35636 } 35637 if (ret == 0) { 35638 memSz = XFTELL(file) - curr; 35639 ret = (int)memSz; 35640 if (XFSEEK(file, curr, SEEK_SET) != 0) 35641 ret = WOLFSSL_BAD_FILE; 35642 } 35643 } 35644 #endif 35645 35646 if (ret > 0) { 35647 mem = (byte*)XMALLOC(ret, bio->heap, DYNAMIC_TYPE_OPENSSL); 35648 if (mem == NULL) { 35649 WOLFSSL_MSG("Memory error"); 35650 ret = MEMORY_E; 35651 } 35652 if (ret >= 0) { 35653 if ((ret = wolfSSL_BIO_read(bio, mem, ret)) <= 0) { 35654 XFREE(mem, bio->heap, DYNAMIC_TYPE_OPENSSL); 35655 ret = MEMORY_E; 35656 } 35657 } 35658 } 35659 35660 *data = mem; 35661 return ret; 35662 } 35663 35664 /* DER data is PKCS#8 encrypted. */ 35665 WOLFSSL_EVP_PKEY* wolfSSL_d2i_PKCS8PrivateKey_bio(WOLFSSL_BIO* bio, 35666 WOLFSSL_EVP_PKEY** pkey, 35667 pem_password_cb* cb, 35668 void* ctx) 35669 { 35670 int ret; 35671 byte* der; 35672 int len; 35673 byte* p; 35674 char password[NAME_SZ]; 35675 int passwordSz; 35676 word32 algId; 35677 WOLFSSL_EVP_PKEY* key; 35678 35679 if ((len = bio_get_data(bio, &der)) < 0) 35680 return NULL; 35681 35682 if (cb != NULL) { 35683 passwordSz = cb(password, sizeof(password), PEM_PASS_READ, ctx); 35684 if (passwordSz < 0) 35685 return NULL; 35686 35687 ret = ToTraditionalEnc(der, len, password, passwordSz, &algId); 35688 if (ret < 0) 35689 return NULL; 35690 XMEMSET(password, 0, passwordSz); 35691 } 35692 35693 p = der; 35694 key = wolfSSL_d2i_PrivateKey_EVP(pkey, &p, len); 35695 XFREE(der, bio->heap, DYNAMIC_TYPE_OPENSSL); 35696 return key; 35697 } 35698 35699 /* Detect which type of key it is before decoding. */ 35700 WOLFSSL_EVP_PKEY* wolfSSL_d2i_AutoPrivateKey(WOLFSSL_EVP_PKEY** pkey, 35701 const unsigned char** pp, 35702 long length) 35703 { 35704 int ret; 35705 WOLFSSL_EVP_PKEY* key = NULL; 35706 const byte* der = *pp; 35707 word32 idx = 0; 35708 int len = 0; 35709 word32 end = 0; 35710 int cnt = 0; 35711 int type; 35712 word32 algId; 35713 word32 keyLen = (word32)length; 35714 35715 /* Take off PKCS#8 wrapper if found. */ 35716 if ((len = ToTraditionalInline_ex(der, &idx, keyLen, &algId)) >= 0) { 35717 der += idx; 35718 keyLen = len; 35719 } 35720 idx = 0; 35721 len = 0; 35722 35723 /* Use the number of elements in the outer sequence to determine key type. 35724 */ 35725 ret = GetSequence(der, &idx, &len, keyLen); 35726 if (ret >= 0) { 35727 end = idx + len; 35728 while (ret >= 0 && idx < end) { 35729 /* Skip type */ 35730 idx++; 35731 /* Get length and skip over - keeping count */ 35732 len = 0; 35733 ret = GetLength(der, &idx, &len, keyLen); 35734 if (ret >= 0) { 35735 if (idx + len > end) 35736 ret = ASN_PARSE_E; 35737 else { 35738 idx += len; 35739 cnt++; 35740 } 35741 } 35742 } 35743 } 35744 35745 if (ret >= 0) { 35746 /* ECC includes version, private[, curve][, public key] */ 35747 if (cnt >= 2 && cnt <= 4) 35748 type = EVP_PKEY_EC; 35749 else 35750 type = EVP_PKEY_RSA; 35751 35752 key = wolfSSL_d2i_PrivateKey(type, pkey, &der, keyLen); 35753 *pp = der; 35754 } 35755 35756 return key; 35757 } 35758 #endif 35759 35760 #if defined(OPENSSL_ALL) && !defined(NO_CERT) && defined(WOLFSSL_CERT_GEN) && \ 35761 defined(WOLFSSL_CERT_REQ) 35762 int wolfSSL_i2d_X509_REQ(WOLFSSL_X509* req, unsigned char** out) 35763 { 35764 const unsigned char* der; 35765 int derSz = 0; 35766 35767 if (req == NULL || out == NULL) { 35768 return BAD_FUNC_ARG; 35769 } 35770 35771 der = wolfSSL_X509_get_der(req, &derSz); 35772 if (der == NULL) { 35773 return MEMORY_E; 35774 } 35775 35776 if (*out == NULL) { 35777 *out = (unsigned char*)XMALLOC(derSz, NULL, DYNAMIC_TYPE_OPENSSL); 35778 if (*out == NULL) { 35779 return MEMORY_E; 35780 } 35781 } 35782 35783 XMEMCPY(*out, der, derSz); 35784 35785 return derSz; 35786 } 35787 35788 int wolfSSL_X509_set_subject_name(WOLFSSL_X509 *cert, WOLFSSL_X509_NAME *name) 35789 { 35790 int i; 35791 WOLFSSL_X509_NAME_ENTRY* ne; 35792 35793 if (cert == NULL || name == NULL) 35794 return WOLFSSL_FAILURE; 35795 35796 FreeX509Name(&cert->subject, cert->heap); 35797 InitX509Name(&cert->subject, 0); 35798 if (name->dynamicName) { 35799 cert->subject.name = (char*)XMALLOC(name->sz, cert->heap, 35800 DYNAMIC_TYPE_SUBJECT_CN); 35801 if (cert->subject.name == NULL) 35802 return WOLFSSL_FAILURE; 35803 } 35804 XMEMCPY(cert->subject.name, name->name, name->sz); 35805 cert->subject.sz = name->sz; 35806 35807 for (i = 0; i < 10; i++) { 35808 ne = wolfSSL_X509_NAME_get_entry(name, i); 35809 if (ne != NULL) 35810 wolfSSL_X509_NAME_add_entry(&cert->subject, ne, i, 1); 35811 } 35812 cert->subject.x509 = cert; 35813 35814 return WOLFSSL_SUCCESS; 35815 } 35816 35817 int wolfSSL_X509_set_pubkey(WOLFSSL_X509 *cert, WOLFSSL_EVP_PKEY *pkey) 35818 { 35819 byte* p; 35820 35821 if (cert == NULL || pkey == NULL) 35822 return WOLFSSL_FAILURE; 35823 35824 if (pkey->type == EVP_PKEY_RSA) 35825 cert->pubKeyOID = RSAk; 35826 else if (pkey->type == EVP_PKEY_EC) 35827 cert->pubKeyOID = ECDSAk; 35828 else 35829 return WOLFSSL_FAILURE; 35830 35831 p = (byte*)XMALLOC(pkey->pkey_sz, cert->heap, DYNAMIC_TYPE_PUBLIC_KEY); 35832 if (p == NULL) 35833 return WOLFSSL_FAILURE; 35834 35835 if (cert->pubKey.buffer != NULL) 35836 XFREE(cert->pubKey.buffer, cert->heap, DYNAMIC_TYPE_PUBLIC_KEY); 35837 cert->pubKey.buffer = p; 35838 XMEMCPY(cert->pubKey.buffer, pkey->pkey.ptr, pkey->pkey_sz); 35839 cert->pubKey.length = pkey->pkey_sz; 35840 35841 return WOLFSSL_SUCCESS; 35842 } 35843 35844 35845 WOLFSSL_X509* wolfSSL_X509_REQ_new(void) 35846 { 35847 return wolfSSL_X509_new(); 35848 } 35849 35850 void wolfSSL_X509_REQ_free(WOLFSSL_X509* req) 35851 { 35852 wolfSSL_X509_free(req); 35853 } 35854 35855 35856 static int ReqCertFromX509(Cert* cert, WOLFSSL_X509* req) 35857 { 35858 int ret; 35859 35860 ret = CopyX509NameToCertName(&req->subject, &cert->subject); 35861 if (ret == WOLFSSL_SUCCESS) { 35862 cert->version = req->version; 35863 cert->isCA = req->isCa; 35864 if (req->subjKeyIdSz != 0) { 35865 XMEMCPY(cert->skid, req->subjKeyId, req->subjKeyIdSz); 35866 cert->skidSz = req->subjKeyIdSz; 35867 } 35868 if (req->keyUsageSet) 35869 cert->keyUsage = req->keyUsage; 35870 /* Extended Key Usage not supported. */ 35871 } 35872 35873 return ret; 35874 } 35875 35876 int wolfSSL_X509_REQ_sign(WOLFSSL_X509 *req, WOLFSSL_EVP_PKEY *pkey, 35877 const WOLFSSL_EVP_MD *md) 35878 { 35879 int ret; 35880 Cert cert; 35881 byte der[2048]; 35882 int derSz = sizeof(der); 35883 void* key; 35884 int type; 35885 int sigType; 35886 int hashType; 35887 RsaKey rsa; 35888 ecc_key ecc; 35889 WC_RNG rng; 35890 word32 idx = 0; 35891 35892 if (req == NULL || pkey == NULL || md == NULL) 35893 return WOLFSSL_FAILURE; 35894 35895 /* Create a Cert that has the certificate request fields. */ 35896 if (wc_InitCert(&cert) != 0) 35897 return WOLFSSL_FAILURE; 35898 if (ReqCertFromX509(&cert, req) != WOLFSSL_SUCCESS) 35899 return WOLFSSL_FAILURE; 35900 35901 /* Convert key type and hash algorithm to a signature algorithm */ 35902 if (wolfSSL_EVP_get_hashinfo(md, &hashType, NULL) == WOLFSSL_FAILURE) 35903 return WOLFSSL_FAILURE; 35904 35905 if (pkey->type == EVP_PKEY_RSA) { 35906 switch (hashType) { 35907 case WC_HASH_TYPE_SHA: 35908 sigType = CTC_SHAwRSA; 35909 break; 35910 case WC_HASH_TYPE_SHA224: 35911 sigType = CTC_SHA224wRSA; 35912 break; 35913 case WC_HASH_TYPE_SHA256: 35914 sigType = CTC_SHA256wRSA; 35915 break; 35916 case WC_HASH_TYPE_SHA384: 35917 sigType = CTC_SHA384wRSA; 35918 break; 35919 case WC_HASH_TYPE_SHA512: 35920 sigType = CTC_SHA512wRSA; 35921 break; 35922 default: 35923 return WOLFSSL_FAILURE; 35924 } 35925 } 35926 else if (pkey->type == EVP_PKEY_EC) { 35927 switch (hashType) { 35928 case WC_HASH_TYPE_SHA: 35929 sigType = CTC_SHAwECDSA; 35930 break; 35931 case WC_HASH_TYPE_SHA224: 35932 sigType = CTC_SHA224wECDSA; 35933 break; 35934 case WC_HASH_TYPE_SHA256: 35935 sigType = CTC_SHA256wECDSA; 35936 break; 35937 case WC_HASH_TYPE_SHA384: 35938 sigType = CTC_SHA384wECDSA; 35939 break; 35940 case WC_HASH_TYPE_SHA512: 35941 sigType = CTC_SHA512wECDSA; 35942 break; 35943 default: 35944 return WOLFSSL_FAILURE; 35945 } 35946 } 35947 else 35948 return WOLFSSL_FAILURE; 35949 35950 /* Create a public key object from requests public key. */ 35951 if (req->pubKeyOID == RSAk) { 35952 type = RSA_TYPE; 35953 ret = wc_InitRsaKey(&rsa, req->heap); 35954 if (ret != 0) 35955 return WOLFSSL_FAILURE; 35956 ret = wc_RsaPublicKeyDecode(req->pubKey.buffer, &idx, &rsa, 35957 req->pubKey.length); 35958 if (ret != 0) { 35959 wc_FreeRsaKey(&rsa); 35960 return WOLFSSL_FAILURE; 35961 } 35962 key = (void*)&rsa; 35963 } 35964 else { 35965 type = ECC_TYPE; 35966 ret = wc_ecc_init(&ecc); 35967 if (ret != 0) 35968 return WOLFSSL_FAILURE; 35969 ret = wc_EccPublicKeyDecode(req->pubKey.buffer, &idx, &ecc, 35970 req->pubKey.length); 35971 if (ret != 0) { 35972 wc_ecc_free(&ecc); 35973 return WOLFSSL_FAILURE; 35974 } 35975 key = (void*)&ecc; 35976 } 35977 35978 /* Make the body of the certificate request. */ 35979 ret = wc_MakeCertReq_ex(&cert, der, derSz, type, key); 35980 if (ret < 0) 35981 return WOLFSSL_FAILURE; 35982 35983 /* Dispose of the public key object. */ 35984 if (req->pubKeyOID == RSAk) 35985 wc_FreeRsaKey(&rsa); 35986 else 35987 wc_ecc_free(&ecc); 35988 35989 idx = 0; 35990 /* Get the private key object and type from pkey. */ 35991 if (pkey->type == EVP_PKEY_RSA) { 35992 type = RSA_TYPE; 35993 key = pkey->rsa->internal; 35994 } 35995 else { 35996 type = ECC_TYPE; 35997 key = pkey->ecc->internal; 35998 } 35999 36000 /* Sign the certificate request body. */ 36001 ret = wc_InitRng(&rng); 36002 if (ret != 0) 36003 return WOLFSSL_FAILURE; 36004 ret = wc_SignCert_ex(cert.bodySz, sigType, der, sizeof(der), type, key, 36005 &rng); 36006 wc_FreeRng(&rng); 36007 if (ret < 0) 36008 return WOLFSSL_FAILURE; 36009 36010 /* Put in the new certificate request encoding into the request object. */ 36011 FreeDer(&req->derCert); 36012 if (AllocDer(&req->derCert, ret, CERTREQ_TYPE, NULL) != 0) 36013 return WOLFSSL_FAILURE; 36014 XMEMCPY(req->derCert->buffer, der, ret); 36015 req->derCert->length = ret; 36016 36017 return WOLFSSL_SUCCESS; 36018 } 36019 36020 int wolfSSL_X509_REQ_set_subject_name(WOLFSSL_X509 *req, 36021 WOLFSSL_X509_NAME *name) 36022 { 36023 return wolfSSL_X509_set_subject_name(req, name); 36024 } 36025 36026 int wolfSSL_X509_REQ_set_pubkey(WOLFSSL_X509 *req, WOLFSSL_EVP_PKEY *pkey) 36027 { 36028 return wolfSSL_X509_set_pubkey(req, pkey); 36029 } 36030 #endif 36031
Note:
See TracChangeset
for help on using the changeset viewer.