CyaSSL - A library for setting up Secure Socket Layer (SSL…

MultiTech » Code » CyaSSL

A library for setting up Secure Socket Layer (SSL) connections and verifying remote hosts using certificates. Contains only the source files for mbed platform implementation of the library.

Dependents: HTTPClient-SSL HTTPClient-SSL HTTPClient-SSL HTTPClient-SSL

src/ssl.c@6:cf58d49e1a86, 2015-03-23 (annotated)

Committer:: Mike Fiore
Date:: Mon Mar 23 16:51:07 2015 -0500
Revision:: 6:cf58d49e1a86
Parent:: 0:b86d15c6ba29

fix whitespace in sha512.c

Who changed what in which revision?

User	Revision	Line number	New contents of line
Vanger	0:b86d15c6ba29	1	/* ssl.c
Vanger	0:b86d15c6ba29	2	*
Vanger	0:b86d15c6ba29	3	* Copyright (C) 2006-2014 wolfSSL Inc.
Vanger	0:b86d15c6ba29	4	*
Vanger	0:b86d15c6ba29	5	* This file is part of CyaSSL.
Vanger	0:b86d15c6ba29	6	*
Vanger	0:b86d15c6ba29	7	* CyaSSL is free software; you can redistribute it and/or modify
Vanger	0:b86d15c6ba29	8	* it under the terms of the GNU General Public License as published by
Vanger	0:b86d15c6ba29	9	* the Free Software Foundation; either version 2 of the License, or
Vanger	0:b86d15c6ba29	10	* (at your option) any later version.
Vanger	0:b86d15c6ba29	11	*
Vanger	0:b86d15c6ba29	12	* CyaSSL is distributed in the hope that it will be useful,
Vanger	0:b86d15c6ba29	13	* but WITHOUT ANY WARRANTY; without even the implied warranty of
Vanger	0:b86d15c6ba29	14	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
Vanger	0:b86d15c6ba29	15	* GNU General Public License for more details.
Vanger	0:b86d15c6ba29	16	*
Vanger	0:b86d15c6ba29	17	* You should have received a copy of the GNU General Public License
Vanger	0:b86d15c6ba29	18	* along with this program; if not, write to the Free Software
Vanger	0:b86d15c6ba29	19	* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
Vanger	0:b86d15c6ba29	20	*/
Vanger	0:b86d15c6ba29	21
Vanger	0:b86d15c6ba29	22	#ifdef HAVE_CONFIG_H
Vanger	0:b86d15c6ba29	23	#include <config.h>
Vanger	0:b86d15c6ba29	24	#endif
Vanger	0:b86d15c6ba29	25
Vanger	0:b86d15c6ba29	26	#include <cyassl/ctaocrypt/settings.h>
Vanger	0:b86d15c6ba29	27
Vanger	0:b86d15c6ba29	28	#ifdef HAVE_ERRNO_H
Vanger	0:b86d15c6ba29	29	#include <errno.h>
Vanger	0:b86d15c6ba29	30	#endif
Vanger	0:b86d15c6ba29	31
Vanger	0:b86d15c6ba29	32	#include <cyassl/ssl.h>
Vanger	0:b86d15c6ba29	33	#include <cyassl/internal.h>
Vanger	0:b86d15c6ba29	34	#include <cyassl/error-ssl.h>
Vanger	0:b86d15c6ba29	35	#include <cyassl/ctaocrypt/coding.h>
Vanger	0:b86d15c6ba29	36
Vanger	0:b86d15c6ba29	37	#if defined(OPENSSL_EXTRA) \|\| defined(HAVE_WEBSERVER)
Vanger	0:b86d15c6ba29	38	#include <cyassl/openssl/evp.h>
Vanger	0:b86d15c6ba29	39	#endif
Vanger	0:b86d15c6ba29	40
Vanger	0:b86d15c6ba29	41	#ifdef OPENSSL_EXTRA
Vanger	0:b86d15c6ba29	42	/* openssl headers begin */
Vanger	0:b86d15c6ba29	43	#include <cyassl/openssl/hmac.h>
Vanger	0:b86d15c6ba29	44	#include <cyassl/openssl/crypto.h>
Vanger	0:b86d15c6ba29	45	#include <cyassl/openssl/des.h>
Vanger	0:b86d15c6ba29	46	#include <cyassl/openssl/bn.h>
Vanger	0:b86d15c6ba29	47	#include <cyassl/openssl/dh.h>
Vanger	0:b86d15c6ba29	48	#include <cyassl/openssl/rsa.h>
Vanger	0:b86d15c6ba29	49	#include <cyassl/openssl/pem.h>
Vanger	0:b86d15c6ba29	50	/* openssl headers end, cyassl internal headers next */
Vanger	0:b86d15c6ba29	51	#include <cyassl/ctaocrypt/hmac.h>
Vanger	0:b86d15c6ba29	52	#include <cyassl/ctaocrypt/random.h>
Vanger	0:b86d15c6ba29	53	#include <cyassl/ctaocrypt/des3.h>
Vanger	0:b86d15c6ba29	54	#include <cyassl/ctaocrypt/md4.h>
Vanger	0:b86d15c6ba29	55	#include <cyassl/ctaocrypt/md5.h>
Vanger	0:b86d15c6ba29	56	#include <cyassl/ctaocrypt/arc4.h>
Vanger	0:b86d15c6ba29	57	#ifdef CYASSL_SHA512
Vanger	0:b86d15c6ba29	58	#include <cyassl/ctaocrypt/sha512.h>
Vanger	0:b86d15c6ba29	59	#endif
Vanger	0:b86d15c6ba29	60	#endif
Vanger	0:b86d15c6ba29	61
Vanger	0:b86d15c6ba29	62	#ifndef NO_FILESYSTEM
Vanger	0:b86d15c6ba29	63	#if !defined(USE_WINDOWS_API) && !defined(NO_CYASSL_DIR) \
Vanger	0:b86d15c6ba29	64	&& !defined(EBSNET)
Vanger	0:b86d15c6ba29	65	#include <dirent.h>
Vanger	0:b86d15c6ba29	66	#include <sys/stat.h>
Vanger	0:b86d15c6ba29	67	#endif
Vanger	0:b86d15c6ba29	68	#ifdef EBSNET
Vanger	0:b86d15c6ba29	69	#include "vfapi.h"
Vanger	0:b86d15c6ba29	70	#include "vfile.h"
Vanger	0:b86d15c6ba29	71	#endif
Vanger	0:b86d15c6ba29	72	#endif /* NO_FILESYSTEM */
Vanger	0:b86d15c6ba29	73
Vanger	0:b86d15c6ba29	74	#ifndef TRUE
Vanger	0:b86d15c6ba29	75	#define TRUE 1
Vanger	0:b86d15c6ba29	76	#endif
Vanger	0:b86d15c6ba29	77	#ifndef FALSE
Vanger	0:b86d15c6ba29	78	#define FALSE 0
Vanger	0:b86d15c6ba29	79	#endif
Vanger	0:b86d15c6ba29	80
Vanger	0:b86d15c6ba29	81	#ifndef min
Vanger	0:b86d15c6ba29	82
Vanger	0:b86d15c6ba29	83	static INLINE word32 min(word32 a, word32 b)
Vanger	0:b86d15c6ba29	84	{
Vanger	0:b86d15c6ba29	85	return a > b ? b : a;
Vanger	0:b86d15c6ba29	86	}
Vanger	0:b86d15c6ba29	87
Vanger	0:b86d15c6ba29	88	#endif /* min */
Vanger	0:b86d15c6ba29	89
Vanger	0:b86d15c6ba29	90	#ifndef max
Vanger	0:b86d15c6ba29	91	#ifdef CYASSL_DTLS
Vanger	0:b86d15c6ba29	92	static INLINE word32 max(word32 a, word32 b)
Vanger	0:b86d15c6ba29	93	{
Vanger	0:b86d15c6ba29	94	return a > b ? a : b;
Vanger	0:b86d15c6ba29	95	}
Vanger	0:b86d15c6ba29	96	#endif
Vanger	0:b86d15c6ba29	97	#endif /* min */
Vanger	0:b86d15c6ba29	98
Vanger	0:b86d15c6ba29	99
Vanger	0:b86d15c6ba29	100	#ifndef CYASSL_LEANPSK
Vanger	0:b86d15c6ba29	101	char* mystrnstr(const char* s1, const char* s2, unsigned int n)
Vanger	0:b86d15c6ba29	102	{
Vanger	0:b86d15c6ba29	103	unsigned int s2_len = (unsigned int)XSTRLEN(s2);
Vanger	0:b86d15c6ba29	104
Vanger	0:b86d15c6ba29	105	if (s2_len == 0)
Vanger	0:b86d15c6ba29	106	return (char*)s1;
Vanger	0:b86d15c6ba29	107
Vanger	0:b86d15c6ba29	108	while (n >= s2_len && s1[0]) {
Vanger	0:b86d15c6ba29	109	if (s1[0] == s2[0])
Vanger	0:b86d15c6ba29	110	if (XMEMCMP(s1, s2, s2_len) == 0)
Vanger	0:b86d15c6ba29	111	return (char*)s1;
Vanger	0:b86d15c6ba29	112	s1++;
Vanger	0:b86d15c6ba29	113	n--;
Vanger	0:b86d15c6ba29	114	}
Vanger	0:b86d15c6ba29	115
Vanger	0:b86d15c6ba29	116	return NULL;
Vanger	0:b86d15c6ba29	117	}
Vanger	0:b86d15c6ba29	118	#endif
Vanger	0:b86d15c6ba29	119
Vanger	0:b86d15c6ba29	120
Vanger	0:b86d15c6ba29	121	/* prevent multiple mutex initializations */
Vanger	0:b86d15c6ba29	122	static volatile int initRefCount = 0;
Vanger	0:b86d15c6ba29	123	static CyaSSL_Mutex count_mutex; /* init ref count mutex */
Vanger	0:b86d15c6ba29	124
Vanger	0:b86d15c6ba29	125
Vanger	0:b86d15c6ba29	126	CYASSL_CTX* CyaSSL_CTX_new(CYASSL_METHOD* method)
Vanger	0:b86d15c6ba29	127	{
Vanger	0:b86d15c6ba29	128	CYASSL_CTX* ctx = NULL;
Vanger	0:b86d15c6ba29	129
Vanger	0:b86d15c6ba29	130	CYASSL_ENTER("CYASSL_CTX_new");
Vanger	0:b86d15c6ba29	131
Vanger	0:b86d15c6ba29	132	if (initRefCount == 0)
Vanger	0:b86d15c6ba29	133	CyaSSL_Init(); /* user no longer forced to call Init themselves */
Vanger	0:b86d15c6ba29	134
Vanger	0:b86d15c6ba29	135	if (method == NULL)
Vanger	0:b86d15c6ba29	136	return ctx;
Vanger	0:b86d15c6ba29	137
Vanger	0:b86d15c6ba29	138	ctx = (CYASSL_CTX*) XMALLOC(sizeof(CYASSL_CTX), 0, DYNAMIC_TYPE_CTX);
Vanger	0:b86d15c6ba29	139	if (ctx) {
Vanger	0:b86d15c6ba29	140	if (InitSSL_Ctx(ctx, method) < 0) {
Vanger	0:b86d15c6ba29	141	CYASSL_MSG("Init CTX failed");
Vanger	0:b86d15c6ba29	142	CyaSSL_CTX_free(ctx);
Vanger	0:b86d15c6ba29	143	ctx = NULL;
Vanger	0:b86d15c6ba29	144	}
Vanger	0:b86d15c6ba29	145	}
Vanger	0:b86d15c6ba29	146	else {
Vanger	0:b86d15c6ba29	147	CYASSL_MSG("Alloc CTX failed, method freed");
Vanger	0:b86d15c6ba29	148	XFREE(method, NULL, DYNAMIC_TYPE_METHOD);
Vanger	0:b86d15c6ba29	149	}
Vanger	0:b86d15c6ba29	150
Vanger	0:b86d15c6ba29	151	CYASSL_LEAVE("CYASSL_CTX_new", 0);
Vanger	0:b86d15c6ba29	152	return ctx;
Vanger	0:b86d15c6ba29	153	}
Vanger	0:b86d15c6ba29	154
Vanger	0:b86d15c6ba29	155
Vanger	0:b86d15c6ba29	156	void CyaSSL_CTX_free(CYASSL_CTX* ctx)
Vanger	0:b86d15c6ba29	157	{
Vanger	0:b86d15c6ba29	158	CYASSL_ENTER("SSL_CTX_free");
Vanger	0:b86d15c6ba29	159	if (ctx)
Vanger	0:b86d15c6ba29	160	FreeSSL_Ctx(ctx);
Vanger	0:b86d15c6ba29	161	CYASSL_LEAVE("SSL_CTX_free", 0);
Vanger	0:b86d15c6ba29	162	}
Vanger	0:b86d15c6ba29	163
Vanger	0:b86d15c6ba29	164
Vanger	0:b86d15c6ba29	165	CYASSL* CyaSSL_new(CYASSL_CTX* ctx)
Vanger	0:b86d15c6ba29	166	{
Vanger	0:b86d15c6ba29	167	CYASSL* ssl = NULL;
Vanger	0:b86d15c6ba29	168	int ret = 0;
Vanger	0:b86d15c6ba29	169
Vanger	0:b86d15c6ba29	170	(void)ret;
Vanger	0:b86d15c6ba29	171	CYASSL_ENTER("SSL_new");
Vanger	0:b86d15c6ba29	172
Vanger	0:b86d15c6ba29	173	if (ctx == NULL)
Vanger	0:b86d15c6ba29	174	return ssl;
Vanger	0:b86d15c6ba29	175
Vanger	0:b86d15c6ba29	176	ssl = (CYASSL*) XMALLOC(sizeof(CYASSL), ctx->heap,DYNAMIC_TYPE_SSL);
Vanger	0:b86d15c6ba29	177	if (ssl)
Vanger	0:b86d15c6ba29	178	if ( (ret = InitSSL(ssl, ctx)) < 0) {
Vanger	0:b86d15c6ba29	179	FreeSSL(ssl);
Vanger	0:b86d15c6ba29	180	ssl = 0;
Vanger	0:b86d15c6ba29	181	}
Vanger	0:b86d15c6ba29	182
Vanger	0:b86d15c6ba29	183	CYASSL_LEAVE("SSL_new", ret);
Vanger	0:b86d15c6ba29	184	return ssl;
Vanger	0:b86d15c6ba29	185	}
Vanger	0:b86d15c6ba29	186
Vanger	0:b86d15c6ba29	187
Vanger	0:b86d15c6ba29	188	void CyaSSL_free(CYASSL* ssl)
Vanger	0:b86d15c6ba29	189	{
Vanger	0:b86d15c6ba29	190	CYASSL_ENTER("SSL_free");
Vanger	0:b86d15c6ba29	191	if (ssl)
Vanger	0:b86d15c6ba29	192	FreeSSL(ssl);
Vanger	0:b86d15c6ba29	193	CYASSL_LEAVE("SSL_free", 0);
Vanger	0:b86d15c6ba29	194	}
Vanger	0:b86d15c6ba29	195
Vanger	0:b86d15c6ba29	196	#ifdef HAVE_POLY1305
Vanger	0:b86d15c6ba29	197	/* set if to use old poly 1 for yes 0 to use new poly */
Vanger	0:b86d15c6ba29	198	int CyaSSL_use_old_poly(CYASSL* ssl, int value)
Vanger	0:b86d15c6ba29	199	{
Vanger	0:b86d15c6ba29	200	CYASSL_ENTER("SSL_use_old_poly");
Vanger	0:b86d15c6ba29	201	ssl->options.oldPoly = value;
Vanger	0:b86d15c6ba29	202	CYASSL_LEAVE("SSL_use_old_poly", 0);
Vanger	0:b86d15c6ba29	203	return 0;
Vanger	0:b86d15c6ba29	204	}
Vanger	0:b86d15c6ba29	205	#endif
Vanger	0:b86d15c6ba29	206
Vanger	0:b86d15c6ba29	207	int CyaSSL_set_fd(CYASSL* ssl, int fd)
Vanger	0:b86d15c6ba29	208	{
Vanger	0:b86d15c6ba29	209	CYASSL_ENTER("SSL_set_fd");
Vanger	0:b86d15c6ba29	210	ssl->rfd = fd; /* not used directly to allow IO callbacks */
Vanger	0:b86d15c6ba29	211	ssl->wfd = fd;
Vanger	0:b86d15c6ba29	212
Vanger	0:b86d15c6ba29	213	ssl->IOCB_ReadCtx = &ssl->rfd;
Vanger	0:b86d15c6ba29	214	ssl->IOCB_WriteCtx = &ssl->wfd;
Vanger	0:b86d15c6ba29	215
Vanger	0:b86d15c6ba29	216	#ifdef CYASSL_DTLS
Vanger	0:b86d15c6ba29	217	if (ssl->options.dtls) {
Vanger	0:b86d15c6ba29	218	ssl->IOCB_ReadCtx = &ssl->buffers.dtlsCtx;
Vanger	0:b86d15c6ba29	219	ssl->IOCB_WriteCtx = &ssl->buffers.dtlsCtx;
Vanger	0:b86d15c6ba29	220	ssl->buffers.dtlsCtx.fd = fd;
Vanger	0:b86d15c6ba29	221	}
Vanger	0:b86d15c6ba29	222	#endif
Vanger	0:b86d15c6ba29	223
Vanger	0:b86d15c6ba29	224	CYASSL_LEAVE("SSL_set_fd", SSL_SUCCESS);
Vanger	0:b86d15c6ba29	225	return SSL_SUCCESS;
Vanger	0:b86d15c6ba29	226	}
Vanger	0:b86d15c6ba29	227
Vanger	0:b86d15c6ba29	228
Vanger	0:b86d15c6ba29	229	int CyaSSL_get_ciphers(char* buf, int len)
Vanger	0:b86d15c6ba29	230	{
Vanger	0:b86d15c6ba29	231	const char* const* ciphers = GetCipherNames();
Vanger	0:b86d15c6ba29	232	int totalInc = 0;
Vanger	0:b86d15c6ba29	233	int step = 0;
Vanger	0:b86d15c6ba29	234	char delim = ':';
Vanger	0:b86d15c6ba29	235	int size = GetCipherNamesSize();
Vanger	0:b86d15c6ba29	236	int i;
Vanger	0:b86d15c6ba29	237
Vanger	0:b86d15c6ba29	238	if (buf == NULL \|\| len <= 0)
Vanger	0:b86d15c6ba29	239	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	240
Vanger	0:b86d15c6ba29	241	/* Add each member to the buffer delimitted by a : */
Vanger	0:b86d15c6ba29	242	for (i = 0; i < size; i++) {
Vanger	0:b86d15c6ba29	243	step = (int)(XSTRLEN(ciphers[i]) + 1); /* delimiter */
Vanger	0:b86d15c6ba29	244	totalInc += step;
Vanger	0:b86d15c6ba29	245
Vanger	0:b86d15c6ba29	246	/* Check to make sure buf is large enough and will not overflow */
Vanger	0:b86d15c6ba29	247	if (totalInc < len) {
Vanger	0:b86d15c6ba29	248	XSTRNCPY(buf, ciphers[i], XSTRLEN(ciphers[i]));
Vanger	0:b86d15c6ba29	249	buf += XSTRLEN(ciphers[i]);
Vanger	0:b86d15c6ba29	250
Vanger	0:b86d15c6ba29	251	if (i < size - 1)
Vanger	0:b86d15c6ba29	252	*buf++ = delim;
Vanger	0:b86d15c6ba29	253	}
Vanger	0:b86d15c6ba29	254	else
Vanger	0:b86d15c6ba29	255	return BUFFER_E;
Vanger	0:b86d15c6ba29	256	}
Vanger	0:b86d15c6ba29	257	return SSL_SUCCESS;
Vanger	0:b86d15c6ba29	258	}
Vanger	0:b86d15c6ba29	259
Vanger	0:b86d15c6ba29	260
Vanger	0:b86d15c6ba29	261	int CyaSSL_get_fd(const CYASSL* ssl)
Vanger	0:b86d15c6ba29	262	{
Vanger	0:b86d15c6ba29	263	CYASSL_ENTER("SSL_get_fd");
Vanger	0:b86d15c6ba29	264	CYASSL_LEAVE("SSL_get_fd", ssl->rfd);
Vanger	0:b86d15c6ba29	265	return ssl->rfd;
Vanger	0:b86d15c6ba29	266	}
Vanger	0:b86d15c6ba29	267
Vanger	0:b86d15c6ba29	268
Vanger	0:b86d15c6ba29	269	int CyaSSL_get_using_nonblock(CYASSL* ssl)
Vanger	0:b86d15c6ba29	270	{
Vanger	0:b86d15c6ba29	271	CYASSL_ENTER("CyaSSL_get_using_nonblock");
Vanger	0:b86d15c6ba29	272	CYASSL_LEAVE("CyaSSL_get_using_nonblock", ssl->options.usingNonblock);
Vanger	0:b86d15c6ba29	273	return ssl->options.usingNonblock;
Vanger	0:b86d15c6ba29	274	}
Vanger	0:b86d15c6ba29	275
Vanger	0:b86d15c6ba29	276
Vanger	0:b86d15c6ba29	277	int CyaSSL_dtls(CYASSL* ssl)
Vanger	0:b86d15c6ba29	278	{
Vanger	0:b86d15c6ba29	279	return ssl->options.dtls;
Vanger	0:b86d15c6ba29	280	}
Vanger	0:b86d15c6ba29	281
Vanger	0:b86d15c6ba29	282
Vanger	0:b86d15c6ba29	283	#ifndef CYASSL_LEANPSK
Vanger	0:b86d15c6ba29	284	void CyaSSL_set_using_nonblock(CYASSL* ssl, int nonblock)
Vanger	0:b86d15c6ba29	285	{
Vanger	0:b86d15c6ba29	286	CYASSL_ENTER("CyaSSL_set_using_nonblock");
Vanger	0:b86d15c6ba29	287	ssl->options.usingNonblock = (nonblock != 0);
Vanger	0:b86d15c6ba29	288	}
Vanger	0:b86d15c6ba29	289
Vanger	0:b86d15c6ba29	290
Vanger	0:b86d15c6ba29	291	int CyaSSL_dtls_set_peer(CYASSL* ssl, void* peer, unsigned int peerSz)
Vanger	0:b86d15c6ba29	292	{
Vanger	0:b86d15c6ba29	293	#ifdef CYASSL_DTLS
Vanger	0:b86d15c6ba29	294	void* sa = (void*)XMALLOC(peerSz, ssl->heap, DYNAMIC_TYPE_SOCKADDR);
Vanger	0:b86d15c6ba29	295	if (sa != NULL) {
Vanger	0:b86d15c6ba29	296	if (ssl->buffers.dtlsCtx.peer.sa != NULL)
Vanger	0:b86d15c6ba29	297	XFREE(ssl->buffers.dtlsCtx.peer.sa,ssl->heap,DYNAMIC_TYPE_SOCKADDR);
Vanger	0:b86d15c6ba29	298	XMEMCPY(sa, peer, peerSz);
Vanger	0:b86d15c6ba29	299	ssl->buffers.dtlsCtx.peer.sa = sa;
Vanger	0:b86d15c6ba29	300	ssl->buffers.dtlsCtx.peer.sz = peerSz;
Vanger	0:b86d15c6ba29	301	return SSL_SUCCESS;
Vanger	0:b86d15c6ba29	302	}
Vanger	0:b86d15c6ba29	303	return SSL_FAILURE;
Vanger	0:b86d15c6ba29	304	#else
Vanger	0:b86d15c6ba29	305	(void)ssl;
Vanger	0:b86d15c6ba29	306	(void)peer;
Vanger	0:b86d15c6ba29	307	(void)peerSz;
Vanger	0:b86d15c6ba29	308	return SSL_NOT_IMPLEMENTED;
Vanger	0:b86d15c6ba29	309	#endif
Vanger	0:b86d15c6ba29	310	}
Vanger	0:b86d15c6ba29	311
Vanger	0:b86d15c6ba29	312	int CyaSSL_dtls_get_peer(CYASSL* ssl, void* peer, unsigned int* peerSz)
Vanger	0:b86d15c6ba29	313	{
Vanger	0:b86d15c6ba29	314	#ifdef CYASSL_DTLS
Vanger	0:b86d15c6ba29	315	if (peer != NULL && peerSz != NULL
Vanger	0:b86d15c6ba29	316	&& *peerSz >= ssl->buffers.dtlsCtx.peer.sz) {
Vanger	0:b86d15c6ba29	317	*peerSz = ssl->buffers.dtlsCtx.peer.sz;
Vanger	0:b86d15c6ba29	318	XMEMCPY(peer, ssl->buffers.dtlsCtx.peer.sa, *peerSz);
Vanger	0:b86d15c6ba29	319	return SSL_SUCCESS;
Vanger	0:b86d15c6ba29	320	}
Vanger	0:b86d15c6ba29	321	return SSL_FAILURE;
Vanger	0:b86d15c6ba29	322	#else
Vanger	0:b86d15c6ba29	323	(void)ssl;
Vanger	0:b86d15c6ba29	324	(void)peer;
Vanger	0:b86d15c6ba29	325	(void)peerSz;
Vanger	0:b86d15c6ba29	326	return SSL_NOT_IMPLEMENTED;
Vanger	0:b86d15c6ba29	327	#endif
Vanger	0:b86d15c6ba29	328	}
Vanger	0:b86d15c6ba29	329	#endif /* CYASSL_LEANPSK */
Vanger	0:b86d15c6ba29	330
Vanger	0:b86d15c6ba29	331
Vanger	0:b86d15c6ba29	332	/* return underlyig connect or accept, SSL_SUCCESS on ok */
Vanger	0:b86d15c6ba29	333	int CyaSSL_negotiate(CYASSL* ssl)
Vanger	0:b86d15c6ba29	334	{
Vanger	0:b86d15c6ba29	335	int err = SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	336
Vanger	0:b86d15c6ba29	337	CYASSL_ENTER("CyaSSL_negotiate");
Vanger	0:b86d15c6ba29	338	#ifndef NO_CYASSL_SERVER
Vanger	0:b86d15c6ba29	339	if (ssl->options.side == CYASSL_SERVER_END)
Vanger	0:b86d15c6ba29	340	err = CyaSSL_accept(ssl);
Vanger	0:b86d15c6ba29	341	#endif
Vanger	0:b86d15c6ba29	342
Vanger	0:b86d15c6ba29	343	#ifndef NO_CYASSL_CLIENT
Vanger	0:b86d15c6ba29	344	if (ssl->options.side == CYASSL_CLIENT_END)
Vanger	0:b86d15c6ba29	345	err = CyaSSL_connect(ssl);
Vanger	0:b86d15c6ba29	346	#endif
Vanger	0:b86d15c6ba29	347
Vanger	0:b86d15c6ba29	348	CYASSL_LEAVE("CyaSSL_negotiate", err);
Vanger	0:b86d15c6ba29	349
Vanger	0:b86d15c6ba29	350	return err;
Vanger	0:b86d15c6ba29	351	}
Vanger	0:b86d15c6ba29	352
Vanger	0:b86d15c6ba29	353
Vanger	0:b86d15c6ba29	354	#ifndef CYASSL_LEANPSK
Vanger	0:b86d15c6ba29	355	/* object size based on build */
Vanger	0:b86d15c6ba29	356	int CyaSSL_GetObjectSize(void)
Vanger	0:b86d15c6ba29	357	{
Vanger	0:b86d15c6ba29	358	#ifdef SHOW_SIZES
Vanger	0:b86d15c6ba29	359	printf("sizeof suites = %lu\n", sizeof(Suites));
Vanger	0:b86d15c6ba29	360	printf("sizeof ciphers(2) = %lu\n", sizeof(Ciphers));
Vanger	0:b86d15c6ba29	361	#ifndef NO_RC4
Vanger	0:b86d15c6ba29	362	printf(" sizeof arc4 = %lu\n", sizeof(Arc4));
Vanger	0:b86d15c6ba29	363	#endif
Vanger	0:b86d15c6ba29	364	printf(" sizeof aes = %lu\n", sizeof(Aes));
Vanger	0:b86d15c6ba29	365	#ifndef NO_DES3
Vanger	0:b86d15c6ba29	366	printf(" sizeof des3 = %lu\n", sizeof(Des3));
Vanger	0:b86d15c6ba29	367	#endif
Vanger	0:b86d15c6ba29	368	#ifndef NO_RABBIT
Vanger	0:b86d15c6ba29	369	printf(" sizeof rabbit = %lu\n", sizeof(Rabbit));
Vanger	0:b86d15c6ba29	370	#endif
Vanger	0:b86d15c6ba29	371	#ifdef HAVE_CHACHA
Vanger	0:b86d15c6ba29	372	printf(" sizeof chacha = %lu\n", sizeof(Chacha));
Vanger	0:b86d15c6ba29	373	#endif
Vanger	0:b86d15c6ba29	374	printf("sizeof cipher specs = %lu\n", sizeof(CipherSpecs));
Vanger	0:b86d15c6ba29	375	printf("sizeof keys = %lu\n", sizeof(Keys));
Vanger	0:b86d15c6ba29	376	printf("sizeof Hashes(2) = %lu\n", sizeof(Hashes));
Vanger	0:b86d15c6ba29	377	#ifndef NO_MD5
Vanger	0:b86d15c6ba29	378	printf(" sizeof MD5 = %lu\n", sizeof(Md5));
Vanger	0:b86d15c6ba29	379	#endif
Vanger	0:b86d15c6ba29	380	#ifndef NO_SHA
Vanger	0:b86d15c6ba29	381	printf(" sizeof SHA = %lu\n", sizeof(Sha));
Vanger	0:b86d15c6ba29	382	#endif
Vanger	0:b86d15c6ba29	383	#ifndef NO_SHA256
Vanger	0:b86d15c6ba29	384	printf(" sizeof SHA256 = %lu\n", sizeof(Sha256));
Vanger	0:b86d15c6ba29	385	#endif
Vanger	0:b86d15c6ba29	386	#ifdef CYASSL_SHA384
Vanger	0:b86d15c6ba29	387	printf(" sizeof SHA384 = %lu\n", sizeof(Sha384));
Vanger	0:b86d15c6ba29	388	#endif
Vanger	0:b86d15c6ba29	389	#ifdef CYASSL_SHA384
Vanger	0:b86d15c6ba29	390	printf(" sizeof SHA512 = %lu\n", sizeof(Sha512));
Vanger	0:b86d15c6ba29	391	#endif
Vanger	0:b86d15c6ba29	392	printf("sizeof Buffers = %lu\n", sizeof(Buffers));
Vanger	0:b86d15c6ba29	393	printf("sizeof Options = %lu\n", sizeof(Options));
Vanger	0:b86d15c6ba29	394	printf("sizeof Arrays = %lu\n", sizeof(Arrays));
Vanger	0:b86d15c6ba29	395	#ifndef NO_RSA
Vanger	0:b86d15c6ba29	396	printf("sizeof RsaKey = %lu\n", sizeof(RsaKey));
Vanger	0:b86d15c6ba29	397	#endif
Vanger	0:b86d15c6ba29	398	#ifdef HAVE_ECC
Vanger	0:b86d15c6ba29	399	printf("sizeof ecc_key = %lu\n", sizeof(ecc_key));
Vanger	0:b86d15c6ba29	400	#endif
Vanger	0:b86d15c6ba29	401	printf("sizeof CYASSL_CIPHER = %lu\n", sizeof(CYASSL_CIPHER));
Vanger	0:b86d15c6ba29	402	printf("sizeof CYASSL_SESSION = %lu\n", sizeof(CYASSL_SESSION));
Vanger	0:b86d15c6ba29	403	printf("sizeof CYASSL = %lu\n", sizeof(CYASSL));
Vanger	0:b86d15c6ba29	404	printf("sizeof CYASSL_CTX = %lu\n", sizeof(CYASSL_CTX));
Vanger	0:b86d15c6ba29	405	#endif
Vanger	0:b86d15c6ba29	406
Vanger	0:b86d15c6ba29	407	return sizeof(CYASSL);
Vanger	0:b86d15c6ba29	408	}
Vanger	0:b86d15c6ba29	409	#endif
Vanger	0:b86d15c6ba29	410
Vanger	0:b86d15c6ba29	411
Vanger	0:b86d15c6ba29	412	#ifndef NO_DH
Vanger	0:b86d15c6ba29	413	/* server Diffie-Hellman parameters, SSL_SUCCESS on ok */
Vanger	0:b86d15c6ba29	414	int CyaSSL_SetTmpDH(CYASSL* ssl, const unsigned char* p, int pSz,
Vanger	0:b86d15c6ba29	415	const unsigned char* g, int gSz)
Vanger	0:b86d15c6ba29	416	{
Vanger	0:b86d15c6ba29	417	byte havePSK = 0;
Vanger	0:b86d15c6ba29	418	byte haveRSA = 1;
Vanger	0:b86d15c6ba29	419
Vanger	0:b86d15c6ba29	420	CYASSL_ENTER("CyaSSL_SetTmpDH");
Vanger	0:b86d15c6ba29	421	if (ssl == NULL \|\| p == NULL \|\| g == NULL) return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	422
Vanger	0:b86d15c6ba29	423	if (ssl->options.side != CYASSL_SERVER_END)
Vanger	0:b86d15c6ba29	424	return SIDE_ERROR;
Vanger	0:b86d15c6ba29	425
Vanger	0:b86d15c6ba29	426	if (ssl->buffers.serverDH_P.buffer && ssl->buffers.weOwnDH)
Vanger	0:b86d15c6ba29	427	XFREE(ssl->buffers.serverDH_P.buffer, ssl->ctx->heap, DYNAMIC_TYPE_DH);
Vanger	0:b86d15c6ba29	428	if (ssl->buffers.serverDH_G.buffer && ssl->buffers.weOwnDH)
Vanger	0:b86d15c6ba29	429	XFREE(ssl->buffers.serverDH_G.buffer, ssl->ctx->heap, DYNAMIC_TYPE_DH);
Vanger	0:b86d15c6ba29	430
Vanger	0:b86d15c6ba29	431	ssl->buffers.weOwnDH = 1; /* SSL owns now */
Vanger	0:b86d15c6ba29	432	ssl->buffers.serverDH_P.buffer = (byte*)XMALLOC(pSz, ssl->ctx->heap,
Vanger	0:b86d15c6ba29	433	DYNAMIC_TYPE_DH);
Vanger	0:b86d15c6ba29	434	if (ssl->buffers.serverDH_P.buffer == NULL)
Vanger	0:b86d15c6ba29	435	return MEMORY_E;
Vanger	0:b86d15c6ba29	436
Vanger	0:b86d15c6ba29	437	ssl->buffers.serverDH_G.buffer = (byte*)XMALLOC(gSz, ssl->ctx->heap,
Vanger	0:b86d15c6ba29	438	DYNAMIC_TYPE_DH);
Vanger	0:b86d15c6ba29	439	if (ssl->buffers.serverDH_G.buffer == NULL) {
Vanger	0:b86d15c6ba29	440	XFREE(ssl->buffers.serverDH_P.buffer, ssl->ctx->heap, DYNAMIC_TYPE_DH);
Vanger	0:b86d15c6ba29	441	return MEMORY_E;
Vanger	0:b86d15c6ba29	442	}
Vanger	0:b86d15c6ba29	443
Vanger	0:b86d15c6ba29	444	ssl->buffers.serverDH_P.length = pSz;
Vanger	0:b86d15c6ba29	445	ssl->buffers.serverDH_G.length = gSz;
Vanger	0:b86d15c6ba29	446
Vanger	0:b86d15c6ba29	447	XMEMCPY(ssl->buffers.serverDH_P.buffer, p, pSz);
Vanger	0:b86d15c6ba29	448	XMEMCPY(ssl->buffers.serverDH_G.buffer, g, gSz);
Vanger	0:b86d15c6ba29	449
Vanger	0:b86d15c6ba29	450	ssl->options.haveDH = 1;
Vanger	0:b86d15c6ba29	451	#ifndef NO_PSK
Vanger	0:b86d15c6ba29	452	havePSK = ssl->options.havePSK;
Vanger	0:b86d15c6ba29	453	#endif
Vanger	0:b86d15c6ba29	454	#ifdef NO_RSA
Vanger	0:b86d15c6ba29	455	haveRSA = 0;
Vanger	0:b86d15c6ba29	456	#endif
Vanger	0:b86d15c6ba29	457	InitSuites(ssl->suites, ssl->version, haveRSA, havePSK, ssl->options.haveDH,
Vanger	0:b86d15c6ba29	458	ssl->options.haveNTRU, ssl->options.haveECDSAsig,
Vanger	0:b86d15c6ba29	459	ssl->options.haveStaticECC, ssl->options.side);
Vanger	0:b86d15c6ba29	460
Vanger	0:b86d15c6ba29	461	CYASSL_LEAVE("CyaSSL_SetTmpDH", 0);
Vanger	0:b86d15c6ba29	462	return SSL_SUCCESS;
Vanger	0:b86d15c6ba29	463	}
Vanger	0:b86d15c6ba29	464	#endif /* !NO_DH */
Vanger	0:b86d15c6ba29	465
Vanger	0:b86d15c6ba29	466
Vanger	0:b86d15c6ba29	467	int CyaSSL_write(CYASSL* ssl, const void* data, int sz)
Vanger	0:b86d15c6ba29	468	{
Vanger	0:b86d15c6ba29	469	int ret;
Vanger	0:b86d15c6ba29	470
Vanger	0:b86d15c6ba29	471	CYASSL_ENTER("SSL_write()");
Vanger	0:b86d15c6ba29	472
Vanger	0:b86d15c6ba29	473	if (ssl == NULL \|\| data == NULL \|\| sz < 0)
Vanger	0:b86d15c6ba29	474	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	475
Vanger	0:b86d15c6ba29	476	#ifdef HAVE_ERRNO_H
Vanger	0:b86d15c6ba29	477	errno = 0;
Vanger	0:b86d15c6ba29	478	#endif
Vanger	0:b86d15c6ba29	479
Vanger	0:b86d15c6ba29	480	ret = SendData(ssl, data, sz);
Vanger	0:b86d15c6ba29	481
Vanger	0:b86d15c6ba29	482	CYASSL_LEAVE("SSL_write()", ret);
Vanger	0:b86d15c6ba29	483
Vanger	0:b86d15c6ba29	484	if (ret < 0)
Vanger	0:b86d15c6ba29	485	return SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	486	else
Vanger	0:b86d15c6ba29	487	return ret;
Vanger	0:b86d15c6ba29	488	}
Vanger	0:b86d15c6ba29	489
Vanger	0:b86d15c6ba29	490
Vanger	0:b86d15c6ba29	491	static int CyaSSL_read_internal(CYASSL* ssl, void* data, int sz, int peek)
Vanger	0:b86d15c6ba29	492	{
Vanger	0:b86d15c6ba29	493	int ret;
Vanger	0:b86d15c6ba29	494
Vanger	0:b86d15c6ba29	495	CYASSL_ENTER("CyaSSL_read_internal()");
Vanger	0:b86d15c6ba29	496
Vanger	0:b86d15c6ba29	497	if (ssl == NULL \|\| data == NULL \|\| sz < 0)
Vanger	0:b86d15c6ba29	498	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	499
Vanger	0:b86d15c6ba29	500	#ifdef HAVE_ERRNO_H
Vanger	0:b86d15c6ba29	501	errno = 0;
Vanger	0:b86d15c6ba29	502	#endif
Vanger	0:b86d15c6ba29	503	#ifdef CYASSL_DTLS
Vanger	0:b86d15c6ba29	504	if (ssl->options.dtls)
Vanger	0:b86d15c6ba29	505	ssl->dtls_expected_rx = max(sz + 100, MAX_MTU);
Vanger	0:b86d15c6ba29	506	#endif
Vanger	0:b86d15c6ba29	507
Vanger	0:b86d15c6ba29	508	#ifdef HAVE_MAX_FRAGMENT
Vanger	0:b86d15c6ba29	509	ret = ReceiveData(ssl, (byte*)data,
Vanger	0:b86d15c6ba29	510	min(sz, min(ssl->max_fragment, OUTPUT_RECORD_SIZE)), peek);
Vanger	0:b86d15c6ba29	511	#else
Vanger	0:b86d15c6ba29	512	ret = ReceiveData(ssl, (byte*)data, min(sz, OUTPUT_RECORD_SIZE), peek);
Vanger	0:b86d15c6ba29	513	#endif
Vanger	0:b86d15c6ba29	514
Vanger	0:b86d15c6ba29	515	CYASSL_LEAVE("CyaSSL_read_internal()", ret);
Vanger	0:b86d15c6ba29	516
Vanger	0:b86d15c6ba29	517	if (ret < 0)
Vanger	0:b86d15c6ba29	518	return SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	519	else
Vanger	0:b86d15c6ba29	520	return ret;
Vanger	0:b86d15c6ba29	521	}
Vanger	0:b86d15c6ba29	522
Vanger	0:b86d15c6ba29	523
Vanger	0:b86d15c6ba29	524	int CyaSSL_peek(CYASSL* ssl, void* data, int sz)
Vanger	0:b86d15c6ba29	525	{
Vanger	0:b86d15c6ba29	526	CYASSL_ENTER("CyaSSL_peek()");
Vanger	0:b86d15c6ba29	527
Vanger	0:b86d15c6ba29	528	return CyaSSL_read_internal(ssl, data, sz, TRUE);
Vanger	0:b86d15c6ba29	529	}
Vanger	0:b86d15c6ba29	530
Vanger	0:b86d15c6ba29	531
Vanger	0:b86d15c6ba29	532	int CyaSSL_read(CYASSL* ssl, void* data, int sz)
Vanger	0:b86d15c6ba29	533	{
Vanger	0:b86d15c6ba29	534	CYASSL_ENTER("CyaSSL_read()");
Vanger	0:b86d15c6ba29	535
Vanger	0:b86d15c6ba29	536	return CyaSSL_read_internal(ssl, data, sz, FALSE);
Vanger	0:b86d15c6ba29	537	}
Vanger	0:b86d15c6ba29	538
Vanger	0:b86d15c6ba29	539
Vanger	0:b86d15c6ba29	540	#ifdef HAVE_CAVIUM
Vanger	0:b86d15c6ba29	541
Vanger	0:b86d15c6ba29	542	/* let's use cavium, SSL_SUCCESS on ok */
Vanger	0:b86d15c6ba29	543	int CyaSSL_UseCavium(CYASSL* ssl, int devId)
Vanger	0:b86d15c6ba29	544	{
Vanger	0:b86d15c6ba29	545	if (ssl == NULL)
Vanger	0:b86d15c6ba29	546	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	547
Vanger	0:b86d15c6ba29	548	ssl->devId = devId;
Vanger	0:b86d15c6ba29	549
Vanger	0:b86d15c6ba29	550	return SSL_SUCCESS;
Vanger	0:b86d15c6ba29	551	}
Vanger	0:b86d15c6ba29	552
Vanger	0:b86d15c6ba29	553
Vanger	0:b86d15c6ba29	554	/* let's use cavium, SSL_SUCCESS on ok */
Vanger	0:b86d15c6ba29	555	int CyaSSL_CTX_UseCavium(CYASSL_CTX* ctx, int devId)
Vanger	0:b86d15c6ba29	556	{
Vanger	0:b86d15c6ba29	557	if (ctx == NULL)
Vanger	0:b86d15c6ba29	558	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	559
Vanger	0:b86d15c6ba29	560	ctx->devId = devId;
Vanger	0:b86d15c6ba29	561
Vanger	0:b86d15c6ba29	562	return SSL_SUCCESS;
Vanger	0:b86d15c6ba29	563	}
Vanger	0:b86d15c6ba29	564
Vanger	0:b86d15c6ba29	565
Vanger	0:b86d15c6ba29	566	#endif /* HAVE_CAVIUM */
Vanger	0:b86d15c6ba29	567
Vanger	0:b86d15c6ba29	568	#ifdef HAVE_SNI
Vanger	0:b86d15c6ba29	569
Vanger	0:b86d15c6ba29	570	int CyaSSL_UseSNI(CYASSL* ssl, byte type, const void* data, word16 size)
Vanger	0:b86d15c6ba29	571	{
Vanger	0:b86d15c6ba29	572	if (ssl == NULL)
Vanger	0:b86d15c6ba29	573	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	574
Vanger	0:b86d15c6ba29	575	return TLSX_UseSNI(&ssl->extensions, type, data, size);
Vanger	0:b86d15c6ba29	576	}
Vanger	0:b86d15c6ba29	577
Vanger	0:b86d15c6ba29	578	int CyaSSL_CTX_UseSNI(CYASSL_CTX* ctx, byte type, const void* data, word16 size)
Vanger	0:b86d15c6ba29	579	{
Vanger	0:b86d15c6ba29	580	if (ctx == NULL)
Vanger	0:b86d15c6ba29	581	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	582
Vanger	0:b86d15c6ba29	583	return TLSX_UseSNI(&ctx->extensions, type, data, size);
Vanger	0:b86d15c6ba29	584	}
Vanger	0:b86d15c6ba29	585
Vanger	0:b86d15c6ba29	586	#ifndef NO_CYASSL_SERVER
Vanger	0:b86d15c6ba29	587
Vanger	0:b86d15c6ba29	588	void CyaSSL_SNI_SetOptions(CYASSL* ssl, byte type, byte options)
Vanger	0:b86d15c6ba29	589	{
Vanger	0:b86d15c6ba29	590	if (ssl && ssl->extensions)
Vanger	0:b86d15c6ba29	591	TLSX_SNI_SetOptions(ssl->extensions, type, options);
Vanger	0:b86d15c6ba29	592	}
Vanger	0:b86d15c6ba29	593
Vanger	0:b86d15c6ba29	594	void CyaSSL_CTX_SNI_SetOptions(CYASSL_CTX* ctx, byte type, byte options)
Vanger	0:b86d15c6ba29	595	{
Vanger	0:b86d15c6ba29	596	if (ctx && ctx->extensions)
Vanger	0:b86d15c6ba29	597	TLSX_SNI_SetOptions(ctx->extensions, type, options);
Vanger	0:b86d15c6ba29	598	}
Vanger	0:b86d15c6ba29	599
Vanger	0:b86d15c6ba29	600	byte CyaSSL_SNI_Status(CYASSL* ssl, byte type)
Vanger	0:b86d15c6ba29	601	{
Vanger	0:b86d15c6ba29	602	return TLSX_SNI_Status(ssl ? ssl->extensions : NULL, type);
Vanger	0:b86d15c6ba29	603	}
Vanger	0:b86d15c6ba29	604
Vanger	0:b86d15c6ba29	605	word16 CyaSSL_SNI_GetRequest(CYASSL* ssl, byte type, void** data)
Vanger	0:b86d15c6ba29	606	{
Vanger	0:b86d15c6ba29	607	if (data)
Vanger	0:b86d15c6ba29	608	*data = NULL;
Vanger	0:b86d15c6ba29	609
Vanger	0:b86d15c6ba29	610	if (ssl && ssl->extensions)
Vanger	0:b86d15c6ba29	611	return TLSX_SNI_GetRequest(ssl->extensions, type, data);
Vanger	0:b86d15c6ba29	612
Vanger	0:b86d15c6ba29	613	return 0;
Vanger	0:b86d15c6ba29	614	}
Vanger	0:b86d15c6ba29	615
Vanger	0:b86d15c6ba29	616	int CyaSSL_SNI_GetFromBuffer(const byte* clientHello, word32 helloSz, byte type,
Vanger	0:b86d15c6ba29	617	byte* sni, word32* inOutSz)
Vanger	0:b86d15c6ba29	618	{
Vanger	0:b86d15c6ba29	619	if (clientHello && helloSz > 0 && sni && inOutSz && *inOutSz > 0)
Vanger	0:b86d15c6ba29	620	return TLSX_SNI_GetFromBuffer(clientHello, helloSz, type, sni, inOutSz);
Vanger	0:b86d15c6ba29	621
Vanger	0:b86d15c6ba29	622	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	623	}
Vanger	0:b86d15c6ba29	624
Vanger	0:b86d15c6ba29	625	#endif /* NO_CYASSL_SERVER */
Vanger	0:b86d15c6ba29	626
Vanger	0:b86d15c6ba29	627	#endif /* HAVE_SNI */
Vanger	0:b86d15c6ba29	628
Vanger	0:b86d15c6ba29	629
Vanger	0:b86d15c6ba29	630	#ifdef HAVE_MAX_FRAGMENT
Vanger	0:b86d15c6ba29	631	#ifndef NO_CYASSL_CLIENT
Vanger	0:b86d15c6ba29	632	int CyaSSL_UseMaxFragment(CYASSL* ssl, byte mfl)
Vanger	0:b86d15c6ba29	633	{
Vanger	0:b86d15c6ba29	634	if (ssl == NULL)
Vanger	0:b86d15c6ba29	635	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	636
Vanger	0:b86d15c6ba29	637	return TLSX_UseMaxFragment(&ssl->extensions, mfl);
Vanger	0:b86d15c6ba29	638	}
Vanger	0:b86d15c6ba29	639
Vanger	0:b86d15c6ba29	640	int CyaSSL_CTX_UseMaxFragment(CYASSL_CTX* ctx, byte mfl)
Vanger	0:b86d15c6ba29	641	{
Vanger	0:b86d15c6ba29	642	if (ctx == NULL)
Vanger	0:b86d15c6ba29	643	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	644
Vanger	0:b86d15c6ba29	645	return TLSX_UseMaxFragment(&ctx->extensions, mfl);
Vanger	0:b86d15c6ba29	646	}
Vanger	0:b86d15c6ba29	647	#endif /* NO_CYASSL_CLIENT */
Vanger	0:b86d15c6ba29	648	#endif /* HAVE_MAX_FRAGMENT */
Vanger	0:b86d15c6ba29	649
Vanger	0:b86d15c6ba29	650	#ifdef HAVE_TRUNCATED_HMAC
Vanger	0:b86d15c6ba29	651	#ifndef NO_CYASSL_CLIENT
Vanger	0:b86d15c6ba29	652	int CyaSSL_UseTruncatedHMAC(CYASSL* ssl)
Vanger	0:b86d15c6ba29	653	{
Vanger	0:b86d15c6ba29	654	if (ssl == NULL)
Vanger	0:b86d15c6ba29	655	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	656
Vanger	0:b86d15c6ba29	657	return TLSX_UseTruncatedHMAC(&ssl->extensions);
Vanger	0:b86d15c6ba29	658	}
Vanger	0:b86d15c6ba29	659
Vanger	0:b86d15c6ba29	660	int CyaSSL_CTX_UseTruncatedHMAC(CYASSL_CTX* ctx)
Vanger	0:b86d15c6ba29	661	{
Vanger	0:b86d15c6ba29	662	if (ctx == NULL)
Vanger	0:b86d15c6ba29	663	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	664
Vanger	0:b86d15c6ba29	665	return TLSX_UseTruncatedHMAC(&ctx->extensions);
Vanger	0:b86d15c6ba29	666	}
Vanger	0:b86d15c6ba29	667	#endif /* NO_CYASSL_CLIENT */
Vanger	0:b86d15c6ba29	668	#endif /* HAVE_TRUNCATED_HMAC */
Vanger	0:b86d15c6ba29	669
Vanger	0:b86d15c6ba29	670	/* Elliptic Curves */
Vanger	0:b86d15c6ba29	671	#ifdef HAVE_SUPPORTED_CURVES
Vanger	0:b86d15c6ba29	672	#ifndef NO_CYASSL_CLIENT
Vanger	0:b86d15c6ba29	673
Vanger	0:b86d15c6ba29	674	int CyaSSL_UseSupportedCurve(CYASSL* ssl, word16 name)
Vanger	0:b86d15c6ba29	675	{
Vanger	0:b86d15c6ba29	676	if (ssl == NULL)
Vanger	0:b86d15c6ba29	677	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	678
Vanger	0:b86d15c6ba29	679	switch (name) {
Vanger	0:b86d15c6ba29	680	case CYASSL_ECC_SECP160R1:
Vanger	0:b86d15c6ba29	681	case CYASSL_ECC_SECP192R1:
Vanger	0:b86d15c6ba29	682	case CYASSL_ECC_SECP224R1:
Vanger	0:b86d15c6ba29	683	case CYASSL_ECC_SECP256R1:
Vanger	0:b86d15c6ba29	684	case CYASSL_ECC_SECP384R1:
Vanger	0:b86d15c6ba29	685	case CYASSL_ECC_SECP521R1:
Vanger	0:b86d15c6ba29	686	break;
Vanger	0:b86d15c6ba29	687
Vanger	0:b86d15c6ba29	688	default:
Vanger	0:b86d15c6ba29	689	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	690	}
Vanger	0:b86d15c6ba29	691
Vanger	0:b86d15c6ba29	692	return TLSX_UseSupportedCurve(&ssl->extensions, name);
Vanger	0:b86d15c6ba29	693	}
Vanger	0:b86d15c6ba29	694
Vanger	0:b86d15c6ba29	695	int CyaSSL_CTX_UseSupportedCurve(CYASSL_CTX* ctx, word16 name)
Vanger	0:b86d15c6ba29	696	{
Vanger	0:b86d15c6ba29	697	if (ctx == NULL)
Vanger	0:b86d15c6ba29	698	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	699
Vanger	0:b86d15c6ba29	700	switch (name) {
Vanger	0:b86d15c6ba29	701	case CYASSL_ECC_SECP160R1:
Vanger	0:b86d15c6ba29	702	case CYASSL_ECC_SECP192R1:
Vanger	0:b86d15c6ba29	703	case CYASSL_ECC_SECP224R1:
Vanger	0:b86d15c6ba29	704	case CYASSL_ECC_SECP256R1:
Vanger	0:b86d15c6ba29	705	case CYASSL_ECC_SECP384R1:
Vanger	0:b86d15c6ba29	706	case CYASSL_ECC_SECP521R1:
Vanger	0:b86d15c6ba29	707	break;
Vanger	0:b86d15c6ba29	708
Vanger	0:b86d15c6ba29	709	default:
Vanger	0:b86d15c6ba29	710	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	711	}
Vanger	0:b86d15c6ba29	712
Vanger	0:b86d15c6ba29	713	return TLSX_UseSupportedCurve(&ctx->extensions, name);
Vanger	0:b86d15c6ba29	714	}
Vanger	0:b86d15c6ba29	715
Vanger	0:b86d15c6ba29	716	#endif /* NO_CYASSL_CLIENT */
Vanger	0:b86d15c6ba29	717	#endif /* HAVE_SUPPORTED_CURVES */
Vanger	0:b86d15c6ba29	718
Vanger	0:b86d15c6ba29	719	/* Secure Renegotiation */
Vanger	0:b86d15c6ba29	720	#ifdef HAVE_SECURE_RENEGOTIATION
Vanger	0:b86d15c6ba29	721
Vanger	0:b86d15c6ba29	722	/* user is forcing ability to use secure renegotiation, we discourage it */
Vanger	0:b86d15c6ba29	723	int CyaSSL_UseSecureRenegotiation(CYASSL* ssl)
Vanger	0:b86d15c6ba29	724	{
Vanger	0:b86d15c6ba29	725	int ret = BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	726
Vanger	0:b86d15c6ba29	727	if (ssl)
Vanger	0:b86d15c6ba29	728	ret = TLSX_UseSecureRenegotiation(&ssl->extensions);
Vanger	0:b86d15c6ba29	729
Vanger	0:b86d15c6ba29	730	if (ret == SSL_SUCCESS) {
Vanger	0:b86d15c6ba29	731	TLSX* extension = TLSX_Find(ssl->extensions, SECURE_RENEGOTIATION);
Vanger	0:b86d15c6ba29	732
Vanger	0:b86d15c6ba29	733	if (extension)
Vanger	0:b86d15c6ba29	734	ssl->secure_renegotiation = (SecureRenegotiation*)extension->data;
Vanger	0:b86d15c6ba29	735	}
Vanger	0:b86d15c6ba29	736
Vanger	0:b86d15c6ba29	737	return ret;
Vanger	0:b86d15c6ba29	738	}
Vanger	0:b86d15c6ba29	739
Vanger	0:b86d15c6ba29	740
Vanger	0:b86d15c6ba29	741	/* do a secure renegotiation handshake, user forced, we discourage */
Vanger	0:b86d15c6ba29	742	int CyaSSL_Rehandshake(CYASSL* ssl)
Vanger	0:b86d15c6ba29	743	{
Vanger	0:b86d15c6ba29	744	int ret;
Vanger	0:b86d15c6ba29	745
Vanger	0:b86d15c6ba29	746	if (ssl == NULL)
Vanger	0:b86d15c6ba29	747	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	748
Vanger	0:b86d15c6ba29	749	if (ssl->secure_renegotiation == NULL) {
Vanger	0:b86d15c6ba29	750	CYASSL_MSG("Secure Renegotiation not forced on by user");
Vanger	0:b86d15c6ba29	751	return SECURE_RENEGOTIATION_E;
Vanger	0:b86d15c6ba29	752	}
Vanger	0:b86d15c6ba29	753
Vanger	0:b86d15c6ba29	754	if (ssl->secure_renegotiation->enabled == 0) {
Vanger	0:b86d15c6ba29	755	CYASSL_MSG("Secure Renegotiation not enabled at extension level");
Vanger	0:b86d15c6ba29	756	return SECURE_RENEGOTIATION_E;
Vanger	0:b86d15c6ba29	757	}
Vanger	0:b86d15c6ba29	758
Vanger	0:b86d15c6ba29	759	if (ssl->options.handShakeState != HANDSHAKE_DONE) {
Vanger	0:b86d15c6ba29	760	CYASSL_MSG("Can't renegotiate until previous handshake complete");
Vanger	0:b86d15c6ba29	761	return SECURE_RENEGOTIATION_E;
Vanger	0:b86d15c6ba29	762	}
Vanger	0:b86d15c6ba29	763
Vanger	0:b86d15c6ba29	764	#ifndef NO_FORCE_SCR_SAME_SUITE
Vanger	0:b86d15c6ba29	765	/* force same suite */
Vanger	0:b86d15c6ba29	766	if (ssl->suites) {
Vanger	0:b86d15c6ba29	767	ssl->suites->suiteSz = SUITE_LEN;
Vanger	0:b86d15c6ba29	768	ssl->suites->suites[0] = ssl->options.cipherSuite0;
Vanger	0:b86d15c6ba29	769	ssl->suites->suites[1] = ssl->options.cipherSuite;
Vanger	0:b86d15c6ba29	770	}
Vanger	0:b86d15c6ba29	771	#endif
Vanger	0:b86d15c6ba29	772
Vanger	0:b86d15c6ba29	773	/* reset handshake states */
Vanger	0:b86d15c6ba29	774	ssl->options.serverState = NULL_STATE;
Vanger	0:b86d15c6ba29	775	ssl->options.clientState = NULL_STATE;
Vanger	0:b86d15c6ba29	776	ssl->options.connectState = CONNECT_BEGIN;
Vanger	0:b86d15c6ba29	777	ssl->options.acceptState = ACCEPT_BEGIN;
Vanger	0:b86d15c6ba29	778	ssl->options.handShakeState = NULL_STATE;
Vanger	0:b86d15c6ba29	779	ssl->options.processReply = 0; /* TODO, move states in internal.h */
Vanger	0:b86d15c6ba29	780
Vanger	0:b86d15c6ba29	781	XMEMSET(&ssl->msgsReceived, 0, sizeof(ssl->msgsReceived));
Vanger	0:b86d15c6ba29	782
Vanger	0:b86d15c6ba29	783	ssl->secure_renegotiation->cache_status = SCR_CACHE_NEEDED;
Vanger	0:b86d15c6ba29	784
Vanger	0:b86d15c6ba29	785	#ifndef NO_OLD_TLS
Vanger	0:b86d15c6ba29	786	#ifndef NO_MD5
Vanger	0:b86d15c6ba29	787	InitMd5(&ssl->hashMd5);
Vanger	0:b86d15c6ba29	788	#endif
Vanger	0:b86d15c6ba29	789	#ifndef NO_SHA
Vanger	0:b86d15c6ba29	790	ret = InitSha(&ssl->hashSha);
Vanger	0:b86d15c6ba29	791	if (ret !=0)
Vanger	0:b86d15c6ba29	792	return ret;
Vanger	0:b86d15c6ba29	793	#endif
Vanger	0:b86d15c6ba29	794	#endif /* NO_OLD_TLS */
Vanger	0:b86d15c6ba29	795	#ifndef NO_SHA256
Vanger	0:b86d15c6ba29	796	ret = InitSha256(&ssl->hashSha256);
Vanger	0:b86d15c6ba29	797	if (ret !=0)
Vanger	0:b86d15c6ba29	798	return ret;
Vanger	0:b86d15c6ba29	799	#endif
Vanger	0:b86d15c6ba29	800	#ifdef CYASSL_SHA384
Vanger	0:b86d15c6ba29	801	ret = InitSha384(&ssl->hashSha384);
Vanger	0:b86d15c6ba29	802	if (ret !=0)
Vanger	0:b86d15c6ba29	803	return ret;
Vanger	0:b86d15c6ba29	804	#endif
Vanger	0:b86d15c6ba29	805
Vanger	0:b86d15c6ba29	806	ret = CyaSSL_negotiate(ssl);
Vanger	0:b86d15c6ba29	807	return ret;
Vanger	0:b86d15c6ba29	808	}
Vanger	0:b86d15c6ba29	809
Vanger	0:b86d15c6ba29	810	#endif /* HAVE_SECURE_RENEGOTIATION */
Vanger	0:b86d15c6ba29	811
Vanger	0:b86d15c6ba29	812	/* Session Ticket */
Vanger	0:b86d15c6ba29	813	#if !defined(NO_CYASSL_CLIENT) && defined(HAVE_SESSION_TICKET)
Vanger	0:b86d15c6ba29	814	int CyaSSL_UseSessionTicket(CYASSL* ssl)
Vanger	0:b86d15c6ba29	815	{
Vanger	0:b86d15c6ba29	816	if (ssl == NULL)
Vanger	0:b86d15c6ba29	817	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	818
Vanger	0:b86d15c6ba29	819	return TLSX_UseSessionTicket(&ssl->extensions, NULL);
Vanger	0:b86d15c6ba29	820	}
Vanger	0:b86d15c6ba29	821
Vanger	0:b86d15c6ba29	822	int CyaSSL_CTX_UseSessionTicket(CYASSL_CTX* ctx)
Vanger	0:b86d15c6ba29	823	{
Vanger	0:b86d15c6ba29	824	if (ctx == NULL)
Vanger	0:b86d15c6ba29	825	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	826
Vanger	0:b86d15c6ba29	827	return TLSX_UseSessionTicket(&ctx->extensions, NULL);
Vanger	0:b86d15c6ba29	828	}
Vanger	0:b86d15c6ba29	829
Vanger	0:b86d15c6ba29	830	CYASSL_API int CyaSSL_get_SessionTicket(CYASSL* ssl, byte* buf, word32* bufSz)
Vanger	0:b86d15c6ba29	831	{
Vanger	0:b86d15c6ba29	832	if (ssl == NULL \|\| buf == NULL \|\| bufSz == NULL \|\| *bufSz == 0)
Vanger	0:b86d15c6ba29	833	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	834
Vanger	0:b86d15c6ba29	835	if (ssl->session.ticketLen <= *bufSz) {
Vanger	0:b86d15c6ba29	836	XMEMCPY(buf, ssl->session.ticket, ssl->session.ticketLen);
Vanger	0:b86d15c6ba29	837	*bufSz = ssl->session.ticketLen;
Vanger	0:b86d15c6ba29	838	}
Vanger	0:b86d15c6ba29	839	else
Vanger	0:b86d15c6ba29	840	*bufSz = 0;
Vanger	0:b86d15c6ba29	841
Vanger	0:b86d15c6ba29	842	return SSL_SUCCESS;
Vanger	0:b86d15c6ba29	843	}
Vanger	0:b86d15c6ba29	844
Vanger	0:b86d15c6ba29	845	CYASSL_API int CyaSSL_set_SessionTicket(CYASSL* ssl, byte* buf, word32 bufSz)
Vanger	0:b86d15c6ba29	846	{
Vanger	0:b86d15c6ba29	847	if (ssl == NULL \|\| (buf == NULL && bufSz > 0))
Vanger	0:b86d15c6ba29	848	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	849
Vanger	0:b86d15c6ba29	850	if (bufSz > 0)
Vanger	0:b86d15c6ba29	851	XMEMCPY(ssl->session.ticket, buf, bufSz);
Vanger	0:b86d15c6ba29	852	ssl->session.ticketLen = bufSz;
Vanger	0:b86d15c6ba29	853
Vanger	0:b86d15c6ba29	854	return SSL_SUCCESS;
Vanger	0:b86d15c6ba29	855	}
Vanger	0:b86d15c6ba29	856
Vanger	0:b86d15c6ba29	857
Vanger	0:b86d15c6ba29	858	CYASSL_API int CyaSSL_set_SessionTicket_cb(CYASSL* ssl,
Vanger	0:b86d15c6ba29	859	CallbackSessionTicket cb, void* ctx)
Vanger	0:b86d15c6ba29	860	{
Vanger	0:b86d15c6ba29	861	if (ssl == NULL)
Vanger	0:b86d15c6ba29	862	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	863
Vanger	0:b86d15c6ba29	864	ssl->session_ticket_cb = cb;
Vanger	0:b86d15c6ba29	865	ssl->session_ticket_ctx = ctx;
Vanger	0:b86d15c6ba29	866
Vanger	0:b86d15c6ba29	867	return SSL_SUCCESS;
Vanger	0:b86d15c6ba29	868	}
Vanger	0:b86d15c6ba29	869	#endif
Vanger	0:b86d15c6ba29	870
Vanger	0:b86d15c6ba29	871	#ifndef CYASSL_LEANPSK
Vanger	0:b86d15c6ba29	872
Vanger	0:b86d15c6ba29	873	int CyaSSL_send(CYASSL* ssl, const void* data, int sz, int flags)
Vanger	0:b86d15c6ba29	874	{
Vanger	0:b86d15c6ba29	875	int ret;
Vanger	0:b86d15c6ba29	876	int oldFlags;
Vanger	0:b86d15c6ba29	877
Vanger	0:b86d15c6ba29	878	CYASSL_ENTER("CyaSSL_send()");
Vanger	0:b86d15c6ba29	879
Vanger	0:b86d15c6ba29	880	if (ssl == NULL \|\| data == NULL \|\| sz < 0)
Vanger	0:b86d15c6ba29	881	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	882
Vanger	0:b86d15c6ba29	883	oldFlags = ssl->wflags;
Vanger	0:b86d15c6ba29	884
Vanger	0:b86d15c6ba29	885	ssl->wflags = flags;
Vanger	0:b86d15c6ba29	886	ret = CyaSSL_write(ssl, data, sz);
Vanger	0:b86d15c6ba29	887	ssl->wflags = oldFlags;
Vanger	0:b86d15c6ba29	888
Vanger	0:b86d15c6ba29	889	CYASSL_LEAVE("CyaSSL_send()", ret);
Vanger	0:b86d15c6ba29	890
Vanger	0:b86d15c6ba29	891	return ret;
Vanger	0:b86d15c6ba29	892	}
Vanger	0:b86d15c6ba29	893
Vanger	0:b86d15c6ba29	894
Vanger	0:b86d15c6ba29	895	int CyaSSL_recv(CYASSL* ssl, void* data, int sz, int flags)
Vanger	0:b86d15c6ba29	896	{
Vanger	0:b86d15c6ba29	897	int ret;
Vanger	0:b86d15c6ba29	898	int oldFlags;
Vanger	0:b86d15c6ba29	899
Vanger	0:b86d15c6ba29	900	CYASSL_ENTER("CyaSSL_recv()");
Vanger	0:b86d15c6ba29	901
Vanger	0:b86d15c6ba29	902	if (ssl == NULL \|\| data == NULL \|\| sz < 0)
Vanger	0:b86d15c6ba29	903	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	904
Vanger	0:b86d15c6ba29	905	oldFlags = ssl->rflags;
Vanger	0:b86d15c6ba29	906
Vanger	0:b86d15c6ba29	907	ssl->rflags = flags;
Vanger	0:b86d15c6ba29	908	ret = CyaSSL_read(ssl, data, sz);
Vanger	0:b86d15c6ba29	909	ssl->rflags = oldFlags;
Vanger	0:b86d15c6ba29	910
Vanger	0:b86d15c6ba29	911	CYASSL_LEAVE("CyaSSL_recv()", ret);
Vanger	0:b86d15c6ba29	912
Vanger	0:b86d15c6ba29	913	return ret;
Vanger	0:b86d15c6ba29	914	}
Vanger	0:b86d15c6ba29	915	#endif
Vanger	0:b86d15c6ba29	916
Vanger	0:b86d15c6ba29	917
Vanger	0:b86d15c6ba29	918	/* SSL_SUCCESS on ok */
Vanger	0:b86d15c6ba29	919	int CyaSSL_shutdown(CYASSL* ssl)
Vanger	0:b86d15c6ba29	920	{
Vanger	0:b86d15c6ba29	921	CYASSL_ENTER("SSL_shutdown()");
Vanger	0:b86d15c6ba29	922
Vanger	0:b86d15c6ba29	923	if (ssl == NULL)
Vanger	0:b86d15c6ba29	924	return SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	925
Vanger	0:b86d15c6ba29	926	if (ssl->options.quietShutdown) {
Vanger	0:b86d15c6ba29	927	CYASSL_MSG("quiet shutdown, no close notify sent");
Vanger	0:b86d15c6ba29	928	return SSL_SUCCESS;
Vanger	0:b86d15c6ba29	929	}
Vanger	0:b86d15c6ba29	930
Vanger	0:b86d15c6ba29	931	/* try to send close notify, not an error if can't */
Vanger	0:b86d15c6ba29	932	if (!ssl->options.isClosed && !ssl->options.connReset &&
Vanger	0:b86d15c6ba29	933	!ssl->options.sentNotify) {
Vanger	0:b86d15c6ba29	934	ssl->error = SendAlert(ssl, alert_warning, close_notify);
Vanger	0:b86d15c6ba29	935	if (ssl->error < 0) {
Vanger	0:b86d15c6ba29	936	CYASSL_ERROR(ssl->error);
Vanger	0:b86d15c6ba29	937	return SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	938	}
Vanger	0:b86d15c6ba29	939	ssl->options.sentNotify = 1; /* don't send close_notify twice */
Vanger	0:b86d15c6ba29	940	}
Vanger	0:b86d15c6ba29	941
Vanger	0:b86d15c6ba29	942	CYASSL_LEAVE("SSL_shutdown()", ssl->error);
Vanger	0:b86d15c6ba29	943
Vanger	0:b86d15c6ba29	944	ssl->error = SSL_ERROR_SYSCALL; /* simulate OpenSSL behavior */
Vanger	0:b86d15c6ba29	945
Vanger	0:b86d15c6ba29	946	return SSL_SUCCESS;
Vanger	0:b86d15c6ba29	947	}
Vanger	0:b86d15c6ba29	948
Vanger	0:b86d15c6ba29	949
Vanger	0:b86d15c6ba29	950	int CyaSSL_get_error(CYASSL* ssl, int ret)
Vanger	0:b86d15c6ba29	951	{
Vanger	0:b86d15c6ba29	952	CYASSL_ENTER("SSL_get_error");
Vanger	0:b86d15c6ba29	953
Vanger	0:b86d15c6ba29	954	if (ret > 0)
Vanger	0:b86d15c6ba29	955	return SSL_ERROR_NONE;
Vanger	0:b86d15c6ba29	956	if (ssl == NULL)
Vanger	0:b86d15c6ba29	957	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	958
Vanger	0:b86d15c6ba29	959	CYASSL_LEAVE("SSL_get_error", ssl->error);
Vanger	0:b86d15c6ba29	960
Vanger	0:b86d15c6ba29	961	/* make sure converted types are handled in SetErrorString() too */
Vanger	0:b86d15c6ba29	962	if (ssl->error == WANT_READ)
Vanger	0:b86d15c6ba29	963	return SSL_ERROR_WANT_READ; /* convert to OpenSSL type */
Vanger	0:b86d15c6ba29	964	else if (ssl->error == WANT_WRITE)
Vanger	0:b86d15c6ba29	965	return SSL_ERROR_WANT_WRITE; /* convert to OpenSSL type */
Vanger	0:b86d15c6ba29	966	else if (ssl->error == ZERO_RETURN)
Vanger	0:b86d15c6ba29	967	return SSL_ERROR_ZERO_RETURN; /* convert to OpenSSL type */
Vanger	0:b86d15c6ba29	968	return ssl->error;
Vanger	0:b86d15c6ba29	969	}
Vanger	0:b86d15c6ba29	970
Vanger	0:b86d15c6ba29	971
Vanger	0:b86d15c6ba29	972	/* retrive alert history, SSL_SUCCESS on ok */
Vanger	0:b86d15c6ba29	973	int CyaSSL_get_alert_history(CYASSL* ssl, CYASSL_ALERT_HISTORY *h)
Vanger	0:b86d15c6ba29	974	{
Vanger	0:b86d15c6ba29	975	if (ssl && h) {
Vanger	0:b86d15c6ba29	976	*h = ssl->alert_history;
Vanger	0:b86d15c6ba29	977	}
Vanger	0:b86d15c6ba29	978	return SSL_SUCCESS;
Vanger	0:b86d15c6ba29	979	}
Vanger	0:b86d15c6ba29	980
Vanger	0:b86d15c6ba29	981
Vanger	0:b86d15c6ba29	982	/* return TRUE if current error is want read */
Vanger	0:b86d15c6ba29	983	int CyaSSL_want_read(CYASSL* ssl)
Vanger	0:b86d15c6ba29	984	{
Vanger	0:b86d15c6ba29	985	CYASSL_ENTER("SSL_want_read");
Vanger	0:b86d15c6ba29	986	if (ssl->error == WANT_READ)
Vanger	0:b86d15c6ba29	987	return 1;
Vanger	0:b86d15c6ba29	988
Vanger	0:b86d15c6ba29	989	return 0;
Vanger	0:b86d15c6ba29	990	}
Vanger	0:b86d15c6ba29	991
Vanger	0:b86d15c6ba29	992
Vanger	0:b86d15c6ba29	993	/* return TRUE if current error is want write */
Vanger	0:b86d15c6ba29	994	int CyaSSL_want_write(CYASSL* ssl)
Vanger	0:b86d15c6ba29	995	{
Vanger	0:b86d15c6ba29	996	CYASSL_ENTER("SSL_want_write");
Vanger	0:b86d15c6ba29	997	if (ssl->error == WANT_WRITE)
Vanger	0:b86d15c6ba29	998	return 1;
Vanger	0:b86d15c6ba29	999
Vanger	0:b86d15c6ba29	1000	return 0;
Vanger	0:b86d15c6ba29	1001	}
Vanger	0:b86d15c6ba29	1002
Vanger	0:b86d15c6ba29	1003
Vanger	0:b86d15c6ba29	1004	char* CyaSSL_ERR_error_string(unsigned long errNumber, char* data)
Vanger	0:b86d15c6ba29	1005	{
Vanger	0:b86d15c6ba29	1006	static const char* msg = "Please supply a buffer for error string";
Vanger	0:b86d15c6ba29	1007
Vanger	0:b86d15c6ba29	1008	CYASSL_ENTER("ERR_error_string");
Vanger	0:b86d15c6ba29	1009	if (data) {
Vanger	0:b86d15c6ba29	1010	SetErrorString((int)errNumber, data);
Vanger	0:b86d15c6ba29	1011	return data;
Vanger	0:b86d15c6ba29	1012	}
Vanger	0:b86d15c6ba29	1013
Vanger	0:b86d15c6ba29	1014	return (char*)msg;
Vanger	0:b86d15c6ba29	1015	}
Vanger	0:b86d15c6ba29	1016
Vanger	0:b86d15c6ba29	1017
Vanger	0:b86d15c6ba29	1018	void CyaSSL_ERR_error_string_n(unsigned long e, char* buf, unsigned long len)
Vanger	0:b86d15c6ba29	1019	{
Vanger	0:b86d15c6ba29	1020	CYASSL_ENTER("CyaSSL_ERR_error_string_n");
Vanger	0:b86d15c6ba29	1021	if (len >= CYASSL_MAX_ERROR_SZ)
Vanger	0:b86d15c6ba29	1022	CyaSSL_ERR_error_string(e, buf);
Vanger	0:b86d15c6ba29	1023	else {
Vanger	0:b86d15c6ba29	1024	char tmp[CYASSL_MAX_ERROR_SZ];
Vanger	0:b86d15c6ba29	1025
Vanger	0:b86d15c6ba29	1026	CYASSL_MSG("Error buffer too short, truncating");
Vanger	0:b86d15c6ba29	1027	if (len) {
Vanger	0:b86d15c6ba29	1028	CyaSSL_ERR_error_string(e, tmp);
Vanger	0:b86d15c6ba29	1029	XMEMCPY(buf, tmp, len-1);
Vanger	0:b86d15c6ba29	1030	buf[len-1] = '\0';
Vanger	0:b86d15c6ba29	1031	}
Vanger	0:b86d15c6ba29	1032	}
Vanger	0:b86d15c6ba29	1033	}
Vanger	0:b86d15c6ba29	1034
Vanger	0:b86d15c6ba29	1035
Vanger	0:b86d15c6ba29	1036	/* don't free temporary arrays at end of handshake */
Vanger	0:b86d15c6ba29	1037	void CyaSSL_KeepArrays(CYASSL* ssl)
Vanger	0:b86d15c6ba29	1038	{
Vanger	0:b86d15c6ba29	1039	if (ssl)
Vanger	0:b86d15c6ba29	1040	ssl->options.saveArrays = 1;
Vanger	0:b86d15c6ba29	1041	}
Vanger	0:b86d15c6ba29	1042
Vanger	0:b86d15c6ba29	1043
Vanger	0:b86d15c6ba29	1044	/* user doesn't need temporary arrays anymore, Free */
Vanger	0:b86d15c6ba29	1045	void CyaSSL_FreeArrays(CYASSL* ssl)
Vanger	0:b86d15c6ba29	1046	{
Vanger	0:b86d15c6ba29	1047	if (ssl && ssl->options.handShakeState == HANDSHAKE_DONE) {
Vanger	0:b86d15c6ba29	1048	ssl->options.saveArrays = 0;
Vanger	0:b86d15c6ba29	1049	FreeArrays(ssl, 1);
Vanger	0:b86d15c6ba29	1050	}
Vanger	0:b86d15c6ba29	1051	}
Vanger	0:b86d15c6ba29	1052
Vanger	0:b86d15c6ba29	1053
Vanger	0:b86d15c6ba29	1054	const byte* CyaSSL_GetMacSecret(CYASSL* ssl, int verify)
Vanger	0:b86d15c6ba29	1055	{
Vanger	0:b86d15c6ba29	1056	if (ssl == NULL)
Vanger	0:b86d15c6ba29	1057	return NULL;
Vanger	0:b86d15c6ba29	1058
Vanger	0:b86d15c6ba29	1059	if ( (ssl->options.side == CYASSL_CLIENT_END && !verify) \|\|
Vanger	0:b86d15c6ba29	1060	(ssl->options.side == CYASSL_SERVER_END && verify) )
Vanger	0:b86d15c6ba29	1061	return ssl->keys.client_write_MAC_secret;
Vanger	0:b86d15c6ba29	1062	else
Vanger	0:b86d15c6ba29	1063	return ssl->keys.server_write_MAC_secret;
Vanger	0:b86d15c6ba29	1064	}
Vanger	0:b86d15c6ba29	1065
Vanger	0:b86d15c6ba29	1066
Vanger	0:b86d15c6ba29	1067	#ifdef ATOMIC_USER
Vanger	0:b86d15c6ba29	1068
Vanger	0:b86d15c6ba29	1069	void CyaSSL_CTX_SetMacEncryptCb(CYASSL_CTX* ctx, CallbackMacEncrypt cb)
Vanger	0:b86d15c6ba29	1070	{
Vanger	0:b86d15c6ba29	1071	if (ctx)
Vanger	0:b86d15c6ba29	1072	ctx->MacEncryptCb = cb;
Vanger	0:b86d15c6ba29	1073	}
Vanger	0:b86d15c6ba29	1074
Vanger	0:b86d15c6ba29	1075
Vanger	0:b86d15c6ba29	1076	void CyaSSL_SetMacEncryptCtx(CYASSL* ssl, void *ctx)
Vanger	0:b86d15c6ba29	1077	{
Vanger	0:b86d15c6ba29	1078	if (ssl)
Vanger	0:b86d15c6ba29	1079	ssl->MacEncryptCtx = ctx;
Vanger	0:b86d15c6ba29	1080	}
Vanger	0:b86d15c6ba29	1081
Vanger	0:b86d15c6ba29	1082
Vanger	0:b86d15c6ba29	1083	void* CyaSSL_GetMacEncryptCtx(CYASSL* ssl)
Vanger	0:b86d15c6ba29	1084	{
Vanger	0:b86d15c6ba29	1085	if (ssl)
Vanger	0:b86d15c6ba29	1086	return ssl->MacEncryptCtx;
Vanger	0:b86d15c6ba29	1087
Vanger	0:b86d15c6ba29	1088	return NULL;
Vanger	0:b86d15c6ba29	1089	}
Vanger	0:b86d15c6ba29	1090
Vanger	0:b86d15c6ba29	1091
Vanger	0:b86d15c6ba29	1092	void CyaSSL_CTX_SetDecryptVerifyCb(CYASSL_CTX* ctx, CallbackDecryptVerify cb)
Vanger	0:b86d15c6ba29	1093	{
Vanger	0:b86d15c6ba29	1094	if (ctx)
Vanger	0:b86d15c6ba29	1095	ctx->DecryptVerifyCb = cb;
Vanger	0:b86d15c6ba29	1096	}
Vanger	0:b86d15c6ba29	1097
Vanger	0:b86d15c6ba29	1098
Vanger	0:b86d15c6ba29	1099	void CyaSSL_SetDecryptVerifyCtx(CYASSL* ssl, void *ctx)
Vanger	0:b86d15c6ba29	1100	{
Vanger	0:b86d15c6ba29	1101	if (ssl)
Vanger	0:b86d15c6ba29	1102	ssl->DecryptVerifyCtx = ctx;
Vanger	0:b86d15c6ba29	1103	}
Vanger	0:b86d15c6ba29	1104
Vanger	0:b86d15c6ba29	1105
Vanger	0:b86d15c6ba29	1106	void* CyaSSL_GetDecryptVerifyCtx(CYASSL* ssl)
Vanger	0:b86d15c6ba29	1107	{
Vanger	0:b86d15c6ba29	1108	if (ssl)
Vanger	0:b86d15c6ba29	1109	return ssl->DecryptVerifyCtx;
Vanger	0:b86d15c6ba29	1110
Vanger	0:b86d15c6ba29	1111	return NULL;
Vanger	0:b86d15c6ba29	1112	}
Vanger	0:b86d15c6ba29	1113
Vanger	0:b86d15c6ba29	1114
Vanger	0:b86d15c6ba29	1115	const byte* CyaSSL_GetClientWriteKey(CYASSL* ssl)
Vanger	0:b86d15c6ba29	1116	{
Vanger	0:b86d15c6ba29	1117	if (ssl)
Vanger	0:b86d15c6ba29	1118	return ssl->keys.client_write_key;
Vanger	0:b86d15c6ba29	1119
Vanger	0:b86d15c6ba29	1120	return NULL;
Vanger	0:b86d15c6ba29	1121	}
Vanger	0:b86d15c6ba29	1122
Vanger	0:b86d15c6ba29	1123
Vanger	0:b86d15c6ba29	1124	const byte* CyaSSL_GetClientWriteIV(CYASSL* ssl)
Vanger	0:b86d15c6ba29	1125	{
Vanger	0:b86d15c6ba29	1126	if (ssl)
Vanger	0:b86d15c6ba29	1127	return ssl->keys.client_write_IV;
Vanger	0:b86d15c6ba29	1128
Vanger	0:b86d15c6ba29	1129	return NULL;
Vanger	0:b86d15c6ba29	1130	}
Vanger	0:b86d15c6ba29	1131
Vanger	0:b86d15c6ba29	1132
Vanger	0:b86d15c6ba29	1133	const byte* CyaSSL_GetServerWriteKey(CYASSL* ssl)
Vanger	0:b86d15c6ba29	1134	{
Vanger	0:b86d15c6ba29	1135	if (ssl)
Vanger	0:b86d15c6ba29	1136	return ssl->keys.server_write_key;
Vanger	0:b86d15c6ba29	1137
Vanger	0:b86d15c6ba29	1138	return NULL;
Vanger	0:b86d15c6ba29	1139	}
Vanger	0:b86d15c6ba29	1140
Vanger	0:b86d15c6ba29	1141
Vanger	0:b86d15c6ba29	1142	const byte* CyaSSL_GetServerWriteIV(CYASSL* ssl)
Vanger	0:b86d15c6ba29	1143	{
Vanger	0:b86d15c6ba29	1144	if (ssl)
Vanger	0:b86d15c6ba29	1145	return ssl->keys.server_write_IV;
Vanger	0:b86d15c6ba29	1146
Vanger	0:b86d15c6ba29	1147	return NULL;
Vanger	0:b86d15c6ba29	1148	}
Vanger	0:b86d15c6ba29	1149
Vanger	0:b86d15c6ba29	1150
Vanger	0:b86d15c6ba29	1151	int CyaSSL_GetKeySize(CYASSL* ssl)
Vanger	0:b86d15c6ba29	1152	{
Vanger	0:b86d15c6ba29	1153	if (ssl)
Vanger	0:b86d15c6ba29	1154	return ssl->specs.key_size;
Vanger	0:b86d15c6ba29	1155
Vanger	0:b86d15c6ba29	1156	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	1157	}
Vanger	0:b86d15c6ba29	1158
Vanger	0:b86d15c6ba29	1159
Vanger	0:b86d15c6ba29	1160	int CyaSSL_GetIVSize(CYASSL* ssl)
Vanger	0:b86d15c6ba29	1161	{
Vanger	0:b86d15c6ba29	1162	if (ssl)
Vanger	0:b86d15c6ba29	1163	return ssl->specs.iv_size;
Vanger	0:b86d15c6ba29	1164
Vanger	0:b86d15c6ba29	1165	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	1166	}
Vanger	0:b86d15c6ba29	1167
Vanger	0:b86d15c6ba29	1168
Vanger	0:b86d15c6ba29	1169	int CyaSSL_GetBulkCipher(CYASSL* ssl)
Vanger	0:b86d15c6ba29	1170	{
Vanger	0:b86d15c6ba29	1171	if (ssl)
Vanger	0:b86d15c6ba29	1172	return ssl->specs.bulk_cipher_algorithm;
Vanger	0:b86d15c6ba29	1173
Vanger	0:b86d15c6ba29	1174	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	1175	}
Vanger	0:b86d15c6ba29	1176
Vanger	0:b86d15c6ba29	1177
Vanger	0:b86d15c6ba29	1178	int CyaSSL_GetCipherType(CYASSL* ssl)
Vanger	0:b86d15c6ba29	1179	{
Vanger	0:b86d15c6ba29	1180	if (ssl == NULL)
Vanger	0:b86d15c6ba29	1181	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	1182
Vanger	0:b86d15c6ba29	1183	if (ssl->specs.cipher_type == block)
Vanger	0:b86d15c6ba29	1184	return CYASSL_BLOCK_TYPE;
Vanger	0:b86d15c6ba29	1185	if (ssl->specs.cipher_type == stream)
Vanger	0:b86d15c6ba29	1186	return CYASSL_STREAM_TYPE;
Vanger	0:b86d15c6ba29	1187	if (ssl->specs.cipher_type == aead)
Vanger	0:b86d15c6ba29	1188	return CYASSL_AEAD_TYPE;
Vanger	0:b86d15c6ba29	1189
Vanger	0:b86d15c6ba29	1190	return -1;
Vanger	0:b86d15c6ba29	1191	}
Vanger	0:b86d15c6ba29	1192
Vanger	0:b86d15c6ba29	1193
Vanger	0:b86d15c6ba29	1194	int CyaSSL_GetCipherBlockSize(CYASSL* ssl)
Vanger	0:b86d15c6ba29	1195	{
Vanger	0:b86d15c6ba29	1196	if (ssl == NULL)
Vanger	0:b86d15c6ba29	1197	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	1198
Vanger	0:b86d15c6ba29	1199	return ssl->specs.block_size;
Vanger	0:b86d15c6ba29	1200	}
Vanger	0:b86d15c6ba29	1201
Vanger	0:b86d15c6ba29	1202
Vanger	0:b86d15c6ba29	1203	int CyaSSL_GetAeadMacSize(CYASSL* ssl)
Vanger	0:b86d15c6ba29	1204	{
Vanger	0:b86d15c6ba29	1205	if (ssl == NULL)
Vanger	0:b86d15c6ba29	1206	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	1207
Vanger	0:b86d15c6ba29	1208	return ssl->specs.aead_mac_size;
Vanger	0:b86d15c6ba29	1209	}
Vanger	0:b86d15c6ba29	1210
Vanger	0:b86d15c6ba29	1211
Vanger	0:b86d15c6ba29	1212	int CyaSSL_IsTLSv1_1(CYASSL* ssl)
Vanger	0:b86d15c6ba29	1213	{
Vanger	0:b86d15c6ba29	1214	if (ssl == NULL)
Vanger	0:b86d15c6ba29	1215	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	1216
Vanger	0:b86d15c6ba29	1217	if (ssl->options.tls1_1)
Vanger	0:b86d15c6ba29	1218	return 1;
Vanger	0:b86d15c6ba29	1219
Vanger	0:b86d15c6ba29	1220	return 0;
Vanger	0:b86d15c6ba29	1221	}
Vanger	0:b86d15c6ba29	1222
Vanger	0:b86d15c6ba29	1223
Vanger	0:b86d15c6ba29	1224	int CyaSSL_GetSide(CYASSL* ssl)
Vanger	0:b86d15c6ba29	1225	{
Vanger	0:b86d15c6ba29	1226	if (ssl)
Vanger	0:b86d15c6ba29	1227	return ssl->options.side;
Vanger	0:b86d15c6ba29	1228
Vanger	0:b86d15c6ba29	1229	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	1230	}
Vanger	0:b86d15c6ba29	1231
Vanger	0:b86d15c6ba29	1232
Vanger	0:b86d15c6ba29	1233	int CyaSSL_GetHmacSize(CYASSL* ssl)
Vanger	0:b86d15c6ba29	1234	{
Vanger	0:b86d15c6ba29	1235	/* AEAD ciphers don't have HMAC keys */
Vanger	0:b86d15c6ba29	1236	if (ssl)
Vanger	0:b86d15c6ba29	1237	return (ssl->specs.cipher_type != aead) ? ssl->specs.hash_size : 0;
Vanger	0:b86d15c6ba29	1238
Vanger	0:b86d15c6ba29	1239	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	1240	}
Vanger	0:b86d15c6ba29	1241
Vanger	0:b86d15c6ba29	1242	#endif /* ATOMIC_USER */
Vanger	0:b86d15c6ba29	1243
Vanger	0:b86d15c6ba29	1244	#ifndef NO_CERTS
Vanger	0:b86d15c6ba29	1245
Vanger	0:b86d15c6ba29	1246	CYASSL_CERT_MANAGER* CyaSSL_CertManagerNew(void)
Vanger	0:b86d15c6ba29	1247	{
Vanger	0:b86d15c6ba29	1248	CYASSL_CERT_MANAGER* cm = NULL;
Vanger	0:b86d15c6ba29	1249
Vanger	0:b86d15c6ba29	1250	CYASSL_ENTER("CyaSSL_CertManagerNew");
Vanger	0:b86d15c6ba29	1251
Vanger	0:b86d15c6ba29	1252	cm = (CYASSL_CERT_MANAGER*) XMALLOC(sizeof(CYASSL_CERT_MANAGER), 0,
Vanger	0:b86d15c6ba29	1253	DYNAMIC_TYPE_CERT_MANAGER);
Vanger	0:b86d15c6ba29	1254	if (cm) {
Vanger	0:b86d15c6ba29	1255	XMEMSET(cm, 0, sizeof(CYASSL_CERT_MANAGER));
Vanger	0:b86d15c6ba29	1256
Vanger	0:b86d15c6ba29	1257	if (InitMutex(&cm->caLock) != 0) {
Vanger	0:b86d15c6ba29	1258	CYASSL_MSG("Bad mutex init");
Vanger	0:b86d15c6ba29	1259	CyaSSL_CertManagerFree(cm);
Vanger	0:b86d15c6ba29	1260	return NULL;
Vanger	0:b86d15c6ba29	1261	}
Vanger	0:b86d15c6ba29	1262	}
Vanger	0:b86d15c6ba29	1263
Vanger	0:b86d15c6ba29	1264	return cm;
Vanger	0:b86d15c6ba29	1265	}
Vanger	0:b86d15c6ba29	1266
Vanger	0:b86d15c6ba29	1267
Vanger	0:b86d15c6ba29	1268	void CyaSSL_CertManagerFree(CYASSL_CERT_MANAGER* cm)
Vanger	0:b86d15c6ba29	1269	{
Vanger	0:b86d15c6ba29	1270	CYASSL_ENTER("CyaSSL_CertManagerFree");
Vanger	0:b86d15c6ba29	1271
Vanger	0:b86d15c6ba29	1272	if (cm) {
Vanger	0:b86d15c6ba29	1273	#ifdef HAVE_CRL
Vanger	0:b86d15c6ba29	1274	if (cm->crl)
Vanger	0:b86d15c6ba29	1275	FreeCRL(cm->crl, 1);
Vanger	0:b86d15c6ba29	1276	#endif
Vanger	0:b86d15c6ba29	1277	#ifdef HAVE_OCSP
Vanger	0:b86d15c6ba29	1278	if (cm->ocsp)
Vanger	0:b86d15c6ba29	1279	FreeOCSP(cm->ocsp, 1);
Vanger	0:b86d15c6ba29	1280	#endif
Vanger	0:b86d15c6ba29	1281	FreeSignerTable(cm->caTable, CA_TABLE_SIZE, NULL);
Vanger	0:b86d15c6ba29	1282	FreeMutex(&cm->caLock);
Vanger	0:b86d15c6ba29	1283	XFREE(cm, NULL, DYNAMIC_TYPE_CERT_MANAGER);
Vanger	0:b86d15c6ba29	1284	}
Vanger	0:b86d15c6ba29	1285
Vanger	0:b86d15c6ba29	1286	}
Vanger	0:b86d15c6ba29	1287
Vanger	0:b86d15c6ba29	1288
Vanger	0:b86d15c6ba29	1289	/* Unload the CA signer list */
Vanger	0:b86d15c6ba29	1290	int CyaSSL_CertManagerUnloadCAs(CYASSL_CERT_MANAGER* cm)
Vanger	0:b86d15c6ba29	1291	{
Vanger	0:b86d15c6ba29	1292	CYASSL_ENTER("CyaSSL_CertManagerUnloadCAs");
Vanger	0:b86d15c6ba29	1293
Vanger	0:b86d15c6ba29	1294	if (cm == NULL)
Vanger	0:b86d15c6ba29	1295	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	1296
Vanger	0:b86d15c6ba29	1297	if (LockMutex(&cm->caLock) != 0)
Vanger	0:b86d15c6ba29	1298	return BAD_MUTEX_E;
Vanger	0:b86d15c6ba29	1299
Vanger	0:b86d15c6ba29	1300	FreeSignerTable(cm->caTable, CA_TABLE_SIZE, NULL);
Vanger	0:b86d15c6ba29	1301
Vanger	0:b86d15c6ba29	1302	UnLockMutex(&cm->caLock);
Vanger	0:b86d15c6ba29	1303
Vanger	0:b86d15c6ba29	1304
Vanger	0:b86d15c6ba29	1305	return SSL_SUCCESS;
Vanger	0:b86d15c6ba29	1306	}
Vanger	0:b86d15c6ba29	1307
Vanger	0:b86d15c6ba29	1308
Vanger	0:b86d15c6ba29	1309	/* Return bytes written to buff or < 0 for error */
Vanger	0:b86d15c6ba29	1310	int CyaSSL_CertPemToDer(const unsigned char* pem, int pemSz,
Vanger	0:b86d15c6ba29	1311	unsigned char* buff, int buffSz,
Vanger	0:b86d15c6ba29	1312	int type)
Vanger	0:b86d15c6ba29	1313	{
Vanger	0:b86d15c6ba29	1314	int eccKey = 0;
Vanger	0:b86d15c6ba29	1315	int ret;
Vanger	0:b86d15c6ba29	1316	buffer der;
Vanger	0:b86d15c6ba29	1317	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	1318	EncryptedInfo* info = NULL;
Vanger	0:b86d15c6ba29	1319	#else
Vanger	0:b86d15c6ba29	1320	EncryptedInfo info[1];
Vanger	0:b86d15c6ba29	1321	#endif
Vanger	0:b86d15c6ba29	1322
Vanger	0:b86d15c6ba29	1323	CYASSL_ENTER("CyaSSL_CertPemToDer");
Vanger	0:b86d15c6ba29	1324
Vanger	0:b86d15c6ba29	1325	if (pem == NULL \|\| buff == NULL \|\| buffSz <= 0) {
Vanger	0:b86d15c6ba29	1326	CYASSL_MSG("Bad pem der args");
Vanger	0:b86d15c6ba29	1327	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	1328	}
Vanger	0:b86d15c6ba29	1329
Vanger	0:b86d15c6ba29	1330	if (type != CERT_TYPE && type != CA_TYPE && type != CERTREQ_TYPE) {
Vanger	0:b86d15c6ba29	1331	CYASSL_MSG("Bad cert type");
Vanger	0:b86d15c6ba29	1332	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	1333	}
Vanger	0:b86d15c6ba29	1334
Vanger	0:b86d15c6ba29	1335	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	1336	info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), NULL,
Vanger	0:b86d15c6ba29	1337	DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	1338	if (info == NULL)
Vanger	0:b86d15c6ba29	1339	return MEMORY_E;
Vanger	0:b86d15c6ba29	1340	#endif
Vanger	0:b86d15c6ba29	1341
Vanger	0:b86d15c6ba29	1342	info->set = 0;
Vanger	0:b86d15c6ba29	1343	info->ctx = NULL;
Vanger	0:b86d15c6ba29	1344	info->consumed = 0;
Vanger	0:b86d15c6ba29	1345	der.buffer = NULL;
Vanger	0:b86d15c6ba29	1346
Vanger	0:b86d15c6ba29	1347	ret = PemToDer(pem, pemSz, type, &der, NULL, info, &eccKey);
Vanger	0:b86d15c6ba29	1348
Vanger	0:b86d15c6ba29	1349	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	1350	XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	1351	#endif
Vanger	0:b86d15c6ba29	1352
Vanger	0:b86d15c6ba29	1353	if (ret < 0) {
Vanger	0:b86d15c6ba29	1354	CYASSL_MSG("Bad Pem To Der");
Vanger	0:b86d15c6ba29	1355	}
Vanger	0:b86d15c6ba29	1356	else {
Vanger	0:b86d15c6ba29	1357	if (der.length <= (word32)buffSz) {
Vanger	0:b86d15c6ba29	1358	XMEMCPY(buff, der.buffer, der.length);
Vanger	0:b86d15c6ba29	1359	ret = der.length;
Vanger	0:b86d15c6ba29	1360	}
Vanger	0:b86d15c6ba29	1361	else {
Vanger	0:b86d15c6ba29	1362	CYASSL_MSG("Bad der length");
Vanger	0:b86d15c6ba29	1363	ret = BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	1364	}
Vanger	0:b86d15c6ba29	1365	}
Vanger	0:b86d15c6ba29	1366
Vanger	0:b86d15c6ba29	1367	XFREE(der.buffer, NULL, DYNAMIC_TYPE_KEY);
Vanger	0:b86d15c6ba29	1368
Vanger	0:b86d15c6ba29	1369	return ret;
Vanger	0:b86d15c6ba29	1370	}
Vanger	0:b86d15c6ba29	1371
Vanger	0:b86d15c6ba29	1372
Vanger	0:b86d15c6ba29	1373	#if defined(OPENSSL_EXTRA) \|\| defined(HAVE_WEBSERVER)
Vanger	0:b86d15c6ba29	1374
Vanger	0:b86d15c6ba29	1375	/* our KeyPemToDer password callback, password in userData */
Vanger	0:b86d15c6ba29	1376	static INLINE int OurPasswordCb(char* passwd, int sz, int rw, void* userdata)
Vanger	0:b86d15c6ba29	1377	{
Vanger	0:b86d15c6ba29	1378	(void)rw;
Vanger	0:b86d15c6ba29	1379
Vanger	0:b86d15c6ba29	1380	if (userdata == NULL)
Vanger	0:b86d15c6ba29	1381	return 0;
Vanger	0:b86d15c6ba29	1382
Vanger	0:b86d15c6ba29	1383	XSTRNCPY(passwd, (char*)userdata, sz);
Vanger	0:b86d15c6ba29	1384	return min((word32)sz, (word32)XSTRLEN((char*)userdata));
Vanger	0:b86d15c6ba29	1385	}
Vanger	0:b86d15c6ba29	1386
Vanger	0:b86d15c6ba29	1387	#endif /* OPENSSL_EXTRA \|\| HAVE_WEBSERVER */
Vanger	0:b86d15c6ba29	1388
Vanger	0:b86d15c6ba29	1389
Vanger	0:b86d15c6ba29	1390	/* Return bytes written to buff or < 0 for error */
Vanger	0:b86d15c6ba29	1391	int CyaSSL_KeyPemToDer(const unsigned char* pem, int pemSz, unsigned char* buff,
Vanger	0:b86d15c6ba29	1392	int buffSz, const char* pass)
Vanger	0:b86d15c6ba29	1393	{
Vanger	0:b86d15c6ba29	1394	int eccKey = 0;
Vanger	0:b86d15c6ba29	1395	int ret;
Vanger	0:b86d15c6ba29	1396	buffer der;
Vanger	0:b86d15c6ba29	1397	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	1398	EncryptedInfo* info = NULL;
Vanger	0:b86d15c6ba29	1399	#else
Vanger	0:b86d15c6ba29	1400	EncryptedInfo info[1];
Vanger	0:b86d15c6ba29	1401	#endif
Vanger	0:b86d15c6ba29	1402
Vanger	0:b86d15c6ba29	1403	(void)pass;
Vanger	0:b86d15c6ba29	1404
Vanger	0:b86d15c6ba29	1405	CYASSL_ENTER("CyaSSL_KeyPemToDer");
Vanger	0:b86d15c6ba29	1406
Vanger	0:b86d15c6ba29	1407	if (pem == NULL \|\| buff == NULL \|\| buffSz <= 0) {
Vanger	0:b86d15c6ba29	1408	CYASSL_MSG("Bad pem der args");
Vanger	0:b86d15c6ba29	1409	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	1410	}
Vanger	0:b86d15c6ba29	1411
Vanger	0:b86d15c6ba29	1412	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	1413	info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), NULL,
Vanger	0:b86d15c6ba29	1414	DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	1415	if (info == NULL)
Vanger	0:b86d15c6ba29	1416	return MEMORY_E;
Vanger	0:b86d15c6ba29	1417	#endif
Vanger	0:b86d15c6ba29	1418
Vanger	0:b86d15c6ba29	1419	info->set = 0;
Vanger	0:b86d15c6ba29	1420	info->ctx = NULL;
Vanger	0:b86d15c6ba29	1421	info->consumed = 0;
Vanger	0:b86d15c6ba29	1422	der.buffer = NULL;
Vanger	0:b86d15c6ba29	1423
Vanger	0:b86d15c6ba29	1424	#if defined(OPENSSL_EXTRA) \|\| defined(HAVE_WEBSERVER)
Vanger	0:b86d15c6ba29	1425	if (pass) {
Vanger	0:b86d15c6ba29	1426	info->ctx = CyaSSL_CTX_new(CyaSSLv23_client_method());
Vanger	0:b86d15c6ba29	1427	if (info->ctx == NULL) {
Vanger	0:b86d15c6ba29	1428	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	1429	XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	1430	#endif
Vanger	0:b86d15c6ba29	1431	return MEMORY_E;
Vanger	0:b86d15c6ba29	1432	}
Vanger	0:b86d15c6ba29	1433
Vanger	0:b86d15c6ba29	1434	CyaSSL_CTX_set_default_passwd_cb(info->ctx, OurPasswordCb);
Vanger	0:b86d15c6ba29	1435	CyaSSL_CTX_set_default_passwd_cb_userdata(info->ctx, (void*)pass);
Vanger	0:b86d15c6ba29	1436	}
Vanger	0:b86d15c6ba29	1437	#endif
Vanger	0:b86d15c6ba29	1438
Vanger	0:b86d15c6ba29	1439	ret = PemToDer(pem, pemSz, PRIVATEKEY_TYPE, &der, NULL, info, &eccKey);
Vanger	0:b86d15c6ba29	1440
Vanger	0:b86d15c6ba29	1441	if (info->ctx)
Vanger	0:b86d15c6ba29	1442	CyaSSL_CTX_free(info->ctx);
Vanger	0:b86d15c6ba29	1443
Vanger	0:b86d15c6ba29	1444	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	1445	XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	1446	#endif
Vanger	0:b86d15c6ba29	1447
Vanger	0:b86d15c6ba29	1448	if (ret < 0) {
Vanger	0:b86d15c6ba29	1449	CYASSL_MSG("Bad Pem To Der");
Vanger	0:b86d15c6ba29	1450	}
Vanger	0:b86d15c6ba29	1451	else {
Vanger	0:b86d15c6ba29	1452	if (der.length <= (word32)buffSz) {
Vanger	0:b86d15c6ba29	1453	XMEMCPY(buff, der.buffer, der.length);
Vanger	0:b86d15c6ba29	1454	ret = der.length;
Vanger	0:b86d15c6ba29	1455	}
Vanger	0:b86d15c6ba29	1456	else {
Vanger	0:b86d15c6ba29	1457	CYASSL_MSG("Bad der length");
Vanger	0:b86d15c6ba29	1458	ret = BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	1459	}
Vanger	0:b86d15c6ba29	1460	}
Vanger	0:b86d15c6ba29	1461
Vanger	0:b86d15c6ba29	1462	XFREE(der.buffer, NULL, DYNAMIC_TYPE_KEY);
Vanger	0:b86d15c6ba29	1463
Vanger	0:b86d15c6ba29	1464	return ret;
Vanger	0:b86d15c6ba29	1465	}
Vanger	0:b86d15c6ba29	1466
Vanger	0:b86d15c6ba29	1467
Vanger	0:b86d15c6ba29	1468	#endif /* !NO_CERTS */
Vanger	0:b86d15c6ba29	1469
Vanger	0:b86d15c6ba29	1470
Vanger	0:b86d15c6ba29	1471
Vanger	0:b86d15c6ba29	1472	#if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)
Vanger	0:b86d15c6ba29	1473
Vanger	0:b86d15c6ba29	1474	void CyaSSL_ERR_print_errors_fp(FILE* fp, int err)
Vanger	0:b86d15c6ba29	1475	{
Vanger	0:b86d15c6ba29	1476	char data[CYASSL_MAX_ERROR_SZ + 1];
Vanger	0:b86d15c6ba29	1477
Vanger	0:b86d15c6ba29	1478	CYASSL_ENTER("CyaSSL_ERR_print_errors_fp");
Vanger	0:b86d15c6ba29	1479	SetErrorString(err, data);
Vanger	0:b86d15c6ba29	1480	fprintf(fp, "%s", data);
Vanger	0:b86d15c6ba29	1481	}
Vanger	0:b86d15c6ba29	1482
Vanger	0:b86d15c6ba29	1483	#endif
Vanger	0:b86d15c6ba29	1484
Vanger	0:b86d15c6ba29	1485
Vanger	0:b86d15c6ba29	1486	int CyaSSL_pending(CYASSL* ssl)
Vanger	0:b86d15c6ba29	1487	{
Vanger	0:b86d15c6ba29	1488	CYASSL_ENTER("SSL_pending");
Vanger	0:b86d15c6ba29	1489	return ssl->buffers.clearOutputBuffer.length;
Vanger	0:b86d15c6ba29	1490	}
Vanger	0:b86d15c6ba29	1491
Vanger	0:b86d15c6ba29	1492
Vanger	0:b86d15c6ba29	1493	#ifndef CYASSL_LEANPSK
Vanger	0:b86d15c6ba29	1494	/* trun on handshake group messages for context */
Vanger	0:b86d15c6ba29	1495	int CyaSSL_CTX_set_group_messages(CYASSL_CTX* ctx)
Vanger	0:b86d15c6ba29	1496	{
Vanger	0:b86d15c6ba29	1497	if (ctx == NULL)
Vanger	0:b86d15c6ba29	1498	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	1499
Vanger	0:b86d15c6ba29	1500	ctx->groupMessages = 1;
Vanger	0:b86d15c6ba29	1501
Vanger	0:b86d15c6ba29	1502	return SSL_SUCCESS;
Vanger	0:b86d15c6ba29	1503	}
Vanger	0:b86d15c6ba29	1504	#endif
Vanger	0:b86d15c6ba29	1505
Vanger	0:b86d15c6ba29	1506
Vanger	0:b86d15c6ba29	1507	#ifndef NO_CYASSL_CLIENT
Vanger	0:b86d15c6ba29	1508	/* connect enough to get peer cert chain */
Vanger	0:b86d15c6ba29	1509	int CyaSSL_connect_cert(CYASSL* ssl)
Vanger	0:b86d15c6ba29	1510	{
Vanger	0:b86d15c6ba29	1511	int ret;
Vanger	0:b86d15c6ba29	1512
Vanger	0:b86d15c6ba29	1513	if (ssl == NULL)
Vanger	0:b86d15c6ba29	1514	return SSL_FAILURE;
Vanger	0:b86d15c6ba29	1515
Vanger	0:b86d15c6ba29	1516	ssl->options.certOnly = 1;
Vanger	0:b86d15c6ba29	1517	ret = CyaSSL_connect(ssl);
Vanger	0:b86d15c6ba29	1518	ssl->options.certOnly = 0;
Vanger	0:b86d15c6ba29	1519
Vanger	0:b86d15c6ba29	1520	return ret;
Vanger	0:b86d15c6ba29	1521	}
Vanger	0:b86d15c6ba29	1522	#endif
Vanger	0:b86d15c6ba29	1523
Vanger	0:b86d15c6ba29	1524
Vanger	0:b86d15c6ba29	1525	#ifndef CYASSL_LEANPSK
Vanger	0:b86d15c6ba29	1526	/* trun on handshake group messages for ssl object */
Vanger	0:b86d15c6ba29	1527	int CyaSSL_set_group_messages(CYASSL* ssl)
Vanger	0:b86d15c6ba29	1528	{
Vanger	0:b86d15c6ba29	1529	if (ssl == NULL)
Vanger	0:b86d15c6ba29	1530	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	1531
Vanger	0:b86d15c6ba29	1532	ssl->options.groupMessages = 1;
Vanger	0:b86d15c6ba29	1533
Vanger	0:b86d15c6ba29	1534	return SSL_SUCCESS;
Vanger	0:b86d15c6ba29	1535	}
Vanger	0:b86d15c6ba29	1536
Vanger	0:b86d15c6ba29	1537
Vanger	0:b86d15c6ba29	1538	/* Set minimum downgrade version allowed, SSL_SUCCESS on ok */
Vanger	0:b86d15c6ba29	1539	int CyaSSL_SetMinVersion(CYASSL* ssl, int version)
Vanger	0:b86d15c6ba29	1540	{
Vanger	0:b86d15c6ba29	1541	CYASSL_ENTER("CyaSSL_SetMinVersion");
Vanger	0:b86d15c6ba29	1542
Vanger	0:b86d15c6ba29	1543	if (ssl == NULL) {
Vanger	0:b86d15c6ba29	1544	CYASSL_MSG("Bad function argument");
Vanger	0:b86d15c6ba29	1545	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	1546	}
Vanger	0:b86d15c6ba29	1547
Vanger	0:b86d15c6ba29	1548	switch (version) {
Vanger	0:b86d15c6ba29	1549	#ifndef NO_OLD_TLS
Vanger	0:b86d15c6ba29	1550	case CYASSL_SSLV3:
Vanger	0:b86d15c6ba29	1551	ssl->options.minDowngrade = SSLv3_MINOR;
Vanger	0:b86d15c6ba29	1552	break;
Vanger	0:b86d15c6ba29	1553	#endif
Vanger	0:b86d15c6ba29	1554
Vanger	0:b86d15c6ba29	1555	#ifndef NO_TLS
Vanger	0:b86d15c6ba29	1556	#ifndef NO_OLD_TLS
Vanger	0:b86d15c6ba29	1557	case CYASSL_TLSV1:
Vanger	0:b86d15c6ba29	1558	ssl->options.minDowngrade = TLSv1_MINOR;
Vanger	0:b86d15c6ba29	1559	break;
Vanger	0:b86d15c6ba29	1560
Vanger	0:b86d15c6ba29	1561	case CYASSL_TLSV1_1:
Vanger	0:b86d15c6ba29	1562	ssl->options.minDowngrade = TLSv1_1_MINOR;
Vanger	0:b86d15c6ba29	1563	break;
Vanger	0:b86d15c6ba29	1564	#endif
Vanger	0:b86d15c6ba29	1565	case CYASSL_TLSV1_2:
Vanger	0:b86d15c6ba29	1566	ssl->options.minDowngrade = TLSv1_2_MINOR;
Vanger	0:b86d15c6ba29	1567	break;
Vanger	0:b86d15c6ba29	1568	#endif
Vanger	0:b86d15c6ba29	1569
Vanger	0:b86d15c6ba29	1570	default:
Vanger	0:b86d15c6ba29	1571	CYASSL_MSG("Bad function argument");
Vanger	0:b86d15c6ba29	1572	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	1573	}
Vanger	0:b86d15c6ba29	1574
Vanger	0:b86d15c6ba29	1575
Vanger	0:b86d15c6ba29	1576	return SSL_SUCCESS;
Vanger	0:b86d15c6ba29	1577	}
Vanger	0:b86d15c6ba29	1578
Vanger	0:b86d15c6ba29	1579
Vanger	0:b86d15c6ba29	1580	int CyaSSL_SetVersion(CYASSL* ssl, int version)
Vanger	0:b86d15c6ba29	1581	{
Vanger	0:b86d15c6ba29	1582	byte haveRSA = 1;
Vanger	0:b86d15c6ba29	1583	byte havePSK = 0;
Vanger	0:b86d15c6ba29	1584
Vanger	0:b86d15c6ba29	1585	CYASSL_ENTER("CyaSSL_SetVersion");
Vanger	0:b86d15c6ba29	1586
Vanger	0:b86d15c6ba29	1587	if (ssl == NULL) {
Vanger	0:b86d15c6ba29	1588	CYASSL_MSG("Bad function argument");
Vanger	0:b86d15c6ba29	1589	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	1590	}
Vanger	0:b86d15c6ba29	1591
Vanger	0:b86d15c6ba29	1592	switch (version) {
Vanger	0:b86d15c6ba29	1593	#ifndef NO_OLD_TLS
Vanger	0:b86d15c6ba29	1594	case CYASSL_SSLV3:
Vanger	0:b86d15c6ba29	1595	ssl->version = MakeSSLv3();
Vanger	0:b86d15c6ba29	1596	break;
Vanger	0:b86d15c6ba29	1597	#endif
Vanger	0:b86d15c6ba29	1598
Vanger	0:b86d15c6ba29	1599	#ifndef NO_TLS
Vanger	0:b86d15c6ba29	1600	#ifndef NO_OLD_TLS
Vanger	0:b86d15c6ba29	1601	case CYASSL_TLSV1:
Vanger	0:b86d15c6ba29	1602	ssl->version = MakeTLSv1();
Vanger	0:b86d15c6ba29	1603	break;
Vanger	0:b86d15c6ba29	1604
Vanger	0:b86d15c6ba29	1605	case CYASSL_TLSV1_1:
Vanger	0:b86d15c6ba29	1606	ssl->version = MakeTLSv1_1();
Vanger	0:b86d15c6ba29	1607	break;
Vanger	0:b86d15c6ba29	1608	#endif
Vanger	0:b86d15c6ba29	1609	case CYASSL_TLSV1_2:
Vanger	0:b86d15c6ba29	1610	ssl->version = MakeTLSv1_2();
Vanger	0:b86d15c6ba29	1611	break;
Vanger	0:b86d15c6ba29	1612	#endif
Vanger	0:b86d15c6ba29	1613
Vanger	0:b86d15c6ba29	1614	default:
Vanger	0:b86d15c6ba29	1615	CYASSL_MSG("Bad function argument");
Vanger	0:b86d15c6ba29	1616	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	1617	}
Vanger	0:b86d15c6ba29	1618
Vanger	0:b86d15c6ba29	1619	#ifdef NO_RSA
Vanger	0:b86d15c6ba29	1620	haveRSA = 0;
Vanger	0:b86d15c6ba29	1621	#endif
Vanger	0:b86d15c6ba29	1622	#ifndef NO_PSK
Vanger	0:b86d15c6ba29	1623	havePSK = ssl->options.havePSK;
Vanger	0:b86d15c6ba29	1624	#endif
Vanger	0:b86d15c6ba29	1625
Vanger	0:b86d15c6ba29	1626	InitSuites(ssl->suites, ssl->version, haveRSA, havePSK, ssl->options.haveDH,
Vanger	0:b86d15c6ba29	1627	ssl->options.haveNTRU, ssl->options.haveECDSAsig,
Vanger	0:b86d15c6ba29	1628	ssl->options.haveStaticECC, ssl->options.side);
Vanger	0:b86d15c6ba29	1629
Vanger	0:b86d15c6ba29	1630	return SSL_SUCCESS;
Vanger	0:b86d15c6ba29	1631	}
Vanger	0:b86d15c6ba29	1632	#endif /* !leanpsk */
Vanger	0:b86d15c6ba29	1633
Vanger	0:b86d15c6ba29	1634
Vanger	0:b86d15c6ba29	1635	#if !defined(NO_CERTS) \|\| !defined(NO_SESSION_CACHE)
Vanger	0:b86d15c6ba29	1636
Vanger	0:b86d15c6ba29	1637	/* Make a work from the front of random hash */
Vanger	0:b86d15c6ba29	1638	static INLINE word32 MakeWordFromHash(const byte* hashID)
Vanger	0:b86d15c6ba29	1639	{
Vanger	0:b86d15c6ba29	1640	return (hashID[0] << 24) \| (hashID[1] << 16) \| (hashID[2] << 8) \|
Vanger	0:b86d15c6ba29	1641	hashID[3];
Vanger	0:b86d15c6ba29	1642	}
Vanger	0:b86d15c6ba29	1643
Vanger	0:b86d15c6ba29	1644	#endif /* !NO_CERTS \|\| !NO_SESSION_CACHE */
Vanger	0:b86d15c6ba29	1645
Vanger	0:b86d15c6ba29	1646
Vanger	0:b86d15c6ba29	1647	#ifndef NO_CERTS
Vanger	0:b86d15c6ba29	1648
Vanger	0:b86d15c6ba29	1649	/* hash is the SHA digest of name, just use first 32 bits as hash */
Vanger	0:b86d15c6ba29	1650	static INLINE word32 HashSigner(const byte* hash)
Vanger	0:b86d15c6ba29	1651	{
Vanger	0:b86d15c6ba29	1652	return MakeWordFromHash(hash) % CA_TABLE_SIZE;
Vanger	0:b86d15c6ba29	1653	}
Vanger	0:b86d15c6ba29	1654
Vanger	0:b86d15c6ba29	1655
Vanger	0:b86d15c6ba29	1656	/* does CA already exist on signer list */
Vanger	0:b86d15c6ba29	1657	int AlreadySigner(CYASSL_CERT_MANAGER* cm, byte* hash)
Vanger	0:b86d15c6ba29	1658	{
Vanger	0:b86d15c6ba29	1659	Signer* signers;
Vanger	0:b86d15c6ba29	1660	int ret = 0;
Vanger	0:b86d15c6ba29	1661	word32 row = HashSigner(hash);
Vanger	0:b86d15c6ba29	1662
Vanger	0:b86d15c6ba29	1663	if (LockMutex(&cm->caLock) != 0)
Vanger	0:b86d15c6ba29	1664	return ret;
Vanger	0:b86d15c6ba29	1665	signers = cm->caTable[row];
Vanger	0:b86d15c6ba29	1666	while (signers) {
Vanger	0:b86d15c6ba29	1667	byte* subjectHash;
Vanger	0:b86d15c6ba29	1668	#ifndef NO_SKID
Vanger	0:b86d15c6ba29	1669	subjectHash = signers->subjectKeyIdHash;
Vanger	0:b86d15c6ba29	1670	#else
Vanger	0:b86d15c6ba29	1671	subjectHash = signers->subjectNameHash;
Vanger	0:b86d15c6ba29	1672	#endif
Vanger	0:b86d15c6ba29	1673	if (XMEMCMP(hash, subjectHash, SHA_DIGEST_SIZE) == 0) {
Vanger	0:b86d15c6ba29	1674	ret = 1;
Vanger	0:b86d15c6ba29	1675	break;
Vanger	0:b86d15c6ba29	1676	}
Vanger	0:b86d15c6ba29	1677	signers = signers->next;
Vanger	0:b86d15c6ba29	1678	}
Vanger	0:b86d15c6ba29	1679	UnLockMutex(&cm->caLock);
Vanger	0:b86d15c6ba29	1680
Vanger	0:b86d15c6ba29	1681	return ret;
Vanger	0:b86d15c6ba29	1682	}
Vanger	0:b86d15c6ba29	1683
Vanger	0:b86d15c6ba29	1684
Vanger	0:b86d15c6ba29	1685	/* return CA if found, otherwise NULL */
Vanger	0:b86d15c6ba29	1686	Signer* GetCA(void* vp, byte* hash)
Vanger	0:b86d15c6ba29	1687	{
Vanger	0:b86d15c6ba29	1688	CYASSL_CERT_MANAGER* cm = (CYASSL_CERT_MANAGER*)vp;
Vanger	0:b86d15c6ba29	1689	Signer* ret = NULL;
Vanger	0:b86d15c6ba29	1690	Signer* signers;
Vanger	0:b86d15c6ba29	1691	word32 row = HashSigner(hash);
Vanger	0:b86d15c6ba29	1692
Vanger	0:b86d15c6ba29	1693	if (cm == NULL)
Vanger	0:b86d15c6ba29	1694	return NULL;
Vanger	0:b86d15c6ba29	1695
Vanger	0:b86d15c6ba29	1696	if (LockMutex(&cm->caLock) != 0)
Vanger	0:b86d15c6ba29	1697	return ret;
Vanger	0:b86d15c6ba29	1698
Vanger	0:b86d15c6ba29	1699	signers = cm->caTable[row];
Vanger	0:b86d15c6ba29	1700	while (signers) {
Vanger	0:b86d15c6ba29	1701	byte* subjectHash;
Vanger	0:b86d15c6ba29	1702	#ifndef NO_SKID
Vanger	0:b86d15c6ba29	1703	subjectHash = signers->subjectKeyIdHash;
Vanger	0:b86d15c6ba29	1704	#else
Vanger	0:b86d15c6ba29	1705	subjectHash = signers->subjectNameHash;
Vanger	0:b86d15c6ba29	1706	#endif
Vanger	0:b86d15c6ba29	1707	if (XMEMCMP(hash, subjectHash, SHA_DIGEST_SIZE) == 0) {
Vanger	0:b86d15c6ba29	1708	ret = signers;
Vanger	0:b86d15c6ba29	1709	break;
Vanger	0:b86d15c6ba29	1710	}
Vanger	0:b86d15c6ba29	1711	signers = signers->next;
Vanger	0:b86d15c6ba29	1712	}
Vanger	0:b86d15c6ba29	1713	UnLockMutex(&cm->caLock);
Vanger	0:b86d15c6ba29	1714
Vanger	0:b86d15c6ba29	1715	return ret;
Vanger	0:b86d15c6ba29	1716	}
Vanger	0:b86d15c6ba29	1717
Vanger	0:b86d15c6ba29	1718
Vanger	0:b86d15c6ba29	1719	#ifndef NO_SKID
Vanger	0:b86d15c6ba29	1720	/* return CA if found, otherwise NULL. Walk through hash table. */
Vanger	0:b86d15c6ba29	1721	Signer* GetCAByName(void* vp, byte* hash)
Vanger	0:b86d15c6ba29	1722	{
Vanger	0:b86d15c6ba29	1723	CYASSL_CERT_MANAGER* cm = (CYASSL_CERT_MANAGER*)vp;
Vanger	0:b86d15c6ba29	1724	Signer* ret = NULL;
Vanger	0:b86d15c6ba29	1725	Signer* signers;
Vanger	0:b86d15c6ba29	1726	word32 row;
Vanger	0:b86d15c6ba29	1727
Vanger	0:b86d15c6ba29	1728	if (cm == NULL)
Vanger	0:b86d15c6ba29	1729	return NULL;
Vanger	0:b86d15c6ba29	1730
Vanger	0:b86d15c6ba29	1731	if (LockMutex(&cm->caLock) != 0)
Vanger	0:b86d15c6ba29	1732	return ret;
Vanger	0:b86d15c6ba29	1733
Vanger	0:b86d15c6ba29	1734	for (row = 0; row < CA_TABLE_SIZE && ret == NULL; row++) {
Vanger	0:b86d15c6ba29	1735	signers = cm->caTable[row];
Vanger	0:b86d15c6ba29	1736	while (signers && ret == NULL) {
Vanger	0:b86d15c6ba29	1737	if (XMEMCMP(hash, signers->subjectNameHash, SHA_DIGEST_SIZE) == 0) {
Vanger	0:b86d15c6ba29	1738	ret = signers;
Vanger	0:b86d15c6ba29	1739	}
Vanger	0:b86d15c6ba29	1740	signers = signers->next;
Vanger	0:b86d15c6ba29	1741	}
Vanger	0:b86d15c6ba29	1742	}
Vanger	0:b86d15c6ba29	1743	UnLockMutex(&cm->caLock);
Vanger	0:b86d15c6ba29	1744
Vanger	0:b86d15c6ba29	1745	return ret;
Vanger	0:b86d15c6ba29	1746	}
Vanger	0:b86d15c6ba29	1747	#endif
Vanger	0:b86d15c6ba29	1748
Vanger	0:b86d15c6ba29	1749
Vanger	0:b86d15c6ba29	1750	/* owns der, internal now uses too */
Vanger	0:b86d15c6ba29	1751	/* type flag ids from user or from chain received during verify
Vanger	0:b86d15c6ba29	1752	don't allow chain ones to be added w/o isCA extension */
Vanger	0:b86d15c6ba29	1753	int AddCA(CYASSL_CERT_MANAGER* cm, buffer der, int type, int verify)
Vanger	0:b86d15c6ba29	1754	{
Vanger	0:b86d15c6ba29	1755	int ret;
Vanger	0:b86d15c6ba29	1756	Signer* signer = 0;
Vanger	0:b86d15c6ba29	1757	word32 row;
Vanger	0:b86d15c6ba29	1758	byte* subjectHash;
Vanger	0:b86d15c6ba29	1759	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	1760	DecodedCert* cert = NULL;
Vanger	0:b86d15c6ba29	1761	#else
Vanger	0:b86d15c6ba29	1762	DecodedCert cert[1];
Vanger	0:b86d15c6ba29	1763	#endif
Vanger	0:b86d15c6ba29	1764
Vanger	0:b86d15c6ba29	1765	CYASSL_MSG("Adding a CA");
Vanger	0:b86d15c6ba29	1766
Vanger	0:b86d15c6ba29	1767	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	1768	cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL,
Vanger	0:b86d15c6ba29	1769	DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	1770	if (cert == NULL)
Vanger	0:b86d15c6ba29	1771	return MEMORY_E;
Vanger	0:b86d15c6ba29	1772	#endif
Vanger	0:b86d15c6ba29	1773
Vanger	0:b86d15c6ba29	1774	InitDecodedCert(cert, der.buffer, der.length, cm->heap);
Vanger	0:b86d15c6ba29	1775	ret = ParseCert(cert, CA_TYPE, verify, cm);
Vanger	0:b86d15c6ba29	1776	CYASSL_MSG(" Parsed new CA");
Vanger	0:b86d15c6ba29	1777
Vanger	0:b86d15c6ba29	1778	#ifndef NO_SKID
Vanger	0:b86d15c6ba29	1779	subjectHash = cert->extSubjKeyId;
Vanger	0:b86d15c6ba29	1780	#else
Vanger	0:b86d15c6ba29	1781	subjectHash = cert->subjectHash;
Vanger	0:b86d15c6ba29	1782	#endif
Vanger	0:b86d15c6ba29	1783
Vanger	0:b86d15c6ba29	1784	if (ret == 0 && cert->isCA == 0 && type != CYASSL_USER_CA) {
Vanger	0:b86d15c6ba29	1785	CYASSL_MSG(" Can't add as CA if not actually one");
Vanger	0:b86d15c6ba29	1786	ret = NOT_CA_ERROR;
Vanger	0:b86d15c6ba29	1787	}
Vanger	0:b86d15c6ba29	1788	#ifndef ALLOW_INVALID_CERTSIGN
Vanger	0:b86d15c6ba29	1789	else if (ret == 0 && cert->isCA == 1 && type != CYASSL_USER_CA &&
Vanger	0:b86d15c6ba29	1790	(cert->extKeyUsage & KEYUSE_KEY_CERT_SIGN) == 0) {
Vanger	0:b86d15c6ba29	1791	/* Intermediate CA certs are required to have the keyCertSign
Vanger	0:b86d15c6ba29	1792	* extension set. User loaded root certs are not. */
Vanger	0:b86d15c6ba29	1793	CYASSL_MSG(" Doesn't have key usage certificate signing");
Vanger	0:b86d15c6ba29	1794	ret = NOT_CA_ERROR;
Vanger	0:b86d15c6ba29	1795	}
Vanger	0:b86d15c6ba29	1796	#endif
Vanger	0:b86d15c6ba29	1797	else if (ret == 0 && AlreadySigner(cm, subjectHash)) {
Vanger	0:b86d15c6ba29	1798	CYASSL_MSG(" Already have this CA, not adding again");
Vanger	0:b86d15c6ba29	1799	(void)ret;
Vanger	0:b86d15c6ba29	1800	}
Vanger	0:b86d15c6ba29	1801	else if (ret == 0) {
Vanger	0:b86d15c6ba29	1802	/* take over signer parts */
Vanger	0:b86d15c6ba29	1803	signer = MakeSigner(cm->heap);
Vanger	0:b86d15c6ba29	1804	if (!signer)
Vanger	0:b86d15c6ba29	1805	ret = MEMORY_ERROR;
Vanger	0:b86d15c6ba29	1806	else {
Vanger	0:b86d15c6ba29	1807	signer->keyOID = cert->keyOID;
Vanger	0:b86d15c6ba29	1808	signer->publicKey = cert->publicKey;
Vanger	0:b86d15c6ba29	1809	signer->pubKeySize = cert->pubKeySize;
Vanger	0:b86d15c6ba29	1810	signer->nameLen = cert->subjectCNLen;
Vanger	0:b86d15c6ba29	1811	signer->name = cert->subjectCN;
Vanger	0:b86d15c6ba29	1812	#ifndef IGNORE_NAME_CONSTRAINTS
Vanger	0:b86d15c6ba29	1813	signer->permittedNames = cert->permittedNames;
Vanger	0:b86d15c6ba29	1814	signer->excludedNames = cert->excludedNames;
Vanger	0:b86d15c6ba29	1815	#endif
Vanger	0:b86d15c6ba29	1816	#ifndef NO_SKID
Vanger	0:b86d15c6ba29	1817	XMEMCPY(signer->subjectKeyIdHash, cert->extSubjKeyId,
Vanger	0:b86d15c6ba29	1818	SHA_DIGEST_SIZE);
Vanger	0:b86d15c6ba29	1819	#endif
Vanger	0:b86d15c6ba29	1820	XMEMCPY(signer->subjectNameHash, cert->subjectHash,
Vanger	0:b86d15c6ba29	1821	SHA_DIGEST_SIZE);
Vanger	0:b86d15c6ba29	1822	signer->keyUsage = cert->extKeyUsageSet ? cert->extKeyUsage
Vanger	0:b86d15c6ba29	1823	: 0xFFFF;
Vanger	0:b86d15c6ba29	1824	signer->next = NULL; /* If Key Usage not set, all uses valid. */
Vanger	0:b86d15c6ba29	1825	cert->publicKey = 0; /* in case lock fails don't free here. */
Vanger	0:b86d15c6ba29	1826	cert->subjectCN = 0;
Vanger	0:b86d15c6ba29	1827	#ifndef IGNORE_NAME_CONSTRAINTS
Vanger	0:b86d15c6ba29	1828	cert->permittedNames = NULL;
Vanger	0:b86d15c6ba29	1829	cert->excludedNames = NULL;
Vanger	0:b86d15c6ba29	1830	#endif
Vanger	0:b86d15c6ba29	1831
Vanger	0:b86d15c6ba29	1832	#ifndef NO_SKID
Vanger	0:b86d15c6ba29	1833	row = HashSigner(signer->subjectKeyIdHash);
Vanger	0:b86d15c6ba29	1834	#else
Vanger	0:b86d15c6ba29	1835	row = HashSigner(signer->subjectNameHash);
Vanger	0:b86d15c6ba29	1836	#endif
Vanger	0:b86d15c6ba29	1837
Vanger	0:b86d15c6ba29	1838	if (LockMutex(&cm->caLock) == 0) {
Vanger	0:b86d15c6ba29	1839	signer->next = cm->caTable[row];
Vanger	0:b86d15c6ba29	1840	cm->caTable[row] = signer; /* takes ownership */
Vanger	0:b86d15c6ba29	1841	UnLockMutex(&cm->caLock);
Vanger	0:b86d15c6ba29	1842	if (cm->caCacheCallback)
Vanger	0:b86d15c6ba29	1843	cm->caCacheCallback(der.buffer, (int)der.length, type);
Vanger	0:b86d15c6ba29	1844	}
Vanger	0:b86d15c6ba29	1845	else {
Vanger	0:b86d15c6ba29	1846	CYASSL_MSG(" CA Mutex Lock failed");
Vanger	0:b86d15c6ba29	1847	ret = BAD_MUTEX_E;
Vanger	0:b86d15c6ba29	1848	FreeSigner(signer, cm->heap);
Vanger	0:b86d15c6ba29	1849	}
Vanger	0:b86d15c6ba29	1850	}
Vanger	0:b86d15c6ba29	1851	}
Vanger	0:b86d15c6ba29	1852
Vanger	0:b86d15c6ba29	1853	CYASSL_MSG(" Freeing Parsed CA");
Vanger	0:b86d15c6ba29	1854	FreeDecodedCert(cert);
Vanger	0:b86d15c6ba29	1855	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	1856	XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	1857	#endif
Vanger	0:b86d15c6ba29	1858	CYASSL_MSG(" Freeing der CA");
Vanger	0:b86d15c6ba29	1859	XFREE(der.buffer, cm->heap, DYNAMIC_TYPE_CA);
Vanger	0:b86d15c6ba29	1860	CYASSL_MSG(" OK Freeing der CA");
Vanger	0:b86d15c6ba29	1861
Vanger	0:b86d15c6ba29	1862	CYASSL_LEAVE("AddCA", ret);
Vanger	0:b86d15c6ba29	1863
Vanger	0:b86d15c6ba29	1864	return ret == 0 ? SSL_SUCCESS : ret;
Vanger	0:b86d15c6ba29	1865	}
Vanger	0:b86d15c6ba29	1866
Vanger	0:b86d15c6ba29	1867	#endif /* !NO_CERTS */
Vanger	0:b86d15c6ba29	1868
Vanger	0:b86d15c6ba29	1869
Vanger	0:b86d15c6ba29	1870	#ifndef NO_SESSION_CACHE
Vanger	0:b86d15c6ba29	1871
Vanger	0:b86d15c6ba29	1872	/* basic config gives a cache with 33 sessions, adequate for clients and
Vanger	0:b86d15c6ba29	1873	embedded servers
Vanger	0:b86d15c6ba29	1874
Vanger	0:b86d15c6ba29	1875	MEDIUM_SESSION_CACHE allows 1055 sessions, adequate for servers that
Vanger	0:b86d15c6ba29	1876	aren't under heavy load, basically allows 200 new sessions per minute
Vanger	0:b86d15c6ba29	1877
Vanger	0:b86d15c6ba29	1878	BIG_SESSION_CACHE yields 20,027 sessions
Vanger	0:b86d15c6ba29	1879
Vanger	0:b86d15c6ba29	1880	HUGE_SESSION_CACHE yields 65,791 sessions, for servers under heavy load,
Vanger	0:b86d15c6ba29	1881	allows over 13,000 new sessions per minute or over 200 new sessions per
Vanger	0:b86d15c6ba29	1882	second
Vanger	0:b86d15c6ba29	1883
Vanger	0:b86d15c6ba29	1884	SMALL_SESSION_CACHE only stores 6 sessions, good for embedded clients
Vanger	0:b86d15c6ba29	1885	or systems where the default of nearly 3kB is too much RAM, this define
Vanger	0:b86d15c6ba29	1886	uses less than 500 bytes RAM
Vanger	0:b86d15c6ba29	1887
Vanger	0:b86d15c6ba29	1888	default SESSION_CACHE stores 33 sessions (no XXX_SESSION_CACHE defined)
Vanger	0:b86d15c6ba29	1889	*/
Vanger	0:b86d15c6ba29	1890	#ifdef HUGE_SESSION_CACHE
Vanger	0:b86d15c6ba29	1891	#define SESSIONS_PER_ROW 11
Vanger	0:b86d15c6ba29	1892	#define SESSION_ROWS 5981
Vanger	0:b86d15c6ba29	1893	#elif defined(BIG_SESSION_CACHE)
Vanger	0:b86d15c6ba29	1894	#define SESSIONS_PER_ROW 7
Vanger	0:b86d15c6ba29	1895	#define SESSION_ROWS 2861
Vanger	0:b86d15c6ba29	1896	#elif defined(MEDIUM_SESSION_CACHE)
Vanger	0:b86d15c6ba29	1897	#define SESSIONS_PER_ROW 5
Vanger	0:b86d15c6ba29	1898	#define SESSION_ROWS 211
Vanger	0:b86d15c6ba29	1899	#elif defined(SMALL_SESSION_CACHE)
Vanger	0:b86d15c6ba29	1900	#define SESSIONS_PER_ROW 2
Vanger	0:b86d15c6ba29	1901	#define SESSION_ROWS 3
Vanger	0:b86d15c6ba29	1902	#else
Vanger	0:b86d15c6ba29	1903	#define SESSIONS_PER_ROW 3
Vanger	0:b86d15c6ba29	1904	#define SESSION_ROWS 11
Vanger	0:b86d15c6ba29	1905	#endif
Vanger	0:b86d15c6ba29	1906
Vanger	0:b86d15c6ba29	1907	typedef struct SessionRow {
Vanger	0:b86d15c6ba29	1908	int nextIdx; /* where to place next one */
Vanger	0:b86d15c6ba29	1909	int totalCount; /* sessions ever on this row */
Vanger	0:b86d15c6ba29	1910	CYASSL_SESSION Sessions[SESSIONS_PER_ROW];
Vanger	0:b86d15c6ba29	1911	} SessionRow;
Vanger	0:b86d15c6ba29	1912
Vanger	0:b86d15c6ba29	1913	static SessionRow SessionCache[SESSION_ROWS];
Vanger	0:b86d15c6ba29	1914
Vanger	0:b86d15c6ba29	1915	static CyaSSL_Mutex session_mutex; /* SessionCache mutex */
Vanger	0:b86d15c6ba29	1916
Vanger	0:b86d15c6ba29	1917	#ifndef NO_CLIENT_CACHE
Vanger	0:b86d15c6ba29	1918
Vanger	0:b86d15c6ba29	1919	typedef struct ClientSession {
Vanger	0:b86d15c6ba29	1920	word16 serverRow; /* SessionCache Row id */
Vanger	0:b86d15c6ba29	1921	word16 serverIdx; /* SessionCache Idx (column) */
Vanger	0:b86d15c6ba29	1922	} ClientSession;
Vanger	0:b86d15c6ba29	1923
Vanger	0:b86d15c6ba29	1924	typedef struct ClientRow {
Vanger	0:b86d15c6ba29	1925	int nextIdx; /* where to place next one */
Vanger	0:b86d15c6ba29	1926	int totalCount; /* sessions ever on this row */
Vanger	0:b86d15c6ba29	1927	ClientSession Clients[SESSIONS_PER_ROW];
Vanger	0:b86d15c6ba29	1928	} ClientRow;
Vanger	0:b86d15c6ba29	1929
Vanger	0:b86d15c6ba29	1930	static ClientRow ClientCache[SESSION_ROWS]; /* Client Cache */
Vanger	0:b86d15c6ba29	1931	/* uses session mutex */
Vanger	0:b86d15c6ba29	1932	#endif /* NO_CLIENT_CACHE */
Vanger	0:b86d15c6ba29	1933
Vanger	0:b86d15c6ba29	1934	#endif /* NO_SESSION_CACHE */
Vanger	0:b86d15c6ba29	1935
Vanger	0:b86d15c6ba29	1936
Vanger	0:b86d15c6ba29	1937	int CyaSSL_Init(void)
Vanger	0:b86d15c6ba29	1938	{
Vanger	0:b86d15c6ba29	1939	int ret = SSL_SUCCESS;
Vanger	0:b86d15c6ba29	1940
Vanger	0:b86d15c6ba29	1941	CYASSL_ENTER("CyaSSL_Init");
Vanger	0:b86d15c6ba29	1942
Vanger	0:b86d15c6ba29	1943	if (initRefCount == 0) {
Vanger	0:b86d15c6ba29	1944	#ifndef NO_SESSION_CACHE
Vanger	0:b86d15c6ba29	1945	if (InitMutex(&session_mutex) != 0)
Vanger	0:b86d15c6ba29	1946	ret = BAD_MUTEX_E;
Vanger	0:b86d15c6ba29	1947	#endif
Vanger	0:b86d15c6ba29	1948	if (InitMutex(&count_mutex) != 0)
Vanger	0:b86d15c6ba29	1949	ret = BAD_MUTEX_E;
Vanger	0:b86d15c6ba29	1950	}
Vanger	0:b86d15c6ba29	1951	if (ret == SSL_SUCCESS) {
Vanger	0:b86d15c6ba29	1952	if (LockMutex(&count_mutex) != 0) {
Vanger	0:b86d15c6ba29	1953	CYASSL_MSG("Bad Lock Mutex count");
Vanger	0:b86d15c6ba29	1954	return BAD_MUTEX_E;
Vanger	0:b86d15c6ba29	1955	}
Vanger	0:b86d15c6ba29	1956	initRefCount++;
Vanger	0:b86d15c6ba29	1957	UnLockMutex(&count_mutex);
Vanger	0:b86d15c6ba29	1958	}
Vanger	0:b86d15c6ba29	1959
Vanger	0:b86d15c6ba29	1960	return ret;
Vanger	0:b86d15c6ba29	1961	}
Vanger	0:b86d15c6ba29	1962
Vanger	0:b86d15c6ba29	1963
Vanger	0:b86d15c6ba29	1964	#ifndef NO_CERTS
Vanger	0:b86d15c6ba29	1965
Vanger	0:b86d15c6ba29	1966	static const char* BEGIN_CERT = "-----BEGIN CERTIFICATE-----";
Vanger	0:b86d15c6ba29	1967	static const char* END_CERT = "-----END CERTIFICATE-----";
Vanger	0:b86d15c6ba29	1968	static const char* BEGIN_CERT_REQ = "-----BEGIN CERTIFICATE REQUEST-----";
Vanger	0:b86d15c6ba29	1969	static const char* END_CERT_REQ = "-----END CERTIFICATE REQUEST-----";
Vanger	0:b86d15c6ba29	1970	static const char* BEGIN_DH_PARAM = "-----BEGIN DH PARAMETERS-----";
Vanger	0:b86d15c6ba29	1971	static const char* END_DH_PARAM = "-----END DH PARAMETERS-----";
Vanger	0:b86d15c6ba29	1972	static const char* BEGIN_X509_CRL = "-----BEGIN X509 CRL-----";
Vanger	0:b86d15c6ba29	1973	static const char* END_X509_CRL = "-----END X509 CRL-----";
Vanger	0:b86d15c6ba29	1974	static const char* BEGIN_RSA_PRIV = "-----BEGIN RSA PRIVATE KEY-----";
Vanger	0:b86d15c6ba29	1975	static const char* END_RSA_PRIV = "-----END RSA PRIVATE KEY-----";
Vanger	0:b86d15c6ba29	1976	static const char* BEGIN_PRIV_KEY = "-----BEGIN PRIVATE KEY-----";
Vanger	0:b86d15c6ba29	1977	static const char* END_PRIV_KEY = "-----END PRIVATE KEY-----";
Vanger	0:b86d15c6ba29	1978	static const char* BEGIN_ENC_PRIV_KEY = "-----BEGIN ENCRYPTED PRIVATE KEY-----";
Vanger	0:b86d15c6ba29	1979	static const char* END_ENC_PRIV_KEY = "-----END ENCRYPTED PRIVATE KEY-----";
Vanger	0:b86d15c6ba29	1980	static const char* BEGIN_EC_PRIV = "-----BEGIN EC PRIVATE KEY-----";
Vanger	0:b86d15c6ba29	1981	static const char* END_EC_PRIV = "-----END EC PRIVATE KEY-----";
Vanger	0:b86d15c6ba29	1982	static const char* BEGIN_DSA_PRIV = "-----BEGIN DSA PRIVATE KEY-----";
Vanger	0:b86d15c6ba29	1983	static const char* END_DSA_PRIV = "-----END DSA PRIVATE KEY-----";
Vanger	0:b86d15c6ba29	1984
Vanger	0:b86d15c6ba29	1985	/* Remove PEM header/footer, convert to ASN1, store any encrypted data
Vanger	0:b86d15c6ba29	1986	info->consumed tracks of PEM bytes consumed in case multiple parts */
Vanger	0:b86d15c6ba29	1987	int PemToDer(const unsigned char* buff, long longSz, int type,
Vanger	0:b86d15c6ba29	1988	buffer* der, void* heap, EncryptedInfo* info, int* eccKey)
Vanger	0:b86d15c6ba29	1989	{
Vanger	0:b86d15c6ba29	1990	const char* header = NULL;
Vanger	0:b86d15c6ba29	1991	const char* footer = NULL;
Vanger	0:b86d15c6ba29	1992	char* headerEnd;
Vanger	0:b86d15c6ba29	1993	char* footerEnd;
Vanger	0:b86d15c6ba29	1994	char* consumedEnd;
Vanger	0:b86d15c6ba29	1995	char* bufferEnd = (char*)(buff + longSz);
Vanger	0:b86d15c6ba29	1996	long neededSz;
Vanger	0:b86d15c6ba29	1997	int ret = 0;
Vanger	0:b86d15c6ba29	1998	int dynamicType = 0;
Vanger	0:b86d15c6ba29	1999	int sz = (int)longSz;
Vanger	0:b86d15c6ba29	2000
Vanger	0:b86d15c6ba29	2001	switch (type) {
Vanger	0:b86d15c6ba29	2002	case CA_TYPE: /* same as below */
Vanger	0:b86d15c6ba29	2003	case CERT_TYPE: header= BEGIN_CERT; footer= END_CERT; break;
Vanger	0:b86d15c6ba29	2004	case CRL_TYPE: header= BEGIN_X509_CRL; footer= END_X509_CRL; break;
Vanger	0:b86d15c6ba29	2005	case DH_PARAM_TYPE: header= BEGIN_DH_PARAM; footer= END_DH_PARAM; break;
Vanger	0:b86d15c6ba29	2006	case CERTREQ_TYPE: header= BEGIN_CERT_REQ; footer= END_CERT_REQ; break;
Vanger	0:b86d15c6ba29	2007	default: header= BEGIN_RSA_PRIV; footer= END_RSA_PRIV; break;
Vanger	0:b86d15c6ba29	2008	}
Vanger	0:b86d15c6ba29	2009
Vanger	0:b86d15c6ba29	2010	switch (type) {
Vanger	0:b86d15c6ba29	2011	case CA_TYPE: dynamicType = DYNAMIC_TYPE_CA; break;
Vanger	0:b86d15c6ba29	2012	case CERT_TYPE: dynamicType = DYNAMIC_TYPE_CERT; break;
Vanger	0:b86d15c6ba29	2013	case CRL_TYPE: dynamicType = DYNAMIC_TYPE_CRL; break;
Vanger	0:b86d15c6ba29	2014	default: dynamicType = DYNAMIC_TYPE_KEY; break;
Vanger	0:b86d15c6ba29	2015	}
Vanger	0:b86d15c6ba29	2016
Vanger	0:b86d15c6ba29	2017	/* find header */
Vanger	0:b86d15c6ba29	2018	for (;;) {
Vanger	0:b86d15c6ba29	2019	headerEnd = XSTRNSTR((char*)buff, header, sz);
Vanger	0:b86d15c6ba29	2020
Vanger	0:b86d15c6ba29	2021	if (headerEnd \|\| type != PRIVATEKEY_TYPE) {
Vanger	0:b86d15c6ba29	2022	break;
Vanger	0:b86d15c6ba29	2023	} else if (header == BEGIN_RSA_PRIV) {
Vanger	0:b86d15c6ba29	2024	header = BEGIN_PRIV_KEY; footer = END_PRIV_KEY;
Vanger	0:b86d15c6ba29	2025	} else if (header == BEGIN_PRIV_KEY) {
Vanger	0:b86d15c6ba29	2026	header = BEGIN_ENC_PRIV_KEY; footer = END_ENC_PRIV_KEY;
Vanger	0:b86d15c6ba29	2027	} else if (header == BEGIN_ENC_PRIV_KEY) {
Vanger	0:b86d15c6ba29	2028	header = BEGIN_EC_PRIV; footer = END_EC_PRIV;
Vanger	0:b86d15c6ba29	2029	} else if (header == BEGIN_ENC_PRIV_KEY) {
Vanger	0:b86d15c6ba29	2030	header = BEGIN_DSA_PRIV; footer = END_DSA_PRIV;
Vanger	0:b86d15c6ba29	2031	} else
Vanger	0:b86d15c6ba29	2032	break;
Vanger	0:b86d15c6ba29	2033	}
Vanger	0:b86d15c6ba29	2034
Vanger	0:b86d15c6ba29	2035	if (!headerEnd) {
Vanger	0:b86d15c6ba29	2036	CYASSL_MSG("Couldn't find PEM header");
Vanger	0:b86d15c6ba29	2037	return SSL_NO_PEM_HEADER;
Vanger	0:b86d15c6ba29	2038	}
Vanger	0:b86d15c6ba29	2039
Vanger	0:b86d15c6ba29	2040	headerEnd += XSTRLEN(header);
Vanger	0:b86d15c6ba29	2041
Vanger	0:b86d15c6ba29	2042	/* eat end of line */
Vanger	0:b86d15c6ba29	2043	if (headerEnd[0] == '\n')
Vanger	0:b86d15c6ba29	2044	headerEnd++;
Vanger	0:b86d15c6ba29	2045	else if (headerEnd[1] == '\n')
Vanger	0:b86d15c6ba29	2046	headerEnd += 2;
Vanger	0:b86d15c6ba29	2047	else
Vanger	0:b86d15c6ba29	2048	return SSL_BAD_FILE;
Vanger	0:b86d15c6ba29	2049
Vanger	0:b86d15c6ba29	2050	if (type == PRIVATEKEY_TYPE) {
Vanger	0:b86d15c6ba29	2051	if (eccKey)
Vanger	0:b86d15c6ba29	2052	*eccKey = header == BEGIN_EC_PRIV;
Vanger	0:b86d15c6ba29	2053	}
Vanger	0:b86d15c6ba29	2054
Vanger	0:b86d15c6ba29	2055	#if defined(OPENSSL_EXTRA) \|\| defined(HAVE_WEBSERVER)
Vanger	0:b86d15c6ba29	2056	{
Vanger	0:b86d15c6ba29	2057	/* remove encrypted header if there */
Vanger	0:b86d15c6ba29	2058	char encHeader[] = "Proc-Type";
Vanger	0:b86d15c6ba29	2059	char* line = XSTRNSTR(headerEnd, encHeader, PEM_LINE_LEN);
Vanger	0:b86d15c6ba29	2060	if (line) {
Vanger	0:b86d15c6ba29	2061	char* newline;
Vanger	0:b86d15c6ba29	2062	char* finish;
Vanger	0:b86d15c6ba29	2063	char* start = XSTRNSTR(line, "DES", PEM_LINE_LEN);
Vanger	0:b86d15c6ba29	2064
Vanger	0:b86d15c6ba29	2065	if (!start)
Vanger	0:b86d15c6ba29	2066	start = XSTRNSTR(line, "AES", PEM_LINE_LEN);
Vanger	0:b86d15c6ba29	2067
Vanger	0:b86d15c6ba29	2068	if (!start) return SSL_BAD_FILE;
Vanger	0:b86d15c6ba29	2069	if (!info) return SSL_BAD_FILE;
Vanger	0:b86d15c6ba29	2070
Vanger	0:b86d15c6ba29	2071	finish = XSTRNSTR(start, ",", PEM_LINE_LEN);
Vanger	0:b86d15c6ba29	2072
Vanger	0:b86d15c6ba29	2073	if (start && finish && (start < finish)) {
Vanger	0:b86d15c6ba29	2074	newline = XSTRNSTR(finish, "\r", PEM_LINE_LEN);
Vanger	0:b86d15c6ba29	2075
Vanger	0:b86d15c6ba29	2076	XMEMCPY(info->name, start, finish - start);
Vanger	0:b86d15c6ba29	2077	info->name[finish - start] = 0;
Vanger	0:b86d15c6ba29	2078	XMEMCPY(info->iv, finish + 1, sizeof(info->iv));
Vanger	0:b86d15c6ba29	2079
Vanger	0:b86d15c6ba29	2080	if (!newline) newline = XSTRNSTR(finish, "\n", PEM_LINE_LEN);
Vanger	0:b86d15c6ba29	2081	if (newline && (newline > finish)) {
Vanger	0:b86d15c6ba29	2082	info->ivSz = (word32)(newline - (finish + 1));
Vanger	0:b86d15c6ba29	2083	info->set = 1;
Vanger	0:b86d15c6ba29	2084	}
Vanger	0:b86d15c6ba29	2085	else
Vanger	0:b86d15c6ba29	2086	return SSL_BAD_FILE;
Vanger	0:b86d15c6ba29	2087	}
Vanger	0:b86d15c6ba29	2088	else
Vanger	0:b86d15c6ba29	2089	return SSL_BAD_FILE;
Vanger	0:b86d15c6ba29	2090
Vanger	0:b86d15c6ba29	2091	/* eat blank line */
Vanger	0:b86d15c6ba29	2092	while (newline == '\r' \|\| newline == '\n')
Vanger	0:b86d15c6ba29	2093	newline++;
Vanger	0:b86d15c6ba29	2094	headerEnd = newline;
Vanger	0:b86d15c6ba29	2095	}
Vanger	0:b86d15c6ba29	2096	}
Vanger	0:b86d15c6ba29	2097	#endif /* OPENSSL_EXTRA \|\| HAVE_WEBSERVER */
Vanger	0:b86d15c6ba29	2098
Vanger	0:b86d15c6ba29	2099	/* find footer */
Vanger	0:b86d15c6ba29	2100	footerEnd = XSTRNSTR((char*)buff, footer, sz);
Vanger	0:b86d15c6ba29	2101	if (!footerEnd)
Vanger	0:b86d15c6ba29	2102	return SSL_BAD_FILE;
Vanger	0:b86d15c6ba29	2103
Vanger	0:b86d15c6ba29	2104	consumedEnd = footerEnd + XSTRLEN(footer);
Vanger	0:b86d15c6ba29	2105
Vanger	0:b86d15c6ba29	2106	if (consumedEnd < bufferEnd) { /* handle no end of line on last line */
Vanger	0:b86d15c6ba29	2107	/* eat end of line */
Vanger	0:b86d15c6ba29	2108	if (consumedEnd[0] == '\n')
Vanger	0:b86d15c6ba29	2109	consumedEnd++;
Vanger	0:b86d15c6ba29	2110	else if (consumedEnd[1] == '\n')
Vanger	0:b86d15c6ba29	2111	consumedEnd += 2;
Vanger	0:b86d15c6ba29	2112	else
Vanger	0:b86d15c6ba29	2113	return SSL_BAD_FILE;
Vanger	0:b86d15c6ba29	2114	}
Vanger	0:b86d15c6ba29	2115
Vanger	0:b86d15c6ba29	2116	if (info)
Vanger	0:b86d15c6ba29	2117	info->consumed = (long)(consumedEnd - (char*)buff);
Vanger	0:b86d15c6ba29	2118
Vanger	0:b86d15c6ba29	2119	/* set up der buffer */
Vanger	0:b86d15c6ba29	2120	neededSz = (long)(footerEnd - headerEnd);
Vanger	0:b86d15c6ba29	2121	if (neededSz > sz \|\| neededSz < 0)
Vanger	0:b86d15c6ba29	2122	return SSL_BAD_FILE;
Vanger	0:b86d15c6ba29	2123
Vanger	0:b86d15c6ba29	2124	der->buffer = (byte*)XMALLOC(neededSz, heap, dynamicType);
Vanger	0:b86d15c6ba29	2125	if (!der->buffer)
Vanger	0:b86d15c6ba29	2126	return MEMORY_ERROR;
Vanger	0:b86d15c6ba29	2127
Vanger	0:b86d15c6ba29	2128	der->length = (word32)neededSz;
Vanger	0:b86d15c6ba29	2129
Vanger	0:b86d15c6ba29	2130	if (Base64_Decode((byte*)headerEnd, (word32)neededSz, der->buffer,
Vanger	0:b86d15c6ba29	2131	&der->length) < 0)
Vanger	0:b86d15c6ba29	2132	return SSL_BAD_FILE;
Vanger	0:b86d15c6ba29	2133
Vanger	0:b86d15c6ba29	2134	if (header == BEGIN_PRIV_KEY) {
Vanger	0:b86d15c6ba29	2135	/* pkcs8 key, convert and adjust length */
Vanger	0:b86d15c6ba29	2136	if ((ret = ToTraditional(der->buffer, der->length)) < 0)
Vanger	0:b86d15c6ba29	2137	return ret;
Vanger	0:b86d15c6ba29	2138
Vanger	0:b86d15c6ba29	2139	der->length = ret;
Vanger	0:b86d15c6ba29	2140	return 0;
Vanger	0:b86d15c6ba29	2141	}
Vanger	0:b86d15c6ba29	2142
Vanger	0:b86d15c6ba29	2143	#if (defined(OPENSSL_EXTRA) \|\| defined(HAVE_WEBSERVER)) && !defined(NO_PWDBASED)
Vanger	0:b86d15c6ba29	2144	if (header == BEGIN_ENC_PRIV_KEY) {
Vanger	0:b86d15c6ba29	2145	int passwordSz;
Vanger	0:b86d15c6ba29	2146	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	2147	char* password = NULL;
Vanger	0:b86d15c6ba29	2148	#else
Vanger	0:b86d15c6ba29	2149	char password[80];
Vanger	0:b86d15c6ba29	2150	#endif
Vanger	0:b86d15c6ba29	2151
Vanger	0:b86d15c6ba29	2152	if (!info \|\| !info->ctx \|\| !info->ctx->passwd_cb)
Vanger	0:b86d15c6ba29	2153	return SSL_BAD_FILE; /* no callback error */
Vanger	0:b86d15c6ba29	2154
Vanger	0:b86d15c6ba29	2155	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	2156	password = (char*)XMALLOC(80, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	2157	if (password == NULL)
Vanger	0:b86d15c6ba29	2158	return MEMORY_E;
Vanger	0:b86d15c6ba29	2159	#endif
Vanger	0:b86d15c6ba29	2160	passwordSz = info->ctx->passwd_cb(password, sizeof(password), 0,
Vanger	0:b86d15c6ba29	2161	info->ctx->userdata);
Vanger	0:b86d15c6ba29	2162	/* convert and adjust length */
Vanger	0:b86d15c6ba29	2163	ret = ToTraditionalEnc(der->buffer, der->length, password, passwordSz);
Vanger	0:b86d15c6ba29	2164
Vanger	0:b86d15c6ba29	2165	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	2166	XFREE(password, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	2167	#endif
Vanger	0:b86d15c6ba29	2168
Vanger	0:b86d15c6ba29	2169	if (ret < 0)
Vanger	0:b86d15c6ba29	2170	return ret;
Vanger	0:b86d15c6ba29	2171
Vanger	0:b86d15c6ba29	2172	der->length = ret;
Vanger	0:b86d15c6ba29	2173	return 0;
Vanger	0:b86d15c6ba29	2174	}
Vanger	0:b86d15c6ba29	2175	#endif
Vanger	0:b86d15c6ba29	2176
Vanger	0:b86d15c6ba29	2177	return 0;
Vanger	0:b86d15c6ba29	2178	}
Vanger	0:b86d15c6ba29	2179
Vanger	0:b86d15c6ba29	2180
Vanger	0:b86d15c6ba29	2181	/* process the buffer buff, legnth sz, into ctx of format and type
Vanger	0:b86d15c6ba29	2182	used tracks bytes consumed, userChain specifies a user cert chain
Vanger	0:b86d15c6ba29	2183	to pass during the handshake */
Vanger	0:b86d15c6ba29	2184	static int ProcessBuffer(CYASSL_CTX* ctx, const unsigned char* buff,
Vanger	0:b86d15c6ba29	2185	long sz, int format, int type, CYASSL* ssl,
Vanger	0:b86d15c6ba29	2186	long* used, int userChain)
Vanger	0:b86d15c6ba29	2187	{
Vanger	0:b86d15c6ba29	2188	buffer der; /* holds DER or RAW (for NTRU) */
Vanger	0:b86d15c6ba29	2189	int ret;
Vanger	0:b86d15c6ba29	2190	int dynamicType = 0;
Vanger	0:b86d15c6ba29	2191	int eccKey = 0;
Vanger	0:b86d15c6ba29	2192	int rsaKey = 0;
Vanger	0:b86d15c6ba29	2193	void* heap = ctx ? ctx->heap : NULL;
Vanger	0:b86d15c6ba29	2194	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	2195	EncryptedInfo* info = NULL;
Vanger	0:b86d15c6ba29	2196	#else
Vanger	0:b86d15c6ba29	2197	EncryptedInfo info[1];
Vanger	0:b86d15c6ba29	2198	#endif
Vanger	0:b86d15c6ba29	2199
Vanger	0:b86d15c6ba29	2200	(void)dynamicType;
Vanger	0:b86d15c6ba29	2201	(void)rsaKey;
Vanger	0:b86d15c6ba29	2202
Vanger	0:b86d15c6ba29	2203	if (used)
Vanger	0:b86d15c6ba29	2204	used = sz; / used bytes default to sz, PEM chain may shorten*/
Vanger	0:b86d15c6ba29	2205
Vanger	0:b86d15c6ba29	2206	if (format != SSL_FILETYPE_ASN1 && format != SSL_FILETYPE_PEM
Vanger	0:b86d15c6ba29	2207	&& format != SSL_FILETYPE_RAW)
Vanger	0:b86d15c6ba29	2208	return SSL_BAD_FILETYPE;
Vanger	0:b86d15c6ba29	2209
Vanger	0:b86d15c6ba29	2210	if (ctx == NULL && ssl == NULL)
Vanger	0:b86d15c6ba29	2211	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	2212
Vanger	0:b86d15c6ba29	2213	if (type == CA_TYPE)
Vanger	0:b86d15c6ba29	2214	dynamicType = DYNAMIC_TYPE_CA;
Vanger	0:b86d15c6ba29	2215	else if (type == CERT_TYPE)
Vanger	0:b86d15c6ba29	2216	dynamicType = DYNAMIC_TYPE_CERT;
Vanger	0:b86d15c6ba29	2217	else
Vanger	0:b86d15c6ba29	2218	dynamicType = DYNAMIC_TYPE_KEY;
Vanger	0:b86d15c6ba29	2219
Vanger	0:b86d15c6ba29	2220	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	2221	info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), NULL,
Vanger	0:b86d15c6ba29	2222	DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	2223	if (info == NULL)
Vanger	0:b86d15c6ba29	2224	return MEMORY_E;
Vanger	0:b86d15c6ba29	2225	#endif
Vanger	0:b86d15c6ba29	2226
Vanger	0:b86d15c6ba29	2227	info->set = 0;
Vanger	0:b86d15c6ba29	2228	info->ctx = ctx;
Vanger	0:b86d15c6ba29	2229	info->consumed = 0;
Vanger	0:b86d15c6ba29	2230	der.buffer = 0;
Vanger	0:b86d15c6ba29	2231
Vanger	0:b86d15c6ba29	2232	if (format == SSL_FILETYPE_PEM) {
Vanger	0:b86d15c6ba29	2233	ret = PemToDer(buff, sz, type, &der, heap, info, &eccKey);
Vanger	0:b86d15c6ba29	2234	if (ret < 0) {
Vanger	0:b86d15c6ba29	2235	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	2236	XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	2237	#endif
Vanger	0:b86d15c6ba29	2238	XFREE(der.buffer, heap, dynamicType);
Vanger	0:b86d15c6ba29	2239	return ret;
Vanger	0:b86d15c6ba29	2240	}
Vanger	0:b86d15c6ba29	2241
Vanger	0:b86d15c6ba29	2242	if (used)
Vanger	0:b86d15c6ba29	2243	*used = info->consumed;
Vanger	0:b86d15c6ba29	2244
Vanger	0:b86d15c6ba29	2245	/* we may have a user cert chain, try to consume */
Vanger	0:b86d15c6ba29	2246	if (userChain && type == CERT_TYPE && info->consumed < sz) {
Vanger	0:b86d15c6ba29	2247	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	2248	byte staticBuffer[1]; /* force heap usage */
Vanger	0:b86d15c6ba29	2249	#else
Vanger	0:b86d15c6ba29	2250	byte staticBuffer[FILE_BUFFER_SIZE]; /* tmp chain buffer */
Vanger	0:b86d15c6ba29	2251	#endif
Vanger	0:b86d15c6ba29	2252	byte* chainBuffer = staticBuffer;
Vanger	0:b86d15c6ba29	2253	byte* shrinked = NULL; /* shrinked to size chainBuffer
Vanger	0:b86d15c6ba29	2254	* or staticBuffer */
Vanger	0:b86d15c6ba29	2255	int dynamicBuffer = 0;
Vanger	0:b86d15c6ba29	2256	word32 bufferSz = sizeof(staticBuffer);
Vanger	0:b86d15c6ba29	2257	long consumed = info->consumed;
Vanger	0:b86d15c6ba29	2258	word32 idx = 0;
Vanger	0:b86d15c6ba29	2259	int gotOne = 0;
Vanger	0:b86d15c6ba29	2260
Vanger	0:b86d15c6ba29	2261	if ( (sz - consumed) > (int)bufferSz) {
Vanger	0:b86d15c6ba29	2262	CYASSL_MSG("Growing Tmp Chain Buffer");
Vanger	0:b86d15c6ba29	2263	bufferSz = (word32)(sz - consumed);
Vanger	0:b86d15c6ba29	2264	/* will shrink to actual size */
Vanger	0:b86d15c6ba29	2265	chainBuffer = (byte*)XMALLOC(bufferSz, heap, DYNAMIC_TYPE_FILE);
Vanger	0:b86d15c6ba29	2266	if (chainBuffer == NULL) {
Vanger	0:b86d15c6ba29	2267	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	2268	XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	2269	#endif
Vanger	0:b86d15c6ba29	2270	XFREE(der.buffer, heap, dynamicType);
Vanger	0:b86d15c6ba29	2271	return MEMORY_E;
Vanger	0:b86d15c6ba29	2272	}
Vanger	0:b86d15c6ba29	2273	dynamicBuffer = 1;
Vanger	0:b86d15c6ba29	2274	}
Vanger	0:b86d15c6ba29	2275
Vanger	0:b86d15c6ba29	2276	CYASSL_MSG("Processing Cert Chain");
Vanger	0:b86d15c6ba29	2277	while (consumed < sz) {
Vanger	0:b86d15c6ba29	2278	buffer part;
Vanger	0:b86d15c6ba29	2279	info->consumed = 0;
Vanger	0:b86d15c6ba29	2280	part.buffer = 0;
Vanger	0:b86d15c6ba29	2281
Vanger	0:b86d15c6ba29	2282	ret = PemToDer(buff + consumed, sz - consumed, type, &part,
Vanger	0:b86d15c6ba29	2283	heap, info, &eccKey);
Vanger	0:b86d15c6ba29	2284	if (ret == 0) {
Vanger	0:b86d15c6ba29	2285	gotOne = 1;
Vanger	0:b86d15c6ba29	2286	if ( (idx + part.length) > bufferSz) {
Vanger	0:b86d15c6ba29	2287	CYASSL_MSG(" Cert Chain bigger than buffer");
Vanger	0:b86d15c6ba29	2288	ret = BUFFER_E;
Vanger	0:b86d15c6ba29	2289	}
Vanger	0:b86d15c6ba29	2290	else {
Vanger	0:b86d15c6ba29	2291	c32to24(part.length, &chainBuffer[idx]);
Vanger	0:b86d15c6ba29	2292	idx += CERT_HEADER_SZ;
Vanger	0:b86d15c6ba29	2293	XMEMCPY(&chainBuffer[idx], part.buffer,part.length);
Vanger	0:b86d15c6ba29	2294	idx += part.length;
Vanger	0:b86d15c6ba29	2295	consumed += info->consumed;
Vanger	0:b86d15c6ba29	2296	if (used)
Vanger	0:b86d15c6ba29	2297	*used += info->consumed;
Vanger	0:b86d15c6ba29	2298	}
Vanger	0:b86d15c6ba29	2299	}
Vanger	0:b86d15c6ba29	2300
Vanger	0:b86d15c6ba29	2301	XFREE(part.buffer, heap, dynamicType);
Vanger	0:b86d15c6ba29	2302
Vanger	0:b86d15c6ba29	2303	if (ret == SSL_NO_PEM_HEADER && gotOne) {
Vanger	0:b86d15c6ba29	2304	CYASSL_MSG("We got one good PEM so stuff at end ok");
Vanger	0:b86d15c6ba29	2305	break;
Vanger	0:b86d15c6ba29	2306	}
Vanger	0:b86d15c6ba29	2307
Vanger	0:b86d15c6ba29	2308	if (ret < 0) {
Vanger	0:b86d15c6ba29	2309	CYASSL_MSG(" Error in Cert in Chain");
Vanger	0:b86d15c6ba29	2310	if (dynamicBuffer)
Vanger	0:b86d15c6ba29	2311	XFREE(chainBuffer, heap, DYNAMIC_TYPE_FILE);
Vanger	0:b86d15c6ba29	2312	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	2313	XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	2314	#endif
Vanger	0:b86d15c6ba29	2315	XFREE(der.buffer, heap, dynamicType);
Vanger	0:b86d15c6ba29	2316	return ret;
Vanger	0:b86d15c6ba29	2317	}
Vanger	0:b86d15c6ba29	2318	CYASSL_MSG(" Consumed another Cert in Chain");
Vanger	0:b86d15c6ba29	2319	}
Vanger	0:b86d15c6ba29	2320	CYASSL_MSG("Finished Processing Cert Chain");
Vanger	0:b86d15c6ba29	2321
Vanger	0:b86d15c6ba29	2322	/* only retain actual size used */
Vanger	0:b86d15c6ba29	2323	shrinked = (byte*)XMALLOC(idx, heap, dynamicType);
Vanger	0:b86d15c6ba29	2324	if (shrinked) {
Vanger	0:b86d15c6ba29	2325	if (ssl) {
Vanger	0:b86d15c6ba29	2326	if (ssl->buffers.certChain.buffer &&
Vanger	0:b86d15c6ba29	2327	ssl->buffers.weOwnCertChain) {
Vanger	0:b86d15c6ba29	2328	XFREE(ssl->buffers.certChain.buffer, heap,
Vanger	0:b86d15c6ba29	2329	dynamicType);
Vanger	0:b86d15c6ba29	2330	}
Vanger	0:b86d15c6ba29	2331	ssl->buffers.certChain.buffer = shrinked;
Vanger	0:b86d15c6ba29	2332	ssl->buffers.certChain.length = idx;
Vanger	0:b86d15c6ba29	2333	XMEMCPY(ssl->buffers.certChain.buffer, chainBuffer,idx);
Vanger	0:b86d15c6ba29	2334	ssl->buffers.weOwnCertChain = 1;
Vanger	0:b86d15c6ba29	2335	} else if (ctx) {
Vanger	0:b86d15c6ba29	2336	if (ctx->certChain.buffer)
Vanger	0:b86d15c6ba29	2337	XFREE(ctx->certChain.buffer, heap, dynamicType);
Vanger	0:b86d15c6ba29	2338	ctx->certChain.buffer = shrinked;
Vanger	0:b86d15c6ba29	2339	ctx->certChain.length = idx;
Vanger	0:b86d15c6ba29	2340	XMEMCPY(ctx->certChain.buffer, chainBuffer, idx);
Vanger	0:b86d15c6ba29	2341	}
Vanger	0:b86d15c6ba29	2342	}
Vanger	0:b86d15c6ba29	2343
Vanger	0:b86d15c6ba29	2344	if (dynamicBuffer)
Vanger	0:b86d15c6ba29	2345	XFREE(chainBuffer, heap, DYNAMIC_TYPE_FILE);
Vanger	0:b86d15c6ba29	2346
Vanger	0:b86d15c6ba29	2347	if (shrinked == NULL) {
Vanger	0:b86d15c6ba29	2348	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	2349	XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	2350	#endif
Vanger	0:b86d15c6ba29	2351	XFREE(der.buffer, heap, dynamicType);
Vanger	0:b86d15c6ba29	2352	return MEMORY_E;
Vanger	0:b86d15c6ba29	2353	}
Vanger	0:b86d15c6ba29	2354	}
Vanger	0:b86d15c6ba29	2355	}
Vanger	0:b86d15c6ba29	2356	else { /* ASN1 (DER) or RAW (NTRU) */
Vanger	0:b86d15c6ba29	2357	der.buffer = (byte*) XMALLOC(sz, heap, dynamicType);
Vanger	0:b86d15c6ba29	2358	if (!der.buffer) {
Vanger	0:b86d15c6ba29	2359	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	2360	XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	2361	#endif
Vanger	0:b86d15c6ba29	2362	return MEMORY_ERROR;
Vanger	0:b86d15c6ba29	2363	}
Vanger	0:b86d15c6ba29	2364
Vanger	0:b86d15c6ba29	2365	XMEMCPY(der.buffer, buff, sz);
Vanger	0:b86d15c6ba29	2366	der.length = (word32)sz;
Vanger	0:b86d15c6ba29	2367	}
Vanger	0:b86d15c6ba29	2368
Vanger	0:b86d15c6ba29	2369	#if defined(OPENSSL_EXTRA) \|\| defined(HAVE_WEBSERVER)
Vanger	0:b86d15c6ba29	2370	if (info->set) {
Vanger	0:b86d15c6ba29	2371	/* decrypt */
Vanger	0:b86d15c6ba29	2372	int passwordSz;
Vanger	0:b86d15c6ba29	2373	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	2374	char* password = NULL;
Vanger	0:b86d15c6ba29	2375	byte* key = NULL;
Vanger	0:b86d15c6ba29	2376	byte* iv = NULL;
Vanger	0:b86d15c6ba29	2377	#else
Vanger	0:b86d15c6ba29	2378	char password[80];
Vanger	0:b86d15c6ba29	2379	byte key[AES_256_KEY_SIZE];
Vanger	0:b86d15c6ba29	2380	byte iv[AES_IV_SIZE];
Vanger	0:b86d15c6ba29	2381	#endif
Vanger	0:b86d15c6ba29	2382
Vanger	0:b86d15c6ba29	2383	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	2384	password = (char*)XMALLOC(80, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	2385	key = (byte*)XMALLOC(AES_256_KEY_SIZE, NULL,
Vanger	0:b86d15c6ba29	2386	DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	2387	iv = (byte*)XMALLOC(AES_IV_SIZE, NULL,
Vanger	0:b86d15c6ba29	2388	DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	2389
Vanger	0:b86d15c6ba29	2390	if (password == NULL \|\| key == NULL \|\| iv == NULL) {
Vanger	0:b86d15c6ba29	2391	XFREE(password, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	2392	XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	2393	XFREE(iv, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	2394	ret = MEMORY_E;
Vanger	0:b86d15c6ba29	2395	}
Vanger	0:b86d15c6ba29	2396	else
Vanger	0:b86d15c6ba29	2397	#endif
Vanger	0:b86d15c6ba29	2398	if (!ctx \|\| !ctx->passwd_cb) {
Vanger	0:b86d15c6ba29	2399	ret = NO_PASSWORD;
Vanger	0:b86d15c6ba29	2400	}
Vanger	0:b86d15c6ba29	2401	else {
Vanger	0:b86d15c6ba29	2402	passwordSz = ctx->passwd_cb(password, sizeof(password), 0,
Vanger	0:b86d15c6ba29	2403	ctx->userdata);
Vanger	0:b86d15c6ba29	2404
Vanger	0:b86d15c6ba29	2405	/* use file's salt for key derivation, hex decode first */
Vanger	0:b86d15c6ba29	2406	if (Base16_Decode(info->iv, info->ivSz, info->iv, &info->ivSz)
Vanger	0:b86d15c6ba29	2407	!= 0) {
Vanger	0:b86d15c6ba29	2408	ret = ASN_INPUT_E;
Vanger	0:b86d15c6ba29	2409	}
Vanger	0:b86d15c6ba29	2410	else if ((ret = EVP_BytesToKey(info->name, "MD5", info->iv,
Vanger	0:b86d15c6ba29	2411	(byte*)password, passwordSz, 1, key, iv)) <= 0) {
Vanger	0:b86d15c6ba29	2412	/* empty */
Vanger	0:b86d15c6ba29	2413	}
Vanger	0:b86d15c6ba29	2414	else if (XSTRNCMP(info->name, "DES-CBC", 7) == 0) {
Vanger	0:b86d15c6ba29	2415	ret = Des_CbcDecryptWithKey(der.buffer, der.buffer, der.length,
Vanger	0:b86d15c6ba29	2416	key, info->iv);
Vanger	0:b86d15c6ba29	2417	}
Vanger	0:b86d15c6ba29	2418	else if (XSTRNCMP(info->name, "DES-EDE3-CBC", 13) == 0) {
Vanger	0:b86d15c6ba29	2419	ret = Des3_CbcDecryptWithKey(der.buffer, der.buffer, der.length,
Vanger	0:b86d15c6ba29	2420	key, info->iv);
Vanger	0:b86d15c6ba29	2421	}
Vanger	0:b86d15c6ba29	2422	else if (XSTRNCMP(info->name, "AES-128-CBC", 13) == 0) {
Vanger	0:b86d15c6ba29	2423	ret = AesCbcDecryptWithKey(der.buffer, der.buffer, der.length,
Vanger	0:b86d15c6ba29	2424	key, AES_128_KEY_SIZE, info->iv);
Vanger	0:b86d15c6ba29	2425	}
Vanger	0:b86d15c6ba29	2426	else if (XSTRNCMP(info->name, "AES-192-CBC", 13) == 0) {
Vanger	0:b86d15c6ba29	2427	ret = AesCbcDecryptWithKey(der.buffer, der.buffer, der.length,
Vanger	0:b86d15c6ba29	2428	key, AES_192_KEY_SIZE, info->iv);
Vanger	0:b86d15c6ba29	2429	}
Vanger	0:b86d15c6ba29	2430	else if (XSTRNCMP(info->name, "AES-256-CBC", 13) == 0) {
Vanger	0:b86d15c6ba29	2431	ret = AesCbcDecryptWithKey(der.buffer, der.buffer, der.length,
Vanger	0:b86d15c6ba29	2432	key, AES_256_KEY_SIZE, info->iv);
Vanger	0:b86d15c6ba29	2433	}
Vanger	0:b86d15c6ba29	2434	else {
Vanger	0:b86d15c6ba29	2435	ret = SSL_BAD_FILE;
Vanger	0:b86d15c6ba29	2436	}
Vanger	0:b86d15c6ba29	2437	}
Vanger	0:b86d15c6ba29	2438
Vanger	0:b86d15c6ba29	2439	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	2440	XFREE(password, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	2441	XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	2442	XFREE(iv, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	2443	#endif
Vanger	0:b86d15c6ba29	2444
Vanger	0:b86d15c6ba29	2445	if (ret != 0) {
Vanger	0:b86d15c6ba29	2446	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	2447	XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	2448	#endif
Vanger	0:b86d15c6ba29	2449	XFREE(der.buffer, heap, dynamicType);
Vanger	0:b86d15c6ba29	2450	return ret;
Vanger	0:b86d15c6ba29	2451	}
Vanger	0:b86d15c6ba29	2452	}
Vanger	0:b86d15c6ba29	2453	#endif /* OPENSSL_EXTRA \|\| HAVE_WEBSERVER */
Vanger	0:b86d15c6ba29	2454
Vanger	0:b86d15c6ba29	2455	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	2456	XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	2457	#endif
Vanger	0:b86d15c6ba29	2458
Vanger	0:b86d15c6ba29	2459	if (type == CA_TYPE) {
Vanger	0:b86d15c6ba29	2460	if (ctx == NULL) {
Vanger	0:b86d15c6ba29	2461	CYASSL_MSG("Need context for CA load");
Vanger	0:b86d15c6ba29	2462	XFREE(der.buffer, heap, dynamicType);
Vanger	0:b86d15c6ba29	2463	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	2464	}
Vanger	0:b86d15c6ba29	2465	return AddCA(ctx->cm, der, CYASSL_USER_CA, ctx->verifyPeer);
Vanger	0:b86d15c6ba29	2466	/* takes der over */
Vanger	0:b86d15c6ba29	2467	}
Vanger	0:b86d15c6ba29	2468	else if (type == CERT_TYPE) {
Vanger	0:b86d15c6ba29	2469	if (ssl) {
Vanger	0:b86d15c6ba29	2470	if (ssl->buffers.weOwnCert && ssl->buffers.certificate.buffer)
Vanger	0:b86d15c6ba29	2471	XFREE(ssl->buffers.certificate.buffer, heap, dynamicType);
Vanger	0:b86d15c6ba29	2472	ssl->buffers.certificate = der;
Vanger	0:b86d15c6ba29	2473	ssl->buffers.weOwnCert = 1;
Vanger	0:b86d15c6ba29	2474	}
Vanger	0:b86d15c6ba29	2475	else if (ctx) {
Vanger	0:b86d15c6ba29	2476	if (ctx->certificate.buffer)
Vanger	0:b86d15c6ba29	2477	XFREE(ctx->certificate.buffer, heap, dynamicType);
Vanger	0:b86d15c6ba29	2478	ctx->certificate = der; /* takes der over */
Vanger	0:b86d15c6ba29	2479	}
Vanger	0:b86d15c6ba29	2480	}
Vanger	0:b86d15c6ba29	2481	else if (type == PRIVATEKEY_TYPE) {
Vanger	0:b86d15c6ba29	2482	if (ssl) {
Vanger	0:b86d15c6ba29	2483	if (ssl->buffers.weOwnKey && ssl->buffers.key.buffer)
Vanger	0:b86d15c6ba29	2484	XFREE(ssl->buffers.key.buffer, heap, dynamicType);
Vanger	0:b86d15c6ba29	2485	ssl->buffers.key = der;
Vanger	0:b86d15c6ba29	2486	ssl->buffers.weOwnKey = 1;
Vanger	0:b86d15c6ba29	2487	}
Vanger	0:b86d15c6ba29	2488	else if (ctx) {
Vanger	0:b86d15c6ba29	2489	if (ctx->privateKey.buffer)
Vanger	0:b86d15c6ba29	2490	XFREE(ctx->privateKey.buffer, heap, dynamicType);
Vanger	0:b86d15c6ba29	2491	ctx->privateKey = der; /* takes der over */
Vanger	0:b86d15c6ba29	2492	}
Vanger	0:b86d15c6ba29	2493	}
Vanger	0:b86d15c6ba29	2494	else {
Vanger	0:b86d15c6ba29	2495	XFREE(der.buffer, heap, dynamicType);
Vanger	0:b86d15c6ba29	2496	return SSL_BAD_CERTTYPE;
Vanger	0:b86d15c6ba29	2497	}
Vanger	0:b86d15c6ba29	2498
Vanger	0:b86d15c6ba29	2499	if (type == PRIVATEKEY_TYPE && format != SSL_FILETYPE_RAW) {
Vanger	0:b86d15c6ba29	2500	#ifndef NO_RSA
Vanger	0:b86d15c6ba29	2501	if (!eccKey) {
Vanger	0:b86d15c6ba29	2502	/* make sure RSA key can be used */
Vanger	0:b86d15c6ba29	2503	word32 idx = 0;
Vanger	0:b86d15c6ba29	2504	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	2505	RsaKey* key = NULL;
Vanger	0:b86d15c6ba29	2506	#else
Vanger	0:b86d15c6ba29	2507	RsaKey key[1];
Vanger	0:b86d15c6ba29	2508	#endif
Vanger	0:b86d15c6ba29	2509
Vanger	0:b86d15c6ba29	2510	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	2511	key = (RsaKey*)XMALLOC(sizeof(RsaKey), NULL,
Vanger	0:b86d15c6ba29	2512	DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	2513	if (key == NULL)
Vanger	0:b86d15c6ba29	2514	return MEMORY_E;
Vanger	0:b86d15c6ba29	2515	#endif
Vanger	0:b86d15c6ba29	2516
Vanger	0:b86d15c6ba29	2517	ret = InitRsaKey(key, 0);
Vanger	0:b86d15c6ba29	2518	if (ret == 0) {
Vanger	0:b86d15c6ba29	2519	if (RsaPrivateKeyDecode(der.buffer, &idx, key, der.length) !=
Vanger	0:b86d15c6ba29	2520	0) {
Vanger	0:b86d15c6ba29	2521	#ifdef HAVE_ECC
Vanger	0:b86d15c6ba29	2522	/* could have DER ECC (or pkcs8 ecc), no easy way to tell */
Vanger	0:b86d15c6ba29	2523	eccKey = 1; /* so try it out */
Vanger	0:b86d15c6ba29	2524	#endif
Vanger	0:b86d15c6ba29	2525	if (!eccKey)
Vanger	0:b86d15c6ba29	2526	ret = SSL_BAD_FILE;
Vanger	0:b86d15c6ba29	2527	} else {
Vanger	0:b86d15c6ba29	2528	rsaKey = 1;
Vanger	0:b86d15c6ba29	2529	(void)rsaKey; /* for no ecc builds */
Vanger	0:b86d15c6ba29	2530	}
Vanger	0:b86d15c6ba29	2531	}
Vanger	0:b86d15c6ba29	2532
Vanger	0:b86d15c6ba29	2533	FreeRsaKey(key);
Vanger	0:b86d15c6ba29	2534
Vanger	0:b86d15c6ba29	2535	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	2536	XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	2537	#endif
Vanger	0:b86d15c6ba29	2538
Vanger	0:b86d15c6ba29	2539	if (ret != 0)
Vanger	0:b86d15c6ba29	2540	return ret;
Vanger	0:b86d15c6ba29	2541	}
Vanger	0:b86d15c6ba29	2542	#endif
Vanger	0:b86d15c6ba29	2543	#ifdef HAVE_ECC
Vanger	0:b86d15c6ba29	2544	if (!rsaKey) {
Vanger	0:b86d15c6ba29	2545	/* make sure ECC key can be used */
Vanger	0:b86d15c6ba29	2546	word32 idx = 0;
Vanger	0:b86d15c6ba29	2547	ecc_key key;
Vanger	0:b86d15c6ba29	2548
Vanger	0:b86d15c6ba29	2549	ecc_init(&key);
Vanger	0:b86d15c6ba29	2550	if (EccPrivateKeyDecode(der.buffer,&idx,&key,der.length) != 0) {
Vanger	0:b86d15c6ba29	2551	ecc_free(&key);
Vanger	0:b86d15c6ba29	2552	return SSL_BAD_FILE;
Vanger	0:b86d15c6ba29	2553	}
Vanger	0:b86d15c6ba29	2554	ecc_free(&key);
Vanger	0:b86d15c6ba29	2555	eccKey = 1;
Vanger	0:b86d15c6ba29	2556	if (ctx)
Vanger	0:b86d15c6ba29	2557	ctx->haveStaticECC = 1;
Vanger	0:b86d15c6ba29	2558	if (ssl)
Vanger	0:b86d15c6ba29	2559	ssl->options.haveStaticECC = 1;
Vanger	0:b86d15c6ba29	2560	}
Vanger	0:b86d15c6ba29	2561	#endif /* HAVE_ECC */
Vanger	0:b86d15c6ba29	2562	}
Vanger	0:b86d15c6ba29	2563	else if (type == CERT_TYPE) {
Vanger	0:b86d15c6ba29	2564	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	2565	DecodedCert* cert = NULL;
Vanger	0:b86d15c6ba29	2566	#else
Vanger	0:b86d15c6ba29	2567	DecodedCert cert[1];
Vanger	0:b86d15c6ba29	2568	#endif
Vanger	0:b86d15c6ba29	2569
Vanger	0:b86d15c6ba29	2570	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	2571	cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL,
Vanger	0:b86d15c6ba29	2572	DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	2573	if (cert == NULL)
Vanger	0:b86d15c6ba29	2574	return MEMORY_E;
Vanger	0:b86d15c6ba29	2575	#endif
Vanger	0:b86d15c6ba29	2576
Vanger	0:b86d15c6ba29	2577	CYASSL_MSG("Checking cert signature type");
Vanger	0:b86d15c6ba29	2578	InitDecodedCert(cert, der.buffer, der.length, heap);
Vanger	0:b86d15c6ba29	2579
Vanger	0:b86d15c6ba29	2580	if (DecodeToKey(cert, 0) < 0) {
Vanger	0:b86d15c6ba29	2581	CYASSL_MSG("Decode to key failed");
Vanger	0:b86d15c6ba29	2582	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	2583	XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	2584	#endif
Vanger	0:b86d15c6ba29	2585	return SSL_BAD_FILE;
Vanger	0:b86d15c6ba29	2586	}
Vanger	0:b86d15c6ba29	2587	switch (cert->signatureOID) {
Vanger	0:b86d15c6ba29	2588	case CTC_SHAwECDSA:
Vanger	0:b86d15c6ba29	2589	case CTC_SHA256wECDSA:
Vanger	0:b86d15c6ba29	2590	case CTC_SHA384wECDSA:
Vanger	0:b86d15c6ba29	2591	case CTC_SHA512wECDSA:
Vanger	0:b86d15c6ba29	2592	CYASSL_MSG("ECDSA cert signature");
Vanger	0:b86d15c6ba29	2593	if (ctx)
Vanger	0:b86d15c6ba29	2594	ctx->haveECDSAsig = 1;
Vanger	0:b86d15c6ba29	2595	if (ssl)
Vanger	0:b86d15c6ba29	2596	ssl->options.haveECDSAsig = 1;
Vanger	0:b86d15c6ba29	2597	break;
Vanger	0:b86d15c6ba29	2598	default:
Vanger	0:b86d15c6ba29	2599	CYASSL_MSG("Not ECDSA cert signature");
Vanger	0:b86d15c6ba29	2600	break;
Vanger	0:b86d15c6ba29	2601	}
Vanger	0:b86d15c6ba29	2602
Vanger	0:b86d15c6ba29	2603	#ifdef HAVE_ECC
Vanger	0:b86d15c6ba29	2604	if (ctx)
Vanger	0:b86d15c6ba29	2605	ctx->pkCurveOID = cert->pkCurveOID;
Vanger	0:b86d15c6ba29	2606	if (ssl)
Vanger	0:b86d15c6ba29	2607	ssl->pkCurveOID = cert->pkCurveOID;
Vanger	0:b86d15c6ba29	2608	#endif
Vanger	0:b86d15c6ba29	2609
Vanger	0:b86d15c6ba29	2610	FreeDecodedCert(cert);
Vanger	0:b86d15c6ba29	2611	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	2612	XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	2613	#endif
Vanger	0:b86d15c6ba29	2614	}
Vanger	0:b86d15c6ba29	2615
Vanger	0:b86d15c6ba29	2616	return SSL_SUCCESS;
Vanger	0:b86d15c6ba29	2617	}
Vanger	0:b86d15c6ba29	2618
Vanger	0:b86d15c6ba29	2619
Vanger	0:b86d15c6ba29	2620	/* CA PEM file for verification, may have multiple/chain certs to process */
Vanger	0:b86d15c6ba29	2621	static int ProcessChainBuffer(CYASSL_CTX* ctx, const unsigned char* buff,
Vanger	0:b86d15c6ba29	2622	long sz, int format, int type, CYASSL* ssl)
Vanger	0:b86d15c6ba29	2623	{
Vanger	0:b86d15c6ba29	2624	long used = 0;
Vanger	0:b86d15c6ba29	2625	int ret = 0;
Vanger	0:b86d15c6ba29	2626	int gotOne = 0;
Vanger	0:b86d15c6ba29	2627
Vanger	0:b86d15c6ba29	2628	CYASSL_MSG("Processing CA PEM file");
Vanger	0:b86d15c6ba29	2629	while (used < sz) {
Vanger	0:b86d15c6ba29	2630	long consumed = 0;
Vanger	0:b86d15c6ba29	2631
Vanger	0:b86d15c6ba29	2632	ret = ProcessBuffer(ctx, buff + used, sz - used, format, type, ssl,
Vanger	0:b86d15c6ba29	2633	&consumed, 0);
Vanger	0:b86d15c6ba29	2634
Vanger	0:b86d15c6ba29	2635	if (ret == SSL_NO_PEM_HEADER && gotOne) {
Vanger	0:b86d15c6ba29	2636	CYASSL_MSG("We got one good PEM file so stuff at end ok");
Vanger	0:b86d15c6ba29	2637	ret = SSL_SUCCESS;
Vanger	0:b86d15c6ba29	2638	break;
Vanger	0:b86d15c6ba29	2639	}
Vanger	0:b86d15c6ba29	2640
Vanger	0:b86d15c6ba29	2641	if (ret < 0)
Vanger	0:b86d15c6ba29	2642	break;
Vanger	0:b86d15c6ba29	2643
Vanger	0:b86d15c6ba29	2644	CYASSL_MSG(" Processed a CA");
Vanger	0:b86d15c6ba29	2645	gotOne = 1;
Vanger	0:b86d15c6ba29	2646	used += consumed;
Vanger	0:b86d15c6ba29	2647	}
Vanger	0:b86d15c6ba29	2648
Vanger	0:b86d15c6ba29	2649	return ret;
Vanger	0:b86d15c6ba29	2650	}
Vanger	0:b86d15c6ba29	2651
Vanger	0:b86d15c6ba29	2652
Vanger	0:b86d15c6ba29	2653	/* Verify the ceritficate, SSL_SUCCESS for ok, < 0 for error */
Vanger	0:b86d15c6ba29	2654	int CyaSSL_CertManagerVerifyBuffer(CYASSL_CERT_MANAGER* cm, const byte* buff,
Vanger	0:b86d15c6ba29	2655	long sz, int format)
Vanger	0:b86d15c6ba29	2656	{
Vanger	0:b86d15c6ba29	2657	int ret = 0;
Vanger	0:b86d15c6ba29	2658	buffer der;
Vanger	0:b86d15c6ba29	2659	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	2660	DecodedCert* cert = NULL;
Vanger	0:b86d15c6ba29	2661	#else
Vanger	0:b86d15c6ba29	2662	DecodedCert cert[1];
Vanger	0:b86d15c6ba29	2663	#endif
Vanger	0:b86d15c6ba29	2664
Vanger	0:b86d15c6ba29	2665	CYASSL_ENTER("CyaSSL_CertManagerVerifyBuffer");
Vanger	0:b86d15c6ba29	2666
Vanger	0:b86d15c6ba29	2667	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	2668	cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL,
Vanger	0:b86d15c6ba29	2669	DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	2670	if (cert == NULL)
Vanger	0:b86d15c6ba29	2671	return MEMORY_E;
Vanger	0:b86d15c6ba29	2672	#endif
Vanger	0:b86d15c6ba29	2673
Vanger	0:b86d15c6ba29	2674	der.buffer = NULL;
Vanger	0:b86d15c6ba29	2675	der.length = 0;
Vanger	0:b86d15c6ba29	2676
Vanger	0:b86d15c6ba29	2677	if (format == SSL_FILETYPE_PEM) {
Vanger	0:b86d15c6ba29	2678	int eccKey = 0; /* not used */
Vanger	0:b86d15c6ba29	2679	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	2680	EncryptedInfo* info = NULL;
Vanger	0:b86d15c6ba29	2681	#else
Vanger	0:b86d15c6ba29	2682	EncryptedInfo info[1];
Vanger	0:b86d15c6ba29	2683	#endif
Vanger	0:b86d15c6ba29	2684
Vanger	0:b86d15c6ba29	2685	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	2686	info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), NULL,
Vanger	0:b86d15c6ba29	2687	DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	2688	if (info == NULL) {
Vanger	0:b86d15c6ba29	2689	XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	2690	return MEMORY_E;
Vanger	0:b86d15c6ba29	2691	}
Vanger	0:b86d15c6ba29	2692	#endif
Vanger	0:b86d15c6ba29	2693
Vanger	0:b86d15c6ba29	2694	info->set = 0;
Vanger	0:b86d15c6ba29	2695	info->ctx = NULL;
Vanger	0:b86d15c6ba29	2696	info->consumed = 0;
Vanger	0:b86d15c6ba29	2697
Vanger	0:b86d15c6ba29	2698	ret = PemToDer(buff, sz, CERT_TYPE, &der, cm->heap, info, &eccKey);
Vanger	0:b86d15c6ba29	2699
Vanger	0:b86d15c6ba29	2700	if (ret == 0)
Vanger	0:b86d15c6ba29	2701	InitDecodedCert(cert, der.buffer, der.length, cm->heap);
Vanger	0:b86d15c6ba29	2702
Vanger	0:b86d15c6ba29	2703	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	2704	XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	2705	#endif
Vanger	0:b86d15c6ba29	2706	}
Vanger	0:b86d15c6ba29	2707	else
Vanger	0:b86d15c6ba29	2708	InitDecodedCert(cert, (byte*)buff, (word32)sz, cm->heap);
Vanger	0:b86d15c6ba29	2709
Vanger	0:b86d15c6ba29	2710	if (ret == 0)
Vanger	0:b86d15c6ba29	2711	ret = ParseCertRelative(cert, CERT_TYPE, 1, cm);
Vanger	0:b86d15c6ba29	2712
Vanger	0:b86d15c6ba29	2713	#ifdef HAVE_CRL
Vanger	0:b86d15c6ba29	2714	if (ret == 0 && cm->crlEnabled)
Vanger	0:b86d15c6ba29	2715	ret = CheckCertCRL(cm->crl, cert);
Vanger	0:b86d15c6ba29	2716	#endif
Vanger	0:b86d15c6ba29	2717
Vanger	0:b86d15c6ba29	2718	FreeDecodedCert(cert);
Vanger	0:b86d15c6ba29	2719
Vanger	0:b86d15c6ba29	2720	XFREE(der.buffer, cm->heap, DYNAMIC_TYPE_CERT);
Vanger	0:b86d15c6ba29	2721	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	2722	XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	2723	#endif
Vanger	0:b86d15c6ba29	2724
Vanger	0:b86d15c6ba29	2725	return ret == 0 ? SSL_SUCCESS : ret;
Vanger	0:b86d15c6ba29	2726	}
Vanger	0:b86d15c6ba29	2727
Vanger	0:b86d15c6ba29	2728
Vanger	0:b86d15c6ba29	2729	/* turn on OCSP if off and compiled in, set options */
Vanger	0:b86d15c6ba29	2730	int CyaSSL_CertManagerEnableOCSP(CYASSL_CERT_MANAGER* cm, int options)
Vanger	0:b86d15c6ba29	2731	{
Vanger	0:b86d15c6ba29	2732	int ret = SSL_SUCCESS;
Vanger	0:b86d15c6ba29	2733
Vanger	0:b86d15c6ba29	2734	(void)options;
Vanger	0:b86d15c6ba29	2735
Vanger	0:b86d15c6ba29	2736	CYASSL_ENTER("CyaSSL_CertManagerEnableOCSP");
Vanger	0:b86d15c6ba29	2737	if (cm == NULL)
Vanger	0:b86d15c6ba29	2738	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	2739
Vanger	0:b86d15c6ba29	2740	#ifdef HAVE_OCSP
Vanger	0:b86d15c6ba29	2741	if (cm->ocsp == NULL) {
Vanger	0:b86d15c6ba29	2742	cm->ocsp = (CYASSL_OCSP*)XMALLOC(sizeof(CYASSL_OCSP), cm->heap,
Vanger	0:b86d15c6ba29	2743	DYNAMIC_TYPE_OCSP);
Vanger	0:b86d15c6ba29	2744	if (cm->ocsp == NULL)
Vanger	0:b86d15c6ba29	2745	return MEMORY_E;
Vanger	0:b86d15c6ba29	2746
Vanger	0:b86d15c6ba29	2747	if (InitOCSP(cm->ocsp, cm) != 0) {
Vanger	0:b86d15c6ba29	2748	CYASSL_MSG("Init OCSP failed");
Vanger	0:b86d15c6ba29	2749	FreeOCSP(cm->ocsp, 1);
Vanger	0:b86d15c6ba29	2750	cm->ocsp = NULL;
Vanger	0:b86d15c6ba29	2751	return SSL_FAILURE;
Vanger	0:b86d15c6ba29	2752	}
Vanger	0:b86d15c6ba29	2753	}
Vanger	0:b86d15c6ba29	2754	cm->ocspEnabled = 1;
Vanger	0:b86d15c6ba29	2755	if (options & CYASSL_OCSP_URL_OVERRIDE)
Vanger	0:b86d15c6ba29	2756	cm->ocspUseOverrideURL = 1;
Vanger	0:b86d15c6ba29	2757	if (options & CYASSL_OCSP_NO_NONCE)
Vanger	0:b86d15c6ba29	2758	cm->ocspSendNonce = 0;
Vanger	0:b86d15c6ba29	2759	else
Vanger	0:b86d15c6ba29	2760	cm->ocspSendNonce = 1;
Vanger	0:b86d15c6ba29	2761	#ifndef CYASSL_USER_IO
Vanger	0:b86d15c6ba29	2762	cm->ocspIOCb = EmbedOcspLookup;
Vanger	0:b86d15c6ba29	2763	cm->ocspRespFreeCb = EmbedOcspRespFree;
Vanger	0:b86d15c6ba29	2764	#endif /* CYASSL_USER_IO */
Vanger	0:b86d15c6ba29	2765	#else
Vanger	0:b86d15c6ba29	2766	ret = NOT_COMPILED_IN;
Vanger	0:b86d15c6ba29	2767	#endif
Vanger	0:b86d15c6ba29	2768
Vanger	0:b86d15c6ba29	2769	return ret;
Vanger	0:b86d15c6ba29	2770	}
Vanger	0:b86d15c6ba29	2771
Vanger	0:b86d15c6ba29	2772
Vanger	0:b86d15c6ba29	2773	int CyaSSL_CertManagerDisableOCSP(CYASSL_CERT_MANAGER* cm)
Vanger	0:b86d15c6ba29	2774	{
Vanger	0:b86d15c6ba29	2775	CYASSL_ENTER("CyaSSL_CertManagerDisableOCSP");
Vanger	0:b86d15c6ba29	2776	if (cm == NULL)
Vanger	0:b86d15c6ba29	2777	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	2778
Vanger	0:b86d15c6ba29	2779	cm->ocspEnabled = 0;
Vanger	0:b86d15c6ba29	2780
Vanger	0:b86d15c6ba29	2781	return SSL_SUCCESS;
Vanger	0:b86d15c6ba29	2782	}
Vanger	0:b86d15c6ba29	2783
Vanger	0:b86d15c6ba29	2784
Vanger	0:b86d15c6ba29	2785	#ifdef HAVE_OCSP
Vanger	0:b86d15c6ba29	2786
Vanger	0:b86d15c6ba29	2787
Vanger	0:b86d15c6ba29	2788	/* check CRL if enabled, SSL_SUCCESS */
Vanger	0:b86d15c6ba29	2789	int CyaSSL_CertManagerCheckOCSP(CYASSL_CERT_MANAGER* cm, byte* der, int sz)
Vanger	0:b86d15c6ba29	2790	{
Vanger	0:b86d15c6ba29	2791	int ret;
Vanger	0:b86d15c6ba29	2792	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	2793	DecodedCert* cert = NULL;
Vanger	0:b86d15c6ba29	2794	#else
Vanger	0:b86d15c6ba29	2795	DecodedCert cert[1];
Vanger	0:b86d15c6ba29	2796	#endif
Vanger	0:b86d15c6ba29	2797
Vanger	0:b86d15c6ba29	2798	CYASSL_ENTER("CyaSSL_CertManagerCheckOCSP");
Vanger	0:b86d15c6ba29	2799
Vanger	0:b86d15c6ba29	2800	if (cm == NULL)
Vanger	0:b86d15c6ba29	2801	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	2802
Vanger	0:b86d15c6ba29	2803	if (cm->ocspEnabled == 0)
Vanger	0:b86d15c6ba29	2804	return SSL_SUCCESS;
Vanger	0:b86d15c6ba29	2805
Vanger	0:b86d15c6ba29	2806	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	2807	cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL,
Vanger	0:b86d15c6ba29	2808	DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	2809	if (cert == NULL)
Vanger	0:b86d15c6ba29	2810	return MEMORY_E;
Vanger	0:b86d15c6ba29	2811	#endif
Vanger	0:b86d15c6ba29	2812
Vanger	0:b86d15c6ba29	2813	InitDecodedCert(cert, der, sz, NULL);
Vanger	0:b86d15c6ba29	2814
Vanger	0:b86d15c6ba29	2815	if ((ret = ParseCertRelative(cert, CERT_TYPE, NO_VERIFY, cm)) != 0) {
Vanger	0:b86d15c6ba29	2816	CYASSL_MSG("ParseCert failed");
Vanger	0:b86d15c6ba29	2817	}
Vanger	0:b86d15c6ba29	2818	else if ((ret = CheckCertOCSP(cm->ocsp, cert)) != 0) {
Vanger	0:b86d15c6ba29	2819	CYASSL_MSG("CheckCertOCSP failed");
Vanger	0:b86d15c6ba29	2820	}
Vanger	0:b86d15c6ba29	2821
Vanger	0:b86d15c6ba29	2822	FreeDecodedCert(cert);
Vanger	0:b86d15c6ba29	2823	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	2824	XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	2825	#endif
Vanger	0:b86d15c6ba29	2826
Vanger	0:b86d15c6ba29	2827	return ret == 0 ? SSL_SUCCESS : ret;
Vanger	0:b86d15c6ba29	2828	}
Vanger	0:b86d15c6ba29	2829
Vanger	0:b86d15c6ba29	2830
Vanger	0:b86d15c6ba29	2831	int CyaSSL_CertManagerSetOCSPOverrideURL(CYASSL_CERT_MANAGER* cm,
Vanger	0:b86d15c6ba29	2832	const char* url)
Vanger	0:b86d15c6ba29	2833	{
Vanger	0:b86d15c6ba29	2834	CYASSL_ENTER("CyaSSL_CertManagerSetOCSPOverrideURL");
Vanger	0:b86d15c6ba29	2835	if (cm == NULL)
Vanger	0:b86d15c6ba29	2836	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	2837
Vanger	0:b86d15c6ba29	2838	XFREE(cm->ocspOverrideURL, cm->heap, 0);
Vanger	0:b86d15c6ba29	2839	if (url != NULL) {
Vanger	0:b86d15c6ba29	2840	int urlSz = (int)XSTRLEN(url) + 1;
Vanger	0:b86d15c6ba29	2841	cm->ocspOverrideURL = (char*)XMALLOC(urlSz, cm->heap, 0);
Vanger	0:b86d15c6ba29	2842	if (cm->ocspOverrideURL != NULL) {
Vanger	0:b86d15c6ba29	2843	XMEMCPY(cm->ocspOverrideURL, url, urlSz);
Vanger	0:b86d15c6ba29	2844	}
Vanger	0:b86d15c6ba29	2845	else
Vanger	0:b86d15c6ba29	2846	return MEMORY_E;
Vanger	0:b86d15c6ba29	2847	}
Vanger	0:b86d15c6ba29	2848	else
Vanger	0:b86d15c6ba29	2849	cm->ocspOverrideURL = NULL;
Vanger	0:b86d15c6ba29	2850
Vanger	0:b86d15c6ba29	2851	return SSL_SUCCESS;
Vanger	0:b86d15c6ba29	2852	}
Vanger	0:b86d15c6ba29	2853
Vanger	0:b86d15c6ba29	2854
Vanger	0:b86d15c6ba29	2855	int CyaSSL_CertManagerSetOCSP_Cb(CYASSL_CERT_MANAGER* cm,
Vanger	0:b86d15c6ba29	2856	CbOCSPIO ioCb, CbOCSPRespFree respFreeCb, void* ioCbCtx)
Vanger	0:b86d15c6ba29	2857	{
Vanger	0:b86d15c6ba29	2858	CYASSL_ENTER("CyaSSL_CertManagerSetOCSP_Cb");
Vanger	0:b86d15c6ba29	2859	if (cm == NULL)
Vanger	0:b86d15c6ba29	2860	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	2861
Vanger	0:b86d15c6ba29	2862	cm->ocspIOCb = ioCb;
Vanger	0:b86d15c6ba29	2863	cm->ocspRespFreeCb = respFreeCb;
Vanger	0:b86d15c6ba29	2864	cm->ocspIOCtx = ioCbCtx;
Vanger	0:b86d15c6ba29	2865
Vanger	0:b86d15c6ba29	2866	return SSL_SUCCESS;
Vanger	0:b86d15c6ba29	2867	}
Vanger	0:b86d15c6ba29	2868
Vanger	0:b86d15c6ba29	2869
Vanger	0:b86d15c6ba29	2870	int CyaSSL_EnableOCSP(CYASSL* ssl, int options)
Vanger	0:b86d15c6ba29	2871	{
Vanger	0:b86d15c6ba29	2872	CYASSL_ENTER("CyaSSL_EnableOCSP");
Vanger	0:b86d15c6ba29	2873	if (ssl)
Vanger	0:b86d15c6ba29	2874	return CyaSSL_CertManagerEnableOCSP(ssl->ctx->cm, options);
Vanger	0:b86d15c6ba29	2875	else
Vanger	0:b86d15c6ba29	2876	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	2877	}
Vanger	0:b86d15c6ba29	2878
Vanger	0:b86d15c6ba29	2879
Vanger	0:b86d15c6ba29	2880	int CyaSSL_DisableOCSP(CYASSL* ssl)
Vanger	0:b86d15c6ba29	2881	{
Vanger	0:b86d15c6ba29	2882	CYASSL_ENTER("CyaSSL_DisableOCSP");
Vanger	0:b86d15c6ba29	2883	if (ssl)
Vanger	0:b86d15c6ba29	2884	return CyaSSL_CertManagerDisableOCSP(ssl->ctx->cm);
Vanger	0:b86d15c6ba29	2885	else
Vanger	0:b86d15c6ba29	2886	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	2887	}
Vanger	0:b86d15c6ba29	2888
Vanger	0:b86d15c6ba29	2889
Vanger	0:b86d15c6ba29	2890	int CyaSSL_SetOCSP_OverrideURL(CYASSL* ssl, const char* url)
Vanger	0:b86d15c6ba29	2891	{
Vanger	0:b86d15c6ba29	2892	CYASSL_ENTER("CyaSSL_SetOCSP_OverrideURL");
Vanger	0:b86d15c6ba29	2893	if (ssl)
Vanger	0:b86d15c6ba29	2894	return CyaSSL_CertManagerSetOCSPOverrideURL(ssl->ctx->cm, url);
Vanger	0:b86d15c6ba29	2895	else
Vanger	0:b86d15c6ba29	2896	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	2897	}
Vanger	0:b86d15c6ba29	2898
Vanger	0:b86d15c6ba29	2899
Vanger	0:b86d15c6ba29	2900	int CyaSSL_SetOCSP_Cb(CYASSL* ssl,
Vanger	0:b86d15c6ba29	2901	CbOCSPIO ioCb, CbOCSPRespFree respFreeCb, void* ioCbCtx)
Vanger	0:b86d15c6ba29	2902	{
Vanger	0:b86d15c6ba29	2903	CYASSL_ENTER("CyaSSL_SetOCSP_Cb");
Vanger	0:b86d15c6ba29	2904	if (ssl)
Vanger	0:b86d15c6ba29	2905	return CyaSSL_CertManagerSetOCSP_Cb(ssl->ctx->cm,
Vanger	0:b86d15c6ba29	2906	ioCb, respFreeCb, ioCbCtx);
Vanger	0:b86d15c6ba29	2907	else
Vanger	0:b86d15c6ba29	2908	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	2909	}
Vanger	0:b86d15c6ba29	2910
Vanger	0:b86d15c6ba29	2911
Vanger	0:b86d15c6ba29	2912	int CyaSSL_CTX_EnableOCSP(CYASSL_CTX* ctx, int options)
Vanger	0:b86d15c6ba29	2913	{
Vanger	0:b86d15c6ba29	2914	CYASSL_ENTER("CyaSSL_CTX_EnableOCSP");
Vanger	0:b86d15c6ba29	2915	if (ctx)
Vanger	0:b86d15c6ba29	2916	return CyaSSL_CertManagerEnableOCSP(ctx->cm, options);
Vanger	0:b86d15c6ba29	2917	else
Vanger	0:b86d15c6ba29	2918	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	2919	}
Vanger	0:b86d15c6ba29	2920
Vanger	0:b86d15c6ba29	2921
Vanger	0:b86d15c6ba29	2922	int CyaSSL_CTX_DisableOCSP(CYASSL_CTX* ctx)
Vanger	0:b86d15c6ba29	2923	{
Vanger	0:b86d15c6ba29	2924	CYASSL_ENTER("CyaSSL_CTX_DisableOCSP");
Vanger	0:b86d15c6ba29	2925	if (ctx)
Vanger	0:b86d15c6ba29	2926	return CyaSSL_CertManagerDisableOCSP(ctx->cm);
Vanger	0:b86d15c6ba29	2927	else
Vanger	0:b86d15c6ba29	2928	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	2929	}
Vanger	0:b86d15c6ba29	2930
Vanger	0:b86d15c6ba29	2931
Vanger	0:b86d15c6ba29	2932	int CyaSSL_CTX_SetOCSP_OverrideURL(CYASSL_CTX* ctx, const char* url)
Vanger	0:b86d15c6ba29	2933	{
Vanger	0:b86d15c6ba29	2934	CYASSL_ENTER("CyaSSL_SetOCSP_OverrideURL");
Vanger	0:b86d15c6ba29	2935	if (ctx)
Vanger	0:b86d15c6ba29	2936	return CyaSSL_CertManagerSetOCSPOverrideURL(ctx->cm, url);
Vanger	0:b86d15c6ba29	2937	else
Vanger	0:b86d15c6ba29	2938	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	2939	}
Vanger	0:b86d15c6ba29	2940
Vanger	0:b86d15c6ba29	2941
Vanger	0:b86d15c6ba29	2942	int CyaSSL_CTX_SetOCSP_Cb(CYASSL_CTX* ctx,
Vanger	0:b86d15c6ba29	2943	CbOCSPIO ioCb, CbOCSPRespFree respFreeCb, void* ioCbCtx)
Vanger	0:b86d15c6ba29	2944	{
Vanger	0:b86d15c6ba29	2945	CYASSL_ENTER("CyaSSL_CTX_SetOCSP_Cb");
Vanger	0:b86d15c6ba29	2946	if (ctx)
Vanger	0:b86d15c6ba29	2947	return CyaSSL_CertManagerSetOCSP_Cb(ctx->cm, ioCb, respFreeCb, ioCbCtx);
Vanger	0:b86d15c6ba29	2948	else
Vanger	0:b86d15c6ba29	2949	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	2950	}
Vanger	0:b86d15c6ba29	2951
Vanger	0:b86d15c6ba29	2952
Vanger	0:b86d15c6ba29	2953	#endif /* HAVE_OCSP */
Vanger	0:b86d15c6ba29	2954
Vanger	0:b86d15c6ba29	2955
Vanger	0:b86d15c6ba29	2956	#ifndef NO_FILESYSTEM
Vanger	0:b86d15c6ba29	2957
Vanger	0:b86d15c6ba29	2958	#if defined(CYASSL_MDK_ARM)
Vanger	0:b86d15c6ba29	2959	extern FILE * CyaSSL_fopen(const char name, const char mode) ;
Vanger	0:b86d15c6ba29	2960	#define XFOPEN CyaSSL_fopen
Vanger	0:b86d15c6ba29	2961	#else
Vanger	0:b86d15c6ba29	2962	#define XFOPEN fopen
Vanger	0:b86d15c6ba29	2963	#endif
Vanger	0:b86d15c6ba29	2964
Vanger	0:b86d15c6ba29	2965	/* process a file with name fname into ctx of format and type
Vanger	0:b86d15c6ba29	2966	userChain specifies a user certificate chain to pass during handshake */
Vanger	0:b86d15c6ba29	2967	int ProcessFile(CYASSL_CTX* ctx, const char* fname, int format, int type,
Vanger	0:b86d15c6ba29	2968	CYASSL* ssl, int userChain, CYASSL_CRL* crl)
Vanger	0:b86d15c6ba29	2969	{
Vanger	0:b86d15c6ba29	2970	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	2971	byte staticBuffer[1]; /* force heap usage */
Vanger	0:b86d15c6ba29	2972	#else
Vanger	0:b86d15c6ba29	2973	byte staticBuffer[FILE_BUFFER_SIZE];
Vanger	0:b86d15c6ba29	2974	#endif
Vanger	0:b86d15c6ba29	2975	byte* myBuffer = staticBuffer;
Vanger	0:b86d15c6ba29	2976	int dynamic = 0;
Vanger	0:b86d15c6ba29	2977	int ret;
Vanger	0:b86d15c6ba29	2978	long sz = 0;
Vanger	0:b86d15c6ba29	2979	XFILE file;
Vanger	0:b86d15c6ba29	2980	void* heapHint = ctx ? ctx->heap : NULL;
Vanger	0:b86d15c6ba29	2981
Vanger	0:b86d15c6ba29	2982	(void)crl;
Vanger	0:b86d15c6ba29	2983	(void)heapHint;
Vanger	0:b86d15c6ba29	2984
Vanger	0:b86d15c6ba29	2985	if (fname == NULL) return SSL_BAD_FILE;
Vanger	0:b86d15c6ba29	2986
Vanger	0:b86d15c6ba29	2987	file = XFOPEN(fname, "rb");
Vanger	0:b86d15c6ba29	2988	if (file == XBADFILE) return SSL_BAD_FILE;
Vanger	0:b86d15c6ba29	2989	XFSEEK(file, 0, XSEEK_END);
Vanger	0:b86d15c6ba29	2990	sz = XFTELL(file);
Vanger	0:b86d15c6ba29	2991	XREWIND(file);
Vanger	0:b86d15c6ba29	2992
Vanger	0:b86d15c6ba29	2993	if (sz > (long)sizeof(staticBuffer)) {
Vanger	0:b86d15c6ba29	2994	CYASSL_MSG("Getting dynamic buffer");
Vanger	0:b86d15c6ba29	2995	myBuffer = (byte*)XMALLOC(sz, heapHint, DYNAMIC_TYPE_FILE);
Vanger	0:b86d15c6ba29	2996	if (myBuffer == NULL) {
Vanger	0:b86d15c6ba29	2997	XFCLOSE(file);
Vanger	0:b86d15c6ba29	2998	return SSL_BAD_FILE;
Vanger	0:b86d15c6ba29	2999	}
Vanger	0:b86d15c6ba29	3000	dynamic = 1;
Vanger	0:b86d15c6ba29	3001	}
Vanger	0:b86d15c6ba29	3002	else if (sz < 0) {
Vanger	0:b86d15c6ba29	3003	XFCLOSE(file);
Vanger	0:b86d15c6ba29	3004	return SSL_BAD_FILE;
Vanger	0:b86d15c6ba29	3005	}
Vanger	0:b86d15c6ba29	3006
Vanger	0:b86d15c6ba29	3007	if ( (ret = (int)XFREAD(myBuffer, sz, 1, file)) < 0)
Vanger	0:b86d15c6ba29	3008	ret = SSL_BAD_FILE;
Vanger	0:b86d15c6ba29	3009	else {
Vanger	0:b86d15c6ba29	3010	if (type == CA_TYPE && format == SSL_FILETYPE_PEM)
Vanger	0:b86d15c6ba29	3011	ret = ProcessChainBuffer(ctx, myBuffer, sz, format, type, ssl);
Vanger	0:b86d15c6ba29	3012	#ifdef HAVE_CRL
Vanger	0:b86d15c6ba29	3013	else if (type == CRL_TYPE)
Vanger	0:b86d15c6ba29	3014	ret = BufferLoadCRL(crl, myBuffer, sz, format);
Vanger	0:b86d15c6ba29	3015	#endif
Vanger	0:b86d15c6ba29	3016	else
Vanger	0:b86d15c6ba29	3017	ret = ProcessBuffer(ctx, myBuffer, sz, format, type, ssl, NULL,
Vanger	0:b86d15c6ba29	3018	userChain);
Vanger	0:b86d15c6ba29	3019	}
Vanger	0:b86d15c6ba29	3020
Vanger	0:b86d15c6ba29	3021	XFCLOSE(file);
Vanger	0:b86d15c6ba29	3022	if (dynamic)
Vanger	0:b86d15c6ba29	3023	XFREE(myBuffer, heapHint, DYNAMIC_TYPE_FILE);
Vanger	0:b86d15c6ba29	3024
Vanger	0:b86d15c6ba29	3025	return ret;
Vanger	0:b86d15c6ba29	3026	}
Vanger	0:b86d15c6ba29	3027
Vanger	0:b86d15c6ba29	3028
Vanger	0:b86d15c6ba29	3029	/* loads file then loads each file in path, no c_rehash */
Vanger	0:b86d15c6ba29	3030	int CyaSSL_CTX_load_verify_locations(CYASSL_CTX* ctx, const char* file,
Vanger	0:b86d15c6ba29	3031	const char* path)
Vanger	0:b86d15c6ba29	3032	{
Vanger	0:b86d15c6ba29	3033	int ret = SSL_SUCCESS;
Vanger	0:b86d15c6ba29	3034
Vanger	0:b86d15c6ba29	3035	CYASSL_ENTER("CyaSSL_CTX_load_verify_locations");
Vanger	0:b86d15c6ba29	3036	(void)path;
Vanger	0:b86d15c6ba29	3037
Vanger	0:b86d15c6ba29	3038	if (ctx == NULL \|\| (file == NULL && path == NULL) )
Vanger	0:b86d15c6ba29	3039	return SSL_FAILURE;
Vanger	0:b86d15c6ba29	3040
Vanger	0:b86d15c6ba29	3041	if (file)
Vanger	0:b86d15c6ba29	3042	ret = ProcessFile(ctx, file, SSL_FILETYPE_PEM, CA_TYPE, NULL, 0, NULL);
Vanger	0:b86d15c6ba29	3043
Vanger	0:b86d15c6ba29	3044	if (ret == SSL_SUCCESS && path) {
Vanger	0:b86d15c6ba29	3045	/* try to load each regular file in path */
Vanger	0:b86d15c6ba29	3046	#ifdef USE_WINDOWS_API
Vanger	0:b86d15c6ba29	3047	WIN32_FIND_DATAA FindFileData;
Vanger	0:b86d15c6ba29	3048	HANDLE hFind;
Vanger	0:b86d15c6ba29	3049	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	3050	char* name = NULL;
Vanger	0:b86d15c6ba29	3051	#else
Vanger	0:b86d15c6ba29	3052	char name[MAX_FILENAME_SZ];
Vanger	0:b86d15c6ba29	3053	#endif
Vanger	0:b86d15c6ba29	3054
Vanger	0:b86d15c6ba29	3055	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	3056	name = (char*)XMALLOC(MAX_FILENAME_SZ, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	3057	if (name == NULL)
Vanger	0:b86d15c6ba29	3058	return MEMORY_E;
Vanger	0:b86d15c6ba29	3059	#endif
Vanger	0:b86d15c6ba29	3060
Vanger	0:b86d15c6ba29	3061	XMEMSET(name, 0, MAX_FILENAME_SZ);
Vanger	0:b86d15c6ba29	3062	XSTRNCPY(name, path, MAX_FILENAME_SZ - 4);
Vanger	0:b86d15c6ba29	3063	XSTRNCAT(name, "\\*", 3);
Vanger	0:b86d15c6ba29	3064
Vanger	0:b86d15c6ba29	3065	hFind = FindFirstFileA(name, &FindFileData);
Vanger	0:b86d15c6ba29	3066	if (hFind == INVALID_HANDLE_VALUE) {
Vanger	0:b86d15c6ba29	3067	CYASSL_MSG("FindFirstFile for path verify locations failed");
Vanger	0:b86d15c6ba29	3068	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	3069	XFREE(name, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	3070	#endif
Vanger	0:b86d15c6ba29	3071	return BAD_PATH_ERROR;
Vanger	0:b86d15c6ba29	3072	}
Vanger	0:b86d15c6ba29	3073
Vanger	0:b86d15c6ba29	3074	do {
Vanger	0:b86d15c6ba29	3075	if (FindFileData.dwFileAttributes != FILE_ATTRIBUTE_DIRECTORY) {
Vanger	0:b86d15c6ba29	3076	XSTRNCPY(name, path, MAX_FILENAME_SZ/2 - 3);
Vanger	0:b86d15c6ba29	3077	XSTRNCAT(name, "\\", 2);
Vanger	0:b86d15c6ba29	3078	XSTRNCAT(name, FindFileData.cFileName, MAX_FILENAME_SZ/2);
Vanger	0:b86d15c6ba29	3079
Vanger	0:b86d15c6ba29	3080	ret = ProcessFile(ctx, name, SSL_FILETYPE_PEM, CA_TYPE, NULL,0,
Vanger	0:b86d15c6ba29	3081	NULL);
Vanger	0:b86d15c6ba29	3082	}
Vanger	0:b86d15c6ba29	3083	} while (ret == SSL_SUCCESS && FindNextFileA(hFind, &FindFileData));
Vanger	0:b86d15c6ba29	3084
Vanger	0:b86d15c6ba29	3085	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	3086	XFREE(name, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	3087	#endif
Vanger	0:b86d15c6ba29	3088
Vanger	0:b86d15c6ba29	3089	FindClose(hFind);
Vanger	0:b86d15c6ba29	3090	#elif !defined(NO_CYASSL_DIR)
Vanger	0:b86d15c6ba29	3091	struct dirent* entry;
Vanger	0:b86d15c6ba29	3092	DIR* dir = opendir(path);
Vanger	0:b86d15c6ba29	3093	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	3094	char* name = NULL;
Vanger	0:b86d15c6ba29	3095	#else
Vanger	0:b86d15c6ba29	3096	char name[MAX_FILENAME_SZ];
Vanger	0:b86d15c6ba29	3097	#endif
Vanger	0:b86d15c6ba29	3098
Vanger	0:b86d15c6ba29	3099	if (dir == NULL) {
Vanger	0:b86d15c6ba29	3100	CYASSL_MSG("opendir path verify locations failed");
Vanger	0:b86d15c6ba29	3101	return BAD_PATH_ERROR;
Vanger	0:b86d15c6ba29	3102	}
Vanger	0:b86d15c6ba29	3103
Vanger	0:b86d15c6ba29	3104	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	3105	name = (char*)XMALLOC(MAX_FILENAME_SZ, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	3106	if (name == NULL)
Vanger	0:b86d15c6ba29	3107	return MEMORY_E;
Vanger	0:b86d15c6ba29	3108	#endif
Vanger	0:b86d15c6ba29	3109
Vanger	0:b86d15c6ba29	3110	while ( ret == SSL_SUCCESS && (entry = readdir(dir)) != NULL) {
Vanger	0:b86d15c6ba29	3111	struct stat s;
Vanger	0:b86d15c6ba29	3112
Vanger	0:b86d15c6ba29	3113	XMEMSET(name, 0, MAX_FILENAME_SZ);
Vanger	0:b86d15c6ba29	3114	XSTRNCPY(name, path, MAX_FILENAME_SZ/2 - 2);
Vanger	0:b86d15c6ba29	3115	XSTRNCAT(name, "/", 1);
Vanger	0:b86d15c6ba29	3116	XSTRNCAT(name, entry->d_name, MAX_FILENAME_SZ/2);
Vanger	0:b86d15c6ba29	3117
Vanger	0:b86d15c6ba29	3118	if (stat(name, &s) != 0) {
Vanger	0:b86d15c6ba29	3119	CYASSL_MSG("stat on name failed");
Vanger	0:b86d15c6ba29	3120	ret = BAD_PATH_ERROR;
Vanger	0:b86d15c6ba29	3121	} else if (s.st_mode & S_IFREG)
Vanger	0:b86d15c6ba29	3122	ret = ProcessFile(ctx, name, SSL_FILETYPE_PEM, CA_TYPE, NULL,0,
Vanger	0:b86d15c6ba29	3123	NULL);
Vanger	0:b86d15c6ba29	3124	}
Vanger	0:b86d15c6ba29	3125
Vanger	0:b86d15c6ba29	3126	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	3127	XFREE(name, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	3128	#endif
Vanger	0:b86d15c6ba29	3129
Vanger	0:b86d15c6ba29	3130	closedir(dir);
Vanger	0:b86d15c6ba29	3131	#endif
Vanger	0:b86d15c6ba29	3132	}
Vanger	0:b86d15c6ba29	3133
Vanger	0:b86d15c6ba29	3134	return ret;
Vanger	0:b86d15c6ba29	3135	}
Vanger	0:b86d15c6ba29	3136
Vanger	0:b86d15c6ba29	3137
Vanger	0:b86d15c6ba29	3138	/* Verify the ceritficate, SSL_SUCCESS for ok, < 0 for error */
Vanger	0:b86d15c6ba29	3139	int CyaSSL_CertManagerVerify(CYASSL_CERT_MANAGER* cm, const char* fname,
Vanger	0:b86d15c6ba29	3140	int format)
Vanger	0:b86d15c6ba29	3141	{
Vanger	0:b86d15c6ba29	3142	int ret = SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	3143	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	3144	byte staticBuffer[1]; /* force heap usage */
Vanger	0:b86d15c6ba29	3145	#else
Vanger	0:b86d15c6ba29	3146	byte staticBuffer[FILE_BUFFER_SIZE];
Vanger	0:b86d15c6ba29	3147	#endif
Vanger	0:b86d15c6ba29	3148	byte* myBuffer = staticBuffer;
Vanger	0:b86d15c6ba29	3149	int dynamic = 0;
Vanger	0:b86d15c6ba29	3150	long sz = 0;
Vanger	0:b86d15c6ba29	3151	XFILE file = XFOPEN(fname, "rb");
Vanger	0:b86d15c6ba29	3152
Vanger	0:b86d15c6ba29	3153	CYASSL_ENTER("CyaSSL_CertManagerVerify");
Vanger	0:b86d15c6ba29	3154
Vanger	0:b86d15c6ba29	3155	if (file == XBADFILE) return SSL_BAD_FILE;
Vanger	0:b86d15c6ba29	3156	XFSEEK(file, 0, XSEEK_END);
Vanger	0:b86d15c6ba29	3157	sz = XFTELL(file);
Vanger	0:b86d15c6ba29	3158	XREWIND(file);
Vanger	0:b86d15c6ba29	3159
Vanger	0:b86d15c6ba29	3160	if (sz > MAX_CYASSL_FILE_SIZE \|\| sz < 0) {
Vanger	0:b86d15c6ba29	3161	CYASSL_MSG("CertManagerVerify file bad size");
Vanger	0:b86d15c6ba29	3162	XFCLOSE(file);
Vanger	0:b86d15c6ba29	3163	return SSL_BAD_FILE;
Vanger	0:b86d15c6ba29	3164	}
Vanger	0:b86d15c6ba29	3165
Vanger	0:b86d15c6ba29	3166	if (sz > (long)sizeof(staticBuffer)) {
Vanger	0:b86d15c6ba29	3167	CYASSL_MSG("Getting dynamic buffer");
Vanger	0:b86d15c6ba29	3168	myBuffer = (byte*) XMALLOC(sz, cm->heap, DYNAMIC_TYPE_FILE);
Vanger	0:b86d15c6ba29	3169	if (myBuffer == NULL) {
Vanger	0:b86d15c6ba29	3170	XFCLOSE(file);
Vanger	0:b86d15c6ba29	3171	return SSL_BAD_FILE;
Vanger	0:b86d15c6ba29	3172	}
Vanger	0:b86d15c6ba29	3173	dynamic = 1;
Vanger	0:b86d15c6ba29	3174	}
Vanger	0:b86d15c6ba29	3175
Vanger	0:b86d15c6ba29	3176	if ( (ret = (int)XFREAD(myBuffer, sz, 1, file)) < 0)
Vanger	0:b86d15c6ba29	3177	ret = SSL_BAD_FILE;
Vanger	0:b86d15c6ba29	3178	else
Vanger	0:b86d15c6ba29	3179	ret = CyaSSL_CertManagerVerifyBuffer(cm, myBuffer, sz, format);
Vanger	0:b86d15c6ba29	3180
Vanger	0:b86d15c6ba29	3181	XFCLOSE(file);
Vanger	0:b86d15c6ba29	3182	if (dynamic)
Vanger	0:b86d15c6ba29	3183	XFREE(myBuffer, cm->heap, DYNAMIC_TYPE_FILE);
Vanger	0:b86d15c6ba29	3184
Vanger	0:b86d15c6ba29	3185	return ret;
Vanger	0:b86d15c6ba29	3186	}
Vanger	0:b86d15c6ba29	3187
Vanger	0:b86d15c6ba29	3188
Vanger	0:b86d15c6ba29	3189	static INLINE CYASSL_METHOD* cm_pick_method(void)
Vanger	0:b86d15c6ba29	3190	{
Vanger	0:b86d15c6ba29	3191	#ifndef NO_CYASSL_CLIENT
Vanger	0:b86d15c6ba29	3192	#ifdef NO_OLD_TLS
Vanger	0:b86d15c6ba29	3193	return CyaTLSv1_2_client_method();
Vanger	0:b86d15c6ba29	3194	#else
Vanger	0:b86d15c6ba29	3195	return CyaSSLv3_client_method();
Vanger	0:b86d15c6ba29	3196	#endif
Vanger	0:b86d15c6ba29	3197	#elif !defined(NO_CYASSL_SERVER)
Vanger	0:b86d15c6ba29	3198	#ifdef NO_OLD_TLS
Vanger	0:b86d15c6ba29	3199	return CyaTLSv1_2_server_method();
Vanger	0:b86d15c6ba29	3200	#else
Vanger	0:b86d15c6ba29	3201	return CyaSSLv3_server_method();
Vanger	0:b86d15c6ba29	3202	#endif
Vanger	0:b86d15c6ba29	3203	#else
Vanger	0:b86d15c6ba29	3204	return NULL;
Vanger	0:b86d15c6ba29	3205	#endif
Vanger	0:b86d15c6ba29	3206	}
Vanger	0:b86d15c6ba29	3207
Vanger	0:b86d15c6ba29	3208
Vanger	0:b86d15c6ba29	3209	/* like load verify locations, 1 for success, < 0 for error */
Vanger	0:b86d15c6ba29	3210	int CyaSSL_CertManagerLoadCA(CYASSL_CERT_MANAGER* cm, const char* file,
Vanger	0:b86d15c6ba29	3211	const char* path)
Vanger	0:b86d15c6ba29	3212	{
Vanger	0:b86d15c6ba29	3213	int ret = SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	3214	CYASSL_CTX* tmp;
Vanger	0:b86d15c6ba29	3215
Vanger	0:b86d15c6ba29	3216	CYASSL_ENTER("CyaSSL_CertManagerLoadCA");
Vanger	0:b86d15c6ba29	3217
Vanger	0:b86d15c6ba29	3218	if (cm == NULL) {
Vanger	0:b86d15c6ba29	3219	CYASSL_MSG("No CertManager error");
Vanger	0:b86d15c6ba29	3220	return ret;
Vanger	0:b86d15c6ba29	3221	}
Vanger	0:b86d15c6ba29	3222	tmp = CyaSSL_CTX_new(cm_pick_method());
Vanger	0:b86d15c6ba29	3223
Vanger	0:b86d15c6ba29	3224	if (tmp == NULL) {
Vanger	0:b86d15c6ba29	3225	CYASSL_MSG("CTX new failed");
Vanger	0:b86d15c6ba29	3226	return ret;
Vanger	0:b86d15c6ba29	3227	}
Vanger	0:b86d15c6ba29	3228
Vanger	0:b86d15c6ba29	3229	/* for tmp use */
Vanger	0:b86d15c6ba29	3230	CyaSSL_CertManagerFree(tmp->cm);
Vanger	0:b86d15c6ba29	3231	tmp->cm = cm;
Vanger	0:b86d15c6ba29	3232
Vanger	0:b86d15c6ba29	3233	ret = CyaSSL_CTX_load_verify_locations(tmp, file, path);
Vanger	0:b86d15c6ba29	3234
Vanger	0:b86d15c6ba29	3235	/* don't loose our good one */
Vanger	0:b86d15c6ba29	3236	tmp->cm = NULL;
Vanger	0:b86d15c6ba29	3237	CyaSSL_CTX_free(tmp);
Vanger	0:b86d15c6ba29	3238
Vanger	0:b86d15c6ba29	3239	return ret;
Vanger	0:b86d15c6ba29	3240	}
Vanger	0:b86d15c6ba29	3241
Vanger	0:b86d15c6ba29	3242
Vanger	0:b86d15c6ba29	3243
Vanger	0:b86d15c6ba29	3244	/* turn on CRL if off and compiled in, set options */
Vanger	0:b86d15c6ba29	3245	int CyaSSL_CertManagerEnableCRL(CYASSL_CERT_MANAGER* cm, int options)
Vanger	0:b86d15c6ba29	3246	{
Vanger	0:b86d15c6ba29	3247	int ret = SSL_SUCCESS;
Vanger	0:b86d15c6ba29	3248
Vanger	0:b86d15c6ba29	3249	(void)options;
Vanger	0:b86d15c6ba29	3250
Vanger	0:b86d15c6ba29	3251	CYASSL_ENTER("CyaSSL_CertManagerEnableCRL");
Vanger	0:b86d15c6ba29	3252	if (cm == NULL)
Vanger	0:b86d15c6ba29	3253	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	3254
Vanger	0:b86d15c6ba29	3255	#ifdef HAVE_CRL
Vanger	0:b86d15c6ba29	3256	if (cm->crl == NULL) {
Vanger	0:b86d15c6ba29	3257	cm->crl = (CYASSL_CRL*)XMALLOC(sizeof(CYASSL_CRL), cm->heap,
Vanger	0:b86d15c6ba29	3258	DYNAMIC_TYPE_CRL);
Vanger	0:b86d15c6ba29	3259	if (cm->crl == NULL)
Vanger	0:b86d15c6ba29	3260	return MEMORY_E;
Vanger	0:b86d15c6ba29	3261
Vanger	0:b86d15c6ba29	3262	if (InitCRL(cm->crl, cm) != 0) {
Vanger	0:b86d15c6ba29	3263	CYASSL_MSG("Init CRL failed");
Vanger	0:b86d15c6ba29	3264	FreeCRL(cm->crl, 1);
Vanger	0:b86d15c6ba29	3265	cm->crl = NULL;
Vanger	0:b86d15c6ba29	3266	return SSL_FAILURE;
Vanger	0:b86d15c6ba29	3267	}
Vanger	0:b86d15c6ba29	3268	}
Vanger	0:b86d15c6ba29	3269	cm->crlEnabled = 1;
Vanger	0:b86d15c6ba29	3270	if (options & CYASSL_CRL_CHECKALL)
Vanger	0:b86d15c6ba29	3271	cm->crlCheckAll = 1;
Vanger	0:b86d15c6ba29	3272	#else
Vanger	0:b86d15c6ba29	3273	ret = NOT_COMPILED_IN;
Vanger	0:b86d15c6ba29	3274	#endif
Vanger	0:b86d15c6ba29	3275
Vanger	0:b86d15c6ba29	3276	return ret;
Vanger	0:b86d15c6ba29	3277	}
Vanger	0:b86d15c6ba29	3278
Vanger	0:b86d15c6ba29	3279
Vanger	0:b86d15c6ba29	3280	int CyaSSL_CertManagerDisableCRL(CYASSL_CERT_MANAGER* cm)
Vanger	0:b86d15c6ba29	3281	{
Vanger	0:b86d15c6ba29	3282	CYASSL_ENTER("CyaSSL_CertManagerDisableCRL");
Vanger	0:b86d15c6ba29	3283	if (cm == NULL)
Vanger	0:b86d15c6ba29	3284	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	3285
Vanger	0:b86d15c6ba29	3286	cm->crlEnabled = 0;
Vanger	0:b86d15c6ba29	3287
Vanger	0:b86d15c6ba29	3288	return SSL_SUCCESS;
Vanger	0:b86d15c6ba29	3289	}
Vanger	0:b86d15c6ba29	3290
Vanger	0:b86d15c6ba29	3291
Vanger	0:b86d15c6ba29	3292	int CyaSSL_CTX_check_private_key(CYASSL_CTX* ctx)
Vanger	0:b86d15c6ba29	3293	{
Vanger	0:b86d15c6ba29	3294	/* TODO: check private against public for RSA match */
Vanger	0:b86d15c6ba29	3295	(void)ctx;
Vanger	0:b86d15c6ba29	3296	CYASSL_ENTER("SSL_CTX_check_private_key");
Vanger	0:b86d15c6ba29	3297	return SSL_SUCCESS;
Vanger	0:b86d15c6ba29	3298	}
Vanger	0:b86d15c6ba29	3299
Vanger	0:b86d15c6ba29	3300
Vanger	0:b86d15c6ba29	3301	#ifdef HAVE_CRL
Vanger	0:b86d15c6ba29	3302
Vanger	0:b86d15c6ba29	3303
Vanger	0:b86d15c6ba29	3304	/* check CRL if enabled, SSL_SUCCESS */
Vanger	0:b86d15c6ba29	3305	int CyaSSL_CertManagerCheckCRL(CYASSL_CERT_MANAGER* cm, byte* der, int sz)
Vanger	0:b86d15c6ba29	3306	{
Vanger	0:b86d15c6ba29	3307	int ret = 0;
Vanger	0:b86d15c6ba29	3308	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	3309	DecodedCert* cert = NULL;
Vanger	0:b86d15c6ba29	3310	#else
Vanger	0:b86d15c6ba29	3311	DecodedCert cert[1];
Vanger	0:b86d15c6ba29	3312	#endif
Vanger	0:b86d15c6ba29	3313
Vanger	0:b86d15c6ba29	3314	CYASSL_ENTER("CyaSSL_CertManagerCheckCRL");
Vanger	0:b86d15c6ba29	3315
Vanger	0:b86d15c6ba29	3316	if (cm == NULL)
Vanger	0:b86d15c6ba29	3317	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	3318
Vanger	0:b86d15c6ba29	3319	if (cm->crlEnabled == 0)
Vanger	0:b86d15c6ba29	3320	return SSL_SUCCESS;
Vanger	0:b86d15c6ba29	3321
Vanger	0:b86d15c6ba29	3322	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	3323	cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL,
Vanger	0:b86d15c6ba29	3324	DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	3325	if (cert == NULL)
Vanger	0:b86d15c6ba29	3326	return MEMORY_E;
Vanger	0:b86d15c6ba29	3327	#endif
Vanger	0:b86d15c6ba29	3328
Vanger	0:b86d15c6ba29	3329	InitDecodedCert(cert, der, sz, NULL);
Vanger	0:b86d15c6ba29	3330
Vanger	0:b86d15c6ba29	3331	if ((ret = ParseCertRelative(cert, CERT_TYPE, NO_VERIFY, cm)) != 0) {
Vanger	0:b86d15c6ba29	3332	CYASSL_MSG("ParseCert failed");
Vanger	0:b86d15c6ba29	3333	}
Vanger	0:b86d15c6ba29	3334	else if ((ret = CheckCertCRL(cm->crl, cert)) != 0) {
Vanger	0:b86d15c6ba29	3335	CYASSL_MSG("CheckCertCRL failed");
Vanger	0:b86d15c6ba29	3336	}
Vanger	0:b86d15c6ba29	3337
Vanger	0:b86d15c6ba29	3338	FreeDecodedCert(cert);
Vanger	0:b86d15c6ba29	3339	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	3340	XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	3341	#endif
Vanger	0:b86d15c6ba29	3342
Vanger	0:b86d15c6ba29	3343	return ret == 0 ? SSL_SUCCESS : ret;
Vanger	0:b86d15c6ba29	3344	}
Vanger	0:b86d15c6ba29	3345
Vanger	0:b86d15c6ba29	3346
Vanger	0:b86d15c6ba29	3347	int CyaSSL_CertManagerSetCRL_Cb(CYASSL_CERT_MANAGER* cm, CbMissingCRL cb)
Vanger	0:b86d15c6ba29	3348	{
Vanger	0:b86d15c6ba29	3349	CYASSL_ENTER("CyaSSL_CertManagerSetCRL_Cb");
Vanger	0:b86d15c6ba29	3350	if (cm == NULL)
Vanger	0:b86d15c6ba29	3351	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	3352
Vanger	0:b86d15c6ba29	3353	cm->cbMissingCRL = cb;
Vanger	0:b86d15c6ba29	3354
Vanger	0:b86d15c6ba29	3355	return SSL_SUCCESS;
Vanger	0:b86d15c6ba29	3356	}
Vanger	0:b86d15c6ba29	3357
Vanger	0:b86d15c6ba29	3358
Vanger	0:b86d15c6ba29	3359	int CyaSSL_CertManagerLoadCRL(CYASSL_CERT_MANAGER* cm, const char* path,
Vanger	0:b86d15c6ba29	3360	int type, int monitor)
Vanger	0:b86d15c6ba29	3361	{
Vanger	0:b86d15c6ba29	3362	CYASSL_ENTER("CyaSSL_CertManagerLoadCRL");
Vanger	0:b86d15c6ba29	3363	if (cm == NULL)
Vanger	0:b86d15c6ba29	3364	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	3365
Vanger	0:b86d15c6ba29	3366	if (cm->crl == NULL) {
Vanger	0:b86d15c6ba29	3367	if (CyaSSL_CertManagerEnableCRL(cm, 0) != SSL_SUCCESS) {
Vanger	0:b86d15c6ba29	3368	CYASSL_MSG("Enable CRL failed");
Vanger	0:b86d15c6ba29	3369	return SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	3370	}
Vanger	0:b86d15c6ba29	3371	}
Vanger	0:b86d15c6ba29	3372
Vanger	0:b86d15c6ba29	3373	return LoadCRL(cm->crl, path, type, monitor);
Vanger	0:b86d15c6ba29	3374	}
Vanger	0:b86d15c6ba29	3375
Vanger	0:b86d15c6ba29	3376
Vanger	0:b86d15c6ba29	3377	int CyaSSL_EnableCRL(CYASSL* ssl, int options)
Vanger	0:b86d15c6ba29	3378	{
Vanger	0:b86d15c6ba29	3379	CYASSL_ENTER("CyaSSL_EnableCRL");
Vanger	0:b86d15c6ba29	3380	if (ssl)
Vanger	0:b86d15c6ba29	3381	return CyaSSL_CertManagerEnableCRL(ssl->ctx->cm, options);
Vanger	0:b86d15c6ba29	3382	else
Vanger	0:b86d15c6ba29	3383	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	3384	}
Vanger	0:b86d15c6ba29	3385
Vanger	0:b86d15c6ba29	3386
Vanger	0:b86d15c6ba29	3387	int CyaSSL_DisableCRL(CYASSL* ssl)
Vanger	0:b86d15c6ba29	3388	{
Vanger	0:b86d15c6ba29	3389	CYASSL_ENTER("CyaSSL_DisableCRL");
Vanger	0:b86d15c6ba29	3390	if (ssl)
Vanger	0:b86d15c6ba29	3391	return CyaSSL_CertManagerDisableCRL(ssl->ctx->cm);
Vanger	0:b86d15c6ba29	3392	else
Vanger	0:b86d15c6ba29	3393	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	3394	}
Vanger	0:b86d15c6ba29	3395
Vanger	0:b86d15c6ba29	3396
Vanger	0:b86d15c6ba29	3397	int CyaSSL_LoadCRL(CYASSL* ssl, const char* path, int type, int monitor)
Vanger	0:b86d15c6ba29	3398	{
Vanger	0:b86d15c6ba29	3399	CYASSL_ENTER("CyaSSL_LoadCRL");
Vanger	0:b86d15c6ba29	3400	if (ssl)
Vanger	0:b86d15c6ba29	3401	return CyaSSL_CertManagerLoadCRL(ssl->ctx->cm, path, type, monitor);
Vanger	0:b86d15c6ba29	3402	else
Vanger	0:b86d15c6ba29	3403	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	3404	}
Vanger	0:b86d15c6ba29	3405
Vanger	0:b86d15c6ba29	3406
Vanger	0:b86d15c6ba29	3407	int CyaSSL_SetCRL_Cb(CYASSL* ssl, CbMissingCRL cb)
Vanger	0:b86d15c6ba29	3408	{
Vanger	0:b86d15c6ba29	3409	CYASSL_ENTER("CyaSSL_SetCRL_Cb");
Vanger	0:b86d15c6ba29	3410	if (ssl)
Vanger	0:b86d15c6ba29	3411	return CyaSSL_CertManagerSetCRL_Cb(ssl->ctx->cm, cb);
Vanger	0:b86d15c6ba29	3412	else
Vanger	0:b86d15c6ba29	3413	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	3414	}
Vanger	0:b86d15c6ba29	3415
Vanger	0:b86d15c6ba29	3416
Vanger	0:b86d15c6ba29	3417	int CyaSSL_CTX_EnableCRL(CYASSL_CTX* ctx, int options)
Vanger	0:b86d15c6ba29	3418	{
Vanger	0:b86d15c6ba29	3419	CYASSL_ENTER("CyaSSL_CTX_EnableCRL");
Vanger	0:b86d15c6ba29	3420	if (ctx)
Vanger	0:b86d15c6ba29	3421	return CyaSSL_CertManagerEnableCRL(ctx->cm, options);
Vanger	0:b86d15c6ba29	3422	else
Vanger	0:b86d15c6ba29	3423	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	3424	}
Vanger	0:b86d15c6ba29	3425
Vanger	0:b86d15c6ba29	3426
Vanger	0:b86d15c6ba29	3427	int CyaSSL_CTX_DisableCRL(CYASSL_CTX* ctx)
Vanger	0:b86d15c6ba29	3428	{
Vanger	0:b86d15c6ba29	3429	CYASSL_ENTER("CyaSSL_CTX_DisableCRL");
Vanger	0:b86d15c6ba29	3430	if (ctx)
Vanger	0:b86d15c6ba29	3431	return CyaSSL_CertManagerDisableCRL(ctx->cm);
Vanger	0:b86d15c6ba29	3432	else
Vanger	0:b86d15c6ba29	3433	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	3434	}
Vanger	0:b86d15c6ba29	3435
Vanger	0:b86d15c6ba29	3436
Vanger	0:b86d15c6ba29	3437	int CyaSSL_CTX_LoadCRL(CYASSL_CTX* ctx, const char* path, int type, int monitor)
Vanger	0:b86d15c6ba29	3438	{
Vanger	0:b86d15c6ba29	3439	CYASSL_ENTER("CyaSSL_CTX_LoadCRL");
Vanger	0:b86d15c6ba29	3440	if (ctx)
Vanger	0:b86d15c6ba29	3441	return CyaSSL_CertManagerLoadCRL(ctx->cm, path, type, monitor);
Vanger	0:b86d15c6ba29	3442	else
Vanger	0:b86d15c6ba29	3443	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	3444	}
Vanger	0:b86d15c6ba29	3445
Vanger	0:b86d15c6ba29	3446
Vanger	0:b86d15c6ba29	3447	int CyaSSL_CTX_SetCRL_Cb(CYASSL_CTX* ctx, CbMissingCRL cb)
Vanger	0:b86d15c6ba29	3448	{
Vanger	0:b86d15c6ba29	3449	CYASSL_ENTER("CyaSSL_CTX_SetCRL_Cb");
Vanger	0:b86d15c6ba29	3450	if (ctx)
Vanger	0:b86d15c6ba29	3451	return CyaSSL_CertManagerSetCRL_Cb(ctx->cm, cb);
Vanger	0:b86d15c6ba29	3452	else
Vanger	0:b86d15c6ba29	3453	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	3454	}
Vanger	0:b86d15c6ba29	3455
Vanger	0:b86d15c6ba29	3456
Vanger	0:b86d15c6ba29	3457	#endif /* HAVE_CRL */
Vanger	0:b86d15c6ba29	3458
Vanger	0:b86d15c6ba29	3459
Vanger	0:b86d15c6ba29	3460	#ifdef CYASSL_DER_LOAD
Vanger	0:b86d15c6ba29	3461
Vanger	0:b86d15c6ba29	3462	/* Add format parameter to allow DER load of CA files */
Vanger	0:b86d15c6ba29	3463	int CyaSSL_CTX_der_load_verify_locations(CYASSL_CTX* ctx, const char* file,
Vanger	0:b86d15c6ba29	3464	int format)
Vanger	0:b86d15c6ba29	3465	{
Vanger	0:b86d15c6ba29	3466	CYASSL_ENTER("CyaSSL_CTX_der_load_verify_locations");
Vanger	0:b86d15c6ba29	3467	if (ctx == NULL \|\| file == NULL)
Vanger	0:b86d15c6ba29	3468	return SSL_FAILURE;
Vanger	0:b86d15c6ba29	3469
Vanger	0:b86d15c6ba29	3470	if (ProcessFile(ctx, file, format, CA_TYPE, NULL, 0, NULL) == SSL_SUCCESS)
Vanger	0:b86d15c6ba29	3471	return SSL_SUCCESS;
Vanger	0:b86d15c6ba29	3472
Vanger	0:b86d15c6ba29	3473	return SSL_FAILURE;
Vanger	0:b86d15c6ba29	3474	}
Vanger	0:b86d15c6ba29	3475
Vanger	0:b86d15c6ba29	3476	#endif /* CYASSL_DER_LOAD */
Vanger	0:b86d15c6ba29	3477
Vanger	0:b86d15c6ba29	3478
Vanger	0:b86d15c6ba29	3479	#ifdef CYASSL_CERT_GEN
Vanger	0:b86d15c6ba29	3480
Vanger	0:b86d15c6ba29	3481	/* load pem cert from file into der buffer, return der size or error */
Vanger	0:b86d15c6ba29	3482	int CyaSSL_PemCertToDer(const char* fileName, unsigned char* derBuf, int derSz)
Vanger	0:b86d15c6ba29	3483	{
Vanger	0:b86d15c6ba29	3484	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	3485	EncryptedInfo* info = NULL;
Vanger	0:b86d15c6ba29	3486	byte staticBuffer[1]; /* force XMALLOC */
Vanger	0:b86d15c6ba29	3487	#else
Vanger	0:b86d15c6ba29	3488	EncryptedInfo info[1];
Vanger	0:b86d15c6ba29	3489	byte staticBuffer[FILE_BUFFER_SIZE];
Vanger	0:b86d15c6ba29	3490	#endif
Vanger	0:b86d15c6ba29	3491	byte* fileBuf = staticBuffer;
Vanger	0:b86d15c6ba29	3492	int dynamic = 0;
Vanger	0:b86d15c6ba29	3493	int ret = 0;
Vanger	0:b86d15c6ba29	3494	int ecc = 0;
Vanger	0:b86d15c6ba29	3495	long sz = 0;
Vanger	0:b86d15c6ba29	3496	XFILE file = XFOPEN(fileName, "rb");
Vanger	0:b86d15c6ba29	3497	buffer converted;
Vanger	0:b86d15c6ba29	3498
Vanger	0:b86d15c6ba29	3499	CYASSL_ENTER("CyaSSL_PemCertToDer");
Vanger	0:b86d15c6ba29	3500
Vanger	0:b86d15c6ba29	3501	if (file == XBADFILE)
Vanger	0:b86d15c6ba29	3502	ret = SSL_BAD_FILE;
Vanger	0:b86d15c6ba29	3503	else {
Vanger	0:b86d15c6ba29	3504	XFSEEK(file, 0, XSEEK_END);
Vanger	0:b86d15c6ba29	3505	sz = XFTELL(file);
Vanger	0:b86d15c6ba29	3506	XREWIND(file);
Vanger	0:b86d15c6ba29	3507
Vanger	0:b86d15c6ba29	3508	if (sz < 0) {
Vanger	0:b86d15c6ba29	3509	ret = SSL_BAD_FILE;
Vanger	0:b86d15c6ba29	3510	}
Vanger	0:b86d15c6ba29	3511	else if (sz > (long)sizeof(staticBuffer)) {
Vanger	0:b86d15c6ba29	3512	fileBuf = (byte*)XMALLOC(sz, 0, DYNAMIC_TYPE_FILE);
Vanger	0:b86d15c6ba29	3513	if (fileBuf == NULL)
Vanger	0:b86d15c6ba29	3514	ret = MEMORY_E;
Vanger	0:b86d15c6ba29	3515	else
Vanger	0:b86d15c6ba29	3516	dynamic = 1;
Vanger	0:b86d15c6ba29	3517	}
Vanger	0:b86d15c6ba29	3518
Vanger	0:b86d15c6ba29	3519	converted.buffer = 0;
Vanger	0:b86d15c6ba29	3520
Vanger	0:b86d15c6ba29	3521	if (ret == 0) {
Vanger	0:b86d15c6ba29	3522	if ( (ret = (int)XFREAD(fileBuf, sz, 1, file)) < 0)
Vanger	0:b86d15c6ba29	3523	ret = SSL_BAD_FILE;
Vanger	0:b86d15c6ba29	3524	else {
Vanger	0:b86d15c6ba29	3525	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	3526	info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), NULL,
Vanger	0:b86d15c6ba29	3527	DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	3528	if (info == NULL)
Vanger	0:b86d15c6ba29	3529	ret = MEMORY_E;
Vanger	0:b86d15c6ba29	3530	else
Vanger	0:b86d15c6ba29	3531	#endif
Vanger	0:b86d15c6ba29	3532	{
Vanger	0:b86d15c6ba29	3533	ret = PemToDer(fileBuf, sz, CA_TYPE, &converted, 0, info,
Vanger	0:b86d15c6ba29	3534	&ecc);
Vanger	0:b86d15c6ba29	3535	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	3536	XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	3537	#endif
Vanger	0:b86d15c6ba29	3538	}
Vanger	0:b86d15c6ba29	3539	}
Vanger	0:b86d15c6ba29	3540
Vanger	0:b86d15c6ba29	3541	if (ret == 0) {
Vanger	0:b86d15c6ba29	3542	if (converted.length < (word32)derSz) {
Vanger	0:b86d15c6ba29	3543	XMEMCPY(derBuf, converted.buffer, converted.length);
Vanger	0:b86d15c6ba29	3544	ret = converted.length;
Vanger	0:b86d15c6ba29	3545	}
Vanger	0:b86d15c6ba29	3546	else
Vanger	0:b86d15c6ba29	3547	ret = BUFFER_E;
Vanger	0:b86d15c6ba29	3548	}
Vanger	0:b86d15c6ba29	3549
Vanger	0:b86d15c6ba29	3550	XFREE(converted.buffer, 0, DYNAMIC_TYPE_CA);
Vanger	0:b86d15c6ba29	3551	}
Vanger	0:b86d15c6ba29	3552
Vanger	0:b86d15c6ba29	3553	XFCLOSE(file);
Vanger	0:b86d15c6ba29	3554	if (dynamic)
Vanger	0:b86d15c6ba29	3555	XFREE(fileBuf, 0, DYNAMIC_TYPE_FILE);
Vanger	0:b86d15c6ba29	3556	}
Vanger	0:b86d15c6ba29	3557
Vanger	0:b86d15c6ba29	3558	return ret;
Vanger	0:b86d15c6ba29	3559	}
Vanger	0:b86d15c6ba29	3560
Vanger	0:b86d15c6ba29	3561	#endif /* CYASSL_CERT_GEN */
Vanger	0:b86d15c6ba29	3562
Vanger	0:b86d15c6ba29	3563
Vanger	0:b86d15c6ba29	3564	int CyaSSL_CTX_use_certificate_file(CYASSL_CTX* ctx, const char* file,
Vanger	0:b86d15c6ba29	3565	int format)
Vanger	0:b86d15c6ba29	3566	{
Vanger	0:b86d15c6ba29	3567	CYASSL_ENTER("CyaSSL_CTX_use_certificate_file");
Vanger	0:b86d15c6ba29	3568	if (ProcessFile(ctx, file, format, CERT_TYPE, NULL, 0, NULL) == SSL_SUCCESS)
Vanger	0:b86d15c6ba29	3569	return SSL_SUCCESS;
Vanger	0:b86d15c6ba29	3570
Vanger	0:b86d15c6ba29	3571	return SSL_FAILURE;
Vanger	0:b86d15c6ba29	3572	}
Vanger	0:b86d15c6ba29	3573
Vanger	0:b86d15c6ba29	3574
Vanger	0:b86d15c6ba29	3575	int CyaSSL_CTX_use_PrivateKey_file(CYASSL_CTX* ctx, const char* file,int format)
Vanger	0:b86d15c6ba29	3576	{
Vanger	0:b86d15c6ba29	3577	CYASSL_ENTER("CyaSSL_CTX_use_PrivateKey_file");
Vanger	0:b86d15c6ba29	3578	if (ProcessFile(ctx, file, format, PRIVATEKEY_TYPE, NULL, 0, NULL)
Vanger	0:b86d15c6ba29	3579	== SSL_SUCCESS)
Vanger	0:b86d15c6ba29	3580	return SSL_SUCCESS;
Vanger	0:b86d15c6ba29	3581
Vanger	0:b86d15c6ba29	3582	return SSL_FAILURE;
Vanger	0:b86d15c6ba29	3583	}
Vanger	0:b86d15c6ba29	3584
Vanger	0:b86d15c6ba29	3585
Vanger	0:b86d15c6ba29	3586	int CyaSSL_CTX_use_certificate_chain_file(CYASSL_CTX* ctx, const char* file)
Vanger	0:b86d15c6ba29	3587	{
Vanger	0:b86d15c6ba29	3588	/* procces up to MAX_CHAIN_DEPTH plus subject cert */
Vanger	0:b86d15c6ba29	3589	CYASSL_ENTER("CyaSSL_CTX_use_certificate_chain_file");
Vanger	0:b86d15c6ba29	3590	if (ProcessFile(ctx, file, SSL_FILETYPE_PEM,CERT_TYPE,NULL,1, NULL)
Vanger	0:b86d15c6ba29	3591	== SSL_SUCCESS)
Vanger	0:b86d15c6ba29	3592	return SSL_SUCCESS;
Vanger	0:b86d15c6ba29	3593
Vanger	0:b86d15c6ba29	3594	return SSL_FAILURE;
Vanger	0:b86d15c6ba29	3595	}
Vanger	0:b86d15c6ba29	3596
Vanger	0:b86d15c6ba29	3597
Vanger	0:b86d15c6ba29	3598	#ifndef NO_DH
Vanger	0:b86d15c6ba29	3599
Vanger	0:b86d15c6ba29	3600	/* server wrapper for ctx or ssl Diffie-Hellman parameters */
Vanger	0:b86d15c6ba29	3601	static int CyaSSL_SetTmpDH_buffer_wrapper(CYASSL_CTX* ctx, CYASSL* ssl,
Vanger	0:b86d15c6ba29	3602	const unsigned char* buf, long sz, int format)
Vanger	0:b86d15c6ba29	3603	{
Vanger	0:b86d15c6ba29	3604	buffer der;
Vanger	0:b86d15c6ba29	3605	int ret = 0;
Vanger	0:b86d15c6ba29	3606	int weOwnDer = 0;
Vanger	0:b86d15c6ba29	3607	word32 pSz = MAX_DH_SIZE;
Vanger	0:b86d15c6ba29	3608	word32 gSz = MAX_DH_SIZE;
Vanger	0:b86d15c6ba29	3609	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	3610	byte* p = NULL;
Vanger	0:b86d15c6ba29	3611	byte* g = NULL;
Vanger	0:b86d15c6ba29	3612	#else
Vanger	0:b86d15c6ba29	3613	byte p[MAX_DH_SIZE];
Vanger	0:b86d15c6ba29	3614	byte g[MAX_DH_SIZE];
Vanger	0:b86d15c6ba29	3615	#endif
Vanger	0:b86d15c6ba29	3616
Vanger	0:b86d15c6ba29	3617	der.buffer = (byte*)buf;
Vanger	0:b86d15c6ba29	3618	der.length = (word32)sz;
Vanger	0:b86d15c6ba29	3619
Vanger	0:b86d15c6ba29	3620	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	3621	p = (byte*)XMALLOC(pSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	3622	g = (byte*)XMALLOC(gSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	3623
Vanger	0:b86d15c6ba29	3624	if (p == NULL \|\| g == NULL) {
Vanger	0:b86d15c6ba29	3625	XFREE(p, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	3626	XFREE(g, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	3627	return MEMORY_E;
Vanger	0:b86d15c6ba29	3628	}
Vanger	0:b86d15c6ba29	3629	#endif
Vanger	0:b86d15c6ba29	3630
Vanger	0:b86d15c6ba29	3631	if (format != SSL_FILETYPE_ASN1 && format != SSL_FILETYPE_PEM)
Vanger	0:b86d15c6ba29	3632	ret = SSL_BAD_FILETYPE;
Vanger	0:b86d15c6ba29	3633	else {
Vanger	0:b86d15c6ba29	3634	if (format == SSL_FILETYPE_PEM) {
Vanger	0:b86d15c6ba29	3635	der.buffer = NULL;
Vanger	0:b86d15c6ba29	3636	ret = PemToDer(buf, sz, DH_PARAM_TYPE, &der, ctx->heap, NULL,NULL);
Vanger	0:b86d15c6ba29	3637	weOwnDer = 1;
Vanger	0:b86d15c6ba29	3638	}
Vanger	0:b86d15c6ba29	3639
Vanger	0:b86d15c6ba29	3640	if (ret == 0) {
Vanger	0:b86d15c6ba29	3641	if (DhParamsLoad(der.buffer, der.length, p, &pSz, g, &gSz) < 0)
Vanger	0:b86d15c6ba29	3642	ret = SSL_BAD_FILETYPE;
Vanger	0:b86d15c6ba29	3643	else if (ssl)
Vanger	0:b86d15c6ba29	3644	ret = CyaSSL_SetTmpDH(ssl, p, pSz, g, gSz);
Vanger	0:b86d15c6ba29	3645	else
Vanger	0:b86d15c6ba29	3646	ret = CyaSSL_CTX_SetTmpDH(ctx, p, pSz, g, gSz);
Vanger	0:b86d15c6ba29	3647	}
Vanger	0:b86d15c6ba29	3648	}
Vanger	0:b86d15c6ba29	3649
Vanger	0:b86d15c6ba29	3650	if (weOwnDer)
Vanger	0:b86d15c6ba29	3651	XFREE(der.buffer, ctx->heap, DYNAMIC_TYPE_KEY);
Vanger	0:b86d15c6ba29	3652
Vanger	0:b86d15c6ba29	3653	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	3654	XFREE(p, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	3655	XFREE(g, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	3656	#endif
Vanger	0:b86d15c6ba29	3657
Vanger	0:b86d15c6ba29	3658	return ret;
Vanger	0:b86d15c6ba29	3659	}
Vanger	0:b86d15c6ba29	3660
Vanger	0:b86d15c6ba29	3661
Vanger	0:b86d15c6ba29	3662	/* server Diffie-Hellman parameters, SSL_SUCCESS on ok */
Vanger	0:b86d15c6ba29	3663	int CyaSSL_SetTmpDH_buffer(CYASSL* ssl, const unsigned char* buf, long sz,
Vanger	0:b86d15c6ba29	3664	int format)
Vanger	0:b86d15c6ba29	3665	{
Vanger	0:b86d15c6ba29	3666	return CyaSSL_SetTmpDH_buffer_wrapper(ssl->ctx, ssl, buf, sz, format);
Vanger	0:b86d15c6ba29	3667	}
Vanger	0:b86d15c6ba29	3668
Vanger	0:b86d15c6ba29	3669
Vanger	0:b86d15c6ba29	3670	/* server ctx Diffie-Hellman parameters, SSL_SUCCESS on ok */
Vanger	0:b86d15c6ba29	3671	int CyaSSL_CTX_SetTmpDH_buffer(CYASSL_CTX* ctx, const unsigned char* buf,
Vanger	0:b86d15c6ba29	3672	long sz, int format)
Vanger	0:b86d15c6ba29	3673	{
Vanger	0:b86d15c6ba29	3674	return CyaSSL_SetTmpDH_buffer_wrapper(ctx, NULL, buf, sz, format);
Vanger	0:b86d15c6ba29	3675	}
Vanger	0:b86d15c6ba29	3676
Vanger	0:b86d15c6ba29	3677
Vanger	0:b86d15c6ba29	3678	/* server Diffie-Hellman parameters */
Vanger	0:b86d15c6ba29	3679	static int CyaSSL_SetTmpDH_file_wrapper(CYASSL_CTX* ctx, CYASSL* ssl,
Vanger	0:b86d15c6ba29	3680	const char* fname, int format)
Vanger	0:b86d15c6ba29	3681	{
Vanger	0:b86d15c6ba29	3682	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	3683	byte staticBuffer[1]; /* force heap usage */
Vanger	0:b86d15c6ba29	3684	#else
Vanger	0:b86d15c6ba29	3685	byte staticBuffer[FILE_BUFFER_SIZE];
Vanger	0:b86d15c6ba29	3686	#endif
Vanger	0:b86d15c6ba29	3687	byte* myBuffer = staticBuffer;
Vanger	0:b86d15c6ba29	3688	int dynamic = 0;
Vanger	0:b86d15c6ba29	3689	int ret;
Vanger	0:b86d15c6ba29	3690	long sz = 0;
Vanger	0:b86d15c6ba29	3691	XFILE file = XFOPEN(fname, "rb");
Vanger	0:b86d15c6ba29	3692
Vanger	0:b86d15c6ba29	3693	if (file == XBADFILE) return SSL_BAD_FILE;
Vanger	0:b86d15c6ba29	3694	XFSEEK(file, 0, XSEEK_END);
Vanger	0:b86d15c6ba29	3695	sz = XFTELL(file);
Vanger	0:b86d15c6ba29	3696	XREWIND(file);
Vanger	0:b86d15c6ba29	3697
Vanger	0:b86d15c6ba29	3698	if (sz > (long)sizeof(staticBuffer)) {
Vanger	0:b86d15c6ba29	3699	CYASSL_MSG("Getting dynamic buffer");
Vanger	0:b86d15c6ba29	3700	myBuffer = (byte*) XMALLOC(sz, ctx->heap, DYNAMIC_TYPE_FILE);
Vanger	0:b86d15c6ba29	3701	if (myBuffer == NULL) {
Vanger	0:b86d15c6ba29	3702	XFCLOSE(file);
Vanger	0:b86d15c6ba29	3703	return SSL_BAD_FILE;
Vanger	0:b86d15c6ba29	3704	}
Vanger	0:b86d15c6ba29	3705	dynamic = 1;
Vanger	0:b86d15c6ba29	3706	}
Vanger	0:b86d15c6ba29	3707	else if (sz < 0) {
Vanger	0:b86d15c6ba29	3708	XFCLOSE(file);
Vanger	0:b86d15c6ba29	3709	return SSL_BAD_FILE;
Vanger	0:b86d15c6ba29	3710	}
Vanger	0:b86d15c6ba29	3711
Vanger	0:b86d15c6ba29	3712	if ( (ret = (int)XFREAD(myBuffer, sz, 1, file)) < 0)
Vanger	0:b86d15c6ba29	3713	ret = SSL_BAD_FILE;
Vanger	0:b86d15c6ba29	3714	else {
Vanger	0:b86d15c6ba29	3715	if (ssl)
Vanger	0:b86d15c6ba29	3716	ret = CyaSSL_SetTmpDH_buffer(ssl, myBuffer, sz, format);
Vanger	0:b86d15c6ba29	3717	else
Vanger	0:b86d15c6ba29	3718	ret = CyaSSL_CTX_SetTmpDH_buffer(ctx, myBuffer, sz, format);
Vanger	0:b86d15c6ba29	3719	}
Vanger	0:b86d15c6ba29	3720
Vanger	0:b86d15c6ba29	3721	XFCLOSE(file);
Vanger	0:b86d15c6ba29	3722	if (dynamic)
Vanger	0:b86d15c6ba29	3723	XFREE(myBuffer, ctx->heap, DYNAMIC_TYPE_FILE);
Vanger	0:b86d15c6ba29	3724
Vanger	0:b86d15c6ba29	3725	return ret;
Vanger	0:b86d15c6ba29	3726	}
Vanger	0:b86d15c6ba29	3727
Vanger	0:b86d15c6ba29	3728	/* server Diffie-Hellman parameters */
Vanger	0:b86d15c6ba29	3729	int CyaSSL_SetTmpDH_file(CYASSL* ssl, const char* fname, int format)
Vanger	0:b86d15c6ba29	3730	{
Vanger	0:b86d15c6ba29	3731	return CyaSSL_SetTmpDH_file_wrapper(ssl->ctx, ssl, fname, format);
Vanger	0:b86d15c6ba29	3732	}
Vanger	0:b86d15c6ba29	3733
Vanger	0:b86d15c6ba29	3734
Vanger	0:b86d15c6ba29	3735	/* server Diffie-Hellman parameters */
Vanger	0:b86d15c6ba29	3736	int CyaSSL_CTX_SetTmpDH_file(CYASSL_CTX* ctx, const char* fname, int format)
Vanger	0:b86d15c6ba29	3737	{
Vanger	0:b86d15c6ba29	3738	return CyaSSL_SetTmpDH_file_wrapper(ctx, NULL, fname, format);
Vanger	0:b86d15c6ba29	3739	}
Vanger	0:b86d15c6ba29	3740
Vanger	0:b86d15c6ba29	3741
Vanger	0:b86d15c6ba29	3742	/* server ctx Diffie-Hellman parameters, SSL_SUCCESS on ok */
Vanger	0:b86d15c6ba29	3743	int CyaSSL_CTX_SetTmpDH(CYASSL_CTX* ctx, const unsigned char* p, int pSz,
Vanger	0:b86d15c6ba29	3744	const unsigned char* g, int gSz)
Vanger	0:b86d15c6ba29	3745	{
Vanger	0:b86d15c6ba29	3746	CYASSL_ENTER("CyaSSL_CTX_SetTmpDH");
Vanger	0:b86d15c6ba29	3747	if (ctx == NULL \|\| p == NULL \|\| g == NULL) return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	3748
Vanger	0:b86d15c6ba29	3749	XFREE(ctx->serverDH_P.buffer, ctx->heap, DYNAMIC_TYPE_DH);
Vanger	0:b86d15c6ba29	3750	XFREE(ctx->serverDH_G.buffer, ctx->heap, DYNAMIC_TYPE_DH);
Vanger	0:b86d15c6ba29	3751
Vanger	0:b86d15c6ba29	3752	ctx->serverDH_P.buffer = (byte*)XMALLOC(pSz, ctx->heap,DYNAMIC_TYPE_DH);
Vanger	0:b86d15c6ba29	3753	if (ctx->serverDH_P.buffer == NULL)
Vanger	0:b86d15c6ba29	3754	return MEMORY_E;
Vanger	0:b86d15c6ba29	3755
Vanger	0:b86d15c6ba29	3756	ctx->serverDH_G.buffer = (byte*)XMALLOC(gSz, ctx->heap,DYNAMIC_TYPE_DH);
Vanger	0:b86d15c6ba29	3757	if (ctx->serverDH_G.buffer == NULL) {
Vanger	0:b86d15c6ba29	3758	XFREE(ctx->serverDH_P.buffer, ctx->heap, DYNAMIC_TYPE_DH);
Vanger	0:b86d15c6ba29	3759	return MEMORY_E;
Vanger	0:b86d15c6ba29	3760	}
Vanger	0:b86d15c6ba29	3761
Vanger	0:b86d15c6ba29	3762	ctx->serverDH_P.length = pSz;
Vanger	0:b86d15c6ba29	3763	ctx->serverDH_G.length = gSz;
Vanger	0:b86d15c6ba29	3764
Vanger	0:b86d15c6ba29	3765	XMEMCPY(ctx->serverDH_P.buffer, p, pSz);
Vanger	0:b86d15c6ba29	3766	XMEMCPY(ctx->serverDH_G.buffer, g, gSz);
Vanger	0:b86d15c6ba29	3767
Vanger	0:b86d15c6ba29	3768	ctx->haveDH = 1;
Vanger	0:b86d15c6ba29	3769
Vanger	0:b86d15c6ba29	3770	CYASSL_LEAVE("CyaSSL_CTX_SetTmpDH", 0);
Vanger	0:b86d15c6ba29	3771	return SSL_SUCCESS;
Vanger	0:b86d15c6ba29	3772	}
Vanger	0:b86d15c6ba29	3773	#endif /* NO_DH */
Vanger	0:b86d15c6ba29	3774
Vanger	0:b86d15c6ba29	3775
Vanger	0:b86d15c6ba29	3776	#ifdef OPENSSL_EXTRA
Vanger	0:b86d15c6ba29	3777	/* put SSL type in extra for now, not very common */
Vanger	0:b86d15c6ba29	3778
Vanger	0:b86d15c6ba29	3779	int CyaSSL_use_certificate_file(CYASSL* ssl, const char* file, int format)
Vanger	0:b86d15c6ba29	3780	{
Vanger	0:b86d15c6ba29	3781	CYASSL_ENTER("CyaSSL_use_certificate_file");
Vanger	0:b86d15c6ba29	3782	if (ProcessFile(ssl->ctx, file, format, CERT_TYPE, ssl, 0, NULL)
Vanger	0:b86d15c6ba29	3783	== SSL_SUCCESS)
Vanger	0:b86d15c6ba29	3784	return SSL_SUCCESS;
Vanger	0:b86d15c6ba29	3785
Vanger	0:b86d15c6ba29	3786	return SSL_FAILURE;
Vanger	0:b86d15c6ba29	3787	}
Vanger	0:b86d15c6ba29	3788
Vanger	0:b86d15c6ba29	3789
Vanger	0:b86d15c6ba29	3790	int CyaSSL_use_PrivateKey_file(CYASSL* ssl, const char* file, int format)
Vanger	0:b86d15c6ba29	3791	{
Vanger	0:b86d15c6ba29	3792	CYASSL_ENTER("CyaSSL_use_PrivateKey_file");
Vanger	0:b86d15c6ba29	3793	if (ProcessFile(ssl->ctx, file, format, PRIVATEKEY_TYPE, ssl, 0, NULL)
Vanger	0:b86d15c6ba29	3794	== SSL_SUCCESS)
Vanger	0:b86d15c6ba29	3795	return SSL_SUCCESS;
Vanger	0:b86d15c6ba29	3796
Vanger	0:b86d15c6ba29	3797	return SSL_FAILURE;
Vanger	0:b86d15c6ba29	3798	}
Vanger	0:b86d15c6ba29	3799
Vanger	0:b86d15c6ba29	3800
Vanger	0:b86d15c6ba29	3801	int CyaSSL_use_certificate_chain_file(CYASSL* ssl, const char* file)
Vanger	0:b86d15c6ba29	3802	{
Vanger	0:b86d15c6ba29	3803	/* procces up to MAX_CHAIN_DEPTH plus subject cert */
Vanger	0:b86d15c6ba29	3804	CYASSL_ENTER("CyaSSL_use_certificate_chain_file");
Vanger	0:b86d15c6ba29	3805	if (ProcessFile(ssl->ctx, file, SSL_FILETYPE_PEM, CERT_TYPE, ssl, 1, NULL)
Vanger	0:b86d15c6ba29	3806	== SSL_SUCCESS)
Vanger	0:b86d15c6ba29	3807	return SSL_SUCCESS;
Vanger	0:b86d15c6ba29	3808
Vanger	0:b86d15c6ba29	3809	return SSL_FAILURE;
Vanger	0:b86d15c6ba29	3810	}
Vanger	0:b86d15c6ba29	3811
Vanger	0:b86d15c6ba29	3812
Vanger	0:b86d15c6ba29	3813
Vanger	0:b86d15c6ba29	3814	#ifdef HAVE_ECC
Vanger	0:b86d15c6ba29	3815
Vanger	0:b86d15c6ba29	3816	/* Set Temp CTX EC-DHE size in octets, should be 20 - 66 for 160 - 521 bit */
Vanger	0:b86d15c6ba29	3817	int CyaSSL_CTX_SetTmpEC_DHE_Sz(CYASSL_CTX* ctx, word16 sz)
Vanger	0:b86d15c6ba29	3818	{
Vanger	0:b86d15c6ba29	3819	if (ctx == NULL \|\| sz < ECC_MINSIZE \|\| sz > ECC_MAXSIZE)
Vanger	0:b86d15c6ba29	3820	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	3821
Vanger	0:b86d15c6ba29	3822	ctx->eccTempKeySz = sz;
Vanger	0:b86d15c6ba29	3823
Vanger	0:b86d15c6ba29	3824	return SSL_SUCCESS;
Vanger	0:b86d15c6ba29	3825	}
Vanger	0:b86d15c6ba29	3826
Vanger	0:b86d15c6ba29	3827
Vanger	0:b86d15c6ba29	3828	/* Set Temp SSL EC-DHE size in octets, should be 20 - 66 for 160 - 521 bit */
Vanger	0:b86d15c6ba29	3829	int CyaSSL_SetTmpEC_DHE_Sz(CYASSL* ssl, word16 sz)
Vanger	0:b86d15c6ba29	3830	{
Vanger	0:b86d15c6ba29	3831	if (ssl == NULL \|\| sz < ECC_MINSIZE \|\| sz > ECC_MAXSIZE)
Vanger	0:b86d15c6ba29	3832	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	3833
Vanger	0:b86d15c6ba29	3834	ssl->eccTempKeySz = sz;
Vanger	0:b86d15c6ba29	3835
Vanger	0:b86d15c6ba29	3836	return SSL_SUCCESS;
Vanger	0:b86d15c6ba29	3837	}
Vanger	0:b86d15c6ba29	3838
Vanger	0:b86d15c6ba29	3839	#endif /* HAVE_ECC */
Vanger	0:b86d15c6ba29	3840
Vanger	0:b86d15c6ba29	3841
Vanger	0:b86d15c6ba29	3842
Vanger	0:b86d15c6ba29	3843
Vanger	0:b86d15c6ba29	3844	int CyaSSL_CTX_use_RSAPrivateKey_file(CYASSL_CTX* ctx,const char* file,
Vanger	0:b86d15c6ba29	3845	int format)
Vanger	0:b86d15c6ba29	3846	{
Vanger	0:b86d15c6ba29	3847	CYASSL_ENTER("SSL_CTX_use_RSAPrivateKey_file");
Vanger	0:b86d15c6ba29	3848
Vanger	0:b86d15c6ba29	3849	return CyaSSL_CTX_use_PrivateKey_file(ctx, file, format);
Vanger	0:b86d15c6ba29	3850	}
Vanger	0:b86d15c6ba29	3851
Vanger	0:b86d15c6ba29	3852
Vanger	0:b86d15c6ba29	3853	int CyaSSL_use_RSAPrivateKey_file(CYASSL* ssl, const char* file, int format)
Vanger	0:b86d15c6ba29	3854	{
Vanger	0:b86d15c6ba29	3855	CYASSL_ENTER("CyaSSL_use_RSAPrivateKey_file");
Vanger	0:b86d15c6ba29	3856
Vanger	0:b86d15c6ba29	3857	return CyaSSL_use_PrivateKey_file(ssl, file, format);
Vanger	0:b86d15c6ba29	3858	}
Vanger	0:b86d15c6ba29	3859
Vanger	0:b86d15c6ba29	3860	#endif /* OPENSSL_EXTRA */
Vanger	0:b86d15c6ba29	3861
Vanger	0:b86d15c6ba29	3862	#ifdef HAVE_NTRU
Vanger	0:b86d15c6ba29	3863
Vanger	0:b86d15c6ba29	3864	int CyaSSL_CTX_use_NTRUPrivateKey_file(CYASSL_CTX* ctx, const char* file)
Vanger	0:b86d15c6ba29	3865	{
Vanger	0:b86d15c6ba29	3866	CYASSL_ENTER("CyaSSL_CTX_use_NTRUPrivateKey_file");
Vanger	0:b86d15c6ba29	3867	if (ctx == NULL)
Vanger	0:b86d15c6ba29	3868	return SSL_FAILURE;
Vanger	0:b86d15c6ba29	3869
Vanger	0:b86d15c6ba29	3870	if (ProcessFile(ctx, file, SSL_FILETYPE_RAW, PRIVATEKEY_TYPE, NULL, 0, NULL)
Vanger	0:b86d15c6ba29	3871	== SSL_SUCCESS) {
Vanger	0:b86d15c6ba29	3872	ctx->haveNTRU = 1;
Vanger	0:b86d15c6ba29	3873	return SSL_SUCCESS;
Vanger	0:b86d15c6ba29	3874	}
Vanger	0:b86d15c6ba29	3875
Vanger	0:b86d15c6ba29	3876	return SSL_FAILURE;
Vanger	0:b86d15c6ba29	3877	}
Vanger	0:b86d15c6ba29	3878
Vanger	0:b86d15c6ba29	3879	#endif /* HAVE_NTRU */
Vanger	0:b86d15c6ba29	3880
Vanger	0:b86d15c6ba29	3881
Vanger	0:b86d15c6ba29	3882	#endif /* NO_FILESYSTEM */
Vanger	0:b86d15c6ba29	3883
Vanger	0:b86d15c6ba29	3884
Vanger	0:b86d15c6ba29	3885	void CyaSSL_CTX_set_verify(CYASSL_CTX* ctx, int mode, VerifyCallback vc)
Vanger	0:b86d15c6ba29	3886	{
Vanger	0:b86d15c6ba29	3887	CYASSL_ENTER("CyaSSL_CTX_set_verify");
Vanger	0:b86d15c6ba29	3888	if (mode & SSL_VERIFY_PEER) {
Vanger	0:b86d15c6ba29	3889	ctx->verifyPeer = 1;
Vanger	0:b86d15c6ba29	3890	ctx->verifyNone = 0; /* in case perviously set */
Vanger	0:b86d15c6ba29	3891	}
Vanger	0:b86d15c6ba29	3892
Vanger	0:b86d15c6ba29	3893	if (mode == SSL_VERIFY_NONE) {
Vanger	0:b86d15c6ba29	3894	ctx->verifyNone = 1;
Vanger	0:b86d15c6ba29	3895	ctx->verifyPeer = 0; /* in case previously set */
Vanger	0:b86d15c6ba29	3896	}
Vanger	0:b86d15c6ba29	3897
Vanger	0:b86d15c6ba29	3898	if (mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)
Vanger	0:b86d15c6ba29	3899	ctx->failNoCert = 1;
Vanger	0:b86d15c6ba29	3900
Vanger	0:b86d15c6ba29	3901	ctx->verifyCallback = vc;
Vanger	0:b86d15c6ba29	3902	}
Vanger	0:b86d15c6ba29	3903
Vanger	0:b86d15c6ba29	3904
Vanger	0:b86d15c6ba29	3905	void CyaSSL_set_verify(CYASSL* ssl, int mode, VerifyCallback vc)
Vanger	0:b86d15c6ba29	3906	{
Vanger	0:b86d15c6ba29	3907	CYASSL_ENTER("CyaSSL_set_verify");
Vanger	0:b86d15c6ba29	3908	if (mode & SSL_VERIFY_PEER) {
Vanger	0:b86d15c6ba29	3909	ssl->options.verifyPeer = 1;
Vanger	0:b86d15c6ba29	3910	ssl->options.verifyNone = 0; /* in case perviously set */
Vanger	0:b86d15c6ba29	3911	}
Vanger	0:b86d15c6ba29	3912
Vanger	0:b86d15c6ba29	3913	if (mode == SSL_VERIFY_NONE) {
Vanger	0:b86d15c6ba29	3914	ssl->options.verifyNone = 1;
Vanger	0:b86d15c6ba29	3915	ssl->options.verifyPeer = 0; /* in case previously set */
Vanger	0:b86d15c6ba29	3916	}
Vanger	0:b86d15c6ba29	3917
Vanger	0:b86d15c6ba29	3918	if (mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)
Vanger	0:b86d15c6ba29	3919	ssl->options.failNoCert = 1;
Vanger	0:b86d15c6ba29	3920
Vanger	0:b86d15c6ba29	3921	ssl->verifyCallback = vc;
Vanger	0:b86d15c6ba29	3922	}
Vanger	0:b86d15c6ba29	3923
Vanger	0:b86d15c6ba29	3924
Vanger	0:b86d15c6ba29	3925	/* store user ctx for verify callback */
Vanger	0:b86d15c6ba29	3926	void CyaSSL_SetCertCbCtx(CYASSL* ssl, void* ctx)
Vanger	0:b86d15c6ba29	3927	{
Vanger	0:b86d15c6ba29	3928	CYASSL_ENTER("CyaSSL_SetCertCbCtx");
Vanger	0:b86d15c6ba29	3929	if (ssl)
Vanger	0:b86d15c6ba29	3930	ssl->verifyCbCtx = ctx;
Vanger	0:b86d15c6ba29	3931	}
Vanger	0:b86d15c6ba29	3932
Vanger	0:b86d15c6ba29	3933
Vanger	0:b86d15c6ba29	3934	/* store context CA Cache addition callback */
Vanger	0:b86d15c6ba29	3935	void CyaSSL_CTX_SetCACb(CYASSL_CTX* ctx, CallbackCACache cb)
Vanger	0:b86d15c6ba29	3936	{
Vanger	0:b86d15c6ba29	3937	if (ctx && ctx->cm)
Vanger	0:b86d15c6ba29	3938	ctx->cm->caCacheCallback = cb;
Vanger	0:b86d15c6ba29	3939	}
Vanger	0:b86d15c6ba29	3940
Vanger	0:b86d15c6ba29	3941
Vanger	0:b86d15c6ba29	3942	#if defined(PERSIST_CERT_CACHE)
Vanger	0:b86d15c6ba29	3943
Vanger	0:b86d15c6ba29	3944	#if !defined(NO_FILESYSTEM)
Vanger	0:b86d15c6ba29	3945
Vanger	0:b86d15c6ba29	3946	/* Persist cert cache to file */
Vanger	0:b86d15c6ba29	3947	int CyaSSL_CTX_save_cert_cache(CYASSL_CTX* ctx, const char* fname)
Vanger	0:b86d15c6ba29	3948	{
Vanger	0:b86d15c6ba29	3949	CYASSL_ENTER("CyaSSL_CTX_save_cert_cache");
Vanger	0:b86d15c6ba29	3950
Vanger	0:b86d15c6ba29	3951	if (ctx == NULL \|\| fname == NULL)
Vanger	0:b86d15c6ba29	3952	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	3953
Vanger	0:b86d15c6ba29	3954	return CM_SaveCertCache(ctx->cm, fname);
Vanger	0:b86d15c6ba29	3955	}
Vanger	0:b86d15c6ba29	3956
Vanger	0:b86d15c6ba29	3957
Vanger	0:b86d15c6ba29	3958	/* Persist cert cache from file */
Vanger	0:b86d15c6ba29	3959	int CyaSSL_CTX_restore_cert_cache(CYASSL_CTX* ctx, const char* fname)
Vanger	0:b86d15c6ba29	3960	{
Vanger	0:b86d15c6ba29	3961	CYASSL_ENTER("CyaSSL_CTX_restore_cert_cache");
Vanger	0:b86d15c6ba29	3962
Vanger	0:b86d15c6ba29	3963	if (ctx == NULL \|\| fname == NULL)
Vanger	0:b86d15c6ba29	3964	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	3965
Vanger	0:b86d15c6ba29	3966	return CM_RestoreCertCache(ctx->cm, fname);
Vanger	0:b86d15c6ba29	3967	}
Vanger	0:b86d15c6ba29	3968
Vanger	0:b86d15c6ba29	3969	#endif /* NO_FILESYSTEM */
Vanger	0:b86d15c6ba29	3970
Vanger	0:b86d15c6ba29	3971	/* Persist cert cache to memory */
Vanger	0:b86d15c6ba29	3972	int CyaSSL_CTX_memsave_cert_cache(CYASSL_CTX* ctx, void* mem, int sz, int* used)
Vanger	0:b86d15c6ba29	3973	{
Vanger	0:b86d15c6ba29	3974	CYASSL_ENTER("CyaSSL_CTX_memsave_cert_cache");
Vanger	0:b86d15c6ba29	3975
Vanger	0:b86d15c6ba29	3976	if (ctx == NULL \|\| mem == NULL \|\| used == NULL \|\| sz <= 0)
Vanger	0:b86d15c6ba29	3977	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	3978
Vanger	0:b86d15c6ba29	3979	return CM_MemSaveCertCache(ctx->cm, mem, sz, used);
Vanger	0:b86d15c6ba29	3980	}
Vanger	0:b86d15c6ba29	3981
Vanger	0:b86d15c6ba29	3982
Vanger	0:b86d15c6ba29	3983	/* Restore cert cache from memory */
Vanger	0:b86d15c6ba29	3984	int CyaSSL_CTX_memrestore_cert_cache(CYASSL_CTX* ctx, const void* mem, int sz)
Vanger	0:b86d15c6ba29	3985	{
Vanger	0:b86d15c6ba29	3986	CYASSL_ENTER("CyaSSL_CTX_memrestore_cert_cache");
Vanger	0:b86d15c6ba29	3987
Vanger	0:b86d15c6ba29	3988	if (ctx == NULL \|\| mem == NULL \|\| sz <= 0)
Vanger	0:b86d15c6ba29	3989	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	3990
Vanger	0:b86d15c6ba29	3991	return CM_MemRestoreCertCache(ctx->cm, mem, sz);
Vanger	0:b86d15c6ba29	3992	}
Vanger	0:b86d15c6ba29	3993
Vanger	0:b86d15c6ba29	3994
Vanger	0:b86d15c6ba29	3995	/* get how big the the cert cache save buffer needs to be */
Vanger	0:b86d15c6ba29	3996	int CyaSSL_CTX_get_cert_cache_memsize(CYASSL_CTX* ctx)
Vanger	0:b86d15c6ba29	3997	{
Vanger	0:b86d15c6ba29	3998	CYASSL_ENTER("CyaSSL_CTX_get_cert_cache_memsize");
Vanger	0:b86d15c6ba29	3999
Vanger	0:b86d15c6ba29	4000	if (ctx == NULL)
Vanger	0:b86d15c6ba29	4001	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	4002
Vanger	0:b86d15c6ba29	4003	return CM_GetCertCacheMemSize(ctx->cm);
Vanger	0:b86d15c6ba29	4004	}
Vanger	0:b86d15c6ba29	4005
Vanger	0:b86d15c6ba29	4006	#endif /* PERSISTE_CERT_CACHE */
Vanger	0:b86d15c6ba29	4007	#endif /* !NO_CERTS */
Vanger	0:b86d15c6ba29	4008
Vanger	0:b86d15c6ba29	4009
Vanger	0:b86d15c6ba29	4010	#ifndef NO_SESSION_CACHE
Vanger	0:b86d15c6ba29	4011
Vanger	0:b86d15c6ba29	4012	CYASSL_SESSION* CyaSSL_get_session(CYASSL* ssl)
Vanger	0:b86d15c6ba29	4013	{
Vanger	0:b86d15c6ba29	4014	CYASSL_ENTER("SSL_get_session");
Vanger	0:b86d15c6ba29	4015	if (ssl)
Vanger	0:b86d15c6ba29	4016	return GetSession(ssl, 0);
Vanger	0:b86d15c6ba29	4017
Vanger	0:b86d15c6ba29	4018	return NULL;
Vanger	0:b86d15c6ba29	4019	}
Vanger	0:b86d15c6ba29	4020
Vanger	0:b86d15c6ba29	4021
Vanger	0:b86d15c6ba29	4022	int CyaSSL_set_session(CYASSL* ssl, CYASSL_SESSION* session)
Vanger	0:b86d15c6ba29	4023	{
Vanger	0:b86d15c6ba29	4024	CYASSL_ENTER("SSL_set_session");
Vanger	0:b86d15c6ba29	4025	if (session)
Vanger	0:b86d15c6ba29	4026	return SetSession(ssl, session);
Vanger	0:b86d15c6ba29	4027
Vanger	0:b86d15c6ba29	4028	return SSL_FAILURE;
Vanger	0:b86d15c6ba29	4029	}
Vanger	0:b86d15c6ba29	4030
Vanger	0:b86d15c6ba29	4031
Vanger	0:b86d15c6ba29	4032	#ifndef NO_CLIENT_CACHE
Vanger	0:b86d15c6ba29	4033
Vanger	0:b86d15c6ba29	4034	/* Associate client session with serverID, find existing or store for saving
Vanger	0:b86d15c6ba29	4035	if newSession flag on, don't reuse existing session
Vanger	0:b86d15c6ba29	4036	SSL_SUCCESS on ok */
Vanger	0:b86d15c6ba29	4037	int CyaSSL_SetServerID(CYASSL* ssl, const byte* id, int len, int newSession)
Vanger	0:b86d15c6ba29	4038	{
Vanger	0:b86d15c6ba29	4039	CYASSL_SESSION* session = NULL;
Vanger	0:b86d15c6ba29	4040
Vanger	0:b86d15c6ba29	4041	CYASSL_ENTER("CyaSSL_SetServerID");
Vanger	0:b86d15c6ba29	4042
Vanger	0:b86d15c6ba29	4043	if (ssl == NULL \|\| id == NULL \|\| len <= 0)
Vanger	0:b86d15c6ba29	4044	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	4045
Vanger	0:b86d15c6ba29	4046	if (newSession == 0) {
Vanger	0:b86d15c6ba29	4047	session = GetSessionClient(ssl, id, len);
Vanger	0:b86d15c6ba29	4048	if (session) {
Vanger	0:b86d15c6ba29	4049	if (SetSession(ssl, session) != SSL_SUCCESS) {
Vanger	0:b86d15c6ba29	4050	CYASSL_MSG("SetSession failed");
Vanger	0:b86d15c6ba29	4051	session = NULL;
Vanger	0:b86d15c6ba29	4052	}
Vanger	0:b86d15c6ba29	4053	}
Vanger	0:b86d15c6ba29	4054	}
Vanger	0:b86d15c6ba29	4055
Vanger	0:b86d15c6ba29	4056	if (session == NULL) {
Vanger	0:b86d15c6ba29	4057	CYASSL_MSG("Valid ServerID not cached already");
Vanger	0:b86d15c6ba29	4058
Vanger	0:b86d15c6ba29	4059	ssl->session.idLen = (word16)min(SERVER_ID_LEN, (word32)len);
Vanger	0:b86d15c6ba29	4060	XMEMCPY(ssl->session.serverID, id, ssl->session.idLen);
Vanger	0:b86d15c6ba29	4061	}
Vanger	0:b86d15c6ba29	4062
Vanger	0:b86d15c6ba29	4063	return SSL_SUCCESS;
Vanger	0:b86d15c6ba29	4064	}
Vanger	0:b86d15c6ba29	4065
Vanger	0:b86d15c6ba29	4066	#endif /* NO_CLIENT_CACHE */
Vanger	0:b86d15c6ba29	4067
Vanger	0:b86d15c6ba29	4068	#if defined(PERSIST_SESSION_CACHE)
Vanger	0:b86d15c6ba29	4069
Vanger	0:b86d15c6ba29	4070	/* for persistance, if changes to layout need to increment and modify
Vanger	0:b86d15c6ba29	4071	save_session_cache() and restore_session_cache and memory versions too */
Vanger	0:b86d15c6ba29	4072	#define CYASSL_CACHE_VERSION 2
Vanger	0:b86d15c6ba29	4073
Vanger	0:b86d15c6ba29	4074	/* Session Cache Header information */
Vanger	0:b86d15c6ba29	4075	typedef struct {
Vanger	0:b86d15c6ba29	4076	int version; /* cache layout version id */
Vanger	0:b86d15c6ba29	4077	int rows; /* session rows */
Vanger	0:b86d15c6ba29	4078	int columns; /* session columns */
Vanger	0:b86d15c6ba29	4079	int sessionSz; /* sizeof CYASSL_SESSION */
Vanger	0:b86d15c6ba29	4080	} cache_header_t;
Vanger	0:b86d15c6ba29	4081
Vanger	0:b86d15c6ba29	4082	/* current persistence layout is:
Vanger	0:b86d15c6ba29	4083
Vanger	0:b86d15c6ba29	4084	1) cache_header_t
Vanger	0:b86d15c6ba29	4085	2) SessionCache
Vanger	0:b86d15c6ba29	4086	3) ClientCache
Vanger	0:b86d15c6ba29	4087
Vanger	0:b86d15c6ba29	4088	update CYASSL_CACHE_VERSION if change layout for the following
Vanger	0:b86d15c6ba29	4089	PERSISTENT_SESSION_CACHE functions
Vanger	0:b86d15c6ba29	4090	*/
Vanger	0:b86d15c6ba29	4091
Vanger	0:b86d15c6ba29	4092
Vanger	0:b86d15c6ba29	4093	/* get how big the the session cache save buffer needs to be */
Vanger	0:b86d15c6ba29	4094	int CyaSSL_get_session_cache_memsize(void)
Vanger	0:b86d15c6ba29	4095	{
Vanger	0:b86d15c6ba29	4096	int sz = (int)(sizeof(SessionCache) + sizeof(cache_header_t));
Vanger	0:b86d15c6ba29	4097
Vanger	0:b86d15c6ba29	4098	#ifndef NO_CLIENT_CACHE
Vanger	0:b86d15c6ba29	4099	sz += (int)(sizeof(ClientCache));
Vanger	0:b86d15c6ba29	4100	#endif
Vanger	0:b86d15c6ba29	4101
Vanger	0:b86d15c6ba29	4102	return sz;
Vanger	0:b86d15c6ba29	4103	}
Vanger	0:b86d15c6ba29	4104
Vanger	0:b86d15c6ba29	4105
Vanger	0:b86d15c6ba29	4106	/* Persist session cache to memory */
Vanger	0:b86d15c6ba29	4107	int CyaSSL_memsave_session_cache(void* mem, int sz)
Vanger	0:b86d15c6ba29	4108	{
Vanger	0:b86d15c6ba29	4109	int i;
Vanger	0:b86d15c6ba29	4110	cache_header_t cache_header;
Vanger	0:b86d15c6ba29	4111	SessionRow* row = (SessionRow)((byte)mem + sizeof(cache_header));
Vanger	0:b86d15c6ba29	4112	#ifndef NO_CLIENT_CACHE
Vanger	0:b86d15c6ba29	4113	ClientRow* clRow;
Vanger	0:b86d15c6ba29	4114	#endif
Vanger	0:b86d15c6ba29	4115
Vanger	0:b86d15c6ba29	4116	CYASSL_ENTER("CyaSSL_memsave_session_cache");
Vanger	0:b86d15c6ba29	4117
Vanger	0:b86d15c6ba29	4118	if (sz < CyaSSL_get_session_cache_memsize()) {
Vanger	0:b86d15c6ba29	4119	CYASSL_MSG("Memory buffer too small");
Vanger	0:b86d15c6ba29	4120	return BUFFER_E;
Vanger	0:b86d15c6ba29	4121	}
Vanger	0:b86d15c6ba29	4122
Vanger	0:b86d15c6ba29	4123	cache_header.version = CYASSL_CACHE_VERSION;
Vanger	0:b86d15c6ba29	4124	cache_header.rows = SESSION_ROWS;
Vanger	0:b86d15c6ba29	4125	cache_header.columns = SESSIONS_PER_ROW;
Vanger	0:b86d15c6ba29	4126	cache_header.sessionSz = (int)sizeof(CYASSL_SESSION);
Vanger	0:b86d15c6ba29	4127	XMEMCPY(mem, &cache_header, sizeof(cache_header));
Vanger	0:b86d15c6ba29	4128
Vanger	0:b86d15c6ba29	4129	if (LockMutex(&session_mutex) != 0) {
Vanger	0:b86d15c6ba29	4130	CYASSL_MSG("Session cache mutex lock failed");
Vanger	0:b86d15c6ba29	4131	return BAD_MUTEX_E;
Vanger	0:b86d15c6ba29	4132	}
Vanger	0:b86d15c6ba29	4133
Vanger	0:b86d15c6ba29	4134	for (i = 0; i < cache_header.rows; ++i)
Vanger	0:b86d15c6ba29	4135	XMEMCPY(row++, SessionCache + i, sizeof(SessionRow));
Vanger	0:b86d15c6ba29	4136
Vanger	0:b86d15c6ba29	4137	#ifndef NO_CLIENT_CACHE
Vanger	0:b86d15c6ba29	4138	clRow = (ClientRow*)row;
Vanger	0:b86d15c6ba29	4139	for (i = 0; i < cache_header.rows; ++i)
Vanger	0:b86d15c6ba29	4140	XMEMCPY(clRow++, ClientCache + i, sizeof(ClientRow));
Vanger	0:b86d15c6ba29	4141	#endif
Vanger	0:b86d15c6ba29	4142
Vanger	0:b86d15c6ba29	4143	UnLockMutex(&session_mutex);
Vanger	0:b86d15c6ba29	4144
Vanger	0:b86d15c6ba29	4145	CYASSL_LEAVE("CyaSSL_memsave_session_cache", SSL_SUCCESS);
Vanger	0:b86d15c6ba29	4146
Vanger	0:b86d15c6ba29	4147	return SSL_SUCCESS;
Vanger	0:b86d15c6ba29	4148	}
Vanger	0:b86d15c6ba29	4149
Vanger	0:b86d15c6ba29	4150
Vanger	0:b86d15c6ba29	4151	/* Restore the persistant session cache from memory */
Vanger	0:b86d15c6ba29	4152	int CyaSSL_memrestore_session_cache(const void* mem, int sz)
Vanger	0:b86d15c6ba29	4153	{
Vanger	0:b86d15c6ba29	4154	int i;
Vanger	0:b86d15c6ba29	4155	cache_header_t cache_header;
Vanger	0:b86d15c6ba29	4156	SessionRow* row = (SessionRow)((byte)mem + sizeof(cache_header));
Vanger	0:b86d15c6ba29	4157	#ifndef NO_CLIENT_CACHE
Vanger	0:b86d15c6ba29	4158	ClientRow* clRow;
Vanger	0:b86d15c6ba29	4159	#endif
Vanger	0:b86d15c6ba29	4160
Vanger	0:b86d15c6ba29	4161	CYASSL_ENTER("CyaSSL_memrestore_session_cache");
Vanger	0:b86d15c6ba29	4162
Vanger	0:b86d15c6ba29	4163	if (sz < CyaSSL_get_session_cache_memsize()) {
Vanger	0:b86d15c6ba29	4164	CYASSL_MSG("Memory buffer too small");
Vanger	0:b86d15c6ba29	4165	return BUFFER_E;
Vanger	0:b86d15c6ba29	4166	}
Vanger	0:b86d15c6ba29	4167
Vanger	0:b86d15c6ba29	4168	XMEMCPY(&cache_header, mem, sizeof(cache_header));
Vanger	0:b86d15c6ba29	4169	if (cache_header.version != CYASSL_CACHE_VERSION \|\|
Vanger	0:b86d15c6ba29	4170	cache_header.rows != SESSION_ROWS \|\|
Vanger	0:b86d15c6ba29	4171	cache_header.columns != SESSIONS_PER_ROW \|\|
Vanger	0:b86d15c6ba29	4172	cache_header.sessionSz != (int)sizeof(CYASSL_SESSION)) {
Vanger	0:b86d15c6ba29	4173
Vanger	0:b86d15c6ba29	4174	CYASSL_MSG("Session cache header match failed");
Vanger	0:b86d15c6ba29	4175	return CACHE_MATCH_ERROR;
Vanger	0:b86d15c6ba29	4176	}
Vanger	0:b86d15c6ba29	4177
Vanger	0:b86d15c6ba29	4178	if (LockMutex(&session_mutex) != 0) {
Vanger	0:b86d15c6ba29	4179	CYASSL_MSG("Session cache mutex lock failed");
Vanger	0:b86d15c6ba29	4180	return BAD_MUTEX_E;
Vanger	0:b86d15c6ba29	4181	}
Vanger	0:b86d15c6ba29	4182
Vanger	0:b86d15c6ba29	4183	for (i = 0; i < cache_header.rows; ++i)
Vanger	0:b86d15c6ba29	4184	XMEMCPY(SessionCache + i, row++, sizeof(SessionRow));
Vanger	0:b86d15c6ba29	4185
Vanger	0:b86d15c6ba29	4186	#ifndef NO_CLIENT_CACHE
Vanger	0:b86d15c6ba29	4187	clRow = (ClientRow*)row;
Vanger	0:b86d15c6ba29	4188	for (i = 0; i < cache_header.rows; ++i)
Vanger	0:b86d15c6ba29	4189	XMEMCPY(ClientCache + i, clRow++, sizeof(ClientRow));
Vanger	0:b86d15c6ba29	4190	#endif
Vanger	0:b86d15c6ba29	4191
Vanger	0:b86d15c6ba29	4192	UnLockMutex(&session_mutex);
Vanger	0:b86d15c6ba29	4193
Vanger	0:b86d15c6ba29	4194	CYASSL_LEAVE("CyaSSL_memrestore_session_cache", SSL_SUCCESS);
Vanger	0:b86d15c6ba29	4195
Vanger	0:b86d15c6ba29	4196	return SSL_SUCCESS;
Vanger	0:b86d15c6ba29	4197	}
Vanger	0:b86d15c6ba29	4198
Vanger	0:b86d15c6ba29	4199	#if !defined(NO_FILESYSTEM)
Vanger	0:b86d15c6ba29	4200
Vanger	0:b86d15c6ba29	4201	/* Persist session cache to file */
Vanger	0:b86d15c6ba29	4202	/* doesn't use memsave because of additional memory use */
Vanger	0:b86d15c6ba29	4203	int CyaSSL_save_session_cache(const char *fname)
Vanger	0:b86d15c6ba29	4204	{
Vanger	0:b86d15c6ba29	4205	XFILE file;
Vanger	0:b86d15c6ba29	4206	int ret;
Vanger	0:b86d15c6ba29	4207	int rc = SSL_SUCCESS;
Vanger	0:b86d15c6ba29	4208	int i;
Vanger	0:b86d15c6ba29	4209	cache_header_t cache_header;
Vanger	0:b86d15c6ba29	4210
Vanger	0:b86d15c6ba29	4211	CYASSL_ENTER("CyaSSL_save_session_cache");
Vanger	0:b86d15c6ba29	4212
Vanger	0:b86d15c6ba29	4213	file = XFOPEN(fname, "w+b");
Vanger	0:b86d15c6ba29	4214	if (file == XBADFILE) {
Vanger	0:b86d15c6ba29	4215	CYASSL_MSG("Couldn't open session cache save file");
Vanger	0:b86d15c6ba29	4216	return SSL_BAD_FILE;
Vanger	0:b86d15c6ba29	4217	}
Vanger	0:b86d15c6ba29	4218	cache_header.version = CYASSL_CACHE_VERSION;
Vanger	0:b86d15c6ba29	4219	cache_header.rows = SESSION_ROWS;
Vanger	0:b86d15c6ba29	4220	cache_header.columns = SESSIONS_PER_ROW;
Vanger	0:b86d15c6ba29	4221	cache_header.sessionSz = (int)sizeof(CYASSL_SESSION);
Vanger	0:b86d15c6ba29	4222
Vanger	0:b86d15c6ba29	4223	/* cache header */
Vanger	0:b86d15c6ba29	4224	ret = (int)XFWRITE(&cache_header, sizeof cache_header, 1, file);
Vanger	0:b86d15c6ba29	4225	if (ret != 1) {
Vanger	0:b86d15c6ba29	4226	CYASSL_MSG("Session cache header file write failed");
Vanger	0:b86d15c6ba29	4227	XFCLOSE(file);
Vanger	0:b86d15c6ba29	4228	return FWRITE_ERROR;
Vanger	0:b86d15c6ba29	4229	}
Vanger	0:b86d15c6ba29	4230
Vanger	0:b86d15c6ba29	4231	if (LockMutex(&session_mutex) != 0) {
Vanger	0:b86d15c6ba29	4232	CYASSL_MSG("Session cache mutex lock failed");
Vanger	0:b86d15c6ba29	4233	XFCLOSE(file);
Vanger	0:b86d15c6ba29	4234	return BAD_MUTEX_E;
Vanger	0:b86d15c6ba29	4235	}
Vanger	0:b86d15c6ba29	4236
Vanger	0:b86d15c6ba29	4237	/* session cache */
Vanger	0:b86d15c6ba29	4238	for (i = 0; i < cache_header.rows; ++i) {
Vanger	0:b86d15c6ba29	4239	ret = (int)XFWRITE(SessionCache + i, sizeof(SessionRow), 1, file);
Vanger	0:b86d15c6ba29	4240	if (ret != 1) {
Vanger	0:b86d15c6ba29	4241	CYASSL_MSG("Session cache member file write failed");
Vanger	0:b86d15c6ba29	4242	rc = FWRITE_ERROR;
Vanger	0:b86d15c6ba29	4243	break;
Vanger	0:b86d15c6ba29	4244	}
Vanger	0:b86d15c6ba29	4245	}
Vanger	0:b86d15c6ba29	4246
Vanger	0:b86d15c6ba29	4247	#ifndef NO_CLIENT_CACHE
Vanger	0:b86d15c6ba29	4248	/* client cache */
Vanger	0:b86d15c6ba29	4249	for (i = 0; i < cache_header.rows; ++i) {
Vanger	0:b86d15c6ba29	4250	ret = (int)XFWRITE(ClientCache + i, sizeof(ClientRow), 1, file);
Vanger	0:b86d15c6ba29	4251	if (ret != 1) {
Vanger	0:b86d15c6ba29	4252	CYASSL_MSG("Client cache member file write failed");
Vanger	0:b86d15c6ba29	4253	rc = FWRITE_ERROR;
Vanger	0:b86d15c6ba29	4254	break;
Vanger	0:b86d15c6ba29	4255	}
Vanger	0:b86d15c6ba29	4256	}
Vanger	0:b86d15c6ba29	4257	#endif /* NO_CLIENT_CACHE */
Vanger	0:b86d15c6ba29	4258
Vanger	0:b86d15c6ba29	4259	UnLockMutex(&session_mutex);
Vanger	0:b86d15c6ba29	4260
Vanger	0:b86d15c6ba29	4261	XFCLOSE(file);
Vanger	0:b86d15c6ba29	4262	CYASSL_LEAVE("CyaSSL_save_session_cache", rc);
Vanger	0:b86d15c6ba29	4263
Vanger	0:b86d15c6ba29	4264	return rc;
Vanger	0:b86d15c6ba29	4265	}
Vanger	0:b86d15c6ba29	4266
Vanger	0:b86d15c6ba29	4267
Vanger	0:b86d15c6ba29	4268	/* Restore the persistant session cache from file */
Vanger	0:b86d15c6ba29	4269	/* doesn't use memstore because of additional memory use */
Vanger	0:b86d15c6ba29	4270	int CyaSSL_restore_session_cache(const char *fname)
Vanger	0:b86d15c6ba29	4271	{
Vanger	0:b86d15c6ba29	4272	XFILE file;
Vanger	0:b86d15c6ba29	4273	int rc = SSL_SUCCESS;
Vanger	0:b86d15c6ba29	4274	int ret;
Vanger	0:b86d15c6ba29	4275	int i;
Vanger	0:b86d15c6ba29	4276	cache_header_t cache_header;
Vanger	0:b86d15c6ba29	4277
Vanger	0:b86d15c6ba29	4278	CYASSL_ENTER("CyaSSL_restore_session_cache");
Vanger	0:b86d15c6ba29	4279
Vanger	0:b86d15c6ba29	4280	file = XFOPEN(fname, "rb");
Vanger	0:b86d15c6ba29	4281	if (file == XBADFILE) {
Vanger	0:b86d15c6ba29	4282	CYASSL_MSG("Couldn't open session cache save file");
Vanger	0:b86d15c6ba29	4283	return SSL_BAD_FILE;
Vanger	0:b86d15c6ba29	4284	}
Vanger	0:b86d15c6ba29	4285	/* cache header */
Vanger	0:b86d15c6ba29	4286	ret = (int)XFREAD(&cache_header, sizeof cache_header, 1, file);
Vanger	0:b86d15c6ba29	4287	if (ret != 1) {
Vanger	0:b86d15c6ba29	4288	CYASSL_MSG("Session cache header file read failed");
Vanger	0:b86d15c6ba29	4289	XFCLOSE(file);
Vanger	0:b86d15c6ba29	4290	return FREAD_ERROR;
Vanger	0:b86d15c6ba29	4291	}
Vanger	0:b86d15c6ba29	4292	if (cache_header.version != CYASSL_CACHE_VERSION \|\|
Vanger	0:b86d15c6ba29	4293	cache_header.rows != SESSION_ROWS \|\|
Vanger	0:b86d15c6ba29	4294	cache_header.columns != SESSIONS_PER_ROW \|\|
Vanger	0:b86d15c6ba29	4295	cache_header.sessionSz != (int)sizeof(CYASSL_SESSION)) {
Vanger	0:b86d15c6ba29	4296
Vanger	0:b86d15c6ba29	4297	CYASSL_MSG("Session cache header match failed");
Vanger	0:b86d15c6ba29	4298	XFCLOSE(file);
Vanger	0:b86d15c6ba29	4299	return CACHE_MATCH_ERROR;
Vanger	0:b86d15c6ba29	4300	}
Vanger	0:b86d15c6ba29	4301
Vanger	0:b86d15c6ba29	4302	if (LockMutex(&session_mutex) != 0) {
Vanger	0:b86d15c6ba29	4303	CYASSL_MSG("Session cache mutex lock failed");
Vanger	0:b86d15c6ba29	4304	XFCLOSE(file);
Vanger	0:b86d15c6ba29	4305	return BAD_MUTEX_E;
Vanger	0:b86d15c6ba29	4306	}
Vanger	0:b86d15c6ba29	4307
Vanger	0:b86d15c6ba29	4308	/* session cache */
Vanger	0:b86d15c6ba29	4309	for (i = 0; i < cache_header.rows; ++i) {
Vanger	0:b86d15c6ba29	4310	ret = (int)XFREAD(SessionCache + i, sizeof(SessionRow), 1, file);
Vanger	0:b86d15c6ba29	4311	if (ret != 1) {
Vanger	0:b86d15c6ba29	4312	CYASSL_MSG("Session cache member file read failed");
Vanger	0:b86d15c6ba29	4313	XMEMSET(SessionCache, 0, sizeof SessionCache);
Vanger	0:b86d15c6ba29	4314	rc = FREAD_ERROR;
Vanger	0:b86d15c6ba29	4315	break;
Vanger	0:b86d15c6ba29	4316	}
Vanger	0:b86d15c6ba29	4317	}
Vanger	0:b86d15c6ba29	4318
Vanger	0:b86d15c6ba29	4319	#ifndef NO_CLIENT_CACHE
Vanger	0:b86d15c6ba29	4320	/* client cache */
Vanger	0:b86d15c6ba29	4321	for (i = 0; i < cache_header.rows; ++i) {
Vanger	0:b86d15c6ba29	4322	ret = (int)XFREAD(ClientCache + i, sizeof(ClientRow), 1, file);
Vanger	0:b86d15c6ba29	4323	if (ret != 1) {
Vanger	0:b86d15c6ba29	4324	CYASSL_MSG("Client cache member file read failed");
Vanger	0:b86d15c6ba29	4325	XMEMSET(ClientCache, 0, sizeof ClientCache);
Vanger	0:b86d15c6ba29	4326	rc = FREAD_ERROR;
Vanger	0:b86d15c6ba29	4327	break;
Vanger	0:b86d15c6ba29	4328	}
Vanger	0:b86d15c6ba29	4329	}
Vanger	0:b86d15c6ba29	4330
Vanger	0:b86d15c6ba29	4331	#endif /* NO_CLIENT_CACHE */
Vanger	0:b86d15c6ba29	4332
Vanger	0:b86d15c6ba29	4333	UnLockMutex(&session_mutex);
Vanger	0:b86d15c6ba29	4334
Vanger	0:b86d15c6ba29	4335	XFCLOSE(file);
Vanger	0:b86d15c6ba29	4336	CYASSL_LEAVE("CyaSSL_restore_session_cache", rc);
Vanger	0:b86d15c6ba29	4337
Vanger	0:b86d15c6ba29	4338	return rc;
Vanger	0:b86d15c6ba29	4339	}
Vanger	0:b86d15c6ba29	4340
Vanger	0:b86d15c6ba29	4341	#endif /* !NO_FILESYSTEM */
Vanger	0:b86d15c6ba29	4342	#endif /* PERSIST_SESSION_CACHE */
Vanger	0:b86d15c6ba29	4343	#endif /* NO_SESSION_CACHE */
Vanger	0:b86d15c6ba29	4344
Vanger	0:b86d15c6ba29	4345
Vanger	0:b86d15c6ba29	4346	void CyaSSL_load_error_strings(void) /* compatibility only */
Vanger	0:b86d15c6ba29	4347	{}
Vanger	0:b86d15c6ba29	4348
Vanger	0:b86d15c6ba29	4349
Vanger	0:b86d15c6ba29	4350	int CyaSSL_library_init(void)
Vanger	0:b86d15c6ba29	4351	{
Vanger	0:b86d15c6ba29	4352	CYASSL_ENTER("SSL_library_init");
Vanger	0:b86d15c6ba29	4353	if (CyaSSL_Init() == SSL_SUCCESS)
Vanger	0:b86d15c6ba29	4354	return SSL_SUCCESS;
Vanger	0:b86d15c6ba29	4355	else
Vanger	0:b86d15c6ba29	4356	return SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	4357	}
Vanger	0:b86d15c6ba29	4358
Vanger	0:b86d15c6ba29	4359
Vanger	0:b86d15c6ba29	4360	#ifdef HAVE_SECRET_CALLBACK
Vanger	0:b86d15c6ba29	4361
Vanger	0:b86d15c6ba29	4362	int CyaSSL_set_session_secret_cb(CYASSL* ssl, SessionSecretCb cb, void* ctx)
Vanger	0:b86d15c6ba29	4363	{
Vanger	0:b86d15c6ba29	4364	CYASSL_ENTER("CyaSSL_set_session_secret_cb");
Vanger	0:b86d15c6ba29	4365	if (ssl == NULL)
Vanger	0:b86d15c6ba29	4366	return SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	4367
Vanger	0:b86d15c6ba29	4368	ssl->sessionSecretCb = cb;
Vanger	0:b86d15c6ba29	4369	ssl->sessionSecretCtx = ctx;
Vanger	0:b86d15c6ba29	4370	/* If using a pre-set key, assume session resumption. */
Vanger	0:b86d15c6ba29	4371	ssl->session.sessionIDSz = 0;
Vanger	0:b86d15c6ba29	4372	ssl->options.resuming = 1;
Vanger	0:b86d15c6ba29	4373
Vanger	0:b86d15c6ba29	4374	return SSL_SUCCESS;
Vanger	0:b86d15c6ba29	4375	}
Vanger	0:b86d15c6ba29	4376
Vanger	0:b86d15c6ba29	4377	#endif
Vanger	0:b86d15c6ba29	4378
Vanger	0:b86d15c6ba29	4379
Vanger	0:b86d15c6ba29	4380	#ifndef NO_SESSION_CACHE
Vanger	0:b86d15c6ba29	4381
Vanger	0:b86d15c6ba29	4382	/* on by default if built in but allow user to turn off */
Vanger	0:b86d15c6ba29	4383	long CyaSSL_CTX_set_session_cache_mode(CYASSL_CTX* ctx, long mode)
Vanger	0:b86d15c6ba29	4384	{
Vanger	0:b86d15c6ba29	4385	CYASSL_ENTER("SSL_CTX_set_session_cache_mode");
Vanger	0:b86d15c6ba29	4386	if (mode == SSL_SESS_CACHE_OFF)
Vanger	0:b86d15c6ba29	4387	ctx->sessionCacheOff = 1;
Vanger	0:b86d15c6ba29	4388
Vanger	0:b86d15c6ba29	4389	if (mode == SSL_SESS_CACHE_NO_AUTO_CLEAR)
Vanger	0:b86d15c6ba29	4390	ctx->sessionCacheFlushOff = 1;
Vanger	0:b86d15c6ba29	4391
Vanger	0:b86d15c6ba29	4392	return SSL_SUCCESS;
Vanger	0:b86d15c6ba29	4393	}
Vanger	0:b86d15c6ba29	4394
Vanger	0:b86d15c6ba29	4395	#endif /* NO_SESSION_CACHE */
Vanger	0:b86d15c6ba29	4396
Vanger	0:b86d15c6ba29	4397
Vanger	0:b86d15c6ba29	4398	#if !defined(NO_CERTS)
Vanger	0:b86d15c6ba29	4399	#if defined(PERSIST_CERT_CACHE)
Vanger	0:b86d15c6ba29	4400
Vanger	0:b86d15c6ba29	4401
Vanger	0:b86d15c6ba29	4402	#define CYASSL_CACHE_CERT_VERSION 1
Vanger	0:b86d15c6ba29	4403
Vanger	0:b86d15c6ba29	4404	typedef struct {
Vanger	0:b86d15c6ba29	4405	int version; /* cache cert layout version id */
Vanger	0:b86d15c6ba29	4406	int rows; /* hash table rows, CA_TABLE_SIZE */
Vanger	0:b86d15c6ba29	4407	int columns[CA_TABLE_SIZE]; /* columns per row on list */
Vanger	0:b86d15c6ba29	4408	int signerSz; /* sizeof Signer object */
Vanger	0:b86d15c6ba29	4409	} CertCacheHeader;
Vanger	0:b86d15c6ba29	4410
Vanger	0:b86d15c6ba29	4411	/* current cert persistance layout is:
Vanger	0:b86d15c6ba29	4412
Vanger	0:b86d15c6ba29	4413	1) CertCacheHeader
Vanger	0:b86d15c6ba29	4414	2) caTable
Vanger	0:b86d15c6ba29	4415
Vanger	0:b86d15c6ba29	4416	update CYASSL_CERT_CACHE_VERSION if change layout for the following
Vanger	0:b86d15c6ba29	4417	PERSIST_CERT_CACHE functions
Vanger	0:b86d15c6ba29	4418	*/
Vanger	0:b86d15c6ba29	4419
Vanger	0:b86d15c6ba29	4420
Vanger	0:b86d15c6ba29	4421	/* Return memory needed to persist this signer, have lock */
Vanger	0:b86d15c6ba29	4422	static INLINE int GetSignerMemory(Signer* signer)
Vanger	0:b86d15c6ba29	4423	{
Vanger	0:b86d15c6ba29	4424	int sz = sizeof(signer->pubKeySize) + sizeof(signer->keyOID)
Vanger	0:b86d15c6ba29	4425	+ sizeof(signer->nameLen) + sizeof(signer->subjectNameHash);
Vanger	0:b86d15c6ba29	4426
Vanger	0:b86d15c6ba29	4427	#if !defined(NO_SKID)
Vanger	0:b86d15c6ba29	4428	sz += (int)sizeof(signer->subjectKeyIdHash);
Vanger	0:b86d15c6ba29	4429	#endif
Vanger	0:b86d15c6ba29	4430
Vanger	0:b86d15c6ba29	4431	/* add dynamic bytes needed */
Vanger	0:b86d15c6ba29	4432	sz += signer->pubKeySize;
Vanger	0:b86d15c6ba29	4433	sz += signer->nameLen;
Vanger	0:b86d15c6ba29	4434
Vanger	0:b86d15c6ba29	4435	return sz;
Vanger	0:b86d15c6ba29	4436	}
Vanger	0:b86d15c6ba29	4437
Vanger	0:b86d15c6ba29	4438
Vanger	0:b86d15c6ba29	4439	/* Return memory needed to persist this row, have lock */
Vanger	0:b86d15c6ba29	4440	static INLINE int GetCertCacheRowMemory(Signer* row)
Vanger	0:b86d15c6ba29	4441	{
Vanger	0:b86d15c6ba29	4442	int sz = 0;
Vanger	0:b86d15c6ba29	4443
Vanger	0:b86d15c6ba29	4444	while (row) {
Vanger	0:b86d15c6ba29	4445	sz += GetSignerMemory(row);
Vanger	0:b86d15c6ba29	4446	row = row->next;
Vanger	0:b86d15c6ba29	4447	}
Vanger	0:b86d15c6ba29	4448
Vanger	0:b86d15c6ba29	4449	return sz;
Vanger	0:b86d15c6ba29	4450	}
Vanger	0:b86d15c6ba29	4451
Vanger	0:b86d15c6ba29	4452
Vanger	0:b86d15c6ba29	4453	/* get the size of persist cert cache, have lock */
Vanger	0:b86d15c6ba29	4454	static INLINE int GetCertCacheMemSize(CYASSL_CERT_MANAGER* cm)
Vanger	0:b86d15c6ba29	4455	{
Vanger	0:b86d15c6ba29	4456	int sz;
Vanger	0:b86d15c6ba29	4457	int i;
Vanger	0:b86d15c6ba29	4458
Vanger	0:b86d15c6ba29	4459	sz = sizeof(CertCacheHeader);
Vanger	0:b86d15c6ba29	4460
Vanger	0:b86d15c6ba29	4461	for (i = 0; i < CA_TABLE_SIZE; i++)
Vanger	0:b86d15c6ba29	4462	sz += GetCertCacheRowMemory(cm->caTable[i]);
Vanger	0:b86d15c6ba29	4463
Vanger	0:b86d15c6ba29	4464	return sz;
Vanger	0:b86d15c6ba29	4465	}
Vanger	0:b86d15c6ba29	4466
Vanger	0:b86d15c6ba29	4467
Vanger	0:b86d15c6ba29	4468	/* Store cert cache header columns with number of items per list, have lock */
Vanger	0:b86d15c6ba29	4469	static INLINE void SetCertHeaderColumns(CYASSL_CERT_MANAGER* cm, int* columns)
Vanger	0:b86d15c6ba29	4470	{
Vanger	0:b86d15c6ba29	4471	int i;
Vanger	0:b86d15c6ba29	4472	Signer* row;
Vanger	0:b86d15c6ba29	4473
Vanger	0:b86d15c6ba29	4474	for (i = 0; i < CA_TABLE_SIZE; i++) {
Vanger	0:b86d15c6ba29	4475	int count = 0;
Vanger	0:b86d15c6ba29	4476	row = cm->caTable[i];
Vanger	0:b86d15c6ba29	4477
Vanger	0:b86d15c6ba29	4478	while (row) {
Vanger	0:b86d15c6ba29	4479	++count;
Vanger	0:b86d15c6ba29	4480	row = row->next;
Vanger	0:b86d15c6ba29	4481	}
Vanger	0:b86d15c6ba29	4482	columns[i] = count;
Vanger	0:b86d15c6ba29	4483	}
Vanger	0:b86d15c6ba29	4484	}
Vanger	0:b86d15c6ba29	4485
Vanger	0:b86d15c6ba29	4486
Vanger	0:b86d15c6ba29	4487	/* Restore whole cert row from memory, have lock, return bytes consumed,
Vanger	0:b86d15c6ba29	4488	< 0 on error, have lock */
Vanger	0:b86d15c6ba29	4489	static INLINE int RestoreCertRow(CYASSL_CERT_MANAGER* cm, byte* current,
Vanger	0:b86d15c6ba29	4490	int row, int listSz, const byte* end)
Vanger	0:b86d15c6ba29	4491	{
Vanger	0:b86d15c6ba29	4492	int idx = 0;
Vanger	0:b86d15c6ba29	4493
Vanger	0:b86d15c6ba29	4494	if (listSz < 0) {
Vanger	0:b86d15c6ba29	4495	CYASSL_MSG("Row header corrupted, negative value");
Vanger	0:b86d15c6ba29	4496	return PARSE_ERROR;
Vanger	0:b86d15c6ba29	4497	}
Vanger	0:b86d15c6ba29	4498
Vanger	0:b86d15c6ba29	4499	while (listSz) {
Vanger	0:b86d15c6ba29	4500	Signer* signer;
Vanger	0:b86d15c6ba29	4501	byte* start = current + idx; /* for end checks on this signer */
Vanger	0:b86d15c6ba29	4502	int minSz = sizeof(signer->pubKeySize) + sizeof(signer->keyOID) +
Vanger	0:b86d15c6ba29	4503	sizeof(signer->nameLen) + sizeof(signer->subjectNameHash);
Vanger	0:b86d15c6ba29	4504	#ifndef NO_SKID
Vanger	0:b86d15c6ba29	4505	minSz += (int)sizeof(signer->subjectKeyIdHash);
Vanger	0:b86d15c6ba29	4506	#endif
Vanger	0:b86d15c6ba29	4507
Vanger	0:b86d15c6ba29	4508	if (start + minSz > end) {
Vanger	0:b86d15c6ba29	4509	CYASSL_MSG("Would overread restore buffer");
Vanger	0:b86d15c6ba29	4510	return BUFFER_E;
Vanger	0:b86d15c6ba29	4511	}
Vanger	0:b86d15c6ba29	4512	signer = MakeSigner(cm->heap);
Vanger	0:b86d15c6ba29	4513	if (signer == NULL)
Vanger	0:b86d15c6ba29	4514	return MEMORY_E;
Vanger	0:b86d15c6ba29	4515
Vanger	0:b86d15c6ba29	4516	/* pubKeySize */
Vanger	0:b86d15c6ba29	4517	XMEMCPY(&signer->pubKeySize, current + idx, sizeof(signer->pubKeySize));
Vanger	0:b86d15c6ba29	4518	idx += (int)sizeof(signer->pubKeySize);
Vanger	0:b86d15c6ba29	4519
Vanger	0:b86d15c6ba29	4520	/* keyOID */
Vanger	0:b86d15c6ba29	4521	XMEMCPY(&signer->keyOID, current + idx, sizeof(signer->keyOID));
Vanger	0:b86d15c6ba29	4522	idx += (int)sizeof(signer->keyOID);
Vanger	0:b86d15c6ba29	4523
Vanger	0:b86d15c6ba29	4524	/* pulicKey */
Vanger	0:b86d15c6ba29	4525	if (start + minSz + signer->pubKeySize > end) {
Vanger	0:b86d15c6ba29	4526	CYASSL_MSG("Would overread restore buffer");
Vanger	0:b86d15c6ba29	4527	FreeSigner(signer, cm->heap);
Vanger	0:b86d15c6ba29	4528	return BUFFER_E;
Vanger	0:b86d15c6ba29	4529	}
Vanger	0:b86d15c6ba29	4530	signer->publicKey = (byte*)XMALLOC(signer->pubKeySize, cm->heap,
Vanger	0:b86d15c6ba29	4531	DYNAMIC_TYPE_KEY);
Vanger	0:b86d15c6ba29	4532	if (signer->publicKey == NULL) {
Vanger	0:b86d15c6ba29	4533	FreeSigner(signer, cm->heap);
Vanger	0:b86d15c6ba29	4534	return MEMORY_E;
Vanger	0:b86d15c6ba29	4535	}
Vanger	0:b86d15c6ba29	4536
Vanger	0:b86d15c6ba29	4537	XMEMCPY(signer->publicKey, current + idx, signer->pubKeySize);
Vanger	0:b86d15c6ba29	4538	idx += signer->pubKeySize;
Vanger	0:b86d15c6ba29	4539
Vanger	0:b86d15c6ba29	4540	/* nameLen */
Vanger	0:b86d15c6ba29	4541	XMEMCPY(&signer->nameLen, current + idx, sizeof(signer->nameLen));
Vanger	0:b86d15c6ba29	4542	idx += (int)sizeof(signer->nameLen);
Vanger	0:b86d15c6ba29	4543
Vanger	0:b86d15c6ba29	4544	/* name */
Vanger	0:b86d15c6ba29	4545	if (start + minSz + signer->pubKeySize + signer->nameLen > end) {
Vanger	0:b86d15c6ba29	4546	CYASSL_MSG("Would overread restore buffer");
Vanger	0:b86d15c6ba29	4547	FreeSigner(signer, cm->heap);
Vanger	0:b86d15c6ba29	4548	return BUFFER_E;
Vanger	0:b86d15c6ba29	4549	}
Vanger	0:b86d15c6ba29	4550	signer->name = (char*)XMALLOC(signer->nameLen, cm->heap,
Vanger	0:b86d15c6ba29	4551	DYNAMIC_TYPE_SUBJECT_CN);
Vanger	0:b86d15c6ba29	4552	if (signer->name == NULL) {
Vanger	0:b86d15c6ba29	4553	FreeSigner(signer, cm->heap);
Vanger	0:b86d15c6ba29	4554	return MEMORY_E;
Vanger	0:b86d15c6ba29	4555	}
Vanger	0:b86d15c6ba29	4556
Vanger	0:b86d15c6ba29	4557	XMEMCPY(signer->name, current + idx, signer->nameLen);
Vanger	0:b86d15c6ba29	4558	idx += signer->nameLen;
Vanger	0:b86d15c6ba29	4559
Vanger	0:b86d15c6ba29	4560	/* subjectNameHash */
Vanger	0:b86d15c6ba29	4561	XMEMCPY(signer->subjectNameHash, current + idx, SIGNER_DIGEST_SIZE);
Vanger	0:b86d15c6ba29	4562	idx += SIGNER_DIGEST_SIZE;
Vanger	0:b86d15c6ba29	4563
Vanger	0:b86d15c6ba29	4564	#ifndef NO_SKID
Vanger	0:b86d15c6ba29	4565	/* subjectKeyIdHash */
Vanger	0:b86d15c6ba29	4566	XMEMCPY(signer->subjectKeyIdHash, current + idx,SIGNER_DIGEST_SIZE);
Vanger	0:b86d15c6ba29	4567	idx += SIGNER_DIGEST_SIZE;
Vanger	0:b86d15c6ba29	4568	#endif
Vanger	0:b86d15c6ba29	4569
Vanger	0:b86d15c6ba29	4570	signer->next = cm->caTable[row];
Vanger	0:b86d15c6ba29	4571	cm->caTable[row] = signer;
Vanger	0:b86d15c6ba29	4572
Vanger	0:b86d15c6ba29	4573	--listSz;
Vanger	0:b86d15c6ba29	4574	}
Vanger	0:b86d15c6ba29	4575
Vanger	0:b86d15c6ba29	4576	return idx;
Vanger	0:b86d15c6ba29	4577	}
Vanger	0:b86d15c6ba29	4578
Vanger	0:b86d15c6ba29	4579
Vanger	0:b86d15c6ba29	4580	/* Store whole cert row into memory, have lock, return bytes added */
Vanger	0:b86d15c6ba29	4581	static INLINE int StoreCertRow(CYASSL_CERT_MANAGER* cm, byte* current, int row)
Vanger	0:b86d15c6ba29	4582	{
Vanger	0:b86d15c6ba29	4583	int added = 0;
Vanger	0:b86d15c6ba29	4584	Signer* list = cm->caTable[row];
Vanger	0:b86d15c6ba29	4585
Vanger	0:b86d15c6ba29	4586	while (list) {
Vanger	0:b86d15c6ba29	4587	XMEMCPY(current + added, &list->pubKeySize, sizeof(list->pubKeySize));
Vanger	0:b86d15c6ba29	4588	added += (int)sizeof(list->pubKeySize);
Vanger	0:b86d15c6ba29	4589
Vanger	0:b86d15c6ba29	4590	XMEMCPY(current + added, &list->keyOID, sizeof(list->keyOID));
Vanger	0:b86d15c6ba29	4591	added += (int)sizeof(list->keyOID);
Vanger	0:b86d15c6ba29	4592
Vanger	0:b86d15c6ba29	4593	XMEMCPY(current + added, list->publicKey, list->pubKeySize);
Vanger	0:b86d15c6ba29	4594	added += list->pubKeySize;
Vanger	0:b86d15c6ba29	4595
Vanger	0:b86d15c6ba29	4596	XMEMCPY(current + added, &list->nameLen, sizeof(list->nameLen));
Vanger	0:b86d15c6ba29	4597	added += (int)sizeof(list->nameLen);
Vanger	0:b86d15c6ba29	4598
Vanger	0:b86d15c6ba29	4599	XMEMCPY(current + added, list->name, list->nameLen);
Vanger	0:b86d15c6ba29	4600	added += list->nameLen;
Vanger	0:b86d15c6ba29	4601
Vanger	0:b86d15c6ba29	4602	XMEMCPY(current + added, list->subjectNameHash, SIGNER_DIGEST_SIZE);
Vanger	0:b86d15c6ba29	4603	added += SIGNER_DIGEST_SIZE;
Vanger	0:b86d15c6ba29	4604
Vanger	0:b86d15c6ba29	4605	#ifndef NO_SKID
Vanger	0:b86d15c6ba29	4606	XMEMCPY(current + added, list->subjectKeyIdHash,SIGNER_DIGEST_SIZE);
Vanger	0:b86d15c6ba29	4607	added += SIGNER_DIGEST_SIZE;
Vanger	0:b86d15c6ba29	4608	#endif
Vanger	0:b86d15c6ba29	4609
Vanger	0:b86d15c6ba29	4610	list = list->next;
Vanger	0:b86d15c6ba29	4611	}
Vanger	0:b86d15c6ba29	4612
Vanger	0:b86d15c6ba29	4613	return added;
Vanger	0:b86d15c6ba29	4614	}
Vanger	0:b86d15c6ba29	4615
Vanger	0:b86d15c6ba29	4616
Vanger	0:b86d15c6ba29	4617	/* Persist cert cache to memory, have lock */
Vanger	0:b86d15c6ba29	4618	static INLINE int DoMemSaveCertCache(CYASSL_CERT_MANAGER* cm, void* mem, int sz)
Vanger	0:b86d15c6ba29	4619	{
Vanger	0:b86d15c6ba29	4620	int realSz;
Vanger	0:b86d15c6ba29	4621	int ret = SSL_SUCCESS;
Vanger	0:b86d15c6ba29	4622	int i;
Vanger	0:b86d15c6ba29	4623
Vanger	0:b86d15c6ba29	4624	CYASSL_ENTER("DoMemSaveCertCache");
Vanger	0:b86d15c6ba29	4625
Vanger	0:b86d15c6ba29	4626	realSz = GetCertCacheMemSize(cm);
Vanger	0:b86d15c6ba29	4627	if (realSz > sz) {
Vanger	0:b86d15c6ba29	4628	CYASSL_MSG("Mem output buffer too small");
Vanger	0:b86d15c6ba29	4629	ret = BUFFER_E;
Vanger	0:b86d15c6ba29	4630	}
Vanger	0:b86d15c6ba29	4631	else {
Vanger	0:b86d15c6ba29	4632	byte* current;
Vanger	0:b86d15c6ba29	4633	CertCacheHeader hdr;
Vanger	0:b86d15c6ba29	4634
Vanger	0:b86d15c6ba29	4635	hdr.version = CYASSL_CACHE_CERT_VERSION;
Vanger	0:b86d15c6ba29	4636	hdr.rows = CA_TABLE_SIZE;
Vanger	0:b86d15c6ba29	4637	SetCertHeaderColumns(cm, hdr.columns);
Vanger	0:b86d15c6ba29	4638	hdr.signerSz = (int)sizeof(Signer);
Vanger	0:b86d15c6ba29	4639
Vanger	0:b86d15c6ba29	4640	XMEMCPY(mem, &hdr, sizeof(CertCacheHeader));
Vanger	0:b86d15c6ba29	4641	current = (byte*)mem + sizeof(CertCacheHeader);
Vanger	0:b86d15c6ba29	4642
Vanger	0:b86d15c6ba29	4643	for (i = 0; i < CA_TABLE_SIZE; ++i)
Vanger	0:b86d15c6ba29	4644	current += StoreCertRow(cm, current, i);
Vanger	0:b86d15c6ba29	4645	}
Vanger	0:b86d15c6ba29	4646
Vanger	0:b86d15c6ba29	4647	return ret;
Vanger	0:b86d15c6ba29	4648	}
Vanger	0:b86d15c6ba29	4649
Vanger	0:b86d15c6ba29	4650
Vanger	0:b86d15c6ba29	4651	#if !defined(NO_FILESYSTEM)
Vanger	0:b86d15c6ba29	4652
Vanger	0:b86d15c6ba29	4653	/* Persist cert cache to file */
Vanger	0:b86d15c6ba29	4654	int CM_SaveCertCache(CYASSL_CERT_MANAGER* cm, const char* fname)
Vanger	0:b86d15c6ba29	4655	{
Vanger	0:b86d15c6ba29	4656	XFILE file;
Vanger	0:b86d15c6ba29	4657	int rc = SSL_SUCCESS;
Vanger	0:b86d15c6ba29	4658	int memSz;
Vanger	0:b86d15c6ba29	4659	byte* mem;
Vanger	0:b86d15c6ba29	4660
Vanger	0:b86d15c6ba29	4661	CYASSL_ENTER("CM_SaveCertCache");
Vanger	0:b86d15c6ba29	4662
Vanger	0:b86d15c6ba29	4663	file = XFOPEN(fname, "w+b");
Vanger	0:b86d15c6ba29	4664	if (file == XBADFILE) {
Vanger	0:b86d15c6ba29	4665	CYASSL_MSG("Couldn't open cert cache save file");
Vanger	0:b86d15c6ba29	4666	return SSL_BAD_FILE;
Vanger	0:b86d15c6ba29	4667	}
Vanger	0:b86d15c6ba29	4668
Vanger	0:b86d15c6ba29	4669	if (LockMutex(&cm->caLock) != 0) {
Vanger	0:b86d15c6ba29	4670	CYASSL_MSG("LockMutex on caLock failed");
Vanger	0:b86d15c6ba29	4671	XFCLOSE(file);
Vanger	0:b86d15c6ba29	4672	return BAD_MUTEX_E;
Vanger	0:b86d15c6ba29	4673	}
Vanger	0:b86d15c6ba29	4674
Vanger	0:b86d15c6ba29	4675	memSz = GetCertCacheMemSize(cm);
Vanger	0:b86d15c6ba29	4676	mem = (byte*)XMALLOC(memSz, cm->heap, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	4677	if (mem == NULL) {
Vanger	0:b86d15c6ba29	4678	CYASSL_MSG("Alloc for tmp buffer failed");
Vanger	0:b86d15c6ba29	4679	rc = MEMORY_E;
Vanger	0:b86d15c6ba29	4680	} else {
Vanger	0:b86d15c6ba29	4681	rc = DoMemSaveCertCache(cm, mem, memSz);
Vanger	0:b86d15c6ba29	4682	if (rc == SSL_SUCCESS) {
Vanger	0:b86d15c6ba29	4683	int ret = (int)XFWRITE(mem, memSz, 1, file);
Vanger	0:b86d15c6ba29	4684	if (ret != 1) {
Vanger	0:b86d15c6ba29	4685	CYASSL_MSG("Cert cache file write failed");
Vanger	0:b86d15c6ba29	4686	rc = FWRITE_ERROR;
Vanger	0:b86d15c6ba29	4687	}
Vanger	0:b86d15c6ba29	4688	}
Vanger	0:b86d15c6ba29	4689	XFREE(mem, cm->heap, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	4690	}
Vanger	0:b86d15c6ba29	4691
Vanger	0:b86d15c6ba29	4692	UnLockMutex(&cm->caLock);
Vanger	0:b86d15c6ba29	4693	XFCLOSE(file);
Vanger	0:b86d15c6ba29	4694
Vanger	0:b86d15c6ba29	4695	return rc;
Vanger	0:b86d15c6ba29	4696	}
Vanger	0:b86d15c6ba29	4697
Vanger	0:b86d15c6ba29	4698
Vanger	0:b86d15c6ba29	4699	/* Restore cert cache from file */
Vanger	0:b86d15c6ba29	4700	int CM_RestoreCertCache(CYASSL_CERT_MANAGER* cm, const char* fname)
Vanger	0:b86d15c6ba29	4701	{
Vanger	0:b86d15c6ba29	4702	XFILE file;
Vanger	0:b86d15c6ba29	4703	int rc = SSL_SUCCESS;
Vanger	0:b86d15c6ba29	4704	int ret;
Vanger	0:b86d15c6ba29	4705	int memSz;
Vanger	0:b86d15c6ba29	4706	byte* mem;
Vanger	0:b86d15c6ba29	4707
Vanger	0:b86d15c6ba29	4708	CYASSL_ENTER("CM_RestoreCertCache");
Vanger	0:b86d15c6ba29	4709
Vanger	0:b86d15c6ba29	4710	file = XFOPEN(fname, "rb");
Vanger	0:b86d15c6ba29	4711	if (file == XBADFILE) {
Vanger	0:b86d15c6ba29	4712	CYASSL_MSG("Couldn't open cert cache save file");
Vanger	0:b86d15c6ba29	4713	return SSL_BAD_FILE;
Vanger	0:b86d15c6ba29	4714	}
Vanger	0:b86d15c6ba29	4715
Vanger	0:b86d15c6ba29	4716	XFSEEK(file, 0, XSEEK_END);
Vanger	0:b86d15c6ba29	4717	memSz = (int)XFTELL(file);
Vanger	0:b86d15c6ba29	4718	XREWIND(file);
Vanger	0:b86d15c6ba29	4719
Vanger	0:b86d15c6ba29	4720	if (memSz <= 0) {
Vanger	0:b86d15c6ba29	4721	CYASSL_MSG("Bad file size");
Vanger	0:b86d15c6ba29	4722	XFCLOSE(file);
Vanger	0:b86d15c6ba29	4723	return SSL_BAD_FILE;
Vanger	0:b86d15c6ba29	4724	}
Vanger	0:b86d15c6ba29	4725
Vanger	0:b86d15c6ba29	4726	mem = (byte*)XMALLOC(memSz, cm->heap, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	4727	if (mem == NULL) {
Vanger	0:b86d15c6ba29	4728	CYASSL_MSG("Alloc for tmp buffer failed");
Vanger	0:b86d15c6ba29	4729	XFCLOSE(file);
Vanger	0:b86d15c6ba29	4730	return MEMORY_E;
Vanger	0:b86d15c6ba29	4731	}
Vanger	0:b86d15c6ba29	4732
Vanger	0:b86d15c6ba29	4733	ret = (int)XFREAD(mem, memSz, 1, file);
Vanger	0:b86d15c6ba29	4734	if (ret != 1) {
Vanger	0:b86d15c6ba29	4735	CYASSL_MSG("Cert file read error");
Vanger	0:b86d15c6ba29	4736	rc = FREAD_ERROR;
Vanger	0:b86d15c6ba29	4737	} else {
Vanger	0:b86d15c6ba29	4738	rc = CM_MemRestoreCertCache(cm, mem, memSz);
Vanger	0:b86d15c6ba29	4739	if (rc != SSL_SUCCESS) {
Vanger	0:b86d15c6ba29	4740	CYASSL_MSG("Mem restore cert cache failed");
Vanger	0:b86d15c6ba29	4741	}
Vanger	0:b86d15c6ba29	4742	}
Vanger	0:b86d15c6ba29	4743
Vanger	0:b86d15c6ba29	4744	XFREE(mem, cm->heap, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	4745	XFCLOSE(file);
Vanger	0:b86d15c6ba29	4746
Vanger	0:b86d15c6ba29	4747	return rc;
Vanger	0:b86d15c6ba29	4748	}
Vanger	0:b86d15c6ba29	4749
Vanger	0:b86d15c6ba29	4750	#endif /* NO_FILESYSTEM */
Vanger	0:b86d15c6ba29	4751
Vanger	0:b86d15c6ba29	4752
Vanger	0:b86d15c6ba29	4753	/* Persist cert cache to memory */
Vanger	0:b86d15c6ba29	4754	int CM_MemSaveCertCache(CYASSL_CERT_MANAGER* cm, void* mem, int sz, int* used)
Vanger	0:b86d15c6ba29	4755	{
Vanger	0:b86d15c6ba29	4756	int ret = SSL_SUCCESS;
Vanger	0:b86d15c6ba29	4757
Vanger	0:b86d15c6ba29	4758	CYASSL_ENTER("CM_MemSaveCertCache");
Vanger	0:b86d15c6ba29	4759
Vanger	0:b86d15c6ba29	4760	if (LockMutex(&cm->caLock) != 0) {
Vanger	0:b86d15c6ba29	4761	CYASSL_MSG("LockMutex on caLock failed");
Vanger	0:b86d15c6ba29	4762	return BAD_MUTEX_E;
Vanger	0:b86d15c6ba29	4763	}
Vanger	0:b86d15c6ba29	4764
Vanger	0:b86d15c6ba29	4765	ret = DoMemSaveCertCache(cm, mem, sz);
Vanger	0:b86d15c6ba29	4766	if (ret == SSL_SUCCESS)
Vanger	0:b86d15c6ba29	4767	*used = GetCertCacheMemSize(cm);
Vanger	0:b86d15c6ba29	4768
Vanger	0:b86d15c6ba29	4769	UnLockMutex(&cm->caLock);
Vanger	0:b86d15c6ba29	4770
Vanger	0:b86d15c6ba29	4771	return ret;
Vanger	0:b86d15c6ba29	4772	}
Vanger	0:b86d15c6ba29	4773
Vanger	0:b86d15c6ba29	4774
Vanger	0:b86d15c6ba29	4775	/* Restore cert cache from memory */
Vanger	0:b86d15c6ba29	4776	int CM_MemRestoreCertCache(CYASSL_CERT_MANAGER* cm, const void* mem, int sz)
Vanger	0:b86d15c6ba29	4777	{
Vanger	0:b86d15c6ba29	4778	int ret = SSL_SUCCESS;
Vanger	0:b86d15c6ba29	4779	int i;
Vanger	0:b86d15c6ba29	4780	CertCacheHeader* hdr = (CertCacheHeader*)mem;
Vanger	0:b86d15c6ba29	4781	byte* current = (byte*)mem + sizeof(CertCacheHeader);
Vanger	0:b86d15c6ba29	4782	byte* end = (byte)mem + sz; / don't go over */
Vanger	0:b86d15c6ba29	4783
Vanger	0:b86d15c6ba29	4784	CYASSL_ENTER("CM_MemRestoreCertCache");
Vanger	0:b86d15c6ba29	4785
Vanger	0:b86d15c6ba29	4786	if (current > end) {
Vanger	0:b86d15c6ba29	4787	CYASSL_MSG("Cert Cache Memory buffer too small");
Vanger	0:b86d15c6ba29	4788	return BUFFER_E;
Vanger	0:b86d15c6ba29	4789	}
Vanger	0:b86d15c6ba29	4790
Vanger	0:b86d15c6ba29	4791	if (hdr->version != CYASSL_CACHE_CERT_VERSION \|\|
Vanger	0:b86d15c6ba29	4792	hdr->rows != CA_TABLE_SIZE \|\|
Vanger	0:b86d15c6ba29	4793	hdr->signerSz != (int)sizeof(Signer)) {
Vanger	0:b86d15c6ba29	4794
Vanger	0:b86d15c6ba29	4795	CYASSL_MSG("Cert Cache Memory header mismatch");
Vanger	0:b86d15c6ba29	4796	return CACHE_MATCH_ERROR;
Vanger	0:b86d15c6ba29	4797	}
Vanger	0:b86d15c6ba29	4798
Vanger	0:b86d15c6ba29	4799	if (LockMutex(&cm->caLock) != 0) {
Vanger	0:b86d15c6ba29	4800	CYASSL_MSG("LockMutex on caLock failed");
Vanger	0:b86d15c6ba29	4801	return BAD_MUTEX_E;
Vanger	0:b86d15c6ba29	4802	}
Vanger	0:b86d15c6ba29	4803
Vanger	0:b86d15c6ba29	4804	FreeSignerTable(cm->caTable, CA_TABLE_SIZE, cm->heap);
Vanger	0:b86d15c6ba29	4805
Vanger	0:b86d15c6ba29	4806	for (i = 0; i < CA_TABLE_SIZE; ++i) {
Vanger	0:b86d15c6ba29	4807	int added = RestoreCertRow(cm, current, i, hdr->columns[i], end);
Vanger	0:b86d15c6ba29	4808	if (added < 0) {
Vanger	0:b86d15c6ba29	4809	CYASSL_MSG("RestoreCertRow error");
Vanger	0:b86d15c6ba29	4810	ret = added;
Vanger	0:b86d15c6ba29	4811	break;
Vanger	0:b86d15c6ba29	4812	}
Vanger	0:b86d15c6ba29	4813	current += added;
Vanger	0:b86d15c6ba29	4814	}
Vanger	0:b86d15c6ba29	4815
Vanger	0:b86d15c6ba29	4816	UnLockMutex(&cm->caLock);
Vanger	0:b86d15c6ba29	4817
Vanger	0:b86d15c6ba29	4818	return ret;
Vanger	0:b86d15c6ba29	4819	}
Vanger	0:b86d15c6ba29	4820
Vanger	0:b86d15c6ba29	4821
Vanger	0:b86d15c6ba29	4822	/* get how big the the cert cache save buffer needs to be */
Vanger	0:b86d15c6ba29	4823	int CM_GetCertCacheMemSize(CYASSL_CERT_MANAGER* cm)
Vanger	0:b86d15c6ba29	4824	{
Vanger	0:b86d15c6ba29	4825	int sz;
Vanger	0:b86d15c6ba29	4826
Vanger	0:b86d15c6ba29	4827	CYASSL_ENTER("CM_GetCertCacheMemSize");
Vanger	0:b86d15c6ba29	4828
Vanger	0:b86d15c6ba29	4829	if (LockMutex(&cm->caLock) != 0) {
Vanger	0:b86d15c6ba29	4830	CYASSL_MSG("LockMutex on caLock failed");
Vanger	0:b86d15c6ba29	4831	return BAD_MUTEX_E;
Vanger	0:b86d15c6ba29	4832	}
Vanger	0:b86d15c6ba29	4833
Vanger	0:b86d15c6ba29	4834	sz = GetCertCacheMemSize(cm);
Vanger	0:b86d15c6ba29	4835
Vanger	0:b86d15c6ba29	4836	UnLockMutex(&cm->caLock);
Vanger	0:b86d15c6ba29	4837
Vanger	0:b86d15c6ba29	4838	return sz;
Vanger	0:b86d15c6ba29	4839	}
Vanger	0:b86d15c6ba29	4840
Vanger	0:b86d15c6ba29	4841	#endif /* PERSIST_CERT_CACHE */
Vanger	0:b86d15c6ba29	4842	#endif /* NO_CERTS */
Vanger	0:b86d15c6ba29	4843
Vanger	0:b86d15c6ba29	4844
Vanger	0:b86d15c6ba29	4845	int CyaSSL_CTX_set_cipher_list(CYASSL_CTX* ctx, const char* list)
Vanger	0:b86d15c6ba29	4846	{
Vanger	0:b86d15c6ba29	4847	CYASSL_ENTER("CyaSSL_CTX_set_cipher_list");
Vanger	0:b86d15c6ba29	4848	return (SetCipherList(&ctx->suites, list)) ? SSL_SUCCESS : SSL_FAILURE;
Vanger	0:b86d15c6ba29	4849	}
Vanger	0:b86d15c6ba29	4850
Vanger	0:b86d15c6ba29	4851
Vanger	0:b86d15c6ba29	4852	int CyaSSL_set_cipher_list(CYASSL* ssl, const char* list)
Vanger	0:b86d15c6ba29	4853	{
Vanger	0:b86d15c6ba29	4854	CYASSL_ENTER("CyaSSL_set_cipher_list");
Vanger	0:b86d15c6ba29	4855	return (SetCipherList(ssl->suites, list)) ? SSL_SUCCESS : SSL_FAILURE;
Vanger	0:b86d15c6ba29	4856	}
Vanger	0:b86d15c6ba29	4857
Vanger	0:b86d15c6ba29	4858
Vanger	0:b86d15c6ba29	4859	#ifndef CYASSL_LEANPSK
Vanger	0:b86d15c6ba29	4860	#ifdef CYASSL_DTLS
Vanger	0:b86d15c6ba29	4861
Vanger	0:b86d15c6ba29	4862	int CyaSSL_dtls_get_current_timeout(CYASSL* ssl)
Vanger	0:b86d15c6ba29	4863	{
Vanger	0:b86d15c6ba29	4864	(void)ssl;
Vanger	0:b86d15c6ba29	4865
Vanger	0:b86d15c6ba29	4866	return ssl->dtls_timeout;
Vanger	0:b86d15c6ba29	4867	}
Vanger	0:b86d15c6ba29	4868
Vanger	0:b86d15c6ba29	4869
Vanger	0:b86d15c6ba29	4870	/* user may need to alter init dtls recv timeout, SSL_SUCCESS on ok */
Vanger	0:b86d15c6ba29	4871	int CyaSSL_dtls_set_timeout_init(CYASSL* ssl, int timeout)
Vanger	0:b86d15c6ba29	4872	{
Vanger	0:b86d15c6ba29	4873	if (ssl == NULL \|\| timeout < 0)
Vanger	0:b86d15c6ba29	4874	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	4875
Vanger	0:b86d15c6ba29	4876	if (timeout > ssl->dtls_timeout_max) {
Vanger	0:b86d15c6ba29	4877	CYASSL_MSG("Can't set dtls timeout init greater than dtls timeout max");
Vanger	0:b86d15c6ba29	4878	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	4879	}
Vanger	0:b86d15c6ba29	4880
Vanger	0:b86d15c6ba29	4881	ssl->dtls_timeout_init = timeout;
Vanger	0:b86d15c6ba29	4882	ssl->dtls_timeout = timeout;
Vanger	0:b86d15c6ba29	4883
Vanger	0:b86d15c6ba29	4884	return SSL_SUCCESS;
Vanger	0:b86d15c6ba29	4885	}
Vanger	0:b86d15c6ba29	4886
Vanger	0:b86d15c6ba29	4887
Vanger	0:b86d15c6ba29	4888	/* user may need to alter max dtls recv timeout, SSL_SUCCESS on ok */
Vanger	0:b86d15c6ba29	4889	int CyaSSL_dtls_set_timeout_max(CYASSL* ssl, int timeout)
Vanger	0:b86d15c6ba29	4890	{
Vanger	0:b86d15c6ba29	4891	if (ssl == NULL \|\| timeout < 0)
Vanger	0:b86d15c6ba29	4892	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	4893
Vanger	0:b86d15c6ba29	4894	if (timeout < ssl->dtls_timeout_init) {
Vanger	0:b86d15c6ba29	4895	CYASSL_MSG("Can't set dtls timeout max less than dtls timeout init");
Vanger	0:b86d15c6ba29	4896	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	4897	}
Vanger	0:b86d15c6ba29	4898
Vanger	0:b86d15c6ba29	4899	ssl->dtls_timeout_max = timeout;
Vanger	0:b86d15c6ba29	4900
Vanger	0:b86d15c6ba29	4901	return SSL_SUCCESS;
Vanger	0:b86d15c6ba29	4902	}
Vanger	0:b86d15c6ba29	4903
Vanger	0:b86d15c6ba29	4904
Vanger	0:b86d15c6ba29	4905	int CyaSSL_dtls_got_timeout(CYASSL* ssl)
Vanger	0:b86d15c6ba29	4906	{
Vanger	0:b86d15c6ba29	4907	int result = SSL_SUCCESS;
Vanger	0:b86d15c6ba29	4908
Vanger	0:b86d15c6ba29	4909	DtlsMsgListDelete(ssl->dtls_msg_list, ssl->heap);
Vanger	0:b86d15c6ba29	4910	ssl->dtls_msg_list = NULL;
Vanger	0:b86d15c6ba29	4911	if (DtlsPoolTimeout(ssl) < 0 \|\| DtlsPoolSend(ssl) < 0) {
Vanger	0:b86d15c6ba29	4912	result = SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	4913	}
Vanger	0:b86d15c6ba29	4914	return result;
Vanger	0:b86d15c6ba29	4915	}
Vanger	0:b86d15c6ba29	4916
Vanger	0:b86d15c6ba29	4917	#endif /* DTLS */
Vanger	0:b86d15c6ba29	4918	#endif /* LEANPSK */
Vanger	0:b86d15c6ba29	4919
Vanger	0:b86d15c6ba29	4920
Vanger	0:b86d15c6ba29	4921	/* client only parts */
Vanger	0:b86d15c6ba29	4922	#ifndef NO_CYASSL_CLIENT
Vanger	0:b86d15c6ba29	4923
Vanger	0:b86d15c6ba29	4924	#ifndef NO_OLD_TLS
Vanger	0:b86d15c6ba29	4925	CYASSL_METHOD* CyaSSLv3_client_method(void)
Vanger	0:b86d15c6ba29	4926	{
Vanger	0:b86d15c6ba29	4927	CYASSL_METHOD* method =
Vanger	0:b86d15c6ba29	4928	(CYASSL_METHOD*) XMALLOC(sizeof(CYASSL_METHOD), 0,
Vanger	0:b86d15c6ba29	4929	DYNAMIC_TYPE_METHOD);
Vanger	0:b86d15c6ba29	4930	CYASSL_ENTER("SSLv3_client_method");
Vanger	0:b86d15c6ba29	4931	if (method)
Vanger	0:b86d15c6ba29	4932	InitSSL_Method(method, MakeSSLv3());
Vanger	0:b86d15c6ba29	4933	return method;
Vanger	0:b86d15c6ba29	4934	}
Vanger	0:b86d15c6ba29	4935	#endif
Vanger	0:b86d15c6ba29	4936
Vanger	0:b86d15c6ba29	4937	#ifdef CYASSL_DTLS
Vanger	0:b86d15c6ba29	4938	CYASSL_METHOD* CyaDTLSv1_client_method(void)
Vanger	0:b86d15c6ba29	4939	{
Vanger	0:b86d15c6ba29	4940	CYASSL_METHOD* method =
Vanger	0:b86d15c6ba29	4941	(CYASSL_METHOD*) XMALLOC(sizeof(CYASSL_METHOD), 0,
Vanger	0:b86d15c6ba29	4942	DYNAMIC_TYPE_METHOD);
Vanger	0:b86d15c6ba29	4943	CYASSL_ENTER("DTLSv1_client_method");
Vanger	0:b86d15c6ba29	4944	if (method)
Vanger	0:b86d15c6ba29	4945	InitSSL_Method(method, MakeDTLSv1());
Vanger	0:b86d15c6ba29	4946	return method;
Vanger	0:b86d15c6ba29	4947	}
Vanger	0:b86d15c6ba29	4948
Vanger	0:b86d15c6ba29	4949	CYASSL_METHOD* CyaDTLSv1_2_client_method(void)
Vanger	0:b86d15c6ba29	4950	{
Vanger	0:b86d15c6ba29	4951	CYASSL_METHOD* method =
Vanger	0:b86d15c6ba29	4952	(CYASSL_METHOD*) XMALLOC(sizeof(CYASSL_METHOD), 0,
Vanger	0:b86d15c6ba29	4953	DYNAMIC_TYPE_METHOD);
Vanger	0:b86d15c6ba29	4954	CYASSL_ENTER("DTLSv1_2_client_method");
Vanger	0:b86d15c6ba29	4955	if (method)
Vanger	0:b86d15c6ba29	4956	InitSSL_Method(method, MakeDTLSv1_2());
Vanger	0:b86d15c6ba29	4957	return method;
Vanger	0:b86d15c6ba29	4958	}
Vanger	0:b86d15c6ba29	4959	#endif
Vanger	0:b86d15c6ba29	4960
Vanger	0:b86d15c6ba29	4961
Vanger	0:b86d15c6ba29	4962	/* please see note at top of README if you get an error from connect */
Vanger	0:b86d15c6ba29	4963	int CyaSSL_connect(CYASSL* ssl)
Vanger	0:b86d15c6ba29	4964	{
Vanger	0:b86d15c6ba29	4965	int neededState;
Vanger	0:b86d15c6ba29	4966
Vanger	0:b86d15c6ba29	4967	CYASSL_ENTER("SSL_connect()");
Vanger	0:b86d15c6ba29	4968
Vanger	0:b86d15c6ba29	4969	#ifdef HAVE_ERRNO_H
Vanger	0:b86d15c6ba29	4970	errno = 0;
Vanger	0:b86d15c6ba29	4971	#endif
Vanger	0:b86d15c6ba29	4972
Vanger	0:b86d15c6ba29	4973	if (ssl->options.side != CYASSL_CLIENT_END) {
Vanger	0:b86d15c6ba29	4974	CYASSL_ERROR(ssl->error = SIDE_ERROR);
Vanger	0:b86d15c6ba29	4975	return SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	4976	}
Vanger	0:b86d15c6ba29	4977
Vanger	0:b86d15c6ba29	4978	#ifdef CYASSL_DTLS
Vanger	0:b86d15c6ba29	4979	if (ssl->version.major == DTLS_MAJOR) {
Vanger	0:b86d15c6ba29	4980	ssl->options.dtls = 1;
Vanger	0:b86d15c6ba29	4981	ssl->options.tls = 1;
Vanger	0:b86d15c6ba29	4982	ssl->options.tls1_1 = 1;
Vanger	0:b86d15c6ba29	4983
Vanger	0:b86d15c6ba29	4984	if (DtlsPoolInit(ssl) != 0) {
Vanger	0:b86d15c6ba29	4985	ssl->error = MEMORY_ERROR;
Vanger	0:b86d15c6ba29	4986	CYASSL_ERROR(ssl->error);
Vanger	0:b86d15c6ba29	4987	return SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	4988	}
Vanger	0:b86d15c6ba29	4989	}
Vanger	0:b86d15c6ba29	4990	#endif
Vanger	0:b86d15c6ba29	4991
Vanger	0:b86d15c6ba29	4992	if (ssl->buffers.outputBuffer.length > 0) {
Vanger	0:b86d15c6ba29	4993	if ( (ssl->error = SendBuffered(ssl)) == 0) {
Vanger	0:b86d15c6ba29	4994	ssl->options.connectState++;
Vanger	0:b86d15c6ba29	4995	CYASSL_MSG("connect state: Advanced from buffered send");
Vanger	0:b86d15c6ba29	4996	}
Vanger	0:b86d15c6ba29	4997	else {
Vanger	0:b86d15c6ba29	4998	CYASSL_ERROR(ssl->error);
Vanger	0:b86d15c6ba29	4999	return SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	5000	}
Vanger	0:b86d15c6ba29	5001	}
Vanger	0:b86d15c6ba29	5002
Vanger	0:b86d15c6ba29	5003	switch (ssl->options.connectState) {
Vanger	0:b86d15c6ba29	5004
Vanger	0:b86d15c6ba29	5005	case CONNECT_BEGIN :
Vanger	0:b86d15c6ba29	5006	/* always send client hello first */
Vanger	0:b86d15c6ba29	5007	if ( (ssl->error = SendClientHello(ssl)) != 0) {
Vanger	0:b86d15c6ba29	5008	CYASSL_ERROR(ssl->error);
Vanger	0:b86d15c6ba29	5009	return SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	5010	}
Vanger	0:b86d15c6ba29	5011	ssl->options.connectState = CLIENT_HELLO_SENT;
Vanger	0:b86d15c6ba29	5012	CYASSL_MSG("connect state: CLIENT_HELLO_SENT");
Vanger	0:b86d15c6ba29	5013
Vanger	0:b86d15c6ba29	5014	case CLIENT_HELLO_SENT :
Vanger	0:b86d15c6ba29	5015	neededState = ssl->options.resuming ? SERVER_FINISHED_COMPLETE :
Vanger	0:b86d15c6ba29	5016	SERVER_HELLODONE_COMPLETE;
Vanger	0:b86d15c6ba29	5017	#ifdef CYASSL_DTLS
Vanger	0:b86d15c6ba29	5018	/* In DTLS, when resuming, we can go straight to FINISHED,
Vanger	0:b86d15c6ba29	5019	* or do a cookie exchange and then skip to FINISHED, assume
Vanger	0:b86d15c6ba29	5020	* we need the cookie exchange first. */
Vanger	0:b86d15c6ba29	5021	if (ssl->options.dtls)
Vanger	0:b86d15c6ba29	5022	neededState = SERVER_HELLOVERIFYREQUEST_COMPLETE;
Vanger	0:b86d15c6ba29	5023	#endif
Vanger	0:b86d15c6ba29	5024	/* get response */
Vanger	0:b86d15c6ba29	5025	while (ssl->options.serverState < neededState) {
Vanger	0:b86d15c6ba29	5026	if ( (ssl->error = ProcessReply(ssl)) < 0) {
Vanger	0:b86d15c6ba29	5027	CYASSL_ERROR(ssl->error);
Vanger	0:b86d15c6ba29	5028	return SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	5029	}
Vanger	0:b86d15c6ba29	5030	/* if resumption failed, reset needed state */
Vanger	0:b86d15c6ba29	5031	else if (neededState == SERVER_FINISHED_COMPLETE)
Vanger	0:b86d15c6ba29	5032	if (!ssl->options.resuming) {
Vanger	0:b86d15c6ba29	5033	if (!ssl->options.dtls)
Vanger	0:b86d15c6ba29	5034	neededState = SERVER_HELLODONE_COMPLETE;
Vanger	0:b86d15c6ba29	5035	else
Vanger	0:b86d15c6ba29	5036	neededState = SERVER_HELLOVERIFYREQUEST_COMPLETE;
Vanger	0:b86d15c6ba29	5037	}
Vanger	0:b86d15c6ba29	5038	}
Vanger	0:b86d15c6ba29	5039
Vanger	0:b86d15c6ba29	5040	ssl->options.connectState = HELLO_AGAIN;
Vanger	0:b86d15c6ba29	5041	CYASSL_MSG("connect state: HELLO_AGAIN");
Vanger	0:b86d15c6ba29	5042
Vanger	0:b86d15c6ba29	5043	case HELLO_AGAIN :
Vanger	0:b86d15c6ba29	5044	if (ssl->options.certOnly)
Vanger	0:b86d15c6ba29	5045	return SSL_SUCCESS;
Vanger	0:b86d15c6ba29	5046
Vanger	0:b86d15c6ba29	5047	#ifdef CYASSL_DTLS
Vanger	0:b86d15c6ba29	5048	if (ssl->options.dtls) {
Vanger	0:b86d15c6ba29	5049	/* re-init hashes, exclude first hello and verify request */
Vanger	0:b86d15c6ba29	5050	#ifndef NO_OLD_TLS
Vanger	0:b86d15c6ba29	5051	InitMd5(&ssl->hashMd5);
Vanger	0:b86d15c6ba29	5052	if ( (ssl->error = InitSha(&ssl->hashSha)) != 0) {
Vanger	0:b86d15c6ba29	5053	CYASSL_ERROR(ssl->error);
Vanger	0:b86d15c6ba29	5054	return SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	5055	}
Vanger	0:b86d15c6ba29	5056	#endif
Vanger	0:b86d15c6ba29	5057	if (IsAtLeastTLSv1_2(ssl)) {
Vanger	0:b86d15c6ba29	5058	#ifndef NO_SHA256
Vanger	0:b86d15c6ba29	5059	if ( (ssl->error =
Vanger	0:b86d15c6ba29	5060	InitSha256(&ssl->hashSha256)) != 0) {
Vanger	0:b86d15c6ba29	5061	CYASSL_ERROR(ssl->error);
Vanger	0:b86d15c6ba29	5062	return SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	5063	}
Vanger	0:b86d15c6ba29	5064	#endif
Vanger	0:b86d15c6ba29	5065	#ifdef CYASSL_SHA384
Vanger	0:b86d15c6ba29	5066	if ( (ssl->error =
Vanger	0:b86d15c6ba29	5067	InitSha384(&ssl->hashSha384)) != 0) {
Vanger	0:b86d15c6ba29	5068	CYASSL_ERROR(ssl->error);
Vanger	0:b86d15c6ba29	5069	return SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	5070	}
Vanger	0:b86d15c6ba29	5071	#endif
Vanger	0:b86d15c6ba29	5072	}
Vanger	0:b86d15c6ba29	5073	if ( (ssl->error = SendClientHello(ssl)) != 0) {
Vanger	0:b86d15c6ba29	5074	CYASSL_ERROR(ssl->error);
Vanger	0:b86d15c6ba29	5075	return SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	5076	}
Vanger	0:b86d15c6ba29	5077	}
Vanger	0:b86d15c6ba29	5078	#endif
Vanger	0:b86d15c6ba29	5079
Vanger	0:b86d15c6ba29	5080	ssl->options.connectState = HELLO_AGAIN_REPLY;
Vanger	0:b86d15c6ba29	5081	CYASSL_MSG("connect state: HELLO_AGAIN_REPLY");
Vanger	0:b86d15c6ba29	5082
Vanger	0:b86d15c6ba29	5083	case HELLO_AGAIN_REPLY :
Vanger	0:b86d15c6ba29	5084	#ifdef CYASSL_DTLS
Vanger	0:b86d15c6ba29	5085	if (ssl->options.dtls) {
Vanger	0:b86d15c6ba29	5086	neededState = ssl->options.resuming ?
Vanger	0:b86d15c6ba29	5087	SERVER_FINISHED_COMPLETE : SERVER_HELLODONE_COMPLETE;
Vanger	0:b86d15c6ba29	5088
Vanger	0:b86d15c6ba29	5089	/* get response */
Vanger	0:b86d15c6ba29	5090	while (ssl->options.serverState < neededState) {
Vanger	0:b86d15c6ba29	5091	if ( (ssl->error = ProcessReply(ssl)) < 0) {
Vanger	0:b86d15c6ba29	5092	CYASSL_ERROR(ssl->error);
Vanger	0:b86d15c6ba29	5093	return SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	5094	}
Vanger	0:b86d15c6ba29	5095	/* if resumption failed, reset needed state */
Vanger	0:b86d15c6ba29	5096	else if (neededState == SERVER_FINISHED_COMPLETE)
Vanger	0:b86d15c6ba29	5097	if (!ssl->options.resuming)
Vanger	0:b86d15c6ba29	5098	neededState = SERVER_HELLODONE_COMPLETE;
Vanger	0:b86d15c6ba29	5099	}
Vanger	0:b86d15c6ba29	5100	}
Vanger	0:b86d15c6ba29	5101	#endif
Vanger	0:b86d15c6ba29	5102
Vanger	0:b86d15c6ba29	5103	ssl->options.connectState = FIRST_REPLY_DONE;
Vanger	0:b86d15c6ba29	5104	CYASSL_MSG("connect state: FIRST_REPLY_DONE");
Vanger	0:b86d15c6ba29	5105
Vanger	0:b86d15c6ba29	5106	case FIRST_REPLY_DONE :
Vanger	0:b86d15c6ba29	5107	#ifndef NO_CERTS
Vanger	0:b86d15c6ba29	5108	if (ssl->options.sendVerify) {
Vanger	0:b86d15c6ba29	5109	if ( (ssl->error = SendCertificate(ssl)) != 0) {
Vanger	0:b86d15c6ba29	5110	CYASSL_ERROR(ssl->error);
Vanger	0:b86d15c6ba29	5111	return SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	5112	}
Vanger	0:b86d15c6ba29	5113	CYASSL_MSG("sent: certificate");
Vanger	0:b86d15c6ba29	5114	}
Vanger	0:b86d15c6ba29	5115
Vanger	0:b86d15c6ba29	5116	#endif
Vanger	0:b86d15c6ba29	5117	ssl->options.connectState = FIRST_REPLY_FIRST;
Vanger	0:b86d15c6ba29	5118	CYASSL_MSG("connect state: FIRST_REPLY_FIRST");
Vanger	0:b86d15c6ba29	5119
Vanger	0:b86d15c6ba29	5120	case FIRST_REPLY_FIRST :
Vanger	0:b86d15c6ba29	5121	if (!ssl->options.resuming) {
Vanger	0:b86d15c6ba29	5122	if ( (ssl->error = SendClientKeyExchange(ssl)) != 0) {
Vanger	0:b86d15c6ba29	5123	CYASSL_ERROR(ssl->error);
Vanger	0:b86d15c6ba29	5124	return SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	5125	}
Vanger	0:b86d15c6ba29	5126	CYASSL_MSG("sent: client key exchange");
Vanger	0:b86d15c6ba29	5127	}
Vanger	0:b86d15c6ba29	5128
Vanger	0:b86d15c6ba29	5129	ssl->options.connectState = FIRST_REPLY_SECOND;
Vanger	0:b86d15c6ba29	5130	CYASSL_MSG("connect state: FIRST_REPLY_SECOND");
Vanger	0:b86d15c6ba29	5131
Vanger	0:b86d15c6ba29	5132	case FIRST_REPLY_SECOND :
Vanger	0:b86d15c6ba29	5133	#ifndef NO_CERTS
Vanger	0:b86d15c6ba29	5134	if (ssl->options.sendVerify) {
Vanger	0:b86d15c6ba29	5135	if ( (ssl->error = SendCertificateVerify(ssl)) != 0) {
Vanger	0:b86d15c6ba29	5136	CYASSL_ERROR(ssl->error);
Vanger	0:b86d15c6ba29	5137	return SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	5138	}
Vanger	0:b86d15c6ba29	5139	CYASSL_MSG("sent: certificate verify");
Vanger	0:b86d15c6ba29	5140	}
Vanger	0:b86d15c6ba29	5141	#endif
Vanger	0:b86d15c6ba29	5142	ssl->options.connectState = FIRST_REPLY_THIRD;
Vanger	0:b86d15c6ba29	5143	CYASSL_MSG("connect state: FIRST_REPLY_THIRD");
Vanger	0:b86d15c6ba29	5144
Vanger	0:b86d15c6ba29	5145	case FIRST_REPLY_THIRD :
Vanger	0:b86d15c6ba29	5146	if ( (ssl->error = SendChangeCipher(ssl)) != 0) {
Vanger	0:b86d15c6ba29	5147	CYASSL_ERROR(ssl->error);
Vanger	0:b86d15c6ba29	5148	return SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	5149	}
Vanger	0:b86d15c6ba29	5150	CYASSL_MSG("sent: change cipher spec");
Vanger	0:b86d15c6ba29	5151	ssl->options.connectState = FIRST_REPLY_FOURTH;
Vanger	0:b86d15c6ba29	5152	CYASSL_MSG("connect state: FIRST_REPLY_FOURTH");
Vanger	0:b86d15c6ba29	5153
Vanger	0:b86d15c6ba29	5154	case FIRST_REPLY_FOURTH :
Vanger	0:b86d15c6ba29	5155	if ( (ssl->error = SendFinished(ssl)) != 0) {
Vanger	0:b86d15c6ba29	5156	CYASSL_ERROR(ssl->error);
Vanger	0:b86d15c6ba29	5157	return SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	5158	}
Vanger	0:b86d15c6ba29	5159	CYASSL_MSG("sent: finished");
Vanger	0:b86d15c6ba29	5160	ssl->options.connectState = FINISHED_DONE;
Vanger	0:b86d15c6ba29	5161	CYASSL_MSG("connect state: FINISHED_DONE");
Vanger	0:b86d15c6ba29	5162
Vanger	0:b86d15c6ba29	5163	case FINISHED_DONE :
Vanger	0:b86d15c6ba29	5164	/* get response */
Vanger	0:b86d15c6ba29	5165	while (ssl->options.serverState < SERVER_FINISHED_COMPLETE)
Vanger	0:b86d15c6ba29	5166	if ( (ssl->error = ProcessReply(ssl)) < 0) {
Vanger	0:b86d15c6ba29	5167	CYASSL_ERROR(ssl->error);
Vanger	0:b86d15c6ba29	5168	return SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	5169	}
Vanger	0:b86d15c6ba29	5170
Vanger	0:b86d15c6ba29	5171	ssl->options.connectState = SECOND_REPLY_DONE;
Vanger	0:b86d15c6ba29	5172	CYASSL_MSG("connect state: SECOND_REPLY_DONE");
Vanger	0:b86d15c6ba29	5173
Vanger	0:b86d15c6ba29	5174	case SECOND_REPLY_DONE:
Vanger	0:b86d15c6ba29	5175	FreeHandshakeResources(ssl);
Vanger	0:b86d15c6ba29	5176	CYASSL_LEAVE("SSL_connect()", SSL_SUCCESS);
Vanger	0:b86d15c6ba29	5177	return SSL_SUCCESS;
Vanger	0:b86d15c6ba29	5178
Vanger	0:b86d15c6ba29	5179	default:
Vanger	0:b86d15c6ba29	5180	CYASSL_MSG("Unknown connect state ERROR");
Vanger	0:b86d15c6ba29	5181	return SSL_FATAL_ERROR; /* unknown connect state */
Vanger	0:b86d15c6ba29	5182	}
Vanger	0:b86d15c6ba29	5183	}
Vanger	0:b86d15c6ba29	5184
Vanger	0:b86d15c6ba29	5185	#endif /* NO_CYASSL_CLIENT */
Vanger	0:b86d15c6ba29	5186
Vanger	0:b86d15c6ba29	5187
Vanger	0:b86d15c6ba29	5188	/* server only parts */
Vanger	0:b86d15c6ba29	5189	#ifndef NO_CYASSL_SERVER
Vanger	0:b86d15c6ba29	5190
Vanger	0:b86d15c6ba29	5191	#ifndef NO_OLD_TLS
Vanger	0:b86d15c6ba29	5192	CYASSL_METHOD* CyaSSLv3_server_method(void)
Vanger	0:b86d15c6ba29	5193	{
Vanger	0:b86d15c6ba29	5194	CYASSL_METHOD* method =
Vanger	0:b86d15c6ba29	5195	(CYASSL_METHOD*) XMALLOC(sizeof(CYASSL_METHOD), 0,
Vanger	0:b86d15c6ba29	5196	DYNAMIC_TYPE_METHOD);
Vanger	0:b86d15c6ba29	5197	CYASSL_ENTER("SSLv3_server_method");
Vanger	0:b86d15c6ba29	5198	if (method) {
Vanger	0:b86d15c6ba29	5199	InitSSL_Method(method, MakeSSLv3());
Vanger	0:b86d15c6ba29	5200	method->side = CYASSL_SERVER_END;
Vanger	0:b86d15c6ba29	5201	}
Vanger	0:b86d15c6ba29	5202	return method;
Vanger	0:b86d15c6ba29	5203	}
Vanger	0:b86d15c6ba29	5204	#endif
Vanger	0:b86d15c6ba29	5205
Vanger	0:b86d15c6ba29	5206
Vanger	0:b86d15c6ba29	5207	#ifdef CYASSL_DTLS
Vanger	0:b86d15c6ba29	5208	CYASSL_METHOD* CyaDTLSv1_server_method(void)
Vanger	0:b86d15c6ba29	5209	{
Vanger	0:b86d15c6ba29	5210	CYASSL_METHOD* method =
Vanger	0:b86d15c6ba29	5211	(CYASSL_METHOD*) XMALLOC(sizeof(CYASSL_METHOD), 0,
Vanger	0:b86d15c6ba29	5212	DYNAMIC_TYPE_METHOD);
Vanger	0:b86d15c6ba29	5213	CYASSL_ENTER("DTLSv1_server_method");
Vanger	0:b86d15c6ba29	5214	if (method) {
Vanger	0:b86d15c6ba29	5215	InitSSL_Method(method, MakeDTLSv1());
Vanger	0:b86d15c6ba29	5216	method->side = CYASSL_SERVER_END;
Vanger	0:b86d15c6ba29	5217	}
Vanger	0:b86d15c6ba29	5218	return method;
Vanger	0:b86d15c6ba29	5219	}
Vanger	0:b86d15c6ba29	5220
Vanger	0:b86d15c6ba29	5221	CYASSL_METHOD* CyaDTLSv1_2_server_method(void)
Vanger	0:b86d15c6ba29	5222	{
Vanger	0:b86d15c6ba29	5223	CYASSL_METHOD* method =
Vanger	0:b86d15c6ba29	5224	(CYASSL_METHOD*) XMALLOC(sizeof(CYASSL_METHOD), 0,
Vanger	0:b86d15c6ba29	5225	DYNAMIC_TYPE_METHOD);
Vanger	0:b86d15c6ba29	5226	CYASSL_ENTER("DTLSv1_2_server_method");
Vanger	0:b86d15c6ba29	5227	if (method) {
Vanger	0:b86d15c6ba29	5228	InitSSL_Method(method, MakeDTLSv1_2());
Vanger	0:b86d15c6ba29	5229	method->side = CYASSL_SERVER_END;
Vanger	0:b86d15c6ba29	5230	}
Vanger	0:b86d15c6ba29	5231	return method;
Vanger	0:b86d15c6ba29	5232	}
Vanger	0:b86d15c6ba29	5233	#endif
Vanger	0:b86d15c6ba29	5234
Vanger	0:b86d15c6ba29	5235
Vanger	0:b86d15c6ba29	5236	int CyaSSL_accept(CYASSL* ssl)
Vanger	0:b86d15c6ba29	5237	{
Vanger	0:b86d15c6ba29	5238	byte havePSK = 0;
Vanger	0:b86d15c6ba29	5239	byte haveAnon = 0;
Vanger	0:b86d15c6ba29	5240	CYASSL_ENTER("SSL_accept()");
Vanger	0:b86d15c6ba29	5241
Vanger	0:b86d15c6ba29	5242	#ifdef HAVE_ERRNO_H
Vanger	0:b86d15c6ba29	5243	errno = 0;
Vanger	0:b86d15c6ba29	5244	#endif
Vanger	0:b86d15c6ba29	5245
Vanger	0:b86d15c6ba29	5246	#ifndef NO_PSK
Vanger	0:b86d15c6ba29	5247	havePSK = ssl->options.havePSK;
Vanger	0:b86d15c6ba29	5248	#endif
Vanger	0:b86d15c6ba29	5249	(void)havePSK;
Vanger	0:b86d15c6ba29	5250
Vanger	0:b86d15c6ba29	5251	#ifdef HAVE_ANON
Vanger	0:b86d15c6ba29	5252	haveAnon = ssl->options.haveAnon;
Vanger	0:b86d15c6ba29	5253	#endif
Vanger	0:b86d15c6ba29	5254	(void)haveAnon;
Vanger	0:b86d15c6ba29	5255
Vanger	0:b86d15c6ba29	5256	if (ssl->options.side != CYASSL_SERVER_END) {
Vanger	0:b86d15c6ba29	5257	CYASSL_ERROR(ssl->error = SIDE_ERROR);
Vanger	0:b86d15c6ba29	5258	return SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	5259	}
Vanger	0:b86d15c6ba29	5260
Vanger	0:b86d15c6ba29	5261	#ifndef NO_CERTS
Vanger	0:b86d15c6ba29	5262	/* in case used set_accept_state after init */
Vanger	0:b86d15c6ba29	5263	if (!havePSK && !haveAnon &&
Vanger	0:b86d15c6ba29	5264	(ssl->buffers.certificate.buffer == NULL \|\|
Vanger	0:b86d15c6ba29	5265	ssl->buffers.key.buffer == NULL)) {
Vanger	0:b86d15c6ba29	5266	CYASSL_MSG("accept error: don't have server cert and key");
Vanger	0:b86d15c6ba29	5267	ssl->error = NO_PRIVATE_KEY;
Vanger	0:b86d15c6ba29	5268	CYASSL_ERROR(ssl->error);
Vanger	0:b86d15c6ba29	5269	return SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	5270	}
Vanger	0:b86d15c6ba29	5271	#endif
Vanger	0:b86d15c6ba29	5272
Vanger	0:b86d15c6ba29	5273	#ifdef CYASSL_DTLS
Vanger	0:b86d15c6ba29	5274	if (ssl->version.major == DTLS_MAJOR) {
Vanger	0:b86d15c6ba29	5275	ssl->options.dtls = 1;
Vanger	0:b86d15c6ba29	5276	ssl->options.tls = 1;
Vanger	0:b86d15c6ba29	5277	ssl->options.tls1_1 = 1;
Vanger	0:b86d15c6ba29	5278
Vanger	0:b86d15c6ba29	5279	if (DtlsPoolInit(ssl) != 0) {
Vanger	0:b86d15c6ba29	5280	ssl->error = MEMORY_ERROR;
Vanger	0:b86d15c6ba29	5281	CYASSL_ERROR(ssl->error);
Vanger	0:b86d15c6ba29	5282	return SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	5283	}
Vanger	0:b86d15c6ba29	5284	}
Vanger	0:b86d15c6ba29	5285	#endif
Vanger	0:b86d15c6ba29	5286
Vanger	0:b86d15c6ba29	5287	if (ssl->buffers.outputBuffer.length > 0) {
Vanger	0:b86d15c6ba29	5288	if ( (ssl->error = SendBuffered(ssl)) == 0) {
Vanger	0:b86d15c6ba29	5289	ssl->options.acceptState++;
Vanger	0:b86d15c6ba29	5290	CYASSL_MSG("accept state: Advanced from buffered send");
Vanger	0:b86d15c6ba29	5291	}
Vanger	0:b86d15c6ba29	5292	else {
Vanger	0:b86d15c6ba29	5293	CYASSL_ERROR(ssl->error);
Vanger	0:b86d15c6ba29	5294	return SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	5295	}
Vanger	0:b86d15c6ba29	5296	}
Vanger	0:b86d15c6ba29	5297
Vanger	0:b86d15c6ba29	5298	switch (ssl->options.acceptState) {
Vanger	0:b86d15c6ba29	5299
Vanger	0:b86d15c6ba29	5300	case ACCEPT_BEGIN :
Vanger	0:b86d15c6ba29	5301	/* get response */
Vanger	0:b86d15c6ba29	5302	while (ssl->options.clientState < CLIENT_HELLO_COMPLETE)
Vanger	0:b86d15c6ba29	5303	if ( (ssl->error = ProcessReply(ssl)) < 0) {
Vanger	0:b86d15c6ba29	5304	CYASSL_ERROR(ssl->error);
Vanger	0:b86d15c6ba29	5305	return SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	5306	}
Vanger	0:b86d15c6ba29	5307	ssl->options.acceptState = ACCEPT_CLIENT_HELLO_DONE;
Vanger	0:b86d15c6ba29	5308	CYASSL_MSG("accept state ACCEPT_CLIENT_HELLO_DONE");
Vanger	0:b86d15c6ba29	5309
Vanger	0:b86d15c6ba29	5310	case ACCEPT_CLIENT_HELLO_DONE :
Vanger	0:b86d15c6ba29	5311	#ifdef CYASSL_DTLS
Vanger	0:b86d15c6ba29	5312	if (ssl->options.dtls)
Vanger	0:b86d15c6ba29	5313	if ( (ssl->error = SendHelloVerifyRequest(ssl)) != 0) {
Vanger	0:b86d15c6ba29	5314	CYASSL_ERROR(ssl->error);
Vanger	0:b86d15c6ba29	5315	return SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	5316	}
Vanger	0:b86d15c6ba29	5317	#endif
Vanger	0:b86d15c6ba29	5318	ssl->options.acceptState = HELLO_VERIFY_SENT;
Vanger	0:b86d15c6ba29	5319	CYASSL_MSG("accept state HELLO_VERIFY_SENT");
Vanger	0:b86d15c6ba29	5320
Vanger	0:b86d15c6ba29	5321	case HELLO_VERIFY_SENT:
Vanger	0:b86d15c6ba29	5322	#ifdef CYASSL_DTLS
Vanger	0:b86d15c6ba29	5323	if (ssl->options.dtls) {
Vanger	0:b86d15c6ba29	5324	ssl->options.clientState = NULL_STATE; /* get again */
Vanger	0:b86d15c6ba29	5325	/* reset messages received */
Vanger	0:b86d15c6ba29	5326	XMEMSET(&ssl->msgsReceived, 0, sizeof(ssl->msgsReceived));
Vanger	0:b86d15c6ba29	5327	/* re-init hashes, exclude first hello and verify request */
Vanger	0:b86d15c6ba29	5328	#ifndef NO_OLD_TLS
Vanger	0:b86d15c6ba29	5329	InitMd5(&ssl->hashMd5);
Vanger	0:b86d15c6ba29	5330	if ( (ssl->error = InitSha(&ssl->hashSha)) != 0) {
Vanger	0:b86d15c6ba29	5331	CYASSL_ERROR(ssl->error);
Vanger	0:b86d15c6ba29	5332	return SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	5333	}
Vanger	0:b86d15c6ba29	5334	#endif
Vanger	0:b86d15c6ba29	5335	if (IsAtLeastTLSv1_2(ssl)) {
Vanger	0:b86d15c6ba29	5336	#ifndef NO_SHA256
Vanger	0:b86d15c6ba29	5337	if ( (ssl->error =
Vanger	0:b86d15c6ba29	5338	InitSha256(&ssl->hashSha256)) != 0) {
Vanger	0:b86d15c6ba29	5339	CYASSL_ERROR(ssl->error);
Vanger	0:b86d15c6ba29	5340	return SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	5341	}
Vanger	0:b86d15c6ba29	5342	#endif
Vanger	0:b86d15c6ba29	5343	#ifdef CYASSL_SHA384
Vanger	0:b86d15c6ba29	5344	if ( (ssl->error =
Vanger	0:b86d15c6ba29	5345	InitSha384(&ssl->hashSha384)) != 0) {
Vanger	0:b86d15c6ba29	5346	CYASSL_ERROR(ssl->error);
Vanger	0:b86d15c6ba29	5347	return SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	5348	}
Vanger	0:b86d15c6ba29	5349	#endif
Vanger	0:b86d15c6ba29	5350	}
Vanger	0:b86d15c6ba29	5351
Vanger	0:b86d15c6ba29	5352	while (ssl->options.clientState < CLIENT_HELLO_COMPLETE)
Vanger	0:b86d15c6ba29	5353	if ( (ssl->error = ProcessReply(ssl)) < 0) {
Vanger	0:b86d15c6ba29	5354	CYASSL_ERROR(ssl->error);
Vanger	0:b86d15c6ba29	5355	return SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	5356	}
Vanger	0:b86d15c6ba29	5357	}
Vanger	0:b86d15c6ba29	5358	#endif
Vanger	0:b86d15c6ba29	5359	ssl->options.acceptState = ACCEPT_FIRST_REPLY_DONE;
Vanger	0:b86d15c6ba29	5360	CYASSL_MSG("accept state ACCEPT_FIRST_REPLY_DONE");
Vanger	0:b86d15c6ba29	5361
Vanger	0:b86d15c6ba29	5362	case ACCEPT_FIRST_REPLY_DONE :
Vanger	0:b86d15c6ba29	5363	if ( (ssl->error = SendServerHello(ssl)) != 0) {
Vanger	0:b86d15c6ba29	5364	CYASSL_ERROR(ssl->error);
Vanger	0:b86d15c6ba29	5365	return SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	5366	}
Vanger	0:b86d15c6ba29	5367	ssl->options.acceptState = SERVER_HELLO_SENT;
Vanger	0:b86d15c6ba29	5368	CYASSL_MSG("accept state SERVER_HELLO_SENT");
Vanger	0:b86d15c6ba29	5369
Vanger	0:b86d15c6ba29	5370	case SERVER_HELLO_SENT :
Vanger	0:b86d15c6ba29	5371	#ifndef NO_CERTS
Vanger	0:b86d15c6ba29	5372	if (!ssl->options.resuming)
Vanger	0:b86d15c6ba29	5373	if ( (ssl->error = SendCertificate(ssl)) != 0) {
Vanger	0:b86d15c6ba29	5374	CYASSL_ERROR(ssl->error);
Vanger	0:b86d15c6ba29	5375	return SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	5376	}
Vanger	0:b86d15c6ba29	5377	#endif
Vanger	0:b86d15c6ba29	5378	ssl->options.acceptState = CERT_SENT;
Vanger	0:b86d15c6ba29	5379	CYASSL_MSG("accept state CERT_SENT");
Vanger	0:b86d15c6ba29	5380
Vanger	0:b86d15c6ba29	5381	case CERT_SENT :
Vanger	0:b86d15c6ba29	5382	if (!ssl->options.resuming)
Vanger	0:b86d15c6ba29	5383	if ( (ssl->error = SendServerKeyExchange(ssl)) != 0) {
Vanger	0:b86d15c6ba29	5384	CYASSL_ERROR(ssl->error);
Vanger	0:b86d15c6ba29	5385	return SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	5386	}
Vanger	0:b86d15c6ba29	5387	ssl->options.acceptState = KEY_EXCHANGE_SENT;
Vanger	0:b86d15c6ba29	5388	CYASSL_MSG("accept state KEY_EXCHANGE_SENT");
Vanger	0:b86d15c6ba29	5389
Vanger	0:b86d15c6ba29	5390	case KEY_EXCHANGE_SENT :
Vanger	0:b86d15c6ba29	5391	#ifndef NO_CERTS
Vanger	0:b86d15c6ba29	5392	if (!ssl->options.resuming)
Vanger	0:b86d15c6ba29	5393	if (ssl->options.verifyPeer)
Vanger	0:b86d15c6ba29	5394	if ( (ssl->error = SendCertificateRequest(ssl)) != 0) {
Vanger	0:b86d15c6ba29	5395	CYASSL_ERROR(ssl->error);
Vanger	0:b86d15c6ba29	5396	return SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	5397	}
Vanger	0:b86d15c6ba29	5398	#endif
Vanger	0:b86d15c6ba29	5399	ssl->options.acceptState = CERT_REQ_SENT;
Vanger	0:b86d15c6ba29	5400	CYASSL_MSG("accept state CERT_REQ_SENT");
Vanger	0:b86d15c6ba29	5401
Vanger	0:b86d15c6ba29	5402	case CERT_REQ_SENT :
Vanger	0:b86d15c6ba29	5403	if (!ssl->options.resuming)
Vanger	0:b86d15c6ba29	5404	if ( (ssl->error = SendServerHelloDone(ssl)) != 0) {
Vanger	0:b86d15c6ba29	5405	CYASSL_ERROR(ssl->error);
Vanger	0:b86d15c6ba29	5406	return SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	5407	}
Vanger	0:b86d15c6ba29	5408	ssl->options.acceptState = SERVER_HELLO_DONE;
Vanger	0:b86d15c6ba29	5409	CYASSL_MSG("accept state SERVER_HELLO_DONE");
Vanger	0:b86d15c6ba29	5410
Vanger	0:b86d15c6ba29	5411	case SERVER_HELLO_DONE :
Vanger	0:b86d15c6ba29	5412	if (!ssl->options.resuming) {
Vanger	0:b86d15c6ba29	5413	while (ssl->options.clientState < CLIENT_FINISHED_COMPLETE)
Vanger	0:b86d15c6ba29	5414	if ( (ssl->error = ProcessReply(ssl)) < 0) {
Vanger	0:b86d15c6ba29	5415	CYASSL_ERROR(ssl->error);
Vanger	0:b86d15c6ba29	5416	return SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	5417	}
Vanger	0:b86d15c6ba29	5418	}
Vanger	0:b86d15c6ba29	5419	ssl->options.acceptState = ACCEPT_SECOND_REPLY_DONE;
Vanger	0:b86d15c6ba29	5420	CYASSL_MSG("accept state ACCEPT_SECOND_REPLY_DONE");
Vanger	0:b86d15c6ba29	5421
Vanger	0:b86d15c6ba29	5422	case ACCEPT_SECOND_REPLY_DONE :
Vanger	0:b86d15c6ba29	5423	if ( (ssl->error = SendChangeCipher(ssl)) != 0) {
Vanger	0:b86d15c6ba29	5424	CYASSL_ERROR(ssl->error);
Vanger	0:b86d15c6ba29	5425	return SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	5426	}
Vanger	0:b86d15c6ba29	5427	ssl->options.acceptState = CHANGE_CIPHER_SENT;
Vanger	0:b86d15c6ba29	5428	CYASSL_MSG("accept state CHANGE_CIPHER_SENT");
Vanger	0:b86d15c6ba29	5429
Vanger	0:b86d15c6ba29	5430	case CHANGE_CIPHER_SENT :
Vanger	0:b86d15c6ba29	5431	if ( (ssl->error = SendFinished(ssl)) != 0) {
Vanger	0:b86d15c6ba29	5432	CYASSL_ERROR(ssl->error);
Vanger	0:b86d15c6ba29	5433	return SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	5434	}
Vanger	0:b86d15c6ba29	5435
Vanger	0:b86d15c6ba29	5436	ssl->options.acceptState = ACCEPT_FINISHED_DONE;
Vanger	0:b86d15c6ba29	5437	CYASSL_MSG("accept state ACCEPT_FINISHED_DONE");
Vanger	0:b86d15c6ba29	5438
Vanger	0:b86d15c6ba29	5439	case ACCEPT_FINISHED_DONE :
Vanger	0:b86d15c6ba29	5440	if (ssl->options.resuming)
Vanger	0:b86d15c6ba29	5441	while (ssl->options.clientState < CLIENT_FINISHED_COMPLETE)
Vanger	0:b86d15c6ba29	5442	if ( (ssl->error = ProcessReply(ssl)) < 0) {
Vanger	0:b86d15c6ba29	5443	CYASSL_ERROR(ssl->error);
Vanger	0:b86d15c6ba29	5444	return SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	5445	}
Vanger	0:b86d15c6ba29	5446
Vanger	0:b86d15c6ba29	5447	ssl->options.acceptState = ACCEPT_THIRD_REPLY_DONE;
Vanger	0:b86d15c6ba29	5448	CYASSL_MSG("accept state ACCEPT_THIRD_REPLY_DONE");
Vanger	0:b86d15c6ba29	5449
Vanger	0:b86d15c6ba29	5450	case ACCEPT_THIRD_REPLY_DONE :
Vanger	0:b86d15c6ba29	5451	FreeHandshakeResources(ssl);
Vanger	0:b86d15c6ba29	5452	CYASSL_LEAVE("SSL_accept()", SSL_SUCCESS);
Vanger	0:b86d15c6ba29	5453	return SSL_SUCCESS;
Vanger	0:b86d15c6ba29	5454
Vanger	0:b86d15c6ba29	5455	default :
Vanger	0:b86d15c6ba29	5456	CYASSL_MSG("Unknown accept state ERROR");
Vanger	0:b86d15c6ba29	5457	return SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	5458	}
Vanger	0:b86d15c6ba29	5459	}
Vanger	0:b86d15c6ba29	5460
Vanger	0:b86d15c6ba29	5461	#endif /* NO_CYASSL_SERVER */
Vanger	0:b86d15c6ba29	5462
Vanger	0:b86d15c6ba29	5463
Vanger	0:b86d15c6ba29	5464	int CyaSSL_Cleanup(void)
Vanger	0:b86d15c6ba29	5465	{
Vanger	0:b86d15c6ba29	5466	int ret = SSL_SUCCESS;
Vanger	0:b86d15c6ba29	5467	int release = 0;
Vanger	0:b86d15c6ba29	5468
Vanger	0:b86d15c6ba29	5469	CYASSL_ENTER("CyaSSL_Cleanup");
Vanger	0:b86d15c6ba29	5470
Vanger	0:b86d15c6ba29	5471	if (initRefCount == 0)
Vanger	0:b86d15c6ba29	5472	return ret; /* possibly no init yet, but not failure either way */
Vanger	0:b86d15c6ba29	5473
Vanger	0:b86d15c6ba29	5474	if (LockMutex(&count_mutex) != 0) {
Vanger	0:b86d15c6ba29	5475	CYASSL_MSG("Bad Lock Mutex count");
Vanger	0:b86d15c6ba29	5476	return BAD_MUTEX_E;
Vanger	0:b86d15c6ba29	5477	}
Vanger	0:b86d15c6ba29	5478
Vanger	0:b86d15c6ba29	5479	release = initRefCount-- == 1;
Vanger	0:b86d15c6ba29	5480	if (initRefCount < 0)
Vanger	0:b86d15c6ba29	5481	initRefCount = 0;
Vanger	0:b86d15c6ba29	5482
Vanger	0:b86d15c6ba29	5483	UnLockMutex(&count_mutex);
Vanger	0:b86d15c6ba29	5484
Vanger	0:b86d15c6ba29	5485	if (!release)
Vanger	0:b86d15c6ba29	5486	return ret;
Vanger	0:b86d15c6ba29	5487
Vanger	0:b86d15c6ba29	5488	#ifndef NO_SESSION_CACHE
Vanger	0:b86d15c6ba29	5489	if (FreeMutex(&session_mutex) != 0)
Vanger	0:b86d15c6ba29	5490	ret = BAD_MUTEX_E;
Vanger	0:b86d15c6ba29	5491	#endif
Vanger	0:b86d15c6ba29	5492	if (FreeMutex(&count_mutex) != 0)
Vanger	0:b86d15c6ba29	5493	ret = BAD_MUTEX_E;
Vanger	0:b86d15c6ba29	5494
Vanger	0:b86d15c6ba29	5495	#if defined(HAVE_ECC) && defined(FP_ECC)
Vanger	0:b86d15c6ba29	5496	ecc_fp_free();
Vanger	0:b86d15c6ba29	5497	#endif
Vanger	0:b86d15c6ba29	5498
Vanger	0:b86d15c6ba29	5499	return ret;
Vanger	0:b86d15c6ba29	5500	}
Vanger	0:b86d15c6ba29	5501
Vanger	0:b86d15c6ba29	5502
Vanger	0:b86d15c6ba29	5503	#ifndef NO_SESSION_CACHE
Vanger	0:b86d15c6ba29	5504
Vanger	0:b86d15c6ba29	5505
Vanger	0:b86d15c6ba29	5506	/* some session IDs aren't random afterall, let's make them random */
Vanger	0:b86d15c6ba29	5507	static INLINE word32 HashSession(const byte* sessionID, word32 len, int* error)
Vanger	0:b86d15c6ba29	5508	{
Vanger	0:b86d15c6ba29	5509	byte digest[MD5_DIGEST_SIZE];
Vanger	0:b86d15c6ba29	5510
Vanger	0:b86d15c6ba29	5511	#ifndef NO_MD5
Vanger	0:b86d15c6ba29	5512	*error = Md5Hash(sessionID, len, digest);
Vanger	0:b86d15c6ba29	5513	#elif !defined(NO_SHA)
Vanger	0:b86d15c6ba29	5514	*error = ShaHash(sessionID, len, digest);
Vanger	0:b86d15c6ba29	5515	#elif !defined(NO_SHA256)
Vanger	0:b86d15c6ba29	5516	*error = Sha256Hash(sessionID, len, digest);
Vanger	0:b86d15c6ba29	5517	#else
Vanger	0:b86d15c6ba29	5518	#error "We need a digest to hash the session IDs"
Vanger	0:b86d15c6ba29	5519	#endif
Vanger	0:b86d15c6ba29	5520
Vanger	0:b86d15c6ba29	5521	return error == 0 ? MakeWordFromHash(digest) : 0; / 0 on failure */
Vanger	0:b86d15c6ba29	5522	}
Vanger	0:b86d15c6ba29	5523
Vanger	0:b86d15c6ba29	5524
Vanger	0:b86d15c6ba29	5525	void CyaSSL_flush_sessions(CYASSL_CTX* ctx, long tm)
Vanger	0:b86d15c6ba29	5526	{
Vanger	0:b86d15c6ba29	5527	/* static table now, no flusing needed */
Vanger	0:b86d15c6ba29	5528	(void)ctx;
Vanger	0:b86d15c6ba29	5529	(void)tm;
Vanger	0:b86d15c6ba29	5530	}
Vanger	0:b86d15c6ba29	5531
Vanger	0:b86d15c6ba29	5532
Vanger	0:b86d15c6ba29	5533	/* set ssl session timeout in seconds */
Vanger	0:b86d15c6ba29	5534	int CyaSSL_set_timeout(CYASSL* ssl, unsigned int to)
Vanger	0:b86d15c6ba29	5535	{
Vanger	0:b86d15c6ba29	5536	if (ssl == NULL)
Vanger	0:b86d15c6ba29	5537	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	5538
Vanger	0:b86d15c6ba29	5539	ssl->timeout = to;
Vanger	0:b86d15c6ba29	5540
Vanger	0:b86d15c6ba29	5541	return SSL_SUCCESS;
Vanger	0:b86d15c6ba29	5542	}
Vanger	0:b86d15c6ba29	5543
Vanger	0:b86d15c6ba29	5544
Vanger	0:b86d15c6ba29	5545	/* set ctx session timeout in seconds */
Vanger	0:b86d15c6ba29	5546	int CyaSSL_CTX_set_timeout(CYASSL_CTX* ctx, unsigned int to)
Vanger	0:b86d15c6ba29	5547	{
Vanger	0:b86d15c6ba29	5548	if (ctx == NULL)
Vanger	0:b86d15c6ba29	5549	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	5550
Vanger	0:b86d15c6ba29	5551	ctx->timeout = to;
Vanger	0:b86d15c6ba29	5552
Vanger	0:b86d15c6ba29	5553	return SSL_SUCCESS;
Vanger	0:b86d15c6ba29	5554	}
Vanger	0:b86d15c6ba29	5555
Vanger	0:b86d15c6ba29	5556
Vanger	0:b86d15c6ba29	5557	#ifndef NO_CLIENT_CACHE
Vanger	0:b86d15c6ba29	5558
Vanger	0:b86d15c6ba29	5559	/* Get Session from Client cache based on id/len, return NULL on failure */
Vanger	0:b86d15c6ba29	5560	CYASSL_SESSION* GetSessionClient(CYASSL* ssl, const byte* id, int len)
Vanger	0:b86d15c6ba29	5561	{
Vanger	0:b86d15c6ba29	5562	CYASSL_SESSION* ret = NULL;
Vanger	0:b86d15c6ba29	5563	word32 row;
Vanger	0:b86d15c6ba29	5564	int idx;
Vanger	0:b86d15c6ba29	5565	int count;
Vanger	0:b86d15c6ba29	5566	int error = 0;
Vanger	0:b86d15c6ba29	5567
Vanger	0:b86d15c6ba29	5568	CYASSL_ENTER("GetSessionClient");
Vanger	0:b86d15c6ba29	5569
Vanger	0:b86d15c6ba29	5570	if (ssl->options.side == CYASSL_SERVER_END)
Vanger	0:b86d15c6ba29	5571	return NULL;
Vanger	0:b86d15c6ba29	5572
Vanger	0:b86d15c6ba29	5573	len = min(SERVER_ID_LEN, (word32)len);
Vanger	0:b86d15c6ba29	5574	row = HashSession(id, len, &error) % SESSION_ROWS;
Vanger	0:b86d15c6ba29	5575	if (error != 0) {
Vanger	0:b86d15c6ba29	5576	CYASSL_MSG("Hash session failed");
Vanger	0:b86d15c6ba29	5577	return NULL;
Vanger	0:b86d15c6ba29	5578	}
Vanger	0:b86d15c6ba29	5579
Vanger	0:b86d15c6ba29	5580	if (LockMutex(&session_mutex) != 0) {
Vanger	0:b86d15c6ba29	5581	CYASSL_MSG("Lock session mutex failed");
Vanger	0:b86d15c6ba29	5582	return NULL;
Vanger	0:b86d15c6ba29	5583	}
Vanger	0:b86d15c6ba29	5584
Vanger	0:b86d15c6ba29	5585	/* start from most recently used */
Vanger	0:b86d15c6ba29	5586	count = min((word32)ClientCache[row].totalCount, SESSIONS_PER_ROW);
Vanger	0:b86d15c6ba29	5587	idx = ClientCache[row].nextIdx - 1;
Vanger	0:b86d15c6ba29	5588	if (idx < 0)
Vanger	0:b86d15c6ba29	5589	idx = SESSIONS_PER_ROW - 1; /* if back to front, the previous was end */
Vanger	0:b86d15c6ba29	5590
Vanger	0:b86d15c6ba29	5591	for (; count > 0; --count, idx = idx ? idx - 1 : SESSIONS_PER_ROW - 1) {
Vanger	0:b86d15c6ba29	5592	CYASSL_SESSION* current;
Vanger	0:b86d15c6ba29	5593	ClientSession clSess;
Vanger	0:b86d15c6ba29	5594
Vanger	0:b86d15c6ba29	5595	if (idx >= SESSIONS_PER_ROW \|\| idx < 0) { /* sanity check */
Vanger	0:b86d15c6ba29	5596	CYASSL_MSG("Bad idx");
Vanger	0:b86d15c6ba29	5597	break;
Vanger	0:b86d15c6ba29	5598	}
Vanger	0:b86d15c6ba29	5599
Vanger	0:b86d15c6ba29	5600	clSess = ClientCache[row].Clients[idx];
Vanger	0:b86d15c6ba29	5601
Vanger	0:b86d15c6ba29	5602	current = &SessionCache[clSess.serverRow].Sessions[clSess.serverIdx];
Vanger	0:b86d15c6ba29	5603	if (XMEMCMP(current->serverID, id, len) == 0) {
Vanger	0:b86d15c6ba29	5604	CYASSL_MSG("Found a serverid match for client");
Vanger	0:b86d15c6ba29	5605	if (LowResTimer() < (current->bornOn + current->timeout)) {
Vanger	0:b86d15c6ba29	5606	CYASSL_MSG("Session valid");
Vanger	0:b86d15c6ba29	5607	ret = current;
Vanger	0:b86d15c6ba29	5608	break;
Vanger	0:b86d15c6ba29	5609	} else {
Vanger	0:b86d15c6ba29	5610	CYASSL_MSG("Session timed out"); /* could have more for id */
Vanger	0:b86d15c6ba29	5611	}
Vanger	0:b86d15c6ba29	5612	} else {
Vanger	0:b86d15c6ba29	5613	CYASSL_MSG("ServerID not a match from client table");
Vanger	0:b86d15c6ba29	5614	}
Vanger	0:b86d15c6ba29	5615	}
Vanger	0:b86d15c6ba29	5616
Vanger	0:b86d15c6ba29	5617	UnLockMutex(&session_mutex);
Vanger	0:b86d15c6ba29	5618
Vanger	0:b86d15c6ba29	5619	return ret;
Vanger	0:b86d15c6ba29	5620	}
Vanger	0:b86d15c6ba29	5621
Vanger	0:b86d15c6ba29	5622	#endif /* NO_CLIENT_CACHE */
Vanger	0:b86d15c6ba29	5623
Vanger	0:b86d15c6ba29	5624
Vanger	0:b86d15c6ba29	5625	CYASSL_SESSION* GetSession(CYASSL* ssl, byte* masterSecret)
Vanger	0:b86d15c6ba29	5626	{
Vanger	0:b86d15c6ba29	5627	CYASSL_SESSION* ret = 0;
Vanger	0:b86d15c6ba29	5628	const byte* id = NULL;
Vanger	0:b86d15c6ba29	5629	word32 row;
Vanger	0:b86d15c6ba29	5630	int idx;
Vanger	0:b86d15c6ba29	5631	int count;
Vanger	0:b86d15c6ba29	5632	int error = 0;
Vanger	0:b86d15c6ba29	5633
Vanger	0:b86d15c6ba29	5634	if (ssl->options.sessionCacheOff)
Vanger	0:b86d15c6ba29	5635	return NULL;
Vanger	0:b86d15c6ba29	5636
Vanger	0:b86d15c6ba29	5637	if (ssl->options.haveSessionId == 0)
Vanger	0:b86d15c6ba29	5638	return NULL;
Vanger	0:b86d15c6ba29	5639
Vanger	0:b86d15c6ba29	5640	if (ssl->arrays)
Vanger	0:b86d15c6ba29	5641	id = ssl->arrays->sessionID;
Vanger	0:b86d15c6ba29	5642	else
Vanger	0:b86d15c6ba29	5643	id = ssl->session.sessionID;
Vanger	0:b86d15c6ba29	5644
Vanger	0:b86d15c6ba29	5645	row = HashSession(id, ID_LEN, &error) % SESSION_ROWS;
Vanger	0:b86d15c6ba29	5646	if (error != 0) {
Vanger	0:b86d15c6ba29	5647	CYASSL_MSG("Hash session failed");
Vanger	0:b86d15c6ba29	5648	return NULL;
Vanger	0:b86d15c6ba29	5649	}
Vanger	0:b86d15c6ba29	5650
Vanger	0:b86d15c6ba29	5651	if (LockMutex(&session_mutex) != 0)
Vanger	0:b86d15c6ba29	5652	return 0;
Vanger	0:b86d15c6ba29	5653
Vanger	0:b86d15c6ba29	5654	/* start from most recently used */
Vanger	0:b86d15c6ba29	5655	count = min((word32)SessionCache[row].totalCount, SESSIONS_PER_ROW);
Vanger	0:b86d15c6ba29	5656	idx = SessionCache[row].nextIdx - 1;
Vanger	0:b86d15c6ba29	5657	if (idx < 0)
Vanger	0:b86d15c6ba29	5658	idx = SESSIONS_PER_ROW - 1; /* if back to front, the previous was end */
Vanger	0:b86d15c6ba29	5659
Vanger	0:b86d15c6ba29	5660	for (; count > 0; --count, idx = idx ? idx - 1 : SESSIONS_PER_ROW - 1) {
Vanger	0:b86d15c6ba29	5661	CYASSL_SESSION* current;
Vanger	0:b86d15c6ba29	5662
Vanger	0:b86d15c6ba29	5663	if (idx >= SESSIONS_PER_ROW \|\| idx < 0) { /* sanity check */
Vanger	0:b86d15c6ba29	5664	CYASSL_MSG("Bad idx");
Vanger	0:b86d15c6ba29	5665	break;
Vanger	0:b86d15c6ba29	5666	}
Vanger	0:b86d15c6ba29	5667
Vanger	0:b86d15c6ba29	5668	current = &SessionCache[row].Sessions[idx];
Vanger	0:b86d15c6ba29	5669	if (XMEMCMP(current->sessionID, id, ID_LEN) == 0) {
Vanger	0:b86d15c6ba29	5670	CYASSL_MSG("Found a session match");
Vanger	0:b86d15c6ba29	5671	if (LowResTimer() < (current->bornOn + current->timeout)) {
Vanger	0:b86d15c6ba29	5672	CYASSL_MSG("Session valid");
Vanger	0:b86d15c6ba29	5673	ret = current;
Vanger	0:b86d15c6ba29	5674	if (masterSecret)
Vanger	0:b86d15c6ba29	5675	XMEMCPY(masterSecret, current->masterSecret, SECRET_LEN);
Vanger	0:b86d15c6ba29	5676	} else {
Vanger	0:b86d15c6ba29	5677	CYASSL_MSG("Session timed out");
Vanger	0:b86d15c6ba29	5678	}
Vanger	0:b86d15c6ba29	5679	break; /* no more sessionIDs whether valid or not that match */
Vanger	0:b86d15c6ba29	5680	} else {
Vanger	0:b86d15c6ba29	5681	CYASSL_MSG("SessionID not a match at this idx");
Vanger	0:b86d15c6ba29	5682	}
Vanger	0:b86d15c6ba29	5683	}
Vanger	0:b86d15c6ba29	5684
Vanger	0:b86d15c6ba29	5685	UnLockMutex(&session_mutex);
Vanger	0:b86d15c6ba29	5686
Vanger	0:b86d15c6ba29	5687	return ret;
Vanger	0:b86d15c6ba29	5688	}
Vanger	0:b86d15c6ba29	5689
Vanger	0:b86d15c6ba29	5690
Vanger	0:b86d15c6ba29	5691	int SetSession(CYASSL* ssl, CYASSL_SESSION* session)
Vanger	0:b86d15c6ba29	5692	{
Vanger	0:b86d15c6ba29	5693	if (ssl->options.sessionCacheOff)
Vanger	0:b86d15c6ba29	5694	return SSL_FAILURE;
Vanger	0:b86d15c6ba29	5695
Vanger	0:b86d15c6ba29	5696	if (LowResTimer() < (session->bornOn + session->timeout)) {
Vanger	0:b86d15c6ba29	5697	ssl->session = *session;
Vanger	0:b86d15c6ba29	5698	ssl->options.resuming = 1;
Vanger	0:b86d15c6ba29	5699
Vanger	0:b86d15c6ba29	5700	#ifdef SESSION_CERTS
Vanger	0:b86d15c6ba29	5701	ssl->version = session->version;
Vanger	0:b86d15c6ba29	5702	ssl->options.cipherSuite0 = session->cipherSuite0;
Vanger	0:b86d15c6ba29	5703	ssl->options.cipherSuite = session->cipherSuite;
Vanger	0:b86d15c6ba29	5704	#endif
Vanger	0:b86d15c6ba29	5705
Vanger	0:b86d15c6ba29	5706	return SSL_SUCCESS;
Vanger	0:b86d15c6ba29	5707	}
Vanger	0:b86d15c6ba29	5708	return SSL_FAILURE; /* session timed out */
Vanger	0:b86d15c6ba29	5709	}
Vanger	0:b86d15c6ba29	5710
Vanger	0:b86d15c6ba29	5711
Vanger	0:b86d15c6ba29	5712	int AddSession(CYASSL* ssl)
Vanger	0:b86d15c6ba29	5713	{
Vanger	0:b86d15c6ba29	5714	word32 row, idx;
Vanger	0:b86d15c6ba29	5715	int error = 0;
Vanger	0:b86d15c6ba29	5716
Vanger	0:b86d15c6ba29	5717	if (ssl->options.sessionCacheOff)
Vanger	0:b86d15c6ba29	5718	return 0;
Vanger	0:b86d15c6ba29	5719
Vanger	0:b86d15c6ba29	5720	if (ssl->options.haveSessionId == 0)
Vanger	0:b86d15c6ba29	5721	return 0;
Vanger	0:b86d15c6ba29	5722
Vanger	0:b86d15c6ba29	5723	row = HashSession(ssl->arrays->sessionID, ID_LEN, &error) % SESSION_ROWS;
Vanger	0:b86d15c6ba29	5724	if (error != 0) {
Vanger	0:b86d15c6ba29	5725	CYASSL_MSG("Hash session failed");
Vanger	0:b86d15c6ba29	5726	return error;
Vanger	0:b86d15c6ba29	5727	}
Vanger	0:b86d15c6ba29	5728
Vanger	0:b86d15c6ba29	5729	if (LockMutex(&session_mutex) != 0)
Vanger	0:b86d15c6ba29	5730	return BAD_MUTEX_E;
Vanger	0:b86d15c6ba29	5731
Vanger	0:b86d15c6ba29	5732	idx = SessionCache[row].nextIdx++;
Vanger	0:b86d15c6ba29	5733	#ifdef SESSION_INDEX
Vanger	0:b86d15c6ba29	5734	ssl->sessionIndex = (row << SESSIDX_ROW_SHIFT) \| idx;
Vanger	0:b86d15c6ba29	5735	#endif
Vanger	0:b86d15c6ba29	5736
Vanger	0:b86d15c6ba29	5737	XMEMCPY(SessionCache[row].Sessions[idx].masterSecret,
Vanger	0:b86d15c6ba29	5738	ssl->arrays->masterSecret, SECRET_LEN);
Vanger	0:b86d15c6ba29	5739	XMEMCPY(SessionCache[row].Sessions[idx].sessionID, ssl->arrays->sessionID,
Vanger	0:b86d15c6ba29	5740	ID_LEN);
Vanger	0:b86d15c6ba29	5741	SessionCache[row].Sessions[idx].sessionIDSz = ssl->arrays->sessionIDSz;
Vanger	0:b86d15c6ba29	5742
Vanger	0:b86d15c6ba29	5743	SessionCache[row].Sessions[idx].timeout = ssl->timeout;
Vanger	0:b86d15c6ba29	5744	SessionCache[row].Sessions[idx].bornOn = LowResTimer();
Vanger	0:b86d15c6ba29	5745
Vanger	0:b86d15c6ba29	5746	#ifdef HAVE_SESSION_TICKET
Vanger	0:b86d15c6ba29	5747	SessionCache[row].Sessions[idx].ticketLen = ssl->session.ticketLen;
Vanger	0:b86d15c6ba29	5748	XMEMCPY(SessionCache[row].Sessions[idx].ticket,
Vanger	0:b86d15c6ba29	5749	ssl->session.ticket, ssl->session.ticketLen);
Vanger	0:b86d15c6ba29	5750	#endif
Vanger	0:b86d15c6ba29	5751
Vanger	0:b86d15c6ba29	5752	#ifdef SESSION_CERTS
Vanger	0:b86d15c6ba29	5753	SessionCache[row].Sessions[idx].chain.count = ssl->session.chain.count;
Vanger	0:b86d15c6ba29	5754	XMEMCPY(SessionCache[row].Sessions[idx].chain.certs,
Vanger	0:b86d15c6ba29	5755	ssl->session.chain.certs, sizeof(x509_buffer) * MAX_CHAIN_DEPTH);
Vanger	0:b86d15c6ba29	5756
Vanger	0:b86d15c6ba29	5757	SessionCache[row].Sessions[idx].version = ssl->version;
Vanger	0:b86d15c6ba29	5758	SessionCache[row].Sessions[idx].cipherSuite0 = ssl->options.cipherSuite0;
Vanger	0:b86d15c6ba29	5759	SessionCache[row].Sessions[idx].cipherSuite = ssl->options.cipherSuite;
Vanger	0:b86d15c6ba29	5760	#endif /* SESSION_CERTS */
Vanger	0:b86d15c6ba29	5761
Vanger	0:b86d15c6ba29	5762	SessionCache[row].totalCount++;
Vanger	0:b86d15c6ba29	5763	if (SessionCache[row].nextIdx == SESSIONS_PER_ROW)
Vanger	0:b86d15c6ba29	5764	SessionCache[row].nextIdx = 0;
Vanger	0:b86d15c6ba29	5765
Vanger	0:b86d15c6ba29	5766	#ifndef NO_CLIENT_CACHE
Vanger	0:b86d15c6ba29	5767	if (ssl->options.side == CYASSL_CLIENT_END && ssl->session.idLen) {
Vanger	0:b86d15c6ba29	5768	word32 clientRow, clientIdx;
Vanger	0:b86d15c6ba29	5769
Vanger	0:b86d15c6ba29	5770	CYASSL_MSG("Adding client cache entry");
Vanger	0:b86d15c6ba29	5771
Vanger	0:b86d15c6ba29	5772	SessionCache[row].Sessions[idx].idLen = ssl->session.idLen;
Vanger	0:b86d15c6ba29	5773	XMEMCPY(SessionCache[row].Sessions[idx].serverID, ssl->session.serverID,
Vanger	0:b86d15c6ba29	5774	ssl->session.idLen);
Vanger	0:b86d15c6ba29	5775
Vanger	0:b86d15c6ba29	5776	clientRow = HashSession(ssl->session.serverID, ssl->session.idLen,
Vanger	0:b86d15c6ba29	5777	&error) % SESSION_ROWS;
Vanger	0:b86d15c6ba29	5778	if (error != 0) {
Vanger	0:b86d15c6ba29	5779	CYASSL_MSG("Hash session failed");
Vanger	0:b86d15c6ba29	5780	} else {
Vanger	0:b86d15c6ba29	5781	clientIdx = ClientCache[clientRow].nextIdx++;
Vanger	0:b86d15c6ba29	5782
Vanger	0:b86d15c6ba29	5783	ClientCache[clientRow].Clients[clientIdx].serverRow = (word16)row;
Vanger	0:b86d15c6ba29	5784	ClientCache[clientRow].Clients[clientIdx].serverIdx = (word16)idx;
Vanger	0:b86d15c6ba29	5785
Vanger	0:b86d15c6ba29	5786	ClientCache[clientRow].totalCount++;
Vanger	0:b86d15c6ba29	5787	if (ClientCache[clientRow].nextIdx == SESSIONS_PER_ROW)
Vanger	0:b86d15c6ba29	5788	ClientCache[clientRow].nextIdx = 0;
Vanger	0:b86d15c6ba29	5789	}
Vanger	0:b86d15c6ba29	5790	}
Vanger	0:b86d15c6ba29	5791	else
Vanger	0:b86d15c6ba29	5792	SessionCache[row].Sessions[idx].idLen = 0;
Vanger	0:b86d15c6ba29	5793	#endif /* NO_CLIENT_CACHE */
Vanger	0:b86d15c6ba29	5794
Vanger	0:b86d15c6ba29	5795	if (UnLockMutex(&session_mutex) != 0)
Vanger	0:b86d15c6ba29	5796	return BAD_MUTEX_E;
Vanger	0:b86d15c6ba29	5797
Vanger	0:b86d15c6ba29	5798	return error;
Vanger	0:b86d15c6ba29	5799	}
Vanger	0:b86d15c6ba29	5800
Vanger	0:b86d15c6ba29	5801
Vanger	0:b86d15c6ba29	5802	#ifdef SESSION_INDEX
Vanger	0:b86d15c6ba29	5803
Vanger	0:b86d15c6ba29	5804	int CyaSSL_GetSessionIndex(CYASSL* ssl)
Vanger	0:b86d15c6ba29	5805	{
Vanger	0:b86d15c6ba29	5806	CYASSL_ENTER("CyaSSL_GetSessionIndex");
Vanger	0:b86d15c6ba29	5807	CYASSL_LEAVE("CyaSSL_GetSessionIndex", ssl->sessionIndex);
Vanger	0:b86d15c6ba29	5808	return ssl->sessionIndex;
Vanger	0:b86d15c6ba29	5809	}
Vanger	0:b86d15c6ba29	5810
Vanger	0:b86d15c6ba29	5811
Vanger	0:b86d15c6ba29	5812	int CyaSSL_GetSessionAtIndex(int idx, CYASSL_SESSION* session)
Vanger	0:b86d15c6ba29	5813	{
Vanger	0:b86d15c6ba29	5814	int row, col, result = SSL_FAILURE;
Vanger	0:b86d15c6ba29	5815
Vanger	0:b86d15c6ba29	5816	CYASSL_ENTER("CyaSSL_GetSessionAtIndex");
Vanger	0:b86d15c6ba29	5817
Vanger	0:b86d15c6ba29	5818	row = idx >> SESSIDX_ROW_SHIFT;
Vanger	0:b86d15c6ba29	5819	col = idx & SESSIDX_IDX_MASK;
Vanger	0:b86d15c6ba29	5820
Vanger	0:b86d15c6ba29	5821	if (LockMutex(&session_mutex) != 0) {
Vanger	0:b86d15c6ba29	5822	return BAD_MUTEX_E;
Vanger	0:b86d15c6ba29	5823	}
Vanger	0:b86d15c6ba29	5824
Vanger	0:b86d15c6ba29	5825	if (row < SESSION_ROWS &&
Vanger	0:b86d15c6ba29	5826	col < (int)min(SessionCache[row].totalCount, SESSIONS_PER_ROW)) {
Vanger	0:b86d15c6ba29	5827	XMEMCPY(session,
Vanger	0:b86d15c6ba29	5828	&SessionCache[row].Sessions[col], sizeof(CYASSL_SESSION));
Vanger	0:b86d15c6ba29	5829	result = SSL_SUCCESS;
Vanger	0:b86d15c6ba29	5830	}
Vanger	0:b86d15c6ba29	5831
Vanger	0:b86d15c6ba29	5832	if (UnLockMutex(&session_mutex) != 0)
Vanger	0:b86d15c6ba29	5833	result = BAD_MUTEX_E;
Vanger	0:b86d15c6ba29	5834
Vanger	0:b86d15c6ba29	5835	CYASSL_LEAVE("CyaSSL_GetSessionAtIndex", result);
Vanger	0:b86d15c6ba29	5836	return result;
Vanger	0:b86d15c6ba29	5837	}
Vanger	0:b86d15c6ba29	5838
Vanger	0:b86d15c6ba29	5839	#endif /* SESSION_INDEX */
Vanger	0:b86d15c6ba29	5840
Vanger	0:b86d15c6ba29	5841	#if defined(SESSION_INDEX) && defined(SESSION_CERTS)
Vanger	0:b86d15c6ba29	5842
Vanger	0:b86d15c6ba29	5843	CYASSL_X509_CHAIN* CyaSSL_SESSION_get_peer_chain(CYASSL_SESSION* session)
Vanger	0:b86d15c6ba29	5844	{
Vanger	0:b86d15c6ba29	5845	CYASSL_X509_CHAIN* chain = NULL;
Vanger	0:b86d15c6ba29	5846
Vanger	0:b86d15c6ba29	5847	CYASSL_ENTER("CyaSSL_SESSION_get_peer_chain");
Vanger	0:b86d15c6ba29	5848	if (session)
Vanger	0:b86d15c6ba29	5849	chain = &session->chain;
Vanger	0:b86d15c6ba29	5850
Vanger	0:b86d15c6ba29	5851	CYASSL_LEAVE("CyaSSL_SESSION_get_peer_chain", chain ? 1 : 0);
Vanger	0:b86d15c6ba29	5852	return chain;
Vanger	0:b86d15c6ba29	5853	}
Vanger	0:b86d15c6ba29	5854
Vanger	0:b86d15c6ba29	5855	#endif /* SESSION_INDEX && SESSION_CERTS */
Vanger	0:b86d15c6ba29	5856
Vanger	0:b86d15c6ba29	5857
Vanger	0:b86d15c6ba29	5858	#ifdef SESSION_STATS
Vanger	0:b86d15c6ba29	5859
Vanger	0:b86d15c6ba29	5860	CYASSL_API
Vanger	0:b86d15c6ba29	5861	void PrintSessionStats(void)
Vanger	0:b86d15c6ba29	5862	{
Vanger	0:b86d15c6ba29	5863	word32 totalSessionsSeen = 0;
Vanger	0:b86d15c6ba29	5864	word32 totalSessionsNow = 0;
Vanger	0:b86d15c6ba29	5865	word32 rowNow;
Vanger	0:b86d15c6ba29	5866	int i;
Vanger	0:b86d15c6ba29	5867	double E; /* expected freq */
Vanger	0:b86d15c6ba29	5868	double chiSquare = 0;
Vanger	0:b86d15c6ba29	5869
Vanger	0:b86d15c6ba29	5870	for (i = 0; i < SESSION_ROWS; i++) {
Vanger	0:b86d15c6ba29	5871	totalSessionsSeen += SessionCache[i].totalCount;
Vanger	0:b86d15c6ba29	5872
Vanger	0:b86d15c6ba29	5873	if (SessionCache[i].totalCount >= SESSIONS_PER_ROW)
Vanger	0:b86d15c6ba29	5874	rowNow = SESSIONS_PER_ROW;
Vanger	0:b86d15c6ba29	5875	else if (SessionCache[i].nextIdx == 0)
Vanger	0:b86d15c6ba29	5876	rowNow = 0;
Vanger	0:b86d15c6ba29	5877	else
Vanger	0:b86d15c6ba29	5878	rowNow = SessionCache[i].nextIdx;
Vanger	0:b86d15c6ba29	5879
Vanger	0:b86d15c6ba29	5880	totalSessionsNow += rowNow;
Vanger	0:b86d15c6ba29	5881	}
Vanger	0:b86d15c6ba29	5882
Vanger	0:b86d15c6ba29	5883	printf("Total Sessions Seen = %d\n", totalSessionsSeen);
Vanger	0:b86d15c6ba29	5884	printf("Total Sessions Now = %d\n", totalSessionsNow);
Vanger	0:b86d15c6ba29	5885
Vanger	0:b86d15c6ba29	5886	E = (double)totalSessionsSeen / SESSION_ROWS;
Vanger	0:b86d15c6ba29	5887
Vanger	0:b86d15c6ba29	5888	for (i = 0; i < SESSION_ROWS; i++) {
Vanger	0:b86d15c6ba29	5889	double diff = SessionCache[i].totalCount - E;
Vanger	0:b86d15c6ba29	5890	diff = diff; / square */
Vanger	0:b86d15c6ba29	5891	diff /= E; /* normalize */
Vanger	0:b86d15c6ba29	5892
Vanger	0:b86d15c6ba29	5893	chiSquare += diff;
Vanger	0:b86d15c6ba29	5894	}
Vanger	0:b86d15c6ba29	5895	printf(" chi-square = %5.1f, d.f. = %d\n", chiSquare,
Vanger	0:b86d15c6ba29	5896	SESSION_ROWS - 1);
Vanger	0:b86d15c6ba29	5897	if (SESSION_ROWS == 11)
Vanger	0:b86d15c6ba29	5898	printf(" .05 p value = 18.3, chi-square should be less\n");
Vanger	0:b86d15c6ba29	5899	else if (SESSION_ROWS == 211)
Vanger	0:b86d15c6ba29	5900	printf(".05 p value = 244.8, chi-square should be less\n");
Vanger	0:b86d15c6ba29	5901	else if (SESSION_ROWS == 5981)
Vanger	0:b86d15c6ba29	5902	printf(".05 p value = 6161.0, chi-square should be less\n");
Vanger	0:b86d15c6ba29	5903	else if (SESSION_ROWS == 3)
Vanger	0:b86d15c6ba29	5904	printf(".05 p value = 6.0, chi-square should be less\n");
Vanger	0:b86d15c6ba29	5905	else if (SESSION_ROWS == 2861)
Vanger	0:b86d15c6ba29	5906	printf(".05 p value = 2985.5, chi-square should be less\n");
Vanger	0:b86d15c6ba29	5907	printf("\n");
Vanger	0:b86d15c6ba29	5908	}
Vanger	0:b86d15c6ba29	5909
Vanger	0:b86d15c6ba29	5910	#endif /* SESSION_STATS */
Vanger	0:b86d15c6ba29	5911
Vanger	0:b86d15c6ba29	5912	#else /* NO_SESSION_CACHE */
Vanger	0:b86d15c6ba29	5913
Vanger	0:b86d15c6ba29	5914	/* No session cache version */
Vanger	0:b86d15c6ba29	5915	CYASSL_SESSION* GetSession(CYASSL* ssl, byte* masterSecret)
Vanger	0:b86d15c6ba29	5916	{
Vanger	0:b86d15c6ba29	5917	(void)ssl;
Vanger	0:b86d15c6ba29	5918	(void)masterSecret;
Vanger	0:b86d15c6ba29	5919
Vanger	0:b86d15c6ba29	5920	return NULL;
Vanger	0:b86d15c6ba29	5921	}
Vanger	0:b86d15c6ba29	5922
Vanger	0:b86d15c6ba29	5923	#endif /* NO_SESSION_CACHE */
Vanger	0:b86d15c6ba29	5924
Vanger	0:b86d15c6ba29	5925
Vanger	0:b86d15c6ba29	5926	/* call before SSL_connect, if verifying will add name check to
Vanger	0:b86d15c6ba29	5927	date check and signature check */
Vanger	0:b86d15c6ba29	5928	int CyaSSL_check_domain_name(CYASSL* ssl, const char* dn)
Vanger	0:b86d15c6ba29	5929	{
Vanger	0:b86d15c6ba29	5930	CYASSL_ENTER("CyaSSL_check_domain_name");
Vanger	0:b86d15c6ba29	5931	if (ssl->buffers.domainName.buffer)
Vanger	0:b86d15c6ba29	5932	XFREE(ssl->buffers.domainName.buffer, ssl->heap, DYNAMIC_TYPE_DOMAIN);
Vanger	0:b86d15c6ba29	5933
Vanger	0:b86d15c6ba29	5934	ssl->buffers.domainName.length = (word32)XSTRLEN(dn) + 1;
Vanger	0:b86d15c6ba29	5935	ssl->buffers.domainName.buffer = (byte*) XMALLOC(
Vanger	0:b86d15c6ba29	5936	ssl->buffers.domainName.length, ssl->heap, DYNAMIC_TYPE_DOMAIN);
Vanger	0:b86d15c6ba29	5937
Vanger	0:b86d15c6ba29	5938	if (ssl->buffers.domainName.buffer) {
Vanger	0:b86d15c6ba29	5939	XSTRNCPY((char*)ssl->buffers.domainName.buffer, dn,
Vanger	0:b86d15c6ba29	5940	ssl->buffers.domainName.length);
Vanger	0:b86d15c6ba29	5941	return SSL_SUCCESS;
Vanger	0:b86d15c6ba29	5942	}
Vanger	0:b86d15c6ba29	5943	else {
Vanger	0:b86d15c6ba29	5944	ssl->error = MEMORY_ERROR;
Vanger	0:b86d15c6ba29	5945	return SSL_FAILURE;
Vanger	0:b86d15c6ba29	5946	}
Vanger	0:b86d15c6ba29	5947	}
Vanger	0:b86d15c6ba29	5948
Vanger	0:b86d15c6ba29	5949
Vanger	0:b86d15c6ba29	5950	/* turn on CyaSSL zlib compression
Vanger	0:b86d15c6ba29	5951	returns SSL_SUCCESS for success, else error (not built in)
Vanger	0:b86d15c6ba29	5952	*/
Vanger	0:b86d15c6ba29	5953	int CyaSSL_set_compression(CYASSL* ssl)
Vanger	0:b86d15c6ba29	5954	{
Vanger	0:b86d15c6ba29	5955	CYASSL_ENTER("CyaSSL_set_compression");
Vanger	0:b86d15c6ba29	5956	(void)ssl;
Vanger	0:b86d15c6ba29	5957	#ifdef HAVE_LIBZ
Vanger	0:b86d15c6ba29	5958	ssl->options.usingCompression = 1;
Vanger	0:b86d15c6ba29	5959	return SSL_SUCCESS;
Vanger	0:b86d15c6ba29	5960	#else
Vanger	0:b86d15c6ba29	5961	return NOT_COMPILED_IN;
Vanger	0:b86d15c6ba29	5962	#endif
Vanger	0:b86d15c6ba29	5963	}
Vanger	0:b86d15c6ba29	5964
Vanger	0:b86d15c6ba29	5965
Vanger	0:b86d15c6ba29	5966	#ifndef USE_WINDOWS_API
Vanger	0:b86d15c6ba29	5967	#ifndef NO_WRITEV
Vanger	0:b86d15c6ba29	5968
Vanger	0:b86d15c6ba29	5969	/* simulate writev semantics, doesn't actually do block at a time though
Vanger	0:b86d15c6ba29	5970	because of SSL_write behavior and because front adds may be small */
Vanger	0:b86d15c6ba29	5971	int CyaSSL_writev(CYASSL* ssl, const struct iovec* iov, int iovcnt)
Vanger	0:b86d15c6ba29	5972	{
Vanger	0:b86d15c6ba29	5973	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	5974	byte staticBuffer[1]; /* force heap usage */
Vanger	0:b86d15c6ba29	5975	#else
Vanger	0:b86d15c6ba29	5976	byte staticBuffer[FILE_BUFFER_SIZE];
Vanger	0:b86d15c6ba29	5977	#endif
Vanger	0:b86d15c6ba29	5978	byte* myBuffer = staticBuffer;
Vanger	0:b86d15c6ba29	5979	int dynamic = 0;
Vanger	0:b86d15c6ba29	5980	int sending = 0;
Vanger	0:b86d15c6ba29	5981	int idx = 0;
Vanger	0:b86d15c6ba29	5982	int i;
Vanger	0:b86d15c6ba29	5983	int ret;
Vanger	0:b86d15c6ba29	5984
Vanger	0:b86d15c6ba29	5985	CYASSL_ENTER("CyaSSL_writev");
Vanger	0:b86d15c6ba29	5986
Vanger	0:b86d15c6ba29	5987	for (i = 0; i < iovcnt; i++)
Vanger	0:b86d15c6ba29	5988	sending += (int)iov[i].iov_len;
Vanger	0:b86d15c6ba29	5989
Vanger	0:b86d15c6ba29	5990	if (sending > (int)sizeof(staticBuffer)) {
Vanger	0:b86d15c6ba29	5991	myBuffer = (byte*)XMALLOC(sending, ssl->heap,
Vanger	0:b86d15c6ba29	5992	DYNAMIC_TYPE_WRITEV);
Vanger	0:b86d15c6ba29	5993	if (!myBuffer)
Vanger	0:b86d15c6ba29	5994	return MEMORY_ERROR;
Vanger	0:b86d15c6ba29	5995
Vanger	0:b86d15c6ba29	5996	dynamic = 1;
Vanger	0:b86d15c6ba29	5997	}
Vanger	0:b86d15c6ba29	5998
Vanger	0:b86d15c6ba29	5999	for (i = 0; i < iovcnt; i++) {
Vanger	0:b86d15c6ba29	6000	XMEMCPY(&myBuffer[idx], iov[i].iov_base, iov[i].iov_len);
Vanger	0:b86d15c6ba29	6001	idx += (int)iov[i].iov_len;
Vanger	0:b86d15c6ba29	6002	}
Vanger	0:b86d15c6ba29	6003
Vanger	0:b86d15c6ba29	6004	ret = CyaSSL_write(ssl, myBuffer, sending);
Vanger	0:b86d15c6ba29	6005
Vanger	0:b86d15c6ba29	6006	if (dynamic)
Vanger	0:b86d15c6ba29	6007	XFREE(myBuffer, ssl->heap, DYNAMIC_TYPE_WRITEV);
Vanger	0:b86d15c6ba29	6008
Vanger	0:b86d15c6ba29	6009	return ret;
Vanger	0:b86d15c6ba29	6010	}
Vanger	0:b86d15c6ba29	6011	#endif
Vanger	0:b86d15c6ba29	6012	#endif
Vanger	0:b86d15c6ba29	6013
Vanger	0:b86d15c6ba29	6014
Vanger	0:b86d15c6ba29	6015	#ifdef CYASSL_CALLBACKS
Vanger	0:b86d15c6ba29	6016
Vanger	0:b86d15c6ba29	6017	typedef struct itimerval Itimerval;
Vanger	0:b86d15c6ba29	6018
Vanger	0:b86d15c6ba29	6019	/* don't keep calling simple functions while setting up timer and singals
Vanger	0:b86d15c6ba29	6020	if no inlining these are the next best */
Vanger	0:b86d15c6ba29	6021
Vanger	0:b86d15c6ba29	6022	#define AddTimes(a, b, c) \
Vanger	0:b86d15c6ba29	6023	do { \
Vanger	0:b86d15c6ba29	6024	c.tv_sec = a.tv_sec + b.tv_sec; \
Vanger	0:b86d15c6ba29	6025	c.tv_usec = a.tv_usec + b.tv_usec; \
Vanger	0:b86d15c6ba29	6026	if (c.tv_usec >= 1000000) { \
Vanger	0:b86d15c6ba29	6027	c.tv_sec++; \
Vanger	0:b86d15c6ba29	6028	c.tv_usec -= 1000000; \
Vanger	0:b86d15c6ba29	6029	} \
Vanger	0:b86d15c6ba29	6030	} while (0)
Vanger	0:b86d15c6ba29	6031
Vanger	0:b86d15c6ba29	6032
Vanger	0:b86d15c6ba29	6033	#define SubtractTimes(a, b, c) \
Vanger	0:b86d15c6ba29	6034	do { \
Vanger	0:b86d15c6ba29	6035	c.tv_sec = a.tv_sec - b.tv_sec; \
Vanger	0:b86d15c6ba29	6036	c.tv_usec = a.tv_usec - b.tv_usec; \
Vanger	0:b86d15c6ba29	6037	if (c.tv_usec < 0) { \
Vanger	0:b86d15c6ba29	6038	c.tv_sec--; \
Vanger	0:b86d15c6ba29	6039	c.tv_usec += 1000000; \
Vanger	0:b86d15c6ba29	6040	} \
Vanger	0:b86d15c6ba29	6041	} while (0)
Vanger	0:b86d15c6ba29	6042
Vanger	0:b86d15c6ba29	6043	#define CmpTimes(a, b, cmp) \
Vanger	0:b86d15c6ba29	6044	((a.tv_sec == b.tv_sec) ? \
Vanger	0:b86d15c6ba29	6045	(a.tv_usec cmp b.tv_usec) : \
Vanger	0:b86d15c6ba29	6046	(a.tv_sec cmp b.tv_sec)) \
Vanger	0:b86d15c6ba29	6047
Vanger	0:b86d15c6ba29	6048
Vanger	0:b86d15c6ba29	6049	/* do nothing handler */
Vanger	0:b86d15c6ba29	6050	static void myHandler(int signo)
Vanger	0:b86d15c6ba29	6051	{
Vanger	0:b86d15c6ba29	6052	(void)signo;
Vanger	0:b86d15c6ba29	6053	return;
Vanger	0:b86d15c6ba29	6054	}
Vanger	0:b86d15c6ba29	6055
Vanger	0:b86d15c6ba29	6056
Vanger	0:b86d15c6ba29	6057	static int CyaSSL_ex_wrapper(CYASSL* ssl, HandShakeCallBack hsCb,
Vanger	0:b86d15c6ba29	6058	TimeoutCallBack toCb, Timeval timeout)
Vanger	0:b86d15c6ba29	6059	{
Vanger	0:b86d15c6ba29	6060	int ret = SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	6061	int oldTimerOn = 0; /* was timer already on */
Vanger	0:b86d15c6ba29	6062	Timeval startTime;
Vanger	0:b86d15c6ba29	6063	Timeval endTime;
Vanger	0:b86d15c6ba29	6064	Timeval totalTime;
Vanger	0:b86d15c6ba29	6065	Itimerval myTimeout;
Vanger	0:b86d15c6ba29	6066	Itimerval oldTimeout; /* if old timer adjust from total time to reset */
Vanger	0:b86d15c6ba29	6067	struct sigaction act, oact;
Vanger	0:b86d15c6ba29	6068
Vanger	0:b86d15c6ba29	6069	#define ERR_OUT(x) { ssl->hsInfoOn = 0; ssl->toInfoOn = 0; return x; }
Vanger	0:b86d15c6ba29	6070
Vanger	0:b86d15c6ba29	6071	if (hsCb) {
Vanger	0:b86d15c6ba29	6072	ssl->hsInfoOn = 1;
Vanger	0:b86d15c6ba29	6073	InitHandShakeInfo(&ssl->handShakeInfo);
Vanger	0:b86d15c6ba29	6074	}
Vanger	0:b86d15c6ba29	6075	if (toCb) {
Vanger	0:b86d15c6ba29	6076	ssl->toInfoOn = 1;
Vanger	0:b86d15c6ba29	6077	InitTimeoutInfo(&ssl->timeoutInfo);
Vanger	0:b86d15c6ba29	6078
Vanger	0:b86d15c6ba29	6079	if (gettimeofday(&startTime, 0) < 0)
Vanger	0:b86d15c6ba29	6080	ERR_OUT(GETTIME_ERROR);
Vanger	0:b86d15c6ba29	6081
Vanger	0:b86d15c6ba29	6082	/* use setitimer to simulate getitimer, init 0 myTimeout */
Vanger	0:b86d15c6ba29	6083	myTimeout.it_interval.tv_sec = 0;
Vanger	0:b86d15c6ba29	6084	myTimeout.it_interval.tv_usec = 0;
Vanger	0:b86d15c6ba29	6085	myTimeout.it_value.tv_sec = 0;
Vanger	0:b86d15c6ba29	6086	myTimeout.it_value.tv_usec = 0;
Vanger	0:b86d15c6ba29	6087	if (setitimer(ITIMER_REAL, &myTimeout, &oldTimeout) < 0)
Vanger	0:b86d15c6ba29	6088	ERR_OUT(SETITIMER_ERROR);
Vanger	0:b86d15c6ba29	6089
Vanger	0:b86d15c6ba29	6090	if (oldTimeout.it_value.tv_sec \|\| oldTimeout.it_value.tv_usec) {
Vanger	0:b86d15c6ba29	6091	oldTimerOn = 1;
Vanger	0:b86d15c6ba29	6092
Vanger	0:b86d15c6ba29	6093	/* is old timer going to expire before ours */
Vanger	0:b86d15c6ba29	6094	if (CmpTimes(oldTimeout.it_value, timeout, <)) {
Vanger	0:b86d15c6ba29	6095	timeout.tv_sec = oldTimeout.it_value.tv_sec;
Vanger	0:b86d15c6ba29	6096	timeout.tv_usec = oldTimeout.it_value.tv_usec;
Vanger	0:b86d15c6ba29	6097	}
Vanger	0:b86d15c6ba29	6098	}
Vanger	0:b86d15c6ba29	6099	myTimeout.it_value.tv_sec = timeout.tv_sec;
Vanger	0:b86d15c6ba29	6100	myTimeout.it_value.tv_usec = timeout.tv_usec;
Vanger	0:b86d15c6ba29	6101
Vanger	0:b86d15c6ba29	6102	/* set up signal handler, don't restart socket send/recv */
Vanger	0:b86d15c6ba29	6103	act.sa_handler = myHandler;
Vanger	0:b86d15c6ba29	6104	sigemptyset(&act.sa_mask);
Vanger	0:b86d15c6ba29	6105	act.sa_flags = 0;
Vanger	0:b86d15c6ba29	6106	#ifdef SA_INTERRUPT
Vanger	0:b86d15c6ba29	6107	act.sa_flags \|= SA_INTERRUPT;
Vanger	0:b86d15c6ba29	6108	#endif
Vanger	0:b86d15c6ba29	6109	if (sigaction(SIGALRM, &act, &oact) < 0)
Vanger	0:b86d15c6ba29	6110	ERR_OUT(SIGACT_ERROR);
Vanger	0:b86d15c6ba29	6111
Vanger	0:b86d15c6ba29	6112	if (setitimer(ITIMER_REAL, &myTimeout, 0) < 0)
Vanger	0:b86d15c6ba29	6113	ERR_OUT(SETITIMER_ERROR);
Vanger	0:b86d15c6ba29	6114	}
Vanger	0:b86d15c6ba29	6115
Vanger	0:b86d15c6ba29	6116	/* do main work */
Vanger	0:b86d15c6ba29	6117	#ifndef NO_CYASSL_CLIENT
Vanger	0:b86d15c6ba29	6118	if (ssl->options.side == CYASSL_CLIENT_END)
Vanger	0:b86d15c6ba29	6119	ret = CyaSSL_connect(ssl);
Vanger	0:b86d15c6ba29	6120	#endif
Vanger	0:b86d15c6ba29	6121	#ifndef NO_CYASSL_SERVER
Vanger	0:b86d15c6ba29	6122	if (ssl->options.side == CYASSL_SERVER_END)
Vanger	0:b86d15c6ba29	6123	ret = CyaSSL_accept(ssl);
Vanger	0:b86d15c6ba29	6124	#endif
Vanger	0:b86d15c6ba29	6125
Vanger	0:b86d15c6ba29	6126	/* do callbacks */
Vanger	0:b86d15c6ba29	6127	if (toCb) {
Vanger	0:b86d15c6ba29	6128	if (oldTimerOn) {
Vanger	0:b86d15c6ba29	6129	gettimeofday(&endTime, 0);
Vanger	0:b86d15c6ba29	6130	SubtractTimes(endTime, startTime, totalTime);
Vanger	0:b86d15c6ba29	6131	/* adjust old timer for elapsed time */
Vanger	0:b86d15c6ba29	6132	if (CmpTimes(totalTime, oldTimeout.it_value, <))
Vanger	0:b86d15c6ba29	6133	SubtractTimes(oldTimeout.it_value, totalTime,
Vanger	0:b86d15c6ba29	6134	oldTimeout.it_value);
Vanger	0:b86d15c6ba29	6135	else {
Vanger	0:b86d15c6ba29	6136	/* reset value to interval, may be off */
Vanger	0:b86d15c6ba29	6137	oldTimeout.it_value.tv_sec = oldTimeout.it_interval.tv_sec;
Vanger	0:b86d15c6ba29	6138	oldTimeout.it_value.tv_usec =oldTimeout.it_interval.tv_usec;
Vanger	0:b86d15c6ba29	6139	}
Vanger	0:b86d15c6ba29	6140	/* keep iter the same whether there or not */
Vanger	0:b86d15c6ba29	6141	}
Vanger	0:b86d15c6ba29	6142	/* restore old handler */
Vanger	0:b86d15c6ba29	6143	if (sigaction(SIGALRM, &oact, 0) < 0)
Vanger	0:b86d15c6ba29	6144	ret = SIGACT_ERROR; /* more pressing error, stomp */
Vanger	0:b86d15c6ba29	6145	else
Vanger	0:b86d15c6ba29	6146	/* use old settings which may turn off (expired or not there) */
Vanger	0:b86d15c6ba29	6147	if (setitimer(ITIMER_REAL, &oldTimeout, 0) < 0)
Vanger	0:b86d15c6ba29	6148	ret = SETITIMER_ERROR;
Vanger	0:b86d15c6ba29	6149
Vanger	0:b86d15c6ba29	6150	/* if we had a timeout call callback */
Vanger	0:b86d15c6ba29	6151	if (ssl->timeoutInfo.timeoutName[0]) {
Vanger	0:b86d15c6ba29	6152	ssl->timeoutInfo.timeoutValue.tv_sec = timeout.tv_sec;
Vanger	0:b86d15c6ba29	6153	ssl->timeoutInfo.timeoutValue.tv_usec = timeout.tv_usec;
Vanger	0:b86d15c6ba29	6154	(toCb)(&ssl->timeoutInfo);
Vanger	0:b86d15c6ba29	6155	}
Vanger	0:b86d15c6ba29	6156	/* clean up */
Vanger	0:b86d15c6ba29	6157	FreeTimeoutInfo(&ssl->timeoutInfo, ssl->heap);
Vanger	0:b86d15c6ba29	6158	ssl->toInfoOn = 0;
Vanger	0:b86d15c6ba29	6159	}
Vanger	0:b86d15c6ba29	6160	if (hsCb) {
Vanger	0:b86d15c6ba29	6161	FinishHandShakeInfo(&ssl->handShakeInfo, ssl);
Vanger	0:b86d15c6ba29	6162	(hsCb)(&ssl->handShakeInfo);
Vanger	0:b86d15c6ba29	6163	ssl->hsInfoOn = 0;
Vanger	0:b86d15c6ba29	6164	}
Vanger	0:b86d15c6ba29	6165	return ret;
Vanger	0:b86d15c6ba29	6166	}
Vanger	0:b86d15c6ba29	6167
Vanger	0:b86d15c6ba29	6168
Vanger	0:b86d15c6ba29	6169	#ifndef NO_CYASSL_CLIENT
Vanger	0:b86d15c6ba29	6170
Vanger	0:b86d15c6ba29	6171	int CyaSSL_connect_ex(CYASSL* ssl, HandShakeCallBack hsCb,
Vanger	0:b86d15c6ba29	6172	TimeoutCallBack toCb, Timeval timeout)
Vanger	0:b86d15c6ba29	6173	{
Vanger	0:b86d15c6ba29	6174	CYASSL_ENTER("CyaSSL_connect_ex");
Vanger	0:b86d15c6ba29	6175	return CyaSSL_ex_wrapper(ssl, hsCb, toCb, timeout);
Vanger	0:b86d15c6ba29	6176	}
Vanger	0:b86d15c6ba29	6177
Vanger	0:b86d15c6ba29	6178	#endif
Vanger	0:b86d15c6ba29	6179
Vanger	0:b86d15c6ba29	6180
Vanger	0:b86d15c6ba29	6181	#ifndef NO_CYASSL_SERVER
Vanger	0:b86d15c6ba29	6182
Vanger	0:b86d15c6ba29	6183	int CyaSSL_accept_ex(CYASSL* ssl, HandShakeCallBack hsCb,
Vanger	0:b86d15c6ba29	6184	TimeoutCallBack toCb,Timeval timeout)
Vanger	0:b86d15c6ba29	6185	{
Vanger	0:b86d15c6ba29	6186	CYASSL_ENTER("CyaSSL_accept_ex");
Vanger	0:b86d15c6ba29	6187	return CyaSSL_ex_wrapper(ssl, hsCb, toCb, timeout);
Vanger	0:b86d15c6ba29	6188	}
Vanger	0:b86d15c6ba29	6189
Vanger	0:b86d15c6ba29	6190	#endif
Vanger	0:b86d15c6ba29	6191
Vanger	0:b86d15c6ba29	6192	#endif /* CYASSL_CALLBACKS */
Vanger	0:b86d15c6ba29	6193
Vanger	0:b86d15c6ba29	6194
Vanger	0:b86d15c6ba29	6195	#ifndef NO_PSK
Vanger	0:b86d15c6ba29	6196
Vanger	0:b86d15c6ba29	6197	void CyaSSL_CTX_set_psk_client_callback(CYASSL_CTX* ctx,
Vanger	0:b86d15c6ba29	6198	psk_client_callback cb)
Vanger	0:b86d15c6ba29	6199	{
Vanger	0:b86d15c6ba29	6200	CYASSL_ENTER("SSL_CTX_set_psk_client_callback");
Vanger	0:b86d15c6ba29	6201	ctx->havePSK = 1;
Vanger	0:b86d15c6ba29	6202	ctx->client_psk_cb = cb;
Vanger	0:b86d15c6ba29	6203	}
Vanger	0:b86d15c6ba29	6204
Vanger	0:b86d15c6ba29	6205
Vanger	0:b86d15c6ba29	6206	void CyaSSL_set_psk_client_callback(CYASSL* ssl, psk_client_callback cb)
Vanger	0:b86d15c6ba29	6207	{
Vanger	0:b86d15c6ba29	6208	byte haveRSA = 1;
Vanger	0:b86d15c6ba29	6209
Vanger	0:b86d15c6ba29	6210	CYASSL_ENTER("SSL_set_psk_client_callback");
Vanger	0:b86d15c6ba29	6211	ssl->options.havePSK = 1;
Vanger	0:b86d15c6ba29	6212	ssl->options.client_psk_cb = cb;
Vanger	0:b86d15c6ba29	6213
Vanger	0:b86d15c6ba29	6214	#ifdef NO_RSA
Vanger	0:b86d15c6ba29	6215	haveRSA = 0;
Vanger	0:b86d15c6ba29	6216	#endif
Vanger	0:b86d15c6ba29	6217	InitSuites(ssl->suites, ssl->version, haveRSA, TRUE,
Vanger	0:b86d15c6ba29	6218	ssl->options.haveDH, ssl->options.haveNTRU,
Vanger	0:b86d15c6ba29	6219	ssl->options.haveECDSAsig, ssl->options.haveStaticECC,
Vanger	0:b86d15c6ba29	6220	ssl->options.side);
Vanger	0:b86d15c6ba29	6221	}
Vanger	0:b86d15c6ba29	6222
Vanger	0:b86d15c6ba29	6223
Vanger	0:b86d15c6ba29	6224	void CyaSSL_CTX_set_psk_server_callback(CYASSL_CTX* ctx,
Vanger	0:b86d15c6ba29	6225	psk_server_callback cb)
Vanger	0:b86d15c6ba29	6226	{
Vanger	0:b86d15c6ba29	6227	CYASSL_ENTER("SSL_CTX_set_psk_server_callback");
Vanger	0:b86d15c6ba29	6228	ctx->havePSK = 1;
Vanger	0:b86d15c6ba29	6229	ctx->server_psk_cb = cb;
Vanger	0:b86d15c6ba29	6230	}
Vanger	0:b86d15c6ba29	6231
Vanger	0:b86d15c6ba29	6232
Vanger	0:b86d15c6ba29	6233	void CyaSSL_set_psk_server_callback(CYASSL* ssl, psk_server_callback cb)
Vanger	0:b86d15c6ba29	6234	{
Vanger	0:b86d15c6ba29	6235	byte haveRSA = 1;
Vanger	0:b86d15c6ba29	6236
Vanger	0:b86d15c6ba29	6237	CYASSL_ENTER("SSL_set_psk_server_callback");
Vanger	0:b86d15c6ba29	6238	ssl->options.havePSK = 1;
Vanger	0:b86d15c6ba29	6239	ssl->options.server_psk_cb = cb;
Vanger	0:b86d15c6ba29	6240
Vanger	0:b86d15c6ba29	6241	#ifdef NO_RSA
Vanger	0:b86d15c6ba29	6242	haveRSA = 0;
Vanger	0:b86d15c6ba29	6243	#endif
Vanger	0:b86d15c6ba29	6244	InitSuites(ssl->suites, ssl->version, haveRSA, TRUE,
Vanger	0:b86d15c6ba29	6245	ssl->options.haveDH, ssl->options.haveNTRU,
Vanger	0:b86d15c6ba29	6246	ssl->options.haveECDSAsig, ssl->options.haveStaticECC,
Vanger	0:b86d15c6ba29	6247	ssl->options.side);
Vanger	0:b86d15c6ba29	6248	}
Vanger	0:b86d15c6ba29	6249
Vanger	0:b86d15c6ba29	6250
Vanger	0:b86d15c6ba29	6251	const char* CyaSSL_get_psk_identity_hint(const CYASSL* ssl)
Vanger	0:b86d15c6ba29	6252	{
Vanger	0:b86d15c6ba29	6253	CYASSL_ENTER("SSL_get_psk_identity_hint");
Vanger	0:b86d15c6ba29	6254
Vanger	0:b86d15c6ba29	6255	if (ssl == NULL \|\| ssl->arrays == NULL)
Vanger	0:b86d15c6ba29	6256	return NULL;
Vanger	0:b86d15c6ba29	6257
Vanger	0:b86d15c6ba29	6258	return ssl->arrays->server_hint;
Vanger	0:b86d15c6ba29	6259	}
Vanger	0:b86d15c6ba29	6260
Vanger	0:b86d15c6ba29	6261
Vanger	0:b86d15c6ba29	6262	const char* CyaSSL_get_psk_identity(const CYASSL* ssl)
Vanger	0:b86d15c6ba29	6263	{
Vanger	0:b86d15c6ba29	6264	CYASSL_ENTER("SSL_get_psk_identity");
Vanger	0:b86d15c6ba29	6265
Vanger	0:b86d15c6ba29	6266	if (ssl == NULL \|\| ssl->arrays == NULL)
Vanger	0:b86d15c6ba29	6267	return NULL;
Vanger	0:b86d15c6ba29	6268
Vanger	0:b86d15c6ba29	6269	return ssl->arrays->client_identity;
Vanger	0:b86d15c6ba29	6270	}
Vanger	0:b86d15c6ba29	6271
Vanger	0:b86d15c6ba29	6272
Vanger	0:b86d15c6ba29	6273	int CyaSSL_CTX_use_psk_identity_hint(CYASSL_CTX* ctx, const char* hint)
Vanger	0:b86d15c6ba29	6274	{
Vanger	0:b86d15c6ba29	6275	CYASSL_ENTER("SSL_CTX_use_psk_identity_hint");
Vanger	0:b86d15c6ba29	6276	if (hint == 0)
Vanger	0:b86d15c6ba29	6277	ctx->server_hint[0] = 0;
Vanger	0:b86d15c6ba29	6278	else {
Vanger	0:b86d15c6ba29	6279	XSTRNCPY(ctx->server_hint, hint, MAX_PSK_ID_LEN);
Vanger	0:b86d15c6ba29	6280	ctx->server_hint[MAX_PSK_ID_LEN - 1] = '\0';
Vanger	0:b86d15c6ba29	6281	}
Vanger	0:b86d15c6ba29	6282	return SSL_SUCCESS;
Vanger	0:b86d15c6ba29	6283	}
Vanger	0:b86d15c6ba29	6284
Vanger	0:b86d15c6ba29	6285
Vanger	0:b86d15c6ba29	6286	int CyaSSL_use_psk_identity_hint(CYASSL* ssl, const char* hint)
Vanger	0:b86d15c6ba29	6287	{
Vanger	0:b86d15c6ba29	6288	CYASSL_ENTER("SSL_use_psk_identity_hint");
Vanger	0:b86d15c6ba29	6289
Vanger	0:b86d15c6ba29	6290	if (ssl == NULL \|\| ssl->arrays == NULL)
Vanger	0:b86d15c6ba29	6291	return SSL_FAILURE;
Vanger	0:b86d15c6ba29	6292
Vanger	0:b86d15c6ba29	6293	if (hint == 0)
Vanger	0:b86d15c6ba29	6294	ssl->arrays->server_hint[0] = 0;
Vanger	0:b86d15c6ba29	6295	else {
Vanger	0:b86d15c6ba29	6296	XSTRNCPY(ssl->arrays->server_hint, hint, MAX_PSK_ID_LEN);
Vanger	0:b86d15c6ba29	6297	ssl->arrays->server_hint[MAX_PSK_ID_LEN - 1] = '\0';
Vanger	0:b86d15c6ba29	6298	}
Vanger	0:b86d15c6ba29	6299	return SSL_SUCCESS;
Vanger	0:b86d15c6ba29	6300	}
Vanger	0:b86d15c6ba29	6301
Vanger	0:b86d15c6ba29	6302	#endif /* NO_PSK */
Vanger	0:b86d15c6ba29	6303
Vanger	0:b86d15c6ba29	6304
Vanger	0:b86d15c6ba29	6305	#ifdef HAVE_ANON
Vanger	0:b86d15c6ba29	6306
Vanger	0:b86d15c6ba29	6307	int CyaSSL_CTX_allow_anon_cipher(CYASSL_CTX* ctx)
Vanger	0:b86d15c6ba29	6308	{
Vanger	0:b86d15c6ba29	6309	CYASSL_ENTER("CyaSSL_CTX_allow_anon_cipher");
Vanger	0:b86d15c6ba29	6310
Vanger	0:b86d15c6ba29	6311	if (ctx == NULL)
Vanger	0:b86d15c6ba29	6312	return SSL_FAILURE;
Vanger	0:b86d15c6ba29	6313
Vanger	0:b86d15c6ba29	6314	ctx->haveAnon = 1;
Vanger	0:b86d15c6ba29	6315
Vanger	0:b86d15c6ba29	6316	return SSL_SUCCESS;
Vanger	0:b86d15c6ba29	6317	}
Vanger	0:b86d15c6ba29	6318
Vanger	0:b86d15c6ba29	6319	#endif /* HAVE_ANON */
Vanger	0:b86d15c6ba29	6320
Vanger	0:b86d15c6ba29	6321
Vanger	0:b86d15c6ba29	6322	#ifndef NO_CERTS
Vanger	0:b86d15c6ba29	6323	/* used to be defined on NO_FILESYSTEM only, but are generally useful */
Vanger	0:b86d15c6ba29	6324
Vanger	0:b86d15c6ba29	6325	/* CyaSSL extension allows DER files to be loaded from buffers as well */
Vanger	0:b86d15c6ba29	6326	int CyaSSL_CTX_load_verify_buffer(CYASSL_CTX* ctx, const unsigned char* in,
Vanger	0:b86d15c6ba29	6327	long sz, int format)
Vanger	0:b86d15c6ba29	6328	{
Vanger	0:b86d15c6ba29	6329	CYASSL_ENTER("CyaSSL_CTX_load_verify_buffer");
Vanger	0:b86d15c6ba29	6330	if (format == SSL_FILETYPE_PEM)
Vanger	0:b86d15c6ba29	6331	return ProcessChainBuffer(ctx, in, sz, format, CA_TYPE, NULL);
Vanger	0:b86d15c6ba29	6332	else
Vanger	0:b86d15c6ba29	6333	return ProcessBuffer(ctx, in, sz, format, CA_TYPE, NULL,NULL,0);
Vanger	0:b86d15c6ba29	6334	}
Vanger	0:b86d15c6ba29	6335
Vanger	0:b86d15c6ba29	6336
Vanger	0:b86d15c6ba29	6337	int CyaSSL_CTX_use_certificate_buffer(CYASSL_CTX* ctx,
Vanger	0:b86d15c6ba29	6338	const unsigned char* in, long sz, int format)
Vanger	0:b86d15c6ba29	6339	{
Vanger	0:b86d15c6ba29	6340	CYASSL_ENTER("CyaSSL_CTX_use_certificate_buffer");
Vanger	0:b86d15c6ba29	6341	return ProcessBuffer(ctx, in, sz, format, CERT_TYPE, NULL, NULL, 0);
Vanger	0:b86d15c6ba29	6342	}
Vanger	0:b86d15c6ba29	6343
Vanger	0:b86d15c6ba29	6344
Vanger	0:b86d15c6ba29	6345	int CyaSSL_CTX_use_PrivateKey_buffer(CYASSL_CTX* ctx,
Vanger	0:b86d15c6ba29	6346	const unsigned char* in, long sz, int format)
Vanger	0:b86d15c6ba29	6347	{
Vanger	0:b86d15c6ba29	6348	CYASSL_ENTER("CyaSSL_CTX_use_PrivateKey_buffer");
Vanger	0:b86d15c6ba29	6349	return ProcessBuffer(ctx, in, sz, format, PRIVATEKEY_TYPE, NULL,NULL,0);
Vanger	0:b86d15c6ba29	6350	}
Vanger	0:b86d15c6ba29	6351
Vanger	0:b86d15c6ba29	6352
Vanger	0:b86d15c6ba29	6353	int CyaSSL_CTX_use_certificate_chain_buffer(CYASSL_CTX* ctx,
Vanger	0:b86d15c6ba29	6354	const unsigned char* in, long sz)
Vanger	0:b86d15c6ba29	6355	{
Vanger	0:b86d15c6ba29	6356	CYASSL_ENTER("CyaSSL_CTX_use_certificate_chain_buffer");
Vanger	0:b86d15c6ba29	6357	return ProcessBuffer(ctx, in, sz, SSL_FILETYPE_PEM, CERT_TYPE, NULL,
Vanger	0:b86d15c6ba29	6358	NULL, 1);
Vanger	0:b86d15c6ba29	6359	}
Vanger	0:b86d15c6ba29	6360
Vanger	0:b86d15c6ba29	6361	int CyaSSL_use_certificate_buffer(CYASSL* ssl,
Vanger	0:b86d15c6ba29	6362	const unsigned char* in, long sz, int format)
Vanger	0:b86d15c6ba29	6363	{
Vanger	0:b86d15c6ba29	6364	CYASSL_ENTER("CyaSSL_use_certificate_buffer");
Vanger	0:b86d15c6ba29	6365	return ProcessBuffer(ssl->ctx, in, sz, format,CERT_TYPE,ssl,NULL,0);
Vanger	0:b86d15c6ba29	6366	}
Vanger	0:b86d15c6ba29	6367
Vanger	0:b86d15c6ba29	6368
Vanger	0:b86d15c6ba29	6369	int CyaSSL_use_PrivateKey_buffer(CYASSL* ssl,
Vanger	0:b86d15c6ba29	6370	const unsigned char* in, long sz, int format)
Vanger	0:b86d15c6ba29	6371	{
Vanger	0:b86d15c6ba29	6372	CYASSL_ENTER("CyaSSL_use_PrivateKey_buffer");
Vanger	0:b86d15c6ba29	6373	return ProcessBuffer(ssl->ctx, in, sz, format, PRIVATEKEY_TYPE,
Vanger	0:b86d15c6ba29	6374	ssl, NULL, 0);
Vanger	0:b86d15c6ba29	6375	}
Vanger	0:b86d15c6ba29	6376
Vanger	0:b86d15c6ba29	6377
Vanger	0:b86d15c6ba29	6378	int CyaSSL_use_certificate_chain_buffer(CYASSL* ssl,
Vanger	0:b86d15c6ba29	6379	const unsigned char* in, long sz)
Vanger	0:b86d15c6ba29	6380	{
Vanger	0:b86d15c6ba29	6381	CYASSL_ENTER("CyaSSL_use_certificate_chain_buffer");
Vanger	0:b86d15c6ba29	6382	return ProcessBuffer(ssl->ctx, in, sz, SSL_FILETYPE_PEM, CERT_TYPE,
Vanger	0:b86d15c6ba29	6383	ssl, NULL, 1);
Vanger	0:b86d15c6ba29	6384	}
Vanger	0:b86d15c6ba29	6385
Vanger	0:b86d15c6ba29	6386
Vanger	0:b86d15c6ba29	6387	/* unload any certs or keys that SSL owns, leave CTX as is
Vanger	0:b86d15c6ba29	6388	SSL_SUCCESS on ok */
Vanger	0:b86d15c6ba29	6389	int CyaSSL_UnloadCertsKeys(CYASSL* ssl)
Vanger	0:b86d15c6ba29	6390	{
Vanger	0:b86d15c6ba29	6391	if (ssl == NULL) {
Vanger	0:b86d15c6ba29	6392	CYASSL_MSG("Null function arg");
Vanger	0:b86d15c6ba29	6393	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	6394	}
Vanger	0:b86d15c6ba29	6395
Vanger	0:b86d15c6ba29	6396	if (ssl->buffers.weOwnCert) {
Vanger	0:b86d15c6ba29	6397	CYASSL_MSG("Unloading cert");
Vanger	0:b86d15c6ba29	6398	XFREE(ssl->buffers.certificate.buffer, ssl->heap,DYNAMIC_TYPE_CERT);
Vanger	0:b86d15c6ba29	6399	ssl->buffers.weOwnCert = 0;
Vanger	0:b86d15c6ba29	6400	ssl->buffers.certificate.length = 0;
Vanger	0:b86d15c6ba29	6401	ssl->buffers.certificate.buffer = NULL;
Vanger	0:b86d15c6ba29	6402	}
Vanger	0:b86d15c6ba29	6403
Vanger	0:b86d15c6ba29	6404	if (ssl->buffers.weOwnCertChain) {
Vanger	0:b86d15c6ba29	6405	CYASSL_MSG("Unloading cert chain");
Vanger	0:b86d15c6ba29	6406	XFREE(ssl->buffers.certChain.buffer, ssl->heap,DYNAMIC_TYPE_CERT);
Vanger	0:b86d15c6ba29	6407	ssl->buffers.weOwnCertChain = 0;
Vanger	0:b86d15c6ba29	6408	ssl->buffers.certChain.length = 0;
Vanger	0:b86d15c6ba29	6409	ssl->buffers.certChain.buffer = NULL;
Vanger	0:b86d15c6ba29	6410	}
Vanger	0:b86d15c6ba29	6411
Vanger	0:b86d15c6ba29	6412	if (ssl->buffers.weOwnKey) {
Vanger	0:b86d15c6ba29	6413	CYASSL_MSG("Unloading key");
Vanger	0:b86d15c6ba29	6414	XFREE(ssl->buffers.key.buffer, ssl->heap, DYNAMIC_TYPE_KEY);
Vanger	0:b86d15c6ba29	6415	ssl->buffers.weOwnKey = 0;
Vanger	0:b86d15c6ba29	6416	ssl->buffers.key.length = 0;
Vanger	0:b86d15c6ba29	6417	ssl->buffers.key.buffer = NULL;
Vanger	0:b86d15c6ba29	6418	}
Vanger	0:b86d15c6ba29	6419
Vanger	0:b86d15c6ba29	6420	return SSL_SUCCESS;
Vanger	0:b86d15c6ba29	6421	}
Vanger	0:b86d15c6ba29	6422
Vanger	0:b86d15c6ba29	6423
Vanger	0:b86d15c6ba29	6424	int CyaSSL_CTX_UnloadCAs(CYASSL_CTX* ctx)
Vanger	0:b86d15c6ba29	6425	{
Vanger	0:b86d15c6ba29	6426	CYASSL_ENTER("CyaSSL_CTX_UnloadCAs");
Vanger	0:b86d15c6ba29	6427
Vanger	0:b86d15c6ba29	6428	if (ctx == NULL)
Vanger	0:b86d15c6ba29	6429	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	6430
Vanger	0:b86d15c6ba29	6431	return CyaSSL_CertManagerUnloadCAs(ctx->cm);
Vanger	0:b86d15c6ba29	6432	}
Vanger	0:b86d15c6ba29	6433
Vanger	0:b86d15c6ba29	6434	/* old NO_FILESYSTEM end */
Vanger	0:b86d15c6ba29	6435	#endif /* !NO_CERTS */
Vanger	0:b86d15c6ba29	6436
Vanger	0:b86d15c6ba29	6437
Vanger	0:b86d15c6ba29	6438	#if defined(OPENSSL_EXTRA) \|\| defined(GOAHEAD_WS)
Vanger	0:b86d15c6ba29	6439
Vanger	0:b86d15c6ba29	6440
Vanger	0:b86d15c6ba29	6441	int CyaSSL_add_all_algorithms(void)
Vanger	0:b86d15c6ba29	6442	{
Vanger	0:b86d15c6ba29	6443	CYASSL_ENTER("CyaSSL_add_all_algorithms");
Vanger	0:b86d15c6ba29	6444	CyaSSL_Init();
Vanger	0:b86d15c6ba29	6445	return SSL_SUCCESS;
Vanger	0:b86d15c6ba29	6446	}
Vanger	0:b86d15c6ba29	6447
Vanger	0:b86d15c6ba29	6448
Vanger	0:b86d15c6ba29	6449	long CyaSSL_CTX_sess_set_cache_size(CYASSL_CTX* ctx, long sz)
Vanger	0:b86d15c6ba29	6450	{
Vanger	0:b86d15c6ba29	6451	/* cache size fixed at compile time in CyaSSL */
Vanger	0:b86d15c6ba29	6452	(void)ctx;
Vanger	0:b86d15c6ba29	6453	(void)sz;
Vanger	0:b86d15c6ba29	6454	return 0;
Vanger	0:b86d15c6ba29	6455	}
Vanger	0:b86d15c6ba29	6456
Vanger	0:b86d15c6ba29	6457
Vanger	0:b86d15c6ba29	6458	void CyaSSL_CTX_set_quiet_shutdown(CYASSL_CTX* ctx, int mode)
Vanger	0:b86d15c6ba29	6459	{
Vanger	0:b86d15c6ba29	6460	CYASSL_ENTER("CyaSSL_CTX_set_quiet_shutdown");
Vanger	0:b86d15c6ba29	6461	if (mode)
Vanger	0:b86d15c6ba29	6462	ctx->quietShutdown = 1;
Vanger	0:b86d15c6ba29	6463	}
Vanger	0:b86d15c6ba29	6464
Vanger	0:b86d15c6ba29	6465
Vanger	0:b86d15c6ba29	6466	void CyaSSL_set_quiet_shutdown(CYASSL* ssl, int mode)
Vanger	0:b86d15c6ba29	6467	{
Vanger	0:b86d15c6ba29	6468	CYASSL_ENTER("CyaSSL_CTX_set_quiet_shutdown");
Vanger	0:b86d15c6ba29	6469	if (mode)
Vanger	0:b86d15c6ba29	6470	ssl->options.quietShutdown = 1;
Vanger	0:b86d15c6ba29	6471	}
Vanger	0:b86d15c6ba29	6472
Vanger	0:b86d15c6ba29	6473
Vanger	0:b86d15c6ba29	6474	void CyaSSL_set_bio(CYASSL* ssl, CYASSL_BIO* rd, CYASSL_BIO* wr)
Vanger	0:b86d15c6ba29	6475	{
Vanger	0:b86d15c6ba29	6476	CYASSL_ENTER("SSL_set_bio");
Vanger	0:b86d15c6ba29	6477	CyaSSL_set_rfd(ssl, rd->fd);
Vanger	0:b86d15c6ba29	6478	CyaSSL_set_wfd(ssl, wr->fd);
Vanger	0:b86d15c6ba29	6479
Vanger	0:b86d15c6ba29	6480	ssl->biord = rd;
Vanger	0:b86d15c6ba29	6481	ssl->biowr = wr;
Vanger	0:b86d15c6ba29	6482	}
Vanger	0:b86d15c6ba29	6483
Vanger	0:b86d15c6ba29	6484
Vanger	0:b86d15c6ba29	6485	void CyaSSL_CTX_set_client_CA_list(CYASSL_CTX* ctx,
Vanger	0:b86d15c6ba29	6486	STACK_OF(CYASSL_X509_NAME)* names)
Vanger	0:b86d15c6ba29	6487	{
Vanger	0:b86d15c6ba29	6488	(void)ctx;
Vanger	0:b86d15c6ba29	6489	(void)names;
Vanger	0:b86d15c6ba29	6490	}
Vanger	0:b86d15c6ba29	6491
Vanger	0:b86d15c6ba29	6492
Vanger	0:b86d15c6ba29	6493	STACK_OF(CYASSL_X509_NAME)* CyaSSL_load_client_CA_file(const char* fname)
Vanger	0:b86d15c6ba29	6494	{
Vanger	0:b86d15c6ba29	6495	(void)fname;
Vanger	0:b86d15c6ba29	6496	return 0;
Vanger	0:b86d15c6ba29	6497	}
Vanger	0:b86d15c6ba29	6498
Vanger	0:b86d15c6ba29	6499
Vanger	0:b86d15c6ba29	6500	int CyaSSL_CTX_set_default_verify_paths(CYASSL_CTX* ctx)
Vanger	0:b86d15c6ba29	6501	{
Vanger	0:b86d15c6ba29	6502	/* TODO:, not needed in goahead */
Vanger	0:b86d15c6ba29	6503	(void)ctx;
Vanger	0:b86d15c6ba29	6504	return SSL_NOT_IMPLEMENTED;
Vanger	0:b86d15c6ba29	6505	}
Vanger	0:b86d15c6ba29	6506
Vanger	0:b86d15c6ba29	6507
Vanger	0:b86d15c6ba29	6508	/* keyblock size in bytes or -1 */
Vanger	0:b86d15c6ba29	6509	int CyaSSL_get_keyblock_size(CYASSL* ssl)
Vanger	0:b86d15c6ba29	6510	{
Vanger	0:b86d15c6ba29	6511	if (ssl == NULL)
Vanger	0:b86d15c6ba29	6512	return SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	6513
Vanger	0:b86d15c6ba29	6514	return 2 * (ssl->specs.key_size + ssl->specs.iv_size +
Vanger	0:b86d15c6ba29	6515	ssl->specs.hash_size);
Vanger	0:b86d15c6ba29	6516	}
Vanger	0:b86d15c6ba29	6517
Vanger	0:b86d15c6ba29	6518
Vanger	0:b86d15c6ba29	6519	/* store keys returns SSL_SUCCESS or -1 on error */
Vanger	0:b86d15c6ba29	6520	int CyaSSL_get_keys(CYASSL* ssl, unsigned char** ms, unsigned int* msLen,
Vanger	0:b86d15c6ba29	6521	unsigned char** sr, unsigned int* srLen,
Vanger	0:b86d15c6ba29	6522	unsigned char** cr, unsigned int* crLen)
Vanger	0:b86d15c6ba29	6523	{
Vanger	0:b86d15c6ba29	6524	if (ssl == NULL \|\| ssl->arrays == NULL)
Vanger	0:b86d15c6ba29	6525	return SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	6526
Vanger	0:b86d15c6ba29	6527	*ms = ssl->arrays->masterSecret;
Vanger	0:b86d15c6ba29	6528	*sr = ssl->arrays->serverRandom;
Vanger	0:b86d15c6ba29	6529	*cr = ssl->arrays->clientRandom;
Vanger	0:b86d15c6ba29	6530
Vanger	0:b86d15c6ba29	6531	*msLen = SECRET_LEN;
Vanger	0:b86d15c6ba29	6532	*srLen = RAN_LEN;
Vanger	0:b86d15c6ba29	6533	*crLen = RAN_LEN;
Vanger	0:b86d15c6ba29	6534
Vanger	0:b86d15c6ba29	6535	return SSL_SUCCESS;
Vanger	0:b86d15c6ba29	6536	}
Vanger	0:b86d15c6ba29	6537
Vanger	0:b86d15c6ba29	6538
Vanger	0:b86d15c6ba29	6539	void CyaSSL_set_accept_state(CYASSL* ssl)
Vanger	0:b86d15c6ba29	6540	{
Vanger	0:b86d15c6ba29	6541	byte haveRSA = 1;
Vanger	0:b86d15c6ba29	6542	byte havePSK = 0;
Vanger	0:b86d15c6ba29	6543
Vanger	0:b86d15c6ba29	6544	CYASSL_ENTER("SSL_set_accept_state");
Vanger	0:b86d15c6ba29	6545	ssl->options.side = CYASSL_SERVER_END;
Vanger	0:b86d15c6ba29	6546	/* reset suites in case user switched */
Vanger	0:b86d15c6ba29	6547
Vanger	0:b86d15c6ba29	6548	#ifdef NO_RSA
Vanger	0:b86d15c6ba29	6549	haveRSA = 0;
Vanger	0:b86d15c6ba29	6550	#endif
Vanger	0:b86d15c6ba29	6551	#ifndef NO_PSK
Vanger	0:b86d15c6ba29	6552	havePSK = ssl->options.havePSK;
Vanger	0:b86d15c6ba29	6553	#endif
Vanger	0:b86d15c6ba29	6554	InitSuites(ssl->suites, ssl->version, haveRSA, havePSK,
Vanger	0:b86d15c6ba29	6555	ssl->options.haveDH, ssl->options.haveNTRU,
Vanger	0:b86d15c6ba29	6556	ssl->options.haveECDSAsig, ssl->options.haveStaticECC,
Vanger	0:b86d15c6ba29	6557	ssl->options.side);
Vanger	0:b86d15c6ba29	6558	}
Vanger	0:b86d15c6ba29	6559	#endif
Vanger	0:b86d15c6ba29	6560
Vanger	0:b86d15c6ba29	6561	/* return true if connection established */
Vanger	0:b86d15c6ba29	6562	int CyaSSL_is_init_finished(CYASSL* ssl)
Vanger	0:b86d15c6ba29	6563	{
Vanger	0:b86d15c6ba29	6564	if (ssl == NULL)
Vanger	0:b86d15c6ba29	6565	return 0;
Vanger	0:b86d15c6ba29	6566
Vanger	0:b86d15c6ba29	6567	if (ssl->options.handShakeState == HANDSHAKE_DONE)
Vanger	0:b86d15c6ba29	6568	return 1;
Vanger	0:b86d15c6ba29	6569
Vanger	0:b86d15c6ba29	6570	return 0;
Vanger	0:b86d15c6ba29	6571	}
Vanger	0:b86d15c6ba29	6572
Vanger	0:b86d15c6ba29	6573	#if defined(OPENSSL_EXTRA) \|\| defined(GOAHEAD_WS)
Vanger	0:b86d15c6ba29	6574	void CyaSSL_CTX_set_tmp_rsa_callback(CYASSL_CTX* ctx,
Vanger	0:b86d15c6ba29	6575	CYASSL_RSA(f)(CYASSL*, int, int))
Vanger	0:b86d15c6ba29	6576	{
Vanger	0:b86d15c6ba29	6577	/* CyaSSL verifies all these internally */
Vanger	0:b86d15c6ba29	6578	(void)ctx;
Vanger	0:b86d15c6ba29	6579	(void)f;
Vanger	0:b86d15c6ba29	6580	}
Vanger	0:b86d15c6ba29	6581
Vanger	0:b86d15c6ba29	6582
Vanger	0:b86d15c6ba29	6583	void CyaSSL_set_shutdown(CYASSL* ssl, int opt)
Vanger	0:b86d15c6ba29	6584	{
Vanger	0:b86d15c6ba29	6585	(void)ssl;
Vanger	0:b86d15c6ba29	6586	(void)opt;
Vanger	0:b86d15c6ba29	6587	}
Vanger	0:b86d15c6ba29	6588
Vanger	0:b86d15c6ba29	6589
Vanger	0:b86d15c6ba29	6590	long CyaSSL_CTX_set_options(CYASSL_CTX* ctx, long opt)
Vanger	0:b86d15c6ba29	6591	{
Vanger	0:b86d15c6ba29	6592	/* goahead calls with 0, do nothing */
Vanger	0:b86d15c6ba29	6593	CYASSL_ENTER("SSL_CTX_set_options");
Vanger	0:b86d15c6ba29	6594	(void)ctx;
Vanger	0:b86d15c6ba29	6595	return opt;
Vanger	0:b86d15c6ba29	6596	}
Vanger	0:b86d15c6ba29	6597
Vanger	0:b86d15c6ba29	6598
Vanger	0:b86d15c6ba29	6599	int CyaSSL_set_rfd(CYASSL* ssl, int rfd)
Vanger	0:b86d15c6ba29	6600	{
Vanger	0:b86d15c6ba29	6601	CYASSL_ENTER("SSL_set_rfd");
Vanger	0:b86d15c6ba29	6602	ssl->rfd = rfd; /* not used directly to allow IO callbacks */
Vanger	0:b86d15c6ba29	6603
Vanger	0:b86d15c6ba29	6604	ssl->IOCB_ReadCtx = &ssl->rfd;
Vanger	0:b86d15c6ba29	6605
Vanger	0:b86d15c6ba29	6606	return SSL_SUCCESS;
Vanger	0:b86d15c6ba29	6607	}
Vanger	0:b86d15c6ba29	6608
Vanger	0:b86d15c6ba29	6609
Vanger	0:b86d15c6ba29	6610	int CyaSSL_set_wfd(CYASSL* ssl, int wfd)
Vanger	0:b86d15c6ba29	6611	{
Vanger	0:b86d15c6ba29	6612	CYASSL_ENTER("SSL_set_wfd");
Vanger	0:b86d15c6ba29	6613	ssl->wfd = wfd; /* not used directly to allow IO callbacks */
Vanger	0:b86d15c6ba29	6614
Vanger	0:b86d15c6ba29	6615	ssl->IOCB_WriteCtx = &ssl->wfd;
Vanger	0:b86d15c6ba29	6616
Vanger	0:b86d15c6ba29	6617	return SSL_SUCCESS;
Vanger	0:b86d15c6ba29	6618	}
Vanger	0:b86d15c6ba29	6619
Vanger	0:b86d15c6ba29	6620
Vanger	0:b86d15c6ba29	6621	CYASSL_RSA* CyaSSL_RSA_generate_key(int len, unsigned long bits,
Vanger	0:b86d15c6ba29	6622	void(f)(int, int, void), void* data)
Vanger	0:b86d15c6ba29	6623	{
Vanger	0:b86d15c6ba29	6624	/* no tmp key needed, actual generation not supported */
Vanger	0:b86d15c6ba29	6625	CYASSL_ENTER("RSA_generate_key");
Vanger	0:b86d15c6ba29	6626	(void)len;
Vanger	0:b86d15c6ba29	6627	(void)bits;
Vanger	0:b86d15c6ba29	6628	(void)f;
Vanger	0:b86d15c6ba29	6629	(void)data;
Vanger	0:b86d15c6ba29	6630	return NULL;
Vanger	0:b86d15c6ba29	6631	}
Vanger	0:b86d15c6ba29	6632
Vanger	0:b86d15c6ba29	6633
Vanger	0:b86d15c6ba29	6634
Vanger	0:b86d15c6ba29	6635	CYASSL_X509* CyaSSL_X509_STORE_CTX_get_current_cert(
Vanger	0:b86d15c6ba29	6636	CYASSL_X509_STORE_CTX* ctx)
Vanger	0:b86d15c6ba29	6637	{
Vanger	0:b86d15c6ba29	6638	(void)ctx;
Vanger	0:b86d15c6ba29	6639	return 0;
Vanger	0:b86d15c6ba29	6640	}
Vanger	0:b86d15c6ba29	6641
Vanger	0:b86d15c6ba29	6642
Vanger	0:b86d15c6ba29	6643	int CyaSSL_X509_STORE_CTX_get_error(CYASSL_X509_STORE_CTX* ctx)
Vanger	0:b86d15c6ba29	6644	{
Vanger	0:b86d15c6ba29	6645	if (ctx != NULL)
Vanger	0:b86d15c6ba29	6646	return ctx->error;
Vanger	0:b86d15c6ba29	6647	return 0;
Vanger	0:b86d15c6ba29	6648	}
Vanger	0:b86d15c6ba29	6649
Vanger	0:b86d15c6ba29	6650
Vanger	0:b86d15c6ba29	6651	int CyaSSL_X509_STORE_CTX_get_error_depth(CYASSL_X509_STORE_CTX* ctx)
Vanger	0:b86d15c6ba29	6652	{
Vanger	0:b86d15c6ba29	6653	(void)ctx;
Vanger	0:b86d15c6ba29	6654	return 0;
Vanger	0:b86d15c6ba29	6655	}
Vanger	0:b86d15c6ba29	6656
Vanger	0:b86d15c6ba29	6657
Vanger	0:b86d15c6ba29	6658	CYASSL_BIO_METHOD* CyaSSL_BIO_f_buffer(void)
Vanger	0:b86d15c6ba29	6659	{
Vanger	0:b86d15c6ba29	6660	static CYASSL_BIO_METHOD meth;
Vanger	0:b86d15c6ba29	6661
Vanger	0:b86d15c6ba29	6662	CYASSL_ENTER("BIO_f_buffer");
Vanger	0:b86d15c6ba29	6663	meth.type = BIO_BUFFER;
Vanger	0:b86d15c6ba29	6664
Vanger	0:b86d15c6ba29	6665	return &meth;
Vanger	0:b86d15c6ba29	6666	}
Vanger	0:b86d15c6ba29	6667
Vanger	0:b86d15c6ba29	6668
Vanger	0:b86d15c6ba29	6669	long CyaSSL_BIO_set_write_buffer_size(CYASSL_BIO* bio, long size)
Vanger	0:b86d15c6ba29	6670	{
Vanger	0:b86d15c6ba29	6671	/* CyaSSL has internal buffer, compatibility only */
Vanger	0:b86d15c6ba29	6672	CYASSL_ENTER("BIO_set_write_buffer_size");
Vanger	0:b86d15c6ba29	6673	(void)bio;
Vanger	0:b86d15c6ba29	6674	return size;
Vanger	0:b86d15c6ba29	6675	}
Vanger	0:b86d15c6ba29	6676
Vanger	0:b86d15c6ba29	6677
Vanger	0:b86d15c6ba29	6678	CYASSL_BIO_METHOD* CyaSSL_BIO_f_ssl(void)
Vanger	0:b86d15c6ba29	6679	{
Vanger	0:b86d15c6ba29	6680	static CYASSL_BIO_METHOD meth;
Vanger	0:b86d15c6ba29	6681
Vanger	0:b86d15c6ba29	6682	CYASSL_ENTER("BIO_f_ssl");
Vanger	0:b86d15c6ba29	6683	meth.type = BIO_SSL;
Vanger	0:b86d15c6ba29	6684
Vanger	0:b86d15c6ba29	6685	return &meth;
Vanger	0:b86d15c6ba29	6686	}
Vanger	0:b86d15c6ba29	6687
Vanger	0:b86d15c6ba29	6688
Vanger	0:b86d15c6ba29	6689	CYASSL_BIO* CyaSSL_BIO_new_socket(int sfd, int closeF)
Vanger	0:b86d15c6ba29	6690	{
Vanger	0:b86d15c6ba29	6691	CYASSL_BIO* bio = (CYASSL_BIO*) XMALLOC(sizeof(CYASSL_BIO), 0,
Vanger	0:b86d15c6ba29	6692	DYNAMIC_TYPE_OPENSSL);
Vanger	0:b86d15c6ba29	6693
Vanger	0:b86d15c6ba29	6694	CYASSL_ENTER("BIO_new_socket");
Vanger	0:b86d15c6ba29	6695	if (bio) {
Vanger	0:b86d15c6ba29	6696	bio->type = BIO_SOCKET;
Vanger	0:b86d15c6ba29	6697	bio->close = (byte)closeF;
Vanger	0:b86d15c6ba29	6698	bio->eof = 0;
Vanger	0:b86d15c6ba29	6699	bio->ssl = 0;
Vanger	0:b86d15c6ba29	6700	bio->fd = sfd;
Vanger	0:b86d15c6ba29	6701	bio->prev = 0;
Vanger	0:b86d15c6ba29	6702	bio->next = 0;
Vanger	0:b86d15c6ba29	6703	bio->mem = NULL;
Vanger	0:b86d15c6ba29	6704	bio->memLen = 0;
Vanger	0:b86d15c6ba29	6705	}
Vanger	0:b86d15c6ba29	6706	return bio;
Vanger	0:b86d15c6ba29	6707	}
Vanger	0:b86d15c6ba29	6708
Vanger	0:b86d15c6ba29	6709
Vanger	0:b86d15c6ba29	6710	int CyaSSL_BIO_eof(CYASSL_BIO* b)
Vanger	0:b86d15c6ba29	6711	{
Vanger	0:b86d15c6ba29	6712	CYASSL_ENTER("BIO_eof");
Vanger	0:b86d15c6ba29	6713	if (b->eof)
Vanger	0:b86d15c6ba29	6714	return 1;
Vanger	0:b86d15c6ba29	6715
Vanger	0:b86d15c6ba29	6716	return 0;
Vanger	0:b86d15c6ba29	6717	}
Vanger	0:b86d15c6ba29	6718
Vanger	0:b86d15c6ba29	6719
Vanger	0:b86d15c6ba29	6720	long CyaSSL_BIO_set_ssl(CYASSL_BIO* b, CYASSL* ssl, int closeF)
Vanger	0:b86d15c6ba29	6721	{
Vanger	0:b86d15c6ba29	6722	CYASSL_ENTER("BIO_set_ssl");
Vanger	0:b86d15c6ba29	6723	b->ssl = ssl;
Vanger	0:b86d15c6ba29	6724	b->close = (byte)closeF;
Vanger	0:b86d15c6ba29	6725	/* add to ssl for bio free if SSL_free called before/instead of free_all? */
Vanger	0:b86d15c6ba29	6726
Vanger	0:b86d15c6ba29	6727	return 0;
Vanger	0:b86d15c6ba29	6728	}
Vanger	0:b86d15c6ba29	6729
Vanger	0:b86d15c6ba29	6730
Vanger	0:b86d15c6ba29	6731	CYASSL_BIO* CyaSSL_BIO_new(CYASSL_BIO_METHOD* method)
Vanger	0:b86d15c6ba29	6732	{
Vanger	0:b86d15c6ba29	6733	CYASSL_BIO* bio = (CYASSL_BIO*) XMALLOC(sizeof(CYASSL_BIO), 0,
Vanger	0:b86d15c6ba29	6734	DYNAMIC_TYPE_OPENSSL);
Vanger	0:b86d15c6ba29	6735	CYASSL_ENTER("BIO_new");
Vanger	0:b86d15c6ba29	6736	if (bio) {
Vanger	0:b86d15c6ba29	6737	bio->type = method->type;
Vanger	0:b86d15c6ba29	6738	bio->close = 0;
Vanger	0:b86d15c6ba29	6739	bio->eof = 0;
Vanger	0:b86d15c6ba29	6740	bio->ssl = NULL;
Vanger	0:b86d15c6ba29	6741	bio->mem = NULL;
Vanger	0:b86d15c6ba29	6742	bio->memLen = 0;
Vanger	0:b86d15c6ba29	6743	bio->fd = 0;
Vanger	0:b86d15c6ba29	6744	bio->prev = NULL;
Vanger	0:b86d15c6ba29	6745	bio->next = NULL;
Vanger	0:b86d15c6ba29	6746	}
Vanger	0:b86d15c6ba29	6747	return bio;
Vanger	0:b86d15c6ba29	6748	}
Vanger	0:b86d15c6ba29	6749
Vanger	0:b86d15c6ba29	6750
Vanger	0:b86d15c6ba29	6751	int CyaSSL_BIO_get_mem_data(CYASSL_BIO* bio, const byte** p)
Vanger	0:b86d15c6ba29	6752	{
Vanger	0:b86d15c6ba29	6753	if (bio == NULL \|\| p == NULL)
Vanger	0:b86d15c6ba29	6754	return SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	6755
Vanger	0:b86d15c6ba29	6756	*p = bio->mem;
Vanger	0:b86d15c6ba29	6757
Vanger	0:b86d15c6ba29	6758	return bio->memLen;
Vanger	0:b86d15c6ba29	6759	}
Vanger	0:b86d15c6ba29	6760
Vanger	0:b86d15c6ba29	6761
Vanger	0:b86d15c6ba29	6762	CYASSL_BIO* CyaSSL_BIO_new_mem_buf(void* buf, int len)
Vanger	0:b86d15c6ba29	6763	{
Vanger	0:b86d15c6ba29	6764	CYASSL_BIO* bio = NULL;
Vanger	0:b86d15c6ba29	6765	if (buf == NULL)
Vanger	0:b86d15c6ba29	6766	return bio;
Vanger	0:b86d15c6ba29	6767
Vanger	0:b86d15c6ba29	6768	bio = CyaSSL_BIO_new(CyaSSL_BIO_s_mem());
Vanger	0:b86d15c6ba29	6769	if (bio == NULL)
Vanger	0:b86d15c6ba29	6770	return bio;
Vanger	0:b86d15c6ba29	6771
Vanger	0:b86d15c6ba29	6772	bio->memLen = len;
Vanger	0:b86d15c6ba29	6773	bio->mem = (byte*)XMALLOC(len, 0, DYNAMIC_TYPE_OPENSSL);
Vanger	0:b86d15c6ba29	6774	if (bio->mem == NULL) {
Vanger	0:b86d15c6ba29	6775	XFREE(bio, 0, DYNAMIC_TYPE_OPENSSL);
Vanger	0:b86d15c6ba29	6776	return NULL;
Vanger	0:b86d15c6ba29	6777	}
Vanger	0:b86d15c6ba29	6778
Vanger	0:b86d15c6ba29	6779	XMEMCPY(bio->mem, buf, len);
Vanger	0:b86d15c6ba29	6780
Vanger	0:b86d15c6ba29	6781	return bio;
Vanger	0:b86d15c6ba29	6782	}
Vanger	0:b86d15c6ba29	6783
Vanger	0:b86d15c6ba29	6784
Vanger	0:b86d15c6ba29	6785	#ifdef USE_WINDOWS_API
Vanger	0:b86d15c6ba29	6786	#define CloseSocket(s) closesocket(s)
Vanger	0:b86d15c6ba29	6787	#elif defined(CYASSL_MDK_ARM)
Vanger	0:b86d15c6ba29	6788	#define CloseSocket(s) closesocket(s)
Vanger	0:b86d15c6ba29	6789	extern int closesocket(int) ;
Vanger	0:b86d15c6ba29	6790	#else
Vanger	0:b86d15c6ba29	6791	#define CloseSocket(s) close(s)
Vanger	0:b86d15c6ba29	6792	#endif
Vanger	0:b86d15c6ba29	6793
Vanger	0:b86d15c6ba29	6794	int CyaSSL_BIO_free(CYASSL_BIO* bio)
Vanger	0:b86d15c6ba29	6795	{
Vanger	0:b86d15c6ba29	6796	/* unchain?, doesn't matter in goahead since from free all */
Vanger	0:b86d15c6ba29	6797	CYASSL_ENTER("BIO_free");
Vanger	0:b86d15c6ba29	6798	if (bio) {
Vanger	0:b86d15c6ba29	6799	if (bio->close) {
Vanger	0:b86d15c6ba29	6800	if (bio->ssl)
Vanger	0:b86d15c6ba29	6801	CyaSSL_free(bio->ssl);
Vanger	0:b86d15c6ba29	6802	if (bio->fd)
Vanger	0:b86d15c6ba29	6803	CloseSocket(bio->fd);
Vanger	0:b86d15c6ba29	6804	}
Vanger	0:b86d15c6ba29	6805	if (bio->mem)
Vanger	0:b86d15c6ba29	6806	XFREE(bio->mem, 0, DYNAMIC_TYPE_OPENSSL);
Vanger	0:b86d15c6ba29	6807	XFREE(bio, 0, DYNAMIC_TYPE_OPENSSL);
Vanger	0:b86d15c6ba29	6808	}
Vanger	0:b86d15c6ba29	6809	return 0;
Vanger	0:b86d15c6ba29	6810	}
Vanger	0:b86d15c6ba29	6811
Vanger	0:b86d15c6ba29	6812
Vanger	0:b86d15c6ba29	6813	int CyaSSL_BIO_free_all(CYASSL_BIO* bio)
Vanger	0:b86d15c6ba29	6814	{
Vanger	0:b86d15c6ba29	6815	CYASSL_ENTER("BIO_free_all");
Vanger	0:b86d15c6ba29	6816	while (bio) {
Vanger	0:b86d15c6ba29	6817	CYASSL_BIO* next = bio->next;
Vanger	0:b86d15c6ba29	6818	CyaSSL_BIO_free(bio);
Vanger	0:b86d15c6ba29	6819	bio = next;
Vanger	0:b86d15c6ba29	6820	}
Vanger	0:b86d15c6ba29	6821	return 0;
Vanger	0:b86d15c6ba29	6822	}
Vanger	0:b86d15c6ba29	6823
Vanger	0:b86d15c6ba29	6824
Vanger	0:b86d15c6ba29	6825	int CyaSSL_BIO_read(CYASSL_BIO* bio, void* buf, int len)
Vanger	0:b86d15c6ba29	6826	{
Vanger	0:b86d15c6ba29	6827	int ret;
Vanger	0:b86d15c6ba29	6828	CYASSL* ssl = 0;
Vanger	0:b86d15c6ba29	6829	CYASSL_BIO* front = bio;
Vanger	0:b86d15c6ba29	6830
Vanger	0:b86d15c6ba29	6831	CYASSL_ENTER("BIO_read");
Vanger	0:b86d15c6ba29	6832	/* already got eof, again is error */
Vanger	0:b86d15c6ba29	6833	if (front->eof)
Vanger	0:b86d15c6ba29	6834	return SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	6835
Vanger	0:b86d15c6ba29	6836	while(bio && ((ssl = bio->ssl) == 0) )
Vanger	0:b86d15c6ba29	6837	bio = bio->next;
Vanger	0:b86d15c6ba29	6838
Vanger	0:b86d15c6ba29	6839	if (ssl == 0) return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	6840
Vanger	0:b86d15c6ba29	6841	ret = CyaSSL_read(ssl, buf, len);
Vanger	0:b86d15c6ba29	6842	if (ret == 0)
Vanger	0:b86d15c6ba29	6843	front->eof = 1;
Vanger	0:b86d15c6ba29	6844	else if (ret < 0) {
Vanger	0:b86d15c6ba29	6845	int err = CyaSSL_get_error(ssl, 0);
Vanger	0:b86d15c6ba29	6846	if ( !(err == SSL_ERROR_WANT_READ \|\| err == SSL_ERROR_WANT_WRITE) )
Vanger	0:b86d15c6ba29	6847	front->eof = 1;
Vanger	0:b86d15c6ba29	6848	}
Vanger	0:b86d15c6ba29	6849	return ret;
Vanger	0:b86d15c6ba29	6850	}
Vanger	0:b86d15c6ba29	6851
Vanger	0:b86d15c6ba29	6852
Vanger	0:b86d15c6ba29	6853	int CyaSSL_BIO_write(CYASSL_BIO* bio, const void* data, int len)
Vanger	0:b86d15c6ba29	6854	{
Vanger	0:b86d15c6ba29	6855	int ret;
Vanger	0:b86d15c6ba29	6856	CYASSL* ssl = 0;
Vanger	0:b86d15c6ba29	6857	CYASSL_BIO* front = bio;
Vanger	0:b86d15c6ba29	6858
Vanger	0:b86d15c6ba29	6859	CYASSL_ENTER("BIO_write");
Vanger	0:b86d15c6ba29	6860	/* already got eof, again is error */
Vanger	0:b86d15c6ba29	6861	if (front->eof)
Vanger	0:b86d15c6ba29	6862	return SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	6863
Vanger	0:b86d15c6ba29	6864	while(bio && ((ssl = bio->ssl) == 0) )
Vanger	0:b86d15c6ba29	6865	bio = bio->next;
Vanger	0:b86d15c6ba29	6866
Vanger	0:b86d15c6ba29	6867	if (ssl == 0) return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	6868
Vanger	0:b86d15c6ba29	6869	ret = CyaSSL_write(ssl, data, len);
Vanger	0:b86d15c6ba29	6870	if (ret == 0)
Vanger	0:b86d15c6ba29	6871	front->eof = 1;
Vanger	0:b86d15c6ba29	6872	else if (ret < 0) {
Vanger	0:b86d15c6ba29	6873	int err = CyaSSL_get_error(ssl, 0);
Vanger	0:b86d15c6ba29	6874	if ( !(err == SSL_ERROR_WANT_READ \|\| err == SSL_ERROR_WANT_WRITE) )
Vanger	0:b86d15c6ba29	6875	front->eof = 1;
Vanger	0:b86d15c6ba29	6876	}
Vanger	0:b86d15c6ba29	6877
Vanger	0:b86d15c6ba29	6878	return ret;
Vanger	0:b86d15c6ba29	6879	}
Vanger	0:b86d15c6ba29	6880
Vanger	0:b86d15c6ba29	6881
Vanger	0:b86d15c6ba29	6882	CYASSL_BIO* CyaSSL_BIO_push(CYASSL_BIO* top, CYASSL_BIO* append)
Vanger	0:b86d15c6ba29	6883	{
Vanger	0:b86d15c6ba29	6884	CYASSL_ENTER("BIO_push");
Vanger	0:b86d15c6ba29	6885	top->next = append;
Vanger	0:b86d15c6ba29	6886	append->prev = top;
Vanger	0:b86d15c6ba29	6887
Vanger	0:b86d15c6ba29	6888	return top;
Vanger	0:b86d15c6ba29	6889	}
Vanger	0:b86d15c6ba29	6890
Vanger	0:b86d15c6ba29	6891
Vanger	0:b86d15c6ba29	6892	int CyaSSL_BIO_flush(CYASSL_BIO* bio)
Vanger	0:b86d15c6ba29	6893	{
Vanger	0:b86d15c6ba29	6894	/* for CyaSSL no flushing needed */
Vanger	0:b86d15c6ba29	6895	CYASSL_ENTER("BIO_flush");
Vanger	0:b86d15c6ba29	6896	(void)bio;
Vanger	0:b86d15c6ba29	6897	return 1;
Vanger	0:b86d15c6ba29	6898	}
Vanger	0:b86d15c6ba29	6899
Vanger	0:b86d15c6ba29	6900
Vanger	0:b86d15c6ba29	6901	#endif /* OPENSSL_EXTRA \|\| GOAHEAD_WS */
Vanger	0:b86d15c6ba29	6902
Vanger	0:b86d15c6ba29	6903
Vanger	0:b86d15c6ba29	6904	#if defined(OPENSSL_EXTRA) \|\| defined(HAVE_WEBSERVER)
Vanger	0:b86d15c6ba29	6905
Vanger	0:b86d15c6ba29	6906	void CyaSSL_CTX_set_default_passwd_cb_userdata(CYASSL_CTX* ctx,
Vanger	0:b86d15c6ba29	6907	void* userdata)
Vanger	0:b86d15c6ba29	6908	{
Vanger	0:b86d15c6ba29	6909	CYASSL_ENTER("SSL_CTX_set_default_passwd_cb_userdata");
Vanger	0:b86d15c6ba29	6910	ctx->userdata = userdata;
Vanger	0:b86d15c6ba29	6911	}
Vanger	0:b86d15c6ba29	6912
Vanger	0:b86d15c6ba29	6913
Vanger	0:b86d15c6ba29	6914	void CyaSSL_CTX_set_default_passwd_cb(CYASSL_CTX* ctx, pem_password_cb cb)
Vanger	0:b86d15c6ba29	6915	{
Vanger	0:b86d15c6ba29	6916	CYASSL_ENTER("SSL_CTX_set_default_passwd_cb");
Vanger	0:b86d15c6ba29	6917	ctx->passwd_cb = cb;
Vanger	0:b86d15c6ba29	6918	}
Vanger	0:b86d15c6ba29	6919
Vanger	0:b86d15c6ba29	6920	int CyaSSL_num_locks(void)
Vanger	0:b86d15c6ba29	6921	{
Vanger	0:b86d15c6ba29	6922	return 0;
Vanger	0:b86d15c6ba29	6923	}
Vanger	0:b86d15c6ba29	6924
Vanger	0:b86d15c6ba29	6925	void CyaSSL_set_locking_callback(void (f)(int, int, const char, int))
Vanger	0:b86d15c6ba29	6926	{
Vanger	0:b86d15c6ba29	6927	(void)f;
Vanger	0:b86d15c6ba29	6928	}
Vanger	0:b86d15c6ba29	6929
Vanger	0:b86d15c6ba29	6930	void CyaSSL_set_id_callback(unsigned long (*f)(void))
Vanger	0:b86d15c6ba29	6931	{
Vanger	0:b86d15c6ba29	6932	(void)f;
Vanger	0:b86d15c6ba29	6933	}
Vanger	0:b86d15c6ba29	6934
Vanger	0:b86d15c6ba29	6935	unsigned long CyaSSL_ERR_get_error(void)
Vanger	0:b86d15c6ba29	6936	{
Vanger	0:b86d15c6ba29	6937	/* TODO: */
Vanger	0:b86d15c6ba29	6938	return 0;
Vanger	0:b86d15c6ba29	6939	}
Vanger	0:b86d15c6ba29	6940
Vanger	0:b86d15c6ba29	6941	int CyaSSL_EVP_BytesToKey(const CYASSL_EVP_CIPHER* type,
Vanger	0:b86d15c6ba29	6942	const CYASSL_EVP_MD* md, const byte* salt,
Vanger	0:b86d15c6ba29	6943	const byte* data, int sz, int count, byte* key, byte* iv)
Vanger	0:b86d15c6ba29	6944	{
Vanger	0:b86d15c6ba29	6945	int keyLen = 0;
Vanger	0:b86d15c6ba29	6946	int ivLen = 0;
Vanger	0:b86d15c6ba29	6947	int j;
Vanger	0:b86d15c6ba29	6948	int keyLeft;
Vanger	0:b86d15c6ba29	6949	int ivLeft;
Vanger	0:b86d15c6ba29	6950	int keyOutput = 0;
Vanger	0:b86d15c6ba29	6951	byte digest[MD5_DIGEST_SIZE];
Vanger	0:b86d15c6ba29	6952	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	6953	Md5* md5 = NULL;
Vanger	0:b86d15c6ba29	6954	#else
Vanger	0:b86d15c6ba29	6955	Md5 md5[1];
Vanger	0:b86d15c6ba29	6956	#endif
Vanger	0:b86d15c6ba29	6957
Vanger	0:b86d15c6ba29	6958	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	6959	md5 = (Md5*)XMALLOC(sizeof(Md5), NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	6960	if (md5 == NULL)
Vanger	0:b86d15c6ba29	6961	return 0;
Vanger	0:b86d15c6ba29	6962	#endif
Vanger	0:b86d15c6ba29	6963
Vanger	0:b86d15c6ba29	6964	CYASSL_ENTER("EVP_BytesToKey");
Vanger	0:b86d15c6ba29	6965	InitMd5(md5);
Vanger	0:b86d15c6ba29	6966
Vanger	0:b86d15c6ba29	6967	/* only support MD5 for now */
Vanger	0:b86d15c6ba29	6968	if (XSTRNCMP(md, "MD5", 3) != 0) return 0;
Vanger	0:b86d15c6ba29	6969
Vanger	0:b86d15c6ba29	6970	/* only support CBC DES and AES for now */
Vanger	0:b86d15c6ba29	6971	if (XSTRNCMP(type, "DES-CBC", 7) == 0) {
Vanger	0:b86d15c6ba29	6972	keyLen = DES_KEY_SIZE;
Vanger	0:b86d15c6ba29	6973	ivLen = DES_IV_SIZE;
Vanger	0:b86d15c6ba29	6974	}
Vanger	0:b86d15c6ba29	6975	else if (XSTRNCMP(type, "DES-EDE3-CBC", 12) == 0) {
Vanger	0:b86d15c6ba29	6976	keyLen = DES3_KEY_SIZE;
Vanger	0:b86d15c6ba29	6977	ivLen = DES_IV_SIZE;
Vanger	0:b86d15c6ba29	6978	}
Vanger	0:b86d15c6ba29	6979	else if (XSTRNCMP(type, "AES-128-CBC", 11) == 0) {
Vanger	0:b86d15c6ba29	6980	keyLen = AES_128_KEY_SIZE;
Vanger	0:b86d15c6ba29	6981	ivLen = AES_IV_SIZE;
Vanger	0:b86d15c6ba29	6982	}
Vanger	0:b86d15c6ba29	6983	else if (XSTRNCMP(type, "AES-192-CBC", 11) == 0) {
Vanger	0:b86d15c6ba29	6984	keyLen = AES_192_KEY_SIZE;
Vanger	0:b86d15c6ba29	6985	ivLen = AES_IV_SIZE;
Vanger	0:b86d15c6ba29	6986	}
Vanger	0:b86d15c6ba29	6987	else if (XSTRNCMP(type, "AES-256-CBC", 11) == 0) {
Vanger	0:b86d15c6ba29	6988	keyLen = AES_256_KEY_SIZE;
Vanger	0:b86d15c6ba29	6989	ivLen = AES_IV_SIZE;
Vanger	0:b86d15c6ba29	6990	}
Vanger	0:b86d15c6ba29	6991	else {
Vanger	0:b86d15c6ba29	6992	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	6993	XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	6994	#endif
Vanger	0:b86d15c6ba29	6995	return 0;
Vanger	0:b86d15c6ba29	6996	}
Vanger	0:b86d15c6ba29	6997
Vanger	0:b86d15c6ba29	6998	keyLeft = keyLen;
Vanger	0:b86d15c6ba29	6999	ivLeft = ivLen;
Vanger	0:b86d15c6ba29	7000
Vanger	0:b86d15c6ba29	7001	while (keyOutput < (keyLen + ivLen)) {
Vanger	0:b86d15c6ba29	7002	int digestLeft = MD5_DIGEST_SIZE;
Vanger	0:b86d15c6ba29	7003	/* D_(i - 1) */
Vanger	0:b86d15c6ba29	7004	if (keyOutput) /* first time D_0 is empty */
Vanger	0:b86d15c6ba29	7005	Md5Update(md5, digest, MD5_DIGEST_SIZE);
Vanger	0:b86d15c6ba29	7006	/* data */
Vanger	0:b86d15c6ba29	7007	Md5Update(md5, data, sz);
Vanger	0:b86d15c6ba29	7008	/* salt */
Vanger	0:b86d15c6ba29	7009	if (salt)
Vanger	0:b86d15c6ba29	7010	Md5Update(md5, salt, EVP_SALT_SIZE);
Vanger	0:b86d15c6ba29	7011	Md5Final(md5, digest);
Vanger	0:b86d15c6ba29	7012	/* count */
Vanger	0:b86d15c6ba29	7013	for (j = 1; j < count; j++) {
Vanger	0:b86d15c6ba29	7014	Md5Update(md5, digest, MD5_DIGEST_SIZE);
Vanger	0:b86d15c6ba29	7015	Md5Final(md5, digest);
Vanger	0:b86d15c6ba29	7016	}
Vanger	0:b86d15c6ba29	7017
Vanger	0:b86d15c6ba29	7018	if (keyLeft) {
Vanger	0:b86d15c6ba29	7019	int store = min(keyLeft, MD5_DIGEST_SIZE);
Vanger	0:b86d15c6ba29	7020	XMEMCPY(&key[keyLen - keyLeft], digest, store);
Vanger	0:b86d15c6ba29	7021
Vanger	0:b86d15c6ba29	7022	keyOutput += store;
Vanger	0:b86d15c6ba29	7023	keyLeft -= store;
Vanger	0:b86d15c6ba29	7024	digestLeft -= store;
Vanger	0:b86d15c6ba29	7025	}
Vanger	0:b86d15c6ba29	7026
Vanger	0:b86d15c6ba29	7027	if (ivLeft && digestLeft) {
Vanger	0:b86d15c6ba29	7028	int store = min(ivLeft, digestLeft);
Vanger	0:b86d15c6ba29	7029	XMEMCPY(&iv[ivLen - ivLeft], &digest[MD5_DIGEST_SIZE -
Vanger	0:b86d15c6ba29	7030	digestLeft], store);
Vanger	0:b86d15c6ba29	7031	keyOutput += store;
Vanger	0:b86d15c6ba29	7032	ivLeft -= store;
Vanger	0:b86d15c6ba29	7033	}
Vanger	0:b86d15c6ba29	7034	}
Vanger	0:b86d15c6ba29	7035
Vanger	0:b86d15c6ba29	7036	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	7037	XFREE(md5, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	7038	#endif
Vanger	0:b86d15c6ba29	7039
Vanger	0:b86d15c6ba29	7040	return keyOutput == (keyLen + ivLen) ? keyOutput : 0;
Vanger	0:b86d15c6ba29	7041	}
Vanger	0:b86d15c6ba29	7042
Vanger	0:b86d15c6ba29	7043	#endif /* OPENSSL_EXTRA \|\| HAVE_WEBSERVER */
Vanger	0:b86d15c6ba29	7044
Vanger	0:b86d15c6ba29	7045
Vanger	0:b86d15c6ba29	7046	#ifdef OPENSSL_EXTRA
Vanger	0:b86d15c6ba29	7047
Vanger	0:b86d15c6ba29	7048	unsigned long CyaSSLeay(void)
Vanger	0:b86d15c6ba29	7049	{
Vanger	0:b86d15c6ba29	7050	return SSLEAY_VERSION_NUMBER;
Vanger	0:b86d15c6ba29	7051	}
Vanger	0:b86d15c6ba29	7052
Vanger	0:b86d15c6ba29	7053
Vanger	0:b86d15c6ba29	7054	const char* CyaSSLeay_version(int type)
Vanger	0:b86d15c6ba29	7055	{
Vanger	0:b86d15c6ba29	7056	static const char* version = "SSLeay CyaSSL compatibility";
Vanger	0:b86d15c6ba29	7057	(void)type;
Vanger	0:b86d15c6ba29	7058	return version;
Vanger	0:b86d15c6ba29	7059	}
Vanger	0:b86d15c6ba29	7060
Vanger	0:b86d15c6ba29	7061
Vanger	0:b86d15c6ba29	7062	void CyaSSL_MD5_Init(CYASSL_MD5_CTX* md5)
Vanger	0:b86d15c6ba29	7063	{
Vanger	0:b86d15c6ba29	7064	typedef char md5_test[sizeof(MD5_CTX) >= sizeof(Md5) ? 1 : -1];
Vanger	0:b86d15c6ba29	7065	(void)sizeof(md5_test);
Vanger	0:b86d15c6ba29	7066
Vanger	0:b86d15c6ba29	7067	CYASSL_ENTER("MD5_Init");
Vanger	0:b86d15c6ba29	7068	InitMd5((Md5*)md5);
Vanger	0:b86d15c6ba29	7069	}
Vanger	0:b86d15c6ba29	7070
Vanger	0:b86d15c6ba29	7071
Vanger	0:b86d15c6ba29	7072	void CyaSSL_MD5_Update(CYASSL_MD5_CTX* md5, const void* input,
Vanger	0:b86d15c6ba29	7073	unsigned long sz)
Vanger	0:b86d15c6ba29	7074	{
Vanger	0:b86d15c6ba29	7075	CYASSL_ENTER("CyaSSL_MD5_Update");
Vanger	0:b86d15c6ba29	7076	Md5Update((Md5)md5, (const byte)input, (word32)sz);
Vanger	0:b86d15c6ba29	7077	}
Vanger	0:b86d15c6ba29	7078
Vanger	0:b86d15c6ba29	7079
Vanger	0:b86d15c6ba29	7080	void CyaSSL_MD5_Final(byte* input, CYASSL_MD5_CTX* md5)
Vanger	0:b86d15c6ba29	7081	{
Vanger	0:b86d15c6ba29	7082	CYASSL_ENTER("MD5_Final");
Vanger	0:b86d15c6ba29	7083	Md5Final((Md5*)md5, input);
Vanger	0:b86d15c6ba29	7084	}
Vanger	0:b86d15c6ba29	7085
Vanger	0:b86d15c6ba29	7086
Vanger	0:b86d15c6ba29	7087	void CyaSSL_SHA_Init(CYASSL_SHA_CTX* sha)
Vanger	0:b86d15c6ba29	7088	{
Vanger	0:b86d15c6ba29	7089	typedef char sha_test[sizeof(SHA_CTX) >= sizeof(Sha) ? 1 : -1];
Vanger	0:b86d15c6ba29	7090	(void)sizeof(sha_test);
Vanger	0:b86d15c6ba29	7091
Vanger	0:b86d15c6ba29	7092	CYASSL_ENTER("SHA_Init");
Vanger	0:b86d15c6ba29	7093	InitSha((Sha)sha); / OpenSSL compat, no ret */
Vanger	0:b86d15c6ba29	7094	}
Vanger	0:b86d15c6ba29	7095
Vanger	0:b86d15c6ba29	7096
Vanger	0:b86d15c6ba29	7097	void CyaSSL_SHA_Update(CYASSL_SHA_CTX* sha, const void* input,
Vanger	0:b86d15c6ba29	7098	unsigned long sz)
Vanger	0:b86d15c6ba29	7099	{
Vanger	0:b86d15c6ba29	7100	CYASSL_ENTER("SHA_Update");
Vanger	0:b86d15c6ba29	7101	ShaUpdate((Sha)sha, (const byte)input, (word32)sz);
Vanger	0:b86d15c6ba29	7102	}
Vanger	0:b86d15c6ba29	7103
Vanger	0:b86d15c6ba29	7104
Vanger	0:b86d15c6ba29	7105	void CyaSSL_SHA_Final(byte* input, CYASSL_SHA_CTX* sha)
Vanger	0:b86d15c6ba29	7106	{
Vanger	0:b86d15c6ba29	7107	CYASSL_ENTER("SHA_Final");
Vanger	0:b86d15c6ba29	7108	ShaFinal((Sha*)sha, input);
Vanger	0:b86d15c6ba29	7109	}
Vanger	0:b86d15c6ba29	7110
Vanger	0:b86d15c6ba29	7111
Vanger	0:b86d15c6ba29	7112	void CyaSSL_SHA1_Init(CYASSL_SHA_CTX* sha)
Vanger	0:b86d15c6ba29	7113	{
Vanger	0:b86d15c6ba29	7114	CYASSL_ENTER("SHA1_Init");
Vanger	0:b86d15c6ba29	7115	SHA_Init(sha);
Vanger	0:b86d15c6ba29	7116	}
Vanger	0:b86d15c6ba29	7117
Vanger	0:b86d15c6ba29	7118
Vanger	0:b86d15c6ba29	7119	void CyaSSL_SHA1_Update(CYASSL_SHA_CTX* sha, const void* input,
Vanger	0:b86d15c6ba29	7120	unsigned long sz)
Vanger	0:b86d15c6ba29	7121	{
Vanger	0:b86d15c6ba29	7122	CYASSL_ENTER("SHA1_Update");
Vanger	0:b86d15c6ba29	7123	SHA_Update(sha, input, sz);
Vanger	0:b86d15c6ba29	7124	}
Vanger	0:b86d15c6ba29	7125
Vanger	0:b86d15c6ba29	7126
Vanger	0:b86d15c6ba29	7127	void CyaSSL_SHA1_Final(byte* input, CYASSL_SHA_CTX* sha)
Vanger	0:b86d15c6ba29	7128	{
Vanger	0:b86d15c6ba29	7129	CYASSL_ENTER("SHA1_Final");
Vanger	0:b86d15c6ba29	7130	SHA_Final(input, sha);
Vanger	0:b86d15c6ba29	7131	}
Vanger	0:b86d15c6ba29	7132
Vanger	0:b86d15c6ba29	7133
Vanger	0:b86d15c6ba29	7134	void CyaSSL_SHA256_Init(CYASSL_SHA256_CTX* sha256)
Vanger	0:b86d15c6ba29	7135	{
Vanger	0:b86d15c6ba29	7136	typedef char sha_test[sizeof(SHA256_CTX) >= sizeof(Sha256) ? 1 : -1];
Vanger	0:b86d15c6ba29	7137	(void)sizeof(sha_test);
Vanger	0:b86d15c6ba29	7138
Vanger	0:b86d15c6ba29	7139	CYASSL_ENTER("SHA256_Init");
Vanger	0:b86d15c6ba29	7140	InitSha256((Sha256)sha256); / OpenSSL compat, no error */
Vanger	0:b86d15c6ba29	7141	}
Vanger	0:b86d15c6ba29	7142
Vanger	0:b86d15c6ba29	7143
Vanger	0:b86d15c6ba29	7144	void CyaSSL_SHA256_Update(CYASSL_SHA256_CTX* sha, const void* input,
Vanger	0:b86d15c6ba29	7145	unsigned long sz)
Vanger	0:b86d15c6ba29	7146	{
Vanger	0:b86d15c6ba29	7147	CYASSL_ENTER("SHA256_Update");
Vanger	0:b86d15c6ba29	7148	Sha256Update((Sha256)sha, (const byte)input, (word32)sz);
Vanger	0:b86d15c6ba29	7149	/* OpenSSL compat, no error */
Vanger	0:b86d15c6ba29	7150	}
Vanger	0:b86d15c6ba29	7151
Vanger	0:b86d15c6ba29	7152
Vanger	0:b86d15c6ba29	7153	void CyaSSL_SHA256_Final(byte* input, CYASSL_SHA256_CTX* sha)
Vanger	0:b86d15c6ba29	7154	{
Vanger	0:b86d15c6ba29	7155	CYASSL_ENTER("SHA256_Final");
Vanger	0:b86d15c6ba29	7156	Sha256Final((Sha256*)sha, input);
Vanger	0:b86d15c6ba29	7157	/* OpenSSL compat, no error */
Vanger	0:b86d15c6ba29	7158	}
Vanger	0:b86d15c6ba29	7159
Vanger	0:b86d15c6ba29	7160
Vanger	0:b86d15c6ba29	7161	#ifdef CYASSL_SHA384
Vanger	0:b86d15c6ba29	7162
Vanger	0:b86d15c6ba29	7163	void CyaSSL_SHA384_Init(CYASSL_SHA384_CTX* sha)
Vanger	0:b86d15c6ba29	7164	{
Vanger	0:b86d15c6ba29	7165	typedef char sha_test[sizeof(SHA384_CTX) >= sizeof(Sha384) ? 1 : -1];
Vanger	0:b86d15c6ba29	7166	(void)sizeof(sha_test);
Vanger	0:b86d15c6ba29	7167
Vanger	0:b86d15c6ba29	7168	CYASSL_ENTER("SHA384_Init");
Vanger	0:b86d15c6ba29	7169	InitSha384((Sha384)sha); / OpenSSL compat, no error */
Vanger	0:b86d15c6ba29	7170	}
Vanger	0:b86d15c6ba29	7171
Vanger	0:b86d15c6ba29	7172
Vanger	0:b86d15c6ba29	7173	void CyaSSL_SHA384_Update(CYASSL_SHA384_CTX* sha, const void* input,
Vanger	0:b86d15c6ba29	7174	unsigned long sz)
Vanger	0:b86d15c6ba29	7175	{
Vanger	0:b86d15c6ba29	7176	CYASSL_ENTER("SHA384_Update");
Vanger	0:b86d15c6ba29	7177	Sha384Update((Sha384)sha, (const byte)input, (word32)sz);
Vanger	0:b86d15c6ba29	7178	/* OpenSSL compat, no error */
Vanger	0:b86d15c6ba29	7179	}
Vanger	0:b86d15c6ba29	7180
Vanger	0:b86d15c6ba29	7181
Vanger	0:b86d15c6ba29	7182	void CyaSSL_SHA384_Final(byte* input, CYASSL_SHA384_CTX* sha)
Vanger	0:b86d15c6ba29	7183	{
Vanger	0:b86d15c6ba29	7184	CYASSL_ENTER("SHA384_Final");
Vanger	0:b86d15c6ba29	7185	Sha384Final((Sha384*)sha, input);
Vanger	0:b86d15c6ba29	7186	/* OpenSSL compat, no error */
Vanger	0:b86d15c6ba29	7187	}
Vanger	0:b86d15c6ba29	7188
Vanger	0:b86d15c6ba29	7189	#endif /* CYASSL_SHA384 */
Vanger	0:b86d15c6ba29	7190
Vanger	0:b86d15c6ba29	7191
Vanger	0:b86d15c6ba29	7192	#ifdef CYASSL_SHA512
Vanger	0:b86d15c6ba29	7193
Vanger	0:b86d15c6ba29	7194	void CyaSSL_SHA512_Init(CYASSL_SHA512_CTX* sha)
Vanger	0:b86d15c6ba29	7195	{
Vanger	0:b86d15c6ba29	7196	typedef char sha_test[sizeof(SHA512_CTX) >= sizeof(Sha512) ? 1 : -1];
Vanger	0:b86d15c6ba29	7197	(void)sizeof(sha_test);
Vanger	0:b86d15c6ba29	7198
Vanger	0:b86d15c6ba29	7199	CYASSL_ENTER("SHA512_Init");
Vanger	0:b86d15c6ba29	7200	InitSha512((Sha512)sha); / OpenSSL compat, no error */
Vanger	0:b86d15c6ba29	7201	}
Vanger	0:b86d15c6ba29	7202
Vanger	0:b86d15c6ba29	7203
Vanger	0:b86d15c6ba29	7204	void CyaSSL_SHA512_Update(CYASSL_SHA512_CTX* sha, const void* input,
Vanger	0:b86d15c6ba29	7205	unsigned long sz)
Vanger	0:b86d15c6ba29	7206	{
Vanger	0:b86d15c6ba29	7207	CYASSL_ENTER("SHA512_Update");
Vanger	0:b86d15c6ba29	7208	Sha512Update((Sha512)sha, (const byte)input, (word32)sz);
Vanger	0:b86d15c6ba29	7209	/* OpenSSL compat, no error */
Vanger	0:b86d15c6ba29	7210	}
Vanger	0:b86d15c6ba29	7211
Vanger	0:b86d15c6ba29	7212
Vanger	0:b86d15c6ba29	7213	void CyaSSL_SHA512_Final(byte* input, CYASSL_SHA512_CTX* sha)
Vanger	0:b86d15c6ba29	7214	{
Vanger	0:b86d15c6ba29	7215	CYASSL_ENTER("SHA512_Final");
Vanger	0:b86d15c6ba29	7216	Sha512Final((Sha512*)sha, input);
Vanger	0:b86d15c6ba29	7217	/* OpenSSL compat, no error */
Vanger	0:b86d15c6ba29	7218	}
Vanger	0:b86d15c6ba29	7219
Vanger	0:b86d15c6ba29	7220	#endif /* CYASSL_SHA512 */
Vanger	0:b86d15c6ba29	7221
Vanger	0:b86d15c6ba29	7222
Vanger	0:b86d15c6ba29	7223	const CYASSL_EVP_MD* CyaSSL_EVP_md5(void)
Vanger	0:b86d15c6ba29	7224	{
Vanger	0:b86d15c6ba29	7225	static const char* type = "MD5";
Vanger	0:b86d15c6ba29	7226	CYASSL_ENTER("EVP_md5");
Vanger	0:b86d15c6ba29	7227	return type;
Vanger	0:b86d15c6ba29	7228	}
Vanger	0:b86d15c6ba29	7229
Vanger	0:b86d15c6ba29	7230
Vanger	0:b86d15c6ba29	7231	const CYASSL_EVP_MD* CyaSSL_EVP_sha1(void)
Vanger	0:b86d15c6ba29	7232	{
Vanger	0:b86d15c6ba29	7233	static const char* type = "SHA";
Vanger	0:b86d15c6ba29	7234	CYASSL_ENTER("EVP_sha1");
Vanger	0:b86d15c6ba29	7235	return type;
Vanger	0:b86d15c6ba29	7236	}
Vanger	0:b86d15c6ba29	7237
Vanger	0:b86d15c6ba29	7238
Vanger	0:b86d15c6ba29	7239	const CYASSL_EVP_MD* CyaSSL_EVP_sha256(void)
Vanger	0:b86d15c6ba29	7240	{
Vanger	0:b86d15c6ba29	7241	static const char* type = "SHA256";
Vanger	0:b86d15c6ba29	7242	CYASSL_ENTER("EVP_sha256");
Vanger	0:b86d15c6ba29	7243	return type;
Vanger	0:b86d15c6ba29	7244	}
Vanger	0:b86d15c6ba29	7245
Vanger	0:b86d15c6ba29	7246	#ifdef CYASSL_SHA384
Vanger	0:b86d15c6ba29	7247
Vanger	0:b86d15c6ba29	7248	const CYASSL_EVP_MD* CyaSSL_EVP_sha384(void)
Vanger	0:b86d15c6ba29	7249	{
Vanger	0:b86d15c6ba29	7250	static const char* type = "SHA384";
Vanger	0:b86d15c6ba29	7251	CYASSL_ENTER("EVP_sha384");
Vanger	0:b86d15c6ba29	7252	return type;
Vanger	0:b86d15c6ba29	7253	}
Vanger	0:b86d15c6ba29	7254
Vanger	0:b86d15c6ba29	7255	#endif /* CYASSL_SHA384 */
Vanger	0:b86d15c6ba29	7256
Vanger	0:b86d15c6ba29	7257	#ifdef CYASSL_SHA512
Vanger	0:b86d15c6ba29	7258
Vanger	0:b86d15c6ba29	7259	const CYASSL_EVP_MD* CyaSSL_EVP_sha512(void)
Vanger	0:b86d15c6ba29	7260	{
Vanger	0:b86d15c6ba29	7261	static const char* type = "SHA512";
Vanger	0:b86d15c6ba29	7262	CYASSL_ENTER("EVP_sha512");
Vanger	0:b86d15c6ba29	7263	return type;
Vanger	0:b86d15c6ba29	7264	}
Vanger	0:b86d15c6ba29	7265
Vanger	0:b86d15c6ba29	7266	#endif /* CYASSL_SHA512 */
Vanger	0:b86d15c6ba29	7267
Vanger	0:b86d15c6ba29	7268
Vanger	0:b86d15c6ba29	7269	void CyaSSL_EVP_MD_CTX_init(CYASSL_EVP_MD_CTX* ctx)
Vanger	0:b86d15c6ba29	7270	{
Vanger	0:b86d15c6ba29	7271	CYASSL_ENTER("EVP_CIPHER_MD_CTX_init");
Vanger	0:b86d15c6ba29	7272	(void)ctx;
Vanger	0:b86d15c6ba29	7273	/* do nothing */
Vanger	0:b86d15c6ba29	7274	}
Vanger	0:b86d15c6ba29	7275
Vanger	0:b86d15c6ba29	7276
Vanger	0:b86d15c6ba29	7277	const CYASSL_EVP_CIPHER* CyaSSL_EVP_aes_128_cbc(void)
Vanger	0:b86d15c6ba29	7278	{
Vanger	0:b86d15c6ba29	7279	static const char* type = "AES128-CBC";
Vanger	0:b86d15c6ba29	7280	CYASSL_ENTER("CyaSSL_EVP_aes_128_cbc");
Vanger	0:b86d15c6ba29	7281	return type;
Vanger	0:b86d15c6ba29	7282	}
Vanger	0:b86d15c6ba29	7283
Vanger	0:b86d15c6ba29	7284
Vanger	0:b86d15c6ba29	7285	const CYASSL_EVP_CIPHER* CyaSSL_EVP_aes_192_cbc(void)
Vanger	0:b86d15c6ba29	7286	{
Vanger	0:b86d15c6ba29	7287	static const char* type = "AES192-CBC";
Vanger	0:b86d15c6ba29	7288	CYASSL_ENTER("CyaSSL_EVP_aes_192_cbc");
Vanger	0:b86d15c6ba29	7289	return type;
Vanger	0:b86d15c6ba29	7290	}
Vanger	0:b86d15c6ba29	7291
Vanger	0:b86d15c6ba29	7292
Vanger	0:b86d15c6ba29	7293	const CYASSL_EVP_CIPHER* CyaSSL_EVP_aes_256_cbc(void)
Vanger	0:b86d15c6ba29	7294	{
Vanger	0:b86d15c6ba29	7295	static const char* type = "AES256-CBC";
Vanger	0:b86d15c6ba29	7296	CYASSL_ENTER("CyaSSL_EVP_aes_256_cbc");
Vanger	0:b86d15c6ba29	7297	return type;
Vanger	0:b86d15c6ba29	7298	}
Vanger	0:b86d15c6ba29	7299
Vanger	0:b86d15c6ba29	7300
Vanger	0:b86d15c6ba29	7301	const CYASSL_EVP_CIPHER* CyaSSL_EVP_aes_128_ctr(void)
Vanger	0:b86d15c6ba29	7302	{
Vanger	0:b86d15c6ba29	7303	static const char* type = "AES128-CTR";
Vanger	0:b86d15c6ba29	7304	CYASSL_ENTER("CyaSSL_EVP_aes_128_ctr");
Vanger	0:b86d15c6ba29	7305	return type;
Vanger	0:b86d15c6ba29	7306	}
Vanger	0:b86d15c6ba29	7307
Vanger	0:b86d15c6ba29	7308
Vanger	0:b86d15c6ba29	7309	const CYASSL_EVP_CIPHER* CyaSSL_EVP_aes_192_ctr(void)
Vanger	0:b86d15c6ba29	7310	{
Vanger	0:b86d15c6ba29	7311	static const char* type = "AES192-CTR";
Vanger	0:b86d15c6ba29	7312	CYASSL_ENTER("CyaSSL_EVP_aes_192_ctr");
Vanger	0:b86d15c6ba29	7313	return type;
Vanger	0:b86d15c6ba29	7314	}
Vanger	0:b86d15c6ba29	7315
Vanger	0:b86d15c6ba29	7316
Vanger	0:b86d15c6ba29	7317	const CYASSL_EVP_CIPHER* CyaSSL_EVP_aes_256_ctr(void)
Vanger	0:b86d15c6ba29	7318	{
Vanger	0:b86d15c6ba29	7319	static const char* type = "AES256-CTR";
Vanger	0:b86d15c6ba29	7320	CYASSL_ENTER("CyaSSL_EVP_aes_256_ctr");
Vanger	0:b86d15c6ba29	7321	return type;
Vanger	0:b86d15c6ba29	7322	}
Vanger	0:b86d15c6ba29	7323
Vanger	0:b86d15c6ba29	7324
Vanger	0:b86d15c6ba29	7325	const CYASSL_EVP_CIPHER* CyaSSL_EVP_des_cbc(void)
Vanger	0:b86d15c6ba29	7326	{
Vanger	0:b86d15c6ba29	7327	static const char* type = "DES-CBC";
Vanger	0:b86d15c6ba29	7328	CYASSL_ENTER("CyaSSL_EVP_des_cbc");
Vanger	0:b86d15c6ba29	7329	return type;
Vanger	0:b86d15c6ba29	7330	}
Vanger	0:b86d15c6ba29	7331
Vanger	0:b86d15c6ba29	7332
Vanger	0:b86d15c6ba29	7333	const CYASSL_EVP_CIPHER* CyaSSL_EVP_des_ede3_cbc(void)
Vanger	0:b86d15c6ba29	7334	{
Vanger	0:b86d15c6ba29	7335	static const char* type = "DES-EDE3-CBC";
Vanger	0:b86d15c6ba29	7336	CYASSL_ENTER("CyaSSL_EVP_des_ede3_cbc");
Vanger	0:b86d15c6ba29	7337	return type;
Vanger	0:b86d15c6ba29	7338	}
Vanger	0:b86d15c6ba29	7339
Vanger	0:b86d15c6ba29	7340
Vanger	0:b86d15c6ba29	7341	const CYASSL_EVP_CIPHER* CyaSSL_EVP_rc4(void)
Vanger	0:b86d15c6ba29	7342	{
Vanger	0:b86d15c6ba29	7343	static const char* type = "ARC4";
Vanger	0:b86d15c6ba29	7344	CYASSL_ENTER("CyaSSL_EVP_rc4");
Vanger	0:b86d15c6ba29	7345	return type;
Vanger	0:b86d15c6ba29	7346	}
Vanger	0:b86d15c6ba29	7347
Vanger	0:b86d15c6ba29	7348
Vanger	0:b86d15c6ba29	7349	const CYASSL_EVP_CIPHER* CyaSSL_EVP_enc_null(void)
Vanger	0:b86d15c6ba29	7350	{
Vanger	0:b86d15c6ba29	7351	static const char* type = "NULL";
Vanger	0:b86d15c6ba29	7352	CYASSL_ENTER("CyaSSL_EVP_enc_null");
Vanger	0:b86d15c6ba29	7353	return type;
Vanger	0:b86d15c6ba29	7354	}
Vanger	0:b86d15c6ba29	7355
Vanger	0:b86d15c6ba29	7356
Vanger	0:b86d15c6ba29	7357	int CyaSSL_EVP_MD_CTX_cleanup(CYASSL_EVP_MD_CTX* ctx)
Vanger	0:b86d15c6ba29	7358	{
Vanger	0:b86d15c6ba29	7359	CYASSL_ENTER("EVP_MD_CTX_cleanup");
Vanger	0:b86d15c6ba29	7360	(void)ctx;
Vanger	0:b86d15c6ba29	7361	return 0;
Vanger	0:b86d15c6ba29	7362	}
Vanger	0:b86d15c6ba29	7363
Vanger	0:b86d15c6ba29	7364
Vanger	0:b86d15c6ba29	7365
Vanger	0:b86d15c6ba29	7366	void CyaSSL_EVP_CIPHER_CTX_init(CYASSL_EVP_CIPHER_CTX* ctx)
Vanger	0:b86d15c6ba29	7367	{
Vanger	0:b86d15c6ba29	7368	CYASSL_ENTER("EVP_CIPHER_CTX_init");
Vanger	0:b86d15c6ba29	7369	if (ctx) {
Vanger	0:b86d15c6ba29	7370	ctx->cipherType = 0xff; /* no init */
Vanger	0:b86d15c6ba29	7371	ctx->keyLen = 0;
Vanger	0:b86d15c6ba29	7372	ctx->enc = 1; /* start in encrypt mode */
Vanger	0:b86d15c6ba29	7373	}
Vanger	0:b86d15c6ba29	7374	}
Vanger	0:b86d15c6ba29	7375
Vanger	0:b86d15c6ba29	7376
Vanger	0:b86d15c6ba29	7377	/* SSL_SUCCESS on ok */
Vanger	0:b86d15c6ba29	7378	int CyaSSL_EVP_CIPHER_CTX_cleanup(CYASSL_EVP_CIPHER_CTX* ctx)
Vanger	0:b86d15c6ba29	7379	{
Vanger	0:b86d15c6ba29	7380	CYASSL_ENTER("EVP_CIPHER_CTX_cleanup");
Vanger	0:b86d15c6ba29	7381	if (ctx) {
Vanger	0:b86d15c6ba29	7382	ctx->cipherType = 0xff; /* no more init */
Vanger	0:b86d15c6ba29	7383	ctx->keyLen = 0;
Vanger	0:b86d15c6ba29	7384	}
Vanger	0:b86d15c6ba29	7385
Vanger	0:b86d15c6ba29	7386	return SSL_SUCCESS;
Vanger	0:b86d15c6ba29	7387	}
Vanger	0:b86d15c6ba29	7388
Vanger	0:b86d15c6ba29	7389
Vanger	0:b86d15c6ba29	7390	/* SSL_SUCCESS on ok */
Vanger	0:b86d15c6ba29	7391	int CyaSSL_EVP_CipherInit(CYASSL_EVP_CIPHER_CTX* ctx,
Vanger	0:b86d15c6ba29	7392	const CYASSL_EVP_CIPHER* type, byte* key,
Vanger	0:b86d15c6ba29	7393	byte* iv, int enc)
Vanger	0:b86d15c6ba29	7394	{
Vanger	0:b86d15c6ba29	7395	int ret = 0;
Vanger	0:b86d15c6ba29	7396
Vanger	0:b86d15c6ba29	7397	CYASSL_ENTER("CyaSSL_EVP_CipherInit");
Vanger	0:b86d15c6ba29	7398	if (ctx == NULL) {
Vanger	0:b86d15c6ba29	7399	CYASSL_MSG("no ctx");
Vanger	0:b86d15c6ba29	7400	return 0; /* failure */
Vanger	0:b86d15c6ba29	7401	}
Vanger	0:b86d15c6ba29	7402
Vanger	0:b86d15c6ba29	7403	if (type == NULL && ctx->cipherType == 0xff) {
Vanger	0:b86d15c6ba29	7404	CYASSL_MSG("no type set");
Vanger	0:b86d15c6ba29	7405	return 0; /* failure */
Vanger	0:b86d15c6ba29	7406	}
Vanger	0:b86d15c6ba29	7407
Vanger	0:b86d15c6ba29	7408	if (ctx->cipherType == AES_128_CBC_TYPE \|\| (type &&
Vanger	0:b86d15c6ba29	7409	XSTRNCMP(type, "AES128-CBC", 10) == 0)) {
Vanger	0:b86d15c6ba29	7410	CYASSL_MSG("AES-128-CBC");
Vanger	0:b86d15c6ba29	7411	ctx->cipherType = AES_128_CBC_TYPE;
Vanger	0:b86d15c6ba29	7412	ctx->keyLen = 16;
Vanger	0:b86d15c6ba29	7413	if (enc == 0 \|\| enc == 1)
Vanger	0:b86d15c6ba29	7414	ctx->enc = enc ? 1 : 0;
Vanger	0:b86d15c6ba29	7415	if (key) {
Vanger	0:b86d15c6ba29	7416	ret = AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv,
Vanger	0:b86d15c6ba29	7417	ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION);
Vanger	0:b86d15c6ba29	7418	if (ret != 0)
Vanger	0:b86d15c6ba29	7419	return ret;
Vanger	0:b86d15c6ba29	7420	}
Vanger	0:b86d15c6ba29	7421	if (iv && key == NULL) {
Vanger	0:b86d15c6ba29	7422	ret = AesSetIV(&ctx->cipher.aes, iv);
Vanger	0:b86d15c6ba29	7423	if (ret != 0)
Vanger	0:b86d15c6ba29	7424	return ret;
Vanger	0:b86d15c6ba29	7425	}
Vanger	0:b86d15c6ba29	7426	}
Vanger	0:b86d15c6ba29	7427	else if (ctx->cipherType == AES_192_CBC_TYPE \|\| (type &&
Vanger	0:b86d15c6ba29	7428	XSTRNCMP(type, "AES192-CBC", 10) == 0)) {
Vanger	0:b86d15c6ba29	7429	CYASSL_MSG("AES-192-CBC");
Vanger	0:b86d15c6ba29	7430	ctx->cipherType = AES_192_CBC_TYPE;
Vanger	0:b86d15c6ba29	7431	ctx->keyLen = 24;
Vanger	0:b86d15c6ba29	7432	if (enc == 0 \|\| enc == 1)
Vanger	0:b86d15c6ba29	7433	ctx->enc = enc ? 1 : 0;
Vanger	0:b86d15c6ba29	7434	if (key) {
Vanger	0:b86d15c6ba29	7435	ret = AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv,
Vanger	0:b86d15c6ba29	7436	ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION);
Vanger	0:b86d15c6ba29	7437	if (ret != 0)
Vanger	0:b86d15c6ba29	7438	return ret;
Vanger	0:b86d15c6ba29	7439	}
Vanger	0:b86d15c6ba29	7440	if (iv && key == NULL) {
Vanger	0:b86d15c6ba29	7441	ret = AesSetIV(&ctx->cipher.aes, iv);
Vanger	0:b86d15c6ba29	7442	if (ret != 0)
Vanger	0:b86d15c6ba29	7443	return ret;
Vanger	0:b86d15c6ba29	7444	}
Vanger	0:b86d15c6ba29	7445	}
Vanger	0:b86d15c6ba29	7446	else if (ctx->cipherType == AES_256_CBC_TYPE \|\| (type &&
Vanger	0:b86d15c6ba29	7447	XSTRNCMP(type, "AES256-CBC", 10) == 0)) {
Vanger	0:b86d15c6ba29	7448	CYASSL_MSG("AES-256-CBC");
Vanger	0:b86d15c6ba29	7449	ctx->cipherType = AES_256_CBC_TYPE;
Vanger	0:b86d15c6ba29	7450	ctx->keyLen = 32;
Vanger	0:b86d15c6ba29	7451	if (enc == 0 \|\| enc == 1)
Vanger	0:b86d15c6ba29	7452	ctx->enc = enc ? 1 : 0;
Vanger	0:b86d15c6ba29	7453	if (key) {
Vanger	0:b86d15c6ba29	7454	ret = AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv,
Vanger	0:b86d15c6ba29	7455	ctx->enc ? AES_ENCRYPTION : AES_DECRYPTION);
Vanger	0:b86d15c6ba29	7456	if (ret != 0)
Vanger	0:b86d15c6ba29	7457	return ret;
Vanger	0:b86d15c6ba29	7458	}
Vanger	0:b86d15c6ba29	7459	if (iv && key == NULL) {
Vanger	0:b86d15c6ba29	7460	ret = AesSetIV(&ctx->cipher.aes, iv);
Vanger	0:b86d15c6ba29	7461	if (ret != 0)
Vanger	0:b86d15c6ba29	7462	return ret;
Vanger	0:b86d15c6ba29	7463	}
Vanger	0:b86d15c6ba29	7464	}
Vanger	0:b86d15c6ba29	7465	#ifdef CYASSL_AES_COUNTER
Vanger	0:b86d15c6ba29	7466	else if (ctx->cipherType == AES_128_CTR_TYPE \|\| (type &&
Vanger	0:b86d15c6ba29	7467	XSTRNCMP(type, "AES128-CTR", 10) == 0)) {
Vanger	0:b86d15c6ba29	7468	CYASSL_MSG("AES-128-CTR");
Vanger	0:b86d15c6ba29	7469	ctx->cipherType = AES_128_CTR_TYPE;
Vanger	0:b86d15c6ba29	7470	ctx->keyLen = 16;
Vanger	0:b86d15c6ba29	7471	if (enc == 0 \|\| enc == 1)
Vanger	0:b86d15c6ba29	7472	ctx->enc = enc ? 1 : 0;
Vanger	0:b86d15c6ba29	7473	if (key) {
Vanger	0:b86d15c6ba29	7474	ret = AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv,
Vanger	0:b86d15c6ba29	7475	AES_ENCRYPTION);
Vanger	0:b86d15c6ba29	7476	if (ret != 0)
Vanger	0:b86d15c6ba29	7477	return ret;
Vanger	0:b86d15c6ba29	7478	}
Vanger	0:b86d15c6ba29	7479	if (iv && key == NULL) {
Vanger	0:b86d15c6ba29	7480	ret = AesSetIV(&ctx->cipher.aes, iv);
Vanger	0:b86d15c6ba29	7481	if (ret != 0)
Vanger	0:b86d15c6ba29	7482	return ret;
Vanger	0:b86d15c6ba29	7483	}
Vanger	0:b86d15c6ba29	7484	}
Vanger	0:b86d15c6ba29	7485	else if (ctx->cipherType == AES_192_CTR_TYPE \|\| (type &&
Vanger	0:b86d15c6ba29	7486	XSTRNCMP(type, "AES192-CTR", 10) == 0)) {
Vanger	0:b86d15c6ba29	7487	CYASSL_MSG("AES-192-CTR");
Vanger	0:b86d15c6ba29	7488	ctx->cipherType = AES_192_CTR_TYPE;
Vanger	0:b86d15c6ba29	7489	ctx->keyLen = 24;
Vanger	0:b86d15c6ba29	7490	if (enc == 0 \|\| enc == 1)
Vanger	0:b86d15c6ba29	7491	ctx->enc = enc ? 1 : 0;
Vanger	0:b86d15c6ba29	7492	if (key) {
Vanger	0:b86d15c6ba29	7493	ret = AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv,
Vanger	0:b86d15c6ba29	7494	AES_ENCRYPTION);
Vanger	0:b86d15c6ba29	7495	if (ret != 0)
Vanger	0:b86d15c6ba29	7496	return ret;
Vanger	0:b86d15c6ba29	7497	}
Vanger	0:b86d15c6ba29	7498	if (iv && key == NULL) {
Vanger	0:b86d15c6ba29	7499	ret = AesSetIV(&ctx->cipher.aes, iv);
Vanger	0:b86d15c6ba29	7500	if (ret != 0)
Vanger	0:b86d15c6ba29	7501	return ret;
Vanger	0:b86d15c6ba29	7502	}
Vanger	0:b86d15c6ba29	7503	}
Vanger	0:b86d15c6ba29	7504	else if (ctx->cipherType == AES_256_CTR_TYPE \|\| (type &&
Vanger	0:b86d15c6ba29	7505	XSTRNCMP(type, "AES256-CTR", 10) == 0)) {
Vanger	0:b86d15c6ba29	7506	CYASSL_MSG("AES-256-CTR");
Vanger	0:b86d15c6ba29	7507	ctx->cipherType = AES_256_CTR_TYPE;
Vanger	0:b86d15c6ba29	7508	ctx->keyLen = 32;
Vanger	0:b86d15c6ba29	7509	if (enc == 0 \|\| enc == 1)
Vanger	0:b86d15c6ba29	7510	ctx->enc = enc ? 1 : 0;
Vanger	0:b86d15c6ba29	7511	if (key) {
Vanger	0:b86d15c6ba29	7512	ret = AesSetKey(&ctx->cipher.aes, key, ctx->keyLen, iv,
Vanger	0:b86d15c6ba29	7513	AES_ENCRYPTION);
Vanger	0:b86d15c6ba29	7514	if (ret != 0)
Vanger	0:b86d15c6ba29	7515	return ret;
Vanger	0:b86d15c6ba29	7516	}
Vanger	0:b86d15c6ba29	7517	if (iv && key == NULL) {
Vanger	0:b86d15c6ba29	7518	ret = AesSetIV(&ctx->cipher.aes, iv);
Vanger	0:b86d15c6ba29	7519	if (ret != 0)
Vanger	0:b86d15c6ba29	7520	return ret;
Vanger	0:b86d15c6ba29	7521	}
Vanger	0:b86d15c6ba29	7522	}
Vanger	0:b86d15c6ba29	7523	#endif /* CYASSL_AES_CTR */
Vanger	0:b86d15c6ba29	7524	else if (ctx->cipherType == DES_CBC_TYPE \|\| (type &&
Vanger	0:b86d15c6ba29	7525	XSTRNCMP(type, "DES-CBC", 7) == 0)) {
Vanger	0:b86d15c6ba29	7526	CYASSL_MSG("DES-CBC");
Vanger	0:b86d15c6ba29	7527	ctx->cipherType = DES_CBC_TYPE;
Vanger	0:b86d15c6ba29	7528	ctx->keyLen = 8;
Vanger	0:b86d15c6ba29	7529	if (enc == 0 \|\| enc == 1)
Vanger	0:b86d15c6ba29	7530	ctx->enc = enc ? 1 : 0;
Vanger	0:b86d15c6ba29	7531	if (key) {
Vanger	0:b86d15c6ba29	7532	ret = Des_SetKey(&ctx->cipher.des, key, iv,
Vanger	0:b86d15c6ba29	7533	ctx->enc ? DES_ENCRYPTION : DES_DECRYPTION);
Vanger	0:b86d15c6ba29	7534	if (ret != 0)
Vanger	0:b86d15c6ba29	7535	return ret;
Vanger	0:b86d15c6ba29	7536	}
Vanger	0:b86d15c6ba29	7537
Vanger	0:b86d15c6ba29	7538	if (iv && key == NULL)
Vanger	0:b86d15c6ba29	7539	Des_SetIV(&ctx->cipher.des, iv);
Vanger	0:b86d15c6ba29	7540	}
Vanger	0:b86d15c6ba29	7541	else if (ctx->cipherType == DES_EDE3_CBC_TYPE \|\| (type &&
Vanger	0:b86d15c6ba29	7542	XSTRNCMP(type, "DES-EDE3-CBC", 11) == 0)) {
Vanger	0:b86d15c6ba29	7543	CYASSL_MSG("DES-EDE3-CBC");
Vanger	0:b86d15c6ba29	7544	ctx->cipherType = DES_EDE3_CBC_TYPE;
Vanger	0:b86d15c6ba29	7545	ctx->keyLen = 24;
Vanger	0:b86d15c6ba29	7546	if (enc == 0 \|\| enc == 1)
Vanger	0:b86d15c6ba29	7547	ctx->enc = enc ? 1 : 0;
Vanger	0:b86d15c6ba29	7548	if (key) {
Vanger	0:b86d15c6ba29	7549	ret = Des3_SetKey(&ctx->cipher.des3, key, iv,
Vanger	0:b86d15c6ba29	7550	ctx->enc ? DES_ENCRYPTION : DES_DECRYPTION);
Vanger	0:b86d15c6ba29	7551	if (ret != 0)
Vanger	0:b86d15c6ba29	7552	return ret;
Vanger	0:b86d15c6ba29	7553	}
Vanger	0:b86d15c6ba29	7554
Vanger	0:b86d15c6ba29	7555	if (iv && key == NULL) {
Vanger	0:b86d15c6ba29	7556	ret = Des3_SetIV(&ctx->cipher.des3, iv);
Vanger	0:b86d15c6ba29	7557	if (ret != 0)
Vanger	0:b86d15c6ba29	7558	return ret;
Vanger	0:b86d15c6ba29	7559	}
Vanger	0:b86d15c6ba29	7560	}
Vanger	0:b86d15c6ba29	7561	else if (ctx->cipherType == ARC4_TYPE \|\| (type &&
Vanger	0:b86d15c6ba29	7562	XSTRNCMP(type, "ARC4", 4) == 0)) {
Vanger	0:b86d15c6ba29	7563	CYASSL_MSG("ARC4");
Vanger	0:b86d15c6ba29	7564	ctx->cipherType = ARC4_TYPE;
Vanger	0:b86d15c6ba29	7565	if (ctx->keyLen == 0) /* user may have already set */
Vanger	0:b86d15c6ba29	7566	ctx->keyLen = 16; /* default to 128 */
Vanger	0:b86d15c6ba29	7567	if (key)
Vanger	0:b86d15c6ba29	7568	Arc4SetKey(&ctx->cipher.arc4, key, ctx->keyLen);
Vanger	0:b86d15c6ba29	7569	}
Vanger	0:b86d15c6ba29	7570	else if (ctx->cipherType == NULL_CIPHER_TYPE \|\| (type &&
Vanger	0:b86d15c6ba29	7571	XSTRNCMP(type, "NULL", 4) == 0)) {
Vanger	0:b86d15c6ba29	7572	CYASSL_MSG("NULL cipher");
Vanger	0:b86d15c6ba29	7573	ctx->cipherType = NULL_CIPHER_TYPE;
Vanger	0:b86d15c6ba29	7574	ctx->keyLen = 0;
Vanger	0:b86d15c6ba29	7575	}
Vanger	0:b86d15c6ba29	7576	else
Vanger	0:b86d15c6ba29	7577	return 0; /* failure */
Vanger	0:b86d15c6ba29	7578
Vanger	0:b86d15c6ba29	7579
Vanger	0:b86d15c6ba29	7580	return SSL_SUCCESS;
Vanger	0:b86d15c6ba29	7581	}
Vanger	0:b86d15c6ba29	7582
Vanger	0:b86d15c6ba29	7583
Vanger	0:b86d15c6ba29	7584	/* SSL_SUCCESS on ok */
Vanger	0:b86d15c6ba29	7585	int CyaSSL_EVP_CIPHER_CTX_key_length(CYASSL_EVP_CIPHER_CTX* ctx)
Vanger	0:b86d15c6ba29	7586	{
Vanger	0:b86d15c6ba29	7587	CYASSL_ENTER("CyaSSL_EVP_CIPHER_CTX_key_length");
Vanger	0:b86d15c6ba29	7588	if (ctx)
Vanger	0:b86d15c6ba29	7589	return ctx->keyLen;
Vanger	0:b86d15c6ba29	7590
Vanger	0:b86d15c6ba29	7591	return 0; /* failure */
Vanger	0:b86d15c6ba29	7592	}
Vanger	0:b86d15c6ba29	7593
Vanger	0:b86d15c6ba29	7594
Vanger	0:b86d15c6ba29	7595	/* SSL_SUCCESS on ok */
Vanger	0:b86d15c6ba29	7596	int CyaSSL_EVP_CIPHER_CTX_set_key_length(CYASSL_EVP_CIPHER_CTX* ctx,
Vanger	0:b86d15c6ba29	7597	int keylen)
Vanger	0:b86d15c6ba29	7598	{
Vanger	0:b86d15c6ba29	7599	CYASSL_ENTER("CyaSSL_EVP_CIPHER_CTX_set_key_length");
Vanger	0:b86d15c6ba29	7600	if (ctx)
Vanger	0:b86d15c6ba29	7601	ctx->keyLen = keylen;
Vanger	0:b86d15c6ba29	7602	else
Vanger	0:b86d15c6ba29	7603	return 0; /* failure */
Vanger	0:b86d15c6ba29	7604
Vanger	0:b86d15c6ba29	7605	return SSL_SUCCESS;
Vanger	0:b86d15c6ba29	7606	}
Vanger	0:b86d15c6ba29	7607
Vanger	0:b86d15c6ba29	7608
Vanger	0:b86d15c6ba29	7609	/* SSL_SUCCESS on ok */
Vanger	0:b86d15c6ba29	7610	int CyaSSL_EVP_Cipher(CYASSL_EVP_CIPHER_CTX* ctx, byte* dst, byte* src,
Vanger	0:b86d15c6ba29	7611	word32 len)
Vanger	0:b86d15c6ba29	7612	{
Vanger	0:b86d15c6ba29	7613	int ret = 0;
Vanger	0:b86d15c6ba29	7614	CYASSL_ENTER("CyaSSL_EVP_Cipher");
Vanger	0:b86d15c6ba29	7615
Vanger	0:b86d15c6ba29	7616	if (ctx == NULL \|\| dst == NULL \|\| src == NULL) {
Vanger	0:b86d15c6ba29	7617	CYASSL_MSG("Bad function argument");
Vanger	0:b86d15c6ba29	7618	return 0; /* failure */
Vanger	0:b86d15c6ba29	7619	}
Vanger	0:b86d15c6ba29	7620
Vanger	0:b86d15c6ba29	7621	if (ctx->cipherType == 0xff) {
Vanger	0:b86d15c6ba29	7622	CYASSL_MSG("no init");
Vanger	0:b86d15c6ba29	7623	return 0; /* failure */
Vanger	0:b86d15c6ba29	7624	}
Vanger	0:b86d15c6ba29	7625
Vanger	0:b86d15c6ba29	7626	switch (ctx->cipherType) {
Vanger	0:b86d15c6ba29	7627
Vanger	0:b86d15c6ba29	7628	case AES_128_CBC_TYPE :
Vanger	0:b86d15c6ba29	7629	case AES_192_CBC_TYPE :
Vanger	0:b86d15c6ba29	7630	case AES_256_CBC_TYPE :
Vanger	0:b86d15c6ba29	7631	CYASSL_MSG("AES CBC");
Vanger	0:b86d15c6ba29	7632	if (ctx->enc)
Vanger	0:b86d15c6ba29	7633	ret = AesCbcEncrypt(&ctx->cipher.aes, dst, src, len);
Vanger	0:b86d15c6ba29	7634	else
Vanger	0:b86d15c6ba29	7635	ret = AesCbcDecrypt(&ctx->cipher.aes, dst, src, len);
Vanger	0:b86d15c6ba29	7636	break;
Vanger	0:b86d15c6ba29	7637
Vanger	0:b86d15c6ba29	7638	#ifdef CYASSL_AES_COUNTER
Vanger	0:b86d15c6ba29	7639	case AES_128_CTR_TYPE :
Vanger	0:b86d15c6ba29	7640	case AES_192_CTR_TYPE :
Vanger	0:b86d15c6ba29	7641	case AES_256_CTR_TYPE :
Vanger	0:b86d15c6ba29	7642	CYASSL_MSG("AES CTR");
Vanger	0:b86d15c6ba29	7643	AesCtrEncrypt(&ctx->cipher.aes, dst, src, len);
Vanger	0:b86d15c6ba29	7644	break;
Vanger	0:b86d15c6ba29	7645	#endif
Vanger	0:b86d15c6ba29	7646
Vanger	0:b86d15c6ba29	7647	case DES_CBC_TYPE :
Vanger	0:b86d15c6ba29	7648	if (ctx->enc)
Vanger	0:b86d15c6ba29	7649	Des_CbcEncrypt(&ctx->cipher.des, dst, src, len);
Vanger	0:b86d15c6ba29	7650	else
Vanger	0:b86d15c6ba29	7651	Des_CbcDecrypt(&ctx->cipher.des, dst, src, len);
Vanger	0:b86d15c6ba29	7652	break;
Vanger	0:b86d15c6ba29	7653
Vanger	0:b86d15c6ba29	7654	case DES_EDE3_CBC_TYPE :
Vanger	0:b86d15c6ba29	7655	if (ctx->enc)
Vanger	0:b86d15c6ba29	7656	ret = Des3_CbcEncrypt(&ctx->cipher.des3, dst, src, len);
Vanger	0:b86d15c6ba29	7657	else
Vanger	0:b86d15c6ba29	7658	ret = Des3_CbcDecrypt(&ctx->cipher.des3, dst, src, len);
Vanger	0:b86d15c6ba29	7659	break;
Vanger	0:b86d15c6ba29	7660
Vanger	0:b86d15c6ba29	7661	case ARC4_TYPE :
Vanger	0:b86d15c6ba29	7662	Arc4Process(&ctx->cipher.arc4, dst, src, len);
Vanger	0:b86d15c6ba29	7663	break;
Vanger	0:b86d15c6ba29	7664
Vanger	0:b86d15c6ba29	7665	case NULL_CIPHER_TYPE :
Vanger	0:b86d15c6ba29	7666	XMEMCPY(dst, src, len);
Vanger	0:b86d15c6ba29	7667	break;
Vanger	0:b86d15c6ba29	7668
Vanger	0:b86d15c6ba29	7669	default: {
Vanger	0:b86d15c6ba29	7670	CYASSL_MSG("bad type");
Vanger	0:b86d15c6ba29	7671	return 0; /* failure */
Vanger	0:b86d15c6ba29	7672	}
Vanger	0:b86d15c6ba29	7673	}
Vanger	0:b86d15c6ba29	7674
Vanger	0:b86d15c6ba29	7675	if (ret != 0) {
Vanger	0:b86d15c6ba29	7676	CYASSL_MSG("CyaSSL_EVP_Cipher failure");
Vanger	0:b86d15c6ba29	7677	return 0; /* failuer */
Vanger	0:b86d15c6ba29	7678	}
Vanger	0:b86d15c6ba29	7679
Vanger	0:b86d15c6ba29	7680	CYASSL_MSG("CyaSSL_EVP_Cipher success");
Vanger	0:b86d15c6ba29	7681	return SSL_SUCCESS; /* success */
Vanger	0:b86d15c6ba29	7682	}
Vanger	0:b86d15c6ba29	7683
Vanger	0:b86d15c6ba29	7684
Vanger	0:b86d15c6ba29	7685	/* store for external read of iv, SSL_SUCCESS on success */
Vanger	0:b86d15c6ba29	7686	int CyaSSL_StoreExternalIV(CYASSL_EVP_CIPHER_CTX* ctx)
Vanger	0:b86d15c6ba29	7687	{
Vanger	0:b86d15c6ba29	7688	CYASSL_ENTER("CyaSSL_StoreExternalIV");
Vanger	0:b86d15c6ba29	7689
Vanger	0:b86d15c6ba29	7690	if (ctx == NULL) {
Vanger	0:b86d15c6ba29	7691	CYASSL_MSG("Bad function argument");
Vanger	0:b86d15c6ba29	7692	return SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	7693	}
Vanger	0:b86d15c6ba29	7694
Vanger	0:b86d15c6ba29	7695	switch (ctx->cipherType) {
Vanger	0:b86d15c6ba29	7696
Vanger	0:b86d15c6ba29	7697	case AES_128_CBC_TYPE :
Vanger	0:b86d15c6ba29	7698	case AES_192_CBC_TYPE :
Vanger	0:b86d15c6ba29	7699	case AES_256_CBC_TYPE :
Vanger	0:b86d15c6ba29	7700	CYASSL_MSG("AES CBC");
Vanger	0:b86d15c6ba29	7701	memcpy(ctx->iv, &ctx->cipher.aes.reg, AES_BLOCK_SIZE);
Vanger	0:b86d15c6ba29	7702	break;
Vanger	0:b86d15c6ba29	7703
Vanger	0:b86d15c6ba29	7704	#ifdef CYASSL_AES_COUNTER
Vanger	0:b86d15c6ba29	7705	case AES_128_CTR_TYPE :
Vanger	0:b86d15c6ba29	7706	case AES_192_CTR_TYPE :
Vanger	0:b86d15c6ba29	7707	case AES_256_CTR_TYPE :
Vanger	0:b86d15c6ba29	7708	CYASSL_MSG("AES CTR");
Vanger	0:b86d15c6ba29	7709	memcpy(ctx->iv, &ctx->cipher.aes.reg, AES_BLOCK_SIZE);
Vanger	0:b86d15c6ba29	7710	break;
Vanger	0:b86d15c6ba29	7711	#endif
Vanger	0:b86d15c6ba29	7712
Vanger	0:b86d15c6ba29	7713	case DES_CBC_TYPE :
Vanger	0:b86d15c6ba29	7714	CYASSL_MSG("DES CBC");
Vanger	0:b86d15c6ba29	7715	memcpy(ctx->iv, &ctx->cipher.des.reg, DES_BLOCK_SIZE);
Vanger	0:b86d15c6ba29	7716	break;
Vanger	0:b86d15c6ba29	7717
Vanger	0:b86d15c6ba29	7718	case DES_EDE3_CBC_TYPE :
Vanger	0:b86d15c6ba29	7719	CYASSL_MSG("DES EDE3 CBC");
Vanger	0:b86d15c6ba29	7720	memcpy(ctx->iv, &ctx->cipher.des.reg, DES_BLOCK_SIZE);
Vanger	0:b86d15c6ba29	7721	break;
Vanger	0:b86d15c6ba29	7722
Vanger	0:b86d15c6ba29	7723	case ARC4_TYPE :
Vanger	0:b86d15c6ba29	7724	CYASSL_MSG("ARC4");
Vanger	0:b86d15c6ba29	7725	break;
Vanger	0:b86d15c6ba29	7726
Vanger	0:b86d15c6ba29	7727	case NULL_CIPHER_TYPE :
Vanger	0:b86d15c6ba29	7728	CYASSL_MSG("NULL");
Vanger	0:b86d15c6ba29	7729	break;
Vanger	0:b86d15c6ba29	7730
Vanger	0:b86d15c6ba29	7731	default: {
Vanger	0:b86d15c6ba29	7732	CYASSL_MSG("bad type");
Vanger	0:b86d15c6ba29	7733	return SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	7734	}
Vanger	0:b86d15c6ba29	7735	}
Vanger	0:b86d15c6ba29	7736	return SSL_SUCCESS;
Vanger	0:b86d15c6ba29	7737	}
Vanger	0:b86d15c6ba29	7738
Vanger	0:b86d15c6ba29	7739
Vanger	0:b86d15c6ba29	7740	/* set internal IV from external, SSL_SUCCESS on success */
Vanger	0:b86d15c6ba29	7741	int CyaSSL_SetInternalIV(CYASSL_EVP_CIPHER_CTX* ctx)
Vanger	0:b86d15c6ba29	7742	{
Vanger	0:b86d15c6ba29	7743
Vanger	0:b86d15c6ba29	7744	CYASSL_ENTER("CyaSSL_SetInternalIV");
Vanger	0:b86d15c6ba29	7745
Vanger	0:b86d15c6ba29	7746	if (ctx == NULL) {
Vanger	0:b86d15c6ba29	7747	CYASSL_MSG("Bad function argument");
Vanger	0:b86d15c6ba29	7748	return SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	7749	}
Vanger	0:b86d15c6ba29	7750
Vanger	0:b86d15c6ba29	7751	switch (ctx->cipherType) {
Vanger	0:b86d15c6ba29	7752
Vanger	0:b86d15c6ba29	7753	case AES_128_CBC_TYPE :
Vanger	0:b86d15c6ba29	7754	case AES_192_CBC_TYPE :
Vanger	0:b86d15c6ba29	7755	case AES_256_CBC_TYPE :
Vanger	0:b86d15c6ba29	7756	CYASSL_MSG("AES CBC");
Vanger	0:b86d15c6ba29	7757	memcpy(&ctx->cipher.aes.reg, ctx->iv, AES_BLOCK_SIZE);
Vanger	0:b86d15c6ba29	7758	break;
Vanger	0:b86d15c6ba29	7759
Vanger	0:b86d15c6ba29	7760	#ifdef CYASSL_AES_COUNTER
Vanger	0:b86d15c6ba29	7761	case AES_128_CTR_TYPE :
Vanger	0:b86d15c6ba29	7762	case AES_192_CTR_TYPE :
Vanger	0:b86d15c6ba29	7763	case AES_256_CTR_TYPE :
Vanger	0:b86d15c6ba29	7764	CYASSL_MSG("AES CTR");
Vanger	0:b86d15c6ba29	7765	memcpy(&ctx->cipher.aes.reg, ctx->iv, AES_BLOCK_SIZE);
Vanger	0:b86d15c6ba29	7766	break;
Vanger	0:b86d15c6ba29	7767	#endif
Vanger	0:b86d15c6ba29	7768
Vanger	0:b86d15c6ba29	7769	case DES_CBC_TYPE :
Vanger	0:b86d15c6ba29	7770	CYASSL_MSG("DES CBC");
Vanger	0:b86d15c6ba29	7771	memcpy(&ctx->cipher.des.reg, ctx->iv, DES_BLOCK_SIZE);
Vanger	0:b86d15c6ba29	7772	break;
Vanger	0:b86d15c6ba29	7773
Vanger	0:b86d15c6ba29	7774	case DES_EDE3_CBC_TYPE :
Vanger	0:b86d15c6ba29	7775	CYASSL_MSG("DES EDE3 CBC");
Vanger	0:b86d15c6ba29	7776	memcpy(&ctx->cipher.des.reg, ctx->iv, DES_BLOCK_SIZE);
Vanger	0:b86d15c6ba29	7777	break;
Vanger	0:b86d15c6ba29	7778
Vanger	0:b86d15c6ba29	7779	case ARC4_TYPE :
Vanger	0:b86d15c6ba29	7780	CYASSL_MSG("ARC4");
Vanger	0:b86d15c6ba29	7781	break;
Vanger	0:b86d15c6ba29	7782
Vanger	0:b86d15c6ba29	7783	case NULL_CIPHER_TYPE :
Vanger	0:b86d15c6ba29	7784	CYASSL_MSG("NULL");
Vanger	0:b86d15c6ba29	7785	break;
Vanger	0:b86d15c6ba29	7786
Vanger	0:b86d15c6ba29	7787	default: {
Vanger	0:b86d15c6ba29	7788	CYASSL_MSG("bad type");
Vanger	0:b86d15c6ba29	7789	return SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	7790	}
Vanger	0:b86d15c6ba29	7791	}
Vanger	0:b86d15c6ba29	7792	return SSL_SUCCESS;
Vanger	0:b86d15c6ba29	7793	}
Vanger	0:b86d15c6ba29	7794
Vanger	0:b86d15c6ba29	7795
Vanger	0:b86d15c6ba29	7796	/* SSL_SUCCESS on ok */
Vanger	0:b86d15c6ba29	7797	int CyaSSL_EVP_DigestInit(CYASSL_EVP_MD_CTX* ctx, const CYASSL_EVP_MD* type)
Vanger	0:b86d15c6ba29	7798	{
Vanger	0:b86d15c6ba29	7799	CYASSL_ENTER("EVP_DigestInit");
Vanger	0:b86d15c6ba29	7800	if (XSTRNCMP(type, "MD5", 3) == 0) {
Vanger	0:b86d15c6ba29	7801	ctx->macType = MD5;
Vanger	0:b86d15c6ba29	7802	CyaSSL_MD5_Init((MD5_CTX*)&ctx->hash);
Vanger	0:b86d15c6ba29	7803	}
Vanger	0:b86d15c6ba29	7804	else if (XSTRNCMP(type, "SHA256", 6) == 0) {
Vanger	0:b86d15c6ba29	7805	ctx->macType = SHA256;
Vanger	0:b86d15c6ba29	7806	CyaSSL_SHA256_Init((SHA256_CTX*)&ctx->hash);
Vanger	0:b86d15c6ba29	7807	}
Vanger	0:b86d15c6ba29	7808	#ifdef CYASSL_SHA384
Vanger	0:b86d15c6ba29	7809	else if (XSTRNCMP(type, "SHA384", 6) == 0) {
Vanger	0:b86d15c6ba29	7810	ctx->macType = SHA384;
Vanger	0:b86d15c6ba29	7811	CyaSSL_SHA384_Init((SHA384_CTX*)&ctx->hash);
Vanger	0:b86d15c6ba29	7812	}
Vanger	0:b86d15c6ba29	7813	#endif
Vanger	0:b86d15c6ba29	7814	#ifdef CYASSL_SHA512
Vanger	0:b86d15c6ba29	7815	else if (XSTRNCMP(type, "SHA512", 6) == 0) {
Vanger	0:b86d15c6ba29	7816	ctx->macType = SHA512;
Vanger	0:b86d15c6ba29	7817	CyaSSL_SHA512_Init((SHA512_CTX*)&ctx->hash);
Vanger	0:b86d15c6ba29	7818	}
Vanger	0:b86d15c6ba29	7819	#endif
Vanger	0:b86d15c6ba29	7820	/* has to be last since would pick or 256, 384, or 512 too */
Vanger	0:b86d15c6ba29	7821	else if (XSTRNCMP(type, "SHA", 3) == 0) {
Vanger	0:b86d15c6ba29	7822	ctx->macType = SHA;
Vanger	0:b86d15c6ba29	7823	CyaSSL_SHA_Init((SHA_CTX*)&ctx->hash);
Vanger	0:b86d15c6ba29	7824	}
Vanger	0:b86d15c6ba29	7825	else
Vanger	0:b86d15c6ba29	7826	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	7827
Vanger	0:b86d15c6ba29	7828	return SSL_SUCCESS;
Vanger	0:b86d15c6ba29	7829	}
Vanger	0:b86d15c6ba29	7830
Vanger	0:b86d15c6ba29	7831
Vanger	0:b86d15c6ba29	7832	/* SSL_SUCCESS on ok */
Vanger	0:b86d15c6ba29	7833	int CyaSSL_EVP_DigestUpdate(CYASSL_EVP_MD_CTX* ctx, const void* data,
Vanger	0:b86d15c6ba29	7834	unsigned long sz)
Vanger	0:b86d15c6ba29	7835	{
Vanger	0:b86d15c6ba29	7836	CYASSL_ENTER("EVP_DigestUpdate");
Vanger	0:b86d15c6ba29	7837	if (ctx->macType == MD5)
Vanger	0:b86d15c6ba29	7838	CyaSSL_MD5_Update((MD5_CTX*)&ctx->hash, data, (unsigned long)sz);
Vanger	0:b86d15c6ba29	7839	else if (ctx->macType == SHA)
Vanger	0:b86d15c6ba29	7840	CyaSSL_SHA_Update((SHA_CTX*)&ctx->hash, data, (unsigned long)sz);
Vanger	0:b86d15c6ba29	7841	else if (ctx->macType == SHA256)
Vanger	0:b86d15c6ba29	7842	CyaSSL_SHA256_Update((SHA256_CTX*)&ctx->hash, data,
Vanger	0:b86d15c6ba29	7843	(unsigned long)sz);
Vanger	0:b86d15c6ba29	7844	#ifdef CYASSL_SHA384
Vanger	0:b86d15c6ba29	7845	else if (ctx->macType == SHA384)
Vanger	0:b86d15c6ba29	7846	CyaSSL_SHA384_Update((SHA384_CTX*)&ctx->hash, data,
Vanger	0:b86d15c6ba29	7847	(unsigned long)sz);
Vanger	0:b86d15c6ba29	7848	#endif
Vanger	0:b86d15c6ba29	7849	#ifdef CYASSL_SHA512
Vanger	0:b86d15c6ba29	7850	else if (ctx->macType == SHA512)
Vanger	0:b86d15c6ba29	7851	CyaSSL_SHA512_Update((SHA512_CTX*)&ctx->hash, data,
Vanger	0:b86d15c6ba29	7852	(unsigned long)sz);
Vanger	0:b86d15c6ba29	7853	#endif
Vanger	0:b86d15c6ba29	7854	else
Vanger	0:b86d15c6ba29	7855	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	7856
Vanger	0:b86d15c6ba29	7857	return SSL_SUCCESS;
Vanger	0:b86d15c6ba29	7858	}
Vanger	0:b86d15c6ba29	7859
Vanger	0:b86d15c6ba29	7860
Vanger	0:b86d15c6ba29	7861	/* SSL_SUCCESS on ok */
Vanger	0:b86d15c6ba29	7862	int CyaSSL_EVP_DigestFinal(CYASSL_EVP_MD_CTX* ctx, unsigned char* md,
Vanger	0:b86d15c6ba29	7863	unsigned int* s)
Vanger	0:b86d15c6ba29	7864	{
Vanger	0:b86d15c6ba29	7865	CYASSL_ENTER("EVP_DigestFinal");
Vanger	0:b86d15c6ba29	7866	if (ctx->macType == MD5) {
Vanger	0:b86d15c6ba29	7867	CyaSSL_MD5_Final(md, (MD5_CTX*)&ctx->hash);
Vanger	0:b86d15c6ba29	7868	if (s) *s = MD5_DIGEST_SIZE;
Vanger	0:b86d15c6ba29	7869	}
Vanger	0:b86d15c6ba29	7870	else if (ctx->macType == SHA) {
Vanger	0:b86d15c6ba29	7871	CyaSSL_SHA_Final(md, (SHA_CTX*)&ctx->hash);
Vanger	0:b86d15c6ba29	7872	if (s) *s = SHA_DIGEST_SIZE;
Vanger	0:b86d15c6ba29	7873	}
Vanger	0:b86d15c6ba29	7874	else if (ctx->macType == SHA256) {
Vanger	0:b86d15c6ba29	7875	CyaSSL_SHA256_Final(md, (SHA256_CTX*)&ctx->hash);
Vanger	0:b86d15c6ba29	7876	if (s) *s = SHA256_DIGEST_SIZE;
Vanger	0:b86d15c6ba29	7877	}
Vanger	0:b86d15c6ba29	7878	#ifdef CYASSL_SHA384
Vanger	0:b86d15c6ba29	7879	else if (ctx->macType == SHA384) {
Vanger	0:b86d15c6ba29	7880	CyaSSL_SHA384_Final(md, (SHA384_CTX*)&ctx->hash);
Vanger	0:b86d15c6ba29	7881	if (s) *s = SHA384_DIGEST_SIZE;
Vanger	0:b86d15c6ba29	7882	}
Vanger	0:b86d15c6ba29	7883	#endif
Vanger	0:b86d15c6ba29	7884	#ifdef CYASSL_SHA512
Vanger	0:b86d15c6ba29	7885	else if (ctx->macType == SHA512) {
Vanger	0:b86d15c6ba29	7886	CyaSSL_SHA512_Final(md, (SHA512_CTX*)&ctx->hash);
Vanger	0:b86d15c6ba29	7887	if (s) *s = SHA512_DIGEST_SIZE;
Vanger	0:b86d15c6ba29	7888	}
Vanger	0:b86d15c6ba29	7889	#endif
Vanger	0:b86d15c6ba29	7890	else
Vanger	0:b86d15c6ba29	7891	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	7892
Vanger	0:b86d15c6ba29	7893	return SSL_SUCCESS;
Vanger	0:b86d15c6ba29	7894	}
Vanger	0:b86d15c6ba29	7895
Vanger	0:b86d15c6ba29	7896
Vanger	0:b86d15c6ba29	7897	/* SSL_SUCCESS on ok */
Vanger	0:b86d15c6ba29	7898	int CyaSSL_EVP_DigestFinal_ex(CYASSL_EVP_MD_CTX* ctx, unsigned char* md,
Vanger	0:b86d15c6ba29	7899	unsigned int* s)
Vanger	0:b86d15c6ba29	7900	{
Vanger	0:b86d15c6ba29	7901	CYASSL_ENTER("EVP_DigestFinal_ex");
Vanger	0:b86d15c6ba29	7902	return EVP_DigestFinal(ctx, md, s);
Vanger	0:b86d15c6ba29	7903	}
Vanger	0:b86d15c6ba29	7904
Vanger	0:b86d15c6ba29	7905
Vanger	0:b86d15c6ba29	7906	unsigned char* CyaSSL_HMAC(const CYASSL_EVP_MD* evp_md, const void* key,
Vanger	0:b86d15c6ba29	7907	int key_len, const unsigned char* d, int n,
Vanger	0:b86d15c6ba29	7908	unsigned char* md, unsigned int* md_len)
Vanger	0:b86d15c6ba29	7909	{
Vanger	0:b86d15c6ba29	7910	int type;
Vanger	0:b86d15c6ba29	7911	unsigned char* ret = NULL;
Vanger	0:b86d15c6ba29	7912	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	7913	Hmac* hmac = NULL;
Vanger	0:b86d15c6ba29	7914	#else
Vanger	0:b86d15c6ba29	7915	Hmac hmac[1];
Vanger	0:b86d15c6ba29	7916	#endif
Vanger	0:b86d15c6ba29	7917
Vanger	0:b86d15c6ba29	7918	CYASSL_ENTER("HMAC");
Vanger	0:b86d15c6ba29	7919	if (!md)
Vanger	0:b86d15c6ba29	7920	return NULL; /* no static buffer support */
Vanger	0:b86d15c6ba29	7921
Vanger	0:b86d15c6ba29	7922	if (XSTRNCMP(evp_md, "MD5", 3) == 0)
Vanger	0:b86d15c6ba29	7923	type = MD5;
Vanger	0:b86d15c6ba29	7924	else if (XSTRNCMP(evp_md, "SHA", 3) == 0)
Vanger	0:b86d15c6ba29	7925	type = SHA;
Vanger	0:b86d15c6ba29	7926	else
Vanger	0:b86d15c6ba29	7927	return NULL;
Vanger	0:b86d15c6ba29	7928
Vanger	0:b86d15c6ba29	7929	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	7930	hmac = (Hmac*)XMALLOC(sizeof(Hmac), NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	7931	if (hmac == NULL)
Vanger	0:b86d15c6ba29	7932	return NULL;
Vanger	0:b86d15c6ba29	7933	#endif
Vanger	0:b86d15c6ba29	7934
Vanger	0:b86d15c6ba29	7935	if (HmacSetKey(hmac, type, (const byte*)key, key_len) == 0)
Vanger	0:b86d15c6ba29	7936	if (HmacUpdate(hmac, d, n) == 0)
Vanger	0:b86d15c6ba29	7937	if (HmacFinal(hmac, md) == 0) {
Vanger	0:b86d15c6ba29	7938	if (md_len)
Vanger	0:b86d15c6ba29	7939	*md_len = (type == MD5) ? (int)MD5_DIGEST_SIZE
Vanger	0:b86d15c6ba29	7940	: (int)SHA_DIGEST_SIZE;
Vanger	0:b86d15c6ba29	7941	ret = md;
Vanger	0:b86d15c6ba29	7942	}
Vanger	0:b86d15c6ba29	7943
Vanger	0:b86d15c6ba29	7944	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	7945	XFREE(hmac, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	7946	#endif
Vanger	0:b86d15c6ba29	7947
Vanger	0:b86d15c6ba29	7948	return ret;
Vanger	0:b86d15c6ba29	7949	}
Vanger	0:b86d15c6ba29	7950
Vanger	0:b86d15c6ba29	7951	void CyaSSL_ERR_clear_error(void)
Vanger	0:b86d15c6ba29	7952	{
Vanger	0:b86d15c6ba29	7953	/* TODO: */
Vanger	0:b86d15c6ba29	7954	}
Vanger	0:b86d15c6ba29	7955
Vanger	0:b86d15c6ba29	7956
Vanger	0:b86d15c6ba29	7957	int CyaSSL_RAND_status(void)
Vanger	0:b86d15c6ba29	7958	{
Vanger	0:b86d15c6ba29	7959	return SSL_SUCCESS; /* CTaoCrypt provides enough seed internally */
Vanger	0:b86d15c6ba29	7960	}
Vanger	0:b86d15c6ba29	7961
Vanger	0:b86d15c6ba29	7962
Vanger	0:b86d15c6ba29	7963
Vanger	0:b86d15c6ba29	7964	void CyaSSL_RAND_add(const void* add, int len, double entropy)
Vanger	0:b86d15c6ba29	7965	{
Vanger	0:b86d15c6ba29	7966	(void)add;
Vanger	0:b86d15c6ba29	7967	(void)len;
Vanger	0:b86d15c6ba29	7968	(void)entropy;
Vanger	0:b86d15c6ba29	7969
Vanger	0:b86d15c6ba29	7970	/* CyaSSL seeds/adds internally, use explicit RNG if you want
Vanger	0:b86d15c6ba29	7971	to take control */
Vanger	0:b86d15c6ba29	7972	}
Vanger	0:b86d15c6ba29	7973
Vanger	0:b86d15c6ba29	7974
Vanger	0:b86d15c6ba29	7975	/* SSL_SUCCESS on ok */
Vanger	0:b86d15c6ba29	7976	int CyaSSL_DES_key_sched(CYASSL_const_DES_cblock* key,
Vanger	0:b86d15c6ba29	7977	CYASSL_DES_key_schedule* schedule)
Vanger	0:b86d15c6ba29	7978	{
Vanger	0:b86d15c6ba29	7979	CYASSL_ENTER("DES_key_sched");
Vanger	0:b86d15c6ba29	7980	XMEMCPY(schedule, key, sizeof(const_DES_cblock));
Vanger	0:b86d15c6ba29	7981	return SSL_SUCCESS;
Vanger	0:b86d15c6ba29	7982	}
Vanger	0:b86d15c6ba29	7983
Vanger	0:b86d15c6ba29	7984
Vanger	0:b86d15c6ba29	7985	void CyaSSL_DES_cbc_encrypt(const unsigned char* input,
Vanger	0:b86d15c6ba29	7986	unsigned char* output, long length,
Vanger	0:b86d15c6ba29	7987	CYASSL_DES_key_schedule* schedule, CYASSL_DES_cblock* ivec,
Vanger	0:b86d15c6ba29	7988	int enc)
Vanger	0:b86d15c6ba29	7989	{
Vanger	0:b86d15c6ba29	7990	Des myDes;
Vanger	0:b86d15c6ba29	7991
Vanger	0:b86d15c6ba29	7992	CYASSL_ENTER("DES_cbc_encrypt");
Vanger	0:b86d15c6ba29	7993
Vanger	0:b86d15c6ba29	7994	/* OpenSSL compat, no ret */
Vanger	0:b86d15c6ba29	7995	Des_SetKey(&myDes, (const byte)schedule, (const byte)ivec, !enc);
Vanger	0:b86d15c6ba29	7996
Vanger	0:b86d15c6ba29	7997	if (enc)
Vanger	0:b86d15c6ba29	7998	Des_CbcEncrypt(&myDes, output, input, (word32)length);
Vanger	0:b86d15c6ba29	7999	else
Vanger	0:b86d15c6ba29	8000	Des_CbcDecrypt(&myDes, output, input, (word32)length);
Vanger	0:b86d15c6ba29	8001	}
Vanger	0:b86d15c6ba29	8002
Vanger	0:b86d15c6ba29	8003
Vanger	0:b86d15c6ba29	8004	/* correctly sets ivec for next call */
Vanger	0:b86d15c6ba29	8005	void CyaSSL_DES_ncbc_encrypt(const unsigned char* input,
Vanger	0:b86d15c6ba29	8006	unsigned char* output, long length,
Vanger	0:b86d15c6ba29	8007	CYASSL_DES_key_schedule* schedule, CYASSL_DES_cblock* ivec,
Vanger	0:b86d15c6ba29	8008	int enc)
Vanger	0:b86d15c6ba29	8009	{
Vanger	0:b86d15c6ba29	8010	Des myDes;
Vanger	0:b86d15c6ba29	8011
Vanger	0:b86d15c6ba29	8012	CYASSL_ENTER("DES_ncbc_encrypt");
Vanger	0:b86d15c6ba29	8013
Vanger	0:b86d15c6ba29	8014	/* OpenSSL compat, no ret */
Vanger	0:b86d15c6ba29	8015	Des_SetKey(&myDes, (const byte)schedule, (const byte)ivec, !enc);
Vanger	0:b86d15c6ba29	8016
Vanger	0:b86d15c6ba29	8017	if (enc)
Vanger	0:b86d15c6ba29	8018	Des_CbcEncrypt(&myDes, output, input, (word32)length);
Vanger	0:b86d15c6ba29	8019	else
Vanger	0:b86d15c6ba29	8020	Des_CbcDecrypt(&myDes, output, input, (word32)length);
Vanger	0:b86d15c6ba29	8021
Vanger	0:b86d15c6ba29	8022	XMEMCPY(ivec, output + length - sizeof(DES_cblock), sizeof(DES_cblock));
Vanger	0:b86d15c6ba29	8023	}
Vanger	0:b86d15c6ba29	8024
Vanger	0:b86d15c6ba29	8025
Vanger	0:b86d15c6ba29	8026	void CyaSSL_ERR_free_strings(void)
Vanger	0:b86d15c6ba29	8027	{
Vanger	0:b86d15c6ba29	8028	/* handled internally */
Vanger	0:b86d15c6ba29	8029	}
Vanger	0:b86d15c6ba29	8030
Vanger	0:b86d15c6ba29	8031
Vanger	0:b86d15c6ba29	8032	void CyaSSL_ERR_remove_state(unsigned long state)
Vanger	0:b86d15c6ba29	8033	{
Vanger	0:b86d15c6ba29	8034	/* TODO: GetErrors().Remove(); */
Vanger	0:b86d15c6ba29	8035	(void)state;
Vanger	0:b86d15c6ba29	8036	}
Vanger	0:b86d15c6ba29	8037
Vanger	0:b86d15c6ba29	8038
Vanger	0:b86d15c6ba29	8039	void CyaSSL_EVP_cleanup(void)
Vanger	0:b86d15c6ba29	8040	{
Vanger	0:b86d15c6ba29	8041	/* nothing to do here */
Vanger	0:b86d15c6ba29	8042	}
Vanger	0:b86d15c6ba29	8043
Vanger	0:b86d15c6ba29	8044
Vanger	0:b86d15c6ba29	8045	void CyaSSL_cleanup_all_ex_data(void)
Vanger	0:b86d15c6ba29	8046	{
Vanger	0:b86d15c6ba29	8047	/* nothing to do here */
Vanger	0:b86d15c6ba29	8048	}
Vanger	0:b86d15c6ba29	8049
Vanger	0:b86d15c6ba29	8050
Vanger	0:b86d15c6ba29	8051	long CyaSSL_CTX_set_mode(CYASSL_CTX* ctx, long mode)
Vanger	0:b86d15c6ba29	8052	{
Vanger	0:b86d15c6ba29	8053	/* SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER is CyaSSL default mode */
Vanger	0:b86d15c6ba29	8054
Vanger	0:b86d15c6ba29	8055	CYASSL_ENTER("SSL_CTX_set_mode");
Vanger	0:b86d15c6ba29	8056	if (mode == SSL_MODE_ENABLE_PARTIAL_WRITE)
Vanger	0:b86d15c6ba29	8057	ctx->partialWrite = 1;
Vanger	0:b86d15c6ba29	8058
Vanger	0:b86d15c6ba29	8059	return mode;
Vanger	0:b86d15c6ba29	8060	}
Vanger	0:b86d15c6ba29	8061
Vanger	0:b86d15c6ba29	8062
Vanger	0:b86d15c6ba29	8063	long CyaSSL_CTX_get_mode(CYASSL_CTX* ctx)
Vanger	0:b86d15c6ba29	8064	{
Vanger	0:b86d15c6ba29	8065	/* TODO: */
Vanger	0:b86d15c6ba29	8066	(void)ctx;
Vanger	0:b86d15c6ba29	8067	return 0;
Vanger	0:b86d15c6ba29	8068	}
Vanger	0:b86d15c6ba29	8069
Vanger	0:b86d15c6ba29	8070
Vanger	0:b86d15c6ba29	8071	void CyaSSL_CTX_set_default_read_ahead(CYASSL_CTX* ctx, int m)
Vanger	0:b86d15c6ba29	8072	{
Vanger	0:b86d15c6ba29	8073	/* TODO: maybe? */
Vanger	0:b86d15c6ba29	8074	(void)ctx;
Vanger	0:b86d15c6ba29	8075	(void)m;
Vanger	0:b86d15c6ba29	8076	}
Vanger	0:b86d15c6ba29	8077
Vanger	0:b86d15c6ba29	8078
Vanger	0:b86d15c6ba29	8079	int CyaSSL_CTX_set_session_id_context(CYASSL_CTX* ctx,
Vanger	0:b86d15c6ba29	8080	const unsigned char* sid_ctx,
Vanger	0:b86d15c6ba29	8081	unsigned int sid_ctx_len)
Vanger	0:b86d15c6ba29	8082	{
Vanger	0:b86d15c6ba29	8083	/* No application specific context needed for cyaSSL */
Vanger	0:b86d15c6ba29	8084	(void)ctx;
Vanger	0:b86d15c6ba29	8085	(void)sid_ctx;
Vanger	0:b86d15c6ba29	8086	(void)sid_ctx_len;
Vanger	0:b86d15c6ba29	8087	return SSL_SUCCESS;
Vanger	0:b86d15c6ba29	8088	}
Vanger	0:b86d15c6ba29	8089
Vanger	0:b86d15c6ba29	8090
Vanger	0:b86d15c6ba29	8091	long CyaSSL_CTX_sess_get_cache_size(CYASSL_CTX* ctx)
Vanger	0:b86d15c6ba29	8092	{
Vanger	0:b86d15c6ba29	8093	/* TODO: maybe? */
Vanger	0:b86d15c6ba29	8094	(void)ctx;
Vanger	0:b86d15c6ba29	8095	return (~0);
Vanger	0:b86d15c6ba29	8096	}
Vanger	0:b86d15c6ba29	8097
Vanger	0:b86d15c6ba29	8098	unsigned long CyaSSL_ERR_get_error_line_data(const char** file, int* line,
Vanger	0:b86d15c6ba29	8099	const char** data, int *flags)
Vanger	0:b86d15c6ba29	8100	{
Vanger	0:b86d15c6ba29	8101	/* Not implemented */
Vanger	0:b86d15c6ba29	8102	(void)file;
Vanger	0:b86d15c6ba29	8103	(void)line;
Vanger	0:b86d15c6ba29	8104	(void)data;
Vanger	0:b86d15c6ba29	8105	(void)flags;
Vanger	0:b86d15c6ba29	8106	return 0;
Vanger	0:b86d15c6ba29	8107	}
Vanger	0:b86d15c6ba29	8108
Vanger	0:b86d15c6ba29	8109	#endif /* OPENSSL_EXTRA */
Vanger	0:b86d15c6ba29	8110
Vanger	0:b86d15c6ba29	8111
Vanger	0:b86d15c6ba29	8112	#if defined(KEEP_PEER_CERT)
Vanger	0:b86d15c6ba29	8113
Vanger	0:b86d15c6ba29	8114	CYASSL_X509* CyaSSL_get_peer_certificate(CYASSL* ssl)
Vanger	0:b86d15c6ba29	8115	{
Vanger	0:b86d15c6ba29	8116	CYASSL_ENTER("SSL_get_peer_certificate");
Vanger	0:b86d15c6ba29	8117	if (ssl->peerCert.issuer.sz)
Vanger	0:b86d15c6ba29	8118	return &ssl->peerCert;
Vanger	0:b86d15c6ba29	8119	else
Vanger	0:b86d15c6ba29	8120	return 0;
Vanger	0:b86d15c6ba29	8121	}
Vanger	0:b86d15c6ba29	8122
Vanger	0:b86d15c6ba29	8123	#endif /* KEEP_PEER_CERT */
Vanger	0:b86d15c6ba29	8124
Vanger	0:b86d15c6ba29	8125
Vanger	0:b86d15c6ba29	8126	#if defined(KEEP_PEER_CERT) \|\| defined(SESSION_CERTS)
Vanger	0:b86d15c6ba29	8127
Vanger	0:b86d15c6ba29	8128	void CyaSSL_FreeX509(CYASSL_X509* x509)
Vanger	0:b86d15c6ba29	8129	{
Vanger	0:b86d15c6ba29	8130	CYASSL_ENTER("CyaSSL_FreeX509");
Vanger	0:b86d15c6ba29	8131	FreeX509(x509);
Vanger	0:b86d15c6ba29	8132	}
Vanger	0:b86d15c6ba29	8133
Vanger	0:b86d15c6ba29	8134
Vanger	0:b86d15c6ba29	8135	/* return the next, if any, altname from the peer cert */
Vanger	0:b86d15c6ba29	8136	char* CyaSSL_X509_get_next_altname(CYASSL_X509* cert)
Vanger	0:b86d15c6ba29	8137	{
Vanger	0:b86d15c6ba29	8138	char* ret = NULL;
Vanger	0:b86d15c6ba29	8139	CYASSL_ENTER("CyaSSL_X509_get_next_altname");
Vanger	0:b86d15c6ba29	8140
Vanger	0:b86d15c6ba29	8141	/* don't have any to work with */
Vanger	0:b86d15c6ba29	8142	if (cert == NULL \|\| cert->altNames == NULL)
Vanger	0:b86d15c6ba29	8143	return NULL;
Vanger	0:b86d15c6ba29	8144
Vanger	0:b86d15c6ba29	8145	/* already went through them */
Vanger	0:b86d15c6ba29	8146	if (cert->altNamesNext == NULL)
Vanger	0:b86d15c6ba29	8147	return NULL;
Vanger	0:b86d15c6ba29	8148
Vanger	0:b86d15c6ba29	8149	ret = cert->altNamesNext->name;
Vanger	0:b86d15c6ba29	8150	cert->altNamesNext = cert->altNamesNext->next;
Vanger	0:b86d15c6ba29	8151
Vanger	0:b86d15c6ba29	8152	return ret;
Vanger	0:b86d15c6ba29	8153	}
Vanger	0:b86d15c6ba29	8154
Vanger	0:b86d15c6ba29	8155
Vanger	0:b86d15c6ba29	8156	CYASSL_X509_NAME* CyaSSL_X509_get_issuer_name(CYASSL_X509* cert)
Vanger	0:b86d15c6ba29	8157	{
Vanger	0:b86d15c6ba29	8158	CYASSL_ENTER("X509_get_issuer_name");
Vanger	0:b86d15c6ba29	8159	return &cert->issuer;
Vanger	0:b86d15c6ba29	8160	}
Vanger	0:b86d15c6ba29	8161
Vanger	0:b86d15c6ba29	8162
Vanger	0:b86d15c6ba29	8163	CYASSL_X509_NAME* CyaSSL_X509_get_subject_name(CYASSL_X509* cert)
Vanger	0:b86d15c6ba29	8164	{
Vanger	0:b86d15c6ba29	8165	CYASSL_ENTER("X509_get_subject_name");
Vanger	0:b86d15c6ba29	8166	return &cert->subject;
Vanger	0:b86d15c6ba29	8167	}
Vanger	0:b86d15c6ba29	8168
Vanger	0:b86d15c6ba29	8169
Vanger	0:b86d15c6ba29	8170	int CyaSSL_X509_get_isCA(CYASSL_X509* x509)
Vanger	0:b86d15c6ba29	8171	{
Vanger	0:b86d15c6ba29	8172	int isCA = 0;
Vanger	0:b86d15c6ba29	8173
Vanger	0:b86d15c6ba29	8174	CYASSL_ENTER("CyaSSL_X509_get_isCA");
Vanger	0:b86d15c6ba29	8175
Vanger	0:b86d15c6ba29	8176	if (x509 != NULL)
Vanger	0:b86d15c6ba29	8177	isCA = x509->isCa;
Vanger	0:b86d15c6ba29	8178
Vanger	0:b86d15c6ba29	8179	CYASSL_LEAVE("CyaSSL_X509_get_isCA", isCA);
Vanger	0:b86d15c6ba29	8180
Vanger	0:b86d15c6ba29	8181	return isCA;
Vanger	0:b86d15c6ba29	8182	}
Vanger	0:b86d15c6ba29	8183
Vanger	0:b86d15c6ba29	8184
Vanger	0:b86d15c6ba29	8185	#ifdef OPENSSL_EXTRA
Vanger	0:b86d15c6ba29	8186	int CyaSSL_X509_ext_isSet_by_NID(CYASSL_X509* x509, int nid)
Vanger	0:b86d15c6ba29	8187	{
Vanger	0:b86d15c6ba29	8188	int isSet = 0;
Vanger	0:b86d15c6ba29	8189
Vanger	0:b86d15c6ba29	8190	CYASSL_ENTER("CyaSSL_X509_ext_isSet_by_NID");
Vanger	0:b86d15c6ba29	8191
Vanger	0:b86d15c6ba29	8192	if (x509 != NULL) {
Vanger	0:b86d15c6ba29	8193	switch (nid) {
Vanger	0:b86d15c6ba29	8194	case BASIC_CA_OID: isSet = x509->basicConstSet; break;
Vanger	0:b86d15c6ba29	8195	case ALT_NAMES_OID: isSet = x509->subjAltNameSet; break;
Vanger	0:b86d15c6ba29	8196	case AUTH_KEY_OID: isSet = x509->authKeyIdSet; break;
Vanger	0:b86d15c6ba29	8197	case SUBJ_KEY_OID: isSet = x509->subjKeyIdSet; break;
Vanger	0:b86d15c6ba29	8198	case KEY_USAGE_OID: isSet = x509->keyUsageSet; break;
Vanger	0:b86d15c6ba29	8199	#ifdef CYASSL_SEP
Vanger	0:b86d15c6ba29	8200	case CERT_POLICY_OID: isSet = x509->certPolicySet; break;
Vanger	0:b86d15c6ba29	8201	#endif /* CYASSL_SEP */
Vanger	0:b86d15c6ba29	8202	}
Vanger	0:b86d15c6ba29	8203	}
Vanger	0:b86d15c6ba29	8204
Vanger	0:b86d15c6ba29	8205	CYASSL_LEAVE("CyaSSL_X509_ext_isSet_by_NID", isSet);
Vanger	0:b86d15c6ba29	8206
Vanger	0:b86d15c6ba29	8207	return isSet;
Vanger	0:b86d15c6ba29	8208	}
Vanger	0:b86d15c6ba29	8209
Vanger	0:b86d15c6ba29	8210
Vanger	0:b86d15c6ba29	8211	int CyaSSL_X509_ext_get_critical_by_NID(CYASSL_X509* x509, int nid)
Vanger	0:b86d15c6ba29	8212	{
Vanger	0:b86d15c6ba29	8213	int crit = 0;
Vanger	0:b86d15c6ba29	8214
Vanger	0:b86d15c6ba29	8215	CYASSL_ENTER("CyaSSL_X509_ext_get_critical_by_NID");
Vanger	0:b86d15c6ba29	8216
Vanger	0:b86d15c6ba29	8217	if (x509 != NULL) {
Vanger	0:b86d15c6ba29	8218	switch (nid) {
Vanger	0:b86d15c6ba29	8219	case BASIC_CA_OID: crit = x509->basicConstCrit; break;
Vanger	0:b86d15c6ba29	8220	case ALT_NAMES_OID: crit = x509->subjAltNameCrit; break;
Vanger	0:b86d15c6ba29	8221	case AUTH_KEY_OID: crit = x509->authKeyIdCrit; break;
Vanger	0:b86d15c6ba29	8222	case SUBJ_KEY_OID: crit = x509->subjKeyIdCrit; break;
Vanger	0:b86d15c6ba29	8223	case KEY_USAGE_OID: crit = x509->keyUsageCrit; break;
Vanger	0:b86d15c6ba29	8224	#ifdef CYASSL_SEP
Vanger	0:b86d15c6ba29	8225	case CERT_POLICY_OID: crit = x509->certPolicyCrit; break;
Vanger	0:b86d15c6ba29	8226	#endif /* CYASSL_SEP */
Vanger	0:b86d15c6ba29	8227	}
Vanger	0:b86d15c6ba29	8228	}
Vanger	0:b86d15c6ba29	8229
Vanger	0:b86d15c6ba29	8230	CYASSL_LEAVE("CyaSSL_X509_ext_get_critical_by_NID", crit);
Vanger	0:b86d15c6ba29	8231
Vanger	0:b86d15c6ba29	8232	return crit;
Vanger	0:b86d15c6ba29	8233	}
Vanger	0:b86d15c6ba29	8234
Vanger	0:b86d15c6ba29	8235
Vanger	0:b86d15c6ba29	8236	int CyaSSL_X509_get_isSet_pathLength(CYASSL_X509* x509)
Vanger	0:b86d15c6ba29	8237	{
Vanger	0:b86d15c6ba29	8238	int isSet = 0;
Vanger	0:b86d15c6ba29	8239
Vanger	0:b86d15c6ba29	8240	CYASSL_ENTER("CyaSSL_X509_get_isSet_pathLength");
Vanger	0:b86d15c6ba29	8241
Vanger	0:b86d15c6ba29	8242	if (x509 != NULL)
Vanger	0:b86d15c6ba29	8243	isSet = x509->basicConstPlSet;
Vanger	0:b86d15c6ba29	8244
Vanger	0:b86d15c6ba29	8245	CYASSL_LEAVE("CyaSSL_X509_get_isSet_pathLength", isSet);
Vanger	0:b86d15c6ba29	8246
Vanger	0:b86d15c6ba29	8247	return isSet;
Vanger	0:b86d15c6ba29	8248	}
Vanger	0:b86d15c6ba29	8249
Vanger	0:b86d15c6ba29	8250
Vanger	0:b86d15c6ba29	8251	word32 CyaSSL_X509_get_pathLength(CYASSL_X509* x509)
Vanger	0:b86d15c6ba29	8252	{
Vanger	0:b86d15c6ba29	8253	word32 pathLength = 0;
Vanger	0:b86d15c6ba29	8254
Vanger	0:b86d15c6ba29	8255	CYASSL_ENTER("CyaSSL_X509_get_pathLength");
Vanger	0:b86d15c6ba29	8256
Vanger	0:b86d15c6ba29	8257	if (x509 != NULL)
Vanger	0:b86d15c6ba29	8258	pathLength = x509->pathLength;
Vanger	0:b86d15c6ba29	8259
Vanger	0:b86d15c6ba29	8260	CYASSL_LEAVE("CyaSSL_X509_get_pathLength", pathLength);
Vanger	0:b86d15c6ba29	8261
Vanger	0:b86d15c6ba29	8262	return pathLength;
Vanger	0:b86d15c6ba29	8263	}
Vanger	0:b86d15c6ba29	8264
Vanger	0:b86d15c6ba29	8265
Vanger	0:b86d15c6ba29	8266	unsigned int CyaSSL_X509_get_keyUsage(CYASSL_X509* x509)
Vanger	0:b86d15c6ba29	8267	{
Vanger	0:b86d15c6ba29	8268	word16 usage = 0;
Vanger	0:b86d15c6ba29	8269
Vanger	0:b86d15c6ba29	8270	CYASSL_ENTER("CyaSSL_X509_get_keyUsage");
Vanger	0:b86d15c6ba29	8271
Vanger	0:b86d15c6ba29	8272	if (x509 != NULL)
Vanger	0:b86d15c6ba29	8273	usage = x509->keyUsage;
Vanger	0:b86d15c6ba29	8274
Vanger	0:b86d15c6ba29	8275	CYASSL_LEAVE("CyaSSL_X509_get_keyUsage", usage);
Vanger	0:b86d15c6ba29	8276
Vanger	0:b86d15c6ba29	8277	return usage;
Vanger	0:b86d15c6ba29	8278	}
Vanger	0:b86d15c6ba29	8279
Vanger	0:b86d15c6ba29	8280
Vanger	0:b86d15c6ba29	8281	byte* CyaSSL_X509_get_authorityKeyID(
Vanger	0:b86d15c6ba29	8282	CYASSL_X509* x509, byte* dst, int* dstLen)
Vanger	0:b86d15c6ba29	8283	{
Vanger	0:b86d15c6ba29	8284	byte *id = NULL;
Vanger	0:b86d15c6ba29	8285	int copySz = 0;
Vanger	0:b86d15c6ba29	8286
Vanger	0:b86d15c6ba29	8287	CYASSL_ENTER("CyaSSL_X509_get_authorityKeyID");
Vanger	0:b86d15c6ba29	8288
Vanger	0:b86d15c6ba29	8289	if (x509 != NULL) {
Vanger	0:b86d15c6ba29	8290	if (x509->authKeyIdSet) {
Vanger	0:b86d15c6ba29	8291	copySz = min(dstLen != NULL ? *dstLen : 0,
Vanger	0:b86d15c6ba29	8292	(int)x509->authKeyIdSz);
Vanger	0:b86d15c6ba29	8293	id = x509->authKeyId;
Vanger	0:b86d15c6ba29	8294	}
Vanger	0:b86d15c6ba29	8295
Vanger	0:b86d15c6ba29	8296	if (dst != NULL && dstLen != NULL && id != NULL && copySz > 0) {
Vanger	0:b86d15c6ba29	8297	XMEMCPY(dst, id, copySz);
Vanger	0:b86d15c6ba29	8298	id = dst;
Vanger	0:b86d15c6ba29	8299	*dstLen = copySz;
Vanger	0:b86d15c6ba29	8300	}
Vanger	0:b86d15c6ba29	8301	}
Vanger	0:b86d15c6ba29	8302
Vanger	0:b86d15c6ba29	8303	CYASSL_LEAVE("CyaSSL_X509_get_authorityKeyID", copySz);
Vanger	0:b86d15c6ba29	8304
Vanger	0:b86d15c6ba29	8305	return id;
Vanger	0:b86d15c6ba29	8306	}
Vanger	0:b86d15c6ba29	8307
Vanger	0:b86d15c6ba29	8308
Vanger	0:b86d15c6ba29	8309	byte* CyaSSL_X509_get_subjectKeyID(
Vanger	0:b86d15c6ba29	8310	CYASSL_X509* x509, byte* dst, int* dstLen)
Vanger	0:b86d15c6ba29	8311	{
Vanger	0:b86d15c6ba29	8312	byte *id = NULL;
Vanger	0:b86d15c6ba29	8313	int copySz = 0;
Vanger	0:b86d15c6ba29	8314
Vanger	0:b86d15c6ba29	8315	CYASSL_ENTER("CyaSSL_X509_get_subjectKeyID");
Vanger	0:b86d15c6ba29	8316
Vanger	0:b86d15c6ba29	8317	if (x509 != NULL) {
Vanger	0:b86d15c6ba29	8318	if (x509->subjKeyIdSet) {
Vanger	0:b86d15c6ba29	8319	copySz = min(dstLen != NULL ? *dstLen : 0,
Vanger	0:b86d15c6ba29	8320	(int)x509->subjKeyIdSz);
Vanger	0:b86d15c6ba29	8321	id = x509->subjKeyId;
Vanger	0:b86d15c6ba29	8322	}
Vanger	0:b86d15c6ba29	8323
Vanger	0:b86d15c6ba29	8324	if (dst != NULL && dstLen != NULL && id != NULL && copySz > 0) {
Vanger	0:b86d15c6ba29	8325	XMEMCPY(dst, id, copySz);
Vanger	0:b86d15c6ba29	8326	id = dst;
Vanger	0:b86d15c6ba29	8327	*dstLen = copySz;
Vanger	0:b86d15c6ba29	8328	}
Vanger	0:b86d15c6ba29	8329	}
Vanger	0:b86d15c6ba29	8330
Vanger	0:b86d15c6ba29	8331	CYASSL_LEAVE("CyaSSL_X509_get_subjectKeyID", copySz);
Vanger	0:b86d15c6ba29	8332
Vanger	0:b86d15c6ba29	8333	return id;
Vanger	0:b86d15c6ba29	8334	}
Vanger	0:b86d15c6ba29	8335
Vanger	0:b86d15c6ba29	8336
Vanger	0:b86d15c6ba29	8337	int CyaSSL_X509_NAME_entry_count(CYASSL_X509_NAME* name)
Vanger	0:b86d15c6ba29	8338	{
Vanger	0:b86d15c6ba29	8339	int count = 0;
Vanger	0:b86d15c6ba29	8340
Vanger	0:b86d15c6ba29	8341	CYASSL_ENTER("CyaSSL_X509_NAME_entry_count");
Vanger	0:b86d15c6ba29	8342
Vanger	0:b86d15c6ba29	8343	if (name != NULL)
Vanger	0:b86d15c6ba29	8344	count = name->fullName.entryCount;
Vanger	0:b86d15c6ba29	8345
Vanger	0:b86d15c6ba29	8346	CYASSL_LEAVE("CyaSSL_X509_NAME_entry_count", count);
Vanger	0:b86d15c6ba29	8347	return count;
Vanger	0:b86d15c6ba29	8348	}
Vanger	0:b86d15c6ba29	8349
Vanger	0:b86d15c6ba29	8350
Vanger	0:b86d15c6ba29	8351	int CyaSSL_X509_NAME_get_text_by_NID(CYASSL_X509_NAME* name,
Vanger	0:b86d15c6ba29	8352	int nid, char* buf, int len)
Vanger	0:b86d15c6ba29	8353	{
Vanger	0:b86d15c6ba29	8354	char *text = NULL;
Vanger	0:b86d15c6ba29	8355	int textSz = 0;
Vanger	0:b86d15c6ba29	8356
Vanger	0:b86d15c6ba29	8357	CYASSL_ENTER("CyaSSL_X509_NAME_get_text_by_NID");
Vanger	0:b86d15c6ba29	8358
Vanger	0:b86d15c6ba29	8359	switch (nid) {
Vanger	0:b86d15c6ba29	8360	case ASN_COMMON_NAME:
Vanger	0:b86d15c6ba29	8361	text = name->fullName.fullName + name->fullName.cnIdx;
Vanger	0:b86d15c6ba29	8362	textSz = name->fullName.cnLen;
Vanger	0:b86d15c6ba29	8363	break;
Vanger	0:b86d15c6ba29	8364	case ASN_SUR_NAME:
Vanger	0:b86d15c6ba29	8365	text = name->fullName.fullName + name->fullName.snIdx;
Vanger	0:b86d15c6ba29	8366	textSz = name->fullName.snLen;
Vanger	0:b86d15c6ba29	8367	break;
Vanger	0:b86d15c6ba29	8368	case ASN_SERIAL_NUMBER:
Vanger	0:b86d15c6ba29	8369	text = name->fullName.fullName + name->fullName.serialIdx;
Vanger	0:b86d15c6ba29	8370	textSz = name->fullName.serialLen;
Vanger	0:b86d15c6ba29	8371	break;
Vanger	0:b86d15c6ba29	8372	case ASN_COUNTRY_NAME:
Vanger	0:b86d15c6ba29	8373	text = name->fullName.fullName + name->fullName.cIdx;
Vanger	0:b86d15c6ba29	8374	textSz = name->fullName.cLen;
Vanger	0:b86d15c6ba29	8375	break;
Vanger	0:b86d15c6ba29	8376	case ASN_LOCALITY_NAME:
Vanger	0:b86d15c6ba29	8377	text = name->fullName.fullName + name->fullName.lIdx;
Vanger	0:b86d15c6ba29	8378	textSz = name->fullName.lLen;
Vanger	0:b86d15c6ba29	8379	break;
Vanger	0:b86d15c6ba29	8380	case ASN_STATE_NAME:
Vanger	0:b86d15c6ba29	8381	text = name->fullName.fullName + name->fullName.stIdx;
Vanger	0:b86d15c6ba29	8382	textSz = name->fullName.stLen;
Vanger	0:b86d15c6ba29	8383	break;
Vanger	0:b86d15c6ba29	8384	case ASN_ORG_NAME:
Vanger	0:b86d15c6ba29	8385	text = name->fullName.fullName + name->fullName.oIdx;
Vanger	0:b86d15c6ba29	8386	textSz = name->fullName.oLen;
Vanger	0:b86d15c6ba29	8387	break;
Vanger	0:b86d15c6ba29	8388	case ASN_ORGUNIT_NAME:
Vanger	0:b86d15c6ba29	8389	text = name->fullName.fullName + name->fullName.ouIdx;
Vanger	0:b86d15c6ba29	8390	textSz = name->fullName.ouLen;
Vanger	0:b86d15c6ba29	8391	break;
Vanger	0:b86d15c6ba29	8392	default:
Vanger	0:b86d15c6ba29	8393	break;
Vanger	0:b86d15c6ba29	8394	}
Vanger	0:b86d15c6ba29	8395
Vanger	0:b86d15c6ba29	8396	if (buf != NULL && text != NULL) {
Vanger	0:b86d15c6ba29	8397	textSz = min(textSz, len);
Vanger	0:b86d15c6ba29	8398	XMEMCPY(buf, text, textSz);
Vanger	0:b86d15c6ba29	8399	buf[textSz] = '\0';
Vanger	0:b86d15c6ba29	8400	}
Vanger	0:b86d15c6ba29	8401
Vanger	0:b86d15c6ba29	8402	CYASSL_LEAVE("CyaSSL_X509_NAME_get_text_by_NID", textSz);
Vanger	0:b86d15c6ba29	8403	return textSz;
Vanger	0:b86d15c6ba29	8404	}
Vanger	0:b86d15c6ba29	8405	#endif
Vanger	0:b86d15c6ba29	8406
Vanger	0:b86d15c6ba29	8407
Vanger	0:b86d15c6ba29	8408	/* copy name into in buffer, at most sz bytes, if buffer is null will
Vanger	0:b86d15c6ba29	8409	malloc buffer, call responsible for freeing */
Vanger	0:b86d15c6ba29	8410	char* CyaSSL_X509_NAME_oneline(CYASSL_X509_NAME* name, char* in, int sz)
Vanger	0:b86d15c6ba29	8411	{
Vanger	0:b86d15c6ba29	8412	int copySz = min(sz, name->sz);
Vanger	0:b86d15c6ba29	8413
Vanger	0:b86d15c6ba29	8414	CYASSL_ENTER("CyaSSL_X509_NAME_oneline");
Vanger	0:b86d15c6ba29	8415	if (!name->sz) return in;
Vanger	0:b86d15c6ba29	8416
Vanger	0:b86d15c6ba29	8417	if (!in) {
Vanger	0:b86d15c6ba29	8418	in = (char*)XMALLOC(name->sz, 0, DYNAMIC_TYPE_OPENSSL);
Vanger	0:b86d15c6ba29	8419	if (!in ) return in;
Vanger	0:b86d15c6ba29	8420	copySz = name->sz;
Vanger	0:b86d15c6ba29	8421	}
Vanger	0:b86d15c6ba29	8422
Vanger	0:b86d15c6ba29	8423	if (copySz == 0)
Vanger	0:b86d15c6ba29	8424	return in;
Vanger	0:b86d15c6ba29	8425
Vanger	0:b86d15c6ba29	8426	XMEMCPY(in, name->name, copySz - 1);
Vanger	0:b86d15c6ba29	8427	in[copySz - 1] = 0;
Vanger	0:b86d15c6ba29	8428
Vanger	0:b86d15c6ba29	8429	return in;
Vanger	0:b86d15c6ba29	8430	}
Vanger	0:b86d15c6ba29	8431
Vanger	0:b86d15c6ba29	8432
Vanger	0:b86d15c6ba29	8433	int CyaSSL_X509_get_signature_type(CYASSL_X509* x509)
Vanger	0:b86d15c6ba29	8434	{
Vanger	0:b86d15c6ba29	8435	int type = 0;
Vanger	0:b86d15c6ba29	8436
Vanger	0:b86d15c6ba29	8437	CYASSL_ENTER("CyaSSL_X509_get_signature_type");
Vanger	0:b86d15c6ba29	8438
Vanger	0:b86d15c6ba29	8439	if (x509 != NULL)
Vanger	0:b86d15c6ba29	8440	type = x509->sigOID;
Vanger	0:b86d15c6ba29	8441
Vanger	0:b86d15c6ba29	8442	return type;
Vanger	0:b86d15c6ba29	8443	}
Vanger	0:b86d15c6ba29	8444
Vanger	0:b86d15c6ba29	8445
Vanger	0:b86d15c6ba29	8446	int CyaSSL_X509_get_signature(CYASSL_X509* x509,
Vanger	0:b86d15c6ba29	8447	unsigned char* buf, int* bufSz)
Vanger	0:b86d15c6ba29	8448	{
Vanger	0:b86d15c6ba29	8449	CYASSL_ENTER("CyaSSL_X509_get_signature");
Vanger	0:b86d15c6ba29	8450	if (x509 == NULL \|\| bufSz == NULL \|\| *bufSz < (int)x509->sig.length)
Vanger	0:b86d15c6ba29	8451	return SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	8452
Vanger	0:b86d15c6ba29	8453	if (buf != NULL)
Vanger	0:b86d15c6ba29	8454	XMEMCPY(buf, x509->sig.buffer, x509->sig.length);
Vanger	0:b86d15c6ba29	8455	*bufSz = x509->sig.length;
Vanger	0:b86d15c6ba29	8456
Vanger	0:b86d15c6ba29	8457	return SSL_SUCCESS;
Vanger	0:b86d15c6ba29	8458	}
Vanger	0:b86d15c6ba29	8459
Vanger	0:b86d15c6ba29	8460
Vanger	0:b86d15c6ba29	8461	/* write X509 serial number in unsigned binary to buffer
Vanger	0:b86d15c6ba29	8462	buffer needs to be at least EXTERNAL_SERIAL_SIZE (32) for all cases
Vanger	0:b86d15c6ba29	8463	return SSL_SUCCESS on success */
Vanger	0:b86d15c6ba29	8464	int CyaSSL_X509_get_serial_number(CYASSL_X509* x509, byte* in, int* inOutSz)
Vanger	0:b86d15c6ba29	8465	{
Vanger	0:b86d15c6ba29	8466	CYASSL_ENTER("CyaSSL_X509_get_serial_number");
Vanger	0:b86d15c6ba29	8467	if (x509 == NULL \|\| in == NULL \|\|
Vanger	0:b86d15c6ba29	8468	inOutSz == NULL \|\| *inOutSz < x509->serialSz)
Vanger	0:b86d15c6ba29	8469	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	8470
Vanger	0:b86d15c6ba29	8471	XMEMCPY(in, x509->serial, x509->serialSz);
Vanger	0:b86d15c6ba29	8472	*inOutSz = x509->serialSz;
Vanger	0:b86d15c6ba29	8473
Vanger	0:b86d15c6ba29	8474	return SSL_SUCCESS;
Vanger	0:b86d15c6ba29	8475	}
Vanger	0:b86d15c6ba29	8476
Vanger	0:b86d15c6ba29	8477
Vanger	0:b86d15c6ba29	8478	const byte* CyaSSL_X509_get_der(CYASSL_X509* x509, int* outSz)
Vanger	0:b86d15c6ba29	8479	{
Vanger	0:b86d15c6ba29	8480	CYASSL_ENTER("CyaSSL_X509_get_der");
Vanger	0:b86d15c6ba29	8481
Vanger	0:b86d15c6ba29	8482	if (x509 == NULL \|\| outSz == NULL)
Vanger	0:b86d15c6ba29	8483	return NULL;
Vanger	0:b86d15c6ba29	8484
Vanger	0:b86d15c6ba29	8485	*outSz = (int)x509->derCert.length;
Vanger	0:b86d15c6ba29	8486	return x509->derCert.buffer;
Vanger	0:b86d15c6ba29	8487	}
Vanger	0:b86d15c6ba29	8488
Vanger	0:b86d15c6ba29	8489
Vanger	0:b86d15c6ba29	8490	int CyaSSL_X509_version(CYASSL_X509* x509)
Vanger	0:b86d15c6ba29	8491	{
Vanger	0:b86d15c6ba29	8492	CYASSL_ENTER("CyaSSL_X509_version");
Vanger	0:b86d15c6ba29	8493
Vanger	0:b86d15c6ba29	8494	if (x509 == NULL)
Vanger	0:b86d15c6ba29	8495	return 0;
Vanger	0:b86d15c6ba29	8496
Vanger	0:b86d15c6ba29	8497	return x509->version;
Vanger	0:b86d15c6ba29	8498	}
Vanger	0:b86d15c6ba29	8499
Vanger	0:b86d15c6ba29	8500
Vanger	0:b86d15c6ba29	8501	const byte* CyaSSL_X509_notBefore(CYASSL_X509* x509)
Vanger	0:b86d15c6ba29	8502	{
Vanger	0:b86d15c6ba29	8503	CYASSL_ENTER("CyaSSL_X509_notBefore");
Vanger	0:b86d15c6ba29	8504
Vanger	0:b86d15c6ba29	8505	if (x509 == NULL)
Vanger	0:b86d15c6ba29	8506	return NULL;
Vanger	0:b86d15c6ba29	8507
Vanger	0:b86d15c6ba29	8508	return x509->notBefore;
Vanger	0:b86d15c6ba29	8509	}
Vanger	0:b86d15c6ba29	8510
Vanger	0:b86d15c6ba29	8511
Vanger	0:b86d15c6ba29	8512	const byte* CyaSSL_X509_notAfter(CYASSL_X509* x509)
Vanger	0:b86d15c6ba29	8513	{
Vanger	0:b86d15c6ba29	8514	CYASSL_ENTER("CyaSSL_X509_notAfter");
Vanger	0:b86d15c6ba29	8515
Vanger	0:b86d15c6ba29	8516	if (x509 == NULL)
Vanger	0:b86d15c6ba29	8517	return NULL;
Vanger	0:b86d15c6ba29	8518
Vanger	0:b86d15c6ba29	8519	return x509->notAfter;
Vanger	0:b86d15c6ba29	8520	}
Vanger	0:b86d15c6ba29	8521
Vanger	0:b86d15c6ba29	8522
Vanger	0:b86d15c6ba29	8523	#ifdef CYASSL_SEP
Vanger	0:b86d15c6ba29	8524
Vanger	0:b86d15c6ba29	8525	/* copy oid into in buffer, at most *inOutSz bytes, if buffer is null will
Vanger	0:b86d15c6ba29	8526	malloc buffer, call responsible for freeing. Actual size returned in
Vanger	0:b86d15c6ba29	8527	inOutSz. Requires inOutSz be non-null /
Vanger	0:b86d15c6ba29	8528	byte* CyaSSL_X509_get_device_type(CYASSL_X509* x509, byte* in, int *inOutSz)
Vanger	0:b86d15c6ba29	8529	{
Vanger	0:b86d15c6ba29	8530	int copySz;
Vanger	0:b86d15c6ba29	8531
Vanger	0:b86d15c6ba29	8532	CYASSL_ENTER("CyaSSL_X509_get_dev_type");
Vanger	0:b86d15c6ba29	8533	if (inOutSz == NULL) return NULL;
Vanger	0:b86d15c6ba29	8534	if (!x509->deviceTypeSz) return in;
Vanger	0:b86d15c6ba29	8535
Vanger	0:b86d15c6ba29	8536	copySz = min(*inOutSz, x509->deviceTypeSz);
Vanger	0:b86d15c6ba29	8537
Vanger	0:b86d15c6ba29	8538	if (!in) {
Vanger	0:b86d15c6ba29	8539	in = (byte*)XMALLOC(x509->deviceTypeSz, 0, DYNAMIC_TYPE_OPENSSL);
Vanger	0:b86d15c6ba29	8540	if (!in) return in;
Vanger	0:b86d15c6ba29	8541	copySz = x509->deviceTypeSz;
Vanger	0:b86d15c6ba29	8542	}
Vanger	0:b86d15c6ba29	8543
Vanger	0:b86d15c6ba29	8544	XMEMCPY(in, x509->deviceType, copySz);
Vanger	0:b86d15c6ba29	8545	*inOutSz = copySz;
Vanger	0:b86d15c6ba29	8546
Vanger	0:b86d15c6ba29	8547	return in;
Vanger	0:b86d15c6ba29	8548	}
Vanger	0:b86d15c6ba29	8549
Vanger	0:b86d15c6ba29	8550
Vanger	0:b86d15c6ba29	8551	byte* CyaSSL_X509_get_hw_type(CYASSL_X509* x509, byte* in, int* inOutSz)
Vanger	0:b86d15c6ba29	8552	{
Vanger	0:b86d15c6ba29	8553	int copySz;
Vanger	0:b86d15c6ba29	8554
Vanger	0:b86d15c6ba29	8555	CYASSL_ENTER("CyaSSL_X509_get_hw_type");
Vanger	0:b86d15c6ba29	8556	if (inOutSz == NULL) return NULL;
Vanger	0:b86d15c6ba29	8557	if (!x509->hwTypeSz) return in;
Vanger	0:b86d15c6ba29	8558
Vanger	0:b86d15c6ba29	8559	copySz = min(*inOutSz, x509->hwTypeSz);
Vanger	0:b86d15c6ba29	8560
Vanger	0:b86d15c6ba29	8561	if (!in) {
Vanger	0:b86d15c6ba29	8562	in = (byte*)XMALLOC(x509->hwTypeSz, 0, DYNAMIC_TYPE_OPENSSL);
Vanger	0:b86d15c6ba29	8563	if (!in) return in;
Vanger	0:b86d15c6ba29	8564	copySz = x509->hwTypeSz;
Vanger	0:b86d15c6ba29	8565	}
Vanger	0:b86d15c6ba29	8566
Vanger	0:b86d15c6ba29	8567	XMEMCPY(in, x509->hwType, copySz);
Vanger	0:b86d15c6ba29	8568	*inOutSz = copySz;
Vanger	0:b86d15c6ba29	8569
Vanger	0:b86d15c6ba29	8570	return in;
Vanger	0:b86d15c6ba29	8571	}
Vanger	0:b86d15c6ba29	8572
Vanger	0:b86d15c6ba29	8573
Vanger	0:b86d15c6ba29	8574	byte* CyaSSL_X509_get_hw_serial_number(CYASSL_X509* x509,byte* in,int* inOutSz)
Vanger	0:b86d15c6ba29	8575	{
Vanger	0:b86d15c6ba29	8576	int copySz;
Vanger	0:b86d15c6ba29	8577
Vanger	0:b86d15c6ba29	8578	CYASSL_ENTER("CyaSSL_X509_get_hw_serial_number");
Vanger	0:b86d15c6ba29	8579	if (inOutSz == NULL) return NULL;
Vanger	0:b86d15c6ba29	8580	if (!x509->hwTypeSz) return in;
Vanger	0:b86d15c6ba29	8581
Vanger	0:b86d15c6ba29	8582	copySz = min(*inOutSz, x509->hwSerialNumSz);
Vanger	0:b86d15c6ba29	8583
Vanger	0:b86d15c6ba29	8584	if (!in) {
Vanger	0:b86d15c6ba29	8585	in = (byte*)XMALLOC(x509->hwSerialNumSz, 0, DYNAMIC_TYPE_OPENSSL);
Vanger	0:b86d15c6ba29	8586	if (!in) return in;
Vanger	0:b86d15c6ba29	8587	copySz = x509->hwSerialNumSz;
Vanger	0:b86d15c6ba29	8588	}
Vanger	0:b86d15c6ba29	8589
Vanger	0:b86d15c6ba29	8590	XMEMCPY(in, x509->hwSerialNum, copySz);
Vanger	0:b86d15c6ba29	8591	*inOutSz = copySz;
Vanger	0:b86d15c6ba29	8592
Vanger	0:b86d15c6ba29	8593	return in;
Vanger	0:b86d15c6ba29	8594	}
Vanger	0:b86d15c6ba29	8595
Vanger	0:b86d15c6ba29	8596	#endif /* CYASSL_SEP */
Vanger	0:b86d15c6ba29	8597
Vanger	0:b86d15c6ba29	8598
Vanger	0:b86d15c6ba29	8599	CYASSL_X509* CyaSSL_X509_d2i(CYASSL_X509** x509, const byte* in, int len)
Vanger	0:b86d15c6ba29	8600	{
Vanger	0:b86d15c6ba29	8601	CYASSL_X509 *newX509 = NULL;
Vanger	0:b86d15c6ba29	8602
Vanger	0:b86d15c6ba29	8603	CYASSL_ENTER("CyaSSL_X509_d2i");
Vanger	0:b86d15c6ba29	8604
Vanger	0:b86d15c6ba29	8605	if (in != NULL && len != 0) {
Vanger	0:b86d15c6ba29	8606	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	8607	DecodedCert* cert = NULL;
Vanger	0:b86d15c6ba29	8608	#else
Vanger	0:b86d15c6ba29	8609	DecodedCert cert[1];
Vanger	0:b86d15c6ba29	8610	#endif
Vanger	0:b86d15c6ba29	8611
Vanger	0:b86d15c6ba29	8612	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	8613	cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL,
Vanger	0:b86d15c6ba29	8614	DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	8615	if (cert == NULL)
Vanger	0:b86d15c6ba29	8616	return NULL;
Vanger	0:b86d15c6ba29	8617	#endif
Vanger	0:b86d15c6ba29	8618
Vanger	0:b86d15c6ba29	8619	InitDecodedCert(cert, (byte*)in, len, NULL);
Vanger	0:b86d15c6ba29	8620	if (ParseCertRelative(cert, CERT_TYPE, 0, NULL) == 0) {
Vanger	0:b86d15c6ba29	8621	newX509 = (CYASSL_X509*)XMALLOC(sizeof(CYASSL_X509),
Vanger	0:b86d15c6ba29	8622	NULL, DYNAMIC_TYPE_X509);
Vanger	0:b86d15c6ba29	8623	if (newX509 != NULL) {
Vanger	0:b86d15c6ba29	8624	InitX509(newX509, 1);
Vanger	0:b86d15c6ba29	8625	if (CopyDecodedToX509(newX509, cert) != 0) {
Vanger	0:b86d15c6ba29	8626	XFREE(newX509, NULL, DYNAMIC_TYPE_X509);
Vanger	0:b86d15c6ba29	8627	newX509 = NULL;
Vanger	0:b86d15c6ba29	8628	}
Vanger	0:b86d15c6ba29	8629	}
Vanger	0:b86d15c6ba29	8630	}
Vanger	0:b86d15c6ba29	8631	FreeDecodedCert(cert);
Vanger	0:b86d15c6ba29	8632	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	8633	XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	8634	#endif
Vanger	0:b86d15c6ba29	8635	}
Vanger	0:b86d15c6ba29	8636
Vanger	0:b86d15c6ba29	8637	if (x509 != NULL)
Vanger	0:b86d15c6ba29	8638	*x509 = newX509;
Vanger	0:b86d15c6ba29	8639
Vanger	0:b86d15c6ba29	8640	return newX509;
Vanger	0:b86d15c6ba29	8641	}
Vanger	0:b86d15c6ba29	8642
Vanger	0:b86d15c6ba29	8643
Vanger	0:b86d15c6ba29	8644	#ifndef NO_FILESYSTEM
Vanger	0:b86d15c6ba29	8645
Vanger	0:b86d15c6ba29	8646	#ifndef NO_STDIO_FILESYSTEM
Vanger	0:b86d15c6ba29	8647
Vanger	0:b86d15c6ba29	8648	CYASSL_X509* CyaSSL_X509_d2i_fp(CYASSL_X509** x509, XFILE file)
Vanger	0:b86d15c6ba29	8649	{
Vanger	0:b86d15c6ba29	8650	CYASSL_X509* newX509 = NULL;
Vanger	0:b86d15c6ba29	8651
Vanger	0:b86d15c6ba29	8652	CYASSL_ENTER("CyaSSL_X509_d2i_fp");
Vanger	0:b86d15c6ba29	8653
Vanger	0:b86d15c6ba29	8654	if (file != XBADFILE) {
Vanger	0:b86d15c6ba29	8655	byte* fileBuffer = NULL;
Vanger	0:b86d15c6ba29	8656	long sz = 0;
Vanger	0:b86d15c6ba29	8657
Vanger	0:b86d15c6ba29	8658	XFSEEK(file, 0, XSEEK_END);
Vanger	0:b86d15c6ba29	8659	sz = XFTELL(file);
Vanger	0:b86d15c6ba29	8660	XREWIND(file);
Vanger	0:b86d15c6ba29	8661
Vanger	0:b86d15c6ba29	8662	if (sz < 0) {
Vanger	0:b86d15c6ba29	8663	CYASSL_MSG("Bad tell on FILE");
Vanger	0:b86d15c6ba29	8664	return NULL;
Vanger	0:b86d15c6ba29	8665	}
Vanger	0:b86d15c6ba29	8666
Vanger	0:b86d15c6ba29	8667	fileBuffer = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE);
Vanger	0:b86d15c6ba29	8668	if (fileBuffer != NULL) {
Vanger	0:b86d15c6ba29	8669	int ret = (int)XFREAD(fileBuffer, sz, 1, file);
Vanger	0:b86d15c6ba29	8670	if (ret > 0) {
Vanger	0:b86d15c6ba29	8671	newX509 = CyaSSL_X509_d2i(NULL, fileBuffer, (int)sz);
Vanger	0:b86d15c6ba29	8672	}
Vanger	0:b86d15c6ba29	8673	XFREE(fileBuffer, NULL, DYNAMIC_TYPE_FILE);
Vanger	0:b86d15c6ba29	8674	}
Vanger	0:b86d15c6ba29	8675	}
Vanger	0:b86d15c6ba29	8676
Vanger	0:b86d15c6ba29	8677	if (x509 != NULL)
Vanger	0:b86d15c6ba29	8678	*x509 = newX509;
Vanger	0:b86d15c6ba29	8679
Vanger	0:b86d15c6ba29	8680	return newX509;
Vanger	0:b86d15c6ba29	8681	}
Vanger	0:b86d15c6ba29	8682
Vanger	0:b86d15c6ba29	8683	#endif /* NO_STDIO_FILESYSTEM */
Vanger	0:b86d15c6ba29	8684
Vanger	0:b86d15c6ba29	8685	CYASSL_X509* CyaSSL_X509_load_certificate_file(const char* fname, int format)
Vanger	0:b86d15c6ba29	8686	{
Vanger	0:b86d15c6ba29	8687	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	8688	byte staticBuffer[1]; /* force heap usage */
Vanger	0:b86d15c6ba29	8689	#else
Vanger	0:b86d15c6ba29	8690	byte staticBuffer[FILE_BUFFER_SIZE];
Vanger	0:b86d15c6ba29	8691	#endif
Vanger	0:b86d15c6ba29	8692	byte* fileBuffer = staticBuffer;
Vanger	0:b86d15c6ba29	8693	int dynamic = 0;
Vanger	0:b86d15c6ba29	8694	int ret;
Vanger	0:b86d15c6ba29	8695	long sz = 0;
Vanger	0:b86d15c6ba29	8696	XFILE file;
Vanger	0:b86d15c6ba29	8697
Vanger	0:b86d15c6ba29	8698	CYASSL_X509* x509 = NULL;
Vanger	0:b86d15c6ba29	8699	buffer der;
Vanger	0:b86d15c6ba29	8700
Vanger	0:b86d15c6ba29	8701	CYASSL_ENTER("CyaSSL_X509_load_certificate");
Vanger	0:b86d15c6ba29	8702
Vanger	0:b86d15c6ba29	8703	/* Check the inputs */
Vanger	0:b86d15c6ba29	8704	if ((fname == NULL) \|\|
Vanger	0:b86d15c6ba29	8705	(format != SSL_FILETYPE_ASN1 && format != SSL_FILETYPE_PEM))
Vanger	0:b86d15c6ba29	8706	return NULL;
Vanger	0:b86d15c6ba29	8707
Vanger	0:b86d15c6ba29	8708	file = XFOPEN(fname, "rb");
Vanger	0:b86d15c6ba29	8709	if (file == XBADFILE)
Vanger	0:b86d15c6ba29	8710	return NULL;
Vanger	0:b86d15c6ba29	8711
Vanger	0:b86d15c6ba29	8712	XFSEEK(file, 0, XSEEK_END);
Vanger	0:b86d15c6ba29	8713	sz = XFTELL(file);
Vanger	0:b86d15c6ba29	8714	XREWIND(file);
Vanger	0:b86d15c6ba29	8715
Vanger	0:b86d15c6ba29	8716	if (sz > (long)sizeof(staticBuffer)) {
Vanger	0:b86d15c6ba29	8717	fileBuffer = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE);
Vanger	0:b86d15c6ba29	8718	if (fileBuffer == NULL) {
Vanger	0:b86d15c6ba29	8719	XFCLOSE(file);
Vanger	0:b86d15c6ba29	8720	return NULL;
Vanger	0:b86d15c6ba29	8721	}
Vanger	0:b86d15c6ba29	8722	dynamic = 1;
Vanger	0:b86d15c6ba29	8723	}
Vanger	0:b86d15c6ba29	8724	else if (sz < 0) {
Vanger	0:b86d15c6ba29	8725	XFCLOSE(file);
Vanger	0:b86d15c6ba29	8726	return NULL;
Vanger	0:b86d15c6ba29	8727	}
Vanger	0:b86d15c6ba29	8728
Vanger	0:b86d15c6ba29	8729	ret = (int)XFREAD(fileBuffer, sz, 1, file);
Vanger	0:b86d15c6ba29	8730	if (ret < 0) {
Vanger	0:b86d15c6ba29	8731	XFCLOSE(file);
Vanger	0:b86d15c6ba29	8732	if (dynamic)
Vanger	0:b86d15c6ba29	8733	XFREE(fileBuffer, NULL, DYNAMIC_TYPE_FILE);
Vanger	0:b86d15c6ba29	8734	return NULL;
Vanger	0:b86d15c6ba29	8735	}
Vanger	0:b86d15c6ba29	8736
Vanger	0:b86d15c6ba29	8737	XFCLOSE(file);
Vanger	0:b86d15c6ba29	8738
Vanger	0:b86d15c6ba29	8739	der.buffer = NULL;
Vanger	0:b86d15c6ba29	8740	der.length = 0;
Vanger	0:b86d15c6ba29	8741
Vanger	0:b86d15c6ba29	8742	if (format == SSL_FILETYPE_PEM) {
Vanger	0:b86d15c6ba29	8743	int ecc = 0;
Vanger	0:b86d15c6ba29	8744	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	8745	EncryptedInfo* info = NULL;
Vanger	0:b86d15c6ba29	8746	#else
Vanger	0:b86d15c6ba29	8747	EncryptedInfo info[1];
Vanger	0:b86d15c6ba29	8748	#endif
Vanger	0:b86d15c6ba29	8749
Vanger	0:b86d15c6ba29	8750	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	8751	info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), NULL,
Vanger	0:b86d15c6ba29	8752	DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	8753	if (info == NULL) {
Vanger	0:b86d15c6ba29	8754	if (dynamic)
Vanger	0:b86d15c6ba29	8755	XFREE(fileBuffer, NULL, DYNAMIC_TYPE_FILE);
Vanger	0:b86d15c6ba29	8756
Vanger	0:b86d15c6ba29	8757	return NULL;
Vanger	0:b86d15c6ba29	8758	}
Vanger	0:b86d15c6ba29	8759	#endif
Vanger	0:b86d15c6ba29	8760
Vanger	0:b86d15c6ba29	8761	info->set = 0;
Vanger	0:b86d15c6ba29	8762	info->ctx = NULL;
Vanger	0:b86d15c6ba29	8763	info->consumed = 0;
Vanger	0:b86d15c6ba29	8764
Vanger	0:b86d15c6ba29	8765	if (PemToDer(fileBuffer, sz, CERT_TYPE, &der, NULL, info, &ecc) != 0)
Vanger	0:b86d15c6ba29	8766	{
Vanger	0:b86d15c6ba29	8767	/* Only time this should fail, and leave `der` with a buffer
Vanger	0:b86d15c6ba29	8768	is when the Base64 Decode fails. Release `der.buffer` in
Vanger	0:b86d15c6ba29	8769	that case. */
Vanger	0:b86d15c6ba29	8770	if (der.buffer != NULL) {
Vanger	0:b86d15c6ba29	8771	XFREE(der.buffer, NULL, DYNAMIC_TYPE_CERT);
Vanger	0:b86d15c6ba29	8772	der.buffer = NULL;
Vanger	0:b86d15c6ba29	8773	}
Vanger	0:b86d15c6ba29	8774	}
Vanger	0:b86d15c6ba29	8775
Vanger	0:b86d15c6ba29	8776	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	8777	XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	8778	#endif
Vanger	0:b86d15c6ba29	8779	}
Vanger	0:b86d15c6ba29	8780	else {
Vanger	0:b86d15c6ba29	8781	der.buffer = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_CERT);
Vanger	0:b86d15c6ba29	8782	if (der.buffer != NULL) {
Vanger	0:b86d15c6ba29	8783	XMEMCPY(der.buffer, fileBuffer, sz);
Vanger	0:b86d15c6ba29	8784	der.length = (word32)sz;
Vanger	0:b86d15c6ba29	8785	}
Vanger	0:b86d15c6ba29	8786	}
Vanger	0:b86d15c6ba29	8787
Vanger	0:b86d15c6ba29	8788	if (dynamic)
Vanger	0:b86d15c6ba29	8789	XFREE(fileBuffer, NULL, DYNAMIC_TYPE_FILE);
Vanger	0:b86d15c6ba29	8790
Vanger	0:b86d15c6ba29	8791	/* At this point we want `der` to have the certificate in DER format */
Vanger	0:b86d15c6ba29	8792	/* ready to be decoded. */
Vanger	0:b86d15c6ba29	8793	if (der.buffer != NULL) {
Vanger	0:b86d15c6ba29	8794	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	8795	DecodedCert* cert = NULL;
Vanger	0:b86d15c6ba29	8796	#else
Vanger	0:b86d15c6ba29	8797	DecodedCert cert[1];
Vanger	0:b86d15c6ba29	8798	#endif
Vanger	0:b86d15c6ba29	8799
Vanger	0:b86d15c6ba29	8800	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	8801	cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL,
Vanger	0:b86d15c6ba29	8802	DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	8803	if (cert != NULL)
Vanger	0:b86d15c6ba29	8804	#endif
Vanger	0:b86d15c6ba29	8805	{
Vanger	0:b86d15c6ba29	8806	InitDecodedCert(cert, der.buffer, der.length, NULL);
Vanger	0:b86d15c6ba29	8807	if (ParseCertRelative(cert, CERT_TYPE, 0, NULL) == 0) {
Vanger	0:b86d15c6ba29	8808	x509 = (CYASSL_X509*)XMALLOC(sizeof(CYASSL_X509), NULL,
Vanger	0:b86d15c6ba29	8809	DYNAMIC_TYPE_X509);
Vanger	0:b86d15c6ba29	8810	if (x509 != NULL) {
Vanger	0:b86d15c6ba29	8811	InitX509(x509, 1);
Vanger	0:b86d15c6ba29	8812	if (CopyDecodedToX509(x509, cert) != 0) {
Vanger	0:b86d15c6ba29	8813	XFREE(x509, NULL, DYNAMIC_TYPE_X509);
Vanger	0:b86d15c6ba29	8814	x509 = NULL;
Vanger	0:b86d15c6ba29	8815	}
Vanger	0:b86d15c6ba29	8816	}
Vanger	0:b86d15c6ba29	8817	}
Vanger	0:b86d15c6ba29	8818
Vanger	0:b86d15c6ba29	8819	FreeDecodedCert(cert);
Vanger	0:b86d15c6ba29	8820	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	8821	XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	8822	#endif
Vanger	0:b86d15c6ba29	8823	}
Vanger	0:b86d15c6ba29	8824
Vanger	0:b86d15c6ba29	8825	XFREE(der.buffer, NULL, DYNAMIC_TYPE_CERT);
Vanger	0:b86d15c6ba29	8826	}
Vanger	0:b86d15c6ba29	8827
Vanger	0:b86d15c6ba29	8828	return x509;
Vanger	0:b86d15c6ba29	8829	}
Vanger	0:b86d15c6ba29	8830
Vanger	0:b86d15c6ba29	8831	#endif /* NO_FILESYSTEM */
Vanger	0:b86d15c6ba29	8832
Vanger	0:b86d15c6ba29	8833	#endif /* KEEP_PEER_CERT \|\| SESSION_CERTS */
Vanger	0:b86d15c6ba29	8834
Vanger	0:b86d15c6ba29	8835
Vanger	0:b86d15c6ba29	8836	#ifdef OPENSSL_EXTRA
Vanger	0:b86d15c6ba29	8837	int CyaSSL_set_ex_data(CYASSL* ssl, int idx, void* data)
Vanger	0:b86d15c6ba29	8838	{
Vanger	0:b86d15c6ba29	8839	#ifdef FORTRESS
Vanger	0:b86d15c6ba29	8840	if (ssl != NULL && idx < MAX_EX_DATA)
Vanger	0:b86d15c6ba29	8841	{
Vanger	0:b86d15c6ba29	8842	ssl->ex_data[idx] = data;
Vanger	0:b86d15c6ba29	8843	return SSL_SUCCESS;
Vanger	0:b86d15c6ba29	8844	}
Vanger	0:b86d15c6ba29	8845	#else
Vanger	0:b86d15c6ba29	8846	(void)ssl;
Vanger	0:b86d15c6ba29	8847	(void)idx;
Vanger	0:b86d15c6ba29	8848	(void)data;
Vanger	0:b86d15c6ba29	8849	#endif
Vanger	0:b86d15c6ba29	8850	return SSL_FAILURE;
Vanger	0:b86d15c6ba29	8851	}
Vanger	0:b86d15c6ba29	8852
Vanger	0:b86d15c6ba29	8853
Vanger	0:b86d15c6ba29	8854	int CyaSSL_set_session_id_context(CYASSL* ssl, const unsigned char* id,
Vanger	0:b86d15c6ba29	8855	unsigned int len)
Vanger	0:b86d15c6ba29	8856	{
Vanger	0:b86d15c6ba29	8857	(void)ssl;
Vanger	0:b86d15c6ba29	8858	(void)id;
Vanger	0:b86d15c6ba29	8859	(void)len;
Vanger	0:b86d15c6ba29	8860	return 0;
Vanger	0:b86d15c6ba29	8861	}
Vanger	0:b86d15c6ba29	8862
Vanger	0:b86d15c6ba29	8863
Vanger	0:b86d15c6ba29	8864	void CyaSSL_set_connect_state(CYASSL* ssl)
Vanger	0:b86d15c6ba29	8865	{
Vanger	0:b86d15c6ba29	8866	(void)ssl;
Vanger	0:b86d15c6ba29	8867	/* client by default */
Vanger	0:b86d15c6ba29	8868	}
Vanger	0:b86d15c6ba29	8869	#endif
Vanger	0:b86d15c6ba29	8870
Vanger	0:b86d15c6ba29	8871	int CyaSSL_get_shutdown(const CYASSL* ssl)
Vanger	0:b86d15c6ba29	8872	{
Vanger	0:b86d15c6ba29	8873	return (ssl->options.isClosed \|\|
Vanger	0:b86d15c6ba29	8874	ssl->options.connReset \|\|
Vanger	0:b86d15c6ba29	8875	ssl->options.sentNotify);
Vanger	0:b86d15c6ba29	8876	}
Vanger	0:b86d15c6ba29	8877
Vanger	0:b86d15c6ba29	8878
Vanger	0:b86d15c6ba29	8879	int CyaSSL_session_reused(CYASSL* ssl)
Vanger	0:b86d15c6ba29	8880	{
Vanger	0:b86d15c6ba29	8881	return ssl->options.resuming;
Vanger	0:b86d15c6ba29	8882	}
Vanger	0:b86d15c6ba29	8883
Vanger	0:b86d15c6ba29	8884	#ifdef OPENSSL_EXTRA
Vanger	0:b86d15c6ba29	8885	void CyaSSL_SESSION_free(CYASSL_SESSION* session)
Vanger	0:b86d15c6ba29	8886	{
Vanger	0:b86d15c6ba29	8887	(void)session;
Vanger	0:b86d15c6ba29	8888	}
Vanger	0:b86d15c6ba29	8889	#endif
Vanger	0:b86d15c6ba29	8890
Vanger	0:b86d15c6ba29	8891	const char* CyaSSL_get_version(CYASSL* ssl)
Vanger	0:b86d15c6ba29	8892	{
Vanger	0:b86d15c6ba29	8893	CYASSL_ENTER("SSL_get_version");
Vanger	0:b86d15c6ba29	8894	if (ssl->version.major == SSLv3_MAJOR) {
Vanger	0:b86d15c6ba29	8895	switch (ssl->version.minor) {
Vanger	0:b86d15c6ba29	8896	case SSLv3_MINOR :
Vanger	0:b86d15c6ba29	8897	return "SSLv3";
Vanger	0:b86d15c6ba29	8898	case TLSv1_MINOR :
Vanger	0:b86d15c6ba29	8899	return "TLSv1";
Vanger	0:b86d15c6ba29	8900	case TLSv1_1_MINOR :
Vanger	0:b86d15c6ba29	8901	return "TLSv1.1";
Vanger	0:b86d15c6ba29	8902	case TLSv1_2_MINOR :
Vanger	0:b86d15c6ba29	8903	return "TLSv1.2";
Vanger	0:b86d15c6ba29	8904	default:
Vanger	0:b86d15c6ba29	8905	return "unknown";
Vanger	0:b86d15c6ba29	8906	}
Vanger	0:b86d15c6ba29	8907	}
Vanger	0:b86d15c6ba29	8908	else if (ssl->version.major == DTLS_MAJOR) {
Vanger	0:b86d15c6ba29	8909	switch (ssl->version.minor) {
Vanger	0:b86d15c6ba29	8910	case DTLS_MINOR :
Vanger	0:b86d15c6ba29	8911	return "DTLS";
Vanger	0:b86d15c6ba29	8912	case DTLSv1_2_MINOR :
Vanger	0:b86d15c6ba29	8913	return "DTLSv1.2";
Vanger	0:b86d15c6ba29	8914	default:
Vanger	0:b86d15c6ba29	8915	return "unknown";
Vanger	0:b86d15c6ba29	8916	}
Vanger	0:b86d15c6ba29	8917	}
Vanger	0:b86d15c6ba29	8918	return "unknown";
Vanger	0:b86d15c6ba29	8919	}
Vanger	0:b86d15c6ba29	8920
Vanger	0:b86d15c6ba29	8921	int CyaSSL_get_current_cipher_suite(CYASSL* ssl)
Vanger	0:b86d15c6ba29	8922	{
Vanger	0:b86d15c6ba29	8923	CYASSL_ENTER("SSL_get_current_cipher_suite");
Vanger	0:b86d15c6ba29	8924	if (ssl)
Vanger	0:b86d15c6ba29	8925	return (ssl->options.cipherSuite0 << 8) \| ssl->options.cipherSuite;
Vanger	0:b86d15c6ba29	8926	return 0;
Vanger	0:b86d15c6ba29	8927	}
Vanger	0:b86d15c6ba29	8928
Vanger	0:b86d15c6ba29	8929	CYASSL_CIPHER* CyaSSL_get_current_cipher(CYASSL* ssl)
Vanger	0:b86d15c6ba29	8930	{
Vanger	0:b86d15c6ba29	8931	CYASSL_ENTER("SSL_get_current_cipher");
Vanger	0:b86d15c6ba29	8932	if (ssl)
Vanger	0:b86d15c6ba29	8933	return &ssl->cipher;
Vanger	0:b86d15c6ba29	8934	else
Vanger	0:b86d15c6ba29	8935	return NULL;
Vanger	0:b86d15c6ba29	8936	}
Vanger	0:b86d15c6ba29	8937
Vanger	0:b86d15c6ba29	8938
Vanger	0:b86d15c6ba29	8939	const char* CyaSSL_CIPHER_get_name(const CYASSL_CIPHER* cipher)
Vanger	0:b86d15c6ba29	8940	{
Vanger	0:b86d15c6ba29	8941	(void)cipher;
Vanger	0:b86d15c6ba29	8942
Vanger	0:b86d15c6ba29	8943	CYASSL_ENTER("SSL_CIPHER_get_name");
Vanger	0:b86d15c6ba29	8944	#ifndef NO_ERROR_STRINGS
Vanger	0:b86d15c6ba29	8945	if (cipher) {
Vanger	0:b86d15c6ba29	8946	#if defined(HAVE_CHACHA)
Vanger	0:b86d15c6ba29	8947	if (cipher->ssl->options.cipherSuite0 == CHACHA_BYTE) {
Vanger	0:b86d15c6ba29	8948	/* ChaCha suites */
Vanger	0:b86d15c6ba29	8949	switch (cipher->ssl->options.cipherSuite) {
Vanger	0:b86d15c6ba29	8950	#ifdef HAVE_CHACHA
Vanger	0:b86d15c6ba29	8951	#ifndef NO_RSA
Vanger	0:b86d15c6ba29	8952	case TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 :
Vanger	0:b86d15c6ba29	8953	return "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256";
Vanger	0:b86d15c6ba29	8954
Vanger	0:b86d15c6ba29	8955	case TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 :
Vanger	0:b86d15c6ba29	8956	return "TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256";
Vanger	0:b86d15c6ba29	8957	#endif
Vanger	0:b86d15c6ba29	8958	case TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 :
Vanger	0:b86d15c6ba29	8959	return "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256";
Vanger	0:b86d15c6ba29	8960	#endif
Vanger	0:b86d15c6ba29	8961	}
Vanger	0:b86d15c6ba29	8962	}
Vanger	0:b86d15c6ba29	8963	#endif
Vanger	0:b86d15c6ba29	8964
Vanger	0:b86d15c6ba29	8965	#if defined(HAVE_ECC) \|\| defined(HAVE_AESCCM)
Vanger	0:b86d15c6ba29	8966	/* Awkwardly, the ECC cipher suites use the ECC_BYTE as expected,
Vanger	0:b86d15c6ba29	8967	* but the AES-CCM cipher suites also use it, even the ones that
Vanger	0:b86d15c6ba29	8968	* aren't ECC. */
Vanger	0:b86d15c6ba29	8969	if (cipher->ssl->options.cipherSuite0 == ECC_BYTE) {
Vanger	0:b86d15c6ba29	8970	/* ECC suites */
Vanger	0:b86d15c6ba29	8971	switch (cipher->ssl->options.cipherSuite) {
Vanger	0:b86d15c6ba29	8972	#ifdef HAVE_ECC
Vanger	0:b86d15c6ba29	8973	#ifndef NO_RSA
Vanger	0:b86d15c6ba29	8974	case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 :
Vanger	0:b86d15c6ba29	8975	return "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256";
Vanger	0:b86d15c6ba29	8976	#endif
Vanger	0:b86d15c6ba29	8977	case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 :
Vanger	0:b86d15c6ba29	8978	return "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256";
Vanger	0:b86d15c6ba29	8979	#ifndef NO_RSA
Vanger	0:b86d15c6ba29	8980	case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 :
Vanger	0:b86d15c6ba29	8981	return "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256";
Vanger	0:b86d15c6ba29	8982	#endif
Vanger	0:b86d15c6ba29	8983	case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 :
Vanger	0:b86d15c6ba29	8984	return "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256";
Vanger	0:b86d15c6ba29	8985	#ifndef NO_RSA
Vanger	0:b86d15c6ba29	8986	case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 :
Vanger	0:b86d15c6ba29	8987	return "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384";
Vanger	0:b86d15c6ba29	8988	#endif
Vanger	0:b86d15c6ba29	8989	case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 :
Vanger	0:b86d15c6ba29	8990	return "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384";
Vanger	0:b86d15c6ba29	8991	#ifndef NO_RSA
Vanger	0:b86d15c6ba29	8992	case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 :
Vanger	0:b86d15c6ba29	8993	return "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384";
Vanger	0:b86d15c6ba29	8994	#endif
Vanger	0:b86d15c6ba29	8995	case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 :
Vanger	0:b86d15c6ba29	8996	return "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384";
Vanger	0:b86d15c6ba29	8997	#ifndef NO_SHA
Vanger	0:b86d15c6ba29	8998	#ifndef NO_RSA
Vanger	0:b86d15c6ba29	8999	case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA :
Vanger	0:b86d15c6ba29	9000	return "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA";
Vanger	0:b86d15c6ba29	9001	case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA :
Vanger	0:b86d15c6ba29	9002	return "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA";
Vanger	0:b86d15c6ba29	9003	#endif
Vanger	0:b86d15c6ba29	9004	case TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA :
Vanger	0:b86d15c6ba29	9005	return "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA";
Vanger	0:b86d15c6ba29	9006	case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA :
Vanger	0:b86d15c6ba29	9007	return "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA";
Vanger	0:b86d15c6ba29	9008	#ifndef NO_RC4
Vanger	0:b86d15c6ba29	9009	#ifndef NO_RSA
Vanger	0:b86d15c6ba29	9010	case TLS_ECDHE_RSA_WITH_RC4_128_SHA :
Vanger	0:b86d15c6ba29	9011	return "TLS_ECDHE_RSA_WITH_RC4_128_SHA";
Vanger	0:b86d15c6ba29	9012	#endif
Vanger	0:b86d15c6ba29	9013	case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA :
Vanger	0:b86d15c6ba29	9014	return "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA";
Vanger	0:b86d15c6ba29	9015	#endif
Vanger	0:b86d15c6ba29	9016	#ifndef NO_DES3
Vanger	0:b86d15c6ba29	9017	#ifndef NO_RSA
Vanger	0:b86d15c6ba29	9018	case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA :
Vanger	0:b86d15c6ba29	9019	return "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA";
Vanger	0:b86d15c6ba29	9020	#endif
Vanger	0:b86d15c6ba29	9021	case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA :
Vanger	0:b86d15c6ba29	9022	return "TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA";
Vanger	0:b86d15c6ba29	9023	#endif
Vanger	0:b86d15c6ba29	9024
Vanger	0:b86d15c6ba29	9025	#ifndef NO_RSA
Vanger	0:b86d15c6ba29	9026	case TLS_ECDH_RSA_WITH_AES_128_CBC_SHA :
Vanger	0:b86d15c6ba29	9027	return "TLS_ECDH_RSA_WITH_AES_128_CBC_SHA";
Vanger	0:b86d15c6ba29	9028	case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA :
Vanger	0:b86d15c6ba29	9029	return "TLS_ECDH_RSA_WITH_AES_256_CBC_SHA";
Vanger	0:b86d15c6ba29	9030	#endif
Vanger	0:b86d15c6ba29	9031	case TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA :
Vanger	0:b86d15c6ba29	9032	return "TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA";
Vanger	0:b86d15c6ba29	9033	case TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA :
Vanger	0:b86d15c6ba29	9034	return "TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA";
Vanger	0:b86d15c6ba29	9035	#ifndef NO_RC4
Vanger	0:b86d15c6ba29	9036	#ifndef NO_RSA
Vanger	0:b86d15c6ba29	9037	case TLS_ECDH_RSA_WITH_RC4_128_SHA :
Vanger	0:b86d15c6ba29	9038	return "TLS_ECDH_RSA_WITH_RC4_128_SHA";
Vanger	0:b86d15c6ba29	9039	#endif
Vanger	0:b86d15c6ba29	9040	case TLS_ECDH_ECDSA_WITH_RC4_128_SHA :
Vanger	0:b86d15c6ba29	9041	return "TLS_ECDH_ECDSA_WITH_RC4_128_SHA";
Vanger	0:b86d15c6ba29	9042	#endif
Vanger	0:b86d15c6ba29	9043	#ifndef NO_DES3
Vanger	0:b86d15c6ba29	9044	#ifndef NO_RSA
Vanger	0:b86d15c6ba29	9045	case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA :
Vanger	0:b86d15c6ba29	9046	return "TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA";
Vanger	0:b86d15c6ba29	9047	#endif
Vanger	0:b86d15c6ba29	9048	case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA :
Vanger	0:b86d15c6ba29	9049	return "TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA";
Vanger	0:b86d15c6ba29	9050	#endif
Vanger	0:b86d15c6ba29	9051	#endif /* NO_SHA */
Vanger	0:b86d15c6ba29	9052
Vanger	0:b86d15c6ba29	9053	#ifdef HAVE_AESGCM
Vanger	0:b86d15c6ba29	9054	#ifndef NO_RSA
Vanger	0:b86d15c6ba29	9055	case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 :
Vanger	0:b86d15c6ba29	9056	return "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256";
Vanger	0:b86d15c6ba29	9057	case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 :
Vanger	0:b86d15c6ba29	9058	return "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384";
Vanger	0:b86d15c6ba29	9059	#endif
Vanger	0:b86d15c6ba29	9060	case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 :
Vanger	0:b86d15c6ba29	9061	return "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256";
Vanger	0:b86d15c6ba29	9062	case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 :
Vanger	0:b86d15c6ba29	9063	return "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384";
Vanger	0:b86d15c6ba29	9064	#ifndef NO_RSA
Vanger	0:b86d15c6ba29	9065	case TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 :
Vanger	0:b86d15c6ba29	9066	return "TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256";
Vanger	0:b86d15c6ba29	9067	case TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 :
Vanger	0:b86d15c6ba29	9068	return "TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384";
Vanger	0:b86d15c6ba29	9069	#endif
Vanger	0:b86d15c6ba29	9070	case TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 :
Vanger	0:b86d15c6ba29	9071	return "TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256";
Vanger	0:b86d15c6ba29	9072	case TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 :
Vanger	0:b86d15c6ba29	9073	return "TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384";
Vanger	0:b86d15c6ba29	9074	#endif
Vanger	0:b86d15c6ba29	9075	#endif /* HAVE_ECC */
Vanger	0:b86d15c6ba29	9076
Vanger	0:b86d15c6ba29	9077	#ifdef HAVE_AESCCM
Vanger	0:b86d15c6ba29	9078	#ifndef NO_RSA
Vanger	0:b86d15c6ba29	9079	case TLS_RSA_WITH_AES_128_CCM_8 :
Vanger	0:b86d15c6ba29	9080	return "TLS_RSA_WITH_AES_128_CCM_8";
Vanger	0:b86d15c6ba29	9081	case TLS_RSA_WITH_AES_256_CCM_8 :
Vanger	0:b86d15c6ba29	9082	return "TLS_RSA_WITH_AES_256_CCM_8";
Vanger	0:b86d15c6ba29	9083	#endif
Vanger	0:b86d15c6ba29	9084	#ifndef NO_PSK
Vanger	0:b86d15c6ba29	9085	case TLS_PSK_WITH_AES_128_CCM_8 :
Vanger	0:b86d15c6ba29	9086	return "TLS_PSK_WITH_AES_128_CCM_8";
Vanger	0:b86d15c6ba29	9087	case TLS_PSK_WITH_AES_256_CCM_8 :
Vanger	0:b86d15c6ba29	9088	return "TLS_PSK_WITH_AES_256_CCM_8";
Vanger	0:b86d15c6ba29	9089	case TLS_PSK_WITH_AES_128_CCM :
Vanger	0:b86d15c6ba29	9090	return "TLS_PSK_WITH_AES_128_CCM";
Vanger	0:b86d15c6ba29	9091	case TLS_PSK_WITH_AES_256_CCM :
Vanger	0:b86d15c6ba29	9092	return "TLS_PSK_WITH_AES_256_CCM";
Vanger	0:b86d15c6ba29	9093	case TLS_DHE_PSK_WITH_AES_128_CCM :
Vanger	0:b86d15c6ba29	9094	return "TLS_DHE_PSK_WITH_AES_128_CCM";
Vanger	0:b86d15c6ba29	9095	case TLS_DHE_PSK_WITH_AES_256_CCM :
Vanger	0:b86d15c6ba29	9096	return "TLS_DHE_PSK_WITH_AES_256_CCM";
Vanger	0:b86d15c6ba29	9097	#endif
Vanger	0:b86d15c6ba29	9098	#ifdef HAVE_ECC
Vanger	0:b86d15c6ba29	9099	case TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8:
Vanger	0:b86d15c6ba29	9100	return "TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8";
Vanger	0:b86d15c6ba29	9101	case TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 :
Vanger	0:b86d15c6ba29	9102	return "TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8";
Vanger	0:b86d15c6ba29	9103	#endif
Vanger	0:b86d15c6ba29	9104	#endif
Vanger	0:b86d15c6ba29	9105
Vanger	0:b86d15c6ba29	9106	default:
Vanger	0:b86d15c6ba29	9107	return "NONE";
Vanger	0:b86d15c6ba29	9108	}
Vanger	0:b86d15c6ba29	9109	}
Vanger	0:b86d15c6ba29	9110	#endif /* ECC */
Vanger	0:b86d15c6ba29	9111	if (cipher->ssl->options.cipherSuite0 != ECC_BYTE &&
Vanger	0:b86d15c6ba29	9112	cipher->ssl->options.cipherSuite0 != CHACHA_BYTE) {
Vanger	0:b86d15c6ba29	9113
Vanger	0:b86d15c6ba29	9114	/* normal suites */
Vanger	0:b86d15c6ba29	9115	switch (cipher->ssl->options.cipherSuite) {
Vanger	0:b86d15c6ba29	9116	#ifndef NO_RSA
Vanger	0:b86d15c6ba29	9117	#ifndef NO_RC4
Vanger	0:b86d15c6ba29	9118	#ifndef NO_SHA
Vanger	0:b86d15c6ba29	9119	case SSL_RSA_WITH_RC4_128_SHA :
Vanger	0:b86d15c6ba29	9120	return "SSL_RSA_WITH_RC4_128_SHA";
Vanger	0:b86d15c6ba29	9121	#endif
Vanger	0:b86d15c6ba29	9122	#ifndef NO_MD5
Vanger	0:b86d15c6ba29	9123	case SSL_RSA_WITH_RC4_128_MD5 :
Vanger	0:b86d15c6ba29	9124	return "SSL_RSA_WITH_RC4_128_MD5";
Vanger	0:b86d15c6ba29	9125	#endif
Vanger	0:b86d15c6ba29	9126	#endif
Vanger	0:b86d15c6ba29	9127	#ifndef NO_SHA
Vanger	0:b86d15c6ba29	9128	#ifndef NO_DES3
Vanger	0:b86d15c6ba29	9129	case SSL_RSA_WITH_3DES_EDE_CBC_SHA :
Vanger	0:b86d15c6ba29	9130	return "SSL_RSA_WITH_3DES_EDE_CBC_SHA";
Vanger	0:b86d15c6ba29	9131	#endif
Vanger	0:b86d15c6ba29	9132	case TLS_RSA_WITH_AES_128_CBC_SHA :
Vanger	0:b86d15c6ba29	9133	return "TLS_RSA_WITH_AES_128_CBC_SHA";
Vanger	0:b86d15c6ba29	9134	case TLS_RSA_WITH_AES_256_CBC_SHA :
Vanger	0:b86d15c6ba29	9135	return "TLS_RSA_WITH_AES_256_CBC_SHA";
Vanger	0:b86d15c6ba29	9136	#endif
Vanger	0:b86d15c6ba29	9137	case TLS_RSA_WITH_AES_128_CBC_SHA256 :
Vanger	0:b86d15c6ba29	9138	return "TLS_RSA_WITH_AES_128_CBC_SHA256";
Vanger	0:b86d15c6ba29	9139	case TLS_RSA_WITH_AES_256_CBC_SHA256 :
Vanger	0:b86d15c6ba29	9140	return "TLS_RSA_WITH_AES_256_CBC_SHA256";
Vanger	0:b86d15c6ba29	9141	#ifdef HAVE_BLAKE2
Vanger	0:b86d15c6ba29	9142	case TLS_RSA_WITH_AES_128_CBC_B2B256:
Vanger	0:b86d15c6ba29	9143	return "TLS_RSA_WITH_AES_128_CBC_B2B256";
Vanger	0:b86d15c6ba29	9144	case TLS_RSA_WITH_AES_256_CBC_B2B256:
Vanger	0:b86d15c6ba29	9145	return "TLS_RSA_WITH_AES_256_CBC_B2B256";
Vanger	0:b86d15c6ba29	9146	#endif
Vanger	0:b86d15c6ba29	9147	#ifndef NO_SHA
Vanger	0:b86d15c6ba29	9148	case TLS_RSA_WITH_NULL_SHA :
Vanger	0:b86d15c6ba29	9149	return "TLS_RSA_WITH_NULL_SHA";
Vanger	0:b86d15c6ba29	9150	#endif
Vanger	0:b86d15c6ba29	9151	case TLS_RSA_WITH_NULL_SHA256 :
Vanger	0:b86d15c6ba29	9152	return "TLS_RSA_WITH_NULL_SHA256";
Vanger	0:b86d15c6ba29	9153	#endif /* NO_RSA */
Vanger	0:b86d15c6ba29	9154	#ifndef NO_PSK
Vanger	0:b86d15c6ba29	9155	#ifndef NO_SHA
Vanger	0:b86d15c6ba29	9156	case TLS_PSK_WITH_AES_128_CBC_SHA :
Vanger	0:b86d15c6ba29	9157	return "TLS_PSK_WITH_AES_128_CBC_SHA";
Vanger	0:b86d15c6ba29	9158	case TLS_PSK_WITH_AES_256_CBC_SHA :
Vanger	0:b86d15c6ba29	9159	return "TLS_PSK_WITH_AES_256_CBC_SHA";
Vanger	0:b86d15c6ba29	9160	#endif
Vanger	0:b86d15c6ba29	9161	#ifndef NO_SHA256
Vanger	0:b86d15c6ba29	9162	case TLS_PSK_WITH_AES_128_CBC_SHA256 :
Vanger	0:b86d15c6ba29	9163	return "TLS_PSK_WITH_AES_128_CBC_SHA256";
Vanger	0:b86d15c6ba29	9164	case TLS_PSK_WITH_NULL_SHA256 :
Vanger	0:b86d15c6ba29	9165	return "TLS_PSK_WITH_NULL_SHA256";
Vanger	0:b86d15c6ba29	9166	case TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 :
Vanger	0:b86d15c6ba29	9167	return "TLS_DHE_PSK_WITH_AES_128_CBC_SHA256";
Vanger	0:b86d15c6ba29	9168	case TLS_DHE_PSK_WITH_NULL_SHA256 :
Vanger	0:b86d15c6ba29	9169	return "TLS_DHE_PSK_WITH_NULL_SHA256";
Vanger	0:b86d15c6ba29	9170	#ifdef HAVE_AESGCM
Vanger	0:b86d15c6ba29	9171	case TLS_PSK_WITH_AES_128_GCM_SHA256 :
Vanger	0:b86d15c6ba29	9172	return "TLS_PSK_WITH_AES_128_GCM_SHA256";
Vanger	0:b86d15c6ba29	9173	case TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 :
Vanger	0:b86d15c6ba29	9174	return "TLS_DHE_PSK_WITH_AES_128_GCM_SHA256";
Vanger	0:b86d15c6ba29	9175	#endif
Vanger	0:b86d15c6ba29	9176	#endif
Vanger	0:b86d15c6ba29	9177	#ifdef CYASSL_SHA384
Vanger	0:b86d15c6ba29	9178	case TLS_PSK_WITH_AES_256_CBC_SHA384 :
Vanger	0:b86d15c6ba29	9179	return "TLS_PSK_WITH_AES_256_CBC_SHA384";
Vanger	0:b86d15c6ba29	9180	case TLS_PSK_WITH_NULL_SHA384 :
Vanger	0:b86d15c6ba29	9181	return "TLS_PSK_WITH_NULL_SHA384";
Vanger	0:b86d15c6ba29	9182	case TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 :
Vanger	0:b86d15c6ba29	9183	return "TLS_DHE_PSK_WITH_AES_256_CBC_SHA384";
Vanger	0:b86d15c6ba29	9184	case TLS_DHE_PSK_WITH_NULL_SHA384 :
Vanger	0:b86d15c6ba29	9185	return "TLS_DHE_PSK_WITH_NULL_SHA384";
Vanger	0:b86d15c6ba29	9186	#ifdef HAVE_AESGCM
Vanger	0:b86d15c6ba29	9187	case TLS_PSK_WITH_AES_256_GCM_SHA384 :
Vanger	0:b86d15c6ba29	9188	return "TLS_PSK_WITH_AES_256_GCM_SHA384";
Vanger	0:b86d15c6ba29	9189	case TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 :
Vanger	0:b86d15c6ba29	9190	return "TLS_DHE_PSK_WITH_AES_256_GCM_SHA384";
Vanger	0:b86d15c6ba29	9191	#endif
Vanger	0:b86d15c6ba29	9192	#endif
Vanger	0:b86d15c6ba29	9193	#ifndef NO_SHA
Vanger	0:b86d15c6ba29	9194	case TLS_PSK_WITH_NULL_SHA :
Vanger	0:b86d15c6ba29	9195	return "TLS_PSK_WITH_NULL_SHA";
Vanger	0:b86d15c6ba29	9196	#endif
Vanger	0:b86d15c6ba29	9197	#endif /* NO_PSK */
Vanger	0:b86d15c6ba29	9198	#ifndef NO_RSA
Vanger	0:b86d15c6ba29	9199	case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 :
Vanger	0:b86d15c6ba29	9200	return "TLS_DHE_RSA_WITH_AES_128_CBC_SHA256";
Vanger	0:b86d15c6ba29	9201	case TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 :
Vanger	0:b86d15c6ba29	9202	return "TLS_DHE_RSA_WITH_AES_256_CBC_SHA256";
Vanger	0:b86d15c6ba29	9203	#ifndef NO_SHA
Vanger	0:b86d15c6ba29	9204	case TLS_DHE_RSA_WITH_AES_128_CBC_SHA :
Vanger	0:b86d15c6ba29	9205	return "TLS_DHE_RSA_WITH_AES_128_CBC_SHA";
Vanger	0:b86d15c6ba29	9206	case TLS_DHE_RSA_WITH_AES_256_CBC_SHA :
Vanger	0:b86d15c6ba29	9207	return "TLS_DHE_RSA_WITH_AES_256_CBC_SHA";
Vanger	0:b86d15c6ba29	9208	#endif
Vanger	0:b86d15c6ba29	9209	#ifndef NO_HC128
Vanger	0:b86d15c6ba29	9210	#ifndef NO_MD5
Vanger	0:b86d15c6ba29	9211	case TLS_RSA_WITH_HC_128_MD5 :
Vanger	0:b86d15c6ba29	9212	return "TLS_RSA_WITH_HC_128_MD5";
Vanger	0:b86d15c6ba29	9213	#endif
Vanger	0:b86d15c6ba29	9214	#ifndef NO_SHA
Vanger	0:b86d15c6ba29	9215	case TLS_RSA_WITH_HC_128_SHA :
Vanger	0:b86d15c6ba29	9216	return "TLS_RSA_WITH_HC_128_SHA";
Vanger	0:b86d15c6ba29	9217	#endif
Vanger	0:b86d15c6ba29	9218	#ifdef HAVE_BLAKE2
Vanger	0:b86d15c6ba29	9219	case TLS_RSA_WITH_HC_128_B2B256:
Vanger	0:b86d15c6ba29	9220	return "TLS_RSA_WITH_HC_128_B2B256";
Vanger	0:b86d15c6ba29	9221	#endif
Vanger	0:b86d15c6ba29	9222	#endif /* NO_HC128 */
Vanger	0:b86d15c6ba29	9223	#ifndef NO_SHA
Vanger	0:b86d15c6ba29	9224	#ifndef NO_RABBIT
Vanger	0:b86d15c6ba29	9225	case TLS_RSA_WITH_RABBIT_SHA :
Vanger	0:b86d15c6ba29	9226	return "TLS_RSA_WITH_RABBIT_SHA";
Vanger	0:b86d15c6ba29	9227	#endif
Vanger	0:b86d15c6ba29	9228	#ifdef HAVE_NTRU
Vanger	0:b86d15c6ba29	9229	#ifndef NO_RC4
Vanger	0:b86d15c6ba29	9230	case TLS_NTRU_RSA_WITH_RC4_128_SHA :
Vanger	0:b86d15c6ba29	9231	return "TLS_NTRU_RSA_WITH_RC4_128_SHA";
Vanger	0:b86d15c6ba29	9232	#endif
Vanger	0:b86d15c6ba29	9233	#ifndef NO_DES3
Vanger	0:b86d15c6ba29	9234	case TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA :
Vanger	0:b86d15c6ba29	9235	return "TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA";
Vanger	0:b86d15c6ba29	9236	#endif
Vanger	0:b86d15c6ba29	9237	case TLS_NTRU_RSA_WITH_AES_128_CBC_SHA :
Vanger	0:b86d15c6ba29	9238	return "TLS_NTRU_RSA_WITH_AES_128_CBC_SHA";
Vanger	0:b86d15c6ba29	9239	case TLS_NTRU_RSA_WITH_AES_256_CBC_SHA :
Vanger	0:b86d15c6ba29	9240	return "TLS_NTRU_RSA_WITH_AES_256_CBC_SHA";
Vanger	0:b86d15c6ba29	9241	#endif /* HAVE_NTRU */
Vanger	0:b86d15c6ba29	9242	#endif /* NO_SHA */
Vanger	0:b86d15c6ba29	9243	case TLS_RSA_WITH_AES_128_GCM_SHA256 :
Vanger	0:b86d15c6ba29	9244	return "TLS_RSA_WITH_AES_128_GCM_SHA256";
Vanger	0:b86d15c6ba29	9245	case TLS_RSA_WITH_AES_256_GCM_SHA384 :
Vanger	0:b86d15c6ba29	9246	return "TLS_RSA_WITH_AES_256_GCM_SHA384";
Vanger	0:b86d15c6ba29	9247	case TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 :
Vanger	0:b86d15c6ba29	9248	return "TLS_DHE_RSA_WITH_AES_128_GCM_SHA256";
Vanger	0:b86d15c6ba29	9249	case TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 :
Vanger	0:b86d15c6ba29	9250	return "TLS_DHE_RSA_WITH_AES_256_GCM_SHA384";
Vanger	0:b86d15c6ba29	9251	#ifndef NO_SHA
Vanger	0:b86d15c6ba29	9252	case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA :
Vanger	0:b86d15c6ba29	9253	return "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA";
Vanger	0:b86d15c6ba29	9254	case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA :
Vanger	0:b86d15c6ba29	9255	return "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA";
Vanger	0:b86d15c6ba29	9256	#endif
Vanger	0:b86d15c6ba29	9257	case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 :
Vanger	0:b86d15c6ba29	9258	return "TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256";
Vanger	0:b86d15c6ba29	9259	case TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 :
Vanger	0:b86d15c6ba29	9260	return "TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256";
Vanger	0:b86d15c6ba29	9261	#ifndef NO_SHA
Vanger	0:b86d15c6ba29	9262	case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA :
Vanger	0:b86d15c6ba29	9263	return "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA";
Vanger	0:b86d15c6ba29	9264	case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA :
Vanger	0:b86d15c6ba29	9265	return "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA";
Vanger	0:b86d15c6ba29	9266	#endif
Vanger	0:b86d15c6ba29	9267	case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 :
Vanger	0:b86d15c6ba29	9268	return "TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256";
Vanger	0:b86d15c6ba29	9269	case TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 :
Vanger	0:b86d15c6ba29	9270	return "TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256";
Vanger	0:b86d15c6ba29	9271	#endif /* NO_RSA */
Vanger	0:b86d15c6ba29	9272	#ifdef BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA
Vanger	0:b86d15c6ba29	9273	case TLS_DH_anon_WITH_AES_128_CBC_SHA :
Vanger	0:b86d15c6ba29	9274	return "TLS_DH_anon_WITH_AES_128_CBC_SHA";
Vanger	0:b86d15c6ba29	9275	#endif
Vanger	0:b86d15c6ba29	9276	default:
Vanger	0:b86d15c6ba29	9277	return "NONE";
Vanger	0:b86d15c6ba29	9278	} /* switch */
Vanger	0:b86d15c6ba29	9279	} /* normal / ECC */
Vanger	0:b86d15c6ba29	9280	}
Vanger	0:b86d15c6ba29	9281	#endif /* NO_ERROR_STRINGS */
Vanger	0:b86d15c6ba29	9282	return "NONE";
Vanger	0:b86d15c6ba29	9283	}
Vanger	0:b86d15c6ba29	9284
Vanger	0:b86d15c6ba29	9285
Vanger	0:b86d15c6ba29	9286	const char* CyaSSL_get_cipher(CYASSL* ssl)
Vanger	0:b86d15c6ba29	9287	{
Vanger	0:b86d15c6ba29	9288	CYASSL_ENTER("CyaSSL_get_cipher");
Vanger	0:b86d15c6ba29	9289	return CyaSSL_CIPHER_get_name(CyaSSL_get_current_cipher(ssl));
Vanger	0:b86d15c6ba29	9290	}
Vanger	0:b86d15c6ba29	9291
Vanger	0:b86d15c6ba29	9292	#ifdef OPENSSL_EXTRA
Vanger	0:b86d15c6ba29	9293
Vanger	0:b86d15c6ba29	9294
Vanger	0:b86d15c6ba29	9295
Vanger	0:b86d15c6ba29	9296	char* CyaSSL_CIPHER_description(CYASSL_CIPHER* cipher, char* in, int len)
Vanger	0:b86d15c6ba29	9297	{
Vanger	0:b86d15c6ba29	9298	(void)cipher;
Vanger	0:b86d15c6ba29	9299	(void)in;
Vanger	0:b86d15c6ba29	9300	(void)len;
Vanger	0:b86d15c6ba29	9301	return 0;
Vanger	0:b86d15c6ba29	9302	}
Vanger	0:b86d15c6ba29	9303
Vanger	0:b86d15c6ba29	9304
Vanger	0:b86d15c6ba29	9305	CYASSL_SESSION* CyaSSL_get1_session(CYASSL* ssl) /* what's ref count */
Vanger	0:b86d15c6ba29	9306	{
Vanger	0:b86d15c6ba29	9307	(void)ssl;
Vanger	0:b86d15c6ba29	9308	return 0;
Vanger	0:b86d15c6ba29	9309	}
Vanger	0:b86d15c6ba29	9310
Vanger	0:b86d15c6ba29	9311
Vanger	0:b86d15c6ba29	9312	void CyaSSL_X509_free(CYASSL_X509* buf)
Vanger	0:b86d15c6ba29	9313	{
Vanger	0:b86d15c6ba29	9314	(void)buf;
Vanger	0:b86d15c6ba29	9315	}
Vanger	0:b86d15c6ba29	9316
Vanger	0:b86d15c6ba29	9317
Vanger	0:b86d15c6ba29	9318	/* was do nothing */
Vanger	0:b86d15c6ba29	9319	/*
Vanger	0:b86d15c6ba29	9320	void OPENSSL_free(void* buf)
Vanger	0:b86d15c6ba29	9321	{
Vanger	0:b86d15c6ba29	9322	(void)buf;
Vanger	0:b86d15c6ba29	9323	}
Vanger	0:b86d15c6ba29	9324	*/
Vanger	0:b86d15c6ba29	9325
Vanger	0:b86d15c6ba29	9326
Vanger	0:b86d15c6ba29	9327	int CyaSSL_OCSP_parse_url(char* url, char host, char port, char** path,
Vanger	0:b86d15c6ba29	9328	int* ssl)
Vanger	0:b86d15c6ba29	9329	{
Vanger	0:b86d15c6ba29	9330	(void)url;
Vanger	0:b86d15c6ba29	9331	(void)host;
Vanger	0:b86d15c6ba29	9332	(void)port;
Vanger	0:b86d15c6ba29	9333	(void)path;
Vanger	0:b86d15c6ba29	9334	(void)ssl;
Vanger	0:b86d15c6ba29	9335	return 0;
Vanger	0:b86d15c6ba29	9336	}
Vanger	0:b86d15c6ba29	9337
Vanger	0:b86d15c6ba29	9338
Vanger	0:b86d15c6ba29	9339	CYASSL_METHOD* CyaSSLv2_client_method(void)
Vanger	0:b86d15c6ba29	9340	{
Vanger	0:b86d15c6ba29	9341	return 0;
Vanger	0:b86d15c6ba29	9342	}
Vanger	0:b86d15c6ba29	9343
Vanger	0:b86d15c6ba29	9344
Vanger	0:b86d15c6ba29	9345	CYASSL_METHOD* CyaSSLv2_server_method(void)
Vanger	0:b86d15c6ba29	9346	{
Vanger	0:b86d15c6ba29	9347	return 0;
Vanger	0:b86d15c6ba29	9348	}
Vanger	0:b86d15c6ba29	9349
Vanger	0:b86d15c6ba29	9350
Vanger	0:b86d15c6ba29	9351	#ifndef NO_MD4
Vanger	0:b86d15c6ba29	9352
Vanger	0:b86d15c6ba29	9353	void CyaSSL_MD4_Init(CYASSL_MD4_CTX* md4)
Vanger	0:b86d15c6ba29	9354	{
Vanger	0:b86d15c6ba29	9355	/* make sure we have a big enough buffer */
Vanger	0:b86d15c6ba29	9356	typedef char ok[sizeof(md4->buffer) >= sizeof(Md4) ? 1 : -1];
Vanger	0:b86d15c6ba29	9357	(void) sizeof(ok);
Vanger	0:b86d15c6ba29	9358
Vanger	0:b86d15c6ba29	9359	CYASSL_ENTER("MD4_Init");
Vanger	0:b86d15c6ba29	9360	InitMd4((Md4*)md4);
Vanger	0:b86d15c6ba29	9361	}
Vanger	0:b86d15c6ba29	9362
Vanger	0:b86d15c6ba29	9363
Vanger	0:b86d15c6ba29	9364	void CyaSSL_MD4_Update(CYASSL_MD4_CTX* md4, const void* data,
Vanger	0:b86d15c6ba29	9365	unsigned long len)
Vanger	0:b86d15c6ba29	9366	{
Vanger	0:b86d15c6ba29	9367	CYASSL_ENTER("MD4_Update");
Vanger	0:b86d15c6ba29	9368	Md4Update((Md4)md4, (const byte)data, (word32)len);
Vanger	0:b86d15c6ba29	9369	}
Vanger	0:b86d15c6ba29	9370
Vanger	0:b86d15c6ba29	9371
Vanger	0:b86d15c6ba29	9372	void CyaSSL_MD4_Final(unsigned char* digest, CYASSL_MD4_CTX* md4)
Vanger	0:b86d15c6ba29	9373	{
Vanger	0:b86d15c6ba29	9374	CYASSL_ENTER("MD4_Final");
Vanger	0:b86d15c6ba29	9375	Md4Final((Md4*)md4, digest);
Vanger	0:b86d15c6ba29	9376	}
Vanger	0:b86d15c6ba29	9377
Vanger	0:b86d15c6ba29	9378	#endif /* NO_MD4 */
Vanger	0:b86d15c6ba29	9379
Vanger	0:b86d15c6ba29	9380
Vanger	0:b86d15c6ba29	9381	CYASSL_BIO* CyaSSL_BIO_pop(CYASSL_BIO* top)
Vanger	0:b86d15c6ba29	9382	{
Vanger	0:b86d15c6ba29	9383	(void)top;
Vanger	0:b86d15c6ba29	9384	return 0;
Vanger	0:b86d15c6ba29	9385	}
Vanger	0:b86d15c6ba29	9386
Vanger	0:b86d15c6ba29	9387
Vanger	0:b86d15c6ba29	9388	int CyaSSL_BIO_pending(CYASSL_BIO* bio)
Vanger	0:b86d15c6ba29	9389	{
Vanger	0:b86d15c6ba29	9390	(void)bio;
Vanger	0:b86d15c6ba29	9391	return 0;
Vanger	0:b86d15c6ba29	9392	}
Vanger	0:b86d15c6ba29	9393
Vanger	0:b86d15c6ba29	9394
Vanger	0:b86d15c6ba29	9395
Vanger	0:b86d15c6ba29	9396	CYASSL_BIO_METHOD* CyaSSL_BIO_s_mem(void)
Vanger	0:b86d15c6ba29	9397	{
Vanger	0:b86d15c6ba29	9398	static CYASSL_BIO_METHOD meth;
Vanger	0:b86d15c6ba29	9399
Vanger	0:b86d15c6ba29	9400	CYASSL_ENTER("BIO_s_mem");
Vanger	0:b86d15c6ba29	9401	meth.type = BIO_MEMORY;
Vanger	0:b86d15c6ba29	9402
Vanger	0:b86d15c6ba29	9403	return &meth;
Vanger	0:b86d15c6ba29	9404	}
Vanger	0:b86d15c6ba29	9405
Vanger	0:b86d15c6ba29	9406
Vanger	0:b86d15c6ba29	9407	CYASSL_BIO_METHOD* CyaSSL_BIO_f_base64(void)
Vanger	0:b86d15c6ba29	9408	{
Vanger	0:b86d15c6ba29	9409	return 0;
Vanger	0:b86d15c6ba29	9410	}
Vanger	0:b86d15c6ba29	9411
Vanger	0:b86d15c6ba29	9412
Vanger	0:b86d15c6ba29	9413	void CyaSSL_BIO_set_flags(CYASSL_BIO* bio, int flags)
Vanger	0:b86d15c6ba29	9414	{
Vanger	0:b86d15c6ba29	9415	(void)bio;
Vanger	0:b86d15c6ba29	9416	(void)flags;
Vanger	0:b86d15c6ba29	9417	}
Vanger	0:b86d15c6ba29	9418
Vanger	0:b86d15c6ba29	9419
Vanger	0:b86d15c6ba29	9420
Vanger	0:b86d15c6ba29	9421	void CyaSSL_RAND_screen(void)
Vanger	0:b86d15c6ba29	9422	{
Vanger	0:b86d15c6ba29	9423
Vanger	0:b86d15c6ba29	9424	}
Vanger	0:b86d15c6ba29	9425
Vanger	0:b86d15c6ba29	9426
Vanger	0:b86d15c6ba29	9427	const char* CyaSSL_RAND_file_name(char* fname, unsigned long len)
Vanger	0:b86d15c6ba29	9428	{
Vanger	0:b86d15c6ba29	9429	(void)fname;
Vanger	0:b86d15c6ba29	9430	(void)len;
Vanger	0:b86d15c6ba29	9431	return 0;
Vanger	0:b86d15c6ba29	9432	}
Vanger	0:b86d15c6ba29	9433
Vanger	0:b86d15c6ba29	9434
Vanger	0:b86d15c6ba29	9435	int CyaSSL_RAND_write_file(const char* fname)
Vanger	0:b86d15c6ba29	9436	{
Vanger	0:b86d15c6ba29	9437	(void)fname;
Vanger	0:b86d15c6ba29	9438	return 0;
Vanger	0:b86d15c6ba29	9439	}
Vanger	0:b86d15c6ba29	9440
Vanger	0:b86d15c6ba29	9441
Vanger	0:b86d15c6ba29	9442	int CyaSSL_RAND_load_file(const char* fname, long len)
Vanger	0:b86d15c6ba29	9443	{
Vanger	0:b86d15c6ba29	9444	(void)fname;
Vanger	0:b86d15c6ba29	9445	/* CTaoCrypt provides enough entropy internally or will report error */
Vanger	0:b86d15c6ba29	9446	if (len == -1)
Vanger	0:b86d15c6ba29	9447	return 1024;
Vanger	0:b86d15c6ba29	9448	else
Vanger	0:b86d15c6ba29	9449	return (int)len;
Vanger	0:b86d15c6ba29	9450	}
Vanger	0:b86d15c6ba29	9451
Vanger	0:b86d15c6ba29	9452
Vanger	0:b86d15c6ba29	9453	int CyaSSL_RAND_egd(const char* path)
Vanger	0:b86d15c6ba29	9454	{
Vanger	0:b86d15c6ba29	9455	(void)path;
Vanger	0:b86d15c6ba29	9456	return 0;
Vanger	0:b86d15c6ba29	9457	}
Vanger	0:b86d15c6ba29	9458
Vanger	0:b86d15c6ba29	9459
Vanger	0:b86d15c6ba29	9460
Vanger	0:b86d15c6ba29	9461	CYASSL_COMP_METHOD* CyaSSL_COMP_zlib(void)
Vanger	0:b86d15c6ba29	9462	{
Vanger	0:b86d15c6ba29	9463	return 0;
Vanger	0:b86d15c6ba29	9464	}
Vanger	0:b86d15c6ba29	9465
Vanger	0:b86d15c6ba29	9466
Vanger	0:b86d15c6ba29	9467	CYASSL_COMP_METHOD* CyaSSL_COMP_rle(void)
Vanger	0:b86d15c6ba29	9468	{
Vanger	0:b86d15c6ba29	9469	return 0;
Vanger	0:b86d15c6ba29	9470	}
Vanger	0:b86d15c6ba29	9471
Vanger	0:b86d15c6ba29	9472
Vanger	0:b86d15c6ba29	9473	int CyaSSL_COMP_add_compression_method(int method, void* data)
Vanger	0:b86d15c6ba29	9474	{
Vanger	0:b86d15c6ba29	9475	(void)method;
Vanger	0:b86d15c6ba29	9476	(void)data;
Vanger	0:b86d15c6ba29	9477	return 0;
Vanger	0:b86d15c6ba29	9478	}
Vanger	0:b86d15c6ba29	9479
Vanger	0:b86d15c6ba29	9480
Vanger	0:b86d15c6ba29	9481
Vanger	0:b86d15c6ba29	9482	int CyaSSL_get_ex_new_index(long idx, void* data, void* cb1, void* cb2,
Vanger	0:b86d15c6ba29	9483	void* cb3)
Vanger	0:b86d15c6ba29	9484	{
Vanger	0:b86d15c6ba29	9485	(void)idx;
Vanger	0:b86d15c6ba29	9486	(void)data;
Vanger	0:b86d15c6ba29	9487	(void)cb1;
Vanger	0:b86d15c6ba29	9488	(void)cb2;
Vanger	0:b86d15c6ba29	9489	(void)cb3;
Vanger	0:b86d15c6ba29	9490	return 0;
Vanger	0:b86d15c6ba29	9491	}
Vanger	0:b86d15c6ba29	9492
Vanger	0:b86d15c6ba29	9493
Vanger	0:b86d15c6ba29	9494	void CyaSSL_set_dynlock_create_callback(CYASSL_dynlock_value* (*f)(
Vanger	0:b86d15c6ba29	9495	const char*, int))
Vanger	0:b86d15c6ba29	9496	{
Vanger	0:b86d15c6ba29	9497	(void)f;
Vanger	0:b86d15c6ba29	9498	}
Vanger	0:b86d15c6ba29	9499
Vanger	0:b86d15c6ba29	9500
Vanger	0:b86d15c6ba29	9501	void CyaSSL_set_dynlock_lock_callback(
Vanger	0:b86d15c6ba29	9502	void (f)(int, CYASSL_dynlock_value, const char*, int))
Vanger	0:b86d15c6ba29	9503	{
Vanger	0:b86d15c6ba29	9504	(void)f;
Vanger	0:b86d15c6ba29	9505	}
Vanger	0:b86d15c6ba29	9506
Vanger	0:b86d15c6ba29	9507
Vanger	0:b86d15c6ba29	9508	void CyaSSL_set_dynlock_destroy_callback(
Vanger	0:b86d15c6ba29	9509	void (f)(CYASSL_dynlock_value, const char*, int))
Vanger	0:b86d15c6ba29	9510	{
Vanger	0:b86d15c6ba29	9511	(void)f;
Vanger	0:b86d15c6ba29	9512	}
Vanger	0:b86d15c6ba29	9513
Vanger	0:b86d15c6ba29	9514
Vanger	0:b86d15c6ba29	9515
Vanger	0:b86d15c6ba29	9516	const char* CyaSSL_X509_verify_cert_error_string(long err)
Vanger	0:b86d15c6ba29	9517	{
Vanger	0:b86d15c6ba29	9518	(void)err;
Vanger	0:b86d15c6ba29	9519	return 0;
Vanger	0:b86d15c6ba29	9520	}
Vanger	0:b86d15c6ba29	9521
Vanger	0:b86d15c6ba29	9522
Vanger	0:b86d15c6ba29	9523
Vanger	0:b86d15c6ba29	9524	int CyaSSL_X509_LOOKUP_add_dir(CYASSL_X509_LOOKUP* lookup, const char* dir,
Vanger	0:b86d15c6ba29	9525	long len)
Vanger	0:b86d15c6ba29	9526	{
Vanger	0:b86d15c6ba29	9527	(void)lookup;
Vanger	0:b86d15c6ba29	9528	(void)dir;
Vanger	0:b86d15c6ba29	9529	(void)len;
Vanger	0:b86d15c6ba29	9530	return 0;
Vanger	0:b86d15c6ba29	9531	}
Vanger	0:b86d15c6ba29	9532
Vanger	0:b86d15c6ba29	9533
Vanger	0:b86d15c6ba29	9534	int CyaSSL_X509_LOOKUP_load_file(CYASSL_X509_LOOKUP* lookup,
Vanger	0:b86d15c6ba29	9535	const char* file, long len)
Vanger	0:b86d15c6ba29	9536	{
Vanger	0:b86d15c6ba29	9537	(void)lookup;
Vanger	0:b86d15c6ba29	9538	(void)file;
Vanger	0:b86d15c6ba29	9539	(void)len;
Vanger	0:b86d15c6ba29	9540	return 0;
Vanger	0:b86d15c6ba29	9541	}
Vanger	0:b86d15c6ba29	9542
Vanger	0:b86d15c6ba29	9543
Vanger	0:b86d15c6ba29	9544	CYASSL_X509_LOOKUP_METHOD* CyaSSL_X509_LOOKUP_hash_dir(void)
Vanger	0:b86d15c6ba29	9545	{
Vanger	0:b86d15c6ba29	9546	return 0;
Vanger	0:b86d15c6ba29	9547	}
Vanger	0:b86d15c6ba29	9548
Vanger	0:b86d15c6ba29	9549
Vanger	0:b86d15c6ba29	9550	CYASSL_X509_LOOKUP_METHOD* CyaSSL_X509_LOOKUP_file(void)
Vanger	0:b86d15c6ba29	9551	{
Vanger	0:b86d15c6ba29	9552	return 0;
Vanger	0:b86d15c6ba29	9553	}
Vanger	0:b86d15c6ba29	9554
Vanger	0:b86d15c6ba29	9555
Vanger	0:b86d15c6ba29	9556
Vanger	0:b86d15c6ba29	9557	CYASSL_X509_LOOKUP* CyaSSL_X509_STORE_add_lookup(CYASSL_X509_STORE* store,
Vanger	0:b86d15c6ba29	9558	CYASSL_X509_LOOKUP_METHOD* m)
Vanger	0:b86d15c6ba29	9559	{
Vanger	0:b86d15c6ba29	9560	(void)store;
Vanger	0:b86d15c6ba29	9561	(void)m;
Vanger	0:b86d15c6ba29	9562	return 0;
Vanger	0:b86d15c6ba29	9563	}
Vanger	0:b86d15c6ba29	9564
Vanger	0:b86d15c6ba29	9565
Vanger	0:b86d15c6ba29	9566	int CyaSSL_X509_STORE_add_cert(CYASSL_X509_STORE* store, CYASSL_X509* x509)
Vanger	0:b86d15c6ba29	9567	{
Vanger	0:b86d15c6ba29	9568	int result = SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	9569
Vanger	0:b86d15c6ba29	9570	CYASSL_ENTER("CyaSSL_X509_STORE_add_cert");
Vanger	0:b86d15c6ba29	9571	if (store != NULL && store->cm != NULL && x509 != NULL) {
Vanger	0:b86d15c6ba29	9572	buffer derCert;
Vanger	0:b86d15c6ba29	9573	derCert.buffer = (byte*)XMALLOC(x509->derCert.length,
Vanger	0:b86d15c6ba29	9574	NULL, DYNAMIC_TYPE_CERT);
Vanger	0:b86d15c6ba29	9575	if (derCert.buffer != NULL) {
Vanger	0:b86d15c6ba29	9576	derCert.length = x509->derCert.length;
Vanger	0:b86d15c6ba29	9577	/* AddCA() frees the buffer. */
Vanger	0:b86d15c6ba29	9578	XMEMCPY(derCert.buffer,
Vanger	0:b86d15c6ba29	9579	x509->derCert.buffer, x509->derCert.length);
Vanger	0:b86d15c6ba29	9580	result = AddCA(store->cm, derCert, CYASSL_USER_CA, 1);
Vanger	0:b86d15c6ba29	9581	if (result != SSL_SUCCESS) result = SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	9582	}
Vanger	0:b86d15c6ba29	9583	}
Vanger	0:b86d15c6ba29	9584
Vanger	0:b86d15c6ba29	9585	CYASSL_LEAVE("CyaSSL_X509_STORE_add_cert", result);
Vanger	0:b86d15c6ba29	9586	return result;
Vanger	0:b86d15c6ba29	9587	}
Vanger	0:b86d15c6ba29	9588
Vanger	0:b86d15c6ba29	9589
Vanger	0:b86d15c6ba29	9590	CYASSL_X509_STORE* CyaSSL_X509_STORE_new(void)
Vanger	0:b86d15c6ba29	9591	{
Vanger	0:b86d15c6ba29	9592	CYASSL_X509_STORE* store = NULL;
Vanger	0:b86d15c6ba29	9593
Vanger	0:b86d15c6ba29	9594	store = (CYASSL_X509_STORE*)XMALLOC(sizeof(CYASSL_X509_STORE), NULL, 0);
Vanger	0:b86d15c6ba29	9595	if (store != NULL) {
Vanger	0:b86d15c6ba29	9596	store->cm = CyaSSL_CertManagerNew();
Vanger	0:b86d15c6ba29	9597	if (store->cm == NULL) {
Vanger	0:b86d15c6ba29	9598	XFREE(store, NULL, 0);
Vanger	0:b86d15c6ba29	9599	store = NULL;
Vanger	0:b86d15c6ba29	9600	}
Vanger	0:b86d15c6ba29	9601	}
Vanger	0:b86d15c6ba29	9602
Vanger	0:b86d15c6ba29	9603	return store;
Vanger	0:b86d15c6ba29	9604	}
Vanger	0:b86d15c6ba29	9605
Vanger	0:b86d15c6ba29	9606
Vanger	0:b86d15c6ba29	9607	void CyaSSL_X509_STORE_free(CYASSL_X509_STORE* store)
Vanger	0:b86d15c6ba29	9608	{
Vanger	0:b86d15c6ba29	9609	if (store != NULL) {
Vanger	0:b86d15c6ba29	9610	if (store->cm != NULL)
Vanger	0:b86d15c6ba29	9611	CyaSSL_CertManagerFree(store->cm);
Vanger	0:b86d15c6ba29	9612	XFREE(store, NULL, 0);
Vanger	0:b86d15c6ba29	9613	}
Vanger	0:b86d15c6ba29	9614	}
Vanger	0:b86d15c6ba29	9615
Vanger	0:b86d15c6ba29	9616
Vanger	0:b86d15c6ba29	9617	int CyaSSL_X509_STORE_set_default_paths(CYASSL_X509_STORE* store)
Vanger	0:b86d15c6ba29	9618	{
Vanger	0:b86d15c6ba29	9619	(void)store;
Vanger	0:b86d15c6ba29	9620	return SSL_SUCCESS;
Vanger	0:b86d15c6ba29	9621	}
Vanger	0:b86d15c6ba29	9622
Vanger	0:b86d15c6ba29	9623
Vanger	0:b86d15c6ba29	9624	int CyaSSL_X509_STORE_get_by_subject(CYASSL_X509_STORE_CTX* ctx, int idx,
Vanger	0:b86d15c6ba29	9625	CYASSL_X509_NAME* name, CYASSL_X509_OBJECT* obj)
Vanger	0:b86d15c6ba29	9626	{
Vanger	0:b86d15c6ba29	9627	(void)ctx;
Vanger	0:b86d15c6ba29	9628	(void)idx;
Vanger	0:b86d15c6ba29	9629	(void)name;
Vanger	0:b86d15c6ba29	9630	(void)obj;
Vanger	0:b86d15c6ba29	9631	return 0;
Vanger	0:b86d15c6ba29	9632	}
Vanger	0:b86d15c6ba29	9633
Vanger	0:b86d15c6ba29	9634
Vanger	0:b86d15c6ba29	9635	CYASSL_X509_STORE_CTX* CyaSSL_X509_STORE_CTX_new(void)
Vanger	0:b86d15c6ba29	9636	{
Vanger	0:b86d15c6ba29	9637	CYASSL_X509_STORE_CTX* ctx = (CYASSL_X509_STORE_CTX*)XMALLOC(
Vanger	0:b86d15c6ba29	9638	sizeof(CYASSL_X509_STORE_CTX), NULL, 0);
Vanger	0:b86d15c6ba29	9639
Vanger	0:b86d15c6ba29	9640	if (ctx != NULL)
Vanger	0:b86d15c6ba29	9641	CyaSSL_X509_STORE_CTX_init(ctx, NULL, NULL, NULL);
Vanger	0:b86d15c6ba29	9642
Vanger	0:b86d15c6ba29	9643	return ctx;
Vanger	0:b86d15c6ba29	9644	}
Vanger	0:b86d15c6ba29	9645
Vanger	0:b86d15c6ba29	9646
Vanger	0:b86d15c6ba29	9647	int CyaSSL_X509_STORE_CTX_init(CYASSL_X509_STORE_CTX* ctx,
Vanger	0:b86d15c6ba29	9648	CYASSL_X509_STORE* store, CYASSL_X509* x509, STACK_OF(CYASSL_X509)* sk)
Vanger	0:b86d15c6ba29	9649	{
Vanger	0:b86d15c6ba29	9650	(void)sk;
Vanger	0:b86d15c6ba29	9651	if (ctx != NULL) {
Vanger	0:b86d15c6ba29	9652	ctx->store = store;
Vanger	0:b86d15c6ba29	9653	ctx->current_cert = x509;
Vanger	0:b86d15c6ba29	9654	ctx->domain = NULL;
Vanger	0:b86d15c6ba29	9655	ctx->ex_data = NULL;
Vanger	0:b86d15c6ba29	9656	ctx->userCtx = NULL;
Vanger	0:b86d15c6ba29	9657	ctx->error = 0;
Vanger	0:b86d15c6ba29	9658	ctx->error_depth = 0;
Vanger	0:b86d15c6ba29	9659	ctx->discardSessionCerts = 0;
Vanger	0:b86d15c6ba29	9660	return SSL_SUCCESS;
Vanger	0:b86d15c6ba29	9661	}
Vanger	0:b86d15c6ba29	9662	return SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	9663	}
Vanger	0:b86d15c6ba29	9664
Vanger	0:b86d15c6ba29	9665
Vanger	0:b86d15c6ba29	9666	void CyaSSL_X509_STORE_CTX_free(CYASSL_X509_STORE_CTX* ctx)
Vanger	0:b86d15c6ba29	9667	{
Vanger	0:b86d15c6ba29	9668	if (ctx != NULL) {
Vanger	0:b86d15c6ba29	9669	if (ctx->store != NULL)
Vanger	0:b86d15c6ba29	9670	CyaSSL_X509_STORE_free(ctx->store);
Vanger	0:b86d15c6ba29	9671	if (ctx->current_cert != NULL)
Vanger	0:b86d15c6ba29	9672	CyaSSL_FreeX509(ctx->current_cert);
Vanger	0:b86d15c6ba29	9673	XFREE(ctx, NULL, 0);
Vanger	0:b86d15c6ba29	9674	}
Vanger	0:b86d15c6ba29	9675	}
Vanger	0:b86d15c6ba29	9676
Vanger	0:b86d15c6ba29	9677
Vanger	0:b86d15c6ba29	9678	void CyaSSL_X509_STORE_CTX_cleanup(CYASSL_X509_STORE_CTX* ctx)
Vanger	0:b86d15c6ba29	9679	{
Vanger	0:b86d15c6ba29	9680	(void)ctx;
Vanger	0:b86d15c6ba29	9681	}
Vanger	0:b86d15c6ba29	9682
Vanger	0:b86d15c6ba29	9683
Vanger	0:b86d15c6ba29	9684	int CyaSSL_X509_verify_cert(CYASSL_X509_STORE_CTX* ctx)
Vanger	0:b86d15c6ba29	9685	{
Vanger	0:b86d15c6ba29	9686	if (ctx != NULL && ctx->store != NULL && ctx->store->cm != NULL
Vanger	0:b86d15c6ba29	9687	&& ctx->current_cert != NULL) {
Vanger	0:b86d15c6ba29	9688	return CyaSSL_CertManagerVerifyBuffer(ctx->store->cm,
Vanger	0:b86d15c6ba29	9689	ctx->current_cert->derCert.buffer,
Vanger	0:b86d15c6ba29	9690	ctx->current_cert->derCert.length,
Vanger	0:b86d15c6ba29	9691	SSL_FILETYPE_ASN1);
Vanger	0:b86d15c6ba29	9692	}
Vanger	0:b86d15c6ba29	9693	return SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	9694	}
Vanger	0:b86d15c6ba29	9695
Vanger	0:b86d15c6ba29	9696
Vanger	0:b86d15c6ba29	9697	CYASSL_ASN1_TIME* CyaSSL_X509_CRL_get_lastUpdate(CYASSL_X509_CRL* crl)
Vanger	0:b86d15c6ba29	9698	{
Vanger	0:b86d15c6ba29	9699	(void)crl;
Vanger	0:b86d15c6ba29	9700	return 0;
Vanger	0:b86d15c6ba29	9701	}
Vanger	0:b86d15c6ba29	9702
Vanger	0:b86d15c6ba29	9703
Vanger	0:b86d15c6ba29	9704	CYASSL_ASN1_TIME* CyaSSL_X509_CRL_get_nextUpdate(CYASSL_X509_CRL* crl)
Vanger	0:b86d15c6ba29	9705	{
Vanger	0:b86d15c6ba29	9706	(void)crl;
Vanger	0:b86d15c6ba29	9707	return 0;
Vanger	0:b86d15c6ba29	9708	}
Vanger	0:b86d15c6ba29	9709
Vanger	0:b86d15c6ba29	9710
Vanger	0:b86d15c6ba29	9711
Vanger	0:b86d15c6ba29	9712	CYASSL_EVP_PKEY* CyaSSL_X509_get_pubkey(CYASSL_X509* x509)
Vanger	0:b86d15c6ba29	9713	{
Vanger	0:b86d15c6ba29	9714	CYASSL_EVP_PKEY* key = NULL;
Vanger	0:b86d15c6ba29	9715	if (x509 != NULL) {
Vanger	0:b86d15c6ba29	9716	key = (CYASSL_EVP_PKEY*)XMALLOC(
Vanger	0:b86d15c6ba29	9717	sizeof(CYASSL_EVP_PKEY), NULL, DYNAMIC_TYPE_PUBLIC_KEY);
Vanger	0:b86d15c6ba29	9718	if (key != NULL) {
Vanger	0:b86d15c6ba29	9719	key->type = x509->pubKeyOID;
Vanger	0:b86d15c6ba29	9720	key->save_type = 0;
Vanger	0:b86d15c6ba29	9721	key->pkey.ptr = (char*)XMALLOC(
Vanger	0:b86d15c6ba29	9722	x509->pubKey.length, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
Vanger	0:b86d15c6ba29	9723	if (key->pkey.ptr == NULL) {
Vanger	0:b86d15c6ba29	9724	XFREE(key, NULL, DYNAMIC_TYPE_PUBLIC_KEY);
Vanger	0:b86d15c6ba29	9725	return NULL;
Vanger	0:b86d15c6ba29	9726	}
Vanger	0:b86d15c6ba29	9727	XMEMCPY(key->pkey.ptr,
Vanger	0:b86d15c6ba29	9728	x509->pubKey.buffer, x509->pubKey.length);
Vanger	0:b86d15c6ba29	9729	key->pkey_sz = x509->pubKey.length;
Vanger	0:b86d15c6ba29	9730	#ifdef HAVE_ECC
Vanger	0:b86d15c6ba29	9731	key->pkey_curve = (int)x509->pkCurveOID;
Vanger	0:b86d15c6ba29	9732	#endif /* HAVE_ECC */
Vanger	0:b86d15c6ba29	9733	}
Vanger	0:b86d15c6ba29	9734	}
Vanger	0:b86d15c6ba29	9735	return key;
Vanger	0:b86d15c6ba29	9736	}
Vanger	0:b86d15c6ba29	9737
Vanger	0:b86d15c6ba29	9738
Vanger	0:b86d15c6ba29	9739	int CyaSSL_X509_CRL_verify(CYASSL_X509_CRL* crl, CYASSL_EVP_PKEY* key)
Vanger	0:b86d15c6ba29	9740	{
Vanger	0:b86d15c6ba29	9741	(void)crl;
Vanger	0:b86d15c6ba29	9742	(void)key;
Vanger	0:b86d15c6ba29	9743	return 0;
Vanger	0:b86d15c6ba29	9744	}
Vanger	0:b86d15c6ba29	9745
Vanger	0:b86d15c6ba29	9746
Vanger	0:b86d15c6ba29	9747	void CyaSSL_X509_STORE_CTX_set_error(CYASSL_X509_STORE_CTX* ctx, int err)
Vanger	0:b86d15c6ba29	9748	{
Vanger	0:b86d15c6ba29	9749	(void)ctx;
Vanger	0:b86d15c6ba29	9750	(void)err;
Vanger	0:b86d15c6ba29	9751	}
Vanger	0:b86d15c6ba29	9752
Vanger	0:b86d15c6ba29	9753
Vanger	0:b86d15c6ba29	9754	void CyaSSL_X509_OBJECT_free_contents(CYASSL_X509_OBJECT* obj)
Vanger	0:b86d15c6ba29	9755	{
Vanger	0:b86d15c6ba29	9756	(void)obj;
Vanger	0:b86d15c6ba29	9757	}
Vanger	0:b86d15c6ba29	9758
Vanger	0:b86d15c6ba29	9759
Vanger	0:b86d15c6ba29	9760	void CyaSSL_EVP_PKEY_free(CYASSL_EVP_PKEY* key)
Vanger	0:b86d15c6ba29	9761	{
Vanger	0:b86d15c6ba29	9762	if (key != NULL) {
Vanger	0:b86d15c6ba29	9763	if (key->pkey.ptr != NULL)
Vanger	0:b86d15c6ba29	9764	XFREE(key->pkey.ptr, NULL, 0);
Vanger	0:b86d15c6ba29	9765	XFREE(key, NULL, 0);
Vanger	0:b86d15c6ba29	9766	}
Vanger	0:b86d15c6ba29	9767	}
Vanger	0:b86d15c6ba29	9768
Vanger	0:b86d15c6ba29	9769
Vanger	0:b86d15c6ba29	9770	int CyaSSL_X509_cmp_current_time(const CYASSL_ASN1_TIME* asnTime)
Vanger	0:b86d15c6ba29	9771	{
Vanger	0:b86d15c6ba29	9772	(void)asnTime;
Vanger	0:b86d15c6ba29	9773	return 0;
Vanger	0:b86d15c6ba29	9774	}
Vanger	0:b86d15c6ba29	9775
Vanger	0:b86d15c6ba29	9776
Vanger	0:b86d15c6ba29	9777	int CyaSSL_sk_X509_REVOKED_num(CYASSL_X509_REVOKED* revoked)
Vanger	0:b86d15c6ba29	9778	{
Vanger	0:b86d15c6ba29	9779	(void)revoked;
Vanger	0:b86d15c6ba29	9780	return 0;
Vanger	0:b86d15c6ba29	9781	}
Vanger	0:b86d15c6ba29	9782
Vanger	0:b86d15c6ba29	9783
Vanger	0:b86d15c6ba29	9784
Vanger	0:b86d15c6ba29	9785	CYASSL_X509_REVOKED* CyaSSL_X509_CRL_get_REVOKED(CYASSL_X509_CRL* crl)
Vanger	0:b86d15c6ba29	9786	{
Vanger	0:b86d15c6ba29	9787	(void)crl;
Vanger	0:b86d15c6ba29	9788	return 0;
Vanger	0:b86d15c6ba29	9789	}
Vanger	0:b86d15c6ba29	9790
Vanger	0:b86d15c6ba29	9791
Vanger	0:b86d15c6ba29	9792	CYASSL_X509_REVOKED* CyaSSL_sk_X509_REVOKED_value(
Vanger	0:b86d15c6ba29	9793	CYASSL_X509_REVOKED* revoked, int value)
Vanger	0:b86d15c6ba29	9794	{
Vanger	0:b86d15c6ba29	9795	(void)revoked;
Vanger	0:b86d15c6ba29	9796	(void)value;
Vanger	0:b86d15c6ba29	9797	return 0;
Vanger	0:b86d15c6ba29	9798	}
Vanger	0:b86d15c6ba29	9799
Vanger	0:b86d15c6ba29	9800
Vanger	0:b86d15c6ba29	9801
Vanger	0:b86d15c6ba29	9802	CYASSL_ASN1_INTEGER* CyaSSL_X509_get_serialNumber(CYASSL_X509* x509)
Vanger	0:b86d15c6ba29	9803	{
Vanger	0:b86d15c6ba29	9804	(void)x509;
Vanger	0:b86d15c6ba29	9805	return 0;
Vanger	0:b86d15c6ba29	9806	}
Vanger	0:b86d15c6ba29	9807
Vanger	0:b86d15c6ba29	9808
Vanger	0:b86d15c6ba29	9809	int CyaSSL_ASN1_TIME_print(CYASSL_BIO* bio, const CYASSL_ASN1_TIME* asnTime)
Vanger	0:b86d15c6ba29	9810	{
Vanger	0:b86d15c6ba29	9811	(void)bio;
Vanger	0:b86d15c6ba29	9812	(void)asnTime;
Vanger	0:b86d15c6ba29	9813	return 0;
Vanger	0:b86d15c6ba29	9814	}
Vanger	0:b86d15c6ba29	9815
Vanger	0:b86d15c6ba29	9816
Vanger	0:b86d15c6ba29	9817
Vanger	0:b86d15c6ba29	9818	int CyaSSL_ASN1_INTEGER_cmp(const CYASSL_ASN1_INTEGER* a,
Vanger	0:b86d15c6ba29	9819	const CYASSL_ASN1_INTEGER* b)
Vanger	0:b86d15c6ba29	9820	{
Vanger	0:b86d15c6ba29	9821	(void)a;
Vanger	0:b86d15c6ba29	9822	(void)b;
Vanger	0:b86d15c6ba29	9823	return 0;
Vanger	0:b86d15c6ba29	9824	}
Vanger	0:b86d15c6ba29	9825
Vanger	0:b86d15c6ba29	9826
Vanger	0:b86d15c6ba29	9827	long CyaSSL_ASN1_INTEGER_get(const CYASSL_ASN1_INTEGER* i)
Vanger	0:b86d15c6ba29	9828	{
Vanger	0:b86d15c6ba29	9829	(void)i;
Vanger	0:b86d15c6ba29	9830	return 0;
Vanger	0:b86d15c6ba29	9831	}
Vanger	0:b86d15c6ba29	9832
Vanger	0:b86d15c6ba29	9833
Vanger	0:b86d15c6ba29	9834
Vanger	0:b86d15c6ba29	9835	void* CyaSSL_X509_STORE_CTX_get_ex_data(CYASSL_X509_STORE_CTX* ctx, int idx)
Vanger	0:b86d15c6ba29	9836	{
Vanger	0:b86d15c6ba29	9837	#ifdef FORTRESS
Vanger	0:b86d15c6ba29	9838	if (ctx != NULL && idx == 0)
Vanger	0:b86d15c6ba29	9839	return ctx->ex_data;
Vanger	0:b86d15c6ba29	9840	#else
Vanger	0:b86d15c6ba29	9841	(void)ctx;
Vanger	0:b86d15c6ba29	9842	(void)idx;
Vanger	0:b86d15c6ba29	9843	#endif
Vanger	0:b86d15c6ba29	9844	return 0;
Vanger	0:b86d15c6ba29	9845	}
Vanger	0:b86d15c6ba29	9846
Vanger	0:b86d15c6ba29	9847
Vanger	0:b86d15c6ba29	9848	int CyaSSL_get_ex_data_X509_STORE_CTX_idx(void)
Vanger	0:b86d15c6ba29	9849	{
Vanger	0:b86d15c6ba29	9850	return 0;
Vanger	0:b86d15c6ba29	9851	}
Vanger	0:b86d15c6ba29	9852
Vanger	0:b86d15c6ba29	9853
Vanger	0:b86d15c6ba29	9854	void* CyaSSL_get_ex_data(const CYASSL* ssl, int idx)
Vanger	0:b86d15c6ba29	9855	{
Vanger	0:b86d15c6ba29	9856	#ifdef FORTRESS
Vanger	0:b86d15c6ba29	9857	if (ssl != NULL && idx < MAX_EX_DATA)
Vanger	0:b86d15c6ba29	9858	return ssl->ex_data[idx];
Vanger	0:b86d15c6ba29	9859	#else
Vanger	0:b86d15c6ba29	9860	(void)ssl;
Vanger	0:b86d15c6ba29	9861	(void)idx;
Vanger	0:b86d15c6ba29	9862	#endif
Vanger	0:b86d15c6ba29	9863	return 0;
Vanger	0:b86d15c6ba29	9864	}
Vanger	0:b86d15c6ba29	9865
Vanger	0:b86d15c6ba29	9866
Vanger	0:b86d15c6ba29	9867	void CyaSSL_CTX_set_info_callback(CYASSL_CTX* ctx, void (*f)(void))
Vanger	0:b86d15c6ba29	9868	{
Vanger	0:b86d15c6ba29	9869	(void)ctx;
Vanger	0:b86d15c6ba29	9870	(void)f;
Vanger	0:b86d15c6ba29	9871	}
Vanger	0:b86d15c6ba29	9872
Vanger	0:b86d15c6ba29	9873
Vanger	0:b86d15c6ba29	9874	unsigned long CyaSSL_ERR_peek_error(void)
Vanger	0:b86d15c6ba29	9875	{
Vanger	0:b86d15c6ba29	9876	return 0;
Vanger	0:b86d15c6ba29	9877	}
Vanger	0:b86d15c6ba29	9878
Vanger	0:b86d15c6ba29	9879
Vanger	0:b86d15c6ba29	9880	int CyaSSL_ERR_GET_REASON(int err)
Vanger	0:b86d15c6ba29	9881	{
Vanger	0:b86d15c6ba29	9882	(void)err;
Vanger	0:b86d15c6ba29	9883	return 0;
Vanger	0:b86d15c6ba29	9884	}
Vanger	0:b86d15c6ba29	9885
Vanger	0:b86d15c6ba29	9886
Vanger	0:b86d15c6ba29	9887	char* CyaSSL_alert_type_string_long(int alertID)
Vanger	0:b86d15c6ba29	9888	{
Vanger	0:b86d15c6ba29	9889	(void)alertID;
Vanger	0:b86d15c6ba29	9890	return 0;
Vanger	0:b86d15c6ba29	9891	}
Vanger	0:b86d15c6ba29	9892
Vanger	0:b86d15c6ba29	9893
Vanger	0:b86d15c6ba29	9894	char* CyaSSL_alert_desc_string_long(int alertID)
Vanger	0:b86d15c6ba29	9895	{
Vanger	0:b86d15c6ba29	9896	(void)alertID;
Vanger	0:b86d15c6ba29	9897	return 0;
Vanger	0:b86d15c6ba29	9898	}
Vanger	0:b86d15c6ba29	9899
Vanger	0:b86d15c6ba29	9900
Vanger	0:b86d15c6ba29	9901	char* CyaSSL_state_string_long(CYASSL* ssl)
Vanger	0:b86d15c6ba29	9902	{
Vanger	0:b86d15c6ba29	9903	(void)ssl;
Vanger	0:b86d15c6ba29	9904	return 0;
Vanger	0:b86d15c6ba29	9905	}
Vanger	0:b86d15c6ba29	9906
Vanger	0:b86d15c6ba29	9907
Vanger	0:b86d15c6ba29	9908	int CyaSSL_PEM_def_callback(char* name, int num, int w, void* key)
Vanger	0:b86d15c6ba29	9909	{
Vanger	0:b86d15c6ba29	9910	(void)name;
Vanger	0:b86d15c6ba29	9911	(void)num;
Vanger	0:b86d15c6ba29	9912	(void)w;
Vanger	0:b86d15c6ba29	9913	(void)key;
Vanger	0:b86d15c6ba29	9914	return 0;
Vanger	0:b86d15c6ba29	9915	}
Vanger	0:b86d15c6ba29	9916
Vanger	0:b86d15c6ba29	9917
Vanger	0:b86d15c6ba29	9918	long CyaSSL_CTX_sess_accept(CYASSL_CTX* ctx)
Vanger	0:b86d15c6ba29	9919	{
Vanger	0:b86d15c6ba29	9920	(void)ctx;
Vanger	0:b86d15c6ba29	9921	return 0;
Vanger	0:b86d15c6ba29	9922	}
Vanger	0:b86d15c6ba29	9923
Vanger	0:b86d15c6ba29	9924
Vanger	0:b86d15c6ba29	9925	long CyaSSL_CTX_sess_connect(CYASSL_CTX* ctx)
Vanger	0:b86d15c6ba29	9926	{
Vanger	0:b86d15c6ba29	9927	(void)ctx;
Vanger	0:b86d15c6ba29	9928	return 0;
Vanger	0:b86d15c6ba29	9929	}
Vanger	0:b86d15c6ba29	9930
Vanger	0:b86d15c6ba29	9931
Vanger	0:b86d15c6ba29	9932	long CyaSSL_CTX_sess_accept_good(CYASSL_CTX* ctx)
Vanger	0:b86d15c6ba29	9933	{
Vanger	0:b86d15c6ba29	9934	(void)ctx;
Vanger	0:b86d15c6ba29	9935	return 0;
Vanger	0:b86d15c6ba29	9936	}
Vanger	0:b86d15c6ba29	9937
Vanger	0:b86d15c6ba29	9938
Vanger	0:b86d15c6ba29	9939	long CyaSSL_CTX_sess_connect_good(CYASSL_CTX* ctx)
Vanger	0:b86d15c6ba29	9940	{
Vanger	0:b86d15c6ba29	9941	(void)ctx;
Vanger	0:b86d15c6ba29	9942	return 0;
Vanger	0:b86d15c6ba29	9943	}
Vanger	0:b86d15c6ba29	9944
Vanger	0:b86d15c6ba29	9945
Vanger	0:b86d15c6ba29	9946	long CyaSSL_CTX_sess_accept_renegotiate(CYASSL_CTX* ctx)
Vanger	0:b86d15c6ba29	9947	{
Vanger	0:b86d15c6ba29	9948	(void)ctx;
Vanger	0:b86d15c6ba29	9949	return 0;
Vanger	0:b86d15c6ba29	9950	}
Vanger	0:b86d15c6ba29	9951
Vanger	0:b86d15c6ba29	9952
Vanger	0:b86d15c6ba29	9953	long CyaSSL_CTX_sess_connect_renegotiate(CYASSL_CTX* ctx)
Vanger	0:b86d15c6ba29	9954	{
Vanger	0:b86d15c6ba29	9955	(void)ctx;
Vanger	0:b86d15c6ba29	9956	return 0;
Vanger	0:b86d15c6ba29	9957	}
Vanger	0:b86d15c6ba29	9958
Vanger	0:b86d15c6ba29	9959
Vanger	0:b86d15c6ba29	9960	long CyaSSL_CTX_sess_hits(CYASSL_CTX* ctx)
Vanger	0:b86d15c6ba29	9961	{
Vanger	0:b86d15c6ba29	9962	(void)ctx;
Vanger	0:b86d15c6ba29	9963	return 0;
Vanger	0:b86d15c6ba29	9964	}
Vanger	0:b86d15c6ba29	9965
Vanger	0:b86d15c6ba29	9966
Vanger	0:b86d15c6ba29	9967	long CyaSSL_CTX_sess_cb_hits(CYASSL_CTX* ctx)
Vanger	0:b86d15c6ba29	9968	{
Vanger	0:b86d15c6ba29	9969	(void)ctx;
Vanger	0:b86d15c6ba29	9970	return 0;
Vanger	0:b86d15c6ba29	9971	}
Vanger	0:b86d15c6ba29	9972
Vanger	0:b86d15c6ba29	9973
Vanger	0:b86d15c6ba29	9974	long CyaSSL_CTX_sess_cache_full(CYASSL_CTX* ctx)
Vanger	0:b86d15c6ba29	9975	{
Vanger	0:b86d15c6ba29	9976	(void)ctx;
Vanger	0:b86d15c6ba29	9977	return 0;
Vanger	0:b86d15c6ba29	9978	}
Vanger	0:b86d15c6ba29	9979
Vanger	0:b86d15c6ba29	9980
Vanger	0:b86d15c6ba29	9981	long CyaSSL_CTX_sess_misses(CYASSL_CTX* ctx)
Vanger	0:b86d15c6ba29	9982	{
Vanger	0:b86d15c6ba29	9983	(void)ctx;
Vanger	0:b86d15c6ba29	9984	return 0;
Vanger	0:b86d15c6ba29	9985	}
Vanger	0:b86d15c6ba29	9986
Vanger	0:b86d15c6ba29	9987
Vanger	0:b86d15c6ba29	9988	long CyaSSL_CTX_sess_timeouts(CYASSL_CTX* ctx)
Vanger	0:b86d15c6ba29	9989	{
Vanger	0:b86d15c6ba29	9990	(void)ctx;
Vanger	0:b86d15c6ba29	9991	return 0;
Vanger	0:b86d15c6ba29	9992	}
Vanger	0:b86d15c6ba29	9993
Vanger	0:b86d15c6ba29	9994
Vanger	0:b86d15c6ba29	9995	long CyaSSL_CTX_sess_number(CYASSL_CTX* ctx)
Vanger	0:b86d15c6ba29	9996	{
Vanger	0:b86d15c6ba29	9997	(void)ctx;
Vanger	0:b86d15c6ba29	9998	return 0;
Vanger	0:b86d15c6ba29	9999	}
Vanger	0:b86d15c6ba29	10000
Vanger	0:b86d15c6ba29	10001
Vanger	0:b86d15c6ba29	10002	void CyaSSL_DES_set_key_unchecked(CYASSL_const_DES_cblock* myDes,
Vanger	0:b86d15c6ba29	10003	CYASSL_DES_key_schedule* key)
Vanger	0:b86d15c6ba29	10004	{
Vanger	0:b86d15c6ba29	10005	(void)myDes;
Vanger	0:b86d15c6ba29	10006	(void)key;
Vanger	0:b86d15c6ba29	10007	}
Vanger	0:b86d15c6ba29	10008
Vanger	0:b86d15c6ba29	10009
Vanger	0:b86d15c6ba29	10010	void CyaSSL_DES_set_odd_parity(CYASSL_DES_cblock* myDes)
Vanger	0:b86d15c6ba29	10011	{
Vanger	0:b86d15c6ba29	10012	(void)myDes;
Vanger	0:b86d15c6ba29	10013	}
Vanger	0:b86d15c6ba29	10014
Vanger	0:b86d15c6ba29	10015
Vanger	0:b86d15c6ba29	10016	void CyaSSL_DES_ecb_encrypt(CYASSL_DES_cblock* desa,
Vanger	0:b86d15c6ba29	10017	CYASSL_DES_cblock* desb, CYASSL_DES_key_schedule* key, int len)
Vanger	0:b86d15c6ba29	10018	{
Vanger	0:b86d15c6ba29	10019	(void)desa;
Vanger	0:b86d15c6ba29	10020	(void)desb;
Vanger	0:b86d15c6ba29	10021	(void)key;
Vanger	0:b86d15c6ba29	10022	(void)len;
Vanger	0:b86d15c6ba29	10023	}
Vanger	0:b86d15c6ba29	10024
Vanger	0:b86d15c6ba29	10025	int CyaSSL_BIO_printf(CYASSL_BIO* bio, const char* format, ...)
Vanger	0:b86d15c6ba29	10026	{
Vanger	0:b86d15c6ba29	10027	(void)bio;
Vanger	0:b86d15c6ba29	10028	(void)format;
Vanger	0:b86d15c6ba29	10029	return 0;
Vanger	0:b86d15c6ba29	10030	}
Vanger	0:b86d15c6ba29	10031
Vanger	0:b86d15c6ba29	10032
Vanger	0:b86d15c6ba29	10033	int CyaSSL_ASN1_UTCTIME_print(CYASSL_BIO* bio, const CYASSL_ASN1_UTCTIME* a)
Vanger	0:b86d15c6ba29	10034	{
Vanger	0:b86d15c6ba29	10035	(void)bio;
Vanger	0:b86d15c6ba29	10036	(void)a;
Vanger	0:b86d15c6ba29	10037	return 0;
Vanger	0:b86d15c6ba29	10038	}
Vanger	0:b86d15c6ba29	10039
Vanger	0:b86d15c6ba29	10040
Vanger	0:b86d15c6ba29	10041	int CyaSSL_sk_num(CYASSL_X509_REVOKED* rev)
Vanger	0:b86d15c6ba29	10042	{
Vanger	0:b86d15c6ba29	10043	(void)rev;
Vanger	0:b86d15c6ba29	10044	return 0;
Vanger	0:b86d15c6ba29	10045	}
Vanger	0:b86d15c6ba29	10046
Vanger	0:b86d15c6ba29	10047
Vanger	0:b86d15c6ba29	10048	void* CyaSSL_sk_value(CYASSL_X509_REVOKED* rev, int i)
Vanger	0:b86d15c6ba29	10049	{
Vanger	0:b86d15c6ba29	10050	(void)rev;
Vanger	0:b86d15c6ba29	10051	(void)i;
Vanger	0:b86d15c6ba29	10052	return 0;
Vanger	0:b86d15c6ba29	10053	}
Vanger	0:b86d15c6ba29	10054
Vanger	0:b86d15c6ba29	10055
Vanger	0:b86d15c6ba29	10056	/* stunnel 4.28 needs */
Vanger	0:b86d15c6ba29	10057	void* CyaSSL_CTX_get_ex_data(const CYASSL_CTX* ctx, int d)
Vanger	0:b86d15c6ba29	10058	{
Vanger	0:b86d15c6ba29	10059	(void)ctx;
Vanger	0:b86d15c6ba29	10060	(void)d;
Vanger	0:b86d15c6ba29	10061	return 0;
Vanger	0:b86d15c6ba29	10062	}
Vanger	0:b86d15c6ba29	10063
Vanger	0:b86d15c6ba29	10064
Vanger	0:b86d15c6ba29	10065	int CyaSSL_CTX_set_ex_data(CYASSL_CTX* ctx, int d, void* p)
Vanger	0:b86d15c6ba29	10066	{
Vanger	0:b86d15c6ba29	10067	(void)ctx;
Vanger	0:b86d15c6ba29	10068	(void)d;
Vanger	0:b86d15c6ba29	10069	(void)p;
Vanger	0:b86d15c6ba29	10070	return SSL_SUCCESS;
Vanger	0:b86d15c6ba29	10071	}
Vanger	0:b86d15c6ba29	10072
Vanger	0:b86d15c6ba29	10073
Vanger	0:b86d15c6ba29	10074	void CyaSSL_CTX_sess_set_get_cb(CYASSL_CTX* ctx,
Vanger	0:b86d15c6ba29	10075	CYASSL_SESSION(f)(CYASSL, unsigned char, int, int*))
Vanger	0:b86d15c6ba29	10076	{
Vanger	0:b86d15c6ba29	10077	(void)ctx;
Vanger	0:b86d15c6ba29	10078	(void)f;
Vanger	0:b86d15c6ba29	10079	}
Vanger	0:b86d15c6ba29	10080
Vanger	0:b86d15c6ba29	10081
Vanger	0:b86d15c6ba29	10082	void CyaSSL_CTX_sess_set_new_cb(CYASSL_CTX* ctx,
Vanger	0:b86d15c6ba29	10083	int (f)(CYASSL, CYASSL_SESSION*))
Vanger	0:b86d15c6ba29	10084	{
Vanger	0:b86d15c6ba29	10085	(void)ctx;
Vanger	0:b86d15c6ba29	10086	(void)f;
Vanger	0:b86d15c6ba29	10087	}
Vanger	0:b86d15c6ba29	10088
Vanger	0:b86d15c6ba29	10089
Vanger	0:b86d15c6ba29	10090	void CyaSSL_CTX_sess_set_remove_cb(CYASSL_CTX* ctx, void (f)(CYASSL_CTX,
Vanger	0:b86d15c6ba29	10091	CYASSL_SESSION*))
Vanger	0:b86d15c6ba29	10092	{
Vanger	0:b86d15c6ba29	10093	(void)ctx;
Vanger	0:b86d15c6ba29	10094	(void)f;
Vanger	0:b86d15c6ba29	10095	}
Vanger	0:b86d15c6ba29	10096
Vanger	0:b86d15c6ba29	10097
Vanger	0:b86d15c6ba29	10098	int CyaSSL_i2d_SSL_SESSION(CYASSL_SESSION* sess, unsigned char** p)
Vanger	0:b86d15c6ba29	10099	{
Vanger	0:b86d15c6ba29	10100	(void)sess;
Vanger	0:b86d15c6ba29	10101	(void)p;
Vanger	0:b86d15c6ba29	10102	return sizeof(CYASSL_SESSION);
Vanger	0:b86d15c6ba29	10103	}
Vanger	0:b86d15c6ba29	10104
Vanger	0:b86d15c6ba29	10105
Vanger	0:b86d15c6ba29	10106	CYASSL_SESSION* CyaSSL_d2i_SSL_SESSION(CYASSL_SESSION** sess,
Vanger	0:b86d15c6ba29	10107	const unsigned char** p, long i)
Vanger	0:b86d15c6ba29	10108	{
Vanger	0:b86d15c6ba29	10109	(void)p;
Vanger	0:b86d15c6ba29	10110	(void)i;
Vanger	0:b86d15c6ba29	10111	if (sess)
Vanger	0:b86d15c6ba29	10112	return *sess;
Vanger	0:b86d15c6ba29	10113	return NULL;
Vanger	0:b86d15c6ba29	10114	}
Vanger	0:b86d15c6ba29	10115
Vanger	0:b86d15c6ba29	10116
Vanger	0:b86d15c6ba29	10117	long CyaSSL_SESSION_get_timeout(const CYASSL_SESSION* sess)
Vanger	0:b86d15c6ba29	10118	{
Vanger	0:b86d15c6ba29	10119	CYASSL_ENTER("CyaSSL_SESSION_get_timeout");
Vanger	0:b86d15c6ba29	10120	return sess->timeout;
Vanger	0:b86d15c6ba29	10121	}
Vanger	0:b86d15c6ba29	10122
Vanger	0:b86d15c6ba29	10123
Vanger	0:b86d15c6ba29	10124	long CyaSSL_SESSION_get_time(const CYASSL_SESSION* sess)
Vanger	0:b86d15c6ba29	10125	{
Vanger	0:b86d15c6ba29	10126	CYASSL_ENTER("CyaSSL_SESSION_get_time");
Vanger	0:b86d15c6ba29	10127	return sess->bornOn;
Vanger	0:b86d15c6ba29	10128	}
Vanger	0:b86d15c6ba29	10129
Vanger	0:b86d15c6ba29	10130
Vanger	0:b86d15c6ba29	10131	int CyaSSL_CTX_get_ex_new_index(long idx, void* arg, void* a, void* b,
Vanger	0:b86d15c6ba29	10132	void* c)
Vanger	0:b86d15c6ba29	10133	{
Vanger	0:b86d15c6ba29	10134	(void)idx;
Vanger	0:b86d15c6ba29	10135	(void)arg;
Vanger	0:b86d15c6ba29	10136	(void)a;
Vanger	0:b86d15c6ba29	10137	(void)b;
Vanger	0:b86d15c6ba29	10138	(void)c;
Vanger	0:b86d15c6ba29	10139	return 0;
Vanger	0:b86d15c6ba29	10140	}
Vanger	0:b86d15c6ba29	10141
Vanger	0:b86d15c6ba29	10142	#endif /* OPENSSL_EXTRA */
Vanger	0:b86d15c6ba29	10143
Vanger	0:b86d15c6ba29	10144
Vanger	0:b86d15c6ba29	10145	#ifdef KEEP_PEER_CERT
Vanger	0:b86d15c6ba29	10146	char* CyaSSL_X509_get_subjectCN(CYASSL_X509* x509)
Vanger	0:b86d15c6ba29	10147	{
Vanger	0:b86d15c6ba29	10148	if (x509 == NULL)
Vanger	0:b86d15c6ba29	10149	return NULL;
Vanger	0:b86d15c6ba29	10150
Vanger	0:b86d15c6ba29	10151	return x509->subjectCN;
Vanger	0:b86d15c6ba29	10152	}
Vanger	0:b86d15c6ba29	10153	#endif /* KEEP_PEER_CERT */
Vanger	0:b86d15c6ba29	10154
Vanger	0:b86d15c6ba29	10155	#ifdef OPENSSL_EXTRA
Vanger	0:b86d15c6ba29	10156
Vanger	0:b86d15c6ba29	10157	#ifdef FORTRESS
Vanger	0:b86d15c6ba29	10158	int CyaSSL_cmp_peer_cert_to_file(CYASSL* ssl, const char *fname)
Vanger	0:b86d15c6ba29	10159	{
Vanger	0:b86d15c6ba29	10160	int ret = SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	10161
Vanger	0:b86d15c6ba29	10162	CYASSL_ENTER("CyaSSL_cmp_peer_cert_to_file");
Vanger	0:b86d15c6ba29	10163	if (ssl != NULL && fname != NULL)
Vanger	0:b86d15c6ba29	10164	{
Vanger	0:b86d15c6ba29	10165	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	10166	EncryptedInfo* info = NULL;
Vanger	0:b86d15c6ba29	10167	byte staticBuffer[1]; /* force heap usage */
Vanger	0:b86d15c6ba29	10168	#else
Vanger	0:b86d15c6ba29	10169	EncryptedInfo info[1];
Vanger	0:b86d15c6ba29	10170	byte staticBuffer[FILE_BUFFER_SIZE];
Vanger	0:b86d15c6ba29	10171	#endif
Vanger	0:b86d15c6ba29	10172	byte* myBuffer = staticBuffer;
Vanger	0:b86d15c6ba29	10173	int dynamic = 0;
Vanger	0:b86d15c6ba29	10174	XFILE file = XBADFILE;
Vanger	0:b86d15c6ba29	10175	long sz = 0;
Vanger	0:b86d15c6ba29	10176	int eccKey = 0;
Vanger	0:b86d15c6ba29	10177	CYASSL_CTX* ctx = ssl->ctx;
Vanger	0:b86d15c6ba29	10178	CYASSL_X509* peer_cert = &ssl->peerCert;
Vanger	0:b86d15c6ba29	10179	buffer fileDer;
Vanger	0:b86d15c6ba29	10180
Vanger	0:b86d15c6ba29	10181	file = XFOPEN(fname, "rb");
Vanger	0:b86d15c6ba29	10182	if (file == XBADFILE)
Vanger	0:b86d15c6ba29	10183	return SSL_BAD_FILE;
Vanger	0:b86d15c6ba29	10184
Vanger	0:b86d15c6ba29	10185	XFSEEK(file, 0, XSEEK_END);
Vanger	0:b86d15c6ba29	10186	sz = XFTELL(file);
Vanger	0:b86d15c6ba29	10187	XREWIND(file);
Vanger	0:b86d15c6ba29	10188
Vanger	0:b86d15c6ba29	10189	if (sz > (long)sizeof(staticBuffer)) {
Vanger	0:b86d15c6ba29	10190	CYASSL_MSG("Getting dynamic buffer");
Vanger	0:b86d15c6ba29	10191	myBuffer = (byte*)XMALLOC(sz, ctx->heap, DYNAMIC_TYPE_FILE);
Vanger	0:b86d15c6ba29	10192	dynamic = 1;
Vanger	0:b86d15c6ba29	10193	}
Vanger	0:b86d15c6ba29	10194
Vanger	0:b86d15c6ba29	10195	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	10196	info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), NULL,
Vanger	0:b86d15c6ba29	10197	DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	10198	if (info == NULL)
Vanger	0:b86d15c6ba29	10199	ret = MEMORY_E;
Vanger	0:b86d15c6ba29	10200	else
Vanger	0:b86d15c6ba29	10201	#endif
Vanger	0:b86d15c6ba29	10202	{
Vanger	0:b86d15c6ba29	10203	info->set = 0;
Vanger	0:b86d15c6ba29	10204	info->ctx = ctx;
Vanger	0:b86d15c6ba29	10205	info->consumed = 0;
Vanger	0:b86d15c6ba29	10206	fileDer.buffer = 0;
Vanger	0:b86d15c6ba29	10207
Vanger	0:b86d15c6ba29	10208	if ((myBuffer != NULL) &&
Vanger	0:b86d15c6ba29	10209	(sz > 0) &&
Vanger	0:b86d15c6ba29	10210	(XFREAD(myBuffer, sz, 1, file) > 0) &&
Vanger	0:b86d15c6ba29	10211	(PemToDer(myBuffer, sz, CERT_TYPE,
Vanger	0:b86d15c6ba29	10212	&fileDer, ctx->heap, info, &eccKey) == 0) &&
Vanger	0:b86d15c6ba29	10213	(fileDer.length != 0) &&
Vanger	0:b86d15c6ba29	10214	(fileDer.length == peer_cert->derCert.length) &&
Vanger	0:b86d15c6ba29	10215	(XMEMCMP(peer_cert->derCert.buffer, fileDer.buffer,
Vanger	0:b86d15c6ba29	10216	fileDer.length) == 0))
Vanger	0:b86d15c6ba29	10217	{
Vanger	0:b86d15c6ba29	10218	ret = 0;
Vanger	0:b86d15c6ba29	10219	}
Vanger	0:b86d15c6ba29	10220
Vanger	0:b86d15c6ba29	10221	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	10222	XFREE(info, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	10223	#endif
Vanger	0:b86d15c6ba29	10224	}
Vanger	0:b86d15c6ba29	10225
Vanger	0:b86d15c6ba29	10226	XFREE(fileDer.buffer, ctx->heap, DYNAMIC_TYPE_CERT);
Vanger	0:b86d15c6ba29	10227	if (dynamic)
Vanger	0:b86d15c6ba29	10228	XFREE(myBuffer, ctx->heap, DYNAMIC_TYPE_FILE);
Vanger	0:b86d15c6ba29	10229
Vanger	0:b86d15c6ba29	10230	XFCLOSE(file);
Vanger	0:b86d15c6ba29	10231	}
Vanger	0:b86d15c6ba29	10232
Vanger	0:b86d15c6ba29	10233	return ret;
Vanger	0:b86d15c6ba29	10234	}
Vanger	0:b86d15c6ba29	10235	#endif
Vanger	0:b86d15c6ba29	10236
Vanger	0:b86d15c6ba29	10237
Vanger	0:b86d15c6ba29	10238	static RNG globalRNG;
Vanger	0:b86d15c6ba29	10239	static int initGlobalRNG = 0;
Vanger	0:b86d15c6ba29	10240
Vanger	0:b86d15c6ba29	10241	/* SSL_SUCCESS on ok */
Vanger	0:b86d15c6ba29	10242	int CyaSSL_RAND_seed(const void* seed, int len)
Vanger	0:b86d15c6ba29	10243	{
Vanger	0:b86d15c6ba29	10244
Vanger	0:b86d15c6ba29	10245	CYASSL_MSG("CyaSSL_RAND_seed");
Vanger	0:b86d15c6ba29	10246
Vanger	0:b86d15c6ba29	10247	(void)seed;
Vanger	0:b86d15c6ba29	10248	(void)len;
Vanger	0:b86d15c6ba29	10249
Vanger	0:b86d15c6ba29	10250	if (initGlobalRNG == 0) {
Vanger	0:b86d15c6ba29	10251	if (InitRng(&globalRNG) < 0) {
Vanger	0:b86d15c6ba29	10252	CYASSL_MSG("CyaSSL Init Global RNG failed");
Vanger	0:b86d15c6ba29	10253	return 0;
Vanger	0:b86d15c6ba29	10254	}
Vanger	0:b86d15c6ba29	10255	initGlobalRNG = 1;
Vanger	0:b86d15c6ba29	10256	}
Vanger	0:b86d15c6ba29	10257
Vanger	0:b86d15c6ba29	10258	return SSL_SUCCESS;
Vanger	0:b86d15c6ba29	10259	}
Vanger	0:b86d15c6ba29	10260
Vanger	0:b86d15c6ba29	10261
Vanger	0:b86d15c6ba29	10262	/* SSL_SUCCESS on ok */
Vanger	0:b86d15c6ba29	10263	int CyaSSL_RAND_bytes(unsigned char* buf, int num)
Vanger	0:b86d15c6ba29	10264	{
Vanger	0:b86d15c6ba29	10265	int ret = 0;
Vanger	0:b86d15c6ba29	10266	int initTmpRng = 0;
Vanger	0:b86d15c6ba29	10267	RNG* rng = NULL;
Vanger	0:b86d15c6ba29	10268	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	10269	RNG* tmpRNG = NULL;
Vanger	0:b86d15c6ba29	10270	#else
Vanger	0:b86d15c6ba29	10271	RNG tmpRNG[1];
Vanger	0:b86d15c6ba29	10272	#endif
Vanger	0:b86d15c6ba29	10273
Vanger	0:b86d15c6ba29	10274	CYASSL_ENTER("RAND_bytes");
Vanger	0:b86d15c6ba29	10275
Vanger	0:b86d15c6ba29	10276	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	10277	tmpRNG = (RNG*)XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	10278	if (tmpRNG == NULL)
Vanger	0:b86d15c6ba29	10279	return ret;
Vanger	0:b86d15c6ba29	10280	#endif
Vanger	0:b86d15c6ba29	10281
Vanger	0:b86d15c6ba29	10282	if (InitRng(tmpRNG) == 0) {
Vanger	0:b86d15c6ba29	10283	rng = tmpRNG;
Vanger	0:b86d15c6ba29	10284	initTmpRng = 1;
Vanger	0:b86d15c6ba29	10285	}
Vanger	0:b86d15c6ba29	10286	else if (initGlobalRNG)
Vanger	0:b86d15c6ba29	10287	rng = &globalRNG;
Vanger	0:b86d15c6ba29	10288
Vanger	0:b86d15c6ba29	10289	if (rng) {
Vanger	0:b86d15c6ba29	10290	if (RNG_GenerateBlock(rng, buf, num) != 0)
Vanger	0:b86d15c6ba29	10291	CYASSL_MSG("Bad RNG_GenerateBlock");
Vanger	0:b86d15c6ba29	10292	else
Vanger	0:b86d15c6ba29	10293	ret = SSL_SUCCESS;
Vanger	0:b86d15c6ba29	10294	}
Vanger	0:b86d15c6ba29	10295
Vanger	0:b86d15c6ba29	10296	if (initTmpRng) {
Vanger	0:b86d15c6ba29	10297	#if defined(HAVE_HASHDRBG) \|\| defined(NO_RC4)
Vanger	0:b86d15c6ba29	10298	FreeRng(tmpRNG);
Vanger	0:b86d15c6ba29	10299	#endif
Vanger	0:b86d15c6ba29	10300	}
Vanger	0:b86d15c6ba29	10301
Vanger	0:b86d15c6ba29	10302	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	10303	XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	10304	#endif
Vanger	0:b86d15c6ba29	10305
Vanger	0:b86d15c6ba29	10306	return ret;
Vanger	0:b86d15c6ba29	10307	}
Vanger	0:b86d15c6ba29	10308
Vanger	0:b86d15c6ba29	10309	CYASSL_BN_CTX* CyaSSL_BN_CTX_new(void)
Vanger	0:b86d15c6ba29	10310	{
Vanger	0:b86d15c6ba29	10311	static int ctx; /* ctaocrypt doesn't now need ctx */
Vanger	0:b86d15c6ba29	10312
Vanger	0:b86d15c6ba29	10313	CYASSL_MSG("CyaSSL_BN_CTX_new");
Vanger	0:b86d15c6ba29	10314
Vanger	0:b86d15c6ba29	10315	return (CYASSL_BN_CTX*)&ctx;
Vanger	0:b86d15c6ba29	10316	}
Vanger	0:b86d15c6ba29	10317
Vanger	0:b86d15c6ba29	10318	void CyaSSL_BN_CTX_init(CYASSL_BN_CTX* ctx)
Vanger	0:b86d15c6ba29	10319	{
Vanger	0:b86d15c6ba29	10320	(void)ctx;
Vanger	0:b86d15c6ba29	10321	CYASSL_MSG("CyaSSL_BN_CTX_init");
Vanger	0:b86d15c6ba29	10322	}
Vanger	0:b86d15c6ba29	10323
Vanger	0:b86d15c6ba29	10324
Vanger	0:b86d15c6ba29	10325	void CyaSSL_BN_CTX_free(CYASSL_BN_CTX* ctx)
Vanger	0:b86d15c6ba29	10326	{
Vanger	0:b86d15c6ba29	10327	(void)ctx;
Vanger	0:b86d15c6ba29	10328	CYASSL_MSG("CyaSSL_BN_CTX_free");
Vanger	0:b86d15c6ba29	10329
Vanger	0:b86d15c6ba29	10330	/* do free since static ctx that does nothing */
Vanger	0:b86d15c6ba29	10331	}
Vanger	0:b86d15c6ba29	10332
Vanger	0:b86d15c6ba29	10333
Vanger	0:b86d15c6ba29	10334	static void InitCyaSSL_BigNum(CYASSL_BIGNUM* bn)
Vanger	0:b86d15c6ba29	10335	{
Vanger	0:b86d15c6ba29	10336	CYASSL_MSG("InitCyaSSL_BigNum");
Vanger	0:b86d15c6ba29	10337	if (bn) {
Vanger	0:b86d15c6ba29	10338	bn->neg = 0;
Vanger	0:b86d15c6ba29	10339	bn->internal = NULL;
Vanger	0:b86d15c6ba29	10340	}
Vanger	0:b86d15c6ba29	10341	}
Vanger	0:b86d15c6ba29	10342
Vanger	0:b86d15c6ba29	10343
Vanger	0:b86d15c6ba29	10344	CYASSL_BIGNUM* CyaSSL_BN_new(void)
Vanger	0:b86d15c6ba29	10345	{
Vanger	0:b86d15c6ba29	10346	CYASSL_BIGNUM* external;
Vanger	0:b86d15c6ba29	10347	mp_int* mpi;
Vanger	0:b86d15c6ba29	10348
Vanger	0:b86d15c6ba29	10349	CYASSL_MSG("CyaSSL_BN_new");
Vanger	0:b86d15c6ba29	10350
Vanger	0:b86d15c6ba29	10351	mpi = (mp_int*) XMALLOC(sizeof(mp_int), NULL, DYNAMIC_TYPE_BIGINT);
Vanger	0:b86d15c6ba29	10352	if (mpi == NULL) {
Vanger	0:b86d15c6ba29	10353	CYASSL_MSG("CyaSSL_BN_new malloc mpi failure");
Vanger	0:b86d15c6ba29	10354	return NULL;
Vanger	0:b86d15c6ba29	10355	}
Vanger	0:b86d15c6ba29	10356
Vanger	0:b86d15c6ba29	10357	external = (CYASSL_BIGNUM*) XMALLOC(sizeof(CYASSL_BIGNUM), NULL,
Vanger	0:b86d15c6ba29	10358	DYNAMIC_TYPE_BIGINT);
Vanger	0:b86d15c6ba29	10359	if (external == NULL) {
Vanger	0:b86d15c6ba29	10360	CYASSL_MSG("CyaSSL_BN_new malloc CYASSL_BIGNUM failure");
Vanger	0:b86d15c6ba29	10361	XFREE(mpi, NULL, DYNAMIC_TYPE_BIGINT);
Vanger	0:b86d15c6ba29	10362	return NULL;
Vanger	0:b86d15c6ba29	10363	}
Vanger	0:b86d15c6ba29	10364
Vanger	0:b86d15c6ba29	10365	InitCyaSSL_BigNum(external);
Vanger	0:b86d15c6ba29	10366	external->internal = mpi;
Vanger	0:b86d15c6ba29	10367	if (mp_init(mpi) != MP_OKAY) {
Vanger	0:b86d15c6ba29	10368	CyaSSL_BN_free(external);
Vanger	0:b86d15c6ba29	10369	return NULL;
Vanger	0:b86d15c6ba29	10370	}
Vanger	0:b86d15c6ba29	10371
Vanger	0:b86d15c6ba29	10372	return external;
Vanger	0:b86d15c6ba29	10373	}
Vanger	0:b86d15c6ba29	10374
Vanger	0:b86d15c6ba29	10375
Vanger	0:b86d15c6ba29	10376	void CyaSSL_BN_free(CYASSL_BIGNUM* bn)
Vanger	0:b86d15c6ba29	10377	{
Vanger	0:b86d15c6ba29	10378	CYASSL_MSG("CyaSSL_BN_free");
Vanger	0:b86d15c6ba29	10379	if (bn) {
Vanger	0:b86d15c6ba29	10380	if (bn->internal) {
Vanger	0:b86d15c6ba29	10381	mp_clear((mp_int*)bn->internal);
Vanger	0:b86d15c6ba29	10382	XFREE(bn->internal, NULL, DYNAMIC_TYPE_BIGINT);
Vanger	0:b86d15c6ba29	10383	bn->internal = NULL;
Vanger	0:b86d15c6ba29	10384	}
Vanger	0:b86d15c6ba29	10385	XFREE(bn, NULL, DYNAMIC_TYPE_BIGINT);
Vanger	0:b86d15c6ba29	10386	}
Vanger	0:b86d15c6ba29	10387	}
Vanger	0:b86d15c6ba29	10388
Vanger	0:b86d15c6ba29	10389
Vanger	0:b86d15c6ba29	10390	void CyaSSL_BN_clear_free(CYASSL_BIGNUM* bn)
Vanger	0:b86d15c6ba29	10391	{
Vanger	0:b86d15c6ba29	10392	CYASSL_MSG("CyaSSL_BN_clear_free");
Vanger	0:b86d15c6ba29	10393
Vanger	0:b86d15c6ba29	10394	CyaSSL_BN_free(bn);
Vanger	0:b86d15c6ba29	10395	}
Vanger	0:b86d15c6ba29	10396
Vanger	0:b86d15c6ba29	10397
Vanger	0:b86d15c6ba29	10398	/* SSL_SUCCESS on ok */
Vanger	0:b86d15c6ba29	10399	int CyaSSL_BN_sub(CYASSL_BIGNUM* r, const CYASSL_BIGNUM* a,
Vanger	0:b86d15c6ba29	10400	const CYASSL_BIGNUM* b)
Vanger	0:b86d15c6ba29	10401	{
Vanger	0:b86d15c6ba29	10402	CYASSL_MSG("CyaSSL_BN_sub");
Vanger	0:b86d15c6ba29	10403
Vanger	0:b86d15c6ba29	10404	if (r == NULL \|\| a == NULL \|\| b == NULL)
Vanger	0:b86d15c6ba29	10405	return 0;
Vanger	0:b86d15c6ba29	10406
Vanger	0:b86d15c6ba29	10407	if (mp_sub((mp_int)a->internal,(mp_int)b->internal,
Vanger	0:b86d15c6ba29	10408	(mp_int*)r->internal) == MP_OKAY)
Vanger	0:b86d15c6ba29	10409	return SSL_SUCCESS;
Vanger	0:b86d15c6ba29	10410
Vanger	0:b86d15c6ba29	10411	CYASSL_MSG("CyaSSL_BN_sub mp_sub failed");
Vanger	0:b86d15c6ba29	10412	return 0;
Vanger	0:b86d15c6ba29	10413	}
Vanger	0:b86d15c6ba29	10414
Vanger	0:b86d15c6ba29	10415
Vanger	0:b86d15c6ba29	10416	/* SSL_SUCCESS on ok */
Vanger	0:b86d15c6ba29	10417	int CyaSSL_BN_mod(CYASSL_BIGNUM* r, const CYASSL_BIGNUM* a,
Vanger	0:b86d15c6ba29	10418	const CYASSL_BIGNUM* b, const CYASSL_BN_CTX* c)
Vanger	0:b86d15c6ba29	10419	{
Vanger	0:b86d15c6ba29	10420	(void)c;
Vanger	0:b86d15c6ba29	10421	CYASSL_MSG("CyaSSL_BN_mod");
Vanger	0:b86d15c6ba29	10422
Vanger	0:b86d15c6ba29	10423	if (r == NULL \|\| a == NULL \|\| b == NULL)
Vanger	0:b86d15c6ba29	10424	return 0;
Vanger	0:b86d15c6ba29	10425
Vanger	0:b86d15c6ba29	10426	if (mp_mod((mp_int)a->internal,(mp_int)b->internal,
Vanger	0:b86d15c6ba29	10427	(mp_int*)r->internal) == MP_OKAY)
Vanger	0:b86d15c6ba29	10428	return SSL_SUCCESS;
Vanger	0:b86d15c6ba29	10429
Vanger	0:b86d15c6ba29	10430	CYASSL_MSG("CyaSSL_BN_mod mp_mod failed");
Vanger	0:b86d15c6ba29	10431	return 0;
Vanger	0:b86d15c6ba29	10432	}
Vanger	0:b86d15c6ba29	10433
Vanger	0:b86d15c6ba29	10434
Vanger	0:b86d15c6ba29	10435	const CYASSL_BIGNUM* CyaSSL_BN_value_one(void)
Vanger	0:b86d15c6ba29	10436	{
Vanger	0:b86d15c6ba29	10437	static CYASSL_BIGNUM* bn_one = NULL;
Vanger	0:b86d15c6ba29	10438
Vanger	0:b86d15c6ba29	10439	CYASSL_MSG("CyaSSL_BN_value_one");
Vanger	0:b86d15c6ba29	10440
Vanger	0:b86d15c6ba29	10441	if (bn_one == NULL) {
Vanger	0:b86d15c6ba29	10442	bn_one = CyaSSL_BN_new();
Vanger	0:b86d15c6ba29	10443	if (bn_one)
Vanger	0:b86d15c6ba29	10444	mp_set_int((mp_int*)bn_one->internal, 1);
Vanger	0:b86d15c6ba29	10445	}
Vanger	0:b86d15c6ba29	10446
Vanger	0:b86d15c6ba29	10447	return bn_one;
Vanger	0:b86d15c6ba29	10448	}
Vanger	0:b86d15c6ba29	10449
Vanger	0:b86d15c6ba29	10450
Vanger	0:b86d15c6ba29	10451	int CyaSSL_BN_num_bytes(const CYASSL_BIGNUM* bn)
Vanger	0:b86d15c6ba29	10452	{
Vanger	0:b86d15c6ba29	10453	CYASSL_MSG("CyaSSL_BN_num_bytes");
Vanger	0:b86d15c6ba29	10454
Vanger	0:b86d15c6ba29	10455	if (bn == NULL \|\| bn->internal == NULL)
Vanger	0:b86d15c6ba29	10456	return 0;
Vanger	0:b86d15c6ba29	10457
Vanger	0:b86d15c6ba29	10458	return mp_unsigned_bin_size((mp_int*)bn->internal);
Vanger	0:b86d15c6ba29	10459	}
Vanger	0:b86d15c6ba29	10460
Vanger	0:b86d15c6ba29	10461
Vanger	0:b86d15c6ba29	10462	int CyaSSL_BN_num_bits(const CYASSL_BIGNUM* bn)
Vanger	0:b86d15c6ba29	10463	{
Vanger	0:b86d15c6ba29	10464	CYASSL_MSG("CyaSSL_BN_num_bits");
Vanger	0:b86d15c6ba29	10465
Vanger	0:b86d15c6ba29	10466	if (bn == NULL \|\| bn->internal == NULL)
Vanger	0:b86d15c6ba29	10467	return 0;
Vanger	0:b86d15c6ba29	10468
Vanger	0:b86d15c6ba29	10469	return mp_count_bits((mp_int*)bn->internal);
Vanger	0:b86d15c6ba29	10470	}
Vanger	0:b86d15c6ba29	10471
Vanger	0:b86d15c6ba29	10472
Vanger	0:b86d15c6ba29	10473	int CyaSSL_BN_is_zero(const CYASSL_BIGNUM* bn)
Vanger	0:b86d15c6ba29	10474	{
Vanger	0:b86d15c6ba29	10475	CYASSL_MSG("CyaSSL_BN_is_zero");
Vanger	0:b86d15c6ba29	10476
Vanger	0:b86d15c6ba29	10477	if (bn == NULL \|\| bn->internal == NULL)
Vanger	0:b86d15c6ba29	10478	return 0;
Vanger	0:b86d15c6ba29	10479
Vanger	0:b86d15c6ba29	10480	return mp_iszero((mp_int*)bn->internal);
Vanger	0:b86d15c6ba29	10481	}
Vanger	0:b86d15c6ba29	10482
Vanger	0:b86d15c6ba29	10483
Vanger	0:b86d15c6ba29	10484	int CyaSSL_BN_is_one(const CYASSL_BIGNUM* bn)
Vanger	0:b86d15c6ba29	10485	{
Vanger	0:b86d15c6ba29	10486	CYASSL_MSG("CyaSSL_BN_is_one");
Vanger	0:b86d15c6ba29	10487
Vanger	0:b86d15c6ba29	10488	if (bn == NULL \|\| bn->internal == NULL)
Vanger	0:b86d15c6ba29	10489	return 0;
Vanger	0:b86d15c6ba29	10490
Vanger	0:b86d15c6ba29	10491	if (mp_cmp_d((mp_int*)bn->internal, 1) == 0)
Vanger	0:b86d15c6ba29	10492	return 1;
Vanger	0:b86d15c6ba29	10493
Vanger	0:b86d15c6ba29	10494	return 0;
Vanger	0:b86d15c6ba29	10495	}
Vanger	0:b86d15c6ba29	10496
Vanger	0:b86d15c6ba29	10497
Vanger	0:b86d15c6ba29	10498	int CyaSSL_BN_is_odd(const CYASSL_BIGNUM* bn)
Vanger	0:b86d15c6ba29	10499	{
Vanger	0:b86d15c6ba29	10500	CYASSL_MSG("CyaSSL_BN_is_odd");
Vanger	0:b86d15c6ba29	10501
Vanger	0:b86d15c6ba29	10502	if (bn == NULL \|\| bn->internal == NULL)
Vanger	0:b86d15c6ba29	10503	return 0;
Vanger	0:b86d15c6ba29	10504
Vanger	0:b86d15c6ba29	10505	return mp_isodd((mp_int*)bn->internal);
Vanger	0:b86d15c6ba29	10506	}
Vanger	0:b86d15c6ba29	10507
Vanger	0:b86d15c6ba29	10508
Vanger	0:b86d15c6ba29	10509	int CyaSSL_BN_cmp(const CYASSL_BIGNUM* a, const CYASSL_BIGNUM* b)
Vanger	0:b86d15c6ba29	10510	{
Vanger	0:b86d15c6ba29	10511	CYASSL_MSG("CyaSSL_BN_cmp");
Vanger	0:b86d15c6ba29	10512
Vanger	0:b86d15c6ba29	10513	if (a == NULL \|\| a->internal == NULL \|\| b == NULL \|\| b->internal ==NULL)
Vanger	0:b86d15c6ba29	10514	return 0;
Vanger	0:b86d15c6ba29	10515
Vanger	0:b86d15c6ba29	10516	return mp_cmp((mp_int)a->internal, (mp_int)b->internal);
Vanger	0:b86d15c6ba29	10517	}
Vanger	0:b86d15c6ba29	10518
Vanger	0:b86d15c6ba29	10519
Vanger	0:b86d15c6ba29	10520	int CyaSSL_BN_bn2bin(const CYASSL_BIGNUM* bn, unsigned char* r)
Vanger	0:b86d15c6ba29	10521	{
Vanger	0:b86d15c6ba29	10522	CYASSL_MSG("CyaSSL_BN_bn2bin");
Vanger	0:b86d15c6ba29	10523
Vanger	0:b86d15c6ba29	10524	if (bn == NULL \|\| bn->internal == NULL) {
Vanger	0:b86d15c6ba29	10525	CYASSL_MSG("NULL bn error");
Vanger	0:b86d15c6ba29	10526	return SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	10527	}
Vanger	0:b86d15c6ba29	10528
Vanger	0:b86d15c6ba29	10529	if (r == NULL)
Vanger	0:b86d15c6ba29	10530	return mp_unsigned_bin_size((mp_int*)bn->internal);
Vanger	0:b86d15c6ba29	10531
Vanger	0:b86d15c6ba29	10532	if (mp_to_unsigned_bin((mp_int*)bn->internal, r) != MP_OKAY) {
Vanger	0:b86d15c6ba29	10533	CYASSL_MSG("mp_to_unsigned_bin error");
Vanger	0:b86d15c6ba29	10534	return SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	10535	}
Vanger	0:b86d15c6ba29	10536
Vanger	0:b86d15c6ba29	10537	return mp_unsigned_bin_size((mp_int*)bn->internal);
Vanger	0:b86d15c6ba29	10538	}
Vanger	0:b86d15c6ba29	10539
Vanger	0:b86d15c6ba29	10540
Vanger	0:b86d15c6ba29	10541	CYASSL_BIGNUM* CyaSSL_BN_bin2bn(const unsigned char* str, int len,
Vanger	0:b86d15c6ba29	10542	CYASSL_BIGNUM* ret)
Vanger	0:b86d15c6ba29	10543	{
Vanger	0:b86d15c6ba29	10544	CYASSL_MSG("CyaSSL_BN_bin2bn");
Vanger	0:b86d15c6ba29	10545
Vanger	0:b86d15c6ba29	10546	if (ret && ret->internal) {
Vanger	0:b86d15c6ba29	10547	if (mp_read_unsigned_bin((mp_int*)ret->internal, str, len) != 0) {
Vanger	0:b86d15c6ba29	10548	CYASSL_MSG("mp_read_unsigned_bin failure");
Vanger	0:b86d15c6ba29	10549	return NULL;
Vanger	0:b86d15c6ba29	10550	}
Vanger	0:b86d15c6ba29	10551	}
Vanger	0:b86d15c6ba29	10552	else {
Vanger	0:b86d15c6ba29	10553	CYASSL_MSG("CyaSSL_BN_bin2bn wants return bignum");
Vanger	0:b86d15c6ba29	10554	}
Vanger	0:b86d15c6ba29	10555
Vanger	0:b86d15c6ba29	10556	return ret;
Vanger	0:b86d15c6ba29	10557	}
Vanger	0:b86d15c6ba29	10558
Vanger	0:b86d15c6ba29	10559
Vanger	0:b86d15c6ba29	10560	int CyaSSL_mask_bits(CYASSL_BIGNUM* bn, int n)
Vanger	0:b86d15c6ba29	10561	{
Vanger	0:b86d15c6ba29	10562	(void)bn;
Vanger	0:b86d15c6ba29	10563	(void)n;
Vanger	0:b86d15c6ba29	10564	CYASSL_MSG("CyaSSL_BN_mask_bits");
Vanger	0:b86d15c6ba29	10565
Vanger	0:b86d15c6ba29	10566	return SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	10567	}
Vanger	0:b86d15c6ba29	10568
Vanger	0:b86d15c6ba29	10569
Vanger	0:b86d15c6ba29	10570	/* SSL_SUCCESS on ok */
Vanger	0:b86d15c6ba29	10571	int CyaSSL_BN_rand(CYASSL_BIGNUM* bn, int bits, int top, int bottom)
Vanger	0:b86d15c6ba29	10572	{
Vanger	0:b86d15c6ba29	10573	int ret = 0;
Vanger	0:b86d15c6ba29	10574	int len = bits / 8;
Vanger	0:b86d15c6ba29	10575	RNG* rng = NULL;
Vanger	0:b86d15c6ba29	10576	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	10577	RNG* tmpRNG = NULL;
Vanger	0:b86d15c6ba29	10578	byte* buff = NULL;
Vanger	0:b86d15c6ba29	10579	#else
Vanger	0:b86d15c6ba29	10580	RNG tmpRNG[1];
Vanger	0:b86d15c6ba29	10581	byte buff[1024];
Vanger	0:b86d15c6ba29	10582	#endif
Vanger	0:b86d15c6ba29	10583
Vanger	0:b86d15c6ba29	10584	(void)top;
Vanger	0:b86d15c6ba29	10585	(void)bottom;
Vanger	0:b86d15c6ba29	10586	CYASSL_MSG("CyaSSL_BN_rand");
Vanger	0:b86d15c6ba29	10587
Vanger	0:b86d15c6ba29	10588	if (bits % 8)
Vanger	0:b86d15c6ba29	10589	len++;
Vanger	0:b86d15c6ba29	10590
Vanger	0:b86d15c6ba29	10591	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	10592	buff = (byte*)XMALLOC(1024, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	10593	tmpRNG = (RNG*) XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	10594	if (buff == NULL \|\| tmpRNG == NULL) {
Vanger	0:b86d15c6ba29	10595	XFREE(buff, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	10596	XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	10597	return ret;
Vanger	0:b86d15c6ba29	10598	}
Vanger	0:b86d15c6ba29	10599	#endif
Vanger	0:b86d15c6ba29	10600
Vanger	0:b86d15c6ba29	10601	if (bn == NULL \|\| bn->internal == NULL)
Vanger	0:b86d15c6ba29	10602	CYASSL_MSG("Bad function arguments");
Vanger	0:b86d15c6ba29	10603	else if (InitRng(tmpRNG) == 0)
Vanger	0:b86d15c6ba29	10604	rng = tmpRNG;
Vanger	0:b86d15c6ba29	10605	else if (initGlobalRNG)
Vanger	0:b86d15c6ba29	10606	rng = &globalRNG;
Vanger	0:b86d15c6ba29	10607
Vanger	0:b86d15c6ba29	10608	if (rng) {
Vanger	0:b86d15c6ba29	10609	if (RNG_GenerateBlock(rng, buff, len) != 0)
Vanger	0:b86d15c6ba29	10610	CYASSL_MSG("Bad RNG_GenerateBlock");
Vanger	0:b86d15c6ba29	10611	else {
Vanger	0:b86d15c6ba29	10612	buff[0] \|= 0x80 \| 0x40;
Vanger	0:b86d15c6ba29	10613	buff[len-1] \|= 0x01;
Vanger	0:b86d15c6ba29	10614
Vanger	0:b86d15c6ba29	10615	if (mp_read_unsigned_bin((mp_int*)bn->internal,buff,len) != MP_OKAY)
Vanger	0:b86d15c6ba29	10616	CYASSL_MSG("mp read bin failed");
Vanger	0:b86d15c6ba29	10617	else
Vanger	0:b86d15c6ba29	10618	ret = SSL_SUCCESS;
Vanger	0:b86d15c6ba29	10619	}
Vanger	0:b86d15c6ba29	10620	}
Vanger	0:b86d15c6ba29	10621
Vanger	0:b86d15c6ba29	10622	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	10623	XFREE(buff, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	10624	XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	10625	#endif
Vanger	0:b86d15c6ba29	10626
Vanger	0:b86d15c6ba29	10627	return ret;
Vanger	0:b86d15c6ba29	10628	}
Vanger	0:b86d15c6ba29	10629
Vanger	0:b86d15c6ba29	10630
Vanger	0:b86d15c6ba29	10631	int CyaSSL_BN_is_bit_set(const CYASSL_BIGNUM* bn, int n)
Vanger	0:b86d15c6ba29	10632	{
Vanger	0:b86d15c6ba29	10633	(void)bn;
Vanger	0:b86d15c6ba29	10634	(void)n;
Vanger	0:b86d15c6ba29	10635
Vanger	0:b86d15c6ba29	10636	CYASSL_MSG("CyaSSL_BN_is_bit_set");
Vanger	0:b86d15c6ba29	10637
Vanger	0:b86d15c6ba29	10638	return 0;
Vanger	0:b86d15c6ba29	10639	}
Vanger	0:b86d15c6ba29	10640
Vanger	0:b86d15c6ba29	10641
Vanger	0:b86d15c6ba29	10642	/* SSL_SUCCESS on ok */
Vanger	0:b86d15c6ba29	10643	int CyaSSL_BN_hex2bn(CYASSL_BIGNUM** bn, const char* str)
Vanger	0:b86d15c6ba29	10644	{
Vanger	0:b86d15c6ba29	10645	int ret = 0;
Vanger	0:b86d15c6ba29	10646	word32 decSz = 1024;
Vanger	0:b86d15c6ba29	10647	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	10648	byte* decoded = NULL;
Vanger	0:b86d15c6ba29	10649	#else
Vanger	0:b86d15c6ba29	10650	byte decoded[1024];
Vanger	0:b86d15c6ba29	10651	#endif
Vanger	0:b86d15c6ba29	10652
Vanger	0:b86d15c6ba29	10653	CYASSL_MSG("CyaSSL_BN_hex2bn");
Vanger	0:b86d15c6ba29	10654
Vanger	0:b86d15c6ba29	10655	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	10656	decoded = (byte*)XMALLOC(decSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	10657	if (decoded == NULL)
Vanger	0:b86d15c6ba29	10658	return ret;
Vanger	0:b86d15c6ba29	10659	#endif
Vanger	0:b86d15c6ba29	10660
Vanger	0:b86d15c6ba29	10661	if (str == NULL)
Vanger	0:b86d15c6ba29	10662	CYASSL_MSG("Bad function argument");
Vanger	0:b86d15c6ba29	10663	else if (Base16_Decode((byte*)str, (int)XSTRLEN(str), decoded, &decSz) < 0)
Vanger	0:b86d15c6ba29	10664	CYASSL_MSG("Bad Base16_Decode error");
Vanger	0:b86d15c6ba29	10665	else if (bn == NULL)
Vanger	0:b86d15c6ba29	10666	ret = decSz;
Vanger	0:b86d15c6ba29	10667	else {
Vanger	0:b86d15c6ba29	10668	if (*bn == NULL)
Vanger	0:b86d15c6ba29	10669	*bn = CyaSSL_BN_new();
Vanger	0:b86d15c6ba29	10670
Vanger	0:b86d15c6ba29	10671	if (*bn == NULL)
Vanger	0:b86d15c6ba29	10672	CYASSL_MSG("BN new failed");
Vanger	0:b86d15c6ba29	10673	else if (CyaSSL_BN_bin2bn(decoded, decSz, *bn) == NULL)
Vanger	0:b86d15c6ba29	10674	CYASSL_MSG("Bad bin2bn error");
Vanger	0:b86d15c6ba29	10675	else
Vanger	0:b86d15c6ba29	10676	ret = SSL_SUCCESS;
Vanger	0:b86d15c6ba29	10677	}
Vanger	0:b86d15c6ba29	10678
Vanger	0:b86d15c6ba29	10679	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	10680	XFREE(decoded, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	10681	#endif
Vanger	0:b86d15c6ba29	10682
Vanger	0:b86d15c6ba29	10683	return ret;
Vanger	0:b86d15c6ba29	10684	}
Vanger	0:b86d15c6ba29	10685
Vanger	0:b86d15c6ba29	10686
Vanger	0:b86d15c6ba29	10687	CYASSL_BIGNUM* CyaSSL_BN_dup(const CYASSL_BIGNUM* bn)
Vanger	0:b86d15c6ba29	10688	{
Vanger	0:b86d15c6ba29	10689	CYASSL_BIGNUM* ret;
Vanger	0:b86d15c6ba29	10690
Vanger	0:b86d15c6ba29	10691	CYASSL_MSG("CyaSSL_BN_dup");
Vanger	0:b86d15c6ba29	10692
Vanger	0:b86d15c6ba29	10693	if (bn == NULL \|\| bn->internal == NULL) {
Vanger	0:b86d15c6ba29	10694	CYASSL_MSG("bn NULL error");
Vanger	0:b86d15c6ba29	10695	return NULL;
Vanger	0:b86d15c6ba29	10696	}
Vanger	0:b86d15c6ba29	10697
Vanger	0:b86d15c6ba29	10698	ret = CyaSSL_BN_new();
Vanger	0:b86d15c6ba29	10699	if (ret == NULL) {
Vanger	0:b86d15c6ba29	10700	CYASSL_MSG("bn new error");
Vanger	0:b86d15c6ba29	10701	return NULL;
Vanger	0:b86d15c6ba29	10702	}
Vanger	0:b86d15c6ba29	10703
Vanger	0:b86d15c6ba29	10704	if (mp_copy((mp_int)bn->internal, (mp_int)ret->internal) != MP_OKAY) {
Vanger	0:b86d15c6ba29	10705	CYASSL_MSG("mp_copy error");
Vanger	0:b86d15c6ba29	10706	CyaSSL_BN_free(ret);
Vanger	0:b86d15c6ba29	10707	return NULL;
Vanger	0:b86d15c6ba29	10708	}
Vanger	0:b86d15c6ba29	10709
Vanger	0:b86d15c6ba29	10710	return ret;
Vanger	0:b86d15c6ba29	10711	}
Vanger	0:b86d15c6ba29	10712
Vanger	0:b86d15c6ba29	10713
Vanger	0:b86d15c6ba29	10714	CYASSL_BIGNUM* CyaSSL_BN_copy(CYASSL_BIGNUM* r, const CYASSL_BIGNUM* bn)
Vanger	0:b86d15c6ba29	10715	{
Vanger	0:b86d15c6ba29	10716	(void)r;
Vanger	0:b86d15c6ba29	10717	(void)bn;
Vanger	0:b86d15c6ba29	10718
Vanger	0:b86d15c6ba29	10719	CYASSL_MSG("CyaSSL_BN_copy");
Vanger	0:b86d15c6ba29	10720
Vanger	0:b86d15c6ba29	10721	return NULL;
Vanger	0:b86d15c6ba29	10722	}
Vanger	0:b86d15c6ba29	10723
Vanger	0:b86d15c6ba29	10724
Vanger	0:b86d15c6ba29	10725	int CyaSSL_BN_set_word(CYASSL_BIGNUM* bn, unsigned long w)
Vanger	0:b86d15c6ba29	10726	{
Vanger	0:b86d15c6ba29	10727	(void)bn;
Vanger	0:b86d15c6ba29	10728	(void)w;
Vanger	0:b86d15c6ba29	10729
Vanger	0:b86d15c6ba29	10730	CYASSL_MSG("CyaSSL_BN_set_word");
Vanger	0:b86d15c6ba29	10731
Vanger	0:b86d15c6ba29	10732	return SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	10733	}
Vanger	0:b86d15c6ba29	10734
Vanger	0:b86d15c6ba29	10735
Vanger	0:b86d15c6ba29	10736	int CyaSSL_BN_dec2bn(CYASSL_BIGNUM** bn, const char* str)
Vanger	0:b86d15c6ba29	10737	{
Vanger	0:b86d15c6ba29	10738	(void)bn;
Vanger	0:b86d15c6ba29	10739	(void)str;
Vanger	0:b86d15c6ba29	10740
Vanger	0:b86d15c6ba29	10741	CYASSL_MSG("CyaSSL_BN_dec2bn");
Vanger	0:b86d15c6ba29	10742
Vanger	0:b86d15c6ba29	10743	return SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	10744	}
Vanger	0:b86d15c6ba29	10745
Vanger	0:b86d15c6ba29	10746
Vanger	0:b86d15c6ba29	10747	char* CyaSSL_BN_bn2dec(const CYASSL_BIGNUM* bn)
Vanger	0:b86d15c6ba29	10748	{
Vanger	0:b86d15c6ba29	10749	(void)bn;
Vanger	0:b86d15c6ba29	10750
Vanger	0:b86d15c6ba29	10751	CYASSL_MSG("CyaSSL_BN_bn2dec");
Vanger	0:b86d15c6ba29	10752
Vanger	0:b86d15c6ba29	10753	return NULL;
Vanger	0:b86d15c6ba29	10754	}
Vanger	0:b86d15c6ba29	10755
Vanger	0:b86d15c6ba29	10756
Vanger	0:b86d15c6ba29	10757	#ifndef NO_DH
Vanger	0:b86d15c6ba29	10758
Vanger	0:b86d15c6ba29	10759	static void InitCyaSSL_DH(CYASSL_DH* dh)
Vanger	0:b86d15c6ba29	10760	{
Vanger	0:b86d15c6ba29	10761	if (dh) {
Vanger	0:b86d15c6ba29	10762	dh->p = NULL;
Vanger	0:b86d15c6ba29	10763	dh->g = NULL;
Vanger	0:b86d15c6ba29	10764	dh->pub_key = NULL;
Vanger	0:b86d15c6ba29	10765	dh->priv_key = NULL;
Vanger	0:b86d15c6ba29	10766	dh->internal = NULL;
Vanger	0:b86d15c6ba29	10767	dh->inSet = 0;
Vanger	0:b86d15c6ba29	10768	dh->exSet = 0;
Vanger	0:b86d15c6ba29	10769	}
Vanger	0:b86d15c6ba29	10770	}
Vanger	0:b86d15c6ba29	10771
Vanger	0:b86d15c6ba29	10772
Vanger	0:b86d15c6ba29	10773	CYASSL_DH* CyaSSL_DH_new(void)
Vanger	0:b86d15c6ba29	10774	{
Vanger	0:b86d15c6ba29	10775	CYASSL_DH* external;
Vanger	0:b86d15c6ba29	10776	DhKey* key;
Vanger	0:b86d15c6ba29	10777
Vanger	0:b86d15c6ba29	10778	CYASSL_MSG("CyaSSL_DH_new");
Vanger	0:b86d15c6ba29	10779
Vanger	0:b86d15c6ba29	10780	key = (DhKey*) XMALLOC(sizeof(DhKey), NULL, DYNAMIC_TYPE_DH);
Vanger	0:b86d15c6ba29	10781	if (key == NULL) {
Vanger	0:b86d15c6ba29	10782	CYASSL_MSG("CyaSSL_DH_new malloc DhKey failure");
Vanger	0:b86d15c6ba29	10783	return NULL;
Vanger	0:b86d15c6ba29	10784	}
Vanger	0:b86d15c6ba29	10785
Vanger	0:b86d15c6ba29	10786	external = (CYASSL_DH*) XMALLOC(sizeof(CYASSL_DH), NULL,
Vanger	0:b86d15c6ba29	10787	DYNAMIC_TYPE_DH);
Vanger	0:b86d15c6ba29	10788	if (external == NULL) {
Vanger	0:b86d15c6ba29	10789	CYASSL_MSG("CyaSSL_DH_new malloc CYASSL_DH failure");
Vanger	0:b86d15c6ba29	10790	XFREE(key, NULL, DYNAMIC_TYPE_DH);
Vanger	0:b86d15c6ba29	10791	return NULL;
Vanger	0:b86d15c6ba29	10792	}
Vanger	0:b86d15c6ba29	10793
Vanger	0:b86d15c6ba29	10794	InitCyaSSL_DH(external);
Vanger	0:b86d15c6ba29	10795	InitDhKey(key);
Vanger	0:b86d15c6ba29	10796	external->internal = key;
Vanger	0:b86d15c6ba29	10797
Vanger	0:b86d15c6ba29	10798	return external;
Vanger	0:b86d15c6ba29	10799	}
Vanger	0:b86d15c6ba29	10800
Vanger	0:b86d15c6ba29	10801
Vanger	0:b86d15c6ba29	10802	void CyaSSL_DH_free(CYASSL_DH* dh)
Vanger	0:b86d15c6ba29	10803	{
Vanger	0:b86d15c6ba29	10804	CYASSL_MSG("CyaSSL_DH_free");
Vanger	0:b86d15c6ba29	10805
Vanger	0:b86d15c6ba29	10806	if (dh) {
Vanger	0:b86d15c6ba29	10807	if (dh->internal) {
Vanger	0:b86d15c6ba29	10808	FreeDhKey((DhKey*)dh->internal);
Vanger	0:b86d15c6ba29	10809	XFREE(dh->internal, NULL, DYNAMIC_TYPE_DH);
Vanger	0:b86d15c6ba29	10810	dh->internal = NULL;
Vanger	0:b86d15c6ba29	10811	}
Vanger	0:b86d15c6ba29	10812	CyaSSL_BN_free(dh->priv_key);
Vanger	0:b86d15c6ba29	10813	CyaSSL_BN_free(dh->pub_key);
Vanger	0:b86d15c6ba29	10814	CyaSSL_BN_free(dh->g);
Vanger	0:b86d15c6ba29	10815	CyaSSL_BN_free(dh->p);
Vanger	0:b86d15c6ba29	10816	InitCyaSSL_DH(dh); /* set back to NULLs for safety */
Vanger	0:b86d15c6ba29	10817
Vanger	0:b86d15c6ba29	10818	XFREE(dh, NULL, DYNAMIC_TYPE_DH);
Vanger	0:b86d15c6ba29	10819	}
Vanger	0:b86d15c6ba29	10820	}
Vanger	0:b86d15c6ba29	10821
Vanger	0:b86d15c6ba29	10822
Vanger	0:b86d15c6ba29	10823	static int SetDhInternal(CYASSL_DH* dh)
Vanger	0:b86d15c6ba29	10824	{
Vanger	0:b86d15c6ba29	10825	int ret = SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	10826	int pSz = 1024;
Vanger	0:b86d15c6ba29	10827	int gSz = 1024;
Vanger	0:b86d15c6ba29	10828	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	10829	unsigned char* p = NULL;
Vanger	0:b86d15c6ba29	10830	unsigned char* g = NULL;
Vanger	0:b86d15c6ba29	10831	#else
Vanger	0:b86d15c6ba29	10832	unsigned char p[1024];
Vanger	0:b86d15c6ba29	10833	unsigned char g[1024];
Vanger	0:b86d15c6ba29	10834	#endif
Vanger	0:b86d15c6ba29	10835
Vanger	0:b86d15c6ba29	10836	CYASSL_ENTER("SetDhInternal");
Vanger	0:b86d15c6ba29	10837
Vanger	0:b86d15c6ba29	10838	if (dh == NULL \|\| dh->p == NULL \|\| dh->g == NULL)
Vanger	0:b86d15c6ba29	10839	CYASSL_MSG("Bad function arguments");
Vanger	0:b86d15c6ba29	10840	else if (CyaSSL_BN_bn2bin(dh->p, NULL) > pSz)
Vanger	0:b86d15c6ba29	10841	CYASSL_MSG("Bad p internal size");
Vanger	0:b86d15c6ba29	10842	else if (CyaSSL_BN_bn2bin(dh->g, NULL) > gSz)
Vanger	0:b86d15c6ba29	10843	CYASSL_MSG("Bad g internal size");
Vanger	0:b86d15c6ba29	10844	else {
Vanger	0:b86d15c6ba29	10845	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	10846	p = (unsigned char*)XMALLOC(pSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	10847	g = (unsigned char*)XMALLOC(gSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	10848
Vanger	0:b86d15c6ba29	10849	if (p == NULL \|\| g == NULL) {
Vanger	0:b86d15c6ba29	10850	XFREE(p, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	10851	XFREE(g, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	10852	return ret;
Vanger	0:b86d15c6ba29	10853	}
Vanger	0:b86d15c6ba29	10854	#endif
Vanger	0:b86d15c6ba29	10855
Vanger	0:b86d15c6ba29	10856	pSz = CyaSSL_BN_bn2bin(dh->p, p);
Vanger	0:b86d15c6ba29	10857	gSz = CyaSSL_BN_bn2bin(dh->g, g);
Vanger	0:b86d15c6ba29	10858
Vanger	0:b86d15c6ba29	10859	if (pSz <= 0 \|\| gSz <= 0)
Vanger	0:b86d15c6ba29	10860	CYASSL_MSG("Bad BN2bin set");
Vanger	0:b86d15c6ba29	10861	else if (DhSetKey((DhKey*)dh->internal, p, pSz, g, gSz) < 0)
Vanger	0:b86d15c6ba29	10862	CYASSL_MSG("Bad DH SetKey");
Vanger	0:b86d15c6ba29	10863	else {
Vanger	0:b86d15c6ba29	10864	dh->inSet = 1;
Vanger	0:b86d15c6ba29	10865	ret = 0;
Vanger	0:b86d15c6ba29	10866	}
Vanger	0:b86d15c6ba29	10867
Vanger	0:b86d15c6ba29	10868	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	10869	XFREE(p, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	10870	XFREE(g, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	10871	#endif
Vanger	0:b86d15c6ba29	10872	}
Vanger	0:b86d15c6ba29	10873
Vanger	0:b86d15c6ba29	10874
Vanger	0:b86d15c6ba29	10875	return ret;
Vanger	0:b86d15c6ba29	10876	}
Vanger	0:b86d15c6ba29	10877
Vanger	0:b86d15c6ba29	10878
Vanger	0:b86d15c6ba29	10879	int CyaSSL_DH_size(CYASSL_DH* dh)
Vanger	0:b86d15c6ba29	10880	{
Vanger	0:b86d15c6ba29	10881	CYASSL_MSG("CyaSSL_DH_size");
Vanger	0:b86d15c6ba29	10882
Vanger	0:b86d15c6ba29	10883	if (dh == NULL)
Vanger	0:b86d15c6ba29	10884	return 0;
Vanger	0:b86d15c6ba29	10885
Vanger	0:b86d15c6ba29	10886	return CyaSSL_BN_num_bytes(dh->p);
Vanger	0:b86d15c6ba29	10887	}
Vanger	0:b86d15c6ba29	10888
Vanger	0:b86d15c6ba29	10889
Vanger	0:b86d15c6ba29	10890	/* return SSL_SUCCESS on ok, else 0 */
Vanger	0:b86d15c6ba29	10891	int CyaSSL_DH_generate_key(CYASSL_DH* dh)
Vanger	0:b86d15c6ba29	10892	{
Vanger	0:b86d15c6ba29	10893	int ret = 0;
Vanger	0:b86d15c6ba29	10894	word32 pubSz = 768;
Vanger	0:b86d15c6ba29	10895	word32 privSz = 768;
Vanger	0:b86d15c6ba29	10896	RNG* rng = NULL;
Vanger	0:b86d15c6ba29	10897	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	10898	unsigned char* pub = NULL;
Vanger	0:b86d15c6ba29	10899	unsigned char* priv = NULL;
Vanger	0:b86d15c6ba29	10900	RNG* tmpRNG = NULL;
Vanger	0:b86d15c6ba29	10901	#else
Vanger	0:b86d15c6ba29	10902	unsigned char pub [768];
Vanger	0:b86d15c6ba29	10903	unsigned char priv[768];
Vanger	0:b86d15c6ba29	10904	RNG tmpRNG[1];
Vanger	0:b86d15c6ba29	10905	#endif
Vanger	0:b86d15c6ba29	10906
Vanger	0:b86d15c6ba29	10907	CYASSL_MSG("CyaSSL_DH_generate_key");
Vanger	0:b86d15c6ba29	10908
Vanger	0:b86d15c6ba29	10909	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	10910	tmpRNG = (RNG*)XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	10911	pub = (unsigned char*)XMALLOC(pubSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	10912	priv = (unsigned char*)XMALLOC(privSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	10913
Vanger	0:b86d15c6ba29	10914	if (tmpRNG == NULL \|\| pub == NULL \|\| priv == NULL) {
Vanger	0:b86d15c6ba29	10915	XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	10916	XFREE(pub, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	10917	XFREE(priv, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	10918	return ret;
Vanger	0:b86d15c6ba29	10919	}
Vanger	0:b86d15c6ba29	10920	#endif
Vanger	0:b86d15c6ba29	10921
Vanger	0:b86d15c6ba29	10922	if (dh == NULL \|\| dh->p == NULL \|\| dh->g == NULL)
Vanger	0:b86d15c6ba29	10923	CYASSL_MSG("Bad function arguments");
Vanger	0:b86d15c6ba29	10924	else if (dh->inSet == 0 && SetDhInternal(dh) < 0)
Vanger	0:b86d15c6ba29	10925	CYASSL_MSG("Bad DH set internal");
Vanger	0:b86d15c6ba29	10926	else if (InitRng(tmpRNG) == 0)
Vanger	0:b86d15c6ba29	10927	rng = tmpRNG;
Vanger	0:b86d15c6ba29	10928	else {
Vanger	0:b86d15c6ba29	10929	CYASSL_MSG("Bad RNG Init, trying global");
Vanger	0:b86d15c6ba29	10930	if (initGlobalRNG == 0)
Vanger	0:b86d15c6ba29	10931	CYASSL_MSG("Global RNG no Init");
Vanger	0:b86d15c6ba29	10932	else
Vanger	0:b86d15c6ba29	10933	rng = &globalRNG;
Vanger	0:b86d15c6ba29	10934	}
Vanger	0:b86d15c6ba29	10935
Vanger	0:b86d15c6ba29	10936	if (rng) {
Vanger	0:b86d15c6ba29	10937	if (DhGenerateKeyPair((DhKey*)dh->internal, rng, priv, &privSz,
Vanger	0:b86d15c6ba29	10938	pub, &pubSz) < 0)
Vanger	0:b86d15c6ba29	10939	CYASSL_MSG("Bad DhGenerateKeyPair");
Vanger	0:b86d15c6ba29	10940	else {
Vanger	0:b86d15c6ba29	10941	if (dh->pub_key)
Vanger	0:b86d15c6ba29	10942	CyaSSL_BN_free(dh->pub_key);
Vanger	0:b86d15c6ba29	10943
Vanger	0:b86d15c6ba29	10944	dh->pub_key = CyaSSL_BN_new();
Vanger	0:b86d15c6ba29	10945	if (dh->pub_key == NULL) {
Vanger	0:b86d15c6ba29	10946	CYASSL_MSG("Bad DH new pub");
Vanger	0:b86d15c6ba29	10947	}
Vanger	0:b86d15c6ba29	10948	if (dh->priv_key)
Vanger	0:b86d15c6ba29	10949	CyaSSL_BN_free(dh->priv_key);
Vanger	0:b86d15c6ba29	10950
Vanger	0:b86d15c6ba29	10951	dh->priv_key = CyaSSL_BN_new();
Vanger	0:b86d15c6ba29	10952
Vanger	0:b86d15c6ba29	10953	if (dh->priv_key == NULL) {
Vanger	0:b86d15c6ba29	10954	CYASSL_MSG("Bad DH new priv");
Vanger	0:b86d15c6ba29	10955	}
Vanger	0:b86d15c6ba29	10956
Vanger	0:b86d15c6ba29	10957	if (dh->pub_key && dh->priv_key) {
Vanger	0:b86d15c6ba29	10958	if (CyaSSL_BN_bin2bn(pub, pubSz, dh->pub_key) == NULL)
Vanger	0:b86d15c6ba29	10959	CYASSL_MSG("Bad DH bn2bin error pub");
Vanger	0:b86d15c6ba29	10960	else if (CyaSSL_BN_bin2bn(priv, privSz, dh->priv_key) == NULL)
Vanger	0:b86d15c6ba29	10961	CYASSL_MSG("Bad DH bn2bin error priv");
Vanger	0:b86d15c6ba29	10962	else
Vanger	0:b86d15c6ba29	10963	ret = SSL_SUCCESS;
Vanger	0:b86d15c6ba29	10964	}
Vanger	0:b86d15c6ba29	10965	}
Vanger	0:b86d15c6ba29	10966	}
Vanger	0:b86d15c6ba29	10967
Vanger	0:b86d15c6ba29	10968	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	10969	XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	10970	XFREE(pub, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	10971	XFREE(priv, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	10972	#endif
Vanger	0:b86d15c6ba29	10973
Vanger	0:b86d15c6ba29	10974	return ret;
Vanger	0:b86d15c6ba29	10975	}
Vanger	0:b86d15c6ba29	10976
Vanger	0:b86d15c6ba29	10977
Vanger	0:b86d15c6ba29	10978	/* return key size on ok, 0 otherwise */
Vanger	0:b86d15c6ba29	10979	int CyaSSL_DH_compute_key(unsigned char* key, CYASSL_BIGNUM* otherPub,
Vanger	0:b86d15c6ba29	10980	CYASSL_DH* dh)
Vanger	0:b86d15c6ba29	10981	{
Vanger	0:b86d15c6ba29	10982	int ret = 0;
Vanger	0:b86d15c6ba29	10983	word32 keySz = 0;
Vanger	0:b86d15c6ba29	10984	word32 pubSz = 1024;
Vanger	0:b86d15c6ba29	10985	word32 privSz = 1024;
Vanger	0:b86d15c6ba29	10986	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	10987	unsigned char* pub = NULL;
Vanger	0:b86d15c6ba29	10988	unsigned char* priv = NULL;
Vanger	0:b86d15c6ba29	10989	#else
Vanger	0:b86d15c6ba29	10990	unsigned char pub [1024];
Vanger	0:b86d15c6ba29	10991	unsigned char priv[1024];
Vanger	0:b86d15c6ba29	10992	#endif
Vanger	0:b86d15c6ba29	10993
Vanger	0:b86d15c6ba29	10994	CYASSL_MSG("CyaSSL_DH_compute_key");
Vanger	0:b86d15c6ba29	10995
Vanger	0:b86d15c6ba29	10996	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	10997	pub = (unsigned char*)XMALLOC(pubSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	10998	if (pub == NULL)
Vanger	0:b86d15c6ba29	10999	return ret;
Vanger	0:b86d15c6ba29	11000
Vanger	0:b86d15c6ba29	11001	priv = (unsigned char*)XMALLOC(privSz, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	11002	if (priv == NULL) {
Vanger	0:b86d15c6ba29	11003	XFREE(pub, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	11004	return 0;
Vanger	0:b86d15c6ba29	11005	}
Vanger	0:b86d15c6ba29	11006	#endif
Vanger	0:b86d15c6ba29	11007
Vanger	0:b86d15c6ba29	11008	if (dh == NULL \|\| dh->priv_key == NULL \|\| otherPub == NULL)
Vanger	0:b86d15c6ba29	11009	CYASSL_MSG("Bad function arguments");
Vanger	0:b86d15c6ba29	11010	else if ((keySz = (word32)DH_size(dh)) == 0)
Vanger	0:b86d15c6ba29	11011	CYASSL_MSG("Bad DH_size");
Vanger	0:b86d15c6ba29	11012	else if (CyaSSL_BN_bn2bin(dh->priv_key, NULL) > (int)privSz)
Vanger	0:b86d15c6ba29	11013	CYASSL_MSG("Bad priv internal size");
Vanger	0:b86d15c6ba29	11014	else if (CyaSSL_BN_bn2bin(otherPub, NULL) > (int)pubSz)
Vanger	0:b86d15c6ba29	11015	CYASSL_MSG("Bad otherPub size");
Vanger	0:b86d15c6ba29	11016	else {
Vanger	0:b86d15c6ba29	11017	privSz = CyaSSL_BN_bn2bin(dh->priv_key, priv);
Vanger	0:b86d15c6ba29	11018	pubSz = CyaSSL_BN_bn2bin(otherPub, pub);
Vanger	0:b86d15c6ba29	11019
Vanger	0:b86d15c6ba29	11020	if (privSz <= 0 \|\| pubSz <= 0)
Vanger	0:b86d15c6ba29	11021	CYASSL_MSG("Bad BN2bin set");
Vanger	0:b86d15c6ba29	11022	else if (DhAgree((DhKey*)dh->internal, key, &keySz, priv, privSz, pub,
Vanger	0:b86d15c6ba29	11023	pubSz) < 0)
Vanger	0:b86d15c6ba29	11024	CYASSL_MSG("DhAgree failed");
Vanger	0:b86d15c6ba29	11025	else
Vanger	0:b86d15c6ba29	11026	ret = (int)keySz;
Vanger	0:b86d15c6ba29	11027	}
Vanger	0:b86d15c6ba29	11028
Vanger	0:b86d15c6ba29	11029	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	11030	XFREE(pub, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	11031	XFREE(priv, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	11032	#endif
Vanger	0:b86d15c6ba29	11033
Vanger	0:b86d15c6ba29	11034	return ret;
Vanger	0:b86d15c6ba29	11035	}
Vanger	0:b86d15c6ba29	11036	#endif /* NO_DH */
Vanger	0:b86d15c6ba29	11037
Vanger	0:b86d15c6ba29	11038
Vanger	0:b86d15c6ba29	11039	#ifndef NO_DSA
Vanger	0:b86d15c6ba29	11040	static void InitCyaSSL_DSA(CYASSL_DSA* dsa)
Vanger	0:b86d15c6ba29	11041	{
Vanger	0:b86d15c6ba29	11042	if (dsa) {
Vanger	0:b86d15c6ba29	11043	dsa->p = NULL;
Vanger	0:b86d15c6ba29	11044	dsa->q = NULL;
Vanger	0:b86d15c6ba29	11045	dsa->g = NULL;
Vanger	0:b86d15c6ba29	11046	dsa->pub_key = NULL;
Vanger	0:b86d15c6ba29	11047	dsa->priv_key = NULL;
Vanger	0:b86d15c6ba29	11048	dsa->internal = NULL;
Vanger	0:b86d15c6ba29	11049	dsa->inSet = 0;
Vanger	0:b86d15c6ba29	11050	dsa->exSet = 0;
Vanger	0:b86d15c6ba29	11051	}
Vanger	0:b86d15c6ba29	11052	}
Vanger	0:b86d15c6ba29	11053
Vanger	0:b86d15c6ba29	11054
Vanger	0:b86d15c6ba29	11055	CYASSL_DSA* CyaSSL_DSA_new(void)
Vanger	0:b86d15c6ba29	11056	{
Vanger	0:b86d15c6ba29	11057	CYASSL_DSA* external;
Vanger	0:b86d15c6ba29	11058	DsaKey* key;
Vanger	0:b86d15c6ba29	11059
Vanger	0:b86d15c6ba29	11060	CYASSL_MSG("CyaSSL_DSA_new");
Vanger	0:b86d15c6ba29	11061
Vanger	0:b86d15c6ba29	11062	key = (DsaKey*) XMALLOC(sizeof(DsaKey), NULL, DYNAMIC_TYPE_DSA);
Vanger	0:b86d15c6ba29	11063	if (key == NULL) {
Vanger	0:b86d15c6ba29	11064	CYASSL_MSG("CyaSSL_DSA_new malloc DsaKey failure");
Vanger	0:b86d15c6ba29	11065	return NULL;
Vanger	0:b86d15c6ba29	11066	}
Vanger	0:b86d15c6ba29	11067
Vanger	0:b86d15c6ba29	11068	external = (CYASSL_DSA*) XMALLOC(sizeof(CYASSL_DSA), NULL,
Vanger	0:b86d15c6ba29	11069	DYNAMIC_TYPE_DSA);
Vanger	0:b86d15c6ba29	11070	if (external == NULL) {
Vanger	0:b86d15c6ba29	11071	CYASSL_MSG("CyaSSL_DSA_new malloc CYASSL_DSA failure");
Vanger	0:b86d15c6ba29	11072	XFREE(key, NULL, DYNAMIC_TYPE_DSA);
Vanger	0:b86d15c6ba29	11073	return NULL;
Vanger	0:b86d15c6ba29	11074	}
Vanger	0:b86d15c6ba29	11075
Vanger	0:b86d15c6ba29	11076	InitCyaSSL_DSA(external);
Vanger	0:b86d15c6ba29	11077	InitDsaKey(key);
Vanger	0:b86d15c6ba29	11078	external->internal = key;
Vanger	0:b86d15c6ba29	11079
Vanger	0:b86d15c6ba29	11080	return external;
Vanger	0:b86d15c6ba29	11081	}
Vanger	0:b86d15c6ba29	11082
Vanger	0:b86d15c6ba29	11083
Vanger	0:b86d15c6ba29	11084	void CyaSSL_DSA_free(CYASSL_DSA* dsa)
Vanger	0:b86d15c6ba29	11085	{
Vanger	0:b86d15c6ba29	11086	CYASSL_MSG("CyaSSL_DSA_free");
Vanger	0:b86d15c6ba29	11087
Vanger	0:b86d15c6ba29	11088	if (dsa) {
Vanger	0:b86d15c6ba29	11089	if (dsa->internal) {
Vanger	0:b86d15c6ba29	11090	FreeDsaKey((DsaKey*)dsa->internal);
Vanger	0:b86d15c6ba29	11091	XFREE(dsa->internal, NULL, DYNAMIC_TYPE_DSA);
Vanger	0:b86d15c6ba29	11092	dsa->internal = NULL;
Vanger	0:b86d15c6ba29	11093	}
Vanger	0:b86d15c6ba29	11094	CyaSSL_BN_free(dsa->priv_key);
Vanger	0:b86d15c6ba29	11095	CyaSSL_BN_free(dsa->pub_key);
Vanger	0:b86d15c6ba29	11096	CyaSSL_BN_free(dsa->g);
Vanger	0:b86d15c6ba29	11097	CyaSSL_BN_free(dsa->q);
Vanger	0:b86d15c6ba29	11098	CyaSSL_BN_free(dsa->p);
Vanger	0:b86d15c6ba29	11099	InitCyaSSL_DSA(dsa); /* set back to NULLs for safety */
Vanger	0:b86d15c6ba29	11100
Vanger	0:b86d15c6ba29	11101	XFREE(dsa, NULL, DYNAMIC_TYPE_DSA);
Vanger	0:b86d15c6ba29	11102	}
Vanger	0:b86d15c6ba29	11103	}
Vanger	0:b86d15c6ba29	11104
Vanger	0:b86d15c6ba29	11105
Vanger	0:b86d15c6ba29	11106	int CyaSSL_DSA_generate_key(CYASSL_DSA* dsa)
Vanger	0:b86d15c6ba29	11107	{
Vanger	0:b86d15c6ba29	11108	(void)dsa;
Vanger	0:b86d15c6ba29	11109
Vanger	0:b86d15c6ba29	11110	CYASSL_MSG("CyaSSL_DSA_generate_key");
Vanger	0:b86d15c6ba29	11111
Vanger	0:b86d15c6ba29	11112	return 0; /* key gen not needed by server */
Vanger	0:b86d15c6ba29	11113	}
Vanger	0:b86d15c6ba29	11114
Vanger	0:b86d15c6ba29	11115
Vanger	0:b86d15c6ba29	11116	int CyaSSL_DSA_generate_parameters_ex(CYASSL_DSA* dsa, int bits,
Vanger	0:b86d15c6ba29	11117	unsigned char* seed, int seedLen, int* counterRet,
Vanger	0:b86d15c6ba29	11118	unsigned long* hRet, void* cb)
Vanger	0:b86d15c6ba29	11119	{
Vanger	0:b86d15c6ba29	11120	(void)dsa;
Vanger	0:b86d15c6ba29	11121	(void)bits;
Vanger	0:b86d15c6ba29	11122	(void)seed;
Vanger	0:b86d15c6ba29	11123	(void)seedLen;
Vanger	0:b86d15c6ba29	11124	(void)counterRet;
Vanger	0:b86d15c6ba29	11125	(void)hRet;
Vanger	0:b86d15c6ba29	11126	(void)cb;
Vanger	0:b86d15c6ba29	11127
Vanger	0:b86d15c6ba29	11128	CYASSL_MSG("CyaSSL_DSA_generate_parameters_ex");
Vanger	0:b86d15c6ba29	11129
Vanger	0:b86d15c6ba29	11130	return 0; /* key gen not needed by server */
Vanger	0:b86d15c6ba29	11131	}
Vanger	0:b86d15c6ba29	11132	#endif /* NO_DSA */
Vanger	0:b86d15c6ba29	11133
Vanger	0:b86d15c6ba29	11134	#ifndef NO_RSA
Vanger	0:b86d15c6ba29	11135	static void InitCyaSSL_Rsa(CYASSL_RSA* rsa)
Vanger	0:b86d15c6ba29	11136	{
Vanger	0:b86d15c6ba29	11137	if (rsa) {
Vanger	0:b86d15c6ba29	11138	rsa->n = NULL;
Vanger	0:b86d15c6ba29	11139	rsa->e = NULL;
Vanger	0:b86d15c6ba29	11140	rsa->d = NULL;
Vanger	0:b86d15c6ba29	11141	rsa->p = NULL;
Vanger	0:b86d15c6ba29	11142	rsa->q = NULL;
Vanger	0:b86d15c6ba29	11143	rsa->dmp1 = NULL;
Vanger	0:b86d15c6ba29	11144	rsa->dmq1 = NULL;
Vanger	0:b86d15c6ba29	11145	rsa->iqmp = NULL;
Vanger	0:b86d15c6ba29	11146	rsa->internal = NULL;
Vanger	0:b86d15c6ba29	11147	rsa->inSet = 0;
Vanger	0:b86d15c6ba29	11148	rsa->exSet = 0;
Vanger	0:b86d15c6ba29	11149	}
Vanger	0:b86d15c6ba29	11150	}
Vanger	0:b86d15c6ba29	11151
Vanger	0:b86d15c6ba29	11152
Vanger	0:b86d15c6ba29	11153	CYASSL_RSA* CyaSSL_RSA_new(void)
Vanger	0:b86d15c6ba29	11154	{
Vanger	0:b86d15c6ba29	11155	CYASSL_RSA* external;
Vanger	0:b86d15c6ba29	11156	RsaKey* key;
Vanger	0:b86d15c6ba29	11157
Vanger	0:b86d15c6ba29	11158	CYASSL_MSG("CyaSSL_RSA_new");
Vanger	0:b86d15c6ba29	11159
Vanger	0:b86d15c6ba29	11160	key = (RsaKey*) XMALLOC(sizeof(RsaKey), NULL, DYNAMIC_TYPE_RSA);
Vanger	0:b86d15c6ba29	11161	if (key == NULL) {
Vanger	0:b86d15c6ba29	11162	CYASSL_MSG("CyaSSL_RSA_new malloc RsaKey failure");
Vanger	0:b86d15c6ba29	11163	return NULL;
Vanger	0:b86d15c6ba29	11164	}
Vanger	0:b86d15c6ba29	11165
Vanger	0:b86d15c6ba29	11166	external = (CYASSL_RSA*) XMALLOC(sizeof(CYASSL_RSA), NULL,
Vanger	0:b86d15c6ba29	11167	DYNAMIC_TYPE_RSA);
Vanger	0:b86d15c6ba29	11168	if (external == NULL) {
Vanger	0:b86d15c6ba29	11169	CYASSL_MSG("CyaSSL_RSA_new malloc CYASSL_RSA failure");
Vanger	0:b86d15c6ba29	11170	XFREE(key, NULL, DYNAMIC_TYPE_RSA);
Vanger	0:b86d15c6ba29	11171	return NULL;
Vanger	0:b86d15c6ba29	11172	}
Vanger	0:b86d15c6ba29	11173
Vanger	0:b86d15c6ba29	11174	InitCyaSSL_Rsa(external);
Vanger	0:b86d15c6ba29	11175	if (InitRsaKey(key, NULL) != 0) {
Vanger	0:b86d15c6ba29	11176	CYASSL_MSG("InitRsaKey CYASSL_RSA failure");
Vanger	0:b86d15c6ba29	11177	XFREE(external, NULL, DYNAMIC_TYPE_RSA);
Vanger	0:b86d15c6ba29	11178	XFREE(key, NULL, DYNAMIC_TYPE_RSA);
Vanger	0:b86d15c6ba29	11179	return NULL;
Vanger	0:b86d15c6ba29	11180	}
Vanger	0:b86d15c6ba29	11181	external->internal = key;
Vanger	0:b86d15c6ba29	11182
Vanger	0:b86d15c6ba29	11183	return external;
Vanger	0:b86d15c6ba29	11184	}
Vanger	0:b86d15c6ba29	11185
Vanger	0:b86d15c6ba29	11186
Vanger	0:b86d15c6ba29	11187	void CyaSSL_RSA_free(CYASSL_RSA* rsa)
Vanger	0:b86d15c6ba29	11188	{
Vanger	0:b86d15c6ba29	11189	CYASSL_MSG("CyaSSL_RSA_free");
Vanger	0:b86d15c6ba29	11190
Vanger	0:b86d15c6ba29	11191	if (rsa) {
Vanger	0:b86d15c6ba29	11192	if (rsa->internal) {
Vanger	0:b86d15c6ba29	11193	FreeRsaKey((RsaKey*)rsa->internal);
Vanger	0:b86d15c6ba29	11194	XFREE(rsa->internal, NULL, DYNAMIC_TYPE_RSA);
Vanger	0:b86d15c6ba29	11195	rsa->internal = NULL;
Vanger	0:b86d15c6ba29	11196	}
Vanger	0:b86d15c6ba29	11197	CyaSSL_BN_free(rsa->iqmp);
Vanger	0:b86d15c6ba29	11198	CyaSSL_BN_free(rsa->dmq1);
Vanger	0:b86d15c6ba29	11199	CyaSSL_BN_free(rsa->dmp1);
Vanger	0:b86d15c6ba29	11200	CyaSSL_BN_free(rsa->q);
Vanger	0:b86d15c6ba29	11201	CyaSSL_BN_free(rsa->p);
Vanger	0:b86d15c6ba29	11202	CyaSSL_BN_free(rsa->d);
Vanger	0:b86d15c6ba29	11203	CyaSSL_BN_free(rsa->e);
Vanger	0:b86d15c6ba29	11204	CyaSSL_BN_free(rsa->n);
Vanger	0:b86d15c6ba29	11205	InitCyaSSL_Rsa(rsa); /* set back to NULLs for safety */
Vanger	0:b86d15c6ba29	11206
Vanger	0:b86d15c6ba29	11207	XFREE(rsa, NULL, DYNAMIC_TYPE_RSA);
Vanger	0:b86d15c6ba29	11208	}
Vanger	0:b86d15c6ba29	11209	}
Vanger	0:b86d15c6ba29	11210	#endif /* NO_RSA */
Vanger	0:b86d15c6ba29	11211
Vanger	0:b86d15c6ba29	11212
Vanger	0:b86d15c6ba29	11213	#if !defined(NO_RSA) \|\| !defined(NO_DSA)
Vanger	0:b86d15c6ba29	11214	static int SetIndividualExternal(CYASSL_BIGNUM** bn, mp_int* mpi)
Vanger	0:b86d15c6ba29	11215	{
Vanger	0:b86d15c6ba29	11216	CYASSL_MSG("Entering SetIndividualExternal");
Vanger	0:b86d15c6ba29	11217
Vanger	0:b86d15c6ba29	11218	if (mpi == NULL) {
Vanger	0:b86d15c6ba29	11219	CYASSL_MSG("mpi NULL error");
Vanger	0:b86d15c6ba29	11220	return SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	11221	}
Vanger	0:b86d15c6ba29	11222
Vanger	0:b86d15c6ba29	11223	if (*bn == NULL) {
Vanger	0:b86d15c6ba29	11224	*bn = CyaSSL_BN_new();
Vanger	0:b86d15c6ba29	11225	if (*bn == NULL) {
Vanger	0:b86d15c6ba29	11226	CYASSL_MSG("SetIndividualExternal alloc failed");
Vanger	0:b86d15c6ba29	11227	return SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	11228	}
Vanger	0:b86d15c6ba29	11229	}
Vanger	0:b86d15c6ba29	11230
Vanger	0:b86d15c6ba29	11231	if (mp_copy(mpi, (mp_int)((bn)->internal)) != MP_OKAY) {
Vanger	0:b86d15c6ba29	11232	CYASSL_MSG("mp_copy error");
Vanger	0:b86d15c6ba29	11233	return SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	11234	}
Vanger	0:b86d15c6ba29	11235
Vanger	0:b86d15c6ba29	11236	return 0;
Vanger	0:b86d15c6ba29	11237	}
Vanger	0:b86d15c6ba29	11238	#endif /* !NO_RSA && !NO_DSA */
Vanger	0:b86d15c6ba29	11239
Vanger	0:b86d15c6ba29	11240
Vanger	0:b86d15c6ba29	11241	#ifndef NO_DSA
Vanger	0:b86d15c6ba29	11242	static int SetDsaExternal(CYASSL_DSA* dsa)
Vanger	0:b86d15c6ba29	11243	{
Vanger	0:b86d15c6ba29	11244	DsaKey* key;
Vanger	0:b86d15c6ba29	11245	CYASSL_MSG("Entering SetDsaExternal");
Vanger	0:b86d15c6ba29	11246
Vanger	0:b86d15c6ba29	11247	if (dsa == NULL \|\| dsa->internal == NULL) {
Vanger	0:b86d15c6ba29	11248	CYASSL_MSG("dsa key NULL error");
Vanger	0:b86d15c6ba29	11249	return SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	11250	}
Vanger	0:b86d15c6ba29	11251
Vanger	0:b86d15c6ba29	11252	key = (DsaKey*)dsa->internal;
Vanger	0:b86d15c6ba29	11253
Vanger	0:b86d15c6ba29	11254	if (SetIndividualExternal(&dsa->p, &key->p) < 0) {
Vanger	0:b86d15c6ba29	11255	CYASSL_MSG("dsa p key error");
Vanger	0:b86d15c6ba29	11256	return SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	11257	}
Vanger	0:b86d15c6ba29	11258
Vanger	0:b86d15c6ba29	11259	if (SetIndividualExternal(&dsa->q, &key->q) < 0) {
Vanger	0:b86d15c6ba29	11260	CYASSL_MSG("dsa q key error");
Vanger	0:b86d15c6ba29	11261	return SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	11262	}
Vanger	0:b86d15c6ba29	11263
Vanger	0:b86d15c6ba29	11264	if (SetIndividualExternal(&dsa->g, &key->g) < 0) {
Vanger	0:b86d15c6ba29	11265	CYASSL_MSG("dsa g key error");
Vanger	0:b86d15c6ba29	11266	return SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	11267	}
Vanger	0:b86d15c6ba29	11268
Vanger	0:b86d15c6ba29	11269	if (SetIndividualExternal(&dsa->pub_key, &key->y) < 0) {
Vanger	0:b86d15c6ba29	11270	CYASSL_MSG("dsa y key error");
Vanger	0:b86d15c6ba29	11271	return SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	11272	}
Vanger	0:b86d15c6ba29	11273
Vanger	0:b86d15c6ba29	11274	if (SetIndividualExternal(&dsa->priv_key, &key->x) < 0) {
Vanger	0:b86d15c6ba29	11275	CYASSL_MSG("dsa x key error");
Vanger	0:b86d15c6ba29	11276	return SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	11277	}
Vanger	0:b86d15c6ba29	11278
Vanger	0:b86d15c6ba29	11279	dsa->exSet = 1;
Vanger	0:b86d15c6ba29	11280
Vanger	0:b86d15c6ba29	11281	return 0;
Vanger	0:b86d15c6ba29	11282	}
Vanger	0:b86d15c6ba29	11283	#endif /* NO_DSA */
Vanger	0:b86d15c6ba29	11284
Vanger	0:b86d15c6ba29	11285
Vanger	0:b86d15c6ba29	11286	#ifndef NO_RSA
Vanger	0:b86d15c6ba29	11287	static int SetRsaExternal(CYASSL_RSA* rsa)
Vanger	0:b86d15c6ba29	11288	{
Vanger	0:b86d15c6ba29	11289	RsaKey* key;
Vanger	0:b86d15c6ba29	11290	CYASSL_MSG("Entering SetRsaExternal");
Vanger	0:b86d15c6ba29	11291
Vanger	0:b86d15c6ba29	11292	if (rsa == NULL \|\| rsa->internal == NULL) {
Vanger	0:b86d15c6ba29	11293	CYASSL_MSG("rsa key NULL error");
Vanger	0:b86d15c6ba29	11294	return SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	11295	}
Vanger	0:b86d15c6ba29	11296
Vanger	0:b86d15c6ba29	11297	key = (RsaKey*)rsa->internal;
Vanger	0:b86d15c6ba29	11298
Vanger	0:b86d15c6ba29	11299	if (SetIndividualExternal(&rsa->n, &key->n) < 0) {
Vanger	0:b86d15c6ba29	11300	CYASSL_MSG("rsa n key error");
Vanger	0:b86d15c6ba29	11301	return SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	11302	}
Vanger	0:b86d15c6ba29	11303
Vanger	0:b86d15c6ba29	11304	if (SetIndividualExternal(&rsa->e, &key->e) < 0) {
Vanger	0:b86d15c6ba29	11305	CYASSL_MSG("rsa e key error");
Vanger	0:b86d15c6ba29	11306	return SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	11307	}
Vanger	0:b86d15c6ba29	11308
Vanger	0:b86d15c6ba29	11309	if (SetIndividualExternal(&rsa->d, &key->d) < 0) {
Vanger	0:b86d15c6ba29	11310	CYASSL_MSG("rsa d key error");
Vanger	0:b86d15c6ba29	11311	return SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	11312	}
Vanger	0:b86d15c6ba29	11313
Vanger	0:b86d15c6ba29	11314	if (SetIndividualExternal(&rsa->p, &key->p) < 0) {
Vanger	0:b86d15c6ba29	11315	CYASSL_MSG("rsa p key error");
Vanger	0:b86d15c6ba29	11316	return SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	11317	}
Vanger	0:b86d15c6ba29	11318
Vanger	0:b86d15c6ba29	11319	if (SetIndividualExternal(&rsa->q, &key->q) < 0) {
Vanger	0:b86d15c6ba29	11320	CYASSL_MSG("rsa q key error");
Vanger	0:b86d15c6ba29	11321	return SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	11322	}
Vanger	0:b86d15c6ba29	11323
Vanger	0:b86d15c6ba29	11324	if (SetIndividualExternal(&rsa->dmp1, &key->dP) < 0) {
Vanger	0:b86d15c6ba29	11325	CYASSL_MSG("rsa dP key error");
Vanger	0:b86d15c6ba29	11326	return SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	11327	}
Vanger	0:b86d15c6ba29	11328
Vanger	0:b86d15c6ba29	11329	if (SetIndividualExternal(&rsa->dmq1, &key->dQ) < 0) {
Vanger	0:b86d15c6ba29	11330	CYASSL_MSG("rsa dQ key error");
Vanger	0:b86d15c6ba29	11331	return SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	11332	}
Vanger	0:b86d15c6ba29	11333
Vanger	0:b86d15c6ba29	11334	if (SetIndividualExternal(&rsa->iqmp, &key->u) < 0) {
Vanger	0:b86d15c6ba29	11335	CYASSL_MSG("rsa u key error");
Vanger	0:b86d15c6ba29	11336	return SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	11337	}
Vanger	0:b86d15c6ba29	11338
Vanger	0:b86d15c6ba29	11339	rsa->exSet = 1;
Vanger	0:b86d15c6ba29	11340
Vanger	0:b86d15c6ba29	11341	return 0;
Vanger	0:b86d15c6ba29	11342	}
Vanger	0:b86d15c6ba29	11343
Vanger	0:b86d15c6ba29	11344
Vanger	0:b86d15c6ba29	11345	/* SSL_SUCCESS on ok */
Vanger	0:b86d15c6ba29	11346	int CyaSSL_RSA_generate_key_ex(CYASSL_RSA* rsa, int bits, CYASSL_BIGNUM* bn,
Vanger	0:b86d15c6ba29	11347	void* cb)
Vanger	0:b86d15c6ba29	11348	{
Vanger	0:b86d15c6ba29	11349	int ret = SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	11350
Vanger	0:b86d15c6ba29	11351	CYASSL_MSG("CyaSSL_RSA_generate_key_ex");
Vanger	0:b86d15c6ba29	11352
Vanger	0:b86d15c6ba29	11353	(void)rsa;
Vanger	0:b86d15c6ba29	11354	(void)bits;
Vanger	0:b86d15c6ba29	11355	(void)cb;
Vanger	0:b86d15c6ba29	11356	(void)bn;
Vanger	0:b86d15c6ba29	11357
Vanger	0:b86d15c6ba29	11358	#ifdef CYASSL_KEY_GEN
Vanger	0:b86d15c6ba29	11359	{
Vanger	0:b86d15c6ba29	11360	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	11361	RNG* rng = NULL;
Vanger	0:b86d15c6ba29	11362	#else
Vanger	0:b86d15c6ba29	11363	RNG rng[1];
Vanger	0:b86d15c6ba29	11364	#endif
Vanger	0:b86d15c6ba29	11365
Vanger	0:b86d15c6ba29	11366	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	11367	rng = (RNG*)XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	11368	if (rng == NULL)
Vanger	0:b86d15c6ba29	11369	return SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	11370	#endif
Vanger	0:b86d15c6ba29	11371
Vanger	0:b86d15c6ba29	11372	if (InitRng(rng) < 0)
Vanger	0:b86d15c6ba29	11373	CYASSL_MSG("RNG init failed");
Vanger	0:b86d15c6ba29	11374	else if (MakeRsaKey((RsaKey*)rsa->internal, bits, 65537, rng) < 0)
Vanger	0:b86d15c6ba29	11375	CYASSL_MSG("MakeRsaKey failed");
Vanger	0:b86d15c6ba29	11376	else if (SetRsaExternal(rsa) < 0)
Vanger	0:b86d15c6ba29	11377	CYASSL_MSG("SetRsaExternal failed");
Vanger	0:b86d15c6ba29	11378	else {
Vanger	0:b86d15c6ba29	11379	rsa->inSet = 1;
Vanger	0:b86d15c6ba29	11380	ret = SSL_SUCCESS;
Vanger	0:b86d15c6ba29	11381	}
Vanger	0:b86d15c6ba29	11382
Vanger	0:b86d15c6ba29	11383	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	11384	XFREE(rng, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	11385	#endif
Vanger	0:b86d15c6ba29	11386	}
Vanger	0:b86d15c6ba29	11387	#else
Vanger	0:b86d15c6ba29	11388	CYASSL_MSG("No Key Gen built in");
Vanger	0:b86d15c6ba29	11389	#endif
Vanger	0:b86d15c6ba29	11390	return ret;
Vanger	0:b86d15c6ba29	11391	}
Vanger	0:b86d15c6ba29	11392
Vanger	0:b86d15c6ba29	11393
Vanger	0:b86d15c6ba29	11394	/* SSL_SUCCESS on ok */
Vanger	0:b86d15c6ba29	11395	int CyaSSL_RSA_blinding_on(CYASSL_RSA* rsa, CYASSL_BN_CTX* bn)
Vanger	0:b86d15c6ba29	11396	{
Vanger	0:b86d15c6ba29	11397	(void)rsa;
Vanger	0:b86d15c6ba29	11398	(void)bn;
Vanger	0:b86d15c6ba29	11399
Vanger	0:b86d15c6ba29	11400	CYASSL_MSG("CyaSSL_RSA_blinding_on");
Vanger	0:b86d15c6ba29	11401
Vanger	0:b86d15c6ba29	11402	return SSL_SUCCESS; /* on by default */
Vanger	0:b86d15c6ba29	11403	}
Vanger	0:b86d15c6ba29	11404
Vanger	0:b86d15c6ba29	11405
Vanger	0:b86d15c6ba29	11406	int CyaSSL_RSA_public_encrypt(int len, unsigned char* fr,
Vanger	0:b86d15c6ba29	11407	unsigned char* to, CYASSL_RSA* rsa, int padding)
Vanger	0:b86d15c6ba29	11408	{
Vanger	0:b86d15c6ba29	11409	(void)len;
Vanger	0:b86d15c6ba29	11410	(void)fr;
Vanger	0:b86d15c6ba29	11411	(void)to;
Vanger	0:b86d15c6ba29	11412	(void)rsa;
Vanger	0:b86d15c6ba29	11413	(void)padding;
Vanger	0:b86d15c6ba29	11414
Vanger	0:b86d15c6ba29	11415	CYASSL_MSG("CyaSSL_RSA_public_encrypt");
Vanger	0:b86d15c6ba29	11416
Vanger	0:b86d15c6ba29	11417	return SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	11418	}
Vanger	0:b86d15c6ba29	11419
Vanger	0:b86d15c6ba29	11420
Vanger	0:b86d15c6ba29	11421	int CyaSSL_RSA_private_decrypt(int len, unsigned char* fr,
Vanger	0:b86d15c6ba29	11422	unsigned char* to, CYASSL_RSA* rsa, int padding)
Vanger	0:b86d15c6ba29	11423	{
Vanger	0:b86d15c6ba29	11424	(void)len;
Vanger	0:b86d15c6ba29	11425	(void)fr;
Vanger	0:b86d15c6ba29	11426	(void)to;
Vanger	0:b86d15c6ba29	11427	(void)rsa;
Vanger	0:b86d15c6ba29	11428	(void)padding;
Vanger	0:b86d15c6ba29	11429
Vanger	0:b86d15c6ba29	11430	CYASSL_MSG("CyaSSL_RSA_private_decrypt");
Vanger	0:b86d15c6ba29	11431
Vanger	0:b86d15c6ba29	11432	return SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	11433	}
Vanger	0:b86d15c6ba29	11434
Vanger	0:b86d15c6ba29	11435
Vanger	0:b86d15c6ba29	11436	int CyaSSL_RSA_size(const CYASSL_RSA* rsa)
Vanger	0:b86d15c6ba29	11437	{
Vanger	0:b86d15c6ba29	11438	CYASSL_MSG("CyaSSL_RSA_size");
Vanger	0:b86d15c6ba29	11439
Vanger	0:b86d15c6ba29	11440	if (rsa == NULL)
Vanger	0:b86d15c6ba29	11441	return 0;
Vanger	0:b86d15c6ba29	11442
Vanger	0:b86d15c6ba29	11443	return CyaSSL_BN_num_bytes(rsa->n);
Vanger	0:b86d15c6ba29	11444	}
Vanger	0:b86d15c6ba29	11445	#endif /* NO_RSA */
Vanger	0:b86d15c6ba29	11446
Vanger	0:b86d15c6ba29	11447
Vanger	0:b86d15c6ba29	11448	#ifndef NO_DSA
Vanger	0:b86d15c6ba29	11449	/* return SSL_SUCCESS on success, < 0 otherwise */
Vanger	0:b86d15c6ba29	11450	int CyaSSL_DSA_do_sign(const unsigned char* d, unsigned char* sigRet,
Vanger	0:b86d15c6ba29	11451	CYASSL_DSA* dsa)
Vanger	0:b86d15c6ba29	11452	{
Vanger	0:b86d15c6ba29	11453	int ret = SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	11454	RNG* rng = NULL;
Vanger	0:b86d15c6ba29	11455	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	11456	RNG* tmpRNG = NULL;
Vanger	0:b86d15c6ba29	11457	#else
Vanger	0:b86d15c6ba29	11458	RNG tmpRNG[1];
Vanger	0:b86d15c6ba29	11459	#endif
Vanger	0:b86d15c6ba29	11460
Vanger	0:b86d15c6ba29	11461	CYASSL_MSG("CyaSSL_DSA_do_sign");
Vanger	0:b86d15c6ba29	11462
Vanger	0:b86d15c6ba29	11463	if (d == NULL \|\| sigRet == NULL \|\| dsa == NULL)
Vanger	0:b86d15c6ba29	11464	CYASSL_MSG("Bad function arguments");
Vanger	0:b86d15c6ba29	11465	else if (dsa->inSet == 0)
Vanger	0:b86d15c6ba29	11466	CYASSL_MSG("No DSA internal set");
Vanger	0:b86d15c6ba29	11467	else {
Vanger	0:b86d15c6ba29	11468	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	11469	tmpRNG = (RNG*)XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	11470	if (tmpRNG == NULL)
Vanger	0:b86d15c6ba29	11471	return SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	11472	#endif
Vanger	0:b86d15c6ba29	11473
Vanger	0:b86d15c6ba29	11474	if (InitRng(tmpRNG) == 0)
Vanger	0:b86d15c6ba29	11475	rng = tmpRNG;
Vanger	0:b86d15c6ba29	11476	else {
Vanger	0:b86d15c6ba29	11477	CYASSL_MSG("Bad RNG Init, trying global");
Vanger	0:b86d15c6ba29	11478	if (initGlobalRNG == 0)
Vanger	0:b86d15c6ba29	11479	CYASSL_MSG("Global RNG no Init");
Vanger	0:b86d15c6ba29	11480	else
Vanger	0:b86d15c6ba29	11481	rng = &globalRNG;
Vanger	0:b86d15c6ba29	11482	}
Vanger	0:b86d15c6ba29	11483
Vanger	0:b86d15c6ba29	11484	if (rng) {
Vanger	0:b86d15c6ba29	11485	if (DsaSign(d, sigRet, (DsaKey*)dsa->internal, rng) < 0)
Vanger	0:b86d15c6ba29	11486	CYASSL_MSG("DsaSign failed");
Vanger	0:b86d15c6ba29	11487	else
Vanger	0:b86d15c6ba29	11488	ret = SSL_SUCCESS;
Vanger	0:b86d15c6ba29	11489	}
Vanger	0:b86d15c6ba29	11490
Vanger	0:b86d15c6ba29	11491	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	11492	XFREE(RNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	11493	#endif
Vanger	0:b86d15c6ba29	11494	}
Vanger	0:b86d15c6ba29	11495
Vanger	0:b86d15c6ba29	11496	return ret;
Vanger	0:b86d15c6ba29	11497	}
Vanger	0:b86d15c6ba29	11498	#endif /* NO_DSA */
Vanger	0:b86d15c6ba29	11499
Vanger	0:b86d15c6ba29	11500
Vanger	0:b86d15c6ba29	11501	#ifndef NO_RSA
Vanger	0:b86d15c6ba29	11502	/* return SSL_SUCCES on ok, 0 otherwise */
Vanger	0:b86d15c6ba29	11503	int CyaSSL_RSA_sign(int type, const unsigned char* m,
Vanger	0:b86d15c6ba29	11504	unsigned int mLen, unsigned char* sigRet,
Vanger	0:b86d15c6ba29	11505	unsigned int* sigLen, CYASSL_RSA* rsa)
Vanger	0:b86d15c6ba29	11506	{
Vanger	0:b86d15c6ba29	11507	word32 outLen;
Vanger	0:b86d15c6ba29	11508	word32 signSz;
Vanger	0:b86d15c6ba29	11509	RNG* rng = NULL;
Vanger	0:b86d15c6ba29	11510	int ret = 0;
Vanger	0:b86d15c6ba29	11511	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	11512	RNG* tmpRNG = NULL;
Vanger	0:b86d15c6ba29	11513	byte* encodedSig = NULL;
Vanger	0:b86d15c6ba29	11514	#else
Vanger	0:b86d15c6ba29	11515	RNG tmpRNG[1];
Vanger	0:b86d15c6ba29	11516	byte encodedSig[MAX_ENCODED_SIG_SZ];
Vanger	0:b86d15c6ba29	11517	#endif
Vanger	0:b86d15c6ba29	11518
Vanger	0:b86d15c6ba29	11519	CYASSL_MSG("CyaSSL_RSA_sign");
Vanger	0:b86d15c6ba29	11520
Vanger	0:b86d15c6ba29	11521	if (m == NULL \|\| sigRet == NULL \|\| sigLen == NULL \|\| rsa == NULL)
Vanger	0:b86d15c6ba29	11522	CYASSL_MSG("Bad function arguments");
Vanger	0:b86d15c6ba29	11523	else if (rsa->inSet == 0)
Vanger	0:b86d15c6ba29	11524	CYASSL_MSG("No RSA internal set");
Vanger	0:b86d15c6ba29	11525	else if (type != NID_md5 && type != NID_sha1)
Vanger	0:b86d15c6ba29	11526	CYASSL_MSG("Bad md type");
Vanger	0:b86d15c6ba29	11527	else {
Vanger	0:b86d15c6ba29	11528	outLen = (word32)CyaSSL_BN_num_bytes(rsa->n);
Vanger	0:b86d15c6ba29	11529
Vanger	0:b86d15c6ba29	11530	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	11531	tmpRNG = (RNG*)XMALLOC(sizeof(RNG), NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	11532	if (tmpRNG == NULL)
Vanger	0:b86d15c6ba29	11533	return 0;
Vanger	0:b86d15c6ba29	11534
Vanger	0:b86d15c6ba29	11535	encodedSig = (byte*)XMALLOC(MAX_ENCODED_SIG_SZ, NULL,
Vanger	0:b86d15c6ba29	11536	DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	11537	if (encodedSig == NULL) {
Vanger	0:b86d15c6ba29	11538	XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	11539	return 0;
Vanger	0:b86d15c6ba29	11540	}
Vanger	0:b86d15c6ba29	11541	#endif
Vanger	0:b86d15c6ba29	11542
Vanger	0:b86d15c6ba29	11543	if (outLen == 0)
Vanger	0:b86d15c6ba29	11544	CYASSL_MSG("Bad RSA size");
Vanger	0:b86d15c6ba29	11545	else if (InitRng(tmpRNG) == 0)
Vanger	0:b86d15c6ba29	11546	rng = tmpRNG;
Vanger	0:b86d15c6ba29	11547	else {
Vanger	0:b86d15c6ba29	11548	CYASSL_MSG("Bad RNG Init, trying global");
Vanger	0:b86d15c6ba29	11549
Vanger	0:b86d15c6ba29	11550	if (initGlobalRNG == 0)
Vanger	0:b86d15c6ba29	11551	CYASSL_MSG("Global RNG no Init");
Vanger	0:b86d15c6ba29	11552	else
Vanger	0:b86d15c6ba29	11553	rng = &globalRNG;
Vanger	0:b86d15c6ba29	11554	}
Vanger	0:b86d15c6ba29	11555	}
Vanger	0:b86d15c6ba29	11556
Vanger	0:b86d15c6ba29	11557	if (rng) {
Vanger	0:b86d15c6ba29	11558	type = (type == NID_md5) ? MD5h : SHAh;
Vanger	0:b86d15c6ba29	11559
Vanger	0:b86d15c6ba29	11560	signSz = EncodeSignature(encodedSig, m, mLen, type);
Vanger	0:b86d15c6ba29	11561	if (signSz == 0) {
Vanger	0:b86d15c6ba29	11562	CYASSL_MSG("Bad Encode Signature");
Vanger	0:b86d15c6ba29	11563	}
Vanger	0:b86d15c6ba29	11564	else {
Vanger	0:b86d15c6ba29	11565	*sigLen = RsaSSL_Sign(encodedSig, signSz, sigRet, outLen,
Vanger	0:b86d15c6ba29	11566	(RsaKey*)rsa->internal, rng);
Vanger	0:b86d15c6ba29	11567	if (*sigLen <= 0)
Vanger	0:b86d15c6ba29	11568	CYASSL_MSG("Bad Rsa Sign");
Vanger	0:b86d15c6ba29	11569	else
Vanger	0:b86d15c6ba29	11570	ret = SSL_SUCCESS;
Vanger	0:b86d15c6ba29	11571	}
Vanger	0:b86d15c6ba29	11572
Vanger	0:b86d15c6ba29	11573	}
Vanger	0:b86d15c6ba29	11574
Vanger	0:b86d15c6ba29	11575	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	11576	XFREE(tmpRNG, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	11577	XFREE(encodedSig, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	11578	#endif
Vanger	0:b86d15c6ba29	11579
Vanger	0:b86d15c6ba29	11580	CYASSL_MSG("CyaSSL_RSA_sign success");
Vanger	0:b86d15c6ba29	11581	return ret;
Vanger	0:b86d15c6ba29	11582	}
Vanger	0:b86d15c6ba29	11583
Vanger	0:b86d15c6ba29	11584
Vanger	0:b86d15c6ba29	11585	int CyaSSL_RSA_public_decrypt(int flen, unsigned char* from,
Vanger	0:b86d15c6ba29	11586	unsigned char* to, CYASSL_RSA* rsa, int padding)
Vanger	0:b86d15c6ba29	11587	{
Vanger	0:b86d15c6ba29	11588	(void)flen;
Vanger	0:b86d15c6ba29	11589	(void)from;
Vanger	0:b86d15c6ba29	11590	(void)to;
Vanger	0:b86d15c6ba29	11591	(void)rsa;
Vanger	0:b86d15c6ba29	11592	(void)padding;
Vanger	0:b86d15c6ba29	11593
Vanger	0:b86d15c6ba29	11594	CYASSL_MSG("CyaSSL_RSA_public_decrypt");
Vanger	0:b86d15c6ba29	11595
Vanger	0:b86d15c6ba29	11596	return SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	11597	}
Vanger	0:b86d15c6ba29	11598
Vanger	0:b86d15c6ba29	11599
Vanger	0:b86d15c6ba29	11600	/* generate p-1 and q-1, SSL_SUCCESS on ok */
Vanger	0:b86d15c6ba29	11601	int CyaSSL_RSA_GenAdd(CYASSL_RSA* rsa)
Vanger	0:b86d15c6ba29	11602	{
Vanger	0:b86d15c6ba29	11603	int err;
Vanger	0:b86d15c6ba29	11604	mp_int tmp;
Vanger	0:b86d15c6ba29	11605
Vanger	0:b86d15c6ba29	11606	CYASSL_MSG("CyaSSL_RsaGenAdd");
Vanger	0:b86d15c6ba29	11607
Vanger	0:b86d15c6ba29	11608	if (rsa == NULL \|\| rsa->p == NULL \|\| rsa->q == NULL \|\| rsa->d == NULL \|\|
Vanger	0:b86d15c6ba29	11609	rsa->dmp1 == NULL \|\| rsa->dmq1 == NULL) {
Vanger	0:b86d15c6ba29	11610	CYASSL_MSG("rsa no init error");
Vanger	0:b86d15c6ba29	11611	return SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	11612	}
Vanger	0:b86d15c6ba29	11613
Vanger	0:b86d15c6ba29	11614	if (mp_init(&tmp) != MP_OKAY) {
Vanger	0:b86d15c6ba29	11615	CYASSL_MSG("mp_init error");
Vanger	0:b86d15c6ba29	11616	return SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	11617	}
Vanger	0:b86d15c6ba29	11618
Vanger	0:b86d15c6ba29	11619	err = mp_sub_d((mp_int*)rsa->p->internal, 1, &tmp);
Vanger	0:b86d15c6ba29	11620	if (err != MP_OKAY) {
Vanger	0:b86d15c6ba29	11621	CYASSL_MSG("mp_sub_d error");
Vanger	0:b86d15c6ba29	11622	}
Vanger	0:b86d15c6ba29	11623	else
Vanger	0:b86d15c6ba29	11624	err = mp_mod((mp_int*)rsa->d->internal, &tmp,
Vanger	0:b86d15c6ba29	11625	(mp_int*)rsa->dmp1->internal);
Vanger	0:b86d15c6ba29	11626
Vanger	0:b86d15c6ba29	11627	if (err != MP_OKAY) {
Vanger	0:b86d15c6ba29	11628	CYASSL_MSG("mp_mod error");
Vanger	0:b86d15c6ba29	11629	}
Vanger	0:b86d15c6ba29	11630	else
Vanger	0:b86d15c6ba29	11631	err = mp_sub_d((mp_int*)rsa->q->internal, 1, &tmp);
Vanger	0:b86d15c6ba29	11632	if (err != MP_OKAY) {
Vanger	0:b86d15c6ba29	11633	CYASSL_MSG("mp_sub_d error");
Vanger	0:b86d15c6ba29	11634	}
Vanger	0:b86d15c6ba29	11635	else
Vanger	0:b86d15c6ba29	11636	err = mp_mod((mp_int*)rsa->d->internal, &tmp,
Vanger	0:b86d15c6ba29	11637	(mp_int*)rsa->dmq1->internal);
Vanger	0:b86d15c6ba29	11638
Vanger	0:b86d15c6ba29	11639	mp_clear(&tmp);
Vanger	0:b86d15c6ba29	11640
Vanger	0:b86d15c6ba29	11641	if (err == MP_OKAY)
Vanger	0:b86d15c6ba29	11642	return SSL_SUCCESS;
Vanger	0:b86d15c6ba29	11643	else
Vanger	0:b86d15c6ba29	11644	return SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	11645	}
Vanger	0:b86d15c6ba29	11646	#endif /* NO_RSA */
Vanger	0:b86d15c6ba29	11647
Vanger	0:b86d15c6ba29	11648
Vanger	0:b86d15c6ba29	11649	void CyaSSL_HMAC_Init(CYASSL_HMAC_CTX* ctx, const void* key, int keylen,
Vanger	0:b86d15c6ba29	11650	const EVP_MD* type)
Vanger	0:b86d15c6ba29	11651	{
Vanger	0:b86d15c6ba29	11652	CYASSL_MSG("CyaSSL_HMAC_Init");
Vanger	0:b86d15c6ba29	11653
Vanger	0:b86d15c6ba29	11654	if (ctx == NULL) {
Vanger	0:b86d15c6ba29	11655	CYASSL_MSG("no ctx on init");
Vanger	0:b86d15c6ba29	11656	return;
Vanger	0:b86d15c6ba29	11657	}
Vanger	0:b86d15c6ba29	11658
Vanger	0:b86d15c6ba29	11659	if (type) {
Vanger	0:b86d15c6ba29	11660	CYASSL_MSG("init has type");
Vanger	0:b86d15c6ba29	11661
Vanger	0:b86d15c6ba29	11662	if (XSTRNCMP(type, "MD5", 3) == 0) {
Vanger	0:b86d15c6ba29	11663	CYASSL_MSG("md5 hmac");
Vanger	0:b86d15c6ba29	11664	ctx->type = MD5;
Vanger	0:b86d15c6ba29	11665	}
Vanger	0:b86d15c6ba29	11666	else if (XSTRNCMP(type, "SHA256", 6) == 0) {
Vanger	0:b86d15c6ba29	11667	CYASSL_MSG("sha256 hmac");
Vanger	0:b86d15c6ba29	11668	ctx->type = SHA256;
Vanger	0:b86d15c6ba29	11669	}
Vanger	0:b86d15c6ba29	11670
Vanger	0:b86d15c6ba29	11671	/* has to be last since would pick or 256, 384, or 512 too */
Vanger	0:b86d15c6ba29	11672	else if (XSTRNCMP(type, "SHA", 3) == 0) {
Vanger	0:b86d15c6ba29	11673	CYASSL_MSG("sha hmac");
Vanger	0:b86d15c6ba29	11674	ctx->type = SHA;
Vanger	0:b86d15c6ba29	11675	}
Vanger	0:b86d15c6ba29	11676	else {
Vanger	0:b86d15c6ba29	11677	CYASSL_MSG("bad init type");
Vanger	0:b86d15c6ba29	11678	}
Vanger	0:b86d15c6ba29	11679	}
Vanger	0:b86d15c6ba29	11680
Vanger	0:b86d15c6ba29	11681	if (key && keylen) {
Vanger	0:b86d15c6ba29	11682	CYASSL_MSG("keying hmac");
Vanger	0:b86d15c6ba29	11683	HmacSetKey(&ctx->hmac, ctx->type, (const byte*)key, (word32)keylen);
Vanger	0:b86d15c6ba29	11684	/* OpenSSL compat, no error */
Vanger	0:b86d15c6ba29	11685	}
Vanger	0:b86d15c6ba29	11686	}
Vanger	0:b86d15c6ba29	11687
Vanger	0:b86d15c6ba29	11688
Vanger	0:b86d15c6ba29	11689	void CyaSSL_HMAC_Update(CYASSL_HMAC_CTX* ctx, const unsigned char* data,
Vanger	0:b86d15c6ba29	11690	int len)
Vanger	0:b86d15c6ba29	11691	{
Vanger	0:b86d15c6ba29	11692	CYASSL_MSG("CyaSSL_HMAC_Update");
Vanger	0:b86d15c6ba29	11693
Vanger	0:b86d15c6ba29	11694	if (ctx && data) {
Vanger	0:b86d15c6ba29	11695	CYASSL_MSG("updating hmac");
Vanger	0:b86d15c6ba29	11696	HmacUpdate(&ctx->hmac, data, (word32)len);
Vanger	0:b86d15c6ba29	11697	/* OpenSSL compat, no error */
Vanger	0:b86d15c6ba29	11698	}
Vanger	0:b86d15c6ba29	11699	}
Vanger	0:b86d15c6ba29	11700
Vanger	0:b86d15c6ba29	11701
Vanger	0:b86d15c6ba29	11702	void CyaSSL_HMAC_Final(CYASSL_HMAC_CTX* ctx, unsigned char* hash,
Vanger	0:b86d15c6ba29	11703	unsigned int* len)
Vanger	0:b86d15c6ba29	11704	{
Vanger	0:b86d15c6ba29	11705	CYASSL_MSG("CyaSSL_HMAC_Final");
Vanger	0:b86d15c6ba29	11706
Vanger	0:b86d15c6ba29	11707	if (ctx && hash) {
Vanger	0:b86d15c6ba29	11708	CYASSL_MSG("final hmac");
Vanger	0:b86d15c6ba29	11709	HmacFinal(&ctx->hmac, hash);
Vanger	0:b86d15c6ba29	11710	/* OpenSSL compat, no error */
Vanger	0:b86d15c6ba29	11711
Vanger	0:b86d15c6ba29	11712	if (len) {
Vanger	0:b86d15c6ba29	11713	CYASSL_MSG("setting output len");
Vanger	0:b86d15c6ba29	11714	switch (ctx->type) {
Vanger	0:b86d15c6ba29	11715	case MD5:
Vanger	0:b86d15c6ba29	11716	*len = MD5_DIGEST_SIZE;
Vanger	0:b86d15c6ba29	11717	break;
Vanger	0:b86d15c6ba29	11718
Vanger	0:b86d15c6ba29	11719	case SHA:
Vanger	0:b86d15c6ba29	11720	*len = SHA_DIGEST_SIZE;
Vanger	0:b86d15c6ba29	11721	break;
Vanger	0:b86d15c6ba29	11722
Vanger	0:b86d15c6ba29	11723	case SHA256:
Vanger	0:b86d15c6ba29	11724	*len = SHA256_DIGEST_SIZE;
Vanger	0:b86d15c6ba29	11725	break;
Vanger	0:b86d15c6ba29	11726
Vanger	0:b86d15c6ba29	11727	default:
Vanger	0:b86d15c6ba29	11728	CYASSL_MSG("bad hmac type");
Vanger	0:b86d15c6ba29	11729	}
Vanger	0:b86d15c6ba29	11730	}
Vanger	0:b86d15c6ba29	11731	}
Vanger	0:b86d15c6ba29	11732	}
Vanger	0:b86d15c6ba29	11733
Vanger	0:b86d15c6ba29	11734
Vanger	0:b86d15c6ba29	11735	void CyaSSL_HMAC_cleanup(CYASSL_HMAC_CTX* ctx)
Vanger	0:b86d15c6ba29	11736	{
Vanger	0:b86d15c6ba29	11737	(void)ctx;
Vanger	0:b86d15c6ba29	11738
Vanger	0:b86d15c6ba29	11739	CYASSL_MSG("CyaSSL_HMAC_cleanup");
Vanger	0:b86d15c6ba29	11740	}
Vanger	0:b86d15c6ba29	11741
Vanger	0:b86d15c6ba29	11742
Vanger	0:b86d15c6ba29	11743	const CYASSL_EVP_MD* CyaSSL_EVP_get_digestbynid(int id)
Vanger	0:b86d15c6ba29	11744	{
Vanger	0:b86d15c6ba29	11745	CYASSL_MSG("CyaSSL_get_digestbynid");
Vanger	0:b86d15c6ba29	11746
Vanger	0:b86d15c6ba29	11747	switch(id) {
Vanger	0:b86d15c6ba29	11748	case NID_md5:
Vanger	0:b86d15c6ba29	11749	return CyaSSL_EVP_md5();
Vanger	0:b86d15c6ba29	11750
Vanger	0:b86d15c6ba29	11751	case NID_sha1:
Vanger	0:b86d15c6ba29	11752	return CyaSSL_EVP_sha1();
Vanger	0:b86d15c6ba29	11753
Vanger	0:b86d15c6ba29	11754	default:
Vanger	0:b86d15c6ba29	11755	CYASSL_MSG("Bad digest id value");
Vanger	0:b86d15c6ba29	11756	}
Vanger	0:b86d15c6ba29	11757
Vanger	0:b86d15c6ba29	11758	return NULL;
Vanger	0:b86d15c6ba29	11759	}
Vanger	0:b86d15c6ba29	11760
Vanger	0:b86d15c6ba29	11761
Vanger	0:b86d15c6ba29	11762	CYASSL_RSA* CyaSSL_EVP_PKEY_get1_RSA(CYASSL_EVP_PKEY* key)
Vanger	0:b86d15c6ba29	11763	{
Vanger	0:b86d15c6ba29	11764	(void)key;
Vanger	0:b86d15c6ba29	11765	CYASSL_MSG("CyaSSL_EVP_PKEY_get1_RSA");
Vanger	0:b86d15c6ba29	11766
Vanger	0:b86d15c6ba29	11767	return NULL;
Vanger	0:b86d15c6ba29	11768	}
Vanger	0:b86d15c6ba29	11769
Vanger	0:b86d15c6ba29	11770
Vanger	0:b86d15c6ba29	11771	CYASSL_DSA* CyaSSL_EVP_PKEY_get1_DSA(CYASSL_EVP_PKEY* key)
Vanger	0:b86d15c6ba29	11772	{
Vanger	0:b86d15c6ba29	11773	(void)key;
Vanger	0:b86d15c6ba29	11774	CYASSL_MSG("CyaSSL_EVP_PKEY_get1_DSA");
Vanger	0:b86d15c6ba29	11775
Vanger	0:b86d15c6ba29	11776	return NULL;
Vanger	0:b86d15c6ba29	11777	}
Vanger	0:b86d15c6ba29	11778
Vanger	0:b86d15c6ba29	11779
Vanger	0:b86d15c6ba29	11780	void* CyaSSL_EVP_X_STATE(const CYASSL_EVP_CIPHER_CTX* ctx)
Vanger	0:b86d15c6ba29	11781	{
Vanger	0:b86d15c6ba29	11782	CYASSL_MSG("CyaSSL_EVP_X_STATE");
Vanger	0:b86d15c6ba29	11783
Vanger	0:b86d15c6ba29	11784	if (ctx) {
Vanger	0:b86d15c6ba29	11785	switch (ctx->cipherType) {
Vanger	0:b86d15c6ba29	11786	case ARC4_TYPE:
Vanger	0:b86d15c6ba29	11787	CYASSL_MSG("returning arc4 state");
Vanger	0:b86d15c6ba29	11788	return (void*)&ctx->cipher.arc4.x;
Vanger	0:b86d15c6ba29	11789
Vanger	0:b86d15c6ba29	11790	default:
Vanger	0:b86d15c6ba29	11791	CYASSL_MSG("bad x state type");
Vanger	0:b86d15c6ba29	11792	return 0;
Vanger	0:b86d15c6ba29	11793	}
Vanger	0:b86d15c6ba29	11794	}
Vanger	0:b86d15c6ba29	11795
Vanger	0:b86d15c6ba29	11796	return NULL;
Vanger	0:b86d15c6ba29	11797	}
Vanger	0:b86d15c6ba29	11798
Vanger	0:b86d15c6ba29	11799
Vanger	0:b86d15c6ba29	11800	int CyaSSL_EVP_X_STATE_LEN(const CYASSL_EVP_CIPHER_CTX* ctx)
Vanger	0:b86d15c6ba29	11801	{
Vanger	0:b86d15c6ba29	11802	CYASSL_MSG("CyaSSL_EVP_X_STATE_LEN");
Vanger	0:b86d15c6ba29	11803
Vanger	0:b86d15c6ba29	11804	if (ctx) {
Vanger	0:b86d15c6ba29	11805	switch (ctx->cipherType) {
Vanger	0:b86d15c6ba29	11806	case ARC4_TYPE:
Vanger	0:b86d15c6ba29	11807	CYASSL_MSG("returning arc4 state size");
Vanger	0:b86d15c6ba29	11808	return sizeof(Arc4);
Vanger	0:b86d15c6ba29	11809
Vanger	0:b86d15c6ba29	11810	default:
Vanger	0:b86d15c6ba29	11811	CYASSL_MSG("bad x state type");
Vanger	0:b86d15c6ba29	11812	return 0;
Vanger	0:b86d15c6ba29	11813	}
Vanger	0:b86d15c6ba29	11814	}
Vanger	0:b86d15c6ba29	11815
Vanger	0:b86d15c6ba29	11816	return 0;
Vanger	0:b86d15c6ba29	11817	}
Vanger	0:b86d15c6ba29	11818
Vanger	0:b86d15c6ba29	11819
Vanger	0:b86d15c6ba29	11820	void CyaSSL_3des_iv(CYASSL_EVP_CIPHER_CTX* ctx, int doset,
Vanger	0:b86d15c6ba29	11821	unsigned char* iv, int len)
Vanger	0:b86d15c6ba29	11822	{
Vanger	0:b86d15c6ba29	11823	(void)len;
Vanger	0:b86d15c6ba29	11824
Vanger	0:b86d15c6ba29	11825	CYASSL_MSG("CyaSSL_3des_iv");
Vanger	0:b86d15c6ba29	11826
Vanger	0:b86d15c6ba29	11827	if (ctx == NULL \|\| iv == NULL) {
Vanger	0:b86d15c6ba29	11828	CYASSL_MSG("Bad function argument");
Vanger	0:b86d15c6ba29	11829	return;
Vanger	0:b86d15c6ba29	11830	}
Vanger	0:b86d15c6ba29	11831
Vanger	0:b86d15c6ba29	11832	if (doset)
Vanger	0:b86d15c6ba29	11833	Des3_SetIV(&ctx->cipher.des3, iv); /* OpenSSL compat, no ret */
Vanger	0:b86d15c6ba29	11834	else
Vanger	0:b86d15c6ba29	11835	memcpy(iv, &ctx->cipher.des3.reg, DES_BLOCK_SIZE);
Vanger	0:b86d15c6ba29	11836	}
Vanger	0:b86d15c6ba29	11837
Vanger	0:b86d15c6ba29	11838
Vanger	0:b86d15c6ba29	11839	void CyaSSL_aes_ctr_iv(CYASSL_EVP_CIPHER_CTX* ctx, int doset,
Vanger	0:b86d15c6ba29	11840	unsigned char* iv, int len)
Vanger	0:b86d15c6ba29	11841	{
Vanger	0:b86d15c6ba29	11842	(void)len;
Vanger	0:b86d15c6ba29	11843
Vanger	0:b86d15c6ba29	11844	CYASSL_MSG("CyaSSL_aes_ctr_iv");
Vanger	0:b86d15c6ba29	11845
Vanger	0:b86d15c6ba29	11846	if (ctx == NULL \|\| iv == NULL) {
Vanger	0:b86d15c6ba29	11847	CYASSL_MSG("Bad function argument");
Vanger	0:b86d15c6ba29	11848	return;
Vanger	0:b86d15c6ba29	11849	}
Vanger	0:b86d15c6ba29	11850
Vanger	0:b86d15c6ba29	11851	if (doset)
Vanger	0:b86d15c6ba29	11852	AesSetIV(&ctx->cipher.aes, iv); /* OpenSSL compat, no ret */
Vanger	0:b86d15c6ba29	11853	else
Vanger	0:b86d15c6ba29	11854	memcpy(iv, &ctx->cipher.aes.reg, AES_BLOCK_SIZE);
Vanger	0:b86d15c6ba29	11855	}
Vanger	0:b86d15c6ba29	11856
Vanger	0:b86d15c6ba29	11857
Vanger	0:b86d15c6ba29	11858	const CYASSL_EVP_MD* CyaSSL_EVP_ripemd160(void)
Vanger	0:b86d15c6ba29	11859	{
Vanger	0:b86d15c6ba29	11860	CYASSL_MSG("CyaSSL_ripemd160");
Vanger	0:b86d15c6ba29	11861
Vanger	0:b86d15c6ba29	11862	return NULL;
Vanger	0:b86d15c6ba29	11863	}
Vanger	0:b86d15c6ba29	11864
Vanger	0:b86d15c6ba29	11865
Vanger	0:b86d15c6ba29	11866	int CyaSSL_EVP_MD_size(const CYASSL_EVP_MD* type)
Vanger	0:b86d15c6ba29	11867	{
Vanger	0:b86d15c6ba29	11868	CYASSL_MSG("CyaSSL_EVP_MD_size");
Vanger	0:b86d15c6ba29	11869
Vanger	0:b86d15c6ba29	11870	if (type == NULL) {
Vanger	0:b86d15c6ba29	11871	CYASSL_MSG("No md type arg");
Vanger	0:b86d15c6ba29	11872	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	11873	}
Vanger	0:b86d15c6ba29	11874
Vanger	0:b86d15c6ba29	11875	if (XSTRNCMP(type, "MD5", 3) == 0) {
Vanger	0:b86d15c6ba29	11876	return MD5_DIGEST_SIZE;
Vanger	0:b86d15c6ba29	11877	}
Vanger	0:b86d15c6ba29	11878	else if (XSTRNCMP(type, "SHA256", 6) == 0) {
Vanger	0:b86d15c6ba29	11879	return SHA256_DIGEST_SIZE;
Vanger	0:b86d15c6ba29	11880	}
Vanger	0:b86d15c6ba29	11881	#ifdef CYASSL_SHA384
Vanger	0:b86d15c6ba29	11882	else if (XSTRNCMP(type, "SHA384", 6) == 0) {
Vanger	0:b86d15c6ba29	11883	return SHA384_DIGEST_SIZE;
Vanger	0:b86d15c6ba29	11884	}
Vanger	0:b86d15c6ba29	11885	#endif
Vanger	0:b86d15c6ba29	11886	#ifdef CYASSL_SHA512
Vanger	0:b86d15c6ba29	11887	else if (XSTRNCMP(type, "SHA512", 6) == 0) {
Vanger	0:b86d15c6ba29	11888	return SHA512_DIGEST_SIZE;
Vanger	0:b86d15c6ba29	11889	}
Vanger	0:b86d15c6ba29	11890	#endif
Vanger	0:b86d15c6ba29	11891	/* has to be last since would pick or 256, 384, or 512 too */
Vanger	0:b86d15c6ba29	11892	else if (XSTRNCMP(type, "SHA", 3) == 0) {
Vanger	0:b86d15c6ba29	11893	return SHA_DIGEST_SIZE;
Vanger	0:b86d15c6ba29	11894	}
Vanger	0:b86d15c6ba29	11895
Vanger	0:b86d15c6ba29	11896	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	11897	}
Vanger	0:b86d15c6ba29	11898
Vanger	0:b86d15c6ba29	11899
Vanger	0:b86d15c6ba29	11900	int CyaSSL_EVP_CIPHER_CTX_iv_length(const CYASSL_EVP_CIPHER_CTX* ctx)
Vanger	0:b86d15c6ba29	11901	{
Vanger	0:b86d15c6ba29	11902	CYASSL_MSG("CyaSSL_EVP_CIPHER_CTX_iv_length");
Vanger	0:b86d15c6ba29	11903
Vanger	0:b86d15c6ba29	11904	switch (ctx->cipherType) {
Vanger	0:b86d15c6ba29	11905
Vanger	0:b86d15c6ba29	11906	case AES_128_CBC_TYPE :
Vanger	0:b86d15c6ba29	11907	case AES_192_CBC_TYPE :
Vanger	0:b86d15c6ba29	11908	case AES_256_CBC_TYPE :
Vanger	0:b86d15c6ba29	11909	CYASSL_MSG("AES CBC");
Vanger	0:b86d15c6ba29	11910	return AES_BLOCK_SIZE;
Vanger	0:b86d15c6ba29	11911
Vanger	0:b86d15c6ba29	11912	#ifdef CYASSL_AES_COUNTER
Vanger	0:b86d15c6ba29	11913	case AES_128_CTR_TYPE :
Vanger	0:b86d15c6ba29	11914	case AES_192_CTR_TYPE :
Vanger	0:b86d15c6ba29	11915	case AES_256_CTR_TYPE :
Vanger	0:b86d15c6ba29	11916	CYASSL_MSG("AES CTR");
Vanger	0:b86d15c6ba29	11917	return AES_BLOCK_SIZE;
Vanger	0:b86d15c6ba29	11918	#endif
Vanger	0:b86d15c6ba29	11919
Vanger	0:b86d15c6ba29	11920	case DES_CBC_TYPE :
Vanger	0:b86d15c6ba29	11921	CYASSL_MSG("DES CBC");
Vanger	0:b86d15c6ba29	11922	return DES_BLOCK_SIZE;
Vanger	0:b86d15c6ba29	11923
Vanger	0:b86d15c6ba29	11924	case DES_EDE3_CBC_TYPE :
Vanger	0:b86d15c6ba29	11925	CYASSL_MSG("DES EDE3 CBC");
Vanger	0:b86d15c6ba29	11926	return DES_BLOCK_SIZE;
Vanger	0:b86d15c6ba29	11927
Vanger	0:b86d15c6ba29	11928	case ARC4_TYPE :
Vanger	0:b86d15c6ba29	11929	CYASSL_MSG("ARC4");
Vanger	0:b86d15c6ba29	11930	return 0;
Vanger	0:b86d15c6ba29	11931
Vanger	0:b86d15c6ba29	11932	case NULL_CIPHER_TYPE :
Vanger	0:b86d15c6ba29	11933	CYASSL_MSG("NULL");
Vanger	0:b86d15c6ba29	11934	return 0;
Vanger	0:b86d15c6ba29	11935
Vanger	0:b86d15c6ba29	11936	default: {
Vanger	0:b86d15c6ba29	11937	CYASSL_MSG("bad type");
Vanger	0:b86d15c6ba29	11938	}
Vanger	0:b86d15c6ba29	11939	}
Vanger	0:b86d15c6ba29	11940	return 0;
Vanger	0:b86d15c6ba29	11941	}
Vanger	0:b86d15c6ba29	11942
Vanger	0:b86d15c6ba29	11943
Vanger	0:b86d15c6ba29	11944	void CyaSSL_OPENSSL_free(void* p)
Vanger	0:b86d15c6ba29	11945	{
Vanger	0:b86d15c6ba29	11946	CYASSL_MSG("CyaSSL_OPENSSL_free");
Vanger	0:b86d15c6ba29	11947
Vanger	0:b86d15c6ba29	11948	XFREE(p, NULL, 0);
Vanger	0:b86d15c6ba29	11949	}
Vanger	0:b86d15c6ba29	11950
Vanger	0:b86d15c6ba29	11951
Vanger	0:b86d15c6ba29	11952	int CyaSSL_PEM_write_bio_RSAPrivateKey(CYASSL_BIO* bio, RSA* rsa,
Vanger	0:b86d15c6ba29	11953	const EVP_CIPHER* cipher,
Vanger	0:b86d15c6ba29	11954	unsigned char* passwd, int len,
Vanger	0:b86d15c6ba29	11955	pem_password_cb cb, void* arg)
Vanger	0:b86d15c6ba29	11956	{
Vanger	0:b86d15c6ba29	11957	(void)bio;
Vanger	0:b86d15c6ba29	11958	(void)rsa;
Vanger	0:b86d15c6ba29	11959	(void)cipher;
Vanger	0:b86d15c6ba29	11960	(void)passwd;
Vanger	0:b86d15c6ba29	11961	(void)len;
Vanger	0:b86d15c6ba29	11962	(void)cb;
Vanger	0:b86d15c6ba29	11963	(void)arg;
Vanger	0:b86d15c6ba29	11964
Vanger	0:b86d15c6ba29	11965	CYASSL_MSG("CyaSSL_PEM_write_bio_RSAPrivateKey");
Vanger	0:b86d15c6ba29	11966
Vanger	0:b86d15c6ba29	11967	return SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	11968	}
Vanger	0:b86d15c6ba29	11969
Vanger	0:b86d15c6ba29	11970
Vanger	0:b86d15c6ba29	11971
Vanger	0:b86d15c6ba29	11972	int CyaSSL_PEM_write_bio_DSAPrivateKey(CYASSL_BIO* bio, DSA* rsa,
Vanger	0:b86d15c6ba29	11973	const EVP_CIPHER* cipher,
Vanger	0:b86d15c6ba29	11974	unsigned char* passwd, int len,
Vanger	0:b86d15c6ba29	11975	pem_password_cb cb, void* arg)
Vanger	0:b86d15c6ba29	11976	{
Vanger	0:b86d15c6ba29	11977	(void)bio;
Vanger	0:b86d15c6ba29	11978	(void)rsa;
Vanger	0:b86d15c6ba29	11979	(void)cipher;
Vanger	0:b86d15c6ba29	11980	(void)passwd;
Vanger	0:b86d15c6ba29	11981	(void)len;
Vanger	0:b86d15c6ba29	11982	(void)cb;
Vanger	0:b86d15c6ba29	11983	(void)arg;
Vanger	0:b86d15c6ba29	11984
Vanger	0:b86d15c6ba29	11985	CYASSL_MSG("CyaSSL_PEM_write_bio_DSAPrivateKey");
Vanger	0:b86d15c6ba29	11986
Vanger	0:b86d15c6ba29	11987	return SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	11988	}
Vanger	0:b86d15c6ba29	11989
Vanger	0:b86d15c6ba29	11990
Vanger	0:b86d15c6ba29	11991
Vanger	0:b86d15c6ba29	11992	CYASSL_EVP_PKEY* CyaSSL_PEM_read_bio_PrivateKey(CYASSL_BIO* bio,
Vanger	0:b86d15c6ba29	11993	CYASSL_EVP_PKEY** key, pem_password_cb cb, void* arg)
Vanger	0:b86d15c6ba29	11994	{
Vanger	0:b86d15c6ba29	11995	(void)bio;
Vanger	0:b86d15c6ba29	11996	(void)key;
Vanger	0:b86d15c6ba29	11997	(void)cb;
Vanger	0:b86d15c6ba29	11998	(void)arg;
Vanger	0:b86d15c6ba29	11999
Vanger	0:b86d15c6ba29	12000	CYASSL_MSG("CyaSSL_PEM_read_bio_PrivateKey");
Vanger	0:b86d15c6ba29	12001
Vanger	0:b86d15c6ba29	12002	return NULL;
Vanger	0:b86d15c6ba29	12003	}
Vanger	0:b86d15c6ba29	12004
Vanger	0:b86d15c6ba29	12005
Vanger	0:b86d15c6ba29	12006
Vanger	0:b86d15c6ba29	12007	#ifndef NO_RSA
Vanger	0:b86d15c6ba29	12008	/* Load RSA from Der, SSL_SUCCESS on success < 0 on error */
Vanger	0:b86d15c6ba29	12009	int CyaSSL_RSA_LoadDer(CYASSL_RSA* rsa, const unsigned char* der, int derSz)
Vanger	0:b86d15c6ba29	12010	{
Vanger	0:b86d15c6ba29	12011	word32 idx = 0;
Vanger	0:b86d15c6ba29	12012	int ret;
Vanger	0:b86d15c6ba29	12013
Vanger	0:b86d15c6ba29	12014	CYASSL_ENTER("CyaSSL_RSA_LoadDer");
Vanger	0:b86d15c6ba29	12015
Vanger	0:b86d15c6ba29	12016	if (rsa == NULL \|\| rsa->internal == NULL \|\| der == NULL \|\| derSz <= 0) {
Vanger	0:b86d15c6ba29	12017	CYASSL_MSG("Bad function arguments");
Vanger	0:b86d15c6ba29	12018	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	12019	}
Vanger	0:b86d15c6ba29	12020
Vanger	0:b86d15c6ba29	12021	ret = RsaPrivateKeyDecode(der, &idx, (RsaKey*)rsa->internal, derSz);
Vanger	0:b86d15c6ba29	12022	if (ret < 0) {
Vanger	0:b86d15c6ba29	12023	CYASSL_MSG("RsaPrivateKeyDecode failed");
Vanger	0:b86d15c6ba29	12024	return ret;
Vanger	0:b86d15c6ba29	12025	}
Vanger	0:b86d15c6ba29	12026
Vanger	0:b86d15c6ba29	12027	if (SetRsaExternal(rsa) < 0) {
Vanger	0:b86d15c6ba29	12028	CYASSL_MSG("SetRsaExternal failed");
Vanger	0:b86d15c6ba29	12029	return SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	12030	}
Vanger	0:b86d15c6ba29	12031
Vanger	0:b86d15c6ba29	12032	rsa->inSet = 1;
Vanger	0:b86d15c6ba29	12033
Vanger	0:b86d15c6ba29	12034	return SSL_SUCCESS;
Vanger	0:b86d15c6ba29	12035	}
Vanger	0:b86d15c6ba29	12036	#endif /* NO_RSA */
Vanger	0:b86d15c6ba29	12037
Vanger	0:b86d15c6ba29	12038
Vanger	0:b86d15c6ba29	12039	#ifndef NO_DSA
Vanger	0:b86d15c6ba29	12040	/* Load DSA from Der, SSL_SUCCESS on success < 0 on error */
Vanger	0:b86d15c6ba29	12041	int CyaSSL_DSA_LoadDer(CYASSL_DSA* dsa, const unsigned char* der, int derSz)
Vanger	0:b86d15c6ba29	12042	{
Vanger	0:b86d15c6ba29	12043	word32 idx = 0;
Vanger	0:b86d15c6ba29	12044	int ret;
Vanger	0:b86d15c6ba29	12045
Vanger	0:b86d15c6ba29	12046	CYASSL_ENTER("CyaSSL_DSA_LoadDer");
Vanger	0:b86d15c6ba29	12047
Vanger	0:b86d15c6ba29	12048	if (dsa == NULL \|\| dsa->internal == NULL \|\| der == NULL \|\| derSz <= 0) {
Vanger	0:b86d15c6ba29	12049	CYASSL_MSG("Bad function arguments");
Vanger	0:b86d15c6ba29	12050	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	12051	}
Vanger	0:b86d15c6ba29	12052
Vanger	0:b86d15c6ba29	12053	ret = DsaPrivateKeyDecode(der, &idx, (DsaKey*)dsa->internal, derSz);
Vanger	0:b86d15c6ba29	12054	if (ret < 0) {
Vanger	0:b86d15c6ba29	12055	CYASSL_MSG("DsaPrivateKeyDecode failed");
Vanger	0:b86d15c6ba29	12056	return ret;
Vanger	0:b86d15c6ba29	12057	}
Vanger	0:b86d15c6ba29	12058
Vanger	0:b86d15c6ba29	12059	if (SetDsaExternal(dsa) < 0) {
Vanger	0:b86d15c6ba29	12060	CYASSL_MSG("SetDsaExternal failed");
Vanger	0:b86d15c6ba29	12061	return SSL_FATAL_ERROR;
Vanger	0:b86d15c6ba29	12062	}
Vanger	0:b86d15c6ba29	12063
Vanger	0:b86d15c6ba29	12064	dsa->inSet = 1;
Vanger	0:b86d15c6ba29	12065
Vanger	0:b86d15c6ba29	12066	return SSL_SUCCESS;
Vanger	0:b86d15c6ba29	12067	}
Vanger	0:b86d15c6ba29	12068	#endif /* NO_DSA */
Vanger	0:b86d15c6ba29	12069
Vanger	0:b86d15c6ba29	12070
Vanger	0:b86d15c6ba29	12071
Vanger	0:b86d15c6ba29	12072
Vanger	0:b86d15c6ba29	12073	#endif /* OPENSSL_EXTRA */
Vanger	0:b86d15c6ba29	12074
Vanger	0:b86d15c6ba29	12075
Vanger	0:b86d15c6ba29	12076	#ifdef SESSION_CERTS
Vanger	0:b86d15c6ba29	12077
Vanger	0:b86d15c6ba29	12078
Vanger	0:b86d15c6ba29	12079	/* Get peer's certificate chain */
Vanger	0:b86d15c6ba29	12080	CYASSL_X509_CHAIN* CyaSSL_get_peer_chain(CYASSL* ssl)
Vanger	0:b86d15c6ba29	12081	{
Vanger	0:b86d15c6ba29	12082	CYASSL_ENTER("CyaSSL_get_peer_chain");
Vanger	0:b86d15c6ba29	12083	if (ssl)
Vanger	0:b86d15c6ba29	12084	return &ssl->session.chain;
Vanger	0:b86d15c6ba29	12085
Vanger	0:b86d15c6ba29	12086	return 0;
Vanger	0:b86d15c6ba29	12087	}
Vanger	0:b86d15c6ba29	12088
Vanger	0:b86d15c6ba29	12089
Vanger	0:b86d15c6ba29	12090	/* Get peer's certificate chain total count */
Vanger	0:b86d15c6ba29	12091	int CyaSSL_get_chain_count(CYASSL_X509_CHAIN* chain)
Vanger	0:b86d15c6ba29	12092	{
Vanger	0:b86d15c6ba29	12093	CYASSL_ENTER("CyaSSL_get_chain_count");
Vanger	0:b86d15c6ba29	12094	if (chain)
Vanger	0:b86d15c6ba29	12095	return chain->count;
Vanger	0:b86d15c6ba29	12096
Vanger	0:b86d15c6ba29	12097	return 0;
Vanger	0:b86d15c6ba29	12098	}
Vanger	0:b86d15c6ba29	12099
Vanger	0:b86d15c6ba29	12100
Vanger	0:b86d15c6ba29	12101	/* Get peer's ASN.1 DER ceritifcate at index (idx) length in bytes */
Vanger	0:b86d15c6ba29	12102	int CyaSSL_get_chain_length(CYASSL_X509_CHAIN* chain, int idx)
Vanger	0:b86d15c6ba29	12103	{
Vanger	0:b86d15c6ba29	12104	CYASSL_ENTER("CyaSSL_get_chain_length");
Vanger	0:b86d15c6ba29	12105	if (chain)
Vanger	0:b86d15c6ba29	12106	return chain->certs[idx].length;
Vanger	0:b86d15c6ba29	12107
Vanger	0:b86d15c6ba29	12108	return 0;
Vanger	0:b86d15c6ba29	12109	}
Vanger	0:b86d15c6ba29	12110
Vanger	0:b86d15c6ba29	12111
Vanger	0:b86d15c6ba29	12112	/* Get peer's ASN.1 DER ceritifcate at index (idx) */
Vanger	0:b86d15c6ba29	12113	byte* CyaSSL_get_chain_cert(CYASSL_X509_CHAIN* chain, int idx)
Vanger	0:b86d15c6ba29	12114	{
Vanger	0:b86d15c6ba29	12115	CYASSL_ENTER("CyaSSL_get_chain_cert");
Vanger	0:b86d15c6ba29	12116	if (chain)
Vanger	0:b86d15c6ba29	12117	return chain->certs[idx].buffer;
Vanger	0:b86d15c6ba29	12118
Vanger	0:b86d15c6ba29	12119	return 0;
Vanger	0:b86d15c6ba29	12120	}
Vanger	0:b86d15c6ba29	12121
Vanger	0:b86d15c6ba29	12122
Vanger	0:b86d15c6ba29	12123	/* Get peer's CyaSSL X509 ceritifcate at index (idx) */
Vanger	0:b86d15c6ba29	12124	CYASSL_X509* CyaSSL_get_chain_X509(CYASSL_X509_CHAIN* chain, int idx)
Vanger	0:b86d15c6ba29	12125	{
Vanger	0:b86d15c6ba29	12126	int ret;
Vanger	0:b86d15c6ba29	12127	CYASSL_X509* x509 = NULL;
Vanger	0:b86d15c6ba29	12128	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	12129	DecodedCert* cert = NULL;
Vanger	0:b86d15c6ba29	12130	#else
Vanger	0:b86d15c6ba29	12131	DecodedCert cert[1];
Vanger	0:b86d15c6ba29	12132	#endif
Vanger	0:b86d15c6ba29	12133
Vanger	0:b86d15c6ba29	12134	CYASSL_ENTER("CyaSSL_get_chain_X509");
Vanger	0:b86d15c6ba29	12135	if (chain != NULL) {
Vanger	0:b86d15c6ba29	12136	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	12137	cert = (DecodedCert*)XMALLOC(sizeof(DecodedCert), NULL,
Vanger	0:b86d15c6ba29	12138	DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	12139	if (cert != NULL)
Vanger	0:b86d15c6ba29	12140	#endif
Vanger	0:b86d15c6ba29	12141	{
Vanger	0:b86d15c6ba29	12142	InitDecodedCert(cert, chain->certs[idx].buffer,
Vanger	0:b86d15c6ba29	12143	chain->certs[idx].length, NULL);
Vanger	0:b86d15c6ba29	12144
Vanger	0:b86d15c6ba29	12145	if ((ret = ParseCertRelative(cert, CERT_TYPE, 0, NULL)) != 0)
Vanger	0:b86d15c6ba29	12146	CYASSL_MSG("Failed to parse cert");
Vanger	0:b86d15c6ba29	12147	else {
Vanger	0:b86d15c6ba29	12148	x509 = (CYASSL_X509*)XMALLOC(sizeof(CYASSL_X509), NULL,
Vanger	0:b86d15c6ba29	12149	DYNAMIC_TYPE_X509);
Vanger	0:b86d15c6ba29	12150	if (x509 == NULL) {
Vanger	0:b86d15c6ba29	12151	CYASSL_MSG("Failed alloc X509");
Vanger	0:b86d15c6ba29	12152	}
Vanger	0:b86d15c6ba29	12153	else {
Vanger	0:b86d15c6ba29	12154	InitX509(x509, 1);
Vanger	0:b86d15c6ba29	12155
Vanger	0:b86d15c6ba29	12156	if ((ret = CopyDecodedToX509(x509, cert)) != 0) {
Vanger	0:b86d15c6ba29	12157	CYASSL_MSG("Failed to copy decoded");
Vanger	0:b86d15c6ba29	12158	XFREE(x509, NULL, DYNAMIC_TYPE_X509);
Vanger	0:b86d15c6ba29	12159	x509 = NULL;
Vanger	0:b86d15c6ba29	12160	}
Vanger	0:b86d15c6ba29	12161	}
Vanger	0:b86d15c6ba29	12162	}
Vanger	0:b86d15c6ba29	12163
Vanger	0:b86d15c6ba29	12164	FreeDecodedCert(cert);
Vanger	0:b86d15c6ba29	12165	#ifdef CYASSL_SMALL_STACK
Vanger	0:b86d15c6ba29	12166	XFREE(cert, NULL, DYNAMIC_TYPE_TMP_BUFFER);
Vanger	0:b86d15c6ba29	12167	#endif
Vanger	0:b86d15c6ba29	12168	}
Vanger	0:b86d15c6ba29	12169	}
Vanger	0:b86d15c6ba29	12170
Vanger	0:b86d15c6ba29	12171	return x509;
Vanger	0:b86d15c6ba29	12172	}
Vanger	0:b86d15c6ba29	12173
Vanger	0:b86d15c6ba29	12174
Vanger	0:b86d15c6ba29	12175	/* Get peer's PEM ceritifcate at index (idx), output to buffer if inLen big
Vanger	0:b86d15c6ba29	12176	enough else return error (-1), output length is in *outLen
Vanger	0:b86d15c6ba29	12177	SSL_SUCCESS on ok */
Vanger	0:b86d15c6ba29	12178	int CyaSSL_get_chain_cert_pem(CYASSL_X509_CHAIN* chain, int idx,
Vanger	0:b86d15c6ba29	12179	unsigned char* buf, int inLen, int* outLen)
Vanger	0:b86d15c6ba29	12180	{
Vanger	0:b86d15c6ba29	12181	const char header[] = "-----BEGIN CERTIFICATE-----\n";
Vanger	0:b86d15c6ba29	12182	const char footer[] = "-----END CERTIFICATE-----\n";
Vanger	0:b86d15c6ba29	12183
Vanger	0:b86d15c6ba29	12184	int headerLen = sizeof(header) - 1;
Vanger	0:b86d15c6ba29	12185	int footerLen = sizeof(footer) - 1;
Vanger	0:b86d15c6ba29	12186	int i;
Vanger	0:b86d15c6ba29	12187	int err;
Vanger	0:b86d15c6ba29	12188
Vanger	0:b86d15c6ba29	12189	CYASSL_ENTER("CyaSSL_get_chain_cert_pem");
Vanger	0:b86d15c6ba29	12190	if (!chain \|\| !outLen \|\| !buf)
Vanger	0:b86d15c6ba29	12191	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	12192
Vanger	0:b86d15c6ba29	12193	/* don't even try if inLen too short */
Vanger	0:b86d15c6ba29	12194	if (inLen < headerLen + footerLen + chain->certs[idx].length)
Vanger	0:b86d15c6ba29	12195	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	12196
Vanger	0:b86d15c6ba29	12197	/* header */
Vanger	0:b86d15c6ba29	12198	XMEMCPY(buf, header, headerLen);
Vanger	0:b86d15c6ba29	12199	i = headerLen;
Vanger	0:b86d15c6ba29	12200
Vanger	0:b86d15c6ba29	12201	/* body */
Vanger	0:b86d15c6ba29	12202	outLen = inLen; / input to Base64_Encode */
Vanger	0:b86d15c6ba29	12203	if ( (err = Base64_Encode(chain->certs[idx].buffer,
Vanger	0:b86d15c6ba29	12204	chain->certs[idx].length, buf + i, (word32*)outLen)) < 0)
Vanger	0:b86d15c6ba29	12205	return err;
Vanger	0:b86d15c6ba29	12206	i += *outLen;
Vanger	0:b86d15c6ba29	12207
Vanger	0:b86d15c6ba29	12208	/* footer */
Vanger	0:b86d15c6ba29	12209	if ( (i + footerLen) > inLen)
Vanger	0:b86d15c6ba29	12210	return BAD_FUNC_ARG;
Vanger	0:b86d15c6ba29	12211	XMEMCPY(buf + i, footer, footerLen);
Vanger	0:b86d15c6ba29	12212	*outLen += headerLen + footerLen;
Vanger	0:b86d15c6ba29	12213
Vanger	0:b86d15c6ba29	12214	return SSL_SUCCESS;
Vanger	0:b86d15c6ba29	12215	}
Vanger	0:b86d15c6ba29	12216
Vanger	0:b86d15c6ba29	12217
Vanger	0:b86d15c6ba29	12218	/* get session ID */
Vanger	0:b86d15c6ba29	12219	const byte* CyaSSL_get_sessionID(const CYASSL_SESSION* session)
Vanger	0:b86d15c6ba29	12220	{
Vanger	0:b86d15c6ba29	12221	CYASSL_ENTER("CyaSSL_get_sessionID");
Vanger	0:b86d15c6ba29	12222	if (session)
Vanger	0:b86d15c6ba29	12223	return session->sessionID;
Vanger	0:b86d15c6ba29	12224
Vanger	0:b86d15c6ba29	12225	return NULL;
Vanger	0:b86d15c6ba29	12226	}
Vanger	0:b86d15c6ba29	12227
Vanger	0:b86d15c6ba29	12228
Vanger	0:b86d15c6ba29	12229	#endif /* SESSION_CERTS */
Vanger	0:b86d15c6ba29	12230
Vanger	0:b86d15c6ba29	12231	#ifdef HAVE_FUZZER
Vanger	0:b86d15c6ba29	12232	void CyaSSL_SetFuzzerCb(CYASSL* ssl, CallbackFuzzer cbf, void* fCtx)
Vanger	0:b86d15c6ba29	12233	{
Vanger	0:b86d15c6ba29	12234	if (ssl) {
Vanger	0:b86d15c6ba29	12235	ssl->fuzzerCb = cbf;
Vanger	0:b86d15c6ba29	12236	ssl->fuzzerCtx = fCtx;
Vanger	0:b86d15c6ba29	12237	}
Vanger	0:b86d15c6ba29	12238	}
Vanger	0:b86d15c6ba29	12239	#endif
Vanger	0:b86d15c6ba29	12240
Vanger	0:b86d15c6ba29	12241	#ifndef NO_CERTS
Vanger	0:b86d15c6ba29	12242	#ifdef HAVE_PK_CALLBACKS
Vanger	0:b86d15c6ba29	12243
Vanger	0:b86d15c6ba29	12244	#ifdef HAVE_ECC
Vanger	0:b86d15c6ba29	12245
Vanger	0:b86d15c6ba29	12246	void CyaSSL_CTX_SetEccSignCb(CYASSL_CTX* ctx, CallbackEccSign cb)
Vanger	0:b86d15c6ba29	12247	{
Vanger	0:b86d15c6ba29	12248	if (ctx)
Vanger	0:b86d15c6ba29	12249	ctx->EccSignCb = cb;
Vanger	0:b86d15c6ba29	12250	}
Vanger	0:b86d15c6ba29	12251
Vanger	0:b86d15c6ba29	12252
Vanger	0:b86d15c6ba29	12253	void CyaSSL_SetEccSignCtx(CYASSL* ssl, void *ctx)
Vanger	0:b86d15c6ba29	12254	{
Vanger	0:b86d15c6ba29	12255	if (ssl)
Vanger	0:b86d15c6ba29	12256	ssl->EccSignCtx = ctx;
Vanger	0:b86d15c6ba29	12257	}
Vanger	0:b86d15c6ba29	12258
Vanger	0:b86d15c6ba29	12259
Vanger	0:b86d15c6ba29	12260	void* CyaSSL_GetEccSignCtx(CYASSL* ssl)
Vanger	0:b86d15c6ba29	12261	{
Vanger	0:b86d15c6ba29	12262	if (ssl)
Vanger	0:b86d15c6ba29	12263	return ssl->EccSignCtx;
Vanger	0:b86d15c6ba29	12264
Vanger	0:b86d15c6ba29	12265	return NULL;
Vanger	0:b86d15c6ba29	12266	}
Vanger	0:b86d15c6ba29	12267
Vanger	0:b86d15c6ba29	12268
Vanger	0:b86d15c6ba29	12269	void CyaSSL_CTX_SetEccVerifyCb(CYASSL_CTX* ctx, CallbackEccVerify cb)
Vanger	0:b86d15c6ba29	12270	{
Vanger	0:b86d15c6ba29	12271	if (ctx)
Vanger	0:b86d15c6ba29	12272	ctx->EccVerifyCb = cb;
Vanger	0:b86d15c6ba29	12273	}
Vanger	0:b86d15c6ba29	12274
Vanger	0:b86d15c6ba29	12275
Vanger	0:b86d15c6ba29	12276	void CyaSSL_SetEccVerifyCtx(CYASSL* ssl, void *ctx)
Vanger	0:b86d15c6ba29	12277	{
Vanger	0:b86d15c6ba29	12278	if (ssl)
Vanger	0:b86d15c6ba29	12279	ssl->EccVerifyCtx = ctx;
Vanger	0:b86d15c6ba29	12280	}
Vanger	0:b86d15c6ba29	12281
Vanger	0:b86d15c6ba29	12282
Vanger	0:b86d15c6ba29	12283	void* CyaSSL_GetEccVerifyCtx(CYASSL* ssl)
Vanger	0:b86d15c6ba29	12284	{
Vanger	0:b86d15c6ba29	12285	if (ssl)
Vanger	0:b86d15c6ba29	12286	return ssl->EccVerifyCtx;
Vanger	0:b86d15c6ba29	12287
Vanger	0:b86d15c6ba29	12288	return NULL;
Vanger	0:b86d15c6ba29	12289	}
Vanger	0:b86d15c6ba29	12290
Vanger	0:b86d15c6ba29	12291	#endif /* HAVE_ECC */
Vanger	0:b86d15c6ba29	12292
Vanger	0:b86d15c6ba29	12293	#ifndef NO_RSA
Vanger	0:b86d15c6ba29	12294
Vanger	0:b86d15c6ba29	12295	void CyaSSL_CTX_SetRsaSignCb(CYASSL_CTX* ctx, CallbackRsaSign cb)
Vanger	0:b86d15c6ba29	12296	{
Vanger	0:b86d15c6ba29	12297	if (ctx)
Vanger	0:b86d15c6ba29	12298	ctx->RsaSignCb = cb;
Vanger	0:b86d15c6ba29	12299	}
Vanger	0:b86d15c6ba29	12300
Vanger	0:b86d15c6ba29	12301
Vanger	0:b86d15c6ba29	12302	void CyaSSL_SetRsaSignCtx(CYASSL* ssl, void *ctx)
Vanger	0:b86d15c6ba29	12303	{
Vanger	0:b86d15c6ba29	12304	if (ssl)
Vanger	0:b86d15c6ba29	12305	ssl->RsaSignCtx = ctx;
Vanger	0:b86d15c6ba29	12306	}
Vanger	0:b86d15c6ba29	12307
Vanger	0:b86d15c6ba29	12308
Vanger	0:b86d15c6ba29	12309	void* CyaSSL_GetRsaSignCtx(CYASSL* ssl)
Vanger	0:b86d15c6ba29	12310	{
Vanger	0:b86d15c6ba29	12311	if (ssl)
Vanger	0:b86d15c6ba29	12312	return ssl->RsaSignCtx;
Vanger	0:b86d15c6ba29	12313
Vanger	0:b86d15c6ba29	12314	return NULL;
Vanger	0:b86d15c6ba29	12315	}
Vanger	0:b86d15c6ba29	12316
Vanger	0:b86d15c6ba29	12317
Vanger	0:b86d15c6ba29	12318	void CyaSSL_CTX_SetRsaVerifyCb(CYASSL_CTX* ctx, CallbackRsaVerify cb)
Vanger	0:b86d15c6ba29	12319	{
Vanger	0:b86d15c6ba29	12320	if (ctx)
Vanger	0:b86d15c6ba29	12321	ctx->RsaVerifyCb = cb;
Vanger	0:b86d15c6ba29	12322	}
Vanger	0:b86d15c6ba29	12323
Vanger	0:b86d15c6ba29	12324
Vanger	0:b86d15c6ba29	12325	void CyaSSL_SetRsaVerifyCtx(CYASSL* ssl, void *ctx)
Vanger	0:b86d15c6ba29	12326	{
Vanger	0:b86d15c6ba29	12327	if (ssl)
Vanger	0:b86d15c6ba29	12328	ssl->RsaVerifyCtx = ctx;
Vanger	0:b86d15c6ba29	12329	}
Vanger	0:b86d15c6ba29	12330
Vanger	0:b86d15c6ba29	12331
Vanger	0:b86d15c6ba29	12332	void* CyaSSL_GetRsaVerifyCtx(CYASSL* ssl)
Vanger	0:b86d15c6ba29	12333	{
Vanger	0:b86d15c6ba29	12334	if (ssl)
Vanger	0:b86d15c6ba29	12335	return ssl->RsaVerifyCtx;
Vanger	0:b86d15c6ba29	12336
Vanger	0:b86d15c6ba29	12337	return NULL;
Vanger	0:b86d15c6ba29	12338	}
Vanger	0:b86d15c6ba29	12339
Vanger	0:b86d15c6ba29	12340	void CyaSSL_CTX_SetRsaEncCb(CYASSL_CTX* ctx, CallbackRsaEnc cb)
Vanger	0:b86d15c6ba29	12341	{
Vanger	0:b86d15c6ba29	12342	if (ctx)
Vanger	0:b86d15c6ba29	12343	ctx->RsaEncCb = cb;
Vanger	0:b86d15c6ba29	12344	}
Vanger	0:b86d15c6ba29	12345
Vanger	0:b86d15c6ba29	12346
Vanger	0:b86d15c6ba29	12347	void CyaSSL_SetRsaEncCtx(CYASSL* ssl, void *ctx)
Vanger	0:b86d15c6ba29	12348	{
Vanger	0:b86d15c6ba29	12349	if (ssl)
Vanger	0:b86d15c6ba29	12350	ssl->RsaEncCtx = ctx;
Vanger	0:b86d15c6ba29	12351	}
Vanger	0:b86d15c6ba29	12352
Vanger	0:b86d15c6ba29	12353
Vanger	0:b86d15c6ba29	12354	void* CyaSSL_GetRsaEncCtx(CYASSL* ssl)
Vanger	0:b86d15c6ba29	12355	{
Vanger	0:b86d15c6ba29	12356	if (ssl)
Vanger	0:b86d15c6ba29	12357	return ssl->RsaEncCtx;
Vanger	0:b86d15c6ba29	12358
Vanger	0:b86d15c6ba29	12359	return NULL;
Vanger	0:b86d15c6ba29	12360	}
Vanger	0:b86d15c6ba29	12361
Vanger	0:b86d15c6ba29	12362	void CyaSSL_CTX_SetRsaDecCb(CYASSL_CTX* ctx, CallbackRsaDec cb)
Vanger	0:b86d15c6ba29	12363	{
Vanger	0:b86d15c6ba29	12364	if (ctx)
Vanger	0:b86d15c6ba29	12365	ctx->RsaDecCb = cb;
Vanger	0:b86d15c6ba29	12366	}
Vanger	0:b86d15c6ba29	12367
Vanger	0:b86d15c6ba29	12368
Vanger	0:b86d15c6ba29	12369	void CyaSSL_SetRsaDecCtx(CYASSL* ssl, void *ctx)
Vanger	0:b86d15c6ba29	12370	{
Vanger	0:b86d15c6ba29	12371	if (ssl)
Vanger	0:b86d15c6ba29	12372	ssl->RsaDecCtx = ctx;
Vanger	0:b86d15c6ba29	12373	}
Vanger	0:b86d15c6ba29	12374
Vanger	0:b86d15c6ba29	12375
Vanger	0:b86d15c6ba29	12376	void* CyaSSL_GetRsaDecCtx(CYASSL* ssl)
Vanger	0:b86d15c6ba29	12377	{
Vanger	0:b86d15c6ba29	12378	if (ssl)
Vanger	0:b86d15c6ba29	12379	return ssl->RsaDecCtx;
Vanger	0:b86d15c6ba29	12380
Vanger	0:b86d15c6ba29	12381	return NULL;
Vanger	0:b86d15c6ba29	12382	}
Vanger	0:b86d15c6ba29	12383
Vanger	0:b86d15c6ba29	12384
Vanger	0:b86d15c6ba29	12385	#endif /* NO_RSA */
Vanger	0:b86d15c6ba29	12386
Vanger	0:b86d15c6ba29	12387	#endif /* HAVE_PK_CALLBACKS */
Vanger	0:b86d15c6ba29	12388	#endif /* NO_CERTS */
Vanger	0:b86d15c6ba29	12389
Vanger	0:b86d15c6ba29	12390
Vanger	0:b86d15c6ba29	12391	#ifdef CYASSL_HAVE_WOLFSCEP
Vanger	0:b86d15c6ba29	12392	/* Used by autoconf to see if wolfSCEP is available */
Vanger	0:b86d15c6ba29	12393	void CyaSSL_wolfSCEP(void) {}
Vanger	0:b86d15c6ba29	12394	#endif
Vanger	0:b86d15c6ba29	12395
Vanger	0:b86d15c6ba29	12396
Vanger	0:b86d15c6ba29	12397	#ifdef CYASSL_HAVE_CERT_SERVICE
Vanger	0:b86d15c6ba29	12398	/* Used by autoconf to see if cert service is available */
Vanger	0:b86d15c6ba29	12399	void CyaSSL_cert_service(void) {}
Vanger	0:b86d15c6ba29	12400	#endif
Vanger	0:b86d15c6ba29	12401

Repository toolbox

Export to desktop IDE

Repository details

Type:	Library
Created:	27 Mar 2015
Imports:	27
Forks:	0
Commits:	7
Dependents:	4
Dependencies:	0
Followers:	87

src/ssl.c@6:cf58d49e1a86, 2015-03-23 (annotated)

Who changed what in which revision?

Repository toolbox

Repository details

Important Information for this Arm website

Access Warning