mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2025-08-02 12:14:38 +02:00
Merge branch 'master' of github.com:cyassl/cyassl
This commit is contained in:
John Safranek
@@ -760,8 +760,8 @@ static int DecryptKey(const char* password, int passwordSz, byte* salt,
|
|||||||
int ToTraditionalEnc(byte* input, word32 sz,const char* password,int passwordSz)
|
int ToTraditionalEnc(byte* input, word32 sz,const char* password,int passwordSz)
|
||||||
{
|
{
|
||||||
word32 inOutIdx = 0, oid;
|
word32 inOutIdx = 0, oid;
|
||||||
int first, second, length, iterations, saltSz, id;
|
int first, second, length, version, saltSz, id;
|
||||||
int version;
|
int iterations = 0;
|
||||||
byte salt[MAX_SALT_SIZE];
|
byte salt[MAX_SALT_SIZE];
|
||||||
byte cbcIv[MAX_IV_SIZE];
|
byte cbcIv[MAX_IV_SIZE];
|
||||||
|
|
||||||
@@ -1375,6 +1375,7 @@ static int GetName(DecodedCert* cert, int nameType)
|
|||||||
cert->srcIdx += 2;
|
cert->srcIdx += 2;
|
||||||
id = cert->source[cert->srcIdx++];
|
id = cert->source[cert->srcIdx++];
|
||||||
b = cert->source[cert->srcIdx++]; /* strType */
|
b = cert->source[cert->srcIdx++]; /* strType */
|
||||||
|
(void)b; /* may want to validate? */
|
||||||
|
|
||||||
if (GetLength(cert->source, &cert->srcIdx, &strLen,
|
if (GetLength(cert->source, &cert->srcIdx, &strLen,
|
||||||
cert->maxIdx) < 0)
|
cert->maxIdx) < 0)
|
||||||
|
|||||||
@@ -116,6 +116,9 @@ mp_clear (mp_int * a)
|
|||||||
{
|
{
|
||||||
int i;
|
int i;
|
||||||
|
|
||||||
|
if (a == NULL)
|
||||||
|
return;
|
||||||
|
|
||||||
/* only do anything if a hasn't been freed previously */
|
/* only do anything if a hasn't been freed previously */
|
||||||
if (a->dp != NULL) {
|
if (a->dp != NULL) {
|
||||||
/* first zero the digits */
|
/* first zero the digits */
|
||||||
|
|||||||
@@ -236,6 +236,16 @@ int PKCS12_PBKDF(byte* output, const byte* passwd, int passLen,const byte* salt,
|
|||||||
mp_int B1;
|
mp_int B1;
|
||||||
|
|
||||||
if (hashType == MD5) {
|
if (hashType == MD5) {
|
||||||
|
Md5 md5;
|
||||||
|
|
||||||
|
InitMd5(&md5);
|
||||||
|
Md5Update(&md5, buffer, totalLen);
|
||||||
|
Md5Final(&md5, Ai);
|
||||||
|
|
||||||
|
for (i = 1; i < iterations; i++) {
|
||||||
|
Md5Update(&md5, Ai, u);
|
||||||
|
Md5Final(&md5, Ai);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
else if (hashType == SHA) {
|
else if (hashType == SHA) {
|
||||||
Sha sha;
|
Sha sha;
|
||||||
@@ -251,10 +261,30 @@ int PKCS12_PBKDF(byte* output, const byte* passwd, int passLen,const byte* salt,
|
|||||||
}
|
}
|
||||||
#ifndef NO_SHA256
|
#ifndef NO_SHA256
|
||||||
else if (hashType == SHA256) {
|
else if (hashType == SHA256) {
|
||||||
|
Sha256 sha256;
|
||||||
|
|
||||||
|
InitSha256(&sha256);
|
||||||
|
Sha256Update(&sha256, buffer, totalLen);
|
||||||
|
Sha256Final(&sha256, Ai);
|
||||||
|
|
||||||
|
for (i = 1; i < iterations; i++) {
|
||||||
|
Sha256Update(&sha256, Ai, u);
|
||||||
|
Sha256Final(&sha256, Ai);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
#ifdef CYASSL_SHA512
|
#ifdef CYASSL_SHA512
|
||||||
else if (hashType == SHA512) {
|
else if (hashType == SHA512) {
|
||||||
|
Sha512 sha512;
|
||||||
|
|
||||||
|
InitSha512(&sha512);
|
||||||
|
Sha512Update(&sha512, buffer, totalLen);
|
||||||
|
Sha512Final(&sha512, Ai);
|
||||||
|
|
||||||
|
for (i = 1; i < iterations; i++) {
|
||||||
|
Sha512Update(&sha512, Ai, u);
|
||||||
|
Sha512Final(&sha512, Ai);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|||||||
@@ -219,25 +219,25 @@ void RabbitProcess(Rabbit* ctx, byte* output, const byte* input, word32 msglen)
|
|||||||
if (msglen) {
|
if (msglen) {
|
||||||
|
|
||||||
word32 i;
|
word32 i;
|
||||||
word32 tmp[4];
|
byte buffer[16];
|
||||||
byte* buffer = (byte*)tmp;
|
|
||||||
|
|
||||||
/* Iterate the system */
|
/* Iterate the system */
|
||||||
RABBIT_next_state(&(ctx->workCtx));
|
RABBIT_next_state(&(ctx->workCtx));
|
||||||
|
|
||||||
/* Generate 16 bytes of pseudo-random data */
|
/* Generate 16 bytes of pseudo-random data */
|
||||||
tmp[0] = LITTLE32(ctx->workCtx.x[0] ^
|
*(word32*)(buffer+ 0) = LITTLE32(ctx->workCtx.x[0] ^
|
||||||
(ctx->workCtx.x[5]>>16) ^ U32V(ctx->workCtx.x[3]<<16));
|
(ctx->workCtx.x[5]>>16) ^ U32V(ctx->workCtx.x[3]<<16));
|
||||||
tmp[1] = LITTLE32(ctx->workCtx.x[2] ^
|
*(word32*)(buffer+ 4) = LITTLE32(ctx->workCtx.x[2] ^
|
||||||
(ctx->workCtx.x[7]>>16) ^ U32V(ctx->workCtx.x[5]<<16));
|
(ctx->workCtx.x[7]>>16) ^ U32V(ctx->workCtx.x[5]<<16));
|
||||||
tmp[2] = LITTLE32(ctx->workCtx.x[4] ^
|
*(word32*)(buffer+ 8) = LITTLE32(ctx->workCtx.x[4] ^
|
||||||
(ctx->workCtx.x[1]>>16) ^ U32V(ctx->workCtx.x[7]<<16));
|
(ctx->workCtx.x[1]>>16) ^ U32V(ctx->workCtx.x[7]<<16));
|
||||||
tmp[3] = LITTLE32(ctx->workCtx.x[6] ^
|
*(word32*)(buffer+12) = LITTLE32(ctx->workCtx.x[6] ^
|
||||||
(ctx->workCtx.x[3]>>16) ^ U32V(ctx->workCtx.x[1]<<16));
|
(ctx->workCtx.x[3]>>16) ^ U32V(ctx->workCtx.x[1]<<16));
|
||||||
|
|
||||||
/* Encrypt/decrypt the data */
|
/* Encrypt/decrypt the data */
|
||||||
for (i=0; i<msglen; i++)
|
for (i=0; i<msglen; i++)
|
||||||
output[i] = input[i] ^ buffer[i];
|
output[i] = input[i] ^ buffer[i]; /* scan-build thinks buffer[i] */
|
||||||
|
/* is garbage, it is not! */
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -153,7 +153,7 @@ enum {
|
|||||||
#elif !defined(MICRIUM_MALLOC) && !defined(EBSNET) && !defined(CYASSL_SAFERTOS)
|
#elif !defined(MICRIUM_MALLOC) && !defined(EBSNET) && !defined(CYASSL_SAFERTOS)
|
||||||
/* default C runtime, can install different routines at runtime */
|
/* default C runtime, can install different routines at runtime */
|
||||||
#include <cyassl/ctaocrypt/memory.h>
|
#include <cyassl/ctaocrypt/memory.h>
|
||||||
#define XMALLOC(s, h, t) CyaSSL_Malloc((s))
|
#define XMALLOC(s, h, t) ((void)h, (void)t, CyaSSL_Malloc((s)))
|
||||||
#define XFREE(p, h, t) {void* xp = (p); if((xp)) CyaSSL_Free((xp));}
|
#define XFREE(p, h, t) {void* xp = (p); if((xp)) CyaSSL_Free((xp));}
|
||||||
#define XREALLOC(p, n, h, t) CyaSSL_Realloc((p), (n))
|
#define XREALLOC(p, n, h, t) CyaSSL_Realloc((p), (n))
|
||||||
#endif
|
#endif
|
||||||
@@ -215,7 +215,10 @@ enum {
|
|||||||
DYNAMIC_TYPE_CRL_MONITOR = 26,
|
DYNAMIC_TYPE_CRL_MONITOR = 26,
|
||||||
DYNAMIC_TYPE_OCSP_STATUS = 27,
|
DYNAMIC_TYPE_OCSP_STATUS = 27,
|
||||||
DYNAMIC_TYPE_OCSP_ENTRY = 28,
|
DYNAMIC_TYPE_OCSP_ENTRY = 28,
|
||||||
DYNAMIC_TYPE_ALTNAME = 29
|
DYNAMIC_TYPE_ALTNAME = 29,
|
||||||
|
DYNAMIC_TYPE_SUITES = 30,
|
||||||
|
DYNAMIC_TYPE_CIPHER = 31,
|
||||||
|
DYNAMIC_TYPE_RNG = 32
|
||||||
};
|
};
|
||||||
|
|
||||||
/* stack protection */
|
/* stack protection */
|
||||||
|
|||||||
@@ -103,6 +103,7 @@ enum CyaSSL_ErrorCodes {
|
|||||||
MAX_CHAIN_ERROR = -268, /* max chain depth exceeded */
|
MAX_CHAIN_ERROR = -268, /* max chain depth exceeded */
|
||||||
COOKIE_ERROR = -269, /* dtls cookie error */
|
COOKIE_ERROR = -269, /* dtls cookie error */
|
||||||
SEQUENCE_ERROR = -270, /* dtls sequence error */
|
SEQUENCE_ERROR = -270, /* dtls sequence error */
|
||||||
|
SUITES_ERROR = -271, /* suites pointer error */
|
||||||
/* add strings to SetErrorString !!!!! */
|
/* add strings to SetErrorString !!!!! */
|
||||||
|
|
||||||
/* begin negotiation parameter errors */
|
/* begin negotiation parameter errors */
|
||||||
|
|||||||
@@ -474,6 +474,14 @@ enum Misc {
|
|||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
|
/* don't use extra 3/4k stack space unless need to */
|
||||||
|
#ifdef HAVE_NTRU
|
||||||
|
#define MAX_ENCRYPT_SZ MAX_NTRU_ENCRYPT_SZ
|
||||||
|
#else
|
||||||
|
#define MAX_ENCRYPT_SZ ENCRYPT_LEN
|
||||||
|
#endif
|
||||||
|
|
||||||
|
|
||||||
/* states */
|
/* states */
|
||||||
enum states {
|
enum states {
|
||||||
NULL_STATE = 0,
|
NULL_STATE = 0,
|
||||||
@@ -965,29 +973,34 @@ typedef struct Keys {
|
|||||||
|
|
||||||
word32 encryptSz; /* last size of encrypted data */
|
word32 encryptSz; /* last size of encrypted data */
|
||||||
byte encryptionOn; /* true after change cipher spec */
|
byte encryptionOn; /* true after change cipher spec */
|
||||||
|
byte decryptedCur; /* only decrypt current record once */
|
||||||
} Keys;
|
} Keys;
|
||||||
|
|
||||||
|
|
||||||
/* cipher for now */
|
/* cipher for now */
|
||||||
typedef union {
|
typedef struct Ciphers {
|
||||||
#ifdef BUILD_ARC4
|
#ifdef BUILD_ARC4
|
||||||
Arc4 arc4;
|
Arc4* arc4;
|
||||||
#endif
|
#endif
|
||||||
#ifdef BUILD_DES3
|
#ifdef BUILD_DES3
|
||||||
Des3 des3;
|
Des3* des3;
|
||||||
#endif
|
#endif
|
||||||
#ifdef BUILD_AES
|
#ifdef BUILD_AES
|
||||||
Aes aes;
|
Aes* aes;
|
||||||
#endif
|
#endif
|
||||||
#ifdef HAVE_HC128
|
#ifdef HAVE_HC128
|
||||||
HC128 hc128;
|
HC128* hc128;
|
||||||
#endif
|
#endif
|
||||||
#ifdef BUILD_RABBIT
|
#ifdef BUILD_RABBIT
|
||||||
Rabbit rabbit;
|
Rabbit* rabbit;
|
||||||
#endif
|
#endif
|
||||||
} Ciphers;
|
} Ciphers;
|
||||||
|
|
||||||
|
|
||||||
|
CYASSL_LOCAL void InitCiphers(CYASSL* ssl);
|
||||||
|
CYASSL_LOCAL void FreeCiphers(CYASSL* ssl);
|
||||||
|
|
||||||
|
|
||||||
/* hashes type */
|
/* hashes type */
|
||||||
typedef struct Hashes {
|
typedef struct Hashes {
|
||||||
byte md5[MD5_DIGEST_SIZE];
|
byte md5[MD5_DIGEST_SIZE];
|
||||||
@@ -1203,7 +1216,7 @@ struct CYASSL {
|
|||||||
int error;
|
int error;
|
||||||
ProtocolVersion version; /* negotiated version */
|
ProtocolVersion version; /* negotiated version */
|
||||||
ProtocolVersion chVersion; /* client hello version */
|
ProtocolVersion chVersion; /* client hello version */
|
||||||
Suites suites;
|
Suites* suites; /* only need during handshake */
|
||||||
Ciphers encrypt;
|
Ciphers encrypt;
|
||||||
Ciphers decrypt;
|
Ciphers decrypt;
|
||||||
CipherSpecs specs;
|
CipherSpecs specs;
|
||||||
@@ -1214,7 +1227,7 @@ struct CYASSL {
|
|||||||
CYASSL_BIO* biowr; /* socket bio write to free/close */
|
CYASSL_BIO* biowr; /* socket bio write to free/close */
|
||||||
void* IOCB_ReadCtx;
|
void* IOCB_ReadCtx;
|
||||||
void* IOCB_WriteCtx;
|
void* IOCB_WriteCtx;
|
||||||
RNG rng;
|
RNG* rng;
|
||||||
Md5 hashMd5; /* md5 hash of handshake msgs */
|
Md5 hashMd5; /* md5 hash of handshake msgs */
|
||||||
Sha hashSha; /* sha hash of handshake msgs */
|
Sha hashSha; /* sha hash of handshake msgs */
|
||||||
#ifndef NO_SHA256
|
#ifndef NO_SHA256
|
||||||
@@ -1440,6 +1453,7 @@ CYASSL_LOCAL int StoreKeys(CYASSL* ssl, const byte* keyData);
|
|||||||
CYASSL_LOCAL int IsTLS(const CYASSL* ssl);
|
CYASSL_LOCAL int IsTLS(const CYASSL* ssl);
|
||||||
CYASSL_LOCAL int IsAtLeastTLSv1_2(const CYASSL* ssl);
|
CYASSL_LOCAL int IsAtLeastTLSv1_2(const CYASSL* ssl);
|
||||||
|
|
||||||
|
CYASSL_LOCAL void FreeHandshakeResources(CYASSL* ssl);
|
||||||
CYASSL_LOCAL void ShrinkInputBuffer(CYASSL* ssl, int forcedFree);
|
CYASSL_LOCAL void ShrinkInputBuffer(CYASSL* ssl, int forcedFree);
|
||||||
CYASSL_LOCAL void ShrinkOutputBuffer(CYASSL* ssl);
|
CYASSL_LOCAL void ShrinkOutputBuffer(CYASSL* ssl);
|
||||||
CYASSL_LOCAL Signer* GetCA(void* cm, byte* hash);
|
CYASSL_LOCAL Signer* GetCA(void* cm, byte* hash);
|
||||||
|
|||||||
@@ -99,6 +99,7 @@
|
|||||||
#define BAD_DECRYPT_TYPE 65
|
#define BAD_DECRYPT_TYPE 65
|
||||||
#define BAD_FINISHED_MSG 66
|
#define BAD_FINISHED_MSG 66
|
||||||
#define BAD_COMPRESSION_STR 67
|
#define BAD_COMPRESSION_STR 67
|
||||||
|
#define BAD_DERIVE_STR 68
|
||||||
|
|
||||||
/* !!!! also add to msgTable in sniffer.c and .rc file !!!! */
|
/* !!!! also add to msgTable in sniffer.c and .rc file !!!! */
|
||||||
|
|
||||||
|
|||||||
@@ -81,5 +81,6 @@ STRINGTABLE
|
|||||||
|
|
||||||
66, "Bad Finished Message Processing"
|
66, "Bad Finished Message Processing"
|
||||||
67, "Bad Compression Type"
|
67, "Bad Compression Type"
|
||||||
|
68, "Bad DeriveKeys Error"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -780,6 +780,7 @@ enum {
|
|||||||
CYASSL_CHAIN_CA = 2 /* added to cache from trusted chain */
|
CYASSL_CHAIN_CA = 2 /* added to cache from trusted chain */
|
||||||
};
|
};
|
||||||
|
|
||||||
|
CYASSL_API int CyaSSL_GetObjectSize(void); /* object size based on build */
|
||||||
CYASSL_API int CyaSSL_SetVersion(CYASSL* ssl, int version);
|
CYASSL_API int CyaSSL_SetVersion(CYASSL* ssl, int version);
|
||||||
CYASSL_API int CyaSSL_KeyPemToDer(const unsigned char*, int sz, unsigned char*,
|
CYASSL_API int CyaSSL_KeyPemToDer(const unsigned char*, int sz, unsigned char*,
|
||||||
int, const char*);
|
int, const char*);
|
||||||
|
|||||||
@@ -263,9 +263,10 @@ void client_test(void* args)
|
|||||||
|
|
||||||
#if defined(CYASSL_SNIFFER) && !defined(HAVE_NTRU) && !defined(HAVE_ECC)
|
#if defined(CYASSL_SNIFFER) && !defined(HAVE_NTRU) && !defined(HAVE_ECC)
|
||||||
/* don't use EDH, can't sniff tmp keys */
|
/* don't use EDH, can't sniff tmp keys */
|
||||||
if (cipherList == NULL)
|
if (cipherList == NULL) {
|
||||||
if (CyaSSL_CTX_set_cipher_list(ctx, "AES256-SHA") != SSL_SUCCESS)
|
if (CyaSSL_CTX_set_cipher_list(ctx, "AES256-SHA") != SSL_SUCCESS)
|
||||||
err_sys("can't set cipher list");
|
err_sys("can't set cipher list");
|
||||||
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef USER_CA_CB
|
#ifdef USER_CA_CB
|
||||||
|
|||||||
@@ -262,8 +262,10 @@ THREAD_RETURN CYASSL_THREAD server_test(void* args)
|
|||||||
|
|
||||||
#if defined(CYASSL_SNIFFER) && !defined(HAVE_NTRU) && !defined(HAVE_ECC)
|
#if defined(CYASSL_SNIFFER) && !defined(HAVE_NTRU) && !defined(HAVE_ECC)
|
||||||
/* don't use EDH, can't sniff tmp keys */
|
/* don't use EDH, can't sniff tmp keys */
|
||||||
|
if (cipherList == NULL) {
|
||||||
if (SSL_CTX_set_cipher_list(ctx, "AES256-SHA") != SSL_SUCCESS)
|
if (SSL_CTX_set_cipher_list(ctx, "AES256-SHA") != SSL_SUCCESS)
|
||||||
err_sys("can't set cipher list");
|
err_sys("can't set cipher list");
|
||||||
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
ssl = SSL_new(ctx);
|
ssl = SSL_new(ctx);
|
||||||
|
|||||||
@@ -123,7 +123,6 @@ int CheckCertCRL(CYASSL_CRL* crl, DecodedCert* cert)
|
|||||||
{
|
{
|
||||||
CRL_Entry* crle;
|
CRL_Entry* crle;
|
||||||
int foundEntry = 0;
|
int foundEntry = 0;
|
||||||
int revoked = 0;
|
|
||||||
int ret = 0;
|
int ret = 0;
|
||||||
|
|
||||||
CYASSL_ENTER("CheckCertCRL");
|
CYASSL_ENTER("CheckCertCRL");
|
||||||
@@ -157,7 +156,6 @@ int CheckCertCRL(CYASSL_CRL* crl, DecodedCert* cert)
|
|||||||
while (rc) {
|
while (rc) {
|
||||||
if (XMEMCMP(rc->serialNumber, cert->serial, rc->serialSz) == 0) {
|
if (XMEMCMP(rc->serialNumber, cert->serial, rc->serialSz) == 0) {
|
||||||
CYASSL_MSG("Cert revoked");
|
CYASSL_MSG("Cert revoked");
|
||||||
revoked = 1;
|
|
||||||
ret = CRL_CERT_REVOKED;
|
ret = CRL_CERT_REVOKED;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|||||||
253
src/internal.c
253
src/internal.c
@@ -435,6 +435,58 @@ void FreeSSL_Ctx(CYASSL_CTX* ctx)
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/* Set cipher pointers to null */
|
||||||
|
void InitCiphers(CYASSL* ssl)
|
||||||
|
{
|
||||||
|
#ifdef BUILD_ARC4
|
||||||
|
ssl->encrypt.arc4 = NULL;
|
||||||
|
ssl->decrypt.arc4 = NULL;
|
||||||
|
#endif
|
||||||
|
#ifdef BUILD_DES3
|
||||||
|
ssl->encrypt.des3 = NULL;
|
||||||
|
ssl->decrypt.des3 = NULL;
|
||||||
|
#endif
|
||||||
|
#ifdef BUILD_AES
|
||||||
|
ssl->encrypt.aes = NULL;
|
||||||
|
ssl->decrypt.aes = NULL;
|
||||||
|
#endif
|
||||||
|
#ifdef HAVE_HC128
|
||||||
|
ssl->encrypt.hc128 = NULL;
|
||||||
|
ssl->decrypt.hc128 = NULL;
|
||||||
|
#endif
|
||||||
|
#ifdef BUILD_RABBIT
|
||||||
|
ssl->encrypt.rabbit = NULL;
|
||||||
|
ssl->decrypt.rabbit = NULL;
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/* Free ciphers */
|
||||||
|
void FreeCiphers(CYASSL* ssl)
|
||||||
|
{
|
||||||
|
#ifdef BUILD_ARC4
|
||||||
|
XFREE(ssl->encrypt.arc4, ssl->heap, DYNAMIC_TYPE_CIPHER);
|
||||||
|
XFREE(ssl->decrypt.arc4, ssl->heap, DYNAMIC_TYPE_CIPHER);
|
||||||
|
#endif
|
||||||
|
#ifdef BUILD_DES3
|
||||||
|
XFREE(ssl->encrypt.des3, ssl->heap, DYNAMIC_TYPE_CIPHER);
|
||||||
|
XFREE(ssl->decrypt.des3, ssl->heap, DYNAMIC_TYPE_CIPHER);
|
||||||
|
#endif
|
||||||
|
#ifdef BUILD_AES
|
||||||
|
XFREE(ssl->encrypt.aes, ssl->heap, DYNAMIC_TYPE_CIPHER);
|
||||||
|
XFREE(ssl->decrypt.aes, ssl->heap, DYNAMIC_TYPE_CIPHER);
|
||||||
|
#endif
|
||||||
|
#ifdef HAVE_HC128
|
||||||
|
XFREE(ssl->encrypt.hc128, ssl->heap, DYNAMIC_TYPE_CIPHER);
|
||||||
|
XFREE(ssl->decrypt.hc128, ssl->heap, DYNAMIC_TYPE_CIPHER);
|
||||||
|
#endif
|
||||||
|
#ifdef BUILD_RABBIT
|
||||||
|
XFREE(ssl->encrypt.rabbit, ssl->heap, DYNAMIC_TYPE_CIPHER);
|
||||||
|
XFREE(ssl->decrypt.rabbit, ssl->heap, DYNAMIC_TYPE_CIPHER);
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
void InitSuites(Suites* suites, ProtocolVersion pv, byte haveDH, byte havePSK,
|
void InitSuites(Suites* suites, ProtocolVersion pv, byte haveDH, byte havePSK,
|
||||||
byte haveNTRU, byte haveECDSAsig, byte haveStaticECC, int side)
|
byte haveNTRU, byte haveECDSAsig, byte haveStaticECC, int side)
|
||||||
{
|
{
|
||||||
@@ -449,7 +501,11 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveDH, byte havePSK,
|
|||||||
(void)havePSK;
|
(void)havePSK;
|
||||||
(void)haveNTRU;
|
(void)haveNTRU;
|
||||||
(void)haveStaticECC;
|
(void)haveStaticECC;
|
||||||
(void)haveRSAsig;
|
|
||||||
|
if (suites == NULL) {
|
||||||
|
CYASSL_MSG("InitSuites pointer error");
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
if (suites->setSuites)
|
if (suites->setSuites)
|
||||||
return; /* trust user settings, don't override */
|
return; /* trust user settings, don't override */
|
||||||
@@ -457,8 +513,10 @@ void InitSuites(Suites* suites, ProtocolVersion pv, byte haveDH, byte havePSK,
|
|||||||
if (side == SERVER_END && haveStaticECC)
|
if (side == SERVER_END && haveStaticECC)
|
||||||
haveRSA = 0; /* can't do RSA with ECDSA key */
|
haveRSA = 0; /* can't do RSA with ECDSA key */
|
||||||
|
|
||||||
if (side == SERVER_END && haveECDSAsig)
|
if (side == SERVER_END && haveECDSAsig) {
|
||||||
haveRSAsig = 0; /* can't have RSA sig if signed by ECDSA */
|
haveRSAsig = 0; /* can't have RSA sig if signed by ECDSA */
|
||||||
|
(void)haveRSAsig; /* non ecc builds won't read */
|
||||||
|
}
|
||||||
|
|
||||||
#ifdef CYASSL_DTLS
|
#ifdef CYASSL_DTLS
|
||||||
if (pv.major == DTLS_MAJOR && pv.minor == DTLS_MINOR)
|
if (pv.major == DTLS_MAJOR && pv.minor == DTLS_MINOR)
|
||||||
@@ -814,7 +872,7 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx)
|
|||||||
|
|
||||||
ssl->ctx = ctx; /* only for passing to calls, options could change */
|
ssl->ctx = ctx; /* only for passing to calls, options could change */
|
||||||
ssl->version = ctx->method->version;
|
ssl->version = ctx->method->version;
|
||||||
ssl->suites = ctx->suites;
|
ssl->suites = NULL;
|
||||||
|
|
||||||
#ifdef HAVE_LIBZ
|
#ifdef HAVE_LIBZ
|
||||||
ssl->didStreamInit = 0;
|
ssl->didStreamInit = 0;
|
||||||
@@ -926,6 +984,7 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx)
|
|||||||
ssl->dtls_timeout = 2;
|
ssl->dtls_timeout = 2;
|
||||||
#endif
|
#endif
|
||||||
ssl->keys.encryptionOn = 0; /* initially off */
|
ssl->keys.encryptionOn = 0; /* initially off */
|
||||||
|
ssl->keys.decryptedCur = 0; /* initially off */
|
||||||
ssl->options.sessionCacheOff = ctx->sessionCacheOff;
|
ssl->options.sessionCacheOff = ctx->sessionCacheOff;
|
||||||
ssl->options.sessionCacheFlushOff = ctx->sessionCacheFlushOff;
|
ssl->options.sessionCacheFlushOff = ctx->sessionCacheFlushOff;
|
||||||
|
|
||||||
@@ -997,6 +1056,8 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx)
|
|||||||
ssl->arrays.server_hint[0] = 0;
|
ssl->arrays.server_hint[0] = 0;
|
||||||
#endif /* NO_PSK */
|
#endif /* NO_PSK */
|
||||||
|
|
||||||
|
ssl->rng = NULL;
|
||||||
|
InitCiphers(ssl);
|
||||||
/* all done with init, now can return errors, call other stuff */
|
/* all done with init, now can return errors, call other stuff */
|
||||||
|
|
||||||
/* increment CTX reference count */
|
/* increment CTX reference count */
|
||||||
@@ -1007,9 +1068,23 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx)
|
|||||||
ctx->refCount++;
|
ctx->refCount++;
|
||||||
UnLockMutex(&ctx->countMutex);
|
UnLockMutex(&ctx->countMutex);
|
||||||
|
|
||||||
if ( (ret = InitRng(&ssl->rng)) != 0)
|
ssl->rng = (RNG*)XMALLOC(sizeof(RNG), ssl->heap, DYNAMIC_TYPE_RNG);
|
||||||
|
if (ssl->rng == NULL) {
|
||||||
|
CYASSL_MSG("RNG Memory error");
|
||||||
|
return MEMORY_E;
|
||||||
|
}
|
||||||
|
|
||||||
|
if ( (ret = InitRng(ssl->rng)) != 0)
|
||||||
return ret;
|
return ret;
|
||||||
|
|
||||||
|
ssl->suites = (Suites*)XMALLOC(sizeof(Suites), ssl->heap,
|
||||||
|
DYNAMIC_TYPE_SUITES);
|
||||||
|
if (ssl->suites == NULL) {
|
||||||
|
CYASSL_MSG("Suites Memory error");
|
||||||
|
return MEMORY_E;
|
||||||
|
}
|
||||||
|
*ssl->suites = ctx->suites;
|
||||||
|
|
||||||
/* make sure server has cert and key unless using PSK */
|
/* make sure server has cert and key unless using PSK */
|
||||||
if (ssl->options.side == SERVER_END && !havePSK)
|
if (ssl->options.side == SERVER_END && !havePSK)
|
||||||
if (!ssl->buffers.certificate.buffer || !ssl->buffers.key.buffer) {
|
if (!ssl->buffers.certificate.buffer || !ssl->buffers.key.buffer) {
|
||||||
@@ -1019,11 +1094,11 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx)
|
|||||||
|
|
||||||
/* make sure server has DH parms, and add PSK if there, add NTRU too */
|
/* make sure server has DH parms, and add PSK if there, add NTRU too */
|
||||||
if (ssl->options.side == SERVER_END)
|
if (ssl->options.side == SERVER_END)
|
||||||
InitSuites(&ssl->suites, ssl->version,ssl->options.haveDH, havePSK,
|
InitSuites(ssl->suites, ssl->version,ssl->options.haveDH, havePSK,
|
||||||
ssl->options.haveNTRU, ssl->options.haveECDSAsig,
|
ssl->options.haveNTRU, ssl->options.haveECDSAsig,
|
||||||
ssl->options.haveStaticECC, ssl->options.side);
|
ssl->options.haveStaticECC, ssl->options.side);
|
||||||
else
|
else
|
||||||
InitSuites(&ssl->suites, ssl->version, TRUE, havePSK,
|
InitSuites(ssl->suites, ssl->version, TRUE, havePSK,
|
||||||
ssl->options.haveNTRU, ssl->options.haveECDSAsig,
|
ssl->options.haveNTRU, ssl->options.haveECDSAsig,
|
||||||
ssl->options.haveStaticECC, ssl->options.side);
|
ssl->options.haveStaticECC, ssl->options.side);
|
||||||
|
|
||||||
@@ -1034,6 +1109,9 @@ int InitSSL(CYASSL* ssl, CYASSL_CTX* ctx)
|
|||||||
/* In case holding SSL object in array and don't want to free actual ssl */
|
/* In case holding SSL object in array and don't want to free actual ssl */
|
||||||
void SSL_ResourceFree(CYASSL* ssl)
|
void SSL_ResourceFree(CYASSL* ssl)
|
||||||
{
|
{
|
||||||
|
FreeCiphers(ssl);
|
||||||
|
XFREE(ssl->rng, ssl->heap, DYNAMIC_TYPE_RNG);
|
||||||
|
XFREE(ssl->suites, ssl->heap, DYNAMIC_TYPE_SUITES);
|
||||||
XFREE(ssl->buffers.serverDH_Priv.buffer, ssl->heap, DYNAMIC_TYPE_DH);
|
XFREE(ssl->buffers.serverDH_Priv.buffer, ssl->heap, DYNAMIC_TYPE_DH);
|
||||||
XFREE(ssl->buffers.serverDH_Pub.buffer, ssl->heap, DYNAMIC_TYPE_DH);
|
XFREE(ssl->buffers.serverDH_Pub.buffer, ssl->heap, DYNAMIC_TYPE_DH);
|
||||||
/* parameters (p,g) may be owned by ctx */
|
/* parameters (p,g) may be owned by ctx */
|
||||||
@@ -1078,6 +1156,25 @@ void SSL_ResourceFree(CYASSL* ssl)
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/* Free any handshake resources no longer needed */
|
||||||
|
void FreeHandshakeResources(CYASSL* ssl)
|
||||||
|
{
|
||||||
|
/* input buffer */
|
||||||
|
if (ssl->buffers.inputBuffer.dynamicFlag)
|
||||||
|
ShrinkInputBuffer(ssl, NO_FORCED_FREE);
|
||||||
|
|
||||||
|
/* suites */
|
||||||
|
XFREE(ssl->suites, ssl->heap, DYNAMIC_TYPE_SUITES);
|
||||||
|
ssl->suites = NULL;
|
||||||
|
|
||||||
|
/* RNG */
|
||||||
|
if (ssl->specs.cipher_type == stream || ssl->options.tls1_1 == 0) {
|
||||||
|
XFREE(ssl->rng, ssl->heap, DYNAMIC_TYPE_RNG);
|
||||||
|
ssl->rng = NULL;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
void FreeSSL(CYASSL* ssl)
|
void FreeSSL(CYASSL* ssl)
|
||||||
{
|
{
|
||||||
FreeSSL_Ctx(ssl->ctx); /* will decrement and free underyling CTX if 0 */
|
FreeSSL_Ctx(ssl->ctx); /* will decrement and free underyling CTX if 0 */
|
||||||
@@ -1584,6 +1681,9 @@ static int GetRecordHeader(CYASSL* ssl, const byte* input, word32* inOutIdx,
|
|||||||
return UNKNOWN_RECORD_TYPE;
|
return UNKNOWN_RECORD_TYPE;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* haven't decrypted this record yet */
|
||||||
|
ssl->keys.decryptedCur = 0;
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -2364,13 +2464,13 @@ static INLINE void Encrypt(CYASSL* ssl, byte* out, const byte* input, word32 sz)
|
|||||||
switch (ssl->specs.bulk_cipher_algorithm) {
|
switch (ssl->specs.bulk_cipher_algorithm) {
|
||||||
#ifdef BUILD_ARC4
|
#ifdef BUILD_ARC4
|
||||||
case rc4:
|
case rc4:
|
||||||
Arc4Process(&ssl->encrypt.arc4, out, input, sz);
|
Arc4Process(ssl->encrypt.arc4, out, input, sz);
|
||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef BUILD_DES3
|
#ifdef BUILD_DES3
|
||||||
case triple_des:
|
case triple_des:
|
||||||
Des3_CbcEncrypt(&ssl->encrypt.des3, out, input, sz);
|
Des3_CbcEncrypt(ssl->encrypt.des3, out, input, sz);
|
||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
@@ -2380,12 +2480,12 @@ static INLINE void Encrypt(CYASSL* ssl, byte* out, const byte* input, word32 sz)
|
|||||||
if ((word)input % 16) {
|
if ((word)input % 16) {
|
||||||
byte buffer[MAX_RECORD_SIZE + MAX_COMP_EXTRA+MAX_MSG_EXTRA];
|
byte buffer[MAX_RECORD_SIZE + MAX_COMP_EXTRA+MAX_MSG_EXTRA];
|
||||||
XMEMCPY(buffer, input, sz);
|
XMEMCPY(buffer, input, sz);
|
||||||
AesCbcEncrypt(&ssl->encrypt.aes, buffer, buffer, sz);
|
AesCbcEncrypt(ssl->encrypt.aes, buffer, buffer, sz);
|
||||||
XMEMCPY(out, buffer, sz);
|
XMEMCPY(out, buffer, sz);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
AesCbcEncrypt(&ssl->encrypt.aes, out, input, sz);
|
AesCbcEncrypt(ssl->encrypt.aes, out, input, sz);
|
||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
@@ -2408,25 +2508,25 @@ static INLINE void Encrypt(CYASSL* ssl, byte* out, const byte* input, word32 sz)
|
|||||||
* IV length minus the authentication tag size. */
|
* IV length minus the authentication tag size. */
|
||||||
c16toa(sz - AES_GCM_EXP_IV_SZ - AEAD_AUTH_TAG_SZ,
|
c16toa(sz - AES_GCM_EXP_IV_SZ - AEAD_AUTH_TAG_SZ,
|
||||||
additional + AEAD_LEN_OFFSET);
|
additional + AEAD_LEN_OFFSET);
|
||||||
AesGcmEncrypt(&ssl->encrypt.aes,
|
AesGcmEncrypt(ssl->encrypt.aes,
|
||||||
out + AES_GCM_EXP_IV_SZ, input + AES_GCM_EXP_IV_SZ,
|
out + AES_GCM_EXP_IV_SZ, input + AES_GCM_EXP_IV_SZ,
|
||||||
sz - AES_GCM_EXP_IV_SZ - AEAD_AUTH_TAG_SZ,
|
sz - AES_GCM_EXP_IV_SZ - AEAD_AUTH_TAG_SZ,
|
||||||
out + sz - AEAD_AUTH_TAG_SZ, AEAD_AUTH_TAG_SZ,
|
out + sz - AEAD_AUTH_TAG_SZ, AEAD_AUTH_TAG_SZ,
|
||||||
additional, AEAD_AUTH_DATA_SZ);
|
additional, AEAD_AUTH_DATA_SZ);
|
||||||
AesGcmIncExpIV(&ssl->encrypt.aes);
|
AesGcmIncExpIV(ssl->encrypt.aes);
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef HAVE_HC128
|
#ifdef HAVE_HC128
|
||||||
case hc128:
|
case hc128:
|
||||||
Hc128_Process(&ssl->encrypt.hc128, out, input, sz);
|
Hc128_Process(ssl->encrypt.hc128, out, input, sz);
|
||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef BUILD_RABBIT
|
#ifdef BUILD_RABBIT
|
||||||
case rabbit:
|
case rabbit:
|
||||||
RabbitProcess(&ssl->encrypt.rabbit, out, input, sz);
|
RabbitProcess(ssl->encrypt.rabbit, out, input, sz);
|
||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
@@ -2442,19 +2542,19 @@ static INLINE int Decrypt(CYASSL* ssl, byte* plain, const byte* input,
|
|||||||
switch (ssl->specs.bulk_cipher_algorithm) {
|
switch (ssl->specs.bulk_cipher_algorithm) {
|
||||||
#ifdef BUILD_ARC4
|
#ifdef BUILD_ARC4
|
||||||
case rc4:
|
case rc4:
|
||||||
Arc4Process(&ssl->decrypt.arc4, plain, input, sz);
|
Arc4Process(ssl->decrypt.arc4, plain, input, sz);
|
||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef BUILD_DES3
|
#ifdef BUILD_DES3
|
||||||
case triple_des:
|
case triple_des:
|
||||||
Des3_CbcDecrypt(&ssl->decrypt.des3, plain, input, sz);
|
Des3_CbcDecrypt(ssl->decrypt.des3, plain, input, sz);
|
||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef BUILD_AES
|
#ifdef BUILD_AES
|
||||||
case aes:
|
case aes:
|
||||||
AesCbcDecrypt(&ssl->decrypt.aes, plain, input, sz);
|
AesCbcDecrypt(ssl->decrypt.aes, plain, input, sz);
|
||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
@@ -2463,7 +2563,7 @@ static INLINE int Decrypt(CYASSL* ssl, byte* plain, const byte* input,
|
|||||||
{
|
{
|
||||||
byte additional[AES_BLOCK_SIZE];
|
byte additional[AES_BLOCK_SIZE];
|
||||||
|
|
||||||
AesGcmSetExpIV(&ssl->decrypt.aes, input);
|
AesGcmSetExpIV(ssl->decrypt.aes, input);
|
||||||
XMEMSET(additional, 0, AES_BLOCK_SIZE);
|
XMEMSET(additional, 0, AES_BLOCK_SIZE);
|
||||||
|
|
||||||
/* sequence number field is 64-bits, we only use 32-bits */
|
/* sequence number field is 64-bits, we only use 32-bits */
|
||||||
@@ -2475,7 +2575,7 @@ static INLINE int Decrypt(CYASSL* ssl, byte* plain, const byte* input,
|
|||||||
|
|
||||||
c16toa(sz - AES_GCM_EXP_IV_SZ - AEAD_AUTH_TAG_SZ,
|
c16toa(sz - AES_GCM_EXP_IV_SZ - AEAD_AUTH_TAG_SZ,
|
||||||
additional + AEAD_LEN_OFFSET);
|
additional + AEAD_LEN_OFFSET);
|
||||||
if (AesGcmDecrypt(&ssl->decrypt.aes,
|
if (AesGcmDecrypt(ssl->decrypt.aes,
|
||||||
plain + AES_GCM_EXP_IV_SZ,
|
plain + AES_GCM_EXP_IV_SZ,
|
||||||
input + AES_GCM_EXP_IV_SZ,
|
input + AES_GCM_EXP_IV_SZ,
|
||||||
sz - AES_GCM_EXP_IV_SZ - AEAD_AUTH_TAG_SZ,
|
sz - AES_GCM_EXP_IV_SZ - AEAD_AUTH_TAG_SZ,
|
||||||
@@ -2490,13 +2590,13 @@ static INLINE int Decrypt(CYASSL* ssl, byte* plain, const byte* input,
|
|||||||
|
|
||||||
#ifdef HAVE_HC128
|
#ifdef HAVE_HC128
|
||||||
case hc128:
|
case hc128:
|
||||||
Hc128_Process(&ssl->decrypt.hc128, plain, input, sz);
|
Hc128_Process(ssl->decrypt.hc128, plain, input, sz);
|
||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef BUILD_RABBIT
|
#ifdef BUILD_RABBIT
|
||||||
case rabbit:
|
case rabbit:
|
||||||
RabbitProcess(&ssl->decrypt.rabbit, plain, input, sz);
|
RabbitProcess(ssl->decrypt.rabbit, plain, input, sz);
|
||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
@@ -2515,6 +2615,8 @@ static int DecryptMessage(CYASSL* ssl, byte* input, word32 sz, word32* idx)
|
|||||||
if (decryptResult == 0)
|
if (decryptResult == 0)
|
||||||
{
|
{
|
||||||
ssl->keys.encryptSz = sz;
|
ssl->keys.encryptSz = sz;
|
||||||
|
ssl->keys.decryptedCur = 1;
|
||||||
|
|
||||||
if (ssl->options.tls1_1 && ssl->specs.cipher_type == block)
|
if (ssl->options.tls1_1 && ssl->specs.cipher_type == block)
|
||||||
*idx += ssl->specs.block_size; /* go past TLSv1.1 IV */
|
*idx += ssl->specs.block_size; /* go past TLSv1.1 IV */
|
||||||
if (ssl->specs.cipher_type == aead)
|
if (ssl->specs.cipher_type == aead)
|
||||||
@@ -2858,7 +2960,7 @@ int ProcessReply(CYASSL* ssl)
|
|||||||
/* the record layer is here */
|
/* the record layer is here */
|
||||||
case runProcessingOneMessage:
|
case runProcessingOneMessage:
|
||||||
|
|
||||||
if (ssl->keys.encryptionOn)
|
if (ssl->keys.encryptionOn && ssl->keys.decryptedCur == 0)
|
||||||
if (DecryptMessage(ssl, ssl->buffers.inputBuffer.buffer +
|
if (DecryptMessage(ssl, ssl->buffers.inputBuffer.buffer +
|
||||||
ssl->buffers.inputBuffer.idx,
|
ssl->buffers.inputBuffer.idx,
|
||||||
ssl->curSize,
|
ssl->curSize,
|
||||||
@@ -2902,6 +3004,11 @@ int ProcessReply(CYASSL* ssl)
|
|||||||
AddLateRecordHeader(&ssl->curRL, &ssl->timeoutInfo);
|
AddLateRecordHeader(&ssl->curRL, &ssl->timeoutInfo);
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
if (ssl->curSize != 1) {
|
||||||
|
CYASSL_MSG("Malicious or corrupted ChangeCipher msg");
|
||||||
|
return LENGTH_ERROR;
|
||||||
|
}
|
||||||
ssl->buffers.inputBuffer.idx++;
|
ssl->buffers.inputBuffer.idx++;
|
||||||
ssl->keys.encryptionOn = 1;
|
ssl->keys.encryptionOn = 1;
|
||||||
|
|
||||||
@@ -3185,7 +3292,7 @@ static int BuildMessage(CYASSL* ssl, byte* output, const byte* input, int inSz,
|
|||||||
if (ssl->options.tls1_1) {
|
if (ssl->options.tls1_1) {
|
||||||
ivSz = blockSz;
|
ivSz = blockSz;
|
||||||
sz += ivSz;
|
sz += ivSz;
|
||||||
RNG_GenerateBlock(&ssl->rng, iv, ivSz);
|
RNG_GenerateBlock(ssl->rng, iv, ivSz);
|
||||||
}
|
}
|
||||||
sz += 1; /* pad byte */
|
sz += 1; /* pad byte */
|
||||||
pad = (sz - headerSz) % blockSz;
|
pad = (sz - headerSz) % blockSz;
|
||||||
@@ -3197,7 +3304,7 @@ static int BuildMessage(CYASSL* ssl, byte* output, const byte* input, int inSz,
|
|||||||
if (ssl->specs.cipher_type == aead) {
|
if (ssl->specs.cipher_type == aead) {
|
||||||
ivSz = AES_GCM_EXP_IV_SZ;
|
ivSz = AES_GCM_EXP_IV_SZ;
|
||||||
sz += (ivSz + 16 - digestSz);
|
sz += (ivSz + 16 - digestSz);
|
||||||
AesGcmGetExpIV(&ssl->encrypt.aes, iv);
|
AesGcmGetExpIV(ssl->encrypt.aes, iv);
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
size = (word16)(sz - headerSz); /* include mac and digest */
|
size = (word16)(sz - headerSz); /* include mac and digest */
|
||||||
@@ -3356,7 +3463,8 @@ int SendCertificate(CYASSL* ssl)
|
|||||||
if (ssl->buffers.certChain.buffer) {
|
if (ssl->buffers.certChain.buffer) {
|
||||||
XMEMCPY(output + i, ssl->buffers.certChain.buffer,
|
XMEMCPY(output + i, ssl->buffers.certChain.buffer,
|
||||||
ssl->buffers.certChain.length);
|
ssl->buffers.certChain.length);
|
||||||
i += ssl->buffers.certChain.length;
|
/* if add more to output adjust i
|
||||||
|
i += ssl->buffers.certChain.length; */
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
HashOutput(ssl, output, sendSz, 0);
|
HashOutput(ssl, output, sendSz, 0);
|
||||||
@@ -3425,7 +3533,8 @@ int SendCertificateRequest(CYASSL* ssl)
|
|||||||
}
|
}
|
||||||
|
|
||||||
c16toa(0, &output[i]); /* auth's */
|
c16toa(0, &output[i]); /* auth's */
|
||||||
i += REQ_HEADER_SZ;
|
/* if add more to output, adjust i
|
||||||
|
i += REQ_HEADER_SZ; */
|
||||||
|
|
||||||
HashOutput(ssl, output, sendSz, 0);
|
HashOutput(ssl, output, sendSz, 0);
|
||||||
|
|
||||||
@@ -3952,6 +4061,10 @@ void SetErrorString(int error, char* str)
|
|||||||
XSTRNCPY(str, "DTLS Sequence Error", max);
|
XSTRNCPY(str, "DTLS Sequence Error", max);
|
||||||
break;
|
break;
|
||||||
|
|
||||||
|
case SUITES_ERROR:
|
||||||
|
XSTRNCPY(str, "Suites Pointer Error", max);
|
||||||
|
break;
|
||||||
|
|
||||||
default :
|
default :
|
||||||
XSTRNCPY(str, "unknown error number", max);
|
XSTRNCPY(str, "unknown error number", max);
|
||||||
}
|
}
|
||||||
@@ -4373,6 +4486,11 @@ int SetCipherList(Suites* s, const char* list)
|
|||||||
const int suiteSz = sizeof(cipher_names) / sizeof(cipher_names[0]);
|
const int suiteSz = sizeof(cipher_names) / sizeof(cipher_names[0]);
|
||||||
int idx = 0;
|
int idx = 0;
|
||||||
|
|
||||||
|
if (s == NULL) {
|
||||||
|
CYASSL_MSG("SetCipherList suite pointer error");
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
if (!list)
|
if (!list)
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
@@ -4572,9 +4690,14 @@ int SetCipherList(Suites* s, const char* list)
|
|||||||
int idSz = ssl->options.resuming ? ID_LEN : 0;
|
int idSz = ssl->options.resuming ? ID_LEN : 0;
|
||||||
int ret;
|
int ret;
|
||||||
|
|
||||||
|
if (ssl->suites == NULL) {
|
||||||
|
CYASSL_MSG("Bad suites pointer in SendClientHello");
|
||||||
|
return SUITES_ERROR;
|
||||||
|
}
|
||||||
|
|
||||||
length = sizeof(ProtocolVersion) + RAN_LEN
|
length = sizeof(ProtocolVersion) + RAN_LEN
|
||||||
+ idSz + ENUM_LEN
|
+ idSz + ENUM_LEN
|
||||||
+ ssl->suites.suiteSz + SUITE_LEN
|
+ ssl->suites->suiteSz + SUITE_LEN
|
||||||
+ COMP_LEN + ENUM_LEN;
|
+ COMP_LEN + ENUM_LEN;
|
||||||
|
|
||||||
if (IsAtLeastTLSv1_2(ssl))
|
if (IsAtLeastTLSv1_2(ssl))
|
||||||
@@ -4608,7 +4731,7 @@ int SetCipherList(Suites* s, const char* list)
|
|||||||
|
|
||||||
/* then random */
|
/* then random */
|
||||||
if (ssl->options.connectState == CONNECT_BEGIN) {
|
if (ssl->options.connectState == CONNECT_BEGIN) {
|
||||||
RNG_GenerateBlock(&ssl->rng, output + idx, RAN_LEN);
|
RNG_GenerateBlock(ssl->rng, output + idx, RAN_LEN);
|
||||||
|
|
||||||
/* store random */
|
/* store random */
|
||||||
XMEMCPY(ssl->arrays.clientRandom, output + idx, RAN_LEN);
|
XMEMCPY(ssl->arrays.clientRandom, output + idx, RAN_LEN);
|
||||||
@@ -4640,10 +4763,10 @@ int SetCipherList(Suites* s, const char* list)
|
|||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
/* then cipher suites */
|
/* then cipher suites */
|
||||||
c16toa(ssl->suites.suiteSz, output + idx);
|
c16toa(ssl->suites->suiteSz, output + idx);
|
||||||
idx += 2;
|
idx += 2;
|
||||||
XMEMCPY(output + idx, &ssl->suites.suites, ssl->suites.suiteSz);
|
XMEMCPY(output + idx, &ssl->suites->suites, ssl->suites->suiteSz);
|
||||||
idx += ssl->suites.suiteSz;
|
idx += ssl->suites->suiteSz;
|
||||||
|
|
||||||
/* last, compression */
|
/* last, compression */
|
||||||
output[idx++] = COMP_LEN;
|
output[idx++] = COMP_LEN;
|
||||||
@@ -5081,13 +5204,13 @@ int SetCipherList(Suites* s, const char* list)
|
|||||||
|
|
||||||
int SendClientKeyExchange(CYASSL* ssl)
|
int SendClientKeyExchange(CYASSL* ssl)
|
||||||
{
|
{
|
||||||
byte encSecret[MAX_NTRU_ENCRYPT_SZ];
|
byte encSecret[MAX_ENCRYPT_SZ];
|
||||||
word32 encSz = 0;
|
word32 encSz = 0;
|
||||||
word32 idx = 0;
|
word32 idx = 0;
|
||||||
int ret = 0;
|
int ret = 0;
|
||||||
|
|
||||||
if (ssl->specs.kea == rsa_kea) {
|
if (ssl->specs.kea == rsa_kea) {
|
||||||
RNG_GenerateBlock(&ssl->rng, ssl->arrays.preMasterSecret,
|
RNG_GenerateBlock(ssl->rng, ssl->arrays.preMasterSecret,
|
||||||
SECRET_LEN);
|
SECRET_LEN);
|
||||||
ssl->arrays.preMasterSecret[0] = ssl->chVersion.major;
|
ssl->arrays.preMasterSecret[0] = ssl->chVersion.major;
|
||||||
ssl->arrays.preMasterSecret[1] = ssl->chVersion.minor;
|
ssl->arrays.preMasterSecret[1] = ssl->chVersion.minor;
|
||||||
@@ -5098,7 +5221,7 @@ int SetCipherList(Suites* s, const char* list)
|
|||||||
|
|
||||||
ret = RsaPublicEncrypt(ssl->arrays.preMasterSecret, SECRET_LEN,
|
ret = RsaPublicEncrypt(ssl->arrays.preMasterSecret, SECRET_LEN,
|
||||||
encSecret, sizeof(encSecret), &ssl->peerRsaKey,
|
encSecret, sizeof(encSecret), &ssl->peerRsaKey,
|
||||||
&ssl->rng);
|
ssl->rng);
|
||||||
if (ret > 0) {
|
if (ret > 0) {
|
||||||
encSz = ret;
|
encSz = ret;
|
||||||
ret = 0; /* set success to 0 */
|
ret = 0; /* set success to 0 */
|
||||||
@@ -5121,7 +5244,7 @@ int SetCipherList(Suites* s, const char* list)
|
|||||||
serverG.buffer, serverG.length);
|
serverG.buffer, serverG.length);
|
||||||
if (ret == 0)
|
if (ret == 0)
|
||||||
/* for DH, encSecret is Yc, agree is pre-master */
|
/* for DH, encSecret is Yc, agree is pre-master */
|
||||||
ret = DhGenerateKeyPair(&key, &ssl->rng, priv, &privSz,
|
ret = DhGenerateKeyPair(&key, ssl->rng, priv, &privSz,
|
||||||
encSecret, &encSz);
|
encSecret, &encSz);
|
||||||
if (ret == 0)
|
if (ret == 0)
|
||||||
ret = DhAgree(&key, ssl->arrays.preMasterSecret,
|
ret = DhAgree(&key, ssl->arrays.preMasterSecret,
|
||||||
@@ -5163,7 +5286,7 @@ int SetCipherList(Suites* s, const char* list)
|
|||||||
'C', 'y', 'a', 'S', 'S', 'L', ' ', 'N', 'T', 'R', 'U'
|
'C', 'y', 'a', 'S', 'S', 'L', ' ', 'N', 'T', 'R', 'U'
|
||||||
};
|
};
|
||||||
|
|
||||||
RNG_GenerateBlock(&ssl->rng, ssl->arrays.preMasterSecret,
|
RNG_GenerateBlock(ssl->rng, ssl->arrays.preMasterSecret,
|
||||||
SECRET_LEN);
|
SECRET_LEN);
|
||||||
ssl->arrays.preMasterSz = SECRET_LEN;
|
ssl->arrays.preMasterSz = SECRET_LEN;
|
||||||
|
|
||||||
@@ -5205,7 +5328,7 @@ int SetCipherList(Suites* s, const char* list)
|
|||||||
}
|
}
|
||||||
|
|
||||||
ecc_init(&myKey);
|
ecc_init(&myKey);
|
||||||
ret = ecc_make_key(&ssl->rng, peerKey->dp->size, &myKey);
|
ret = ecc_make_key(ssl->rng, peerKey->dp->size, &myKey);
|
||||||
if (ret != 0)
|
if (ret != 0)
|
||||||
return ECC_MAKEKEY_ERROR;
|
return ECC_MAKEKEY_ERROR;
|
||||||
|
|
||||||
@@ -5266,7 +5389,8 @@ int SetCipherList(Suites* s, const char* list)
|
|||||||
idx += 2;
|
idx += 2;
|
||||||
}
|
}
|
||||||
XMEMCPY(output + idx, encSecret, encSz);
|
XMEMCPY(output + idx, encSecret, encSz);
|
||||||
idx += encSz;
|
/* if add more to output, adjust idx
|
||||||
|
idx += encSz; */
|
||||||
|
|
||||||
HashOutput(ssl, output, sendSz, 0);
|
HashOutput(ssl, output, sendSz, 0);
|
||||||
|
|
||||||
@@ -5371,7 +5495,7 @@ int SetCipherList(Suites* s, const char* list)
|
|||||||
word32 localSz = sigOutSz;
|
word32 localSz = sigOutSz;
|
||||||
ret = ecc_sign_hash(signBuffer + MD5_DIGEST_SIZE,
|
ret = ecc_sign_hash(signBuffer + MD5_DIGEST_SIZE,
|
||||||
SHA_DIGEST_SIZE, verify + extraSz + VERIFY_HEADER,
|
SHA_DIGEST_SIZE, verify + extraSz + VERIFY_HEADER,
|
||||||
&localSz, &ssl->rng, &eccKey);
|
&localSz, ssl->rng, &eccKey);
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
@@ -5390,7 +5514,7 @@ int SetCipherList(Suites* s, const char* list)
|
|||||||
}
|
}
|
||||||
|
|
||||||
ret = RsaSSL_Sign(signBuffer, signSz, verify + extraSz +
|
ret = RsaSSL_Sign(signBuffer, signSz, verify + extraSz +
|
||||||
VERIFY_HEADER, ENCRYPT_LEN, &key, &ssl->rng);
|
VERIFY_HEADER, ENCRYPT_LEN, &key, ssl->rng);
|
||||||
|
|
||||||
if (ret > 0)
|
if (ret > 0)
|
||||||
ret = 0; /* RSA reset */
|
ret = 0; /* RSA reset */
|
||||||
@@ -5476,7 +5600,7 @@ int SetCipherList(Suites* s, const char* list)
|
|||||||
|
|
||||||
/* then random */
|
/* then random */
|
||||||
if (!ssl->options.resuming)
|
if (!ssl->options.resuming)
|
||||||
RNG_GenerateBlock(&ssl->rng, ssl->arrays.serverRandom, RAN_LEN);
|
RNG_GenerateBlock(ssl->rng, ssl->arrays.serverRandom, RAN_LEN);
|
||||||
XMEMCPY(output + idx, ssl->arrays.serverRandom, RAN_LEN);
|
XMEMCPY(output + idx, ssl->arrays.serverRandom, RAN_LEN);
|
||||||
idx += RAN_LEN;
|
idx += RAN_LEN;
|
||||||
|
|
||||||
@@ -5492,7 +5616,7 @@ int SetCipherList(Suites* s, const char* list)
|
|||||||
/* then session id */
|
/* then session id */
|
||||||
output[idx++] = ID_LEN;
|
output[idx++] = ID_LEN;
|
||||||
if (!ssl->options.resuming)
|
if (!ssl->options.resuming)
|
||||||
RNG_GenerateBlock(&ssl->rng, ssl->arrays.sessionID, ID_LEN);
|
RNG_GenerateBlock(ssl->rng, ssl->arrays.sessionID, ID_LEN);
|
||||||
XMEMCPY(output + idx, ssl->arrays.sessionID, ID_LEN);
|
XMEMCPY(output + idx, ssl->arrays.sessionID, ID_LEN);
|
||||||
idx += ID_LEN;
|
idx += ID_LEN;
|
||||||
|
|
||||||
@@ -5758,7 +5882,7 @@ int SetCipherList(Suites* s, const char* list)
|
|||||||
signBuffer = encodedSig;
|
signBuffer = encodedSig;
|
||||||
}
|
}
|
||||||
ret = RsaSSL_Sign(signBuffer, signSz, output + idx, sigSz,
|
ret = RsaSSL_Sign(signBuffer, signSz, output + idx, sigSz,
|
||||||
&rsaKey, &ssl->rng);
|
&rsaKey, ssl->rng);
|
||||||
FreeRsaKey(&rsaKey);
|
FreeRsaKey(&rsaKey);
|
||||||
ecc_free(&dsaKey);
|
ecc_free(&dsaKey);
|
||||||
if (ret > 0)
|
if (ret > 0)
|
||||||
@@ -5770,7 +5894,7 @@ int SetCipherList(Suites* s, const char* list)
|
|||||||
word32 sz = sigSz;
|
word32 sz = sigSz;
|
||||||
|
|
||||||
ret = ecc_sign_hash(&hash[MD5_DIGEST_SIZE], SHA_DIGEST_SIZE,
|
ret = ecc_sign_hash(&hash[MD5_DIGEST_SIZE], SHA_DIGEST_SIZE,
|
||||||
output + idx, &sz, &ssl->rng, &dsaKey);
|
output + idx, &sz, ssl->rng, &dsaKey);
|
||||||
FreeRsaKey(&rsaKey);
|
FreeRsaKey(&rsaKey);
|
||||||
ecc_free(&dsaKey);
|
ecc_free(&dsaKey);
|
||||||
if (ret < 0) return ret;
|
if (ret < 0) return ret;
|
||||||
@@ -5832,7 +5956,7 @@ int SetCipherList(Suites* s, const char* list)
|
|||||||
ssl->buffers.serverDH_G.buffer,
|
ssl->buffers.serverDH_G.buffer,
|
||||||
ssl->buffers.serverDH_G.length);
|
ssl->buffers.serverDH_G.length);
|
||||||
if (ret == 0)
|
if (ret == 0)
|
||||||
ret = DhGenerateKeyPair(&dhKey, &ssl->rng,
|
ret = DhGenerateKeyPair(&dhKey, ssl->rng,
|
||||||
ssl->buffers.serverDH_Priv.buffer,
|
ssl->buffers.serverDH_Priv.buffer,
|
||||||
&ssl->buffers.serverDH_Priv.length,
|
&ssl->buffers.serverDH_Priv.length,
|
||||||
ssl->buffers.serverDH_Pub.buffer,
|
ssl->buffers.serverDH_Pub.buffer,
|
||||||
@@ -5960,11 +6084,9 @@ int SetCipherList(Suites* s, const char* list)
|
|||||||
signBuffer = encodedSig;
|
signBuffer = encodedSig;
|
||||||
}
|
}
|
||||||
ret = RsaSSL_Sign(signBuffer, signSz, output + idx, sigSz,
|
ret = RsaSSL_Sign(signBuffer, signSz, output + idx, sigSz,
|
||||||
&rsaKey, &ssl->rng);
|
&rsaKey, ssl->rng);
|
||||||
FreeRsaKey(&rsaKey);
|
FreeRsaKey(&rsaKey);
|
||||||
if (ret > 0)
|
if (ret <= 0)
|
||||||
ret = 0; /* reset on success */
|
|
||||||
else
|
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -6295,11 +6417,19 @@ int SetCipherList(Suites* s, const char* list)
|
|||||||
{
|
{
|
||||||
int haveRSA = !ssl->options.haveStaticECC;
|
int haveRSA = !ssl->options.haveStaticECC;
|
||||||
int havePSK = 0;
|
int havePSK = 0;
|
||||||
byte first = ssl->suites.suites[idx];
|
byte first;
|
||||||
byte second = ssl->suites.suites[idx+1];
|
byte second;
|
||||||
|
|
||||||
CYASSL_ENTER("VerifySuite");
|
CYASSL_ENTER("VerifySuite");
|
||||||
|
|
||||||
|
if (ssl->suites == NULL) {
|
||||||
|
CYASSL_MSG("Suites pointer error");
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
first = ssl->suites->suites[idx];
|
||||||
|
second = ssl->suites->suites[idx+1];
|
||||||
|
|
||||||
#ifndef NO_PSK
|
#ifndef NO_PSK
|
||||||
havePSK = ssl->options.havePSK;
|
havePSK = ssl->options.havePSK;
|
||||||
#endif
|
#endif
|
||||||
@@ -6379,16 +6509,19 @@ int SetCipherList(Suites* s, const char* list)
|
|||||||
if (peerSuites->suiteSz == 0 || peerSuites->suiteSz & 0x1)
|
if (peerSuites->suiteSz == 0 || peerSuites->suiteSz & 0x1)
|
||||||
return MATCH_SUITE_ERROR;
|
return MATCH_SUITE_ERROR;
|
||||||
|
|
||||||
|
if (ssl->suites == NULL)
|
||||||
|
return SUITES_ERROR;
|
||||||
|
|
||||||
/* start with best, if a match we are good */
|
/* start with best, if a match we are good */
|
||||||
for (i = 0; i < ssl->suites.suiteSz; i += 2)
|
for (i = 0; i < ssl->suites->suiteSz; i += 2)
|
||||||
for (j = 0; j < peerSuites->suiteSz; j += 2)
|
for (j = 0; j < peerSuites->suiteSz; j += 2)
|
||||||
if (ssl->suites.suites[i] == peerSuites->suites[j] &&
|
if (ssl->suites->suites[i] == peerSuites->suites[j] &&
|
||||||
ssl->suites.suites[i+1] == peerSuites->suites[j+1] ) {
|
ssl->suites->suites[i+1] == peerSuites->suites[j+1] ) {
|
||||||
|
|
||||||
if (VerifySuite(ssl, i)) {
|
if (VerifySuite(ssl, i)) {
|
||||||
CYASSL_MSG("Verified suite validity");
|
CYASSL_MSG("Verified suite validity");
|
||||||
ssl->options.cipherSuite0 = ssl->suites.suites[i];
|
ssl->options.cipherSuite0 = ssl->suites->suites[i];
|
||||||
ssl->options.cipherSuite = ssl->suites.suites[i+1];
|
ssl->options.cipherSuite = ssl->suites->suites[i+1];
|
||||||
return SetCipherSpecs(ssl);
|
return SetCipherSpecs(ssl);
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
@@ -6463,7 +6596,7 @@ int SetCipherList(Suites* s, const char* list)
|
|||||||
havePSK = ssl->options.havePSK;
|
havePSK = ssl->options.havePSK;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
InitSuites(&ssl->suites, ssl->version, ssl->options.haveDH, havePSK,
|
InitSuites(ssl->suites, ssl->version, ssl->options.haveDH, havePSK,
|
||||||
ssl->options.haveNTRU, ssl->options.haveECDSAsig,
|
ssl->options.haveNTRU, ssl->options.haveECDSAsig,
|
||||||
ssl->options.haveStaticECC, ssl->options.side);
|
ssl->options.haveStaticECC, ssl->options.side);
|
||||||
}
|
}
|
||||||
@@ -6534,7 +6667,7 @@ int SetCipherList(Suites* s, const char* list)
|
|||||||
return UNSUPPORTED_SUITE;
|
return UNSUPPORTED_SUITE;
|
||||||
}
|
}
|
||||||
|
|
||||||
RNG_GenerateBlock(&ssl->rng, ssl->arrays.serverRandom, RAN_LEN);
|
RNG_GenerateBlock(ssl->rng, ssl->arrays.serverRandom, RAN_LEN);
|
||||||
if (ssl->options.tls)
|
if (ssl->options.tls)
|
||||||
ret = DeriveTlsKeys(ssl);
|
ret = DeriveTlsKeys(ssl);
|
||||||
else
|
else
|
||||||
@@ -6594,7 +6727,7 @@ int SetCipherList(Suites* s, const char* list)
|
|||||||
#ifndef NO_PSK
|
#ifndef NO_PSK
|
||||||
havePSK = ssl->options.havePSK;
|
havePSK = ssl->options.havePSK;
|
||||||
#endif
|
#endif
|
||||||
InitSuites(&ssl->suites, ssl->version, ssl->options.haveDH, havePSK,
|
InitSuites(ssl->suites, ssl->version, ssl->options.haveDH, havePSK,
|
||||||
ssl->options.haveNTRU, ssl->options.haveECDSAsig,
|
ssl->options.haveNTRU, ssl->options.haveECDSAsig,
|
||||||
ssl->options.haveStaticECC, ssl->options.side);
|
ssl->options.haveStaticECC, ssl->options.side);
|
||||||
}
|
}
|
||||||
@@ -6696,7 +6829,7 @@ int SetCipherList(Suites* s, const char* list)
|
|||||||
return UNSUPPORTED_SUITE;
|
return UNSUPPORTED_SUITE;
|
||||||
}
|
}
|
||||||
|
|
||||||
RNG_GenerateBlock(&ssl->rng, ssl->arrays.serverRandom, RAN_LEN);
|
RNG_GenerateBlock(ssl->rng, ssl->arrays.serverRandom, RAN_LEN);
|
||||||
if (ssl->options.tls)
|
if (ssl->options.tls)
|
||||||
ret = DeriveTlsKeys(ssl);
|
ret = DeriveTlsKeys(ssl);
|
||||||
else
|
else
|
||||||
|
|||||||
125
src/keys.c
125
src/keys.c
@@ -918,34 +918,46 @@ static int SetPrefix(byte* sha_input, int idx)
|
|||||||
|
|
||||||
|
|
||||||
static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
|
static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
|
||||||
byte side)
|
byte side, void* heap, RNG* rng)
|
||||||
{
|
{
|
||||||
#ifdef BUILD_ARC4
|
#ifdef BUILD_ARC4
|
||||||
word32 sz = specs->key_size;
|
word32 sz = specs->key_size;
|
||||||
if (specs->bulk_cipher_algorithm == rc4) {
|
if (specs->bulk_cipher_algorithm == rc4) {
|
||||||
|
enc->arc4 = (Arc4*)XMALLOC(sizeof(Arc4), heap, DYNAMIC_TYPE_CIPHER);
|
||||||
|
if (enc->arc4 == NULL)
|
||||||
|
return MEMORY_E;
|
||||||
|
dec->arc4 = (Arc4*)XMALLOC(sizeof(Arc4), heap, DYNAMIC_TYPE_CIPHER);
|
||||||
|
if (dec->arc4 == NULL)
|
||||||
|
return MEMORY_E;
|
||||||
if (side == CLIENT_END) {
|
if (side == CLIENT_END) {
|
||||||
Arc4SetKey(&enc->arc4, keys->client_write_key, sz);
|
Arc4SetKey(enc->arc4, keys->client_write_key, sz);
|
||||||
Arc4SetKey(&dec->arc4, keys->server_write_key, sz);
|
Arc4SetKey(dec->arc4, keys->server_write_key, sz);
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
Arc4SetKey(&enc->arc4, keys->server_write_key, sz);
|
Arc4SetKey(enc->arc4, keys->server_write_key, sz);
|
||||||
Arc4SetKey(&dec->arc4, keys->client_write_key, sz);
|
Arc4SetKey(dec->arc4, keys->client_write_key, sz);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef HAVE_HC128
|
#ifdef HAVE_HC128
|
||||||
if (specs->bulk_cipher_algorithm == hc128) {
|
if (specs->bulk_cipher_algorithm == hc128) {
|
||||||
|
enc->hc128 = (HC128*)XMALLOC(sizeof(HC128), heap, DYNAMIC_TYPE_CIPHER);
|
||||||
|
if (enc->hc128 == NULL)
|
||||||
|
return MEMORY_E;
|
||||||
|
dec->hc128 = (HC128*)XMALLOC(sizeof(HC128), heap, DYNAMIC_TYPE_CIPHER);
|
||||||
|
if (dec->hc128 == NULL)
|
||||||
|
return MEMORY_E;
|
||||||
if (side == CLIENT_END) {
|
if (side == CLIENT_END) {
|
||||||
Hc128_SetKey(&enc->hc128, keys->client_write_key,
|
Hc128_SetKey(enc->hc128, keys->client_write_key,
|
||||||
keys->client_write_IV);
|
keys->client_write_IV);
|
||||||
Hc128_SetKey(&dec->hc128, keys->server_write_key,
|
Hc128_SetKey(dec->hc128, keys->server_write_key,
|
||||||
keys->server_write_IV);
|
keys->server_write_IV);
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
Hc128_SetKey(&enc->hc128, keys->server_write_key,
|
Hc128_SetKey(enc->hc128, keys->server_write_key,
|
||||||
keys->server_write_IV);
|
keys->server_write_IV);
|
||||||
Hc128_SetKey(&dec->hc128, keys->client_write_key,
|
Hc128_SetKey(dec->hc128, keys->client_write_key,
|
||||||
keys->client_write_IV);
|
keys->client_write_IV);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -953,16 +965,22 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
|
|||||||
|
|
||||||
#ifdef BUILD_RABBIT
|
#ifdef BUILD_RABBIT
|
||||||
if (specs->bulk_cipher_algorithm == rabbit) {
|
if (specs->bulk_cipher_algorithm == rabbit) {
|
||||||
|
enc->rabbit = (Rabbit*)XMALLOC(sizeof(Rabbit),heap,DYNAMIC_TYPE_CIPHER);
|
||||||
|
if (enc->rabbit == NULL)
|
||||||
|
return MEMORY_E;
|
||||||
|
dec->rabbit = (Rabbit*)XMALLOC(sizeof(Rabbit),heap,DYNAMIC_TYPE_CIPHER);
|
||||||
|
if (dec->rabbit == NULL)
|
||||||
|
return MEMORY_E;
|
||||||
if (side == CLIENT_END) {
|
if (side == CLIENT_END) {
|
||||||
RabbitSetKey(&enc->rabbit, keys->client_write_key,
|
RabbitSetKey(enc->rabbit, keys->client_write_key,
|
||||||
keys->client_write_IV);
|
keys->client_write_IV);
|
||||||
RabbitSetKey(&dec->rabbit, keys->server_write_key,
|
RabbitSetKey(dec->rabbit, keys->server_write_key,
|
||||||
keys->server_write_IV);
|
keys->server_write_IV);
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
RabbitSetKey(&enc->rabbit, keys->server_write_key,
|
RabbitSetKey(enc->rabbit, keys->server_write_key,
|
||||||
keys->server_write_IV);
|
keys->server_write_IV);
|
||||||
RabbitSetKey(&dec->rabbit, keys->client_write_key,
|
RabbitSetKey(dec->rabbit, keys->client_write_key,
|
||||||
keys->client_write_IV);
|
keys->client_write_IV);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -970,16 +988,22 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
|
|||||||
|
|
||||||
#ifdef BUILD_DES3
|
#ifdef BUILD_DES3
|
||||||
if (specs->bulk_cipher_algorithm == triple_des) {
|
if (specs->bulk_cipher_algorithm == triple_des) {
|
||||||
|
enc->des3 = (Des3*)XMALLOC(sizeof(Des3), heap, DYNAMIC_TYPE_CIPHER);
|
||||||
|
if (enc->des3 == NULL)
|
||||||
|
return MEMORY_E;
|
||||||
|
dec->des3 = (Des3*)XMALLOC(sizeof(Des3), heap, DYNAMIC_TYPE_CIPHER);
|
||||||
|
if (dec->des3 == NULL)
|
||||||
|
return MEMORY_E;
|
||||||
if (side == CLIENT_END) {
|
if (side == CLIENT_END) {
|
||||||
Des3_SetKey(&enc->des3, keys->client_write_key,
|
Des3_SetKey(enc->des3, keys->client_write_key,
|
||||||
keys->client_write_IV, DES_ENCRYPTION);
|
keys->client_write_IV, DES_ENCRYPTION);
|
||||||
Des3_SetKey(&dec->des3, keys->server_write_key,
|
Des3_SetKey(dec->des3, keys->server_write_key,
|
||||||
keys->server_write_IV, DES_DECRYPTION);
|
keys->server_write_IV, DES_DECRYPTION);
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
Des3_SetKey(&enc->des3, keys->server_write_key,
|
Des3_SetKey(enc->des3, keys->server_write_key,
|
||||||
keys->server_write_IV, DES_ENCRYPTION);
|
keys->server_write_IV, DES_ENCRYPTION);
|
||||||
Des3_SetKey(&dec->des3, keys->client_write_key,
|
Des3_SetKey(dec->des3, keys->client_write_key,
|
||||||
keys->client_write_IV, DES_DECRYPTION);
|
keys->client_write_IV, DES_DECRYPTION);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -987,19 +1011,25 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
|
|||||||
|
|
||||||
#ifdef BUILD_AES
|
#ifdef BUILD_AES
|
||||||
if (specs->bulk_cipher_algorithm == aes) {
|
if (specs->bulk_cipher_algorithm == aes) {
|
||||||
|
enc->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
|
||||||
|
if (enc->aes == NULL)
|
||||||
|
return MEMORY_E;
|
||||||
|
dec->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
|
||||||
|
if (dec->aes == NULL)
|
||||||
|
return MEMORY_E;
|
||||||
if (side == CLIENT_END) {
|
if (side == CLIENT_END) {
|
||||||
AesSetKey(&enc->aes, keys->client_write_key,
|
AesSetKey(enc->aes, keys->client_write_key,
|
||||||
specs->key_size, keys->client_write_IV,
|
specs->key_size, keys->client_write_IV,
|
||||||
AES_ENCRYPTION);
|
AES_ENCRYPTION);
|
||||||
AesSetKey(&dec->aes, keys->server_write_key,
|
AesSetKey(dec->aes, keys->server_write_key,
|
||||||
specs->key_size, keys->server_write_IV,
|
specs->key_size, keys->server_write_IV,
|
||||||
AES_DECRYPTION);
|
AES_DECRYPTION);
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
AesSetKey(&enc->aes, keys->server_write_key,
|
AesSetKey(enc->aes, keys->server_write_key,
|
||||||
specs->key_size, keys->server_write_IV,
|
specs->key_size, keys->server_write_IV,
|
||||||
AES_ENCRYPTION);
|
AES_ENCRYPTION);
|
||||||
AesSetKey(&dec->aes, keys->client_write_key,
|
AesSetKey(dec->aes, keys->client_write_key,
|
||||||
specs->key_size, keys->client_write_IV,
|
specs->key_size, keys->client_write_IV,
|
||||||
AES_DECRYPTION);
|
AES_DECRYPTION);
|
||||||
}
|
}
|
||||||
@@ -1008,16 +1038,28 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
|
|||||||
|
|
||||||
#ifdef BUILD_AESGCM
|
#ifdef BUILD_AESGCM
|
||||||
if (specs->bulk_cipher_algorithm == aes_gcm) {
|
if (specs->bulk_cipher_algorithm == aes_gcm) {
|
||||||
|
byte iv[AES_GCM_EXP_IV_SZ];
|
||||||
|
enc->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
|
||||||
|
if (enc->aes == NULL)
|
||||||
|
return MEMORY_E;
|
||||||
|
dec->aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_CIPHER);
|
||||||
|
if (dec->aes == NULL)
|
||||||
|
return MEMORY_E;
|
||||||
|
|
||||||
|
/* Initialize the AES-GCM explicit IV to a random number. */
|
||||||
|
RNG_GenerateBlock(rng, iv, sizeof(iv));
|
||||||
|
AesGcmSetExpIV(enc->aes, iv);
|
||||||
|
|
||||||
if (side == CLIENT_END) {
|
if (side == CLIENT_END) {
|
||||||
AesGcmSetKey(&enc->aes, keys->client_write_key, specs->key_size,
|
AesGcmSetKey(enc->aes, keys->client_write_key, specs->key_size,
|
||||||
keys->client_write_IV);
|
keys->client_write_IV);
|
||||||
AesGcmSetKey(&dec->aes, keys->server_write_key, specs->key_size,
|
AesGcmSetKey(dec->aes, keys->server_write_key, specs->key_size,
|
||||||
keys->server_write_IV);
|
keys->server_write_IV);
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
AesGcmSetKey(&enc->aes, keys->server_write_key, specs->key_size,
|
AesGcmSetKey(enc->aes, keys->server_write_key, specs->key_size,
|
||||||
keys->server_write_IV);
|
keys->server_write_IV);
|
||||||
AesGcmSetKey(&dec->aes, keys->client_write_key, specs->key_size,
|
AesGcmSetKey(dec->aes, keys->client_write_key, specs->key_size,
|
||||||
keys->client_write_IV);
|
keys->client_write_IV);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -1026,6 +1068,7 @@ static int SetKeys(Ciphers* enc, Ciphers* dec, Keys* keys, CipherSpecs* specs,
|
|||||||
keys->sequence_number = 0;
|
keys->sequence_number = 0;
|
||||||
keys->peer_sequence_number = 0;
|
keys->peer_sequence_number = 0;
|
||||||
keys->encryptionOn = 0;
|
keys->encryptionOn = 0;
|
||||||
|
(void)rng;
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
@@ -1043,16 +1086,6 @@ int StoreKeys(CYASSL* ssl, const byte* keyData)
|
|||||||
XMEMCPY(ssl->keys.server_write_MAC_secret,&keyData[i], sz);
|
XMEMCPY(ssl->keys.server_write_MAC_secret,&keyData[i], sz);
|
||||||
i += sz;
|
i += sz;
|
||||||
}
|
}
|
||||||
#ifdef BUILD_AESGCM
|
|
||||||
else if (ssl->specs.bulk_cipher_algorithm == aes_gcm) {
|
|
||||||
byte iv[AES_GCM_EXP_IV_SZ];
|
|
||||||
|
|
||||||
/* Initialize the AES-GCM explicit IV to a random number. */
|
|
||||||
RNG_GenerateBlock(&ssl->rng, iv, sizeof(iv));
|
|
||||||
AesGcmSetExpIV(&ssl->encrypt.aes, iv);
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
|
|
||||||
sz = ssl->specs.key_size;
|
sz = ssl->specs.key_size;
|
||||||
XMEMCPY(ssl->keys.client_write_key, &keyData[i], sz);
|
XMEMCPY(ssl->keys.client_write_key, &keyData[i], sz);
|
||||||
i += sz;
|
i += sz;
|
||||||
@@ -1065,7 +1098,7 @@ int StoreKeys(CYASSL* ssl, const byte* keyData)
|
|||||||
XMEMCPY(ssl->keys.server_write_IV, &keyData[i], sz);
|
XMEMCPY(ssl->keys.server_write_IV, &keyData[i], sz);
|
||||||
|
|
||||||
return SetKeys(&ssl->encrypt, &ssl->decrypt, &ssl->keys, &ssl->specs,
|
return SetKeys(&ssl->encrypt, &ssl->decrypt, &ssl->keys, &ssl->specs,
|
||||||
ssl->options.side);
|
ssl->options.side, ssl->heap, ssl->rng);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@@ -1103,7 +1136,6 @@ int DeriveKeys(CYASSL* ssl)
|
|||||||
XMEMCPY(shaInput + idx, ssl->arrays.serverRandom, RAN_LEN);
|
XMEMCPY(shaInput + idx, ssl->arrays.serverRandom, RAN_LEN);
|
||||||
idx += RAN_LEN;
|
idx += RAN_LEN;
|
||||||
XMEMCPY(shaInput + idx, ssl->arrays.clientRandom, RAN_LEN);
|
XMEMCPY(shaInput + idx, ssl->arrays.clientRandom, RAN_LEN);
|
||||||
idx += RAN_LEN;
|
|
||||||
|
|
||||||
ShaUpdate(&sha, shaInput, sizeof(shaInput) - KEY_PREFIX + j);
|
ShaUpdate(&sha, shaInput, sizeof(shaInput) - KEY_PREFIX + j);
|
||||||
ShaFinal(&sha, shaOutput);
|
ShaFinal(&sha, shaOutput);
|
||||||
@@ -1124,7 +1156,7 @@ static void CleanPreMaster(CYASSL* ssl)
|
|||||||
for (i = 0; i < sz; i++)
|
for (i = 0; i < sz; i++)
|
||||||
ssl->arrays.preMasterSecret[i] = 0;
|
ssl->arrays.preMasterSecret[i] = 0;
|
||||||
|
|
||||||
RNG_GenerateBlock(&ssl->rng, ssl->arrays.preMasterSecret, sz);
|
RNG_GenerateBlock(ssl->rng, ssl->arrays.preMasterSecret, sz);
|
||||||
|
|
||||||
for (i = 0; i < sz; i++)
|
for (i = 0; i < sz; i++)
|
||||||
ssl->arrays.preMasterSecret[i] = 0;
|
ssl->arrays.preMasterSecret[i] = 0;
|
||||||
@@ -1133,7 +1165,7 @@ static void CleanPreMaster(CYASSL* ssl)
|
|||||||
|
|
||||||
|
|
||||||
/* Create and store the master secret see page 32, 6.1 */
|
/* Create and store the master secret see page 32, 6.1 */
|
||||||
int MakeMasterSecret(CYASSL* ssl)
|
static int MakeSslMasterSecret(CYASSL* ssl)
|
||||||
{
|
{
|
||||||
byte shaOutput[SHA_DIGEST_SIZE];
|
byte shaOutput[SHA_DIGEST_SIZE];
|
||||||
byte md5Input[ENCRYPT_LEN + SHA_DIGEST_SIZE];
|
byte md5Input[ENCRYPT_LEN + SHA_DIGEST_SIZE];
|
||||||
@@ -1155,10 +1187,6 @@ int MakeMasterSecret(CYASSL* ssl)
|
|||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifndef NO_TLS
|
|
||||||
if (ssl->options.tls) return MakeTlsMasterSecret(ssl);
|
|
||||||
#endif
|
|
||||||
|
|
||||||
InitMd5(&md5);
|
InitMd5(&md5);
|
||||||
InitSha(&sha);
|
InitSha(&sha);
|
||||||
|
|
||||||
@@ -1206,3 +1234,14 @@ int MakeMasterSecret(CYASSL* ssl)
|
|||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/* Master wrapper, doesn't use SSL stack space in TLS mode */
|
||||||
|
int MakeMasterSecret(CYASSL* ssl)
|
||||||
|
{
|
||||||
|
#ifndef NO_TLS
|
||||||
|
if (ssl->options.tls) return MakeTlsMasterSecret(ssl);
|
||||||
|
#endif
|
||||||
|
|
||||||
|
return MakeSslMasterSecret(ssl);
|
||||||
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -217,7 +217,8 @@ static const char* const msgTable[] =
|
|||||||
|
|
||||||
/* 66 */
|
/* 66 */
|
||||||
"Bad Finished Message Processing",
|
"Bad Finished Message Processing",
|
||||||
"Bad Compression Type"
|
"Bad Compression Type",
|
||||||
|
"Bad DeriveKeys Error"
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
@@ -1205,6 +1206,7 @@ static int ProcessServerHello(const byte* input, int* sslBytes,
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (doResume ) {
|
if (doResume ) {
|
||||||
|
int ret = 0;
|
||||||
SSL_SESSION* resume = GetSession(session->sslServer,
|
SSL_SESSION* resume = GetSession(session->sslServer,
|
||||||
session->sslServer->arrays.masterSecret);
|
session->sslServer->arrays.masterSecret);
|
||||||
if (resume == NULL) {
|
if (resume == NULL) {
|
||||||
@@ -1228,12 +1230,16 @@ static int ProcessServerHello(const byte* input, int* sslBytes,
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (session->sslServer->options.tls) {
|
if (session->sslServer->options.tls) {
|
||||||
DeriveTlsKeys(session->sslServer);
|
ret = DeriveTlsKeys(session->sslServer);
|
||||||
DeriveTlsKeys(session->sslClient);
|
ret += DeriveTlsKeys(session->sslClient);
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
DeriveKeys(session->sslServer);
|
ret = DeriveKeys(session->sslServer);
|
||||||
DeriveKeys(session->sslClient);
|
ret += DeriveKeys(session->sslClient);
|
||||||
|
}
|
||||||
|
if (ret != 0) {
|
||||||
|
SetError(BAD_DERIVE_STR, error, session, FATAL_ERROR_STATE);
|
||||||
|
return -1;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
#ifdef SHOW_SECRETS
|
#ifdef SHOW_SECRETS
|
||||||
@@ -1517,31 +1523,31 @@ static void Decrypt(SSL* ssl, byte* output, const byte* input, word32 sz)
|
|||||||
switch (ssl->specs.bulk_cipher_algorithm) {
|
switch (ssl->specs.bulk_cipher_algorithm) {
|
||||||
#ifdef BUILD_ARC4
|
#ifdef BUILD_ARC4
|
||||||
case rc4:
|
case rc4:
|
||||||
Arc4Process(&ssl->decrypt.arc4, output, input, sz);
|
Arc4Process(ssl->decrypt.arc4, output, input, sz);
|
||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef BUILD_DES3
|
#ifdef BUILD_DES3
|
||||||
case triple_des:
|
case triple_des:
|
||||||
Des3_CbcDecrypt(&ssl->decrypt.des3, output, input, sz);
|
Des3_CbcDecrypt(ssl->decrypt.des3, output, input, sz);
|
||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef BUILD_AES
|
#ifdef BUILD_AES
|
||||||
case aes:
|
case aes:
|
||||||
AesCbcDecrypt(&ssl->decrypt.aes, output, input, sz);
|
AesCbcDecrypt(ssl->decrypt.aes, output, input, sz);
|
||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef HAVE_HC128
|
#ifdef HAVE_HC128
|
||||||
case hc128:
|
case hc128:
|
||||||
Hc128_Process(&ssl->decrypt.hc128, output, input, sz);
|
Hc128_Process(ssl->decrypt.hc128, output, input, sz);
|
||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#ifdef BUILD_RABBIT
|
#ifdef BUILD_RABBIT
|
||||||
case rabbit:
|
case rabbit:
|
||||||
RabbitProcess(&ssl->decrypt.rabbit, output, input, sz);
|
RabbitProcess(ssl->decrypt.rabbit, output, input, sz);
|
||||||
break;
|
break;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|||||||
60
src/ssl.c
60
src/ssl.c
@@ -216,6 +216,34 @@ int CyaSSL_negotiate(CYASSL* ssl)
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/* object size based on build */
|
||||||
|
int CyaSSL_GetObjectSize(void)
|
||||||
|
{
|
||||||
|
#ifdef SHOW_SIZES
|
||||||
|
printf("sizeof suites = %lu\n", sizeof(Suites));
|
||||||
|
printf("sizeof ciphers(2) = %lu\n", sizeof(Ciphers));
|
||||||
|
printf("\tsizeof arc4 = %lu\n", sizeof(Arc4));
|
||||||
|
printf("\tsizeof aes = %lu\n", sizeof(Aes));
|
||||||
|
printf("\tsizeof des3 = %lu\n", sizeof(Des3));
|
||||||
|
printf("\tsizeof rabbit = %lu\n", sizeof(Rabbit));
|
||||||
|
printf("sizeof cipher specs = %lu\n", sizeof(CipherSpecs));
|
||||||
|
printf("sizeof keys = %lu\n", sizeof(Keys));
|
||||||
|
printf("sizeof MD5 = %lu\n", sizeof(Md5));
|
||||||
|
printf("sizeof SHA = %lu\n", sizeof(Sha));
|
||||||
|
printf("sizeof SHA256 = %lu\n", sizeof(Sha256));
|
||||||
|
printf("sizeof Hashes(2) = %lu\n", sizeof(Hashes));
|
||||||
|
printf("sizeof Buffers = %lu\n", sizeof(Buffers));
|
||||||
|
printf("sizeof Options = %lu\n", sizeof(Options));
|
||||||
|
printf("sizeof Arrays = %lu\n", sizeof(Arrays));
|
||||||
|
printf("sizeof Session = %lu\n", sizeof(CYASSL_SESSION));
|
||||||
|
printf("sizeof peerKey = %lu\n", sizeof(RsaKey));
|
||||||
|
printf("sizeof CYASSL_CIPHER = %lu\n", sizeof(CYASSL_CIPHER));
|
||||||
|
#endif
|
||||||
|
|
||||||
|
return sizeof(CYASSL);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
/* server Diffie-Hellman parameters */
|
/* server Diffie-Hellman parameters */
|
||||||
int CyaSSL_SetTmpDH(CYASSL* ssl, const unsigned char* p, int pSz,
|
int CyaSSL_SetTmpDH(CYASSL* ssl, const unsigned char* p, int pSz,
|
||||||
const unsigned char* g, int gSz)
|
const unsigned char* g, int gSz)
|
||||||
@@ -256,7 +284,7 @@ int CyaSSL_SetTmpDH(CYASSL* ssl, const unsigned char* p, int pSz,
|
|||||||
#ifndef NO_PSK
|
#ifndef NO_PSK
|
||||||
havePSK = ssl->options.havePSK;
|
havePSK = ssl->options.havePSK;
|
||||||
#endif
|
#endif
|
||||||
InitSuites(&ssl->suites, ssl->version, ssl->options.haveDH,
|
InitSuites(ssl->suites, ssl->version, ssl->options.haveDH,
|
||||||
havePSK, ssl->options.haveNTRU, ssl->options.haveECDSAsig,
|
havePSK, ssl->options.haveNTRU, ssl->options.haveECDSAsig,
|
||||||
ssl->options.haveStaticECC, ssl->options.side);
|
ssl->options.haveStaticECC, ssl->options.side);
|
||||||
|
|
||||||
@@ -542,7 +570,7 @@ int CyaSSL_SetVersion(CYASSL* ssl, int version)
|
|||||||
havePSK = ssl->options.havePSK;
|
havePSK = ssl->options.havePSK;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
InitSuites(&ssl->suites, ssl->version, ssl->options.haveDH, havePSK,
|
InitSuites(ssl->suites, ssl->version, ssl->options.haveDH, havePSK,
|
||||||
ssl->options.haveNTRU, ssl->options.haveECDSAsig,
|
ssl->options.haveNTRU, ssl->options.haveECDSAsig,
|
||||||
ssl->options.haveStaticECC, ssl->options.side);
|
ssl->options.haveStaticECC, ssl->options.side);
|
||||||
|
|
||||||
@@ -729,7 +757,6 @@ int AddCA(CYASSL_CERT_MANAGER* cm, buffer der, int type, int verify)
|
|||||||
|
|
||||||
(void)heap;
|
(void)heap;
|
||||||
(void)dynamicType;
|
(void)dynamicType;
|
||||||
(void)pkcs8Enc;
|
|
||||||
|
|
||||||
if (type == CERT_TYPE || type == CA_TYPE) {
|
if (type == CERT_TYPE || type == CA_TYPE) {
|
||||||
XSTRNCPY(header, "-----BEGIN CERTIFICATE-----", sizeof(header));
|
XSTRNCPY(header, "-----BEGIN CERTIFICATE-----", sizeof(header));
|
||||||
@@ -766,8 +793,10 @@ int AddCA(CYASSL_CERT_MANAGER* cm, buffer der, int type, int verify)
|
|||||||
sizeof(footer));
|
sizeof(footer));
|
||||||
|
|
||||||
headerEnd = XSTRNSTR((char*)buff, header, sz);
|
headerEnd = XSTRNSTR((char*)buff, header, sz);
|
||||||
if (headerEnd)
|
if (headerEnd) {
|
||||||
pkcs8Enc = 1;
|
pkcs8Enc = 1;
|
||||||
|
(void)pkcs8Enc; /* only opensslextra will read */
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (!headerEnd && type == PRIVATEKEY_TYPE) { /* may be ecc */
|
if (!headerEnd && type == PRIVATEKEY_TYPE) { /* may be ecc */
|
||||||
@@ -876,7 +905,7 @@ int AddCA(CYASSL_CERT_MANAGER* cm, buffer der, int type, int verify)
|
|||||||
int passwordSz;
|
int passwordSz;
|
||||||
char password[80];
|
char password[80];
|
||||||
|
|
||||||
if (!info->ctx || !info->ctx->passwd_cb)
|
if (!info || !info->ctx || !info->ctx->passwd_cb)
|
||||||
return SSL_BAD_FILE; /* no callback error */
|
return SSL_BAD_FILE; /* no callback error */
|
||||||
passwordSz = info->ctx->passwd_cb(password, sizeof(password), 0,
|
passwordSz = info->ctx->passwd_cb(password, sizeof(password), 0,
|
||||||
info->ctx->userdata);
|
info->ctx->userdata);
|
||||||
@@ -943,7 +972,7 @@ int AddCA(CYASSL_CERT_MANAGER* cm, buffer der, int type, int verify)
|
|||||||
CYASSL_MSG("Growing Tmp Chain Buffer");
|
CYASSL_MSG("Growing Tmp Chain Buffer");
|
||||||
bufferSz = sz - consumed; /* will shrink to actual size */
|
bufferSz = sz - consumed; /* will shrink to actual size */
|
||||||
chainBuffer = (byte*)XMALLOC(bufferSz, ctx->heap,
|
chainBuffer = (byte*)XMALLOC(bufferSz, ctx->heap,
|
||||||
DYNAMIC_FILE_TYPE);
|
DYNAMIC_TYPE_FILE);
|
||||||
if (chainBuffer == NULL) {
|
if (chainBuffer == NULL) {
|
||||||
XFREE(der.buffer, ctx->heap, dynamicType);
|
XFREE(der.buffer, ctx->heap, dynamicType);
|
||||||
return MEMORY_E;
|
return MEMORY_E;
|
||||||
@@ -1393,6 +1422,7 @@ int CyaSSL_CertManagerVerifyBuffer(CYASSL_CERT_MANAGER* cm, const byte* buff,
|
|||||||
CYASSL_ENTER("CyaSSL_CertManagerVerifyBuffer");
|
CYASSL_ENTER("CyaSSL_CertManagerVerifyBuffer");
|
||||||
|
|
||||||
der.buffer = NULL;
|
der.buffer = NULL;
|
||||||
|
der.length = 0;
|
||||||
|
|
||||||
if (format == SSL_FILETYPE_PEM) {
|
if (format == SSL_FILETYPE_PEM) {
|
||||||
EncryptedInfo info;
|
EncryptedInfo info;
|
||||||
@@ -2164,14 +2194,14 @@ int CyaSSL_CTX_set_cipher_list(CYASSL_CTX* ctx, const char* list)
|
|||||||
int CyaSSL_set_cipher_list(CYASSL* ssl, const char* list)
|
int CyaSSL_set_cipher_list(CYASSL* ssl, const char* list)
|
||||||
{
|
{
|
||||||
CYASSL_ENTER("CyaSSL_set_cipher_list");
|
CYASSL_ENTER("CyaSSL_set_cipher_list");
|
||||||
if (SetCipherList(&ssl->suites, list)) {
|
if (SetCipherList(ssl->suites, list)) {
|
||||||
byte havePSK = 0;
|
byte havePSK = 0;
|
||||||
|
|
||||||
#ifndef NO_PSK
|
#ifndef NO_PSK
|
||||||
havePSK = ssl->options.havePSK;
|
havePSK = ssl->options.havePSK;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
InitSuites(&ssl->suites, ssl->version, ssl->options.haveDH, havePSK,
|
InitSuites(ssl->suites, ssl->version, ssl->options.haveDH, havePSK,
|
||||||
ssl->options.haveNTRU, ssl->options.haveECDSAsig,
|
ssl->options.haveNTRU, ssl->options.haveECDSAsig,
|
||||||
ssl->options.haveStaticECC, ssl->options.side);
|
ssl->options.haveStaticECC, ssl->options.side);
|
||||||
|
|
||||||
@@ -2413,8 +2443,7 @@ void CyaSSL_dtls_got_timeout(CYASSL* ssl)
|
|||||||
CYASSL_MSG("connect state: SECOND_REPLY_DONE");
|
CYASSL_MSG("connect state: SECOND_REPLY_DONE");
|
||||||
|
|
||||||
case SECOND_REPLY_DONE:
|
case SECOND_REPLY_DONE:
|
||||||
if (ssl->buffers.inputBuffer.dynamicFlag)
|
FreeHandshakeResources(ssl);
|
||||||
ShrinkInputBuffer(ssl, NO_FORCED_FREE);
|
|
||||||
CYASSL_LEAVE("SSL_connect()", SSL_SUCCESS);
|
CYASSL_LEAVE("SSL_connect()", SSL_SUCCESS);
|
||||||
return SSL_SUCCESS;
|
return SSL_SUCCESS;
|
||||||
|
|
||||||
@@ -2490,7 +2519,7 @@ void CyaSSL_dtls_got_timeout(CYASSL* ssl)
|
|||||||
#ifdef HAVE_ECC
|
#ifdef HAVE_ECC
|
||||||
/* in case used set_accept_state after init */
|
/* in case used set_accept_state after init */
|
||||||
if (ssl->eccTempKeyPresent == 0) {
|
if (ssl->eccTempKeyPresent == 0) {
|
||||||
if (ecc_make_key(&ssl->rng, ssl->eccTempKeySz,
|
if (ecc_make_key(ssl->rng, ssl->eccTempKeySz,
|
||||||
&ssl->eccTempKey) != 0) {
|
&ssl->eccTempKey) != 0) {
|
||||||
ssl->error = ECC_MAKEKEY_ERROR;
|
ssl->error = ECC_MAKEKEY_ERROR;
|
||||||
CYASSL_ERROR(ssl->error);
|
CYASSL_ERROR(ssl->error);
|
||||||
@@ -2650,8 +2679,7 @@ void CyaSSL_dtls_got_timeout(CYASSL* ssl)
|
|||||||
CYASSL_MSG("accept state ACCEPT_THIRD_REPLY_DONE");
|
CYASSL_MSG("accept state ACCEPT_THIRD_REPLY_DONE");
|
||||||
|
|
||||||
case ACCEPT_THIRD_REPLY_DONE :
|
case ACCEPT_THIRD_REPLY_DONE :
|
||||||
if (ssl->buffers.inputBuffer.dynamicFlag)
|
FreeHandshakeResources(ssl);
|
||||||
ShrinkInputBuffer(ssl, NO_FORCED_FREE);
|
|
||||||
CYASSL_LEAVE("SSL_accept()", SSL_SUCCESS);
|
CYASSL_LEAVE("SSL_accept()", SSL_SUCCESS);
|
||||||
return SSL_SUCCESS;
|
return SSL_SUCCESS;
|
||||||
|
|
||||||
@@ -3221,7 +3249,7 @@ int CyaSSL_set_compression(CYASSL* ssl)
|
|||||||
ssl->options.havePSK = 1;
|
ssl->options.havePSK = 1;
|
||||||
ssl->options.client_psk_cb = cb;
|
ssl->options.client_psk_cb = cb;
|
||||||
|
|
||||||
InitSuites(&ssl->suites, ssl->version,TRUE,TRUE, ssl->options.haveNTRU,
|
InitSuites(ssl->suites, ssl->version,TRUE,TRUE, ssl->options.haveNTRU,
|
||||||
ssl->options.haveECDSAsig, ssl->options.haveStaticECC,
|
ssl->options.haveECDSAsig, ssl->options.haveStaticECC,
|
||||||
ssl->options.side);
|
ssl->options.side);
|
||||||
}
|
}
|
||||||
@@ -3242,7 +3270,7 @@ int CyaSSL_set_compression(CYASSL* ssl)
|
|||||||
ssl->options.havePSK = 1;
|
ssl->options.havePSK = 1;
|
||||||
ssl->options.server_psk_cb = cb;
|
ssl->options.server_psk_cb = cb;
|
||||||
|
|
||||||
InitSuites(&ssl->suites, ssl->version, ssl->options.haveDH, TRUE,
|
InitSuites(ssl->suites, ssl->version, ssl->options.haveDH, TRUE,
|
||||||
ssl->options.haveNTRU, ssl->options.haveECDSAsig,
|
ssl->options.haveNTRU, ssl->options.haveECDSAsig,
|
||||||
ssl->options.haveStaticECC, ssl->options.side);
|
ssl->options.haveStaticECC, ssl->options.side);
|
||||||
}
|
}
|
||||||
@@ -3467,7 +3495,7 @@ int CyaSSL_set_compression(CYASSL* ssl)
|
|||||||
#ifndef NO_PSK
|
#ifndef NO_PSK
|
||||||
havePSK = ssl->options.havePSK;
|
havePSK = ssl->options.havePSK;
|
||||||
#endif
|
#endif
|
||||||
InitSuites(&ssl->suites, ssl->version, ssl->options.haveDH, havePSK,
|
InitSuites(ssl->suites, ssl->version, ssl->options.haveDH, havePSK,
|
||||||
ssl->options.haveNTRU, ssl->options.haveECDSAsig,
|
ssl->options.haveNTRU, ssl->options.haveECDSAsig,
|
||||||
ssl->options.haveStaticECC, ssl->options.side);
|
ssl->options.haveStaticECC, ssl->options.side);
|
||||||
}
|
}
|
||||||
|
|||||||
36
src/tls.c
36
src/tls.c
@@ -120,9 +120,8 @@ static void p_hash(byte* result, word32 resLen, const byte* secret,
|
|||||||
|
|
||||||
|
|
||||||
/* compute TLSv1 PRF (pseudo random function using HMAC) */
|
/* compute TLSv1 PRF (pseudo random function using HMAC) */
|
||||||
static void PRF(byte* digest, word32 digLen, const byte* secret, word32 secLen,
|
static void doPRF(byte* digest, word32 digLen, const byte* secret,word32 secLen,
|
||||||
const byte* label, word32 labLen, const byte* seed, word32 seedLen,
|
const byte* label, word32 labLen, const byte* seed, word32 seedLen)
|
||||||
int useAtLeastSha256, int hash_type)
|
|
||||||
{
|
{
|
||||||
word32 half = (secLen + 1) / 2;
|
word32 half = (secLen + 1) / 2;
|
||||||
|
|
||||||
@@ -145,21 +144,38 @@ static void PRF(byte* digest, word32 digLen, const byte* secret, word32 secLen,
|
|||||||
XMEMCPY(labelSeed, label, labLen);
|
XMEMCPY(labelSeed, label, labLen);
|
||||||
XMEMCPY(labelSeed + labLen, seed, seedLen);
|
XMEMCPY(labelSeed + labLen, seed, seedLen);
|
||||||
|
|
||||||
|
p_hash(md5_result, digLen, md5_half, half, labelSeed, labLen + seedLen,
|
||||||
|
md5_mac);
|
||||||
|
p_hash(sha_result, digLen, sha_half, half, labelSeed, labLen + seedLen,
|
||||||
|
sha_mac);
|
||||||
|
get_xor(digest, digLen, md5_result, sha_result);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/* Wrapper to call straight thru to p_hash in TSL 1.2 cases to remove stack
|
||||||
|
use */
|
||||||
|
static void PRF(byte* digest, word32 digLen, const byte* secret, word32 secLen,
|
||||||
|
const byte* label, word32 labLen, const byte* seed, word32 seedLen,
|
||||||
|
int useAtLeastSha256, int hash_type)
|
||||||
|
{
|
||||||
if (useAtLeastSha256) {
|
if (useAtLeastSha256) {
|
||||||
|
byte labelSeed[MAX_PRF_LABSEED]; /* labLen + seedLen is real size */
|
||||||
|
|
||||||
|
if (labLen + seedLen > MAX_PRF_LABSEED)
|
||||||
|
return;
|
||||||
|
|
||||||
|
XMEMCPY(labelSeed, label, labLen);
|
||||||
|
XMEMCPY(labelSeed + labLen, seed, seedLen);
|
||||||
|
|
||||||
/* If a cipher suite wants an algorithm better than sha256, it
|
/* If a cipher suite wants an algorithm better than sha256, it
|
||||||
* should use better. */
|
* should use better. */
|
||||||
if (hash_type < sha256_mac)
|
if (hash_type < sha256_mac)
|
||||||
hash_type = sha256_mac;
|
hash_type = sha256_mac;
|
||||||
p_hash(digest, digLen, secret, secLen, labelSeed, labLen + seedLen,
|
p_hash(digest, digLen, secret, secLen, labelSeed, labLen + seedLen,
|
||||||
hash_type);
|
hash_type);
|
||||||
return;
|
|
||||||
}
|
}
|
||||||
|
else
|
||||||
p_hash(md5_result, digLen, md5_half, half, labelSeed, labLen + seedLen,
|
doPRF(digest, digLen, secret, secLen, label, labLen, seed, seedLen);
|
||||||
md5_mac);
|
|
||||||
p_hash(sha_result, digLen, sha_half, half, labelSeed, labLen + seedLen,
|
|
||||||
sha_mac);
|
|
||||||
get_xor(digest, digLen, md5_result, sha_result);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user