/* ssl.c

 *

 * Copyright (C) 2006-2022 wolfSSL Inc.

 *

 * This file is part of wolfSSL.

 *

 * wolfSSL is free software; you can redistribute it and/or modify

 * it under the terms of the GNU General Public License as published by

 * the Free Software Foundation; either version 2 of the License, or

 * (at your option) any later version.

 *

 * wolfSSL is distributed in the hope that it will be useful,

 * but WITHOUT ANY WARRANTY; without even the implied warranty of

 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

 * GNU General Public License for more details.

 *

 * You should have received a copy of the GNU General Public License

 * along with this program; if not, write to the Free Software

 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA

 */

#ifdef HAVE_CONFIG_H

    #include <config.h>

#endif

#include <wolfssl/wolfcrypt/settings.h>

#if defined(OPENSSL_EXTRA) && !defined(_WIN32)

    /* turn on GNU extensions for XISASCII */

    #undef  _GNU_SOURCE

    #define _GNU_SOURCE

#endif

#if !defined(WOLFCRYPT_ONLY) || defined(OPENSSL_EXTRA) || \

    defined(OPENSSL_EXTRA_X509_SMALL)

#include <wolfssl/internal.h>

#include <wolfssl/error-ssl.h>

#include <wolfssl/wolfcrypt/coding.h>

#include <wolfssl/wolfcrypt/kdf.h>

#ifdef NO_INLINE

    #include <wolfssl/wolfcrypt/misc.h>

#else

    #define WOLFSSL_MISC_INCLUDED

    #include <wolfcrypt/src/misc.c>

#endif

#ifdef HAVE_ERRNO_H

    #include <errno.h>

#endif

#if !defined(WOLFSSL_ALLOW_NO_SUITES) && !defined(WOLFCRYPT_ONLY)

    #if defined(NO_DH) && !defined(HAVE_ECC) && !defined(WOLFSSL_STATIC_RSA) \

                && !defined(WOLFSSL_STATIC_DH) && !defined(WOLFSSL_STATIC_PSK) \

                && !defined(HAVE_CURVE25519) && !defined(HAVE_CURVE448)

        #error "No cipher suites defined because DH disabled, ECC disabled, and no static suites defined. Please see top of README"

    #endif

    #ifdef WOLFSSL_CERT_GEN

        /* need access to Cert struct for creating certificate */

        #include <wolfssl/wolfcrypt/asn_public.h>

    #endif

#endif

#if !defined(WOLFCRYPT_ONLY) && (defined(OPENSSL_EXTRA)     \

    || defined(OPENSSL_EXTRA_X509_SMALL)                    \

    || defined(HAVE_WEBSERVER) || defined(WOLFSSL_KEY_GEN))

    #include <wolfssl/openssl/evp.h>

    /* openssl headers end, wolfssl internal headers next */

#endif

#include <wolfssl/wolfcrypt/wc_encrypt.h>

#ifndef NO_RSA

    #include <wolfssl/wolfcrypt/rsa.h>

#endif

#ifdef OPENSSL_EXTRA

    /* openssl headers begin */

    #include <wolfssl/openssl/ssl.h>

    #include <wolfssl/openssl/aes.h>

#ifndef WOLFCRYPT_ONLY

    #include <wolfssl/openssl/hmac.h>

    #include <wolfssl/openssl/cmac.h>

#endif

    #include <wolfssl/openssl/crypto.h>

    #include <wolfssl/openssl/des.h>

    #include <wolfssl/openssl/bn.h>

    #include <wolfssl/openssl/buffer.h>

    #include <wolfssl/openssl/dh.h>

    #include <wolfssl/openssl/rsa.h>

    #include <wolfssl/openssl/fips_rand.h>

#ifndef WOLFCRYPT_ONLY

    #include <wolfssl/openssl/pem.h>

#endif

    #include <wolfssl/openssl/ec.h>

    #include <wolfssl/openssl/ec25519.h>

    #include <wolfssl/openssl/ed25519.h>

    #include <wolfssl/openssl/ec448.h>

    #include <wolfssl/openssl/ed448.h>

    #include <wolfssl/openssl/ecdsa.h>

    #include <wolfssl/openssl/ecdh.h>

    #include <wolfssl/openssl/err.h>

    #include <wolfssl/openssl/modes.h>

    #include <wolfssl/openssl/opensslv.h>

    #include <wolfssl/openssl/rc4.h>

    #include <wolfssl/openssl/stack.h>

    #include <wolfssl/openssl/x509_vfy.h>

    /* openssl headers end, wolfssl internal headers next */

    #include <wolfssl/wolfcrypt/hmac.h>

    #include <wolfssl/wolfcrypt/random.h>

    #include <wolfssl/wolfcrypt/des3.h>

    #include <wolfssl/wolfcrypt/ecc.h>

    #include <wolfssl/wolfcrypt/md4.h>

    #include <wolfssl/wolfcrypt/md5.h>

    #include <wolfssl/wolfcrypt/arc4.h>

    #include <wolfssl/wolfcrypt/curve25519.h>

    #include <wolfssl/wolfcrypt/ed25519.h>

    #include <wolfssl/wolfcrypt/curve448.h>

    #if defined(HAVE_PQC)

    #if defined(HAVE_FALCON)

        #include <wolfssl/wolfcrypt/falcon.h>

    #endif /* HAVE_FALCON */

    #if defined(HAVE_DILITHIUM)

        #include <wolfssl/wolfcrypt/dilithium.h>

    #endif /* HAVE_DILITHIUM */

    #endif /* HAVE_PQC */

    #if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL)

        #ifdef HAVE_OCSP

            #include <wolfssl/openssl/ocsp.h>

        #endif

        #include <wolfssl/openssl/lhash.h>

        #include <wolfssl/openssl/txt_db.h>

    #endif /* WITH_STUNNEL */

    #if defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384)

        #include <wolfssl/wolfcrypt/sha512.h>

    #endif

    #if defined(WOLFCRYPT_HAVE_SRP) && !defined(NO_SHA256) \

        && !defined(WC_NO_RNG)

        #include <wolfssl/wolfcrypt/srp.h>

    #endif

    #if defined(HAVE_FIPS) || defined(HAVE_SELFTEST)

        #include <wolfssl/wolfcrypt/pkcs7.h>

    #endif

    #if defined(OPENSSL_ALL) && defined(HAVE_PKCS7)

        #include <wolfssl/openssl/pkcs7.h>

    #endif /* OPENSSL_ALL && HAVE_PKCS7 */

#endif

#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)

    #include <wolfssl/openssl/x509v3.h>

    int SetIndividualInternal(WOLFSSL_BIGNUM* bn, mp_int* mpi);

    int SetIndividualExternal(WOLFSSL_BIGNUM** bn, mp_int* mpi);

#endif

#if defined(WOLFSSL_QT)

    #include <wolfssl/wolfcrypt/sha.h>

#endif

#ifdef NO_ASN

    #include <wolfssl/wolfcrypt/dh.h>

#endif

#endif /* !WOLFCRYPT_ONLY || OPENSSL_EXTRA */

/*

 * OPENSSL_COMPATIBLE_DEFAULTS:

 *     Enable default behaviour that is compatible with OpenSSL. For example

 *     SSL_CTX by default doesn't verify the loaded certs. Enabling this

 *     should make porting to new projects easier.

 * WOLFSSL_CHECK_ALERT_ON_ERR:

 *     Check for alerts during the handshake in the event of an error.

 * NO_SESSION_CACHE_REF:

 *     wolfSSL_get_session on a client will return a reference to the internal

 *     ClientCache by default for backwards compatibility. This define will

 *     make wolfSSL_get_session return a reference to ssl->session. The returned

 *     pointer will be freed with the related WOLFSSL object.

 */

#define WOLFSSL_EVP_INCLUDED

#include "wolfcrypt/src/evp.c"

#ifndef WOLFCRYPT_ONLY

#define WOLFSSL_PK_INCLUDED

#include "src/pk.c"

#ifdef OPENSSL_EXTRA

    /* Global pointer to constant BN on */

    static WOLFSSL_BIGNUM* bn_one = NULL;

    /* WOLFSSL_NO_OPENSSL_RAND_CB: Allows way to reduce code size for

     *                OPENSSL_EXTRA where RAND callbacks are not used */

    #ifndef WOLFSSL_NO_OPENSSL_RAND_CB

        static const WOLFSSL_RAND_METHOD* gRandMethods = NULL;

        static int gRandMethodsInit = 0;

        static wolfSSL_Mutex gRandMethodMutex;

    #endif /* !WOLFSSL_NO_OPENSSL_RAND_CB */

#endif /* OPENSSL_EXTRA */

#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC)

const WOLF_EC_NIST_NAME kNistCurves[] = {

    {XSTR_SIZEOF("P-192"),   "P-192",   NID_X9_62_prime192v1},

    {XSTR_SIZEOF("P-256"),   "P-256",   NID_X9_62_prime256v1},

    {XSTR_SIZEOF("P-112"),   "P-112",   NID_secp112r1},

    {XSTR_SIZEOF("P-112-2"), "P-112-2", NID_secp112r2},

    {XSTR_SIZEOF("P-128"),   "P-128",   NID_secp128r1},

    {XSTR_SIZEOF("P-128-2"), "P-128-2", NID_secp128r2},

    {XSTR_SIZEOF("P-160"),   "P-160",   NID_secp160r1},

    {XSTR_SIZEOF("P-160-2"), "P-160-2", NID_secp160r2},

    {XSTR_SIZEOF("P-224"),   "P-224",   NID_secp224r1},

    {XSTR_SIZEOF("P-384"),   "P-384",   NID_secp384r1},

    {XSTR_SIZEOF("P-521"),   "P-521",   NID_secp521r1},

    {XSTR_SIZEOF("K-160"),   "K-160",   NID_secp160k1},

    {XSTR_SIZEOF("K-192"),   "K-192",   NID_secp192k1},

    {XSTR_SIZEOF("K-224"),   "K-224",   NID_secp224k1},

    {XSTR_SIZEOF("K-256"),   "K-256",   NID_secp256k1},

    {XSTR_SIZEOF("B-160"),   "B-160",   NID_brainpoolP160r1},

    {XSTR_SIZEOF("B-192"),   "B-192",   NID_brainpoolP192r1},

    {XSTR_SIZEOF("B-224"),   "B-224",   NID_brainpoolP224r1},

    {XSTR_SIZEOF("B-256"),   "B-256",   NID_brainpoolP256r1},

    {XSTR_SIZEOF("B-320"),   "B-320",   NID_brainpoolP320r1},

    {XSTR_SIZEOF("B-384"),   "B-384",   NID_brainpoolP384r1},

    {XSTR_SIZEOF("B-512"),   "B-512",   NID_brainpoolP512r1},

#ifdef HAVE_PQC

    {XSTR_SIZEOF("KYBER_LEVEL1"), "KYBER_LEVEL1", WOLFSSL_KYBER_LEVEL1},

    {XSTR_SIZEOF("KYBER_LEVEL3"), "KYBER_LEVEL3", WOLFSSL_KYBER_LEVEL3},

    {XSTR_SIZEOF("KYBER_LEVEL5"), "KYBER_LEVEL5", WOLFSSL_KYBER_LEVEL5},

#ifdef HAVE_LIBOQS

    {XSTR_SIZEOF("NTRU_HPS_LEVEL1"), "NTRU_HPS_LEVEL1", WOLFSSL_NTRU_HPS_LEVEL1},

    {XSTR_SIZEOF("NTRU_HPS_LEVEL3"), "NTRU_HPS_LEVEL3", WOLFSSL_NTRU_HPS_LEVEL3},

    {XSTR_SIZEOF("NTRU_HPS_LEVEL5"), "NTRU_HPS_LEVEL5", WOLFSSL_NTRU_HPS_LEVEL5},

    {XSTR_SIZEOF("NTRU_HRSS_LEVEL3"), "NTRU_HRSS_LEVEL3", WOLFSSL_NTRU_HRSS_LEVEL3},

    {XSTR_SIZEOF("SABER_LEVEL1"), "SABER_LEVEL1", WOLFSSL_SABER_LEVEL1},

    {XSTR_SIZEOF("SABER_LEVEL3"), "SABER_LEVEL3", WOLFSSL_SABER_LEVEL3},

    {XSTR_SIZEOF("SABER_LEVEL5"), "SABER_LEVEL5", WOLFSSL_SABER_LEVEL5},

    {XSTR_SIZEOF("KYBER_90S_LEVEL1"), "KYBER_90S_LEVEL1", WOLFSSL_KYBER_90S_LEVEL1},

    {XSTR_SIZEOF("KYBER_90S_LEVEL3"), "KYBER_90S_LEVEL3", WOLFSSL_KYBER_90S_LEVEL3},

    {XSTR_SIZEOF("KYBER_90S_LEVEL5"), "KYBER_90S_LEVEL5", WOLFSSL_KYBER_90S_LEVEL5},

    {XSTR_SIZEOF("P256_NTRU_HPS_LEVEL1"), "P256_NTRU_HPS_LEVEL1", WOLFSSL_P256_NTRU_HPS_LEVEL1},

    {XSTR_SIZEOF("P384_NTRU_HPS_LEVEL3"), "P384_NTRU_HPS_LEVEL3", WOLFSSL_P384_NTRU_HPS_LEVEL3},

    {XSTR_SIZEOF("P521_NTRU_HPS_LEVEL5"), "P521_NTRU_HPS_LEVEL5", WOLFSSL_P521_NTRU_HPS_LEVEL5},

    {XSTR_SIZEOF("P384_NTRU_HRSS_LEVEL3"), "P384_NTRU_HRSS_LEVEL3", WOLFSSL_P384_NTRU_HRSS_LEVEL3},

    {XSTR_SIZEOF("P256_SABER_LEVEL1"), "P256_SABER_LEVEL1", WOLFSSL_P256_SABER_LEVEL1},

    {XSTR_SIZEOF("P384_SABER_LEVEL3"), "P384_SABER_LEVEL3", WOLFSSL_P384_SABER_LEVEL3},

    {XSTR_SIZEOF("P521_SABER_LEVEL5"), "P521_SABER_LEVEL5", WOLFSSL_P521_SABER_LEVEL5},

    {XSTR_SIZEOF("P256_KYBER_LEVEL1"), "P256_KYBER_LEVEL1", WOLFSSL_P256_KYBER_LEVEL1},

    {XSTR_SIZEOF("P384_KYBER_LEVEL3"), "P384_KYBER_LEVEL3", WOLFSSL_P384_KYBER_LEVEL3},

    {XSTR_SIZEOF("P521_KYBER_LEVEL5"), "P521_KYBER_LEVEL5", WOLFSSL_P521_KYBER_LEVEL5},

    {XSTR_SIZEOF("P256_KYBER_90S_LEVEL1"), "P256_KYBER_90S_LEVEL1", WOLFSSL_P256_KYBER_90S_LEVEL1},

    {XSTR_SIZEOF("P384_KYBER_90S_LEVEL3"), "P384_KYBER_90S_LEVEL3", WOLFSSL_P384_KYBER_90S_LEVEL3},

    {XSTR_SIZEOF("P521_KYBER_90S_LEVEL5"), "P521_KYBER_90S_LEVEL5", WOLFSSL_P521_KYBER_90S_LEVEL5},

#endif

#endif

    {0, NULL, 0},

};

#endif

#if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_SCEPROTECT)

#include <wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h>

#endif

#ifdef WOLFSSL_SESSION_EXPORT

/* Used to import a serialized TLS session.

 * WARNING: buf contains sensitive information about the state and is best to be

 *          encrypted before storing if stored.

 *

 * @param ssl WOLFSSL structure to import the session into

 * @param buf serialized session

 * @param sz  size of buffer 'buf'

 * @return the number of bytes read from buffer 'buf'

 */

int wolfSSL_tls_import(WOLFSSL* ssl, const unsigned char* buf, unsigned int sz)

{

    if (ssl == NULL || buf == NULL) {

        return BAD_FUNC_ARG;

    }

    return wolfSSL_session_import_internal(ssl, buf, sz, WOLFSSL_EXPORT_TLS);

}

/* Used to export a serialized TLS session.

 * WARNING: buf contains sensitive information about the state and is best to be

 *          encrypted before storing if stored.

 *

 * @param ssl WOLFSSL structure to export the session from

 * @param buf output of serialized session

 * @param sz  size in bytes set in 'buf'

 * @return the number of bytes written into buffer 'buf'

 */

int wolfSSL_tls_export(WOLFSSL* ssl, unsigned char* buf, unsigned int* sz)

{

    if (ssl == NULL || sz == NULL) {

        return BAD_FUNC_ARG;

    }

    return wolfSSL_session_export_internal(ssl, buf, sz, WOLFSSL_EXPORT_TLS);

}

#ifdef WOLFSSL_DTLS

int wolfSSL_dtls_import(WOLFSSL* ssl, const unsigned char* buf, unsigned int sz)

{

    WOLFSSL_ENTER("wolfSSL_session_import");

    if (ssl == NULL || buf == NULL) {

        return BAD_FUNC_ARG;

    }

    /* sanity checks on buffer and protocol are done in internal function */

    return wolfSSL_session_import_internal(ssl, buf, sz, WOLFSSL_EXPORT_DTLS);

}

/* Sets the function to call for serializing the session. This function is

 * called right after the handshake is completed. */

int wolfSSL_CTX_dtls_set_export(WOLFSSL_CTX* ctx, wc_dtls_export func)

{

    WOLFSSL_ENTER("wolfSSL_CTX_dtls_set_export");

    /* purposefully allow func to be NULL */

    if (ctx == NULL) {

        return BAD_FUNC_ARG;

    }

    ctx->dtls_export = func;

    return WOLFSSL_SUCCESS;

}

/* Sets the function in WOLFSSL struct to call for serializing the session. This

 * function is called right after the handshake is completed. */

int wolfSSL_dtls_set_export(WOLFSSL* ssl, wc_dtls_export func)

{

    WOLFSSL_ENTER("wolfSSL_dtls_set_export");

    /* purposefully allow func to be NULL */

    if (ssl == NULL) {

        return BAD_FUNC_ARG;

    }

    ssl->dtls_export = func;

    return WOLFSSL_SUCCESS;

}

/* This function allows for directly serializing a session rather than using

 * callbacks. It has less overhead by removing a temporary buffer and gives

 * control over when the session gets serialized. When using callbacks the

 * session is always serialized immediately after the handshake is finished.

 *

 * buf is the argument to contain the serialized session

 * sz  is the size of the buffer passed in

 * ssl is the WOLFSSL struct to serialize

 * returns the size of serialized session on success, 0 on no action, and

 *         negative value on error */

int wolfSSL_dtls_export(WOLFSSL* ssl, unsigned char* buf, unsigned int* sz)

{

    WOLFSSL_ENTER("wolfSSL_dtls_export");

    if (ssl == NULL || sz == NULL) {

        return BAD_FUNC_ARG;

    }

    if (buf == NULL) {

        *sz = MAX_EXPORT_BUFFER;

        return 0;

    }

    /* if not DTLS do nothing */

    if (!ssl->options.dtls) {

        WOLFSSL_MSG("Currently only DTLS export is supported");

        return 0;

    }

    /* copy over keys, options, and dtls state struct */

    return wolfSSL_session_export_internal(ssl, buf, sz, WOLFSSL_EXPORT_DTLS);

}

/* This function is similar to wolfSSL_dtls_export but only exports the portion

 * of the WOLFSSL structure related to the state of the connection, i.e. peer

 * sequence number, epoch, AEAD state etc.

 *

 * buf is the argument to contain the serialized state, if null then set "sz" to

 *     buffer size required

 * sz  is the size of the buffer passed in

 * ssl is the WOLFSSL struct to serialize

 * returns the size of serialized session on success, 0 on no action, and

 *         negative value on error */

int wolfSSL_dtls_export_state_only(WOLFSSL* ssl, unsigned char* buf,

        unsigned int* sz)

{

    WOLFSSL_ENTER("wolfSSL_dtls_export_state_only");

    if (ssl == NULL || sz == NULL) {

        return BAD_FUNC_ARG;

    }

    if (buf == NULL) {

        *sz = MAX_EXPORT_STATE_BUFFER;

        return 0;

    }

    /* if not DTLS do nothing */

    if (!ssl->options.dtls) {

        WOLFSSL_MSG("Currently only DTLS export state is supported");

        return 0;

    }

    /* copy over keys, options, and dtls state struct */

    return wolfSSL_dtls_export_state_internal(ssl, buf, *sz);

}

/* returns 0 on success */

int wolfSSL_send_session(WOLFSSL* ssl)

{

    int ret;

    byte* buf;

    word32 bufSz = MAX_EXPORT_BUFFER;

    WOLFSSL_ENTER("wolfSSL_send_session");

    if (ssl == NULL) {

        return BAD_FUNC_ARG;

    }

    buf = (byte*)XMALLOC(bufSz, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);

    if (buf == NULL) {

        return MEMORY_E;

    }

    /* if not DTLS do nothing */

    if (!ssl->options.dtls) {

        XFREE(buf, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);

        WOLFSSL_MSG("Currently only DTLS export is supported");

        return 0;

    }

    /* copy over keys, options, and dtls state struct */

    ret = wolfSSL_session_export_internal(ssl, buf, &bufSz, WOLFSSL_EXPORT_DTLS);

    if (ret < 0) {

        XFREE(buf, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);

        return ret;

    }

    /* if no error ret has size of buffer */

    ret = ssl->dtls_export(ssl, buf, ret, NULL);

    if (ret != WOLFSSL_SUCCESS) {

        XFREE(buf, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);

        return ret;

    }

    XFREE(buf, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);

    return 0;

}

#endif /* WOLFSSL_DTLS */

#endif /* WOLFSSL_SESSION_EXPORT */

/* prevent multiple mutex initializations */

static volatile WOLFSSL_GLOBAL int initRefCount = 0;

static WOLFSSL_GLOBAL wolfSSL_Mutex count_mutex;   /* init ref count mutex */

static WOLFSSL_GLOBAL int count_mutex_valid = 0;

/* Create a new WOLFSSL_CTX struct and return the pointer to created struct.

   WOLFSSL_METHOD pointer passed in is given to ctx to manage.

   This function frees the passed in WOLFSSL_METHOD struct on failure and on

   success is freed when ctx is freed.

 */

WOLFSSL_CTX* wolfSSL_CTX_new_ex(WOLFSSL_METHOD* method, void* heap)

{

    WOLFSSL_CTX* ctx = NULL;

    WOLFSSL_ENTER("wolfSSL_CTX_new_ex");

    if (initRefCount == 0) {

        /* user no longer forced to call Init themselves */

        int ret = wolfSSL_Init();

        if (ret != WOLFSSL_SUCCESS) {

            WOLFSSL_MSG("wolfSSL_Init failed");

            WOLFSSL_LEAVE("WOLFSSL_CTX_new", 0);

            if (method != NULL) {

                XFREE(method, heap, DYNAMIC_TYPE_METHOD);

            }

            return NULL;

        }

    }

    if (method == NULL)

        return ctx;

    ctx = (WOLFSSL_CTX*)XMALLOC(sizeof(WOLFSSL_CTX), heap, DYNAMIC_TYPE_CTX);

    if (ctx) {

        int ret;

        ret = InitSSL_Ctx(ctx, method, heap);

    #ifdef WOLFSSL_STATIC_MEMORY

        if (heap != NULL) {

            ctx->onHeapHint = 1; /* free the memory back to heap when done */

        }

    #endif

        if (ret < 0) {

            WOLFSSL_MSG("Init CTX failed");

            wolfSSL_CTX_free(ctx);

            ctx = NULL;

        }

#if defined(OPENSSL_EXTRA) && defined(WOLFCRYPT_HAVE_SRP) \

                           && !defined(NO_SHA256) && !defined(WC_NO_RNG)

        else {

            ctx->srp = (Srp*)XMALLOC(sizeof(Srp), heap, DYNAMIC_TYPE_SRP);

            if (ctx->srp == NULL){

                WOLFSSL_MSG("Init CTX failed");

                wolfSSL_CTX_free(ctx);

                return NULL;

            }

            XMEMSET(ctx->srp, 0, sizeof(Srp));

        }

#endif

    }

    else {

        WOLFSSL_MSG("Alloc CTX failed, method freed");

        XFREE(method, heap, DYNAMIC_TYPE_METHOD);

    }

#ifdef OPENSSL_COMPATIBLE_DEFAULTS

    if (ctx) {

        wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_NONE, NULL);

        wolfSSL_CTX_set_mode(ctx, SSL_MODE_AUTO_RETRY);

        if (wolfSSL_CTX_set_min_proto_version(ctx,

                                              (method->version.major == DTLS_MAJOR) ?

                                               DTLS1_VERSION : SSL3_VERSION) != WOLFSSL_SUCCESS ||

#ifdef HAVE_ANON

                wolfSSL_CTX_allow_anon_cipher(ctx) != WOLFSSL_SUCCESS ||

#endif

                wolfSSL_CTX_set_group_messages(ctx) != WOLFSSL_SUCCESS) {

            WOLFSSL_MSG("Setting OpenSSL CTX defaults failed");

            wolfSSL_CTX_free(ctx);

            ctx = NULL;

        }

    }

#endif

    WOLFSSL_LEAVE("WOLFSSL_CTX_new", 0);

    return ctx;

}

WOLFSSL_ABI

WOLFSSL_CTX* wolfSSL_CTX_new(WOLFSSL_METHOD* method)

{

#ifdef WOLFSSL_HEAP_TEST

    /* if testing the heap hint then set top level CTX to have test value */

    return wolfSSL_CTX_new_ex(method, (void*)WOLFSSL_HEAP_TEST);

#else

    return wolfSSL_CTX_new_ex(method, NULL);

#endif

}

/* increases CTX reference count to track proper time to "free" */

int wolfSSL_CTX_up_ref(WOLFSSL_CTX* ctx)

{

    int refCount = SSL_CTX_RefCount(ctx, 1);

    return ((refCount > 1) ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE);

}

WOLFSSL_ABI

void wolfSSL_CTX_free(WOLFSSL_CTX* ctx)

{

    WOLFSSL_ENTER("SSL_CTX_free");

    if (ctx) {

#if defined(OPENSSL_EXTRA) && defined(WOLFCRYPT_HAVE_SRP) \

&& !defined(NO_SHA256) && !defined(WC_NO_RNG)

        if (ctx->srp != NULL) {

            if (ctx->srp_password != NULL){

                XFREE(ctx->srp_password, ctx->heap, DYNAMIC_TYPE_SRP);

                ctx->srp_password = NULL;

            }

            wc_SrpTerm(ctx->srp);

            XFREE(ctx->srp, ctx->heap, DYNAMIC_TYPE_SRP);

            ctx->srp = NULL;

        }

#endif

        FreeSSL_Ctx(ctx);

    }

    WOLFSSL_LEAVE("SSL_CTX_free", 0);

}

#ifdef HAVE_ENCRYPT_THEN_MAC

/**

 * Sets whether Encrypt-Then-MAC extension can be negotiated against context.

 * The default value: enabled.

 *

 * ctx  SSL/TLS context.

 * set  Whether to allow or not: 1 is allow and 0 is disallow.

 * returns WOLFSSL_SUCCESS

 */

int wolfSSL_CTX_AllowEncryptThenMac(WOLFSSL_CTX *ctx, int set)

{

    ctx->disallowEncThenMac = !set;

    return WOLFSSL_SUCCESS;

}

/**

 * Sets whether Encrypt-Then-MAC extension can be negotiated against context.

 * The default value comes from context.

 *

 * ctx  SSL/TLS context.

 * set  Whether to allow or not: 1 is allow and 0 is disallow.

 * returns WOLFSSL_SUCCESS

 */

int wolfSSL_AllowEncryptThenMac(WOLFSSL *ssl, int set)

{

    ssl->options.disallowEncThenMac = !set;

    return WOLFSSL_SUCCESS;

}

#endif

#ifdef SINGLE_THREADED

/* no locking in single threaded mode, allow a CTX level rng to be shared with

 * WOLFSSL objects, WOLFSSL_SUCCESS on ok */

int wolfSSL_CTX_new_rng(WOLFSSL_CTX* ctx)

{

    WC_RNG* rng;

    int     ret;

    if (ctx == NULL) {

        return BAD_FUNC_ARG;

    }

    rng = (WC_RNG*)XMALLOC(sizeof(WC_RNG), ctx->heap, DYNAMIC_TYPE_RNG);

    if (rng == NULL) {

        return MEMORY_E;

    }

#ifndef HAVE_FIPS

    ret = wc_InitRng_ex(rng, ctx->heap, ctx->devId);

#else

    ret = wc_InitRng(rng);

#endif

    if (ret != 0) {

        XFREE(rng, ctx->heap, DYNAMIC_TYPE_RNG);

        return ret;

    }

    ctx->rng = rng;

    return WOLFSSL_SUCCESS;

}

#endif

WOLFSSL_ABI

WOLFSSL* wolfSSL_new(WOLFSSL_CTX* ctx)

{

    WOLFSSL* ssl = NULL;

    int ret = 0;

    WOLFSSL_ENTER("SSL_new");

    if (ctx == NULL)

        return ssl;

    ssl = (WOLFSSL*) XMALLOC(sizeof(WOLFSSL), ctx->heap, DYNAMIC_TYPE_SSL);

    if (ssl)

        if ( (ret = InitSSL(ssl, ctx, 0)) < 0) {

            FreeSSL(ssl, ctx->heap);

            ssl = 0;

        }

    WOLFSSL_LEAVE("SSL_new", ret);

    (void)ret;

    return ssl;

}

WOLFSSL_ABI

void wolfSSL_free(WOLFSSL* ssl)

{

    WOLFSSL_ENTER("SSL_free");

    if (ssl)

        FreeSSL(ssl, ssl->ctx->heap);

    WOLFSSL_LEAVE("SSL_free", 0);

}

int wolfSSL_is_server(WOLFSSL* ssl)

{

    if (ssl == NULL)

        return BAD_FUNC_ARG;

    return ssl->options.side == WOLFSSL_SERVER_END;

}

#ifdef HAVE_WRITE_DUP

/*

 * Release resources around WriteDup object

 *

 * ssl WOLFSSL object

 *

 * no return, destruction so make best attempt

*/

void FreeWriteDup(WOLFSSL* ssl)

{

    int doFree = 0;

    WOLFSSL_ENTER("FreeWriteDup");

    if (ssl->dupWrite) {

        if (wc_LockMutex(&ssl->dupWrite->dupMutex) == 0) {

            ssl->dupWrite->dupCount--;

            if (ssl->dupWrite->dupCount == 0) {

                doFree = 1;

            } else {

                WOLFSSL_MSG("WriteDup count not zero, no full free");

            }

            wc_UnLockMutex(&ssl->dupWrite->dupMutex);

        }

    }

    if (doFree) {

        WOLFSSL_MSG("Doing WriteDup full free, count to zero");

        wc_FreeMutex(&ssl->dupWrite->dupMutex);

        XFREE(ssl->dupWrite, ssl->heap, DYNAMIC_TYPE_WRITEDUP);

    }

}

/*

 * duplicate existing ssl members into dup needed for writing

 *

 * dup write only WOLFSSL

 * ssl existing WOLFSSL

 *

 * 0 on success

*/

static int DupSSL(WOLFSSL* dup, WOLFSSL* ssl)

{

    /* shared dupWrite setup */

    ssl->dupWrite = (WriteDup*)XMALLOC(sizeof(WriteDup), ssl->heap,

                                       DYNAMIC_TYPE_WRITEDUP);

    if (ssl->dupWrite == NULL) {

        return MEMORY_E;

    }

    XMEMSET(ssl->dupWrite, 0, sizeof(WriteDup));

    if (wc_InitMutex(&ssl->dupWrite->dupMutex) != 0) {

        XFREE(ssl->dupWrite, ssl->heap, DYNAMIC_TYPE_WRITEDUP);

        ssl->dupWrite = NULL;

        return BAD_MUTEX_E;

    }

    ssl->dupWrite->dupCount = 2;    /* both sides have a count to start */

    dup->dupWrite = ssl->dupWrite; /* each side uses */

    /* copy write parts over to dup writer */

    XMEMCPY(&dup->specs,   &ssl->specs,   sizeof(CipherSpecs));

    XMEMCPY(&dup->options, &ssl->options, sizeof(Options));

    XMEMCPY(&dup->keys,    &ssl->keys,    sizeof(Keys));

    XMEMCPY(&dup->encrypt, &ssl->encrypt, sizeof(Ciphers));

    XMEMCPY(&dup->version, &ssl->version, sizeof(ProtocolVersion));

    XMEMCPY(&dup->chVersion, &ssl->chVersion, sizeof(ProtocolVersion));

    /* dup side now owns encrypt/write ciphers */

    XMEMSET(&ssl->encrypt, 0, sizeof(Ciphers));

    dup->IOCB_WriteCtx = ssl->IOCB_WriteCtx;

    dup->CBIOSend = ssl->CBIOSend;

#ifdef OPENSSL_EXTRA

    dup->cbioFlag = ssl->cbioFlag;

#endif

    dup->wfd    = ssl->wfd;

    dup->wflags = ssl->wflags;

#ifndef WOLFSSL_AEAD_ONLY

    dup->hmac   = ssl->hmac;

#endif

#ifdef HAVE_TRUNCATED_HMAC

    dup->truncated_hmac = ssl->truncated_hmac;

#endif

    /* unique side dup setup */

    dup->dupSide = WRITE_DUP_SIDE;

    ssl->dupSide = READ_DUP_SIDE;

    return 0;

}

/*

 * duplicate a WOLFSSL object post handshake for writing only

 * turn existing object into read only.  Allows concurrent access from two

 * different threads.

 *

 * ssl existing WOLFSSL object

 *

 * return dup'd WOLFSSL object on success

*/

WOLFSSL* wolfSSL_write_dup(WOLFSSL* ssl)

{

    WOLFSSL* dup = NULL;

    int ret = 0;

    (void)ret;

    WOLFSSL_ENTER("wolfSSL_write_dup");

    if (ssl == NULL) {

        return ssl;

    }

    if (ssl->options.handShakeDone == 0) {

        WOLFSSL_MSG("wolfSSL_write_dup called before handshake complete");

        return NULL;

    }

    if (ssl->dupWrite) {

        WOLFSSL_MSG("wolfSSL_write_dup already called once");

        return NULL;

    }

    dup = (WOLFSSL*) XMALLOC(sizeof(WOLFSSL), ssl->ctx->heap, DYNAMIC_TYPE_SSL);

    if (dup) {

        if ( (ret = InitSSL(dup, ssl->ctx, 1)) < 0) {

            FreeSSL(dup, ssl->ctx->heap);

            dup = NULL;

        } else if ( (ret = DupSSL(dup, ssl)) < 0) {

            FreeSSL(dup, ssl->ctx->heap);

            dup = NULL;

        }

    }

    WOLFSSL_LEAVE("wolfSSL_write_dup", ret);

    return dup;

}

/*

 * Notify write dup side of fatal error or close notify

 *

 * ssl WOLFSSL object

 * err Notify err

 *

 * 0 on success

*/

int NotifyWriteSide(WOLFSSL* ssl, int err)

{

    int ret;

    WOLFSSL_ENTER("NotifyWriteSide");

    ret = wc_LockMutex(&ssl->dupWrite->dupMutex);

    if (ret == 0) {

        ssl->dupWrite->dupErr = err;

        ret = wc_UnLockMutex(&ssl->dupWrite->dupMutex);

    }

    return ret;

}

#endif /* HAVE_WRITE_DUP */

#ifdef HAVE_POLY1305

/* set if to use old poly 1 for yes 0 to use new poly */

int wolfSSL_use_old_poly(WOLFSSL* ssl, int value)

{

    (void)ssl;

    (void)value;

#ifndef WOLFSSL_NO_TLS12

    WOLFSSL_ENTER("SSL_use_old_poly");

    WOLFSSL_MSG("Warning SSL connection auto detects old/new and this function"

            "is depreciated");

    ssl->options.oldPoly = (word16)value;

    WOLFSSL_LEAVE("SSL_use_old_poly", 0);

#endif

    return 0;

}

#endif

WOLFSSL_ABI

int wolfSSL_set_fd(WOLFSSL* ssl, int fd)

{

    int ret;

    WOLFSSL_ENTER("SSL_set_fd");

    if (ssl == NULL) {

        return BAD_FUNC_ARG;

    }

    ret = wolfSSL_set_read_fd(ssl, fd);

    if (ret == WOLFSSL_SUCCESS) {

        ret = wolfSSL_set_write_fd(ssl, fd);

    }

    return ret;

}

#ifdef WOLFSSL_DTLS

int wolfSSL_set_dtls_fd_connected(WOLFSSL* ssl, int fd)

{

    int ret;

    WOLFSSL_ENTER("SSL_set_dtls_fd_connected");

    if (ssl == NULL) {

        return BAD_FUNC_ARG;

    }

    ret = wolfSSL_set_fd(ssl, fd);

    if (ret == WOLFSSL_SUCCESS)

        ssl->buffers.dtlsCtx.connected = 1;

    return ret;

}

#endif

int wolfSSL_set_read_fd(WOLFSSL* ssl, int fd)

{

    WOLFSSL_ENTER("SSL_set_read_fd");

    if (ssl == NULL) {

        return BAD_FUNC_ARG;

    }

    ssl->rfd = fd;      /* not used directly to allow IO callbacks */

    ssl->IOCB_ReadCtx  = &ssl->rfd;

    #ifdef WOLFSSL_DTLS

        ssl->buffers.dtlsCtx.connected = 0;

        if (ssl->options.dtls) {

            ssl->IOCB_ReadCtx = &ssl->buffers.dtlsCtx;

            ssl->buffers.dtlsCtx.rfd = fd;

        }

    #endif

    WOLFSSL_LEAVE("SSL_set_read_fd", WOLFSSL_SUCCESS);

    return WOLFSSL_SUCCESS;

}

int wolfSSL_set_write_fd(WOLFSSL* ssl, int fd)

{

    WOLFSSL_ENTER("SSL_set_write_fd");

    if (ssl == NULL) {

        return BAD_FUNC_ARG;

    }

    ssl->wfd = fd;      /* not used directly to allow IO callbacks */

    ssl->IOCB_WriteCtx  = &ssl->wfd;

    #ifdef WOLFSSL_DTLS

        ssl->buffers.dtlsCtx.connected = 0;

        if (ssl->options.dtls) {

            ssl->IOCB_WriteCtx = &ssl->buffers.dtlsCtx;

            ssl->buffers.dtlsCtx.wfd = fd;

        }

    #endif

    WOLFSSL_LEAVE("SSL_set_write_fd", WOLFSSL_SUCCESS);

    return WOLFSSL_SUCCESS;

}

/**

  * Get the name of cipher at priority level passed in.

  */

char* wolfSSL_get_cipher_list(int priority)

{

    const CipherSuiteInfo* ciphers = GetCipherNames();

    if (priority >= GetCipherNamesSize() || priority < 0) {

        return 0;

    }

    return (char*)ciphers[priority].name;

}

/**

  * Get the name of cipher at priority level passed in.

  */

char* wolfSSL_get_cipher_list_ex(WOLFSSL* ssl, int priority)

{

    if (ssl == NULL) {

        return NULL;

    }

    else {

        const char* cipher;

        if ((cipher = wolfSSL_get_cipher_name_internal(ssl)) != NULL) {

            if (priority == 0) {

                return (char*)cipher;

            }

            else {

                return NULL;

            }

        }

        else {

            return wolfSSL_get_cipher_list(priority);

        }

    }

}

int wolfSSL_get_ciphers(char* buf, int len)

{

    const CipherSuiteInfo* ciphers = GetCipherNames();

    int ciphersSz = GetCipherNamesSize();

    int i;

    int cipherNameSz;

    if (buf == NULL || len <= 0)

        return BAD_FUNC_ARG;

    /* Add each member to the buffer delimited by a : */

    for (i = 0; i < ciphersSz; i++) {

        cipherNameSz = (int)XSTRLEN(ciphers[i].name);

        if (cipherNameSz + 1 < len) {

            XSTRNCPY(buf, ciphers[i].name, len);

            buf += cipherNameSz;

            if (i < ciphersSz - 1)

                *buf++ = ':';

            *buf = 0;

            len -= cipherNameSz + 1;

        }

        else

            return BUFFER_E;

    }

    return WOLFSSL_SUCCESS;

}

#ifndef NO_ERROR_STRINGS

/* places a list of all supported cipher suites in TLS_* format into "buf"

 * return WOLFSSL_SUCCESS on success */

int wolfSSL_get_ciphers_iana(char* buf, int len)

{

    const CipherSuiteInfo* ciphers = GetCipherNames();

    int ciphersSz = GetCipherNamesSize();

    int i;

    int cipherNameSz;

    if (buf == NULL || len <= 0)

        return BAD_FUNC_ARG;

    /* Add each member to the buffer delimited by a : */

    for (i = 0; i < ciphersSz; i++) {

#ifndef NO_CIPHER_SUITE_ALIASES

        if (ciphers[i].flags & WOLFSSL_CIPHER_SUITE_FLAG_NAMEALIAS)

            continue;

#endif