/* ssl.c

 *

 * Copyright (C) 2006-2026 wolfSSL Inc.

 *

 * This file is part of wolfSSL.

 *

 * wolfSSL is free software; you can redistribute it and/or modify

 * it under the terms of the GNU General Public License as published by

 * the Free Software Foundation; either version 3 of the License, or

 * (at your option) any later version.

 *

 * wolfSSL is distributed in the hope that it will be useful,

 * but WITHOUT ANY WARRANTY; without even the implied warranty of

 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

 * GNU General Public License for more details.

 *

 * You should have received a copy of the GNU General Public License

 * along with this program; if not, write to the Free Software

 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA

 */

#include <wolfssl/wolfcrypt/libwolfssl_sources.h>

#if defined(OPENSSL_EXTRA) && !defined(_WIN32) && !defined(_GNU_SOURCE)

    /* turn on GNU extensions for XISASCII */

    #define _GNU_SOURCE 1

#endif

#if !defined(WOLFCRYPT_ONLY) || defined(OPENSSL_EXTRA) || \

    defined(OPENSSL_EXTRA_X509_SMALL)

#include <wolfssl/internal.h>

#include <wolfssl/error-ssl.h>

#include <wolfssl/wolfcrypt/error-crypt.h>

#include <wolfssl/wolfcrypt/coding.h>

#include <wolfssl/wolfcrypt/kdf.h>

#ifdef NO_INLINE

    #include <wolfssl/wolfcrypt/misc.h>

#else

    #define WOLFSSL_MISC_INCLUDED

    #include <wolfcrypt/src/misc.c>

#endif

#ifdef HAVE_ERRNO_H

    #include <errno.h>

#endif

#if !defined(WOLFSSL_ALLOW_NO_SUITES) && !defined(WOLFCRYPT_ONLY)

    #if defined(NO_DH) && !defined(HAVE_ECC) && !defined(WOLFSSL_STATIC_RSA) \

                && !defined(WOLFSSL_STATIC_DH) && !defined(WOLFSSL_STATIC_PSK) \

                && !defined(HAVE_CURVE25519) && !defined(HAVE_CURVE448)

        #error "No cipher suites defined because DH disabled, ECC disabled, " \

               "and no static suites defined. Please see top of README"

    #endif

    #ifdef WOLFSSL_CERT_GEN

        /* need access to Cert struct for creating certificate */

        #include <wolfssl/wolfcrypt/asn_public.h>

    #endif

#endif

#if !defined(WOLFCRYPT_ONLY) && (defined(OPENSSL_EXTRA)     \

    || defined(OPENSSL_EXTRA_X509_SMALL)                    \

    || defined(HAVE_WEBSERVER) || defined(WOLFSSL_KEY_GEN))

    #include <wolfssl/openssl/evp.h>

    /* openssl headers end, wolfssl internal headers next */

#endif

#include <wolfssl/wolfcrypt/wc_encrypt.h>

#ifndef NO_RSA

    #include <wolfssl/wolfcrypt/rsa.h>

#endif

#ifdef OPENSSL_EXTRA

    /* openssl headers begin */

    #include <wolfssl/openssl/ssl.h>

    #include <wolfssl/openssl/aes.h>

#ifndef WOLFCRYPT_ONLY

    #include <wolfssl/openssl/hmac.h>

    #include <wolfssl/openssl/cmac.h>

#endif

    #include <wolfssl/openssl/crypto.h>

    #include <wolfssl/openssl/des.h>

    #include <wolfssl/openssl/bn.h>

    #include <wolfssl/openssl/buffer.h>

    #include <wolfssl/openssl/dh.h>

    #include <wolfssl/openssl/rsa.h>

    #include <wolfssl/openssl/fips_rand.h>

    #include <wolfssl/openssl/pem.h>

    #include <wolfssl/openssl/ec.h>

    #include <wolfssl/openssl/ec25519.h>

    #include <wolfssl/openssl/ed25519.h>

    #include <wolfssl/openssl/ec448.h>

    #include <wolfssl/openssl/ed448.h>

    #include <wolfssl/openssl/ecdsa.h>

    #include <wolfssl/openssl/ecdh.h>

    #include <wolfssl/openssl/err.h>

    #include <wolfssl/openssl/modes.h>

    #include <wolfssl/openssl/opensslv.h>

    #include <wolfssl/openssl/rc4.h>

    #include <wolfssl/openssl/stack.h>

    #include <wolfssl/openssl/x509_vfy.h>

    /* openssl headers end, wolfssl internal headers next */

    #include <wolfssl/wolfcrypt/hmac.h>

    #include <wolfssl/wolfcrypt/random.h>

    #include <wolfssl/wolfcrypt/des3.h>

    #include <wolfssl/wolfcrypt/ecc.h>

    #include <wolfssl/wolfcrypt/md4.h>

    #include <wolfssl/wolfcrypt/md5.h>

    #include <wolfssl/wolfcrypt/arc4.h>

    #include <wolfssl/wolfcrypt/curve25519.h>

    #include <wolfssl/wolfcrypt/ed25519.h>

    #include <wolfssl/wolfcrypt/curve448.h>

    #if defined(HAVE_FALCON)

        #include <wolfssl/wolfcrypt/falcon.h>

    #endif /* HAVE_FALCON */

    #if defined(HAVE_DILITHIUM)

        #include <wolfssl/wolfcrypt/dilithium.h>

    #endif /* HAVE_DILITHIUM */

    #if defined(HAVE_SPHINCS)

        #include <wolfssl/wolfcrypt/sphincs.h>

    #endif /* HAVE_SPHINCS */

    #if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL)

        #ifdef HAVE_OCSP

            #include <wolfssl/openssl/ocsp.h>

        #endif

        #include <wolfssl/openssl/lhash.h>

        #include <wolfssl/openssl/txt_db.h>

    #endif /* WITH_STUNNEL */

    #if defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384)

        #include <wolfssl/wolfcrypt/sha512.h>

    #endif

    #if defined(WOLFCRYPT_HAVE_SRP) && !defined(NO_SHA256) \

        && !defined(WC_NO_RNG)

        #include <wolfssl/wolfcrypt/srp.h>

    #endif

#endif

#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)

    #include <wolfssl/openssl/x509v3.h>

    int wolfssl_bn_get_value(WOLFSSL_BIGNUM* bn, mp_int* mpi);

    int wolfssl_bn_set_value(WOLFSSL_BIGNUM** bn, mp_int* mpi);

#endif

#if defined(WOLFSSL_QT)

    #include <wolfssl/wolfcrypt/sha.h>

#endif

#ifdef NO_ASN

    #include <wolfssl/wolfcrypt/dh.h>

#endif

#endif /* !WOLFCRYPT_ONLY || OPENSSL_EXTRA */

/*

 * ssl.c Build Options:

 *

 * See also: tls.c for TLS extension/protocol options, tls13.c for TLS 1.3,

 *           internal.c for handshake internals, wc_port.c for platform/memory.

 *

 * OpenSSL Compatibility:

 * OPENSSL_EXTRA:              Enable OpenSSL compatibility API        default: off

 * OPENSSL_ALL:                Enable all OpenSSL compat APIs          default: off

 * OPENSSL_EXTRA_X509_SMALL:   Minimal OpenSSL X509 compat APIs       default: off

 * OPENSSL_EXTRA_NO_ASN1:      OpenSSL extra without ASN1 objects      default: off

 * OPENSSL_COMPATIBLE_DEFAULTS:

 *                  Default behavior compatible with OpenSSL           default: off

 * NO_WOLFSSL_STUB:            Disable stubs for unimplemented funcs   default: off

 * WOLFSSL_DEBUG_OPENSSL:      Debug logging for OpenSSL compat layer  default: off

 * WOLFSSL_HAVE_ERROR_QUEUE:   OpenSSL-compatible error queue          default: off

 * WOLFSSL_ERROR_CODE_OPENSSL: Use OpenSSL-compatible error codes      default: off

 * WOLFSSL_CIPHER_INTERNALNAME:

 *                  Use wolfSSL internal cipher suite names             default: off

 * NO_CIPHER_SUITE_ALIASES:    Disable cipher suite name aliases       default: off

 * WOLFSSL_SET_CIPHER_BYTES:   Set cipher suites by raw byte values    default: off

 * WOLFSSL_OLD_SET_CURVES_LIST:

 *                  Old-style curve list parsing for compat             default: off

 * WOLFSSL_NO_OPENSSL_RAND_CB: Disable OpenSSL RAND callback compat   default: off

 * NO_ERROR_STRINGS:           Disable human-readable error strings    default: off

 * WOLFSSL_PUBLIC_ASN:         Make ASN parsing functions public        default: off

 *

 * Extra Data / BIO:

 * HAVE_EX_DATA:               Enable ex_data on SSL/CTX/X509 objects  default: off

 * HAVE_EX_DATA_CLEANUP_HOOKS: Cleanup callbacks for ex_data           default: off

 * HAVE_EX_DATA_CRYPTO:        ex_data support for wolfCrypt objects   default: off

 * MAX_EX_DATA:                Max ex_data entries per object           default: 5

 * NO_BIO:                     Disable BIO abstraction layer           default: off

 *

 * Session & Cache:

 * NO_SESSION_CACHE:           Disable server session cache            default: off

 * NO_SESSION_CACHE_REF:       wolfSSL_get_session returns ssl->session

 *                             reference instead of ClientCache ref    default: off

 * SESSION_CACHE_DYNAMIC_MEM:  Dynamically allocate session cache      default: off

 * NO_CLIENT_CACHE:            Disable client-side session cache       default: off

 * SESSION_CERTS:              Store full cert chain in session         default: off

 * WOLFSSL_SESSION_ID_CTX:     Session ID context for cache sharing    default: off

 *

 * I/O & Transport:

 * USE_WOLFSSL_IO:             Use built-in I/O callbacks              default: on

 * WOLFSSL_USER_IO:            Application provides custom I/O         default: off

 * WOLFSSL_NO_SOCK:            Build without socket support            default: off

 * NO_WRITEV:                  Disable writev() scatter/gather I/O     default: off

 * WOLFSSL_DTLS_MTU:           Enable DTLS MTU management APIs         default: off

 * WOLFSSL_DTLS_DROP_STATS:    Track DTLS packet drop statistics       default: off

 * WOLFSSL_MULTICAST:          Enable DTLS multicast support           default: off

 *

 * Callbacks & Features:

 * WOLFSSL_CHECK_ALERT_ON_ERR: Check alerts on handshake error         default: off

 * ATOMIC_USER:                User-defined record layer callbacks      default: off

 * HAVE_WRITE_DUP:             Separate threads for SSL read/write     default: off

 * WOLFSSL_CALLBACKS:          Handshake monitoring callbacks           default: off

 * NO_HANDSHAKE_DONE_CB:       Disable handshake completion callback   default: off

 * WOLFSSL_SHUTDOWNONCE:       Send close_notify only once             default: off

 * WOLFSSL_COPY_CERT:          Copy certificate buffer (own copy)      default: off

 * WOLFSSL_COPY_KEY:           Copy private key buffer (own copy)      default: off

 * WOLF_PRIVATE_KEY_ID:        Reference private keys by ID            default: off

 * WOLFSSL_REFCNT_ERROR_RETURN:

 *                  Return errors on ref counting failures             default: off

 * WOLFSSL_ALLOW_MAX_FRAGMENT_ADJUST:

 *                  Allow runtime max fragment size adjustment          default: off

 * WOLFSSL_ALLOW_NO_SUITES:    Allow SSL objects with no cipher suites default: off

 *

 * Certificates & Keys:

 * KEEP_PEER_CERT:             Keep peer cert after handshake          default: off

 * KEEP_OUR_CERT:              Keep our cert after handshake           default: off

 * WOLFSSL_STATIC_RSA:         Enable static RSA key exchange          default: off

 * WOLFSSL_HAVE_CERT_SERVICE:  Certificate service callbacks           default: off

 * WOLFSSL_SYS_CA_CERTS:       Load system CA certs from OS            default: off

 *

 * Application Compatibility:

 * HAVE_CURL:                  APIs for libcurl compatibility          default: off

 * HAVE_LIGHTY:                APIs for lighttpd compatibility         default: off

 * HAVE_MEMCACHED:             APIs for memcached compatibility        default: off

 * WOLFSSL_APACHE_HTTPD:       APIs for Apache httpd compatibility     default: off

 * WOLFSSL_NGINX:              APIs for nginx compatibility            default: off

 * WOLFSSL_HAPROXY:            APIs for HAProxy compatibility          default: off

 * WOLFSSL_ASIO:               APIs for Boost.Asio compatibility       default: off

 * WOLFSSL_PYTHON:             APIs for Python module compatibility    default: off

 * WOLFSSL_QT:                 APIs for Qt framework compatibility     default: off

 * WOLFSSL_JNI:                APIs for Java JNI/JSSE compatibility    default: off

 *

 * Protocol Features:

 * WOLFSSL_HAVE_WOLFSCEP:      Enable wolfSCEP protocol support        default: off

 * WOLFCRYPT_HAVE_SRP:         Enable SRP protocol support             default: off

 * HAVE_LIBZ:                  Enable zlib TLS compression             default: off

 * WOLFSSL_EXTRA:              Extra SSL session info APIs              default: off

 * WOLFSSL_WPAS_SMALL:         Minimal wpa_supplicant/hostapd APIs     default: off

 * HAVE_FUZZER:                Fuzzing callback support                 default: off

 *

 * Memory & Threading:

 * WOLFSSL_STATIC_MEMORY_LEAN: Lean static memory allocation           default: off

 * WOLFSSL_THREADED_CRYPT:     Multi-threaded crypto operations         default: off

 * WOLFSSL_CLEANUP_THREADSAFE_BY_ATOMIC_OPS:

 *                  Thread-safe cleanup via atomics                     default: off

 * WOLFSSL_ATOMIC_INITIALIZER: Static init for atomic variables        default: off

 * WOLFSSL_DEBUG_MEMORY:       Log malloc/free with file/line info     default: off

 * WOLFSSL_NO_REALLOC:         Disable realloc, use malloc+copy+free   default: off

 * WOLFSSL_HEAP_TEST:          Heap-related testing utilities           default: off

 *

 * Debugging & Build:

 * SHOW_SIZES:                 Display struct sizes at init             default: off

 * WOLFSSL_DEBUG_TRACE_ERROR_CODES:

 *                  Trace error code origins for debugging              default: off

 * HAVE_ATEXIT:                Register wolfSSL_Cleanup via atexit     default: off

 * WOLFSSL_SYS_CRYPTO_POLICY:  Honor system crypto policy settings     default: off

 *

 * Hardware TLS:

 * WOLFSSL_RENESAS_TSIP_TLS:   Renesas TSIP hardware crypto for TLS   default: off

 * WOLFSSL_RENESAS_FSPSM_TLS:  Renesas FSP Security Module for TLS    default: off

 * WOLFSSL_EGD_NBLOCK:         Non-blocking EGD entropy support        default: off

 */

#define WOLFSSL_SSL_MISC_INCLUDED

#include "src/ssl_misc.c"

#define WOLFSSL_EVP_INCLUDED

#include "wolfcrypt/src/evp.c"

/* Crypto code uses EVP APIs. */

#define WOLFSSL_SSL_CRYPTO_INCLUDED

#include "src/ssl_crypto.c"

#ifndef WOLFCRYPT_ONLY

#define WOLFSSL_SSL_CERTMAN_INCLUDED

#include "src/ssl_certman.c"

#define WOLFSSL_SSL_SESS_INCLUDED

#include "src/ssl_sess.c"

#define WOLFSSL_SSL_API_CERT_INCLUDED

#include "src/ssl_api_cert.c"

#define WOLFSSL_SSL_API_PK_INCLUDED

#include "src/ssl_api_pk.c"

#endif

#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \

    !defined(WOLFCRYPT_ONLY)

/* Convert shortname to NID.

 *

 * For OpenSSL compatibility.

 *

 * @param [in] sn  Short name of OID.

 * @return  NID corresponding to shortname on success.

 * @return  WC_NID_undef when not recognized.

 */

int wc_OBJ_sn2nid(const char *sn)

{

    const WOLFSSL_ObjectInfo *obj_info = wolfssl_object_info;

    size_t i;

    WOLFSSL_ENTER("wc_OBJ_sn2nid");

    for (i = 0; i < wolfssl_object_info_sz; i++, obj_info++) {

        if (XSTRCMP(sn, obj_info->sName) == 0)

            return obj_info->nid;

    }

    WOLFSSL_MSG("short name not found in table");

    return WC_NID_undef;

}

#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */

#ifndef WOLFCRYPT_ONLY

#if defined(WOLFSSL_SYS_CRYPTO_POLICY)

/* The system wide crypto-policy. Configured by wolfSSL_crypto_policy_enable.

 * */

static struct SystemCryptoPolicy crypto_policy;

#endif /* WOLFSSL_SYS_CRYPTO_POLICY */

#if !defined(NO_RSA) || !defined(NO_DH) || defined(HAVE_ECC) || \

    (defined(OPENSSL_EXTRA) && defined(WOLFSSL_KEY_GEN) && !defined(NO_DSA))

#define HAVE_GLOBAL_RNG /* consolidate flags for using globalRNG */

static WC_RNG globalRNG;

static volatile int initGlobalRNG = 0;

#if defined(OPENSSL_EXTRA) || !defined(WOLFSSL_MUTEX_INITIALIZER)

static WC_MAYBE_UNUSED wolfSSL_Mutex globalRNGMutex

    WOLFSSL_MUTEX_INITIALIZER_CLAUSE(globalRNGMutex);

#endif

#ifndef WOLFSSL_MUTEX_INITIALIZER

static int globalRNGMutex_valid = 0;

#endif

#if defined(OPENSSL_EXTRA) && defined(HAVE_HASHDRBG)

static WOLFSSL_DRBG_CTX* gDrbgDefCtx = NULL;

#endif

WC_RNG* wolfssl_get_global_rng(void)

{

    WC_RNG* ret = NULL;

    if (initGlobalRNG == 0)

        WOLFSSL_MSG("Global RNG no Init");

    else

        ret = &globalRNG;

    return ret;

}

/* Make a global RNG and return.

 *

 * @return  Global RNG on success.

 * @return  NULL on error.

 */

WC_RNG* wolfssl_make_global_rng(void)

{

    WC_RNG* ret;

#ifdef HAVE_GLOBAL_RNG

    /* Get the global random number generator instead. */

    ret = wolfssl_get_global_rng();

#ifdef OPENSSL_EXTRA

    if (ret == NULL) {

        /* Create a global random if possible. */

        (void)wolfSSL_RAND_Init();

        ret = wolfssl_get_global_rng();

    }

#endif

#else

    WOLFSSL_ERROR_MSG("Bad RNG Init");

    ret = NULL;

#endif

    return ret;

}

/* Too many defines to check explicitly - prototype it and always include

 * for RSA, DH, ECC and DSA for BN. */

WC_RNG* wolfssl_make_rng(WC_RNG* rng, int* local);

/* Make a random number generator or get global if possible.

 *

 * Global may not be available and NULL will be returned.

 *

 * @param [in, out] rng    Local random number generator.

 * @param [out]     local  Local random number generator returned.

 * @return  NULL on failure.

 * @return  A random number generator object.

 */

WC_RNG* wolfssl_make_rng(WC_RNG* rng, int* local)

{

    WC_RNG* ret = NULL;

#ifdef WOLFSSL_SMALL_STACK

    int freeRng = 0;

    /* Allocate RNG object . */

    if (rng == NULL) {

        rng = (WC_RNG*)XMALLOC(sizeof(WC_RNG), NULL, DYNAMIC_TYPE_RNG);

        freeRng = 1;

    }

#endif

    if (rng != NULL) {

        if (wc_InitRng(rng) == 0) {

            ret = rng;

            *local = 1;

        }

        else {

            WOLFSSL_MSG("Bad RNG Init");

#ifdef WOLFSSL_SMALL_STACK

            if (freeRng) {

                XFREE(rng, NULL, DYNAMIC_TYPE_RNG);

                rng = NULL;

            }

#endif

        }

    }

    if (ret == NULL) {

#ifdef HAVE_GLOBAL_RNG

        WOLFSSL_MSG("trying global RNG");

#endif

        ret = wolfssl_make_global_rng();

    }

    return ret;

}

#endif

#ifdef OPENSSL_EXTRA

    /* WOLFSSL_NO_OPENSSL_RAND_CB: Allows way to reduce code size for

     *                OPENSSL_EXTRA where RAND callbacks are not used */

    #ifndef WOLFSSL_NO_OPENSSL_RAND_CB

        static const WOLFSSL_RAND_METHOD* gRandMethods = NULL;

        static wolfSSL_Mutex gRandMethodMutex

            WOLFSSL_MUTEX_INITIALIZER_CLAUSE(gRandMethodMutex);

        #ifndef WOLFSSL_MUTEX_INITIALIZER

        static int gRandMethodsInit = 0;

        #endif

    #endif /* !WOLFSSL_NO_OPENSSL_RAND_CB */

#endif /* OPENSSL_EXTRA */

#define WOLFSSL_SSL_BN_INCLUDED

#include "src/ssl_bn.c"

#ifndef OPENSSL_EXTRA_NO_ASN1

#define WOLFSSL_SSL_ASN1_INCLUDED

#include "src/ssl_asn1.c"

#endif /* OPENSSL_EXTRA_NO_ASN1 */

#define WOLFSSL_PK_INCLUDED

#include "src/pk.c"

#define WOLFSSL_EVP_PK_INCLUDED

#include "wolfcrypt/src/evp_pk.c"

#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)

/* copies over data of "in" to "out" */

static void wolfSSL_CIPHER_copy(WOLFSSL_CIPHER* in, WOLFSSL_CIPHER* out)

{

    if (in == NULL || out == NULL)

        return;

    *out = *in;

}

#if defined(OPENSSL_ALL)

static WOLFSSL_X509_OBJECT* wolfSSL_X509_OBJECT_dup(WOLFSSL_X509_OBJECT* obj)

{

    WOLFSSL_X509_OBJECT* ret = NULL;

    if (obj) {

        ret = wolfSSL_X509_OBJECT_new();

        if (ret) {

            ret->type = obj->type;

            switch (ret->type) {

                case WOLFSSL_X509_LU_NONE:

                    break;

                case WOLFSSL_X509_LU_X509:

                    ret->data.x509 = wolfSSL_X509_dup(obj->data.x509);

                    break;

                case WOLFSSL_X509_LU_CRL:

            #if defined(HAVE_CRL)

                    ret->data.crl = wolfSSL_X509_CRL_dup(obj->data.crl);

            #endif

                    break;

            }

        }

    }

    return ret;

}

#endif /* OPENSSL_ALL */

#endif /* OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL */

#define WOLFSSL_SSL_SK_INCLUDED

#include "src/ssl_sk.c"

#include <wolfssl/wolfcrypt/hpke.h>

#define WOLFSSL_SSL_ECH_INCLUDED

#include "src/ssl_ech.c"

#ifdef OPENSSL_EXTRA

static int wolfSSL_parse_cipher_list(WOLFSSL_CTX* ctx, WOLFSSL* ssl,

        Suites* suites, const char* list);

#endif

#if defined(WOLFSSL_RENESAS_TSIP_TLS) || defined(WOLFSSL_RENESAS_FSPSM_TLS)

#include <wolfssl/wolfcrypt/port/Renesas/renesas_cmn.h>

#endif

/* prevent multiple mutex initializations */

/* note, initRefCount is not used for thread synchronization, only for

 * bookkeeping while inits_count_mutex is held.

 */

static volatile WC_THREADSHARED int initRefCount = 0;

/* init ref count mutex */

static WC_THREADSHARED wolfSSL_Mutex inits_count_mutex

    WOLFSSL_MUTEX_INITIALIZER_CLAUSE(inits_count_mutex);

#ifndef WOLFSSL_MUTEX_INITIALIZER

static WC_THREADSHARED volatile int inits_count_mutex_valid = 0;

#endif

#ifdef NO_TLS

static const WOLFSSL_METHOD gNoTlsMethod;

#endif

/* Create a new WOLFSSL_CTX struct and return the pointer to created struct.

   WOLFSSL_METHOD pointer passed in is given to ctx to manage.

   This function frees the passed in WOLFSSL_METHOD struct on failure and on

   success is freed when ctx is freed.

 */

WOLFSSL_CTX* wolfSSL_CTX_new_ex(WOLFSSL_METHOD* method, void* heap)

{

    WOLFSSL_CTX* ctx = NULL;

    WOLFSSL_ENTER("wolfSSL_CTX_new_ex");

    if (initRefCount == 0) {

        /* user no longer forced to call Init themselves */

        int ret = wolfSSL_Init();

        if (ret != WOLFSSL_SUCCESS) {

            WOLFSSL_MSG("wolfSSL_Init failed");

            WOLFSSL_LEAVE("wolfSSL_CTX_new_ex", 0);

            XFREE(method, heap, DYNAMIC_TYPE_METHOD);

            return NULL;

        }

    }

#ifndef NO_TLS

    if (method == NULL)

        return ctx;

#else

    /* a blank TLS method */

    method = (WOLFSSL_METHOD*)&gNoTlsMethod;

#endif

    ctx = (WOLFSSL_CTX*)XMALLOC(sizeof(WOLFSSL_CTX), heap, DYNAMIC_TYPE_CTX);

    if (ctx) {

        int ret;

        ret = InitSSL_Ctx(ctx, method, heap);

    #ifdef WOLFSSL_STATIC_MEMORY

        if (heap != NULL) {

            ctx->onHeapHint = 1; /* free the memory back to heap when done */

        }

    #endif

        if (ret < 0) {

            WOLFSSL_MSG("Init CTX failed");

            wolfSSL_CTX_free(ctx);

            ctx = NULL;

        }

#if defined(OPENSSL_EXTRA) && defined(WOLFCRYPT_HAVE_SRP) \

                           && !defined(NO_SHA256) && !defined(WC_NO_RNG)

        else {

            ctx->srp = (Srp*)XMALLOC(sizeof(Srp), heap, DYNAMIC_TYPE_SRP);

            if (ctx->srp == NULL){

                WOLFSSL_MSG("Init CTX failed");

                wolfSSL_CTX_free(ctx);

                return NULL;

            }

            XMEMSET(ctx->srp, 0, sizeof(Srp));

        }

#endif

    }

    else {

        WOLFSSL_MSG("Alloc CTX failed, method freed");

        XFREE(method, heap, DYNAMIC_TYPE_METHOD);

    }

#ifdef OPENSSL_COMPATIBLE_DEFAULTS

    if (ctx) {

        wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_NONE, NULL);

        wolfSSL_CTX_set_mode(ctx, WOLFSSL_MODE_AUTO_RETRY);

        if (wolfSSL_CTX_set_min_proto_version(ctx,

                (method->version.major == DTLS_MAJOR) ?

                DTLS1_VERSION : SSL3_VERSION) != WOLFSSL_SUCCESS ||

#ifdef HAVE_ANON

                wolfSSL_CTX_allow_anon_cipher(ctx) != WOLFSSL_SUCCESS ||

#endif

                wolfSSL_CTX_set_group_messages(ctx) != WOLFSSL_SUCCESS) {

            WOLFSSL_MSG("Setting OpenSSL CTX defaults failed");

            wolfSSL_CTX_free(ctx);

            ctx = NULL;

        }

    }

#endif

#if defined(WOLFSSL_SYS_CRYPTO_POLICY)

    /* Load the crypto-policy ciphers if configured. */

    if (ctx && wolfSSL_crypto_policy_is_enabled()) {

        const char * list = wolfSSL_crypto_policy_get_ciphers();

        int          ret = 0;

        if (list != NULL && *list != '\0') {

            if (AllocateCtxSuites(ctx) != 0) {

                WOLFSSL_MSG("allocate ctx suites failed");

                wolfSSL_CTX_free(ctx);

                ctx = NULL;

            }

            else {

                ret = wolfSSL_parse_cipher_list(ctx, NULL, ctx->suites, list);

                if (ret != WOLFSSL_SUCCESS) {

                    WOLFSSL_MSG("parse cipher list failed");

                    wolfSSL_CTX_free(ctx);

                    ctx = NULL;

                }

            }

        }

    }

#endif /* WOLFSSL_SYS_CRYPTO_POLICY */

    WOLFSSL_LEAVE("wolfSSL_CTX_new_ex", 0);

    return ctx;

}

WOLFSSL_ABI

WOLFSSL_CTX* wolfSSL_CTX_new(WOLFSSL_METHOD* method)

{

#ifdef WOLFSSL_HEAP_TEST

    /* if testing the heap hint then set top level CTX to have test value */

    return wolfSSL_CTX_new_ex(method, (void*)WOLFSSL_HEAP_TEST);

#else

    return wolfSSL_CTX_new_ex(method, NULL);

#endif

}

/* increases CTX reference count to track proper time to "free" */

int wolfSSL_CTX_up_ref(WOLFSSL_CTX* ctx)

{

    int ret;

    wolfSSL_RefWithMutexInc(&ctx->ref, &ret);

#ifdef WOLFSSL_REFCNT_ERROR_RETURN

    return ((ret == 0) ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE);

#else

    (void)ret;

    return WOLFSSL_SUCCESS;

#endif

}

WOLFSSL_ABI

void wolfSSL_CTX_free(WOLFSSL_CTX* ctx)

{

    WOLFSSL_ENTER("wolfSSL_CTX_free");

    if (ctx) {

        FreeSSL_Ctx(ctx);

    }

    WOLFSSL_LEAVE("wolfSSL_CTX_free", 0);

}

#ifdef HAVE_ENCRYPT_THEN_MAC

/**

 * Sets whether Encrypt-Then-MAC extension can be negotiated against context.

 * The default value: enabled.

 *

 * ctx  SSL/TLS context.

 * set  Whether to allow or not: 1 is allow and 0 is disallow.

 * returns WOLFSSL_SUCCESS

 */

int wolfSSL_CTX_AllowEncryptThenMac(WOLFSSL_CTX *ctx, int set)

{

    ctx->disallowEncThenMac = !set;

    return WOLFSSL_SUCCESS;

}

/**

 * Sets whether Encrypt-Then-MAC extension can be negotiated against context.

 * The default value comes from context.

 *

 * ctx  SSL/TLS context.

 * set  Whether to allow or not: 1 is allow and 0 is disallow.

 * returns WOLFSSL_SUCCESS

 */

int wolfSSL_AllowEncryptThenMac(WOLFSSL *ssl, int set)

{

    ssl->options.disallowEncThenMac = !set;

    return WOLFSSL_SUCCESS;

}

#endif

#ifdef SINGLE_THREADED

/* no locking in single threaded mode, allow a CTX level rng to be shared with

 * WOLFSSL objects, WOLFSSL_SUCCESS on ok */

int wolfSSL_CTX_new_rng(WOLFSSL_CTX* ctx)

{

    WC_RNG* rng;

    int     ret;

    if (ctx == NULL) {

        return BAD_FUNC_ARG;

    }

    rng = (WC_RNG*)XMALLOC(sizeof(WC_RNG), ctx->heap, DYNAMIC_TYPE_RNG);

    if (rng == NULL) {

        return MEMORY_E;

    }

#ifndef HAVE_FIPS

    ret = wc_InitRng_ex(rng, ctx->heap, ctx->devId);

#else

    ret = wc_InitRng(rng);

#endif

    if (ret != 0) {

        XFREE(rng, ctx->heap, DYNAMIC_TYPE_RNG);

        return ret;

    }

    ctx->rng = rng;

    return WOLFSSL_SUCCESS;

}

#endif

WOLFSSL_ABI

WOLFSSL* wolfSSL_new(WOLFSSL_CTX* ctx)

{

    WOLFSSL* ssl = NULL;

    int ret = 0;

    WOLFSSL_ENTER("wolfSSL_new");

    if (ctx == NULL) {

        WOLFSSL_MSG("wolfSSL_new ctx is null");

        return NULL;

    }

    ssl = (WOLFSSL*) XMALLOC(sizeof(WOLFSSL), ctx->heap, DYNAMIC_TYPE_SSL);

    if (ssl == NULL) {

        WOLFSSL_MSG_EX("ssl xmalloc failed to allocate %d bytes",

                        (int)sizeof(WOLFSSL));

    }

    else {

        ret = InitSSL(ssl, ctx, 0);

        if (ret < 0) {

            WOLFSSL_MSG_EX("wolfSSL_new failed during InitSSL. err = %d", ret);

            FreeSSL(ssl, ctx->heap);

            ssl = NULL;

        }

        else if (ret == 0) {

            WOLFSSL_MSG("wolfSSL_new InitSSL success");

        }

        else {

            /* Only success (0) or negative values should ever be seen. */

            WOLFSSL_MSG_EX("WARNING: wolfSSL_new unexpected InitSSL return"

                           " value = %d", ret);

        } /* InitSSL check */

    } /* ssl XMALLOC success */

    WOLFSSL_LEAVE("wolfSSL_new InitSSL =", ret);

    (void)ret;

    return ssl;

}

WOLFSSL_ABI

void wolfSSL_free(WOLFSSL* ssl)

{

    WOLFSSL_ENTER("wolfSSL_free");

    if (ssl) {

        WOLFSSL_MSG_EX("Free SSL: %p", (wc_ptr_t)ssl);

        FreeSSL(ssl, ssl->ctx->heap);

    }

    else {

        WOLFSSL_MSG("Free SSL: wolfSSL_free already null");

    }

    WOLFSSL_LEAVE("wolfSSL_free", 0);

}

int wolfSSL_is_server(WOLFSSL* ssl)

{

    if (ssl == NULL)

        return BAD_FUNC_ARG;

    return ssl->options.side == WOLFSSL_SERVER_END;

}

#ifdef HAVE_WRITE_DUP

/*

 * Release resources around WriteDup object

 *

 * ssl WOLFSSL object

 *

 * no return, destruction so make best attempt

*/

void FreeWriteDup(WOLFSSL* ssl)

{

    int doFree = 0;

    WOLFSSL_ENTER("FreeWriteDup");

    if (ssl->dupWrite) {

        if (wc_LockMutex(&ssl->dupWrite->dupMutex) == 0) {

            ssl->dupWrite->dupCount--;

            if (ssl->dupWrite->dupCount == 0) {

                doFree = 1;

            } else {

                WOLFSSL_MSG("WriteDup count not zero, no full free");

            }

            wc_UnLockMutex(&ssl->dupWrite->dupMutex);

        }

    }

    if (doFree) {

#ifdef WOLFSSL_DTLS13

        struct Dtls13RecordNumber* rn = ssl->dupWrite->sendAckList;

        while (rn != NULL) {

            struct Dtls13RecordNumber* next = rn->next;

            XFREE(rn, ssl->heap, DYNAMIC_TYPE_DTLS_MSG);

            rn = next;

        }

#endif

#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)

        Free_HS_Hashes(ssl->dupWrite->postHandshakeHashState, ssl->heap);

        {

            CertReqCtx* ctx = ssl->dupWrite->postHandshakeCertReqCtx;

            while (ctx != NULL) {

                CertReqCtx* nxt = ctx->next;

                XFREE(ctx, ssl->heap, DYNAMIC_TYPE_TMP_BUFFER);

                ctx = nxt;

            }

        }

#endif /* WOLFSSL_TLS13 && WOLFSSL_POST_HANDSHAKE_AUTH */

        wc_FreeMutex(&ssl->dupWrite->dupMutex);

        XFREE(ssl->dupWrite, ssl->heap, DYNAMIC_TYPE_WRITEDUP);

        WOLFSSL_MSG("Did WriteDup full free, count to zero");

    }

}

/*

 * duplicate existing ssl members into dup needed for writing

 *

 * dup write only WOLFSSL

 * ssl existing WOLFSSL

 *

 * 0 on success

*/

static int DupSSL(WOLFSSL* dup, WOLFSSL* ssl)

{

    word16 tmp_weOwnRng;

    /* shared dupWrite setup */

    ssl->dupWrite = (WriteDup*)XMALLOC(sizeof(WriteDup), ssl->heap,

                                       DYNAMIC_TYPE_WRITEDUP);

    if (ssl->dupWrite == NULL) {

        return MEMORY_E;

    }

    XMEMSET(ssl->dupWrite, 0, sizeof(WriteDup));

    if (wc_InitMutex(&ssl->dupWrite->dupMutex) != 0) {

        XFREE(ssl->dupWrite, ssl->heap, DYNAMIC_TYPE_WRITEDUP);

        ssl->dupWrite = NULL;

        return BAD_MUTEX_E;

    }

    ssl->dupWrite->dupCount = 2;    /* both sides have a count to start */

    dup->dupWrite = ssl->dupWrite; /* each side uses */

    tmp_weOwnRng = dup->options.weOwnRng;

    /* copy write parts over to dup writer */

    XMEMCPY(&dup->specs,   &ssl->specs,   sizeof(CipherSpecs));

    XMEMCPY(&dup->options, &ssl->options, sizeof(Options));

    XMEMCPY(&dup->keys,    &ssl->keys,    sizeof(Keys));

    XMEMCPY(&dup->encrypt, &ssl->encrypt, sizeof(Ciphers));

    XMEMCPY(&dup->version, &ssl->version, sizeof(ProtocolVersion));

    XMEMCPY(&dup->chVersion, &ssl->chVersion, sizeof(ProtocolVersion));

    /* dup side now owns encrypt/write ciphers */

    XMEMSET(&ssl->encrypt, 0, sizeof(Ciphers));

#ifdef HAVE_ONE_TIME_AUTH

#ifdef HAVE_POLY1305

    if (ssl->auth.setup && ssl->auth.poly1305 != NULL) {

        dup->auth.poly1305 = (Poly1305*)XMALLOC(sizeof(Poly1305), dup->heap,

            DYNAMIC_TYPE_CIPHER);

        if (dup->auth.poly1305 == NULL)

            return MEMORY_E;

        dup->auth.setup = 1;

    }

#endif

#endif

#ifdef WOLFSSL_TLS13

    if (IsAtLeastTLSv1_3(ssl->version)) {

        /* Copy TLS 1.3 application traffic secrets so the write side can

         * derive updated keys when wolfSSL_update_keys() is called. */

        XMEMCPY(dup->clientSecret, ssl->clientSecret, SECRET_LEN);

        XMEMCPY(dup->serverSecret, ssl->serverSecret, SECRET_LEN);

#ifdef WOLFSSL_DTLS13

        if (ssl->options.dtls) {

            /* Copy epoch array (contains only value types -- safe to memcpy). */

            XMEMCPY(dup->dtls13Epochs, ssl->dtls13Epochs,

                    sizeof(ssl->dtls13Epochs));

            /* Re-point dtls13EncryptEpoch into dup's own epoch array. */

            if (ssl->dtls13EncryptEpoch != NULL) {

                dup->dtls13EncryptEpoch =

                    &dup->dtls13Epochs[ssl->dtls13EncryptEpoch -

                                       ssl->dtls13Epochs];

            }

            /* Copy current write epoch number. */

            dup->dtls13Epoch = ssl->dtls13Epoch;

            /* Transfer record-number encryption cipher ownership to dup. */

            XMEMCPY(&dup->dtlsRecordNumberEncrypt,

                    &ssl->dtlsRecordNumberEncrypt, sizeof(RecordNumberCiphers));

            XMEMSET(&ssl->dtlsRecordNumberEncrypt,

                    0, sizeof(RecordNumberCiphers));

        }

#endif /* WOLFSSL_DTLS13 */

    }

#endif /* WOLFSSL_TLS13 */

    dup->IOCB_WriteCtx = ssl->IOCB_WriteCtx;

    dup->CBIOSend = ssl->CBIOSend;

#ifdef OPENSSL_EXTRA

    dup->cbioFlag = ssl->cbioFlag;

#endif

    dup->wfd    = ssl->wfd;

    dup->wflags = ssl->wflags;

#ifndef WOLFSSL_AEAD_ONLY

    dup->hmac   = ssl->hmac;

#endif

#ifdef HAVE_TRUNCATED_HMAC

    dup->truncated_hmac = ssl->truncated_hmac;

#endif

    /* Restore rng option */

    dup->options.weOwnRng = tmp_weOwnRng;

    /* unique side dup setup */

    dup->dupSide = WRITE_DUP_SIDE;

    ssl->dupSide = READ_DUP_SIDE;

    return 0;

}

/*

 * duplicate a WOLFSSL object post handshake for writing only

 * turn existing object into read only.  Allows concurrent access from two

 * different threads.

 *

 * ssl existing WOLFSSL object

 *

 * return dup'd WOLFSSL object on success

*/

WOLFSSL* wolfSSL_write_dup(WOLFSSL* ssl)

{

    WOLFSSL* dup = NULL;

    int ret = 0;

    (void)ret;

    WOLFSSL_ENTER("wolfSSL_write_dup");

    if (ssl == NULL) {

        return ssl;

    }

    if (ssl->options.handShakeDone == 0) {

        WOLFSSL_MSG("wolfSSL_write_dup called before handshake complete");

        return NULL;

    }

    if (ssl->dupWrite) {

        WOLFSSL_MSG("wolfSSL_write_dup already called once");

        return NULL;

    }

    dup = (WOLFSSL*) XMALLOC(sizeof(WOLFSSL), ssl->ctx->heap, DYNAMIC_TYPE_SSL);

    if (dup) {

        if ( (ret = InitSSL(dup, ssl->ctx, 1)) < 0) {

            FreeSSL(dup, ssl->ctx->heap);

            dup = NULL;

        } else if ( (ret = DupSSL(dup, ssl)) < 0) {

            FreeSSL(dup, ssl->ctx->heap);

            dup = NULL;

        }

    }

    WOLFSSL_LEAVE("wolfSSL_write_dup", ret);

    return dup;

}

/*

 * Notify write dup side of fatal error or close notify

 *

 * ssl WOLFSSL object

 * err Notify err

 *

 * 0 on success

*/

int NotifyWriteSide(WOLFSSL* ssl, int err)

{

    int ret;

    WOLFSSL_ENTER("NotifyWriteSide");

    ret = wc_LockMutex(&ssl->dupWrite->dupMutex);

    if (ret == 0) {

        ssl->dupWrite->dupErr = err;

        ret = wc_UnLockMutex(&ssl->dupWrite->dupMutex);

    }

    return ret;

}

#endif /* HAVE_WRITE_DUP */

#ifdef HAVE_POLY1305

/* set if to use old poly 1 for yes 0 to use new poly */

int wolfSSL_use_old_poly(WOLFSSL* ssl, int value)

{

    (void)ssl;

    (void)value;

#ifndef WOLFSSL_NO_TLS12

    WOLFSSL_ENTER("wolfSSL_use_old_poly");

    WOLFSSL_MSG("Warning SSL connection auto detects old/new and this function"

            "is depreciated");

    ssl->options.oldPoly = (word16)value;

    WOLFSSL_LEAVE("wolfSSL_use_old_poly", 0);

#endif

    return 0;

}

#endif

WOLFSSL_ABI

int wolfSSL_set_fd(WOLFSSL* ssl, int fd)

{

    int ret;

    WOLFSSL_ENTER("wolfSSL_set_fd");

    if (ssl == NULL) {

        return BAD_FUNC_ARG;

    }

    ret = wolfSSL_set_read_fd(ssl, fd);

    if (ret == WOLFSSL_SUCCESS) {

        ret = wolfSSL_set_write_fd(ssl, fd);

    }

    return ret;