luna - wolfssl/src/ssl

   1/* ssl_load.c
   2 *
   3 * Copyright (C) 2006-2026 wolfSSL Inc.
   4 *
   5 * This file is part of wolfSSL.
   6 *
   7 * wolfSSL is free software; you can redistribute it and/or modify
   8 * it under the terms of the GNU General Public License as published by
   9 * the Free Software Foundation; either version 3 of the License, or
  10 * (at your option) any later version.
  11 *
  12 * wolfSSL is distributed in the hope that it will be useful,
  13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
  14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  15 * GNU General Public License for more details.
  16 *
  17 * You should have received a copy of the GNU General Public License
  18 * along with this program; if not, write to the Free Software
  19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
  20 */
  21
  22#include <wolfssl/wolfcrypt/libwolfssl_sources.h>
  23
  24/*
  25 * WOLFSSL_SYS_CA_CERTS
  26 *     Enables ability to load system CA certs from the OS via
  27 *     wolfSSL_CTX_load_system_CA_certs.
  28 */
  29
  30#ifdef WOLFSSL_SYS_CA_CERTS
  31/* Will be turned off automatically when NO_FILESYSTEM is defined
  32 * for non Mac/Windows systems */
  33
  34#ifdef _WIN32
  35    #define _WINSOCKAPI_ /* block inclusion of winsock.h header file */
  36    #include <windows.h>
  37    #include <wincrypt.h>
  38    #undef _WINSOCKAPI_ /* undefine it for MINGW winsock2.h header file */
  39
  40    /* mingw gcc does not support pragma comment, and the
  41     * linking with crypt32 is handled in configure.ac */
  42    #if !defined(__MINGW32__) && !defined(__MINGW64__)
  43        #pragma comment(lib, "crypt32")
  44    #endif
  45#endif
  46
  47#if defined(__APPLE__)
  48#if defined(HAVE_SECURITY_SECTRUSTSETTINGS_H)
  49#include <Security/SecTrustSettings.h>
  50#endif /* HAVE_SECURITY_SECTRUSTSETTINGS_H */
  51#ifdef WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION
  52#include <CoreFoundation/CoreFoundation.h>
  53#endif /* WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION */
  54#endif /* __APPLE__ */
  55
  56#endif /* WOLFSSL_SYS_CA_CERTS */
  57
  58#if !defined(WOLFSSL_SSL_LOAD_INCLUDED)
  59    #ifndef WOLFSSL_IGNORE_FILE_WARN
  60        #warning ssl_load.c does not need to be compiled separately from ssl.c
  61    #endif
  62#else
  63
  64#include <wolfssl/wolfcrypt/logging.h>
  65
  66#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
  67    /* PSK field of context when it exists. */
  68    #define CTX_HAVE_PSK(ctx)   (ctx)->havePSK
  69    /* PSK field of ssl when it exists. */
  70    #define SSL_HAVE_PSK(ssl)   (ssl)->options.havePSK
  71#else
  72    /* Have PSK value when no field. */
  73    #define CTX_HAVE_PSK(ctx)   0
  74    /* Have PSK value when no field. */
  75    #define SSL_HAVE_PSK(ssl)   0
  76#endif
  77#ifdef NO_RSA
  78    /* Boolean for RSA available. */
  79    #define WOLFSSL_HAVE_RSA    0
  80#else
  81    /* Boolean for RSA available. */
  82    #define WOLFSSL_HAVE_RSA    1
  83#endif
  84#ifndef NO_CERTS
  85    /* Private key size from ssl. */
  86    #define SSL_KEY_SZ(ssl)     (ssl)->buffers.keySz
  87#else
  88    /* Private key size not available. */
  89    #define SSL_KEY_SZ(ssl)     0
  90#endif
  91#ifdef HAVE_ANON
  92    /* Anonymous ciphersuite allowed field in context. */
  93    #define CTX_USE_ANON(ctx)   (ctx)->useAnon
  94#else
  95    /* Anonymous ciphersuite allowed field not in context. */
  96    #define CTX_USE_ANON(ctx)   0
  97#endif
  98
  99#ifdef HAVE_PK_CALLBACKS
 100    #define WOLFSSL_IS_PRIV_PK_SET(ctx, ssl)                            \
 101        wolfSSL_CTX_IsPrivatePkSet(((ssl) == NULL) ? (ctx) : (ssl)->ctx)
 102#else
 103    #define WOLFSSL_IS_PRIV_PK_SET(ctx, ssl)    0
 104#endif
 105
 106/* Get the heap from the context or the ssl depending on which is available. */
 107#define WOLFSSL_HEAP(ctx, ssl)                                              \
 108    (((ctx) != NULL) ? (ctx)->heap : (((ssl) != NULL) ? (ssl)->heap : NULL))
 109
 110
 111#ifndef NO_CERTS
 112
 113/* Get DER encoding from data in a buffer as a DerBuffer.
 114 *
 115 * @param [in]      buff    Buffer containing data.
 116 * @param [in]      len     Length of data in buffer.
 117 * @param [in]      format  Format of data:
 118 *                            WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1.
 119 * @param [in]      type    Type of data:
 120 *                            CERT_TYPE, CA_TYPE, TRUSTED_PEER_TYPE,
 121 *                            PRIVATEKEY_TYPE or ALT_PRIVATEKEY_TYPE.
 122 * @param [in, out] info    Info for encryption.
 123 * @param [in]      heap    Dynamic memory allocation hint.
 124 * @param [out]     der     Holds DER encoded data.
 125 * @param [out]     algId   Algorithm identifier for private keys.
 126 * @return  0 on success.
 127 * @return  NOT_COMPILED_IN when format is PEM and PEM not supported.
 128 * @return  ASN_PARSE_E when format is ASN.1 and invalid DER encoding.
 129 * @return  MEMORY_E when dynamic memory allocation fails.
 130 */
 131static int DataToDerBuffer(const unsigned char* buff, word32 len, int format,
 132    int type, EncryptedInfo* info, void* heap, DerBuffer** der, int* algId)
 133{
 134    int ret;
 135
 136    info->consumed = 0;
 137
 138    /* Data in buffer has PEM format - extract DER data. */
 139    if (format == WOLFSSL_FILETYPE_PEM) {
 140    #ifdef WOLFSSL_PEM_TO_DER
 141        ret = PemToDer(buff, (long)(len), type, der, heap, info, algId);
 142        if (ret != 0) {
 143            FreeDer(der);
 144        }
 145    #else
 146        (void)algId;
 147        ret = NOT_COMPILED_IN;
 148    #endif
 149    }
 150    /* Data in buffer is ASN.1 format - get first SEQ or OCT into der. */
 151    else {
 152        /* Get length of SEQ including header. */
 153        if ((info->consumed = wolfssl_der_length(buff, (int)len)) > 0) {
 154            ret = 0;
 155        }
 156        else {
 157            ret = ASN_PARSE_E;
 158        }
 159
 160        if (info->consumed > (int)len) {
 161            ret = ASN_PARSE_E;
 162        }
 163        if (ret == 0) {
 164            ret = AllocCopyDer(der, buff, (word32)info->consumed, type, heap);
 165        }
 166    }
 167
 168    return ret;
 169}
 170
 171/* Process a user's certificate.
 172 *
 173 * Puts the 3-byte length before certificate data as required for TLS.
 174 * CA certificates are added to the certificate manager.
 175 *
 176 * @param [in]      cm           Certificate manager.
 177 * @param [in, out] pDer         DER encoded data.
 178 * @param [in]      type         Type of data. Valid values:
 179 *                                 CERT_TYPE, CA_TYPE or TRUSTED_PEER_TYPE.
 180 * @param [in]      verify       How to verify certificate.
 181 * @param [out]     chainBuffer  Buffer to hold chain of certificates.
 182 * @param [in, out] pIdx         On in, current index into chainBuffer.
 183 *                               On out, index after certificate added.
 184 * @param [in]      bufferSz     Size of buffer in bytes.
 185 * @return  0 on success.
 186 * @return  BUFFER_E if chain buffer not big enough to hold certificate.
 187 */
 188static int ProcessUserCert(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer,
 189    int type, int verify, byte* chainBuffer, word32* pIdx, word32 bufferSz)
 190{
 191    int ret = 0;
 192    word32 idx = *pIdx;
 193    DerBuffer* der = *pDer;
 194
 195    /* Check there is space for certificate in chainBuffer. */
 196    if ((ret == 0) && ((idx + der->length + CERT_HEADER_SZ) > bufferSz)) {
 197        WOLFSSL_MSG("   Cert Chain bigger than buffer. "
 198                    "Consider increasing MAX_CHAIN_DEPTH");
 199        ret = BUFFER_E;
 200    }
 201    if (ret == 0) {
 202        /* 3-byte length. */
 203        c32to24(der->length, &chainBuffer[idx]);
 204        idx += CERT_HEADER_SZ;
 205        /* Add complete DER encoded certificate. */
 206        XMEMCPY(&chainBuffer[idx], der->buffer, der->length);
 207        idx += der->length;
 208
 209        if (type == CA_TYPE) {
 210            /* Add CA to certificate manager */
 211            ret = AddCA(cm, pDer, WOLFSSL_USER_CA, verify);
 212            if (ret == 1) {
 213                ret = 0;
 214            }
 215        }
 216    }
 217
 218    /* Update the index into chainBuffer. */
 219    *pIdx = idx;
 220    return ret;
 221}
 222
 223/* Store the certificate chain buffer aganst WOLFSSL_CTX or WOLFSSL object.
 224 *
 225 * @param [in, out] ctx          SSL context object.
 226 * @param [in, out] ssl          SSL object.
 227 * @param [in]      chainBuffer  Buffer containing chain of certificates.
 228 * @param [in]      len          Length, in bytes, of data in buffer.
 229 * @param [in]      cnt          Number of certificates in chain.
 230 * @param [in]      type         Type of data. Valid values:
 231 *                                 CERT_TYPE, CA_TYPE or CHAIN_CERT_TYPE.
 232 * @param [in]      heap         Dynamic memory allocation hint.
 233 * @return  0 on success.
 234 * @return  MEMORY_E when dynamic memory allocation fails.
 235 */
 236static int ProcessUserChainRetain(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
 237    const byte* chainBuffer, word32 len, int cnt, int type, void* heap)
 238{
 239    int ret = 0;
 240
 241    (void)cnt;
 242
 243    /* Store in SSL object if available. */
 244    if (ssl != NULL) {
 245        /* Dispose of old chain if not reference to context's. */
 246        if (ssl->buffers.weOwnCertChain) {
 247            FreeDer(&ssl->buffers.certChain);
 248        }
 249        /* Allocate and copy the buffer into SSL object. */
 250        ret = AllocCopyDer(&ssl->buffers.certChain, chainBuffer, len, type,
 251            heap);
 252        ssl->buffers.weOwnCertChain = (ret == 0);
 253        /* Update count of certificates in chain. */
 254        ssl->buffers.certChainCnt = cnt;
 255    }
 256    /* Store in SSL context object if available. */
 257    else if (ctx != NULL) {
 258        /* Dispose of old chain and allocate and copy in new chain. */
 259        FreeDer(&ctx->certChain);
 260        /* Allocate and copy the buffer into SSL context object. */
 261        ret = AllocCopyDer(&ctx->certChain, chainBuffer, len, type, heap);
 262        /* Update count of certificates in chain. */
 263        ctx->certChainCnt = cnt;
 264    }
 265
 266    return ret;
 267}
 268
 269/* Process user cert chain to pass during the TLS handshake.
 270 *
 271 * If not a certificate type then data is ignored.
 272 *
 273 * @param [in, out] ctx     SSL context object.
 274 * @param [in, out] ssl     SSL object.
 275 * @param [in]      buff    Buffer holding certificates.
 276 * @param [in]      sz      Length of data in buffer.
 277 * @param [in]      format  Format of the certificate:
 278 *                            WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1
 279 * @param [in]      type    Type of certificate:
 280 *                            CA_TYPE, CERT_TYPE or CHAIN_CERT_TYPE
 281 * @param [out]     used    Number of bytes from buff used.
 282 * @param [in, out] info    Encryption information.
 283 * @param [in]      verify  How to verify certificate.
 284 * @return  0 on success.
 285 * @return  BAD_FUNC_ARG when type is CA_TYPE and ctx is NULL.
 286 * @return  MEMORY_E when dynamic memory allocation fails.
 287 */
 288static int ProcessUserChain(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
 289    const unsigned char* buff, long sz, int format, int type, long* used,
 290    EncryptedInfo* info, int verify)
 291{
 292    int ret = 0;
 293    void* heap = WOLFSSL_HEAP(ctx, ssl);
 294
 295    WOLFSSL_ENTER("ProcessUserChain");
 296
 297    /* Check we haven't consumed all the data. */
 298    if (info->consumed >= sz) {
 299        WOLFSSL_MSG("Already consumed data");
 300    }
 301    else {
 302    #ifndef WOLFSSL_SMALL_STACK
 303        byte stackBuffer[FILE_BUFFER_SIZE];
 304    #endif
 305        StaticBuffer chain;
 306        long   consumed = info->consumed;
 307        word32 idx = 0;
 308        int    gotOne = 0;
 309        int    cnt = 0;
 310        /* Calculate max possible size, including max headers */
 311        long   maxSz = (sz - consumed) + (CERT_HEADER_SZ * MAX_CHAIN_DEPTH);
 312
 313        /* Setup buffer to hold chain. */
 314    #ifdef WOLFSSL_SMALL_STACK
 315        static_buffer_init(&chain);
 316    #else
 317        static_buffer_init(&chain, stackBuffer, FILE_BUFFER_SIZE);
 318    #endif
 319        /* Make buffer big enough to support maximum size. */
 320        ret = static_buffer_set_size(&chain, (word32)maxSz, heap,
 321            DYNAMIC_TYPE_FILE);
 322
 323        WOLFSSL_MSG("Processing Cert Chain");
 324        /* Keep parsing certificates will data available. */
 325        while ((ret == 0) && (consumed < sz)) {
 326            DerBuffer* part = NULL;
 327
 328            /* Get a certificate as DER. */
 329            ret = DataToDerBuffer(buff + consumed, (word32)(sz - consumed),
 330                format, type, info, heap, &part, NULL);
 331            if (ret == 0) {
 332                /* Process the user certificate. */
 333                ret = ProcessUserCert(ctx->cm, &part, type, verify,
 334                   chain.buffer, &idx, (word32)maxSz);
 335            }
 336            /* PEM may have trailing data that can be ignored. */
 337            if ((ret == WC_NO_ERR_TRACE(ASN_NO_PEM_HEADER)) && gotOne) {
 338                WOLFSSL_MSG("We got one good cert, so stuff at end ok");
 339                ret = 0;
 340                break;
 341            }
 342            /* Certificate data handled. */
 343            FreeDer(&part);
 344
 345            if (ret == 0) {
 346                /* Update consumed length. */
 347                consumed += info->consumed;
 348                WOLFSSL_MSG("   Consumed another Cert in Chain");
 349                /* Update whether we got a user certificate. */
 350                gotOne |= (type != CA_TYPE);
 351                /* Update count of certificates added to chain. */
 352                cnt++;
 353            }
 354        }
 355        if (used != NULL) {
 356            /* Return the total consumed length. */
 357            *used = consumed;
 358        }
 359
 360        /* Check whether there is data in the chain buffer. */
 361        if ((ret == 0) && (idx > 0)) {
 362            /* Put the chain buffer against the SSL or SSL context object. */
 363            ret = ProcessUserChainRetain(ctx, ssl, chain.buffer, idx, cnt, type,
 364                heap);
 365        }
 366
 367        /* Dispose of chain buffer. */
 368        static_buffer_free(&chain, heap, DYNAMIC_TYPE_FILE);
 369    }
 370
 371    WOLFSSL_LEAVE("ProcessUserChain", ret);
 372    return ret;
 373}
 374
 375#ifndef NO_RSA
 376#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \
 377    (HAVE_FIPS_VERSION > 2))
 378/* See if DER data is an RSA private key.
 379 *
 380 * Checks size meets minimum RSA key size.
 381 * This implementation uses less dynamic memory.
 382 *
 383 * @param [in, out] ctx        SSL context object.
 384 * @param [in, out] ssl        SSL object.
 385 * @param [in]      der        DER encoding.
 386 * @param [in, out] keyFormat  On in, expected format. 0 means unknown.
 387 * @param [in]      devId      Device identifier.
 388 * @param [out]     keyType    Type of key.
 389 * @param [out]     keySize    Size of key.
 390 * @return  0 on success or not an RSA key and format unknown.
 391 * @return  RSA_KEY_SIZE_E when key size doesn't meet minimum required.
 392 */
 393static int ProcessBufferTryDecodeRsa(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
 394    DerBuffer* der, int* keyFormat, int devId, byte* keyType, int* keySize)
 395{
 396    int ret;
 397    word32 idx;
 398    int keySz = 0;
 399
 400    (void)devId;
 401
 402    /* Validate we have an RSA private key and get key size. */
 403    idx = 0;
 404    ret = wc_RsaPrivateKeyValidate(der->buffer, &idx, &keySz, der->length);
 405#ifdef WOLF_PRIVATE_KEY_ID
 406    /* If that didn't work then maybe a public key if device ID or callback. */
 407    if ((ret != 0) && ((devId != INVALID_DEVID) ||
 408            WOLFSSL_IS_PRIV_PK_SET(ctx, ssl))) {
 409        word32 nSz;
 410
 411        /* Decode as an RSA public key. */
 412        idx = 0;
 413        ret = wc_RsaPublicKeyDecode_ex(der->buffer, &idx, der->length, NULL,
 414            &nSz, NULL, NULL);
 415        if (ret == 0) {
 416            keySz = (int)nSz;
 417        }
 418    }
 419#endif
 420    if (ret == 0) {
 421        /* Get the minimum RSA key size from SSL or SSL context object. */
 422        int minRsaSz = ssl ? ssl->options.minRsaKeySz : ctx->minRsaKeySz;
 423
 424        /* Format, type and size are known. */
 425        *keyFormat = RSAk;
 426        *keyType = rsa_sa_algo;
 427        *keySize = keySz;
 428
 429        /* Check that the size of the RSA key is enough. */
 430        if (keySz < minRsaSz) {
 431            WOLFSSL_MSG("Private Key size too small");
 432            ret = RSA_KEY_SIZE_E;
 433        }
 434         /* No static ECC key possible. */
 435        if ((ssl != NULL) && (ssl->options.side == WOLFSSL_SERVER_END)) {
 436             ssl->options.haveStaticECC = 0;
 437        }
 438    }
 439    /* Not an RSA key but check whether we know what it is. */
 440    else if (*keyFormat == 0) {
 441        WOLFSSL_MSG("Not an RSA key");
 442        /* Format unknown so keep trying. */
 443        ret = 0;
 444    }
 445
 446    return ret;
 447}
 448#else
 449/* See if DER data is an RSA private key.
 450 *
 451 * Checks size meets minimum RSA key size.
 452 * This implementation uses more dynamic memory but supports older FIPS.
 453 *
 454 * @param [in, out] ctx        SSL context object.
 455 * @param [in, out] ssl        SSL object.
 456 * @param [in]      der        DER encoding.
 457 * @param [in, out] keyFormat  On in, expected format. 0 means unknown.
 458 * @param [in]      heap       Dynamic memory allocation hint.
 459 * @param [in]      devId      Device identifier.
 460 * @param [out]     keyType    Type of key.
 461 * @param [out]     keySize    Size of key.
 462 * @return  0 on success or not an RSA key and format unknown.
 463 * @return  RSA_KEY_SIZE_E when key size doesn't meet minimum required.
 464 */
 465static int ProcessBufferTryDecodeRsa(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
 466    DerBuffer* der, int* keyFormat, void* heap, int devId, byte* keyType,
 467    int* keySize)
 468{
 469    int ret;
 470    word32 idx;
 471    /* make sure RSA key can be used */
 472    WC_DECLARE_VAR(key, RsaKey, 1, 0);
 473
 474    /* Allocate an RSA key to parse into so we can get size. */
 475    WC_ALLOC_VAR_EX(key, RsaKey, 1, heap, DYNAMIC_TYPE_RSA,
 476        return MEMORY_E);
 477
 478    /* Initialize the RSA key. */
 479    ret = wc_InitRsaKey_ex(key, heap, devId);
 480    if (ret == 0) {
 481        /* Check we have an RSA private key. */
 482        idx = 0;
 483        ret = wc_RsaPrivateKeyDecode(der->buffer, &idx, key, der->length);
 484    #ifdef WOLF_PRIVATE_KEY_ID
 485        /* If that didn't work then maybe a public key if device ID or callback.
 486         */
 487        if ((ret != 0) && ((devId != INVALID_DEVID) ||
 488                WOLFSSL_IS_PRIV_PK_SET(ctx, ssl))) {
 489            /* If that didn't work then maybe a public key if device ID or
 490             * callback. */
 491            idx = 0;
 492            ret = wc_RsaPublicKeyDecode(der->buffer, &idx, key, der->length);
 493        }
 494    #endif
 495        if (ret == 0) {
 496            /* Get the minimum RSA key size from SSL or SSL context object. */
 497            int minRsaSz = ssl ? ssl->options.minRsaKeySz : ctx->minRsaKeySz;
 498            int keySz = wc_RsaEncryptSize((RsaKey*)key);
 499
 500            /* Format is known. */
 501            *keyFormat = RSAk;
 502            *keyType = rsa_sa_algo;
 503            *keySize = keySz;
 504
 505            /* Check that the size of the RSA key is enough. */
 506            if (keySz < minRsaSz) {
 507                WOLFSSL_MSG("Private Key size too small");
 508                ret = RSA_KEY_SIZE_E;
 509            }
 510            /* No static ECC key possible. */
 511            if ((ssl != NULL) && (ssl->options.side == WOLFSSL_SERVER_END)) {
 512                 ssl->options.haveStaticECC = 0;
 513            }
 514        }
 515        /* Not an RSA key but check whether we know what it is. */
 516        else if (*keyFormat == 0) {
 517            WOLFSSL_MSG("Not an RSA key");
 518            /* Format unknown so keep trying. */
 519            ret = 0;
 520        }
 521
 522        /* Free dynamically allocated data in key. */
 523        wc_FreeRsaKey(key);
 524    }
 525
 526    WC_FREE_VAR_EX(key, heap, DYNAMIC_TYPE_RSA);
 527
 528    return ret;
 529}
 530#endif
 531#endif /* !NO_RSA */
 532
 533#ifdef HAVE_ECC
 534/* See if DER data is an ECC private key.
 535 *
 536 * Checks size meets minimum ECC key size.
 537 *
 538 * @param [in, out] ctx        SSL context object.
 539 * @param [in, out] ssl        SSL object.
 540 * @param [in]      der        DER encoding.
 541 * @param [in, out] keyFormat  On in, expected format. 0 means unknown.
 542 * @param [in]      heap       Dynamic memory allocation hint.
 543 * @param [in]      devId      Device identifier.
 544 * @param [out]     keyType    Type of key.
 545 * @param [out]     keySize    Size of key.
 546 * @return  0 on success or not an ECC key and format unknown.
 547 * @return  ECC_KEY_SIZE_E when ECC key size doesn't meet minimum required.
 548 */
 549static int ProcessBufferTryDecodeEcc(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
 550    DerBuffer* der, int* keyFormat, void* heap, int devId, byte* keyType,
 551    int* keySize)
 552{
 553    int ret = 0;
 554    word32 idx;
 555    /* make sure ECC key can be used */
 556    WC_DECLARE_VAR(key, ecc_key, 1, 0);
 557
 558    /* Allocate an ECC key to parse into. */
 559    WC_ALLOC_VAR_EX(key, ecc_key, 1, heap, DYNAMIC_TYPE_ECC,
 560        return MEMORY_E);
 561
 562    /* Initialize ECC key. */
 563    if (wc_ecc_init_ex(key, heap, devId) == 0) {
 564        /* Decode as an ECC private key. */
 565        idx = 0;
 566        ret = wc_EccPrivateKeyDecode(der->buffer, &idx, key, der->length);
 567    #ifdef WOLF_PRIVATE_KEY_ID
 568        /* If that didn't work then maybe a public key if device ID or callback.
 569         */
 570        if ((ret != 0) && ((devId != INVALID_DEVID) ||
 571                WOLFSSL_IS_PRIV_PK_SET(ctx, ssl))) {
 572            /* Decode as an ECC public key. */
 573            idx = 0;
 574            ret = wc_EccPublicKeyDecode(der->buffer, &idx, key, der->length);
 575        }
 576    #endif
 577    #ifdef WOLFSSL_SM2
 578        if (*keyFormat == SM2k) {
 579            ret = wc_ecc_set_curve(key, WOLFSSL_SM2_KEY_BITS / 8,
 580                ECC_SM2P256V1);
 581        }
 582    #endif
 583        if (ret == 0) {
 584            /* Get the minimum ECC key size from SSL or SSL context object. */
 585            int minKeySz = ssl ? ssl->options.minEccKeySz : ctx->minEccKeySz;
 586            int keySz = wc_ecc_size(key);
 587
 588            /* Format is known. */
 589            *keyFormat = ECDSAk;
 590        #ifdef WOLFSSL_SM2
 591            if (key->dp->id == ECC_SM2P256V1) {
 592                *keyType = sm2_sa_algo;
 593            }
 594            else
 595        #endif
 596            {
 597                *keyType = ecc_dsa_sa_algo;
 598            }
 599            *keySize = keySz;
 600
 601            /* Check that the size of the ECC key is enough. */
 602            if (keySz < minKeySz) {
 603                WOLFSSL_MSG("ECC private key too small");
 604                ret = ECC_KEY_SIZE_E;
 605            }
 606            /* Static ECC key possible. */
 607            if (ssl) {
 608                ssl->options.haveStaticECC = 1;
 609            }
 610            else {
 611                ctx->haveStaticECC = 1;
 612            }
 613        }
 614        /* Not an ECC key but check whether we know what it is. */
 615        else if (*keyFormat == 0) {
 616            WOLFSSL_MSG("Not an ECC key");
 617            /* Format unknown so keep trying. */
 618            ret = 0;
 619        }
 620
 621        /* Free dynamically allocated data in key. */
 622        wc_ecc_free(key);
 623    }
 624
 625    WC_FREE_VAR_EX(key, heap, DYNAMIC_TYPE_ECC);
 626    return ret;
 627}
 628#endif /* HAVE_ECC */
 629
 630#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_IMPORT)
 631/* See if DER data is an Ed25519 private key.
 632 *
 633 * Checks size meets minimum ECC key size.
 634 *
 635 * @param [in, out] ctx        SSL context object.
 636 * @param [in, out] ssl        SSL object.
 637 * @param [in]      der        DER encoding.
 638 * @param [in, out] keyFormat  On in, expected format. 0 means unknown.
 639 * @param [in]      heap       Dynamic memory allocation hint.
 640 * @param [in]      devId      Device identifier.
 641 * @param [out]     keyType    Type of key.
 642 * @param [out]     keySize    Size of key.
 643 * @return  0 on success or not an Ed25519 key and format unknown.
 644 * @return  ECC_KEY_SIZE_E when key size doesn't meet minimum required.
 645 */
 646static int ProcessBufferTryDecodeEd25519(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
 647    DerBuffer* der, int* keyFormat, void* heap, int devId, byte* keyType,
 648    int* keySize)
 649{
 650    int ret;
 651    word32 idx;
 652    /* make sure Ed25519 key can be used */
 653    WC_DECLARE_VAR(key, ed25519_key, 1, 0);
 654
 655    /* Allocate an Ed25519 key to parse into. */
 656    WC_ALLOC_VAR_EX(key, ed25519_key, 1, heap, DYNAMIC_TYPE_ED25519,
 657        return MEMORY_E);
 658
 659    /* Initialize Ed25519 key. */
 660    ret = wc_ed25519_init_ex(key, heap, devId);
 661    if (ret == 0) {
 662        /* Decode as an Ed25519 private key. */
 663        idx = 0;
 664        ret = wc_Ed25519PrivateKeyDecode(der->buffer, &idx, key, der->length);
 665    #ifdef WOLF_PRIVATE_KEY_ID
 666        /* If that didn't work then maybe a public key if device ID or callback.
 667         */
 668        if ((ret != 0) && ((devId != INVALID_DEVID) ||
 669                WOLFSSL_IS_PRIV_PK_SET(ctx, ssl))) {
 670            /* Decode as an Ed25519 public key. */
 671            idx = 0;
 672            ret = wc_Ed25519PublicKeyDecode(der->buffer, &idx, key,
 673                der->length);
 674        }
 675    #endif
 676        if (ret == 0) {
 677            /* Get the minimum ECC key size from SSL or SSL context object. */
 678            int minKeySz = ssl ? ssl->options.minEccKeySz : ctx->minEccKeySz;
 679
 680            /* Format is known. */
 681            *keyFormat = ED25519k;
 682            *keyType = ed25519_sa_algo;
 683            *keySize = ED25519_KEY_SIZE;
 684
 685            /* Check that the size of the ECC key is enough. */
 686            if (ED25519_KEY_SIZE < minKeySz) {
 687                WOLFSSL_MSG("ED25519 private key too small");
 688                ret = ECC_KEY_SIZE_E;
 689            }
 690            if (ssl != NULL) {
 691#if !defined(WOLFSSL_NO_CLIENT_AUTH) && !defined(NO_ED25519_CLIENT_AUTH)
 692                /* Ed25519 requires caching enabled for tracking message
 693                 * hash used in EdDSA_Update for signing */
 694                ssl->options.cacheMessages = 1;
 695#endif
 696            }
 697        }
 698        /* Not an Ed25519 key but check whether we know what it is. */
 699        else if (*keyFormat == 0) {
 700            WOLFSSL_MSG("Not an Ed25519 key");
 701            /* Format unknown so keep trying. */
 702            ret = 0;
 703        }
 704
 705        /* Free dynamically allocated data in key. */
 706        wc_ed25519_free(key);
 707    }
 708
 709    WC_FREE_VAR_EX(key, heap, DYNAMIC_TYPE_ED25519);
 710    return ret;
 711}
 712#endif /* HAVE_ED25519 && HAVE_ED25519_KEY_IMPORT */
 713
 714#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT)
 715/* See if DER data is an Ed448 private key.
 716 *
 717 * Checks size meets minimum ECC key size.
 718 *
 719 * @param [in, out] ctx        SSL context object.
 720 * @param [in, out] ssl        SSL object.
 721 * @param [in]      der        DER encoding.
 722 * @param [in, out] keyFormat  On in, expected format. 0 means unknown.
 723 * @param [in]      heap       Dynamic memory allocation hint.
 724 * @param [in]      devId      Device identifier.
 725 * @param [out]     keyType    Type of key.
 726 * @param [out]     keySize    Size of key.
 727 * @return  0 on success or not an Ed448 key and format unknown.
 728 * @return  ECC_KEY_SIZE_E when key size doesn't meet minimum required.
 729 */
 730static int ProcessBufferTryDecodeEd448(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
 731    DerBuffer* der, int* keyFormat, void* heap, int devId, byte* keyType,
 732    int* keySize)
 733{
 734    int ret;
 735    word32 idx;
 736    /* make sure Ed448 key can be used */
 737    WC_DECLARE_VAR(key, ed448_key, 1, 0);
 738
 739    /* Allocate an Ed448 key to parse into. */
 740    WC_ALLOC_VAR_EX(key, ed448_key, 1, heap, DYNAMIC_TYPE_ED448,
 741        return MEMORY_E);
 742
 743    /* Initialize Ed448 key. */
 744    ret = wc_ed448_init_ex(key, heap, devId);
 745    if (ret == 0) {
 746        /* Decode as an Ed448 private key. */
 747        idx = 0;
 748        ret = wc_Ed448PrivateKeyDecode(der->buffer, &idx, key, der->length);
 749    #ifdef WOLF_PRIVATE_KEY_ID
 750        /* If that didn't work then maybe a public key if device ID or callback.
 751         */
 752        if ((ret != 0) && ((devId != INVALID_DEVID) ||
 753                WOLFSSL_IS_PRIV_PK_SET(ctx, ssl))) {
 754            /* Decode as an Ed448 public key. */
 755            idx = 0;
 756            ret = wc_Ed448PublicKeyDecode(der->buffer, &idx, key, der->length);
 757        }
 758    #endif
 759        if (ret == 0) {
 760            /* Get the minimum ECC key size from SSL or SSL context object. */
 761            int minKeySz = ssl ? ssl->options.minEccKeySz : ctx->minEccKeySz;
 762
 763            /* Format is known. */
 764            *keyFormat = ED448k;
 765            *keyType = ed448_sa_algo;
 766            *keySize = ED448_KEY_SIZE;
 767
 768            /* Check that the size of the ECC key is enough. */
 769            if (ED448_KEY_SIZE < minKeySz) {
 770                WOLFSSL_MSG("ED448 private key too small");
 771                ret = ECC_KEY_SIZE_E;
 772            }
 773        #if !defined(WOLFSSL_NO_CLIENT_AUTH) && !defined(NO_ED448_CLIENT_AUTH)
 774            if (ssl != NULL) {
 775                /* Ed448 requires caching enabled for tracking message
 776                 * hash used in EdDSA_Update for signing */
 777                ssl->options.cacheMessages = 1;
 778            }
 779        #endif
 780        }
 781        /* Not an Ed448 key but check whether we know what it is. */
 782        else if (*keyFormat == 0) {
 783            WOLFSSL_MSG("Not an Ed448 key");
 784            /* Format unknown so keep trying. */
 785            ret = 0;
 786        }
 787
 788        /* Free dynamically allocated data in key. */
 789        wc_ed448_free(key);
 790    }
 791
 792    WC_FREE_VAR_EX(key, heap, DYNAMIC_TYPE_ED448);
 793    return ret;
 794}
 795#endif /* HAVE_ED448 && HAVE_ED448_KEY_IMPORT */
 796
 797#if defined(HAVE_FALCON)
 798/* See if DER data is an Falcon private key.
 799 *
 800 * Checks size meets minimum Falcon key size.
 801 *
 802 * @param [in, out] ctx        SSL context object.
 803 * @param [in, out] ssl        SSL object.
 804 * @param [in]      der        DER encoding.
 805 * @param [in, out] keyFormat  On in, expected format. 0 means unknown.
 806 * @param [in]      heap       Dynamic memory allocation hint.
 807 * @param [in]      devId      Device identifier.
 808 * @param [out]     keyType    Type of key.
 809 * @param [out]     keySize    Size of key.
 810 * @return  0 on success or not an Falcon key and format unknown.
 811 * @return  FALCON_KEY_SIZE_E when key size doesn't meet minimum required.
 812 */
 813static int ProcessBufferTryDecodeFalcon(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
 814    DerBuffer* der, int* keyFormat, void* heap, byte* keyType, int* keySize)
 815{
 816    int ret;
 817    falcon_key* key;
 818
 819    /* Allocate a Falcon key to parse into. */
 820    key = (falcon_key*)XMALLOC(sizeof(falcon_key), heap, DYNAMIC_TYPE_FALCON);
 821    if (key == NULL) {
 822        return MEMORY_E;
 823    }
 824
 825    /* Initialize Falcon key. */
 826    ret = wc_falcon_init(key);
 827    if (ret == 0) {
 828        byte level = 0;
 829        word32 idx;
 830
 831        if (*keyFormat == FALCON_LEVEL1k) {
 832            level = 1;
 833        }
 834        else if (*keyFormat == FALCON_LEVEL5k) {
 835            level = 5;
 836        }
 837
 838        if (level != 0) {
 839            /* Caller told us the level via the OID sum. */
 840            ret = wc_falcon_set_level(key, level);
 841            if (ret == 0) {
 842                idx = 0;
 843                ret = wc_Falcon_PrivateKeyDecode(der->buffer, &idx, key,
 844                                                  der->length);
 845            }
 846        }
 847        else if (*keyFormat == 0) {
 848            /* Key format unknown. Try both levels; the expected OID inside
 849             * wc_Falcon_PrivateKeyDecode rejects non-matching DER. Re-init
 850             * between attempts so a partial first decode can't leave stale
 851             * bytes in key->k / key->p. */
 852            idx = 0;
 853            if (wc_falcon_set_level(key, 1) == 0 &&
 854                wc_Falcon_PrivateKeyDecode(der->buffer, &idx, key,
 855                                           der->length) == 0) {
 856                level = 1;
 857            }
 858            else {
 859                wc_falcon_free(key);
 860                if (wc_falcon_init(key) != 0) {
 861                    XFREE(key, heap, DYNAMIC_TYPE_FALCON);
 862                    return MEMORY_E;
 863                }
 864                idx = 0;
 865                if (wc_falcon_set_level(key, 5) == 0 &&
 866                    wc_Falcon_PrivateKeyDecode(der->buffer, &idx, key,
 867                                               der->length) == 0) {
 868                    level = 5;
 869                }
 870            }
 871            if (level == 0) {
 872                /* Not a Falcon key; let caller try another algorithm. */
 873                WOLFSSL_MSG("Not a Falcon key");
 874                wc_falcon_free(key);
 875                XFREE(key, heap, DYNAMIC_TYPE_FALCON);
 876                return 0;
 877            }
 878            ret = 0;
 879        }
 880        else {
 881            wc_falcon_free(key);
 882            ret = ALGO_ID_E;
 883        }
 884    }
 885
 886    if (ret == 0) {
 887        /* Get the minimum Falcon key size from SSL or SSL context object. */
 888        int minKeySz = ssl ? ssl->options.minFalconKeySz :
 889                             ctx->minFalconKeySz;
 890
 891        if (key->level == 1) {
 892            *keyFormat = FALCON_LEVEL1k;
 893            *keyType = falcon_level1_sa_algo;
 894            *keySize = FALCON_LEVEL1_KEY_SIZE;
 895        }
 896        else {
 897            *keyFormat = FALCON_LEVEL5k;
 898            *keyType = falcon_level5_sa_algo;
 899            *keySize = FALCON_LEVEL5_KEY_SIZE;
 900        }
 901
 902        /* Check that the size of the Falcon key is enough. */
 903        if (*keySize < minKeySz) {
 904            WOLFSSL_MSG("Falcon private key too small");
 905            ret = FALCON_KEY_SIZE_E;
 906        }
 907
 908        wc_falcon_free(key);
 909    }
 910    else if ((ret == WC_NO_ERR_TRACE(ALGO_ID_E)) && (*keyFormat == 0)) {
 911        WOLFSSL_MSG("Not a Falcon key");
 912        /* Format unknown so keep trying. */
 913        ret = 0;
 914    }
 915
 916    /* Dispose of allocated key. */
 917    XFREE(key, heap, DYNAMIC_TYPE_FALCON);
 918    return ret;
 919}
 920#endif
 921
 922#if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_SIGN) && \
 923    !defined(WOLFSSL_DILITHIUM_NO_ASN1)
 924/* See if DER data is an Dilithium private key.
 925 *
 926 * Checks size meets minimum Falcon key size.
 927 *
 928 * @param [in, out] ctx        SSL context object.
 929 * @param [in, out] ssl        SSL object.
 930 * @param [in]      der        DER encoding.
 931 * @param [in, out] keyFormat  On in, expected format. 0 means unknown.
 932 * @param [in]      heap       Dynamic memory allocation hint.
 933 * @param [in]      devId      Device identifier.
 934 * @param [out]     keyType    Type of key.
 935 * @param [out]     keySize    Size of key.
 936 * @return  0 on success or not a Dilithium key and format unknown.
 937 * @return  DILITHIUM_KEY_SIZE_E when key size doesn't meet minimum required.
 938 */
 939static int ProcessBufferTryDecodeDilithium(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
 940    DerBuffer* der, int* keyFormat, void* heap, byte* keyType, int* keySize)
 941{
 942    int ret;
 943    word32 idx;
 944    dilithium_key* key;
 945    int keyFormatTemp = 0;
 946    int keyTypeTemp = 0;
 947    int keySizeTemp = 0;
 948
 949    /* Allocate a Dilithium key to parse into. */
 950    key = (dilithium_key*)XMALLOC(sizeof(dilithium_key), heap,
 951        DYNAMIC_TYPE_DILITHIUM);
 952    if (key == NULL) {
 953        return MEMORY_E;
 954    }
 955
 956    /* Initialize Dilithium key. */
 957    ret = wc_dilithium_init(key);
 958    if (ret == 0) {
 959        /* Decode as a Dilithium private key. The FIPS wrapper for
 960         * wc_dilithium_import_private gates on the per-thread
 961         * privateKeyReadEnable flag, which is unset by default in any
 962         * thread that hasn't called PRIVATE_KEY_UNLOCK(). Without the
 963         * bracket, loading a Dilithium/ML-DSA private key from a
 964         * worker thread fails with FIPS_PRIVATE_KEY_LOCKED_E. */
 965        idx = 0;
 966        PRIVATE_KEY_UNLOCK();
 967        ret = wc_Dilithium_PrivateKeyDecode(der->buffer, &idx, key,
 968            der->length);
 969        PRIVATE_KEY_LOCK();
 970        if (ret == 0) {
 971            ret = dilithium_get_oid_sum(key, &keyFormatTemp);
 972            if (ret == 0) {
 973                /* Format is known. */
 974                #if defined(WOLFSSL_DILITHIUM_FIPS204_DRAFT)
 975                if (keyFormatTemp == DILITHIUM_LEVEL2k) {
 976                    keyTypeTemp = dilithium_level2_sa_algo;
 977                    keySizeTemp = DILITHIUM_LEVEL2_KEY_SIZE;
 978                }
 979                else if (keyFormatTemp == DILITHIUM_LEVEL3k) {
 980                    keyTypeTemp = dilithium_level3_sa_algo;
 981                    keySizeTemp = DILITHIUM_LEVEL3_KEY_SIZE;
 982                }
 983                else if (keyFormatTemp == DILITHIUM_LEVEL5k) {
 984                    keyTypeTemp = dilithium_level5_sa_algo;
 985                    keySizeTemp = DILITHIUM_LEVEL5_KEY_SIZE;
 986                }
 987                else
 988                #endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */
 989                if (keyFormatTemp == ML_DSA_LEVEL2k) {
 990                    keyTypeTemp = dilithium_level2_sa_algo;
 991                    keySizeTemp = ML_DSA_LEVEL2_KEY_SIZE;
 992                }
 993                else if (keyFormatTemp == ML_DSA_LEVEL3k) {
 994                    keyTypeTemp = dilithium_level3_sa_algo;
 995                    keySizeTemp = ML_DSA_LEVEL3_KEY_SIZE;
 996                }
 997                else if (keyFormatTemp == ML_DSA_LEVEL5k) {
 998                    keyTypeTemp = dilithium_level5_sa_algo;
 999                    keySizeTemp = ML_DSA_LEVEL5_KEY_SIZE;
1000                }
1001                else {
1002                    ret = ALGO_ID_E;
1003                }
1004            }
1005
1006            if (ret == 0) {
1007                /* Get the minimum Dilithium key size from SSL or SSL context
1008                 * object. */
1009                int minKeySz = ssl ? ssl->options.minDilithiumKeySz :
1010                                     ctx->minDilithiumKeySz;
1011
1012                /* Check that the size of the Dilithium key is enough. */
1013                if (keySizeTemp < minKeySz) {
1014                    WOLFSSL_MSG("Dilithium private key too small");
1015                    ret = DILITHIUM_KEY_SIZE_E;
1016                }
1017            }
1018
1019            if (ret == 0) {
1020                *keyFormat = keyFormatTemp;
1021                *keyType = keyTypeTemp;
1022                *keySize = keySizeTemp;
1023            }
1024        }
1025        else if (*keyFormat == 0) {
1026            WOLFSSL_MSG("Not a Dilithium key");
1027            /* Unknown format wasn't dilithium, so keep trying other formats. */
1028            ret = 0;
1029        }
1030
1031        /* Free dynamically allocated data in key. */
1032        wc_dilithium_free(key);
1033    }
1034
1035    /* Dispose of allocated key. */
1036    XFREE(key, heap, DYNAMIC_TYPE_DILITHIUM);
1037    return ret;
1038}
1039#endif /* HAVE_DILITHIUM */
1040
1041/* Try to decode DER data is a known private key.
1042 *
1043 * Checks size meets minimum for key type.
1044 *
1045 * @param [in, out] ctx        SSL context object.
1046 * @param [in, out] ssl        SSL object.
1047 * @param [in]      der        DER encoding.
1048 * @param [in, out] keyFormat  On in, expected format. 0 means unknown.
1049 * @param [in]      heap       Dynamic memory allocation hint.
1050 * @param [out]     type       Type of key:
1051 *                               PRIVATEKEY_TYPE or ALT_PRIVATEKEY_TYPE.
1052 * @return  0 on success.
1053 * @return  BAD_FUNC_ARG when der or keyFormat is NULL.
1054 * @return  BAD_FUNC_ARG when ctx and ssl are NULL.
1055 * @return  WOLFSSL_BAD_FILE when unable to identify the key format.
1056 */
1057static int ProcessBufferTryDecode(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
1058    DerBuffer* der, int* keyFormat, void* heap, int type)
1059{
1060    int ret = 0;
1061    int devId = wolfSSL_CTX_GetDevId(ctx, ssl);
1062    byte* keyType = NULL;
1063    int* keySz = NULL;
1064    int matchAnyKey = 0;
1065
1066    (void)heap;
1067    (void)devId;
1068    (void)type;
1069
1070    /* Validate parameters. */
1071    if ((der == NULL) || (keyFormat == NULL)) {
1072        ret = BAD_FUNC_ARG;
1073    }
1074    /* Must have an SSL context or SSL object to use. */
1075    if ((ret == 0) && (ctx == NULL) && (ssl == NULL)) {
1076        ret = BAD_FUNC_ARG;
1077    }
1078
1079    if (ret == 0) {
1080        /* Determine where to put key type and size in SSL or context object. */
1081    #ifdef WOLFSSL_DUAL_ALG_CERTS
1082        if (type == ALT_PRIVATEKEY_TYPE) {
1083            if (ssl != NULL) {
1084                keyType = &ssl->buffers.altKeyType;
1085                keySz = &ssl->buffers.altKeySz;
1086            }
1087            else {
1088                keyType = &ctx->altPrivateKeyType;
1089                keySz = &ctx->altPrivateKeySz;
1090            }
1091        }
1092        else
1093    #endif
1094        /* Type is PRIVATEKEY_TYPE. */
1095        if (ssl != NULL) {
1096            keyType = &ssl->buffers.keyType;
1097            keySz = &ssl->buffers.keySz;
1098        }
1099        else {
1100            keyType = &ctx->privateKeyType;
1101            keySz = &ctx->privateKeySz;
1102        }
1103    }
1104
1105#ifndef NO_RSA
1106    /* Try RSA if key format is RSA or yet unknown. */
1107    if ((ret == 0) && ((*keyFormat == 0) || (*keyFormat == RSAk))) {
1108#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \
1109    (HAVE_FIPS_VERSION > 2))
1110        ret = ProcessBufferTryDecodeRsa(ctx, ssl, der, keyFormat, devId,
1111            keyType, keySz);
1112#else
1113        ret = ProcessBufferTryDecodeRsa(ctx, ssl, der, keyFormat, heap, devId,
1114            keyType, keySz);
1115#endif
1116        matchAnyKey = 1;
1117    }
1118#ifdef WC_RSA_PSS
1119    if((ret == 0) && (*keyFormat == RSAPSSk)) {
1120        /* Require logic to verify that the der is RSAPSSk
1121         * (when *keyFormat == RSAPSSK), and to detect that the der is RSAPSSk
1122         * (when *keyFormat == 0). */
1123        matchAnyKey = 1;
1124    }
1125#endif /* WC_RSA_PSS */
1126#endif /* NO_RSA */
1127#ifdef HAVE_ECC
1128    /* Try ECC if key format is ECDSA or SM2, or yet unknown. */
1129    if ((ret == 0) && ((*keyFormat == 0) || (*keyFormat == ECDSAk)
1130    #ifdef WOLFSSL_SM2
1131        || (*keyFormat == SM2k)
1132    #endif
1133        )) {
1134        ret = ProcessBufferTryDecodeEcc(ctx, ssl, der, keyFormat, heap, devId,
1135            keyType, keySz);
1136        matchAnyKey = 1;
1137    }
1138#endif /* HAVE_ECC */
1139#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_IMPORT)
1140    /* Try Ed25519 if key format is Ed25519 or yet unknown. */
1141    if ((ret == 0) && ((*keyFormat == 0 || *keyFormat == ED25519k))) {
1142        ret = ProcessBufferTryDecodeEd25519(ctx, ssl, der, keyFormat, heap,
1143            devId, keyType, keySz);
1144        matchAnyKey = 1;
1145    }
1146#endif /* HAVE_ED25519 && HAVE_ED25519_KEY_IMPORT */
1147#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT)
1148    /* Try Ed448 if key format is Ed448 or yet unknown. */
1149    if ((ret == 0) && ((*keyFormat == 0 || *keyFormat == ED448k))) {
1150        ret = ProcessBufferTryDecodeEd448(ctx, ssl, der, keyFormat, heap, devId,
1151            keyType, keySz);
1152        matchAnyKey = 1;
1153    }
1154#endif /* HAVE_ED448 && HAVE_ED448_KEY_IMPORT */
1155#if defined(HAVE_FALCON)
1156    /* Try Falcon if key format is Falcon level 1k or 5k or yet unknown. */
1157    if ((ret == 0) && ((*keyFormat == 0) || (*keyFormat == FALCON_LEVEL1k) ||
1158            (*keyFormat == FALCON_LEVEL5k))) {
1159        ret = ProcessBufferTryDecodeFalcon(ctx, ssl, der, keyFormat, heap,
1160            keyType, keySz);
1161        matchAnyKey = 1;
1162    }
1163#endif /* HAVE_FALCON */
1164#if defined(HAVE_DILITHIUM) && !defined(WOLFSSL_DILITHIUM_NO_SIGN) && \
1165    !defined(WOLFSSL_DILITHIUM_NO_ASN1)
1166    /* Try Falcon if key format is Dilithium level 2k, 3k or 5k or yet unknown.
1167     */
1168    if ((ret == 0) &&
1169        ((*keyFormat == 0) ||
1170        (*keyFormat == ML_DSA_LEVEL2k) ||
1171        (*keyFormat == ML_DSA_LEVEL3k) ||
1172        (*keyFormat == ML_DSA_LEVEL5k)
1173    #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
1174     || (*keyFormat == DILITHIUM_LEVEL2k)
1175     || (*keyFormat == DILITHIUM_LEVEL3k)
1176     || (*keyFormat == DILITHIUM_LEVEL5k)
1177    #endif
1178        )) {
1179        ret = ProcessBufferTryDecodeDilithium(ctx, ssl, der, keyFormat, heap,
1180            keyType, keySz);
1181        matchAnyKey = 1;
1182    }
1183#endif /* HAVE_DILITHIUM */
1184
1185    /* Check we know the format. */
1186    if ((ret == 0) &&
1187        ((*keyFormat == 0) || ((*keyFormat != 0) && (matchAnyKey == 0)))) {
1188        WOLFSSL_MSG("Not a supported key type");
1189        /* Not supported key format. */
1190        ret = WOLFSSL_BAD_FILE;
1191    }
1192
1193    return ret;
1194}
1195
1196#if defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_PWDBASED)
1197/* Decrypt PKCS#8 private key.
1198 *
1199 * @param [in] info   Encryption information.
1200 * @param [in] der    DER encoded data.
1201 * @param [in] heap   Dynamic memory allocation hint.
1202 * @return  0 on success.
1203 * @return  MEMORY_E when dynamic memory allocation fails.
1204 */
1205static int ProcessBufferPrivPkcs8Dec(EncryptedInfo* info, DerBuffer* der,
1206    void* heap)
1207{
1208    int ret = 0;
1209    word32 algId;
1210    int   passwordSz = NAME_SZ;
1211    WC_DECLARE_VAR(password, char, NAME_SZ, 0);
1212
1213    (void)heap;
1214#ifdef WOLFSSL_SMALL_STACK
1215    /* Allocate memory for password. */
1216    password = (char*)XMALLOC(passwordSz, heap, DYNAMIC_TYPE_STRING);
1217    if (password == NULL) {
1218        ret = MEMORY_E;
1219    }
1220#endif
1221
1222    if (ret == 0) {
1223        /* Get password. */
1224        ret = info->passwd_cb(password, passwordSz, PEM_PASS_READ,
1225            info->passwd_userdata);
1226    }
1227    if (ret >= 0) {
1228        /* Returned value is password size. */
1229        passwordSz = ret;
1230    #ifdef WOLFSSL_CHECK_MEM_ZERO
1231        wc_MemZero_Add("ProcessBuffer password", password, passwordSz);
1232    #endif
1233
1234        /* Decrypt PKCS#8 private key inline and get algorithm id. */
1235        ret = ToTraditionalEnc(der->buffer, der->length, password, passwordSz,
1236            &algId);
1237    }
1238    if (ret >= 0) {
1239        /* Zero out encrypted data not overwritten. */
1240        ForceZero(der->buffer + ret, der->length - (word32)ret);
1241        /* Set decrypted data length. */
1242        der->length = (word32)ret;
1243    }
1244
1245#ifdef WOLFSSL_SMALL_STACK
1246    if (password != NULL)
1247#endif
1248    {
1249        /* Ensure password is zeroized. */
1250        ForceZero(password, (word32)passwordSz);
1251    }
1252#ifdef WOLFSSL_SMALL_STACK
1253    /* Dispose of password memory. */
1254    XFREE(password, heap, DYNAMIC_TYPE_STRING);
1255#elif defined(WOLFSSL_CHECK_MEM_ZERO)
1256    wc_MemZero_Check(password, NAME_SZ);
1257#endif
1258    return ret;
1259}
1260#endif /* WOLFSSL_ENCRYPTED_KEYS && !NO_PWDBASED */
1261
1262/* Put the DER into the SSL or SSL context object.
1263 *
1264 * Precondition: ctx or ssl is not NULL.
1265 * Precondition: Must be a private key type.
1266 *
1267 * @param [in, out] ctx  SSL context object.
1268 * @param [in, out] ssl  SSL object.
1269 * @param [in]      der  DER encoding.
1270 * @return  0 on success.
1271 */
1272static int ProcessBufferPrivKeyHandleDer(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
1273    DerBuffer** der, int type)
1274{
1275    int ret = 0;
1276
1277    (void)type;
1278
1279#ifdef WOLFSSL_DUAL_ALG_CERTS
1280    if (type == ALT_PRIVATEKEY_TYPE) {
1281        /* Put in alternate private key fields of objects. */
1282        if (ssl != NULL) {
1283            /* Dispose of previous key if not context's. */
1284            if (ssl->buffers.weOwnAltKey) {
1285                FreeDer(&ssl->buffers.altKey);
1286            #ifdef WOLFSSL_BLIND_PRIVATE_KEY
1287                FreeDer(&ssl->buffers.altKeyMask);
1288            #endif
1289            }
1290            ssl->buffers.altKeyId = 0;
1291            ssl->buffers.altKeyLabel = 0;
1292            ssl->buffers.altKeyDevId = INVALID_DEVID;
1293            /* Store key by reference and own it. */
1294            ssl->buffers.altKey = *der;
1295        #ifdef WOLFSSL_CHECK_MEM_ZERO
1296            wc_MemZero_Add("SSL Buffers key", (*der)->buffer, (*der)->length);
1297        #endif
1298            ssl->buffers.weOwnAltKey = 1;
1299        }
1300        else if (ctx != NULL) {
1301            /* Dispose of previous key. */
1302            FreeDer(&ctx->altPrivateKey);
1303            ctx->altPrivateKeyId = 0;
1304            ctx->altPrivateKeyLabel = 0;
1305            ctx->altPrivateKeyDevId = INVALID_DEVID;
1306            /* Store key by reference. */
1307            ctx->altPrivateKey = *der;
1308        #ifdef WOLFSSL_CHECK_MEM_ZERO
1309            wc_MemZero_Add("CTX private key", (*der)->buffer, (*der)->length);
1310        #endif
1311        }
1312    }
1313    else
1314#endif /* WOLFSSL_DUAL_ALG_CERTS */
1315    if (ssl != NULL) {
1316        /* Dispose of previous key if not context's. */
1317        if (ssl->buffers.weOwnKey) {
1318            FreeDer(&ssl->buffers.key);
1319        #ifdef WOLFSSL_BLIND_PRIVATE_KEY
1320            FreeDer(&ssl->buffers.keyMask);
1321        #endif
1322        }
1323        ssl->buffers.keyId = 0;
1324        ssl->buffers.keyLabel = 0;
1325        ssl->buffers.keyDevId = INVALID_DEVID;
1326        /* Store key by reference and own it. */
1327        ssl->buffers.key = *der;
1328    #ifdef WOLFSSL_CHECK_MEM_ZERO
1329        wc_MemZero_Add("SSL Buffers key", (*der)->buffer, (*der)->length);
1330    #endif
1331        ssl->buffers.weOwnKey = 1;
1332    }
1333    else if (ctx != NULL) {
1334        /* Dispose of previous key. */
1335        FreeDer(&ctx->privateKey);
1336        ctx->privateKeyId = 0;
1337        ctx->privateKeyLabel = 0;
1338        ctx->privateKeyDevId = INVALID_DEVID;
1339        /* Store key by reference. */
1340        ctx->privateKey = *der;
1341    #ifdef WOLFSSL_CHECK_MEM_ZERO
1342        wc_MemZero_Add("CTX private key", (*der)->buffer, (*der)->length);
1343    #endif
1344    }
1345
1346    return ret;
1347}
1348
1349/* Decode private key.
1350 *
1351 * Precondition: ctx or ssl is not NULL.
1352 * Precondition: Must be a private key type.
1353 *
1354 * @param [in, out] ctx     SSL context object.
1355 * @param [in, out] ssl     SSL object.
1356 * @param [in]      der     DER encoding.
1357 * @param [in]      format  Original format of data.
1358 * @param [in]      info    Encryption information.
1359 * @param [in]      heap    Dynamic memory allocation hint.
1360 * @param [in]      type    Type of data:
1361 *                            PRIVATEKEY_TYPE or ALT_PRIVATEKEY_TYPE.
1362 * @param [in]      algId   Algorithm id of key.
1363 * @return  0 on success.
1364 * @return  WOLFSSL_BAD_FILE when not able to decode.
1365 */
1366static int ProcessBufferPrivateKey(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
1367    DerBuffer* der, int format, EncryptedInfo* info, void* heap, int type,
1368    int algId)
1369{
1370    int ret;
1371
1372    (void)info;
1373    (void)format;
1374
1375    /* Put the data into the SSL or SSL context object. */
1376    ret = ProcessBufferPrivKeyHandleDer(ctx, ssl, &der, type);
1377    if (ret == 0) {
1378        /* Try to decode the DER data. */
1379        ret = ProcessBufferTryDecode(ctx, ssl, der, &algId, heap, type);
1380    }
1381
1382#if defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_PWDBASED)
1383    /* If private key type PKCS8 header wasn't already removed (algId == 0). */
1384    if (((ret != 0) || (algId == 0)) && (format != WOLFSSL_FILETYPE_PEM) &&
1385            (info->passwd_cb != NULL) && (algId == 0)) {
1386        /* Try to decrypt DER data as a PKCS#8 private key. */
1387        ret = ProcessBufferPrivPkcs8Dec(info, der, heap);
1388        if (ret >= 0) {
1389            /* Try to decode decrypted data.  */
1390            ret = ProcessBufferTryDecode(ctx, ssl, der, &algId, heap, type);
1391        }
1392    }
1393#endif /* WOLFSSL_ENCRYPTED_KEYS && !NO_PWDBASED */
1394
1395#ifdef WOLFSSL_BLIND_PRIVATE_KEY
1396    {
1397        int blindRet = 0;
1398#ifdef WOLFSSL_DUAL_ALG_CERTS
1399        if (type == ALT_PRIVATEKEY_TYPE) {
1400            if (ssl != NULL) {
1401                blindRet = wolfssl_priv_der_blind(ssl->rng, ssl->buffers.altKey,
1402                    &ssl->buffers.altKeyMask);
1403            }
1404            else {
1405                blindRet = wolfssl_priv_der_blind(NULL, ctx->altPrivateKey,
1406                    &ctx->altPrivateKeyMask);
1407            }
1408        }
1409        else
1410#endif
1411        if (ssl != NULL) {
1412            blindRet = wolfssl_priv_der_blind(ssl->rng, ssl->buffers.key,
1413                &ssl->buffers.keyMask);
1414        }
1415        else {
1416            blindRet = wolfssl_priv_der_blind(NULL, ctx->privateKey,
1417                &ctx->privateKeyMask);
1418        }
1419        if (ret == 0 && blindRet != 0)
1420            ret = blindRet;
1421    }
1422#endif
1423
1424    /* Check if we were able to determine algorithm id. */
1425    if ((ret == 0) && (algId == 0)) {
1426    #ifdef OPENSSL_EXTRA
1427        /* Decryption password is probably wrong. */
1428        if (info->passwd_cb) {
1429            WOLFSSL_EVPerr(0, -WOLFSSL_EVP_R_BAD_DECRYPT_E);
1430        }
1431    #endif
1432        WOLFSSL_ERROR(WOLFSSL_BAD_FILE);
1433        /* Unable to decode DER data. */
1434        ret = WOLFSSL_BAD_FILE;
1435    }
1436
1437    return ret;
1438}
1439
1440/* Use the key OID to determine have options.
1441 *
1442 * @param [in, out] ctx     SSL context object.
1443 * @param [in, out] ssl     SSL object.
1444 * @param [in]      keyOID  OID for public/private key.
1445 */
1446static void wolfssl_set_have_from_key_oid(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
1447    int keyOID)
1448{
1449    /* Set which private key algorithm available based on key OID. */
1450    switch (keyOID) {
1451        case ECDSAk:
1452    #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)
1453        case SM2k:
1454    #endif
1455    #ifdef HAVE_ED25519
1456        case ED25519k:
1457    #endif
1458    #ifdef HAVE_ED448
1459        case ED448k:
1460    #endif
1461            if (ssl != NULL) {
1462                ssl->options.haveECC = 1;
1463            }
1464            else {
1465                ctx->haveECC = 1;
1466            }
1467            break;
1468    #ifndef NO_RSA
1469        case RSAk:
1470        #ifdef WC_RSA_PSS
1471        case RSAPSSk:
1472        #endif
1473            if (ssl != NULL) {
1474                ssl->options.haveRSA = 1;
1475            }
1476            else {
1477                ctx->haveRSA = 1;
1478            }
1479            break;
1480    #endif
1481    #ifdef HAVE_FALCON
1482        case FALCON_LEVEL1k:
1483        case FALCON_LEVEL5k:
1484            if (ssl != NULL) {
1485                ssl->options.haveFalconSig = 1;
1486            }
1487            else {
1488                ctx->haveFalconSig = 1;
1489            }
1490            break;
1491    #endif /* HAVE_FALCON */
1492    #ifdef HAVE_DILITHIUM
1493        case ML_DSA_LEVEL2k:
1494        case ML_DSA_LEVEL3k:
1495        case ML_DSA_LEVEL5k:
1496        #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
1497        case DILITHIUM_LEVEL2k:
1498        case DILITHIUM_LEVEL3k:
1499        case DILITHIUM_LEVEL5k:
1500        #endif
1501            if (ssl != NULL) {
1502                ssl->options.haveDilithiumSig = 1;
1503            }
1504            else {
1505                ctx->haveDilithiumSig = 1;
1506            }
1507            break;
1508    #endif /* HAVE_DILITHIUM */
1509        default:
1510            WOLFSSL_MSG("Cert key not supported");
1511            break;
1512        }
1513}
1514
1515/* Set which private key algorithm we have against SSL or SSL context object.
1516 *
1517 * Precondition: ctx or ssl is not NULL.
1518 *
1519 * @param [in, out] ctx     SSL context object.
1520 * @param [in, out] ssl     SSL object.
1521 * @param [in]      cert    Decode certificate.
1522 */
1523static void ProcessBufferCertSetHave(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
1524    DecodedCert* cert)
1525{
1526    if (ssl != NULL) {
1527        /* Reset signatures we have in SSL. */
1528        ssl->options.haveECDSAsig = 0;
1529        ssl->options.haveFalconSig = 0;
1530        ssl->options.haveDilithiumSig = 0;
1531    }
1532
1533    /* Set which signature we have based on the type in the cert. */
1534    switch (cert->signatureOID) {
1535        case CTC_SHAwECDSA:
1536        case CTC_SHA256wECDSA:
1537        case CTC_SHA384wECDSA:
1538        case CTC_SHA512wECDSA:
1539    #ifdef HAVE_ED25519
1540        case CTC_ED25519:
1541    #endif
1542    #ifdef HAVE_ED448
1543        case CTC_ED448:
1544    #endif
1545    #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)
1546        case CTC_SM3wSM2:
1547    #endif
1548            WOLFSSL_MSG("ECDSA/ED25519/ED448 cert signature");
1549            if (ssl) {
1550                ssl->options.haveECDSAsig = 1;
1551            }
1552            else if (ctx) {
1553                ctx->haveECDSAsig = 1;
1554            }
1555            break;
1556    #ifdef HAVE_FALCON
1557        case CTC_FALCON_LEVEL1:
1558        case CTC_FALCON_LEVEL5:
1559            WOLFSSL_MSG("Falcon cert signature");
1560            if (ssl) {
1561                ssl->options.haveFalconSig = 1;
1562            }
1563            else if (ctx) {
1564                ctx->haveFalconSig = 1;
1565            }
1566            break;
1567    #endif
1568    #ifdef HAVE_DILITHIUM
1569        case CTC_ML_DSA_LEVEL2:
1570        case CTC_ML_DSA_LEVEL3:
1571        case CTC_ML_DSA_LEVEL5:
1572        #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
1573        case CTC_DILITHIUM_LEVEL2:
1574        case CTC_DILITHIUM_LEVEL3:
1575        case CTC_DILITHIUM_LEVEL5:
1576        #endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */
1577            WOLFSSL_MSG("Dilithium cert signature");
1578            if (ssl) {
1579                ssl->options.haveDilithiumSig = 1;
1580            }
1581            else if (ctx) {
1582                ctx->haveDilithiumSig = 1;
1583            }
1584            break;
1585    #endif
1586        default:
1587            WOLFSSL_MSG("Cert signature not supported");
1588            break;
1589    }
1590
1591#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448) || \
1592    defined(HAVE_FALCON) || defined(HAVE_DILITHIUM) || !defined(NO_RSA)
1593    #if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448)
1594    /* Set the private key curve OID. */
1595    if (ssl != NULL) {
1596        ssl->pkCurveOID = cert->pkCurveOID;
1597    }
1598    else if (ctx) {
1599        ctx->pkCurveOID = cert->pkCurveOID;
1600    }
1601    #endif
1602#ifndef WC_STRICT_SIG
1603    if ((ctx != NULL) || (ssl != NULL)) {
1604        wolfssl_set_have_from_key_oid(ctx, ssl, (int)cert->keyOID);
1605    }
1606#else
1607    /* Set whether ECC is available based on signature available. */
1608    if (ssl != NULL) {
1609        ssl->options.haveECC = ssl->options.haveECDSAsig;
1610    }
1611    else if (ctx) {
1612        ctx->haveECC = ctx->haveECDSAsig;
1613    }
1614#endif /* !WC_STRICT_SIG */
1615#endif
1616}
1617
1618/* Check key size is valid.
1619 *
1620 * Precondition: ctx or ssl is not NULL.
1621 *
1622 * @param [in] min    Minimum key size.
1623 * @param [in] max    Maximum key size.
1624 * @param [in] keySz  Key size.
1625 * @param [in] err    Error value to return when key size is invalid.
1626 * @return  0 on success.
1627 * @return  err when verifying and min is less than 0 or key size is invalid.
1628 */
1629#define CHECK_KEY_SZ(min, max, keySz, err)                                     \
1630    (((min) < 0) || ((keySz) < (min)) || ((keySz) > (max))) ? (err) : 0
1631
1632/* Check public key in certificate.
1633 *
1634 * @param [in, out] ctx   SSL context object.
1635 * @param [in, out] ssl   SSL object.
1636 * @param [in]      cert  Certificate object.
1637 * @return  0 on success.
1638 * @return  Non-zero when an error occurred.
1639 */
1640static int ProcessBufferCertPublicKey(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
1641    DecodedCert* cert, int checkKeySz)
1642{
1643    int ret = 0;
1644    byte keyType = 0;
1645    int keySz = 0;
1646#ifndef NO_RSA
1647    word32 idx;
1648#endif
1649    if (ctx == NULL && ssl == NULL) {
1650        return BAD_FUNC_ARG;
1651    }
1652
1653    /* Get key size and check unless not verifying. */
1654    switch (cert->keyOID) {
1655#ifndef NO_RSA
1656    #ifdef WC_RSA_PSS
1657        case RSAPSSk:
1658    #endif
1659        case RSAk:
1660            keyType = rsa_sa_algo;
1661            /* Determine RSA key size by parsing public key */
1662            idx = 0;
1663            ret = wc_RsaPublicKeyDecode_ex(cert->publicKey, &idx,
1664                cert->pubKeySize, NULL, (word32*)&keySz, NULL, NULL);
1665            if ((ret == 0) && checkKeySz) {
1666                ret = CHECK_KEY_SZ(ssl ? ssl->options.minRsaKeySz :
1667                    ctx->minRsaKeySz, RSA_MAX_SIZE / 8, keySz, RSA_KEY_SIZE_E);
1668            }
1669    #ifdef WC_RSA_PSS
1670            if (ssl) {
1671                ssl->useRsaPss = cert->keyOID == RSAPSSk;
1672            }
1673            if (ctx) {
1674                ctx->useRsaPss = cert->keyOID == RSAPSSk;
1675            }
1676    #endif
1677            break;
1678#endif /* !NO_RSA */
1679    #ifdef HAVE_ECC
1680        case ECDSAk:
1681            keyType = ecc_dsa_sa_algo;
1682            /* Determine ECC key size based on curve */
1683        #ifdef WOLFSSL_CUSTOM_CURVES
1684            if ((cert->pkCurveOID == 0) && (cert->pkCurveSize != 0)) {
1685                keySz = cert->pkCurveSize;
1686            }
1687            else
1688        #endif
1689            {
1690                keySz = wc_ecc_get_curve_size_from_id(wc_ecc_get_oid(
1691                    cert->pkCurveOID, NULL, NULL));
1692            }
1693
1694            if (checkKeySz) {
1695                ret = CHECK_KEY_SZ(ssl ? ssl->options.minEccKeySz :
1696                     ctx->minEccKeySz, (MAX_ECC_BITS + 7) / 8, keySz,
1697                     ECC_KEY_SIZE_E);
1698            }
1699            break;
1700    #endif /* HAVE_ECC */
1701    #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)
1702        case SM2k:
1703            keyType = sm2_sa_algo;
1704            /* Determine ECC key size based on curve */
1705            keySz = WOLFSSL_SM2_KEY_BITS / 8;
1706            if (checkKeySz) {
1707                ret = CHECK_KEY_SZ(ssl ? ssl->options.minEccKeySz :
1708                    ctx->minEccKeySz, (MAX_ECC_BITS + 7) / 8, keySz,
1709                    ECC_KEY_SIZE_E);
1710            }
1711            break;
1712    #endif /* WOLFSSL_SM2 && WOLFSSL_SM3 */
1713    #ifdef HAVE_ED25519
1714        case ED25519k:
1715            keyType = ed25519_sa_algo;
1716            /* ED25519 is fixed key size */
1717            keySz = ED25519_KEY_SIZE;
1718            if (checkKeySz) {
1719                ret = CHECK_KEY_SZ(ssl ? ssl->options.minEccKeySz :
1720                    ctx->minEccKeySz, ED25519_KEY_SIZE, keySz, ECC_KEY_SIZE_E);
1721            }
1722            break;
1723    #endif /* HAVE_ED25519 */
1724    #ifdef HAVE_ED448
1725        case ED448k:
1726            keyType = ed448_sa_algo;
1727            /* ED448 is fixed key size */
1728            keySz = ED448_KEY_SIZE;
1729            if (checkKeySz) {
1730                ret = CHECK_KEY_SZ(ssl ? ssl->options.minEccKeySz :
1731                    ctx->minEccKeySz, ED448_KEY_SIZE, keySz, ECC_KEY_SIZE_E);
1732            }
1733            break;
1734    #endif /* HAVE_ED448 */
1735    #if defined(HAVE_FALCON)
1736        case FALCON_LEVEL1k:
1737            keyType = falcon_level1_sa_algo;
1738            /* Falcon is fixed key size */
1739            keySz = FALCON_LEVEL1_KEY_SIZE;
1740            if (checkKeySz) {
1741                ret = CHECK_KEY_SZ(ssl ? ssl->options.minFalconKeySz :
1742                    ctx->minFalconKeySz, FALCON_MAX_KEY_SIZE, keySz,
1743                    FALCON_KEY_SIZE_E);
1744            }
1745            break;
1746        case FALCON_LEVEL5k:
1747            keyType = falcon_level5_sa_algo;
1748            /* Falcon is fixed key size */
1749            keySz = FALCON_LEVEL5_KEY_SIZE;
1750            if (checkKeySz) {
1751                ret = CHECK_KEY_SZ(ssl ? ssl->options.minFalconKeySz :
1752                    ctx->minFalconKeySz, FALCON_MAX_KEY_SIZE, keySz,
1753                    FALCON_KEY_SIZE_E);
1754            }
1755            break;
1756    #endif /* HAVE_FALCON */
1757    #if defined(HAVE_DILITHIUM)
1758        #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
1759        case DILITHIUM_LEVEL2k:
1760            keyType = dilithium_level2_sa_algo;
1761            /* Dilithium is fixed key size */
1762            keySz = DILITHIUM_LEVEL2_KEY_SIZE;
1763            if (checkKeySz) {
1764                ret = CHECK_KEY_SZ(ssl ? ssl->options.minDilithiumKeySz :
1765                    ctx->minDilithiumKeySz, DILITHIUM_MAX_KEY_SIZE, keySz,
1766                    DILITHIUM_KEY_SIZE_E);
1767            }
1768            break;
1769        case DILITHIUM_LEVEL3k:
1770            keyType = dilithium_level3_sa_algo;
1771            /* Dilithium is fixed key size */
1772            keySz = DILITHIUM_LEVEL3_KEY_SIZE;
1773            if (checkKeySz) {
1774                ret = CHECK_KEY_SZ(ssl ? ssl->options.minDilithiumKeySz :
1775                    ctx->minDilithiumKeySz, DILITHIUM_MAX_KEY_SIZE, keySz,
1776                    DILITHIUM_KEY_SIZE_E);
1777            }
1778            break;
1779        case DILITHIUM_LEVEL5k:
1780            keyType = dilithium_level5_sa_algo;
1781            /* Dilithium is fixed key size */
1782            keySz = DILITHIUM_LEVEL5_KEY_SIZE;
1783            if (checkKeySz) {
1784                ret = CHECK_KEY_SZ(ssl ? ssl->options.minDilithiumKeySz :
1785                    ctx->minDilithiumKeySz, DILITHIUM_MAX_KEY_SIZE, keySz,
1786                    DILITHIUM_KEY_SIZE_E);
1787            }
1788            break;
1789        #endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */
1790        case ML_DSA_LEVEL2k:
1791            keyType = dilithium_level2_sa_algo;
1792            /* Dilithium is fixed key size */
1793            keySz = ML_DSA_LEVEL2_KEY_SIZE;
1794            if (checkKeySz) {
1795                ret = CHECK_KEY_SZ(ssl ? ssl->options.minDilithiumKeySz :
1796                    ctx->minDilithiumKeySz, DILITHIUM_MAX_KEY_SIZE, keySz,
1797                    DILITHIUM_KEY_SIZE_E);
1798            }
1799            break;
1800        case ML_DSA_LEVEL3k:
1801            keyType = dilithium_level3_sa_algo;
1802            /* Dilithium is fixed key size */
1803            keySz = ML_DSA_LEVEL3_KEY_SIZE;
1804            if (checkKeySz) {
1805                ret = CHECK_KEY_SZ(ssl ? ssl->options.minDilithiumKeySz :
1806                    ctx->minDilithiumKeySz, DILITHIUM_MAX_KEY_SIZE, keySz,
1807                    DILITHIUM_KEY_SIZE_E);
1808            }
1809            break;
1810        case ML_DSA_LEVEL5k:
1811            keyType = dilithium_level5_sa_algo;
1812            /* Dilithium is fixed key size */
1813            keySz = ML_DSA_LEVEL5_KEY_SIZE;
1814            if (checkKeySz) {
1815                ret = CHECK_KEY_SZ(ssl ? ssl->options.minDilithiumKeySz :
1816                    ctx->minDilithiumKeySz, DILITHIUM_MAX_KEY_SIZE, keySz,
1817                    DILITHIUM_KEY_SIZE_E);
1818            }
1819            break;
1820    #endif /* HAVE_DILITHIUM */
1821
1822        default:
1823            WOLFSSL_MSG("No key size check done on public key in certificate");
1824            break;
1825    }
1826
1827    /* Store the type and key size as there may not be a private key set. */
1828    if (ssl != NULL) {
1829        ssl->buffers.keyType = keyType;
1830        ssl->buffers.keySz = keySz;
1831    }
1832    else {
1833        ctx->privateKeyType = keyType;
1834        ctx->privateKeySz = keySz;
1835    }
1836
1837    return ret;
1838}
1839
1840#ifdef WOLFSSL_DUAL_ALG_CERTS
1841static int ProcessBufferCertAltPublicKey(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
1842    DecodedCert* cert, int checkKeySz)
1843{
1844    int ret = 0;
1845    void* heap = WOLFSSL_HEAP(ctx, ssl);
1846    byte keyType = 0;
1847    int keySz = 0;
1848#ifndef NO_RSA
1849    word32 idx;
1850#endif
1851
1852    /* Check alternative key size of cert. */
1853    switch (cert->sapkiOID) {
1854        /* No OID set. */
1855        case 0:
1856            if (cert->sapkiLen != 0) {
1857                /* Have the alternative key data but no OID. */
1858                ret = NOT_COMPILED_IN;
1859            }
1860            break;
1861
1862#ifndef NO_RSA
1863    #ifdef WC_RSA_PSS
1864        case RSAPSSk:
1865    #endif
1866        case RSAk:
1867            keyType = rsa_sa_algo;
1868            /* Determine RSA key size by parsing public key */
1869            idx = 0;
1870            ret = wc_RsaPublicKeyDecode_ex(cert->sapkiDer, &idx,
1871                cert->sapkiLen, NULL, (word32*)&keySz, NULL, NULL);
1872            if ((ret == 0) && checkKeySz) {
1873                ret = CHECK_KEY_SZ(ssl ? ssl->options.minRsaKeySz :
1874                    ctx->minRsaKeySz, RSA_MAX_SIZE / 8, keySz, RSA_KEY_SIZE_E);
1875            }
1876            break;
1877#endif /* !NO_RSA */
1878    #ifdef HAVE_ECC
1879        case ECDSAk:
1880        {
1881            WC_DECLARE_VAR(temp_key, ecc_key, 1, 0);
1882            keyType = ecc_dsa_sa_algo;
1883
1884            WC_ALLOC_VAR_EX(temp_key, ecc_key, 1, heap, DYNAMIC_TYPE_ECC,
1885                ret=MEMORY_E);
1886
1887            /* Determine ECC key size. We have to decode the sapki for
1888             * that. */
1889            if (ret == 0) {
1890                ret = wc_ecc_init_ex(temp_key, heap, INVALID_DEVID);
1891                if (ret == 0) {
1892                    idx = 0;
1893                    ret = wc_EccPublicKeyDecode(cert->sapkiDer, &idx, temp_key,
1894                        cert->sapkiLen);
1895                    if (ret == 0) {
1896                        keySz = wc_ecc_size(temp_key);
1897                    }
1898                    wc_ecc_free(temp_key);
1899                }
1900            }
1901            WC_FREE_VAR_EX(temp_key, heap, DYNAMIC_TYPE_ECC);
1902
1903            if ((ret == 0) && checkKeySz) {
1904                ret = CHECK_KEY_SZ(ssl ? ssl->options.minEccKeySz :
1905                     ctx->minEccKeySz, (MAX_ECC_BITS + 7) / 8, keySz,
1906                     ECC_KEY_SIZE_E);
1907            }
1908            break;
1909        }
1910    #endif /* HAVE_ECC */
1911    #if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3)
1912        case SM2k:
1913            keyType = sm2_sa_algo;
1914            /* Determine ECC key size based on curve */
1915            keySz = WOLFSSL_SM2_KEY_BITS / 8;
1916            if (checkKeySz) {
1917                ret = CHECK_KEY_SZ(ssl ? ssl->options.minEccKeySz :
1918                    ctx->minEccKeySz, (MAX_ECC_BITS + 7) / 8, keySz,
1919                    ECC_KEY_SIZE_E);
1920            }
1921            break;
1922    #endif /* WOLFSSL_SM2 && WOLFSSL_SM3 */
1923    #ifdef HAVE_ED25519
1924        case ED25519k:
1925            keyType = ed25519_sa_algo;
1926            /* ED25519 is fixed key size */
1927            keySz = ED25519_KEY_SIZE;
1928            if (checkKeySz) {
1929                ret = CHECK_KEY_SZ(ssl ? ssl->options.minEccKeySz :
1930                    ctx->minEccKeySz, ED25519_KEY_SIZE, keySz, ECC_KEY_SIZE_E);
1931            }
1932            break;
1933    #endif /* HAVE_ED25519 */
1934    #ifdef HAVE_ED448
1935        case ED448k:
1936            keyType = ed448_sa_algo;
1937            /* ED448 is fixed key size */
1938            keySz = ED448_KEY_SIZE;
1939            if (checkKeySz) {
1940                ret = CHECK_KEY_SZ(ssl ? ssl->options.minEccKeySz :
1941                    ctx->minEccKeySz, ED448_KEY_SIZE, keySz, ECC_KEY_SIZE_E);
1942            }
1943            break;
1944    #endif /* HAVE_ED448 */
1945    #if defined(HAVE_FALCON)
1946        case FALCON_LEVEL1k:
1947            keyType = falcon_level1_sa_algo;
1948            /* Falcon is fixed key size */
1949            keySz = FALCON_LEVEL1_KEY_SIZE;
1950            if (checkKeySz) {
1951                ret = CHECK_KEY_SZ(ssl ? ssl->options.minFalconKeySz :
1952                    ctx->minFalconKeySz, FALCON_MAX_KEY_SIZE, keySz,
1953                    FALCON_KEY_SIZE_E);
1954            }
1955            break;
1956        case FALCON_LEVEL5k:
1957            keyType = falcon_level5_sa_algo;
1958            /* Falcon is fixed key size */
1959            keySz = FALCON_LEVEL5_KEY_SIZE;
1960            if (checkKeySz) {
1961                ret = CHECK_KEY_SZ(ssl ? ssl->options.minFalconKeySz :
1962                    ctx->minFalconKeySz, FALCON_MAX_KEY_SIZE, keySz,
1963                    FALCON_KEY_SIZE_E);
1964            }
1965            break;
1966    #endif /* HAVE_FALCON */
1967    #if defined(HAVE_DILITHIUM)
1968        #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT
1969        case DILITHIUM_LEVEL2k:
1970            keyType = dilithium_level2_sa_algo;
1971            /* Dilithium is fixed key size */
1972            keySz = DILITHIUM_LEVEL2_KEY_SIZE;
1973            if (checkKeySz) {
1974                ret = CHECK_KEY_SZ(ssl ? ssl->options.minDilithiumKeySz :
1975                    ctx->minDilithiumKeySz, DILITHIUM_MAX_KEY_SIZE, keySz,
1976                    DILITHIUM_KEY_SIZE_E);
1977            }
1978            break;
1979        case DILITHIUM_LEVEL3k:
1980            keyType = dilithium_level3_sa_algo;
1981            /* Dilithium is fixed key size */
1982            keySz = DILITHIUM_LEVEL3_KEY_SIZE;
1983            if (checkKeySz) {
1984                ret = CHECK_KEY_SZ(ssl ? ssl->options.minDilithiumKeySz :
1985                    ctx->minDilithiumKeySz, DILITHIUM_MAX_KEY_SIZE, keySz,
1986                    DILITHIUM_KEY_SIZE_E);
1987            }
1988            break;
1989        case DILITHIUM_LEVEL5k:
1990            keyType = dilithium_level5_sa_algo;
1991            /* Dilithium is fixed key size */
1992            keySz = DILITHIUM_LEVEL5_KEY_SIZE;
1993            if (checkKeySz) {
1994                ret = CHECK_KEY_SZ(ssl ? ssl->options.minDilithiumKeySz :
1995                    ctx->minDilithiumKeySz, DILITHIUM_MAX_KEY_SIZE, keySz,
1996                    DILITHIUM_KEY_SIZE_E);
1997            }
1998            break;
1999        #endif /* WOLFSSL_DILITHIUM_FIPS204_DRAFT */
2000        case ML_DSA_LEVEL2k:
2001            keyType = dilithium_level2_sa_algo;
2002            /* Dilithium is fixed key size */
2003            keySz = ML_DSA_LEVEL2_KEY_SIZE;
2004            if (checkKeySz) {
2005                ret = CHECK_KEY_SZ(ssl ? ssl->options.minDilithiumKeySz :
2006                    ctx->minDilithiumKeySz, DILITHIUM_MAX_KEY_SIZE, keySz,
2007                    DILITHIUM_KEY_SIZE_E);
2008            }
2009            break;
2010        case ML_DSA_LEVEL3k:
2011            keyType = dilithium_level3_sa_algo;
2012            /* Dilithium is fixed key size */
2013            keySz = ML_DSA_LEVEL3_KEY_SIZE;
2014            if (checkKeySz) {
2015                ret = CHECK_KEY_SZ(ssl ? ssl->options.minDilithiumKeySz :
2016                    ctx->minDilithiumKeySz, DILITHIUM_MAX_KEY_SIZE, keySz,
2017                    DILITHIUM_KEY_SIZE_E);
2018            }
2019            break;
2020        case ML_DSA_LEVEL5k:
2021            keyType = dilithium_level5_sa_algo;
2022            /* Dilithium is fixed key size */
2023            keySz = ML_DSA_LEVEL5_KEY_SIZE;
2024            if (checkKeySz) {
2025                ret = CHECK_KEY_SZ(ssl ? ssl->options.minDilithiumKeySz :
2026                    ctx->minDilithiumKeySz, DILITHIUM_MAX_KEY_SIZE, keySz,
2027                    DILITHIUM_KEY_SIZE_E);
2028            }
2029            break;
2030    #endif /* HAVE_DILITHIUM */
2031
2032        default:
2033            /* In this case, there was an OID that we didn't recognize.
2034             * This is an error. Use not compiled in because likely the
2035             * given algorithm was not enabled. */
2036            ret = NOT_COMPILED_IN;
2037            WOLFSSL_MSG("No alt key size check done on certificate");
2038            break;
2039    }
2040
2041    if (ssl != NULL) {
2042        ssl->buffers.altKeyType = (byte)keyType;
2043        ssl->buffers.altKeySz = keySz;
2044    }
2045    else if (ctx != NULL) {
2046        ctx->altPrivateKeyType = (byte)keyType;
2047        ctx->altPrivateKeySz = keySz;
2048    }
2049
2050    return ret;
2051}
2052#endif /* WOLFSSL_DUAL_ALG_CERTS */
2053
2054/* Parse the certificate and pull out information for TLS handshake.
2055 *
2056 * @param [in, out] ctx   SSL context object.
2057 * @param [in, out] ssl   SSL object.
2058 * @param [in]      der   DER encoded X509 certificate.
2059 * @return  0 on success.
2060 * @return  MEMORY_E when dynamic memory allocation fails.
2061 * @return  WOLFSSL_BAD_FILE when decoding certificate fails.
2062 */
2063static int ProcessBufferCert(WOLFSSL_CTX* ctx, WOLFSSL* ssl, DerBuffer* der)
2064{
2065    int ret = 0;
2066    void* heap = WOLFSSL_HEAP(ctx, ssl);
2067#if defined(HAVE_RPK)
2068    RpkState* rpkState = ssl ? &ssl->options.rpkState : &ctx->rpkState;
2069#endif
2070    WC_DECLARE_VAR(cert, DecodedCert, 1, 0);
2071
2072    /* Allocate memory for certificate to be decoded into. */
2073    WC_ALLOC_VAR_EX(cert, DecodedCert, 1, heap, DYNAMIC_TYPE_DCERT,
2074        ret=MEMORY_E);
2075    if (WC_VAR_OK(cert))
2076    {
2077        /* Get device id from SSL context or SSL object. */
2078        int devId = wolfSSL_CTX_GetDevId(ctx, ssl);
2079
2080        WOLFSSL_MSG("Checking cert signature type");
2081        /* Initialize certificate object. */
2082        InitDecodedCert_ex(cert, der->buffer, der->length, heap, devId);
2083
2084        /* Decode up to and including public key. */
2085        if (DecodeToKey(cert, 0) < 0) {
2086            WOLFSSL_MSG("Decode to key failed");
2087            ret = WOLFSSL_BAD_FILE;
2088        }
2089        if (ret == 0) {
2090            int checkKeySz = 1;
2091
2092        #if defined(HAVE_RPK)
2093            /* Store whether the crtificate is a raw public key. */
2094            rpkState->isRPKLoaded = cert->isRPK;
2095        #endif /* HAVE_RPK */
2096
2097            /* Set which private key algorithm we have. */
2098            ProcessBufferCertSetHave(ctx, ssl, cert);
2099
2100            /* Don't check if verification is disabled for SSL. */
2101            if ((ssl != NULL) && ssl->options.verifyNone) {
2102                checkKeySz = 0;
2103            }
2104            /* Don't check if no SSL object verification is disabled for SSL
2105             * context. */
2106            else if ((ssl == NULL) && (ctx != NULL) && ctx->verifyNone) {
2107                checkKeySz = 0;
2108            }
2109
2110            /* Check public key size. */
2111            ret = ProcessBufferCertPublicKey(ctx, ssl, cert, checkKeySz);
2112        #ifdef WOLFSSL_DUAL_ALG_CERTS
2113            if (ret == 0) {
2114                ret = ProcessBufferCertAltPublicKey(ctx, ssl, cert, checkKeySz);
2115            }
2116        #endif
2117        }
2118    }
2119
2120    /* Dispose of dynamic memory in certificate object. */
2121    FreeDecodedCert(cert);
2122    WC_FREE_VAR_EX(cert, heap, DYNAMIC_TYPE_DCERT);
2123    return ret;
2124}
2125
2126/* Handle storing the DER encoding of the certificate.
2127 *
2128 * Do not free der outside of this function.
2129 *
2130 * @param [in, out] ctx     SSL context object.
2131 * @param [in, out] ssl     SSL object.
2132 * @param [in]      der     DER encoded certificate.
2133 * @param [in]      type    Type of data:
2134 *                            CERT_TYPE, CA_TYPE or TRUSTED_PEER_TYPE.
2135 * @param [in]      verify  What verification to do.
2136 * @return  0 on success.
2137 * @return  BAD_FUNC_ARG when type is CA_TYPE and ctx is NULL.
2138 * @return  WOLFSSL_BAD_CERTTYPE when data type is not supported.
2139 */
2140static int ProcessBufferCertHandleDer(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
2141    DerBuffer* der, int type, int verify)
2142{
2143    int ret = 0;
2144
2145    /* CA certificate to verify with. */
2146    if (type == CA_TYPE) {
2147#ifdef WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION
2148        /* TEST ONLY CODE:
2149         * Store the DER encoding of the CA certificate so we can append it to
2150         * the list of trusted CA certificates if the subsequent call to AddCA
2151         * is successful */
2152        word32 derLen;
2153        byte* derBuf;
2154        if (ctx->doAppleNativeCertValidationFlag == 1) {
2155            WOLFSSL_MSG("ANCV Test: copy DER CA cert");
2156            derLen = der->length;
2157            derBuf = (byte*)XMALLOC(derLen, NULL, DYNAMIC_TYPE_TMP_BUFFER);
2158            if (derBuf == NULL) {
2159                return MEMORY_E;
2160            }
2161            XMEMCPY(derBuf, der->buffer, derLen);
2162        }
2163        else {
2164            (void)derLen;
2165            (void)derBuf;
2166        }
2167#endif
2168        /* verify CA unless user set to no verify */
2169        ret = AddCA(ctx->cm, &der, WOLFSSL_USER_CA, verify);
2170
2171#ifdef WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION
2172        /* TEST ONLY CODE:
2173         * Append the DER encoded CA certificate to the list of trusted CA
2174         * certificates so we can inject them at verification time */
2175        if (ret == 1 && ctx->doAppleNativeCertValidationFlag == 1) {
2176            WOLFSSL_MSG("ANCV Test: Appending CA to cert list");
2177            ret = wolfSSL_TestAppleNativeCertValidation_AppendCA(ctx, derBuf,
2178                (int)derLen);
2179            if (ret == WOLFSSL_SUCCESS) {
2180                WOLFSSL_MSG("ANCV Test: Clearing CA table");
2181                /* Clear the CA table so we can ensure they won't be used for
2182                 * verification */
2183                ret = wolfSSL_CertManagerUnloadCAs(ctx->cm);
2184                if (ret == WOLFSSL_SUCCESS) {
2185                    ret = 0;
2186                }
2187            }
2188            XFREE(derBuf, NULL, DYNAMIC_TYPE_TMP_BUFFER);
2189        }
2190#endif /* !WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION */
2191
2192        if (ret == 1) {
2193            ret = 0;
2194        }
2195    }
2196#ifdef WOLFSSL_TRUST_PEER_CERT
2197    /* Trusted certificate to verify peer with. */
2198    else if (type == TRUSTED_PEER_TYPE) {
2199        WOLFSSL_CERT_MANAGER* cm;
2200
2201        /* Get certificate manager to add certificate to. */
2202        if (ctx != NULL) {
2203            cm = ctx->cm;
2204        }
2205        else {
2206            SSL_CM_WARNING(ssl);
2207            cm = SSL_CM(ssl);
2208        }
2209        /* Add certificate as a trusted peer. */
2210        ret = AddTrustedPeer(cm, &der, verify);
2211        if (ret != 1) {
2212            WOLFSSL_MSG("Error adding trusted peer");
2213        }
2214    }
2215#endif /* WOLFSSL_TRUST_PEER_CERT */
2216    /* Leaf certificate - our certificate. */
2217    else if (type == CERT_TYPE) {
2218        if (ssl != NULL) {
2219            /* Free previous certificate if we own it. */
2220            if (ssl->buffers.weOwnCert) {
2221                FreeDer(&ssl->buffers.certificate);
2222            #ifdef KEEP_OUR_CERT
2223                /* Dispose of X509 version of certificate. */
2224                wolfSSL_X509_free(ssl->ourCert);
2225                ssl->ourCert = NULL;
2226            #endif
2227            }
2228            /* Store certificate as ours. */
2229            ssl->buffers.certificate = der;
2230        #ifdef KEEP_OUR_CERT
2231            ssl->keepCert = 1; /* hold cert for ssl lifetime */
2232        #endif
2233            /* We have to free the certificate buffer. */
2234            ssl->buffers.weOwnCert = 1;
2235            /* ourCert is created on demand. */
2236        }
2237        else if (ctx != NULL) {
2238            /* Free previous certificate. */
2239            FreeDer(&ctx->certificate); /* Make sure previous is free'd */
2240        #ifdef KEEP_OUR_CERT
2241            /* Dispose of X509 version of certificate if we own it. */
2242            if (ctx->ownOurCert) {
2243                wolfSSL_X509_free(ctx->ourCert);
2244            }
2245            ctx->ourCert = NULL;
2246        #endif
2247            /* Store certificate as ours. */
2248            ctx->certificate = der;
2249            /* ourCert is created on demand. */
2250        }
2251    }
2252    else {
2253        /* Dispose of DER buffer. */
2254        FreeDer(&der);
2255        /* Not a certificate type supported. */
2256        ret = WOLFSSL_BAD_CERTTYPE;
2257    }
2258
2259    return ret;
2260}
2261
2262/* Process certificate based on type.
2263 *
2264 * @param [in, out] ctx     SSL context object.
2265 * @param [in, out] ssl     SSL object.
2266 * @param [in]      buff    Buffer holding original data.
2267 * @param [in]      sz      Size of data in buffer.
2268 * @param [in]      der     DER encoding of certificate.
2269 * @param [in]      format  Format of data.
2270 * @param [in]      type    Type of data:
2271 *                            CERT_TYPE, CA_TYPE or TRUSTED_PEER_TYPE.
2272 * @param [in]      verify  What verification to do.
2273 * @return  0 on success.
2274 * @return  WOLFSSL_FATAL_ERROR on failure.
2275 */
2276static int ProcessBufferCertTypes(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
2277    const unsigned char* buff, long sz, DerBuffer* der, int format, int type,
2278    int verify)
2279{
2280    int ret;
2281
2282    (void)buff;
2283    (void)sz;
2284    (void)format;
2285
2286    ret = ProcessBufferCertHandleDer(ctx, ssl, der, type, verify);
2287    if ((ret == 0) && (type == CERT_TYPE)) {
2288        /* Process leaf certificate. */
2289        ret = ProcessBufferCert(ctx, ssl, der);
2290    }
2291#if !defined(NO_WOLFSSL_CM_VERIFY) && (!defined(NO_WOLFSSL_CLIENT) || \
2292    !defined(WOLFSSL_NO_CLIENT_AUTH))
2293    /* Hand bad CA or user certificate to callback. */
2294    if ((ret < 0) && ((type == CA_TYPE) || (type == CERT_TYPE))) {
2295        /* Check for verification callback that may override error. */
2296        if ((ctx != NULL) && (ctx->cm != NULL) &&
2297                (ctx->cm->verifyCallback != NULL)) {
2298            /* Verify and use callback. */
2299            ret = CM_VerifyBuffer_ex(ctx->cm, buff, sz, format, ret);
2300            /* Convert error. */
2301            if (ret == 0) {
2302                ret = WOLFSSL_FATAL_ERROR;
2303            }
2304            if (ret == 1) {
2305                ret = 0;
2306            }
2307        }
2308    }
2309#endif /* NO_WOLFSSL_CM_VERIFY */
2310
2311    return ret;
2312}
2313
2314/* Reset the cipher suites based on updated private key or certificate.
2315 *
2316 * @param [in, out] ctx     SSL context object.
2317 * @param [in, out] ssl     SSL object.
2318 * @param [in]      type    Type of certificate.
2319 * @return  0 on success.
2320 * @return  WOLFSSL_FATAL_ERROR when allocation fails.
2321 */
2322static int ProcessBufferResetSuites(WOLFSSL_CTX* ctx, WOLFSSL* ssl, int type)
2323{
2324    int ret = 0;
2325
2326    /* Reset suites of SSL object. */
2327    if (ssl != NULL) {
2328        if (ssl->options.side == WOLFSSL_SERVER_END) {
2329            /* Allocate memory for suites. */
2330            if (AllocateSuites(ssl) != 0) {
2331                ret = WOLFSSL_FATAL_ERROR;
2332            }
2333            else {
2334                /* Determine cipher suites based on what we have. */
2335                InitSuites(ssl->suites, ssl->version, ssl->buffers.keySz,
2336                    WOLFSSL_HAVE_RSA, SSL_HAVE_PSK(ssl), ssl->options.haveDH,
2337                    ssl->options.haveECDSAsig, ssl->options.haveECC, TRUE,
2338                    ssl->options.haveStaticECC,
2339                    ssl->options.useAnon, TRUE,
2340                    TRUE, TRUE, TRUE, ssl->options.side);
2341            }
2342        }
2343    }
2344    /* Reset suites of SSL context object. */
2345    else if ((type == CERT_TYPE) && (ctx->method->side == WOLFSSL_SERVER_END)) {
2346        /* Allocate memory for suites. */
2347        if (AllocateCtxSuites(ctx) != 0) {
2348            ret = WOLFSSL_FATAL_ERROR;
2349        }
2350        else {
2351            /* Determine cipher suites based on what we have. */
2352            InitSuites(ctx->suites, ctx->method->version, ctx->privateKeySz,
2353                WOLFSSL_HAVE_RSA, CTX_HAVE_PSK(ctx), ctx->haveDH,
2354                ctx->haveECDSAsig, ctx->haveECC, TRUE, ctx->haveStaticECC,
2355                CTX_USE_ANON(ctx),
2356                TRUE, TRUE, TRUE, TRUE, ctx->method->side);
2357        }
2358    }
2359
2360    return ret;
2361}
2362
2363#ifndef WOLFSSL_DUAL_ALG_CERTS
2364    /* Determine whether the type is for a private key. */
2365    #define IS_PRIVKEY_TYPE(type) ((type) == PRIVATEKEY_TYPE)
2366#else
2367    /* Determine whether the type is for a private key. */
2368    #define IS_PRIVKEY_TYPE(type) (((type) == PRIVATEKEY_TYPE) ||   \
2369                                   ((type) == ALT_PRIVATEKEY_TYPE))
2370#endif
2371
2372/* Process a buffer of data.
2373 *
2374 * Data type is a private key or a certificate.
2375 * The format can be ASN.1 (DER) or PEM.
2376 *
2377 * @param [in, out] ctx        SSL context object.
2378 * @param [in]      buff       Buffer holding data.
2379 * @param [in]      sz         Size of data in buffer.
2380 * @param [in]      format     Format of data:
2381 *                               WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1.
2382 * @param [in]      type       Type of data:
2383 *                               CERT_TYPE, CA_TYPE, TRUSTED_PEER_TYPE,
2384 *                               PRIVATEKEY_TYPE or ALT_PRIVATEKEY_TYPE.
2385 * @param [in, out] ssl        SSL object.
2386 * @param [out]     used       Number of bytes consumed.
2387 * @param [in[      userChain  Whether this certificate is for user's chain.
2388 * @param [in]      verify     How to verify certificate.
2389 * @param [in]      source_name Associated filename or other source ID.
2390 * @return  1 on success.
2391 * @return  Less than 1 on failure.
2392 */
2393int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff, long sz,
2394    int format, int type, WOLFSSL* ssl, long* used, int userChain, int verify,
2395    const char *source_name)
2396{
2397    DerBuffer*    der = NULL;
2398    int           ret = 0;
2399    void*         heap = WOLFSSL_HEAP(ctx, ssl);
2400    WC_DECLARE_VAR(info, EncryptedInfo, 1, 0);
2401    int           algId = 0;
2402#ifdef WOLFSSL_DEBUG_CERTIFICATE_LOADS
2403    long usedAtStart = used ? *used : 0L;
2404#else
2405    (void)source_name;
2406#endif
2407
2408    WOLFSSL_ENTER("ProcessBuffer");
2409
2410    /* Check data format is supported. */
2411    if ((format != WOLFSSL_FILETYPE_ASN1) && (format != WOLFSSL_FILETYPE_PEM)) {
2412        ret = WOLFSSL_BAD_FILETYPE;
2413    }
2414    /* Need an object to store certificate into. */
2415    if ((ret == 0) && (ctx == NULL) && (ssl == NULL)) {
2416        ret = BAD_FUNC_ARG;
2417    }
2418    /* CA certificates go into the SSL context object. */
2419    if ((ret == 0) && (ctx == NULL) && (type == CA_TYPE)) {
2420        ret = BAD_FUNC_ARG;
2421    }
2422    /* This API does not handle CHAIN_CERT_TYPE */
2423    if ((ret == 0) && (type == CHAIN_CERT_TYPE)) {
2424        ret = BAD_FUNC_ARG;
2425    }
2426
2427#ifdef WOLFSSL_SMALL_STACK
2428    if (ret == 0) {
2429        /* Allocate memory for encryption information. */
2430        info = (EncryptedInfo*)XMALLOC(sizeof(EncryptedInfo), heap,
2431            DYNAMIC_TYPE_ENCRYPTEDINFO);
2432        if (info == NULL) {
2433            ret = MEMORY_E;
2434        }
2435    }
2436#endif
2437    if (ret == 0) {
2438        /* Initialize encryption information. */
2439        XMEMSET(info, 0, sizeof(EncryptedInfo));
2440    #if defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_PWDBASED)
2441        if (ctx != NULL) {
2442            info->passwd_cb       = ctx->passwd_cb;
2443            info->passwd_userdata = ctx->passwd_userdata;
2444        }
2445    #endif
2446
2447        /* Get the DER data for a private key or certificate. */
2448        ret = DataToDerBuffer(buff, (word32)sz, format, type, info, heap, &der,
2449            &algId);
2450        if (used != NULL) {
2451            /* Update to amount used/consumed. */
2452            *used = info->consumed;
2453        }
2454    #ifdef WOLFSSL_SMALL_STACK
2455        if (ret != 0) {
2456             /* Info no longer needed as loading failed. */
2457             XFREE(info, heap, DYNAMIC_TYPE_ENCRYPTEDINFO);
2458        }
2459    #endif
2460    }
2461
2462    if ((ret == 0) && IS_PRIVKEY_TYPE(type)) {
2463        /* Process the private key. */
2464        ret = ProcessBufferPrivateKey(ctx, ssl, der, format, info, heap, type,
2465            algId);
2466        WC_FREE_VAR_EX(info, heap, DYNAMIC_TYPE_ENCRYPTEDINFO);
2467    }
2468    else if (ret == 0) {
2469        /* Processing a certificate. */
2470        if (userChain) {
2471            /* Take original buffer and add to user chain to send in TLS
2472             * handshake. */
2473            ret = ProcessUserChain(ctx, ssl, buff, sz, format, type, used, info,
2474                verify);
2475            /* Additional chain is optional */
2476            if (ret == WC_NO_ERR_TRACE(ASN_NO_PEM_HEADER)) {
2477                unsigned long pemErr = 0;
2478                CLEAR_ASN_NO_PEM_HEADER_ERROR(pemErr);
2479                ret = 0;
2480            }
2481#ifdef WOLFSSL_DEBUG_CERTIFICATE_LOADS
2482            if (ret < 0) {
2483#ifdef NO_ERROR_STRINGS
2484                WOLFSSL_DEBUG_PRINTF(
2485                    "ERROR: ProcessUserChain: certificate from %s at offset %ld"
2486                    " rejected with code %d\n",
2487                    source_name, usedAtStart, ret);
2488#else
2489                WOLFSSL_DEBUG_PRINTF(
2490                    "ERROR: ProcessUserChain: certificate from %s at offset %ld"
2491                    " rejected with code %d: %s\n",
2492                    source_name, usedAtStart, ret,
2493                    wolfSSL_ERR_reason_error_string(ret));
2494#endif
2495            }
2496#endif /* WOLFSSL_DEBUG_CERTIFICATE_LOADS */
2497        }
2498
2499        WC_FREE_VAR_EX(info, heap, DYNAMIC_TYPE_ENCRYPTEDINFO);
2500
2501        if (ret == 0) {
2502            /* Process the different types of certificates. */
2503            ret = ProcessBufferCertTypes(ctx, ssl, buff, sz, der, format, type,
2504                verify);
2505#ifdef WOLFSSL_DEBUG_CERTIFICATE_LOADS
2506            if (ret < 0) {
2507#ifdef NO_ERROR_STRINGS
2508                WOLFSSL_DEBUG_PRINTF(
2509                    "ERROR: ProcessBufferCertTypes: certificate from %s at"
2510                    " offset %ld rejected with code %d\n",
2511                    source_name, usedAtStart, ret);
2512#else
2513                WOLFSSL_DEBUG_PRINTF(
2514                    "ERROR: ProcessBufferCertTypes: certificate from %s at"
2515                    " offset %ld rejected with code %d: %s\n",
2516                    source_name, usedAtStart, ret,
2517                    wolfSSL_ERR_reason_error_string(ret));
2518#endif
2519            }
2520#endif /* WOLFSSL_DEBUG_CERTIFICATE_LOADS */
2521        }
2522        else {
2523            FreeDer(&der);
2524        }
2525    }
2526
2527    /* Reset suites if this is a private key or user certificate. */
2528    if ((ret == 0) && ((type == PRIVATEKEY_TYPE) || (type == CERT_TYPE))) {
2529        ret = ProcessBufferResetSuites(ctx, ssl, type);
2530    }
2531
2532    /* Convert return code. */
2533    if (ret == 0) {
2534        ret = 1;
2535    }
2536    else if (ret == WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)) {
2537        ret = 0;
2538    }
2539    WOLFSSL_LEAVE("ProcessBuffer", ret);
2540    return ret;
2541}
2542
2543#if defined(WOLFSSL_WPAS) && defined(HAVE_CRL)
2544/* Try to parse data as a PEM CRL.
2545 *
2546 * @param [in]  ctx       SSL context object.
2547 * @param [in]  buff      Buffer containing potential CRL in PEM format.
2548 * @param [in]  sz        Amount of data in buffer remaining.
2549 * @param [out] consumed  Number of bytes in buffer was the CRL.
2550 * @return  0 on success.
2551 */
2552static int ProcessChainBufferCRL(WOLFSSL_CTX* ctx, const unsigned char* buff,
2553    long sz, long* consumed)
2554{
2555    int           ret;
2556    DerBuffer*    der = NULL;
2557    EncryptedInfo info;
2558
2559    WOLFSSL_MSG("Trying a CRL");
2560    ret = PemToDer(buff, sz, CRL_TYPE, &der, NULL, &info, NULL);
2561    if (ret == 0) {
2562        WOLFSSL_MSG("   Processed a CRL");
2563        wolfSSL_CertManagerLoadCRLBuffer(ctx->cm, der->buffer, der->length,
2564            WOLFSSL_FILETYPE_ASN1);
2565        FreeDer(&der);
2566        *consumed = info.consumed;
2567    }
2568
2569    return ret;
2570}
2571#endif
2572
2573/* Process all chain certificates (and CRLs) in the PEM data.
2574 *
2575 * @param [in, out] ctx     SSL context object.
2576 * @param [in, out] ssl     SSL object.
2577 * @param [in]      buff    Buffer containing PEM data.
2578 * @param [in]      sz      Size of data in buffer.
2579 * @param [in]      type    Type of data.
2580 * @param [in]      verify  How to verify certificate.
2581 * @param [in]      source_name   Associated filename or other source ID.
2582 * @return  1 on success.
2583 * @return  0 on failure.
2584 * @return  MEMORY_E when dynamic memory allocation fails.
2585 */
2586static int ProcessChainBuffer(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
2587    const unsigned char* buff, long sz, int type, int verify,
2588    const char *source_name)
2589{
2590    int  ret    = 0;
2591    long used   = 0;
2592    int  gotOne = 0;
2593
2594    WOLFSSL_MSG("Processing CA PEM file");
2595    /* Keep processing file while no errors and data to parse. */
2596    while ((ret >= 0) && (used < sz)) {
2597        long consumed = used;
2598
2599        /* Process the buffer. */
2600        ret = ProcessBuffer(ctx, buff + used, sz - used, WOLFSSL_FILETYPE_PEM,
2601            type, ssl, &consumed, 0, verify, source_name);
2602        /* Memory allocation failure is fatal. */
2603        if (ret == WC_NO_ERR_TRACE(MEMORY_E)) {
2604            gotOne = 0;
2605        }
2606        /* Other error parsing. */
2607        else if (ret < 0) {
2608#if defined(WOLFSSL_WPAS) && defined(HAVE_CRL)
2609            /* Try parsing a CRL. */
2610            if (ProcessChainBufferCRL(ctx, buff + used, sz - used,
2611                    &consumed) == 0) {
2612                ret = 0;
2613            }
2614            else
2615#endif
2616            /* Check whether we made progress. */
2617            if (consumed > 0) {
2618                WOLFSSL_ERROR(ret);
2619                WOLFSSL_MSG("CA Parse failed, with progress in file.");
2620                WOLFSSL_MSG("Search for other certs in file");
2621                /* Check if we have more data to parse to recover. */
2622                if (used + consumed < sz) {
2623                    ret = 0;
2624                }
2625            }
2626            else {
2627                /* No progress in parsing being made - stop here. */
2628                WOLFSSL_MSG("CA Parse failed, no progress in file.");
2629                WOLFSSL_MSG("Do not continue search for other certs in file");
2630            }
2631        }
2632        else {
2633            /* Got a certificate out. */
2634            WOLFSSL_MSG("   Processed a CA");
2635            gotOne = 1;
2636        }
2637        /* Update used count. */
2638        used += consumed;
2639    }
2640
2641    /* May have other unparsable data but did we get a certificate? */
2642    if (gotOne) {
2643        WOLFSSL_MSG("Processed at least one valid CA. Other stuff OK");
2644        ret = 1;
2645    }
2646    return ret;
2647}
2648
2649
2650/* Get verify settings for AddCA from SSL context. */
2651#define GET_VERIFY_SETTING_CTX(ctx) \
2652    ((ctx) && (ctx)->verifyNone ? NO_VERIFY : VERIFY)
2653/* Get verify settings for AddCA from SSL. */
2654#define GET_VERIFY_SETTING_SSL(ssl) \
2655    ((ssl)->options.verifyNone ? NO_VERIFY : VERIFY)
2656
2657#ifndef NO_FILESYSTEM
2658
2659/* Process data from a file as private keys, CRL or certificates.
2660 *
2661 * @param [in, out] ctx        SSL context object.
2662 * @param [in]      fname      Name of file to read.
2663 * @param [in]      format     Format of data:
2664 *                               WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1.
2665 * @param [in]      type       Type of data:
2666 *                               CERT_TYPE, CA_TYPE, TRUSTED_PEER_TYPE,
2667 *                               PRIVATEKEY_TYPE or ALT_PRIVATEKEY_TYPE.
2668 * @param [in, out] ssl        SSL object.
2669 * @param [in]      userChain  Whether file contains chain of certificates.
2670 * @param [in, out] crl        CRL object to load data into.
2671 * @param [in]      verify     How to verify certificates.
2672 * @return  1 on success.
2673 * @return  WOLFSSL_BAD_FILE when reading the file fails.
2674 * @return  WOLFSSL_BAD_CERTTYPE when unable to detect certificate type.
2675 */
2676int ProcessFile(WOLFSSL_CTX* ctx, const char* fname, int format, int type,
2677    WOLFSSL* ssl, int userChain, WOLFSSL_CRL* crl, int verify)
2678{
2679    int    ret = 0;
2680#ifndef WOLFSSL_SMALL_STACK
2681    byte   stackBuffer[FILE_BUFFER_SIZE];
2682#endif
2683    StaticBuffer content;
2684    long   sz = 0;
2685    void*  heap = WOLFSSL_HEAP(ctx, ssl);
2686
2687    (void)crl;
2688    (void)heap;
2689
2690#ifdef WOLFSSL_SMALL_STACK
2691    static_buffer_init(&content);
2692#else
2693    static_buffer_init(&content, stackBuffer, FILE_BUFFER_SIZE);
2694#endif
2695
2696    /* Read file into static buffer. */
2697    ret = wolfssl_read_file_static(fname, &content, heap, DYNAMIC_TYPE_FILE,
2698        &sz);
2699    if ((ret == 0) && (type == DETECT_CERT_TYPE) &&
2700            (format != WOLFSSL_FILETYPE_PEM)) {
2701        WOLFSSL_MSG_CERT_LOG("Cannot detect certificate type when not PEM");
2702        ret = WOLFSSL_BAD_CERTTYPE;
2703    }
2704    /* Try to detect type by parsing cert header and footer. */
2705    if ((ret == 0) && (type == DETECT_CERT_TYPE)) {
2706#if !defined(NO_CODING) && !defined(WOLFSSL_NO_PEM)
2707        const char* header = NULL;
2708        const char* footer = NULL;
2709#ifdef HAVE_CRL
2710        WOLFSSL_MSG_CERT("Detecting cert type... (including CRL_TYPE)");
2711#else
2712        WOLFSSL_MSG_CERT("Detecting cert type... (HAVE_CRL not defined)");
2713#endif
2714
2715        /* Look for CA header and footer - same as CERT_TYPE. */
2716        if (wc_PemGetHeaderFooter(CA_TYPE, &header, &footer) == 0 &&
2717                (XSTRNSTR((char*)content.buffer, header, sz) != NULL)) {
2718            type = CA_TYPE;
2719            WOLFSSL_MSG_CERT_LOG_EX("Detected cert type CA_TYPE = %d:", type);
2720        }
2721#ifdef HAVE_CRL
2722        /* Look for CRL header and footer. */
2723        else if (wc_PemGetHeaderFooter(CRL_TYPE, &header, &footer) == 0 &&
2724                (XSTRNSTR((char*)content.buffer, header, sz) != NULL)) {
2725            type = CRL_TYPE;
2726            WOLFSSL_MSG_CERT_LOG_EX("Detected cert type CRL_TYPE = %d:", type);
2727        }
2728#endif
2729        /* Look for cert header and footer - same as CA_TYPE. */
2730        else if (wc_PemGetHeaderFooter(CERT_TYPE, &header, &footer) == 0 &&
2731                (XSTRNSTR((char*)content.buffer, header, sz) !=
2732                    NULL)) {
2733            type = CERT_TYPE;
2734            WOLFSSL_MSG_CERT_LOG_EX("Detected cert type CERT_TYPE = %d:", type);
2735        }
2736        else
2737#endif /* !NO_CODING && !WOLFSSL_NO_PEM */
2738        {
2739            /* Not a header that we support. */
2740            WOLFSSL_MSG_CERT_LOG("Failed to detect certificate type");
2741#ifdef WOLFSSL_DEBUG_CERTIFICATE_LOADS
2742            WOLFSSL_DEBUG_PRINTF(
2743                "ERROR: ProcessFile: Failed to detect certificate type"
2744                " of \"%s\"\n",
2745                fname);
2746#endif
2747            ret = WOLFSSL_BAD_CERTTYPE;
2748        }
2749    } /* (ret == 0) && (type == DETECT_CERT_TYPE) */
2750
2751    if (ret == 0) {
2752        /* When CA or trusted peer and PEM - process as a chain buffer. */
2753        if (((type == CA_TYPE) || (type == TRUSTED_PEER_TYPE)) &&
2754                (format == WOLFSSL_FILETYPE_PEM)) {
2755            WOLFSSL_MSG_CERT("Processing cert chain buffer...");
2756            ret = ProcessChainBuffer(ctx, ssl, content.buffer, sz, type,
2757                verify, fname);
2758        }
2759#ifdef HAVE_CRL
2760        else if (type == CRL_TYPE) {
2761            WOLFSSL_MSG_CERT("Loading CRL...");
2762            ret = BufferLoadCRL(crl, content.buffer, sz, format, verify);
2763        }
2764#endif
2765#ifdef WOLFSSL_DUAL_ALG_CERTS
2766        else if (type == PRIVATEKEY_TYPE) {
2767            /* When support for dual algorithm certificates is enabled, the
2768             * private key file may contain both the primary and the
2769             * alternative private key. Hence, we have to parse both of them.
2770             */
2771            long consumed = 0;
2772
2773            ret = ProcessBuffer(ctx, content.buffer, sz, format, type, ssl,
2774                &consumed, userChain, verify, fname);
2775            if ((ret == 1) && (consumed < sz)) {
2776                ret = ProcessBuffer(ctx, content.buffer + consumed,
2777                    sz - consumed, format, ALT_PRIVATEKEY_TYPE, ssl, NULL, 0,
2778                    verify, fname);
2779            }
2780        }
2781#endif
2782        else {
2783            /* Load all other certificate types. */
2784            ret = ProcessBuffer(ctx, content.buffer, sz, format, type, ssl,
2785                NULL, userChain, verify, fname);
2786        }
2787    }
2788
2789    /* Dispose of dynamically allocated data. */
2790    static_buffer_free(&content, heap, DYNAMIC_TYPE_FILE);
2791    return ret;
2792}
2793
2794#ifndef NO_WOLFSSL_DIR
2795/* Load file when filename is in the path.
2796 *
2797 * @param [in, out] ctx           SSL context object.
2798 * @param [in]      name          Name of file.
2799 * @param [in]      verify        How to verify a certificate.
2800 * @param [in]      flags         Flags representing options for loading.
2801 * @param [in, out] failCount     Number of files that failed to load.
2802 * @param [in, out] successCount  Number of files successfully loaded.
2803 * @return  1 on success.
2804 * @return  Not 1 when loading PEM certificate failed.
2805 */
2806static int wolfssl_ctx_load_path_file(WOLFSSL_CTX* ctx, const char* name,
2807    int verify, int flags, int* failCount, int* successCount)
2808{
2809    int ret;
2810
2811    /* Attempt to load file as a CA. */
2812    ret = ProcessFile(ctx, name, WOLFSSL_FILETYPE_PEM, CA_TYPE, NULL, 0, NULL,
2813        verify);
2814    if (ret != 1) {
2815        /* When ignoring errors or loading PEM only and no PEM. don't fail. */
2816        if ((flags & WOLFSSL_LOAD_FLAG_IGNORE_ERR) ||
2817                ((flags & WOLFSSL_LOAD_FLAG_PEM_CA_ONLY) &&
2818                 (ret == WC_NO_ERR_TRACE(ASN_NO_PEM_HEADER)))) {
2819            unsigned long err = 0;
2820            CLEAR_ASN_NO_PEM_HEADER_ERROR(err);
2821        #if defined(WOLFSSL_QT)
2822            ret = 1;
2823        #endif
2824        }
2825        else {
2826            WOLFSSL_ERROR(ret);
2827            WOLFSSL_MSG("Load CA file failed, continuing");
2828            /* Add to fail count. */
2829            (*failCount)++;
2830        }
2831    }
2832    else {
2833    #if defined(WOLFSSL_TRUST_PEER_CERT) && defined(OPENSSL_COMPATIBLE_DEFAULTS)
2834        /* Try loading as a trusted peer certificate. */
2835        ret = wolfSSL_CTX_trust_peer_cert(ctx, name, WOLFSSL_FILETYPE_PEM);
2836        if (ret != 1) {
2837            WOLFSSL_MSG("wolfSSL_CTX_trust_peer_cert error. "
2838                        "Ignoring this error.");
2839        }
2840    #endif
2841        /* Add to success count. */
2842        (*successCount)++;
2843    }
2844
2845    return ret;
2846}
2847
2848/* Load PEM formatted CA files from a path.
2849 *
2850 * @param [in, out] ctx           SSL context object.
2851 * @param [in]      path          Path to directory to read.
2852 * @param [in]      flags         Flags representing options for loading.
2853 * @param [in]      verify        How to verify a certificate.
2854 * @param [in]      successCount  Number of files successfully loaded.
2855 * @return  1 on success.
2856 * @return  0 on failure.
2857 * @return  MEMORY_E when dynamic memory allocation fails.
2858 */
2859static int wolfssl_ctx_load_path(WOLFSSL_CTX* ctx, const char* path,
2860    word32 flags, int verify, int successCount)
2861{
2862    int ret = 1;
2863    char* name = NULL;
2864    int fileRet;
2865    int failCount = 0;
2866    WC_DECLARE_VAR(readCtx, ReadDirCtx, 1, 0);
2867
2868    /* Allocate memory for directory reading context. */
2869    WC_ALLOC_VAR_EX(readCtx, ReadDirCtx, 1, ctx->heap, DYNAMIC_TYPE_DIRCTX,
2870        ret=MEMORY_E);
2871
2872    if (ret == 1) {
2873        /* Get name of first file in path. */
2874        fileRet = wc_ReadDirFirst(readCtx, path, &name);
2875        /* While getting filename doesn't fail and name returned, process file.
2876         */
2877        while ((fileRet == 0) && (name != NULL)) {
2878            WOLFSSL_MSG(name);
2879            /* Load file. */
2880            ret = wolfssl_ctx_load_path_file(ctx, name, verify, (int)flags,
2881                &failCount, &successCount);
2882            /* Get next filename. */
2883            fileRet = wc_ReadDirNext(readCtx, path, &name);
2884        }
2885        /* Cleanup directory reading context. */
2886        wc_ReadDirClose(readCtx);
2887
2888        /* When not WOLFSSL_QT, ret is always overwritten. */
2889        (void)ret;
2890
2891        /* Return real directory read failure error codes. */
2892        if (fileRet != WC_READDIR_NOFILE) {
2893            ret = fileRet;
2894        #if defined(WOLFSSL_QT) || defined(WOLFSSL_IGNORE_BAD_CERT_PATH)
2895            /* Ignore bad path error when flag set. */
2896            if ((ret == WC_NO_ERR_TRACE(BAD_PATH_ERROR)) &&
2897                    (flags & WOLFSSL_LOAD_FLAG_IGNORE_BAD_PATH_ERR)) {
2898               /* QSslSocket always loads certs in system folder
2899                * when it is initialized.
2900                * Compliant with OpenSSL when flag set.
2901                */
2902                ret = 1;
2903            }
2904            else {
2905                /* qssl socket wants to know errors. */
2906                WOLFSSL_ERROR(ret);
2907            }
2908        #endif
2909        }
2910        /* Report failure if no files successfully loaded or there were
2911         * failures. */
2912        else if ((successCount == 0) || (failCount > 0)) {
2913            /* Use existing error code if exists. */
2914        #if defined(WOLFSSL_QT)
2915            /* Compliant with OpenSSL when flag set. */
2916            if (!(flags & WOLFSSL_LOAD_FLAG_IGNORE_ZEROFILE))
2917        #endif
2918            {
2919                /* Return 0 when no files loaded. */
2920                ret = 0;
2921            }
2922        }
2923        else {
2924            /* We loaded something so it is a success. */
2925            ret = 1;
2926        }
2927
2928        WC_FREE_VAR_EX(readCtx, ctx->heap, DYNAMIC_TYPE_DIRCTX);
2929    }
2930
2931    return ret;
2932}
2933#endif
2934
2935/* Load a file and/or files in path
2936 *
2937 * No c_rehash.
2938 *
2939 * @param [in, out] ctx    SSL context object.
2940 * @param [in]      file   Name of file to load. May be NULL.
2941 * @param [in]      path   Path to directory containing PEM CA files.
2942 *                         May be NULL.
2943 * @param [in]      flags  Flags representing options for loading.
2944 * @return  1 on success.
2945 * @return  0 on failure.
2946 * @return  NOT_COMPILED_IN when directory reading not supported and path is
2947 *          not NULL.
2948 * @return  Other negative on error.
2949 */
2950int wolfSSL_CTX_load_verify_locations_ex(WOLFSSL_CTX* ctx, const char* file,
2951    const char* path, word32 flags)
2952{
2953    int ret = 1;
2954#ifndef NO_WOLFSSL_DIR
2955    int successCount = 0;
2956#endif
2957    int verify = WOLFSSL_VERIFY_DEFAULT;
2958
2959    WOLFSSL_MSG("wolfSSL_CTX_load_verify_locations_ex");
2960
2961    /* Validate parameters. */
2962    if ((ctx == NULL) || ((file == NULL) && (path == NULL))) {
2963        ret = 0;
2964    }
2965
2966#ifdef WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION
2967    if (ret == 1) {
2968    /* TEST ONLY CODE: force native cert validation on */
2969        WOLFSSL_MSG("ANCV Test: Loading system CA certs");
2970        wolfSSL_CTX_load_system_CA_certs(ctx);
2971    }
2972#endif
2973
2974    if (ret == 1) {
2975        /* Get setting on how to verify certificates. */
2976        verify = GET_VERIFY_SETTING_CTX(ctx);
2977        /* Overwrite setting when flag set. */
2978        if (flags & WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY) {
2979            verify = VERIFY_SKIP_DATE;
2980        }
2981
2982        if (file != NULL) {
2983#ifdef WOLFSSL_PEM_TO_DER
2984            /* Load the PEM formatted CA file */
2985            ret = ProcessFile(ctx, file, WOLFSSL_FILETYPE_PEM, CA_TYPE, NULL, 0,
2986                NULL, verify);
2987#else
2988            /* Load the DER formatted CA file */
2989            ret = ProcessFile(ctx, file, WOLFSSL_FILETYPE_ASN1, CA_TYPE, NULL,
2990                0, NULL, verify);
2991#endif
2992#ifndef NO_WOLFSSL_DIR
2993            if (ret == 1) {
2994                /* Include success in overall count. */
2995                successCount++;
2996            }
2997#endif
2998#if defined(WOLFSSL_TRUST_PEER_CERT) && defined(OPENSSL_COMPATIBLE_DEFAULTS)
2999            /* Load CA as a trusted peer certificate. */
3000#ifdef WOLFSSL_PEM_TO_DER
3001            ret = wolfSSL_CTX_trust_peer_cert(ctx, file, WOLFSSL_FILETYPE_PEM);
3002#else
3003            ret = wolfSSL_CTX_trust_peer_cert(ctx, file, WOLFSSL_FILETYPE_ASN1);
3004#endif
3005            if (ret != 1) {
3006                WOLFSSL_MSG("wolfSSL_CTX_trust_peer_cert error");
3007            }
3008#endif
3009        }
3010    }
3011
3012    if ((ret == 1) && (path != NULL)) {
3013#ifndef NO_WOLFSSL_DIR
3014        /* Load CA files form path. */
3015        ret = wolfssl_ctx_load_path(ctx, path, flags, verify, successCount);
3016#else
3017        /* Loading a path not supported. */
3018        ret = NOT_COMPILED_IN;
3019        (void)flags;
3020#endif
3021    }
3022
3023    return ret;
3024}
3025
3026/* Load a file and/or files in path
3027 *
3028 * No c_rehash.
3029 *
3030 * @param [in, out] ctx    SSL context object.
3031 * @param [in]      file   Name of file to load. May be NULL.
3032 * @param [in]      path   Path to directory containing PEM CA files.
3033 *                         May be NULL.
3034 * @return  1 on success.
3035 * @return  0 on failure.
3036 */
3037WOLFSSL_ABI
3038int wolfSSL_CTX_load_verify_locations(WOLFSSL_CTX* ctx, const char* file,
3039                                     const char* path)
3040{
3041    /* Load using default flags/options. */
3042    int ret = wolfSSL_CTX_load_verify_locations_ex(ctx, file, path,
3043        WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS);
3044
3045    /* Return 1 on success or 0 on failure. */
3046    return WS_RETURN_CODE(ret, 0);
3047}
3048
3049/* Load a file and/or files in path, with OpenSSL-compatible semantics.
3050 *
3051 * No c_rehash.
3052 *
3053 * @param [in, out] ctx    SSL context object.
3054 * @param [in]      file   Name of file to load. May be NULL.
3055 * @param [in]      path   Path to directory containing PEM CA files.
3056 *                         May be NULL.
3057 * @return  1 on success.
3058 * @return  0 on failure.
3059 */
3060int wolfSSL_CTX_load_verify_locations_compat(WOLFSSL_CTX* ctx, const char* file,
3061                                     const char* path)
3062{
3063    /* We want to keep trying to load more CA certs even if one cert in the
3064     * directory is bad and can't be used (e.g. if one is expired), and we
3065     * want to return success if any were successfully loaded (mimicking
3066     * OpenSSL SSL_CTX_load_verify_locations() semantics), so we use
3067     * WOLFSSL_LOAD_FLAG_IGNORE_ERR.  OpenSSL (as of v3.3.2) actually
3068     * returns success even if no certs are loaded (e.g. because the
3069     * supplied "path" doesn't exist or access is prohibited), and only
3070     * returns failure if the "file" is non-null and fails to load.
3071     *
3072     * Note that if a file is supplied and can't be successfully loaded, the
3073     * overall call fails and the path is never even evaluated.  This is
3074     * consistent with OpenSSL behavior.
3075     */
3076
3077    int ret = wolfSSL_CTX_load_verify_locations_ex(ctx, file, path,
3078        WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS | WOLFSSL_LOAD_FLAG_IGNORE_ERR);
3079
3080    /* Return 1 on success or 0 on failure. */
3081    return WS_RETURN_CODE(ret, 0);
3082}
3083
3084#ifdef WOLFSSL_TRUST_PEER_CERT
3085/* Load a trusted peer certificate into SSL context.
3086 *
3087 * @param [in, out] ctx     SSL context object.
3088 * @param [in]      file    Name of peer certificate file.
3089 * @param [in]      format  Format of data:
3090 *                            WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1.
3091 * @return  1 on success.
3092 * @return  0 when ctx or file is NULL.
3093 */
3094int wolfSSL_CTX_trust_peer_cert(WOLFSSL_CTX* ctx, const char* file, int format)
3095{
3096    int ret;
3097
3098    WOLFSSL_ENTER("wolfSSL_CTX_trust_peer_cert");
3099
3100    /* Validate parameters. */
3101    if ((ctx == NULL) || (file == NULL)) {
3102        ret = 0;
3103    }
3104    else {
3105        ret = ProcessFile(ctx, file, format, TRUSTED_PEER_TYPE, NULL, 0, NULL,
3106            GET_VERIFY_SETTING_CTX(ctx));
3107    }
3108
3109    return ret;
3110}
3111
3112/* Load a trusted peer certificate into SSL.
3113 *
3114 * @param [in, out] ssl     SSL object.
3115 * @param [in]      file    Name of peer certificate file.
3116 * @param [in]      format  Format of data:
3117 *                            WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1.
3118 * @return  1 on success.
3119 * @return  0 when ssl or file is NULL.
3120 */
3121int wolfSSL_trust_peer_cert(WOLFSSL* ssl, const char* file, int format)
3122{
3123    int ret;
3124
3125    WOLFSSL_ENTER("wolfSSL_trust_peer_cert");
3126
3127    /* Validate parameters. */
3128    if ((ssl == NULL) || (file == NULL)) {
3129        ret = 0;
3130    }
3131    else {
3132        ret = ProcessFile(NULL, file, format, TRUSTED_PEER_TYPE, ssl, 0, NULL,
3133            GET_VERIFY_SETTING_SSL(ssl));
3134    }
3135
3136    return ret;
3137}
3138#endif /* WOLFSSL_TRUST_PEER_CERT */
3139
3140
3141#ifdef WOLFSSL_DER_LOAD
3142
3143/* Load a CA certificate into SSL context.
3144 *
3145 * @param [in, out] ctx     SSL context object.
3146 * @param [in]      file    Name of peer certificate file.
3147 * @param [in]      format  Format of data:
3148 *                            WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1.
3149 * @return  1 on success.
3150 * @return  0 on failure.
3151 */
3152int wolfSSL_CTX_der_load_verify_locations(WOLFSSL_CTX* ctx, const char* file,
3153    int format)
3154{
3155    int ret;
3156
3157    WOLFSSL_ENTER("wolfSSL_CTX_der_load_verify_locations");
3158
3159    /* Validate parameters. */
3160    if ((ctx == NULL) || (file == NULL)) {
3161        ret = 0;
3162    }
3163    else {
3164#ifdef WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION
3165        /* TEST ONLY CODE: force native cert validation on */
3166        WOLFSSL_MSG("ANCV Test: loading system CA certs");
3167        wolfSSL_CTX_load_system_CA_certs(ctx);
3168#endif
3169        ret = ProcessFile(ctx, file, format, CA_TYPE, NULL, 0, NULL,
3170            GET_VERIFY_SETTING_CTX(ctx));
3171    }
3172
3173    /* Return 1 on success or 0 on failure. */
3174    return WS_RC(ret);
3175}
3176
3177#endif /* WOLFSSL_DER_LOAD */
3178
3179
3180/* Load a user certificate into SSL context.
3181 *
3182 * @param [in, out] ctx     SSL context object.
3183 * @param [in]      file    Name of user certificate file.
3184 * @param [in]      format  Format of data:
3185 *                            WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1.
3186 * @return  1 on success.
3187 * @return  0 on failure.
3188 */
3189WOLFSSL_ABI
3190int wolfSSL_CTX_use_certificate_file(WOLFSSL_CTX* ctx, const char* file,
3191    int format)
3192{
3193    int ret;
3194
3195    WOLFSSL_ENTER("wolfSSL_CTX_use_certificate_file");
3196
3197    ret = ProcessFile(ctx, file, format, CERT_TYPE, NULL, 0, NULL,
3198        GET_VERIFY_SETTING_CTX(ctx));
3199
3200    /* Return 1 on success or 0 on failure. */
3201    return WS_RC(ret);
3202}
3203
3204
3205/* Load a private key into SSL context.
3206 *
3207 * @param [in, out] ctx     SSL context object.
3208 * @param [in]      file    Name of private key file.
3209 * @param [in]      format  Format of data:
3210 *                            WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1.
3211 * @return  1 on success.
3212 * @return  0 on failure.
3213 */
3214WOLFSSL_ABI
3215int wolfSSL_CTX_use_PrivateKey_file(WOLFSSL_CTX* ctx, const char* file,
3216    int format)
3217{
3218    int ret;
3219
3220    WOLFSSL_ENTER("wolfSSL_CTX_use_PrivateKey_file");
3221
3222    ret = ProcessFile(ctx, file, format, PRIVATEKEY_TYPE, NULL, 0, NULL,
3223        GET_VERIFY_SETTING_CTX(ctx));
3224
3225    /* Return 1 on success or 0 on failure. */
3226    return WS_RC(ret);
3227}
3228
3229#ifdef WOLFSSL_DUAL_ALG_CERTS
3230/* Load an alternative private key into SSL context.
3231 *
3232 * @param [in, out] ctx     SSL context object.
3233 * @param [in]      file    Name of private key file.
3234 * @param [in]      format  Format of data:
3235 *                            WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1.
3236 * @return  1 on success.
3237 * @return  0 on failure.
3238 */
3239int wolfSSL_CTX_use_AltPrivateKey_file(WOLFSSL_CTX* ctx, const char* file,
3240    int format)
3241{
3242    int ret;
3243
3244    WOLFSSL_ENTER("wolfSSL_CTX_use_AltPrivateKey_file");
3245
3246    ret = ProcessFile(ctx, file, format, ALT_PRIVATEKEY_TYPE, NULL, 0, NULL,
3247        GET_VERIFY_SETTING_CTX(ctx));
3248
3249    /* Return 1 on success or 0 on failure. */
3250    return WS_RC(ret);
3251}
3252#endif /* WOLFSSL_DUAL_ALG_CERTS */
3253
3254
3255/* Load a PEM certificate chain into SSL context.
3256 *
3257 * @param [in, out] ctx     SSL context object.
3258 * @param [in]      file    Name of PEM certificate chain file.
3259 * @return  1 on success.
3260 * @return  0 on failure.
3261 */
3262WOLFSSL_ABI
3263int wolfSSL_CTX_use_certificate_chain_file(WOLFSSL_CTX* ctx, const char* file)
3264{
3265    int ret;
3266
3267    /* process up to MAX_CHAIN_DEPTH plus subject cert */
3268    WOLFSSL_ENTER("wolfSSL_CTX_use_certificate_chain_file");
3269
3270#ifdef WOLFSSL_PEM_TO_DER
3271    ret = ProcessFile(ctx, file, WOLFSSL_FILETYPE_PEM, CERT_TYPE, NULL, 1, NULL,
3272        GET_VERIFY_SETTING_CTX(ctx));
3273#else
3274    ret = ProcessFile(ctx, file, WOLFSSL_FILETYPE_ASN1, CERT_TYPE, NULL, 1,
3275        NULL, GET_VERIFY_SETTING_CTX(ctx));
3276#endif
3277
3278    /* Return 1 on success or 0 on failure. */
3279    return WS_RC(ret);
3280}
3281
3282/* Load certificate chain into SSL context.
3283 *
3284 * Processes up to MAX_CHAIN_DEPTH plus subject cert.
3285 *
3286 * @param [in, out] ctx     SSL context object.
3287 * @param [in]      file    Name of private key file.
3288 * @param [in]      format  Format of data:
3289 *                            WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1.
3290 * @return  1 on success.
3291 * @return  0 on failure.
3292 */
3293int wolfSSL_CTX_use_certificate_chain_file_format(WOLFSSL_CTX* ctx,
3294     const char* file, int format)
3295{
3296    int ret;
3297
3298    WOLFSSL_ENTER("wolfSSL_CTX_use_certificate_chain_file_format");
3299
3300    ret = ProcessFile(ctx, file, format, CERT_TYPE, NULL, 1, NULL,
3301        GET_VERIFY_SETTING_CTX(ctx));
3302
3303    /* Return 1 on success or 0 on failure. */
3304    return WS_RC(ret);
3305}
3306
3307#endif /* NO_FILESYSTEM */
3308
3309#ifdef WOLFSSL_SYS_CA_CERTS
3310
3311#ifdef USE_WINDOWS_API
3312
3313/* Load CA certificate from Windows store.
3314 *
3315 * Assumes loaded is 0.
3316 *
3317 * @param [in, out] ctx     SSL context object.
3318 * @param [out]     loaded  Whether CA certificates were loaded.
3319 * @return  1 on success.
3320 * @return  0 on failure.
3321 */
3322static int LoadSystemCaCertsWindows(WOLFSSL_CTX* ctx, byte* loaded)
3323{
3324    int ret = 1;
3325    word32 i;
3326    HANDLE handle = NULL;
3327    PCCERT_CONTEXT certCtx = NULL;
3328    LPCSTR storeNames[2] = {"ROOT", "CA"};
3329    HCRYPTPROV_LEGACY hProv = (HCRYPTPROV_LEGACY)NULL;
3330
3331    if ((ctx == NULL) || (loaded == NULL)) {
3332        ret = 0;
3333    }
3334
3335    for (i = 0; (ret == 1) && (i < sizeof(storeNames)/sizeof(*storeNames));
3336         ++i) {
3337        handle = CertOpenSystemStoreA(hProv, storeNames[i]);
3338        if (handle != NULL) {
3339            while ((certCtx = CertEnumCertificatesInStore(handle, certCtx))
3340                   != NULL) {
3341                if (certCtx->dwCertEncodingType == X509_ASN_ENCODING) {
3342                    if (ProcessBuffer(ctx, certCtx->pbCertEncoded,
3343                          certCtx->cbCertEncoded, WOLFSSL_FILETYPE_ASN1,
3344                          CA_TYPE, NULL, NULL, 0,
3345                          GET_VERIFY_SETTING_CTX(ctx),
3346                          storeNames[i]) == 1) {
3347                        /*
3348                         * Set "loaded" as long as we've loaded one CA
3349                         * cert.
3350                         */
3351                        *loaded = 1;
3352                    }
3353                }
3354            }
3355        }
3356        else {
3357            WOLFSSL_MSG_EX("Failed to open cert store %s.", storeNames[i]);
3358        }
3359
3360        if (handle != NULL && !CertCloseStore(handle, 0)) {
3361            WOLFSSL_MSG_EX("Failed to close cert store %s.", storeNames[i]);
3362            ret = 0;
3363        }
3364    }
3365
3366    return ret;
3367}
3368
3369#elif defined(__APPLE__)
3370
3371#if defined(HAVE_SECURITY_SECTRUSTSETTINGS_H) \
3372  && !defined(WOLFSSL_APPLE_NATIVE_CERT_VALIDATION)
3373/* Manually obtains certificates from the system trust store and loads them
3374 * directly into wolfSSL "the old way".
3375 *
3376 * As of MacOS 14.0 we are still able to use this method to access system
3377 * certificates. Accessibility of this API is indicated by the presence of the
3378 * Security/SecTrustSettings.h header. In the likely event that Apple removes
3379 * access to this API on Macs, this function should be removed and the
3380 * DoAppleNativeCertValidation() routine should be used for all devices.
3381 *
3382 * Assumes loaded is 0.
3383 *
3384 * @param [in, out] ctx     SSL context object.
3385 * @param [out]     loaded  Whether CA certificates were loaded.
3386 * @return  1 on success.
3387 * @return  0 on failure.
3388 */
3389static int LoadSystemCaCertsMac(WOLFSSL_CTX* ctx, byte* loaded)
3390{
3391    int ret = 1;
3392    word32 i;
3393    const unsigned int trustDomains[] = {
3394        kSecTrustSettingsDomainUser,
3395        kSecTrustSettingsDomainAdmin,
3396        kSecTrustSettingsDomainSystem
3397    };
3398    CFArrayRef certs;
3399    OSStatus stat;
3400    CFIndex numCerts;
3401    CFDataRef der;
3402    CFIndex j;
3403
3404    if ((ctx == NULL) || (loaded == NULL)) {
3405        ret = 0;
3406    }
3407
3408    for (i = 0; (ret == 1) && (i < sizeof(trustDomains)/sizeof(*trustDomains));
3409         ++i) {
3410        stat = SecTrustSettingsCopyCertificates(
3411            (SecTrustSettingsDomain)trustDomains[i], &certs);
3412        if (stat == errSecSuccess) {
3413            numCerts = CFArrayGetCount(certs);
3414            for (j = 0; j < numCerts; ++j) {
3415                der = SecCertificateCopyData((SecCertificateRef)
3416                          CFArrayGetValueAtIndex(certs, j));
3417                if (der != NULL) {
3418                    if (ProcessBuffer(ctx, CFDataGetBytePtr(der),
3419                          CFDataGetLength(der), WOLFSSL_FILETYPE_ASN1,
3420                          CA_TYPE, NULL, NULL, 0,
3421                          GET_VERIFY_SETTING_CTX(ctx),
3422                          "MacOSX trustDomains") == 1) {
3423                        /*
3424                         * Set "loaded" as long as we've loaded one CA
3425                         * cert.
3426                         */
3427                        *loaded = 1;
3428                    }
3429
3430                    CFRelease(der);
3431                }
3432            }
3433
3434            CFRelease(certs);
3435        }
3436        else if (stat == errSecNoTrustSettings) {
3437            WOLFSSL_MSG_EX("No trust settings for domain %d, moving to next "
3438                "domain.", trustDomains[i]);
3439        }
3440        else {
3441            WOLFSSL_MSG_EX("SecTrustSettingsCopyCertificates failed with"
3442                " status %d.", stat);
3443            ret = 0;
3444            break;
3445        }
3446    }
3447
3448    return ret;
3449}
3450#endif /* defined(HAVE_SECURITY_SECTRUSTSETTINGS_H) */
3451
3452#elif !defined(NO_FILESYSTEM)
3453
3454/* Potential system CA certs directories on Linux/Unix distros. */
3455static const char* systemCaDirs[] = {
3456#if defined(__ANDROID__) || defined(ANDROID)
3457    "/system/etc/security/cacerts"      /* Android */
3458#else
3459    "/etc/ssl/certs",                   /* Debian, Ubuntu, Gentoo, others */
3460    "/etc/pki/ca-trust/source/anchors", /* Fedora, RHEL */
3461    "/etc/pki/tls/certs"                /* Older RHEL */
3462#endif
3463};
3464
3465/* Get CA directory list.
3466 *
3467 * @param [out] num  Number of CA directories.
3468 * @return  CA directory list.
3469 * @return  NULL when num is NULL.
3470 */
3471const char** wolfSSL_get_system_CA_dirs(word32* num)
3472{
3473    const char** ret;
3474
3475    /* Validate parameters. */
3476    if (num == NULL) {
3477        ret = NULL;
3478    }
3479    else {
3480        ret = systemCaDirs;
3481        *num = sizeof(systemCaDirs)/sizeof(*systemCaDirs);
3482    }
3483
3484    return ret;
3485}
3486
3487/* Load CA certificate from default system directories.
3488 *
3489 * Assumes loaded is 0.
3490 *
3491 * @param [in, out] ctx     SSL context object.
3492 * @param [out]     loaded  Whether CA certificates were loaded.
3493 * @return  1 on success.
3494 * @return  0 on failure.
3495 */
3496static int LoadSystemCaCertsNix(WOLFSSL_CTX* ctx, byte* loaded) {
3497    int ret = 1;
3498    word32 i;
3499
3500    if ((ctx == NULL) || (loaded == NULL)) {
3501        ret = 0;
3502    }
3503
3504    for (i = 0; (ret == 1) && (i < sizeof(systemCaDirs)/sizeof(*systemCaDirs));
3505         ++i) {
3506        WOLFSSL_MSG_EX("Attempting to load system CA certs from %s.",
3507            systemCaDirs[i]);
3508        /*
3509         * We want to keep trying to load more CA certs even if one cert in
3510         * the directory is bad and can't be used (e.g. if one is expired),
3511         * so we use WOLFSSL_LOAD_FLAG_IGNORE_ERR.
3512         */
3513        if (wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, systemCaDirs[i],
3514                WOLFSSL_LOAD_FLAG_IGNORE_ERR) != 1) {
3515            WOLFSSL_MSG_EX("Failed to load CA certs from %s, trying "
3516                "next possible location.", systemCaDirs[i]);
3517        }
3518        else {
3519            WOLFSSL_MSG_EX("Loaded CA certs from %s.",
3520                systemCaDirs[i]);
3521            *loaded = 1;
3522            /* Stop searching after we've loaded one directory. */
3523            break;
3524        }
3525    }
3526
3527    return ret;
3528}
3529
3530#endif
3531
3532/* Load CA certificates from system defined locations.
3533 *
3534 * @param [in, out] ctx  SSL context object.
3535 * @return  1 on success.
3536 * @return  0 on failure.
3537 * @return  WOLFSSL_BAD_PATH when no error but no certificates loaded.
3538 */
3539int wolfSSL_CTX_load_system_CA_certs(WOLFSSL_CTX* ctx)
3540{
3541    int ret;
3542    byte loaded = 0;
3543
3544    WOLFSSL_ENTER("wolfSSL_CTX_load_system_CA_certs");
3545
3546#ifdef USE_WINDOWS_API
3547
3548    ret = LoadSystemCaCertsWindows(ctx, &loaded);
3549
3550#elif defined(__APPLE__)
3551
3552#if defined(HAVE_SECURITY_SECTRUSTSETTINGS_H) \
3553  && !defined(WOLFSSL_APPLE_NATIVE_CERT_VALIDATION)
3554    /* As of MacOS 14.0 we are still able to access system certificates and
3555     * load them manually into wolfSSL "the old way". Accessibility of this API
3556     * is indicated by the presence of the Security/SecTrustSettings.h header */
3557    ret = LoadSystemCaCertsMac(ctx, &loaded);
3558#elif defined(WOLFSSL_APPLE_NATIVE_CERT_VALIDATION)
3559    /* For other Apple devices, Apple has removed the ability to obtain
3560     * certificates from the trust store, so we can't use wolfSSL's built-in
3561     * certificate validation mechanisms anymore. We instead must call into the
3562     * Security Framework APIs to authenticate peer certificates when received.
3563     * (see src/internal.c:DoAppleNativeCertValidation()).
3564     * Thus, there is no CA "loading" required, but to keep behavior consistent
3565     * with the current API (not using system CA certs unless this function has
3566     * been called), we simply set a flag indicating that the new apple trust
3567     * verification routine should be used later */
3568    ctx->doAppleNativeCertValidationFlag = 1;
3569    ret = 1;
3570    loaded = 1;
3571
3572#if FIPS_VERSION_GE(2,0) /* Gate back to cert 3389 FIPS modules */
3573#warning "Cryptographic operations may occur outside the FIPS module boundary" \
3574         "Please review FIPS claims for cryptography on this Apple device"
3575#endif /* FIPS_VERSION_GE(2,0) */
3576
3577#else
3578/* HAVE_SECURITY_SECXXX_H macros are set by autotools or CMake when searching
3579 * system for the required SDK headers. If building with user_settings.h, you
3580 * will need to manually define WOLFSSL_APPLE_NATIVE_CERT_VALIDATION
3581 * and ensure the appropriate Security.framework headers and libraries are
3582 * visible to your compiler */
3583#error "WOLFSSL_SYS_CA_CERTS on Apple devices requires Security.framework" \
3584       " header files to be detected, or a manual override with" \
3585       " WOLFSSL_APPLE_NATIVE_CERT_VALIDATION"
3586#endif
3587
3588#else
3589
3590    ret = LoadSystemCaCertsNix(ctx, &loaded);
3591
3592#endif
3593
3594    /* If we didn't fail but didn't load then we error out. */
3595    if ((ret == 1) && (!loaded)) {
3596        ret = WOLFSSL_BAD_PATH;
3597    }
3598
3599    WOLFSSL_LEAVE("wolfSSL_CTX_load_system_CA_certs", ret);
3600
3601    return ret;
3602}
3603
3604#endif /* WOLFSSL_SYS_CA_CERTS */
3605
3606#ifdef OPENSSL_EXTRA
3607
3608/* Load a private key into SSL.
3609 *
3610 * @param [in, out] ssl   SSL object.
3611 * @param [in]      pkey  EVP private key.
3612 * @return  1 on success.
3613 * @return  0 on failure.
3614 */
3615int wolfSSL_use_PrivateKey(WOLFSSL* ssl, WOLFSSL_EVP_PKEY* pkey)
3616{
3617    int ret;
3618
3619    WOLFSSL_ENTER("wolfSSL_use_PrivateKey");
3620
3621    /* Validate parameters. */
3622    if ((ssl == NULL) || (pkey == NULL)) {
3623        ret = 0;
3624    }
3625    else {
3626        /* Get DER encoded key data from EVP private key. */
3627        ret = wolfSSL_use_PrivateKey_buffer(ssl, (unsigned char*)pkey->pkey.ptr,
3628            pkey->pkey_sz, WOLFSSL_FILETYPE_ASN1);
3629    }
3630
3631    return ret;
3632}
3633
3634/* Load a DER encoded private key in a buffer into SSL.
3635 *
3636 * @param [in]      pri    Indicates type of private key. Ignored.
3637 * @param [in, out] ssl    SSL object.
3638 * @param [in]      der    Buffer holding DER encoded private key.
3639 * @param [in]      derSz  Size of data in bytes.
3640 * @return  1 on success.
3641 * @return  0 on failure.
3642 */
3643int wolfSSL_use_PrivateKey_ASN1(int pri, WOLFSSL* ssl, const unsigned char* der,
3644    long derSz)
3645{
3646    int ret;
3647
3648    WOLFSSL_ENTER("wolfSSL_use_PrivateKey_ASN1");
3649
3650    (void)pri;
3651
3652    /* Validate parameters. */
3653    if ((ssl == NULL) || (der == NULL)) {
3654        ret = 0;
3655    }
3656    else {
3657        ret = wolfSSL_use_PrivateKey_buffer(ssl, der, derSz,
3658            WOLFSSL_FILETYPE_ASN1);
3659    }
3660
3661    return ret;
3662}
3663
3664/* Load a DER encoded private key in a buffer into SSL context.
3665 *
3666 * @param [in]      pri    Indicates type of private key. Ignored.
3667 * @param [in, out] ctx    SSL context object.
3668 * @param [in]      der    Buffer holding DER encoded private key.
3669 * @param [in]      derSz  Size of data in bytes.
3670 * @return  1 on success.
3671 * @return  0 on failure.
3672 */
3673int wolfSSL_CTX_use_PrivateKey_ASN1(int pri, WOLFSSL_CTX* ctx,
3674    unsigned char* der, long derSz)
3675{
3676    int ret;
3677
3678    WOLFSSL_ENTER("wolfSSL_CTX_use_PrivateKey_ASN1");
3679
3680    (void)pri;
3681
3682    /* Validate parameters. */
3683    if ((ctx == NULL) || (der == NULL)) {
3684        ret = 0;
3685    }
3686    else {
3687        ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx, der, derSz,
3688            WOLFSSL_FILETYPE_ASN1);
3689    }
3690
3691    return ret;
3692}
3693
3694
3695#ifndef NO_RSA
3696/* Load a DER encoded RSA private key in a buffer into SSL.
3697 *
3698 * @param [in, out] ssl    SSL object.
3699 * @param [in]      der    Buffer holding DER encoded RSA private key.
3700 * @param [in]      derSz  Size of data in bytes.
3701 * @return  1 on success.
3702 * @return  0 on failure.
3703 */
3704int wolfSSL_use_RSAPrivateKey_ASN1(WOLFSSL* ssl, unsigned char* der, long derSz)
3705{
3706    int ret;
3707
3708    WOLFSSL_ENTER("wolfSSL_use_RSAPrivateKey_ASN1");
3709
3710    /* Validate parameters. */
3711    if ((ssl == NULL) || (der == NULL)) {
3712        ret = 0;
3713    }
3714    else {
3715        ret = wolfSSL_use_PrivateKey_buffer(ssl, der, derSz,
3716            WOLFSSL_FILETYPE_ASN1);
3717    }
3718
3719    return ret;
3720}
3721#endif
3722
3723/* Load a certificate into SSL.
3724 *
3725 * @param [in, out] ssl   SSL object.
3726 * @param [in]      x509  X509 certificate object.
3727 * @return  1 on success.
3728 * @return  0 on failure.
3729 */
3730int wolfSSL_use_certificate(WOLFSSL* ssl, WOLFSSL_X509* x509)
3731{
3732    int ret;
3733
3734    WOLFSSL_ENTER("wolfSSL_use_certificate");
3735
3736    /* Validate parameters. */
3737    if ((ssl == NULL) || (x509 == NULL) || (x509->derCert == NULL)) {
3738        ret = 0;
3739    }
3740    else {
3741        long idx = 0;
3742
3743        /* Get DER encoded certificate data from X509 object. */
3744        ret = ProcessBuffer(NULL, x509->derCert->buffer, x509->derCert->length,
3745            WOLFSSL_FILETYPE_ASN1, CERT_TYPE, ssl, &idx, 0,
3746            GET_VERIFY_SETTING_SSL(ssl),
3747            "x509 buffer");
3748    }
3749
3750    /* Return 1 on success or 0 on failure. */
3751    return WS_RC(ret);
3752}
3753
3754#endif /* OPENSSL_EXTRA */
3755
3756/* Load a DER encoded certificate in a buffer into SSL.
3757 *
3758 * @param [in, out] ssl    SSL object.
3759 * @param [in]      der    Buffer holding DER encoded certificate.
3760 * @param [in]      derSz  Size of data in bytes.
3761 * @return  1 on success.
3762 * @return  0 on failure.
3763 */
3764int wolfSSL_use_certificate_ASN1(WOLFSSL* ssl, const unsigned char* der,
3765    int derSz)
3766{
3767    int ret;
3768
3769    WOLFSSL_ENTER("wolfSSL_use_certificate_ASN1");
3770
3771    /* Validate parameters. */
3772    if ((ssl == NULL) || (der == NULL)) {
3773        ret = 0;
3774    }
3775    else {
3776        long idx = 0;
3777
3778        ret = ProcessBuffer(NULL, der, derSz, WOLFSSL_FILETYPE_ASN1, CERT_TYPE,
3779            ssl, &idx, 0, GET_VERIFY_SETTING_SSL(ssl),
3780            "asn1 buffer");
3781    }
3782
3783    /* Return 1 on success or 0 on failure. */
3784    return WS_RC(ret);
3785}
3786
3787#ifndef NO_FILESYSTEM
3788
3789/* Load a certificate from a file into SSL.
3790 *
3791 * @param [in, out] ssl     SSL object.
3792 * @param [in]      file    Name of file.
3793 * @param [in]      format  Format of data:
3794 *                            WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1.
3795 * @return  1 on success.
3796 * @return  0 on failure.
3797 * @return  BAD_FUNC_ARG when ssl is NULL.
3798 */
3799WOLFSSL_ABI
3800int wolfSSL_use_certificate_file(WOLFSSL* ssl, const char* file, int format)
3801{
3802    int ret;
3803
3804    WOLFSSL_ENTER("wolfSSL_use_certificate_file");
3805
3806    /* Validate parameters. */
3807    if (ssl == NULL) {
3808        ret = BAD_FUNC_ARG;
3809    }
3810    else {
3811        ret = ProcessFile(ssl->ctx, file, format, CERT_TYPE, ssl, 0, NULL,
3812            GET_VERIFY_SETTING_SSL(ssl));
3813        /* Return 1 on success or 0 on failure. */
3814        ret = WS_RC(ret);
3815    }
3816
3817    return ret;
3818}
3819
3820
3821/* Load a private key from a file into SSL.
3822 *
3823 * @param [in, out] ssl     SSL object.
3824 * @param [in]      file    Name of file.
3825 * @param [in]      format  Format of data:
3826 *                            WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1.
3827 * @return  1 on success.
3828 * @return  0 on failure.
3829 * @return  BAD_FUNC_ARG when ssl is NULL.
3830 */
3831WOLFSSL_ABI
3832int wolfSSL_use_PrivateKey_file(WOLFSSL* ssl, const char* file, int format)
3833{
3834    int ret;
3835
3836    WOLFSSL_ENTER("wolfSSL_use_PrivateKey_file");
3837
3838    /* Validate parameters. */
3839    if (ssl == NULL) {
3840        ret = BAD_FUNC_ARG;
3841    }
3842    else {
3843        ret = ProcessFile(ssl->ctx, file, format, PRIVATEKEY_TYPE, ssl, 0, NULL,
3844            GET_VERIFY_SETTING_SSL(ssl));
3845        /* Return 1 on success or 0 on failure. */
3846        ret = WS_RC(ret);
3847    }
3848
3849    return ret;
3850}
3851
3852
3853/* Load a PEM encoded certificate chain from a file into SSL.
3854 *
3855 * Process up to MAX_CHAIN_DEPTH plus subject cert.
3856 *
3857 * @param [in, out] ssl     SSL object.
3858 * @param [in]      file    Name of file.
3859 * @return  1 on success.
3860 * @return  0 on failure.
3861 * @return  BAD_FUNC_ARG when ssl is NULL.
3862 */
3863WOLFSSL_ABI
3864int wolfSSL_use_certificate_chain_file(WOLFSSL* ssl, const char* file)
3865{
3866    int ret;
3867
3868    WOLFSSL_ENTER("wolfSSL_use_certificate_chain_file");
3869
3870    /* Validate parameters. */
3871    if (ssl == NULL) {
3872        ret = BAD_FUNC_ARG;
3873    }
3874    else {
3875#ifdef WOLFSSL_PEM_TO_DER
3876        ret = ProcessFile(ssl->ctx, file, WOLFSSL_FILETYPE_PEM, CERT_TYPE, ssl,
3877            1, NULL, GET_VERIFY_SETTING_SSL(ssl));
3878#else
3879        ret = ProcessFile(ssl->ctx, file, WOLFSSL_FILETYPE_ASN1, CERT_TYPE, ssl,
3880            1, NULL, GET_VERIFY_SETTING_SSL(ssl));
3881#endif
3882        /* Return 1 on success or 0 on failure. */
3883        ret = WS_RC(ret);
3884    }
3885
3886   return ret;
3887}
3888
3889/* Load a certificate chain from a file into SSL.
3890 *
3891 * @param [in, out] ssl     SSL object.
3892 * @param [in]      file    Name of file.
3893 * @param [in]      format  Format of data:
3894 *                            WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1.
3895 * @return  1 on success.
3896 * @return  0 on failure.
3897 * @return  BAD_FUNC_ARG when ssl is NULL.
3898 */
3899int wolfSSL_use_certificate_chain_file_format(WOLFSSL* ssl, const char* file,
3900    int format)
3901{
3902    int ret;
3903
3904    /* process up to MAX_CHAIN_DEPTH plus subject cert */
3905    WOLFSSL_ENTER("wolfSSL_use_certificate_chain_file_format");
3906
3907    /* Validate parameters. */
3908    if (ssl == NULL) {
3909        ret = BAD_FUNC_ARG;
3910    }
3911    else {
3912        ret = ProcessFile(ssl->ctx, file, format, CERT_TYPE, ssl, 1, NULL,
3913            GET_VERIFY_SETTING_SSL(ssl));
3914        /* Return 1 on success or 0 on failure. */
3915        ret = WS_RC(ret);
3916    }
3917
3918    return ret;
3919}
3920
3921#endif /* !NO_FILESYSTEM */
3922
3923#ifdef OPENSSL_EXTRA
3924
3925#ifndef NO_FILESYSTEM
3926/* Load an RSA private key from a file into SSL context.
3927 *
3928 * @param [in, out] ctx     SSL context object.
3929 * @param [in]      file    Name of file.
3930 * @param [in]      format  Format of data:
3931 *                            WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1.
3932 * @return  1 on success.
3933 * @return  0 on failure.
3934 */
3935int wolfSSL_CTX_use_RSAPrivateKey_file(WOLFSSL_CTX* ctx,const char* file,
3936    int format)
3937{
3938    WOLFSSL_ENTER("wolfSSL_CTX_use_RSAPrivateKey_file");
3939
3940    return wolfSSL_CTX_use_PrivateKey_file(ctx, file, format);
3941}
3942
3943/* Load an RSA private key from a file into SSL.
3944 *
3945 * @param [in, out] ssl     SSL object.
3946 * @param [in]      file    Name of file.
3947 * @param [in]      format  Format of data:
3948 *                            WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1.
3949 * @return  1 on success.
3950 * @return  0 on failure.
3951 * @return  BAD_FUNC_ARG when ssl is NULL.
3952 */
3953int wolfSSL_use_RSAPrivateKey_file(WOLFSSL* ssl, const char* file, int format)
3954{
3955    WOLFSSL_ENTER("wolfSSL_use_RSAPrivateKey_file");
3956
3957    return wolfSSL_use_PrivateKey_file(ssl, file, format);
3958}
3959#endif /* NO_FILESYSTEM */
3960
3961#endif /* OPENSSL_EXTRA */
3962
3963/* Load a buffer of certificate/s into SSL context.
3964 *
3965 * @param [in, out] ctx        SSL context object.
3966 * @param [in]      in         Buffer holding certificate or private key.
3967 * @param [in]      sz         Length of data in buffer in bytes.
3968 * @param [in]      format     Format of data:
3969 *                               WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1.
3970 * @param [in]      userChain  Whether file contains chain of certificates.
3971 * @param [in]      flags      Flags representing options for loading.
3972 * @return  1 on success.
3973 * @return  0 on failure.
3974 * @return  Negative on error.
3975 */
3976int wolfSSL_CTX_load_verify_buffer_ex(WOLFSSL_CTX* ctx, const unsigned char* in,
3977    long sz, int format, int userChain, word32 flags)
3978{
3979    int ret;
3980    int verify;
3981
3982    WOLFSSL_ENTER("wolfSSL_CTX_load_verify_buffer_ex");
3983
3984#ifdef WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION
3985    /* TEST ONLY CODE: force native cert validation on */
3986    if (ctx != NULL) {
3987        WOLFSSL_MSG("ANCV Test: loading system CA certs");
3988        wolfSSL_CTX_load_system_CA_certs(ctx);
3989    }
3990#endif
3991
3992    /* Get setting on how to verify certificates. */
3993    verify = GET_VERIFY_SETTING_CTX(ctx);
3994    /* Overwrite setting when flag set. */
3995    if (flags & WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY) {
3996        verify = VERIFY_SKIP_DATE;
3997    }
3998
3999    /* When PEM, treat as certificate chain of CA certificates. */
4000    if (format == WOLFSSL_FILETYPE_PEM) {
4001        ret = ProcessChainBuffer(ctx, NULL, in, sz, CA_TYPE, verify,
4002                                 "PEM buffer");
4003    }
4004    /* When DER, load the CA certificate. */
4005    else {
4006        ret = ProcessBuffer(ctx, in, sz, format, CA_TYPE, NULL, NULL,
4007            userChain, verify, "buffer");
4008    }
4009#if defined(WOLFSSL_TRUST_PEER_CERT) && defined(OPENSSL_COMPATIBLE_DEFAULTS)
4010    if (ret == 1) {
4011        /* Load certificate/s as trusted peer certificate. */
4012        ret = wolfSSL_CTX_trust_peer_buffer(ctx, in, sz, format);
4013    }
4014#endif
4015
4016    WOLFSSL_LEAVE("wolfSSL_CTX_load_verify_buffer_ex", ret);
4017    return ret;
4018}
4019
4020/* Load a buffer of certificate/s into SSL context.
4021 *
4022 * @param [in, out] ctx     SSL context object.
4023 * @param [in]      in      Buffer holding certificate or private key.
4024 * @param [in]      sz      Length of data in buffer in bytes.
4025 * @param [in]      format  Format of data:
4026 *                            WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1.
4027 * @return  1 on success.
4028 * @return  0 on failure.
4029 * @return  Negative on error.
4030 */
4031int wolfSSL_CTX_load_verify_buffer(WOLFSSL_CTX* ctx, const unsigned char* in,
4032    long sz, int format)
4033{
4034    return wolfSSL_CTX_load_verify_buffer_ex(ctx, in, sz, format, 0,
4035        WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS);
4036}
4037
4038/* Load a buffer of certificate chain into SSL context.
4039 *
4040 * @param [in, out] ctx     SSL context object.
4041 * @param [in]      in      Buffer holding certificate chain.
4042 * @param [in]      sz      Length of data in buffer in bytes.
4043 * @param [in]      format  Format of data:
4044 *                            WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1.
4045 * @return  1 on success.
4046 * @return  0 on failure.
4047 * @return  Negative on error.
4048 */
4049int wolfSSL_CTX_load_verify_chain_buffer_format(WOLFSSL_CTX* ctx,
4050    const unsigned char* in, long sz, int format)
4051{
4052    return wolfSSL_CTX_load_verify_buffer_ex(ctx, in, sz, format, 1,
4053        WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS);
4054}
4055
4056
4057#ifdef WOLFSSL_TRUST_PEER_CERT
4058/* Load a buffer of certificate/s into SSL context.
4059 *
4060 * @param [in, out] ctx     SSL context object.
4061 * @param [in]      in      Buffer holding certificate/s.
4062 * @param [in]      sz      Length of data in buffer in bytes.
4063 * @param [in]      format  Format of data:
4064 *                            WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1.
4065 * @return  1 on success.
4066 * @return  0 on failure.
4067 * @return  BAD_FUNC_ARG when ctx or in is NULL, or sz is less than zero.
4068 */
4069int wolfSSL_CTX_trust_peer_buffer(WOLFSSL_CTX* ctx, const unsigned char* in,
4070    long sz, int format)
4071{
4072    int ret;
4073    int verify;
4074
4075    WOLFSSL_ENTER("wolfSSL_CTX_trust_peer_buffer");
4076
4077    /* Validate parameters. */
4078    if ((ctx == NULL) || (in == NULL) || (sz < 0)) {
4079        ret = BAD_FUNC_ARG;
4080    }
4081    else {
4082    #if WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS & WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY
4083        verify = VERIFY_SKIP_DATE;
4084    #else
4085        verify = GET_VERIFY_SETTING_CTX(ctx);
4086    #endif
4087
4088        /* When PEM, treat as certificate chain of trusted peer certificates. */
4089        if (format == WOLFSSL_FILETYPE_PEM) {
4090            ret = ProcessChainBuffer(ctx, NULL, in, sz, TRUSTED_PEER_TYPE,
4091                verify, "peer");
4092        }
4093        /* When DER, load the trusted peer certificate. */
4094        else {
4095            ret = ProcessBuffer(ctx, in, sz, format, TRUSTED_PEER_TYPE, NULL,
4096                NULL, 0, verify, "peer");
4097        }
4098    }
4099
4100    return ret;
4101}
4102#endif /* WOLFSSL_TRUST_PEER_CERT */
4103
4104/* Load a certificate in a buffer into SSL context.
4105 *
4106 * @param [in, out] ctx     SSL context object.
4107 * @param [in]      in      Buffer holding certificate.
4108 * @param [in]      sz      Size of data in bytes.
4109 * @param [in]      format  Format of data:
4110 *                            WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1.
4111 * @return  1 on success.
4112 * @return  0 on failure.
4113 * @return  Negative on error.
4114 */
4115int wolfSSL_CTX_use_certificate_buffer(WOLFSSL_CTX* ctx,
4116    const unsigned char* in, long sz, int format)
4117{
4118    int ret;
4119
4120    WOLFSSL_ENTER("wolfSSL_CTX_use_certificate_buffer");
4121    ret = ProcessBuffer(ctx, in, sz, format, CERT_TYPE, NULL, NULL, 0,
4122        GET_VERIFY_SETTING_CTX(ctx), "buffer");
4123    WOLFSSL_LEAVE("wolfSSL_CTX_use_certificate_buffer", ret);
4124
4125    return ret;
4126}
4127
4128/* Load a private key in a buffer into SSL context.
4129 *
4130 * @param [in, out] ctx     SSL context object.
4131 * @param [in]      in      Buffer holding private key.
4132 * @param [in]      sz      Size of data in bytes.
4133 * @param [in]      format  Format of data:
4134 *                            WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1.
4135 * @return  1 on success.
4136 * @return  0 on failure.
4137 * @return  Negative on error.
4138 */
4139int wolfSSL_CTX_use_PrivateKey_buffer(WOLFSSL_CTX* ctx, const unsigned char* in,
4140    long sz, int format)
4141{
4142    int ret;
4143    long consumed = 0;
4144
4145    WOLFSSL_ENTER("wolfSSL_CTX_use_PrivateKey_buffer");
4146
4147    ret = ProcessBuffer(ctx, in, sz, format, PRIVATEKEY_TYPE, NULL, &consumed,
4148        0, GET_VERIFY_SETTING_CTX(ctx), "key buffer");
4149#ifdef WOLFSSL_DUAL_ALG_CERTS
4150    if ((ret == 1) && (consumed < sz)) {
4151        /* When support for dual algorithm certificates is enabled, the
4152         * buffer may contain both the primary and the alternative
4153         * private key. Hence, we have to parse both of them.
4154         */
4155        ret = ProcessBuffer(ctx, in + consumed, sz - consumed, format,
4156            ALT_PRIVATEKEY_TYPE, NULL, NULL, 0, GET_VERIFY_SETTING_CTX(ctx),
4157            "key buffer");
4158    }
4159#endif
4160
4161    (void)consumed;
4162
4163    WOLFSSL_LEAVE("wolfSSL_CTX_use_PrivateKey_buffer", ret);
4164    return ret;
4165}
4166
4167#ifdef WOLFSSL_DUAL_ALG_CERTS
4168int wolfSSL_CTX_use_AltPrivateKey_buffer(WOLFSSL_CTX* ctx,
4169    const unsigned char* in, long sz, int format)
4170{
4171    int ret;
4172
4173    WOLFSSL_ENTER("wolfSSL_CTX_use_AltPrivateKey_buffer");
4174    ret = ProcessBuffer(ctx, in, sz, format, ALT_PRIVATEKEY_TYPE, NULL,
4175        NULL, 0, GET_VERIFY_SETTING_CTX(ctx), "alt key buffer");
4176    WOLFSSL_LEAVE("wolfSSL_CTX_use_AltPrivateKey_buffer", ret);
4177
4178    return ret;
4179}
4180#endif /* WOLFSSL_DUAL_ALG_CERTS */
4181
4182#ifdef WOLF_PRIVATE_KEY_ID
4183/* Load the id of a private key into SSL context.
4184 *
4185 * @param [in, out] ctx    SSL context object.
4186 * @param [in]      id     Buffer holding id.
4187 * @param [in]      sz     Size of data in bytes.
4188 * @param [in]      devId  Device identifier.
4189 * @return  1 on success.
4190 * @return  0 on failure.
4191 */
4192int wolfSSL_CTX_use_PrivateKey_Id(WOLFSSL_CTX* ctx, const unsigned char* id,
4193    long sz, int devId)
4194{
4195    int ret = 1;
4196
4197    WOLFSSL_ENTER("wolfSSL_CTX_use_PrivateKey_Id");
4198
4199    if (ctx == NULL || id == NULL || sz < 0) {
4200        return 0;
4201    }
4202
4203    /* Dispose of old private key and allocate and copy in id. */
4204    FreeDer(&ctx->privateKey);
4205    if (AllocCopyDer(&ctx->privateKey, id, (word32)sz, PRIVATEKEY_TYPE,
4206            ctx->heap) != 0) {
4207        ret = 0;
4208    }
4209    if (ret == 1) {
4210        /* Private key is an id. */
4211        ctx->privateKeyId = 1;
4212        ctx->privateKeyLabel = 0;
4213        /* Set private key device id to be one passed in or for SSL context. */
4214        if (devId != INVALID_DEVID) {
4215            ctx->privateKeyDevId = devId;
4216        }
4217        else {
4218            ctx->privateKeyDevId = ctx->devId;
4219        }
4220
4221    #ifdef WOLFSSL_DUAL_ALG_CERTS
4222        /* Set the ID for the alternative key, too. User can still override that
4223         * afterwards. */
4224        ret = wolfSSL_CTX_use_AltPrivateKey_Id(ctx, id, sz, devId);
4225    #endif
4226    }
4227
4228    WOLFSSL_LEAVE("wolfSSL_CTX_use_PrivateKey_Id", ret);
4229    return ret;
4230}
4231
4232/* Load the id of a private key into SSL context and set key size.
4233 *
4234 * @param [in, out] ctx    SSL context object.
4235 * @param [in]      id     Buffer holding id.
4236 * @param [in]      sz     Size of data in bytes.
4237 * @param [in]      devId  Device identifier.
4238 * @param [in]      keySz  Size of key.
4239 * @return  1 on success.
4240 * @return  0 on failure.
4241 */
4242int wolfSSL_CTX_use_PrivateKey_Id_ex(WOLFSSL_CTX* ctx, const unsigned char* id,
4243    long sz, int devId, long keySz)
4244{
4245    int ret;
4246
4247    WOLFSSL_ENTER("wolfSSL_CTX_use_PrivateKey_Id_ex");
4248
4249    ret = wolfSSL_CTX_use_PrivateKey_Id(ctx, id, sz, devId);
4250    if (ret == 1) {
4251        /* Set the key size which normally is calculated during decoding. */
4252        ctx->privateKeySz = (int)keySz;
4253    }
4254
4255    WOLFSSL_LEAVE("wolfSSL_CTX_use_PrivateKey_Id_ex", ret);
4256    return ret;
4257}
4258
4259/* Load the label name of a private key into SSL context.
4260 *
4261 * @param [in, out] ctx    SSL context object.
4262 * @param [in]      label  Buffer holding label.
4263 * @param [in]      devId  Device identifier.
4264 * @return  1 on success.
4265 * @return  0 on failure.
4266 */
4267int wolfSSL_CTX_use_PrivateKey_Label(WOLFSSL_CTX* ctx, const char* label,
4268    int devId)
4269{
4270    int ret = 1;
4271    word32 sz;
4272
4273    WOLFSSL_ENTER("wolfSSL_CTX_use_PrivateKey_Label");
4274
4275    if (ctx == NULL || label == NULL) {
4276        return 0;
4277    }
4278
4279    sz = (word32)XSTRLEN(label) + 1;
4280
4281    /* Dispose of old private key and allocate and copy in label. */
4282    FreeDer(&ctx->privateKey);
4283    if (AllocCopyDer(&ctx->privateKey, (const byte*)label, (word32)sz,
4284            PRIVATEKEY_TYPE, ctx->heap) != 0) {
4285        ret = 0;
4286    }
4287    if (ret == 1) {
4288        /* Private key is a label. */
4289        ctx->privateKeyId = 0;
4290        ctx->privateKeyLabel = 1;
4291        /* Set private key device id to be one passed in or for SSL context. */
4292        if (devId != INVALID_DEVID) {
4293            ctx->privateKeyDevId = devId;
4294        }
4295        else {
4296            ctx->privateKeyDevId = ctx->devId;
4297        }
4298
4299    #ifdef WOLFSSL_DUAL_ALG_CERTS
4300        /* Set the ID for the alternative key, too. User can still override that
4301         * afterwards. */
4302        ret = wolfSSL_CTX_use_AltPrivateKey_Label(ctx, label, devId);
4303    #endif
4304    }
4305
4306    WOLFSSL_LEAVE("wolfSSL_CTX_use_PrivateKey_Label", ret);
4307    return ret;
4308}
4309
4310#ifdef WOLFSSL_DUAL_ALG_CERTS
4311int wolfSSL_CTX_use_AltPrivateKey_Id(WOLFSSL_CTX* ctx, const unsigned char* id,
4312    long sz, int devId)
4313{
4314    int ret = 1;
4315
4316    WOLFSSL_ENTER("wolfSSL_CTX_use_AltPrivateKey_Id");
4317
4318    if ((ctx == NULL) || (id == NULL) || (sz < 0)) {
4319        ret = 0;
4320    }
4321
4322    if (ret == 1) {
4323        FreeDer(&ctx->altPrivateKey);
4324        if (AllocDer(&ctx->altPrivateKey, (word32)sz, ALT_PRIVATEKEY_TYPE,
4325                ctx->heap) != 0) {
4326            ret = 0;
4327        }
4328    }
4329    if (ret == 1) {
4330        XMEMCPY(ctx->altPrivateKey->buffer, id, (word32)sz);
4331        ctx->altPrivateKeyId = 1;
4332        if (devId != INVALID_DEVID) {
4333            ctx->altPrivateKeyDevId = devId;
4334        }
4335        else {
4336            ctx->altPrivateKeyDevId = ctx->devId;
4337        }
4338    }
4339
4340    WOLFSSL_LEAVE("wolfSSL_CTX_use_AltPrivateKey_Id", ret);
4341    return ret;
4342}
4343
4344int wolfSSL_CTX_use_AltPrivateKey_Id_ex(WOLFSSL_CTX* ctx,
4345    const unsigned char* id, long sz, int devId, long keySz)
4346{
4347    int ret;
4348
4349    WOLFSSL_ENTER("wolfSSL_CTX_use_AltPrivateKey_Id_ex");
4350
4351    ret = wolfSSL_CTX_use_AltPrivateKey_Id(ctx, id, sz, devId);
4352    if (ret == 1) {
4353        ctx->altPrivateKeySz = (word32)keySz;
4354    }
4355
4356    WOLFSSL_LEAVE("wolfSSL_CTX_use_AltPrivateKey_Id_ex", ret);
4357    return ret;
4358}
4359
4360int wolfSSL_CTX_use_AltPrivateKey_Label(WOLFSSL_CTX* ctx, const char* label,
4361    int devId)
4362{
4363    int ret = 1;
4364    word32 sz;
4365
4366    WOLFSSL_ENTER("wolfSSL_CTX_use_AltPrivateKey_Label");
4367
4368    if ((ctx == NULL) || (label == NULL)) {
4369        ret = 0;
4370    }
4371
4372    if (ret == 1) {
4373        sz = (word32)XSTRLEN(label) + 1;
4374        FreeDer(&ctx->altPrivateKey);
4375        if (AllocDer(&ctx->altPrivateKey, (word32)sz, ALT_PRIVATEKEY_TYPE,
4376                ctx->heap) != 0) {
4377            ret = 0;
4378        }
4379    }
4380    if (ret == 1) {
4381        XMEMCPY(ctx->altPrivateKey->buffer, label, sz);
4382        ctx->altPrivateKeyLabel = 1;
4383        if (devId != INVALID_DEVID) {
4384            ctx->altPrivateKeyDevId = devId;
4385        }
4386        else {
4387            ctx->altPrivateKeyDevId = ctx->devId;
4388        }
4389    }
4390
4391    WOLFSSL_LEAVE("wolfSSL_CTX_use_AltPrivateKey_Label", ret);
4392    return ret;
4393}
4394#endif /* WOLFSSL_DUAL_ALG_CERTS */
4395#endif /* WOLF_PRIVATE_KEY_ID */
4396
4397#if defined(WOLF_CRYPTO_CB) && !defined(NO_CERTS)
4398
4399static int wolfSSL_CTX_use_certificate_ex(WOLFSSL_CTX* ctx,
4400    const char *label, const unsigned char *id, int idLen, int devId)
4401{
4402    int ret;
4403    byte *certData = NULL;
4404    word32 certDataLen = 0;
4405    word32 labelLen = 0;
4406    int certFormat = 0;
4407
4408    WOLFSSL_ENTER("wolfSSL_CTX_use_certificate_ex");
4409
4410    if (label != NULL) {
4411        labelLen = (word32)XSTRLEN(label);
4412    }
4413
4414    ret = wc_CryptoCb_GetCert(devId, label, labelLen, id, idLen,
4415        &certData, &certDataLen, &certFormat, ctx->heap);
4416    if (ret != 0) {
4417        ret = WOLFSSL_FAILURE;
4418        goto exit;
4419    }
4420
4421    ret = ProcessBuffer(ctx, certData, certDataLen, certFormat,
4422        CERT_TYPE, NULL, NULL, 0, GET_VERIFY_SETTING_CTX(ctx),
4423        label ? label : "cert buffer");
4424
4425exit:
4426    XFREE(certData, ctx->heap, DYNAMIC_TYPE_CERT);
4427    return ret;
4428}
4429
4430/* Load the label name of a certificate into the SSL context.
4431 *
4432 * @param [in, out] ctx    SSL context object.
4433 * @param [in]      label  Buffer holding label.
4434 * @param [in]      devId  Device identifier.
4435 * @return  1 on success.
4436 * @return  0 on failure.
4437 */
4438int wolfSSL_CTX_use_certificate_label(WOLFSSL_CTX* ctx,
4439    const char *label, int devId)
4440{
4441    if ((ctx == NULL) || (label == NULL)) {
4442        return WOLFSSL_FAILURE;
4443    }
4444
4445    return wolfSSL_CTX_use_certificate_ex(ctx, label, NULL, 0, devId);
4446}
4447
4448/* Load the id of a certificate into SSL context.
4449 *
4450 * @param [in, out] ctx    SSL context object.
4451 * @param [in]      id     Buffer holding id.
4452 * @param [in]      idLen  Size of data in bytes.
4453 * @param [in]      devId  Device identifier.
4454 * @return  1 on success.
4455 * @return  0 on failure.
4456 */
4457int wolfSSL_CTX_use_certificate_id(WOLFSSL_CTX* ctx,
4458    const unsigned char *id, int idLen, int devId)
4459{
4460    if ((ctx == NULL) || (id == NULL) || (idLen <= 0)) {
4461        return WOLFSSL_FAILURE;
4462    }
4463
4464    return wolfSSL_CTX_use_certificate_ex(ctx, NULL, id, idLen, devId);
4465}
4466
4467#endif /* if defined(WOLF_CRYPTO_CB) && !defined(NO_CERTS) */
4468
4469/* Load a certificate chain in a buffer into SSL context.
4470 *
4471 * @param [in, out] ctx     SSL context object.
4472 * @param [in]      in      Buffer holding DER encoded certificate chain.
4473 * @param [in]      sz      Size of data in bytes.
4474 * @param [in]      format  Format of data:
4475 *                            WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1.
4476 * @return  1 on success.
4477 * @return  0 on failure.
4478 * @return  Negative on error.
4479 */
4480int wolfSSL_CTX_use_certificate_chain_buffer_format(WOLFSSL_CTX* ctx,
4481    const unsigned char* in, long sz, int format)
4482{
4483    WOLFSSL_ENTER("wolfSSL_CTX_use_certificate_chain_buffer_format");
4484    return ProcessBuffer(ctx, in, sz, format, CERT_TYPE, NULL, NULL, 1,
4485        GET_VERIFY_SETTING_CTX(ctx), "cert chain buffer");
4486}
4487
4488/* Load a PEM encoded certificate chain in a buffer into SSL context.
4489 *
4490 * @param [in, out] ctx     SSL context object.
4491 * @param [in]      in      Buffer holding DER encoded certificate chain.
4492 * @param [in]      sz      Size of data in bytes.
4493 * @return  1 on success.
4494 * @return  0 on failure.
4495 * @return  Negative on error.
4496 */
4497int wolfSSL_CTX_use_certificate_chain_buffer(WOLFSSL_CTX* ctx,
4498    const unsigned char* in, long sz)
4499{
4500#ifdef WOLFSSL_PEM_TO_DER
4501    return wolfSSL_CTX_use_certificate_chain_buffer_format(ctx, in, sz,
4502        WOLFSSL_FILETYPE_PEM);
4503#else
4504    return wolfSSL_CTX_use_certificate_chain_buffer_format(ctx, in, sz,
4505        WOLFSSL_FILETYPE_ASN1);
4506#endif
4507}
4508
4509/* Load a user certificate in a buffer into SSL.
4510 *
4511 * @param [in, out] ssl     SSL object.
4512 * @param [in]      in      Buffer holding user certificate.
4513 * @param [in]      sz      Size of data in bytes.
4514 * @param [in]      format  Format of data:
4515 *                            WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1.
4516 * @return  1 on success.
4517 * @return  0 on failure.
4518 * @return  BAD_FUNC_ARG when ssl is NULL.
4519 */
4520int wolfSSL_use_certificate_buffer(WOLFSSL* ssl, const unsigned char* in,
4521    long sz, int format)
4522{
4523    int ret;
4524
4525    WOLFSSL_ENTER("wolfSSL_use_certificate_buffer");
4526
4527    /* Validate parameters. */
4528    if (ssl == NULL) {
4529        ret = BAD_FUNC_ARG;
4530    }
4531    else {
4532        ret = ProcessBuffer(ssl->ctx, in, sz, format, CERT_TYPE, ssl, NULL, 0,
4533            GET_VERIFY_SETTING_SSL(ssl), "cert buffer");
4534    }
4535
4536    return ret;
4537}
4538
4539/* Load a private key in a buffer into SSL.
4540 *
4541 * @param [in, out] ssl     SSL object.
4542 * @param [in]      in      Buffer holding private key.
4543 * @param [in]      sz      Size of data in bytes.
4544 * @param [in]      format  Format of data:
4545 *                            WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1.
4546 * @return  1 on success.
4547 * @return  0 on failure.
4548 * @return  BAD_FUNC_ARG when ssl is NULL.
4549 */
4550int wolfSSL_use_PrivateKey_buffer(WOLFSSL* ssl, const unsigned char* in,
4551    long sz, int format)
4552{
4553    int ret;
4554    long consumed = 0;
4555
4556    WOLFSSL_ENTER("wolfSSL_use_PrivateKey_buffer");
4557
4558    /* Validate parameters. */
4559    if (ssl == NULL) {
4560        ret = BAD_FUNC_ARG;
4561    }
4562    else {
4563        ret = ProcessBuffer(ssl->ctx, in, sz, format, PRIVATEKEY_TYPE, ssl,
4564            &consumed, 0, GET_VERIFY_SETTING_SSL(ssl), "key buffer");
4565    #ifdef WOLFSSL_DUAL_ALG_CERTS
4566        if ((ret == 1) && (consumed < sz)) {
4567            /* When support for dual algorithm certificates is enabled, the
4568             * buffer may contain both the primary and the alternative
4569             * private key. Hence, we have to parse both of them.
4570             */
4571            ret = ProcessBuffer(ssl->ctx, in + consumed, sz - consumed, format,
4572                ALT_PRIVATEKEY_TYPE, ssl, NULL, 0, GET_VERIFY_SETTING_SSL(ssl),
4573                "key buffer");
4574        }
4575    #endif
4576    }
4577
4578    return ret;
4579}
4580
4581#ifdef WOLFSSL_DUAL_ALG_CERTS
4582int wolfSSL_use_AltPrivateKey_buffer(WOLFSSL* ssl, const unsigned char* in,
4583    long sz, int format)
4584{
4585    int ret;
4586
4587    WOLFSSL_ENTER("wolfSSL_use_AltPrivateKey_buffer");
4588    ret = ProcessBuffer(ssl->ctx, in, sz, format, ALT_PRIVATEKEY_TYPE, ssl,
4589        NULL, 0, GET_VERIFY_SETTING_SSL(ssl), "alt key buffer");
4590    WOLFSSL_LEAVE("wolfSSL_use_AltPrivateKey_buffer", ret);
4591
4592    return ret;
4593}
4594#endif /* WOLFSSL_DUAL_ALG_CERTS */
4595
4596#ifdef WOLF_PRIVATE_KEY_ID
4597/* Load the id of a private key into SSL.
4598 *
4599 * @param [in, out] ssl    SSL object.
4600 * @param [in]      id     Buffer holding id.
4601 * @param [in]      sz     Size of data in bytes.
4602 * @param [in]      devId  Device identifier.
4603 * @return  1 on success.
4604 * @return  0 on failure.
4605 */
4606int wolfSSL_use_PrivateKey_Id(WOLFSSL* ssl, const unsigned char* id,
4607                              long sz, int devId)
4608{
4609    int ret = 1;
4610
4611    if (ssl == NULL || id == NULL || sz < 0) {
4612        return 0;
4613    }
4614
4615    /* Dispose of old private key if owned and allocate and copy in id. */
4616    if (ssl->buffers.weOwnKey) {
4617        FreeDer(&ssl->buffers.key);
4618    #ifdef WOLFSSL_BLIND_PRIVATE_KEY
4619        FreeDer(&ssl->buffers.keyMask);
4620    #endif
4621    }
4622    if (AllocCopyDer(&ssl->buffers.key, id, (word32)sz, PRIVATEKEY_TYPE,
4623            ssl->heap) != 0) {
4624        ret = 0;
4625    }
4626    if (ret == 1) {
4627        /* Buffer now ours. */
4628        ssl->buffers.weOwnKey = 1;
4629        /* Private key is an id. */
4630        ssl->buffers.keyId = 1;
4631        ssl->buffers.keyLabel = 0;
4632        /* Set private key device id to be one passed in or for SSL. */
4633        if (devId != INVALID_DEVID) {
4634            ssl->buffers.keyDevId = devId;
4635        }
4636        else {
4637            ssl->buffers.keyDevId = ssl->devId;
4638        }
4639
4640    #ifdef WOLFSSL_DUAL_ALG_CERTS
4641        /* Set the ID for the alternative key, too. User can still override that
4642         * afterwards. */
4643        ret = wolfSSL_use_AltPrivateKey_Id(ssl, id, sz, devId);
4644    #endif
4645    }
4646
4647    return ret;
4648}
4649
4650/* Load the id of a private key into SSL and set key size.
4651 *
4652 * @param [in, out] ssl    SSL object.
4653 * @param [in]      id     Buffer holding id.
4654 * @param [in]      sz     Size of data in bytes.
4655 * @param [in]      devId  Device identifier.
4656 * @param [in]      keySz  Size of key.
4657 * @return  1 on success.
4658 * @return  0 on failure.
4659 */
4660int wolfSSL_use_PrivateKey_Id_ex(WOLFSSL* ssl, const unsigned char* id,
4661    long sz, int devId, long keySz)
4662{
4663    int ret = wolfSSL_use_PrivateKey_Id(ssl, id, sz, devId);
4664    if (ret == 1) {
4665        /* Set the key size which normally is calculated during decoding. */
4666        ssl->buffers.keySz = (int)keySz;
4667    }
4668
4669    return ret;
4670}
4671
4672/* Load the label name of a private key into SSL.
4673 *
4674 * @param [in, out] ssl    SSL object.
4675 * @param [in]      label  Buffer holding label.
4676 * @param [in]      devId  Device identifier.
4677 * @return  1 on success.
4678 * @return  0 on failure.
4679 */
4680int wolfSSL_use_PrivateKey_Label(WOLFSSL* ssl, const char* label, int devId)
4681{
4682    int ret = 1;
4683    word32 sz;
4684
4685    if (ssl == NULL || label == NULL) {
4686        return 0;
4687    }
4688
4689    sz = (word32)XSTRLEN(label) + 1;
4690
4691    /* Dispose of old private key if owned and allocate and copy in label. */
4692    if (ssl->buffers.weOwnKey) {
4693        FreeDer(&ssl->buffers.key);
4694    #ifdef WOLFSSL_BLIND_PRIVATE_KEY
4695        FreeDer(&ssl->buffers.keyMask);
4696    #endif
4697    }
4698    if (AllocCopyDer(&ssl->buffers.key, (const byte*)label, (word32)sz,
4699            PRIVATEKEY_TYPE, ssl->heap) != 0) {
4700        ret = 0;
4701    }
4702    if (ret == 1) {
4703        /* Buffer now ours. */
4704        ssl->buffers.weOwnKey = 1;
4705        /* Private key is a label. */
4706        ssl->buffers.keyId = 0;
4707        ssl->buffers.keyLabel = 1;
4708        /* Set private key device id to be one passed in or for SSL. */
4709        if (devId != INVALID_DEVID) {
4710            ssl->buffers.keyDevId = devId;
4711        }
4712        else {
4713            ssl->buffers.keyDevId = ssl->devId;
4714        }
4715
4716    #ifdef WOLFSSL_DUAL_ALG_CERTS
4717        /* Set the label for the alternative key, too. User can still override
4718         * that afterwards. */
4719        ret = wolfSSL_use_AltPrivateKey_Label(ssl, label, devId);
4720    #endif
4721    }
4722
4723    return ret;
4724}
4725
4726#ifdef WOLFSSL_DUAL_ALG_CERTS
4727int wolfSSL_use_AltPrivateKey_Id(WOLFSSL* ssl, const unsigned char* id, long sz,
4728    int devId)
4729{
4730    int ret = 1;
4731
4732    if ((ssl == NULL) || (id == NULL) || (sz < 0)) {
4733        ret = 0;
4734    }
4735
4736    if (ret == 1) {
4737        if (ssl->buffers.weOwnAltKey) {
4738            FreeDer(&ssl->buffers.altKey);
4739        #ifdef WOLFSSL_BLIND_PRIVATE_KEY
4740            FreeDer(&ssl->buffers.altKeyMask);
4741        #endif
4742        }
4743        if (AllocDer(&ssl->buffers.altKey, (word32)sz, ALT_PRIVATEKEY_TYPE,
4744                ssl->heap) != 0) {
4745            ret = 0;
4746        }
4747    }
4748    if (ret == 1) {
4749        XMEMCPY(ssl->buffers.altKey->buffer, id, (word32)sz);
4750        ssl->buffers.weOwnAltKey = 1;
4751        ssl->buffers.altKeyId = 1;
4752        if (devId != INVALID_DEVID) {
4753            ssl->buffers.altKeyDevId = devId;
4754        }
4755        else {
4756            ssl->buffers.altKeyDevId = ssl->devId;
4757        }
4758    }
4759
4760    return ret;
4761}
4762
4763int wolfSSL_use_AltPrivateKey_Id_ex(WOLFSSL* ssl, const unsigned char* id,
4764    long sz, int devId, long keySz)
4765{
4766    int ret = wolfSSL_use_AltPrivateKey_Id(ssl, id, sz, devId);
4767    if (ret == 1) {
4768        ssl->buffers.altKeySz = (word32)keySz;
4769    }
4770
4771    return ret;
4772}
4773
4774int wolfSSL_use_AltPrivateKey_Label(WOLFSSL* ssl, const char* label, int devId)
4775{
4776    int ret = 1;
4777    word32 sz;
4778
4779    if ((ssl == NULL) || (label == NULL)) {
4780        ret = 0;
4781    }
4782
4783    if (ret == 1) {
4784        sz = (word32)XSTRLEN(label) + 1;
4785        if (ssl->buffers.weOwnAltKey) {
4786            FreeDer(&ssl->buffers.altKey);
4787        #ifdef WOLFSSL_BLIND_PRIVATE_KEY
4788            FreeDer(&ssl->buffers.altKeyMask);
4789        #endif
4790        }
4791        if (AllocDer(&ssl->buffers.altKey, (word32)sz, ALT_PRIVATEKEY_TYPE,
4792                ssl->heap) != 0) {
4793            ret = 0;
4794        }
4795    }
4796    if (ret == 1) {
4797        XMEMCPY(ssl->buffers.altKey->buffer, label, sz);
4798        ssl->buffers.weOwnAltKey = 1;
4799        ssl->buffers.altKeyLabel = 1;
4800        if (devId != INVALID_DEVID) {
4801            ssl->buffers.altKeyDevId = devId;
4802        }
4803        else {
4804            ssl->buffers.altKeyDevId = ssl->devId;
4805        }
4806    }
4807
4808    return ret;
4809}
4810#endif /* WOLFSSL_DUAL_ALG_CERTS */
4811#endif /* WOLF_PRIVATE_KEY_ID */
4812
4813/* Load a certificate chain in a buffer into SSL.
4814 *
4815 * @param [in, out] ssl     SSL object.
4816 * @param [in]      in      Buffer holding DER encoded certificate chain.
4817 * @param [in]      sz      Size of data in bytes.
4818 * @param [in]      format  Format of data:
4819 *                            WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1.
4820 * @return  1 on success.
4821 * @return  0 on failure.
4822 * @return  BAD_FUNC_ARG when ssl is NULL.
4823 */
4824int wolfSSL_use_certificate_chain_buffer_format(WOLFSSL* ssl,
4825    const unsigned char* in, long sz, int format)
4826{
4827    int ret;
4828
4829    WOLFSSL_ENTER("wolfSSL_use_certificate_chain_buffer_format");
4830
4831    /* Validate parameters. */
4832    if (ssl == NULL) {
4833        ret = BAD_FUNC_ARG;
4834    }
4835    else {
4836        ret = ProcessBuffer(ssl->ctx, in, sz, format, CERT_TYPE, ssl, NULL, 1,
4837            GET_VERIFY_SETTING_SSL(ssl), "cert chain buffer");
4838    }
4839
4840    return ret;
4841}
4842
4843/* Load a PEM encoded certificate chain in a buffer into SSL.
4844 *
4845 * @param [in, out] ssl     SSL object.
4846 * @param [in]      in      Buffer holding DER encoded certificate chain.
4847 * @param [in]      sz      Size of data in bytes.
4848 * @return  1 on success.
4849 * @return  0 on failure.
4850 * @return  Negative on error.
4851 */
4852int wolfSSL_use_certificate_chain_buffer(WOLFSSL* ssl, const unsigned char* in,
4853    long sz)
4854{
4855#ifdef WOLFSSL_PEM_TO_DER
4856    return wolfSSL_use_certificate_chain_buffer_format(ssl, in, sz,
4857        WOLFSSL_FILETYPE_PEM);
4858#else
4859    return wolfSSL_use_certificate_chain_buffer_format(ssl, in, sz,
4860        WOLFSSL_FILETYPE_ASN1);
4861#endif
4862}
4863
4864#if defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY) || \
4865    defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(HAVE_STUNNEL) || \
4866    defined(WOLFSSL_NGINX) || defined(HAVE_POCO_LIB) || \
4867    defined(WOLFSSL_HAPROXY)
4868/* Add certificate to chain.
4869 *
4870 * @param [in, out] chain   Buffer holding encoded certificate for TLS.
4871 * @param [in]      weOwn   Indicates we need to free chain if repleced.
4872 * @param [in]      cert    Buffer holding DER encoded certificate.
4873 * @param [in]      certSz  Size of DER encoded certificate in bytes.
4874 * @param [in]      heap    Dynamic memory allocation hint.
4875 * @return  1 on success.
4876 * @return  0 on failure.
4877 */
4878static int wolfssl_add_to_chain(DerBuffer** chain, int weOwn, const byte* cert,
4879    word32 certSz, void* heap)
4880{
4881    int res = 1;
4882    int ret;
4883    DerBuffer* oldChain = *chain;
4884    DerBuffer* newChain = NULL;
4885    word32 len = 0;
4886
4887    if (oldChain != NULL) {
4888        /* Get length of previous chain. */
4889        len = oldChain->length;
4890    }
4891    /* Check for integer overflow in size calculation. */
4892    if ((len > WOLFSSL_MAX_32BIT - CERT_HEADER_SZ) ||
4893            (certSz > WOLFSSL_MAX_32BIT - CERT_HEADER_SZ - len)) {
4894        WOLFSSL_MSG("wolfssl_add_to_chain overflow");
4895        res = 0;
4896    }
4897    if (res == 1) {
4898        /* Allocate DER buffer big enough to hold old and new certificates. */
4899        ret = AllocDer(&newChain, len + CERT_HEADER_SZ + certSz, CERT_TYPE,
4900            heap);
4901        if (ret != 0) {
4902            WOLFSSL_MSG("AllocDer error");
4903            res = 0;
4904        }
4905    }
4906
4907    if (res == 1) {
4908        if (oldChain != NULL) {
4909            /* Place old chain in new buffer. */
4910            XMEMCPY(newChain->buffer, oldChain->buffer, len);
4911        }
4912        /* Append length and DER encoded certificate. */
4913        c32to24(certSz, newChain->buffer + len);
4914        XMEMCPY(newChain->buffer + len + CERT_HEADER_SZ, cert, certSz);
4915
4916        /* Dispose of old chain if we own it. */
4917        if (weOwn) {
4918            FreeDer(chain);
4919        }
4920        /* Replace chain. */
4921        *chain = newChain;
4922    }
4923
4924    return res;
4925}
4926#endif
4927
4928#ifdef OPENSSL_EXTRA
4929
4930/* Add a certificate to end of chain sent in TLS handshake.
4931 *
4932 * @param [in, out] ctx    SSL context.
4933 * @param [in]      der    Buffer holding DER encoded certificate.
4934 * @param [in]      derSz  Size of data in buffer.
4935 * @return  1 on success.
4936 * @return  0 on failure.
4937 */
4938static int wolfssl_ctx_add_to_chain(WOLFSSL_CTX* ctx, const byte* der,
4939    int derSz)
4940{
4941    int res = 1;
4942    int ret;
4943    DerBuffer* derBuffer = NULL;
4944
4945    /* Create a DER buffer from DER encoding. */
4946    ret = AllocCopyDer(&derBuffer, der, (word32)derSz, CERT_TYPE, ctx->heap);
4947    if (ret != 0) {
4948        WOLFSSL_MSG("Memory Error");
4949        res = 0;
4950    }
4951    if (res == 1) {
4952        /* Add a user CA certificate to the certificate manager. */
4953        res = AddCA(ctx->cm, &derBuffer, WOLFSSL_USER_CA,
4954            GET_VERIFY_SETTING_CTX(ctx));
4955        if (res != 1) {
4956            res = 0;
4957        }
4958    }
4959
4960    if (res == 1) {
4961         /* Add chain to DER buffer. */
4962         res = wolfssl_add_to_chain(&ctx->certChain, 1, der, (word32)derSz,
4963             ctx->heap);
4964    #ifdef WOLFSSL_TLS13
4965        /* Update count of certificates. */
4966        ctx->certChainCnt++;
4967    #endif
4968    }
4969
4970    return res;
4971}
4972
4973/* Add a certificate to chain sent in TLS handshake.
4974 *
4975 * @param [in, out] ctx   SSL context.
4976 * @param [in]      x509  X509 certificate object.
4977 * @return  1 on success.
4978 * @return  0 on failure.
4979 */
4980long wolfSSL_CTX_add_extra_chain_cert(WOLFSSL_CTX* ctx, WOLFSSL_X509* x509)
4981{
4982    int   ret = 1;
4983    int   derSz = 0;
4984    const byte* der = NULL;
4985
4986    WOLFSSL_ENTER("wolfSSL_CTX_add_extra_chain_cert");
4987
4988    /* Validate parameters. */
4989    if ((ctx == NULL) || (x509 == NULL)) {
4990        WOLFSSL_MSG("Bad Argument");
4991        ret = 0;
4992    }
4993
4994    if (ret == 1) {
4995        /* Get the DER encoding of the certificate from the X509 object. */
4996        der = wolfSSL_X509_get_der(x509, &derSz);
4997        /* Validate buffer. */
4998        if ((der == NULL) || (derSz <= 0)) {
4999            WOLFSSL_MSG("Error getting X509 DER");
5000            ret = 0;
5001        }
5002    }
5003
5004    if ((ret == 1) && (ctx->certificate == NULL)) {
5005        WOLFSSL_ENTER("wolfSSL_use_certificate_chain_buffer_format");
5006
5007        /* Process buffer makes first certificate the leaf. */
5008        ret = ProcessBuffer(ctx, der, derSz, WOLFSSL_FILETYPE_ASN1, CERT_TYPE,
5009            NULL, NULL, 1, GET_VERIFY_SETTING_CTX(ctx), "extra chain buffer");
5010        if (ret != 1) {
5011            ret = 0;
5012        }
5013    }
5014    else if (ret == 1) {
5015        /* Add certificate to existing chain. */
5016        ret = wolfssl_ctx_add_to_chain(ctx, der, derSz);
5017    }
5018
5019    if (ret == 1) {
5020        /* On success WOLFSSL_X509 memory is responsibility of SSL context. */
5021        wolfSSL_X509_free(x509);
5022        x509 = NULL;
5023    }
5024
5025    WOLFSSL_LEAVE("wolfSSL_CTX_add_extra_chain_cert", ret);
5026    return ret;
5027}
5028
5029#endif /* OPENSSL_EXTRA */
5030
5031#if defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY) || \
5032    defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(HAVE_STUNNEL) || \
5033    defined(WOLFSSL_NGINX) || defined(HAVE_POCO_LIB) || \
5034    defined(WOLFSSL_HAPROXY)
5035/* Load a certificate into SSL context.
5036 *
5037 * @param [in, out] ctx   SSL context object.
5038 * @param [in]      x509  X509 certificate object.
5039 * @return  1 on success.
5040 * @return  0 on failure.
5041 */
5042int wolfSSL_CTX_use_certificate(WOLFSSL_CTX *ctx, WOLFSSL_X509 *x)
5043{
5044    int res = 1;
5045    int ret;
5046
5047    WOLFSSL_ENTER("wolfSSL_CTX_use_certificate");
5048
5049    /* Validate parameters. */
5050    if ((ctx == NULL) || (x == NULL) || (x->derCert == NULL)) {
5051        WOLFSSL_MSG("Bad parameter");
5052        res = 0;
5053    }
5054
5055    if (res == 1) {
5056        /* Replace certificate buffer with one holding the new certificate. */
5057        FreeDer(&ctx->certificate);
5058        ret = AllocCopyDer(&ctx->certificate, x->derCert->buffer,
5059            x->derCert->length, CERT_TYPE, ctx->heap);
5060        if (ret != 0) {
5061            res = 0;
5062        }
5063    }
5064
5065#ifdef KEEP_OUR_CERT
5066    if (res == 1) {
5067        /* Dispose of our certificate if it is ours. */
5068        if ((ctx->ourCert != NULL) && ctx->ownOurCert) {
5069            wolfSSL_X509_free(ctx->ourCert);
5070        }
5071    #ifndef WOLFSSL_X509_STORE_CERTS
5072        /* Keep a reference to the new certificate. */
5073        ctx->ourCert = x;
5074        if (wolfSSL_X509_up_ref(x) != 1) {
5075            res = 0;
5076        }
5077    #else
5078        /* Keep a copy of the new certificate. */
5079        ctx->ourCert = wolfSSL_X509_d2i_ex(NULL, x->derCert->buffer,
5080            x->derCert->length, ctx->heap);
5081        if (ctx->ourCert == NULL) {
5082            res = 0;
5083        }
5084    #endif
5085        /* Now own our certificate. */
5086        ctx->ownOurCert = 1;
5087    }
5088#endif
5089
5090    if (res == 1) {
5091        /* Set have options based on public key OID. */
5092        wolfssl_set_have_from_key_oid(ctx, NULL, x->pubKeyOID);
5093    }
5094
5095    return res;
5096}
5097
5098/* Add the certificate to the chain in the SSL context and own the X509 object.
5099 *
5100 * @param [in, out] ctx   SSL context object.
5101 * @param [in]      x509  X509 certificate object.
5102 * @return  1 on success.
5103 * @return  0 on failure.
5104 */
5105int wolfSSL_CTX_add0_chain_cert(WOLFSSL_CTX* ctx, WOLFSSL_X509* x509)
5106{
5107    int ret;
5108
5109    WOLFSSL_ENTER("wolfSSL_CTX_add0_chain_cert");
5110
5111    /* Add certificate to chain and copy or up reference it. */
5112    ret = wolfSSL_CTX_add1_chain_cert(ctx, x509);
5113    if (ret == 1) {
5114        /* Down reference or free original now as we own certificate. */
5115        wolfSSL_X509_free(x509);
5116        x509 = NULL;
5117    }
5118
5119    return ret;
5120}
5121
5122/* Add the certificate to the chain in the SSL context.
5123 *
5124 * X509 object copied or up referenced.
5125 *
5126 * @param [in, out] ctx   SSL context object.
5127 * @param [in]      x509  X509 certificate object.
5128 * @return  1 on success.
5129 * @return  0 on failure.
5130 */
5131int wolfSSL_CTX_add1_chain_cert(WOLFSSL_CTX* ctx, WOLFSSL_X509* x509)
5132{
5133    int ret = 1;
5134
5135    WOLFSSL_ENTER("wolfSSL_CTX_add1_chain_cert");
5136
5137    /* Validate parameters. */
5138    if ((ctx == NULL) || (x509 == NULL) || (x509->derCert == NULL)) {
5139        ret = 0;
5140    }
5141
5142    /* Check if we already have set a certificate. */
5143    if ((ret == 1) && (ctx->certificate == NULL)) {
5144        /* Use the certificate. */
5145        ret = wolfSSL_CTX_use_certificate(ctx, x509);
5146    }
5147    /* Increase reference count as we will store it. */
5148    else if ((ret == 1) && ((ret = wolfSSL_X509_up_ref(x509)) == 1)) {
5149        /* Load the DER encoding. */
5150        ret = wolfSSL_CTX_load_verify_buffer(ctx, x509->derCert->buffer,
5151            x509->derCert->length, WOLFSSL_FILETYPE_ASN1);
5152        if (ret == 1) {
5153            /* Add DER encoding to chain. */
5154            ret = wolfssl_add_to_chain(&ctx->certChain, 1,
5155                x509->derCert->buffer, x509->derCert->length, ctx->heap);
5156        }
5157        /* Store cert in stack to free it later. */
5158        if ((ret == 1) && (ctx->x509Chain == NULL)) {
5159            /* Create a stack for certificates. */
5160            ctx->x509Chain = wolfSSL_sk_X509_new_null();
5161            if (ctx->x509Chain == NULL) {
5162                WOLFSSL_MSG("wolfSSL_sk_X509_new_null error");
5163                ret = 0;
5164            }
5165        }
5166        if (ret == 1) {
5167            /* Push the X509 object onto stack. */
5168            ret = wolfSSL_sk_X509_push(ctx->x509Chain, x509) > 0
5169                    ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
5170        }
5171
5172        if (ret != 1) {
5173            /* Decrease reference count on error as we didn't store it. */
5174            wolfSSL_X509_free(x509);
5175            x509 = NULL;
5176        }
5177    }
5178
5179    return WS_RC(ret);
5180}
5181
5182#ifdef KEEP_OUR_CERT
5183/* Add the certificate to the chain in the SSL and own the X509 object.
5184 *
5185 * @param [in, out] ssl   SSL object.
5186 * @param [in]      x509  X509 certificate object.
5187 * @return  1 on success.
5188 * @return  0 on failure.
5189 */
5190int wolfSSL_add0_chain_cert(WOLFSSL* ssl, WOLFSSL_X509* x509)
5191{
5192    int ret = 1;
5193
5194    WOLFSSL_ENTER("wolfSSL_add0_chain_cert");
5195
5196    /* Validate parameters. */
5197    if ((ssl == NULL) || (x509 == NULL) || (x509->derCert == NULL)) {
5198        ret = 0;
5199    }
5200
5201    /* Check if we already have set a certificate. */
5202    if ((ret == 1) && (ssl->buffers.certificate == NULL)) {
5203        /* Use the certificate. */
5204        ret = wolfSSL_use_certificate(ssl, x509);
5205        if (ret == 1) {
5206            /* Dispose of old certificate if we own it. */
5207            if (ssl->buffers.weOwnCert) {
5208                wolfSSL_X509_free(ssl->ourCert);
5209            }
5210            /* Store cert to free it later. */
5211            ssl->ourCert = x509;
5212            ssl->buffers.weOwnCert = 1;
5213        }
5214    }
5215    else if (ret == 1) {
5216        /* Add DER encoding to chain. */
5217        ret = wolfssl_add_to_chain(&ssl->buffers.certChain,
5218            ssl->buffers.weOwnCertChain, x509->derCert->buffer,
5219            x509->derCert->length, ssl->heap);
5220        if (ret == 1) {
5221            /* We now own cert chain. */
5222            ssl->buffers.weOwnCertChain = 1;
5223            /* Create a stack to put certificate into. */
5224            if (ssl->ourCertChain == NULL) {
5225                ssl->ourCertChain = wolfSSL_sk_X509_new_null();
5226                if (ssl->ourCertChain == NULL) {
5227                    WOLFSSL_MSG("wolfSSL_sk_X509_new_null error");
5228                    ret = 0;
5229                }
5230            }
5231        }
5232        if (ret == 1) {
5233            /* Push X509 object onto stack to be freed. */
5234            ret = wolfSSL_sk_X509_push(ssl->ourCertChain, x509) > 0
5235                    ? WOLFSSL_SUCCESS : WOLFSSL_FAILURE;
5236        }
5237    }
5238    return WS_RC(ret);
5239}
5240
5241/* Add the certificate to the chain in the SSL.
5242 *
5243 * X509 object is up referenced.
5244 *
5245 * @param [in, out] ssl   SSL object.
5246 * @param [in]      x509  X509 certificate object.
5247 * @return  1 on success.
5248 * @return  0 on failure.
5249 */
5250int wolfSSL_add1_chain_cert(WOLFSSL* ssl, WOLFSSL_X509* x509)
5251{
5252    int ret = 1;
5253
5254    WOLFSSL_ENTER("wolfSSL_add1_chain_cert");
5255
5256    /* Validate parameters. */
5257    if ((ssl == NULL) || (x509 == NULL) || (x509->derCert == NULL)) {
5258        ret = 0;
5259    }
5260
5261    /* Increase reference count on X509 object before adding. */
5262    if ((ret == 1) && ((ret = wolfSSL_X509_up_ref(x509)) == 1)) {
5263        /* Add this to the chain. */
5264        if ((ret = wolfSSL_add0_chain_cert(ssl, x509)) != 1) {
5265            /* Decrease reference count on error as not stored. */
5266            wolfSSL_X509_free(x509);
5267            x509 = NULL;
5268        }
5269    }
5270
5271    return ret;
5272}
5273#endif /* KEEP_OUR_CERT */
5274#endif /* OPENSSL_EXTRA, HAVE_LIGHTY, WOLFSSL_MYSQL_COMPATIBLE, HAVE_STUNNEL,
5275          WOLFSSL_NGINX, HAVE_POCO_LIB, WOLFSSL_HAPROXY */
5276
5277#ifdef OPENSSL_EXTRA
5278
5279/* Load a private key into SSL context.
5280 *
5281 * @param [in, out] ctx   SSL context object.
5282 * @param [in]      pkey  EVP private key.
5283 * @return  1 on success.
5284 * @return  0 on failure.
5285 */
5286int wolfSSL_CTX_use_PrivateKey(WOLFSSL_CTX *ctx, WOLFSSL_EVP_PKEY *pkey)
5287{
5288    int ret = 1;
5289
5290    WOLFSSL_ENTER("wolfSSL_CTX_use_PrivateKey");
5291
5292    /* Validate parameters. */
5293    if ((ctx == NULL) || (pkey == NULL) || (pkey->pkey.ptr == NULL)) {
5294        ret = 0;
5295    }
5296
5297    if (ret == 1) {
5298        switch (pkey->type) {
5299    #if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA)
5300        case WC_EVP_PKEY_RSA:
5301            WOLFSSL_MSG("populating RSA key");
5302            ret = PopulateRSAEvpPkeyDer(pkey);
5303            break;
5304    #endif /* (WOLFSSL_KEY_GEN || OPENSSL_EXTRA) && !NO_RSA */
5305    #if !defined(HAVE_SELFTEST) && (defined(WOLFSSL_KEY_GEN) || \
5306            defined(WOLFSSL_CERT_GEN)) && !defined(NO_DSA)
5307        case WC_EVP_PKEY_DSA:
5308            break;
5309    #endif /* !HAVE_SELFTEST && (WOLFSSL_KEY_GEN || WOLFSSL_CERT_GEN) &&
5310            * !NO_DSA */
5311    #ifdef HAVE_ECC
5312        case WC_EVP_PKEY_EC:
5313            WOLFSSL_MSG("populating ECC key");
5314            ret = ECC_populate_EVP_PKEY(pkey, pkey->ecc);
5315            break;
5316    #endif
5317    #ifdef HAVE_ED25519
5318        case WC_EVP_PKEY_ED25519:
5319            /* DER is already stored in pkey->pkey.ptr by d2i_evp_pkey. */
5320            WOLFSSL_MSG("populating Ed25519 key");
5321            break;
5322    #endif
5323    #ifdef HAVE_ED448
5324        case WC_EVP_PKEY_ED448:
5325            /* DER is already stored in pkey->pkey.ptr by d2i_evp_pkey. */
5326            WOLFSSL_MSG("populating Ed448 key");
5327            break;
5328    #endif
5329        default:
5330            ret = 0;
5331        }
5332    }
5333
5334    if (ret == 1) {
5335        /* ptr for WOLFSSL_EVP_PKEY struct is expected to be DER format */
5336        ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx,
5337            (const unsigned char*)pkey->pkey.ptr, pkey->pkey_sz,
5338            WOLFSSL_FILETYPE_ASN1);
5339    }
5340
5341    return ret;
5342}
5343
5344#endif /* OPENSSL_EXTRA */
5345
5346#if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || \
5347    defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_QT)
5348/* Load a DER encoded certificate in a buffer into SSL context.
5349 *
5350 * @param [in, out] ctx    SSL context object.
5351 * @param [in]      der    Buffer holding DER encoded certificate.
5352 * @param [in]      derSz  Size of data in bytes.
5353 * @return  1 on success.
5354 * @return  0 on failure.
5355 */
5356int wolfSSL_CTX_use_certificate_ASN1(WOLFSSL_CTX *ctx, int derSz,
5357    const unsigned char *der)
5358{
5359    int ret = 1;
5360
5361    WOLFSSL_ENTER("wolfSSL_CTX_use_certificate_ASN1");
5362
5363    /* Validate parameters. */
5364    if ((ctx == NULL) || (der == NULL)) {
5365        ret = 0;
5366    }
5367    /* Load DER encoded certificate into SSL context. */
5368    if ((ret == 1) && (wolfSSL_CTX_use_certificate_buffer(ctx, der, derSz,
5369            WOLFSSL_FILETYPE_ASN1) != 1)) {
5370        ret = 0;
5371    }
5372
5373    return ret;
5374}
5375
5376#if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA)
5377/* Load an RSA private key into SSL context.
5378 *
5379 * @param [in, out] ctx   SSL context object.
5380 * @param [in]      rsa   RSA private key.
5381 * @return  1 on success.
5382 * @return  0 on failure.
5383 * @return  BAD_FUNC_ARG when ctx or rsa is NULL.
5384 * @return  MEMORY_E when dynamic memory allocation fails.
5385 */
5386int wolfSSL_CTX_use_RSAPrivateKey(WOLFSSL_CTX* ctx, WOLFSSL_RSA* rsa)
5387{
5388    int ret = 1;
5389    int derSize = 0;
5390    unsigned char* der = NULL;
5391    unsigned char* p;
5392
5393    WOLFSSL_ENTER("wolfSSL_CTX_use_RSAPrivateKey");
5394
5395    /* Validate parameters. */
5396    if ((ctx == NULL) || (rsa == NULL)) {
5397        WOLFSSL_MSG("one or more inputs were NULL");
5398        ret = BAD_FUNC_ARG;
5399    }
5400
5401    /* Get DER encoding size. */
5402    if ((ret == 1) && ((derSize = wolfSSL_i2d_RSAPrivateKey(rsa, NULL)) <= 0)) {
5403        ret = 0;
5404    }
5405
5406    if (ret == 1) {
5407        /* Allocate memory to hold DER encoding.. */
5408        der = (unsigned char*)XMALLOC((size_t)derSize, NULL,
5409                                            DYNAMIC_TYPE_TMP_BUFFER);
5410        if (der == NULL) {
5411            WOLFSSL_MSG("Malloc failure");
5412            ret = MEMORY_E;
5413        }
5414    }
5415
5416    if (ret == 1) {
5417        /* Pointer passed in is modified.. */
5418        p = der;
5419        /* Encode the RSA key as DER into buffer and get size. */
5420        if ((derSize = wolfSSL_i2d_RSAPrivateKey(rsa, &p)) <= 0) {
5421            WOLFSSL_MSG("wolfSSL_i2d_RSAPrivateKey() failure");
5422            ret = 0;
5423        }
5424    }
5425
5426    if (ret == 1) {
5427        /* Load DER encoded certificate into SSL context. */
5428        ret = wolfSSL_CTX_use_PrivateKey_buffer(ctx, der, derSize,
5429            SSL_FILETYPE_ASN1);
5430        if (ret != WOLFSSL_SUCCESS) {
5431            WOLFSSL_MSG("wolfSSL_CTX_USE_PrivateKey_buffer() failure");
5432            ret = 0;
5433        }
5434    }
5435
5436    /* Dispos of dynamically allocated data. */
5437    if (der != NULL) {
5438        ForceZero(der, (word32)derSize);
5439    }
5440    XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER);
5441    return ret;
5442}
5443#endif /* WOLFSSL_KEY_GEN && !NO_RSA */
5444
5445#endif /* OPENSSL_ALL || WOLFSSL_ASIO || WOLFSSL_HAPROXY || WOLFSSL_QT */
5446
5447#endif /* !NO_CERTS */
5448
5449#ifdef OPENSSL_EXTRA
5450
5451/* Use the default paths to look for CA certificate.
5452 *
5453 * This is an OpenSSL compatibility layer function, but it doesn't mirror
5454 * the exact functionality of its OpenSSL counterpart. We don't support the
5455 * notion of an "OpenSSL directory". This function will attempt to load the
5456 * environment variables SSL_CERT_DIR and SSL_CERT_FILE, if either are
5457 * found, they will be loaded. Otherwise, it will act as a wrapper around
5458 * our native wolfSSL_CTX_load_system_CA_certs function. This function does
5459 * conform to OpenSSL's return value conventions.
5460 *
5461 * @param [in] ctx  SSL context object.
5462 * @return  1 on success.
5463 * @return  0 on failure.
5464 * @return  WOLFSSL_FATAL_ERROR when using a filesystem is not supported.
5465 */
5466int wolfSSL_CTX_set_default_verify_paths(WOLFSSL_CTX* ctx)
5467{
5468    int ret;
5469#if defined(XGETENV) && !defined(NO_GETENV)
5470    char* certDir = NULL;
5471    char* certFile = NULL;
5472    word32 flags = 0;
5473#elif !defined(WOLFSSL_SYS_CA_CERTS)
5474    (void)ctx;
5475#endif
5476
5477    WOLFSSL_ENTER("wolfSSL_CTX_set_default_verify_paths");
5478
5479#if defined(XGETENV) && !defined(NO_GETENV)
5480    /* // NOLINTBEGIN(concurrency-mt-unsafe) */
5481    certDir = wc_strdup_ex(XGETENV("SSL_CERT_DIR"), DYNAMIC_TYPE_TMP_BUFFER);
5482    certFile = wc_strdup_ex(XGETENV("SSL_CERT_FILE"), DYNAMIC_TYPE_TMP_BUFFER);
5483    flags = WOLFSSL_LOAD_FLAG_PEM_CA_ONLY;
5484
5485    if ((certDir != NULL) || (certFile != NULL)) {
5486        if (certDir != NULL) {
5487           /* We want to keep trying to load more CA certs even if one cert in
5488            * the directory is bad and can't be used (e.g. if one is
5489            * expired), so we use WOLFSSL_LOAD_FLAG_IGNORE_ERR.
5490            */
5491            flags |= WOLFSSL_LOAD_FLAG_IGNORE_ERR;
5492        }
5493
5494        /* Load CA certificates from environment variable locations. */
5495        ret = wolfSSL_CTX_load_verify_locations_ex(ctx, certFile, certDir,
5496            flags);
5497        if (ret != 1) {
5498            WOLFSSL_MSG_EX("Failed to load CA certs from SSL_CERT_FILE: %s"
5499                            " SSL_CERT_DIR: %s. Error: %d", certFile,
5500                            certDir, ret);
5501            ret = 0;
5502        }
5503    }
5504    /* // NOLINTEND(concurrency-mt-unsafe) */
5505    else
5506#endif
5507
5508    {
5509    #ifdef NO_FILESYSTEM
5510        WOLFSSL_MSG("wolfSSL_CTX_set_default_verify_paths not supported"
5511                    " with NO_FILESYSTEM enabled");
5512        ret = WOLFSSL_FATAL_ERROR;
5513    #elif defined(WOLFSSL_SYS_CA_CERTS)
5514        /* Load the system CA certificates. */
5515        ret = wolfSSL_CTX_load_system_CA_certs(ctx);
5516        if (ret == WC_NO_ERR_TRACE(WOLFSSL_BAD_PATH)) {
5517            /* OpenSSL doesn't treat the lack of a system CA cert directory as a
5518             * failure. We do the same here.
5519             */
5520            ret = 1;
5521        }
5522    #else
5523        /* No source available: SSL_CERT_DIR/SSL_CERT_FILE not set and
5524         * WOLFSSL_SYS_CA_CERTS not compiled in. Returning success would be
5525         * fail-open since no trust anchors were loaded. */
5526        WOLFSSL_MSG("wolfSSL_CTX_set_default_verify_paths: no CA source "
5527                    "available (build without WOLFSSL_SYS_CA_CERTS and no "
5528                    "SSL_CERT_DIR/SSL_CERT_FILE env)");
5529        ret = WOLFSSL_FAILURE;
5530    #endif
5531    }
5532
5533#if defined(XGETENV) && !defined(NO_GETENV)
5534    XFREE(certFile, NULL, DYNAMIC_TYPE_TMP_BUFFER);
5535    XFREE(certDir, NULL, DYNAMIC_TYPE_TMP_BUFFER);
5536#endif
5537    WOLFSSL_LEAVE("wolfSSL_CTX_set_default_verify_paths", ret);
5538
5539    return ret;
5540}
5541
5542#endif /* OPENSSL_EXTRA */
5543
5544#ifndef NO_DH
5545
5546/* Set the temporary DH parameters against the SSL.
5547 *
5548 * @param [in, out] ssl   SSL object.
5549 * @param [in]      p     Buffer holding prime.
5550 * @param [in]      pSz   Length of prime in bytes.
5551 * @param [in]      g     Buffer holding generator.
5552 * @param [in]      gSz   Length of generator in bytes.
5553 * @return  1 on success.
5554 * @return  0 on failure.
5555 * @return  DH_KEY_SIZE_E when the prime is too short or long.
5556 * @return  SIDE_ERROR when the SSL is for a client.
5557 */
5558static int wolfssl_set_tmp_dh(WOLFSSL* ssl, unsigned char* p, int pSz,
5559    unsigned char* g, int gSz)
5560{
5561    int ret = 1;
5562
5563    /* Check the size of the prime meets the requirements of the SSL. */
5564    if (((word16)pSz < ssl->options.minDhKeySz) ||
5565            ((word16)pSz > ssl->options.maxDhKeySz)) {
5566        ret = DH_KEY_SIZE_E;
5567    }
5568    /* Only able to set DH parameters on server. */
5569    if ((ret == 1) && (ssl->options.side == WOLFSSL_CLIENT_END)) {
5570        ret = SIDE_ERROR;
5571    }
5572
5573    if (ret == 1) {
5574    #if !defined(WOLFSSL_OLD_PRIME_CHECK) && !defined(HAVE_FIPS) && \
5575        !defined(HAVE_SELFTEST)
5576        /* New DH parameters not tested for validity. */
5577        ssl->options.dhKeyTested = 0;
5578        /* New DH parameters must be tested for validity before use. */
5579        ssl->options.dhDoKeyTest = 1;
5580    #endif
5581
5582        /* Dispose of old DH parameters if we own it. */
5583        if (ssl->buffers.weOwnDH) {
5584            XFREE(ssl->buffers.serverDH_P.buffer, ssl->heap,
5585                DYNAMIC_TYPE_PUBLIC_KEY);
5586            XFREE(ssl->buffers.serverDH_G.buffer, ssl->heap,
5587                DYNAMIC_TYPE_PUBLIC_KEY);
5588        }
5589
5590        /* Assign the buffers and lengths to SSL. */
5591        ssl->buffers.serverDH_P.buffer = p;
5592        ssl->buffers.serverDH_G.buffer = g;
5593        ssl->buffers.serverDH_P.length = (unsigned int)pSz;
5594        ssl->buffers.serverDH_G.length = (unsigned int)gSz;
5595        /* We own the buffers. */
5596        ssl->buffers.weOwnDH = 1;
5597        /* We have a DH parameters to use. */
5598        ssl->options.haveDH = 1;
5599    }
5600
5601    /* Allocate space for cipher suites. */
5602    if ((ret == 1) && (AllocateSuites(ssl) != 0)) {
5603        ssl->buffers.serverDH_P.buffer = NULL;
5604        ssl->buffers.serverDH_G.buffer = NULL;
5605        ret = 0;
5606    }
5607    if (ret == 1) {
5608        /* Reset the cipher suites based on having a DH parameters now. */
5609        InitSuites(ssl->suites, ssl->version, SSL_KEY_SZ(ssl),
5610            WOLFSSL_HAVE_RSA, SSL_HAVE_PSK(ssl), ssl->options.haveDH,
5611            ssl->options.haveECDSAsig, ssl->options.haveECC, TRUE,
5612            ssl->options.haveStaticECC,
5613            ssl->options.useAnon, TRUE,
5614            TRUE, TRUE, TRUE, ssl->options.side);
5615    }
5616
5617    return ret;
5618}
5619
5620/* Set the temporary DH parameters against the SSL.
5621 *
5622 * @param [in, out] ssl   SSL object.
5623 * @param [in]      p     Buffer holding prime.
5624 * @param [in]      pSz   Length of prime in bytes.
5625 * @param [in]      g     Buffer holding generator.
5626 * @param [in]      gSz   Length of generator in bytes.
5627 * @return  1 on success.
5628 * @return  0 on failure.
5629 * @return  DH_KEY_SIZE_E when the prime is too short or long.
5630 * @return  SIDE_ERROR when the SSL is for a client.
5631 * @return  MEMORY_E when dynamic memory allocation fails.
5632 */
5633int wolfSSL_SetTmpDH(WOLFSSL* ssl, const unsigned char* p, int pSz,
5634    const unsigned char* g, int gSz)
5635{
5636    int ret = 1;
5637    byte* pAlloc = NULL;
5638    byte* gAlloc = NULL;
5639
5640    WOLFSSL_ENTER("wolfSSL_SetTmpDH");
5641
5642    /* Validate parameters. */
5643    if ((ssl == NULL) || (p == NULL) || (g == NULL)) {
5644        ret = 0;
5645    }
5646
5647    if (ret == 1) {
5648        /* Allocate buffers for p and g to be assigned into SSL. */
5649        pAlloc = (byte*)XMALLOC((size_t)pSz, ssl->heap,
5650            DYNAMIC_TYPE_PUBLIC_KEY);
5651        gAlloc = (byte*)XMALLOC((size_t)gSz, ssl->heap,
5652            DYNAMIC_TYPE_PUBLIC_KEY);
5653        if ((pAlloc == NULL) || (gAlloc == NULL)) {
5654            /* Memory will be freed below in the (ret != 1) block */
5655            ret = MEMORY_E;
5656        }
5657    }
5658    if (ret == 1) {
5659        /* Copy p and g into allocated buffers. */
5660        XMEMCPY(pAlloc, p, (size_t)pSz);
5661        XMEMCPY(gAlloc, g, (size_t)gSz);
5662        /* Set the buffers into SSL. */
5663        ret = wolfssl_set_tmp_dh(ssl, pAlloc, pSz, gAlloc, gSz);
5664    }
5665
5666    if (ret != 1 && ssl != NULL) {
5667        /* Free the allocated buffers if not assigned into SSL. */
5668        XFREE(pAlloc, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
5669        XFREE(gAlloc, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
5670    }
5671
5672    WOLFSSL_LEAVE("wolfSSL_SetTmpDH", ret);
5673    return ret;
5674}
5675
5676#if !defined(WOLFSSL_OLD_PRIME_CHECK) && !defined(HAVE_FIPS) && \
5677    !defined(HAVE_SELFTEST)
5678/* Check the DH parameters is valid.
5679 *
5680 * @param [in]      p     Buffer holding prime.
5681 * @param [in]      pSz   Length of prime in bytes.
5682 * @param [in]      g     Buffer holding generator.
5683 * @param [in]      gSz   Length of generator in bytes.
5684 * @return  1 on success.
5685 * @return  DH_CHECK_PUB_E when p is not a prime.
5686 * @return  BAD_FUNC_ARG when p or g is NULL, or pSz or gSz is 0.
5687 * @return  MEMORY_E when dynamic memory allocation fails.
5688 */
5689static int wolfssl_check_dh_key(unsigned char* p, int pSz, unsigned char* g,
5690    int gSz)
5691{
5692    WC_RNG rng;
5693    int ret = 0;
5694    WC_DECLARE_VAR(checkKey, DhKey, 1, 0);
5695
5696    WC_ALLOC_VAR_EX(checkKey, DhKey, 1, NULL, DYNAMIC_TYPE_DH,
5697        ret=MEMORY_E);
5698    /* Initialize a new random number generator. */
5699    if ((ret == 0) && ((ret = wc_InitRng(&rng)) == 0)) {
5700        /* Initialize a DH object. */
5701        if ((ret = wc_InitDhKey(checkKey)) == 0) {
5702            /* Check DH parameters. */
5703            ret = wc_DhSetCheckKey(checkKey, p, (word32)pSz, g, (word32)gSz,
5704                NULL, 0, 0, &rng);
5705            /* Dispose of DH object. */
5706            wc_FreeDhKey(checkKey);
5707        }
5708        /* Dispose of random number generator. */
5709        wc_FreeRng(&rng);
5710    }
5711
5712    WC_FREE_VAR_EX(checkKey, NULL, DYNAMIC_TYPE_DH);
5713    /* Convert wolfCrypt return code to 1 on success and ret on failure. */
5714    return WC_TO_WS_RC(ret);
5715}
5716#endif
5717
5718/* Set the temporary DH parameters against the SSL context.
5719 *
5720 * @param [in, out] ctx   SSL context object.
5721 * @param [in]      p     Buffer holding prime.
5722 * @param [in]      pSz   Length of prime in bytes.
5723 * @param [in]      g     Buffer holding generator.
5724 * @param [in]      gSz   Length of generator in bytes.
5725 * @return  1 on success.
5726 * @return  0 on failure.
5727 * @return  DH_KEY_SIZE_E when the prime is too short or long.
5728 * @return  SIDE_ERROR when the SSL is for a client.
5729 * @return  BAD_FUNC_ARG when ctx, p or g is NULL.
5730 * @return  DH_CHECK_PUB_E when p is not a prime.
5731 * @return  MEMORY_E when dynamic memory allocation fails.
5732 */
5733static int wolfssl_ctx_set_tmp_dh(WOLFSSL_CTX* ctx, unsigned char* p, int pSz,
5734    unsigned char* g, int gSz)
5735{
5736    int ret = 1;
5737
5738    WOLFSSL_ENTER("wolfSSL_CTX_SetTmpDH");
5739
5740    if ((ctx == NULL) || (p == NULL) || (g == NULL))
5741        ret = BAD_FUNC_ARG;
5742
5743    /* Check the size of the prime meets the requirements of the SSL context. */
5744    if (ret == 1) {
5745        if (((word16)pSz < ctx->minDhKeySz) || ((word16)pSz > ctx->maxDhKeySz)) {
5746            ret = DH_KEY_SIZE_E;
5747        }
5748    }
5749
5750#if !defined(WOLFSSL_OLD_PRIME_CHECK) && !defined(HAVE_FIPS) && \
5751    !defined(HAVE_SELFTEST)
5752    if (ret == 1) {
5753        /* Test DH parameters for validity. */
5754        ret = wolfssl_check_dh_key(p, pSz, g, gSz);
5755        /* Record as whether tested based on result of validity test. */
5756        ctx->dhKeyTested = (ret == 1);
5757    }
5758#endif
5759
5760    if (ret == 1) {
5761        /* Dispose of old DH parameters. */
5762        XFREE(ctx->serverDH_P.buffer, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY);
5763        XFREE(ctx->serverDH_G.buffer, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY);
5764        /* Assign the buffers and lengths to SSL context. */
5765        ctx->serverDH_P.buffer = p;
5766        ctx->serverDH_G.buffer = g;
5767        ctx->serverDH_P.length = (unsigned int)pSz;
5768        ctx->serverDH_G.length = (unsigned int)gSz;
5769        /* We have a DH parameters to use. */
5770        ctx->haveDH = 1;
5771    }
5772
5773    WOLFSSL_LEAVE("wolfSSL_CTX_SetTmpDH", 0);
5774    return ret;
5775}
5776
5777/* Set the temporary DH parameters against the SSL context.
5778 *
5779 * @param [in, out] ctx   SSL context object.
5780 * @param [in]      p     Buffer holding prime.
5781 * @param [in]      pSz   Length of prime in bytes.
5782 * @param [in]      g     Buffer holding generator.
5783 * @param [in]      gSz   Length of generator in bytes.
5784 * @return  1 on success.
5785 * @return  0 on failure.
5786 * @return  DH_KEY_SIZE_E when the prime is too short or long.
5787 * @return  SIDE_ERROR when the SSL is for a client.
5788 * @return  BAD_FUNC_ARG when ctx, p or g is NULL.
5789 * @return  DH_CHECK_PUB_E when p is not a prime.
5790 */
5791int wolfSSL_CTX_SetTmpDH(WOLFSSL_CTX* ctx, const unsigned char* p, int pSz,
5792                         const unsigned char* g, int gSz)
5793{
5794    int ret = 1;
5795    byte* pAlloc = NULL;
5796    byte* gAlloc = NULL;
5797
5798    /* Validate parameters. */
5799    if ((ctx == NULL) || (p == NULL) || (g == NULL)) {
5800        ret = BAD_FUNC_ARG;
5801    }
5802
5803    if (ret == 1) {
5804        /* Allocate buffers for p and g to be assigned into SSL context. */
5805        pAlloc = (byte*)XMALLOC((size_t)pSz, ctx->heap,
5806            DYNAMIC_TYPE_PUBLIC_KEY);
5807        gAlloc = (byte*)XMALLOC((size_t)gSz, ctx->heap,
5808            DYNAMIC_TYPE_PUBLIC_KEY);
5809        if ((pAlloc == NULL) || (gAlloc == NULL)) {
5810            ret = MEMORY_E;
5811        }
5812    }
5813
5814    if (ret == 1) {
5815        /* Copy p and g into allocated buffers. */
5816        XMEMCPY(pAlloc, p, (size_t)pSz);
5817        XMEMCPY(gAlloc, g, (size_t)gSz);
5818        /* Set the buffers into SSL context. */
5819        ret = wolfssl_ctx_set_tmp_dh(ctx, pAlloc, pSz, gAlloc, gSz);
5820    }
5821
5822    if ((ret != 1) && (ctx != NULL)) {
5823        /* Free the allocated buffers if not assigned into SSL context. */
5824        XFREE(pAlloc, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY);
5825        XFREE(gAlloc, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY);
5826    }
5827    return ret;
5828}
5829
5830#ifdef OPENSSL_EXTRA
5831/* Set the temporary DH parameters against the SSL.
5832 *
5833 * @param [in, out] ssl  SSL object.
5834 * @param [in]      dh   DH object.
5835 * @return  1 on success.
5836 * @return  0 on failure.
5837 * @return  WOLFSSL_FATAL_ERROR on failure.
5838 * @return  BAD_FUNC_ARG when ssl or dh is NULL.
5839 * @return  DH_KEY_SIZE_E when the prime is too short or long.
5840 * @return  SIDE_ERROR when the SSL is for a client.
5841 */
5842long wolfSSL_set_tmp_dh(WOLFSSL *ssl, WOLFSSL_DH *dh)
5843{
5844    int ret = 1;
5845    byte* p = NULL;
5846    byte* g = NULL;
5847    int pSz = 0;
5848    int gSz = 0;
5849
5850    WOLFSSL_ENTER("wolfSSL_set_tmp_dh");
5851
5852    /* Validate parameters. */
5853    if ((ssl == NULL) || (dh == NULL)) {
5854        ret = BAD_FUNC_ARG;
5855    }
5856
5857    if (ret == 1) {
5858        /* Get sizes of p and g. */
5859        pSz = wolfSSL_BN_bn2bin(dh->p, NULL);
5860        gSz = wolfSSL_BN_bn2bin(dh->g, NULL);
5861        /* Validate p and g size. */
5862        if ((pSz <= 0) || (gSz <= 0)) {
5863            ret = WOLFSSL_FATAL_ERROR;
5864        }
5865    }
5866
5867    if (ret == 1) {
5868        /* Allocate buffers for p and g to be assigned into SSL. */
5869        p = (byte*)XMALLOC((size_t)pSz, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
5870        g = (byte*)XMALLOC((size_t)gSz, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
5871        if ((p == NULL) || (g == NULL)) {
5872            ret = MEMORY_E;
5873        }
5874    }
5875    if (ret == 1) {
5876        /* Encode p and g and get sizes. */
5877        pSz = wolfSSL_BN_bn2bin(dh->p, p);
5878        gSz = wolfSSL_BN_bn2bin(dh->g, g);
5879        /* Check encoding worked. */
5880        if ((pSz <= 0) || (gSz <= 0)) {
5881            ret = WOLFSSL_FATAL_ERROR;
5882        }
5883    }
5884    if (ret == 1) {
5885        /* Set the buffers into SSL. */
5886        ret = wolfssl_set_tmp_dh(ssl, p, pSz, g, gSz);
5887    }
5888
5889    if ((ret != 1) && (ssl != NULL)) {
5890        /* Free the allocated buffers if not assigned into SSL. */
5891        XFREE(p, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
5892        XFREE(g, ssl->heap, DYNAMIC_TYPE_PUBLIC_KEY);
5893    }
5894    return ret;
5895}
5896
5897/* Set the temporary DH parameters object against the SSL context.
5898 *
5899 * @param [in, out] ctx     SSL context object.
5900 * @param [in]      dh      DH object.
5901 * @return  1 on success.
5902 * @return  0 on failure.
5903 * @return  DH_KEY_SIZE_E when the prime is too short or long.
5904 * @return  SIDE_ERROR when the SSL is for a client.
5905 * @return  BAD_FUNC_ARG when ctx, p or g is NULL.
5906 * @return  DH_CHECK_PUB_E when p is not a prime.
5907 */
5908long wolfSSL_CTX_set_tmp_dh(WOLFSSL_CTX* ctx, WOLFSSL_DH* dh)
5909{
5910    int ret = 1;
5911    int pSz = 0;
5912    int gSz = 0;
5913    byte* p = NULL;
5914    byte* g = NULL;
5915
5916    WOLFSSL_ENTER("wolfSSL_CTX_set_tmp_dh");
5917
5918    /* Validate parameters. */
5919    if ((ctx == NULL) || (dh == NULL)) {
5920        ret = BAD_FUNC_ARG;
5921    }
5922
5923    if (ret == 1) {
5924        /* Get sizes of p and g. */
5925        pSz = wolfSSL_BN_bn2bin(dh->p, NULL);
5926        gSz = wolfSSL_BN_bn2bin(dh->g, NULL);
5927        /* Validate p and g size. */
5928        if ((pSz <= 0) || (gSz <= 0)) {
5929            ret = WOLFSSL_FATAL_ERROR;
5930        }
5931    }
5932
5933    if (ret == 1) {
5934        /* Allocate buffers for p and g to be assigned into SSL. */
5935        p = (byte*)XMALLOC((size_t)pSz, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY);
5936        g = (byte*)XMALLOC((size_t)gSz, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY);
5937        if ((p == NULL) || (g == NULL)) {
5938            ret = MEMORY_E;
5939        }
5940    }
5941
5942    if (ret == 1) {
5943        /* Encode p and g and get sizes. */
5944        pSz = wolfSSL_BN_bn2bin(dh->p, p);
5945        gSz = wolfSSL_BN_bn2bin(dh->g, g);
5946        /* Check encoding worked. */
5947        if ((pSz <= 0) || (gSz <= 0)) {
5948            ret = WOLFSSL_FATAL_ERROR;
5949        }
5950    }
5951    if (ret == 1) {
5952        /* Set the buffers into SSL context. */
5953        ret = wolfssl_ctx_set_tmp_dh(ctx, p, pSz, g, gSz);
5954    }
5955
5956    if ((ret != 1) && (ctx != NULL)) {
5957        /* Free the allocated buffers if not assigned into SSL. */
5958        XFREE(p, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY);
5959        XFREE(g, ctx->heap, DYNAMIC_TYPE_PUBLIC_KEY);
5960    }
5961    return ret;
5962}
5963
5964#endif /* OPENSSL_EXTRA */
5965
5966#ifndef NO_CERTS
5967
5968/* Set the temporary DH parameters against the SSL context or SSL.
5969 *
5970 * @param [in, out] ctx     SSL context object.
5971 * @param [in, out] ssl     SSL object.
5972 * @param [in]      buf     Buffer holding encoded DH parameters.
5973 * @param [in]      sz      Size of encoded DH parameters.
5974 * @param [in]      format  Format of data:
5975 *                            WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1.
5976 * @return  1 on success.
5977 * @return  0 on failure.
5978 * @return  BAD_FUNC_ARG when ctx and ssl NULL or buf is NULL.
5979 * @return  NOT_COMPLED_IN when format is PEM but PEM is not supported.
5980 * @return  WOLFSSL_BAD_FILETYPE if format is not supported.
5981 */
5982static int ws_ctx_ssl_set_tmp_dh(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
5983    const unsigned char* buf, long sz, int format)
5984{
5985    DerBuffer* der = NULL;
5986    int res = 1;
5987    int ret;
5988    /* p and g size to allocate set to maximum valid size. */
5989    word32 pSz = MAX_DH_SIZE;
5990    word32 gSz = MAX_DH_SIZE;
5991    byte* p = NULL;
5992    byte* g = NULL;
5993    void* heap = WOLFSSL_HEAP(ctx, ssl);
5994
5995    /* Validate parameters. */
5996    if (((ctx == NULL) && (ssl == NULL)) || (buf == NULL)) {
5997        res = BAD_FUNC_ARG;
5998    }
5999    /* Check format is supported. */
6000    if ((res == 1) && (format != WOLFSSL_FILETYPE_ASN1)) {
6001        if (format != WOLFSSL_FILETYPE_PEM) {
6002            res = WOLFSSL_BAD_FILETYPE;
6003        }
6004    #ifndef WOLFSSL_PEM_TO_DER
6005        else {
6006            res = NOT_COMPILED_IN;
6007        }
6008    #endif
6009    }
6010
6011    /* PemToDer allocates its own DER buffer. */
6012    if ((res == 1) && (format != WOLFSSL_FILETYPE_PEM)) {
6013        /* Create a DER buffer and copy in the encoded DH parameters. */
6014        ret = AllocDer(&der, (word32)sz, DH_PARAM_TYPE, heap);
6015        if (ret == 0) {
6016            XMEMCPY(der->buffer, buf, (word32)sz);
6017        }
6018        else {
6019            res = ret;
6020        }
6021    }
6022
6023    if (res == 1) {
6024        /* Allocate enough memory to p and g to support valid use cases. */
6025        p = (byte*)XMALLOC(pSz, heap, DYNAMIC_TYPE_PUBLIC_KEY);
6026        g = (byte*)XMALLOC(gSz, heap, DYNAMIC_TYPE_PUBLIC_KEY);
6027        if ((p == NULL) || (g == NULL)) {
6028            res = MEMORY_E;
6029        }
6030    }
6031
6032#ifdef WOLFSSL_PEM_TO_DER
6033    if ((res == 1) && (format == WOLFSSL_FILETYPE_PEM)) {
6034        /* Convert from PEM to DER. */
6035        /* Try converting DH parameters from PEM to DER. */
6036        ret = PemToDer(buf, sz, DH_PARAM_TYPE, &der, heap, NULL, NULL);
6037        if (ret < 0) {
6038            /* Otherwise, try converting X9.43 format DH parameters. */
6039            ret = PemToDer(buf, sz, X942_PARAM_TYPE, &der, heap, NULL, NULL);
6040        }
6041    #if defined(WOLFSSL_WPAS) && !defined(NO_DSA)
6042        if (ret < 0) {
6043            /* Otherwise, try converting DSA parameters. */
6044            ret = PemToDer(buf, sz, DSA_PARAM_TYPE, &der, heap, NULL, NULL);
6045        }
6046    #endif /* WOLFSSL_WPAS && !NO_DSA */
6047       if (ret < 0) {
6048           /* Return error from conversion. */
6049           res = ret;
6050       }
6051    }
6052#endif /* WOLFSSL_PEM_TO_DER */
6053
6054    if (res == 1) {
6055        /* Get the p and g from the DER encoded parameters. */
6056        if (wc_DhParamsLoad(der->buffer, der->length, p, &pSz, g, &gSz) < 0) {
6057            res = WOLFSSL_BAD_FILETYPE;
6058        }
6059        else if (ssl != NULL) {
6060            /* Set p and g into SSL. */
6061            res = wolfssl_set_tmp_dh(ssl, p, (int)pSz, g, (int)gSz);
6062        }
6063        else {
6064            /* Set p and g into SSL context. */
6065            res = wolfssl_ctx_set_tmp_dh(ctx, p, (int)pSz, g, (int)gSz);
6066        }
6067    }
6068
6069    /* Dispose of the DER buffer. */
6070    FreeDer(&der);
6071    if (res != 1) {
6072        /* Free the allocated buffers if not assigned into SSL or context. */
6073        XFREE(p, heap, DYNAMIC_TYPE_PUBLIC_KEY);
6074        XFREE(g, heap, DYNAMIC_TYPE_PUBLIC_KEY);
6075    }
6076    return res;
6077}
6078
6079
6080/* Set the temporary DH parameters against the SSL.
6081 *
6082 * @param [in, out] ssl     SSL object.
6083 * @param [in]      buf     Buffer holding encoded DH parameters.
6084 * @param [in]      sz      Size of encoded DH parameters.
6085 * @param [in]      format  Format of data:
6086 *                            WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1.
6087 * @return  1 on success.
6088 * @return  BAD_FUNC_ARG when ssl or buf is NULL.
6089 * @return  NOT_COMPLED_IN when format is PEM but PEM is not supported.
6090 * @return  WOLFSSL_BAD_FILETYPE if format is not supported.
6091 */
6092int wolfSSL_SetTmpDH_buffer(WOLFSSL* ssl, const unsigned char* buf, long sz,
6093    int format)
6094{
6095    return ws_ctx_ssl_set_tmp_dh(NULL, ssl, buf, sz, format);
6096}
6097
6098
6099/* Set the temporary DH parameters against the SSL context.
6100 *
6101 * @param [in, out] ctx     SSL context object.
6102 * @param [in]      buf     Buffer holding encoded DH parameters.
6103 * @param [in]      sz      Size of encoded DH parameters.
6104 * @param [in]      format  Format of data:
6105 *                            WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1.
6106 * @return  1 on success.
6107 * @return  BAD_FUNC_ARG when ctx or buf is NULL.
6108 * @return  NOT_COMPLED_IN when format is PEM but PEM is not supported.
6109 * @return  WOLFSSL_BAD_FILETYPE if format is not supported.
6110 */
6111int wolfSSL_CTX_SetTmpDH_buffer(WOLFSSL_CTX* ctx, const unsigned char* buf,
6112    long sz, int format)
6113{
6114    return ws_ctx_ssl_set_tmp_dh(ctx, NULL, buf, sz, format);
6115}
6116
6117#ifndef NO_FILESYSTEM
6118
6119/* Set the temporary DH parameters file against the SSL context or SSL.
6120 *
6121 * @param [in, out] ctx     SSL context object.
6122 * @param [in, out] ssl     SSL object.
6123 * @param [in]      fname   Name of file to load.
6124 * @param [in]      format  Format of data:
6125 *                            WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1.
6126 * @return  1 on success.
6127 * @return  BAD_FUNC_ARG when ctx and ssl NULL or fname is NULL.
6128 * @return  NOT_COMPLED_IN when format is PEM but PEM is not supported.
6129 * @return  WOLFSSL_BAD_FILETYPE if format is not supported.
6130 */
6131static int ws_ctx_ssl_set_tmp_dh_file(WOLFSSL_CTX* ctx, WOLFSSL* ssl,
6132    const char* fname, int format)
6133{
6134    int    res = 1;
6135    int    ret;
6136#ifndef WOLFSSL_SMALL_STACK
6137    byte   stackBuffer[FILE_BUFFER_SIZE];
6138#endif
6139    StaticBuffer dhFile;
6140    long   sz = 0;
6141    void*  heap = WOLFSSL_HEAP(ctx, ssl);
6142
6143    /* Setup buffer to hold file contents. */
6144#ifdef WOLFSSL_SMALL_STACK
6145    static_buffer_init(&dhFile);
6146#else
6147    static_buffer_init(&dhFile, stackBuffer, FILE_BUFFER_SIZE);
6148#endif
6149
6150    /* Validate parameters. */
6151    if (((ctx == NULL) && (ssl == NULL)) || (fname == NULL)) {
6152        res = BAD_FUNC_ARG;
6153    }
6154
6155    if (res == 1) {
6156        /* Read file into static buffer. */
6157        ret = wolfssl_read_file_static(fname, &dhFile, heap, DYNAMIC_TYPE_FILE,
6158            &sz);
6159        if (ret != 0) {
6160            res = ret;
6161        }
6162    }
6163    if (res == 1) {
6164        if (ssl != NULL) {
6165            /* Set encoded DH parameters into SSL. */
6166            res = wolfSSL_SetTmpDH_buffer(ssl, dhFile.buffer, sz, format);
6167        }
6168        else {
6169            /* Set encoded DH parameters into SSL context. */
6170            res = wolfSSL_CTX_SetTmpDH_buffer(ctx, dhFile.buffer, sz, format);
6171        }
6172    }
6173
6174    /* Dispose of any dynamically allocated data. */
6175    static_buffer_free(&dhFile, heap, DYNAMIC_TYPE_FILE);
6176    return res;
6177}
6178
6179/* Set the temporary DH parameters file against the SSL.
6180 *
6181 * @param [in, out] ssl     SSL object.
6182 * @param [in]      fname   Name of file to load.
6183 * @param [in]      format  Format of data:
6184 *                            WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1.
6185 * @return  1 on success.
6186 * @return  BAD_FUNC_ARG when ssl or fname is NULL.
6187 * @return  NOT_COMPLED_IN when format is PEM but PEM is not supported.
6188 * @return  WOLFSSL_BAD_FILETYPE if format is not supported.
6189 */
6190int wolfSSL_SetTmpDH_file(WOLFSSL* ssl, const char* fname, int format)
6191{
6192    return ws_ctx_ssl_set_tmp_dh_file(NULL, ssl, fname, format);
6193}
6194
6195
6196/* Set the temporary DH parameters file against the SSL context.
6197 *
6198 * @param [in, out] ctx     SSL context object.
6199 * @param [in]      fname   Name of file to load.
6200 * @param [in]      format  Format of data:
6201 *                            WOLFSSL_FILETYPE_PEM or WOLFSSL_FILETYPE_ASN1.
6202 * @return  1 on success.
6203 * @return  BAD_FUNC_ARG when ctx or fname is NULL.
6204 * @return  NOT_COMPLED_IN when format is PEM but PEM is not supported.
6205 * @return  WOLFSSL_BAD_FILETYPE if format is not supported.
6206 */
6207int wolfSSL_CTX_SetTmpDH_file(WOLFSSL_CTX* ctx, const char* fname, int format)
6208{
6209    return ws_ctx_ssl_set_tmp_dh_file(ctx, NULL, fname, format);
6210}
6211
6212#endif /* NO_FILESYSTEM */
6213
6214#endif /* NO_CERTS */
6215
6216#endif /* !NO_DH */
6217
6218#endif /* !WOLFSSL_SSL_LOAD_INCLUDED */
6219