1
10
13
14
20
21
22
23
24
25
26
27
28
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
126
127
128
129
130
131
135
136
141
142
143
144
145
146
147
148
149
158
159
160
162
163
164
167
168
169
170
171
172
175
176
177
181
182
183
192
193
195
196
197
203
204
205
206
207
208
209
210
211
212
213
242
243
245
246
247
248
249
250
251
252
253
254
255
259
260
261
262
267
268
269
270
271
272
273
277
278
279
280
281
282
283
284
285
286
287
291
292
293
294
302
303
304
308
309
310
311
312
313
314
315
316
317
318
319
320
324
325
326
327
328
329
330
331
335
336
337
344
345
346
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
377
387
388
393
397
398
399
400
401
402
403
404
405
406
407
408
409
410
414
415
416
417
418
426
427
428
429
430
431
432
433
434
435
436
437
444
445
446
447
448
449
461
462
463
481
482
483
484
485
486
487
488
489
490
494
495
496
497
498
499
510
511
512
513
519
520
521
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
582
583
587
588
589
590
591
596
597
605
613
614
615
616
617
622
623
624
625
626
627
631
632
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
671
673
674
675
676
677
...
...
...
#define NX_SECURE_SOURCE_CODE
#include "nx_secure_tls.h"
#ifdef NX_SECURE_ENABLE_ECC_CIPHERSUITE
static UINT _nx_secure_tls_check_ciphersuite(const NX_SECURE_TLS_CIPHERSUITE_INFO *ciphersuite_info,
NX_SECURE_X509_CERT *cert, UINT selected_curve,
UINT cert_curve_supported);
/* ... */
#endif
...
...
UINT _nx_secure_tls_process_clienthello(NX_SECURE_TLS_SESSION *tls_session, UCHAR *packet_buffer,
UINT message_length)
{
UINT length;
USHORT ciphersuite_list_length;
UCHAR compression_methods_length;
USHORT cipher_entry;
UCHAR session_id_length;
UINT i;
UINT status;
USHORT protocol_version;
USHORT newest_version;
UINT total_extensions_length;
const NX_SECURE_TLS_CIPHERSUITE_INFO *ciphersuite_info;
USHORT ciphersuite_priority;
USHORT new_ciphersuite_priority = 0;
NX_SECURE_TLS_HELLO_EXTENSION extension_data[NX_SECURE_TLS_HELLO_EXTENSIONS_MAX];
UINT num_extensions = NX_SECURE_TLS_HELLO_EXTENSIONS_MAX;
UCHAR *ciphersuite_list;
#ifdef NX_SECURE_ENABLE_ECC_CIPHERSUITE
NX_SECURE_X509_CERT *cert;
UINT selected_curve;
UINT cert_curve;
UINT cert_curve_supported;
NX_SECURE_EC_PUBLIC_KEY *ec_pubkey;
NX_SECURE_TLS_ECDHE_HANDSHAKE_DATA *ecdhe_data;/* ... */
#endif
#if (NX_SECURE_TLS_TLS_1_3_ENABLED)
USHORT tls_1_3 = tls_session -> nx_secure_tls_1_3;
#endif
/* ... */
if (message_length < 38)
{
return(NX_SECURE_TLS_INCORRECT_MESSAGE_LENGTH);
}if (message_length < 38) { ... }
length = 0;
if (tls_session -> nx_secure_tls_local_session_active)
{
#if (NX_SECURE_TLS_TLS_1_3_ENABLED)
if (tls_session->nx_secure_tls_1_3 == NX_TRUE)
{
/* ... */
return(NX_SECURE_TLS_UNEXPECTED_CLIENTHELLO);
}if (tls_session->nx_secure_tls_1_3 == NX_TRUE) { ... }
/* ... */#endif
#if !defined(NX_SECURE_TLS_DISABLE_SECURE_RENEGOTIATION)
/* ... */
if (tls_session -> nx_secure_tls_renegotation_enabled && tls_session -> nx_secure_tls_secure_renegotiation
#if defined(NX_SECURE_TLS_DISABLE_CLIENT_INITIATED_RENEGOTIATION)
/* ... */
&& tls_session -> nx_secure_tls_server_renegotiation_requested/* ... */
#endif
)
{
tls_session -> nx_secure_tls_renegotiation_handshake = NX_TRUE;
/* ... */
status = _nx_secure_tls_remote_certificate_free_all(tls_session);
if (status != NX_SUCCESS)
{
return(status);
}if (status != NX_SUCCESS) { ... }
if (tls_session -> nx_secure_tls_session_renegotiation_callback != NX_NULL)
{
status = tls_session -> nx_secure_tls_session_renegotiation_callback(tls_session);
if (status != NX_SUCCESS)
{
return(status);
}if (status != NX_SUCCESS) { ... }
}if (tls_session -> nx_secure_tls_session_renegotiation_callback != NX_NULL) { ... }
/* ... */
tls_session -> nx_secure_tls_server_renegotiation_requested = NX_FALSE;
}if (tls_session -> nx_secure_tls_renegotation_enabled && tls_session -> nx_secure_tls_secure_renegotiation #if defined(NX_SECURE_TLS_DISABLE_CLIENT_INITIATED_RENEGOTIATION) /* If client initiated renegotiation is disabled for TLS servers, only allow server-initiated renegotiations requested by the server itself. */ && tls_session -> nx_secure_tls_server_renegotiation_requested #endif) { ... }
else
#endif
{
return(NX_SECURE_TLS_NO_RENEGOTIATION_ERROR);
}else { ... }
}if (tls_session -> nx_secure_tls_local_session_active) { ... }
protocol_version = (USHORT)((packet_buffer[length] << 8) | packet_buffer[length + 1]);
length += 2;
#if (NX_SECURE_TLS_TLS_1_3_ENABLED)
if (tls_session->nx_secure_tls_1_3 == NX_FALSE)
#endif
{
status = _nx_secure_tls_check_protocol_version(tls_session, protocol_version, NX_SECURE_TLS);
if (status != NX_SECURE_TLS_SUCCESS)
{
/* ... */
if (status == NX_SECURE_TLS_UNSUPPORTED_TLS_VERSION || tls_session -> nx_secure_tls_local_session_active)
{
/* ... */
_nx_secure_tls_highest_supported_version_negotiate(tls_session, &protocol_version, NX_SECURE_TLS);
if (protocol_version == 0x0)
{
return(NX_SECURE_TLS_UNSUPPORTED_TLS_VERSION);
}if (protocol_version == 0x0) { ... }
}if (status == NX_SECURE_TLS_UNSUPPORTED_TLS_VERSION || tls_session -> nx_secure_tls_local_session_active) { ... }
else
{
return(status);
}else { ... }
}if (status != NX_SECURE_TLS_SUCCESS) { ... }
...}
/* ... */
tls_session -> nx_secure_tls_protocol_version = protocol_version;
NX_SECURE_MEMCPY(tls_session -> nx_secure_tls_key_material.nx_secure_tls_client_random, &packet_buffer[length], NX_SECURE_TLS_RANDOM_SIZE);
length += NX_SECURE_TLS_RANDOM_SIZE;
session_id_length = packet_buffer[length];
length++;
if ((length + session_id_length) > message_length)
{
return(NX_SECURE_TLS_INCORRECT_MESSAGE_LENGTH);
}if ((length + session_id_length) > message_length) { ... }
tls_session -> nx_secure_tls_session_id_length = session_id_length;
if (session_id_length > 0)
{
NX_SECURE_MEMCPY(tls_session -> nx_secure_tls_session_id, &packet_buffer[length], session_id_length);
length += session_id_length;
}if (session_id_length > 0) { ... }
ciphersuite_list_length = (USHORT)((packet_buffer[length] << 8) + packet_buffer[length + 1]);
length += 2;
if (ciphersuite_list_length < 2 || (length + ciphersuite_list_length) > message_length)
{
return(NX_SECURE_TLS_INCORRECT_MESSAGE_LENGTH);
}if (ciphersuite_list_length < 2 || (length + ciphersuite_list_length) > message_length) { ... }
ciphersuite_list = &packet_buffer[length];
length += ciphersuite_list_length;
compression_methods_length = packet_buffer[length];
length++;
if ((length + compression_methods_length) > message_length)
{
return(NX_SECURE_TLS_INCORRECT_MESSAGE_LENGTH);
}if ((length + compression_methods_length) > message_length) { ... }
status = NX_SECURE_TLS_BAD_COMPRESSION_METHOD;
for (i = 0; i < compression_methods_length; ++i)
{
if (packet_buffer[length + i] == 0x0)
{
status = NX_SUCCESS;
break;
}if (packet_buffer[length + i] == 0x0) { ... }
}for (i = 0; i < compression_methods_length; ++i) { ... }
if (status != NX_SUCCESS)
{
return(status);
}if (status != NX_SUCCESS) { ... }
length += compression_methods_length;
if (message_length >= (length + 2))
{
total_extensions_length = (USHORT)((packet_buffer[length] << 8) + packet_buffer[length + 1]);
length += 2;
if ((length + total_extensions_length) > message_length)
{
return(NX_SECURE_TLS_INCORRECT_MESSAGE_LENGTH);
}if ((length + total_extensions_length) > message_length) { ... }
if (total_extensions_length > 0)
{
status = _nx_secure_tls_process_clienthello_extensions(tls_session, &packet_buffer[length], total_extensions_length, extension_data, &num_extensions, packet_buffer, message_length);
if (status != NX_SUCCESS)
{
return(status);
}if (status != NX_SUCCESS) { ... }
#if (NX_SECURE_TLS_TLS_1_3_ENABLED)
if (tls_session -> nx_secure_tls_1_3 != tls_1_3)
{
return(status);
}if (tls_session -> nx_secure_tls_1_3 != tls_1_3) { ... }
/* ... */#endif
if (tls_session -> nx_secure_tls_session_server_callback != NX_NULL)
{
status = tls_session -> nx_secure_tls_session_server_callback(tls_session, extension_data, num_extensions);
if (status != NX_SUCCESS)
{
return(status);
}if (status != NX_SUCCESS) { ... }
}if (tls_session -> nx_secure_tls_session_server_callback != NX_NULL) { ... }
}if (total_extensions_length > 0) { ... }
}if (message_length >= (length + 2)) { ... }
#if !defined(NX_SECURE_TLS_DISABLE_SECURE_RENEGOTIATION)
if ((tls_session -> nx_secure_tls_renegotiation_handshake) && (!tls_session -> nx_secure_tls_secure_renegotiation_verified))
{
return(NX_SECURE_TLS_RENEGOTIATION_EXTENSION_ERROR);
}if ((tls_session -> nx_secure_tls_renegotiation_handshake) && (!tls_session -> nx_secure_tls_secure_renegotiation_verified)) { ... }
tls_session -> nx_secure_tls_secure_renegotiation_verified = NX_FALSE;/* ... */
#endif
#ifdef NX_SECURE_ENABLE_ECC_CIPHERSUITE
if (tls_session -> nx_secure_tls_credentials.nx_secure_tls_active_certificate != NX_NULL)
{
cert = tls_session -> nx_secure_tls_credentials.nx_secure_tls_active_certificate;
}if (tls_session -> nx_secure_tls_credentials.nx_secure_tls_active_certificate != NX_NULL) { ... }
else
{
status = _nx_secure_x509_local_device_certificate_get(&tls_session -> nx_secure_tls_credentials.nx_secure_tls_certificate_store,
NX_NULL, &cert);
if (status != NX_SUCCESS)
{
cert = NX_NULL;
}if (status != NX_SUCCESS) { ... }
}else { ... }
if (cert != NX_NULL && cert -> nx_secure_x509_public_algorithm == NX_SECURE_TLS_X509_TYPE_EC)
{
ec_pubkey = &cert -> nx_secure_x509_public_key.ec_public_key;
cert_curve = ec_pubkey -> nx_secure_ec_named_curve;
}if (cert != NX_NULL && cert -> nx_secure_x509_public_algorithm == NX_SECURE_TLS_X509_TYPE_EC) { ... }
else
{
cert_curve = 0;
}else { ... }
ecdhe_data = (NX_SECURE_TLS_ECDHE_HANDSHAKE_DATA *)tls_session -> nx_secure_tls_key_material.nx_secure_tls_new_key_material_data;
status = _nx_secure_tls_proc_clienthello_sec_sa_extension(tls_session,
extension_data,
num_extensions,
&selected_curve,
(USHORT)cert_curve, &cert_curve_supported,
&ecdhe_data -> nx_secure_tls_ecdhe_signature_algorithm,
cert);
if (status != NX_SUCCESS)
{
return(status);
}if (status != NX_SUCCESS) { ... }
ecdhe_data -> nx_secure_tls_ecdhe_named_curve = selected_curve;
if (cert != NX_NULL && cert -> nx_secure_x509_public_algorithm == NX_SECURE_TLS_X509_TYPE_EC)
{
if (cert_curve_supported == NX_FALSE)
{
return(NX_SECURE_TLS_NO_SUPPORTED_CIPHERS);
}if (cert_curve_supported == NX_FALSE) { ... }
}if (cert != NX_NULL && cert -> nx_secure_x509_public_algorithm == NX_SECURE_TLS_X509_TYPE_EC) { ... }
/* ... */#endif
ciphersuite_priority = (USHORT)(0xFFFFFFFF);
for (i = 0; i < ciphersuite_list_length; i += 2)
{
cipher_entry = (USHORT)((ciphersuite_list[i] << 8) + ciphersuite_list[i + 1]);
#if (NX_SECURE_TLS_TLS_1_3_ENABLED)
if ((tls_session -> nx_secure_tls_1_3 == NX_TRUE) ^ (ciphersuite_list[i] == 0x13))
{
continue;
}if ((tls_session -> nx_secure_tls_1_3 == NX_TRUE) ^ (ciphersuite_list[i] == 0x13)) { ... }
/* ... */#endif
status = _nx_secure_tls_ciphersuite_lookup(tls_session, cipher_entry, &ciphersuite_info, &new_ciphersuite_priority);
if ((status == NX_SUCCESS) && (new_ciphersuite_priority < ciphersuite_priority))
{
#ifdef NX_SECURE_ENABLE_ECC_CIPHERSUITE
if (NX_SUCCESS == _nx_secure_tls_check_ciphersuite(ciphersuite_info, cert, selected_curve, cert_curve_supported))
#endif
{
/* ... */
tls_session -> nx_secure_tls_session_ciphersuite = ciphersuite_info;
ciphersuite_priority = new_ciphersuite_priority;
...}
}if ((status == NX_SUCCESS) && (new_ciphersuite_priority < ciphersuite_priority)) { ... }
#if !defined(NX_SECURE_TLS_DISABLE_SECURE_RENEGOTIATION)
if (cipher_entry == TLS_EMPTY_RENEGOTIATION_INFO_SCSV)
{
if (tls_session -> nx_secure_tls_renegotiation_handshake)
{
/* ... */
return(NX_SECURE_TLS_RENEGOTIATION_EXTENSION_ERROR);
}if (tls_session -> nx_secure_tls_renegotiation_handshake) { ... }
else
{
/* ... */
tls_session -> nx_secure_tls_secure_renegotiation = NX_TRUE;
}else { ... }
}if (cipher_entry == TLS_EMPTY_RENEGOTIATION_INFO_SCSV) { ... }
/* ... */#endif
if (cipher_entry == TLS_FALLBACK_NOTIFY_SCSV)
{
_nx_secure_tls_newest_supported_version(tls_session, &newest_version, NX_SECURE_TLS);
if (protocol_version != newest_version)
{
return(NX_SECURE_TLS_INAPPROPRIATE_FALLBACK);
}if (protocol_version != newest_version) { ... }
}if (cipher_entry == TLS_FALLBACK_NOTIFY_SCSV) { ... }
}for (i = 0; i < ciphersuite_list_length; i += 2) { ... }
#if !defined(NX_SECURE_TLS_DISABLE_SECURE_RENEGOTIATION) && defined(NX_SECURE_TLS_REQUIRE_RENEGOTIATION_EXT)
#if (NX_SECURE_TLS_TLS_1_3_ENABLED)
if (!tls_session -> nx_secure_tls_1_3)
#endif
{
if ((tls_session -> nx_secure_tls_renegotation_enabled) && (!tls_session -> nx_secure_tls_secure_renegotiation))
{
return(NX_SECURE_TLS_RENEGOTIATION_EXTENSION_ERROR);
}if ((tls_session -> nx_secure_tls_renegotation_enabled) && (!tls_session -> nx_secure_tls_secure_renegotiation)) { ... }
...}/* ... */
#endif
if (tls_session -> nx_secure_tls_session_ciphersuite == NX_NULL)
{
return(NX_SECURE_TLS_NO_SUPPORTED_CIPHERS);
}if (tls_session -> nx_secure_tls_session_ciphersuite == NX_NULL) { ... }
#ifdef NX_SECURE_TLS_SERVER_DISABLED
tls_session -> nx_secure_tls_client_state = NX_SECURE_TLS_CLIENT_STATE_ERROR;
return(NX_SECURE_TLS_INVALID_STATE);/* ... */
#else
return(NX_SUCCESS);
#endif
}{ ... }
...
...
#ifdef NX_SECURE_ENABLE_ECC_CIPHERSUITE
static UINT _nx_secure_tls_check_ciphersuite(const NX_SECURE_TLS_CIPHERSUITE_INFO *ciphersuite_info,
NX_SECURE_X509_CERT *cert, UINT selected_curve,
UINT cert_curve_supported)
{
if (ciphersuite_info -> nx_secure_tls_public_cipher == NX_NULL)
{
return(NX_SUCCESS);
}if (ciphersuite_info -> nx_secure_tls_public_cipher == NX_NULL) { ... }
if (ciphersuite_info -> nx_secure_tls_public_auth == NX_NULL)
{
return(NX_SUCCESS);
}if (ciphersuite_info -> nx_secure_tls_public_auth == NX_NULL) { ... }
switch (ciphersuite_info -> nx_secure_tls_public_cipher -> nx_crypto_algorithm)
{
case NX_CRYPTO_KEY_EXCHANGE_ECDHE:
if (selected_curve == 0 || cert == NX_NULL)
{
return(NX_SECURE_TLS_UNSUPPORTED_PUBLIC_CIPHER);
}if (selected_curve == 0 || cert == NX_NULL) { ... }
if (ciphersuite_info -> nx_secure_tls_public_auth -> nx_crypto_algorithm == NX_CRYPTO_DIGITAL_SIGNATURE_ECDSA)
{
if (cert -> nx_secure_x509_public_algorithm != NX_SECURE_TLS_X509_TYPE_EC)
{
return(NX_SECURE_TLS_UNSUPPORTED_PUBLIC_CIPHER);
}if (cert -> nx_secure_x509_public_algorithm != NX_SECURE_TLS_X509_TYPE_EC) { ... }
}if (ciphersuite_info -> nx_secure_tls_public_auth -> nx_crypto_algorithm == NX_CRYPTO_DIGITAL_SIGNATURE_ECDSA) { ... }
else
{
if (cert -> nx_secure_x509_public_algorithm != NX_SECURE_TLS_X509_TYPE_RSA)
{
return(NX_SECURE_TLS_UNSUPPORTED_PUBLIC_CIPHER);
}if (cert -> nx_secure_x509_public_algorithm != NX_SECURE_TLS_X509_TYPE_RSA) { ... }
}else { ... }
break;
case NX_CRYPTO_KEY_EXCHANGE_ECDHE:
case NX_CRYPTO_KEY_EXCHANGE_ECDH:
if (selected_curve == 0)
{
return(NX_SECURE_TLS_UNSUPPORTED_PUBLIC_CIPHER);
}if (selected_curve == 0) { ... }
if (ciphersuite_info -> nx_secure_tls_public_auth -> nx_crypto_algorithm != NX_CRYPTO_DIGITAL_SIGNATURE_ANONYMOUS)
{
if (cert == NX_NULL || cert -> nx_secure_x509_public_algorithm != NX_SECURE_TLS_X509_TYPE_EC)
{
return(NX_SECURE_TLS_UNSUPPORTED_PUBLIC_CIPHER);
}if (cert == NX_NULL || cert -> nx_secure_x509_public_algorithm != NX_SECURE_TLS_X509_TYPE_EC) { ... }
if (cert_curve_supported == NX_FALSE)
{
return(NX_SECURE_TLS_UNSUPPORTED_PUBLIC_CIPHER);
}if (cert_curve_supported == NX_FALSE) { ... }
if (ciphersuite_info -> nx_secure_tls_public_auth -> nx_crypto_algorithm == NX_CRYPTO_DIGITAL_SIGNATURE_ECDSA)
{
if (cert -> nx_secure_x509_signature_algorithm != NX_SECURE_TLS_X509_TYPE_ECDSA_SHA_1 &&
cert -> nx_secure_x509_signature_algorithm != NX_SECURE_TLS_X509_TYPE_ECDSA_SHA_224 &&
cert -> nx_secure_x509_signature_algorithm != NX_SECURE_TLS_X509_TYPE_ECDSA_SHA_256 &&
cert -> nx_secure_x509_signature_algorithm != NX_SECURE_TLS_X509_TYPE_ECDSA_SHA_384 &&
cert -> nx_secure_x509_signature_algorithm != NX_SECURE_TLS_X509_TYPE_ECDSA_SHA_512)
{
return(NX_SECURE_TLS_UNSUPPORTED_PUBLIC_CIPHER);
}if (cert -> nx_secure_x509_signature_algorithm != NX_SECURE_TLS_X509_TYPE_ECDSA_SHA_1 && cert -> nx_secure_x509_signature_algorithm != NX_SECURE_TLS_X509_TYPE_ECDSA_SHA_224 && cert -> nx_secure_x509_signature_algorithm != NX_SECURE_TLS_X509_TYPE_ECDSA_SHA_256 && cert -> nx_secure_x509_signature_algorithm != NX_SECURE_TLS_X509_TYPE_ECDSA_SHA_384 && cert -> nx_secure_x509_signature_algorithm != NX_SECURE_TLS_X509_TYPE_ECDSA_SHA_512) { ... }
}if (ciphersuite_info -> nx_secure_tls_public_auth -> nx_crypto_algorithm == NX_CRYPTO_DIGITAL_SIGNATURE_ECDSA) { ... }
else
{
if (cert -> nx_secure_x509_signature_algorithm != NX_SECURE_TLS_X509_TYPE_RSA_MD5 &&
cert -> nx_secure_x509_signature_algorithm != NX_SECURE_TLS_X509_TYPE_RSA_SHA_1 &&
cert -> nx_secure_x509_signature_algorithm != NX_SECURE_TLS_X509_TYPE_RSA_SHA_256 &&
cert -> nx_secure_x509_signature_algorithm != NX_SECURE_TLS_X509_TYPE_RSA_SHA_384 &&
cert -> nx_secure_x509_signature_algorithm != NX_SECURE_TLS_X509_TYPE_RSA_SHA_512)
{
return(NX_SECURE_TLS_UNSUPPORTED_PUBLIC_CIPHER);
}if (cert -> nx_secure_x509_signature_algorithm != NX_SECURE_TLS_X509_TYPE_RSA_MD5 && cert -> nx_secure_x509_signature_algorithm != NX_SECURE_TLS_X509_TYPE_RSA_SHA_1 && cert -> nx_secure_x509_signature_algorithm != NX_SECURE_TLS_X509_TYPE_RSA_SHA_256 && cert -> nx_secure_x509_signature_algorithm != NX_SECURE_TLS_X509_TYPE_RSA_SHA_384 && cert -> nx_secure_x509_signature_algorithm != NX_SECURE_TLS_X509_TYPE_RSA_SHA_512) { ... }
}else { ... }
}if (ciphersuite_info -> nx_secure_tls_public_auth -> nx_crypto_algorithm != NX_CRYPTO_DIGITAL_SIGNATURE_ANONYMOUS) { ... }
break;
case NX_CRYPTO_KEY_EXCHANGE_ECDH:
case NX_CRYPTO_KEY_EXCHANGE_RSA:
if (cert == NX_NULL || cert -> nx_secure_x509_public_algorithm != NX_SECURE_TLS_X509_TYPE_RSA)
{
return(NX_SECURE_TLS_UNSUPPORTED_PUBLIC_CIPHER);
}if (cert == NX_NULL || cert -> nx_secure_x509_public_algorithm != NX_SECURE_TLS_X509_TYPE_RSA) { ... }
break;
case NX_CRYPTO_KEY_EXCHANGE_RSA:
default:
break;default
}switch (ciphersuite_info -> nx_secure_tls_public_cipher -> nx_crypto_algorithm) { ... }
return(NX_SUCCESS);
}{ ... }
/* ... */#endif...