source: azure_iot_hub/trunk/wolfssl-3.15.7/wolfssl/internal.h@ 389

Last change on this file since 389 was 389, checked in by coas-nagasima, 5 years ago

ビルドが通るよう更新
  • Property svn:eol-style set to native
  • Property svn:mime-type set to text/x-chdr;charset=UTF-8
File size: 154.5 KB
Line 
1/* internal.h
2 *
3 * Copyright (C) 2006-2017 wolfSSL Inc.
4 *
5 * This file is part of wolfSSL.
6 *
7 * wolfSSL is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
11 *
12 * wolfSSL is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
20 */
21
22
23
24#ifndef WOLFSSL_INT_H
25#define WOLFSSL_INT_H
26
27
28#include <wolfssl/wolfcrypt/types.h>
29#include <wolfssl/ssl.h>
30#ifdef HAVE_CRL
31 #include <wolfssl/crl.h>
32#endif
33#include <wolfssl/wolfcrypt/random.h>
34#ifndef NO_DES3
35 #include <wolfssl/wolfcrypt/des3.h>
36#endif
37#ifndef NO_HC128
38 #include <wolfssl/wolfcrypt/hc128.h>
39#endif
40#ifndef NO_RABBIT
41 #include <wolfssl/wolfcrypt/rabbit.h>
42#endif
43#ifdef HAVE_CHACHA
44 #include <wolfssl/wolfcrypt/chacha.h>
45#endif
46#ifndef NO_ASN
47 #include <wolfssl/wolfcrypt/asn.h>
48 #include <wolfssl/wolfcrypt/pkcs12.h>
49#endif
50#ifndef NO_MD5
51 #include <wolfssl/wolfcrypt/md5.h>
52#endif
53#ifndef NO_SHA
54 #include <wolfssl/wolfcrypt/sha.h>
55#endif
56#ifndef NO_AES
57 #include <wolfssl/wolfcrypt/aes.h>
58#endif
59#ifdef HAVE_POLY1305
60 #include <wolfssl/wolfcrypt/poly1305.h>
61#endif
62#ifdef HAVE_CAMELLIA
63 #include <wolfssl/wolfcrypt/camellia.h>
64#endif
65#include <wolfssl/wolfcrypt/logging.h>
66#ifndef NO_HMAC
67 #include <wolfssl/wolfcrypt/hmac.h>
68#endif
69#ifndef NO_RC4
70 #include <wolfssl/wolfcrypt/arc4.h>
71#endif
72#ifndef NO_SHA256
73 #include <wolfssl/wolfcrypt/sha256.h>
74#endif
75#ifdef HAVE_OCSP
76 #include <wolfssl/ocsp.h>
77#endif
78#ifdef WOLFSSL_SHA384
79 #include <wolfssl/wolfcrypt/sha512.h>
80#endif
81#ifdef WOLFSSL_SHA512
82 #include <wolfssl/wolfcrypt/sha512.h>
83#endif
84#ifdef HAVE_AESGCM
85 #include <wolfssl/wolfcrypt/sha512.h>
86#endif
87#ifdef WOLFSSL_RIPEMD
88 #include <wolfssl/wolfcrypt/ripemd.h>
89#endif
90#ifdef HAVE_IDEA
91 #include <wolfssl/wolfcrypt/idea.h>
92#endif
93#ifndef NO_RSA
94 #include <wolfssl/wolfcrypt/rsa.h>
95#endif
96#ifdef HAVE_ECC
97 #include <wolfssl/wolfcrypt/ecc.h>
98#endif
99#ifndef NO_DH
100 #include <wolfssl/wolfcrypt/dh.h>
101#endif
102#ifdef HAVE_ED25519
103 #include <wolfssl/wolfcrypt/ed25519.h>
104#endif
105#ifdef HAVE_CURVE25519
106 #include <wolfssl/wolfcrypt/curve25519.h>
107#endif
108
109#include <wolfssl/wolfcrypt/wc_encrypt.h>
110#include <wolfssl/wolfcrypt/hash.h>
111
112#if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA)
113 #include <wolfssl/callbacks.h>
114#endif
115#ifdef WOLFSSL_CALLBACKS
116 #include <signal.h>
117#endif
118
119#ifdef USE_WINDOWS_API
120 #ifdef WOLFSSL_GAME_BUILD
121 #include "system/xtl.h"
122 #else
123 #if defined(_WIN32_WCE) || defined(WIN32_LEAN_AND_MEAN)
124 /* On WinCE winsock2.h must be included before windows.h */
125 #include <winsock2.h>
126 #endif
127 #include <windows.h>
128 #endif
129#elif defined(THREADX)
130 #ifndef SINGLE_THREADED
131 #include "tx_api.h"
132 #endif
133#elif defined(MICRIUM)
134 /* do nothing, just don't pick Unix */
135#elif defined(FREERTOS) || defined(FREERTOS_TCP) || defined(WOLFSSL_SAFERTOS)
136 /* do nothing */
137#elif defined(EBSNET)
138 /* do nothing */
139#elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX)
140 /* do nothing */
141#elif defined(FREESCALE_FREE_RTOS)
142 #include "fsl_os_abstraction.h"
143#elif defined(WOLFSSL_uITRON4)
144 /* do nothing */
145#elif defined(WOLFSSL_uTKERNEL2)
146 /* do nothing */
147#elif defined(WOLFSSL_CMSIS_RTOS)
148 #include "cmsis_os.h"
149#elif defined(WOLFSSL_MDK_ARM)
150 #if defined(WOLFSSL_MDK5)
151 #include "cmsis_os.h"
152 #else
153 #include <rtl.h>
154 #endif
155#elif defined(WOLFSSL_CMSIS_RTOS)
156 #include "cmsis_os.h"
157#elif defined(MBED)
158#elif defined(WOLFSSL_TIRTOS)
159 /* do nothing */
160#elif defined(INTIME_RTOS)
161 #include <rt.h>
162#elif defined(WOLFSSL_NUCLEUS_1_2)
163 /* do nothing */
164#elif defined(WOLFSSL_APACHE_MYNEWT)
165 #if !defined(WOLFSSL_LWIP)
166 void mynewt_ctx_clear(void *ctx);
167 void* mynewt_ctx_new();
168 #endif
169#else
170 #ifndef SINGLE_THREADED
171 #define WOLFSSL_PTHREADS
172 #include <pthread.h>
173 #endif
174 #ifdef OPENSSL_EXTRA
175 #include <unistd.h> /* for close of BIO */
176 #endif
177#endif
178
179#ifndef CHAR_BIT
180 /* Needed for DTLS without big math */
181 #include <limits.h>
182#endif
183
184
185#ifdef HAVE_LIBZ
186 #include "zlib.h"
187#endif
188
189#ifdef WOLFSSL_ASYNC_CRYPT
190 #include <wolfssl/wolfcrypt/async.h>
191#endif
192
193#ifdef OPENSSL_EXTRA
194 #ifdef WOLFCRYPT_HAVE_SRP
195 #include <wolfssl/wolfcrypt/srp.h>
196 #endif
197#endif
198
199#ifdef _MSC_VER
200 /* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */
201 #pragma warning(disable: 4996)
202#endif
203
204#ifdef NO_SHA
205 #define WC_SHA_DIGEST_SIZE 20
206#endif
207
208#ifdef NO_SHA256
209 #define WC_SHA256_DIGEST_SIZE 32
210#endif
211
212#ifdef NO_MD5
213 #define WC_MD5_DIGEST_SIZE 16
214#endif
215
216
217#ifdef __cplusplus
218 extern "C" {
219#endif
220
221/* Define or comment out the cipher suites you'd like to be compiled in
222 make sure to use at least one BUILD_SSL_xxx or BUILD_TLS_xxx is defined
223
224 When adding cipher suites, add name to cipher_names, idx to cipher_name_idx
225
226 Now that there is a maximum strength crypto build, the following BUILD_XXX
227 flags need to be divided into two groups selected by WOLFSSL_MAX_STRENGTH.
228 Those that do not use Perfect Forward Security and do not use AEAD ciphers
229 need to be switched off. Allowed suites use (EC)DHE, AES-GCM|CCM, or
230 CHACHA-POLY.
231*/
232
233/* Check that if WOLFSSL_MAX_STRENGTH is set that all the required options are
234 * not turned off. */
235#if defined(WOLFSSL_MAX_STRENGTH) && \
236 ((!defined(HAVE_ECC) && (defined(NO_DH) || defined(NO_RSA))) || \
237 (!defined(HAVE_AESGCM) && !defined(HAVE_AESCCM) && \
238 (!defined(HAVE_POLY1305) || !defined(HAVE_CHACHA))) || \
239 (defined(NO_SHA256) && !defined(WOLFSSL_SHA384)) || \
240 !defined(NO_OLD_TLS))
241
242 #error "You are trying to build max strength with requirements disabled."
243#endif
244
245/* Have QSH : Quantum-safe Handshake */
246#if defined(HAVE_QSH)
247 #define BUILD_TLS_QSH
248#endif
249
250#ifndef WOLFSSL_MAX_STRENGTH
251
252#ifdef WOLFSSL_AEAD_ONLY
253 /* AES CBC ciphers are not allowed in AEAD only mode */
254 #undef HAVE_AES_CBC
255#endif
256
257#ifndef WOLFSSL_AEAD_ONLY
258 #if !defined(NO_RSA) && !defined(NO_RC4)
259 #if defined(WOLFSSL_STATIC_RSA)
260 #if !defined(NO_SHA)
261 #define BUILD_SSL_RSA_WITH_RC4_128_SHA
262 #endif
263 #if !defined(NO_MD5)
264 #define BUILD_SSL_RSA_WITH_RC4_128_MD5
265 #endif
266 #endif
267 #if !defined(NO_TLS) && defined(HAVE_NTRU) && !defined(NO_SHA) \
268 && defined(WOLFSSL_STATIC_RSA)
269 #define BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA
270 #endif
271 #endif
272
273 #if !defined(NO_RSA) && !defined(NO_DES3)
274 #if !defined(NO_SHA)
275 #if defined(WOLFSSL_STATIC_RSA)
276 #define BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA
277 #endif
278 #if !defined(NO_TLS) && defined(HAVE_NTRU) \
279 && defined(WOLFSSL_STATIC_RSA)
280 #define BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA
281 #endif
282 #endif
283 #endif
284
285 #if !defined(NO_RSA) && defined(HAVE_IDEA)
286 #if !defined(NO_SHA) && defined(WOLFSSL_STATIC_RSA)
287 #define BUILD_SSL_RSA_WITH_IDEA_CBC_SHA
288 #endif
289 #endif
290#endif /* !WOLFSSL_AEAD_ONLY */
291
292 #if !defined(NO_RSA) && !defined(NO_AES) && !defined(NO_TLS)
293 #if !defined(NO_SHA) && defined(HAVE_AES_CBC)
294 #if defined(WOLFSSL_STATIC_RSA)
295 #ifdef WOLFSSL_AES_128
296 #define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA
297 #endif
298 #ifdef WOLFSSL_AES_256
299 #define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA
300 #endif
301 #endif
302 #if defined(HAVE_NTRU) && defined(WOLFSSL_STATIC_RSA)
303 #ifdef WOLFSSL_AES_128
304 #define BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA
305 #endif
306 #ifdef WOLFSSL_AES_256
307 #define BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA
308 #endif
309 #endif
310 #endif
311 #if defined(WOLFSSL_STATIC_RSA)
312 #if !defined (NO_SHA256) && defined(HAVE_AES_CBC)
313 #ifdef WOLFSSL_AES_128
314 #define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256
315 #endif
316 #ifdef WOLFSSL_AES_256
317 #define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256
318 #endif
319 #endif
320 #if defined (HAVE_AESGCM)
321 #ifdef WOLFSSL_AES_128
322 #define BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256
323 #endif
324 #if defined (WOLFSSL_SHA384) && defined(WOLFSSL_AES_256)
325 #define BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384
326 #endif
327 #endif
328 #if defined (HAVE_AESCCM)
329 #ifdef WOLFSSL_AES_128
330 #define BUILD_TLS_RSA_WITH_AES_128_CCM_8
331 #endif
332 #ifdef WOLFSSL_AES_256
333 #define BUILD_TLS_RSA_WITH_AES_256_CCM_8
334 #endif
335 #endif
336 #if defined(HAVE_BLAKE2) && defined(HAVE_AES_CBC)
337 #ifdef WOLFSSL_AES_128
338 #define BUILD_TLS_RSA_WITH_AES_128_CBC_B2B256
339 #endif
340 #ifdef WOLFSSL_AES_256
341 #define BUILD_TLS_RSA_WITH_AES_256_CBC_B2B256
342 #endif
343 #endif
344 #endif
345 #endif
346
347 #if defined(HAVE_CAMELLIA) && !defined(NO_TLS) && !defined(NO_CAMELLIA_CBC)
348 #ifndef NO_RSA
349 #if defined(WOLFSSL_STATIC_RSA)
350 #if !defined(NO_SHA)
351 #define BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
352 #define BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
353 #endif
354 #ifndef NO_SHA256
355 #define BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
356 #define BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
357 #endif
358 #endif
359 #if !defined(NO_DH)
360 #if !defined(NO_SHA)
361 #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
362 #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
363 #endif
364 #ifndef NO_SHA256
365 #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
366 #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
367 #endif
368 #endif
369 #endif
370 #endif
371
372#if defined(WOLFSSL_STATIC_PSK)
373 #if !defined(NO_PSK) && !defined(NO_AES) && !defined(NO_TLS)
374 #if !defined(NO_SHA)
375 #ifdef WOLFSSL_AES_128
376 #define BUILD_TLS_PSK_WITH_AES_128_CBC_SHA
377 #endif
378 #ifdef WOLFSSL_AES_256
379 #define BUILD_TLS_PSK_WITH_AES_256_CBC_SHA
380 #endif
381 #endif
382 #ifndef NO_SHA256
383 #ifdef WOLFSSL_AES_128
384 #ifdef HAVE_AES_CBC
385 #define BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256
386 #endif
387 #ifdef HAVE_AESGCM
388 #define BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256
389 #endif
390 #endif /* WOLFSSL_AES_128 */
391 #ifdef HAVE_AESCCM
392 #ifdef WOLFSSL_AES_128
393 #define BUILD_TLS_PSK_WITH_AES_128_CCM_8
394 #define BUILD_TLS_PSK_WITH_AES_128_CCM
395 #endif
396 #ifdef WOLFSSL_AES_256
397 #define BUILD_TLS_PSK_WITH_AES_256_CCM_8
398 #define BUILD_TLS_PSK_WITH_AES_256_CCM
399 #endif
400 #endif
401 #endif
402 #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256)
403 #ifdef HAVE_AES_CBC
404 #define BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384
405 #endif
406 #ifdef HAVE_AESGCM
407 #define BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384
408 #endif
409 #endif
410 #endif
411#endif
412
413 #if !defined(NO_TLS) && defined(HAVE_NULL_CIPHER)
414 #if !defined(NO_RSA)
415 #if defined(WOLFSSL_STATIC_RSA)
416 #if !defined(NO_SHA)
417 #define BUILD_TLS_RSA_WITH_NULL_SHA
418 #endif
419 #ifndef NO_SHA256
420 #define BUILD_TLS_RSA_WITH_NULL_SHA256
421 #endif
422 #endif
423 #endif
424 #if !defined(NO_PSK) && defined(WOLFSSL_STATIC_PSK)
425 #if !defined(NO_SHA)
426 #define BUILD_TLS_PSK_WITH_NULL_SHA
427 #endif
428 #ifndef NO_SHA256
429 #define BUILD_TLS_PSK_WITH_NULL_SHA256
430 #endif
431 #ifdef WOLFSSL_SHA384
432 #define BUILD_TLS_PSK_WITH_NULL_SHA384
433 #endif
434 #endif
435 #endif
436
437#if defined(WOLFSSL_STATIC_RSA)
438 #if !defined(NO_HC128) && !defined(NO_RSA) && !defined(NO_TLS)
439 #ifndef NO_MD5
440 #define BUILD_TLS_RSA_WITH_HC_128_MD5
441 #endif
442 #if !defined(NO_SHA)
443 #define BUILD_TLS_RSA_WITH_HC_128_SHA
444 #endif
445 #if defined(HAVE_BLAKE2)
446 #define BUILD_TLS_RSA_WITH_HC_128_B2B256
447 #endif
448 #endif
449
450 #if !defined(NO_RABBIT) && !defined(NO_TLS) && !defined(NO_RSA)
451 #if !defined(NO_SHA)
452 #define BUILD_TLS_RSA_WITH_RABBIT_SHA
453 #endif
454 #endif
455#endif
456
457 #if !defined(NO_DH) && !defined(NO_AES) && !defined(NO_TLS) && \
458 !defined(NO_RSA)
459
460 #if !defined(NO_SHA)
461 #if defined(WOLFSSL_AES_128) && defined(HAVE_AES_CBC)
462 #define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
463 #endif
464 #if defined(WOLFSSL_AES_256) && defined(HAVE_AES_CBC)
465 #define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
466 #endif
467 #if !defined(NO_DES3)
468 #define BUILD_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
469 #endif
470 #endif
471 #if !defined(NO_SHA256) && defined(HAVE_AES_CBC)
472 #ifdef WOLFSSL_AES_128
473 #define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
474 #endif
475 #ifdef WOLFSSL_AES_256
476 #define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
477 #endif
478 #endif
479 #endif
480
481 #if defined(HAVE_ANON) && !defined(NO_TLS) && !defined(NO_DH) && \
482 !defined(NO_AES) && !defined(NO_SHA) && defined(WOLFSSL_AES_128)
483 #ifdef HAVE_AES_CBC
484 #define BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA
485 #endif
486
487 #if defined(WOLFSSL_SHA384) && defined(HAVE_AESGCM)
488 #define BUILD_TLS_DH_anon_WITH_AES_256_GCM_SHA384
489 #endif
490 #endif
491
492 #if !defined(NO_DH) && !defined(NO_PSK) && !defined(NO_TLS)
493 #ifndef NO_SHA256
494 #if !defined(NO_AES) && defined(WOLFSSL_AES_128) && \
495 defined(HAVE_AES_CBC)
496 #define BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
497 #endif
498 #ifdef HAVE_NULL_CIPHER
499 #define BUILD_TLS_DHE_PSK_WITH_NULL_SHA256
500 #endif
501 #endif
502 #ifdef WOLFSSL_SHA384
503 #if !defined(NO_AES) && defined(WOLFSSL_AES_256) && \
504 defined(HAVE_AES_CBC)
505 #define BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
506 #endif
507 #ifdef HAVE_NULL_CIPHER
508 #define BUILD_TLS_DHE_PSK_WITH_NULL_SHA384
509 #endif
510 #endif
511 #endif
512
513 #if (defined(HAVE_ECC) || defined(HAVE_CURVE25519)) && !defined(NO_TLS)
514 #if !defined(NO_AES)
515 #if !defined(NO_SHA) && defined(HAVE_AES_CBC)
516 #if !defined(NO_RSA)
517 #ifdef WOLFSSL_AES_128
518 #define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
519 #endif
520 #ifdef WOLFSSL_AES_256
521 #define BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
522 #endif
523 #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC)
524 #ifdef WOLFSSL_AES_128
525 #define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
526 #endif
527 #ifdef WOLFSSL_AES_256
528 #define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
529 #endif
530 #endif
531 #endif
532
533 #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \
534 defined(HAVE_ED25519))
535 #ifdef WOLFSSL_AES_128
536 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
537 #endif
538 #ifdef WOLFSSL_AES_256
539 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
540 #endif
541 #endif
542
543 #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC)
544 #ifdef WOLFSSL_AES_128
545 #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
546 #endif
547 #ifdef WOLFSSL_AES_256
548 #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
549 #endif
550 #endif
551 #endif /* NO_SHA */
552 #if !defined(NO_SHA256) && defined(WOLFSSL_AES_128) && \
553 defined(HAVE_AES_CBC)
554 #if !defined(NO_RSA)
555 #define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
556 #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC)
557 #define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
558 #endif
559 #endif
560 #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \
561 defined(HAVE_ED25519))
562 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
563 #endif
564 #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC)
565 #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
566 #endif
567 #endif
568
569 #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256) && \
570 defined(HAVE_AES_CBC)
571 #if !defined(NO_RSA)
572 #define BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
573 #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC)
574 #define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
575 #endif
576 #endif
577 #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \
578 defined(HAVE_ED25519))
579 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
580 #endif
581 #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC)
582 #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
583 #endif
584 #endif
585
586 #if defined (HAVE_AESGCM)
587 #if !defined(NO_RSA)
588 #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC)
589 #ifdef WOLFSSL_AES_128
590 #define BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
591 #endif
592 #endif
593 #if defined(WOLFSSL_SHA384)
594 #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC)
595 #ifdef WOLFSSL_AES_256
596 #define BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
597 #endif
598 #endif
599 #endif
600 #endif
601
602 #if defined(WOLFSSL_STATIC_DH) && defined(WOLFSSL_AES_128) && \
603 defined(HAVE_ECC)
604 #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
605 #endif
606
607 #if defined(WOLFSSL_SHA384)
608 #if defined(WOLFSSL_STATIC_DH) && \
609 defined(WOLFSSL_AES_256) && defined(HAVE_ECC)
610 #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
611 #endif
612 #endif
613 #endif
614 #endif /* NO_AES */
615 #if !defined(NO_RC4)
616 #if !defined(NO_SHA)
617 #if !defined(NO_RSA)
618 #define BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA
619 #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC)
620 #define BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA
621 #endif
622 #endif
623
624 #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \
625 defined(HAVE_ED25519))
626 #define BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
627 #endif
628 #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC)
629 #define BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
630 #endif
631 #endif
632 #endif
633 #if !defined(NO_DES3)
634 #ifndef NO_SHA
635 #if !defined(NO_RSA)
636 #define BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
637 #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC)
638 #define BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
639 #endif
640 #endif
641
642 #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \
643 defined(HAVE_ED25519))
644 #define BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
645 #endif
646 #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC)
647 #define BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
648 #endif
649 #endif /* NO_SHA */
650 #endif
651 #if defined(HAVE_NULL_CIPHER)
652 #if !defined(NO_SHA)
653 #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \
654 defined(HAVE_ED25519))
655 #define BUILD_TLS_ECDHE_ECDSA_WITH_NULL_SHA
656 #endif
657 #endif
658 #if !defined(NO_PSK) && !defined(NO_SHA256)
659 #define BUILD_TLS_ECDHE_PSK_WITH_NULL_SHA256
660 #endif
661 #endif
662 #if !defined(NO_PSK) && !defined(NO_SHA256) && !defined(NO_AES) && \
663 defined(WOLFSSL_AES_128) && defined(HAVE_AES_CBC)
664 #define BUILD_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
665 #endif
666 #endif
667 #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && !defined(NO_SHA256)
668 #if !defined(NO_OLD_POLY1305)
669 #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \
670 defined(HAVE_ED25519))
671 #define BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256
672 #endif
673 #if !defined(NO_RSA) && defined(HAVE_ECC)
674 #define BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256
675 #endif
676 #if !defined(NO_DH) && !defined(NO_RSA)
677 #define BUILD_TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256
678 #endif
679 #endif /* NO_OLD_POLY1305 */
680 #if !defined(NO_PSK)
681 #define BUILD_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256
682 #if defined(HAVE_ECC) || defined(HAVE_ED25519)
683 #define BUILD_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256
684 #endif
685 #ifndef NO_DH
686 #define BUILD_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256
687 #endif
688 #endif /* !NO_PSK */
689 #endif
690
691#endif /* !WOLFSSL_MAX_STRENGTH */
692
693#if !defined(NO_DH) && !defined(NO_AES) && !defined(NO_TLS) && \
694 !defined(NO_RSA) && defined(HAVE_AESGCM)
695
696 #if !defined(NO_SHA256) && defined(WOLFSSL_AES_128)
697 #define BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
698 #endif
699
700 #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256)
701 #define BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
702 #endif
703#endif
704
705#if !defined(NO_DH) && !defined(NO_PSK) && !defined(NO_TLS)
706 #ifndef NO_SHA256
707 #if defined(HAVE_AESGCM) && defined(WOLFSSL_AES_128)
708 #define BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
709 #endif
710 #ifdef HAVE_AESCCM
711 #ifdef WOLFSSL_AES_128
712 #define BUILD_TLS_DHE_PSK_WITH_AES_128_CCM
713 #endif
714 #ifdef WOLFSSL_AES_256
715 #define BUILD_TLS_DHE_PSK_WITH_AES_256_CCM
716 #endif
717 #endif
718 #endif
719 #if defined(WOLFSSL_SHA384) && defined(HAVE_AESGCM) && \
720 defined(WOLFSSL_AES_256)
721 #define BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
722 #endif
723#endif
724
725#if (defined(HAVE_ECC) || defined(HAVE_CURVE25519)) && !defined(NO_TLS) && \
726 !defined(NO_AES)
727 #ifdef HAVE_AESGCM
728 #if !defined(NO_SHA256) && defined(WOLFSSL_AES_128)
729 #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \
730 defined(HAVE_ED25519))
731 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
732 #endif
733 #ifndef NO_RSA
734 #define BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
735 #endif
736 #endif
737 #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256)
738 #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \
739 defined(HAVE_ED25519))
740 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
741 #endif
742 #ifndef NO_RSA
743 #define BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
744 #endif
745 #endif
746 #endif
747 #if defined(HAVE_AESCCM) && !defined(NO_SHA256)
748 #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \
749 defined(HAVE_ED25519))
750 #ifdef WOLFSSL_AES_128
751 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM
752 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
753 #endif
754 #ifdef WOLFSSL_AES_256
755 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
756 #endif
757#endif
758 #endif
759#endif
760
761#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && !defined(NO_SHA256)
762 #if defined(HAVE_ECC) || defined(HAVE_CURVE25519)
763 #if defined(HAVE_ECC) || (defined(HAVE_CURVE25519) && \
764 defined(HAVE_ED25519))
765 #define BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
766 #endif
767 #ifndef NO_RSA
768 #define BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
769 #endif
770 #endif
771 #if !defined(NO_DH) && !defined(NO_RSA)
772 #define BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
773 #endif
774#endif
775
776#if defined(WOLFSSL_TLS13)
777 #ifdef HAVE_AESGCM
778 #if !defined(NO_SHA256) && defined(WOLFSSL_AES_128)
779 #define BUILD_TLS_AES_128_GCM_SHA256
780 #endif
781 #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256)
782 #define BUILD_TLS_AES_256_GCM_SHA384
783 #endif
784 #endif
785
786 #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
787 #ifndef NO_SHA256
788 #define BUILD_TLS_CHACHA20_POLY1305_SHA256
789 #endif
790 #endif
791
792 #ifdef HAVE_AESCCM
793 #if !defined(NO_SHA256) && defined(WOLFSSL_AES_128)
794 #define BUILD_TLS_AES_128_CCM_SHA256
795 #define BUILD_TLS_AES_128_CCM_8_SHA256
796 #endif
797 #endif
798#endif
799
800#ifdef WOLFSSL_MULTICAST
801 #if defined(HAVE_NULL_CIPHER) && !defined(NO_SHA256)
802 #define BUILD_WDM_WITH_NULL_SHA256
803 #endif
804#endif
805
806#if defined(BUILD_SSL_RSA_WITH_RC4_128_SHA) || \
807 defined(BUILD_SSL_RSA_WITH_RC4_128_MD5)
808 #define BUILD_ARC4
809#endif
810
811#if defined(BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA)
812 #define BUILD_DES3
813#endif
814
815#if defined(BUILD_TLS_RSA_WITH_AES_128_CBC_SHA) || \
816 defined(BUILD_TLS_RSA_WITH_AES_256_CBC_SHA) || \
817 defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256) || \
818 defined(BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256)
819 #undef BUILD_AES
820 #define BUILD_AES
821#endif
822
823#if defined(BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256) || \
824 defined(BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256) || \
825 defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) || \
826 defined(BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256) || \
827 defined(BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256) || \
828 defined(BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384) || \
829 defined(BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384) || \
830 defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384) || \
831 defined(BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384) || \
832 defined(BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384)
833 #define BUILD_AESGCM
834#else
835 /* No AES-GCM cipher suites available with build */
836 #define NO_AESGCM_AEAD
837#endif
838
839#if defined(BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256) || \
840 defined(BUILD_TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256) || \
841 defined(BUILD_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256) || \
842 defined(BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256) || \
843 defined(BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256) || \
844 defined(BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256) || \
845 defined(BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256) || \
846 defined(BUILD_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256) || \
847 defined(BUILD_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256) || \
848 defined(BUILD_TLS_CHACHA20_POLY1305_SHA256)
849 /* Have an available ChaCha Poly cipher suite */
850#else
851 /* No ChaCha Poly cipher suites available with build */
852 #define NO_CHAPOL_AEAD
853#endif
854
855#if defined(BUILD_TLS_RSA_WITH_HC_128_SHA) || \
856 defined(BUILD_TLS_RSA_WITH_HC_128_MD5) || \
857 defined(BUILD_TLS_RSA_WITH_HC_128_B2B256)
858 #define BUILD_HC128
859#endif
860
861#if defined(BUILD_TLS_RSA_WITH_RABBIT_SHA)
862 #define BUILD_RABBIT
863#endif
864
865#ifdef NO_DES3
866 #define DES_BLOCK_SIZE 8
867#else
868 #undef BUILD_DES3
869 #define BUILD_DES3
870#endif
871
872#if defined(NO_AES) || defined(NO_AES_DECRYPT)
873 #define AES_BLOCK_SIZE 16
874 #undef BUILD_AES
875#else
876 #undef BUILD_AES
877 #define BUILD_AES
878#endif
879
880#ifndef NO_RC4
881 #undef BUILD_ARC4
882 #define BUILD_ARC4
883#endif
884
885#ifdef HAVE_CHACHA
886 #define CHACHA20_BLOCK_SIZE 16
887#endif
888
889#if defined(WOLFSSL_MAX_STRENGTH) || \
890 (defined(HAVE_AESGCM) && !defined(NO_AESGCM_AEAD)) || \
891 defined(HAVE_AESCCM) || \
892 (defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && !defined(NO_CHAPOL_AEAD))
893
894 #define HAVE_AEAD
895#endif
896
897#if defined(WOLFSSL_MAX_STRENGTH) || \
898 defined(HAVE_ECC) || !defined(NO_DH)
899
900 #define HAVE_PFS
901#endif
902
903#if defined(BUILD_SSL_RSA_WITH_IDEA_CBC_SHA)
904 #define BUILD_IDEA
905#endif
906
907/* actual cipher values, 2nd byte */
908enum {
909 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x16,
910 TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x39,
911 TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x33,
912 TLS_DH_anon_WITH_AES_128_CBC_SHA = 0x34,
913 TLS_RSA_WITH_AES_256_CBC_SHA = 0x35,
914 TLS_RSA_WITH_AES_128_CBC_SHA = 0x2F,
915 TLS_RSA_WITH_NULL_SHA = 0x02,
916 TLS_PSK_WITH_AES_256_CBC_SHA = 0x8d,
917 TLS_PSK_WITH_AES_128_CBC_SHA256 = 0xae,
918 TLS_PSK_WITH_AES_256_CBC_SHA384 = 0xaf,
919 TLS_PSK_WITH_AES_128_CBC_SHA = 0x8c,
920 TLS_PSK_WITH_NULL_SHA256 = 0xb0,
921 TLS_PSK_WITH_NULL_SHA384 = 0xb1,
922 TLS_PSK_WITH_NULL_SHA = 0x2c,
923 SSL_RSA_WITH_RC4_128_SHA = 0x05,
924 SSL_RSA_WITH_RC4_128_MD5 = 0x04,
925 SSL_RSA_WITH_3DES_EDE_CBC_SHA = 0x0A,
926 SSL_RSA_WITH_IDEA_CBC_SHA = 0x07,
927
928 /* ECC suites, first byte is 0xC0 (ECC_BYTE) */
929 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 0x14,
930 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = 0x13,
931 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = 0x0A,
932 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA = 0x09,
933 TLS_ECDHE_RSA_WITH_RC4_128_SHA = 0x11,
934 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA = 0x07,
935 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x12,
936 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA = 0x08,
937 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = 0x27,
938 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = 0x23,
939 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 = 0x28,
940 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = 0x24,
941 TLS_ECDHE_ECDSA_WITH_NULL_SHA = 0x06,
942 TLS_ECDHE_PSK_WITH_NULL_SHA256 = 0x3a,
943 TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 = 0x37,
944
945 /* static ECDH, first byte is 0xC0 (ECC_BYTE) */
946 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA = 0x0F,
947 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA = 0x0E,
948 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA = 0x05,
949 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA = 0x04,
950 TLS_ECDH_RSA_WITH_RC4_128_SHA = 0x0C,
951 TLS_ECDH_ECDSA_WITH_RC4_128_SHA = 0x02,
952 TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA = 0x0D,
953 TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA = 0x03,
954 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 = 0x29,
955 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 = 0x25,
956 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 = 0x2A,
957 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 = 0x26,
958
959 /* wolfSSL extension - eSTREAM */
960 TLS_RSA_WITH_HC_128_MD5 = 0xFB,
961 TLS_RSA_WITH_HC_128_SHA = 0xFC,
962 TLS_RSA_WITH_RABBIT_SHA = 0xFD,
963 WDM_WITH_NULL_SHA256 = 0xFE, /* wolfSSL DTLS Multicast */
964
965 /* wolfSSL extension - Blake2b 256 */
966 TLS_RSA_WITH_AES_128_CBC_B2B256 = 0xF8,
967 TLS_RSA_WITH_AES_256_CBC_B2B256 = 0xF9,
968 TLS_RSA_WITH_HC_128_B2B256 = 0xFA, /* eSTREAM too */
969
970 /* wolfSSL extension - NTRU */
971 TLS_NTRU_RSA_WITH_RC4_128_SHA = 0xe5,
972 TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA = 0xe6,
973 TLS_NTRU_RSA_WITH_AES_128_CBC_SHA = 0xe7, /* clashes w/official SHA-256 */
974 TLS_NTRU_RSA_WITH_AES_256_CBC_SHA = 0xe8,
975
976 /* wolfSSL extension - NTRU , Quantum-safe Handshake
977 first byte is 0xD0 (QSH_BYTE) */
978 TLS_QSH = 0x01,
979
980 /* SHA256 */
981 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x6b,
982 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x67,
983 TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x3d,
984 TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x3c,
985 TLS_RSA_WITH_NULL_SHA256 = 0x3b,
986 TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 = 0xb2,
987 TLS_DHE_PSK_WITH_NULL_SHA256 = 0xb4,
988
989 /* SHA384 */
990 TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 = 0xb3,
991 TLS_DHE_PSK_WITH_NULL_SHA384 = 0xb5,
992
993 /* AES-GCM */
994 TLS_RSA_WITH_AES_128_GCM_SHA256 = 0x9c,
995 TLS_RSA_WITH_AES_256_GCM_SHA384 = 0x9d,
996 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = 0x9e,
997 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = 0x9f,
998 TLS_DH_anon_WITH_AES_256_GCM_SHA384 = 0xa7,
999 TLS_PSK_WITH_AES_128_GCM_SHA256 = 0xa8,
1000 TLS_PSK_WITH_AES_256_GCM_SHA384 = 0xa9,
1001 TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 = 0xaa,
1002 TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 = 0xab,
1003
1004 /* ECC AES-GCM, first byte is 0xC0 (ECC_BYTE) */
1005 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0x2b,
1006 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = 0x2c,
1007 TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 = 0x2d,
1008 TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 = 0x2e,
1009 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 0x2f,
1010 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = 0x30,
1011 TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 = 0x31,
1012 TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 = 0x32,
1013
1014 /* AES-CCM, first byte is 0xC0 but isn't ECC,
1015 * also, in some of the other AES-CCM suites
1016 * there will be second byte number conflicts
1017 * with non-ECC AES-GCM */
1018 TLS_RSA_WITH_AES_128_CCM_8 = 0xa0,
1019 TLS_RSA_WITH_AES_256_CCM_8 = 0xa1,
1020 TLS_ECDHE_ECDSA_WITH_AES_128_CCM = 0xac,
1021 TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 = 0xae,
1022 TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 = 0xaf,
1023 TLS_PSK_WITH_AES_128_CCM = 0xa4,
1024 TLS_PSK_WITH_AES_256_CCM = 0xa5,
1025 TLS_PSK_WITH_AES_128_CCM_8 = 0xa8,
1026 TLS_PSK_WITH_AES_256_CCM_8 = 0xa9,
1027 TLS_DHE_PSK_WITH_AES_128_CCM = 0xa6,
1028 TLS_DHE_PSK_WITH_AES_256_CCM = 0xa7,
1029
1030 /* Camellia */
1031 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x41,
1032 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x84,
1033 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xba,
1034 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0xc0,
1035 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x45,
1036 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x88,
1037 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xbe,
1038 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0xc4,
1039
1040 /* chacha20-poly1305 suites first byte is 0xCC (CHACHA_BYTE) */
1041 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0xa8,
1042 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 = 0xa9,
1043 TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0xaa,
1044 TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 = 0xac,
1045 TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 = 0xab,
1046 TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 = 0xad,
1047
1048 /* chacha20-poly1305 earlier version of nonce and padding (CHACHA_BYTE) */
1049 TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 = 0x13,
1050 TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256 = 0x14,
1051 TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 = 0x15,
1052
1053 /* TLS v1.3 cipher suites */
1054 TLS_AES_128_GCM_SHA256 = 0x01,
1055 TLS_AES_256_GCM_SHA384 = 0x02,
1056 TLS_CHACHA20_POLY1305_SHA256 = 0x03,
1057 TLS_AES_128_CCM_SHA256 = 0x04,
1058 TLS_AES_128_CCM_8_SHA256 = 0x05,
1059
1060 /* Renegotiation Indication Extension Special Suite */
1061 TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 0xff
1062};
1063
1064
1065#ifndef WOLFSSL_SESSION_TIMEOUT
1066 #define WOLFSSL_SESSION_TIMEOUT 500
1067 /* default session resumption cache timeout in seconds */
1068#endif
1069
1070
1071#ifndef WOLFSSL_DTLS_WINDOW_WORDS
1072 #define WOLFSSL_DTLS_WINDOW_WORDS 2
1073#endif /* WOLFSSL_DTLS_WINDOW_WORDS */
1074#define DTLS_WORD_BITS (sizeof(word32) * CHAR_BIT)
1075#define DTLS_SEQ_BITS (WOLFSSL_DTLS_WINDOW_WORDS * DTLS_WORD_BITS)
1076#define DTLS_SEQ_SZ (sizeof(word32) * WOLFSSL_DTLS_WINDOW_WORDS)
1077
1078#ifndef WOLFSSL_MULTICAST
1079 #define WOLFSSL_DTLS_PEERSEQ_SZ 1
1080#else
1081 #ifndef WOLFSSL_MULTICAST_PEERS
1082 /* max allowed multicast group peers */
1083 #define WOLFSSL_MULTICAST_PEERS 100
1084 #endif
1085 #define WOLFSSL_DTLS_PEERSEQ_SZ WOLFSSL_MULTICAST_PEERS
1086#endif /* WOLFSSL_MULTICAST */
1087
1088#ifndef WOLFSSL_MAX_MTU
1089 #define WOLFSSL_MAX_MTU 1500
1090#endif /* WOLFSSL_MAX_MTU */
1091
1092
1093/* set minimum DH key size allowed */
1094#ifndef WOLFSSL_MIN_DHKEY_BITS
1095 #ifdef WOLFSSL_MAX_STRENGTH
1096 #define WOLFSSL_MIN_DHKEY_BITS 2048
1097 #else
1098 #define WOLFSSL_MIN_DHKEY_BITS 1024
1099 #endif
1100#endif
1101#if (WOLFSSL_MIN_DHKEY_BITS % 8)
1102 #error DH minimum bit size must be multiple of 8
1103#endif
1104#if (WOLFSSL_MIN_DHKEY_BITS > 16000)
1105 #error DH minimum bit size must not be greater than 16000
1106#endif
1107#define MIN_DHKEY_SZ (WOLFSSL_MIN_DHKEY_BITS / 8)
1108/* set maximum DH key size allowed */
1109#ifndef WOLFSSL_MAX_DHKEY_BITS
1110 #define WOLFSSL_MAX_DHKEY_BITS 4096
1111#endif
1112#if (WOLFSSL_MAX_DHKEY_BITS % 8)
1113 #error DH maximum bit size must be multiple of 8
1114#endif
1115#if (WOLFSSL_MAX_DHKEY_BITS > 16000)
1116 #error DH maximum bit size must not be greater than 16000
1117#endif
1118#define MAX_DHKEY_SZ (WOLFSSL_MAX_DHKEY_BITS / 8)
1119
1120
1121
1122enum Misc {
1123 CIPHER_BYTE = 0x00, /* Default ciphers */
1124 ECC_BYTE = 0xC0, /* ECC first cipher suite byte */
1125 QSH_BYTE = 0xD0, /* Quantum-safe Handshake cipher suite */
1126 CHACHA_BYTE = 0xCC, /* ChaCha first cipher suite */
1127 TLS13_BYTE = 0x13, /* TLS v1.3 first byte of cipher suite */
1128
1129 SEND_CERT = 1,
1130 SEND_BLANK_CERT = 2,
1131
1132 DTLS_MAJOR = 0xfe, /* DTLS major version number */
1133 DTLS_MINOR = 0xff, /* DTLS minor version number */
1134 DTLSv1_2_MINOR = 0xfd, /* DTLS minor version number */
1135 SSLv3_MAJOR = 3, /* SSLv3 and TLSv1+ major version number */
1136 SSLv3_MINOR = 0, /* TLSv1 minor version number */
1137 TLSv1_MINOR = 1, /* TLSv1 minor version number */
1138 TLSv1_1_MINOR = 2, /* TLSv1_1 minor version number */
1139 TLSv1_2_MINOR = 3, /* TLSv1_2 minor version number */
1140 TLSv1_3_MINOR = 4, /* TLSv1_3 minor version number */
1141#ifdef WOLFSSL_TLS13_DRAFT
1142 TLS_DRAFT_MAJOR = 0x7f, /* Draft TLS major version number */
1143#ifdef WOLFSSL_TLS13_DRAFT_18
1144 TLS_DRAFT_MINOR = 0x12, /* Minor version number of TLS draft */
1145#elif defined(WOLFSSL_TLS13_DRAFT_22)
1146 TLS_DRAFT_MINOR = 0x16, /* Minor version number of TLS draft */
1147#elif defined(WOLFSSL_TLS13_DRAFT_23)
1148 TLS_DRAFT_MINOR = 0x17, /* Minor version number of TLS draft */
1149#elif defined(WOLFSSL_TLS13_DRAFT_26)
1150 TLS_DRAFT_MINOR = 0x1a, /* Minor version number of TLS draft */
1151#else
1152 TLS_DRAFT_MINOR = 0x1c, /* Minor version number of TLS draft */
1153#endif
1154#endif
1155 OLD_HELLO_ID = 0x01, /* SSLv2 Client Hello Indicator */
1156 INVALID_BYTE = 0xff, /* Used to initialize cipher specs values */
1157 NO_COMPRESSION = 0,
1158 ZLIB_COMPRESSION = 221, /* wolfSSL zlib compression */
1159 HELLO_EXT_SIG_ALGO = 13, /* ID for the sig_algo hello extension */
1160 HELLO_EXT_EXTMS = 0x0017, /* ID for the extended master secret ext */
1161 SECRET_LEN = WOLFSSL_MAX_MASTER_KEY_LENGTH,
1162 /* pre RSA and all master */
1163#if defined(WOLFSSL_MYSQL_COMPATIBLE)
1164 ENCRYPT_LEN = 1024, /* allow larger static buffer with mysql */
1165#else
1166 ENCRYPT_LEN = 512, /* allow 4096 bit static buffer */
1167#endif
1168 SIZEOF_SENDER = 4, /* clnt or srvr */
1169 FINISHED_SZ = 36, /* WC_MD5_DIGEST_SIZE + WC_SHA_DIGEST_SIZE */
1170 MAX_RECORD_SIZE = 16384, /* 2^14, max size by standard */
1171 MAX_MSG_EXTRA = 38 + WC_MAX_DIGEST_SIZE,
1172 /* max added to msg, mac + pad from */
1173 /* RECORD_HEADER_SZ + BLOCK_SZ (pad) + Max
1174 digest sz + BLOC_SZ (iv) + pad byte (1) */
1175 MAX_COMP_EXTRA = 1024, /* max compression extra */
1176 MAX_MTU = WOLFSSL_MAX_MTU, /* max expected MTU */
1177 MAX_UDP_SIZE = 8192 - 100, /* was MAX_MTU - 100 */
1178 MAX_DH_SZ = (MAX_DHKEY_SZ * 3) + 12, /* DH_P, DH_G and DH_Pub */
1179 /* 4096 p, pub, g + 2 byte size for each */
1180 MAX_STR_VERSION = 8, /* string rep of protocol version */
1181
1182 PAD_MD5 = 48, /* pad length for finished */
1183 PAD_SHA = 40, /* pad length for finished */
1184 MAX_PAD_SIZE = 256, /* maximum length of padding */
1185
1186 LENGTH_SZ = 2, /* length field for HMAC, data only */
1187 VERSION_SZ = 2, /* length of proctocol version */
1188 SEQ_SZ = 8, /* 64 bit sequence number */
1189 ALERT_SIZE = 2, /* level + description */
1190 VERIFY_HEADER = 2, /* always use 2 bytes */
1191 EXTS_SZ = 2, /* always use 2 bytes */
1192 EXT_ID_SZ = 2, /* always use 2 bytes */
1193 MAX_DH_SIZE = MAX_DHKEY_SZ+1,
1194 /* Max size plus possible leading 0 */
1195 NAMED_DH_MASK = 0x100, /* Named group mask for DH parameters */
1196 SESSION_HINT_SZ = 4, /* session timeout hint */
1197 SESSION_ADD_SZ = 4, /* session age add */
1198 TICKET_NONCE_LEN_SZ = 1, /* Ticket nonce length size */
1199 DEF_TICKET_NONCE_SZ = 1, /* Default ticket nonce size */
1200 MAX_TICKET_NONCE_SZ = 8, /* maximum ticket nonce size */
1201 MAX_LIFETIME = 604800, /* maximum ticket lifetime */
1202 MAX_EARLY_DATA_SZ = 4096, /* maximum early data size */
1203
1204 RAN_LEN = 32, /* random length */
1205 SEED_LEN = RAN_LEN * 2, /* tls prf seed length */
1206 ID_LEN = 32, /* session id length */
1207 COOKIE_SECRET_SZ = 14, /* dtls cookie secret size */
1208 MAX_COOKIE_LEN = 32, /* max dtls cookie size */
1209 COOKIE_SZ = 20, /* use a 20 byte cookie */
1210 SUITE_LEN = 2, /* cipher suite sz length */
1211 ENUM_LEN = 1, /* always a byte */
1212 OPAQUE8_LEN = 1, /* 1 byte */
1213 OPAQUE16_LEN = 2, /* 2 bytes */
1214 OPAQUE24_LEN = 3, /* 3 bytes */
1215 OPAQUE32_LEN = 4, /* 4 bytes */
1216 OPAQUE64_LEN = 8, /* 8 bytes */
1217 COMP_LEN = 1, /* compression length */
1218 CURVE_LEN = 2, /* ecc named curve length */
1219 KE_GROUP_LEN = 2, /* key exchange group length */
1220 SERVER_ID_LEN = 20, /* server session id length */
1221
1222 HANDSHAKE_HEADER_SZ = 4, /* type + length(3) */
1223 RECORD_HEADER_SZ = 5, /* type + version + len(2) */
1224 CERT_HEADER_SZ = 3, /* always 3 bytes */
1225 REQ_HEADER_SZ = 2, /* cert request header sz */
1226 HINT_LEN_SZ = 2, /* length of hint size field */
1227 TRUNCATED_HMAC_SZ = 10, /* length of hmac w/ truncated hmac extension */
1228 HELLO_EXT_SZ = 4, /* base length of a hello extension */
1229 HELLO_EXT_TYPE_SZ = 2, /* length of a hello extension type */
1230 HELLO_EXT_SZ_SZ = 2, /* length of a hello extension size */
1231 HELLO_EXT_SIGALGO_SZ = 2, /* length of number of items in sigalgo list */
1232
1233 DTLS_HANDSHAKE_HEADER_SZ = 12, /* normal + seq(2) + offset(3) + length(3) */
1234 DTLS_RECORD_HEADER_SZ = 13, /* normal + epoch(2) + seq_num(6) */
1235 DTLS_HANDSHAKE_EXTRA = 8, /* diff from normal */
1236 DTLS_RECORD_EXTRA = 8, /* diff from normal */
1237 DTLS_HANDSHAKE_SEQ_SZ = 2, /* handshake header sequence number */
1238 DTLS_HANDSHAKE_FRAG_SZ = 3, /* fragment offset and length are 24 bit */
1239 DTLS_POOL_SZ = 255,/* allowed number of list items in TX pool */
1240 DTLS_EXPORT_PRO = 165,/* wolfSSL protocol for serialized session */
1241 DTLS_EXPORT_VERSION = 4, /* wolfSSL version for serialized session */
1242 DTLS_EXPORT_OPT_SZ = 60, /* amount of bytes used from Options */
1243 DTLS_EXPORT_VERSION_3 = 3, /* wolfSSL version before TLS 1.3 addition */
1244 DTLS_EXPORT_OPT_SZ_3 = 59, /* amount of bytes used from Options */
1245 DTLS_EXPORT_KEY_SZ = 325 + (DTLS_SEQ_SZ * 2),
1246 /* max amount of bytes used from Keys */
1247 DTLS_EXPORT_MIN_KEY_SZ = 78 + (DTLS_SEQ_SZ * 2),
1248 /* min amount of bytes used from Keys */
1249 DTLS_EXPORT_SPC_SZ = 16, /* amount of bytes used from CipherSpecs */
1250 DTLS_EXPORT_LEN = 2, /* 2 bytes for length and protocol */
1251 DTLS_EXPORT_IP = 46, /* max ip size IPv4 mapped IPv6 */
1252 MAX_EXPORT_BUFFER = 514, /* max size of buffer for exporting */
1253 FINISHED_LABEL_SZ = 15, /* TLS finished label size */
1254 TLS_FINISHED_SZ = 12, /* TLS has a shorter size */
1255 EXT_MASTER_LABEL_SZ = 22, /* TLS extended master secret label sz */
1256 MASTER_LABEL_SZ = 13, /* TLS master secret label sz */
1257 KEY_LABEL_SZ = 13, /* TLS key block expansion sz */
1258 MAX_PRF_HALF = 256, /* Maximum half secret len */
1259 MAX_PRF_LABSEED = 128, /* Maximum label + seed len */
1260 MAX_PRF_DIG = 224, /* Maximum digest len */
1261 PROTOCOL_LABEL_SZ = 9, /* Length of the protocol label */
1262 MAX_LABEL_SZ = 34, /* Maximum length of a label */
1263 MAX_HKDF_LABEL_SZ = OPAQUE16_LEN +
1264 OPAQUE8_LEN + PROTOCOL_LABEL_SZ + MAX_LABEL_SZ +
1265 OPAQUE8_LEN + WC_MAX_DIGEST_SIZE,
1266 MAX_REQUEST_SZ = 256, /* Maximum cert req len (no auth yet */
1267 SESSION_FLUSH_COUNT = 256, /* Flush session cache unless user turns off */
1268 TLS_MAX_PAD_SZ = 255, /* Max padding in TLS */
1269
1270#if defined(HAVE_FIPS) && \
1271 (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))
1272 MAX_SYM_KEY_SIZE = AES_256_KEY_SIZE,
1273#else
1274 MAX_SYM_KEY_SIZE = WC_MAX_SYM_KEY_SIZE,
1275#endif
1276
1277#ifdef HAVE_SELFTEST
1278 #define WOLFSSL_AES_KEY_SIZE_ENUM
1279 AES_IV_SIZE = 16,
1280 AES_128_KEY_SIZE = 16,
1281 AES_192_KEY_SIZE = 24,
1282 AES_256_KEY_SIZE = 32,
1283#endif
1284
1285 MAX_IV_SZ = AES_BLOCK_SIZE,
1286
1287 AEAD_SEQ_OFFSET = 4, /* Auth Data: Sequence number */
1288 AEAD_TYPE_OFFSET = 8, /* Auth Data: Type */
1289 AEAD_VMAJ_OFFSET = 9, /* Auth Data: Major Version */
1290 AEAD_VMIN_OFFSET = 10, /* Auth Data: Minor Version */
1291 AEAD_LEN_OFFSET = 11, /* Auth Data: Length */
1292 AEAD_AUTH_DATA_SZ = 13, /* Size of the data to authenticate */
1293 AEAD_NONCE_SZ = 12,
1294 AESGCM_IMP_IV_SZ = 4, /* Size of GCM/CCM AEAD implicit IV */
1295 AESGCM_EXP_IV_SZ = 8, /* Size of GCM/CCM AEAD explicit IV */
1296 AESGCM_NONCE_SZ = AESGCM_EXP_IV_SZ + AESGCM_IMP_IV_SZ,
1297
1298 CHACHA20_IMP_IV_SZ = 12, /* Size of ChaCha20 AEAD implicit IV */
1299 CHACHA20_NONCE_SZ = 12, /* Size of ChacCha20 nonce */
1300 CHACHA20_OLD_OFFSET = 4, /* Offset for seq # in old poly1305 */
1301
1302 /* For any new implicit/explicit IV size adjust AEAD_MAX_***_SZ */
1303
1304 AES_GCM_AUTH_SZ = 16, /* AES-GCM Auth Tag length */
1305 AES_CCM_16_AUTH_SZ = 16, /* AES-CCM-16 Auth Tag length */
1306 AES_CCM_8_AUTH_SZ = 8, /* AES-CCM-8 Auth Tag Length */
1307 AESCCM_NONCE_SZ = 12,
1308
1309 CAMELLIA_128_KEY_SIZE = 16, /* for 128 bit */
1310 CAMELLIA_192_KEY_SIZE = 24, /* for 192 bit */
1311 CAMELLIA_256_KEY_SIZE = 32, /* for 256 bit */
1312 CAMELLIA_IV_SIZE = 16, /* always block size */
1313
1314 CHACHA20_256_KEY_SIZE = 32, /* for 256 bit */
1315 CHACHA20_128_KEY_SIZE = 16, /* for 128 bit */
1316 CHACHA20_IV_SIZE = 12, /* 96 bits for iv */
1317
1318 POLY1305_AUTH_SZ = 16, /* 128 bits */
1319
1320 HC_128_KEY_SIZE = 16, /* 128 bits */
1321 HC_128_IV_SIZE = 16, /* also 128 bits */
1322
1323 RABBIT_KEY_SIZE = 16, /* 128 bits */
1324 RABBIT_IV_SIZE = 8, /* 64 bits for iv */
1325
1326 EVP_SALT_SIZE = 8, /* evp salt size 64 bits */
1327
1328#ifndef ECDHE_SIZE /* allow this to be overriden at compile-time */
1329 ECDHE_SIZE = 32, /* ECHDE server size defaults to 256 bit */
1330#endif
1331 MAX_EXPORT_ECC_SZ = 256, /* Export ANS X9.62 max future size */
1332 MAX_CURVE_NAME_SZ = 16, /* Maximum size of curve name string */
1333
1334 NEW_SA_MAJOR = 8, /* Most signicant byte used with new sig algos */
1335 ED25519_SA_MAJOR = 8, /* Most significant byte for ED25519 */
1336 ED25519_SA_MINOR = 7, /* Least significant byte for ED25519 */
1337 ED448_SA_MAJOR = 8, /* Most significant byte for ED448 */
1338 ED448_SA_MINOR = 8, /* Least significant byte for ED448 */
1339
1340 MIN_RSA_SHA512_PSS_BITS = 512 * 2 + 8 * 8, /* Min key size */
1341 MIN_RSA_SHA384_PSS_BITS = 384 * 2 + 8 * 8, /* Min key size */
1342
1343#ifndef NO_RSA
1344 MAX_CERT_VERIFY_SZ = 4096 / 8, /* max RSA - default 4096-bits */
1345#elif defined(HAVE_ECC)
1346 MAX_CERT_VERIFY_SZ = ECC_MAX_SIG_SIZE, /* max ECC */
1347#elif defined(HAVE_ED25519)
1348 MAX_CERT_VERIFY_SZ = ED25519_SIG_SIZE, /* max Ed25519 */
1349#else
1350 MAX_CERT_VERIFY_SZ = 1024, /* max default */
1351#endif
1352 CLIENT_HELLO_FIRST = 35, /* Protocol + RAN_LEN + sizeof(id_len) */
1353 MAX_SUITE_NAME = 48, /* maximum length of cipher suite string */
1354
1355 DTLS_TIMEOUT_INIT = 1, /* default timeout init for DTLS receive */
1356 DTLS_TIMEOUT_MAX = 64, /* default max timeout for DTLS receive */
1357 DTLS_TIMEOUT_MULTIPLIER = 2, /* default timeout multiplier for DTLS recv */
1358
1359 MAX_PSK_ID_LEN = 128, /* max psk identity/hint supported */
1360 NULL_TERM_LEN = 1, /* length of null '\0' termination character */
1361 MAX_PSK_KEY_LEN = 64, /* max psk key supported */
1362 MIN_PSK_ID_LEN = 6, /* min length of identities */
1363 MIN_PSK_BINDERS_LEN= 33, /* min length of binders */
1364 MAX_TICKET_AGE_SECS= 10, /* maximum ticket age in seconds */
1365
1366 MAX_WOLFSSL_FILE_SIZE = 1024 * 1024 * 4, /* 4 mb file size alloc limit */
1367
1368#if defined(HAVE_EX_DATA) || defined(FORTRESS)
1369 MAX_EX_DATA = 5, /* allow for five items of ex_data */
1370#endif
1371
1372 MAX_X509_SIZE = 2048, /* max static x509 buffer size */
1373 CERT_MIN_SIZE = 256, /* min PEM cert size with header/footer */
1374
1375 MAX_NTRU_PUB_KEY_SZ = 1027, /* NTRU max for now */
1376 MAX_NTRU_ENCRYPT_SZ = 1027, /* NTRU max for now */
1377 MAX_NTRU_BITS = 256, /* max symmetric bit strength */
1378 NO_SNIFF = 0, /* not sniffing */
1379 SNIFF = 1, /* currently sniffing */
1380
1381 HASH_SIG_SIZE = 2, /* default SHA1 RSA */
1382
1383 NO_COPY = 0, /* should we copy static buffer for write */
1384 COPY = 1, /* should we copy static buffer for write */
1385
1386 INVALID_PEER_ID = 0xFFFF, /* Initialize value for peer ID. */
1387
1388 PREV_ORDER = -1, /* Sequence number is in previous epoch. */
1389 PEER_ORDER = 1, /* Peer sequence number for verify. */
1390 CUR_ORDER = 0, /* Current sequence number. */
1391 WRITE_PROTO = 1, /* writing a protocol message */
1392 READ_PROTO = 0 /* reading a protocol message */
1393};
1394
1395/* minimum Downgrade Minor version */
1396#ifndef WOLFSSL_MIN_DOWNGRADE
1397 #ifndef NO_OLD_TLS
1398 #define WOLFSSL_MIN_DOWNGRADE TLSv1_MINOR
1399 #else
1400 #define WOLFSSL_MIN_DOWNGRADE TLSv1_2_MINOR
1401 #endif
1402#endif
1403
1404/* Set max implicit IV size for AEAD cipher suites */
1405#define AEAD_MAX_IMP_SZ 12
1406
1407/* Set max explicit IV size for AEAD cipher suites */
1408#define AEAD_MAX_EXP_SZ 8
1409
1410
1411#ifndef WOLFSSL_MAX_SUITE_SZ
1412 #define WOLFSSL_MAX_SUITE_SZ 300
1413 /* 150 suites for now! */
1414#endif
1415
1416/* number of items in the signature algo list */
1417#ifndef WOLFSSL_MAX_SIGALGO
1418 #define WOLFSSL_MAX_SIGALGO 32
1419#endif
1420
1421
1422/* set minimum ECC key size allowed */
1423#ifndef WOLFSSL_MIN_ECC_BITS
1424 #ifdef WOLFSSL_MAX_STRENGTH
1425 #define WOLFSSL_MIN_ECC_BITS 256
1426 #else
1427 #define WOLFSSL_MIN_ECC_BITS 224
1428 #endif
1429#endif /* WOLFSSL_MIN_ECC_BITS */
1430#if (WOLFSSL_MIN_ECC_BITS % 8)
1431 /* Some ECC keys are not divisable by 8 such as prime239v1 or sect131r1.
1432 In these cases round down to the nearest value divisable by 8. The
1433 restriction of being divisable by 8 is in place to match wc_ecc_size
1434 function from wolfSSL.
1435 */
1436 #error ECC minimum bit size must be a multiple of 8
1437#endif
1438#define MIN_ECCKEY_SZ (WOLFSSL_MIN_ECC_BITS / 8)
1439
1440/* set minimum RSA key size allowed */
1441#ifndef WOLFSSL_MIN_RSA_BITS
1442 #ifdef WOLFSSL_MAX_STRENGTH
1443 #define WOLFSSL_MIN_RSA_BITS 2048
1444 #else
1445 #define WOLFSSL_MIN_RSA_BITS 1024
1446 #endif
1447#endif /* WOLFSSL_MIN_RSA_BITS */
1448#if (WOLFSSL_MIN_RSA_BITS % 8)
1449 /* This is to account for the example case of a min size of 2050 bits but
1450 still allows 2049 bit key. So we need the measurment to be in bytes. */
1451 #error RSA minimum bit size must be a multiple of 8
1452#endif
1453#define MIN_RSAKEY_SZ (WOLFSSL_MIN_RSA_BITS / 8)
1454
1455#ifdef SESSION_INDEX
1456/* Shift values for making a session index */
1457#define SESSIDX_ROW_SHIFT 4
1458#define SESSIDX_IDX_MASK 0x0F
1459#endif
1460
1461
1462/* max cert chain peer depth */
1463#ifndef MAX_CHAIN_DEPTH
1464 #define MAX_CHAIN_DEPTH 9
1465#endif
1466
1467/* max size of a certificate message payload */
1468/* assumes MAX_CHAIN_DEPTH number of certificates at 2kb per certificate */
1469#ifndef MAX_CERTIFICATE_SZ
1470 #define MAX_CERTIFICATE_SZ \
1471 CERT_HEADER_SZ + \
1472 (MAX_X509_SIZE + CERT_HEADER_SZ) * MAX_CHAIN_DEPTH
1473#endif
1474
1475/* max size of a handshake message, currently set to the certificate */
1476#ifndef MAX_HANDSHAKE_SZ
1477 #define MAX_HANDSHAKE_SZ MAX_CERTIFICATE_SZ
1478#endif
1479
1480#ifndef SESSION_TICKET_LEN
1481 #define SESSION_TICKET_LEN 256
1482#endif
1483
1484#ifndef SESSION_TICKET_HINT_DEFAULT
1485 #define SESSION_TICKET_HINT_DEFAULT 300
1486#endif
1487
1488
1489/* don't use extra 3/4k stack space unless need to */
1490#ifdef HAVE_NTRU
1491 #define MAX_ENCRYPT_SZ MAX_NTRU_ENCRYPT_SZ
1492#else
1493 #define MAX_ENCRYPT_SZ ENCRYPT_LEN
1494#endif
1495
1496
1497/* states */
1498enum states {
1499 NULL_STATE = 0,
1500
1501 SERVER_HELLOVERIFYREQUEST_COMPLETE,
1502 SERVER_HELLO_RETRY_REQUEST_COMPLETE,
1503 SERVER_HELLO_COMPLETE,
1504 SERVER_ENCRYPTED_EXTENSIONS_COMPLETE,
1505 SERVER_CERT_COMPLETE,
1506 SERVER_KEYEXCHANGE_COMPLETE,
1507 SERVER_HELLODONE_COMPLETE,
1508 SERVER_CHANGECIPHERSPEC_COMPLETE,
1509 SERVER_FINISHED_COMPLETE,
1510
1511 CLIENT_HELLO_RETRY,
1512 CLIENT_HELLO_COMPLETE,
1513 CLIENT_KEYEXCHANGE_COMPLETE,
1514 CLIENT_CHANGECIPHERSPEC_COMPLETE,
1515 CLIENT_FINISHED_COMPLETE,
1516
1517 HANDSHAKE_DONE
1518};
1519
1520/* SSL Version */
1521typedef struct ProtocolVersion {
1522 byte major;
1523 byte minor;
1524} WOLFSSL_PACK ProtocolVersion;
1525
1526
1527WOLFSSL_LOCAL ProtocolVersion MakeSSLv3(void);
1528WOLFSSL_LOCAL ProtocolVersion MakeTLSv1(void);
1529WOLFSSL_LOCAL ProtocolVersion MakeTLSv1_1(void);
1530WOLFSSL_LOCAL ProtocolVersion MakeTLSv1_2(void);
1531WOLFSSL_LOCAL ProtocolVersion MakeTLSv1_3(void);
1532
1533#ifdef WOLFSSL_DTLS
1534 WOLFSSL_LOCAL ProtocolVersion MakeDTLSv1(void);
1535 WOLFSSL_LOCAL ProtocolVersion MakeDTLSv1_2(void);
1536
1537 #ifdef WOLFSSL_SESSION_EXPORT
1538 WOLFSSL_LOCAL int wolfSSL_dtls_import_internal(WOLFSSL* ssl, byte* buf,
1539 word32 sz);
1540 WOLFSSL_LOCAL int wolfSSL_dtls_export_internal(WOLFSSL* ssl, byte* buf,
1541 word32 sz);
1542 WOLFSSL_LOCAL int wolfSSL_send_session(WOLFSSL* ssl);
1543 #endif
1544#endif
1545
1546
1547/* wolfSSL BIO_METHOD type */
1548struct WOLFSSL_BIO_METHOD {
1549 byte type; /* method type */
1550};
1551
1552
1553/* wolfSSL BIO type */
1554struct WOLFSSL_BIO {
1555 WOLFSSL_BUF_MEM* mem_buf;
1556 WOLFSSL* ssl; /* possible associated ssl */
1557#ifndef NO_FILESYSTEM
1558 XFILE file;
1559#endif
1560 WOLFSSL_BIO* prev; /* previous in chain */
1561 WOLFSSL_BIO* next; /* next in chain */
1562 WOLFSSL_BIO* pair; /* BIO paired with */
1563 void* heap; /* user heap hint */
1564 byte* mem; /* memory buffer */
1565 int wrSz; /* write buffer size (mem) */
1566 int wrIdx; /* current index for write buffer */
1567 int rdIdx; /* current read index */
1568 int readRq; /* read request */
1569 int memLen; /* memory buffer length */
1570 int fd; /* possible file descriptor */
1571 int eof; /* eof flag */
1572 int flags;
1573 byte type; /* method type */
1574 byte close; /* close flag */
1575};
1576
1577
1578/* wolfSSL method type */
1579struct WOLFSSL_METHOD {
1580 ProtocolVersion version;
1581 byte side; /* connection side, server or client */
1582 byte downgrade; /* whether to downgrade version, default no */
1583};
1584
1585/* wolfSSL buffer type - internal uses "buffer" type */
1586typedef WOLFSSL_BUFFER_INFO buffer;
1587
1588typedef struct Suites Suites;
1589
1590
1591/* defaults to client */
1592WOLFSSL_LOCAL void InitSSL_Method(WOLFSSL_METHOD*, ProtocolVersion);
1593
1594WOLFSSL_LOCAL int InitSSL_Suites(WOLFSSL* ssl);
1595WOLFSSL_LOCAL int InitSSL_Side(WOLFSSL* ssl, word16 side);
1596
1597/* for sniffer */
1598WOLFSSL_LOCAL int DoFinished(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
1599 word32 size, word32 totalSz, int sniff);
1600WOLFSSL_LOCAL int DoApplicationData(WOLFSSL* ssl, byte* input, word32* inOutIdx);
1601/* TLS v1.3 needs these */
1602WOLFSSL_LOCAL int HandleTlsResumption(WOLFSSL* ssl, int bogusID,
1603 Suites* clSuites);
1604WOLFSSL_LOCAL int DoClientHello(WOLFSSL* ssl, const byte* input, word32*,
1605 word32);
1606#ifdef WOLFSSL_TLS13
1607WOLFSSL_LOCAL int DoTls13ClientHello(WOLFSSL* ssl, const byte* input,
1608 word32* inOutIdx, word32 helloSz);
1609#endif
1610WOLFSSL_LOCAL int DoServerHello(WOLFSSL* ssl, const byte* input, word32*,
1611 word32);
1612WOLFSSL_LOCAL int CompleteServerHello(WOLFSSL *ssl);
1613WOLFSSL_LOCAL int CheckVersion(WOLFSSL *ssl, ProtocolVersion pv);
1614WOLFSSL_LOCAL void PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo,
1615 word32 hashSigAlgoSz);
1616WOLFSSL_LOCAL int DecodePrivateKey(WOLFSSL *ssl, word16* length);
1617#ifdef HAVE_PK_CALLBACKS
1618WOLFSSL_LOCAL int GetPrivateKeySigSize(WOLFSSL* ssl);
1619#ifndef NO_ASN
1620 WOLFSSL_LOCAL int InitSigPkCb(WOLFSSL* ssl, SignatureCtx* sigCtx);
1621#endif
1622#endif
1623WOLFSSL_LOCAL void FreeKeyExchange(WOLFSSL* ssl);
1624WOLFSSL_LOCAL int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, word32 size);
1625WOLFSSL_LOCAL int MatchDomainName(const char* pattern, int len, const char* str);
1626#ifndef NO_CERTS
1627WOLFSSL_LOCAL int CheckAltNames(DecodedCert* dCert, char* domain);
1628#endif
1629WOLFSSL_LOCAL int CreateTicket(WOLFSSL* ssl);
1630WOLFSSL_LOCAL int HashOutputRaw(WOLFSSL* ssl, const byte* output, int sz);
1631WOLFSSL_LOCAL int HashOutput(WOLFSSL* ssl, const byte* output, int sz,
1632 int ivSz);
1633WOLFSSL_LOCAL int HashInput(WOLFSSL* ssl, const byte* input, int sz);
1634#if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
1635WOLFSSL_LOCAL int SNI_Callback(WOLFSSL* ssl);
1636#endif
1637#ifdef WOLFSSL_TLS13
1638WOLFSSL_LOCAL int DecryptTls13(WOLFSSL* ssl, byte* output, const byte* input,
1639 word16 sz, const byte* aad, word16 aadSz);
1640WOLFSSL_LOCAL int DoTls13HandShakeMsgType(WOLFSSL* ssl, byte* input,
1641 word32* inOutIdx, byte type,
1642 word32 size, word32 totalSz);
1643WOLFSSL_LOCAL int DoTls13HandShakeMsg(WOLFSSL* ssl, byte* input,
1644 word32* inOutIdx, word32 totalSz);
1645WOLFSSL_LOCAL int DoTls13ServerHello(WOLFSSL* ssl, const byte* input,
1646 word32* inOutIdx, word32 helloSz,
1647 byte* extMsgType);
1648#endif
1649int TimingPadVerify(WOLFSSL* ssl, const byte* input, int padLen, int t,
1650 int pLen, int content);
1651
1652
1653enum {
1654 FORCED_FREE = 1,
1655 NO_FORCED_FREE = 0
1656};
1657
1658
1659/* only use compression extra if using compression */
1660#ifdef HAVE_LIBZ
1661 #define COMP_EXTRA MAX_COMP_EXTRA
1662#else
1663 #define COMP_EXTRA 0
1664#endif
1665
1666/* only the sniffer needs space in the buffer for extra MTU record(s) */
1667#ifdef WOLFSSL_SNIFFER
1668 #define MTU_EXTRA MAX_MTU * 3
1669#else
1670 #define MTU_EXTRA 0
1671#endif
1672
1673
1674/* embedded callbacks require large static buffers, make sure on */
1675#ifdef WOLFSSL_CALLBACKS
1676 #undef LARGE_STATIC_BUFFERS
1677 #define LARGE_STATIC_BUFFERS
1678#endif
1679
1680
1681/* give user option to use 16K static buffers */
1682#if defined(LARGE_STATIC_BUFFERS)
1683 #define RECORD_SIZE MAX_RECORD_SIZE
1684#else
1685 #ifdef WOLFSSL_DTLS
1686 #define RECORD_SIZE MAX_MTU
1687 #else
1688 #define RECORD_SIZE 128
1689 #endif
1690#endif
1691
1692
1693/* user option to turn off 16K output option */
1694/* if using small static buffers (default) and SSL_write tries to write data
1695 larger than the record we have, dynamically get it, unless user says only
1696 write in static buffer chunks */
1697#ifndef STATIC_CHUNKS_ONLY
1698 #define OUTPUT_RECORD_SIZE MAX_RECORD_SIZE
1699#else
1700 #define OUTPUT_RECORD_SIZE RECORD_SIZE
1701#endif
1702
1703/* wolfSSL input buffer
1704
1705 RFC 2246:
1706
1707 length
1708 The length (in bytes) of the following TLSPlaintext.fragment.
1709 The length should not exceed 2^14.
1710*/
1711#if defined(LARGE_STATIC_BUFFERS)
1712 #define STATIC_BUFFER_LEN RECORD_HEADER_SZ + RECORD_SIZE + COMP_EXTRA + \
1713 MTU_EXTRA + MAX_MSG_EXTRA
1714#else
1715 /* don't fragment memory from the record header */
1716 #define STATIC_BUFFER_LEN RECORD_HEADER_SZ
1717#endif
1718
1719typedef struct {
1720 ALIGN16 byte staticBuffer[STATIC_BUFFER_LEN];
1721 byte* buffer; /* place holder for static or dynamic buffer */
1722 word32 length; /* total buffer length used */
1723 word32 idx; /* idx to part of length already consumed */
1724 word32 bufferSize; /* current buffer size */
1725 byte dynamicFlag; /* dynamic memory currently in use */
1726 byte offset; /* alignment offset attempt */
1727} bufferStatic;
1728
1729/* Cipher Suites holder */
1730struct Suites {
1731 word16 suiteSz; /* suite length in bytes */
1732 word16 hashSigAlgoSz; /* SigAlgo extension length in bytes */
1733 byte suites[WOLFSSL_MAX_SUITE_SZ];
1734 byte hashSigAlgo[WOLFSSL_MAX_SIGALGO]; /* sig/algo to offer */
1735 byte setSuites; /* user set suites from default */
1736 byte hashAlgo; /* selected hash algorithm */
1737 byte sigAlgo; /* selected sig algorithm */
1738};
1739
1740
1741WOLFSSL_LOCAL void InitSuitesHashSigAlgo(Suites* suites, int haveECDSAsig,
1742 int haveRSAsig, int haveAnon,
1743 int tls1_2, int keySz);
1744WOLFSSL_LOCAL void InitSuites(Suites*, ProtocolVersion, int, word16, word16,
1745 word16, word16, word16, word16, word16, int);
1746WOLFSSL_LOCAL int MatchSuite(WOLFSSL* ssl, Suites* peerSuites);
1747WOLFSSL_LOCAL int SetCipherList(WOLFSSL_CTX*, Suites*, const char* list);
1748
1749#ifndef PSK_TYPES_DEFINED
1750 typedef unsigned int (*wc_psk_client_callback)(WOLFSSL*, const char*, char*,
1751 unsigned int, unsigned char*, unsigned int);
1752 typedef unsigned int (*wc_psk_server_callback)(WOLFSSL*, const char*,
1753 unsigned char*, unsigned int);
1754#ifdef WOLFSSL_TLS13
1755 typedef unsigned int (*wc_psk_client_tls13_callback)(WOLFSSL*, const char*,
1756 char*, unsigned int, unsigned char*, unsigned int,
1757 const char**);
1758 typedef unsigned int (*wc_psk_server_tls13_callback)(WOLFSSL*, const char*,
1759 unsigned char*, unsigned int, const char**);
1760#endif
1761#endif /* PSK_TYPES_DEFINED */
1762#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_SESSION_EXPORT) && \
1763 !defined(WOLFSSL_DTLS_EXPORT_TYPES)
1764 typedef int (*wc_dtls_export)(WOLFSSL* ssl,
1765 unsigned char* exportBuffer, unsigned int sz, void* userCtx);
1766#define WOLFSSL_DTLS_EXPORT_TYPES
1767#endif /* WOLFSSL_DTLS_EXPORT_TYPES */
1768
1769
1770/* wolfSSL Cipher type just points back to SSL */
1771struct WOLFSSL_CIPHER {
1772 WOLFSSL* ssl;
1773};
1774
1775
1776typedef struct OcspEntry OcspEntry;
1777
1778#ifdef NO_SHA
1779 #define OCSP_DIGEST_SIZE WC_SHA256_DIGEST_SIZE
1780#else
1781 #define OCSP_DIGEST_SIZE WC_SHA_DIGEST_SIZE
1782#endif
1783
1784#ifdef NO_ASN
1785 /* no_asn won't have */
1786 typedef struct CertStatus CertStatus;
1787#endif
1788
1789struct OcspEntry {
1790 OcspEntry* next; /* next entry */
1791 byte issuerHash[OCSP_DIGEST_SIZE]; /* issuer hash */
1792 byte issuerKeyHash[OCSP_DIGEST_SIZE]; /* issuer public key hash */
1793 CertStatus* status; /* OCSP response list */
1794 int totalStatus; /* number on list */
1795};
1796
1797
1798#ifndef HAVE_OCSP
1799 typedef struct WOLFSSL_OCSP WOLFSSL_OCSP;
1800#endif
1801
1802/* wolfSSL OCSP controller */
1803struct WOLFSSL_OCSP {
1804 WOLFSSL_CERT_MANAGER* cm; /* pointer back to cert manager */
1805 OcspEntry* ocspList; /* OCSP response list */
1806 wolfSSL_Mutex ocspLock; /* OCSP list lock */
1807#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || \
1808 defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
1809 int(*statusCb)(WOLFSSL*, void*);
1810#endif
1811};
1812
1813#ifndef MAX_DATE_SIZE
1814#define MAX_DATE_SIZE 32
1815#endif
1816
1817typedef struct CRL_Entry CRL_Entry;
1818
1819#ifdef NO_SHA
1820 #define CRL_DIGEST_SIZE WC_SHA256_DIGEST_SIZE
1821#else
1822 #define CRL_DIGEST_SIZE WC_SHA_DIGEST_SIZE
1823#endif
1824
1825#ifdef NO_ASN
1826 typedef struct RevokedCert RevokedCert;
1827#endif
1828
1829/* Complete CRL */
1830struct CRL_Entry {
1831 CRL_Entry* next; /* next entry */
1832 byte issuerHash[CRL_DIGEST_SIZE]; /* issuer hash */
1833 /* byte crlHash[CRL_DIGEST_SIZE]; raw crl data hash */
1834 /* restore the hash here if needed for optimized comparisons */
1835 byte lastDate[MAX_DATE_SIZE]; /* last date updated */
1836 byte nextDate[MAX_DATE_SIZE]; /* next update date */
1837 byte lastDateFormat; /* last date format */
1838 byte nextDateFormat; /* next date format */
1839 RevokedCert* certs; /* revoked cert list */
1840 int totalCerts; /* number on list */
1841 int verified;
1842 byte* toBeSigned;
1843 word32 tbsSz;
1844 byte* signature;
1845 word32 signatureSz;
1846 word32 signatureOID;
1847#if !defined(NO_SKID) && defined(CRL_SKID_READY)
1848 byte extAuthKeyIdSet;
1849 byte extAuthKeyId[KEYID_SIZE];
1850#endif
1851};
1852
1853
1854typedef struct CRL_Monitor CRL_Monitor;
1855
1856/* CRL directory monitor */
1857struct CRL_Monitor {
1858 char* path; /* full dir path, if valid pointer we're using */
1859 int type; /* PEM or ASN1 type */
1860};
1861
1862
1863#if defined(HAVE_CRL) && defined(NO_FILESYSTEM)
1864 #undef HAVE_CRL_MONITOR
1865#endif
1866
1867/* wolfSSL CRL controller */
1868struct WOLFSSL_CRL {
1869 WOLFSSL_CERT_MANAGER* cm; /* pointer back to cert manager */
1870 CRL_Entry* crlList; /* our CRL list */
1871#ifdef HAVE_CRL_IO
1872 CbCrlIO crlIOCb;
1873#endif
1874 wolfSSL_Mutex crlLock; /* CRL list lock */
1875 CRL_Monitor monitors[2]; /* PEM and DER possible */
1876#ifdef HAVE_CRL_MONITOR
1877 pthread_cond_t cond; /* condition to signal setup */
1878 pthread_t tid; /* monitoring thread */
1879 int mfd; /* monitor fd, -1 if no init yet */
1880 int setup; /* thread is setup predicate */
1881#endif
1882 void* heap; /* heap hint for dynamic memory */
1883};
1884
1885
1886#ifdef NO_ASN
1887 typedef struct Signer Signer;
1888#ifdef WOLFSSL_TRUST_PEER_CERT
1889 typedef struct TrustedPeerCert TrustedPeerCert;
1890#endif
1891#endif
1892
1893
1894#ifndef CA_TABLE_SIZE
1895 #define CA_TABLE_SIZE 11
1896#endif
1897#ifdef WOLFSSL_TRUST_PEER_CERT
1898 #define TP_TABLE_SIZE 11
1899#endif
1900
1901/* wolfSSL Certificate Manager */
1902struct WOLFSSL_CERT_MANAGER {
1903 Signer* caTable[CA_TABLE_SIZE]; /* the CA signer table */
1904 void* heap; /* heap helper */
1905#ifdef WOLFSSL_TRUST_PEER_CERT
1906 TrustedPeerCert* tpTable[TP_TABLE_SIZE]; /* table of trusted peer certs */
1907 wolfSSL_Mutex tpLock; /* trusted peer list lock */
1908#endif
1909 WOLFSSL_CRL* crl; /* CRL checker */
1910 WOLFSSL_OCSP* ocsp; /* OCSP checker */
1911#if !defined(NO_WOLFSSL_SERVER) && (defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
1912 || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2))
1913 WOLFSSL_OCSP* ocsp_stapling; /* OCSP checker for OCSP stapling */
1914#endif
1915 char* ocspOverrideURL; /* use this responder */
1916 void* ocspIOCtx; /* I/O callback CTX */
1917 CallbackCACache caCacheCallback; /* CA cache addition callback */
1918 CbMissingCRL cbMissingCRL; /* notify through cb of missing crl */
1919 CbOCSPIO ocspIOCb; /* I/O callback for OCSP lookup */
1920 CbOCSPRespFree ocspRespFreeCb; /* Frees OCSP Response from IO Cb */
1921 wolfSSL_Mutex caLock; /* CA list lock */
1922 byte crlEnabled; /* is CRL on ? */
1923 byte crlCheckAll; /* always leaf, but all ? */
1924 byte ocspEnabled; /* is OCSP on ? */
1925 byte ocspCheckAll; /* always leaf, but all ? */
1926 byte ocspSendNonce; /* send the OCSP nonce ? */
1927 byte ocspUseOverrideURL; /* ignore cert's responder, override */
1928 byte ocspStaplingEnabled; /* is OCSP Stapling on ? */
1929
1930#ifndef NO_RSA
1931 short minRsaKeySz; /* minimum allowed RSA key size */
1932#endif
1933#if defined(HAVE_ECC) || defined(HAVE_ED25519)
1934 short minEccKeySz; /* minimum allowed ECC key size */
1935#endif
1936};
1937
1938WOLFSSL_LOCAL int CM_SaveCertCache(WOLFSSL_CERT_MANAGER*, const char*);
1939WOLFSSL_LOCAL int CM_RestoreCertCache(WOLFSSL_CERT_MANAGER*, const char*);
1940WOLFSSL_LOCAL int CM_MemSaveCertCache(WOLFSSL_CERT_MANAGER*, void*, int, int*);
1941WOLFSSL_LOCAL int CM_MemRestoreCertCache(WOLFSSL_CERT_MANAGER*, const void*, int);
1942WOLFSSL_LOCAL int CM_GetCertCacheMemSize(WOLFSSL_CERT_MANAGER*);
1943
1944/* wolfSSL Sock Addr */
1945struct WOLFSSL_SOCKADDR {
1946 unsigned int sz; /* sockaddr size */
1947 void* sa; /* pointer to the sockaddr_in or sockaddr_in6 */
1948};
1949
1950typedef struct WOLFSSL_DTLS_CTX {
1951 WOLFSSL_SOCKADDR peer;
1952 int rfd;
1953 int wfd;
1954} WOLFSSL_DTLS_CTX;
1955
1956
1957typedef struct WOLFSSL_DTLS_PEERSEQ {
1958 word32 window[WOLFSSL_DTLS_WINDOW_WORDS];
1959 /* Sliding window for current epoch */
1960 word16 nextEpoch; /* Expected epoch in next record */
1961 word16 nextSeq_hi; /* Expected sequence in next record */
1962 word32 nextSeq_lo;
1963
1964 word32 prevWindow[WOLFSSL_DTLS_WINDOW_WORDS];
1965 /* Sliding window for old epoch */
1966 word32 prevSeq_lo;
1967 word16 prevSeq_hi; /* Next sequence in allowed old epoch */
1968
1969#ifdef WOLFSSL_MULTICAST
1970 word16 peerId;
1971 word32 highwaterMark;
1972#endif
1973} WOLFSSL_DTLS_PEERSEQ;
1974
1975
1976#define MAX_WRITE_IV_SZ 16 /* max size of client/server write_IV */
1977
1978/* keys and secrets
1979 * keep as a constant size (no additional ifdefs) for session export */
1980typedef struct Keys {
1981#if !defined(WOLFSSL_AEAD_ONLY) || defined(WOLFSSL_TLS13)
1982 byte client_write_MAC_secret[WC_MAX_DIGEST_SIZE]; /* max sizes */
1983 byte server_write_MAC_secret[WC_MAX_DIGEST_SIZE];
1984#endif
1985 byte client_write_key[MAX_SYM_KEY_SIZE]; /* max sizes */
1986 byte server_write_key[MAX_SYM_KEY_SIZE];
1987 byte client_write_IV[MAX_WRITE_IV_SZ]; /* max sizes */
1988 byte server_write_IV[MAX_WRITE_IV_SZ];
1989#if defined(HAVE_AEAD) || defined(WOLFSSL_SESSION_EXPORT)
1990 byte aead_exp_IV[AEAD_MAX_EXP_SZ];
1991 byte aead_enc_imp_IV[AEAD_MAX_IMP_SZ];
1992 byte aead_dec_imp_IV[AEAD_MAX_IMP_SZ];
1993#endif
1994
1995 word32 peer_sequence_number_hi;
1996 word32 peer_sequence_number_lo;
1997 word32 sequence_number_hi;
1998 word32 sequence_number_lo;
1999
2000#ifdef WOLFSSL_DTLS
2001 word16 curEpoch; /* Received epoch in current record */
2002 word16 curSeq_hi; /* Received sequence in current record */
2003 word32 curSeq_lo;
2004#ifdef WOLFSSL_MULTICAST
2005 byte curPeerId; /* Received peer group ID in current record */
2006#endif
2007 WOLFSSL_DTLS_PEERSEQ peerSeq[WOLFSSL_DTLS_PEERSEQ_SZ];
2008
2009 word16 dtls_peer_handshake_number;
2010 word16 dtls_expected_peer_handshake_number;
2011
2012 word16 dtls_epoch; /* Current epoch */
2013 word16 dtls_sequence_number_hi; /* Current epoch */
2014 word32 dtls_sequence_number_lo;
2015 word16 dtls_prev_sequence_number_hi; /* Previous epoch */
2016 word32 dtls_prev_sequence_number_lo;
2017 word16 dtls_handshake_number; /* Current tx handshake seq */
2018#endif
2019
2020 word32 encryptSz; /* last size of encrypted data */
2021 word32 padSz; /* how much to advance after decrypt part */
2022 byte encryptionOn; /* true after change cipher spec */
2023 byte decryptedCur; /* only decrypt current record once */
2024#ifdef WOLFSSL_TLS13
2025 byte updateResponseReq:1; /* KeyUpdate response from peer required. */
2026 byte keyUpdateRespond:1; /* KeyUpdate is to be responded to. */
2027#endif
2028} Keys;
2029
2030
2031
2032/** TLS Extensions - RFC 6066 */
2033#ifdef HAVE_TLS_EXTENSIONS
2034
2035typedef enum {
2036 TLSX_SERVER_NAME = 0x0000, /* a.k.a. SNI */
2037 TLSX_MAX_FRAGMENT_LENGTH = 0x0001,
2038 TLSX_TRUNCATED_HMAC = 0x0004,
2039 TLSX_STATUS_REQUEST = 0x0005, /* a.k.a. OCSP stapling */
2040 TLSX_SUPPORTED_GROUPS = 0x000a, /* a.k.a. Supported Curves */
2041 TLSX_EC_POINT_FORMATS = 0x000b,
2042 TLSX_SIGNATURE_ALGORITHMS = 0x000d,
2043 TLSX_APPLICATION_LAYER_PROTOCOL = 0x0010, /* a.k.a. ALPN */
2044 TLSX_STATUS_REQUEST_V2 = 0x0011, /* a.k.a. OCSP stapling v2 */
2045 TLSX_QUANTUM_SAFE_HYBRID = 0x0018, /* a.k.a. QSH */
2046 TLSX_SESSION_TICKET = 0x0023,
2047#ifdef WOLFSSL_TLS13
2048 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
2049 TLSX_PRE_SHARED_KEY = 0x0029,
2050 #endif
2051 #ifdef WOLFSSL_EARLY_DATA
2052 TLSX_EARLY_DATA = 0x002a,
2053 #endif
2054 TLSX_SUPPORTED_VERSIONS = 0x002b,
2055 TLSX_COOKIE = 0x002c,
2056 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
2057 TLSX_PSK_KEY_EXCHANGE_MODES = 0x002d,
2058 #endif
2059 #ifdef WOLFSSL_POST_HANDSHAKE_AUTH
2060 TLSX_POST_HANDSHAKE_AUTH = 0x0031,
2061 #endif
2062 #if defined(WOLFSSL_TLS13_DRAFT_18) || defined(WOLFSSL_TLS13_DRAFT_22)
2063 TLSX_KEY_SHARE = 0x0028,
2064 #else
2065 TLSX_SIGNATURE_ALGORITHMS_CERT = 0x0032,
2066 TLSX_KEY_SHARE = 0x0033,
2067 #endif
2068#endif
2069 TLSX_RENEGOTIATION_INFO = 0xff01
2070} TLSX_Type;
2071
2072typedef struct TLSX {
2073 TLSX_Type type; /* Extension Type */
2074 void* data; /* Extension Data */
2075 word32 val; /* Extension Value */
2076 byte resp; /* IsResponse Flag */
2077 struct TLSX* next; /* List Behavior */
2078} TLSX;
2079
2080WOLFSSL_LOCAL TLSX* TLSX_Find(TLSX* list, TLSX_Type type);
2081WOLFSSL_LOCAL void TLSX_Remove(TLSX** list, TLSX_Type type, void* heap);
2082WOLFSSL_LOCAL void TLSX_FreeAll(TLSX* list, void* heap);
2083WOLFSSL_LOCAL int TLSX_SupportExtensions(WOLFSSL* ssl);
2084WOLFSSL_LOCAL int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isRequest);
2085
2086#if defined(WOLFSSL_TLS13) || !defined(NO_WOLFSSL_CLIENT)
2087WOLFSSL_LOCAL int TLSX_GetRequestSize(WOLFSSL* ssl, byte msgType,
2088 word16* pLength);
2089WOLFSSL_LOCAL int TLSX_WriteRequest(WOLFSSL* ssl, byte* output,
2090 byte msgType, word16* pOffset);
2091#endif
2092
2093#if defined(WOLFSSL_TLS13) || !defined(NO_WOLFSSL_SERVER)
2094/* TLS 1.3 Certificate messages have extensions. */
2095WOLFSSL_LOCAL int TLSX_GetResponseSize(WOLFSSL* ssl, byte msgType,
2096 word16* pLength);
2097WOLFSSL_LOCAL int TLSX_WriteResponse(WOLFSSL *ssl, byte* output, byte msgType,
2098 word16* pOffset);
2099#endif
2100
2101WOLFSSL_LOCAL int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length,
2102 byte msgType, Suites *suites);
2103
2104#elif defined(HAVE_SNI) \
2105 || defined(HAVE_MAX_FRAGMENT) \
2106 || defined(HAVE_TRUNCATED_HMAC) \
2107 || defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
2108 || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) \
2109 || defined(HAVE_SUPPORTED_CURVES) \
2110 || defined(HAVE_ALPN) \
2111 || defined(HAVE_QSH) \
2112 || defined(HAVE_SESSION_TICKET) \
2113 || defined(HAVE_SECURE_RENEGOTIATION) \
2114 || defined(HAVE_SERVER_RENEGOTIATION_INFO)
2115
2116#error Using TLS extensions requires HAVE_TLS_EXTENSIONS to be defined.
2117
2118#endif /* HAVE_TLS_EXTENSIONS */
2119
2120/** Server Name Indication - RFC 6066 (session 3) */
2121#ifdef HAVE_SNI
2122
2123typedef struct SNI {
2124 byte type; /* SNI Type */
2125 union { char* host_name; } data; /* SNI Data */
2126 struct SNI* next; /* List Behavior */
2127 byte status; /* Matching result */
2128#ifndef NO_WOLFSSL_SERVER
2129 byte options; /* Behavior options */
2130#endif
2131} SNI;
2132
2133WOLFSSL_LOCAL int TLSX_UseSNI(TLSX** extensions, byte type, const void* data,
2134 word16 size, void* heap);
2135WOLFSSL_LOCAL byte TLSX_SNI_Status(TLSX* extensions, byte type);
2136WOLFSSL_LOCAL word16 TLSX_SNI_GetRequest(TLSX* extensions, byte type,
2137 void** data);
2138
2139#ifndef NO_WOLFSSL_SERVER
2140WOLFSSL_LOCAL void TLSX_SNI_SetOptions(TLSX* extensions, byte type,
2141 byte options);
2142WOLFSSL_LOCAL int TLSX_SNI_GetFromBuffer(const byte* buffer, word32 bufferSz,
2143 byte type, byte* sni, word32* inOutSz);
2144#endif
2145
2146#endif /* HAVE_SNI */
2147
2148/* Application-Layer Protocol Negotiation - RFC 7301 */
2149#ifdef HAVE_ALPN
2150typedef struct ALPN {
2151 char* protocol_name; /* ALPN protocol name */
2152 struct ALPN* next; /* List Behavior */
2153 byte options; /* Behavior options */
2154 byte negotiated; /* ALPN protocol negotiated or not */
2155} ALPN;
2156
2157WOLFSSL_LOCAL int TLSX_ALPN_GetRequest(TLSX* extensions,
2158 void** data, word16 *dataSz);
2159
2160WOLFSSL_LOCAL int TLSX_UseALPN(TLSX** extensions, const void* data,
2161 word16 size, byte options, void* heap);
2162
2163WOLFSSL_LOCAL int TLSX_ALPN_SetOptions(TLSX** extensions, const byte option);
2164
2165#endif /* HAVE_ALPN */
2166
2167/** Maximum Fragment Length Negotiation - RFC 6066 (session 4) */
2168#ifdef HAVE_MAX_FRAGMENT
2169
2170WOLFSSL_LOCAL int TLSX_UseMaxFragment(TLSX** extensions, byte mfl, void* heap);
2171
2172#endif /* HAVE_MAX_FRAGMENT */
2173
2174/** Truncated HMAC - RFC 6066 (session 7) */
2175#ifdef HAVE_TRUNCATED_HMAC
2176
2177WOLFSSL_LOCAL int TLSX_UseTruncatedHMAC(TLSX** extensions, void* heap);
2178
2179#endif /* HAVE_TRUNCATED_HMAC */
2180
2181/** Certificate Status Request - RFC 6066 (session 8) */
2182#ifdef HAVE_CERTIFICATE_STATUS_REQUEST
2183
2184typedef struct {
2185 byte status_type;
2186 byte options;
2187 WOLFSSL* ssl;
2188 union {
2189 OcspRequest ocsp;
2190 } request;
2191#if defined(WOLFSSL_TLS13) && !defined(NO_WOLFSSL_SERVER)
2192 buffer response;
2193#endif
2194} CertificateStatusRequest;
2195
2196WOLFSSL_LOCAL int TLSX_UseCertificateStatusRequest(TLSX** extensions,
2197 byte status_type, byte options, WOLFSSL* ssl, void* heap, int devId);
2198#ifndef NO_CERTS
2199WOLFSSL_LOCAL int TLSX_CSR_InitRequest(TLSX* extensions, DecodedCert* cert,
2200 void* heap);
2201#endif
2202WOLFSSL_LOCAL void* TLSX_CSR_GetRequest(TLSX* extensions);
2203WOLFSSL_LOCAL int TLSX_CSR_ForceRequest(WOLFSSL* ssl);
2204
2205#endif
2206
2207/** Certificate Status Request v2 - RFC 6961 */
2208#ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
2209
2210typedef struct CSRIv2 {
2211 byte status_type;
2212 byte options;
2213 word16 requests;
2214 union {
2215 OcspRequest ocsp[1 + MAX_CHAIN_DEPTH];
2216 } request;
2217 struct CSRIv2* next;
2218} CertificateStatusRequestItemV2;
2219
2220WOLFSSL_LOCAL int TLSX_UseCertificateStatusRequestV2(TLSX** extensions,
2221 byte status_type, byte options, void* heap, int devId);
2222#ifndef NO_CERTS
2223WOLFSSL_LOCAL int TLSX_CSR2_InitRequests(TLSX* extensions, DecodedCert* cert,
2224 byte isPeer, void* heap);
2225#endif
2226WOLFSSL_LOCAL void* TLSX_CSR2_GetRequest(TLSX* extensions, byte status_type,
2227 byte index);
2228WOLFSSL_LOCAL int TLSX_CSR2_ForceRequest(WOLFSSL* ssl);
2229
2230#endif
2231
2232/** Supported Elliptic Curves - RFC 4492 (session 4) */
2233#ifdef HAVE_SUPPORTED_CURVES
2234
2235typedef struct SupportedCurve {
2236 word16 name; /* Curve Names */
2237 struct SupportedCurve* next; /* List Behavior */
2238} SupportedCurve;
2239
2240typedef struct PointFormat {
2241 byte format; /* PointFormat */
2242 struct PointFormat* next; /* List Behavior */
2243} PointFormat;
2244
2245WOLFSSL_LOCAL int TLSX_UseSupportedCurve(TLSX** extensions, word16 name,
2246 void* heap);
2247
2248WOLFSSL_LOCAL int TLSX_UsePointFormat(TLSX** extensions, byte point,
2249 void* heap);
2250
2251#ifndef NO_WOLFSSL_SERVER
2252WOLFSSL_LOCAL int TLSX_ValidateSupportedCurves(WOLFSSL* ssl, byte first,
2253 byte second);
2254WOLFSSL_LOCAL int TLSX_SupportedCurve_CheckPriority(WOLFSSL* ssl);
2255#endif
2256WOLFSSL_LOCAL int TLSX_SupportedCurve_Preferred(WOLFSSL* ssl,
2257 int checkSupported);
2258
2259#endif /* HAVE_SUPPORTED_CURVES */
2260
2261/** Renegotiation Indication - RFC 5746 */
2262#if defined(HAVE_SECURE_RENEGOTIATION) \
2263 || defined(HAVE_SERVER_RENEGOTIATION_INFO)
2264
2265enum key_cache_state {
2266 SCR_CACHE_NULL = 0, /* empty / begin state */
2267 SCR_CACHE_NEEDED, /* need to cache keys */
2268 SCR_CACHE_COPY, /* we have a cached copy */
2269 SCR_CACHE_PARTIAL, /* partial restore to real keys */
2270 SCR_CACHE_COMPLETE /* complete restore to real keys */
2271};
2272
2273/* Additional Connection State according to rfc5746 section 3.1 */
2274typedef struct SecureRenegotiation {
2275 byte enabled; /* secure_renegotiation flag in rfc */
2276 byte verifySet;
2277 byte startScr; /* server requested client to start scr */
2278 enum key_cache_state cache_status; /* track key cache state */
2279 byte client_verify_data[TLS_FINISHED_SZ]; /* cached */
2280 byte server_verify_data[TLS_FINISHED_SZ]; /* cached */
2281 byte subject_hash[WC_SHA_DIGEST_SIZE]; /* peer cert hash */
2282 Keys tmp_keys; /* can't overwrite real keys yet */
2283} SecureRenegotiation;
2284
2285WOLFSSL_LOCAL int TLSX_UseSecureRenegotiation(TLSX** extensions, void* heap);
2286
2287#ifdef HAVE_SERVER_RENEGOTIATION_INFO
2288WOLFSSL_LOCAL int TLSX_AddEmptyRenegotiationInfo(TLSX** extensions);
2289#endif
2290
2291#endif /* HAVE_SECURE_RENEGOTIATION */
2292
2293/** Session Ticket - RFC 5077 (session 3.2) */
2294#ifdef HAVE_SESSION_TICKET
2295
2296typedef struct SessionTicket {
2297 word32 lifetime;
2298#ifdef WOLFSSL_TLS13
2299 word64 seen;
2300 word32 ageAdd;
2301#endif
2302 byte* data;
2303 word16 size;
2304} SessionTicket;
2305
2306WOLFSSL_LOCAL int TLSX_UseSessionTicket(TLSX** extensions,
2307 SessionTicket* ticket, void* heap);
2308WOLFSSL_LOCAL SessionTicket* TLSX_SessionTicket_Create(word32 lifetime,
2309 byte* data, word16 size, void* heap);
2310WOLFSSL_LOCAL void TLSX_SessionTicket_Free(SessionTicket* ticket, void* heap);
2311
2312#endif /* HAVE_SESSION_TICKET */
2313
2314/** Quantum-Safe-Hybrid - draft-whyte-qsh-tls12-00 */
2315#ifdef HAVE_QSH
2316
2317typedef struct QSHScheme {
2318 struct QSHScheme* next; /* List Behavior */
2319 byte* PK;
2320 word16 name; /* QSHScheme Names */
2321 word16 PKLen;
2322} QSHScheme;
2323
2324typedef struct QSHkey {
2325 struct QSHKey* next;
2326 word16 name;
2327 buffer pub;
2328 buffer pri;
2329} QSHKey;
2330
2331typedef struct QSHSecret {
2332 QSHScheme* list;
2333 buffer* SerSi;
2334 buffer* CliSi;
2335} QSHSecret;
2336
2337/* used in key exchange during handshake */
2338WOLFSSL_LOCAL int TLSX_QSHCipher_Parse(WOLFSSL* ssl, const byte* input,
2339 word16 length, byte isServer);
2340WOLFSSL_LOCAL word16 TLSX_QSHPK_Write(QSHScheme* list, byte* output);
2341WOLFSSL_LOCAL word16 TLSX_QSH_GetSize(QSHScheme* list, byte isRequest);
2342
2343/* used by api for setting a specific QSH scheme */
2344WOLFSSL_LOCAL int TLSX_UseQSHScheme(TLSX** extensions, word16 name,
2345 byte* pKey, word16 pKeySz, void* heap);
2346
2347/* used when parsing in QSHCipher structs */
2348WOLFSSL_LOCAL int QSH_Decrypt(QSHKey* key, byte* in, word32 szIn,
2349 byte* out, word16* szOut);
2350#ifndef NO_WOLFSSL_SERVER
2351WOLFSSL_LOCAL int TLSX_ValidateQSHScheme(TLSX** extensions, word16 name);
2352#endif
2353
2354#endif /* HAVE_QSH */
2355
2356#ifdef WOLFSSL_TLS13
2357/* Cookie extension information - cookie data. */
2358typedef struct Cookie {
2359 word16 len;
2360 byte data;
2361} Cookie;
2362
2363WOLFSSL_LOCAL int TLSX_Cookie_Use(WOLFSSL* ssl, byte* data, word16 len,
2364 byte* mac, byte macSz, int resp);
2365
2366
2367/* Key Share - TLS v1.3 Specification */
2368
2369/* The KeyShare extension information - entry in a linked list. */
2370typedef struct KeyShareEntry {
2371 word16 group; /* NamedGroup */
2372 byte* ke; /* Key exchange data */
2373 word32 keLen; /* Key exchange data length */
2374 void* key; /* Private key */
2375 word32 keyLen; /* Private key length */
2376 byte* pubKey; /* Public key */
2377 word32 pubKeyLen; /* Public key length */
2378 struct KeyShareEntry* next; /* List pointer */
2379} KeyShareEntry;
2380
2381WOLFSSL_LOCAL int TLSX_KeyShare_Use(WOLFSSL* ssl, word16 group, word16 len,
2382 byte* data, KeyShareEntry **kse);
2383WOLFSSL_LOCAL int TLSX_KeyShare_Empty(WOLFSSL* ssl);
2384WOLFSSL_LOCAL int TLSX_KeyShare_Establish(WOLFSSL* ssl);
2385WOLFSSL_LOCAL int TLSX_KeyShare_DeriveSecret(WOLFSSL* ssl);
2386
2387
2388#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
2389#ifndef WOLFSSL_TLS13_DRAFT_18
2390/* Ticket nonce - for deriving PSK.
2391 * Length allowed to be: 1..255. Only support 4 bytes.
2392 */
2393typedef struct TicketNonce {
2394 byte len;
2395 byte data[MAX_TICKET_NONCE_SZ];
2396} TicketNonce;
2397#endif
2398
2399/* The PreSharedKey extension information - entry in a linked list. */
2400typedef struct PreSharedKey {
2401 word16 identityLen; /* Length of identity */
2402 byte* identity; /* PSK identity */
2403 word32 ticketAge; /* Age of the ticket */
2404 byte cipherSuite0; /* Cipher Suite */
2405 byte cipherSuite; /* Cipher Suite */
2406 word32 binderLen; /* Length of HMAC */
2407 byte binder[WC_MAX_DIGEST_SIZE]; /* HMAC of hanshake */
2408 byte hmac; /* HMAC algorithm */
2409 byte resumption:1; /* Resumption PSK */
2410 byte chosen:1; /* Server's choice */
2411 struct PreSharedKey* next; /* List pointer */
2412} PreSharedKey;
2413
2414WOLFSSL_LOCAL word16 TLSX_PreSharedKey_WriteBinders(PreSharedKey* list,
2415 byte* output, byte msgType);
2416WOLFSSL_LOCAL word16 TLSX_PreSharedKey_GetSizeBinders(PreSharedKey* list,
2417 byte msgType);
2418WOLFSSL_LOCAL int TLSX_PreSharedKey_Use(WOLFSSL* ssl, byte* identity,
2419 word16 len, word32 age, byte hmac,
2420 byte cipherSuite0, byte cipherSuite,
2421 byte resumption,
2422 PreSharedKey **preSharedKey);
2423
2424/* The possible Pre-Shared Key key exchange modes. */
2425enum PskKeyExchangeMode {
2426 PSK_KE,
2427 PSK_DHE_KE
2428};
2429
2430/* User can define this. */
2431#ifndef WOLFSSL_DEF_PSK_CIPHER
2432#define WOLFSSL_DEF_PSK_CIPHER TLS_AES_128_GCM_SHA256
2433#endif
2434
2435WOLFSSL_LOCAL int TLSX_PskKeModes_Use(WOLFSSL* ssl, byte modes);
2436
2437#ifdef WOLFSSL_EARLY_DATA
2438WOLFSSL_LOCAL int TLSX_EarlyData_Use(WOLFSSL* ssl, word32 max);
2439#endif
2440#endif /* HAVE_SESSION_TICKET || !NO_PSK */
2441
2442
2443/* The types of keys to derive for. */
2444enum DeriveKeyType {
2445 no_key,
2446 early_data_key,
2447 handshake_key,
2448 traffic_key,
2449 update_traffic_key
2450};
2451
2452/* The key update request values for KeyUpdate message. */
2453enum KeyUpdateRequest {
2454 update_not_requested,
2455 update_requested
2456};
2457#endif /* WOLFSSL_TLS13 */
2458
2459
2460#ifdef OPENSSL_EXTRA
2461enum SetCBIO {
2462 WOLFSSL_CBIO_NONE = 0,
2463 WOLFSSL_CBIO_RECV = 0x1,
2464 WOLFSSL_CBIO_SEND = 0x2,
2465};
2466#endif
2467
2468/* wolfSSL context type */
2469struct WOLFSSL_CTX {
2470 WOLFSSL_METHOD* method;
2471#ifdef SINGLE_THREADED
2472 WC_RNG* rng; /* to be shared with WOLFSSL w/o locking */
2473#endif
2474 wolfSSL_Mutex countMutex; /* reference count mutex */
2475 int refCount; /* reference count */
2476 int err; /* error code in case of mutex not created */
2477#ifndef NO_DH
2478 buffer serverDH_P;
2479 buffer serverDH_G;
2480#endif
2481#ifndef NO_CERTS
2482 DerBuffer* certificate;
2483 DerBuffer* certChain;
2484 /* chain after self, in DER, with leading size for each cert */
2485 #ifdef OPENSSL_EXTRA
2486 WOLF_STACK_OF(WOLFSSL_X509_NAME)* ca_names;
2487 #endif
2488 #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || \
2489 defined(WOLFSSL_NGINX) || defined (WOLFSSL_HAPROXY)
2490 WOLF_STACK_OF(WOLFSSL_X509)* x509Chain;
2491 #endif
2492#ifdef WOLFSSL_TLS13
2493 int certChainCnt;
2494#endif
2495 DerBuffer* privateKey;
2496 byte privateKeyType;
2497 int privateKeySz;
2498 WOLFSSL_CERT_MANAGER* cm; /* our cert manager, ctx owns SSL will use */
2499#endif
2500#ifdef KEEP_OUR_CERT
2501 WOLFSSL_X509* ourCert; /* keep alive a X509 struct of cert */
2502 int ownOurCert; /* Dispose of certificate if we own */
2503#endif
2504 Suites* suites; /* make dynamic, user may not need/set */
2505 void* heap; /* for user memory overrides */
2506 byte verifyDepth;
2507 byte verifyPeer:1;
2508 byte verifyNone:1;
2509 byte failNoCert:1;
2510 byte failNoCertxPSK:1; /* fail if no cert with the exception of PSK*/
2511 byte sessionCacheOff:1;
2512 byte sessionCacheFlushOff:1;
2513#ifdef HAVE_EXT_CACHE
2514 byte internalCacheOff:1;
2515#endif
2516 byte sendVerify:2; /* for client side (can not be single bit) */
2517 byte haveRSA:1; /* RSA available */
2518 byte haveECC:1; /* ECC available */
2519 byte haveDH:1; /* server DH parms set by user */
2520 byte haveNTRU:1; /* server private NTRU key loaded */
2521 byte haveECDSAsig:1; /* server cert signed w/ ECDSA */
2522 byte haveStaticECC:1; /* static server ECC private key */
2523 byte partialWrite:1; /* only one msg per write call */
2524 byte quietShutdown:1; /* don't send close notify */
2525 byte groupMessages:1; /* group handshake messages before sending */
2526 byte minDowngrade; /* minimum downgrade version */
2527 byte haveEMS:1; /* have extended master secret extension */
2528 byte useClientOrder:1; /* Use client's cipher preference order */
2529#ifdef WOLFSSL_TLS13
2530 byte noTicketTls13:1; /* Server won't create new Ticket */
2531 byte noPskDheKe:1; /* Don't use (EC)DHE with PSK */
2532#endif
2533#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
2534 byte postHandshakeAuth:1; /* Post-handshake auth supported. */
2535#endif
2536#ifndef NO_DH
2537 #if !defined(WOLFSSL_OLD_PRIME_CHECK) && !defined(HAVE_FIPS) && \
2538 !defined(HAVE_SELFTEST)
2539 byte dhKeyTested:1; /* Set when key has been tested. */
2540 #endif
2541#endif
2542#ifdef WOLFSSL_MULTICAST
2543 byte haveMcast; /* multicast requested */
2544 byte mcastID; /* multicast group ID */
2545#endif
2546#if defined(WOLFSSL_SCTP) && defined(WOLFSSL_DTLS)
2547 byte dtlsSctp; /* DTLS-over-SCTP mode */
2548 word16 dtlsMtuSz; /* DTLS MTU size */
2549#endif
2550#ifndef NO_DH
2551 word16 minDhKeySz; /* minimum DH key size */
2552 word16 maxDhKeySz; /* maximum DH key size */
2553#endif
2554#ifndef NO_RSA
2555 short minRsaKeySz; /* minimum RSA key size */
2556#endif
2557#if defined(HAVE_ECC) || defined(HAVE_ED25519)
2558 short minEccKeySz; /* minimum ECC key size */
2559#endif
2560#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
2561 unsigned long mask; /* store SSL_OP_ flags */
2562#endif
2563#ifdef OPENSSL_EXTRA
2564 byte sessionCtx[ID_LEN]; /* app session context ID */
2565 word32 disabledCurves; /* curves disabled by user */
2566 const unsigned char *alpn_cli_protos;/* ALPN client protocol list */
2567 unsigned int alpn_cli_protos_len;
2568 byte sessionCtxSz;
2569 byte cbioFlag; /* WOLFSSL_CBIO_RECV/SEND: CBIORecv/Send is set */
2570 CallbackInfoState* CBIS; /* used to get info about SSL state */
2571#endif
2572 CallbackIORecv CBIORecv;
2573 CallbackIOSend CBIOSend;
2574#ifdef WOLFSSL_DTLS
2575 CallbackGenCookie CBIOCookie; /* gen cookie callback */
2576#ifdef WOLFSSL_SESSION_EXPORT
2577 wc_dtls_export dtls_export; /* export function for DTLS session */
2578 CallbackGetPeer CBGetPeer;
2579 CallbackSetPeer CBSetPeer;
2580#endif
2581#endif /* WOLFSSL_DTLS */
2582 VerifyCallback verifyCallback; /* cert verification callback */
2583 word32 timeout; /* session timeout */
2584#if defined(HAVE_ECC) || defined(HAVE_CURVE25519)
2585 word32 ecdhCurveOID; /* curve Ecc_Sum */
2586#endif
2587#ifdef HAVE_ECC
2588 word16 eccTempKeySz; /* in octets 20 - 66 */
2589#endif
2590#if defined(HAVE_ECC) || defined(HAVE_ED25519)
2591 word32 pkCurveOID; /* curve Ecc_Sum */
2592#endif
2593#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
2594 byte havePSK; /* psk key set by user */
2595 wc_psk_client_callback client_psk_cb; /* client callback */
2596 wc_psk_server_callback server_psk_cb; /* server callback */
2597#ifdef WOLFSSL_TLS13
2598 wc_psk_client_tls13_callback client_psk_tls13_cb; /* client callback */
2599 wc_psk_server_tls13_callback server_psk_tls13_cb; /* server callback */
2600#endif
2601 char server_hint[MAX_PSK_ID_LEN + NULL_TERM_LEN];
2602#endif /* HAVE_SESSION_TICKET || !NO_PSK */
2603#ifdef WOLFSSL_TLS13
2604 word16 group[WOLFSSL_MAX_GROUP_COUNT];
2605 byte numGroups;
2606#endif
2607#ifdef WOLFSSL_EARLY_DATA
2608 word32 maxEarlyDataSz;
2609#endif
2610#ifdef HAVE_ANON
2611 byte haveAnon; /* User wants to allow Anon suites */
2612#endif /* HAVE_ANON */
2613#ifdef WOLFSSL_ENCRYPTED_KEYS
2614 pem_password_cb* passwd_cb;
2615 void* passwd_userdata;
2616#endif
2617#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
2618 WOLFSSL_X509_STORE x509_store; /* points to ctx->cm */
2619 WOLFSSL_X509_STORE* x509_store_pt; /* take ownership of external store */
2620 byte readAhead;
2621 void* userPRFArg; /* passed to prf callback */
2622#endif
2623#ifdef HAVE_EX_DATA
2624 void* ex_data[MAX_EX_DATA];
2625#endif
2626#if defined(HAVE_ALPN) && (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY))
2627 CallbackALPNSelect alpnSelect;
2628 void* alpnSelectArg;
2629#endif
2630#if defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && (defined(HAVE_STUNNEL) || \
2631 defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY) || \
2632 defined(WOLFSSL_HAPROXY)))
2633 CallbackSniRecv sniRecvCb;
2634 void* sniRecvCbArg;
2635#endif
2636#if defined(WOLFSSL_MULTICAST) && defined(WOLFSSL_DTLS)
2637 CallbackMcastHighwater mcastHwCb; /* Sequence number highwater callback */
2638 word32 mcastFirstSeq; /* first trigger level */
2639 word32 mcastSecondSeq; /* second tigger level */
2640 word32 mcastMaxSeq; /* max level */
2641#endif
2642#ifdef HAVE_OCSP
2643 WOLFSSL_OCSP ocsp;
2644#endif
2645 int devId; /* async device id to use */
2646#ifdef HAVE_TLS_EXTENSIONS
2647 TLSX* extensions; /* RFC 6066 TLS Extensions data */
2648 #ifndef NO_WOLFSSL_SERVER
2649 #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
2650 || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
2651 OcspRequest* certOcspRequest;
2652 #endif
2653 #if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
2654 OcspRequest* chainOcspRequest[MAX_CHAIN_DEPTH];
2655 #endif
2656 #endif
2657 #if defined(HAVE_SESSION_TICKET) && !defined(NO_WOLFSSL_SERVER)
2658 SessionTicketEncCb ticketEncCb; /* enc/dec session ticket Cb */
2659 void* ticketEncCtx; /* session encrypt context */
2660 int ticketHint; /* ticket hint in seconds */
2661 #endif
2662 #ifdef HAVE_SUPPORTED_CURVES
2663 byte userCurves; /* indicates user called wolfSSL_CTX_UseSupportedCurve */
2664 #endif
2665#endif
2666#ifdef ATOMIC_USER
2667 CallbackMacEncrypt MacEncryptCb; /* Atomic User Mac/Encrypt Cb */
2668 CallbackDecryptVerify DecryptVerifyCb; /* Atomic User Decrypt/Verify Cb */
2669#endif
2670#ifdef HAVE_PK_CALLBACKS
2671 #ifdef HAVE_ECC
2672 CallbackEccKeyGen EccKeyGenCb; /* User EccKeyGen Callback Handler */
2673 CallbackEccSign EccSignCb; /* User EccSign Callback handler */
2674 CallbackEccVerify EccVerifyCb; /* User EccVerify Callback handler */
2675 CallbackEccSharedSecret EccSharedSecretCb; /* User EccVerify Callback handler */
2676 #ifdef HAVE_ED25519
2677 /* User Ed25519Sign Callback handler */
2678 CallbackEd25519Sign Ed25519SignCb;
2679 /* User Ed25519Verify Callback handler */
2680 CallbackEd25519Verify Ed25519VerifyCb;
2681 #endif
2682 #ifdef HAVE_CURVE25519
2683 /* User X25519 KeyGen Callback Handler */
2684 CallbackX25519KeyGen X25519KeyGenCb;
2685 /* User X25519 SharedSecret Callback handler */
2686 CallbackX25519SharedSecret X25519SharedSecretCb;
2687 #endif
2688 #endif /* HAVE_ECC */
2689 #ifndef NO_DH
2690 CallbackDhAgree DhAgreeCb; /* User DH Agree Callback handler */
2691 #endif
2692 #ifndef NO_RSA
2693 CallbackRsaSign RsaSignCb; /* User RsaSign Callback handler (priv key) */
2694 CallbackRsaVerify RsaVerifyCb; /* User RsaVerify Callback handler (pub key) */
2695 CallbackRsaVerify RsaSignCheckCb; /* User VerifyRsaSign Callback handler (priv key) */
2696 #ifdef WC_RSA_PSS
2697 CallbackRsaPssSign RsaPssSignCb; /* User RsaSign (priv key) */
2698 CallbackRsaPssVerify RsaPssVerifyCb; /* User RsaVerify (pub key) */
2699 CallbackRsaPssVerify RsaPssSignCheckCb; /* User VerifyRsaSign (priv key) */
2700 #endif
2701 CallbackRsaEnc RsaEncCb; /* User Rsa Public Encrypt handler */
2702 CallbackRsaDec RsaDecCb; /* User Rsa Private Decrypt handler */
2703 #endif /* NO_RSA */
2704#endif /* HAVE_PK_CALLBACKS */
2705#ifdef HAVE_WOLF_EVENT
2706 WOLF_EVENT_QUEUE event_queue;
2707#endif /* HAVE_WOLF_EVENT */
2708#ifdef HAVE_EXT_CACHE
2709 WOLFSSL_SESSION*(*get_sess_cb)(WOLFSSL*, unsigned char*, int, int*);
2710 int (*new_sess_cb)(WOLFSSL*, WOLFSSL_SESSION*);
2711 void (*rem_sess_cb)(WOLFSSL_CTX*, WOLFSSL_SESSION*);
2712#endif
2713#if defined(OPENSSL_EXTRA) && defined(WOLFCRYPT_HAVE_SRP) && !defined(NO_SHA256)
2714 Srp* srp; /* TLS Secure Remote Password Protocol*/
2715 byte* srp_password;
2716#endif
2717};
2718
2719WOLFSSL_LOCAL
2720WOLFSSL_CTX* wolfSSL_CTX_new_ex(WOLFSSL_METHOD* method, void* heap);
2721WOLFSSL_LOCAL
2722int InitSSL_Ctx(WOLFSSL_CTX*, WOLFSSL_METHOD*, void* heap);
2723WOLFSSL_LOCAL
2724void FreeSSL_Ctx(WOLFSSL_CTX*);
2725WOLFSSL_LOCAL
2726void SSL_CtxResourceFree(WOLFSSL_CTX*);
2727
2728WOLFSSL_LOCAL
2729int DeriveTlsKeys(WOLFSSL* ssl);
2730WOLFSSL_LOCAL
2731int ProcessOldClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
2732 word32 inSz, word16 sz);
2733
2734#ifndef NO_CERTS
2735 WOLFSSL_LOCAL
2736 int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify);
2737 WOLFSSL_LOCAL
2738 int AlreadySigner(WOLFSSL_CERT_MANAGER* cm, byte* hash);
2739#ifdef WOLFSSL_TRUST_PEER_CERT
2740 WOLFSSL_LOCAL
2741 int AddTrustedPeer(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int verify);
2742 WOLFSSL_LOCAL
2743 int AlreadyTrustedPeer(WOLFSSL_CERT_MANAGER* cm, byte* hash);
2744#endif
2745#endif
2746
2747/* All cipher suite related info
2748 * Keep as a constant size (no ifdefs) for session export */
2749typedef struct CipherSpecs {
2750 word16 key_size;
2751 word16 iv_size;
2752 word16 block_size;
2753 word16 aead_mac_size;
2754 byte bulk_cipher_algorithm;
2755 byte cipher_type; /* block, stream, or aead */
2756 byte mac_algorithm;
2757 byte kea; /* key exchange algo */
2758 byte sig_algo;
2759 byte hash_size;
2760 byte pad_size;
2761 byte static_ecdh;
2762} CipherSpecs;
2763
2764
2765void InitCipherSpecs(CipherSpecs* cs);
2766
2767
2768/* Supported Message Authentication Codes from page 43 */
2769enum MACAlgorithm {
2770 no_mac,
2771 md5_mac,
2772 sha_mac,
2773 sha224_mac,
2774 sha256_mac, /* needs to match external KDF_MacAlgorithm */
2775 sha384_mac,
2776 sha512_mac,
2777 rmd_mac,
2778 blake2b_mac
2779};
2780
2781
2782/* Supported Key Exchange Protocols */
2783enum KeyExchangeAlgorithm {
2784 no_kea,
2785 rsa_kea,
2786 diffie_hellman_kea,
2787 fortezza_kea,
2788 psk_kea,
2789 dhe_psk_kea,
2790 ecdhe_psk_kea,
2791 ntru_kea,
2792 ecc_diffie_hellman_kea,
2793 ecc_static_diffie_hellman_kea /* for verify suite only */
2794};
2795
2796
2797/* Supported Authentication Schemes */
2798enum SignatureAlgorithm {
2799 anonymous_sa_algo = 0,
2800 rsa_sa_algo = 1,
2801 dsa_sa_algo = 2,
2802 ecc_dsa_sa_algo = 3,
2803 rsa_pss_sa_algo = 8,
2804 ed25519_sa_algo = 9
2805};
2806
2807
2808/* Supprted ECC Curve Types */
2809enum EccCurves {
2810 named_curve = 3
2811};
2812
2813
2814/* Valid client certificate request types from page 27 */
2815enum ClientCertificateType {
2816 rsa_sign = 1,
2817 dss_sign = 2,
2818 rsa_fixed_dh = 3,
2819 dss_fixed_dh = 4,
2820 rsa_ephemeral_dh = 5,
2821 dss_ephemeral_dh = 6,
2822 fortezza_kea_cert = 20,
2823 ecdsa_sign = 64,
2824 rsa_fixed_ecdh = 65,
2825 ecdsa_fixed_ecdh = 66
2826};
2827
2828
2829#ifndef WOLFSSL_AEAD_ONLY
2830enum CipherType { stream, block, aead };
2831#else
2832enum CipherType { aead };
2833#endif
2834
2835
2836
2837
2838
2839
2840/* cipher for now */
2841typedef struct Ciphers {
2842#ifdef BUILD_ARC4
2843 Arc4* arc4;
2844#endif
2845#ifdef BUILD_DES3
2846 Des3* des3;
2847#endif
2848#if defined(BUILD_AES) || defined(BUILD_AESGCM)
2849 Aes* aes;
2850 #if defined(BUILD_AESGCM) || defined(HAVE_AESCCM) || defined(WOLFSSL_TLS13)
2851 byte* additional;
2852 byte* nonce;
2853 #endif
2854#endif
2855#ifdef HAVE_CAMELLIA
2856 Camellia* cam;
2857#endif
2858#ifdef HAVE_CHACHA
2859 ChaCha* chacha;
2860#endif
2861#ifdef HAVE_HC128
2862 HC128* hc128;
2863#endif
2864#ifdef BUILD_RABBIT
2865 Rabbit* rabbit;
2866#endif
2867#ifdef HAVE_IDEA
2868 Idea* idea;
2869#endif
2870 byte state;
2871 byte setup; /* have we set it up flag for detection */
2872} Ciphers;
2873
2874
2875#ifdef HAVE_ONE_TIME_AUTH
2876/* Ciphers for one time authentication such as poly1305 */
2877typedef struct OneTimeAuth {
2878#ifdef HAVE_POLY1305
2879 Poly1305* poly1305;
2880#endif
2881 byte setup; /* flag for if a cipher has been set */
2882
2883} OneTimeAuth;
2884#endif
2885
2886
2887WOLFSSL_LOCAL void InitCiphers(WOLFSSL* ssl);
2888WOLFSSL_LOCAL void FreeCiphers(WOLFSSL* ssl);
2889
2890
2891/* hashes type */
2892typedef struct Hashes {
2893 #if !defined(NO_MD5) && !defined(NO_OLD_TLS)
2894 byte md5[WC_MD5_DIGEST_SIZE];
2895 #endif
2896 #if !defined(NO_SHA)
2897 byte sha[WC_SHA_DIGEST_SIZE];
2898 #endif
2899 #ifndef NO_SHA256
2900 byte sha256[WC_SHA256_DIGEST_SIZE];
2901 #endif
2902 #ifdef WOLFSSL_SHA384
2903 byte sha384[WC_SHA384_DIGEST_SIZE];
2904 #endif
2905 #ifdef WOLFSSL_SHA512
2906 byte sha512[WC_SHA512_DIGEST_SIZE];
2907 #endif
2908} Hashes;
2909
2910WOLFSSL_LOCAL int BuildCertHashes(WOLFSSL* ssl, Hashes* hashes);
2911
2912#ifdef WOLFSSL_TLS13
2913typedef union Digest {
2914#ifndef NO_WOLFSSL_SHA256
2915 wc_Sha256 sha256;
2916#endif
2917#ifdef WOLFSSL_SHA384
2918 wc_Sha384 sha384;
2919#endif
2920#ifdef WOLFSSL_SHA512
2921 wc_Sha512 sha512;
2922#endif
2923} Digest;
2924#endif
2925
2926/* Static x509 buffer */
2927typedef struct x509_buffer {
2928 int length; /* actual size */
2929 byte buffer[MAX_X509_SIZE]; /* max static cert size */
2930} x509_buffer;
2931
2932
2933/* wolfSSL X509_CHAIN, for no dynamic memory SESSION_CACHE */
2934struct WOLFSSL_X509_CHAIN {
2935 int count; /* total number in chain */
2936 x509_buffer certs[MAX_CHAIN_DEPTH]; /* only allow max depth 4 for now */
2937};
2938
2939
2940/* wolfSSL session type */
2941struct WOLFSSL_SESSION {
2942 word32 bornOn; /* create time in seconds */
2943 word32 timeout; /* timeout in seconds */
2944 byte sessionID[ID_LEN]; /* id for protocol */
2945 byte sessionIDSz;
2946 byte masterSecret[SECRET_LEN]; /* stored secret */
2947 word16 haveEMS; /* ext master secret flag */
2948#ifdef SESSION_CERTS
2949 WOLFSSL_X509_CHAIN chain; /* peer cert chain, static */
2950 #ifdef WOLFSSL_ALT_CERT_CHAINS
2951 WOLFSSL_X509_CHAIN altChain; /* peer alt cert chain, static */
2952 #endif
2953#endif
2954#if defined(SESSION_CERTS) || (defined(WOLFSSL_TLS13) && \
2955 defined(HAVE_SESSION_TICKET))
2956 ProtocolVersion version; /* which version was used */
2957 byte cipherSuite0; /* first byte, normally 0 */
2958 byte cipherSuite; /* 2nd byte, actual suite */
2959#endif
2960#ifndef NO_CLIENT_CACHE
2961 word16 idLen; /* serverID length */
2962 byte serverID[SERVER_ID_LEN]; /* for easier client lookup */
2963#endif
2964#ifdef OPENSSL_EXTRA
2965 byte sessionCtxSz; /* sessionCtx length */
2966 byte sessionCtx[ID_LEN]; /* app specific context id */
2967#endif
2968#ifdef WOLFSSL_TLS13
2969 word16 namedGroup;
2970#endif
2971#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
2972 #ifdef WOLFSSL_TLS13
2973 word32 ticketSeen; /* Time ticket seen (ms) */
2974 word32 ticketAdd; /* Added by client */
2975 #ifndef WOLFSSL_TLS13_DRAFT_18
2976 TicketNonce ticketNonce; /* Nonce used to derive PSK */
2977 #endif
2978 #endif
2979 #ifdef WOLFSSL_EARLY_DATA
2980 word32 maxEarlyDataSz;
2981 #endif
2982#endif
2983#ifdef HAVE_SESSION_TICKET
2984 byte* ticket;
2985 word16 ticketLen;
2986 byte staticTicket[SESSION_TICKET_LEN];
2987 byte isDynamic;
2988#endif
2989#ifdef HAVE_EXT_CACHE
2990 byte isAlloced;
2991#endif
2992#ifdef HAVE_EX_DATA
2993 void* ex_data[MAX_EX_DATA];
2994#endif
2995};
2996
2997
2998WOLFSSL_LOCAL
2999WOLFSSL_SESSION* GetSession(WOLFSSL*, byte*, byte);
3000WOLFSSL_LOCAL
3001int SetSession(WOLFSSL*, WOLFSSL_SESSION*);
3002
3003typedef int (*hmacfp) (WOLFSSL*, byte*, const byte*, word32, int, int, int);
3004
3005#ifndef NO_CLIENT_CACHE
3006 WOLFSSL_SESSION* GetSessionClient(WOLFSSL*, const byte*, int);
3007#endif
3008
3009/* client connect state for nonblocking restart */
3010enum ConnectState {
3011 CONNECT_BEGIN = 0,
3012 CLIENT_HELLO_SENT,
3013 HELLO_AGAIN, /* HELLO_AGAIN s for DTLS case */
3014 HELLO_AGAIN_REPLY,
3015 FIRST_REPLY_DONE,
3016 FIRST_REPLY_FIRST,
3017 FIRST_REPLY_SECOND,
3018 FIRST_REPLY_THIRD,
3019 FIRST_REPLY_FOURTH,
3020 FINISHED_DONE,
3021 SECOND_REPLY_DONE
3022};
3023
3024
3025/* server accept state for nonblocking restart */
3026enum AcceptState {
3027 ACCEPT_BEGIN = 0,
3028 ACCEPT_CLIENT_HELLO_DONE,
3029 ACCEPT_HELLO_RETRY_REQUEST_DONE,
3030 ACCEPT_FIRST_REPLY_DONE,
3031 SERVER_HELLO_SENT,
3032 SERVER_EXTENSIONS_SENT,
3033 CERT_SENT,
3034 CERT_VERIFY_SENT,
3035 CERT_STATUS_SENT,
3036 KEY_EXCHANGE_SENT,
3037 CERT_REQ_SENT,
3038 SERVER_HELLO_DONE,
3039 ACCEPT_SECOND_REPLY_DONE,
3040 TICKET_SENT,
3041 CHANGE_CIPHER_SENT,
3042 ACCEPT_FINISHED_DONE,
3043 ACCEPT_THIRD_REPLY_DONE
3044};
3045
3046/* TLS 1.3 server accept state for nonblocking restart */
3047enum AcceptStateTls13 {
3048 TLS13_ACCEPT_BEGIN = 0,
3049 TLS13_ACCEPT_CLIENT_HELLO_DONE,
3050 TLS13_ACCEPT_HELLO_RETRY_REQUEST_DONE,
3051 TLS13_ACCEPT_FIRST_REPLY_DONE,
3052 TLS13_ACCEPT_SECOND_REPLY_DONE,
3053 TLS13_SERVER_HELLO_SENT,
3054 TLS13_ACCEPT_THIRD_REPLY_DONE,
3055 TLS13_SERVER_EXTENSIONS_SENT,
3056 TLS13_CERT_REQ_SENT,
3057 TLS13_CERT_SENT,
3058 TLS13_CERT_VERIFY_SENT,
3059 TLS13_ACCEPT_FINISHED_SENT,
3060 TLS13_PRE_TICKET_SENT,
3061 TLS13_ACCEPT_FINISHED_DONE,
3062 TLS13_TICKET_SENT
3063};
3064
3065/* buffers for struct WOLFSSL */
3066typedef struct Buffers {
3067 bufferStatic inputBuffer;
3068 bufferStatic outputBuffer;
3069 buffer domainName; /* for client check */
3070 buffer clearOutputBuffer;
3071 buffer sig; /* signature data */
3072 buffer digest; /* digest data */
3073 int prevSent; /* previous plain text bytes sent
3074 when got WANT_WRITE */
3075 int plainSz; /* plain text bytes in buffer to send
3076 when got WANT_WRITE */
3077 byte weOwnCert; /* SSL own cert flag */
3078 byte weOwnCertChain; /* SSL own cert chain flag */
3079 byte weOwnKey; /* SSL own key flag */
3080 byte weOwnDH; /* SSL own dh (p,g) flag */
3081#ifndef NO_DH
3082 buffer serverDH_P; /* WOLFSSL_CTX owns, unless we own */
3083 buffer serverDH_G; /* WOLFSSL_CTX owns, unless we own */
3084 buffer serverDH_Pub;
3085 buffer serverDH_Priv;
3086 DhKey* serverDH_Key;
3087#endif
3088#ifndef NO_CERTS
3089 DerBuffer* certificate; /* WOLFSSL_CTX owns, unless we own */
3090 DerBuffer* key; /* WOLFSSL_CTX owns, unless we own */
3091 byte keyType; /* Type of key: RSA, ECC, Ed25519 */
3092 int keySz; /* Size of RSA key */
3093 DerBuffer* certChain; /* WOLFSSL_CTX owns, unless we own */
3094 /* chain after self, in DER, with leading size for each cert */
3095#ifdef WOLFSSL_TLS13
3096 int certChainCnt;
3097 DerBuffer* certExts;
3098#endif
3099#endif
3100#ifdef WOLFSSL_SEND_HRR_COOKIE
3101 buffer tls13CookieSecret; /* HRR cookie secret */
3102#endif
3103#ifdef WOLFSSL_DTLS
3104 WOLFSSL_DTLS_CTX dtlsCtx; /* DTLS connection context */
3105 #ifndef NO_WOLFSSL_SERVER
3106 buffer dtlsCookieSecret; /* DTLS cookie secret */
3107 #endif /* NO_WOLFSSL_SERVER */
3108#endif
3109#ifdef HAVE_PK_CALLBACKS
3110 #ifdef HAVE_ECC
3111 buffer peerEccDsaKey; /* we own for Ecc Verify Callbacks */
3112 #endif /* HAVE_ECC */
3113 #ifdef HAVE_ED25519
3114 buffer peerEd25519Key; /* for Ed25519 Verify Callbacks */
3115 #endif /* HAVE_ED25519 */
3116 #ifndef NO_RSA
3117 buffer peerRsaKey; /* we own for Rsa Verify Callbacks */
3118 #endif /* NO_RSA */
3119#endif /* HAVE_PK_CALLBACKS */
3120} Buffers;
3121
3122/* sub-states for send/do key share (key exchange) */
3123enum asyncState {
3124 TLS_ASYNC_BEGIN = 0,
3125 TLS_ASYNC_BUILD,
3126 TLS_ASYNC_DO,
3127 TLS_ASYNC_VERIFY,
3128 TLS_ASYNC_FINALIZE,
3129 TLS_ASYNC_END
3130};
3131
3132/* sub-states for build message */
3133enum buildMsgState {
3134 BUILD_MSG_BEGIN = 0,
3135 BUILD_MSG_SIZE,
3136 BUILD_MSG_HASH,
3137 BUILD_MSG_VERIFY_MAC,
3138 BUILD_MSG_ENCRYPT,
3139};
3140
3141/* sub-states for cipher operations */
3142enum cipherState {
3143 CIPHER_STATE_BEGIN = 0,
3144 CIPHER_STATE_DO,
3145 CIPHER_STATE_END,
3146};
3147
3148typedef struct Options {
3149#ifndef NO_PSK
3150 wc_psk_client_callback client_psk_cb;
3151 wc_psk_server_callback server_psk_cb;
3152#ifdef WOLFSSL_TLS13
3153 wc_psk_client_tls13_callback client_psk_tls13_cb; /* client callback */
3154 wc_psk_server_tls13_callback server_psk_tls13_cb; /* server callback */
3155#endif
3156#endif /* NO_PSK */
3157#ifdef OPENSSL_EXTRA
3158 unsigned long mask; /* store SSL_OP_ flags */
3159#endif
3160
3161 /* on/off or small bit flags, optimize layout */
3162#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
3163 word16 havePSK:1; /* psk key set by user */
3164#endif /* HAVE_SESSION_TICKET || !NO_PSK */
3165 word16 sendVerify:2; /* false = 0, true = 1, sendBlank = 2 */
3166 word16 sessionCacheOff:1;
3167 word16 sessionCacheFlushOff:1;
3168#ifdef HAVE_EXT_CACHE
3169 word16 internalCacheOff:1;
3170#endif
3171 word16 side:2; /* client, server or neither end */
3172 word16 verifyPeer:1;
3173 word16 verifyNone:1;
3174 word16 failNoCert:1;
3175 word16 failNoCertxPSK:1; /* fail for no cert except with PSK */
3176 word16 downgrade:1; /* allow downgrade of versions */
3177 word16 resuming:1;
3178 word16 haveSessionId:1; /* server may not send */
3179 word16 tls:1; /* using TLS ? */
3180 word16 tls1_1:1; /* using TLSv1.1+ ? */
3181 word16 tls1_3:1; /* using TLSv1.3+ ? */
3182 word16 dtls:1; /* using datagrams ? */
3183 word16 connReset:1; /* has the peer reset */
3184 word16 isClosed:1; /* if we consider conn closed */
3185 word16 closeNotify:1; /* we've received a close notify */
3186 word16 sentNotify:1; /* we've sent a close notify */
3187 word16 usingCompression:1; /* are we using compression */
3188 word16 haveRSA:1; /* RSA available */
3189 word16 haveECC:1; /* ECC available */
3190 word16 haveDH:1; /* server DH parms set by user */
3191 word16 haveNTRU:1; /* server NTRU private key loaded */
3192 word16 haveQSH:1; /* have QSH ability */
3193 word16 haveECDSAsig:1; /* server ECDSA signed cert */
3194 word16 haveStaticECC:1; /* static server ECC private key */
3195 word16 havePeerCert:1; /* do we have peer's cert */
3196 word16 havePeerVerify:1; /* and peer's cert verify */
3197 word16 usingPSK_cipher:1; /* are using psk as cipher */
3198 word16 usingAnon_cipher:1; /* are we using an anon cipher */
3199 word16 noPskDheKe:1; /* Don't use (EC)DHE with PSK */
3200 word16 sendAlertState:1; /* nonblocking resume */
3201 word16 partialWrite:1; /* only one msg per write call */
3202 word16 quietShutdown:1; /* don't send close notify */
3203 word16 certOnly:1; /* stop once we get cert */
3204 word16 groupMessages:1; /* group handshake messages */
3205 word16 saveArrays:1; /* save array Memory for user get keys
3206 or psk */
3207 word16 weOwnRng:1; /* will be true unless CTX owns */
3208 word16 haveEMS:1; /* using extended master secret */
3209#ifdef HAVE_POLY1305
3210 word16 oldPoly:1; /* set when to use old rfc way of poly*/
3211#endif
3212#ifdef HAVE_ANON
3213 word16 haveAnon:1; /* User wants to allow Anon suites */
3214#endif
3215#ifdef HAVE_SESSION_TICKET
3216 word16 createTicket:1; /* Server to create new Ticket */
3217 word16 useTicket:1; /* Use Ticket not session cache */
3218 word16 rejectTicket:1; /* Callback rejected ticket */
3219#ifdef WOLFSSL_TLS13
3220 word16 noTicketTls13:1; /* Server won't create new Ticket */
3221#endif
3222#endif
3223#ifdef WOLFSSL_DTLS
3224 word16 dtlsUseNonblock:1; /* are we using nonblocking socket */
3225 word16 dtlsHsRetain:1; /* DTLS retaining HS data */
3226 word16 haveMcast:1; /* using multicast ? */
3227#ifdef WOLFSSL_SCTP
3228 word16 dtlsSctp:1; /* DTLS-over-SCTP mode */
3229#endif
3230#endif
3231#if defined(HAVE_TLS_EXTENSIONS) && defined(HAVE_SUPPORTED_CURVES)
3232 word16 userCurves:1; /* indicates user called wolfSSL_UseSupportedCurve */
3233#endif
3234 word16 keepResources:1; /* Keep resources after handshake */
3235 word16 useClientOrder:1; /* Use client's cipher order */
3236#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
3237 word16 postHandshakeAuth:1;/* Client send post_handshake_auth
3238 * extendion. */
3239#endif
3240#if defined(WOLFSSL_TLS13) && !defined(NO_WOLFSSL_SERVER)
3241 word16 sendCookie:1; /* Server creates a Cookie in HRR */
3242#endif
3243#ifdef WOLFSSL_ALT_CERT_CHAINS
3244 word16 usingAltCertChain:1;/* Alternate cert chain was used */
3245#endif
3246#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TLS13_MIDDLEBOX_COMPAT)
3247 word16 sentChangeCipher:1; /* Change Cipher Spec sent */
3248#endif
3249#if !defined(WOLFSSL_NO_CLIENT_AUTH) && defined(HAVE_ED25519) && \
3250 !defined(NO_ED25519_CLIENT_AUTH)
3251 word16 cacheMessages:1; /* Cache messages for sign/verify */
3252#endif
3253#ifndef NO_DH
3254 #if !defined(WOLFSSL_OLD_PRIME_CHECK) && \
3255 !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
3256 word16 dhDoKeyTest:1; /* Need to do the DH Key prime test */
3257 word16 dhKeyTested:1; /* Set when key has been tested. */
3258 #endif
3259#endif
3260 /* need full byte values for this section */
3261 byte processReply; /* nonblocking resume */
3262 byte cipherSuite0; /* first byte, normally 0 */
3263 byte cipherSuite; /* second byte, actual suite */
3264 byte serverState;
3265 byte clientState;
3266 byte handShakeState;
3267 byte handShakeDone; /* at least one handshake complete */
3268 byte minDowngrade; /* minimum downgrade version */
3269 byte connectState; /* nonblocking resume */
3270 byte acceptState; /* nonblocking resume */
3271 byte asyncState; /* sub-state for enum asyncState */
3272 byte buildMsgState; /* sub-state for enum buildMsgState */
3273 byte alertCount; /* detect warning dos attempt */
3274#ifdef WOLFSSL_MULTICAST
3275 word16 mcastID; /* Multicast group ID */
3276#endif
3277#ifndef NO_DH
3278 word16 minDhKeySz; /* minimum DH key size */
3279 word16 maxDhKeySz; /* minimum DH key size */
3280 word16 dhKeySz; /* actual DH key size */
3281#endif
3282#ifndef NO_RSA
3283 short minRsaKeySz; /* minimum RSA key size */
3284#endif
3285#if defined(HAVE_ECC) || defined(HAVE_ED25519)
3286 short minEccKeySz; /* minimum ECC key size */
3287#endif
3288#ifdef OPENSSL_EXTRA
3289 byte verifyDepth; /* maximum verification depth */
3290#endif
3291#ifdef WOLFSSL_EARLY_DATA
3292 word16 pskIdIndex;
3293 word32 maxEarlyDataSz;
3294#endif
3295#ifdef WOLFSSL_TLS13
3296 byte oldMinor; /* client preferred version < TLS 1.3 */
3297#endif
3298} Options;
3299
3300typedef struct Arrays {
3301 byte* pendingMsg; /* defrag buffer */
3302 byte* preMasterSecret;
3303 word32 preMasterSz; /* differs for DH, actual size */
3304 word32 pendingMsgSz; /* defrag buffer size */
3305 word32 pendingMsgOffset; /* current offset into defrag buffer */
3306#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
3307 word32 psk_keySz; /* actual size */
3308 char client_identity[MAX_PSK_ID_LEN + NULL_TERM_LEN];
3309 char server_hint[MAX_PSK_ID_LEN + NULL_TERM_LEN];
3310 byte psk_key[MAX_PSK_KEY_LEN];
3311#endif
3312 byte clientRandom[RAN_LEN];
3313 byte serverRandom[RAN_LEN];
3314 byte sessionID[ID_LEN];
3315 byte sessionIDSz;
3316#ifdef WOLFSSL_TLS13
3317 byte secret[SECRET_LEN];
3318#endif
3319 byte masterSecret[SECRET_LEN];
3320#ifdef WOLFSSL_DTLS
3321 byte cookie[MAX_COOKIE_LEN];
3322 byte cookieSz;
3323#endif
3324 byte pendingMsgType; /* defrag buffer message type */
3325} Arrays;
3326
3327#ifndef ASN_NAME_MAX
3328#define ASN_NAME_MAX 256
3329#endif
3330
3331#ifndef MAX_DATE_SZ
3332#define MAX_DATE_SZ 32
3333#endif
3334
3335struct WOLFSSL_STACK {
3336 unsigned long num; /* number of nodes in stack
3337 * (saftey measure for freeing and shortcut for count) */
3338 union {
3339 WOLFSSL_X509* x509;
3340 WOLFSSL_X509_NAME* name;
3341 WOLFSSL_BIO* bio;
3342 WOLFSSL_ASN1_OBJECT* obj;
3343 char* string;
3344 } data;
3345 WOLFSSL_STACK* next;
3346};
3347
3348
3349struct WOLFSSL_X509_NAME {
3350 char *name;
3351 int dynamicName;
3352 int sz;
3353 char staticName[ASN_NAME_MAX];
3354#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
3355 !defined(NO_ASN)
3356 DecodedName fullName;
3357 WOLFSSL_X509_NAME_ENTRY cnEntry;
3358 WOLFSSL_X509_NAME_ENTRY extra[MAX_NAME_ENTRIES]; /* extra entries added */
3359 WOLFSSL_X509* x509; /* x509 that struct belongs to */
3360#endif /* OPENSSL_EXTRA */
3361#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX)
3362 byte raw[ASN_NAME_MAX];
3363 int rawLen;
3364#endif
3365};
3366
3367#ifndef EXTERNAL_SERIAL_SIZE
3368 #define EXTERNAL_SERIAL_SIZE 32
3369#endif
3370
3371#ifdef NO_ASN
3372 typedef struct DNS_entry DNS_entry;
3373#endif
3374
3375struct WOLFSSL_X509 {
3376 int version;
3377 int serialSz;
3378#ifdef WOLFSSL_SEP
3379 int deviceTypeSz;
3380 int hwTypeSz;
3381 byte deviceType[EXTERNAL_SERIAL_SIZE];
3382 byte hwType[EXTERNAL_SERIAL_SIZE];
3383 int hwSerialNumSz;
3384 byte hwSerialNum[EXTERNAL_SERIAL_SIZE];
3385 #if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
3386 byte certPolicySet;
3387 byte certPolicyCrit;
3388 #endif /* OPENSSL_EXTRA */
3389#endif
3390 int notBeforeSz;
3391 int notAfterSz;
3392 byte notBefore[MAX_DATE_SZ];
3393 byte notAfter[MAX_DATE_SZ];
3394 buffer sig;
3395 int sigOID;
3396 DNS_entry* altNames; /* alt names list */
3397 buffer pubKey;
3398 int pubKeyOID;
3399 DNS_entry* altNamesNext; /* hint for retrieval */
3400 #if defined(HAVE_ECC) || defined(HAVE_ED25519)
3401 word32 pkCurveOID;
3402 #endif /* HAVE_ECC */
3403 #ifndef NO_CERTS
3404 DerBuffer* derCert; /* may need */
3405 #endif
3406 void* heap; /* heap hint */
3407 byte dynamicMemory; /* dynamic memory flag */
3408 byte isCa:1;
3409#ifdef WOLFSSL_CERT_EXT
3410 char certPolicies[MAX_CERTPOL_NB][MAX_CERTPOL_SZ];
3411 int certPoliciesNb;
3412#endif /* WOLFSSL_CERT_EXT */
3413#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
3414#ifdef HAVE_EX_DATA
3415 void* ex_data[MAX_EX_DATA];
3416#endif
3417 byte* authKeyId;
3418 byte* subjKeyId;
3419 byte* extKeyUsageSrc;
3420 const byte* CRLInfo;
3421 byte* authInfo;
3422 word32 pathLength;
3423 word16 keyUsage;
3424 int CRLInfoSz;
3425 int authInfoSz;
3426 word32 authKeyIdSz;
3427 word32 subjKeyIdSz;
3428 word32 extKeyUsageSz;
3429 word32 extKeyUsageCount;
3430
3431 byte CRLdistSet:1;
3432 byte CRLdistCrit:1;
3433 byte authInfoSet:1;
3434 byte authInfoCrit:1;
3435 byte keyUsageSet:1;
3436 byte keyUsageCrit:1;
3437 byte extKeyUsageCrit:1;
3438 byte subjKeyIdSet:1;
3439
3440 byte subjKeyIdCrit:1;
3441 byte basicConstSet:1;
3442 byte basicConstCrit:1;
3443 byte basicConstPlSet:1;
3444 byte subjAltNameSet:1;
3445 byte subjAltNameCrit:1;
3446 byte authKeyIdSet:1;
3447 byte authKeyIdCrit:1;
3448#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
3449 byte serial[EXTERNAL_SERIAL_SIZE];
3450 char subjectCN[ASN_NAME_MAX]; /* common name short cut */
3451#ifdef WOLFSSL_CERT_REQ
3452 char challengePw[CTC_NAME_SIZE]; /* for REQ certs */
3453#endif
3454 WOLFSSL_X509_NAME issuer;
3455 WOLFSSL_X509_NAME subject;
3456};
3457
3458
3459/* record layer header for PlainText, Compressed, and CipherText */
3460typedef struct RecordLayerHeader {
3461 byte type;
3462 byte pvMajor;
3463 byte pvMinor;
3464 byte length[2];
3465} RecordLayerHeader;
3466
3467
3468/* record layer header for DTLS PlainText, Compressed, and CipherText */
3469typedef struct DtlsRecordLayerHeader {
3470 byte type;
3471 byte pvMajor;
3472 byte pvMinor;
3473 byte sequence_number[8]; /* per record */
3474 byte length[2];
3475} DtlsRecordLayerHeader;
3476
3477
3478typedef struct DtlsFrag {
3479 word32 begin;
3480 word32 end;
3481 struct DtlsFrag* next;
3482} DtlsFrag;
3483
3484
3485typedef struct DtlsMsg {
3486 struct DtlsMsg* next;
3487 byte* buf;
3488 byte* msg;
3489 DtlsFrag* fragList;
3490 word32 fragSz; /* Length of fragments received */
3491 word32 seq; /* Handshake sequence number */
3492 word32 sz; /* Length of whole message */
3493 byte type;
3494} DtlsMsg;
3495
3496
3497#ifdef HAVE_NETX
3498
3499 /* NETX I/O Callback default */
3500 typedef struct NetX_Ctx {
3501 NX_TCP_SOCKET* nxSocket; /* send/recv socket handle */
3502 NX_PACKET* nxPacket; /* incoming packet handle for short reads */
3503 ULONG nxOffset; /* offset already read from nxPacket */
3504 ULONG nxWait; /* wait option flag */
3505 } NetX_Ctx;
3506
3507#endif
3508
3509/* Handshake messages received from peer (plus change cipher */
3510typedef struct MsgsReceived {
3511 word16 got_hello_request:1;
3512 word16 got_client_hello:2;
3513 word16 got_server_hello:2;
3514 word16 got_hello_verify_request:1;
3515 word16 got_session_ticket:1;
3516 word16 got_end_of_early_data:1;
3517 word16 got_hello_retry_request:1;
3518 word16 got_encrypted_extensions:1;
3519 word16 got_certificate:1;
3520 word16 got_certificate_status:1;
3521 word16 got_server_key_exchange:1;
3522 word16 got_certificate_request:1;
3523 word16 got_server_hello_done:1;
3524 word16 got_certificate_verify:1;
3525 word16 got_client_key_exchange:1;
3526 word16 got_finished:1;
3527 word16 got_key_update:1;
3528 word16 got_change_cipher:1;
3529} MsgsReceived;
3530
3531
3532/* Handshake hashes */
3533typedef struct HS_Hashes {
3534 Hashes verifyHashes;
3535 Hashes certHashes; /* for cert verify */
3536#ifndef NO_SHA
3537 wc_Sha hashSha; /* sha hash of handshake msgs */
3538#endif
3539#if !defined(NO_MD5) && !defined(NO_OLD_TLS)
3540 wc_Md5 hashMd5; /* md5 hash of handshake msgs */
3541#endif
3542#ifndef NO_SHA256
3543 wc_Sha256 hashSha256; /* sha256 hash of handshake msgs */
3544#endif
3545#ifdef WOLFSSL_SHA384
3546 wc_Sha384 hashSha384; /* sha384 hash of handshake msgs */
3547#endif
3548#ifdef WOLFSSL_SHA512
3549 wc_Sha512 hashSha512; /* sha512 hash of handshake msgs */
3550#endif
3551#if defined(HAVE_ED25519) && !defined(WOLFSSL_NO_CLIENT_AUTH)
3552 byte* messages; /* handshake messages */
3553 int length; /* length of handshake messages' data */
3554 int prevLen; /* length of messages but last */
3555#endif
3556} HS_Hashes;
3557
3558
3559#ifdef WOLFSSL_ASYNC_CRYPT
3560 #define MAX_ASYNC_ARGS 18
3561 typedef void (*FreeArgsCb)(struct WOLFSSL* ssl, void* pArgs);
3562
3563 struct WOLFSSL_ASYNC {
3564 WC_ASYNC_DEV* dev;
3565 FreeArgsCb freeArgs; /* function pointer to cleanup args */
3566 word32 args[MAX_ASYNC_ARGS]; /* holder for current args */
3567 };
3568#endif
3569
3570#ifdef HAVE_WRITE_DUP
3571
3572 #define WRITE_DUP_SIDE 1
3573 #define READ_DUP_SIDE 2
3574
3575 typedef struct WriteDup {
3576 wolfSSL_Mutex dupMutex; /* reference count mutex */
3577 int dupCount; /* reference count */
3578 int dupErr; /* under dupMutex, pass to other side */
3579 } WriteDup;
3580
3581 WOLFSSL_LOCAL void FreeWriteDup(WOLFSSL* ssl);
3582 WOLFSSL_LOCAL int NotifyWriteSide(WOLFSSL* ssl, int err);
3583#endif /* HAVE_WRITE_DUP */
3584
3585#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
3586typedef struct CertReqCtx CertReqCtx;
3587
3588struct CertReqCtx {
3589 CertReqCtx* next;
3590 byte len;
3591 byte ctx;
3592};
3593#endif
3594
3595#ifdef WOLFSSL_EARLY_DATA
3596typedef enum EarlyDataState {
3597 no_early_data,
3598 expecting_early_data,
3599 process_early_data,
3600 done_early_data
3601} EarlyDataState;
3602#endif
3603
3604/* wolfSSL ssl type */
3605struct WOLFSSL {
3606 WOLFSSL_CTX* ctx;
3607 Suites* suites; /* only need during handshake */
3608 Arrays* arrays;
3609#ifdef WOLFSSL_TLS13
3610 byte clientSecret[SECRET_LEN];
3611 byte serverSecret[SECRET_LEN];
3612#endif
3613 HS_Hashes* hsHashes;
3614 void* IOCB_ReadCtx;
3615 void* IOCB_WriteCtx;
3616 WC_RNG* rng;
3617 void* verifyCbCtx; /* cert verify callback user ctx*/
3618 VerifyCallback verifyCallback; /* cert verification callback */
3619 void* heap; /* for user overrides */
3620#ifdef HAVE_WRITE_DUP
3621 WriteDup* dupWrite; /* valid pointer indicates ON */
3622 /* side that decrements dupCount to zero frees overall structure */
3623 byte dupSide; /* write side or read side */
3624#endif
3625#ifdef OPENSSL_EXTRA
3626 byte cbioFlag; /* WOLFSSL_CBIO_RECV/SEND: CBIORecv/Send is set */
3627#endif
3628 CallbackIORecv CBIORecv;
3629 CallbackIOSend CBIOSend;
3630#ifdef WOLFSSL_STATIC_MEMORY
3631 WOLFSSL_HEAP_HINT heap_hint;
3632#endif
3633#ifndef NO_HANDSHAKE_DONE_CB
3634 HandShakeDoneCb hsDoneCb; /* notify user handshake done */
3635 void* hsDoneCtx; /* user handshake cb context */
3636#endif
3637#ifdef WOLFSSL_ASYNC_CRYPT
3638 struct WOLFSSL_ASYNC async;
3639#elif defined(WOLFSSL_NONBLOCK_OCSP)
3640 void* nonblockarg; /* dynamic arg for handling non-block resume */
3641#endif
3642 void* hsKey; /* Handshake key (RsaKey or ecc_key) allocated from heap */
3643 word32 hsType; /* Type of Handshake key (hsKey) */
3644 WOLFSSL_CIPHER cipher;
3645#ifndef WOLFSSL_AEAD_ONLY
3646 hmacfp hmac;
3647#endif
3648 Ciphers encrypt;
3649 Ciphers decrypt;
3650 Buffers buffers;
3651 WOLFSSL_SESSION session;
3652#ifdef HAVE_EXT_CACHE
3653 WOLFSSL_SESSION* extSession;
3654#endif
3655 WOLFSSL_ALERT_HISTORY alert_history;
3656 int error;
3657 int rfd; /* read file descriptor */
3658 int wfd; /* write file descriptor */
3659 int rflags; /* user read flags */
3660 int wflags; /* user write flags */
3661 word32 timeout; /* session timeout */
3662 word32 fragOffset; /* fragment offset */
3663 word16 curSize;
3664 byte verifyDepth;
3665 RecordLayerHeader curRL;
3666 MsgsReceived msgsReceived; /* peer messages received */
3667 ProtocolVersion version; /* negotiated version */
3668 ProtocolVersion chVersion; /* client hello version */
3669 CipherSpecs specs;
3670 Keys keys;
3671 Options options;
3672#ifdef OPENSSL_EXTRA
3673 CallbackInfoState* CBIS; /* used to get info about SSL state */
3674 int cbmode; /* read or write on info callback */
3675 int cbtype; /* event type in info callback */
3676 WOLFSSL_BIO* biord; /* socket bio read to free/close */
3677 WOLFSSL_BIO* biowr; /* socket bio write to free/close */
3678 byte sessionCtx[ID_LEN]; /* app session context ID */
3679 unsigned long peerVerifyRet;
3680 byte readAhead;
3681 byte sessionCtxSz; /* size of sessionCtx stored */
3682#ifdef HAVE_PK_CALLBACKS
3683 void* loggingCtx; /* logging callback argument */
3684#endif
3685#endif /* OPENSSL_EXTRA */
3686#ifndef NO_RSA
3687 RsaKey* peerRsaKey;
3688 byte peerRsaKeyPresent;
3689#endif
3690#ifdef HAVE_QSH
3691 QSHKey* QSH_Key;
3692 QSHKey* peerQSHKey;
3693 QSHSecret* QSH_secret;
3694 byte isQSH; /* is the handshake a QSH? */
3695 byte sendQSHKeys; /* flag for if the client should sen
3696 public keys */
3697 byte peerQSHKeyPresent;
3698 byte minRequest;
3699 byte maxRequest;
3700 byte user_set_QSHSchemes;
3701#endif
3702#ifdef WOLFSSL_TLS13
3703 word16 namedGroup;
3704 word16 group[WOLFSSL_MAX_GROUP_COUNT];
3705 byte numGroups;
3706#endif
3707 byte pssAlgo;
3708#ifdef WOLFSSL_TLS13
3709 #if !defined(WOLFSSL_TLS13_DRAFT_18) && !defined(WOLFSSL_TLS13_DRAFT_22)
3710 word16 certHashSigAlgoSz; /* SigAlgoCert ext length in bytes */
3711 byte certHashSigAlgo[WOLFSSL_MAX_SIGALGO]; /* cert sig/algo to
3712 * offer */
3713 #endif /* !WOLFSSL_TLS13_DRAFT_18 && !WOLFSSL_TLS13_DRAFT_22 */
3714#endif
3715#ifdef HAVE_NTRU
3716 word16 peerNtruKeyLen;
3717 byte peerNtruKey[MAX_NTRU_PUB_KEY_SZ];
3718 byte peerNtruKeyPresent;
3719#endif
3720#if defined(HAVE_ECC) || defined(HAVE_ED25519)
3721 int eccVerifyRes;
3722#endif
3723#if defined(HAVE_ECC) || defined(HAVE_CURVE25519)
3724 word32 ecdhCurveOID; /* curve Ecc_Sum */
3725 ecc_key* eccTempKey; /* private ECDHE key */
3726 byte eccTempKeyPresent; /* also holds type */
3727 byte peerEccKeyPresent;
3728#endif
3729#ifdef HAVE_ECC
3730 ecc_key* peerEccKey; /* peer's ECDHE key */
3731 ecc_key* peerEccDsaKey; /* peer's ECDSA key */
3732 word16 eccTempKeySz; /* in octets 20 - 66 */
3733 byte peerEccDsaKeyPresent;
3734#endif
3735#if defined(HAVE_ECC) || defined(HAVE_ED25519)
3736 word32 pkCurveOID; /* curve Ecc_Sum */
3737#endif
3738#ifdef HAVE_ED25519
3739 ed25519_key* peerEd25519Key;
3740 byte peerEd25519KeyPresent;
3741#endif
3742#ifdef HAVE_CURVE25519
3743 curve25519_key* peerX25519Key;
3744 byte peerX25519KeyPresent;
3745#endif
3746#ifdef HAVE_LIBZ
3747 z_stream c_stream; /* compression stream */
3748 z_stream d_stream; /* decompression stream */
3749 byte didStreamInit; /* for stream init and end */
3750#endif
3751#ifdef WOLFSSL_DTLS
3752 int dtls_timeout_init; /* starting timeout value */
3753 int dtls_timeout_max; /* maximum timeout value */
3754 int dtls_timeout; /* current timeout value, changes */
3755 word32 dtls_tx_msg_list_sz;
3756 word32 dtls_rx_msg_list_sz;
3757 DtlsMsg* dtls_tx_msg_list;
3758 DtlsMsg* dtls_rx_msg_list;
3759 void* IOCB_CookieCtx; /* gen cookie ctx */
3760 word32 dtls_expected_rx;
3761#ifdef WOLFSSL_SESSION_EXPORT
3762 wc_dtls_export dtls_export; /* export function for session */
3763#endif
3764#ifdef WOLFSSL_SCTP
3765 word16 dtlsMtuSz;
3766#endif /* WOLFSSL_SCTP */
3767#ifdef WOLFSSL_MULTICAST
3768 void* mcastHwCbCtx; /* Multicast highwater callback ctx */
3769#endif /* WOLFSSL_MULTICAST */
3770#ifdef WOLFSSL_DTLS_DROP_STATS
3771 word32 macDropCount;
3772 word32 replayDropCount;
3773#endif /* WOLFSSL_DTLS_DROP_STATS */
3774#endif /* WOLFSSL_DTLS */
3775#ifdef WOLFSSL_CALLBACKS
3776 TimeoutInfo timeoutInfo; /* info saved during handshake */
3777 HandShakeInfo handShakeInfo; /* info saved during handshake */
3778#endif
3779#ifdef OPENSSL_EXTRA
3780 SSL_Msg_Cb protoMsgCb; /* inspect protocol message callback */
3781 void* protoMsgCtx; /* user set context with msg callback */
3782#endif
3783#if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA)
3784 byte hsInfoOn; /* track handshake info */
3785 byte toInfoOn; /* track timeout info */
3786#endif
3787#ifdef HAVE_FUZZER
3788 CallbackFuzzer fuzzerCb; /* for testing with using fuzzer */
3789 void* fuzzerCtx; /* user defined pointer */
3790#endif
3791#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
3792 CertReqCtx* certReqCtx;
3793#endif
3794#ifdef KEEP_PEER_CERT
3795 WOLFSSL_X509 peerCert; /* X509 peer cert */
3796#endif
3797#ifdef KEEP_OUR_CERT
3798 WOLFSSL_X509* ourCert; /* keep alive a X509 struct of cert.
3799 points to ctx if not owned (owned
3800 flag found in buffers.weOwnCert) */
3801#endif
3802 byte keepCert; /* keep certificate after handshake */
3803#if defined(HAVE_EX_DATA) || defined(FORTRESS)
3804 void* ex_data[MAX_EX_DATA]; /* external data, for Fortress */
3805#endif
3806 int devId; /* async device id to use */
3807#ifdef HAVE_ONE_TIME_AUTH
3808 OneTimeAuth auth;
3809#endif
3810#ifdef HAVE_TLS_EXTENSIONS
3811 TLSX* extensions; /* RFC 6066 TLS Extensions data */
3812 #ifdef HAVE_MAX_FRAGMENT
3813 word16 max_fragment;
3814 #endif
3815 #ifdef HAVE_TRUNCATED_HMAC
3816 byte truncated_hmac;
3817 #endif
3818 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST
3819 byte status_request;
3820 #endif
3821 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
3822 byte status_request_v2;
3823 #endif
3824 #if defined(HAVE_SECURE_RENEGOTIATION) \
3825 || defined(HAVE_SERVER_RENEGOTIATION_INFO)
3826 SecureRenegotiation* secure_renegotiation; /* valid pointer indicates */
3827 #endif /* user turned on */
3828 #ifdef HAVE_ALPN
3829 char* alpn_client_list; /* keep the client's list */
3830 #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
3831 CallbackALPNSelect alpnSelect;
3832 void* alpnSelectArg;
3833 #endif
3834 #endif /* of accepted protocols */
3835 #if !defined(NO_WOLFSSL_CLIENT) && defined(HAVE_SESSION_TICKET)
3836 CallbackSessionTicket session_ticket_cb;
3837 void* session_ticket_ctx;
3838 byte expect_session_ticket;
3839 #endif
3840#endif /* HAVE_TLS_EXTENSIONS */
3841#ifdef HAVE_OCSP
3842 void* ocspIOCtx;
3843 #ifdef OPENSSL_EXTRA
3844 byte* ocspResp;
3845 int ocspRespSz;
3846 #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
3847 char* url;
3848 #endif
3849 #endif
3850#endif
3851#ifdef HAVE_NETX
3852 NetX_Ctx nxCtx; /* NetX IO Context */
3853#endif
3854#if defined(WOLFSSL_APACHE_MYNEWT) && !defined(WOLFSSL_LWIP)
3855 void* mnCtx; /* mynewt mn_socket IO Context */
3856#endif /* defined(WOLFSSL_APACHE_MYNEWT) && !defined(WOLFSSL_LWIP) */
3857#ifdef SESSION_INDEX
3858 int sessionIndex; /* Session's location in the cache. */
3859#endif
3860#ifdef ATOMIC_USER
3861 void* MacEncryptCtx; /* Atomic User Mac/Encrypt Callback Context */
3862 void* DecryptVerifyCtx; /* Atomic User Decrypt/Verify Callback Context */
3863#endif
3864#ifdef HAVE_PK_CALLBACKS
3865 #ifdef HAVE_ECC
3866 void* EccKeyGenCtx; /* EccKeyGen Callback Context */
3867 void* EccSignCtx; /* Ecc Sign Callback Context */
3868 void* EccVerifyCtx; /* Ecc Verify Callback Context */
3869 void* EccSharedSecretCtx; /* Ecc Pms Callback Context */
3870 #ifdef HAVE_ED25519
3871 void* Ed25519SignCtx; /* ED25519 Sign Callback Context */
3872 void* Ed25519VerifyCtx; /* ED25519 Verify Callback Context */
3873 #endif
3874 #ifdef HAVE_CURVE25519
3875 void* X25519KeyGenCtx; /* X25519 KeyGen Callback Context */
3876 void* X25519SharedSecretCtx; /* X25519 Pms Callback Context */
3877 #endif
3878 #endif /* HAVE_ECC */
3879 #ifndef NO_DH
3880 void* DhAgreeCtx; /* DH Pms Callback Context */
3881 #endif /* !NO_DH */
3882 #ifndef NO_RSA
3883 void* RsaSignCtx; /* Rsa Sign Callback Context */
3884 void* RsaVerifyCtx; /* Rsa Verify Callback Context */
3885 #ifdef WC_RSA_PSS
3886 void* RsaPssSignCtx; /* Rsa PSS Sign Callback Context */
3887 void* RsaPssVerifyCtx; /* Rsa PSS Verify Callback Context */
3888 #endif
3889 void* RsaEncCtx; /* Rsa Public Encrypt Callback Context */
3890 void* RsaDecCtx; /* Rsa Private Decrypt Callback Context */
3891 #endif /* NO_RSA */
3892#endif /* HAVE_PK_CALLBACKS */
3893#ifdef HAVE_SECRET_CALLBACK
3894 SessionSecretCb sessionSecretCb;
3895 void* sessionSecretCtx;
3896#endif /* HAVE_SECRET_CALLBACK */
3897#ifdef WOLFSSL_JNI
3898 void* jObjectRef; /* reference to WolfSSLSession in JNI wrapper */
3899#endif /* WOLFSSL_JNI */
3900#ifdef WOLFSSL_EARLY_DATA
3901 EarlyDataState earlyData;
3902 word32 earlyDataSz;
3903#endif
3904};
3905
3906
3907WOLFSSL_LOCAL
3908int SetSSL_CTX(WOLFSSL*, WOLFSSL_CTX*, int);
3909WOLFSSL_LOCAL
3910int InitSSL(WOLFSSL*, WOLFSSL_CTX*, int);
3911WOLFSSL_LOCAL
3912void FreeSSL(WOLFSSL*, void* heap);
3913WOLFSSL_API void SSL_ResourceFree(WOLFSSL*); /* Micrium uses */
3914
3915
3916
3917#ifndef NO_CERTS
3918
3919 WOLFSSL_LOCAL int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
3920 long sz, int format, int type, WOLFSSL* ssl,
3921 long* used, int userChain);
3922 WOLFSSL_LOCAL int ProcessFile(WOLFSSL_CTX* ctx, const char* fname, int format,
3923 int type, WOLFSSL* ssl, int userChain,
3924 WOLFSSL_CRL* crl);
3925
3926 #ifdef OPENSSL_EXTRA
3927 WOLFSSL_LOCAL int CheckHostName(DecodedCert* dCert, char *domainName,
3928 size_t domainNameLen);
3929 #endif
3930#endif
3931
3932
3933#if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA)
3934 WOLFSSL_LOCAL
3935 void InitHandShakeInfo(HandShakeInfo*, WOLFSSL*);
3936 WOLFSSL_LOCAL
3937 void FinishHandShakeInfo(HandShakeInfo*);
3938 WOLFSSL_LOCAL
3939 void AddPacketName(WOLFSSL* ssl, const char* name);
3940
3941 WOLFSSL_LOCAL
3942 void InitTimeoutInfo(TimeoutInfo*);
3943 WOLFSSL_LOCAL
3944 void FreeTimeoutInfo(TimeoutInfo*, void*);
3945 WOLFSSL_LOCAL
3946 void AddPacketInfo(WOLFSSL* ssl, const char* name, int type,
3947 const byte* data, int sz, int write, void* heap);
3948 WOLFSSL_LOCAL
3949 void AddLateName(const char*, TimeoutInfo*);
3950 WOLFSSL_LOCAL
3951 void AddLateRecordHeader(const RecordLayerHeader* rl, TimeoutInfo* info);
3952#endif
3953
3954
3955/* Record Layer Header identifier from page 12 */
3956enum ContentType {
3957 no_type = 0,
3958 change_cipher_spec = 20,
3959 alert = 21,
3960 handshake = 22,
3961 application_data = 23
3962};
3963
3964
3965/* handshake header, same for each message type, pgs 20/21 */
3966typedef struct HandShakeHeader {
3967 byte type;
3968 word24 length;
3969} HandShakeHeader;
3970
3971
3972/* DTLS handshake header, same for each message type */
3973typedef struct DtlsHandShakeHeader {
3974 byte type;
3975 word24 length;
3976 byte message_seq[2]; /* start at 0, retransmit gets same # */
3977 word24 fragment_offset; /* bytes in previous fragments */
3978 word24 fragment_length; /* length of this fragment */
3979} DtlsHandShakeHeader;
3980
3981
3982enum HandShakeType {
3983 hello_request = 0,
3984 client_hello = 1,
3985 server_hello = 2,
3986 hello_verify_request = 3, /* DTLS addition */
3987 session_ticket = 4,
3988 end_of_early_data = 5,
3989 hello_retry_request = 6,
3990 encrypted_extensions = 8,
3991 certificate = 11,
3992 server_key_exchange = 12,
3993 certificate_request = 13,
3994 server_hello_done = 14,
3995 certificate_verify = 15,
3996 client_key_exchange = 16,
3997 finished = 20,
3998 certificate_status = 22,
3999 key_update = 24,
4000 change_cipher_hs = 55, /* simulate unique handshake type for sanity
4001 checks. record layer change_cipher
4002 conflicts with handshake finished */
4003 message_hash = 254, /* synthetic message type for TLS v1.3 */
4004 no_shake = 255 /* used to initialize the DtlsMsg record */
4005};
4006
4007enum ProvisionSide {
4008 PROVISION_CLIENT = 1,
4009 PROVISION_SERVER = 2,
4010 PROVISION_CLIENT_SERVER = 3
4011};
4012
4013
4014static const byte client[SIZEOF_SENDER] = { 0x43, 0x4C, 0x4E, 0x54 };
4015static const byte server[SIZEOF_SENDER] = { 0x53, 0x52, 0x56, 0x52 };
4016
4017static const byte tls_client[FINISHED_LABEL_SZ + 1] = "client finished";
4018static const byte tls_server[FINISHED_LABEL_SZ + 1] = "server finished";
4019
4020
4021/* internal functions */
4022WOLFSSL_LOCAL int SendChangeCipher(WOLFSSL*);
4023WOLFSSL_LOCAL int SendTicket(WOLFSSL*);
4024WOLFSSL_LOCAL int DoClientTicket(WOLFSSL*, const byte*, word32);
4025WOLFSSL_LOCAL int SendData(WOLFSSL*, const void*, int);
4026#ifdef WOLFSSL_TLS13
4027#ifdef WOLFSSL_TLS13_DRAFT_18
4028WOLFSSL_LOCAL int SendTls13HelloRetryRequest(WOLFSSL*);
4029#else
4030WOLFSSL_LOCAL int SendTls13ServerHello(WOLFSSL*, byte);
4031#endif
4032#endif
4033WOLFSSL_LOCAL int SendCertificate(WOLFSSL*);
4034WOLFSSL_LOCAL int SendCertificateRequest(WOLFSSL*);
4035#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
4036 || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
4037WOLFSSL_LOCAL int CreateOcspResponse(WOLFSSL*, OcspRequest**, buffer*);
4038#endif
4039#if defined(HAVE_SECURE_RENEGOTIATION) && \
4040 defined(HAVE_SERVER_RENEGOTIATION_INFO)
4041WOLFSSL_LOCAL int SendHelloRequest(WOLFSSL*);
4042#endif
4043WOLFSSL_LOCAL int SendCertificateStatus(WOLFSSL*);
4044WOLFSSL_LOCAL int SendServerKeyExchange(WOLFSSL*);
4045WOLFSSL_LOCAL int SendBuffered(WOLFSSL*);
4046WOLFSSL_LOCAL int ReceiveData(WOLFSSL*, byte*, int, int);
4047WOLFSSL_LOCAL int SendFinished(WOLFSSL*);
4048WOLFSSL_LOCAL int SendAlert(WOLFSSL*, int, int);
4049WOLFSSL_LOCAL int ProcessReply(WOLFSSL*);
4050
4051WOLFSSL_LOCAL int SetCipherSpecs(WOLFSSL*);
4052WOLFSSL_LOCAL int MakeMasterSecret(WOLFSSL*);
4053
4054WOLFSSL_LOCAL int AddSession(WOLFSSL*);
4055WOLFSSL_LOCAL int DeriveKeys(WOLFSSL* ssl);
4056WOLFSSL_LOCAL int StoreKeys(WOLFSSL* ssl, const byte* keyData, int side);
4057
4058WOLFSSL_LOCAL int IsTLS(const WOLFSSL* ssl);
4059WOLFSSL_LOCAL int IsAtLeastTLSv1_2(const WOLFSSL* ssl);
4060WOLFSSL_LOCAL int IsAtLeastTLSv1_3(const ProtocolVersion pv);
4061
4062WOLFSSL_LOCAL void FreeHandshakeResources(WOLFSSL* ssl);
4063WOLFSSL_LOCAL void ShrinkInputBuffer(WOLFSSL* ssl, int forcedFree);
4064WOLFSSL_LOCAL void ShrinkOutputBuffer(WOLFSSL* ssl);
4065
4066WOLFSSL_LOCAL int VerifyClientSuite(WOLFSSL* ssl);
4067
4068WOLFSSL_LOCAL int SetTicket(WOLFSSL*, const byte*, word32);
4069WOLFSSL_LOCAL int wolfSSL_GetMaxRecordSize(WOLFSSL* ssl, int maxFragment);
4070
4071#ifndef NO_CERTS
4072 #ifndef NO_RSA
4073 #ifdef WC_RSA_PSS
4074 WOLFSSL_LOCAL int CheckRsaPssPadding(const byte* plain, word32 plainSz,
4075 byte* out, word32 sigSz, enum wc_HashType hashType);
4076 WOLFSSL_LOCAL int ConvertHashPss(int hashAlgo,
4077 enum wc_HashType* hashType, int* mgf);
4078 #endif
4079 WOLFSSL_LOCAL int VerifyRsaSign(WOLFSSL* ssl, byte* verifySig,
4080 word32 sigSz, const byte* plain, word32 plainSz, int sigAlgo,
4081 int hashAlgo, RsaKey* key, DerBuffer* keyBufInfo);
4082 WOLFSSL_LOCAL int RsaSign(WOLFSSL* ssl, const byte* in, word32 inSz,
4083 byte* out, word32* outSz, int sigAlgo, int hashAlgo, RsaKey* key,
4084 DerBuffer* keyBufInfo);
4085 WOLFSSL_LOCAL int RsaVerify(WOLFSSL* ssl, byte* in, word32 inSz,
4086 byte** out, int sigAlgo, int hashAlgo, RsaKey* key,
4087 buffer* keyBufInfo);
4088 WOLFSSL_LOCAL int RsaDec(WOLFSSL* ssl, byte* in, word32 inSz, byte** out,
4089 word32* outSz, RsaKey* key, DerBuffer* keyBufInfo);
4090 WOLFSSL_LOCAL int RsaEnc(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out,
4091 word32* outSz, RsaKey* key, buffer* keyBufInfo);
4092 #endif /* !NO_RSA */
4093
4094 #ifdef HAVE_ECC
4095 WOLFSSL_LOCAL int EccSign(WOLFSSL* ssl, const byte* in, word32 inSz,
4096 byte* out, word32* outSz, ecc_key* key, DerBuffer* keyBufInfo);
4097 WOLFSSL_LOCAL int EccVerify(WOLFSSL* ssl, const byte* in, word32 inSz,
4098 const byte* out, word32 outSz, ecc_key* key, buffer* keyBufInfo);
4099 WOLFSSL_LOCAL int EccSharedSecret(WOLFSSL* ssl, ecc_key* priv_key,
4100 ecc_key* pub_key, byte* pubKeyDer, word32* pubKeySz, byte* out,
4101 word32* outlen, int side);
4102 #endif /* HAVE_ECC */
4103 #ifdef HAVE_ED25519
4104 WOLFSSL_LOCAL int Ed25519CheckPubKey(WOLFSSL* ssl);
4105 WOLFSSL_LOCAL int Ed25519Sign(WOLFSSL* ssl, const byte* in, word32 inSz,
4106 byte* out, word32* outSz, ed25519_key* key, DerBuffer* keyBufInfo);
4107 WOLFSSL_LOCAL int Ed25519Verify(WOLFSSL* ssl, const byte* in,
4108 word32 inSz, const byte* msg, word32 msgSz, ed25519_key* key,
4109 buffer* keyBufInfo);
4110 #endif /* HAVE_ED25519 */
4111
4112
4113 #ifdef WOLFSSL_TRUST_PEER_CERT
4114
4115 /* options for searching hash table for a matching trusted peer cert */
4116 #define WC_MATCH_SKID 0
4117 #define WC_MATCH_NAME 1
4118
4119 WOLFSSL_LOCAL TrustedPeerCert* GetTrustedPeer(void* vp, byte* hash,
4120 int type);
4121 WOLFSSL_LOCAL int MatchTrustedPeer(TrustedPeerCert* tp,
4122 DecodedCert* cert);
4123 #endif
4124
4125 WOLFSSL_LOCAL Signer* GetCA(void* cm, byte* hash);
4126 #ifndef NO_SKID
4127 WOLFSSL_LOCAL Signer* GetCAByName(void* cm, byte* hash);
4128 #endif
4129#endif /* !NO_CERTS */
4130WOLFSSL_LOCAL int BuildTlsHandshakeHash(WOLFSSL* ssl, byte* hash,
4131 word32* hashLen);
4132WOLFSSL_LOCAL int BuildTlsFinished(WOLFSSL* ssl, Hashes* hashes,
4133 const byte* sender);
4134WOLFSSL_LOCAL void FreeArrays(WOLFSSL* ssl, int keep);
4135WOLFSSL_LOCAL int CheckAvailableSize(WOLFSSL *ssl, int size);
4136WOLFSSL_LOCAL int GrowInputBuffer(WOLFSSL* ssl, int size, int usedLength);
4137
4138#ifndef NO_TLS
4139 WOLFSSL_LOCAL int MakeTlsMasterSecret(WOLFSSL*);
4140#ifndef WOLFSSL_AEAD_ONLY
4141 WOLFSSL_LOCAL int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in,
4142 word32 sz, int padSz, int content, int verify);
4143#endif
4144#endif
4145
4146#ifndef NO_WOLFSSL_CLIENT
4147 WOLFSSL_LOCAL int SendClientHello(WOLFSSL*);
4148 #ifdef WOLFSSL_TLS13
4149 WOLFSSL_LOCAL int SendTls13ClientHello(WOLFSSL*);
4150 #endif
4151 WOLFSSL_LOCAL int SendClientKeyExchange(WOLFSSL*);
4152 WOLFSSL_LOCAL int SendCertificateVerify(WOLFSSL*);
4153#endif /* NO_WOLFSSL_CLIENT */
4154
4155#ifndef NO_WOLFSSL_SERVER
4156 WOLFSSL_LOCAL int SendServerHello(WOLFSSL*);
4157 WOLFSSL_LOCAL int SendServerHelloDone(WOLFSSL*);
4158#endif /* NO_WOLFSSL_SERVER */
4159
4160#ifdef WOLFSSL_DTLS
4161 WOLFSSL_LOCAL DtlsMsg* DtlsMsgNew(word32, void*);
4162 WOLFSSL_LOCAL void DtlsMsgDelete(DtlsMsg*, void*);
4163 WOLFSSL_LOCAL void DtlsMsgListDelete(DtlsMsg*, void*);
4164 WOLFSSL_LOCAL int DtlsMsgSet(DtlsMsg*, word32, const byte*, byte,
4165 word32, word32, void*);
4166 WOLFSSL_LOCAL DtlsMsg* DtlsMsgFind(DtlsMsg*, word32);
4167 WOLFSSL_LOCAL void DtlsMsgStore(WOLFSSL*, word32, const byte*, word32,
4168 byte, word32, word32, void*);
4169 WOLFSSL_LOCAL DtlsMsg* DtlsMsgInsert(DtlsMsg*, DtlsMsg*);
4170
4171 WOLFSSL_LOCAL int DtlsMsgPoolSave(WOLFSSL*, const byte*, word32);
4172 WOLFSSL_LOCAL int DtlsMsgPoolTimeout(WOLFSSL*);
4173 WOLFSSL_LOCAL int VerifyForDtlsMsgPoolSend(WOLFSSL*, byte, word32);
4174 WOLFSSL_LOCAL void DtlsMsgPoolReset(WOLFSSL*);
4175 WOLFSSL_LOCAL int DtlsMsgPoolSend(WOLFSSL*, int);
4176#endif /* WOLFSSL_DTLS */
4177
4178#ifndef NO_TLS
4179
4180
4181#endif /* NO_TLS */
4182
4183#if defined(WOLFSSL_TLS13) && (defined(HAVE_SESSION_TICKET) || !defined(NO_PSK))
4184 WOLFSSL_LOCAL word32 TimeNowInMilliseconds(void);
4185#endif
4186WOLFSSL_LOCAL word32 LowResTimer(void);
4187
4188#ifndef NO_CERTS
4189 WOLFSSL_LOCAL void InitX509Name(WOLFSSL_X509_NAME*, int);
4190 WOLFSSL_LOCAL void FreeX509Name(WOLFSSL_X509_NAME* name, void* heap);
4191 WOLFSSL_LOCAL void InitX509(WOLFSSL_X509*, int, void* heap);
4192 WOLFSSL_LOCAL void FreeX509(WOLFSSL_X509*);
4193 WOLFSSL_LOCAL int CopyDecodedToX509(WOLFSSL_X509*, DecodedCert*);
4194#endif
4195
4196typedef struct CipherSuiteInfo {
4197 const char* name;
4198#ifndef NO_ERROR_STRINGS
4199 const char* name_iana;
4200#endif
4201 byte cipherSuite0;
4202 byte cipherSuite;
4203} CipherSuiteInfo;
4204
4205WOLFSSL_LOCAL const CipherSuiteInfo* GetCipherNames(void);
4206WOLFSSL_LOCAL int GetCipherNamesSize(void);
4207WOLFSSL_LOCAL const char* GetCipherNameInternal(const byte cipherSuite0, const byte cipherSuite);
4208WOLFSSL_LOCAL const char* GetCipherNameIana(const byte cipherSuite0, const byte cipherSuite);
4209WOLFSSL_LOCAL const char* wolfSSL_get_cipher_name_internal(WOLFSSL* ssl);
4210WOLFSSL_LOCAL const char* wolfSSL_get_cipher_name_iana(WOLFSSL* ssl);
4211WOLFSSL_LOCAL int GetCipherSuiteFromName(const char* name, byte* cipherSuite0,
4212 byte* cipherSuite);
4213
4214enum encrypt_side {
4215 ENCRYPT_SIDE_ONLY = 1,
4216 DECRYPT_SIDE_ONLY,
4217 ENCRYPT_AND_DECRYPT_SIDE
4218};
4219
4220WOLFSSL_LOCAL int SetKeysSide(WOLFSSL*, enum encrypt_side);
4221
4222
4223#ifndef NO_DH
4224 WOLFSSL_LOCAL int DhGenKeyPair(WOLFSSL* ssl, DhKey* dhKey,
4225 byte* priv, word32* privSz,
4226 byte* pub, word32* pubSz);
4227 WOLFSSL_LOCAL int DhAgree(WOLFSSL* ssl, DhKey* dhKey,
4228 const byte* priv, word32 privSz,
4229 const byte* otherPub, word32 otherPubSz,
4230 byte* agree, word32* agreeSz);
4231#endif /* !NO_DH */
4232
4233#ifdef HAVE_ECC
4234 WOLFSSL_LOCAL int EccMakeKey(WOLFSSL* ssl, ecc_key* key, ecc_key* peer);
4235#endif
4236
4237WOLFSSL_LOCAL int InitHandshakeHashes(WOLFSSL* ssl);
4238WOLFSSL_LOCAL void FreeHandshakeHashes(WOLFSSL* ssl);
4239
4240WOLFSSL_LOCAL int BuildMessage(WOLFSSL* ssl, byte* output, int outSz,
4241 const byte* input, int inSz, int type, int hashOutput,
4242 int sizeOnly, int asyncOkay);
4243
4244#ifdef WOLFSSL_TLS13
4245int BuildTls13Message(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
4246 int inSz, int type, int hashOutput, int sizeOnly, int asyncOkay);
4247#endif
4248
4249WOLFSSL_LOCAL int AllocKey(WOLFSSL* ssl, int type, void** pKey);
4250WOLFSSL_LOCAL void FreeKey(WOLFSSL* ssl, int type, void** pKey);
4251
4252#ifdef WOLFSSL_ASYNC_CRYPT
4253 WOLFSSL_LOCAL int wolfSSL_AsyncInit(WOLFSSL* ssl, WC_ASYNC_DEV* asyncDev, word32 flags);
4254 WOLFSSL_LOCAL int wolfSSL_AsyncPop(WOLFSSL* ssl, byte* state);
4255 WOLFSSL_LOCAL int wolfSSL_AsyncPush(WOLFSSL* ssl, WC_ASYNC_DEV* asyncDev);
4256#endif
4257
4258
4259#ifdef __cplusplus
4260 } /* extern "C" */
4261#endif
4262
4263#endif /* wolfSSL_INT_H */
Note: See TracBrowser for help on using the repository browser.