source: azure_iot_hub_f767zi/trunk/wolfssl-4.4.0/wolfssl/internal.h@ 457

Last change on this file since 457 was 457, checked in by coas-nagasima, 4 years ago

ファイルを追加
  • Property svn:eol-style set to native
  • Property svn:mime-type set to text/x-chdr;charset=UTF-8
File size: 168.7 KB
Line 
1/* internal.h
2 *
3 * Copyright (C) 2006-2020 wolfSSL Inc.
4 *
5 * This file is part of wolfSSL.
6 *
7 * wolfSSL is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
11 *
12 * wolfSSL is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA
20 */
21
22
23
24#ifndef WOLFSSL_INT_H
25#define WOLFSSL_INT_H
26
27
28#include <wolfssl/wolfcrypt/types.h>
29#include <wolfssl/ssl.h>
30#ifdef HAVE_CRL
31 #include <wolfssl/crl.h>
32#endif
33#include <wolfssl/wolfcrypt/random.h>
34#ifndef NO_DES3
35 #include <wolfssl/wolfcrypt/des3.h>
36#endif
37#ifndef NO_HC128
38 #include <wolfssl/wolfcrypt/hc128.h>
39#endif
40#ifndef NO_RABBIT
41 #include <wolfssl/wolfcrypt/rabbit.h>
42#endif
43#ifdef HAVE_CHACHA
44 #include <wolfssl/wolfcrypt/chacha.h>
45#endif
46#ifndef NO_ASN
47 #include <wolfssl/wolfcrypt/asn.h>
48 #include <wolfssl/wolfcrypt/pkcs12.h>
49#endif
50#ifndef NO_MD5
51 #include <wolfssl/wolfcrypt/md5.h>
52#endif
53#ifndef NO_SHA
54 #include <wolfssl/wolfcrypt/sha.h>
55#endif
56#ifndef NO_AES
57 #include <wolfssl/wolfcrypt/aes.h>
58#endif
59#ifdef HAVE_POLY1305
60 #include <wolfssl/wolfcrypt/poly1305.h>
61#endif
62#ifdef HAVE_CAMELLIA
63 #include <wolfssl/wolfcrypt/camellia.h>
64#endif
65#include <wolfssl/wolfcrypt/logging.h>
66#ifndef NO_HMAC
67 #include <wolfssl/wolfcrypt/hmac.h>
68#endif
69#ifndef NO_RC4
70 #include <wolfssl/wolfcrypt/arc4.h>
71#endif
72#ifndef NO_SHA256
73 #include <wolfssl/wolfcrypt/sha256.h>
74#endif
75#ifdef HAVE_OCSP
76 #include <wolfssl/ocsp.h>
77#endif
78#ifdef WOLFSSL_SHA384
79 #include <wolfssl/wolfcrypt/sha512.h>
80#endif
81#ifdef WOLFSSL_SHA512
82 #include <wolfssl/wolfcrypt/sha512.h>
83#endif
84#ifdef HAVE_AESGCM
85 #include <wolfssl/wolfcrypt/sha512.h>
86#endif
87#ifdef WOLFSSL_RIPEMD
88 #include <wolfssl/wolfcrypt/ripemd.h>
89#endif
90#ifdef HAVE_IDEA
91 #include <wolfssl/wolfcrypt/idea.h>
92#endif
93#ifndef NO_RSA
94 #include <wolfssl/wolfcrypt/rsa.h>
95#endif
96#ifdef HAVE_ECC
97 #include <wolfssl/wolfcrypt/ecc.h>
98#endif
99#ifndef NO_DH
100 #include <wolfssl/wolfcrypt/dh.h>
101#endif
102#ifdef HAVE_ED25519
103 #include <wolfssl/wolfcrypt/ed25519.h>
104#endif
105#ifdef HAVE_CURVE25519
106 #include <wolfssl/wolfcrypt/curve25519.h>
107#endif
108#ifdef HAVE_ED448
109 #include <wolfssl/wolfcrypt/ed448.h>
110#endif
111#ifdef HAVE_CURVE448
112 #include <wolfssl/wolfcrypt/curve448.h>
113#endif
114
115#include <wolfssl/wolfcrypt/wc_encrypt.h>
116#include <wolfssl/wolfcrypt/hash.h>
117
118#if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA)
119 #include <wolfssl/callbacks.h>
120#endif
121#ifdef WOLFSSL_CALLBACKS
122 #include <signal.h>
123#endif
124
125#ifdef USE_WINDOWS_API
126 #ifdef WOLFSSL_GAME_BUILD
127 #include "system/xtl.h"
128 #else
129 #if defined(_WIN32_WCE) || defined(WIN32_LEAN_AND_MEAN)
130 /* On WinCE winsock2.h must be included before windows.h */
131 #include <winsock2.h>
132 #endif
133 #include <windows.h>
134 #endif
135#elif defined(THREADX)
136 #ifndef SINGLE_THREADED
137 #include "tx_api.h"
138 #endif
139
140#elif defined(WOLFSSL_DEOS)
141 /* do nothing, just don't pick Unix */
142#elif defined(MICRIUM)
143 /* do nothing, just don't pick Unix */
144#elif defined(FREERTOS) || defined(FREERTOS_TCP) || defined(WOLFSSL_SAFERTOS)
145 /* do nothing */
146#elif defined(EBSNET)
147 /* do nothing */
148#elif defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX)
149 /* do nothing */
150#elif defined(FREESCALE_FREE_RTOS)
151 #include "fsl_os_abstraction.h"
152#elif defined(WOLFSSL_uITRON4)
153 /* do nothing */
154#elif defined(WOLFSSL_uTKERNEL2)
155 /* do nothing */
156#elif defined(WOLFSSL_CMSIS_RTOS)
157 #include "cmsis_os.h"
158#elif defined(WOLFSSL_CMSIS_RTOSv2)
159 #include "cmsis_os2.h"
160#elif defined(WOLFSSL_MDK_ARM)
161 #if defined(WOLFSSL_MDK5)
162 #include "cmsis_os.h"
163 #else
164 #include <rtl.h>
165 #endif
166#elif defined(MBED)
167#elif defined(WOLFSSL_TIRTOS)
168 /* do nothing */
169#elif defined(INTIME_RTOS)
170 #include <rt.h>
171#elif defined(WOLFSSL_NUCLEUS_1_2)
172 /* do nothing */
173#elif defined(WOLFSSL_APACHE_MYNEWT)
174 #if !defined(WOLFSSL_LWIP)
175 void mynewt_ctx_clear(void *ctx);
176 void* mynewt_ctx_new();
177 #endif
178#elif defined(WOLFSSL_ZEPHYR)
179 #ifndef SINGLE_THREADED
180 #include <kernel.h>
181 #endif
182#elif defined(WOLFSSL_TELIT_M2MB)
183 /* do nothing */
184#else
185 #ifndef SINGLE_THREADED
186 #define WOLFSSL_PTHREADS
187 #include <pthread.h>
188 #endif
189 #if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM)
190 #include <unistd.h> /* for close of BIO */
191 #endif
192#endif
193
194#ifndef CHAR_BIT
195 /* Needed for DTLS without big math */
196 #include <limits.h>
197#endif
198
199
200#ifdef HAVE_LIBZ
201 #include "zlib.h"
202#endif
203
204#ifdef WOLFSSL_ASYNC_CRYPT
205 #include <wolfssl/wolfcrypt/async.h>
206#endif
207
208#ifdef OPENSSL_EXTRA
209 #ifdef WOLFCRYPT_HAVE_SRP
210 #include <wolfssl/wolfcrypt/srp.h>
211 #endif
212#endif
213
214#ifdef _MSC_VER
215 /* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */
216 #pragma warning(disable: 4996)
217#endif
218
219#ifdef NO_SHA
220 #define WC_SHA_DIGEST_SIZE 20
221#endif
222
223#ifdef NO_SHA256
224 #define WC_SHA256_DIGEST_SIZE 32
225#endif
226
227#ifdef NO_MD5
228 #define WC_MD5_DIGEST_SIZE 16
229#endif
230
231
232#ifdef __cplusplus
233 extern "C" {
234#endif
235
236/* Define or comment out the cipher suites you'd like to be compiled in
237 make sure to use at least one BUILD_SSL_xxx or BUILD_TLS_xxx is defined
238
239 When adding cipher suites, add name to cipher_names, idx to cipher_name_idx
240
241 Now that there is a maximum strength crypto build, the following BUILD_XXX
242 flags need to be divided into two groups selected by WOLFSSL_MAX_STRENGTH.
243 Those that do not use Perfect Forward Security and do not use AEAD ciphers
244 need to be switched off. Allowed suites use (EC)DHE, AES-GCM|CCM, or
245 CHACHA-POLY.
246*/
247
248/* Check that if WOLFSSL_MAX_STRENGTH is set that all the required options are
249 * not turned off. */
250#if defined(WOLFSSL_MAX_STRENGTH) && \
251 ((!defined(HAVE_ECC) && (defined(NO_DH) || defined(NO_RSA))) || \
252 (!defined(HAVE_AESGCM) && !defined(HAVE_AESCCM) && \
253 (!defined(HAVE_POLY1305) || !defined(HAVE_CHACHA))) || \
254 (defined(NO_SHA256) && !defined(WOLFSSL_SHA384)) || \
255 !defined(NO_OLD_TLS))
256
257 #error "You are trying to build max strength with requirements disabled."
258#endif
259
260/* Have QSH : Quantum-safe Handshake */
261#if defined(HAVE_QSH)
262 #define BUILD_TLS_QSH
263#endif
264
265#ifndef WOLFSSL_NO_TLS12
266
267#ifndef WOLFSSL_MAX_STRENGTH
268
269#ifdef WOLFSSL_AEAD_ONLY
270 /* AES CBC ciphers are not allowed in AEAD only mode */
271 #undef HAVE_AES_CBC
272#endif
273
274#ifndef WOLFSSL_AEAD_ONLY
275 #if !defined(NO_RSA) && !defined(NO_RC4)
276 #if defined(WOLFSSL_STATIC_RSA)
277 #if !defined(NO_SHA)
278 #define BUILD_SSL_RSA_WITH_RC4_128_SHA
279 #endif
280 #if !defined(NO_MD5)
281 #define BUILD_SSL_RSA_WITH_RC4_128_MD5
282 #endif
283 #endif
284 #if !defined(NO_TLS) && defined(HAVE_NTRU) && !defined(NO_SHA) \
285 && defined(WOLFSSL_STATIC_RSA)
286 #define BUILD_TLS_NTRU_RSA_WITH_RC4_128_SHA
287 #endif
288 #endif
289
290 #if !defined(NO_RSA) && !defined(NO_DES3)
291 #if !defined(NO_SHA)
292 #if defined(WOLFSSL_STATIC_RSA)
293 #define BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA
294 #endif
295 #if !defined(NO_TLS) && defined(HAVE_NTRU) \
296 && defined(WOLFSSL_STATIC_RSA)
297 #define BUILD_TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA
298 #endif
299 #endif
300 #endif
301
302 #if !defined(NO_RSA) && defined(HAVE_IDEA)
303 #if !defined(NO_SHA) && defined(WOLFSSL_STATIC_RSA)
304 #define BUILD_SSL_RSA_WITH_IDEA_CBC_SHA
305 #endif
306 #endif
307#endif /* !WOLFSSL_AEAD_ONLY */
308
309 #if !defined(NO_RSA) && !defined(NO_AES) && !defined(NO_TLS)
310 #if !defined(NO_SHA) && defined(HAVE_AES_CBC)
311 #if defined(WOLFSSL_STATIC_RSA)
312 #ifdef WOLFSSL_AES_128
313 #define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA
314 #endif
315 #ifdef WOLFSSL_AES_256
316 #define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA
317 #endif
318 #endif
319 #if defined(HAVE_NTRU) && defined(WOLFSSL_STATIC_RSA)
320 #ifdef WOLFSSL_AES_128
321 #define BUILD_TLS_NTRU_RSA_WITH_AES_128_CBC_SHA
322 #endif
323 #ifdef WOLFSSL_AES_256
324 #define BUILD_TLS_NTRU_RSA_WITH_AES_256_CBC_SHA
325 #endif
326 #endif
327 #endif
328 #if defined(WOLFSSL_STATIC_RSA)
329 #if !defined (NO_SHA256) && defined(HAVE_AES_CBC)
330 #ifdef WOLFSSL_AES_128
331 #define BUILD_TLS_RSA_WITH_AES_128_CBC_SHA256
332 #endif
333 #ifdef WOLFSSL_AES_256
334 #define BUILD_TLS_RSA_WITH_AES_256_CBC_SHA256
335 #endif
336 #endif
337 #if defined (HAVE_AESGCM)
338 #ifdef WOLFSSL_AES_128
339 #define BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256
340 #endif
341 #if defined (WOLFSSL_SHA384) && defined(WOLFSSL_AES_256)
342 #define BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384
343 #endif
344 #endif
345 #if defined (HAVE_AESCCM)
346 #ifdef WOLFSSL_AES_128
347 #define BUILD_TLS_RSA_WITH_AES_128_CCM_8
348 #endif
349 #ifdef WOLFSSL_AES_256
350 #define BUILD_TLS_RSA_WITH_AES_256_CCM_8
351 #endif
352 #endif
353 #endif
354 #endif
355
356 #if defined(HAVE_CAMELLIA) && !defined(NO_TLS) && !defined(NO_CAMELLIA_CBC)
357 #ifndef NO_RSA
358 #if defined(WOLFSSL_STATIC_RSA)
359 #if !defined(NO_SHA)
360 #define BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
361 #define BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
362 #endif
363 #ifndef NO_SHA256
364 #define BUILD_TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256
365 #define BUILD_TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256
366 #endif
367 #endif
368 #if !defined(NO_DH)
369 #if !defined(NO_SHA)
370 #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
371 #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
372 #endif
373 #ifndef NO_SHA256
374 #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256
375 #define BUILD_TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256
376 #endif
377 #endif
378 #endif
379 #endif
380
381#if defined(WOLFSSL_STATIC_PSK)
382 #if !defined(NO_PSK) && !defined(NO_AES) && !defined(NO_TLS)
383 #if !defined(NO_SHA)
384 #ifdef WOLFSSL_AES_128
385 #define BUILD_TLS_PSK_WITH_AES_128_CBC_SHA
386 #endif
387 #ifdef WOLFSSL_AES_256
388 #define BUILD_TLS_PSK_WITH_AES_256_CBC_SHA
389 #endif
390 #endif
391 #ifndef NO_SHA256
392 #ifdef WOLFSSL_AES_128
393 #ifdef HAVE_AES_CBC
394 #define BUILD_TLS_PSK_WITH_AES_128_CBC_SHA256
395 #endif
396 #ifdef HAVE_AESGCM
397 #define BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256
398 #endif
399 #endif /* WOLFSSL_AES_128 */
400 #ifdef HAVE_AESCCM
401 #ifdef WOLFSSL_AES_128
402 #define BUILD_TLS_PSK_WITH_AES_128_CCM_8
403 #define BUILD_TLS_PSK_WITH_AES_128_CCM
404 #endif
405 #ifdef WOLFSSL_AES_256
406 #define BUILD_TLS_PSK_WITH_AES_256_CCM_8
407 #define BUILD_TLS_PSK_WITH_AES_256_CCM
408 #endif
409 #endif
410 #endif
411 #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256)
412 #ifdef HAVE_AES_CBC
413 #define BUILD_TLS_PSK_WITH_AES_256_CBC_SHA384
414 #endif
415 #ifdef HAVE_AESGCM
416 #define BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384
417 #endif
418 #endif
419 #endif
420#endif
421
422 #if !defined(NO_TLS) && defined(HAVE_NULL_CIPHER)
423 #if !defined(NO_RSA)
424 #if defined(WOLFSSL_STATIC_RSA)
425 #ifndef NO_MD5
426 #define BUILD_TLS_RSA_WITH_NULL_MD5
427 #endif
428 #if !defined(NO_SHA)
429 #define BUILD_TLS_RSA_WITH_NULL_SHA
430 #endif
431 #ifndef NO_SHA256
432 #define BUILD_TLS_RSA_WITH_NULL_SHA256
433 #endif
434 #endif
435 #endif
436 #if !defined(NO_PSK) && defined(WOLFSSL_STATIC_PSK)
437 #if !defined(NO_SHA)
438 #define BUILD_TLS_PSK_WITH_NULL_SHA
439 #endif
440 #ifndef NO_SHA256
441 #define BUILD_TLS_PSK_WITH_NULL_SHA256
442 #endif
443 #ifdef WOLFSSL_SHA384
444 #define BUILD_TLS_PSK_WITH_NULL_SHA384
445 #endif
446 #endif
447 #endif
448
449#if defined(WOLFSSL_STATIC_RSA)
450 #if !defined(NO_HC128) && !defined(NO_RSA) && !defined(NO_TLS)
451 #ifndef NO_MD5
452 #define BUILD_TLS_RSA_WITH_HC_128_MD5
453 #endif
454 #if !defined(NO_SHA)
455 #define BUILD_TLS_RSA_WITH_HC_128_SHA
456 #endif
457 #endif
458
459 #if !defined(NO_RABBIT) && !defined(NO_TLS) && !defined(NO_RSA)
460 #if !defined(NO_SHA)
461 #define BUILD_TLS_RSA_WITH_RABBIT_SHA
462 #endif
463 #endif
464#endif
465
466 #if !defined(NO_DH) && !defined(NO_AES) && !defined(NO_TLS) && \
467 !defined(NO_RSA)
468
469 #if !defined(NO_SHA)
470 #if defined(WOLFSSL_AES_128) && defined(HAVE_AES_CBC)
471 #define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA
472 #endif
473 #if defined(WOLFSSL_AES_256) && defined(HAVE_AES_CBC)
474 #define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA
475 #endif
476 #if !defined(NO_DES3)
477 #define BUILD_TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
478 #endif
479 #endif
480 #if !defined(NO_SHA256) && defined(HAVE_AES_CBC)
481 #ifdef WOLFSSL_AES_128
482 #define BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
483 #endif
484 #ifdef WOLFSSL_AES_256
485 #define BUILD_TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
486 #endif
487 #endif
488 #endif
489
490 #if defined(HAVE_ANON) && !defined(NO_TLS) && !defined(NO_DH) && \
491 !defined(NO_AES) && !defined(NO_SHA) && defined(WOLFSSL_AES_128)
492 #ifdef HAVE_AES_CBC
493 #define BUILD_TLS_DH_anon_WITH_AES_128_CBC_SHA
494 #endif
495
496 #if defined(WOLFSSL_SHA384) && defined(HAVE_AESGCM)
497 #define BUILD_TLS_DH_anon_WITH_AES_256_GCM_SHA384
498 #endif
499 #endif
500
501 #if !defined(NO_DH) && !defined(NO_PSK) && !defined(NO_TLS)
502 #ifndef NO_SHA256
503 #if !defined(NO_AES) && defined(WOLFSSL_AES_128) && \
504 defined(HAVE_AES_CBC)
505 #define BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
506 #endif
507 #ifdef HAVE_NULL_CIPHER
508 #define BUILD_TLS_DHE_PSK_WITH_NULL_SHA256
509 #endif
510 #endif
511 #ifdef WOLFSSL_SHA384
512 #if !defined(NO_AES) && defined(WOLFSSL_AES_256) && \
513 defined(HAVE_AES_CBC)
514 #define BUILD_TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
515 #endif
516 #ifdef HAVE_NULL_CIPHER
517 #define BUILD_TLS_DHE_PSK_WITH_NULL_SHA384
518 #endif
519 #endif
520 #endif
521
522 #if (defined(HAVE_ECC) || defined(HAVE_CURVE25519) || \
523 defined(HAVE_CURVE448)) && !defined(NO_TLS)
524 #if !defined(NO_AES)
525 #if !defined(NO_SHA) && defined(HAVE_AES_CBC)
526 #if !defined(NO_RSA)
527 #ifdef WOLFSSL_AES_128
528 #define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
529 #endif
530 #ifdef WOLFSSL_AES_256
531 #define BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
532 #endif
533 #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC)
534 #ifdef WOLFSSL_AES_128
535 #define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
536 #endif
537 #ifdef WOLFSSL_AES_256
538 #define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
539 #endif
540 #endif
541 #endif
542
543 #if defined(HAVE_ECC) || \
544 (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \
545 (defined(HAVE_CURVE448) && defined(HAVE_ED448))
546 #ifdef WOLFSSL_AES_128
547 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
548 #endif
549 #ifdef WOLFSSL_AES_256
550 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
551 #endif
552 #endif
553
554 #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC)
555 #ifdef WOLFSSL_AES_128
556 #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA
557 #endif
558 #ifdef WOLFSSL_AES_256
559 #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
560 #endif
561 #endif
562 #endif /* NO_SHA */
563 #if !defined(NO_SHA256) && defined(WOLFSSL_AES_128) && \
564 defined(HAVE_AES_CBC)
565 #if !defined(NO_RSA)
566 #define BUILD_TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
567 #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC)
568 #define BUILD_TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
569 #endif
570 #endif
571 #if defined(HAVE_ECC) || \
572 (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \
573 (defined(HAVE_CURVE448) && defined(HAVE_ED448))
574 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
575 #endif
576 #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC)
577 #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
578 #endif
579 #endif
580
581 #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256) && \
582 defined(HAVE_AES_CBC)
583 #if !defined(NO_RSA)
584 #define BUILD_TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
585 #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC)
586 #define BUILD_TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
587 #endif
588 #endif
589 #if defined(HAVE_ECC) || \
590 (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \
591 (defined(HAVE_CURVE448) && defined(HAVE_ED448))
592 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
593 #endif
594 #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC)
595 #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
596 #endif
597 #endif
598
599 #if defined (HAVE_AESGCM)
600 #if !defined(NO_RSA)
601 #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC)
602 #ifdef WOLFSSL_AES_128
603 #define BUILD_TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
604 #endif
605 #endif
606 #if defined(WOLFSSL_SHA384)
607 #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC)
608 #ifdef WOLFSSL_AES_256
609 #define BUILD_TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
610 #endif
611 #endif
612 #endif
613 #endif
614
615 #if defined(WOLFSSL_STATIC_DH) && defined(WOLFSSL_AES_128) && \
616 defined(HAVE_ECC)
617 #define BUILD_TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
618 #endif
619
620 #if defined(WOLFSSL_SHA384)
621 #if defined(WOLFSSL_STATIC_DH) && \
622 defined(WOLFSSL_AES_256) && defined(HAVE_ECC)
623 #define BUILD_TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
624 #endif
625 #endif
626 #endif
627 #endif /* NO_AES */
628 #if !defined(NO_RC4)
629 #if !defined(NO_SHA)
630 #if !defined(NO_RSA)
631 #ifndef WOLFSSL_AEAD_ONLY
632 #define BUILD_TLS_ECDHE_RSA_WITH_RC4_128_SHA
633 #endif
634 #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC)
635 #define BUILD_TLS_ECDH_RSA_WITH_RC4_128_SHA
636 #endif
637 #endif
638
639 #if defined(HAVE_ECC) || \
640 (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \
641 (defined(HAVE_CURVE448) && defined(HAVE_ED448))
642 #ifndef WOLFSSL_AEAD_ONLY
643 #define BUILD_TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
644 #endif
645 #endif
646 #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC)
647 #define BUILD_TLS_ECDH_ECDSA_WITH_RC4_128_SHA
648 #endif
649 #endif
650 #endif
651 #if !defined(NO_DES3)
652 #ifndef NO_SHA
653 #if !defined(NO_RSA)
654 #define BUILD_TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
655 #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC)
656 #define BUILD_TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
657 #endif
658 #endif
659
660 #if defined(HAVE_ECC) || \
661 (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \
662 (defined(HAVE_CURVE448) && defined(HAVE_ED448))
663 #define BUILD_TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
664 #endif
665 #if defined(WOLFSSL_STATIC_DH) && defined(HAVE_ECC)
666 #define BUILD_TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
667 #endif
668 #endif /* NO_SHA */
669 #endif
670 #if defined(HAVE_NULL_CIPHER)
671 #if !defined(NO_SHA)
672 #if defined(HAVE_ECC) || \
673 (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \
674 (defined(HAVE_CURVE448) && defined(HAVE_ED448))
675 #define BUILD_TLS_ECDHE_ECDSA_WITH_NULL_SHA
676 #endif
677 #endif
678 #if !defined(NO_PSK) && !defined(NO_SHA256)
679 #define BUILD_TLS_ECDHE_PSK_WITH_NULL_SHA256
680 #endif
681 #endif
682 #if !defined(NO_PSK) && !defined(NO_SHA256) && !defined(NO_AES) && \
683 defined(WOLFSSL_AES_128) && defined(HAVE_AES_CBC)
684 #define BUILD_TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256
685 #endif
686 #endif
687 #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && !defined(NO_SHA256)
688 #if !defined(NO_OLD_POLY1305)
689 #if defined(HAVE_ECC) || \
690 (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \
691 (defined(HAVE_CURVE448) && defined(HAVE_ED448))
692 #define BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256
693 #endif
694 #if !defined(NO_RSA) && defined(HAVE_ECC)
695 #define BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256
696 #endif
697 #if !defined(NO_DH) && !defined(NO_RSA)
698 #define BUILD_TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256
699 #endif
700 #endif /* NO_OLD_POLY1305 */
701 #if !defined(NO_PSK)
702 #define BUILD_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256
703 #if defined(HAVE_ECC) || defined(HAVE_ED25519) || \
704 defined(HAVE_ED448)
705 #define BUILD_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256
706 #endif
707 #ifndef NO_DH
708 #define BUILD_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256
709 #endif
710 #endif /* !NO_PSK */
711 #endif
712
713#endif /* !WOLFSSL_MAX_STRENGTH */
714
715#if !defined(NO_DH) && !defined(NO_AES) && !defined(NO_TLS) && \
716 !defined(NO_RSA) && defined(HAVE_AESGCM)
717
718 #if !defined(NO_SHA256) && defined(WOLFSSL_AES_128)
719 #define BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
720 #endif
721
722 #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256)
723 #define BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
724 #endif
725#endif
726
727#if !defined(NO_DH) && !defined(NO_PSK) && !defined(NO_TLS)
728 #ifndef NO_SHA256
729 #if defined(HAVE_AESGCM) && defined(WOLFSSL_AES_128)
730 #define BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
731 #endif
732 #ifdef HAVE_AESCCM
733 #ifdef WOLFSSL_AES_128
734 #define BUILD_TLS_DHE_PSK_WITH_AES_128_CCM
735 #endif
736 #ifdef WOLFSSL_AES_256
737 #define BUILD_TLS_DHE_PSK_WITH_AES_256_CCM
738 #endif
739 #endif
740 #endif
741 #if defined(WOLFSSL_SHA384) && defined(HAVE_AESGCM) && \
742 defined(WOLFSSL_AES_256)
743 #define BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
744 #endif
745#endif
746
747#if (defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448)) \
748 && !defined(NO_TLS) && !defined(NO_AES)
749 #ifdef HAVE_AESGCM
750 #if !defined(NO_SHA256) && defined(WOLFSSL_AES_128)
751 #if defined(HAVE_ECC) || \
752 (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \
753 (defined(HAVE_CURVE448) && defined(HAVE_ED448))
754 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
755 #endif
756 #ifndef NO_RSA
757 #define BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
758 #endif
759 #endif
760 #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256)
761 #if defined(HAVE_ECC) || \
762 (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \
763 (defined(HAVE_CURVE448) && defined(HAVE_ED448))
764 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
765 #endif
766 #ifndef NO_RSA
767 #define BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
768 #endif
769 #endif
770 #endif
771 #if defined(HAVE_AESCCM) && !defined(NO_SHA256)
772 #if defined(HAVE_ECC) || \
773 (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \
774 (defined(HAVE_CURVE448) && defined(HAVE_ED448))
775 #ifdef WOLFSSL_AES_128
776 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM
777 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8
778 #endif
779 #ifdef WOLFSSL_AES_256
780 #define BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8
781 #endif
782 #endif
783 #endif
784#endif
785
786#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && !defined(NO_SHA256)
787 #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448)
788 #if defined(HAVE_ECC) || \
789 (defined(HAVE_CURVE25519) && defined(HAVE_ED25519)) || \
790 (defined(HAVE_CURVE448) && defined(HAVE_ED448))
791 #define BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
792 #endif
793 #ifndef NO_RSA
794 #define BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
795 #endif
796 #endif
797 #if !defined(NO_DH) && !defined(NO_RSA)
798 #define BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256
799 #endif
800#endif
801
802#endif
803
804#if defined(WOLFSSL_TLS13)
805 #ifdef HAVE_AESGCM
806 #if !defined(NO_SHA256) && defined(WOLFSSL_AES_128)
807 #define BUILD_TLS_AES_128_GCM_SHA256
808 #endif
809 #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256)
810 #define BUILD_TLS_AES_256_GCM_SHA384
811 #endif
812 #endif
813
814 #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305)
815 #ifndef NO_SHA256
816 #define BUILD_TLS_CHACHA20_POLY1305_SHA256
817 #endif
818 #endif
819
820 #ifdef HAVE_AESCCM
821 #if !defined(NO_SHA256) && defined(WOLFSSL_AES_128)
822 #define BUILD_TLS_AES_128_CCM_SHA256
823 #define BUILD_TLS_AES_128_CCM_8_SHA256
824 #endif
825 #endif
826 #ifdef HAVE_NULL_CIPHER
827 #ifndef NO_SHA256
828 #define BUILD_TLS_SHA256_SHA256
829 #endif
830 #ifdef WOLFSSL_SHA384
831 #define BUILD_TLS_SHA384_SHA384
832 #endif
833 #endif
834#endif
835
836#ifdef WOLFSSL_MULTICAST
837 #if defined(HAVE_NULL_CIPHER) && !defined(NO_SHA256)
838 #define BUILD_WDM_WITH_NULL_SHA256
839 #endif
840#endif
841
842#if defined(BUILD_SSL_RSA_WITH_RC4_128_SHA) || \
843 defined(BUILD_SSL_RSA_WITH_RC4_128_MD5)
844 #define BUILD_ARC4
845#endif
846
847#if defined(BUILD_SSL_RSA_WITH_3DES_EDE_CBC_SHA)
848 #define BUILD_DES3
849#endif
850
851#if defined(BUILD_TLS_RSA_WITH_AES_128_CBC_SHA) || \
852 defined(BUILD_TLS_RSA_WITH_AES_256_CBC_SHA) || \
853 defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256) || \
854 defined(BUILD_TLS_DHE_PSK_WITH_AES_128_CBC_SHA256)
855 #undef BUILD_AES
856 #define BUILD_AES
857#endif
858
859#if defined(BUILD_TLS_RSA_WITH_AES_128_GCM_SHA256) || \
860 defined(BUILD_TLS_DHE_RSA_WITH_AES_128_GCM_SHA256) || \
861 defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) || \
862 defined(BUILD_TLS_PSK_WITH_AES_128_GCM_SHA256) || \
863 defined(BUILD_TLS_DHE_PSK_WITH_AES_128_GCM_SHA256) || \
864 defined(BUILD_TLS_RSA_WITH_AES_256_GCM_SHA384) || \
865 defined(BUILD_TLS_DHE_RSA_WITH_AES_256_GCM_SHA384) || \
866 defined(BUILD_TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384) || \
867 defined(BUILD_TLS_PSK_WITH_AES_256_GCM_SHA384) || \
868 defined(BUILD_TLS_DHE_PSK_WITH_AES_256_GCM_SHA384) || \
869 defined(BUILD_TLS_AES_128_GCM_SHA256) || \
870 defined(BUILD_TLS_AES_256_GCM_SHA384)
871 #define BUILD_AESGCM
872#else
873 /* No AES-GCM cipher suites available with build */
874 #define NO_AESGCM_AEAD
875#endif
876
877#if defined(BUILD_TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256) || \
878 defined(BUILD_TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256) || \
879 defined(BUILD_TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256) || \
880 defined(BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256) || \
881 defined(BUILD_TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256) || \
882 defined(BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256) || \
883 defined(BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256) || \
884 defined(BUILD_TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256) || \
885 defined(BUILD_TLS_PSK_WITH_CHACHA20_POLY1305_SHA256) || \
886 defined(BUILD_TLS_CHACHA20_POLY1305_SHA256)
887 /* Have an available ChaCha Poly cipher suite */
888#else
889 /* No ChaCha Poly cipher suites available with build */
890 #define NO_CHAPOL_AEAD
891#endif
892
893#if defined(BUILD_TLS_RSA_WITH_HC_128_SHA) || \
894 defined(BUILD_TLS_RSA_WITH_HC_128_MD5)
895 #define BUILD_HC128
896#endif
897
898#if defined(BUILD_TLS_RSA_WITH_RABBIT_SHA)
899 #define BUILD_RABBIT
900#endif
901
902#ifdef NO_DES3
903 #define DES_BLOCK_SIZE 8
904#else
905 #undef BUILD_DES3
906 #define BUILD_DES3
907#endif
908
909#if defined(NO_AES) || defined(NO_AES_DECRYPT)
910 #define AES_BLOCK_SIZE 16
911 #undef BUILD_AES
912#else
913 #undef BUILD_AES
914 #define BUILD_AES
915#endif
916
917#ifndef NO_RC4
918 #undef BUILD_ARC4
919 #define BUILD_ARC4
920#endif
921
922#ifdef HAVE_CHACHA
923 #define CHACHA20_BLOCK_SIZE 16
924#endif
925
926#if defined(WOLFSSL_MAX_STRENGTH) || \
927 (defined(HAVE_AESGCM) && !defined(NO_AESGCM_AEAD)) || \
928 defined(HAVE_AESCCM) || \
929 (defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && \
930 !defined(NO_CHAPOL_AEAD)) || \
931 (defined(WOLFSSL_TLS13) && defined(HAVE_NULL_CIPHER))
932
933 #define HAVE_AEAD
934#endif
935
936#if defined(WOLFSSL_MAX_STRENGTH) || \
937 defined(HAVE_ECC) || !defined(NO_DH)
938
939 #define HAVE_PFS
940#endif
941
942#if defined(BUILD_SSL_RSA_WITH_IDEA_CBC_SHA)
943 #define BUILD_IDEA
944#endif
945
946/* actual cipher values, 2nd byte */
947enum {
948 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x16,
949 TLS_DHE_RSA_WITH_AES_256_CBC_SHA = 0x39,
950 TLS_DHE_RSA_WITH_AES_128_CBC_SHA = 0x33,
951 TLS_DH_anon_WITH_AES_128_CBC_SHA = 0x34,
952 TLS_RSA_WITH_AES_256_CBC_SHA = 0x35,
953 TLS_RSA_WITH_AES_128_CBC_SHA = 0x2F,
954 TLS_RSA_WITH_NULL_MD5 = 0x01,
955 TLS_RSA_WITH_NULL_SHA = 0x02,
956 TLS_PSK_WITH_AES_256_CBC_SHA = 0x8d,
957 TLS_PSK_WITH_AES_128_CBC_SHA256 = 0xae,
958 TLS_PSK_WITH_AES_256_CBC_SHA384 = 0xaf,
959 TLS_PSK_WITH_AES_128_CBC_SHA = 0x8c,
960 TLS_PSK_WITH_NULL_SHA256 = 0xb0,
961 TLS_PSK_WITH_NULL_SHA384 = 0xb1,
962 TLS_PSK_WITH_NULL_SHA = 0x2c,
963 SSL_RSA_WITH_RC4_128_SHA = 0x05,
964 SSL_RSA_WITH_RC4_128_MD5 = 0x04,
965 SSL_RSA_WITH_3DES_EDE_CBC_SHA = 0x0A,
966 SSL_RSA_WITH_IDEA_CBC_SHA = 0x07,
967
968 /* ECC suites, first byte is 0xC0 (ECC_BYTE) */
969 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA = 0x14,
970 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA = 0x13,
971 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA = 0x0A,
972 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA = 0x09,
973 TLS_ECDHE_RSA_WITH_RC4_128_SHA = 0x11,
974 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA = 0x07,
975 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA = 0x12,
976 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA = 0x08,
977 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 = 0x27,
978 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 = 0x23,
979 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 = 0x28,
980 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 = 0x24,
981 TLS_ECDHE_ECDSA_WITH_NULL_SHA = 0x06,
982 TLS_ECDHE_PSK_WITH_NULL_SHA256 = 0x3a,
983 TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 = 0x37,
984
985 /* static ECDH, first byte is 0xC0 (ECC_BYTE) */
986 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA = 0x0F,
987 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA = 0x0E,
988 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA = 0x05,
989 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA = 0x04,
990 TLS_ECDH_RSA_WITH_RC4_128_SHA = 0x0C,
991 TLS_ECDH_ECDSA_WITH_RC4_128_SHA = 0x02,
992 TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA = 0x0D,
993 TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA = 0x03,
994 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 = 0x29,
995 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 = 0x25,
996 TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 = 0x2A,
997 TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 = 0x26,
998
999 /* wolfSSL extension - eSTREAM */
1000 TLS_RSA_WITH_HC_128_MD5 = 0xFB,
1001 TLS_RSA_WITH_HC_128_SHA = 0xFC,
1002 TLS_RSA_WITH_RABBIT_SHA = 0xFD,
1003 WDM_WITH_NULL_SHA256 = 0xFE, /* wolfSSL DTLS Multicast */
1004
1005 /* wolfSSL extension - NTRU */
1006 TLS_NTRU_RSA_WITH_RC4_128_SHA = 0xe5,
1007 TLS_NTRU_RSA_WITH_3DES_EDE_CBC_SHA = 0xe6,
1008 TLS_NTRU_RSA_WITH_AES_128_CBC_SHA = 0xe7, /* clashes w/official SHA-256 */
1009 TLS_NTRU_RSA_WITH_AES_256_CBC_SHA = 0xe8,
1010
1011 /* wolfSSL extension - NTRU , Quantum-safe Handshake
1012 first byte is 0xD0 (QSH_BYTE) */
1013 TLS_QSH = 0x01,
1014
1015 /* SHA256 */
1016 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 = 0x6b,
1017 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 = 0x67,
1018 TLS_RSA_WITH_AES_256_CBC_SHA256 = 0x3d,
1019 TLS_RSA_WITH_AES_128_CBC_SHA256 = 0x3c,
1020 TLS_RSA_WITH_NULL_SHA256 = 0x3b,
1021 TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 = 0xb2,
1022 TLS_DHE_PSK_WITH_NULL_SHA256 = 0xb4,
1023
1024 /* SHA384 */
1025 TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 = 0xb3,
1026 TLS_DHE_PSK_WITH_NULL_SHA384 = 0xb5,
1027
1028 /* AES-GCM */
1029 TLS_RSA_WITH_AES_128_GCM_SHA256 = 0x9c,
1030 TLS_RSA_WITH_AES_256_GCM_SHA384 = 0x9d,
1031 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 = 0x9e,
1032 TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = 0x9f,
1033 TLS_DH_anon_WITH_AES_256_GCM_SHA384 = 0xa7,
1034 TLS_PSK_WITH_AES_128_GCM_SHA256 = 0xa8,
1035 TLS_PSK_WITH_AES_256_GCM_SHA384 = 0xa9,
1036 TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 = 0xaa,
1037 TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 = 0xab,
1038
1039 /* ECC AES-GCM, first byte is 0xC0 (ECC_BYTE) */
1040 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 = 0x2b,
1041 TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 = 0x2c,
1042 TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 = 0x2d,
1043 TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 = 0x2e,
1044 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 = 0x2f,
1045 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 = 0x30,
1046 TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 = 0x31,
1047 TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 = 0x32,
1048
1049 /* AES-CCM, first byte is 0xC0 but isn't ECC,
1050 * also, in some of the other AES-CCM suites
1051 * there will be second byte number conflicts
1052 * with non-ECC AES-GCM */
1053 TLS_RSA_WITH_AES_128_CCM_8 = 0xa0,
1054 TLS_RSA_WITH_AES_256_CCM_8 = 0xa1,
1055 TLS_ECDHE_ECDSA_WITH_AES_128_CCM = 0xac,
1056 TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 = 0xae,
1057 TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 = 0xaf,
1058 TLS_PSK_WITH_AES_128_CCM = 0xa4,
1059 TLS_PSK_WITH_AES_256_CCM = 0xa5,
1060 TLS_PSK_WITH_AES_128_CCM_8 = 0xa8,
1061 TLS_PSK_WITH_AES_256_CCM_8 = 0xa9,
1062 TLS_DHE_PSK_WITH_AES_128_CCM = 0xa6,
1063 TLS_DHE_PSK_WITH_AES_256_CCM = 0xa7,
1064
1065 /* Camellia */
1066 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x41,
1067 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x84,
1068 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xba,
1069 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0xc0,
1070 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA = 0x45,
1071 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA = 0x88,
1072 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 = 0xbe,
1073 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 = 0xc4,
1074
1075 /* chacha20-poly1305 suites first byte is 0xCC (CHACHA_BYTE) */
1076 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0xa8,
1077 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 = 0xa9,
1078 TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 = 0xaa,
1079 TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 = 0xac,
1080 TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 = 0xab,
1081 TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 = 0xad,
1082
1083 /* chacha20-poly1305 earlier version of nonce and padding (CHACHA_BYTE) */
1084 TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 = 0x13,
1085 TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256 = 0x14,
1086 TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 = 0x15,
1087
1088 /* TLS v1.3 cipher suites */
1089 TLS_AES_128_GCM_SHA256 = 0x01,
1090 TLS_AES_256_GCM_SHA384 = 0x02,
1091 TLS_CHACHA20_POLY1305_SHA256 = 0x03,
1092 TLS_AES_128_CCM_SHA256 = 0x04,
1093 TLS_AES_128_CCM_8_SHA256 = 0x05,
1094
1095 /* TLS v1.3 Integity only cipher suites - 0xC0 (ECC) first byte */
1096 TLS_SHA256_SHA256 = 0xB4,
1097 TLS_SHA384_SHA384 = 0xB5,
1098
1099 /* Fallback SCSV (Signaling Cipher Suite Value) */
1100 TLS_FALLBACK_SCSV = 0x56,
1101 /* Renegotiation Indication Extension Special Suite */
1102 TLS_EMPTY_RENEGOTIATION_INFO_SCSV = 0xff
1103};
1104
1105
1106#ifndef WOLFSSL_SESSION_TIMEOUT
1107 #define WOLFSSL_SESSION_TIMEOUT 500
1108 /* default session resumption cache timeout in seconds */
1109#endif
1110
1111
1112#ifndef WOLFSSL_DTLS_WINDOW_WORDS
1113 #define WOLFSSL_DTLS_WINDOW_WORDS 2
1114#endif /* WOLFSSL_DTLS_WINDOW_WORDS */
1115#define DTLS_WORD_BITS (sizeof(word32) * CHAR_BIT)
1116#define DTLS_SEQ_BITS (WOLFSSL_DTLS_WINDOW_WORDS * DTLS_WORD_BITS)
1117#define DTLS_SEQ_SZ (sizeof(word32) * WOLFSSL_DTLS_WINDOW_WORDS)
1118
1119#ifndef WOLFSSL_MULTICAST
1120 #define WOLFSSL_DTLS_PEERSEQ_SZ 1
1121#else
1122 #ifndef WOLFSSL_MULTICAST_PEERS
1123 /* max allowed multicast group peers */
1124 #define WOLFSSL_MULTICAST_PEERS 100
1125 #endif
1126 #define WOLFSSL_DTLS_PEERSEQ_SZ WOLFSSL_MULTICAST_PEERS
1127#endif /* WOLFSSL_MULTICAST */
1128
1129#ifndef WOLFSSL_MAX_MTU
1130 #define WOLFSSL_MAX_MTU 1500
1131#endif /* WOLFSSL_MAX_MTU */
1132
1133
1134/* set minimum DH key size allowed */
1135#ifndef WOLFSSL_MIN_DHKEY_BITS
1136 #ifdef WOLFSSL_MAX_STRENGTH
1137 #define WOLFSSL_MIN_DHKEY_BITS 2048
1138 #else
1139 #define WOLFSSL_MIN_DHKEY_BITS 1024
1140 #endif
1141#endif
1142#if (WOLFSSL_MIN_DHKEY_BITS % 8)
1143 #error DH minimum bit size must be multiple of 8
1144#endif
1145#if (WOLFSSL_MIN_DHKEY_BITS > 16000)
1146 #error DH minimum bit size must not be greater than 16000
1147#endif
1148#define MIN_DHKEY_SZ (WOLFSSL_MIN_DHKEY_BITS / 8)
1149/* set maximum DH key size allowed */
1150#ifndef WOLFSSL_MAX_DHKEY_BITS
1151 #if (defined(USE_FAST_MATH) && defined(FP_MAX_BITS) && FP_MAX_BITS >= 16384)
1152 #define WOLFSSL_MAX_DHKEY_BITS 8192
1153 #else
1154 #define WOLFSSL_MAX_DHKEY_BITS 4096
1155 #endif
1156#endif
1157#if (WOLFSSL_MAX_DHKEY_BITS % 8)
1158 #error DH maximum bit size must be multiple of 8
1159#endif
1160#if (WOLFSSL_MAX_DHKEY_BITS > 16000)
1161 #error DH maximum bit size must not be greater than 16000
1162#endif
1163#define MAX_DHKEY_SZ (WOLFSSL_MAX_DHKEY_BITS / 8)
1164
1165#ifndef MAX_PSK_ID_LEN
1166 /* max psk identity/hint supported */
1167 #if defined(WOLFSSL_TLS13)
1168 #define MAX_PSK_ID_LEN 256
1169 #else
1170 #define MAX_PSK_ID_LEN 128
1171 #endif
1172#endif
1173
1174#ifndef MAX_EARLY_DATA_SZ
1175 /* maximum early data size */
1176 #define MAX_EARLY_DATA_SZ 4096
1177#endif
1178
1179enum Misc {
1180 CIPHER_BYTE = 0x00, /* Default ciphers */
1181 ECC_BYTE = 0xC0, /* ECC first cipher suite byte */
1182 QSH_BYTE = 0xD0, /* Quantum-safe Handshake cipher suite */
1183 CHACHA_BYTE = 0xCC, /* ChaCha first cipher suite */
1184 TLS13_BYTE = 0x13, /* TLS v1.3 first byte of cipher suite */
1185
1186 SEND_CERT = 1,
1187 SEND_BLANK_CERT = 2,
1188
1189 DTLS_MAJOR = 0xfe, /* DTLS major version number */
1190 DTLS_MINOR = 0xff, /* DTLS minor version number */
1191 DTLSv1_2_MINOR = 0xfd, /* DTLS minor version number */
1192 SSLv3_MAJOR = 3, /* SSLv3 and TLSv1+ major version number */
1193 SSLv3_MINOR = 0, /* TLSv1 minor version number */
1194 TLSv1_MINOR = 1, /* TLSv1 minor version number */
1195 TLSv1_1_MINOR = 2, /* TLSv1_1 minor version number */
1196 TLSv1_2_MINOR = 3, /* TLSv1_2 minor version number */
1197 TLSv1_3_MINOR = 4, /* TLSv1_3 minor version number */
1198 TLS_DRAFT_MAJOR = 0x7f, /* Draft TLS major version number */
1199#ifdef WOLFSSL_TLS13_DRAFT
1200#ifdef WOLFSSL_TLS13_DRAFT_18
1201 TLS_DRAFT_MINOR = 0x12, /* Minor version number of TLS draft */
1202#elif defined(WOLFSSL_TLS13_DRAFT_22)
1203 TLS_DRAFT_MINOR = 0x16, /* Minor version number of TLS draft */
1204#elif defined(WOLFSSL_TLS13_DRAFT_23)
1205 TLS_DRAFT_MINOR = 0x17, /* Minor version number of TLS draft */
1206#elif defined(WOLFSSL_TLS13_DRAFT_26)
1207 TLS_DRAFT_MINOR = 0x1a, /* Minor version number of TLS draft */
1208#else
1209 TLS_DRAFT_MINOR = 0x1c, /* Minor version number of TLS draft */
1210#endif
1211#endif
1212 OLD_HELLO_ID = 0x01, /* SSLv2 Client Hello Indicator */
1213 INVALID_BYTE = 0xff, /* Used to initialize cipher specs values */
1214 NO_COMPRESSION = 0,
1215 ZLIB_COMPRESSION = 221, /* wolfSSL zlib compression */
1216 HELLO_EXT_SIG_ALGO = 13, /* ID for the sig_algo hello extension */
1217 HELLO_EXT_EXTMS = 0x0017, /* ID for the extended master secret ext */
1218 SECRET_LEN = WOLFSSL_MAX_MASTER_KEY_LENGTH,
1219 /* pre RSA and all master */
1220#if defined(WOLFSSL_MYSQL_COMPATIBLE) || \
1221 (defined(USE_FAST_MATH) && defined(FP_MAX_BITS) && FP_MAX_BITS > 8192)
1222#ifndef NO_PSK
1223 ENCRYPT_LEN = 1024 + MAX_PSK_ID_LEN + 2, /* 8192 bit static buffer */
1224#else
1225 ENCRYPT_LEN = 1024, /* allow 8192 bit static buffer */
1226#endif
1227#else
1228#ifndef NO_PSK
1229 ENCRYPT_LEN = 512 + MAX_PSK_ID_LEN + 2, /* 4096 bit static buffer */
1230#else
1231 ENCRYPT_LEN = 512, /* allow 4096 bit static buffer */
1232#endif
1233#endif
1234 SIZEOF_SENDER = 4, /* clnt or srvr */
1235 FINISHED_SZ = 36, /* WC_MD5_DIGEST_SIZE + WC_SHA_DIGEST_SIZE */
1236 MAX_RECORD_SIZE = 16384, /* 2^14, max size by standard */
1237 MAX_PLAINTEXT_SZ = (1 << 14), /* Max plaintext sz */
1238 MAX_TLS_CIPHER_SZ = (1 << 14) + 2048, /* Max TLS encrypted data sz */
1239#ifdef WOLFSSL_TLS13
1240 MAX_TLS13_PLAIN_SZ = (1 << 14) + 1, /* Max unencrypted data sz */
1241 MAX_TLS13_ENC_SZ = (1 << 14) + 256, /* Max encrypted data sz */
1242#endif
1243 MAX_MSG_EXTRA = 38 + WC_MAX_DIGEST_SIZE,
1244 /* max added to msg, mac + pad from */
1245 /* RECORD_HEADER_SZ + BLOCK_SZ (pad) + Max
1246 digest sz + BLOC_SZ (iv) + pad byte (1) */
1247 MAX_COMP_EXTRA = 1024, /* max compression extra */
1248 MAX_MTU = WOLFSSL_MAX_MTU, /* max expected MTU */
1249 MAX_UDP_SIZE = 8192 - 100, /* was MAX_MTU - 100 */
1250 MAX_DH_SZ = (MAX_DHKEY_SZ * 3) + 12, /* DH_P, DH_G and DH_Pub */
1251 /* 4096 p, pub, g + 2 byte size for each */
1252 MAX_STR_VERSION = 8, /* string rep of protocol version */
1253
1254 PAD_MD5 = 48, /* pad length for finished */
1255 PAD_SHA = 40, /* pad length for finished */
1256 MAX_PAD_SIZE = 256, /* maximum length of padding */
1257
1258 LENGTH_SZ = 2, /* length field for HMAC, data only */
1259 VERSION_SZ = 2, /* length of proctocol version */
1260 SEQ_SZ = 8, /* 64 bit sequence number */
1261 ALERT_SIZE = 2, /* level + description */
1262 VERIFY_HEADER = 2, /* always use 2 bytes */
1263 EXTS_SZ = 2, /* always use 2 bytes */
1264 EXT_ID_SZ = 2, /* always use 2 bytes */
1265 MAX_DH_SIZE = MAX_DHKEY_SZ+1,
1266 /* Max size plus possible leading 0 */
1267 NAMED_DH_MASK = 0x100, /* Named group mask for DH parameters */
1268 MIN_FFHDE_GROUP = 0x100, /* Named group minimum for FFDHE parameters */
1269 MAX_FFHDE_GROUP = 0x1FF, /* Named group maximum for FFDHE parameters */
1270 SESSION_HINT_SZ = 4, /* session timeout hint */
1271 SESSION_ADD_SZ = 4, /* session age add */
1272 TICKET_NONCE_LEN_SZ = 1, /* Ticket nonce length size */
1273 DEF_TICKET_NONCE_SZ = 1, /* Default ticket nonce size */
1274 MAX_TICKET_NONCE_SZ = 8, /* maximum ticket nonce size */
1275 MAX_LIFETIME = 604800, /* maximum ticket lifetime */
1276
1277 RAN_LEN = 32, /* random length */
1278 SEED_LEN = RAN_LEN * 2, /* tls prf seed length */
1279 ID_LEN = 32, /* session id length */
1280 COOKIE_SECRET_SZ = 14, /* dtls cookie secret size */
1281 MAX_COOKIE_LEN = 32, /* max dtls cookie size */
1282 COOKIE_SZ = 20, /* use a 20 byte cookie */
1283 SUITE_LEN = 2, /* cipher suite sz length */
1284 ENUM_LEN = 1, /* always a byte */
1285 OPAQUE8_LEN = 1, /* 1 byte */
1286 OPAQUE16_LEN = 2, /* 2 bytes */
1287 OPAQUE24_LEN = 3, /* 3 bytes */
1288 OPAQUE32_LEN = 4, /* 4 bytes */
1289 OPAQUE64_LEN = 8, /* 8 bytes */
1290 COMP_LEN = 1, /* compression length */
1291 CURVE_LEN = 2, /* ecc named curve length */
1292 KE_GROUP_LEN = 2, /* key exchange group length */
1293 SERVER_ID_LEN = 20, /* server session id length */
1294
1295 HANDSHAKE_HEADER_SZ = 4, /* type + length(3) */
1296 RECORD_HEADER_SZ = 5, /* type + version + len(2) */
1297 CERT_HEADER_SZ = 3, /* always 3 bytes */
1298 REQ_HEADER_SZ = 2, /* cert request header sz */
1299 HINT_LEN_SZ = 2, /* length of hint size field */
1300 TRUNCATED_HMAC_SZ = 10, /* length of hmac w/ truncated hmac extension */
1301 HELLO_EXT_SZ = 4, /* base length of a hello extension */
1302 HELLO_EXT_TYPE_SZ = 2, /* length of a hello extension type */
1303 HELLO_EXT_SZ_SZ = 2, /* length of a hello extension size */
1304 HELLO_EXT_SIGALGO_SZ = 2, /* length of number of items in sigalgo list */
1305
1306 DTLS_HANDSHAKE_HEADER_SZ = 12, /* normal + seq(2) + offset(3) + length(3) */
1307 DTLS_RECORD_HEADER_SZ = 13, /* normal + epoch(2) + seq_num(6) */
1308 DTLS_HANDSHAKE_EXTRA = 8, /* diff from normal */
1309 DTLS_RECORD_EXTRA = 8, /* diff from normal */
1310 DTLS_HANDSHAKE_SEQ_SZ = 2, /* handshake header sequence number */
1311 DTLS_HANDSHAKE_FRAG_SZ = 3, /* fragment offset and length are 24 bit */
1312 DTLS_POOL_SZ = 255,/* allowed number of list items in TX pool */
1313 DTLS_EXPORT_PRO = 165,/* wolfSSL protocol for serialized session */
1314 DTLS_EXPORT_STATE_PRO = 166,/* wolfSSL protocol for serialized state */
1315 DTLS_EXPORT_VERSION = 4, /* wolfSSL version for serialized session */
1316 DTLS_EXPORT_OPT_SZ = 60, /* amount of bytes used from Options */
1317 DTLS_EXPORT_VERSION_3 = 3, /* wolfSSL version before TLS 1.3 addition */
1318 DTLS_EXPORT_OPT_SZ_3 = 59, /* amount of bytes used from Options */
1319 DTLS_EXPORT_KEY_SZ = 325 + (DTLS_SEQ_SZ * 2),
1320 /* max amount of bytes used from Keys */
1321 DTLS_EXPORT_MIN_KEY_SZ = 85 + (DTLS_SEQ_SZ * 2),
1322 /* min amount of bytes used from Keys */
1323 DTLS_EXPORT_SPC_SZ = 16, /* amount of bytes used from CipherSpecs */
1324 DTLS_EXPORT_LEN = 2, /* 2 bytes for length and protocol */
1325 DTLS_EXPORT_IP = 46, /* max ip size IPv4 mapped IPv6 */
1326 MAX_EXPORT_BUFFER = 514, /* max size of buffer for exporting */
1327 MAX_EXPORT_STATE_BUFFER = (DTLS_EXPORT_MIN_KEY_SZ) + (3 * DTLS_EXPORT_LEN),
1328 /* max size of buffer for exporting state */
1329 FINISHED_LABEL_SZ = 15, /* TLS finished label size */
1330 TLS_FINISHED_SZ = 12, /* TLS has a shorter size */
1331 EXT_MASTER_LABEL_SZ = 22, /* TLS extended master secret label sz */
1332 MASTER_LABEL_SZ = 13, /* TLS master secret label sz */
1333 KEY_LABEL_SZ = 13, /* TLS key block expansion sz */
1334 PROTOCOL_LABEL_SZ = 9, /* Length of the protocol label */
1335 MAX_LABEL_SZ = 34, /* Maximum length of a label */
1336 MAX_HKDF_LABEL_SZ = OPAQUE16_LEN +
1337 OPAQUE8_LEN + PROTOCOL_LABEL_SZ + MAX_LABEL_SZ +
1338 OPAQUE8_LEN + WC_MAX_DIGEST_SIZE,
1339 MAX_REQUEST_SZ = 256, /* Maximum cert req len (no auth yet */
1340 SESSION_FLUSH_COUNT = 256, /* Flush session cache unless user turns off */
1341 TLS_MAX_PAD_SZ = 255, /* Max padding in TLS */
1342
1343#if defined(HAVE_FIPS) && \
1344 (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 2))
1345 MAX_SYM_KEY_SIZE = AES_256_KEY_SIZE,
1346#else
1347 MAX_SYM_KEY_SIZE = WC_MAX_SYM_KEY_SIZE,
1348#endif
1349
1350#ifdef HAVE_SELFTEST
1351 #ifndef WOLFSSL_AES_KEY_SIZE_ENUM
1352 #define WOLFSSL_AES_KEY_SIZE_ENUM
1353 AES_IV_SIZE = 16,
1354 AES_128_KEY_SIZE = 16,
1355 AES_192_KEY_SIZE = 24,
1356 AES_256_KEY_SIZE = 32,
1357 #endif
1358#endif
1359
1360 MAX_IV_SZ = AES_BLOCK_SIZE,
1361
1362 AEAD_SEQ_OFFSET = 4, /* Auth Data: Sequence number */
1363 AEAD_TYPE_OFFSET = 8, /* Auth Data: Type */
1364 AEAD_VMAJ_OFFSET = 9, /* Auth Data: Major Version */
1365 AEAD_VMIN_OFFSET = 10, /* Auth Data: Minor Version */
1366 AEAD_LEN_OFFSET = 11, /* Auth Data: Length */
1367 AEAD_AUTH_DATA_SZ = 13, /* Size of the data to authenticate */
1368 AEAD_NONCE_SZ = 12,
1369 AESGCM_IMP_IV_SZ = 4, /* Size of GCM/CCM AEAD implicit IV */
1370 AESGCM_EXP_IV_SZ = 8, /* Size of GCM/CCM AEAD explicit IV */
1371 AESGCM_NONCE_SZ = AESGCM_EXP_IV_SZ + AESGCM_IMP_IV_SZ,
1372
1373 CHACHA20_IMP_IV_SZ = 12, /* Size of ChaCha20 AEAD implicit IV */
1374 CHACHA20_NONCE_SZ = 12, /* Size of ChacCha20 nonce */
1375 CHACHA20_OLD_OFFSET = 4, /* Offset for seq # in old poly1305 */
1376
1377 /* For any new implicit/explicit IV size adjust AEAD_MAX_***_SZ */
1378
1379 AES_GCM_AUTH_SZ = 16, /* AES-GCM Auth Tag length */
1380 AES_CCM_16_AUTH_SZ = 16, /* AES-CCM-16 Auth Tag length */
1381 AES_CCM_8_AUTH_SZ = 8, /* AES-CCM-8 Auth Tag Length */
1382 AESCCM_NONCE_SZ = 12,
1383
1384 CAMELLIA_128_KEY_SIZE = 16, /* for 128 bit */
1385 CAMELLIA_192_KEY_SIZE = 24, /* for 192 bit */
1386 CAMELLIA_256_KEY_SIZE = 32, /* for 256 bit */
1387 CAMELLIA_IV_SIZE = 16, /* always block size */
1388
1389 CHACHA20_256_KEY_SIZE = 32, /* for 256 bit */
1390 CHACHA20_128_KEY_SIZE = 16, /* for 128 bit */
1391 CHACHA20_IV_SIZE = 12, /* 96 bits for iv */
1392
1393 POLY1305_AUTH_SZ = 16, /* 128 bits */
1394
1395 HMAC_NONCE_SZ = 12, /* Size of HMAC nonce */
1396
1397 HC_128_KEY_SIZE = 16, /* 128 bits */
1398 HC_128_IV_SIZE = 16, /* also 128 bits */
1399
1400 RABBIT_KEY_SIZE = 16, /* 128 bits */
1401 RABBIT_IV_SIZE = 8, /* 64 bits for iv */
1402
1403 EVP_SALT_SIZE = 8, /* evp salt size 64 bits */
1404
1405#ifndef ECDHE_SIZE /* allow this to be overridden at compile-time */
1406 ECDHE_SIZE = 32, /* ECHDE server size defaults to 256 bit */
1407#endif
1408 MAX_EXPORT_ECC_SZ = 256, /* Export ANS X9.62 max future size */
1409 MAX_CURVE_NAME_SZ = 16, /* Maximum size of curve name string */
1410
1411 NEW_SA_MAJOR = 8, /* Most significant byte used with new sig algos */
1412 ED25519_SA_MAJOR = 8, /* Most significant byte for ED25519 */
1413 ED25519_SA_MINOR = 7, /* Least significant byte for ED25519 */
1414 ED448_SA_MAJOR = 8, /* Most significant byte for ED448 */
1415 ED448_SA_MINOR = 8, /* Least significant byte for ED448 */
1416
1417 MIN_RSA_SHA512_PSS_BITS = 512 * 2 + 8 * 8, /* Min key size */
1418 MIN_RSA_SHA384_PSS_BITS = 384 * 2 + 8 * 8, /* Min key size */
1419
1420#ifndef NO_RSA
1421 MAX_CERT_VERIFY_SZ = 4096 / 8, /* max RSA - default 4096-bits */
1422#elif defined(HAVE_ECC)
1423 MAX_CERT_VERIFY_SZ = ECC_MAX_SIG_SIZE, /* max ECC */
1424#elif defined(HAVE_ED448)
1425 MAX_CERT_VERIFY_SZ = ED448_SIG_SIZE, /* max Ed448 */
1426#elif defined(HAVE_ED25519)
1427 MAX_CERT_VERIFY_SZ = ED25519_SIG_SIZE, /* max Ed25519 */
1428#else
1429 MAX_CERT_VERIFY_SZ = 1024, /* max default */
1430#endif
1431 CLIENT_HELLO_FIRST = 35, /* Protocol + RAN_LEN + sizeof(id_len) */
1432 MAX_SUITE_NAME = 48, /* maximum length of cipher suite string */
1433
1434 DTLS_TIMEOUT_INIT = 1, /* default timeout init for DTLS receive */
1435 DTLS_TIMEOUT_MAX = 64, /* default max timeout for DTLS receive */
1436 DTLS_TIMEOUT_MULTIPLIER = 2, /* default timeout multiplier for DTLS recv */
1437
1438 NULL_TERM_LEN = 1, /* length of null '\0' termination character */
1439 MAX_PSK_KEY_LEN = 64, /* max psk key supported */
1440 MIN_PSK_ID_LEN = 6, /* min length of identities */
1441 MIN_PSK_BINDERS_LEN= 33, /* min length of binders */
1442 MAX_TICKET_AGE_SECS= 10, /* maximum ticket age in seconds */
1443
1444#ifndef MAX_WOLFSSL_FILE_SIZE
1445 MAX_WOLFSSL_FILE_SIZE = 1024ul * 1024ul * 4, /* 4 mb file size alloc limit */
1446#endif
1447
1448 MAX_X509_SIZE = 2048, /* max static x509 buffer size */
1449 CERT_MIN_SIZE = 256, /* min PEM cert size with header/footer */
1450
1451 MAX_NTRU_PUB_KEY_SZ = 1027, /* NTRU max for now */
1452 MAX_NTRU_ENCRYPT_SZ = 1027, /* NTRU max for now */
1453 MAX_NTRU_BITS = 256, /* max symmetric bit strength */
1454 NO_SNIFF = 0, /* not sniffing */
1455 SNIFF = 1, /* currently sniffing */
1456
1457 HASH_SIG_SIZE = 2, /* default SHA1 RSA */
1458
1459 NO_COPY = 0, /* should we copy static buffer for write */
1460 COPY = 1, /* should we copy static buffer for write */
1461
1462 INVALID_PEER_ID = 0xFFFF, /* Initialize value for peer ID. */
1463
1464 PREV_ORDER = -1, /* Sequence number is in previous epoch. */
1465 PEER_ORDER = 1, /* Peer sequence number for verify. */
1466 CUR_ORDER = 0, /* Current sequence number. */
1467 WRITE_PROTO = 1, /* writing a protocol message */
1468 READ_PROTO = 0 /* reading a protocol message */
1469};
1470
1471/* minimum Downgrade Minor version */
1472#ifndef WOLFSSL_MIN_DOWNGRADE
1473 #ifndef NO_OLD_TLS
1474 #define WOLFSSL_MIN_DOWNGRADE TLSv1_MINOR
1475 #else
1476 #define WOLFSSL_MIN_DOWNGRADE TLSv1_2_MINOR
1477 #endif
1478#endif
1479
1480/* Set max implicit IV size for AEAD cipher suites */
1481#define AEAD_MAX_IMP_SZ 12
1482
1483/* Set max explicit IV size for AEAD cipher suites */
1484#define AEAD_MAX_EXP_SZ 8
1485
1486
1487#ifndef WOLFSSL_MAX_SUITE_SZ
1488 #define WOLFSSL_MAX_SUITE_SZ 300
1489 /* 150 suites for now! */
1490#endif
1491
1492/* number of items in the signature algo list */
1493#ifndef WOLFSSL_MAX_SIGALGO
1494 #define WOLFSSL_MAX_SIGALGO 32
1495#endif
1496
1497
1498/* set minimum ECC key size allowed */
1499#ifndef WOLFSSL_MIN_ECC_BITS
1500 #ifdef WOLFSSL_MAX_STRENGTH
1501 #define WOLFSSL_MIN_ECC_BITS 256
1502 #else
1503 #define WOLFSSL_MIN_ECC_BITS 224
1504 #endif
1505#endif /* WOLFSSL_MIN_ECC_BITS */
1506#if (WOLFSSL_MIN_ECC_BITS % 8)
1507 /* Some ECC keys are not divisible by 8 such as prime239v1 or sect131r1.
1508 In these cases round down to the nearest value divisible by 8. The
1509 restriction of being divisible by 8 is in place to match wc_ecc_size
1510 function from wolfSSL.
1511 */
1512 #error ECC minimum bit size must be a multiple of 8
1513#endif
1514#define MIN_ECCKEY_SZ (WOLFSSL_MIN_ECC_BITS / 8)
1515
1516/* set minimum RSA key size allowed */
1517#ifndef WOLFSSL_MIN_RSA_BITS
1518 #ifdef WOLFSSL_MAX_STRENGTH
1519 #define WOLFSSL_MIN_RSA_BITS 2048
1520 #else
1521 #define WOLFSSL_MIN_RSA_BITS 1024
1522 #endif
1523#endif /* WOLFSSL_MIN_RSA_BITS */
1524#if (WOLFSSL_MIN_RSA_BITS % 8)
1525 /* This is to account for the example case of a min size of 2050 bits but
1526 still allows 2049 bit key. So we need the measurement to be in bytes. */
1527 #error RSA minimum bit size must be a multiple of 8
1528#endif
1529#define MIN_RSAKEY_SZ (WOLFSSL_MIN_RSA_BITS / 8)
1530
1531#ifdef SESSION_INDEX
1532/* Shift values for making a session index */
1533#define SESSIDX_ROW_SHIFT 4
1534#define SESSIDX_IDX_MASK 0x0F
1535#endif
1536
1537
1538/* max cert chain peer depth */
1539#ifndef MAX_CHAIN_DEPTH
1540 #define MAX_CHAIN_DEPTH 9
1541#endif
1542
1543/* max size of a certificate message payload */
1544/* assumes MAX_CHAIN_DEPTH number of certificates at 2kb per certificate */
1545#ifndef MAX_CERTIFICATE_SZ
1546 #define MAX_CERTIFICATE_SZ \
1547 CERT_HEADER_SZ + \
1548 (MAX_X509_SIZE + CERT_HEADER_SZ) * MAX_CHAIN_DEPTH
1549#endif
1550
1551/* max size of a handshake message, currently set to the certificate */
1552#ifndef MAX_HANDSHAKE_SZ
1553 #define MAX_HANDSHAKE_SZ MAX_CERTIFICATE_SZ
1554#endif
1555
1556#ifndef SESSION_TICKET_LEN
1557 #define SESSION_TICKET_LEN 256
1558#endif
1559
1560#ifndef SESSION_TICKET_HINT_DEFAULT
1561 #define SESSION_TICKET_HINT_DEFAULT 300
1562#endif
1563
1564
1565/* don't use extra 3/4k stack space unless need to */
1566#ifdef HAVE_NTRU
1567 #define MAX_ENCRYPT_SZ MAX_NTRU_ENCRYPT_SZ
1568#else
1569 #define MAX_ENCRYPT_SZ ENCRYPT_LEN
1570#endif
1571
1572
1573/* states */
1574enum states {
1575 NULL_STATE = 0,
1576
1577 SERVER_HELLOVERIFYREQUEST_COMPLETE,
1578 SERVER_HELLO_RETRY_REQUEST_COMPLETE,
1579 SERVER_HELLO_COMPLETE,
1580 SERVER_ENCRYPTED_EXTENSIONS_COMPLETE,
1581 SERVER_CERT_COMPLETE,
1582 SERVER_KEYEXCHANGE_COMPLETE,
1583 SERVER_HELLODONE_COMPLETE,
1584 SERVER_CHANGECIPHERSPEC_COMPLETE,
1585 SERVER_FINISHED_COMPLETE,
1586
1587 CLIENT_HELLO_RETRY,
1588 CLIENT_HELLO_COMPLETE,
1589 CLIENT_KEYEXCHANGE_COMPLETE,
1590 CLIENT_CHANGECIPHERSPEC_COMPLETE,
1591 CLIENT_FINISHED_COMPLETE,
1592
1593 HANDSHAKE_DONE
1594};
1595
1596/* SSL Version */
1597typedef struct ProtocolVersion {
1598 byte major;
1599 byte minor;
1600} WOLFSSL_PACK ProtocolVersion;
1601
1602
1603WOLFSSL_LOCAL ProtocolVersion MakeSSLv3(void);
1604WOLFSSL_LOCAL ProtocolVersion MakeTLSv1(void);
1605WOLFSSL_LOCAL ProtocolVersion MakeTLSv1_1(void);
1606WOLFSSL_LOCAL ProtocolVersion MakeTLSv1_2(void);
1607WOLFSSL_LOCAL ProtocolVersion MakeTLSv1_3(void);
1608
1609#ifdef WOLFSSL_DTLS
1610 WOLFSSL_LOCAL ProtocolVersion MakeDTLSv1(void);
1611 WOLFSSL_LOCAL ProtocolVersion MakeDTLSv1_2(void);
1612
1613 #ifdef WOLFSSL_SESSION_EXPORT
1614 WOLFSSL_LOCAL int wolfSSL_dtls_import_internal(WOLFSSL* ssl, byte* buf,
1615 word32 sz);
1616 WOLFSSL_LOCAL int wolfSSL_dtls_export_internal(WOLFSSL* ssl, byte* buf,
1617 word32 sz);
1618 WOLFSSL_LOCAL int wolfSSL_dtls_export_state_internal(WOLFSSL* ssl,
1619 byte* buf, word32 sz);
1620 WOLFSSL_LOCAL int wolfSSL_dtls_import_state_internal(WOLFSSL* ssl,
1621 byte* buf, word32 sz);
1622 WOLFSSL_LOCAL int wolfSSL_send_session(WOLFSSL* ssl);
1623 #endif
1624#endif
1625
1626
1627/* wolfSSL method type */
1628struct WOLFSSL_METHOD {
1629 ProtocolVersion version;
1630 byte side; /* connection side, server or client */
1631 byte downgrade; /* whether to downgrade version, default no */
1632};
1633
1634/* wolfSSL buffer type - internal uses "buffer" type */
1635typedef WOLFSSL_BUFFER_INFO buffer;
1636
1637typedef struct Suites Suites;
1638
1639
1640/* defaults to client */
1641WOLFSSL_LOCAL void InitSSL_Method(WOLFSSL_METHOD*, ProtocolVersion);
1642
1643WOLFSSL_LOCAL int InitSSL_Suites(WOLFSSL* ssl);
1644WOLFSSL_LOCAL int InitSSL_Side(WOLFSSL* ssl, word16 side);
1645
1646/* for sniffer */
1647WOLFSSL_LOCAL int DoFinished(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
1648 word32 size, word32 totalSz, int sniff);
1649WOLFSSL_LOCAL int DoApplicationData(WOLFSSL* ssl, byte* input, word32* inOutIdx);
1650/* TLS v1.3 needs these */
1651WOLFSSL_LOCAL int HandleTlsResumption(WOLFSSL* ssl, int bogusID,
1652 Suites* clSuites);
1653#ifdef WOLFSSL_TLS13
1654WOLFSSL_LOCAL int FindSuite(Suites* suites, byte first, byte second);
1655#endif
1656WOLFSSL_LOCAL int DoClientHello(WOLFSSL* ssl, const byte* input, word32*,
1657 word32);
1658#ifdef WOLFSSL_TLS13
1659WOLFSSL_LOCAL int DoTls13ClientHello(WOLFSSL* ssl, const byte* input,
1660 word32* inOutIdx, word32 helloSz);
1661#endif
1662WOLFSSL_LOCAL int DoServerHello(WOLFSSL* ssl, const byte* input, word32*,
1663 word32);
1664WOLFSSL_LOCAL int CompleteServerHello(WOLFSSL *ssl);
1665WOLFSSL_LOCAL int CheckVersion(WOLFSSL *ssl, ProtocolVersion pv);
1666WOLFSSL_LOCAL int PickHashSigAlgo(WOLFSSL* ssl, const byte* hashSigAlgo,
1667 word32 hashSigAlgoSz);
1668WOLFSSL_LOCAL int DecodePrivateKey(WOLFSSL *ssl, word16* length);
1669#ifdef HAVE_PK_CALLBACKS
1670WOLFSSL_LOCAL int GetPrivateKeySigSize(WOLFSSL* ssl);
1671#ifndef NO_ASN
1672 WOLFSSL_LOCAL int InitSigPkCb(WOLFSSL* ssl, SignatureCtx* sigCtx);
1673#endif
1674#endif
1675WOLFSSL_LOCAL void FreeKeyExchange(WOLFSSL* ssl);
1676WOLFSSL_LOCAL void FreeSuites(WOLFSSL* ssl);
1677WOLFSSL_LOCAL int ProcessPeerCerts(WOLFSSL* ssl, byte* input, word32* inOutIdx, word32 size);
1678WOLFSSL_LOCAL int MatchDomainName(const char* pattern, int len, const char* str);
1679#ifndef NO_CERTS
1680WOLFSSL_LOCAL int CheckAltNames(DecodedCert* dCert, char* domain);
1681#ifdef OPENSSL_EXTRA
1682WOLFSSL_LOCAL int CheckIPAddr(DecodedCert* dCert, char* ipasc);
1683#endif
1684#endif
1685WOLFSSL_LOCAL int CreateTicket(WOLFSSL* ssl);
1686WOLFSSL_LOCAL int HashOutputRaw(WOLFSSL* ssl, const byte* output, int sz);
1687WOLFSSL_LOCAL int HashOutput(WOLFSSL* ssl, const byte* output, int sz,
1688 int ivSz);
1689WOLFSSL_LOCAL int HashInput(WOLFSSL* ssl, const byte* input, int sz);
1690#if defined(OPENSSL_ALL) || defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
1691WOLFSSL_LOCAL int SNI_Callback(WOLFSSL* ssl);
1692#endif
1693#ifdef WOLFSSL_TLS13
1694WOLFSSL_LOCAL int DecryptTls13(WOLFSSL* ssl, byte* output, const byte* input,
1695 word16 sz, const byte* aad, word16 aadSz);
1696WOLFSSL_LOCAL int DoTls13HandShakeMsgType(WOLFSSL* ssl, byte* input,
1697 word32* inOutIdx, byte type,
1698 word32 size, word32 totalSz);
1699WOLFSSL_LOCAL int DoTls13HandShakeMsg(WOLFSSL* ssl, byte* input,
1700 word32* inOutIdx, word32 totalSz);
1701WOLFSSL_LOCAL int DoTls13ServerHello(WOLFSSL* ssl, const byte* input,
1702 word32* inOutIdx, word32 helloSz,
1703 byte* extMsgType);
1704#endif
1705int TimingPadVerify(WOLFSSL* ssl, const byte* input, int padLen, int t,
1706 int pLen, int content);
1707
1708
1709enum {
1710 FORCED_FREE = 1,
1711 NO_FORCED_FREE = 0
1712};
1713
1714
1715/* only use compression extra if using compression */
1716#ifdef HAVE_LIBZ
1717 #define COMP_EXTRA MAX_COMP_EXTRA
1718#else
1719 #define COMP_EXTRA 0
1720#endif
1721
1722/* only the sniffer needs space in the buffer for extra MTU record(s) */
1723#ifdef WOLFSSL_SNIFFER
1724 #define MTU_EXTRA MAX_MTU * 3
1725#else
1726 #define MTU_EXTRA 0
1727#endif
1728
1729
1730/* embedded callbacks require large static buffers, make sure on */
1731#ifdef WOLFSSL_CALLBACKS
1732 #undef LARGE_STATIC_BUFFERS
1733 #define LARGE_STATIC_BUFFERS
1734#endif
1735
1736
1737/* give user option to use 16K static buffers */
1738#if defined(LARGE_STATIC_BUFFERS)
1739 #define RECORD_SIZE MAX_RECORD_SIZE
1740#else
1741 #ifdef WOLFSSL_DTLS
1742 #define RECORD_SIZE MAX_MTU
1743 #else
1744 #define RECORD_SIZE 128
1745 #endif
1746#endif
1747
1748
1749/* user option to turn off 16K output option */
1750/* if using small static buffers (default) and SSL_write tries to write data
1751 larger than the record we have, dynamically get it, unless user says only
1752 write in static buffer chunks */
1753#ifndef STATIC_CHUNKS_ONLY
1754 #define OUTPUT_RECORD_SIZE MAX_RECORD_SIZE
1755#else
1756 #define OUTPUT_RECORD_SIZE RECORD_SIZE
1757#endif
1758
1759/* wolfSSL input buffer
1760
1761 RFC 2246:
1762
1763 length
1764 The length (in bytes) of the following TLSPlaintext.fragment.
1765 The length should not exceed 2^14.
1766*/
1767#if defined(LARGE_STATIC_BUFFERS)
1768 #define STATIC_BUFFER_LEN RECORD_HEADER_SZ + RECORD_SIZE + COMP_EXTRA + \
1769 MTU_EXTRA + MAX_MSG_EXTRA
1770#else
1771 /* don't fragment memory from the record header */
1772 #define STATIC_BUFFER_LEN RECORD_HEADER_SZ
1773#endif
1774
1775typedef struct {
1776 ALIGN16 byte staticBuffer[STATIC_BUFFER_LEN];
1777 byte* buffer; /* place holder for static or dynamic buffer */
1778 word32 length; /* total buffer length used */
1779 word32 idx; /* idx to part of length already consumed */
1780 word32 bufferSize; /* current buffer size */
1781 byte dynamicFlag; /* dynamic memory currently in use */
1782 byte offset; /* alignment offset attempt */
1783} bufferStatic;
1784
1785/* Cipher Suites holder */
1786struct Suites {
1787 word16 suiteSz; /* suite length in bytes */
1788 word16 hashSigAlgoSz; /* SigAlgo extension length in bytes */
1789 byte suites[WOLFSSL_MAX_SUITE_SZ];
1790 byte hashSigAlgo[WOLFSSL_MAX_SIGALGO]; /* sig/algo to offer */
1791 byte setSuites; /* user set suites from default */
1792 byte hashAlgo; /* selected hash algorithm */
1793 byte sigAlgo; /* selected sig algorithm */
1794#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
1795 WOLF_STACK_OF(WOLFSSL_CIPHER)* stack; /* stack of available cipher suites */
1796#endif
1797};
1798
1799
1800WOLFSSL_LOCAL void InitSuitesHashSigAlgo(Suites* suites, int haveECDSAsig,
1801 int haveRSAsig, int haveAnon,
1802 int tls1_2, int keySz);
1803WOLFSSL_LOCAL void InitSuites(Suites*, ProtocolVersion, int, word16, word16,
1804 word16, word16, word16, word16, word16, int);
1805WOLFSSL_LOCAL int MatchSuite(WOLFSSL* ssl, Suites* peerSuites);
1806WOLFSSL_LOCAL int SetCipherList(WOLFSSL_CTX*, Suites*, const char* list);
1807
1808#ifndef PSK_TYPES_DEFINED
1809 typedef unsigned int (*wc_psk_client_callback)(WOLFSSL*, const char*, char*,
1810 unsigned int, unsigned char*, unsigned int);
1811 typedef unsigned int (*wc_psk_server_callback)(WOLFSSL*, const char*,
1812 unsigned char*, unsigned int);
1813#ifdef WOLFSSL_TLS13
1814 typedef unsigned int (*wc_psk_client_tls13_callback)(WOLFSSL*, const char*,
1815 char*, unsigned int, unsigned char*, unsigned int,
1816 const char**);
1817 typedef unsigned int (*wc_psk_server_tls13_callback)(WOLFSSL*, const char*,
1818 unsigned char*, unsigned int, const char**);
1819#endif
1820#endif /* PSK_TYPES_DEFINED */
1821#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_SESSION_EXPORT) && \
1822 !defined(WOLFSSL_DTLS_EXPORT_TYPES)
1823 typedef int (*wc_dtls_export)(WOLFSSL* ssl,
1824 unsigned char* exportBuffer, unsigned int sz, void* userCtx);
1825#define WOLFSSL_DTLS_EXPORT_TYPES
1826#endif /* WOLFSSL_DTLS_EXPORT_TYPES */
1827
1828
1829#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
1830#define MAX_DESCRIPTION_SZ 255
1831#endif
1832/* wolfSSL Cipher type just points back to SSL */
1833struct WOLFSSL_CIPHER {
1834 byte cipherSuite0;
1835 byte cipherSuite;
1836 WOLFSSL* ssl;
1837#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
1838 char description[MAX_DESCRIPTION_SZ];
1839 unsigned long offset;
1840 unsigned int in_stack; /* TRUE if added to stack in wolfSSL_get_ciphers_compat */
1841 int bits;
1842#endif
1843};
1844
1845
1846#ifdef NO_ASN
1847 /* no_asn won't have */
1848 typedef struct CertStatus CertStatus;
1849#endif
1850
1851#ifndef HAVE_OCSP
1852 typedef struct WOLFSSL_OCSP WOLFSSL_OCSP;
1853#endif
1854
1855/* wolfSSL OCSP controller */
1856#ifdef HAVE_OCSP
1857struct WOLFSSL_OCSP {
1858 WOLFSSL_CERT_MANAGER* cm; /* pointer back to cert manager */
1859 OcspEntry* ocspList; /* OCSP response list */
1860 wolfSSL_Mutex ocspLock; /* OCSP list lock */
1861 int error;
1862#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || \
1863 defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
1864 int(*statusCb)(WOLFSSL*, void*);
1865#endif
1866};
1867#endif
1868
1869#ifndef MAX_DATE_SIZE
1870#define MAX_DATE_SIZE 32
1871#endif
1872
1873typedef struct CRL_Entry CRL_Entry;
1874
1875#ifdef NO_SHA
1876 #define CRL_DIGEST_SIZE WC_SHA256_DIGEST_SIZE
1877#else
1878 #define CRL_DIGEST_SIZE WC_SHA_DIGEST_SIZE
1879#endif
1880
1881#ifdef NO_ASN
1882 typedef struct RevokedCert RevokedCert;
1883#endif
1884
1885/* Complete CRL */
1886struct CRL_Entry {
1887 CRL_Entry* next; /* next entry */
1888 byte issuerHash[CRL_DIGEST_SIZE]; /* issuer hash */
1889 /* byte crlHash[CRL_DIGEST_SIZE]; raw crl data hash */
1890 /* restore the hash here if needed for optimized comparisons */
1891 byte lastDate[MAX_DATE_SIZE]; /* last date updated */
1892 byte nextDate[MAX_DATE_SIZE]; /* next update date */
1893 byte lastDateFormat; /* last date format */
1894 byte nextDateFormat; /* next date format */
1895 RevokedCert* certs; /* revoked cert list */
1896 int totalCerts; /* number on list */
1897 int verified;
1898 byte* toBeSigned;
1899 word32 tbsSz;
1900 byte* signature;
1901 word32 signatureSz;
1902 word32 signatureOID;
1903#if !defined(NO_SKID) && !defined(NO_ASN)
1904 byte extAuthKeyIdSet;
1905 byte extAuthKeyId[KEYID_SIZE];
1906#endif
1907};
1908
1909
1910typedef struct CRL_Monitor CRL_Monitor;
1911
1912/* CRL directory monitor */
1913struct CRL_Monitor {
1914 char* path; /* full dir path, if valid pointer we're using */
1915 int type; /* PEM or ASN1 type */
1916};
1917
1918
1919#if defined(HAVE_CRL) && defined(NO_FILESYSTEM)
1920 #undef HAVE_CRL_MONITOR
1921#endif
1922
1923/* wolfSSL CRL controller */
1924struct WOLFSSL_CRL {
1925 WOLFSSL_CERT_MANAGER* cm; /* pointer back to cert manager */
1926 CRL_Entry* crlList; /* our CRL list */
1927#ifdef HAVE_CRL_IO
1928 CbCrlIO crlIOCb;
1929#endif
1930 wolfSSL_Mutex crlLock; /* CRL list lock */
1931 CRL_Monitor monitors[2]; /* PEM and DER possible */
1932#ifdef HAVE_CRL_MONITOR
1933 pthread_cond_t cond; /* condition to signal setup */
1934 pthread_t tid; /* monitoring thread */
1935 int mfd; /* monitor fd, -1 if no init yet */
1936 int setup; /* thread is setup predicate */
1937#endif
1938 void* heap; /* heap hint for dynamic memory */
1939};
1940
1941
1942#ifdef NO_ASN
1943 typedef struct Signer Signer;
1944#ifdef WOLFSSL_TRUST_PEER_CERT
1945 typedef struct TrustedPeerCert TrustedPeerCert;
1946#endif
1947#endif
1948
1949
1950#ifndef CA_TABLE_SIZE
1951 #define CA_TABLE_SIZE 11
1952#endif
1953#ifdef WOLFSSL_TRUST_PEER_CERT
1954 #define TP_TABLE_SIZE 11
1955#endif
1956
1957/* wolfSSL Certificate Manager */
1958struct WOLFSSL_CERT_MANAGER {
1959 Signer* caTable[CA_TABLE_SIZE]; /* the CA signer table */
1960 void* heap; /* heap helper */
1961#ifdef WOLFSSL_TRUST_PEER_CERT
1962 TrustedPeerCert* tpTable[TP_TABLE_SIZE]; /* table of trusted peer certs */
1963 wolfSSL_Mutex tpLock; /* trusted peer list lock */
1964#endif
1965 WOLFSSL_CRL* crl; /* CRL checker */
1966 WOLFSSL_OCSP* ocsp; /* OCSP checker */
1967#if !defined(NO_WOLFSSL_SERVER) && (defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
1968 || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2))
1969 WOLFSSL_OCSP* ocsp_stapling; /* OCSP checker for OCSP stapling */
1970#endif
1971 char* ocspOverrideURL; /* use this responder */
1972 void* ocspIOCtx; /* I/O callback CTX */
1973#ifndef NO_WOLFSSL_CM_VERIFY
1974 VerifyCallback verifyCallback; /* Verify callback */
1975#endif
1976 CallbackCACache caCacheCallback; /* CA cache addition callback */
1977 CbMissingCRL cbMissingCRL; /* notify through cb of missing crl */
1978 CbOCSPIO ocspIOCb; /* I/O callback for OCSP lookup */
1979 CbOCSPRespFree ocspRespFreeCb; /* Frees OCSP Response from IO Cb */
1980 wolfSSL_Mutex caLock; /* CA list lock */
1981 byte crlEnabled; /* is CRL on ? */
1982 byte crlCheckAll; /* always leaf, but all ? */
1983 byte ocspEnabled; /* is OCSP on ? */
1984 byte ocspCheckAll; /* always leaf, but all ? */
1985 byte ocspSendNonce; /* send the OCSP nonce ? */
1986 byte ocspUseOverrideURL; /* ignore cert's responder, override */
1987 byte ocspStaplingEnabled; /* is OCSP Stapling on ? */
1988
1989#ifndef NO_RSA
1990 short minRsaKeySz; /* minimum allowed RSA key size */
1991#endif
1992#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448)
1993 short minEccKeySz; /* minimum allowed ECC key size */
1994#endif
1995};
1996
1997WOLFSSL_LOCAL int CM_SaveCertCache(WOLFSSL_CERT_MANAGER*, const char*);
1998WOLFSSL_LOCAL int CM_RestoreCertCache(WOLFSSL_CERT_MANAGER*, const char*);
1999WOLFSSL_LOCAL int CM_MemSaveCertCache(WOLFSSL_CERT_MANAGER*, void*, int, int*);
2000WOLFSSL_LOCAL int CM_MemRestoreCertCache(WOLFSSL_CERT_MANAGER*, const void*, int);
2001WOLFSSL_LOCAL int CM_GetCertCacheMemSize(WOLFSSL_CERT_MANAGER*);
2002WOLFSSL_LOCAL int CM_VerifyBuffer_ex(WOLFSSL_CERT_MANAGER* cm, const byte* buff,
2003 long sz, int format, int err_val);
2004
2005
2006#ifndef NO_CERTS
2007#if !defined NOCERTS &&\
2008 (!defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH))
2009typedef struct ProcPeerCertArgs {
2010 buffer* certs;
2011#ifdef WOLFSSL_TLS13
2012 buffer* exts; /* extensions */
2013#endif
2014 DecodedCert* dCert;
2015 word32 idx;
2016 word32 begin;
2017 int totalCerts; /* number of certs in certs buffer */
2018 int count;
2019 int certIdx;
2020 int lastErr;
2021#ifdef WOLFSSL_TLS13
2022 byte ctxSz;
2023#endif
2024#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
2025 char untrustedDepth;
2026#endif
2027 word16 fatal:1;
2028 word16 verifyErr:1;
2029 word16 dCertInit:1;
2030#ifdef WOLFSSL_TRUST_PEER_CERT
2031 word16 haveTrustPeer:1; /* was cert verified by loaded trusted peer cert */
2032#endif
2033} ProcPeerCertArgs;
2034WOLFSSL_LOCAL int DoVerifyCallback(WOLFSSL_CERT_MANAGER* cm, WOLFSSL* ssl,
2035 int ret, ProcPeerCertArgs* args);
2036#endif /* !defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH) */
2037#endif /* !defined NO_CERTS */
2038
2039/* wolfSSL Sock Addr */
2040struct WOLFSSL_SOCKADDR {
2041 unsigned int sz; /* sockaddr size */
2042 void* sa; /* pointer to the sockaddr_in or sockaddr_in6 */
2043};
2044
2045typedef struct WOLFSSL_DTLS_CTX {
2046 WOLFSSL_SOCKADDR peer;
2047 int rfd;
2048 int wfd;
2049} WOLFSSL_DTLS_CTX;
2050
2051
2052typedef struct WOLFSSL_DTLS_PEERSEQ {
2053 word32 window[WOLFSSL_DTLS_WINDOW_WORDS];
2054 /* Sliding window for current epoch */
2055 word16 nextEpoch; /* Expected epoch in next record */
2056 word16 nextSeq_hi; /* Expected sequence in next record */
2057 word32 nextSeq_lo;
2058
2059 word32 prevWindow[WOLFSSL_DTLS_WINDOW_WORDS];
2060 /* Sliding window for old epoch */
2061 word32 prevSeq_lo;
2062 word16 prevSeq_hi; /* Next sequence in allowed old epoch */
2063
2064#ifdef WOLFSSL_MULTICAST
2065 word16 peerId;
2066 word32 highwaterMark;
2067#endif
2068} WOLFSSL_DTLS_PEERSEQ;
2069
2070
2071#define MAX_WRITE_IV_SZ 16 /* max size of client/server write_IV */
2072
2073/* keys and secrets
2074 * keep as a constant size (no additional ifdefs) for session export */
2075typedef struct Keys {
2076#if !defined(WOLFSSL_AEAD_ONLY) || defined(WOLFSSL_TLS13)
2077 byte client_write_MAC_secret[WC_MAX_DIGEST_SIZE]; /* max sizes */
2078 byte server_write_MAC_secret[WC_MAX_DIGEST_SIZE];
2079#endif
2080 byte client_write_key[MAX_SYM_KEY_SIZE]; /* max sizes */
2081 byte server_write_key[MAX_SYM_KEY_SIZE];
2082 byte client_write_IV[MAX_WRITE_IV_SZ]; /* max sizes */
2083 byte server_write_IV[MAX_WRITE_IV_SZ];
2084#if defined(HAVE_AEAD) || defined(WOLFSSL_SESSION_EXPORT)
2085 byte aead_exp_IV[AEAD_MAX_EXP_SZ];
2086 byte aead_enc_imp_IV[AEAD_MAX_IMP_SZ];
2087 byte aead_dec_imp_IV[AEAD_MAX_IMP_SZ];
2088#endif
2089
2090 word32 peer_sequence_number_hi;
2091 word32 peer_sequence_number_lo;
2092 word32 sequence_number_hi;
2093 word32 sequence_number_lo;
2094
2095#ifdef WOLFSSL_DTLS
2096 word16 curEpoch; /* Received epoch in current record */
2097 word16 curSeq_hi; /* Received sequence in current record */
2098 word32 curSeq_lo;
2099#ifdef WOLFSSL_MULTICAST
2100 byte curPeerId; /* Received peer group ID in current record */
2101#endif
2102 WOLFSSL_DTLS_PEERSEQ peerSeq[WOLFSSL_DTLS_PEERSEQ_SZ];
2103
2104 word16 dtls_peer_handshake_number;
2105 word16 dtls_expected_peer_handshake_number;
2106
2107 word16 dtls_epoch; /* Current epoch */
2108 word16 dtls_sequence_number_hi; /* Current epoch */
2109 word32 dtls_sequence_number_lo;
2110 word16 dtls_prev_sequence_number_hi; /* Previous epoch */
2111 word32 dtls_prev_sequence_number_lo;
2112 word16 dtls_handshake_number; /* Current tx handshake seq */
2113#endif
2114
2115 word32 encryptSz; /* last size of encrypted data */
2116 word32 padSz; /* how much to advance after decrypt part */
2117 byte encryptionOn; /* true after change cipher spec */
2118 byte decryptedCur; /* only decrypt current record once */
2119#ifdef WOLFSSL_TLS13
2120 byte updateResponseReq:1; /* KeyUpdate response from peer required. */
2121 byte keyUpdateRespond:1; /* KeyUpdate is to be responded to. */
2122#endif
2123#ifdef WOLFSSL_RENESAS_TSIP_TLS
2124 byte tsip_client_write_MAC_secret[TSIP_TLS_HMAC_KEY_INDEX_WORDSIZE];
2125 byte tsip_server_write_MAC_secret[TSIP_TLS_HMAC_KEY_INDEX_WORDSIZE];
2126#endif
2127} Keys;
2128
2129
2130
2131/** TLS Extensions - RFC 6066 */
2132#ifdef HAVE_TLS_EXTENSIONS
2133
2134typedef enum {
2135 TLSX_SERVER_NAME = 0x0000, /* a.k.a. SNI */
2136 TLSX_MAX_FRAGMENT_LENGTH = 0x0001,
2137 TLSX_TRUSTED_CA_KEYS = 0x0003,
2138 TLSX_TRUNCATED_HMAC = 0x0004,
2139 TLSX_STATUS_REQUEST = 0x0005, /* a.k.a. OCSP stapling */
2140 TLSX_SUPPORTED_GROUPS = 0x000a, /* a.k.a. Supported Curves */
2141 TLSX_EC_POINT_FORMATS = 0x000b,
2142#if !defined(WOLFSSL_NO_SIGALG)
2143 TLSX_SIGNATURE_ALGORITHMS = 0x000d,
2144#endif
2145 TLSX_APPLICATION_LAYER_PROTOCOL = 0x0010, /* a.k.a. ALPN */
2146 TLSX_STATUS_REQUEST_V2 = 0x0011, /* a.k.a. OCSP stapling v2 */
2147#if defined(HAVE_ENCRYPT_THEN_MAC) && !defined(WOLFSSL_AEAD_ONLY)
2148 TLSX_ENCRYPT_THEN_MAC = 0x0016, /* RFC 7366 */
2149#endif
2150 TLSX_QUANTUM_SAFE_HYBRID = 0x0018, /* a.k.a. QSH */
2151 TLSX_SESSION_TICKET = 0x0023,
2152#ifdef WOLFSSL_TLS13
2153 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
2154 TLSX_PRE_SHARED_KEY = 0x0029,
2155 #endif
2156 #ifdef WOLFSSL_EARLY_DATA
2157 TLSX_EARLY_DATA = 0x002a,
2158 #endif
2159 TLSX_SUPPORTED_VERSIONS = 0x002b,
2160 TLSX_COOKIE = 0x002c,
2161 #if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
2162 TLSX_PSK_KEY_EXCHANGE_MODES = 0x002d,
2163 #endif
2164 #ifdef WOLFSSL_POST_HANDSHAKE_AUTH
2165 TLSX_POST_HANDSHAKE_AUTH = 0x0031,
2166 #endif
2167 #if defined(WOLFSSL_TLS13_DRAFT_18) || defined(WOLFSSL_TLS13_DRAFT_22)
2168 TLSX_KEY_SHARE = 0x0028,
2169 #else
2170 TLSX_SIGNATURE_ALGORITHMS_CERT = 0x0032,
2171 TLSX_KEY_SHARE = 0x0033,
2172 #endif
2173#endif
2174 TLSX_RENEGOTIATION_INFO = 0xff01
2175} TLSX_Type;
2176
2177typedef struct TLSX {
2178 TLSX_Type type; /* Extension Type */
2179 void* data; /* Extension Data */
2180 word32 val; /* Extension Value */
2181 byte resp; /* IsResponse Flag */
2182 struct TLSX* next; /* List Behavior */
2183} TLSX;
2184
2185WOLFSSL_LOCAL TLSX* TLSX_Find(TLSX* list, TLSX_Type type);
2186WOLFSSL_LOCAL void TLSX_Remove(TLSX** list, TLSX_Type type, void* heap);
2187WOLFSSL_LOCAL void TLSX_FreeAll(TLSX* list, void* heap);
2188WOLFSSL_LOCAL int TLSX_SupportExtensions(WOLFSSL* ssl);
2189WOLFSSL_LOCAL int TLSX_PopulateExtensions(WOLFSSL* ssl, byte isRequest);
2190
2191#if defined(WOLFSSL_TLS13) || !defined(NO_WOLFSSL_CLIENT)
2192WOLFSSL_LOCAL int TLSX_GetRequestSize(WOLFSSL* ssl, byte msgType,
2193 word16* pLength);
2194WOLFSSL_LOCAL int TLSX_WriteRequest(WOLFSSL* ssl, byte* output,
2195 byte msgType, word16* pOffset);
2196#endif
2197
2198#if defined(WOLFSSL_TLS13) || !defined(NO_WOLFSSL_SERVER)
2199/* TLS 1.3 Certificate messages have extensions. */
2200WOLFSSL_LOCAL int TLSX_GetResponseSize(WOLFSSL* ssl, byte msgType,
2201 word16* pLength);
2202WOLFSSL_LOCAL int TLSX_WriteResponse(WOLFSSL *ssl, byte* output, byte msgType,
2203 word16* pOffset);
2204#endif
2205
2206WOLFSSL_LOCAL int TLSX_ParseVersion(WOLFSSL* ssl, byte* input, word16 length,
2207 byte msgType, int* found);
2208WOLFSSL_LOCAL int TLSX_Parse(WOLFSSL* ssl, byte* input, word16 length,
2209 byte msgType, Suites *suites);
2210
2211#elif defined(HAVE_SNI) \
2212 || defined(HAVE_MAX_FRAGMENT) \
2213 || defined(HAVE_TRUSTED_CA) \
2214 || defined(HAVE_TRUNCATED_HMAC) \
2215 || defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
2216 || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) \
2217 || defined(HAVE_SUPPORTED_CURVES) \
2218 || defined(HAVE_ALPN) \
2219 || defined(HAVE_QSH) \
2220 || defined(HAVE_SESSION_TICKET) \
2221 || defined(HAVE_SECURE_RENEGOTIATION) \
2222 || defined(HAVE_SERVER_RENEGOTIATION_INFO)
2223
2224#error Using TLS extensions requires HAVE_TLS_EXTENSIONS to be defined.
2225
2226#endif /* HAVE_TLS_EXTENSIONS */
2227
2228/** Server Name Indication - RFC 6066 (session 3) */
2229#ifdef HAVE_SNI
2230
2231typedef struct SNI {
2232 byte type; /* SNI Type */
2233 union { char* host_name; } data; /* SNI Data */
2234 struct SNI* next; /* List Behavior */
2235 byte status; /* Matching result */
2236#ifndef NO_WOLFSSL_SERVER
2237 byte options; /* Behavior options */
2238#endif
2239} SNI;
2240
2241WOLFSSL_LOCAL int TLSX_UseSNI(TLSX** extensions, byte type, const void* data,
2242 word16 size, void* heap);
2243WOLFSSL_LOCAL byte TLSX_SNI_Status(TLSX* extensions, byte type);
2244WOLFSSL_LOCAL word16 TLSX_SNI_GetRequest(TLSX* extensions, byte type,
2245 void** data);
2246
2247#ifndef NO_WOLFSSL_SERVER
2248WOLFSSL_LOCAL void TLSX_SNI_SetOptions(TLSX* extensions, byte type,
2249 byte options);
2250WOLFSSL_LOCAL int TLSX_SNI_GetFromBuffer(const byte* buffer, word32 bufferSz,
2251 byte type, byte* sni, word32* inOutSz);
2252#endif
2253
2254#endif /* HAVE_SNI */
2255
2256/* Trusted CA Key Indication - RFC 6066 (section 6) */
2257#ifdef HAVE_TRUSTED_CA
2258
2259typedef struct TCA {
2260 byte type; /* TCA Type */
2261 byte* id; /* TCA identifier */
2262 word16 idSz; /* TCA identifier size */
2263 struct TCA* next; /* List Behavior */
2264} TCA;
2265
2266WOLFSSL_LOCAL int TLSX_UseTrustedCA(TLSX** extensions, byte type,
2267 const byte* id, word16 idSz, void* heap);
2268
2269#endif /* HAVE_TRUSTED_CA */
2270
2271/* Application-Layer Protocol Negotiation - RFC 7301 */
2272#ifdef HAVE_ALPN
2273typedef struct ALPN {
2274 char* protocol_name; /* ALPN protocol name */
2275 struct ALPN* next; /* List Behavior */
2276 byte options; /* Behavior options */
2277 byte negotiated; /* ALPN protocol negotiated or not */
2278} ALPN;
2279
2280WOLFSSL_LOCAL int TLSX_ALPN_GetRequest(TLSX* extensions,
2281 void** data, word16 *dataSz);
2282
2283WOLFSSL_LOCAL int TLSX_UseALPN(TLSX** extensions, const void* data,
2284 word16 size, byte options, void* heap);
2285
2286WOLFSSL_LOCAL int TLSX_ALPN_SetOptions(TLSX** extensions, const byte option);
2287
2288#endif /* HAVE_ALPN */
2289
2290/** Maximum Fragment Length Negotiation - RFC 6066 (session 4) */
2291#ifdef HAVE_MAX_FRAGMENT
2292
2293WOLFSSL_LOCAL int TLSX_UseMaxFragment(TLSX** extensions, byte mfl, void* heap);
2294
2295#endif /* HAVE_MAX_FRAGMENT */
2296
2297/** Truncated HMAC - RFC 6066 (session 7) */
2298#ifdef HAVE_TRUNCATED_HMAC
2299
2300WOLFSSL_LOCAL int TLSX_UseTruncatedHMAC(TLSX** extensions, void* heap);
2301
2302#endif /* HAVE_TRUNCATED_HMAC */
2303
2304/** Certificate Status Request - RFC 6066 (session 8) */
2305#ifdef HAVE_CERTIFICATE_STATUS_REQUEST
2306
2307typedef struct {
2308 byte status_type;
2309 byte options;
2310 WOLFSSL* ssl;
2311 union {
2312 OcspRequest ocsp;
2313 } request;
2314#if defined(WOLFSSL_TLS13) && !defined(NO_WOLFSSL_SERVER)
2315 buffer response;
2316#endif
2317} CertificateStatusRequest;
2318
2319WOLFSSL_LOCAL int TLSX_UseCertificateStatusRequest(TLSX** extensions,
2320 byte status_type, byte options, WOLFSSL* ssl, void* heap, int devId);
2321#ifndef NO_CERTS
2322WOLFSSL_LOCAL int TLSX_CSR_InitRequest(TLSX* extensions, DecodedCert* cert,
2323 void* heap);
2324#endif
2325WOLFSSL_LOCAL void* TLSX_CSR_GetRequest(TLSX* extensions);
2326WOLFSSL_LOCAL int TLSX_CSR_ForceRequest(WOLFSSL* ssl);
2327
2328#endif
2329
2330/** Certificate Status Request v2 - RFC 6961 */
2331#ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
2332
2333typedef struct CSRIv2 {
2334 byte status_type;
2335 byte options;
2336 word16 requests;
2337 union {
2338 OcspRequest ocsp[1 + MAX_CHAIN_DEPTH];
2339 } request;
2340 struct CSRIv2* next;
2341} CertificateStatusRequestItemV2;
2342
2343WOLFSSL_LOCAL int TLSX_UseCertificateStatusRequestV2(TLSX** extensions,
2344 byte status_type, byte options, void* heap, int devId);
2345#ifndef NO_CERTS
2346WOLFSSL_LOCAL int TLSX_CSR2_InitRequests(TLSX* extensions, DecodedCert* cert,
2347 byte isPeer, void* heap);
2348#endif
2349WOLFSSL_LOCAL void* TLSX_CSR2_GetRequest(TLSX* extensions, byte status_type,
2350 byte index);
2351WOLFSSL_LOCAL int TLSX_CSR2_ForceRequest(WOLFSSL* ssl);
2352
2353#endif
2354
2355/** Supported Elliptic Curves - RFC 4492 (session 4) */
2356#ifdef HAVE_SUPPORTED_CURVES
2357
2358typedef struct SupportedCurve {
2359 word16 name; /* Curve Names */
2360 struct SupportedCurve* next; /* List Behavior */
2361} SupportedCurve;
2362
2363typedef struct PointFormat {
2364 byte format; /* PointFormat */
2365 struct PointFormat* next; /* List Behavior */
2366} PointFormat;
2367
2368WOLFSSL_LOCAL int TLSX_UseSupportedCurve(TLSX** extensions, word16 name,
2369 void* heap);
2370
2371WOLFSSL_LOCAL int TLSX_UsePointFormat(TLSX** extensions, byte point,
2372 void* heap);
2373
2374#ifndef NO_WOLFSSL_SERVER
2375WOLFSSL_LOCAL int TLSX_ValidateSupportedCurves(WOLFSSL* ssl, byte first,
2376 byte second);
2377WOLFSSL_LOCAL int TLSX_SupportedCurve_CheckPriority(WOLFSSL* ssl);
2378WOLFSSL_LOCAL int TLSX_SupportedFFDHE_Set(WOLFSSL* ssl);
2379#endif
2380WOLFSSL_LOCAL int TLSX_SupportedCurve_Preferred(WOLFSSL* ssl,
2381 int checkSupported);
2382
2383#endif /* HAVE_SUPPORTED_CURVES */
2384
2385/** Renegotiation Indication - RFC 5746 */
2386#if defined(HAVE_SECURE_RENEGOTIATION) \
2387 || defined(HAVE_SERVER_RENEGOTIATION_INFO)
2388
2389enum key_cache_state {
2390 SCR_CACHE_NULL = 0, /* empty / begin state */
2391 SCR_CACHE_NEEDED, /* need to cache keys */
2392 SCR_CACHE_COPY, /* we have a cached copy */
2393 SCR_CACHE_PARTIAL, /* partial restore to real keys */
2394 SCR_CACHE_COMPLETE /* complete restore to real keys */
2395};
2396
2397/* Additional Connection State according to rfc5746 section 3.1 */
2398typedef struct SecureRenegotiation {
2399 byte enabled; /* secure_renegotiation flag in rfc */
2400 byte verifySet;
2401 byte startScr; /* server requested client to start scr */
2402 enum key_cache_state cache_status; /* track key cache state */
2403 byte client_verify_data[TLS_FINISHED_SZ]; /* cached */
2404 byte server_verify_data[TLS_FINISHED_SZ]; /* cached */
2405 byte subject_hash_set; /* if peer cert hash is set */
2406 byte subject_hash[KEYID_SIZE]; /* peer cert hash */
2407 Keys tmp_keys; /* can't overwrite real keys yet */
2408} SecureRenegotiation;
2409
2410WOLFSSL_LOCAL int TLSX_UseSecureRenegotiation(TLSX** extensions, void* heap);
2411
2412#ifdef HAVE_SERVER_RENEGOTIATION_INFO
2413WOLFSSL_LOCAL int TLSX_AddEmptyRenegotiationInfo(TLSX** extensions, void* heap);
2414#endif
2415
2416#endif /* HAVE_SECURE_RENEGOTIATION */
2417
2418/** Session Ticket - RFC 5077 (session 3.2) */
2419#ifdef HAVE_SESSION_TICKET
2420
2421typedef struct SessionTicket {
2422 word32 lifetime;
2423#ifdef WOLFSSL_TLS13
2424 word64 seen;
2425 word32 ageAdd;
2426#endif
2427 byte* data;
2428 word16 size;
2429} SessionTicket;
2430
2431WOLFSSL_LOCAL int TLSX_UseSessionTicket(TLSX** extensions,
2432 SessionTicket* ticket, void* heap);
2433WOLFSSL_LOCAL SessionTicket* TLSX_SessionTicket_Create(word32 lifetime,
2434 byte* data, word16 size, void* heap);
2435WOLFSSL_LOCAL void TLSX_SessionTicket_Free(SessionTicket* ticket, void* heap);
2436
2437#endif /* HAVE_SESSION_TICKET */
2438
2439/** Quantum-Safe-Hybrid - draft-whyte-qsh-tls12-00 */
2440#ifdef HAVE_QSH
2441
2442typedef struct QSHScheme {
2443 struct QSHScheme* next; /* List Behavior */
2444 byte* PK;
2445 word16 name; /* QSHScheme Names */
2446 word16 PKLen;
2447} QSHScheme;
2448
2449typedef struct QSHkey {
2450 struct QSHKey* next;
2451 word16 name;
2452 buffer pub;
2453 buffer pri;
2454} QSHKey;
2455
2456typedef struct QSHSecret {
2457 QSHScheme* list;
2458 buffer* SerSi;
2459 buffer* CliSi;
2460} QSHSecret;
2461
2462/* used in key exchange during handshake */
2463WOLFSSL_LOCAL int TLSX_QSHCipher_Parse(WOLFSSL* ssl, const byte* input,
2464 word16 length, byte isServer);
2465WOLFSSL_LOCAL word16 TLSX_QSHPK_Write(QSHScheme* list, byte* output);
2466WOLFSSL_LOCAL word16 TLSX_QSH_GetSize(QSHScheme* list, byte isRequest);
2467
2468/* used by api for setting a specific QSH scheme */
2469WOLFSSL_LOCAL int TLSX_UseQSHScheme(TLSX** extensions, word16 name,
2470 byte* pKey, word16 pKeySz, void* heap);
2471
2472/* used when parsing in QSHCipher structs */
2473WOLFSSL_LOCAL int QSH_Decrypt(QSHKey* key, byte* in, word32 szIn,
2474 byte* out, word16* szOut);
2475#ifndef NO_WOLFSSL_SERVER
2476WOLFSSL_LOCAL int TLSX_ValidateQSHScheme(TLSX** extensions, word16 name);
2477#endif
2478
2479#endif /* HAVE_QSH */
2480
2481#ifdef WOLFSSL_TLS13
2482/* Cookie extension information - cookie data. */
2483typedef struct Cookie {
2484 word16 len;
2485 byte data;
2486} Cookie;
2487
2488WOLFSSL_LOCAL int TLSX_Cookie_Use(WOLFSSL* ssl, byte* data, word16 len,
2489 byte* mac, byte macSz, int resp);
2490
2491
2492/* Key Share - TLS v1.3 Specification */
2493
2494/* The KeyShare extension information - entry in a linked list. */
2495typedef struct KeyShareEntry {
2496 word16 group; /* NamedGroup */
2497 byte* ke; /* Key exchange data */
2498 word32 keLen; /* Key exchange data length */
2499 void* key; /* Private key */
2500 word32 keyLen; /* Private key length */
2501 byte* pubKey; /* Public key */
2502 word32 pubKeyLen; /* Public key length */
2503 struct KeyShareEntry* next; /* List pointer */
2504} KeyShareEntry;
2505
2506WOLFSSL_LOCAL int TLSX_KeyShare_Use(WOLFSSL* ssl, word16 group, word16 len,
2507 byte* data, KeyShareEntry **kse);
2508WOLFSSL_LOCAL int TLSX_KeyShare_Empty(WOLFSSL* ssl);
2509WOLFSSL_LOCAL int TLSX_KeyShare_Establish(WOLFSSL* ssl);
2510WOLFSSL_LOCAL int TLSX_KeyShare_DeriveSecret(WOLFSSL* ssl);
2511
2512
2513#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
2514#ifndef WOLFSSL_TLS13_DRAFT_18
2515/* Ticket nonce - for deriving PSK.
2516 * Length allowed to be: 1..255. Only support 4 bytes.
2517 */
2518typedef struct TicketNonce {
2519 byte len;
2520 byte data[MAX_TICKET_NONCE_SZ];
2521} TicketNonce;
2522#endif
2523
2524/* The PreSharedKey extension information - entry in a linked list. */
2525typedef struct PreSharedKey {
2526 word16 identityLen; /* Length of identity */
2527 byte* identity; /* PSK identity */
2528 word32 ticketAge; /* Age of the ticket */
2529 byte cipherSuite0; /* Cipher Suite */
2530 byte cipherSuite; /* Cipher Suite */
2531 word32 binderLen; /* Length of HMAC */
2532 byte binder[WC_MAX_DIGEST_SIZE]; /* HMAC of handshake */
2533 byte hmac; /* HMAC algorithm */
2534 byte resumption:1; /* Resumption PSK */
2535 byte chosen:1; /* Server's choice */
2536 struct PreSharedKey* next; /* List pointer */
2537} PreSharedKey;
2538
2539WOLFSSL_LOCAL int TLSX_PreSharedKey_WriteBinders(PreSharedKey* list,
2540 byte* output, byte msgType,
2541 word16* pSz);
2542WOLFSSL_LOCAL int TLSX_PreSharedKey_GetSizeBinders(PreSharedKey* list,
2543 byte msgType, word16* pSz);
2544WOLFSSL_LOCAL int TLSX_PreSharedKey_Use(WOLFSSL* ssl, byte* identity,
2545 word16 len, word32 age, byte hmac,
2546 byte cipherSuite0, byte cipherSuite,
2547 byte resumption,
2548 PreSharedKey **preSharedKey);
2549
2550/* The possible Pre-Shared Key key exchange modes. */
2551enum PskKeyExchangeMode {
2552 PSK_KE,
2553 PSK_DHE_KE
2554};
2555
2556/* User can define this. */
2557#ifndef WOLFSSL_DEF_PSK_CIPHER
2558#define WOLFSSL_DEF_PSK_CIPHER TLS_AES_128_GCM_SHA256
2559#endif
2560
2561WOLFSSL_LOCAL int TLSX_PskKeModes_Use(WOLFSSL* ssl, byte modes);
2562
2563#ifdef WOLFSSL_EARLY_DATA
2564WOLFSSL_LOCAL int TLSX_EarlyData_Use(WOLFSSL* ssl, word32 max);
2565#endif
2566#endif /* HAVE_SESSION_TICKET || !NO_PSK */
2567
2568
2569/* The types of keys to derive for. */
2570enum DeriveKeyType {
2571 no_key,
2572 early_data_key,
2573 handshake_key,
2574 traffic_key,
2575 update_traffic_key
2576};
2577
2578/* The key update request values for KeyUpdate message. */
2579enum KeyUpdateRequest {
2580 update_not_requested,
2581 update_requested
2582};
2583#endif /* WOLFSSL_TLS13 */
2584
2585
2586#ifdef OPENSSL_EXTRA
2587enum SetCBIO {
2588 WOLFSSL_CBIO_NONE = 0,
2589 WOLFSSL_CBIO_RECV = 0x1,
2590 WOLFSSL_CBIO_SEND = 0x2,
2591};
2592#endif
2593
2594/* wolfSSL context type */
2595struct WOLFSSL_CTX {
2596 WOLFSSL_METHOD* method;
2597#ifdef SINGLE_THREADED
2598 WC_RNG* rng; /* to be shared with WOLFSSL w/o locking */
2599#endif
2600 wolfSSL_Mutex countMutex; /* reference count mutex */
2601 int refCount; /* reference count */
2602 int err; /* error code in case of mutex not created */
2603#ifndef NO_DH
2604 buffer serverDH_P;
2605 buffer serverDH_G;
2606#endif
2607#ifndef NO_CERTS
2608 DerBuffer* certificate;
2609 DerBuffer* certChain;
2610 /* chain after self, in DER, with leading size for each cert */
2611 #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EXTRA)
2612 WOLF_STACK_OF(WOLFSSL_X509_NAME)* ca_names;
2613 #endif
2614 #if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || \
2615 defined(WOLFSSL_NGINX) || defined (WOLFSSL_HAPROXY)
2616 WOLF_STACK_OF(WOLFSSL_X509)* x509Chain;
2617 client_cert_cb CBClientCert; /* client certificate callback */
2618 #endif
2619#ifdef WOLFSSL_TLS13
2620 int certChainCnt;
2621#endif
2622 DerBuffer* privateKey;
2623 byte privateKeyType:7;
2624 byte privateKeyId:1;
2625 int privateKeySz;
2626 int privateKeyDevId;
2627 WOLFSSL_CERT_MANAGER* cm; /* our cert manager, ctx owns SSL will use */
2628#endif
2629#ifdef KEEP_OUR_CERT
2630 WOLFSSL_X509* ourCert; /* keep alive a X509 struct of cert */
2631 int ownOurCert; /* Dispose of certificate if we own */
2632#endif
2633 Suites* suites; /* make dynamic, user may not need/set */
2634 void* heap; /* for user memory overrides */
2635 byte verifyDepth;
2636 byte verifyPeer:1;
2637 byte verifyNone:1;
2638 byte failNoCert:1;
2639 byte failNoCertxPSK:1; /* fail if no cert with the exception of PSK*/
2640 byte sessionCacheOff:1;
2641 byte sessionCacheFlushOff:1;
2642#ifdef HAVE_EXT_CACHE
2643 byte internalCacheOff:1;
2644#endif
2645 byte sendVerify:2; /* for client side (can not be single bit) */
2646 byte haveRSA:1; /* RSA available */
2647 byte haveECC:1; /* ECC available */
2648 byte haveDH:1; /* server DH parms set by user */
2649 byte haveNTRU:1; /* server private NTRU key loaded */
2650 byte haveECDSAsig:1; /* server cert signed w/ ECDSA */
2651 byte haveStaticECC:1; /* static server ECC private key */
2652 byte partialWrite:1; /* only one msg per write call */
2653 byte quietShutdown:1; /* don't send close notify */
2654 byte groupMessages:1; /* group handshake messages before sending */
2655 byte minDowngrade; /* minimum downgrade version */
2656 byte haveEMS:1; /* have extended master secret extension */
2657 byte useClientOrder:1; /* Use client's cipher preference order */
2658#ifdef WOLFSSL_TLS13
2659 byte noTicketTls13:1; /* Server won't create new Ticket */
2660 byte noPskDheKe:1; /* Don't use (EC)DHE with PSK */
2661#endif
2662 byte mutualAuth:1; /* Mutual authentication required */
2663#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
2664 byte postHandshakeAuth:1; /* Post-handshake auth supported. */
2665#endif
2666#ifndef NO_DH
2667 #if !defined(WOLFSSL_OLD_PRIME_CHECK) && !defined(HAVE_FIPS) && \
2668 !defined(HAVE_SELFTEST)
2669 byte dhKeyTested:1; /* Set when key has been tested. */
2670 #endif
2671#endif
2672#ifdef HAVE_SECURE_RENEGOTIATION
2673 byte useSecureReneg:1; /* when set will set WOLFSSL objects generated to enable */
2674#endif
2675#ifdef HAVE_ENCRYPT_THEN_MAC
2676 byte disallowEncThenMac:1; /* Don't do Encrypt-Then-MAC */
2677#endif
2678#ifdef WOLFSSL_STATIC_MEMORY
2679 byte onHeap:1; /* whether the ctx/method is put on heap hint */
2680#endif
2681#ifdef WOLFSSL_MULTICAST
2682 byte haveMcast; /* multicast requested */
2683 byte mcastID; /* multicast group ID */
2684#endif
2685#if defined(WOLFSSL_SCTP) && defined(WOLFSSL_DTLS)
2686 byte dtlsSctp; /* DTLS-over-SCTP mode */
2687#endif
2688#if (defined(WOLFSSL_SCTP) || defined(WOLFSSL_DTLS_MTU)) && \
2689 defined(WOLFSSL_DTLS)
2690 word16 dtlsMtuSz; /* DTLS MTU size */
2691#endif
2692#ifndef NO_DH
2693 word16 minDhKeySz; /* minimum DH key size */
2694 word16 maxDhKeySz; /* maximum DH key size */
2695#endif
2696#ifndef NO_RSA
2697 short minRsaKeySz; /* minimum RSA key size */
2698#endif
2699#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448)
2700 short minEccKeySz; /* minimum ECC key size */
2701#endif
2702#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
2703 unsigned long mask; /* store SSL_OP_ flags */
2704#endif
2705#ifdef OPENSSL_EXTRA
2706 byte sessionCtx[ID_LEN]; /* app session context ID */
2707 word32 disabledCurves; /* curves disabled by user */
2708 const unsigned char *alpn_cli_protos;/* ALPN client protocol list */
2709 unsigned int alpn_cli_protos_len;
2710 byte sessionCtxSz;
2711 byte cbioFlag; /* WOLFSSL_CBIO_RECV/SEND: CBIORecv/Send is set */
2712 CallbackInfoState* CBIS; /* used to get info about SSL state */
2713#endif
2714 CallbackIORecv CBIORecv;
2715 CallbackIOSend CBIOSend;
2716#ifdef WOLFSSL_DTLS
2717 CallbackGenCookie CBIOCookie; /* gen cookie callback */
2718#ifdef WOLFSSL_SESSION_EXPORT
2719 wc_dtls_export dtls_export; /* export function for DTLS session */
2720 CallbackGetPeer CBGetPeer;
2721 CallbackSetPeer CBSetPeer;
2722#endif
2723#endif /* WOLFSSL_DTLS */
2724 VerifyCallback verifyCallback; /* cert verification callback */
2725#ifdef OPENSSL_ALL
2726 CertVerifyCallback verifyCertCb;
2727 void* verifyCertCbArg;
2728#endif /* OPENSSL_ALL */
2729 word32 timeout; /* session timeout */
2730#if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_ED448)
2731 word32 ecdhCurveOID; /* curve Ecc_Sum */
2732#endif
2733#ifdef HAVE_ECC
2734 word16 eccTempKeySz; /* in octets 20 - 66 */
2735#endif
2736#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448)
2737 word32 pkCurveOID; /* curve Ecc_Sum */
2738#endif
2739#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
2740 byte havePSK; /* psk key set by user */
2741 wc_psk_client_callback client_psk_cb; /* client callback */
2742 wc_psk_server_callback server_psk_cb; /* server callback */
2743#ifdef WOLFSSL_TLS13
2744 wc_psk_client_tls13_callback client_psk_tls13_cb; /* client callback */
2745 wc_psk_server_tls13_callback server_psk_tls13_cb; /* server callback */
2746#endif
2747 char server_hint[MAX_PSK_ID_LEN + NULL_TERM_LEN];
2748#endif /* HAVE_SESSION_TICKET || !NO_PSK */
2749#ifdef WOLFSSL_TLS13
2750 word16 group[WOLFSSL_MAX_GROUP_COUNT];
2751 byte numGroups;
2752#endif
2753#ifdef WOLFSSL_EARLY_DATA
2754 word32 maxEarlyDataSz;
2755#endif
2756#ifdef HAVE_ANON
2757 byte haveAnon; /* User wants to allow Anon suites */
2758#endif /* HAVE_ANON */
2759#ifdef WOLFSSL_ENCRYPTED_KEYS
2760 pem_password_cb* passwd_cb;
2761 void* passwd_userdata;
2762#endif
2763#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
2764 WOLFSSL_X509_STORE x509_store; /* points to ctx->cm */
2765 WOLFSSL_X509_STORE* x509_store_pt; /* take ownership of external store */
2766 byte readAhead;
2767 void* userPRFArg; /* passed to prf callback */
2768#endif
2769#ifdef HAVE_EX_DATA
2770 WOLFSSL_CRYPTO_EX_DATA ex_data;
2771#endif
2772#if defined(HAVE_ALPN) && (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY))
2773 CallbackALPNSelect alpnSelect;
2774 void* alpnSelectArg;
2775#endif
2776#if defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && (defined(HAVE_STUNNEL) || \
2777 defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY) || \
2778 defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_OPENSSH) ))
2779 CallbackSniRecv sniRecvCb;
2780 void* sniRecvCbArg;
2781#endif
2782#if defined(WOLFSSL_MULTICAST) && defined(WOLFSSL_DTLS)
2783 CallbackMcastHighwater mcastHwCb; /* Sequence number highwater callback */
2784 word32 mcastFirstSeq; /* first trigger level */
2785 word32 mcastSecondSeq; /* second trigger level */
2786 word32 mcastMaxSeq; /* max level */
2787#endif
2788#ifdef HAVE_OCSP
2789 WOLFSSL_OCSP ocsp;
2790#endif
2791 int devId; /* async device id to use */
2792#ifdef HAVE_TLS_EXTENSIONS
2793 TLSX* extensions; /* RFC 6066 TLS Extensions data */
2794 #ifndef NO_WOLFSSL_SERVER
2795 #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
2796 || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
2797 OcspRequest* certOcspRequest;
2798 #endif
2799 #if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
2800 OcspRequest* chainOcspRequest[MAX_CHAIN_DEPTH];
2801 #endif
2802 #endif
2803 #if defined(HAVE_SESSION_TICKET) && !defined(NO_WOLFSSL_SERVER)
2804 SessionTicketEncCb ticketEncCb; /* enc/dec session ticket Cb */
2805 void* ticketEncCtx; /* session encrypt context */
2806 int ticketHint; /* ticket hint in seconds */
2807 #endif
2808 #ifdef HAVE_SUPPORTED_CURVES
2809 byte userCurves; /* indicates user called wolfSSL_CTX_UseSupportedCurve */
2810 #endif
2811#endif
2812#ifdef ATOMIC_USER
2813 CallbackMacEncrypt MacEncryptCb; /* Atomic User Mac/Encrypt Cb */
2814 CallbackDecryptVerify DecryptVerifyCb; /* Atomic User Decrypt/Verify Cb */
2815 #ifdef HAVE_ENCRYPT_THEN_MAC
2816 CallbackEncryptMac EncryptMacCb; /* Atomic User Mac/Enc Cb */
2817 CallbackVerifyDecrypt VerifyDecryptCb; /* Atomic User Dec/Verify Cb */
2818 #endif
2819#endif
2820#ifdef HAVE_PK_CALLBACKS
2821 #ifdef HAVE_ECC
2822 CallbackEccKeyGen EccKeyGenCb; /* User EccKeyGen Callback Handler */
2823 CallbackEccSign EccSignCb; /* User EccSign Callback handler */
2824 CallbackEccVerify EccVerifyCb; /* User EccVerify Callback handler */
2825 CallbackEccSharedSecret EccSharedSecretCb; /* User EccVerify Callback handler */
2826 #ifdef HAVE_ED25519
2827 /* User Ed25519Sign Callback handler */
2828 CallbackEd25519Sign Ed25519SignCb;
2829 /* User Ed25519Verify Callback handler */
2830 CallbackEd25519Verify Ed25519VerifyCb;
2831 #endif
2832 #ifdef HAVE_CURVE25519
2833 /* User X25519 KeyGen Callback Handler */
2834 CallbackX25519KeyGen X25519KeyGenCb;
2835 /* User X25519 SharedSecret Callback handler */
2836 CallbackX25519SharedSecret X25519SharedSecretCb;
2837 #endif
2838 #ifdef HAVE_ED448
2839 /* User Ed448Sign Callback handler */
2840 CallbackEd448Sign Ed448SignCb;
2841 /* User Ed448Verify Callback handler */
2842 CallbackEd448Verify Ed448VerifyCb;
2843 #endif
2844 #ifdef HAVE_CURVE448
2845 /* User X448 KeyGen Callback Handler */
2846 CallbackX448KeyGen X448KeyGenCb;
2847 /* User X448 SharedSecret Callback handler */
2848 CallbackX448SharedSecret X448SharedSecretCb;
2849 #endif
2850 #endif /* HAVE_ECC */
2851 #ifndef NO_DH
2852 CallbackDhAgree DhAgreeCb; /* User DH Agree Callback handler */
2853 #endif
2854 #ifndef NO_RSA
2855 CallbackRsaSign RsaSignCb; /* User RsaSign Callback handler (priv key) */
2856 CallbackRsaVerify RsaVerifyCb; /* User RsaVerify Callback handler (pub key) */
2857 CallbackRsaVerify RsaSignCheckCb; /* User VerifyRsaSign Callback handler (priv key) */
2858 #ifdef WC_RSA_PSS
2859 CallbackRsaPssSign RsaPssSignCb; /* User RsaSign (priv key) */
2860 CallbackRsaPssVerify RsaPssVerifyCb; /* User RsaVerify (pub key) */
2861 CallbackRsaPssVerify RsaPssSignCheckCb; /* User VerifyRsaSign (priv key) */
2862 #endif
2863 CallbackRsaEnc RsaEncCb; /* User Rsa Public Encrypt handler */
2864 CallbackRsaDec RsaDecCb; /* User Rsa Private Decrypt handler */
2865 #endif /* NO_RSA */
2866#endif /* HAVE_PK_CALLBACKS */
2867#ifdef HAVE_WOLF_EVENT
2868 WOLF_EVENT_QUEUE event_queue;
2869#endif /* HAVE_WOLF_EVENT */
2870#ifdef HAVE_EXT_CACHE
2871 WOLFSSL_SESSION*(*get_sess_cb)(WOLFSSL*, unsigned char*, int, int*);
2872 int (*new_sess_cb)(WOLFSSL*, WOLFSSL_SESSION*);
2873 void (*rem_sess_cb)(WOLFSSL_CTX*, WOLFSSL_SESSION*);
2874#endif
2875#if defined(OPENSSL_EXTRA) && defined(WOLFCRYPT_HAVE_SRP) && !defined(NO_SHA256)
2876 Srp* srp; /* TLS Secure Remote Password Protocol*/
2877 byte* srp_password;
2878#endif
2879};
2880
2881WOLFSSL_LOCAL
2882int InitSSL_Ctx(WOLFSSL_CTX*, WOLFSSL_METHOD*, void* heap);
2883WOLFSSL_LOCAL
2884void FreeSSL_Ctx(WOLFSSL_CTX*);
2885WOLFSSL_LOCAL
2886void SSL_CtxResourceFree(WOLFSSL_CTX*);
2887
2888WOLFSSL_LOCAL
2889int DeriveTlsKeys(WOLFSSL* ssl);
2890WOLFSSL_LOCAL
2891int ProcessOldClientHello(WOLFSSL* ssl, const byte* input, word32* inOutIdx,
2892 word32 inSz, word16 sz);
2893
2894#ifndef NO_CERTS
2895 WOLFSSL_LOCAL
2896 int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify);
2897 WOLFSSL_LOCAL
2898 int AlreadySigner(WOLFSSL_CERT_MANAGER* cm, byte* hash);
2899#ifdef WOLFSSL_TRUST_PEER_CERT
2900 WOLFSSL_LOCAL
2901 int AddTrustedPeer(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int verify);
2902 WOLFSSL_LOCAL
2903 int AlreadyTrustedPeer(WOLFSSL_CERT_MANAGER* cm, byte* hash);
2904#endif
2905#endif
2906
2907/* All cipher suite related info
2908 * Keep as a constant size (no ifdefs) for session export */
2909typedef struct CipherSpecs {
2910 word16 key_size;
2911 word16 iv_size;
2912 word16 block_size;
2913 word16 aead_mac_size;
2914 byte bulk_cipher_algorithm;
2915 byte cipher_type; /* block, stream, or aead */
2916 byte mac_algorithm;
2917 byte kea; /* key exchange algo */
2918 byte sig_algo;
2919 byte hash_size;
2920 byte pad_size;
2921 byte static_ecdh;
2922} CipherSpecs;
2923
2924
2925void InitCipherSpecs(CipherSpecs* cs);
2926
2927
2928/* Supported Key Exchange Protocols */
2929enum KeyExchangeAlgorithm {
2930 no_kea,
2931 rsa_kea,
2932 diffie_hellman_kea,
2933 fortezza_kea,
2934 psk_kea,
2935 dhe_psk_kea,
2936 ecdhe_psk_kea,
2937 ntru_kea,
2938 ecc_diffie_hellman_kea,
2939 ecc_static_diffie_hellman_kea /* for verify suite only */
2940};
2941
2942
2943/* Supported Authentication Schemes */
2944enum SignatureAlgorithm {
2945 anonymous_sa_algo = 0,
2946 rsa_sa_algo = 1,
2947 dsa_sa_algo = 2,
2948 ecc_dsa_sa_algo = 3,
2949 rsa_pss_sa_algo = 8,
2950 ed25519_sa_algo = 9,
2951 rsa_pss_pss_algo = 10,
2952 ed448_sa_algo = 11
2953};
2954
2955#define PSS_RSAE_TO_PSS_PSS(macAlgo) \
2956 (macAlgo + (pss_sha256 - sha256_mac))
2957
2958#define PSS_PSS_HASH_TO_MAC(macAlgo) \
2959 (macAlgo - (pss_sha256 - sha256_mac))
2960
2961enum SigAlgRsaPss {
2962 pss_sha256 = 0x09,
2963 pss_sha384 = 0x0a,
2964 pss_sha512 = 0x0b,
2965};
2966
2967
2968/* Supprted ECC Curve Types */
2969enum EccCurves {
2970 named_curve = 3
2971};
2972
2973
2974/* Valid client certificate request types from page 27 */
2975enum ClientCertificateType {
2976 rsa_sign = 1,
2977 dss_sign = 2,
2978 rsa_fixed_dh = 3,
2979 dss_fixed_dh = 4,
2980 rsa_ephemeral_dh = 5,
2981 dss_ephemeral_dh = 6,
2982 fortezza_kea_cert = 20,
2983 ecdsa_sign = 64,
2984 rsa_fixed_ecdh = 65,
2985 ecdsa_fixed_ecdh = 66
2986};
2987
2988
2989#ifndef WOLFSSL_AEAD_ONLY
2990enum CipherType { stream, block, aead };
2991#else
2992enum CipherType { aead };
2993#endif
2994
2995
2996#if defined(BUILD_AES) || defined(BUILD_AESGCM) || (defined(HAVE_CHACHA) && \
2997 defined(HAVE_POLY1305)) || defined(WOLFSSL_TLS13)
2998 #define CIPHER_NONCE
2999#endif
3000
3001
3002/* cipher for now */
3003typedef struct Ciphers {
3004#ifdef BUILD_ARC4
3005 Arc4* arc4;
3006#endif
3007#ifdef BUILD_DES3
3008 Des3* des3;
3009#endif
3010#if defined(BUILD_AES) || defined(BUILD_AESGCM)
3011 Aes* aes;
3012 #if (defined(BUILD_AESGCM) || defined(HAVE_AESCCM)) && \
3013 !defined(WOLFSSL_NO_TLS12)
3014 byte* additional;
3015 #endif
3016#endif
3017#ifdef CIPHER_NONCE
3018 byte* nonce;
3019#endif
3020#ifdef HAVE_CAMELLIA
3021 Camellia* cam;
3022#endif
3023#ifdef HAVE_CHACHA
3024 ChaCha* chacha;
3025#endif
3026#ifdef HAVE_HC128
3027 HC128* hc128;
3028#endif
3029#ifdef BUILD_RABBIT
3030 Rabbit* rabbit;
3031#endif
3032#ifdef HAVE_IDEA
3033 Idea* idea;
3034#endif
3035#if defined(WOLFSSL_TLS13) && defined(HAVE_NULL_CIPHER)
3036 Hmac* hmac;
3037#endif
3038 byte state;
3039 byte setup; /* have we set it up flag for detection */
3040} Ciphers;
3041
3042
3043#ifdef HAVE_ONE_TIME_AUTH
3044/* Ciphers for one time authentication such as poly1305 */
3045typedef struct OneTimeAuth {
3046#ifdef HAVE_POLY1305
3047 Poly1305* poly1305;
3048#endif
3049 byte setup; /* flag for if a cipher has been set */
3050
3051} OneTimeAuth;
3052#endif
3053
3054
3055WOLFSSL_LOCAL void InitCiphers(WOLFSSL* ssl);
3056WOLFSSL_LOCAL void FreeCiphers(WOLFSSL* ssl);
3057
3058
3059/* hashes type */
3060typedef struct Hashes {
3061 #if !defined(NO_MD5) && !defined(NO_OLD_TLS)
3062 byte md5[WC_MD5_DIGEST_SIZE];
3063 #endif
3064 #if !defined(NO_SHA)
3065 byte sha[WC_SHA_DIGEST_SIZE];
3066 #endif
3067 #ifndef NO_SHA256
3068 byte sha256[WC_SHA256_DIGEST_SIZE];
3069 #endif
3070 #ifdef WOLFSSL_SHA384
3071 byte sha384[WC_SHA384_DIGEST_SIZE];
3072 #endif
3073 #ifdef WOLFSSL_SHA512
3074 byte sha512[WC_SHA512_DIGEST_SIZE];
3075 #endif
3076} Hashes;
3077
3078WOLFSSL_LOCAL int BuildCertHashes(WOLFSSL* ssl, Hashes* hashes);
3079
3080#ifdef WOLFSSL_TLS13
3081typedef union Digest {
3082#ifndef NO_WOLFSSL_SHA256
3083 wc_Sha256 sha256;
3084#endif
3085#ifdef WOLFSSL_SHA384
3086 wc_Sha384 sha384;
3087#endif
3088#ifdef WOLFSSL_SHA512
3089 wc_Sha512 sha512;
3090#endif
3091} Digest;
3092#endif
3093
3094/* Static x509 buffer */
3095typedef struct x509_buffer {
3096 int length; /* actual size */
3097 byte buffer[MAX_X509_SIZE]; /* max static cert size */
3098} x509_buffer;
3099
3100
3101/* wolfSSL X509_CHAIN, for no dynamic memory SESSION_CACHE */
3102struct WOLFSSL_X509_CHAIN {
3103 int count; /* total number in chain */
3104 x509_buffer certs[MAX_CHAIN_DEPTH]; /* only allow max depth 4 for now */
3105};
3106
3107
3108/* wolfSSL session type */
3109struct WOLFSSL_SESSION {
3110 word32 bornOn; /* create time in seconds */
3111 word32 timeout; /* timeout in seconds */
3112 byte sessionID[ID_LEN]; /* id for protocol */
3113 byte sessionIDSz;
3114 byte masterSecret[SECRET_LEN]; /* stored secret */
3115 word16 haveEMS; /* ext master secret flag */
3116#ifdef SESSION_CERTS
3117#ifdef OPENSSL_EXTRA
3118 WOLFSSL_X509* peer; /* peer cert */
3119#endif
3120 WOLFSSL_X509_CHAIN chain; /* peer cert chain, static */
3121 #ifdef WOLFSSL_ALT_CERT_CHAINS
3122 WOLFSSL_X509_CHAIN altChain; /* peer alt cert chain, static */
3123 #endif
3124#endif
3125#if defined(SESSION_CERTS) || (defined(WOLFSSL_TLS13) && \
3126 defined(HAVE_SESSION_TICKET))
3127 ProtocolVersion version; /* which version was used */
3128#endif
3129#if defined(SESSION_CERTS) || !defined(NO_RESUME_SUITE_CHECK) || \
3130 (defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET))
3131 byte cipherSuite0; /* first byte, normally 0 */
3132 byte cipherSuite; /* 2nd byte, actual suite */
3133#endif
3134#ifndef NO_CLIENT_CACHE
3135 word16 idLen; /* serverID length */
3136 byte serverID[SERVER_ID_LEN]; /* for easier client lookup */
3137#endif
3138#ifdef OPENSSL_EXTRA
3139 byte sessionCtxSz; /* sessionCtx length */
3140 byte sessionCtx[ID_LEN]; /* app specific context id */
3141#endif
3142#ifdef WOLFSSL_TLS13
3143 word16 namedGroup;
3144#endif
3145#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
3146 #ifdef WOLFSSL_TLS13
3147 word32 ticketSeen; /* Time ticket seen (ms) */
3148 word32 ticketAdd; /* Added by client */
3149 #ifndef WOLFSSL_TLS13_DRAFT_18
3150 TicketNonce ticketNonce; /* Nonce used to derive PSK */
3151 #endif
3152 #endif
3153 #ifdef WOLFSSL_EARLY_DATA
3154 word32 maxEarlyDataSz;
3155 #endif
3156#endif
3157#ifdef HAVE_SESSION_TICKET
3158 byte* ticket;
3159 word16 ticketLen;
3160 byte staticTicket[SESSION_TICKET_LEN];
3161 byte isDynamic;
3162#endif
3163#ifdef HAVE_EXT_CACHE
3164 byte isAlloced;
3165#endif
3166#ifdef HAVE_EX_DATA
3167 WOLFSSL_CRYPTO_EX_DATA ex_data;
3168#endif
3169};
3170
3171
3172WOLFSSL_LOCAL
3173WOLFSSL_SESSION* GetSession(WOLFSSL*, byte*, byte);
3174WOLFSSL_LOCAL
3175int SetSession(WOLFSSL*, WOLFSSL_SESSION*);
3176
3177typedef int (*hmacfp) (WOLFSSL*, byte*, const byte*, word32, int, int, int);
3178
3179#ifndef NO_CLIENT_CACHE
3180 WOLFSSL_SESSION* GetSessionClient(WOLFSSL*, const byte*, int);
3181#endif
3182
3183/* client connect state for nonblocking restart */
3184enum ConnectState {
3185 CONNECT_BEGIN = 0,
3186 CLIENT_HELLO_SENT,
3187 HELLO_AGAIN, /* HELLO_AGAIN s for DTLS case */
3188 HELLO_AGAIN_REPLY,
3189 FIRST_REPLY_DONE,
3190 FIRST_REPLY_FIRST,
3191 FIRST_REPLY_SECOND,
3192 FIRST_REPLY_THIRD,
3193 FIRST_REPLY_FOURTH,
3194 FINISHED_DONE,
3195 SECOND_REPLY_DONE
3196};
3197
3198
3199/* server accept state for nonblocking restart */
3200enum AcceptState {
3201 ACCEPT_BEGIN = 0,
3202 ACCEPT_BEGIN_RENEG,
3203 ACCEPT_CLIENT_HELLO_DONE,
3204 ACCEPT_HELLO_RETRY_REQUEST_DONE,
3205 ACCEPT_FIRST_REPLY_DONE,
3206 SERVER_HELLO_SENT,
3207 SERVER_EXTENSIONS_SENT,
3208 CERT_SENT,
3209 CERT_VERIFY_SENT,
3210 CERT_STATUS_SENT,
3211 KEY_EXCHANGE_SENT,
3212 CERT_REQ_SENT,
3213 SERVER_HELLO_DONE,
3214 ACCEPT_SECOND_REPLY_DONE,
3215 TICKET_SENT,
3216 CHANGE_CIPHER_SENT,
3217 ACCEPT_FINISHED_DONE,
3218 ACCEPT_THIRD_REPLY_DONE
3219};
3220
3221/* TLS 1.3 server accept state for nonblocking restart */
3222enum AcceptStateTls13 {
3223 TLS13_ACCEPT_BEGIN = 0,
3224 TLS13_ACCEPT_BEGIN_RENEG,
3225 TLS13_ACCEPT_CLIENT_HELLO_DONE,
3226 TLS13_ACCEPT_HELLO_RETRY_REQUEST_DONE,
3227 TLS13_ACCEPT_FIRST_REPLY_DONE,
3228 TLS13_ACCEPT_SECOND_REPLY_DONE,
3229 TLS13_SERVER_HELLO_SENT,
3230 TLS13_ACCEPT_THIRD_REPLY_DONE,
3231 TLS13_SERVER_EXTENSIONS_SENT,
3232 TLS13_CERT_REQ_SENT,
3233 TLS13_CERT_SENT,
3234 TLS13_CERT_VERIFY_SENT,
3235 TLS13_ACCEPT_FINISHED_SENT,
3236 TLS13_PRE_TICKET_SENT,
3237 TLS13_ACCEPT_FINISHED_DONE,
3238 TLS13_TICKET_SENT
3239};
3240
3241/* buffers for struct WOLFSSL */
3242typedef struct Buffers {
3243 bufferStatic inputBuffer;
3244 bufferStatic outputBuffer;
3245 buffer domainName; /* for client check */
3246 buffer clearOutputBuffer;
3247 buffer sig; /* signature data */
3248 buffer digest; /* digest data */
3249 int prevSent; /* previous plain text bytes sent
3250 when got WANT_WRITE */
3251 int plainSz; /* plain text bytes in buffer to send
3252 when got WANT_WRITE */
3253 byte weOwnCert; /* SSL own cert flag */
3254 byte weOwnCertChain; /* SSL own cert chain flag */
3255 byte weOwnKey; /* SSL own key flag */
3256 byte weOwnDH; /* SSL own dh (p,g) flag */
3257#ifndef NO_DH
3258 buffer serverDH_P; /* WOLFSSL_CTX owns, unless we own */
3259 buffer serverDH_G; /* WOLFSSL_CTX owns, unless we own */
3260 buffer serverDH_Pub;
3261 buffer serverDH_Priv;
3262 DhKey* serverDH_Key;
3263#endif
3264#ifndef NO_CERTS
3265 DerBuffer* certificate; /* WOLFSSL_CTX owns, unless we own */
3266 DerBuffer* key; /* WOLFSSL_CTX owns, unless we own */
3267 byte keyType:7; /* Type of key: RSA, ECC, Ed25519 */
3268 byte keyId:1; /* Key data is an id not data */
3269 int keySz; /* Size of RSA key */
3270 int keyDevId; /* Device Id for key */
3271 DerBuffer* certChain; /* WOLFSSL_CTX owns, unless we own */
3272 /* chain after self, in DER, with leading size for each cert */
3273#ifdef WOLFSSL_TLS13
3274 int certChainCnt;
3275 DerBuffer* certExts;
3276#endif
3277#endif
3278#ifdef WOLFSSL_SEND_HRR_COOKIE
3279 buffer tls13CookieSecret; /* HRR cookie secret */
3280#endif
3281#ifdef WOLFSSL_DTLS
3282 WOLFSSL_DTLS_CTX dtlsCtx; /* DTLS connection context */
3283 #ifndef NO_WOLFSSL_SERVER
3284 buffer dtlsCookieSecret; /* DTLS cookie secret */
3285 #endif /* NO_WOLFSSL_SERVER */
3286#endif
3287#ifdef HAVE_PK_CALLBACKS
3288 #ifdef HAVE_ECC
3289 buffer peerEccDsaKey; /* we own for Ecc Verify Callbacks */
3290 #endif /* HAVE_ECC */
3291 #ifdef HAVE_ED25519
3292 buffer peerEd25519Key; /* for Ed25519 Verify Callbacks */
3293 #endif /* HAVE_ED25519 */
3294 #ifdef HAVE_ED448
3295 buffer peerEd448Key; /* for Ed448 Verify Callbacks */
3296 #endif /* HAVE_ED448 */
3297 #ifndef NO_RSA
3298 buffer peerRsaKey; /* we own for Rsa Verify Callbacks */
3299 #endif /* NO_RSA */
3300#endif /* HAVE_PK_CALLBACKS */
3301} Buffers;
3302
3303/* sub-states for send/do key share (key exchange) */
3304enum asyncState {
3305 TLS_ASYNC_BEGIN = 0,
3306 TLS_ASYNC_BUILD,
3307 TLS_ASYNC_DO,
3308 TLS_ASYNC_VERIFY,
3309 TLS_ASYNC_FINALIZE,
3310 TLS_ASYNC_END
3311};
3312
3313/* sub-states for build message */
3314enum buildMsgState {
3315 BUILD_MSG_BEGIN = 0,
3316 BUILD_MSG_SIZE,
3317 BUILD_MSG_HASH,
3318 BUILD_MSG_VERIFY_MAC,
3319 BUILD_MSG_ENCRYPT,
3320 BUILD_MSG_ENCRYPTED_VERIFY_MAC,
3321};
3322
3323/* sub-states for cipher operations */
3324enum cipherState {
3325 CIPHER_STATE_BEGIN = 0,
3326 CIPHER_STATE_DO,
3327 CIPHER_STATE_END,
3328};
3329
3330typedef struct Options {
3331#ifndef NO_PSK
3332 wc_psk_client_callback client_psk_cb;
3333 wc_psk_server_callback server_psk_cb;
3334#ifdef WOLFSSL_TLS13
3335 wc_psk_client_tls13_callback client_psk_tls13_cb; /* client callback */
3336 wc_psk_server_tls13_callback server_psk_tls13_cb; /* server callback */
3337#endif
3338#endif /* NO_PSK */
3339#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER)
3340 unsigned long mask; /* store SSL_OP_ flags */
3341#endif
3342
3343 /* on/off or small bit flags, optimize layout */
3344#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
3345 word16 havePSK:1; /* psk key set by user */
3346#endif /* HAVE_SESSION_TICKET || !NO_PSK */
3347 word16 sendVerify:2; /* false = 0, true = 1, sendBlank = 2 */
3348 word16 sessionCacheOff:1;
3349 word16 sessionCacheFlushOff:1;
3350#ifdef HAVE_EXT_CACHE
3351 word16 internalCacheOff:1;
3352#endif
3353 word16 side:2; /* client, server or neither end */
3354 word16 verifyPeer:1;
3355 word16 verifyNone:1;
3356 word16 failNoCert:1;
3357 word16 failNoCertxPSK:1; /* fail for no cert except with PSK */
3358 word16 downgrade:1; /* allow downgrade of versions */
3359 word16 resuming:1;
3360 word16 haveSessionId:1; /* server may not send */
3361 word16 tls:1; /* using TLS ? */
3362 word16 tls1_1:1; /* using TLSv1.1+ ? */
3363 word16 tls1_3:1; /* using TLSv1.3+ ? */
3364 word16 dtls:1; /* using datagrams ? */
3365 word16 connReset:1; /* has the peer reset */
3366 word16 isClosed:1; /* if we consider conn closed */
3367 word16 closeNotify:1; /* we've received a close notify */
3368 word16 sentNotify:1; /* we've sent a close notify */
3369 word16 usingCompression:1; /* are we using compression */
3370 word16 haveRSA:1; /* RSA available */
3371 word16 haveECC:1; /* ECC available */
3372 word16 haveDH:1; /* server DH parms set by user */
3373 word16 haveNTRU:1; /* server NTRU private key loaded */
3374 word16 haveQSH:1; /* have QSH ability */
3375 word16 haveECDSAsig:1; /* server ECDSA signed cert */
3376 word16 haveStaticECC:1; /* static server ECC private key */
3377 word16 havePeerCert:1; /* do we have peer's cert */
3378 word16 havePeerVerify:1; /* and peer's cert verify */
3379 word16 usingPSK_cipher:1; /* are using psk as cipher */
3380 word16 usingAnon_cipher:1; /* are we using an anon cipher */
3381 word16 noPskDheKe:1; /* Don't use (EC)DHE with PSK */
3382 word16 sendAlertState:1; /* nonblocking resume */
3383 word16 partialWrite:1; /* only one msg per write call */
3384 word16 quietShutdown:1; /* don't send close notify */
3385 word16 certOnly:1; /* stop once we get cert */
3386 word16 groupMessages:1; /* group handshake messages */
3387 word16 saveArrays:1; /* save array Memory for user get keys
3388 or psk */
3389 word16 weOwnRng:1; /* will be true unless CTX owns */
3390 word16 haveEMS:1; /* using extended master secret */
3391#ifdef HAVE_POLY1305
3392 word16 oldPoly:1; /* set when to use old rfc way of poly*/
3393#endif
3394#ifdef HAVE_ANON
3395 word16 haveAnon:1; /* User wants to allow Anon suites */
3396#endif
3397#ifdef HAVE_SESSION_TICKET
3398 word16 createTicket:1; /* Server to create new Ticket */
3399 word16 useTicket:1; /* Use Ticket not session cache */
3400 word16 rejectTicket:1; /* Callback rejected ticket */
3401#ifdef WOLFSSL_TLS13
3402 word16 noTicketTls13:1; /* Server won't create new Ticket */
3403#endif
3404#endif
3405#ifdef WOLFSSL_DTLS
3406 word16 dtlsUseNonblock:1; /* are we using nonblocking socket */
3407 word16 dtlsHsRetain:1; /* DTLS retaining HS data */
3408 word16 haveMcast:1; /* using multicast ? */
3409#ifdef WOLFSSL_SCTP
3410 word16 dtlsSctp:1; /* DTLS-over-SCTP mode */
3411#endif
3412#endif
3413#if defined(HAVE_TLS_EXTENSIONS) && defined(HAVE_SUPPORTED_CURVES)
3414 word16 userCurves:1; /* indicates user called wolfSSL_UseSupportedCurve */
3415#endif
3416 word16 keepResources:1; /* Keep resources after handshake */
3417 word16 useClientOrder:1; /* Use client's cipher order */
3418 word16 mutualAuth:1; /* Mutual authentication is rquired */
3419#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
3420 word16 postHandshakeAuth:1;/* Client send post_handshake_auth
3421 * extension */
3422#endif
3423#if defined(WOLFSSL_TLS13) && !defined(NO_WOLFSSL_SERVER)
3424 word16 sendCookie:1; /* Server creates a Cookie in HRR */
3425#endif
3426#ifdef WOLFSSL_ALT_CERT_CHAINS
3427 word16 usingAltCertChain:1;/* Alternate cert chain was used */
3428#endif
3429#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TLS13_MIDDLEBOX_COMPAT)
3430 word16 sentChangeCipher:1; /* Change Cipher Spec sent */
3431#endif
3432#if !defined(WOLFSSL_NO_CLIENT_AUTH) && \
3433 ((defined(HAVE_ED25519) && !defined(NO_ED25519_CLIENT_AUTH)) || \
3434 (defined(HAVE_ED448) && !defined(NO_ED448_CLIENT_AUTH)))
3435 word16 cacheMessages:1; /* Cache messages for sign/verify */
3436#endif
3437#ifndef NO_DH
3438 #if !defined(WOLFSSL_OLD_PRIME_CHECK) && \
3439 !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)
3440 word16 dhDoKeyTest:1; /* Need to do the DH Key prime test */
3441 word16 dhKeyTested:1; /* Set when key has been tested. */
3442 #endif
3443#endif
3444#ifdef SINGLE_THREADED
3445 word16 ownSuites:1; /* if suites are malloced in ssl object */
3446#endif
3447#ifdef HAVE_ENCRYPT_THEN_MAC
3448 word16 disallowEncThenMac:1; /* Don't do Encrypt-Then-MAC */
3449 word16 encThenMac:1; /* Doing Encrypt-Then-MAC */
3450 word16 startedETMRead:1; /* Doing Encrypt-Then-MAC read */
3451 word16 startedETMWrite:1; /* Doing Encrypt-Then-MAC write */
3452#endif
3453
3454 /* need full byte values for this section */
3455 byte processReply; /* nonblocking resume */
3456 byte cipherSuite0; /* first byte, normally 0 */
3457 byte cipherSuite; /* second byte, actual suite */
3458 byte serverState;
3459 byte clientState;
3460 byte handShakeState;
3461 byte handShakeDone; /* at least one handshake complete */
3462 byte minDowngrade; /* minimum downgrade version */
3463 byte connectState; /* nonblocking resume */
3464 byte acceptState; /* nonblocking resume */
3465 byte asyncState; /* sub-state for enum asyncState */
3466 byte buildMsgState; /* sub-state for enum buildMsgState */
3467 byte alertCount; /* detect warning dos attempt */
3468#ifdef WOLFSSL_MULTICAST
3469 word16 mcastID; /* Multicast group ID */
3470#endif
3471#ifndef NO_DH
3472 word16 minDhKeySz; /* minimum DH key size */
3473 word16 maxDhKeySz; /* minimum DH key size */
3474 word16 dhKeySz; /* actual DH key size */
3475#endif
3476#ifndef NO_RSA
3477 short minRsaKeySz; /* minimum RSA key size */
3478#endif
3479#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448)
3480 short minEccKeySz; /* minimum ECC key size */
3481#endif
3482#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
3483 byte verifyDepth; /* maximum verification depth */
3484#endif
3485#ifdef WOLFSSL_EARLY_DATA
3486 word16 pskIdIndex;
3487 word32 maxEarlyDataSz;
3488#endif
3489#ifdef WOLFSSL_TLS13
3490 byte oldMinor; /* client preferred version < TLS 1.3 */
3491#endif
3492} Options;
3493
3494typedef struct Arrays {
3495 byte* pendingMsg; /* defrag buffer */
3496 byte* preMasterSecret;
3497 word32 preMasterSz; /* differs for DH, actual size */
3498 word32 pendingMsgSz; /* defrag buffer size */
3499 word32 pendingMsgOffset; /* current offset into defrag buffer */
3500#if defined(HAVE_SESSION_TICKET) || !defined(NO_PSK)
3501 word32 psk_keySz; /* actual size */
3502 char client_identity[MAX_PSK_ID_LEN + NULL_TERM_LEN];
3503 char server_hint[MAX_PSK_ID_LEN + NULL_TERM_LEN];
3504 byte psk_key[MAX_PSK_KEY_LEN];
3505#endif
3506 byte clientRandom[RAN_LEN];
3507 byte serverRandom[RAN_LEN];
3508 byte sessionID[ID_LEN];
3509 byte sessionIDSz;
3510#ifdef WOLFSSL_TLS13
3511 byte secret[SECRET_LEN];
3512#endif
3513 byte masterSecret[SECRET_LEN];
3514#if defined(WOLFSSL_RENESAS_TSIP_TLS) && \
3515 !defined(NO_WOLFSSL_RENESAS_TSIP_TLS_SESSION)
3516 byte tsip_masterSecret[TSIP_TLS_MASTERSECRET_SIZE];
3517#endif
3518#ifdef WOLFSSL_DTLS
3519 byte cookie[MAX_COOKIE_LEN];
3520 byte cookieSz;
3521#endif
3522 byte pendingMsgType; /* defrag buffer message type */
3523} Arrays;
3524
3525#ifndef ASN_NAME_MAX
3526#define ASN_NAME_MAX 256
3527#endif
3528
3529#ifndef MAX_DATE_SZ
3530#define MAX_DATE_SZ 32
3531#endif
3532
3533#define STACK_TYPE_X509 0
3534#define STACK_TYPE_GEN_NAME 1
3535#define STACK_TYPE_BIO 2
3536#define STACK_TYPE_OBJ 3
3537#define STACK_TYPE_STRING 4
3538#define STACK_TYPE_CIPHER 5
3539#define STACK_TYPE_ACCESS_DESCRIPTION 6
3540#define STACK_TYPE_X509_EXT 7
3541#define STACK_TYPE_NULL 8
3542#define STACK_TYPE_X509_NAME 9
3543#define STACK_TYPE_CONF_VALUE 10
3544#define STACK_TYPE_X509_INFO 11
3545
3546struct WOLFSSL_STACK {
3547 unsigned long num; /* number of nodes in stack
3548 * (safety measure for freeing and shortcut for count) */
3549 #if defined(OPENSSL_ALL)
3550 wolf_sk_compare_cb comp;
3551 #endif
3552
3553 union {
3554 WOLFSSL_X509* x509;
3555 WOLFSSL_X509_NAME* name;
3556 WOLFSSL_X509_INFO* info;
3557 WOLFSSL_BIO* bio;
3558 WOLFSSL_ASN1_OBJECT* obj;
3559 WOLFSSL_CIPHER cipher;
3560 WOLFSSL_ACCESS_DESCRIPTION* access;
3561 WOLFSSL_X509_EXTENSION* ext;
3562 WOLFSSL_CONF_VALUE* conf;
3563 void* generic;
3564 char* string;
3565 WOLFSSL_GENERAL_NAME* gn;
3566 } data;
3567 void* heap; /* memory heap hint */
3568 WOLFSSL_STACK* next;
3569 byte type; /* Identifies type of stack. */
3570};
3571
3572struct WOLFSSL_X509_NAME {
3573 char *name;
3574 int dynamicName;
3575 int sz;
3576 char staticName[ASN_NAME_MAX];
3577#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \
3578 !defined(NO_ASN)
3579 DecodedName fullName;
3580 WOLFSSL_X509_NAME_ENTRY cnEntry;
3581 WOLFSSL_X509_NAME_ENTRY extra[MAX_NAME_ENTRIES]; /* extra entries added */
3582 WOLFSSL_X509* x509; /* x509 that struct belongs to */
3583#endif /* OPENSSL_EXTRA */
3584#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX)
3585 byte raw[ASN_NAME_MAX];
3586 int rawLen;
3587#endif
3588};
3589
3590#ifndef EXTERNAL_SERIAL_SIZE
3591 #define EXTERNAL_SERIAL_SIZE 32
3592#endif
3593
3594#ifdef NO_ASN
3595 typedef struct DNS_entry DNS_entry;
3596#endif
3597
3598struct WOLFSSL_X509 {
3599 int version;
3600 int serialSz;
3601#ifdef WOLFSSL_SEP
3602 int deviceTypeSz;
3603 int hwTypeSz;
3604 byte deviceType[EXTERNAL_SERIAL_SIZE];
3605 byte hwType[EXTERNAL_SERIAL_SIZE];
3606 int hwSerialNumSz;
3607 byte hwSerialNum[EXTERNAL_SERIAL_SIZE];
3608#endif /* WOLFSSL_SEP */
3609#if (defined(WOLFSSL_SEP) || defined(WOLFSSL_QT) || defined (OPENSSL_ALL)) && \
3610 (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL))
3611 byte certPolicySet;
3612 byte certPolicyCrit;
3613#endif /* (WOLFSSL_SEP || WOLFSSL_QT) && (OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL) */
3614#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL)
3615 WOLFSSL_STACK* ext_sk; /* Store X509_EXTENSIONS from wolfSSL_X509_get_ext */
3616 WOLFSSL_STACK* ext_d2i;/* Store d2i extensions from wolfSSL_X509_get_ext_d2i */
3617#endif /* WOLFSSL_QT || OPENSSL_ALL */
3618#ifdef OPENSSL_EXTRA
3619 WOLFSSL_ASN1_INTEGER* serialNumber; /* Stores SN from wolfSSL_X509_get_serialNumber */
3620#endif
3621 WOLFSSL_ASN1_TIME notBefore;
3622 WOLFSSL_ASN1_TIME notAfter;
3623 buffer sig;
3624 int sigOID;
3625 DNS_entry* altNames; /* alt names list */
3626 buffer pubKey;
3627 int pubKeyOID;
3628 DNS_entry* altNamesNext; /* hint for retrieval */
3629#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448)
3630 word32 pkCurveOID;
3631#endif /* HAVE_ECC */
3632#ifndef NO_CERTS
3633 DerBuffer* derCert; /* may need */
3634#endif
3635 void* heap; /* heap hint */
3636 byte dynamicMemory; /* dynamic memory flag */
3637 byte isCa:1;
3638#ifdef WOLFSSL_CERT_EXT
3639 char certPolicies[MAX_CERTPOL_NB][MAX_CERTPOL_SZ];
3640 int certPoliciesNb;
3641#endif /* WOLFSSL_CERT_EXT */
3642#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)
3643 wolfSSL_Mutex refMutex; /* ref count mutex */
3644 int refCount; /* reference count */
3645#endif
3646#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
3647#ifdef HAVE_EX_DATA
3648 WOLFSSL_CRYPTO_EX_DATA ex_data;
3649#endif
3650 byte* authKeyId;
3651 byte* subjKeyId;
3652 byte* extKeyUsageSrc;
3653 const byte* CRLInfo;
3654 byte* authInfo;
3655#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
3656 byte* authInfoCaIssuer;
3657 int authInfoCaIssuerSz;
3658#endif
3659 word32 pathLength;
3660 word16 keyUsage;
3661 int CRLInfoSz;
3662 int authInfoSz;
3663 word32 authKeyIdSz;
3664 word32 subjKeyIdSz;
3665 word32 extKeyUsageSz;
3666 word32 extKeyUsageCount;
3667
3668 byte CRLdistSet:1;
3669 byte CRLdistCrit:1;
3670 byte authInfoSet:1;
3671 byte authInfoCrit:1;
3672 byte keyUsageSet:1;
3673 byte keyUsageCrit:1;
3674 byte extKeyUsageCrit:1;
3675 byte subjKeyIdSet:1;
3676
3677 byte subjKeyIdCrit:1;
3678 byte basicConstSet:1;
3679 byte basicConstCrit:1;
3680 byte basicConstPlSet:1;
3681 byte subjAltNameSet:1;
3682 byte subjAltNameCrit:1;
3683 byte authKeyIdSet:1;
3684 byte authKeyIdCrit:1;
3685#endif /* OPENSSL_EXTRA || OPENSSL_EXTRA_X509_SMALL */
3686 byte serial[EXTERNAL_SERIAL_SIZE];
3687 char subjectCN[ASN_NAME_MAX]; /* common name short cut */
3688#ifdef WOLFSSL_CERT_REQ
3689 char challengePw[CTC_NAME_SIZE]; /* for REQ certs */
3690#endif
3691 WOLFSSL_X509_NAME issuer;
3692 WOLFSSL_X509_NAME subject;
3693#if defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_WPAS)
3694 WOLFSSL_X509_ALGOR algor;
3695 WOLFSSL_X509_PUBKEY key;
3696#endif
3697 byte issuerSet:1;
3698};
3699
3700
3701/* record layer header for PlainText, Compressed, and CipherText */
3702typedef struct RecordLayerHeader {
3703 byte type;
3704 byte pvMajor;
3705 byte pvMinor;
3706 byte length[2];
3707} RecordLayerHeader;
3708
3709
3710/* record layer header for DTLS PlainText, Compressed, and CipherText */
3711typedef struct DtlsRecordLayerHeader {
3712 byte type;
3713 byte pvMajor;
3714 byte pvMinor;
3715 byte sequence_number[8]; /* per record */
3716 byte length[2];
3717} DtlsRecordLayerHeader;
3718
3719
3720typedef struct DtlsFrag {
3721 word32 begin;
3722 word32 end;
3723 struct DtlsFrag* next;
3724} DtlsFrag;
3725
3726
3727typedef struct DtlsMsg {
3728 struct DtlsMsg* next;
3729 byte* buf;
3730 byte* msg;
3731 DtlsFrag* fragList;
3732 word32 fragSz; /* Length of fragments received */
3733 word32 seq; /* Handshake sequence number */
3734 word32 sz; /* Length of whole message */
3735 byte type;
3736} DtlsMsg;
3737
3738
3739#ifdef HAVE_NETX
3740
3741 /* NETX I/O Callback default */
3742 typedef struct NetX_Ctx {
3743 NX_TCP_SOCKET* nxSocket; /* send/recv socket handle */
3744 NX_PACKET* nxPacket; /* incoming packet handle for short reads */
3745 ULONG nxOffset; /* offset already read from nxPacket */
3746 ULONG nxWait; /* wait option flag */
3747 } NetX_Ctx;
3748
3749#endif
3750
3751/* Handshake messages received from peer (plus change cipher */
3752typedef struct MsgsReceived {
3753 word16 got_hello_request:1;
3754 word16 got_client_hello:2;
3755 word16 got_server_hello:2;
3756 word16 got_hello_verify_request:1;
3757 word16 got_session_ticket:1;
3758 word16 got_end_of_early_data:1;
3759 word16 got_hello_retry_request:1;
3760 word16 got_encrypted_extensions:1;
3761 word16 got_certificate:1;
3762 word16 got_certificate_status:1;
3763 word16 got_server_key_exchange:1;
3764 word16 got_certificate_request:1;
3765 word16 got_server_hello_done:1;
3766 word16 got_certificate_verify:1;
3767 word16 got_client_key_exchange:1;
3768 word16 got_finished:1;
3769 word16 got_key_update:1;
3770 word16 got_change_cipher:1;
3771} MsgsReceived;
3772
3773
3774/* Handshake hashes */
3775typedef struct HS_Hashes {
3776 Hashes verifyHashes;
3777 Hashes certHashes; /* for cert verify */
3778#ifndef NO_SHA
3779 wc_Sha hashSha; /* sha hash of handshake msgs */
3780#endif
3781#if !defined(NO_MD5) && !defined(NO_OLD_TLS)
3782 wc_Md5 hashMd5; /* md5 hash of handshake msgs */
3783#endif
3784#ifndef NO_SHA256
3785 wc_Sha256 hashSha256; /* sha256 hash of handshake msgs */
3786#endif
3787#ifdef WOLFSSL_SHA384
3788 wc_Sha384 hashSha384; /* sha384 hash of handshake msgs */
3789#endif
3790#ifdef WOLFSSL_SHA512
3791 wc_Sha512 hashSha512; /* sha512 hash of handshake msgs */
3792#endif
3793#if (defined(HAVE_ED25519) || defined(HAVE_ED448)) && \
3794 !defined(WOLFSSL_NO_CLIENT_AUTH)
3795 byte* messages; /* handshake messages */
3796 int length; /* length of handshake messages' data */
3797 int prevLen; /* length of messages but last */
3798#endif
3799} HS_Hashes;
3800
3801
3802#ifdef WOLFSSL_ASYNC_CRYPT
3803 #define MAX_ASYNC_ARGS 18
3804 typedef void (*FreeArgsCb)(struct WOLFSSL* ssl, void* pArgs);
3805
3806 struct WOLFSSL_ASYNC {
3807 WC_ASYNC_DEV* dev;
3808 FreeArgsCb freeArgs; /* function pointer to cleanup args */
3809 word32 args[MAX_ASYNC_ARGS]; /* holder for current args */
3810 };
3811#endif
3812
3813#ifdef HAVE_WRITE_DUP
3814
3815 #define WRITE_DUP_SIDE 1
3816 #define READ_DUP_SIDE 2
3817
3818 typedef struct WriteDup {
3819 wolfSSL_Mutex dupMutex; /* reference count mutex */
3820 int dupCount; /* reference count */
3821 int dupErr; /* under dupMutex, pass to other side */
3822 } WriteDup;
3823
3824 WOLFSSL_LOCAL void FreeWriteDup(WOLFSSL* ssl);
3825 WOLFSSL_LOCAL int NotifyWriteSide(WOLFSSL* ssl, int err);
3826#endif /* HAVE_WRITE_DUP */
3827
3828#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
3829typedef struct CertReqCtx CertReqCtx;
3830
3831struct CertReqCtx {
3832 CertReqCtx* next;
3833 byte len;
3834 byte ctx;
3835};
3836#endif
3837
3838#ifdef WOLFSSL_EARLY_DATA
3839typedef enum EarlyDataState {
3840 no_early_data,
3841 early_data_ext,
3842 expecting_early_data,
3843 process_early_data,
3844 done_early_data
3845} EarlyDataState;
3846#endif
3847
3848/* wolfSSL ssl type */
3849struct WOLFSSL {
3850 WOLFSSL_CTX* ctx;
3851 Suites* suites; /* only need during handshake */
3852 Arrays* arrays;
3853#ifdef WOLFSSL_TLS13
3854 byte clientSecret[SECRET_LEN];
3855 byte serverSecret[SECRET_LEN];
3856#endif
3857 HS_Hashes* hsHashes;
3858 void* IOCB_ReadCtx;
3859 void* IOCB_WriteCtx;
3860 WC_RNG* rng;
3861 void* verifyCbCtx; /* cert verify callback user ctx*/
3862 VerifyCallback verifyCallback; /* cert verification callback */
3863 void* heap; /* for user overrides */
3864#ifdef HAVE_WRITE_DUP
3865 WriteDup* dupWrite; /* valid pointer indicates ON */
3866 /* side that decrements dupCount to zero frees overall structure */
3867 byte dupSide; /* write side or read side */
3868#endif
3869#ifdef OPENSSL_EXTRA
3870 byte cbioFlag; /* WOLFSSL_CBIO_RECV/SEND: CBIORecv/Send is set */
3871#endif
3872 CallbackIORecv CBIORecv;
3873 CallbackIOSend CBIOSend;
3874#ifdef WOLFSSL_STATIC_MEMORY
3875 WOLFSSL_HEAP_HINT heap_hint;
3876#endif
3877#ifndef NO_HANDSHAKE_DONE_CB
3878 HandShakeDoneCb hsDoneCb; /* notify user handshake done */
3879 void* hsDoneCtx; /* user handshake cb context */
3880#endif
3881#ifdef WOLFSSL_ASYNC_CRYPT
3882 struct WOLFSSL_ASYNC async;
3883#elif defined(WOLFSSL_NONBLOCK_OCSP)
3884 void* nonblockarg; /* dynamic arg for handling non-block resume */
3885#endif
3886 void* hsKey; /* Handshake key (RsaKey or ecc_key) allocated from heap */
3887 word32 hsType; /* Type of Handshake key (hsKey) */
3888 WOLFSSL_CIPHER cipher;
3889#ifndef WOLFSSL_AEAD_ONLY
3890 hmacfp hmac;
3891#endif
3892 Ciphers encrypt;
3893 Ciphers decrypt;
3894 Buffers buffers;
3895 WOLFSSL_SESSION session;
3896#ifdef HAVE_EXT_CACHE
3897 WOLFSSL_SESSION* extSession;
3898#endif
3899 WOLFSSL_ALERT_HISTORY alert_history;
3900 int error;
3901 int rfd; /* read file descriptor */
3902 int wfd; /* write file descriptor */
3903 int rflags; /* user read flags */
3904 int wflags; /* user write flags */
3905 word32 timeout; /* session timeout */
3906 word32 fragOffset; /* fragment offset */
3907 word16 curSize;
3908 byte verifyDepth;
3909 RecordLayerHeader curRL;
3910 MsgsReceived msgsReceived; /* peer messages received */
3911 ProtocolVersion version; /* negotiated version */
3912 ProtocolVersion chVersion; /* client hello version */
3913 CipherSpecs specs;
3914 Keys keys;
3915 Options options;
3916#ifdef OPENSSL_EXTRA
3917 CallbackInfoState* CBIS; /* used to get info about SSL state */
3918 int cbmode; /* read or write on info callback */
3919 int cbtype; /* event type in info callback */
3920 WOLFSSL_BIO* biord; /* socket bio read to free/close */
3921 WOLFSSL_BIO* biowr; /* socket bio write to free/close */
3922 byte sessionCtx[ID_LEN]; /* app session context ID */
3923 WOLFSSL_X509_VERIFY_PARAM* param; /* verification parameters*/
3924#endif
3925#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)
3926 unsigned long peerVerifyRet;
3927#endif
3928#ifdef OPENSSL_EXTRA
3929 byte readAhead;
3930 byte sessionCtxSz; /* size of sessionCtx stored */
3931#ifdef HAVE_PK_CALLBACKS
3932 void* loggingCtx; /* logging callback argument */
3933#endif
3934#endif /* OPENSSL_EXTRA */
3935#ifndef NO_RSA
3936 RsaKey* peerRsaKey;
3937#ifdef WOLFSSL_RENESAS_TSIP_TLS
3938 byte *peerTsipEncRsaKeyIndex;
3939#endif
3940 byte peerRsaKeyPresent;
3941#endif
3942#ifdef HAVE_QSH
3943 QSHKey* QSH_Key;
3944 QSHKey* peerQSHKey;
3945 QSHSecret* QSH_secret;
3946 byte isQSH; /* is the handshake a QSH? */
3947 byte sendQSHKeys; /* flag for if the client should sen
3948 public keys */
3949 byte peerQSHKeyPresent;
3950 byte minRequest;
3951 byte maxRequest;
3952 byte user_set_QSHSchemes;
3953#endif
3954#if defined(WOLFSSL_TLS13) || defined(HAVE_FFDHE)
3955 word16 namedGroup;
3956#endif
3957#ifdef WOLFSSL_TLS13
3958 word16 group[WOLFSSL_MAX_GROUP_COUNT];
3959 byte numGroups;
3960#endif
3961 word16 pssAlgo;
3962#ifdef WOLFSSL_TLS13
3963 #if !defined(WOLFSSL_TLS13_DRAFT_18) && !defined(WOLFSSL_TLS13_DRAFT_22)
3964 word16 certHashSigAlgoSz; /* SigAlgoCert ext length in bytes */
3965 byte certHashSigAlgo[WOLFSSL_MAX_SIGALGO]; /* cert sig/algo to
3966 * offer */
3967 #endif /* !WOLFSSL_TLS13_DRAFT_18 && !WOLFSSL_TLS13_DRAFT_22 */
3968#endif
3969#ifdef HAVE_NTRU
3970 word16 peerNtruKeyLen;
3971 byte peerNtruKey[MAX_NTRU_PUB_KEY_SZ];
3972 byte peerNtruKeyPresent;
3973#endif
3974#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448)
3975 int eccVerifyRes;
3976#endif
3977#if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448)
3978 word32 ecdhCurveOID; /* curve Ecc_Sum */
3979 ecc_key* eccTempKey; /* private ECDHE key */
3980 byte eccTempKeyPresent; /* also holds type */
3981 byte peerEccKeyPresent;
3982#endif
3983#ifdef HAVE_ECC
3984 ecc_key* peerEccKey; /* peer's ECDHE key */
3985 ecc_key* peerEccDsaKey; /* peer's ECDSA key */
3986 word16 eccTempKeySz; /* in octets 20 - 66 */
3987 byte peerEccDsaKeyPresent;
3988#endif
3989#if defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_CURVE448)
3990 word32 pkCurveOID; /* curve Ecc_Sum */
3991#endif
3992#ifdef HAVE_ED25519
3993 ed25519_key* peerEd25519Key;
3994 byte peerEd25519KeyPresent;
3995#endif
3996#ifdef HAVE_CURVE25519
3997 curve25519_key* peerX25519Key;
3998 byte peerX25519KeyPresent;
3999#endif
4000#ifdef HAVE_ED448
4001 ed448_key* peerEd448Key;
4002 byte peerEd448KeyPresent;
4003#endif
4004#ifdef HAVE_CURVE448
4005 curve448_key* peerX448Key;
4006 byte peerX448KeyPresent;
4007#endif
4008#ifdef HAVE_LIBZ
4009 z_stream c_stream; /* compression stream */
4010 z_stream d_stream; /* decompression stream */
4011 byte didStreamInit; /* for stream init and end */
4012#endif
4013#ifdef WOLFSSL_DTLS
4014 int dtls_timeout_init; /* starting timeout value */
4015 int dtls_timeout_max; /* maximum timeout value */
4016 int dtls_timeout; /* current timeout value, changes */
4017 word32 dtls_tx_msg_list_sz;
4018 word32 dtls_rx_msg_list_sz;
4019 DtlsMsg* dtls_tx_msg_list;
4020 DtlsMsg* dtls_tx_msg;
4021 DtlsMsg* dtls_rx_msg_list;
4022 void* IOCB_CookieCtx; /* gen cookie ctx */
4023 word32 dtls_expected_rx;
4024#ifdef WOLFSSL_SESSION_EXPORT
4025 wc_dtls_export dtls_export; /* export function for session */
4026#endif
4027#if defined(WOLFSSL_SCTP) || defined(WOLFSSL_DTLS_MTU)
4028 word16 dtlsMtuSz;
4029#endif /* WOLFSSL_SCTP || WOLFSSL_DTLS_MTU */
4030#ifdef WOLFSSL_MULTICAST
4031 void* mcastHwCbCtx; /* Multicast highwater callback ctx */
4032#endif /* WOLFSSL_MULTICAST */
4033#ifdef WOLFSSL_DTLS_DROP_STATS
4034 word32 macDropCount;
4035 word32 replayDropCount;
4036#endif /* WOLFSSL_DTLS_DROP_STATS */
4037#endif /* WOLFSSL_DTLS */
4038#ifdef WOLFSSL_CALLBACKS
4039 TimeoutInfo timeoutInfo; /* info saved during handshake */
4040 HandShakeInfo handShakeInfo; /* info saved during handshake */
4041#endif
4042#ifdef OPENSSL_EXTRA
4043 SSL_Msg_Cb protoMsgCb; /* inspect protocol message callback */
4044 void* protoMsgCtx; /* user set context with msg callback */
4045#endif
4046#if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA)
4047 byte hsInfoOn; /* track handshake info */
4048 byte toInfoOn; /* track timeout info */
4049#endif
4050#ifdef HAVE_FUZZER
4051 CallbackFuzzer fuzzerCb; /* for testing with using fuzzer */
4052 void* fuzzerCtx; /* user defined pointer */
4053#endif
4054#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH)
4055 CertReqCtx* certReqCtx;
4056#endif
4057#ifdef KEEP_PEER_CERT
4058 WOLFSSL_X509 peerCert; /* X509 peer cert */
4059#endif
4060#ifdef KEEP_OUR_CERT
4061 WOLFSSL_X509* ourCert; /* keep alive a X509 struct of cert.
4062 points to ctx if not owned (owned
4063 flag found in buffers.weOwnCert) */
4064#endif
4065 byte keepCert; /* keep certificate after handshake */
4066#if defined(HAVE_EX_DATA) || defined(FORTRESS)
4067 WOLFSSL_CRYPTO_EX_DATA ex_data; /* external data, for Fortress */
4068#endif
4069 int devId; /* async device id to use */
4070#ifdef HAVE_ONE_TIME_AUTH
4071 OneTimeAuth auth;
4072#endif
4073#ifdef HAVE_TLS_EXTENSIONS
4074 TLSX* extensions; /* RFC 6066 TLS Extensions data */
4075 #ifdef HAVE_MAX_FRAGMENT
4076 word16 max_fragment;
4077 #endif
4078 #ifdef HAVE_TRUNCATED_HMAC
4079 byte truncated_hmac;
4080 #endif
4081 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST
4082 byte status_request;
4083 #endif
4084 #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2
4085 byte status_request_v2;
4086 #endif
4087 #if defined(HAVE_SECURE_RENEGOTIATION) \
4088 || defined(HAVE_SERVER_RENEGOTIATION_INFO)
4089 int secure_rene_count; /* how many times */
4090 SecureRenegotiation* secure_renegotiation; /* valid pointer indicates */
4091 #endif /* user turned on */
4092 #ifdef HAVE_ALPN
4093 char* alpn_client_list; /* keep the client's list */
4094 #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
4095 CallbackALPNSelect alpnSelect;
4096 void* alpnSelectArg;
4097 #endif
4098 #endif /* of accepted protocols */
4099 #if !defined(NO_WOLFSSL_CLIENT) && defined(HAVE_SESSION_TICKET)
4100 CallbackSessionTicket session_ticket_cb;
4101 void* session_ticket_ctx;
4102 byte expect_session_ticket;
4103 #endif
4104#endif /* HAVE_TLS_EXTENSIONS */
4105#ifdef HAVE_OCSP
4106 void* ocspIOCtx;
4107 #ifdef OPENSSL_EXTRA
4108 byte* ocspResp;
4109 int ocspRespSz;
4110 #if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)
4111 char* url;
4112 #endif
4113 #endif
4114#endif
4115#ifdef HAVE_NETX
4116 NetX_Ctx nxCtx; /* NetX IO Context */
4117#endif
4118#if defined(WOLFSSL_APACHE_MYNEWT) && !defined(WOLFSSL_LWIP)
4119 void* mnCtx; /* mynewt mn_socket IO Context */
4120#endif /* defined(WOLFSSL_APACHE_MYNEWT) && !defined(WOLFSSL_LWIP) */
4121#ifdef WOLFSSL_GNRC
4122 struct gnrc_wolfssl_ctx *gnrcCtx; /* Riot-OS GNRC UDP/IP context */
4123#endif
4124#ifdef SESSION_INDEX
4125 int sessionIndex; /* Session's location in the cache. */
4126#endif
4127#ifdef ATOMIC_USER
4128 void* MacEncryptCtx; /* Atomic User Mac/Encrypt Callback Context */
4129 void* DecryptVerifyCtx; /* Atomic User Decrypt/Verify Callback Context */
4130 #ifdef HAVE_ENCRYPT_THEN_MAC
4131 void* EncryptMacCtx; /* Atomic User Encrypt/Mac Callback Ctx */
4132 void* VerifyDecryptCtx; /* Atomic User Verify/Decrypt Callback Ctx */
4133 #endif
4134#endif
4135#ifdef HAVE_PK_CALLBACKS
4136 #ifdef HAVE_ECC
4137 void* EccKeyGenCtx; /* EccKeyGen Callback Context */
4138 void* EccSignCtx; /* Ecc Sign Callback Context */
4139 void* EccVerifyCtx; /* Ecc Verify Callback Context */
4140 void* EccSharedSecretCtx; /* Ecc Pms Callback Context */
4141 #ifdef HAVE_ED25519
4142 void* Ed25519SignCtx; /* ED25519 Sign Callback Context */
4143 void* Ed25519VerifyCtx; /* ED25519 Verify Callback Context */
4144 #endif
4145 #ifdef HAVE_CURVE25519
4146 void* X25519KeyGenCtx; /* X25519 KeyGen Callback Context */
4147 void* X25519SharedSecretCtx; /* X25519 Pms Callback Context */
4148 #endif
4149 #ifdef HAVE_ED448
4150 void* Ed448SignCtx; /* ED448 Sign Callback Context */
4151 void* Ed448VerifyCtx; /* ED448 Verify Callback Context */
4152 #endif
4153 #ifdef HAVE_CURVE448
4154 void* X448KeyGenCtx; /* X448 KeyGen Callback Context */
4155 void* X448SharedSecretCtx; /* X448 Pms Callback Context */
4156 #endif
4157 #endif /* HAVE_ECC */
4158 #ifndef NO_DH
4159 void* DhAgreeCtx; /* DH Pms Callback Context */
4160 #endif /* !NO_DH */
4161 #ifndef NO_RSA
4162 void* RsaSignCtx; /* Rsa Sign Callback Context */
4163 void* RsaVerifyCtx; /* Rsa Verify Callback Context */
4164 #ifdef WC_RSA_PSS
4165 void* RsaPssSignCtx; /* Rsa PSS Sign Callback Context */
4166 void* RsaPssVerifyCtx; /* Rsa PSS Verify Callback Context */
4167 #endif
4168 void* RsaEncCtx; /* Rsa Public Encrypt Callback Context */
4169 void* RsaDecCtx; /* Rsa Private Decrypt Callback Context */
4170 #endif /* NO_RSA */
4171#endif /* HAVE_PK_CALLBACKS */
4172#ifdef HAVE_SECRET_CALLBACK
4173 SessionSecretCb sessionSecretCb;
4174 void* sessionSecretCtx;
4175 #ifdef WOLFSSL_TLS13
4176 Tls13SecretCb tls13SecretCb;
4177 void* tls13SecretCtx;
4178 #endif
4179#endif /* HAVE_SECRET_CALLBACK */
4180#ifdef WOLFSSL_JNI
4181 void* jObjectRef; /* reference to WolfSSLSession in JNI wrapper */
4182#endif /* WOLFSSL_JNI */
4183#ifdef WOLFSSL_EARLY_DATA
4184 EarlyDataState earlyData;
4185 word32 earlyDataSz;
4186#endif
4187#ifdef OPENSSL_ALL
4188 long verifyCallbackResult;
4189#endif
4190#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
4191 WOLFSSL_STACK* supportedCiphers; /* Used in wolfSSL_get_ciphers_compat */
4192 WOLFSSL_STACK* peerCertChain; /* Used in wolfSSL_get_peer_cert_chain */
4193#endif
4194};
4195
4196
4197WOLFSSL_LOCAL int SSL_CTX_RefCount(WOLFSSL_CTX* ctx, int incr);
4198WOLFSSL_LOCAL int SetSSL_CTX(WOLFSSL*, WOLFSSL_CTX*, int);
4199WOLFSSL_LOCAL int InitSSL(WOLFSSL*, WOLFSSL_CTX*, int);
4200WOLFSSL_LOCAL void FreeSSL(WOLFSSL*, void* heap);
4201WOLFSSL_API void SSL_ResourceFree(WOLFSSL*); /* Micrium uses */
4202
4203
4204#ifndef NO_CERTS
4205
4206 WOLFSSL_LOCAL int ProcessBuffer(WOLFSSL_CTX* ctx, const unsigned char* buff,
4207 long sz, int format, int type, WOLFSSL* ssl,
4208 long* used, int userChain, int verify);
4209 WOLFSSL_LOCAL int ProcessFile(WOLFSSL_CTX* ctx, const char* fname, int format,
4210 int type, WOLFSSL* ssl, int userChain,
4211 WOLFSSL_CRL* crl, int verify);
4212
4213 #ifdef OPENSSL_EXTRA
4214 WOLFSSL_LOCAL int CheckHostName(DecodedCert* dCert, char *domainName,
4215 size_t domainNameLen);
4216 #endif
4217#endif
4218
4219
4220#if defined(WOLFSSL_CALLBACKS) || defined(OPENSSL_EXTRA)
4221 WOLFSSL_LOCAL
4222 void InitHandShakeInfo(HandShakeInfo*, WOLFSSL*);
4223 WOLFSSL_LOCAL
4224 void FinishHandShakeInfo(HandShakeInfo*);
4225 WOLFSSL_LOCAL
4226 void AddPacketName(WOLFSSL* ssl, const char* name);
4227
4228 WOLFSSL_LOCAL
4229 void InitTimeoutInfo(TimeoutInfo*);
4230 WOLFSSL_LOCAL
4231 void FreeTimeoutInfo(TimeoutInfo*, void*);
4232 WOLFSSL_LOCAL
4233 void AddPacketInfo(WOLFSSL* ssl, const char* name, int type,
4234 const byte* data, int sz, int write, void* heap);
4235 WOLFSSL_LOCAL
4236 void AddLateName(const char*, TimeoutInfo*);
4237 WOLFSSL_LOCAL
4238 void AddLateRecordHeader(const RecordLayerHeader* rl, TimeoutInfo* info);
4239#endif
4240
4241
4242/* Record Layer Header identifier from page 12 */
4243enum ContentType {
4244 no_type = 0,
4245 change_cipher_spec = 20,
4246 alert = 21,
4247 handshake = 22,
4248 application_data = 23
4249};
4250
4251
4252/* handshake header, same for each message type, pgs 20/21 */
4253typedef struct HandShakeHeader {
4254 byte type;
4255 word24 length;
4256} HandShakeHeader;
4257
4258
4259/* DTLS handshake header, same for each message type */
4260typedef struct DtlsHandShakeHeader {
4261 byte type;
4262 word24 length;
4263 byte message_seq[2]; /* start at 0, retransmit gets same # */
4264 word24 fragment_offset; /* bytes in previous fragments */
4265 word24 fragment_length; /* length of this fragment */
4266} DtlsHandShakeHeader;
4267
4268
4269enum HandShakeType {
4270 hello_request = 0,
4271 client_hello = 1,
4272 server_hello = 2,
4273 hello_verify_request = 3, /* DTLS addition */
4274 session_ticket = 4,
4275 end_of_early_data = 5,
4276 hello_retry_request = 6,
4277 encrypted_extensions = 8,
4278 certificate = 11,
4279 server_key_exchange = 12,
4280 certificate_request = 13,
4281 server_hello_done = 14,
4282 certificate_verify = 15,
4283 client_key_exchange = 16,
4284 finished = 20,
4285 certificate_status = 22,
4286 key_update = 24,
4287 change_cipher_hs = 55, /* simulate unique handshake type for sanity
4288 checks. record layer change_cipher
4289 conflicts with handshake finished */
4290 message_hash = 254, /* synthetic message type for TLS v1.3 */
4291 no_shake = 255 /* used to initialize the DtlsMsg record */
4292};
4293
4294enum ProvisionSide {
4295 PROVISION_CLIENT = 1,
4296 PROVISION_SERVER = 2,
4297 PROVISION_CLIENT_SERVER = 3
4298};
4299
4300
4301static const byte client[SIZEOF_SENDER] = { 0x43, 0x4C, 0x4E, 0x54 };
4302static const byte server[SIZEOF_SENDER] = { 0x53, 0x52, 0x56, 0x52 };
4303
4304static const byte tls_client[FINISHED_LABEL_SZ + 1] = "client finished";
4305static const byte tls_server[FINISHED_LABEL_SZ + 1] = "server finished";
4306
4307#ifdef OPENSSL_EXTRA
4308typedef struct {
4309 int name_len;
4310 const char *name;
4311 int nid;
4312} WOLF_EC_NIST_NAME;
4313extern const WOLF_EC_NIST_NAME kNistCurves[];
4314/* This is the longest and shortest curve name in the kNistCurves list */
4315#define kNistCurves_MIN_NAME_LEN 5
4316#define kNistCurves_MAX_NAME_LEN 7
4317#endif
4318
4319/* internal functions */
4320WOLFSSL_LOCAL int SendChangeCipher(WOLFSSL*);
4321WOLFSSL_LOCAL int SendTicket(WOLFSSL*);
4322WOLFSSL_LOCAL int DoClientTicket(WOLFSSL*, const byte*, word32);
4323WOLFSSL_LOCAL int SendData(WOLFSSL*, const void*, int);
4324#ifdef WOLFSSL_TLS13
4325#ifdef WOLFSSL_TLS13_DRAFT_18
4326WOLFSSL_LOCAL int SendTls13HelloRetryRequest(WOLFSSL*);
4327#else
4328WOLFSSL_LOCAL int SendTls13ServerHello(WOLFSSL*, byte);
4329#endif
4330#endif
4331WOLFSSL_LOCAL int SendCertificate(WOLFSSL*);
4332WOLFSSL_LOCAL int SendCertificateRequest(WOLFSSL*);
4333#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \
4334 || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)
4335WOLFSSL_LOCAL int CreateOcspResponse(WOLFSSL*, OcspRequest**, buffer*);
4336#endif
4337#if defined(HAVE_SECURE_RENEGOTIATION) && \
4338 defined(HAVE_SERVER_RENEGOTIATION_INFO)
4339WOLFSSL_LOCAL int SendHelloRequest(WOLFSSL*);
4340#endif
4341WOLFSSL_LOCAL int SendCertificateStatus(WOLFSSL*);
4342WOLFSSL_LOCAL int SendServerKeyExchange(WOLFSSL*);
4343WOLFSSL_LOCAL int SendBuffered(WOLFSSL*);
4344WOLFSSL_LOCAL int ReceiveData(WOLFSSL*, byte*, int, int);
4345WOLFSSL_LOCAL int SendFinished(WOLFSSL*);
4346WOLFSSL_LOCAL int SendAlert(WOLFSSL*, int, int);
4347WOLFSSL_LOCAL int ProcessReply(WOLFSSL*);
4348
4349WOLFSSL_LOCAL int SetCipherSpecs(WOLFSSL*);
4350WOLFSSL_LOCAL int MakeMasterSecret(WOLFSSL*);
4351
4352WOLFSSL_LOCAL int AddSession(WOLFSSL*);
4353WOLFSSL_LOCAL int DeriveKeys(WOLFSSL* ssl);
4354WOLFSSL_LOCAL int StoreKeys(WOLFSSL* ssl, const byte* keyData, int side);
4355
4356WOLFSSL_LOCAL int IsTLS(const WOLFSSL* ssl);
4357WOLFSSL_LOCAL int IsAtLeastTLSv1_2(const WOLFSSL* ssl);
4358WOLFSSL_LOCAL int IsAtLeastTLSv1_3(const ProtocolVersion pv);
4359
4360WOLFSSL_LOCAL void FreeHandshakeResources(WOLFSSL* ssl);
4361WOLFSSL_LOCAL void ShrinkInputBuffer(WOLFSSL* ssl, int forcedFree);
4362WOLFSSL_LOCAL void ShrinkOutputBuffer(WOLFSSL* ssl);
4363
4364WOLFSSL_LOCAL int VerifyClientSuite(WOLFSSL* ssl);
4365
4366WOLFSSL_LOCAL int SetTicket(WOLFSSL*, const byte*, word32);
4367WOLFSSL_LOCAL int wolfSSL_GetMaxRecordSize(WOLFSSL* ssl, int maxFragment);
4368
4369#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC)
4370WOLFSSL_LOCAL int SetECKeyInternal(WOLFSSL_EC_KEY* eckey);
4371WOLFSSL_LOCAL int SetECKeyExternal(WOLFSSL_EC_KEY* eckey);
4372#endif
4373
4374WOLFSSL_LOCAL WC_RNG* WOLFSSL_RSA_GetRNG(WOLFSSL_RSA *rsa, WC_RNG **tmpRNG,
4375 int *initTmpRng);
4376
4377#ifndef NO_CERTS
4378 #ifndef NO_RSA
4379 #ifdef WC_RSA_PSS
4380 WOLFSSL_LOCAL int CheckRsaPssPadding(const byte* plain, word32 plainSz,
4381 byte* out, word32 sigSz, enum wc_HashType hashType);
4382 WOLFSSL_LOCAL int ConvertHashPss(int hashAlgo,
4383 enum wc_HashType* hashType, int* mgf);
4384 #endif
4385 WOLFSSL_LOCAL int VerifyRsaSign(WOLFSSL* ssl, byte* verifySig,
4386 word32 sigSz, const byte* plain, word32 plainSz, int sigAlgo,
4387 int hashAlgo, RsaKey* key, DerBuffer* keyBufInfo);
4388 WOLFSSL_LOCAL int RsaSign(WOLFSSL* ssl, const byte* in, word32 inSz,
4389 byte* out, word32* outSz, int sigAlgo, int hashAlgo, RsaKey* key,
4390 DerBuffer* keyBufInfo);
4391 WOLFSSL_LOCAL int RsaVerify(WOLFSSL* ssl, byte* in, word32 inSz,
4392 byte** out, int sigAlgo, int hashAlgo, RsaKey* key,
4393 buffer* keyBufInfo);
4394 WOLFSSL_LOCAL int RsaDec(WOLFSSL* ssl, byte* in, word32 inSz, byte** out,
4395 word32* outSz, RsaKey* key, DerBuffer* keyBufInfo);
4396 WOLFSSL_LOCAL int RsaEnc(WOLFSSL* ssl, const byte* in, word32 inSz, byte* out,
4397 word32* outSz, RsaKey* key, buffer* keyBufInfo);
4398 #endif /* !NO_RSA */
4399
4400 #ifdef HAVE_ECC
4401 WOLFSSL_LOCAL int EccSign(WOLFSSL* ssl, const byte* in, word32 inSz,
4402 byte* out, word32* outSz, ecc_key* key, DerBuffer* keyBufInfo);
4403 WOLFSSL_LOCAL int EccVerify(WOLFSSL* ssl, const byte* in, word32 inSz,
4404 const byte* out, word32 outSz, ecc_key* key, buffer* keyBufInfo);
4405 WOLFSSL_LOCAL int EccSharedSecret(WOLFSSL* ssl, ecc_key* priv_key,
4406 ecc_key* pub_key, byte* pubKeyDer, word32* pubKeySz, byte* out,
4407 word32* outlen, int side);
4408 #endif /* HAVE_ECC */
4409 #ifdef HAVE_ED25519
4410 WOLFSSL_LOCAL int Ed25519CheckPubKey(WOLFSSL* ssl);
4411 WOLFSSL_LOCAL int Ed25519Sign(WOLFSSL* ssl, const byte* in, word32 inSz,
4412 byte* out, word32* outSz, ed25519_key* key, DerBuffer* keyBufInfo);
4413 WOLFSSL_LOCAL int Ed25519Verify(WOLFSSL* ssl, const byte* in,
4414 word32 inSz, const byte* msg, word32 msgSz, ed25519_key* key,
4415 buffer* keyBufInfo);
4416 #endif /* HAVE_ED25519 */
4417 #ifdef HAVE_ED448
4418 WOLFSSL_LOCAL int Ed448CheckPubKey(WOLFSSL* ssl);
4419 WOLFSSL_LOCAL int Ed448Sign(WOLFSSL* ssl, const byte* in, word32 inSz,
4420 byte* out, word32* outSz, ed448_key* key, DerBuffer* keyBufInfo);
4421 WOLFSSL_LOCAL int Ed448Verify(WOLFSSL* ssl, const byte* in,
4422 word32 inSz, const byte* msg, word32 msgSz, ed448_key* key,
4423 buffer* keyBufInfo);
4424 #endif /* HAVE_ED448 */
4425
4426
4427 #ifdef WOLFSSL_TRUST_PEER_CERT
4428
4429 /* options for searching hash table for a matching trusted peer cert */
4430 #define WC_MATCH_SKID 0
4431 #define WC_MATCH_NAME 1
4432
4433 WOLFSSL_LOCAL TrustedPeerCert* GetTrustedPeer(void* vp, byte* hash,
4434 int type);
4435 WOLFSSL_LOCAL int MatchTrustedPeer(TrustedPeerCert* tp,
4436 DecodedCert* cert);
4437 #endif
4438
4439 WOLFSSL_LOCAL Signer* GetCA(void* cm, byte* hash);
4440 #ifndef NO_SKID
4441 WOLFSSL_LOCAL Signer* GetCAByName(void* cm, byte* hash);
4442 #endif
4443#endif /* !NO_CERTS */
4444WOLFSSL_LOCAL int BuildTlsHandshakeHash(WOLFSSL* ssl, byte* hash,
4445 word32* hashLen);
4446WOLFSSL_LOCAL int BuildTlsFinished(WOLFSSL* ssl, Hashes* hashes,
4447 const byte* sender);
4448WOLFSSL_LOCAL void FreeArrays(WOLFSSL* ssl, int keep);
4449WOLFSSL_LOCAL int CheckAvailableSize(WOLFSSL *ssl, int size);
4450WOLFSSL_LOCAL int GrowInputBuffer(WOLFSSL* ssl, int size, int usedLength);
4451
4452#ifndef NO_TLS
4453 WOLFSSL_LOCAL int MakeTlsMasterSecret(WOLFSSL*);
4454#ifndef WOLFSSL_AEAD_ONLY
4455 WOLFSSL_LOCAL int TLS_hmac(WOLFSSL* ssl, byte* digest, const byte* in,
4456 word32 sz, int padSz, int content, int verify);
4457#endif
4458#endif
4459
4460#ifndef NO_WOLFSSL_CLIENT
4461 WOLFSSL_LOCAL int SendClientHello(WOLFSSL*);
4462 #ifdef WOLFSSL_TLS13
4463 WOLFSSL_LOCAL int SendTls13ClientHello(WOLFSSL*);
4464 #endif
4465 WOLFSSL_LOCAL int SendClientKeyExchange(WOLFSSL*);
4466 WOLFSSL_LOCAL int SendCertificateVerify(WOLFSSL*);
4467#endif /* NO_WOLFSSL_CLIENT */
4468
4469#ifndef NO_WOLFSSL_SERVER
4470 WOLFSSL_LOCAL int SendServerHello(WOLFSSL*);
4471 WOLFSSL_LOCAL int SendServerHelloDone(WOLFSSL*);
4472#endif /* NO_WOLFSSL_SERVER */
4473
4474#ifdef WOLFSSL_DTLS
4475 WOLFSSL_LOCAL DtlsMsg* DtlsMsgNew(word32, void*);
4476 WOLFSSL_LOCAL void DtlsMsgDelete(DtlsMsg*, void*);
4477 WOLFSSL_LOCAL void DtlsMsgListDelete(DtlsMsg*, void*);
4478 WOLFSSL_LOCAL int DtlsMsgSet(DtlsMsg*, word32, const byte*, byte,
4479 word32, word32, void*);
4480 WOLFSSL_LOCAL DtlsMsg* DtlsMsgFind(DtlsMsg*, word32);
4481 WOLFSSL_LOCAL void DtlsMsgStore(WOLFSSL*, word32, const byte*, word32,
4482 byte, word32, word32, void*);
4483 WOLFSSL_LOCAL DtlsMsg* DtlsMsgInsert(DtlsMsg*, DtlsMsg*);
4484
4485 WOLFSSL_LOCAL int DtlsMsgPoolSave(WOLFSSL*, const byte*, word32);
4486 WOLFSSL_LOCAL int DtlsMsgPoolTimeout(WOLFSSL*);
4487 WOLFSSL_LOCAL int VerifyForDtlsMsgPoolSend(WOLFSSL*, byte, word32);
4488 WOLFSSL_LOCAL void DtlsMsgPoolReset(WOLFSSL*);
4489 WOLFSSL_LOCAL int DtlsMsgPoolSend(WOLFSSL*, int);
4490#endif /* WOLFSSL_DTLS */
4491
4492#ifndef NO_TLS
4493
4494
4495#endif /* NO_TLS */
4496
4497#if defined(WOLFSSL_TLS13) && (defined(HAVE_SESSION_TICKET) || !defined(NO_PSK))
4498 WOLFSSL_LOCAL word32 TimeNowInMilliseconds(void);
4499#endif
4500WOLFSSL_LOCAL word32 LowResTimer(void);
4501
4502#ifndef NO_CERTS
4503 WOLFSSL_LOCAL void InitX509Name(WOLFSSL_X509_NAME*, int);
4504 WOLFSSL_LOCAL void FreeX509Name(WOLFSSL_X509_NAME* name, void* heap);
4505 WOLFSSL_LOCAL void InitX509(WOLFSSL_X509*, int, void* heap);
4506 WOLFSSL_LOCAL void FreeX509(WOLFSSL_X509*);
4507 WOLFSSL_LOCAL int CopyDecodedToX509(WOLFSSL_X509*, DecodedCert*);
4508#endif
4509
4510#ifndef MAX_CIPHER_NAME
4511#define MAX_CIPHER_NAME 50
4512#endif
4513
4514#ifdef WOLFSSL_NAMES_STATIC
4515typedef char cipher_name[MAX_CIPHER_NAME];
4516#else
4517typedef const char* cipher_name;
4518#endif
4519
4520typedef struct CipherSuiteInfo {
4521 cipher_name name;
4522#ifndef NO_ERROR_STRINGS
4523 cipher_name name_iana;
4524#endif
4525 byte cipherSuite0;
4526 byte cipherSuite;
4527#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
4528 byte minor;
4529 byte major;
4530#endif
4531} CipherSuiteInfo;
4532
4533WOLFSSL_LOCAL const CipherSuiteInfo* GetCipherNames(void);
4534WOLFSSL_LOCAL int GetCipherNamesSize(void);
4535WOLFSSL_LOCAL const char* GetCipherNameInternal(const byte cipherSuite0, const byte cipherSuite);
4536#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT)
4537/* used in wolfSSL_sk_CIPHER_description */
4538#define MAX_SEGMENTS 5
4539#define MAX_SEGMENT_SZ 20
4540WOLFSSL_LOCAL int wolfSSL_sk_CIPHER_description(WOLFSSL_CIPHER*);
4541WOLFSSL_LOCAL const char* GetCipherProtocol(const byte minor);
4542WOLFSSL_LOCAL const char* GetCipherKeaStr(char n[][MAX_SEGMENT_SZ]);
4543WOLFSSL_LOCAL const char* GetCipherAuthStr(char n[][MAX_SEGMENT_SZ]);
4544WOLFSSL_LOCAL const char* GetCipherEncStr(char n[][MAX_SEGMENT_SZ]);
4545WOLFSSL_LOCAL const char* GetCipherMacStr(char n[][MAX_SEGMENT_SZ]);
4546WOLFSSL_LOCAL int SetCipherBits(const char* enc);
4547#endif
4548WOLFSSL_LOCAL const char* GetCipherNameIana(const byte cipherSuite0, const byte cipherSuite);
4549WOLFSSL_LOCAL const char* wolfSSL_get_cipher_name_internal(WOLFSSL* ssl);
4550WOLFSSL_LOCAL const char* wolfSSL_get_cipher_name_iana(WOLFSSL* ssl);
4551WOLFSSL_LOCAL int GetCipherSuiteFromName(const char* name, byte* cipherSuite0,
4552 byte* cipherSuite);
4553
4554enum encrypt_side {
4555 ENCRYPT_SIDE_ONLY = 1,
4556 DECRYPT_SIDE_ONLY,
4557 ENCRYPT_AND_DECRYPT_SIDE
4558};
4559
4560WOLFSSL_LOCAL int SetKeysSide(WOLFSSL*, enum encrypt_side);
4561
4562/* Set*Internal and Set*External functions */
4563WOLFSSL_LOCAL int SetDsaInternal(WOLFSSL_DSA* dsa);
4564WOLFSSL_LOCAL int SetDsaExternal(WOLFSSL_DSA* dsa);
4565#ifndef HAVE_USER_RSA
4566WOLFSSL_LOCAL int SetRsaExternal(WOLFSSL_RSA* rsa);
4567WOLFSSL_LOCAL int SetRsaInternal(WOLFSSL_RSA* rsa);
4568#endif
4569WOLFSSL_LOCAL int SetDhInternal(WOLFSSL_DH* dh);
4570WOLFSSL_LOCAL int SetDhExternal(WOLFSSL_DH *dh);
4571
4572#ifndef NO_DH
4573 WOLFSSL_LOCAL int DhGenKeyPair(WOLFSSL* ssl, DhKey* dhKey,
4574 byte* priv, word32* privSz,
4575 byte* pub, word32* pubSz);
4576 WOLFSSL_LOCAL int DhAgree(WOLFSSL* ssl, DhKey* dhKey,
4577 const byte* priv, word32 privSz,
4578 const byte* otherPub, word32 otherPubSz,
4579 byte* agree, word32* agreeSz);
4580#endif /* !NO_DH */
4581
4582#ifdef HAVE_ECC
4583 WOLFSSL_LOCAL int EccMakeKey(WOLFSSL* ssl, ecc_key* key, ecc_key* peer);
4584 WOLFSSL_LOCAL word16 GetCurveByOID(int oidSum);
4585#endif
4586
4587WOLFSSL_LOCAL int InitHandshakeHashes(WOLFSSL* ssl);
4588WOLFSSL_LOCAL void FreeHandshakeHashes(WOLFSSL* ssl);
4589
4590WOLFSSL_LOCAL int BuildMessage(WOLFSSL* ssl, byte* output, int outSz,
4591 const byte* input, int inSz, int type, int hashOutput,
4592 int sizeOnly, int asyncOkay);
4593
4594#ifdef WOLFSSL_TLS13
4595int BuildTls13Message(WOLFSSL* ssl, byte* output, int outSz, const byte* input,
4596 int inSz, int type, int hashOutput, int sizeOnly, int asyncOkay);
4597#endif
4598
4599WOLFSSL_LOCAL int AllocKey(WOLFSSL* ssl, int type, void** pKey);
4600WOLFSSL_LOCAL void FreeKey(WOLFSSL* ssl, int type, void** pKey);
4601
4602#ifdef WOLFSSL_ASYNC_CRYPT
4603 WOLFSSL_LOCAL int wolfSSL_AsyncInit(WOLFSSL* ssl, WC_ASYNC_DEV* asyncDev, word32 flags);
4604 WOLFSSL_LOCAL int wolfSSL_AsyncPop(WOLFSSL* ssl, byte* state);
4605 WOLFSSL_LOCAL int wolfSSL_AsyncPush(WOLFSSL* ssl, WC_ASYNC_DEV* asyncDev);
4606#endif
4607
4608
4609#ifdef __cplusplus
4610 } /* extern "C" */
4611#endif
4612
4613#endif /* wolfSSL_INT_H */
Note: See TracBrowser for help on using the repository browser.